diff --git a/.dryrunsecurity.yaml b/.dryrunsecurity.yaml new file mode 100644 index 00000000000..a5f236965c7 --- /dev/null +++ b/.dryrunsecurity.yaml @@ -0,0 +1,67 @@ +--- +sensitiveCodepaths: + - 'dojo/object/*.py' # FIXME + - 'dojo/announcement/*.py' + - 'dojo/api_v2/*.py' + - 'dojo/api_v2/**/*.py' + - 'dojo/authorization/*.py' + - 'dojo/db_migrations/*.py' + - 'dojo/endpoint/*.py' + - 'dojo/engagement/*.py' + - 'dojo/finding/*.py' + - 'dojo/finding_group/*.py' + - 'dojo/group/*.py' + - 'dojo/importers/*.py' + - 'dojo/importers/**/*.py' + - 'dojo/jira_link/*.py' + - 'dojo/metrics/*.py' + - 'dojo/note_type/*.py' + - 'dojo/notes/*.py' + - 'dojo/product/*.py' + - 'dojo/product_type/*.py' + - 'dojo/reports/*.py' + - 'dojo/risk_acceptance/*.py' + - 'dojo/search/*.py' + - 'dojo/templates/*.html' + - 'dojo/templates/**/*.html' + - 'dojo/templatetags/*.py' + - 'dojo/test/*.py' + - 'dojo/tool_config/*.py' + - 'dojo/tool_product/*.py' + - 'dojo/tool_type/*.py' + - 'dojo/user/*.py' + - 'dojo/apps.py' + - 'dojo/celery.py' + - 'dojo/context_processors.py' + - 'dojo/decorators.py' + - 'dojo/filters.py' + - 'dojo/forms.py' + - 'dojo/middleware.py' + - 'dojo/models.py' + - 'dojo/okta.py' + - 'dojo/pipeline.py' + - 'dojo/remote_user.py' + - 'dojo/tasks.py' + - 'dojo/urls.py' + - 'dojo/utils.py' + - 'dojo/views.py' + - 'dojo/wsgi.py' + - 'docker/environments/*.env' + - 'docker/extra_settings' + - 'docker/entrypoint-celery-beat.sh' + - 'docker/entrypoint-celery-worker.sh' + - 'docker/entrypoint-initializer.sh' + - 'docker/entrypoint-nginx.sh' + - 'docker/entrypoint-uwsgi.sh' + - 'docker/wait-for-it.sh' +allowedAuthors: + usernames: + - mtesauro + - devGregA + - grendel513 + - cneill + - Maffooch + - blakeowens +notificationList: + - '@mtesauro' + - '@grendel513' diff --git a/.flake8 b/.flake8 index ea7e49a44bd..675b70a01eb 100644 --- a/.flake8 +++ b/.flake8 @@ -1,5 +1,8 @@ [flake8] # Documentation for flake8 http://flake8.pycqa.org/en/3.1.1/user/index.html + +# we should not ignore these mistakes !!!!!!!! + ignore = # Suppress - line too long (> 79 characters) E501 @@ -25,6 +28,8 @@ ignore = E128 # line break after binary operator W504 + # Line break occurred before a binary operator (conflicting with black) + W503 # undefined file name excpetion F821 diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 80fd1fab9c0..8c26a5db526 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -6,6 +6,10 @@ labels: enhancement assignees: '' --- +## :warning: Note on feature completeness :warning: + +We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here: +https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md **Is your feature request related to a problem? Please describe** A clear and concise description of what the problem is. diff --git a/.github/ISSUE_TEMPLATE/support_request.md b/.github/ISSUE_TEMPLATE/support_request.md new file mode 100644 index 00000000000..7eda2a58dea --- /dev/null +++ b/.github/ISSUE_TEMPLATE/support_request.md @@ -0,0 +1,48 @@ +--- +name: Support Request +about: If you need support or are running into some trouble +title: '' +labels: support +assignees: '' + +--- +**Slack us first!** +The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp-slack.herokuapp.com/) +If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway. + +**Be informative** +Please enter as much information as possible, otherwise we can't provide support. If possible upgrade to the latest release or dev branch and try again. + +**Problem description** +A clear and concise description of what the problem is. For errors include at least the exact error message you are seeing (including traceback). + +**Steps to reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Deployment method** *(select with an `X`)* +- [ ] Docker Compose +- [ ] Kubernetes +- [ ] GoDojo + +**Environment information** + - Operating System: [e.g. Ubuntu 18.04] + - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`] + +**Logs** +Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable). + +**Sample scan files** +If applicable, add sample scan files to help reproduce your problem. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** (optional) +Add any other context about the problem here. diff --git a/.github/labeler.yml b/.github/labeler.yml index 07e21219dd9..1e2fbd9bb86 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -1,28 +1,62 @@ +--- docs: -- docs/**/* -- readme-docs/**/* + - changed-files: + - any-glob-to-any-file: + - docs/**/* + - readme-docs/**/* docker: -- docker/**/* -- docker** -- Docker* + - changed-files: + - any-glob-to-any-file: + - docker/**/* + - docker** + - Docker* + +helm: + - changed-files: + - any-glob-to-any-file: + - helm/defectdojo/* + - helm/defectdojo/**/* "New Migration": -- dojo/db_migrations/* + - changed-files: + - any-glob-to-any-file: + - dojo/db_migrations/* unittests: -- unittests/**/* + - changed-files: + - any-glob-to-any-file: + - unittests/**/* integration_tests: -- tests/**/* + - changed-files: + - any-glob-to-any-file: + - tests/**/* settings_changes: -- dojo/settings/settings.dist.py + - changed-files: + - any-glob-to-any-file: + - dojo/settings/settings.dist.py apiv2: -- dojo/api_v2/**/* + - changed-files: + - any-glob-to-any-file: + - dojo/api_v2/**/* ui: - - dojo/static/**/* - - dojo/templates/**/* - - dojo/templatetags/**/* + - changed-files: + - any-glob-to-any-file: + - dojo/static/**/* + - dojo/templates/**/* + - dojo/templatetags/**/* + +parser: + - changed-files: + - any-glob-to-any-file: + - dojo/tools/**/* + +localization: + - changed-files: + - any-glob-to-any-file: + - dojo/locale/* + - dojo/locale/**/* diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/pull_request_template.md similarity index 80% rename from .github/PULL_REQUEST_TEMPLATE/pull_request_template.md rename to .github/pull_request_template.md index c3ad22f8fe2..06f0b38e458 100644 --- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,12 @@ +## :warning: Note on feature completeness :warning: + +We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here: +https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md + **Description** Describe the feature / bug fix implemented by this PR. -If this is a new parser, [the parser guide](https://defectdojo.github.io/django-DefectDojo/contributing/how-to-write-a-parser/) may be worth (re)reading. +If this is a new parser, [the parser guide](https://documentation.defectdojo.com/contributing/how-to-write-a-parser/) may be worth (re)reading. **Test results** @@ -16,12 +21,12 @@ Please update any documentation when needed in the [documentation folder](https: This checklist is for your information. -- [ ] Features/Changes/Bugfixes should be submitted against the `dev` branch by default. - [ ] Make sure to rebase your PR against the very latest `dev`. -- [ ] Hotfixes should be submitted against master (urgent bugfixes requiring a hotfix release). +- [ ] Features/Changes should be submitted against the `dev`. +- [ ] Bugfixes should be submitted against the `bugfix` branch. - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes. - [ ] Your code is flake8 compliant. -- [ ] Your code is python 3.6 compliant (specific python >3.6 syntax is currently not accepted). +- [ ] Your code is python 3.11 compliant. - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR. - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder. - [ ] Add applicable tests to the unit tests. diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index fe295102532..05905306de6 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,7 +1,9 @@ -name-template: '$NEXT_MINOR_VERSION 🌈' -tag-template: '$NEXT_MINOR_VERSION' +name-template: '$RESOLVED_VERSION 🌈' +tag-template: '$RESOLVED_VERSION' + branches: - master + categories: - title: '💣 Breaking changes' labels: @@ -35,17 +37,33 @@ categories: - 'bug' - title: 📝 Documentation updates label: 'documentation' + - title: '🖌 Updates in UI' + label: 'ui' + - title: '🗣 Updates in localization' + label: 'localization' - title: '🧰 Maintenance' + collapse-after: 3 labels: - 'dependencies' - 'maintenance' - - title: '🖌 Updates in UI' - label: 'ui' exclude-labels: - - 'skip-changelog' + - 'skip-changelog' + change-template: '- $TITLE @$AUTHOR (#$NUMBER)' template: | - Please consult the [Upgrade notes in the documentation ](https://defectdojo.github.io/django-DefectDojo/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release. - + Please consult the [Upgrade notes in the documentation ](https://documentation.defectdojo.com/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release. + ## Changes since $PREVIOUS_TAG $CHANGES + +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'patch' + default: patch diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml new file mode 100644 index 00000000000..7253ba132f7 --- /dev/null +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -0,0 +1,54 @@ +name: "Build Docker Images For Testing" + +on: + workflow_dispatch: + workflow_call: + +jobs: + build: + # build with docker so we can use layer caching + name: Build Docker Images + runs-on: ubuntu-latest + strategy: + matrix: + docker-image: [django, nginx, integration-tests] + os: [alpine, debian] + exclude: + - docker-image: integration-tests + os: alpine + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Read Docker Image Identifiers + id: read-docker-image-identifiers + run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-flags: --debug + driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 + + - name: Build + id: docker_build + uses: docker/build-push-action@v5 + with: + context: . + push: false + tags: defectdojo/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }} + file: Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }} + outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}_img + cache-from: type=gha,scope=${{ matrix.docker-image }} + cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }} + + # export docker images to be used in next jobs below + - name: Upload image ${{ matrix.docker-image }} as artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.docker-image }} + path: ${{ matrix.docker-image }}-${{ matrix.os }}_img + retention-days: 1 \ No newline at end of file diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index d92957da6a3..d9e0ec074ad 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@0.9.1 + - uses: styfle/cancel-workflow-action@0.12.1 with: workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/detect-merge-conflicts.yaml b/.github/workflows/detect-merge-conflicts.yaml index ec27a570882..b3aaa2794cd 100644 --- a/.github/workflows/detect-merge-conflicts.yaml +++ b/.github/workflows/detect-merge-conflicts.yaml @@ -1,10 +1,11 @@ name: "Detect Merge Conflicts" on: workflow_dispatch: - push: - branch: + pull_request: + branches: - dev - master + - bugfix - release/* pull_request_target: diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml new file mode 100644 index 00000000000..0dd32805b58 --- /dev/null +++ b/.github/workflows/fetch-oas.yml @@ -0,0 +1,58 @@ +name: Fetch OpenAPI Specifications + +on: + workflow_call: + inputs: + version: + type: string + description: | + The version to be associated with the GitHub release that's created or updated. + This will override any version calculated by the release-drafter. + required: true + +env: + release_version: ${{ github.event.inputs.version || github.event.inputs.release_number }} + +jobs: + oas_fetch: + name: Fetch OpenAPI Specifications + runs-on: ubuntu-latest + strategy: + matrix: + file-type: [yaml, json] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: release/${{ env.release_version }} + + - name: Load docker images + run: |- + docker pull defectdojo/defectdojo-django:${{ env.release_version }}-alpine + docker pull defectdojo/defectdojo-nginx:${{ env.release_version }}-alpine + docker images + + - name: Start Dojo + run: docker-compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps -d postgres nginx uwsgi + env: + DJANGO_VERSION: ${{ env.release_version }}-alpine + NGINX_VERSION: ${{ env.release_version }}-alpine + + - name: Download OpenAPI Specifications + run: |- + wget 'http://localhost:8080/api/v2/oa3/schema/?format=${{ matrix.file-type }}' -O oas.${{ matrix.file-type }} --tries=10 --retry-on-http-error=502 + + - name: Logs + if: always() + run: docker-compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env logs --tail="2500" + + - name: Shutdown + if: always() + run: docker-compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down + + - name: Upload oas.${{ matrix.file-type }} as artifact + uses: actions/upload-artifact@v3 + with: + name: oas-${{ matrix.file-type }} + path: oas.${{ matrix.file-type }} + retention-days: 1 diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml index de504e08d40..188b39430fc 100644 --- a/.github/workflows/flake8.yml +++ b/.github/workflows/flake8.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' - uses: actions/checkout@v2 + uses: actions/checkout@v4 # by default the pull_requst_target event checks out the base branch, i.e. dev # so we need to explicitly checkout the head of the PR # we use fetch-depth 0 to make sure the full history is checked out and we can compare against @@ -28,9 +28,9 @@ jobs: - name: Checkout # for non PR runs we just checkout the default, which is a sha on a branch probably if: github.event_name != 'pull_request' && github.event_name != 'pull_request_target' - uses: actions/checkout@v2 + uses: actions/checkout@v4 # - uses: tayfun/flake8-your-pr@master - - uses: valentijnscholten/flake8-your-pr@master + - uses: DefectDojo/flake8-your-pr@master env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 3fd74f6a5c8..84d7800bed7 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -6,12 +6,13 @@ on: branches: - master - dev + - bugfix # Taken from https://github.com/marketplace/actions/hugo-setup#%EF%B8%8F-workflow-for-autoprefixer-and-postcss-cli # Both builds have to be one worflow as otherwise one publish will overwrite the other jobs: deploy: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Setup Hugo uses: peaceiris/actions-hugo@v2 @@ -20,19 +21,19 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: - node-version: '12.x' + node-version: '20.x' - name: Cache dependencies - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: persist-credentials: false submodules: recursive # Fetch the Docsy theme @@ -45,7 +46,7 @@ jobs: # for dev we move everything into a subfolder, so the master version stays in the root - run: mkdir /tmp/dev && mv docs/public/* /tmp/dev/ - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: persist-credentials: false submodules: recursive # Fetch the Docsy theme diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index a25c25bd4d2..0a514841aba 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -1,79 +1,12 @@ name: Integration tests -# pull requests: -# push: -# run on every push, which is when something gets merged also -on: - workflow_dispatch: - pull_request: - push: - branches: - - master - - dev - - release/** - - hotfix/** -env: - DD_DOCKER_REPO: defectdojo +on: + workflow_call: jobs: - build: - # build with docker so we can use layer caching - name: Build Image - - runs-on: ubuntu-latest - - strategy: - matrix: - docker-image: [django, nginx, integration-tests] - steps: - # - name: Login to DockerHub - # uses: docker/login-action@v1 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Checkout - uses: actions/checkout@v2 - with: - persist-credentials: false - - - name: Read Docker Image Identifiers - id: read-docker-image-identifiers - run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: --debug - driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 - - - name: Build - id: docker_build - uses: docker/build-push-action@v2 - env: - docker-image: ${{ matrix.docker-image }} - with: - context: . - push: false - tags: | - ${{ env.DD_DOCKER_REPO }}/defectdojo-${{ env.docker-image }}:latest - file: Dockerfile.${{ env.docker-image }} - outputs: type=docker,dest=${{ env.docker-image }}_img - cache-from: type=gha,scope=${{ matrix.docker-image }} - cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }} - - # export docker images to be used in next jobs below - - name: Upload image ${{ matrix.docker-image }} as artifact - uses: actions/upload-artifact@v2 - with: - name: ${{ matrix.docker-image }} - path: ${{ matrix.docker-image }}_img - retention-days: 1 - integration_tests: # run tests with docker-compose - name: integration tests - needs: build + name: User Interface Tests runs-on: ubuntu-latest strategy: matrix: @@ -100,46 +33,62 @@ jobs: "tests/dedupe_test.py", "tests/check_various_pages.py", "tests/notifications_test.py", + "tests/tool_config.py", + "openapi-validatator", ] + profile: ["mysql-rabbitmq", "postgres-redis"] + os: [alpine, debian] fail-fast: false steps: - - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 - name: Load docker images run: |- - docker load -i nginx/nginx_img - docker load -i django/django_img - docker load -i integration-tests/integration-tests_img + docker load -i nginx/nginx-${{ matrix.os }}_img + docker load -i django/django-${{ matrix.os }}_img + docker load -i integration-tests/integration-tests-debian_img docker images - name: Set integration-test mode run: ln -s docker-compose.override.integration_tests.yml docker-compose.override.yml - # phased startup so we can use the exit code from integrationtest container + # phased startup with MySQL and RabbitMQ so we can use the exit code from integrationtest container + - name: Start Dojo MySQL + RabbitMQ + if: matrix.profile == 'mysql-rabbitmq' + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps -d mysql nginx celerybeat celeryworker mailhog uwsgi rabbitmq + env: + DJANGO_VERSION: ${{ matrix.os }} + NGINX_VERSION: ${{ matrix.os }} - - name: Start Dojo - # implicity starts uwsgi and rabbitmq - run: docker-compose up -d mysql nginx celerybeat celeryworker mailhog + - name: Start Dojo PostgreSQL + Redis + if: matrix.profile == 'postgres-redis' + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi redis + env: + DJANGO_VERSION: ${{ matrix.os }} + NGINX_VERSION: ${{ matrix.os }} - name: Initialize - run: docker-compose up --exit-code-from initializer initializer + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps --exit-code-from initializer initializer + env: + DJANGO_VERSION: ${{ matrix.os }} + NGINX_VERSION: ${{ matrix.os }} - name: Integration tests - run: docker-compose up --exit-code-from integration-tests integration-tests + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps --exit-code-from integration-tests integration-tests env: DD_INTEGRATION_TEST_FILENAME: ${{ matrix.test-case }} + INTEGRATION_TESTS_VERSION: debian - name: Logs if: always() - run: docker-compose logs --tail="2500" + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env logs --tail="2500" - name: Shutdown if: always() - run: docker-compose down + run: docker-compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env down diff --git a/.github/workflows/k8s-testing.yml b/.github/workflows/k8s-tests.yml similarity index 60% rename from .github/workflows/k8s-testing.yml rename to .github/workflows/k8s-tests.yml index 5fb8e4435d1..f5ec107d83f 100644 --- a/.github/workflows/k8s-testing.yml +++ b/.github/workflows/k8s-tests.yml @@ -1,17 +1,10 @@ -name: k8s deployment +name: k8s Deployment + on: - pull_request: - push: - branches: - - master - - dev - - release/** - - hotfix/** + workflow_call: env: - DD_DOCKER_REPO: defectdojo DD_HOSTNAME: defectdojo.default.minikube.local - GITHUB_CACHE_REPO: containers.pkg.github.com HELM_RABBIT_BROKER_SETTINGS: " \ --set redis.enabled=false \ --set rabbitmq.enabled=true \ @@ -36,75 +29,18 @@ env: --set mysql.enabled=false \ --set createPostgresqlSecret=true \ " + HELM_PGHA_DATABASE_SETTINGS: " \ + --set database=postgresqlha \ + --set postgresql.enabled=false \ + --set mysql.enabled=false \ + --set postgresqlha.enabled=true \ + --set createPostgresqlHaSecret=true \ + --set createPostgresqlHaPgpoolSecret=true \ + " jobs: - build: - name: Build Image - - runs-on: ubuntu-latest - - strategy: - matrix: - docker-image: [django, nginx] - - steps: - # - name: Login to DockerHub - # uses: docker/login-action@v1 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Checkout - uses: actions/checkout@v2 - with: - persist-credentials: false - - - name: Read Docker Image Identifiers - id: read-docker-image-identifiers - run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Docker layers - uses: actions/cache@v2 - env: - docker-image: ${{ matrix.docker-image }} - with: - path: /tmp/.buildx-cache-${{ env.docker-image }} - key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }}-${{ github.run_id }} - restore-keys: | - ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }} - ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }} - ${{ runner.os }}-buildx-${{ env.docker-image }} - - - name: Build - id: docker_build - uses: docker/build-push-action@v2 - env: - docker-image: ${{ matrix.docker-image }} - with: - context: . - push: false - tags: | - ${{ env.DD_DOCKER_REPO }}/defectdojo-${{ env.docker-image }}:latest - file: Dockerfile.${{ env.docker-image }} - outputs: type=docker,dest=${{ env.docker-image }}_img - cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }} - cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }} - - - name: Upload image ${{ env.docker-image }} as artifact - uses: actions/upload-artifact@v2 - with: - name: ${{ matrix.docker-image }} - path: ${{ matrix.docker-image }}_img - retention-days: 1 - setting_minikube_cluster: name: Kubernetes Deployment - - runs-on: ubuntu-18.04 - - needs: build + runs-on: ubuntu-latest strategy: matrix: @@ -114,46 +50,54 @@ jobs: # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions) - databases: pgsql brokers: redis - k8s: 'v1.18.16' + k8s: 'v1.22.0' + os: debian - databases: mysql brokers: rabbit - k8s: 'v1.18.16' + k8s: 'v1.22.0' + os: debian - databases: pgsql brokers: rabbit - k8s: 'v1.22.0' + k8s: 'v1.23.9' + os: debian - databases: mysql brokers: redis - k8s: 'v1.22.0' + k8s: 'v1.23.9' + os: debian + - databases: pgsqlha + brokers: rabbit + k8s: 'v1.23.9' + os: debian + - databases: pgsql + brokers: rabbit + k8s: 'v1.23.9' + os: alpine steps: -# - name: Login to DockerHub -# uses: docker/login-action@v1 -# with: -# username: ${{ secrets.DOCKERHUB_USERNAME }} -# password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Setup Minikube - uses: manusa/actions-setup-minikube@v2.4.3 + uses: manusa/actions-setup-minikube@v2.10.0 with: minikube version: 'v1.24.0' kubernetes version: ${{ matrix.k8s }} driver: docker - start args: '--addons=ingress' + start args: '--addons=ingress --cni calico' + github token: ${{ secrets.GITHUB_TOKEN }} - name: Status of minikube run: |- minikube status - name: Load images from artifacts - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 - name: Load docker images run: |- eval $(minikube docker-env) - docker load -i nginx/nginx_img - docker load -i django/django_img + docker load -i nginx/nginx-${{ matrix.os }}_img + docker load -i django/django-${{ matrix.os }}_img docker images - name: Configure HELM repos @@ -165,25 +109,24 @@ jobs: - name: Set confings into Outputs id: set run: |- - echo ::set-output name=pgsql:: "${{ env.HELM_PG_DATABASE_SETTINGS }}" - echo ::set-output name=mysql:: "${{ env.HELM_MYSQL_DATABASE_SETTINGS }}" - echo ::set-output name=redis:: "${{ env.HELM_REDIS_BROKER_SETTINGS }}" - echo ::set-output name=rabbit:: "${{ env.HELM_RABBIT_BROKER_SETTINGS }}" + echo "pgsql=${{ env.HELM_PG_DATABASE_SETTINGS }}" >> $GITHUB_ENV + echo "pgsqlha=${{ env.HELM_PGHA_DATABASE_SETTINGS }}" >> $GITHUB_ENV + echo "mysql=${{ env.HELM_MYSQL_DATABASE_SETTINGS }}" >> $GITHUB_ENV + echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV + echo "rabbit=${{ env.HELM_RABBIT_BROKER_SETTINGS }}" >> $GITHUB_ENV - # - name: Create image pull Secrets - # run: |- - # kubectl create secret docker-registry defectdojoregistrykey --docker-username=${{ secrets.DOCKERHUB_USERNAME }} --docker-password=${{ secrets.DOCKERHUB_TOKEN }} - # kubectl get secrets - name: Deploying Djano application with ${{ matrix.databases }} ${{ matrix.brokers }} run: |- helm install \ + --timeout 800s \ defectdojo \ ./helm/defectdojo \ --set django.ingress.enabled=true \ --set imagePullPolicy=Never \ - ${{ steps.set.outputs[matrix.databases] }} \ - ${{ steps.set.outputs[matrix.brokers] }} \ + ${{ env[matrix.databases] }} \ + ${{ env[matrix.brokers] }} \ --set createSecret=true \ + --set tag=${{ matrix.os }} \ # --set imagePullSecrets=defectdojoregistrykey - name: Check deployment status diff --git a/.github/workflows/new-release-chart.yml b/.github/workflows/new-release-chart.yml deleted file mode 100644 index d2d1cbb63fb..00000000000 --- a/.github/workflows/new-release-chart.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: "[OOB] Release helm chart" - -env: - GIT_USERNAME: "DefectDojo release bot" - GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" -on: - workflow_dispatch: - inputs: - release_number: - description: 'Release number' - required: true - -jobs: - release-chart: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.release_number }} - fetch-depth: 0 - - name: Get upload URL - id: get-upload-url - uses: pdamianik/release-tag-to-upload-url-action@v1.0.1 - with: - tag: ${{ github.event.inputs.release_number }} - token: ${{ github.token }} - - name: Configure git - run: | - git config --global user.name "${{ env.GIT_USERNAME }}" - git config --global user.email "${{ env.GIT_EMAIL }}" - - name: Install Helm - uses: azure/setup-helm@v1 - with: - version: v3.4.0 - - name: Configure HELM repos - run: |- - helm repo add bitnami https://charts.bitnami.com/bitnami - helm dependency list ./helm/defectdojo - helm dependency update ./helm/defectdojo - - name: Package Helm chart - id: package-helm-chart - run: | - mkdir build - helm package helm/defectdojo/ --destination ./build - echo "::set-output name=chart_version::$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" - - name: Upload Release Asset - id: upload-release-asset - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.get-upload-url.outputs.uploadUrl }} - asset_path: ./build/defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz - asset_name: defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz - asset_content_type: application/tar+gzip - - name: Update Helm repository index - id: update-helm-repository-index - run: | - git config --global user.name "${{ env.GIT_USERNAME }}" - git config --global user.email "${{ env.GIT_EMAIL }}" - git remote update - git fetch --all - git checkout helm-charts - git pull - if [ ! -f ./index.yaml ]; then - helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" - else - helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" --merge ./index.yaml - fi - cp -f ./build/index.yaml ./index.yaml - git add ./index.yaml - git commit -m "Update index.yaml" - git push -u origin helm-charts diff --git a/.github/workflows/new-release-master-into-dev.yml b/.github/workflows/new-release-master-into-dev.yml deleted file mode 100644 index 125a2e81c00..00000000000 --- a/.github/workflows/new-release-master-into-dev.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: "Release: 3. pr for merging master into dev" - -env: - GIT_USERNAME: "DefectDojo release bot" - GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" -on: - workflow_dispatch: - inputs: - # the actual branch that can be chosen on the UI is made irrelevant by further steps - # because someone will forget one day to change it. - release_number_new: - description: "New current released version (x.y.z format)" - required: true - release_number_dev: - description: "Future release version for dev branch (x.y.z-dev format)" - required: true - -jobs: - create_pr_for_merge_back_into_dev: - runs-on: ubuntu-latest - steps: - - name: Checkout master - uses: actions/checkout@v2 - with: - ref: master - - name: Create merge back branch - run: | - echo "NEW_BRANCH=master-into-dev/${{ github.event.inputs.release_number_new }}-${{ github.event.inputs.release_number_dev }}" >> $GITHUB_ENV - - name: Configure git - run: | - git config --global user.name "${{ env.GIT_USERNAME }}" - git config --global user.email "${{ env.GIT_EMAIL }}" - - name: Push new branch - run: git push origin HEAD:${NEW_BRANCH} - - name: Checkout new branch - uses: actions/checkout@v2 - with: - ref: ${{ env.NEW_BRANCH }} - - name: Update version numbers in key files - run: | - sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number_dev }}'/" dojo/__init__.py - sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number_dev }}\"/" helm/defectdojo/Chart.yaml - sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number_dev }}\"/" components/package.json - CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml) - sed -ri "s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml - - name: Check numbers - run: | - grep version dojo/__init__.py - grep appVersion helm/defectdojo/Chart.yaml - grep version components/package.json - - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v4.12.0 - with: - commit_user_name: "${{ env.GIT_USERNAME }}" - commit_user_email: "${{ env.GIT_EMAIL }}" - commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>" - commit_message: "Update versions in application files" - branch: ${{ env.NEW_BRANCH }} - - id: set-repo-org - run: echo ::set-output name=repoorg::${GITHUB_REPOSITORY%%/*} - - name: Create Pull Request - env: - REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }} - uses: actions/github-script@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - github.rest.pulls.create({ - owner: '${{ env.REPO_ORG }}', - repo: 'django-DefectDojo', - title: 'Release: Merge back ${{ github.event.inputs.release_number_new }} into dev from: ${{ env.NEW_BRANCH }}', - body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``, - head: '${{ env.NEW_BRANCH }}', - base: 'dev' - }) diff --git a/.github/workflows/new-release-tag-docker.yml b/.github/workflows/new-release-tag-docker.yml deleted file mode 100644 index 0ff96d5ae2c..00000000000 --- a/.github/workflows/new-release-tag-docker.yml +++ /dev/null @@ -1,141 +0,0 @@ -name: "Release: 2. tag, release, docker push" - -env: - GIT_USERNAME: "DefectDojo release bot" - GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" - workflow_name: 'release 2 tag release docker push' # needed in cache key, which doesn't support comma's -on: - workflow_dispatch: - inputs: - # the actual branch that can be chosen on the UI is made irrelevant by further steps - # because someone will forget one day to change it. - release_number: - description: 'Release version (x.y.z format)' - required: true - -jobs: - tag-and-release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: master - - name: Configure git - run: | - git config --global user.name "${{ env.GIT_USERNAME }}" - git config --global user.email "${{ env.GIT_EMAIL }}" - - name: Create new tag ${{ github.event.inputs.release_number }} - # at this point, the PR from the 1st workflow is merged into master. - run: | - git tag -a ${{ github.event.inputs.release_number }} -m "[bot] release ${{ github.event.inputs.release_number }}" - git push origin ${{ github.event.inputs.release_number }} - - name: Install Helm - uses: azure/setup-helm@v1 - with: - version: v3.4.0 - - name: Configure Helm repos - run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - helm dependency list ./helm/defectdojo - helm dependency update ./helm/defectdojo - - name: Package Helm chart - id: package-helm-chart - run: | - mkdir build - helm package helm/defectdojo/ --destination ./build - echo "::set-output name=chart_version::$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" - - name: Create release ${{ github.event.inputs.release_number }} - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ github.event.inputs.release_number }} # this does not create a tag - release_name: Release ${{ github.event.inputs.release_number }} - body: | - Fill in with release drafter information manually for now, then publish. - draft: true - prerelease: false - - name: Upload Release Asset - id: upload-release-asset - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./build/defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz - asset_name: defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz - asset_content_type: application/tar+gzip - - name: Update Helm repository index - id: update-helm-repository-index - run: | - git config --global user.name "${{ env.GIT_USERNAME }}" - git config --global user.email "${{ env.GIT_EMAIL }}" - git remote update - git fetch --all - git checkout helm-charts - git pull - if [ ! -f ./index.yaml ]; then - helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" - else - helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" --merge ./index.yaml - fi - cp -f ./build/index.yaml ./index.yaml - git add ./index.yaml - git commit -m "Update index.yaml" - git push -u origin helm-charts - - - job-build-and-push: - needs: tag-and-release - runs-on: ubuntu-latest - strategy: - matrix: - docker-image: [django, nginx] - steps: - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Checkout tag - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.release_number }} - - - id: set-repo-org - run: echo ::set-output name=repoorg::${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]' - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Docker layers - uses: actions/cache@v2 - env: - docker-image: ${{ matrix.docker-image }} - with: - path: /tmp/.buildx-cache-${{ env.docker-image }} - key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }} - restore-keys: | - ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name}}-${{ github.sha }} - ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }} - ${{ runner.os }}-buildx-${{ env.docker-image }}- - - - name: Build and push images - uses: docker/build-push-action@v2 - env: - REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }} - docker-image: ${{ matrix.docker-image }} - with: - push: true - tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest - file: ./Dockerfile.${{ env.docker-image }} - context: . - cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }} - cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }} - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index e17781bac6b..c6016c03984 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -13,7 +13,7 @@ jobs: UML_FILES: ".puml" steps: - name: Checkout Source - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: persist-credentials: false @@ -33,7 +33,7 @@ jobs: with: args: -v -tpng ${{ steps.getfile.outputs.files }} - name: Push Local Changes - uses: stefanzweifel/git-auto-commit-action@v4.12.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "PlantUML_bot" commit_user_email: "noreply@defectdojo.org" diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 12f990cdc8a..1fbc777bd83 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -9,9 +9,12 @@ on: jobs: labeler: + permissions: + contents: read + pull-requests: write name: "Autolabeler" runs-on: ubuntu-latest steps: - - uses: actions/labeler@v3 - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/refresh_helm_lock_file.yaml b/.github/workflows/refresh_helm_lock_file.yaml new file mode 100644 index 00000000000..fb2f070d3f4 --- /dev/null +++ b/.github/workflows/refresh_helm_lock_file.yaml @@ -0,0 +1,40 @@ +name: 'Referesh Chart.lock' +on: + pull_request_target: + branches: + - dev + paths: + - 'helm/defectdojo/Chart.yaml' +permissions: + contents: write +jobs: + update-chart-lock: + runs-on: ubuntu-latest + + steps: + - name: Checkout bitnami/charts + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + path: charts + token: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.4.0 + + - name: Execute generate new Chart.lock file + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency list ./charts/helm/defectdojo + helm dependency update ./charts/helm/defectdojo + - name: Push changes + run: | + # Push all the changes + cd charts + if git status -s | grep helm; then + git config user.name "DefectDojo" + git config user.email "defectdojo-project@owasp.org" + git add . && git commit -am "Update helm lock file" --signoff && git push + fi diff --git a/.github/workflows/new-release-pr.yml b/.github/workflows/release-1-create-pr.yml similarity index 63% rename from .github/workflows/new-release-pr.yml rename to .github/workflows/release-1-create-pr.yml index 2763e13b060..ec73f6a49fc 100644 --- a/.github/workflows/new-release-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -1,4 +1,4 @@ -name: "Release: 1. create branch + PR" +name: "Release-1: Create PR for master" env: GIT_USERNAME: "DefectDojo release bot" @@ -9,7 +9,7 @@ on: # the actual branch that can be chosen on the UI is made irrelevant by further steps # because someone will forget one day to change it. from_branch: - description: "Select branch to release from (feature release: 'dev', bugfix or hotfix release: 'release/x.y.z')" + description: "Select branch to release from ('release/x.y.z'. If `dev` is entered, a new release branch will be created from `dev`)" required: true release_number: description: "Release version (x.y.z format)" @@ -19,45 +19,63 @@ jobs: create_pr: runs-on: ubuntu-latest steps: + - name: Checkout from_branch branch - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: ${{ github.event.inputs.from_branch }} + - name: Create release branch if: ${{ !startsWith(github.event.inputs.from_branch, 'release/') }} run: | echo "NEW_BRANCH=release/${{ github.event.inputs.release_number }}" >> $GITHUB_ENV + - name: Use existing release branch if: startsWith(github.event.inputs.from_branch, 'release/') run: | echo "NEW_BRANCH=${{ github.event.inputs.from_branch }}" >> $GITHUB_ENV + - name: Configure git run: | git config --global user.name "${{ env.GIT_USERNAME }}" git config --global user.email "${{ env.GIT_EMAIL }}" + - name: Push branch if: "!startsWith('${{ github.event.inputs.from_branch }}', 'release/')" run: git push origin HEAD:${NEW_BRANCH} + - name: Checkout release branch - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: ${{ env.NEW_BRANCH }} + - name: Update version numbers in key files run: | sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number }}'/" dojo/__init__.py - sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number }}\"/" helm/defectdojo/Chart.yaml sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number }}\"/" components/package.json - # remove the -dev suffix to make it the new final version in master - CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml) - sed -ri "s/version: \S+/version: ${CURRENT_CHART_VERSION%-*}/" helm/defectdojo/Chart.yaml + sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number }}\"/" helm/defectdojo/Chart.yaml - - name: Check numbers + if grep "\-dev" helm/defectdojo/Chart.yaml; then + echo "x.y.z-dev found in Chart.yaml, probably releasing a new minor version" + echo "removing the -dev suffix" + sed -e "s/\-dev//" -i helm/defectdojo/Chart.yaml + else + echo "x.y.z without -dev found in Chart.yaml, probably releasing a new bug fix version" + CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) + NEW_CHART_VERSION=$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}') + echo "bumping the chart version from $CURRENT_CHART_VERSION to $NEW_CHART_VERSION" + sed -ri "0,/version/s/version: \S+/$NEW_CHART_VERSION/" helm/defectdojo/Chart.yaml + fi + + - name: Check version numbers run: | - grep version dojo/__init__.py - grep appVersion helm/defectdojo/Chart.yaml - grep version components/package.json + grep -H version dojo/__init__.py + grep -H version components/package.json + grep -H appVersion helm/defectdojo/Chart.yaml + grep -H version helm/defectdojo/Chart.yaml + - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v4.12.0 + uses: stefanzweifel/git-auto-commit-action@v5.0.0 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -65,11 +83,12 @@ jobs: commit_message: "Update versions in application files" branch: ${{ env.NEW_BRANCH }} - id: set-repo-org - run: echo ::set-output name=repoorg::${GITHUB_REPOSITORY%%/*} + run: echo "repoorg=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV + - name: Create Pull Request env: - REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }} - uses: actions/github-script@v5 + REPO_ORG: ${{ env.repoorg }} + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/release-2-tag-docker-push.yml b/.github/workflows/release-2-tag-docker-push.yml new file mode 100644 index 00000000000..f6f021fcaa9 --- /dev/null +++ b/.github/workflows/release-2-tag-docker-push.yml @@ -0,0 +1,55 @@ +name: "Release-2: Tag, Release, Push" + +env: + GIT_USERNAME: "DefectDojo release bot" + GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" + workflow_name: 'release 2 tag release docker push' # needed in cache key, which doesn't support comma's +on: + workflow_dispatch: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number: + description: 'Release version (x.y.z format)' + required: true + +jobs: + tag: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: master + + - name: Configure git + run: | + git config --global user.name "${{ env.GIT_USERNAME }}" + git config --global user.email "${{ env.GIT_EMAIL }}" + + - name: Create new tag ${{ github.event.inputs.release_number }} + # at this point, the PR from the 1st workflow is merged into master. + run: | + git tag -a ${{ github.event.inputs.release_number }} -m "[bot] release ${{ github.event.inputs.release_number }}" + git push origin ${{ github.event.inputs.release_number }} + + release-helm-chart: + needs: tag + uses: ./.github/workflows/release-x-manual-helm-chart.yml + with: + release_number: ${{ github.event.inputs.release_number }} + secrets: inherit + + release-docker-containers: + needs: tag + uses: ./.github/workflows/release-x-manual-docker-containers.yml + with: + release_number: ${{ github.event.inputs.release_number }} + secrets: inherit + + release-drafter: + needs: release-docker-containers + uses: ./.github/workflows/release-drafter.yml + with: + version: ${{ github.event.inputs.release_number }} + secrets: inherit diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml new file mode 100644 index 00000000000..241fdbdfa9e --- /dev/null +++ b/.github/workflows/release-3-master-into-dev.yml @@ -0,0 +1,166 @@ +name: "Release-3: PR for merging master into dev" + +env: + GIT_USERNAME: "DefectDojo release bot" + GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" +on: + workflow_dispatch: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number_new: + description: "Newly just released version (x.y.z format)" + required: true + release_number_dev: + description: "Future release version for dev branch (x.y.z-dev format)" + required: true + +jobs: + create_pr_for_merge_back_into_dev: + runs-on: ubuntu-latest + steps: + + - name: Checkout master + uses: actions/checkout@v4 + with: + ref: master + + - name: Create merge back branch + run: | + echo "NEW_BRANCH=master-into-dev/${{ github.event.inputs.release_number_new }}-${{ github.event.inputs.release_number_dev }}" >> $GITHUB_ENV + + - name: Configure git + run: | + git config --global user.name "${{ env.GIT_USERNAME }}" + git config --global user.email "${{ env.GIT_EMAIL }}" + + - name: Push new branch + run: git push origin HEAD:${NEW_BRANCH} + + - name: Checkout new branch + uses: actions/checkout@v4 + with: + ref: ${{ env.NEW_BRANCH }} + + - name: Update version numbers in key files + run: | + sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number_dev }}'/" dojo/__init__.py + sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number_dev }}\"/" helm/defectdojo/Chart.yaml + sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number_dev }}\"/" components/package.json + CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) + sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml + + - name: Check numbers + run: | + grep version dojo/__init__.py + grep appVersion helm/defectdojo/Chart.yaml + grep version components/package.json + + - name: Create upgrade notes to documentation + run: | + minorv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '.' -f -2) + patchv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '-' -f -1) + weight=$(date +%Y%m%d) + echo -n "--- + title: 'Upgrading to DefectDojo Version $minorv.x' + toc_hide: true + weight: -$weight + description: No special instructions. + --- + There are no special instructions for upgrading to $minorv.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/$patchv) for the contents of the release. + " > docs/content/en/getting_started/upgrading/$minorv.md + git add docs/content/en/getting_started/upgrading/$minorv.md + if: endsWith(github.event.inputs.release_number_new, '.0') && endsWith(github.event.inputs.release_number_dev, '.0-dev') + + - name: Push version changes + uses: stefanzweifel/git-auto-commit-action@v5.0.0 + with: + commit_user_name: "${{ env.GIT_USERNAME }}" + commit_user_email: "${{ env.GIT_EMAIL }}" + commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>" + commit_message: "Update versions in application files" + branch: ${{ env.NEW_BRANCH }} + - id: set-repo-org + run: echo "repoorg=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV + + - name: Create Pull Request + env: + REPO_ORG: ${{ env.repoorg }} + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.pulls.create({ + owner: '${{ env.REPO_ORG }}', + repo: 'django-DefectDojo', + title: 'Release: Merge back ${{ github.event.inputs.release_number_new }} into dev from: ${{ env.NEW_BRANCH }}', + body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``, + head: '${{ env.NEW_BRANCH }}', + base: 'dev' + }) + create_pr_for_merge_back_into_bugfix: + runs-on: ubuntu-latest + steps: + + - name: Checkout master + uses: actions/checkout@v4 + with: + ref: master + + - name: Create merge back branch + run: | + echo "NEW_BRANCH=master-into-bugfix/${{ github.event.inputs.release_number_new }}-${{ github.event.inputs.release_number_dev }}" >> $GITHUB_ENV + + - name: Configure git + run: | + git config --global user.name "${{ env.GIT_USERNAME }}" + git config --global user.email "${{ env.GIT_EMAIL }}" + + - name: Push new branch + run: git push origin HEAD:${NEW_BRANCH} + + - name: Checkout new branch + uses: actions/checkout@v4 + with: + ref: ${{ env.NEW_BRANCH }} + + - name: Update version numbers in key files + run: | + sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number_dev }}'/" dojo/__init__.py + sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number_dev }}\"/" helm/defectdojo/Chart.yaml + sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number_dev }}\"/" components/package.json + CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) + sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml + + - name: Check numbers + run: | + grep version dojo/__init__.py + grep appVersion helm/defectdojo/Chart.yaml + grep version components/package.json + + - name: Push version changes + uses: stefanzweifel/git-auto-commit-action@v5.0.0 + with: + commit_user_name: "${{ env.GIT_USERNAME }}" + commit_user_email: "${{ env.GIT_EMAIL }}" + commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>" + commit_message: "Update versions in application files" + branch: ${{ env.NEW_BRANCH }} + - id: set-repo-org + run: echo "repoorg=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV + + - name: Create Pull Request + env: + REPO_ORG: ${{ env.repoorg }} + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.pulls.create({ + owner: '${{ env.REPO_ORG }}', + repo: 'django-DefectDojo', + title: 'Release: Merge back ${{ github.event.inputs.release_number_new }} into bugfix from: ${{ env.NEW_BRANCH }}', + body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``, + head: '${{ env.NEW_BRANCH }}', + base: 'bugfix' + }) diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 97a26c4543e..d05cb191428 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -7,20 +7,68 @@ on: description: | The version to be associated with the GitHub release that's created or updated. This will override any version calculated by the release-drafter. - required: false - - push: - # branches to consider in the event; optional, defaults to all - branches: - - master - - dev + required: true + workflow_call: + inputs: + version: + type: string + description: | + The version to be associated with the GitHub release that's created or updated. + This will override any version calculated by the release-drafter. + required: true jobs: + # Update the notes in the release drafter first + # If the following jobs fail, then we will at least have some release notes present update_release_draft: runs-on: ubuntu-latest + outputs: + upload_url: ${{ steps.create_release.outputs.upload_url }} steps: - - uses: release-drafter/release-drafter@v5.15.0 + - name: Create Release + id: create_release + uses: release-drafter/release-drafter@v6.0.0 with: - version: ${{github.event.inputs.version}} + version: ${{ github.event.inputs.version }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Generate the OAS schemas in another workflow + oas-fetch: + needs: update_release_draft + uses: ./.github/workflows/fetch-oas.yml + with: + version: ${{ github.event.inputs.version }} + secrets: inherit + # Upload the OAS schemas to the release object + add-oas-to-release: + needs: + - update_release_draft + - oas-fetch + runs-on: ubuntu-latest + steps: + - name: Load OAS files from artifacts + uses: actions/download-artifact@v3 + + - name: Upload Release Asset - OpenAPI Specification - YAML + id: upload-release-asset-yaml + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.update_release_draft.outputs.upload_url }} + asset_path: ./oas-yaml/oas.yaml + asset_name: oas.yaml + asset_content_type: application/vnd.oai.openapi + + - name: Upload Release Asset - OpenAPI Specification - JSON + id: upload-release-asset-json + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.update_release_draft.outputs.upload_url }} + asset_path: ./oas-json/oas.json + asset_name: oas.json + asset_content_type: application/json + + diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml new file mode 100644 index 00000000000..87d23a2a4db --- /dev/null +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -0,0 +1,94 @@ +name: "release-X: Release docker containers" + +env: + GIT_USERNAME: "DefectDojo release bot" + GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" + workflow_name: 'release docker containers' # needed in cache key, which doesn't support comma's +on: + workflow_dispatch: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number: + type: string + description: 'Release version (x.y.z format)' + required: true + workflow_call: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number: + type: string + description: 'Release version (x.y.z format)' + required: true + +jobs: + job-build-and-push: + runs-on: ubuntu-latest + strategy: + matrix: + docker-image: [django, nginx] + os: [alpine, debian] + platform: [amd64] + steps: + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Checkout tag + uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.release_number }} + + - id: set-repo-org + run: echo "repoorg=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + env: + docker-image: ${{ matrix.docker-image }} + with: + path: /tmp/.buildx-cache-${{ env.docker-image }} + key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name}}-${{ github.sha }} + ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }} + ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}- + + - name: Build and push images with debian + if: ${{ matrix.os == 'debian' }} + uses: docker/build-push-action@v5 + env: + REPO_ORG: ${{ env.repoorg }} + docker-image: ${{ matrix.docker-image }} + with: + push: true + tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest + file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }} + context: . + cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }} + cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }} + + - name: Build and push images with alpine + if: ${{ matrix.os == 'alpine' }} + uses: docker/build-push-action@v5 + env: + REPO_ORG: ${{ env.repoorg }} + docker-image: ${{ matrix.docker-image }} + with: + push: true + tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }} + file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }} + context: . + cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }} + cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }} +# platforms: ${{ matrix.platform }} + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml new file mode 100644 index 00000000000..cb046c1a7a0 --- /dev/null +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -0,0 +1,108 @@ +--- +name: "release-X: Release helm chart" + +env: + GIT_USERNAME: "DefectDojo release bot" + GIT_EMAIL: "dojo-release-bot@users.noreply.github.com" +on: + workflow_dispatch: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number: + type: string + description: 'Release number' + required: true + workflow_call: + inputs: + # the actual branch that can be chosen on the UI is made irrelevant by further steps + # because someone will forget one day to change it. + release_number: + type: string + description: 'Release number' + required: true + +jobs: + release-chart: + runs-on: ubuntu-latest + steps: + + - name: Checkout + uses: actions/checkout@v4 + with: + ref: master + fetch-depth: 0 + + # This action is deprecated. Not sure if it is even being used anymore... + # - name: Get upload URL + # id: get-upload-url + # uses: pdamianik/release-tag-to-upload-url-action@v1.0.1 + # with: + # tag: ${{ github.event.inputs.release_number }} + # token: ${{ github.token }} + + - name: Configure git + run: | + git config --global user.name "${{ env.GIT_USERNAME }}" + git config --global user.email "${{ env.GIT_EMAIL }}" + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.4.0 + + - name: Configure HELM repos + run: |- + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency list ./helm/defectdojo + helm dependency update ./helm/defectdojo + + - name: Add yq + uses: mikefarah/yq@master + + - name: Pin version docker version + id: pin_image + run: |- + yq --version + yq -i '.tag="${{ github.event.inputs.release_number }}"' helm/defectdojo/values.yaml + echo "Current image tag:`yq -r '.tag' helm/defectdojo/values.yaml`" + + - name: Package Helm chart + id: package-helm-chart + run: | + mkdir build + helm package helm/defectdojo/ --destination ./build + echo "chart_version=$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" >> $GITHUB_ENV + + - name: Create release ${{ github.event.inputs.release_number }} + uses: softprops/action-gh-release@v1 + with: + name: '${{ github.event.inputs.release_number }} 🌈' + tag_name: ${{ github.event.inputs.release_number }} + body: Run the release drafter to populate the release notes. + draft: true + prerelease: false + files: ./build/defectdojo-${{ env.chart_version }}.tgz + token: ${{ secrets.GITHUB_TOKEN }} + env: + GITHUB_REPOSITORY: DefectDojo/django-DefectDojo + + - name: Update Helm repository index + id: update-helm-repository-index + run: | + git config --global user.name "${{ env.GIT_USERNAME }}" + git config --global user.email "${{ env.GIT_EMAIL }}" + git remote update + git fetch --all + git stash + git checkout helm-charts + git pull + if [ ! -f ./index.yaml ]; then + helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" + else + helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" --merge ./index.yaml + fi + cp -f ./build/index.yaml ./index.yaml + git add ./index.yaml + git commit -m "Update index.yaml" + git push -u origin helm-charts diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml new file mode 100644 index 00000000000..c02c6c22a10 --- /dev/null +++ b/.github/workflows/rest-framework-tests.yml @@ -0,0 +1,51 @@ +name: Rest Framework Unit Tests + +on: + workflow_call: + +jobs: + unit_tests: + name: Rest Framework Unit Tests + runs-on: ubuntu-latest + + strategy: + matrix: + os: [alpine, debian] + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + # load docker images from build jobs + - name: Load images from artifacts + uses: actions/download-artifact@v3 + + - name: Load docker images + run: |- + docker load -i nginx/nginx-${{ matrix.os }}_img + docker load -i django/django-${{ matrix.os }}_img + docker images + + # run tests with docker-compose + - name: Set unit-test mode + run: docker/setEnv.sh unit_tests_cicd + + # phased startup so we can use the exit code from unit test container + - name: Start MySQL + run: docker-compose --env-file ./docker/environments/mysql-redis.env up -d mysql + + # no celery or initializer needed for unit tests + - name: Unit tests + run: docker-compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env up --no-deps --exit-code-from uwsgi uwsgi + env: + DJANGO_VERSION: ${{ matrix.os }} + + - name: Logs + if: failure() + run: docker-compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env logs --tail="2500" uwsgi + + - name: Shutdown + if: always() + run: docker-compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env down diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml new file mode 100644 index 00000000000..421b3bcd20f --- /dev/null +++ b/.github/workflows/ruff.yml @@ -0,0 +1,36 @@ +name: Ruff Linter + +on: + workflow_dispatch: + pull_request_target: + push: + +jobs: + ruff-linting: + runs-on: ubuntu-latest + steps: + - name: Checkout + if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' + uses: actions/checkout@v4 + # by default the pull_requst_target event checks out the base branch, i.e. dev + # so we need to explicitly checkout the head of the PR + # we use fetch-depth 0 to make sure the full history is checked out and we can compare against + # the base commit (branch) of the PR + # more info https://github.community/t/github-actions-are-severely-limited-on-prs/18179/16 + # we checkout merge_commit here as this contains all new code from dev also. we don't need to compare against base_commit + with: + persist-credentials: false + fetch-depth: 0 + ref: refs/pull/${{ github.event.pull_request.number }}/merge + # repository: ${{github.event.pull_request.head.repo.full_name}} + + - name: Checkout + # for non PR runs we just checkout the default, which is a sha on a branch probably + if: github.event_name != 'pull_request' && github.event_name != 'pull_request_target' + uses: actions/checkout@v4 + + - name: Install Ruff Linter + run: pip install -r requirements-lint.txt + + - name: Run Ruff Linter + run: ruff . \ No newline at end of file diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 00000000000..4a37d71b562 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,125 @@ +--- +name: Shellcheck +on: + pull_request: +env: + SHELLCHECK_REPO: 'koalaman/shellcheck' + SHELLCHECK_VERSION: 'v0.9.0' + SHELLCHECK_SHA: '038fd81de6b7e20cc651571362683853670cdc71' +jobs: + shellcheck: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Grab shellcheck + run: | + set -e + + SHELLCHECK_TARBALL_URL="https://github.com/${SHELLCHECK_REPO}/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" + SHELLCHECK_TARBALL_LOC="shellcheck.tar.xz" + curl -L "${SHELLCHECK_TARBALL_URL}" -o "${SHELLCHECK_TARBALL_LOC}" + tarball_sha=$(shasum ${SHELLCHECK_TARBALL_LOC} | awk '{print $1}') + if [ "${tarball_sha}" != "${SHELLCHECK_SHA}" ]; then + echo "Got invalid SHA for shellcheck: ${tarball_sha}" + exit 1 + fi + tar -xvf "${SHELLCHECK_TARBALL_LOC}" + cd "shellcheck-${SHELLCHECK_VERSION}" || exit 1 + mv shellcheck "${GITHUB_WORKSPACE}/shellcheck" + + - name: Run shellcheck + shell: bash + run: | + set -o pipefail + + # Make sure we already put the proper shellcheck binary in place + if [ ! -f "./shellcheck" ]; then + echo "shellcheck not found" + exit 1 + fi + + # Make sure we know what to compare the PR's changes against + if [ -z "${GITHUB_BASE_REF}" ]; then + echo "No base reference supplied" + exit 1 + fi + + num_findings=0 + + # Execute shellcheck and add errors based on the output + run_shellcheck() { + local modified_shell_script="${1}" + local findings_file="findings.txt" + + # Remove leftover findings file from previous iterations + if [ -f "${findings_file}" ]; then + rm "${findings_file}" + fi + + echo "Running shellcheck against ${modified_shell_script}..." + + # If shellcheck reported no errors (exited with 0 status code), return + if ./shellcheck -f json -S warning "${modified_shell_script}" | jq -c '.[]' > "${findings_file}"; then + return 0 + fi + + # Walk each of the individual findings + while IFS= read -r finding; do + num_findings=$((num_findings+1)) + + line=$(echo "${finding}" | jq '.line') + end_line=$(echo "${finding}" | jq '.endLine') + column=$(echo "${finding}" | jq '.column') + end_column=$(echo "${finding}" | jq '.endColumn') + code=$(echo "${finding}" | jq '.code') + title="SC${code}" + message="$(echo "${finding}" | jq -r '.message') See https://github.com/koalaman/shellcheck/wiki/${title}" + + echo "Line: ${line}" + echo "End line: ${end_line}" + echo "Column: ${column}" + echo "End column: ${end_column}" + echo "Title: ${title}" + echo "Message: ${message}" + + # Raise an error with the file/line/etc + echo "::error file=${modified_shell_script},line=${line},endLine=${end_line},column=${column},endColumn=${end_column},title=${title}::${message}" + done < ${findings_file} + } + + # Find the shell scripts that were created or modified by this PR + find_modified_shell_scripts() { + shell_scripts="shell_scripts.txt" + modified_files="modified_files.txt" + modified_shell_scripts="modified_shell_scripts.txt" + + find . -name "*.sh" -or -name "*.bash" | sed 's#^\./##' > "${shell_scripts}" + git diff --name-only "origin/${GITHUB_BASE_REF}" HEAD > "${modified_files}" + + if [ ! -s "${shell_scripts}" ] || [ ! -s "${modified_files}" ]; then + echo "No modified shell scripts detected" + exit 0 + fi + + if ! grep -Fxf "${shell_scripts}" "${modified_files}" > "${modified_shell_scripts}"; then + echo "No modified shell scripts detected" + exit 0 + fi + } + + git fetch origin "${GITHUB_BASE_REF}" || exit 1 + + find_modified_shell_scripts + + # Loop through the modified shell scripts + while IFS= read -r modified_shell_script; do + run_shellcheck "${modified_shell_script}" + done < ${modified_shell_scripts} + + # If shellcheck reported any findings, fail the workflow + if [ ${num_findings} -gt 0 ]; then + echo "shellcheck reported ${num_findings} findings." + exit 1 + fi diff --git a/.github/workflows/submodule-update.yml b/.github/workflows/submodule-update.yml new file mode 100644 index 00000000000..98e5c5acf61 --- /dev/null +++ b/.github/workflows/submodule-update.yml @@ -0,0 +1,28 @@ +--- +name: Update DefectDojo Inc. Documentation + +on: + push: + branches: [master, dev] + paths: + - docs/** + workflow_dispatch: + +jobs: + build: + name: Run Documentation Workflow + runs-on: ubuntu-latest + + steps: + - name: Trigger workflow in Documentation Repo + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.DOCUMENTATION_TOKEN }} + script: | + const result = await github.rest.actions.createWorkflowDispatch({ + owner: 'DefectDojo-Inc', + repo: 'Documentation', + workflow_id: 'deploy-gh-pages-branch.yml', + ref: 'master' + }) + console.log(result) diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 8c28ae43f18..f577a251a36 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -1,10 +1,10 @@ name: Lint Helm chart on: pull_request: - push: branches: - master - dev + - bugfix - release/** - hotfix/** @@ -14,17 +14,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v3 with: version: v3.4.0 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: python-version: 3.7 @@ -35,40 +35,40 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@v2.1.0 + uses: helm/chart-testing-action@v2.6.1 - name: Determine target branch id: ct-branch-target run: | if [ ! -z ${GITHUB_BASE_REF} ]; then - echo ::set-output name=ct-branch::${GITHUB_BASE_REF} + echo "ct-branch=${GITHUB_BASE_REF}" >> $GITHUB_ENV else - echo ::set-output name=ct-branch::${GITHUB_REF#refs/heads/} + echo "ct-branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV fi - name: Run chart-testing (list-changed) id: list-changed run: | - changed=$(ct list-changed --config ct.yaml --target-branch ${{ steps.ct-branch-target.outputs.ct-branch}}) + changed=$(ct list-changed --config ct.yaml --target-branch ${{ env.ct-branch}}) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_ENV fi - # run all checks but version increment always when something changed - - name: Run chart-testing (lint) - run: ct lint --config ct.yaml --target-branch ${{ steps.ct-branch-target.outputs.ct-branch }} --check-version-increment=false - if: steps.list-changed.outputs.changed == 'true' - # run version check only if not dev as in dev we have a `x.y.z-dev` version # x.y.z gets bumped automatically when doing a release - name: Run chart-testing (lint) - run: ct lint --config ct.yaml --target-branch ${{ steps.ct-branch-target.outputs.ct-branch }} --check-version-increment=true - if: ${{ steps.list-changed.outputs.changed == 'true' && steps.ct-branch-target.outputs.ct-branch != 'dev' }} + run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=true + if: ${{ env.changed == 'true' && env.ct-branch != 'dev' && env.ct-branch != 'bugfix' }} + + # run all checks but version increment always when something changed + - name: Run chart-testing (lint) + run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=false + if: env.changed == 'true' # - name: Create kind cluster # uses: helm/kind-action@v1.1.0 - # if: steps.list-changed.outputs.changed == 'true' + # if: env.changed == 'true' # - name: Run chart-testing (install) - # run: ct install --config ct.yaml --target-branch ${{ steps.ct-branch-target.outputs.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900' - # if: steps.list-changed.outputs.changed == 'true' + # run: ct install --config ct.yaml --target-branch ${{ env.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900' + # if: env.changed == 'true' diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index f46d61b2c17..cbc0a04f5a8 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -1,76 +1,31 @@ name: Unit tests -# pull requests: -# push: -# run on every push, which is when something gets merged also + on: workflow_dispatch: pull_request: - push: branches: - master - dev - -env: - DD_DOCKER_REPO: defectdojo - docker-image: django # we only need to build the django image for unit tests + - bugfix + - release/** + - hotfix/** jobs: - unit_tests: - name: unit tests - runs-on: ubuntu-latest - - steps: - # - name: Login to DockerHub - # uses: docker/login-action@v1 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Checkout - uses: actions/checkout@v2 - with: - persist-credentials: false - - # - name: Read Docker Image Identifiers - # id: read-docker-image-identifiers - # run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: --debug - driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 - - - name: Build - id: docker_build - uses: docker/build-push-action@v2 - with: - context: . - push: false - load: true - tags: | - ${{ env.DD_DOCKER_REPO }}/defectdojo-${{ env.docker-image }}:latest - file: Dockerfile.${{ env.docker-image }} - - cache-from: type=gha - cache-to: type=gha,mode=max - - # run tests with docker-compose - - name: Set unit-test mode - run: docker/setEnv.sh unit_tests_cicd - - # phased startup so we can use the exit code from unit test container - - name: Start MySQL - run: docker-compose up -d mysql - - # no celery or initializer needed for unit tests - - name: Unit tests - run: docker-compose up --no-deps --exit-code-from uwsgi uwsgi - - - name: Logs - if: failure() - run: docker-compose logs --tail="2500" uwsgi - - - name: Shutdown - if: always() - run: docker-compose down + build-docker-containers: + uses: ./.github/workflows/build-docker-images-for-testing.yml + secrets: inherit + + test-rest-framework: + needs: build-docker-containers + uses: ./.github/workflows/rest-framework-tests.yml + secrets: inherit + + test-user-interface: + needs: build-docker-containers + uses: ./.github/workflows/integration-tests.yml + secrets: inherit + + test-k8s: + needs: build-docker-containers + uses: ./.github/workflows/k8s-tests.yml + secrets: inherit diff --git a/.gitignore b/.gitignore index 267f4fd38e0..6eab69fb83e 100644 --- a/.gitignore +++ b/.gitignore @@ -38,6 +38,7 @@ pip-delete-this-directory.txt .tox/ .coverage .cache +.ruff_cache nosetests.xml coverage.xml @@ -82,6 +83,7 @@ dojo/uploads/threat/* *.db celerybeat.pid *.env* +!docker/environments/*.env weekly.txt Monthly.txt diff --git a/Dockerfile.django-alpine b/Dockerfile.django-alpine new file mode 100644 index 00000000000..10b34a77f24 --- /dev/null +++ b/Dockerfile.django-alpine @@ -0,0 +1,139 @@ + +# code: language=Dockerfile + +# The code for the build image should be identical with the code in +# Dockerfile.nginx to use the caching mechanism of Docker. + +# Ref: https://devguide.python.org/#branchstatus +FROM python:3.11.3-alpine3.16@sha256:9efc6e155f287eb424ede74aeff198be75ae04504b1e42e87ec9f221e7410f2d as base +FROM base as build +WORKDIR /app +RUN \ + apk update && \ + apk add --no-cache \ + gcc \ + build-base \ + bind-tools \ + mysql-client \ + mariadb-dev \ + postgresql14-client \ + xmlsec \ + git \ + util-linux \ + curl-dev \ + openssl \ + libffi-dev \ + && \ + rm -rf /var/cache/apk/* && \ + true +COPY requirements.txt ./ +# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully +# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 +RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt + +FROM base as django-alpine +WORKDIR /app +ARG uid=1001 +ARG gid=1337 +ARG appuser=defectdojo +ENV appuser ${appuser} +RUN \ + apk update && \ + apk add --no-cache \ + openjpeg \ + jpeg \ + tiff \ + bind-tools \ + mysql-client \ + mariadb-dev \ + xmlsec \ + git \ + util-linux \ + postgresql14-client \ + curl-dev \ + openssl \ + # needed for integration-tests + bash \ + && \ + rm -rf /var/cache/apk/* && \ + true +COPY --from=build /tmp/wheels /tmp/wheels +COPY requirements.txt ./ +RUN export PYCURL_SSL_LIBRARY=openssl && \ + pip3 install \ + --no-cache-dir \ + --no-index \ + --find-links=/tmp/wheels \ + -r ./requirements.txt + +COPY \ + docker/entrypoint-celery-beat.sh \ + docker/entrypoint-celery-worker.sh \ + docker/entrypoint-initializer.sh \ + docker/entrypoint-uwsgi.sh \ + docker/entrypoint-uwsgi-dev.sh \ + docker/entrypoint-unit-tests.sh \ + docker/entrypoint-unit-tests-devDocker.sh \ + docker/wait-for-it.sh \ + docker/secret-file-loader.sh \ + docker/certs/* \ + / +COPY wsgi.py manage.py docker/unit-tests.sh ./ +COPY dojo/ ./dojo/ + +# Add extra fixtures to docker image which are loaded by the initializer +COPY docker/extra_fixtures/* /app/dojo/fixtures/ + +COPY tests/ ./tests/ +RUN \ + # Remove placeholder copied from docker/certs + rm -f /readme.txt && \ + # Remove placeholder copied from docker/extra_fixtures + rm -f dojo/fixtures/readme.txt && \ + mkdir -p dojo/migrations && \ + chmod g=u dojo/migrations && \ + true +USER root +RUN \ + addgroup --gid ${gid} ${appuser} && \ + adduser --system --no-create-home --disabled-password --gecos '' \ + --uid ${uid} --ingroup ${appuser} ${appuser} && \ + chown -R root:root /app && \ + chmod -R u+rwX,go+rX,go-w /app && \ + # Allow for bind mounting local_settings.py and other setting overrides + chown -R root:${appuser} /app/dojo/settings && \ + chmod -R 775 /app/dojo/settings && \ + mkdir /var/run/${appuser} && \ + chown ${appuser} /var/run/${appuser} && \ + chmod g=u /var/run/${appuser} && \ + chmod 775 /*.sh && \ + mkdir -p media/threat && chown -R ${uid} media && \ + # To avoid warning: (staticfiles.W004) The directory '/app/components/node_modules' in the STATICFILES_DIRS setting does not exist. + mkdir -p components/node_modules && \ + chown ${appuser} components/node_modules +USER ${uid} +ENV \ + # Only variables that are not defined in settings.dist.py + DD_ADMIN_USER=admin \ + DD_ADMIN_MAIL=admin@defectdojo.local \ + DD_ADMIN_PASSWORD='' \ + DD_ADMIN_FIRST_NAME=Admin \ + DD_ADMIN_LAST_NAME=User \ + DD_CELERY_LOG_LEVEL="INFO" \ + DD_CELERY_WORKER_POOL_TYPE="solo" \ + # Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room. + # See https://docs.celeryproject.org/en/stable/userguide/workers.html#id12 for more details + # DD_CELERY_WORKER_POOL_TYPE="prefork" \ + # DD_CELERY_WORKER_AUTOSCALE_MIN="2" \ + # DD_CELERY_WORKER_AUTOSCALE_MAX="8" \ + # DD_CELERY_WORKER_CONCURRENCY="8" \ + # DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \ + DD_INITIALIZE=true \ + DD_UWSGI_MODE="socket" \ + DD_UWSGI_ENDPOINT="0.0.0.0:3031" \ + DD_UWSGI_NUM_OF_PROCESSES="2" \ + DD_UWSGI_NUM_OF_THREADS="2" +ENTRYPOINT ["/entrypoint-uwsgi.sh"] + +FROM django-alpine as django-unittests +COPY unittests/ ./unittests/ \ No newline at end of file diff --git a/Dockerfile.django b/Dockerfile.django-debian similarity index 75% rename from Dockerfile.django rename to Dockerfile.django-debian index daa76446265..f58f22b5be2 100644 --- a/Dockerfile.django +++ b/Dockerfile.django-debian @@ -5,26 +5,32 @@ # Dockerfile.nginx to use the caching mechanism of Docker. # Ref: https://devguide.python.org/#branchstatus -FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as base +FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as base FROM base as build WORKDIR /app RUN \ apt-get -y update && \ apt-get -y install --no-install-recommends \ + gcc \ build-essential \ dnsutils \ default-mysql-client \ libmariadb-dev-compat \ + libpq-dev \ postgresql-client \ xmlsec1 \ git \ uuid-runtime \ + # libcurl4-openssl-dev is required for installing pycurl python package + libcurl4-openssl-dev \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists && \ true COPY requirements.txt ./ -RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt +# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully +# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 +RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt FROM base as django WORKDIR /app @@ -47,15 +53,19 @@ RUN \ xmlsec1 \ git \ uuid-runtime \ + libpq-dev \ # only required for the dbshell (used by the initializer job) postgresql-client \ + # libcurl4-openssl-dev is required for installing pycurl python package + libcurl4-openssl-dev \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists && \ true COPY --from=build /tmp/wheels /tmp/wheels COPY requirements.txt ./ -RUN pip3 install \ +RUN export PYCURL_SSL_LIBRARY=openssl && \ + pip3 install \ --no-cache-dir \ --no-index \ --find-links=/tmp/wheels \ @@ -70,6 +80,7 @@ COPY \ docker/entrypoint-unit-tests.sh \ docker/entrypoint-unit-tests-devDocker.sh \ docker/wait-for-it.sh \ + docker/secret-file-loader.sh \ docker/certs/* \ / COPY wsgi.py manage.py docker/unit-tests.sh ./ @@ -99,23 +110,20 @@ RUN \ chmod -R 775 /app/dojo/settings && \ mkdir /var/run/${appuser} && \ chown ${appuser} /var/run/${appuser} && \ - chmod g=u /var/run/${appuser} && \ - mkdir -p media/threat && chown -R ${uid} media + chmod g=u /var/run/${appuser} && \ + chmod 775 /*.sh && \ + mkdir -p media/threat && chown -R ${uid} media && \ + # To avoid warning: (staticfiles.W004) The directory '/app/components/node_modules' in the STATICFILES_DIRS setting does not exist. + mkdir -p components/node_modules && \ + chown ${appuser} components/node_modules USER ${uid} ENV \ + # Only variables that are not defined in settings.dist.py DD_ADMIN_USER=admin \ DD_ADMIN_MAIL=admin@defectdojo.local \ DD_ADMIN_PASSWORD='' \ - DD_ADMIN_FIRST_NAME=Administrator \ + DD_ADMIN_FIRST_NAME=Admin \ DD_ADMIN_LAST_NAME=User \ - DD_ALLOWED_HOSTS="*" \ - DD_CELERY_BEAT_SCHEDULE_FILENAME="/run/celery-beat-schedule" \ - DD_CELERY_BROKER_SCHEME="amqp" \ - DD_CELERY_BROKER_USER="defectdojo" \ - DD_CELERY_BROKER_PASSWORD="defectdojo" \ - DD_CELERY_BROKER_HOST="rabbitmq" \ - DD_CELERY_BROKER_PORT="5672" \ - DD_CELERY_BROKER_PATH="//" \ DD_CELERY_LOG_LEVEL="INFO" \ DD_CELERY_WORKER_POOL_TYPE="solo" \ # Enable prefork and options below to ramp-up celeryworker performance. Presets should work fine for a machine with 8GB of RAM, while still leaving room. @@ -125,19 +133,11 @@ ENV \ # DD_CELERY_WORKER_AUTOSCALE_MAX="8" \ # DD_CELERY_WORKER_CONCURRENCY="8" \ # DD_CELERY_WORKER_PREFETCH_MULTIPLIER="128" \ - DD_DATABASE_ENGINE="django.db.backends.mysql" \ - DD_DATABASE_HOST="mysql" \ - DD_DATABASE_NAME="defectdojo" \ - DD_DATABASE_PASSWORD="defectdojo" \ - DD_DATABASE_PORT="3306" \ - DD_DATABASE_USER="defectdojo" \ DD_INITIALIZE=true \ DD_UWSGI_MODE="socket" \ DD_UWSGI_ENDPOINT="0.0.0.0:3031" \ DD_UWSGI_NUM_OF_PROCESSES="2" \ - DD_UWSGI_NUM_OF_THREADS="2" \ - DD_TRACK_MIGRATIONS="True" \ - DD_DJANGO_METRICS_ENABLED="False" + DD_UWSGI_NUM_OF_THREADS="2" ENTRYPOINT ["/entrypoint-uwsgi.sh"] FROM django as django-unittests diff --git a/Dockerfile.integration-tests b/Dockerfile.integration-tests deleted file mode 100644 index ab8a834d41a..00000000000 --- a/Dockerfile.integration-tests +++ /dev/null @@ -1,54 +0,0 @@ - -# code: language=Dockerfile - -FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as build -WORKDIR /app -RUN \ - apt-get -y update && \ - apt-get -y install \ - git \ - wget \ - curl \ - unzip \ - gpg \ - && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists && \ - true - -# Installing Google Chrome browser -RUN \ - curl -sS -o - https://dl.google.com/linux/linux_signing_key.pub | apt-key add && \ - echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \ - apt-get -y update && \ - apt-get -y install \ - google-chrome-stable \ - && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists && \ - true - -RUN pip install --no-cache-dir selenium requests chromedriver-autoinstaller - -# Installing Chromedriver -WORKDIR /opt/chrome-driver -RUN \ - python -c "import chromedriver_autoinstaller; chromedriver_autoinstaller.install(cwd=True)" && \ - chmod -R 0755 . -WORKDIR /app - -COPY docker/wait-for-it.sh \ - docker/entrypoint-integration-tests.sh \ - / - -COPY tests/ ./tests/ - -RUN chmod -R 0777 /app - -ARG uid=1001 -USER ${uid} -ENV \ - DD_ADMIN_USER=admin \ - DD_ADMIN_PASSWORD='' \ - DD_BASE_URL="http://localhost:8080/" -CMD ["/entrypoint-integration-tests.sh"] diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian new file mode 100644 index 00000000000..04cb7eeaf85 --- /dev/null +++ b/Dockerfile.integration-tests-debian @@ -0,0 +1,78 @@ + +# code: language=Dockerfile + +FROM openapitools/openapi-generator-cli:v7.2.0@sha256:9eab779faa2525b1474c4159ec335d913ee3cee00f641552a2305b0a4d7db8f7 as openapitools +FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as build +WORKDIR /app +RUN \ + apt-get -y update && \ + apt-get -y install \ + git \ + wget \ + curl \ + unzip \ + gpg \ + default-jre-headless \ + jq \ + apt-file \ + libnss3 \ + xvfb \ + && \ + apt-get clean && \ + true + +RUN pip install --no-cache-dir selenium==4.9.0 requests + +# Install the latest Google Chrome stable release +WORKDIR /opt/chrome +RUN \ + chrome_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chrome[] | select(.platform == "linux64").url') && \ + wget $chrome_url && \ + unzip chrome-linux64.zip && \ + rm -rf chrome-linux64.zip && \ + chmod -R 0755 . && \ + ln -s /opt/chrome/chrome-linux64/chrome /usr/bin/chrome + +# Install the dependencies for Google Chrome +RUN apt-file update +COPY docker/install_chrome_dependencies.py install_chrome_dependencies.py +RUN \ + missing_chrome_deps=$(python install_chrome_dependencies.py) && \ + apt-get -y install $missing_chrome_deps + +# Install a suggested list of additional packages (https://stackoverflow.com/a/76734752) +RUN apt-get install -y libxi6 libgconf-2-4 jq libjq1 libonig5 libxkbcommon0 libxss1 libglib2.0-0 libnss3 \ + libfontconfig1 libatk-bridge2.0-0 libatspi2.0-0 libgtk-3-0 libpango-1.0-0 libgdk-pixbuf2.0-0 libxcomposite1 \ + libxcursor1 libxdamage1 libxtst6 libappindicator3-1 libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libxfixes3 \ + libdbus-1-3 libexpat1 libgcc1 libnspr4 libgbm1 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxext6 \ + libxrandr2 libxrender1 gconf-service ca-certificates fonts-liberation libappindicator1 lsb-release xdg-utils + +# Installing the latest stable Google Chrome driver release +WORKDIR /opt/chrome-driver +RUN \ + chromedriver_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chromedriver[] | select(.platform == "linux64").url') && \ + wget $chromedriver_url && \ + unzip -j chromedriver-linux64.zip chromedriver-linux64/chromedriver && \ + rm -rf chromedriver-linux64.zip && \ + chmod -R 0755 . +WORKDIR /app + +# install openapi-generator-cli +COPY --from=openapitools /opt/openapi-generator/modules/openapi-generator-cli/target/openapi-generator-cli.jar /usr/local/bin/openapi-generator-cli.jar + +COPY docker/wait-for-it.sh \ + docker/secret-file-loader.sh \ + docker/entrypoint-integration-tests.sh \ + / + +COPY tests/ ./tests/ + +RUN chmod -R 0777 /app + +ARG uid=1001 +USER ${uid} +ENV \ + DD_ADMIN_USER=admin \ + DD_ADMIN_PASSWORD='' \ + DD_BASE_URL="http://localhost:8080/" +CMD ["/entrypoint-integration-tests.sh"] \ No newline at end of file diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine new file mode 100644 index 00000000000..bead9de1f9a --- /dev/null +++ b/Dockerfile.nginx-alpine @@ -0,0 +1,168 @@ + +# code: language=Dockerfile + +# The code for the build image should be identical with the code in +# Dockerfile.django-alpine to use the caching mechanism of Docker. + +# Ref: https://devguide.python.org/#branchstatus +FROM python:3.11.3-alpine3.16@sha256:9efc6e155f287eb424ede74aeff198be75ae04504b1e42e87ec9f221e7410f2d as base +FROM base as build +WORKDIR /app +RUN \ + apk update && \ + apk add --no-cache \ + gcc \ + build-base \ + bind-tools \ + mysql-client \ + mariadb-dev \ + postgresql14-client \ + xmlsec \ + git \ + util-linux \ + curl-dev \ + openssl \ + libffi-dev \ + && \ + rm -rf /var/cache/apk/* && \ + true +COPY requirements.txt ./ +# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully +# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 +RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt + +FROM build AS collectstatic + +# Node installation from https://github.com/nodejs/docker-node +ENV NODE_VERSION 20.11.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) \ + ARCH='x64' \ + CHECKSUM=$(curl -sSL --compressed "https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/SHASUMS256.txt" | grep "node-v${NODE_VERSION}-linux-x64-musl.tar.xz" | cut -d' ' -f1) \ + ;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 4ED778F539E3634C779C87C6D7062848A1AB005C \ + 141F07595B7B3FFE74309A937405533BE57C7D57 \ + 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ + 61FC681DFB92A079F1685E77973F295594EC4689 \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version + +ENV YARN_VERSION 1.22.19 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version + +# installing DefectDojo packages +RUN pip3 install \ + --no-cache-dir \ + --no-index \ + --find-links=/tmp/wheels \ + -r ./requirements.txt + +# generate static files +COPY components/ ./components/ +RUN \ + cd components && \ + yarn +COPY manage.py ./ +COPY dojo/ ./dojo/ +RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true + +FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076 +ARG uid=1001 +ARG appuser=defectdojo +COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ +COPY wsgi_params nginx/nginx.conf nginx/nginx_TLS.conf /etc/nginx/ +COPY docker/entrypoint-nginx.sh / +RUN \ + apk add --no-cache openssl && \ + chmod -R g=u /var/cache/nginx && \ + mkdir /var/run/defectdojo && \ + chmod -R g=u /var/run/defectdojo && \ + mkdir -p /etc/nginx/ssl && \ + chmod -R g=u /etc/nginx && \ + true +ENV \ + DD_UWSGI_PASS="uwsgi_server" \ + DD_UWSGI_HOST="uwsgi" \ + DD_UWSGI_PORT="3031" \ + GENERATE_TLS_CERTIFICATE="false" \ + USE_TLS="false" \ + NGINX_METRICS_ENABLED="false" \ + METRICS_HTTP_AUTH_USER="" \ + METRICS_HTTP_AUTH_PASSWORD="" +USER ${uid} +EXPOSE 8080 +ENTRYPOINT ["/entrypoint-nginx.sh"] diff --git a/Dockerfile.nginx b/Dockerfile.nginx-debian similarity index 69% rename from Dockerfile.nginx rename to Dockerfile.nginx-debian index a8967124298..100f6d546b3 100644 --- a/Dockerfile.nginx +++ b/Dockerfile.nginx-debian @@ -1,27 +1,37 @@ + # code: language=Dockerfile # The code for the build image should be identical with the code in -# Dockerfile.django to use the caching mechanism of Docker. +# Dockerfile.django-debian to use the caching mechanism of Docker. -FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as build +# Ref: https://devguide.python.org/#branchstatus +FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as base +FROM base as build WORKDIR /app RUN \ apt-get -y update && \ - apt-get -y install \ + apt-get -y install --no-install-recommends \ + gcc \ build-essential \ dnsutils \ default-mysql-client \ libmariadb-dev-compat \ + libpq-dev \ postgresql-client \ xmlsec1 \ git \ uuid-runtime \ + # libcurl4-openssl-dev is required for installing pycurl python package + libcurl4-openssl-dev \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists && \ true COPY requirements.txt ./ -RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt +# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully +# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 +RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt + FROM build AS collectstatic @@ -32,10 +42,10 @@ ENV \ node="nodejs" RUN \ apt-get -y update && \ - apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl wget && \ + apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl wget gnupg && \ curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \ - echo 'deb https://deb.nodesource.com/node_14.x buster main' > /etc/apt/sources.list.d/nodesource.list && \ - echo 'deb-src https://deb.nodesource.com/node_14.x buster main' >> /etc/apt/sources.list.d/nodesource.list && \ + echo 'deb https://deb.nodesource.com/node_20.x bullseye main' > /etc/apt/sources.list.d/nodesource.list && \ + echo 'deb-src https://deb.nodesource.com/node_20.x bullseye main' >> /etc/apt/sources.list.d/nodesource.list && \ apt-get update -y -o Dir::Etc::sourcelist="sources.list.d/nodesource.list" \ -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" && \ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ @@ -65,7 +75,7 @@ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.21.5-alpine@sha256:eb05700fe7baa6890b74278e39b66b2ed1326831f9ec3ed4bdc6361a4ac2f333 +FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/LICENSE.md b/LICENSE.md index 9d262f02c3c..cb48d146dfd 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,4 +1,4 @@ -# Copyright (c) 2015, DefectDojo Maintainers, All rights reserved +### Copyright (c) 2015-2023 DefectDojo, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/NOTICE b/NOTICE index 49074cd6587..e939bd7fc99 100644 --- a/NOTICE +++ b/NOTICE @@ -6815,921 +6815,6 @@ library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. -numpy -1.21.2 -BSD License -Copyright (c) 2005-2021, NumPy Developers. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - * Neither the name of the NumPy Developers nor the names of any - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - ----- - -This binary distribution of NumPy also bundles the following software: - - -Name: OpenBLAS -Files: .libs/libopenb*.so -Description: bundled as a dynamically linked library -Availability: https://github.com/xianyi/OpenBLAS/ -License: 3-clause BSD - Copyright (c) 2011-2014, The OpenBLAS Project - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - 3. Neither the name of the OpenBLAS project nor the names of - its contributors may be used to endorse or promote products - derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -Name: LAPACK -Files: .libs/libopenb*.so -Description: bundled in OpenBLAS -Availability: https://github.com/xianyi/OpenBLAS/ -License 3-clause BSD - Copyright (c) 1992-2013 The University of Tennessee and The University - of Tennessee Research Foundation. All rights - reserved. - Copyright (c) 2000-2013 The University of California Berkeley. All - rights reserved. - Copyright (c) 2006-2013 The University of Colorado Denver. All rights - reserved. - - $COPYRIGHT$ - - Additional copyrights may follow - - $HEADER$ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - - - Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - - Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer listed - in this license in the documentation and/or other materials - provided with the distribution. - - - Neither the name of the copyright holders nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - - The copyright holders provide no reassurances that the source code - provided does not infringe any patent, copyright, or any other - intellectual property rights of third parties. The copyright holders - disclaim any liability to any recipient for claims brought against - recipient by any third party for infringement of that parties - intellectual property rights. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -Name: GCC runtime library -Files: .libs/libgfortran*.so -Description: dynamically linked to files compiled with gcc -Availability: https://gcc.gnu.org/viewcvs/gcc/ -License: GPLv3 + runtime exception - Copyright (C) 2002-2017 Free Software Foundation, Inc. - - Libgfortran is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3, or (at your option) - any later version. - - Libgfortran is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - Under Section 7 of GPL version 3, you are granted additional - permissions described in the GCC Runtime Library Exception, version - 3.1, as published by the Free Software Foundation. - - You should have received a copy of the GNU General Public License and - a copy of the GCC Runtime Library Exception along with this program; - see the files COPYING3 and COPYING.RUNTIME respectively. If not, see - . - ----- - -Full text of license texts referred to above follows (that they are -listed below does not necessarily imply the conditions apply to the -present binary release): - ----- - -GCC RUNTIME LIBRARY EXCEPTION - -Version 3.1, 31 March 2009 - -Copyright (C) 2009 Free Software Foundation, Inc. - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - -This GCC Runtime Library Exception ("Exception") is an additional -permission under section 7 of the GNU General Public License, version -3 ("GPLv3"). It applies to a given file (the "Runtime Library") that -bears a notice placed by the copyright holder of the file stating that -the file is governed by GPLv3 along with this Exception. - -When you use GCC to compile a program, GCC may combine portions of -certain GCC header files and runtime libraries with the compiled -program. The purpose of this Exception is to allow compilation of -non-GPL (including proprietary) programs to use, in this way, the -header files and runtime libraries covered by this Exception. - -0. Definitions. - -A file is an "Independent Module" if it either requires the Runtime -Library for execution after a Compilation Process, or makes use of an -interface provided by the Runtime Library, but is not otherwise based -on the Runtime Library. - -"GCC" means a version of the GNU Compiler Collection, with or without -modifications, governed by version 3 (or a specified later version) of -the GNU General Public License (GPL) with the option of using any -subsequent versions published by the FSF. - -"GPL-compatible Software" is software whose conditions of propagation, -modification and use would permit combination with GCC in accord with -the license of GCC. - -"Target Code" refers to output from any compiler for a real or virtual -target processor architecture, in executable form or suitable for -input to an assembler, loader, linker and/or execution -phase. Notwithstanding that, Target Code does not include data in any -format that is used as a compiler intermediate representation, or used -for producing a compiler intermediate representation. - -The "Compilation Process" transforms code entirely represented in -non-intermediate languages designed for human-written code, and/or in -Java Virtual Machine byte code, into Target Code. Thus, for example, -use of source code generators and preprocessors need not be considered -part of the Compilation Process, since the Compilation Process can be -understood as starting with the output of the generators or -preprocessors. - -A Compilation Process is "Eligible" if it is done using GCC, alone or -with other GPL-compatible software, or if it is done without using any -work based on GCC. For example, using non-GPL-compatible Software to -optimize any GCC intermediate representations would not qualify as an -Eligible Compilation Process. - -1. Grant of Additional Permission. - -You have permission to propagate a work of Target Code formed by -combining the Runtime Library with Independent Modules, even if such -propagation would otherwise violate the terms of GPLv3, provided that -all Target Code was generated by Eligible Compilation Processes. You -may then convey such a combination under terms of your choice, -consistent with the licensing of the Independent Modules. - -2. No Weakening of GCC Copyleft. - -The availability of this Exception does not imply any general -presumption that third-party software is unaffected by the copyleft -requirements of the license of GCC. - ----- - - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. - - oauthlib 3.1.1 BSD License diff --git a/README.md b/README.md index 751c847feb8..b0a3bd12372 100644 --- a/README.md +++ b/README.md @@ -1,107 +1,159 @@ # DefectDojo -[![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-orange.svg)](https://www.owasp.org/index.php/OWASP_DefectDojo_Project) [![GitHub release](https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg)](https://github.com/DefectDojo/django-DefectDojo) [![YouTube Subscribe](https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg)](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) ![Twitter Follow](https://img.shields.io/twitter/follow/defectdojo.svg?style=social&label=Follow) - -[![Unit Tests](https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master)](https://github.com/DefectDojo/django-DefectDojo/actions)[![Integration Tests](https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master)](https://github.com/DefectDojo/django-DefectDojo/actions) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2098/badge)](https://bestpractices.coreinfrastructure.org/projects/2098) + + + + + +
+ + Open Source Security Index - Fastest Growing Open Source Security Projects + + +

+ OWASP Flagship + GitHub release + YouTube Subscribe + Twitter Follow +

+

+ Unit Tests + Integration Tests + CII Best Practices +

+
![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/screenshot1.png) -[DefectDojo](https://www.defectdojo.org/) is a security orchestration and -vulnerability management platform. -DefectDojo allows you to manage your application security program, maintain -product and application information, triage vulnerabilities and -push findings to systems like JIRA and Slack. DefectDojo enriches and -refines vulnerability data using a number of heuristic algorithms that -improve with the more you use the platform. +[DefectDojo](https://www.defectdojo.com/) is a DevSecOps, ASPM (application security posture management), and +vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking, +deduplication, remediation, and reporting. ## Demo -Try out the demo sever at [demo.defectdojo.org](https://demo.defectdojo.org) +Try out DefectDojo on our demo server at [demo.defectdojo.org](https://demo.defectdojo.org) + +Log in with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible +and regularly reset. Do not put sensitive data in the demo. -Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessable and regularly reset. Do not put sensitive data in the demo. +## Quick Start for Compose V2 -## Quick Start +From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/). + +Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous +docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using +`docker compose` instead of `docker-compose`. ```sh +# Clone the project git clone https://github.com/DefectDojo/django-DefectDojo cd django-DefectDojo -# building -docker-compose build -# running -docker-compose up -# obtain admin credentials. the initializer can take up to 3 minutes to run -# use docker-compose logs -f initializer to track progress -docker-compose logs initializer | grep "Admin password:" + +# Building Docker images +./dc-build.sh + +# Run the application (for other profiles besides postgres-redis see +# https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md) +./dc-up-d.sh postgres-redis + +# Obtain admin credentials. The initializer can take up to 3 minutes to run. +# Use docker compose logs -f initializer to track its progress. +docker compose logs initializer | grep "Admin password:" ``` -Navigate to . +## For Docker Compose V1 +You can run Compose V1 by editing the files below to add the hyphen (-) between `docker compose`. +```sh + dc-build.sh + dc-down.sh + dc-stop.sh + dc-unittest.sh + dc-up-d.sh + dc-up.sh + docker/docker-compose-check.sh + docker/entrypoint-initializer.sh + docker/setEnv.sh +``` + +Navigate to `http://localhost:8080` to see your new instance! ## Documentation -- [Official Docs](https://defectdojo.github.io/django-DefectDojo/) ([latest](https://defectdojo.github.io/django-DefectDojo/) | [dev](https://defectdojo.github.io/django-DefectDojo/dev)) -- [REST APIs](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/) -- [Client APIs and Wrappers](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/#clients--api-wrappers) -- [Authentication Options](readme-docs/AVAILABLE-PLUGINS.md) +* [Official Docs](https://documentation.defectdojo.com/) + * [Docs for our `dev` branch](https://documentation.defectdojo.com/dev/) +* [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/) +* [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers) +* Authentication options: + * [OAuth2/SAML2](https://documentation.defectdojo.com/integrations/social-authentication/) + * [LDAP](https://documentation.defectdojo.com/integrations/ldap-authentication/) +* [Supported tools](https://documentation.defectdojo.com/integrations/parsers/) ## Supported Installation Options * [Docker / Docker Compose](readme-docs/DOCKER.md) -* [godojo](https://github.com/DefectDojo/godojo) - +* [SaaS](https://www.defectdojo.com/pricing) - Includes Support & Supports the Project +* [AWS AMI](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk) - Supports the Project ## Community, Getting Involved, and Updates -[Slack](https://owasp-slack.herokuapp.com/) +[Slack](https://owasp.org/slack/invite) [LinkedIn](https://www.linkedin.com/company/defectdojo) [Twitter](https://twitter.com/defectdojo) [Youtube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) -[Join the slack community](https://owasp-slack.herokuapp.com/) and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo. -Follow DefectDojo on [Twitter](https://twitter.com/defectdojo), [Linkedin](https://www.linkedin.com/company/defectdojo), and [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates! +[Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in +our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on +[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and +[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates! ## Contributing -See our [Contributing guidelines](readme-docs/CONTRIBUTING.md) -## Commercial Support and Training -Commercial support and training is availaible through [10Security](https://10security.com). +:warning: We have instituted a [feature freeze](https://github.com/DefectDojo/django-DefectDojo/discussions/8002) on v2 +of DefectDojo as we begin work on v3. Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more +information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/8974). -10Security was founded by the creators of DefectDojo. -For information please email info@10security.com or visit our [site](https://10security.com). +## Pro Edition +[Upgrade to DefectDojo Pro](https://www.defectdojo.com/pricing) today to take your DevSecOps to 11. DefectDojo Pro is +designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional +smart features, tunable deduplication, and support from DevSecOps experts. + +Alternatively, for information please email info@defectdojo.com ## About Us DefectDojo is maintained by: -* Greg Anderson ([@devGregA](https://github.com/devgrega) | [linkedin](https://www.linkedin.com/in/g-anderson/)) -* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver)| [linkedin](https://www.linkedin.com/in/aweaver/) | [@weavera](https://twitter.com/weavera)) -* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [linkedin](https://www.linkedin.com/in/matttesauro/) | [@matt_tesauro](https://twitter.com/matt_tesauro)) +* Greg Anderson ([@devGregA](https://github.com/devgrega) | [LinkedIn](https://www.linkedin.com/in/g-anderson/)) +* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [LinkedIn](https://www.linkedin.com/in/matttesauro/) | + [@matt_tesauro](https://twitter.com/matt_tesauro)) Core Moderators can help you with pull requests or feedback on dev ideas: -* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) | [sponsor](https://github.com/sponsors/valentijnscholten) | [linkedin](https://www.linkedin.com/in/valentijn-scholten/)) -* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [linkedin](https://www.linkedin.com/in/cody-maffucci)) +* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci)) Moderators can help you with pull requests or feedback on dev ideas: -* Damien Carol ([@damnielcarol](https://github.com/damiencarol) | [linkedin](https://www.linkedin.com/in/damien-carol/)) -* Stefan Fleckenstein ([@StefanFl](https://github.com/stefanfl) | ([linkedin](https://www.linkedin.com/in/stefan-fleckenstein-6a456a30/)) +* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/)) * Jannik Jürgens ([@alles-klar](https://github.com/alles-klar)) - +* Dubravko Sever ([@dsever](https://github.com/dsever)) +* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill)) +* Jay Paz ([@jjpaz](https://twitter.com/jjpaz)) +* Blake Owens ([@blakeaowens](https://github.com/blakeaowens)) ## Hall of Fame -* Fred Blaise ([@madchap](https://github.com/madchap) | [linkedin](https://www.linkedin.com/in/fredblaise/)) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures. -* Charles Neill ([@ccneill](https://twitter.com/ccneill)) – Charles served as a - DefectDojo Maintainer for years and wrote some of Dojo's core functionality. -* Jay Paz ([@jjpaz](https://twitter.com/jjpaz)) – Jay was a DefectDojo - maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements. - - -## Sponsors -[10Security](https://10security.com) -[ISAAC](https://isaac.nl) -[Tim Pagel](https://pagel.pro/) -[Cloudbees](https://cloudbees.com/) -[ARRIVAL](https://arrival.com) -[WeHackPurle](https://wehackpurple.com/) -[MiabornWolff]((https://www.maibornwolff.de/en)) + +* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) | + [Sponsor](https://github.com/sponsors/valentijnscholten) | + [LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years. + Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the + codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever + it was needed. +* Fred Blaise ([@madchap](https://github.com/madchap) | [LinkedIn](https://www.linkedin.com/in/fredblaise/)) - Fred + served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, + and architected important policies and procedures. +* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver) | [LinkedIn](https://www.linkedin.com/in/aweaver/)) - + Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his + contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many + more. ## Security @@ -109,4 +161,4 @@ Please report Security issues via our [disclosure policy](readme-docs/SECURITY.m ## License -DefectDojo is licensed under the [BSD Simplified license](LICENSE.md) +DefectDojo is licensed under the [BSD 3-Clause License](LICENSE.md) diff --git a/dojo/google_sheet/__init__.py b/components/node_modules/.gitkeep similarity index 100% rename from dojo/google_sheet/__init__.py rename to components/node_modules/.gitkeep diff --git a/components/package.json b/components/package.json index 698f070737f..9a57f7b78dd 100644 --- a/components/package.json +++ b/components/package.json @@ -1,43 +1,42 @@ { "name": "defectdojo", - "version": "2.7.0-dev", + "version": "2.32.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { "JUMFlot": "jumjum123/JUMFlot#*", - "bootstrap": "^3.4.0", + "bootstrap": "^3.4.1", "bootstrap-select": "^1.13.18", "bootstrap-social": "^4.0.0", "bootstrap-wysiwyg": "^2.0.0", - "bootswatch": "3.4.1", "chosen-bootstrap": "https://github.com/dbtek/chosen-bootstrap", "chosen-js": "^1.8.7", - "clipboard": "^2.0.8", - "components-jqueryui": "^1.0.0", - "datatables.net": "^1.11.3", - "datatables.net-buttons-bs": "^2.1.1", - "datatables.net-buttons-dt": "^2.1.1", - "datatables.net-colreorder": "^1.5.5", - "datatables.net-dt": "^1.11.3", + "clipboard": "^2.0.11", + "datatables.net": "^1.13.4", + "datatables.net-buttons-bs": "^2.3.6", + "datatables.net-buttons-dt": "^2.3.6", + "datatables.net-colreorder": "^1.6.1", + "datatables.net-dt": "^1.13.4", "drmonty-datatables-plugins": "^1.0.0", "drmonty-datatables-responsive": "^1.0.0", - "easymde": "^2.15.0", + "easymde": "^2.18.0", "flot": "flot/flot#~0.8.3", "flot-axis": "markrcote/flot-axislabels#*", "font-awesome": "^4.0.0", "fullcalendar": "^3.10.2", "google-code-prettify": "^1.0.0", - "jquery": "^3.6.0", + "jquery": "^3.7.0", "jquery-highlight": "3.5.0", + "jquery-ui": "1.13.2", "jquery.cookie": "1.4.1", "jquery.flot.tooltip": "^0.9.0", "jquery.hotkeys": "jeresig/jquery.hotkeys#master", - "jszip": "^3.7.1", - "justgage": "^1.5.1", + "jszip": "^3.10.1", + "justgage": "^1.6.1", "metismenu": "~3.0.7", - "moment": "^2.29.1", + "moment": "^2.29.4", "morris.js": "morrisjs/morris.js", - "pdfmake": "^0.2.4", + "pdfmake": "^0.2.7", "startbootstrap-sb-admin-2": "1.0.7" }, "engines": { diff --git a/components/yarn.lock b/components/yarn.lock index 7502f1f45ad..aa0b2b6ccdd 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -42,27 +42,27 @@ resolved "https://registry.yarnpkg.com/@foliojs-fork/restructure/-/restructure-2.0.2.tgz#73759aba2aff1da87b7c4554e6839c70d43c92b4" integrity sha512-59SgoZ3EXbkfSX7b63tsou/SDGzwUEK6MuB5sKqgVK1/XE0fxmpsOb9DQI8LXW3KfGnAjImCGhhEb7uPPAUVNA== -"@types/codemirror@0.0.109": - version "0.0.109" - resolved "https://registry.yarnpkg.com/@types/codemirror/-/codemirror-0.0.109.tgz#89d575ff1c7b462c4c3b8654f8bb38e5622e9036" - integrity sha512-cSdiHeeLjvGn649lRTNeYrVCDOgDrtP+bDDSFDd1TF+i0jKGPDRozno2NOJ9lTniso+taiv4kiVS8dgM8Jm5lg== +"@types/codemirror@^5.60.4": + version "5.60.7" + resolved "https://registry.yarnpkg.com/@types/codemirror/-/codemirror-5.60.7.tgz#efbb78e5e79f90c6762c2127c02096648e600808" + integrity sha512-QXIC+RPzt/1BGSuD6iFn6UMC9TDp+9hkOANYNPVsjjrDdzKphfRkwQDKGp2YaC54Yhz0g6P5uYTCCibZZEiMAA== dependencies: "@types/tern" "*" "@types/estree@*": - version "0.0.47" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.47.tgz#d7a51db20f0650efec24cd04994f523d93172ed4" - integrity sha512-c5ciR06jK8u9BstrmJyO97m+klJrrhCf9u3rLu3DEAJBirxRqSCvDQoYKmxuYwQI5SZChAWu+tq9oVlGRuzPAg== + version "1.0.0" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.0.tgz#5fb2e536c1ae9bf35366eed879e827fa59ca41c2" + integrity sha512-WulqXMDUTYAXCjZnk6JtIHPigp55cVtDgDrO2gHRwhyJto21+1zbVCtOYB2L1F9w4qCQ0rOGWBnBe0FNTiEJIQ== -"@types/marked@^2.0.2": - version "2.0.2" - resolved "https://registry.yarnpkg.com/@types/marked/-/marked-2.0.2.tgz#33a15106383f6e42cd6bdd38093e6b19904e29e1" - integrity sha512-P4zanhCQKs4tiWPPBGpB7lHflgFCP9DFGNI5YtpW9MALKoy2qs9rHNWJ+z55cegD9uCfnmsKuaosq9FNvbxrOw== +"@types/marked@^4.0.7": + version "4.0.8" + resolved "https://registry.yarnpkg.com/@types/marked/-/marked-4.0.8.tgz#b316887ab3499d0a8f4c70b7bd8508f92d477955" + integrity sha512-HVNzMT5QlWCOdeuBsgXP8EZzKUf0+AXzN+sLmjvaB3ZlLqO+e4u0uXrdw9ub69wBKFs+c6/pA4r9sy6cCDvImw== "@types/tern@*": - version "0.23.3" - resolved "https://registry.yarnpkg.com/@types/tern/-/tern-0.23.3.tgz#4b54538f04a88c9ff79de1f6f94f575a7f339460" - integrity sha512-imDtS4TAoTcXk0g7u4kkWqedB3E4qpjXzCpD2LU5M5NAXHzCDsypyvXSaG7mM8DKYkCRa7tFp4tS/lp/Wo7Q3w== + version "0.23.4" + resolved "https://registry.yarnpkg.com/@types/tern/-/tern-0.23.4.tgz#03926eb13dbeaf3ae0d390caf706b2643a0127fb" + integrity sha512-JAUw1iXGO1qaWwEOzxTKJZ/5JxVeON9kvGZ/osgZaJImBnyjyn0cjovPsf6FNLmyGY8Vw9DoXZCMlfMkMwHRWg== dependencies: "@types/estree" "*" @@ -85,24 +85,24 @@ acorn-walk@^7.0.0: integrity sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA== acorn@^7.0.0: - version "7.4.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c" - integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w== + version "7.4.1" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa" + integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A== amdefine@>=0.0.4: version "1.0.1" resolved "https://registry.yarnpkg.com/amdefine/-/amdefine-1.0.1.tgz#4a5282ac164729e93619bcfd3ad151f817ce91f5" - integrity sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU= + integrity sha512-S2Hw0TtNkMJhIabBwIojKL9YHO5T0n5eNqWJ7Lrlel/zDbftQpxpapi8tZs3X1HWa+u+QeydGmzzNU0m09+Rcg== array-from@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/array-from/-/array-from-2.1.1.tgz#cfe9d8c26628b9dc5aecc62a9f5d8f1f352c1195" - integrity sha1-z+nYwmYoudxa7MYqn12PHzUsEZU= + integrity sha512-GQTc6Uupx1FCavi5mPzBvVT7nEOeWMmUA9P95wpfpW1XwMSKs+KaymD5C2Up7KAUKg/mYwbsUYzdZWcoajlNZg== ast-transform@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/ast-transform/-/ast-transform-0.0.0.tgz#74944058887d8283e189d954600947bc98fe0062" - integrity sha1-dJRAWIh9goPhidlUYAlHvJj+AGI= + integrity sha512-e/JfLiSoakfmL4wmTGPjv0HpTICVmxwXgYOB8x+mzozHL8v+dSfCbrJ8J8hJ0YBP0XcYu1aLZ6b/3TnxNK3P2A== dependencies: escodegen "~1.2.0" esprima "~1.0.4" @@ -111,13 +111,18 @@ ast-transform@0.0.0: ast-types@^0.7.0: version "0.7.8" resolved "https://registry.yarnpkg.com/ast-types/-/ast-types-0.7.8.tgz#902d2e0d60d071bdcd46dc115e1809ed11c138a9" - integrity sha1-kC0uDWDQcb3NRtwRXhgJ7RHBOKk= + integrity sha512-RIOpVnVlltB6PcBJ5BMLx+H+6JJ/zjDGU0t7f0L6c2M1dqcK92VQopLBlPQ9R80AVXelfqYgjcPLtHtDbNFg0Q== -base64-js@1.3.1, base64-js@^1.1.2, base64-js@^1.3.0: +base64-js@1.3.1: version "1.3.1" resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1" integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g== +base64-js@^1.1.2, base64-js@^1.3.0: + version "1.5.1" + resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" + integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + bootstrap-select@^1.13.18: version "1.13.18" resolved "https://registry.yarnpkg.com/bootstrap-select/-/bootstrap-select-1.13.18.tgz#4557119d58dc1159189977161c803962220e4dda" @@ -126,7 +131,7 @@ bootstrap-select@^1.13.18: bootstrap-social@^4.0.0: version "4.11.0" resolved "https://registry.yarnpkg.com/bootstrap-social/-/bootstrap-social-4.11.0.tgz#7896d176fe366b06992196945a13fc9bfa6061b2" - integrity sha1-eJbRdv42awaZIZaUWhP8m/pgYbI= + integrity sha512-HRw6gtrMNjhe/PDNNuDdnvI9RFxOiCIlCcmRUF/qgM95G8nIXV2EYDtCgDJU/xGZIxMEUmoFc3tZKAsoPgH92w== dependencies: bootstrap "~3" font-awesome "~4.4" @@ -134,18 +139,13 @@ bootstrap-social@^4.0.0: bootstrap-wysiwyg@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/bootstrap-wysiwyg/-/bootstrap-wysiwyg-2.0.1.tgz#ed9c7a7e2e33c5931b0f8d974c11268baf39a8ba" - integrity sha1-7Zx6fi4zxZMbD42XTBEmi685qLo= + integrity sha512-lZsz2sU0NoOJmUaVg86ZJHmNXSfAb13EThfzMhY1K/nUAXPHcBPAxvG3sIfaonKkchEDDAI1jAWxQUsmvsOR4A== -bootstrap@^3.4.0, bootstrap@~3: +bootstrap@^3.4.1, bootstrap@~3: version "3.4.1" resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-3.4.1.tgz#c3a347d419e289ad11f4033e3c4132b87c081d72" integrity sha512-yN5oZVmRCwe5aKwzRj6736nSmKDX7pLYwsXiCj/EYmo16hODaBiT4En5btW/jhBF/seV+XMx3aYwukYC3A49DA== -bootswatch@3.4.1: - version "3.4.1" - resolved "https://registry.yarnpkg.com/bootswatch/-/bootswatch-3.4.1.tgz#50aed16fb04ec791c3dd8831515c29d4a757fdb9" - integrity sha512-0hL4A8OUiqABgPipGrojf/hyhr5RS257xCNARlbK34HaMfhV5fXvwEooN4/ri9+jgX47J4Wg24ZPmfZ2xD2cKw== - brfs@^2.0.0, brfs@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/brfs/-/brfs-2.0.2.tgz#44237878fa82aa479ce4f5fe2c1796ec69f07845" @@ -157,9 +157,9 @@ brfs@^2.0.0, brfs@^2.0.2: through2 "^2.0.0" brotli@^1.2.0: - version "1.3.2" - resolved "https://registry.yarnpkg.com/brotli/-/brotli-1.3.2.tgz#525a9cad4fcba96475d7d388f6aecb13eed52f46" - integrity sha1-UlqcrU/LqWR119OI9q7LE+7VL0Y= + version "1.3.3" + resolved "https://registry.yarnpkg.com/brotli/-/brotli-1.3.3.tgz#7365d8cc00f12cf765d2b2c898716bcf4b604d48" + integrity sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg== dependencies: base64-js "^1.1.2" @@ -173,7 +173,7 @@ browser-resolve@^1.8.1: browserify-optional@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/browserify-optional/-/browserify-optional-1.0.1.tgz#1e13722cfde0d85f121676c2a72ced533a018869" - integrity sha1-HhNyLP3g2F8SFnbCpyztUzoBiGk= + integrity sha512-VrhjbZ+Ba5mDiSYEuPelekQMfTbhcA2DhLk2VQWqdcCROWeFqlTcXZ7yfRkXCIl8E+g4gINJYJiRB7WEtfomAQ== dependencies: ast-transform "0.0.0" ast-types "^0.7.0" @@ -182,12 +182,20 @@ browserify-optional@^1.0.1: buffer-equal@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-0.0.1.tgz#91bc74b11ea405bc916bc6aa908faafa5b4aac4b" - integrity sha1-kbx0sR6kBbyRa8aqkI+q+ltKrEs= + integrity sha512-RgSV6InVQ9ODPdLWJ5UAqBqJBOg370Nz6ZQtRzpt6nUjc8v0St97uJ4PYC6NztqIScrAXafKM3mZPMygSe1ggA== buffer-from@^1.0.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef" - integrity sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A== + version "1.1.2" + resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" + integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== + +call-bind@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c" + integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA== + dependencies: + function-bind "^1.1.1" + get-intrinsic "^1.0.2" "chosen-bootstrap@https://github.com/dbtek/chosen-bootstrap": version "0.0.0" @@ -198,10 +206,10 @@ chosen-js@^1.8.7: resolved "https://registry.yarnpkg.com/chosen-js/-/chosen-js-1.8.7.tgz#9bfa5597f5081d602ff4ae904af9aef33265bb1d" integrity sha512-eVdrZJ2U5ISdObkgsi0od5vIJdLwq1P1Xa/Vj/mgxkMZf14DlgobfB6nrlFi3kW4kkvKLsKk4NDqZj1MU1DCpw== -clipboard@^2.0.8: - version "2.0.8" - resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.8.tgz#ffc6c103dd2967a83005f3f61976aa4655a4cdba" - integrity sha512-Y6WO0unAIQp5bLmk1zdThRhgJt/x3ks6f30s3oE3H1mgIEU33XyQjEf8gsf6DxC7NPX8Y1SsNWjUjL/ywLnnbQ== +clipboard@^2.0.11: + version "2.0.11" + resolved "https://registry.yarnpkg.com/clipboard/-/clipboard-2.0.11.tgz#62180360b97dd668b6b3a84ec226975762a70be5" + integrity sha512-C+0bbOqkezLIsmWSvlsXS0Q0bmkugu7jcfMIACB+RDEntIzQIkdr148we28AfSloQLRdZlYL/QYyrq05j/3Faw== dependencies: good-listener "^1.2.2" select "^1.1.2" @@ -210,24 +218,19 @@ clipboard@^2.0.8: clone@^1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/clone/-/clone-1.0.4.tgz#da309cc263df15994c688ca902179ca3c7cd7c7e" - integrity sha1-2jCcwmPfFZlMaIypAheco8fNfH4= + integrity sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg== codemirror-spell-checker@1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/codemirror-spell-checker/-/codemirror-spell-checker-1.1.2.tgz#1c660f9089483ccb5113b9ba9ca19c3f4993371e" - integrity sha1-HGYPkIlIPMtRE7m6nKGcP0mTNx4= + integrity sha512-2Tl6n0v+GJRsC9K3MLCdLaMOmvWL0uukajNJseorZJsslaxZyZMgENocPU8R0DyoTAiKsyqiemSOZo7kjGV0LQ== dependencies: typo-js "*" -codemirror@^5.61.0: - version "5.61.0" - resolved "https://registry.yarnpkg.com/codemirror/-/codemirror-5.61.0.tgz#318e5b034a707207948b92ffc2862195e8fdb08e" - integrity sha512-D3wYH90tYY1BsKlUe0oNj2JAhQ9TepkD51auk3N7q+4uz7A/cgJ5JsWHreT0PqieW1QhOuqxQ2reCXV1YXzecg== - -components-jqueryui@^1.0.0: - version "1.12.1" - resolved "https://registry.yarnpkg.com/components-jqueryui/-/components-jqueryui-1.12.1.tgz#617076f128f3be4c265f3e2db50471ef96cd9cee" - integrity sha1-YXB28SjzvkwmXz4ttQRx75bNnO4= +codemirror@^5.63.1: + version "5.65.12" + resolved "https://registry.yarnpkg.com/codemirror/-/codemirror-5.65.12.tgz#294fdf097d10ac5b56a9e011a91eff252afc73ae" + integrity sha512-z2jlHBocElRnPYysN2HAuhXbO3DNB0bcSKmNz3hcWR2Js2Dkhc1bEOxG93Z3DeUrnm+qx56XOY5wQmbP5KY0sw== concat-stream@~1.6.0: version "1.6.2" @@ -240,21 +243,19 @@ concat-stream@~1.6.0: typedarray "^0.0.6" convert-source-map@^1.5.1: - version "1.7.0" - resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.7.0.tgz#17a2cb882d7f77d3490585e2ce6c524424a3a442" - integrity sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA== - dependencies: - safe-buffer "~5.1.1" + version "1.9.0" + resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.9.0.tgz#7faae62353fb4213366d0ca98358d22e8368b05f" + integrity sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A== core-util-is@~1.0.0: - version "1.0.2" - resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" - integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= + version "1.0.3" + resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85" + integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== crypto-js@^4.0.0: - version "4.1.1" - resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf" - integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw== + version "4.2.0" + resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631" + integrity sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q== d@1, d@^1.0.1: version "1.0.1" @@ -264,65 +265,65 @@ d@1, d@^1.0.1: es5-ext "^0.10.50" type "^1.0.1" -dash-ast@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/dash-ast/-/dash-ast-1.0.0.tgz#12029ba5fb2f8aa6f0a861795b23c1b4b6c27d37" - integrity sha512-Vy4dx7gquTeMcQR/hDkYLGUnwVil6vk4FOOct+djUnHOUWt+zJPJAaRIXaAFkPXtJjvlY7o3rfRu0/3hpnwoUA== +dash-ast@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/dash-ast/-/dash-ast-2.0.1.tgz#8d0fd2e601c59bf874cc22877ee7dd889f54dee8" + integrity sha512-5TXltWJGc+RdnabUGzhRae1TRq6m4gr+3K2wQX0is5/F2yS6MJXJvLyI3ErAnsAXuJoGqvfVD5icRgim07DrxQ== -datatables.net-bs@>=1.11.3: - version "1.11.3" - resolved "https://registry.yarnpkg.com/datatables.net-bs/-/datatables.net-bs-1.11.3.tgz#4bca92330474733e0936db631fc12021f257a095" - integrity sha512-Db1YwAhO0QAWQbZTsKriUrOInT66+xaA+fV616KTKpQt5Zt+p6OsEKK+xv8LxLgG8qu5dPwMBlkhqSiS/hV2sg== +datatables.net-bs@>=1.12.1: + version "1.13.4" + resolved "https://registry.yarnpkg.com/datatables.net-bs/-/datatables.net-bs-1.13.4.tgz#cdab0810f800c21b44ca5c9422120119da13178f" + integrity sha512-Do+O8HP8xVoayizysOWDBxURDbDmLAKiXDAp0cFl1RFFb5v/SIl+zuBZ03FXjdEs3JN5OksPMcY7WYeHZCaFeQ== dependencies: - datatables.net ">=1.10.25" + datatables.net ">=1.12.1" jquery ">=1.7" -datatables.net-buttons-bs@^2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/datatables.net-buttons-bs/-/datatables.net-buttons-bs-2.1.1.tgz#c90fb44bb2e96e45b4c66c423a89a5625edb1f4d" - integrity sha512-fKCyJs4vy3kXn/ztWdUfhc/nABDgwp7va36epRgRN0bFwLCOdZSlH7HeYKrWGvNuPf1ZCZ9OG4CgTHjcO6XW3g== +datatables.net-buttons-bs@^2.3.6: + version "2.3.6" + resolved "https://registry.yarnpkg.com/datatables.net-buttons-bs/-/datatables.net-buttons-bs-2.3.6.tgz#db92dffd68432816cd3c177f30d5b5099452c061" + integrity sha512-7ZYZJpMDpLBgdUQO2lgdqwUT4aO00DMuCNonaKtpYkwsSAgoOS5mJye+EZEv4hr4zOh9tBWcrMGSgNT/Ffk+LQ== dependencies: - datatables.net-bs ">=1.11.3" - datatables.net-buttons ">=2.0.1" + datatables.net-bs ">=1.12.1" + datatables.net-buttons ">=2.2.3" jquery ">=1.7" -datatables.net-buttons-dt@^2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/datatables.net-buttons-dt/-/datatables.net-buttons-dt-2.1.1.tgz#a276707b04dae48d2547d823d1e0fcb44e2c70b8" - integrity sha512-oPTEHv4NpVgbZPprh+JE2g3FiiTPZ10IhYMyB1+IzVlSwMeQgq1a4a1OL2AvGdRyZkUvHMJUjFrwH58XUjNc1Q== +datatables.net-buttons-dt@^2.3.6: + version "2.3.6" + resolved "https://registry.yarnpkg.com/datatables.net-buttons-dt/-/datatables.net-buttons-dt-2.3.6.tgz#43f1ba2775c1a011ca955f128f1e1c7e5cf1df72" + integrity sha512-SF91mQCPePbjp/Tct2TWlwywaEH/qjdYQf71f7puHBXPre2vvJhy4aJhoyJMfgIOkEzS7Duw6anlBSUC26JqhQ== dependencies: - datatables.net-buttons ">=2.0.1" - datatables.net-dt ">=1.11.3" + datatables.net-buttons ">=2.2.3" + datatables.net-dt ">=1.12.1" jquery ">=1.7" -datatables.net-buttons@>=2.0.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/datatables.net-buttons/-/datatables.net-buttons-2.1.1.tgz#5969913415aac9013ed269dbb61d7f732399f06c" - integrity sha512-MLHKIOlwWfZ1I6vI+w7B0w7szWDkuelTVnwuNXGhh0nMV2hP9nL7t0zgfxPraOmbVXAmJnHQa4o7pd1PfKbJ3g== +datatables.net-buttons@>=2.2.3: + version "2.3.6" + resolved "https://registry.yarnpkg.com/datatables.net-buttons/-/datatables.net-buttons-2.3.6.tgz#68d74ccfb282a558e4a9d525871b20e017f7fea3" + integrity sha512-9eid5D2kbTNfGCOiEx5WBHlwfK38W1LMz0AiNZHoSqKAiO0aXGfzrH7L2eY6reHgVMaPvHPAnqeRAjvOul2V/Q== dependencies: - datatables.net ">=1.11.3" + datatables.net ">=1.12.1" jquery ">=1.7" -datatables.net-colreorder@^1.5.5: - version "1.5.5" - resolved "https://registry.yarnpkg.com/datatables.net-colreorder/-/datatables.net-colreorder-1.5.5.tgz#0de93e460cba5eb0167c0c491a2da0c76a2e3b12" - integrity sha512-AUwv5A/87I4hg7GY/WbhRrDhqng9b019jLvvKutHibSPCEtMDWqyNtuP0q8zYoquqU9UQ1/nqXLW/ld8TzIDYQ== +datatables.net-colreorder@^1.6.1: + version "1.6.2" + resolved "https://registry.yarnpkg.com/datatables.net-colreorder/-/datatables.net-colreorder-1.6.2.tgz#27a29d2ea34fc60ce831bade51633d90293404d3" + integrity sha512-PrBzZA2mzBsI6NAMbgUykSdmZ3VJsf46chkeBy/1oiyArGc1e1/a5PLyb0HybkbZaFPWxeGxDAEJDVesC7j9pA== dependencies: - datatables.net ">=1.11.3" + datatables.net ">=1.12.1" jquery ">=1.7" -datatables.net-dt@>=1.11.3, datatables.net-dt@^1.11.3: - version "1.11.3" - resolved "https://registry.yarnpkg.com/datatables.net-dt/-/datatables.net-dt-1.11.3.tgz#242556a490585b457b7d2b9f5fd8fb10761d621b" - integrity sha512-EX/thRwXpQRj8hZSb+ZMDNQ4uW1zLZa9BoAhhw1b5HIDH1nJ9WRTkERsoxE+3WISeX8bDiaEydf8TTQBSqxXVw== +datatables.net-dt@>=1.12.1, datatables.net-dt@^1.13.4: + version "1.13.4" + resolved "https://registry.yarnpkg.com/datatables.net-dt/-/datatables.net-dt-1.13.4.tgz#ec32d22a02772ee6dda2677032cb6b24f3f5e4d0" + integrity sha512-QAvuEej/qKSiaSmSeDQ36wWO72XzFGKkd0jdiqbp+2FHAAzIk+ffsqQAwylystMoBSiO0zlcdaqHoAPa5Dy7Pg== dependencies: - datatables.net ">=1.10.25" + datatables.net ">=1.12.1" jquery ">=1.7" -datatables.net@>=1.10.25, datatables.net@>=1.11.3, datatables.net@^1.11.3: - version "1.11.3" - resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-1.11.3.tgz#80e691036efcd62467558ee64c07dd566cb761b4" - integrity sha512-VMj5qEaTebpNurySkM6jy6sGpl+s6onPK8xJhYr296R/vUBnz1+id16NVqNf9z5aR076OGcpGHCuiTuy4E05oQ== +datatables.net@>=1.12.1, datatables.net@^1.13.4: + version "1.13.4" + resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-1.13.4.tgz#9a809cee82eca0a884e10b4d47a3a3d6e65e9fe7" + integrity sha512-yzhArTOB6tPO2QFKm1z3hA4vabtt2hRvgw8XLsT1xqEirinfGYqWDiWXlkTPTaJv2e7gG+Kf985sXkzBFlGrGQ== dependencies: jquery ">=1.7" @@ -339,16 +340,17 @@ deep-equal@^1.0.0: regexp.prototype.flags "^1.2.0" deep-is@~0.1.3: - version "0.1.3" - resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34" - integrity sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ= + version "0.1.4" + resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831" + integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ== define-properties@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.3.tgz#cf88da6cbee26fe6db7094f61d870cbd84cee9f1" - integrity sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ== + version "1.2.0" + resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.0.tgz#52988570670c9eacedd8064f4a990f2405849bd5" + integrity sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA== dependencies: - object-keys "^1.0.12" + has-property-descriptors "^1.0.0" + object-keys "^1.1.1" delegate@^3.1.2: version "3.2.0" @@ -363,92 +365,48 @@ dfa@^1.2.0: drmonty-datatables-plugins@^1.0.0: version "1.10.12" resolved "https://registry.yarnpkg.com/drmonty-datatables-plugins/-/drmonty-datatables-plugins-1.10.12.tgz#32fd57f562c938c2da4445cea9675330dd968eb1" - integrity sha1-Mv1X9WLJOMLaREXOqWdTMN2WjrE= + integrity sha512-IhyTEXzyHlIFTT9SOOgLidebGuuikPtm3O7sX6D5CL2K6JAURnOp8ZKRuhZG7p3oTjYUnzr7i77l/YhQ9DnEjQ== dependencies: jquery ">=1.7" drmonty-datatables-responsive@^1.0.0: version "1.0.6" resolved "https://registry.yarnpkg.com/drmonty-datatables-responsive/-/drmonty-datatables-responsive-1.0.6.tgz#1c5c1de5ece54eefacf39f95daf75c43b7fffefd" - integrity sha1-HFwd5ezlTu+s85+V2vdcQ7f//v0= + integrity sha512-2boqoLJ6FxXgtZ6KVtguX5wN5YTTi72TgLekjvziNXmy8a6LZ+5XhwtgcZxHcFeOU0gWIPqFCHi2Pvp+OKidiA== dependencies: jquery ">=1.7.0" duplexer2@~0.1.4: version "0.1.4" resolved "https://registry.yarnpkg.com/duplexer2/-/duplexer2-0.1.4.tgz#8b12dab878c0d69e3e7891051662a32fc6bddcc1" - integrity sha1-ixLauHjA1p4+eJEFFmKjL8a93ME= + integrity sha512-asLFVfWWtJ90ZyOUHMqk7/S2w2guQKxUI2itj3d92ADHhxUSbCMGi1f1cBcJ7xM1To+pE/Khbwo1yuNbMEPKeA== dependencies: readable-stream "^2.0.2" -easymde@^2.15.0: - version "2.15.0" - resolved "https://registry.yarnpkg.com/easymde/-/easymde-2.15.0.tgz#73667c4879d8687b07651d6259ee652bba5d0b00" - integrity sha512-9jMRIVvKt1d0UjRN45yotUYECAM4xvw0TTAQw8sYDONP++keWJVnd8Xrn+V+vQEN/v9/X0SWEoo1rFSgCooGpw== +easymde@^2.18.0: + version "2.18.0" + resolved "https://registry.yarnpkg.com/easymde/-/easymde-2.18.0.tgz#ff1397d07329b1a7b9187d2d0c20766fa16b3b1b" + integrity sha512-IxVVUxNWIoXLeqtBU4BLc+eS/ScYhT1Dcb6yF5Wchoj1iXAV+TIIDWx+NCaZhY7RcSHqDPKllbYq7nwGKILnoA== dependencies: - "@types/codemirror" "0.0.109" - "@types/marked" "^2.0.2" - codemirror "^5.61.0" + "@types/codemirror" "^5.60.4" + "@types/marked" "^4.0.7" + codemirror "^5.63.1" codemirror-spell-checker "1.1.2" - marked "^2.0.3" + marked "^4.1.0" -es-abstract@^1.17.0-next.1, es-abstract@^1.17.5: - version "1.17.6" - resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.17.6.tgz#9142071707857b2cacc7b89ecb670316c3e2d52a" - integrity sha512-Fr89bON3WFyUi5EvAeI48QTWX0AyekGgLA8H+c+7fbfCkJwRWRMLd8CQedNEyJuoYYhmtEqY92pgte1FAhBlhw== +es5-ext@^0.10.35, es5-ext@^0.10.50, es5-ext@^0.10.62, es5-ext@~0.10.14: + version "0.10.62" + resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.62.tgz#5e6adc19a6da524bf3d1e02bbc8960e5eb49a9a5" + integrity sha512-BHLqn0klhEpnOKSrzn/Xsz2UIW8j+cGmo9JLzr8BiUapV8hPL9+FliFqjwr9ngW7jWdnxv6eO+/LqyhJVqgrjA== dependencies: - es-to-primitive "^1.2.1" - function-bind "^1.1.1" - has "^1.0.3" - has-symbols "^1.0.1" - is-callable "^1.2.0" - is-regex "^1.1.0" - object-inspect "^1.7.0" - object-keys "^1.1.1" - object.assign "^4.1.0" - string.prototype.trimend "^1.0.1" - string.prototype.trimstart "^1.0.1" - -es-abstract@^1.18.0-next.0: - version "1.18.0-next.0" - resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.18.0-next.0.tgz#b302834927e624d8e5837ed48224291f2c66e6fc" - integrity sha512-elZXTZXKn51hUBdJjSZGYRujuzilgXo8vSPQzjGYXLvSlGiCo8VO8ZGV3kjo9a0WNJJ57hENagwbtlRuHuzkcQ== - dependencies: - es-to-primitive "^1.2.1" - function-bind "^1.1.1" - has "^1.0.3" - has-symbols "^1.0.1" - is-callable "^1.2.0" - is-negative-zero "^2.0.0" - is-regex "^1.1.1" - object-inspect "^1.8.0" - object-keys "^1.1.1" - object.assign "^4.1.0" - string.prototype.trimend "^1.0.1" - string.prototype.trimstart "^1.0.1" + es6-iterator "^2.0.3" + es6-symbol "^3.1.3" + next-tick "^1.1.0" -es-to-primitive@^1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.2.1.tgz#e55cd4c9cdc188bcefb03b366c736323fc5c898a" - integrity sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA== - dependencies: - is-callable "^1.1.4" - is-date-object "^1.0.1" - is-symbol "^1.0.2" - -es5-ext@^0.10.35, es5-ext@^0.10.50, es5-ext@~0.10.14: - version "0.10.53" - resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.53.tgz#93c5a3acfdbef275220ad72644ad02ee18368de1" - integrity sha512-Xs2Stw6NiNHWypzRTY1MtaG/uJlwCk8kH81920ma8mvN8Xq1gsfhZvpkImLQArw8AHnv8MT2I45J3c0R8slE+Q== - dependencies: - es6-iterator "~2.0.3" - es6-symbol "~3.1.3" - next-tick "~1.0.0" - -es6-iterator@~2.0.1, es6-iterator@~2.0.3: +es6-iterator@^2.0.3, es6-iterator@~2.0.1, es6-iterator@~2.0.3: version "2.0.3" resolved "https://registry.yarnpkg.com/es6-iterator/-/es6-iterator-2.0.3.tgz#a7de889141a05a94b0854403b2d0a0fbfa98f3b7" - integrity sha1-p96IkUGgWpSwhUQDstCg+/qY87c= + integrity sha512-zw4SRzoUkd+cl+ZoE15A9o1oQd920Bb0iOJMQkQhl3jNc03YqVjAhG7scf9C5KWRU/R13Orf588uCC6525o02g== dependencies: d "1" es5-ext "^0.10.35" @@ -457,7 +415,7 @@ es6-iterator@~2.0.1, es6-iterator@~2.0.3: es6-map@^0.1.5: version "0.1.5" resolved "https://registry.yarnpkg.com/es6-map/-/es6-map-0.1.5.tgz#9136e0503dcc06a301690f0bb14ff4e364e949f0" - integrity sha1-kTbgUD3MBqMBaQ8LsU/042TpSfA= + integrity sha512-mz3UqCh0uPCIqsw1SSAkB/p0rOzF/M0V++vyN7JqlPtSW/VsYgQBvVvqMLmfBuyMzTpLnNqi6JmcSizs4jy19A== dependencies: d "1" es5-ext "~0.10.14" @@ -467,25 +425,18 @@ es6-map@^0.1.5: event-emitter "~0.3.5" es6-set@^0.1.5, es6-set@~0.1.5: - version "0.1.5" - resolved "https://registry.yarnpkg.com/es6-set/-/es6-set-0.1.5.tgz#d2b3ec5d4d800ced818db538d28974db0a73ccb1" - integrity sha1-0rPsXU2ADO2BjbU40ol02wpzzLE= + version "0.1.6" + resolved "https://registry.yarnpkg.com/es6-set/-/es6-set-0.1.6.tgz#5669e3b2aa01d61a50ba79964f733673574983b8" + integrity sha512-TE3LgGLDIBX332jq3ypv6bcOpkLO0AslAQo7p2VqX/1N46YNsvIWgvjojjSEnWEGWMhr1qUbYeTSir5J6mFHOw== dependencies: - d "1" - es5-ext "~0.10.14" - es6-iterator "~2.0.1" - es6-symbol "3.1.1" - event-emitter "~0.3.5" - -es6-symbol@3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/es6-symbol/-/es6-symbol-3.1.1.tgz#bf00ef4fdab6ba1b46ecb7b629b4c7ed5715cc77" - integrity sha1-vwDvT9q2uhtG7Le2KbTH7VcVzHc= - dependencies: - d "1" - es5-ext "~0.10.14" + d "^1.0.1" + es5-ext "^0.10.62" + es6-iterator "~2.0.3" + es6-symbol "^3.1.3" + event-emitter "^0.3.5" + type "^2.7.2" -es6-symbol@^3.1.1, es6-symbol@~3.1.1, es6-symbol@~3.1.3: +es6-symbol@^3.1.1, es6-symbol@^3.1.3, es6-symbol@~3.1.1: version "3.1.3" resolved "https://registry.yarnpkg.com/es6-symbol/-/es6-symbol-3.1.3.tgz#bad5d3c1bcdac28269f4cb331e431c78ac705d18" integrity sha512-NJ6Yn3FuDinBaBRWl/q5X/s4koRHBrgKAu+yGI6JCBeiu3qrcbJhwT2GeR/EXVfylRk8dpQVJoLEFhK+Mu31NA== @@ -508,7 +459,7 @@ escodegen@^1.11.1: escodegen@~1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.2.0.tgz#09de7967791cc958b7f89a2ddb6d23451af327e1" - integrity sha1-Cd55Z3kcyVi3+Jot220jRRrzJ+E= + integrity sha512-yLy3Cc+zAC0WSmoT2fig3J87TpQ8UaZGx8ahCAs9FL8qNbyV7CVyPKS74DG4bsHiL5ew9sxdYx131OkBQMFnvA== dependencies: esprima "~1.0.4" estraverse "~1.5.0" @@ -524,7 +475,7 @@ esprima@^4.0.1: esprima@~1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/esprima/-/esprima-1.0.4.tgz#9f557e08fc3b4d26ece9dd34f8fbf476b62585ad" - integrity sha1-n1V+CPw7TSbs6d00+Pv0drYlha0= + integrity sha512-rp5dMKN8zEs9dfi9g0X1ClLmV//WRyk/R15mppFNICIFRG5P92VP7Z04p8pk++gABo9W2tY+kHyu6P1mEHgmTA== estraverse@^4.2.0: version "4.3.0" @@ -534,7 +485,7 @@ estraverse@^4.2.0: estraverse@~1.5.0: version "1.5.1" resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-1.5.1.tgz#867a3e8e58a9f84618afb6c2ddbcd916b7cbaf71" - integrity sha1-hno+jlip+EYYr7bC3bzZFrfLr3E= + integrity sha512-FpCjJDfmo3vsc/1zKSeqR5k42tcIhxFIlvq+h9j0fO2q/h2uLKyweq7rYJ+0CoVvrGQOxIS5wyBrW/+vF58BUQ== estree-is-function@^1.0.0: version "1.0.0" @@ -549,32 +500,32 @@ esutils@^2.0.2: esutils@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/esutils/-/esutils-1.0.0.tgz#8151d358e20c8acc7fb745e7472c0025fe496570" - integrity sha1-gVHTWOIMisx/t0XnRywAJf5JZXA= + integrity sha512-x/iYH53X3quDwfHRz4y8rn4XcEwwCJeWsul9pF1zldMbGtgOtMNBEOuYWwB1EQlK2LRa1fev3YAgym/RElp5Cg== eve-raphael@0.5.0: version "0.5.0" resolved "https://registry.yarnpkg.com/eve-raphael/-/eve-raphael-0.5.0.tgz#17c754b792beef3fa6684d79cf5a47c63c4cda30" - integrity sha1-F8dUt5K+7z+maE15z1pHxjxM2jA= + integrity sha512-jrxnPsCGqng1UZuEp9DecX/AuSyAszATSjf4oEcRxvfxa1Oux4KkIPKBAAWWnpdwfARtr+Q0o9aPYWjsROD7ug== -event-emitter@~0.3.5: +event-emitter@^0.3.5, event-emitter@~0.3.5: version "0.3.5" resolved "https://registry.yarnpkg.com/event-emitter/-/event-emitter-0.3.5.tgz#df8c69eef1647923c7157b9ce83840610b02cc39" - integrity sha1-34xp7vFkeSPHFXuc6DhAYQsCzDk= + integrity sha512-D9rRn9y7kLPnJ+hMq7S/nhvoKwwvVJahBi2BPmx3bvbsEdK3W9ii8cBSGjP+72/LnM4n6fo3+dkCX5FeTQruXA== dependencies: d "1" es5-ext "~0.10.14" ext@^1.1.2: - version "1.4.0" - resolved "https://registry.yarnpkg.com/ext/-/ext-1.4.0.tgz#89ae7a07158f79d35517882904324077e4379244" - integrity sha512-Key5NIsUxdqKg3vIsdw9dSuXpPCQ297y6wBjL30edxwPgt2E44WcWBZey/ZvUc6sERLTxKdyCu4gZFmUbk1Q7A== + version "1.7.0" + resolved "https://registry.yarnpkg.com/ext/-/ext-1.7.0.tgz#0ea4383c0103d60e70be99e9a7f11027a33c4f5f" + integrity sha512-6hxeJYaL110a9b5TEJSj0gojyHQAmA2ch5Os+ySCiA1QGdS697XWY1pzsrSjqA9LDEEgdB/KypIlR59RcLuHYw== dependencies: - type "^2.0.0" + type "^2.7.2" fast-levenshtein@~2.0.6: version "2.0.6" resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" - integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= + integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw== flot-axis@markrcote/flot-axislabels#*: version "0.0.0" @@ -587,44 +538,72 @@ flot@flot/flot#~0.8.3: font-awesome@^4.0.0: version "4.7.0" resolved "https://registry.yarnpkg.com/font-awesome/-/font-awesome-4.7.0.tgz#8fa8cf0411a1a31afd07b06d2902bb9fc815a133" - integrity sha1-j6jPBBGhoxr9B7BtKQK7n8gVoTM= + integrity sha512-U6kGnykA/6bFmg1M/oT9EkFeIYv7JlX3bozwQJWiiLz6L0w3F5vBVPxHlwyX/vtNq1ckcpRKOB9f2Qal/VtFpg== font-awesome@~4.4: version "4.4.0" resolved "https://registry.yarnpkg.com/font-awesome/-/font-awesome-4.4.0.tgz#9fe43f82cf72726badcbdb2704407aadaca17da9" - integrity sha1-n+Q/gs9ycmuty9snBEB6rayhfak= + integrity sha512-h45v/TF2b9d6JiBnyluFrjZRyJXXkRjWbTKxb0ygTScxdP8gWdgMBaghbDuSLQFHNkj3M0eNrLxfTEiQo93ARQ== fullcalendar@^3.10.2: - version "3.10.2" - resolved "https://registry.yarnpkg.com/fullcalendar/-/fullcalendar-3.10.2.tgz#9b1ba84bb02803621b761d1bba91a4f18affafb7" - integrity sha512-YWZaHdp8ZLBqhPz615PoXdA49ymsBTUF+MGDM6H3vyz71Pv/ZW9Pm9/Mj3x6n822k6bs2txFO7muRTSvBhsqKg== + version "3.10.5" + resolved "https://registry.yarnpkg.com/fullcalendar/-/fullcalendar-3.10.5.tgz#57a3a64d7d744181582bb9e1be32d1846e1db53a" + integrity sha512-JGWpECKgza/344bbF5QT0hBJpx04DZ/7QGPlR1ZbAwrG6Yz6mWEkQd+NnZUh1sK6HCBIPnPRW2x53aJxeLGvvQ== function-bind@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d" integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A== +functions-have-names@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834" + integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ== + get-assigned-identifiers@^1.1.0: version "1.2.0" resolved "https://registry.yarnpkg.com/get-assigned-identifiers/-/get-assigned-identifiers-1.2.0.tgz#6dbf411de648cbaf8d9169ebb0d2d576191e2ff1" integrity sha512-mBBwmeGTrxEMO4pMaaf/uUEFHnYtwr8FTe8Y/mer4rcV/bye0qGm6pw1bGZFGStxC5O76c5ZAVBGnqHmOaJpdQ== +get-intrinsic@^1.0.2, get-intrinsic@^1.1.1: + version "1.2.0" + resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f" + integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q== + dependencies: + function-bind "^1.1.1" + has "^1.0.3" + has-symbols "^1.0.3" + good-listener@^1.2.2: version "1.2.2" resolved "https://registry.yarnpkg.com/good-listener/-/good-listener-1.2.2.tgz#d53b30cdf9313dffb7dc9a0d477096aa6d145c50" - integrity sha1-1TswzfkxPf+33JoNR3CWqm0UXFA= + integrity sha512-goW1b+d9q/HIwbVYZzZ6SsTr4IgE+WA44A0GmPIQstuOrgsFcT7VEJ48nmr9GaRtNu0XTKacFLGnBPAM6Afouw== dependencies: delegate "^3.1.2" google-code-prettify@^1.0.0: version "1.0.5" resolved "https://registry.yarnpkg.com/google-code-prettify/-/google-code-prettify-1.0.5.tgz#9f477f224dbfa62372e5ef803a7e157410400084" - integrity sha1-n0d/Ik2/piNy5e+AOn4VdBBAAIQ= + integrity sha512-Y47Bw63zJKCuqTuhTZC1ct4e/0ADuMssxXhnrP8QHq71tE2aYBKG6wQwXr8zya0zIUd0mKN3XTlI5AME4qm6NQ== -has-symbols@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8" - integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg== +has-property-descriptors@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz#610708600606d36961ed04c196193b6a607fa861" + integrity sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ== + dependencies: + get-intrinsic "^1.1.1" + +has-symbols@^1.0.2, has-symbols@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8" + integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A== + +has-tostringtag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.0.tgz#7e133818a7d394734f941e73c3d3f9291e658b25" + integrity sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ== + dependencies: + has-symbols "^1.0.2" has@^1.0.1, has@^1.0.3: version "1.0.3" @@ -643,7 +622,7 @@ iconv-lite@^0.6.3: immediate@~3.0.5: version "3.0.6" resolved "https://registry.yarnpkg.com/immediate/-/immediate-3.0.6.tgz#9db1dbd0faf8de6fbe0f5dd5e56bb606280de69b" - integrity sha1-nbHb0Pr43m++D13V5Wu2BigN5ps= + integrity sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ== inherits@^2.0.3, inherits@~2.0.3: version "2.0.4" @@ -651,43 +630,39 @@ inherits@^2.0.3, inherits@~2.0.3: integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== is-arguments@^1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.0.4.tgz#3faf966c7cba0ff437fb31f6250082fcf0448cf3" - integrity sha512-xPh0Rmt8NE65sNzvyUmWgI1tz3mKq74lGA0mL8LYZcoIzKOzDh6HmrYm3d18k60nHerC8A9Km8kYu87zfSFnLA== + version "1.1.1" + resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b" + integrity sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA== + dependencies: + call-bind "^1.0.2" + has-tostringtag "^1.0.0" -is-callable@^1.1.4, is-callable@^1.2.0: - version "1.2.1" - resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.1.tgz#4d1e21a4f437509d25ce55f8184350771421c96d" - integrity sha512-wliAfSzx6V+6WfMOmus1xy0XvSgf/dlStkvTfq7F0g4bOIW0PSUbnyse3NhDwdyYS1ozfUtAAySqTws3z9Eqgg== +is-core-module@^2.9.0: + version "2.11.0" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.11.0.tgz#ad4cb3e3863e814523c96f3f58d26cc570ff0144" + integrity sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw== + dependencies: + has "^1.0.3" is-date-object@^1.0.1: - version "1.0.2" - resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.2.tgz#bda736f2cd8fd06d32844e7743bfa7494c3bfd7e" - integrity sha512-USlDT524woQ08aoZFzh3/Z6ch9Y/EWXEHQ/AaRN0SkKq4t2Jw2R2339tSXmwuVoY7LLlBCbOIlx2myP/L5zk0g== - -is-negative-zero@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.0.tgz#9553b121b0fac28869da9ed459e20c7543788461" - integrity sha1-lVOxIbD6wohp2p7UWeIMdUN4hGE= - -is-regex@^1.0.4, is-regex@^1.1.0, is-regex@^1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.1.tgz#c6f98aacc546f6cec5468a07b7b153ab564a57b9" - integrity sha512-1+QkEcxiLlB7VEyFtyBg94e08OAsvq7FUBgApTq/w2ymCLyKJgDPsybBENVtA7XCQEgEXxKPonG+mvYRxh/LIg== + version "1.0.5" + resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f" + integrity sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ== dependencies: - has-symbols "^1.0.1" + has-tostringtag "^1.0.0" -is-symbol@^1.0.2: - version "1.0.3" - resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.3.tgz#38e1014b9e6329be0de9d24a414fd7441ec61937" - integrity sha512-OwijhaRSgqvhm/0ZdAcXNZt9lYdKFpcRDT5ULUuYXPoT794UNOdU+gpT6Rzo7b4V2HUl/op6GqY894AZwv9faQ== +is-regex@^1.0.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.4.tgz#eef5663cd59fa4c0ae339505323df6854bb15958" + integrity sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg== dependencies: - has-symbols "^1.0.1" + call-bind "^1.0.2" + has-tostringtag "^1.0.0" isarray@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" - integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= + integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== jquery-highlight@3.5.0: version "3.5.0" @@ -696,46 +671,53 @@ jquery-highlight@3.5.0: dependencies: jquery ">= 1.0.0" +jquery-ui@1.13.2: + version "1.13.2" + resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.13.2.tgz#de03580ae6604773602f8d786ad1abfb75232034" + integrity sha512-wBZPnqWs5GaYJmo1Jj0k/mrSkzdQzKDwhXNtHKcBdAcKVxMM3KNYFq+iJ2i1rwiG53Z8M4mTn3Qxrm17uH1D4Q== + dependencies: + jquery ">=1.8.0 <4.0.0" + jquery.cookie@1.4.1: version "1.4.1" resolved "https://registry.yarnpkg.com/jquery.cookie/-/jquery.cookie-1.4.1.tgz#d63dce209eab691fe63316db08ca9e47e0f9385b" - integrity sha1-1j3OIJ6raR/mMxbbCMqeR+D5OFs= + integrity sha512-c/hZOOL+8VSw/FkTVH637gS1/6YzMSCROpTZ2qBYwJ7s7sHajU7uBkSSiE5+GXWwrfCCyO+jsYjUQ7Hs2rIxAA== jquery.flot.tooltip@^0.9.0: version "0.9.0" resolved "https://registry.yarnpkg.com/jquery.flot.tooltip/-/jquery.flot.tooltip-0.9.0.tgz#ae16bf94b26c2ed9ab4db167bba52dfdb615c1df" - integrity sha1-rha/lLJsLtmrTbFnu6Ut/bYVwd8= + integrity sha512-TV3umIfIPRq1UM0EUY4E/jimrh2j057J6SJB1HQnEeS64r8liec++F0WCNYsmcWDxz6Lo4E2lCA+SeOQS2W3bA== jquery.hotkeys@jeresig/jquery.hotkeys#master: version "0.2.0" resolved "https://codeload.github.com/jeresig/jquery.hotkeys/tar.gz/f24f1da275aab7881ab501055c256add6f690de4" -"jquery@>= 1.0.0", jquery@>=1.7, jquery@>=1.7.0, jquery@^3.6.0: - version "3.6.0" - resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470" - integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw== +"jquery@>= 1.0.0", jquery@>=1.7, jquery@>=1.7.0, "jquery@>=1.8.0 <4.0.0", jquery@^3.7.0: + version "3.7.0" + resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.7.0.tgz#fe2c01a05da500709006d8790fe21c8a39d75612" + integrity sha512-umpJ0/k8X0MvD1ds0P9SfowREz2LenHsQaxSohMZ5OMNEU2r0tf8pdeEFTHMFxWVxKNyU9rTtK3CWzUCTKJUeQ== -jszip@^3.7.1: - version "3.7.1" - resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.7.1.tgz#bd63401221c15625a1228c556ca8a68da6fda3d9" - integrity sha512-ghL0tz1XG9ZEmRMcEN2vt7xabrDdqHHeykgARpmZ0BiIctWxM47Vt63ZO2dnp4QYt/xJVLLy5Zv1l/xRdh2byg== +jszip@^3.10.1: + version "3.10.1" + resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.10.1.tgz#34aee70eb18ea1faec2f589208a157d1feb091c2" + integrity sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g== dependencies: lie "~3.3.0" pako "~1.0.2" readable-stream "~2.3.6" - set-immediate-shim "~1.0.1" + setimmediate "^1.0.5" -justgage@^1.5.1: - version "1.5.1" - resolved "https://registry.yarnpkg.com/justgage/-/justgage-1.5.1.tgz#03c7782a4331bd9fd3ded569c7ae46b6ec07257c" - integrity sha512-AD0EjNOT0489u/Or+lXKj9SAgD62u4TFtOS3oBmnrxH+uITBDhWtqC3AxNzoUDOy6XpzQDOC2eloLS4rLEfN9A== +justgage@^1.6.1: + version "1.6.1" + resolved "https://registry.yarnpkg.com/justgage/-/justgage-1.6.1.tgz#e4827bf6220b086e896520cfc3167cfc6e1164a3" + integrity sha512-09GTQ0uiGlB/jJO3l+aUGeCrYmz5ZcHC0JVb4SB6ZKIXPeHL7wVt6rIZMkC+Gs6a9Yhgo4W8L4XMdeZJHOichg== dependencies: raphael "^2.3.0" levn@~0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/levn/-/levn-0.3.0.tgz#3b09924edf9f083c0490fdd4c0bc4421e04764ee" - integrity sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4= + integrity sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA== dependencies: prelude-ls "~1.1.2" type-check "~0.3.2" @@ -754,15 +736,15 @@ magic-string@0.25.1: dependencies: sourcemap-codec "^1.4.1" -marked@^2.0.3: - version "2.0.3" - resolved "https://registry.yarnpkg.com/marked/-/marked-2.0.3.tgz#3551c4958c4da36897bda2a16812ef1399c8d6b0" - integrity sha512-5otztIIcJfPc2qGTN8cVtOJEjNJZ0jwa46INMagrYfk0EvqtRuEHLsEe0LrFS0/q+ZRKT0+kXK7P2T1AN5lWRA== +marked@^4.1.0: + version "4.2.12" + resolved "https://registry.yarnpkg.com/marked/-/marked-4.2.12.tgz#d69a64e21d71b06250da995dcd065c11083bebb5" + integrity sha512-yr8hSKa3Fv4D3jdZmtMMPghgVt6TWbk86WQaWhDloQjRSQhMMYCAro7jP7VDJrjjdV8pxVxMssXS8B8Y5DZ5aw== merge-source-map@1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/merge-source-map/-/merge-source-map-1.0.4.tgz#a5de46538dae84d4114cc5ea02b4772a6346701f" - integrity sha1-pd5GU42uhNQRTMXqArR3KmNGcB8= + integrity sha512-PGSmS0kfnTnMJCzJ16BLLCEe6oeYCamKFFdQKshi4BmM6FUwipjVOcBFGxqtQtirtAG4iZvHlqST9CpZKqlRjA== dependencies: source-map "^0.5.6" @@ -772,52 +754,42 @@ metismenu@~3.0.7: integrity sha512-omMwIAahlzssjSi3xY9ijkhXI8qEaQTqBdJ9lHmfV5Bld2UkxO2h2M3yWsteAlGJ/nSHi4e69WHDE2r18Ickyw== minimist@^1.1.3: - version "1.2.5" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" - integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== + version "1.2.8" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" + integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== -moment@^2.29.1: - version "2.29.1" - resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3" - integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ== +moment@^2.29.4: + version "2.29.4" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108" + integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w== morris.js@morrisjs/morris.js: version "0.5.1" resolved "https://codeload.github.com/morrisjs/morris.js/tar.gz/14530d0733801d5bef1264cf3d062ecace7e326b" -next-tick@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.0.0.tgz#ca86d1fe8828169b0120208e3dc8424b9db8342c" - integrity sha1-yobR/ogoFpsBICCOPchCS524NCw= +next-tick@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.1.0.tgz#1836ee30ad56d67ef281b22bd199f709449b35eb" + integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== -object-inspect@^1.6.0, object-inspect@^1.7.0, object-inspect@^1.8.0: - version "1.8.0" - resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.8.0.tgz#df807e5ecf53a609cc6bfe93eac3cc7be5b3a9d0" - integrity sha512-jLdtEOB112fORuypAyl/50VRVIBIdVQOSUUGQHzJ4xBSbit81zRarz7GThkEFZy1RceYrWYcPcBFPQwHyAc1gA== +object-inspect@^1.6.0: + version "1.12.3" + resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9" + integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g== object-is@^1.0.1: - version "1.1.2" - resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.2.tgz#c5d2e87ff9e119f78b7a088441519e2eec1573b6" - integrity sha512-5lHCz+0uufF6wZ7CRFWJN3hp8Jqblpgve06U5CMQ3f//6iDjPr2PEo9MWCjEssDsa+UZEL4PkFpr+BMop6aKzQ== + version "1.1.5" + resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.5.tgz#b9deeaa5fc7f1846a0faecdceec138e5778f53ac" + integrity sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw== dependencies: + call-bind "^1.0.2" define-properties "^1.1.3" - es-abstract "^1.17.5" -object-keys@^1.0.12, object-keys@^1.1.1: +object-keys@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== -object.assign@^4.1.0: - version "4.1.1" - resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.1.tgz#303867a666cdd41936ecdedfb1f8f3e32a478cdd" - integrity sha512-VT/cxmx5yaoHSOTSyrCygIDFco+RsibY2NM0a4RdEeY/4KgqezwFtK1yr3U67xYhqJSlASm2pKhLVzPj2lr4bA== - dependencies: - define-properties "^1.1.3" - es-abstract "^1.18.0-next.0" - has-symbols "^1.0.1" - object-keys "^1.1.1" - optionator@^0.8.1: version "0.8.3" resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.3.tgz#84fa1d036fe9d3c7e21d99884b601167ec8fb495" @@ -833,22 +805,22 @@ optionator@^0.8.1: pako@^0.2.5: version "0.2.9" resolved "https://registry.yarnpkg.com/pako/-/pako-0.2.9.tgz#f3f7522f4ef782348da8161bad9ecfd51bf83a75" - integrity sha1-8/dSL073gjSNqBYbrZ7P1Rv4OnU= + integrity sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA== pako@~1.0.2: version "1.0.11" resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf" integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== -path-parse@^1.0.6: +path-parse@^1.0.7: version "1.0.7" resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== -pdfmake@^0.2.4: - version "0.2.4" - resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.4.tgz#7d58d64b59f8e9b9ed0b2494b17a9d94c575825b" - integrity sha512-EM39waHUe/Dg1W9C3XqYbpx6tfhYyU14JHZlI1HaW0AUEY32GbkRBjDLGWo9f7z/k3ea6k1p9yyDrflnvtZS1A== +pdfmake@^0.2.7: + version "0.2.7" + resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.7.tgz#a7a46532ffde032674929988393c20b075cf65e3" + integrity sha512-ClLpgx30H5G3EDvRW1MrA1Xih6YxEaSgIVFrOyBMgAAt62V+hxsyWAi6JNP7u1Fc5JKYAbpb4RRVw8Rhvmz5cQ== dependencies: "@foliojs-fork/linebreak" "^1.1.1" "@foliojs-fork/pdfkit" "^0.13.0" @@ -863,7 +835,7 @@ png-js@^1.0.0: prelude-ls@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54" - integrity sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ= + integrity sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w== process-nextick-args@~2.0.0: version "2.0.1" @@ -873,7 +845,7 @@ process-nextick-args@~2.0.0: quote-stream@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/quote-stream/-/quote-stream-1.0.2.tgz#84963f8c9c26b942e153feeb53aae74652b7e0b2" - integrity sha1-hJY/jJwmuULhU/7rU6rnRlK34LI= + integrity sha512-kKr2uQ2AokadPjvTyKJQad9xELbZwYzWlNfI3Uz2j/ib5u6H9lDP7fUUR//rMycd0gv4Z5P1qXMfXR8YpIxrjQ== dependencies: buffer-equal "0.0.1" minimist "^1.1.3" @@ -887,9 +859,9 @@ raphael@^2.3.0: eve-raphael "0.5.0" readable-stream@^2.0.2, readable-stream@^2.2.2, readable-stream@~2.3.3, readable-stream@~2.3.6: - version "2.3.7" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57" - integrity sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw== + version "2.3.8" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.8.tgz#91125e8042bba1b9887f49345f6277027ce8be9b" + integrity sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== dependencies: core-util-is "~1.0.0" inherits "~2.0.3" @@ -900,24 +872,27 @@ readable-stream@^2.0.2, readable-stream@^2.2.2, readable-stream@~2.3.3, readable util-deprecate "~1.0.1" regexp.prototype.flags@^1.2.0: - version "1.3.0" - resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.3.0.tgz#7aba89b3c13a64509dabcf3ca8d9fbb9bdf5cb75" - integrity sha512-2+Q0C5g951OlYlJz6yu5/M33IcsESLlLfsyIaLJaG4FA2r4yP8MvVMJUUP/fVBkSpbbbZlS5gynbEWLipiiXiQ== + version "1.4.3" + resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz#87cab30f80f66660181a3bb7bf5981a872b367ac" + integrity sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA== dependencies: + call-bind "^1.0.2" define-properties "^1.1.3" - es-abstract "^1.17.0-next.1" + functions-have-names "^1.2.2" resolve@1.1.7: version "1.1.7" resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.1.7.tgz#203114d82ad2c5ed9e8e0411b3932875e889e97b" - integrity sha1-IDEU2CrSxe2ejgQRs5ModeiJ6Xs= + integrity sha512-9znBF0vBcaSN3W2j7wKvdERPwqTxSpCq+if5C0WoTCyV9n24rua28jeuQ2pL/HOf+yUe/Mef+H/5p60K0Id3bg== resolve@^1.1.5: - version "1.17.0" - resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.17.0.tgz#b25941b54968231cc2d1bb76a79cb7f2c0bf8444" - integrity sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w== + version "1.22.1" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.1.tgz#27cb2ebb53f91abb49470a928bba7558066ac177" + integrity sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw== dependencies: - path-parse "^1.0.6" + is-core-module "^2.9.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.2" @@ -929,18 +904,18 @@ safe-buffer@~5.1.0, safe-buffer@~5.1.1: resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -sax@^1.2.1: +sax@^1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9" integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw== scope-analyzer@^2.0.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/scope-analyzer/-/scope-analyzer-2.1.1.tgz#5156c27de084d74bf75af9e9506aaf95c6e73dd6" - integrity sha512-azEAihtQ9mEyZGhfgTJy3IbOWEzeOrYbg7NcYEshPKnKd+LZmC3TNd5dmDxbLBsTG/JVWmCp+vDJ03vJjeXMHg== + version "2.1.2" + resolved "https://registry.yarnpkg.com/scope-analyzer/-/scope-analyzer-2.1.2.tgz#b958162feb59823c2835c7b0229187a97c77e9cd" + integrity sha512-5cfCmsTYV/wPaRIItNxatw02ua/MThdIUNnUOCYp+3LSEJvnG804ANw2VLaavNILIfWXF1D1G2KNANkBBvInwQ== dependencies: array-from "^2.1.1" - dash-ast "^1.0.0" + dash-ast "^2.0.1" es6-map "^0.1.5" es6-set "^0.1.5" es6-symbol "^3.1.1" @@ -950,27 +925,27 @@ scope-analyzer@^2.0.1: select@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/select/-/select-1.1.2.tgz#0e7350acdec80b1108528786ec1d4418d11b396d" - integrity sha1-DnNQrN7ICxEIUoeG7B1EGNEbOW0= + integrity sha512-OwpTSOfy6xSs1+pwcNrv0RBMOzI39Lp3qQKUTPVVPRjCdNa5JH/oPRiqsesIskK8TVgmRiHwO4KXlV2Li9dANA== -set-immediate-shim@~1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz#4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61" - integrity sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E= +setimmediate@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" + integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA== shallow-copy@~0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/shallow-copy/-/shallow-copy-0.0.1.tgz#415f42702d73d810330292cc5ee86eae1a11a170" - integrity sha1-QV9CcC1z2BAzApLMXuhurhoRoXA= + integrity sha512-b6i4ZpVuUxB9h5gfCxPiusKYkqTMOjEbBs4wMaFbkfia4yFv92UKZ6Df8WXcKbn08JNL/abvg3FnMAOfakDvUw== source-map@^0.5.6: version "0.5.7" resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc" - integrity sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w= + integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ== source-map@~0.1.30: version "0.1.43" resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.1.43.tgz#c24bc146ca517c1471f5dacbe2571b2b7f9e3346" - integrity sha1-wkvBRspRfBRx9drL4lcbK3+eM0Y= + integrity sha512-VtCvB9SIQhk3aF6h+N85EaqIaBFIAfZ9Cu+NJHHVvc8BbEcnvDcFw6sqQ2dQrT6SlOrZq3tIvyD9+EGq/lJryQ== dependencies: amdefine ">=0.0.4" @@ -987,7 +962,7 @@ sourcemap-codec@^1.4.1: startbootstrap-sb-admin-2@1.0.7: version "1.0.7" resolved "https://registry.yarnpkg.com/startbootstrap-sb-admin-2/-/startbootstrap-sb-admin-2-1.0.7.tgz#ef36a90903afb4a84a25c329b0292d06bf05b130" - integrity sha1-7zapCQOvtKhKJcMpsCktBr8FsTA= + integrity sha512-+CAll0cvvIZu/KBX3epjZrRRaGu7p95y2InZvhxgnKLH3p6JxT6lxJuwbQw9EVZfNckCZEhpJ0Voux9C47mTrg== static-eval@^2.0.5: version "2.1.0" @@ -1016,22 +991,6 @@ static-module@^3.0.2: static-eval "^2.0.5" through2 "~2.0.3" -string.prototype.trimend@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.1.tgz#85812a6b847ac002270f5808146064c995fb6913" - integrity sha512-LRPxFUaTtpqYsTeNKaFOw3R4bxIzWOnbQ837QfBylo8jIxtcbK/A/sMV7Q+OAV/vWo+7s25pOE10KYSjaSO06g== - dependencies: - define-properties "^1.1.3" - es-abstract "^1.17.5" - -string.prototype.trimstart@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.1.tgz#14af6d9f34b053f7cfc89b72f8f2ee14b9039a54" - integrity sha512-XxZn+QpvrBI1FOcg6dIpxUPgWCPuNXvMD72aaRaUQv1eD4e/Qy8i/hFTe0BUmD60p/QA6bh1avmuPTfNjqVWRw== - dependencies: - define-properties "^1.1.3" - es-abstract "^1.17.5" - string_decoder@~1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8" @@ -1039,6 +998,11 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" +supports-preserve-symlinks-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + through2@^2.0.0, through2@~2.0.3: version "2.0.5" resolved "https://registry.yarnpkg.com/through2/-/through2-2.0.5.tgz#01c1e39eb31d07cb7d03a96a70823260b23132cd" @@ -1050,7 +1014,7 @@ through2@^2.0.0, through2@~2.0.3: through@~2.3.4: version "2.3.8" resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" - integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU= + integrity sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg== tiny-emitter@^2.0.0: version "2.1.0" @@ -1065,7 +1029,7 @@ tiny-inflate@^1.0.0, tiny-inflate@^1.0.2: type-check@~0.3.2: version "0.3.2" resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.3.2.tgz#5884cab512cf1d355e3fb784f30804b2b520db72" - integrity sha1-WITKtRLPHTVeP7eE8wgEsrUg23I= + integrity sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg== dependencies: prelude-ls "~1.1.2" @@ -1074,25 +1038,25 @@ type@^1.0.1: resolved "https://registry.yarnpkg.com/type/-/type-1.2.0.tgz#848dd7698dafa3e54a6c479e759c4bc3f18847a0" integrity sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg== -type@^2.0.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/type/-/type-2.1.0.tgz#9bdc22c648cf8cf86dd23d32336a41cfb6475e3f" - integrity sha512-G9absDWvhAWCV2gmF1zKud3OyC61nZDwWvBL2DApaVFogI07CprggiQAOOjvp2NRjYWFzPyu7vwtDrQFq8jeSA== +type@^2.7.2: + version "2.7.2" + resolved "https://registry.yarnpkg.com/type/-/type-2.7.2.tgz#2376a15a3a28b1efa0f5350dcf72d24df6ef98d0" + integrity sha512-dzlvlNlt6AXU7EBSfpAscydQ7gXB+pPGsPnfJnZpiNJBDj7IaJzQlBZYGdEi4R9HmPdBv2XmWJ6YUtoTa7lmCw== typedarray@^0.0.6: version "0.0.6" resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" - integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= + integrity sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA== typo-js@*: - version "1.1.0" - resolved "https://registry.yarnpkg.com/typo-js/-/typo-js-1.1.0.tgz#a5a9f592bcb453666bf70c9694da58705d025ed8" - integrity sha512-W3kLbx+ML9PBl5Bzso/lTvVxk4BCveSNAtQeht59FEtxCdGThmn6wSHA4Xq3eQYAK24NHdisMM4JmsK0GFy/pg== + version "1.2.2" + resolved "https://registry.yarnpkg.com/typo-js/-/typo-js-1.2.2.tgz#340484d81fe518e77c81a5a770162b14492f183b" + integrity sha512-C7pYBQK17EjSg8tVNY91KHdUt5Nf6FMJ+c3js076quPmBML57PmNMzAcIq/2kf/hSYtFABNDIYNYlJRl5BJhGw== unicode-properties@^1.2.2: - version "1.3.1" - resolved "https://registry.yarnpkg.com/unicode-properties/-/unicode-properties-1.3.1.tgz#cc642b6314bde2c691d65dd94cece09ed84f1282" - integrity sha512-nIV3Tf3LcUEZttY/2g4ZJtGXhWwSkuLL+rCu0DIAMbjyVPj+8j5gNVz4T/sVbnQybIsd5SFGkPKg/756OY6jlA== + version "1.4.1" + resolved "https://registry.yarnpkg.com/unicode-properties/-/unicode-properties-1.4.1.tgz#96a9cffb7e619a0dc7368c28da27e05fc8f9be5f" + integrity sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg== dependencies: base64-js "^1.3.0" unicode-trie "^2.0.0" @@ -1108,19 +1072,19 @@ unicode-trie@^2.0.0: util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" - integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= + integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== word-wrap@~1.2.3: - version "1.2.3" - resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" - integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + version "1.2.4" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f" + integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA== xmldoc@^1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/xmldoc/-/xmldoc-1.1.2.tgz#6666e029fe25470d599cd30e23ff0d1ed50466d7" - integrity sha512-ruPC/fyPNck2BD1dpz0AZZyrEwMOrWTO5lDdIXS91rs3wtm4j+T8Rp2o+zoOYkkAxJTZRPOSnOGei1egoRmKMQ== + version "1.2.0" + resolved "https://registry.yarnpkg.com/xmldoc/-/xmldoc-1.2.0.tgz#7554371bfd8c138287cff01841ae4566d26e5541" + integrity sha512-2eN8QhjBsMW2uVj7JHLHkMytpvGHLHxKXBy4J3fAT/HujsEtM6yU84iGjpESYGHg6XwK0Vu4l+KgqQ2dv2cCqg== dependencies: - sax "^1.2.1" + sax "^1.2.4" xtend@^4.0.2, xtend@~4.0.1: version "4.0.2" diff --git a/dc-build.sh b/dc-build.sh new file mode 100755 index 00000000000..69981941d6e --- /dev/null +++ b/dc-build.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +# Building images for all configurations +# The docker build doesn't supply any environment variables to the Dockerfile, so we can use any profile. + +if [ $# -eq 0 ] +then + echo "Building docker compose" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build +else + echo "Building docker compose with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build "$1" +fi diff --git a/dc-down.sh b/dc-down.sh new file mode 100755 index 00000000000..258e3df49c5 --- /dev/null +++ b/dc-down.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +# Stopping containers for all configurations +# The environment must be provided but it doesn't make a difference which one + +if [ $# -eq 0 ] +then + echo "Stopping docker compose and removing containers" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down +else + echo "Stopping docker compose and removing containers with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down "$1" +fi diff --git a/dc-stop.sh b/dc-stop.sh new file mode 100755 index 00000000000..4b74c26a9ca --- /dev/null +++ b/dc-stop.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +# Stopping containers for all configurations +# The environment must be provided but it doesn't make a difference which one + +if [ $# -eq 0 ] +then + echo "Stopping docker compose" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop +else + echo "Stopping docker compose with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop "$1" +fi diff --git a/dc-unittest.sh b/dc-unittest.sh new file mode 100755 index 00000000000..9dfd2937fc2 --- /dev/null +++ b/dc-unittest.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash + +unset PROFILE +unset TEST_CASE + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +usage() { + echo + echo "This script helps with running unit tests." + echo + echo "Options:" + echo " --profile -p {DOCKER_PROFILE_NAME}" + echo " --test-case -t {YOUR_FULLY_QUALIFIED_TEST_CASE}" + echo + echo " --help -h - prints this dialogue." + echo + echo "Environment Variables:" + echo " DD_PROFILE={DOCKER_PROFILE_NAME}" + echo + echo "You must specify a test case (arg) and profile (arg or env var)!" + echo + echo "Example command:" + echo "./dc-unittest.sh --profile postgres-redis --test-case unittests.tools.test_stackhawk_parser.TestStackHawkParser" +} + +while [[ $# -gt 0 ]]; do + case $1 in + -p|--profile) + PROFILE="$2" + shift # past argument + shift # past value + ;; + -t|--test-case) + TEST_CASE="$2" + shift # past argument + shift # past value + ;; + -h|--help) + usage + exit 0 + ;; + -*) + echo "Unknown option $1" + usage + exit 1 + ;; + *) + POSITIONAL_ARGS+=("$1") # save positional arg + shift # past argument + ;; + esac +done + +if [ -z "$PROFILE" ] +then + if [ -z "$DD_PROFILE" ] + then + echo "No profile supplied." + usage + exit 1 + else + PROFILE=$DD_PROFILE + fi +fi + +if [ -z "$TEST_CASE" ] +then + echo "No test case supplied." + usage + exit 1 +fi + +echo "Running docker compose unit tests with profile $PROFILE and test case $TEST_CASE ..." + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" diff --git a/dc-up-d.sh b/dc-up-d.sh new file mode 100755 index 00000000000..1c805ad8593 --- /dev/null +++ b/dc-up-d.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +unset PROFILE + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +if [ $# -eq 0 ] +then + if [ -z "$DD_PROFILE" ] + then + echo "No profile supplied, running default: postgres-redis" + PROFILE="postgres-redis" + echo "Other supported profiles: + postgres-redis* + postgres-rabbitmq + mysql-redis + mysql-rabbitmq + + Usage example: ./dc-up-d.sh mysql-rabbitmq + " + else + PROFILE=$DD_PROFILE + fi +else + PROFILE=$1 +fi + +echo "Starting docker compose with profile $PROFILE in the background ..." + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" up --no-deps -d diff --git a/dc-up.sh b/dc-up.sh new file mode 100755 index 00000000000..34c5803088d --- /dev/null +++ b/dc-up.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +unset PROFILE + +bash ./docker/docker-compose-check.sh +if [[ $? -eq 1 ]]; then exit 1; fi + +if [ $# -eq 0 ]; then + if [ -z "$DD_PROFILE" ] + then + echo "No profile supplied, running default: postgres-redis" + PROFILE="postgres-redis" + echo "Other supported profiles: + postgres-redis* + postgres-rabbitmq + mysql-redis + mysql-rabbitmq + + Usage example: ./dc-up.sh mysql-rabbitmq + " + else + PROFILE=$DD_PROFILE + fi +else + PROFILE=$1 +fi + +echo "Starting docker compose with profile $PROFILE in the foreground ..." + +# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" up --no-deps diff --git a/docker-compose.override.debug.yml b/docker-compose.override.debug.yml index 7a9ee1b1369..40bb4e4c335 100644 --- a/docker-compose.override.debug.yml +++ b/docker-compose.override.debug.yml @@ -1,38 +1,59 @@ --- - version: '3.7' - services: - uwsgi: - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] - volumes: - - '.:/app:z' - environment: - DD_DEBUG: 'True' - DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" - DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-admin}" - ports: - - target: ${DD_DEBUG_PORT:-3000} - published: ${DD_DEBUG_PORT:-3000} - protocol: tcp - mode: host - celeryworker: - volumes: - - '.:/app:z' - celerybeat: - volumes: - - '.:/app:z' - initializer: - volumes: - - '.:/app:z' - environment: - DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" - DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-admin}" - nginx: - volumes: - - './dojo/static/dojo:/usr/share/nginx/html/static/dojo' - mysql: - ports: - - target: 3306 - published: 3306 - protocol: tcp - mode: host - +version: '3.8' +services: + uwsgi: + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] + volumes: + - '.:/app:z' + environment: + DD_DEBUG: 'True' + DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" + DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-admin}" + DD_EMAIL_URL: "smtp://mailhog:1025" + ports: + - target: ${DD_DEBUG_PORT:-3000} + published: ${DD_DEBUG_PORT:-3000} + protocol: tcp + mode: host + celeryworker: + volumes: + - '.:/app:z' + environment: + DD_EMAIL_URL: "smtp://mailhog:1025" + celerybeat: + volumes: + - '.:/app:z' + initializer: + volumes: + - '.:/app:z' + environment: + DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" + DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-admin}" + nginx: + volumes: + - './dojo/static/dojo:/usr/share/nginx/html/static/dojo' + mysql: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + postgres: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + mailhog: + image: mailhog/mailhog:v1.0.1@sha256:8d76a3d4ffa32a3661311944007a415332c4bb855657f4f6c57996405c009bea + entrypoint: [ "/bin/sh", "-c", "MailHog &>/dev/null" ] + # inspired by https://github.com/mailhog/MailHog/issues/56#issuecomment-291968642 + ports: + - target: 1025 + published: 1025 + protocol: tcp + mode: host + - target: 8025 + published: 8025 + protocol: tcp + mode: host diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index c10b6620fe3..2df667d93c9 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -1,8 +1,8 @@ --- -version: '3.7' +version: '3.8' services: uwsgi: - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] volumes: - '.:/app:z' environment: @@ -28,12 +28,20 @@ services: - './dojo/static/dojo:/usr/share/nginx/html/static/dojo' mysql: ports: - - target: 3306 - published: 3306 + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + postgres: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} protocol: tcp mode: host mailhog: image: mailhog/mailhog:v1.0.1@sha256:8d76a3d4ffa32a3661311944007a415332c4bb855657f4f6c57996405c009bea + entrypoint: [ "/bin/sh", "-c", "MailHog &>/dev/null" ] + # inspired by https://github.com/mailhog/MailHog/issues/56#issuecomment-291968642 ports: - target: 1025 published: 1025 diff --git a/docker-compose.override.https.yml b/docker-compose.override.https.yml index 2d42b1ee238..474f08e0bd9 100644 --- a/docker-compose.override.https.yml +++ b/docker-compose.override.https.yml @@ -1,5 +1,5 @@ --- -version: '3.7' +version: '3.8' services: nginx: environment: diff --git a/docker-compose.override.integration_tests.yml b/docker-compose.override.integration_tests.yml index f4778164944..bef6a4ce5fb 100644 --- a/docker-compose.override.integration_tests.yml +++ b/docker-compose.override.integration_tests.yml @@ -1,60 +1,77 @@ --- -version: '3.7' +version: '3.8' services: integration-tests: build: context: ./ - dockerfile: Dockerfile.integration-tests + dockerfile: ${INTEGRATION_TESTS_DOCKERFILE:-Dockerfile.integration-tests-debian} image: "defectdojo/defectdojo-integration-tests:${INTEGRATION_TESTS_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - nginx - uwsgi - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/app/docker/entrypoint-integration-tests.sh'] + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/app/docker/entrypoint-integration-tests.sh'] volumes: - '.:/app:z' - - "defectdojo_media_integration_test:${DD_MEDIA_ROOT:-/app/media}" + - "defectdojo_media_integration_tests:${DD_MEDIA_ROOT:-/app/media}" environment: DD_BASE_URL: 'http://nginx:8080/' + DD_SECURE_CROSS_ORIGIN_OPENER_POLICY: 'None' DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-AdminsLoveIntegrationtests!}" DD_INTEGRATION_TEST_FILENAME: "${DD_INTEGRATION_TEST_FILENAME}" nginx: volumes: - - defectdojo_media_integration_test:/usr/share/nginx/html/media + - defectdojo_media_integration_tests:/usr/share/nginx/html/media uwsgi: - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-uwsgi-dev.sh'] volumes: - '.:/app:z' - - defectdojo_media_integration_test:${DD_MEDIA_ROOT:-/app/media} + - defectdojo_media_integration_tests:${DD_MEDIA_ROOT:-/app/media} environment: DD_DEBUG: 'True' - DD_DATABASE_URL: "${DD_TEST_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo}" + DD_DATABASE_URL: ${DD_TEST_DATABASE_URL} + DD_SECURE_CROSS_ORIGIN_OPENER_POLICY: 'None' DD_SECRET_KEY: "${DD_SECRET_KEY:-.}" DD_EMAIL_URL: "smtp://mailhog:1025" celerybeat: environment: - DD_DATABASE_URL: "${DD_TEST_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo}" + DD_DATABASE_URL: ${DD_TEST_DATABASE_URL} celeryworker: environment: - DD_DATABASE_URL: "${DD_TEST_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo}" + DD_DATABASE_URL: ${DD_TEST_DATABASE_URL} initializer: environment: DD_INITIALIZE: 'true' - DD_DATABASE_URL: "${DD_TEST_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo}" + DD_DATABASE_URL: ${DD_TEST_DATABASE_URL} DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-AdminsLoveIntegrationtests!}" DD_SECRET_KEY: "${DD_SECRET_KEY:-.}" volumes: - '.:/app:z' mysql: ports: - - target: 3306 - published: 3306 + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} protocol: tcp mode: host environment: - MYSQL_DATABASE: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" + MYSQL_DATABASE: ${DD_TEST_DATABASE_NAME} volumes: - - defectdojo_data_integration_tests:/var/lib/mysql + - defectdojo_data_integration_tests:/var/lib/mysql + postgres: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + environment: + POSTGRES_DB: ${DD_TEST_DATABASE_NAME} + volumes: + - defectdojo_postgres_integration_tests:/var/lib/postgresql/data mailhog: image: mailhog/mailhog:v1.0.1@sha256:8d76a3d4ffa32a3661311944007a415332c4bb855657f4f6c57996405c009bea ports: @@ -64,4 +81,5 @@ services: mode: host volumes: defectdojo_data_integration_tests: {} - defectdojo_media_integration_test: {} + defectdojo_postgres_integration_tests: {} + defectdojo_media_integration_tests: {} diff --git a/docker-compose.override.unit_tests.yml b/docker-compose.override.unit_tests.yml index 8a06ec4a2dd..7c2cfd144dd 100644 --- a/docker-compose.override.unit_tests.yml +++ b/docker-compose.override.unit_tests.yml @@ -1,22 +1,27 @@ --- -version: '3.7' +version: '3.8' services: nginx: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'nginx'] volumes: - - defectdojo_media_unittest:/usr/share/nginx/html/media + - defectdojo_media_unit_tests:/usr/share/nginx/html/media uwsgi: build: target: django-unittests - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/app/docker/entrypoint-unit-tests-devDocker.sh'] + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/app/docker/entrypoint-unit-tests-devDocker.sh'] volumes: - '.:/app:z' - - "defectdojo_media_unittest:${DD_MEDIA_ROOT:-/app/media}" + - "defectdojo_media_unit_tests:${DD_MEDIA_ROOT:-/app/media}" environment: DD_DEBUG: 'True' - DD_TEST_DATABASE_NAME: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" - DD_DATABASE_NAME: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" + DD_TEST_DATABASE_NAME: ${DD_TEST_DATABASE_NAME} + DD_DATABASE_NAME: ${DD_TEST_DATABASE_NAME} + DD_DATABASE_ENGINE: ${DD_DATABASE_ENGINE} + DD_DATABASE_HOST: ${DD_DATABASE_HOST} + DD_DATABASE_PORT: ${DD_DATABASE_PORT} + DD_DATABASE_USER: ${DD_DATABASE_USER} + DD_DATABASE_PASSWORD: ${DD_DATABASE_PASSWORD} DD_CELERY_BROKER_SCHEME: 'sqla+sqlite' DD_CELERY_BROKER_USER: '' DD_CELERY_BROKER_PASSWORD: '' @@ -25,27 +30,41 @@ services: DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite' DD_CELERY_BROKER_PARAMS: '' celerybeat: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'celery beat'] celeryworker: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'celery worker'] initializer: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'initializer'] mysql: ports: - - target: 3306 - published: 3306 + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} protocol: tcp mode: host environment: - MYSQL_DATABASE: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" + MYSQL_DATABASE: ${DD_TEST_DATABASE_NAME} volumes: - - defectdojo_data_unittest:/var/lib/mysql + - defectdojo_data_unit_tests:/var/lib/mysql + postgres: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + environment: + POSTGRES_DB: ${DD_TEST_DATABASE_NAME} + volumes: + - defectdojo_postgres_unit_tests:/var/lib/postgresql/data rabbitmq: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'rabbitmq'] + redis: + image: busybox:1.36.1-musl + entrypoint: ['echo', 'skipping', 'redis'] volumes: - defectdojo_data_unittest: {} - defectdojo_media_unittest: {} + defectdojo_data_unit_tests: {} + defectdojo_postgres_unit_tests: {} + defectdojo_media_unit_tests: {} diff --git a/docker-compose.override.unit_tests_cicd.yml b/docker-compose.override.unit_tests_cicd.yml index 471c78e8652..37469d1af79 100644 --- a/docker-compose.override.unit_tests_cicd.yml +++ b/docker-compose.override.unit_tests_cicd.yml @@ -1,22 +1,25 @@ --- -version: '3.7' +version: '3.8' services: nginx: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'nginx'] volumes: - - defectdojo_media_unittest:/usr/share/nginx/html/media + - defectdojo_media_unit_tests:/usr/share/nginx/html/media uwsgi: build: target: django-unittests - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/app/docker/entrypoint-unit-tests.sh'] + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/app/docker/entrypoint-unit-tests.sh'] volumes: - '.:/app:z' - - "defectdojo_media_unittest:${DD_MEDIA_ROOT:-/app/media}" + - "defectdojo_media_unit_tests:${DD_MEDIA_ROOT:-/app/media}" environment: DD_DEBUG: 'True' - DD_TEST_DATABASE_NAME: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" - DD_DATABASE_NAME: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" + DD_TEST_DATABASE_NAME: ${DD_TEST_DATABASE_NAME} + DD_DATABASE_NAME: ${DD_TEST_DATABASE_NAME} + DD_DATABASE_ENGINE: ${DD_DATABASE_ENGINE} + DD_DATABASE_HOST: ${DD_DATABASE_HOST} + DD_DATABASE_PORT: ${DD_DATABASE_PORT} DD_CELERY_BROKER_SCHEME: 'sqla+sqlite' DD_CELERY_BROKER_USER: '' DD_CELERY_BROKER_PASSWORD: '' @@ -25,27 +28,41 @@ services: DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite' DD_CELERY_BROKER_PARAMS: '' celerybeat: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'celery beat'] celeryworker: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'celery worker'] initializer: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'initializer'] mysql: ports: - - target: 3306 - published: 3306 + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} protocol: tcp mode: host environment: - MYSQL_DATABASE: "${DD_TEST_DATABASE_NAME:-test_defectdojo}" + MYSQL_DATABASE: ${DD_TEST_DATABASE_NAME} volumes: - - defectdojo_data_unittest:/var/lib/mysql + - defectdojo_data_unit_tests:/var/lib/mysql + postgres: + ports: + - target: ${DD_DATABASE_PORT} + published: ${DD_DATABASE_PORT} + protocol: tcp + mode: host + environment: + POSTGRES_DB: ${DD_TEST_DATABASE_NAME} + volumes: + - defectdojo_postgres_unit_tests:/var/lib/postgresql/data rabbitmq: - image: busybox:1.35.0-musl + image: busybox:1.36.1-musl entrypoint: ['echo', 'skipping', 'rabbitmq'] + redis: + image: busybox:1.36.1-musl + entrypoint: ['echo', 'skipping', 'redis'] volumes: - defectdojo_data_unittest: {} - defectdojo_media_unittest: {} + defectdojo_data_unit_tests: {} + defectdojo_postgres_unit_tests: {} + defectdojo_media_unit_tests: {} diff --git a/docker-compose.yml b/docker-compose.yml index b584b653b17..4394261baf4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,13 +6,18 @@ # docker-compose.yml file is not intended for production use without first # customizing it to your particular situation. --- -version: '3.7' +version: '3.8' services: nginx: build: context: ./ - dockerfile: Dockerfile.nginx + dockerfile: "Dockerfile.nginx-${DEFECT_DOJO_OS:-debian}" image: "defectdojo/defectdojo-nginx:${NGINX_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - uwsgi environment: @@ -31,19 +36,23 @@ services: uwsgi: build: context: ./ - dockerfile: Dockerfile.django + dockerfile: "Dockerfile.django-${DEFECT_DOJO_OS:-debian}" target: django image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - - mysql - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi.sh'] + - ${DD_DOCKERCOMPOSE_DATABASE:-postgres} + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-uwsgi.sh'] environment: DD_DEBUG: 'False' DD_DJANGO_METRICS_ENABLED: "${DD_DJANGO_METRICS_ENABLED:-False}" DD_ALLOWED_HOSTS: "${DD_ALLOWED_HOSTS:-*}" - DD_DATABASE_URL: "${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}" - DD_CELERY_BROKER_USER: "${DD_CELERY_BROKER_USER:-guest}" - DD_CELERY_BROKER_PASSWORD: "${DD_CELERY_BROKER_USER:-guest}" + DD_DATABASE_URL: ${DD_DATABASE_URL} + DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL} DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}" DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}" volumes: @@ -53,14 +62,18 @@ services: - "defectdojo_media:${DD_MEDIA_ROOT:-/app/media}" celerybeat: image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - - mysql - - rabbitmq - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-celery-beat.sh'] + - ${DD_DOCKERCOMPOSE_DATABASE:-postgres} + - ${DD_DOCKERCOMPOSE_BROKER:-redis} + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-celery-beat.sh'] environment: - DD_DATABASE_URL: "${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}" - DD_CELERY_BROKER_USER: "${DD_CELERY_BROKER_USER:-guest}" - DD_CELERY_BROKER_PASSWORD: "${DD_CELERY_BROKER_USER:-guest}" + DD_DATABASE_URL: ${DD_DATABASE_URL} + DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL} DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}" DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}" volumes: @@ -69,14 +82,18 @@ services: target: /app/docker/extra_settings celeryworker: image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - - mysql - - rabbitmq - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-celery-worker.sh'] + - ${DD_DOCKERCOMPOSE_DATABASE:-postgres} + - ${DD_DOCKERCOMPOSE_BROKER:-redis} + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '-t', '30', '--', '/entrypoint-celery-worker.sh'] environment: - DD_DATABASE_URL: "${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}" - DD_CELERY_BROKER_USER: "${DD_CELERY_BROKER_USER:-guest}" - DD_CELERY_BROKER_PASSWORD: "${DD_CELERY_BROKER_USER:-guest}" + DD_DATABASE_URL: ${DD_DATABASE_URL} + DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL} DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}" DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}" volumes: @@ -86,11 +103,16 @@ services: - "defectdojo_media:${DD_MEDIA_ROOT:-/app/media}" initializer: image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}" + profiles: + - mysql-rabbitmq + - mysql-redis + - postgres-rabbitmq + - postgres-redis depends_on: - - mysql - entrypoint: ['/wait-for-it.sh', 'mysql:3306', '--', '/entrypoint-initializer.sh'] + - ${DD_DOCKERCOMPOSE_DATABASE:-postgres} + entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST}:${DD_DATABASE_PORT}', '--', '/entrypoint-initializer.sh'] environment: - DD_DATABASE_URL: "${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}" + DD_DATABASE_URL: ${DD_DATABASE_URL} DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}" DD_ADMIN_MAIL: "${DD_ADMIN_USER:-admin@defectdojo.local}" DD_ADMIN_FIRST_NAME: "${DD_ADMIN_FIRST_NAME:-Admin}" @@ -103,21 +125,46 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings mysql: - image: mysql:5.7.36@sha256:7a3a7b7a29e6fbff433c339fc52245435fa2c308586481f2f92ab1df239d6a29 + image: mysql:5.7.44@sha256:4bc6bc963e6d8443453676cae56536f4b8156d78bae03c0145cbe47c2aad73bb + profiles: + - mysql-rabbitmq + - mysql-redis environment: MYSQL_RANDOM_ROOT_PASSWORD: 'yes' - DD_DATABASE_URL: "${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}" - MYSQL_USER: "${DD_DATABASE_USER:-defectdojo}" - MYSQL_PASSWORD: "${DD_DATABASE_PASSWORD:-defectdojo}" - MYSQL_DATABASE: "${DD_DATABASE_NAME:-defectdojo}" + MYSQL_DATABASE: ${DD_DATABASE_NAME} + MYSQL_USER: ${DD_DATABASE_USER} + MYSQL_PASSWORD: ${DD_DATABASE_PASSWORD} command: ['mysqld', '--character-set-server=utf8mb4', '--collation-server=utf8mb4_unicode_ci'] volumes: - - defectdojo_data:/var/lib/mysql + - defectdojo_data:/var/lib/mysql + postgres: + image: postgres:16.1-alpine@sha256:17eb369d9330fe7fbdb2f705418c18823d66322584c77c2b43cc0e1851d01de7 + profiles: + - postgres-rabbitmq + - postgres-redis + environment: + POSTGRES_DB: ${DD_DATABASE_NAME} + POSTGRES_USER: ${DD_DATABASE_USER} + POSTGRES_PASSWORD: ${DD_DATABASE_PASSWORD} + volumes: + - defectdojo_postgres:/var/lib/postgresql/data rabbitmq: - image: rabbitmq:3.9.11@sha256:20d5aeaad748b0a639b08fe54a8d4d311abe14d4ff1aa0d2ecfb6fbdf76cb155 + image: rabbitmq:3.12.12-alpine@sha256:fcd6a66524be55c15c81011dc87cc4b6e4405130fbb950c21ad1d31e8f6322dd + profiles: + - mysql-rabbitmq + - postgres-rabbitmq volumes: - defectdojo_rabbitmq:/var/lib/rabbitmq + redis: + image: redis:7.2.4-alpine@sha256:1b503bb77079ba644371969e06e1a6a1670bb34c2251107c0fc3a21ef9fdaeca + profiles: + - mysql-redis + - postgres-redis + volumes: + - defectdojo_redis:/data volumes: defectdojo_data: {} + defectdojo_postgres: {} defectdojo_media: {} defectdojo_rabbitmq: {} + defectdojo_redis: {} diff --git a/docker/docker-compose-check.sh b/docker/docker-compose-check.sh new file mode 100755 index 00000000000..b51cf45674f --- /dev/null +++ b/docker/docker-compose-check.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +main=$(docker compose version --short | cut -d '.' -f 1) +minor=$(docker compose version --short | cut -d '.' -f 2) +current=$(docker compose version --short) + +echo 'Checking docker compose version' +if [[ $main -lt 2 ]]; then + echo "$current is not a supported docker-compose version, please upgrade to the minimum supported version: 2.0" + exit 1 +elif [[ $main -eq 1 ]]; then + if [[ $minor -lt 28 ]]; then + echo "$current is not supported docker-compose version, please upgrade to minimal supported version:1.28" + exit 1 + fi +fi + +echo 'Supported docker compose version' \ No newline at end of file diff --git a/docker/dojo-data.bash b/docker/dojo-data.bash index 22c6827fc90..95ece5111c5 100644 --- a/docker/dojo-data.bash +++ b/docker/dojo-data.bash @@ -1,7 +1,7 @@ #!/bin/bash #Exports and loads sample data for dojo -if [ $# > 1 ] +if [ $# -gt 1 ] then if [[ "$1" = "load" ]] then diff --git a/docker/entrypoint-celery-beat.sh b/docker/entrypoint-celery-beat.sh index 686b9f9c25a..5dd6d9d999f 100755 --- a/docker/entrypoint-celery-beat.sh +++ b/docker/entrypoint-celery-beat.sh @@ -1,8 +1,21 @@ -#!/bin/sh +#!/bin/bash umask 0002 id +# Allow for bind-mount multiple settings.py overrides +FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) +NUM_FILES=$(echo "$FILES" | wc -w) +if [ "$NUM_FILES" -gt 0 ]; then + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') + echo "============================================================" + echo " Overriding DefectDojo's local_settings.py with multiple" + echo " Files: $COMMA_LIST" + echo "============================================================" + cp /app/docker/extra_settings/* /app/dojo/settings/ + rm -f /app/dojo/settings/README.md +fi + echo -n "Waiting for database to be reachable " until echo "select 1;" | python3 manage.py dbshell > /dev/null do @@ -11,32 +24,6 @@ do done echo -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.dist.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.dist.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.dist.py -fi - -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.py -fi - -FILE=/app/docker/extra_settings/local_settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's local_settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/local_settings.py -fi - # do the check with Django stack python3 manage.py check diff --git a/docker/entrypoint-celery-worker.sh b/docker/entrypoint-celery-worker.sh index 424b669765b..0afd0f91493 100755 --- a/docker/entrypoint-celery-worker.sh +++ b/docker/entrypoint-celery-worker.sh @@ -1,8 +1,23 @@ -#!/bin/sh +#!/bin/bash umask 0002 id +. /secret-file-loader.sh + +# Allow for bind-mount multiple settings.py overrides +FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) +NUM_FILES=$(echo "$FILES" | wc -w) +if [ "$NUM_FILES" -gt 0 ]; then + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') + echo "============================================================" + echo " Overriding DefectDojo's local_settings.py with multiple" + echo " Files: $COMMA_LIST" + echo "============================================================" + cp /app/docker/extra_settings/* /app/dojo/settings/ + rm -f /app/dojo/settings/README.md +fi + echo -n "Waiting for database to be reachable " until echo "select 1;" | python3 manage.py dbshell > /dev/null do @@ -11,35 +26,11 @@ do done echo -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.dist.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.dist.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.dist.py -fi - -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.py -fi - -FILE=/app/docker/extra_settings/local_settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's local_settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/local_settings.py -fi - if [ "${DD_CELERY_WORKER_POOL_TYPE}" = "prefork" ]; then - EXTRA_PARAMS="--autoscale=${DD_CELERY_WORKER_AUTOSCALE_MAX},${DD_CELERY_WORKER_AUTOSCALE_MIN} - --prefetch-multiplier=${DD_CELERY_WORKER_PREFETCH_MULTIPLIER}" + EXTRA_PARAMS=("--autoscale=${DD_CELERY_WORKER_AUTOSCALE_MAX},${DD_CELERY_WORKER_AUTOSCALE_MIN}" + "--prefetch-multiplier=${DD_CELERY_WORKER_PREFETCH_MULTIPLIER}") +else + EXTRA_PARAMS=() fi # do the check with Django stack @@ -49,6 +40,5 @@ exec celery --app=dojo \ worker \ --loglevel="${DD_CELERY_LOG_LEVEL}" \ --pool="${DD_CELERY_WORKER_POOL_TYPE}" \ - --concurrency=${DD_CELERY_WORKER_CONCURRENCY:-1} \ - ${EXTRA_PARAMS} - + --concurrency="${DD_CELERY_WORKER_CONCURRENCY:-1}" \ + "${EXTRA_PARAMS[@]}" \ No newline at end of file diff --git a/docker/entrypoint-initializer.sh b/docker/entrypoint-initializer.sh index 04fbe320a9c..6e09353103e 100755 --- a/docker/entrypoint-initializer.sh +++ b/docker/entrypoint-initializer.sh @@ -1,38 +1,54 @@ -#!/bin/sh +#!/bin/bash -# Test types shall be initialized every time by the initializer, to make sure test types are complete -# when new parsers have been implemented -initialize_test_types() +. /secret-file-loader.sh + +initialize_data() { + # Test types shall be initialized every time by the initializer, to make sure test types are complete + # when new parsers have been implemented echo "Initialization of test_types" python3 manage.py initialize_test_types -} -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.dist.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.dist.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.dist.py -fi + # Non-standard permissions cannot be created with a database migration, because the content type will only + # be available after the dojo migrations + echo "Creation of non-standard permissions" + python3 manage.py initialize_permissions +} -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.py +create_announcement_banner() +{ +# Load the announcement banner +if [ -z "$DD_CREATE_CLOUD_BANNER" ]; then +echo "Creating Announcement Banner" +cat </dev/null) +NUM_FILES=$(echo "$FILES" | wc -w) +if [ "$NUM_FILES" -gt 0 ]; then + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" - echo " Overriding DefectDojo's local_settings.py with $FILE." + echo " Overriding DefectDojo's local_settings.py with multiple" + echo " Files: $COMMA_LIST" echo "============================================================" - cp "$FILE" /app/dojo/settings/local_settings.py + cp /app/docker/extra_settings/* /app/dojo/settings/ + rm -f /app/dojo/settings/README.md fi umask 0002 @@ -52,6 +68,45 @@ do done echo +echo "Checking ENABLE_AUDITLOG" +cat </dev/null) ; do + for i in $(find dojo/fixtures/extra_*.json | sort -n 2>/dev/null) ; do echo "Loading $i" - python3 manage.py loaddata ${i%.*} + python3 manage.py loaddata "${i%.*}" done echo "Installing watson search index" @@ -118,6 +176,6 @@ EOD echo "Migration of textquestions for surveys" python3 manage.py migrate_textquestions - initialize_test_types - + create_announcement_banner + initialize_data fi diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh index abb009a040d..5a75ed6b5b7 100755 --- a/docker/entrypoint-integration-tests.sh +++ b/docker/entrypoint-integration-tests.sh @@ -1,20 +1,22 @@ #!/bin/bash +. /secret-file-loader.sh + echo "Testing DefectDojo Service" echo "Waiting max 60s for services to start" # Wait for services to become available COUNTER=0 while [ $COUNTER -lt 10 ]; do - curl -s -o "/dev/null" $DD_BASE_URL -m 120 - CR=$(curl --insecure -s -m 10 -I "${DD_BASE_URL}login?next=/" | egrep "^HTTP" | cut -d' ' -f2) + curl -s -o "/dev/null" "$DD_BASE_URL" -m 120 + CR=$(curl --insecure -s -m 10 -I "${DD_BASE_URL}login?next=/" | grep -E "^HTTP" | cut -d' ' -f2) if [ "$CR" == 200 ]; then echo "Succesfully displayed login page, starting integration tests" break fi echo "Waiting: cannot display login screen; got HTTP code $CR" sleep 10 - let COUNTER=COUNTER+1 + (( a++ )) || true done if [ $COUNTER -gt 10 ]; then @@ -22,7 +24,13 @@ if [ $COUNTER -gt 10 ]; then exit 1 fi -export CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) +CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) +export CHROMEDRIVER +CHROME_PATH=/opt/chrome/chrome +export CHROME_PATH + +# We are strict about Warnings during testing +export PYTHONWARNINGS=error # Run available unittests with a simple setup # All available Integrationtest Scripts are activated below @@ -31,184 +39,226 @@ export CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) # Exits with status code of 1 function fail() { - echo "Error: $1 test failed\n" + printf 'Error: %s test failed\n' "$1" exit 1 } function success() { - echo "Success: $1 test passed\n" + printf 'Success: %s test passed\n' "$1" } echo "IT FILENAME: $DD_INTEGRATION_TEST_FILENAME" -if [[ ! -z "$DD_INTEGRATION_TEST_FILENAME" ]]; then - test=$DD_INTEGRATION_TEST_FILENAME - echo "Running: $test" - if python3 $DD_INTEGRATION_TEST_FILENAME; then - success $test +if [[ -n "$DD_INTEGRATION_TEST_FILENAME" ]]; then + if [[ "$DD_INTEGRATION_TEST_FILENAME" == "openapi-validatator" ]]; then + test="OpenAPI schema validation" + echo "Running: $test" + if java -jar /usr/local/bin/openapi-generator-cli.jar validate -i "$DD_BASE_URL/api/v2/oa3/schema/?format=json" --recommend; then + success "$test" + else + fail "$test" + fi else - fail $test + test=$DD_INTEGRATION_TEST_FILENAME + echo "Running: $test" + if python3 "$DD_INTEGRATION_TEST_FILENAME"; then + success "$test" + else + fail "$test" + fi fi else test="Finding integration tests" echo "Running: $test" if python3 tests/finding_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Report Builder tests" echo "Running: $test" if python3 tests/report_builder_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Notes integration tests" echo "Running: $test" if python3 tests/notes_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Regulation integration tests" echo "Running: $test" if python3 tests/regulations_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product type integration tests" echo "Running: $test" if python3 tests/product_type_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product integration tests" echo "Running: $test" if python3 tests/product_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Endpoint integration tests" echo "Running: $test" if python3 tests/endpoint_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Engagement integration tests" echo "Running: $test" if python3 tests/engagement_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Environment integration tests" echo "Running: $test" if python3 tests/environment_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Test integration tests" echo "Running: $test" if python3 tests/test_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="User integration tests" echo "Running: $test" if python3 tests/user_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Group integration tests" echo "Running: $test" if python3 tests/group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product Group integration tests" echo "Running: $test" if python3 tests/product_group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product Type Group integration tests" echo "Running: $test" if python3 tests/product_type_group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product member integration tests" echo "Running: $test" if python3 tests/product_member_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product type member integration tests" echo "Running: $test" if python3 tests/product_type_member_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Ibm Appscan integration test" echo "Running: $test" if python3 tests/ibm_appscan_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Search integration test" echo "Running: $test" if python3 tests/search_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="File Upload tests" echo "Running: $test" if python3 tests/file_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Dedupe integration tests" echo "Running: $test" if python3 tests/dedupe_test.py ; then - success $test + success "$test" + else + fail "$test" + fi + + test="Global Announcement Banner tests" + echo "Running: $test" + if python3 tests/announcement_banner_test.py ; then + success "$test" else - fail $test + fail "$test" + fi + + test="Close Old Findings with dedupe integration tests" + echo "Running: $test" + if python3 tests/close_old_findings_dedupe_test.py ; then + success "$test" + else + fail "$test" + fi + + test="Close Old Findings without dedupe integration tests" + echo "Running: $test" + if python3 tests/close_old_findings_test.py ; then + success "$test" + else + fail "$test" + fi + + test="False Positive History tests" + echo "Running: $test" + if python3 tests/false_positive_history_test.py ; then + success "$test" + else + fail "$test" fi # The below tests are commented out because they are still an unstable work in progress @@ -238,5 +288,22 @@ else # else # echo "Error: Zap integration test failed"; exit 1 # fi + + test="Tool Config integration tests" + echo "Running: $test" + if python3 tests/tool_config.py ; then + success "$test" + else + fail "$test" + fi + + test="OpenAPI schema validation" + echo "Running: $test" + if java -jar /usr/local/bin/openapi-generator-cli.jar validate -i "$DD_BASE_URL/api/v2/oa3/schema/?format=json" --recommend; then + success "$test" + else + fail "$test" + fi + exec echo "Done Running all configured integration tests." fi diff --git a/docker/entrypoint-nginx.sh b/docker/entrypoint-nginx.sh index 9a3b93f5be3..c1e542052f2 100755 --- a/docker/entrypoint-nginx.sh +++ b/docker/entrypoint-nginx.sh @@ -26,7 +26,8 @@ fi if [ "${METRICS_HTTP_AUTH_PASSWORD}" != "" ]; then sed -i "s/#auth_basic/auth_basic/g;" $NGINX_CONFIG rm -rf /etc/nginx/.htpasswd - echo -n $METRICS_HTTP_AUTH_USER:$(openssl passwd -apr1 $METRICS_HTTP_AUTH_PASSWORD) >> /etc/nginx/.htpasswd + openssl_passwd=$(openssl passwd -apr1 "$METRICS_HTTP_AUTH_PASSWORD") + echo "$METRICS_HTTP_AUTH_USER":"$openssl_passwd" >> /etc/nginx/.htpasswd echo "Basic auth is on for user ${HTTP_AUTH_LOGIN}..." else echo "Basic auth is off (HTTP_AUTH_PASSWORD not provided)" diff --git a/docker/entrypoint-unit-tests-devDocker.sh b/docker/entrypoint-unit-tests-devDocker.sh index 758705f7e76..96f9906c177 100755 --- a/docker/entrypoint-unit-tests-devDocker.sh +++ b/docker/entrypoint-unit-tests-devDocker.sh @@ -6,10 +6,18 @@ set -x set -e set -v +. /secret-file-loader.sh + cd /app # Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py) unset DD_DATABASE_URL +# Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings +unset DD_CELERY_BROKER_URL + +# We are strict about Warnings during testing +export PYTHONWARNINGS=error + python3 manage.py makemigrations dojo python3 manage.py migrate @@ -26,8 +34,8 @@ You made changes to the REST API without applying the correct schema annotations These schema annotations are needed to allow for the correct generation of the OpenAPI (v3) schema's and documentation. -Review the warnings generated by drf-spectacular and see `dojo/api_v2/views.py` -and/or `dojo/api_v2/serializers.py`. +Review the warnings generated by drf-spectacular and see "dojo/api_v2/views.py" +and/or "dojo/api_v2/serializers.py". You can check for warnings locally by running diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh index 9c0a51d6502..16a5e6c29b5 100755 --- a/docker/entrypoint-unit-tests.sh +++ b/docker/entrypoint-unit-tests.sh @@ -6,10 +6,19 @@ # set -e # set -v -cd /app + +. /secret-file-loader.sh + +cd /app || exit # Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py) unset DD_DATABASE_URL +# Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings +unset DD_CELERY_BROKER_URL + +# We are strict about Warnings during testing +export PYTHONWARNINGS=error + # TARGET_SETTINGS_FILE=dojo/settings/settings.py # if [ ! -f ${TARGET_SETTINGS_FILE} ]; then # echo "Creating settings.py" @@ -26,8 +35,8 @@ You made changes to the REST API without applying the correct schema annotations These schema annotations are needed to allow for the correct generation of the OpenAPI (v3) schema's and documentation. -Review the warnings generated by drf-spectacular and see `dojo/api_v2/views.py` -and/or `dojo/api_v2/serializers.py`. +Review the warnings generated by drf-spectacular and see "dojo/api_v2/views.py" +and/or "dojo/api_v2/serializers.py". You can check for warnings locally by running diff --git a/docker/entrypoint-uwsgi-dev.sh b/docker/entrypoint-uwsgi-dev.sh index 8be7c6ce449..cb6aca58c53 100755 --- a/docker/entrypoint-uwsgi-dev.sh +++ b/docker/entrypoint-uwsgi-dev.sh @@ -1,13 +1,16 @@ #!/bin/sh +. /secret-file-loader.sh -cd /app + +cd /app || exit # Full list of uwsgi options: https://uwsgi-docs.readthedocs.io/en/latest/Options.html # --lazy-apps required for debugging --> https://uwsgi-docs.readthedocs.io/en/latest/articles/TheArtOfGracefulReloading.html?highlight=lazy-apps#preforking-vs-lazy-apps-vs-lazy +DD_UWSGI_LOGFORMAT_DEFAULT='[pid: %(pid)|app: -|req: -/-] %(addr) (%(dd_user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))' -if [ ${DD_DEBUG} == "True" ]; then +if [ "${DD_DEBUG}" = "True" ]; then echo "Debug mode enabled, reducing # of processes and threads to 1" DD_UWSGI_NUM_OF_PROCESSES=1 DD_UWSGI_NUM_OF_THREADS=1 @@ -18,11 +21,12 @@ exec uwsgi \ --protocol uwsgi \ --wsgi dojo.wsgi:application \ --enable-threads \ - --processes ${DD_UWSGI_NUM_OF_PROCESSES:-2} \ - --threads ${DD_UWSGI_NUM_OF_THREADS:-2} \ + --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \ + --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \ --reload-mercy 1 \ --worker-reload-mercy 1 \ --py-autoreload 1 \ --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \ --lazy-apps \ - --touch-reload="/app/dojo/setting/settings.py" + --touch-reload="/app/dojo/setting/settings.py" \ + --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}" diff --git a/docker/entrypoint-uwsgi.sh b/docker/entrypoint-uwsgi.sh index 5aa7a2baae7..3604ceb4c33 100755 --- a/docker/entrypoint-uwsgi.sh +++ b/docker/entrypoint-uwsgi.sh @@ -1,30 +1,18 @@ #!/bin/sh -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.dist.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's settings.dist.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.dist.py -fi +. /secret-file-loader.sh -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/settings.py -if test -f "$FILE"; then +# Allow for bind-mount multiple settings.py overrides +FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) +NUM_FILES=$(echo "$FILES" | wc -w) +if [ "$NUM_FILES" -gt 0 ]; then + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" - echo " Overriding DefectDojo's settings.py with $FILE." + echo " Overriding DefectDojo's local_settings.py with multiple" + echo " Files: $COMMA_LIST" echo "============================================================" - cp "$FILE" /app/dojo/settings/settings.py -fi - -# Allow for bind-mount setting.py overrides -FILE=/app/docker/extra_settings/local_settings.py -if test -f "$FILE"; then - echo "============================================================" - echo " Overriding DefectDojo's local_settings.py with $FILE." - echo "============================================================" - cp "$FILE" /app/dojo/settings/local_settings.py + cp /app/docker/extra_settings/* /app/dojo/settings/ + rm -f /app/dojo/settings/README.md fi umask 0002 @@ -32,14 +20,16 @@ umask 0002 # do the check with Django stack python3 manage.py check +DD_UWSGI_LOGFORMAT_DEFAULT='[pid: %(pid)|app: -|req: -/-] %(addr) (%(dd_user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))' + exec uwsgi \ "--${DD_UWSGI_MODE}" "${DD_UWSGI_ENDPOINT}" \ --protocol uwsgi \ --enable-threads \ - --processes ${DD_UWSGI_NUM_OF_PROCESSES:-2} \ - --threads ${DD_UWSGI_NUM_OF_THREADS:-2} \ + --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \ + --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \ --wsgi dojo.wsgi:application \ --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \ - --http 0.0.0.0:8081 --http-to ${DD_UWSGI_ENDPOINT} - # HTTP endpoint is enabled for Kubernetes liveness checks. It should not be exposed as a serivce. - + --http 0.0.0.0:8081 --http-to "${DD_UWSGI_ENDPOINT}" \ + --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}" + # HTTP endpoint is enabled for Kubernetes liveness checks. It should not be exposed as a service. diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index acd1ff490ff..e1173f633d0 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,7 +1,9 @@ #!/bin/sh +. /secret-file-loader.sh + # Waits for the database to come up. -./docker/wait-for-it.sh $DD_DATABASE_HOST:$DD_DATABASE_PORT +./docker/wait-for-it.sh "$DD_DATABASE_HOST":"$DD_DATABASE_PORT" if [ -z "$DD_DATABASE_URL" ]; then if [ -z "$DD_DATABASE_PASSWORD" ]; then diff --git a/docker/environments/mysql-rabbitmq.env b/docker/environments/mysql-rabbitmq.env new file mode 100644 index 00000000000..0b41a9a5d3d --- /dev/null +++ b/docker/environments/mysql-rabbitmq.env @@ -0,0 +1,17 @@ +# MySQL character set is explicitly set to utf8mb4 +DD_DATABASE_URL=mysql://defectdojo:defectdojo@mysql:3306/defectdojo?charset=utf8mb4 +DD_DATABASE_ENGINE=django.db.backends.mysql +DD_DATABASE_HOST=mysql +DD_DATABASE_PORT=3306 + +DD_DATABASE_NAME=defectdojo +DD_DATABASE_USER=defectdojo +DD_DATABASE_PASSWORD=defectdojo + +DD_TEST_DATABASE_NAME=test_defectdojo +DD_TEST_DATABASE_URL=mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo?charset=utf8mb4 + +DD_CELERY_BROKER_URL=amqp://guest:guest@rabbitmq:5672// + +DD_DOCKERCOMPOSE_DATABASE=mysql +DD_DOCKERCOMPOSE_BROKER=rabbitmq diff --git a/docker/environments/mysql-redis.env b/docker/environments/mysql-redis.env new file mode 100644 index 00000000000..0d1ee431b37 --- /dev/null +++ b/docker/environments/mysql-redis.env @@ -0,0 +1,16 @@ +DD_DATABASE_URL=mysql://defectdojo:defectdojo@mysql:3306/defectdojo?charset=utf8mb4 +DD_DATABASE_ENGINE=django.db.backends.mysql +DD_DATABASE_HOST=mysql +DD_DATABASE_PORT=3306 + +DD_DATABASE_NAME=defectdojo +DD_DATABASE_USER=defectdojo +DD_DATABASE_PASSWORD=defectdojo + +DD_TEST_DATABASE_NAME=test_defectdojo +DD_TEST_DATABASE_URL=mysql://defectdojo:defectdojo@mysql:3306/test_defectdojo?charset=utf8mb4 + +DD_CELERY_BROKER_URL=redis://redis:6379/0 + +DD_DOCKERCOMPOSE_DATABASE=mysql +DD_DOCKERCOMPOSE_BROKER=redis diff --git a/docker/environments/postgres-rabbitmq.env b/docker/environments/postgres-rabbitmq.env new file mode 100644 index 00000000000..28e0c16b91b --- /dev/null +++ b/docker/environments/postgres-rabbitmq.env @@ -0,0 +1,16 @@ +DD_DATABASE_URL=postgresql://defectdojo:defectdojo@postgres:5432/defectdojo +DD_DATABASE_ENGINE=django.db.backends.postgresql +DD_DATABASE_HOST=postgres +DD_DATABASE_PORT=5432 + +DD_DATABASE_NAME=defectdojo +DD_DATABASE_USER=defectdojo +DD_DATABASE_PASSWORD=defectdojo + +DD_TEST_DATABASE_NAME=test_defectdojo +DD_TEST_DATABASE_URL=postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo + +DD_CELERY_BROKER_URL=amqp://guest:guest@rabbitmq:5672// + +DD_DOCKERCOMPOSE_DATABASE=postgres +DD_DOCKERCOMPOSE_BROKER=rabbitmq diff --git a/docker/environments/postgres-redis.env b/docker/environments/postgres-redis.env new file mode 100644 index 00000000000..defb62374bf --- /dev/null +++ b/docker/environments/postgres-redis.env @@ -0,0 +1,16 @@ +DD_DATABASE_URL=postgresql://defectdojo:defectdojo@postgres:5432/defectdojo +DD_DATABASE_ENGINE=django.db.backends.postgresql +DD_DATABASE_HOST=postgres +DD_DATABASE_PORT=5432 + +DD_DATABASE_NAME=defectdojo +DD_DATABASE_USER=defectdojo +DD_DATABASE_PASSWORD=defectdojo + +DD_TEST_DATABASE_NAME=test_defectdojo +DD_TEST_DATABASE_URL=postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo + +DD_CELERY_BROKER_URL=redis://redis:6379/0 + +DD_DOCKERCOMPOSE_DATABASE=postgres +DD_DOCKERCOMPOSE_BROKER=redis diff --git a/docker/extra_settings/README.md b/docker/extra_settings/README.md index e9e4df19efa..e919e1917bc 100644 --- a/docker/extra_settings/README.md +++ b/docker/extra_settings/README.md @@ -3,7 +3,7 @@ This folders is ignore by git and docker. If a file if placed here, it will be copied on startup to `dojo/settings/local_settings.py`. -For an example, see [template-local_settings](../dojo/settings/template-local_settings) +For an example, see [template-local_settings](../../dojo/settings/template-local_settings) Please note this copy action could fail if you have mounted the full `dojo/` folder, but that is owned by a different user/group. That's why this copy action only happens in docker-compose release mode, and not in dev/debug/unit_tests/integration_tests modes. diff --git a/docker/install_chrome_dependencies.py b/docker/install_chrome_dependencies.py new file mode 100644 index 00000000000..5f4f714a430 --- /dev/null +++ b/docker/install_chrome_dependencies.py @@ -0,0 +1,60 @@ +""" +This solution is largely based on the Playwright's browser dependencies script at +https://github.com/microsoft/playwright/blob/main/utils/linux-browser-dependencies/inside_docker/list_dependencies.js +""" + +import subprocess + + +def find_packages(library_name): + stdout = run_command(["apt-file", "search", library_name]) + if not stdout.strip(): + return [] + libs = [line.split(":")[0] for line in stdout.strip().split("\n")] + return list(set(libs)) + + +def run_command(cmd, cwd=None, env=None): + result = subprocess.run(cmd, cwd=cwd, env=env, capture_output=True, text=True) + return result.stdout + + +def ldd(file_path): + stdout = run_command(["ldd", file_path]) + # For simplicity, I'm assuming if we get an error, the code is non-zero. + try: + result = subprocess.run( + ["ldd", file_path], capture_output=True, text=True + ) + stdout = result.stdout + code = result.returncode + except subprocess.CalledProcessError: + stdout = "" + code = 1 + return stdout, code + + +raw_deps = ldd("/opt/chrome/chrome") +dependencies = raw_deps[0].splitlines() + +missing_deps = { + r[0].strip() + for d in dependencies + for r in [d.split("=>")] + if len(r) == 2 and r[1].strip() == "not found" +} + +missing_packages = [] +for d in missing_deps: + all_packages = find_packages(d) + packages = [ + p + for p in all_packages + if not any( + p.endswith(suffix) for suffix in ["-dbg", "-test", "tests", "-dev", "-mesa"] + ) + ] + for p in packages: + missing_packages.append(p) + +print(" ".join(missing_packages)) diff --git a/docker/secret-file-loader.sh b/docker/secret-file-loader.sh new file mode 100644 index 00000000000..157b6512a40 --- /dev/null +++ b/docker/secret-file-loader.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Convert all environment variables with names ending in _FILE into the content of +# the file that they point at and use the name without the trailing _FILE. +# This can be used to carry in Docker secrets. +# Inspired by https://github.com/grafana/grafana-docker/pull/166 +# But rewrote for /bin/sh +for VAR_NAME in $(env | grep '^DD_[^=]\+_FILE=.\+' | sed -r "s/([^=]*)_FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"_FILE + if [ -n "$(eval echo "\$$VAR_NAME")" ]; then + echo >&2 "WARNING: Both $VAR_NAME and $VAR_NAME_FILE are set. Content of $VAR_NAME will be overridden." + fi + echo "Getting secret $VAR_NAME from $(eval echo "\$$VAR_NAME_FILE")" + export "$VAR_NAME"="$(cat "$(eval echo "\$$VAR_NAME_FILE")")" + unset "$VAR_NAME_FILE" +done \ No newline at end of file diff --git a/docker/setEnv.sh b/docker/setEnv.sh index 8787a19b1b4..232998881ee 100755 --- a/docker/setEnv.sh +++ b/docker/setEnv.sh @@ -23,7 +23,7 @@ function show_current { function get_current { if [ -L ${override_link} ] then - # Check for Mac OSX + # Check for Mac OSX if [[ "$OSTYPE" == "darwin"* ]]; then # readlink is not native to mac, so this will work in it's place. symlink=$(python3 -c "import os; print(os.path.realpath('docker-compose.override.yml'))") @@ -31,7 +31,8 @@ function get_current { # Maintain the cleaner way symlink=$(readlink -f docker-compose.override.yml) fi - current_env=$(expr $(basename symlink) : "^docker-compose.override.\(.*\).yml$") + basename_symlink=$(basename "$symlink") + current_env=$(expr "$basename_symlink" : "^docker-compose.override.\(.*\).yml$") else current_env=release fi @@ -53,9 +54,9 @@ function set_release { get_current if [ "${current_env}" != release ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down # In release configuration there is no override file rm ${override_link} - docker-compose down echo "Now using 'release' configuration." else echo "Already using 'release' configuration." @@ -67,9 +68,9 @@ function set_dev { get_current if [ "${current_env}" != dev ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_dev} ${override_link} - docker-compose down echo "Now using 'dev' configuration." else echo "Already using 'dev' configuration." @@ -80,9 +81,9 @@ function set_debug { get_current if [ "${current_env}" != debug ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_debug} ${override_link} - docker-compose down echo "Now using 'debug' configuration." else echo "Already using 'debug' configuration." @@ -93,9 +94,9 @@ function set_unit_tests { get_current if [ "${current_env}" != unit_tests ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_unit_tests} ${override_link} - docker-compose down echo "Now using 'unit_tests' configuration." else echo "Already using 'unit_tests' configuration." @@ -106,9 +107,9 @@ function set_unit_tests_cicd { get_current if [ "${current_env}" != unit_tests_cicd ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_unit_tests_cicd} ${override_link} - docker-compose down echo "Now using 'unit_tests_cicd' configuration." else echo "Already using 'unit_tests_cicd' configuration." @@ -119,9 +120,9 @@ function set_integration_tests { get_current if [ "${current_env}" != integration_tests ] then + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/mysql-rabbitmq.env down rm -f ${override_link} ln -s ${override_file_integration_tests} ${override_link} - docker-compose down echo "Now using 'integration_tests' configuration." else echo "Already using 'integration_tests' configuration." @@ -129,9 +130,9 @@ function set_integration_tests { } # Change directory to allow working with relative paths. -cd ${target_dir} +cd "${target_dir}" || exit -if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ "${1}" ]] +if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] then set_"${1}" else diff --git a/docker/unit-tests.sh b/docker/unit-tests.sh index ee38b21b567..fc8dad8c8c8 100755 --- a/docker/unit-tests.sh +++ b/docker/unit-tests.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # Run available unittests with a simple setup -cd /app +cd /app || exit python manage.py makemigrations dojo python manage.py migrate python manage.py test unittests -v 2 diff --git a/docker/wait-for-it.sh b/docker/wait-for-it.sh index fb4a080fdf5..2bd5f21bc4b 100755 --- a/docker/wait-for-it.sh +++ b/docker/wait-for-it.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Use this script to test if a given TCP host/port are available -cmdname=$(basename $0) +cmdname=$(basename "$0") echoerr() { if [[ $QUIET -ne 1 ]]; then echo "$@" 1>&2; fi } @@ -32,7 +32,7 @@ wait_for() start_ts=$(date +%s) while : do - (echo > /dev/tcp/$HOST/$PORT) >/dev/null 2>&1 + (echo > "/dev/tcp/$HOST/$PORT") >/dev/null 2>&1 result=$? if [[ $result -eq 0 ]]; then end_ts=$(date +%s) @@ -41,19 +41,19 @@ wait_for() fi sleep 1 done - return $result + return "$result" } wait_for_wrapper() { # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 if [[ $QUIET -eq 1 ]]; then - timeout $TIMEOUT $0 --quiet --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & + timeout "$TIMEOUT" "$0" --quiet --child --host="$HOST" --port="$PORT" --timeout="$TIMEOUT" & else - timeout $TIMEOUT $0 --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & + timeout "$TIMEOUT" "$0" --child --host="$HOST" --port="$PORT" --timeout="$TIMEOUT" & fi PID=$! - trap "kill -INT -$PID" INT + trap 'kill -INT -$PID' INT wait $PID RESULT=$? if [[ $RESULT -ne 0 ]]; then @@ -67,7 +67,7 @@ while [[ $# -gt 0 ]] do case "$1" in *:* ) - hostport=(${1//:/ }) + IFS=":" read -r -a hostport <<< "$1" HOST=${hostport[0]} PORT=${hostport[1]} shift 1 @@ -113,7 +113,7 @@ do ;; --) shift - CLI="$@" + CLI=("$@") break ;; --help) @@ -150,12 +150,12 @@ else fi fi -if [[ $CLI != "" ]]; then +if [[ ${CLI[0]} != "" ]]; then if [[ $RESULT -ne 0 && $STRICT -eq 1 ]]; then echoerr "$cmdname: strict mode, refusing to execute subprocess" exit $RESULT fi - exec $CLI + exec ${CLI[0]} else exit $RESULT fi diff --git a/docs/config.dev.toml b/docs/config.dev.toml index 1d5d1370522..23b9cf30c52 100644 --- a/docs/config.dev.toml +++ b/docs/config.dev.toml @@ -104,13 +104,13 @@ section = ["HTML"] # This menu appears only if you have at least one [params.versions] set. version_menu = "Releases" -# Flag used in the "version-banner" partial to decide whether to display a +# Flag used in the "version-banner" partial to decide whether to display a # banner on every page indicating that this is an archived version of the docs. # Set this flag to "true" if you want to display the banner. archived_version = false # The version number for the version of the docs represented in this doc set. -# Used in the "version-banner" partial to display a version number for the +# Used in the "version-banner" partial to display a version number for the # current doc set. version = "0.0" @@ -166,7 +166,7 @@ yes = 'Glad to hear it! Please tell us how we can improve.' # Adds a reading time to the top of each doc. -# If you want this feature, but occasionally need to remove the Reading time from a single page, +# If you want this feature, but occasionally need to remove the Reading time from a single page, # add "hide_readingtime: true" to the page's front matter [params.ui.readingtime] enable = false diff --git a/docs/content/en/_index.md b/docs/content/en/_index.md index 1c25c63bf12..4510d5554af 100644 --- a/docs/content/en/_index.md +++ b/docs/content/en/_index.md @@ -21,34 +21,33 @@ cascade: ### What is DefectDojo? -DefectDojo is a security tool that automates application -security vulnerability management. DefectDojo streamlines -the application security testing process by offering features such as -importing third party security findings, merging and de-duping, -integration with Jira, templating, report generation and security -metrics. +DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management. ### What does DefectDojo do? -While traceability and metrics are the ultimate end goal, DefectDojo is -a bug tracker at its core. Taking advantage of DefectDojo\'s +While automation and efficiency are the ultimate end goals, DefectDojo is +a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo's Product:Engagement model, enables traceability among multiple projects -and test cycles, and allows for fine-grained reporting. +/ test cycles, and allows for fine-grained reporting. ### How does DefectDojo work? -1. [Getting started]({{< ref "/getting_started" >}}) will tell you how to install and configure DefectDojo. -2. [Usage]({{< ref "/usage" >}}) shows how to use DefectDojo to manage vulnerabilities. -3. A lot of [integrations]({{< ref "/integrations" >}}) help to fit DefectDojo in your environment. -4. [Contributing]({{< ref "/contributing" >}}) gives insights how you can help to make DefectDojo even better. +1. [Getting started]({{< ref "/getting_started" >}}) covers how to install and configure DefectDojo. +2. [Usage]({{< ref "/usage" >}}) covers how to use DefectDojo to manage vulnerabilities. +3. We support a large amount of [integrations]({{< ref "/integrations" >}}) to help fit DefectDojo in your DevSecOps program. + ### Where to find DefectDojo? -The code is open source, and [available on +Proprietary editions that include [additional features](https://documentation.defectdojo.com/proprietary_plugins/) and support can be purchased through [defectdojo.com](https://www.defectdojo.com/). + +The open-source edition is [available on GitHub](https://github.com/DefectDojo/django-DefectDojo). -A running example is available on [the demo server](https://demo.defectdojo.org), +A running example is available on [our demo server](https://demo.defectdojo.org), using the credentials `admin` / `defectdojo@demo#appsec`. Note: The demo server is refreshed regularly and provisioned with some sample data. -You can also find videos of demos on [our YouTube channel](https://www.youtube.com/channel/UC3WVGA1vSO0IV-8cDxdqoPQ). +Follow us on [LinkedIn](https://www.linkedin.com/company/33245534) for updates. +To get in touch with us, please reach out to info@defectdojo.com + diff --git a/docs/content/en/contributing/branching-model.md b/docs/content/en/contributing/branching-model.md index 3c1aa23ed32..9599ed90336 100644 --- a/docs/content/en/contributing/branching-model.md +++ b/docs/content/en/contributing/branching-model.md @@ -1,29 +1,71 @@ --- title: "Branching model" -description: "How to create releases" +description: "How we create releases" draft: false weight: 3 --- ## Regular releases -The DefectDojo team aims to release at least once a month, on the first Tuesday. -Bugfix or security releases can come at any time. +The DefectDojo team aims to maintain the following cadence: -In doubt, GitHub Actions are the source of truth. The releases are semi-automated right now, with a DefectDojo maintainer proceeding with each major step in the release. The steps for a regular release are: -1. Create the release branch from `dev` and prepare a PR against `master` ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-pr.yml)) +- Minor releases: at least once a month on the first Monday of the month. +- Patch/Bugfix: releases every week on Monday. +- Security releases: will be performed outside of our regular cadence depending on severity. + +GitHub Actions are the source of truth. The releases are semi-automated. The steps for a regular release are: +1. Create the release branch from `dev` or `bugfix` and prepare a PR against `master` ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-pr.yml)) --> A maintainer verifies and manually merges the PR -2. Tag, issue draft release and docker build+push ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-tag-docker.yml)) +1. Tag, issue draft release and docker build+push ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-tag-docker.yml)) --> A maintainer massages the release-drafter notes and publishes the release -3. A PR to merge `master` back to `dev` is created to re-align the branches ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-master-into-dev.yml)) +1. A PR to merge `master` back to `dev` and `bugfix` is created to re-align the branches ([details](https://github.com/DefectDojo/django-DefectDojo/blob/master/.github/workflows/new-release-master-into-dev.yml)) ## Security releases PRs that relate to security issues are done through [security advisories](https://github.com/DefectDojo/django-DefectDojo/security/advisories) which provide a way to work privately on code without prematurely disclosing vulnerabilities. ## Release and hotfix model -![Schemas](../../images/branching_model.png) +![Schemas](../../images/branching_model_v2.png) Diagrams created with [plantUML](https://plantuml.com). Find a web-based editor for PlantUML at https://www.planttext.com. ## Documentation -A `dev` version of the documentation built from the `dev` branch is available at [DefectDojo Documentation - dev branch](https://defectdojo.github.io/django-DefectDojo/dev/). +A `dev` version of the documentation built from the `dev` branch is available at [DefectDojo Documentation - dev branch](https://documentation.defectdojo.com/dev/). + + + + diff --git a/docs/content/en/contributing/documentation.md b/docs/content/en/contributing/documentation.md index faca05c54e9..95313d28344 100644 --- a/docs/content/en/contributing/documentation.md +++ b/docs/content/en/contributing/documentation.md @@ -5,8 +5,7 @@ draft: false weight: 2 --- -The documentation is build with [Hugo](https://gohugo.io/) and uses the theme [Docsy](https://www.docsy.dev). The source code -of the documentation is located in the [docs](https://github.com/DefectDojo/django-DefectDojo/tree/dev/doc) folder. +The documentation is built with [Hugo](https://gohugo.io/) and uses the theme [Docsy](https://www.docsy.dev). Static files for the webside are build with github actions and are publish in the gh-pages branch. ## How to run a local preview @@ -15,7 +14,7 @@ Static files for the webside are build with github actions and are publish in th 2. Install JavaScript packages - To build or update your site’s CSS resources, you also need PostCSS to create the final assets. If you need to install it, you must have a recent version of NodeJS installed on your machine so you can use npm, the Node package manager. By default npm installs tools under the directory where you run npm install: + To build or update your site’s CSS resources, you also need PostCSS to create the final assets. If you need to install it, you must have a recent version of NodeJS installed on your machine so you can use npm, the Node package manager. By default, npm installs tools under the directory where you run npm install: {{< highlight bash >}} cd docs diff --git a/docs/content/en/contributing/how-to-write-a-parser.md b/docs/content/en/contributing/how-to-write-a-parser.md index 1e9a89414ca..71141fcd1b0 100644 --- a/docs/content/en/contributing/how-to-write-a-parser.md +++ b/docs/content/en/contributing/how-to-write-a-parser.md @@ -13,10 +13,10 @@ All commands assume that you're located at the root of the django-DefectDojo clo - You have forked https://github.com/DefectDojo/django-DefectDojo and cloned locally. - Checkout `dev` and make sure you're up to date with the latest changes. -- It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name` yet that's up to you. +- It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name`. -It is probably easier to use the docker-compose stack (and benefit from the hot-reload capbility for uWSGI). -Set up your environment to use the debug environment, such as: +It is easiest to use the docker-compose deployment as it has hot-reload capbility for uWSGI. +Set up your environment to use the debug environment: `$ docker/setEnv.sh debug` @@ -24,7 +24,7 @@ Please have a look at [DOCKER.md](https://github.com/DefectDojo/django-DefectDoj ### Docker images -You'd want to build your docker images locally, and eventually pass in your local user's `uid` to be able to write to the image (handy for database migration files). Assuming your user's `uid` is `1000`, then: +You will want to build your docker images locally, and eventually pass in your local user's `uid` to be able to write to the image (handy for database migration files). Assuming your user's `uid` is `1000`, then: {{< highlight bash >}} $ docker-compose build --build-arg uid=1000 @@ -36,8 +36,10 @@ $ docker-compose build --build-arg uid=1000 |------- |-------- |`dojo/tools//__init__.py` | Empty file for class initialization |`dojo/tools//parser.py` | The meat. This is where you write your actual parser. The class name must be the Python module name without underscores plus `Parser`. **Example:** When the name of the Python module is `dependency_check`, the class name shall be `DependencyCheckParser` -|`dojo/unittests/scans//{many_vulns,no_vuln,one_vuln}.json` | Sample files containing meaningful data for unit tests. The minimal set. +|`unittests/scans//{many_vulns,no_vuln,one_vuln}.json` | Sample files containing meaningful data for unit tests. The minimal set. +|`unittests/tools/test__parser.py` | Unit tests of the parser. |`dojo/settings/settings.dist.py` | If you want to use a modern hashcode based deduplication algorithm +|`doc/content/en/integrations/parsers//.md` | Documentation, what kind of file format is required and how it should be obtained ## Factory contract @@ -90,6 +92,10 @@ class MyToolParser(object): ``` +## API Parsers + +DefectDojo has a limited number of API parsers. While we won’t remove these connectors, adding API connectors has been problematic and thus we cannot accept new API parsers / connectors from the community at this time for supportability reasonsing. To maintain a high quality API connector, it is necessary to have a license to the tool. To get that license requires partnership with the author or vendor. We're close to announcing a new program to help address this and bring API connectors to DefectDojo. + ## Template Generator Use the [template](https://github.com/DefectDojo/cookiecutter-scanner-parser) parser to quickly generate the files required. To get started you will need to install [cookiecutter](https://github.com/cookiecutter/cookiecutter). @@ -108,7 +114,7 @@ Read [more](https://github.com/DefectDojo/cookiecutter-scanner-parser) on the te ## Things to pay attention to -Here is a list of advise that will make your parser future proof. +Here is a list of considerations that will make the parser robust for both common cases and edge cases. ### Do not parse URLs by hand @@ -156,7 +162,7 @@ Good example: ### Do not parse CVSS by hand (vector, score or severity) -Data can have `CVSS` vectors or scores. Don't try to write your own CVSS score algorithm. +Data can have `CVSS` vectors or scores. Don't write your own CVSS score algorithm. For parser, we rely on module `cvss`. It's easy to use and will make the parser aligned with the rest of the code. @@ -219,7 +225,9 @@ Bad example (DIY): ## Deduplication algorithm -By default a new parser uses the 'legacy' deduplication algorithm documented at https://defectdojo.github.io/django-DefectDojo/usage/features/#deduplication-algorithms +By default a new parser uses the 'legacy' deduplication algorithm documented at https://documentation.defectdojo.com/usage/features/#deduplication-algorithms + +Please use a pre-defined deduplication algorithm where applicable. ## Unit tests @@ -283,6 +291,12 @@ for finding in findings: endpoint.clean() ``` +### Tests API Parsers + +Not only parser but also importer should be tested. +`patch` method from `unittest.mock` is usualy usefull for simulating API responses. +It is highly recommeded to use it. + ## Other files that could be involved ### Change to the model @@ -311,4 +325,12 @@ If you want to take a look at previous parsers that are now part of DefectDojo, ## Update the import page documentation -Please update [`docs/content/en/integrations/parsers.md`] with the details of your new parser. +Please add a new .md file in [`docs/content/en/integrations/parsers`] with the details of your new parser. Include the following content headings: + +* Acceptable File Type(s) - please include how to generate this type of file from the related tool, as some tools have multiple methods or require specific commands. +* An example unit test block, if applicable. +* A link to the relevant unit tests folder so that users can quickly navigate there from Documentation. +* A link to the scanner itself - (e.g. GitHub or vendor link) + +Here is an example of a completed Parser documentation page: https://defectdojo.github.io/django-DefectDojo/integrations/parsers/file/awssecurityhub/ + diff --git a/docs/content/en/contributing/parser-documentation-template.md b/docs/content/en/contributing/parser-documentation-template.md new file mode 100644 index 00000000000..10048d07d4f --- /dev/null +++ b/docs/content/en/contributing/parser-documentation-template.md @@ -0,0 +1,20 @@ +--- +title: "Parser Documentation Template" +toc_hide: true +weight: 1 +--- + +Use this template as part of writing a new parser. + +* Copy this .md file and add it to docs/integrations/parsers/file in the GitHub repository +* Update the title to match the name of your new parser +* Fill out all sections listed below + +### File Types +Specify all file types accepted by your parser. Include a process for creating the acceptable file from the related security tool. + +### Sample Scan Data / Unit Tests +Add a link to the relevant unit tests or sample scan data folder in the GitHub repository. + +### Link To Tool +A link to the scanner itself - (e.g. GitHub or appropriate vendor link) diff --git a/docs/content/en/contributing/wishlist.md b/docs/content/en/contributing/wishlist.md deleted file mode 100644 index 6bbbd274112..00000000000 --- a/docs/content/en/contributing/wishlist.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: "Wishlist" -description: "Be careful what you wish for" -draft: false -weight: 2 ---- - -To manage expectations, we call this the wishlist. These are items we want to do, are discussing or pondering our minds: -- New modern UI / SPA -- New dashboarding / statistics -- New search engine -- Adopt a plugin framework to allow plugins for issue trackers, parsers, reports, etc -- More flexible model diff --git a/docs/content/en/getting_started/architecture.md b/docs/content/en/getting_started/architecture.md index 61632a1e9d0..594bc65bc98 100644 --- a/docs/content/en/getting_started/architecture.md +++ b/docs/content/en/getting_started/architecture.md @@ -1,6 +1,6 @@ --- title: "Architecture" -description: "DefectDojo consists of several components that work together closely." +description: "The DefectDojo platform consists of several components that work together closely." draft: false weight: 1 --- @@ -15,17 +15,17 @@ images, JavaScript files or CSS files. ## uWSGI [uWSGI](https://uwsgi-docs.readthedocs.io/en/latest/) is the application server -that runs the DefectDojo application, written in Python/Django, to serve all +that runs the DefectDojo platform, written in Python/Django, to serve all dynamic content. ## Message Broker The application server sends tasks to a [Message Broker](https://docs.celeryproject.org/en/stable/getting-started/brokers/index.html) -for asynchronous execution. [RabbitMQ](https://www.rabbitmq.com/) is a well supported choice. +for asynchronous execution. [RabbitMQ](https://www.rabbitmq.com/) is a well established choice. ## Celery Worker -Tasks like deduplication or the Jira synchonization are performed asynchronously +Tasks like deduplication or the JIRA synchronization are performed asynchronously in the background by the [Celery](https://docs.celeryproject.org/en/stable/) Worker. @@ -37,11 +37,11 @@ Beat. ## Initializer -The Initializer gets started during startup of DefectDojo to initialize the -database and run database migrations after upgrades of DefectDojo. It shuts +The Initializer setups / maintains the +database and syncs / runs migrations after version upgrades. It shuts itself down after all tasks are performed. ## Database -The Database stores all data of DefectDojo. Currently [MySQL](https://dev.mysql.com/) -and [PostgreSQL](https://www.postgresql.org/) are supported. Please note the `django-watson` search engine require one or more MyISAM tables, so you cannot use Azure MySQL or Cloud SQL for MySQL. AWS RDS MySQL supports MyISAM tables, so it will work. +The Database stores all the application data of DefectDojo. Currently [PostgreSQL](https://www.postgresql.org/) and [MySQL](https://dev.mysql.com/) +are supported, with PostgreSQL being the recommended option. Please note the `django-watson` search engine require one or more MyISAM tables, so you cannot use Azure MySQL or Cloud SQL for MySQL. AWS RDS MySQL supports MyISAM tables. diff --git a/docs/content/en/getting_started/configuration.md b/docs/content/en/getting_started/configuration.md index 162a0b5a1cc..402689a2164 100644 --- a/docs/content/en/getting_started/configuration.md +++ b/docs/content/en/getting_started/configuration.md @@ -7,11 +7,11 @@ weight: 3 ## dojo/settings/settings.dist.py -The main settings are all stored in [`dojo/settings/settings.dist.py`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings.dist.py). It is great to use this file as a reference what can be configured, but it shouldn't be edited directly, because changes would be overridden when updating DefectDojo. There are several methods to change the default settings: +The main settings are stored in [`dojo/settings/settings.dist.py`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings.dist.py). It is great to use this file as a reference for what can be configured, but it shouldn\'t be edited directly, because changes will be overwritten when updating DefectDojo. There are several methods to change the default settings: ### Environment variables -Most of these parameters can be set by environment variables. +Most parameters can be set by environment variables. When you deploy DefectDojo via **Docker Compose**, you can set environment variables in [`docker-compose.yml`](https://github.com/DefectDojo/django-DefectDojo/blob/master/docker-compose.yml). Be aware you have to set the variables for three services: `uwsgi`, `celerybeat` and `celeryworker`. @@ -26,8 +26,9 @@ An example can be found in [`template_env`](https://github.com/DefectDojo/django ### local_settings.py (not with Kubernetes) `local_settings.py` can contain more complex customizations such as adding MIDDLEWARE or INSTALLED_APP entries. -This file is processed *after* settings.dist.py is processed, so you can modify settings delivered by Defect Dojo out of the box. - The file must be located in the `dojo/settings` directory. Environment variables in this file must have no `DD_` prefix. +This file is processed *after* settings.dist.py is processed, so you can modify settings delivered by DefectDojo out of the box. + The file must be located in the `dojo/settings` directory. Environment variables in this file must not have the `DD_` prefix. +If the file is missing feel free to create it. Do not edit `settings.dist.py` directly. An example can be found in [`dojo/settings/template-local_settings`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/template-local_settings). diff --git a/docs/content/en/getting_started/demo.md b/docs/content/en/getting_started/demo.md index a52ef8373a2..cb78419bca8 100644 --- a/docs/content/en/getting_started/demo.md +++ b/docs/content/en/getting_started/demo.md @@ -1,6 +1,6 @@ --- title: "Demo" -description: "There is Defect Dojo demo site running the latest official released version" +description: "There is DefectDojo demo site running the latest officially released version" draft: false weight: 6 --- diff --git a/docs/content/en/getting_started/installation.md b/docs/content/en/getting_started/installation.md index 39f9013ab8f..a127f36e492 100644 --- a/docs/content/en/getting_started/installation.md +++ b/docs/content/en/getting_started/installation.md @@ -5,19 +5,35 @@ draft: false weight: 2 --- -## Docker Compose install (recommended) +## **Recommended Options** +--- + +### Docker Compose See instructions in [DOCKER.md]() -## Kubernetes install +### SaaS (Includes Support & Supports the Project) + +[SaaS link](https://www.defectdojo.com/pricing) + +### AWS AMI (Supports the Project) + +[Marketplace link](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk), and complete [walkthrough](https://www.10security.com/defectdojo-aws-launch-guide) + +--- +## **Options for the brave (not officially supported)** +--- +### Kubernetes See instructions in [KUBERNETES.md]() -## Local install with godojo +### Local install with godojo See instructions in [README.md]() in the godojo repository +--- + ## Customizing of settings See [Configuration](../configuration) diff --git a/docs/content/en/getting_started/running-in-production.md b/docs/content/en/getting_started/running-in-production.md index 32e5d324904..6da16d253b7 100644 --- a/docs/content/en/getting_started/running-in-production.md +++ b/docs/content/en/getting_started/running-in-production.md @@ -1,21 +1,23 @@ --- title: "Running in production" -description: "Productive use of DefectDojo needs consideration of performance and backups." +description: "For use in Production environments, performance tweaks and backups are recommended." draft: false weight: 4 --- -## Production with docker-compose +## Production use with docker-compose The docker-compose.yml file in this repository is fully functional to evaluate DefectDojo in your local environment. Although Docker Compose is one of the supported installation methods to deploy a containerized DefectDojo in a production environment, the docker-compose.yml file is not intended for production use without first customizing it to your particular situation. +See [Running with Docker Compose](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md) for more information how to run DefectDojo with Docker Compose. + ### Database performance and backup -It is recommended to use a dedicated database server and not the preconfigured MySQL database. This will improve the performance of DefectDojo +It is recommended to use a dedicated database server and not the preconfigured PostgreSQL database. This will improve the performance of DefectDojo. -In both case, if you use a dedicated database server or if you should decide to use the preconfigured MySQL database, make sure to make regular backups of the data. For a dedicated database server follow the instructions that come with the database server. For the preconfigured MySQL you can use mysqldump, e.g. as described in [How to backup a Docker MySQL database](https://dev.to/grant_bartlett/how-to-backup-a-docker-mysql-database-3nd8). +In both cases (dedicated DB or containerized), if you are self-hosting, it is recommended that you implement and create periodic backups of your data. ### Backup of Media files @@ -28,21 +30,16 @@ Please read the paragraphs below about key processes tweaks. {{% /alert %}} -Having taken the database to run elsewhere, the minimum recommendation -is: +With a separate database, the minimum recommendations +are: - 2 vCPUs - 8 GB of RAM -- 2 GB of disk space (remember, your database is not here \-- so - basically, what you have for your O/S should do). You could allocate +- 10 GB of disk space (remember, your database is not here \-- so + what you have for your O/S should do). You could allocate a different disk than your OS\'s for potential performance improvements. -### Key processes - -Per , it is -now easy to somewhat improve the uWSGI and celery worker performance. - #### uWSGI By default (except in `ptvsd` mode for debug purposes), uWSGI will @@ -60,20 +57,17 @@ concurrent connections. #### Celery worker -By default, a single mono-process celery worker is spawned. This is fine -until you start having many findings, and when async operations like -deduplication start to kick in. Eventually, it will starve your -resources and crawl to a halt, while operations continue to queue up. +By default, a single mono-process celery worker is spawned. When storing a large amount of findings, leveraging async functions (like deduplication), or both. Eventually, it is important to adjust these parameters to prevent resource starvation. -The following variables will help a lot, while keeping a single celery -worker container. + +The following variables can be changed to increase worker performance, while keeping a single celery container. - `DD_CELERY_WORKER_POOL_TYPE` will let you switch to `prefork`. (default `solo`) -As you\'ve enabled `prefork`, the following variables have -to be used. The default are working fairly well, see the -Dockerfile.django for in-file references. +When you enable `prefork`, the variables below have +to be used. see the +Dockerfile.django-* for in-file references. - `DD_CELERY_WORKER_AUTOSCALE_MIN` defaults to 2. - `DD_CELERY_WORKER_AUTOSCALE_MAX` defaults to 8. @@ -85,30 +79,22 @@ You can execute the following command to see the configuration: `docker-compose exec celerybeat bash -c "celery -A dojo inspect stats"` and see what is in effect. -###### Asynchronous Imports +#### Asynchronous Import -This is an experimental features that has some [concerns](https://github.com/DefectDojo/django-DefectDojo/pull/5553#issuecomment-989679555) that need to be addressed before it can be used reliably. +**Please note: Asynchronous Import is currently an experimental feature. Please exercise caution with this method as results may be inconsistent.** Import and Re-Import can also be configured to handle uploads asynchronously to aid in -importing especially large files. It works by batching Findings and Endpoints by a -configurable amount. Each batch will be be processed in seperate celery tasks. +processing especially large scans. It works by batching Findings and Endpoints by a +configurable amount. Each batch will be be processed in separate celery tasks. -The following variables have to be used. +The following variables impact async imports. - `DD_ASYNC_FINDING_IMPORT` defaults to False -- `DD_ASYNC_FINDING_IMPORT_CHUNK_SIZE` deafults to 100 +- `DD_ASYNC_FINDING_IMPORT_CHUNK_SIZE` defaults to 100 When using asynchronous imports with dynamic scanners, Endpoints will continue to "trickle" in -even after the import has returned a successful respsonse. This is becasue processing continues +even after the import has returned a successful response. This is because processing continues to occur after the Findings have already been imported. To determine if an import has been fully completed, please see the progress bar in the appropriate test. -## Monitoring - -To expose Django statistics for [Prometheus](https://prometheus.io/), set -`DJANGO_METRICS_ENABLED` to `True` in the settings -(see [Configuration](../configuration)). - -The Prometheus endpoint is than available under the path: -`http://dd_server/django_metrics/metrics` diff --git a/docs/content/en/getting_started/upgrading.md b/docs/content/en/getting_started/upgrading.md deleted file mode 100644 index 9da2941bc75..00000000000 --- a/docs/content/en/getting_started/upgrading.md +++ /dev/null @@ -1,658 +0,0 @@ ---- -title: "Upgrading" -description: "Release specific upgrading instructions" -draft: false -weight: 5 ---- - -Docker-compose --------------- - -When you deploy a vanilla docker-compose, it will create a persistent -volume for your MySQL database. As long as your volume is there, you -should not lose any data. - -### Using docker images provided in DockerHub - -{{% alert title="Information" color="info" %}} -If you\'re using `latest`, then you need to pre pull the `latest` from -DockerHub to update. -{{% /alert %}} - - -The generic upgrade method for docker-compose follows these steps: - -- Pull the latest version - - ``` {.sourceCode .bash} - docker pull defectdojo/defectdojo-django:latest - docker pull defectdojo/defectdojo-nginx:latest - ``` - -- If you would like to use something older (so not the latest - version), specify the version (tag) you want to upgrade to: - - ``` {.sourceCode .bash} - docker pull defectdojo/defectdojo-django:1.10.2 - docker pull defectdojo/defectdojo-nginx:1.10.2 - ``` - -- Go to the directory where your docker-compose.yml file lives -- Stop DefectDojo: `docker-compose stop` -- Re-start DefectDojo, allowing for container recreation: - `docker-compose up -d` -- Database migrations will be run automatically by the initializer. - Check the output via `docker-compose logs initializer` or relevant k8s command -- If you have the initializer disabled (or if you want to be on the - safe side), run the migration command: - `docker-compose exec uwsgi /bin/bash -c 'python manage.py migrate` - -### Building your local images - -If you build your images locally and do not use the ones from DockerHub, -the instructions are much the same, except that you'd build your images -first. (Of course, if you're doing this, then you know you have to -update the source code first) - -Replace the first step above with this one: `docker-compose build` - -godojo installations --------------------- - -If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md). - -## Upgrading to DefectDojo Version 2.6.x. - -There are no special instruction for upgrading to 2.6.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.6.0) for the contents of the release. - -Please consult the security advisories [GHSA-f82x-m585-gj24](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-f82x-m585-gj24) (moderate) and [GHSA-v7fv-g69g-x7p2](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-v7fv-g69g-x7p2) (high) to see what security issues were fixed in this release. These will be published and become visible at January 18th, 2022. - - -## Upgrading to DefectDojo Version 2.5.x. - -Legacy authorization has been completely removed with version 2.5.0. This includes removal of the migration of users -to the new authorization as described in https://defectdojo.github.io/django-DefectDojo/getting_started/upgrading/#authorization. -If you are still using the legacy authorization, you should run the migration with ``./manage.py migrate_authorization_v2`` -before upgrading to version 2.5.0 - -This release introduces the "Forgot password" functionality (`DD_FORGOT_PASSWORD`: default `True`). The function -allows sending an e-mail with the reset password link. Missing configuration or misconfiguration of SMTP -(`DD_EMAIL_URL`) could raise an error (HTTP-500). Check and test (for example by resetting your own password) if you -configured SMTP correctly. If you want to avoid HTTP-500 and you don't want to set up SMTP, you can just simply switch -off the "Forgot password" functionality (`DD_FORGOT_PASSWORD=False`). - -Release renamed system setting `mail_notifications_from` to `email_from`. This value will not be used only for sending -notifications but also for sending the reset password emails. It is highly recommended to check the content of this -value if you are satisfied. If you installed DefectDojo earlier, you can expect `"from@example.com"` there. A fresh -installation will use `"no-reply@example.com"` - -This release [updates](https://github.com/DefectDojo/django-DefectDojo/pull/5450) our helm dependencies. There is a breaking change if you are using the mysql database from the helm chart because we replaced the deprecated chart from the stable repo with a chart from bitnami. If you have persistance enabled, ensure to backup your data before upgrading. All data get lost when replacing the mysql chart during the upgrade. For data migration take a look at the mysql backup and restore process. - -Furthermore we updated our kubernetes version. Current tests run on 1.18.16 and 1.22.0. - -## Upgrading to DefectDojo Version 2.4.x. (Security Release) - -This releases fixes a High severity vulnerability for which the details will be disclosed on November 16th in [GHSA-fwg9-752c-qh8w](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-fwg9-752c-qh8w) - -There is a breaking change in the API for importing and re-importings scans with SonarQube API and Cobalt.io API. The [scan configurations -have been unified](https://github.com/DefectDojo/django-DefectDojo/pull/5289) and are set now with the attribute `api_scan_configuration`. -The existing configurations for SonarQube API and Cobalt.io API have been migrated. - -At the request of pyup.io, we had to remove the parser for Safety scans. - - -## Upgrading to DefectDojo Version 2.3.x. - -There are no special instruction for upgrading to 2.3.0. -In 2.3.0 we [changed the default password hashing algorithm to Argon2 (from PBKDF2)](https://github.com/DefectDojo/django-DefectDojo/pull/5205). -When logging in, exising hashes get replaced by an Argon2 hash. If you want to rehash password without users having to login, -please see the [Django password management docs](https://docs.djangoproject.com/en/3.2/topics/auth/passwords/). -The previous password hashing algorithm (PBKDF2) was not unsafe, but we wanted to follow the [OWASP guidelines](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html). - - -## Upgrading to DefectDojo Version 2.2.x. - -Upgrade to 2.0.0 contained migration of endpoints. Some parts of migration haven't been done properly. This deficiency -may manifest as a doubled slash in endpoint URLs (like `http://foo.bar:8080//test`) or as a problem with deduplication -of the same endpoints. The mentioned bug was fixed in 2.2.0 and if you have seen these kinds of problems, just rerun -"Endpoint migration" as it is written in [Upgrading to DefectDojo Version 2.0.x.](#upgrading-to-defectdojo-version-20x). - - -## Upgrading to DefectDojo Version 2.0.x. - -Follow the usual steps to upgrade as described above. - -BEFORE UPGRADING -- If you are using SAML2 checkout the new [documentaion](https://defectdojo.github.io/django-DefectDojo/integrations/social-authentication/#saml-20) and update you settings following the migration section. We replaced [django-saml2-auth](https://github.com/fangli/django-saml2-auth) with [djangosaml2](https://github.com/IdentityPython/djangosaml2). - -AFTER UPGRADING -- Usual migration process (`python manage.py migrate`) try to migrate all endpoints to new format and merge duplicates. -- All broken endpoints (which weren't possible to migrate) have red flag 🚩 in standard list of endpoints. -- Check if all your endpoints was migrated successfully, go to: https:///endpoint/migrate. -- Alternatively, this can be run as management command: `docker-compose exec uwsgi ./manage.py endpoint_migration --dry-run` -- When all endpoint will be fixed (there is not broken endpoint), press "Run migration" in https:///endpoint/migrate -- Or, you can run management command: `docker-compose exec uwsgi ./manage.py endpoint_migration` -- Details about endpoint migration / improvements in https://github.com/DefectDojo/django-DefectDojo/pull/4473 - -We decided to name this version 2.0.0 because we did some big cleanups in this release: - -- Remove API v1 ([#4413](https://github.com/DefectDojo/django-DefectDojo/pull/4413)) -- Remove setup.bash installation method ([#4417](https://github.com/DefectDojo/django-DefectDojo/pull/4417)) -- Rename Finding.is_Mitigated field to Finding.is_mitigated ([#3854](https://github.com/DefectDojo/django-DefectDojo/pull/4854)) -- Remove everything related to the old tagging library ([#4419](https://github.com/DefectDojo/django-DefectDojo/pull/4419)) -- Remove S0/S1/S2../S5 severity display option ([#4415](https://github.com/DefectDojo/django-DefectDojo/pull/4415)) -- Refactor EndPoint handling/formatting ([#4473](https://github.com/DefectDojo/django-DefectDojo/pull/4473)) -- Upgrade to Django 3.x ([#3632](https://github.com/DefectDojo/django-DefectDojo/pull/3632)) -- PDF Reports removed ([#4418](https://github.com/DefectDojo/django-DefectDojo/pull/4418)) -- Hashcode calculation logic has changed. To update existing findings run: - - `./manage.py dedupe --hash_code_only`. - -If you're using docker: - -`docker-compose exec uwsgi ./manage.py dedupe --hash_code_only`. - -This can take a while depending on your instance size. - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.0.0 - -### Endpoints - -- The usual migration process (`python manage.py migrate`) tries to migrate all endpoints to new format and merge duplicates. -- All broken endpoints (which weren't possible to migrate) have a red flag 🚩 in the standard list of endpoints. -- Check if all your endpoints were migrated successfully, go to: https:///endpoint/migrate. -- Alternatively, this can be run as management command: `docker-compose exec uwsgi ./manage.py endpoint_migration --dry-run` -- When all endpoint are fixed (there is not broken endpoint), press "Run migration" in https:///endpoint/migrate -- Or, you can run management command: `docker-compose exec uwsgi ./manage.py endpoint_migration` -- Details about endpoint migration / improvements in https://github.com/DefectDojo/django-DefectDojo/pull/4473 - -### Authorization - -The new authorization system for Products and Product Types based on roles is the default now. The fields for authorized users are not available anymore, but you can assign roles as described in [Permissions](../../usage/permissions). Users are migrated automatically, so that their permissions are as close as possible to the previous authorization: -- Superusers will still have all permissions on Products and Product Types, so they must not be changed. -- Staff users have had all permissions for all product types and products, so they will be get a global role as *Owner*. -- Product_Members and Product Type_Members will be added for authorized users according to the settings for the previous authorization: - - The *Reader* role is set as the default. - - If `AUTHORIZED_USERS_ALLOW_STAFF` is `True`, the user will get the *Owner* role for the respective Product or Product Type. - - If `AUTHORIZED_USERS_ALLOW_CHANGE` or `AUTHORIZED_USERS_ALLOW_DELETE` is `True`, the user will get the *Writer* role for the respective Product or Product Type. - -The new authorization is active for both UI and API. Permissions set via authorized users or via the Django Admin interface are no longer taken into account. - -Please review the roles for your users after the upgrade to avoid an unintended permissions creep. - - -## Upgrading to DefectDojo Version 1.15.x - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.15.0 -- If you have made changes to JIRA templates or the template config in the JIRA Project config for instances/products/engagements: -The jira template settings introduced in 1.13 have been changed. You now have to select a subfolder instead of a sinlge template file. If you have chosen a non-default template here, you have to reapply that to all products / engagements. Also you have to move your custom templates into the correct subfolder in `dojo/templates/issue-trackers/`. -- Hashcode calculation logic has changed in #4134, #4308 and #4310 to update existing findings run: - - `./manage.py dedupe --hash_code_only` - -If you're using docker: - -`docker-compose exec uwsgi ./manage.py dedupe --hash_code_only` - -This can take a while depending on your instance size. - - - -## Upgrading to DefectDojo Version 1.14.x - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.14.0 - -Note that the below fields are now optional without default value. They will not be filled anymore with values such as "No references given" when found empty while saving the findings -- mitigation -- references -- impact -- url - - - -## Upgrading to DefectDojo Version 1.13.x - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.13.0 -- Hashcode settings affecting deduplication have changed, to update existing findings run: - - `./manage.py dedupe` - -If you're using docker: - - docker-compose exec uwsgi ./manage.py dedupe - -This can take a while depeneding on your instance size. It might possible that new duplicates are detected among existing findings, so make a backup before running! - - -## Upgrading to DefectDojo Version 1.12.x - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.12.0 -- 1.12.1 is a security release https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.12.1 - -## Upgrading to DefectDojo Version 1.11.x - -- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.11.0 -- 1.11.1 is a security release https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.11.1 - -## Upgrading to DefectDojo Version 1.10.x - -**1.10.4 is a security release** - -- See the security advisory: - -- See release notes: - -- Version 1.10.4 replaces 1.10.3 as the latter contained an incomplete - fix - -**What\'s New:** - -- See release notes: - -- DefectDojo now provides a `settings.py` file - out-of-the-box. Custom settings need to go into - `local\_settings.py`. See - - and - -- A quickfix is to rename your own / customized - `settings.py` or `settings.dist.py` to - `local\_settings.py`. Details of that PR: - -- Major JIRA integration refactoring, for which you should at least - use 1.10.1 and not 1.10.0 for many bug fixes. - -**Breaking changes** - -Kubernetes/Helm users: we have moved away from the \"stable\" repository -to \"bitnami\" in this release. The bitnami postgresql chart required us -to add a new key to the postgresql secret, which will give you the error -`postgresql-postgres-password is missing` if you have -`createPostgresqlSecret: false`. In 1.10.1, a fix was also included to -allow your existing `postgresqlPassword` to be reused properly. - -Including in 1.10.1 were a couple fixes related to a rabbitMQ upgrade. -The path to access `password`, `erlangCookie` and -`existingPasswordSecret` changed from `rabbitmq` to `auth`. Furthermore, -as rabbitMQ is deployed as a StatefulSet, an in-place upgrade is not -possible and an error will likely be thrown such as -`Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden`. -After ensuring your rabbitMQ celery queue is empty, you will then want -to delete your rabbitMQ StatefulSet and PVC to allow them to get -re-created, or fully delete and recreate defectdojo. - -## Upgrading to DefectDojo Version 1.9.3 - -**This is a security release** - -- See the [security - advisory](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-8q8j-7wc4-vjg5) -- See [release - notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.9.3) - -**What\'s New:** - -- See release notes: - - -**NOTE:** - -When upgrading from before 1.9.2, a corrective script may need to be ran - -`./manage.py create\_endpoint\_status` - -If you\'re using docker: - -`docker-compose exec uwsgi ./manage.py create\_endpoint\_status` - -This can take a while depending on your hardware and the number of -findings in your instance. - -- Search index tweaking index rebuild after upgrade: - -This requires a (one-time) rebuild of the Django-Watson search index. -Execute the django command from the defect dojo installation directory: - -`./manage.py buildwatson]` - -If you\'re using docker: - -`docker-compose exec uwsgi ./manage.py buildwatson` - -This can take a while depending on your hardware and the number of -findings in your instance. - -## Upgrading to DefectDojo Version 1.8.0 - -**What\'s New:** - -- See release notes: - -- Improved search, which requires an index rebuild - () - -This requires a (one-time) rebuild of the Django-Watson search index. -Execute the django command from the defect dojo installation directory: - -`./manage.py buildwatson` - -If you\'re using docker: - -`docker-compose exec uwsgi ./manage.py buildwatson` - -This can take a while depending on your hardware and the number of -findings in your instance. - -- **NOTE:** - -As a result of a breaking bug revolving around Endpoint\_status objects, -a corrective script will need to be ran after every dynamic scan -imported through either API version. - -The script can be found -[here](https://github.com/DefectDojo/django-DefectDojo/blob/dev/dojo/management/commands/create_endpoint_status.py) - -`./manage.py create\_endpoint\_status` - -If you\'re using docker: - -`docker-compose exec uwsgi ./manage.py create\_endpoint\_status` - -This can take a while depending on your hardware and the number of -findings in your instance. - -## Upgrading to DefectDojo Version 1.7.0 - -**What\'s New:** - -- Updated search, you can now search for CVE-XXXX-YYYY -- Updated search index, fields added to index: \'id\', \'title\', - \'cve\', \'url\', \'severity\', \'description\', \'mitigation\', - \'impact\', \'steps\_to\_reproduce\', \'severity\_justification\', - \'references\', \'sourcefilepath\', \'sourcefile\', \'hash\_code\', - \'file\_path\', \'component\_name\', \'component\_version\', - \'unique\_id\_from\_tool\' - -This requires a (one-time) rebuild of the Django-Watson search index. -Execute the django command from the defect dojo installation directory: - -`./manage.py buildwatson dojo.Finding` - -If you\'re using docker: - -`docker-compose exec uwsgi ./manage.py buildwatson dojo.Finding` - -Upgrading to DefectDojo Version 1.5.0 -------------------------------------- - -**What\'s New:** - -- Updated UI with a new DefectDojo logo, default colors and CSS. -- Updated Product views with tabs for Product Overview, Metrics, - Engagements, Endpoints, Benchmarks (ASVS), and Settings to make it - easier to navigate and manage your products. -- New Product Information fields: Regulations, Criticality, Platform, - Lifecycle, Origin, User Records, Revenue, External Audience, - Internet Accessible -- Languages pie chart on product overview, only supported through the - API and Django admin, integrates with cloc analyzer -- New Engagement type of CI/CD to support continual testing -- Engagement shortcuts and ability to import findings and auto-create - an engagement -- Engagement labels for overdue, no tests and findings -- New Contextual menus throughout DefectDojo and shortcuts to new - findings and critical findings -- Ability to merge a finding into a parent finding and either - inactivate or delete the merged findings. -- Report improvements and styling adjustment with the default option - of HTML reports -- SLA for remediation of severities based on finding criticality, for - example critical findings remediated within 7 days. Configurable in - System Settings. -- Engagement Auto-Close Days in System Settings. Automatically close - an engagement if open past the end date. -- Ability to apply remediation advice based on CWE. For example XSS - can be configured as a template so that it\'s consistent across all - findings. Enabled in system settings. -- Finding confidence field supported from scanners. First - implementation in the Burp importer. -- Goast importer for static analysis of Golang products -- Celery status check on System Settings -- Beta rules framework release for modifying findings on the fly -- DefectDojo 2.0 API with Swagger support -- Created and Modified fields on all major tables -- Various bug fixes reported on Github - -**Upgrading to 1.5.0 requirements:** - -1. Back up your database first, ideally take the backup from production - and test the upgrade on a staging server. -2. Edit the settings.py file which can be found in - `django-DefectDojo/dojo/settings/settings.py`. Copy in the rest - framework configuration after the CSRF\_COOKIE\_SECURE = True: - - REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES': ( - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ), - 'DEFAULT_PERMISSION_CLASSES': ( - 'rest_framework.permissions.DjangoModelPermissions', - ), - 'DEFAULT_RENDERER_CLASSES': ( - 'rest_framework.renderers.JSONRenderer', - ), - 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination', - 'PAGE_SIZE': 25 - } - -Navigate to: LOGIN\_EXEMPT\_URLS and add the following after -r\'\^%sfinding/image/(?P\\[\^/\]+)\$\' % URL\_PREFIX: - - r'^%sfinding/image/(?P[^/]+)$' % URL_PREFIX, - r'^%sapi/v2/' % URL_PREFIX, - -Navigate to: INSTALLED\_APPS and add the following after: -\'multiselectfield\',: - - 'multiselectfield', - 'rest_framework', - 'rest_framework.authtoken', - 'rest_framework_swagger', - 'dbbackup', - -Navigate to: CELERY\_TASK\_IGNORE\_RESULT = True and add the following -after CELERY\_TASK\_IGNORE\_RESULT line: - - CELERY_RESULT_BACKEND = 'db+sqlite:///dojo.celeryresults.sqlite' - -Save your modified settings file. For reference the modified file should -look like the new 1.5.0 -\[settings\]() -file, minus the environmental configurations. As an alternative this -file can be used and the enviromental configurations from you -environment can be copied into this file. - -3. Activate your virtual environment and then upgrade the requirements: - -`pip install -r requirements.txt --upgrade` - -4. Upgrade the database: - - ./manage.py makemigrations - ./manage.py migrate - -5. Collect the static files (Javascript, Images, CSS): - - ./manage.py collectstatic --noinput - -6. Complete - -## Upgrading to DefectDojo Version 1.3.1 - -**What\'s New:** - -- New importers for Contrast, Nikto and TruffleHog (finding secrets in - git repos). -- Improved merging of findings for dynamic and static importers -- Markdown support for findings -- HTML report improvements including support of Markdown. -- System settings Celery status page to assist in debugging if Celery - is functional. - -**Upgrading to 1.3.1 requires:** - -1. pip install markdown pip install pandas -2. ./manage.py makemigrations ./manage.py migrate -3. ./manage.py collectstatic \--noinput -4. Complete - -## Upgrading to DefectDojo Version 1.2.9 - -**What\'s New:** New feature: Benchmarks (OWASP ASVS) - -**Upgrading to 1.2.9 requires:** - -1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata - dojo/fixtures/benchmark\_type.json ./manage.py loaddata - dojo/fixtures/benchmark\_category.json ./manage.py loaddata - dojo/fixtures/benchmark\_requirement.json -2. ./manage.py collectstatic \--noinput -3. Complete - -## Upgrading to DefectDojo Version 1.2.8 - -New feature: Product Grading (Overall Product Health) Upgrading to 1.2.8 -requires: - -1. ./manage.py makemigrations ./manage.py migrate ./manage.py - system\_settings -2. ./manage.py collectstatic \--noinput -3. pip install asteval -4. pip install \--upgrade celery -5. Complete - -## Upgrading to DefectDojo Version 1.2.4 - -Upgrading to 1.2.4 requires: - -1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata - dojo/fixtures/objects\_review.json - -## Upgrading to DefectDojo Version 1.2.3 - -Upgrading to 1.2.3 requires: - -1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata - dojo/fixtures/language\_type.json -2. Currently languages and technologies can be updated via the API or - in the admin section of Django. - -## July 6th 2017 - New location for system settings - -Pull request \#313 moves a number of system settings previously located -in the application\'s settings.py to a model that can be used and -changed within the web application under \"Configuration -\> System -Settings\". - -If you\'re using a custom `URL_PREFIX` you will need to set this in the -model after upgrading by editing `dojo/fixtures/system_settings.json` -and setting your URL prefix in the `url_prefix` value there. Then issue -the command `./manage.py loaddata system_settings.json` to load your -settings into the database. - -If you\'re not using a custom `URL_PREFIX`, after upgrading simply go to -the System Settings page and review which values you want to set for -each setting, as they\'re not automatically migrated from settings.py. - -If you like you can then remove the following settings from settings.py -to avoid confusion: - -- `ENABLE_DEDUPLICATION` -- `ENABLE_JIRA` -- `S_FINDING_SEVERITY_NAMING` -- `URL_PREFIX` -- `TIME_ZONE` -- `TEAM_NAME` - -## Upgrading to DefectDojo Version 1.2.2 - -Upgrading to 1.2.2 requires: - -1. Copying settings.py to the settings/ folder. -2. If you have supervisor scripts change - DJANGO\_SETTINGS\_MODULE=dojo.settings.settings - -## Upgrading to Django 1.1.5 - -If you are upgrading an existing version of DefectDojo, you will need to -run the following commands manually: - -1. First install Yarn. Follow the instructions based on your OS: - -2. The following must be removed/commented out from `settings.py`: : - - 'djangobower.finders.BowerFinder', - - From the line that contains: - # where should bower install components - ... - - To the end of the bower declarations - 'justgage' - ) - -3. The following needs to be updated in `settings.py`: : - - STATICFILES_DIRS = ( - # Put strings here, like "/home/html/static" or "C:/www/django/static". - # Always use forward slashes, even on Windows. - # Don't forget to use absolute paths, not relative paths. - os.path.dirname(DOJO_ROOT) + "/components/yarn_components", - ) - -## Upgrading to Django 1.11 - -Pull request \#300 makes DefectDojo Django 1.11 ready. A fresh install -of DefectDojo can be done with the setup.bash script included - no -special steps are required. - -If you are upgrading an existing installation of DefectDojo, you will -need to run the following commands manually: : - - pip install django-tastypie --upgrade - pip install django-tastypie-swagger --upgrade - pip install django-filter --upgrade - pip install django-watson --upgrade - pip install django-polymorphic --upgrade - pip install django --upgrade - pip install pillow --upgrade - ./manage.py makemigrations - ./manage.py migrate - -The following must be removed/commented out from settings.py: : - - TEMPLATE_DIRS - TEMPLATE_DEBUG - TEMPLATE_LOADERS - TEMPLATE_CONTEXT_PROCESSORS - -The following needs to be added to settings.py: : - - TEMPLATES = [ - { - 'BACKEND': 'django.template.backends.django.DjangoTemplates', - 'APP_DIRS': True, - 'OPTIONS': { - 'context_processors': [ - 'django.template.context_processors.debug', - 'django.template.context_processors.request', - 'django.contrib.auth.context_processors.auth', - 'django.contrib.messages.context_processors.messages', - ], - }, - }, - ] - -Once all these steps are completed your installation of DefectDojo will -be running under Django 1.11 diff --git a/docs/content/en/getting_started/upgrading/1.10.md b/docs/content/en/getting_started/upgrading/1.10.md new file mode 100644 index 00000000000..540ec306aab --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.10.md @@ -0,0 +1,50 @@ +--- +title: "Upgrading to DefectDojo Version 1.10.x" +toc_hide: true +weight: -20201124 +description: security release + breaking changes +--- +**1.10.4 is a security release** + +- See the security advisory: + +- See release notes: + +- Version 1.10.4 replaces 1.10.3 as the latter contained an incomplete + fix + +**What\'s New:** + +- See release notes: + +- DefectDojo now provides a `settings.py` file + out-of-the-box. Custom settings need to go into + `local\_settings.py`. See + + and + +- A quickfix is to rename your own / customized + `settings.py` or `settings.dist.py` to + `local\_settings.py`. Details of that PR: + +- Major JIRA integration refactoring, for which you should at least + use 1.10.1 and not 1.10.0 for many bug fixes. + +**Breaking changes** + +Kubernetes/Helm users: we have moved away from the \"stable\" repository +to \"bitnami\" in this release. The bitnami postgresql chart required us +to add a new key to the postgresql secret, which will give you the error +`postgresql-postgres-password is missing` if you have +`createPostgresqlSecret: false`. In 1.10.1, a fix was also included to +allow your existing `postgresqlPassword` to be reused properly. + +Including in 1.10.1 were a couple fixes related to a rabbitMQ upgrade. +The path to access `password`, `erlangCookie` and +`existingPasswordSecret` changed from `rabbitmq` to `auth`. Furthermore, +as rabbitMQ is deployed as a StatefulSet, an in-place upgrade is not +possible and an error will likely be thrown such as +`Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden`. +After ensuring your rabbitMQ celery queue is empty, you will then want +to delete your rabbitMQ StatefulSet and PVC to allow them to get +re-created, or fully delete and recreate defectdojo. diff --git a/docs/content/en/getting_started/upgrading/1.11.md b/docs/content/en/getting_started/upgrading/1.11.md new file mode 100644 index 00000000000..9110d06f153 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.11.md @@ -0,0 +1,8 @@ +--- +title: "Upgrading to DefectDojo Version 1.11.x" +toc_hide: true +weight: -20201229 +description: security release +--- +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.11.0 +- 1.11.1 is a security release https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.11.1 diff --git a/docs/content/en/getting_started/upgrading/1.12.md b/docs/content/en/getting_started/upgrading/1.12.md new file mode 100644 index 00000000000..39c8371d91c --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.12.md @@ -0,0 +1,8 @@ +--- +title: "Upgrading to DefectDojo Version 1.12.x" +toc_hide: true +weight: -20210126 +description: security release +--- +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.12.0 +- 1.12.1 is a security release https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.12.1 diff --git a/docs/content/en/getting_started/upgrading/1.13.md b/docs/content/en/getting_started/upgrading/1.13.md new file mode 100644 index 00000000000..b5948a91a6f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.13.md @@ -0,0 +1,17 @@ +--- +title: "Upgrading to DefectDojo Version 1.13.x" +toc_hide: true +weight: -20210223 +description: hashcode calculation logic has changed +--- +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.13.0 +- Hashcode settings affecting deduplication have changed, to update existing findings run: + + `./manage.py dedupe` + +If you're using docker: + + docker-compose exec uwsgi ./manage.py dedupe + +This can take a while depeneding on your instance size. It might possible that new duplicates are detected among existing findings, so make a backup before running! + diff --git a/docs/content/en/getting_started/upgrading/1.14.md b/docs/content/en/getting_started/upgrading/1.14.md new file mode 100644 index 00000000000..4f7c72981e9 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.14.md @@ -0,0 +1,15 @@ +--- +title: "Upgrading to DefectDojo Version 1.14.x" +toc_hide: true +weight: -20210330 +description: hashcode calculation logic has changed +--- +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.14.0 + +Note that the below fields are now optional without default value. They will not be filled anymore with values such as "No references given" when found empty while saving the findings +- mitigation +- references +- impact +- url + + diff --git a/docs/content/en/getting_started/upgrading/1.15.md b/docs/content/en/getting_started/upgrading/1.15.md new file mode 100644 index 00000000000..4341ba51274 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.15.md @@ -0,0 +1,20 @@ +--- +title: "Upgrading to DefectDojo Version 1.15.x" +toc_hide: true +weight: -20210500 +description: hashcode calculation logic has changed +--- +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.15.0 +- If you have made changes to JIRA templates or the template config in the JIRA Project config for instances/products/engagements: +The jira template settings introduced in 1.13 have been changed. You now have to select a subfolder instead of a sinlge template file. If you have chosen a non-default template here, you have to reapply that to all products / engagements. Also you have to move your custom templates into the correct subfolder in `dojo/templates/issue-trackers/`. +- Hashcode calculation logic has changed in #4134, #4308 and #4310 to update existing findings run: + + `./manage.py dedupe --hash_code_only` + +If you're using docker: + +`docker-compose exec uwsgi ./manage.py dedupe --hash_code_only` + +This can take a while depending on your instance size. + + diff --git a/docs/content/en/getting_started/upgrading/1.2.2.md b/docs/content/en/getting_started/upgrading/1.2.2.md new file mode 100644 index 00000000000..e5366982819 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.2.2.md @@ -0,0 +1,11 @@ +--- +title: "Upgrading to DefectDojo Version 1.2.2" +toc_hide: true +weight: -20200202 +description: multiple instructions +--- +Upgrading to 1.2.2 requires: + +1. Copying settings.py to the settings/ folder. +2. If you have supervisor scripts change + DJANGO\_SETTINGS\_MODULE=dojo.settings.settings diff --git a/docs/content/en/getting_started/upgrading/1.2.3.md b/docs/content/en/getting_started/upgrading/1.2.3.md new file mode 100644 index 00000000000..ea2685271d2 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.2.3.md @@ -0,0 +1,12 @@ +--- +title: "Upgrading to DefectDojo Version 1.2.3" +toc_hide: true +weight: -20200203 +description: multiple instructions +--- +Upgrading to 1.2.3 requires: + +1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata + dojo/fixtures/language\_type.json +2. Currently languages and technologies can be updated via the API or + in the admin section of Django. diff --git a/docs/content/en/getting_started/upgrading/1.2.4.md b/docs/content/en/getting_started/upgrading/1.2.4.md new file mode 100644 index 00000000000..54ed3c196cb --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.2.4.md @@ -0,0 +1,10 @@ +--- +title: "Upgrading to DefectDojo Version 1.2.4" +toc_hide: true +weight: -20200204 +description: multiple instructions +--- +Upgrading to 1.2.4 requires: + +1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata + dojo/fixtures/objects\_review.json diff --git a/docs/content/en/getting_started/upgrading/1.2.8.md b/docs/content/en/getting_started/upgrading/1.2.8.md new file mode 100644 index 00000000000..d8fd7029f65 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.2.8.md @@ -0,0 +1,15 @@ +--- +title: "Upgrading to DefectDojo Version 1.2.8" +toc_hide: true +weight: -20200208 +description: multiple instructions +--- +New feature: Product Grading (Overall Product Health) Upgrading to 1.2.8 +requires: + +1. ./manage.py makemigrations ./manage.py migrate ./manage.py + system\_settings +2. ./manage.py collectstatic \--noinput +3. pip install asteval +4. pip install \--upgrade celery +5. Complete diff --git a/docs/content/en/getting_started/upgrading/1.2.9.md b/docs/content/en/getting_started/upgrading/1.2.9.md new file mode 100644 index 00000000000..ad798aa280b --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.2.9.md @@ -0,0 +1,16 @@ +--- +title: "Upgrading to DefectDojo Version 1.2.9" +toc_hide: true +weight: -20200209 +description: multiple instructions +--- +**What\'s New:** New feature: Benchmarks (OWASP ASVS) + +**Upgrading to 1.2.9 requires:** + +1. ./manage.py makemigrations ./manage.py migrate ./manage.py loaddata + dojo/fixtures/benchmark\_type.json ./manage.py loaddata + dojo/fixtures/benchmark\_category.json ./manage.py loaddata + dojo/fixtures/benchmark\_requirement.json +2. ./manage.py collectstatic \--noinput +3. Complete diff --git a/docs/content/en/getting_started/upgrading/1.3.1.md b/docs/content/en/getting_started/upgrading/1.3.1.md new file mode 100644 index 00000000000..239463d664b --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.3.1.md @@ -0,0 +1,22 @@ +--- +title: "Upgrading to DefectDojo Version 1.3.1" +toc_hide: true +weight: -20200301 +description: multiple instructions +--- +**What\'s New:** + +- New importers for Contrast, Nikto and TruffleHog (finding secrets in + git repos). +- Improved merging of findings for dynamic and static importers +- Markdown support for findings +- HTML report improvements including support of Markdown. +- System settings Celery status page to assist in debugging if Celery + is functional. + +**Upgrading to 1.3.1 requires:** + +1. pip install markdown pip install pandas +2. ./manage.py makemigrations ./manage.py migrate +3. ./manage.py collectstatic \--noinput +4. Complete diff --git a/docs/content/en/getting_started/upgrading/1.7.0.md b/docs/content/en/getting_started/upgrading/1.7.0.md new file mode 100644 index 00000000000..4c70df94cef --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.7.0.md @@ -0,0 +1,130 @@ +--- +title: "Upgrading to DefectDojo Version 1.7.0" +toc_hide: true +weight: -20200700 +description: multiple instructions +--- +**What\'s New:** + +- Updated search, you can now search for CVE-XXXX-YYYY +- Updated search index, fields added to index: \'id\', \'title\', + \'cve\', \'url\', \'severity\', \'description\', \'mitigation\', + \'impact\', \'steps\_to\_reproduce\', \'severity\_justification\', + \'references\', \'sourcefilepath\', \'sourcefile\', \'hash\_code\', + \'file\_path\', \'component\_name\', \'component\_version\', + \'unique\_id\_from\_tool\' + +This requires a (one-time) rebuild of the Django-Watson search index. +Execute the django command from the defect dojo installation directory: + +`./manage.py buildwatson dojo.Finding` + +If you\'re using docker: + +`docker-compose exec uwsgi ./manage.py buildwatson dojo.Finding` + +Upgrading to DefectDojo Version 1.5.0 +------------------------------------- + +**What\'s New:** + +- Updated UI with a new DefectDojo logo, default colors and CSS. +- Updated Product views with tabs for Product Overview, Metrics, + Engagements, Endpoints, Benchmarks (ASVS), and Settings to make it + easier to navigate and manage your products. +- New Product Information fields: Regulations, Criticality, Platform, + Lifecycle, Origin, User Records, Revenue, External Audience, + Internet Accessible +- Languages pie chart on product overview, only supported through the + API and Django admin, integrates with cloc analyzer +- New Engagement type of CI/CD to support continual testing +- Engagement shortcuts and ability to import findings and auto-create + an engagement +- Engagement labels for overdue, no tests and findings +- New Contextual menus throughout DefectDojo and shortcuts to new + findings and critical findings +- Ability to merge a finding into a parent finding and either + inactivate or delete the merged findings. +- Report improvements and styling adjustment with the default option + of HTML reports +- SLA for remediation of severities based on finding criticality, for + example critical findings remediated within 7 days. Configurable in + System Settings. +- Engagement Auto-Close Days in System Settings. Automatically close + an engagement if open past the end date. +- Ability to apply remediation advice based on CWE. For example XSS + can be configured as a template so that it\'s consistent across all + findings. Enabled in system settings. +- Finding confidence field supported from scanners. First + implementation in the Burp importer. +- Goast importer for static analysis of Golang products +- Celery status check on System Settings +- Beta rules framework release for modifying findings on the fly +- DefectDojo 2.0 API with Swagger support +- Created and Modified fields on all major tables +- Various bug fixes reported on Github + +**Upgrading to 1.5.0 requirements:** + +1. Back up your database first, ideally take the backup from production + and test the upgrade on a staging server. +2. Edit the settings.py file which can be found in + `django-DefectDojo/dojo/settings/settings.py`. Copy in the rest + framework configuration after the CSRF\_COOKIE\_SECURE = True: + + REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.TokenAuthentication', + 'rest_framework.authentication.BasicAuthentication', + ), + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.DjangoModelPermissions', + ), + 'DEFAULT_RENDERER_CLASSES': ( + 'rest_framework.renderers.JSONRenderer', + ), + 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination', + 'PAGE_SIZE': 25 + } + +Navigate to: LOGIN\_EXEMPT\_URLS and add the following after +r\'\^%sfinding/image/(?P\\[\^/\]+)\$\' % URL\_PREFIX: + + r'^%sfinding/image/(?P[^/]+)$' % URL_PREFIX, + r'^%sapi/v2/' % URL_PREFIX, + +Navigate to: INSTALLED\_APPS and add the following after: +\'multiselectfield\',: + + 'multiselectfield', + 'rest_framework', + 'rest_framework.authtoken', + 'rest_framework_swagger', + 'dbbackup', + +Navigate to: CELERY\_TASK\_IGNORE\_RESULT = True and add the following +after CELERY\_TASK\_IGNORE\_RESULT line: + + CELERY_RESULT_BACKEND = 'db+sqlite:///dojo.celeryresults.sqlite' + +Save your modified settings file. For reference the modified file should +look like the new 1.5.0 +\[settings\]() +file, minus the environmental configurations. As an alternative this +file can be used and the enviromental configurations from you +environment can be copied into this file. + +3. Activate your virtual environment and then upgrade the requirements: + +`pip install -r requirements.txt --upgrade` + +4. Upgrade the database: + + ./manage.py makemigrations + ./manage.py migrate + +5. Collect the static files (Javascript, Images, CSS): + + ./manage.py collectstatic --noinput + +6. Complete diff --git a/docs/content/en/getting_started/upgrading/1.8.0.md b/docs/content/en/getting_started/upgrading/1.8.0.md new file mode 100644 index 00000000000..150d72d7bec --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.8.0.md @@ -0,0 +1,42 @@ +--- +title: "Upgrading to DefectDojo Version 1.8.0" +toc_hide: true +weight: -20200800 +description: fix buildwatson create_endpoint_status +--- +**What\'s New:** + +- See release notes: + +- Improved search, which requires an index rebuild + () + +This requires a (one-time) rebuild of the Django-Watson search index. +Execute the django command from the defect dojo installation directory: + +`./manage.py buildwatson` + +If you\'re using docker: + +`docker-compose exec uwsgi ./manage.py buildwatson` + +This can take a while depending on your hardware and the number of +findings in your instance. + +- **NOTE:** + +As a result of a breaking bug revolving around Endpoint\_status objects, +a corrective script will need to be ran after every dynamic scan +imported through either API version. + +The script can be found +[here](https://github.com/DefectDojo/django-DefectDojo/blob/dev/dojo/management/commands/create_endpoint_status.py) + +`./manage.py create\_endpoint\_status` + +If you\'re using docker: + +`docker-compose exec uwsgi ./manage.py create\_endpoint\_status` + +This can take a while depending on your hardware and the number of +findings in your instance. diff --git a/docs/content/en/getting_started/upgrading/1.9.3.md b/docs/content/en/getting_started/upgrading/1.9.3.md new file mode 100644 index 00000000000..abbef40ab0f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/1.9.3.md @@ -0,0 +1,44 @@ +--- +title: "Upgrading to DefectDojo Version 1.9.3" +toc_hide: true +weight: -20201115 +description: security release +--- +**This is a security release** + +- See the [security + advisory](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-8q8j-7wc4-vjg5) +- See [release + notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.9.3) + +**What\'s New:** + +- See release notes: + + +**NOTE:** + +When upgrading from before 1.9.2, a corrective script may need to be ran + +`./manage.py create\_endpoint\_status` + +If you\'re using docker: + +`docker-compose exec uwsgi ./manage.py create\_endpoint\_status` + +This can take a while depending on your hardware and the number of +findings in your instance. + +- Search index tweaking index rebuild after upgrade: + +This requires a (one-time) rebuild of the Django-Watson search index. +Execute the django command from the defect dojo installation directory: + +`./manage.py buildwatson]` + +If you\'re using docker: + +`docker-compose exec uwsgi ./manage.py buildwatson` + +This can take a while depending on your hardware and the number of +findings in your instance. diff --git a/docs/content/en/getting_started/upgrading/2.0.md b/docs/content/en/getting_started/upgrading/2.0.md new file mode 100644 index 00000000000..2f45f98e63f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.0.md @@ -0,0 +1,66 @@ +--- +title: "Upgrading to DefectDojo Version 2.0.x" +toc_hide: true +weight: -20210629 +description: breaking changes +--- +Follow the usual steps to upgrade as described above. + +BEFORE UPGRADING +- If you are using SAML2 checkout the new [documentaion](https://documentation.defectdojo.com/integrations/social-authentication/#saml-20) and update you settings following the migration section. We replaced [django-saml2-auth](https://github.com/fangli/django-saml2-auth) with [djangosaml2](https://github.com/IdentityPython/djangosaml2). + +AFTER UPGRADING +- Usual migration process (`python manage.py migrate`) try to migrate all endpoints to new format and merge duplicates. +- All broken endpoints (which weren't possible to migrate) have red flag 🚩 in standard list of endpoints. +- Check if all your endpoints was migrated successfully, go to: https:///endpoint/migrate. +- Alternatively, this can be run as management command: `docker-compose exec uwsgi ./manage.py endpoint_migration --dry-run` +- When all endpoint will be fixed (there is not broken endpoint), press "Run migration" in https:///endpoint/migrate +- Or, you can run management command: `docker-compose exec uwsgi ./manage.py endpoint_migration` +- Details about endpoint migration / improvements in https://github.com/DefectDojo/django-DefectDojo/pull/4473 + +We decided to name this version 2.0.0 because we did some big cleanups in this release: + +- Remove API v1 ([#4413](https://github.com/DefectDojo/django-DefectDojo/pull/4413)) +- Remove setup.bash installation method ([#4417](https://github.com/DefectDojo/django-DefectDojo/pull/4417)) +- Rename Finding.is_Mitigated field to Finding.is_mitigated ([#3854](https://github.com/DefectDojo/django-DefectDojo/pull/4854)) +- Remove everything related to the old tagging library ([#4419](https://github.com/DefectDojo/django-DefectDojo/pull/4419)) +- Remove S0/S1/S2../S5 severity display option ([#4415](https://github.com/DefectDojo/django-DefectDojo/pull/4415)) +- Refactor EndPoint handling/formatting ([#4473](https://github.com/DefectDojo/django-DefectDojo/pull/4473)) +- Upgrade to Django 3.x ([#3632](https://github.com/DefectDojo/django-DefectDojo/pull/3632)) +- PDF Reports removed ([#4418](https://github.com/DefectDojo/django-DefectDojo/pull/4418)) +- Hashcode calculation logic has changed. To update existing findings run: + + `./manage.py dedupe --hash_code_only`. + +If you're using docker: + +`docker-compose exec uwsgi ./manage.py dedupe --hash_code_only`. + +This can take a while depending on your instance size. + +- See release notes: https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.0.0 + +### Endpoints + +- The usual migration process (`python manage.py migrate`) tries to migrate all endpoints to new format and merge duplicates. +- All broken endpoints (which weren't possible to migrate) have a red flag 🚩 in the standard list of endpoints. +- Check if all your endpoints were migrated successfully, go to: https:///endpoint/migrate. +- Alternatively, this can be run as management command: `docker-compose exec uwsgi ./manage.py endpoint_migration --dry-run` +- When all endpoint are fixed (there is not broken endpoint), press "Run migration" in https:///endpoint/migrate +- Or, you can run management command: `docker-compose exec uwsgi ./manage.py endpoint_migration` +- Details about endpoint migration / improvements in https://github.com/DefectDojo/django-DefectDojo/pull/4473 + +### Authorization + +The new authorization system for Products and Product Types based on roles is the default now. The fields for authorized users are not available anymore, but you can assign roles as described in [Permissions](../../usage/permissions). Users are migrated automatically, so that their permissions are as close as possible to the previous authorization: +- Superusers will still have all permissions on Products and Product Types, so they must not be changed. +- Staff users have had all permissions for all product types and products, so they will be get a global role as *Owner*. +- Product_Members and Product Type_Members will be added for authorized users according to the settings for the previous authorization: + - The *Reader* role is set as the default. + - If `AUTHORIZED_USERS_ALLOW_STAFF` is `True`, the user will get the *Owner* role for the respective Product or Product Type. + - If `AUTHORIZED_USERS_ALLOW_CHANGE` or `AUTHORIZED_USERS_ALLOW_DELETE` is `True`, the user will get the *Writer* role for the respective Product or Product Type. + +The new authorization is active for both UI and API. Permissions set via authorized users or via the Django Admin interface are no longer taken into account. + +Please review the roles for your users after the upgrade to avoid an unintended permissions creep. + diff --git a/docs/content/en/getting_started/upgrading/2.10.md b/docs/content/en/getting_started/upgrading/2.10.md new file mode 100644 index 00000000000..cb5a19774e1 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.10.md @@ -0,0 +1,10 @@ +--- +title: "Upgrading to DefectDojo Version 2.10.x" +toc_hide: true +weight: -20220503 +description: breaking change +--- +**Breaking change for Findings:** The field `cve` will be replaced by a list of Vulnerability Ids, which can store references to security advisories associated with this finding. These can be Common Vulnerabilities and Exposures (CVE) or from other sources, eg. GitHub Security Advisories. Although the field does still exist in the code, the API and the UI have already been changed to use the list of Vulnerability Ids. Other areas like hash code calculation, search and parsers will be migrated step by step in later stages. + +This change also causes an API change for the endpoint `/engagements/{id}/accept_risks/`. + diff --git a/docs/content/en/getting_started/upgrading/2.12.md b/docs/content/en/getting_started/upgrading/2.12.md new file mode 100644 index 00000000000..10bdec5369f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.12.md @@ -0,0 +1,8 @@ +--- +title: "Upgrading to DefectDojo Version 2.12.x" +toc_hide: true +weight: -20220705 +description: breaking change +--- +**Breaking change for search:** The field `cve` has been removed from the search index for Findings and the Vulnerability Ids have been added to the search index. With this the syntax to search explicitly for vulnerability ids have been changed from `cve:` to `vulnerability_id:`, e.g. `vulnerability_id:CVE-2020-27619`. + diff --git a/docs/content/en/getting_started/upgrading/2.13.md b/docs/content/en/getting_started/upgrading/2.13.md new file mode 100644 index 00000000000..24432b2475a --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.13.md @@ -0,0 +1,37 @@ +--- +title: "Upgrading to DefectDojo Version 2.13.x" +toc_hide: true +weight: -20220802 +description: instructions for helm chart and others +--- +The last release implemented the search for vulnerability ids, but the search database was not initialized. To populate the database table of the vulnerability ids, execute this django command from the defect dojo installation directory or from a shell of the Docker container or Kubernetes pod: + +`./manage.py migrate_cve` + +Additionally this requires a one-time rebuild of the Django-Watson search index. Execute this django command from the defect dojo installation directory or from a shell of the Docker container or Kubernetes pod: + +`./manage.py buildwatson` + +**Upgrade instructions for helm chart with postgres enabled**: The postgres database uses a statefulset by default. Before upgrading the helm chart we have to delete the statefullset and ensure that the pvc is reused, to keep the data. For more information: https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/ . + +```bash +helm repo update +helm dependency update ./helm/defectdojo + +# obtain name oft the postgres pvc +export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=defectdojo,role=primary -o jsonpath="{.items[0].metadata.name}") + +# delete postgres statefulset +kubectl delete statefulsets.apps defectdojo-postgresql --namespace default --cascade=orphan + +# upgrade +helm upgrade \ + defectdojo \ + ./helm/defectdojo/ \ + --set primary.persistence.existingClaim=$POSTGRESQL_PVC \ + ... # add your custom settings +``` + +**Further changes:** + +Legacy authorization for changing configurations based on staff users has been removed. diff --git a/docs/content/en/getting_started/upgrading/2.15.md b/docs/content/en/getting_started/upgrading/2.15.md new file mode 100644 index 00000000000..7423ae3c8d9 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.15.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.15.x" +toc_hide: true +weight: -20221004 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.15.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.15.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.16.md b/docs/content/en/getting_started/upgrading/2.16.md new file mode 100644 index 00000000000..3432c7b7757 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.16.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.16.x" +toc_hide: true +weight: -20221102 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.16.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.16.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.17.md b/docs/content/en/getting_started/upgrading/2.17.md new file mode 100644 index 00000000000..ef872a49a68 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.17.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.17.x" +toc_hide: true +weight: -20221206 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.17.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.17.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.18.md b/docs/content/en/getting_started/upgrading/2.18.md new file mode 100644 index 00000000000..e6085819897 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.18.md @@ -0,0 +1,23 @@ +--- +title: "Upgrading to DefectDojo Version 2.18.x" +toc_hide: true +weight: -20230103 +description: instructions for helm chart +--- +**Upgrade instructions for helm chart with rabbitMQ enabled**: The rabbitMQ uses a statefulset by default. Before upgrading the helm chart we have to ensure that all queues are empty: + +```bash +kubectl exec -i -- rabbitmqctl list_queues +``` + +Next step is to delete rabbitMQ pvc: + +```bash +kubectl delete pvc -l app.kubernetes.io/name=rabbitmq +``` + +Last step is to perform the upgrade. + +For more information: https://artifacthub.io/packages/helm/bitnami/rabbitmq/11.2.0 + + diff --git a/docs/content/en/getting_started/upgrading/2.19.md b/docs/content/en/getting_started/upgrading/2.19.md new file mode 100644 index 00000000000..0b1f2da320e --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.19.md @@ -0,0 +1,13 @@ +--- +title: "Upgrading to DefectDojo Version 2.19.x" +toc_hide: true +weight: -20230206 +description: breaking change +--- +There are new docker images based on alpine with fewer third party dependencies. Related to the new images the current docker files had to be renamed and have a "-debian" or the new images a "-alpine" at the end. Furthermore there are new docker tags [DefectdojoVersion]-[OS]. For example 2.19.0-alpine or 2.19.0-debian. The currend tags (latest and [DefectdojoVersion]) are still based on the "old" images. Be aware that the new alpine images are not heavily tested and may contain bugs. + +**Breaking Change** + +In version 2.19.3, the GitHub OAuth integration has been removed to prevent configurations that may allow more access than intended. + +[DefectDojo Security Advisory: Severity Medium | Potential GitHub Authentication Misconfiguration](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-hfp4-q5pg-2p7r) diff --git a/docs/content/en/getting_started/upgrading/2.2.md b/docs/content/en/getting_started/upgrading/2.2.md new file mode 100644 index 00000000000..e81dd3f02f7 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.2.md @@ -0,0 +1,11 @@ +--- +title: "Upgrading to DefectDojo Version 2.2.x" +toc_hide: true +weight: -20210831 +description: No special instructions. +--- +Upgrade to 2.0.0 contained migration of endpoints. Some parts of migration haven't been done properly. This deficiency +may manifest as a doubled slash in endpoint URLs (like `http://foo.bar:8080//test`) or as a problem with deduplication +of the same endpoints. The mentioned bug was fixed in 2.2.0 and if you have seen these kinds of problems, just rerun +"Endpoint migration" as it is written in [Upgrading to DefectDojo Version 2.0.x.](#upgrading-to-defectdojo-version-20x). + diff --git a/docs/content/en/getting_started/upgrading/2.20.md b/docs/content/en/getting_started/upgrading/2.20.md new file mode 100644 index 00000000000..a2033f00b87 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.20.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.20.x" +toc_hide: true +weight: -20230306 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.20.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.20.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.21.md b/docs/content/en/getting_started/upgrading/2.21.md new file mode 100644 index 00000000000..2e5726c8f99 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.21.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.21.x" +toc_hide: true +weight: -20230403 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.21.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.21.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.22.md b/docs/content/en/getting_started/upgrading/2.22.md new file mode 100644 index 00000000000..1da6368422b --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.22.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.22.x" +toc_hide: true +weight: -20230501 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.22.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.22.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.23.md b/docs/content/en/getting_started/upgrading/2.23.md new file mode 100644 index 00000000000..5ebcc4edc61 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.23.md @@ -0,0 +1,21 @@ +--- +title: "Upgrading to DefectDojo Version 2.23.x" +toc_hide: true +weight: -20230605 +description: breaking change +--- +There is a migration from the legacy Nessus and Nessus WAS parsers to a single Tenable parser. The updated Tenable parser simply merges existing support for Nessus and Nessus WAS without introducing new functionality that could create instability + +There is a migration process built into the upgrade that will automatically convert exiting Nessus and Nessus WAS findings and tests into Tenable findings and tests + +**Breaking Change** + + - If there is any use of the Nessus or Nessus WAS in automated fashion via the import and reimport API endpoints, the `scan-type` parameter needs to be updated to `Tenable Scan` + - The default containerized database will now be [PostgreSQL](https://www.postgresql.org/) rather than [MySQL](https://dev.mysql.com/) due to the use of case insensitivity on fields by default + - It is recommended to update the [database character set and collation](https://dev.mysql.com/doc/refman/5.7/en/charset-database.html) to use UTF encoding + - If your deployment uses the MySQL containerized database, please see the following updates to run DefectDojo: + - Use of the helper script "dc-up": `./dc-up.sh mysql-rabbitmq` or `./dc-up.sh mysql-redis` + - Use of the helper script "dc-up-d": `./dc-up-d.sh mysql-rabbitmq` or `./dc-up-d.sh mysql-redis` + - Use of Docker Compose directly: `docker-compose --profile mysql-rabbitmq --env-file ./docker/environments/mysql-rabbitmq.env up` or `docker-compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env up` + +For all other changes, check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.23.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.24.md b/docs/content/en/getting_started/upgrading/2.24.md new file mode 100644 index 00000000000..b5948678ac9 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.24.md @@ -0,0 +1,8 @@ +--- +title: "Upgrading to DefectDojo Version 2.24.x" +toc_hide: true +weight: -20230703 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.24.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.24.0) for the contents of the release. + diff --git a/docs/content/en/getting_started/upgrading/2.25.md b/docs/content/en/getting_started/upgrading/2.25.md new file mode 100644 index 00000000000..43502f0f96f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.25.md @@ -0,0 +1,31 @@ +--- +title: "Upgrading to DefectDojo Version 2.25.x" +toc_hide: true +weight: -20230807 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.25.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.25.0) for the contents of the release. + +A few query parameters related to filtering object via API related to a products tags have been renamed to be more consistent with the other "related object tags": + +**Breaking Change** + + - Engagement + - `product__tags__name` -> `product__tags` + - `not_product__tags__name` -> `not_product__tags` + - Test + - `engagement__product__tags__name` -> `engagement__product__tags` + - `not_engagement__product__tags__name` -> `not_engagement__product__tags` + - Finding + - `test__engagement__product__tags__name` -> `test__engagement__product__tags` + - `not_test__engagement__product__tags__name` -> `not_test__engagement__product__tags` + +**Deprecation** + +The OpenAPI 2.0 Swagger API documentation is being deprecated in favor of the existing +OpenAPI 3.0 API documentation page. The OpenAPI 2.0 Swagger API documentation page is +slated for removal in version 2.30.0 + +*Note*: The API has not changed in any way and behaves the same between OAPI2 and OAPI3 + +For all other changes, check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.25.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.26.md b/docs/content/en/getting_started/upgrading/2.26.md new file mode 100644 index 00000000000..a89c77cbc22 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.26.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.26.x" +toc_hide: true +weight: -20230905 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.26.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.26.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.27.md b/docs/content/en/getting_started/upgrading/2.27.md new file mode 100644 index 00000000000..581e02296f9 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.27.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.27.x" +toc_hide: true +weight: -20231002 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.27.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.27.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.28.md b/docs/content/en/getting_started/upgrading/2.28.md new file mode 100644 index 00000000000..b456837cbb0 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.28.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.28.x" +toc_hide: true +weight: -20231106 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.28.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.28.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.29.md b/docs/content/en/getting_started/upgrading/2.29.md new file mode 100644 index 00000000000..dfce7a5bbf6 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.29.md @@ -0,0 +1,7 @@ +--- +title: "Upgrading to DefectDojo Version 2.29.x" +toc_hide: true +weight: -20231110 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.29.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.29.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.3.md b/docs/content/en/getting_started/upgrading/2.3.md new file mode 100644 index 00000000000..73e8e0b25bf --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.3.md @@ -0,0 +1,12 @@ +--- +title: "Upgrading to DefectDojo Version 2.3.x" +toc_hide: true +weight: -20211005 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.3.0. +In 2.3.0 we [changed the default password hashing algorithm to Argon2 (from PBKDF2)](https://github.com/DefectDojo/django-DefectDojo/pull/5205). +When logging in, exising hashes get replaced by an Argon2 hash. If you want to rehash password without users having to login, +please see the [Django password management docs](https://docs.djangoproject.com/en/3.2/topics/auth/passwords/). +The previous password hashing algorithm (PBKDF2) was not unsafe, but we wanted to follow the [OWASP guidelines](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html). + diff --git a/docs/content/en/getting_started/upgrading/2.30.md b/docs/content/en/getting_started/upgrading/2.30.md new file mode 100644 index 00000000000..6029febd302 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.30.md @@ -0,0 +1,17 @@ +--- +title: 'Upgrading to DefectDojo Version 2.30.x' +toc_hide: true +weight: -20231211 +description: Breaking Change for Auditlog. +--- +There are instructions for upgrading to 2.30.0 if you disabled `enable_auditlog` before (read below). Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.30.0) for the contents of the release. + +**Breaking Change** + +Parameter `enable_auditlog` is not possible to set through System settings anymore. If you set this parameter or you need to change it to `False` (to disable audit logging), set environmental variable `DD_ENABLE_AUDITLOG` to `False`. + +If you are using docker-compose, another EnvVar should be added to the `docker-compose.yml` file in all the containers ran by the django image. This should do the trick +```yaml +DD_ENABLE_AUDITLOG: ${DD_ENABLE_AUDITLOG:-False} +``` +Somewhere in the `environment` blocks for the `uwsgi`, `celerybeat`, `celeryworker`, and `init` containers. \ No newline at end of file diff --git a/docs/content/en/getting_started/upgrading/2.31.md b/docs/content/en/getting_started/upgrading/2.31.md new file mode 100644 index 00000000000..8bc174a227e --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.31.md @@ -0,0 +1,18 @@ +--- +title: 'Upgrading to DefectDojo Version 2.31.x' +toc_hide: true +weight: -20240102 +description: breaking change +--- + +To continue maintaining the most up to date list of parsers, the following actions have been taken: + +- OpenVAS XML and OpenVAS CSV were merged to OpenVAS Parser. There is a migration process built into the upgrade that will automatically convert exiting OpenVAS XML and OpenVAS CSV findings into OpenVAS Parser findings. +- Clair Scan and Clair Klar Scan were merged to Clair Scan. There is a migration process built into the upgrade that will automatically convert exiting Clair Klar Scan findings to Clair Scan findings. +- Whitesource has been renamed to Mend. There is a migration process built into the upgrade that will automatically convert exiting Whitesource findings and tests into Mend findings and tests + +**Breaking Change** + + - If there is any use of the above mentioned parsers in automated fashion via the import and reimport API endpoints, the `scan-type` parameter needs to be updated accordingly. + +For all other changes, check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.31.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.32.md b/docs/content/en/getting_started/upgrading/2.32.md new file mode 100644 index 00000000000..0d04c771e36 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.32.md @@ -0,0 +1,7 @@ +--- +title: 'Upgrading to DefectDojo Version 2.32.x' +toc_hide: true +weight: -20240205 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.32.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.32.0) for the contents of the release. diff --git a/docs/content/en/getting_started/upgrading/2.4.md b/docs/content/en/getting_started/upgrading/2.4.md new file mode 100644 index 00000000000..36bfd7b1096 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.4.md @@ -0,0 +1,14 @@ +--- +title: "Upgrading to DefectDojo Version 2.4.x (Security Release)" +toc_hide: true +weight: -20211102 +description: security Release +--- +This releases fixes a High severity vulnerability for which the details will be disclosed on November 16th in [GHSA-fwg9-752c-qh8w](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-fwg9-752c-qh8w) + +There is a breaking change in the API for importing and re-importings scans with SonarQube API and Cobalt.io API. The [scan configurations +have been unified](https://github.com/DefectDojo/django-DefectDojo/pull/5289) and are set now with the attribute `api_scan_configuration`. +The existing configurations for SonarQube API and Cobalt.io API have been migrated. + +At the request of pyup.io, we had to remove the parser for Safety scans. + diff --git a/docs/content/en/getting_started/upgrading/2.5.md b/docs/content/en/getting_started/upgrading/2.5.md new file mode 100644 index 00000000000..7d45b8995c8 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.5.md @@ -0,0 +1,25 @@ +--- +title: "Upgrading to DefectDojo Version 2.5.x" +toc_hide: true +weight: -20211208 +description: legacy authorization removed +--- +Legacy authorization has been completely removed with version 2.5.0. This includes removal of the migration of users +to the new authorization as described in https://documentation.defectdojo.com/getting_started/upgrading/#authorization. +If you are still using the legacy authorization, you should run the migration with ``./manage.py migrate_authorization_v2`` +before upgrading to version 2.5.0 + +This release introduces the "Forgot password" functionality (`DD_FORGOT_PASSWORD`: default `True`). The function +allows sending an e-mail with the reset password link. Missing configuration or misconfiguration of SMTP +(`DD_EMAIL_URL`) could raise an error (HTTP-500). Check and test (for example by resetting your own password) if you +configured SMTP correctly. If you want to avoid HTTP-500 and you don't want to set up SMTP, you can just simply switch +off the "Forgot password" functionality (`DD_FORGOT_PASSWORD=False`). + +Release renamed system setting `mail_notifications_from` to `email_from`. This value will not be used only for sending +notifications but also for sending the reset password emails. It is highly recommended to check the content of this +value if you are satisfied. If you installed DefectDojo earlier, you can expect `"from@example.com"` there. A fresh +installation will use `"no-reply@example.com"` + +This release [updates](https://github.com/DefectDojo/django-DefectDojo/pull/5450) our helm dependencies. There is a breaking change if you are using the mysql database from the helm chart because we replaced the deprecated chart from the stable repo with a chart from bitnami. If you have persistance enabled, ensure to backup your data before upgrading. All data get lost when replacing the mysql chart during the upgrade. For data migration take a look at the mysql backup and restore process. + +Furthermore we updated our kubernetes version. Current tests run on 1.18.16 and 1.22.0. diff --git a/docs/content/en/getting_started/upgrading/2.6.md b/docs/content/en/getting_started/upgrading/2.6.md new file mode 100644 index 00000000000..22f4a38bb85 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.6.md @@ -0,0 +1,9 @@ +--- +title: "Upgrading to DefectDojo Version 2.6.x" +toc_hide: true +weight: -20220104 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.6.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.6.0) for the contents of the release. + +Please consult the security advisories [GHSA-f82x-m585-gj24](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-f82x-m585-gj24) (moderate) and [GHSA-v7fv-g69g-x7p2](https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-v7fv-g69g-x7p2) (high) to see what security issues were fixed in this release. These will be published and become visible at January 18th, 2022. diff --git a/docs/content/en/getting_started/upgrading/2.7.md b/docs/content/en/getting_started/upgrading/2.7.md new file mode 100644 index 00000000000..672c3a77a0f --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.7.md @@ -0,0 +1,19 @@ +--- +title: "Upgrading to DefectDojo Version 2.7.x" +toc_hide: true +weight: -20220201 +description: breaking change +--- +This release is a breaking change regarding the Choctaw Hog parser. As the maintainers of this project unified multiple parsers under the RustyHog parser, we now support the parsing of Choctaw Hog JSON output files through the Rusty Hog parser. Furthermore, we also support Gottingen Hog and Essex Hog JSON output files with the RustyHog parser. + +There is another breaking change regarding the import of SSLyze scans. The parser has been renamed from `SSLyze 3 Scan (JSON)` to `SSLyze Scan (JSON)`. The data in the database is fixed by the initializer, but it may break scripted API calls. + +Release 2.7.0 contains a beta functionality to make permissions for the configuration of DefectDojo more flexible. When the settings parameter `FEATURE_CONFIGURATION_AUTHORIZATION` is set to `True`, many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **Superuser** or **Staff** status, see [Configuration Permissions]({{< ref "../../usage/permissions/#configuration-permissions" >}}). + +The functionality using the flag `AUTHORIZATION_STAFF_OVERRIDE` has been removed. The same result can be achieved with giving the staff users a global Owner role. + +To support the transition for these 2 changes, you can run a migration script with ``./manage.py migrate_staff_users``. This script: + +* creates a group for all staff users, +* sets all configuration permissions that staff users had and +* sets the global Owner role, if `AUTHORIZATION_STAFF_OVERRIDE` is set to `True`. diff --git a/docs/content/en/getting_started/upgrading/2.8.md b/docs/content/en/getting_started/upgrading/2.8.md new file mode 100644 index 00000000000..06670847069 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.8.md @@ -0,0 +1,15 @@ +--- +title: "Upgrading to DefectDojo Version 2.8.x" +toc_hide: true +weight: -20220301 +description: breaking changes +--- +**Breaking change for Docker Compose:** Starting DefectDojo with Docker Compose now supports 2 databases (MySQL and PostgreSQL) and 2 celery brokers (RabbitMQ and Redis). To make this possible, docker-compose needs to be started with the parameters `--profile` and `--env-file`. You can get more information in [Setup via Docker Compose - Profiles](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md#setup-via-docker-compose---profiles). The profile `mysql-rabbitmq` provides the same configuration as in previous releases. With this the prerequisites have changed as well: Docker requires at least version 19.03.0 and Docker Compose 1.28.0. + +**Breaking change for Helm Chart:** In one of the last releases we upgraded the redis dependency in our helm chart without renaming keys in our helm chart. We fixed this bug with this release, but you may want to check if all redis values are correct ([Pull Request](https://github.com/DefectDojo/django-DefectDojo/pull/5886)). + +The flexible permissions for the configuration of DefectDojo are now active by default. With this, the flag **Staff** for users is not relevant and not visible anymore. The old behaviour can still be activated by setting the parameter `FEATURE_CONFIGURATION_AUTHORIZATION` to `False`. If you haven't done so with the previous release, you can still run a migration script with `./manage.py migrate_staff_users`. This script: + +* creates a group for all staff users, +* sets all configuration permissions that staff users had and +* sets the global Owner role, if `AUTHORIZATION_STAFF_OVERRIDE` is set to `True`. diff --git a/docs/content/en/getting_started/upgrading/2.9.md b/docs/content/en/getting_started/upgrading/2.9.md new file mode 100644 index 00000000000..fb58a96a23b --- /dev/null +++ b/docs/content/en/getting_started/upgrading/2.9.md @@ -0,0 +1,8 @@ +--- +title: "Upgrading to DefectDojo Version 2.9.x" +toc_hide: true +weight: -20220406 +description: breaking change for APIv2 +--- +**Breaking change for APIv2:** `configuration_url` was removed from API endpoint `/api/v2/tool_configurations/` due to redundancy. + diff --git a/docs/content/en/getting_started/upgrading/_index.md b/docs/content/en/getting_started/upgrading/_index.md new file mode 100644 index 00000000000..5a9398a0d86 --- /dev/null +++ b/docs/content/en/getting_started/upgrading/_index.md @@ -0,0 +1,73 @@ +--- +title: "Upgrading" +description: "Release specific upgrading instructions" +draft: false +weight: 5 +--- + +## Docker-compose + +When you deploy a vanilla docker-compose, it will create a persistent +volume for your MySQL database. As long as your volume is there, you +should not lose any data. + +### Using docker images provided in DockerHub + +{{% alert title="Information" color="info" %}} +If you\'re using `latest`, then you need to pre pull the `latest` from +DockerHub to update. +{{% /alert %}} + + +The generic upgrade method for docker-compose are as follows: +- Pull the latest version + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:latest + docker pull defectdojo/defectdojo-nginx:latest + ``` + +- If you would like to use a version other than the latest, specify the version (tag) you want to upgrade to: + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:1.10.2 + docker pull defectdojo/defectdojo-nginx:1.10.2 + ``` + +- If you would like to use alpine based images, you specify the version (tag) you want to upgrade to: + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:1.10.2-alpine + docker pull defectdojo/defectdojo-nginx:1.10.2-alpine + ``` + +- Go to the directory where your docker-compose.yml file lives +- Stop DefectDojo: `./dc-stop.sh` +- Re-start DefectDojo, allowing for container recreation: + `./dc-up-d.sh` +- Database migrations will be run automatically by the initializer. + Check the output via `docker-compose logs initializer` or relevant k8s command +- If you have the initializer disabled (or if you want to be on the + safe side), run the migration command: + `docker-compose exec uwsgi /bin/bash -c "python manage.py migrate"` + +### Building your local images + +If you build your images locally and do not use the ones from DockerHub, +the instructions are the same, with the caveat that you must build your images +first. +- Pull the latest DefectDojo changes + + ``` {.sourceCode .bash} + git fetch + git pull + git merge origin/master + ``` + +Then replace the first step of the above generic upgrade method for docker-compose with: `docker-compose build` + +## godojo installations + +If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md). + +## Upgrade notes for each release diff --git a/docs/content/en/integrations/api-v2-docs.md b/docs/content/en/integrations/api-v2-docs.md index 72bd785de98..c64dfcc8919 100644 --- a/docs/content/en/integrations/api-v2-docs.md +++ b/docs/content/en/integrations/api-v2-docs.md @@ -12,7 +12,7 @@ DefectDojo\'s API is created using [Django Rest Framework](http://www.django-rest-framework.org/). The documentation of each endpoint is available within each DefectDojo installation at [`/api/v2/doc/`](https://demo.defectdojo.org/api/v2/) and can be accessed by choosing the API v2 -Docs link on the user drop down menu in the header. +Docs link on the user drop down menu in the header. ![image](../../images/api_v2_1.png) @@ -20,10 +20,10 @@ The documentation is generated using [Django Rest Framework Yet Another Swagger Generator](https://github.com/axnsan12/drf-yasg/), and is interactive. On the top of API v2 docs is a link that generates an OpenAPI v2 spec. -As a preparation to move to OpenAPIv3, we have added an compatible spec and documentation at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/?docExpansion=none) +As a preparation to move to OpenAPIv3, we have added an compatible spec and documentation at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/) To interact with the documentation, a valid Authorization header value -is needed. Visit the `/api/v2/key/` view to generate your +is needed. Visit the `/api/key-v2` view to generate your API Key (`Token `) and copy the header value provided. ![image](../../images/api_v2_2.png) @@ -35,8 +35,7 @@ URL, Response Body, Response Code and Response Headers. If you're logged in to the Defect Dojo web UI, you do not need to provide the authorization token. -Authentication --------------- +## Authentication The API uses header authentication with API key. The format of the header should be: : @@ -47,8 +46,12 @@ For example: : Authorization: Token c8572a5adf107a693aa6c72584da31f4d1f1dcff -Sample Code ------------ +### Alternative authentication method + +If you use [an alternative authentication method](../social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \ +Using of DefectDojo API tokens can be disabled by specifying the environment variable `DD_API_TOKENS_ENABLED` to `False`. + +## Sample Code Here are some simple python examples and their results produced against the `/users` endpoint: : @@ -61,10 +64,9 @@ headers = {'content-type': 'application/json', 'Authorization': 'Token c8572a5adf107a693aa6c72584da31f4d1f1dcff'} r = requests.get(url, headers=headers, verify=True) # set verify to False if ssl cert is self-signed -for key, value in r.__dict__.iteritems(): - print key - print value - print '------------------' +for key, value in r.__dict__.items(): + print(f"'{key}': '{value}'") + print('------------------') {{< /highlight >}} This code will return the list of all the users defined in DefectDojo. @@ -101,10 +103,9 @@ headers = {'content-type': 'application/json', 'Authorization': 'Token c8572a5adf107a693aa6c72584da31f4d1f1dcff'} r = requests.get(url, headers=headers, verify=True) # set verify to False if ssl cert is self-signed -for key, value in r.__dict__.iteritems(): - print key - print value - print '------------------' +for key, value in r.__dict__.items(): + print(f"'{key}': '{value}'") + print('------------------') {{< /highlight >}} The json object result is: : @@ -132,8 +133,7 @@ See [Django Rest Framework\'s documentation on interacting with an API](http://www.django-rest-framework.org/topics/api-clients/) for additional examples and tips. -Manually calling the API ------------------------- +## Manually calling the API Tools like Postman can be used for testing the API. @@ -172,8 +172,7 @@ Example for importing a scan result: - Click send -Clients / API Wrappers ----------------------- +## Clients / API Wrappers | Wrapper | Status | Notes | | -----------------------------| ------------------------| ------------------------| @@ -184,4 +183,4 @@ Clients / API Wrappers | [.Net/C# library](https://www.nuget.org/packages/DefectDojo.Api/) | working (2021-06-08) | | | [dd-import](https://github.com/MaibornWolff/dd-import) | working (2021-08-24) | dd-import is not directly an API wrapper. It offers some convenience functions to make it easier to import findings and language data from CI/CD pipelines. | -Some of the api wrappers contain quite a bit of logic to ease scanning and importing in CI/CD environments. We are in the process of simplifying this by making the DefectDojo API smarter (so api wrappers / script can be dumber). \ No newline at end of file +Some of the api wrappers contain quite a bit of logic to ease scanning and importing in CI/CD environments. We are in the process of simplifying this by making the DefectDojo API smarter (so api wrappers / script can be dumber). diff --git a/docs/content/en/integrations/burp-plugin.md b/docs/content/en/integrations/burp-plugin.md index bcec96953e6..400b37c0f2a 100644 --- a/docs/content/en/integrations/burp-plugin.md +++ b/docs/content/en/integrations/burp-plugin.md @@ -5,6 +5,9 @@ draft: false weight: 8 --- +**Please note: The DefectDojo Burp Plugin has been sunset and is no longer a supported feature.** + +Burp is still a supported tool, and all the results from it can be imported into DefectDojo. Burp can produce XML reports and these can be uploaded to DefectDojo using the graphical user interface or the API. Our documentation at https://documentation.defectdojo.com/integrations/parsers/file/burp/ describes this usage. This is Burp Plugin to export findings directly to DefectDojo. diff --git a/docs/content/en/integrations/importing.md b/docs/content/en/integrations/importing.md index 22110fe4925..20590ee1f71 100644 --- a/docs/content/en/integrations/importing.md +++ b/docs/content/en/integrations/importing.md @@ -1,6 +1,6 @@ --- title: "Importing" -description: "DefectDojo has the ability to import scan reports from a large number of security tools." +description: "How DefectDojo imports and reimports security tool reports." draft: false weight: 1 --- @@ -13,7 +13,7 @@ individual hosts vulnerable. ![Import Form](../../images/imp_1.png) -This approach will create a new Test for each upload. This can result a lot of findings. If deduplication is enabled, new findings that are identical to existing findings get marked as a duplicate. +This approach will create a new Test for each upload. This can result in a lot of findings. If deduplication is enabled, new Findings that are identical to existing Findings get marked as a duplicate. ## Reimport @@ -36,8 +36,15 @@ The history of a test will be shown with the delta's for each reimported scan re Clicking on a reimport changset will show the affected findings, as well as a status history per finding. ![Import History details](../../images/import_history_details1.png) +### Triage-less scanners +Some scanners might not include triage information in their reports (e.g. tfsec). They simply scan code or dependencies, flag issues, and return everything. Removing some findings requires you to add comments in your code perhaps, but there is no simple way to filter out findings from the reports. + +That is why DefectDojo also includes a "Do not reactivate" checkbox in uploading reports (also in the reimport API), so you can persist the triages that have been done in Defectdojo without reactivating Findings on every upload. + +For context, see [#6892](https://github.com/DefectDojo/django-DefectDojo/issues/6892) + # API -This section focuses on Import and Reimport via the API. Please see the [full documentation defails of all API Endpoints](../api-v2-docs/) for more details. +This section focuses on Import and Reimport via the API. Please see the [full documentation details of all API Endpoints](../api-v2-docs/) for more details. Reimport is actually the easiest way to get started as it will create any entities on the fly if needed and it will automatically detect if it is a first time upload or a re-upload. ## Import @@ -52,13 +59,13 @@ An import can be performed by specifying the names of these entities in the API { "minimum_severity": 'Info', "active": True, - "verified": Trued, + "verified": True, "scan_type": 'ZAP Scan', "test_title": 'Manual ZAP Scan by John', "product_type_name": 'Good Products', "product_name": 'My little product', "engagement_name": 'Important import', - "auto_create_contex": True, + "auto_create_context": True, } ``` @@ -70,7 +77,7 @@ A classic way of importing a scan is by specifying the ID of the engagement inst { "minimum_severity": 'Info', "active": True, - "verified": Trued, + "verified": True, "scan_type": 'ZAP Scan', "test_title": 'Manual ZAP Scan by John', "engagement": 123, @@ -81,28 +88,31 @@ A classic way of importing a scan is by specifying the ID of the engagement inst ## Reimport ReImporting via the API is performed via the [reimport-scan](https://demo.defectdojo.org/api/v2/doc/) endpoint. -An reimport can be performed by specifying the names of these entities in the API request: +A reimport can be performed by specifying the names of these entities in the API request: ```JSON { "minimum_severity": 'Info', "active": True, - "verified": Trued, + "verified": True, "scan_type": 'ZAP Scan', "test_title": 'Manual ZAP Scan by John', "product_type_name": 'Good Products', "product_name": 'My little product', "engagement_name": 'Important import', - "auto_create_contex": True, + "auto_create_context": True, + "do_not_reactivate": False, } ``` When `auto_create_context` is `True`, the product and engagement will be created if needed. Make sure your user has sufficient [permissions](../usage/permissions) to do this. -A Reimport will automatically select the latest test inside the provided engagement that satisifes the provided `scan_type` and (optionally) provided `test_title` +When `do_not_reactivate` is `True`, the importing/reimporting will ignore uploaded active findings and not reactivate previously closed findings, while still creating new findings if there are new ones. You will get a note on the finding to explain that it was not reactivated for that reason. -If no existing Test is found, the reimport endpoint will use the import function to import the provided report into a new Test. This means a (CI/CD) script using the API doesn't need to know if a Test already exist, or if it is a first time upload for this product / engagement. +A reimport will automatically select the latest test inside the provided engagement that satisifes the provided `scan_type` and (optionally) provided `test_title`. + +If no existing Test is found, the reimport endpoint will use the import function to import the provided report into a new Test. This means a (CI/CD) script using the API doesn't need to know if a Test already exists, or if it is a first time upload for this Product / Engagement. A classic way of reimporting a scan is by specifying the ID of the test instead: @@ -110,7 +120,7 @@ A classic way of reimporting a scan is by specifying the ID of the test instead: { "minimum_severity": 'Info', "active": True, - "verified": Trued, + "verified": True, "scan_type": 'ZAP Scan', "test": 123, } @@ -133,4 +143,4 @@ Here are the following use cases for using this field: 3. The report **does not** set the date, and the `scan_date` is **set** at import - Finding date will be whatever the user set for `scan_date` 4. The report **sets** the date, and the `scan_date` is **set** at import - - Finding date will be whatever the user set for `scan_date` \ No newline at end of file + - Finding date will be whatever the user set for `scan_date` diff --git a/docs/content/en/integrations/jira.md b/docs/content/en/integrations/jira.md index f4c66c76634..e7a19329bd4 100644 --- a/docs/content/en/integrations/jira.md +++ b/docs/content/en/integrations/jira.md @@ -28,7 +28,8 @@ Enabling the Webhook 1. Visit \<**YOUR JIRA URL**\>/plugins/servlet/webhooks 2. Click \'Create a Webhook\' 3. For the field labeled \'URL\' enter: \<**YOUR DOJO - DOMAIN**\>/webhook/ + DOMAIN**\>/jira/webhook/<**YOUR GENERATED WEBHOOK SECRET**> + This value can be found under Defect Dojo System settings 4. Under \'Comments\' enable \'Created\'. Under Issue enable \'Updated\'. @@ -38,15 +39,21 @@ Configurations in Dojo 1. Navigate to the System Settings from the menu on the left side or by directly visiting \/system\_settings. 2. Enable \'Enable JIRA integration\' and click submit. +3. For the webhook created in Enabling the Webhook, enable + \'Enable JIRA web hook\' and click submit. Adding JIRA to Dojo ------------------- 1. Click \'JIRA\' from the left hand menu. 2. Select \'Add Configuration\' from the drop-down. -3. If you use Jira Cloud, you will need to generate an [API token - for Jira](https://id.atlassian.com/manage/api-tokens) to use as - the password +3. For JIRA Server: + + Enter the _Username_ & _Password_. A _Username_ and JIRA _Personal Access Token_ will not necessarily work. + + For JIRA Cloud: + + Enter _Email Address_ & [API token for Jira](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) 4. To obtain the \'open status key\' and \'closed status key\' visit \<**YOUR JIRA URL**\>/rest/api/latest/issue/\<**ANY VALID ISSUE @@ -66,7 +73,7 @@ To obtain \'epic name id\': If you have admin access to JIRA: 4. **Note**: dojojira uses the same celery functionality as reports. Make sure the celery runner is setup correctly as described: - + Or diff --git a/docs/content/en/integrations/ldap-authentication.md b/docs/content/en/integrations/ldap-authentication.md new file mode 100644 index 00000000000..2fcf895e12b --- /dev/null +++ b/docs/content/en/integrations/ldap-authentication.md @@ -0,0 +1,129 @@ +--- +title: "Authentication via LDAP" +description: "Authenticate users using LDAP" +draft: false +weight: 4 +--- + +## LDAP Authentication + +Out of the box Defect Dojo does not support LDAP authentication. + +*However*, since Defect Dojo is built using Django, it isn't too difficult to add support for LDAP. +So long as you don't mind building your own Docker images... + +We will need to modify a grand total of 4-5 files, depending on how you want to pass Dojo your LDAP secrets. + + - Dockerfile.django-* + - Dockerfile.nginx-* + - requirements.txt + - settings.dist.py + - docker-compose.yml *(Optional)* + + +#### Dockerfile modifications + +In both Dockerfile.django and Dockerfile.nginx, you want to add the following lines to the apt-get install layers: + +```bash +libldap2-dev \ +libsasl2-dev \ +ldap-utils \ +``` + + +#### requirements.txt + +Please check for the latest version of these requirements at the time of implementation on pypi.org and use those if you can. + +- [https://pypi.org/project/python-ldap/](python-ldap) +- [https://pypi.org/project/django-auth-ldap/](django-auth-ldap) + +Otherwise add the following to requirements.txt: + +``` +python-ldap==3.4.2 +django-auth-ldap==4.1.0 +``` + + +#### settings.dist.py + +Find the settings file (hint: `/dojo/settings/settings.dist.py`) and add the following: + +At the top of the file: +```python +import ldap +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType +``` + +Then further down add LDAP settings to the env dict: +```python +# LDAP +DD_LDAP_SERVER_URI=(str, 'ldap://ldap.example.com'), +DD_LDAP_BIND_DN=(str, ''), +DD_LDAP_BIND_PASSWORD=(str, ''), +``` + +Then under the env dict add: +```python +AUTH_LDAP_SERVER_URI = env('DD_LDAP_SERVER_URI') +AUTH_LDAP_BIND_DN = env('DD_LDAP_BIND_DN') +AUTH_LDAP_BIND_PASSWORD = env('DD_LDAP_BIND_PASSWORD') +AUTH_LDAP_USER_SEARCH = LDAPSearch( + "ou=Groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)" +) + +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenName", + "last_name": "sn", + "email": "mail", +} +``` +Please make sure to customise all of the LDAP search variables to match your company's configuration. + + +For additional group controls you can add: +```python +# Set up the basic group parameters. +AUTH_LDAP_GROUP_SEARCH = LDAPSearch( + "dc=example,dc=com", + ldap.SCOPE_SUBTREE, + "(objectClass=groupOfNames)", +) +AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") + +# Simple group restrictions +AUTH_LDAP_REQUIRE_GROUP = "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com" + +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com", + "is_staff": "cn=DD_USER_STAFF,ou=Groups,dc=example,dc=com", + "is_superuser": "cn=DD_USER_ADMIN,ou=Groups,dc=example,dc=com", +} +``` + +Then also add `'django_auth_ldap.backend.LDAPBackend'` to the `AUTHENTICATION_BACKENDS` variable, for example: +```python +AUTHENTICATION_BACKENDS = ( + 'django_auth_ldap.backend.LDAPBackend', + 'django.contrib.auth.backends.RemoteUserBackend', + 'django.contrib.auth.backends.ModelBackend', +) +``` + +Read the docs for Django Authentication with LDAP here: https://django-auth-ldap.readthedocs.io/en/latest/ + +#### docker-compose.yml + +In order to pass the variables to the settings.dist.py file via docker, it's a good idea to add these to the docker-compose file. + +You can do this by adding the following variables to the environment section for the uwsgi image: +``` +DD_LDAP_SERVER_URI: "${DD_LDAP_SERVER_URI:-ldap://ldap.example.com}" +DD_LDAP_BIND_DN: "${DD_LDAP_BIND_DN:-}" +DD_LDAP_BIND_PASSWORD: "${DD_LDAP_BIND_PASSWORD:-}" +``` + +Alternatively you can set these values in a local_settings.py file. + diff --git a/docs/content/en/integrations/notifications.md b/docs/content/en/integrations/notifications.md index 9011fde656f..648d8ff1bf8 100644 --- a/docs/content/en/integrations/notifications.md +++ b/docs/content/en/integrations/notifications.md @@ -16,9 +16,9 @@ and more. The following notification methods currently exist: - Email - - Slack + - Slack - Microsoft Teams - - Alerts within DefectDojo + - Alerts within DefectDojo (default) You can set these notifications on a global scope (if you have administrator rights) or on a personal scope. For instance, an @@ -27,31 +27,90 @@ to a certain Slack channel, whereas an individual user wants email notifications to be sent to the user\'s specified email address when a report has finished generating. -Microsoft Teams does not provide an easy way to send messages to a personal -channel. Therefore, DefectDojo can only send system scope notifications -to Microsoft Teams. +Users can define notifications on a product level as well, and these settings will be applied only for selected products. In order to identify and notify you about things like upcoming engagements, DefectDojo runs scheduled tasks for this purpose. These tasks are scheduled and run using Celery beat, so this needs to run for those notifications to work. +DefectDojo allows `template` to be used, administrator can use this feature to define which notification should be received by newly created users. + ### Slack +#### Basic Integration +This method will allow DefectDojo to send Global notifications to a Slack channel. It can also send Personal notifications to an individual user's Slackbot. + +To configure Slack messaging, you will first need to create a new Slack app at https://api.slack.com/apps. + +This app can be created from scratch, or from a JSON manifest which includes all necessary scopes and bot functionality. This manifest can be copied and pasted into the Slack App wizard when you select 'Build From Manifest'. + +
+ JSON Manifest + +~~~ +{ + "_metadata": { + "major_version": 1, + "minor_version": 1 + }, + "display_information": { + "name": "DefectDojo", + "description": "Notifications from DefectDojo", + "background_color": "#0000AA" + }, + "features": { + "bot_user": { + "display_name": "DefectDojo Notifications" + } + }, + "oauth_config": { + "scopes": { + "bot": [ + "chat:write", + "chat:write.customize", + "chat:write.public", + "incoming-webhook", + "users:read", + "users:read.email" + ] + }, + "redirect_urls": [ + "https://slack.com/oauth/v2/authorize" + ] + } +} +~~~ + +
+ +Choose the channel where you want to post Global notifications during the 'Create From Manifest' process. Personal notifications will appear in a user's Slackbot if they have their Slack Email Address specified on their user profile. + #### Scopes -The following scopes have to be granted. +The following scopes have to be granted to your Slack App. If the App was created from the JSON Manifest above, these permission scopes will already be set correctly. ![Slack OAuth scopes](../../images/slack_scopes.png) #### Token -The bot token has to be chosen and put in your System Settings +The Slack Bot Token needs to be pasted in the DefectDojo System Settings, nested underneath the 'Enable slack notifications' checkbox. This token can be found in the Features / OAuth & Permissions section on the Slack App settings. ![Slack token](../../images/slack_tokens.png) +#### Examples of Slack notifications + +![Add Product](../../images/slack_add_product.png) + +![Import Scan](../../images/slack_import_scan.png) + + ### Microsoft Teams +Microsoft Teams does not provide an easy way to send messages to a personal +channel. Therefore, DefectDojo can only send system scope notifications +to Microsoft Teams. + To activate notifications to Microsoft Teams, you have to: - Configure an Incoming Webhook in a Teams channel and copy the URL of the webhook to the clipboard - Activate `Enable Microsoft Teams notifications` in the System Settings diff --git a/docs/content/en/integrations/parsers.md b/docs/content/en/integrations/parsers.md deleted file mode 100644 index 71f54c2eedc..00000000000 --- a/docs/content/en/integrations/parsers.md +++ /dev/null @@ -1,1119 +0,0 @@ ---- -title: "Supported reports" -description: "DefectDojo has the ability to import scan reports from a large number of security tools." -draft: false -weight: 1 ---- - -## Security Tools - -### Acunetix Scanner - -XML format - -### Acunetix 360 Scanner - -Vulnerabilities List - JSON report - -### Anchore-Engine - -JSON vulnerability report generated by anchore-cli tool, using a command -like `anchore-cli --json image vuln all` - -### Aqua - -JSON report format. - -### Anchore Grype - -Anchore Grype JSON report format generated with `-o json` option. - -{{< highlight bash >}} -grype defectdojo/defectdojo-django:1.13.1 -o json > many_vulns.json -{{< /highlight >}} - -### Arachni Scanner - -Arachni Web Scanner (http://arachni-scanner.com/wiki) - -Reports are generated with `arachni_reporter` tool this way: - -{{< highlight bash >}} -arachni_reporter --reporter 'json' js.com.afr -{{< /highlight >}} - -### AppSpider (Rapid7) - -Use the VulnerabilitiesSummary.xml file found in the zipped report -download. - -### AuditJS (OSSIndex) - -AuditJS scanning tool using OSSIndex database and generated with `--json` or `-j` option (). - -{{< highlight bash >}} -auditjs ossi --json > auditjs_report.json -{{< /highlight >}} - -### AWS Security Hub - -The JSON output from AWS Security Hub exported with the `aws securityhub get-findings` () -command. - -### AWS Scout2 Scanner (deprecated) - -JS file in scout2-report/inc-awsconfig/aws\_config.js. - -{{% alert title="Warning" color="warning" %}} -AWS Scout2 Scanner is deprecated and has been replaced with ScoutSuite (https://github.com/nccgroup/ScoutSuite) upstream. -Please switch to the new parser for ScoutSuite. -{{% /alert %}} - -{{% alert title="Warning" color="warning" %}} -This parser is disactivated by default in releases >= 2.3.1 and will be removed in release >= 3.x.x. -{{% /alert %}} - -### AWS Prowler Scanner - -Prowler file can be imported as a CSV (`-M csv`) or JSON (`-M json`) file. - -### Azure Security Center Recommendations Scan - -Azure Security Center recommendations can be exported from the user interface in CSV format. - -### Bandit - -JSON report format - -### Blackduck Hub - -2 options: - -* Import the zip file as can be created by Blackduck export. -The zip file must contain the security.csv and files.csv in order to -produce findings that bear file locations information. -* Import a single security.csv file. Findings will not have any file location -information. - -### Brakeman Scan - -Import Brakeman Scanner findings in JSON format. - -### Bugcrowd - -Import Bugcrowd results in CSV format. - -### Bundler-Audit - -Import the text output generated with bundle-audit check - -### Burp XML - -When the Burp report is generated, **the recommended option is Base64 -encoding both the request and response fields** - e.g. check the box -that says \"Base64-encode requests and responses\". These fields will be -processed and made available in the \'Finding View\' page. - -### Burp Enterprise Scan - -Import HTML reports from Burp Enterprise Edition - -### Burp GraphQL - -Import the JSON data returned from the BurpSuite Enterprise GraphQL API. Append all the -issues returned to a list and save it as the value for the key "Issues". There is no need -to filter duplicates, the parser will automatically combine issues with the same name. - -Example: - -{{< highlight json >}} -{ - "Issues": [ - { - "issue_type": { - "name": "Cross-site scripting (reflected)", - "description_html": "Issue Description", - "remediation_html": "Issue Remediation", - "vulnerability_classifications_html": "
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • ", - "references_html": "
  • Cross-site scripting
    • " - }, - "description_html": "Details", - "remediation_html": "Remediation Details", - "severity": "high", - "path": "/burp", - "origin": "https://portswigger.net", - "evidence": [ - { - "request_index": 0, - "request_segments": [ - { - "data_html": "GET" - }, - { - "highlight_html": "data" - }, - { - "data_html": " HTTP More data" - } - ] - }, - { - "response_index": 0, - "response_segments": [ - { - "data_html": "HTTP/2 200 OK " - }, - { - "highlight_html": "data" - }, - { - "data_html": "More data" - } - ] - } - ] - } - ] -} -{{< /highlight >}} - -Example GraphQL query to get issue details: - -{{< highlight graphql >}} - query Issue ($id: ID!, $serial_num: ID!) { - issue(scan_id: $id, serial_number: $serial_num) { - issue_type { - name - description_html - remediation_html - vulnerability_classifications_html - references_html - } - description_html - remediation_html - severity - path - origin - evidence { - ... on Request { - request_index - request_segments { - ... on DataSegment { - data_html - } - ... on HighlightSegment { - highlight_html - } - } - } - ... on Response { - response_index - response_segments { - ... on DataSegment { - data_html - } - ... on HighlightSegment { - highlight_html - } - } - } - } - } - } -{{< /highlight >}} - - -### CargoAudit Scan - -Import JSON output of cargo-audit scan report - -### CCVS Report - -Import JSON reports from \[CCVS -API\]() - -### Checkov Report - -Import JSON reports of Infrastructure as Code vulnerabilities. - -### Clair Scan - -Import JSON reports of Docker image vulnerabilities. - -### Clair Klar Scan - -Import JSON reports of Docker image vulnerabilities from clair klar -client. - -### Cobalt.io Scan - -CSV Report - -### Cobalt.io API Import - -Import findings from the Cobalt.io API - no file required. - -Follow these steps to setup API importing: - -1. Configure the Cobalt.io Authentication details by navigating to - Configuration / Tool Configuration, selecting the Tool Type to "Cobalt.io", - and Authentication Type "API Key". Paste your Cobalt.io API key in the - "API Key" field and the desired org token in the "Extras" field. -2. In the Product settings select "Add API Scan Configuration" and select the - previously added Cobalt.io Tool Configuration. Provide the ID - of the asset from which to import findings in the field *Service key 1*. - The ID can be found at the end of the URL when viewing the asset in your browser. -3. After this is done, you can import the findings by selecting "Cobalt.io - API Import" as the scan type. If you have more than one asset configured, you - must also select which Cobalt.io API Scan Configuratio to use. - -### CodeQL -CodeQL can be used to generate a SARIF report, that can be imported into Defect Dojo: - -`codeql database analyze db python-security-and-quality.qls --sarif-add-snippets --format=sarif-latest --output=security-extended.sarif` - -The same can be achieved by running the CodeQL GitHub action with the `add-snippet` property set to true. - -### Coverity API - -Export Coverity API view data in JSON format (`/api/viewContents/issues` endpoint). - -Currently these columns are mandatory: - * `displayType` (`Type` in the UI) - * `displayImpact` (`Impact` in the UI) - * `status` (`Status` in the UI) - * `firstDetected` (`First Detected` in the UI) - -Other supported attributes: `cwe`, `displayFile`, `occurrenceCount` and `firstDetected` - -### Crashtest Security - -Import JSON Report Import XML Report in JUnit Format - -### CredScan Report - -Import CSV credential scanner reports - -### Contrast Scanner - -CSV Report - -### Checkmarx - -- `Checkmarx Scan`, `Checkmarx Scan detailed`: XML report from Checkmarx SAST (source code analysis) -- `Checkmarx OSA`: json report from Checkmarx Open Source Analysis (dependencies analysis) - -To generate the OSA report using Checkmarx CLI: -`./runCxConsole.sh OsaScan -v -CxServer <...> -CxToken <..> -projectName <...> -enableOsa -OsaLocationPath -OsaJson ` - -That will generate three files, two of which are needed for defectdojo. Build the file for defectdojo with the jq utility: -`jq -s . CxOSAVulnerabilities.json CxOSALibraries.json` - - -### Choctaw Hog parser - -From: Import the JSON output. - -### Cloudsploit (AquaSecurity) - -From: https://github.com/aquasecurity/cloudsploit . Import the JSON output. - -### CycloneDX - -CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. - -From: https://www.cyclonedx.org/ - -Example with Anchore Grype: - -{{< highlight bash >}} -./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml -{{< /highlight >}} - -Example with `cyclonedx-bom` tool: - -{{< highlight bash >}} -pip install cyclonedx-bom -cyclonedx-py -{{< /highlight >}} - -{{< highlight bash >}} - Usage: cyclonedx-py [OPTIONS] - Options: - -i - the alternate filename to a frozen requirements.txt - -o - the bom file to create - -j - generate JSON instead of XML -{{< /highlight >}} - -### DawnScanner - -Import report in JSON generated with -j option - -### Dependency Check - -OWASP Dependency Check output can be imported in Xml format. This parser ingests the vulnerable dependencies and inherits the suppressions. - -* Suppressed vulnerabilities are tagged with the tag: `suppressed`. -* Suppressed vulnerabilities are marked as inactive, but not as mitigated. -* If the suppression is missing any `` tag, it tags them as `no_suppression_document`. -* Related vulnerable dependencies are tagged with `related` tag. - -### Dependency Track - -Dependency Track has implemented a DefectDojo integration. Information about -how to configure the integration is documented here: -https://docs.dependencytrack.org/integrations/defectdojo/ - -Alternatively, the Finding Packaging Format (FPF) from OWASP Dependency Track can be -imported in JSON format. See here for more info on this JSON format: - - -### DrHeader - -Import of JSON report from - - -### Dockle Report - -Import JSON container image linter reports - - -### Detect-secrets - -Import of JSON report from - -### ESLint - -ESLint Json report format (-f json) - -### Fortify - -Import Findings from XML file format. - -### Generic Findings Import - -Import Generic findings in CSV or JSON format. - -Attributes supported for CSV: -- Date: Date of the finding in mm/dd/yyyy format. -- Title: Title of the finding -- CweId: Cwe identifier, must be an integer value. -- Url: Url associated with the finding. -- Severity: Severity of the finding. Must be one of Info, Low, Medium, High, or Critical. -- Description: Description of the finding. Can be multiple lines if enclosed in double quotes. -- Mitigation: Possible Mitigations for the finding. Can be multiple lines if enclosed in double quotes. -- Impact: Detailed impact of the finding. Can be multiple lines if enclosed in double quotes. -- References: References associated with the finding. Can be multiple lines if enclosed in double quotes. -- Active: Indicator if the finding is active. Must be empty, TRUE or FALSE -- Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE -- FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE. -- Duplicate:Indicator if the finding is a duplicate. Must be TRUE, or FALSE - -The CSV expects a header row with the names of the attributes. - -Example of JSON format: - -```JSON -{ - "findings": [ - { - "title": "test title with endpoints as dict", - "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau", - "severity": "Medium", - "mitigation": "Some mitigation", - "date": "2021-01-06", - "cve": "CVE-2020-36234", - "cwe": 261, - "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "file_path": "src/first.cpp", - "line": 13, - "endpoints": [ - { - "host": "exemple.com" - } - ] - }, - { - "title": "test title with endpoints as strings", - "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", - "severity": "Critical", - "mitigation": "Some mitigation", - "date": "2021-01-06", - "cve": "CVE-2020-36235", - "cwe": 287, - "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "file_path": "src/two.cpp", - "line": 135, - "endpoints": [ - "http://urlfiltering.paloaltonetworks.com/test-command-and-control", - "https://urlfiltering.paloaltonetworks.com:2345/test-pest" - ] - }, - { - "title": "test title", - "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", - "severity": "Critical", - "mitigation": "Some mitigation", - "date": "2021-01-06", - "cve": "CVE-2020-36236", - "cwe": 287, - "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "file_path": "src/threeeeeeeeee.cpp", - "line": 1353 - } - ] -} -``` - -This parser support an attributes that accept files as Base64 strings. These files are attached to the respective findings. - -Example: - -```JSON -{ - "title": "My wonderful report", - "findings": [ - { - "title": "Vuln with image", - "description": "Some very long description", - "severity": "Medium", - "files": [ - { - "title": "Screenshot from 2017-04-10 16-54-19.png", - "data": "iVBORw0KGgoAAAANSUhEUgAABWgAAAK0CAIAAAARSkPJAAAAA3N<...>TkSuQmCC" - } - ] - } - ] -} -``` - -### Gosec Scanner - -Import Gosec Scanner findings in JSON format. - -### Gitleaks - -Import Gitleaks findings in JSON format. - -### GitLab SAST Report - -Import SAST Report vulnerabilities in JSON format: https://docs.gitlab.com/ee/user/application_security/sast/#reports-json-format - -### GitLab Dependency Scanning Report - -Import Dependency Scanning Report vulnerabilities in JSON format: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#reports-json-format - -### Github Vulnerability - -Import findings from Github vulnerability scan: - - -Currently the parser is able to manage only `RepositoryVulnerabilityAlert` object. -The parser has some kind of search feature which detect the data in the report. - -Here is the mandatory objects and attributes: -``` -vulnerabilityAlerts (RepositoryVulnerabilityAlert object) - + id - + createdAt (optional) - + vulnerableManifestPath (optional) - + securityVulnerability (SecurityVulnerability object) - + severity (CRITICAL/HIGH/LOW/MODERATE) - + package (optional) - + name (optional) - + advisory (SecurityAdvisory object) - + description - + summary - + description - + identifiers - + value - + references (optional) - + url (optional) - + cvss (optional) - + vectorString (optional) -``` - -References: - - https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert - - https://docs.github.com/en/graphql/reference/objects#securityvulnerability - -Github v4 graphql query to fetch data: - -{{< highlight graphql >}} - query getVulnerabilitiesByOwner($owner: String!) { - search(query: $owner, type: REPOSITORY, first: 100) { - nodes { - ... on Repository { - name - vulnerabilityAlerts(last: 100) { - nodes { - id - securityVulnerability { - severity - package { - name - } - advisory { - description - summary - identifiers { - type - value - } - references { - url - } - } - } - } - } - } - } - } - } -{{< /highlight >}} - -Another example of Python script that query one repository: - -```python - -import json -import requests - - -query = """ -query getVulnerabilitiesByRepoAndOwner($name: String!, $owner: String!) { - repository(name: $name, owner: $owner) { - vulnerabilityAlerts(first: 100) { - nodes { - id - createdAt - securityVulnerability { - severity - package { - name - ecosystem - } - advisory { - description - summary - identifiers { - value - type - } - references { - url - } - cvss { - vectorString - } - } - } - vulnerableManifestPath - } - } - } -} -""" - -token = '...' # generated from GitHub settings -headers = {"Authorization": "Bearer " + token} - - -request = requests.post(url='https://api.github.com/graphql', - json={ - "operationName": "getVulnerabilitiesByRepoAndOwner", - 'query': query, - 'variables': { - 'name': 'gogoph', - 'owner': 'damiencarol' - } - }, - headers=headers) - -result = request.json() -print(json.dumps(result, indent=2)) -``` - -### Hadolint - -Hadolint Dockerfile scan in json format. - -### Harbor Vulnerability - -Import findings from Harbor registry container scan: - - -### Horusec - -Import findings from Horusec scan. - -```shell -./horusec_linux_x64 start -O=report.json -o json -i="tests/" -``` - -References: - * [GitHub repository](https://github.com/ZupIT/horusec) - -### HuskyCI Report - -Import JSON reports from -[HuskyCI]() - -### IBM AppScan DAST - -XML file from IBM App Scanner. - -### Immuniweb Scan - -XML Scan Result File from Immuniweb Scan. - -### IntSights Report - -IntSights Threat Command is a commercial Threat Intelligence platform that monitors both the open and dark web to identify threats for the Assets you care about (Domain Names, IP addresses, Brand Names, etc.). - -#### Manual Import -Use the Export CSV feature in the IntSights Threat Command GUI to create an *IntSights Alerts.csv* file. This CSV -file can then be imported into Defect Dojo. - -#### Automated Import - -The IntSights `get-complete-alert` API only returns details for a single alert. To automate the process, -individually fetch details for each alert and append to a list. The list is then saved as the value for the key -"Alerts". This JSON object can then be imported into Defect Dojo. - -Example: - - { - "Alerts":[ - { - "_id":"5c80egf83b4a3900078b6be6", - "Details":{ - "Source":{ - "URL":"https://www.htbridge.com/websec/?id=ABCDEF", - "Date":"2018-03-08T00:01:02.622Z", - "Type":"Other", - "NetworkType":"ClearWeb" - }, - "Images":[ - "5c80egf833963a40007e01e8d", - "5c80egf833b4a3900078b6bea", - "5c80egf834626bd0007bd64db" - ], - "Title":"HTTP headers weakness in example.com web server", - "Tags":[], - "Type":"ExploitableData", - "Severity":"Critical", - "SubType":"VulnerabilityInTechnologyInUse", - "Description":"X-XSS-PROTECTION and CONTENT-SECURITY-POLICY headers were not sent by the server, which makes it vulnerable for various attack vectors" - }, - "Assignees":[ - "5c3c8f99903dfd0006ge5e61" - ], - "FoundDate":"2018-03-08T00:01:02.622Z", - "Assets":[ - { - "Type":"Domains", - "Value":"example.com" - } - ], - "TakedownStatus":"NotSent", - "IsFlagged":false, - "UpdateDate":"2018-03-08T00:01:02.622Z", - "RelatedIocs":[], - "RelatedThreatIDs":[], - "Closed":{ - "IsClosed":false - } - } - ] - } - -### JFrogXRay - -Import the JSON format for the \"Security Export\" file. Use this importer for Xray version 2.X - -### JFrog XRay Unified - -Import the JSON format for the \"Security & Compliance | Reports\" export. Jfrog's Xray tool is an add-on to their Artifactory repository that does Software Composition Analysis, see https://www.jfrog.com/confluence/display/JFROG/JFrog+Xray for more information. \"Xray Unified\" refers to Xray Version 3.0 and later. - -### Kiuwan Scanner - -Import Kiuwan Scan in CSV format. Export as CSV Results on Kiuwan. - -### kube-bench Scanner - -Import JSON reports of Kubernetes CIS benchmark scans. - -### KICS Scanner - -Import of JSON report from - -### Meterian Scanner - -The Meterian JSON report output file can be imported. - -### Microfocus Webinspect Scanner - -Import XML report - -### MobSF Scanner - -Export a JSON file using the API, api/v1/report\_json. - -### Mobsfscan - -Import JSON report from - -### Mozilla Observatory Scanner - -Import JSON report. - -### Nessus (Tenable) - -Reports can be imported in the CSV, and .nessus (XML) report formats. - -### Nessus WAS (Tenable) - -Reports can be imported in the CSV, and .nessus (XML) report formats. - -### Netsparker - -Vulnerabilities List - JSON report - -### Nexpose XML 2.0 (Rapid7) - -Use the full XML export template from Nexpose. - -### Nikto - -Nikto web server scanner - https://cirt.net/Nikto2 - -The current parser support 3 sources: - - XML output (old) - - new XML output (with nxvmlversion=\"1.2\" type) - - JSON output - -See: https://github.com/sullo/nikto - -### Nmap - -XML output (use -oX) - -### Node Security Platform - -Node Security Platform (NSP) output file can be imported in JSON format. - -### NPM Audit - -Node Package Manager (NPM) Audit plugin output file can be imported in -JSON format. Only imports the \'advisories\' subtree. - -### Nuclei - -Import JSON output of nuclei scan report - -### Openscap Vulnerability Scan - -Import Openscap Vulnerability Scan in XML formats. - -### OpenVAS CSV - -Import OpenVAS Scan in CSV format. Export as CSV Results on OpenVAS. - -### OssIndex Devaudit - -Import JSON formatted output from \[OSSIndex -Devaudit\](). - -### Oss Review Toolkit - -Import ORT Evaluated model reporter in JSON Format. -(Example)\[\] - -### PHP Security Audit v2 - -Import PHP Security Audit v2 Scan in JSON format. - -### PHP Symfony Security Checker - -Import results from the PHP Symfony Security Checker. - -### Probely - -Synchronize Probely Plus findings with DefectDojo. - -To setup this integration set the DefectDojo URL and API key on the -Integrations page on Probely. Then, select which Product, Engagement, -and, optionally, the Test you want to synchronize to. The API key needs -to belong to a staff user. - -Works with DefectDojo 1.5.x and 1.6.x. Probely also supports non-public -DefectDojo instances. - -For detailed instructions on how to configure Probely and DefectDojo, -see - - -### Qualys Scan - -Qualys output files can be imported in API XML format. Qualys output -files can be imported in WebGUI XML format. - -### Qualys Webapp Scan - -Qualys WebScan output files can be imported in XML format. - -### Retire.js - -Retire.js JavaScript scan (\--js) output file can be imported in JSON -format. - -### Risk Recon API Importer - -Import findings from Risk Recon via the API. Configure your own JSON -report as follows - -{{< highlight json >}} -{ - "url_endpoint": "https://api.riskrecon.com/v1", - "api_key": "you-api-key", - "companies": [ - { - "name": "Company 1", - "filters": { - "domain_name": [], - "ip_address": ["127.0.0.1"], - "host_name": ["localhost"], - "asset_value": [], - "severity": ["critical", "high"], - "priority": [], - "hosting_provider": [], - "country_name": [] - } - }, - { - "name": "Company 2", - "filters": { - "ip_address": ["0.0.0.0"] - } - } - - ], - "filters": { - "domain_name": [], - "ip_address": [], - "host_name": [], - "asset_value": [], - "severity": ["critical"], - "priority": [], - "hosting_provider": [], - "country_name": [] - } -} -{{< /highlight >}} - -- More than one company finding list can be queried with it\'s own set - of filters. Company 1 shows all available fitlers, while Company 2 - shows that empty filters need not be present. -- To query all companies in your Risk Recon instance, simple remove - the \"companies\" field entirely. -- If the \"companies\" field is not present, and filtering is still - requested, the \"filters\" field can be used to filter all findings - across all companies. It carries the same behavior as the company - filters. The \"filters\" field is disregarded in the prescense of - the \"companies\" field. -- Removing both fields will allow retrieval of all findings in the - Risk Recon instance. - -### SARIF - -OASIS Static Analysis Results Interchange Format (SARIF). SARIF is -supported by many tools. More details about the format here: - - -{{% alert title="Information" color="info" %}} -SARIF parser customizes the Test_Type with data from the report. -For example, a report with `Dockle` as a driver name will produce a Test with a Test_Type named `Dockle Scan (SARIF)` -{{% /alert %}} - -{{% alert title="Warning" color="warning" %}} -Current implementation is limited and will aggregate all the findings in the SARIF file in one single report. -{{% /alert %}} - -### ScoutSuite - -Multi-Cloud security auditing tool. It uses APIs exposed by cloud -providers. Scan results are located at -`scan-reports/scoutsuite-results/scoutsuite\_\*.json` files. -Multiple scans will create multiple files if they are runing agains -different Cloud projects. See - -### Semgrep JSON Report - -Import Semgrep output (--json) - -### SKF Scan - -Output of SKF Sprint summary export. - -### Snyk - -Snyk output file (snyk test \--json \> snyk.json) can be imported in -JSON format. - -### SonarQube Scan (Aggregates findings per cwe, title, description, file\_path.) - -SonarQube output file can be imported in HTML format. - -To generate the report, see - - -Version: \>= 1.1.0 - -### SonarQube Scan Detailed (Import all findings from SonarQube html report.) - -SonarQube output file can be imported in HTML format. - -To generate the report, see - - -Version: \>= 1.1.0 - -### SonarQube API Import - -SonarQube API will be accessed to gather the report. No report file is -required. - -Follow these steps to setup the SonarQube API import: - -1. Configure the Sonarqube authentication details by navigating to - Configuration / Tool Configuration. Note the url must be in the - format of `https:///api`. Select the tool - type to be SonarQube. By default the tool will import vulnerabilities issues - and security hotspots only, - but additional filters can be setup using the Extras field separated by - commas (e.g. BUG,VULNERABILITY,CODE_SMELL) -2. In the Product settings add an API Scan Configuration. *Service key 1* must - be the SonarQube project key, which can be found by navigating to a specific project and - selecting the value from the url - `https:///dashboard?id=key`. - When you do not provide a SonarQube project key, DefectDojo will - use the name of the Product as the project key in SonarQube. If you would like to - import findings from multiple projects, you can specify multiple keys as - separated API Scan Configuration in the Product settings. -3. Once all of the settings are made, the SonarQube API Import will be - able to import all vulnerability information from the SonarQube - instance. In the import or re-import dialog you can select which API Scan - Configuration shall be used. If you do not choose - any, DefectDojo will use the API Scan Configuration of the Product if there is - only one defined or the SonarQube Tool Configuration if there is only one. - -**Note:**: If `https` is used for the SonarQube, the certificate must be -trusted by the DefectDojo instance. - - -### SpotBugs - -XML report of textui cli. - -### Sonatype - -JSON output. - -### SSL Labs - -JSON Output of ssllabs-scan cli. - -### Sslscan - -Import XML output of sslscan report. - -### Sslyze Scan - -XML report of SSLyze version 2 scan - -### SSLyze 3 Scan (JSON) - -JSON report of SSLyze version 3 scan - -### Testssl Scan - -Import CSV output of testssl scan report. - -### Terrascan - -Import JSON output of terrascan scan report - -### Trivy - -JSON report of [trivy scanner](https://github.com/aquasecurity/trivy). - -### Trufflehog - -JSON Output of Trufflehog. - -### Trustwave - -CSV output of Trustwave vulnerability scan. - -### Twistlock - -JSON output of the `twistcli` tool. Example: - -{{< highlight bash >}} -./twistcli images scan --address https:// --user --details --output-file= -{{< /highlight >}} - -The CSV output from the UI is now also accepted. - -### TFSec - -Import of JSON report from - -### Visual Code Grepper (VCG) -VCG output can be imported in CSV or Xml formats. - -### Veracode - -Detailed XML Report - -### Wapiti Scan - -Import XML report. - -### Whitesource Scan - -Import JSON report - -### Wpscan Scanner - -Import JSON report. - -### Wfuzz JSON importer - -Import the result of Wfuzz (https://github.com/xmendez/wfuzz) if you export in JSON the result (`wfuzz -o json -f myJSONReport.json,json`). - -The return code matching are directly put in Severity as follow(this is hardcoded in the parser actually). - -HTTP Return Code | Severity ------------------|--------- -200 | High -401 | Medium -403 | Medium -407 | Medium -500 | Low - -### Xanitizer - -Import XML findings list report, preferably with parameter -\'generateDetailsInFindingsListReport=true\'. - -### Yarn Audit - -Import Yarn Audit scan report in JSON format. Use something like `yarn audit --json > yarn_report.json`. - -### Zed Attack Proxy - -ZAP XML report format. diff --git a/docs/content/en/integrations/parsers/_index.md b/docs/content/en/integrations/parsers/_index.md new file mode 100644 index 00000000000..88f7d105bfa --- /dev/null +++ b/docs/content/en/integrations/parsers/_index.md @@ -0,0 +1,6 @@ +--- +title: "Supported reports" +description: "DefectDojo has the ability to import scan reports from a large number of security tools." +draft: false +weight: 1 +--- diff --git a/docs/content/en/integrations/parsers/api/_index.md b/docs/content/en/integrations/parsers/api/_index.md new file mode 100644 index 00000000000..e25cd7f6f7c --- /dev/null +++ b/docs/content/en/integrations/parsers/api/_index.md @@ -0,0 +1,21 @@ +--- +title: "API Pull" +description: "Report pulled to DefectDojo via API exposed by scanning service" +weight: 2 +chapter: true +--- +All parsers that use API pull have common basic configuration steps, but with different values. + +Follow these steps to set up API importing: + +1. Configure the API authentication details by navigating to + `Configuration -> Tool Configuration -> Add Tool Configuration`. Enter a `Name`, + selecting the related `Tool Type` and `Authentication Type` "API Key". Paste your credentials + to the proper fields based on definitions below. + +2. In the `Product` settings select `Add API Scan Configuration` and select the + previously added `Tool Configuration`. Provide values based on definitions below. + +3. After this is done, you can import the findings on the `Product` page through + `Findings -> Import Scan Results`. As the `Scan type`, select the related type, + the API scan configuration from the last step, and click `Import`. diff --git a/docs/content/en/integrations/parsers/api/blackduck.md b/docs/content/en/integrations/parsers/api/blackduck.md new file mode 100644 index 00000000000..36107b6b7c5 --- /dev/null +++ b/docs/content/en/integrations/parsers/api/blackduck.md @@ -0,0 +1,12 @@ +--- +title: "Blackduck API" +toc_hide: true +--- +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +In `Tool Configuration`, select `Tool Type` to "BlackDuck API" and `Authentication Type` "API Key". +Paste your BlackDuck API token in the `API Key` field. + +In `Add API Scan Configuration` provide the ID +of the project from which to import findings in the field `Service key 1`. +Provide the version of the project from which to import findings in the field `Service key 2`. \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/api/bugcrowd.md b/docs/content/en/integrations/parsers/api/bugcrowd.md new file mode 100644 index 00000000000..1ebaebb3e4a --- /dev/null +++ b/docs/content/en/integrations/parsers/api/bugcrowd.md @@ -0,0 +1,17 @@ +--- +title: "Bugcrowd API" +toc_hide: true +--- +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +In `Tool Configuration`, select `Tool Type` to "Bugcrowd API" and `Authentication Type` "API Key". +Paste your BlackDuck API token in the `API Key` field. +Set your API key directly in the format `username:password` in the API Token input, it will be added to the header `'Authorization': 'Token {}'.format(self.api_token),` + +For each product, you can configure 2 things: +- `Service key 1`: the bugcrowd program code (it's the slug name in the url for the program, url safe) +- `Service key 2`: the bugcrowd target name (the full name, it will be url-encoded, you can find it in https://tracker.bugcrowd.com//settings/scope/target_groups) + - It can be left empty so that all program submissions are imported + +That way, per product, you can use the same program but separate by target, which is a fairly common way of filtering/grouping Bugcrowd. +Adding support for a 3rd filtering would be possible with `Service Key 3`, feel free to make a PR. diff --git a/docs/content/en/integrations/parsers/api/cobalt.md b/docs/content/en/integrations/parsers/api/cobalt.md new file mode 100644 index 00000000000..59615c5d1ea --- /dev/null +++ b/docs/content/en/integrations/parsers/api/cobalt.md @@ -0,0 +1,16 @@ +--- +title: "Cobalt.io API Import +" +toc_hide: true +--- +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +In `Tool Configuration`, select `Tool Type` to "Cobalt.io" and `Authentication Type` "API Key". +Paste your Cobalt.io API token in the `API Key` field and the desired org token in the `Extras` field. + +In `Add API Scan Configuration` provide the ID +of the asset from which to import findings in the field `Service key 1`. +The ID can be found at the end of the URL when viewing the asset in your browser. + +If you have more than one asset configured, you +must also select which Cobalt.io API Scan Configuratio to use. \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/api/edgescan.md b/docs/content/en/integrations/parsers/api/edgescan.md new file mode 100644 index 00000000000..e5f122b6649 --- /dev/null +++ b/docs/content/en/integrations/parsers/api/edgescan.md @@ -0,0 +1,38 @@ +--- +title: "Edgescan" +toc_hide: true +--- +Import Edgescan vulnerabilities by API or [JSON file](../../file/edgescan.md) + +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +**Step 1: Add tool configuration** + +- Select the gear icon from the left hand side of the page. +- Click on the `Tool Configuration` option and then `+ Add Tool Configuration` from the dropdown menu. +- Once presented with a series of fields, set `Tool Type` to "Edgescan" and `Authentication Type` to "API Key". +- Paste your Edgescan API key in the `API Key` field. +- Click on the `Submit` button. + +**Step 2: Add and configure a product** + +- Select the hamburger menu icon from the left hand side of the page. +- Click on the `All Products` option and then `+ Add Product`. +- Fill in the fields presented. +- Once the product is added, click on the `Settings` option then `Add API Scan Configuration`. +- Select the previously added Edgescan `Tool Configuration`. +- Provide the edgescan asset ID(s) that you wish to import the findings for in the field `Service key 1`. + - Note that multiple asset IDs should be comma separated with no spacing. + - If you want to import vulnerabilities for all assets, simply leave the Service key 1 field empty. + +**Step 3: Importing scan results** + +- After the previous steps are complete, you can import the findings by selecting the `Findings` option +on the product's page and then `Import Scan Results`. +- Once you are presented with a series of fields, select `Edgescan Scan` as the scan type. + - If you have more than one asset configured, you must also select which Edgescan `API Scan Configuration` to use. +- Click on the `Import` button. + +**Important Reminder:** + +- To ensure you're not introducing duplicate vulnerabilities, always use the "Re-Upload Scan" option when re-importing findings from Edgescan. This can be found within the engagement's options by clicking on `Engagements` , then the active engagement in question, then `Edgescan Scan` and selecting "Re-Upload Scan" from the dropdown menu located on the right. diff --git a/docs/content/en/integrations/parsers/api/sonarqube.md b/docs/content/en/integrations/parsers/api/sonarqube.md new file mode 100644 index 00000000000..bd976a43fa8 --- /dev/null +++ b/docs/content/en/integrations/parsers/api/sonarqube.md @@ -0,0 +1,46 @@ +--- +title: "SonarQube API Import" +toc_hide: true +--- +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +In `Tool Configuration`, select `Tool Type` to "SonarQube" and `Authentication Type` "API Key". +Note the url must be in the format of `https:///api` +Paste your SonarQube API token in the "API Key" field. +By default the tool will import vulnerabilities issues +and security hotspots only, but additional filters can be setup using the +Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using +SonarCloud, you must also specify the Organization ID in the Extras field as follows +`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please +seperate the items in the Extras field by a vertical bar as follows +`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID` + +In "Add API Scan Configuration" +- `Service key 1` must + be the SonarQube project key, which can be found by navigating to a specific project and + selecting the value from the url + `https:///dashboard?id=key`. + When you do not provide a SonarQube project key, DefectDojo will + use the name of the Product as the project key in SonarQube. If you would like to + import findings from multiple projects, you can specify multiple keys as + separated `API Scan Configuration` in the `Product` settings. +- If using SonarCloud, the orginization ID can be used from step 1, but it + can be overiden by supplying a different orginization ID in the `Service key 2` input field. + +## Multiple SonarQube API Configurations + +In the import or re-import dialog you can select which `API Scan +Configuration` shall be used. If you do not choose +any, DefectDojo will use the `API Scan Configuration` of the Product if there is +only one defined or the SonarQube `Tool Configuration` if there is only one. + +## Multi Branch Scanning + +If using a version of SonarQube with multi branch scanning, the branch tha be scanned can +be supplied in the `branch tag` fieild at import/re-import time. If the branch does not exist, +a notification will be generated in the alerts table indicating that branch to be imported +does not exist. If a branch name is not supplied during import/re-import, the default branch +of the SonarQube project will be used. + +**Note:**: If `https` is used for the SonarQube, the certificate must be +trusted by the DefectDojo instance. diff --git a/docs/content/en/integrations/parsers/api/vulners.md b/docs/content/en/integrations/parsers/api/vulners.md new file mode 100644 index 00000000000..127919690c2 --- /dev/null +++ b/docs/content/en/integrations/parsers/api/vulners.md @@ -0,0 +1,19 @@ +--- +title: "Vulners" +toc_hide: true +--- +All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. + +Import Vulners [Audit](https://vulners.com/docs/API_wrapper/linux_audit/#linux-audit) results, no file required. + +In `Tool Configuration`, select `Tool Type` to "Vulners" and add the API Key + +In the `Product` settings select `Add API Scan Configuration` and select the previously added Vulners `API Tool Configuration`. + +After this is done, you can import the findings by selecting "Vulners" as the scan type. + +Detailed installation steps can be found in [vulners documentation](https://vulners.com/docs/plugins/defectdojo/). + +Use following [instructions](https://vulners.com/docs/apikey/) to generate Vulners API Key. + +More details about DefectDojo-plugin integration can be found at [vulners integrations page](https://vulners.com/plugins). diff --git a/docs/content/en/integrations/parsers/file/_index.md b/docs/content/en/integrations/parsers/file/_index.md new file mode 100644 index 00000000000..f567eacb2df --- /dev/null +++ b/docs/content/en/integrations/parsers/file/_index.md @@ -0,0 +1,6 @@ +--- +title: "Files" +description: "Report uploaded to DefectDojo as files" +weight: 1 +chapter: true +--- diff --git a/docs/content/en/integrations/parsers/file/acunetix.md b/docs/content/en/integrations/parsers/file/acunetix.md new file mode 100644 index 00000000000..96a2c2005cc --- /dev/null +++ b/docs/content/en/integrations/parsers/file/acunetix.md @@ -0,0 +1,8 @@ +--- +title: "Acunetix Scanner" +toc_hide: true +--- +XML format + +### Sample Scan Data +Sample Acunetix Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/acunetix). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/acunetix360.md b/docs/content/en/integrations/parsers/file/acunetix360.md new file mode 100644 index 00000000000..01b208bbeaa --- /dev/null +++ b/docs/content/en/integrations/parsers/file/acunetix360.md @@ -0,0 +1,8 @@ +--- +title: "Acunetix 360 Scanner" +toc_hide: true +--- +Vulnerabilities List - JSON report + +### Sample Scan Data +Sample Acunetix 360 Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/acunetix360). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/anchore_engine.md b/docs/content/en/integrations/parsers/file/anchore_engine.md new file mode 100644 index 00000000000..9e6f8982785 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/anchore_engine.md @@ -0,0 +1,40 @@ +--- +title: "Anchore-Engine" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file. + +Using the [Anchore CLI](https://docs.anchore.com/current/docs/using/cli_usage/images/inspecting_image_content/) is the most reliable way to generate an Anchore report which DefectDojo can parse. When generating a report with the Anchore CLI, please use the following command to ensure complete data: `anchore-cli --json image vuln all` + +### Acceptable JSON Format +All properties are strings and are required by the parser. + +~~~ + +{ + "imageDigest": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "vulnerabilities": [ + { + "feed": "example-feed", + "feed_group": "example-feed-group", + "fix": "1.2.4", + "package": "example-package", + "package_cpe": "cpe:2.3:a:*:example:1.2.3:*:*:*:*:*:*:*", + "package_name": "example-package-name", + "package_path": "path/to/package", + "package_type": "dpkg", + "package_version": "1.2.3", + "severity": "Medium", + "url": "https://example.com/cve/CVE-2011-3389", + "vuln": "CVE-2011-3389" + }, + ... + ], + "vulnerability_type": "os" +} +~~~ + +### Sample Scan Data +Sample Anchore-Engine scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/anchore_enterprise.md b/docs/content/en/integrations/parsers/file/anchore_enterprise.md new file mode 100644 index 00000000000..78d3441eb5c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/anchore_enterprise.md @@ -0,0 +1,8 @@ +--- +title: "Anchore Enterprise Policy Check" +toc_hide: true +--- +Anchore-CLI JSON policy check report format. + +### Sample Scan Data +Sample Anchore Enterprise Policy Check scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_enterprise). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/anchore_grype.md b/docs/content/en/integrations/parsers/file/anchore_grype.md new file mode 100644 index 00000000000..f2adec0d073 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/anchore_grype.md @@ -0,0 +1,192 @@ +--- +title: "Anchore Grype" +toc_hide: true +--- +### File Types +DefectDojo parser accepts a .json file. + +Anchore Grype JSON files are created using the Grype CLI, using the '-o json' option. See: https://github.com/anchore/grype + +**Example:** +{{< highlight bash >}} +grype yourApp/example-page -o json > example_vulns.json +{{< /highlight >}} + +### Acceptable JSON Format +All properties are expected as strings and are required by the parser. + +~~~ +{ + "matches": [ + { + "vulnerability": { + "id": "example-id", + "dataSource": "https://example.org/.../example-id", + "namespace": "exampleName", + "severity": "exampleSeverity", + "urls": [ + "https://example.org/.../example-id", + ... + ], + "cvss": [], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [] + }, + "relatedVulnerabilities": [ + { + "id": "first-related-example-id", + "dataSource": "https://example.org/.../related-example-id", + "namespace": "first-related-exampleName", + "severity": "first-related-exampleSeverity", + "urls": [ + "https://example.org/.../related-example-id", + ... + ], + "description": "first-example-description", + "cvss": [ + { + "version": "2.0", + "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 2.1, + "exploitabilityScore": 3.9, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ] + }, + ... + ], + "matchDetails": [ + { + "matcher": "example-matcher", + "searchedBy": { + "distro": { + "type": "example-distrotype", + "version": "10" + }, + "namespace": "exampleName", + "package": { + "name": "example-package", + "version": "1.17-3+deb10u3" + } + }, + "found": { + "versionConstraint": "none (deb)" + } + } + ], + "artifact": { + "name": "example-artifact", + "version": "example-artifact-version", + "type": "example-type", + "locations": [ + { + "path": ".../examplePath/", + "layerID": "exampleLayerID" + }, + { + "path": ".../examplePath-2/", + "layerID": "exampleLayerID" + }, + ... + ], + "language": "", + "licenses": [ + "GPL-2" + ], + "cpes": [ + "example-cpe", + ... + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u3?arch=amd64", + "metadata": { + "Source": "krb5" + } + } + }, + ... + ], + "source": { + "type": "image", + "target": { + "userInput": "vulnerable-image:latest", + "imageID": "sha256:ce9898fd214aef9c994a42624b09056bdce3ff4a8e3f68dc242d967b80fcbeee", + "manifestDigest": "sha256:9d8825ab20ac86b40eb71495bece1608a302fb180384740697a28c2b0a5a0fc6", + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "tags": [ + "vulnerable-image:latest" + ], + "imageSize": 707381791, + "layers": [ + { + "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", + "digest": "sha256:d000633a56813933cb0ac5ee3246cf7a4c0205db6290018a169d7cb096581046", + "size": 69238554 + }, + ... + ], + "manifest": "exampleManifestString==", + "config": "exampleConfigString", + "repoDigests": [] + } + }, + "distro": { + "name": "debian", + "version": "10", + "idLike": "" + }, + "descriptor": { + "name": "grype", + "version": "0.28.0", + "configuration": { + "configPath": "", + "output": "json", + "file": "", + "output-template-file": "", + "quiet": false, + "check-for-app-update": true, + "only-fixed": false, + "scope": "Squashed", + "log": { + "structured": false, + "level": "", + "file": "" + }, + "db": { + "cache-dir": "/home/user/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false + }, + "dev": { + "profile-cpu": false, + "profile-mem": false + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": [] + }, + "ignore": null, + "exclude": [] + }, + "db": { + "built": "2021-12-24T08:14:02Z", + "schemaVersion": 3, + "location": "/home/user/.cache/grype/db/3", + "checksum": "sha256:6c4777e1acea787e5335ccee6b5e4562cd1767b9cca138c07e0802efb2a74162", + "error": null + } + } +} +~~~ + +### Sample Scan Data +Sample Grype scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_grype). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/anchorectl_policies.md b/docs/content/en/integrations/parsers/file/anchorectl_policies.md new file mode 100644 index 00000000000..8ff36f72396 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/anchorectl_policies.md @@ -0,0 +1,8 @@ +--- +title: "AnchoreCTL Policies Report" +toc_hide: true +--- +AnchoreCTLs JSON policies report format + +### Sample Scan Data +Sample AnchoreCTL Policies Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_policies). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/anchorectl_vulns.md b/docs/content/en/integrations/parsers/file/anchorectl_vulns.md new file mode 100644 index 00000000000..7f41b0e0a47 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/anchorectl_vulns.md @@ -0,0 +1,8 @@ +--- +title: "AnchoreCTL Vuln Report" +toc_hide: true +--- +AnchoreCTLs JSON vulnerability report format + +### Sample Scan Data +Sample AnchoreCTL Vuln Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_vulns). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/appspider.md b/docs/content/en/integrations/parsers/file/appspider.md new file mode 100644 index 00000000000..0fd952c0f0d --- /dev/null +++ b/docs/content/en/integrations/parsers/file/appspider.md @@ -0,0 +1,9 @@ +--- +title: "AppSpider (Rapid7)" +toc_hide: true +--- +Use the VulnerabilitiesSummary.xml file found in the zipped report +download. + +### Sample Scan Data +Sample AppSpider (Rapid7) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/appspider). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/aqua.md b/docs/content/en/integrations/parsers/file/aqua.md new file mode 100644 index 00000000000..78b5f0cb384 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/aqua.md @@ -0,0 +1,8 @@ +--- +title: "Aqua" +toc_hide: true +--- +JSON report format. + +### Sample Scan Data +Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/arachni.md b/docs/content/en/integrations/parsers/file/arachni.md new file mode 100644 index 00000000000..0c48e534d13 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/arachni.md @@ -0,0 +1,14 @@ +--- +title: "Arachni Scanner" +toc_hide: true +--- +Arachni Web Scanner (https://www.arachni-scanner.com) + +Reports are generated with `arachni_reporter` tool this way: + +{{< highlight bash >}} +arachni_reporter --reporter 'json' js.com.afr +{{< /highlight >}} + +### Sample Scan Data +Sample Arachni Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/arachni). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/asff.md b/docs/content/en/integrations/parsers/file/asff.md new file mode 100644 index 00000000000..de830908aa2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/asff.md @@ -0,0 +1,13 @@ +--- +title: "AWS Security Finding Format (ASFF)" +toc_hide: true +--- + +AWS Security Hub consumes, aggregates, organizes, and prioritizes findings from AWS security services and from the third-party product integrations. Security Hub processes these findings using a standard findings format called the AWS Security Finding Format (ASFF), which eliminates the need for time-consuming data conversion efforts. Then it correlates ingested findings across products to prioritize the most important ones. + +Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html + +Prowler tool can generate this format with option `-M json-asff`. + +### Sample Scan Data +Sample AWS Security Finding Format (ASFF) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/asff). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/auditjs.md b/docs/content/en/integrations/parsers/file/auditjs.md new file mode 100644 index 00000000000..03ed4e4bf8e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/auditjs.md @@ -0,0 +1,12 @@ +--- +title: "AuditJS (OSSIndex)" +toc_hide: true +--- +AuditJS scanning tool using OSSIndex database and generated with `--json` or `-j` option (). + +{{< highlight bash >}} +auditjs ossi --json > auditjs_report.json +{{< /highlight >}} + +### Sample Scan Data +Sample AuditJS (OSSIndex) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/auditjs). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/aws_prowler.md b/docs/content/en/integrations/parsers/file/aws_prowler.md new file mode 100644 index 00000000000..628b657ef07 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/aws_prowler.md @@ -0,0 +1,8 @@ +--- +title: "AWS Prowler Scanner" +toc_hide: true +--- +Prowler file can be imported as a CSV (`-M csv`) or JSON (`-M json`) file. + +### Sample Scan Data +Sample AWS Prowler Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/aws_prowler_v3.md b/docs/content/en/integrations/parsers/file/aws_prowler_v3.md new file mode 100644 index 00000000000..17dcf9698ae --- /dev/null +++ b/docs/content/en/integrations/parsers/file/aws_prowler_v3.md @@ -0,0 +1,72 @@ +--- +title: "AWS Prowler V3" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file. Please note: earlier versions of AWS Prowler create output data in a different format. See our other documentation if you are using an earlier version of AWS Prowler: https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler/ + +JSON reports can be created from the [AWS Prowler V3 CLI](https://docs.prowler.cloud/en/latest/tutorials/reporting/#json) using the following command: `prowler -M json` + +### Acceptable JSON Format +Parser expects an array of assessments. All properties are strings and are required by the parser. + +~~~ + +[ + { + "AssessmentStartTime": "example_timestamp", + "FindingUniqueId": "example_uniqueIdFromTool", + "Provider": "example_provider", + "CheckID": "acm_certificates_expiration_check", + "CheckTitle": "Check if ACM Certificates are about to expire in specific days or less", + "CheckType": [ + "Example ASFF-Compliant Finding Type" + ], + "ServiceName": "example_awsServiceName", + "SubServiceName": "", + "Status": "FAIL", + "StatusExtended": "Example status description", + "Severity": "example_severity", + "ResourceType": "AwsCertificateManagerCertificate", + "ResourceDetails": "", + "Description": "Example general test description.", + "Risk": "Example test impact description.", + "RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html", + "Remediation": { + "Code": { + "NativeIaC": "", + "Terraform": "", + "CLI": "", + "Other": "" + }, + "Recommendation": { + "Text": "Example recommendation.", + "Url": "https://docs.aws.amazon.com/config/latest/developerguide/example_related_documentation.html" + } + }, + "Compliance": { + "GDPR": [ + "article_32" + ], + ... + }, + "Categories": [], + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Profile": null, + "AccountId": "example_accountId", + "OrganizationsInfo": null, + "Region": "example_region", + "ResourceId": "example.resource.id.com", + "ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000", + "ResourceTags": {} + } + ... +] + +~~~ + +### Sample Scan Data +Unit tests of AWS Prowler V3 JSON can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3. \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/aws_scout2.md b/docs/content/en/integrations/parsers/file/aws_scout2.md new file mode 100644 index 00000000000..2a5cbbf7157 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/aws_scout2.md @@ -0,0 +1,17 @@ +--- +title: "AWS Scout2 Scanner (deprecated)" +toc_hide: true +--- +JS file in scout2-report/inc-awsconfig/aws\_config.js. + +{{% alert title="Warning" color="warning" %}} +AWS Scout2 Scanner is deprecated and has been replaced with ScoutSuite (https://github.com/nccgroup/ScoutSuite) upstream. +Please switch to the new parser for ScoutSuite. +{{% /alert %}} + +{{% alert title="Warning" color="warning" %}} +This parser is disactivated by default in releases >= 2.3.1 and will be removed in release >= 3.x.x. +{{% /alert %}} + +### Sample Scan Data +Sample AWS Scout2 Scanner (deprecated) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_scout2). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/awssecurityhub.md b/docs/content/en/integrations/parsers/file/awssecurityhub.md new file mode 100644 index 00000000000..3e101cdd22b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/awssecurityhub.md @@ -0,0 +1,88 @@ +--- +title: "AWS Security Hub" +toc_hide: true +--- +### File Types +DefectDojo parser accepts a .json file. + +JSON reports can be created from the [AWS Security Hub CLI](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html) using the following command: `aws securityhub get-findings`. + +### Acceptable JSON Format +Parser expects a .json file, with an array of Findings contained within a single JSON object. All properties are strings and are required by the parser. + +~~~ +{ + "findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", + "GeneratorId": "aws-foundational-security-best-practices/v/1.0.0/IAM.5", + "AwsAccountId": "012345678912", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices" + ], + "FirstObservedAt": "2020-06-08T14:33:07.560Z", + "LastObservedAt": "2020-06-14T21:02:53.940Z", + "CreatedAt": "2020-06-08T14:33:07.560Z", + "UpdatedAt": "2020-06-14T21:02:53.454Z", + "Severity": { + "Product": 0, + "Label": "INFORMATIONAL", + "Normalized": 0, + "Original": "INFORMATIONAL" + }, + "Title": "IAM.5 MFA should be enabled for all IAM users that have console password", + "Description": "This AWS control checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password.", + "Remediation": { + "Recommendation": { + "Text": "For directions on how to fix this issue, please consult the AWS Security Hub Foundational Security Best Practices documentation.", + "Url": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation" + } + }, + "ProductFields": { + "StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0", + "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0", + "ControlId": "IAM.5", + "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation", + "RelatedAWSResources:0/name": "securityhub-mfa-enabled-for-iam-console-access-9ae73a2f", + "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", + "StandardsControlArn": "arn:aws:securityhub:us-east-1:012345678912:control/aws-foundational-security-best-practices/v/1.0.0/IAM.5", + "aws/securityhub/SeverityLabel": "INFORMATIONAL", + "aws/securityhub/ProductName": "Security Hub", + "aws/securityhub/CompanyName": "AWS", + "aws/securityhub/annotation": "AWS Config evaluated your resources against the rule. The rule did not apply to the AWS resources in its scope, the specified resources were deleted, or the evaluation results were deleted.", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1" + }, + "Resources": [ + { + "Type": "AwsAccount", + "Id": "AWS::::Account:012345678912", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "StatusReasons": [ + { + "ReasonCode": "CONFIG_EVALUATIONS_EMPTY", + "Description": "AWS Config evaluated your resources against the rule. The rule did not apply to the AWS resources in its scope, the specified resources were deleted, or the evaluation results were deleted." + } + ] + }, + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE" + }, + ... + ] +} + + +~~~ + +### Sample Scan Data +Sample scan data for testing purposes can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/awssecurityhub). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/azure_security_center_recommendations.md b/docs/content/en/integrations/parsers/file/azure_security_center_recommendations.md new file mode 100644 index 00000000000..c4bffbd7a3a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/azure_security_center_recommendations.md @@ -0,0 +1,8 @@ +--- +title: "Azure Security Center Recommendations Scan" +toc_hide: true +--- +Azure Security Center recommendations can be exported from the user interface in CSV format. + +### Sample Scan Data +Sample Azure Security Center Recommendations Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/azure_security_center_recommendations). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/bandit.md b/docs/content/en/integrations/parsers/file/bandit.md new file mode 100644 index 00000000000..70fde4b58b0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/bandit.md @@ -0,0 +1,67 @@ +--- +title: "Bandit" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file. + +To export a .json file from Bandit, you will need to install and run the .json report formatter from your Bandit instance. +See Bandit documentation: https://bandit.readthedocs.io/en/latest/formatters/index.html + +### Acceptable JSON Format +All properties are expected as strings, except "metrics" properties, which are expected as numbers. All properties are required by the parser. + +~~~ +{ + "errors": [], + "generated_at": "example-timestamp", + "metrics": { + "_totals": { + "CONFIDENCE.HIGH": 1.0, + "CONFIDENCE.LOW": 0.0, + "CONFIDENCE.MEDIUM": 0.0, + "CONFIDENCE.UNDEFINED": 0.0, + "SEVERITY.HIGH": 0.0, + "SEVERITY.LOW": 1.0, + "SEVERITY.MEDIUM": 0.0, + "SEVERITY.UNDEFINED": 0.0, + "loc": 2, + "nosec": 0 + }, + "one/one.py": { + "CONFIDENCE.HIGH": 1.0, + "CONFIDENCE.LOW": 0.0, + "CONFIDENCE.MEDIUM": 0.0, + "CONFIDENCE.UNDEFINED": 0.0, + "SEVERITY.HIGH": 0.0, + "SEVERITY.LOW": 1.0, + "SEVERITY.MEDIUM": 0.0, + "SEVERITY.UNDEFINED": 0.0, + "loc": 2, + "nosec": 0 + } + ... + }, + "results": [ + { + "code": "1 import os\n2 assert False\n", + "filename": "example.filename", + "issue_confidence": "example_confidence", + "issue_severity": "example_severity", + "issue_text": "Example issue description.", + "line_number": 2, + "line_range": [ + 2 + ], + "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html", + "test_id": "B101", + "test_name": "assert_used" + } + ... + ] +} +~~~ + +### Sample Scan Data +Sample Bandit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bandit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/blackduck.md b/docs/content/en/integrations/parsers/file/blackduck.md new file mode 100644 index 00000000000..7f8226fd1e6 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/blackduck.md @@ -0,0 +1,14 @@ +--- +title: "Blackduck Hub" +toc_hide: true +--- +2 options: + +* Import the zip file as can be created by Blackduck export. +The zip file must contain the security.csv and files.csv in order to +produce findings that bear file locations information. +* Import a single security.csv file. Findings will not have any file location +information. + +### Sample Scan Data +Sample Blackduck Hub scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/blackduck_binary_analysis.md b/docs/content/en/integrations/parsers/file/blackduck_binary_analysis.md new file mode 100644 index 00000000000..a51cea701a3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/blackduck_binary_analysis.md @@ -0,0 +1,23 @@ +--- +title: "Blackduck Binary Analysis" +toc_hide: true +--- + +#### **What** #### +Black Duck Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts. + +Using a combination of static and string analysis techniques coupled with fuzzy matching against the Black Duck KnowledgeBase, Black Duck Binary Analysis quickly and reliably identifies components, even if they’ve been modified. + +For more info, check out Black Duck Binary Analysis [here](https://www.synopsys.com/software-integrity/software-composition-analysis-tools/binary-analysis.html). + +#### **Why** #### +Open source vulnerabilities aren’t the only security issues that might be lurking in application binaries. + +Black Duck Binary Analysis can also detect if sensitive information like email addresses, authorization tokens, compiler switches, and passwords are exposed, and it identifies when mobile applications request excessive permissions—all of which puts your organization and users' personal data at risk. + +#### **How** #### +* Initiate Black Duck Binary Analysis scans using the UI, REST API, or drivers such as [pwn_bdba_scan](https://github.com/0dayinc/pwn/blob/master/bin/pwn_bdba_scan) found within the security automation framework, [PWN](https://github.com/0dayinc/pwn) +* Import a single BDBA vulnerabilty csv results file into DefectDojo leveraging the UI, REST API, or drivers such as [pwn_defectdojo_importscan](https://github.com/0dayInc/pwn/blob/master/bin/pwn_defectdojo_importscan) or [pwn_defectdojo_reimportscan](https://github.com/0dayInc/pwn/blob/master/bin/pwn_defectdojo_reimportscan). + +### Sample Scan Data +Sample Blackduck Binary Analysis scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/blackduck_component_risk.md b/docs/content/en/integrations/parsers/file/blackduck_component_risk.md new file mode 100644 index 00000000000..0a8ff1e7b1e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/blackduck_component_risk.md @@ -0,0 +1,8 @@ +--- +title: "Blackduck Component Risk" +toc_hide: true +--- +Upload the zip file containing the security.csv and files.csv. + +### Sample Scan Data +Sample Blackduck Component Risk scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_component_risk). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/brakeman.md b/docs/content/en/integrations/parsers/file/brakeman.md new file mode 100644 index 00000000000..ca708641383 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/brakeman.md @@ -0,0 +1,8 @@ +--- +title: "Brakeman Scan" +toc_hide: true +--- +Import Brakeman Scanner findings in JSON format. + +### Sample Scan Data +Sample Brakeman Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/brakeman). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/bugcrowd.md b/docs/content/en/integrations/parsers/file/bugcrowd.md new file mode 100644 index 00000000000..a04076f853e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/bugcrowd.md @@ -0,0 +1,8 @@ +--- +title: "Bugcrowd" +toc_hide: true +--- +Import Bugcrowd results in CSV format. + +### Sample Scan Data +Sample Bugcrowd scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bugcrowd). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/bundler_audit.md b/docs/content/en/integrations/parsers/file/bundler_audit.md new file mode 100644 index 00000000000..04d8bceb423 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/bundler_audit.md @@ -0,0 +1,8 @@ +--- +title: "Bundler-Audit" +toc_hide: true +--- +Import the text output generated with bundle-audit check + +### Sample Scan Data +Sample Bundler-Audit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bundler_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/burp.md b/docs/content/en/integrations/parsers/file/burp.md new file mode 100644 index 00000000000..e299f775b3c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/burp.md @@ -0,0 +1,44 @@ +--- +title: "Burp XML" +toc_hide: true +--- +### File Types +DefectDojo parser accepts Burp Issue data as an .xml file. +To parse an HTML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp_enterprise/ + +When the Burp report is generated, **the recommended option is Base64 +encoding both the request and response fields** - e.g. check the box +that says \"Base64-encode requests and responses\". These fields will be +processed and made available in the \'Finding View\' page. + +See also: Burp documentation - XML export is described under "Export Issue data". https://portswigger.net/burp/documentation/enterprise/work-with-scan-results/generate-reports + +### Acceptable XML Format +All XML elements are required and will be parsed as strings. + +~~~ + + + exampleSerialNumber + exampleTypeNumber + Example Issue Name + http://bwa + + + Example Severity + Firm + + + + + + + false + + + ... + +~~~ + +### Sample Scan Data +Sample Burp scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/burp_api.md b/docs/content/en/integrations/parsers/file/burp_api.md new file mode 100644 index 00000000000..686e781b043 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/burp_api.md @@ -0,0 +1,8 @@ +--- +title: "Burp REST API" +toc_hide: true +--- +Import Burp REST API scan data in JSON format (/scan/[task_id] endpoint). + +### Sample Scan Data +Sample Burp REST API scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_api). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/burp_enterprise.md b/docs/content/en/integrations/parsers/file/burp_enterprise.md new file mode 100644 index 00000000000..a328ac1b135 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/burp_enterprise.md @@ -0,0 +1,13 @@ +--- +title: "Burp Enterprise Scan" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a Standard Report as an HTML file. To parse an XML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp/ + +See also Burp documentation for info on how to export a Standard Report: +https://portswigger.net/burp/documentation/enterprise/work-with-scan-results/generate-reports + +### Sample Scan Data +Sample Burp Enterprise Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_enterprise). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/burp_graphql.md b/docs/content/en/integrations/parsers/file/burp_graphql.md new file mode 100644 index 00000000000..90d60c4394b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/burp_graphql.md @@ -0,0 +1,108 @@ +--- +title: "Burp GraphQL" +toc_hide: true +--- +Import the JSON data returned from the BurpSuite Enterprise GraphQL API. Append all the +issues returned to a list and save it as the value for the key "Issues". There is no need +to filter duplicates, the parser will automatically combine issues with the same name. + +Example: + +{{< highlight json >}} +{ + "Issues": [ + { + "issue_type": { + "name": "Cross-site scripting (reflected)", + "description_html": "Issue Description", + "remediation_html": "Issue Remediation", + "vulnerability_classifications_html": "
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • ", + "references_html": "
  • Cross-site scripting
    • " + }, + "description_html": "Details", + "remediation_html": "Remediation Details", + "severity": "high", + "path": "/burp", + "origin": "https://portswigger.net", + "evidence": [ + { + "request_index": 0, + "request_segments": [ + { + "data_html": "GET" + }, + { + "highlight_html": "data" + }, + { + "data_html": " HTTP More data" + } + ] + }, + { + "response_index": 0, + "response_segments": [ + { + "data_html": "HTTP/2 200 OK " + }, + { + "highlight_html": "data" + }, + { + "data_html": "More data" + } + ] + } + ] + } + ] +} +{{< /highlight >}} + +Example GraphQL query to get issue details: + +{{< highlight graphql >}} + query Issue ($id: ID!, $serial_num: ID!) { + issue(scan_id: $id, serial_number: $serial_num) { + issue_type { + name + description_html + remediation_html + vulnerability_classifications_html + references_html + } + description_html + remediation_html + severity + path + origin + evidence { + ... on Request { + request_index + request_segments { + ... on DataSegment { + data_html + } + ... on HighlightSegment { + highlight_html + } + } + } + ... on Response { + response_index + response_segments { + ... on DataSegment { + data_html + } + ... on HighlightSegment { + highlight_html + } + } + } + } + } + } +{{< /highlight >}} + +### Sample Scan Data +Sample Burp GraphQL scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_graphql). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/cargo_audit.md b/docs/content/en/integrations/parsers/file/cargo_audit.md new file mode 100644 index 00000000000..d56b41200c8 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/cargo_audit.md @@ -0,0 +1,8 @@ +--- +title: "CargoAudit Scan" +toc_hide: true +--- +Import JSON output of cargo-audit scan report + +### Sample Scan Data +Sample CargoAudit Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cargo_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/checkmarx.md b/docs/content/en/integrations/parsers/file/checkmarx.md new file mode 100644 index 00000000000..679adf935f9 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/checkmarx.md @@ -0,0 +1,17 @@ +--- +title: "Checkmarx" +toc_hide: true +--- +- `Checkmarx Scan`, `Checkmarx Scan detailed`: XML report from Checkmarx SAST (source code analysis) +- `Checkmarx OSA`: json report from Checkmarx Open Source Analysis (dependencies analysis) + +To generate the OSA report using Checkmarx CLI: +`./runCxConsole.sh OsaScan -v -CxServer <...> -CxToken <..> -projectName <...> -enableOsa -OsaLocationPath -OsaJson ` + +That will generate three files, two of which are needed for defectdojo. Build the file for defectdojo with the jq utility: +`jq -s . CxOSAVulnerabilities.json CxOSALibraries.json` + +Data for SAST, SCA and KICS are supported. + +### Sample Scan Data +Sample Checkmarx scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/checkmarx). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/checkov.md b/docs/content/en/integrations/parsers/file/checkov.md new file mode 100644 index 00000000000..8c45815da14 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/checkov.md @@ -0,0 +1,52 @@ +--- +title: "Checkov Report" +toc_hide: true +--- +### File Types +DefectDojo parser accepts Checkov scan data as a .JSON file. + +JSON files can be created from the Checkov CLI: https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html + +### Acceptable JSON Format + +~~~ +{ + "check_type": "terraform", + "results": { + "passed_checks": [ + ], + "failed_checks": [ + { + "check_id": "CKV_AZURE_41", + "check_name": "Ensure the key vault is recoverable", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + ], + "file_path": "file_path", + "file_line_range": [ + 1, + 16 + ], + "resource": "azurerm_key_vault.main", + "check_class": "checkov.terraform.checks.resource.azure.KeyvaultRecoveryEnabled", + "guideline": "https://docs.bridgecrew.io/docs/ensure-the-key-vault-is-recoverable" + }, + ... + ], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 0, + "failed": 2, + "skipped": 0, + "parsing_errors": 0, + "checkov_version": "1.0.467" + } +} +~~~ + +### Sample Scan Data +Sample Checkov scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/checkov). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/chefinspect.md b/docs/content/en/integrations/parsers/file/chefinspect.md new file mode 100644 index 00000000000..193dbb17817 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/chefinspect.md @@ -0,0 +1,11 @@ +--- +title: "Chef Inspect Log" +toc_hide: true +--- +Chef Inspect outputs log from https://github.com/inspec/inspec + +### File Types +DefectDojo parser accepts Chef Inspect log scan data as a .log or .txt file. + +### Sample Scan Data +Sample Chef Inspect logs can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/chefinspect diff --git a/docs/content/en/integrations/parsers/file/clair.md b/docs/content/en/integrations/parsers/file/clair.md new file mode 100644 index 00000000000..235f801ee94 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/clair.md @@ -0,0 +1,8 @@ +--- +title: "Clair Scan" +toc_hide: true +--- +Import JSON reports of Docker image vulnerabilities. + +### Sample Scan Data +Sample Clair Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/clair). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/clair_klar.md b/docs/content/en/integrations/parsers/file/clair_klar.md new file mode 100644 index 00000000000..05651bf267c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/clair_klar.md @@ -0,0 +1,9 @@ +--- +title: "Clair Klar Scan" +toc_hide: true +--- +Import JSON reports of Docker image vulnerabilities from clair klar +client. + +### Sample Scan Data +Sample Clair Klar Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/clair_klar). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/cloudsploit.md b/docs/content/en/integrations/parsers/file/cloudsploit.md new file mode 100644 index 00000000000..8e178efdffa --- /dev/null +++ b/docs/content/en/integrations/parsers/file/cloudsploit.md @@ -0,0 +1,8 @@ +--- +title: "Cloudsploit (AquaSecurity)" +toc_hide: true +--- +From: https://github.com/aquasecurity/cloudsploit . Import the JSON output. + +### Sample Scan Data +Sample Cloudsploit (AquaSecurity) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cloudsploit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/cobalt.md b/docs/content/en/integrations/parsers/file/cobalt.md new file mode 100644 index 00000000000..c17f0f662a5 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/cobalt.md @@ -0,0 +1,8 @@ +--- +title: "Cobalt.io Scan" +toc_hide: true +--- +CSV Report + +### Sample Scan Data +Sample Cobalt.io Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cobalt). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/codechecker.md b/docs/content/en/integrations/parsers/file/codechecker.md new file mode 100644 index 00000000000..912fdcab269 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/codechecker.md @@ -0,0 +1,24 @@ +--- +title: "Codechecker Report native" +toc_hide: true +--- +Import Codechecker static analyzer report in JSON format: https://codechecker.readthedocs.io/en/latest/ +Report format described here: https://codechecker.readthedocs.io/en/latest/analyzer/user_guide/#parse + +One could make Codechecker JSON report using command like this: +```shell +CodeChecker parse /path/to/codechecker/analyzer/output/directory -e json -o /path/to/output/file.json +``` + +Before this step you should build your project with Codechecker build process interception, +```shell +odeChecker log -b "make -j8" -o ./my.project.codechecker.log +``` + +then analyze it +```shell +CodeChecker analyze ./codechecker.log -o /path/to/codechecker/analyzer/output/directory +``` + +### Sample Scan Data +Sample Codechecker Report native scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/codechecker). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/codeql.md b/docs/content/en/integrations/parsers/file/codeql.md new file mode 100644 index 00000000000..ed26dc1571f --- /dev/null +++ b/docs/content/en/integrations/parsers/file/codeql.md @@ -0,0 +1,12 @@ +--- +title: "CodeQL" +toc_hide: true +--- +CodeQL can be used to generate a SARIF report, that can be imported into Defect Dojo: + +```shell +codeql database analyze db python-security-and-quality.qls --sarif-add-snippets --format=sarif-latest --output=security-extended.sarif +``` + +The same can be achieved by running the CodeQL GitHub action with the `add-snippet` property set to true. + diff --git a/docs/content/en/integrations/parsers/file/contrast.md b/docs/content/en/integrations/parsers/file/contrast.md new file mode 100644 index 00000000000..bf667bc7bd0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/contrast.md @@ -0,0 +1,8 @@ +--- +title: "Contrast Scanner" +toc_hide: true +--- +CSV Report + +### Sample Scan Data +Sample Contrast Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/contrast). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/coverity_api.md b/docs/content/en/integrations/parsers/file/coverity_api.md new file mode 100644 index 00000000000..8d72942a292 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/coverity_api.md @@ -0,0 +1,16 @@ +--- +title: "Coverity API" +toc_hide: true +--- +Export Coverity API view data in JSON format (`/api/viewContents/issues` endpoint). + +Currently these columns are mandatory: + * `displayType` (`Type` in the UI) + * `displayImpact` (`Impact` in the UI) + * `status` (`Status` in the UI) + * `firstDetected` (`First Detected` in the UI) + +Other supported attributes: `cwe`, `displayFile`, `occurrenceCount` and `firstDetected` + +### Sample Scan Data +Sample Coverity API scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/coverity_api). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/crashtest_security.md b/docs/content/en/integrations/parsers/file/crashtest_security.md new file mode 100644 index 00000000000..cce1b524cf6 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/crashtest_security.md @@ -0,0 +1,8 @@ +--- +title: "Crashtest Security" +toc_hide: true +--- +Import JSON Report Import XML Report in JUnit Format + +### Sample Scan Data +Sample Crashtest Security scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/crashtest_security). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/cred_scan.md b/docs/content/en/integrations/parsers/file/cred_scan.md new file mode 100644 index 00000000000..7a52a74b141 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/cred_scan.md @@ -0,0 +1,8 @@ +--- +title: "CredScan Report" +toc_hide: true +--- +Import CSV credential scanner reports + +### Sample Scan Data +Sample CredScan Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cred_scan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/cyclonedx.md b/docs/content/en/integrations/parsers/file/cyclonedx.md new file mode 100644 index 00000000000..d0d6a4e61a2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/cyclonedx.md @@ -0,0 +1,31 @@ +--- +title: "CycloneDX" +toc_hide: true +--- +CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. + +From: https://www.cyclonedx.org/ + +Example with Anchore Grype: + +{{< highlight bash >}} +./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml +{{< /highlight >}} + +Example with `cyclonedx-bom` tool: + +{{< highlight bash >}} +pip install cyclonedx-bom +cyclonedx-py +{{< /highlight >}} + +{{< highlight bash >}} + Usage: cyclonedx-py [OPTIONS] + Options: + -i - the alternate filename to a frozen requirements.txt + -o - the bom file to create + -j - generate JSON instead of XML +{{< /highlight >}} + +### Sample Scan Data +Sample CycloneDX scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cyclonedx). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dawnscanner.md b/docs/content/en/integrations/parsers/file/dawnscanner.md new file mode 100644 index 00000000000..bc3682cf9a8 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dawnscanner.md @@ -0,0 +1,8 @@ +--- +title: "DawnScanner" +toc_hide: true +--- +Import report in JSON generated with -j option + +### Sample Scan Data +Sample DawnScanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dawnscanner). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dependency_check.md b/docs/content/en/integrations/parsers/file/dependency_check.md new file mode 100644 index 00000000000..ddc631a1279 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dependency_check.md @@ -0,0 +1,13 @@ +--- +title: "Dependency Check" +toc_hide: true +--- +OWASP Dependency Check output can be imported in Xml format. This parser ingests the vulnerable dependencies and inherits the suppressions. + +* Suppressed vulnerabilities are tagged with the tag: `suppressed`. +* Suppressed vulnerabilities are marked as mitigated. +* If the suppression is missing any `` tag, it tags them as `no_suppression_document`. +* Related vulnerable dependencies are tagged with `related` tag. + +### Sample Scan Data +Sample Dependency Check scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dependency_check). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dependency_track.md b/docs/content/en/integrations/parsers/file/dependency_track.md new file mode 100644 index 00000000000..147d0afe4b5 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dependency_track.md @@ -0,0 +1,14 @@ +--- +title: "Dependency Track" +toc_hide: true +--- +Dependency Track has implemented a DefectDojo integration. Information about +how to configure the integration is documented here: +https://docs.dependencytrack.org/integrations/defectdojo/ + +Alternatively, the Finding Packaging Format (FPF) from OWASP Dependency Track can be +imported in JSON format. See here for more info on this JSON format: + + +### Sample Scan Data +Sample Dependency Track scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dependency_track). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/detect_secrets.md b/docs/content/en/integrations/parsers/file/detect_secrets.md new file mode 100644 index 00000000000..b9a54199389 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/detect_secrets.md @@ -0,0 +1,8 @@ +--- +title: "Detect-secrets" +toc_hide: true +--- +Import of JSON report from + +### Sample Scan Data +Sample Detect-secrets scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/detect_secrets). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dockerbench.md b/docs/content/en/integrations/parsers/file/dockerbench.md new file mode 100644 index 00000000000..f4f2840fa75 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dockerbench.md @@ -0,0 +1,9 @@ +--- +title: "docker-bench-security Scanner" +toc_hide: true +--- +Import JSON reports of OWASP [docker-bench-security](https://github.com/docker/docker-bench-security). +docker-bench-security is a script that make tests based on [CIS Docker Benchmark](https://www.cisecurity.org/benchmark/docker/). + +### Sample Scan Data +Sample docker-bench-security Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dockerbench). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dockle.md b/docs/content/en/integrations/parsers/file/dockle.md new file mode 100644 index 00000000000..b3944b174da --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dockle.md @@ -0,0 +1,9 @@ +--- +title: "Dockle Report" +toc_hide: true +--- +Import JSON container image linter reports + + +### Sample Scan Data +Sample Dockle Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dockle). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/drheader.md b/docs/content/en/integrations/parsers/file/drheader.md new file mode 100644 index 00000000000..26789703c9f --- /dev/null +++ b/docs/content/en/integrations/parsers/file/drheader.md @@ -0,0 +1,9 @@ +--- +title: "DrHeader" +toc_hide: true +--- +Import of JSON report from + + +### Sample Scan Data +Sample DrHeader scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/drheader). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/dsop.md b/docs/content/en/integrations/parsers/file/dsop.md new file mode 100644 index 00000000000..cbee05be1b1 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/dsop.md @@ -0,0 +1,8 @@ +--- +title: "DSOP Scan" +toc_hide: true +--- +Import XLSX findings from DSOP vulnerability scan pipelines. + +### Sample Scan Data +Sample DSOP Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/dsop). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/edgescan.md b/docs/content/en/integrations/parsers/file/edgescan.md new file mode 100644 index 00000000000..aca05133a74 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/edgescan.md @@ -0,0 +1,6 @@ +--- +title: "Edgescan" +toc_hide: true +--- +Import Edgescan vulnerabilities by JSON file or [API - no file required](../../api/edgescan.md) + diff --git a/docs/content/en/integrations/parsers/file/eslint.md b/docs/content/en/integrations/parsers/file/eslint.md new file mode 100644 index 00000000000..8bf3dbcafa0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/eslint.md @@ -0,0 +1,8 @@ +--- +title: "ESLint" +toc_hide: true +--- +ESLint Json report format (-f json) + +### Sample Scan Data +Sample ESLint scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/eslint). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/fortify.md b/docs/content/en/integrations/parsers/file/fortify.md new file mode 100644 index 00000000000..bbd44f4fff3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/fortify.md @@ -0,0 +1,8 @@ +--- +title: "Fortify" +toc_hide: true +--- +Import Findings from XML file format. + +### Sample Scan Data +Sample Fortify scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/fortify). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md b/docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md new file mode 100644 index 00000000000..cb752af29c5 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md @@ -0,0 +1,12 @@ +--- +title: "Google Cloud Artifact Vulnerability Scan" +toc_hide: true +--- +Google Cloud has a Artifact Registry that you can enable security scans https://cloud.google.com/artifact-registry/docs/analysis +Once a scan is completed, results can be pulled via API/gcloud https://cloud.google.com/artifact-analysis/docs/metadata-storage and exported to JSON + +### File Types +DefectDojo parser accepts Google Cloud Artifact Vulnerability Scan data as a .json file. + +### Sample Scan Data +Sample reports can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gcloud_artifact_scan \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/generic.md b/docs/content/en/integrations/parsers/file/generic.md new file mode 100644 index 00000000000..36e90ab6557 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/generic.md @@ -0,0 +1,115 @@ +--- +title: "Generic Findings Import" +toc_hide: true +--- +Import Generic findings in CSV or JSON format. + +Attributes supported for CSV: +- Date: Date of the finding in mm/dd/yyyy format. +- Title: Title of the finding +- CweId: Cwe identifier, must be an integer value. +- Url: Url associated with the finding. +- Severity: Severity of the finding. Must be one of Info, Low, Medium, High, or Critical. +- Description: Description of the finding. Can be multiple lines if enclosed in double quotes. +- Mitigation: Possible Mitigations for the finding. Can be multiple lines if enclosed in double quotes. +- Impact: Detailed impact of the finding. Can be multiple lines if enclosed in double quotes. +- References: References associated with the finding. Can be multiple lines if enclosed in double quotes. +- Active: Indicator if the finding is active. Must be empty, TRUE or FALSE +- Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE +- FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE. +- Duplicate:Indicator if the finding is a duplicate. Must be TRUE, or FALSE + +The CSV expects a header row with the names of the attributes. + +Example of JSON format: + +```JSON +{ + "findings": [ + { + "title": "test title with endpoints as dict", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau", + "severity": "Medium", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36234", + "cwe": 261, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/first.cpp", + "line": 13, + "endpoints": [ + { + "host": "exemple.com" + } + ] + }, + { + "title": "test title with endpoints as strings", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", + "severity": "Critical", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36235", + "cwe": 287, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/two.cpp", + "line": 135, + "endpoints": [ + "http://urlfiltering.paloaltonetworks.com/test-command-and-control", + "https://urlfiltering.paloaltonetworks.com:2345/test-pest" + ] + }, + { + "title": "test title", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", + "severity": "Critical", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36236", + "cwe": 287, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/threeeeeeeeee.cpp", + "line": 1353 + } + ] +} +``` + +This parser supports an attributes that accept files as Base64 strings. These files are attached to the respective findings. + +Example: + +```JSON +{ + "name": "My wonderful report", + "findings": [ + { + "title": "Vuln with image", + "description": "Some very long description", + "severity": "Medium", + "files": [ + { + "title": "Screenshot from 2017-04-10 16-54-19.png", + "data": "iVBORw0KGgoAAAANSUhEUgAABWgAAAK0CAIAAAARSkPJAAAAA3N<...>TkSuQmCC" + } + ] + } + ] +} +``` + +This parser supports an attribute `name` and `type` to be able to define `TestType`. Based on this, you can define custom `HASHCODE_FIELDS` or `DEDUPLICATION_ALGORITHM` in the settings. + +Example: + +```JSON +{ + "name": "My wonderful report", + "type": "My custom Test type", + "findings": [ + ] +} +``` + +### Sample Scan Data +Sample Generic Findings Import scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/generic). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ggshield.md b/docs/content/en/integrations/parsers/file/ggshield.md new file mode 100644 index 00000000000..4f106162e5e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ggshield.md @@ -0,0 +1,8 @@ +--- +title: "Ggshield" +toc_hide: true +--- +Import [Ggshield](https://github.com/GitGuardian/ggshield) findings in JSON format. + +### Sample Scan Data +Sample Ggshield scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ggshield). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/github_vulnerability.md b/docs/content/en/integrations/parsers/file/github_vulnerability.md new file mode 100644 index 00000000000..8e4f3a8222e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/github_vulnerability.md @@ -0,0 +1,214 @@ +--- +title: "Github Vulnerability" +toc_hide: true +--- +Import findings from Github vulnerability scan (GraphQL Query): + + +Currently the parser is able to manage only `RepositoryVulnerabilityAlert` object. +The parser has some kind of search feature which detect the data in the report. + +Here is the mandatory objects and attributes: +``` +vulnerabilityAlerts (RepositoryVulnerabilityAlert object) + + id + + createdAt (optional) + + vulnerableManifestPath + + state (optional) + + securityVulnerability (SecurityVulnerability object) + + severity (CRITICAL/HIGH/LOW/MODERATE) + + package (optional) + + name (optional) + + advisory (SecurityAdvisory object) + + description + + summary + + description + + identifiers + + value + + references (optional) + + url (optional) + + cvss (optional) + + score (optional) + + vectorString (optional) + + cwes (optional) +``` + +References: + - https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert + - https://docs.github.com/en/graphql/reference/objects#securityvulnerability + +Github v4 graphql query to fetch data, with extended information like the repository name and url, alert number. + +{{< highlight graphql >}} +query getVulnerabilitiesByRepoAndOwner($name: String!, $owner: String!) { + repository(name: $name, owner: $owner) { + vulnerabilityAlerts(first: 100, after:AFTER, states: OPEN) { + nodes { + id + createdAt + vulnerableManifestPath + securityVulnerability { + severity + updatedAt + package { + name + ecosystem + } + firstPatchedVersion { + identifier + } + vulnerableVersionRange + advisory { + description + summary + identifiers { + value + type + } + references { + url + } + cvss { + vectorString + } + } + } + vulnerableManifestPath + state + vulnerableManifestFilename + vulnerableRequirements + number + dependencyScope + dismissComment + dismissReason + dismissedAt + fixedAt + } + totalCount + pageInfo { + endCursor + hasNextPage + hasPreviousPage + startCursor + } + } + nameWithOwner + url + } +} +{{< /highlight >}} + +Another example of Python script, to have a function that queries any repository, with support for paginated responses and get all findings. +Has a filter to only get OPEN dependabot alerts but this can be removed in the GraphQL query + +```python +def make_query(after_cursor=None): + return """ +query getVulnerabilitiesByRepoAndOwner($name: String!, $owner: String!) { + repository(name: $name, owner: $owner) { + vulnerabilityAlerts(first: 100, after:AFTER, states: OPEN) { + nodes { + id + createdAt + vulnerableManifestPath + securityVulnerability { + severity + updatedAt + package { + name + ecosystem + } + firstPatchedVersion { + identifier + } + vulnerableVersionRange + advisory { + description + summary + identifiers { + value + type + } + references { + url + } + cvss { + vectorString + } + } + } + vulnerableManifestPath + state + vulnerableManifestFilename + vulnerableRequirements + number + dependencyScope + dismissComment + dismissReason + dismissedAt + fixedAt + } + totalCount + pageInfo { + endCursor + hasNextPage + hasPreviousPage + startCursor + } + } + nameWithOwner + url + } +} +""".replace( + "AFTER", '"{}"'.format(after_cursor) if after_cursor else "null" + ) + +# accumulates all pages data into a single object +def get_dependabot_alerts_repository(repo, owner): + keep_fetching = True + after_cursor = None + output_result = {"data": {"repository": {"vulnerabilityAlerts": {"nodes": []}}}} + while keep_fetching: + headers = {"Authorization": AUTH_TOKEN} + + request = requests.post( + url="https://api.github.com/graphql", + json={ + "operationName": "getVulnerabilitiesByRepoAndOwner", + "query": make_query(after_cursor), + "variables": {"name": repo, "owner": owner}, + }, + headers=headers, + ) + + result = request.json() + output_result["data"]["repository"]["name"] = result["data"]["repository"][ + "name" + ] + output_result["data"]["repository"]["url"] = result["data"]["repository"]["url"] + if result["data"]["repository"]["vulnerabilityAlerts"]["totalCount"] == 0: + return None + + output_result["data"]["repository"]["vulnerabilityAlerts"]["nodes"] += result[ + "data" + ]["repository"]["vulnerabilityAlerts"]["nodes"] + + keep_fetching = result["data"]["repository"]["vulnerabilityAlerts"]["pageInfo"][ + "hasNextPage" + ] + after_cursor = result["data"]["repository"]["vulnerabilityAlerts"]["pageInfo"][ + "endCursor" + ] + print( + "Fetched {} alerts for repo {}/{}".format( + result["data"]["repository"]["vulnerabilityAlerts"]["totalCount"], + owner, + repo, + ) + ) + return json.dumps(output_result, indent=2) +``` + +### Sample Scan Data +Sample Github Vulnerability scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/github_vulnerability). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_api_fuzzing.md b/docs/content/en/integrations/parsers/file/gitlab_api_fuzzing.md new file mode 100644 index 00000000000..9ef8535dace --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_api_fuzzing.md @@ -0,0 +1,8 @@ +--- +title: "GitLab API Fuzzing Report Scan" +toc_hide: true +--- +GitLab API Fuzzing Report report file can be imported in JSON format (option --json) + +### Sample Scan Data +Sample GitLab API Fuzzing Report Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_api_fuzzing). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_container_scan.md b/docs/content/en/integrations/parsers/file/gitlab_container_scan.md new file mode 100644 index 00000000000..5ff26c7573a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_container_scan.md @@ -0,0 +1,8 @@ +--- +title: "GitLab Container Scan" +toc_hide: true +--- +GitLab Container Scan report file can be imported in JSON format (option --json) + +### Sample Scan Data +Sample GitLab Container Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_container_scan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_dast.md b/docs/content/en/integrations/parsers/file/gitlab_dast.md new file mode 100644 index 00000000000..b3abcfcc8a4 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_dast.md @@ -0,0 +1,8 @@ +--- +title: "GitLab DAST Report" +toc_hide: true +--- +GitLab DAST Report in JSON format (option --json) + +### Sample Scan Data +Sample GitLab DAST Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_dast). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_dep_scan.md b/docs/content/en/integrations/parsers/file/gitlab_dep_scan.md new file mode 100644 index 00000000000..bb5e9bfe30b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_dep_scan.md @@ -0,0 +1,8 @@ +--- +title: "GitLab Dependency Scanning Report" +toc_hide: true +--- +Import Dependency Scanning Report vulnerabilities in JSON format: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#reports-json-format + +### Sample Scan Data +Sample GitLab Dependency Scanning Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_dep_scan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_sast.md b/docs/content/en/integrations/parsers/file/gitlab_sast.md new file mode 100644 index 00000000000..e592da480a4 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_sast.md @@ -0,0 +1,8 @@ +--- +title: "GitLab SAST Report" +toc_hide: true +--- +Import SAST Report vulnerabilities in JSON format: https://docs.gitlab.com/ee/user/application_security/sast/#reports-json-format + +### Sample Scan Data +Sample GitLab SAST Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_sast). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitlab_secret_detection_report.md b/docs/content/en/integrations/parsers/file/gitlab_secret_detection_report.md new file mode 100644 index 00000000000..f3a0d2dc99a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitlab_secret_detection_report.md @@ -0,0 +1,8 @@ +--- +title: "GitLab Secret Detection Report" +toc_hide: true +--- +GitLab Secret Detection Report file can be imported in JSON format (option --json). + +### Sample Scan Data +Sample GitLab Secret Detection Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitlab_secret_detection_report). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gitleaks.md b/docs/content/en/integrations/parsers/file/gitleaks.md new file mode 100644 index 00000000000..00b067e4677 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gitleaks.md @@ -0,0 +1,8 @@ +--- +title: "Gitleaks" +toc_hide: true +--- +Import Gitleaks findings in JSON format. + +### Sample Scan Data +Sample Gitleaks scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gitleaks). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/gosec.md b/docs/content/en/integrations/parsers/file/gosec.md new file mode 100644 index 00000000000..fbe5bcbf2e2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/gosec.md @@ -0,0 +1,8 @@ +--- +title: "Gosec Scanner" +toc_hide: true +--- +Import Gosec Scanner findings in JSON format. + +### Sample Scan Data +Sample Gosec Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gosec). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/govulncheck.md b/docs/content/en/integrations/parsers/file/govulncheck.md new file mode 100644 index 00000000000..8637fc2a429 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/govulncheck.md @@ -0,0 +1,8 @@ +--- +title: "Govulncheck" +toc_hide: true +--- +JSON vulnerability report generated by govulncheck tool, using a command like `govulncheck -json . >> report.json` + +### Sample Scan Data +Sample Govulncheck scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/govulncheck). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/h1.md b/docs/content/en/integrations/parsers/file/h1.md new file mode 100644 index 00000000000..da01131f9c1 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/h1.md @@ -0,0 +1,8 @@ +--- +title: "HackerOne Cases" +toc_hide: true +--- +Import HackerOne cases findings in JSON format + +### Sample Scan Data +Sample HackerOne Cases scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/h1). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/hadolint.md b/docs/content/en/integrations/parsers/file/hadolint.md new file mode 100644 index 00000000000..ccc60f7b637 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/hadolint.md @@ -0,0 +1,8 @@ +--- +title: "Hadolint" +toc_hide: true +--- +Hadolint Dockerfile scan in json format. + +### Sample Scan Data +Sample Hadolint scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/hadolint). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/harbor_vulnerability.md b/docs/content/en/integrations/parsers/file/harbor_vulnerability.md new file mode 100644 index 00000000000..33878003bd0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/harbor_vulnerability.md @@ -0,0 +1,9 @@ +--- +title: "Harbor Vulnerability" +toc_hide: true +--- +Import findings from Harbor registry container scan: + + +### Sample Scan Data +Sample Harbor Vulnerability scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/harbor_vulnerability). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/hcl_appscan.md b/docs/content/en/integrations/parsers/file/hcl_appscan.md new file mode 100644 index 00000000000..2a837039553 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/hcl_appscan.md @@ -0,0 +1,8 @@ +--- +title: "HCL Appscan" +toc_hide: true +--- +The HCL Appscan has the possibility to export the results in PDF, XML and CSV formats within the portal. However, this parser only supports the import of XML generated from HCL Appscan on cloud. + +### Sample Scan Data +Sample HCL Appscan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/hcl_appscan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/horusec.md b/docs/content/en/integrations/parsers/file/horusec.md new file mode 100644 index 00000000000..b347bef33e0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/horusec.md @@ -0,0 +1,15 @@ +--- +title: "Horusec" +toc_hide: true +--- +Import findings from Horusec scan. + +```shell +./horusec_linux_x64 start -O=report.json -o json -i="tests/" +``` + +References: + * [GitHub repository](https://github.com/ZupIT/horusec) + +### Sample Scan Data +Sample Horusec scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/horusec). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/humble.md b/docs/content/en/integrations/parsers/file/humble.md new file mode 100644 index 00000000000..e2e4faaec80 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/humble.md @@ -0,0 +1,9 @@ +--- +title: "Humble Report" +toc_hide: true +--- +Import JSON report of the Humble scanner + + +### Sample Scan Data +Sample Humble Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/humble). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/huskyci.md b/docs/content/en/integrations/parsers/file/huskyci.md new file mode 100644 index 00000000000..660e00505b4 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/huskyci.md @@ -0,0 +1,9 @@ +--- +title: "HuskyCI Report" +toc_hide: true +--- +Import JSON reports from +[HuskyCI]() + +### Sample Scan Data +Sample HuskyCI Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/huskyci). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/hydra.md b/docs/content/en/integrations/parsers/file/hydra.md new file mode 100644 index 00000000000..abd5a644d89 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/hydra.md @@ -0,0 +1,43 @@ +--- +title: "Hydra" +toc_hide: true +--- +Import JSON reports from [THC Hydra](https://github.com/vanhauser-thc/thc-hydra). + +Hydra can discover weak login credentials on different types of services (e.g. RDP). + +As Hydra cannot provide a severity rating (as it doesn't know how severe a weak login is at this scanned service), all imported findings will be rated 'High'. + +Sample JSON report: +```json +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2019-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 1, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + +### Sample Scan Data +Sample Hydra scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/hydra). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ibm_app.md b/docs/content/en/integrations/parsers/file/ibm_app.md new file mode 100644 index 00000000000..71ffd51815a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ibm_app.md @@ -0,0 +1,8 @@ +--- +title: "IBM AppScan DAST" +toc_hide: true +--- +XML file from IBM App Scanner. + +### Sample Scan Data +Sample IBM AppScan DAST scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ibm_app). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/immuniweb.md b/docs/content/en/integrations/parsers/file/immuniweb.md new file mode 100644 index 00000000000..6ab2cd139ad --- /dev/null +++ b/docs/content/en/integrations/parsers/file/immuniweb.md @@ -0,0 +1,8 @@ +--- +title: "Immuniweb Scan" +toc_hide: true +--- +XML Scan Result File from Immuniweb Scan. + +### Sample Scan Data +Sample Immuniweb Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/immuniweb). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/intsights.md b/docs/content/en/integrations/parsers/file/intsights.md new file mode 100644 index 00000000000..64b6e58860e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/intsights.md @@ -0,0 +1,65 @@ +--- +title: "IntSights Report" +toc_hide: true +--- +IntSights Threat Command is a commercial Threat Intelligence platform that monitors both the open and dark web to identify threats for the Assets you care about (Domain Names, IP addresses, Brand Names, etc.). + +##### Manual Import +Use the Export CSV feature in the IntSights Threat Command GUI to create an *IntSights Alerts.csv* file. This CSV +file can then be imported into Defect Dojo. + +##### Automated Import + +The IntSights `get-complete-alert` API only returns details for a single alert. To automate the process, +individually fetch details for each alert and append to a list. The list is then saved as the value for the key +"Alerts". This JSON object can then be imported into Defect Dojo. + +Example: + + { + "Alerts":[ + { + "_id":"5c80egf83b4a3900078b6be6", + "Details":{ + "Source":{ + "URL":"https://www.htbridge.com/websec/?id=ABCDEF", + "Date":"2018-03-08T00:01:02.622Z", + "Type":"Other", + "NetworkType":"ClearWeb" + }, + "Images":[ + "5c80egf833963a40007e01e8d", + "5c80egf833b4a3900078b6bea", + "5c80egf834626bd0007bd64db" + ], + "Title":"HTTP headers weakness in example.com web server", + "Tags":[], + "Type":"ExploitableData", + "Severity":"Critical", + "SubType":"VulnerabilityInTechnologyInUse", + "Description":"X-XSS-PROTECTION and CONTENT-SECURITY-POLICY headers were not sent by the server, which makes it vulnerable for various attack vectors" + }, + "Assignees":[ + "5c3c8f99903dfd0006ge5e61" + ], + "FoundDate":"2018-03-08T00:01:02.622Z", + "Assets":[ + { + "Type":"Domains", + "Value":"example.com" + } + ], + "TakedownStatus":"NotSent", + "IsFlagged":false, + "UpdateDate":"2018-03-08T00:01:02.622Z", + "RelatedIocs":[], + "RelatedThreatIDs":[], + "Closed":{ + "IsClosed":false + } + } + ] + } + +### Sample Scan Data +Sample IntSights Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/intsights). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_api_summary_artifact.md b/docs/content/en/integrations/parsers/file/jfrog_xray_api_summary_artifact.md new file mode 100644 index 00000000000..e99f5f4da61 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/jfrog_xray_api_summary_artifact.md @@ -0,0 +1,13 @@ +--- +title: "JFrog Xray API Summary Artifact Scan" +toc_hide: true +--- + +### File Types +Accepts a JSON File, generated from the JFrog Artifact Summary API Call. + +### Sample Scan Data / Unit Tests +Sample JFrog Xray API Summary Artifact Scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/jfrog_xray_api_summary_artifact). + +### Link To Tool +See JFrog Documentation: https://jfrog.com/help/r/jfrog-rest-apis/summary \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_on_demand_binary_scan.md b/docs/content/en/integrations/parsers/file/jfrog_xray_on_demand_binary_scan.md new file mode 100644 index 00000000000..438bf065a39 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/jfrog_xray_on_demand_binary_scan.md @@ -0,0 +1,12 @@ +--- +title: "JFrog Xray On Demand Binary Scan" +toc_hide: true +--- +Import the JSON format for the \"JFrog Xray On Demand Binary Scan\" file. Use this importer for Xray version 3.X + +JFrog file documentation: + +https://jfrog.com/help/r/jfrog-cli/on-demand-binary-scan + +### Sample Scan Data +Sample JFrog Xray On Demand Binary Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/jfrog_xray_on_demand_binary_scan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_unified.md b/docs/content/en/integrations/parsers/file/jfrog_xray_unified.md new file mode 100644 index 00000000000..b8b55db0e79 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/jfrog_xray_unified.md @@ -0,0 +1,8 @@ +--- +title: "JFrog XRay Unified" +toc_hide: true +--- +Import the JSON format for the \"Security & Compliance | Reports\" export. Jfrog's Xray tool is an add-on to their Artifactory repository that does Software Composition Analysis, see https://www.jfrog.com/confluence/display/JFROG/JFrog+Xray for more information. \"Xray Unified\" refers to Xray Version 3.0 and later. + +### Sample Scan Data +Sample JFrog XRay Unified scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/jfrog_xray_unified). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/jfrogxray.md b/docs/content/en/integrations/parsers/file/jfrogxray.md new file mode 100644 index 00000000000..c3cb126fa20 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/jfrogxray.md @@ -0,0 +1,8 @@ +--- +title: "JFrogXRay" +toc_hide: true +--- +Import the JSON format for the \"Security Export\" file. Use this importer for Xray version 2.X + +### Sample Scan Data +Sample JFrogXRay scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/jfrogxray). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kics.md b/docs/content/en/integrations/parsers/file/kics.md new file mode 100644 index 00000000000..370421cce84 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kics.md @@ -0,0 +1,8 @@ +--- +title: "KICS Scanner" +toc_hide: true +--- +Import of JSON report from + +### Sample Scan Data +Sample KICS Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kics). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kiuwan.md b/docs/content/en/integrations/parsers/file/kiuwan.md new file mode 100644 index 00000000000..00189e87726 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kiuwan.md @@ -0,0 +1,8 @@ +--- +title: "Kiuwan Scanner" +toc_hide: true +--- +Import Kiuwan Scan in CSV format. Export as CSV Results on Kiuwan. + +### Sample Scan Data +Sample Kiuwan Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kiuwan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kubeaudit.md b/docs/content/en/integrations/parsers/file/kubeaudit.md new file mode 100644 index 00000000000..cefffcbc4a9 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kubeaudit.md @@ -0,0 +1,8 @@ +--- +title: "Kubeaudit Scan" +toc_hide: true +--- +Kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns. The output of of Kubeaudit which is supported within this parser is JSON. The tool can be found [here](https://github.com/Shopify/kubeaudit) + +### Sample Scan Data +Sample Kubeaudit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kubeaudit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kubebench.md b/docs/content/en/integrations/parsers/file/kubebench.md new file mode 100644 index 00000000000..89e1e3c3a6b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kubebench.md @@ -0,0 +1,8 @@ +--- +title: "kube-bench Scanner" +toc_hide: true +--- +Import JSON reports of Kubernetes CIS benchmark scans. + +### Sample Scan Data +Sample kube-bench Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kubebench). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kubehunter.md b/docs/content/en/integrations/parsers/file/kubehunter.md new file mode 100644 index 00000000000..08f932d5f86 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kubehunter.md @@ -0,0 +1,8 @@ +--- +title: "kubeHunter Scanner" +toc_hide: true +--- +Import JSON reports of kube-hunter scans. Use "kube-hunter --report json" to produce the report in json format. + +### Sample Scan Data +Sample kubeHunter Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kubehunter). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/kubescape.md b/docs/content/en/integrations/parsers/file/kubescape.md new file mode 100644 index 00000000000..fefb7cd476d --- /dev/null +++ b/docs/content/en/integrations/parsers/file/kubescape.md @@ -0,0 +1,10 @@ +--- +title: "Kubescape Scanner" +toc_hide: true +--- +Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time. + +The parser supports json output files + +### Sample Scan Data +Sample Kubescape scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/kubescape). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/mend.md b/docs/content/en/integrations/parsers/file/mend.md new file mode 100644 index 00000000000..2ec28770586 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/mend.md @@ -0,0 +1,15 @@ +--- +title: "Mend Scan" +toc_hide: true +--- + +### File Types +Accepts a JSON file, generated from the Mend* Unified Agent. + +### Sample Scan Data / Unit Tests +Unit tests for Mend JSON files can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/mend + +### Link To Tool +See documentation: https://docs.mend.io/bundle/unified_agent/page/example_of_a_unified_agent_json_report.html + +*Formerly known as Whitesource.* diff --git a/docs/content/en/integrations/parsers/file/meterian.md b/docs/content/en/integrations/parsers/file/meterian.md new file mode 100644 index 00000000000..bf2d3bea8bc --- /dev/null +++ b/docs/content/en/integrations/parsers/file/meterian.md @@ -0,0 +1,8 @@ +--- +title: "Meterian Scanner" +toc_hide: true +--- +The Meterian JSON report output file can be imported. + +### Sample Scan Data +Sample Meterian Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/meterian). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/microfocus_webinspect.md b/docs/content/en/integrations/parsers/file/microfocus_webinspect.md new file mode 100644 index 00000000000..e087e4267e8 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/microfocus_webinspect.md @@ -0,0 +1,8 @@ +--- +title: "Microfocus Webinspect Scanner" +toc_hide: true +--- +Import XML report + +### Sample Scan Data +Sample Microfocus Webinspect Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/microfocus_webinspect). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/mobsf.md b/docs/content/en/integrations/parsers/file/mobsf.md new file mode 100644 index 00000000000..44985929fdb --- /dev/null +++ b/docs/content/en/integrations/parsers/file/mobsf.md @@ -0,0 +1,8 @@ +--- +title: "MobSF Scanner" +toc_hide: true +--- +Export a JSON file using the API, api/v1/report\_json. + +### Sample Scan Data +Sample MobSF Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/mobsf). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/mobsfscan.md b/docs/content/en/integrations/parsers/file/mobsfscan.md new file mode 100644 index 00000000000..7209f80b403 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/mobsfscan.md @@ -0,0 +1,8 @@ +--- +title: "Mobsfscan" +toc_hide: true +--- +Import JSON report from + +### Sample Scan Data +Sample Mobsfscan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/mobsfscan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/mozilla_observatory.md b/docs/content/en/integrations/parsers/file/mozilla_observatory.md new file mode 100644 index 00000000000..3d1150821d3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/mozilla_observatory.md @@ -0,0 +1,8 @@ +--- +title: "Mozilla Observatory Scanner" +toc_hide: true +--- +Import JSON report. + +### Sample Scan Data +Sample Mozilla Observatory Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/mozilla_observatory). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ms_defender.md b/docs/content/en/integrations/parsers/file/ms_defender.md new file mode 100644 index 00000000000..2bf8c436ffd --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ms_defender.md @@ -0,0 +1,10 @@ +--- +title: "MS Defender Parser" +toc_hide: true +--- +This parser helps to parse Microsoft Defender Findings and supports two types of imports: +- You can import a JSON output file from the api/vulnerabilities/machinesVulnerabilities endpoint of Microsoft defender. +- You can upload a custom zip file which include multiple JSON files from two Microsoft Defender Endpoints. For that you have to make your own zip file and include two folders (machines/ and vulnerabilities/) within the zip file. For vulnerabilities/ you can attach multiple JSON files from the api/vulnerabilities/machinesVulnerabilities REST API endpoint of Microsoft Defender. Furthermore, in machines/ you can attach the JSON output from the api/machines REST API endpoint of Microsoft Defender. Then, the parser uses the information in both folders to add more specific information like the affected IP Address to the finding. + +### Sample Scan Data +Sample MS Defender Parser scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ms_defender). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/netsparker.md b/docs/content/en/integrations/parsers/file/netsparker.md new file mode 100644 index 00000000000..7e46af07b12 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/netsparker.md @@ -0,0 +1,8 @@ +--- +title: "Netsparker" +toc_hide: true +--- +Vulnerabilities List - JSON report + +### Sample Scan Data +Sample Netsparker scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/netsparker). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/neuvector.md b/docs/content/en/integrations/parsers/file/neuvector.md new file mode 100644 index 00000000000..5acf03267a2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/neuvector.md @@ -0,0 +1,8 @@ +--- +title: "NeuVector (compliance)" +toc_hide: true +--- +Imports compliance scans returned by REST API. + +### Sample Scan Data +Sample NeuVector (compliance) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/neuvector). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/neuvector_compliance.md b/docs/content/en/integrations/parsers/file/neuvector_compliance.md new file mode 100644 index 00000000000..cce614b2f90 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/neuvector_compliance.md @@ -0,0 +1,8 @@ +--- +title: "NeuVector (REST)" +toc_hide: true +--- +JSON output of /v1/scan/{entity}/{id} endpoint + +### Sample Scan Data +Sample NeuVector (REST) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/neuvector_compliance). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/nexpose.md b/docs/content/en/integrations/parsers/file/nexpose.md new file mode 100644 index 00000000000..f2380a3666e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/nexpose.md @@ -0,0 +1,8 @@ +--- +title: "Nexpose XML 2.0 (Rapid7)" +toc_hide: true +--- +Use the full XML export template from Nexpose. + +### Sample Scan Data +Sample Nexpose XML 2.0 (Rapid7) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/nexpose). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/nikto.md b/docs/content/en/integrations/parsers/file/nikto.md new file mode 100644 index 00000000000..09bcce9c10a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/nikto.md @@ -0,0 +1,15 @@ +--- +title: "Nikto" +toc_hide: true +--- +Nikto web server scanner - https://cirt.net/Nikto2 + +The current parser support 3 sources: + - XML output (old) + - new XML output (with nxvmlversion=\"1.2\" type) + - JSON output + +See: https://github.com/sullo/nikto + +### Sample Scan Data +Sample Nikto scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/nikto). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/nmap.md b/docs/content/en/integrations/parsers/file/nmap.md new file mode 100644 index 00000000000..cada9ad2d3c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/nmap.md @@ -0,0 +1,8 @@ +--- +title: "Nmap" +toc_hide: true +--- +XML output (use -oX) + +### Sample Scan Data +Sample Nmap scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/nmap). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/npm_audit.md b/docs/content/en/integrations/parsers/file/npm_audit.md new file mode 100644 index 00000000000..ebf280da964 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/npm_audit.md @@ -0,0 +1,9 @@ +--- +title: "NPM Audit" +toc_hide: true +--- +Node Package Manager (NPM) Audit plugin output file can be imported in +JSON format. Only imports the \'advisories\' subtree. + +### Sample Scan Data +Sample NPM Audit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/npm_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/nsp.md b/docs/content/en/integrations/parsers/file/nsp.md new file mode 100644 index 00000000000..916495ecdf2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/nsp.md @@ -0,0 +1,8 @@ +--- +title: "Node Security Platform" +toc_hide: true +--- +Node Security Platform (NSP) output file can be imported in JSON format. + +### Sample Scan Data +Sample Node Security Platform scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/nsp). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/nuclei.md b/docs/content/en/integrations/parsers/file/nuclei.md new file mode 100644 index 00000000000..3e63a2b9429 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/nuclei.md @@ -0,0 +1,8 @@ +--- +title: "Nuclei" +toc_hide: true +--- +Import JSON output of nuclei scan report + +### Sample Scan Data +Sample Nuclei scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/nuclei). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/openscap.md b/docs/content/en/integrations/parsers/file/openscap.md new file mode 100644 index 00000000000..220f27d66e0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/openscap.md @@ -0,0 +1,8 @@ +--- +title: "Openscap Vulnerability Scan" +toc_hide: true +--- +Import Openscap Vulnerability Scan in XML formats. + +### Sample Scan Data +Sample Openscap Vulnerability Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openscap). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/openvas.md b/docs/content/en/integrations/parsers/file/openvas.md new file mode 100644 index 00000000000..73fcbcebc17 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/openvas.md @@ -0,0 +1,8 @@ +--- +title: "OpenVAS Parser" +toc_hide: true +--- +You can either upload the exported results of an OpenVAS Scan in a .csv or .xml format. + +### Sample Scan Data +Sample OpenVAS scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openvas). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ort.md b/docs/content/en/integrations/parsers/file/ort.md new file mode 100644 index 00000000000..2aac161efd3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ort.md @@ -0,0 +1,8 @@ +--- +title: "ORT evaluated model Importer" +toc_hide: true +--- +Import Outpost24 endpoint vulnerability scan in XML format. + +### Sample Scan Data +Sample ORT evaluated model Importer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ort). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ossindex_devaudit.md b/docs/content/en/integrations/parsers/file/ossindex_devaudit.md new file mode 100644 index 00000000000..cb007e5a3e3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ossindex_devaudit.md @@ -0,0 +1,9 @@ +--- +title: "OssIndex Devaudit" +toc_hide: true +--- +Import JSON formatted output from \[OSSIndex +Devaudit\](). + +### Sample Scan Data +Sample OssIndex Devaudit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ossindex_devaudit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/outpost24.md b/docs/content/en/integrations/parsers/file/outpost24.md new file mode 100644 index 00000000000..2c0f974f02e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/outpost24.md @@ -0,0 +1,8 @@ +--- +title: "Outpost24 Scan" +toc_hide: true +--- +Import Outpost24 endpoint vulnerability scan in XML format. + +### Sample Scan Data +Sample Outpost24 Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/outpost24). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/php_security_audit_v2.md b/docs/content/en/integrations/parsers/file/php_security_audit_v2.md new file mode 100644 index 00000000000..1abcb0e741c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/php_security_audit_v2.md @@ -0,0 +1,8 @@ +--- +title: "PHP Security Audit v2" +toc_hide: true +--- +Import PHP Security Audit v2 Scan in JSON format. + +### Sample Scan Data +Sample PHP Security Audit v2 scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/php_security_audit_v2). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/php_symfony_security_check.md b/docs/content/en/integrations/parsers/file/php_symfony_security_check.md new file mode 100644 index 00000000000..27552cb8395 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/php_symfony_security_check.md @@ -0,0 +1,8 @@ +--- +title: "PHP Symfony Security Checker" +toc_hide: true +--- +Import results from the PHP Symfony Security Checker. + +### Sample Scan Data +Sample PHP Symfony Security Checker scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/php_symfony_security_check). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/pip_audit.md b/docs/content/en/integrations/parsers/file/pip_audit.md new file mode 100644 index 00000000000..df24cdbe7a3 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/pip_audit.md @@ -0,0 +1,8 @@ +--- +title: "pip-audit Scan" +toc_hide: true +--- +Import pip-audit JSON scan report + +### Sample Scan Data +Sample pip-audit Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pip_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/pmd.md b/docs/content/en/integrations/parsers/file/pmd.md new file mode 100644 index 00000000000..ebb4d951764 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/pmd.md @@ -0,0 +1,8 @@ +--- +title: "PMD Scan" +toc_hide: true +--- +CSV Report + +### Sample Scan Data +Sample PMD Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pmd). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/popeye.md b/docs/content/en/integrations/parsers/file/popeye.md new file mode 100644 index 00000000000..82dbdd89582 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/popeye.md @@ -0,0 +1,68 @@ +--- +title: "Popeye" +toc_hide: true +--- + +# Popeye Parser documentation. + +Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. For more information about the tool, please visit the public repository https://github.com/derailed/popeye. + +## Popeye reports. + +Popeye offer different format to export their reports, in this case for the parser we have selected to be done with JSON option for simplicity. Support for other report types planned for future. + +JSON reports have the following structure: + +```json +{ + "popeye": { + "score": 100, + "grade": "B", + "sanitizers": [ + { + "sanitizer": "cluster", + "gvr": "cluster", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "Version": [ + { + "group": "__root__", + "gvr": "cluster", + "level": 0, + "message": "[POP-406] K8s version OK" + } + ] + } + } + ] + } +} +``` + +They offer a list of "sanitizers" that is the list of scanned resources in the cluster. At the same time, each sanitizer will have a list of issues, in this case the issues names will match to specific resources of the cluster (pods, roles, clusterroles, etc.) where each one will have inside a list of specific findings for that resource (issue in the report). + +This parser goes through every finding inside the issues of every sanitizer looking for the ones with level 1 (Info), 2 (Warning) or 3 (Error) to be created as findings in DefectDojo. + +## Findings severity matching. + +Popeye scan findings don't match to public vulnerabilities, it just looks for possible informational topic, warnings or errors in kubernetes resources definition or configuraiton, so they categorize their findings the following way: + +- Severity 0: Ok +- Severity 1: Info +- Severity 2: Warning +- Severity 3: Error + +To match it to DefectDojo severity formula, Secerity 0 (Ok) findings from Popeye will be ignored as those are checks that does not need an action to be resolved. For the rest: + +- Severity 1 (Info) Popeye findings will be created as Severity "Info" findings in DefectDojo. +- Severity 2 (Warning) Popeye findings will be created as Severity "Low" findings in DefectDojo. +- Severity 3 (Errors) Popeye findings will be created as Severity "High" findingsi in DefectDojo. + +### Sample Scan Data +Sample Popeye scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/popeye). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/pwn_sast.md b/docs/content/en/integrations/parsers/file/pwn_sast.md new file mode 100644 index 00000000000..241f2c0ca6d --- /dev/null +++ b/docs/content/en/integrations/parsers/file/pwn_sast.md @@ -0,0 +1,10 @@ +--- +title: "PWN Security Automation Framework" +toc_hide: true +--- +- (Main Page)\[\] +- pwn_sast: Import the JSON results generated by the pwn_sast Driver. This driver scans source code repositories for security anti-patterns that may result in vulnerability identification. +- More driver results coming soon... + +### Sample Scan Data +Sample PWN Security Automation Framework scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pwn_sast). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/qualys.md b/docs/content/en/integrations/parsers/file/qualys.md new file mode 100644 index 00000000000..7fd532c79a8 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/qualys.md @@ -0,0 +1,21 @@ +--- +title: "Qualys Scan" +toc_hide: true +--- +Qualys output files can be imported in API XML format. Qualys output +files can be imported in WebGUI XML format. + +A CSV formatted Qualys Scan Report can also be used. Ensure the following values are checked in the Scan Report Template config: + +`CVSS Version = CVSSv3` + +* Vulnerability Details + * Threat + * Impact +* Solution + * Patches and Workarounds + * Virtual Patches and Mitigating Controls +* Results + +### Sample Scan Data +Sample Qualys Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/qualys). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/qualys_infrascan_webgui.md b/docs/content/en/integrations/parsers/file/qualys_infrascan_webgui.md new file mode 100644 index 00000000000..bba44904df1 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/qualys_infrascan_webgui.md @@ -0,0 +1,8 @@ +--- +title: "Qualys Infrastructure Scan (WebGUI XML)" +toc_hide: true +--- +Qualys WebGUI output files can be imported in XML format. + +### Sample Scan Data +Sample Qualys Infrastructure Scan (WebGUI XML) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/qualys_infrascan_webgui). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/qualys_webapp.md b/docs/content/en/integrations/parsers/file/qualys_webapp.md new file mode 100644 index 00000000000..b8a4017b113 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/qualys_webapp.md @@ -0,0 +1,8 @@ +--- +title: "Qualys Webapp Scan" +toc_hide: true +--- +Qualys WebScan output files can be imported in XML format. + +### Sample Scan Data +Sample Qualys Webapp Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/qualys_webapp). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/redhatsatellite.md b/docs/content/en/integrations/parsers/file/redhatsatellite.md new file mode 100644 index 00000000000..af047ef6c67 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/redhatsatellite.md @@ -0,0 +1,8 @@ +--- +title: "Red Hat Satellite" +toc_hide: true +--- +You can import a JSON report which was retrieved through the REST API of Red Hat Satellite. The scanner can be found [here](https://www.redhat.com/en/technologies/management/satellite). + +### Sample Scan Data +Sample Red Hat Satellite scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/redhatsatellite). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/retirejs.md b/docs/content/en/integrations/parsers/file/retirejs.md new file mode 100644 index 00000000000..b975aa7b603 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/retirejs.md @@ -0,0 +1,8 @@ +--- +title: "Retire.js" +toc_hide: true +--- +Retire.js JavaScript scan (\--js) output file can be imported in JSON format. + +### Sample Scan Data +Sample Retire.js scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/retirejs). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/risk_recon.md b/docs/content/en/integrations/parsers/file/risk_recon.md new file mode 100644 index 00000000000..917b7ed3bc5 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/risk_recon.md @@ -0,0 +1,60 @@ +--- +title: "Risk Recon API Importer" +toc_hide: true +--- +Import findings from Risk Recon via the API. Configure your own JSON report as follows + +{{< highlight json >}} +{ + "url_endpoint": "https://api.riskrecon.com/v1", + "api_key": "you-api-key", + "companies": [ + { + "name": "Company 1", + "filters": { + "domain_name": [], + "ip_address": ["127.0.0.1"], + "host_name": ["localhost"], + "asset_value": [], + "severity": ["critical", "high"], + "priority": [], + "hosting_provider": [], + "country_name": [] + } + }, + { + "name": "Company 2", + "filters": { + "ip_address": ["0.0.0.0"] + } + } + + ], + "filters": { + "domain_name": [], + "ip_address": [], + "host_name": [], + "asset_value": [], + "severity": ["critical"], + "priority": [], + "hosting_provider": [], + "country_name": [] + } +} +{{< /highlight >}} + +- More than one company finding list can be queried with it\'s own set + of filters. Company 1 shows all available fitlers, while Company 2 + shows that empty filters need not be present. +- To query all companies in your Risk Recon instance, simple remove + the \"companies\" field entirely. +- If the \"companies\" field is not present, and filtering is still + requested, the \"filters\" field can be used to filter all findings + across all companies. It carries the same behavior as the company + filters. The \"filters\" field is disregarded in the prescense of + the \"companies\" field. +- Removing both fields will allow retrieval of all findings in the + Risk Recon instance. + +### Sample Scan Data +Sample Risk Recon API Importer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/risk_recon). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/rubocop.md b/docs/content/en/integrations/parsers/file/rubocop.md new file mode 100644 index 00000000000..8a90bd8eda4 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/rubocop.md @@ -0,0 +1,8 @@ +--- +title: "Rubocop Scan" +toc_hide: true +--- +Import Rubocop JSON scan report (with option -f json). + +### Sample Scan Data +Sample Rubocop Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/rubocop). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/rusty_hog.md b/docs/content/en/integrations/parsers/file/rusty_hog.md new file mode 100644 index 00000000000..52849c8d99b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/rusty_hog.md @@ -0,0 +1,18 @@ +--- +title: "Rusty Hog parser" +toc_hide: true +--- +From: Import the JSON output. +Rusty Hog is a secret scanner built in Rust for performance, and based on TruffleHog which is written in Python. + +DefectDojo currently supports the parsing of the following Rusty Hog JSON outputs: +- Choctaw Hog: Scans for secrets in a Git repository. +- Duroc Hog: Scans for secrets in directories, files, and archives. +- Gottingen Hog: Scans for secrets in a JIRA issue. +- Essex Hog: Scans for secrets in a Confluence page. + +RustyHog scans only one target at a time. This is not efficient if you want to scan all targets (e.g. all JIRA tickets) and upload each single report to DefectDojo. +[Rusty-Hog-Wrapper](https://github.com/manuel-sommer/Rusty-Hog-Wrapper) deals with this and scans a whole JIRA Project or Confluence Space, merges the findings into a valid file which can be uploaded to DefectDojo. (This is no official recommendation from DefectDojo, but rather a pointer in a direction on how to use this vulnerability scanner in a more efficient way.) + +### Sample Scan Data +Sample Rusty Hog parser scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/rusty_hog). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sarif.md b/docs/content/en/integrations/parsers/file/sarif.md new file mode 100644 index 00000000000..2b7f2d1009e --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sarif.md @@ -0,0 +1,29 @@ +--- +title: "SARIF" +toc_hide: true +--- +OASIS Static Analysis Results Interchange Format (SARIF). SARIF is +supported by many tools. More details about the format here: + + +{{% alert title="Information" color="info" %}} +SARIF parser customizes the Test_Type with data from the report. +For example, a report with `Dockle` as a driver name will produce a Test with a Test_Type named `Dockle Scan (SARIF)` +{{% /alert %}} + +{{% alert title="Warning" color="warning" %}} +Current implementation is limited and will aggregate all the findings in the SARIF file in one single report. +{{% /alert %}} + +##### Support for de-duplication (fingerprinting) + +SARIF parser take into account data for fingerprinting. It's base on `fingerprints` and `partialFingerprints` properties. +It's possible to activate de-duplication based on this data by customizing settings. + +```Python +# in your settings.py file +DEDUPLICATION_ALGORITHM_PER_PARSER["SARIF"] = DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE +``` + +### Sample Scan Data +Sample SARIF scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sarif). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/scantist.md b/docs/content/en/integrations/parsers/file/scantist.md new file mode 100644 index 00000000000..a29f1392d58 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/scantist.md @@ -0,0 +1,9 @@ +--- +title: "Scantist Scan" +toc_hide: true +--- +Scantist is an open source management platform. Scan and remediate open source security, licensing and compliance risks across your software development lifecycle. +Here you can find more information: + +### Sample Scan Data +Sample Scantist Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/scantist). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/scout_suite.md b/docs/content/en/integrations/parsers/file/scout_suite.md new file mode 100644 index 00000000000..7e97dbfd309 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/scout_suite.md @@ -0,0 +1,12 @@ +--- +title: "ScoutSuite" +toc_hide: true +--- +Multi-Cloud security auditing tool. It uses APIs exposed by cloud +providers. Scan results are located at +`scan-reports/scoutsuite-results/scoutsuite\_\*.json` files. +Multiple scans will create multiple files if they are runing agains +different Cloud projects. See + +### Sample Scan Data +Sample ScoutSuite scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/scout_suite). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/semgrep.md b/docs/content/en/integrations/parsers/file/semgrep.md new file mode 100644 index 00000000000..b88c8ed9d66 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/semgrep.md @@ -0,0 +1,8 @@ +--- +title: "Semgrep JSON Report" +toc_hide: true +--- +Import Semgrep output (--json) + +### Sample Scan Data +Sample Semgrep JSON Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/semgrep). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/skf.md b/docs/content/en/integrations/parsers/file/skf.md new file mode 100644 index 00000000000..c2fcfa27411 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/skf.md @@ -0,0 +1,8 @@ +--- +title: "SKF Scan" +toc_hide: true +--- +Output of SKF Sprint summary export. + +### Sample Scan Data +Sample SKF Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/skf). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/snyk.md b/docs/content/en/integrations/parsers/file/snyk.md new file mode 100644 index 00000000000..f8cc7463789 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/snyk.md @@ -0,0 +1,9 @@ +--- +title: "Snyk" +toc_hide: true +--- +Snyk output file (snyk test \--json \> snyk.json) can be imported in +JSON format. Only SCA (Software Composition Analysis) report is supported (SAST report not supported yet). + +### Sample Scan Data +Sample Snyk scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/snyk). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/solar_appscreener.md b/docs/content/en/integrations/parsers/file/solar_appscreener.md new file mode 100644 index 00000000000..80ab6a894d1 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/solar_appscreener.md @@ -0,0 +1,8 @@ +--- +title: "Solar Appscreener Scan" +toc_hide: true +--- +Solar Appscreener report file can be imported in CSV format from Detailed_Results.csv + +### Sample Scan Data +Sample Solar Appscreener Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/solar_appscreener). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sonarqube.md b/docs/content/en/integrations/parsers/file/sonarqube.md new file mode 100644 index 00000000000..4f5e90ed128 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sonarqube.md @@ -0,0 +1,27 @@ +--- +title: "SonarQube" +toc_hide: true +--- +## SonarQube Scan (Aggregates findings per cwe, title, description, file\_path.) + +SonarQube output file can be imported in HTML format or JSON format. JSON format generated by options `--save-report-json` and have same behavior with HTML format. + +To generate the report, see + + +Version: \>= 1.1.0 +Recommend version for both format \>= 3.1.2 + +## SonarQube Scan Detailed (Import all findings from SonarQube html report.) + +SonarQube output file can be imported in HTML format or JSON format. JSON format generated by options `--save-report-json` and have same behavior with HTML format. + +To generate the report, see + + +Version: \>= 1.1.0. +Recommend version for both format \>= 3.1.2 + + +### Sample Scan Data +Sample SonarQube scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sonarqube). diff --git a/docs/content/en/integrations/parsers/file/sonatype.md b/docs/content/en/integrations/parsers/file/sonatype.md new file mode 100644 index 00000000000..c993fdd3f15 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sonatype.md @@ -0,0 +1,8 @@ +--- +title: "Sonatype" +toc_hide: true +--- +JSON output. + +### Sample Scan Data +Sample Sonatype scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sonatype). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/spotbugs.md b/docs/content/en/integrations/parsers/file/spotbugs.md new file mode 100644 index 00000000000..69a288e5b5b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/spotbugs.md @@ -0,0 +1,8 @@ +--- +title: "SpotBugs" +toc_hide: true +--- +XML report of textui cli. + +### Sample Scan Data +Sample SpotBugs scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/spotbugs). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ssh_audit.md b/docs/content/en/integrations/parsers/file/ssh_audit.md new file mode 100644 index 00000000000..29f95a82260 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ssh_audit.md @@ -0,0 +1,8 @@ +--- +title: "SSH Audit" +toc_hide: true +--- +Import JSON output of ssh_audit report. See + +### Sample Scan Data +Sample SSH Audit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ssh_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/ssl_labs.md b/docs/content/en/integrations/parsers/file/ssl_labs.md new file mode 100644 index 00000000000..cd5972e126b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/ssl_labs.md @@ -0,0 +1,8 @@ +--- +title: "SSL Labs" +toc_hide: true +--- +JSON Output of ssllabs-scan cli. + +### Sample Scan Data +Sample SSL Labs scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/ssl_labs). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sslscan.md b/docs/content/en/integrations/parsers/file/sslscan.md new file mode 100644 index 00000000000..0255e5858ab --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sslscan.md @@ -0,0 +1,8 @@ +--- +title: "Sslscan" +toc_hide: true +--- +Import XML output of sslscan report. + +### Sample Scan Data +Sample Sslscan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sslscan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sslyze.md b/docs/content/en/integrations/parsers/file/sslyze.md new file mode 100644 index 00000000000..8abfd44b8fa --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sslyze.md @@ -0,0 +1,12 @@ +--- +title: "Sslyze Scan" +toc_hide: true +--- +## Sslyze Scan +XML report of SSLyze version 2 scan + +## SSLyze 3 Scan (JSON) +JSON report of SSLyze version 3 scan + +### Sample Scan Data +Sample Sslyze Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sslyze). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/stackhawk.md b/docs/content/en/integrations/parsers/file/stackhawk.md new file mode 100644 index 00000000000..4f66fb5a82c --- /dev/null +++ b/docs/content/en/integrations/parsers/file/stackhawk.md @@ -0,0 +1,9 @@ +--- +title: "StackHawk HawkScan" +toc_hide: true +--- +Import the JSON webhook event from StackHawk. +For more information, check out our [docs on hooking up StackHawk to Defect Dojo](https://docs.stackhawk.com/workflow-integrations/defect-dojo.html) + +### Sample Scan Data +Sample StackHawk HawkScan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/stackhawk). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/sysdig_reports.md b/docs/content/en/integrations/parsers/file/sysdig_reports.md new file mode 100644 index 00000000000..9865597f7e2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/sysdig_reports.md @@ -0,0 +1,11 @@ +--- +title: "Sysdig Vulnerability Reports" +toc_hide: true +--- +Import CSV report files from Sysdig or a Sysdig UI JSON Report +Parser will accept Pipeline, Registry and Runtime reports created from the UI + +More information available at [our reporting docs page](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/reporting) + +### Sample Scan Data +Sample Sysdig Vulnerability Reports scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/sysdig_reports). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/talisman.md b/docs/content/en/integrations/parsers/file/talisman.md new file mode 100644 index 00000000000..c542a1f0f2d --- /dev/null +++ b/docs/content/en/integrations/parsers/file/talisman.md @@ -0,0 +1,44 @@ +--- +title: "Talisman" +toc_hide: true +--- +Run [Talisman](https://github.com/thoughtworks/talisman) in CLI mode and use "**--scan**" argument to scan the git commit history along with "**--reportDirectory**" argument to save the scan reports to a directory. The report will be in JSON format. + +Additionally, you can set up Git Hooks to automate the scan and then send the generated reports to DefectDojo using its API. + +Example: + +```bash +#!/bin/sh + +# Set DefectDojo API credential and other variables +DEFECTDOJO_API_KEY="your-api-key" +DEFECTDOJO_URL="https://your-defectdojo-url.com" +TALISMAN_RESULTS_DIR="$HOME" + +# Run talisman in CLI mode and output the result in JSON format +CMD="talisman --scan --ignoreHistory --reportDirectory $TALISMAN_RESULTS_DIR" +$CMD + +# Extract the result +result=$(jq '.results[].filename' "${TALISMAN_RESULTS_DIR}/talisman_reports/data/report.json") + +# Check if result is not empty +if [ -n "$result" ]; then + # If talisman found issues, send the JSON output to DefectDojo API endpoint + curl -X POST \ + -H "Authorization: Token $DEFECTDOJO_API_KEY" \ + -H "Content-Type: application/json" \ + -d "@$TALISMAN_RESULTS_DIR/talisman_reports/data/report.json" \ + "$DEFECTDOJO_URL/api/v2/import-scan/" + + # Exit with a non-zero status code to indicate that the commit should be rejected + exit 1 +else + # If talisman did not find any issues, exit with a zero status code + exit 0 +fi +``` + +### Sample Scan Data +Sample Talisman scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/talisman). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/tenable.md b/docs/content/en/integrations/parsers/file/tenable.md new file mode 100644 index 00000000000..a4f0ad59030 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/tenable.md @@ -0,0 +1,9 @@ +--- +title: "Tenable" +toc_hide: true +--- +Reports can be imported in the CSV, and .nessus (XML) report formats. +Legacy Nessus and Nessus WAS reports are supported + +### Sample Scan Data +Sample Tenable scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/tenable). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/terrascan.md b/docs/content/en/integrations/parsers/file/terrascan.md new file mode 100644 index 00000000000..c5d6016c5a0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/terrascan.md @@ -0,0 +1,8 @@ +--- +title: "Terrascan" +toc_hide: true +--- +Import JSON output of terrascan scan report + +### Sample Scan Data +Sample Terrascan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/terrascan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/testssl.md b/docs/content/en/integrations/parsers/file/testssl.md new file mode 100644 index 00000000000..501cb8b8a7a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/testssl.md @@ -0,0 +1,8 @@ +--- +title: "Testssl Scan" +toc_hide: true +--- +Import CSV output of testssl scan report. + +### Sample Scan Data +Sample Testssl Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/testssl). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/tfsec.md b/docs/content/en/integrations/parsers/file/tfsec.md new file mode 100644 index 00000000000..7a0aca9d57a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/tfsec.md @@ -0,0 +1,8 @@ +--- +title: "TFSec" +toc_hide: true +--- +Import of JSON report from + +### Sample Scan Data +Sample TFSec scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/tfsec). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/threagile.md b/docs/content/en/integrations/parsers/file/threagile.md new file mode 100644 index 00000000000..6469fb54752 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/threagile.md @@ -0,0 +1,88 @@ +--- +title: "Threagile" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file. +JSON reports are created from the Threagile tool (default name `risks.json`) using the following command: + +```shell +docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work +``` + + +### Acceptable JSON Format +Parser expects an array of finding. All properties are strings. Required fields are the following +- "category" +- "title" +- "severity" +- "synthetic_id" +- "exploitation_impact" + +`catergory` fields is used to set both the title of the Finding as well as the cwe. +`most_relevant_technical_asset` field is used to determine the component. +~~~ + +[ + { + "category": "unguarded-direct-datastore-access", + "risk_status": "unchecked", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@energon-ta\u003eenergontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "energon-ta\u003eenergontopolicyregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "in-discussion", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIAMSidecar\u003c/b\u003e via \u003cb\u003eIAMBachendAPIPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage@iam-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "accepted", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIDMSidecar\u003c/b\u003e via \u003cb\u003eIAMSidecarPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage@idm-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + ... +] + +~~~ + +### Sample Scan Data +Sample Threagile scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/threagile). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trivy.md b/docs/content/en/integrations/parsers/file/trivy.md new file mode 100644 index 00000000000..01823598b70 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trivy.md @@ -0,0 +1,8 @@ +--- +title: "Trivy" +toc_hide: true +--- +JSON report of [trivy scanner](https://github.com/aquasecurity/trivy). + +### Sample Scan Data +Sample Trivy scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trivy). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trivy_operator.md b/docs/content/en/integrations/parsers/file/trivy_operator.md new file mode 100644 index 00000000000..1433b8231fe --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trivy_operator.md @@ -0,0 +1,10 @@ +--- +title: "Trivy Operator" +toc_hide: true +--- +JSON report of [trivy operator scanner](https://github.com/aquasecurity/trivy-operator). + +To import the generated Vulnerability Reports, you can also use the [trivy-dojo-report-operator](https://github.com/telekom-mms/trivy-dojo-report-operator). + +### Sample Scan Data +Sample Trivy Operator scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trivy_operator). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trufflehog.md b/docs/content/en/integrations/parsers/file/trufflehog.md new file mode 100644 index 00000000000..c787e8e8105 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trufflehog.md @@ -0,0 +1,8 @@ +--- +title: "Trufflehog" +toc_hide: true +--- +JSON Output of Trufflehog. Supports version 2 and 3 of https://github.com/trufflesecurity/trufflehog + +### Sample Scan Data +Sample Trufflehog scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trufflehog). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trufflehog3.md b/docs/content/en/integrations/parsers/file/trufflehog3.md new file mode 100644 index 00000000000..44fd436d541 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trufflehog3.md @@ -0,0 +1,8 @@ +--- +title: "Trufflehog3" +toc_hide: true +--- +JSON Output of Trufflehog3, a fork of TruffleHog located at https://github.com/feeltheajf/truffleHog3 + +### Sample Scan Data +Sample Trufflehog3 scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trufflehog3). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trustwave.md b/docs/content/en/integrations/parsers/file/trustwave.md new file mode 100644 index 00000000000..e5c6305ea7b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trustwave.md @@ -0,0 +1,8 @@ +--- +title: "Trustwave" +toc_hide: true +--- +CSV output of Trustwave vulnerability scan. + +### Sample Scan Data +Sample Trustwave scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trustwave). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/trustwave_fusion_api.md b/docs/content/en/integrations/parsers/file/trustwave_fusion_api.md new file mode 100644 index 00000000000..d4f61fd0570 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/trustwave_fusion_api.md @@ -0,0 +1,8 @@ +--- +title: "Trustwave Fusion API Scan" +toc_hide: true +--- +Trustwave Fusion API report file can be imported in JSON format + +### Sample Scan Data +Sample Trustwave Fusion API Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/trustwave_fusion_api). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/twistlock.md b/docs/content/en/integrations/parsers/file/twistlock.md new file mode 100644 index 00000000000..e682da7402b --- /dev/null +++ b/docs/content/en/integrations/parsers/file/twistlock.md @@ -0,0 +1,14 @@ +--- +title: "Twistlock" +toc_hide: true +--- +JSON output of the `twistcli` tool. Example: + +{{< highlight bash >}} +./twistcli images scan --address https:// --user --details --output-file= +{{< /highlight >}} + +The CSV output from the UI is now also accepted. + +### Sample Scan Data +Sample Twistlock scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/twistlock). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/vcg.md b/docs/content/en/integrations/parsers/file/vcg.md new file mode 100644 index 00000000000..f2bdb310057 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/vcg.md @@ -0,0 +1,8 @@ +--- +title: "Visual Code Grepper (VCG)" +toc_hide: true +--- +VCG output can be imported in CSV or Xml formats. + +### Sample Scan Data +Sample Visual Code Grepper (VCG) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/vcg). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/veracode.md b/docs/content/en/integrations/parsers/file/veracode.md new file mode 100644 index 00000000000..77237860413 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/veracode.md @@ -0,0 +1,51 @@ +--- +title: "Veracode" +toc_hide: true +--- + +Veracode reports can be ingested in either XML or JSON Format + +- Detailed XML Report +- JSON REST Findings from `/appsec/v2/applications/{application_guid}/findings/` + - Acceptable scan types include `STATIC`, `DYNAMIC`, and `SCA` + - Findings with a status of `CLOSED` will not be imported into DefectDojo + - Acceptable formats are as follows: + - Findings list + - Requires slight modification of the response returned from the API + - Exmample of a request being: `url | jq "{findings}"` + - Desired Format: + ``` + { + "findings": [ + { + ... + }, + ... + ] + } + ``` + - Embedded + - This response can be saved directly to a file and uploaded + - Not as ideal for crafting a refined report consisting of multiple requests + - Desired Format: + ``` + { + "_embedded": { + "findings": [ + { + ... + }, + ... + ] + }, + "_links": { + ... + }, + "page": { + ... + } + } + ``` + +### Sample Scan Data +Sample Veracode scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/veracode). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/veracode_sca.md b/docs/content/en/integrations/parsers/file/veracode_sca.md new file mode 100644 index 00000000000..59db59d2a31 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/veracode_sca.md @@ -0,0 +1,8 @@ +--- +title: "Veracode SourceClear" +toc_hide: true +--- +Import Project CSV or JSON report + +### Sample Scan Data +Sample Veracode SourceClear scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/veracode_sca). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/wapiti.md b/docs/content/en/integrations/parsers/file/wapiti.md new file mode 100644 index 00000000000..53a4cd619b0 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/wapiti.md @@ -0,0 +1,8 @@ +--- +title: "Wapiti Scan" +toc_hide: true +--- +Import XML report. + +### Sample Scan Data +Sample Wapiti Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wapiti). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/wazuh.md b/docs/content/en/integrations/parsers/file/wazuh.md new file mode 100644 index 00000000000..329372ff84d --- /dev/null +++ b/docs/content/en/integrations/parsers/file/wazuh.md @@ -0,0 +1,52 @@ +--- +title: "Wazuh Scanner" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json file from [Wazuh](https://wazuh.com). The export from Wazuh can be done via 2 ways. Choose the one which you prefer. + +- export the Wazuh findings from API and upload them to DefectDojo. This method may be the easiest one but does export all known vulnerabilities at once. It is not possible to sort them after clients or any other categories. You will receive all vulnerabilities in one engagement. It also does not output the endpoint of a finding. +- export the findings via the script [available here](https://github.com/quirinziessler/wazuh-findings-exporter). The script fetches the findings by Wazuh client groups and saves them as json, ready for upload. You will receive one file per group allowing you to separate the clients via engagements in Wazuh. It also exports the endpoints hostname and displays them in DefectDojo UI. + +Independent of your above choice: Have in mind to adjust the max file size via "DD_SCAN_FILE_MAX_SIZE" if you see files larger than the default value of 100MB. Depending on the amount and category of integrated devices, the file size jumps rapidly. + +### Acceptable JSON Format +Parser expects a .json file structured as below. + +~~~ +{ + "data": { + "affected_items": [ + { + "architecture": "amd64", + "condition": "Package less than 4.3.2", + "cve": "CVE-1234-123123", + "cvss2_score": 0, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T13:55:10Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX" + ], + "name": "asdf", + "published": "2022-09-01", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-XXXXX affects asdf", + "type": "PACKAGE", + "updated": "2022-09-07", + "version": "4.3.1" + } + ], + "failed_items": [], + "total_affected_items": 1, + "total_failed_items": 0 + }, + "error": 0, + "message": "All selected vulnerabilities were returned" +} +~~~ + +### Sample Scan Data +Sample Wazuh Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wazuh). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/wfuzz.md b/docs/content/en/integrations/parsers/file/wfuzz.md new file mode 100644 index 00000000000..1893c359bd2 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/wfuzz.md @@ -0,0 +1,20 @@ +--- +title: "Wfuzz JSON importer" +toc_hide: true +--- +Import the result of Wfuzz (https://github.com/xmendez/wfuzz) if you export in JSON the result (`wfuzz -o json -f myJSONReport.json,json`). + +The return code matching are directly put in Severity as follow(this is hardcoded in the parser actually). + +HTTP Return Code | Severity +-----------------|--------- +200 | High +302 | Low +401 | Medium +403 | Medium +404 | Medium +407 | Medium +500 | Low + +### Sample Scan Data +Sample Wfuzz JSON importer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wfuzz). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/whispers.md b/docs/content/en/integrations/parsers/file/whispers.md new file mode 100644 index 00000000000..dfa5b104ef7 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/whispers.md @@ -0,0 +1,9 @@ +--- +title: "Whispers" +toc_hide: true +--- +Import Whispers JSON results. +https://github.com/adeptex/whispers + +### Sample Scan Data +Sample Whispers scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/whispers). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/whitehat_sentinel.md b/docs/content/en/integrations/parsers/file/whitehat_sentinel.md new file mode 100644 index 00000000000..756fac5069a --- /dev/null +++ b/docs/content/en/integrations/parsers/file/whitehat_sentinel.md @@ -0,0 +1,8 @@ +--- +title: "WhiteHat Sentinel" +toc_hide: true +--- +WhiteHat Sentinel output from api/vuln/query_site can be imported in JSON format. + +### Sample Scan Data +Sample WhiteHat Sentinel scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/whitehat_sentinel). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/wpscan.md b/docs/content/en/integrations/parsers/file/wpscan.md new file mode 100644 index 00000000000..3e47e2bc6f8 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/wpscan.md @@ -0,0 +1,8 @@ +--- +title: "Wpscan Scanner" +toc_hide: true +--- +Import JSON report. + +### Sample Scan Data +Sample Wpscan Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wpscan). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/xanitizer.md b/docs/content/en/integrations/parsers/file/xanitizer.md new file mode 100644 index 00000000000..553292b5928 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/xanitizer.md @@ -0,0 +1,9 @@ +--- +title: "Xanitizer" +toc_hide: true +--- +Import XML findings list report, preferably with parameter +\'generateDetailsInFindingsListReport=true\'. + +### Sample Scan Data +Sample Xanitizer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/xanitizer). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/yarn_audit.md b/docs/content/en/integrations/parsers/file/yarn_audit.md new file mode 100644 index 00000000000..e7de450a756 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/yarn_audit.md @@ -0,0 +1,8 @@ +--- +title: "Yarn Audit" +toc_hide: true +--- +Import Yarn Audit scan report in JSON format. Use something like `yarn audit --json > yarn_report.json`. + +### Sample Scan Data +Sample Yarn Audit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/yarn_audit). \ No newline at end of file diff --git a/docs/content/en/integrations/parsers/file/zap.md b/docs/content/en/integrations/parsers/file/zap.md new file mode 100644 index 00000000000..43fd58e05c7 --- /dev/null +++ b/docs/content/en/integrations/parsers/file/zap.md @@ -0,0 +1,8 @@ +--- +title: "Zed Attack Proxy" +toc_hide: true +--- +ZAP XML report format (with or without requests and responses). + +### Sample Scan Data +Sample Zed Attack Proxy scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/zap). \ No newline at end of file diff --git a/docs/content/en/integrations/social-authentication.md b/docs/content/en/integrations/social-authentication.md index 6b1b7a378a3..4856ec1777c 100644 --- a/docs/content/en/integrations/social-authentication.md +++ b/docs/content/en/integrations/social-authentication.md @@ -92,8 +92,7 @@ to be created. Closely follow the steps below to guarantee success. DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [''] {{< /highlight >}} -OKTA ----- +## OKTA In a similar fashion to that of Google, using OKTA as a OAuth2 provider carries the same attributes and a similar procedure. Follow along below. @@ -137,7 +136,7 @@ carries the same attributes and a similar procedure. Follow along below. DD_SOCIAL_AUTH_OKTA_OAUTH2_ENABLED=True, DD_SOCIAL_AUTH_OKTA_OAUTH2_KEY=(str, '**YOUR_CLIENT_ID_FROM_STEP_ABOVE**'), DD_SOCIAL_AUTH_OKTA_OAUTH2_SECRET=(str, '**YOUR_CLIENT_SECRET_FROM_STEP_ABOVE**'), - DD_SOCIAL_AUTH_OKTA_OAUTH2_API_URL=(str, 'https://{your-org-url}/oauth2/default'), + DD_SOCIAL_AUTH_OKTA_OAUTH2_API_URL=(str, 'https://{your-org-url}/oauth2'), {{< /highlight >}} If during the login process you get the following error: *The @@ -148,7 +147,7 @@ GET parameter starts with `http://` instead of `SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` in the settings. ## Azure Active Directory - +### Azure AD Configuration You can now use your corporate Azure Active Directory to authenticate users to Defect Dojo. Users will be using your corporate Azure AD account (A.K.A. Office 365 identity) to authenticate via OAuth, and all @@ -158,7 +157,7 @@ in, it will try to match the UPN of the user to an existing e-mail from a user in Defect Dojo, and if no match is found, a new user will be created in Defect Dojo, associated with the unique id/value of the user provided by your Azure AD tenant. Then, you can assign roles to this -user, such as 'staff' or 'superuser' +user, such as 'superuser'. 1. Navigate to the following address and follow instructions to create a new app registration @@ -191,26 +190,61 @@ user, such as 'staff' or 'superuser' 5. Restart your Dojo, and you should now see a **Login with Azure AD** button on the login page which should *magically* work +### Automatic Import of User-Groups +To import groups from Azure AD users, the following environment variable needs to be set: + + {{< highlight python >}} + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=True + {{< /highlight >}} + +This will ensure the user is added to all the groups found in the Azure AD Token. Any missing groups will be created in DefectDojo (unless filtered). This group synchronization allows for product access via groups to limit the products a user can interact with. + +The Azure AD token returned by Azure will also need to be configured to include group IDs. Without this step, the +token will not contain any notion of a group, and the mapping process will report that the current user is not a member of any +groups. To update the the format of the token, add a group claim that applies to whatever group type you are using. +If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD +"Token configuration" page. + +Application API permissions need to be updated with the `Group.Read.All` permission so that groups can be read on behalf +of the user that has successfully signed in. + +To limit the amount of groups imported from Azure AD, a regular expression can be used as the following: + + {{< highlight python >}} + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER='^team-.*' # or 'teamA|teamB|groupC' + {{< /highlight >}} + +### Automatic Cleanup of User-Groups + +To prevent authorization creep, old Azure AD groups a user is not having anymore can be deleted with the following environment parameter: + + {{< highlight python >}} + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS=True + {{< /highlight >}} + +When a user is removed from a given group in Azure AD, they will also be removed from the corresponding group in DefectDojo. +If there is a group in DefectDojo, that no longer has any members, it will be left as is for record purposes. + ## Gitlab In a similar fashion to that of Google and OKTA, using Gitlab as a OAuth2 provider carries the same attributes and a similar procedure. Follow along below. -1. Navigate to your Gitlab settings page and got to the Applications +1. Navigate to your Gitlab settings page and got to the Applications section - - **OR** - [https://the_hostname_you_have_gitlab_deployed:your_gitlab_port/profile/applications](https://the_hostname_you_have_gitlab_deployed:your_gitlab_port/profile/applications) -2. Choose a name for your application -3. For the Redirect URI, enter the DefectDojo URL with the following +2. Choose a name for your application +3. For the Redirect URI, enter the DefectDojo URL with the following format - [https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/) -4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following information: {{< highlight python >}} @@ -227,14 +261,93 @@ Follow along below. DD_SOCIAL_AUTH_GITLAB_PROJECT_AUTO_IMPORT = True {{< /highlight >}} -5. Restart DefectDojo, and you should now see a **Login with Gitlab** + **Important:** if you enable this setting on already working instance with gitlab integrations, it will require new grant "read_repository" by user + +5. Restart DefectDojo, and you should now see a **Login with Gitlab** button on the login page. +## Keycloak +There is also an option to use Keycloak as OAuth2 provider in order to authenticate users to Defect Dojo, also by using +the social-auth plugin. + +Here are suggestion on how to configure Keycloak and DefectDojo: + +### Configure Keycloak +(assuming you already have an existing realm, otherwise create one) +1. Navigate to your keycloak realm and add a new client of type openid-connect. Choose a name for the client id and use this value below for DD_SOCIAL_AUTH_KEYCLOAK_KEY). +2. In the client settings: + * Set `access type` to `confidential` + * Under `valid Redirect URIs`, add the URI to your defect dojo installation, e.g. 'https:///*' + * Under `web origins`, add the same (or '+') + * Under `Fine grained openID connect configuration` -> `user info signed response algorithm`: set to `RS256` + * Under `Fine grained openID connect configuration` -> `request object signature algorithm`: set to `RS256` + * -> save these settings in keycloak (hit save button) +3. Under `Scope` -> `Full Scope Allowed` set to `off` +4. Under `mappers` -> add a custom mapper here: + * Name: `aud` + * Mapper type: `audience` + * Included audience: select your client/client-id here + * Add ID to token: `off` + * Add access to token: `on` +5. Under `credentials`: copy the secret (and use as DD_SOCIAL_AUTH_KEYCLOAK_SECRET below) +6. In your realm settings -> keys: copy the "Public key" (signing key) (use for DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY below) +7. In your realm settings -> general -> endpoints: look into openId endpoint configuration + and look up your authorization and token endpoint (use them below) + +### Configure Defect Dojo +Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following + information: + + {{< highlight python >}} + DD_SESSION_COOKIE_SECURE=True, + DD_CSRF_COOKIE_SECURE=True, + DD_SECURE_SSL_REDIRECT=True, + DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED=True, + DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, '') + {{< /highlight >}} + +or, alternatively, for helm configuration, add this to the `extraConfig` section: + +``` +DD_SESSION_COOKIE_SECURE: 'True' +DD_CSRF_COOKIE_SECURE: 'True' +DD_SECURE_SSL_REDIRECT: 'True' +DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED: 'True' +DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY: '' +DD_SOCIAL_AUTH_KEYCLOAK_KEY: '' +DD_SOCIAL_AUTH_KEYCLOAK_SECRET: '' +DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: '' +DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: '' +``` + +Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order to customize the login button's text caption. + +## GitHub Enterprise +1. Navigate to your GitHub Enterprise Server and follow instructions to create a new OAuth App [https://docs.github.com/en/enterprise-server/developers/apps/building-oauth-apps/creating-an-oauth-app](https://docs.github.com/en/enterprise-server/developers/apps/building-oauth-apps/creating-an-oauth-app) +2. Choose a name for your application +3. For the Redirect URI, enter the DefectDojo URL with the following + format + - [https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/) +4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following + information: + {{< highlight python >}} + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github..com/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github..com/api/v3/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED = True, + {{< /highlight >}} +5. Restart DefectDojo, and you should now see a **Login with GitHub Enterprise** + button on the login page. + ## SAML 2.0 In a similar direction to OAuth, this SAML addition provides a more secure perogative to SSO. For definitions of terms used and more information, -see the plugin [plugin -homepage](https://github.com/IdentityPython/djangosaml2). +see the plugin [plugin homepage](https://github.com/IdentityPython/djangosaml2). 1. Navigate to your SAML IdP and find your metadata 2. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following @@ -262,6 +375,8 @@ homepage](https://github.com/IdentityPython/djangosaml2). NOTE: *DD_SAML2_ATTRIBUTES_MAP* in k8s can be referenced as extraConfig (e.g. `DD_SAML2_ATTRIBUTES_MAP: 'Email'='email', 'Username'='username'...`) +NOTE: *DD_SITE_URL* might also need to be set depending on the choices you make with the metadata.xml provider. (File versus URL). + 4. Checkout the SAML section in dojo/`dojo/settings/settings.dist.py` and verfiy if it fits your requirement. If you need help, take a look at the [plugin documentation](https://djangosaml2.readthedocs.io/contents/setup.html#configuration). @@ -299,6 +414,26 @@ Up to relase 1.15.0 the SAML integration was based on [https://github.com/fangli * DD_SAML2_ATTRIBUTES_MAP: Syntax has changed * DD_SAML2_CREATE_USER: Default value changed to False, to avoid security breaches +## RemoteUser + +This implementation is suitable if the DefectDojo instance is placed behind HTTP Authentication Proxy. +Dojo expects that the proxy will perform authentication and pass HTTP requests to the Dojo instance with filled HTTP headers. +The proxy should check if an attacker is not trying to add a malicious HTTP header and bypass authentication. + +Values which need to be set: + +* `DD_AUTH_REMOTEUSER_ENABLED` - Needs to be set to `True` +* `DD_AUTH_REMOTEUSER_USERNAME_HEADER` - Name of the header which contains the username +* `DD_AUTH_REMOTEUSER_EMAIL_HEADER`(optional) - Name of the header which contains the email +* `DD_AUTH_REMOTEUSER_FIRSTNAME_HEADER`(optional) - Name of the header which contains the first name +* `DD_AUTH_REMOTEUSER_LASTNAME_HEADER`(optional) - Name of the header which contains the last name +* `DD_AUTH_REMOTEUSER_GROUPS_HEADER`(optional) - Name of the header which contains the comma-separated list of groups; user will be assigned to these groups (missing groups will be created) +* `DD_AUTH_REMOTEUSER_GROUPS_CLEANUP`(optional) - Same as [#automatic-import-of-user-groups](AzureAD implementation) +* `DD_AUTH_REMOTEUSER_TRUSTED_PROXY` - Comma separated list of proxies; Simple IP and CIDR formats are supported +* `DD_AUTH_REMOTEUSER_LOGIN_ONLY`(optional) - Check [Django documentation](https://docs.djangoproject.com/en/3.2/howto/auth-remote-user/#using-remote-user-on-login-pages-only) + +*WARNING:* There is possible spoofing of headers (for all `DD_AUTH_REMOTEUSER_xxx_HEADER` values). Read Warning in [Django documentation](https://docs.djangoproject.com/en/3.2/howto/auth-remote-user/#configuration) + ## User Permissions When a new user is created via the social-auth, only the default permissions are active. This means that the newly created user does not have access to add, edit, nor delete anything within DefectDojo. There are two parameters in the System Settings to influence the permissions for newly created users: @@ -307,28 +442,27 @@ When a new user is created via the social-auth, only the default permissions are When both the parameters `Default group` and `Default group role` are set, the new user will be a member of the given group with the given role, which will give him the respective permissions. -### Staff user ### - -Newly created users are neither staff nor superuser by default. The `is_staff` flag of a new user will be set to `True`, if the user's email address matches the regular expression in the parameter `Email pattern for staff users`. +### Groups from Identity Providers -**Example:** - -`.*@example.com` will make `alice@example.com` a staff user, while `bob@partner.example.com` or `chris@example.org` will be non-staff users. +Some Identity Providers are able to send list of groups to which should user belongs. This functionality is implemented only for Identity Providers mentioned below. For all others, we will be more than happy for contribution (hint: functions `assign_user_to_groups` and `cleanup_old_groups_for_user` from [`dojo/pipeline.py`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/pipeline.py) might be useful). +- [Azure](#automatic-import-of-user-groups): Check `DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS` and `DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS` +- [RemoteUser](#remoteuser): Check `DD_AUTH_REMOTEUSER_GROUPS_HEADER` and `DD_AUTH_REMOTEUSER_GROUPS_CLEANUP` ## Login speed-up -If you are using only one Social authentication and you are not using the standard login mechanism (`SHOW_LOGIN_FORM` is -set to `False`), showing login page could be useless because every time user clicks on the only existing button on the -page like "Login with SAML" (or another similar button). If you set `SOCIAL_LOGIN_AUTO_REDIRECT` to `True`, the login -page is skipped and the user is automatically redirected to the identity provider's page. +You can bypass the login form if you are only using SSO/Social authentication for login in by enabling these two environment variables: + +``` +DD_SOCIAL_LOGIN_AUTO_REDIRECT: "true" +DD_SOCIAL_AUTH_SHOW_LOGIN_FORM: "false" +``` ### Login form fallback If you are using "login speed-up", it can be useful to be able to login by the standard way, for example when an admin -user needs to log in because of a change of some settings or permissions. Accessing -[`/login?force_login_form`](https:///login?force_login_form) shows login form even "login speed-up" is -enabled. +user needs to log in because of a change of some settings or permissions. This feature is accessible by a visiting the URL +`/login?force_login_form`. ## Other Providers diff --git a/docs/content/en/integrations/source-code-repositories.md b/docs/content/en/integrations/source-code-repositories.md index b8a0f2fe19d..7b7f5f04671 100644 --- a/docs/content/en/integrations/source-code-repositories.md +++ b/docs/content/en/integrations/source-code-repositories.md @@ -7,18 +7,47 @@ weight: 5 Findings can have a filepath and a line number as the location of the vulnerability. This is typically set when scanning an application with a Static Application Security Test (SAST) tool. If the repository of the source code is specified in the Engagement, DefectDojo will present the filepath as a link and the user can navigate directly to the location of the vulnerability. -## Setting the repository in the Engagement +## Setting the repository in the Engagement and Test -While editing the Engagement, users can set the URL of the repo. It needs to be the URL including the branch, e.g. https://github.com/DefectDojo/django-DefectDojo/tree/dev (GitHub) or https://gitlab.com/gitlab-org/gitlab/-/tree/master (GitLab). +### Engagement +While editing the Engagement, users can set the URL of the specific SCM repo. +For Interactive Engagement it needs to be the URL including the branch: +- for GitHub - like https://github.com/DefectDojo/django-DefectDojo/tree/dev +![Edit Engagement (GitHub)](../../../static/images/source-code-repositories_1.png) +- for GitLab - like https://gitlab.com/gitlab-org/gitlab/-/tree/master +![Edit Engagement (Gitlab)](../../../static/images/source-code-repositories-gitlab_1.png) +- for public BitBucket - like (like git clone url) +![Edit Engagement (Bitbucket public)](../../../static/images/source-code-repositories-bitbucket_1.png) +- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project/some-repo.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url) +![Edit Engagement (Bitbucket standalone)](../../../static/images/source-code-repositories-bitbucket-onpremise_1.png) + +For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below: +- for GitHub - like https://github.com/DefectDojo/django-DefectDojo +- for GitLab - like https://gitlab.com/gitlab-org/gitlab +- for public BitBucket - like https://bitbucket.org/some-user/some-project.git (like git clone url) +- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url) + +If user does not set commit hash or branch/tag in appropriate fields of CI/CD Engagement edit form, the URL should look like in Interactive Engagement edit form. + +SCM navigation URL is composed from Repo URL using SCM Type. Github/Gitlab SCM type is default, but user could set certain SCM type in Product custom field "scm-type". + +Product custom fields: + +![Product custom fields](../../../static/images/product-custom-fields_1.png) + +Product SCM type add: + +![Product scm type](../../../static/images/product-scm-type_1.png) + +Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone' or nothing (for default github). -![Edit Engagement](../../images/source-code-repositories_1.png) ## Link in Finding When viewing a finding, the location will be presented as a link, if the repository of the source code has been set in the Engagement: -![Link to location](../../images/source-code-repositories_2.png) +![Link to location](../../../static/images/source-code-repositories_2.png) Clicking on this link will open a new tab in the browser, with the source file of the vulnerability at the corresponding line number: -![View in repository](../../images/source-code-repositories_3.png) +![View in repository](../../../static/images/source-code-repositories_3.png) diff --git a/docs/content/en/usage/features.md b/docs/content/en/usage/features.md index 3b9a9f74444..470c009bf71 100644 --- a/docs/content/en/usage/features.md +++ b/docs/content/en/usage/features.md @@ -1,14 +1,150 @@ --- title: "Features" -description: "Various features help manage the findings." +description: "Various features help manage vulnerabilities." draft: false weight: 2 --- +## Tags + +In DefectDojo, tags are a first class citizen and are recognized as the facilitators +of organization within each level of the [data model](../models). Tags are +ideal for grouping objects in a manner that can be filtered out into smaller, more +digestible chunks. + +Here is an example with a product with two tags and four findings each with a single tag + +![High level example of usage with tags](../../images/tags-high-level-example.png) + +### Adding and Removing + +Tags can be managed in the following ways + +1. Creating or Editing new objects + + When a new object is created or edited through the UI or API, there is a field for specifying + the tags to be set on a given object. This field is a multiselect field that also has + auto completion to make searching and adding existing tags a breeze. Here is what the field + looks like on the product from the screenshot in the previous section: + + ![Tag management on an object](../../images/tags-management-on-object.png) + +2. Import and Reimport + + Tags can also be applied to a given test at the time of import or reimport. This is a very + handy use case when importing via the API with automation as it provides an opportunity to + append automation run details and tool information that may not be captured in the test + or finding object directly. + + The field looks and behaves exactly as it does on a given object + +3. Bulk Edit Menu (Findings only) + + When needing to update many findings with the same set of tags, the bulk edit menu can be + used to ease the burden. + + In the following example, lets say I want to update the tags of the two findings with the tag "tag-group-alpha" to be a new tag list like this ["tag-group-charlie", "tag-group-delta"]. + First I would select the tags to be updated: + + ![Select findings for bulk edit tag update](../../images/tags-select-findings-for-bulk-edit.png) + + Once a finding is selected, a new button appears with the name "Bulk Edit". Clicking this button + produces a dropdown menu with many options, but the focus is just on tags for now. Update the + field to have the desired tag list as follows, and click submit + + ![Apply changes for bulk edit tag update](../../images/tags-bulk-edit-submit.png) + + The tags on the selected Findings will be updated to whatever was specified in the tags field + within the bulk edit menu + + ![Completed bulk edit tag update](../../images/tags-bulk-edit-complete.png) + +### Filtering + +Tags can be filtered in many ways through both the UI and the API. For example, here is a snippet +of the Finding filters: + +![Snippet of the finding filters](../../images/tags-finding-filter-snippet.png) + +There are ten fields related to tags: + + - Tags: filter on any tags that are attached to a given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "B" + - Finding Will *not* be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "F" + - Not Tags: filter on any tags that are *not* attached to a given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "F" + - Finding Will *not* be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "B" + - Tag Name Contains: filter on any tags that contain part or all of the query in the given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "et" (part of "Beta") + - Finding Will *not* be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "meg" (part of "Omega") + - Not Tags: filter on any tags that do *not* contain part or all of the query in the given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "meg" (part of "Omega") + - Finding Will *not* be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "et" (part of "Beta") + +For the other six tag filters, they follow the same rules as "Tags" and "Not Tags" as above, +but at different levels in the data model: + + - Tags (Test): filter on any tags that are attached to the Test of a given Finding is part of + - Not Tags (Test): filter on any tags that are *not* attached to the Test of a given Finding is part of + - Tags (Engagement): filter on any tags that are attached to the Engagement of a given Finding is part of + - Not Tags (Engagement): filter on any tags that are *not* attached to the Engagement of a given Finding is part of + - Tags (Product): filter on any tags that are attached to the Product of a given Finding is part of + - Not Tags (Product): filter on any tags that are *not* attached to the Product of a given Finding is part of + +### Tag Inheritance + +When enabled, tags applied to a given product will automatically be applied to all objects under +products in the [data model](../models.md). + +#### Configuration + +Tag Inheritance can be enabled at the following scope levels: +- Global Scope + - Every product system wide will begin applying tags to all children objects + - This is set within the System Settings +- Product Scope + - Only the selected product will begin applying tags to all children objects + - This is set at the product creation/edit page + +#### Behaviors + +Tags can be added and removed to other objects the same as when tag inheritance +is disabled. The only exception to that rule being inherited tags as they cannot +be removed from an object. See the following example of adding a tag "test_only_tag" +to the Test object and a tag "engagement_only_tag" to the Engagement. + +![Example of inherited tags](../../images/tags-inherit-exmaple.png) + +When updates are made to the tag list on a product, the same changes are made to all +objects within the product asynchronously. The duration of this task directly correlates +to the number the objects contained within a finding. If the results are not observed +within a reasonable time period, consult the celery worker logs to identify where any +problems might have arisen. + ## Risk Acceptance Findings cannot always be remediated or addressed for various reasons. A -finding status can change to accepted by doing the following. Findings +finding \'status\' can be change to \'accepted\' by doing the following: Findings are accepted in the engagement view. To locate the engagement from the finding click the link to engagement as shown below. @@ -37,7 +173,7 @@ deduplication on engagement and deduplication on product level: ![Deduplication on product and engagement level](../../images/deduplication.png) -Upon saving a finding, defectDojo will look at the other findings in the +Upon saving a finding, DefectDojo will look at the other findings in the product or the engagement (depending on the configuration) to find duplicates @@ -55,7 +191,7 @@ Deduplicate vulnerabilities in the same build/release. The vulnerabilities may b detecting duplicates across scanners is not trivial as it requires a certain standardization. -Track unique vulnerabilities across builds/releases so that defectDojo knows when it finds a vulnerability whether it has seen it before. +Track unique vulnerabilities across builds/releases so that DefectDojo knows when it finds a vulnerability that has seen it before. : this allows you keep information attached to a given finding in a unique place: all further duplicate findings will point @@ -74,21 +210,26 @@ configured. #### Engagement configuration -When creating an engagement or later by editing the engagement, the +When creating or editing an engagement, the \"Deduplication within engagement only\" checkbox can be ticked. - If activated: Findings are only deduplicated within the same engagement. Findings present in different engagements cannot be duplicates -- Else: Findings are deduplicated across the whole product +- Otherwise: Findings are deduplicated across the whole product -Note that deduplication can never occur across different products. +Note that currently deduplication does not occur across different products. ### Deduplication algorithms The behavior of the deduplication can be configured for each parser in settings.dist.py (or settings.py after install) by configuring the -`DEDUPLICATION_ALGORITHM_PER_PARSER` variable. +`DEDUPLICATION_ALGORITHM_PER_PARSER` variable, or via the env variable (useful for Kubernetes deployments) `DD_DEDUPLICATION_ALGORITHM_PER_PARSER` with a JSON string like +```json +{"ScannerName":"algorithm"} +``` +The environment variable will override the settings in `settings.dist.py`, replacing by matching the keys. + The available algorithms are: @@ -152,7 +293,11 @@ DEDUPE_ALGO_LEGACY The hash_code computation can be configured for each parser using the parameter `HASHCODE_FIELDS_PER_SCANNER` in -`settings.dist.py`. +`settings.dist.py`, or via the env variable (useful for Kubernetes deployments) `DD_HASHCODE_FIELDS_PER_SCANNER` with a JSON string like +```json +{"ScannerName":["field1", "field2"]} +``` +The environment variable will override the settings in `settings.dist.py`, replacing by matching the keys. The parameter `HASHCODE_ALLOWED_FIELDS` list the fields from finding table that were tested and are known to be working when @@ -195,7 +340,7 @@ Tips: When you change the hashcode configuration, it is needed to regenerated the hashcodes for all findings, or at least those findings found by scanners for which the configuration was updated. -This is sometimes also needed after an upgrade to a new Defect Dojo version, for example when we made changes +This is sometimes also needed after an upgrade to a new DefectDojo version, for example when we made changes to the hashcode configuration or calculation logic. We will mention this in the upgrade notes. To regenerate the hashcodes, use the `dedupe` management command: @@ -206,7 +351,7 @@ docker-compose exec uwsgi ./manage.py dedupe --hash_code_only This will only regenerated the hashcodes, but will not run any deduplication logic on existing findings. If you want to run deduplication again on existing findings to make sure any duplicates found by the new -hashcode config are marked as such, run +hashcode config are marked as such, run: {{< highlight bash >}} docker-compose exec uwsgi ./manage.py dedupe @@ -232,13 +377,17 @@ details about the deduplication process : switch ### Deduplication - APIv2 parameters -- `skip_duplicates`: if true, duplicates are not +- `skip_duplicates`: if true, duplicates are not inserted at all -- `close_old_findings` : if true, findings that are not +- `close_old_findings` : if true, findings that are not duplicates and that were in the previous scan of the same type - (example ZAP) for the same product (or engagement in case of - \"Deduplication on engagement\") and that are not present in the new - scan are closed (Inactive, Verified, Mitigated) + (example ZAP) for the same engagement (or product in case of + \"close_old_findings_product_scope\") and that are not present in the new + scan are closed (Inactive, Verified, Mitigated). +- `close_old_findings_product_scope` : if true, close_old_findings applies + to all findings of the same type in the product. Note that + \"Deduplication on engagement\" is no longer used to determine the + scope of close_old_findings. ### Deduplication / Similar findings @@ -260,22 +409,10 @@ Similar Findings which will remove the duplicate status on that finding along with marking it active again. -## False Positive Removal - -DefectDojo allows users to tune out false positives by enabling False -Positive History. This will track what engineers have labeled as false -positive for a specific product and for a specific scanner. While -enabled, when a tool reports the same issue that has been flagged as a -false positive previously, it will automatically mark the finding as a -false positive, helping to tune overly verbose security tools. - -False Positive Removal is not needed when using deduplication, and it is -advised to not combine these two. - ## Service Level Agreement (SLA) -DefectDojo allows you to maintain your security SLA and automatically -remind teams whenever a SLA is about to get breached, or breaches. +DefectDojo allows you to maintain your security SLAs and automatically +remind teams whenever a SLA is about to get breached, or is breached. Simply indicate in the `System Settings` for each severity, how many days teams have to remediate a finding. @@ -284,25 +421,20 @@ days teams have to remediate a finding. ### SLA notification configuration -There are 5 variables in the settings.py file that you can configure, to -act on the global behavior. By default, any findings across the instance -that are in `Active, Verified` state will be considered for -notifications. +There are 3 variables in the system settings that can be set for notifcations of SLA breaches. +By default notifications are disabled. +You can either choose to notify about breaches for findings that are only in 'Active' or +for any findings across the instance that are in `Active, Verified`. +Furthermore, it is possible choose to only consider findings that have a JIRA issue linked to them. + +There are 2 variables in the settings.py file that you can configure, to +act on the global behavior. {{< highlight python >}} -SLA_NOTIFY_ACTIVE = False -SLA_NOTIFY_ACTIVE_VERIFIED_ONLY = True -SLA_NOTIFY_WITH_JIRA_ONLY = False SLA_NOTIFY_PRE_BREACH = 3 SLA_NOTIFY_POST_BREACH = 7 {{< / highlight >}} -Setting both `SLA_NOTIFY_ACTIVE` and `SLA_NOTIFY_ACTIVE_VERIFIED_ONLY` -to `False` will effectively disable SLA notifications. - -You can choose to only consider findings that have a JIRA issue linked -to them. If so, please set `SLA_NOTIFY_WITH_JIRA_ONLY` to `True`. - The `SLA_NOTIFY_PRE_BREACH` is expressed in days. Whenever a finding\'s \"SLA countdown\" (time to remediate) drops to this number, a notification would be sent everyday, as scheduled by the crontab in @@ -321,7 +453,7 @@ through CI in \'active\' state. ### What notification channels for SLA notifications? -The same as usual. You will notice that an extra `SLA breach` option is now present +You will notice that an extra `SLA breach` option is now present on the `Notification` page and also in the `Product` view. ![SLA notification checkbox](../../images/sla_notification_product_checkboxes.png) @@ -329,8 +461,8 @@ on the `Notification` page and also in the `Product` view. ### SLA notification with JIRA You can choose to also send SLA notification as JIRA comments, if your -product is configured with JIRA. You can enable it at the JIRA -configuration level or at the Product level. +product is configured with JIRA. You can enable this at the Product level in the Product specific +JIRA settings. The Product level JIRA notification configuration takes precendence over the global JIRA notification configuration. @@ -425,6 +557,9 @@ Product Type Counts ![Product Type Counts](../../images/met_2.png) +Product Tag Counts +: Same as above, but for a group of products sharing a tag. + Simple Metrics : Provides tabular data for all Product Types. The data displayed in this view is the total number of S0, S1, S2, S3, S4, Opened This @@ -455,9 +590,6 @@ Active : Designates whether this user should be treated as active and can login to DefectDojo. Unselect this instead of deleting accounts. -Staff status -: Staff users have some more permissions than non-staff users, see [System wide permissions]({{< ref "permissions#system-wide-permissions" >}}) - Superuser status : Designates that this user can configure the system and has all permissions for objects without explicitly assigning them. @@ -541,4 +673,4 @@ feedback.internal.google.com (endpoint) -> [ team:human resources, public_facing Endpoint Meta Importer can be found in the Endpoint tab when viewing a Product -**Note:** The field "hostname" is required as it is used to query/create endpoints. \ No newline at end of file +**Note:** The field "hostname" is required as it is used to query/create endpoints. diff --git a/docs/content/en/usage/models.md b/docs/content/en/usage/models.md index b02c8c3b3bb..540e256cee2 100644 --- a/docs/content/en/usage/models.md +++ b/docs/content/en/usage/models.md @@ -1,6 +1,6 @@ --- title: "Core data classes" -description: "DefectDojo is based on a model that allows high flexibility for your test tracking needs." +description: "DefectDojo is made to be flexible to conform to your program, rather than making your team conform to the tool." draft: false weight: 1 --- diff --git a/docs/content/en/usage/performance.md b/docs/content/en/usage/performance.md new file mode 100644 index 00000000000..d7957ddb724 --- /dev/null +++ b/docs/content/en/usage/performance.md @@ -0,0 +1,40 @@ +--- +title: "Performance Enhancements" +description: "Settings to configure to enhance performance in DefectDojo" +draft: false +weight: 4 +--- + +## Asynchronous Import + +DefectDojo offers an experimental feature to aynschronously import security reports. +This feature works in most use cases, but struggles when doing things such as pushing +to Jira during the import process. Because Endpoints are still being processed and +created even after the import procedure is completed, pushing Findings to Jira can +result in incomplete Jira tickets. It is advised to wait until after import has been +completed (reaches 100%). + +To enable this feature, set `ASYNC_FINDING_IMPORT` to True in `local_settings.py` + +## Asynchronous Delete + +For larger instances, deleting an object can take minutes for all related objects to be +expanded into memory, rendered on the page, and then removing all objects from the database. +To combat this issue, two settings can be set in `local_settings.py`: + +#### ASYNC_OBJECT_DELETE + +Deleting an object asynchronously changes the way an object is deleted under the hood. By removing +the need to expand into memory, a lot of time (and memory) can be saved by offloading the lookups and +removals onto celery processes. This process works by starting at the bottom of a given object, and +walking the tree upwards rather than downwards. This way, objects can be seperated into buckets, +and then deleted. + +#### DELETE_PREVIEW + +Previewing all the objects to be deleted takes almost as much time as deleting the objects itself. +This is a safety feature intended to warn users of what they are about to delete, as well as educating +users of how the delete functionality works by cascade deleting all related objects. With this feature enabled, +the user will only see the following text in the delete preview (without any database lookups) + +`Previewing the relationships has been disabled.` diff --git a/docs/content/en/usage/permissions.md b/docs/content/en/usage/permissions.md index 5e13fc3891e..512484d51b2 100644 --- a/docs/content/en/usage/permissions.md +++ b/docs/content/en/usage/permissions.md @@ -7,8 +7,8 @@ draft: false ## System-wide permissions -* Administrators (aka super users) have no limitations in the system. They can change all settings, manage users and have read and write access to all data. -* Staff users can add Product Types, and have access to data according to their role in a Product or Product Type. There is the parameter `AUTHORIZATION_STAFF_OVERRIDE` in the settings to give all staff users full access to all Products and Product Types. +* Administrators (aka superusers) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. +* Staff users can add Product Types, and have access to data according to their role in a Product or Product Type. * Regular users have limited functionality available. They cannot add Product Types but have access to data according to their role in a Product or Product Type ## Product and Product Type permissions @@ -36,14 +36,14 @@ Users can be assigned as members to Products and Product Types, giving them one | Delete Product | | | | x | | | | | | | | | | View Engagement | x | x | x | x | x | -| Add Engagement | | x | x | x | | -| Edit Engagement | | x | x | x | | +| Add Engagement | | x | x | x | x | +| Edit Engagement | | x | x | x | x | | Risk Acceptance | | x | x | x | | | Delete Engagement | | | x | x | | | | | | | | | | View Test | x | x | x | x | x | | Add Test | | x | x | x | | -| Edit Test | | x | x | x | | +| Edit Test | | x | x | x | x | | Delete Test | | | x | x | | | | | | | | | | View Finding | x | x | x | x | x | @@ -73,7 +73,7 @@ Users can be assigned as members to Products and Product Types, giving them one | Delete Note | (x) 2) | (x) 2) | x | x | | -1) Every staff user and administrator can add Product Types. Regular users are not allowed to add Product Types, unless they are Global Owner or Maintainer. +1) Every superuser can add Product Types. Regular users are not allowed to add Product Types, unless they are a Global Owner or Maintainer. 2) Every user is allowed to edit and delete his own notes. @@ -105,8 +105,23 @@ The membership of a group itself has a role that determines what permissions the | Add Group member as Owner | | | x | | Delete Group | | | x | -1) Every staff user and administrator can add groups. Regular users are not allowed to add groups. +1) Every superuser can add groups. Regular users are not allowed to add groups. The permissions to manage the roles of Products and Product types for a group is defined by the role of the user in the respective Product or Product Type. Groups can have a global role too. This global role gives all members of the group access to all Product Types and Products, including the underlying data, with permissions according to the respective role. + +## Configuration permissions + +Many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **superuser** status: + +![Configuration permissions](../../images/configuration_permissions.png) + +3 configurations can still only be changed by superusers: +* System settings +* Notifications on system level +* Configuration permissions for users and groups + +{{% alert title="Warning" color="warning" %}} +These configuration settings are a powerful tool and should be used with great care. +{{% /alert %}} diff --git a/docs/content/en/usage/productgrading.md b/docs/content/en/usage/productgrading.md new file mode 100644 index 00000000000..88cb88267fa --- /dev/null +++ b/docs/content/en/usage/productgrading.md @@ -0,0 +1,50 @@ +--- +title: "Product Health Grading" +description: "Products are graded based on their health." +draft: false +weight: 2 +--- + +## Product Health Grading + +Within DefectDojo's system settings, you have the opportunity to enable a grading system for your products. For that you have to enable ("Enable Product Grading"). Then, the products are graded with the following possible grades: +- Grade A +- Grade B +- Grade C +- Grade D +- Grade F + +The best grade is A going down to the worst grade F. By default the grades stick to the achieved percentage mentioned in grade converation [here](https://en.wikipedia.org/wiki/Academic_grading_in_the_United_States). + +### Calculation of the grades +The code that performs the grade calculations can be found [here](https://github.com/DefectDojo/django-DefectDojo/blob/76e11c21e88fb84b67b6da27c78fbbe1899e7e78/dojo/management/commands/system_settings.py#L8). + +The highest health score is 100 and it decreases based on the number of findings for each severity (critical, high, medium, low) within the product. In the following code snippet you can see the rules. +Note that the following abbreviations were used: + +- crit: amount of critical findings within the product +- high: amount of high findings within the product +- med: amount of medium findings within the product +- low: amount of low findings within the product + +``` +health=100 +if crit > 0: + health = 40 + health = health - ((crit - 1) * 5) +if high > 0: + if health == 100: + health = 60 + health = health - ((high - 1) * 3) +if med > 0: + if health == 100: + health = 80 + health = health - ((med - 1) * 2) +if low > 0: + if health == 100: + health = 95 + health = health - low +if health < 5: + health = 5 +return health +``` \ No newline at end of file diff --git a/docs/content/en/usage/questionnaires.md b/docs/content/en/usage/questionnaires.md new file mode 100644 index 00000000000..9d862e64b7d --- /dev/null +++ b/docs/content/en/usage/questionnaires.md @@ -0,0 +1,125 @@ +--- +title: "Questionnaires" +description: "Collect information from people internal or external to DefectDojo." +weight: 3 +draft: false +--- + +## Questionnaires + +Questionnaires provide a means for collecting information from developers and respective stakeholders. DefectDojo includes functionality to create new questionnaires with custom questions, open questionnaires to receive responses for certain time periods from insiders or outsiders, and connect questionnaires with new or existing engagements. + +## Creating a New Questionnaire + +To access, create, or modify new/existing questionnaires, navigate to the _All Questionnaires_ dashboard from the sidebar. + +![Questionnaires Location](../../images/questionnaires-sidebar.png) + +On the questionnaire dashboard, all existing questionnaires are displayed. To quickly find a questionnaire, the filters may be used to search for snippets within the questionnaire name and/or description, as well as by active/inactive status. + +When questionnaires are open for responses, they will be displayed in the _General Questionnaires_ block towards the bottom of the page. + +To begin the process of creating a new questionnaire, select the _Create Questionnaire_ button located in the top right of the questionnaire dashboard. + +![Questionnaires Home View](../../images/questionnaires-main-view.png) + +Questionnaires have a name and description, as well as an activity status, which are initially set on questionnaire creation, but can be modified in the future if necessary. Once these fields are filled in appropriately, the user can create the questionnaire without any questions (by selecting _Create Questionnaire_), or with questions (by selecting _Create Questionnaire and Add Questions_). + +![Create New Questionnaire](../../images/questionnaires-create-new.png) + +To add questions to a questionnaire, select the dropdown titled _Select as many Questions as applicable_, which will open all of the existing questions within DefectDojo. Once the desired questions are selected from the list, the dropdown can be closed, and the _Update Questionnaire Questions_ can be selected to save the newly created questionnaire. + +_Note_: New questions may also be added at the time of questionnaire creation by selecting the plus located next to the questions dropdown. + +![Select Questions](../../images/questionnaires-select-questions.png) + +## Creating New Questions + +The questions dashboard displays all of the questions that may exist as part of questionnaires within DefectDojo. Similar to questionnaires, to quickly find a question, the filters may be used to search for optional status, or snippets within the question name and/or description. Two types of questions exist within DefectDojo questionnaires: _Text Questions_ and _Multiple Choice Questions_. To add a new question, select the _Create Question_ button located in the top right of the questions dashboard. + +![Questionnaire Questions](../../images/questionnaires-questions.png) + +#### Adding Text Questions + +To add a text question (open-ended), fill out the add question form, where: + - **Type** - The type of question being created, in this case _Text_. + - **Order** - The order of a question describes its position in a questionnaire relative to other questions (e.g., an order of _1_ will put the question higher than a question with order _4_). + - **Optional** - When the optional box is checked, a question will not be required in a questionnaire. + - **Question Text** - The text that is displayed to prompt a user for their answer (e.g. What is your favorite color?). + +![Add Text Answer Question](../../images/questionnaires-open-ended.png) + +#### Adding Multiple Choice Questions + +Similar to the process of adding a text question, choice questions (non-open-ended) allow the user to pick from a given list of choices. To add a choice question, fill out the add question form, where: + - **Type** - The type of question being created, in this case _Choice_. + - **Order** - The order of a question describes its position in a questionnaire relative to other questions (e.g., an order of _1_ will put the question higher than a question with order _4_). + - **Optional** - When the optional box is checked, a question will not be required in a questionnaire. + - **Multichoice** - When the multichoice box is checked, multiple choices from the list of choices may be selected by the user. + - **Answer Choices** - The possible answer choices that may be selected by a user. + +![Add Multiple Choice Question](../../images/questionnaires-multiple-choice.png) + +## Publishing a Questionnaire + +Once a questionnaire has been successfully created, it can be published to accept responses. To publish a questionnaire, select the plus located to the right of _General Questionnaires_. + +![Add General Questionnaire](../../images/questionnaires-main-view.png) + +This will prompt for a specific questionnaire to be selected, as well as a date the questionnaire response window should close. The response window sets a due date for recipients. Once these two options have been selected, publish the questionnaire by selecting _Add Questionnaire_. + +![Publicize Questionnaire](../../images/questionnaires-publicize.png) + +Once a questionnaire is published, a link to share it can be retrieved by selecting the _Share Questionnaire_ action. To ensure the newly created questionnaire has been constructed as expected, open the share link and view the newly created questionnaire. + +![Share Questionnaire Link](../../images/questionnaires-share.png) + +![Responding to Questionnaires](../../images/questionnaires-respond.png) + +## Unassigned Questionnaires + +When a questionnaire's response window has closed, all of the responses will be saved, and the questionnaire will be listed as an _Unassigned Answered Engagement Questionnaire_ on the DefectDojo dashboard. + +There are three actions that may be taken when a questionnaire's response window has closed: _View Responses_, _Create Engagement_, and _Assign User_. + +![Unnasigned Questionnaires](../../images/questionnaires-unassigned.png) + +#### View Questionnaire Responses + +To view the questionnaire responses, select the _View Responses_ action. All of the responses from the questionnaire will be displayed. + +![View Questionnaire Responses](../../images/questionnaires-view-responses.png) + +#### Create an Engagement From a Questionnaire + +To link the questionnaire to a product via an engagement, select the _Create Engagement_ action. Once a product is selected from the dropdown, select _Create Engagement_. This will link the questionnaire results with a new engagement under the selected product, which can then be given specific details similar to other engagements in DefectDojo, such as _Description_, _Version_, _Status_, _Tags_, etc. + +![Link Questionnaire to Engagement](../../images/questionnaires-new-engagement.png) + +![New Engagement for Questionnaire](../../images/questionnaires-create-engagement.png) + +To view a questionnaire at the engagement level, navigate to the engagement linked with the desired questionnaire. Expand the _Additional Features_ menu to reveal a _Questionnaires_ dropdown, which will contain all of the linked questionnaires. + +![View Questionnaire from Engagement](../../images/questionnaires-view-questionnaire.png) + +#### Assign a Questionnaire to a User + +To assign a questionnaire to a user, select the _Assign User_ action. This will prompt for a user to be selected from the dropdown of available users. Once a user is selected, assign the questionnaire to the specified user by selecting _Assign Questionnaire_. + +![Assign Questionnaire to User](../../images/questionnaires-assign-user.png) + +## Creating Questionnaires From Engagements + +While questionnaires are commonly created from the questionnaire dashboard, they can also be created at the engagement level. To create a new questionnaire from within an engagement, expand the _Additional Features_ dropdown to reveal the _Questionnaires_ dropdown. In the right side header of the _Questionnaires_ dropdown, select the plus to link a new questionnaire. + +![New Questionnaire from Engagement](../../images/questionnaires-add-from-engagement.png) + +Once prompted, select a questionnaire from the available surveys list to link it with the engagement. If the user wishes to leave a response at the time of linking the questionnaire with the engagement, the _Add Questionnaire and Repond_ option may be selected. To simply link the questionnaire with the engagement, select _Add Questionnaire_. + +![Select Questionnaire from Engagement](../../images/questionnaires-select-survey.png) + +## Anonymous Questionnaires + +Questionnaires, by default, are only accessible by DefectDojo users. To allow outside responses to DefectDojo questionnaires, ensure the _Allow Anonymous Survey Reponses_ option within the _System Settings_ is selected. To share a questionnaire with anonymous users, use the questionnaire's _Share Link_. + +![Anonymous Survey Reponses](../../images/questionnaires-system-settings.png) diff --git a/docs/package-lock.json b/docs/package-lock.json index ccfdc3c5da2..eaf7096132b 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -1,6 +1,1005 @@ { + "name": "docs", + "lockfileVersion": 2, "requires": true, - "lockfileVersion": 1, + "packages": { + "": { + "devDependencies": { + "autoprefixer": "10.4.17", + "postcss": "8.4.35", + "postcss-cli": "11.0.0" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dev": true, + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dev": true, + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@sindresorhus/merge-streams": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz", + "integrity": "sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/autoprefixer": { + "version": "10.4.17", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.17.tgz", + "integrity": "sha512-/cpVNRLSfhOtcGflT13P2794gVSgmPgTR+erw5ifnMLZb0UnSlkK4tquLmkd3BhA+nLo5tX8Cu0upUsGKvKbmg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/autoprefixer" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "browserslist": "^4.22.2", + "caniuse-lite": "^1.0.30001578", + "fraction.js": "^4.3.7", + "normalize-range": "^0.1.2", + "picocolors": "^1.0.0", + "postcss-value-parser": "^4.2.0" + }, + "bin": { + "autoprefixer": "bin/autoprefixer" + }, + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browserslist": { + "version": "4.22.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.2.tgz", + "integrity": "sha512-0UgcrvQmBDvZHFGdYUehrCNIazki7/lUP3kkoi/r3YB2amZbFM9J43ZRkJTXBUZK4gmx56+Sqk9+Vs9mwZx9+A==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "caniuse-lite": "^1.0.30001565", + "electron-to-chromium": "^1.4.601", + "node-releases": "^2.0.14", + "update-browserslist-db": "^1.0.13" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001578", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001578.tgz", + "integrity": "sha512-J/jkFgsQ3NEl4w2lCoM9ZPxrD+FoBNJ7uJUpGVjIg/j0OwJosWM36EPDv+Yyi0V4twBk9pPmlFS+PLykgEvUmg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ] + }, + "node_modules/chokidar": { + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "dev": true, + "funding": [ + { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + ], + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/dependency-graph": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-0.11.0.tgz", + "integrity": "sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==", + "dev": true, + "engines": { + "node": ">= 0.6.0" + } + }, + "node_modules/electron-to-chromium": { + "version": "1.4.635", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.635.tgz", + "integrity": "sha512-iu/2D0zolKU3iDGXXxdOzNf72Jnokn+K1IN6Kk4iV6l1Tr2g/qy+mvmtfAiBwZe5S3aB5r92vp+zSZ69scYRrg==", + "dev": true + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/escalade": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/fast-glob": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", + "dev": true, + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fastq": { + "version": "1.17.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.0.tgz", + "integrity": "sha512-zGygtijUMT7jnk3h26kUms3BkSDp4IfIKjmnqI2tvx6nuBfiF1UqOxbnLfzdv+apBy+53oaImsKtMw/xYbW+1w==", + "dev": true, + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fraction.js": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", + "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", + "dev": true, + "engines": { + "node": "*" + }, + "funding": { + "type": "patreon", + "url": "https://github.com/sponsors/rawify" + } + }, + "node_modules/fs-extra": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.0.0.tgz", + "integrity": "sha512-4YxRvMi4P5C3WQTvdRfrv5UVqbISpqjORFQAW5QPiKAauaxNCwrEdIi6pG3tDFhKKpMen+enEhHIzB/tvIO+/w==", + "dev": true, + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=14.14" + } + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-stdin": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/globby": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-14.0.0.tgz", + "integrity": "sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ==", + "dev": true, + "dependencies": { + "@sindresorhus/merge-streams": "^1.0.0", + "fast-glob": "^3.3.2", + "ignore": "^5.2.4", + "path-type": "^5.0.0", + "slash": "^5.1.0", + "unicorn-magic": "^0.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", + "dev": true + }, + "node_modules/ignore": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", + "dev": true, + "engines": { + "node": ">= 4" + } + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/lilconfig": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz", + "integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==", + "dev": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, + "node_modules/micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dev": true, + "dependencies": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/nanoid": { + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/node-releases": { + "version": "2.0.14", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==", + "dev": true + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/normalize-range": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", + "integrity": "sha1-LRDAa9/TEuqXd2laTShDlFa3WUI=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-type": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-5.0.0.tgz", + "integrity": "sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", + "dev": true + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pify": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postcss": { + "version": "8.4.35", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.35.tgz", + "integrity": "sha512-u5U8qYpBCpN13BsiEB0CbR1Hhh4Gc0zLFuedrHJKMctHCHAGrMdG0PRM/KErzAL3CU6/eckEtmHNB3x6e3c0vA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "nanoid": "^3.3.7", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-cli": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-11.0.0.tgz", + "integrity": "sha512-xMITAI7M0u1yolVcXJ9XTZiO9aO49mcoKQy6pCDFdMh9kGqhzLVpWxeD/32M/QBmkhcGypZFFOLNLmIW4Pg4RA==", + "dev": true, + "dependencies": { + "chokidar": "^3.3.0", + "dependency-graph": "^0.11.0", + "fs-extra": "^11.0.0", + "get-stdin": "^9.0.0", + "globby": "^14.0.0", + "picocolors": "^1.0.0", + "postcss-load-config": "^5.0.0", + "postcss-reporter": "^7.0.0", + "pretty-hrtime": "^1.0.3", + "read-cache": "^1.0.0", + "slash": "^5.0.0", + "yargs": "^17.0.0" + }, + "bin": { + "postcss": "index.js" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.0.0" + } + }, + "node_modules/postcss-load-config": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-5.0.2.tgz", + "integrity": "sha512-Q8QR3FYbqOKa0bnC1UQ2bFq9/ulHX5Bi34muzitMr8aDtUelO5xKeJEYC/5smE0jNE9zdB/NBnOwXKexELbRlw==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "lilconfig": "^3.0.0", + "yaml": "^2.3.4" + }, + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "jiti": ">=1.21.0", + "postcss": ">=8.0.9" + }, + "peerDependenciesMeta": { + "jiti": { + "optional": true + }, + "postcss": { + "optional": true + } + } + }, + "node_modules/postcss-reporter": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-7.0.5.tgz", + "integrity": "sha512-glWg7VZBilooZGOFPhN9msJ3FQs19Hie7l5a/eE6WglzYqVeH3ong3ShFcp9kDWJT1g2Y/wd59cocf9XxBtkWA==", + "dev": true, + "dependencies": { + "picocolors": "^1.0.0", + "thenby": "^1.3.4" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-value-parser": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", + "dev": true + }, + "node_modules/pretty-hrtime": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", + "integrity": "sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A==", + "dev": true, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/read-cache": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", + "dev": true, + "dependencies": { + "pify": "^2.3.0" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "dev": true, + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/slash": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", + "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", + "dev": true, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/source-map-js": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/thenby": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/thenby/-/thenby-1.3.4.tgz", + "integrity": "sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ==", + "dev": true + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/unicorn-magic": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz", + "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.0.13", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "integrity": "sha512-xebP81SNcPuNpPP3uzeW1NYXxI3rxyJzF3pD6sH4jE7o/IX+WtSpwnVU+qIsDPyk0d3hmFQ7mjqc6AtV604hbg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "escalade": "^3.1.1", + "picocolors": "^1.0.0" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yaml": { + "version": "2.3.4", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", + "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==", + "dev": true, + "engines": { + "node": ">= 14" + } + }, + "node_modules/yargs": { + "version": "17.5.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.5.1.tgz", + "integrity": "sha512-t6YAJcxDkNX7NFYiVtKvWUz8l+PaKTLiL63mJYWR2GnHq2gjEWISzsLp9wg3aY36dY1j+gfIEL3pIF+XlJJfbA==", + "dev": true, + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/yargs-parser": { + "version": "21.0.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.0.1.tgz", + "integrity": "sha512-9BK1jFpLzJROCI5TzwZL/TU4gqjK5xiHV/RfWLOahrjAko/e4DJkRDZQXfvqAsiZzzYhgAzbgz6lg48jcm4GLg==", + "dev": true, + "engines": { + "node": ">=12" + } + } + }, "dependencies": { "@nodelib/fs.scandir": { "version": "2.1.5", @@ -28,6 +1027,12 @@ "fastq": "^1.6.0" } }, + "@sindresorhus/merge-streams": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz", + "integrity": "sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw==", + "dev": true + }, "ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", @@ -53,21 +1058,15 @@ "picomatch": "^2.0.4" } }, - "array-union": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/array-union/-/array-union-3.0.1.tgz", - "integrity": "sha512-1OvF9IbWwaeiM9VhzYXVQacMibxpXOMYVNIvMtKRyX9SImBXpKcFr8XvFDeEslCyuH/t6KRt7HEO94AlP8Iatw==", - "dev": true - }, "autoprefixer": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.1.tgz", - "integrity": "sha512-B3ZEG7wtzXDRCEFsan7HmR2AeNsxdJB0+sEC0Hc5/c2NbhJqPwuZm+tn233GBVw82L+6CtD6IPSfVruwKjfV3A==", + "version": "10.4.17", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.17.tgz", + "integrity": "sha512-/cpVNRLSfhOtcGflT13P2794gVSgmPgTR+erw5ifnMLZb0UnSlkK4tquLmkd3BhA+nLo5tX8Cu0upUsGKvKbmg==", "dev": true, "requires": { - "browserslist": "^4.19.1", - "caniuse-lite": "^1.0.30001294", - "fraction.js": "^4.1.2", + "browserslist": "^4.22.2", + "caniuse-lite": "^1.0.30001578", + "fraction.js": "^4.3.7", "normalize-range": "^0.1.2", "picocolors": "^1.0.0", "postcss-value-parser": "^4.2.0" @@ -89,28 +1088,27 @@ } }, "browserslist": { - "version": "4.19.1", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.19.1.tgz", - "integrity": "sha512-u2tbbG5PdKRTUoctO3NBD8FQ5HdPh1ZXPHzp1rwaa5jTc+RV9/+RlWiAIKmjRPQF+xbGM9Kklj5bZQFa2s/38A==", + "version": "4.22.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.2.tgz", + "integrity": "sha512-0UgcrvQmBDvZHFGdYUehrCNIazki7/lUP3kkoi/r3YB2amZbFM9J43ZRkJTXBUZK4gmx56+Sqk9+Vs9mwZx9+A==", "dev": true, "requires": { - "caniuse-lite": "^1.0.30001286", - "electron-to-chromium": "^1.4.17", - "escalade": "^3.1.1", - "node-releases": "^2.0.1", - "picocolors": "^1.0.0" + "caniuse-lite": "^1.0.30001565", + "electron-to-chromium": "^1.4.601", + "node-releases": "^2.0.14", + "update-browserslist-db": "^1.0.13" } }, "caniuse-lite": { - "version": "1.0.30001294", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001294.tgz", - "integrity": "sha512-LiMlrs1nSKZ8qkNhpUf5KD0Al1KCBE3zaT7OLOwEkagXMEDij98SiOovn9wxVGQpklk9vVC/pUSqgYmkmKOS8g==", + "version": "1.0.30001578", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001578.tgz", + "integrity": "sha512-J/jkFgsQ3NEl4w2lCoM9ZPxrD+FoBNJ7uJUpGVjIg/j0OwJosWM36EPDv+Yyi0V4twBk9pPmlFS+PLykgEvUmg==", "dev": true }, "chokidar": { - "version": "3.5.2", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz", - "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==", + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", "dev": true, "requires": { "anymatch": "~3.1.2", @@ -155,19 +1153,10 @@ "integrity": "sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==", "dev": true }, - "dir-glob": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", - "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", - "dev": true, - "requires": { - "path-type": "^4.0.0" - } - }, "electron-to-chromium": { - "version": "1.4.29", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.29.tgz", - "integrity": "sha512-N2Jbwxo5Rum8G2YXeUxycs1sv4Qme/ry71HG73bv8BvZl+I/4JtRgK/En+ST/Wh/yF1fqvVCY4jZBgMxnhjtBA==", + "version": "1.4.635", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.635.tgz", + "integrity": "sha512-iu/2D0zolKU3iDGXXxdOzNf72Jnokn+K1IN6Kk4iV6l1Tr2g/qy+mvmtfAiBwZe5S3aB5r92vp+zSZ69scYRrg==", "dev": true }, "emoji-regex": { @@ -183,9 +1172,9 @@ "dev": true }, "fast-glob": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.7.tgz", - "integrity": "sha512-rYGMRwip6lUMvYD3BTScMwT1HtAs2d71SMv66Vrxs0IekGZEjhM0pcMfjQPnknBt2zeCwQMEupiN02ZP4DiT1Q==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", "dev": true, "requires": { "@nodelib/fs.stat": "^2.0.2", @@ -196,9 +1185,9 @@ } }, "fastq": { - "version": "1.13.0", - "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", - "integrity": "sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==", + "version": "1.17.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.0.tgz", + "integrity": "sha512-zGygtijUMT7jnk3h26kUms3BkSDp4IfIKjmnqI2tvx6nuBfiF1UqOxbnLfzdv+apBy+53oaImsKtMw/xYbW+1w==", "dev": true, "requires": { "reusify": "^1.0.4" @@ -214,15 +1203,15 @@ } }, "fraction.js": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.1.2.tgz", - "integrity": "sha512-o2RiJQ6DZaR/5+Si0qJUIy637QMRudSi9kU/FFzx9EZazrIdnBgpU+3sEWCxAVhH2RtxW2Oz+T4p2o8uOPVcgA==", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", + "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", "dev": true }, "fs-extra": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.0.0.tgz", - "integrity": "sha512-C5owb14u9eJwizKGdchcDUQeFtlSHHthBk8pbX9Vc1PFZrLombudjDnNns88aYslCyF6IY5SUw3Roz6xShcEIQ==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.0.0.tgz", + "integrity": "sha512-4YxRvMi4P5C3WQTvdRfrv5UVqbISpqjORFQAW5QPiKAauaxNCwrEdIi6pG3tDFhKKpMen+enEhHIzB/tvIO+/w==", "dev": true, "requires": { "graceful-fs": "^4.2.0", @@ -259,49 +1248,31 @@ } }, "globby": { - "version": "12.0.2", - "resolved": "https://registry.npmjs.org/globby/-/globby-12.0.2.tgz", - "integrity": "sha512-lAsmb/5Lww4r7MM9nCCliDZVIKbZTavrsunAsHLr9oHthrZP1qi7/gAnHOsUs9bLvEt2vKVJhHmxuL7QbDuPdQ==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-14.0.0.tgz", + "integrity": "sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ==", "dev": true, "requires": { - "array-union": "^3.0.1", - "dir-glob": "^3.0.1", - "fast-glob": "^3.2.7", - "ignore": "^5.1.8", - "merge2": "^1.4.1", - "slash": "^4.0.0" + "@sindresorhus/merge-streams": "^1.0.0", + "fast-glob": "^3.3.2", + "ignore": "^5.2.4", + "path-type": "^5.0.0", + "slash": "^5.1.0", + "unicorn-magic": "^0.1.0" } }, "graceful-fs": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz", - "integrity": "sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg==", + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", "dev": true }, "ignore": { - "version": "5.1.9", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.9.tgz", - "integrity": "sha512-2zeMQpbKz5dhZ9IwL0gbxSW5w0NK/MSAMtNuhgIHEPmaU3vPdKPL0UdvUCXs5SS4JAwsBxysK5sFMW8ocFiVjQ==", + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", "dev": true }, - "import-cwd": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/import-cwd/-/import-cwd-3.0.0.tgz", - "integrity": "sha512-4pnzH16plW+hgvRECbDWpQl3cqtvSofHWh44met7ESfZ8UZOWWddm8hEyDTqREJ9RbYHY8gi8DqmaelApoOGMg==", - "dev": true, - "requires": { - "import-from": "^3.0.0" - } - }, - "import-from": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/import-from/-/import-from-3.0.0.tgz", - "integrity": "sha512-CiuXOFFSzkU5x/CR0+z7T91Iht4CXgfCxVOFRhh2Zyhg5wOpWvvDLQUsWl+gcN+QscYBjez8hDCt85O7RLDttQ==", - "dev": true, - "requires": { - "resolve-from": "^5.0.0" - } - }, "is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", @@ -314,7 +1285,7 @@ "is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true }, "is-fullwidth-code-point": { @@ -349,39 +1320,9 @@ } }, "lilconfig": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.0.4.tgz", - "integrity": "sha512-bfTIN7lEsiooCocSISTWXkiWJkRqtL9wYtYy+8EK3Y41qh3mpwPU0ycTOgjdY9ErwXCc8QyrQp82bdL0Xkm9yA==", - "dev": true - }, - "lodash.difference": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/lodash.difference/-/lodash.difference-4.5.0.tgz", - "integrity": "sha1-nMtOUF1Ia5FlE0V3KIWi3yf9AXw=", - "dev": true - }, - "lodash.forown": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/lodash.forown/-/lodash.forown-4.4.0.tgz", - "integrity": "sha1-hRFc8E9z75ZuztUlEdOJPMRmg68=", - "dev": true - }, - "lodash.get": { - "version": "4.4.2", - "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", - "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=", - "dev": true - }, - "lodash.groupby": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/lodash.groupby/-/lodash.groupby-4.6.0.tgz", - "integrity": "sha1-Cwih3PaDl8OXhVwyOXg4Mt90A9E=", - "dev": true - }, - "lodash.sortby": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", - "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz", + "integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==", "dev": true }, "merge2": { @@ -391,25 +1332,25 @@ "dev": true }, "micromatch": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.4.tgz", - "integrity": "sha512-pRmzw/XUcwXGpD9aI9q/0XOwLNygjETJ8y0ao0wdqprrzDa4YnxLcz7fQRZr8voh8V10kGhABbNcHVk5wHgWwg==", + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", "dev": true, "requires": { - "braces": "^3.0.1", - "picomatch": "^2.2.3" + "braces": "^3.0.2", + "picomatch": "^2.3.1" } }, "nanoid": { - "version": "3.1.30", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.30.tgz", - "integrity": "sha512-zJpuPDwOv8D2zq2WRoMe1HsfZthVewpel9CAvTfc/2mBD1uUT/agc5f7GHGWXlYkFvi1mVxe4IjvP2HNrop7nQ==", + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", "dev": true }, "node-releases": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.1.tgz", - "integrity": "sha512-CqyzN6z7Q6aMeF/ktcMVTzhAHCEpf8SOarwpzpf8pNBY2k5/oM34UHldUwp8VKI7uxct2HxSRdJjBaZeESzcxA==", + "version": "2.0.14", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==", "dev": true }, "normalize-path": { @@ -425,9 +1366,9 @@ "dev": true }, "path-type": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", - "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-5.0.0.tgz", + "integrity": "sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==", "dev": true }, "picocolors": { @@ -437,71 +1378,66 @@ "dev": true }, "picomatch": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz", - "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", "dev": true }, "pify": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", + "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", "dev": true }, "postcss": { - "version": "8.4.5", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.5.tgz", - "integrity": "sha512-jBDboWM8qpaqwkMwItqTQTiFikhs/67OYVvblFFTM7MrZjt6yMKd6r2kgXizEbTTljacm4NldIlZnhbjr84QYg==", + "version": "8.4.35", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.35.tgz", + "integrity": "sha512-u5U8qYpBCpN13BsiEB0CbR1Hhh4Gc0zLFuedrHJKMctHCHAGrMdG0PRM/KErzAL3CU6/eckEtmHNB3x6e3c0vA==", "dev": true, "requires": { - "nanoid": "^3.1.30", + "nanoid": "^3.3.7", "picocolors": "^1.0.0", - "source-map-js": "^1.0.1" + "source-map-js": "^1.0.2" } }, "postcss-cli": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-9.1.0.tgz", - "integrity": "sha512-zvDN2ADbWfza42sAnj+O2uUWyL0eRL1V+6giM2vi4SqTR3gTYy8XzcpfwccayF2szcUif0HMmXiEaDv9iEhcpw==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-11.0.0.tgz", + "integrity": "sha512-xMITAI7M0u1yolVcXJ9XTZiO9aO49mcoKQy6pCDFdMh9kGqhzLVpWxeD/32M/QBmkhcGypZFFOLNLmIW4Pg4RA==", "dev": true, "requires": { "chokidar": "^3.3.0", "dependency-graph": "^0.11.0", - "fs-extra": "^10.0.0", + "fs-extra": "^11.0.0", "get-stdin": "^9.0.0", - "globby": "^12.0.0", + "globby": "^14.0.0", "picocolors": "^1.0.0", - "postcss-load-config": "^3.0.0", + "postcss-load-config": "^5.0.0", "postcss-reporter": "^7.0.0", "pretty-hrtime": "^1.0.3", "read-cache": "^1.0.0", - "slash": "^4.0.0", + "slash": "^5.0.0", "yargs": "^17.0.0" } }, "postcss-load-config": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.0.tgz", - "integrity": "sha512-ipM8Ds01ZUophjDTQYSVP70slFSYg3T0/zyfII5vzhN6V57YSxMgG5syXuwi5VtS8wSf3iL30v0uBdoIVx4Q0g==", + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-5.0.2.tgz", + "integrity": "sha512-Q8QR3FYbqOKa0bnC1UQ2bFq9/ulHX5Bi34muzitMr8aDtUelO5xKeJEYC/5smE0jNE9zdB/NBnOwXKexELbRlw==", "dev": true, "requires": { - "import-cwd": "^3.0.0", - "lilconfig": "^2.0.3", - "yaml": "^1.10.2" + "lilconfig": "^3.0.0", + "yaml": "^2.3.4" } }, "postcss-reporter": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-7.0.4.tgz", - "integrity": "sha512-jY/fnpGSin7kwJeunXbY35STp5O3VIxSFdjee5JkoPQ+FfGH5JW3N+Xe9oAPcL9UkjWjkK+JC72o8XH4XXKdhw==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-7.0.5.tgz", + "integrity": "sha512-glWg7VZBilooZGOFPhN9msJ3FQs19Hie7l5a/eE6WglzYqVeH3ong3ShFcp9kDWJT1g2Y/wd59cocf9XxBtkWA==", "dev": true, "requires": { - "lodash.difference": "^4.5.0", - "lodash.forown": "^4.4.0", - "lodash.get": "^4.4.2", - "lodash.groupby": "^4.6.0", - "lodash.sortby": "^4.7.0", - "picocolors": "^1.0.0" + "picocolors": "^1.0.0", + "thenby": "^1.3.4" } }, "postcss-value-parser": { @@ -513,7 +1449,7 @@ "pretty-hrtime": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", - "integrity": "sha1-t+PqQkNaTJsnWdmeDyAesZWALuE=", + "integrity": "sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A==", "dev": true }, "queue-microtask": { @@ -525,7 +1461,7 @@ "read-cache": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", - "integrity": "sha1-5mTvMRYRZsl1HNvo28+GtftY93Q=", + "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", "dev": true, "requires": { "pify": "^2.3.0" @@ -543,13 +1479,7 @@ "require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", - "dev": true - }, - "resolve-from": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", "dev": true }, "reusify": { @@ -568,15 +1498,15 @@ } }, "slash": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", - "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", + "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", "dev": true }, "source-map-js": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.1.tgz", - "integrity": "sha512-4+TN2b3tqOCd/kaGRJ/sTYA0tR0mdXx26ipdolxcwtJVqEnqNYvlCAt1q3ypy4QMlYus+Zh34RNtYLoq2oQ4IA==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==", "dev": true }, "string-width": { @@ -599,6 +1529,12 @@ "ansi-regex": "^5.0.1" } }, + "thenby": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/thenby/-/thenby-1.3.4.tgz", + "integrity": "sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ==", + "dev": true + }, "to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -608,12 +1544,28 @@ "is-number": "^7.0.0" } }, + "unicorn-magic": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz", + "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==", + "dev": true + }, "universalify": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", "dev": true }, + "update-browserslist-db": { + "version": "1.0.13", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "integrity": "sha512-xebP81SNcPuNpPP3uzeW1NYXxI3rxyJzF3pD6sH4jE7o/IX+WtSpwnVU+qIsDPyk0d3hmFQ7mjqc6AtV604hbg==", + "dev": true, + "requires": { + "escalade": "^3.1.1", + "picocolors": "^1.0.0" + } + }, "wrap-ansi": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", @@ -632,15 +1584,15 @@ "dev": true }, "yaml": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", - "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", + "version": "2.3.4", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", + "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==", "dev": true }, "yargs": { - "version": "17.3.0", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.3.0.tgz", - "integrity": "sha512-GQl1pWyDoGptFPJx9b9L6kmR33TGusZvXIZUT+BOz9f7X2L94oeAskFYLEg/FkhV06zZPBYLvLZRWeYId29lew==", + "version": "17.5.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.5.1.tgz", + "integrity": "sha512-t6YAJcxDkNX7NFYiVtKvWUz8l+PaKTLiL63mJYWR2GnHq2gjEWISzsLp9wg3aY36dY1j+gfIEL3pIF+XlJJfbA==", "dev": true, "requires": { "cliui": "^7.0.2", @@ -653,9 +1605,9 @@ } }, "yargs-parser": { - "version": "21.0.0", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.0.0.tgz", - "integrity": "sha512-z9kApYUOCwoeZ78rfRYYWdiU/iNL6mwwYlkkZfJoyMR1xps+NEBX5X7XmRpxkZHhXJ6+Ey00IwKxBBSW9FIjyA==", + "version": "21.0.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.0.1.tgz", + "integrity": "sha512-9BK1jFpLzJROCI5TzwZL/TU4gqjK5xiHV/RfWLOahrjAko/e4DJkRDZQXfvqAsiZzzYhgAzbgz6lg48jcm4GLg==", "dev": true } } diff --git a/docs/package.json b/docs/package.json index 3412e09458a..b2185ed2596 100644 --- a/docs/package.json +++ b/docs/package.json @@ -1,7 +1,7 @@ { "devDependencies": { - "postcss": "8.4.5", - "autoprefixer": "10.4.1", - "postcss-cli": "9.1.0" + "postcss": "8.4.35", + "autoprefixer": "10.4.17", + "postcss-cli": "11.0.0" } } diff --git a/docs/static/images/branching_model_v2.png b/docs/static/images/branching_model_v2.png new file mode 100644 index 00000000000..701b0c5e816 Binary files /dev/null and b/docs/static/images/branching_model_v2.png differ diff --git a/docs/static/images/configuration_permissions.png b/docs/static/images/configuration_permissions.png new file mode 100644 index 00000000000..6d586a66135 Binary files /dev/null and b/docs/static/images/configuration_permissions.png differ diff --git a/docs/static/images/product-custom-fields_1.png b/docs/static/images/product-custom-fields_1.png new file mode 100644 index 00000000000..98ffc74fb27 Binary files /dev/null and b/docs/static/images/product-custom-fields_1.png differ diff --git a/docs/static/images/product-scm-type_1.png b/docs/static/images/product-scm-type_1.png new file mode 100644 index 00000000000..cd60414bb7c Binary files /dev/null and b/docs/static/images/product-scm-type_1.png differ diff --git a/docs/static/images/questionnaires-add-from-engagement.png b/docs/static/images/questionnaires-add-from-engagement.png new file mode 100644 index 00000000000..02e92d04e49 Binary files /dev/null and b/docs/static/images/questionnaires-add-from-engagement.png differ diff --git a/docs/static/images/questionnaires-added.png b/docs/static/images/questionnaires-added.png new file mode 100644 index 00000000000..d5301f13aff Binary files /dev/null and b/docs/static/images/questionnaires-added.png differ diff --git a/docs/static/images/questionnaires-assign-user.png b/docs/static/images/questionnaires-assign-user.png new file mode 100644 index 00000000000..8d1c9f1ea66 Binary files /dev/null and b/docs/static/images/questionnaires-assign-user.png differ diff --git a/docs/static/images/questionnaires-create-engagement.png b/docs/static/images/questionnaires-create-engagement.png new file mode 100644 index 00000000000..d8c92b55697 Binary files /dev/null and b/docs/static/images/questionnaires-create-engagement.png differ diff --git a/docs/static/images/questionnaires-create-new.png b/docs/static/images/questionnaires-create-new.png new file mode 100644 index 00000000000..8b788ec2294 Binary files /dev/null and b/docs/static/images/questionnaires-create-new.png differ diff --git a/docs/static/images/questionnaires-main-view.png b/docs/static/images/questionnaires-main-view.png new file mode 100644 index 00000000000..1e2a5715bf0 Binary files /dev/null and b/docs/static/images/questionnaires-main-view.png differ diff --git a/docs/static/images/questionnaires-multiple-choice.png b/docs/static/images/questionnaires-multiple-choice.png new file mode 100644 index 00000000000..49f8d25c690 Binary files /dev/null and b/docs/static/images/questionnaires-multiple-choice.png differ diff --git a/docs/static/images/questionnaires-new-engagement.png b/docs/static/images/questionnaires-new-engagement.png new file mode 100644 index 00000000000..da61ab6d1c2 Binary files /dev/null and b/docs/static/images/questionnaires-new-engagement.png differ diff --git a/docs/static/images/questionnaires-open-ended.png b/docs/static/images/questionnaires-open-ended.png new file mode 100644 index 00000000000..71ef0836aec Binary files /dev/null and b/docs/static/images/questionnaires-open-ended.png differ diff --git a/docs/static/images/questionnaires-publicize.png b/docs/static/images/questionnaires-publicize.png new file mode 100644 index 00000000000..b450459851c Binary files /dev/null and b/docs/static/images/questionnaires-publicize.png differ diff --git a/docs/static/images/questionnaires-question-search.png b/docs/static/images/questionnaires-question-search.png new file mode 100644 index 00000000000..70496c81e0d Binary files /dev/null and b/docs/static/images/questionnaires-question-search.png differ diff --git a/docs/static/images/questionnaires-questions.png b/docs/static/images/questionnaires-questions.png new file mode 100644 index 00000000000..f576ed331dc Binary files /dev/null and b/docs/static/images/questionnaires-questions.png differ diff --git a/docs/static/images/questionnaires-respond.png b/docs/static/images/questionnaires-respond.png new file mode 100644 index 00000000000..f25968f7b24 Binary files /dev/null and b/docs/static/images/questionnaires-respond.png differ diff --git a/docs/static/images/questionnaires-search.png b/docs/static/images/questionnaires-search.png new file mode 100644 index 00000000000..05bc6508fc4 Binary files /dev/null and b/docs/static/images/questionnaires-search.png differ diff --git a/docs/static/images/questionnaires-select-questions.png b/docs/static/images/questionnaires-select-questions.png new file mode 100644 index 00000000000..14462c8970c Binary files /dev/null and b/docs/static/images/questionnaires-select-questions.png differ diff --git a/docs/static/images/questionnaires-select-survey.png b/docs/static/images/questionnaires-select-survey.png new file mode 100644 index 00000000000..1931b4cc513 Binary files /dev/null and b/docs/static/images/questionnaires-select-survey.png differ diff --git a/docs/static/images/questionnaires-share.png b/docs/static/images/questionnaires-share.png new file mode 100644 index 00000000000..1ce972d1e91 Binary files /dev/null and b/docs/static/images/questionnaires-share.png differ diff --git a/docs/static/images/questionnaires-sidebar.png b/docs/static/images/questionnaires-sidebar.png new file mode 100644 index 00000000000..51846decaa3 Binary files /dev/null and b/docs/static/images/questionnaires-sidebar.png differ diff --git a/docs/static/images/questionnaires-system-settings.png b/docs/static/images/questionnaires-system-settings.png new file mode 100644 index 00000000000..61ddfa640a0 Binary files /dev/null and b/docs/static/images/questionnaires-system-settings.png differ diff --git a/docs/static/images/questionnaires-unassigned.png b/docs/static/images/questionnaires-unassigned.png new file mode 100644 index 00000000000..530ba65f675 Binary files /dev/null and b/docs/static/images/questionnaires-unassigned.png differ diff --git a/docs/static/images/questionnaires-view-questionnaire.png b/docs/static/images/questionnaires-view-questionnaire.png new file mode 100644 index 00000000000..b6ef757d4cb Binary files /dev/null and b/docs/static/images/questionnaires-view-questionnaire.png differ diff --git a/docs/static/images/questionnaires-view-responses.png b/docs/static/images/questionnaires-view-responses.png new file mode 100644 index 00000000000..562910c0589 Binary files /dev/null and b/docs/static/images/questionnaires-view-responses.png differ diff --git a/docs/static/images/slack_add_product.png b/docs/static/images/slack_add_product.png new file mode 100644 index 00000000000..81a6dad2e2f Binary files /dev/null and b/docs/static/images/slack_add_product.png differ diff --git a/docs/static/images/slack_import_scan.png b/docs/static/images/slack_import_scan.png new file mode 100644 index 00000000000..fe154d2fb5b Binary files /dev/null and b/docs/static/images/slack_import_scan.png differ diff --git a/docs/static/images/source-code-repositories-bitbucket-onpremise_1.png b/docs/static/images/source-code-repositories-bitbucket-onpremise_1.png new file mode 100644 index 00000000000..6b333abbd36 Binary files /dev/null and b/docs/static/images/source-code-repositories-bitbucket-onpremise_1.png differ diff --git a/docs/static/images/source-code-repositories-bitbucket_1.png b/docs/static/images/source-code-repositories-bitbucket_1.png new file mode 100644 index 00000000000..d3e85d6b19b Binary files /dev/null and b/docs/static/images/source-code-repositories-bitbucket_1.png differ diff --git a/docs/static/images/source-code-repositories-gitlab_1.png b/docs/static/images/source-code-repositories-gitlab_1.png new file mode 100644 index 00000000000..2aa43b63d1e Binary files /dev/null and b/docs/static/images/source-code-repositories-gitlab_1.png differ diff --git a/docs/static/images/tags-bulk-edit-complete.png b/docs/static/images/tags-bulk-edit-complete.png new file mode 100644 index 00000000000..9ca91e2b294 Binary files /dev/null and b/docs/static/images/tags-bulk-edit-complete.png differ diff --git a/docs/static/images/tags-bulk-edit-submit.png b/docs/static/images/tags-bulk-edit-submit.png new file mode 100644 index 00000000000..7e5c0d86c28 Binary files /dev/null and b/docs/static/images/tags-bulk-edit-submit.png differ diff --git a/docs/static/images/tags-finding-filter-snippet.png b/docs/static/images/tags-finding-filter-snippet.png new file mode 100644 index 00000000000..af8986c367b Binary files /dev/null and b/docs/static/images/tags-finding-filter-snippet.png differ diff --git a/docs/static/images/tags-high-level-example.png b/docs/static/images/tags-high-level-example.png new file mode 100644 index 00000000000..b85ba163d3b Binary files /dev/null and b/docs/static/images/tags-high-level-example.png differ diff --git a/docs/static/images/tags-inherit-exmaple.png b/docs/static/images/tags-inherit-exmaple.png new file mode 100644 index 00000000000..e4b80605ee2 Binary files /dev/null and b/docs/static/images/tags-inherit-exmaple.png differ diff --git a/docs/static/images/tags-management-on-object.png b/docs/static/images/tags-management-on-object.png new file mode 100644 index 00000000000..79bd0527534 Binary files /dev/null and b/docs/static/images/tags-management-on-object.png differ diff --git a/docs/static/images/tags-select-findings-for-bulk-edit.png b/docs/static/images/tags-select-findings-for-bulk-edit.png new file mode 100644 index 00000000000..8e6fc47dc98 Binary files /dev/null and b/docs/static/images/tags-select-findings-for-bulk-edit.png differ diff --git a/dojo/__init__.py b/dojo/__init__.py index 51ea8e4cee6..f1c39c15ed1 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,8 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -default_app_config = 'dojo.apps.DojoAppConfig' - -__version__ = '2.7.0-dev' +__version__ = '2.32.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' -__docs__ = 'https://defectdojo.github.io/django-DefectDojo' +__docs__ = 'https://documentation.defectdojo.com' diff --git a/dojo/rules/__init__.py b/dojo/announcement/__init__.py similarity index 100% rename from dojo/rules/__init__.py rename to dojo/announcement/__init__.py diff --git a/dojo/announcement/signals.py b/dojo/announcement/signals.py new file mode 100644 index 00000000000..5b89d71d780 --- /dev/null +++ b/dojo/announcement/signals.py @@ -0,0 +1,37 @@ +from dojo.models import Announcement, UserAnnouncement, Dojo_User +from django.db.models.signals import post_save +from django.dispatch import receiver +from django.conf import settings + + +@receiver(post_save, sender=Dojo_User) +def add_announcement_to_new_user(sender, instance, **kwargs): + announcements = Announcement.objects.all() + if announcements.count() > 0: + dojo_user = Dojo_User.objects.get(id=instance.id) + announcement = announcements.first() + cloud_announcement = ( + "Cloud and On-Premise Subscriptions Now Available!" + in announcement.message + ) + if not cloud_announcement or settings.CREATE_CLOUD_BANNER: + user_announcements = UserAnnouncement.objects.filter( + user=dojo_user, announcement=announcement + ) + if user_announcements.count() == 0: + UserAnnouncement.objects.get_or_create( + user=dojo_user, announcement=announcement + ) + + +@receiver(post_save, sender=Announcement) +def announcement_post_save(sender, instance, created, **kwargs): + if created: + UserAnnouncement.objects.bulk_create( + [ + UserAnnouncement( + user=user_id, announcement=instance + ) + for user_id in Dojo_User.objects.all() + ] + ) diff --git a/dojo/announcement/urls.py b/dojo/announcement/urls.py new file mode 100644 index 00000000000..c62d26f13d5 --- /dev/null +++ b/dojo/announcement/urls.py @@ -0,0 +1,15 @@ +from django.urls import re_path +from dojo.announcement import views + +urlpatterns = [ + re_path( + r"^configure_announcement$", + views.configure_announcement, + name="configure_announcement", + ), + re_path( + r"^dismiss_announcement$", + views.dismiss_announcement, + name="dismiss_announcement", + ), +] diff --git a/dojo/announcement/views.py b/dojo/announcement/views.py new file mode 100644 index 00000000000..2544dba3539 --- /dev/null +++ b/dojo/announcement/views.py @@ -0,0 +1,92 @@ +import logging + +from django.shortcuts import render +from django.contrib import messages +from django.urls import reverse +from django.utils.translation import gettext_lazy as _ +from django.utils.translation import gettext +from django.http import HttpResponseRedirect +from dojo.utils import add_breadcrumb + +from dojo.forms import AnnouncementCreateForm, AnnouncementRemoveForm +from dojo.models import Announcement, UserAnnouncement +from dojo.authorization.authorization_decorators import ( + user_is_configuration_authorized, +) + +logger = logging.getLogger(__name__) + + +@user_is_configuration_authorized("dojo.change_announcement") +def configure_announcement(request): + remove = False + if request.method == "GET": + try: + announcement = Announcement.objects.get(id=1) + form = AnnouncementRemoveForm( + initial={ + "message": announcement.message, + "style": announcement.style, + "dismissable": announcement.dismissable, + } + ) + remove = True + except Announcement.DoesNotExist: + form = AnnouncementCreateForm() + elif request.method == "POST": + if "_Remove" in request.POST: + Announcement.objects.all().delete() + messages.add_message( + request, + messages.SUCCESS, + _("Announcement removed for everyone."), + extra_tags="alert-success", + ) + return HttpResponseRedirect("dashboard") + form = AnnouncementCreateForm(request.POST) + announcement, created = Announcement.objects.get_or_create(id=1) + if form.is_valid() and created: + announcement.message = form.cleaned_data["message"] + announcement.style = form.cleaned_data["style"] + announcement.dismissable = form.cleaned_data["dismissable"] + announcement.save() + messages.add_message( + request, + messages.SUCCESS, + _("Announcement updated successfully."), + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("configure_announcement")) + + add_breadcrumb( + title=gettext("Announcement Configuration"), + top_level=True, + request=request, + ) + return render( + request, "dojo/announcement.html", {"form": form, "remove": remove} + ) + + +def dismiss_announcement(request): + if request.method == "POST": + deleted_count, objects_deleted = UserAnnouncement.objects.filter( + user=request.user, announcement=1 + ).delete() + if deleted_count > 0: + messages.add_message( + request, + messages.SUCCESS, + _("Announcement removed."), + extra_tags="alert-success", + ) + return HttpResponseRedirect("dashboard") + else: + messages.add_message( + request, + messages.ERROR, + _("Failed to remove announcement."), + extra_tags="alert-danger", + ) + return render(request, "dojo/dismiss_announcement.html") + return render(request, "dojo/dismiss_announcement.html") diff --git a/dojo/api_v2/exception_handler.py b/dojo/api_v2/exception_handler.py index 46131c6fa53..5aa677bd10e 100644 --- a/dojo/api_v2/exception_handler.py +++ b/dojo/api_v2/exception_handler.py @@ -1,7 +1,11 @@ from django.core.exceptions import ValidationError from django.db.models.deletion import RestrictedError from rest_framework.response import Response -from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_409_CONFLICT, HTTP_500_INTERNAL_SERVER_ERROR +from rest_framework.status import ( + HTTP_400_BAD_REQUEST, + HTTP_409_CONFLICT, + HTTP_500_INTERNAL_SERVER_ERROR, +) from rest_framework.views import exception_handler import logging @@ -18,12 +22,12 @@ def custom_exception_handler(exc, context): response = Response() response.status_code = HTTP_409_CONFLICT response.data = {} - response.data['message'] = str(exc) + response.data["message"] = str(exc) elif isinstance(exc, ValidationError): response = Response() response.status_code = HTTP_400_BAD_REQUEST response.data = {} - response.data['message'] = str(exc) + response.data["message"] = str(exc) else: if response is None: # There is no standard error response, so we assume an unexpected @@ -33,15 +37,19 @@ def custom_exception_handler(exc, context): response = Response() response.status_code = HTTP_500_INTERNAL_SERVER_ERROR response.data = {} - response.data['message'] = 'Internal server error, check logs for details' + response.data[ + "message" + ] = "Internal server error, check logs for details" else: if response.status_code < 500: # HTTP status codes lower than 500 are no technical errors. # They need not to be logged and we provide the exception # message, if it is different from the detail that is already # in the response. - if isinstance(response.data, dict) and str(exc) != response.data.get('detail', ''): - response.data['message'] = str(exc) + if isinstance(response.data, dict) and str( + exc + ) != response.data.get("detail", ""): + response.data["message"] = str(exc) else: # HTTP status code 500 or higher are technical errors. # They get logged and we don't change the response. diff --git a/dojo/api_v2/mixins.py b/dojo/api_v2/mixins.py new file mode 100644 index 00000000000..e0770971f3f --- /dev/null +++ b/dojo/api_v2/mixins.py @@ -0,0 +1,62 @@ +from django.db import DEFAULT_DB_ALIAS +from django.contrib.admin.utils import NestedObjects +from drf_spectacular.utils import extend_schema +from drf_yasg.utils import swagger_auto_schema +from rest_framework.decorators import action +from rest_framework import status +from rest_framework.authtoken.models import Token +from dojo.api_v2 import serializers +from dojo.models import Question, Answer +import itertools + + +class DeletePreviewModelMixin: + @extend_schema( + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.DeletePreviewSerializer(many=True) + }, + ) + @swagger_auto_schema( + method="get", + responses={"default": serializers.DeletePreviewSerializer(many=True)}, + ) + @action(detail=True, methods=["get"], filter_backends=[], suffix="List") + def delete_preview(self, request, pk=None): + object = self.get_object() + + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([object]) + rels = collector.nested() + + def flatten(elem): + if isinstance(elem, list): + return itertools.chain.from_iterable(map(flatten, elem)) + else: + return [elem] + + rels = [ + { + "model": type(x).__name__, + "id": x.id if hasattr(x, "id") else None, + "name": str(x) + if not isinstance(x, Token) + else "", + } + for x in flatten(rels) + ] + + page = self.paginate_queryset(rels) + + serializer = serializers.DeletePreviewSerializer(page, many=True) + return self.get_paginated_response(serializer.data) + + +class QuestionSubClassFieldsMixin(object): + def get_queryset(self): + return Question.objects.select_subclasses() + + +class AnswerSubClassFieldsMixin(object): + def get_queryset(self): + return Answer.objects.select_subclasses() diff --git a/dojo/api_v2/permissions.py b/dojo/api_v2/permissions.py index 8ccb6e39a4b..aac0eb79264 100644 --- a/dojo/api_v2/permissions.py +++ b/dojo/api_v2/permissions.py @@ -1,35 +1,70 @@ import re -from rest_framework.exceptions import ParseError, PermissionDenied, ValidationError -from django.conf import settings -from dojo.api_v2.serializers import get_import_meta_data_from_dict, get_product_id_from_dict -from dojo.importers.reimporter.utils import get_target_engagement_if_exists, get_target_product_by_id_if_exists, \ - get_target_product_if_exists, get_target_test_if_exists, \ - get_target_product_type_if_exists -from dojo.models import Endpoint, Engagement, Finding, Finding_Group, Product_Type, Product, Test, Dojo_Group +from rest_framework.exceptions import ( + ParseError, + PermissionDenied, + ValidationError, +) +from dojo.api_v2.serializers import ( + get_import_meta_data_from_dict, + get_product_id_from_dict, +) +from dojo.importers.reimporter.utils import ( + get_target_engagement_if_exists, + get_target_product_by_id_if_exists, + get_target_product_if_exists, + get_target_test_if_exists, + get_target_product_type_if_exists, +) +from dojo.models import ( + Endpoint, + Engagement, + Finding, + Finding_Group, + Product_Type, + Product, + Test, + Dojo_Group, + Cred_Mapping, +) from django.shortcuts import get_object_or_404 from rest_framework import permissions, serializers -from dojo.authorization.authorization import user_has_global_permission, user_has_permission, user_has_configuration_permission +from dojo.authorization.authorization import ( + user_has_global_permission, + user_has_permission, + user_has_configuration_permission, +) from dojo.authorization.roles_permissions import Permissions def check_post_permission(request, post_model, post_pk, post_permission): - if request.method == 'POST': + if request.method == "POST": if request.data.get(post_pk) is None: - raise ParseError('Unable to check for permissions: Attribute \'{}\' is required'.format(post_pk)) + raise ParseError( + "Unable to check for permissions: Attribute '{}' is required".format( + post_pk + ) + ) object = get_object_or_404(post_model, pk=request.data.get(post_pk)) return user_has_permission(request.user, object, post_permission) else: return True -def check_object_permission(request, object, get_permission, put_permission, delete_permission, post_permission=None): - if request.method == 'GET': +def check_object_permission( + request, + object, + get_permission, + put_permission, + delete_permission, + post_permission=None, +): + if request.method == "GET": return user_has_permission(request.user, object, get_permission) - elif request.method == 'PUT' or request.method == 'PATCH': + elif request.method == "PUT" or request.method == "PATCH": return user_has_permission(request.user, object, put_permission) - elif request.method == 'DELETE': + elif request.method == "DELETE": return user_has_permission(request.user, object, delete_permission) - elif request.method == 'POST': + elif request.method == "POST": return user_has_permission(request.user, object, post_permission) else: return False @@ -37,57 +72,132 @@ def check_object_permission(request, object, get_permission, put_permission, del class UserHasAppAnalysisPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Technology_Add) + return check_post_permission( + request, Product, "product", Permissions.Technology_Add + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj.product, Permissions.Technology_View, Permissions.Technology_Edit, Permissions.Technology_Delete) + return check_object_permission( + request, + obj.product, + Permissions.Technology_View, + Permissions.Technology_Edit, + Permissions.Technology_Delete, + ) + + +class UserHasCredentialPermission(permissions.BasePermission): + def has_permission(self, request, view): + if request.data.get("product") is not None: + return check_post_permission( + request, Cred_Mapping, "product", Permissions.Credential_Add + ) + if request.data.get("engagement") is not None: + return check_post_permission( + request, Cred_Mapping, "engagement", Permissions.Credential_Add + ) + if request.data.get("test") is not None: + return check_post_permission( + request, Cred_Mapping, "test", Permissions.Credential_Add + ) + if request.data.get("finding") is not None: + return check_post_permission( + request, Cred_Mapping, "finding", Permissions.Credential_Add + ) + return check_post_permission( + request, Cred_Mapping, "product", Permissions.Credential_Add + ) + + def has_object_permission(self, request, view, obj): + return check_object_permission( + request, + obj.product, + Permissions.Credential_View, + Permissions.Credential_Edit, + Permissions.Credential_Delete, + ) class UserHasDojoGroupPermission(permissions.BasePermission): def has_permission(self, request, view): - if request.method == 'GET': - return user_has_configuration_permission(request.user, 'auth.view_group', 'staff') - elif request.method == 'POST': - return user_has_configuration_permission(request.user, 'auth.create_group', 'staff') + if request.method == "GET": + return user_has_configuration_permission( + request.user, "auth.view_group" + ) + elif request.method == "POST": + return user_has_configuration_permission( + request.user, "auth.add_group" + ) else: return True def has_object_permission(self, request, view, obj): - if request.method == 'GET': + if request.method == "GET": # Users need to be authorized to view groups in general and only the groups they are a member of - # because with the group they can see user information that might be considered as confidential - return user_has_configuration_permission(request.user, 'auth.view_group', 'staff') and user_has_permission(request.user, obj, Permissions.Group_View) + # because with the group they can see user information that might + # be considered as confidential + return user_has_configuration_permission( + request.user, "auth.view_group" + ) and user_has_permission( + request.user, obj, Permissions.Group_View + ) else: - return check_object_permission(request, obj, Permissions.Group_View, Permissions.Group_Edit, Permissions.Group_Delete) + return check_object_permission( + request, + obj, + Permissions.Group_View, + Permissions.Group_Edit, + Permissions.Group_Delete, + ) class UserHasDojoGroupMemberPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Dojo_Group, 'group', Permissions.Group_Manage_Members) + return check_post_permission( + request, Dojo_Group, "group", Permissions.Group_Manage_Members + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Group_View, Permissions.Group_Manage_Members, Permissions.Group_Member_Delete) + return check_object_permission( + request, + obj, + Permissions.Group_View, + Permissions.Group_Manage_Members, + Permissions.Group_Member_Delete, + ) class UserHasDojoMetaPermission(permissions.BasePermission): def has_permission(self, request, view): - if request.method == 'POST': + if request.method == "POST": has_permission_result = True - product_id = request.data.get('product', None) + product_id = request.data.get("product", None) if product_id: object = get_object_or_404(Product, pk=product_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Product_Edit) - finding_id = request.data.get('finding', None) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Product_Edit + ) + ) + finding_id = request.data.get("finding", None) if finding_id: object = get_object_or_404(Finding, pk=finding_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Finding_Edit) - endpoint_id = request.data.get('endpoint', None) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Finding_Edit + ) + ) + endpoint_id = request.data.get("endpoint", None) if endpoint_id: object = get_object_or_404(Endpoint, pk=endpoint_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Endpoint_Edit) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Endpoint_Edit + ) + ) return has_permission_result else: return True @@ -96,91 +206,222 @@ def has_object_permission(self, request, view, obj): has_permission_result = True product = obj.product if product: - has_permission_result = has_permission_result and \ - check_object_permission(request, product, Permissions.Product_View, Permissions.Product_Edit, Permissions.Product_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) + ) finding = obj.finding if finding: - has_permission_result = has_permission_result and \ - check_object_permission(request, finding, Permissions.Finding_View, Permissions.Finding_Edit, Permissions.Finding_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + finding, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + ) + ) endpoint = obj.endpoint if endpoint: - has_permission_result = has_permission_result and \ - check_object_permission(request, endpoint, Permissions.Endpoint_View, Permissions.Endpoint_Edit, Permissions.Endpoint_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + endpoint, + Permissions.Endpoint_View, + Permissions.Endpoint_Edit, + Permissions.Endpoint_Edit, + ) + ) return has_permission_result class UserHasToolProductSettingsPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Product_Edit) + return check_post_permission( + request, Product, "product", Permissions.Product_Edit + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj.product, Permissions.Product_View, Permissions.Product_Edit, Permissions.Product_Edit) + return check_object_permission( + request, + obj.product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) class UserHasEndpointPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Endpoint_Add) + return check_post_permission( + request, Product, "product", Permissions.Endpoint_Add + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Endpoint_View, Permissions.Endpoint_Edit, Permissions.Endpoint_Delete) + return check_object_permission( + request, + obj, + Permissions.Endpoint_View, + Permissions.Endpoint_Edit, + Permissions.Endpoint_Delete, + ) class UserHasEndpointStatusPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Endpoint, 'endpoint', Permissions.Endpoint_Edit) + return check_post_permission( + request, Endpoint, "endpoint", Permissions.Endpoint_Edit + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj.endpoint, Permissions.Endpoint_View, Permissions.Endpoint_Edit, Permissions.Endpoint_Edit) + return check_object_permission( + request, + obj.endpoint, + Permissions.Endpoint_View, + Permissions.Endpoint_Edit, + Permissions.Endpoint_Edit, + ) class UserHasEngagementPermission(permissions.BasePermission): # Permission checks for related objects (like notes or metadata) can be moved # into a seperate class, when the legacy authorization will be removed. - path_engagement_post = re.compile(r'^/api/v2/engagements/$') - path_engagement = re.compile(r'^/api/v2/engagements/\d+/$') + path_engagement_post = re.compile(r"^/api/v2/engagements/$") + path_engagement = re.compile(r"^/api/v2/engagements/\d+/$") def has_permission(self, request, view): - if UserHasEngagementPermission.path_engagement_post.match(request.path) or \ - UserHasEngagementPermission.path_engagement.match(request.path): - return check_post_permission(request, Product, 'product', Permissions.Engagement_Add) + if UserHasEngagementPermission.path_engagement_post.match( + request.path + ) or UserHasEngagementPermission.path_engagement.match(request.path): + return check_post_permission( + request, Product, "product", Permissions.Engagement_Add + ) else: # related object only need object permission return True def has_object_permission(self, request, view, obj): - if UserHasEngagementPermission.path_engagement_post.match(request.path) or \ - UserHasEngagementPermission.path_engagement.match(request.path): - return check_object_permission(request, obj, Permissions.Engagement_View, Permissions.Engagement_Edit, Permissions.Engagement_Delete) + if UserHasEngagementPermission.path_engagement_post.match( + request.path + ) or UserHasEngagementPermission.path_engagement.match(request.path): + return check_object_permission( + request, + obj, + Permissions.Engagement_View, + Permissions.Engagement_Edit, + Permissions.Engagement_Delete, + ) else: - return check_object_permission(request, obj, Permissions.Engagement_View, Permissions.Engagement_Edit, Permissions.Engagement_Edit, Permissions.Engagement_Edit) + return check_object_permission( + request, + obj, + Permissions.Engagement_View, + Permissions.Engagement_Edit, + Permissions.Engagement_Edit, + Permissions.Engagement_Edit, + ) + + +class UserHasRiskAcceptancePermission(permissions.BasePermission): + # Permission checks for related objects (like notes or metadata) can be moved + # into a seperate class, when the legacy authorization will be removed. + path_risk_acceptance_post = re.compile(r"^/api/v2/risk_acceptances/$") + path_risk_acceptance = re.compile(r"^/api/v2/risk_acceptances/\d+/$") + + def has_permission(self, request, view): + if UserHasRiskAcceptancePermission.path_risk_acceptance_post.match( + request.path + ) or UserHasRiskAcceptancePermission.path_risk_acceptance.match( + request.path + ): + return check_post_permission( + request, Product, "product", Permissions.Risk_Acceptance + ) + else: + # related object only need object permission + return True + + def has_object_permission(self, request, view, obj): + if UserHasRiskAcceptancePermission.path_risk_acceptance_post.match( + request.path + ) or UserHasRiskAcceptancePermission.path_risk_acceptance.match( + request.path + ): + return check_object_permission( + request, + obj, + Permissions.Risk_Acceptance, + Permissions.Risk_Acceptance, + Permissions.Risk_Acceptance, + ) + else: + return check_object_permission( + request, + obj, + Permissions.Risk_Acceptance, + Permissions.Risk_Acceptance, + Permissions.Risk_Acceptance, + Permissions.Risk_Acceptance, + ) class UserHasFindingPermission(permissions.BasePermission): # Permission checks for related objects (like notes or metadata) can be moved # into a seperate class, when the legacy authorization will be removed. - path_finding_post = re.compile(r'^/api/v2/findings/$') - path_finding = re.compile(r'^/api/v2/findings/\d+/$') - path_stub_finding_post = re.compile(r'^/api/v2/stub_findings/$') - path_stub_finding = re.compile(r'^/api/v2/stub_findings/\d+/$') + path_finding_post = re.compile(r"^/api/v2/findings/$") + path_finding = re.compile(r"^/api/v2/findings/\d+/$") + path_stub_finding_post = re.compile(r"^/api/v2/stub_findings/$") + path_stub_finding = re.compile(r"^/api/v2/stub_findings/\d+/$") def has_permission(self, request, view): - if UserHasFindingPermission.path_finding_post.match(request.path) or \ - UserHasFindingPermission.path_finding.match(request.path) or \ - UserHasFindingPermission.path_stub_finding_post.match(request.path) or \ - UserHasFindingPermission.path_stub_finding.match(request.path): - return check_post_permission(request, Test, 'test', Permissions.Finding_Add) + if ( + UserHasFindingPermission.path_finding_post.match(request.path) + or UserHasFindingPermission.path_finding.match(request.path) + or UserHasFindingPermission.path_stub_finding_post.match( + request.path + ) + or UserHasFindingPermission.path_stub_finding.match(request.path) + ): + return check_post_permission( + request, Test, "test", Permissions.Finding_Add + ) else: # related object only need object permission return True def has_object_permission(self, request, view, obj): - if UserHasFindingPermission.path_finding_post.match(request.path) or \ - UserHasFindingPermission.path_finding.match(request.path) or \ - UserHasFindingPermission.path_stub_finding_post.match(request.path) or \ - UserHasFindingPermission.path_stub_finding.match(request.path): - return check_object_permission(request, obj, Permissions.Finding_View, Permissions.Finding_Edit, Permissions.Finding_Delete) + if ( + UserHasFindingPermission.path_finding_post.match(request.path) + or UserHasFindingPermission.path_finding.match(request.path) + or UserHasFindingPermission.path_stub_finding_post.match( + request.path + ) + or UserHasFindingPermission.path_stub_finding.match(request.path) + ): + return check_object_permission( + request, + obj, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Delete, + ) else: - return check_object_permission(request, obj, Permissions.Finding_View, Permissions.Finding_Edit, Permissions.Finding_Edit, Permissions.Finding_Edit) + return check_object_permission( + request, + obj, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + ) class UserHasImportPermission(permissions.BasePermission): @@ -188,25 +429,60 @@ def has_permission(self, request, view): # permission check takes place before validation, so we don't have access to serializer.validated_data() # and we have to validate ourselves unfortunately - _, _, _, engagement_id, engagement_name, product_name, product_type_name, auto_create_context = get_import_meta_data_from_dict(request.data) + ( + _, + _, + _, + engagement_id, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = get_import_meta_data_from_dict(request.data) product_type = get_target_product_type_if_exists(product_type_name) product = get_target_product_if_exists(product_name, product_type_name) - engagement = get_target_engagement_if_exists(engagement_id, engagement_name, product) + engagement = get_target_engagement_if_exists( + engagement_id, engagement_name, product + ) if engagement: # existing engagement, nothing special to check - return user_has_permission(request.user, engagement, Permissions.Import_Scan_Result) + return user_has_permission( + request.user, engagement, Permissions.Import_Scan_Result + ) elif engagement_id: # engagement_id doesn't exist - raise serializers.ValidationError("Engagement '%s' doesn''t exist" % engagement_id) + raise serializers.ValidationError( + "Engagement '%s' doesn''t exist" % engagement_id + ) if not auto_create_context: - raise_no_auto_create_import_validation_error(None, None, engagement_name, product_name, product_type_name, engagement, product, product_type, - "Need engagement_id or product_name + engagement_name to perform import") + raise_no_auto_create_import_validation_error( + None, + None, + engagement_name, + product_name, + product_type_name, + engagement, + product, + product_type, + "Need engagement_id or product_name + engagement_name to perform import", + ) else: - # the engagement doesn't exist, so we need to check if the user has requested and is allowed to use auto_create - return check_auto_create_permission(request.user, product, product_name, engagement, engagement_name, product_type, product_type_name, - "Need engagement_id or product_name + engagement_name to perform import") + # the engagement doesn't exist, so we need to check if the user has + # requested and is allowed to use auto_create + return check_auto_create_permission( + request.user, + product, + product_name, + engagement, + engagement_name, + product_type, + product_type_name, + "Need engagement_id or product_name + engagement_name to perform import", + ) class UserHasMetaImportPermission(permissions.BasePermission): @@ -214,7 +490,18 @@ def has_permission(self, request, view): # permission check takes place before validation, so we don't have access to serializer.validated_data() # and we have to validate ourselves unfortunately - _, _, _, _, _, product_name, _, _ = get_import_meta_data_from_dict(request.data) + ( + _, + _, + _, + _, + _, + product_name, + _, + _, + _, + _, + ) = get_import_meta_data_from_dict(request.data) product = get_target_product_if_exists(product_name) if not product: product_id = get_product_id_from_dict(request.data) @@ -222,63 +509,126 @@ def has_permission(self, request, view): if product: # existing product, nothing special to check - return user_has_permission(request.user, product, Permissions.Import_Scan_Result) + return user_has_permission( + request.user, product, Permissions.Import_Scan_Result + ) elif product_id: # product_id doesn't exist - raise serializers.ValidationError("product '%s' doesn''t exist" % product_id) + raise serializers.ValidationError( + "product '%s' doesn''t exist" % product_id + ) else: - raise serializers.ValidationError("Need product_id or product_name to perform import") + raise serializers.ValidationError( + "Need product_id or product_name to perform import" + ) class UserHasProductPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product_Type, 'prod_type', Permissions.Product_Type_Add_Product) + return check_post_permission( + request, + Product_Type, + "prod_type", + Permissions.Product_Type_Add_Product, + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_View, Permissions.Product_Edit, Permissions.Product_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Delete, + ) class UserHasProductMemberPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Product_Manage_Members) + return check_post_permission( + request, Product, "product", Permissions.Product_Manage_Members + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_View, Permissions.Product_Manage_Members, Permissions.Product_Member_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_View, + Permissions.Product_Manage_Members, + Permissions.Product_Member_Delete, + ) class UserHasProductGroupPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Product_Group_Add) + return check_post_permission( + request, Product, "product", Permissions.Product_Group_Add + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_Group_View, Permissions.Product_Group_Edit, Permissions.Product_Group_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_Group_View, + Permissions.Product_Group_Edit, + Permissions.Product_Group_Delete, + ) class UserHasProductTypePermission(permissions.BasePermission): def has_permission(self, request, view): - if request.method == 'POST': - return user_has_global_permission(request.user, Permissions.Product_Type_Add) + if request.method == "POST": + return user_has_global_permission( + request.user, Permissions.Product_Type_Add + ) else: return True def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_Type_View, Permissions.Product_Type_Edit, Permissions.Product_Type_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_Type_View, + Permissions.Product_Type_Edit, + Permissions.Product_Type_Delete, + ) class UserHasProductTypeMemberPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product_Type, 'product_type', Permissions.Product_Type_Manage_Members) + return check_post_permission( + request, + Product_Type, + "product_type", + Permissions.Product_Type_Manage_Members, + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_Type_View, Permissions.Product_Type_Manage_Members, Permissions.Product_Type_Member_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_Type_View, + Permissions.Product_Type_Manage_Members, + Permissions.Product_Type_Member_Delete, + ) class UserHasProductTypeGroupPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product_Type, 'product_type', Permissions.Product_Type_Group_Add) + return check_post_permission( + request, + Product_Type, + "product_type", + Permissions.Product_Type_Group_Add, + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_Type_Group_View, Permissions.Product_Type_Group_Edit, Permissions.Product_Type_Group_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_Type_Group_View, + Permissions.Product_Type_Group_Edit, + Permissions.Product_Type_Group_Delete, + ) class UserHasReimportPermission(permissions.BasePermission): @@ -286,89 +636,178 @@ def has_permission(self, request, view): # permission check takes place before validation, so we don't have access to serializer.validated_data() # and we have to validate ourselves unfortunately - test_id, test_title, scan_type, _, engagement_name, product_name, product_type_name, auto_create_context = get_import_meta_data_from_dict(request.data) + ( + test_id, + test_title, + scan_type, + _, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = get_import_meta_data_from_dict(request.data) product_type = get_target_product_type_if_exists(product_type_name) product = get_target_product_if_exists(product_name, product_type_name) - engagement = get_target_engagement_if_exists(None, engagement_name, product) - test = get_target_test_if_exists(test_id, test_title, scan_type, engagement) + engagement = get_target_engagement_if_exists( + None, engagement_name, product + ) + test = get_target_test_if_exists( + test_id, test_title, scan_type, engagement + ) if test: # existing test, nothing special to check - return user_has_permission(request.user, test, Permissions.Import_Scan_Result) + return user_has_permission( + request.user, test, Permissions.Import_Scan_Result + ) elif test_id: # test_id doesn't exist - raise serializers.ValidationError("Test '%s' doesn't exist" % test_id) + raise serializers.ValidationError( + "Test '%s' doesn't exist" % test_id + ) if not auto_create_context: - raise_no_auto_create_import_validation_error(test_title, scan_type, engagement_name, product_name, product_type_name, engagement, product, product_type, - "Need test_id or product_name + engagement_name + scan_type to perform reimport") + raise_no_auto_create_import_validation_error( + test_title, + scan_type, + engagement_name, + product_name, + product_type_name, + engagement, + product, + product_type, + "Need test_id or product_name + engagement_name + scan_type to perform reimport", + ) else: - # the test doesn't exist, so we need to check if the user has requested and is allowed to use auto_create - return check_auto_create_permission(request.user, product, product_name, engagement, engagement_name, product_type, product_type_name, - "Need test_id or product_name + engagement_name + scan_type to perform reimport") + # the test doesn't exist, so we need to check if the user has + # requested and is allowed to use auto_create + return check_auto_create_permission( + request.user, + product, + product_name, + engagement, + engagement_name, + product_type, + product_type_name, + "Need test_id or product_name + engagement_name + scan_type to perform reimport", + ) class UserHasTestPermission(permissions.BasePermission): # Permission checks for related objects (like notes or metadata) can be moved # into a seperate class, when the legacy authorization will be removed. - path_tests_post = re.compile(r'^/api/v2/tests/$') - path_tests = re.compile(r'^/api/v2/tests/\d+/$') + path_tests_post = re.compile(r"^/api/v2/tests/$") + path_tests = re.compile(r"^/api/v2/tests/\d+/$") def has_permission(self, request, view): - if UserHasTestPermission.path_tests_post.match(request.path) or \ - UserHasTestPermission.path_tests.match(request.path): - return check_post_permission(request, Engagement, 'engagement', Permissions.Test_Add) + if UserHasTestPermission.path_tests_post.match( + request.path + ) or UserHasTestPermission.path_tests.match(request.path): + return check_post_permission( + request, Engagement, "engagement", Permissions.Test_Add + ) else: # related object only need object permission return True def has_object_permission(self, request, view, obj): - if UserHasTestPermission.path_tests_post.match(request.path) or \ - UserHasTestPermission.path_tests.match(request.path): - return check_object_permission(request, obj, Permissions.Test_View, Permissions.Test_Edit, Permissions.Test_Delete) + if UserHasTestPermission.path_tests_post.match( + request.path + ) or UserHasTestPermission.path_tests.match(request.path): + return check_object_permission( + request, + obj, + Permissions.Test_View, + Permissions.Test_Edit, + Permissions.Test_Delete, + ) else: - return check_object_permission(request, obj, Permissions.Test_View, Permissions.Test_Edit, Permissions.Test_Edit, Permissions.Test_Edit) + return check_object_permission( + request, + obj, + Permissions.Test_View, + Permissions.Test_Edit, + Permissions.Test_Edit, + Permissions.Test_Edit, + ) class UserHasTestImportPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Test, 'test', Permissions.Test_Edit) + return check_post_permission( + request, Test, "test", Permissions.Test_Edit + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj.test, Permissions.Test_View, Permissions.Test_Edit, Permissions.Test_Delete) + return check_object_permission( + request, + obj.test, + Permissions.Test_View, + Permissions.Test_Edit, + Permissions.Test_Delete, + ) class UserHasLanguagePermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Language_Add) + return check_post_permission( + request, Product, "product", Permissions.Language_Add + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Language_View, Permissions.Language_Edit, Permissions.Language_Delete) + return check_object_permission( + request, + obj, + Permissions.Language_View, + Permissions.Language_Edit, + Permissions.Language_Delete, + ) class UserHasProductAPIScanConfigurationPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Product_API_Scan_Configuration_Add) + return check_post_permission( + request, + Product, + "product", + Permissions.Product_API_Scan_Configuration_Add, + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj, Permissions.Product_API_Scan_Configuration_View, Permissions.Product_API_Scan_Configuration_Edit, Permissions.Product_API_Scan_Configuration_Delete) + return check_object_permission( + request, + obj, + Permissions.Product_API_Scan_Configuration_View, + Permissions.Product_API_Scan_Configuration_Edit, + Permissions.Product_API_Scan_Configuration_Delete, + ) class UserHasJiraProductPermission(permissions.BasePermission): def has_permission(self, request, view): - if request.method == 'POST': + if request.method == "POST": has_permission_result = True - engagement_id = request.data.get('engagement', None) + engagement_id = request.data.get("engagement", None) if engagement_id: object = get_object_or_404(Engagement, pk=engagement_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Engagement_Edit) - product_id = request.data.get('product', None) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Engagement_Edit + ) + ) + product_id = request.data.get("product", None) if product_id: object = get_object_or_404(Product, pk=product_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Product_Edit) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Product_Edit + ) + ) return has_permission_result else: return True @@ -377,34 +816,62 @@ def has_object_permission(self, request, view, obj): has_permission_result = True engagement = obj.engagement if engagement: - has_permission_result = has_permission_result and \ - check_object_permission(request, engagement, Permissions.Engagement_View, Permissions.Engagement_Edit, Permissions.Engagement_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + engagement, + Permissions.Engagement_View, + Permissions.Engagement_Edit, + Permissions.Engagement_Edit, + ) + ) product = obj.product if product: - has_permission_result = has_permission_result and \ - check_object_permission(request, product, Permissions.Product_View, Permissions.Product_Edit, Permissions.Product_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) + ) return has_permission_result class UserHasJiraIssuePermission(permissions.BasePermission): def has_permission(self, request, view): - if request.method == 'POST': + if request.method == "POST": has_permission_result = True - engagement_id = request.data.get('engagement', None) + engagement_id = request.data.get("engagement", None) if engagement_id: object = get_object_or_404(Engagement, pk=engagement_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Engagement_Edit) - finding_id = request.data.get('finding', None) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Engagement_Edit + ) + ) + finding_id = request.data.get("finding", None) if finding_id: object = get_object_or_404(Finding, pk=finding_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Finding_Edit) - finding_group_id = request.data.get('finding_group', None) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Finding_Edit + ) + ) + finding_group_id = request.data.get("finding_group", None) if finding_group_id: object = get_object_or_404(Finding_Group, pk=finding_group_id) - has_permission_result = has_permission_result and \ - user_has_permission(request.user, object, Permissions.Finding_Group_Edit) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, object, Permissions.Finding_Group_Edit + ) + ) return has_permission_result else: return True @@ -413,16 +880,40 @@ def has_object_permission(self, request, view, obj): has_permission_result = True engagement = obj.engagement if engagement: - has_permission_result = has_permission_result and \ - check_object_permission(request, engagement, Permissions.Engagement_View, Permissions.Engagement_Edit, Permissions.Engagement_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + engagement, + Permissions.Engagement_View, + Permissions.Engagement_Edit, + Permissions.Engagement_Edit, + ) + ) finding = obj.finding if finding: - has_permission_result = has_permission_result and \ - check_object_permission(request, finding, Permissions.Finding_View, Permissions.Finding_Edit, Permissions.Finding_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + finding, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + ) + ) finding_group = obj.finding_group if finding_group: - has_permission_result = has_permission_result and \ - check_object_permission(request, finding_group, Permissions.Finding_Group_View, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Edit) + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + finding_group, + Permissions.Finding_Group_View, + Permissions.Finding_Group_Edit, + Permissions.Finding_Group_Edit, + ) + ) return has_permission_result @@ -433,13 +924,32 @@ def has_permission(self, request, view): class UserHasEngagementPresetPermission(permissions.BasePermission): def has_permission(self, request, view): - return check_post_permission(request, Product, 'product', Permissions.Product_Edit) + return check_post_permission( + request, Product, "product", Permissions.Product_Edit + ) def has_object_permission(self, request, view, obj): - return check_object_permission(request, obj.product, Permissions.Product_View, Permissions.Product_Edit, Permissions.Product_Edit, Permissions.Product_Edit) - - -def raise_no_auto_create_import_validation_error(test_title, scan_type, engagement_name, product_name, product_type_name, engagement, product, product_type, error_message): + return check_object_permission( + request, + obj.product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) + + +def raise_no_auto_create_import_validation_error( + test_title, + scan_type, + engagement_name, + product_name, + product_type_name, + engagement, + product, + product_type, + error_message, +): # check for mandatory fields first if not product_name: raise ValidationError("product_name parameter missing") @@ -448,28 +958,53 @@ def raise_no_auto_create_import_validation_error(test_title, scan_type, engageme raise ValidationError("engagement_name parameter missing") if product_type_name and not product_type: - raise serializers.ValidationError("Product Type '%s' doesn't exist" % (product_type_name)) + raise serializers.ValidationError( + "Product Type '%s' doesn't exist" % (product_type_name) + ) if product_name and not product: if product_type_name: - raise serializers.ValidationError("Product '%s' doesn't exist in Product_Type '%s'" % (product_name, product_type_name)) + raise serializers.ValidationError( + "Product '%s' doesn't exist in Product_Type '%s'" + % (product_name, product_type_name) + ) else: - raise serializers.ValidationError("Product '%s' doesn't exist" % product_name) + raise serializers.ValidationError( + "Product '%s' doesn't exist" % product_name + ) if engagement_name and not engagement: - raise serializers.ValidationError("Engagement '%s' doesn't exist in Product '%s'" % (engagement_name, product_name)) + raise serializers.ValidationError( + "Engagement '%s' doesn't exist in Product '%s'" + % (engagement_name, product_name) + ) # these are only set for reimport if test_title: - raise serializers.ValidationError("Test '%s' with scan_type '%s' doesn't exist in Engagement '%s'" % (test_title, scan_type, engagement_name)) + raise serializers.ValidationError( + "Test '%s' with scan_type '%s' doesn't exist in Engagement '%s'" + % (test_title, scan_type, engagement_name) + ) if scan_type: - raise serializers.ValidationError("Test with scan_type '%s' doesn't exist in Engagement '%s'" % (scan_type, engagement_name)) + raise serializers.ValidationError( + "Test with scan_type '%s' doesn't exist in Engagement '%s'" + % (scan_type, engagement_name) + ) raise ValidationError(error_message) -def check_auto_create_permission(user, product, product_name, engagement, engagement_name, product_type, product_type_name, error_message): +def check_auto_create_permission( + user, + product, + product_name, + engagement, + engagement_name, + product_type, + product_type_name, + error_message, +): """ For an existing engagement, to be allowed to import a scan, the following must all be True: - User must have Import_Scan_Result permission for this Engagement @@ -493,30 +1028,54 @@ def check_auto_create_permission(user, product, product_name, engagement, engage if engagement: # existing engagement, nothing special to check - return user_has_permission(user, engagement, Permissions.Import_Scan_Result) + return user_has_permission( + user, engagement, Permissions.Import_Scan_Result + ) if product and product_name and engagement_name: if not user_has_permission(user, product, Permissions.Engagement_Add): - raise PermissionDenied("No permission to create engagements in product '%s'", product_name) - - if not user_has_permission(user, product, Permissions.Import_Scan_Result): - raise PermissionDenied("No permission to import scans into product '%s'", product_name) + raise PermissionDenied( + "No permission to create engagements in product '%s'" + % product_name + ) + + if not user_has_permission( + user, product, Permissions.Import_Scan_Result + ): + raise PermissionDenied( + "No permission to import scans into product '%s'" + % product_name + ) # all good return True if not product and product_name: if not product_type_name: - raise serializers.ValidationError("Product '%s' doesn't exist and no product_type_name provided to create the new product in" % product_name) + raise serializers.ValidationError( + "Product '%s' doesn't exist and no product_type_name provided to create the new product in" + % product_name + ) if not product_type: - if not user_has_global_permission(user, Permissions.Product_Type_Add): - raise PermissionDenied("No permission to create product_type '%s'", product_type_name) - # new product type can be created with current user as owner, so all objects in it can be created as well + if not user_has_global_permission( + user, Permissions.Product_Type_Add + ): + raise PermissionDenied( + "No permission to create product_type '%s'" + % product_type_name + ) + # new product type can be created with current user as owner, so + # all objects in it can be created as well return True else: - if not user_has_permission(user, product_type, Permissions.Product_Type_Add_Product): - raise PermissionDenied("No permission to create products in product_type '%s'", product_type) + if not user_has_permission( + user, product_type, Permissions.Product_Type_Add_Product + ): + raise PermissionDenied( + "No permission to create products in product_type '%s'" + % product_type + ) # product can be created, so objects in it can be created as well return True @@ -525,20 +1084,34 @@ def check_auto_create_permission(user, product, product_name, engagement, engage class UserHasConfigurationPermissionStaff(permissions.DjangoModelPermissions): + # Override map to also provide 'view' permissions + perms_map = { + "GET": ["%(app_label)s.view_%(model_name)s"], + "OPTIONS": [], + "HEAD": [], + "POST": ["%(app_label)s.add_%(model_name)s"], + "PUT": ["%(app_label)s.change_%(model_name)s"], + "PATCH": ["%(app_label)s.change_%(model_name)s"], + "DELETE": ["%(app_label)s.delete_%(model_name)s"], + } + + def has_permission(self, request, view): + return super().has_permission(request, view) + +class UserHasConfigurationPermissionSuperuser( + permissions.DjangoModelPermissions +): # Override map to also provide 'view' permissions perms_map = { - 'GET': ['%(app_label)s.view_%(model_name)s'], - 'OPTIONS': [], - 'HEAD': [], - 'POST': ['%(app_label)s.add_%(model_name)s'], - 'PUT': ['%(app_label)s.change_%(model_name)s'], - 'PATCH': ['%(app_label)s.change_%(model_name)s'], - 'DELETE': ['%(app_label)s.delete_%(model_name)s'], + "GET": ["%(app_label)s.view_%(model_name)s"], + "OPTIONS": [], + "HEAD": [], + "POST": ["%(app_label)s.add_%(model_name)s"], + "PUT": ["%(app_label)s.change_%(model_name)s"], + "PATCH": ["%(app_label)s.change_%(model_name)s"], + "DELETE": ["%(app_label)s.delete_%(model_name)s"], } def has_permission(self, request, view): - if settings.FEATURE_CONFIGURATION_AUTHORIZATION: - return super().has_permission(request, view) - else: - return request.user.is_staff + return super().has_permission(request, view) diff --git a/dojo/api_v2/prefetch/__init__.py b/dojo/api_v2/prefetch/__init__.py index 6a4a3384843..f0449c7b303 100644 --- a/dojo/api_v2/prefetch/__init__.py +++ b/dojo/api_v2/prefetch/__init__.py @@ -1,4 +1,4 @@ from .mixins import PrefetchListMixin, PrefetchRetrieveMixin from .schema import get_prefetch_schema -__all__ = ['PrefetchListMixin', 'PrefetchRetrieveMixin', 'get_prefetch_schema'] +__all__ = ["PrefetchListMixin", "PrefetchRetrieveMixin", "get_prefetch_schema"] diff --git a/dojo/api_v2/prefetch/mixins.py b/dojo/api_v2/prefetch/mixins.py index 198c52994df..b43a44c7d7c 100644 --- a/dojo/api_v2/prefetch/mixins.py +++ b/dojo/api_v2/prefetch/mixins.py @@ -8,7 +8,8 @@ def list(self, request, *args, **kwargs): prefetch_params = request.GET.get("prefetch", "").split(",") prefetcher = _Prefetcher() - # Apply the same operations as the standard list method defined in the django rest framework + # Apply the same operations as the standard list method defined in the + # django rest framework queryset = self.filter_queryset(self.get_queryset()) queryset = self.paginate_queryset(queryset) diff --git a/dojo/api_v2/prefetch/prefetcher.py b/dojo/api_v2/prefetch/prefetcher.py index 9da142a9711..5d228165f59 100644 --- a/dojo/api_v2/prefetch/prefetcher.py +++ b/dojo/api_v2/prefetch/prefetcher.py @@ -7,7 +7,7 @@ SERIALIZER_DEFS_MODULE = "dojo.api_v2.serializers" -class _Prefetcher(): +class _Prefetcher: @staticmethod def _build_serializers(): """Returns a map model -> serializer where model is a django model and serializer is the corresponding @@ -16,13 +16,16 @@ def _build_serializers(): Returns: dict[model, serializer]: map of model to their serializer """ + def _is_model_serializer(obj): return inspect.isclass(obj) and issubclass(obj, ModelSerializer) serializers = dict() # We process all the serializers found in the module SERIALIZER_DEFS_MODULE. We restrict the scope to avoid # processing all the classes in the symbol table - available_serializers = inspect.getmembers(sys.modules[SERIALIZER_DEFS_MODULE], _is_model_serializer) + available_serializers = inspect.getmembers( + sys.modules[SERIALIZER_DEFS_MODULE], _is_model_serializer + ) for _, serializer in available_serializers: model = serializer.Meta.model @@ -80,9 +83,13 @@ def _prefetch(self, entry, fields_to_fetch): # Check if the field represents a many-to-many relationship as we need to instantiate # the serializer accordingly many = utils._is_many_to_many_relation(field_meta) - field_data = extra_serializer(many=many).to_representation(field_value) + field_data = extra_serializer(many=many).to_representation( + field_value + ) # For convenience in processing we store the field data in a list - field_data_list = field_data if type(field_data) is list else [field_data] + field_data_list = ( + field_data if isinstance(field_data, list) else [field_data] + ) if field_to_fetch not in self._prefetch_data: self._prefetch_data[field_to_fetch] = dict() diff --git a/dojo/api_v2/prefetch/schema.py b/dojo/api_v2/prefetch/schema.py index 568e45398b5..6d04e751800 100644 --- a/dojo/api_v2/prefetch/schema.py +++ b/dojo/api_v2/prefetch/schema.py @@ -6,47 +6,99 @@ def get_prefetch_schema(methods, serializer): - """ Swagger / OpenAPI v2 (drf-yasg) Return a composable swagger schema that contains in the query the fields that can be prefetch from the model - supported by the serializer and in the reponse the structure of these fields in a new top-level attribute - named prefetch. + """Swagger / OpenAPI v2 (drf-yasg) Return a composable swagger schema that contains in the query the fields that can be prefetch from the model + supported by the serializer and in the reponse the structure of these fields in a new top-level attribute + named prefetch. - Returns: - ComposableSchema: A swagger schema + Returns: + ComposableSchema: A swagger schema """ prefetcher = _Prefetcher() fields = _get_prefetchable_fields(serializer()) - field_to_serializer = dict([(name, prefetcher._find_serializer(field_type)) for name, field_type in fields if prefetcher._find_serializer(field_type)]) - fields_to_refname = dict([(name, utils.get_serializer_ref_name(serializer())) for name, serializer in field_to_serializer.items()]) - fields_name = [name for name, field_type in fields if prefetcher._find_serializer(field_type)] + field_to_serializer = dict( + [ + (name, prefetcher._find_serializer(field_type)) + for name, field_type in fields + if prefetcher._find_serializer(field_type) + ] + ) + fields_to_refname = dict( + [ + (name, utils.get_serializer_ref_name(serializer())) + for name, serializer in field_to_serializer.items() + ] + ) + fields_name = [ + name + for name, field_type in fields + if prefetcher._find_serializer(field_type) + ] # New openapi parameter corresponding to the prefetchable fields - prefetch_params = [openapi.Parameter("prefetch", in_=openapi.IN_QUERY, required=False, type=openapi.TYPE_ARRAY, items=openapi.Items(type=openapi.TYPE_STRING, enum=fields_name))] - - additional_props = dict([(name, openapi.Schema(type=openapi.TYPE_OBJECT, read_only=True, additional_properties=LazySchemaRef(fields_to_refname[name], True))) for name in fields_name]) - prefetch_response = {"200": {"prefetch": openapi.Schema(type=openapi.TYPE_OBJECT, properties=additional_props)}} + prefetch_params = [ + openapi.Parameter( + "prefetch", + in_=openapi.IN_QUERY, + required=False, + type=openapi.TYPE_ARRAY, + items=openapi.Items(type=openapi.TYPE_STRING, enum=fields_name), + ) + ] + + additional_props = dict( + [ + ( + name, + openapi.Schema( + type=openapi.TYPE_OBJECT, + read_only=True, + additional_properties=LazySchemaRef( + fields_to_refname[name], True + ), + ), + ) + for name in fields_name + ] + ) + prefetch_response = { + "200": { + "prefetch": openapi.Schema( + type=openapi.TYPE_OBJECT, properties=additional_props + ) + } + } schema = extra_schema.IdentitySchema() for method in methods: - schema = schema.composeWith(extra_schema.ExtraParameters(method, prefetch_params)) - schema = schema.composeWith(extra_schema.ExtraResponseField(method, prefetch_response)) + schema = schema.composeWith( + extra_schema.ExtraParameters(method, prefetch_params) + ) + schema = schema.composeWith( + extra_schema.ExtraResponseField(method, prefetch_response) + ) return schema def _get_path_to_GET_serializer_map(generator): path_to_GET_serializer = dict() - for path, path_pattern, method, view in generator._get_paths_and_endpoints(): + for ( + path, + path_pattern, + method, + view, + ) in generator._get_paths_and_endpoints(): # print(path, path_pattern, method, view) - if method == 'GET': - if hasattr(view, 'get_serializer_class'): + if method == "GET": + if hasattr(view, "get_serializer_class"): path_to_GET_serializer[path] = view.get_serializer_class() return path_to_GET_serializer def prefetch_postprocessing_hook(result, generator, request, public): - """ OpenAPI v3 (drf-spectacular) Some endpoints are using the PrefetchListMixin and PrefetchRetrieveMixin. + """OpenAPI v3 (drf-spectacular) Some endpoints are using the PrefetchListMixin and PrefetchRetrieveMixin. These have nothing to do with Django prefetch_related. The endpoints have an @extend_schema configured with an extra parameter 'prefetch' This parameter contains an array of relations to prefetch. These prefetched models @@ -56,30 +108,78 @@ def prefetch_postprocessing_hook(result, generator, request, public): serializer_classes = _get_path_to_GET_serializer_map(generator) - paths = result.get('paths', {}) + paths = result.get("paths", {}) for path in paths: - if 'get' in paths[path] and 'parameters' in paths[path]['get']: - for parameter in paths[path]['get']['parameters']: - if parameter['name'] == 'prefetch': + if "get" in paths[path] and "parameters" in paths[path]["get"]: + for parameter in paths[path]["get"]["parameters"]: + if parameter["name"] == "prefetch": prefetcher = _Prefetcher() - fields = _get_prefetchable_fields(serializer_classes[path]()) + fields = _get_prefetchable_fields( + serializer_classes[path]() + ) - field_names = [name for name, field_type in fields if prefetcher._find_serializer(field_type)] + field_names = [ + name + for name, field_type in fields + if prefetcher._find_serializer(field_type) + ] - parameter['schema']['type'] = 'array' - parameter['schema']['items'] = { - 'type': "string", - 'enum': field_names + parameter["schema"]["type"] = "array" + parameter["schema"]["items"] = { + "type": "string", + "enum": field_names, } - field_to_serializer = dict([(name, prefetcher._find_serializer(field_type)) for name, field_type in fields if prefetcher._find_serializer(field_type)]) - fields_to_refname = dict([(name, utils.get_serializer_ref_name(serializer())) - for name, serializer in field_to_serializer.items()]) - properties = dict([(name, dict([("type", "object"), ("readOnly", True), ("additionalProperties", dict([("$ref", "#/components/schemas/" + fields_to_refname[name])]))])) - for name in field_names]) - ref = paths[path]['get']['responses']['200']['content']['application/json']['schema']['$ref'] - component_name = ref.split('/')[-1] - result['components']['schemas'][component_name]['properties']['prefetch'] = dict([("type", "object"), ("properties", properties)]) + field_to_serializer = dict( + [ + (name, prefetcher._find_serializer(field_type)) + for name, field_type in fields + if prefetcher._find_serializer(field_type) + ] + ) + fields_to_refname = dict( + [ + (name, utils.get_serializer_ref_name(serializer())) + for name, serializer in field_to_serializer.items() + ] + ) + properties = dict( + [ + ( + name, + dict( + [ + ("type", "object"), + ("readOnly", True), + ( + "additionalProperties", + dict( + [ + ( + "$ref", + "#/components/schemas/" + + fields_to_refname[ + name + ], + ) + ] + ), + ), + ] + ), + ) + for name in field_names + ] + ) + ref = paths[path]["get"]["responses"]["200"]["content"][ + "application/json" + ]["schema"]["$ref"] + component_name = ref.split("/")[-1] + result["components"]["schemas"][component_name][ + "properties" + ]["prefetch"] = dict( + [("type", "object"), ("properties", properties)] + ) return result diff --git a/dojo/api_v2/prefetch/utils.py b/dojo/api_v2/prefetch/utils.py index f9b76c18f0e..833fe9ae6e4 100644 --- a/dojo/api_v2/prefetch/utils.py +++ b/dojo/api_v2/prefetch/utils.py @@ -36,8 +36,11 @@ def _get_prefetchable_fields(serializer): Args: serializer (Serializer): [description] """ + def _is_field_prefetchable(field): - return _is_one_to_one_relation(field) or _is_many_to_many_relation(field) + return _is_one_to_one_relation(field) or _is_many_to_many_relation( + field + ) meta = getattr(serializer, "Meta", None) if meta is None: @@ -52,7 +55,7 @@ def _is_field_prefetchable(field): field = getattr(model, field_name) if _is_field_prefetchable(field): # ManyToMany relationship can be reverse - if hasattr(field, 'reverse') and field.reverse: + if hasattr(field, "reverse") and field.reverse: fields.append((field_name, field.field.model)) else: fields.append((field_name, field.field.related_model)) diff --git a/dojo/api_v2/schema/__init__.py b/dojo/api_v2/schema/__init__.py index cd8ea5bb23e..6a69a167022 100644 --- a/dojo/api_v2/schema/__init__.py +++ b/dojo/api_v2/schema/__init__.py @@ -1,10 +1,17 @@ -from .extra_schema import IdentitySchema, ExtraParameters, ExtraResponseField, ComposableSchema +from .extra_schema import ( + IdentitySchema, + ExtraParameters, + ExtraResponseField, + ComposableSchema, +) from .utils import LazySchemaRef, try_apply, resolve_lazy_ref -__all__ = ['IdentitySchema', - 'ExtraParameters', - 'ExtraResponseField', - 'ComposableSchema', - 'LazySchemaRef', - 'try_apply', - 'resolve_lazy_ref'] +__all__ = [ + "IdentitySchema", + "ExtraParameters", + "ExtraResponseField", + "ComposableSchema", + "LazySchemaRef", + "try_apply", + "resolve_lazy_ref", +] diff --git a/dojo/api_v2/schema/extra_schema.py b/dojo/api_v2/schema/extra_schema.py index 3dc8e2ba4ac..86fd565e370 100644 --- a/dojo/api_v2/schema/extra_schema.py +++ b/dojo/api_v2/schema/extra_schema.py @@ -10,6 +10,7 @@ class ComposableSchema: yielding a new composable schema whose transformation is defined as the function composition of the transformation of the two source schema. """ + def transform_operation(self, operation, resolver): """Defines an operation transformation @@ -17,7 +18,6 @@ def transform_operation(self, operation, resolver): operation (Operation): the operation to transform resolver (Resolver): the schema refs resolver """ - pass def composeWith(self, schema): """Allow two schema to be composed into a new schema. @@ -36,7 +36,9 @@ def composeWith(self, schema): class _Wrapper(ComposableSchema): def transform_operation(self, operation, resolver): - return schema.transform_operation(op(operation, resolver), resolver) + return schema.transform_operation( + op(operation, resolver), resolver + ) return _Wrapper() @@ -66,8 +68,8 @@ def transform_operation(self, operation, resolver): class ExtraParameters(ComposableSchema): - """Define a schema that can add parameters to the operation - """ + """Define a schema that can add parameters to the operation""" + def __init__(self, operation_name, extra_parameters, *args, **kwargs): """Initialize the schema @@ -90,8 +92,8 @@ def transform_operation(self, operation, resolver): class ExtraResponseField(ComposableSchema): - """Define a schema that can add fields to the responses of the operation - """ + """Define a schema that can add fields to the responses of the operation""" + def __init__(self, operation_name, extra_fields, *args, **kwargs): """Initialize the schema @@ -123,10 +125,16 @@ def transform_operation(self, operation, resolver): for code, params in self._extra_fields.items(): if code in responses: original_schema = responses[code]["schema"] - schema = original_schema if type(original_schema) is Schema else resolve_ref(original_schema, resolver) + schema = ( + original_schema + if isinstance(original_schema, Schema) + else resolve_ref(original_schema, resolver) + ) schema = copy.deepcopy(schema) for name, param in params.items(): - schema["properties"][name] = resolve_lazy_ref(param, resolver) + schema["properties"][name] = resolve_lazy_ref( + param, resolver + ) responses[code]["schema"] = schema return operation diff --git a/dojo/api_v2/schema/utils.py b/dojo/api_v2/schema/utils.py index a036fa58281..1276202fc81 100644 --- a/dojo/api_v2/schema/utils.py +++ b/dojo/api_v2/schema/utils.py @@ -5,9 +5,12 @@ class LazySchemaRef: """Utility class to support SchemaRef definition without knowing the resolver. The reference can be evaluated later in the context of a swagger generator """ + def __init__(self, schema_name, ignore_unresolved=False): # Bind curried version of the SchemaRef init - self.schema_ref = lambda resolver: SchemaRef(resolver, schema_name, ignore_unresolved) + self.schema_ref = lambda resolver: SchemaRef( + resolver, schema_name, ignore_unresolved + ) def apply(self, resolver): """Resolve the LazySchemaRef with the given resolver @@ -31,7 +34,7 @@ def try_apply(obj, resolver): Returns: object: the original object if it was not resolve otherwise the resolved LazySchemaRef """ - if type(obj) is LazySchemaRef: + if isinstance(obj, LazySchemaRef): return obj.apply(resolver) else: return obj @@ -46,13 +49,15 @@ def resolve_lazy_ref(schema, resolver): Returns: object: the schema without LazySchemaRef """ - if type(schema) is not Schema: + if not isinstance(schema, Schema): return try_apply(schema, resolver) if "properties" in schema: for prop_name, prop in schema["properties"].items(): schema["properties"][prop_name] = resolve_lazy_ref(prop, resolver) if "additionalProperties" in schema: - schema["additionalProperties"] = resolve_lazy_ref(schema["additionalProperties"], resolver) + schema["additionalProperties"] = resolve_lazy_ref( + schema["additionalProperties"], resolver + ) return schema diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index fc9cbdd256d..5778f2147ca 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -1,3 +1,5 @@ +from dojo.group.utils import get_auth_group_name +from django.contrib.auth.models import Group from typing import List from drf_spectacular.utils import extend_schema_field from drf_yasg.utils import swagger_serializer_method @@ -5,39 +7,120 @@ from rest_framework.fields import DictField, MultipleChoiceField from datetime import datetime from dojo.endpoint.utils import endpoint_filter -from dojo.importers.reimporter.utils import get_or_create_engagement, get_target_engagement_if_exists, get_target_product_by_id_if_exists, \ - get_target_product_if_exists, get_target_test_if_exists -from dojo.models import IMPORT_ACTIONS, SEVERITIES, STATS_FIELDS, Dojo_User, Finding_Group, Product, Engagement, Test, Finding, \ - User, Stub_Finding, Risk_Acceptance, \ - Finding_Template, Test_Type, Development_Environment, NoteHistory, \ - JIRA_Issue, Tool_Product_Settings, Tool_Configuration, Tool_Type, \ - Product_Type, JIRA_Instance, Endpoint, JIRA_Project, \ - Notes, DojoMeta, Note_Type, App_Analysis, Endpoint_Status, \ - Sonarqube_Issue, Sonarqube_Issue_Transition, \ - Regulation, System_Settings, FileUpload, SEVERITY_CHOICES, Test_Import, \ - Test_Import_Finding_Action, Product_Type_Member, Product_Member, \ - Product_Group, Product_Type_Group, Dojo_Group, Role, Global_Role, Dojo_Group_Member, \ - Language_Type, Languages, Notifications, NOTIFICATION_CHOICES, Engagement_Presets, \ - Network_Locations, UserContactInfo, Product_API_Scan_Configuration - -from dojo.tools.factory import requires_file, get_choices_sorted, requires_tool_type +from dojo.importers.reimporter.utils import ( + get_or_create_engagement, + get_target_engagement_if_exists, + get_target_product_by_id_if_exists, + get_target_product_if_exists, + get_target_test_if_exists, +) +from dojo.models import ( + IMPORT_ACTIONS, + SEVERITIES, + SLA_Configuration, + STATS_FIELDS, + Dojo_User, + Finding_Group, + Product, + Engagement, + Test, + Finding, + User, + Stub_Finding, + Risk_Acceptance, + Finding_Template, + Test_Type, + Development_Environment, + NoteHistory, + JIRA_Issue, + Tool_Product_Settings, + Tool_Configuration, + Tool_Type, + Product_Type, + JIRA_Instance, + Endpoint, + JIRA_Project, + Cred_Mapping, + Notes, + DojoMeta, + Note_Type, + App_Analysis, + Endpoint_Status, + Cred_User, + Sonarqube_Issue, + Sonarqube_Issue_Transition, + Endpoint_Params, + Regulation, + System_Settings, + FileUpload, + SEVERITY_CHOICES, + Test_Import, + Test_Import_Finding_Action, + Product_Type_Member, + Product_Member, + Product_Group, + Product_Type_Group, + Dojo_Group, + Role, + Global_Role, + Dojo_Group_Member, + Language_Type, + Languages, + Notifications, + NOTIFICATION_CHOICES, + Engagement_Presets, + Network_Locations, + UserContactInfo, + Product_API_Scan_Configuration, + DEFAULT_NOTIFICATION, + Vulnerability_Id, + Vulnerability_Id_Template, + get_current_date, + Question, + TextQuestion, + ChoiceQuestion, + Answer, + TextAnswer, + ChoiceAnswer, + Engagement_Survey, + Answered_Survey, + General_Survey, + Check_List, + Announcement, +) + +from dojo.tools.factory import ( + requires_file, + get_choices_sorted, + requires_tool_type, +) from dojo.utils import is_scan_file_too_large from django.conf import settings from rest_framework import serializers from django.core.exceptions import ValidationError, PermissionDenied from django.contrib.auth.password_validation import validate_password +from django.contrib.auth.models import Permission from django.utils import timezone +from django.urls import reverse +from django.db.utils import IntegrityError import six -from django.utils.translation import ugettext_lazy as _ +from django.utils.translation import gettext_lazy as _ import json import dojo.jira_link.helper as jira_helper import logging import tagulous from dojo.endpoint.utils import endpoint_meta_import from dojo.importers.importer.importer import DojoDefaultImporter as Importer -from dojo.importers.reimporter.reimporter import DojoDefaultReImporter as ReImporter +from dojo.importers.reimporter.reimporter import ( + DojoDefaultReImporter as ReImporter, +) from dojo.authorization.authorization import user_has_permission from dojo.authorization.roles_permissions import Permissions +from dojo.finding.helper import ( + save_vulnerability_ids, + save_vulnerability_ids_template, +) +from dojo.user.utils import get_configuration_permissions_codenames logger = logging.getLogger(__name__) @@ -45,41 +128,56 @@ def get_import_meta_data_from_dict(data): - test_id = data.get('test', None) + test_id = data.get("test", None) if test_id: if isinstance(test_id, Test): test_id = test_id.id elif isinstance(test_id, str) and not test_id.isdigit(): - raise serializers.ValidationError('test must be an integer') + raise serializers.ValidationError("test must be an integer") - scan_type = data.get('scan_type', None) + scan_type = data.get("scan_type", None) - test_title = data.get('test_title', None) + test_title = data.get("test_title", None) - engagement_id = data.get('engagement', None) + engagement_id = data.get("engagement", None) if engagement_id: if isinstance(engagement_id, Engagement): engagement_id = engagement_id.id elif isinstance(engagement_id, str) and not engagement_id.isdigit(): - raise serializers.ValidationError('engagement must be an integer') + raise serializers.ValidationError("engagement must be an integer") - engagement_name = data.get('engagement_name', None) + engagement_name = data.get("engagement_name", None) - product_name = data.get('product_name', None) - product_type_name = data.get('product_type_name', None) + product_name = data.get("product_name", None) + product_type_name = data.get("product_type_name", None) - auto_create_context = data.get('auto_create_context', None) + auto_create_context = data.get("auto_create_context", None) - return test_id, test_title, scan_type, engagement_id, engagement_name, product_name, product_type_name, auto_create_context + deduplication_on_engagement = data.get( + "deduplication_on_engagement", False + ) + do_not_reactivate = data.get("do_not_reactivate", False) + return ( + test_id, + test_title, + scan_type, + engagement_id, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) def get_product_id_from_dict(data): - product_id = data.get('product', None) + product_id = data.get("product", None) if product_id: if isinstance(product_id, Product): product_id = product_id.id elif isinstance(product_id, str) and not product_id.isdigit(): - raise serializers.ValidationError('product must be an integer') + raise serializers.ValidationError("product must be an integer") return product_id @@ -96,31 +194,46 @@ def __init__(self, *args, **kwargs): for sev in SEVERITIES: self.fields[sev.lower()] = StatusStatisticsSerializer() - self.fields['total'] = StatusStatisticsSerializer() + self.fields["total"] = StatusStatisticsSerializer() class DeltaStatisticsSerializer(serializers.Serializer): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) for action in IMPORT_ACTIONS: - self.fields[action[1].lower()] = SeverityStatusStatisticsSerializer() + self.fields[ + action[1].lower() + ] = SeverityStatusStatisticsSerializer() class ImportStatisticsSerializer(serializers.Serializer): - before = SeverityStatusStatisticsSerializer(required=False, help_text="Finding statistics as stored in Defect Dojo before the import") - delta = DeltaStatisticsSerializer(required=False, help_text="Finding statistics of modifications made by the reimport. Only available when TRACK_IMPORT_HISTORY hass not disabled.") - after = SeverityStatusStatisticsSerializer(help_text="Finding statistics as stored in Defect Dojo after the import") + before = SeverityStatusStatisticsSerializer( + required=False, + help_text="Finding statistics as stored in Defect Dojo before the import", + ) + delta = DeltaStatisticsSerializer( + required=False, + help_text="Finding statistics of modifications made by the reimport. Only available when TRACK_IMPORT_HISTORY hass not disabled.", + ) + after = SeverityStatusStatisticsSerializer( + help_text="Finding statistics as stored in Defect Dojo after the import" + ) -@extend_schema_field(serializers.ListField(child=serializers.CharField())) # also takes basic python types +@extend_schema_field( + serializers.ListField(child=serializers.CharField()) +) # also takes basic python types class TagListSerializerField(serializers.ListField): child = serializers.CharField() default_error_messages = { - 'not_a_list': _( - 'Expected a list of items but got type "{input_type}".'), - 'invalid_json': _('Invalid json list. A tag list submitted in string' - ' form must be valid json.'), - 'not_a_str': _('All list items must be of string type.') + "not_a_list": _( + 'Expected a list of items but got type "{input_type}".' + ), + "invalid_json": _( + "Invalid json list. A tag list submitted in string" + " form must be valid json." + ), + "not_a_str": _("All list items must be of string type."), } order_by = None @@ -128,7 +241,7 @@ def __init__(self, **kwargs): pretty_print = kwargs.pop("pretty_print", True) style = kwargs.pop("style", {}) - kwargs["style"] = {'base_template': 'textarea.html'} + kwargs["style"] = {"base_template": "textarea.html"} kwargs["style"].update(style) super(TagListSerializerField, self).__init__(**kwargs) @@ -142,17 +255,17 @@ def to_internal_value(self, data): try: data = json.loads(data) except ValueError: - self.fail('invalid_json') + self.fail("invalid_json") - logger.debug('data as json: %s', data) + logger.debug("data as json: %s", data) if not isinstance(data, list): - self.fail('not_a_list', input_type=type(data).__name__) + self.fail("not_a_list", input_type=type(data).__name__) # data_safe = [] for s in data: if not isinstance(s, six.string_types): - self.fail('not_a_str') + self.fail("not_a_str") self.child.run_validation(s) @@ -171,13 +284,17 @@ def to_internal_value(self, data): def to_representation(self, value): if not isinstance(value, list): # we can't use isinstance because TagRelatedManager is non-existing class - # it cannot be imported or referenced, so we fallback to string comparison - if type(value).__name__ == 'TagRelatedManager': + # it cannot be imported or referenced, so we fallback to string + # comparison + if type(value).__name__ == "TagRelatedManager": value = value.get_tag_list() elif isinstance(value, str): value = tagulous.utils.parse_tags(value) else: - raise ValueError('unable to convert %s into list of tags' % type(value).__name__) + raise ValueError( + "unable to convert %s into list of tags" + % type(value).__name__ + ) return value @@ -193,7 +310,8 @@ def update(self, instance, validated_data): to_be_tagged, validated_data = self._pop_tags(validated_data) tag_object = super(TaggitSerializer, self).update( - instance, validated_data) + instance, validated_data + ) return self._save_tags(tag_object, to_be_tagged) @@ -237,7 +355,8 @@ def __getitem__(self, item): def __str__(self): if self.pretty_print: return json.dumps( - self, sort_keys=True, indent=4, separators=(',', ': ')) + self, sort_keys=True, indent=4, separators=(",", ": ") + ) else: return json.dumps(self) @@ -245,12 +364,17 @@ def __str__(self): class RequestResponseSerializerField(serializers.ListSerializer): child = DictField(child=serializers.CharField()) default_error_messages = { - 'not_a_list': _( - 'Expected a list of items but got type "{input_type}".'), - 'invalid_json': _('Invalid json list. A tag list submitted in string' - ' form must be valid json.'), - 'not_a_dict': _('All list items must be of dict type with keys \'request\' and \'response\''), - 'not_a_str': _('All values in the dict must be of string type.') + "not_a_list": _( + 'Expected a list of items but got type "{input_type}".' + ), + "invalid_json": _( + "Invalid json list. A tag list submitted in string" + " form must be valid json." + ), + "not_a_dict": _( + "All list items must be of dict type with keys 'request' and 'response'" + ), + "not_a_str": _("All values in the dict must be of string type."), } order_by = None @@ -258,7 +382,7 @@ def __init__(self, **kwargs): pretty_print = kwargs.pop("pretty_print", True) style = kwargs.pop("style", {}) - kwargs["style"] = {'base_template': 'textarea.html'} + kwargs["style"] = {"base_template": "textarea.html"} kwargs["style"].update(style) if "data" in kwargs: @@ -278,21 +402,21 @@ def to_internal_value(self, data): try: data = json.loads(data) except ValueError: - self.fail('invalid_json') + self.fail("invalid_json") if not isinstance(data, list): - self.fail('not_a_list', input_type=type(data).__name__) + self.fail("not_a_list", input_type=type(data).__name__) for s in data: if not isinstance(s, dict): - self.fail('not_a_dict', input_type=type(s).__name__) + self.fail("not_a_dict", input_type=type(s).__name__) - request = s.get('request', None) - response = s.get('response', None) + request = s.get("request", None) + response = s.get("response", None) if not isinstance(request, str): - self.fail('not_a_str', input_type=type(request).__name__) + self.fail("not_a_str", input_type=type(request).__name__) if not isinstance(response, str): - self.fail('not_a_str', input_type=type(request).__name__) + self.fail("not_a_str", input_type=type(request).__name__) self.child.run_validation(s) return data @@ -305,7 +429,13 @@ def to_representation(self, value): burps = value.all().order_by(*self.order_by) else: burps = value.all() - value = [{'request': burp.get_request(), 'response': burp.get_response()} for burp in burps] + value = [ + { + "request": burp.get_request(), + "response": burp.get_response(), + } + for burp in burps + ] return value @@ -315,18 +445,24 @@ class BurpRawRequestResponseSerializer(serializers.Serializer): class MetaSerializer(serializers.ModelSerializer): - product = serializers.PrimaryKeyRelatedField(queryset=Product.objects.all(), - required=False, - default=None, - allow_null=True) - endpoint = serializers.PrimaryKeyRelatedField(queryset=Endpoint.objects.all(), - required=False, - default=None, - allow_null=True) - finding = serializers.PrimaryKeyRelatedField(queryset=Finding.objects.all(), - required=False, - default=None, - allow_null=True) + product = serializers.PrimaryKeyRelatedField( + queryset=Product.objects.all(), + required=False, + default=None, + allow_null=True, + ) + endpoint = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + allow_null=True, + ) + finding = serializers.PrimaryKeyRelatedField( + queryset=Finding.objects.all(), + required=False, + default=None, + allow_null=True, + ) def validate(self, data): DojoMeta(**data).clean() @@ -334,106 +470,313 @@ def validate(self, data): class Meta: model = DojoMeta - fields = '__all__' + fields = "__all__" class ProductMetaSerializer(serializers.ModelSerializer): class Meta: model = DojoMeta - fields = ('name', 'value') + fields = ("name", "value") class UserSerializer(serializers.ModelSerializer): last_login = serializers.DateTimeField(read_only=True) - password = serializers.CharField(write_only=True, style={'input_type': 'password'}, required=False, - validators=[validate_password]) + password = serializers.CharField( + write_only=True, + style={"input_type": "password"}, + required=False, + validators=[validate_password], + ) + configuration_permissions = serializers.PrimaryKeyRelatedField( + allow_null=True, + queryset=Permission.objects.filter( + codename__in=get_configuration_permissions_codenames() + ), + many=True, + required=False, + source="user_permissions", + ) class Meta: - model = User - fields = ('id', 'username', 'first_name', 'last_name', 'email', 'last_login', 'is_active', 'is_staff', 'is_superuser', 'password') + model = Dojo_User + fields = ( + "id", + "username", + "first_name", + "last_name", + "email", + "last_login", + "is_active", + "is_superuser", + "password", + "configuration_permissions", + ) + + def to_representation(self, instance): + ret = super().to_representation(instance) + + # This will show only "configuration_permissions" even if user has also + # other permissions + all_permissions = set(ret["configuration_permissions"]) + allowed_configuration_permissions = set( + self.fields[ + "configuration_permissions" + ].child_relation.queryset.values_list("id", flat=True) + ) + ret["configuration_permissions"] = list( + all_permissions.intersection(allowed_configuration_permissions) + ) + + return ret + + def update(self, instance, validated_data): + new_configuration_permissions = None + if ( + "user_permissions" in validated_data + ): # This field was renamed from "configuration_permissions" in the meantime + new_configuration_permissions = set( + validated_data.pop("user_permissions") + ) + + instance = super().update(instance, validated_data) + + # This will update only Permissions from category + # "configuration_permissions". Others will be untouched + if new_configuration_permissions: + allowed_configuration_permissions = set( + self.fields[ + "configuration_permissions" + ].child_relation.queryset.all() + ) + non_configuration_permissions = ( + set(instance.user_permissions.all()) + - allowed_configuration_permissions + ) + new_permissions = non_configuration_permissions.union( + new_configuration_permissions + ) + instance.user_permissions.set(new_permissions) + + return instance def create(self, validated_data): - if 'password' in validated_data: - password = validated_data.pop('password') + if "password" in validated_data: + password = validated_data.pop("password") else: password = None - user = User.objects.create(**validated_data) + + new_configuration_permissions = None + if ( + "user_permissions" in validated_data + ): # This field was renamed from "configuration_permissions" in the meantime + new_configuration_permissions = set( + validated_data.pop("user_permissions") + ) + + user = Dojo_User.objects.create(**validated_data) + if password: user.set_password(password) else: user.set_unusable_password() + + # This will create only Permissions from category + # "configuration_permissions". There are no other Permissions. + if new_configuration_permissions: + user.user_permissions.set(new_configuration_permissions) + user.save() return user def validate(self, data): - if self.context['request'].method in ['PATCH', 'PUT'] and 'password' in data: - raise ValidationError('Update of password though API is not allowed') + if self.instance is not None: + instance_is_superuser = self.instance.is_superuser + else: + instance_is_superuser = False + data_is_superuser = data.get("is_superuser", False) + if not self.context["request"].user.is_superuser and ( + instance_is_superuser or data_is_superuser + ): + raise ValidationError( + "Only superusers are allowed to add or edit superusers." + ) + + if ( + self.context["request"].method in ["PATCH", "PUT"] + and "password" in data + ): + raise ValidationError( + "Update of password though API is not allowed" + ) else: return super().validate(data) class UserContactInfoSerializer(serializers.ModelSerializer): - class Meta: model = UserContactInfo - fields = '__all__' + fields = "__all__" class UserStubSerializer(serializers.ModelSerializer): class Meta: - model = User - fields = ('id', 'username', 'first_name', 'last_name') + model = Dojo_User + fields = ("id", "username", "first_name", "last_name") class RoleSerializer(serializers.ModelSerializer): - class Meta: model = Role - fields = '__all__' + fields = "__all__" class DojoGroupSerializer(serializers.ModelSerializer): + configuration_permissions = serializers.PrimaryKeyRelatedField( + allow_null=True, + queryset=Permission.objects.filter( + codename__in=get_configuration_permissions_codenames() + ), + many=True, + required=False, + source="auth_group.permissions", + ) class Meta: model = Dojo_Group - exclude = ['auth_group'] + exclude = ("auth_group",) + + def to_representation(self, instance): + if not instance.auth_group: + auth_group = Group(name=get_auth_group_name(instance)) + auth_group.save() + instance.auth_group = auth_group + members = instance.users.all() + for member in members: + auth_group.user_set.add(member) + instance.save() + ret = super().to_representation(instance) + # This will show only "configuration_permissions" even if user has also + # other permissions + all_permissions = set(ret["configuration_permissions"]) + allowed_configuration_permissions = set( + self.fields[ + "configuration_permissions" + ].child_relation.queryset.values_list("id", flat=True) + ) + ret["configuration_permissions"] = list( + all_permissions.intersection(allowed_configuration_permissions) + ) + return ret + + def create(self, validated_data): + new_configuration_permissions = None + if ( + "auth_group" in validated_data + and "permissions" in validated_data["auth_group"] + ): # This field was renamed from "configuration_permissions" in the meantime + new_configuration_permissions = set( + validated_data.pop("auth_group")["permissions"] + ) + + instance = super().create(validated_data) + + # This will update only Permissions from category + # "configuration_permissions". There are no other Permissions. + if new_configuration_permissions: + instance.auth_group.permissions.set(new_configuration_permissions) + + return instance + + def update(self, instance, validated_data): + new_configuration_permissions = None + if ( + "auth_group" in validated_data + and "permissions" in validated_data["auth_group"] + ): # This field was renamed from "configuration_permissions" in the meantime + new_configuration_permissions = set( + validated_data.pop("auth_group")["permissions"] + ) + + instance = super().update(instance, validated_data) + + # This will update only Permissions from category + # "configuration_permissions". Others will be untouched + if new_configuration_permissions: + allowed_configuration_permissions = set( + self.fields[ + "configuration_permissions" + ].child_relation.queryset.all() + ) + non_configuration_permissions = ( + set(instance.auth_group.permissions.all()) + - allowed_configuration_permissions + ) + new_permissions = non_configuration_permissions.union( + new_configuration_permissions + ) + instance.auth_group.permissions.set(new_permissions) + + return instance -class DojoGroupMemberSerializer(serializers.ModelSerializer): +class DojoGroupMemberSerializer(serializers.ModelSerializer): class Meta: model = Dojo_Group_Member - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None and \ - data.get('group') != self.instance.group and \ - not user_has_permission(self.context['request'].user, data.get('group'), Permissions.Group_Manage_Members): - raise PermissionDenied('You are not permitted to add a user to this group') - - if self.instance is None or \ - data.get('group') != self.instance.group or \ - data.get('user') != self.instance.user: - members = Dojo_Group_Member.objects.filter(group=data.get('group'), user=data.get('user')) + if ( + self.instance is not None + and data.get("group") != self.instance.group + and not user_has_permission( + self.context["request"].user, + data.get("group"), + Permissions.Group_Manage_Members, + ) + ): + raise PermissionDenied( + "You are not permitted to add a user to this group" + ) + + if ( + self.instance is None + or data.get("group") != self.instance.group + or data.get("user") != self.instance.user + ): + members = Dojo_Group_Member.objects.filter( + group=data.get("group"), user=data.get("user") + ) if members.count() > 0: - raise ValidationError('Dojo_Group_Member already exists') - - if self.instance is not None and not data.get('role').is_owner: - owners = Dojo_Group_Member.objects.filter(group=data.get('group'), role__is_owner=True).exclude(id=self.instance.id).count() + raise ValidationError("Dojo_Group_Member already exists") + + if self.instance is not None and not data.get("role").is_owner: + owners = ( + Dojo_Group_Member.objects.filter( + group=data.get("group"), role__is_owner=True + ) + .exclude(id=self.instance.id) + .count() + ) if owners < 1: - raise ValidationError('There must be at least one owner') + raise ValidationError("There must be at least one owner") - if data.get('role').is_owner and not user_has_permission(self.context['request'].user, data.get('group'), Permissions.Group_Add_Owner): - raise PermissionDenied('You are not permitted to add a user as Owner to this group') + if data.get("role").is_owner and not user_has_permission( + self.context["request"].user, + data.get("group"), + Permissions.Group_Add_Owner, + ): + raise PermissionDenied( + "You are not permitted to add a user as Owner to this group" + ) return data class GlobalRoleSerializer(serializers.ModelSerializer): - class Meta: model = Global_Role - fields = '__all__' + fields = "__all__" def validate(self, data): user = None @@ -443,51 +786,57 @@ def validate(self, data): user = self.instance.user group = self.instance.group - if 'user' in data: - user = data.get('user') - if 'group' in data: - group = data.get('group') + if "user" in data: + user = data.get("user") + if "group" in data: + group = data.get("group") if user is None and group is None: raise ValidationError("Global_Role must have either user or group") if user is not None and group is not None: - raise ValidationError("Global_Role cannot have both user and group") + raise ValidationError( + "Global_Role cannot have both user and group" + ) return data class AddUserSerializer(serializers.ModelSerializer): - class Meta: model = User - fields = ('id', 'username') + fields = ("id", "username") + + +class NoteTypeSerializer(serializers.ModelSerializer): + class Meta: + model = Note_Type + fields = "__all__" class NoteHistorySerializer(serializers.ModelSerializer): current_editor = UserStubSerializer(read_only=True) + note_type = NoteTypeSerializer(read_only=True, many=False) class Meta: model = NoteHistory - fields = '__all__' + fields = "__all__" class NoteSerializer(serializers.ModelSerializer): - author = UserStubSerializer( - many=False, read_only=True) - editor = UserStubSerializer( - read_only=True, many=False, allow_null=True) - + author = UserStubSerializer(many=False, read_only=True) + editor = UserStubSerializer(read_only=True, many=False, allow_null=True) history = NoteHistorySerializer(read_only=True, many=True) + note_type = NoteTypeSerializer(read_only=True, many=False) def update(self, instance, validated_data): - instance.entry = validated_data['entry'] + instance.entry = validated_data.get("entry") instance.edited = True - instance.editor = self.context['request'].user + instance.editor = self.context["request"].user instance.edit_time = timezone.now() history = NoteHistory( data=instance.entry, time=instance.edit_time, - current_editor=instance.editor + current_editor=instance.editor, ) history.save() instance.history.add(history) @@ -496,133 +845,216 @@ def update(self, instance, validated_data): class Meta: model = Notes - fields = '__all__' + fields = "__all__" -class NoteTypeSerializer(serializers.ModelSerializer): +class FileSerializer(serializers.ModelSerializer): + file = serializers.FileField(required=True) + class Meta: - model = Note_Type - fields = '__all__' + model = FileUpload + fields = "__all__" -class FileSerializer(serializers.ModelSerializer): +class RawFileSerializer(serializers.ModelSerializer): file = serializers.FileField(required=True) class Meta: model = FileUpload - fields = '__all__' + fields = ["file"] -class ProductMemberSerializer(serializers.ModelSerializer): +class RiskAcceptanceProofSerializer(serializers.ModelSerializer): + path = serializers.FileField(required=True) + class Meta: + model = Risk_Acceptance + fields = ["path"] + + +class ProductMemberSerializer(serializers.ModelSerializer): class Meta: model = Product_Member - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None and \ - data.get('product') != self.instance.product and \ - not user_has_permission(self.context['request'].user, data.get('product'), Permissions.Product_Manage_Members): - raise PermissionDenied('You are not permitted to add a member to this product') - - if self.instance is None or \ - data.get('product') != self.instance.product or \ - data.get('user') != self.instance.user: - members = Product_Member.objects.filter(product=data.get('product'), user=data.get('user')) + if ( + self.instance is not None + and data.get("product") != self.instance.product + and not user_has_permission( + self.context["request"].user, + data.get("product"), + Permissions.Product_Manage_Members, + ) + ): + raise PermissionDenied( + "You are not permitted to add a member to this product" + ) + + if ( + self.instance is None + or data.get("product") != self.instance.product + or data.get("user") != self.instance.user + ): + members = Product_Member.objects.filter( + product=data.get("product"), user=data.get("user") + ) if members.count() > 0: - raise ValidationError('Product_Member already exists') + raise ValidationError("Product_Member already exists") - if data.get('role').is_owner and not user_has_permission(self.context['request'].user, data.get('product'), Permissions.Product_Member_Add_Owner): - raise PermissionDenied('You are not permitted to add a member as Owner to this product') + if data.get("role").is_owner and not user_has_permission( + self.context["request"].user, + data.get("product"), + Permissions.Product_Member_Add_Owner, + ): + raise PermissionDenied( + "You are not permitted to add a member as Owner to this product" + ) return data class ProductGroupSerializer(serializers.ModelSerializer): - class Meta: model = Product_Group - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None and \ - data.get('product') != self.instance.product and \ - not user_has_permission(self.context['request'].user, data.get('product'), Permissions.Product_Group_Add): - raise PermissionDenied('You are not permitted to add a group to this product') - - if self.instance is None or \ - data.get('product') != self.instance.product or \ - data.get('group') != self.instance.group: - members = Product_Group.objects.filter(product=data.get('product'), group=data.get('group')) + if ( + self.instance is not None + and data.get("product") != self.instance.product + and not user_has_permission( + self.context["request"].user, + data.get("product"), + Permissions.Product_Group_Add, + ) + ): + raise PermissionDenied( + "You are not permitted to add a group to this product" + ) + + if ( + self.instance is None + or data.get("product") != self.instance.product + or data.get("group") != self.instance.group + ): + members = Product_Group.objects.filter( + product=data.get("product"), group=data.get("group") + ) if members.count() > 0: - raise ValidationError('Product_Group already exists') + raise ValidationError("Product_Group already exists") - if data.get('role').is_owner and not user_has_permission(self.context['request'].user, data.get('product'), Permissions.Product_Group_Add_Owner): - raise PermissionDenied('You are not permitted to add a group as Owner to this product') + if data.get("role").is_owner and not user_has_permission( + self.context["request"].user, + data.get("product"), + Permissions.Product_Group_Add_Owner, + ): + raise PermissionDenied( + "You are not permitted to add a group as Owner to this product" + ) return data class ProductTypeMemberSerializer(serializers.ModelSerializer): - class Meta: model = Product_Type_Member - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None and \ - data.get('product_type') != self.instance.product_type and \ - not user_has_permission(self.context['request'].user, data.get('product_type'), Permissions.Product_Type_Manage_Members): - raise PermissionDenied('You are not permitted to add a member to this product type') - - if self.instance is None or \ - data.get('product_type') != self.instance.product_type or \ - data.get('user') != self.instance.user: - members = Product_Type_Member.objects.filter(product_type=data.get('product_type'), user=data.get('user')) + if ( + self.instance is not None + and data.get("product_type") != self.instance.product_type + and not user_has_permission( + self.context["request"].user, + data.get("product_type"), + Permissions.Product_Type_Manage_Members, + ) + ): + raise PermissionDenied( + "You are not permitted to add a member to this product type" + ) + + if ( + self.instance is None + or data.get("product_type") != self.instance.product_type + or data.get("user") != self.instance.user + ): + members = Product_Type_Member.objects.filter( + product_type=data.get("product_type"), user=data.get("user") + ) if members.count() > 0: - raise ValidationError('Product_Type_Member already exists') - - if self.instance is not None and not data.get('role').is_owner: - owners = Product_Type_Member.objects.filter(product_type=data.get('product_type'), role__is_owner=True).exclude(id=self.instance.id).count() + raise ValidationError("Product_Type_Member already exists") + + if self.instance is not None and not data.get("role").is_owner: + owners = ( + Product_Type_Member.objects.filter( + product_type=data.get("product_type"), role__is_owner=True + ) + .exclude(id=self.instance.id) + .count() + ) if owners < 1: - raise ValidationError('There must be at least one owner') + raise ValidationError("There must be at least one owner") - if data.get('role').is_owner and not user_has_permission(self.context['request'].user, data.get('product_type'), Permissions.Product_Type_Member_Add_Owner): - raise PermissionDenied('You are not permitted to add a member as Owner to this product type') + if data.get("role").is_owner and not user_has_permission( + self.context["request"].user, + data.get("product_type"), + Permissions.Product_Type_Member_Add_Owner, + ): + raise PermissionDenied( + "You are not permitted to add a member as Owner to this product type" + ) return data class ProductTypeGroupSerializer(serializers.ModelSerializer): - class Meta: model = Product_Type_Group - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None and \ - data.get('product_type') != self.instance.product_type and \ - not user_has_permission(self.context['request'].user, data.get('product_type'), Permissions.Product_Type_Group_Add): - raise PermissionDenied('You are not permitted to add a group to this product type') - - if self.instance is None or \ - data.get('product_type') != self.instance.product_type or \ - data.get('group') != self.instance.group: - members = Product_Type_Group.objects.filter(product_type=data.get('product_type'), group=data.get('group')) + if ( + self.instance is not None + and data.get("product_type") != self.instance.product_type + and not user_has_permission( + self.context["request"].user, + data.get("product_type"), + Permissions.Product_Type_Group_Add, + ) + ): + raise PermissionDenied( + "You are not permitted to add a group to this product type" + ) + + if ( + self.instance is None + or data.get("product_type") != self.instance.product_type + or data.get("group") != self.instance.group + ): + members = Product_Type_Group.objects.filter( + product_type=data.get("product_type"), group=data.get("group") + ) if members.count() > 0: - raise ValidationError('Product_Type_Group already exists') + raise ValidationError("Product_Type_Group already exists") - if data.get('role').is_owner and not user_has_permission(self.context['request'].user, data.get('product_type'), Permissions.Product_Type_Group_Add_Owner): - raise PermissionDenied('You are not permitted to add a group as Owner to this product type') + if data.get("role").is_owner and not user_has_permission( + self.context["request"].user, + data.get("product_type"), + Permissions.Product_Type_Group_Add_Owner, + ): + raise PermissionDenied( + "You are not permitted to add a group as Owner to this product type" + ) return data class ProductTypeSerializer(serializers.ModelSerializer): - class Meta: model = Product_Type - fields = '__all__' + fields = "__all__" class EngagementSerializer(TaggitSerializer, serializers.ModelSerializer): @@ -630,128 +1062,186 @@ class EngagementSerializer(TaggitSerializer, serializers.ModelSerializer): class Meta: model = Engagement - fields = '__all__' + exclude = ("inherited_tags",) def validate(self, data): - if self.context['request'].method == 'POST': - if data['target_start'] > data['target_end']: + if self.context["request"].method == "POST": + if data.get("target_start") > data.get("target_end"): raise serializers.ValidationError( - 'Your target start date exceeds your target end date') + "Your target start date exceeds your target end date" + ) return data def build_relational_field(self, field_name, relation_info): - if field_name == 'notes': - return NoteSerializer, {'many': True, 'read_only': True} - if field_name == 'files': - return FileSerializer, {'many': True, 'read_only': True} + if field_name == "notes": + return NoteSerializer, {"many": True, "read_only": True} + if field_name == "files": + return FileSerializer, {"many": True, "read_only": True} return super().build_relational_field(field_name, relation_info) class EngagementToNotesSerializer(serializers.Serializer): - engagement_id = serializers.PrimaryKeyRelatedField(queryset=Engagement.objects.all(), many=False, allow_null=True) + engagement_id = serializers.PrimaryKeyRelatedField( + queryset=Engagement.objects.all(), many=False, allow_null=True + ) notes = NoteSerializer(many=True) class EngagementToFilesSerializer(serializers.Serializer): - engagement_id = serializers.PrimaryKeyRelatedField(queryset=Engagement.objects.all(), many=False, allow_null=True) + engagement_id = serializers.PrimaryKeyRelatedField( + queryset=Engagement.objects.all(), many=False, allow_null=True + ) files = FileSerializer(many=True) + def to_representation(self, data): + engagement = data.get("engagement_id") + files = data.get("files") + new_files = [] + for file in files: + new_files.append( + { + "id": file.id, + "file": "{site_url}/{file_access_url}".format( + site_url=settings.SITE_URL, + file_access_url=file.get_accessible_url( + engagement, engagement.id + ), + ), + "title": file.title, + } + ) + new_data = {"engagement_id": engagement.id, "files": new_files} + return new_data + + +class EngagementCheckListSerializer(serializers.ModelSerializer): + class Meta: + model = Check_List + fields = "__all__" + class AppAnalysisSerializer(TaggitSerializer, serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: model = App_Analysis - fields = '__all__' + fields = "__all__" class ToolTypeSerializer(serializers.ModelSerializer): class Meta: model = Tool_Type - fields = '__all__' + fields = "__all__" + + def validate(self, data): + if self.context["request"].method == "POST": + name = data.get("name") + # Make sure this will not create a duplicate test type + if Tool_Type.objects.filter(name=name).count() > 0: + raise serializers.ValidationError('A Tool Type with the name already exists') + return data class RegulationSerializer(serializers.ModelSerializer): class Meta: model = Regulation - fields = '__all__' + fields = "__all__" class ToolConfigurationSerializer(serializers.ModelSerializer): - configuration_url = serializers.CharField(source='url') - class Meta: model = Tool_Configuration - fields = '__all__' + fields = "__all__" extra_kwargs = { - 'password': {'write_only': True}, - 'ssh': {'write_only': True}, - 'api_key': {'write_only': True}, + "password": {"write_only": True}, + "ssh": {"write_only": True}, + "api_key": {"write_only": True}, } class ToolProductSettingsSerializer(serializers.ModelSerializer): - setting_url = serializers.CharField(source='url') + setting_url = serializers.CharField(source="url") + product = serializers.PrimaryKeyRelatedField( + queryset=Product.objects.all(), required=True + ) class Meta: model = Tool_Product_Settings - fields = '__all__' + fields = "__all__" class EndpointStatusSerializer(serializers.ModelSerializer): class Meta: model = Endpoint_Status - fields = '__all__' + fields = "__all__" def create(self, validated_data): - endpoint = validated_data['endpoint'] - finding = validated_data['finding'] - status = Endpoint_Status.objects.create( - finding=finding, - endpoint=endpoint - ) - endpoint.endpoint_status.add(status) - finding.endpoint_status.add(status) - status.mitigated = validated_data.get('mitigated', False) - status.false_positive = validated_data.get('false_positive', False) - status.out_of_scope = validated_data.get('out_of_scope', False) - status.risk_accepted = validated_data.get('risk_accepted', False) - status.date = validated_data.get('date', timezone.now()) + endpoint = validated_data.get("endpoint") + finding = validated_data.get("finding") + try: + status = Endpoint_Status.objects.create( + finding=finding, endpoint=endpoint + ) + except IntegrityError as ie: + if "endpoint-finding relation" in str(ie): + raise serializers.ValidationError( + "This endpoint-finding relation already exists" + ) + else: + raise + status.mitigated = validated_data.get("mitigated", False) + status.false_positive = validated_data.get("false_positive", False) + status.out_of_scope = validated_data.get("out_of_scope", False) + status.risk_accepted = validated_data.get("risk_accepted", False) + status.date = validated_data.get("date", get_current_date()) status.save() return status + def update(self, instance, validated_data): + try: + return super().update(instance, validated_data) + except IntegrityError as ie: + if "endpoint-finding relation" in str(ie): + raise serializers.ValidationError( + "This endpoint-finding relation already exists" + ) + else: + raise + class EndpointSerializer(TaggitSerializer, serializers.ModelSerializer): tags = TagListSerializerField(required=False) class Meta: model = Endpoint - fields = '__all__' + exclude = ("inherited_tags",) def validate(self, data): # print('EndpointSerialize.validate') - if not self.context['request'].method == 'PATCH': - if 'product' not in data: - raise serializers.ValidationError('Product is required') - protocol = data.get('protocol') - userinfo = data.get('userinfo') - host = data.get('host') - port = data.get('port') - path = data.get('path') - query = data.get('query') - fragment = data.get('fragment') - product = data.get('product') + if not self.context["request"].method == "PATCH": + if "product" not in data: + raise serializers.ValidationError("Product is required") + protocol = data.get("protocol") + userinfo = data.get("userinfo") + host = data.get("host") + port = data.get("port") + path = data.get("path") + query = data.get("query") + fragment = data.get("fragment") + product = data.get("product") else: - protocol = data.get('protocol', self.instance.protocol) - userinfo = data.get('userinfo', self.instance.userinfo) - host = data.get('host', self.instance.host) - port = data.get('port', self.instance.port) - path = data.get('path', self.instance.path) - query = data.get('query', self.instance.query) - fragment = data.get('fragment', self.instance.fragment) - if 'product' in data and data['product'] != self.instance.product: - raise serializers.ValidationError('Change of product is not possible') + protocol = data.get("protocol", self.instance.protocol) + userinfo = data.get("userinfo", self.instance.userinfo) + host = data.get("host", self.instance.host) + port = data.get("port", self.instance.port) + path = data.get("path", self.instance.path) + query = data.get("query", self.instance.query) + fragment = data.get("fragment", self.instance.fragment) + if "product" in data and data["product"] != self.instance.product: + raise serializers.ValidationError( + "Change of product is not possible" + ) product = self.instance.product endpoint_ins = Endpoint( @@ -762,7 +1252,7 @@ def validate(self, data): path=path, query=query, fragment=fragment, - product=product + product=product, ) endpoint_ins.clean() # Run standard validation and clean process; can raise errors @@ -774,57 +1264,77 @@ def validate(self, data): path=endpoint_ins.path, query=endpoint_ins.query, fragment=endpoint_ins.fragment, - product=endpoint_ins.product + product=endpoint_ins.product, ) - if ((self.context['request'].method in ["PUT", "PATCH"] and - ((endpoint.count() > 1) or - (endpoint.count() == 1 and - endpoint.first().pk != self.instance.pk))) or - (self.context['request'].method in ["POST"] and endpoint.count() > 0)): + if ( + self.context["request"].method in ["PUT", "PATCH"] + and ( + (endpoint.count() > 1) + or ( + endpoint.count() == 1 + and endpoint.first().pk != self.instance.pk + ) + ) + ) or ( + self.context["request"].method in ["POST"] and endpoint.count() > 0 + ): raise serializers.ValidationError( - 'It appears as though an endpoint with this data already ' - 'exists for this product.', - code='invalid') + "It appears as though an endpoint with this data already " + "exists for this product.", + code="invalid", + ) # use clean data - data['protocol'] = endpoint_ins.protocol - data['userinfo'] = endpoint_ins.userinfo - data['host'] = endpoint_ins.host - data['port'] = endpoint_ins.port - data['path'] = endpoint_ins.path - data['query'] = endpoint_ins.query - data['fragment'] = endpoint_ins.fragment - data['product'] = endpoint_ins.product + data["protocol"] = endpoint_ins.protocol + data["userinfo"] = endpoint_ins.userinfo + data["host"] = endpoint_ins.host + data["port"] = endpoint_ins.port + data["path"] = endpoint_ins.path + data["query"] = endpoint_ins.query + data["fragment"] = endpoint_ins.fragment + data["product"] = endpoint_ins.product return data +class EndpointParamsSerializer(serializers.ModelSerializer): + class Meta: + model = Endpoint_Params + fields = "__all__" + + class JIRAIssueSerializer(serializers.ModelSerializer): url = serializers.SerializerMethodField(read_only=True) class Meta: model = JIRA_Issue - fields = '__all__' + fields = "__all__" def get_url(self, obj) -> str: return jira_helper.get_jira_issue_url(obj) def validate(self, data): - if self.context['request'].method == 'PATCH': - engagement = data.get('engagement', self.instance.engagement) - finding = data.get('finding', self.instance.finding) - finding_group = data.get('finding_group', self.instance.finding_group) + if self.context["request"].method == "PATCH": + engagement = data.get("engagement", self.instance.engagement) + finding = data.get("finding", self.instance.finding) + finding_group = data.get( + "finding_group", self.instance.finding_group + ) else: - engagement = data.get('engagement', None) - finding = data.get('finding', None) - finding_group = data.get('finding_group', None) - - if ((engagement and not finding and not finding_group) or - (finding and not engagement and not finding_group) or - (finding_group and not engagement and not finding)): + engagement = data.get("engagement", None) + finding = data.get("finding", None) + finding_group = data.get("finding_group", None) + + if ( + (engagement and not finding and not finding_group) + or (finding and not engagement and not finding_group) + or (finding_group and not engagement and not finding) + ): pass else: - raise serializers.ValidationError('Either engagement or finding or finding_group has to be set.') + raise serializers.ValidationError( + "Either engagement or finding or finding_group has to be set." + ) return data @@ -832,27 +1342,29 @@ def validate(self, data): class JIRAInstanceSerializer(serializers.ModelSerializer): class Meta: model = JIRA_Instance - fields = '__all__' + fields = "__all__" extra_kwargs = { - 'password': {'write_only': True}, + "password": {"write_only": True}, } class JIRAProjectSerializer(serializers.ModelSerializer): class Meta: model = JIRA_Project - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.context['request'].method == 'PATCH': - engagement = data.get('engagement', self.instance.engagement) - product = data.get('product', self.instance.product) + if self.context["request"].method == "PATCH": + engagement = data.get("engagement", self.instance.engagement) + product = data.get("product", self.instance.product) else: - engagement = data.get('engagement', None) - product = data.get('product', None) + engagement = data.get("engagement", None) + product = data.get("product", None) - if ((engagement and product) or (not engagement and not product)): - raise serializers.ValidationError('Either engagement or product has to be set.') + if (engagement and product) or (not engagement and not product): + raise serializers.ValidationError( + "Either engagement or product has to be set." + ) return data @@ -860,26 +1372,25 @@ def validate(self, data): class SonarqubeIssueSerializer(serializers.ModelSerializer): class Meta: model = Sonarqube_Issue - fields = '__all__' + fields = "__all__" class SonarqubeIssueTransitionSerializer(serializers.ModelSerializer): class Meta: model = Sonarqube_Issue_Transition - fields = '__all__' + fields = "__all__" class ProductAPIScanConfigurationSerializer(serializers.ModelSerializer): class Meta: model = Product_API_Scan_Configuration - fields = '__all__' + fields = "__all__" class DevelopmentEnvironmentSerializer(serializers.ModelSerializer): - class Meta: model = Development_Environment - fields = '__all__' + fields = "__all__" class FindingGroupSerializer(serializers.ModelSerializer): @@ -887,39 +1398,43 @@ class FindingGroupSerializer(serializers.ModelSerializer): class Meta: model = Finding_Group - fields = ('id', 'name', 'test', 'jira_issue') + fields = ("id", "name", "test", "jira_issue") class TestSerializer(TaggitSerializer, serializers.ModelSerializer): tags = TagListSerializerField(required=False) test_type_name = serializers.ReadOnlyField() - finding_groups = FindingGroupSerializer(source='finding_group_set', many=True, read_only=True) + finding_groups = FindingGroupSerializer( + source="finding_group_set", many=True, read_only=True + ) class Meta: model = Test - fields = '__all__' + exclude = ("inherited_tags",) def build_relational_field(self, field_name, relation_info): - if field_name == 'notes': - return NoteSerializer, {'many': True, 'read_only': True} - if field_name == 'files': - return FileSerializer, {'many': True, 'read_only': True} + if field_name == "notes": + return NoteSerializer, {"many": True, "read_only": True} + if field_name == "files": + return FileSerializer, {"many": True, "read_only": True} return super().build_relational_field(field_name, relation_info) class TestCreateSerializer(TaggitSerializer, serializers.ModelSerializer): engagement = serializers.PrimaryKeyRelatedField( - queryset=Engagement.objects.all()) + queryset=Engagement.objects.all() + ) notes = serializers.PrimaryKeyRelatedField( allow_null=True, queryset=Notes.objects.all(), many=True, - required=False) + required=False, + ) tags = TagListSerializerField(required=False) class Meta: model = Test - fields = '__all__' + exclude = ("inherited_tags",) class TestTypeSerializer(TaggitSerializer, serializers.ModelSerializer): @@ -927,44 +1442,118 @@ class TestTypeSerializer(TaggitSerializer, serializers.ModelSerializer): class Meta: model = Test_Type - fields = '__all__' + fields = "__all__" class TestToNotesSerializer(serializers.Serializer): - test_id = serializers.PrimaryKeyRelatedField(queryset=Test.objects.all(), many=False, allow_null=True) + test_id = serializers.PrimaryKeyRelatedField( + queryset=Test.objects.all(), many=False, allow_null=True + ) notes = NoteSerializer(many=True) class TestToFilesSerializer(serializers.Serializer): - test_id = serializers.PrimaryKeyRelatedField(queryset=Test.objects.all(), many=False, allow_null=True) + test_id = serializers.PrimaryKeyRelatedField( + queryset=Test.objects.all(), many=False, allow_null=True + ) files = FileSerializer(many=True) + def to_representation(self, data): + test = data.get("test_id") + files = data.get("files") + new_files = [] + for file in files: + new_files.append( + { + "id": file.id, + "file": "{site_url}/{file_access_url}".format( + site_url=settings.SITE_URL, + file_access_url=file.get_accessible_url(test, test.id), + ), + "title": file.title, + } + ) + new_data = {"test_id": test.id, "files": new_files} + return new_data + class TestImportFindingActionSerializer(serializers.ModelSerializer): class Meta: model = Test_Import_Finding_Action - fields = '__all__' + fields = "__all__" class TestImportSerializer(serializers.ModelSerializer): # findings = TestImportFindingActionSerializer(source='test_import_finding_action', many=True, read_only=True) - test_import_finding_action_set = TestImportFindingActionSerializer(many=True, read_only=True) + test_import_finding_action_set = TestImportFindingActionSerializer( + many=True, read_only=True + ) class Meta: model = Test_Import - fields = '__all__' + fields = "__all__" class RiskAcceptanceSerializer(serializers.ModelSerializer): + recommendation = serializers.SerializerMethodField() + decision = serializers.SerializerMethodField() + path = serializers.SerializerMethodField() + + @extend_schema_field(serializers.CharField()) + @swagger_serializer_method(serializers.CharField()) + def get_recommendation(self, obj): + return Risk_Acceptance.TREATMENT_TRANSLATIONS.get(obj.recommendation) + + @extend_schema_field(serializers.CharField()) + @swagger_serializer_method(serializers.CharField()) + def get_decision(self, obj): + return Risk_Acceptance.TREATMENT_TRANSLATIONS.get(obj.decision) + + @extend_schema_field(serializers.CharField()) + @swagger_serializer_method(serializers.CharField()) + def get_path(self, obj): + engagement = Engagement.objects.filter( + risk_acceptance__id__in=[obj.id] + ).first() + path = "No proof has been supplied" + if engagement and obj.filename() is not None: + path = reverse( + "download_risk_acceptance", args=(engagement.id, obj.id) + ) + request = self.context.get("request") + if request: + path = request.build_absolute_uri(path) + return path + + @extend_schema_field(serializers.IntegerField()) + @swagger_serializer_method(serializers.IntegerField()) + def get_engagement(self, obj): + engagement = Engagement.objects.filter( + risk_acceptance__id__in=[obj.id] + ).first() + return EngagementSerializer(read_only=True).to_representation( + engagement + ) + + def validate(self, data): + if self.context["request"].method == "POST": + findings = data['accepted_findings'] + for finding in findings: + if not user_has_permission(self.context["request"].user, finding, Permissions.Finding_View): + raise PermissionDenied( + "You are not permitted to add one or more selected findings to this risk acceptance" + ) + return data + class Meta: model = Risk_Acceptance - fields = '__all__' + fields = "__all__" class FindingMetaSerializer(serializers.ModelSerializer): class Meta: model = DojoMeta - fields = ('name', 'value') + fields = ("name", "value") class FindingProdTypeSerializer(serializers.ModelSerializer): @@ -986,7 +1575,21 @@ class FindingEngagementSerializer(serializers.ModelSerializer): class Meta: model = Engagement - fields = ["id", "name", "product", "branch_tag", "build_id", "commit_hash", "version"] + fields = [ + "id", + "name", + "description", + "product", + "target_start", + "target_end", + "branch_tag", + "engagement_type", + "build_id", + "commit_hash", + "version", + "created", + "updated", + ] class FindingEnvironmentSerializer(serializers.ModelSerializer): @@ -1008,7 +1611,17 @@ class FindingTestSerializer(serializers.ModelSerializer): class Meta: model = Test - fields = ["id", "title", "test_type", "engagement", "environment", "branch_tag", "build_id", "commit_hash", "version"] + fields = [ + "id", + "title", + "test_type", + "engagement", + "environment", + "branch_tag", + "build_id", + "commit_hash", + "version", + ] class FindingRelatedFieldsSerializer(serializers.Serializer): @@ -1018,7 +1631,9 @@ class FindingRelatedFieldsSerializer(serializers.Serializer): @extend_schema_field(FindingTestSerializer) @swagger_serializer_method(FindingTestSerializer) def get_test(self, obj): - return FindingTestSerializer(read_only=True).to_representation(obj.test) + return FindingTestSerializer(read_only=True).to_representation( + obj.test + ) @extend_schema_field(JIRAIssueSerializer) @swagger_serializer_method(JIRAIssueSerializer) @@ -1029,10 +1644,18 @@ def get_jira(self, obj): return JIRAIssueSerializer(read_only=True).to_representation(issue) +class VulnerabilityIdSerializer(serializers.ModelSerializer): + class Meta: + model = Vulnerability_Id + fields = ["vulnerability_id"] + + class FindingSerializer(TaggitSerializer, serializers.ModelSerializer): tags = TagListSerializerField(required=False) request_response = serializers.SerializerMethodField() - accepted_risks = RiskAcceptanceSerializer(many=True, read_only=True, source='risk_acceptance_set') + accepted_risks = RiskAcceptanceSerializer( + many=True, read_only=True, source="risk_acceptance_set" + ) push_to_jira = serializers.BooleanField(default=False) age = serializers.IntegerField(read_only=True) sla_days_remaining = serializers.IntegerField(read_only=True) @@ -1042,11 +1665,22 @@ class FindingSerializer(TaggitSerializer, serializers.ModelSerializer): jira_creation = serializers.SerializerMethodField(read_only=True) jira_change = serializers.SerializerMethodField(read_only=True) display_status = serializers.SerializerMethodField() - finding_groups = FindingGroupSerializer(source='finding_group_set', many=True, read_only=True) + finding_groups = FindingGroupSerializer( + source="finding_group_set", many=True, read_only=True + ) + vulnerability_ids = VulnerabilityIdSerializer( + source="vulnerability_id_set", many=True, required=False + ) + reporter = serializers.PrimaryKeyRelatedField( + required=False, queryset=User.objects.all() + ) class Meta: model = Finding - fields = '__all__' + exclude = ( + "cve", + "inherited_tags", + ) @extend_schema_field(serializers.DateTimeField()) @swagger_serializer_method(serializers.DateTimeField()) @@ -1061,13 +1695,15 @@ def get_jira_change(self, obj): @extend_schema_field(FindingRelatedFieldsSerializer) @swagger_serializer_method(FindingRelatedFieldsSerializer) def get_related_fields(self, obj): - request = self.context.get('request', None) + request = self.context.get("request", None) if request is None: return None query_params = request.query_params - if query_params.get('related_fields', 'false') == 'true': - return FindingRelatedFieldsSerializer(required=False).to_representation(obj) + if query_params.get("related_fields", "false") == "true": + return FindingRelatedFieldsSerializer( + required=False + ).to_representation(obj) else: return None @@ -1080,59 +1716,91 @@ def update(self, instance, validated_data): to_be_tagged, validated_data = self._pop_tags(validated_data) # pop push_to_jira so it won't get send to the model as a field - # TODO: JIRA can we remove this is_push_all_issues, already checked in apiv2 viewset? - push_to_jira = validated_data.pop('push_to_jira') or jira_helper.is_push_all_issues(instance) - - instance = super(TaggitSerializer, self).update(instance, validated_data) + # TODO: JIRA can we remove this is_push_all_issues, already checked in + # apiv2 viewset? + push_to_jira = validated_data.pop( + "push_to_jira" + ) or jira_helper.is_push_all_issues(instance) + + # Save vulnerability ids and pop them + if "vulnerability_id_set" in validated_data: + vulnerability_id_set = validated_data.pop("vulnerability_id_set") + vulnerability_ids = list() + if vulnerability_id_set: + for vulnerability_id in vulnerability_id_set: + vulnerability_ids.append( + vulnerability_id["vulnerability_id"] + ) + save_vulnerability_ids(instance, vulnerability_ids) + + instance = super(TaggitSerializer, self).update( + instance, validated_data + ) + # Save the reporter on the finding + if reporter_id := validated_data.get("reporter"): + instance.reporter = reporter_id # If we need to push to JIRA, an extra save call is needed. # Also if we need to update the mitigation date of the finding. - # TODO try to combine create and save, but for now I'm just fixing a bug and don't want to change to much + # TODO try to combine create and save, but for now I'm just fixing a + # bug and don't want to change to much if push_to_jira: instance.save(push_to_jira=push_to_jira) - # not sure why we are returning a tag_object, but don't want to change too much now as we're just fixing a bug + # not sure why we are returning a tag_object, but don't want to change + # too much now as we're just fixing a bug tag_object = self._save_tags(instance, to_be_tagged) return tag_object def validate(self, data): - if self.context['request'].method == 'PATCH': - is_active = data.get('active', self.instance.active) - is_verified = data.get('verified', self.instance.verified) - is_duplicate = data.get('duplicate', self.instance.duplicate) - is_false_p = data.get('false_p', self.instance.false_p) - is_risk_accepted = data.get('risk_accepted', self.instance.risk_accepted) + if self.context["request"].method == "PATCH": + is_active = data.get("active", self.instance.active) + is_verified = data.get("verified", self.instance.verified) + is_duplicate = data.get("duplicate", self.instance.duplicate) + is_false_p = data.get("false_p", self.instance.false_p) + is_risk_accepted = data.get( + "risk_accepted", self.instance.risk_accepted + ) else: - is_active = data.get('active', True) - is_verified = data.get('verified', True) - is_duplicate = data.get('duplicate', False) - is_false_p = data.get('false_p', False) - is_risk_accepted = data.get('risk_accepted', False) - - if ((is_active or is_verified) and is_duplicate): - raise serializers.ValidationError('Duplicate findings cannot be' - ' verified or active') + is_active = data.get("active", True) + is_verified = data.get("verified", False) + is_duplicate = data.get("duplicate", False) + is_false_p = data.get("false_p", False) + is_risk_accepted = data.get("risk_accepted", False) + + if (is_active or is_verified) and is_duplicate: + raise serializers.ValidationError( + "Duplicate findings cannot be" " verified or active" + ) if is_false_p and is_verified: - raise serializers.ValidationError('False positive findings cannot ' - 'be verified.') + raise serializers.ValidationError( + "False positive findings cannot " "be verified." + ) if is_risk_accepted and not self.instance.risk_accepted: - if not self.instance.test.engagement.product.enable_simple_risk_acceptance: - raise serializers.ValidationError('Simple risk acceptance is disabled for this product, use the UI to accept this finding.') + if ( + not self.instance.test.engagement.product.enable_simple_risk_acceptance + ): + raise serializers.ValidationError( + "Simple risk acceptance is disabled for this product, use the UI to accept this finding." + ) if is_active and is_risk_accepted: - raise serializers.ValidationError('Active findings cannot ' - 'be risk accepted.') + raise serializers.ValidationError( + "Active findings cannot be risk accepted." + ) return data def build_relational_field(self, field_name, relation_info): - if field_name == 'notes': - return NoteSerializer, {'many': True, 'read_only': True} + if field_name == "notes": + return NoteSerializer, {"many": True, "read_only": True} return super().build_relational_field(field_name, relation_info) @extend_schema_field(BurpRawRequestResponseSerializer) - @swagger_serializer_method(serializer_or_field=BurpRawRequestResponseSerializer) + @swagger_serializer_method( + serializer_or_field=BurpRawRequestResponseSerializer + ) def get_request_response(self, obj): # burp_req_resp = BurpRawRequestResponse.objects.filter(finding=obj) burp_req_resp = obj.burprawrequestresponse_set.all() @@ -1140,36 +1808,41 @@ def get_request_response(self, obj): for burp in burp_req_resp: request = burp.get_request() response = burp.get_response() - burp_list.append({'request': request, 'response': response}) - serialized_burps = BurpRawRequestResponseSerializer({'req_resp': burp_list}) + burp_list.append({"request": request, "response": response}) + serialized_burps = BurpRawRequestResponseSerializer( + {"req_resp": burp_list} + ) return serialized_burps.data class FindingCreateSerializer(TaggitSerializer, serializers.ModelSerializer): notes = serializers.PrimaryKeyRelatedField( - read_only=True, - allow_null=True, - required=False, - many=True) - test = serializers.PrimaryKeyRelatedField( - queryset=Test.objects.all()) + read_only=True, allow_null=True, required=False, many=True + ) + test = serializers.PrimaryKeyRelatedField(queryset=Test.objects.all()) thread_id = serializers.IntegerField(default=0) found_by = serializers.PrimaryKeyRelatedField( - queryset=Test_Type.objects.all(), - many=True) - url = serializers.CharField( - allow_null=True, - default=None) + queryset=Test_Type.objects.all(), many=True + ) + url = serializers.CharField(allow_null=True, default=None) tags = TagListSerializerField(required=False) push_to_jira = serializers.BooleanField(default=False) + vulnerability_ids = VulnerabilityIdSerializer( + source="vulnerability_id_set", many=True, required=False + ) + reporter = serializers.PrimaryKeyRelatedField( + required=False, queryset=User.objects.all() + ) class Meta: model = Finding - fields = '__all__' + exclude = ( + "cve", + "inherited_tags", + ) extra_kwargs = { - 'active': {'required': True}, - 'verified': {'required': True}, - 'reporter': {'default': serializers.CurrentUserDefault()}, + "active": {"required": True}, + "verified": {"required": True}, } # Overriding this to push add Push to JIRA functionality @@ -1178,67 +1851,162 @@ def create(self, validated_data): to_be_tagged, validated_data = self._pop_tags(validated_data) # pop push_to_jira so it won't get send to the model as a field - push_to_jira = validated_data.pop('push_to_jira') + push_to_jira = validated_data.pop("push_to_jira") + + # Save vulnerability ids and pop them + if "vulnerability_id_set" in validated_data: + vulnerability_id_set = validated_data.pop("vulnerability_id_set") + else: + vulnerability_id_set = None # first save, so we have an instance to get push_all_to_jira from new_finding = super(TaggitSerializer, self).create(validated_data) - # TODO: JIRA can we remove this is_push_all_issues, already checked in apiv2 viewset? - push_to_jira = push_to_jira or jira_helper.is_push_all_issues(new_finding) + if vulnerability_id_set: + vulnerability_ids = list() + for vulnerability_id in vulnerability_id_set: + vulnerability_ids.append(vulnerability_id["vulnerability_id"]) + validated_data["cve"] = vulnerability_ids[0] + save_vulnerability_ids(new_finding, vulnerability_ids) + new_finding.save() + + # TODO: JIRA can we remove this is_push_all_issues, already checked in + # apiv2 viewset? + push_to_jira = push_to_jira or jira_helper.is_push_all_issues( + new_finding + ) # If we need to push to JIRA, an extra save call is needed. - # TODO try to combine create and save, but for now I'm just fixing a bug and don't want to change to much + # TODO try to combine create and save, but for now I'm just fixing a + # bug and don't want to change to much if push_to_jira or new_finding: new_finding.save(push_to_jira=push_to_jira) - # not sure why we are returning a tag_object, but don't want to change too much now as we're just fixing a bug + # not sure why we are returning a tag_object, but don't want to change + # too much now as we're just fixing a bug tag_object = self._save_tags(new_finding, to_be_tagged) return tag_object def validate(self, data): - if ((data['active'] or data['verified']) and data['duplicate']): - raise serializers.ValidationError('Duplicate findings cannot be' - ' verified or active') - if data['false_p'] and data['verified']: - raise serializers.ValidationError('False positive findings cannot ' - 'be verified.') - - if 'risk_accepted' in data and data['risk_accepted']: - test = data['test'] + if "reporter" not in data: + request = self.context["request"] + data["reporter"] = request.user + + if (data.get("active") or data.get("verified")) and data.get( + "duplicate" + ): + raise serializers.ValidationError( + "Duplicate findings cannot be verified or active" + ) + if data.get("false_p") and data.get("verified"): + raise serializers.ValidationError( + "False positive findings cannot be verified." + ) + + if "risk_accepted" in data and data.get("risk_accepted"): + test = data.get("test") # test = Test.objects.get(id=test_id) if not test.engagement.product.enable_simple_risk_acceptance: - raise serializers.ValidationError('Simple risk acceptance is disabled for this product, use the UI to accept this finding.') - - if data['active'] and 'risk_accepted' in data and data['risk_accepted']: - raise serializers.ValidationError('Active findings cannot ' - 'be risk accepted.') + raise serializers.ValidationError( + "Simple risk acceptance is disabled for this product, use the UI to accept this finding." + ) + + if ( + data.get("active") + and "risk_accepted" in data + and data.get("risk_accepted") + ): + raise serializers.ValidationError( + "Active findings cannot be risk accepted." + ) return data +class VulnerabilityIdTemplateSerializer(serializers.ModelSerializer): + class Meta: + model = Vulnerability_Id_Template + fields = ["vulnerability_id"] + + class FindingTemplateSerializer(TaggitSerializer, serializers.ModelSerializer): tags = TagListSerializerField(required=False) + vulnerability_ids = VulnerabilityIdTemplateSerializer( + source="vulnerability_id_template_set", many=True, required=False + ) class Meta: model = Finding_Template - fields = '__all__' + exclude = ("cve",) + + def create(self, validated_data): + # Save vulnerability ids and pop them + if "vulnerability_id_template_set" in validated_data: + vulnerability_id_set = validated_data.pop( + "vulnerability_id_template_set" + ) + else: + vulnerability_id_set = None + + new_finding_template = super(TaggitSerializer, self).create( + validated_data + ) + + if vulnerability_id_set: + vulnerability_ids = list() + for vulnerability_id in vulnerability_id_set: + vulnerability_ids.append(vulnerability_id["vulnerability_id"]) + validated_data["cve"] = vulnerability_ids[0] + save_vulnerability_ids_template( + new_finding_template, vulnerability_ids + ) + new_finding_template.save() + + return new_finding_template + + def update(self, instance, validated_data): + # Save vulnerability ids and pop them + if "vulnerability_id_template_set" in validated_data: + vulnerability_id_set = validated_data.pop( + "vulnerability_id_template_set" + ) + vulnerability_ids = list() + if vulnerability_id_set: + for vulnerability_id in vulnerability_id_set: + vulnerability_ids.append( + vulnerability_id["vulnerability_id"] + ) + save_vulnerability_ids_template(instance, vulnerability_ids) + + return super(TaggitSerializer, self).update(instance, validated_data) + + +class CredentialSerializer(serializers.ModelSerializer): + class Meta: + model = Cred_User + exclude = ("password",) + + +class CredentialMappingSerializer(serializers.ModelSerializer): + class Meta: + model = Cred_Mapping + fields = "__all__" class StubFindingSerializer(serializers.ModelSerializer): class Meta: model = Stub_Finding - fields = '__all__' + fields = "__all__" class StubFindingCreateSerializer(serializers.ModelSerializer): - test = serializers.PrimaryKeyRelatedField( - queryset=Test.objects.all()) + test = serializers.PrimaryKeyRelatedField(queryset=Test.objects.all()) class Meta: model = Stub_Finding - fields = '__all__' + fields = "__all__" extra_kwargs = { - 'reporter': {'default': serializers.CurrentUserDefault()}, + "reporter": {"default": serializers.CurrentUserDefault()}, } @@ -1251,128 +2019,273 @@ class ProductSerializer(TaggitSerializer, serializers.ModelSerializer): class Meta: model = Product - exclude = ['tid', 'updated'] + exclude = ( + "tid", + "updated", + "async_updating" + ) + + def validate(self, data): + async_updating = getattr(self.instance, 'async_updating', None) + if async_updating: + new_sla_config = data.get('sla_configuration', None) + old_sla_config = getattr(self.instance, 'sla_configuration', None) + if new_sla_config and old_sla_config and new_sla_config != old_sla_config: + raise serializers.ValidationError( + 'Finding SLA expiration dates are currently being recalculated. The SLA configuration for this product cannot be changed until the calculation is complete.' + ) + return data def get_findings_count(self, obj) -> int: return obj.findings_count # -> List[int] as return type doesn't seem enough for drf-yasg - @swagger_serializer_method(serializer_or_field=serializers.ListField(child=serializers.IntegerField())) + @swagger_serializer_method( + serializer_or_field=serializers.ListField( + child=serializers.IntegerField() + ) + ) def get_findings_list(self, obj) -> List[int]: return obj.open_findings_list class ImportScanSerializer(serializers.Serializer): - scan_date = serializers.DateField(required=False) + scan_date = serializers.DateField( + required=False, + help_text="Scan completion date will be used on all findings.", + ) minimum_severity = serializers.ChoiceField( choices=SEVERITY_CHOICES, - default='Info') - active = serializers.BooleanField(default=True) - verified = serializers.BooleanField(default=True) - scan_type = serializers.ChoiceField( - choices=get_choices_sorted()) + default="Info", + help_text="Minimum severity level to be imported", + ) + active = serializers.BooleanField( + help_text="Override the active setting from the tool." + ) + verified = serializers.BooleanField( + help_text="Override the verified setting from the tool." + ) + scan_type = serializers.ChoiceField(choices=get_choices_sorted()) # TODO why do we allow only existing endpoints? - endpoint_to_add = serializers.PrimaryKeyRelatedField(queryset=Endpoint.objects.all(), - required=False, - default=None) - file = serializers.FileField(required=False) + endpoint_to_add = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + help_text="The IP address, host name or full URL. It must be valid", + ) + file = serializers.FileField(allow_empty_file=True, required=False) product_type_name = serializers.CharField(required=False) product_name = serializers.CharField(required=False) engagement_name = serializers.CharField(required=False) + engagement_end_date = serializers.DateField( + required=False, + help_text="End Date for Engagement. Default is current time + 365 days. Required format year-month-day", + ) + source_code_management_uri = serializers.URLField( + max_length=600, + required=False, + help_text="Resource link to source code", + ) engagement = serializers.PrimaryKeyRelatedField( - queryset=Engagement.objects.all(), required=False) + queryset=Engagement.objects.all(), required=False + ) test_title = serializers.CharField(required=False) auto_create_context = serializers.BooleanField(required=False) - + deduplication_on_engagement = serializers.BooleanField(required=False) lead = serializers.PrimaryKeyRelatedField( - allow_null=True, - default=None, - queryset=User.objects.all()) - tags = TagListSerializerField(required=False) - close_old_findings = serializers.BooleanField(required=False, default=False, + allow_null=True, default=None, queryset=User.objects.all() + ) + tags = TagListSerializerField( + required=False, help_text="Add tags that help describe this scan." + ) + close_old_findings = serializers.BooleanField( + required=False, + default=False, help_text="Select if old findings no longer present in the report get closed as mitigated when importing. " - "If service has been set, only the findings for this service will be closed.") + "If service has been set, only the findings for this service will be closed.", + ) + close_old_findings_product_scope = serializers.BooleanField( + required=False, + default=False, + help_text="Select if close_old_findings applies to all findings of the same type in the product. " + "By default, it is false meaning that only old findings of the same type in the engagement are in scope.", + ) push_to_jira = serializers.BooleanField(default=False) environment = serializers.CharField(required=False) - version = serializers.CharField(required=False) - build_id = serializers.CharField(required=False) - branch_tag = serializers.CharField(required=False) - commit_hash = serializers.CharField(required=False) - api_scan_configuration = serializers.PrimaryKeyRelatedField(allow_null=True, default=None, - queryset=Product_API_Scan_Configuration.objects.all()) - service = serializers.CharField(required=False, + version = serializers.CharField( + required=False, help_text="Version that was scanned." + ) + build_id = serializers.CharField( + required=False, help_text="ID of the build that was scanned." + ) + branch_tag = serializers.CharField( + required=False, help_text="Branch or Tag that was scanned." + ) + commit_hash = serializers.CharField( + required=False, help_text="Commit that was scanned." + ) + api_scan_configuration = serializers.PrimaryKeyRelatedField( + allow_null=True, + default=None, + queryset=Product_API_Scan_Configuration.objects.all(), + ) + service = serializers.CharField( + required=False, help_text="A service is a self-contained piece of functionality within a Product. " - "This is an optional field which is used in deduplication and closing of old findings when set. " - "This affects the whole engagement/product depending on your deduplication scope.") + "This is an optional field which is used in deduplication and closing of old findings when set. " + "This affects the whole engagement/product depending on your deduplication scope.", + ) - group_by = serializers.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option.') + group_by = serializers.ChoiceField( + required=False, + choices=Finding_Group.GROUP_BY_OPTIONS, + help_text="Choose an option to automatically group new findings by the chosen option.", + ) + create_finding_groups_for_all_findings = serializers.BooleanField( + help_text="If set to false, finding groups will only be created when there is more than one grouped finding", + required=False, + default=True, + ) # extra fields populated in response - # need to use the _id suffix as without the serializer framework gets confused - test = serializers.IntegerField(read_only=True) # left for backwards compatibility + # need to use the _id suffix as without the serializer framework gets + # confused + test = serializers.IntegerField( + read_only=True + ) # left for backwards compatibility test_id = serializers.IntegerField(read_only=True) engagement_id = serializers.IntegerField(read_only=True) product_id = serializers.IntegerField(read_only=True) product_type_id = serializers.IntegerField(read_only=True) statistics = ImportStatisticsSerializer(read_only=True, required=False) + apply_tags_to_findings = serializers.BooleanField( + help_text="If set to True, the tags will be applied to the findings", + required=False, + ) def save(self, push_to_jira=False): data = self.validated_data - close_old_findings = data['close_old_findings'] - active = data['active'] - verified = data['verified'] - minimum_severity = data['minimum_severity'] - endpoint_to_add = data['endpoint_to_add'] - scan_date = data.get('scan_date', None) - # Will save in the provided environment or in the `Development` one if absent - version = data.get('version', None) - build_id = data.get('build_id', None) - branch_tag = data.get('branch_tag', None) - commit_hash = data.get('commit_hash', None) - api_scan_configuration = data.get('api_scan_configuration', None) - service = data.get('service', None) - - environment_name = data.get('environment', 'Development') - environment = Development_Environment.objects.get(name=environment_name) - tags = data.get('tags', None) - lead = data['lead'] - - scan = data.get('file', None) + close_old_findings = data.get("close_old_findings") + close_old_findings_product_scope = data.get( + "close_old_findings_product_scope" + ) + minimum_severity = data.get("minimum_severity") + endpoint_to_add = data.get("endpoint_to_add") + scan_date = data.get("scan_date", None) + # Will save in the provided environment or in the `Development` one if + # absent + version = data.get("version", None) + build_id = data.get("build_id", None) + branch_tag = data.get("branch_tag", None) + commit_hash = data.get("commit_hash", None) + api_scan_configuration = data.get("api_scan_configuration", None) + service = data.get("service", None) + apply_tags_to_findings = data.get("apply_tags_to_findings", False) + source_code_management_uri = data.get( + "source_code_management_uri", None + ) + + if "active" in self.initial_data: + active = data.get("active") + else: + active = None + if "verified" in self.initial_data: + verified = data.get("verified") + else: + verified = None + + environment_name = data.get("environment", "Development") + environment = Development_Environment.objects.get( + name=environment_name + ) + tags = data.get("tags", None) + lead = data.get("lead") + + scan = data.get("file", None) endpoints_to_add = [endpoint_to_add] if endpoint_to_add else None - group_by = data.get('group_by', None) + group_by = data.get("group_by", None) + create_finding_groups_for_all_findings = data.get( + "create_finding_groups_for_all_findings", True + ) - _, test_title, scan_type, engagement_id, engagement_name, product_name, product_type_name, auto_create_context = get_import_meta_data_from_dict(data) - engagement = get_or_create_engagement(engagement_id, engagement_name, product_name, product_type_name, auto_create_context) + engagement_end_date = data.get("engagement_end_date", None) + ( + _, + test_title, + scan_type, + engagement_id, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = get_import_meta_data_from_dict(data) + engagement = get_or_create_engagement( + engagement_id, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + source_code_management_uri=source_code_management_uri, + target_end=engagement_end_date, + ) - # have to make the scan_date_time timezone aware otherwise uploads via the API would fail (but unit tests for api upload would pass...) - scan_date_time = timezone.make_aware(datetime.combine(scan_date, datetime.min.time())) if scan_date else None + # have to make the scan_date_time timezone aware otherwise uploads via + # the API would fail (but unit tests for api upload would pass...) + scan_date_time = ( + timezone.make_aware( + datetime.combine(scan_date, datetime.min.time()) + ) + if scan_date + else None + ) importer = Importer() try: - test, finding_count, closed_finding_count, test_import = importer.import_scan(scan, scan_type, engagement, lead, environment, - active=active, verified=verified, tags=tags, - minimum_severity=minimum_severity, - endpoints_to_add=endpoints_to_add, - scan_date=scan_date_time, version=version, - branch_tag=branch_tag, build_id=build_id, - commit_hash=commit_hash, - push_to_jira=push_to_jira, - close_old_findings=close_old_findings, - group_by=group_by, - api_scan_configuration=api_scan_configuration, - service=service, - title=test_title) + ( + test, + finding_count, + closed_finding_count, + test_import, + ) = importer.import_scan( + scan, + scan_type, + engagement, + lead, + environment, + active=active, + verified=verified, + tags=tags, + minimum_severity=minimum_severity, + endpoints_to_add=endpoints_to_add, + scan_date=scan_date_time, + version=version, + branch_tag=branch_tag, + build_id=build_id, + commit_hash=commit_hash, + push_to_jira=push_to_jira, + close_old_findings=close_old_findings, + close_old_findings_product_scope=close_old_findings_product_scope, + group_by=group_by, + api_scan_configuration=api_scan_configuration, + service=service, + title=test_title, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, + apply_tags_to_findings=apply_tags_to_findings, + ) if test: - data['test'] = test.id - data['test_id'] = test.id - data['engagement_id'] = test.engagement.id - data['product_id'] = test.engagement.product.id - data['product_type_id'] = test.engagement.product.prod_type.id - data['statistics'] = {'after': test.statistics} + data["test"] = test.id + data["test_id"] = test.id + data["engagement_id"] = test.engagement.id + data["product_id"] = test.engagement.product.id + data["product_type_id"] = test.engagement.product.prod_type.id + data["statistics"] = {"after": test.statistics} # convert to exception otherwise django rest framework will swallow them as 400 error # exceptions are already logged in the importer @@ -1385,165 +2298,338 @@ def validate(self, data): scan_type = data.get("scan_type") file = data.get("file") if not file and requires_file(scan_type): - raise serializers.ValidationError('Uploading a Report File is required for {}'.format(scan_type)) + raise serializers.ValidationError( + "Uploading a Report File is required for {}".format(scan_type) + ) if file and is_scan_file_too_large(file): raise serializers.ValidationError( - 'Report file is too large. Maximum supported size is {} MB'.format(settings.SCAN_FILE_MAX_SIZE)) + "Report file is too large. Maximum supported size is {} MB".format( + settings.SCAN_FILE_MAX_SIZE + ) + ) tool_type = requires_tool_type(scan_type) if tool_type: - api_scan_configuration = data.get('api_scan_configuration') - if api_scan_configuration and tool_type != api_scan_configuration.tool_configuration.tool_type.name: - raise serializers.ValidationError(f'API scan configuration must be of tool type {tool_type}') + api_scan_configuration = data.get("api_scan_configuration") + if ( + api_scan_configuration + and tool_type + != api_scan_configuration.tool_configuration.tool_type.name + ): + raise serializers.ValidationError( + f"API scan configuration must be of tool type {tool_type}" + ) return data def validate_scan_date(self, value): if value and value > timezone.localdate(): raise serializers.ValidationError( - 'The scan_date cannot be in the future!') + "The scan_date cannot be in the future!" + ) return value class ReImportScanSerializer(TaggitSerializer, serializers.Serializer): - scan_date = serializers.DateField(required=False) + scan_date = serializers.DateField( + required=False, + help_text="Scan completion date will be used on all findings.", + ) minimum_severity = serializers.ChoiceField( choices=SEVERITY_CHOICES, - default='Info') - active = serializers.BooleanField(default=True) - verified = serializers.BooleanField(default=True) + default="Info", + help_text="Minimum severity level to be imported", + ) + active = serializers.BooleanField( + help_text="Override the active setting from the tool." + ) + verified = serializers.BooleanField( + help_text="Override the verified setting from the tool." + ) + help_do_not_reactivate = "Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs." + do_not_reactivate = serializers.BooleanField( + default=False, required=False, help_text=help_do_not_reactivate + ) scan_type = serializers.ChoiceField( - choices=get_choices_sorted()) - endpoint_to_add = serializers.PrimaryKeyRelatedField(queryset=Endpoint.objects.all(), - default=None, - required=False) - file = serializers.FileField(required=False) + choices=get_choices_sorted(), required=True + ) + endpoint_to_add = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), default=None, required=False + ) + file = serializers.FileField(allow_empty_file=True, required=False) product_type_name = serializers.CharField(required=False) product_name = serializers.CharField(required=False) engagement_name = serializers.CharField(required=False) - test = serializers.PrimaryKeyRelatedField(required=False, - queryset=Test.objects.all()) + engagement_end_date = serializers.DateField( + required=False, + help_text="End Date for Engagement. Default is current time + 365 days. Required format year-month-day", + ) + source_code_management_uri = serializers.URLField( + max_length=600, + required=False, + help_text="Resource link to source code", + ) + test = serializers.PrimaryKeyRelatedField( + required=False, queryset=Test.objects.all() + ) test_title = serializers.CharField(required=False) auto_create_context = serializers.BooleanField(required=False) + deduplication_on_engagement = serializers.BooleanField(required=False) push_to_jira = serializers.BooleanField(default=False) # Close the old findings if the parameter is not provided. This is to # mentain the old API behavior after reintroducing the close_old_findings parameter # also for ReImport. - close_old_findings = serializers.BooleanField(required=False, default=True) - version = serializers.CharField(required=False) - build_id = serializers.CharField(required=False) - branch_tag = serializers.CharField(required=False) - commit_hash = serializers.CharField(required=False) - api_scan_configuration = serializers.PrimaryKeyRelatedField(allow_null=True, default=None, - queryset=Product_API_Scan_Configuration.objects.all()) - service = serializers.CharField(required=False, + close_old_findings = serializers.BooleanField( + required=False, + default=True, + help_text="Select if old findings no longer present in the report get closed as mitigated when importing.", + ) + close_old_findings_product_scope = serializers.BooleanField( + required=False, + default=False, + help_text="Select if close_old_findings applies to all findings of the same type in the product. " + "By default, it is false meaning that only old findings of the same type in the engagement are in scope. " + "Note that this only applies on the first call to reimport-scan.", + ) + version = serializers.CharField( + required=False, + help_text="Version that will be set on existing Test object. Leave empty to leave existing value in place.", + ) + build_id = serializers.CharField( + required=False, help_text="ID of the build that was scanned." + ) + branch_tag = serializers.CharField( + required=False, help_text="Branch or Tag that was scanned." + ) + commit_hash = serializers.CharField( + required=False, help_text="Commit that was scanned." + ) + api_scan_configuration = serializers.PrimaryKeyRelatedField( + allow_null=True, + default=None, + queryset=Product_API_Scan_Configuration.objects.all(), + ) + service = serializers.CharField( + required=False, help_text="A service is a self-contained piece of functionality within a Product. " - "This is an optional field which is used in deduplication and closing of old findings when set. " - "This affects the whole engagement/product depending on your deduplication scope.") + "This is an optional field which is used in deduplication and closing of old findings when set. " + "This affects the whole engagement/product depending on your deduplication scope.", + ) environment = serializers.CharField(required=False) lead = serializers.PrimaryKeyRelatedField( - allow_null=True, - default=None, - queryset=User.objects.all()) - tags = TagListSerializerField(required=False) + allow_null=True, default=None, queryset=User.objects.all() + ) + tags = TagListSerializerField( + required=False, + help_text="Modify existing tags that help describe this scan. (Existing test tags will be overwritten)", + ) - group_by = serializers.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option.') + group_by = serializers.ChoiceField( + required=False, + choices=Finding_Group.GROUP_BY_OPTIONS, + help_text="Choose an option to automatically group new findings by the chosen option.", + ) + create_finding_groups_for_all_findings = serializers.BooleanField( + help_text="If set to false, finding groups will only be created when there is more than one grouped finding", + required=False, + default=True, + ) # extra fields populated in response - # need to use the _id suffix as without the serializer framework gets confused + # need to use the _id suffix as without the serializer framework gets + # confused test_id = serializers.IntegerField(read_only=True) - engagement_id = serializers.IntegerField(read_only=True) # need to use the _id suffix as without the serializer framework gets confused + engagement_id = serializers.IntegerField( + read_only=True + ) # need to use the _id suffix as without the serializer framework gets confused product_id = serializers.IntegerField(read_only=True) product_type_id = serializers.IntegerField(read_only=True) statistics = ImportStatisticsSerializer(read_only=True, required=False) + apply_tags_to_findings = serializers.BooleanField( + help_text="If set to True, the tags will be applied to the findings", + required=False + ) def save(self, push_to_jira=False): - logger.debug('push_to_jira: %s', push_to_jira) + logger.debug("push_to_jira: %s", push_to_jira) data = self.validated_data - scan_type = data['scan_type'] - endpoint_to_add = data['endpoint_to_add'] - minimum_severity = data['minimum_severity'] - scan_date = data.get('scan_date', None) - close_old_findings = data['close_old_findings'] - verified = data['verified'] - active = data['active'] - version = data.get('version', None) - build_id = data.get('build_id', None) - branch_tag = data.get('branch_tag', None) - commit_hash = data.get('commit_hash', None) - api_scan_configuration = data.get('api_scan_configuration', None) - service = data.get('service', None) - lead = data.get('lead', None) - tags = data.get('tags', None) - environment_name = data.get('environment', 'Development') - environment = Development_Environment.objects.get(name=environment_name) - - scan = data.get('file', None) + scan_type = data.get("scan_type") + endpoint_to_add = data.get("endpoint_to_add") + minimum_severity = data.get("minimum_severity") + scan_date = data.get("scan_date", None) + close_old_findings = data.get("close_old_findings") + close_old_findings_product_scope = data.get( + "close_old_findings_product_scope" + ) + apply_tags_to_findings = data.get("apply_tags_to_findings", False) + do_not_reactivate = data.get("do_not_reactivate", False) + version = data.get("version", None) + build_id = data.get("build_id", None) + branch_tag = data.get("branch_tag", None) + commit_hash = data.get("commit_hash", None) + api_scan_configuration = data.get("api_scan_configuration", None) + service = data.get("service", None) + lead = data.get("lead", None) + tags = data.get("tags", None) + environment_name = data.get("environment", "Development") + environment = Development_Environment.objects.get( + name=environment_name + ) + scan = data.get("file", None) endpoints_to_add = [endpoint_to_add] if endpoint_to_add else None + source_code_management_uri = data.get( + "source_code_management_uri", None + ) + engagement_end_date = data.get("engagement_end_date", None) + + if "active" in self.initial_data: + active = data.get("active") + else: + active = None + if "verified" in self.initial_data: + verified = data.get("verified") + else: + verified = None - group_by = data.get('group_by', None) + group_by = data.get("group_by", None) + create_finding_groups_for_all_findings = data.get( + "create_finding_groups_for_all_findings", True + ) - test_id, test_title, scan_type, _, engagement_name, product_name, product_type_name, auto_create_context = get_import_meta_data_from_dict(data) + ( + test_id, + test_title, + scan_type, + _, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = get_import_meta_data_from_dict(data) # we passed validation, so the test is present product = get_target_product_if_exists(product_name) - engagement = get_target_engagement_if_exists(None, engagement_name, product) - test = get_target_test_if_exists(test_id, test_title, scan_type, engagement) + engagement = get_target_engagement_if_exists( + None, engagement_name, product + ) + test = get_target_test_if_exists( + test_id, test_title, scan_type, engagement + ) - # have to make the scan_date_time timezone aware otherwise uploads via the API would fail (but unit tests for api upload would pass...) - scan_date_time = timezone.make_aware(datetime.combine(scan_date, datetime.min.time())) if scan_date else None + # have to make the scan_date_time timezone aware otherwise uploads via + # the API would fail (but unit tests for api upload would pass...) + scan_date_time = ( + timezone.make_aware( + datetime.combine(scan_date, datetime.min.time()) + ) + if scan_date + else None + ) statistics_before, statistics_delta = None, None + try: if test: # reimport into provided / latest test statistics_before = test.statistics reimporter = ReImporter() - test, finding_count, new_finding_count, closed_finding_count, reactivated_finding_count, untouched_finding_count, test_import = \ - reimporter.reimport_scan(scan, scan_type, test, active=active, verified=verified, - tags=None, minimum_severity=minimum_severity, - endpoints_to_add=endpoints_to_add, scan_date=scan_date_time, - version=version, branch_tag=branch_tag, build_id=build_id, - commit_hash=commit_hash, push_to_jira=push_to_jira, - close_old_findings=close_old_findings, - group_by=group_by, api_scan_configuration=api_scan_configuration, - service=service) + ( + test, + finding_count, + new_finding_count, + closed_finding_count, + reactivated_finding_count, + untouched_finding_count, + test_import, + ) = reimporter.reimport_scan( + scan, + scan_type, + test, + active=active, + verified=verified, + tags=tags, + minimum_severity=minimum_severity, + endpoints_to_add=endpoints_to_add, + scan_date=scan_date_time, + version=version, + branch_tag=branch_tag, + build_id=build_id, + commit_hash=commit_hash, + push_to_jira=push_to_jira, + close_old_findings=close_old_findings, + group_by=group_by, + api_scan_configuration=api_scan_configuration, + service=service, + do_not_reactivate=do_not_reactivate, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, + apply_tags_to_findings=apply_tags_to_findings, + ) if test_import: statistics_delta = test_import.statistics elif auto_create_context: # perform Import to create test - logger.debug('reimport for non-existing test, using import to create new test') - engagement = get_or_create_engagement(None, engagement_name, product_name, product_type_name, auto_create_context) + logger.debug( + "reimport for non-existing test, using import to create new test" + ) + engagement = get_or_create_engagement( + None, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + source_code_management_uri=source_code_management_uri, + target_end=engagement_end_date, + ) importer = Importer() - test, finding_count, closed_finding_count, _ = importer.import_scan(scan, scan_type, engagement, lead, environment, - active=active, verified=verified, tags=tags, - minimum_severity=minimum_severity, - endpoints_to_add=endpoints_to_add, - scan_date=scan_date_time, version=version, - branch_tag=branch_tag, build_id=build_id, - commit_hash=commit_hash, - push_to_jira=push_to_jira, - close_old_findings=close_old_findings, - group_by=group_by, - api_scan_configuration=api_scan_configuration, - service=service, - title=test_title) + ( + test, + finding_count, + closed_finding_count, + _, + ) = importer.import_scan( + scan, + scan_type, + engagement, + lead, + environment, + active=active, + verified=verified, + tags=tags, + minimum_severity=minimum_severity, + endpoints_to_add=endpoints_to_add, + scan_date=scan_date_time, + version=version, + branch_tag=branch_tag, + build_id=build_id, + commit_hash=commit_hash, + push_to_jira=push_to_jira, + close_old_findings=close_old_findings, + close_old_findings_product_scope=close_old_findings_product_scope, + group_by=group_by, + api_scan_configuration=api_scan_configuration, + service=service, + title=test_title, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, + ) else: # should be captured by validation / permission check already - raise NotFound('test not found') + raise NotFound("test not found") if test: - data['test'] = test - data['test_id'] = test.id - data['engagement_id'] = test.engagement.id - data['product_id'] = test.engagement.product.id - data['product_type_id'] = test.engagement.product.prod_type.id - data['statistics'] = {} + data["test"] = test + data["test_id"] = test.id + data["engagement_id"] = test.engagement.id + data["product_id"] = test.engagement.product.id + data["product_type_id"] = test.engagement.product.prod_type.id + data["statistics"] = {} if statistics_before: - data['statistics']['before'] = statistics_before + data["statistics"]["before"] = statistics_before if statistics_delta: - data['statistics']['delta'] = statistics_delta - data['statistics']['after'] = test.statistics + data["statistics"]["delta"] = statistics_delta + data["statistics"]["after"] = test.statistics # convert to exception otherwise django rest framework will swallow them as 400 error # exceptions are already logged in the importer @@ -1556,66 +2642,94 @@ def validate(self, data): scan_type = data.get("scan_type") file = data.get("file") if not file and requires_file(scan_type): - raise serializers.ValidationError('Uploading a Report File is required for {}'.format(scan_type)) + raise serializers.ValidationError( + "Uploading a Report File is required for {}".format(scan_type) + ) if file and is_scan_file_too_large(file): raise serializers.ValidationError( - 'Report file is too large. Maximum supported size is {} MB'.format(settings.SCAN_FILE_MAX_SIZE)) + "Report file is too large. Maximum supported size is {} MB".format( + settings.SCAN_FILE_MAX_SIZE + ) + ) tool_type = requires_tool_type(scan_type) if tool_type: - api_scan_configuration = data.get('api_scan_configuration') - if api_scan_configuration and tool_type != api_scan_configuration.tool_configuration.tool_type.name: - raise serializers.ValidationError(f'API scan configuration must be of tool type {tool_type}') + api_scan_configuration = data.get("api_scan_configuration") + if ( + api_scan_configuration + and tool_type + != api_scan_configuration.tool_configuration.tool_type.name + ): + raise serializers.ValidationError( + f"API scan configuration must be of tool type {tool_type}" + ) return data def validate_scan_date(self, value): if value and value > timezone.localdate(): raise serializers.ValidationError( - 'The scan_date cannot be in the future!') + "The scan_date cannot be in the future!" + ) return value class EndpointMetaImporterSerializer(serializers.Serializer): - file = serializers.FileField( - required=True) - create_endpoints = serializers.BooleanField( - default=True, - required=False) - create_tags = serializers.BooleanField( - default=True, - required=False) - create_dojo_meta = serializers.BooleanField( - default=False, - required=False) + file = serializers.FileField(required=True) + create_endpoints = serializers.BooleanField(default=True, required=False) + create_tags = serializers.BooleanField(default=True, required=False) + create_dojo_meta = serializers.BooleanField(default=False, required=False) product_name = serializers.CharField(required=False) product = serializers.PrimaryKeyRelatedField( - queryset=Product.objects.all(), required=False) + queryset=Product.objects.all(), required=False + ) # extra fields populated in response - # need to use the _id suffix as without the serializer framework gets confused + # need to use the _id suffix as without the serializer framework gets + # confused product_id = serializers.IntegerField(read_only=True) def validate(self, data): file = data.get("file") if file and is_scan_file_too_large(file): raise serializers.ValidationError( - 'Report file is too large. Maximum supported size is {} MB'.format(settings.SCAN_FILE_MAX_SIZE)) + "Report file is too large. Maximum supported size is {} MB".format( + settings.SCAN_FILE_MAX_SIZE + ) + ) return data def save(self): data = self.validated_data - file = data.get('file', None) - - create_endpoints = data['create_endpoints'] - create_tags = data['create_tags'] - create_dojo_meta = data['create_dojo_meta'] + file = data.get("file") - _, _, _, _, _, product_name, _, _ = get_import_meta_data_from_dict(data) + create_endpoints = data.get("create_endpoints", True) + create_tags = data.get("create_tags", True) + create_dojo_meta = data.get("create_dojo_meta", False) + + ( + _, + _, + _, + _, + _, + product_name, + _, + _, + _, + _, + ) = get_import_meta_data_from_dict(data) product = get_target_product_if_exists(product_name) if not product: product_id = get_product_id_from_dict(data) product = get_target_product_by_id_if_exists(product_id) try: - endpoint_meta_import(file, product, create_endpoints, create_tags, create_dojo_meta, origin='API') + endpoint_meta_import( + file, + product, + create_endpoints, + create_tags, + create_dojo_meta, + origin="API", + ) except SyntaxError as se: raise Exception(se) except ValueError as ve: @@ -1623,87 +2737,135 @@ def save(self): class LanguageTypeSerializer(serializers.ModelSerializer): - class Meta: model = Language_Type - fields = '__all__' + fields = "__all__" class LanguageSerializer(serializers.ModelSerializer): - class Meta: model = Languages - fields = '__all__' + fields = "__all__" class ImportLanguagesSerializer(serializers.Serializer): - product = serializers.PrimaryKeyRelatedField(queryset=Product.objects.all(), required=True) + product = serializers.PrimaryKeyRelatedField( + queryset=Product.objects.all(), required=True + ) file = serializers.FileField(required=True) def save(self): data = self.validated_data - product = data['product'] - languages = data['file'] + product = data["product"] + languages = data["file"] try: data = languages.read() try: - deserialized = json.loads(str(data, 'utf-8')) - except: + deserialized = json.loads(str(data, "utf-8")) + except Exception: deserialized = json.loads(data) - except: + except Exception: raise Exception("Invalid format") Languages.objects.filter(product=product).delete() for name in deserialized: - if name not in ['header', 'SUM']: + if name not in ["header", "SUM"]: element = deserialized[name] try: - language_type, created = Language_Type.objects.get_or_create(language=name) + ( + language_type, + created, + ) = Language_Type.objects.get_or_create(language=name) except Language_Type.MultipleObjectsReturned: - language_type = Language_Type.objects.filter(language=name).first() + language_type = Language_Type.objects.filter( + language=name + ).first() language = Languages() language.product = product language.language = language_type - language.files = element.get('nFiles', 0) - language.blank = element.get('blank', 0) - language.comment = element.get('comment', 0) - language.code = element.get('code', 0) + language.files = element.get("nFiles", 0) + language.blank = element.get("blank", 0) + language.comment = element.get("comment", 0) + language.code = element.get("code", 0) language.save() def validate(self, data): - if is_scan_file_too_large(data['file']): + if is_scan_file_too_large(data["file"]): raise serializers.ValidationError( - 'File is too large. Maximum supported size is {} MB'.format(settings.SCAN_FILE_MAX_SIZE)) + "File is too large. Maximum supported size is {} MB".format( + settings.SCAN_FILE_MAX_SIZE + ) + ) return data class AddNewNoteOptionSerializer(serializers.ModelSerializer): - class Meta: model = Notes - fields = ['entry', 'private', 'note_type'] + fields = ["entry", "private", "note_type"] class AddNewFileOptionSerializer(serializers.ModelSerializer): - class Meta: model = FileUpload - fields = '__all__' + fields = "__all__" class FindingToNotesSerializer(serializers.Serializer): - finding_id = serializers.PrimaryKeyRelatedField(queryset=Finding.objects.all(), many=False, allow_null=True) + finding_id = serializers.PrimaryKeyRelatedField( + queryset=Finding.objects.all(), many=False, allow_null=True + ) notes = NoteSerializer(many=True) class FindingToFilesSerializer(serializers.Serializer): - finding_id = serializers.PrimaryKeyRelatedField(queryset=Finding.objects.all(), many=False, allow_null=True) + finding_id = serializers.PrimaryKeyRelatedField( + queryset=Finding.objects.all(), many=False, allow_null=True + ) files = FileSerializer(many=True) + def to_representation(self, data): + finding = data.get("finding_id") + files = data.get("files") + new_files = [] + for file in files: + new_files.append( + { + "id": file.id, + "file": "{site_url}/{file_access_url}".format( + site_url=settings.SITE_URL, + file_access_url=file.get_accessible_url( + finding, finding.id + ), + ), + "title": file.title, + } + ) + new_data = {"finding_id": finding.id, "files": new_files} + return new_data + + +class FindingCloseSerializer(serializers.ModelSerializer): + is_mitigated = serializers.BooleanField(required=False) + mitigated = serializers.DateTimeField(required=False) + false_p = serializers.BooleanField(required=False) + out_of_scope = serializers.BooleanField(required=False) + duplicate = serializers.BooleanField(required=False) + + class Meta: + model = Finding + fields = ( + "is_mitigated", + "mitigated", + "false_p", + "out_of_scope", + "duplicate", + ) + class ReportGenerateOptionSerializer(serializers.Serializer): include_finding_notes = serializers.BooleanField(default=False) @@ -1720,7 +2882,9 @@ class ExecutiveSummarySerializer(serializers.Serializer): test_target_start = serializers.DateTimeField() test_target_end = serializers.DateTimeField() test_environment_name = serializers.CharField(max_length=200) - test_strategy_ref = serializers.URLField(max_length=200, min_length=None, allow_blank=True) + test_strategy_ref = serializers.URLField( + max_length=200, min_length=None, allow_blank=True + ) total_findings = serializers.IntegerField() @@ -1740,7 +2904,9 @@ class ReportGenerateSerializer(serializers.Serializer): title = serializers.CharField(max_length=200) user_id = serializers.IntegerField() host = serializers.CharField(max_length=200) - finding_notes = FindingToNotesSerializer(many=True, allow_null=True, required=False) + finding_notes = FindingToNotesSerializer( + many=True, allow_null=True, required=False + ) class TagSerializer(serializers.Serializer): @@ -1748,25 +2914,26 @@ class TagSerializer(serializers.Serializer): class SystemSettingsSerializer(TaggitSerializer, serializers.ModelSerializer): - class Meta: model = System_Settings - fields = '__all__' + fields = "__all__" def validate(self, data): - if self.instance is not None: default_group = self.instance.default_group default_group_role = self.instance.default_group_role - if 'default_group' in data: - default_group = data['default_group'] - if 'default_group_role' in data: - default_group_role = data['default_group_role'] + if "default_group" in data: + default_group = data["default_group"] + if "default_group_role" in data: + default_group_role = data["default_group_role"] - if (default_group is None and default_group_role is not None) or \ - (default_group is not None and default_group_role is None): - raise ValidationError('default_group and default_group_role must either both be set or both be empty.') + if (default_group is None and default_group_role is not None) or ( + default_group is not None and default_group_role is None + ): + raise ValidationError( + "default_group and default_group_role must either both be set or both be empty." + ) return data @@ -1776,34 +2943,74 @@ class FindingNoteSerializer(serializers.Serializer): class NotificationsSerializer(serializers.ModelSerializer): - product = serializers.PrimaryKeyRelatedField(queryset=Product.objects.all(), - required=False, - default=None, - allow_null=True) - user = serializers.PrimaryKeyRelatedField(queryset=Dojo_User.objects.all(), - required=False, - default=None, - allow_null=True) - product_type_added = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - product_added = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - engagement_added = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - test_added = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - scan_added = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - jira_update = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - upcoming_engagement = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - stale_engagement = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - auto_close_engagement = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - close_engagement = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - user_mentioned = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - code_review = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - review_requested = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - other = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - sla_breach = MultipleChoiceField(choices=NOTIFICATION_CHOICES) - risk_acceptance_expiration = MultipleChoiceField(choices=NOTIFICATION_CHOICES) + product = serializers.PrimaryKeyRelatedField( + queryset=Product.objects.all(), + required=False, + default=None, + allow_null=True, + ) + user = serializers.PrimaryKeyRelatedField( + queryset=Dojo_User.objects.all(), + required=False, + default=None, + allow_null=True, + ) + product_type_added = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + product_added = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + engagement_added = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + test_added = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + scan_added = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + jira_update = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + upcoming_engagement = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + stale_engagement = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + auto_close_engagement = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + close_engagement = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + user_mentioned = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + code_review = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + review_requested = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + other = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + sla_breach = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + sla_breach_combined = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + risk_acceptance_expiration = MultipleChoiceField( + choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION + ) + template = serializers.BooleanField(default=False) class Meta: model = Notifications - fields = '__all__' + fields = "__all__" def validate(self, data): user = None @@ -1813,15 +3020,28 @@ def validate(self, data): user = self.instance.user product = self.instance.product - if 'user' in data: - user = data.get('user') - if 'product' in data: - product = data.get('product') - - if self.instance is None or user != self.instance.user or product != self.instance.product: - notifications = Notifications.objects.filter(user=user, product=product).count() + if "user" in data: + user = data.get("user") + if "product" in data: + product = data.get("product") + + if ( + self.instance is None + or user != self.instance.user + or product != self.instance.product + ): + notifications = Notifications.objects.filter( + user=user, product=product, template=False + ).count() if notifications > 0: - raise ValidationError("Notification for user and product already exists") + raise ValidationError( + "Notification for user and product already exists" + ) + if ( + data.get("template") + and Notifications.objects.filter(template=True).count() > 0 + ): + raise ValidationError("Notification template already exists") return data @@ -1829,13 +3049,33 @@ def validate(self, data): class EngagementPresetsSerializer(serializers.ModelSerializer): class Meta: model = Engagement_Presets - fields = '__all__' + fields = "__all__" class NetworkLocationsSerializer(serializers.ModelSerializer): class Meta: model = Network_Locations - fields = '__all__' + fields = "__all__" + + +class SLAConfigurationSerializer(serializers.ModelSerializer): + class Meta: + model = SLA_Configuration + exclude = ( + "async_updating", + ) + + def validate(self, data): + async_updating = getattr(self.instance, 'async_updating', None) + if async_updating: + for field in ['critical', 'high', 'medium', 'low']: + old_days = getattr(self.instance, field, None) + new_days = data.get(field, None) + if old_days and new_days and (old_days != new_days): + raise serializers.ValidationError( + 'Finding SLA expiration dates are currently being calculated. The SLA days for this SLA configuration cannot be changed until the calculation is complete.' + ) + return data class UserProfileSerializer(serializers.Serializer): @@ -1845,3 +3085,142 @@ class UserProfileSerializer(serializers.Serializer): dojo_group_member = DojoGroupMemberSerializer(many=True) product_type_member = ProductTypeMemberSerializer(many=True) product_member = ProductMemberSerializer(many=True) + + +class DeletePreviewSerializer(serializers.Serializer): + model = serializers.CharField(read_only=True) + id = serializers.IntegerField(read_only=True, allow_null=True) + name = serializers.CharField(read_only=True) + + +class ConfigurationPermissionSerializer(serializers.ModelSerializer): + class Meta: + model = Permission + exclude = ("content_type",) + + +class QuestionnaireQuestionSerializer(serializers.ModelSerializer): + def to_representation(self, instance): + if isinstance(instance, TextQuestion): + return TextQuestionSerializer(instance=instance).data + elif isinstance(instance, ChoiceQuestion): + return ChoiceQuestionSerializer(instance=instance).data + else: + return QuestionSerializer(instance=instance).data + + class Meta: + model = Question + exclude = ("polymorphic_ctype",) + + +class QuestionSerializer(serializers.ModelSerializer): + class Meta: + model = Question + exclude = ("polymorphic_ctype",) + + +class TextQuestionSerializer(serializers.ModelSerializer): + class Meta: + model = TextQuestion + exclude = ("polymorphic_ctype",) + + +class ChoiceQuestionSerializer(serializers.ModelSerializer): + choices = serializers.StringRelatedField(many=True) + + class Meta: + model = ChoiceQuestion + exclude = ("polymorphic_ctype",) + + +class QuestionnaireAnsweredSurveySerializer(serializers.ModelSerializer): + class Meta: + model = Answered_Survey + fields = "__all__" + + +class QuestionnaireAnswerSerializer(serializers.ModelSerializer): + def to_representation(self, instance): + if isinstance(instance, TextAnswer): + return TextAnswerSerializer(instance=instance).data + elif isinstance(instance, ChoiceAnswer): + return ChoiceAnswerSerializer(instance=instance).data + else: + return AnswerSerializer(instance=instance).data + + class Meta: + model = Answer + exclude = ("polymorphic_ctype",) + + +class AnswerSerializer(serializers.ModelSerializer): + question = serializers.StringRelatedField() + answered_survey = QuestionnaireAnsweredSurveySerializer() + + class Meta: + model = Answer + exclude = ("polymorphic_ctype",) + + +class TextAnswerSerializer(serializers.ModelSerializer): + question = serializers.StringRelatedField() + answered_survey = QuestionnaireAnsweredSurveySerializer() + + class Meta: + model = TextAnswer + exclude = ("polymorphic_ctype",) + + +class ChoiceAnswerSerializer(serializers.ModelSerializer): + answer = serializers.StringRelatedField(many=True) + question = serializers.StringRelatedField() + answered_survey = QuestionnaireAnsweredSurveySerializer() + + class Meta: + model = ChoiceAnswer + exclude = ("polymorphic_ctype",) + + +class QuestionnaireEngagementSurveySerializer(serializers.ModelSerializer): + questions = serializers.SerializerMethodField() + + @extend_schema_field(serializers.ListField(child=serializers.CharField())) + @swagger_serializer_method( + serializers.ListField(child=serializers.CharField()) + ) + def get_questions(self, obj): + questions = obj.questions.all() + formated_questions = [] + for question in questions: + formated_question = f"Order #{question.order} - {question.text}{' (Optional)' if question.optional else ''}" + formated_questions.append(formated_question) + return formated_questions + + class Meta: + model = Engagement_Survey + fields = "__all__" + + +class QuestionnaireGeneralSurveySerializer(serializers.ModelSerializer): + survey = QuestionnaireEngagementSurveySerializer() + + class Meta: + model = General_Survey + fields = "__all__" + + +class AnnouncementSerializer(serializers.ModelSerializer): + + class Meta: + model = Announcement + fields = "__all__" + + def create(self, validated_data): + validated_data["id"] = 1 + try: + return super().create(validated_data) + except IntegrityError as e: + if 'duplicate key value violates unique constraint "dojo_announcement_pkey"' in str(e): + raise serializers.ValidationError("No more than one Announcement is allowed") + else: + raise diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 1df3f8ddc54..fceb87c7ea2 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -1,9 +1,10 @@ from rest_framework.generics import GenericAPIView from drf_spectacular.types import OpenApiTypes from crum import get_current_user -from django.http import HttpResponse, Http404 +from django.http import HttpResponse, Http404, FileResponse from django.shortcuts import get_object_or_404 from django.utils import timezone +from django.contrib.auth.models import Permission from django.core.exceptions import ValidationError from django.utils.decorators import method_decorator from drf_yasg.inspectors.base import NotHandled @@ -11,98 +12,244 @@ from rest_framework import viewsets, mixins, status from rest_framework.response import Response from django.db import IntegrityError -from rest_framework.permissions import DjangoModelPermissions, IsAuthenticated, IsAdminUser +from rest_framework.permissions import DjangoModelPermissions, IsAuthenticated from rest_framework.decorators import action from rest_framework.parsers import MultiPartParser from django_filters.rest_framework import DjangoFilterBackend from drf_yasg import openapi from drf_yasg.utils import swagger_auto_schema, no_body import base64 +import mimetypes from dojo.engagement.services import close_engagement, reopen_engagement -from dojo.importers.reimporter.utils import get_target_engagement_if_exists, get_target_product_if_exists, get_target_test_if_exists -from dojo.models import Language_Type, Languages, Notifications, Product, Product_Type, Engagement, Test, Test_Import, Test_Type, Finding, \ - User, Stub_Finding, Finding_Template, Notes, \ - JIRA_Issue, Tool_Product_Settings, Tool_Configuration, Tool_Type, \ - Endpoint, JIRA_Project, JIRA_Instance, DojoMeta, Development_Environment, \ - Dojo_User, Note_Type, System_Settings, App_Analysis, Endpoint_Status, \ - Sonarqube_Issue, Sonarqube_Issue_Transition, Regulation, \ - BurpRawRequestResponse, FileUpload, Product_Type_Member, Product_Member, Dojo_Group, \ - Product_Group, Product_Type_Group, Role, Global_Role, Dojo_Group_Member, Engagement_Presets, Network_Locations, \ - UserContactInfo, Product_API_Scan_Configuration - +from dojo.importers.reimporter.utils import ( + get_target_engagement_if_exists, + get_target_product_if_exists, + get_target_test_if_exists, +) +from dojo.models import ( + Language_Type, + Languages, + Notifications, + Product, + Product_Type, + Engagement, + SLA_Configuration, + Test, + Test_Import, + Test_Type, + Finding, + User, + Stub_Finding, + Finding_Template, + Notes, + JIRA_Issue, + Tool_Product_Settings, + Tool_Configuration, + Tool_Type, + Endpoint, + JIRA_Project, + JIRA_Instance, + DojoMeta, + Development_Environment, + Dojo_User, + Note_Type, + System_Settings, + App_Analysis, + Endpoint_Status, + Sonarqube_Issue, + Sonarqube_Issue_Transition, + Regulation, + Risk_Acceptance, + BurpRawRequestResponse, + FileUpload, + Product_Type_Member, + Product_Member, + Dojo_Group, + Product_Group, + Product_Type_Group, + Role, + Global_Role, + Dojo_Group_Member, + Engagement_Presets, + Network_Locations, + UserContactInfo, + Product_API_Scan_Configuration, + Cred_Mapping, + Cred_User, + Question, + Answer, + Engagement_Survey, + Answered_Survey, + General_Survey, + Check_List, + Announcement, +) from dojo.endpoint.views import get_endpoint_ids -from dojo.reports.views import report_url_resolver, prefetch_related_findings_for_report -from dojo.finding.views import set_finding_as_original_internal, reset_finding_duplicate_status_internal, \ - duplicate_cluster -from dojo.filters import ReportFindingFilter, \ - ApiFindingFilter, ApiProductFilter, ApiEngagementFilter, ApiEndpointFilter, \ - ApiAppAnalysisFilter, ApiTestFilter, ApiTemplateFindingFilter +from dojo.reports.views import ( + report_url_resolver, + prefetch_related_findings_for_report, +) +from dojo.finding.views import ( + set_finding_as_original_internal, + reset_finding_duplicate_status_internal, + duplicate_cluster, +) +from dojo.filters import ( + ReportFindingFilter, + ApiCredentialsFilter, + ApiFindingFilter, + ApiProductFilter, + ApiEngagementFilter, + ApiEndpointFilter, + ApiAppAnalysisFilter, + ApiTestFilter, + ApiTemplateFindingFilter, + ApiRiskAcceptanceFilter, +) from dojo.risk_acceptance import api as ra_api from dateutil.relativedelta import relativedelta from django.conf import settings from datetime import datetime -from dojo.utils import get_period_counts_legacy, get_system_setting -from dojo.api_v2 import serializers, permissions, prefetch, schema +from dojo.utils import ( + get_system_setting, + get_setting, + async_delete, +) +from dojo.api_v2 import ( + serializers, + permissions, + prefetch, + schema, + mixins as dojo_mixins, +) import dojo.jira_link.helper as jira_helper import logging import tagulous -from dojo.product_type.queries import get_authorized_product_types, get_authorized_product_type_members, \ - get_authorized_product_type_groups -from dojo.product.queries import get_authorized_products, get_authorized_app_analysis, get_authorized_dojo_meta, \ - get_authorized_product_members, get_authorized_product_groups, get_authorized_languages, \ - get_authorized_engagement_presets, get_authorized_product_api_scan_configurations +from dojo.product_type.queries import ( + get_authorized_product_types, + get_authorized_product_type_members, + get_authorized_product_type_groups, +) +from dojo.product.queries import ( + get_authorized_products, + get_authorized_app_analysis, + get_authorized_dojo_meta, + get_authorized_product_members, + get_authorized_product_groups, + get_authorized_languages, + get_authorized_engagement_presets, + get_authorized_product_api_scan_configurations, +) from dojo.engagement.queries import get_authorized_engagements +from dojo.risk_acceptance.queries import get_authorized_risk_acceptances from dojo.test.queries import get_authorized_tests, get_authorized_test_imports -from dojo.finding.queries import get_authorized_findings, get_authorized_stub_findings -from dojo.endpoint.queries import get_authorized_endpoints, get_authorized_endpoint_status -from dojo.group.queries import get_authorized_groups, get_authorized_group_members -from dojo.jira_link.queries import get_authorized_jira_projects, get_authorized_jira_issues +from dojo.finding.queries import ( + get_authorized_findings, + get_authorized_stub_findings, +) +from dojo.endpoint.queries import ( + get_authorized_endpoints, + get_authorized_endpoint_status, +) +from dojo.group.queries import ( + get_authorized_groups, + get_authorized_group_members, +) +from dojo.jira_link.queries import ( + get_authorized_jira_projects, + get_authorized_jira_issues, +) from dojo.tool_product.queries import get_authorized_tool_product_settings -from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema, extend_schema_view +from dojo.cred.queries import get_authorized_cred_mappings +from drf_spectacular.utils import ( + OpenApiParameter, + OpenApiResponse, + extend_schema, + extend_schema_view, +) +from drf_spectacular.views import SpectacularAPIView +from drf_spectacular.renderers import OpenApiJsonRenderer2 from dojo.authorization.roles_permissions import Permissions +from dojo.user.utils import get_configuration_permissions_codenames logger = logging.getLogger(__name__) +class DojoOpenApiJsonRenderer(OpenApiJsonRenderer2): + def get_indent(self, accepted_media_type, renderer_context): + if accepted_media_type and 'indent' in accepted_media_type: + return super().get_indent(accepted_media_type, renderer_context) + return renderer_context.get('indent', None) + + +class DojoSpectacularAPIView(SpectacularAPIView): + renderer_classes = [DojoOpenApiJsonRenderer] + SpectacularAPIView.renderer_classes + + +class DojoModelViewSet( + viewsets.ModelViewSet, + dojo_mixins.DeletePreviewModelMixin, +): + pass + + +class PrefetchDojoModelViewSet( + prefetch.PrefetchListMixin, + prefetch.PrefetchRetrieveMixin, + DojoModelViewSet, +): + pass + + # Authorization: authenticated users -class RoleViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - viewsets.GenericViewSet): +class RoleViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = serializers.RoleSerializer queryset = Role.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name') - permission_classes = (IsAuthenticated, ) + filterset_fields = ["id", "name"] + permission_classes = (IsAuthenticated,) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class DojoGroupViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class DojoGroupViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.DojoGroupSerializer queryset = Dojo_Group.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name') - swagger_schema = prefetch.get_prefetch_schema(["dojo_groups_list", "dojo_groups_read"], - serializers.DojoGroupSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasDojoGroupPermission) + filterset_fields = ["id", "name", "social_provider"] + swagger_schema = prefetch.get_prefetch_schema( + ["dojo_groups_list", "dojo_groups_read"], + serializers.DojoGroupSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasDojoGroupPermission, + ) def get_queryset(self): return get_authorized_groups(Permissions.Group_View).distinct() @@ -110,72 +257,90 @@ def get_queryset(self): # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class DojoGroupMemberViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class DojoGroupMemberViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.DojoGroupMemberSerializer queryset = Dojo_Group_Member.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'group_id', 'user_id') - swagger_schema = prefetch.get_prefetch_schema(["dojo_group_members_list", "dojo_group_members_read"], - serializers.DojoGroupMemberSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasDojoGroupMemberPermission) + filterset_fields = ["id", "group_id", "user_id"] + swagger_schema = prefetch.get_prefetch_schema( + ["dojo_group_members_list", "dojo_group_members_read"], + serializers.DojoGroupMemberSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasDojoGroupMemberPermission, + ) def get_queryset(self): return get_authorized_group_members(Permissions.Group_View).distinct() + @extend_schema( + exclude=True + ) + @swagger_auto_schema( + auto_schema=None + ) def partial_update(self, request, pk=None): # Object authorization won't work if not all data is provided - response = {'message': 'Patch function is not offered in this path.'} + response = {"message": "Patch function is not offered in this path."} return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED) # Authorization: superuser -class GlobalRoleViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class GlobalRoleViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.GlobalRoleSerializer queryset = Global_Role.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'user', 'group', 'role') - swagger_schema = prefetch.get_prefetch_schema(["global_roles_list", "global_roles_read"], - serializers.GlobalRoleSerializer).to_schema() + filterset_fields = ["id", "user", "group", "role"] + swagger_schema = prefetch.get_prefetch_schema( + ["global_roles_list", "global_roles_read"], + serializers.GlobalRoleSerializer, + ).to_schema() permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) # Authorization: object-based -class EndPointViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class EndPointViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.EndpointSerializer queryset = Endpoint.objects.none() filter_backends = (DjangoFilterBackend,) - filter_class = ApiEndpointFilter - permission_classes = (IsAuthenticated, permissions.UserHasEndpointPermission) + filterset_class = ApiEndpointFilter + swagger_schema = prefetch.get_prefetch_schema( + ["endpoints_list", "endpoints_read"], serializers.EndpointSerializer + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasEndpointPermission, + ) def get_queryset(self): return get_authorized_endpoints(Permissions.Endpoint_View).distinct() @@ -188,21 +353,34 @@ def get_queryset(self): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request, pk=None): endpoint = self.get_object() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, endpoint, options) report = serializers.ReportGenerateSerializer(data) @@ -210,50 +388,85 @@ def generate_report(self, request, pk=None): # Authorization: object-based -class EndpointStatusViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class EndpointStatusViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.EndpointStatusSerializer queryset = Endpoint_Status.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('mitigated', 'false_positive', 'out_of_scope', - 'risk_accepted', 'mitigated_by', 'finding', 'endpoint') - permission_classes = (IsAuthenticated, permissions.UserHasEndpointStatusPermission) + filterset_fields = [ + "mitigated", + "false_positive", + "out_of_scope", + "risk_accepted", + "mitigated_by", + "finding", + "endpoint", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["endpoint_status_list", "endpoint_status_read"], + serializers.EndpointStatusSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasEndpointStatusPermission, + ) def get_queryset(self): - return get_authorized_endpoint_status(Permissions.Endpoint_View).distinct() + return get_authorized_endpoint_status( + Permissions.Endpoint_View + ).distinct() # Authorization: object-based -class EngagementViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - ra_api.AcceptedRisksMixin, - viewsets.GenericViewSet): +class EngagementViewSet( + PrefetchDojoModelViewSet, + ra_api.AcceptedRisksMixin, +): serializer_class = serializers.EngagementSerializer queryset = Engagement.objects.none() filter_backends = (DjangoFilterBackend,) - filter_class = ApiEngagementFilter - permission_classes = (IsAuthenticated, permissions.UserHasEngagementPermission) + filterset_class = ApiEngagementFilter + swagger_schema = ( + prefetch.get_prefetch_schema( + ["engagements_list", "engagements_read"], + serializers.EngagementSerializer, + ) + .composeWith( + prefetch.get_prefetch_schema( + ["engagements_complete_checklist_read"], + serializers.EngagementCheckListSerializer, + ) + ) + .to_schema() + ) + permission_classes = ( + IsAuthenticated, + permissions.UserHasEngagementPermission, + ) @property def risk_application_model_class(self): return Engagement + def destroy(self, request, *args, **kwargs): + instance = self.get_object() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(instance) + else: + instance.delete() + return Response(status=status.HTTP_204_NO_CONTENT) + def get_queryset(self): - return get_authorized_engagements(Permissions.Engagement_View).prefetch_related( - 'notes', - 'risk_acceptance', - 'files').distinct() + return ( + get_authorized_engagements(Permissions.Engagement_View) + .prefetch_related("notes", "risk_acceptance", "files") + .distinct() + ) @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_200_OK: ""} + request=OpenApiTypes.NONE, responses={status.HTTP_200_OK: ""} ) @swagger_auto_schema( request_body=no_body, responses={status.HTTP_200_OK: ""} @@ -265,8 +478,7 @@ def close(self, request, pk=None): return HttpResponse() @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_200_OK: ""} + request=OpenApiTypes.NONE, responses={status.HTTP_200_OK: ""} ) @swagger_auto_schema( request_body=no_body, responses={status.HTTP_200_OK: ""} @@ -285,355 +497,718 @@ def reopen(self, request, pk=None): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request, pk=None): engagement = self.get_object() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, engagement, options) report = serializers.ReportGenerateSerializer(data) return Response(report.data) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.EngagementToNotesSerializer} + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.EngagementToNotesSerializer + }, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.EngagementToNotesSerializer} + method="get", + responses={ + status.HTTP_200_OK: serializers.EngagementToNotesSerializer + }, ) @swagger_auto_schema( - methods=['post'], + methods=["post"], request_body=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @action(detail=True, methods=["get", "post"]) def notes(self, request, pk=None): engagement = self.get_object() - if request.method == 'POST': - new_note = serializers.AddNewNoteOptionSerializer(data=request.data) + if request.method == "POST": + new_note = serializers.AddNewNoteOptionSerializer( + data=request.data + ) if new_note.is_valid(): - entry = new_note.validated_data['entry'] - private = new_note.validated_data.get('private', False) - note_type = new_note.validated_data.get('note_type', None) + entry = new_note.validated_data["entry"] + private = new_note.validated_data.get("private", False) + note_type = new_note.validated_data.get("note_type", None) else: - return Response(new_note.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + new_note.errors, status=status.HTTP_400_BAD_REQUEST + ) author = request.user - note = Notes(entry=entry, author=author, private=private, note_type=note_type) + note = Notes( + entry=entry, + author=author, + private=private, + note_type=note_type, + ) note.save() engagement.notes.add(note) - serialized_note = serializers.NoteSerializer({ - "author": author, "entry": entry, - "private": private - }) - result = serializers.EngagementToNotesSerializer({ - "engagement_id": engagement, "notes": [serialized_note.data] - }) - return Response(serialized_note.data, - status=status.HTTP_201_CREATED) + serialized_note = serializers.NoteSerializer( + {"author": author, "entry": entry, "private": private} + ) + return Response( + serialized_note.data, status=status.HTTP_201_CREATED + ) notes = engagement.notes.all() - serialized_notes = serializers.EngagementToNotesSerializer({ - "engagement_id": engagement, "notes": notes - }) - return Response(serialized_notes.data, - status=status.HTTP_200_OK) + serialized_notes = serializers.EngagementToNotesSerializer( + {"engagement_id": engagement, "notes": notes} + ) + return Response(serialized_notes.data, status=status.HTTP_200_OK) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.EngagementToFilesSerializer} + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.EngagementToFilesSerializer + }, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.EngagementToFilesSerializer} + method="get", + responses={ + status.HTTP_200_OK: serializers.EngagementToFilesSerializer + }, ) @swagger_auto_schema( - method='post', + method="post", request_body=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, + ) + @action( + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,) ) - @action(detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,)) def files(self, request, pk=None): engagement = self.get_object() - if request.method == 'POST': + if request.method == "POST": new_file = serializers.FileSerializer(data=request.data) if new_file.is_valid(): - title = new_file.validated_data['title'] - file = new_file.validated_data['file'] + title = new_file.validated_data["title"] + file = new_file.validated_data["file"] else: - return Response(new_file.errors, status=status.HTTP_400_BAD_REQUEST) + return Response( + new_file.errors, status=status.HTTP_400_BAD_REQUEST + ) file = FileUpload(title=title, file=file) file.save() engagement.files.add(file) serialized_file = serializers.FileSerializer(file) - return Response(serialized_file.data, status=status.HTTP_201_CREATED) + return Response( + serialized_file.data, status=status.HTTP_201_CREATED + ) files = engagement.files.all() - serialized_files = serializers.EngagementToFilesSerializer({ - "engagement_id": engagement, "files": files - }) + serialized_files = serializers.EngagementToFilesSerializer( + {"engagement_id": engagement, "files": files} + ) return Response(serialized_files.data, status=status.HTTP_200_OK) + @extend_schema( + methods=["POST"], + request=serializers.EngagementCheckListSerializer, + responses={ + status.HTTP_201_CREATED: serializers.EngagementCheckListSerializer + }, + ) + @swagger_auto_schema( + method="post", + request_body=serializers.EngagementCheckListSerializer, + responses={ + status.HTTP_201_CREATED: serializers.EngagementCheckListSerializer + }, + ) + @action(detail=True, methods=["get", "post"]) + def complete_checklist(self, request, pk=None): + from dojo.api_v2.prefetch.prefetcher import _Prefetcher + + engagement = self.get_object() + check_lists = Check_List.objects.filter(engagement=engagement) + if request.method == "POST": + if check_lists.count() > 0: + return Response( + { + "message": "A completed checklist for this engagement already exists." + }, + status=status.HTTP_400_BAD_REQUEST, + ) + check_list = serializers.EngagementCheckListSerializer( + data=request.data + ) + if not check_list.is_valid(): + return Response( + check_list.errors, status=status.HTTP_400_BAD_REQUEST + ) + check_list = Check_List(**check_list.data) + check_list.engagement = engagement + check_list.save() + serialized_check_list = serializers.EngagementCheckListSerializer( + check_list + ) + return Response( + serialized_check_list.data, status=status.HTTP_201_CREATED + ) + prefetch_params = request.GET.get("prefetch", "").split(",") + prefetcher = _Prefetcher() + entry = check_lists.first() + # Get the queried object representation + result = serializers.EngagementCheckListSerializer(entry).data + prefetcher._prefetch(entry, prefetch_params) + result["prefetch"] = prefetcher.prefetched_data + return Response(result, status=status.HTTP_200_OK) + + @extend_schema( + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @swagger_auto_schema( + method="get", + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @action( + detail=True, + methods=["get"], + url_path=r"files/download/(?P\d+)", + ) + def download_file(self, request, file_id, pk=None): + engagement = self.get_object() + # Get the file object + file_object_qs = engagement.files.filter(id=file_id) + file_object = ( + file_object_qs.first() if len(file_object_qs) > 0 else None + ) + if file_object is None: + return Response( + {"error": "File ID not associated with Engagement"}, + status=status.HTTP_404_NOT_FOUND, + ) + # Get the path of the file in media root + file_path = f"{settings.MEDIA_ROOT}/{file_object.file.url.lstrip(settings.MEDIA_URL)}" + file_handle = open(file_path, "rb") + # send file + response = FileResponse( + file_handle, + content_type=f"{mimetypes.guess_type(file_path)}", + status=status.HTTP_200_OK, + ) + response["Content-Length"] = file_object.file.size + response[ + "Content-Disposition" + ] = f'attachment; filename="{file_object.file.name}"' + + return response + + +class RiskAcceptanceViewSet( + PrefetchDojoModelViewSet +): + serializer_class = serializers.RiskAcceptanceSerializer + queryset = Risk_Acceptance.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = ApiRiskAcceptanceFilter + swagger_schema = prefetch.get_prefetch_schema( + ["risk_acceptance_list", "risk_acceptance_read"], + serializers.RiskAcceptanceSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasRiskAcceptancePermission, + ) + + def get_queryset(self): + return ( + get_authorized_risk_acceptances(Permissions.Risk_Acceptance) + .prefetch_related( + "notes", "engagement_set", "owner", "accepted_findings" + ) + .distinct() + ) + + @extend_schema( + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.RiskAcceptanceProofSerializer, + }, + ) + @swagger_auto_schema( + method="get", + responses={ + status.HTTP_200_OK: serializers.RiskAcceptanceProofSerializer, + }, + ) + @action(detail=True, methods=["get"]) + def download_proof(self, request, pk=None): + risk_acceptance = self.get_object() + # Get the file object + file_object = risk_acceptance.path + if file_object is None or risk_acceptance.filename() is None: + return Response( + {"error": "Proof has not provided to this risk acceptance..."}, + status=status.HTTP_404_NOT_FOUND, + ) + # Get the path of the file in media root + file_path = f"{settings.MEDIA_ROOT}/{file_object.name}" + file_handle = open(file_path, "rb") + # send file + response = FileResponse( + file_handle, + content_type=f"{mimetypes.guess_type(file_path)}", + status=status.HTTP_200_OK, + ) + response["Content-Length"] = file_object.size + response[ + "Content-Disposition" + ] = f'attachment; filename="{risk_acceptance.filename()}"' + + return response + # These are technologies in the UI and the API! # Authorization: object-based -class AppAnalysisViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class AppAnalysisViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.AppAnalysisSerializer queryset = App_Analysis.objects.none() filter_backends = (DjangoFilterBackend,) - filter_class = ApiAppAnalysisFilter - permission_classes = (IsAuthenticated, permissions.UserHasAppAnalysisPermission) + filterset_class = ApiAppAnalysisFilter + swagger_schema = prefetch.get_prefetch_schema( + ["technologies_list", "technologies_read"], + serializers.AppAnalysisSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasAppAnalysisPermission, + ) def get_queryset(self): return get_authorized_app_analysis(Permissions.Product_View) +# Authorization: object-based +class CredentialsViewSet( + PrefetchDojoModelViewSet, +): + serializer_class = serializers.CredentialSerializer + queryset = Cred_User.objects.all() + filter_backends = (DjangoFilterBackend,) + swagger_schema = prefetch.get_prefetch_schema( + ["credentials_list", "credentials_read"], + serializers.CredentialSerializer, + ).to_schema() + permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) + + +# Authorization: configuration +class CredentialsMappingViewSet( + PrefetchDojoModelViewSet, +): + serializer_class = serializers.CredentialMappingSerializer + queryset = Cred_Mapping.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = ApiCredentialsFilter + swagger_schema = prefetch.get_prefetch_schema( + ["credential_mappings_list", "credential_mappings_read"], + serializers.CredentialMappingSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasCredentialPermission, + ) + + def get_queryset(self): + return get_authorized_cred_mappings(Permissions.Credential_View) + + # Authorization: configuration -class FindingTemplatesViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class FindingTemplatesViewSet( + DojoModelViewSet, +): serializer_class = serializers.FindingTemplateSerializer queryset = Finding_Template.objects.all() filter_backends = (DjangoFilterBackend,) - filter_class = ApiTemplateFindingFilter - permission_classes = (permissions.UserHasConfigurationPermissionStaff, ) + filterset_class = ApiTemplateFindingFilter + permission_classes = (permissions.UserHasConfigurationPermissionStaff,) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("related_fields", OpenApiTypes.BOOL, OpenApiParameter.QUERY, required=False, - description="Expand finding external relations (engagement, environment, product, \ - product_type, test, test_type)"), - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "related_fields", + OpenApiTypes.BOOL, + OpenApiParameter.QUERY, + required=False, + description="Expand finding external relations (engagement, environment, product, \ + product_type, test, test_type)", + ), + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "related_fields", + OpenApiTypes.BOOL, + OpenApiParameter.QUERY, + required=False, + description="Expand finding external relations (engagement, environment, product, \ + product_type, test, test_type)", + ), + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("related_fields", OpenApiTypes.BOOL, OpenApiParameter.QUERY, required=False, - description="Expand finding external relations (engagement, environment, product, \ - product_type, test, test_type)"), - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class FindingViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - ra_api.AcceptedFindingsMixin, - viewsets.GenericViewSet): +class FindingViewSet( + prefetch.PrefetchListMixin, + prefetch.PrefetchRetrieveMixin, + mixins.UpdateModelMixin, + mixins.DestroyModelMixin, + mixins.CreateModelMixin, + ra_api.AcceptedFindingsMixin, + viewsets.GenericViewSet, + dojo_mixins.DeletePreviewModelMixin, +): serializer_class = serializers.FindingSerializer queryset = Finding.objects.none() filter_backends = (DjangoFilterBackend,) filterset_class = ApiFindingFilter - permission_classes = (IsAuthenticated, permissions.UserHasFindingPermission) - - _related_field_parameters = [openapi.Parameter( - name="related_fields", - in_=openapi.IN_QUERY, - description="Expand finding external relations (engagement, environment, product, product_type, test, test_type)", - type=openapi.TYPE_BOOLEAN)] - swagger_schema = prefetch.get_prefetch_schema(["findings_list", "findings_read"], serializers.FindingSerializer). \ - composeWith(schema.ExtraParameters("findings_list", _related_field_parameters)). \ - composeWith(schema.ExtraParameters("findings_read", _related_field_parameters)). \ - to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasFindingPermission, + ) + + _related_field_parameters = [ + openapi.Parameter( + name="related_fields", + in_=openapi.IN_QUERY, + description="Expand finding external relations (engagement, environment, product, product_type, test, test_type)", + type=openapi.TYPE_BOOLEAN, + ) + ] + swagger_schema = ( + prefetch.get_prefetch_schema( + ["findings_list", "findings_read"], serializers.FindingSerializer + ) + .composeWith( + schema.ExtraParameters("findings_list", _related_field_parameters) + ) + .composeWith( + schema.ExtraParameters("findings_read", _related_field_parameters) + ) + .to_schema() + ) # Overriding mixins.UpdateModeMixin perform_update() method to grab push_to_jira # data and add that as a parameter to .save() def perform_update(self, serializer): # IF JIRA is enabled and this product has a JIRA configuration - push_to_jira = serializer.validated_data.get('push_to_jira') + push_to_jira = serializer.validated_data.get("push_to_jira") jira_project = jira_helper.get_jira_project(serializer.instance) - if get_system_setting('enable_jira') and jira_project: + if get_system_setting("enable_jira") and jira_project: push_to_jira = push_to_jira or jira_project.push_all_issues serializer.save(push_to_jira=push_to_jira) def get_queryset(self): - findings = get_authorized_findings(Permissions.Finding_View).prefetch_related('endpoints', - 'reviewers', - 'found_by', - 'notes', - 'risk_acceptance_set', - 'test', - 'tags', - 'jira_issue', - 'finding_group_set', - 'files', - 'burprawrequestresponse_set', - 'endpoint_status', - 'finding_meta', - 'test__test_type', - 'test__engagement', - 'test__environment', - 'test__engagement__product', - 'test__engagement__product__prod_type') + findings = get_authorized_findings( + Permissions.Finding_View + ).prefetch_related( + "endpoints", + "reviewers", + "found_by", + "notes", + "risk_acceptance_set", + "test", + "tags", + "jira_issue", + "finding_group_set", + "files", + "burprawrequestresponse_set", + "status_finding", + "finding_meta", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) return findings.distinct() def get_serializer_class(self): - if self.request and self.request.method == 'POST': + if self.request and self.request.method == "POST": return serializers.FindingCreateSerializer else: return serializers.FindingSerializer @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.TagSerializer} + methods=["POST"], + request=serializers.FindingCloseSerializer, + responses={status.HTTP_200_OK: serializers.FindingCloseSerializer}, + ) + @swagger_auto_schema( + method="post", + request_body=serializers.FindingCloseSerializer, + responses={status.HTTP_200_OK: serializers.FindingCloseSerializer}, ) + @action(detail=True, methods=["post"]) + def close(self, request, pk=None): + finding = self.get_object() + + if request.method == "POST": + finding_close = serializers.FindingCloseSerializer( + data=request.data + ) + if finding_close.is_valid(): + finding.is_mitigated = finding_close.validated_data[ + "is_mitigated" + ] + if settings.EDITABLE_MITIGATED_DATA: + finding.mitigated = ( + finding_close.validated_data["mitigated"] + or timezone.now() + ) + else: + finding.mitigated = timezone.now() + finding.mitigated_by = request.user + finding.active = False + finding.false_p = finding_close.validated_data.get( + "false_p", False + ) + finding.duplicate = finding_close.validated_data.get( + "duplicate", False + ) + finding.out_of_scope = finding_close.validated_data.get( + "out_of_scope", False + ) + + endpoints_status = finding.status_finding.all() + for e_status in endpoints_status: + e_status.mitigated_by = request.user + if settings.EDITABLE_MITIGATED_DATA: + e_status.mitigated_time = ( + finding_close.validated_data["mitigated"] + or timezone.now() + ) + else: + e_status.mitigated_time = timezone.now() + e_status.mitigated = True + e_status.last_modified = timezone.now() + e_status.save() + finding.save() + else: + return Response( + finding_close.errors, status=status.HTTP_400_BAD_REQUEST + ) + serialized_finding = serializers.FindingCloseSerializer(finding) + return Response(serialized_finding.data) + @extend_schema( - methods=['POST'], + methods=["GET"], + responses={status.HTTP_200_OK: serializers.TagSerializer}, + ) + @extend_schema( + methods=["POST"], request=serializers.TagSerializer, - responses={status.HTTP_201_CREATED: serializers.TagSerializer} + responses={status.HTTP_201_CREATED: serializers.TagSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.TagSerializer} + method="get", responses={status.HTTP_200_OK: serializers.TagSerializer} ) @swagger_auto_schema( - method='post', + method="post", request_body=serializers.TagSerializer, - responses={status.HTTP_200_OK: serializers.TagSerializer} + responses={status.HTTP_200_OK: serializers.TagSerializer}, ) - @action(detail=True, methods=['get', 'post']) + @action(detail=True, methods=["get", "post"]) def tags(self, request, pk=None): finding = self.get_object() - if request.method == 'POST': + if request.method == "POST": new_tags = serializers.TagSerializer(data=request.data) if new_tags.is_valid(): all_tags = finding.tags - all_tags = serializers.TagSerializer({"tags": all_tags}).data['tags'] + all_tags = serializers.TagSerializer({"tags": all_tags}).data[ + "tags" + ] - for tag in tagulous.utils.parse_tags(new_tags.validated_data['tags']): + for tag in tagulous.utils.parse_tags( + new_tags.validated_data["tags"] + ): if tag not in all_tags: all_tags.append(tag) new_tags = tagulous.utils.render_tags(all_tags) finding.tags = new_tags finding.save() else: - return Response(new_tags.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + new_tags.errors, status=status.HTTP_400_BAD_REQUEST + ) tags = finding.tags serialized_tags = serializers.TagSerializer({"tags": tags}) return Response(serialized_tags.data) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer} + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer + }, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.BurpRawRequestResponseSerializer, - responses={status.HTTP_201_CREATED: serializers.BurpRawRequestResponseSerializer} + responses={ + status.HTTP_201_CREATED: serializers.BurpRawRequestResponseSerializer + }, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer} + method="get", + responses={ + status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer + }, ) @swagger_auto_schema( - method='post', + method="post", request_body=serializers.BurpRawRequestResponseSerializer, - responses={status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer} + responses={ + status.HTTP_200_OK: serializers.BurpRawRequestResponseSerializer + }, ) - @action(detail=True, methods=['get', 'post']) + @action(detail=True, methods=["get", "post"]) def request_response(self, request, pk=None): finding = self.get_object() - if request.method == 'POST': - burps = serializers.BurpRawRequestResponseSerializer(data=request.data, many=isinstance(request.data, list)) + if request.method == "POST": + burps = serializers.BurpRawRequestResponseSerializer( + data=request.data, many=isinstance(request.data, list) + ) if burps.is_valid(): - for pair in burps.validated_data['req_resp']: + for pair in burps.validated_data["req_resp"]: burp_rr = BurpRawRequestResponse( - finding=finding, - burpRequestBase64=base64.b64encode(pair["request"].encode("utf-8")), - burpResponseBase64=base64.b64encode(pair["response"].encode("utf-8")), - ) + finding=finding, + burpRequestBase64=base64.b64encode( + pair["request"].encode("utf-8") + ), + burpResponseBase64=base64.b64encode( + pair["response"].encode("utf-8") + ), + ) burp_rr.clean() burp_rr.save() else: - return Response(burps.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + burps.errors, status=status.HTTP_400_BAD_REQUEST + ) burp_req_resp = BurpRawRequestResponse.objects.filter(finding=finding) burp_list = [] for burp in burp_req_resp: request = burp.get_request() response = burp.get_response() - burp_list.append({'request': request, 'response': response}) - serialized_burps = serializers.BurpRawRequestResponseSerializer({'req_resp': burp_list}) + burp_list.append({"request": request, "response": response}) + serialized_burps = serializers.BurpRawRequestResponseSerializer( + {"req_resp": burp_list} + ) return Response(serialized_burps.data) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.FindingToNotesSerializer} + methods=["GET"], + responses={status.HTTP_200_OK: serializers.FindingToNotesSerializer}, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.FindingToNotesSerializer} + method="get", + responses={status.HTTP_200_OK: serializers.FindingToNotesSerializer}, ) @swagger_auto_schema( - methods=['post'], + methods=["post"], request_body=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @action(detail=True, methods=["get", "post"]) def notes(self, request, pk=None): finding = self.get_object() - if request.method == 'POST': - new_note = serializers.AddNewNoteOptionSerializer(data=request.data) + if request.method == "POST": + new_note = serializers.AddNewNoteOptionSerializer( + data=request.data + ) if new_note.is_valid(): - entry = new_note.validated_data['entry'] - private = new_note.validated_data.get('private', False) - note_type = new_note.validated_data.get('note_type', None) + entry = new_note.validated_data["entry"] + private = new_note.validated_data.get("private", False) + note_type = new_note.validated_data.get("note_type", None) else: - return Response(new_note.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + new_note.errors, status=status.HTTP_400_BAD_REQUEST + ) author = request.user - note = Notes(entry=entry, author=author, private=private, note_type=note_type) + note = Notes( + entry=entry, + author=author, + private=private, + note_type=note_type, + ) note.save() finding.notes.add(note) @@ -642,146 +1217,230 @@ def notes(self, request, pk=None): elif finding.has_jira_group_issue: jira_helper.add_comment(finding.finding_group, note) - serialized_note = serializers.NoteSerializer({ - "author": author, "entry": entry, - "private": private - }) - result = serializers.FindingToNotesSerializer({ - "finding_id": finding, "notes": [serialized_note.data] - }) - return Response(serialized_note.data, - status=status.HTTP_201_CREATED) + serialized_note = serializers.NoteSerializer( + {"author": author, "entry": entry, "private": private} + ) + return Response( + serialized_note.data, status=status.HTTP_201_CREATED + ) notes = finding.notes.all() - serialized_notes = serializers.FindingToNotesSerializer({ - "finding_id": finding, "notes": notes - }) - return Response(serialized_notes.data, - status=status.HTTP_200_OK) + serialized_notes = serializers.FindingToNotesSerializer( + {"finding_id": finding, "notes": notes} + ) + return Response(serialized_notes.data, status=status.HTTP_200_OK) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.FindingToFilesSerializer} + methods=["GET"], + responses={status.HTTP_200_OK: serializers.FindingToFilesSerializer}, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.FindingToFilesSerializer} + method="get", + responses={status.HTTP_200_OK: serializers.FindingToFilesSerializer}, ) @swagger_auto_schema( - method='post', + method="post", request_body=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, + ) + @action( + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,) ) - @action(detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,)) def files(self, request, pk=None): finding = self.get_object() - if request.method == 'POST': + if request.method == "POST": new_file = serializers.FileSerializer(data=request.data) if new_file.is_valid(): - title = new_file.validated_data['title'] - file = new_file.validated_data['file'] + title = new_file.validated_data["title"] + file = new_file.validated_data["file"] else: - return Response(new_file.errors, status=status.HTTP_400_BAD_REQUEST) + return Response( + new_file.errors, status=status.HTTP_400_BAD_REQUEST + ) file = FileUpload(title=title, file=file) file.save() finding.files.add(file) serialized_file = serializers.FileSerializer(file) - return Response(serialized_file.data, status=status.HTTP_201_CREATED) + return Response( + serialized_file.data, status=status.HTTP_201_CREATED + ) files = finding.files.all() - serialized_files = serializers.FindingToFilesSerializer({ - "finding_id": finding, "files": files - }) + serialized_files = serializers.FindingToFilesSerializer( + {"finding_id": finding, "files": files} + ) return Response(serialized_files.data, status=status.HTTP_200_OK) + @extend_schema( + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @swagger_auto_schema( + method="get", + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @action( + detail=True, + methods=["get"], + url_path=r"files/download/(?P\d+)", + ) + def download_file(self, request, file_id, pk=None): + finding = self.get_object() + # Get the file object + file_object_qs = finding.files.filter(id=file_id) + file_object = ( + file_object_qs.first() if len(file_object_qs) > 0 else None + ) + if file_object is None: + return Response( + {"error": "File ID not associated with Finding"}, + status=status.HTTP_404_NOT_FOUND, + ) + # Get the path of the file in media root + file_path = f"{settings.MEDIA_ROOT}/{file_object.file.url.lstrip(settings.MEDIA_URL)}" + file_handle = open(file_path, "rb") + # send file + response = FileResponse( + file_handle, + content_type=f"{mimetypes.guess_type(file_path)}", + status=status.HTTP_200_OK, + ) + response["Content-Length"] = file_object.file.size + response[ + "Content-Disposition" + ] = f'attachment; filename="{file_object.file.name}"' + + return response + @extend_schema( request=serializers.FindingNoteSerializer, - responses={status.HTTP_204_NO_CONTENT: ""} + responses={status.HTTP_204_NO_CONTENT: ""}, ) @swagger_auto_schema( request_body=serializers.FindingNoteSerializer, - responses={status.HTTP_204_NO_CONTENT: ""} + responses={status.HTTP_204_NO_CONTENT: ""}, ) @action(detail=True, methods=["patch"]) def remove_note(self, request, pk=None): """Remove Note From Finding Note""" finding = self.get_object() notes = finding.notes.all() - if request.data['note_id']: - note = get_object_or_404(Notes.objects, id=request.data['note_id']) + if request.data["note_id"]: + note = get_object_or_404(Notes.objects, id=request.data["note_id"]) if note not in notes: - return Response({"error": "Selected Note is not assigned to this Finding"}, - status=status.HTTP_400_BAD_REQUEST) + return Response( + {"error": "Selected Note is not assigned to this Finding"}, + status=status.HTTP_400_BAD_REQUEST, + ) else: - return Response({"error": "('note_id') parameter missing"}, - status=status.HTTP_400_BAD_REQUEST) - if note.author.username == request.user.username or request.user.is_staff: + return Response( + {"error": "('note_id') parameter missing"}, + status=status.HTTP_400_BAD_REQUEST, + ) + if ( + note.author.username == request.user.username + or request.user.is_superuser + ): finding.notes.remove(note) note.delete() else: - return Response({"error": "Delete Failed, You are not the Note's author"}, - status=status.HTTP_400_BAD_REQUEST) + return Response( + {"error": "Delete Failed, You are not the Note's author"}, + status=status.HTTP_400_BAD_REQUEST, + ) - return Response({"Success": "Selected Note has been Removed successfully"}, - status=status.HTTP_204_NO_CONTENT) + return Response( + {"Success": "Selected Note has been Removed successfully"}, + status=status.HTTP_204_NO_CONTENT, + ) @extend_schema( - methods=['PUT', 'PATCH'], + methods=["PUT", "PATCH"], request=serializers.TagSerializer, responses={status.HTTP_204_NO_CONTENT: ""}, ) @swagger_auto_schema( - methods=['put', 'patch'], + methods=["put", "patch"], request_body=serializers.TagSerializer, responses={status.HTTP_204_NO_CONTENT: ""}, ) @action(detail=True, methods=["put", "patch"]) def remove_tags(self, request, pk=None): - """ Remove Tag(s) from finding list of tags """ + """Remove Tag(s) from finding list of tags""" finding = self.get_object() delete_tags = serializers.TagSerializer(data=request.data) if delete_tags.is_valid(): all_tags = finding.tags - all_tags = serializers.TagSerializer({"tags": all_tags}).data['tags'] + all_tags = serializers.TagSerializer({"tags": all_tags}).data[ + "tags" + ] # serializer turns it into a string, but we need a list - del_tags = tagulous.utils.parse_tags(delete_tags.validated_data['tags']) + del_tags = tagulous.utils.parse_tags( + delete_tags.validated_data["tags"] + ) if len(del_tags) < 1: - return Response({"error": "Empty Tag List Not Allowed"}, - status=status.HTTP_400_BAD_REQUEST) + return Response( + {"error": "Empty Tag List Not Allowed"}, + status=status.HTTP_400_BAD_REQUEST, + ) for tag in del_tags: if tag not in all_tags: - return Response({"error": "'{}' is not a valid tag in list".format(tag)}, - status=status.HTTP_400_BAD_REQUEST) + return Response( + { + "error": "'{}' is not a valid tag in list".format( + tag + ) + }, + status=status.HTTP_400_BAD_REQUEST, + ) all_tags.remove(tag) new_tags = tagulous.utils.render_tags(all_tags) finding.tags = new_tags finding.save() - return Response({"success": "Tag(s) Removed"}, - status=status.HTTP_204_NO_CONTENT) + return Response( + {"success": "Tag(s) Removed"}, + status=status.HTTP_204_NO_CONTENT, + ) else: - return Response(delete_tags.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + delete_tags.errors, status=status.HTTP_400_BAD_REQUEST + ) @extend_schema( - responses={status.HTTP_200_OK: serializers.FindingSerializer(many=True)} + responses={ + status.HTTP_200_OK: serializers.FindingSerializer(many=True) + } ) @swagger_auto_schema( - responses={status.HTTP_200_OK: serializers.FindingSerializer(many=True)} + responses={ + status.HTTP_200_OK: serializers.FindingSerializer(many=True) + } + ) + @action( + detail=True, + methods=["get"], + url_path=r"duplicate", + filter_backends=[], + pagination_class=None, ) - @action(detail=True, methods=['get'], url_path=r'duplicate', filter_backends=[], pagination_class=None) def get_duplicate_cluster(self, request, pk): finding = self.get_object() result = duplicate_cluster(request, finding) - serializer = serializers.FindingSerializer(instance=result, many=True, - context={"request": request}) + serializer = serializers.FindingSerializer( + instance=result, many=True, context={"request": request} + ) return Response(serializer.data, status=status.HTTP_200_OK) @extend_schema( @@ -792,10 +1451,11 @@ def get_duplicate_cluster(self, request, pk): request_body=no_body, responses={status.HTTP_204_NO_CONTENT: ""}, ) - @action(detail=True, methods=['post'], url_path=r'duplicate/reset') + @action(detail=True, methods=["post"], url_path=r"duplicate/reset") def reset_finding_duplicate_status(self, request, pk): - finding = self.get_object() - checked_duplicate_id = reset_finding_duplicate_status_internal(request.user, pk) + checked_duplicate_id = reset_finding_duplicate_status_internal( + request.user, pk + ) if checked_duplicate_id is None: return Response(status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_204_NO_CONTENT) @@ -803,17 +1463,19 @@ def reset_finding_duplicate_status(self, request, pk): @extend_schema( request=OpenApiTypes.NONE, parameters=[ - OpenApiParameter("new_fid", OpenApiTypes.INT, OpenApiParameter.PATH) + OpenApiParameter( + "new_fid", OpenApiTypes.INT, OpenApiParameter.PATH + ) ], responses={status.HTTP_204_NO_CONTENT: ""}, ) @swagger_auto_schema( - responses={status.HTTP_204_NO_CONTENT: ""}, - request_body=no_body + responses={status.HTTP_204_NO_CONTENT: ""}, request_body=no_body + ) + @action( + detail=True, methods=["post"], url_path=r"original/(?P\d+)" ) - @action(detail=True, methods=['post'], url_path=r'original/(?P\d+)') def set_finding_as_original(self, request, pk, new_fid): - finding = self.get_object() success = set_finding_as_original_internal(request.user, pk, new_fid) if not success: return Response(status=status.HTTP_400_BAD_REQUEST) @@ -827,20 +1489,33 @@ def set_finding_as_original(self, request, pk, new_fid): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=False, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=False, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request): findings = self.get_queryset() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, findings, options) report = serializers.ReportGenerateSerializer(data) @@ -848,27 +1523,34 @@ def generate_report(self, request): def _get_metadata(self, request, finding): metadata = DojoMeta.objects.filter(finding=finding) - serializer = serializers.FindingMetaSerializer(instance=metadata, many=True) + serializer = serializers.FindingMetaSerializer( + instance=metadata, many=True + ) return Response(serializer.data, status=status.HTTP_200_OK) def _edit_metadata(self, request, finding): metadata_name = request.query_params.get("name", None) if metadata_name is None: - return Response("Metadata name is required", status=status.HTTP_400_BAD_REQUEST) + return Response( + "Metadata name is required", status=status.HTTP_400_BAD_REQUEST + ) try: DojoMeta.objects.update_or_create( - name=metadata_name, finding=finding, + name=metadata_name, + finding=finding, defaults={ "name": request.data.get("name"), - "value": request.data.get("value") - } + "value": request.data.get("value"), + }, ) return Response(data=request.data, status=status.HTTP_200_OK) except IntegrityError: - return Response("Update failed because the new name already exists", - status=status.HTTP_400_BAD_REQUEST) + return Response( + "Update failed because the new name already exists", + status=status.HTTP_400_BAD_REQUEST, + ) def _add_metadata(self, request, finding): metadata_data = serializers.FindingMetaSerializer(data=request.data) @@ -882,41 +1564,63 @@ def _add_metadata(self, request, finding): metadata.validate_unique() metadata.save() except ValidationError: - return Response("Create failed probably because the name of the metadata already exists", status=status.HTTP_400_BAD_REQUEST) + return Response( + "Create failed probably because the name of the metadata already exists", + status=status.HTTP_400_BAD_REQUEST, + ) return Response(data=metadata_data.data, status=status.HTTP_200_OK) else: - return Response(metadata_data.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + metadata_data.errors, status=status.HTTP_400_BAD_REQUEST + ) def _remove_metadata(self, request, finding): name = request.query_params.get("name", None) if name is None: - return Response("A metadata name must be provided", status=status.HTTP_400_BAD_REQUEST) + return Response( + "A metadata name must be provided", + status=status.HTTP_400_BAD_REQUEST, + ) - metadata = get_object_or_404(DojoMeta.objects, finding=finding, name=name) + metadata = get_object_or_404( + DojoMeta.objects, finding=finding, name=name + ) metadata.delete() return Response("Metadata deleted", status=status.HTTP_200_OK) @extend_schema( - methods=['GET'], + methods=["GET"], responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer(many=True), - status.HTTP_404_NOT_FOUND: OpenApiResponse(description="Returned if finding does not exist"), + status.HTTP_404_NOT_FOUND: OpenApiResponse( + description="Returned if finding does not exist" + ), }, ) @extend_schema( - methods=['DELETE'], + methods=["DELETE"], parameters=[ - OpenApiParameter("name", OpenApiTypes.INT, OpenApiParameter.QUERY, required=True, - description="name of the metadata to retrieve. If name is empty, return all the \ - metadata associated with the finding") + OpenApiParameter( + "name", + OpenApiTypes.INT, + OpenApiParameter.QUERY, + required=True, + description="name of the metadata to retrieve. If name is empty, return all the \ + metadata associated with the finding", + ) ], responses={ - status.HTTP_200_OK: OpenApiResponse(description="Returned if the metadata was correctly deleted"), - status.HTTP_404_NOT_FOUND: OpenApiResponse(description="Returned if finding does not exist"), - status.HTTP_400_BAD_REQUEST: OpenApiResponse(description="Returned if there was a problem with the metadata information"), + status.HTTP_200_OK: OpenApiResponse( + description="Returned if the metadata was correctly deleted" + ), + status.HTTP_404_NOT_FOUND: OpenApiResponse( + description="Returned if finding does not exist" + ), + status.HTTP_400_BAD_REQUEST: OpenApiResponse( + description="Returned if there was a problem with the metadata information" + ), }, # manual_parameters=[openapi.Parameter( # name="name", in_=openapi.IN_QUERY, type=openapi.TYPE_STRING, @@ -924,68 +1628,92 @@ def _remove_metadata(self, request, finding): # metadata associated with the finding")] ) @extend_schema( - methods=['PUT'], + methods=["PUT"], request=serializers.FindingMetaSerializer, responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer, - status.HTTP_404_NOT_FOUND: OpenApiResponse(description="Returned if finding does not exist"), - status.HTTP_400_BAD_REQUEST: OpenApiResponse(description="Returned if there was a problem with the metadata information"), + status.HTTP_404_NOT_FOUND: OpenApiResponse( + description="Returned if finding does not exist" + ), + status.HTTP_400_BAD_REQUEST: OpenApiResponse( + description="Returned if there was a problem with the metadata information" + ), }, # manual_parameters=[openapi.Parameter( # name="name", in_=openapi.IN_QUERY, required=True, type=openapi.TYPE_STRING, # description="name of the metadata to edit")], ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.FindingMetaSerializer, responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer, - status.HTTP_404_NOT_FOUND: OpenApiResponse(description="Returned if finding does not exist"), - status.HTTP_400_BAD_REQUEST: OpenApiResponse(description="Returned if there was a problem with the metadata information"), + status.HTTP_404_NOT_FOUND: OpenApiResponse( + description="Returned if finding does not exist" + ), + status.HTTP_400_BAD_REQUEST: OpenApiResponse( + description="Returned if there was a problem with the metadata information" + ), }, ) @swagger_auto_schema( responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer(many=True), - status.HTTP_404_NOT_FOUND: "Returned if finding does not exist" + status.HTTP_404_NOT_FOUND: "Returned if finding does not exist", }, - methods=['get'] + methods=["get"], ) @swagger_auto_schema( responses={ status.HTTP_200_OK: "Returned if the metadata was correctly deleted", status.HTTP_404_NOT_FOUND: "Returned if finding does not exist", - status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information" + status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information", }, - methods=['delete'], - manual_parameters=[openapi.Parameter( - name="name", in_=openapi.IN_QUERY, required=True, type=openapi.TYPE_STRING, - description="name of the metadata to retrieve. If name is empty, return all the \ - metadata associated with the finding")] + methods=["delete"], + manual_parameters=[ + openapi.Parameter( + name="name", + in_=openapi.IN_QUERY, + required=True, + type=openapi.TYPE_STRING, + description="name of the metadata to retrieve. If name is empty, return all the \ + metadata associated with the finding", + ) + ], ) @swagger_auto_schema( responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer, status.HTTP_404_NOT_FOUND: "Returned if finding does not exist", - status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information" + status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information", }, - methods=['put'], - manual_parameters=[openapi.Parameter( - name="name", in_=openapi.IN_QUERY, required=True, type=openapi.TYPE_STRING, - description="name of the metadata to edit")], - request_body=serializers.FindingMetaSerializer + methods=["put"], + manual_parameters=[ + openapi.Parameter( + name="name", + in_=openapi.IN_QUERY, + required=True, + type=openapi.TYPE_STRING, + description="name of the metadata to edit", + ) + ], + request_body=serializers.FindingMetaSerializer, ) @swagger_auto_schema( responses={ status.HTTP_200_OK: serializers.FindingMetaSerializer, status.HTTP_404_NOT_FOUND: "Returned if finding does not exist", - status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information" + status.HTTP_400_BAD_REQUEST: "Returned if there was a problem with the metadata information", }, - methods=['post'], - request_body=serializers.FindingMetaSerializer + methods=["post"], + request_body=serializers.FindingMetaSerializer, + ) + @action( + detail=True, + methods=["post", "put", "delete", "get"], + filter_backends=[], + pagination_class=None, ) - @action(detail=True, methods=["post", "put", "delete", "get"], - filter_backends=[], pagination_class=None) def metadata(self, request, pk=None): finding = self.get_object() @@ -1000,134 +1728,188 @@ def metadata(self, request, pk=None): elif request.method == "DELETE": return self._remove_metadata(request, finding) - return Response({"error", "unsupported method"}, status=status.HTTP_400_BAD_REQUEST) + return Response( + {"error", "unsupported method"}, status=status.HTTP_400_BAD_REQUEST + ) -# Authorization: superuser -class JiraInstanceViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +# Authorization: configuration +class JiraInstanceViewSet( + DojoModelViewSet, +): serializer_class = serializers.JIRAInstanceSerializer queryset = JIRA_Instance.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'url') - permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) + filterset_fields = ["id", "url"] + permission_classes = (permissions.UserHasConfigurationPermissionSuperuser,) # Authorization: object-based -class JiraIssuesViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class JiraIssuesViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.JIRAIssueSerializer queryset = JIRA_Issue.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'jira_id', 'jira_key', 'finding', 'engagement', 'finding_group') - permission_classes = (IsAuthenticated, permissions.UserHasJiraIssuePermission) + filterset_fields = [ + "id", + "jira_id", + "jira_key", + "finding", + "engagement", + "finding_group", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["jira_finding_mappings_list", "jira_finding_mappings_read"], + serializers.JIRAIssueSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasJiraIssuePermission, + ) def get_queryset(self): return get_authorized_jira_issues(Permissions.Product_View) # Authorization: object-based -class JiraProjectViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class JiraProjectViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.JIRAProjectSerializer queryset = JIRA_Project.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'jira_instance', 'product', 'engagement', 'component', 'project_key', - 'push_all_issues', 'enable_engagement_epic_mapping', - 'push_notes') - permission_classes = (IsAuthenticated, permissions.UserHasJiraProductPermission) + filterset_fields = [ + "id", + "jira_instance", + "product", + "engagement", + "component", + "project_key", + "push_all_issues", + "enable_engagement_epic_mapping", + "push_notes", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["jira_projects_list", "jira_projects_read"], + serializers.JIRAProjectSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasJiraProductPermission, + ) def get_queryset(self): return get_authorized_jira_projects(Permissions.Product_View) # Authorization: superuser -class SonarqubeIssueViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class SonarqubeIssueViewSet( + DojoModelViewSet, +): serializer_class = serializers.SonarqubeIssueSerializer queryset = Sonarqube_Issue.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'key', 'status', 'type') + filterset_fields = ["id", "key", "status", "type"] permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) # Authorization: superuser -class SonarqubeIssueTransitionViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class SonarqubeIssueTransitionViewSet( + DojoModelViewSet, +): serializer_class = serializers.SonarqubeIssueTransitionSerializer queryset = Sonarqube_Issue_Transition.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'sonarqube_issue', 'finding_status', - 'sonarqube_status', 'transitions') + filterset_fields = [ + "id", + "sonarqube_issue", + "finding_status", + "sonarqube_status", + "transitions", + ] permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) # Authorization: object-based -class ProductAPIScanConfigurationViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class ProductAPIScanConfigurationViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductAPIScanConfigurationSerializer queryset = Product_API_Scan_Configuration.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product', 'tool_configuration', - 'service_key_1', 'service_key_2', 'service_key_3') - permission_classes = (IsAuthenticated, permissions.UserHasProductAPIScanConfigurationPermission) + filterset_fields = [ + "id", + "product", + "tool_configuration", + "service_key_1", + "service_key_2", + "service_key_3", + ] + swagger_schema = prefetch.get_prefetch_schema( + [ + "product_api_scan_configurations_list", + "product_api_scan_configurations_read", + ], + serializers.ProductAPIScanConfigurationSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductAPIScanConfigurationPermission, + ) def get_queryset(self): - return get_authorized_product_api_scan_configurations(Permissions.Product_API_Scan_Configuration_View) + return get_authorized_product_api_scan_configurations( + Permissions.Product_API_Scan_Configuration_View + ) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class DojoMetaViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class DojoMetaViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.MetaSerializer queryset = DojoMeta.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product', 'endpoint', 'finding', 'name', 'value') - permission_classes = (IsAuthenticated, permissions.UserHasDojoMetaPermission) - swagger_schema = prefetch.get_prefetch_schema(["metadata_list", "metadata_read"], - serializers.MetaSerializer).to_schema() + filterset_fields = [ + "id", + "product", + "endpoint", + "finding", + "name", + "value", + ] + permission_classes = ( + IsAuthenticated, + permissions.UserHasDojoMetaPermission, + ) + swagger_schema = prefetch.get_prefetch_schema( + ["metadata_list", "metadata_read"], serializers.MetaSerializer + ).to_schema() def get_queryset(self): return get_authorized_dojo_meta(Permissions.Product_View) @@ -1137,10 +1919,16 @@ def get_queryset(self): class DjangoFilterDescriptionInspector(CoreAPICompatInspector): def get_filter_parameters(self, filter_backend): if isinstance(filter_backend, DjangoFilterBackend): - result = super(DjangoFilterDescriptionInspector, self).get_filter_parameters(filter_backend) + result = super( + DjangoFilterDescriptionInspector, self + ).get_filter_parameters(filter_backend) for param in result: - if not param.get('description', ''): - param.description = "Filter the returned list by {field_name}".format(field_name=param.name) + if not param.get("description", ""): + param.description = ( + "Filter the returned list by {field_name}".format( + field_name=param.name + ) + ) return result @@ -1148,39 +1936,70 @@ def get_filter_parameters(self, filter_backend): @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -@method_decorator(name='list', decorator=swagger_auto_schema( - filter_inspectors=[DjangoFilterDescriptionInspector] -)) -class ProductViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +@method_decorator( + name="list", + decorator=swagger_auto_schema( + filter_inspectors=[DjangoFilterDescriptionInspector] + ), +) +class ProductViewSet( + prefetch.PrefetchListMixin, + prefetch.PrefetchRetrieveMixin, + mixins.CreateModelMixin, + mixins.DestroyModelMixin, + mixins.UpdateModelMixin, + viewsets.GenericViewSet, + dojo_mixins.DeletePreviewModelMixin, +): serializer_class = serializers.ProductSerializer # TODO: prefetch queryset = Product.objects.none() filter_backends = (DjangoFilterBackend,) filterset_class = ApiProductFilter - swagger_schema = prefetch.get_prefetch_schema(["products_list", "products_read"], serializers.ProductSerializer). \ - to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductPermission) + swagger_schema = prefetch.get_prefetch_schema( + ["products_list", "products_read"], serializers.ProductSerializer + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductPermission, + ) def get_queryset(self): return get_authorized_products(Permissions.Product_View).distinct() + def destroy(self, request, *args, **kwargs): + instance = self.get_object() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(instance) + else: + instance.delete() + return Response(status=status.HTTP_204_NO_CONTENT) + # def list(self, request): # print(vars(request)) # # Note the use of `get_queryset()` instead of `self.queryset` @@ -1196,21 +2015,34 @@ def get_queryset(self): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request, pk=None): product = self.get_object() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, product, options) report = serializers.ReportGenerateSerializer(data) @@ -1219,140 +2051,194 @@ def generate_report(self, request, pk=None): # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class ProductMemberViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ProductMemberViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductMemberSerializer queryset = Product_Member.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product_id', 'user_id') - swagger_schema = prefetch.get_prefetch_schema(["product_members_list", "product_members_read"], - serializers.ProductMemberSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductMemberPermission) + filterset_fields = ["id", "product_id", "user_id"] + swagger_schema = prefetch.get_prefetch_schema( + ["product_members_list", "product_members_read"], + serializers.ProductMemberSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductMemberPermission, + ) def get_queryset(self): - return get_authorized_product_members(Permissions.Product_View).distinct() + return get_authorized_product_members( + Permissions.Product_View + ).distinct() @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + exclude=True ) @swagger_auto_schema( - request_body=no_body, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + auto_schema=None ) def partial_update(self, request, pk=None): # Object authorization won't work if not all data is provided - response = {'message': 'Patch function is not offered in this path.'} + response = {"message": "Patch function is not offered in this path."} return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class ProductGroupViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ProductGroupViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductGroupSerializer queryset = Product_Group.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product_id', 'group_id') - swagger_schema = prefetch.get_prefetch_schema(["product_groups_list", "product_groups_read"], - serializers.ProductGroupSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductGroupPermission) + filterset_fields = ["id", "product_id", "group_id"] + swagger_schema = prefetch.get_prefetch_schema( + ["product_groups_list", "product_groups_read"], + serializers.ProductGroupSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductGroupPermission, + ) def get_queryset(self): - return get_authorized_product_groups(Permissions.Product_Group_View).distinct() + return get_authorized_product_groups( + Permissions.Product_Group_View + ).distinct() @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + exclude=True ) @swagger_auto_schema( - request_body=no_body, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + auto_schema=None ) def partial_update(self, request, pk=None): # Object authorization won't work if not all data is provided - response = {'message': 'Patch function is not offered in this path.'} + response = {"message": "Patch function is not offered in this path."} return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class ProductTypeViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class ProductTypeViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductTypeSerializer queryset = Product_Type.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'critical_product', 'key_product', 'created', 'updated') - swagger_schema = prefetch.get_prefetch_schema(["product_types_list", "product_types_read"], - serializers.ProductTypeSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductTypePermission) + filterset_fields = [ + "id", + "name", + "critical_product", + "key_product", + "created", + "updated", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["product_types_list", "product_types_read"], + serializers.ProductTypeSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductTypePermission, + ) def get_queryset(self): - return get_authorized_product_types(Permissions.Product_Type_View).distinct() + return get_authorized_product_types( + Permissions.Product_Type_View + ).distinct() # Overwrite perfom_create of CreateModelMixin to add current user as owner def perform_create(self, serializer): serializer.save() product_type_data = serializer.data - product_type_data.pop('authorization_groups') - product_type_data.pop('members') + product_type_data.pop("authorization_groups") + product_type_data.pop("members") member = Product_Type_Member() member.user = self.request.user member.product_type = Product_Type(**product_type_data) member.role = Role.objects.get(is_owner=True) member.save() + def destroy(self, request, *args, **kwargs): + instance = self.get_object() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(instance) + else: + instance.delete() + return Response(status=status.HTTP_204_NO_CONTENT) + @extend_schema( request=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, @@ -1361,21 +2247,34 @@ def perform_create(self, serializer): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request, pk=None): product_type = self.get_object() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, product_type, options) report = serializers.ReportGenerateSerializer(data) @@ -1384,135 +2283,167 @@ def generate_report(self, request, pk=None): # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class ProductTypeMemberViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ProductTypeMemberViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductTypeMemberSerializer queryset = Product_Type_Member.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product_type_id', 'user_id') - swagger_schema = prefetch.get_prefetch_schema(["product_type_members_list", "product_type_members_read"], - serializers.ProductTypeMemberSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductTypeMemberPermission) + filterset_fields = ["id", "product_type_id", "user_id"] + swagger_schema = prefetch.get_prefetch_schema( + ["product_type_members_list", "product_type_members_read"], + serializers.ProductTypeMemberSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductTypeMemberPermission, + ) def get_queryset(self): - return get_authorized_product_type_members(Permissions.Product_Type_View).distinct() + return get_authorized_product_type_members( + Permissions.Product_Type_View + ).distinct() def destroy(self, request, *args, **kwargs): instance = self.get_object() if instance.role.is_owner: - owners = Product_Type_Member.objects.filter(product_type=instance.product_type, role__is_owner=True).count() + owners = Product_Type_Member.objects.filter( + product_type=instance.product_type, role__is_owner=True + ).count() if owners <= 1: - return Response('There must be at least one owner', status=status.HTTP_400_BAD_REQUEST) + return Response( + "There must be at least one owner", + status=status.HTTP_400_BAD_REQUEST, + ) self.perform_destroy(instance) return Response(status=status.HTTP_204_NO_CONTENT) @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + exclude=True ) @swagger_auto_schema( - request_body=no_body, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + auto_schema=None ) def partial_update(self, request, pk=None): # Object authorization won't work if not all data is provided - response = {'message': 'Patch function is not offered in this path.'} + response = {"message": "Patch function is not offered in this path."} return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class ProductTypeGroupViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ProductTypeGroupViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ProductTypeGroupSerializer queryset = Product_Type_Group.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'product_type_id', 'group_id') - swagger_schema = prefetch.get_prefetch_schema(["product_type_groups_list", "product_type_groups_read"], - serializers.ProductTypeGroupSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasProductTypeGroupPermission) + filterset_fields = ["id", "product_type_id", "group_id"] + swagger_schema = prefetch.get_prefetch_schema( + ["product_type_groups_list", "product_type_groups_read"], + serializers.ProductTypeGroupSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasProductTypeGroupPermission, + ) def get_queryset(self): - return get_authorized_product_type_groups(Permissions.Product_Type_Group_View).distinct() + return get_authorized_product_type_groups( + Permissions.Product_Type_Group_View + ).distinct() @extend_schema( - request=OpenApiTypes.NONE, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + exclude=True ) @swagger_auto_schema( - request_body=no_body, - responses={status.HTTP_405_METHOD_NOT_ALLOWED: ""}, + auto_schema=None ) def partial_update(self, request, pk=None): # Object authorization won't work if not all data is provided - response = {'message': 'Patch function is not offered in this path.'} + response = {"message": "Patch function is not offered in this path."} return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED) # Authorization: object-based -class StubFindingsViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class StubFindingsViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.StubFindingSerializer queryset = Stub_Finding.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'title', 'date', 'severity', 'description') - permission_classes = (IsAuthenticated, permissions.UserHasFindingPermission) + filterset_fields = ["id", "title", "date", "severity", "description"] + swagger_schema = prefetch.get_prefetch_schema( + ["stub_findings_list", "stub_findings_read"], + serializers.StubFindingSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasFindingPermission, + ) def get_queryset(self): - return get_authorized_stub_findings(Permissions.Finding_View).distinct() + return get_authorized_stub_findings( + Permissions.Finding_View + ).distinct() def get_serializer_class(self): - if self.request and self.request.method == 'POST': + if self.request and self.request.method == "POST": return serializers.StubFindingCreateSerializer else: return serializers.StubFindingSerializer -# Authorization: configuration -class DevelopmentEnvironmentViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +# Authorization: authenticated, configuration +class DevelopmentEnvironmentViewSet( + DojoModelViewSet, +): serializer_class = serializers.DevelopmentEnvironmentSerializer queryset = Development_Environment.objects.all() filter_backends = (DjangoFilterBackend,) @@ -1520,17 +2451,17 @@ class DevelopmentEnvironmentViewSet(mixins.ListModelMixin, # Authorization: object-based -class TestsViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - ra_api.AcceptedRisksMixin, - viewsets.GenericViewSet): +class TestsViewSet( + PrefetchDojoModelViewSet, + ra_api.AcceptedRisksMixin, +): serializer_class = serializers.TestSerializer queryset = Test.objects.none() filter_backends = (DjangoFilterBackend,) - filter_class = ApiTestFilter + filterset_class = ApiTestFilter + swagger_schema = prefetch.get_prefetch_schema( + ["tests_list", "tests_read"], serializers.TestSerializer + ).to_schema() permission_classes = (IsAuthenticated, permissions.UserHasTestPermission) @property @@ -1538,13 +2469,24 @@ def risk_application_model_class(self): return Test def get_queryset(self): - return get_authorized_tests(Permissions.Test_View).prefetch_related( - 'notes', - 'files').distinct() + return ( + get_authorized_tests(Permissions.Test_View) + .prefetch_related("notes", "files") + .distinct() + ) + + def destroy(self, request, *args, **kwargs): + instance = self.get_object() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(instance) + else: + instance.delete() + return Response(status=status.HTTP_204_NO_CONTENT) def get_serializer_class(self): - if self.request and self.request.method == 'POST': - if self.action == 'accept_risks': + if self.request and self.request.method == "POST": + if self.action == "accept_risks": return ra_api.AcceptedRiskSerializer return serializers.TestCreateSerializer else: @@ -1558,339 +2500,469 @@ def get_serializer_class(self): request_body=serializers.ReportGenerateOptionSerializer, responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, ) - @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated]) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated] + ) def generate_report(self, request, pk=None): test = self.get_object() options = {} # prepare post data - report_options = serializers.ReportGenerateOptionSerializer(data=request.data) + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data + ) if report_options.is_valid(): - options['include_finding_notes'] = report_options.validated_data['include_finding_notes'] - options['include_finding_images'] = report_options.validated_data['include_finding_images'] - options['include_executive_summary'] = report_options.validated_data['include_executive_summary'] - options['include_table_of_contents'] = report_options.validated_data['include_table_of_contents'] + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] else: - return Response(report_options.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST + ) data = report_generate(request, test, options) report = serializers.ReportGenerateSerializer(data) return Response(report.data) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.TestToNotesSerializer} + methods=["GET"], + responses={status.HTTP_200_OK: serializers.TestToNotesSerializer}, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.TestToNotesSerializer} + method="get", + responses={status.HTTP_200_OK: serializers.TestToNotesSerializer}, ) @swagger_auto_schema( - methods=['post'], + methods=["post"], request_body=serializers.AddNewNoteOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.NoteSerializer} + responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) @action(detail=True, methods=["get", "post"]) def notes(self, request, pk=None): test = self.get_object() - if request.method == 'POST': - new_note = serializers.AddNewNoteOptionSerializer(data=request.data) + if request.method == "POST": + new_note = serializers.AddNewNoteOptionSerializer( + data=request.data + ) if new_note.is_valid(): - entry = new_note.validated_data['entry'] - private = new_note.validated_data.get('private', False) - note_type = new_note.validated_data.get('note_type', None) + entry = new_note.validated_data["entry"] + private = new_note.validated_data.get("private", False) + note_type = new_note.validated_data.get("note_type", None) else: - return Response(new_note.errors, - status=status.HTTP_400_BAD_REQUEST) + return Response( + new_note.errors, status=status.HTTP_400_BAD_REQUEST + ) author = request.user - note = Notes(entry=entry, author=author, private=private, note_type=note_type) + note = Notes( + entry=entry, + author=author, + private=private, + note_type=note_type, + ) note.save() test.notes.add(note) - serialized_note = serializers.NoteSerializer({ - "author": author, "entry": entry, - "private": private - }) - result = serializers.TestToNotesSerializer({ - "test_id": test, "notes": [serialized_note.data] - }) - return Response(serialized_note.data, - status=status.HTTP_201_CREATED) + serialized_note = serializers.NoteSerializer( + {"author": author, "entry": entry, "private": private} + ) + return Response( + serialized_note.data, status=status.HTTP_201_CREATED + ) notes = test.notes.all() - serialized_notes = serializers.TestToNotesSerializer({ - "test_id": test, "notes": notes - }) - return Response(serialized_notes.data, - status=status.HTTP_200_OK) + serialized_notes = serializers.TestToNotesSerializer( + {"test_id": test, "notes": notes} + ) + return Response(serialized_notes.data, status=status.HTTP_200_OK) @extend_schema( - methods=['GET'], - responses={status.HTTP_200_OK: serializers.TestToFilesSerializer} + methods=["GET"], + responses={status.HTTP_200_OK: serializers.TestToFilesSerializer}, ) @extend_schema( - methods=['POST'], + methods=["POST"], request=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.TestToFilesSerializer} + method="get", + responses={status.HTTP_200_OK: serializers.TestToFilesSerializer}, ) @swagger_auto_schema( - method='post', + method="post", request_body=serializers.AddNewFileOptionSerializer, - responses={status.HTTP_201_CREATED: serializers.FileSerializer} + responses={status.HTTP_201_CREATED: serializers.FileSerializer}, + ) + @action( + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,) ) - @action(detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,)) def files(self, request, pk=None): test = self.get_object() - if request.method == 'POST': + if request.method == "POST": new_file = serializers.FileSerializer(data=request.data) if new_file.is_valid(): - title = new_file.validated_data['title'] - file = new_file.validated_data['file'] + title = new_file.validated_data["title"] + file = new_file.validated_data["file"] else: - return Response(new_file.errors, status=status.HTTP_400_BAD_REQUEST) + return Response( + new_file.errors, status=status.HTTP_400_BAD_REQUEST + ) file = FileUpload(title=title, file=file) file.save() test.files.add(file) serialized_file = serializers.FileSerializer(file) - return Response(serialized_file.data, status=status.HTTP_201_CREATED) + return Response( + serialized_file.data, status=status.HTTP_201_CREATED + ) files = test.files.all() - serialized_files = serializers.TestToFilesSerializer({ - "test_id": test, "files": files - }) + serialized_files = serializers.TestToFilesSerializer( + {"test_id": test, "files": files} + ) return Response(serialized_files.data, status=status.HTTP_200_OK) - -# Authorization: configuration -class TestTypesViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): + @extend_schema( + methods=["GET"], + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @swagger_auto_schema( + method="get", + responses={ + status.HTTP_200_OK: serializers.RawFileSerializer, + }, + ) + @action( + detail=True, + methods=["get"], + url_path=r"files/download/(?P\d+)", + ) + def download_file(self, request, file_id, pk=None): + test = self.get_object() + # Get the file object + file_object_qs = test.files.filter(id=file_id) + file_object = ( + file_object_qs.first() if len(file_object_qs) > 0 else None + ) + if file_object is None: + return Response( + {"error": "File ID not associated with Test"}, + status=status.HTTP_404_NOT_FOUND, + ) + # Get the path of the file in media root + file_path = f"{settings.MEDIA_ROOT}/{file_object.file.url.lstrip(settings.MEDIA_URL)}" + file_handle = open(file_path, "rb") + # send file + response = FileResponse( + file_handle, + content_type=f"{mimetypes.guess_type(file_path)}", + status=status.HTTP_200_OK, + ) + response["Content-Length"] = file_object.file.size + response[ + "Content-Disposition" + ] = f'attachment; filename="{file_object.file.name}"' + + return response + + +# Authorization: authenticated, configuration +class TestTypesViewSet( + mixins.UpdateModelMixin, + mixins.CreateModelMixin, + viewsets.ReadOnlyModelViewSet, +): serializer_class = serializers.TestTypeSerializer queryset = Test_Type.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('name',) + filterset_fields = [ + "name", + ] permission_classes = (IsAuthenticated, DjangoModelPermissions) @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class TestImportViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class TestImportViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.TestImportSerializer queryset = Test_Import.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('test', 'findings_affected', 'version', 'branch_tag', 'build_id', 'commit_hash', 'test_import_finding_action__action', - 'test_import_finding_action__finding', 'test_import_finding_action__created') - swagger_schema = prefetch.get_prefetch_schema(["test_imports_list", "test_imports_read"], serializers.TestImportSerializer). \ - to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasTestImportPermission) + filterset_fields = [ + "test", + "findings_affected", + "version", + "branch_tag", + "build_id", + "commit_hash", + "test_import_finding_action__action", + "test_import_finding_action__finding", + "test_import_finding_action__created", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["test_imports_list", "test_imports_read"], + serializers.TestImportSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasTestImportPermission, + ) def get_queryset(self): - return get_authorized_test_imports(Permissions.Test_View).prefetch_related( - 'test_import_finding_action_set', - 'findings_affected', - 'findings_affected__endpoints', - 'findings_affected__endpoint_status', - 'findings_affected__finding_meta', - 'findings_affected__jira_issue', - 'findings_affected__burprawrequestresponse_set', - 'findings_affected__jira_issue', - 'findings_affected__jira_issue', - 'findings_affected__jira_issue', - 'findings_affected__reviewers', - 'findings_affected__notes', - 'findings_affected__notes__author', - 'findings_affected__notes__history', - 'findings_affected__files', - 'findings_affected__found_by', - 'findings_affected__tags', - 'findings_affected__risk_acceptance_set', - 'test', - 'test__tags', - 'test__notes', - 'test__notes__author', - 'test__files', - 'test__test_type', - 'test__engagement', - 'test__environment', - 'test__engagement__product', - 'test__engagement__product__prod_type') - - -# Authorization: superuser -class ToolConfigurationsViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): + return get_authorized_test_imports( + Permissions.Test_View + ).prefetch_related( + "test_import_finding_action_set", + "findings_affected", + "findings_affected__endpoints", + "findings_affected__status_finding", + "findings_affected__finding_meta", + "findings_affected__jira_issue", + "findings_affected__burprawrequestresponse_set", + "findings_affected__jira_issue", + "findings_affected__jira_issue", + "findings_affected__jira_issue", + "findings_affected__reviewers", + "findings_affected__notes", + "findings_affected__notes__author", + "findings_affected__notes__history", + "findings_affected__files", + "findings_affected__found_by", + "findings_affected__tags", + "findings_affected__risk_acceptance_set", + "test", + "test__tags", + "test__notes", + "test__notes__author", + "test__files", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) + + +# Authorization: configurations +class ToolConfigurationsViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ToolConfigurationSerializer queryset = Tool_Configuration.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'tool_type', 'url', 'authentication_type') - permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) + filterset_fields = [ + "id", + "name", + "tool_type", + "url", + "authentication_type", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["tool_configurations_list", "tool_configurations_read"], + serializers.ToolConfigurationSerializer, + ).to_schema() + permission_classes = (permissions.UserHasConfigurationPermissionSuperuser,) # Authorization: object-based -class ToolProductSettingsViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ToolProductSettingsViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.ToolProductSettingsSerializer queryset = Tool_Product_Settings.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'product', 'tool_configuration', - 'tool_project_id', 'url') - permission_classes = (IsAuthenticated, permissions.UserHasToolProductSettingsPermission) + filterset_fields = [ + "id", + "name", + "product", + "tool_configuration", + "tool_project_id", + "url", + ] + swagger_schema = prefetch.get_prefetch_schema( + ["tool_configurations_list", "tool_configurations_read"], + serializers.ToolConfigurationSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasToolProductSettingsPermission, + ) def get_queryset(self): return get_authorized_tool_product_settings(Permissions.Product_View) # Authorization: configuration -class ToolTypesViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class ToolTypesViewSet( + DojoModelViewSet, +): serializer_class = serializers.ToolTypeSerializer queryset = Tool_Type.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'description') - permission_classes = (permissions.UserHasConfigurationPermissionStaff, ) + filterset_fields = ["id", "name", "description"] + permission_classes = (permissions.UserHasConfigurationPermissionSuperuser,) -# Authorization: authenticated users -class RegulationsViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +# Authorization: authenticated, configuration +class RegulationsViewSet( + DojoModelViewSet, +): serializer_class = serializers.RegulationSerializer queryset = Regulation.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'description') + filterset_fields = ["id", "name", "description"] permission_classes = (IsAuthenticated, DjangoModelPermissions) # Authorization: configuration -class UsersViewSet(mixins.CreateModelMixin, - mixins.UpdateModelMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class UsersViewSet( + DojoModelViewSet, +): serializer_class = serializers.UserSerializer queryset = User.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'username', 'first_name', 'last_name', 'email') - permission_classes = (permissions.UserHasConfigurationPermissionStaff, ) + filterset_fields = [ + "id", + "username", + "first_name", + "last_name", + "email", + "is_active", + "is_superuser", + ] + permission_classes = (permissions.UserHasConfigurationPermissionSuperuser,) def destroy(self, request, *args, **kwargs): instance = self.get_object() if request.user == instance: - return Response('Users may not delete themselves', status=status.HTTP_400_BAD_REQUEST) + return Response( + "Users may not delete themselves", + status=status.HTTP_400_BAD_REQUEST, + ) self.perform_destroy(instance) return Response(status=status.HTTP_204_NO_CONTENT) # Authorization: superuser @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class UserContactInfoViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - viewsets.GenericViewSet): +class UserContactInfoViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.UserContactInfoSerializer queryset = UserContactInfo.objects.all() - swagger_schema = prefetch.get_prefetch_schema(["user_contact_infos_list", "user_contact_infos_read"], - serializers.UserContactInfoSerializer).to_schema() + swagger_schema = prefetch.get_prefetch_schema( + ["user_contact_infos_list", "user_contact_infos_read"], + serializers.UserContactInfoSerializer, + ).to_schema() filter_backends = (DjangoFilterBackend,) - filter_fields = '__all__' + filterset_fields = "__all__" permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) # Authorization: authenticated users class UserProfileView(GenericAPIView): - permission_classes = (IsAuthenticated, ) + permission_classes = (IsAuthenticated,) pagination_class = None serializer_class = serializers.UserProfileSerializer @swagger_auto_schema( - method='get', - responses={status.HTTP_200_OK: serializers.UserProfileSerializer} + method="get", + responses={status.HTTP_200_OK: serializers.UserProfileSerializer}, + ) + @action( + detail=True, methods=["get"], filter_backends=[], pagination_class=None ) - @action(detail=True, methods=["get"], - filter_backends=[], pagination_class=None) def get(self, request, format=None): user = get_current_user() - user_contact_info = user.usercontactinfo if hasattr(user, 'usercontactinfo') else None - global_role = user.global_role if hasattr(user, 'global_role') else None + user_contact_info = ( + user.usercontactinfo if hasattr(user, "usercontactinfo") else None + ) + global_role = ( + user.global_role if hasattr(user, "global_role") else None + ) dojo_group_member = Dojo_Group_Member.objects.filter(user=user) product_type_member = Product_Type_Member.objects.filter(user=user) product_member = Product_Member.objects.filter(user=user) serializer = serializers.UserProfileSerializer( - {"user": user, - "user_contact_info": user_contact_info, - "global_role": global_role, - "dojo_group_member": dojo_group_member, - "product_type_member": product_type_member, - "product_member": product_member}, many=False) + { + "user": user, + "user_contact_info": user_contact_info, + "global_role": global_role, + "dojo_group_member": dojo_group_member, + "product_type_member": product_type_member, + "product_member": product_member, + }, + many=False, + ) return Response(serializer.data) # Authorization: authenticated users, DjangoModelPermissions -class ImportScanView(mixins.CreateModelMixin, - viewsets.GenericViewSet): +class ImportScanView(mixins.CreateModelMixin, viewsets.GenericViewSet): """ Imports a scan report into an engagement or product. @@ -1912,26 +2984,52 @@ class ImportScanView(mixins.CreateModelMixin, When using names you can let the importer automatically create Engagements, Products and Product_Types by using `auto_create_context=True`. + + When `auto_create_context` is set to `True` you can use `deduplication_on_engagement` to restrict deduplication for + imported Findings to the newly created Engagement. """ + serializer_class = serializers.ImportScanSerializer parser_classes = [MultiPartParser] queryset = Test.objects.none() permission_classes = (IsAuthenticated, permissions.UserHasImportPermission) def perform_create(self, serializer): - _, _, _, engagement_id, engagement_name, product_name, product_type_name, auto_create_context = serializers.get_import_meta_data_from_dict(serializer.validated_data) + ( + _, + _, + _, + engagement_id, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = serializers.get_import_meta_data_from_dict( + serializer.validated_data + ) product = get_target_product_if_exists(product_name) - engagement = get_target_engagement_if_exists(engagement_id, engagement_name, product) - - # when using auto_create_context, the engagement or product may not have been created yet - jira_driver = engagement if engagement else product if product else None - jira_project = jira_helper.get_jira_project(jira_driver) if jira_driver else None - - push_to_jira = serializer.validated_data.get('push_to_jira') - if get_system_setting('enable_jira') and jira_project: + engagement = get_target_engagement_if_exists( + engagement_id, engagement_name, product + ) + + # when using auto_create_context, the engagement or product may not + # have been created yet + jira_driver = ( + engagement if engagement else product if product else None + ) + jira_project = ( + jira_helper.get_jira_project(jira_driver) if jira_driver else None + ) + + push_to_jira = serializer.validated_data.get("push_to_jira") + if get_system_setting("enable_jira") and jira_project: push_to_jira = push_to_jira or jira_project.push_all_issues - logger.debug('push_to_jira: %s', serializer.validated_data.get('push_to_jira')) + logger.debug( + "push_to_jira: %s", serializer.validated_data.get("push_to_jira") + ) serializer.save(push_to_jira=push_to_jira) def get_queryset(self): @@ -1939,10 +3037,11 @@ def get_queryset(self): # Authorization: authenticated users, DjangoModelPermissions -class EndpointMetaImporterView(mixins.CreateModelMixin, - viewsets.GenericViewSet): +class EndpointMetaImporterView( + mixins.CreateModelMixin, viewsets.GenericViewSet +): """ - Imports a CSV file into a product to propogate arbitrary meta and tags on endpoints. + Imports a CSV file into a product to propagate arbitrary meta and tags on endpoints. By Names: - Provide `product_name` of existing product @@ -1952,10 +3051,14 @@ class EndpointMetaImporterView(mixins.CreateModelMixin, In this scenario Defect Dojo will look up the product by the provided details. """ + serializer_class = serializers.EndpointMetaImporterSerializer parser_classes = [MultiPartParser] queryset = Product.objects.all() - permission_classes = (IsAuthenticated, permissions.UserHasMetaImportPermission) + permission_classes = ( + IsAuthenticated, + permissions.UserHasMetaImportPermission, + ) def perform_create(self, serializer): serializer.save() @@ -1964,68 +3067,77 @@ def get_queryset(self): return get_authorized_products(Permissions.Endpoint_Edit) -# Authorization: staff users -class LanguageTypeViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.CreateModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +# Authorization: configuration +class LanguageTypeViewSet( + DojoModelViewSet, +): serializer_class = serializers.LanguageTypeSerializer queryset = Language_Type.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'language', 'color') - permission_classes = (IsAdminUser, DjangoModelPermissions) + filterset_fields = ["id", "language", "color"] + permission_classes = (permissions.UserHasConfigurationPermissionStaff,) # Authorization: object-based @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class LanguageViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.UpdateModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class LanguageViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.LanguageSerializer queryset = Languages.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'language', 'product') - swagger_schema = prefetch.get_prefetch_schema(["languages_list", "languages_read"], - serializers.LanguageSerializer).to_schema() - permission_classes = (IsAuthenticated, permissions.UserHasLanguagePermission) + filterset_fields = ["id", "language", "product"] + swagger_schema = prefetch.get_prefetch_schema( + ["languages_list", "languages_read"], serializers.LanguageSerializer + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasLanguagePermission, + ) def get_queryset(self): return get_authorized_languages(Permissions.Language_View).distinct() # Authorization: object-based -class ImportLanguagesView(mixins.CreateModelMixin, - viewsets.GenericViewSet): +class ImportLanguagesView(mixins.CreateModelMixin, viewsets.GenericViewSet): serializer_class = serializers.ImportLanguagesSerializer parser_classes = [MultiPartParser] queryset = Product.objects.none() - permission_classes = (IsAuthenticated, permissions.UserHasLanguagePermission) + permission_classes = ( + IsAuthenticated, + permissions.UserHasLanguagePermission, + ) def get_queryset(self): return get_authorized_products(Permissions.Language_Add) -# Authorization: authenticated users, DjangoModelPermissions -class ReImportScanView(mixins.CreateModelMixin, - viewsets.GenericViewSet): +# Authorization: object-based +class ReImportScanView(mixins.CreateModelMixin, viewsets.GenericViewSet): """ Reimports a scan report into an existing test. @@ -2048,58 +3160,106 @@ class ReImportScanView(mixins.CreateModelMixin, When using names you can let the importer automatically create Engagements, Products and Product_Types by using `auto_create_context=True`. + + When `auto_create_context` is set to `True` you can use `deduplication_on_engagement` to restrict deduplication for + imported Findings to the newly created Engagement. """ + serializer_class = serializers.ReImportScanSerializer parser_classes = [MultiPartParser] queryset = Test.objects.none() - permission_classes = (IsAuthenticated, permissions.UserHasReimportPermission) + permission_classes = ( + IsAuthenticated, + permissions.UserHasReimportPermission, + ) def get_queryset(self): return get_authorized_tests(Permissions.Import_Scan_Result) def perform_create(self, serializer): - test_id, test_title, scan_type, _, engagement_name, product_name, product_type_name, auto_create_context = serializers.get_import_meta_data_from_dict(serializer.validated_data) + ( + test_id, + test_title, + scan_type, + _, + engagement_name, + product_name, + product_type_name, + auto_create_context, + deduplication_on_engagement, + do_not_reactivate, + ) = serializers.get_import_meta_data_from_dict( + serializer.validated_data + ) product = get_target_product_if_exists(product_name) - engagement = get_target_engagement_if_exists(None, engagement_name, product) - test = get_target_test_if_exists(test_id, test_title, scan_type, engagement) - - # when using auto_create_context, the engagement or product may not have been created yet - jira_driver = test if test else engagement if engagement else product if product else None - jira_project = jira_helper.get_jira_project(jira_driver) if jira_driver else None - - push_to_jira = serializer.validated_data.get('push_to_jira') - if get_system_setting('enable_jira') and jira_project: + engagement = get_target_engagement_if_exists( + None, engagement_name, product + ) + test = get_target_test_if_exists( + test_id, test_title, scan_type, engagement + ) + + # when using auto_create_context, the engagement or product may not + # have been created yet + jira_driver = ( + test + if test + else engagement + if engagement + else product + if product + else None + ) + jira_project = ( + jira_helper.get_jira_project(jira_driver) if jira_driver else None + ) + + push_to_jira = serializer.validated_data.get("push_to_jira") + if get_system_setting("enable_jira") and jira_project: push_to_jira = push_to_jira or jira_project.push_all_issues - logger.debug('push_to_jira: %s', serializer.validated_data.get('push_to_jira')) + logger.debug( + "push_to_jira: %s", serializer.validated_data.get("push_to_jira") + ) serializer.save(push_to_jira=push_to_jira) -# Authorization: staff -class NoteTypeViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +# Authorization: configuration +class NoteTypeViewSet( + DojoModelViewSet, +): serializer_class = serializers.NoteTypeSerializer queryset = Note_Type.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'name', 'description', 'is_single', 'is_active', 'is_mandatory') - permission_classes = (IsAdminUser, DjangoModelPermissions) + filterset_fields = [ + "id", + "name", + "description", + "is_single", + "is_active", + "is_mandatory", + ] + permission_classes = (permissions.UserHasConfigurationPermissionSuperuser,) # Authorization: superuser -class NotesViewSet(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class NotesViewSet( + mixins.UpdateModelMixin, + viewsets.ReadOnlyModelViewSet, +): serializer_class = serializers.NoteSerializer queryset = Notes.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'entry', 'author', - 'private', 'date', 'edited', - 'edit_time', 'editor') + filterset_fields = [ + "id", + "entry", + "author", + "private", + "date", + "edited", + "edit_time", + "editor", + ] permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) @@ -2111,15 +3271,6 @@ def report_generate(request, obj, options): test = None endpoint = None endpoints = None - endpoint_all_findings = None - endpoint_monthly_counts = None - endpoint_active_findings = None - accepted_findings = None - open_findings = None - closed_findings = None - verified_findings = None - report_title = None - report_subtitle = None include_finding_notes = False include_finding_images = False @@ -2127,34 +3278,37 @@ def report_generate(request, obj, options): include_table_of_contents = False report_info = "Generated By %s on %s" % ( - user.get_full_name(), (timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) + user.get_full_name(), + (timezone.now().strftime("%m/%d/%Y %I:%M%p %Z")), + ) # generate = "_generate" in request.GET report_name = str(obj) - report_type = type(obj).__name__ - include_finding_notes = options.get('include_finding_notes', False) - include_finding_images = options.get('include_finding_images', False) - include_executive_summary = options.get('include_executive_summary', False) - include_table_of_contents = options.get('include_table_of_contents', False) + include_finding_notes = options.get("include_finding_notes", False) + include_finding_images = options.get("include_finding_images", False) + include_executive_summary = options.get("include_executive_summary", False) + include_table_of_contents = options.get("include_table_of_contents", False) if type(obj).__name__ == "Product_Type": product_type = obj report_name = "Product Type Report: " + str(product_type) - report_title = "Product Type Report" - report_subtitle = str(product_type) - - findings = ReportFindingFilter(request.GET, prod_type=product_type, queryset=prefetch_related_findings_for_report(Finding.objects.filter( - test__engagement__product__prod_type=product_type))) - products = Product.objects.filter(prod_type=product_type, - engagement__test__finding__in=findings.qs).distinct() - engagements = Engagement.objects.filter(product__prod_type=product_type, - test__finding__in=findings.qs).distinct() - tests = Test.objects.filter(engagement__product__prod_type=product_type, - finding__in=findings.qs).distinct() + + findings = ReportFindingFilter( + request.GET, + prod_type=product_type, + queryset=prefetch_related_findings_for_report( + Finding.objects.filter( + test__engagement__product__prod_type=product_type + ) + ), + ) + if len(findings.qs) > 0: - start_date = timezone.make_aware(datetime.combine(findings.qs.last().date, datetime.min.time())) + start_date = timezone.make_aware( + datetime.combine(findings.qs.last().date, datetime.min.time()) + ) else: start_date = timezone.now() @@ -2165,116 +3319,110 @@ def report_generate(request, obj, options): # include current month months_between += 1 - endpoint_monthly_counts = get_period_counts_legacy(findings.qs.order_by('numerical_severity'), findings.qs.order_by('numerical_severity'), None, - months_between, start_date, - relative_delta='months') - elif type(obj).__name__ == "Product": product = obj report_name = "Product Report: " + str(product) - report_title = "Product Report" - report_subtitle = str(product) - findings = ReportFindingFilter(request.GET, product=product, queryset=prefetch_related_findings_for_report(Finding.objects.filter( - test__engagement__product=product))) - ids = set(finding.id for finding in findings.qs) - engagements = Engagement.objects.filter(test__finding__id__in=ids).distinct() - tests = Test.objects.filter(finding__id__in=ids).distinct() - ids = get_endpoint_ids(Endpoint.objects.filter(product=product).distinct()) + + findings = ReportFindingFilter( + request.GET, + product=product, + queryset=prefetch_related_findings_for_report( + Finding.objects.filter(test__engagement__product=product) + ), + ) + ids = get_endpoint_ids( + Endpoint.objects.filter(product=product).distinct() + ) endpoints = Endpoint.objects.filter(id__in=ids) elif type(obj).__name__ == "Engagement": engagement = obj - findings = ReportFindingFilter(request.GET, engagement=engagement, - queryset=prefetch_related_findings_for_report(Finding.objects.filter(test__engagement=engagement))) + findings = ReportFindingFilter( + request.GET, + engagement=engagement, + queryset=prefetch_related_findings_for_report( + Finding.objects.filter(test__engagement=engagement) + ), + ) report_name = "Engagement Report: " + str(engagement) - report_title = "Engagement Report" - report_subtitle = str(engagement) - ids = set(finding.id for finding in findings.qs) - tests = Test.objects.filter(finding__id__in=ids).distinct() - ids = get_endpoint_ids(Endpoint.objects.filter(product=engagement.product).distinct()) + ids = get_endpoint_ids( + Endpoint.objects.filter(product=engagement.product).distinct() + ) endpoints = Endpoint.objects.filter(id__in=ids) elif type(obj).__name__ == "Test": test = obj - findings = ReportFindingFilter(request.GET, engagement=test.engagement, - queryset=prefetch_related_findings_for_report(Finding.objects.filter(test=test))) - filename = "test_finding_report.pdf" - template = "dojo/test_pdf_report.html" + findings = ReportFindingFilter( + request.GET, + engagement=test.engagement, + queryset=prefetch_related_findings_for_report( + Finding.objects.filter(test=test) + ), + ) report_name = "Test Report: " + str(test) - report_title = "Test Report" - report_subtitle = str(test) elif type(obj).__name__ == "Endpoint": endpoint = obj host = endpoint.host report_name = "Endpoint Report: " + host - report_type = "Endpoint" - endpoints = Endpoint.objects.filter(host=host, - product=endpoint.product).distinct() - report_title = "Endpoint Report" - report_subtitle = host - findings = ReportFindingFilter(request.GET, - queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) + endpoints = Endpoint.objects.filter( + host=host, product=endpoint.product + ).distinct() + findings = ReportFindingFilter( + request.GET, + queryset=prefetch_related_findings_for_report( + Finding.objects.filter(endpoints__in=endpoints) + ), + ) elif type(obj).__name__ == "CastTaggedQuerySet": - findings = ReportFindingFilter(request.GET, - queryset=prefetch_related_findings_for_report(obj).distinct()) + findings = ReportFindingFilter( + request.GET, + queryset=prefetch_related_findings_for_report(obj).distinct(), + ) - report_name = 'Finding' - report_type = 'Finding' - report_title = "Finding Report" - report_subtitle = '' + report_name = "Finding" else: raise Http404() result = { - 'product_type': product_type, - 'product': product, - 'engagement': engagement, - 'report_name': report_name, - 'report_info': report_info, - 'test': test, - 'endpoint': endpoint, - 'endpoints': endpoints, - 'findings': findings.qs.order_by('numerical_severity'), - 'include_table_of_contents': include_table_of_contents, - 'user': user, - 'team_name': settings.TEAM_NAME, - 'title': 'Generate Report', - 'user_id': request.user.id, - 'host': report_url_resolver(request), + "product_type": product_type, + "product": product, + "engagement": engagement, + "report_name": report_name, + "report_info": report_info, + "test": test, + "endpoint": endpoint, + "endpoints": endpoints, + "findings": findings.qs.order_by("numerical_severity"), + "include_table_of_contents": include_table_of_contents, + "user": user, + "team_name": settings.TEAM_NAME, + "title": "Generate Report", + "user_id": request.user.id, + "host": report_url_resolver(request), } finding_notes = [] finding_files = [] if include_finding_images: - for finding in findings.qs.order_by('numerical_severity'): + for finding in findings.qs.order_by("numerical_severity"): files = finding.files.all() if files: - finding_files.append( - { - "finding_id": finding, - "files": files - } - ) - result['finding_files'] = finding_files + finding_files.append({"finding_id": finding, "files": files}) + result["finding_files"] = finding_files if include_finding_notes: - for finding in findings.qs.order_by('numerical_severity'): + for finding in findings.qs.order_by("numerical_severity"): notes = finding.notes.filter(private=False) if notes: - finding_notes.append( - { - "finding_id": finding, - "notes": notes - } - ) - result['finding_notes'] = finding_notes + finding_notes.append({"finding_id": finding, "notes": notes}) + result["finding_notes"] = finding_notes # Generating Executive summary based on obj type if include_executive_summary and type(obj).__name__ != "Endpoint": @@ -2306,7 +3454,7 @@ def report_generate(request, obj, options): if eng.test_set.all(): for t in eng.test_set.all(): test_type_name = t.test_type.name - if test.environment: + if t.environment: test_environment_name = t.environment.name test_target_start = t.target_start if t.target_end: @@ -2383,28 +3531,29 @@ def report_generate(request, obj, options): pass # do nothing executive_summary = { - 'engagement_name': engagement_name, - 'engagement_target_start': engagement_target_start, - 'engagement_target_end': engagement_target_end, - 'test_type_name': test_type_name, - 'test_target_start': test_target_start, - 'test_target_end': test_target_end, - 'test_environment_name': test_environment_name, - 'test_strategy_ref': test_strategy_ref, - 'total_findings': total_findings + "engagement_name": engagement_name, + "engagement_target_start": engagement_target_start, + "engagement_target_end": engagement_target_end, + "test_type_name": test_type_name, + "test_target_start": test_target_start, + "test_target_end": test_target_end, + "test_environment_name": test_environment_name, + "test_strategy_ref": test_strategy_ref, + "total_findings": total_findings, } # End of executive summary generation - result['executive_summary'] = executive_summary + result["executive_summary"] = executive_summary return result # Authorization: superuser -class SystemSettingsViewSet(mixins.ListModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): - """ Basic control over System Settings. Use 'id' 1 for PUT, PATCH operations """ +class SystemSettingsViewSet( + mixins.ListModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet +): + """Basic control over System Settings. Use 'id' 1 for PUT, PATCH operations""" + permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) serializer_class = serializers.SystemSettingsSerializer queryset = System_Settings.objects.all() @@ -2412,59 +3561,191 @@ class SystemSettingsViewSet(mixins.ListModelMixin, # Authorization: superuser @extend_schema_view( - list=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], + list=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], + ), + retrieve=extend_schema( + parameters=[ + OpenApiParameter( + "prefetch", + OpenApiTypes.STR, + OpenApiParameter.QUERY, + required=False, + description="List of fields for which to prefetch model instances and add those to the response", + ), + ], ), - retrieve=extend_schema(parameters=[ - OpenApiParameter("prefetch", OpenApiTypes.STR, OpenApiParameter.QUERY, required=False, - description="List of fields for which to prefetch model instances and add those to the response"), - ], - ) ) -class NotificationsViewSet(prefetch.PrefetchListMixin, - prefetch.PrefetchRetrieveMixin, - mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - mixins.UpdateModelMixin, - viewsets.GenericViewSet): +class NotificationsViewSet( + PrefetchDojoModelViewSet, +): serializer_class = serializers.NotificationsSerializer queryset = Notifications.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'user', 'product') + filterset_fields = ["id", "user", "product", "template"] permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) - swagger_schema = prefetch.get_prefetch_schema(["notifications_list", "notifications_read"], - serializers.NotificationsSerializer).to_schema() + swagger_schema = prefetch.get_prefetch_schema( + ["notifications_list", "notifications_read"], + serializers.NotificationsSerializer, + ).to_schema() -class EngagementPresetsViewset(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class EngagementPresetsViewset( + PrefetchDojoModelViewSet, +): serializer_class = serializers.EngagementPresetsSerializer queryset = Engagement_Presets.objects.none() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'title', 'product') - - permission_classes = (IsAuthenticated, permissions.UserHasEngagementPresetPermission) + filterset_fields = ["id", "title", "product"] + swagger_schema = prefetch.get_prefetch_schema( + ["engagement_presets_list", "engagement_presets_read"], + serializers.EngagementPresetsSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasEngagementPresetPermission, + ) def get_queryset(self): return get_authorized_engagement_presets(Permissions.Product_View) -class NetworkLocationsViewset(mixins.ListModelMixin, - mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - mixins.CreateModelMixin, - viewsets.GenericViewSet): +class EngagementCheckListViewset( + PrefetchDojoModelViewSet, +): + serializer_class = serializers.EngagementCheckListSerializer + queryset = Check_List.objects.none() + filter_backends = (DjangoFilterBackend,) + swagger_schema = prefetch.get_prefetch_schema( + ["engagement_checklists_list", "engagement_checklists_read"], + serializers.EngagementCheckListSerializer, + ).to_schema() + permission_classes = ( + IsAuthenticated, + permissions.UserHasEngagementPermission, + ) + + def get_queryset(self): + return get_authorized_engagement_checklists(Permissions.Product_View) + + +class NetworkLocationsViewset( + DojoModelViewSet, +): serializer_class = serializers.NetworkLocationsSerializer queryset = Network_Locations.objects.all() filter_backends = (DjangoFilterBackend,) - filter_fields = ('id', 'location') + filterset_fields = ["id", "location"] permission_classes = (IsAuthenticated, DjangoModelPermissions) + + +# Authorization: superuser +class ConfigurationPermissionViewSet( + viewsets.ReadOnlyModelViewSet, +): + serializer_class = serializers.ConfigurationPermissionSerializer + queryset = Permission.objects.filter( + codename__in=get_configuration_permissions_codenames() + ) + filter_backends = (DjangoFilterBackend,) + filterset_fields = ["id", "name", "codename"] + permission_classes = (permissions.IsSuperUser, DjangoModelPermissions) + + +class SLAConfigurationViewset( + DojoModelViewSet, +): + serializer_class = serializers.SLAConfigurationSerializer + queryset = SLA_Configuration.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = (IsAuthenticated, DjangoModelPermissions) + + +class QuestionnaireQuestionViewSet( + viewsets.ReadOnlyModelViewSet, + dojo_mixins.QuestionSubClassFieldsMixin, +): + serializer_class = serializers.QuestionnaireQuestionSerializer + queryset = Question.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = ( + permissions.UserHasEngagementPermission, + DjangoModelPermissions, + ) + + +class QuestionnaireAnswerViewSet( + viewsets.ReadOnlyModelViewSet, + dojo_mixins.AnswerSubClassFieldsMixin, +): + serializer_class = serializers.QuestionnaireAnswerSerializer + queryset = Answer.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = ( + permissions.UserHasEngagementPermission, + DjangoModelPermissions, + ) + + +class QuestionnaireGeneralSurveyViewSet( + viewsets.ReadOnlyModelViewSet, +): + serializer_class = serializers.QuestionnaireGeneralSurveySerializer + queryset = General_Survey.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = ( + permissions.UserHasEngagementPermission, + DjangoModelPermissions, + ) + + +class QuestionnaireEngagementSurveyViewSet( + viewsets.ReadOnlyModelViewSet +): + serializer_class = serializers.QuestionnaireEngagementSurveySerializer + queryset = Engagement_Survey.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = ( + permissions.UserHasEngagementPermission, + DjangoModelPermissions, + ) + + +class QuestionnaireAnsweredSurveyViewSet( + prefetch.PrefetchListMixin, + prefetch.PrefetchRetrieveMixin, + viewsets.ReadOnlyModelViewSet, +): + serializer_class = serializers.QuestionnaireAnsweredSurveySerializer + queryset = Answered_Survey.objects.all() + filter_backends = (DjangoFilterBackend,) + permission_classes = ( + permissions.UserHasEngagementPermission, + DjangoModelPermissions, + ) + swagger_schema = prefetch.get_prefetch_schema( + [ + "questionnaire_answered_questionnaires_list", + "questionnaire_answered_questionnaires_read", + ], + serializers.QuestionnaireAnsweredSurveySerializer, + ).to_schema() + + +# Authorization: configuration +class AnnouncementViewSet( + DojoModelViewSet +): + serializer_class = serializers.AnnouncementSerializer + queryset = Announcement.objects.all() + filter_backends = (DjangoFilterBackend,) + filterset_fields = "__all__" + permission_classes = (permissions.UserHasConfigurationPermissionStaff,) diff --git a/dojo/apps.py b/dojo/apps.py index ddb86866e68..6c84a420de8 100644 --- a/dojo/apps.py +++ b/dojo/apps.py @@ -30,7 +30,7 @@ def ready(self): watson.register(self.get_model('Test'), fields=get_model_fields_with_extra(self.get_model('Test'), ('id', 'engagement__product__name', )), store=('engagement__product__name', )) # test_type__name? watson.register(self.get_model('Finding'), fields=get_model_fields_with_extra(self.get_model('Finding'), ('id', 'url', 'unique_id_from_tool', 'test__engagement__product__name', 'jira_issue__jira_key', )), - store=('cve', 'status', 'jira_issue__jira_key', 'test__engagement__product__name', 'severity', 'severity_display', 'latest_note')) + store=('status', 'jira_issue__jira_key', 'test__engagement__product__name', 'severity', 'severity_display', 'latest_note')) # some thoughts on Finding fields that are not indexed yet: # CWE can't be indexed as it is an integer @@ -62,12 +62,20 @@ def ready(self): watson.register(self.get_model('Endpoint'), store=('product__name', )) # add product name also? watson.register(self.get_model('Engagement'), fields=get_model_fields_with_extra(self.get_model('Engagement'), ('id', 'product__name', )), store=('product__name', )) watson.register(self.get_model('App_Analysis')) + watson.register(self.get_model('Vulnerability_Id'), store=('finding__test__engagement__product__name', )) # YourModel = self.get_model("YourModel") # watson.register(YourModel) register_check(check_configuration_deduplication, 'dojo') + # Load any signals here that will be ready for runtime + # Importing the signals file is good enough if using the reciever decorator + import dojo.announcement.signals # noqa + import dojo.product.signals # noqa + import dojo.test.signals # noqa + import dojo.sla_config.helpers # noqa + def get_model_fields_with_extra(model, extra_fields=()): return get_model_fields(get_model_default_fields(model), extra_fields) diff --git a/dojo/authorization/authorization.py b/dojo/authorization/authorization.py index 7ddaed0d041..69f3884a4ce 100644 --- a/dojo/authorization/authorization.py +++ b/dojo/authorization/authorization.py @@ -1,139 +1,248 @@ from django.core.exceptions import PermissionDenied -from django.conf import settings from dojo.request_cache import cache_for_request -from dojo.authorization.roles_permissions import Permissions, Roles, get_global_roles_with_permissions, get_roles_with_permissions -from dojo.models import Product_Type, Product_Type_Member, Product, Product_Member, Engagement, \ - Test, Finding, Endpoint, Finding_Group, Product_Group, Product_Type_Group, Dojo_Group, Dojo_Group_Member, \ - Languages, App_Analysis, Stub_Finding, Product_API_Scan_Configuration - - -def user_has_configuration_permission(user, permission, legacy=None): - +from dojo.authorization.roles_permissions import ( + Permissions, + Roles, + get_global_roles_with_permissions, + get_roles_with_permissions, +) +from dojo.models import ( + Product_Type, + Product_Type_Member, + Product, + Product_Member, + Engagement, + Test, + Finding, + Endpoint, + Finding_Group, + Product_Group, + Product_Type_Group, + Dojo_Group, + Dojo_Group_Member, + Languages, + App_Analysis, + Stub_Finding, + Product_API_Scan_Configuration, + Cred_Mapping, +) + + +def user_has_configuration_permission(user, permission): if not user: return False - if settings.FEATURE_CONFIGURATION_AUTHORIZATION: - return user.has_perm(permission) - else: - if legacy == 'staff': - return user.is_staff - elif legacy == 'superuser': - return user.is_superuser - else: - raise Exception(f'{legacy} is not allowed for parameter legacy') + if user.is_anonymous: + return False + + return user.has_perm(permission) def user_has_permission(user, obj, permission): + if user.is_anonymous: + return False if user.is_superuser: return True - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return True - if isinstance(obj, Product_Type) or isinstance(obj, Product): - # Global roles are only relevant for product types, products and their dependent objects + # Global roles are only relevant for product types, products and their + # dependent objects if user_has_global_permission(user, permission): return True if isinstance(obj, Product_Type): - # Check if the user has a role for the product type with the requested permissions + # Check if the user has a role for the product type with the requested + # permissions member = get_product_type_member(user, obj) - if member is not None and role_has_permission(member.role.id, permission): + if member is not None and role_has_permission( + member.role.id, permission + ): return True - # Check if the user is in a group with a role for the product type with the requested permissions + # Check if the user is in a group with a role for the product type with + # the requested permissions for product_type_group in get_product_type_groups(user, obj): if role_has_permission(product_type_group.role.id, permission): return True return False - elif (isinstance(obj, Product) and - permission.value >= Permissions.Product_View.value): + elif ( + isinstance(obj, Product) + and permission.value >= Permissions.Product_View.value + ): # Products inherit permissions of their product type if user_has_permission(user, obj.prod_type, permission): return True - # Check if the user has a role for the product with the requested permissions + # Check if the user has a role for the product with the requested + # permissions member = get_product_member(user, obj) - if member is not None and role_has_permission(member.role.id, permission): + if member is not None and role_has_permission( + member.role.id, permission + ): return True - # Check if the user is in a group with a role for the product with the requested permissions + # Check if the user is in a group with a role for the product with the + # requested permissions for product_group in get_product_groups(user, obj): if role_has_permission(product_group.role.id, permission): return True return False - elif isinstance(obj, Engagement) and permission in Permissions.get_engagement_permissions(): + elif ( + isinstance(obj, Engagement) + and permission in Permissions.get_engagement_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Test) and permission in Permissions.get_test_permissions(): + elif ( + isinstance(obj, Test) + and permission in Permissions.get_test_permissions() + ): return user_has_permission(user, obj.engagement.product, permission) - elif (isinstance(obj, Finding) or isinstance(obj, Stub_Finding)) and permission in Permissions.get_finding_permissions(): - return user_has_permission(user, obj.test.engagement.product, permission) - elif isinstance(obj, Finding_Group) and permission in Permissions.get_finding_group_permissions(): - return user_has_permission(user, obj.test.engagement.product, permission) - elif isinstance(obj, Endpoint) and permission in Permissions.get_endpoint_permissions(): + elif ( + isinstance(obj, Finding) or isinstance(obj, Stub_Finding) + ) and permission in Permissions.get_finding_permissions(): + return user_has_permission( + user, obj.test.engagement.product, permission + ) + elif ( + isinstance(obj, Finding_Group) + and permission in Permissions.get_finding_group_permissions() + ): + return user_has_permission( + user, obj.test.engagement.product, permission + ) + elif ( + isinstance(obj, Endpoint) + and permission in Permissions.get_endpoint_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Languages) and permission in Permissions.get_language_permissions(): + elif ( + isinstance(obj, Languages) + and permission in Permissions.get_language_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, App_Analysis) and permission in Permissions.get_technology_permissions(): + elif ( + isinstance(obj, App_Analysis) + and permission in Permissions.get_technology_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Product_API_Scan_Configuration) and permission in Permissions.get_product_api_scan_configuration_permissions(): + elif ( + isinstance(obj, Product_API_Scan_Configuration) + and permission + in Permissions.get_product_api_scan_configuration_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Product_Type_Member) and permission in Permissions.get_product_type_member_permissions(): + elif ( + isinstance(obj, Product_Type_Member) + and permission in Permissions.get_product_type_member_permissions() + ): if permission == Permissions.Product_Type_Member_Delete: # Every member is allowed to remove himself - return obj.user == user or user_has_permission(user, obj.product_type, permission) + return obj.user == user or user_has_permission( + user, obj.product_type, permission + ) else: return user_has_permission(user, obj.product_type, permission) - elif isinstance(obj, Product_Member) and permission in Permissions.get_product_member_permissions(): + elif ( + isinstance(obj, Product_Member) + and permission in Permissions.get_product_member_permissions() + ): if permission == Permissions.Product_Member_Delete: # Every member is allowed to remove himself - return obj.user == user or user_has_permission(user, obj.product, permission) + return obj.user == user or user_has_permission( + user, obj.product, permission + ) else: return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Product_Type_Group) and permission in Permissions.get_product_type_group_permissions(): + elif ( + isinstance(obj, Product_Type_Group) + and permission in Permissions.get_product_type_group_permissions() + ): return user_has_permission(user, obj.product_type, permission) - elif isinstance(obj, Product_Group) and permission in Permissions.get_product_group_permissions(): + elif ( + isinstance(obj, Product_Group) + and permission in Permissions.get_product_group_permissions() + ): return user_has_permission(user, obj.product, permission) - elif isinstance(obj, Dojo_Group) and permission in Permissions.get_group_permissions(): - # Check if the user has a role for the group with the requested permissions + elif ( + isinstance(obj, Dojo_Group) + and permission in Permissions.get_group_permissions() + ): + # Check if the user has a role for the group with the requested + # permissions group_member = get_group_member(user, obj) - return group_member is not None and role_has_permission(group_member.role.id, permission) - elif isinstance(obj, Dojo_Group_Member) and permission in Permissions.get_group_member_permissions(): + return group_member is not None and role_has_permission( + group_member.role.id, permission + ) + elif ( + isinstance(obj, Dojo_Group_Member) + and permission in Permissions.get_group_member_permissions() + ): if permission == Permissions.Group_Member_Delete: # Every user is allowed to remove himself - return obj.user == user or user_has_permission(user, obj.group, permission) + return obj.user == user or user_has_permission( + user, obj.group, permission + ) else: return user_has_permission(user, obj.group, permission) + elif ( + isinstance(obj, Cred_Mapping) + and permission in Permissions.get_credential_permissions() + ): + if obj.product: + return user_has_permission(user, obj.product, permission) + if obj.engagement: + return user_has_permission( + user, obj.engagement.product, permission + ) + if obj.test: + return user_has_permission( + user, obj.test.engagement.product, permission + ) + if obj.finding: + return user_has_permission( + user, obj.finding.test.engagement.product, permission + ) else: - raise NoAuthorizationImplementedError('No authorization implemented for class {} and permission {}'. - format(type(obj).__name__, permission)) + raise NoAuthorizationImplementedError( + f"No authorization implemented for class {type(obj).__name__} and permission {permission}" + ) def user_has_global_permission(user, permission): - if not user: return False - if user.is_superuser: - return True + if user.is_anonymous: + return False - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: + if user.is_superuser: return True - if user.is_staff and permission == Permissions.Product_Type_Add: - return True + if permission == Permissions.Product_Type_Add: + if user_has_configuration_permission(user, "dojo.add_product_type"): + return True - if hasattr(user, 'global_role') and user.global_role.role is not None and role_has_global_permission(user.global_role.role.id, permission): + if ( + hasattr(user, "global_role") + and user.global_role.role is not None + and role_has_global_permission(user.global_role.role.id, permission) + ): return True for group in get_groups(user): - if hasattr(group, 'global_role') and group.global_role.role is not None and role_has_global_permission(group.global_role.role.id, permission): + if ( + hasattr(group, "global_role") + and group.global_role.role is not None + and role_has_global_permission( + group.global_role.role.id, permission + ) + ): return True return False -def user_has_configuration_permission_or_403(user, permission, legacy=None): - if not user_has_configuration_permission(user, permission, legacy): +def user_has_configuration_permission_or_403(user, permission): + if not user_has_configuration_permission(user, permission): raise PermissionDenied() @@ -149,7 +258,9 @@ def user_has_global_permission_or_403(user, permission): def get_roles_for_permission(permission): if not Permissions.has_value(permission): - raise PermissionDoesNotExistError('Permission {} does not exist'.format(permission)) + raise PermissionDoesNotExistError( + "Permission {} does not exist".format(permission) + ) roles_for_permissions = set() roles = get_roles_with_permissions() for role in roles: @@ -163,7 +274,7 @@ def role_has_permission(role, permission): if role is None: return False if not Roles.has_value(role): - raise RoleDoesNotExistError('Role {} does not exist'.format(role)) + raise RoleDoesNotExistError("Role {} does not exist".format(role)) roles = get_roles_with_permissions() permissions = roles.get(role) if not permissions: @@ -175,7 +286,7 @@ def role_has_global_permission(role, permission): if role is None: return False if not Roles.has_value(role): - raise RoleDoesNotExistError('Role {} does not exist'.format(role)) + raise RoleDoesNotExistError("Role {} does not exist".format(role)) roles = get_global_roles_with_permissions() permissions = roles.get(role) if permissions and permission in permissions: @@ -205,7 +316,11 @@ def get_product_member(user, product): @cache_for_request def get_product_member_dict(user): pm_dict = {} - for product_member in Product_Member.objects.select_related('product').select_related('role').filter(user=user): + for product_member in ( + Product_Member.objects.select_related("product") + .select_related("role") + .filter(user=user) + ): pm_dict[product_member.product.id] = product_member return pm_dict @@ -217,7 +332,11 @@ def get_product_type_member(user, product_type): @cache_for_request def get_product_type_member_dict(user): ptm_dict = {} - for product_type_member in Product_Type_Member.objects.select_related('product_type').select_related('role').filter(user=user): + for product_type_member in ( + Product_Type_Member.objects.select_related("product_type") + .select_related("role") + .filter(user=user) + ): ptm_dict[product_type_member.product_type.id] = product_type_member return ptm_dict @@ -229,7 +348,11 @@ def get_product_groups(user, product): @cache_for_request def get_product_groups_dict(user): pg_dict = {} - for product_group in Product_Group.objects.select_related('product').select_related('role').filter(group__users=user): + for product_group in ( + Product_Group.objects.select_related("product") + .select_related("role") + .filter(group__users=user) + ): if pg_dict.get(product_group.product.id) is None: pgu_list = [] else: @@ -246,7 +369,11 @@ def get_product_type_groups(user, product_type): @cache_for_request def get_product_type_groups_dict(user): pgt_dict = {} - for product_type_group in Product_Type_Group.objects.select_related('product_type').select_related('role').filter(group__users=user): + for product_type_group in ( + Product_Type_Group.objects.select_related("product_type") + .select_related("role") + .filter(group__users=user) + ): if pgt_dict.get(product_type_group.product_type.id) is None: pgtu_list = [] else: @@ -258,7 +385,7 @@ def get_product_type_groups_dict(user): @cache_for_request def get_groups(user): - return Dojo_Group.objects.select_related('global_role').filter(users=user) + return Dojo_Group.objects.select_related("global_role").filter(users=user) def get_group_member(user, group): @@ -268,6 +395,10 @@ def get_group_member(user, group): @cache_for_request def get_group_members_dict(user): gu_dict = {} - for group_member in Dojo_Group_Member.objects.select_related('group').select_related('role').filter(user=user): + for group_member in ( + Dojo_Group_Member.objects.select_related("group") + .select_related("role") + .filter(user=user) + ): gu_dict[group_member.group.id] = group_member return gu_dict diff --git a/dojo/authorization/authorization_decorators.py b/dojo/authorization/authorization_decorators.py index 6ba8fa9fdb1..ec2c26aefdb 100644 --- a/dojo/authorization/authorization_decorators.py +++ b/dojo/authorization/authorization_decorators.py @@ -1,15 +1,20 @@ import functools from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404 -from dojo.authorization.authorization import user_has_global_permission_or_403, user_has_permission_or_403, user_has_configuration_permission +from dojo.authorization.authorization import ( + user_has_global_permission_or_403, + user_has_permission_or_403, + user_has_configuration_permission, +) def user_is_authorized(model, permission, arg, lookup="pk", func=None): - """Decorator for functions that ensures the user has permission on an object. - """ + """Decorator for functions that ensures the user has permission on an object.""" if func is None: - return functools.partial(user_is_authorized, model, permission, arg, lookup) + return functools.partial( + user_is_authorized, model, permission, arg, lookup + ) @functools.wraps(func) def _wrapped(request, *args, **kwargs): @@ -33,8 +38,7 @@ def _wrapped(request, *args, **kwargs): def user_has_global_permission(permission, func=None): - """Decorator for functions that ensures the user has a (global) permission - """ + """Decorator for functions that ensures the user has a (global) permission""" if func is None: return functools.partial(user_has_global_permission, permission) @@ -47,18 +51,17 @@ def _wrapped(request, *args, **kwargs): return _wrapped -def user_is_configuration_authorized(permission, legacy, func=None): +def user_is_configuration_authorized(permission, func=None): """ Decorator for views that checks whether a user has a particular permission enabled. """ if func is None: - return functools.partial(user_is_configuration_authorized, permission, legacy) + return functools.partial(user_is_configuration_authorized, permission) @functools.wraps(func) def _wrapped(request, *args, **kwargs): - - if not user_has_configuration_permission(request.user, permission, legacy): + if not user_has_configuration_permission(request.user, permission): raise PermissionDenied return func(request, *args, **kwargs) diff --git a/dojo/authorization/roles_permissions.py b/dojo/authorization/roles_permissions.py index 3c941e1afbc..779463258ff 100644 --- a/dojo/authorization/roles_permissions.py +++ b/dojo/authorization/roles_permissions.py @@ -19,7 +19,8 @@ def has_value(cls, value): def django_enum(cls): # decorator needed to enable enums in django templates - # see https://stackoverflow.com/questions/35953132/how-to-access-enum-types-in-django-templates + # see + # https://stackoverflow.com/questions/35953132/how-to-access-enum-types-in-django-templates cls.do_not_call_in_templates = True return cls @@ -119,6 +120,11 @@ class Permissions(IntEnum): Product_Tracking_Files_Edit = 2606 Product_Tracking_Files_Delete = 2607 + Credential_View = 2702 + Credential_Add = 2703 + Credential_Edit = 2706 + Credential_Delete = 2707 + @classmethod def has_value(cls, value): try: @@ -129,75 +135,147 @@ def has_value(cls, value): @classmethod def get_engagement_permissions(cls): - return {Permissions.Engagement_View, Permissions.Engagement_Edit, - Permissions.Engagement_Delete, Permissions.Risk_Acceptance, - Permissions.Test_Add, Permissions.Import_Scan_Result, Permissions.Note_Add, - Permissions.Note_Delete, Permissions.Note_Edit, Permissions.Note_View_History} \ - .union(cls.get_test_permissions()) + return { + Permissions.Engagement_View, + Permissions.Engagement_Edit, + Permissions.Engagement_Delete, + Permissions.Risk_Acceptance, + Permissions.Test_Add, + Permissions.Import_Scan_Result, + Permissions.Note_Add, + Permissions.Note_Delete, + Permissions.Note_Edit, + Permissions.Note_View_History, + }.union(cls.get_test_permissions()) @classmethod def get_test_permissions(cls): - return {Permissions.Test_View, Permissions.Test_Edit, Permissions.Test_Delete, - Permissions.Finding_Add, Permissions.Import_Scan_Result, Permissions.Note_Add, - Permissions.Note_Delete, Permissions.Note_Edit, Permissions.Note_View_History} \ - .union(cls.get_finding_permissions()) + return { + Permissions.Test_View, + Permissions.Test_Edit, + Permissions.Test_Delete, + Permissions.Finding_Add, + Permissions.Import_Scan_Result, + Permissions.Note_Add, + Permissions.Note_Delete, + Permissions.Note_Edit, + Permissions.Note_View_History, + }.union(cls.get_finding_permissions()) @classmethod def get_finding_permissions(cls): - return {Permissions.Finding_View, Permissions.Finding_Edit, Permissions.Import_Scan_Result, - Permissions.Finding_Delete, Permissions.Risk_Acceptance, Permissions.Note_Add, - Permissions.Note_Delete, Permissions.Note_Edit, Permissions.Note_View_History} \ - .union(cls.get_finding_group_permissions()) + return { + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Add, + Permissions.Import_Scan_Result, + Permissions.Finding_Delete, + Permissions.Note_Add, + Permissions.Risk_Acceptance, + Permissions.Note_Delete, + Permissions.Note_Edit, + Permissions.Note_View_History, + }.union(cls.get_finding_group_permissions()) @classmethod def get_finding_group_permissions(cls): - return {Permissions.Finding_Group_View, Permissions.Finding_Group_Edit, - Permissions.Finding_Group_Delete} + return { + Permissions.Finding_Group_View, + Permissions.Finding_Group_Edit, + Permissions.Finding_Group_Delete, + } @classmethod def get_endpoint_permissions(cls): - return {Permissions.Endpoint_View, Permissions.Endpoint_Edit, Permissions.Endpoint_Delete} + return { + Permissions.Endpoint_View, + Permissions.Endpoint_Edit, + Permissions.Endpoint_Delete, + } @classmethod def get_product_member_permissions(cls): - return {Permissions.Product_View, Permissions.Product_Manage_Members, - Permissions.Product_Member_Delete} + return { + Permissions.Product_View, + Permissions.Product_Manage_Members, + Permissions.Product_Member_Delete, + } @classmethod def get_product_type_member_permissions(cls): - return {Permissions.Product_Type_View, Permissions.Product_Type_Manage_Members, - Permissions.Product_Type_Member_Delete} + return { + Permissions.Product_Type_View, + Permissions.Product_Type_Manage_Members, + Permissions.Product_Type_Member_Delete, + } @classmethod def get_product_group_permissions(cls): - return {Permissions.Product_Group_View, Permissions.Product_Group_Edit, - Permissions.Product_Group_Delete} + return { + Permissions.Product_Group_View, + Permissions.Product_Group_Edit, + Permissions.Product_Group_Delete, + } @classmethod def get_product_type_group_permissions(cls): - return {Permissions.Product_Type_Group_View, Permissions.Product_Type_Group_Edit, - Permissions.Product_Type_Group_Delete} + return { + Permissions.Product_Type_Group_View, + Permissions.Product_Type_Group_Edit, + Permissions.Product_Type_Group_Delete, + } @classmethod def get_group_permissions(cls): - return {Permissions.Group_View, Permissions.Group_Member_Delete, Permissions.Group_Manage_Members, - Permissions.Group_Add_Owner, Permissions.Group_Edit, Permissions.Group_Delete} + return { + Permissions.Group_View, + Permissions.Group_Member_Delete, + Permissions.Group_Manage_Members, + Permissions.Group_Add_Owner, + Permissions.Group_Edit, + Permissions.Group_Delete, + } @classmethod def get_group_member_permissions(cls): - return {Permissions.Group_View, Permissions.Group_Manage_Members, Permissions.Group_Member_Delete} + return { + Permissions.Group_View, + Permissions.Group_Manage_Members, + Permissions.Group_Member_Delete, + } @classmethod def get_language_permissions(cls): - return {Permissions.Language_View, Permissions.Language_Edit, Permissions.Language_Delete} + return { + Permissions.Language_View, + Permissions.Language_Edit, + Permissions.Language_Delete, + } @classmethod def get_technology_permissions(cls): - return {Permissions.Technology_View, Permissions.Technology_Edit, Permissions.Technology_Delete} + return { + Permissions.Technology_View, + Permissions.Technology_Edit, + Permissions.Technology_Delete, + } @classmethod def get_product_api_scan_configuration_permissions(cls): - return {Permissions.Product_API_Scan_Configuration_View, Permissions.Product_API_Scan_Configuration_Edit, Permissions.Product_API_Scan_Configuration_Delete} + return { + Permissions.Product_API_Scan_Configuration_View, + Permissions.Product_API_Scan_Configuration_Edit, + Permissions.Product_API_Scan_Configuration_Delete, + } + + @classmethod + def get_credential_permissions(cls): + return { + Permissions.Credential_View, + Permissions.Credential_Add, + Permissions.Credential_Edit, + Permissions.Credential_Delete, + } def get_roles_with_permissions(): @@ -219,11 +297,13 @@ def get_roles_with_permissions(): Permissions.Technology_View, Permissions.Product_API_Scan_Configuration_View, Permissions.Product_Tracking_Files_View, + Permissions.Credential_View, }, Roles.API_Importer: { Permissions.Product_Type_View, Permissions.Product_View, Permissions.Engagement_View, + Permissions.Engagement_Add, Permissions.Engagement_Edit, Permissions.Test_View, Permissions.Test_Edit, @@ -234,60 +314,50 @@ def get_roles_with_permissions(): Permissions.Product_Group_View, Permissions.Product_Type_Group_View, Permissions.Technology_View, - Permissions.Import_Scan_Result + Permissions.Import_Scan_Result, + Permissions.Credential_View, }, Roles.Writer: { Permissions.Product_Type_View, - Permissions.Product_View, - Permissions.Engagement_View, Permissions.Engagement_Add, Permissions.Engagement_Edit, Permissions.Risk_Acceptance, - Permissions.Test_View, Permissions.Test_Add, Permissions.Test_Edit, - Permissions.Finding_View, Permissions.Finding_Add, Permissions.Import_Scan_Result, Permissions.Finding_Edit, - Permissions.Finding_Group_View, Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, Permissions.Endpoint_Add, Permissions.Endpoint_Edit, - Permissions.Benchmark_Edit, - Permissions.Component_View, - Permissions.Note_View_History, Permissions.Note_Edit, Permissions.Note_Add, - Permissions.Product_Group_View, Permissions.Product_Type_Group_View, Permissions.Group_View, - Permissions.Language_View, Permissions.Language_Add, Permissions.Language_Edit, Permissions.Language_Delete, - Permissions.Technology_View, Permissions.Technology_Add, Permissions.Technology_Edit, - Permissions.Product_API_Scan_Configuration_View, - Permissions.Product_Tracking_Files_View, + Permissions.Credential_View, + Permissions.Credential_Add, + Permissions.Credential_Edit, }, Roles.Maintainer: { Permissions.Product_Type_Add_Product, @@ -295,84 +365,72 @@ def get_roles_with_permissions(): Permissions.Product_Type_Member_Delete, Permissions.Product_Type_Manage_Members, Permissions.Product_Type_Edit, - Permissions.Product_View, Permissions.Product_Member_Delete, Permissions.Product_Manage_Members, Permissions.Product_Configure_Notifications, Permissions.Product_Edit, - Permissions.Engagement_View, Permissions.Engagement_Add, Permissions.Engagement_Edit, Permissions.Engagement_Delete, Permissions.Risk_Acceptance, - Permissions.Test_View, Permissions.Test_Add, Permissions.Test_Edit, Permissions.Test_Delete, - Permissions.Finding_View, Permissions.Finding_Add, Permissions.Import_Scan_Result, Permissions.Finding_Edit, Permissions.Finding_Delete, - Permissions.Finding_Group_View, Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, Permissions.Endpoint_Add, Permissions.Endpoint_Edit, Permissions.Endpoint_Delete, - Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, - Permissions.Component_View, - Permissions.Note_View_History, Permissions.Note_Edit, Permissions.Note_Add, Permissions.Note_Delete, - Permissions.Product_Group_View, Permissions.Product_Group_Add, Permissions.Product_Group_Edit, Permissions.Product_Group_Delete, - Permissions.Product_Type_Group_View, Permissions.Product_Type_Group_Add, Permissions.Product_Type_Group_Edit, Permissions.Product_Type_Group_Delete, - Permissions.Group_View, Permissions.Group_Edit, Permissions.Group_Manage_Members, Permissions.Group_Member_Delete, - Permissions.Language_View, Permissions.Language_Add, Permissions.Language_Edit, Permissions.Language_Delete, - Permissions.Technology_View, Permissions.Technology_Add, Permissions.Technology_Edit, Permissions.Technology_Delete, - Permissions.Product_API_Scan_Configuration_View, Permissions.Product_API_Scan_Configuration_Add, Permissions.Product_API_Scan_Configuration_Edit, Permissions.Product_API_Scan_Configuration_Delete, - Permissions.Product_Tracking_Files_View, Permissions.Product_Tracking_Files_Add, Permissions.Product_Tracking_Files_Edit, Permissions.Product_Tracking_Files_Delete, + Permissions.Credential_View, + Permissions.Credential_Add, + Permissions.Credential_Edit, + Permissions.Credential_Delete, }, Roles.Owner: { Permissions.Product_Type_Add_Product, @@ -382,7 +440,6 @@ def get_roles_with_permissions(): Permissions.Product_Type_Member_Add_Owner, Permissions.Product_Type_Edit, Permissions.Product_Type_Delete, - Permissions.Product_View, Permissions.Product_Member_Delete, Permissions.Product_Manage_Members, @@ -390,83 +447,72 @@ def get_roles_with_permissions(): Permissions.Product_Configure_Notifications, Permissions.Product_Edit, Permissions.Product_Delete, - Permissions.Engagement_View, Permissions.Engagement_Add, Permissions.Engagement_Edit, Permissions.Engagement_Delete, Permissions.Risk_Acceptance, - Permissions.Test_View, Permissions.Test_Add, Permissions.Test_Edit, Permissions.Test_Delete, - Permissions.Finding_View, Permissions.Finding_Add, Permissions.Import_Scan_Result, Permissions.Finding_Edit, Permissions.Finding_Delete, - Permissions.Finding_Group_View, Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, Permissions.Endpoint_Add, Permissions.Endpoint_Edit, Permissions.Endpoint_Delete, - Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, - Permissions.Component_View, - Permissions.Note_View_History, Permissions.Note_Edit, Permissions.Note_Add, Permissions.Note_Delete, - Permissions.Product_Group_View, Permissions.Product_Group_Add, Permissions.Product_Group_Add_Owner, Permissions.Product_Group_Edit, Permissions.Product_Group_Delete, - Permissions.Product_Type_Group_View, Permissions.Product_Type_Group_Add, Permissions.Product_Type_Group_Add_Owner, Permissions.Product_Type_Group_Edit, Permissions.Product_Type_Group_Delete, - Permissions.Group_View, Permissions.Group_Edit, Permissions.Group_Manage_Members, Permissions.Group_Member_Delete, Permissions.Group_Add_Owner, Permissions.Group_Delete, - Permissions.Language_View, Permissions.Language_Add, Permissions.Language_Edit, Permissions.Language_Delete, - Permissions.Technology_View, Permissions.Technology_Add, Permissions.Technology_Edit, Permissions.Technology_Delete, - Permissions.Product_API_Scan_Configuration_View, Permissions.Product_API_Scan_Configuration_Add, Permissions.Product_API_Scan_Configuration_Edit, Permissions.Product_API_Scan_Configuration_Delete, - Permissions.Product_Tracking_Files_View, Permissions.Product_Tracking_Files_Add, Permissions.Product_Tracking_Files_Edit, Permissions.Product_Tracking_Files_Delete, - } + Permissions.Credential_View, + Permissions.Credential_Add, + Permissions.Credential_Edit, + Permissions.Credential_Delete, + }, } @@ -475,10 +521,6 @@ def get_global_roles_with_permissions(): Extra permissions for global roles, on top of the permissions granted to the "normal" roles above. """ return { - Roles.Maintainer: { - Permissions.Product_Type_Add - }, - Roles.Owner: { - Permissions.Product_Type_Add - } + Roles.Maintainer: {Permissions.Product_Type_Add}, + Roles.Owner: {Permissions.Product_Type_Add}, } diff --git a/dojo/banner/urls.py b/dojo/banner/urls.py index 557fb8aef26..4b99585db94 100644 --- a/dojo/banner/urls.py +++ b/dojo/banner/urls.py @@ -1,7 +1,8 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.banner import views urlpatterns = [ - url(r'^configure_banner$', views.configure_banner, - name='configure_banner'), + re_path( + r"^configure_banner$", views.configure_banner, name="configure_banner" + ), ] diff --git a/dojo/banner/views.py b/dojo/banner/views.py index a1f398a2b4e..bfd46160621 100644 --- a/dojo/banner/views.py +++ b/dojo/banner/views.py @@ -1,6 +1,5 @@ import logging -from django.contrib.auth.decorators import user_passes_test from django.shortcuts import render, get_object_or_404 from django.contrib import messages from django.urls import reverse @@ -9,35 +8,43 @@ from dojo.forms import LoginBanner from dojo.models import BannerConf +from dojo.authorization.authorization_decorators import ( + user_is_configuration_authorized, +) logger = logging.getLogger(__name__) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized("dojo.change_bannerconf") def configure_banner(request): banner_config = get_object_or_404(BannerConf, id=1) - if request.method == 'POST': + if request.method == "POST": form = LoginBanner(request.POST) if form.is_valid(): - banner_config.banner_enable = form.cleaned_data['banner_enable'] - banner_config.banner_message = form.cleaned_data['banner_message'] + banner_config.banner_enable = form.cleaned_data["banner_enable"] + banner_config.banner_message = form.cleaned_data["banner_message"] banner_config.save() messages.add_message( request, messages.SUCCESS, - 'Banner updated successfully.', + "Banner updated successfully.", extra_tags="alert-success", ) return HttpResponseRedirect(reverse("configure_banner")) else: # List the banner configuration - form = LoginBanner(initial={ - 'banner_enable': banner_config.banner_enable, - 'banner_message': banner_config.banner_message - }) + form = LoginBanner( + initial={ + "banner_enable": banner_config.banner_enable, + "banner_message": banner_config.banner_message, + } + ) - add_breadcrumb(title="Banner Configuration", top_level=True, request=request) - return render(request, 'dojo/banner.html', { - 'form': form, - 'banner_message': banner_config.banner_message - }) + add_breadcrumb( + title="Banner Configuration", top_level=True, request=request + ) + return render( + request, + "dojo/banner.html", + {"form": form, "banner_message": banner_config.banner_message}, + ) diff --git a/dojo/benchmark/urls.py b/dojo/benchmark/urls.py index 147c3f66982..f30e3fa8c85 100644 --- a/dojo/benchmark/urls.py +++ b/dojo/benchmark/urls.py @@ -1,9 +1,35 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^benchmark/(?P\d+)/type/(?P\d+)$', views.benchmark_view, name='view_product_benchmark'), - url(r'^benchmark/(?P\d+)/type/(?P\d+)/category/(?P\d+)$', views.benchmark_view, name='view_product_benchmark'), - url(r'^benchmark/(?P\d+)/type/(?P\d+)/category/(?P\d+)/edit/(?P\d+)$', views.benchmark_view, name='edit_benchmark'), - url(r'^benchmark/(?P\d+)/type/(?P\d+)/delete$', views.delete, name='delete_product_benchmark') + re_path( + r"^benchmark/(?P\d+)/type/(?P\d+)$", + views.benchmark_view, + name="view_product_benchmark", + ), + re_path( + r"^benchmark/(?P\d+)/type/(?P\d+)/category/(?P\d+)$", + views.benchmark_view, + name="view_product_benchmark", + ), + re_path( + r"^benchmark/(?P\d+)/type/(?P\d+)/category/(?P\d+)/edit/(?P\d+)$", + views.benchmark_view, + name="edit_benchmark", + ), + re_path( + r"^benchmark/(?P\d+)/type/(?P\d+)/delete$", + views.delete, + name="delete_product_benchmark", + ), + re_path( + r"^benchmark/(?P\d+)/type/(?P<_type>\d+)/update$", + views.update_benchmark, + name="update_product_benchmark", + ), + re_path( + r"^benchmark/(?P\d+)/type/(?P<_type>\d+)/summary/(?P\d+)/update$", + views.update_benchmark_summary, + name="update_product_benchmark_summary", + ), ] diff --git a/dojo/benchmark/views.py b/dojo/benchmark/views.py index 16a93181212..86961e66fe3 100644 --- a/dojo/benchmark/views.py +++ b/dojo/benchmark/views.py @@ -1,15 +1,30 @@ import logging from django.contrib import messages from django.urls import reverse -from django.http import HttpResponseRedirect +from django.http import HttpResponseRedirect, JsonResponse from django.shortcuts import render, get_object_or_404 -from django.forms import modelformset_factory from django.db.models import Count, Q +from django.utils.translation import gettext as _ + from dojo.forms import Benchmark_Product_SummaryForm, DeleteBenchmarkForm -from dojo.models import Benchmark_Type, Benchmark_Category, Benchmark_Requirement, Benchmark_Product, Product, Benchmark_Product_Summary -from dojo.utils import add_breadcrumb, Product_Tab +from dojo.models import ( + Benchmark_Type, + Benchmark_Category, + Benchmark_Requirement, + Benchmark_Product, + Product, + Benchmark_Product_Summary, +) +from dojo.utils import ( + add_breadcrumb, + Product_Tab, + redirect_to_return_url_or_else, +) from dojo.authorization.authorization_decorators import user_is_authorized from dojo.authorization.roles_permissions import Permissions +from dojo.templatetags.display_tags import asvs_level + +from crum import get_current_user logger = logging.getLogger(__name__) @@ -24,34 +39,148 @@ def add_benchmark(queryset, product): try: Benchmark_Product.objects.bulk_create(requirements) - except: + except Exception: pass +def update_benchmark(request, pid, _type): + if request.method == "POST": + bench_id = request.POST.get("bench_id") + field = request.POST.get("field") + value = request.POST.get("value") + value = {"true": True, "false": False}.get(value, value) + + if field in [ + "enabled", + "pass_fail", + "notes", + "get_notes", + "delete_notes", + ]: + bench = Benchmark_Product.objects.get(id=bench_id) + if field == "enabled": + bench.enabled = value + elif field == "pass_fail": + bench.pass_fail = value + elif field in ["notes", "get_notes", "delete_notes"]: + if field == "notes": + bench.notes.create(entry=value, author=get_current_user()) + if field == "delete_notes": + bench.notes.remove(value) + notes = bench.notes.order_by("id") + return JsonResponse( + { + "notes": [ + { + "id": n.id, + "entry": n.entry, + "author": n.author.get_full_name(), + "date": n.date.ctime(), + } + for n in notes + ] + } + ) + + bench.save() + return JsonResponse({field: value}) + + return redirect_to_return_url_or_else( + request, reverse("view_product_benchmark", args=(pid, _type)) + ) + + +def update_benchmark_summary(request, pid, _type, summary): + if request.method == "POST": + field = request.POST.get("field") + value = request.POST.get("value") + value = {"true": True, "false": False}.get(value, value) + + if field in ["publish", "desired_level"]: + summary = Benchmark_Product_Summary.objects.get(id=summary) + data = {} + if field == "publish": + summary.publish = value + data = {"publish": value} + elif field == "desired_level": + summary.desired_level = value + data = {"desired_level": value, "text": asvs_level(summary)} + + summary.save() + return JsonResponse(data) + + return redirect_to_return_url_or_else( + request, reverse("view_product_benchmark", args=(pid, _type)) + ) + + def return_score(queryset): asvs_level_1_benchmark = 0 asvs_level_1_score = 0 for item in queryset: if item["pass_fail"]: asvs_level_1_score = item["pass_fail__count"] - asvs_level_1_benchmark = asvs_level_1_benchmark + item["pass_fail__count"] + asvs_level_1_benchmark = ( + asvs_level_1_benchmark + item["pass_fail__count"] + ) return asvs_level_1_benchmark, asvs_level_1_score def score_asvs(product, benchmark_type): # Compliant to ASVS level 1 benchmarks - asvs_level_1 = Benchmark_Product.objects.filter(enabled=True, control__enabled=True, product=product, control__category__type=benchmark_type, control__category__enabled=True, control__level_1=True).values('pass_fail').annotate(Count('pass_fail')).order_by() + asvs_level_1 = ( + Benchmark_Product.objects.filter( + enabled=True, + control__enabled=True, + product=product, + control__category__type=benchmark_type, + control__category__enabled=True, + control__level_1=True, + ) + .values("pass_fail") + .annotate(Count("pass_fail")) + .order_by() + ) asvs_level_1_benchmark, asvs_level_1_score = return_score(asvs_level_1) # Compliant to ASVS level 2 benchmarks - asvs_level_2 = Benchmark_Product.objects.filter(~Q(control__level_1=True), enabled=True, control__enabled=True, product=product, control__category__type=benchmark_type, control__category__enabled=True, control__level_2=True).values('pass_fail').annotate(Count('pass_fail')).order_by() + asvs_level_2 = ( + Benchmark_Product.objects.filter( + ~Q(control__level_1=True), + enabled=True, + control__enabled=True, + product=product, + control__category__type=benchmark_type, + control__category__enabled=True, + control__level_2=True, + ) + .values("pass_fail") + .annotate(Count("pass_fail")) + .order_by() + ) asvs_level_2_benchmark, asvs_level_2_score = return_score(asvs_level_2) # Compliant to ASVS level 3 benchmarks - asvs_level_3 = Benchmark_Product.objects.filter(~Q(control__level_1=True), ~Q(control__level_2=True), enabled=True, control__enabled=True, control__category__enabled=True, product=product, control__category__type=benchmark_type, control__level_3=True).values('pass_fail').annotate(Count('pass_fail')).order_by() + asvs_level_3 = ( + Benchmark_Product.objects.filter( + ~Q(control__level_1=True), + ~Q(control__level_2=True), + enabled=True, + control__enabled=True, + control__category__enabled=True, + product=product, + control__category__type=benchmark_type, + control__level_3=True, + ) + .values("pass_fail") + .annotate(Count("pass_fail")) + .order_by() + ) asvs_level_3_benchmark, asvs_level_3_score = return_score(asvs_level_3) - benchmark_product_summary = Benchmark_Product_Summary.objects.get(product=product, benchmark_type=benchmark_type) + benchmark_product_summary = Benchmark_Product_Summary.objects.get( + product=product, benchmark_type=benchmark_type + ) benchmark_product_summary.asvs_level_1_benchmark = asvs_level_1_benchmark benchmark_product_summary.asvs_level_1_score = asvs_level_1_score @@ -63,100 +192,140 @@ def score_asvs(product, benchmark_type): benchmark_product_summary.save() -@user_is_authorized(Product, Permissions.Benchmark_Edit, 'pid') +@user_is_authorized(Product, Permissions.Benchmark_Edit, "pid") def benchmark_view(request, pid, type, cat=None): product = get_object_or_404(Product, id=pid) benchmark_type = get_object_or_404(Benchmark_Type, id=type) - benchmark_category = Benchmark_Category.objects.filter(type=type, enabled=True).order_by('name') - category_name = "" + benchmark_category = Benchmark_Category.objects.filter( + type=type, enabled=True + ).order_by("name") # Add requirements to the product - add_benchmark(Benchmark_Requirement.objects.filter(category__type=type, category__type__enabled=True, enabled=True).all(), product) - - if cat: - category_name = Benchmark_Category.objects.get(id=cat, enabled=True).name + new_benchmarks = Benchmark_Requirement.objects.filter( + category__type=type, category__type__enabled=True, enabled=True + ).exclude( + id__in=Benchmark_Product.objects.filter(product=product).values_list( + "control_id", flat=True + ) + ) + add_benchmark(new_benchmarks, product) # Create the benchmark summary category try: - benchmark_product_summary = Benchmark_Product_Summary.objects.get(product=product, benchmark_type=benchmark_type) - except: - pass - benchmark_product_summary = Benchmark_Product_Summary(product=product, benchmark_type=benchmark_type) + benchmark_product_summary = Benchmark_Product_Summary.objects.get( + product=product, benchmark_type=benchmark_type + ) + except Exception: + benchmark_product_summary = Benchmark_Product_Summary( + product=product, benchmark_type=benchmark_type + ) benchmark_product_summary.save() - # Insert any new benchmarks since last created - new_benchmarks = Benchmark_Requirement.objects.filter(category__type=type, category__type__enabled=True, enabled=True).exclude(id__in=Benchmark_Product.objects.filter(product=product).values_list('control_id', flat=True)) - add_benchmark(new_benchmarks, product) - - Benchmark_ProductFormSet = modelformset_factory(Benchmark_Product, exclude=['product, control'], extra=0) - - if request.method == 'POST': - form = Benchmark_ProductFormSet(request.POST) - summary_form = Benchmark_Product_SummaryForm(request.POST, instance=benchmark_product_summary) - - if form.is_valid(): - # print summary_form.errors - summary_form_save = summary_form.save() - form_save = form.save() - score_asvs(product, benchmark_type) - benchmark_product_summary = Benchmark_Product_Summary.objects.get(product=product, benchmark_type=benchmark_type) - - messages.add_message(request, - messages.SUCCESS, - 'Benchmarks saved.', - extra_tags='alert-success') - - add_breadcrumb(title="Benchmarks", top_level=False, request=request) - if cat: - benchmarks = Benchmark_Product.objects.filter(product=product.id, control__category=cat, control__category__enabled=True, control__category__type=type, control__enabled=True).all().order_by('control__objective_number') - - benchmark_formset = Benchmark_ProductFormSet(queryset=Benchmark_Product.objects.filter(product=product.id, control__category=cat, control__category__enabled=True, control__category__type=type, control__enabled=True).all().order_by('control__objective_number')) + benchmarks = ( + Benchmark_Product.objects.select_related( + "control", "control__category" + ) + .filter( + product=product.id, + control__category=cat, + control__category__enabled=True, + control__category__type=type, + control__enabled=True, + ) + .all() + .order_by("control__objective_number") + ) else: - benchmarks = Benchmark_Product.objects.filter(product=product.id, control__category__enabled=True, control__category__type=type, control__enabled=True).all().order_by('control__category__name', 'control__objective_number') - - benchmark_formset = Benchmark_ProductFormSet(queryset=Benchmark_Product.objects.filter(product=product.id, control__category__enabled=True, control__category__type=type, control__enabled=True).all().order_by('control__category__name', 'control__objective_number')) - - benchmark_summary_form = Benchmark_Product_SummaryForm(instance=benchmark_product_summary) - - product_tab = Product_Tab(pid, title="Benchmarks", tab="benchmarks") - - return render(request, 'dojo/benchmark.html', - {'benchmarks': benchmarks, - 'active_tab': 'benchmarks', - 'product_tab': product_tab, - 'benchmark_product_summary': benchmark_product_summary, - 'benchmark_summary_form': benchmark_summary_form, - 'benchmark_formset': benchmark_formset, - 'benchmark_type': benchmark_type, - 'product': product, - 'category_name': category_name, - 'benchmark_category': benchmark_category}) - - -@user_is_authorized(Product, Permissions.Benchmark_Delete, 'pid') + benchmarks = ( + Benchmark_Product.objects.select_related( + "control", "control__category" + ) + .filter( + product=product.id, + control__category__enabled=True, + control__category__type=type, + control__enabled=True, + ) + .all() + .order_by("control__category__name", "control__objective_number") + ) + + benchmark_summary_form = Benchmark_Product_SummaryForm( + instance=benchmark_product_summary + ) + + noted_benchmarks = ( + benchmarks.filter(notes__isnull=False).order_by("id").distinct() + ) + for bench in benchmarks: + if bench.id in [b.id for b in noted_benchmarks]: + bench.noted = True + else: + bench.noted = False + benchmarks = sorted( + benchmarks, + key=lambda x: [int(_) for _ in x.control.objective_number.split(".")], + ) + benchmark_category = sorted( + benchmark_category, key=lambda x: int(x.name[:3].strip("V: ")) + ) + + product_tab = Product_Tab(product, title=_("Benchmarks"), tab="benchmarks") + + add_breadcrumb(title=_("Benchmarks"), top_level=False, request=request) + + return render( + request, + "dojo/benchmark.html", + { + "benchmarks": benchmarks, + "active_tab": "benchmarks", + "product_tab": product_tab, + "benchmark_product_summary": benchmark_product_summary, + "benchmark_summary_form": benchmark_summary_form, + "benchmark_type": benchmark_type, + "product": product, + "benchmark_category": benchmark_category, + }, + ) + + +@user_is_authorized(Product, Permissions.Benchmark_Delete, "pid") def delete(request, pid, type): product = get_object_or_404(Product, id=pid) - benchmark_type = get_object_or_404(Benchmark_Type, id=type) - benchmark_product_summary = Benchmark_Product_Summary.objects.filter(product=product, benchmark_type=type).first() + benchmark_product_summary = Benchmark_Product_Summary.objects.filter( + product=product, benchmark_type=type + ).first() form = DeleteBenchmarkForm(instance=benchmark_product_summary) - if request.method == 'POST': - if 'id' in request.POST and str(benchmark_product_summary.id) == request.POST['id']: - form = DeleteBenchmarkForm(request.POST, instance=benchmark_product_summary) + if request.method == "POST": + if ( + "id" in request.POST + and str(benchmark_product_summary.id) == request.POST["id"] + ): + form = DeleteBenchmarkForm( + request.POST, instance=benchmark_product_summary + ) if form.is_valid(): - benchmark_product = Benchmark_Product.objects.filter(product=product, control__category__type=type) + benchmark_product = Benchmark_Product.objects.filter( + product=product, control__category__type=type + ) benchmark_product.delete() benchmark_product_summary.delete() - messages.add_message(request, - messages.SUCCESS, - 'Benchmarks removed.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('product')) - - product_tab = Product_Tab(pid, title="Delete Benchmarks", tab="benchmarks") - return render(request, 'dojo/delete_benchmark.html', - {'product': product, - 'form': form, - 'product_tab': product_tab - }) + messages.add_message( + request, + messages.SUCCESS, + _("Benchmarks removed."), + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("product")) + + product_tab = Product_Tab( + product, title=_("Delete Benchmarks"), tab="benchmarks" + ) + return render( + request, + "dojo/delete_benchmark.html", + {"product": product, "form": form, "product_tab": product_tab}, + ) diff --git a/dojo/components/sql_group_concat.py b/dojo/components/sql_group_concat.py index b86d417d12e..5aa8f10d645 100644 --- a/dojo/components/sql_group_concat.py +++ b/dojo/components/sql_group_concat.py @@ -2,26 +2,34 @@ class Sql_GroupConcat(Aggregate): - function = 'GROUP_CONCAT' + function = "GROUP_CONCAT" allow_distinct = True - def __init__(self, expression, separator, distinct=False, ordering=None, **extra): + def __init__( + self, expression, separator, distinct=False, ordering=None, **extra + ): self.separator = separator - super(Sql_GroupConcat, self).__init__(expression, - distinct='DISTINCT ' if distinct else '', - ordering=' ORDER BY %s' % ordering if ordering is not None else '', - separator=' SEPARATOR "%s"' % separator, - output_field=CharField(), - **extra) + super(Sql_GroupConcat, self).__init__( + expression, + distinct="DISTINCT " if distinct else "", + ordering=" ORDER BY %s" % ordering if ordering is not None else "", + separator=' SEPARATOR "%s"' % separator, + output_field=CharField(), + **extra + ) def as_mysql(self, compiler, connection): - return super().as_sql(compiler, - connection, - template='%(function)s(%(distinct)s%(expressions)s%(ordering)s%(separator)s)', - separator=' SEPARATOR \'%s\'' % self.separator) + return super().as_sql( + compiler, + connection, + template="%(function)s(%(distinct)s%(expressions)s%(ordering)s%(separator)s)", + separator=" SEPARATOR '%s'" % self.separator, + ) def as_sql(self, compiler, connection, **extra): - return super().as_sql(compiler, - connection, - template='%(function)s(%(distinct)s%(expressions)s%(ordering)s)', - **extra) + return super().as_sql( + compiler, + connection, + template="%(function)s(%(distinct)s%(expressions)s%(ordering)s)", + **extra + ) diff --git a/dojo/components/urls.py b/dojo/components/urls.py index 116491f1921..0183e3e8079 100644 --- a/dojo/components/urls.py +++ b/dojo/components/urls.py @@ -1,7 +1,6 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.components import views urlpatterns = [ - url(r'^components$', views.components, - name='components'), + re_path(r"^components$", views.components, name="components"), ] diff --git a/dojo/components/views.py b/dojo/components/views.py index 7cc5787149b..2a8f226f83a 100644 --- a/dojo/components/views.py +++ b/dojo/components/views.py @@ -10,34 +10,61 @@ def components(request): - add_breadcrumb(title='Components', top_level=True, request=request) - separator = ', ' - # Get components ordered by component_name and concat component versions to the same row + add_breadcrumb(title="Components", top_level=True, request=request) + separator = ", " + # Get components ordered by component_name and concat component versions + # to the same row component_query = get_authorized_findings(Permissions.Finding_View) - if connection.vendor == 'postgresql': - component_query = component_query.values("component_name").order_by('component_name').annotate( - component_version=StringAgg('component_version', delimiter=separator, distinct=True)) + if connection.vendor == "postgresql": + component_query = ( + component_query.values("component_name") + .order_by("component_name") + .annotate( + component_version=StringAgg( + "component_version", delimiter=separator, distinct=True + ) + ) + ) else: - component_query = component_query.values("component_name").order_by('component_name') - component_query = component_query.annotate(component_version=Sql_GroupConcat( - 'component_version', separator=separator, distinct=True)) + component_query = component_query.values("component_name").order_by( + "component_name" + ) + component_query = component_query.annotate( + component_version=Sql_GroupConcat( + "component_version", separator=separator, distinct=True + ) + ) # Append counts - component_query = component_query.annotate(total=Count('id')).order_by('component_name') - component_query = component_query.annotate(active=Count('id', filter=Q(active=True))) - component_query = component_query.annotate(duplicate=(Count('id', filter=Q(duplicate=True)))) - component_query = component_query.order_by('-total') # Default sort by total descending + component_query = component_query.annotate(total=Count("id")).order_by( + "component_name" + ) + component_query = component_query.annotate( + active=Count("id", filter=Q(active=True)) + ) + component_query = component_query.annotate( + duplicate=(Count("id", filter=Q(duplicate=True))) + ) + component_query = component_query.order_by( + "-total" + ) # Default sort by total descending comp_filter = ComponentFilter(request.GET, queryset=component_query) result = get_page_items(request, comp_filter.qs, 25) # Filter out None values for auto-complete - component_words = component_query.exclude(component_name__isnull=True).values_list('component_name', flat=True) + component_words = component_query.exclude( + component_name__isnull=True + ).values_list("component_name", flat=True) - return render(request, 'dojo/components.html', { - 'filter': comp_filter, - 'result': result, - 'component_words': sorted(set(component_words)) - }) + return render( + request, + "dojo/components.html", + { + "filter": comp_filter, + "result": result, + "component_words": sorted(set(component_words)), + }, + ) diff --git a/dojo/context_processors.py b/dojo/context_processors.py index 96bf3121952..c0bbb250469 100644 --- a/dojo/context_processors.py +++ b/dojo/context_processors.py @@ -2,29 +2,56 @@ from django.conf import settings -def globalize_oauth_vars(request): +def globalize_vars(request): # return the value you want as a dictionnary. you may add multiple values in there. - return {'SHOW_LOGIN_FORM': settings.SHOW_LOGIN_FORM, - 'FORGOT_PASSWORD': settings.FORGOT_PASSWORD, - 'CLASSIC_AUTH_ENABLED': settings.CLASSIC_AUTH_ENABLED, - 'AUTH0_ENABLED': settings.AUTH0_OAUTH2_ENABLED, - 'GOOGLE_ENABLED': settings.GOOGLE_OAUTH_ENABLED, - 'OKTA_ENABLED': settings.OKTA_OAUTH_ENABLED, - 'GITLAB_ENABLED': settings.GITLAB_OAUTH2_ENABLED, - 'AZUREAD_TENANT_OAUTH2_ENABLED': settings.AZUREAD_TENANT_OAUTH2_ENABLED, - 'SAML2_ENABLED': settings.SAML2_ENABLED, - 'SAML2_LOGIN_BUTTON_TEXT': settings.SAML2_LOGIN_BUTTON_TEXT, - 'SAML2_LOGOUT_URL': settings.SAML2_LOGOUT_URL} + return { + "SHOW_LOGIN_FORM": settings.SHOW_LOGIN_FORM, + "FORGOT_PASSWORD": settings.FORGOT_PASSWORD, + "FORGOT_USERNAME": settings.FORGOT_USERNAME, + "CLASSIC_AUTH_ENABLED": settings.CLASSIC_AUTH_ENABLED, + "AUTH0_ENABLED": settings.AUTH0_OAUTH2_ENABLED, + "GOOGLE_ENABLED": settings.GOOGLE_OAUTH_ENABLED, + "OKTA_ENABLED": settings.OKTA_OAUTH_ENABLED, + "GITLAB_ENABLED": settings.GITLAB_OAUTH2_ENABLED, + "AZUREAD_TENANT_OAUTH2_ENABLED": settings.AZUREAD_TENANT_OAUTH2_ENABLED, + "AZUREAD_TENANT_OAUTH2_GET_GROUPS": settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS, + "AZUREAD_TENANT_OAUTH2_GROUPS_FILTER": settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER, + "AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS": settings.AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS, + "KEYCLOAK_ENABLED": settings.KEYCLOAK_OAUTH2_ENABLED, + "SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT": settings.SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT, + "GITHUB_ENTERPRISE_ENABLED": settings.GITHUB_ENTERPRISE_OAUTH2_ENABLED, + "SAML2_ENABLED": settings.SAML2_ENABLED, + "SAML2_LOGIN_BUTTON_TEXT": settings.SAML2_LOGIN_BUTTON_TEXT, + "SAML2_LOGOUT_URL": settings.SAML2_LOGOUT_URL, + "DOCUMENTATION_URL": settings.DOCUMENTATION_URL, + "API_TOKENS_ENABLED": settings.API_TOKENS_ENABLED, + } def bind_system_settings(request): from dojo.models import System_Settings - return {'system_settings': System_Settings.objects.get()} + + return {"system_settings": System_Settings.objects.get()} def bind_alert_count(request): if not settings.DISABLE_ALERT_COUNTER: from dojo.models import Alerts - if request.user.is_authenticated: - return {'alert_count': Alerts.objects.filter(user_id=request.user).count()} + + if hasattr(request, "user") and request.user.is_authenticated: + return {"alert_count": Alerts.objects.filter(user_id=request.user).count()} return {} + + +def bind_announcement(request): + from dojo.models import UserAnnouncement + + try: + if request.user.is_authenticated: + user_announcement = UserAnnouncement.objects.select_related( + "announcement" + ).get(user=request.user) + return {"announcement": user_announcement.announcement} + return {} + except Exception: + return {} diff --git a/dojo/cred/queries.py b/dojo/cred/queries.py new file mode 100644 index 00000000000..09a37ec1944 --- /dev/null +++ b/dojo/cred/queries.py @@ -0,0 +1,51 @@ +from crum import get_current_user +from django.db.models import Exists, OuterRef, Q +from dojo.models import Cred_Mapping, Product_Member, Product_Type_Member, \ + Product_Group, Product_Type_Group +from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission + + +def get_authorized_cred_mappings(permission, queryset=None): + user = get_current_user() + + if user is None: + return Cred_Mapping.objects.none() + + if queryset is None: + cred_mappings = Cred_Mapping.objects.all() + else: + cred_mappings = queryset + + if user.is_superuser: + return cred_mappings + + if user_has_global_permission(user, permission): + return cred_mappings + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef('product__prod_type_id'), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef('product_id'), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef('product__prod_type_id'), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef('product_id'), + group__users=user, + role__in=roles) + cred_mappings = cred_mappings.annotate( + product__prod_type__member=Exists(authorized_product_type_roles), + product__member=Exists(authorized_product_roles), + product__prod_type__authorized_group=Exists(authorized_product_type_groups), + product__authorized_group=Exists(authorized_product_groups)) + cred_mappings = cred_mappings.filter( + Q(product__prod_type__member=True) | Q(product__member=True) | + Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + + return cred_mappings diff --git a/dojo/cred/urls.py b/dojo/cred/urls.py index 3d1d12f040b..3459418bd26 100644 --- a/dojo/cred/urls.py +++ b/dojo/cred/urls.py @@ -1,28 +1,27 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^cred/add', views.new_cred, name='add_cred'), - url(r'^cred/(?P\d+)/view$', views.view_cred_details, name='view_cred_details'), - url(r'^cred/(?P\d+)/edit$', views.edit_cred, name='edit_cred'), - url(r'^cred/(?P\d+)/delete$', views.delete_cred, name='delete_cred'), - url(r'^cred/(?P\d+)/selenium$', views.view_selenium, name='view_selenium'), - url(r'^cred$', views.cred, name='cred'), - url(r'^product/(?P\d+)/cred/add$', views.new_cred_product, name='new_cred_product'), - url(r'^product/(?P\d+)/cred/all$', views.all_cred_product, name='all_cred_product'), - url(r'^product/(?P\d+)/cred/(?P\d+)/edit$', views.edit_cred_product, name='edit_cred_product'), - url(r'^product/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_product, name='view_cred_product'), - url(r'^product/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_product, name='delete_cred_product'), - url(r'^engagement/(?P\d+)/cred/add$', views.new_cred_product_engagement, name='new_cred_product_engagement'), - url(r'^engagement/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_product_engagement, + re_path(r'^cred/add', views.new_cred, name='add_cred'), + re_path(r'^cred/(?P\d+)/view$', views.view_cred_details, name='view_cred_details'), + re_path(r'^cred/(?P\d+)/edit$', views.edit_cred, name='edit_cred'), + re_path(r'^cred/(?P\d+)/delete$', views.delete_cred, name='delete_cred'), + re_path(r'^cred$', views.cred, name='cred'), + re_path(r'^product/(?P\d+)/cred/add$', views.new_cred_product, name='new_cred_product'), + re_path(r'^product/(?P\d+)/cred/all$', views.all_cred_product, name='all_cred_product'), + re_path(r'^product/(?P\d+)/cred/(?P\d+)/edit$', views.edit_cred_product, name='edit_cred_product'), + re_path(r'^product/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_product, name='view_cred_product'), + re_path(r'^product/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_product, name='delete_cred_product'), + re_path(r'^engagement/(?P\d+)/cred/add$', views.new_cred_product_engagement, name='new_cred_product_engagement'), + re_path(r'^engagement/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_product_engagement, name='view_cred_product_engagement'), - url(r'^engagement/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_engagement, + re_path(r'^engagement/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_engagement, name='delete_cred_engagement'), - url(r'^test/(?P\d+)/cred/add$', views.new_cred_engagement_test, name='new_cred_engagement_test'), - url(r'^test/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_engagement_test, + re_path(r'^test/(?P\d+)/cred/add$', views.new_cred_engagement_test, name='new_cred_engagement_test'), + re_path(r'^test/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_engagement_test, name='view_cred_engagement_test'), - url(r'^test/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_test, name='delete_cred_test'), - url(r'^finding/(?P\d+)/cred/add$', views.new_cred_finding, name='new_cred_finding'), - url(r'^finding/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_finding, name='view_cred_finding'), - url(r'^finding/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_finding, name='delete_cred_finding'), + re_path(r'^test/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_test, name='delete_cred_test'), + re_path(r'^finding/(?P\d+)/cred/add$', views.new_cred_finding, name='new_cred_finding'), + re_path(r'^finding/(?P\d+)/cred/(?P\d+)/view$', views.view_cred_finding, name='view_cred_finding'), + re_path(r'^finding/(?P\d+)/cred/(?P\d+)/delete$', views.delete_cred_finding, name='delete_cred_finding'), ] diff --git a/dojo/cred/views.py b/dojo/cred/views.py index 9c16ee00c9a..53d3315be18 100644 --- a/dojo/cred/views.py +++ b/dojo/cred/views.py @@ -1,24 +1,24 @@ import logging -import os from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test from django.urls import reverse -from django.http import HttpResponseRedirect, StreamingHttpResponse +from django.http import HttpResponseRedirect from django.shortcuts import render, get_object_or_404 from django.utils import timezone from dojo.models import Finding, Product, Engagement, Cred_User, Cred_Mapping, Test from dojo.utils import add_breadcrumb, Product_Tab from dojo.forms import CredUserForm, NoteForm, CredMappingFormProd, CredMappingForm -from dojo.utils import dojo_crypto_encrypt, prepare_for_view, FileIterWrapper +from dojo.utils import dojo_crypto_encrypt, prepare_for_view from dojo.authorization.authorization_decorators import user_is_authorized from dojo.authorization.roles_permissions import Permissions +from dojo.authorization.authorization_decorators import user_is_configuration_authorized +from dojo.cred.queries import get_authorized_cred_mappings logger = logging.getLogger(__name__) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized(Permissions.Credential_Add) def new_cred(request): if request.method == 'POST': tform = CredUserForm(request.POST) @@ -45,11 +45,11 @@ def all_cred_product(request, pid): prod = get_object_or_404(Product, id=pid) creds = Cred_Mapping.objects.filter(product=prod).order_by('cred_id__name') - product_tab = Product_Tab(prod.id, title="Credentials", tab="settings") + product_tab = Product_Tab(prod, title="Credentials", tab="settings") return render(request, 'dojo/view_cred_prod.html', {'product_tab': product_tab, 'creds': creds, 'prod': prod}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Cred_User, Permissions.Credential_Edit, 'ttid') def edit_cred(request, ttid): tool_config = Cred_User.objects.get(pk=ttid) if request.method == 'POST': @@ -81,12 +81,13 @@ def edit_cred(request, ttid): }) -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') def view_cred_details(request, ttid): cred = Cred_User.objects.get(pk=ttid) notes = cred.notes.all() cred_products = Cred_Mapping.objects.select_related('product').filter( product_id__isnull=False, cred_id=ttid).order_by('product__name') + cred_products = get_authorized_cred_mappings(Permissions.Product_View, cred_products) if request.method == 'POST': form = NoteForm(request.POST) @@ -117,7 +118,7 @@ def view_cred_details(request, ttid): }) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized(Permissions.Credential_View) def cred(request): confs = Cred_User.objects.all().order_by('name', 'environment', 'username') add_breadcrumb(title="Credential Manager", top_level=True, request=request) @@ -126,8 +127,8 @@ def cred(request): }) -# The dialogue shows the credentials and there can only be viewed by superusers -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Product, Permissions.Product_View, 'pid') +@user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') def view_cred_product(request, pid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -182,8 +183,8 @@ def view_cred_product(request, pid, ttid): }) -# The dialogue shows the credentials and there can only be viewed by superusers -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Product, Permissions.Engagement_View, 'eid') +@user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') def view_cred_product_engagement(request, eid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -213,11 +214,6 @@ def view_cred_product_engagement(request, eid, ttid): title="Credential Manager", top_level=False, request=request) cred_type = "Engagement" edit_link = "" - view_link = reverse( - 'view_cred_product_engagement', args=( - eid, - cred.id, - )) delete_link = reverse( 'delete_cred_engagement', args=( eid, @@ -236,8 +232,8 @@ def view_cred_product_engagement(request, eid, ttid): }) -# The dialogue shows the credentials and there can only be viewed by superusers -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Product, Permissions.Test_View, 'tid') +@user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') def view_cred_engagement_test(request, tid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -269,11 +265,6 @@ def view_cred_engagement_test(request, tid, ttid): title="Credential Manager", top_level=False, request=request) cred_type = "Test" edit_link = None - view_link = reverse( - 'view_cred_engagement_test', args=( - tid, - cred.id, - )) delete_link = reverse( 'delete_cred_test', args=( tid, @@ -292,8 +283,8 @@ def view_cred_engagement_test(request, tid, ttid): }) -# The dialogue shows the credentials and there can only be viewed by superusers -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Product, Permissions.Finding_View, 'fid') +@user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') def view_cred_finding(request, fid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -325,11 +316,6 @@ def view_cred_finding(request, fid, ttid): title="Credential Manager", top_level=False, request=request) cred_type = "Finding" edit_link = None - view_link = reverse( - 'view_cred_finding', args=( - fid, - cred.id, - )) delete_link = reverse( 'delete_cred_finding', args=( fid, @@ -349,6 +335,7 @@ def view_cred_finding(request, fid, ttid): @user_is_authorized(Product, Permissions.Product_Edit, 'pid') +@user_is_authorized(Cred_User, Permissions.Credential_Edit, 'ttid') def edit_cred_product(request, pid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -367,7 +354,7 @@ def edit_cred_product(request, pid, ttid): else: tform = CredMappingFormProd(instance=cred) - product_tab = Product_Tab(prod.id, title="Edit Product Credential", tab="settings") + product_tab = Product_Tab(prod, title="Edit Product Credential", tab="settings") return render(request, 'dojo/edit_cred_all.html', { 'tform': tform, 'product_tab': product_tab, @@ -376,6 +363,7 @@ def edit_cred_product(request, pid, ttid): @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') +@user_is_authorized(Cred_User, Permissions.Credential_Edit, 'ttid') def edit_cred_product_engagement(request, eid, ttid): cred = get_object_or_404( Cred_Mapping.objects.select_related('cred_id'), id=ttid) @@ -434,7 +422,7 @@ def new_cred_product(request, pid): else: tform = CredMappingFormProd() - product_tab = Product_Tab(pid, title="Add Credential Configuration", tab="settings") + product_tab = Product_Tab(prod, title="Add Credential Configuration", tab="settings") return render(request, 'dojo/new_cred_product.html', { 'tform': tform, @@ -595,6 +583,7 @@ def new_cred_finding(request, fid): }) +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred_controller(request, destination_url, id, ttid): cred = None try: @@ -661,63 +650,49 @@ def delete_cred_controller(request, destination_url, id, ttid): add_breadcrumb(title="Delete Credential", top_level=False, request=request) product_tab = None if id: - pid = None + product = None if destination_url == "all_cred_product": - pid = id + product = get_object_or_404(Product, id) elif destination_url == "view_engagement": engagement = get_object_or_404(Engagement, id=id) - pid = engagement.product.id + product = engagement.product elif destination_url == "view_test": test = get_object_or_404(Test, id=id) - pid = test.engagement.product.id + product = test.engagement.product elif destination_url == "view_finding": finding = get_object_or_404(Finding, id=id) - pid = finding.test.engagement.product.id - product_tab = Product_Tab(pid, title="Delete Credential Mapping", tab="settings") + product = finding.test.engagement.product + product_tab = Product_Tab(product, title="Delete Credential Mapping", tab="settings") return render(request, 'dojo/delete_cred_all.html', { 'tform': tform, 'product_tab': product_tab }) -@user_passes_test(lambda u: u.is_superuser) +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred(request, ttid): return delete_cred_controller(request, "cred", 0, ttid) @user_is_authorized(Product, Permissions.Product_Edit, 'pid') +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred_product(request, pid, ttid): return delete_cred_controller(request, "all_cred_product", pid, ttid) @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred_engagement(request, eid, ttid): return delete_cred_controller(request, "view_engagement", eid, ttid) @user_is_authorized(Test, Permissions.Test_Edit, 'tid') +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred_test(request, tid, ttid): return delete_cred_controller(request, "view_test", tid, ttid) @user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Cred_User, Permissions.Credential_Delete, 'ttid') def delete_cred_finding(request, fid, ttid): return delete_cred_controller(request, "view_finding", fid, ttid) - - -@user_passes_test(lambda u: u.is_superuser) -def view_selenium(request, ttid): - import mimetypes - - mimetypes.init() - cred = Cred_Mapping.objects.get(pk=ttid) - # print(cred.cred_id.selenium_script) - # mimetype, encoding = mimetypes.guess_type(cred.cred_id.selenium_script) - response = StreamingHttpResponse( - FileIterWrapper(open(cred.cred_id.selenium_script))) - fileName, fileExtension = os.path.splitext(cred.cred_id.selenium_script) - response[ - 'Content-Disposition'] = 'attachment; filename=selenium_script' + fileExtension - response['Content-Type'] = mimetypes - - return response diff --git a/dojo/db_migrations/0064_jira_refactor_populate.py b/dojo/db_migrations/0064_jira_refactor_populate.py index 4ea317f87c8..c0e9078e5d9 100644 --- a/dojo/db_migrations/0064_jira_refactor_populate.py +++ b/dojo/db_migrations/0064_jira_refactor_populate.py @@ -78,7 +78,7 @@ def populate_jira_instance_name_if_empty(apps, schema_editor): logger.info('done with data migration, now removing some fields which may take a while depending on the amount of findings') def show_info(apps, schema_editor): - logger.info('this migration should have run succesfully. if not, there is a Django Management command to manually run the data conversion') + logger.info('this migration should have run successfully. if not, there is a Django Management command to manually run the data conversion') logger.info('for docker-compose execute: docker-compose exec uwsgi ./manage.py jira_refactor_data_migration') operations = [ diff --git a/dojo/db_migrations/0066_django_tagulous.py b/dojo/db_migrations/0066_django_tagulous.py index 6e18fa8ec75..7727e8179b1 100644 --- a/dojo/db_migrations/0066_django_tagulous.py +++ b/dojo/db_migrations/0066_django_tagulous.py @@ -42,7 +42,7 @@ def copy_existing_tags_to_tags_from_django_tagging_field(apps, schema_editor): prod_type_lost_and_found, created = Product_Type_Model.objects.get_or_create(name='_tag migration lost and found') obj.prod_type = prod_type_lost_and_found obj.save() - logger.warning('product type succesfully changed to %i', prod_type_lost_and_found.id) + logger.warning('product type successfully changed to %i', prod_type_lost_and_found.id) obj.save() except Exception as e: diff --git a/dojo/db_migrations/0118_remove_finding_images.py b/dojo/db_migrations/0118_remove_finding_images.py index bffc069abda..7de9df25193 100644 --- a/dojo/db_migrations/0118_remove_finding_images.py +++ b/dojo/db_migrations/0118_remove_finding_images.py @@ -37,7 +37,7 @@ def move_images_to_files(apps, schema_editor): if not passed: finding.files.add(file) else: - logger.warn('unable to migrate image %s with caption %s', image.image.name, image.caption) + logger.warning('unable to migrate image %s with caption %s', image.image.name, image.caption) class Migration(migrations.Migration): diff --git a/dojo/db_migrations/0145_system_settings_default_group_email_pattern.py b/dojo/db_migrations/0145_system_settings_default_group_email_pattern.py new file mode 100644 index 00000000000..a2bd8da882d --- /dev/null +++ b/dojo/db_migrations/0145_system_settings_default_group_email_pattern.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.11 on 2022-01-10 19:10 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0144_import_action_untouched'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='default_group_email_pattern', + field=models.CharField(blank=True, default='', help_text='New users will only be assigned to the default group, when their email address matches this regex pattern. This is optional condition.', max_length=200), + ), + ] diff --git a/dojo/db_migrations/0146_lead_optional.py b/dojo/db_migrations/0146_lead_optional.py new file mode 100644 index 00000000000..a5ac62afd55 --- /dev/null +++ b/dojo/db_migrations/0146_lead_optional.py @@ -0,0 +1,24 @@ +# Generated by Django 3.2.11 on 2022-01-16 17:56 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("dojo", "0145_system_settings_default_group_email_pattern"), + ] + + operations = [ + migrations.AlterField( + model_name="engagement", + name="lead", + field=models.ForeignKey(editable=True, null=True, blank=True, on_delete=models.RESTRICT, to=settings.AUTH_USER_MODEL), + ), + migrations.AlterField( + model_name="test", + name="lead", + field=models.ForeignKey(editable=True, null=True, blank=True, on_delete=models.RESTRICT, to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/dojo/db_migrations/0147_rename_sslyze_parser.py b/dojo/db_migrations/0147_rename_sslyze_parser.py new file mode 100644 index 00000000000..1c357d37122 --- /dev/null +++ b/dojo/db_migrations/0147_rename_sslyze_parser.py @@ -0,0 +1,23 @@ +from django.db import migrations + + +def rename_sslyze_parser(apps, schema_editor): + Test_Type_model = apps.get_model('dojo', 'Test_Type') + try: + test_type_sslyze = Test_Type_model.objects.get(name='SSLyze 3 Scan (JSON)') + test_type_sslyze.name = 'SSLyze Scan (JSON)' + test_type_sslyze.save() + except Test_Type_model.DoesNotExist: + # This happens when a new instance of DD is initialized + pass + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0146_lead_optional'), + ] + + operations = [ + migrations.RunPython(rename_sslyze_parser), + ] diff --git a/dojo/db_migrations/0148_default_notifications.py b/dojo/db_migrations/0148_default_notifications.py new file mode 100644 index 00000000000..89fdbfb9443 --- /dev/null +++ b/dojo/db_migrations/0148_default_notifications.py @@ -0,0 +1,89 @@ +# Generated by Django 3.2.11 on 2022-02-06 20:23 + +from django.db import migrations +import multiselectfield.db.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0147_rename_sslyze_parser'), + ] + + operations = [ + migrations.AlterField( + model_name='notifications', + name='auto_close_engagement', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='close_engagement', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='code_review', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='engagement_added', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='jira_update', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='JIRA sync happens in the background, errors will be shown as notifications/alerts so make sure to subscribe', max_length=24, verbose_name='JIRA problems'), + ), + migrations.AlterField( + model_name='notifications', + name='other', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='product_added', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='product_type_added', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='review_requested', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='scan_added', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='Triggered whenever an (re-)import has been done that created/updated/closed findings.', max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='sla_breach', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='Get notified of (upcoming) SLA breaches', max_length=24, verbose_name='SLA breach'), + ), + migrations.AlterField( + model_name='notifications', + name='stale_engagement', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='test_added', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='upcoming_engagement', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + migrations.AlterField( + model_name='notifications', + name='user_mentioned', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), max_length=24), + ), + ] diff --git a/dojo/db_migrations/0149_harmonize_user_format.py b/dojo/db_migrations/0149_harmonize_user_format.py new file mode 100644 index 00000000000..c38a1855e29 --- /dev/null +++ b/dojo/db_migrations/0149_harmonize_user_format.py @@ -0,0 +1,109 @@ +# Generated by Django 3.2.11 on 2022-02-22 08:24 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0148_default_notifications'), + ] + + operations = [ + migrations.AlterField( + model_name='alerts', + name='user_id', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='answered_survey', + name='assignee', + field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.RESTRICT, related_name='assignee', to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='answered_survey', + name='responder', + field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.RESTRICT, related_name='responder', to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='app_analysis', + name='user', + field=models.ForeignKey(on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='endpoint_status', + name='mitigated_by', + field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='engagement', + name='lead', + field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='fileaccesstoken', + name='user', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='finding', + name='last_reviewed_by', + field=models.ForeignKey(editable=False, help_text='Provides the person who last reviewed the flaw.', null=True, on_delete=django.db.models.deletion.RESTRICT, related_name='last_reviewed_by', to='dojo.dojo_user', verbose_name='Last Reviewed By'), + ), + migrations.AlterField( + model_name='finding', + name='mitigated_by', + field=models.ForeignKey(editable=False, help_text='Documents who has marked this flaw as fixed.', null=True, on_delete=django.db.models.deletion.RESTRICT, related_name='mitigated_by', to='dojo.dojo_user', verbose_name='Mitigated By'), + ), + migrations.AlterField( + model_name='finding', + name='reporter', + field=models.ForeignKey(default=1, editable=False, help_text='Documents who reported the flaw.', on_delete=django.db.models.deletion.RESTRICT, related_name='reporter', to='dojo.dojo_user', verbose_name='Reporter'), + ), + migrations.AlterField( + model_name='finding', + name='reviewers', + field=models.ManyToManyField(blank=True, help_text='Documents who reviewed the flaw.', to='dojo.Dojo_User', verbose_name='Reviewers'), + ), + migrations.AlterField( + model_name='global_role', + name='user', + field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='languages', + name='user', + field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='notehistory', + name='current_editor', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='notes', + name='author', + field=models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, related_name='editor_notes_set', to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='notes', + name='editor', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='author_notes_set', to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='stub_finding', + name='reporter', + field=models.ForeignKey(default=1, editable=False, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='test', + name='lead', + field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AlterField( + model_name='usercontactinfo', + name='user', + field=models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user'), + ), + ] diff --git a/dojo/db_migrations/0150_dedupe_endpoint_status.py b/dojo/db_migrations/0150_dedupe_endpoint_status.py new file mode 100644 index 00000000000..3947ce5d123 --- /dev/null +++ b/dojo/db_migrations/0150_dedupe_endpoint_status.py @@ -0,0 +1,54 @@ +from django.db import migrations +from django.db.models import Count, Q +import logging + +logger = logging.getLogger(__name__) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0149_harmonize_user_format'), + ] + + def dedupe_endpoint_status(apps, schema_editor): + Endpoint_Status = apps.get_model('dojo', 'endpoint_status') + Endpoint = apps.get_model('dojo', 'endpoint') + Finding = apps.get_model('dojo', 'finding') + + to_process = Endpoint_Status.objects.exclude(Q(endpoint=None) | Q(finding=None))\ + .values('finding', 'endpoint').annotate(cnt=Count('id')).filter(cnt__gt=1) + if to_process.count() == 0: + logger.info('There is nothing to process') + else: + logger.warning('We identified %s group(s) of endpoint status which needs to be deduplicated', + to_process.count()) + + for eps_group in to_process: + + finding = Finding.objects.get(id=eps_group.get('finding')) + ep = Endpoint.objects.get(id=eps_group.get('endpoint')) + epss = Endpoint_Status.objects.filter(finding=finding, endpoint=ep) + + # we need to identify, when first was created + first_date = epss.order_by('date').first().date + + # next we need to know, which store the most recent information + last_id = epss.order_by('last_modified').last().id + + logger.debug('Redundant endpoint statuses on finding: "%s" & endpoint "%s" will be removed. We are ' + 'keeping only id: "%s" and we are setting date of the first identification: %s', + str(finding), str(ep), last_id, first_date) + + # Remove all except of the most fresh one + Endpoint_Status.objects.filter(finding=eps_group.get('finding'), + endpoint=eps_group.get('endpoint')).exclude(id=last_id).delete() + + # Use the date from the oldest one + eps = Endpoint_Status.objects.get(id=last_id) + eps.date = first_date + eps.save() + + operations = [ + migrations.RunPython(dedupe_endpoint_status) + ] diff --git a/dojo/db_migrations/0151_index_endpoint_status.py b/dojo/db_migrations/0151_index_endpoint_status.py new file mode 100644 index 00000000000..da5dbd21937 --- /dev/null +++ b/dojo/db_migrations/0151_index_endpoint_status.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.12 on 2022-02-22 16:00 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0150_dedupe_endpoint_status'), + ] + + operations = [ + migrations.AddConstraint( + model_name='endpoint_status', + constraint=models.UniqueConstraint(fields=('finding', 'endpoint'), name='endpoint-finding relation'), + ), + ] diff --git a/dojo/db_migrations/0152_notifications_template.py b/dojo/db_migrations/0152_notifications_template.py new file mode 100644 index 00000000000..623f92caf26 --- /dev/null +++ b/dojo/db_migrations/0152_notifications_template.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.11 on 2022-01-25 17:10 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0151_index_endpoint_status'), + ] + + operations = [ + migrations.AddField( + model_name='notifications', + name='template', + field=models.BooleanField(default=False), + ), + ] diff --git a/dojo/db_migrations/0153_migrate_endpoint_mitigated.py b/dojo/db_migrations/0153_migrate_endpoint_mitigated.py new file mode 100644 index 00000000000..143785d9c10 --- /dev/null +++ b/dojo/db_migrations/0153_migrate_endpoint_mitigated.py @@ -0,0 +1,41 @@ +from django.db import migrations +import logging + +logger = logging.getLogger(__name__) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0152_notifications_template'), + ] + + def migrate_endpoint_mitigated(apps, schema_editor): + Endpoint = apps.get_model('dojo', 'Endpoint') + Endpoint_Status = apps.get_model('dojo', 'Endpoint_Status') + + all_ep = Endpoint.objects.filter(mitigated=True) + + if all_ep.count() == 0: + logger.info('There is nothing to process') + else: + logger.warning('We identified %s endpoints marked as Mitigated and their status will be updated', + all_ep.count()) + + for ep in all_ep: + epss = Endpoint_Status.objects.select_related('finding').filter(endpoint=ep, mitigated=False) + for eps in epss: + eps.date = eps.finding.date + eps.mitigated = True + eps.mitigated_by = eps.finding.reporter + eps.save() + logger.debug('Status for finding "%s" on endpoint "%s" marked as mitigated at "%s" by "%s"', + str(eps.finding), + str(ep), + eps.date, + eps.mitigated_by + ) + + operations = [ + migrations.RunPython(migrate_endpoint_mitigated) + ] diff --git a/dojo/db_migrations/0154_remove_endpoint_mitigated.py b/dojo/db_migrations/0154_remove_endpoint_mitigated.py new file mode 100644 index 00000000000..b505e9d0e92 --- /dev/null +++ b/dojo/db_migrations/0154_remove_endpoint_mitigated.py @@ -0,0 +1,25 @@ +# Generated by Django 3.2.12 on 2022-02-23 15:36 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0153_migrate_endpoint_mitigated'), + ] + + operations = [ + migrations.AddIndex( + model_name='endpoint', + index=models.Index(fields=['product'], name='dojo_endpoi_product_d53fb3_idx'), + ), + migrations.RemoveIndex( + model_name='endpoint', + name='dojo_endpoi_product_b80e9a_idx', + ), + migrations.RemoveField( + model_name='endpoint', + name='mitigated', + ), + ] diff --git a/dojo/db_migrations/0155_enable_finding_groups.py b/dojo/db_migrations/0155_enable_finding_groups.py new file mode 100755 index 00000000000..8018c0c457c --- /dev/null +++ b/dojo/db_migrations/0155_enable_finding_groups.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.12 on 2022-03-23 07:59 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0154_remove_endpoint_mitigated'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='enable_finding_groups', + field=models.BooleanField(default=True, help_text='With this setting turned off, the Finding Groups will be disabled.', verbose_name='Enable Finding Groups'), + ), + ] diff --git a/dojo/db_migrations/0156_migrate_finding_groups_setting.py b/dojo/db_migrations/0156_migrate_finding_groups_setting.py new file mode 100755 index 00000000000..29497f11336 --- /dev/null +++ b/dojo/db_migrations/0156_migrate_finding_groups_setting.py @@ -0,0 +1,32 @@ +# Generated by Django 3.2.12 on 2022-03-23 07:59 + +from django.db import migrations +from django.conf import settings +import logging + +logger = logging.getLogger(__name__) + + +def migrate_from_settings_file(apps, schema_editor): + + if hasattr(settings, 'FEATURE_FINDING_GROUPS'): + system_settings_model = apps.get_model('dojo', 'System_Settings') + logger.info('Migrating value from FEATURE_FINDING_GROUPS into system settings model') + try: + system_setting = system_settings_model.objects.get() + system_setting.enable_finding_groups = settings.FEATURE_FINDING_GROUPS + system_setting.save() + except: + # for a clean installation there is no system_settings record, so just ignore it + pass + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0155_enable_finding_groups'), + ] + + operations = [ + migrations.RunPython(migrate_from_settings_file), + ] diff --git a/dojo/db_migrations/0157_vulnerability_reference.py b/dojo/db_migrations/0157_vulnerability_reference.py new file mode 100644 index 00000000000..91f8d8fb49a --- /dev/null +++ b/dojo/db_migrations/0157_vulnerability_reference.py @@ -0,0 +1,40 @@ +# Generated by Django 3.2.12 on 2022-02-06 14:43 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0156_migrate_finding_groups_setting'), + ] + + operations = [ + migrations.AlterField( + model_name='finding', + name='cve', + field=models.CharField(help_text='A reference to a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.', max_length=50, null=True, verbose_name='Vulnerability Reference'), + ), + migrations.AlterField( + model_name='finding_template', + name='cve', + field=models.CharField(help_text='A reference to a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.', max_length=50, null=True, verbose_name='Vulnerability Reference'), + ), + migrations.CreateModel( + name='Vulnerability_Reference', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('vulnerability_reference', models.TextField(max_length=50)), + ('finding', models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, to='dojo.finding')), + ], + ), + migrations.CreateModel( + name='Vulnerability_Reference_Template', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('vulnerability_reference', models.TextField(max_length=50)), + ('finding_template', models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, to='dojo.finding_template')), + ], + ), + ] diff --git a/dojo/db_migrations/0158_vulnerability_id.py b/dojo/db_migrations/0158_vulnerability_id.py new file mode 100644 index 00000000000..7406be19cba --- /dev/null +++ b/dojo/db_migrations/0158_vulnerability_id.py @@ -0,0 +1,41 @@ +# Generated by Django 3.2.13 on 2022-04-26 16:28 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0157_vulnerability_reference'), + ] + + operations = [ + migrations.RenameModel( + old_name='Vulnerability_Reference', + new_name='Vulnerability_Id', + ), + migrations.RenameModel( + old_name='Vulnerability_Reference_Template', + new_name='Vulnerability_Id_Template', + ), + migrations.RenameField( + model_name='vulnerability_id', + old_name='vulnerability_reference', + new_name='vulnerability_id', + ), + migrations.RenameField( + model_name='vulnerability_id_template', + old_name='vulnerability_reference', + new_name='vulnerability_id', + ), + migrations.AlterField( + model_name='finding', + name='cve', + field=models.CharField(help_text='An id of a vulnerability in a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.', max_length=50, null=True, verbose_name='Vulnerability Id'), + ), + migrations.AlterField( + model_name='finding_template', + name='cve', + field=models.CharField(help_text='An id of a vulnerability in a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.', max_length=50, null=True, verbose_name='Vulnerability Id'), + ), + ] diff --git a/dojo/db_migrations/0159_remove_broken_endpoint_statuses.py b/dojo/db_migrations/0159_remove_broken_endpoint_statuses.py new file mode 100644 index 00000000000..36d14def3c6 --- /dev/null +++ b/dojo/db_migrations/0159_remove_broken_endpoint_statuses.py @@ -0,0 +1,16 @@ +from django.db import migrations +from dojo.endpoint.utils import remove_broken_endpoint_statuses + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0158_vulnerability_id'), + ] + + def remove_broken_endpoint_statuses_local(apps, schema_editor): + remove_broken_endpoint_statuses(apps=apps) + + operations = [ + migrations.RunPython(remove_broken_endpoint_statuses_local) + ] diff --git a/dojo/db_migrations/0160_set_notnull_endpoint_statuses.py b/dojo/db_migrations/0160_set_notnull_endpoint_statuses.py new file mode 100644 index 00000000000..de676c3e9c9 --- /dev/null +++ b/dojo/db_migrations/0160_set_notnull_endpoint_statuses.py @@ -0,0 +1,24 @@ +# Generated by Django 3.2.12 on 2022-04-06 21:47 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0159_remove_broken_endpoint_statuses'), + ] + + operations = [ + migrations.AlterField( + model_name='endpoint_status', + name='endpoint', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='status_endpoint', to='dojo.endpoint'), + ), + migrations.AlterField( + model_name='endpoint_status', + name='finding', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='status_finding', to='dojo.finding'), + ), + ] diff --git a/dojo/db_migrations/0161_alter_dojo_group_social_provider.py b/dojo/db_migrations/0161_alter_dojo_group_social_provider.py new file mode 100644 index 00000000000..524c0d901b6 --- /dev/null +++ b/dojo/db_migrations/0161_alter_dojo_group_social_provider.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.12 on 2022-04-05 14:35 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0160_set_notnull_endpoint_statuses'), + ] + + operations = [ + migrations.AddField( + model_name='dojo_group', + name='social_provider', + field=models.CharField(blank=True, choices=[('AzureAD', 'AzureAD')], help_text='Group imported from a social provider.', max_length=10, null=True, verbose_name='Social Authentication Provider'), + ), + ] diff --git a/dojo/db_migrations/0162_created_and_updated.py b/dojo/db_migrations/0162_created_and_updated.py new file mode 100644 index 00000000000..282a69d4e96 --- /dev/null +++ b/dojo/db_migrations/0162_created_and_updated.py @@ -0,0 +1,128 @@ +# Generated by Django 3.2.13 on 2022-06-03 20:27 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0161_alter_dojo_group_social_provider'), + ] + + operations = [ + migrations.AlterField( + model_name='alerts', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='app_analysis', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_category', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_category', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='benchmark_product', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_product', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='benchmark_product_summary', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_product_summary', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='benchmark_requirement', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_requirement', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='benchmark_type', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='benchmark_type', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='contact', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='languages', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='objects_product', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='objects_review', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='product', + name='created', + field=models.DateTimeField(auto_now_add=True, null=True), + ), + migrations.AlterField( + model_name='product', + name='updated', + field=models.DateTimeField(auto_now=True, null=True), + ), + migrations.AlterField( + model_name='sonarqube_issue_transition', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='testing_guide', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='testing_guide', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + migrations.AlterField( + model_name='testing_guide_category', + name='created', + field=models.DateTimeField(auto_now_add=True), + ), + migrations.AlterField( + model_name='testing_guide_category', + name='updated', + field=models.DateTimeField(auto_now=True), + ), + ] diff --git a/dojo/db_migrations/0163_system_settings_enable_calendar.py b/dojo/db_migrations/0163_system_settings_enable_calendar.py new file mode 100644 index 00000000000..4355259bbeb --- /dev/null +++ b/dojo/db_migrations/0163_system_settings_enable_calendar.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.13 on 2022-06-18 16:09 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0162_created_and_updated'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='enable_calendar', + field=models.BooleanField(default=True, help_text='With this setting turned off, the Calendar will be disabled in the user interface.', verbose_name='Enable Calendar'), + ), + ] diff --git a/dojo/db_migrations/0164_remove_system_settings_staff_user_email_pattern.py b/dojo/db_migrations/0164_remove_system_settings_staff_user_email_pattern.py new file mode 100644 index 00000000000..76311977f41 --- /dev/null +++ b/dojo/db_migrations/0164_remove_system_settings_staff_user_email_pattern.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.13 on 2022-06-22 04:41 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0163_system_settings_enable_calendar'), + ] + + operations = [ + migrations.RemoveField( + model_name='system_settings', + name='staff_user_email_pattern', + ), + ] diff --git a/dojo/db_migrations/0165_custom_sla.py b/dojo/db_migrations/0165_custom_sla.py new file mode 100644 index 00000000000..1bc49da871b --- /dev/null +++ b/dojo/db_migrations/0165_custom_sla.py @@ -0,0 +1,59 @@ +# Generated by Django 3.2.13 on 2022-05-28 20:06 +import logging + +from django.db import migrations, models + +logger = logging.getLogger(__name__) + + +# def save_existing_sla(apps, schema_editor): +# system_settings_model = apps.get_model('dojo', 'System_Settings') +# +# try: +# system_settings = system_settings_model.objects.get() +# critical = system_settings.sla_critical, +# high = system_settings.sla_high, +# medium = system_settings.sla_medium, +# low = system_settings.sla_low +# except: +# critical = 7 +# high = 30 +# medium = 90 +# low = 120 +# +# SLA_Configuration = apps.get_model('dojo', 'SLA_Configuration') +# SLA_Configuration.objects.create(name='Default', +# description='The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.', +# critical=critical, +# high=high, +# medium=medium, +# low=low) + + +class Migration(migrations.Migration): + dependencies = [ + ('dojo', '0164_remove_system_settings_staff_user_email_pattern'), + ] + + operations = [ + migrations.CreateModel( + name='SLA_Configuration', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(help_text='A unique name for the set of SLAs.', max_length=128, unique=True, + verbose_name='Custom SLA Name')), + ('description', models.CharField(blank=True, max_length=512, null=True)), + ('critical', models.IntegerField(default=7, help_text='number of days to remediate a critical finding.', + verbose_name='Critical Finding SLA Days')), + ('high', models.IntegerField(default=30, help_text='number of days to remediate a high finding.', + verbose_name='High Finding SLA Days')), + ('medium', models.IntegerField(default=90, help_text='number of days to remediate a medium finding.', + verbose_name='Medium Finding SLA Days')), + ('low', models.IntegerField(default=120, help_text='number of days to remediate a low finding.', + verbose_name='Low Finding SLA Days')), + ], + options={ + 'ordering': ['name'], + }, + ) + ] diff --git a/dojo/db_migrations/0166_copy_sla_from_system_settings.py b/dojo/db_migrations/0166_copy_sla_from_system_settings.py new file mode 100644 index 00000000000..04ca17cccbf --- /dev/null +++ b/dojo/db_migrations/0166_copy_sla_from_system_settings.py @@ -0,0 +1,65 @@ +# Generated by Django 3.2.14 on 2022-07-28 13:11 +import logging + +import django.db.models.deletion + +from django.db import migrations, models + +logger = logging.getLogger(__name__) + + +def save_existing_sla(apps, schema_editor): + system_settings_model = apps.get_model('dojo', 'System_Settings') + + try: + system_settings = system_settings_model.objects.get() + critical = system_settings.sla_critical + high = system_settings.sla_high + medium = system_settings.sla_medium + low = system_settings.sla_low + + except: + critical = 7 + high = 30 + medium = 90 + low = 120 + + sla_config = apps.get_model('dojo', 'SLA_Configuration') + sla_config.objects.create(name='Default', + description='The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.', + critical=critical, + high=high, + medium=medium, + low=low) + + +class Migration(migrations.Migration): + dependencies = [ + ('dojo', '0165_custom_sla'), + ] + + operations = [ + migrations.RunPython(save_existing_sla), + migrations.RemoveField( + model_name='system_settings', + name='sla_critical', + ), + migrations.RemoveField( + model_name='system_settings', + name='sla_high', + ), + migrations.RemoveField( + model_name='system_settings', + name='sla_low', + ), + migrations.RemoveField( + model_name='system_settings', + name='sla_medium', + ), + migrations.AddField( + model_name='product', + name='sla_configuration', + field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.RESTRICT, related_name='sla_config', + to='dojo.sla_configuration'), + ), + ] diff --git a/dojo/db_migrations/0167_system_settings_add_vulnerability_id_to_jira_label.py b/dojo/db_migrations/0167_system_settings_add_vulnerability_id_to_jira_label.py new file mode 100644 index 00000000000..51dc27d218c --- /dev/null +++ b/dojo/db_migrations/0167_system_settings_add_vulnerability_id_to_jira_label.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.15 on 2022-08-10 12:34 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0166_copy_sla_from_system_settings'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='add_vulnerability_id_to_jira_label', + field=models.BooleanField(default=False, verbose_name='Add vulnerability Id as a JIRA label'), + ), + ] diff --git a/dojo/db_migrations/0168_alter_system_settings_time_zone.py b/dojo/db_migrations/0168_alter_system_settings_time_zone.py new file mode 100644 index 00000000000..c8ddd275b3f --- /dev/null +++ b/dojo/db_migrations/0168_alter_system_settings_time_zone.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.15 on 2022-08-15 13:00 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0167_system_settings_add_vulnerability_id_to_jira_label'), + ] + + operations = [ + migrations.AlterField( + model_name='system_settings', + name='time_zone', + field=models.CharField(choices=[('Africa/Abidjan', 'Africa/Abidjan'), ('Africa/Accra', 'Africa/Accra'), ('Africa/Addis_Ababa', 'Africa/Addis_Ababa'), ('Africa/Algiers', 'Africa/Algiers'), ('Africa/Asmara', 'Africa/Asmara'), ('Africa/Asmera', 'Africa/Asmera'), ('Africa/Bamako', 'Africa/Bamako'), ('Africa/Bangui', 'Africa/Bangui'), ('Africa/Banjul', 'Africa/Banjul'), ('Africa/Bissau', 'Africa/Bissau'), ('Africa/Blantyre', 'Africa/Blantyre'), ('Africa/Brazzaville', 'Africa/Brazzaville'), ('Africa/Bujumbura', 'Africa/Bujumbura'), ('Africa/Cairo', 'Africa/Cairo'), ('Africa/Casablanca', 'Africa/Casablanca'), ('Africa/Ceuta', 'Africa/Ceuta'), ('Africa/Conakry', 'Africa/Conakry'), ('Africa/Dakar', 'Africa/Dakar'), ('Africa/Dar_es_Salaam', 'Africa/Dar_es_Salaam'), ('Africa/Djibouti', 'Africa/Djibouti'), ('Africa/Douala', 'Africa/Douala'), ('Africa/El_Aaiun', 'Africa/El_Aaiun'), ('Africa/Freetown', 'Africa/Freetown'), ('Africa/Gaborone', 'Africa/Gaborone'), ('Africa/Harare', 'Africa/Harare'), ('Africa/Johannesburg', 'Africa/Johannesburg'), ('Africa/Juba', 'Africa/Juba'), ('Africa/Kampala', 'Africa/Kampala'), ('Africa/Khartoum', 'Africa/Khartoum'), ('Africa/Kigali', 'Africa/Kigali'), ('Africa/Kinshasa', 'Africa/Kinshasa'), ('Africa/Lagos', 'Africa/Lagos'), ('Africa/Libreville', 'Africa/Libreville'), ('Africa/Lome', 'Africa/Lome'), ('Africa/Luanda', 'Africa/Luanda'), ('Africa/Lubumbashi', 'Africa/Lubumbashi'), ('Africa/Lusaka', 'Africa/Lusaka'), ('Africa/Malabo', 'Africa/Malabo'), ('Africa/Maputo', 'Africa/Maputo'), ('Africa/Maseru', 'Africa/Maseru'), ('Africa/Mbabane', 'Africa/Mbabane'), ('Africa/Mogadishu', 'Africa/Mogadishu'), ('Africa/Monrovia', 'Africa/Monrovia'), ('Africa/Nairobi', 'Africa/Nairobi'), ('Africa/Ndjamena', 'Africa/Ndjamena'), ('Africa/Niamey', 'Africa/Niamey'), ('Africa/Nouakchott', 'Africa/Nouakchott'), ('Africa/Ouagadougou', 'Africa/Ouagadougou'), ('Africa/Porto-Novo', 'Africa/Porto-Novo'), ('Africa/Sao_Tome', 'Africa/Sao_Tome'), ('Africa/Timbuktu', 'Africa/Timbuktu'), ('Africa/Tripoli', 'Africa/Tripoli'), ('Africa/Tunis', 'Africa/Tunis'), ('Africa/Windhoek', 'Africa/Windhoek'), ('America/Adak', 'America/Adak'), ('America/Anchorage', 'America/Anchorage'), ('America/Anguilla', 'America/Anguilla'), ('America/Antigua', 'America/Antigua'), ('America/Araguaina', 'America/Araguaina'), ('America/Argentina/Buenos_Aires', 'America/Argentina/Buenos_Aires'), ('America/Argentina/Catamarca', 'America/Argentina/Catamarca'), ('America/Argentina/ComodRivadavia', 'America/Argentina/ComodRivadavia'), ('America/Argentina/Cordoba', 'America/Argentina/Cordoba'), ('America/Argentina/Jujuy', 'America/Argentina/Jujuy'), ('America/Argentina/La_Rioja', 'America/Argentina/La_Rioja'), ('America/Argentina/Mendoza', 'America/Argentina/Mendoza'), ('America/Argentina/Rio_Gallegos', 'America/Argentina/Rio_Gallegos'), ('America/Argentina/Salta', 'America/Argentina/Salta'), ('America/Argentina/San_Juan', 'America/Argentina/San_Juan'), ('America/Argentina/San_Luis', 'America/Argentina/San_Luis'), ('America/Argentina/Tucuman', 'America/Argentina/Tucuman'), ('America/Argentina/Ushuaia', 'America/Argentina/Ushuaia'), ('America/Aruba', 'America/Aruba'), ('America/Asuncion', 'America/Asuncion'), ('America/Atikokan', 'America/Atikokan'), ('America/Atka', 'America/Atka'), ('America/Bahia', 'America/Bahia'), ('America/Bahia_Banderas', 'America/Bahia_Banderas'), ('America/Barbados', 'America/Barbados'), ('America/Belem', 'America/Belem'), ('America/Belize', 'America/Belize'), ('America/Blanc-Sablon', 'America/Blanc-Sablon'), ('America/Boa_Vista', 'America/Boa_Vista'), ('America/Bogota', 'America/Bogota'), ('America/Boise', 'America/Boise'), ('America/Buenos_Aires', 'America/Buenos_Aires'), ('America/Cambridge_Bay', 'America/Cambridge_Bay'), ('America/Campo_Grande', 'America/Campo_Grande'), ('America/Cancun', 'America/Cancun'), ('America/Caracas', 'America/Caracas'), ('America/Catamarca', 'America/Catamarca'), ('America/Cayenne', 'America/Cayenne'), ('America/Cayman', 'America/Cayman'), ('America/Chicago', 'America/Chicago'), ('America/Chihuahua', 'America/Chihuahua'), ('America/Coral_Harbour', 'America/Coral_Harbour'), ('America/Cordoba', 'America/Cordoba'), ('America/Costa_Rica', 'America/Costa_Rica'), ('America/Creston', 'America/Creston'), ('America/Cuiaba', 'America/Cuiaba'), ('America/Curacao', 'America/Curacao'), ('America/Danmarkshavn', 'America/Danmarkshavn'), ('America/Dawson', 'America/Dawson'), ('America/Dawson_Creek', 'America/Dawson_Creek'), ('America/Denver', 'America/Denver'), ('America/Detroit', 'America/Detroit'), ('America/Dominica', 'America/Dominica'), ('America/Edmonton', 'America/Edmonton'), ('America/Eirunepe', 'America/Eirunepe'), ('America/El_Salvador', 'America/El_Salvador'), ('America/Ensenada', 'America/Ensenada'), ('America/Fort_Nelson', 'America/Fort_Nelson'), ('America/Fort_Wayne', 'America/Fort_Wayne'), ('America/Fortaleza', 'America/Fortaleza'), ('America/Glace_Bay', 'America/Glace_Bay'), ('America/Godthab', 'America/Godthab'), ('America/Goose_Bay', 'America/Goose_Bay'), ('America/Grand_Turk', 'America/Grand_Turk'), ('America/Grenada', 'America/Grenada'), ('America/Guadeloupe', 'America/Guadeloupe'), ('America/Guatemala', 'America/Guatemala'), ('America/Guayaquil', 'America/Guayaquil'), ('America/Guyana', 'America/Guyana'), ('America/Halifax', 'America/Halifax'), ('America/Havana', 'America/Havana'), ('America/Hermosillo', 'America/Hermosillo'), ('America/Indiana/Indianapolis', 'America/Indiana/Indianapolis'), ('America/Indiana/Knox', 'America/Indiana/Knox'), ('America/Indiana/Marengo', 'America/Indiana/Marengo'), ('America/Indiana/Petersburg', 'America/Indiana/Petersburg'), ('America/Indiana/Tell_City', 'America/Indiana/Tell_City'), ('America/Indiana/Vevay', 'America/Indiana/Vevay'), ('America/Indiana/Vincennes', 'America/Indiana/Vincennes'), ('America/Indiana/Winamac', 'America/Indiana/Winamac'), ('America/Indianapolis', 'America/Indianapolis'), ('America/Inuvik', 'America/Inuvik'), ('America/Iqaluit', 'America/Iqaluit'), ('America/Jamaica', 'America/Jamaica'), ('America/Jujuy', 'America/Jujuy'), ('America/Juneau', 'America/Juneau'), ('America/Kentucky/Louisville', 'America/Kentucky/Louisville'), ('America/Kentucky/Monticello', 'America/Kentucky/Monticello'), ('America/Knox_IN', 'America/Knox_IN'), ('America/Kralendijk', 'America/Kralendijk'), ('America/La_Paz', 'America/La_Paz'), ('America/Lima', 'America/Lima'), ('America/Los_Angeles', 'America/Los_Angeles'), ('America/Louisville', 'America/Louisville'), ('America/Lower_Princes', 'America/Lower_Princes'), ('America/Maceio', 'America/Maceio'), ('America/Managua', 'America/Managua'), ('America/Manaus', 'America/Manaus'), ('America/Marigot', 'America/Marigot'), ('America/Martinique', 'America/Martinique'), ('America/Matamoros', 'America/Matamoros'), ('America/Mazatlan', 'America/Mazatlan'), ('America/Mendoza', 'America/Mendoza'), ('America/Menominee', 'America/Menominee'), ('America/Merida', 'America/Merida'), ('America/Metlakatla', 'America/Metlakatla'), ('America/Mexico_City', 'America/Mexico_City'), ('America/Miquelon', 'America/Miquelon'), ('America/Moncton', 'America/Moncton'), ('America/Monterrey', 'America/Monterrey'), ('America/Montevideo', 'America/Montevideo'), ('America/Montreal', 'America/Montreal'), ('America/Montserrat', 'America/Montserrat'), ('America/Nassau', 'America/Nassau'), ('America/New_York', 'America/New_York'), ('America/Nipigon', 'America/Nipigon'), ('America/Nome', 'America/Nome'), ('America/Noronha', 'America/Noronha'), ('America/North_Dakota/Beulah', 'America/North_Dakota/Beulah'), ('America/North_Dakota/Center', 'America/North_Dakota/Center'), ('America/North_Dakota/New_Salem', 'America/North_Dakota/New_Salem'), ('America/Nuuk', 'America/Nuuk'), ('America/Ojinaga', 'America/Ojinaga'), ('America/Panama', 'America/Panama'), ('America/Pangnirtung', 'America/Pangnirtung'), ('America/Paramaribo', 'America/Paramaribo'), ('America/Phoenix', 'America/Phoenix'), ('America/Port-au-Prince', 'America/Port-au-Prince'), ('America/Port_of_Spain', 'America/Port_of_Spain'), ('America/Porto_Acre', 'America/Porto_Acre'), ('America/Porto_Velho', 'America/Porto_Velho'), ('America/Puerto_Rico', 'America/Puerto_Rico'), ('America/Punta_Arenas', 'America/Punta_Arenas'), ('America/Rainy_River', 'America/Rainy_River'), ('America/Rankin_Inlet', 'America/Rankin_Inlet'), ('America/Recife', 'America/Recife'), ('America/Regina', 'America/Regina'), ('America/Resolute', 'America/Resolute'), ('America/Rio_Branco', 'America/Rio_Branco'), ('America/Rosario', 'America/Rosario'), ('America/Santa_Isabel', 'America/Santa_Isabel'), ('America/Santarem', 'America/Santarem'), ('America/Santiago', 'America/Santiago'), ('America/Santo_Domingo', 'America/Santo_Domingo'), ('America/Sao_Paulo', 'America/Sao_Paulo'), ('America/Scoresbysund', 'America/Scoresbysund'), ('America/Shiprock', 'America/Shiprock'), ('America/Sitka', 'America/Sitka'), ('America/St_Barthelemy', 'America/St_Barthelemy'), ('America/St_Johns', 'America/St_Johns'), ('America/St_Kitts', 'America/St_Kitts'), ('America/St_Lucia', 'America/St_Lucia'), ('America/St_Thomas', 'America/St_Thomas'), ('America/St_Vincent', 'America/St_Vincent'), ('America/Swift_Current', 'America/Swift_Current'), ('America/Tegucigalpa', 'America/Tegucigalpa'), ('America/Thule', 'America/Thule'), ('America/Thunder_Bay', 'America/Thunder_Bay'), ('America/Tijuana', 'America/Tijuana'), ('America/Toronto', 'America/Toronto'), ('America/Tortola', 'America/Tortola'), ('America/Vancouver', 'America/Vancouver'), ('America/Virgin', 'America/Virgin'), ('America/Whitehorse', 'America/Whitehorse'), ('America/Winnipeg', 'America/Winnipeg'), ('America/Yakutat', 'America/Yakutat'), ('America/Yellowknife', 'America/Yellowknife'), ('Antarctica/Casey', 'Antarctica/Casey'), ('Antarctica/Davis', 'Antarctica/Davis'), ('Antarctica/DumontDUrville', 'Antarctica/DumontDUrville'), ('Antarctica/Macquarie', 'Antarctica/Macquarie'), ('Antarctica/Mawson', 'Antarctica/Mawson'), ('Antarctica/McMurdo', 'Antarctica/McMurdo'), ('Antarctica/Palmer', 'Antarctica/Palmer'), ('Antarctica/Rothera', 'Antarctica/Rothera'), ('Antarctica/South_Pole', 'Antarctica/South_Pole'), ('Antarctica/Syowa', 'Antarctica/Syowa'), ('Antarctica/Troll', 'Antarctica/Troll'), ('Antarctica/Vostok', 'Antarctica/Vostok'), ('Arctic/Longyearbyen', 'Arctic/Longyearbyen'), ('Asia/Aden', 'Asia/Aden'), ('Asia/Almaty', 'Asia/Almaty'), ('Asia/Amman', 'Asia/Amman'), ('Asia/Anadyr', 'Asia/Anadyr'), ('Asia/Aqtau', 'Asia/Aqtau'), ('Asia/Aqtobe', 'Asia/Aqtobe'), ('Asia/Ashgabat', 'Asia/Ashgabat'), ('Asia/Ashkhabad', 'Asia/Ashkhabad'), ('Asia/Atyrau', 'Asia/Atyrau'), ('Asia/Baghdad', 'Asia/Baghdad'), ('Asia/Bahrain', 'Asia/Bahrain'), ('Asia/Baku', 'Asia/Baku'), ('Asia/Bangkok', 'Asia/Bangkok'), ('Asia/Barnaul', 'Asia/Barnaul'), ('Asia/Beirut', 'Asia/Beirut'), ('Asia/Bishkek', 'Asia/Bishkek'), ('Asia/Brunei', 'Asia/Brunei'), ('Asia/Calcutta', 'Asia/Calcutta'), ('Asia/Chita', 'Asia/Chita'), ('Asia/Choibalsan', 'Asia/Choibalsan'), ('Asia/Chongqing', 'Asia/Chongqing'), ('Asia/Chungking', 'Asia/Chungking'), ('Asia/Colombo', 'Asia/Colombo'), ('Asia/Dacca', 'Asia/Dacca'), ('Asia/Damascus', 'Asia/Damascus'), ('Asia/Dhaka', 'Asia/Dhaka'), ('Asia/Dili', 'Asia/Dili'), ('Asia/Dubai', 'Asia/Dubai'), ('Asia/Dushanbe', 'Asia/Dushanbe'), ('Asia/Famagusta', 'Asia/Famagusta'), ('Asia/Gaza', 'Asia/Gaza'), ('Asia/Harbin', 'Asia/Harbin'), ('Asia/Hebron', 'Asia/Hebron'), ('Asia/Ho_Chi_Minh', 'Asia/Ho_Chi_Minh'), ('Asia/Hong_Kong', 'Asia/Hong_Kong'), ('Asia/Hovd', 'Asia/Hovd'), ('Asia/Irkutsk', 'Asia/Irkutsk'), ('Asia/Istanbul', 'Asia/Istanbul'), ('Asia/Jakarta', 'Asia/Jakarta'), ('Asia/Jayapura', 'Asia/Jayapura'), ('Asia/Jerusalem', 'Asia/Jerusalem'), ('Asia/Kabul', 'Asia/Kabul'), ('Asia/Kamchatka', 'Asia/Kamchatka'), ('Asia/Karachi', 'Asia/Karachi'), ('Asia/Kashgar', 'Asia/Kashgar'), ('Asia/Kathmandu', 'Asia/Kathmandu'), ('Asia/Katmandu', 'Asia/Katmandu'), ('Asia/Khandyga', 'Asia/Khandyga'), ('Asia/Kolkata', 'Asia/Kolkata'), ('Asia/Krasnoyarsk', 'Asia/Krasnoyarsk'), ('Asia/Kuala_Lumpur', 'Asia/Kuala_Lumpur'), ('Asia/Kuching', 'Asia/Kuching'), ('Asia/Kuwait', 'Asia/Kuwait'), ('Asia/Macao', 'Asia/Macao'), ('Asia/Macau', 'Asia/Macau'), ('Asia/Magadan', 'Asia/Magadan'), ('Asia/Makassar', 'Asia/Makassar'), ('Asia/Manila', 'Asia/Manila'), ('Asia/Muscat', 'Asia/Muscat'), ('Asia/Nicosia', 'Asia/Nicosia'), ('Asia/Novokuznetsk', 'Asia/Novokuznetsk'), ('Asia/Novosibirsk', 'Asia/Novosibirsk'), ('Asia/Omsk', 'Asia/Omsk'), ('Asia/Oral', 'Asia/Oral'), ('Asia/Phnom_Penh', 'Asia/Phnom_Penh'), ('Asia/Pontianak', 'Asia/Pontianak'), ('Asia/Pyongyang', 'Asia/Pyongyang'), ('Asia/Qatar', 'Asia/Qatar'), ('Asia/Qostanay', 'Asia/Qostanay'), ('Asia/Qyzylorda', 'Asia/Qyzylorda'), ('Asia/Rangoon', 'Asia/Rangoon'), ('Asia/Riyadh', 'Asia/Riyadh'), ('Asia/Saigon', 'Asia/Saigon'), ('Asia/Sakhalin', 'Asia/Sakhalin'), ('Asia/Samarkand', 'Asia/Samarkand'), ('Asia/Seoul', 'Asia/Seoul'), ('Asia/Shanghai', 'Asia/Shanghai'), ('Asia/Singapore', 'Asia/Singapore'), ('Asia/Srednekolymsk', 'Asia/Srednekolymsk'), ('Asia/Taipei', 'Asia/Taipei'), ('Asia/Tashkent', 'Asia/Tashkent'), ('Asia/Tbilisi', 'Asia/Tbilisi'), ('Asia/Tehran', 'Asia/Tehran'), ('Asia/Tel_Aviv', 'Asia/Tel_Aviv'), ('Asia/Thimbu', 'Asia/Thimbu'), ('Asia/Thimphu', 'Asia/Thimphu'), ('Asia/Tokyo', 'Asia/Tokyo'), ('Asia/Tomsk', 'Asia/Tomsk'), ('Asia/Ujung_Pandang', 'Asia/Ujung_Pandang'), ('Asia/Ulaanbaatar', 'Asia/Ulaanbaatar'), ('Asia/Ulan_Bator', 'Asia/Ulan_Bator'), ('Asia/Urumqi', 'Asia/Urumqi'), ('Asia/Ust-Nera', 'Asia/Ust-Nera'), ('Asia/Vientiane', 'Asia/Vientiane'), ('Asia/Vladivostok', 'Asia/Vladivostok'), ('Asia/Yakutsk', 'Asia/Yakutsk'), ('Asia/Yangon', 'Asia/Yangon'), ('Asia/Yekaterinburg', 'Asia/Yekaterinburg'), ('Asia/Yerevan', 'Asia/Yerevan'), ('Atlantic/Azores', 'Atlantic/Azores'), ('Atlantic/Bermuda', 'Atlantic/Bermuda'), ('Atlantic/Canary', 'Atlantic/Canary'), ('Atlantic/Cape_Verde', 'Atlantic/Cape_Verde'), ('Atlantic/Faeroe', 'Atlantic/Faeroe'), ('Atlantic/Faroe', 'Atlantic/Faroe'), ('Atlantic/Jan_Mayen', 'Atlantic/Jan_Mayen'), ('Atlantic/Madeira', 'Atlantic/Madeira'), ('Atlantic/Reykjavik', 'Atlantic/Reykjavik'), ('Atlantic/South_Georgia', 'Atlantic/South_Georgia'), ('Atlantic/St_Helena', 'Atlantic/St_Helena'), ('Atlantic/Stanley', 'Atlantic/Stanley'), ('Australia/ACT', 'Australia/ACT'), ('Australia/Adelaide', 'Australia/Adelaide'), ('Australia/Brisbane', 'Australia/Brisbane'), ('Australia/Broken_Hill', 'Australia/Broken_Hill'), ('Australia/Canberra', 'Australia/Canberra'), ('Australia/Currie', 'Australia/Currie'), ('Australia/Darwin', 'Australia/Darwin'), ('Australia/Eucla', 'Australia/Eucla'), ('Australia/Hobart', 'Australia/Hobart'), ('Australia/LHI', 'Australia/LHI'), ('Australia/Lindeman', 'Australia/Lindeman'), ('Australia/Lord_Howe', 'Australia/Lord_Howe'), ('Australia/Melbourne', 'Australia/Melbourne'), ('Australia/NSW', 'Australia/NSW'), ('Australia/North', 'Australia/North'), ('Australia/Perth', 'Australia/Perth'), ('Australia/Queensland', 'Australia/Queensland'), ('Australia/South', 'Australia/South'), ('Australia/Sydney', 'Australia/Sydney'), ('Australia/Tasmania', 'Australia/Tasmania'), ('Australia/Victoria', 'Australia/Victoria'), ('Australia/West', 'Australia/West'), ('Australia/Yancowinna', 'Australia/Yancowinna'), ('Brazil/Acre', 'Brazil/Acre'), ('Brazil/DeNoronha', 'Brazil/DeNoronha'), ('Brazil/East', 'Brazil/East'), ('Brazil/West', 'Brazil/West'), ('CET', 'CET'), ('CST6CDT', 'CST6CDT'), ('Canada/Atlantic', 'Canada/Atlantic'), ('Canada/Central', 'Canada/Central'), ('Canada/Eastern', 'Canada/Eastern'), ('Canada/Mountain', 'Canada/Mountain'), ('Canada/Newfoundland', 'Canada/Newfoundland'), ('Canada/Pacific', 'Canada/Pacific'), ('Canada/Saskatchewan', 'Canada/Saskatchewan'), ('Canada/Yukon', 'Canada/Yukon'), ('Chile/Continental', 'Chile/Continental'), ('Chile/EasterIsland', 'Chile/EasterIsland'), ('Cuba', 'Cuba'), ('EET', 'EET'), ('EST', 'EST'), ('EST5EDT', 'EST5EDT'), ('Egypt', 'Egypt'), ('Eire', 'Eire'), ('Etc/GMT', 'Etc/GMT'), ('Etc/GMT+0', 'Etc/GMT+0'), ('Etc/GMT+1', 'Etc/GMT+1'), ('Etc/GMT+10', 'Etc/GMT+10'), ('Etc/GMT+11', 'Etc/GMT+11'), ('Etc/GMT+12', 'Etc/GMT+12'), ('Etc/GMT+2', 'Etc/GMT+2'), ('Etc/GMT+3', 'Etc/GMT+3'), ('Etc/GMT+4', 'Etc/GMT+4'), ('Etc/GMT+5', 'Etc/GMT+5'), ('Etc/GMT+6', 'Etc/GMT+6'), ('Etc/GMT+7', 'Etc/GMT+7'), ('Etc/GMT+8', 'Etc/GMT+8'), ('Etc/GMT+9', 'Etc/GMT+9'), ('Etc/GMT-0', 'Etc/GMT-0'), ('Etc/GMT-1', 'Etc/GMT-1'), ('Etc/GMT-10', 'Etc/GMT-10'), ('Etc/GMT-11', 'Etc/GMT-11'), ('Etc/GMT-12', 'Etc/GMT-12'), ('Etc/GMT-13', 'Etc/GMT-13'), ('Etc/GMT-14', 'Etc/GMT-14'), ('Etc/GMT-2', 'Etc/GMT-2'), ('Etc/GMT-3', 'Etc/GMT-3'), ('Etc/GMT-4', 'Etc/GMT-4'), ('Etc/GMT-5', 'Etc/GMT-5'), ('Etc/GMT-6', 'Etc/GMT-6'), ('Etc/GMT-7', 'Etc/GMT-7'), ('Etc/GMT-8', 'Etc/GMT-8'), ('Etc/GMT-9', 'Etc/GMT-9'), ('Etc/GMT0', 'Etc/GMT0'), ('Etc/Greenwich', 'Etc/Greenwich'), ('Etc/UCT', 'Etc/UCT'), ('Etc/UTC', 'Etc/UTC'), ('Etc/Universal', 'Etc/Universal'), ('Etc/Zulu', 'Etc/Zulu'), ('Europe/Amsterdam', 'Europe/Amsterdam'), ('Europe/Andorra', 'Europe/Andorra'), ('Europe/Astrakhan', 'Europe/Astrakhan'), ('Europe/Athens', 'Europe/Athens'), ('Europe/Belfast', 'Europe/Belfast'), ('Europe/Belgrade', 'Europe/Belgrade'), ('Europe/Berlin', 'Europe/Berlin'), ('Europe/Bratislava', 'Europe/Bratislava'), ('Europe/Brussels', 'Europe/Brussels'), ('Europe/Bucharest', 'Europe/Bucharest'), ('Europe/Budapest', 'Europe/Budapest'), ('Europe/Busingen', 'Europe/Busingen'), ('Europe/Chisinau', 'Europe/Chisinau'), ('Europe/Copenhagen', 'Europe/Copenhagen'), ('Europe/Dublin', 'Europe/Dublin'), ('Europe/Gibraltar', 'Europe/Gibraltar'), ('Europe/Guernsey', 'Europe/Guernsey'), ('Europe/Helsinki', 'Europe/Helsinki'), ('Europe/Isle_of_Man', 'Europe/Isle_of_Man'), ('Europe/Istanbul', 'Europe/Istanbul'), ('Europe/Jersey', 'Europe/Jersey'), ('Europe/Kaliningrad', 'Europe/Kaliningrad'), ('Europe/Kiev', 'Europe/Kiev'), ('Europe/Kirov', 'Europe/Kirov'), ('Europe/Kyiv', 'Europe/Kyiv'), ('Europe/Lisbon', 'Europe/Lisbon'), ('Europe/Ljubljana', 'Europe/Ljubljana'), ('Europe/London', 'Europe/London'), ('Europe/Luxembourg', 'Europe/Luxembourg'), ('Europe/Madrid', 'Europe/Madrid'), ('Europe/Malta', 'Europe/Malta'), ('Europe/Mariehamn', 'Europe/Mariehamn'), ('Europe/Minsk', 'Europe/Minsk'), ('Europe/Monaco', 'Europe/Monaco'), ('Europe/Moscow', 'Europe/Moscow'), ('Europe/Nicosia', 'Europe/Nicosia'), ('Europe/Oslo', 'Europe/Oslo'), ('Europe/Paris', 'Europe/Paris'), ('Europe/Podgorica', 'Europe/Podgorica'), ('Europe/Prague', 'Europe/Prague'), ('Europe/Riga', 'Europe/Riga'), ('Europe/Rome', 'Europe/Rome'), ('Europe/Samara', 'Europe/Samara'), ('Europe/San_Marino', 'Europe/San_Marino'), ('Europe/Sarajevo', 'Europe/Sarajevo'), ('Europe/Saratov', 'Europe/Saratov'), ('Europe/Simferopol', 'Europe/Simferopol'), ('Europe/Skopje', 'Europe/Skopje'), ('Europe/Sofia', 'Europe/Sofia'), ('Europe/Stockholm', 'Europe/Stockholm'), ('Europe/Tallinn', 'Europe/Tallinn'), ('Europe/Tirane', 'Europe/Tirane'), ('Europe/Tiraspol', 'Europe/Tiraspol'), ('Europe/Ulyanovsk', 'Europe/Ulyanovsk'), ('Europe/Uzhgorod', 'Europe/Uzhgorod'), ('Europe/Vaduz', 'Europe/Vaduz'), ('Europe/Vatican', 'Europe/Vatican'), ('Europe/Vienna', 'Europe/Vienna'), ('Europe/Vilnius', 'Europe/Vilnius'), ('Europe/Volgograd', 'Europe/Volgograd'), ('Europe/Warsaw', 'Europe/Warsaw'), ('Europe/Zagreb', 'Europe/Zagreb'), ('Europe/Zaporozhye', 'Europe/Zaporozhye'), ('Europe/Zurich', 'Europe/Zurich'), ('GB', 'GB'), ('GB-Eire', 'GB-Eire'), ('GMT', 'GMT'), ('GMT+0', 'GMT+0'), ('GMT-0', 'GMT-0'), ('GMT0', 'GMT0'), ('Greenwich', 'Greenwich'), ('HST', 'HST'), ('Hongkong', 'Hongkong'), ('Iceland', 'Iceland'), ('Indian/Antananarivo', 'Indian/Antananarivo'), ('Indian/Chagos', 'Indian/Chagos'), ('Indian/Christmas', 'Indian/Christmas'), ('Indian/Cocos', 'Indian/Cocos'), ('Indian/Comoro', 'Indian/Comoro'), ('Indian/Kerguelen', 'Indian/Kerguelen'), ('Indian/Mahe', 'Indian/Mahe'), ('Indian/Maldives', 'Indian/Maldives'), ('Indian/Mauritius', 'Indian/Mauritius'), ('Indian/Mayotte', 'Indian/Mayotte'), ('Indian/Reunion', 'Indian/Reunion'), ('Iran', 'Iran'), ('Israel', 'Israel'), ('Jamaica', 'Jamaica'), ('Japan', 'Japan'), ('Kwajalein', 'Kwajalein'), ('Libya', 'Libya'), ('MET', 'MET'), ('MST', 'MST'), ('MST7MDT', 'MST7MDT'), ('Mexico/BajaNorte', 'Mexico/BajaNorte'), ('Mexico/BajaSur', 'Mexico/BajaSur'), ('Mexico/General', 'Mexico/General'), ('NZ', 'NZ'), ('NZ-CHAT', 'NZ-CHAT'), ('Navajo', 'Navajo'), ('PRC', 'PRC'), ('PST8PDT', 'PST8PDT'), ('Pacific/Apia', 'Pacific/Apia'), ('Pacific/Auckland', 'Pacific/Auckland'), ('Pacific/Bougainville', 'Pacific/Bougainville'), ('Pacific/Chatham', 'Pacific/Chatham'), ('Pacific/Chuuk', 'Pacific/Chuuk'), ('Pacific/Easter', 'Pacific/Easter'), ('Pacific/Efate', 'Pacific/Efate'), ('Pacific/Enderbury', 'Pacific/Enderbury'), ('Pacific/Fakaofo', 'Pacific/Fakaofo'), ('Pacific/Fiji', 'Pacific/Fiji'), ('Pacific/Funafuti', 'Pacific/Funafuti'), ('Pacific/Galapagos', 'Pacific/Galapagos'), ('Pacific/Gambier', 'Pacific/Gambier'), ('Pacific/Guadalcanal', 'Pacific/Guadalcanal'), ('Pacific/Guam', 'Pacific/Guam'), ('Pacific/Honolulu', 'Pacific/Honolulu'), ('Pacific/Johnston', 'Pacific/Johnston'), ('Pacific/Kanton', 'Pacific/Kanton'), ('Pacific/Kiritimati', 'Pacific/Kiritimati'), ('Pacific/Kosrae', 'Pacific/Kosrae'), ('Pacific/Kwajalein', 'Pacific/Kwajalein'), ('Pacific/Majuro', 'Pacific/Majuro'), ('Pacific/Marquesas', 'Pacific/Marquesas'), ('Pacific/Midway', 'Pacific/Midway'), ('Pacific/Nauru', 'Pacific/Nauru'), ('Pacific/Niue', 'Pacific/Niue'), ('Pacific/Norfolk', 'Pacific/Norfolk'), ('Pacific/Noumea', 'Pacific/Noumea'), ('Pacific/Pago_Pago', 'Pacific/Pago_Pago'), ('Pacific/Palau', 'Pacific/Palau'), ('Pacific/Pitcairn', 'Pacific/Pitcairn'), ('Pacific/Pohnpei', 'Pacific/Pohnpei'), ('Pacific/Ponape', 'Pacific/Ponape'), ('Pacific/Port_Moresby', 'Pacific/Port_Moresby'), ('Pacific/Rarotonga', 'Pacific/Rarotonga'), ('Pacific/Saipan', 'Pacific/Saipan'), ('Pacific/Samoa', 'Pacific/Samoa'), ('Pacific/Tahiti', 'Pacific/Tahiti'), ('Pacific/Tarawa', 'Pacific/Tarawa'), ('Pacific/Tongatapu', 'Pacific/Tongatapu'), ('Pacific/Truk', 'Pacific/Truk'), ('Pacific/Wake', 'Pacific/Wake'), ('Pacific/Wallis', 'Pacific/Wallis'), ('Pacific/Yap', 'Pacific/Yap'), ('Poland', 'Poland'), ('Portugal', 'Portugal'), ('ROC', 'ROC'), ('ROK', 'ROK'), ('Singapore', 'Singapore'), ('Turkey', 'Turkey'), ('UCT', 'UCT'), ('US/Alaska', 'US/Alaska'), ('US/Aleutian', 'US/Aleutian'), ('US/Arizona', 'US/Arizona'), ('US/Central', 'US/Central'), ('US/East-Indiana', 'US/East-Indiana'), ('US/Eastern', 'US/Eastern'), ('US/Hawaii', 'US/Hawaii'), ('US/Indiana-Starke', 'US/Indiana-Starke'), ('US/Michigan', 'US/Michigan'), ('US/Mountain', 'US/Mountain'), ('US/Pacific', 'US/Pacific'), ('US/Samoa', 'US/Samoa'), ('UTC', 'UTC'), ('Universal', 'Universal'), ('W-SU', 'W-SU'), ('WET', 'WET'), ('Zulu', 'Zulu')], default='UTC', max_length=50), + ), + ] diff --git a/dojo/db_migrations/0169_planned_remediation_date.py b/dojo/db_migrations/0169_planned_remediation_date.py new file mode 100644 index 00000000000..1da9721d33f --- /dev/null +++ b/dojo/db_migrations/0169_planned_remediation_date.py @@ -0,0 +1,33 @@ +# Generated by Django 3.2.13 on 2022-05-23 19:38 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0168_alter_system_settings_time_zone'), + ] + + operations = [ + migrations.AddField( + model_name='finding', + name='planned_remediation_date', + field=models.DateField(help_text='The date the flaw is expected to be remediated.', null=True, verbose_name='Planned Remediation Date'), + ), + migrations.AlterField( + model_name='child_rule', + name='match_field', + field=models.CharField(choices=[('id', 'id'), ('title', 'title'), ('date', 'date'), ('sla_start_date', 'sla_start_date'), ('cwe', 'cwe'), ('cve', 'cve'), ('cvssv3', 'cvssv3'), ('cvssv3_score', 'cvssv3_score'), ('url', 'url'), ('severity', 'severity'), ('description', 'description'), ('mitigation', 'mitigation'), ('impact', 'impact'), ('steps_to_reproduce', 'steps_to_reproduce'), ('severity_justification', 'severity_justification'), ('references', 'references'), ('test', 'test'), ('active', 'active'), ('verified', 'verified'), ('false_p', 'false_p'), ('duplicate', 'duplicate'), ('duplicate_finding', 'duplicate_finding'), ('out_of_scope', 'out_of_scope'), ('risk_accepted', 'risk_accepted'), ('under_review', 'under_review'), ('review_requested_by', 'review_requested_by'), ('under_defect_review', 'under_defect_review'), ('defect_review_requested_by', 'defect_review_requested_by'), ('is_mitigated', 'is_mitigated'), ('thread_id', 'thread_id'), ('mitigated', 'mitigated'), ('mitigated_by', 'mitigated_by'), ('reporter', 'reporter'), ('numerical_severity', 'numerical_severity'), ('last_reviewed', 'last_reviewed'), ('last_reviewed_by', 'last_reviewed_by'), ('param', 'param'), ('payload', 'payload'), ('hash_code', 'hash_code'), ('line', 'line'), ('file_path', 'file_path'), ('component_name', 'component_name'), ('component_version', 'component_version'), ('static_finding', 'static_finding'), ('dynamic_finding', 'dynamic_finding'), ('created', 'created'), ('scanner_confidence', 'scanner_confidence'), ('sonarqube_issue', 'sonarqube_issue'), ('unique_id_from_tool', 'unique_id_from_tool'), ('vuln_id_from_tool', 'vuln_id_from_tool'), ('sast_source_object', 'sast_source_object'), ('sast_sink_object', 'sast_sink_object'), ('sast_source_line', 'sast_source_line'), ('sast_source_file_path', 'sast_source_file_path'), ('nb_occurences', 'nb_occurences'), ('publish_date', 'publish_date'), ('service', 'service'), ('planned_remediation_date', 'planned_remediation_date')], max_length=200), + ), + migrations.AlterField( + model_name='rule', + name='applied_field', + field=models.CharField(choices=[('id', 'id'), ('title', 'title'), ('date', 'date'), ('sla_start_date', 'sla_start_date'), ('cwe', 'cwe'), ('cve', 'cve'), ('cvssv3', 'cvssv3'), ('cvssv3_score', 'cvssv3_score'), ('url', 'url'), ('severity', 'severity'), ('description', 'description'), ('mitigation', 'mitigation'), ('impact', 'impact'), ('steps_to_reproduce', 'steps_to_reproduce'), ('severity_justification', 'severity_justification'), ('references', 'references'), ('test', 'test'), ('active', 'active'), ('verified', 'verified'), ('false_p', 'false_p'), ('duplicate', 'duplicate'), ('duplicate_finding', 'duplicate_finding'), ('out_of_scope', 'out_of_scope'), ('risk_accepted', 'risk_accepted'), ('under_review', 'under_review'), ('review_requested_by', 'review_requested_by'), ('under_defect_review', 'under_defect_review'), ('defect_review_requested_by', 'defect_review_requested_by'), ('is_mitigated', 'is_mitigated'), ('thread_id', 'thread_id'), ('mitigated', 'mitigated'), ('mitigated_by', 'mitigated_by'), ('reporter', 'reporter'), ('numerical_severity', 'numerical_severity'), ('last_reviewed', 'last_reviewed'), ('last_reviewed_by', 'last_reviewed_by'), ('param', 'param'), ('payload', 'payload'), ('hash_code', 'hash_code'), ('line', 'line'), ('file_path', 'file_path'), ('component_name', 'component_name'), ('component_version', 'component_version'), ('static_finding', 'static_finding'), ('dynamic_finding', 'dynamic_finding'), ('created', 'created'), ('scanner_confidence', 'scanner_confidence'), ('sonarqube_issue', 'sonarqube_issue'), ('unique_id_from_tool', 'unique_id_from_tool'), ('vuln_id_from_tool', 'vuln_id_from_tool'), ('sast_source_object', 'sast_source_object'), ('sast_sink_object', 'sast_sink_object'), ('sast_source_line', 'sast_source_line'), ('sast_source_file_path', 'sast_source_file_path'), ('nb_occurences', 'nb_occurences'), ('publish_date', 'publish_date'), ('service', 'service'), ('planned_remediation_date', 'planned_remediation_date')], max_length=200), + ), + migrations.AlterField( + model_name='rule', + name='match_field', + field=models.CharField(choices=[('id', 'id'), ('title', 'title'), ('date', 'date'), ('sla_start_date', 'sla_start_date'), ('cwe', 'cwe'), ('cve', 'cve'), ('cvssv3', 'cvssv3'), ('cvssv3_score', 'cvssv3_score'), ('url', 'url'), ('severity', 'severity'), ('description', 'description'), ('mitigation', 'mitigation'), ('impact', 'impact'), ('steps_to_reproduce', 'steps_to_reproduce'), ('severity_justification', 'severity_justification'), ('references', 'references'), ('test', 'test'), ('active', 'active'), ('verified', 'verified'), ('false_p', 'false_p'), ('duplicate', 'duplicate'), ('duplicate_finding', 'duplicate_finding'), ('out_of_scope', 'out_of_scope'), ('risk_accepted', 'risk_accepted'), ('under_review', 'under_review'), ('review_requested_by', 'review_requested_by'), ('under_defect_review', 'under_defect_review'), ('defect_review_requested_by', 'defect_review_requested_by'), ('is_mitigated', 'is_mitigated'), ('thread_id', 'thread_id'), ('mitigated', 'mitigated'), ('mitigated_by', 'mitigated_by'), ('reporter', 'reporter'), ('numerical_severity', 'numerical_severity'), ('last_reviewed', 'last_reviewed'), ('last_reviewed_by', 'last_reviewed_by'), ('param', 'param'), ('payload', 'payload'), ('hash_code', 'hash_code'), ('line', 'line'), ('file_path', 'file_path'), ('component_name', 'component_name'), ('component_version', 'component_version'), ('static_finding', 'static_finding'), ('dynamic_finding', 'dynamic_finding'), ('created', 'created'), ('scanner_confidence', 'scanner_confidence'), ('sonarqube_issue', 'sonarqube_issue'), ('unique_id_from_tool', 'unique_id_from_tool'), ('vuln_id_from_tool', 'vuln_id_from_tool'), ('sast_source_object', 'sast_source_object'), ('sast_sink_object', 'sast_sink_object'), ('sast_source_line', 'sast_source_line'), ('sast_source_file_path', 'sast_source_file_path'), ('nb_occurences', 'nb_occurences'), ('publish_date', 'publish_date'), ('service', 'service'), ('planned_remediation_date', 'planned_remediation_date')], max_length=200), + ), + ] diff --git a/dojo/db_migrations/0170_jira_project_custom_fields.py b/dojo/db_migrations/0170_jira_project_custom_fields.py new file mode 100644 index 00000000000..a05c858cd41 --- /dev/null +++ b/dojo/db_migrations/0170_jira_project_custom_fields.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.15 on 2022-08-29 12:01 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0169_planned_remediation_date'), + ] + + operations = [ + migrations.AddField( + model_name='jira_project', + name='custom_fields', + field=models.JSONField(blank=True, help_text='JIRA custom field JSON mapping of Id to value, e.g. {"customfield_10122": [{"name": "8.0.1"}]}', max_length=200, null=True), + ), + ] diff --git a/dojo/db_migrations/0171_jira_labels_per_product_and_engagement.py b/dojo/db_migrations/0171_jira_labels_per_product_and_engagement.py new file mode 100644 index 00000000000..585f80a8143 --- /dev/null +++ b/dojo/db_migrations/0171_jira_labels_per_product_and_engagement.py @@ -0,0 +1,23 @@ +# Generated by Django 3.2.15 on 2022-08-16 13:33 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0170_jira_project_custom_fields'), + ] + + operations = [ + migrations.AddField( + model_name='jira_project', + name='add_vulnerability_id_to_jira_label', + field=models.BooleanField(default=False, verbose_name='Add vulnerability Id as a JIRA label'), + ), + migrations.AddField( + model_name='jira_project', + name='jira_labels', + field=models.CharField(blank=True, help_text='JIRA issue labels space seperated', max_length=200, null=True), + ), + ] diff --git a/dojo/db_migrations/0172_optimize_usage_of_endpoint_status.py b/dojo/db_migrations/0172_optimize_usage_of_endpoint_status.py new file mode 100644 index 00000000000..b6e3474117d --- /dev/null +++ b/dojo/db_migrations/0172_optimize_usage_of_endpoint_status.py @@ -0,0 +1,50 @@ +# Generated by Django 3.2.13 on 2022-04-26 20:44 + +from django.db import migrations, models +import dojo.models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0171_jira_labels_per_product_and_engagement'), + ] + + operations = [ + migrations.RemoveField( + model_name='endpoint', + name='endpoint_status', + ), + migrations.RemoveField( + model_name='finding', + name='endpoint_status', + ), + # Yes, we can just remove it and add it again because there reduntant data in "Endpoint_Status" - there will be no data-loss; it was tested + # AlterField is not usable because of: ValueError: Cannot alter field xxx into yyy - they are not compatible types (you cannot alter to or from M2M fields, or add or remove through= on M2M fields) + migrations.RemoveField( + model_name='finding', + name='endpoints', + ), + migrations.AddField( + model_name='finding', + name='endpoints', + field=models.ManyToManyField(blank=True, + help_text='The hosts within the product that are susceptible to this flaw. + The status of the endpoint associated with this flaw (Vulnerable, Mitigated, ...).', + through='dojo.Endpoint_Status', + to='dojo.Endpoint', + verbose_name='Endpoints'), + ), + migrations.AddField( + model_name='endpoint', + name='findings', + field=models.ManyToManyField(blank=True, + through='dojo.Endpoint_Status', + to='dojo.Finding', + verbose_name='Findings'), + ), + migrations.AlterField( + model_name='endpoint_status', + name='date', + field=models.DateField(default=dojo.models.get_current_date), + ), + ] diff --git a/dojo/db_migrations/0173_alter_risk_acceptance_name.py b/dojo/db_migrations/0173_alter_risk_acceptance_name.py new file mode 100644 index 00000000000..bb39f0114af --- /dev/null +++ b/dojo/db_migrations/0173_alter_risk_acceptance_name.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.16 on 2022-10-28 13:12 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0172_optimize_usage_of_endpoint_status'), + ] + + operations = [ + migrations.AlterField( + model_name='risk_acceptance', + name='name', + field=models.CharField(help_text='Descriptive name which in the future may also be used to group risk acceptances together across engagements and products', max_length=300), + ), + ] diff --git a/dojo/db_migrations/0174_jira_project_default_assignee.py b/dojo/db_migrations/0174_jira_project_default_assignee.py new file mode 100644 index 00000000000..67b80a878eb --- /dev/null +++ b/dojo/db_migrations/0174_jira_project_default_assignee.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.16 on 2022-11-23 12:49 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0173_alter_risk_acceptance_name'), + ] + + operations = [ + migrations.AddField( + model_name='jira_project', + name='default_assignee', + field=models.CharField(blank=True, help_text='JIRA default assignee (name). If left blank then it defaults to whatever is configured in JIRA.', max_length=200, null=True), + ), + ] diff --git a/dojo/db_migrations/0175_system_settings_enable_notify_sla.py b/dojo/db_migrations/0175_system_settings_enable_notify_sla.py new file mode 100644 index 00000000000..2c10d587ef9 --- /dev/null +++ b/dojo/db_migrations/0175_system_settings_enable_notify_sla.py @@ -0,0 +1,69 @@ +# Generated by Django 3.2.16 on 2022-11-19 22:51 + +from django.db import migrations, models +from django.conf import settings +import logging + +logger = logging.getLogger(__name__) + + +def migrate_notify_sla_from_settings_file(apps, schema_editor): + + if hasattr(settings, 'SLA_NOTIFY_ACTIVE'): + system_settings_model = apps.get_model('dojo', 'System_Settings') + logger.info('Migrating value from SLA_NOTIFY_ACTIVE into system settings model') + try: + system_setting = system_settings_model.objects.get() + system_setting.enable_notify_sla_active = settings.SLA_NOTIFY_ACTIVE + system_setting.save() + except: + # for a clean installation there is no system_settings record, so just ignore it + pass + + if hasattr(settings, 'SLA_NOTIFY_ACTIVE_VERIFIED_ONLY'): + system_settings_model = apps.get_model('dojo', 'System_Settings') + logger.info('Migrating value from SLA_NOTIFY_ACTIVE_VERIFIED_ONLY into system settings model') + try: + system_setting = system_settings_model.objects.get() + system_setting.enable_notify_sla_active_verified = settings.SLA_NOTIFY_ACTIVE_VERIFIED_ONLY + system_setting.save() + except: + # for a clean installation there is no system_settings record, so just ignore it + pass + + if hasattr(settings, 'SLA_NOTIFY_WITH_JIRA_ONLY'): + system_settings_model = apps.get_model('dojo', 'System_Settings') + logger.info('Migrating value from SLA_NOTIFY_WITH_JIRA_ONLY into system settings model') + try: + system_setting = system_settings_model.objects.get() + system_setting.enable_notify_sla_jira_only = settings.SLA_NOTIFY_WITH_JIRA_ONLY + system_setting.save() + except: + # for a clean installation there is no system_settings record, so just ignore it + pass + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0174_jira_project_default_assignee'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='enable_notify_sla_active', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for active Findings.", verbose_name="Enable Notifiy SLA's Breach for active Findings"), + ), + migrations.AddField( + model_name='system_settings', + name='enable_notify_sla_active_verified', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for active, verified Findings.", verbose_name="Enable Notifiy SLA's Breach for active, verified Findings"), + ), + migrations.AddField( + model_name='system_settings', + name='enable_notify_sla_jira_only', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for Findings that are linked to JIRA issues.", verbose_name="Enable Notifiy SLA's Breach for Findings linked to JIRA"), + ), + migrations.RunPython(migrate_notify_sla_from_settings_file), + ] diff --git a/dojo/db_migrations/0176_custom_password_requirements.py b/dojo/db_migrations/0176_custom_password_requirements.py new file mode 100644 index 00000000000..112f751a174 --- /dev/null +++ b/dojo/db_migrations/0176_custom_password_requirements.py @@ -0,0 +1,43 @@ +# Generated by Django 3.2.16 on 2022-11-27 21:33 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0175_system_settings_enable_notify_sla'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='lowercase_character_required', + field=models.BooleanField(default=True, help_text='Requires user passwords to contain at least one lowercase letter (a-z).', verbose_name='Password must contain one lowercase letter'), + ), + migrations.AddField( + model_name='system_settings', + name='maximum_password_length', + field=models.IntegerField(default=48, help_text='Requires user to set passwords less than maximum length.', verbose_name='Maximum password length'), + ), + migrations.AddField( + model_name='system_settings', + name='minimum_password_length', + field=models.IntegerField(default=9, help_text='Requires user to set passwords greater than minimum length.', verbose_name='Minimum password length'), + ), + migrations.AddField( + model_name='system_settings', + name='number_character_required', + field=models.BooleanField(default=True, help_text='Requires user passwords to contain at least one digit (0-9).', verbose_name='Password must contain one digit'), + ), + migrations.AddField( + model_name='system_settings', + name='special_character_required', + field=models.BooleanField(default=True, help_text='Requires user passwords to contain at least one special character (()[]{}|\\`~!@#$%^&*_-+=;:\'",<>./?).', verbose_name='Password must contain one special character'), + ), + migrations.AddField( + model_name='system_settings', + name='uppercase_character_required', + field=models.BooleanField(default=True, help_text='Requires user passwords to contain at least one uppercase letter (A-Z).', verbose_name='Password must contain one uppercase letter'), + ), + ] diff --git a/dojo/db_migrations/0177_alter_system_settings_time_zone.py b/dojo/db_migrations/0177_alter_system_settings_time_zone.py new file mode 100644 index 00000000000..9b50ff804b3 --- /dev/null +++ b/dojo/db_migrations/0177_alter_system_settings_time_zone.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.16 on 2022-12-20 04:39 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0176_custom_password_requirements'), + ] + + operations = [ + migrations.AlterField( + model_name='system_settings', + name='time_zone', + field=models.CharField(choices=[('Africa/Abidjan', 'Africa/Abidjan'), ('Africa/Accra', 'Africa/Accra'), ('Africa/Addis_Ababa', 'Africa/Addis_Ababa'), ('Africa/Algiers', 'Africa/Algiers'), ('Africa/Asmara', 'Africa/Asmara'), ('Africa/Asmera', 'Africa/Asmera'), ('Africa/Bamako', 'Africa/Bamako'), ('Africa/Bangui', 'Africa/Bangui'), ('Africa/Banjul', 'Africa/Banjul'), ('Africa/Bissau', 'Africa/Bissau'), ('Africa/Blantyre', 'Africa/Blantyre'), ('Africa/Brazzaville', 'Africa/Brazzaville'), ('Africa/Bujumbura', 'Africa/Bujumbura'), ('Africa/Cairo', 'Africa/Cairo'), ('Africa/Casablanca', 'Africa/Casablanca'), ('Africa/Ceuta', 'Africa/Ceuta'), ('Africa/Conakry', 'Africa/Conakry'), ('Africa/Dakar', 'Africa/Dakar'), ('Africa/Dar_es_Salaam', 'Africa/Dar_es_Salaam'), ('Africa/Djibouti', 'Africa/Djibouti'), ('Africa/Douala', 'Africa/Douala'), ('Africa/El_Aaiun', 'Africa/El_Aaiun'), ('Africa/Freetown', 'Africa/Freetown'), ('Africa/Gaborone', 'Africa/Gaborone'), ('Africa/Harare', 'Africa/Harare'), ('Africa/Johannesburg', 'Africa/Johannesburg'), ('Africa/Juba', 'Africa/Juba'), ('Africa/Kampala', 'Africa/Kampala'), ('Africa/Khartoum', 'Africa/Khartoum'), ('Africa/Kigali', 'Africa/Kigali'), ('Africa/Kinshasa', 'Africa/Kinshasa'), ('Africa/Lagos', 'Africa/Lagos'), ('Africa/Libreville', 'Africa/Libreville'), ('Africa/Lome', 'Africa/Lome'), ('Africa/Luanda', 'Africa/Luanda'), ('Africa/Lubumbashi', 'Africa/Lubumbashi'), ('Africa/Lusaka', 'Africa/Lusaka'), ('Africa/Malabo', 'Africa/Malabo'), ('Africa/Maputo', 'Africa/Maputo'), ('Africa/Maseru', 'Africa/Maseru'), ('Africa/Mbabane', 'Africa/Mbabane'), ('Africa/Mogadishu', 'Africa/Mogadishu'), ('Africa/Monrovia', 'Africa/Monrovia'), ('Africa/Nairobi', 'Africa/Nairobi'), ('Africa/Ndjamena', 'Africa/Ndjamena'), ('Africa/Niamey', 'Africa/Niamey'), ('Africa/Nouakchott', 'Africa/Nouakchott'), ('Africa/Ouagadougou', 'Africa/Ouagadougou'), ('Africa/Porto-Novo', 'Africa/Porto-Novo'), ('Africa/Sao_Tome', 'Africa/Sao_Tome'), ('Africa/Timbuktu', 'Africa/Timbuktu'), ('Africa/Tripoli', 'Africa/Tripoli'), ('Africa/Tunis', 'Africa/Tunis'), ('Africa/Windhoek', 'Africa/Windhoek'), ('America/Adak', 'America/Adak'), ('America/Anchorage', 'America/Anchorage'), ('America/Anguilla', 'America/Anguilla'), ('America/Antigua', 'America/Antigua'), ('America/Araguaina', 'America/Araguaina'), ('America/Argentina/Buenos_Aires', 'America/Argentina/Buenos_Aires'), ('America/Argentina/Catamarca', 'America/Argentina/Catamarca'), ('America/Argentina/ComodRivadavia', 'America/Argentina/ComodRivadavia'), ('America/Argentina/Cordoba', 'America/Argentina/Cordoba'), ('America/Argentina/Jujuy', 'America/Argentina/Jujuy'), ('America/Argentina/La_Rioja', 'America/Argentina/La_Rioja'), ('America/Argentina/Mendoza', 'America/Argentina/Mendoza'), ('America/Argentina/Rio_Gallegos', 'America/Argentina/Rio_Gallegos'), ('America/Argentina/Salta', 'America/Argentina/Salta'), ('America/Argentina/San_Juan', 'America/Argentina/San_Juan'), ('America/Argentina/San_Luis', 'America/Argentina/San_Luis'), ('America/Argentina/Tucuman', 'America/Argentina/Tucuman'), ('America/Argentina/Ushuaia', 'America/Argentina/Ushuaia'), ('America/Aruba', 'America/Aruba'), ('America/Asuncion', 'America/Asuncion'), ('America/Atikokan', 'America/Atikokan'), ('America/Atka', 'America/Atka'), ('America/Bahia', 'America/Bahia'), ('America/Bahia_Banderas', 'America/Bahia_Banderas'), ('America/Barbados', 'America/Barbados'), ('America/Belem', 'America/Belem'), ('America/Belize', 'America/Belize'), ('America/Blanc-Sablon', 'America/Blanc-Sablon'), ('America/Boa_Vista', 'America/Boa_Vista'), ('America/Bogota', 'America/Bogota'), ('America/Boise', 'America/Boise'), ('America/Buenos_Aires', 'America/Buenos_Aires'), ('America/Cambridge_Bay', 'America/Cambridge_Bay'), ('America/Campo_Grande', 'America/Campo_Grande'), ('America/Cancun', 'America/Cancun'), ('America/Caracas', 'America/Caracas'), ('America/Catamarca', 'America/Catamarca'), ('America/Cayenne', 'America/Cayenne'), ('America/Cayman', 'America/Cayman'), ('America/Chicago', 'America/Chicago'), ('America/Chihuahua', 'America/Chihuahua'), ('America/Ciudad_Juarez', 'America/Ciudad_Juarez'), ('America/Coral_Harbour', 'America/Coral_Harbour'), ('America/Cordoba', 'America/Cordoba'), ('America/Costa_Rica', 'America/Costa_Rica'), ('America/Creston', 'America/Creston'), ('America/Cuiaba', 'America/Cuiaba'), ('America/Curacao', 'America/Curacao'), ('America/Danmarkshavn', 'America/Danmarkshavn'), ('America/Dawson', 'America/Dawson'), ('America/Dawson_Creek', 'America/Dawson_Creek'), ('America/Denver', 'America/Denver'), ('America/Detroit', 'America/Detroit'), ('America/Dominica', 'America/Dominica'), ('America/Edmonton', 'America/Edmonton'), ('America/Eirunepe', 'America/Eirunepe'), ('America/El_Salvador', 'America/El_Salvador'), ('America/Ensenada', 'America/Ensenada'), ('America/Fort_Nelson', 'America/Fort_Nelson'), ('America/Fort_Wayne', 'America/Fort_Wayne'), ('America/Fortaleza', 'America/Fortaleza'), ('America/Glace_Bay', 'America/Glace_Bay'), ('America/Godthab', 'America/Godthab'), ('America/Goose_Bay', 'America/Goose_Bay'), ('America/Grand_Turk', 'America/Grand_Turk'), ('America/Grenada', 'America/Grenada'), ('America/Guadeloupe', 'America/Guadeloupe'), ('America/Guatemala', 'America/Guatemala'), ('America/Guayaquil', 'America/Guayaquil'), ('America/Guyana', 'America/Guyana'), ('America/Halifax', 'America/Halifax'), ('America/Havana', 'America/Havana'), ('America/Hermosillo', 'America/Hermosillo'), ('America/Indiana/Indianapolis', 'America/Indiana/Indianapolis'), ('America/Indiana/Knox', 'America/Indiana/Knox'), ('America/Indiana/Marengo', 'America/Indiana/Marengo'), ('America/Indiana/Petersburg', 'America/Indiana/Petersburg'), ('America/Indiana/Tell_City', 'America/Indiana/Tell_City'), ('America/Indiana/Vevay', 'America/Indiana/Vevay'), ('America/Indiana/Vincennes', 'America/Indiana/Vincennes'), ('America/Indiana/Winamac', 'America/Indiana/Winamac'), ('America/Indianapolis', 'America/Indianapolis'), ('America/Inuvik', 'America/Inuvik'), ('America/Iqaluit', 'America/Iqaluit'), ('America/Jamaica', 'America/Jamaica'), ('America/Jujuy', 'America/Jujuy'), ('America/Juneau', 'America/Juneau'), ('America/Kentucky/Louisville', 'America/Kentucky/Louisville'), ('America/Kentucky/Monticello', 'America/Kentucky/Monticello'), ('America/Knox_IN', 'America/Knox_IN'), ('America/Kralendijk', 'America/Kralendijk'), ('America/La_Paz', 'America/La_Paz'), ('America/Lima', 'America/Lima'), ('America/Los_Angeles', 'America/Los_Angeles'), ('America/Louisville', 'America/Louisville'), ('America/Lower_Princes', 'America/Lower_Princes'), ('America/Maceio', 'America/Maceio'), ('America/Managua', 'America/Managua'), ('America/Manaus', 'America/Manaus'), ('America/Marigot', 'America/Marigot'), ('America/Martinique', 'America/Martinique'), ('America/Matamoros', 'America/Matamoros'), ('America/Mazatlan', 'America/Mazatlan'), ('America/Mendoza', 'America/Mendoza'), ('America/Menominee', 'America/Menominee'), ('America/Merida', 'America/Merida'), ('America/Metlakatla', 'America/Metlakatla'), ('America/Mexico_City', 'America/Mexico_City'), ('America/Miquelon', 'America/Miquelon'), ('America/Moncton', 'America/Moncton'), ('America/Monterrey', 'America/Monterrey'), ('America/Montevideo', 'America/Montevideo'), ('America/Montreal', 'America/Montreal'), ('America/Montserrat', 'America/Montserrat'), ('America/Nassau', 'America/Nassau'), ('America/New_York', 'America/New_York'), ('America/Nipigon', 'America/Nipigon'), ('America/Nome', 'America/Nome'), ('America/Noronha', 'America/Noronha'), ('America/North_Dakota/Beulah', 'America/North_Dakota/Beulah'), ('America/North_Dakota/Center', 'America/North_Dakota/Center'), ('America/North_Dakota/New_Salem', 'America/North_Dakota/New_Salem'), ('America/Nuuk', 'America/Nuuk'), ('America/Ojinaga', 'America/Ojinaga'), ('America/Panama', 'America/Panama'), ('America/Pangnirtung', 'America/Pangnirtung'), ('America/Paramaribo', 'America/Paramaribo'), ('America/Phoenix', 'America/Phoenix'), ('America/Port-au-Prince', 'America/Port-au-Prince'), ('America/Port_of_Spain', 'America/Port_of_Spain'), ('America/Porto_Acre', 'America/Porto_Acre'), ('America/Porto_Velho', 'America/Porto_Velho'), ('America/Puerto_Rico', 'America/Puerto_Rico'), ('America/Punta_Arenas', 'America/Punta_Arenas'), ('America/Rainy_River', 'America/Rainy_River'), ('America/Rankin_Inlet', 'America/Rankin_Inlet'), ('America/Recife', 'America/Recife'), ('America/Regina', 'America/Regina'), ('America/Resolute', 'America/Resolute'), ('America/Rio_Branco', 'America/Rio_Branco'), ('America/Rosario', 'America/Rosario'), ('America/Santa_Isabel', 'America/Santa_Isabel'), ('America/Santarem', 'America/Santarem'), ('America/Santiago', 'America/Santiago'), ('America/Santo_Domingo', 'America/Santo_Domingo'), ('America/Sao_Paulo', 'America/Sao_Paulo'), ('America/Scoresbysund', 'America/Scoresbysund'), ('America/Shiprock', 'America/Shiprock'), ('America/Sitka', 'America/Sitka'), ('America/St_Barthelemy', 'America/St_Barthelemy'), ('America/St_Johns', 'America/St_Johns'), ('America/St_Kitts', 'America/St_Kitts'), ('America/St_Lucia', 'America/St_Lucia'), ('America/St_Thomas', 'America/St_Thomas'), ('America/St_Vincent', 'America/St_Vincent'), ('America/Swift_Current', 'America/Swift_Current'), ('America/Tegucigalpa', 'America/Tegucigalpa'), ('America/Thule', 'America/Thule'), ('America/Thunder_Bay', 'America/Thunder_Bay'), ('America/Tijuana', 'America/Tijuana'), ('America/Toronto', 'America/Toronto'), ('America/Tortola', 'America/Tortola'), ('America/Vancouver', 'America/Vancouver'), ('America/Virgin', 'America/Virgin'), ('America/Whitehorse', 'America/Whitehorse'), ('America/Winnipeg', 'America/Winnipeg'), ('America/Yakutat', 'America/Yakutat'), ('America/Yellowknife', 'America/Yellowknife'), ('Antarctica/Casey', 'Antarctica/Casey'), ('Antarctica/Davis', 'Antarctica/Davis'), ('Antarctica/DumontDUrville', 'Antarctica/DumontDUrville'), ('Antarctica/Macquarie', 'Antarctica/Macquarie'), ('Antarctica/Mawson', 'Antarctica/Mawson'), ('Antarctica/McMurdo', 'Antarctica/McMurdo'), ('Antarctica/Palmer', 'Antarctica/Palmer'), ('Antarctica/Rothera', 'Antarctica/Rothera'), ('Antarctica/South_Pole', 'Antarctica/South_Pole'), ('Antarctica/Syowa', 'Antarctica/Syowa'), ('Antarctica/Troll', 'Antarctica/Troll'), ('Antarctica/Vostok', 'Antarctica/Vostok'), ('Arctic/Longyearbyen', 'Arctic/Longyearbyen'), ('Asia/Aden', 'Asia/Aden'), ('Asia/Almaty', 'Asia/Almaty'), ('Asia/Amman', 'Asia/Amman'), ('Asia/Anadyr', 'Asia/Anadyr'), ('Asia/Aqtau', 'Asia/Aqtau'), ('Asia/Aqtobe', 'Asia/Aqtobe'), ('Asia/Ashgabat', 'Asia/Ashgabat'), ('Asia/Ashkhabad', 'Asia/Ashkhabad'), ('Asia/Atyrau', 'Asia/Atyrau'), ('Asia/Baghdad', 'Asia/Baghdad'), ('Asia/Bahrain', 'Asia/Bahrain'), ('Asia/Baku', 'Asia/Baku'), ('Asia/Bangkok', 'Asia/Bangkok'), ('Asia/Barnaul', 'Asia/Barnaul'), ('Asia/Beirut', 'Asia/Beirut'), ('Asia/Bishkek', 'Asia/Bishkek'), ('Asia/Brunei', 'Asia/Brunei'), ('Asia/Calcutta', 'Asia/Calcutta'), ('Asia/Chita', 'Asia/Chita'), ('Asia/Choibalsan', 'Asia/Choibalsan'), ('Asia/Chongqing', 'Asia/Chongqing'), ('Asia/Chungking', 'Asia/Chungking'), ('Asia/Colombo', 'Asia/Colombo'), ('Asia/Dacca', 'Asia/Dacca'), ('Asia/Damascus', 'Asia/Damascus'), ('Asia/Dhaka', 'Asia/Dhaka'), ('Asia/Dili', 'Asia/Dili'), ('Asia/Dubai', 'Asia/Dubai'), ('Asia/Dushanbe', 'Asia/Dushanbe'), ('Asia/Famagusta', 'Asia/Famagusta'), ('Asia/Gaza', 'Asia/Gaza'), ('Asia/Harbin', 'Asia/Harbin'), ('Asia/Hebron', 'Asia/Hebron'), ('Asia/Ho_Chi_Minh', 'Asia/Ho_Chi_Minh'), ('Asia/Hong_Kong', 'Asia/Hong_Kong'), ('Asia/Hovd', 'Asia/Hovd'), ('Asia/Irkutsk', 'Asia/Irkutsk'), ('Asia/Istanbul', 'Asia/Istanbul'), ('Asia/Jakarta', 'Asia/Jakarta'), ('Asia/Jayapura', 'Asia/Jayapura'), ('Asia/Jerusalem', 'Asia/Jerusalem'), ('Asia/Kabul', 'Asia/Kabul'), ('Asia/Kamchatka', 'Asia/Kamchatka'), ('Asia/Karachi', 'Asia/Karachi'), ('Asia/Kashgar', 'Asia/Kashgar'), ('Asia/Kathmandu', 'Asia/Kathmandu'), ('Asia/Katmandu', 'Asia/Katmandu'), ('Asia/Khandyga', 'Asia/Khandyga'), ('Asia/Kolkata', 'Asia/Kolkata'), ('Asia/Krasnoyarsk', 'Asia/Krasnoyarsk'), ('Asia/Kuala_Lumpur', 'Asia/Kuala_Lumpur'), ('Asia/Kuching', 'Asia/Kuching'), ('Asia/Kuwait', 'Asia/Kuwait'), ('Asia/Macao', 'Asia/Macao'), ('Asia/Macau', 'Asia/Macau'), ('Asia/Magadan', 'Asia/Magadan'), ('Asia/Makassar', 'Asia/Makassar'), ('Asia/Manila', 'Asia/Manila'), ('Asia/Muscat', 'Asia/Muscat'), ('Asia/Nicosia', 'Asia/Nicosia'), ('Asia/Novokuznetsk', 'Asia/Novokuznetsk'), ('Asia/Novosibirsk', 'Asia/Novosibirsk'), ('Asia/Omsk', 'Asia/Omsk'), ('Asia/Oral', 'Asia/Oral'), ('Asia/Phnom_Penh', 'Asia/Phnom_Penh'), ('Asia/Pontianak', 'Asia/Pontianak'), ('Asia/Pyongyang', 'Asia/Pyongyang'), ('Asia/Qatar', 'Asia/Qatar'), ('Asia/Qostanay', 'Asia/Qostanay'), ('Asia/Qyzylorda', 'Asia/Qyzylorda'), ('Asia/Rangoon', 'Asia/Rangoon'), ('Asia/Riyadh', 'Asia/Riyadh'), ('Asia/Saigon', 'Asia/Saigon'), ('Asia/Sakhalin', 'Asia/Sakhalin'), ('Asia/Samarkand', 'Asia/Samarkand'), ('Asia/Seoul', 'Asia/Seoul'), ('Asia/Shanghai', 'Asia/Shanghai'), ('Asia/Singapore', 'Asia/Singapore'), ('Asia/Srednekolymsk', 'Asia/Srednekolymsk'), ('Asia/Taipei', 'Asia/Taipei'), ('Asia/Tashkent', 'Asia/Tashkent'), ('Asia/Tbilisi', 'Asia/Tbilisi'), ('Asia/Tehran', 'Asia/Tehran'), ('Asia/Tel_Aviv', 'Asia/Tel_Aviv'), ('Asia/Thimbu', 'Asia/Thimbu'), ('Asia/Thimphu', 'Asia/Thimphu'), ('Asia/Tokyo', 'Asia/Tokyo'), ('Asia/Tomsk', 'Asia/Tomsk'), ('Asia/Ujung_Pandang', 'Asia/Ujung_Pandang'), ('Asia/Ulaanbaatar', 'Asia/Ulaanbaatar'), ('Asia/Ulan_Bator', 'Asia/Ulan_Bator'), ('Asia/Urumqi', 'Asia/Urumqi'), ('Asia/Ust-Nera', 'Asia/Ust-Nera'), ('Asia/Vientiane', 'Asia/Vientiane'), ('Asia/Vladivostok', 'Asia/Vladivostok'), ('Asia/Yakutsk', 'Asia/Yakutsk'), ('Asia/Yangon', 'Asia/Yangon'), ('Asia/Yekaterinburg', 'Asia/Yekaterinburg'), ('Asia/Yerevan', 'Asia/Yerevan'), ('Atlantic/Azores', 'Atlantic/Azores'), ('Atlantic/Bermuda', 'Atlantic/Bermuda'), ('Atlantic/Canary', 'Atlantic/Canary'), ('Atlantic/Cape_Verde', 'Atlantic/Cape_Verde'), ('Atlantic/Faeroe', 'Atlantic/Faeroe'), ('Atlantic/Faroe', 'Atlantic/Faroe'), ('Atlantic/Jan_Mayen', 'Atlantic/Jan_Mayen'), ('Atlantic/Madeira', 'Atlantic/Madeira'), ('Atlantic/Reykjavik', 'Atlantic/Reykjavik'), ('Atlantic/South_Georgia', 'Atlantic/South_Georgia'), ('Atlantic/St_Helena', 'Atlantic/St_Helena'), ('Atlantic/Stanley', 'Atlantic/Stanley'), ('Australia/ACT', 'Australia/ACT'), ('Australia/Adelaide', 'Australia/Adelaide'), ('Australia/Brisbane', 'Australia/Brisbane'), ('Australia/Broken_Hill', 'Australia/Broken_Hill'), ('Australia/Canberra', 'Australia/Canberra'), ('Australia/Currie', 'Australia/Currie'), ('Australia/Darwin', 'Australia/Darwin'), ('Australia/Eucla', 'Australia/Eucla'), ('Australia/Hobart', 'Australia/Hobart'), ('Australia/LHI', 'Australia/LHI'), ('Australia/Lindeman', 'Australia/Lindeman'), ('Australia/Lord_Howe', 'Australia/Lord_Howe'), ('Australia/Melbourne', 'Australia/Melbourne'), ('Australia/NSW', 'Australia/NSW'), ('Australia/North', 'Australia/North'), ('Australia/Perth', 'Australia/Perth'), ('Australia/Queensland', 'Australia/Queensland'), ('Australia/South', 'Australia/South'), ('Australia/Sydney', 'Australia/Sydney'), ('Australia/Tasmania', 'Australia/Tasmania'), ('Australia/Victoria', 'Australia/Victoria'), ('Australia/West', 'Australia/West'), ('Australia/Yancowinna', 'Australia/Yancowinna'), ('Brazil/Acre', 'Brazil/Acre'), ('Brazil/DeNoronha', 'Brazil/DeNoronha'), ('Brazil/East', 'Brazil/East'), ('Brazil/West', 'Brazil/West'), ('CET', 'CET'), ('CST6CDT', 'CST6CDT'), ('Canada/Atlantic', 'Canada/Atlantic'), ('Canada/Central', 'Canada/Central'), ('Canada/Eastern', 'Canada/Eastern'), ('Canada/Mountain', 'Canada/Mountain'), ('Canada/Newfoundland', 'Canada/Newfoundland'), ('Canada/Pacific', 'Canada/Pacific'), ('Canada/Saskatchewan', 'Canada/Saskatchewan'), ('Canada/Yukon', 'Canada/Yukon'), ('Chile/Continental', 'Chile/Continental'), ('Chile/EasterIsland', 'Chile/EasterIsland'), ('Cuba', 'Cuba'), ('EET', 'EET'), ('EST', 'EST'), ('EST5EDT', 'EST5EDT'), ('Egypt', 'Egypt'), ('Eire', 'Eire'), ('Etc/GMT', 'Etc/GMT'), ('Etc/GMT+0', 'Etc/GMT+0'), ('Etc/GMT+1', 'Etc/GMT+1'), ('Etc/GMT+10', 'Etc/GMT+10'), ('Etc/GMT+11', 'Etc/GMT+11'), ('Etc/GMT+12', 'Etc/GMT+12'), ('Etc/GMT+2', 'Etc/GMT+2'), ('Etc/GMT+3', 'Etc/GMT+3'), ('Etc/GMT+4', 'Etc/GMT+4'), ('Etc/GMT+5', 'Etc/GMT+5'), ('Etc/GMT+6', 'Etc/GMT+6'), ('Etc/GMT+7', 'Etc/GMT+7'), ('Etc/GMT+8', 'Etc/GMT+8'), ('Etc/GMT+9', 'Etc/GMT+9'), ('Etc/GMT-0', 'Etc/GMT-0'), ('Etc/GMT-1', 'Etc/GMT-1'), ('Etc/GMT-10', 'Etc/GMT-10'), ('Etc/GMT-11', 'Etc/GMT-11'), ('Etc/GMT-12', 'Etc/GMT-12'), ('Etc/GMT-13', 'Etc/GMT-13'), ('Etc/GMT-14', 'Etc/GMT-14'), ('Etc/GMT-2', 'Etc/GMT-2'), ('Etc/GMT-3', 'Etc/GMT-3'), ('Etc/GMT-4', 'Etc/GMT-4'), ('Etc/GMT-5', 'Etc/GMT-5'), ('Etc/GMT-6', 'Etc/GMT-6'), ('Etc/GMT-7', 'Etc/GMT-7'), ('Etc/GMT-8', 'Etc/GMT-8'), ('Etc/GMT-9', 'Etc/GMT-9'), ('Etc/GMT0', 'Etc/GMT0'), ('Etc/Greenwich', 'Etc/Greenwich'), ('Etc/UCT', 'Etc/UCT'), ('Etc/UTC', 'Etc/UTC'), ('Etc/Universal', 'Etc/Universal'), ('Etc/Zulu', 'Etc/Zulu'), ('Europe/Amsterdam', 'Europe/Amsterdam'), ('Europe/Andorra', 'Europe/Andorra'), ('Europe/Astrakhan', 'Europe/Astrakhan'), ('Europe/Athens', 'Europe/Athens'), ('Europe/Belfast', 'Europe/Belfast'), ('Europe/Belgrade', 'Europe/Belgrade'), ('Europe/Berlin', 'Europe/Berlin'), ('Europe/Bratislava', 'Europe/Bratislava'), ('Europe/Brussels', 'Europe/Brussels'), ('Europe/Bucharest', 'Europe/Bucharest'), ('Europe/Budapest', 'Europe/Budapest'), ('Europe/Busingen', 'Europe/Busingen'), ('Europe/Chisinau', 'Europe/Chisinau'), ('Europe/Copenhagen', 'Europe/Copenhagen'), ('Europe/Dublin', 'Europe/Dublin'), ('Europe/Gibraltar', 'Europe/Gibraltar'), ('Europe/Guernsey', 'Europe/Guernsey'), ('Europe/Helsinki', 'Europe/Helsinki'), ('Europe/Isle_of_Man', 'Europe/Isle_of_Man'), ('Europe/Istanbul', 'Europe/Istanbul'), ('Europe/Jersey', 'Europe/Jersey'), ('Europe/Kaliningrad', 'Europe/Kaliningrad'), ('Europe/Kiev', 'Europe/Kiev'), ('Europe/Kirov', 'Europe/Kirov'), ('Europe/Kyiv', 'Europe/Kyiv'), ('Europe/Lisbon', 'Europe/Lisbon'), ('Europe/Ljubljana', 'Europe/Ljubljana'), ('Europe/London', 'Europe/London'), ('Europe/Luxembourg', 'Europe/Luxembourg'), ('Europe/Madrid', 'Europe/Madrid'), ('Europe/Malta', 'Europe/Malta'), ('Europe/Mariehamn', 'Europe/Mariehamn'), ('Europe/Minsk', 'Europe/Minsk'), ('Europe/Monaco', 'Europe/Monaco'), ('Europe/Moscow', 'Europe/Moscow'), ('Europe/Nicosia', 'Europe/Nicosia'), ('Europe/Oslo', 'Europe/Oslo'), ('Europe/Paris', 'Europe/Paris'), ('Europe/Podgorica', 'Europe/Podgorica'), ('Europe/Prague', 'Europe/Prague'), ('Europe/Riga', 'Europe/Riga'), ('Europe/Rome', 'Europe/Rome'), ('Europe/Samara', 'Europe/Samara'), ('Europe/San_Marino', 'Europe/San_Marino'), ('Europe/Sarajevo', 'Europe/Sarajevo'), ('Europe/Saratov', 'Europe/Saratov'), ('Europe/Simferopol', 'Europe/Simferopol'), ('Europe/Skopje', 'Europe/Skopje'), ('Europe/Sofia', 'Europe/Sofia'), ('Europe/Stockholm', 'Europe/Stockholm'), ('Europe/Tallinn', 'Europe/Tallinn'), ('Europe/Tirane', 'Europe/Tirane'), ('Europe/Tiraspol', 'Europe/Tiraspol'), ('Europe/Ulyanovsk', 'Europe/Ulyanovsk'), ('Europe/Uzhgorod', 'Europe/Uzhgorod'), ('Europe/Vaduz', 'Europe/Vaduz'), ('Europe/Vatican', 'Europe/Vatican'), ('Europe/Vienna', 'Europe/Vienna'), ('Europe/Vilnius', 'Europe/Vilnius'), ('Europe/Volgograd', 'Europe/Volgograd'), ('Europe/Warsaw', 'Europe/Warsaw'), ('Europe/Zagreb', 'Europe/Zagreb'), ('Europe/Zaporozhye', 'Europe/Zaporozhye'), ('Europe/Zurich', 'Europe/Zurich'), ('GB', 'GB'), ('GB-Eire', 'GB-Eire'), ('GMT', 'GMT'), ('GMT+0', 'GMT+0'), ('GMT-0', 'GMT-0'), ('GMT0', 'GMT0'), ('Greenwich', 'Greenwich'), ('HST', 'HST'), ('Hongkong', 'Hongkong'), ('Iceland', 'Iceland'), ('Indian/Antananarivo', 'Indian/Antananarivo'), ('Indian/Chagos', 'Indian/Chagos'), ('Indian/Christmas', 'Indian/Christmas'), ('Indian/Cocos', 'Indian/Cocos'), ('Indian/Comoro', 'Indian/Comoro'), ('Indian/Kerguelen', 'Indian/Kerguelen'), ('Indian/Mahe', 'Indian/Mahe'), ('Indian/Maldives', 'Indian/Maldives'), ('Indian/Mauritius', 'Indian/Mauritius'), ('Indian/Mayotte', 'Indian/Mayotte'), ('Indian/Reunion', 'Indian/Reunion'), ('Iran', 'Iran'), ('Israel', 'Israel'), ('Jamaica', 'Jamaica'), ('Japan', 'Japan'), ('Kwajalein', 'Kwajalein'), ('Libya', 'Libya'), ('MET', 'MET'), ('MST', 'MST'), ('MST7MDT', 'MST7MDT'), ('Mexico/BajaNorte', 'Mexico/BajaNorte'), ('Mexico/BajaSur', 'Mexico/BajaSur'), ('Mexico/General', 'Mexico/General'), ('NZ', 'NZ'), ('NZ-CHAT', 'NZ-CHAT'), ('Navajo', 'Navajo'), ('PRC', 'PRC'), ('PST8PDT', 'PST8PDT'), ('Pacific/Apia', 'Pacific/Apia'), ('Pacific/Auckland', 'Pacific/Auckland'), ('Pacific/Bougainville', 'Pacific/Bougainville'), ('Pacific/Chatham', 'Pacific/Chatham'), ('Pacific/Chuuk', 'Pacific/Chuuk'), ('Pacific/Easter', 'Pacific/Easter'), ('Pacific/Efate', 'Pacific/Efate'), ('Pacific/Enderbury', 'Pacific/Enderbury'), ('Pacific/Fakaofo', 'Pacific/Fakaofo'), ('Pacific/Fiji', 'Pacific/Fiji'), ('Pacific/Funafuti', 'Pacific/Funafuti'), ('Pacific/Galapagos', 'Pacific/Galapagos'), ('Pacific/Gambier', 'Pacific/Gambier'), ('Pacific/Guadalcanal', 'Pacific/Guadalcanal'), ('Pacific/Guam', 'Pacific/Guam'), ('Pacific/Honolulu', 'Pacific/Honolulu'), ('Pacific/Johnston', 'Pacific/Johnston'), ('Pacific/Kanton', 'Pacific/Kanton'), ('Pacific/Kiritimati', 'Pacific/Kiritimati'), ('Pacific/Kosrae', 'Pacific/Kosrae'), ('Pacific/Kwajalein', 'Pacific/Kwajalein'), ('Pacific/Majuro', 'Pacific/Majuro'), ('Pacific/Marquesas', 'Pacific/Marquesas'), ('Pacific/Midway', 'Pacific/Midway'), ('Pacific/Nauru', 'Pacific/Nauru'), ('Pacific/Niue', 'Pacific/Niue'), ('Pacific/Norfolk', 'Pacific/Norfolk'), ('Pacific/Noumea', 'Pacific/Noumea'), ('Pacific/Pago_Pago', 'Pacific/Pago_Pago'), ('Pacific/Palau', 'Pacific/Palau'), ('Pacific/Pitcairn', 'Pacific/Pitcairn'), ('Pacific/Pohnpei', 'Pacific/Pohnpei'), ('Pacific/Ponape', 'Pacific/Ponape'), ('Pacific/Port_Moresby', 'Pacific/Port_Moresby'), ('Pacific/Rarotonga', 'Pacific/Rarotonga'), ('Pacific/Saipan', 'Pacific/Saipan'), ('Pacific/Samoa', 'Pacific/Samoa'), ('Pacific/Tahiti', 'Pacific/Tahiti'), ('Pacific/Tarawa', 'Pacific/Tarawa'), ('Pacific/Tongatapu', 'Pacific/Tongatapu'), ('Pacific/Truk', 'Pacific/Truk'), ('Pacific/Wake', 'Pacific/Wake'), ('Pacific/Wallis', 'Pacific/Wallis'), ('Pacific/Yap', 'Pacific/Yap'), ('Poland', 'Poland'), ('Portugal', 'Portugal'), ('ROC', 'ROC'), ('ROK', 'ROK'), ('Singapore', 'Singapore'), ('Turkey', 'Turkey'), ('UCT', 'UCT'), ('US/Alaska', 'US/Alaska'), ('US/Aleutian', 'US/Aleutian'), ('US/Arizona', 'US/Arizona'), ('US/Central', 'US/Central'), ('US/East-Indiana', 'US/East-Indiana'), ('US/Eastern', 'US/Eastern'), ('US/Hawaii', 'US/Hawaii'), ('US/Indiana-Starke', 'US/Indiana-Starke'), ('US/Michigan', 'US/Michigan'), ('US/Mountain', 'US/Mountain'), ('US/Pacific', 'US/Pacific'), ('US/Samoa', 'US/Samoa'), ('UTC', 'UTC'), ('Universal', 'Universal'), ('W-SU', 'W-SU'), ('WET', 'WET'), ('Zulu', 'Zulu')], default='UTC', max_length=50), + ), + ] diff --git a/dojo/db_migrations/0178_alter_answer_polymorphic_ctype_and_more.py b/dojo/db_migrations/0178_alter_answer_polymorphic_ctype_and_more.py new file mode 100644 index 00000000000..fbb9ca58b8e --- /dev/null +++ b/dojo/db_migrations/0178_alter_answer_polymorphic_ctype_and_more.py @@ -0,0 +1,30 @@ +# Generated by Django 4.1.5 on 2023-01-09 21:09 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('contenttypes', '0002_remove_content_type_name'), + ('dojo', '0177_alter_system_settings_time_zone'), + ] + + operations = [ + migrations.AlterField( + model_name='answer', + name='polymorphic_ctype', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_%(app_label)s.%(class)s_set+', to='contenttypes.contenttype'), + ), + migrations.AlterField( + model_name='question', + name='polymorphic_ctype', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_%(app_label)s.%(class)s_set+', to='contenttypes.contenttype'), + ), + migrations.AlterField( + model_name='rule', + name='child_rules', + field=models.ManyToManyField(editable=False, to='dojo.rule'), + ), + ] diff --git a/dojo/db_migrations/0179_alter_finding_verified.py b/dojo/db_migrations/0179_alter_finding_verified.py new file mode 100644 index 00000000000..cbd308373c3 --- /dev/null +++ b/dojo/db_migrations/0179_alter_finding_verified.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.5 on 2023-01-20 18:45 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0178_alter_answer_polymorphic_ctype_and_more'), + ] + + operations = [ + migrations.AlterField( + model_name='finding', + name='verified', + field=models.BooleanField(default=False, help_text='Denotes if this flaw has been manually verified by the tester.', verbose_name='Verified'), + ), + ] diff --git a/dojo/db_migrations/0180_announcement_userannouncement.py b/dojo/db_migrations/0180_announcement_userannouncement.py new file mode 100644 index 00000000000..858356b13b3 --- /dev/null +++ b/dojo/db_migrations/0180_announcement_userannouncement.py @@ -0,0 +1,31 @@ +# Generated by Django 4.1.5 on 2023-01-30 07:38 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0179_alter_finding_verified'), + ] + + operations = [ + migrations.CreateModel( + name='Announcement', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('message', models.CharField(default='', help_text="This dismissable message will be displayed on all pages for authenticated users. It can contain basic html tags, for example https://example.com", max_length=500)), + ('dismissable', models.BooleanField(blank=True, default=False, null=True)), + ('style', models.CharField(choices=[('info', 'Info'), ('success', 'Success'), ('warning', 'Warning'), ('danger', 'Danger')], default='info', help_text='The style of banner to display. (info, success, warning, danger)', max_length=64)), + ], + ), + migrations.CreateModel( + name='UserAnnouncement', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('announcement', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='user_announcement', to='dojo.announcement')), + ('user', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, to='dojo.dojo_user')), + ], + ), + ] diff --git a/dojo/db_migrations/0181_jira_instance_finding_jira_sync.py b/dojo/db_migrations/0181_jira_instance_finding_jira_sync.py new file mode 100644 index 00000000000..16e43ceaeea --- /dev/null +++ b/dojo/db_migrations/0181_jira_instance_finding_jira_sync.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.7 on 2023-03-02 12:09 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0180_announcement_userannouncement'), + ] + + operations = [ + migrations.AddField( + model_name='jira_instance', + name='finding_jira_sync', + field=models.BooleanField(default=False, help_text='If enabled, this will sync changes to a Finding automatically to JIRA', verbose_name='Automatically sync Findings with JIRA?'), + ), + ] diff --git a/dojo/db_migrations/0182_alter_jira_instance_default_issue_type.py b/dojo/db_migrations/0182_alter_jira_instance_default_issue_type.py new file mode 100644 index 00000000000..7260701ac89 --- /dev/null +++ b/dojo/db_migrations/0182_alter_jira_instance_default_issue_type.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.7 on 2023-03-06 11:38 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0181_jira_instance_finding_jira_sync'), + ] + + operations = [ + migrations.AlterField( + model_name='jira_instance', + name='default_issue_type', + field=models.CharField(choices=[('Task', 'Task'), ('Story', 'Story'), ('Epic', 'Epic'), ('Spike', 'Spike'), ('Bug', 'Bug'), ('Security', 'Security')], default='Bug', help_text='You can define extra issue types in settings.py', max_length=255), + ), + ] diff --git a/dojo/db_migrations/0183_system_settings_enable_notify_sla_exponential_backoff_and_more.py b/dojo/db_migrations/0183_system_settings_enable_notify_sla_exponential_backoff_and_more.py new file mode 100644 index 00000000000..4e1a33e2bd9 --- /dev/null +++ b/dojo/db_migrations/0183_system_settings_enable_notify_sla_exponential_backoff_and_more.py @@ -0,0 +1,33 @@ +# Generated by Django 4.1.7 on 2023-03-20 12:22 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0182_alter_jira_instance_default_issue_type'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='enable_notify_sla_exponential_backoff', + field=models.BooleanField(default=False, help_text='Enable an exponential backoff strategy for SLA breach notifications, e.g. 1, 2, 4, 8, etc. Otherwise it alerts every day', verbose_name='Enable an exponential backoff strategy for SLA breach notifications.'), + ), + migrations.AlterField( + model_name='system_settings', + name='enable_notify_sla_active', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for active Findings.", verbose_name="Enable Notify SLA's Breach for active Findings"), + ), + migrations.AlterField( + model_name='system_settings', + name='enable_notify_sla_active_verified', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for active, verified Findings.", verbose_name="Enable Notify SLA's Breach for active, verified Findings"), + ), + migrations.AlterField( + model_name='system_settings', + name='enable_notify_sla_jira_only', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for Findings that are linked to JIRA issues.", verbose_name="Enable Notify SLA's Breach for Findings linked to JIRA"), + ), + ] diff --git a/dojo/db_migrations/0184_remove_child_rule_parent_rule_delete_fieldrule_and_more.py b/dojo/db_migrations/0184_remove_child_rule_parent_rule_delete_fieldrule_and_more.py new file mode 100644 index 00000000000..57c3d651227 --- /dev/null +++ b/dojo/db_migrations/0184_remove_child_rule_parent_rule_delete_fieldrule_and_more.py @@ -0,0 +1,54 @@ +# Generated by Django 4.1.7 on 2023-03-27 15:16 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0183_system_settings_enable_notify_sla_exponential_backoff_and_more'), + ] + + operations = [ + migrations.RemoveField( + model_name='child_rule', + name='parent_rule', + ), + migrations.DeleteModel( + name='FieldRule', + ), + migrations.RemoveField( + model_name='rule', + name='child_rules', + ), + migrations.RemoveField( + model_name='rule', + name='parent_rule', + ), + migrations.RemoveField( + model_name='system_settings', + name='column_widths', + ), + migrations.RemoveField( + model_name='system_settings', + name='drive_folder_ID', + ), + migrations.RemoveField( + model_name='system_settings', + name='email_address', + ), + migrations.RemoveField( + model_name='system_settings', + name='enable_google_sheets', + ), + migrations.RemoveField( + model_name='system_settings', + name='enable_rules_framework', + ), + migrations.DeleteModel( + name='Child_Rule', + ), + migrations.DeleteModel( + name='Rule', + ), + ] diff --git a/dojo/db_migrations/0185_product_disable_sla_breach_notifications_and_more.py b/dojo/db_migrations/0185_product_disable_sla_breach_notifications_and_more.py new file mode 100644 index 00000000000..0cca3086753 --- /dev/null +++ b/dojo/db_migrations/0185_product_disable_sla_breach_notifications_and_more.py @@ -0,0 +1,23 @@ +# Generated by Django 4.1.7 on 2023-04-04 03:13 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0184_remove_child_rule_parent_rule_delete_fieldrule_and_more'), + ] + + operations = [ + migrations.AddField( + model_name='product', + name='disable_sla_breach_notifications', + field=models.BooleanField(default=False, help_text='Disable SLA breach notifications if configured in the global settings', verbose_name='Disable SLA breach notifications'), + ), + migrations.AlterField( + model_name='system_settings', + name='enable_notify_sla_jira_only', + field=models.BooleanField(default=False, help_text="Enables Notify when time to remediate according to Finding SLA's is breached for Findings that are linked to JIRA issues. Notification is disabled for Findings not linked to JIRA issues", verbose_name="Enable Notify SLA's Breach only for Findings linked to JIRA"), + ), + ] diff --git a/dojo/db_migrations/0186_system_settings_non_common_password_required.py b/dojo/db_migrations/0186_system_settings_non_common_password_required.py new file mode 100644 index 00000000000..d7df9f56bc9 --- /dev/null +++ b/dojo/db_migrations/0186_system_settings_non_common_password_required.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.7 on 2023-05-09 17:41 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0185_product_disable_sla_breach_notifications_and_more'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='non_common_password_required', + field=models.BooleanField(default=True, help_text='Requires user passwords to not be part of list of common passwords.', verbose_name='Password must not be common'), + ), + ] diff --git a/dojo/db_migrations/0187_nessus_to_tenable.py b/dojo/db_migrations/0187_nessus_to_tenable.py new file mode 100644 index 00000000000..d3c734c15a9 --- /dev/null +++ b/dojo/db_migrations/0187_nessus_to_tenable.py @@ -0,0 +1,59 @@ +from django.db import migrations +import logging + +logger = logging.getLogger(__name__) + + +NESSUS_REFERENCES = ['Nessus Scan', 'Nessus WAS Scan'] + + +# update the test type object as well as the scan type name +def update_test(test, tenable_test_type) -> None: + if test.test_type.name in NESSUS_REFERENCES or test.scan_type in NESSUS_REFERENCES: + test.test_type = tenable_test_type + test.scan_type = tenable_test_type.name + test.save() + + +# Update the found_by field to remove nessus/WAS and add tenable +def update_finding(finding, tenable_test_type, nessus_test_type, nessus_was_test_type) -> None: + # Check if nessus is in found by list and remove + if nessus_test_type in finding.found_by.all(): + finding.found_by.remove(nessus_test_type.id) + # Check if nessus WAS is in found by list and remove + if nessus_was_test_type in finding.found_by.all(): + finding.found_by.remove(nessus_was_test_type.id) + # Check if tenable is already in list somehow before adding it + if tenable_test_type not in finding.found_by.all(): + finding.found_by.add(tenable_test_type.id) + finding.save() + + +# Update all finding objects that came from nessus/WAS reports +def migrate_nessus_findings_to_tenable(apps, schema_editor): + finding_model = apps.get_model('dojo', 'Finding') + test_type_model = apps.get_model('dojo', 'Test_Type') + # Get or create Tenable Test Type and fetch the nessus and nessus WAS test types + tenable_test_type, _ = test_type_model.objects.get_or_create(name="Tenable Scan", active=True) + nessus_test_type = test_type_model.objects.filter(name="Nessus Scan").first() + nessus_was_test_type = test_type_model.objects.filter(name="Nessus WAS Scan").first() + # Get all the findings found by Nessus and Nessus WAS + findings = finding_model.objects.filter(test__scan_type__in=NESSUS_REFERENCES) + logger.warning(f'We identified {findings.count()} Nessus/NessusWAS findings to migrate to Tenable findings') + # Iterate over all findings and change + for finding in findings: + # Update the found by field + update_finding(finding, tenable_test_type, nessus_test_type, nessus_was_test_type) + # Update the test object + update_test(finding.test, tenable_test_type) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0186_system_settings_non_common_password_required'), + ] + + operations = [ + migrations.RunPython(migrate_nessus_findings_to_tenable), + ] diff --git a/dojo/db_migrations/0188_product_enable_product_tag_inheritance_and_more.py b/dojo/db_migrations/0188_product_enable_product_tag_inheritance_and_more.py new file mode 100644 index 00000000000..fc6f20f5fd8 --- /dev/null +++ b/dojo/db_migrations/0188_product_enable_product_tag_inheritance_and_more.py @@ -0,0 +1,109 @@ +# Generated by Django 4.1.7 on 2023-05-10 00:36 + +from django.db import migrations, models +import tagulous.models.fields +import tagulous.models.models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0187_nessus_to_tenable'), + ] + + operations = [ + migrations.AddField( + model_name='product', + name='enable_product_tag_inheritance', + field=models.BooleanField(default=False, help_text='Enables product tag inheritance. Any tags added on a product will automatically be added to all Engagements, Tests, and Findings', verbose_name='Enable Product Tag Inheritance'), + ), + migrations.AddField( + model_name='system_settings', + name='enable_product_tag_inheritance', + field=models.BooleanField(default=False, help_text='Enables product tag inheritance globally for all products. Any tags added on a product will automatically be added to all Engagements, Tests, and Findings', verbose_name='Enable Product Tag Inheritance'), + ), + migrations.CreateModel( + name='Tagulous_Test_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + 'unique_together': {('slug',)}, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='Tagulous_Finding_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + 'unique_together': {('slug',)}, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='Tagulous_Engagement_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + 'unique_together': {('slug',)}, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='Tagulous_Endpoint_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + 'unique_together': {('slug',)}, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.AddField( + model_name='endpoint', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_endpoint_inherited_tags'), + ), + migrations.AddField( + model_name='engagement', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_engagement_inherited_tags'), + ), + migrations.AddField( + model_name='finding', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_finding_inherited_tags'), + ), + migrations.AddField( + model_name='test', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_test_inherited_tags'), + ), + ] diff --git a/dojo/db_migrations/0189_finding_effort_and_remediation_for_fixing.py b/dojo/db_migrations/0189_finding_effort_and_remediation_for_fixing.py new file mode 100644 index 00000000000..34be4712e09 --- /dev/null +++ b/dojo/db_migrations/0189_finding_effort_and_remediation_for_fixing.py @@ -0,0 +1,23 @@ +# Generated by Django 4.1.5 on 2023-02-16 17:10 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0188_product_enable_product_tag_inheritance_and_more'), + ] + + operations = [ + migrations.AddField( + model_name='finding', + name='planned_remediation_version', + field=models.CharField(blank=True, help_text='The target version when the vulnerability should be fixed / remediated', max_length=99, null=True, verbose_name='Planned remediation version'), + ), + migrations.AddField( + model_name='finding', + name='effort_for_fixing', + field=models.CharField(blank=True, help_text='Effort for fixing / remediating the vulnerability (Low, Medium, High)', max_length=99, null=True, verbose_name='Effort for fixing'), + ), + ] diff --git a/dojo/db_migrations/0190_system_settings_experimental_fp_history.py b/dojo/db_migrations/0190_system_settings_experimental_fp_history.py new file mode 100644 index 00000000000..8ae1996217b --- /dev/null +++ b/dojo/db_migrations/0190_system_settings_experimental_fp_history.py @@ -0,0 +1,23 @@ +# Generated by Django 3.2.16 on 2022-11-09 04:35 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0189_finding_effort_and_remediation_for_fixing'), + ] + + operations = [ + migrations.AddField( + model_name='system_settings', + name='retroactive_false_positive_history', + field=models.BooleanField(default=False, help_text='(EXPERIMENTAL) FP History will also retroactively mark/unmark all existing equal findings in the same product as a false positives. Only works if the False Positive History feature is also enabled.'), + ), + migrations.AlterField( + model_name='system_settings', + name='false_positive_history', + field=models.BooleanField(default=False, help_text="(EXPERIMENTAL) DefectDojo will automatically mark the finding as a false positive if an equal finding (according to its dedupe algorithm) has been previously marked as a false positive on the same product. ATTENTION: Although the deduplication algorithm is used to determine if a finding should be marked as a false positive, this feature will not work if deduplication is enabled since it doesn't make sense to use both."), + ), + ] diff --git a/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py b/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py new file mode 100644 index 00000000000..f7526915166 --- /dev/null +++ b/dojo/db_migrations/0191_alter_notifications_risk_acceptance_expiration.py @@ -0,0 +1,19 @@ +# Generated by Django 4.1.11 on 2023-10-22 20:50 + +from django.db import migrations +import multiselectfield.db.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0190_system_settings_experimental_fp_history'), + ] + + operations = [ + migrations.AlterField( + model_name='notifications', + name='risk_acceptance_expiration', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='Get notified of (upcoming) Risk Acceptance expiries', max_length=24, verbose_name='Risk Acceptance Expiration'), + ), + ] diff --git a/dojo/db_migrations/0192_notifications_scan_added_empty.py b/dojo/db_migrations/0192_notifications_scan_added_empty.py new file mode 100644 index 00000000000..bd444af76c2 --- /dev/null +++ b/dojo/db_migrations/0192_notifications_scan_added_empty.py @@ -0,0 +1,19 @@ +# Generated by Django 4.1.11 on 2023-11-08 20:33 + +from django.db import migrations +import multiselectfield.db.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0191_alter_notifications_risk_acceptance_expiration'), + ] + + operations = [ + migrations.AddField( + model_name='notifications', + name='scan_added_empty', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=[], help_text='Triggered whenever an (re-)import has been done (even if that created/updated/closed no findings).', max_length=24), + ), + ] diff --git a/dojo/db_migrations/0193_remove_system_settings_enable_auditlog.py b/dojo/db_migrations/0193_remove_system_settings_enable_auditlog.py new file mode 100644 index 00000000000..c5c563be034 --- /dev/null +++ b/dojo/db_migrations/0193_remove_system_settings_enable_auditlog.py @@ -0,0 +1,17 @@ +# Generated by Django 4.1.11 on 2023-11-12 12:06 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0192_notifications_scan_added_empty'), + ] + + operations = [ + migrations.RemoveField( + model_name='system_settings', + name='enable_auditlog', + ), + ] diff --git a/dojo/db_migrations/0194_alter_finding_component_name.py b/dojo/db_migrations/0194_alter_finding_component_name.py new file mode 100644 index 00000000000..46be3d3bdc4 --- /dev/null +++ b/dojo/db_migrations/0194_alter_finding_component_name.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.13 on 2023-12-25 22:40 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0193_remove_system_settings_enable_auditlog'), + ] + + operations = [ + migrations.AlterField( + model_name='finding', + name='component_name', + field=models.CharField(blank=True, help_text='Name of the affected component (library name, part of a system, ...).', max_length=500, null=True, verbose_name='Component name'), + ), + ] diff --git a/dojo/db_migrations/0195_alter_announcement_dismissable.py b/dojo/db_migrations/0195_alter_announcement_dismissable.py new file mode 100644 index 00000000000..0896390bae2 --- /dev/null +++ b/dojo/db_migrations/0195_alter_announcement_dismissable.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.13 on 2023-12-05 12:53 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0194_alter_finding_component_name'), + ] + + operations = [ + migrations.AlterField( + model_name='announcement', + name='dismissable', + field=models.BooleanField(blank=True, default=False, help_text='Ticking this box allows users to dismiss the current announcement', verbose_name='Dismissable?'), + ), + ] diff --git a/dojo/db_migrations/0196_notifications_sla_breach_combined.py b/dojo/db_migrations/0196_notifications_sla_breach_combined.py new file mode 100644 index 00000000000..f37cf6fda3f --- /dev/null +++ b/dojo/db_migrations/0196_notifications_sla_breach_combined.py @@ -0,0 +1,19 @@ +# Generated by Django 4.1.10 on 2023-09-12 11:29 + +from django.db import migrations +import multiselectfield.db.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0195_alter_announcement_dismissable'), + ] + + operations = [ + migrations.AddField( + model_name='notifications', + name='sla_breach_combined', + field=multiselectfield.db.fields.MultiSelectField(blank=True, choices=[('slack', 'slack'), ('msteams', 'msteams'), ('mail', 'mail'), ('alert', 'alert')], default=('alert', 'alert'), help_text='Get notified of (upcoming) SLA breaches (a message per project)', max_length=24, verbose_name='SLA breach (combined)'), + ), + ] diff --git a/dojo/db_migrations/0197_parser_merge.py b/dojo/db_migrations/0197_parser_merge.py new file mode 100644 index 00000000000..613ebea02fa --- /dev/null +++ b/dojo/db_migrations/0197_parser_merge.py @@ -0,0 +1,98 @@ +from django.db import migrations +import logging + + +logger = logging.getLogger(__name__) + + +OPENVAS_REFERENCES = ['OpenVAS CSV', 'OpenVAS XML'] +CLAIRKLAR_REFERENCES = ['Clair Klar Scan'] + + +# update the test type object as well as the scan type name +def update_openvas_test(test, openvas_test_type) -> None: + if test.test_type.name in OPENVAS_REFERENCES or test.scan_type in OPENVAS_REFERENCES: + test.test_type = openvas_test_type + test.scan_type = openvas_test_type.name + test.save() + + +def update_clairklar_test(test, clairklar_test_type) -> None: + if test.test_type.name in CLAIRKLAR_REFERENCES or test.scan_type in CLAIRKLAR_REFERENCES: + test.test_type = clairklar_test_type + test.scan_type = clairklar_test_type.name + test.save() + + +# Update the found_by field to remove OpenVAS CSV/ OpenVAS XML and add OpenVAS Parser +def update_openvas_finding(finding, openvas_test_type, openvascsv_test_type, openvasxml_test_type) -> None: + # Check if nessus is in found by list and remove + if openvascsv_test_type in finding.found_by.all(): + finding.found_by.remove(openvascsv_test_type.id) + # Check if nessus WAS is in found by list and remove + if openvasxml_test_type in finding.found_by.all(): + finding.found_by.remove(openvasxml_test_type.id) + # Check if tenable is already in list somehow before adding it + if openvas_test_type not in finding.found_by.all(): + finding.found_by.add(openvas_test_type.id) + finding.save() + + +# Update the found_by field to remove Clair Klar Scan and add Clair Scan +def update_clairklar_finding(finding, clair_test_type, clairklar_test_type) -> None: + # Check if nessus is in found by list and remove + if clairklar_test_type in finding.found_by.all(): + finding.found_by.remove(clairklar_test_type.id) + # Check if tenable is already in list somehow before adding it + if clair_test_type not in finding.found_by.all(): + finding.found_by.add(clair_test_type.id) + finding.save() + + +# Update all finding objects that came from OpenVAS CSV /XML reports +def migrate_openvas_parsers(apps, schema_editor): + finding_model = apps.get_model('dojo', 'Finding') + test_type_model = apps.get_model('dojo', 'Test_Type') + # Get or create OpenVAS Test Type and fetch the OpenVAS XML and OpenVAS CSV test types + openvas_test_type, _ = test_type_model.objects.get_or_create(name="OpenVAS Parser", active=True) + openvascsv_test_type = test_type_model.objects.filter(name="OpenVAS CSV").first() + openvasxml_test_type = test_type_model.objects.filter(name="OpenVAS XML").first() + # Get all the findings found by Nessus and Nessus WAS + findings = finding_model.objects.filter(test__scan_type__in=OPENVAS_REFERENCES) + logger.warning(f'We identified {findings.count()} OpenVAS CSV/ OpenVAS XML findings to migrate to OpenVAS Parser findings') + # Iterate over all findings and change + for finding in findings: + # Update the found by field + update_openvas_finding(finding, openvas_test_type, openvascsv_test_type, openvasxml_test_type) + # Update the test object + update_openvas_test(finding.test, openvas_test_type) + + +# Update all finding objects that came from Clair Klar reports +def migrate_clairklar_parsers(apps, schema_editor): + finding_model = apps.get_model('dojo', 'Finding') + test_type_model = apps.get_model('dojo', 'Test_Type') + # Get or create Clair Scan Test Type and fetch the Clair Klar Scan test types + clair_test_type, _ = test_type_model.objects.get_or_create(name="Clair Scan", active=True) + clairklar_test_type = test_type_model.objects.filter(name="Clair Klar Scan").first() + # Get all the findings found by Clair Klar Scan + findings = finding_model.objects.filter(test__scan_type__in=CLAIRKLAR_REFERENCES) + logger.warning(f'We identified {findings.count()} Clair Klar Scan findings to migrate to Clair Scan findings') + # Iterate over all findings and change + for finding in findings: + # Update the found by field + update_clairklar_finding(finding, clair_test_type, clairklar_test_type) + # Update the test object + update_clairklar_test(finding.test, clair_test_type) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0196_notifications_sla_breach_combined'), + ] + + operations = [ + migrations.RunPython(migrate_openvas_parsers), + migrations.RunPython(migrate_clairklar_parsers), + ] diff --git a/dojo/db_migrations/0198_alter_system_settings_enable_deduplication.py b/dojo/db_migrations/0198_alter_system_settings_enable_deduplication.py new file mode 100644 index 00000000000..146754203c6 --- /dev/null +++ b/dojo/db_migrations/0198_alter_system_settings_enable_deduplication.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.13 on 2024-01-31 18:53 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0197_parser_merge'), + ] + + operations = [ + migrations.AlterField( + model_name='system_settings', + name='enable_deduplication', + field=models.BooleanField(default=False, help_text='With this setting turned on, DefectDojo deduplicates findings by comparing endpoints, cwe fields, and titles. If two findings share a URL and have the same CWE or title, DefectDojo marks the recent finding as a duplicate. When deduplication is enabled, a list of deduplicated findings is added to the engagement view.', verbose_name='Deduplicate findings'), + ), + ] diff --git a/dojo/db_migrations/0199_whitesource_to_mend.py b/dojo/db_migrations/0199_whitesource_to_mend.py new file mode 100644 index 00000000000..7620542cc7d --- /dev/null +++ b/dojo/db_migrations/0199_whitesource_to_mend.py @@ -0,0 +1,58 @@ +from django.db import migrations +import logging + +logger = logging.getLogger(__name__) + + +WHITESOURCE_REFERENCES = ['Whitesource Scan'] + + +# update the test type object as well as the scan type name +def update_test(test, mend_test_type) -> None: + if test.test_type.name in WHITESOURCE_REFERENCES or test.scan_type in WHITESOURCE_REFERENCES: + test.test_type = mend_test_type + test.scan_type = mend_test_type.name + test.save() + + +# Update the found_by field to remove whitesource and add mend +def update_finding(finding, mend_test_type, whitesource_test_type) -> None: + # Check if whitesource is in found by list and remove + if whitesource_test_type in finding.found_by.all(): + finding.found_by.remove(whitesource_test_type.id) + # Check if whitesource is in found by list and remove + if whitesource_test_type in finding.found_by.all(): + finding.found_by.remove(whitesource_test_type.id) + # Check if mend is already in list somehow before adding it + if mend_test_type not in finding.found_by.all(): + finding.found_by.add(mend_test_type.id) + finding.save() + + +# Update all finding objects that came from whitesource reports +def migrate_whitesource_findings_to_mend(apps, schema_editor): + finding_model = apps.get_model('dojo', 'Finding') + test_type_model = apps.get_model('dojo', 'Test_Type') + # Get or create Mend Test Type and fetch the whitesource test types + mend_test_type, _ = test_type_model.objects.get_or_create(name="Mend Scan", active=True) + whitesource_test_type = test_type_model.objects.filter(name="Whitesource Scan").first() + # Get all the findings found by whitesource + findings = finding_model.objects.filter(test__scan_type__in=WHITESOURCE_REFERENCES) + logger.warning(f'We identified {findings.count()} Whitesource findings to migrate to Mend findings') + # Iterate over all findings and change + for finding in findings: + # Update the found by field + update_finding(finding, mend_test_type, whitesource_test_type) + # Update the test object + update_test(finding.test, mend_test_type) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0198_alter_system_settings_enable_deduplication'), + ] + + operations = [ + migrations.RunPython(migrate_whitesource_findings_to_mend), + ] diff --git a/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py b/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py new file mode 100644 index 00000000000..20ef3e4f689 --- /dev/null +++ b/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py @@ -0,0 +1,31 @@ +# Generated by Django 4.1.13 on 2024-01-17 03:07 + +from django.db import migrations, models +import logging + +logger = logging.getLogger(__name__) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0199_whitesource_to_mend'), + ] + + operations = [ + migrations.AddField( + model_name='finding', + name='sla_expiration_date', + field=models.DateField(blank=True, help_text="(readonly)The date SLA expires for this finding. Empty by default, causing a fallback to 'date'.", null=True, verbose_name='SLA Expiration Date'), + ), + migrations.AddField( + model_name='product', + name='async_updating', + field=models.BooleanField(default=False, help_text='Findings under this Product or SLA configuration are asynchronously being updated'), + ), + migrations.AddField( + model_name='sla_configuration', + name='async_updating', + field=models.BooleanField(default=False, help_text='Findings under this SLA configuration are asynchronously being updated'), + ), + ] diff --git a/dojo/db_migrations/0201_populate_finding_sla_expiration_date.py b/dojo/db_migrations/0201_populate_finding_sla_expiration_date.py new file mode 100644 index 00000000000..4b886301de7 --- /dev/null +++ b/dojo/db_migrations/0201_populate_finding_sla_expiration_date.py @@ -0,0 +1,133 @@ +from django.db import migrations +from django.utils import timezone +from datetime import datetime +from django.conf import settings +from dateutil.relativedelta import relativedelta +import logging + +from dojo.utils import get_work_days + +logger = logging.getLogger(__name__) + + +def calculate_sla_expiration_dates(apps, schema_editor): + System_Settings = apps.get_model('dojo', 'System_Settings') + + ss, _ = System_Settings.objects.get_or_create() + if not ss.enable_finding_sla: + return + + logger.info('Calculating SLA expiration dates for all findings') + + SLA_Configuration = apps.get_model('dojo', 'SLA_Configuration') + Finding = apps.get_model('dojo', 'Finding') + + findings = Finding.objects.filter(sla_expiration_date__isnull=True).order_by('id').only('id', 'sla_start_date', 'date', 'severity', 'test', 'mitigated') + + page_size = 1000 + total_count = Finding.objects.filter(id__gt=0).count() + logger.info('Found %d findings to be updated', total_count) + + i = 0 + batch = [] + last_id = 0 + total_pages = (total_count // page_size) + 2 + for p in range(1, total_pages): + page = findings.filter(id__gt=last_id)[:page_size] + for find in page: + i += 1 + last_id = find.id + + start_date = find.sla_start_date if find.sla_start_date else find.date + + sla_config = SLA_Configuration.objects.filter(id=find.test.engagement.product.sla_configuration_id).first() + sla_period = getattr(sla_config, find.severity.lower(), None) + + days = None + if settings.SLA_BUSINESS_DAYS: + if find.mitigated: + days = get_work_days(find.date, find.mitigated.date()) + else: + days = get_work_days(find.date, timezone.now().date()) + else: + if isinstance(start_date, datetime): + start_date = start_date.date() + + if find.mitigated: + days = (find.mitigated.date() - start_date).days + else: + days = (timezone.now().date() - start_date).days + + days = days if days > 0 else 0 + + days_remaining = None + if sla_period: + days_remaining = sla_period - days + + if days_remaining: + if find.mitigated: + find.sla_expiration_date = find.mitigated.date() + relativedelta(days=days_remaining) + else: + find.sla_expiration_date = timezone.now().date() + relativedelta(days=days_remaining) + + batch.append(find) + + if (i > 0 and i % page_size == 0): + Finding.objects.bulk_update(batch, ['sla_expiration_date']) + batch = [] + logger.info('%s out of %s findings processed...', i, total_count) + + Finding.objects.bulk_update(batch, ['sla_expiration_date']) + batch = [] + logger.info('%s out of %s findings processed...', i, total_count) + + +def reset_sla_expiration_dates(apps, schema_editor): + System_Settings = apps.get_model('dojo', 'System_Settings') + + ss, _ = System_Settings.objects.get_or_create() + if not ss.enable_finding_sla: + return + + logger.info('Resetting SLA expiration dates for all findings') + + Finding = apps.get_model('dojo', 'Finding') + + findings = Finding.objects.filter(sla_expiration_date__isnull=False).order_by('id').only('id') + + page_size = 1000 + total_count = Finding.objects.filter(id__gt=0).count() + logger.info('Found %d findings to be reset', total_count) + + i = 0 + batch = [] + last_id = 0 + total_pages = (total_count // page_size) + 2 + for p in range(1, total_pages): + page = findings.filter(id__gt=last_id)[:page_size] + for find in page: + i += 1 + last_id = find.id + + find.sla_expiration_date = None + batch.append(find) + + if (i > 0 and i % page_size == 0): + Finding.objects.bulk_update(batch, ['sla_expiration_date']) + batch = [] + logger.info('%s out of %s findings processed...', i, total_count) + + Finding.objects.bulk_update(batch, ['sla_expiration_date']) + batch = [] + logger.info('%s out of %s findings processed...', i, total_count) + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0200_finding_sla_expiration_date_product_async_updating_and_more'), + ] + + operations = [ + migrations.RunPython(calculate_sla_expiration_dates, reset_sla_expiration_dates), + ] diff --git a/dojo/db_migrations/0202_alter_dojo_group_social_provider.py b/dojo/db_migrations/0202_alter_dojo_group_social_provider.py new file mode 100644 index 00000000000..9bbc7e2e5c6 --- /dev/null +++ b/dojo/db_migrations/0202_alter_dojo_group_social_provider.py @@ -0,0 +1,18 @@ +# Generated by Django 4.1.13 on 2024-01-25 00:07 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0201_populate_finding_sla_expiration_date'), + ] + + operations = [ + migrations.AlterField( + model_name='dojo_group', + name='social_provider', + field=models.CharField(blank=True, choices=[('AzureAD', 'AzureAD'), ('Remote', 'Remote')], help_text='Group imported from a social provider.', max_length=10, null=True, verbose_name='Social Authentication Provider'), + ), + ] diff --git a/dojo/decorators.py b/dojo/decorators.py index 2fca3d453e5..39e16bb026c 100644 --- a/dojo/decorators.py +++ b/dojo/decorators.py @@ -3,9 +3,9 @@ from django.db import models from django.conf import settings -from ratelimit.exceptions import Ratelimited -from ratelimit.core import is_ratelimited -from ratelimit import ALL +from django_ratelimit.exceptions import Ratelimited +from django_ratelimit.core import is_ratelimited +from django_ratelimit import UNSAFE import logging @@ -22,7 +22,7 @@ def we_want_async(*args, func=None, **kwargs): logger.debug('dojo_async_task %s: running task in the foreground as sync=True has been found as kwarg', func) return False - user = get_current_user() + user = kwargs.get('async_user', get_current_user()) logger.debug('user: %s', user) if Dojo_User.wants_block_execution(user): @@ -38,8 +38,12 @@ def we_want_async(*args, func=None, **kwargs): def dojo_async_task(func): @wraps(func) def __wrapper__(*args, **kwargs): + from dojo.utils import get_current_user + user = get_current_user() + kwargs['async_user'] = user + countdown = kwargs.pop("countdown", 0) if we_want_async(*args, func=func, **kwargs): - return func.delay(*args, **kwargs) + return func.apply_async(args=args, kwargs=kwargs, countdown=countdown) else: return func(*args, **kwargs) @@ -155,12 +159,12 @@ def wrapper(self, *args, **kwargs): f = open("/tmp/selenium_page_source.html", "w", encoding='utf-8') f.writelines(self.driver.page_source) # time.sleep(30) - raise(e) + raise e return wrapper -def dojo_ratelimit(key='ip', rate=None, method=ALL, block=False): +def dojo_ratelimit(key='ip', rate=None, method=UNSAFE, block=False): def decorator(fn): @wraps(fn) def _wrapped(request, *args, **kw): @@ -178,7 +182,7 @@ def _wrapped(request, *args, **kw): if username: dojo_user = Dojo_User.objects.filter(username=username).first() if dojo_user: - Dojo_User.enable_force_password_rest(dojo_user) + Dojo_User.enable_force_password_reset(dojo_user) raise Ratelimited() return fn(request, *args, **kw) return _wrapped diff --git a/dojo/development_environment/urls.py b/dojo/development_environment/urls.py index d6edccf44e0..a61b5073258 100644 --- a/dojo/development_environment/urls.py +++ b/dojo/development_environment/urls.py @@ -1,12 +1,12 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.development_environment import views urlpatterns = [ # dev envs - url(r'^dev_env$', views.dev_env, name='dev_env'), - url(r'^dev_env/add$', views.add_dev_env, + re_path(r'^dev_env$', views.dev_env, name='dev_env'), + re_path(r'^dev_env/add$', views.add_dev_env, name='add_dev_env'), - url(r'^dev_env/(?P\d+)/edit$', + re_path(r'^dev_env/(?P\d+)/edit$', views.edit_dev_env, name='edit_dev_env'), ] diff --git a/dojo/development_environment/views.py b/dojo/development_environment/views.py index 9d199e2c300..d6d4c167b17 100644 --- a/dojo/development_environment/views.py +++ b/dojo/development_environment/views.py @@ -1,6 +1,7 @@ # #dev envs import logging +from django.contrib.auth.decorators import login_required from django.contrib import messages from django.urls import reverse from django.http import HttpResponseRedirect @@ -17,7 +18,7 @@ logger = logging.getLogger(__name__) -@user_is_configuration_authorized('dojo.view_development_environment', 'staff') +@login_required def dev_env(request): initial_queryset = Development_Environment.objects.all().order_by('name') name_words = [de.name for de in @@ -34,7 +35,7 @@ def dev_env(request): 'name_words': name_words}) -@user_is_configuration_authorized('dojo.add_development_environment', 'staff') +@user_is_configuration_authorized('dojo.add_development_environment') def add_dev_env(request): form = Development_EnvironmentForm() if request.method == 'POST': @@ -55,7 +56,7 @@ def add_dev_env(request): }) -@user_is_configuration_authorized('dojo.change_development_environment', 'staff') +@user_is_configuration_authorized('dojo.change_development_environment') def edit_dev_env(request, deid): de = get_object_or_404(Development_Environment, pk=deid) form1 = Development_EnvironmentForm(instance=de) @@ -71,7 +72,7 @@ def edit_dev_env(request, deid): extra_tags='alert-success') return HttpResponseRedirect(reverse('dev_env')) if request.method == 'POST' and request.POST.get('delete_dev_env'): - user_has_configuration_permission_or_403(request.user, 'dojo.delete_development_environment', 'staff') + user_has_configuration_permission_or_403(request.user, 'dojo.delete_development_environment') form2 = Delete_Dev_EnvironmentForm(request.POST, instance=de) if form2.is_valid(): try: diff --git a/dojo/endpoint/queries.py b/dojo/endpoint/queries.py index 622d4c282a5..df8c0b86f3e 100644 --- a/dojo/endpoint/queries.py +++ b/dojo/endpoint/queries.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import Endpoint, Endpoint_Status, Product_Member, Product_Type_Member, \ Product_Group, Product_Type_Group @@ -22,9 +21,6 @@ def get_authorized_endpoints(permission, queryset=None, user=None): if user.is_superuser: return endpoints - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return endpoints - if user_has_global_permission(user, permission): return endpoints @@ -73,9 +69,6 @@ def get_authorized_endpoint_status(permission, queryset=None, user=None): if user.is_superuser: return endpoint_status - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return endpoint_status - if user_has_global_permission(user, permission): return endpoint_status diff --git a/dojo/endpoint/urls.py b/dojo/endpoint/urls.py index 6f2f1d737f3..56afa2411bc 100644 --- a/dojo/endpoint/urls.py +++ b/dojo/endpoint/urls.py @@ -1,41 +1,41 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.endpoint import views urlpatterns = [ # endpoints - url(r'^endpoint$', views.all_endpoints, + re_path(r'^endpoint$', views.all_endpoints, name='endpoint'), - url(r'^endpoint/host$', views.all_endpoint_hosts, + re_path(r'^endpoint/host$', views.all_endpoint_hosts, name='endpoint_host'), - url(r'^endpoint/vulnerable$', views.vulnerable_endpoints, + re_path(r'^endpoint/vulnerable$', views.vulnerable_endpoints, name='vulnerable_endpoints'), - url(r'^endpoint/host/vulnerable$', views.vulnerable_endpoint_hosts, + re_path(r'^endpoint/host/vulnerable$', views.vulnerable_endpoint_hosts, name='vulnerable_endpoint_hosts'), - url(r'^endpoint/(?P\d+)$', views.view_endpoint, + re_path(r'^endpoint/(?P\d+)$', views.view_endpoint, name='view_endpoint'), - url(r'^endpoint/host/(?P\d+)$', views.view_endpoint_host, + re_path(r'^endpoint/host/(?P\d+)$', views.view_endpoint_host, name='view_endpoint_host'), - url(r'^endpoint/(?P\d+)/edit$', views.edit_endpoint, + re_path(r'^endpoint/(?P\d+)/edit$', views.edit_endpoint, name='edit_endpoint'), - url(r'^endpoints/(?P\d+)/add$', views.add_endpoint, + re_path(r'^endpoints/(?P\d+)/add$', views.add_endpoint, name='add_endpoint'), - url(r'^endpoint/(?P\d+)/delete$', views.delete_endpoint, + re_path(r'^endpoint/(?P\d+)/delete$', views.delete_endpoint, name='delete_endpoint'), - url(r'^endpoints/add$', views.add_product_endpoint, + re_path(r'^endpoints/add$', views.add_product_endpoint, name='add_product_endpoint'), - url(r'^endpoint/(?P\d+)/add_meta_data$', views.add_meta_data, + re_path(r'^endpoint/(?P\d+)/add_meta_data$', views.add_meta_data, name='add_endpoint_meta_data'), - url(r'^endpoint/(?P\d+)/edit_meta_data$', views.edit_meta_data, + re_path(r'^endpoint/(?P\d+)/edit_meta_data$', views.edit_meta_data, name='edit_endpoint_meta_data'), - url(r'^endpoint/bulk$', views.endpoint_bulk_update_all, + re_path(r'^endpoint/bulk$', views.endpoint_bulk_update_all, name='endpoints_bulk_all'), - url(r'^product/(?P\d+)/endpoint/bulk_product$', views.endpoint_bulk_update_all, + re_path(r'^product/(?P\d+)/endpoint/bulk_product$', views.endpoint_bulk_update_all, name='endpoints_bulk_update_all_product'), - url(r'^endpoint/(?P\d+)/bulk_status$', views.endpoint_status_bulk_update, + re_path(r'^endpoint/(?P\d+)/bulk_status$', views.endpoint_status_bulk_update, name='endpoints_status_bulk'), - url(r'^endpoint/migrate$', views.migrate_endpoints_view, + re_path(r'^endpoint/migrate$', views.migrate_endpoints_view, name='endpoint_migrate'), - url(r'^endpoint/(?P\d+)/import_endpoint_meta$', views.import_endpoint_meta, + re_path(r'^endpoint/(?P\d+)/import_endpoint_meta$', views.import_endpoint_meta, name='import_endpoint_meta'), ] diff --git a/dojo/endpoint/utils.py b/dojo/endpoint/utils.py index 96430038de1..06afb192424 100644 --- a/dojo/endpoint/utils.py +++ b/dojo/endpoint/utils.py @@ -11,6 +11,7 @@ from django.core.validators import validate_ipv46_address from django.core.exceptions import ValidationError from django.db.models import Q, Count +from django.http import HttpResponseRedirect from dojo.models import Endpoint, DojoMeta @@ -306,13 +307,14 @@ def save_endpoints_to_add(endpoint_list, product): def endpoint_meta_import(file, product, create_endpoints, create_tags, create_meta, origin='UI', request=None): content = file.read() - if type(content) is bytes: + sig = content.decode('utf-8-sig') + content = sig.encode("utf-8") + if isinstance(content, bytes): content = content.decode('utf-8') reader = csv.DictReader(io.StringIO(content)) if 'hostname' not in reader.fieldnames: if origin == 'UI': - from django.http import HttpResponseRedirect messages.add_message( request, messages.ERROR, @@ -320,8 +322,7 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me extra_tags='alert-danger') return HttpResponseRedirect(reverse('import_endpoint_meta', args=(product.id, ))) elif origin == 'API': - from rest_framework.serializers import ValidationError - raise ValidationError('The column "hostname" must be present to map host to Endpoint.',) + raise ValidationError('The column "hostname" must be present to map host to Endpoint.') keys = [key for key in reader.fieldnames if key != 'hostname'] @@ -342,22 +343,35 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me for endpoint in endpoints: existing_tags = [tag.name for tag in endpoint.tags.all()] for item in meta: - if create_meta: - # check if meta exists first. Don't want to make duplicate endpoints - dojo_meta, create = DojoMeta.objects.get_or_create( - endpoint=endpoint, - name=item[0]) - dojo_meta.value = item[1] - dojo_meta.save() - if create_tags: - for tag in existing_tags: - if item[0] not in tag: - continue - else: - # found existing. Update it - existing_tags.remove(tag) - break - existing_tags += [item[0] + ':' + item[1]] - # if tags are not supposed to be added, this value remain unchanged - endpoint.tags = existing_tags + # Determine if there is a value here + if item[1] is not None and len(item[1]) > 0: + if create_meta: + # check if meta exists first. Don't want to make duplicate endpoints + dojo_meta, create = DojoMeta.objects.get_or_create( + endpoint=endpoint, + name=item[0]) + dojo_meta.value = item[1] + dojo_meta.save() + if create_tags: + for tag in existing_tags: + if item[0] not in tag: + continue + else: + # found existing. Update it + existing_tags.remove(tag) + break + existing_tags += [item[0] + ':' + item[1]] + # if tags are not supposed to be added, this value remain unchanged + endpoint.tags = existing_tags endpoint.save() + + +def remove_broken_endpoint_statuses(apps): + Endpoint_Status = apps.get_model('dojo', 'endpoint_status') + broken_eps = Endpoint_Status.objects.filter(Q(endpoint=None) | Q(finding=None)) + if broken_eps.count() == 0: + logger.info('There is no broken endpoint_status') + else: + logger.warning('We identified %s broken endpoint_statuses', broken_eps.count()) + deleted = broken_eps.delete() + logger.warning('We removed: %s', deleted) diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 3c80711c9b4..ae91d83a429 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -3,7 +3,6 @@ from dateutil.relativedelta import relativedelta from django.contrib import messages from django.conf import settings -from django.core.exceptions import PermissionDenied from django.urls import reverse from django.http import HttpResponseRedirect from django.shortcuts import render, get_object_or_404 @@ -33,9 +32,17 @@ def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: - endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, - finding__duplicate=False, finding__out_of_scope=False, mitigated=False) - endpoints = endpoints.filter(endpoint_status__mitigated=False) + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__verified=True, + finding__out_of_scope=False, + finding__mitigated__isnull=True, + finding__false_p=False, + finding__duplicate=False, + status_endpoint__mitigated=False, + status_endpoint__false_positive=False, + status_endpoint__out_of_scope=False, + status_endpoint__risk_accepted=False) else: endpoints = Endpoint.objects.all() @@ -68,7 +75,7 @@ def process_endpoints_view(request, host_view=False, vulnerable=False): if len(p) == 1: product = get_object_or_404(Product, id=p[0]) user_has_permission_or_403(request.user, product, Permissions.Product_View) - product_tab = Product_Tab(product.id, view_name, tab="endpoints") + product_tab = Product_Tab(product, view_name, tab="endpoints") return render( request, 'dojo/endpoints.html', { @@ -117,12 +124,12 @@ def process_endpoint_view(request, eid, host_view=False): endpoints = endpoint.host_endpoints() endpoint_metadata = None all_findings = endpoint.host_findings() - active_findings = endpoint.host_active_findings() + active_verified_findings = endpoint.host_active_verified_findings() else: endpoints = None endpoint_metadata = dict(endpoint.endpoint_meta.values_list('name', 'value')) - all_findings = endpoint.findings() - active_findings = endpoint.active_findings() + all_findings = endpoint.findings.all() + active_verified_findings = endpoint.active_verified_findings() if all_findings: start_date = timezone.make_aware(datetime.combine(all_findings.last().date, datetime.min.time())) @@ -138,17 +145,17 @@ def process_endpoint_view(request, eid, host_view=False): # closed_findings is needed as a parameter for get_periods_counts, but they are not relevant in the endpoint view closed_findings = Finding.objects.none() - monthly_counts = get_period_counts(active_findings, all_findings, closed_findings, None, months_between, start_date, + monthly_counts = get_period_counts(all_findings, closed_findings, None, months_between, start_date, relative_delta='months') - paged_findings = get_page_items(request, active_findings, 25) + paged_findings = get_page_items(request, active_verified_findings, 25) vulnerable = False - if active_findings.count() != 0: + if active_verified_findings.count() != 0: vulnerable = True - product_tab = Product_Tab(endpoint.product.id, "Host" if host_view else "Endpoint", tab="endpoints") + product_tab = Product_Tab(endpoint.product, "Host" if host_view else "Endpoint", tab="endpoints") return render(request, "dojo/view_endpoint.html", {"endpoint": endpoint, @@ -191,7 +198,7 @@ def edit_endpoint(request, eid): add_breadcrumb(parent=endpoint, title="Edit", top_level=False, request=request) form = EditEndpointForm(instance=endpoint) - product_tab = Product_Tab(endpoint.product.id, "Endpoint", tab="endpoints") + product_tab = Product_Tab(endpoint.product, "Endpoint", tab="endpoints") return render(request, "dojo/edit_endpoint.html", @@ -221,7 +228,7 @@ def delete_endpoint(request, eid): title='Deletion of %s' % endpoint, product=product, description='The endpoint "%s" was deleted by %s' % (endpoint, request.user), - url=request.build_absolute_uri(reverse('endpoint')), + url=reverse('endpoint'), icon="exclamation-triangle") return HttpResponseRedirect(reverse('view_product', args=(product.id,))) @@ -229,7 +236,7 @@ def delete_endpoint(request, eid): collector.collect([endpoint]) rels = collector.nested() - product_tab = Product_Tab(endpoint.product.id, "Delete Endpoint", tab="endpoints") + product_tab = Product_Tab(endpoint.product, "Delete Endpoint", tab="endpoints") return render(request, 'dojo/delete_endpoint.html', {'endpoint': endpoint, @@ -259,7 +266,7 @@ def add_endpoint(request, pid): extra_tags='alert-success') return HttpResponseRedirect(reverse('endpoint') + "?product=" + pid) - product_tab = Product_Tab(product.id, "Add Endpoint", tab="endpoints") + product_tab = Product_Tab(product, "Add Endpoint", tab="endpoints") return render(request, template, { 'product_tab': product_tab, @@ -310,7 +317,7 @@ def add_meta_data(request, eid): form = DojoMetaDataForm() add_breadcrumb(parent=endpoint, title="Add Metadata", top_level=False, request=request) - product_tab = Product_Tab(endpoint.product.id, "Add Metadata", tab="endpoints") + product_tab = Product_Tab(endpoint.product, "Add Metadata", tab="endpoints") return render(request, 'dojo/add_endpoint_meta_data.html', {'form': form, @@ -344,7 +351,7 @@ def edit_meta_data(request, eid): extra_tags='alert-success') return HttpResponseRedirect(reverse('view_endpoint', args=(eid,))) - product_tab = Product_Tab(endpoint.product.id, "Edit Metadata", tab="endpoints") + product_tab = Product_Tab(endpoint.product, "Edit Metadata", tab="endpoints") return render(request, 'dojo/edit_endpoint_meta_data.html', {'endpoint': endpoint, @@ -356,25 +363,22 @@ def edit_meta_data(request, eid): def endpoint_bulk_update_all(request, pid=None): if request.method == "POST": endpoints_to_update = request.POST.getlist('endpoints_to_update') - finds = Endpoint.objects.filter(id__in=endpoints_to_update).order_by("endpoint_meta__product__id") - total_endpoint_count = finds.count() + endpoints = Endpoint.objects.filter(id__in=endpoints_to_update).order_by("endpoint_meta__product__id") + total_endpoint_count = endpoints.count() if request.POST.get('delete_bulk_endpoints') and endpoints_to_update: - if pid is None: - if not request.user.is_staff: - raise PermissionDenied - else: + if pid is not None: product = get_object_or_404(Product, id=pid) user_has_permission_or_403(request.user, product, Permissions.Endpoint_Delete) - finds = get_authorized_endpoints(Permissions.Endpoint_Delete, finds, request.user) + endpoints = get_authorized_endpoints(Permissions.Endpoint_Delete, endpoints, request.user) - skipped_endpoint_count = total_endpoint_count - finds.count() - deleted_endpoint_count = finds.count() + skipped_endpoint_count = total_endpoint_count - endpoints.count() + deleted_endpoint_count = endpoints.count() product_calc = list(Product.objects.filter(endpoint__id__in=endpoints_to_update).distinct()) - finds.delete() + endpoints.delete() for prod in product_calc: calculate_grade(prod) @@ -389,29 +393,30 @@ def endpoint_bulk_update_all(request, pid=None): else: if endpoints_to_update: - if pid is None: - if not request.user.is_staff: - raise PermissionDenied - else: + if pid is not None: product = get_object_or_404(Product, id=pid) user_has_permission_or_403(request.user, product, Permissions.Finding_Edit) - finds = get_authorized_endpoints(Permissions.Endpoint_Edit, finds, request.user) + endpoints = get_authorized_endpoints(Permissions.Endpoint_Edit, endpoints, request.user) - skipped_endpoint_count = total_endpoint_count - finds.count() - updated_endpoint_count = finds.count() + skipped_endpoint_count = total_endpoint_count - endpoints.count() + updated_endpoint_count = endpoints.count() if skipped_endpoint_count > 0: add_error_message_to_response('Skipped mitigation of {} endpoints because you are not authorized.'.format(skipped_endpoint_count)) - for endpoint in finds: - endpoint.mitigated = not endpoint.mitigated - endpoint.save() + eps_count = Endpoint_Status.objects.filter(endpoint__in=endpoints).update( + mitigated=True, + mitigated_by=request.user, + mitigated_time=timezone.now(), + last_modified=timezone.now() + ) if updated_endpoint_count > 0: messages.add_message(request, messages.SUCCESS, - 'Bulk mitigation of {} endpoints was successful.'.format(updated_endpoint_count), + 'Bulk mitigation of {} endpoints ({} endpoint statuses) was successful.'.format( + updated_endpoint_count, eps_count), extra_tags='alert-success') else: messages.add_message(request, @@ -509,7 +514,7 @@ def import_endpoint_meta(request, pid): return HttpResponseRedirect(reverse('endpoint') + "?product=" + pid) add_breadcrumb(title="Endpoint Meta Importer", top_level=False, request=request) - product_tab = Product_Tab(product.id, title="Endpoint Meta Importer", tab="endpoints") + product_tab = Product_Tab(product, title="Endpoint Meta Importer", tab="endpoints") return render(request, 'dojo/endpoint_meta_importer.html', { 'product_tab': product_tab, 'form': form, diff --git a/dojo/engagement/queries.py b/dojo/engagement/queries.py index ab699cf889a..b11c2f7f981 100644 --- a/dojo/engagement/queries.py +++ b/dojo/engagement/queries.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import Engagement, Product_Member, Product_Type_Member, \ Product_Group, Product_Type_Group @@ -15,9 +14,6 @@ def get_authorized_engagements(permission): if user.is_superuser: return Engagement.objects.all() - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Engagement.objects.all() - if user_has_global_permission(user, permission): return Engagement.objects.all() diff --git a/dojo/engagement/services.py b/dojo/engagement/services.py index 139d0a2ca71..8ae54bb963d 100644 --- a/dojo/engagement/services.py +++ b/dojo/engagement/services.py @@ -3,7 +3,6 @@ from django.db.models.signals import pre_save from django.dispatch import receiver -from django.utils import timezone from dojo.models import Engagement import dojo.jira_link.helper as jira_helper @@ -13,7 +12,6 @@ def close_engagement(eng): eng.active = False eng.status = 'Completed' - eng.updated = timezone.now() eng.save() if jira_helper.get_jira_project(eng): diff --git a/dojo/engagement/urls.py b/dojo/engagement/urls.py index 6647bd41f52..7f127433efd 100644 --- a/dojo/engagement/urls.py +++ b/dojo/engagement/urls.py @@ -1,55 +1,57 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.engagement import views urlpatterns = [ # engagements and calendar - url(r'^calendar$', views.engagement_calendar, name='calendar'), - url(r'^calendar/engagements$', views.engagement_calendar, name='engagement_calendar'), - url(r'^engagement$', views.engagements, {'view': 'active'}, name='engagement'), - url(r'^engagements_all$', views.engagements_all, name='engagements_all'), - url(r'^engagement/all$', views.engagements, {'view': 'all'}, name='all_engagements'), - url(r'^engagement/active$', views.engagements, {'view': 'active'}, name='active_engagements'), - url(r'^engagement/(?P\d+)$', views.view_engagement, + re_path(r'^calendar$', views.engagement_calendar, name='calendar'), + re_path(r'^calendar/engagements$', views.engagement_calendar, name='engagement_calendar'), + re_path(r'^engagement$', views.engagements, {'view': 'active'}, name='engagement'), + re_path(r'^engagements_all$', views.engagements_all, name='engagements_all'), + re_path(r'^engagement/all$', views.engagements, {'view': 'all'}, name='all_engagements'), + re_path(r'^engagement/active$', views.engagements, {'view': 'active'}, name='active_engagements'), + re_path(r'^engagement/(?P\d+)$', views.view_engagement, name='view_engagement'), - url(r'^engagement/(?P\d+)/ics$', views.engagement_ics, + re_path(r'^engagement/(?P\d+)/ics$', views.engagement_ics, name='engagement_ics'), - url(r'^engagement/(?P\d+)/edit$', views.edit_engagement, + re_path(r'^engagement/(?P\d+)/edit$', views.edit_engagement, name='edit_engagement'), - url(r'^engagement/(?P\d+)/delete$', views.delete_engagement, + re_path(r'^engagement/(?P\d+)/delete$', views.delete_engagement, name='delete_engagement'), - url(r'^engagement/(?P\d+)/add_tests$', views.add_tests, + re_path(r'^engagement/(?P\d+)/copy$', views.copy_engagement, + name='copy_engagement'), + re_path(r'^engagement/(?P\d+)/add_tests$', views.add_tests, name='add_tests'), - url(r'^engagement/(?P\d+)/import_scan_results$', - views.import_scan_results, name='import_scan_results'), - url(r'^engagement/(?P\d+)/close$', views.close_eng, + re_path(r'^engagement/(?P\d+)/import_scan_results$', + views.ImportScanResultsView.as_view(), name='import_scan_results'), + re_path(r'^engagement/(?P\d+)/close$', views.close_eng, name='close_engagement'), - url(r'^engagement/(?P\d+)/reopen$', views.reopen_eng, + re_path(r'^engagement/(?P\d+)/reopen$', views.reopen_eng, name='reopen_engagement'), - url(r'^engagement/(?P\d+)/complete_checklist$', + re_path(r'^engagement/(?P\d+)/complete_checklist$', views.complete_checklist, name='complete_checklist'), - url(r'^engagement/(?P\d+)/risk_acceptance/add$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/add$', views.add_risk_acceptance, name='add_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/add/(?P\d+)$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/add/(?P\d+)$', views.add_risk_acceptance, name='add_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)$', views.view_risk_acceptance, name='view_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/edit$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/edit$', views.edit_risk_acceptance, name='edit_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/expire$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/expire$', views.expire_risk_acceptance, name='expire_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/reinstate$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/reinstate$', views.reinstate_risk_acceptance, name='reinstate_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/delete$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/delete$', views.delete_risk_acceptance, name='delete_risk_acceptance'), - url(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/download$', + re_path(r'^engagement/(?P\d+)/risk_acceptance/(?P\d+)/download$', views.download_risk_acceptance, name='download_risk_acceptance'), - url(r'^engagement/(?P\d+)/threatmodel$', views.view_threatmodel, + re_path(r'^engagement/(?P\d+)/threatmodel$', views.view_threatmodel, name='view_threatmodel'), - url(r'^engagement/(?P\d+)/threatmodel/upload$', + re_path(r'^engagement/(?P\d+)/threatmodel/upload$', views.upload_threatmodel, name='upload_threatmodel'), - url(r'^engagement/csv_export$', + re_path(r'^engagement/csv_export$', views.csv_export, name='engagement_csv_export'), - url(r'^engagement/excel_export$', + re_path(r'^engagement/excel_export$', views.excel_export, name='engagement_excel_export'), ] diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index 175b87dcdc3..20804e1fb06 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -1,6 +1,7 @@ import logging import csv import re +from django.views import View from openpyxl import Workbook from openpyxl.styles import Font from tempfile import NamedTemporaryFile @@ -11,7 +12,7 @@ from django.conf import settings from django.contrib import messages from django.core.exceptions import ValidationError, PermissionDenied -from django.urls import reverse +from django.urls import reverse, Resolver404 from django.db.models import Q, Count from django.http import HttpResponseRedirect, StreamingHttpResponse, HttpResponse, FileResponse, QueryDict from django.shortcuts import render, get_object_or_404 @@ -32,11 +33,11 @@ from dojo.models import Finding, Product, Engagement, Test, \ Check_List, Test_Import, Notes, \ Risk_Acceptance, Development_Environment, Endpoint, \ - Cred_Mapping, Dojo_User, System_Settings, Note_Type, Product_API_Scan_Configuration + Cred_Mapping, System_Settings, Note_Type, Product_API_Scan_Configuration from dojo.tools.factory import get_scan_types_sorted from dojo.utils import add_error_message_to_response, add_success_message_to_response, get_page_items, add_breadcrumb, handle_uploaded_threat, \ - FileIterWrapper, get_cal_event, Product_Tab, is_scan_file_too_large, \ - get_system_setting, redirect_to_return_url_or_else, get_return_url + FileIterWrapper, get_cal_event, Product_Tab, is_scan_file_too_large, async_delete, \ + get_system_setting, get_setting, redirect_to_return_url_or_else, get_return_url, calculate_grade from dojo.notifications.helper import create_notification from dojo.finding.views import find_available_notetypes from functools import reduce @@ -50,6 +51,7 @@ from dojo.authorization.roles_permissions import Permissions from dojo.product.queries import get_authorized_products from dojo.engagement.queries import get_authorized_engagements +from dojo.user.queries import get_authorized_users from dojo.authorization.authorization_decorators import user_is_authorized from dojo.importers.importer.importer import DojoDefaultImporter as Importer import dojo.notifications.helper as notifications_helper @@ -62,6 +64,10 @@ @cache_page(60 * 5) # cache for 5 minutes @vary_on_cookie def engagement_calendar(request): + + if not get_system_setting('enable_calendar'): + raise Resolver404() + if 'lead' not in request.GET or '0' in request.GET.getlist('lead'): engagements = get_authorized_engagements(Permissions.Engagement_View) else: @@ -83,7 +89,7 @@ def engagement_calendar(request): 'caltype': 'engagements', 'leads': request.GET.getlist('lead', ''), 'engagements': engagements, - 'users': Dojo_User.objects.all() + 'users': get_authorized_users(Permissions.Engagement_View) }) @@ -207,7 +213,6 @@ def edit_engagement(request, eid): jira_project_form = None jira_epic_form = None jira_project = None - jira_error = False if request.method == 'POST': form = EngForm(request.POST, instance=engagement, cicd=is_ci_cd, product=engagement.product, user=request.user) @@ -216,6 +221,7 @@ def edit_engagement(request, eid): if form.is_valid(): # first save engagement details new_status = form.cleaned_data.get('status') + engagement.product = form.cleaned_data.get('product') engagement = form.save(commit=False) if (new_status == "Cancelled" or new_status == "Completed"): engagement.active = False @@ -265,7 +271,7 @@ def edit_engagement(request, eid): else: title = 'Edit Interactive Engagement' - product_tab = Product_Tab(engagement.product.id, title=title, tab="engagements") + product_tab = Product_Tab(engagement.product, title=title, tab="engagements") product_tab.setEngagement(engagement) return render(request, 'dojo/new_eng.html', { 'product_tab': product_tab, @@ -289,11 +295,17 @@ def delete_engagement(request, eid): form = DeleteEngagementForm(request.POST, instance=engagement) if form.is_valid(): product = engagement.product - engagement.delete() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(engagement) + message = 'Engagement and relationships will be removed in the background.' + else: + message = 'Engagement and relationships removed.' + engagement.delete() messages.add_message( request, messages.SUCCESS, - 'Engagement and relationships removed.', + message, extra_tags='alert-success') create_notification(event='other', title='Deletion of %s' % engagement.name, @@ -305,11 +317,14 @@ def delete_engagement(request, eid): return HttpResponseRedirect(reverse("view_engagements", args=(product.id, ))) - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([engagement]) - rels = collector.nested() + rels = ['Previewing the relationships has been disabled.', ''] + display_preview = get_setting('DELETE_PREVIEW') + if display_preview: + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([engagement]) + rels = collector.nested() - product_tab = Product_Tab(product.id, title="Delete Engagement", tab="engagements") + product_tab = Product_Tab(product, title="Delete Engagement", tab="engagements") product_tab.setEngagement(engagement) return render(request, 'dojo/delete_engagement.html', { 'product_tab': product_tab, @@ -319,6 +334,47 @@ def delete_engagement(request, eid): }) +@user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') +def copy_engagement(request, eid): + engagement = get_object_or_404(Engagement, id=eid) + product = engagement.product + form = DoneForm() + + if request.method == 'POST': + form = DoneForm(request.POST) + if form.is_valid(): + engagement_copy = engagement.copy() + calculate_grade(product) + messages.add_message( + request, + messages.SUCCESS, + 'Engagement Copied successfully.', + extra_tags='alert-success') + create_notification(event='other', + title='Copying of %s' % engagement.name, + description='The engagement "%s" was copied by %s' % (engagement.name, request.user), + product=product, + url=request.build_absolute_uri(reverse('view_engagement', args=(engagement_copy.id, ))), + recipients=[engagement.lead], + icon="exclamation-triangle") + return redirect_to_return_url_or_else(request, reverse("view_engagements", args=(product.id, ))) + else: + messages.add_message( + request, + messages.ERROR, + 'Unable to copy engagement, please try again.', + extra_tags='alert-danger') + + product_tab = Product_Tab(product, title="Copy Engagement", tab="engagements") + return render(request, 'dojo/copy_object.html', { + 'source': engagement, + 'source_label': 'Engagement', + 'destination_label': 'Product', + 'product_tab': product_tab, + 'form': form, + }) + + @user_is_authorized(Engagement, Permissions.Engagement_View, 'eid') def view_engagement(request, eid): eng = get_object_or_404(Engagement, id=eid) @@ -373,7 +429,6 @@ def view_engagement(request, eid): form = TypedNoteForm(available_note_types=available_note_types) else: form = NoteForm() - url = request.build_absolute_uri(reverse("view_engagement", args=(eng.id,))) title = "Engagement: %s on %s" % (eng.name, eng.product.name) messages.add_message(request, messages.SUCCESS, @@ -395,7 +450,7 @@ def view_engagement(request, eid): title = "" if eng.engagement_type == "CI/CD": title = " CI/CD" - product_tab = Product_Tab(prod.id, title="View" + title + " Engagement", tab="engagements") + product_tab = Product_Tab(prod, title="View" + title + " Engagement", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/view_eng.html', { @@ -434,7 +489,7 @@ def prefetch_for_view_tests(tests): prefetched = prefetched.annotate(total_reimport_count=Count('test_import__id', filter=Q(test_import__type=Test_Import.REIMPORT_TYPE), distinct=True)) else: - logger.warn('unable to prefetch because query was already executed') + logger.warning('unable to prefetch because query was already executed') return prefetched @@ -506,7 +561,7 @@ def add_tests(request, eid): form.initial['lead'] = request.user add_breadcrumb( parent=eng, title="Add Tests", top_level=False, request=request) - product_tab = Product_Tab(eng.product.id, title="Add Tests", tab="engagements") + product_tab = Product_Tab(eng.product, title="Add Tests", tab="engagements") product_tab.setEngagement(eng) return render(request, 'dojo/add_tests.html', { 'product_tab': product_tab, @@ -517,30 +572,77 @@ def add_tests(request, eid): }) -# Cant use the easy decorator because of the potential for either eid/pid being used -def import_scan_results(request, eid=None, pid=None): - engagement = None - form = ImportScanForm() - cred_form = CredMappingForm() - finding_count = 0 - jform = None - user = request.user +class ImportScanResultsView(View): + def get(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') - if eid: - engagement = get_object_or_404(Engagement, id=eid) - engagement_or_product = engagement - cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') - elif pid: - product = get_object_or_404(Product, id=pid) - engagement_or_product = product - elif not user.is_staff: - raise PermissionDenied + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) - user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + custom_breadcrumb = None + title = "Import Scan Results" + if engagement: + product_tab = Product_Tab(engagement.product, title=title, tab="engagements") + product_tab.setEngagement(engagement) + else: + custom_breadcrumb = {"", ""} + product_tab = Product_Tab(product, title=title, tab="findings") - push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) + if jira_helper.get_jira_project(engagement_or_product): + jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') - if request.method == "POST": + form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) + form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) + + return render(request, + 'dojo/import_scan_results.html', + {'form': form, + 'product_tab': product_tab, + 'engagement_or_product': engagement_or_product, + 'custom_breadcrumb': custom_breadcrumb, + 'title': title, + 'cred_form': cred_form, + 'jform': jform, + 'scan_types': get_scan_types_sorted(), + }) + + def post(self, request, eid=None, pid=None): + environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used + engagement = None + form = ImportScanForm(initial={'environment': environment}) + cred_form = CredMappingForm() + finding_count = 0 + jform = None + user = request.user + + if eid: + engagement = get_object_or_404(Engagement, id=eid) + engagement_or_product = engagement + cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter(engagement=engagement).order_by('cred_id') + elif pid: + product = get_object_or_404(Product, id=pid) + engagement_or_product = product + else: + raise Exception('Either Engagement or Product has to be provided') + + user_has_permission_or_403(user, engagement_or_product, Permissions.Import_Scan_Result) + + push_all_jira_issues = jira_helper.is_push_all_issues(engagement_or_product) form = ImportScanForm(request.POST, request.FILES) cred_form = CredMappingForm(request.POST) cred_form.fields["cred_user"].queryset = Cred_Mapping.objects.filter( @@ -555,8 +657,8 @@ def import_scan_results(request, eid=None, pid=None): scan = request.FILES.get('file', None) scan_date = form.cleaned_data['scan_date'] minimum_severity = form.cleaned_data['minimum_severity'] - active = form.cleaned_data['active'] - verified = form.cleaned_data['verified'] + activeChoice = form.cleaned_data.get('active', None) + verifiedChoice = form.cleaned_data.get('verified', None) scan_type = request.POST['scan_type'] tags = form.cleaned_data['tags'] version = form.cleaned_data['version'] @@ -566,11 +668,18 @@ def import_scan_results(request, eid=None, pid=None): api_scan_configuration = form.cleaned_data.get('api_scan_configuration', None) service = form.cleaned_data.get('service', None) close_old_findings = form.cleaned_data.get('close_old_findings', None) + apply_tags_to_findings = form.cleaned_data.get('apply_tags_to_findings', False) + # close_old_findings_prodct_scope is a modifier of close_old_findings. + # If it is selected, close_old_findings should also be selected. + close_old_findings_product_scope = form.cleaned_data.get('close_old_findings_product_scope', None) + if close_old_findings_product_scope: + close_old_findings = True # Will save in the provided environment or in the `Development` one if absent environment_id = request.POST.get('environment', 'Development') environment = Development_Environment.objects.get(id=environment_id) group_by = form.cleaned_data.get('group_by', None) + create_finding_groups_for_all_findings = form.cleaned_data['create_finding_groups_for_all_findings'] # TODO move to form validation? if scan and is_scan_file_too_large(scan): @@ -607,12 +716,26 @@ def import_scan_results(request, eid=None, pid=None): # Save newly added endpoints added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, engagement.product) + active = None + if activeChoice: + if activeChoice == 'force_to_true': + active = True + elif activeChoice == 'force_to_false': + active = False + verified = None + if verifiedChoice: + if verifiedChoice == 'force_to_true': + verified = True + elif verifiedChoice == 'force_to_false': + verified = False + try: importer = Importer() test, finding_count, closed_finding_count, _ = importer.import_scan(scan, scan_type, engagement, user, environment, active=active, verified=verified, tags=tags, minimum_severity=minimum_severity, endpoints_to_add=list(form.cleaned_data['endpoints']) + added_endpoints, scan_date=scan_date, version=version, branch_tag=branch_tag, build_id=build_id, commit_hash=commit_hash, push_to_jira=push_to_jira, - close_old_findings=close_old_findings, group_by=group_by, api_scan_configuration=api_scan_configuration, service=service) + close_old_findings=close_old_findings, close_old_findings_product_scope=close_old_findings_product_scope, group_by=group_by, api_scan_configuration=api_scan_configuration, service=service, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, apply_tags_to_findings=apply_tags_to_findings) message = f'{scan_type} processed a total of {finding_count} findings' @@ -645,34 +768,7 @@ def import_scan_results(request, eid=None, pid=None): return HttpResponseRedirect( reverse('view_test', args=(test.id, ))) - prod_id = None - custom_breadcrumb = None - title = "Import Scan Results" - if engagement: - prod_id = engagement.product.id - product_tab = Product_Tab(prod_id, title=title, tab="engagements") - product_tab.setEngagement(engagement) - else: - prod_id = pid - custom_breadcrumb = {"", ""} - product_tab = Product_Tab(prod_id, title=title, tab="findings") - - if jira_helper.get_jira_project(engagement_or_product): - jform = JIRAImportScanForm(push_all=push_all_jira_issues, prefix='jiraform') - - form.fields['endpoints'].queryset = Endpoint.objects.filter(product__id=product_tab.product.id) - form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id) - return render(request, - 'dojo/import_scan_results.html', - {'form': form, - 'product_tab': product_tab, - 'engagement_or_product': engagement_or_product, - 'custom_breadcrumb': custom_breadcrumb, - 'title': title, - 'cred_form': cred_form, - 'jform': jform, - 'scan_types': get_scan_types_sorted(), - }) + return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') @@ -757,7 +853,7 @@ def complete_checklist(request, eid): findings = Finding.objects.filter(test__in=tests).all() form = CheckForm(instance=checklist, findings=findings) - product_tab = Product_Tab(eng.product.id, title="Checklist", tab="engagements") + product_tab = Product_Tab(eng.product, title="Checklist", tab="engagements") product_tab.setEngagement(eng) return render(request, 'dojo/checklist.html', { 'form': form, @@ -827,7 +923,7 @@ def add_risk_acceptance(request, eid, fid=None): form.fields['accepted_findings'].queryset = finding_choices if fid: form.fields['accepted_findings'].initial = {fid} - product_tab = Product_Tab(eng.product.id, title="Risk Acceptance", tab="engagements") + product_tab = Product_Tab(eng.product, title="Risk Acceptance", tab="engagements") product_tab.setEngagement(eng) return render(request, 'dojo/add_risk_acceptance.html', { @@ -977,14 +1073,14 @@ def view_edit_risk_acceptance(request, eid, raid, edit_mode=False): accepted_findings = risk_acceptance.accepted_findings.order_by('numerical_severity') fpage = get_page_items(request, accepted_findings, 15) - unaccepted_findings = Finding.objects.filter(test__in=eng.test_set.all()) \ + unaccepted_findings = Finding.objects.filter(test__in=eng.test_set.all(), risk_accepted=False) \ .exclude(id__in=accepted_findings).order_by("title") add_fpage = get_page_items(request, unaccepted_findings, 10, 'apage') # on this page we need to add unaccepted findings as possible findings to add as accepted add_findings_form.fields[ "accepted_findings"].queryset = add_fpage.object_list - product_tab = Product_Tab(eng.product.id, title="Risk Acceptance", tab="engagements") + product_tab = Product_Tab(eng.product, title="Risk Acceptance", tab="engagements") product_tab.setEngagement(eng) return render( request, 'dojo/view_risk_acceptance.html', { @@ -1009,7 +1105,8 @@ def view_edit_risk_acceptance(request, eid, raid, edit_mode=False): @user_is_authorized(Engagement, Permissions.Risk_Acceptance, 'eid') def expire_risk_acceptance(request, eid, raid): risk_acceptance = get_object_or_404(prefetch_for_expiration(Risk_Acceptance.objects.all()), pk=raid) - eng = get_object_or_404(Engagement, pk=eid) + # Validate the engagement ID exists before moving forward + get_object_or_404(Engagement, pk=eid) ra_helper.expire_now(risk_acceptance) @@ -1095,7 +1192,7 @@ def upload_threatmodel(request, eid): reverse('view_engagement', args=(eid, ))) else: form = UploadThreatForm() - product_tab = Product_Tab(eng.product.id, title="Upload Threat Model", tab="engagements") + product_tab = Product_Tab(eng.product, title="Upload Threat Model", tab="engagements") return render(request, 'dojo/up_threat.html', { 'form': form, 'product_tab': product_tab, @@ -1133,7 +1230,7 @@ def engagement_ics(request, eid): def get_list_index(list, index): try: element = list[index] - except Exception as e: + except Exception: element = None return element @@ -1146,7 +1243,7 @@ def get_engagements(request): if url.startswith('url='): url = url[4:] - path_items = list(filter(None, re.split('/|\?', url))) # noqa W605 + path_items = list(filter(None, re.split(r'/|\?', url))) if not path_items or path_items[0] != 'engagement': raise ValidationError('URL is not an engagement view') diff --git a/dojo/filters.py b/dojo/filters.py index dc8b912939e..723c52337f3 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -2,7 +2,7 @@ from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import extend_schema_field -from dojo.finding.helper import ACCEPTED_FINDINGS_QUERY, CLOSED_FINDINGS_QUERY, FALSE_POSITIVE_FINDINGS_QUERY, INACTIVE_FINDINGS_QUERY, OPEN_FINDINGS_QUERY, OUT_OF_SCOPE_FINDINGS_QUERY, VERIFIED_FINDINGS_QUERY +from dojo.finding.helper import ACCEPTED_FINDINGS_QUERY, NOT_ACCEPTED_FINDINGS_QUERY, WAS_ACCEPTED_FINDINGS_QUERY, CLOSED_FINDINGS_QUERY, FALSE_POSITIVE_FINDINGS_QUERY, INACTIVE_FINDINGS_QUERY, OPEN_FINDINGS_QUERY, OUT_OF_SCOPE_FINDINGS_QUERY, VERIFIED_FINDINGS_QUERY, UNDER_REVIEW_QUERY import logging from datetime import timedelta, datetime from django import forms @@ -10,18 +10,21 @@ from auditlog.models import LogEntry from django.conf import settings import six -from django.utils.translation import ugettext_lazy as _ +from django.utils.translation import gettext_lazy as _ +from django.utils import timezone from django_filters import FilterSet, CharFilter, OrderingFilter, \ ModelMultipleChoiceFilter, ModelChoiceFilter, MultipleChoiceFilter, \ BooleanFilter, NumberFilter, DateFilter from django_filters import rest_framework as filters from django_filters.filters import ChoiceFilter, _truncate +from django.db.models import JSONField import pytz from django.db.models import Q from dojo.models import Dojo_User, Finding_Group, Product_API_Scan_Configuration, Product_Type, Finding, Product, Test_Import, Test_Type, \ - Endpoint, Development_Environment, Finding_Template, Note_Type, \ + Endpoint, Development_Environment, Finding_Template, Note_Type, Risk_Acceptance, Cred_Mapping, \ Engagement_Survey, Question, TextQuestion, ChoiceQuestion, Endpoint_Status, Engagement, \ - ENGAGEMENT_STATUS_CHOICES, Test, App_Analysis, SEVERITY_CHOICES, Dojo_Group + ENGAGEMENT_STATUS_CHOICES, Test, App_Analysis, SEVERITY_CHOICES, EFFORT_FOR_FIXING_CHOICES, Dojo_Group, Vulnerability_Id, \ + Test_Import_Finding_Action, IMPORT_ACTIONS from dojo.utils import get_system_setting from django.contrib.contenttypes.models import ContentType import tagulous @@ -35,7 +38,9 @@ from dojo.finding.queries import get_authorized_findings from dojo.endpoint.queries import get_authorized_endpoints from dojo.finding_group.queries import get_authorized_finding_groups +from dojo.user.queries import get_authorized_users from django.forms import HiddenInput +from dojo.utils import is_finding_groups_enabled logger = logging.getLogger(__name__) @@ -51,6 +56,21 @@ def custom_filter(queryset, name, value): return queryset.filter(Q(**{filter: values})) +def custom_vulnerability_id_filter(queryset, name, value): + values = value.split(',') + ids = Vulnerability_Id.objects \ + .filter(vulnerability_id__in=values) \ + .values_list('finding_id', flat=True) + return queryset.filter(id__in=ids) + + +def vulnerability_id_filter(queryset, name, value): + ids = Vulnerability_Id.objects \ + .filter(vulnerability_id=value) \ + .values_list('finding_id', flat=True) + return queryset.filter(id__in=ids) + + def now(): return local_tz.localize(datetime.today()) @@ -89,8 +109,11 @@ def risk_accepted(self, qs, name): def closed(self, qs, name): return qs.filter(CLOSED_FINDINGS_QUERY) + def under_review(self, qs, name): + return qs.filter(UNDER_REVIEW_QUERY) + options = { - '': (_('Any'), any), + None: (_('Any'), any), 0: (_('Open'), open), 1: (_('Verified'), verified), 2: (_('Out Of Scope'), out_of_scope), @@ -98,6 +121,7 @@ def closed(self, qs, name): 4: (_('Inactive'), inactive), 5: (_('Risk Accepted'), risk_accepted), 6: (_('Closed'), closed), + 7: (_('Under Review'), under_review), } def __init__(self, *args, **kwargs): @@ -116,7 +140,73 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None + return self.options[value][1](self, qs, self.field_name) + + +class FindingSLAFilter(ChoiceFilter): + def any(self, qs, name): + return qs + + def sla_satisfied(self, qs, name): + # return findings that have an sla expiration date after today or no sla expiration date + return qs.filter(Q(sla_expiration_date__isnull=True) | Q(sla_expiration_date__gt=timezone.now().date())) + + def sla_violated(self, qs, name): + # return active findings that have an sla expiration date before today + return qs.filter(Q(active=True) & Q(sla_expiration_date__lt=timezone.now().date())) + + options = { + None: (_('Any'), any), + 0: (_('False'), sla_satisfied), + 1: (_('True'), sla_violated), + } + + def __init__(self, *args, **kwargs): + kwargs['choices'] = [ + (key, value[0]) for key, value in six.iteritems(self.options)] + super(FindingSLAFilter, self).__init__(*args, **kwargs) + + def filter(self, qs, value): + try: + value = int(value) + except (ValueError, TypeError): + value = None + return self.options[value][1](self, qs, self.field_name) + + +class ProductSLAFilter(ChoiceFilter): + def any(self, qs, name): + return qs + + def sla_satisifed(self, qs, name): + for product in qs: + if product.violates_sla(): + qs = qs.exclude(id=product.id) + return qs + + def sla_violated(self, qs, name): + for product in qs: + if not product.violates_sla(): + qs = qs.exclude(id=product.id) + return qs + + options = { + None: (_('Any'), any), + 0: (_('False'), sla_satisifed), + 1: (_('True'), sla_violated), + } + + def __init__(self, *args, **kwargs): + kwargs['choices'] = [ + (key, value[0]) for key, value in six.iteritems(self.options)] + super(ProductSLAFilter, self).__init__(*args, **kwargs) + + def filter(self, qs, value): + try: + value = int(value) + except (ValueError, TypeError): + value = None return self.options[value][1](self, qs, self.field_name) @@ -135,7 +225,7 @@ def cwe_options(queryset): cwe = dict() cwe = dict([cwe, cwe] for cwe in queryset.order_by().values_list('cwe', flat=True).distinct() - if type(cwe) is int and cwe is not None and cwe > 0) + if isinstance(cwe, int) and cwe is not None and cwe > 0) cwe = collections.OrderedDict(sorted(cwe.items())) return list(cwe.items()) @@ -174,7 +264,7 @@ def get_tags_model_from_field_name(field): parts = field.split('__') model_name = parts[-2] return apps.get_model('dojo.%s' % model_name, require_ready=True), exclude - except Exception as e: + except Exception: return None, exclude @@ -185,7 +275,7 @@ def get_tags_label_from_model(model): return 'Tags (Unknown)' -def get_finding_filter_fields(metrics=False, similar=False): +def get_finding_filterset_fields(metrics=False, similar=False): fields = [] if similar: @@ -204,13 +294,13 @@ def get_finding_filter_fields(metrics=False, similar=False): fields.extend([ 'date', - 'cve', 'cwe', 'severity', 'last_reviewed', 'last_status_update', 'mitigated', 'reporter', + 'reviewers', 'test__engagement__product__prod_type', 'test__engagement__product', 'test__engagement', @@ -226,7 +316,6 @@ def get_finding_filter_fields(metrics=False, similar=False): 'is_mitigated', 'out_of_scope', 'false_p', - 'risk_accepted', 'has_component', 'has_notes', 'file_path', @@ -254,7 +343,7 @@ def get_finding_filter_fields(metrics=False, similar=False): 'jira_issue__jira_key', ]) - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): fields.extend([ 'has_finding_group', 'finding_group', @@ -342,7 +431,7 @@ def __init__(self, *args, **kwargs): class DateRangeFilter(ChoiceFilter): options = { - '': (_('Any date'), lambda qs, name: qs.all()), + None: (_('Any date'), lambda qs, name: qs.all()), 1: (_('Today'), lambda qs, name: qs.filter(**{ '%s__year' % name: now().year, '%s__month' % name: now().month, @@ -382,13 +471,75 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None + return self.options[value][1](qs, self.field_name) + + +class DateRangeOmniFilter(ChoiceFilter): + options = { + None: (_('Any date'), lambda qs, name: qs.all()), + 1: (_('Today'), lambda qs, name: qs.filter(**{ + '%s__year' % name: now().year, + '%s__month' % name: now().month, + '%s__day' % name: now().day + })), + 2: (_('Next 7 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() + timedelta(days=1)), + '%s__lt' % name: _truncate(now() + timedelta(days=7)), + })), + 3: (_('Next 30 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() + timedelta(days=1)), + '%s__lt' % name: _truncate(now() + timedelta(days=30)), + })), + 4: (_('Next 90 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() + timedelta(days=1)), + '%s__lt' % name: _truncate(now() + timedelta(days=90)), + })), + 5: (_('Past 7 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() - timedelta(days=7)), + '%s__lt' % name: _truncate(now() + timedelta(days=1)), + })), + 6: (_('Past 30 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() - timedelta(days=30)), + '%s__lt' % name: _truncate(now() + timedelta(days=1)), + })), + 7: (_('Past 90 days'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() - timedelta(days=90)), + '%s__lt' % name: _truncate(now() + timedelta(days=1)), + })), + 8: (_('Current month'), lambda qs, name: qs.filter(**{ + '%s__year' % name: now().year, + '%s__month' % name: now().month + })), + 9: (_('Past year'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() - timedelta(days=365)), + '%s__lt' % name: _truncate(now() + timedelta(days=1)), + })), + 10: (_('Current year'), lambda qs, name: qs.filter(**{ + '%s__year' % name: now().year, + })), + 11: (_('Next year'), lambda qs, name: qs.filter(**{ + '%s__gte' % name: _truncate(now() + timedelta(days=1)), + '%s__lt' % name: _truncate(now() + timedelta(days=365)), + })), + } + + def __init__(self, *args, **kwargs): + kwargs['choices'] = [ + (key, value[0]) for key, value in six.iteritems(self.options)] + super(DateRangeOmniFilter, self).__init__(*args, **kwargs) + + def filter(self, qs, value): + try: + value = int(value) + except (ValueError, TypeError): + value = None return self.options[value][1](qs, self.field_name) class ReportBooleanFilter(ChoiceFilter): options = { - '': (_('Either'), lambda qs, name: qs.all()), + None: (_('Either'), lambda qs, name: qs.all()), 1: (_('Yes'), lambda qs, name: qs.filter(**{ '%s' % name: True })), @@ -406,7 +557,7 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None return self.options[value][1](qs, self.field_name) @@ -417,22 +568,19 @@ def any(self, qs, name): def accepted(self, qs, name): # return qs.filter(risk_acceptance__isnull=False) - from dojo.finding.views import ACCEPTED_FINDINGS_QUERY return qs.filter(ACCEPTED_FINDINGS_QUERY) def not_accepted(self, qs, name): - from dojo.finding.views import NOT_ACCEPTED_FINDINGS_QUERY return qs.filter(NOT_ACCEPTED_FINDINGS_QUERY) def was_accepted(self, qs, name): - from dojo.finding.views import WAS_ACCEPTED_FINDINGS_QUERY return qs.filter(WAS_ACCEPTED_FINDINGS_QUERY) options = { - '': (_('Either'), any), + None: (_('Either'), any), 1: (_('Yes'), accepted), 2: (_('No'), not_accepted), - 3: (_('Was'), was_accepted), + 3: (_('Expired'), was_accepted), } def __init__(self, *args, **kwargs): @@ -444,7 +592,7 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None return self.options[value][1](self, qs, self.field_name) @@ -500,7 +648,7 @@ def past_year(self, qs, name): return self.past_x_days(qs, name, 365) options = { - '': (_('Past 30 days'), past_thirty_days), + None: (_('Past 30 days'), past_thirty_days), 1: (_('Past 7 days'), past_seven_days), 2: (_('Past 90 days'), past_ninety_days), 3: (_('Current month'), current_month), @@ -528,7 +676,7 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None return self.options[value][1](self, qs, self.field_name) @@ -572,10 +720,7 @@ def __init__(self, *args, **kwargs): class EngagementDirectFilter(DojoFilter): name = CharFilter(lookup_expr='icontains', label='Engagement name contains') - lead = ModelChoiceFilter( - queryset=Dojo_User.objects.filter( - engagement__lead__isnull=False).distinct(), - label="Lead") + lead = ModelChoiceFilter(queryset=Dojo_User.objects.none(), label="Lead") version = CharFilter(field_name='version', lookup_expr='icontains', label='Engagement version') test__version = CharFilter(field_name='test__version', lookup_expr='icontains', label='Test version') @@ -583,6 +728,8 @@ class EngagementDirectFilter(DojoFilter): product__prod_type = ModelMultipleChoiceFilter( queryset=Product_Type.objects.none(), label="Product Type") + test__engagement__product__lifecycle = MultipleChoiceFilter( + choices=Product.LIFECYCLE_CHOICES, label='Product lifecycle', null_label='Empty') status = MultipleChoiceFilter(choices=ENGAGEMENT_STATUS_CHOICES, label="Status") @@ -605,6 +752,8 @@ class EngagementDirectFilter(DojoFilter): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -627,6 +776,8 @@ class EngagementDirectFilter(DojoFilter): def __init__(self, *args, **kwargs): super(EngagementDirectFilter, self).__init__(*args, **kwargs) self.form.fields['product__prod_type'].queryset = get_authorized_product_types(Permissions.Product_Type_View) + self.form.fields['lead'].queryset = get_authorized_users(Permissions.Product_Type_View) \ + .filter(engagement__lead__isnull=False).distinct() class Meta: model = Engagement @@ -635,10 +786,7 @@ class Meta: class EngagementFilter(DojoFilter): engagement__name = CharFilter(lookup_expr='icontains', label='Engagement name contains') - engagement__lead = ModelChoiceFilter( - queryset=Dojo_User.objects.filter( - engagement__lead__isnull=False).distinct(), - label="Lead") + engagement__lead = ModelChoiceFilter(queryset=Dojo_User.objects.none(), label="Lead") engagement__version = CharFilter(field_name='engagement__version', lookup_expr='icontains', label='Engagement version') engagement__test__version = CharFilter(field_name='engagement__test__version', lookup_expr='icontains', label='Test version') @@ -646,6 +794,8 @@ class EngagementFilter(DojoFilter): prod_type = ModelMultipleChoiceFilter( queryset=Product_Type.objects.none(), label="Product Type") + engagement__product__lifecycle = MultipleChoiceFilter( + choices=Product.LIFECYCLE_CHOICES, label='Product lifecycle', null_label='Empty') engagement__status = MultipleChoiceFilter(choices=ENGAGEMENT_STATUS_CHOICES, label="Status") @@ -668,6 +818,8 @@ class EngagementFilter(DojoFilter): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -684,6 +836,8 @@ class EngagementFilter(DojoFilter): def __init__(self, *args, **kwargs): super(EngagementFilter, self).__init__(*args, **kwargs) self.form.fields['prod_type'].queryset = get_authorized_product_types(Permissions.Product_Type_View) + self.form.fields['engagement__lead'].queryset = get_authorized_users(Permissions.Product_Type_View) \ + .filter(engagement__lead__isnull=False).distinct() class Meta: model = Product @@ -691,10 +845,7 @@ class Meta: class ProductEngagementFilter(DojoFilter): - lead = ModelChoiceFilter( - queryset=Dojo_User.objects.filter( - engagement__lead__isnull=False).distinct(), - label="Lead") + lead = ModelChoiceFilter(queryset=Dojo_User.objects.none(), label="Lead") version = CharFilter(lookup_expr='icontains', label='Engagement version') test__version = CharFilter(field_name='test__version', lookup_expr='icontains', label='Test version') @@ -740,27 +891,33 @@ class ProductEngagementFilter(DojoFilter): ) + def __init__(self, *args, **kwargs): + super(ProductEngagementFilter, self).__init__(*args, **kwargs) + self.form.fields['lead'].queryset = get_authorized_users(Permissions.Product_Type_View) \ + .filter(engagement__lead__isnull=False).distinct() + class Meta: model = Product - fields = ['id', 'name'] + fields = ['name'] class ApiEngagementFilter(DojoFilter): product__prod_type = NumberInFilter(field_name='product__prod_type', lookup_expr='in') tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') - product__tags__name = CharFieldInFilter(field_name='product__tags__name', + help_text='Comma separated list of exact tags') + product__tags = CharFieldInFilter(field_name='product__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags present on product') + help_text='Comma separated list of exact tags present on product') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') - not_product__tags__name = CharFieldInFilter(field_name='product__tags__name', + help_text='Comma separated list of exact tags not present on model', exclude='True') + not_product__tags = CharFieldInFilter(field_name='product__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on product', + help_text='Comma separated list of exact tags not present on product', exclude='True') + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') o = OrderingFilter( # tuple-mapping retains order @@ -790,13 +947,14 @@ class Meta: class ProductFilter(DojoFilter): name = CharFilter(lookup_expr='icontains', label="Product Name") + name_exact = CharFilter(field_name='name', lookup_expr='iexact', label="Exact Product Name") prod_type = ModelMultipleChoiceFilter( queryset=Product_Type.objects.none(), label="Product Type") - business_criticality = MultipleChoiceFilter(choices=Product.BUSINESS_CRITICALITY_CHOICES) - platform = MultipleChoiceFilter(choices=Product.PLATFORM_CHOICES) - lifecycle = MultipleChoiceFilter(choices=Product.LIFECYCLE_CHOICES) - origin = MultipleChoiceFilter(choices=Product.ORIGIN_CHOICES) + business_criticality = MultipleChoiceFilter(choices=Product.BUSINESS_CRITICALITY_CHOICES, null_label="Empty") + platform = MultipleChoiceFilter(choices=Product.PLATFORM_CHOICES, null_label="Empty") + lifecycle = MultipleChoiceFilter(choices=Product.LIFECYCLE_CHOICES, null_label="Empty") + origin = MultipleChoiceFilter(choices=Product.ORIGIN_CHOICES, null_label="Empty") external_audience = BooleanFilter(field_name='external_audience') internet_accessible = BooleanFilter(field_name='internet_accessible') @@ -884,10 +1042,15 @@ class ProductFilter(DojoFilter): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + outside_of_sla = ProductSLAFilter(label="Outside of SLA") + + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( ('name', 'name'), + ('name_exact', 'name_exact'), ('prod_type__name', 'prod_type__name'), ('business_criticality', 'business_criticality'), ('platform', 'platform'), @@ -898,6 +1061,7 @@ class ProductFilter(DojoFilter): ), field_labels={ 'name': 'Product Name', + 'name_exact': 'Exact Product Name', 'prod_type__name': 'Product Type', 'business_criticality': 'Business Criticality', 'platform': 'Platform ', @@ -922,7 +1086,7 @@ def __init__(self, *args, **kwargs): class Meta: model = Product - fields = ['name', 'prod_type', 'business_criticality', 'platform', 'lifecycle', 'origin', 'external_audience', + fields = ['name', 'name_exact', 'prod_type', 'business_criticality', 'platform', 'lifecycle', 'origin', 'external_audience', 'internet_accessible', 'tags'] @@ -932,6 +1096,7 @@ class ApiProductFilter(DojoFilter): internet_accessible = BooleanFilter(field_name='internet_accessible') # CharFilter name = CharFilter(lookup_expr='icontains') + name_exact = CharFilter(field_name='name', lookup_expr='iexact') description = CharFilter(lookup_expr='icontains') business_criticality = CharFilter(method=custom_filter, field_name='business_criticality') platform = CharFilter(method=custom_filter, field_name='platform') @@ -950,11 +1115,13 @@ class ApiProductFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') + help_text='Comma separated list of exact tags') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on product', exclude='True') + help_text='Comma separated list of exact tags not present on product', exclude='True') + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + outside_of_sla = extend_schema_field(OpenApiTypes.NUMBER)(ProductSLAFilter()) # DateRangeFilter created = DateRangeFilter() @@ -1006,10 +1173,11 @@ class ApiFindingFilter(DojoFilter): under_defect_review = BooleanFilter(field_name='under_defect_review') under_review = BooleanFilter(field_name='under_review') verified = BooleanFilter(field_name='verified') + has_jira = BooleanFilter(field_name='jira_issue', lookup_expr='isnull', exclude=True) # CharFilter component_version = CharFilter(lookup_expr='icontains') component_name = CharFilter(lookup_expr='icontains') - cve = CharFilter(method=custom_filter, field_name='cve') + vulnerability_id = CharFilter(method=custom_vulnerability_id_filter) description = CharFilter(lookup_expr='icontains') file_path = CharFilter(lookup_expr='icontains') hash_code = CharFilter(lookup_expr='icontains') @@ -1021,9 +1189,13 @@ class ApiFindingFilter(DojoFilter): references = CharFilter(lookup_expr='icontains') severity = CharFilter(method=custom_filter, field_name='severity') severity_justification = CharFilter(lookup_expr='icontains') - step_to_reproduce = CharFilter(lookup_expr='icontains') + steps_to_reproduce = CharFilter(lookup_expr='icontains') unique_id_from_tool = CharFilter(lookup_expr='icontains') title = CharFilter(lookup_expr='icontains') + product_name = CharFilter(lookup_expr='engagement__product__name__iexact', field_name='test', label='exact product name') + product_name_contains = CharFilter(lookup_expr='engagement__product__name__icontains', field_name='test', label='exact product name') + product_lifecycle = CharFilter(method=custom_filter, lookup_expr='engagement__product__lifecycle', + field_name='test__engagement__product__lifecycle', label='Comma separated list of exact product lifecycles') # DateRangeFilter created = DateRangeFilter() date = DateRangeFilter() @@ -1049,6 +1221,7 @@ class ApiFindingFilter(DojoFilter): test__test_type = NumberInFilter(field_name='test__test_type', lookup_expr='in', label='Test Type') test__engagement = NumberInFilter(field_name='test__engagement', lookup_expr='in') test__engagement__product = NumberInFilter(field_name='test__engagement__product', lookup_expr='in') + test__engagement__product__prod_type = NumberInFilter(field_name='test__engagement__product__prod_type', lookup_expr='in') finding_group = NumberInFilter(field_name='finding_group', lookup_expr='in') # ReportRiskAcceptanceFilter @@ -1056,27 +1229,29 @@ class ApiFindingFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') - test__tags = CharFieldInFilter(field_name='test__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags present on test') - test__engagement__tags = CharFieldInFilter(field_name='test__engagement__tags', lookup_expr='in', - help_text='Comma seperated list of exact tags present on engagement') - test__engagement__product__tags__name = CharFieldInFilter(field_name='test__engagement__product__tags__name', - lookup_expr='in', - help_text='Comma seperated list of exact tags present on product') + help_text='Comma separated list of exact tags') + test__tags = CharFieldInFilter(field_name='test__tags__name', lookup_expr='in', help_text='Comma separated list of exact tags present on test') + test__engagement__tags = CharFieldInFilter(field_name='test__engagement__tags__name', lookup_expr='in', + help_text='Comma separated list of exact tags present on engagement') + test__engagement__product__tags = CharFieldInFilter( + field_name='test__engagement__product__tags__name', + lookup_expr='in', + help_text='Comma separated list of exact tags present on product') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') - not_test__tags = CharFieldInFilter(field_name='test__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on test', exclude='True') - not_test__engagement__tags = CharFieldInFilter(field_name='test__engagement__tags', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on engagement', + help_text='Comma separated list of exact tags not present on model', exclude='True') + not_test__tags = CharFieldInFilter(field_name='test__tags__name', lookup_expr='in', help_text='Comma separated list of exact tags present on test') + not_test__engagement__tags = CharFieldInFilter(field_name='test__engagement__tags__name', lookup_expr='in', + help_text='Comma separated list of exact tags not present on engagement', exclude='True') - not_test__engagement__product__tags__name = CharFieldInFilter(field_name='test__engagement__product__tags__name', - lookup_expr='in', - help_text='Comma seperated list of exact tags not present on product', - exclude='True') + not_test__engagement__product__tags = CharFieldInFilter( + field_name='test__engagement__product__tags__name', + lookup_expr='in', + help_text='Comma separated list of exact tags not present on product', + exclude='True') + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + outside_of_sla = extend_schema_field(OpenApiTypes.NUMBER)(FindingSLAFilter()) o = OrderingFilter( # tuple-mapping retains order @@ -1087,7 +1262,6 @@ class ApiFindingFilter(DojoFilter): ('created', 'created'), ('last_status_update', 'last_status_update'), ('last_reviewed', 'last_reviewed'), - ('cve', 'cve'), ('cwe', 'cwe'), ('date', 'date'), ('duplicate', 'duplicate'), @@ -1112,7 +1286,7 @@ class ApiFindingFilter(DojoFilter): class Meta: model = Finding exclude = ['url', 'thread_id', 'notes', 'files', - 'line', 'endpoint_status'] + 'line', 'cve'] class FindingFilter(FindingFilterWithTags): @@ -1123,6 +1297,7 @@ class FindingFilter(FindingFilterWithTags): last_reviewed = DateRangeFilter() last_status_update = DateRangeFilter() cwe = MultipleChoiceFilter(choices=[]) + vulnerability_id = CharFilter(method=vulnerability_id_filter, label='Vulnerability Id') severity = MultipleChoiceFilter(choices=SEVERITY_CHOICES) test__test_type = ModelMultipleChoiceFilter( queryset=Test_Type.objects.all(), label='Test Type') @@ -1131,16 +1306,26 @@ class FindingFilter(FindingFilterWithTags): is_mitigated = ReportBooleanFilter() mitigated = DateRangeFilter(label="Mitigated Date") + planned_remediation_date = DateRangeOmniFilter() + planned_remediation_version = CharFilter(lookup_expr='icontains', label=_('Planned remediation version')) + file_path = CharFilter(lookup_expr='icontains') param = CharFilter(lookup_expr='icontains') payload = CharFilter(lookup_expr='icontains') reporter = ModelMultipleChoiceFilter( - queryset=Dojo_User.objects.all()) + queryset=Dojo_User.objects.none()) + + reviewers = ModelMultipleChoiceFilter( + queryset=Dojo_User.objects.none()) + test__engagement__product__prod_type = ModelMultipleChoiceFilter( queryset=Product_Type.objects.none(), label="Product Type") + test__engagement__product__lifecycle = MultipleChoiceFilter( + choices=Product.LIFECYCLE_CHOICES, label='Product lifecycle') + test__engagement__product = ModelMultipleChoiceFilter( queryset=Product.objects.none(), label="Product") @@ -1148,9 +1333,9 @@ class FindingFilter(FindingFilterWithTags): queryset=Engagement.objects.none(), label="Engagement") - endpoints = ModelMultipleChoiceFilter( - queryset=Endpoint.objects.none(), - label="Endpoint") + endpoints__host = CharFilter(lookup_expr='icontains', label="Endpoint Host") + + service = CharFilter(lookup_expr='icontains') test = ModelMultipleChoiceFilter( queryset=Test.objects.none(), @@ -1161,7 +1346,7 @@ class FindingFilter(FindingFilterWithTags): status = FindingStatusFilter(label='Status') - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): finding_group = ModelMultipleChoiceFilter( queryset=Finding_Group.objects.none(), label="Finding Group") @@ -1174,7 +1359,10 @@ class FindingFilter(FindingFilterWithTags): risk_acceptance = ReportRiskAcceptanceFilter( label="Risk Accepted") + effort_for_fixing = MultipleChoiceFilter(choices=EFFORT_FOR_FIXING_CHOICES) + test_import_finding_action__test_import = NumberFilter(widget=HiddenInput()) + endpoints = NumberFilter(widget=HiddenInput()) if get_system_setting('enable_jira'): has_jira_issue = BooleanFilter(field_name='jira_issue', @@ -1185,7 +1373,7 @@ class FindingFilter(FindingFilterWithTags): jira_change = DateRangeFilter(field_name='jira_issue__jira_change', label='JIRA Updated') jira_issue__jira_key = CharFilter(field_name='jira_issue__jira_key', lookup_expr='icontains', label="JIRA issue") - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): has_jira_group_issue = BooleanFilter(field_name='finding_group__jira_issue', lookup_expr='isnull', exclude=True, @@ -1238,6 +1426,10 @@ class FindingFilter(FindingFilterWithTags): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + outside_of_sla = FindingSLAFilter(label="Outside of SLA") + + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1250,6 +1442,7 @@ class FindingFilter(FindingFilterWithTags): ('title', 'title'), ('test__engagement__product__name', 'test__engagement__product__name'), + ('service', 'service'), ), field_labels={ 'numerical_severity': 'Severity', @@ -1263,15 +1456,14 @@ class FindingFilter(FindingFilterWithTags): class Meta: model = Finding - fields = get_finding_filter_fields() + fields = get_finding_filterset_fields() exclude = ['url', 'description', 'mitigation', 'impact', - 'endpoint', 'references', + 'endpoints', 'references', 'thread_id', 'notes', 'scanner_confidence', 'numerical_severity', 'line', 'duplicate_finding', - 'hash_code', 'endpoint_status', - 'reviewers', - 'created', 'files', 'sla_start_date', 'cvssv3', + 'hash_code', 'reviewers', 'created', 'files', + 'sla_start_date', 'sla_expiration_date', 'cvssv3', 'severity_justification', 'steps_to_reproduce'] def __init__(self, *args, **kwargs): @@ -1305,8 +1497,8 @@ def __init__(self, *args, **kwargs): self.form.fields['test__engagement__product'].queryset = get_authorized_products(Permissions.Product_View) if self.form.fields.get('finding_group', None): self.form.fields['finding_group'].queryset = get_authorized_finding_groups(Permissions.Finding_Group_View) - if self.form.fields.get('endpoints'): - self.form.fields['endpoints'].queryset = get_authorized_endpoints(Permissions.Endpoint_View).distinct() + self.form.fields['reporter'].queryset = get_authorized_users(Permissions.Finding_View) + self.form.fields['reviewers'].queryset = self.form.fields['reporter'].queryset class AcceptedFindingFilter(FindingFilter): @@ -1315,20 +1507,22 @@ class AcceptedFindingFilter(FindingFilter): risk_acceptance__owner = \ ModelMultipleChoiceFilter( - queryset=Dojo_User.objects.all(), + queryset=Dojo_User.objects.none(), label="Risk Acceptance Owner") def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + self.form.fields['risk_acceptance__owner'].queryset = get_authorized_users(Permissions.Finding_View) class SimilarFindingFilter(FindingFilter): hash_code = MultipleChoiceFilter() + vulnerability_ids = CharFilter(method=custom_vulnerability_id_filter, label='Vulnerability Ids') class Meta(FindingFilter.Meta): model = Finding # slightly different fields from FindingFilter, but keep the same ordering for UI consistency - fields = get_finding_filter_fields(similar=True) + fields = get_finding_filterset_fields(similar=True) def __init__(self, data=None, *args, **kwargs): self.user = None @@ -1346,7 +1540,7 @@ def __init__(self, data=None, *args, **kwargs): # get a mutable copy of the QueryDict data = data.copy() - data['cve'] = self.finding.cve + data['vulnerability_ids'] = ','.join(self.finding.vulnerability_ids) data['cwe'] = self.finding.cwe data['file_path'] = self.finding.file_path data['line'] = self.finding.line @@ -1455,11 +1649,11 @@ def __init__(self, *args, **kwargs): class ApiTemplateFindingFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') + help_text='Comma separated list of exact tags') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') + help_text='Comma separated list of exact tags not present on model', exclude='True') o = OrderingFilter( # tuple-mapping retains order @@ -1479,6 +1673,7 @@ class MetricsFindingFilter(FindingFilter): start_date = DateFilter(field_name='date', label='Start Date', lookup_expr=('gt')) end_date = DateFilter(field_name='date', label='End Date', lookup_expr=('lt')) date = MetricsDateRangeFilter() + vulnerability_id = CharFilter(method=vulnerability_id_filter, label='Vulnerability Id') not_tags = ModelMultipleChoiceFilter( field_name='tags__name', @@ -1501,7 +1696,7 @@ def __init__(self, *args, **kwargs): class Meta(FindingFilter.Meta): model = Finding - fields = get_finding_filter_fields(metrics=True) + fields = get_finding_filterset_fields(metrics=True) class MetricsEndpointFilter(FilterSet): @@ -1517,6 +1712,9 @@ class MetricsEndpointFilter(FilterSet): finding__test__engagement__version = CharFilter(lookup_expr='icontains', label="Engagement Version") finding__severity = MultipleChoiceFilter(choices=SEVERITY_CHOICES, label="Severity") + endpoint__host = CharFilter(lookup_expr='icontains', label="Endpoint Host") + finding_title = CharFilter(lookup_expr='icontains', label="Finding Title") + tags = ModelMultipleChoiceFilter( field_name='tags__name', to_field_name='name', @@ -1599,12 +1797,9 @@ def __init__(self, *args, **kwargs): self.form.fields[ 'finding__test__engagement__product__prod_type'].queryset = get_authorized_product_types(Permissions.Product_Type_View) - self.form.fields['finding'].queryset = get_authorized_findings(Permissions.Finding_View) - self.form.fields['endpoint'].queryset = get_authorized_endpoints(Permissions.Endpoint_View) - class Meta: model = Endpoint_Status - exclude = ['last_modified'] + exclude = ['last_modified', 'endpoint', 'finding'] class EndpointFilter(DojoFilter): @@ -1618,7 +1813,6 @@ class EndpointFilter(DojoFilter): path = CharFilter(lookup_expr='icontains') query = CharFilter(lookup_expr='icontains') fragment = CharFilter(lookup_expr='icontains') - mitigated = ReportBooleanFilter() tags = ModelMultipleChoiceFilter( field_name='tags__name', @@ -1669,6 +1863,8 @@ class EndpointFilter(DojoFilter): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1691,17 +1887,19 @@ def qs(self): class Meta: model = Endpoint - exclude = ['mitigated', 'endpoint_status'] + exclude = ['findings'] class ApiEndpointFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') + help_text='Comma separated list of exact tags') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') + help_text='Comma separated list of exact tags not present on model', exclude='True') + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1712,14 +1910,29 @@ class ApiEndpointFilter(DojoFilter): class Meta: model = Endpoint - fields = ['id', 'host', 'product'] + fields = ['id', 'protocol', 'userinfo', 'host', 'port', 'path', 'query', 'fragment', 'product'] + + +class ApiRiskAcceptanceFilter(DojoFilter): + o = OrderingFilter( + # tuple-mapping retains order + fields=( + ('name', 'name'), + ), + ) + + class Meta: + model = Risk_Acceptance + fields = [ + 'name', 'accepted_findings', 'recommendation', 'recommendation_details', + 'decision', 'decision_details', 'accepted_by', 'owner', 'expiration_date', + 'expiration_date_warned', 'expiration_date_handled', 'reactivate_expired', + 'restart_sla_expired', 'notes', + ] class EngagementTestFilter(DojoFilter): - lead = ModelChoiceFilter( - queryset=Dojo_User.objects.filter( - engagement__lead__isnull=False).distinct(), - label="Lead") + lead = ModelChoiceFilter(queryset=Dojo_User.objects.none(), label="Lead") version = CharFilter(lookup_expr='icontains', label='Version') if settings.TRACK_IMPORT_HISTORY: @@ -1747,6 +1960,8 @@ class EngagementTestFilter(DojoFilter): not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', label='Not tag name contains', exclude=True) + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1774,28 +1989,31 @@ def __init__(self, *args, **kwargs): super(DojoFilter, self).__init__(*args, **kwargs) self.form.fields['test_type'].queryset = Test_Type.objects.filter(test__engagement=self.engagement).distinct().order_by('name') self.form.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product=self.engagement.product).distinct() + self.form.fields['lead'].queryset = get_authorized_users(Permissions.Product_Type_View) \ + .filter(test__lead__isnull=False).distinct() class ApiTestFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') - engagement__tags = CharFieldInFilter(field_name='engagement__tags', lookup_expr='in', - help_text='Comma seperated list of exact tags present on engagement') - engagement__product__tags__name = CharFieldInFilter(field_name='engagement__product__tags__name', + help_text='Comma separated list of exact tags') + engagement__tags = CharFieldInFilter(field_name='engagement__tags__name', lookup_expr='in', + help_text='Comma separated list of exact tags present on engagement') + engagement__product__tags = CharFieldInFilter(field_name='engagement__product__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags present on product') + help_text='Comma separated list of exact tags present on product') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') - not_engagement__tags = CharFieldInFilter(field_name='engagement__tags', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on engagement', + help_text='Comma separated list of exact tags not present on model', exclude='True') + not_engagement__tags = CharFieldInFilter(field_name='engagement__tags__name', lookup_expr='in', + help_text='Comma separated list of exact tags not present on engagement', exclude='True') - not_engagement__product__tags__name = CharFieldInFilter(field_name='engagement__product__tags__name', + not_engagement__product__tags = CharFieldInFilter(field_name='engagement__product__tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on product', + help_text='Comma separated list of exact tags not present on product', exclude='True') + has_tags = BooleanFilter(field_name='tags', lookup_expr='isnull', exclude=True, label='Has tags') o = OrderingFilter( # tuple-mapping retains order @@ -1826,23 +2044,29 @@ class Meta: 'target_end', 'notes', 'percent_complete', 'actual_time', 'engagement', 'version', 'branch_tag', 'build_id', 'commit_hash', - 'api_scan_configuration'] + 'api_scan_configuration', 'scan_type'] class ApiAppAnalysisFilter(DojoFilter): tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Tag name contains') tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags') + help_text='Comma separated list of exact tags') not_tag = CharFilter(field_name='tags__name', lookup_expr='icontains', help_text='Not Tag name contains', exclude='True') not_tags = CharFieldInFilter(field_name='tags__name', lookup_expr='in', - help_text='Comma seperated list of exact tags not present on model', exclude='True') + help_text='Comma separated list of exact tags not present on model', exclude='True') class Meta: model = App_Analysis fields = ['product', 'name', 'user', 'version'] +class ApiCredentialsFilter(DojoFilter): + class Meta: + model = Cred_Mapping + fields = '__all__' + + class EndpointReportFilter(DojoFilter): protocol = CharFilter(lookup_expr='icontains') userinfo = CharFilter(lookup_expr='icontains') @@ -1875,7 +2099,7 @@ class EndpointReportFilter(DojoFilter): class Meta: model = Endpoint - exclude = ['product', 'endpoint_status'] + exclude = ['product'] class ReportFindingFilter(FindingFilterWithTags): @@ -1885,6 +2109,7 @@ class ReportFindingFilter(FindingFilterWithTags): test__engagement__product__prod_type = ModelMultipleChoiceFilter( queryset=Product_Type.objects.none(), label="Product Type") + test__engagement__product__lifecycle = MultipleChoiceFilter(choices=Product.LIFECYCLE_CHOICES, label="Product Lifecycle") severity = MultipleChoiceFilter(choices=SEVERITY_CHOICES) active = ReportBooleanFilter() is_mitigated = ReportBooleanFilter() @@ -1897,6 +2122,7 @@ class ReportFindingFilter(FindingFilterWithTags): duplicate = ReportBooleanFilter() duplicate_finding = ModelChoiceFilter(queryset=Finding.objects.filter(original_finding__isnull=False).distinct()) out_of_scope = ReportBooleanFilter() + outside_of_sla = FindingSLAFilter(label="Outside of SLA") file_path = CharFilter(lookup_expr='icontains') @@ -1904,8 +2130,8 @@ class Meta: model = Finding # exclude sonarqube issue as by default it will show all without checking permissions exclude = ['date', 'cwe', 'url', 'description', 'mitigation', 'impact', - 'endpoint', 'references', 'test', 'sonarqube_issue', - 'thread_id', 'notes', 'endpoints', 'endpoint_status', + 'references', 'test', 'sonarqube_issue', + 'thread_id', 'notes', 'endpoints', 'numerical_severity', 'reporter', 'last_reviewed', 'jira_creation', 'jira_change', 'files'] @@ -1976,25 +2202,19 @@ class UserFilter(DojoFilter): ('first_name', 'first_name'), ('email', 'email'), ('is_active', 'is_active'), - ('is_staff', 'is_staff'), ('is_superuser', 'is_superuser'), ('last_login', 'last_login'), ), field_labels={ 'username': 'User Name', 'is_active': 'Active', - 'is_staff': 'Staff', 'is_superuser': 'Superuser', } - ) class Meta: model = Dojo_User - fields = ['is_staff', 'is_superuser', 'is_active', 'first_name', - 'last_name', 'username', 'email'] - exclude = ['password', 'last_login', 'groups', 'user_permissions', - 'date_joined'] + fields = ['is_superuser', 'is_active', 'first_name', 'last_name', 'username', 'email'] class GroupFilter(DojoFilter): @@ -2033,17 +2253,43 @@ class Meta: fields = [] +class TestImportFindingActionFilter(DojoFilter): + action = MultipleChoiceFilter(choices=IMPORT_ACTIONS) + o = OrderingFilter( + # tuple-mapping retains order + fields=( + ('action', 'action'), + ) + ) + + class Meta: + model = Test_Import_Finding_Action + fields = [] + + class LogEntryFilter(DojoFilter): from auditlog.models import LogEntry action = MultipleChoiceFilter(choices=LogEntry.Action.choices) - actor = ModelMultipleChoiceFilter(queryset=Dojo_User.objects.all()) + actor = ModelMultipleChoiceFilter(queryset=Dojo_User.objects.none()) timestamp = DateRangeFilter() + def __init__(self, *args, **kwargs): + super(LogEntryFilter, self).__init__(*args, **kwargs) + self.form.fields['actor'].queryset = get_authorized_users(Permissions.Product_View) + class Meta: model = LogEntry exclude = ['content_type', 'object_pk', 'object_id', 'object_repr', - 'changes', 'additional_data'] + 'changes', 'additional_data', 'remote_addr'] + filter_overrides = { + JSONField: { + 'filter_class': CharFilter, + 'extra': lambda f: { + 'lookup_expr': 'icontains', + } + } + } class ProductTypeFilter(DojoFilter): @@ -2140,7 +2386,7 @@ def choice_question(self, qs, name): return qs.filter(polymorphic_ctype=ContentType.objects.get_for_model(ChoiceQuestion)) options = { - '': (_('Any'), any), + None: (_('Any'), any), 1: (_('Text Question'), text_question), 2: (_('Choice Question'), choice_question), } @@ -2154,7 +2400,7 @@ def filter(self, qs, value): try: value = int(value) except (ValueError, TypeError): - value = '' + value = None return self.options[value][1](self, qs, self.options[value][0]) diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index ce7e94c4551..d2d1bd4707b 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -3,13 +3,15 @@ from django.dispatch.dispatcher import receiver from dojo.celery import app from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +import dojo.jira_link.helper as jira_helper import logging from time import strftime from django.utils import timezone from django.conf import settings from fieldsignals import pre_save_changed from dojo.utils import get_current_user, mass_model_updater, to_str_typed -from dojo.models import Engagement, Finding, Finding_Group, System_Settings, Test, Endpoint, Endpoint_Status +from dojo.models import Engagement, Finding, Finding_Group, System_Settings, Test, Endpoint, Endpoint_Status, \ + Vulnerability_Id, Vulnerability_Id_Template from dojo.endpoint.utils import save_endpoints_to_add @@ -25,6 +27,7 @@ NOT_ACCEPTED_FINDINGS_QUERY = Q(risk_accepted=False) WAS_ACCEPTED_FINDINGS_QUERY = Q(risk_acceptance__isnull=False) & Q(risk_acceptance__expiration_date_handled__isnull=False) CLOSED_FINDINGS_QUERY = Q(is_mitigated=True) +UNDER_REVIEW_QUERY = Q(under_review=True) # this signal is triggered just before a finding is getting saved @@ -49,9 +52,21 @@ def pre_save_finding_status_change(sender, instance, changed_fields=None, **kwar # also get signal when id is set/changed so we can process new findings -pre_save_changed.connect(pre_save_finding_status_change, sender=Finding, fields=['id', 'active', 'verfied', 'false_p', 'is_mitigated', 'mitigated', 'mitigated_by', 'out_of_scope', 'risk_accepted']) -# pre_save_changed.connect(pre_save_finding_status_change, sender=Finding) -# post_save_changed.connect(pre_save_finding_status_change, sender=Finding, fields=['active', 'verfied', 'false_p', 'is_mitigated', 'mitigated', 'mitigated_by', 'out_of_scope']) +pre_save_changed.connect( + pre_save_finding_status_change, + sender=Finding, + fields=[ + "id", + "active", + "verified", + "false_p", + "is_mitigated", + "mitigated", + "mitigated_by", + "out_of_scope", + "risk_accepted", + ], +) def update_finding_status(new_state_finding, user, changed_fields=None): @@ -164,6 +179,11 @@ def add_to_finding_group(finding_group, finds): available_findings = [find for find in finds if not find.finding_group_set.all()] finding_group.findings.add(*available_findings) + # Now update the JIRA to add the finding to the finding group + if finding_group.has_jira_issue and jira_helper.get_jira_instance(finding_group).finding_jira_sync: + logger.debug('pushing to jira from finding.finding_bulk_update_all()') + jira_helper.push_to_jira(finding_group) + added = len(available_findings) skipped = len(finds) - added return finding_group, added, skipped @@ -185,6 +205,12 @@ def remove_from_finding_group(finds): removed += 1 + # Now update the JIRA to remove the finding from the finding group + for group in affected_groups: + if group.has_jira_issue and jira_helper.get_jira_instance(group).finding_jira_sync: + logger.debug('pushing to jira from finding.finding_bulk_update_all()') + jira_helper.push_to_jira(group) + return affected_groups, removed, skipped @@ -204,17 +230,26 @@ def update_finding_group(finding, finding_group): def get_group_by_group_name(finding, finding_group_by_option): + group_name = None + if finding_group_by_option == 'component_name': - group_name = finding.component_name if finding.component_name else 'None' + group_name = finding.component_name elif finding_group_by_option == 'component_name+component_version': - group_name = '%s:%s' % ((finding.component_name if finding.component_name else 'None'), - (finding.component_version if finding.component_version else 'None')) + if finding.component_name or finding.component_version: + group_name = '%s:%s' % ((finding.component_name if finding.component_name else 'None'), + (finding.component_version if finding.component_version else 'None')) elif finding_group_by_option == 'file_path': - group_name = 'Filepath %s' % (finding.file_path if finding.file_path else 'None') + if finding.file_path: + group_name = 'Filepath %s' % (finding.file_path) + elif finding_group_by_option == 'finding_title': + group_name = finding.title else: raise ValueError("Invalid group_by option %s" % finding_group_by_option) - return 'Findings in: %s' % group_name + if group_name: + return 'Findings in: %s' % group_name + + return group_name def group_findings_by(finds, finding_group_by_option): @@ -229,7 +264,11 @@ def group_findings_by(finds, finding_group_by_option): continue group_name = get_group_by_group_name(find, finding_group_by_option) - finding_group = Finding_Group.objects.filter(name=group_name).first() + if group_name is None: + skipped += 1 + continue + + finding_group = Finding_Group.objects.filter(test=find.test, name=group_name).first() if not finding_group: finding_group, added, skipped = create_finding_group([find], group_name) groups_created += 1 @@ -242,23 +281,61 @@ def group_findings_by(finds, finding_group_by_option): affected_groups.add(finding_group) + # Now update the JIRA to add the finding to the finding group + for group in affected_groups: + if group.has_jira_issue and jira_helper.get_jira_instance(group).finding_jira_sync: + logger.debug('pushing to jira from finding.finding_bulk_update_all()') + jira_helper.push_to_jira(group) + return affected_groups, grouped, skipped, groups_created -def add_finding_to_auto_group(finding, group_by): - test = finding.test - name = get_group_by_group_name(finding, group_by) - finding_group, created = Finding_Group.objects.get_or_create(test=test, creator=get_current_user(), name=name) - if created: - logger.debug('Created Finding Group %d:%s for test %d:%s', finding_group.id, finding_group, test.id, test) - finding_group.findings.add(finding) +def add_findings_to_auto_group(name, findings, group_by, create_finding_groups_for_all_findings=True, **kwargs): + if name is not None and findings is not None and len(findings) > 0: + creator = get_current_user() + if not creator: + creator = kwargs.get('async_user', None) + test = findings[0].test + + if create_finding_groups_for_all_findings or len(findings) > 1: + # Only create a finding group if we have more than one finding for a given finding group, unless configured otherwise + finding_group, created = Finding_Group.objects.get_or_create(test=test, creator=creator, name=name) + if created: + logger.debug('Created Finding Group %d:%s for test %d:%s', finding_group.id, finding_group, test.id, test) + # See if we have old findings in the same test that were created without a finding group + # that should be added to this new group + old_findings = Finding.objects.filter(test=test) + for f in old_findings: + f_group_name = get_group_by_group_name(f, group_by) + if f_group_name == name and f not in findings: + finding_group.findings.add(f) + + finding_group.findings.add(*findings) + else: + # Otherwise add to an existing finding group if it exists only + try: + finding_group = Finding_Group.objects.get(test=test, name=name) + if finding_group: + finding_group.findings.add(*findings) + except: + # See if we have old findings in the same test that were created without a finding group + # that match this new finding - then we can create a finding group + old_findings = Finding.objects.filter(test=test) + created = False + for f in old_findings: + f_group_name = get_group_by_group_name(f, group_by) + if f_group_name == name and f not in findings: + finding_group, created = Finding_Group.objects.get_or_create(test=test, creator=creator, name=name) + finding_group.findings.add(f) + if created: + finding_group.findings.add(*findings) @dojo_model_to_id @dojo_async_task @app.task @dojo_model_from_id -def post_process_finding_save(finding, dedupe_option=True, false_history=False, rules_option=True, product_grading_option=True, +def post_process_finding_save(finding, dedupe_option=True, rules_option=True, product_grading_option=True, issue_updater_option=True, push_to_jira=False, user=None, *args, **kwargs): system_settings = System_Settings.objects.get() @@ -274,12 +351,13 @@ def post_process_finding_save(finding, dedupe_option=True, false_history=False, else: deduplicationLogger.warning("skipping dedupe because hash_code is None") - if false_history: - if system_settings.false_positive_history: + if system_settings.false_positive_history: + # Only perform false positive history if deduplication is disabled + if system_settings.enable_deduplication: + deduplicationLogger.warning("skipping false positive history because deduplication is also enabled") + else: from dojo.utils import do_false_positive_history do_false_positive_history(finding, *args, **kwargs) - else: - deduplicationLogger.debug("skipping false positive history because it's disabled in system settings") # STEP 2 run all non-status changing tasks as celery tasks in the background if issue_updater_option: @@ -314,7 +392,6 @@ def finding_pre_delete(sender, instance, **kwargs): # https://code.djangoproject.com/ticket/154 instance.found_by.clear() - instance.status_finding.clear() def finding_delete(instance, **kwargs): @@ -345,7 +422,6 @@ def finding_delete(instance, **kwargs): # https://code.djangoproject.com/ticket/154 logger.debug('finding delete: clearing found by') instance.found_by.clear() - instance.status_finding.clear() @receiver(post_delete, sender=Finding) @@ -388,7 +464,8 @@ def reconfigure_duplicate_cluster(original, cluster_outside): new_original.duplicate = False new_original.duplicate_finding = None - new_original.active = True + new_original.active = original.active + new_original.is_mitigated = original.is_mitigated new_original.save_no_options() new_original.found_by.set(original.found_by.all()) @@ -405,7 +482,7 @@ def reconfigure_duplicate_cluster(original, cluster_outside): def prepare_duplicates_for_delete(test=None, engagement=None): logger.debug('prepare duplicates for delete, test: %s, engagement: %s', test.id if test else None, engagement.id if engagement else None) if test is None and engagement is None: - logger.warn('nothing to prepare as test and engagement are None') + logger.warning('nothing to prepare as test and engagement are None') fix_loop_duplicates() @@ -550,6 +627,40 @@ def add_endpoints(new_finding, form): for endpoint in new_finding.endpoints.all(): eps, created = Endpoint_Status.objects.get_or_create( finding=new_finding, - endpoint=endpoint) - endpoint.endpoint_status.add(eps) - new_finding.endpoint_status.add(eps) + endpoint=endpoint, defaults={'date': form.cleaned_data['date'] or timezone.now()}) + + +def save_vulnerability_ids(finding, vulnerability_ids): + # Remove duplicates + vulnerability_ids = list(dict.fromkeys(vulnerability_ids)) + + # Remove old vulnerability ids + Vulnerability_Id.objects.filter(finding=finding).delete() + + # Save new vulnerability ids + for vulnerability_id in vulnerability_ids: + Vulnerability_Id(finding=finding, vulnerability_id=vulnerability_id).save() + + # Set CVE + if vulnerability_ids: + finding.cve = vulnerability_ids[0] + else: + finding.cve = None + + +def save_vulnerability_ids_template(finding_template, vulnerability_ids): + # Remove duplicates + vulnerability_ids = list(dict.fromkeys(vulnerability_ids)) + + # Remove old vulnerability ids + Vulnerability_Id_Template.objects.filter(finding_template=finding_template).delete() + + # Save new vulnerability ids + for vulnerability_id in vulnerability_ids: + Vulnerability_Id_Template(finding_template=finding_template, vulnerability_id=vulnerability_id).save() + + # Set CVE + if vulnerability_ids: + finding_template.cve = vulnerability_ids[0] + else: + finding_template.cve = None diff --git a/dojo/finding/queries.py b/dojo/finding/queries.py index 945cbeca2de..7a7ae3c8180 100644 --- a/dojo/finding/queries.py +++ b/dojo/finding/queries.py @@ -1,33 +1,11 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import Finding, Product_Member, Product_Type_Member, Stub_Finding, \ - Product_Group, Product_Type_Group + Product_Group, Product_Type_Group, Vulnerability_Id from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission -def get_authorized_findings(permission, queryset=None, user=None): - - if user is None: - user = get_current_user() - - if user is None: - return Finding.objects.none() - - if queryset is None: - findings = Finding.objects.all() - else: - findings = queryset - - if user.is_superuser: - return findings - - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return findings - - if user_has_global_permission(user, permission): - return findings - +def get_authorized_groups(permission, user=None): roles = get_roles_for_permission(permission) authorized_product_type_roles = Product_Type_Member.objects.filter( product_type=OuterRef('test__engagement__product__prod_type_id'), @@ -45,6 +23,38 @@ def get_authorized_findings(permission, queryset=None, user=None): product=OuterRef('test__engagement__product_id'), group__users=user, role__in=roles) + + return ( + authorized_product_type_roles, + authorized_product_roles, + authorized_product_type_groups, + authorized_product_groups + ) + + +def get_authorized_findings(permission, queryset=None, user=None): + if user is None: + user = get_current_user() + if user is None: + return Finding.objects.none() + if queryset is None: + findings = Finding.objects.all() + else: + findings = queryset + + if user.is_superuser: + return findings + + if user_has_global_permission(user, permission): + return findings + + ( + authorized_product_type_roles, + authorized_product_roles, + authorized_product_type_groups, + authorized_product_groups + ) = get_authorized_groups(permission, user=user) + findings = findings.annotate( test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), test__engagement__product__member=Exists(authorized_product_roles), @@ -68,38 +78,75 @@ def get_authorized_stub_findings(permission): if user.is_superuser: return Stub_Finding.objects.all() - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: + if user_has_global_permission(user, permission): return Stub_Finding.objects.all() + ( + authorized_product_type_roles, + authorized_product_roles, + authorized_product_type_groups, + authorized_product_groups + ) = get_authorized_groups(permission, user=user) + + findings = Stub_Finding.objects.annotate( + test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), + test__engagement__product__member=Exists(authorized_product_roles), + test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + test__engagement__product__authorized_group=Exists(authorized_product_groups)) + findings = findings.filter( + Q(test__engagement__product__prod_type__member=True) | + Q(test__engagement__product__member=True) | + Q(test__engagement__product__prod_type__authorized_group=True) | + Q(test__engagement__product__authorized_group=True)) + + return findings + + +def get_authorized_vulnerability_ids(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return Vulnerability_Id.objects.none() + + if queryset is None: + vulnerability_ids = Vulnerability_Id.objects.all() + else: + vulnerability_ids = queryset + + if user.is_superuser: + return vulnerability_ids + if user_has_global_permission(user, permission): - return Stub_Finding.objects.all() + return vulnerability_ids roles = get_roles_for_permission(permission) authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef('test__engagement__product__prod_type_id'), + product_type=OuterRef('finding__test__engagement__product__prod_type_id'), user=user, role__in=roles) authorized_product_roles = Product_Member.objects.filter( - product=OuterRef('test__engagement__product_id'), + product=OuterRef('finding__test__engagement__product_id'), user=user, role__in=roles) authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef('test__engagement__product__prod_type_id'), + product_type=OuterRef('finding__test__engagement__product__prod_type_id'), group__users=user, role__in=roles) authorized_product_groups = Product_Group.objects.filter( - product=OuterRef('test__engagement__product_id'), + product=OuterRef('finding__test__engagement__product_id'), group__users=user, role__in=roles) - findings = Stub_Finding.objects.annotate( - test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), - test__engagement__product__member=Exists(authorized_product_roles), - test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - test__engagement__product__authorized_group=Exists(authorized_product_groups)) - findings = findings.filter( - Q(test__engagement__product__prod_type__member=True) | - Q(test__engagement__product__member=True) | - Q(test__engagement__product__prod_type__authorized_group=True) | - Q(test__engagement__product__authorized_group=True)) - - return findings + vulnerability_ids = vulnerability_ids.annotate( + finding__test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), + finding__test__engagement__product__member=Exists(authorized_product_roles), + finding__test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + finding__test__engagement__product__authorized_group=Exists(authorized_product_groups)) + vulnerability_ids = vulnerability_ids.filter( + Q(finding__test__engagement__product__prod_type__member=True) | + Q(finding__test__engagement__product__member=True) | + Q(finding__test__engagement__product__prod_type__authorized_group=True) | + Q(finding__test__engagement__product__authorized_group=True)) + + return vulnerability_ids diff --git a/dojo/finding/urls.py b/dojo/finding/urls.py index e2d757a4c0c..27549aeca16 100644 --- a/dojo/finding/urls.py +++ b/dojo/finding/urls.py @@ -1,122 +1,192 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.finding import views urlpatterns = [ + # CRUD operations + re_path( + r'^finding/(?P\d+)$', + views.ViewFinding.as_view(), + name='view_finding' + ), + re_path( + r'^finding/(?P\d+)/edit$', + views.EditFinding.as_view(), + name='edit_finding' + ), + re_path( + r'^finding/(?P\d+)/delete$', + views.DeleteFinding.as_view(), + name='delete_finding' + ), + # Listing operations + re_path( + r'^finding$', + views.ListFindings.as_view(), + name='all_findings' + ), + re_path( + r'^finding/open$', + views.ListOpenFindings.as_view(), + name='open_findings' + ), + re_path( + r'^finding/verified$', + views.ListVerifiedFindings.as_view(), + name='verified_findings' + ), + re_path( + r'^finding/closed$', + views.ListClosedFindings.as_view(), + name='closed_findings' + ), + re_path( + r'^finding/accepted$', + views.ListAcceptedFindings.as_view(), + name='accepted_findings' + ), + re_path( + r'^product/(?P\d+)/finding/open$', + views.ListOpenFindings.as_view(), + name='product_open_findings' + ), + re_path( + r'^product/(?P\d+)/findings$', + views.ListOpenFindings.as_view(), + name='view_product_findings_old' + ), + re_path( + r'^product/(?P\d+)/finding/verified$', + views.ListVerifiedFindings.as_view(), + name='product_verified_findings' + ), + re_path( + r'^product/(?P\d+)/finding/out_of_scope$', + views.ListOutOfScopeFindings.as_view(), + name='product_out_of_scope_findings' + ), + re_path( + r'^product/(?P\d+)/finding/inactive$', + views.ListInactiveFindings.as_view(), + name='product_inactive_findings' + ), + re_path( + r'^product/(?P\d+)/finding/all$', + views.ListFindings.as_view(), + name='product_all_findings' + ), + re_path( + r'^product/(?P\d+)/finding/closed$', + views.ListClosedFindings.as_view(), + name='product_closed_findings' + ), + re_path( + r'^product/(?P\d+)/finding/false_positive$', + views.ListFalsePositiveFindings.as_view(), + name='product_false_positive_findings' + ), + re_path( + r'^product/(?P\d+)/finding/accepted$', + views.ListAcceptedFindings.as_view(), + name='product_accepted_findings' + ), + re_path( + r'^engagement/(?P\d+)/finding/open$', + views.ListOpenFindings.as_view(), + name='engagement_open_findings' + ), + re_path( + r'^engagement/(?P\d+)/finding/closed$', + views.ListClosedFindings.as_view(), + name='engagement_closed_findings' + ), + re_path( + r'^engagement/(?P\d+)/finding/verified$', + views.ListVerifiedFindings.as_view(), + name='engagement_verified_findings' + ), + re_path( + r'^engagement/(?P\d+)/finding/accepted$', + views.ListAcceptedFindings.as_view(), + name='engagement_accepted_findings' + ), + re_path( + r'^engagement/(?P\d+)/finding/all$', + views.ListFindings.as_view(), + name='engagement_all_findings' + ), # findings - url(r'^finding$', views.open_findings, {'view': 'All'}, - name='all_findings'), - url(r'^finding/bulk$', views.finding_bulk_update_all, + re_path(r'^finding/bulk$', views.finding_bulk_update_all, name='finding_bulk_update_all'), - url(r'^product/(?P\d+)/finding/bulk_product$', views.finding_bulk_update_all, + re_path(r'^product/(?P\d+)/finding/bulk_product$', views.finding_bulk_update_all, name='finding_bulk_update_all_product'), - # url(r'^test/(?P\d+)/bulk', views.finding_bulk_update_all, + # re_path(r'^test/(?P\d+)/bulk', views.finding_bulk_update_all, # name='finding_bulk_update_all_test'), - url(r'^finding/open$', views.open_findings, - name='open_findings'), - url(r'^finding/verified$', views.verified_findings, - name='verified_findings'), - url(r'^product/(?P\d+)/finding/open$', views.open_findings, - name='product_open_findings'), - # legacy url kept for old bookmarks etc - url(r'^product/(?P\d+)/findings$', views.open_findings, - name='view_product_findings_old'), - url(r'^product/(?P\d+)/finding/verified$', views.verified_findings, - name='product_verified_findings'), - url(r'^product/(?P\d+)/finding/out_of_scope$', views.out_of_scope_findings, - name='product_out_of_scope_findings'), - url(r'^product/(?P\d+)/finding/inactive$', views.inactive_findings, - name='product_inactive_findings'), - url(r'^product/(?P\d+)/finding/all$', views.findings, {'view': 'All'}, - name='product_all_findings'), - url(r'^engagement/(?P\d+)/finding/open$', views.open_findings, - name='engagement_open_findings'), - url(r'^engagement/(?P\d+)/finding/closed$', views.closed_findings, - name='engagement_closed_findings'), - url(r'^engagement/(?P\d+)/finding/verified$', views.verified_findings, - name='engagement_verified_findings'), - url(r'^engagement/(?P\d+)/finding/accepted$', views.accepted_findings, - name='engagement_accepted_findings'), - url(r'^engagement/(?P\d+)/finding/all$', views.findings, {'view': 'All'}, - name='engagement_all_findings'), - url(r'^product/(?P\d+)/finding/closed$', views.closed_findings, - name='product_closed_findings'), - url(r'^product/(?P\d+)/finding/false_positive$', views.false_positive_findings, - name='product_false_positive_findings'), - url(r'^product/(?P\d+)/finding/accepted$', views.accepted_findings, - name='product_accepted_findings'), - url(r'^finding/closed$', views.closed_findings, - name='closed_findings'), - url(r'^finding/accepted', views.accepted_findings, - name='accepted_findings'), - url(r'^finding/(?P\d+)$', views.view_finding, - name='view_finding'), - url(r'^finding/(?P\d+)/edit$', - views.edit_finding, name='edit_finding'), - url(r'^finding/(?P\d+)/touch', + re_path(r'^finding/(?P\d+)/touch$', views.touch_finding, name='touch_finding'), - url(r'^finding/(?P\d+)/simple_risk_accept', + re_path(r'^finding/(?P\d+)/simple_risk_accept$', views.simple_risk_accept, name='simple_risk_accept_finding'), - url(r'^finding/(?P\d+)/simple_risk_unaccept', + re_path(r'^finding/(?P\d+)/simple_risk_unaccept$', views.risk_unaccept, name='risk_unaccept_finding'), - url(r'^finding/(?P\d+)/request_review', + re_path(r'^finding/(?P\d+)/request_review$', views.request_finding_review, name='request_finding_review'), - url(r'^finding/(?P\d+)/review', + re_path(r'^finding/(?P\d+)/review$', views.clear_finding_review, name='clear_finding_review'), - url(r'^finding/(?P\d+)/delete$', - views.delete_finding, name='delete_finding'), - url(r'^finding/(?P\d+)/apply_cwe$', + re_path(r'^finding/(?P\d+)/copy$', + views.copy_finding, name='copy_finding'), + re_path(r'^finding/(?P\d+)/apply_cwe$', views.apply_template_cwe, name='apply_template_cwe'), - url(r'^finding/(?P\d+)/mktemplate$', views.mktemplate, + re_path(r'^finding/(?P\d+)/mktemplate$', views.mktemplate, name='mktemplate'), - url(r'^finding/(?P\d+)/find_template_to_apply', views.find_template_to_apply, + re_path(r'^finding/(?P\d+)/find_template_to_apply$', views.find_template_to_apply, name='find_template_to_apply'), - url(r'^finding/(?P\d+)/(?P\d+)/choose_finding_template_options', views.choose_finding_template_options, + re_path(r'^finding/(?P\d+)/(?P\d+)/choose_finding_template_options$', views.choose_finding_template_options, name='choose_finding_template_options'), - url(r'^finding/(?P\d+)/(?P\d+)/apply_template_to_finding', + re_path(r'^finding/(?P\d+)/(?P\d+)/apply_template_to_finding$', views.apply_template_to_finding, name='apply_template_to_finding'), - url(r'^finding/(?P\d+)/close$', views.close_finding, + re_path(r'^finding/(?P\d+)/close$', views.close_finding, name='close_finding'), - url(r'^finding/(?P\d+)/defect_review', + re_path(r'^finding/(?P\d+)/defect_review$', views.defect_finding_review, name='defect_finding_review'), - url(r'^finding/(?P\d+)/open', views.reopen_finding, + re_path(r'^finding/(?P\d+)/open$', views.reopen_finding, name='reopen_finding'), - url(r'^finding/image/(?P[^/]+)$', views.download_finding_pic, + re_path(r'^finding/image/(?P[^/]+)$', views.download_finding_pic, name='download_finding_pic'), - url(r'^finding/(?P\d+)/merge$', + re_path(r'^finding/(?P\d+)/merge$', views.merge_finding_product, name='merge_finding'), - url(r'^product/(?P\d+)/merge$', views.merge_finding_product, + re_path(r'^product/(?P\d+)/merge$', views.merge_finding_product, name='merge_finding_product'), - url(r'^finding/(?P\d+)/duplicate/(?P\d+)$', + re_path(r'^finding/(?P\d+)/duplicate/(?P\d+)$', views.mark_finding_duplicate, name='mark_finding_duplicate'), - url(r'^finding/(?P\d+)/duplicate/reset$', + re_path(r'^finding/(?P\d+)/duplicate/reset$', views.reset_finding_duplicate_status, name='reset_finding_duplicate_status'), - url(r'^finding/(?P\d+)/original/(?P\d+)$', + re_path(r'^finding/(?P\d+)/original/(?P\d+)$', views.set_finding_as_original, name='set_finding_as_original'), - + re_path(r'^finding/(?P\d+)/remediation_date$', views.remediation_date, + name='remediation_date'), # stub findings - url(r'^stub_finding/(?P\d+)/add$', + re_path(r'^stub_finding/(?P\d+)/add$', views.add_stub_finding, name='add_stub_finding'), - url(r'^stub_finding/(?P\d+)/promote', + re_path(r'^stub_finding/(?P\d+)/promote$', views.promote_to_finding, name='promote_to_finding'), - url(r'^stub_finding/(?P\d+)/delete$', + re_path(r'^stub_finding/(?P\d+)/delete$', views.delete_stub_finding, name='delete_stub_finding'), # template findings - url(r'^template$', views.templates, + re_path(r'^template$', views.templates, name='templates'), - url(r'^template/add$', views.add_template, + re_path(r'^template/add$', views.add_template, name='add_template'), - url(r'^template/(?P\d+)/edit$', + re_path(r'^template/(?P\d+)/edit$', views.edit_template, name='edit_template'), - url(r'^template/(?P\d+)/delete', + re_path(r'^template/(?P\d+)/delete$', views.delete_template, name='delete_template'), - url(r'^template/export$', + re_path(r'^template/export$', views.export_templates_to_json, name='export_template'), - url(r'^finding/(?P\d+)/jira/unlink', views.unlink_jira, name='finding_unlink_jira'), - url(r'^finding/(?P\d+)/jira/push', views.push_to_jira, name='finding_push_to_jira'), - # url(r'^finding/(?P\d+)/jira/push', views.finding_link_to_jira, name='finding_link_to_jira'), + re_path(r'^finding/(?P\d+)/jira/unlink$', views.unlink_jira, name='finding_unlink_jira'), + re_path(r'^finding/(?P\d+)/jira/push$', views.push_to_jira, name='finding_push_to_jira'), + # re_path(r'^finding/(?P\d+)/jira/push', views.finding_link_to_jira, name='finding_link_to_jira'), ] diff --git a/dojo/finding/views.py b/dojo/finding/views.py index 348ed0dedc4..ad1128ba778 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -3,6 +3,7 @@ import json import logging import mimetypes +import contextlib from collections import OrderedDict, defaultdict from django.db import models from django.db.models.functions import Length @@ -11,31 +12,102 @@ from django.core.exceptions import PermissionDenied, ValidationError from django.core import serializers from django.urls import reverse -from django.http import Http404, HttpResponse, JsonResponse -from django.http import HttpResponseRedirect, HttpResponseForbidden +from django.http import Http404, HttpResponse, JsonResponse, HttpRequest +from django.http import HttpResponseRedirect from django.http import StreamingHttpResponse from django.shortcuts import render, get_object_or_404 from django.utils import formats from django.utils.safestring import mark_safe from django.utils import timezone from django.views.decorators.http import require_POST +from django.views import View from itertools import chain from imagekit import ImageSpec from imagekit.processors import ResizeToFill -from dojo.utils import add_error_message_to_response, add_field_errors_to_response, add_success_message_to_response, close_external_issue, redirect, reopen_external_issue +from dojo.utils import ( + add_error_message_to_response, + add_field_errors_to_response, + add_success_message_to_response, + close_external_issue, + redirect, + reopen_external_issue, + do_false_positive_history, + match_finding_to_existing_findings, + get_page_items_and_count, +) import copy -from dojo.filters import TemplateFindingFilter, SimilarFindingFilter, FindingFilter, AcceptedFindingFilter -from dojo.forms import NoteForm, TypedNoteForm, CloseFindingForm, FindingForm, PromoteFindingForm, FindingTemplateForm, \ - DeleteFindingTemplateForm, JIRAFindingForm, GITHUBFindingForm, ReviewFindingForm, ClearFindingReviewForm, \ - DefectFindingForm, StubFindingForm, DeleteFindingForm, DeleteStubFindingForm, ApplyFindingTemplateForm, \ - FindingFormID, FindingBulkUpdateForm, MergeFindings -from dojo.models import IMPORT_UNTOUCHED_FINDING, Finding, Finding_Group, Notes, NoteHistory, Note_Type, \ - BurpRawRequestResponse, Stub_Finding, Endpoint, Finding_Template, Endpoint_Status, \ - FileAccessToken, GITHUB_PKey, GITHUB_Issue, Dojo_User, Cred_Mapping, Test, Product, Test_Import_Finding_Action, User, Engagement -from dojo.utils import get_page_items, add_breadcrumb, FileIterWrapper, process_notifications, \ - get_system_setting, apply_cwe_to_template, Product_Tab, calculate_grade, \ - redirect_to_return_url_or_else, get_return_url, add_external_issue, update_external_issue, \ - get_words_for_field +from dojo.filters import ( + TemplateFindingFilter, + SimilarFindingFilter, + FindingFilter, + AcceptedFindingFilter, + TestImportFindingActionFilter, + TestImportFilter, +) +from dojo.forms import ( + EditPlannedRemediationDateFindingForm, + NoteForm, + TypedNoteForm, + CloseFindingForm, + FindingForm, + PromoteFindingForm, + FindingTemplateForm, + DeleteFindingTemplateForm, + JIRAFindingForm, + GITHUBFindingForm, + ReviewFindingForm, + ClearFindingReviewForm, + DefectFindingForm, + StubFindingForm, + DeleteFindingForm, + DeleteStubFindingForm, + ApplyFindingTemplateForm, + FindingFormID, + FindingBulkUpdateForm, + MergeFindings, + CopyFindingForm, +) +from dojo.models import ( + IMPORT_UNTOUCHED_FINDING, + Finding, + Finding_Group, + Notes, + NoteHistory, + Note_Type, + BurpRawRequestResponse, + Stub_Finding, + Endpoint, + Finding_Template, + Endpoint_Status, + FileAccessToken, + GITHUB_PKey, + GITHUB_Issue, + Dojo_User, + Cred_Mapping, + Test, + Product, + Test_Import, + Test_Import_Finding_Action, + User, + Engagement, + Vulnerability_Id_Template, + System_Settings, +) +from dojo.utils import ( + get_page_items, + add_breadcrumb, + FileIterWrapper, + process_notifications, + get_system_setting, + apply_cwe_to_template, + Product_Tab, + calculate_grade, + redirect_to_return_url_or_else, + get_return_url, + add_external_issue, + update_external_issue, + get_words_for_field, +) from dojo.notifications.helper import create_notification from django.template.defaultfilters import pluralize @@ -45,359 +117,1086 @@ import dojo.risk_acceptance.helper as ra_helper import dojo.finding.helper as finding_helper from dojo.authorization.authorization import user_has_permission_or_403 -from dojo.authorization.authorization_decorators import user_is_authorized, user_is_configuration_authorized +from dojo.authorization.authorization_decorators import ( + user_is_authorized, + user_has_global_permission, +) from dojo.authorization.roles_permissions import Permissions from dojo.finding.queries import get_authorized_findings +from dojo.test.queries import get_authorized_tests -logger = logging.getLogger(__name__) - - -def get_filtered_findings(request, pid=None, eid=None, tid=None, filter_name=None, order_by='numerical_severity'): - - findings = get_authorized_findings(Permissions.Finding_View) - - findings = findings.order_by(order_by) - - if pid: - findings = findings.filter(test__engagement__product__id=pid) - elif eid: - findings = findings.filter(test__engagement=eid) - elif tid: - findings = findings.filter(test=tid) - - if filter_name == 'Open': - findings = findings.filter(finding_helper.OPEN_FINDINGS_QUERY) - elif filter_name == 'Verified': - findings = findings.filter(finding_helper.VERIFIED_FINDINGS_QUERY) - elif filter_name == 'Out of Scope': - findings = findings.filter(finding_helper.OUT_OF_SCOPE_FINDINGS_QUERY) - elif filter_name == 'False Positive': - findings = findings.filter(finding_helper.FALSE_POSITIVE_FINDINGS_QUERY) - elif filter_name == 'Inactive': - findings = findings.filter(finding_helper.INACTIVE_FINDINGS_QUERY) - elif filter_name == 'Accepted': - findings = findings.filter(finding_helper.ACCEPTED_FINDINGS_QUERY) - elif filter_name == 'Closed': - findings = findings.filter(finding_helper.CLOSED_FINDINGS_QUERY) - - if filter_name == 'Accepted': - findings = AcceptedFindingFilter(request.GET, findings, user=request.user, pid=pid) - else: - findings = FindingFilter(request.GET, findings, user=request.user, pid=pid) - - return findings - - -def open_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Open", prefetch_type='open') +JFORM_PUSH_TO_JIRA_MESSAGE = "jform.push_to_jira: %s" - -def verified_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Verified") - - -def out_of_scope_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Out of Scope") +logger = logging.getLogger(__name__) -def false_positive_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="False Positive") +def prefetch_for_findings(findings, prefetch_type="all", exclude_untouched=True): + prefetched_findings = findings + if isinstance( + findings, QuerySet + ): # old code can arrive here with prods being a list because the query was already executed + prefetched_findings = prefetched_findings.prefetch_related("reporter") + prefetched_findings = prefetched_findings.prefetch_related( + "jira_issue__jira_project__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related("test__test_type") + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__jira_project__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__product__jira_project_set__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related("found_by") + # for open/active findings the following 4 prefetches are not needed + if prefetch_type != "open": + prefetched_findings = prefetched_findings.prefetch_related( + "risk_acceptance_set" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "risk_acceptance_set__accepted_findings" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "original_finding" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "duplicate_finding" + ) + + if exclude_untouched: + # filter out noop reimport actions from finding status history + prefetched_findings = prefetched_findings.prefetch_related( + Prefetch( + "test_import_finding_action_set", + queryset=Test_Import_Finding_Action.objects.exclude( + action=IMPORT_UNTOUCHED_FINDING + ), + ) + ) + else: + prefetched_findings = prefetched_findings.prefetch_related( + "test_import_finding_action_set" + ) + """ + we could try to prefetch only the latest note with SubQuery and OuterRef, + but I'm getting that MySql doesn't support limits in subqueries. + """ + prefetched_findings = prefetched_findings.prefetch_related("notes") + prefetched_findings = prefetched_findings.prefetch_related("tags") + prefetched_findings = prefetched_findings.prefetch_related("endpoints") + prefetched_findings = prefetched_findings.prefetch_related("status_finding") + prefetched_findings = prefetched_findings.annotate( + active_endpoint_count=Count( + "status_finding__id", filter=Q(status_finding__mitigated=False) + ) + ) + prefetched_findings = prefetched_findings.annotate( + mitigated_endpoint_count=Count( + "status_finding__id", filter=Q(status_finding__mitigated=True) + ) + ) + prefetched_findings = prefetched_findings.prefetch_related("finding_group_set") + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__product__members" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__product__prod_type__members" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "vulnerability_id_set" + ) + else: + logger.debug("unable to prefetch because query was already executed") -def inactive_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Inactive") + return prefetched_findings -def accepted_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Accepted") +def prefetch_for_similar_findings(findings): + prefetched_findings = findings + if isinstance( + findings, QuerySet + ): # old code can arrive here with prods being a list because the query was already executed + prefetched_findings = prefetched_findings.prefetch_related("reporter") + prefetched_findings = prefetched_findings.prefetch_related( + "jira_issue__jira_project__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related("test__test_type") + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__jira_project__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "test__engagement__product__jira_project_set__jira_instance" + ) + prefetched_findings = prefetched_findings.prefetch_related("found_by") + prefetched_findings = prefetched_findings.prefetch_related( + "risk_acceptance_set" + ) + prefetched_findings = prefetched_findings.prefetch_related( + "risk_acceptance_set__accepted_findings" + ) + prefetched_findings = prefetched_findings.prefetch_related("original_finding") + prefetched_findings = prefetched_findings.prefetch_related("duplicate_finding") + # filter out noop reimport actions from finding status history + prefetched_findings = prefetched_findings.prefetch_related( + Prefetch( + "test_import_finding_action_set", + queryset=Test_Import_Finding_Action.objects.exclude( + action=IMPORT_UNTOUCHED_FINDING + ), + ) + ) + """ + we could try to prefetch only the latest note with SubQuery and OuterRef, + but I'm getting that MySql doesn't support limits in subqueries. + """ + prefetched_findings = prefetched_findings.prefetch_related("notes") + prefetched_findings = prefetched_findings.prefetch_related("tags") + prefetched_findings = prefetched_findings.prefetch_related( + "vulnerability_id_set" + ) + else: + logger.debug("unable to prefetch because query was already executed") + return prefetched_findings -def closed_findings(request, pid=None, eid=None, view=None): - return findings(request, pid=pid, eid=eid, view=view, filter_name="Closed", order_by=('-mitigated')) +class BaseListFindings: + def __init__( + self, + filter_name: str = "All", + product_id: int = None, + engagement_id: int = None, + test_id: int = None, + order_by: str = "numerical_severity", + prefetch_type: str = "all", + ): + self.filter_name = filter_name + self.product_id = product_id + self.engagement_id = engagement_id + self.test_id = test_id + self.order_by = order_by + self.prefetch_type = prefetch_type + + def get_filter_name(self): + if not hasattr(self, "filter_name"): + self.filter_name = "All" + return self.filter_name + + def get_order_by(self): + if not hasattr(self, "order_by"): + self.order_by = "numerical_severity" + return self.order_by + + def get_prefetch_type(self): + if not hasattr(self, "prefetch_type"): + self.prefetch_type = "all" + return self.prefetch_type + + def get_product_id(self): + if not hasattr(self, "product_id"): + self.product_id = None + return self.product_id + + def get_engagement_id(self): + if not hasattr(self, "engagement_id"): + self.engagement_id = None + return self.engagement_id + + def get_test_id(self): + if not hasattr(self, "test_id"): + self.test_id = None + return self.test_id + + def filter_findings_by_object(self, findings: QuerySet[Finding]): + if product_id := self.get_product_id(): + return findings.filter(test__engagement__product__id=product_id) + elif engagement_id := self.get_engagement_id(): + return findings.filter(test__engagement=engagement_id) + elif test_id := self.get_test_id(): + return findings.filter(test=test_id) + else: + return findings + + def filter_findings_by_filter_name(self, findings: QuerySet[Finding]): + filter_name = self.get_filter_name() + if filter_name == "Open": + return findings.filter(finding_helper.OPEN_FINDINGS_QUERY) + elif filter_name == "Verified": + return findings.filter(finding_helper.VERIFIED_FINDINGS_QUERY) + elif filter_name == "Out of Scope": + return findings.filter(finding_helper.OUT_OF_SCOPE_FINDINGS_QUERY) + elif filter_name == "False Positive": + return findings.filter(finding_helper.FALSE_POSITIVE_FINDINGS_QUERY) + elif filter_name == "Inactive": + return findings.filter(finding_helper.INACTIVE_FINDINGS_QUERY) + elif filter_name == "Accepted": + return findings.filter(finding_helper.ACCEPTED_FINDINGS_QUERY) + elif filter_name == "Closed": + return findings.filter(finding_helper.CLOSED_FINDINGS_QUERY) + else: + return findings + + def filter_findings_by_form(self, request: HttpRequest, findings: QuerySet[Finding]): + # Set up the args for the form + args = [request.GET, findings] + # Set the initial form args + kwargs = { + "user": request.user, + "pid": self.get_product_id(), + } + + return ( + AcceptedFindingFilter(*args, **kwargs) + if self.get_filter_name() == "Accepted" + else FindingFilter(*args, **kwargs) + ) -def findings(request, pid=None, eid=None, view=None, filter_name=None, order_by='numerical_severity', prefetch_type='all'): + def get_filtered_findings(self): + findings = get_authorized_findings(Permissions.Finding_View).order_by(self.get_order_by()) + findings = self.filter_findings_by_object(findings) + findings = self.filter_findings_by_filter_name(findings) + + return findings + + def get_fully_filtered_findings(self, request: HttpRequest): + findings = self.get_filtered_findings() + return self.filter_findings_by_form(request, findings) + + +class ListFindings(View, BaseListFindings): + def get_initial_context(self, request: HttpRequest): + context = { + "filter_name": self.get_filter_name(), + "show_product_column": True, + "custom_breadcrumb": None, + "product_tab": None, + "jira_project": None, + "github_config": None, + "bulk_edit_form": FindingBulkUpdateForm(request.GET), + "title_words": get_words_for_field(Finding, "title"), + "component_words": get_words_for_field(Finding, "component_name"), + } + # Look to see if the product was used + if product_id := self.get_product_id(): + product = get_object_or_404(Product, id=product_id) + user_has_permission_or_403(request.user, product, Permissions.Product_View) + context["show_product_column"] = False + context["product_tab"] = Product_Tab(product, title="Findings", tab="findings") + context["jira_project"] = jira_helper.get_jira_project(product) + if github_config := GITHUB_PKey.objects.filter(product=product).first(): + context["github_config"] = github_config.git_conf_id + elif engagement_id := self.get_engagement_id(): + engagement = get_object_or_404(Engagement, id=engagement_id) + user_has_permission_or_403(request.user, engagement, Permissions.Engagement_View) + context["show_product_column"] = False + context["product_tab"] = Product_Tab(engagement.product, title=engagement.name, tab="engagements") + context["jira_project"] = jira_helper.get_jira_project(engagement) + if github_config := GITHUB_PKey.objects.filter(product__engagement=engagement).first(): + context["github_config"] = github_config.git_conf_id + + return request, context + + def get_template(self): + return "dojo/findings_list.html" + + def add_breadcrumbs(self, request: HttpRequest, context: dict): + # show custom breadcrumb if user has filtered by exactly 1 endpoint + if "endpoints" in request.GET: + endpoint_ids = request.GET.getlist("endpoints", []) + if len(endpoint_ids) == 1 and endpoint_ids[0] != '': + endpoint_id = endpoint_ids[0] + endpoint = get_object_or_404(Endpoint, id=endpoint_id) + context["filter_name"] = "Vulnerable Endpoints" + context["custom_breadcrumb"] = OrderedDict( + [ + ("Endpoints", reverse("vulnerable_endpoints")), + (endpoint, reverse("view_endpoint", args=(endpoint.id,))), + ] + ) + # Show the "All findings" breadcrumb if nothing is coming from the product or engagement + elif not self.get_engagement_id() and not self.get_product_id(): + add_breadcrumb(title="Findings", top_level=not len(request.GET), request=request) + + return request, context + + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + # Store the product and engagement ids + self.product_id = product_id + self.engagement_id = engagement_id + # Get the initial context + request, context = self.get_initial_context(request) + # Get the filtered findings + filtered_findings = self.get_fully_filtered_findings(request) + # trick to prefetch after paging to avoid huge join generated by select count(*) from Paginator + paged_findings = get_page_items(request, filtered_findings.qs, 25) + # prefetch the related objects in the findings + paged_findings.object_list = prefetch_for_findings( + paged_findings.object_list, + self.get_prefetch_type()) + # Add some breadcrumbs + request, context = self.add_breadcrumbs(request, context) + # Add the filtered and paged findings into the context + context |= { + "findings": paged_findings, + "filtered": filtered_findings, + } + # Render the view + return render(request, self.get_template(), context) - show_product_column = True - custom_breadcrumb = None - product_tab = None - jira_project = None - github_config = None - if view == "All": - filter_name = "All" - else: - print('Filtering!', view) - - if pid: - product = get_object_or_404(Product, id=pid) - user_has_permission_or_403(request.user, product, Permissions.Product_View) - show_product_column = False - product_tab = Product_Tab(pid, title="Findings", tab="findings") - jira_project = jira_helper.get_jira_project(product) - github_config = GITHUB_PKey.objects.filter(product=pid).first() - - elif eid: - engagement = get_object_or_404(Engagement, id=eid) - user_has_permission_or_403(request.user, engagement, Permissions.Engagement_View) - show_product_column = False - product_tab = Product_Tab(engagement.product_id, title=engagement.name, tab="engagements") - jira_project = jira_helper.get_jira_project(engagement) - github_config = GITHUB_PKey.objects.filter(product__engagement=eid).first() - else: - add_breadcrumb(title="Findings", top_level=not len(request.GET), request=request) +class ListOpenFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Open" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - findings_filter = get_filtered_findings(request, pid, eid, None, filter_name, order_by) - title_words = get_words_for_field(Finding, 'title') - component_words = get_words_for_field(Finding, 'component_name') +class ListVerifiedFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Verified" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - # trick to prefetch after paging to avoid huge join generated by select count(*) from Paginator - paged_findings = get_page_items(request, findings_filter.qs, 25) - paged_findings.object_list = prefetch_for_findings(paged_findings.object_list, prefetch_type) +class ListOutOfScopeFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Out of Scope" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - bulk_edit_form = FindingBulkUpdateForm(request.GET) - # show custom breadcrumb if user has filtered by exactly 1 endpoint - endpoint = None - if 'endpoints' in request.GET: - endpoints = request.GET.getlist('endpoints', []) - if len(endpoints) == 1: - endpoint = endpoints[0] - endpoint = get_object_or_404(Endpoint, id=endpoint) - pid = endpoint.product.id - filter_name = "Vulnerable Endpoints" - custom_breadcrumb = OrderedDict([("Endpoints", reverse('vulnerable_endpoints')), (endpoint, reverse('view_endpoint', args=(endpoint.id, )))]) +class ListFalsePositiveFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "False Positive" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - if github_config: - github_config = github_config.git_conf_id - return render( - request, 'dojo/findings_list.html', { - 'show_product_column': show_product_column, - "product_tab": product_tab, - "findings": paged_findings, - "filtered": findings_filter, - "title_words": title_words, - "component_words": component_words, - 'custom_breadcrumb': custom_breadcrumb, - 'filter_name': filter_name, - 'jira_project': jira_project, - 'bulk_edit_form': bulk_edit_form, - }) +class ListInactiveFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Inactive" + return super().get(request, product_id=product_id, engagement_id=engagement_id) -def prefetch_for_findings(findings, prefetch_type='all'): - prefetched_findings = findings - if isinstance(findings, QuerySet): # old code can arrive here with prods being a list because the query was already executed - prefetched_findings = prefetched_findings.prefetch_related('reporter') - prefetched_findings = prefetched_findings.prefetch_related('jira_issue__jira_project__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('test__test_type') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__jira_project__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__jira_project_set__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('found_by') +class ListAcceptedFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Accepted" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - # for open/active findings the following 4 prefetches are not needed - if prefetch_type != 'open': - prefetched_findings = prefetched_findings.prefetch_related('risk_acceptance_set') - prefetched_findings = prefetched_findings.prefetch_related('risk_acceptance_set__accepted_findings') - prefetched_findings = prefetched_findings.prefetch_related('original_finding') - prefetched_findings = prefetched_findings.prefetch_related('duplicate_finding') - # filter out noop reimport actions from finding status history - prefetched_findings = prefetched_findings.prefetch_related(Prefetch('test_import_finding_action_set', - queryset=Test_Import_Finding_Action.objects.exclude(action=IMPORT_UNTOUCHED_FINDING))) - - # we could try to prefetch only the latest note with SubQuery and OuterRef, but I'm getting that MySql doesn't support limits in subqueries. - prefetched_findings = prefetched_findings.prefetch_related('notes') - prefetched_findings = prefetched_findings.prefetch_related('tags') - prefetched_findings = prefetched_findings.prefetch_related('endpoints') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status__endpoint') - prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=False))) - prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=True))) - prefetched_findings = prefetched_findings.prefetch_related('finding_group_set') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__members') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__prod_type__members') - else: - logger.debug('unable to prefetch because query was already executed') +class ListClosedFindings(ListFindings): + def get(self, request: HttpRequest, product_id: int = None, engagement_id: int = None): + self.filter_name = "Closed" + self.order_by = "-mitigated" + return super().get(request, product_id=product_id, engagement_id=engagement_id) - return prefetched_findings +class ViewFinding(View): + def get_finding(self, finding_id: int): + finding_qs = prefetch_for_findings(Finding.objects.all(), exclude_untouched=False) + return get_object_or_404(finding_qs, id=finding_id) -def prefetch_for_similar_findings(findings): - prefetched_findings = findings - if isinstance(findings, QuerySet): # old code can arrive here with prods being a list because the query was already executed - prefetched_findings = prefetched_findings.prefetch_related('reporter') - prefetched_findings = prefetched_findings.prefetch_related('jira_issue__jira_project__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('test__test_type') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__jira_project__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__jira_project_set__jira_instance') - prefetched_findings = prefetched_findings.prefetch_related('found_by') - prefetched_findings = prefetched_findings.prefetch_related('risk_acceptance_set') - prefetched_findings = prefetched_findings.prefetch_related('risk_acceptance_set__accepted_findings') - prefetched_findings = prefetched_findings.prefetch_related('original_finding') - prefetched_findings = prefetched_findings.prefetch_related('duplicate_finding') - # filter out noop reimport actions from finding status history - prefetched_findings = prefetched_findings.prefetch_related(Prefetch('test_import_finding_action_set', - queryset=Test_Import_Finding_Action.objects.exclude(action=IMPORT_UNTOUCHED_FINDING))) - - # we could try to prefetch only the latest note with SubQuery and OuterRef, but I'm getting that MySql doesn't support limits in subqueries. - prefetched_findings = prefetched_findings.prefetch_related('notes') - prefetched_findings = prefetched_findings.prefetch_related('tags') - # prefetched_findings = prefetched_findings.prefetch_related('endpoints') - # prefetched_findings = prefetched_findings.prefetch_related('endpoint_status') - # prefetched_findings = prefetched_findings.prefetch_related('endpoint_status__endpoint') - # prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=False))) - # prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=True))) - else: - logger.debug('unable to prefetch because query was already executed') + def get_dojo_user(self, request: HttpRequest): + user = request.user + return get_object_or_404(Dojo_User, id=user.id) - return prefetched_findings + def get_previous_and_next_findings(self, finding: Finding): + # Get the whole list of findings in the current test + findings = ( + Finding.objects.filter(test=finding.test) + .order_by("numerical_severity") + .values_list("id", flat=True) + ) + logger.debug(findings) + # Set some reasonable defaults + next_finding_id = finding.id + prev_finding_id = finding.id + last_pos = (len(findings)) - 1 + # get the index of the current finding + current_finding_index = list(findings).index(finding.id) + # Try to get the previous ID + with contextlib.suppress(IndexError, ValueError): + prev_finding_id = findings[current_finding_index - 1] + # Try to get the next ID + with contextlib.suppress(IndexError, ValueError): + next_finding_id = findings[current_finding_index + 1] + + return { + "prev_finding_id": prev_finding_id, + "next_finding_id": next_finding_id, + "findings_list": findings, + "findings_list_lastElement": findings[last_pos], + } + + def get_credential_objects(self, finding: Finding): + cred = ( + Cred_Mapping.objects.filter(test=finding.test.id) + .select_related("cred_id") + .order_by("cred_id") + ) + cred_engagement = ( + Cred_Mapping.objects.filter(engagement=finding.test.engagement.id) + .select_related("cred_id") + .order_by("cred_id") + ) + cred_finding = ( + Cred_Mapping.objects.filter(finding=finding.id) + .select_related("cred_id") + .order_by("cred_id") + ) + return { + "cred_finding": cred_finding, + "cred": cred, + "cred_engagement": cred_engagement, + } -@user_is_authorized(Finding, Permissions.Finding_View, 'fid') -def view_finding(request, fid): - finding_qs = prefetch_for_findings(Finding.objects.all()) - finding = get_object_or_404(finding_qs, id=fid) - findings = Finding.objects.filter(test=finding.test).order_by('numerical_severity').values_list('id', flat=True) - logger.debug(findings) - try: - prev_finding_id = findings[(list(findings).index(finding.id)) - 1] - except AssertionError: - prev_finding_id = finding.id - try: - next_finding_id = findings[(list(findings).index(finding.id)) + 1] - except IndexError: - next_finding_id = finding.id + def get_cwe_template(self, finding: Finding): + cwe_template = None + with contextlib.suppress(Finding_Template.DoesNotExist): + cwe_template = Finding_Template.objects.filter(cwe=finding.cwe).first() - cred_finding = Cred_Mapping.objects.filter( - finding=finding.id).select_related('cred_id').order_by('cred_id') - creds = Cred_Mapping.objects.filter( - test=finding.test.id).select_related('cred_id').order_by('cred_id') - cred_engagement = Cred_Mapping.objects.filter( - engagement=finding.test.engagement.id).select_related( - 'cred_id').order_by('cred_id') - user = request.user - cwe_template = None - try: - cwe_template = Finding_Template.objects.filter(cwe=finding.cwe).first() - except Finding_Template.DoesNotExist: - pass + return { + "cwe_template": cwe_template + } - dojo_user = get_object_or_404(Dojo_User, id=user.id) + def get_request_response(self, finding: Finding): + request_response = None + burp_request = None + burp_response = None + try: + request_response = BurpRawRequestResponse.objects.filter(finding=finding).first() + if request_response is not None: + burp_request = base64.b64decode(request_response.burpRequestBase64) + burp_response = base64.b64decode(request_response.burpResponseBase64) + except Exception as e: + logger.debug(f"unsuspected error: {e}") + + return { + "burp_request": burp_request, + "burp_response": burp_response, + } + + def get_test_import_data(self, request: HttpRequest, finding: Finding): + test_imports = Test_Import.objects.filter(findings_affected=finding) + test_import_filter = TestImportFilter(request.GET, test_imports) + + test_import_finding_actions = finding.test_import_finding_action_set + test_import_finding_actions_count = test_import_finding_actions.all().count() + test_import_finding_actions = test_import_finding_actions.filter(test_import__in=test_import_filter.qs) + test_import_finding_action_filter = TestImportFindingActionFilter(request.GET, test_import_finding_actions) + + paged_test_import_finding_actions = get_page_items_and_count(request, test_import_finding_action_filter.qs, 5, prefix='test_import_finding_actions') + paged_test_import_finding_actions.object_list = paged_test_import_finding_actions.object_list.prefetch_related('test_import') + + latest_test_import_finding_action = finding.test_import_finding_action_set.order_by('-created').first + + return { + "test_import_filter": test_import_filter, + "test_import_finding_action_filter": test_import_finding_action_filter, + "paged_test_import_finding_actions": paged_test_import_finding_actions, + "latest_test_import_finding_action": latest_test_import_finding_action, + "test_import_finding_actions_count": test_import_finding_actions_count, + } + + def get_similar_findings(self, request: HttpRequest, finding: Finding): + # add related actions for non-similar and non-duplicate cluster members + finding.related_actions = calculate_possible_related_actions_for_similar_finding( + request, finding, finding + ) + if finding.duplicate_finding: + finding.duplicate_finding.related_actions = ( + calculate_possible_related_actions_for_similar_finding( + request, finding, finding.duplicate_finding + ) + ) + similar_findings_filter = SimilarFindingFilter( + request.GET, + queryset=get_authorized_findings(Permissions.Finding_View), + user=request.user, + finding=finding, + ) + logger.debug("similar query: %s", similar_findings_filter.qs.query) + similar_findings = get_page_items( + request, + similar_findings_filter.qs, + settings.SIMILAR_FINDINGS_MAX_RESULTS, + prefix="similar", + ) + similar_findings.object_list = prefetch_for_similar_findings( + similar_findings.object_list + ) + for similar_finding in similar_findings: + similar_finding.related_actions = ( + calculate_possible_related_actions_for_similar_finding( + request, finding, similar_finding + ) + ) + + return { + "duplicate_cluster": duplicate_cluster(request, finding), + "similar_findings": similar_findings, + "similar_findings_filter": similar_findings_filter, + } + + def get_jira_data(self, finding: Finding): + ( + can_be_pushed_to_jira, + can_be_pushed_to_jira_error, + error_code, + ) = jira_helper.can_be_pushed_to_jira(finding) + # Check the error code + if error_code: + logger.error(error_code) + + return { + "can_be_pushed_to_jira": can_be_pushed_to_jira, + "can_be_pushed_to_jira_error": can_be_pushed_to_jira_error, + } + + def get_note_form(self, request: HttpRequest): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = {} + + return NoteForm(*args, **kwargs) + + def get_typed_note_form(self, request: HttpRequest, context: dict): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "available_note_types": context.get("available_note_types") + } + + return TypedNoteForm(*args, **kwargs) + + def get_form(self, request: HttpRequest, context: dict): + return ( + self.get_typed_note_form(request, context) + if context.get("note_type_activation", 0) + else self.get_note_form(request) + ) - notes = finding.notes.all() - files = finding.files.all() - note_type_activation = Note_Type.objects.filter(is_active=True).count() - if note_type_activation: - available_note_types = find_available_notetypes(notes) - if request.method == 'POST': - user_has_permission_or_403(request.user, finding, Permissions.Note_Add) - if note_type_activation: - form = TypedNoteForm(request.POST, available_note_types=available_note_types) - else: - form = NoteForm(request.POST) - if form.is_valid(): - new_note = form.save(commit=False) + def process_form(self, request: HttpRequest, finding: Finding, context: dict): + if context["form"].is_valid(): + # Create the note object + new_note = context["form"].save(commit=False) new_note.author = request.user new_note.date = timezone.now() new_note.save() - history = NoteHistory(data=new_note.entry, - time=new_note.date, - current_editor=new_note.author) + # Add an entry to the note history + history = NoteHistory( + data=new_note.entry, time=new_note.date, current_editor=new_note.author + ) history.save() new_note.history.add(history) + # Associate the note with the finding finding.notes.add(new_note) finding.last_reviewed = new_note.date - finding.last_reviewed_by = user + finding.last_reviewed_by = context["user"] finding.save() - + # Determine if the note should be sent to jira if finding.has_jira_issue: jira_helper.add_comment(finding, new_note) elif finding.has_jira_group_issue: jira_helper.add_comment(finding.finding_group, new_note) + # Send the notification of the note being added + url = request.build_absolute_uri( + reverse("view_finding", args=(finding.id,)) + ) + title = f"Finding: {finding.title}" + process_notifications(request, new_note, url, title) + # Add a message to the request + messages.add_message( + request, messages.SUCCESS, "Note saved.", extra_tags="alert-success" + ) + + return request, True + + return request, False + + def get_initial_context(self, request: HttpRequest, finding: Finding, user: Dojo_User): + notes = finding.notes.all() + note_type_activation = Note_Type.objects.filter(is_active=True).count() + available_note_types = None + if note_type_activation: + available_note_types = find_available_notetypes(notes) + # Set the current context + context = { + "finding": finding, + "dojo_user": user, + "user": request.user, + "notes": notes, + "files": finding.files.all(), + "note_type_activation": note_type_activation, + "available_note_types": available_note_types, + "product_tab": Product_Tab( + finding.test.engagement.product, title="View Finding", tab="findings" + ) + } + # Set the form using the context, and then update the context + form = self.get_form(request, context) + context["form"] = form + + return context + + def get_template(self): + return "dojo/view_finding.html" + + def get(self, request: HttpRequest, finding_id: int): + # Get the initial objects + finding = self.get_finding(finding_id) + user = self.get_dojo_user(request) + # Make sure the user is authorized + user_has_permission_or_403(user, finding, Permissions.Finding_View) + # Set up the initial context + context = self.get_initial_context(request, finding, user) + # Add in the other extras + context |= self.get_previous_and_next_findings(finding) + context |= self.get_credential_objects(finding) + context |= self.get_cwe_template(finding) + # Add in more of the other extras + context |= self.get_request_response(finding) + context |= self.get_similar_findings(request, finding) + context |= self.get_test_import_data(request, finding) + context |= self.get_jira_data(finding) + # Render the form + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest, finding_id): + # Get the initial objects + finding = self.get_finding(finding_id) + user = self.get_dojo_user(request) + # Make sure the user is authorized + user_has_permission_or_403(user, finding, Permissions.Finding_View) + # Quick perms check to determine if the user has access to add a note to the finding + user_has_permission_or_403(user, finding, Permissions.Note_Add) + # Set up the initial context + context = self.get_initial_context(request, finding, user) + # Determine the validity of the form + request, success = self.process_form(request, finding, context) + # Handle the case of a successful form + if success: + return HttpResponseRedirect(reverse("view_finding", args=(finding_id,))) + # Add in more of the other extras + context |= self.get_request_response(finding) + context |= self.get_similar_findings(request, finding) + context |= self.get_test_import_data(request, finding) + context |= self.get_jira_data(finding) + # Render the form + return render(request, self.get_template(), context) + + +class EditFinding(View): + def get_finding(self, finding_id: int): + return get_object_or_404(Finding, id=finding_id) + + def get_request_response(self, finding: Finding): + req_resp = None + if burp_rr := BurpRawRequestResponse.objects.filter(finding=finding).first(): + req_resp = (burp_rr.get_request(), burp_rr.get_response()) + + return req_resp + + def get_finding_form(self, request: HttpRequest, finding: Finding): + # Get the burp request if available + req_resp = self.get_request_response(finding) + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "instance": finding, + "req_resp": req_resp, + "can_edit_mitigated_data": finding_helper.can_edit_mitigated_data(request.user), + "initial": {"vulnerability_ids": "\n".join(finding.vulnerability_ids)}, + } + + return FindingForm(*args, **kwargs) + + def get_jira_form(self, request: HttpRequest, finding: Finding, finding_form: FindingForm = None): + # Determine if jira should be used + if (jira_project := jira_helper.get_jira_project(finding)) is not None: + # Determine if push all findings is enabled + push_all_findings = jira_helper.is_push_all_issues(finding) + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "push_all": push_all_findings, + "prefix": "jiraform", + "instance": finding, + "jira_project": jira_project, + "finding_form": finding_form, + } + + return JIRAFindingForm(*args, **kwargs) + return None + + def get_github_form(self, request: HttpRequest, finding: Finding): + # Determine if github should be used + if get_system_setting("enable_github"): + # Ensure there is a github conf correctly configured for the product + config_present = GITHUB_PKey.objects.filter(product=finding.test.engagement.product) + if config_present := config_present.exclude(git_conf_id=None): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "enabled": finding.has_github_issue(), + "prefix": "githubform" + } + return GITHUBFindingForm(*args, **kwargs) + return None + + def get_initial_context(self, request: HttpRequest, finding: Finding): + # Get the finding form first since it is used in another place + finding_form = self.get_finding_form(request, finding) + return { + "form": finding_form, + "finding": finding, + "jform": self.get_jira_form(request, finding, finding_form=finding_form), + "gform": self.get_github_form(request, finding), + "return_url": get_return_url(request), + "product_tab": Product_Tab( + finding.test.engagement.product, title="Edit Finding", tab="findings" + ) + } + + def validate_status_change(self, request: HttpRequest, finding: Finding, context: dict): + # If the finding is already not active, skip this extra validation + if not finding.active: + return request + # Validate the proper notes are added for mitigation + if (not context["form"]["active"].value() or context["form"]["false_p"].value() or context["form"]["out_of_scope"].value()) and not context["form"]["duplicate"].value(): + note_type_activation = Note_Type.objects.filter(is_active=True).count() + closing_disabled = 0 if note_type_activation: - form = TypedNoteForm(available_note_types=available_note_types) + closing_disabled = len(get_missing_mandatory_notetypes(finding)) + if closing_disabled != 0: + error_inactive = ValidationError( + "Can not set a finding as inactive without adding all mandatory notes", + code="inactive_without_mandatory_notes", + ) + error_false_p = ValidationError( + "Can not set a finding as false positive without adding all mandatory notes", + code="false_p_without_mandatory_notes", + ) + error_out_of_scope = ValidationError( + "Can not set a finding as out of scope without adding all mandatory notes", + code="out_of_scope_without_mandatory_notes", + ) + if context["form"]["active"].value() is False: + context["form"].add_error("active", error_inactive) + if context["form"]["false_p"].value(): + context["form"].add_error("false_p", error_false_p) + if context["form"]["out_of_scope"].value(): + context["form"].add_error("out_of_scope", error_out_of_scope) + messages.add_message( + request, + messages.ERROR, + ("Can not set a finding as inactive, " + "false positive or out of scope without adding all mandatory notes"), + extra_tags="alert-danger", + ) + + return request + + def process_mitigated_data(self, request: HttpRequest, finding: Finding, context: dict): + # If active is not checked and CAN_EDIT_MITIGATED_DATA, + # mitigate the finding and the associated endpoints status + if finding_helper.can_edit_mitigated_data(request.user) and (( + context["form"]["active"].value() is False + or context["form"]["false_p"].value() + or context["form"]["out_of_scope"].value() + ) and context["form"]["duplicate"].value() is False): + now = timezone.now() + finding.is_mitigated = True + endpoint_status = finding.status_finding.all() + for status in endpoint_status: + status.mitigated_by = ( + context["form"].cleaned_data.get("mitigated_by") or request.user + ) + status.mitigated_time = ( + context["form"].cleaned_data.get("mitigated") or now + ) + status.mitigated = True + status.last_modified = timezone.now() + status.save() + + def process_false_positive_history(self, finding: Finding): + if get_system_setting("false_positive_history", False): + # If the finding is being marked as a false positive we dont need to call the + # fp history function because it will be called by the save function + # If finding was a false positive and is being reactivated: retroactively reactivates all equal findings + if finding.false_p and not finding.false_p and get_system_setting("retroactive_false_positive_history"): + logger.debug('FALSE_POSITIVE_HISTORY: Reactivating existing findings based on: %s', finding) + + existing_fp_findings = match_finding_to_existing_findings( + finding, product=finding.test.engagement.product + ).filter(false_p=True) + + for fp in existing_fp_findings: + logger.debug('FALSE_POSITIVE_HISTORY: Reactivating false positive %i: %s', fp.id, fp) + fp.active = finding.active + fp.verified = finding.verified + fp.false_p = False + fp.out_of_scope = finding.out_of_scope + fp.is_mitigated = finding.is_mitigated + fp.save_no_options() + + def process_burp_request_response(self, finding: Finding, context: dict): + if "request" in context["form"].cleaned_data or "response" in context["form"].cleaned_data: + try: + burp_rr, _ = BurpRawRequestResponse.objects.get_or_create(finding=finding) + except BurpRawRequestResponse.MultipleObjectsReturned: + burp_rr = BurpRawRequestResponse.objects.filter(finding=finding).first() + burp_rr.burpRequestBase64 = base64.b64encode( + context["form"].cleaned_data["request"].encode() + ) + burp_rr.burpResponseBase64 = base64.b64encode( + context["form"].cleaned_data["response"].encode() + ) + burp_rr.clean() + burp_rr.save() + + def process_finding_form(self, request: HttpRequest, finding: Finding, context: dict): + if context["form"].is_valid(): + # process some of the easy stuff first + new_finding = context["form"].save(commit=False) + new_finding.test = finding.test + new_finding.numerical_severity = Finding.get_numerical_severity(new_finding.severity) + new_finding.last_reviewed = timezone.now() + new_finding.last_reviewed_by = request.user + new_finding.tags = context["form"].cleaned_data["tags"] + # Handle group related things + if "group" in context["form"].cleaned_data: + finding_group = context["form"].cleaned_data["group"] + finding_helper.update_finding_group(new_finding, finding_group) + # Handle risk exception related things + if "risk_accepted" in context["form"].cleaned_data and context["form"]["risk_accepted"].value(): + if new_finding.test.engagement.product.enable_simple_risk_acceptance: + ra_helper.simple_risk_accept(new_finding, perform_save=False) else: - form = NoteForm() - url = request.build_absolute_uri( - reverse("view_finding", args=(finding.id, ))) - title = "Finding: " + finding.title - process_notifications(request, new_note, url, title) + if new_finding.risk_accepted: + ra_helper.risk_unaccept(new_finding, perform_save=False) + # Save and add new endpoints + finding_helper.add_endpoints(new_finding, context["form"]) + # Remove unrelated endpoints + endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) + for endpoint_status in endpoint_status_list: + if endpoint_status.endpoint not in new_finding.endpoints.all(): + endpoint_status.delete() + # Handle some of the other steps + self.process_mitigated_data(request, new_finding, context) + self.process_false_positive_history(new_finding) + self.process_burp_request_response(new_finding, context) + # Save the vulnerability IDs + finding_helper.save_vulnerability_ids(new_finding, context["form"].cleaned_data["vulnerability_ids"].split()) + # Add a success message messages.add_message( request, messages.SUCCESS, - 'Note saved.', - extra_tags='alert-success') - return HttpResponseRedirect( - reverse('view_finding', args=(finding.id, ))) - else: - if note_type_activation: - form = TypedNoteForm(available_note_types=available_note_types) + "Finding saved successfully.", + extra_tags="alert-success", + ) + + return finding, request, True else: - form = NoteForm() + add_error_message_to_response("The form has errors, please correct them below.") + add_field_errors_to_response(context["form"]) - try: - reqres = BurpRawRequestResponse.objects.get(finding=finding) - burp_request = base64.b64decode(reqres.burpRequestBase64) - burp_response = base64.b64decode(reqres.burpResponseBase64) - except: - reqres = None - burp_request = None - burp_response = None + return finding, request, False + + def process_jira_form(self, request: HttpRequest, finding: Finding, context: dict): + # Capture case if the jira not being enabled + if context["jform"] is None: + return request, True, False + + if context["jform"] and context["jform"].is_valid(): + jira_message = None + logger.debug("jform.jira_issue: %s", context["jform"].cleaned_data.get("jira_issue")) + logger.debug(JFORM_PUSH_TO_JIRA_MESSAGE, context["jform"].cleaned_data.get("push_to_jira")) + # can't use helper as when push_all_jira_issues is True, the checkbox gets disabled and is always false + push_all_jira_issues = jira_helper.is_push_all_issues(finding) + push_to_jira = push_all_jira_issues or context["jform"].cleaned_data.get("push_to_jira") + logger.debug("push_to_jira: %s", push_to_jira) + logger.debug("push_all_jira_issues: %s", push_all_jira_issues) + logger.debug("has_jira_group_issue: %s", finding.has_jira_group_issue) + # if the jira issue key was changed, update database + new_jira_issue_key = context["jform"].cleaned_data.get("jira_issue") + # we only support linking / changing if there is no group issue + if not finding.has_jira_group_issue: + if finding.has_jira_issue: + """ + everything in DD around JIRA integration is based on the internal id + of the issue in JIRA instead of on the public jira issue key. + I have no idea why, but it means we have to retrieve the issue from JIRA + to get the internal JIRA id. we can assume the issue exist, + which is already checked in the validation of the form + """ + if not new_jira_issue_key: + jira_helper.finding_unlink_jira(request, finding) + jira_message = "Link to JIRA issue removed successfully." + elif new_jira_issue_key != finding.jira_issue.jira_key: + jira_helper.finding_unlink_jira(request, finding) + jira_helper.finding_link_jira(request, finding, new_jira_issue_key) + jira_message = "Changed JIRA link successfully." + else: + if new_jira_issue_key: + jira_helper.finding_link_jira(request, finding, new_jira_issue_key) + jira_message = "Linked a JIRA issue successfully." + # any existing finding should be updated + push_to_jira = ( + push_to_jira + and not (push_to_jira and finding.finding_group) + and (finding.has_jira_issue or jira_helper.get_jira_instance(finding).finding_jira_sync) + ) + # Determine if a message should be added + if jira_message: + messages.add_message( + request, messages.SUCCESS, jira_message, extra_tags="alert-success" + ) - # add related actions for non-similar and non-duplicate cluster members - finding.related_actions = calculate_possible_related_actions_for_similar_finding(request, finding, finding) - if finding.duplicate_finding: - finding.duplicate_finding.related_actions = calculate_possible_related_actions_for_similar_finding(request, finding, finding.duplicate_finding) + return request, True, push_to_jira + else: + add_field_errors_to_response(context["jform"]) - similar_findings_filter = SimilarFindingFilter(request.GET, queryset=get_authorized_findings(Permissions.Finding_View), user=request.user, finding=finding) - logger.debug('similar query: %s', similar_findings_filter.qs.query) + return request, False, False - similar_findings = get_page_items(request, similar_findings_filter.qs, settings.SIMILAR_FINDINGS_MAX_RESULTS, prefix='similar') + def process_github_form(self, request: HttpRequest, finding: Finding, context: dict, old_status: str): + if "githubform-push_to_github" not in request.POST: + return request, True - similar_findings.object_list = prefetch_for_similar_findings(similar_findings.object_list) + if context["gform"].is_valid(): + if GITHUB_Issue.objects.filter(finding=finding).exists(): + update_external_issue(finding, old_status, "github") + else: + add_external_issue(finding, "github") - for similar_finding in similar_findings: - similar_finding.related_actions = calculate_possible_related_actions_for_similar_finding(request, finding, similar_finding) + return request, True + else: + add_field_errors_to_response(context["gform"]) + + return request, False + + def process_forms(self, request: HttpRequest, finding: Finding, context: dict): + form_success_list = [] + # Set vars for the completed forms + old_status = finding.status() + old_finding = copy.copy(finding) + # Validate finding mitigation + request = self.validate_status_change(request, finding, context) + # Check the validity of the form overall + new_finding, request, success = self.process_finding_form(request, finding, context) + form_success_list.append(success) + request, success, push_to_jira = self.process_jira_form(request, new_finding, context) + form_success_list.append(success) + request, success = self.process_github_form(request, new_finding, context, old_status) + form_success_list.append(success) + # Determine if all forms were successful + all_forms_valid = all(form_success_list) + # Check the validity of all the forms + if all_forms_valid: + # if we're removing the "duplicate" in the edit finding screen + # do not relaunch deduplication, otherwise, it's never taken into account + if old_finding.duplicate and not new_finding.duplicate: + new_finding.duplicate_finding = None + new_finding.save(push_to_jira=push_to_jira, dedupe_option=False) + else: + new_finding.save(push_to_jira=push_to_jira) + # we only push the group after storing the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding.finding_group: + jira_helper.push_to_jira(finding.finding_group) + + return request, all_forms_valid + + def get_template(self): + return "dojo/edit_finding.html" + + def get(self, request: HttpRequest, finding_id: int): + # Get the initial objects + finding = self.get_finding(finding_id) + # Make sure the user is authorized + user_has_permission_or_403(request.user, finding, Permissions.Finding_Edit) + # Set up the initial context + context = self.get_initial_context(request, finding) + # Render the form + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest, finding_id: int): + # Get the initial objects + finding = self.get_finding(finding_id) + # Make sure the user is authorized + user_has_permission_or_403(request.user, finding, Permissions.Finding_Edit) + # Set up the initial context + context = self.get_initial_context(request, finding) + # Process the form + request, success = self.process_forms(request, finding, context) + # Handle the case of a successful form + if success: + return redirect_to_return_url_or_else(request, reverse("view_finding", args=(finding_id,))) + # Render the form + return render(request, self.get_template(), context) + + +class DeleteFinding(View): + def get_finding(self, finding_id: int): + return get_object_or_404(Finding, id=finding_id) + + def process_form(self, request: HttpRequest, finding: Finding, context: dict): + if context["form"].is_valid(): + product = finding.test.engagement.product + finding.delete() + # Update the grade of the product async + calculate_grade(product) + # Add a message to the request that the finding was successfully deleted + messages.add_message( + request, + messages.SUCCESS, + "Finding deleted successfully.", + extra_tags="alert-success", + ) + # Send a notification that the finding had been deleted + create_notification( + event="other", + title=f"Deletion of {finding.title}", + description=f'The finding "{finding.title}" was deleted by {request.user}', + product=product, + url=request.build_absolute_uri(reverse("all_findings")), + recipients=[finding.test.engagement.lead], + icon="exclamation-triangle", + ) + # return the request + return request, True + + # Add a failure message + messages.add_message( + request, + messages.ERROR, + "Unable to delete finding, please try again.", + extra_tags="alert-danger", + ) - product_tab = Product_Tab(finding.test.engagement.product.id, title="View Finding", tab="findings") + return request, False + + def post(self, request: HttpRequest, finding_id): + # Get the initial objects + finding = self.get_finding(finding_id) + # Make sure the user is authorized + user_has_permission_or_403(request.user, finding, Permissions.Finding_Delete) + # Get the finding form + context = { + "form": DeleteFindingForm(request.POST, instance=finding), + } + # Process the form + request, success = self.process_form(request, finding, context) + # Handle the case of a successful form + if success: + return redirect_to_return_url_or_else(request, reverse("view_test", args=(finding.test.id,))) + raise PermissionDenied() - can_be_pushed_to_jira, can_be_pushed_to_jira_error, error_code = jira_helper.can_be_pushed_to_jira(finding) - lastPos = (len(findings)) - 1 - return render( - request, 'dojo/view_finding.html', { - 'product_tab': product_tab, - 'finding': finding, - 'burp_request': burp_request, - 'cred_finding': cred_finding, - 'creds': creds, - 'cred_engagement': cred_engagement, - 'burp_response': burp_response, - 'dojo_user': dojo_user, - 'user': user, - 'notes': notes, - 'files': files, - 'form': form, - 'cwe_template': cwe_template, - 'found_by': finding.found_by.all().distinct(), - 'findings_list': findings, - 'findings_list_lastElement': findings[lastPos], - 'prev_finding_id': prev_finding_id, - 'next_finding_id': next_finding_id, - 'duplicate_cluster': duplicate_cluster(request, finding), - 'similar_findings': similar_findings, - 'similar_findings_filter': similar_findings_filter, - 'can_be_pushed_to_jira': can_be_pushed_to_jira, - 'can_be_pushed_to_jira_error': can_be_pushed_to_jira_error, - }) - - -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def close_finding(request, fid): finding = get_object_or_404(Finding, id=fid) # in order to close a finding, we need to capture why it was closed @@ -408,87 +1207,115 @@ def close_finding(request, fid): else: missing_note_types = note_type_activation form = CloseFindingForm(missing_note_types=missing_note_types) - if request.method == 'POST': + if request.method == "POST": form = CloseFindingForm(request.POST, missing_note_types=missing_note_types) - close_external_issue(finding, 'Closed by defectdojo', 'github') + close_external_issue(finding, "Closed by defectdojo", "github") if form.is_valid(): now = timezone.now() new_note = form.save(commit=False) new_note.author = request.user - new_note.date = now + new_note.date = form.cleaned_data.get("mitigated") or now new_note.save() finding.notes.add(new_note) messages.add_message( - request, - messages.SUCCESS, - 'Note Saved.', - extra_tags='alert-success') + request, messages.SUCCESS, "Note Saved.", extra_tags="alert-success" + ) - if len(missing_note_types) == 0: + if len(missing_note_types) <= 1: finding.active = False now = timezone.now() - finding.mitigated = now - finding.mitigated_by = request.user + finding.mitigated = form.cleaned_data.get("mitigated") or now + finding.mitigated_by = ( + form.cleaned_data.get("mitigated_by") or request.user + ) finding.is_mitigated = True finding.last_reviewed = finding.mitigated finding.last_reviewed_by = request.user - endpoint_status = finding.endpoint_status.all() + finding.false_p = form.cleaned_data.get("false_p", False) + finding.out_of_scope = form.cleaned_data.get("out_of_scope", False) + finding.duplicate = form.cleaned_data.get("duplicate", False) + endpoint_status = finding.status_finding.all() for status in endpoint_status: - status.mitigated_by = request.user - status.mitigated_time = timezone.now() + status.mitigated_by = ( + form.cleaned_data.get("mitigated_by") or request.user + ) + status.mitigated_time = form.cleaned_data.get("mitigated") or now status.mitigated = True status.last_modified = timezone.now() status.save() - # only push to JIRA if there is an issue, to prevent a new one from being created - if jira_helper.is_push_all_issues(finding) and finding.has_jira_issue: - finding.save(push_to_jira=True) - else: - finding.save() + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = jira_helper.is_push_all_issues(finding) \ + or jira_helper.get_jira_instance(finding).finding_jira_sync + # Add the closing note + if push_to_jira and not finding_in_group: + jira_helper.add_comment(finding, new_note, force_push=True) + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) messages.add_message( request, messages.SUCCESS, - 'Finding closed.', - extra_tags='alert-success') - create_notification(event='other', - title='Closing of %s' % finding.title, - finding=finding, - description='The finding "%s" was closed by %s' % (finding.title, request.user), - url=request.build_absolute_uri(reverse('view_test', args=(finding.test.id, ))), - ) + "Finding closed.", + extra_tags="alert-success", + ) + create_notification( + event="other", + title="Closing of %s" % finding.title, + finding=finding, + description='The finding "%s" was closed by %s' + % (finding.title, request.user), + url=reverse("view_finding", args=(finding.id,)), + ) return HttpResponseRedirect( - reverse('view_test', args=(finding.test.id, ))) + reverse("view_test", args=(finding.test.id,)) + ) else: return HttpResponseRedirect( - reverse('close_finding', args=(finding.id, ))) - - else: - form = CloseFindingForm(missing_note_types=missing_note_types) + reverse("close_finding", args=(finding.id,)) + ) - product_tab = Product_Tab(finding.test.engagement.product.id, title="Close", tab="findings") + product_tab = Product_Tab( + finding.test.engagement.product, title="Close", tab="findings" + ) - return render(request, 'dojo/close_finding.html', { - 'finding': finding, - 'product_tab': product_tab, - 'active_tab': 'findings', - 'user': request.user, - 'form': form, - 'note_types': missing_note_types - }) + return render( + request, + "dojo/close_finding.html", + { + "finding": finding, + "product_tab": product_tab, + "active_tab": "findings", + "user": request.user, + "form": form, + "note_types": missing_note_types, + }, + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def defect_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) # in order to close a finding, we need to capture why it was closed # we can do this with a Note - if request.method == 'POST': + if request.method == "POST": form = DefectFindingForm(request.POST) - if form.is_valid(): now = timezone.now() new_note = form.save(commit=False) @@ -497,71 +1324,81 @@ def defect_finding_review(request, fid): new_note.save() finding.notes.add(new_note) finding.under_review = False - defect_choice = form.cleaned_data['defect_choice'] + defect_choice = form.cleaned_data["defect_choice"] if defect_choice == "Close Finding": finding.active = False + finding.verified = True finding.mitigated = now finding.mitigated_by = request.user finding.is_mitigated = True finding.last_reviewed = finding.mitigated finding.last_reviewed_by = request.user finding.endpoints.clear() + else: + finding.active = True + finding.verified = True + finding.mitigated = None + finding.mitigated_by = None + finding.is_mitigated = False + finding.last_reviewed = now + finding.last_reviewed_by = request.user - # TODO: JIRA: Code below should move to jira_helper. But I have no idea what it is doin so don't want move/break it - - jira = jira_helper.get_jira_connection(finding) - if jira and finding.has_jira_issue: - j_issue = finding.jira_issue - issue = jira.issue(j_issue.jira_id) - + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = jira_helper.is_push_all_issues(finding) \ + or jira_helper.get_jira_instance(finding).finding_jira_sync + # Add the closing note + if push_to_jira and not finding_in_group: if defect_choice == "Close Finding": - # If the issue id is closed jira will return Reopen Issue - resolution_id = jira_helper.jira_get_resolution_id(jira, issue, - "Reopen Issue") - if resolution_id is None: - resolution_id = jira_helper.jira_get_resolution_id( - jira, issue, "Resolve Issue") - jira_helper.jira_transition(jira, issue, resolution_id) - new_note.entry = new_note.entry + "\nJira issue set to resolved." + new_note.entry = new_note.entry + "\nJira issue set to resolved." else: - # Re-open finding with notes stating why re-open - resolution_id = jira_helper.jira_get_resolution_id(jira, issue, - "Resolve Issue") - if resolution_id is not None: - jira_helper.jira_transition(jira, issue, resolution_id) - new_note.entry = new_note.entry + "\nJira issue re-opened." - - # Update Dojo and Jira with a notes - if finding.has_jira_issue: + new_note.entry = new_note.entry + "\nJira issue re-opened." jira_helper.add_comment(finding, new_note, force_push=True) - elif finding.has_jira_group_issue: - jira_helper.add_comment(finding.finding_group, new_note, force_push=True) + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) - finding.save() + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) messages.add_message( - request, - messages.SUCCESS, - 'Defect Reviewed', - extra_tags='alert-success') - return HttpResponseRedirect( - reverse('view_test', args=(finding.test.id, ))) + request, messages.SUCCESS, "Defect Reviewed", extra_tags="alert-success" + ) + return HttpResponseRedirect(reverse("view_test", args=(finding.test.id,))) else: form = DefectFindingForm() - product_tab = Product_Tab(finding.test.engagement.product.id, title="Jira Status Review", tab="findings") + product_tab = Product_Tab( + finding.test.engagement.product, title="Jira Status Review", tab="findings" + ) - return render(request, 'dojo/defect_finding_review.html', { - 'finding': finding, - 'product_tab': product_tab, - 'user': request.user, - 'form': form - }) + return render( + request, + "dojo/defect_finding_review.html", + { + "finding": finding, + "product_tab": product_tab, + "user": request.user, + "form": form, + }, + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid',) +@user_is_authorized( + Finding, + Permissions.Finding_Edit, + "fid", +) def reopen_finding(request, fid): finding = get_object_or_404(Finding, id=fid) finding.active = True @@ -570,7 +1407,7 @@ def reopen_finding(request, fid): finding.is_mitigated = False finding.last_reviewed = finding.mitigated finding.last_reviewed_by = request.user - endpoint_status = finding.endpoint_status.all() + endpoint_status = finding.status_finding.all() for status in endpoint_status: status.mitigated_by = None status.mitigated_time = None @@ -578,35 +1415,45 @@ def reopen_finding(request, fid): status.last_modified = timezone.now() status.save() - # only push to JIRA if there is an issue, otherwise a new one is created - if jira_helper.is_push_all_issues(finding) and finding.has_jira_issue: - finding.save(push_to_jira=True) - else: - finding.save() - - reopen_external_issue(finding, 're-opened by defectdojo', 'github') + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = jira_helper.is_push_all_issues(finding) \ + or jira_helper.get_jira_instance(finding).finding_jira_sync + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) + + reopen_external_issue(finding, "re-opened by defectdojo", "github") messages.add_message( - request, - messages.SUCCESS, - 'Finding Reopened.', - extra_tags='alert-success') - create_notification(event='other', - title='Reopening of %s' % finding.title, - finding=finding, - description='The finding "%s" was reopened by %s' % (finding.title, request.user), - url=request.build_absolute_uri(reverse('view_test', args=(finding.test.id, ))), - ) - return HttpResponseRedirect(reverse('view_finding', args=(finding.id, ))) - - -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') + request, messages.SUCCESS, "Finding Reopened.", extra_tags="alert-success" + ) + create_notification( + event="other", + title="Reopening of %s" % finding.title, + finding=finding, + description='The finding "%s" was reopened by %s' + % (finding.title, request.user), + url=reverse("view_finding", args=(finding.id,)), + ) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) + + +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def apply_template_cwe(request, fid): finding = get_object_or_404(Finding, id=fid) - - form = FindingFormID(instance=finding) - - if request.method == 'POST': + if request.method == "POST": form = FindingFormID(request.POST, instance=finding) if form.is_valid(): finding = apply_cwe_to_template(finding) @@ -614,263 +1461,129 @@ def apply_template_cwe(request, fid): messages.add_message( request, messages.SUCCESS, - 'Finding CWE template applied successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_finding', args=(fid, ))) + "Finding CWE template applied successfully.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_finding", args=(fid,))) else: messages.add_message( request, messages.ERROR, - 'Unable to apply CWE template finding, please try again.', - extra_tags='alert-danger') + "Unable to apply CWE template finding, please try again.", + extra_tags="alert-danger", + ) else: - return HttpResponseForbidden() + raise PermissionDenied() -@user_is_authorized(Finding, Permissions.Finding_Delete, 'fid') -def delete_finding(request, fid): +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") +def copy_finding(request, fid): finding = get_object_or_404(Finding, id=fid) + product = finding.test.engagement.product + tests = get_authorized_tests(Permissions.Test_Edit).filter( + engagement=finding.test.engagement + ) + form = CopyFindingForm(tests=tests) - if request.method == 'POST': - form = DeleteFindingForm(request.POST, instance=finding) + if request.method == "POST": + form = CopyFindingForm(request.POST, tests=tests) if form.is_valid(): - tid = finding.test.id + test = form.cleaned_data.get("test") product = finding.test.engagement.product - finding.delete() + finding_copy = finding.copy(test=test) calculate_grade(product) messages.add_message( request, messages.SUCCESS, - 'Finding deleted successfully.', - extra_tags='alert-success') - create_notification(event='other', - title='Deletion of %s' % finding.title, - description='The finding "%s" was deleted by %s' % (finding.title, request.user), - product=product, - url=request.build_absolute_uri(reverse('all_findings')), - recipients=[finding.test.engagement.lead], - icon="exclamation-triangle") - return redirect_to_return_url_or_else(request, reverse('view_test', args=(tid,))) + "Finding Copied successfully.", + extra_tags="alert-success", + ) + create_notification( + event="other", + title="Copying of %s" % finding.title, + description='The finding "%s" was copied by %s to %s' + % (finding.title, request.user, test.title), + product=product, + url=request.build_absolute_uri( + reverse("copy_finding", args=(finding_copy.id,)) + ), + recipients=[finding.test.engagement.lead], + icon="exclamation-triangle", + ) + return redirect_to_return_url_or_else( + request, reverse("view_test", args=(test.id,)) + ) else: messages.add_message( request, messages.ERROR, - 'Unable to delete finding, please try again.', - extra_tags='alert-danger') - else: - return HttpResponseForbidden() - - -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') -def edit_finding(request, fid): - finding = get_object_or_404(Finding, id=fid) - # finding = finding._detag_to_serializable() - # finding = finding._retag_to_original() - old_status = finding.status() - old_finding = copy.copy(finding) - burp_rr = BurpRawRequestResponse.objects.filter(finding=finding).first() - if burp_rr: - req_resp = ( - burp_rr.get_request(), - burp_rr.get_response() - ) - else: - req_resp = None - form = FindingForm(instance=finding, req_resp=req_resp, - can_edit_mitigated_data=finding_helper.can_edit_mitigated_data(request.user)) - form_error = False - jform = None - push_all_jira_issues = jira_helper.is_push_all_issues(finding) - gform = None - use_jira = jira_helper.get_jira_project(finding) is not None - - github_enabled = finding.has_github_issue() - - if request.method == 'POST': - form = FindingForm(request.POST, instance=finding, req_resp=None, - can_edit_mitigated_data=finding_helper.can_edit_mitigated_data(request.user)) - - if finding.active: - if (form['active'].value() is False or form['false_p'].value()) and form['duplicate'].value() is False: - note_type_activation = Note_Type.objects.filter(is_active=True).count() - closing_disabled = 0 - if note_type_activation: - closing_disabled = len(get_missing_mandatory_notetypes(finding)) - if closing_disabled != 0: - error_inactive = ValidationError('Can not set a finding as inactive without adding all mandatory notes', - code='inactive_without_mandatory_notes') - error_false_p = ValidationError('Can not set a finding as false positive without adding all mandatory notes', - code='false_p_without_mandatory_notes') - if form['active'].value() is False: - form.add_error('active', error_inactive) - if form['false_p'].value(): - form.add_error('false_p', error_false_p) - messages.add_message(request, - messages.ERROR, - 'Can not set a finding as inactive or false positive without adding all mandatory notes', - extra_tags='alert-danger') + "Unable to copy finding, please try again.", + extra_tags="alert-danger", + ) - if use_jira: - jform = JIRAFindingForm(request.POST, prefix='jiraform', push_all=push_all_jira_issues, instance=finding, jira_project=jira_helper.get_jira_project(finding), finding_form=form) - - if form.is_valid() and (jform is None or jform.is_valid()): - if jform: - logger.debug('jform.jira_issue: %s', jform.cleaned_data.get('jira_issue')) - logger.debug('jform.push_to_jira: %s', jform.cleaned_data.get('push_to_jira')) - - new_finding = form.save(commit=False) - new_finding.test = finding.test - new_finding.numerical_severity = Finding.get_numerical_severity( - new_finding.severity) - - if 'group' in form.cleaned_data: - finding_group = form.cleaned_data['group'] - finding_helper.update_finding_group(new_finding, finding_group) - - if 'risk_accepted' in form.cleaned_data and form['risk_accepted'].value(): - if new_finding.test.engagement.product.enable_simple_risk_acceptance: - ra_helper.simple_risk_accept(new_finding, perform_save=False) - else: - if new_finding.risk_accepted: - ra_helper.risk_unaccept(new_finding, perform_save=False) - - # Save and add new endpoints - finding_helper.add_endpoints(new_finding, form) - - # Remove unrelated endpoints - endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) - for endpoint_status in endpoint_status_list: - if endpoint_status.endpoint not in new_finding.endpoints.all(): - endpoint_status.delete() - - new_finding.last_reviewed = timezone.now() - new_finding.last_reviewed_by = request.user - - new_finding.tags = form.cleaned_data['tags'] - - if 'request' in form.cleaned_data or 'response' in form.cleaned_data: - burp_rr = BurpRawRequestResponse.objects.filter(finding=finding).first() - if burp_rr: - burp_rr.burpRequestBase64 = base64.b64encode(form.cleaned_data['request'].encode()) - burp_rr.burpResponseBase64 = base64.b64encode(form.cleaned_data['response'].encode()) - burp_rr.clean() - burp_rr.save() - - push_to_jira = False - jira_message = None - if jform and jform.is_valid(): - # Push to Jira? - - logger.debug('jform.push_to_jira: %s', jform.cleaned_data.get('push_to_jira')) - # can't use helper as when push_all_jira_issues is True, the checkbox gets disabled and is always false - # push_to_jira = jira_helper.is_push_to_jira(new_finding, jform.cleaned_data.get('push_to_jira')) - push_to_jira = push_all_jira_issues or jform.cleaned_data.get('push_to_jira') - - logger.debug('push_to_jira: %s', push_to_jira) - logger.debug('push_all_jira_issues: %s', push_all_jira_issues) - logger.debug('has_jira_group_issue: %s', new_finding.has_jira_group_issue) - - # if the jira issue key was changed, update database - new_jira_issue_key = jform.cleaned_data.get('jira_issue') - # we only support linking / changing if there is no group issue - if not new_finding.has_jira_group_issue: - if new_finding.has_jira_issue: - jira_issue = new_finding.jira_issue - - # everything in DD around JIRA integration is based on the internal id of the issue in JIRA - # instead of on the public jira issue key. - # I have no idea why, but it means we have to retrieve the issue from JIRA to get the internal JIRA id. - # we can assume the issue exist, which is already checked in the validation of the jform - - if not new_jira_issue_key: - jira_helper.finding_unlink_jira(request, new_finding) - jira_message = 'Link to JIRA issue removed successfully.' - - elif new_jira_issue_key != new_finding.jira_issue.jira_key: - jira_helper.finding_unlink_jira(request, new_finding) - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Changed JIRA link successfully.' - else: - if new_jira_issue_key: - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Linked a JIRA issue successfully.' - - if 'githubform-push_to_github' in request.POST: - gform = GITHUBFindingForm( - request.POST, prefix='githubform', enabled=github_enabled) - if gform.is_valid(): - if GITHUB_Issue.objects.filter(finding=new_finding).exists(): - update_external_issue(new_finding, old_status, 'github') - else: - add_external_issue(new_finding, 'github') + product_tab = Product_Tab(product, title="Copy Finding", tab="findings") + return render( + request, + "dojo/copy_object.html", + { + "source": finding, + "source_label": "Finding", + "destination_label": "Test", + "product_tab": product_tab, + "form": form, + }, + ) - # if there's a finding group, that's what we need to push - push_group_to_jira = push_to_jira and new_finding.finding_group - # any existing finding should be updated - push_to_jira = push_to_jira and not push_group_to_jira and not new_finding.has_jira_issue - # if we're removing the "duplicate" in the edit finding screen - # do not relaunch deduplication, otherwise, it's never taken into account - if old_finding.duplicate and not new_finding.duplicate: - new_finding.duplicate_finding = None - new_finding.save(push_to_jira=push_to_jira, dedupe_option=False) - else: - new_finding.save(push_to_jira=push_to_jira) +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") +def remediation_date(request, fid): + finding = get_object_or_404(Finding, id=fid) + user = get_object_or_404(Dojo_User, id=request.user.id) - # we only push the group after storing the finding to make sure - # the updated data of the finding is pushed as part of the group - if push_group_to_jira: - jira_helper.push_to_jira(new_finding.finding_group) + if request.method == "POST": + form = EditPlannedRemediationDateFindingForm(request.POST) + if form.is_valid(): + finding.planned_remediation_date = request.POST.get( + "planned_remediation_date", "" + ) + finding.save() messages.add_message( request, messages.SUCCESS, - 'Finding saved successfully.', - extra_tags='alert-success') - - if jira_message: - messages.add_message( - request, - messages.SUCCESS, - jira_message, - extra_tags='alert-success') + "Finding Planned Remediation Date saved.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(new_finding.id,))) - else: - add_error_message_to_response('The form has errors, please correct them below.') - add_field_errors_to_response(jform) - add_field_errors_to_response(form) - form_error = True else: - if use_jira: - jform = JIRAFindingForm(push_all=push_all_jira_issues, prefix='jiraform', instance=finding, jira_project=jira_helper.get_jira_project(finding), finding_form=form) + form = EditPlannedRemediationDateFindingForm(finding=finding) - if get_system_setting('enable_github'): - if GITHUB_PKey.objects.filter(product=finding.test.engagement.product).exclude(git_conf_id=None): - gform = GITHUBFindingForm(enabled=github_enabled, prefix='githubform') + product_tab = Product_Tab( + finding.test.engagement.product, + title="Planned Remediation Date", + tab="findings", + ) - product_tab = Product_Tab(finding.test.engagement.product.id, title="Edit Finding", tab="findings") - - return render(request, 'dojo/edit_finding.html', { - 'product_tab': product_tab, - 'form': form, - 'finding': finding, - 'jform': jform, - 'gform': gform, - 'return_url': get_return_url(request) - }) + return render( + request, + "dojo/remediation_date.html", + {"finding": finding, "product_tab": product_tab, "user": user, "form": form}, + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def touch_finding(request, fid): finding = get_object_or_404(Finding, id=fid) finding.last_reviewed = timezone.now() finding.last_reviewed_by = request.user finding.save() - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(finding.id, ))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(finding.id,)) + ) -@user_is_authorized(Finding, Permissions.Risk_Acceptance, 'fid') +@user_is_authorized(Finding, Permissions.Risk_Acceptance, "fid") def simple_risk_accept(request, fid): finding = get_object_or_404(Finding, id=fid) @@ -879,46 +1592,52 @@ def simple_risk_accept(request, fid): ra_helper.simple_risk_accept(finding) - messages.add_message(request, - messages.WARNING, - 'Finding risk accepted.', - extra_tags='alert-success') + messages.add_message( + request, messages.WARNING, "Finding risk accepted.", extra_tags="alert-success" + ) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(finding.id, ))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(finding.id,)) + ) -@user_is_authorized(Finding, Permissions.Risk_Acceptance, 'fid') +@user_is_authorized(Finding, Permissions.Risk_Acceptance, "fid") def risk_unaccept(request, fid): finding = get_object_or_404(Finding, id=fid) ra_helper.risk_unaccept(finding) - messages.add_message(request, - messages.WARNING, - 'Finding risk unaccepted.', - extra_tags='alert-success') + messages.add_message( + request, + messages.WARNING, + "Finding risk unaccepted.", + extra_tags="alert-success", + ) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(finding.id, ))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(finding.id,)) + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_View, "fid") def request_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) + form = ReviewFindingForm(finding=finding, user=user) # in order to review a finding, we need to capture why a review is needed # we can do this with a Note - if request.method == 'POST': - form = ReviewFindingForm(request.POST) + if request.method == "POST": + form = ReviewFindingForm(request.POST, finding=finding, user=user) if form.is_valid(): now = timezone.now() new_note = Notes() - new_note.entry = "Review Request: " + form.cleaned_data['entry'] + new_note.entry = "Review Request: " + form.cleaned_data["entry"] new_note.private = True new_note.author = request.user new_note.date = now new_note.save() finding.notes.add(new_note) - finding.active = False + finding.active = True finding.verified = False finding.is_mitigated = False finding.under_review = True @@ -926,61 +1645,87 @@ def request_finding_review(request, fid): finding.last_reviewed = now finding.last_reviewed_by = request.user - users = form.cleaned_data['reviewers'] - finding.reviewers.set(users) - finding.save() - reviewers = "" - for suser in form.cleaned_data['reviewers']: - reviewers += str(suser) + ", " - reviewers = reviewers[:-2] - - create_notification(event='review_requested', - title='Finding review requested', - finding=finding, - description='User %s has requested that users %s review the finding "%s" for accuracy:\n\n%s' % (user, reviewers, finding.title, new_note), - icon='check', - url=reverse("view_finding", args=(finding.id,))) + reviewers = form.cleaned_data["reviewers"] + finding.reviewers.set(reviewers) + + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = jira_helper.is_push_all_issues(finding) \ + or jira_helper.get_jira_instance(finding).finding_jira_sync + # Add the closing note + if push_to_jira and not finding_in_group: + jira_helper.add_comment(finding, new_note, force_push=True) + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) + + reviewers = Dojo_User.objects.filter(id__in=form.cleaned_data["reviewers"]) + reviewers_string = ", ".join([str(user) for user in reviewers]) + reviewers_usernames = [user.username for user in reviewers] + logger.debug(f"Asking {reviewers_string} for review") + + create_notification( + event="review_requested", + title="Finding review requested", + requested_by=user, + note=new_note, + finding=finding, + reviewers=reviewers, + recipients=reviewers_usernames, + description=f"User {user.get_full_name()} has requested that user(s) {reviewers_string} review the finding \"{finding.title}\" for accuracy:\n\n{new_note}", + icon="check", + url=reverse("view_finding", args=(finding.id,)), + ) messages.add_message( request, messages.SUCCESS, - 'Finding marked for review and reviewers notified.', - extra_tags='alert-success') - return HttpResponseRedirect( - reverse('view_finding', args=(finding.id, ))) - - else: - form = ReviewFindingForm(finding=finding) + "Finding marked for review and reviewers notified.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) - product_tab = Product_Tab(finding.test.engagement.product.id, title="Review Finding", tab="findings") + product_tab = Product_Tab( + finding.test.engagement.product, title="Review Finding", tab="findings" + ) - return render(request, 'dojo/review_finding.html', { - 'finding': finding, - 'product_tab': product_tab, - 'user': user, - 'form': form - }) + return render( + request, + "dojo/review_finding.html", + {"finding": finding, "product_tab": product_tab, "user": user, "form": form}, + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def clear_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) user = get_object_or_404(Dojo_User, id=request.user.id) + # If the user wanting to clear the review is not the user who requested + # the review or one of the users requested to provide the review, then + # do not allow the user to clear the review. + if user != finding.review_requested_by and user not in finding.reviewers.all(): + raise PermissionDenied() + # in order to clear a review for a finding, we need to capture why and how it was reviewed # we can do this with a Note - - if user == finding.review_requested_by or user in finding.reviewers.all(): - pass - else: - return HttpResponseForbidden() - - if request.method == 'POST': + if request.method == "POST": form = ClearFindingReviewForm(request.POST, instance=finding) if form.is_valid(): now = timezone.now() new_note = Notes() - new_note.entry = "Review Cleared: " + form.cleaned_data['entry'] + new_note.entry = "Review Cleared: " + form.cleaned_data["entry"] new_note.author = request.user new_note.date = now new_note.save() @@ -992,32 +1737,53 @@ def clear_finding_review(request, fid): finding.last_reviewed_by = request.user finding.reviewers.set([]) - finding.save() - finding.notes.add(new_note) + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = jira_helper.is_push_all_issues(finding) \ + or jira_helper.get_jira_instance(finding).finding_jira_sync + # Add the closing note + if push_to_jira and not finding_in_group: + jira_helper.add_comment(finding, new_note, force_push=True) + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) + messages.add_message( request, messages.SUCCESS, - 'Finding review has been updated successfully.', - extra_tags='alert-success') - return HttpResponseRedirect( - reverse('view_finding', args=(finding.id, ))) + "Finding review has been updated successfully.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) else: form = ClearFindingReviewForm(instance=finding) - product_tab = Product_Tab(finding.test.engagement.product.id, title="Clear Finding Review", tab="findings") + product_tab = Product_Tab( + finding.test.engagement.product, title="Clear Finding Review", tab="findings" + ) - return render(request, 'dojo/clear_finding_review.html', { - 'finding': finding, - 'product_tab': product_tab, - 'user': user, - 'form': form - }) + return render( + request, + "dojo/clear_finding_review.html", + {"finding": finding, "product_tab": product_tab, "user": user, "form": form}, + ) -@user_is_configuration_authorized('dojo.add_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Add) def mktemplate(request, fid): finding = get_object_or_404(Finding, id=fid) templates = Finding_Template.objects.filter(title=finding.title) @@ -1025,13 +1791,13 @@ def mktemplate(request, fid): messages.add_message( request, messages.ERROR, - 'A finding template with that title already exists.', - extra_tags='alert-danger') + "A finding template with that title already exists.", + extra_tags="alert-danger", + ) else: template = Finding_Template( title=finding.title, cwe=finding.cwe, - cve=finding.cve, cvssv3=finding.cvssv3, severity=finding.severity, description=finding.description, @@ -1039,128 +1805,173 @@ def mktemplate(request, fid): impact=finding.impact, references=finding.references, numerical_severity=finding.numerical_severity, - tags=finding.tags.all()) + tags=finding.tags.all(), + ) template.save() template.tags = finding.tags.all() + for vulnerability_id in finding.vulnerability_ids: + Vulnerability_Id_Template( + finding_template=template, vulnerability_id=vulnerability_id + ).save() + messages.add_message( request, messages.SUCCESS, mark_safe( 'Finding template added successfully. You may edit it here.' - % reverse('edit_template', args=(template.id, ))), - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_finding', args=(finding.id, ))) + % reverse("edit_template", args=(template.id,)) + ), + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') -@user_is_configuration_authorized('dojo.view_finding_template', 'staff') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def find_template_to_apply(request, fid): finding = get_object_or_404(Finding, id=fid) test = get_object_or_404(Test, id=finding.test.id) - templates_by_CVE = Finding_Template.objects.annotate( - cve_len=Length('cve'), order=models.Value(1, models.IntegerField())).filter( - cve=finding.cve, cve_len__gt=0).order_by('-last_used') - if templates_by_CVE.count() == 0: - - templates_by_last_used = Finding_Template.objects.all().order_by( - '-last_used').annotate( - cve_len=Length('cve'), order=models.Value(2, models.IntegerField())) + templates_by_cve = ( + Finding_Template.objects.annotate( + cve_len=Length("cve"), order=models.Value(1, models.IntegerField()) + ) + .filter(cve=finding.cve, cve_len__gt=0) + .order_by("-last_used") + ) + if templates_by_cve.count() == 0: + templates_by_last_used = ( + Finding_Template.objects.all() + .order_by("-last_used") + .annotate( + cve_len=Length("cve"), order=models.Value(2, models.IntegerField()) + ) + ) templates = templates_by_last_used else: - templates_by_last_used = Finding_Template.objects.all().exclude( - cve=finding.cve).order_by( - '-last_used').annotate( - cve_len=Length('cve'), order=models.Value(2, models.IntegerField())) - templates = templates_by_last_used.union(templates_by_CVE).order_by('order', '-last_used') + templates_by_last_used = ( + Finding_Template.objects.all() + .exclude(cve=finding.cve) + .order_by("-last_used") + .annotate( + cve_len=Length("cve"), order=models.Value(2, models.IntegerField()) + ) + ) + templates = templates_by_last_used.union(templates_by_cve).order_by( + "order", "-last_used" + ) templates = TemplateFindingFilter(request.GET, queryset=templates) paged_templates = get_page_items(request, templates.qs, 25) # just query all templates as this weird ordering above otherwise breaks Django ORM - title_words = get_words_for_field(Finding_Template, 'title') - product_tab = Product_Tab(test.engagement.product.id, title="Apply Template to Finding", tab="findings") + title_words = get_words_for_field(Finding_Template, "title") + product_tab = Product_Tab( + test.engagement.product, title="Apply Template to Finding", tab="findings" + ) return render( - request, 'dojo/templates.html', { - 'templates': paged_templates, - 'product_tab': product_tab, - 'filtered': templates, - 'title_words': title_words, - 'tid': test.id, - 'fid': fid, - 'add_from_template': False, - 'apply_template': True, - }) - - -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') + request, + "dojo/templates.html", + { + "templates": paged_templates, + "product_tab": product_tab, + "filtered": templates, + "title_words": title_words, + "tid": test.id, + "fid": fid, + "add_from_template": False, + "apply_template": True, + }, + ) + + +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def choose_finding_template_options(request, tid, fid): finding = get_object_or_404(Finding, id=fid) template = get_object_or_404(Finding_Template, id=tid) data = finding.__dict__ # Not sure what's going on here, just leave same as with django-tagging - data['tags'] = [tag.name for tag in template.tags.all()] + data["tags"] = [tag.name for tag in template.tags.all()] + data["vulnerability_ids"] = "\n".join(finding.vulnerability_ids) + form = ApplyFindingTemplateForm(data=data, template=template) - product_tab = Product_Tab(finding.test.engagement.product.id, title="Finding Template Options", tab="findings") - return render(request, 'dojo/apply_finding_template.html', { - 'finding': finding, - 'product_tab': product_tab, - 'template': template, - 'form': form, - 'finding_tags': [tag.name for tag in finding.tags.all()], - }) + product_tab = Product_Tab( + finding.test.engagement.product, + title="Finding Template Options", + tab="findings", + ) + return render( + request, + "dojo/apply_finding_template.html", + { + "finding": finding, + "product_tab": product_tab, + "template": template, + "form": form, + "finding_tags": [tag.name for tag in finding.tags.all()], + }, + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def apply_template_to_finding(request, fid, tid): finding = get_object_or_404(Finding, id=fid) template = get_object_or_404(Finding_Template, id=tid) - if (request.method == "POST"): + if request.method == "POST": form = ApplyFindingTemplateForm(data=request.POST) if form.is_valid(): template.last_used = timezone.now() template.save() - finding.title = form.cleaned_data['title'] - finding.cwe = form.cleaned_data['cwe'] - finding.cve = form.cleaned_data['cve'] - finding.severity = form.cleaned_data['severity'] - finding.description = form.cleaned_data['description'] - finding.mitigation = form.cleaned_data['mitigation'] - finding.impact = form.cleaned_data['impact'] - finding.references = form.cleaned_data['references'] + finding.title = form.cleaned_data["title"] + finding.cwe = form.cleaned_data["cwe"] + finding.severity = form.cleaned_data["severity"] + finding.description = form.cleaned_data["description"] + finding.mitigation = form.cleaned_data["mitigation"] + finding.impact = form.cleaned_data["impact"] + finding.references = form.cleaned_data["references"] finding.last_reviewed = timezone.now() finding.last_reviewed_by = request.user - finding.tags = form.cleaned_data['tags'] + finding.tags = form.cleaned_data["tags"] + + finding.cve = None + finding_helper.save_vulnerability_ids( + finding, form.cleaned_data["vulnerability_ids"].split() + ) + finding.save() else: messages.add_message( request, messages.ERROR, - 'There appears to be errors on the form, please correct below.', - extra_tags='alert-danger') - # form_error = True - product_tab = Product_Tab(finding.test.engagement.product.id, title="Apply Finding Template", tab="findings") - return render(request, 'dojo/apply_finding_template.html', { - 'finding': finding, - 'product_tab': product_tab, - 'template': template, - 'form': form, - }) - - return HttpResponseRedirect( - reverse('view_finding', args=(finding.id, ))) + "There appears to be errors on the form, please correct below.", + extra_tags="alert-danger", + ) + product_tab = Product_Tab( + finding.test.engagement.product, + title="Apply Finding Template", + tab="findings", + ) + return render( + request, + "dojo/apply_finding_template.html", + { + "finding": finding, + "product_tab": product_tab, + "template": template, + "form": form, + }, + ) + + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) else: - return HttpResponseRedirect( - reverse('view_finding', args=(finding.id, ))) + return HttpResponseRedirect(reverse("view_finding", args=(finding.id,))) -@user_is_authorized(Test, Permissions.Finding_Add, 'tid') +@user_is_authorized(Test, Permissions.Finding_Add, "tid") def add_stub_finding(request, tid): test = get_object_or_404(Test, id=tid) - form = StubFindingForm() - if request.method == 'POST': + if request.method == "POST": form = StubFindingForm(request.POST) if form.is_valid(): stub_finding = form.save(commit=False) @@ -1170,40 +1981,39 @@ def add_stub_finding(request, tid): messages.add_message( request, messages.SUCCESS, - 'Stub Finding created successfully.', - extra_tags='alert-success') - if request.is_ajax(): + "Stub Finding created successfully.", + extra_tags="alert-success", + ) + if request.headers.get("x-requested-with") == "XMLHttpRequest": data = { - 'message': 'Stub Finding created successfully.', - 'id': stub_finding.id, - 'severity': 'None', - 'date': formats.date_format(stub_finding.date, - "DATE_FORMAT") + "message": "Stub Finding created successfully.", + "id": stub_finding.id, + "severity": "None", + "date": formats.date_format(stub_finding.date, "DATE_FORMAT"), } return HttpResponse(json.dumps(data)) else: - if request.is_ajax(): + if request.headers.get("x-requested-with") == "XMLHttpRequest": data = { - 'message': - 'Stub Finding form has error, please revise and try again.', + "message": "Stub Finding form has error, please revise and try again.", } return HttpResponse(json.dumps(data)) messages.add_message( request, messages.ERROR, - 'Stub Finding form has error, please revise and try again.', - extra_tags='alert-danger') + "Stub Finding form has error, please revise and try again.", + extra_tags="alert-danger", + ) add_breadcrumb(title="Add Stub Finding", top_level=False, request=request) - return HttpResponseRedirect(reverse('view_test', args=(tid, ))) + return HttpResponseRedirect(reverse("view_test", args=(tid,))) -@user_is_authorized(Stub_Finding, Permissions.Finding_Delete, 'fid') +@user_is_authorized(Stub_Finding, Permissions.Finding_Delete, "fid") def delete_stub_finding(request, fid): finding = get_object_or_404(Stub_Finding, id=fid) - form = DeleteStubFindingForm(instance=finding) - if request.method == 'POST': + if request.method == "POST": form = DeleteStubFindingForm(request.POST, instance=finding) if form.is_valid(): tid = finding.test.id @@ -1211,45 +2021,59 @@ def delete_stub_finding(request, fid): messages.add_message( request, messages.SUCCESS, - 'Potential Finding deleted successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_test', args=(tid, ))) + "Potential Finding deleted successfully.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_test", args=(tid,))) else: messages.add_message( request, messages.ERROR, - 'Unable to delete potential finding, please try again.', - extra_tags='alert-danger') + "Unable to delete potential finding, please try again.", + extra_tags="alert-danger", + ) else: - return HttpResponseForbidden() + raise PermissionDenied() -@user_is_authorized(Stub_Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Stub_Finding, Permissions.Finding_Edit, "fid") def promote_to_finding(request, fid): finding = get_object_or_404(Stub_Finding, id=fid) test = finding.test form_error = False - jira_available = False push_all_jira_issues = jira_helper.is_push_all_issues(finding) jform = None use_jira = jira_helper.get_jira_project(finding) is not None - product_tab = Product_Tab(finding.test.engagement.product.id, title="Promote Finding", tab="findings") + product_tab = Product_Tab( + finding.test.engagement.product, title="Promote Finding", tab="findings" + ) - if request.method == 'POST': + if request.method == "POST": form = PromoteFindingForm(request.POST, product=test.engagement.product) if use_jira: - jform = JIRAFindingForm(request.POST, instance=finding, prefix='jiraform', push_all=push_all_jira_issues, jira_project=jira_helper.get_jira_project(finding)) + jform = JIRAFindingForm( + request.POST, + instance=finding, + prefix="jiraform", + push_all=push_all_jira_issues, + jira_project=jira_helper.get_jira_project(finding), + ) if form.is_valid() and (jform is None or jform.is_valid()): if jform: - logger.debug('jform.jira_issue: %s', jform.cleaned_data.get('jira_issue')) - logger.debug('jform.push_to_jira: %s', jform.cleaned_data.get('push_to_jira')) + logger.debug( + "jform.jira_issue: %s", jform.cleaned_data.get("jira_issue") + ) + logger.debug( + JFORM_PUSH_TO_JIRA_MESSAGE, jform.cleaned_data.get("push_to_jira") + ) new_finding = form.save(commit=False) new_finding.test = test new_finding.reporter = request.user new_finding.numerical_severity = Finding.get_numerical_severity( - new_finding.severity) + new_finding.severity + ) new_finding.active = True new_finding.false_p = False @@ -1260,117 +2084,138 @@ def promote_to_finding(request, fid): new_finding.save() - # Save and add new endpoints finding_helper.add_endpoints(new_finding, form) - # Push to jira? push_to_jira = False - jira_message = None if jform and jform.is_valid(): # Push to Jira? - logger.debug('jira form valid') - push_to_jira = push_all_jira_issues or jform.cleaned_data.get('push_to_jira') + logger.debug("jira form valid") + push_to_jira = push_all_jira_issues or jform.cleaned_data.get( + "push_to_jira" + ) # if the jira issue key was changed, update database - new_jira_issue_key = jform.cleaned_data.get('jira_issue') + new_jira_issue_key = jform.cleaned_data.get("jira_issue") if new_finding.has_jira_issue: - jira_issue = new_finding.jira_issue - - # everything in DD around JIRA integration is based on the internal id of the issue in JIRA - # instead of on the public jira issue key. - # I have no idea why, but it means we have to retrieve the issue from JIRA to get the internal JIRA id. - # we can assume the issue exist, which is already checked in the validation of the jform + # vaiable "jira_issue" no used + # jira_issue = new_finding.jira_issue + """ + everything in DD around JIRA integration is based on the internal id of + the issue in JIRA instead of on the public jira issue key. + I have no idea why, but it means we have to retrieve + the issue from JIRA to get the internal JIRA id. we can assume the issue exist, + which is already checked in the validation of the jform + """ if not new_jira_issue_key: jira_helper.finding_unlink_jira(request, new_finding) - jira_message = 'Link to JIRA issue removed successfully.' elif new_jira_issue_key != new_finding.jira_issue.jira_key: jira_helper.finding_unlink_jira(request, new_finding) - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Changed JIRA link successfully.' + jira_helper.finding_link_jira( + request, new_finding, new_jira_issue_key + ) else: - logger.debug('finding has no jira issue yet') + logger.debug("finding has no jira issue yet") if new_jira_issue_key: - logger.debug('finding has no jira issue yet, but jira issue specified in request. trying to link.') - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Linked a JIRA issue successfully.' + logger.debug( + "finding has no jira issue yet, but jira issue specified in request. trying to link.") + jira_helper.finding_link_jira( + request, new_finding, new_jira_issue_key + ) + + finding_helper.save_vulnerability_ids( + new_finding, form.cleaned_data["vulnerability_ids"].split() + ) - # Save it and push it to JIRA new_finding.save(push_to_jira=push_to_jira) - # Delete potential finding finding.delete() - if 'githubform' in request.POST: + if "githubform" in request.POST: gform = GITHUBFindingForm( request.POST, - prefix='githubform', + prefix="githubform", enabled=GITHUB_PKey.objects.get( - product=test.engagement.product).push_all_issues) + product=test.engagement.product + ).push_all_issues, + ) if gform.is_valid(): - add_external_issue(new_finding, 'github') + add_external_issue(new_finding, "github") messages.add_message( request, messages.SUCCESS, - 'Finding promoted successfully.', - extra_tags='alert-success') + "Finding promoted successfully.", + extra_tags="alert-success", + ) - return HttpResponseRedirect(reverse('view_test', args=(test.id, ))) + return HttpResponseRedirect(reverse("view_test", args=(test.id,))) else: form_error = True - add_error_message_to_response('The form has errors, please correct them below.') + add_error_message_to_response( + "The form has errors, please correct them below." + ) add_field_errors_to_response(jform) add_field_errors_to_response(form) else: - form = PromoteFindingForm( initial={ - 'title': finding.title, - 'product_tab': product_tab, - 'date': finding.date, - 'severity': finding.severity, - 'description': finding.description, - 'test': finding.test, - 'reporter': finding.reporter - }, product=test.engagement.product) + "title": finding.title, + "product_tab": product_tab, + "date": finding.date, + "severity": finding.severity, + "description": finding.description, + "test": finding.test, + "reporter": finding.reporter, + }, + product=test.engagement.product, + ) if use_jira: - jform = JIRAFindingForm(prefix='jiraform', push_all=jira_helper.is_push_all_issues(test), jira_project=jira_helper.get_jira_project(test)) + jform = JIRAFindingForm( + prefix="jiraform", + push_all=jira_helper.is_push_all_issues(test), + jira_project=jira_helper.get_jira_project(test), + ) return render( - request, 'dojo/promote_to_finding.html', { - 'form': form, - 'product_tab': product_tab, - 'test': test, - 'stub_finding': finding, - 'form_error': form_error, - 'jform': jform, - }) + request, + "dojo/promote_to_finding.html", + { + "form": form, + "product_tab": product_tab, + "test": test, + "stub_finding": finding, + "form_error": form_error, + "jform": jform, + }, + ) -@user_is_configuration_authorized('dojo.view_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Edit) def templates(request): - templates = Finding_Template.objects.all().order_by('cwe') + templates = Finding_Template.objects.all().order_by("cwe") templates = TemplateFindingFilter(request.GET, queryset=templates) paged_templates = get_page_items(request, templates.qs, 25) - title_words = get_words_for_field(templates.qs, 'title') + title_words = get_words_for_field(templates.qs, "title") add_breadcrumb(title="Template Listing", top_level=True, request=request) return render( - request, 'dojo/templates.html', { - 'templates': paged_templates, - 'filtered': templates, - 'title_words': title_words, - - }) + request, + "dojo/templates.html", + { + "templates": paged_templates, + "filtered": templates, + "title_words": title_words, + }, + ) -@user_is_configuration_authorized('dojo.view_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Edit) def export_templates_to_json(request): - leads_as_json = serializers.serialize('json', Finding_Template.objects.all()) - return HttpResponse(leads_as_json, content_type='json') + leads_as_json = serializers.serialize("json", Finding_Template.objects.all()) + return HttpResponse(leads_as_json, content_type="json") def apply_cwe_mitigation(apply_to_findings, template, update=True): @@ -1379,15 +2224,31 @@ def apply_cwe_mitigation(apply_to_findings, template, update=True): # Update active, verified findings with the CWE template # If CWE only match only update issues where there isn't a CWE + Title match if template.template_match_title: - count = Finding.objects.filter(active=True, verified=True, cwe=template.cwe, title__icontains=template.title).update(mitigation=template.mitigation, impact=template.impact, references=template.references) + count = Finding.objects.filter( + active=True, + verified=True, + cwe=template.cwe, + title__icontains=template.title, + ).update( + mitigation=template.mitigation, + impact=template.impact, + references=template.references, + ) else: - finding_templates = Finding_Template.objects.filter(cwe=template.cwe, template_match=True, template_match_title=True) + finding_templates = Finding_Template.objects.filter( + cwe=template.cwe, template_match=True, template_match_title=True + ) finding_ids = None result_list = None # Exclusion list for title_template in finding_templates: - finding_ids = Finding.objects.filter(active=True, verified=True, cwe=title_template.cwe, title__icontains=title_template.title).values_list('id', flat=True) + finding_ids = Finding.objects.filter( + active=True, + verified=True, + cwe=title_template.cwe, + title__icontains=title_template.title, + ).values_list("id", flat=True) if result_list is None: result_list = finding_ids else: @@ -1395,9 +2256,13 @@ def apply_cwe_mitigation(apply_to_findings, template, update=True): # If result_list is None the filter exclude won't work if result_list: - count = Finding.objects.filter(active=True, verified=True, cwe=template.cwe).exclude(id__in=result_list) + count = Finding.objects.filter( + active=True, verified=True, cwe=template.cwe + ).exclude(id__in=result_list) else: - count = Finding.objects.filter(active=True, verified=True, cwe=template.cwe) + count = Finding.objects.filter( + active=True, verified=True, cwe=template.cwe + ) if update: # MySQL won't allow an 'update in statement' so loop will have to do @@ -1408,8 +2273,13 @@ def apply_cwe_mitigation(apply_to_findings, template, update=True): template.last_used = timezone.now() template.save() new_note = Notes() - new_note.entry = 'CWE remediation text applied to finding for CWE: %s using template: %s.' % (template.cwe, template.title) - new_note.author, created = User.objects.get_or_create(username='System') + new_note.entry = ( + "CWE remediation text applied to finding for CWE: %s using template: %s." + % (template.cwe, template.title) + ) + new_note.author, created = User.objects.get_or_create( + username="System" + ) new_note.save() finding.notes.add(new_note) finding.save() @@ -1418,141 +2288,172 @@ def apply_cwe_mitigation(apply_to_findings, template, update=True): return count -@user_is_configuration_authorized('dojo.add_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Add) def add_template(request): form = FindingTemplateForm() - if request.method == 'POST': + if request.method == "POST": form = FindingTemplateForm(request.POST) if form.is_valid(): apply_message = "" template = form.save(commit=False) - template.numerical_severity = Finding.get_numerical_severity(template.severity) + template.numerical_severity = Finding.get_numerical_severity( + template.severity + ) template.save() + finding_helper.save_vulnerability_ids_template( + template, form.cleaned_data["vulnerability_ids"].split() + ) form.save_m2m() - count = apply_cwe_mitigation(form.cleaned_data["apply_to_findings"], template) + count = apply_cwe_mitigation( + form.cleaned_data["apply_to_findings"], template + ) if count > 0: - apply_message = " and " + str(count) + pluralize(count, 'finding,findings') + " " + apply_message = ( + " and " + str(count) + pluralize(count, "finding,findings") + " " + ) messages.add_message( request, messages.SUCCESS, - 'Template created successfully. ' + apply_message, - extra_tags='alert-success') - return HttpResponseRedirect(reverse('templates')) + "Template created successfully. " + apply_message, + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("templates")) else: messages.add_message( request, messages.ERROR, - 'Template form has error, please revise and try again.', - extra_tags='alert-danger') + "Template form has error, please revise and try again.", + extra_tags="alert-danger", + ) add_breadcrumb(title="Add Template", top_level=False, request=request) - return render(request, 'dojo/add_template.html', { - 'form': form, - 'name': 'Add Template' - }) + return render( + request, "dojo/add_template.html", {"form": form, "name": "Add Template"} + ) -@user_is_configuration_authorized('dojo.change_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Edit) def edit_template(request, tid): template = get_object_or_404(Finding_Template, id=tid) - form = FindingTemplateForm(instance=template) + form = FindingTemplateForm( + instance=template, + initial={"vulnerability_ids": "\n".join(template.vulnerability_ids)}, + ) - if request.method == 'POST': + if request.method == "POST": form = FindingTemplateForm(request.POST, instance=template) if form.is_valid(): template = form.save(commit=False) - template.numerical_severity = Finding.get_numerical_severity(template.severity) + template.numerical_severity = Finding.get_numerical_severity( + template.severity + ) + finding_helper.save_vulnerability_ids_template( + template, form.cleaned_data["vulnerability_ids"].split() + ) template.save() form.save_m2m() - count = apply_cwe_mitigation(form.cleaned_data["apply_to_findings"], template) + count = apply_cwe_mitigation( + form.cleaned_data["apply_to_findings"], template + ) if count > 0: - apply_message = " and " + str(count) + " " + pluralize(count, 'finding,findings') + " " + apply_message = ( + " and " + + str(count) + + " " + + pluralize(count, "finding,findings") + + " " + ) else: apply_message = "" messages.add_message( request, messages.SUCCESS, - 'Template ' + apply_message + 'updated successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('templates')) + "Template " + apply_message + "updated successfully.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("templates")) else: messages.add_message( request, messages.ERROR, - 'Template form has error, please revise and try again.', - extra_tags='alert-danger') + "Template form has error, please revise and try again.", + extra_tags="alert-danger", + ) count = apply_cwe_mitigation(True, template, False) add_breadcrumb(title="Edit Template", top_level=False, request=request) - return render(request, 'dojo/add_template.html', { - 'form': form, - 'count': count, - 'name': 'Edit Template', - 'template': template, - }) + return render( + request, + "dojo/add_template.html", + { + "form": form, + "count": count, + "name": "Edit Template", + "template": template, + }, + ) -@user_is_configuration_authorized('dojo.delete_finding_template', 'staff') +@user_has_global_permission(Permissions.Finding_Delete) def delete_template(request, tid): template = get_object_or_404(Finding_Template, id=tid) - - form = DeleteFindingTemplateForm(instance=template) - - if request.method == 'POST': + if request.method == "POST": form = DeleteFindingTemplateForm(request.POST, instance=template) if form.is_valid(): template.delete() messages.add_message( request, messages.SUCCESS, - 'Finding Template deleted successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('templates')) + "Finding Template deleted successfully.", + extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("templates")) else: messages.add_message( request, messages.ERROR, - 'Unable to delete Template, please revise and try again.', - extra_tags='alert-danger') + "Unable to delete Template, please revise and try again.", + extra_tags="alert-danger", + ) else: - return HttpResponseForbidden() + raise PermissionDenied() def download_finding_pic(request, token): class Thumbnail(ImageSpec): processors = [ResizeToFill(100, 100)] - format = 'JPEG' - options = {'quality': 70} + format = "JPEG" + options = {"quality": 70} class Small(ImageSpec): processors = [ResizeToFill(640, 480)] - format = 'JPEG' - options = {'quality': 100} + format = "JPEG" + options = {"quality": 100} class Medium(ImageSpec): processors = [ResizeToFill(800, 600)] - format = 'JPEG' - options = {'quality': 100} + format = "JPEG" + options = {"quality": 100} class Large(ImageSpec): processors = [ResizeToFill(1024, 768)] - format = 'JPEG' - options = {'quality': 100} + format = "JPEG" + options = {"quality": 100} class Original(ImageSpec): - format = 'JPEG' - options = {'quality': 100} + format = "JPEG" + options = {"quality": 100} mimetypes.init() size_map = { - 'thumbnail': Thumbnail, - 'small': Small, - 'medium': Medium, - 'large': Large, - 'original': Original, + "thumbnail": Thumbnail, + "small": Small, + "medium": Medium, + "large": Large, + "original": Original, } try: @@ -1564,98 +2465,125 @@ class Original(ImageSpec): size = access_token.size # we know there is a token - is it for this image if access_token.size == size: - ''' all is good, one time token used, delete it ''' + """all is good, one time token used, delete it""" access_token.delete() else: raise PermissionDenied - except: + except Exception: raise PermissionDenied - with open(access_token.file.file.file.name, 'rb') as file: + with open(access_token.file.file.file.name, "rb") as file: file_name = file.name image = size_map[size](source=file).generate() response = StreamingHttpResponse(FileIterWrapper(image)) - response['Content-Disposition'] = 'inline' + response["Content-Disposition"] = "inline" mimetype, encoding = mimetypes.guess_type(file_name) - response['Content-Type'] = mimetype + response["Content-Type"] = mimetype return response -@user_is_authorized(Product, Permissions.Finding_Edit, 'pid') +@user_is_authorized(Product, Permissions.Finding_Edit, "pid") def merge_finding_product(request, pid): product = get_object_or_404(Product, pk=pid) - finding_to_update = request.GET.getlist('finding_to_update') + finding_to_update = request.GET.getlist("finding_to_update") findings = None - if (request.GET.get('merge_findings') or request.method == 'POST') and finding_to_update: - finding = Finding.objects.get(id=finding_to_update[0], test__engagement__product=product) - findings = Finding.objects.filter(id__in=finding_to_update, test__engagement__product=product) - form = MergeFindings(finding=finding, findings=findings, initial={'finding_to_merge_into': finding_to_update[0]}) + if ( + request.GET.get("merge_findings") or request.method == "POST" + ) and finding_to_update: + finding = Finding.objects.get( + id=finding_to_update[0], test__engagement__product=product + ) + findings = Finding.objects.filter( + id__in=finding_to_update, test__engagement__product=product + ) + form = MergeFindings( + finding=finding, + findings=findings, + initial={"finding_to_merge_into": finding_to_update[0]}, + ) - if request.method == 'POST': + if request.method == "POST": form = MergeFindings(request.POST, finding=finding, findings=findings) if form.is_valid(): - finding_to_merge_into = form.cleaned_data['finding_to_merge_into'] - findings_to_merge = form.cleaned_data['findings_to_merge'] - finding_descriptions = '' - finding_references = '' - notes_entry = '' + finding_to_merge_into = form.cleaned_data["finding_to_merge_into"] + findings_to_merge = form.cleaned_data["findings_to_merge"] + finding_descriptions = "" + finding_references = "" + notes_entry = "" static = False dynamic = False if finding_to_merge_into not in findings_to_merge: - for finding in findings_to_merge.exclude(pk=finding_to_merge_into.pk): - notes_entry = "{} {} ({}),".format(notes_entry, finding.title, finding.id) + for finding in findings_to_merge.exclude( + pk=finding_to_merge_into.pk + ): + notes_entry = "{}\n- {} ({}),".format( + notes_entry, finding.title, finding.id + ) if finding.static_finding: static = finding.static_finding if finding.dynamic_finding: dynamic = finding.dynamic_finding - if finding.line: - line = finding.line - - if finding.file_path: - file_path = finding.file_path - - # If checked merge the descriptions - if form.cleaned_data['append_description']: - finding_descriptions = "{}\n{}".format(finding_descriptions, finding.description) + if form.cleaned_data["append_description"]: + finding_descriptions = "{}\n{}".format( + finding_descriptions, finding.description + ) # Workaround until file path is one to many if finding.file_path: - finding_descriptions = "{}\n**File Path:** {}\n".format(finding_descriptions, finding.file_path) + finding_descriptions = "{}\n**File Path:** {}\n".format( + finding_descriptions, finding.file_path + ) # If checked merge the Reference - if form.cleaned_data['append_reference']: - finding_references = "{}\n{}".format(finding_references, finding.references) + if ( + form.cleaned_data["append_reference"] + and finding.references is not None + ): + finding_references = "{}\n{}".format( + finding_references, finding.references + ) # if checked merge the endpoints - if form.cleaned_data['add_endpoints']: - finding_to_merge_into.endpoints.add(*finding.endpoints.all()) + if form.cleaned_data["add_endpoints"]: + finding_to_merge_into.endpoints.add( + *finding.endpoints.all() + ) # if checked merge the tags - if form.cleaned_data['tag_finding']: + if form.cleaned_data["tag_finding"]: for tag in finding.tags.all(): finding_to_merge_into.tags.add(tag) # if checked re-assign the burp requests to the merged finding - if form.cleaned_data['dynamic_raw']: - BurpRawRequestResponse.objects.filter(finding=finding).update(finding=finding_to_merge_into) + if form.cleaned_data["dynamic_raw"]: + BurpRawRequestResponse.objects.filter( + finding=finding + ).update(finding=finding_to_merge_into) # Add merge finding information to the note if set to inactive - if form.cleaned_data['finding_action'] == "inactive": - single_finding_notes_entry = "Finding has been set to inactive and merged with the finding: {}.".format(finding_to_merge_into.title) - note = Notes(entry=single_finding_notes_entry, author=request.user) + if form.cleaned_data["finding_action"] == "inactive": + single_finding_notes_entry = ("Finding has been set to inactive " + "and merged with the finding: {}.").format( + finding_to_merge_into.title + ) + note = Notes( + entry=single_finding_notes_entry, author=request.user + ) note.save() finding.notes.add(note) # If the merged finding should be tagged as merged-into - if form.cleaned_data['mark_tag_finding']: + if form.cleaned_data["mark_tag_finding"]: finding.tags.add("merged-inactive") # Update the finding to merge into - if finding_descriptions != '': - finding_to_merge_into.description = "{}\n\n{}".format(finding_to_merge_into.description, finding_descriptions) + if finding_descriptions != "": + finding_to_merge_into.description = "{}\n\n{}".format( + finding_to_merge_into.description, finding_descriptions + ) if finding_to_merge_into.static_finding: static = finding.static_finding @@ -1663,14 +2591,10 @@ def merge_finding_product(request, pid): if finding_to_merge_into.dynamic_finding: dynamic = finding.dynamic_finding - if finding_to_merge_into.line is None: - line = finding_to_merge_into.line - - if finding_to_merge_into.file_path is None: - file_path = finding_to_merge_into.file_path - - if finding_references != '': - finding_to_merge_into.references = "{}\n{}".format(finding_to_merge_into.references, finding_references) + if finding_references != "": + finding_to_merge_into.references = "{}\n{}".format( + finding_to_merge_into.references, finding_references + ) finding_to_merge_into.static_finding = static finding_to_merge_into.dynamic_finding = dynamic @@ -1683,19 +2607,26 @@ def merge_finding_product(request, pid): finding_to_merge_into.save() # If the finding merged into should be tagged as merged - if form.cleaned_data['mark_tag_finding']: + if form.cleaned_data["mark_tag_finding"]: finding_to_merge_into.tags.add("merged") finding_action = "" # Take action on the findings - if form.cleaned_data['finding_action'] == "inactive": + if form.cleaned_data["finding_action"] == "inactive": finding_action = "inactivated" - findings_to_merge.exclude(pk=finding_to_merge_into.pk).update(active=False, last_reviewed=timezone.now(), last_reviewed_by=request.user) - elif form.cleaned_data['finding_action'] == "delete": + findings_to_merge.exclude(pk=finding_to_merge_into.pk).update( + active=False, + last_reviewed=timezone.now(), + last_reviewed_by=request.user, + ) + elif form.cleaned_data["finding_action"] == "delete": finding_action = "deleted" findings_to_merge.delete() - notes_entry = "Finding consists of merged findings from the following findings: {} which have been {}.".format(notes_entry[:-1], finding_action) + notes_entry = ("Finding consists of merged findings from the following " + "findings which have been {}: {}").format( + finding_action, notes_entry[:-1] + ) note = Notes(entry=notes_entry, author=request.user) note.save() finding_to_merge_into.notes.add(note) @@ -1703,60 +2634,79 @@ def merge_finding_product(request, pid): messages.add_message( request, messages.SUCCESS, - 'Findings merged', - extra_tags='alert-success') + "Findings merged", + extra_tags="alert-success", + ) return HttpResponseRedirect( - reverse('edit_finding', args=(finding_to_merge_into.id, ))) + reverse("edit_finding", args=(finding_to_merge_into.id,)) + ) else: - messages.add_message(request, - messages.ERROR, - 'Unable to merge findings. Findings to merge contained in finding to merge into.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + "Unable to merge findings. Findings to merge contained in finding to merge into.", + extra_tags="alert-danger", + ) else: - messages.add_message(request, - messages.ERROR, - 'Unable to merge findings. Required fields were not selected.', - extra_tags='alert-danger') - - product_tab = Product_Tab(finding.test.engagement.product.id, title="Merge Findings", tab="findings") - custom_breadcrumb = {"Open Findings": reverse('product_open_findings', args=(finding.test.engagement.product.id, )) + '?test__engagement__product=' + str(finding.test.engagement.product.id)} + messages.add_message( + request, + messages.ERROR, + "Unable to merge findings. Required fields were not selected.", + extra_tags="alert-danger", + ) + + product_tab = Product_Tab( + finding.test.engagement.product, title="Merge Findings", tab="findings" + ) + custom_breadcrumb = { + "Open Findings": reverse( + "product_open_findings", args=(finding.test.engagement.product.id,) + ) + + "?test__engagement__product=" + + str(finding.test.engagement.product.id) + } - return render(request, 'dojo/merge_findings.html', { - 'form': form, - 'name': 'Merge Findings', - 'finding': finding, - 'product_tab': product_tab, - 'title': product_tab.title, - 'custom_breadcrumb': custom_breadcrumb - }) + return render( + request, + "dojo/merge_findings.html", + { + "form": form, + "name": "Merge Findings", + "finding": finding, + "product_tab": product_tab, + "title": product_tab.title, + "custom_breadcrumb": custom_breadcrumb, + }, + ) # bulk update and delete are combined, so we can't have the nice user_is_authorized decorator def finding_bulk_update_all(request, pid=None): - logger.debug('bulk 10') + system_settings = System_Settings.objects.get() + + logger.debug("bulk 10") form = FindingBulkUpdateForm(request.POST) now = timezone.now() return_url = None if request.method == "POST": - logger.debug('bulk 20') + logger.debug("bulk 20") - finding_to_update = request.POST.getlist('finding_to_update') + finding_to_update = request.POST.getlist("finding_to_update") finds = Finding.objects.filter(id__in=finding_to_update).order_by("id") total_find_count = finds.count() - skipped_find_count = 0 prods = set([find.test.engagement.product for find in finds]) - if request.POST.get('delete_bulk_findings'): + if request.POST.get("delete_bulk_findings"): if form.is_valid() and finding_to_update: - - if pid is None: - if not request.user.is_staff: - raise PermissionDenied - else: + if pid is not None: product = get_object_or_404(Product, id=pid) - user_has_permission_or_403(request.user, product, Permissions.Finding_Delete) + user_has_permission_or_403( + request.user, product, Permissions.Finding_Delete + ) - finds = get_authorized_findings(Permissions.Finding_Delete, finds).distinct() + finds = get_authorized_findings( + Permissions.Finding_Delete, finds + ).distinct() skipped_find_count = total_find_count - finds.count() deleted_find_count = finds.count() @@ -1764,52 +2714,65 @@ def finding_bulk_update_all(request, pid=None): for find in finds: find.delete() - # for prod in prods: - # calculate_grade(prod) - if skipped_find_count > 0: - add_error_message_to_response('Skipped deletion of {} findings because you are not authorized.'.format(skipped_find_count)) + add_error_message_to_response( + "Skipped deletion of {} findings because you are not authorized.".format( + skipped_find_count + ) + ) if deleted_find_count > 0: - messages.add_message(request, + messages.add_message( + request, messages.SUCCESS, - 'Bulk delete of {} findings was successful.'.format(deleted_find_count), - extra_tags='alert-success') + "Bulk delete of {} findings was successful.".format( + deleted_find_count + ), + extra_tags="alert-success", + ) else: if form.is_valid() and finding_to_update: - - if pid is None: - if not request.user.is_staff: - raise PermissionDenied - else: + if pid is not None: product = get_object_or_404(Product, id=pid) - user_has_permission_or_403(request.user, product, Permissions.Finding_Edit) + user_has_permission_or_403( + request.user, product, Permissions.Finding_Edit + ) # make sure users are not editing stuff they are not authorized for - finds = get_authorized_findings(Permissions.Finding_Edit, finds).distinct() + finds = get_authorized_findings( + Permissions.Finding_Edit, finds + ).distinct() skipped_find_count = total_find_count - finds.count() updated_find_count = finds.count() if skipped_find_count > 0: - add_error_message_to_response('Skipped update of {} findings because you are not authorized.'.format(skipped_find_count)) + add_error_message_to_response( + "Skipped update of {} findings because you are not authorized.".format( + skipped_find_count + ) + ) finds = prefetch_for_findings(finds) - if form.cleaned_data['severity'] or form.cleaned_data['status']: + if form.cleaned_data["severity"] or form.cleaned_data["status"]: for find in finds: - if form.cleaned_data['severity']: - find.severity = form.cleaned_data['severity'] - find.numerical_severity = Finding.get_numerical_severity(form.cleaned_data['severity']) + old_find = copy.deepcopy(find) + + if form.cleaned_data["severity"]: + find.severity = form.cleaned_data["severity"] + find.numerical_severity = Finding.get_numerical_severity( + form.cleaned_data["severity"] + ) find.last_reviewed = now find.last_reviewed_by = request.user - if form.cleaned_data['status']: + if form.cleaned_data["status"]: # logger.debug('setting status from bulk edit form: %s', form) - find.active = form.cleaned_data['active'] - find.verified = form.cleaned_data['verified'] - find.false_p = form.cleaned_data['false_p'] - find.out_of_scope = form.cleaned_data['out_of_scope'] - find.is_mitigated = form.cleaned_data['is_mitigated'] + find.active = form.cleaned_data["active"] + find.verified = form.cleaned_data["verified"] + find.false_p = form.cleaned_data["false_p"] + find.out_of_scope = form.cleaned_data["out_of_scope"] + find.is_mitigated = form.cleaned_data["is_mitigated"] find.last_reviewed = timezone.now() find.last_reviewed_by = request.user @@ -1817,134 +2780,268 @@ def finding_bulk_update_all(request, pid=None): # it will trigger the pre_save signal find.save_no_options() + if system_settings.false_positive_history: + # If finding is being marked as false positive + if find.false_p: + do_false_positive_history(find) + + # If finding was a false positive and is being reactivated: retroactively reactivates all equal findings + elif old_find.false_p and not find.false_p: + if system_settings.retroactive_false_positive_history: + logger.debug('FALSE_POSITIVE_HISTORY: Reactivating existing findings based on: %s', find) + + existing_fp_findings = match_finding_to_existing_findings( + find, product=find.test.engagement.product + ).filter(false_p=True) + + for fp in existing_fp_findings: + logger.debug('FALSE_POSITIVE_HISTORY: Reactivating false positive %i: %s', fp.id, fp) + fp.active = find.active + fp.verified = find.verified + fp.false_p = False + fp.out_of_scope = find.out_of_scope + fp.is_mitigated = find.is_mitigated + fp.save_no_options() + for prod in prods: calculate_grade(prod) + if form.cleaned_data["date"]: + for finding in finds: + finding.date = form.cleaned_data["date"] + finding.save_no_options() + + if form.cleaned_data["planned_remediation_date"]: + for finding in finds: + finding.planned_remediation_date = form.cleaned_data[ + "planned_remediation_date" + ] + finding.save_no_options() + + if form.cleaned_data["planned_remediation_version"]: + for finding in finds: + finding.planned_remediation_version = form.cleaned_data[ + "planned_remediation_version" + ] + finding.save_no_options() + skipped_risk_accept_count = 0 - if form.cleaned_data['risk_acceptance']: + if form.cleaned_data["risk_acceptance"]: for finding in finds: if not finding.duplicate: - if form.cleaned_data['risk_accept']: - if not finding.test.engagement.product.enable_simple_risk_acceptance: + if form.cleaned_data["risk_accept"]: + if ( + not finding.test.engagement.product.enable_simple_risk_acceptance + ): skipped_risk_accept_count += 1 else: ra_helper.simple_risk_accept(finding) - elif form.cleaned_data['risk_unaccept']: + elif form.cleaned_data["risk_unaccept"]: ra_helper.risk_unaccept(finding) for prod in prods: calculate_grade(prod) if skipped_risk_accept_count > 0: - messages.add_message(request, - messages.WARNING, - 'Skipped simple risk acceptance of %i findings, simple risk acceptance is disabled on the related products' % skipped_risk_accept_count, - extra_tags='alert-warning') - - if form.cleaned_data['finding_group_create']: - logger.debug('finding_group_create checked!') - finding_group_name = form.cleaned_data['finding_group_create_name'] - logger.debug('finding_group_create_name: %s', finding_group_name) - finding_group, added, skipped = finding_helper.create_finding_group(finds, finding_group_name) + messages.add_message( + request, + messages.WARNING, + ("Skipped simple risk acceptance of %i findings, " + "simple risk acceptance is disabled on the related products") + % skipped_risk_accept_count, + extra_tags="alert-warning", + ) + + if form.cleaned_data["finding_group_create"]: + logger.debug("finding_group_create checked!") + finding_group_name = form.cleaned_data["finding_group_create_name"] + logger.debug("finding_group_create_name: %s", finding_group_name) + finding_group, added, skipped = finding_helper.create_finding_group( + finds, finding_group_name + ) if added: - add_success_message_to_response('Created finding group with %s findings' % added) - return_url = reverse('view_finding_group', args=(finding_group.id,)) + add_success_message_to_response( + "Created finding group with %s findings" % added + ) + return_url = reverse( + "view_finding_group", args=(finding_group.id,) + ) if skipped: - add_success_message_to_response('Skipped %s findings in group creation, findings already part of another group' % skipped) + add_success_message_to_response( + "Skipped %s findings in group creation, findings already part of another group" + % skipped + ) # refresh findings from db finds = finds.all() - if form.cleaned_data['finding_group_add']: - logger.debug('finding_group_add checked!') - fgid = form.cleaned_data['add_to_finding_group'] + if form.cleaned_data["finding_group_add"]: + logger.debug("finding_group_add checked!") + fgid = form.cleaned_data["add_to_finding_group_id"] finding_group = Finding_Group.objects.get(id=fgid) - finding_group, added, skipped = finding_helper.add_to_finding_group(finding_group, finds) + finding_group, added, skipped = finding_helper.add_to_finding_group( + finding_group, finds + ) if added: - add_success_message_to_response('Added %s findings to finding group %s' % (added, finding_group.name)) - return_url = reverse('view_finding_group', args=(finding_group.id,)) + add_success_message_to_response( + "Added %s findings to finding group %s" + % (added, finding_group.name) + ) + return_url = reverse( + "view_finding_group", args=(finding_group.id,) + ) if skipped: - add_success_message_to_response('Skipped %s findings when adding to finding group %s, findings already part of another group' % (skipped, finding_group.name)) + add_success_message_to_response( + ("Skipped %s findings when adding to finding group %s, " + "findings already part of another group") + % (skipped, finding_group.name) + ) # refresh findings from db finds = finds.all() - if form.cleaned_data['finding_group_remove']: - logger.debug('finding_group_remove checked!') - finding_groups, removed, skipped = finding_helper.remove_from_finding_group(finds) + if form.cleaned_data["finding_group_remove"]: + logger.debug("finding_group_remove checked!") + ( + finding_groups, + removed, + skipped, + ) = finding_helper.remove_from_finding_group(finds) if removed: - add_success_message_to_response('Removed %s findings from finding groups %s' % (removed, ','.join([finding_group.name for finding_group in finding_groups]))) + add_success_message_to_response( + "Removed %s findings from finding groups %s" + % ( + removed, + ",".join( + [ + finding_group.name + for finding_group in finding_groups + ] + ), + ) + ) if skipped: - add_success_message_to_response('Skipped %s findings when removing from any finding group, findings not part of any group' % (skipped)) + add_success_message_to_response( + "Skipped %s findings when removing from any finding group, findings not part of any group" + % (skipped) + ) # refresh findings from db finds = finds.all() - if form.cleaned_data['finding_group_by']: - logger.debug('finding_group_by checked!') + if form.cleaned_data["finding_group_by"]: + logger.debug("finding_group_by checked!") logger.debug(form.cleaned_data) - finding_group_by_option = form.cleaned_data['finding_group_by_option'] - logger.debug('finding_group_by_option: %s', finding_group_by_option) - - finding_groups, grouped, skipped, groups_created = finding_helper.group_findings_by(finds, finding_group_by_option) + finding_group_by_option = form.cleaned_data[ + "finding_group_by_option" + ] + logger.debug("finding_group_by_option: %s", finding_group_by_option) + + ( + finding_groups, + grouped, + skipped, + groups_created, + ) = finding_helper.group_findings_by(finds, finding_group_by_option) if grouped: - add_success_message_to_response('Grouped %d findings into %d (%d newly created) finding groups' % (grouped, len(finding_groups), groups_created)) + add_success_message_to_response( + "Grouped %d findings into %d (%d newly created) finding groups" + % (grouped, len(finding_groups), groups_created) + ) if skipped: - add_success_message_to_response('Skipped %s findings when grouping by %s as these findings were already in an existing group' % (skipped, finding_group_by_option)) + add_success_message_to_response( + ("Skipped %s findings when grouping by %s as these findings " + "were already in an existing group") + % (skipped, finding_group_by_option) + ) # refresh findings from db finds = finds.all() - if form.cleaned_data['push_to_github']: - logger.info('push selected findings to github') + if form.cleaned_data["push_to_github"]: + logger.debug("push selected findings to github") for finding in finds: - logger.debug('will push to GitHub finding: ' + str(finding)) + logger.debug("will push to GitHub finding: " + str(finding)) old_status = finding.status() - if form.cleaned_data['push_to_github']: + if form.cleaned_data["push_to_github"]: if GITHUB_Issue.objects.filter(finding=finding).exists(): - update_external_issue(finding, old_status, 'github') + update_external_issue(finding, old_status, "github") else: - add_external_issue(finding, 'github') + add_external_issue(finding, "github") + + if form.cleaned_data["notes"]: + logger.debug("Setting bulk notes") + note = Notes( + entry=form.cleaned_data["notes"], + author=request.user, + date=timezone.now(), + ) + note.save() + history = NoteHistory( + data=note.entry, time=note.date, current_editor=note.author + ) + history.save() + note.history.add(history) + for finding in finds: + finding.notes.add(note) + finding.save() - if form.cleaned_data['tags']: + if form.cleaned_data["tags"]: for finding in finds: - # tags = tagulous.utils.render_tags(form.cleaned_data['tags']) - tags = form.cleaned_data['tags'] - logger.debug('bulk_edit: setting tags for: %i %s %s', finding.id, finding, tags) + tags = form.cleaned_data["tags"] + logger.debug( + "bulk_edit: setting tags for: %i %s %s", + finding.id, + finding, + tags, + ) # currently bulk edit overwrites existing tags finding.tags = tags finding.save() error_counts = defaultdict(lambda: 0) success_count = 0 - finding_groups = set([find.finding_group for find in finds if find.has_finding_group]) - logger.info('finding_groups: %s', finding_groups) + finding_groups = set( + [find.finding_group for find in finds if find.has_finding_group] + ) + logger.debug("finding_groups: %s", finding_groups) + groups_pushed_to_jira = False for group in finding_groups: - if form.cleaned_data.get('push_to_jira'): - can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(group) + if form.cleaned_data.get("push_to_jira"): + ( + can_be_pushed_to_jira, + error_message, + error_code, + ) = jira_helper.can_be_pushed_to_jira(group) if not can_be_pushed_to_jira: error_counts[error_message] += 1 jira_helper.log_jira_alert(error_message, group) else: - logger.debug('pushing to jira from finding.finding_bulk_update_all()') + logger.debug( + "pushing to jira from finding.finding_bulk_update_all()" + ) jira_helper.push_to_jira(group) success_count += 1 - jira_helper.push_to_jira(group) - for error_message, error_count in error_counts.items(): - add_error_message_to_response('%i finding groups could not be pushed to JIRA: %s' % (error_count, error_message)) + add_error_message_to_response( + "%i finding groups could not be pushed to JIRA: %s" + % (error_count, error_message) + ) if success_count > 0: - add_success_message_to_response('%i finding groups pushed to JIRA succesfully' % success_count) + add_success_message_to_response( + "%i finding groups pushed to JIRA successfully" % success_count + ) + groups_pushed_to_jira = True # refresh from db finds = finds.all() @@ -1953,6 +3050,7 @@ def finding_bulk_update_all(request, pid=None): success_count = 0 for finding in finds: from dojo.tools import tool_issue_updater + tool_issue_updater.async_tool_issue_update(finding) # not sure yet if we want to support bulk unlink, so leave as commented out for now @@ -1962,40 +3060,62 @@ def finding_bulk_update_all(request, pid=None): # Because we never call finding.save() in a bulk update, we need to actually # push the JIRA stuff here, rather than in finding.save() - - # can't use helper as when push_all_jira_issues is True, the checkbox gets disabled and is always false - # push_to_jira = jira_helper.is_push_to_jira(new_finding, form.cleaned_data.get('push_to_jira')) - if jira_helper.is_push_all_issues(finding) or form.cleaned_data.get('push_to_jira'): - - can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(finding) + # can't use helper as when push_all_jira_issues is True, + # the checkbox gets disabled and is always false + # push_to_jira = jira_helper.is_push_to_jira(new_finding, + # form.cleaned_data.get('push_to_jira')) + if not groups_pushed_to_jira and ( + jira_helper.is_push_all_issues(finding) + or form.cleaned_data.get("push_to_jira") + ): + ( + can_be_pushed_to_jira, + error_message, + error_code, + ) = jira_helper.can_be_pushed_to_jira(finding) if finding.has_jira_group_issue and not finding.has_jira_issue: - error_message = 'finding already pushed as part of Finding Group' + error_message = ( + "finding already pushed as part of Finding Group" + ) error_counts[error_message] += 1 jira_helper.log_jira_alert(error_message, finding) elif not can_be_pushed_to_jira: error_counts[error_message] += 1 jira_helper.log_jira_alert(error_message, finding) else: - logger.debug('pushing to jira from finding.finding_bulk_update_all()') + logger.debug( + "pushing to jira from finding.finding_bulk_update_all()" + ) jira_helper.push_to_jira(finding) success_count += 1 for error_message, error_count in error_counts.items(): - add_error_message_to_response('%i findings could not be pushed to JIRA: %s' % (error_count, error_message)) + add_error_message_to_response( + "%i findings could not be pushed to JIRA: %s" + % (error_count, error_message) + ) if success_count > 0: - add_success_message_to_response('%i findings pushed to JIRA succesfully' % success_count) + add_success_message_to_response( + "%i findings pushed to JIRA successfully" % success_count + ) if updated_find_count > 0: - messages.add_message(request, - messages.SUCCESS, - 'Bulk update of {} findings was successful.'.format(updated_find_count), - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + "Bulk update of {} findings was successful.".format( + updated_find_count + ), + extra_tags="alert-success", + ) else: - messages.add_message(request, - messages.ERROR, - 'Unable to process bulk update. Required fields were not selected.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + "Unable to process bulk update. Required fields were not selected.", + extra_tags="alert-danger", + ) if return_url: redirect(request, return_url) @@ -2004,8 +3124,12 @@ def finding_bulk_update_all(request, pid=None): def find_available_notetypes(notes): - single_note_types = Note_Type.objects.filter(is_single=True, is_active=True).values_list('id', flat=True) - multiple_note_types = Note_Type.objects.filter(is_single=False, is_active=True).values_list('id', flat=True) + single_note_types = Note_Type.objects.filter( + is_single=True, is_active=True + ).values_list("id", flat=True) + multiple_note_types = Note_Type.objects.filter( + is_single=False, is_active=True + ).values_list("id", flat=True) available_note_types = [] for note_type_id in multiple_note_types: available_note_types.append(note_type_id) @@ -2015,13 +3139,15 @@ def find_available_notetypes(notes): break else: available_note_types.append(note_type_id) - queryset = Note_Type.objects.filter(id__in=available_note_types).order_by('-id') + queryset = Note_Type.objects.filter(id__in=available_note_types).order_by("-id") return queryset def get_missing_mandatory_notetypes(finding): notes = finding.notes.all() - mandatory_note_types = Note_Type.objects.filter(is_mandatory=True, is_active=True).values_list('id', flat=True) + mandatory_note_types = Note_Type.objects.filter( + is_mandatory=True, is_active=True + ).values_list("id", flat=True) notes_to_be_added = [] for note_type_id in mandatory_note_types: for note in notes: @@ -2033,20 +3159,26 @@ def get_missing_mandatory_notetypes(finding): return queryset -@user_is_authorized(Finding, Permissions.Finding_Edit, 'original_id') +@user_is_authorized(Finding, Permissions.Finding_Edit, "original_id") @require_POST def mark_finding_duplicate(request, original_id, duplicate_id): + original = get_object_or_404(Finding, id=original_id) duplicate = get_object_or_404(Finding, id=duplicate_id) if original.test.engagement != duplicate.test.engagement: - if original.test.engagement.deduplication_on_engagement or duplicate.test.engagement.deduplication_on_engagement: + if (original.test.engagement.deduplication_on_engagement + or duplicate.test.engagement.deduplication_on_engagement): messages.add_message( request, messages.ERROR, - 'Marking finding as duplicate/original failed as they are not in the same engagement and deduplication_on_engagement is enabled for at least one of them', - extra_tags='alert-danger') - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(duplicate.id,))) + ("Marking finding as duplicate/original failed as they are not in the same engagement " + "and deduplication_on_engagement is enabled for at least one of them"), + extra_tags="alert-danger", + ) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(duplicate.id,)) + ) duplicate.duplicate = True duplicate.active = False @@ -2057,7 +3189,11 @@ def mark_finding_duplicate(request, original_id, duplicate_id): else: duplicate.duplicate_finding = original - logger.debug('marking finding %i as duplicate of %i', duplicate.id, duplicate.duplicate_finding.id) + logger.debug( + "marking finding %i as duplicate of %i", + duplicate.id, + duplicate.duplicate_finding.id, + ) duplicate.last_reviewed = timezone.now() duplicate.last_reviewed_by = request.user @@ -2065,7 +3201,9 @@ def mark_finding_duplicate(request, original_id, duplicate_id): original.found_by.add(duplicate.test.test_type) original.save(dedupe_option=False) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(duplicate.id,))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(duplicate.id,)) + ) def reset_finding_duplicate_status_internal(user, duplicate_id): @@ -2074,7 +3212,7 @@ def reset_finding_duplicate_status_internal(user, duplicate_id): if not duplicate.duplicate: return None - logger.debug('resetting duplicate status of %i', duplicate.id) + logger.debug("resetting duplicate status of %i", duplicate.id) duplicate.duplicate = False duplicate.active = True if duplicate.duplicate_finding: @@ -2087,19 +3225,26 @@ def reset_finding_duplicate_status_internal(user, duplicate_id): return duplicate.id -@user_is_authorized(Finding, Permissions.Finding_Edit, 'duplicate_id') +@user_is_authorized(Finding, Permissions.Finding_Edit, "duplicate_id") @require_POST def reset_finding_duplicate_status(request, duplicate_id): - checked_duplicate_id = reset_finding_duplicate_status_internal(request.user, duplicate_id) + checked_duplicate_id = reset_finding_duplicate_status_internal( + request.user, duplicate_id + ) if checked_duplicate_id is None: messages.add_message( request, messages.ERROR, "Can't reset duplicate status of a finding that is not a duplicate", - extra_tags='alert-danger') - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(duplicate_id,))) + extra_tags="alert-danger", + ) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(duplicate_id,)) + ) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(checked_duplicate_id,))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(checked_duplicate_id,)) + ) def set_finding_as_original_internal(user, finding_id, new_original_id): @@ -2107,32 +3252,43 @@ def set_finding_as_original_internal(user, finding_id, new_original_id): new_original = get_object_or_404(Finding, id=new_original_id) if finding.test.engagement != new_original.test.engagement: - if finding.test.engagement.deduplication_on_engagement or new_original.test.engagement.deduplication_on_engagement: + if (finding.test.engagement.deduplication_on_engagement + or new_original.test.engagement.deduplication_on_engagement): return False if finding.duplicate or finding.original_finding.all(): # existing cluster, so update all cluster members if finding.duplicate and finding.duplicate_finding: - logger.debug('setting old original %i as duplicate of %i', finding.duplicate_finding.id, new_original.id) + logger.debug( + "setting old original %i as duplicate of %i", + finding.duplicate_finding.id, + new_original.id, + ) finding.duplicate_finding.duplicate_finding = new_original finding.duplicate_finding.duplicate = True finding.duplicate_finding.save(dedupe_option=False) for cluster_member in finding.duplicate_finding_set(): if cluster_member != new_original: - logger.debug('setting new original for %i to %i', cluster_member.id, new_original.id) + logger.debug( + "setting new original for %i to %i", + cluster_member.id, + new_original.id, + ) cluster_member.duplicate_finding = new_original cluster_member.save(dedupe_option=False) - logger.debug('setting new original for old root %i to %i', finding.id, new_original.id) + logger.debug( + "setting new original for old root %i to %i", finding.id, new_original.id + ) finding.duplicate = True finding.duplicate_finding = new_original finding.save(dedupe_option=False) else: # creating a new cluster, so mark finding as duplicate - logger.debug('marking %i as duplicate of %i', finding.id, new_original.id) + logger.debug("marking %i as duplicate of %i", finding.id, new_original.id) finding.duplicate = True finding.active = False finding.duplicate_finding = new_original @@ -2140,7 +3296,7 @@ def set_finding_as_original_internal(user, finding_id, new_original_id): finding.last_reviewed_by = user finding.save(dedupe_option=False) - logger.debug('marking new original %i as not duplicate', new_original.id) + logger.debug("marking new original %i as not duplicate", new_original.id) new_original.duplicate = False new_original.duplicate_finding = None new_original.save(dedupe_option=False) @@ -2148,25 +3304,33 @@ def set_finding_as_original_internal(user, finding_id, new_original_id): return True -@user_is_authorized(Finding, Permissions.Finding_Edit, 'finding_id') +@user_is_authorized(Finding, Permissions.Finding_Edit, "finding_id") @require_POST def set_finding_as_original(request, finding_id, new_original_id): - success = set_finding_as_original_internal(request.user, finding_id, new_original_id) + success = set_finding_as_original_internal( + request.user, finding_id, new_original_id + ) if not success: messages.add_message( request, messages.ERROR, - 'Marking finding as duplicate/original failed as they are not in the same engagement and deduplication_on_engagement is enabled for at least one of them', - extra_tags='alert-danger') + ("Marking finding as duplicate/original failed as they are not in the same engagement " + "and deduplication_on_engagement is enabled for at least one of them"), + extra_tags="alert-danger", + ) - return redirect_to_return_url_or_else(request, reverse('view_finding', args=(finding_id,))) + return redirect_to_return_url_or_else( + request, reverse("view_finding", args=(finding_id,)) + ) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") @require_POST def unlink_jira(request, fid): finding = get_object_or_404(Finding, id=fid) - logger.info('trying to unlink a linked jira issue from %d:%s', finding.id, finding.title) + logger.info( + "trying to unlink a linked jira issue from %d:%s", finding.id, finding.title + ) if finding.has_jira_issue: try: jira_helper.finding_unlink_jira(request, finding) @@ -2174,62 +3338,67 @@ def unlink_jira(request, fid): messages.add_message( request, messages.SUCCESS, - 'Link to JIRA issue succesfully deleted', - extra_tags='alert-success') + "Link to JIRA issue succesfully deleted", + extra_tags="alert-success", + ) - return JsonResponse({'result': 'OK'}) + return JsonResponse({"result": "OK"}) except Exception as e: logger.exception(e) messages.add_message( request, messages.ERROR, - 'Link to JIRA could not be deleted, see alerts for details', - extra_tags='alert-danger') + "Link to JIRA could not be deleted, see alerts for details", + extra_tags="alert-danger", + ) return HttpResponse(status=500) else: messages.add_message( - request, - messages.ERROR, - 'Link to JIRA not found', - extra_tags='alert-danger') + request, messages.ERROR, "Link to JIRA not found", extra_tags="alert-danger" + ) return HttpResponse(status=400) -@user_is_authorized(Finding, Permissions.Finding_Edit, 'fid') +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") @require_POST def push_to_jira(request, fid): finding = get_object_or_404(Finding, id=fid) try: - logger.info('trying to push %d:%s to JIRA to create or update JIRA issue', finding.id, finding.title) - logger.debug('pushing to jira from finding.push_to-jira()') + logger.info( + "trying to push %d:%s to JIRA to create or update JIRA issue", + finding.id, + finding.title, + ) + logger.debug("pushing to jira from finding.push_to-jira()") # it may look like succes here, but the push_to_jira are swallowing exceptions - # but cant't change too much now without having a test suite, so leave as is for now with the addition warning message to check alerts for background errors. + # but cant't change too much now without having a test suite, + # so leave as is for now with the addition warning message + # to check alerts for background errors. if jira_helper.push_to_jira(finding): messages.add_message( request, messages.SUCCESS, - message='Action queued to create or update linked JIRA issue, check alerts for background errors.', - extra_tags='alert-success') + message="Action queued to create or update linked JIRA issue, check alerts for background errors.", + extra_tags="alert-success", + ) else: messages.add_message( request, messages.SUCCESS, - 'Push to JIRA failed, check alerts on the top right for errors', - extra_tags='alert-danger') + "Push to JIRA failed, check alerts on the top right for errors", + extra_tags="alert-danger", + ) - return JsonResponse({'result': 'OK'}) + return JsonResponse({"result": "OK"}) except Exception as e: logger.exception(e) - logger.error('Error pushing to JIRA: ', exc_info=True) + logger.error("Error pushing to JIRA: ", exc_info=True) messages.add_message( - request, - messages.ERROR, - 'Error pushing to JIRA', - extra_tags='alert-danger') + request, messages.ERROR, "Error pushing to JIRA", extra_tags="alert-danger" + ) return HttpResponse(status=500) - # return redirect_to_return_url_or_else(request, reverse('view_finding', args=(finding.id,))) # precalculate because we need related_actions to be set @@ -2240,7 +3409,11 @@ def duplicate_cluster(request, finding): # populate actions for findings in duplicate cluster for duplicate_member in duplicate_cluster: - duplicate_member.related_actions = calculate_possible_related_actions_for_similar_finding(request, finding, duplicate_member) + duplicate_member.related_actions = ( + calculate_possible_related_actions_for_similar_finding( + request, finding, duplicate_member + ) + ) return duplicate_cluster @@ -2250,38 +3423,102 @@ def duplicate_cluster(request, finding): # and we assign this dictionary to the finding so it can be accessed in the template. # these actions are always calculated in the context of the finding the user is viewing # because this determines which actions are possible -def calculate_possible_related_actions_for_similar_finding(request, finding, similar_finding): +def calculate_possible_related_actions_for_similar_finding( + request, finding, similar_finding +): actions = [] - # logger.debug('all: %s', [s.id for s in similar_finding.original_finding.all()]) - if similar_finding.test.engagement != finding.test.engagement and (similar_finding.test.engagement.deduplication_on_engagement or finding.test.engagement.deduplication_on_engagement): - actions.append({'action': 'None', 'reason': 'This finding is in a different engagement and deduplication_inside_engagment is enabled here or in that finding'}) + if similar_finding.test.engagement != finding.test.engagement and ( + similar_finding.test.engagement.deduplication_on_engagement + or finding.test.engagement.deduplication_on_engagement + ): + actions.append( + { + "action": "None", + "reason": ("This finding is in a different engagement and deduplication_inside_engagment " + "is enabled here or in that finding"), + } + ) elif finding.duplicate_finding == similar_finding: - actions.append({'action': 'None', 'reason': 'This finding is the root of the cluster, use an action on another row, or the finding on top of the page to change the root of the cluser'}) + actions.append( + { + "action": "None", + "reason": ("This finding is the root of the cluster, use an action on another row, " + "or the finding on top of the page to change the root of the cluser"), + } + ) elif similar_finding.original_finding.all(): - actions.append({'action': 'None', 'reason': 'This finding is similar, but is already an original in a different cluster. Remove it from that cluster before you connect it to this cluster.'}) + actions.append( + { + "action": "None", + "reason": ("This finding is similar, but is already an original in a different cluster. " + "Remove it from that cluster before you connect it to this cluster."), + } + ) else: if similar_finding.duplicate_finding: # reset duplicate status is always possible - actions.append({'action': 'reset_finding_duplicate_status', 'reason': 'This will remove the finding from the cluster, effectively marking it no longer as duplicate. Will not trigger deduplication logic after saving.'}) + actions.append( + { + "action": "reset_finding_duplicate_status", + "reason": ("This will remove the finding from the cluster, " + "effectively marking it no longer as duplicate. " + "Will not trigger deduplication logic after saving."), + } + ) - # logger.debug(similar_finding.duplicate_finding) - # logger.debug(finding) - if similar_finding.duplicate_finding == finding or similar_finding.duplicate_finding == finding.duplicate_finding: + if ( + similar_finding.duplicate_finding == finding + or similar_finding.duplicate_finding == finding.duplicate_finding + ): # duplicate inside the same cluster - actions.append({'action': 'set_finding_as_original', 'reason': 'Sets this finding as the Original for the whole cluster. The existing Original will be downgraded to become a member of the cluster and, together with the other members, will be marked as duplicate of the new Original.'}) + actions.append( + { + "action": "set_finding_as_original", + "reason": ("Sets this finding as the Original for the whole cluster. " + "The existing Original will be downgraded to become a member of the cluster and, " + "together with the other members, will be marked as duplicate of the new Original."), + } + ) else: # duplicate inside different cluster - actions.append({'action': 'mark_finding_duplicate', 'reason': 'Will mark this finding as duplicate of the root finding in this cluster, effectively adding it to the cluster and removing it from the other cluster.'}) + actions.append( + { + "action": "mark_finding_duplicate", + "reason": ("Will mark this finding as duplicate of the root finding in this cluster, " + "effectively adding it to the cluster and removing it from the other cluster."), + } + ) else: # similar is not a duplicate yet if finding.duplicate or finding.original_finding.all(): - actions.append({'action': 'mark_finding_duplicate', 'reason': 'Will mark this finding as duplicate of the root finding in this cluster'}) - actions.append({'action': 'set_finding_as_original', 'reason': 'Sets this finding as the Original for the whole cluster. The existing Original will be downgraded to become a member of the cluster and, together with the other members, will be marked as duplicate of the new Original.'}) + actions.append( + { + "action": "mark_finding_duplicate", + "reason": "Will mark this finding as duplicate of the root finding in this cluster", + } + ) + actions.append( + { + "action": "set_finding_as_original", + "reason": ("Sets this finding as the Original for the whole cluster. " + "The existing Original will be downgraded to become a member of the cluster and, " + "together with the other members, will be marked as duplicate of the new Original."), + } + ) else: # similar_finding is not an original/root of a cluster as per earlier if clause - actions.append({'action': 'mark_finding_duplicate', 'reason': 'Will mark this finding as duplicate of the finding on this page.'}) - actions.append({'action': 'set_finding_as_original', 'reason': 'Sets this finding as the Original marking the finding on this page as duplicate of this original.'}) - - # logger.debug('related_actions for %i: %s', similar_finding.id, {finding.id: actions}) + actions.append( + { + "action": "mark_finding_duplicate", + "reason": "Will mark this finding as duplicate of the finding on this page.", + } + ) + actions.append( + { + "action": "set_finding_as_original", + "reason": ("Sets this finding as the Original marking the finding " + "on this page as duplicate of this original."), + } + ) return actions diff --git a/dojo/finding_group/queries.py b/dojo/finding_group/queries.py index c980cdafeda..7b6b547dc01 100644 --- a/dojo/finding_group/queries.py +++ b/dojo/finding_group/queries.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import Finding_Group, Product_Member, Product_Type_Member, \ Product_Group, Product_Type_Group @@ -22,9 +21,6 @@ def get_authorized_finding_groups(permission, queryset=None, user=None): if user.is_superuser: return finding_groups - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return finding_groups - if user_has_global_permission(user, permission): return finding_groups diff --git a/dojo/finding_group/urls.py b/dojo/finding_group/urls.py index fa45ea673a6..56b94826765 100644 --- a/dojo/finding_group/urls.py +++ b/dojo/finding_group/urls.py @@ -1,13 +1,11 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.finding_group import views urlpatterns = [ # finding group - url(r'^finding_group/(?P\d+)$', views.view_finding_group, name='view_finding_group'), - url(r'^finding_group/(?P\d+)/edit$', views.edit_finding_group, name='edit_finding_group'), - url(r'^finding_group/(?P\d+)/delete$', views.delete_finding_group, name='delete_finding_group'), - - url(r'^finding_group/(?P\d+)/jira/push$', views.push_to_jira, name='finding_group_push_to_jira'), - url(r'^finding_group/(?P\d+)/jira/unlink$', views.unlink_jira, name='finding_group_unlink_jira'), + re_path(r'^finding_group/(?P\d+)$', views.view_finding_group, name='view_finding_group'), + re_path(r'^finding_group/(?P\d+)/delete$', views.delete_finding_group, name='delete_finding_group'), + re_path(r'^finding_group/(?P\d+)/jira/push$', views.push_to_jira, name='finding_group_push_to_jira'), + re_path(r'^finding_group/(?P\d+)/jira/unlink$', views.unlink_jira, name='finding_group_unlink_jira'), ] diff --git a/dojo/finding_group/views.py b/dojo/finding_group/views.py index fecf0c96180..e6f92a71d27 100644 --- a/dojo/finding_group/views.py +++ b/dojo/finding_group/views.py @@ -1,7 +1,8 @@ -# # findings -from dojo.utils import Product_Tab -from dojo.forms import DeleteFindingGroupForm +from dojo.utils import Product_Tab, add_breadcrumb, get_words_for_field, get_page_items +from dojo.forms import DeleteFindingGroupForm, EditFindingGroupForm, FindingBulkUpdateForm from dojo.notifications.helper import create_notification +from dojo.finding.views import prefetch_for_findings +from dojo.filters import FindingFilter from django.contrib import messages from django.contrib.admin.utils import NestedObjects from django.db.utils import DEFAULT_DB_ALIAS @@ -9,31 +10,101 @@ from django.shortcuts import get_object_or_404, render from django.urls.base import reverse from django.views.decorators.http import require_POST -from dojo.models import Finding_Group +from dojo.models import Finding_Group, Product, Engagement, Finding, GITHUB_PKey import logging import dojo.jira_link.helper as jira_helper from dojo.authorization.authorization_decorators import user_is_authorized from dojo.authorization.roles_permissions import Permissions +from dojo.authorization.authorization import user_has_permission_or_403 logger = logging.getLogger(__name__) @user_is_authorized(Finding_Group, Permissions.Finding_Group_View, 'fgid') def view_finding_group(request, fgid): - logger.debug('view finding group: %s', fgid) - return HttpResponse('Not implemented yet') - + finding_group = get_object_or_404(Finding_Group, pk=fgid) + findings = finding_group.findings.all() + edit_finding_group_form = EditFindingGroupForm(instance=finding_group) + + show_product_column = True + custom_breadcrumb = None + product_tab = None + jira_project = None + github_config = None + + if finding_group.test.engagement.product.id: + pid = finding_group.test.engagement.product.id + product = get_object_or_404(Product, id=pid) + user_has_permission_or_403(request.user, product, Permissions.Product_View) + product_tab = Product_Tab(product, title="Findings", tab="findings") + jira_project = jira_helper.get_jira_project(product) + github_config = GITHUB_PKey.objects.filter(product=pid).first() + findings_filter = FindingFilter(request.GET, findings, user=request.user, pid=pid) + elif finding_group.test.engagement.id: + eid = finding_group.test.engagement.id + engagement = get_object_or_404(Engagement, id=eid) + user_has_permission_or_403(request.user, engagement, Permissions.Engagement_View) + product_tab = Product_Tab(engagement.product, title=engagement.name, tab="engagements") + jira_project = jira_helper.get_jira_project(engagement) + github_config = GITHUB_PKey.objects.filter(product__engagement=eid).first() + findings_filter = FindingFilter(request.GET, findings, user=request.user, eid=eid) + + title_words = get_words_for_field(Finding, 'title') + component_words = get_words_for_field(Finding, 'component_name') + + paged_findings = get_page_items(request, findings_filter.qs, 25) + paged_findings.object_list = prefetch_for_findings(paged_findings.object_list, 'all') + + bulk_edit_form = FindingBulkUpdateForm(request.GET) + + if github_config: + github_config = github_config.git_conf_id + + filter_name = finding_group.name -@user_is_authorized(Finding_Group, Permissions.Finding_Group_Edit, 'fgid') -def edit_finding_group(request, fgid): - logger.debug('edit finding group: %s', fgid) - return HttpResponse('Not implemented yet') + if request.method == 'POST': + edit_finding_group_form = EditFindingGroupForm(request.POST, instance=finding_group) + if edit_finding_group_form.is_valid(): + finding_group.name = edit_finding_group_form.cleaned_data.get('name', '') + push_to_jira = edit_finding_group_form.cleaned_data.get('push_to_jira') + jira_issue = edit_finding_group_form.cleaned_data.get('jira_issue') + + if jira_issue: + # See if the submitted issue was a issue key or the full URL + jira_instance = jira_helper.get_jira_project(finding_group).jira_instance + if jira_issue.startswith(jira_instance.url + '/browse/'): + jira_issue = jira_issue[len(jira_instance.url + '/browse/'):] + + if finding_group.has_jira_issue and not jira_issue == jira_helper.get_jira_key(finding_group): + jira_helper.unlink_jira(request, finding_group) + jira_helper.finding_group_link_jira(request, finding_group, jira_issue) + elif not finding_group.has_jira_issue: + jira_helper.finding_group_link_jira(request, finding_group, jira_issue) + elif push_to_jira: + jira_helper.push_to_jira(finding_group, sync=True) + + finding_group.save() + return HttpResponseRedirect(reverse('view_test', args=(finding_group.test.id,))) + + add_breadcrumb(title=finding_group.name, top_level=not len(request.GET), request=request) + return render(request, 'dojo/view_finding_group.html', { + 'show_product_column': show_product_column, + 'product_tab': product_tab, + 'findings': paged_findings, + 'filtered': findings_filter, + 'title_words': title_words, + 'component_words': component_words, + 'custom_breadcrumb': custom_breadcrumb, + 'filter_name': filter_name, + 'jira_project': jira_project, + 'bulk_edit_form': bulk_edit_form, + 'edit_finding_group_form': edit_finding_group_form, + }) @user_is_authorized(Finding_Group, Permissions.Finding_Group_Delete, 'fgid') @require_POST def delete_finding_group(request, fgid): - logger.debug('delete finding group: %s', fgid) finding_group = get_object_or_404(Finding_Group, pk=fgid) form = DeleteFindingGroupForm(instance=finding_group) @@ -59,14 +130,14 @@ def delete_finding_group(request, fgid): collector = NestedObjects(using=DEFAULT_DB_ALIAS) collector.collect([finding_group]) rels = collector.nested() - product_tab = Product_Tab(finding_group.test.engagement.product.id, title="Product", tab="settings") + product_tab = Product_Tab(finding_group.test.engagement.product, title="Product", tab="settings") - return render(request, 'dojo/delete_finding_group.html', - {'finding_group': finding_group, - 'form': form, - 'product_tab': product_tab, - 'rels': rels, - }) + return render(request, 'dojo/delete_finding_group.html', { + 'finding_group': finding_group, + 'form': form, + 'product_tab': product_tab, + 'rels': rels, + }) @user_is_authorized(Finding_Group, Permissions.Finding_Group_Edit, 'fgid') @@ -113,7 +184,7 @@ def push_to_jira(request, fgid): logger.info('trying to push %d:%s to JIRA to create or update JIRA issue', group.id, group.name) logger.debug('pushing to jira from group.push_to-jira()') - # it may look like succes here, but the push_to_jira are swallowing exceptions + # it may look like success here, but the push_to_jira are swallowing exceptions # but cant't change too much now without having a test suite, so leave as is for now with the addition warning message to check alerts for background errors. if jira_helper.push_to_jira(group, sync=True): messages.add_message( @@ -138,4 +209,3 @@ def push_to_jira(request, fgid): 'Error pushing to JIRA', extra_tags='alert-danger') return HttpResponse(status=500) - # return redirect_to_return_url_or_else(request, reverse('view_finding', args=(group.id,))) diff --git a/dojo/fixtures/defect_dojo_sample_data.json b/dojo/fixtures/defect_dojo_sample_data.json index 930dbe358cf..10bebc736c5 100644 --- a/dojo/fixtures/defect_dojo_sample_data.json +++ b/dojo/fixtures/defect_dojo_sample_data.json @@ -1,5 +1,5 @@ [ -{ + { "model": "auth.user", "pk": 1, "fields": { @@ -16,8 +16,8 @@ "groups": [], "user_permissions": [] } -}, -{ + }, + { "model": "auth.user", "pk": 2, "fields": { @@ -34,8 +34,8 @@ "groups": [], "user_permissions": [] } -}, -{ + }, + { "model": "auth.user", "pk": 3, "fields": { @@ -52,112 +52,112 @@ "groups": [], "user_permissions": [] } -}, -{ + }, + { "model": "sessions.session", "pk": "0fy0ogscdoq7gy7k3rsgp39zumcidfu9", "fields": { "session_data": "NzEyZjZiNDQ0ZTBkNTllYjE2MjY5OTRmYjBhZjRlNTU1NjIyOTcxZDp7Il9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-09-18T13:45:22.029Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", "fields": { "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==", "expire_date": "2018-04-30T06:50:51.569Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "91he362uu4zzlkmhn3g87fstw6gpb8h9", "fields": { "session_data": "NTU0NDNiNWE4YzY2Y2I2ZGQ4ZjQ4ZWM1NTZhZmFmZmEzODI0ODJiMDp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-08-31T12:48:58.754Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "9voht5jb42emoela71zpbqz04ror8xcw", "fields": { "session_data": "NjZhNGEzMTYxNjE4OWEzOWMwNWU1Njg0ODg5NTQ4Mzk3N2I0OTVkMzp7ImRvam9fYnJlYWRjcnVtYnMiOm51bGwsIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-09-11T14:09:04.141Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "c29i459wf0jkdkluez09s3yjmqos689f", "fields": { "session_data": "MzllYzU2NjM4MDcwY2MxNjRiOTI2YzU5NDE1Y2Y2YWE3Y2Q2N2RmODp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVkMDczODI0ZmUyNmMyZDc4M2NjZmVlMjU2YTI4OWU1NTFiOTVhYTUiLCJfYXV0aF91c2VyX2lkIjoiMSIsIl9hdXRoX3VzZXJfYmFja2VuZCI6ImRqYW5nby5jb250cmliLmF1dGguYmFja2VuZHMuTW9kZWxCYWNrZW5kIn0=", "expire_date": "2018-09-18T12:56:46.682Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "eme9gyi7zn436wzeyoto51egukxj8qy7", "fields": { "session_data": ".eJxVjEEOwiAQRe_C2hBgKDAu3fcMZIBRqoYmpV0Z765NutDtf-_9l4i0rTVunZc4FXEWWpx-t0T5wW0H5U7tNss8t3WZktwVedAux7nw83K4fweVev3WjorL2Rob0A5ac4JQfFYKgIkheGJkjaiNHxDRXTUoJA5gKRlQ2Yr3B8_sNxs:1mbNDM:BgL5LziNRBqwTSTO0RrBtCMHXn6G7AB2drrlm17fEdc", "expire_date": "2021-10-29T13:25:36.694Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "g0fpchyt0my3n4ks1v2jj0lp3hgsdjgg", "fields": { "session_data": ".eJxVjLsOwjAMRf8lc1UCLaFmZGJhYEaocmKHFkoj8piq_jtBQjxG33N8JtFiil2bAvu2J7EVS1H8bhrNjccXoCuOF1caN0bf6_KllG8ayoMjHnZv9y_QYejytwS20GgEuamtUqw0NhZhDUAgFXClDUmLTSXNSpFkIrmqaGNr0gTrqs5RclfXas9Ixqe7DmJ7mkTs48C5v3d3zk7yQz4WYi6-6Jg4xN6N4csfn2k-z0_ReVZ2:1mbNL6:bNhQm1g9-3-4R9g0NeLcUGe06pb69i1dvOQXk_fOGcQ", "expire_date": "2021-10-29T13:33:36.616Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "gv3v9rnpgxqswy7lin8p55oqahdeatwu", "fields": { "session_data": "Mjk5OGE0MDZiZWZkMzRiZjcxZDg4MWE2M2U4NDM1ZTExOWQ3MGM0ZTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii90ZXN0X3R5cGUiLCJ0aXRsZSI6IlRlc3QgVHlwZSBMaXN0In1dLCJfYXV0aF91c2VyX2hhc2giOiJjOGQxY2IxNDU1NmI5YzYyZmRkMjRlMTEwNDljMjMyNjlkYTgzZDU2IiwiX2F1dGhfdXNlcl9pZCI6IjEiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCJ9", "expire_date": "2018-08-29T14:11:29.505Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", "fields": { "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-05-01T06:00:43.175Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q", "fields": { "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-08-31T15:15:04.637Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0", "fields": { "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-08-31T19:50:39.693Z" } -}, -{ + }, + { "model": "sessions.session", "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", "fields": { "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", "expire_date": "2018-04-27T07:59:39.760Z" } -}, -{ + }, + { "model": "sites.site", "pk": 1, "fields": { "domain": "example.com", "name": "example.com" } -}, -{ + }, + { "model": "admin.logentry", "pk": 1, "fields": { @@ -169,8 +169,8 @@ "action_flag": 1, "change_message": "[{\"added\": {}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 2, "fields": { @@ -182,8 +182,8 @@ "action_flag": 1, "change_message": "[{\"added\": {}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 3, "fields": { @@ -195,8 +195,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 4, "fields": { @@ -208,8 +208,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 5, "fields": { @@ -221,8 +221,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 6, "fields": { @@ -234,8 +234,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 7, "fields": { @@ -247,8 +247,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 8, "fields": { @@ -260,8 +260,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 9, "fields": { @@ -273,8 +273,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 10, "fields": { @@ -286,8 +286,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 11, "fields": { @@ -299,8 +299,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 12, "fields": { @@ -312,8 +312,8 @@ "action_flag": 3, "change_message": "" } -}, -{ + }, + { "model": "admin.logentry", "pk": 13, "fields": { @@ -325,8 +325,8 @@ "action_flag": 1, "change_message": "[{\"added\": {}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 14, "fields": { @@ -338,8 +338,8 @@ "action_flag": 1, "change_message": "[{\"added\": {}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 15, "fields": { @@ -351,8 +351,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 16, "fields": { @@ -364,8 +364,8 @@ "action_flag": 1, "change_message": "[{\"added\": {}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 17, "fields": { @@ -377,8 +377,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 18, "fields": { @@ -390,8 +390,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 19, "fields": { @@ -403,8 +403,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" } -}, -{ + }, + { "model": "admin.logentry", "pk": 20, "fields": { @@ -416,8 +416,8 @@ "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]" } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 803, "fields": { @@ -432,8 +432,8 @@ "timestamp": "2021-10-22T01:24:54.921Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 804, "fields": { @@ -448,8 +448,8 @@ "timestamp": "2021-10-22T01:24:55.044Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 805, "fields": { @@ -464,8 +464,8 @@ "timestamp": "2021-10-22T01:24:55.071Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 806, "fields": { @@ -480,8 +480,8 @@ "timestamp": "2021-10-22T01:24:55.164Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 807, "fields": { @@ -496,8 +496,8 @@ "timestamp": "2021-10-22T01:24:55.222Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 808, "fields": { @@ -512,8 +512,8 @@ "timestamp": "2021-10-22T01:24:55.279Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 809, "fields": { @@ -528,8 +528,8 @@ "timestamp": "2021-10-22T01:24:55.338Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 810, "fields": { @@ -544,8 +544,8 @@ "timestamp": "2021-10-22T01:24:55.397Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 811, "fields": { @@ -560,8 +560,8 @@ "timestamp": "2021-10-22T01:24:55.462Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 812, "fields": { @@ -576,8 +576,8 @@ "timestamp": "2021-10-22T01:24:55.515Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 813, "fields": { @@ -592,8 +592,8 @@ "timestamp": "2021-10-22T01:24:55.575Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 814, "fields": { @@ -608,8 +608,8 @@ "timestamp": "2021-10-22T01:24:55.647Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 815, "fields": { @@ -624,8 +624,8 @@ "timestamp": "2021-10-22T01:24:55.706Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 816, "fields": { @@ -640,8 +640,8 @@ "timestamp": "2021-10-22T01:24:55.767Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 817, "fields": { @@ -656,8 +656,8 @@ "timestamp": "2021-10-22T01:24:55.797Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 818, "fields": { @@ -672,8 +672,8 @@ "timestamp": "2021-10-22T01:24:55.820Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 819, "fields": { @@ -688,8 +688,8 @@ "timestamp": "2021-10-22T01:24:55.840Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 820, "fields": { @@ -704,8 +704,8 @@ "timestamp": "2021-10-22T01:24:55.860Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 821, "fields": { @@ -720,8 +720,8 @@ "timestamp": "2021-10-22T01:24:55.880Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 822, "fields": { @@ -736,8 +736,8 @@ "timestamp": "2021-10-22T01:24:55.900Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 823, "fields": { @@ -752,8 +752,8 @@ "timestamp": "2021-10-22T01:24:55.922Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 824, "fields": { @@ -768,8 +768,8 @@ "timestamp": "2021-10-22T01:24:55.943Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 825, "fields": { @@ -784,8 +784,8 @@ "timestamp": "2021-10-22T01:24:55.964Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 826, "fields": { @@ -800,8 +800,8 @@ "timestamp": "2021-10-22T01:24:55.987Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 827, "fields": { @@ -816,8 +816,8 @@ "timestamp": "2021-10-22T01:24:56.006Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 828, "fields": { @@ -832,8 +832,8 @@ "timestamp": "2021-10-22T01:24:56.027Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 829, "fields": { @@ -848,8 +848,8 @@ "timestamp": "2021-10-22T01:24:56.048Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 830, "fields": { @@ -864,8 +864,8 @@ "timestamp": "2021-10-22T01:24:56.067Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 831, "fields": { @@ -880,8 +880,8 @@ "timestamp": "2021-10-22T01:24:56.088Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 832, "fields": { @@ -896,8 +896,8 @@ "timestamp": "2021-10-22T01:24:56.107Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 833, "fields": { @@ -912,8 +912,8 @@ "timestamp": "2021-10-22T01:24:56.127Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 834, "fields": { @@ -928,8 +928,8 @@ "timestamp": "2021-10-22T01:24:56.146Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 835, "fields": { @@ -944,8 +944,8 @@ "timestamp": "2021-10-22T01:24:56.168Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 836, "fields": { @@ -960,8 +960,8 @@ "timestamp": "2021-10-22T01:24:56.206Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 837, "fields": { @@ -976,8 +976,8 @@ "timestamp": "2021-10-22T01:24:56.233Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 838, "fields": { @@ -992,8 +992,8 @@ "timestamp": "2021-10-22T01:24:56.257Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 839, "fields": { @@ -1008,8 +1008,8 @@ "timestamp": "2021-10-22T01:24:56.283Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 840, "fields": { @@ -1024,8 +1024,8 @@ "timestamp": "2021-10-22T01:24:56.309Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 841, "fields": { @@ -1040,8 +1040,8 @@ "timestamp": "2021-10-22T01:24:56.334Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 842, "fields": { @@ -1056,8 +1056,8 @@ "timestamp": "2021-10-22T01:24:56.357Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 843, "fields": { @@ -1072,8 +1072,8 @@ "timestamp": "2021-10-22T01:24:56.382Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 844, "fields": { @@ -1088,8 +1088,8 @@ "timestamp": "2021-10-22T01:24:56.408Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 845, "fields": { @@ -1104,8 +1104,8 @@ "timestamp": "2021-10-22T01:24:56.435Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 846, "fields": { @@ -1120,8 +1120,8 @@ "timestamp": "2021-10-22T01:24:56.462Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 847, "fields": { @@ -1136,8 +1136,8 @@ "timestamp": "2021-10-22T01:24:56.483Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 848, "fields": { @@ -1152,8 +1152,8 @@ "timestamp": "2021-10-22T01:24:56.506Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 849, "fields": { @@ -1168,8 +1168,8 @@ "timestamp": "2021-10-22T01:24:56.533Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 850, "fields": { @@ -1184,8 +1184,8 @@ "timestamp": "2021-10-22T01:24:56.558Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 851, "fields": { @@ -1200,8 +1200,8 @@ "timestamp": "2021-10-22T01:24:56.584Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 852, "fields": { @@ -1216,8 +1216,8 @@ "timestamp": "2021-10-22T01:24:56.609Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 853, "fields": { @@ -1232,8 +1232,8 @@ "timestamp": "2021-10-22T01:24:56.635Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 854, "fields": { @@ -1248,8 +1248,8 @@ "timestamp": "2021-10-22T01:24:56.670Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 855, "fields": { @@ -1264,8 +1264,8 @@ "timestamp": "2021-10-22T01:24:56.713Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 856, "fields": { @@ -1280,8 +1280,8 @@ "timestamp": "2021-10-22T01:24:56.756Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 857, "fields": { @@ -1296,8 +1296,8 @@ "timestamp": "2021-10-22T01:24:56.798Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 858, "fields": { @@ -1312,8 +1312,8 @@ "timestamp": "2021-10-22T01:24:56.838Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 859, "fields": { @@ -1328,8 +1328,8 @@ "timestamp": "2021-10-22T01:24:56.879Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 860, "fields": { @@ -1344,8 +1344,8 @@ "timestamp": "2021-10-22T01:24:56.925Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 861, "fields": { @@ -1360,8 +1360,8 @@ "timestamp": "2021-10-22T01:24:56.968Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 862, "fields": { @@ -1376,8 +1376,8 @@ "timestamp": "2021-10-22T01:24:57.006Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 863, "fields": { @@ -1392,8 +1392,8 @@ "timestamp": "2021-10-22T01:24:57.048Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 864, "fields": { @@ -1408,8 +1408,8 @@ "timestamp": "2021-10-22T01:24:57.094Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 865, "fields": { @@ -1424,8 +1424,8 @@ "timestamp": "2021-10-22T01:24:57.138Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 866, "fields": { @@ -1440,8 +1440,8 @@ "timestamp": "2021-10-22T01:24:57.179Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 867, "fields": { @@ -1456,8 +1456,8 @@ "timestamp": "2021-10-22T01:24:57.220Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 868, "fields": { @@ -1472,8 +1472,8 @@ "timestamp": "2021-10-22T01:24:57.263Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 869, "fields": { @@ -1488,8 +1488,8 @@ "timestamp": "2021-10-22T01:24:57.305Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 870, "fields": { @@ -1504,8 +1504,8 @@ "timestamp": "2021-10-22T01:24:57.346Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 871, "fields": { @@ -1520,8 +1520,8 @@ "timestamp": "2021-10-22T01:24:57.393Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 872, "fields": { @@ -1536,8 +1536,8 @@ "timestamp": "2021-10-22T01:24:57.436Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 873, "fields": { @@ -1552,8 +1552,8 @@ "timestamp": "2021-10-22T01:24:57.477Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 874, "fields": { @@ -1568,8 +1568,8 @@ "timestamp": "2021-10-22T01:24:57.516Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 875, "fields": { @@ -1584,8 +1584,8 @@ "timestamp": "2021-10-22T01:24:57.560Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 876, "fields": { @@ -1600,8 +1600,8 @@ "timestamp": "2021-10-22T01:24:57.601Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 877, "fields": { @@ -1616,8 +1616,8 @@ "timestamp": "2021-10-22T01:24:57.643Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 878, "fields": { @@ -1632,8 +1632,8 @@ "timestamp": "2021-10-22T01:24:57.687Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 879, "fields": { @@ -1648,8 +1648,8 @@ "timestamp": "2021-10-22T01:24:57.732Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 880, "fields": { @@ -1664,8 +1664,8 @@ "timestamp": "2021-10-22T01:24:57.852Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 881, "fields": { @@ -1680,8 +1680,8 @@ "timestamp": "2021-10-22T01:24:57.894Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 882, "fields": { @@ -1696,8 +1696,8 @@ "timestamp": "2021-10-22T01:24:57.936Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 883, "fields": { @@ -1712,8 +1712,8 @@ "timestamp": "2021-10-22T01:24:57.983Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 884, "fields": { @@ -1728,8 +1728,8 @@ "timestamp": "2021-10-22T01:24:58.025Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 885, "fields": { @@ -1744,8 +1744,8 @@ "timestamp": "2021-10-22T01:24:58.070Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 886, "fields": { @@ -1760,8 +1760,8 @@ "timestamp": "2021-10-22T01:24:58.115Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 887, "fields": { @@ -1776,8 +1776,8 @@ "timestamp": "2021-10-22T01:24:58.158Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 888, "fields": { @@ -1792,8 +1792,8 @@ "timestamp": "2021-10-22T01:24:58.192Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 889, "fields": { @@ -1808,8 +1808,8 @@ "timestamp": "2021-10-22T01:24:58.232Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 890, "fields": { @@ -1824,8 +1824,8 @@ "timestamp": "2021-10-22T01:24:58.272Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 891, "fields": { @@ -1840,8 +1840,8 @@ "timestamp": "2021-10-22T01:24:58.313Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 892, "fields": { @@ -1856,8 +1856,8 @@ "timestamp": "2021-10-22T01:24:58.354Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 893, "fields": { @@ -1872,8 +1872,8 @@ "timestamp": "2021-10-22T01:24:58.397Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 894, "fields": { @@ -1888,8 +1888,8 @@ "timestamp": "2021-10-22T01:24:58.441Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 895, "fields": { @@ -1904,8 +1904,8 @@ "timestamp": "2021-10-22T01:24:58.481Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 896, "fields": { @@ -1920,8 +1920,8 @@ "timestamp": "2021-10-22T01:24:58.522Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 897, "fields": { @@ -1936,8 +1936,8 @@ "timestamp": "2021-10-22T01:24:58.564Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 898, "fields": { @@ -1952,8 +1952,8 @@ "timestamp": "2021-10-22T01:24:58.606Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 899, "fields": { @@ -1968,8 +1968,8 @@ "timestamp": "2021-10-22T01:24:58.649Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 900, "fields": { @@ -1984,8 +1984,8 @@ "timestamp": "2021-10-22T01:24:58.693Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 901, "fields": { @@ -2000,8 +2000,8 @@ "timestamp": "2021-10-22T01:24:58.734Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 902, "fields": { @@ -2016,8 +2016,8 @@ "timestamp": "2021-10-22T01:24:58.776Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 903, "fields": { @@ -2032,8 +2032,8 @@ "timestamp": "2021-10-22T01:24:58.823Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 904, "fields": { @@ -2048,8 +2048,8 @@ "timestamp": "2021-10-22T01:24:58.857Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 905, "fields": { @@ -2064,8 +2064,8 @@ "timestamp": "2021-10-22T01:24:58.899Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 906, "fields": { @@ -2080,8 +2080,8 @@ "timestamp": "2021-10-22T01:24:58.943Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 907, "fields": { @@ -2096,8 +2096,8 @@ "timestamp": "2021-10-22T01:24:58.983Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 908, "fields": { @@ -2112,8 +2112,8 @@ "timestamp": "2021-10-22T01:24:59.024Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 909, "fields": { @@ -2128,8 +2128,8 @@ "timestamp": "2021-10-22T01:24:59.072Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 910, "fields": { @@ -2144,8 +2144,8 @@ "timestamp": "2021-10-22T01:24:59.116Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 911, "fields": { @@ -2160,8 +2160,8 @@ "timestamp": "2021-10-22T01:24:59.160Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 912, "fields": { @@ -2176,8 +2176,8 @@ "timestamp": "2021-10-22T01:24:59.202Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 913, "fields": { @@ -2192,8 +2192,8 @@ "timestamp": "2021-10-22T01:24:59.248Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 914, "fields": { @@ -2208,8 +2208,8 @@ "timestamp": "2021-10-22T01:24:59.290Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 915, "fields": { @@ -2224,8 +2224,8 @@ "timestamp": "2021-10-22T01:24:59.331Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 916, "fields": { @@ -2240,8 +2240,8 @@ "timestamp": "2021-10-22T01:24:59.372Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 917, "fields": { @@ -2256,8 +2256,8 @@ "timestamp": "2021-10-22T01:24:59.415Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 918, "fields": { @@ -2272,8 +2272,8 @@ "timestamp": "2021-10-22T01:24:59.459Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 919, "fields": { @@ -2288,8 +2288,8 @@ "timestamp": "2021-10-22T01:24:59.498Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 920, "fields": { @@ -2304,8 +2304,8 @@ "timestamp": "2021-10-22T01:24:59.539Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 921, "fields": { @@ -2320,8 +2320,8 @@ "timestamp": "2021-10-22T01:24:59.581Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 922, "fields": { @@ -2336,8 +2336,8 @@ "timestamp": "2021-10-22T01:24:59.627Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 923, "fields": { @@ -2352,8 +2352,8 @@ "timestamp": "2021-10-22T01:24:59.668Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 924, "fields": { @@ -2368,8 +2368,8 @@ "timestamp": "2021-10-22T01:24:59.708Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 925, "fields": { @@ -2384,8 +2384,8 @@ "timestamp": "2021-10-22T01:24:59.750Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 926, "fields": { @@ -2400,8 +2400,8 @@ "timestamp": "2021-10-22T01:24:59.795Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 927, "fields": { @@ -2416,8 +2416,8 @@ "timestamp": "2021-10-22T01:24:59.836Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 928, "fields": { @@ -2432,8 +2432,8 @@ "timestamp": "2021-10-22T01:24:59.883Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 929, "fields": { @@ -2448,8 +2448,8 @@ "timestamp": "2021-10-22T01:24:59.932Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 930, "fields": { @@ -2464,8 +2464,8 @@ "timestamp": "2021-10-22T01:24:59.973Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 931, "fields": { @@ -2480,8 +2480,8 @@ "timestamp": "2021-10-22T01:25:00.016Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 932, "fields": { @@ -2496,8 +2496,8 @@ "timestamp": "2021-10-22T01:25:00.064Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 933, "fields": { @@ -2512,8 +2512,8 @@ "timestamp": "2021-10-22T01:25:00.111Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 934, "fields": { @@ -2528,8 +2528,8 @@ "timestamp": "2021-10-22T01:25:00.152Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 935, "fields": { @@ -2544,8 +2544,8 @@ "timestamp": "2021-10-22T01:25:00.193Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 936, "fields": { @@ -2560,8 +2560,8 @@ "timestamp": "2021-10-22T01:25:00.232Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 937, "fields": { @@ -2576,8 +2576,8 @@ "timestamp": "2021-10-22T01:25:00.270Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 938, "fields": { @@ -2592,8 +2592,8 @@ "timestamp": "2021-10-22T01:25:00.309Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 939, "fields": { @@ -2608,8 +2608,8 @@ "timestamp": "2021-10-22T01:25:00.348Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 940, "fields": { @@ -2624,8 +2624,8 @@ "timestamp": "2021-10-22T01:25:00.389Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 941, "fields": { @@ -2640,8 +2640,8 @@ "timestamp": "2021-10-22T01:25:00.434Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 942, "fields": { @@ -2656,8 +2656,8 @@ "timestamp": "2021-10-22T01:25:00.475Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 943, "fields": { @@ -2672,8 +2672,8 @@ "timestamp": "2021-10-22T01:25:00.513Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 944, "fields": { @@ -2688,8 +2688,8 @@ "timestamp": "2021-10-22T01:25:00.557Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 945, "fields": { @@ -2704,8 +2704,8 @@ "timestamp": "2021-10-22T01:25:00.599Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 946, "fields": { @@ -2720,8 +2720,8 @@ "timestamp": "2021-10-22T01:25:00.639Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 947, "fields": { @@ -2736,8 +2736,8 @@ "timestamp": "2021-10-22T01:25:00.679Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 948, "fields": { @@ -2752,8 +2752,8 @@ "timestamp": "2021-10-22T01:25:00.720Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 949, "fields": { @@ -2768,8 +2768,8 @@ "timestamp": "2021-10-22T01:25:00.760Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 950, "fields": { @@ -2784,8 +2784,8 @@ "timestamp": "2021-10-22T01:25:00.800Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 951, "fields": { @@ -2800,8 +2800,8 @@ "timestamp": "2021-10-22T01:25:00.842Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 952, "fields": { @@ -2816,8 +2816,8 @@ "timestamp": "2021-10-22T01:25:00.883Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 953, "fields": { @@ -2832,8 +2832,8 @@ "timestamp": "2021-10-22T01:25:00.925Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 954, "fields": { @@ -2848,8 +2848,8 @@ "timestamp": "2021-10-22T01:25:00.969Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 955, "fields": { @@ -2864,8 +2864,8 @@ "timestamp": "2021-10-22T01:25:01.007Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 956, "fields": { @@ -2880,8 +2880,8 @@ "timestamp": "2021-10-22T01:25:01.054Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 957, "fields": { @@ -2896,8 +2896,8 @@ "timestamp": "2021-10-22T01:25:01.099Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 958, "fields": { @@ -2912,8 +2912,8 @@ "timestamp": "2021-10-22T01:25:01.142Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 959, "fields": { @@ -2928,8 +2928,8 @@ "timestamp": "2021-10-22T01:25:01.182Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 960, "fields": { @@ -2944,8 +2944,8 @@ "timestamp": "2021-10-22T01:25:01.222Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 961, "fields": { @@ -2960,8 +2960,8 @@ "timestamp": "2021-10-22T01:25:01.268Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 962, "fields": { @@ -2976,8 +2976,8 @@ "timestamp": "2021-10-22T01:25:01.309Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 963, "fields": { @@ -2992,8 +2992,8 @@ "timestamp": "2021-10-22T01:25:01.349Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 964, "fields": { @@ -3008,8 +3008,8 @@ "timestamp": "2021-10-22T01:25:01.388Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 965, "fields": { @@ -3024,8 +3024,8 @@ "timestamp": "2021-10-22T01:25:01.430Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 966, "fields": { @@ -3040,8 +3040,8 @@ "timestamp": "2021-10-22T01:25:01.473Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 967, "fields": { @@ -3056,8 +3056,8 @@ "timestamp": "2021-10-22T01:25:01.512Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 968, "fields": { @@ -3072,8 +3072,8 @@ "timestamp": "2021-10-22T01:25:01.553Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 969, "fields": { @@ -3088,8 +3088,8 @@ "timestamp": "2021-10-22T01:25:01.593Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 970, "fields": { @@ -3104,8 +3104,8 @@ "timestamp": "2021-10-22T01:25:01.638Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 971, "fields": { @@ -3120,8 +3120,8 @@ "timestamp": "2021-10-22T01:25:01.683Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 972, "fields": { @@ -3136,8 +3136,8 @@ "timestamp": "2021-10-22T01:25:01.723Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 973, "fields": { @@ -3152,8 +3152,8 @@ "timestamp": "2021-10-22T01:25:01.766Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 974, "fields": { @@ -3168,8 +3168,8 @@ "timestamp": "2021-10-22T01:25:01.804Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 975, "fields": { @@ -3184,8 +3184,8 @@ "timestamp": "2021-10-22T01:25:01.844Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 976, "fields": { @@ -3200,8 +3200,8 @@ "timestamp": "2021-10-22T01:25:01.883Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 977, "fields": { @@ -3216,8 +3216,8 @@ "timestamp": "2021-10-22T01:25:01.929Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 978, "fields": { @@ -3232,8 +3232,8 @@ "timestamp": "2021-10-22T01:25:01.973Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 979, "fields": { @@ -3248,8 +3248,8 @@ "timestamp": "2021-10-22T01:25:02.012Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 980, "fields": { @@ -3264,8 +3264,8 @@ "timestamp": "2021-10-22T01:25:02.055Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 981, "fields": { @@ -3280,8 +3280,8 @@ "timestamp": "2021-10-22T01:25:02.102Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 982, "fields": { @@ -3296,8 +3296,8 @@ "timestamp": "2021-10-22T01:25:02.142Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 983, "fields": { @@ -3312,8 +3312,8 @@ "timestamp": "2021-10-22T01:25:02.182Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 984, "fields": { @@ -3328,8 +3328,8 @@ "timestamp": "2021-10-22T01:25:02.222Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 985, "fields": { @@ -3344,8 +3344,8 @@ "timestamp": "2021-10-22T01:25:02.262Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 986, "fields": { @@ -3360,8 +3360,8 @@ "timestamp": "2021-10-22T01:25:02.303Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 987, "fields": { @@ -3376,8 +3376,8 @@ "timestamp": "2021-10-22T01:25:02.343Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 988, "fields": { @@ -3392,8 +3392,8 @@ "timestamp": "2021-10-22T01:25:02.384Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 989, "fields": { @@ -3408,8 +3408,8 @@ "timestamp": "2021-10-22T01:25:02.425Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 990, "fields": { @@ -3424,8 +3424,8 @@ "timestamp": "2021-10-22T01:25:02.467Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 991, "fields": { @@ -3440,8 +3440,8 @@ "timestamp": "2021-10-22T01:25:02.506Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 992, "fields": { @@ -3456,8 +3456,8 @@ "timestamp": "2021-10-22T01:25:02.547Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 993, "fields": { @@ -3472,8 +3472,8 @@ "timestamp": "2021-10-22T01:25:02.589Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 994, "fields": { @@ -3488,8 +3488,8 @@ "timestamp": "2021-10-22T01:25:02.629Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 995, "fields": { @@ -3504,8 +3504,8 @@ "timestamp": "2021-10-22T01:25:02.674Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 996, "fields": { @@ -3520,8 +3520,8 @@ "timestamp": "2021-10-22T01:25:02.713Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 997, "fields": { @@ -3536,8 +3536,8 @@ "timestamp": "2021-10-22T01:25:02.754Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 998, "fields": { @@ -3552,8 +3552,8 @@ "timestamp": "2021-10-22T01:25:02.788Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 999, "fields": { @@ -3568,8 +3568,8 @@ "timestamp": "2021-10-22T01:25:02.825Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1000, "fields": { @@ -3584,8 +3584,8 @@ "timestamp": "2021-10-22T01:25:02.865Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1001, "fields": { @@ -3600,8 +3600,8 @@ "timestamp": "2021-10-22T01:25:02.905Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1002, "fields": { @@ -3616,8 +3616,8 @@ "timestamp": "2021-10-22T01:25:02.947Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1003, "fields": { @@ -3632,8 +3632,8 @@ "timestamp": "2021-10-22T01:25:02.989Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1004, "fields": { @@ -3648,8 +3648,8 @@ "timestamp": "2021-10-22T01:25:03.030Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1005, "fields": { @@ -3664,8 +3664,8 @@ "timestamp": "2021-10-22T01:25:03.074Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1006, "fields": { @@ -3680,8 +3680,8 @@ "timestamp": "2021-10-22T01:25:03.116Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1007, "fields": { @@ -3696,8 +3696,8 @@ "timestamp": "2021-10-22T01:25:03.157Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1008, "fields": { @@ -3712,8 +3712,8 @@ "timestamp": "2021-10-22T01:25:03.197Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1009, "fields": { @@ -3728,8 +3728,8 @@ "timestamp": "2021-10-22T01:25:03.236Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1010, "fields": { @@ -3744,8 +3744,8 @@ "timestamp": "2021-10-22T01:25:03.275Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1011, "fields": { @@ -3760,8 +3760,8 @@ "timestamp": "2021-10-22T01:25:03.315Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1012, "fields": { @@ -3776,8 +3776,8 @@ "timestamp": "2021-10-22T01:25:03.355Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1013, "fields": { @@ -3792,8 +3792,8 @@ "timestamp": "2021-10-22T01:25:03.366Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1014, "fields": { @@ -3808,8 +3808,8 @@ "timestamp": "2021-10-22T01:25:03.408Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1015, "fields": { @@ -3824,8 +3824,8 @@ "timestamp": "2021-10-22T01:25:03.447Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1016, "fields": { @@ -3840,8 +3840,8 @@ "timestamp": "2021-10-22T01:25:03.486Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1017, "fields": { @@ -3856,8 +3856,8 @@ "timestamp": "2021-10-22T01:25:03.529Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1018, "fields": { @@ -3872,8 +3872,8 @@ "timestamp": "2021-10-22T01:25:03.570Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1019, "fields": { @@ -3888,8 +3888,8 @@ "timestamp": "2021-10-22T01:25:03.611Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1020, "fields": { @@ -3904,8 +3904,8 @@ "timestamp": "2021-10-22T01:25:03.654Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1021, "fields": { @@ -3920,8 +3920,8 @@ "timestamp": "2021-10-22T01:25:03.694Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1022, "fields": { @@ -3936,8 +3936,8 @@ "timestamp": "2021-10-22T01:25:03.734Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1023, "fields": { @@ -3952,8 +3952,8 @@ "timestamp": "2021-10-22T01:25:03.774Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1024, "fields": { @@ -3968,8 +3968,8 @@ "timestamp": "2021-10-22T01:25:03.814Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1025, "fields": { @@ -3984,8 +3984,8 @@ "timestamp": "2021-10-22T01:25:03.855Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1026, "fields": { @@ -4000,8 +4000,8 @@ "timestamp": "2021-10-22T01:25:03.898Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1027, "fields": { @@ -4016,8 +4016,8 @@ "timestamp": "2021-10-22T01:25:03.938Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1028, "fields": { @@ -4032,8 +4032,8 @@ "timestamp": "2021-10-22T01:25:03.977Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1029, "fields": { @@ -4048,8 +4048,8 @@ "timestamp": "2021-10-22T01:25:04.028Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1030, "fields": { @@ -4064,8 +4064,8 @@ "timestamp": "2021-10-22T01:25:04.071Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1031, "fields": { @@ -4080,8 +4080,8 @@ "timestamp": "2021-10-22T01:25:04.113Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1032, "fields": { @@ -4096,8 +4096,8 @@ "timestamp": "2021-10-22T01:25:04.154Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1033, "fields": { @@ -4112,8 +4112,8 @@ "timestamp": "2021-10-22T01:25:04.192Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1034, "fields": { @@ -4128,8 +4128,8 @@ "timestamp": "2021-10-22T01:25:04.233Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1035, "fields": { @@ -4144,8 +4144,8 @@ "timestamp": "2021-10-22T01:25:04.300Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1036, "fields": { @@ -4160,8 +4160,8 @@ "timestamp": "2021-10-22T01:25:04.339Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1037, "fields": { @@ -4176,8 +4176,8 @@ "timestamp": "2021-10-22T01:25:04.379Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1038, "fields": { @@ -4192,8 +4192,8 @@ "timestamp": "2021-10-22T01:25:04.421Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1039, "fields": { @@ -4208,8 +4208,8 @@ "timestamp": "2021-10-22T01:25:04.461Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1040, "fields": { @@ -4224,8 +4224,8 @@ "timestamp": "2021-10-22T01:25:04.499Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1041, "fields": { @@ -4240,8 +4240,8 @@ "timestamp": "2021-10-22T01:25:04.543Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1042, "fields": { @@ -4256,8 +4256,8 @@ "timestamp": "2021-10-22T01:25:04.582Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1043, "fields": { @@ -4272,8 +4272,8 @@ "timestamp": "2021-10-22T01:25:04.622Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1044, "fields": { @@ -4288,8 +4288,8 @@ "timestamp": "2021-10-22T01:25:04.662Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1045, "fields": { @@ -4304,8 +4304,8 @@ "timestamp": "2021-10-22T01:25:04.705Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1046, "fields": { @@ -4320,8 +4320,8 @@ "timestamp": "2021-10-22T01:25:04.745Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1047, "fields": { @@ -4336,8 +4336,8 @@ "timestamp": "2021-10-22T01:25:04.785Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1048, "fields": { @@ -4352,8 +4352,8 @@ "timestamp": "2021-10-22T01:25:04.824Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1049, "fields": { @@ -4368,8 +4368,8 @@ "timestamp": "2021-10-22T01:25:04.863Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1050, "fields": { @@ -4384,8 +4384,8 @@ "timestamp": "2021-10-22T01:25:04.906Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1051, "fields": { @@ -4400,8 +4400,8 @@ "timestamp": "2021-10-22T01:25:04.947Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1052, "fields": { @@ -4416,8 +4416,8 @@ "timestamp": "2021-10-22T01:25:04.992Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1053, "fields": { @@ -4432,8 +4432,8 @@ "timestamp": "2021-10-22T01:25:05.037Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1054, "fields": { @@ -4448,8 +4448,8 @@ "timestamp": "2021-10-22T01:25:05.086Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1055, "fields": { @@ -4464,8 +4464,8 @@ "timestamp": "2021-10-22T01:25:05.128Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1056, "fields": { @@ -4480,8 +4480,8 @@ "timestamp": "2021-10-22T01:25:05.169Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1057, "fields": { @@ -4496,8 +4496,8 @@ "timestamp": "2021-10-22T01:25:05.208Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1058, "fields": { @@ -4512,8 +4512,8 @@ "timestamp": "2021-10-22T01:25:05.248Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1059, "fields": { @@ -4528,8 +4528,8 @@ "timestamp": "2021-10-22T01:25:05.288Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1060, "fields": { @@ -4544,8 +4544,8 @@ "timestamp": "2021-10-22T01:25:05.329Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1061, "fields": { @@ -4560,8 +4560,8 @@ "timestamp": "2021-10-22T01:25:05.370Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1062, "fields": { @@ -4576,8 +4576,8 @@ "timestamp": "2021-10-22T01:25:05.411Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1063, "fields": { @@ -4592,8 +4592,8 @@ "timestamp": "2021-10-22T01:25:05.452Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1064, "fields": { @@ -4608,8 +4608,8 @@ "timestamp": "2021-10-22T01:25:05.492Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1065, "fields": { @@ -4624,8 +4624,8 @@ "timestamp": "2021-10-22T01:25:05.640Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1066, "fields": { @@ -4640,8 +4640,8 @@ "timestamp": "2021-10-22T01:25:05.684Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1067, "fields": { @@ -4656,8 +4656,8 @@ "timestamp": "2021-10-22T01:25:05.725Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1068, "fields": { @@ -4672,8 +4672,8 @@ "timestamp": "2021-10-22T01:25:05.767Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1069, "fields": { @@ -4688,8 +4688,8 @@ "timestamp": "2021-10-22T01:25:05.811Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1070, "fields": { @@ -4704,8 +4704,8 @@ "timestamp": "2021-10-22T01:25:05.851Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1071, "fields": { @@ -4720,8 +4720,8 @@ "timestamp": "2021-10-22T01:25:05.900Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1072, "fields": { @@ -4736,8 +4736,8 @@ "timestamp": "2021-10-22T01:25:05.942Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1073, "fields": { @@ -4752,8 +4752,8 @@ "timestamp": "2021-10-22T01:25:05.982Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1074, "fields": { @@ -4768,8 +4768,8 @@ "timestamp": "2021-10-22T01:25:06.025Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1075, "fields": { @@ -4784,8 +4784,8 @@ "timestamp": "2021-10-22T01:25:06.071Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1076, "fields": { @@ -4800,8 +4800,8 @@ "timestamp": "2021-10-22T01:25:06.113Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1077, "fields": { @@ -4816,8 +4816,8 @@ "timestamp": "2021-10-22T01:25:06.153Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1078, "fields": { @@ -4832,8 +4832,8 @@ "timestamp": "2021-10-22T01:25:06.195Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1079, "fields": { @@ -4848,8 +4848,8 @@ "timestamp": "2021-10-22T01:25:06.235Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1080, "fields": { @@ -4864,8 +4864,8 @@ "timestamp": "2021-10-22T01:25:06.276Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1081, "fields": { @@ -4880,8 +4880,8 @@ "timestamp": "2021-10-22T01:25:06.317Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1082, "fields": { @@ -4896,8 +4896,8 @@ "timestamp": "2021-10-22T01:25:06.357Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1083, "fields": { @@ -4912,8 +4912,8 @@ "timestamp": "2021-10-22T01:25:06.398Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1084, "fields": { @@ -4928,8 +4928,8 @@ "timestamp": "2021-10-22T01:25:06.439Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1085, "fields": { @@ -4944,8 +4944,8 @@ "timestamp": "2021-10-22T01:25:06.481Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1086, "fields": { @@ -4960,8 +4960,8 @@ "timestamp": "2021-10-22T01:25:06.522Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1087, "fields": { @@ -4976,8 +4976,8 @@ "timestamp": "2021-10-22T01:25:06.567Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1088, "fields": { @@ -4992,8 +4992,8 @@ "timestamp": "2021-10-22T01:25:06.606Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1089, "fields": { @@ -5008,8 +5008,8 @@ "timestamp": "2021-10-22T01:25:06.647Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1090, "fields": { @@ -5024,8 +5024,8 @@ "timestamp": "2021-10-22T01:25:06.687Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1091, "fields": { @@ -5040,8 +5040,8 @@ "timestamp": "2021-10-22T01:25:06.730Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1092, "fields": { @@ -5056,8 +5056,8 @@ "timestamp": "2021-10-22T01:25:06.777Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1093, "fields": { @@ -5072,8 +5072,8 @@ "timestamp": "2021-10-22T01:25:06.817Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1094, "fields": { @@ -5088,8 +5088,8 @@ "timestamp": "2021-10-22T01:25:06.859Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1095, "fields": { @@ -5104,8 +5104,8 @@ "timestamp": "2021-10-22T01:25:06.901Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1096, "fields": { @@ -5120,8 +5120,8 @@ "timestamp": "2021-10-22T01:25:06.943Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1097, "fields": { @@ -5136,8 +5136,8 @@ "timestamp": "2021-10-22T01:25:06.983Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1098, "fields": { @@ -5152,8 +5152,8 @@ "timestamp": "2021-10-22T01:25:07.028Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1099, "fields": { @@ -5168,8 +5168,8 @@ "timestamp": "2021-10-22T01:25:07.074Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1100, "fields": { @@ -5184,8 +5184,8 @@ "timestamp": "2021-10-22T01:25:07.116Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1101, "fields": { @@ -5200,8 +5200,8 @@ "timestamp": "2021-10-22T01:25:07.146Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1102, "fields": { @@ -5216,8 +5216,8 @@ "timestamp": "2021-10-22T01:25:07.182Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1103, "fields": { @@ -5232,8 +5232,8 @@ "timestamp": "2021-10-22T01:25:07.217Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1104, "fields": { @@ -5248,8 +5248,8 @@ "timestamp": "2021-10-22T01:25:07.257Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1105, "fields": { @@ -5264,8 +5264,8 @@ "timestamp": "2021-10-22T01:25:07.298Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1106, "fields": { @@ -5280,8 +5280,8 @@ "timestamp": "2021-10-22T01:25:07.341Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1107, "fields": { @@ -5296,8 +5296,8 @@ "timestamp": "2021-10-22T01:25:07.380Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1108, "fields": { @@ -5312,8 +5312,8 @@ "timestamp": "2021-10-22T01:25:07.422Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1109, "fields": { @@ -5328,8 +5328,8 @@ "timestamp": "2021-10-22T01:25:07.463Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1110, "fields": { @@ -5344,8 +5344,8 @@ "timestamp": "2021-10-22T01:25:07.501Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1111, "fields": { @@ -5360,8 +5360,8 @@ "timestamp": "2021-10-22T01:25:07.545Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1112, "fields": { @@ -5376,8 +5376,8 @@ "timestamp": "2021-10-22T01:25:07.586Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1113, "fields": { @@ -5392,8 +5392,8 @@ "timestamp": "2021-10-22T01:25:07.625Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1114, "fields": { @@ -5408,8 +5408,8 @@ "timestamp": "2021-10-22T01:25:07.667Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1115, "fields": { @@ -5424,8 +5424,8 @@ "timestamp": "2021-10-22T01:25:07.706Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1116, "fields": { @@ -5440,8 +5440,8 @@ "timestamp": "2021-10-22T01:25:07.747Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1117, "fields": { @@ -5456,8 +5456,8 @@ "timestamp": "2021-10-22T01:25:07.788Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1118, "fields": { @@ -5472,8 +5472,8 @@ "timestamp": "2021-10-22T01:25:07.827Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1119, "fields": { @@ -5488,8 +5488,8 @@ "timestamp": "2021-10-22T01:25:07.866Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1120, "fields": { @@ -5504,8 +5504,8 @@ "timestamp": "2021-10-22T01:25:07.909Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1121, "fields": { @@ -5520,8 +5520,8 @@ "timestamp": "2021-10-22T01:25:07.953Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1122, "fields": { @@ -5536,8 +5536,8 @@ "timestamp": "2021-10-22T01:25:07.993Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1123, "fields": { @@ -5552,8 +5552,8 @@ "timestamp": "2021-10-22T01:25:08.038Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1124, "fields": { @@ -5568,8 +5568,8 @@ "timestamp": "2021-10-22T01:25:08.081Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1125, "fields": { @@ -5584,8 +5584,8 @@ "timestamp": "2021-10-22T01:25:08.122Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1126, "fields": { @@ -5600,8 +5600,8 @@ "timestamp": "2021-10-22T01:25:08.161Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1127, "fields": { @@ -5616,8 +5616,8 @@ "timestamp": "2021-10-22T01:25:08.201Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1128, "fields": { @@ -5632,8 +5632,8 @@ "timestamp": "2021-10-22T01:25:08.243Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1129, "fields": { @@ -5648,8 +5648,8 @@ "timestamp": "2021-10-22T01:25:08.283Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1130, "fields": { @@ -5664,8 +5664,8 @@ "timestamp": "2021-10-22T01:25:08.324Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1131, "fields": { @@ -5680,8 +5680,8 @@ "timestamp": "2021-10-22T01:25:08.364Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1132, "fields": { @@ -5696,8 +5696,8 @@ "timestamp": "2021-10-22T01:25:08.404Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1133, "fields": { @@ -5712,8 +5712,8 @@ "timestamp": "2021-10-22T01:25:08.445Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1134, "fields": { @@ -5728,8 +5728,8 @@ "timestamp": "2021-10-22T01:25:08.486Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1135, "fields": { @@ -5744,8 +5744,8 @@ "timestamp": "2021-10-22T01:25:08.525Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1136, "fields": { @@ -5760,8 +5760,8 @@ "timestamp": "2021-10-22T01:25:08.566Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1137, "fields": { @@ -5776,8 +5776,8 @@ "timestamp": "2021-10-22T01:25:08.606Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1138, "fields": { @@ -5792,8 +5792,8 @@ "timestamp": "2021-10-22T01:25:08.646Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1139, "fields": { @@ -5808,8 +5808,8 @@ "timestamp": "2021-10-22T01:25:08.684Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1140, "fields": { @@ -5824,8 +5824,8 @@ "timestamp": "2021-10-22T01:25:08.722Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1141, "fields": { @@ -5840,8 +5840,8 @@ "timestamp": "2021-10-22T01:25:08.761Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1142, "fields": { @@ -5856,8 +5856,8 @@ "timestamp": "2021-10-22T01:25:08.806Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1143, "fields": { @@ -5872,8 +5872,8 @@ "timestamp": "2021-10-22T01:25:08.845Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1144, "fields": { @@ -5888,8 +5888,8 @@ "timestamp": "2021-10-22T01:25:08.883Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1145, "fields": { @@ -5904,8 +5904,8 @@ "timestamp": "2021-10-22T01:25:08.929Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1146, "fields": { @@ -5920,8 +5920,8 @@ "timestamp": "2021-10-22T01:25:08.969Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1147, "fields": { @@ -5936,8 +5936,8 @@ "timestamp": "2021-10-22T01:25:09.006Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1148, "fields": { @@ -5952,8 +5952,8 @@ "timestamp": "2021-10-22T01:25:09.051Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1149, "fields": { @@ -5968,8 +5968,8 @@ "timestamp": "2021-10-22T01:25:09.095Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1150, "fields": { @@ -5984,8 +5984,8 @@ "timestamp": "2021-10-22T01:25:09.135Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1151, "fields": { @@ -6000,8 +6000,8 @@ "timestamp": "2021-10-22T01:25:09.176Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1152, "fields": { @@ -6016,8 +6016,8 @@ "timestamp": "2021-10-22T01:25:09.215Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1153, "fields": { @@ -6032,8 +6032,8 @@ "timestamp": "2021-10-22T01:25:09.262Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1154, "fields": { @@ -6048,8 +6048,8 @@ "timestamp": "2021-10-22T01:25:09.302Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1155, "fields": { @@ -6064,8 +6064,8 @@ "timestamp": "2021-10-22T01:25:09.346Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1156, "fields": { @@ -6080,8 +6080,8 @@ "timestamp": "2021-10-22T01:25:09.389Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1157, "fields": { @@ -6096,8 +6096,8 @@ "timestamp": "2021-10-22T01:25:09.431Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1158, "fields": { @@ -6112,8 +6112,8 @@ "timestamp": "2021-10-22T01:25:09.475Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1159, "fields": { @@ -6128,8 +6128,8 @@ "timestamp": "2021-10-22T01:25:09.517Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1160, "fields": { @@ -6144,8 +6144,8 @@ "timestamp": "2021-10-22T01:25:09.563Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1161, "fields": { @@ -6160,8 +6160,8 @@ "timestamp": "2021-10-22T01:25:09.608Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1162, "fields": { @@ -6176,8 +6176,8 @@ "timestamp": "2021-10-22T01:25:09.652Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1163, "fields": { @@ -6192,8 +6192,8 @@ "timestamp": "2021-10-22T01:25:09.691Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1164, "fields": { @@ -6208,8 +6208,8 @@ "timestamp": "2021-10-22T01:25:09.729Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1165, "fields": { @@ -6224,8 +6224,8 @@ "timestamp": "2021-10-22T01:25:09.769Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1166, "fields": { @@ -6240,8 +6240,8 @@ "timestamp": "2021-10-22T01:25:09.818Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1167, "fields": { @@ -6256,8 +6256,8 @@ "timestamp": "2021-10-22T01:25:09.864Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1168, "fields": { @@ -6272,8 +6272,8 @@ "timestamp": "2021-10-22T01:25:09.909Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1169, "fields": { @@ -6288,8 +6288,8 @@ "timestamp": "2021-10-22T01:25:09.954Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1170, "fields": { @@ -6304,8 +6304,8 @@ "timestamp": "2021-10-22T01:25:09.992Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1171, "fields": { @@ -6320,8 +6320,8 @@ "timestamp": "2021-10-22T01:25:10.026Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1172, "fields": { @@ -6336,8 +6336,8 @@ "timestamp": "2021-10-22T01:25:10.072Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1173, "fields": { @@ -6352,8 +6352,8 @@ "timestamp": "2021-10-22T01:25:10.116Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1174, "fields": { @@ -6368,8 +6368,8 @@ "timestamp": "2021-10-22T01:25:10.160Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1175, "fields": { @@ -6384,8 +6384,8 @@ "timestamp": "2021-10-22T01:25:10.203Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1176, "fields": { @@ -6400,8 +6400,8 @@ "timestamp": "2021-10-22T01:25:10.246Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1177, "fields": { @@ -6416,8 +6416,8 @@ "timestamp": "2021-10-22T01:25:10.291Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1178, "fields": { @@ -6432,8 +6432,8 @@ "timestamp": "2021-10-22T01:25:10.334Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1179, "fields": { @@ -6448,8 +6448,8 @@ "timestamp": "2021-10-22T01:25:10.374Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1180, "fields": { @@ -6464,8 +6464,8 @@ "timestamp": "2021-10-22T01:25:10.413Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1181, "fields": { @@ -6480,8 +6480,8 @@ "timestamp": "2021-10-22T01:25:10.453Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1182, "fields": { @@ -6496,8 +6496,8 @@ "timestamp": "2021-10-22T01:25:10.495Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1183, "fields": { @@ -6512,8 +6512,8 @@ "timestamp": "2021-10-22T01:25:10.539Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1184, "fields": { @@ -6528,8 +6528,8 @@ "timestamp": "2021-10-22T01:25:10.580Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1185, "fields": { @@ -6544,8 +6544,8 @@ "timestamp": "2021-10-22T01:25:10.617Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1186, "fields": { @@ -6560,8 +6560,8 @@ "timestamp": "2021-10-22T01:25:10.657Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1187, "fields": { @@ -6576,8 +6576,8 @@ "timestamp": "2021-10-22T01:25:10.698Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1188, "fields": { @@ -6592,8 +6592,8 @@ "timestamp": "2021-10-22T01:25:10.737Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1189, "fields": { @@ -6608,8 +6608,8 @@ "timestamp": "2021-10-22T01:25:10.776Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1190, "fields": { @@ -6624,8 +6624,8 @@ "timestamp": "2021-10-22T01:25:10.822Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1191, "fields": { @@ -6640,8 +6640,8 @@ "timestamp": "2021-10-22T01:25:10.863Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1192, "fields": { @@ -6656,8 +6656,8 @@ "timestamp": "2021-10-22T01:25:10.910Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1193, "fields": { @@ -6672,8 +6672,8 @@ "timestamp": "2021-10-22T01:25:10.957Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1194, "fields": { @@ -6688,8 +6688,8 @@ "timestamp": "2021-10-22T01:25:10.999Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1195, "fields": { @@ -6704,8 +6704,8 @@ "timestamp": "2021-10-22T01:25:11.041Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1196, "fields": { @@ -6720,8 +6720,8 @@ "timestamp": "2021-10-22T01:25:11.086Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1197, "fields": { @@ -6736,8 +6736,8 @@ "timestamp": "2021-10-22T01:25:11.131Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1198, "fields": { @@ -6752,8 +6752,8 @@ "timestamp": "2021-10-22T01:25:11.178Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1199, "fields": { @@ -6768,8 +6768,8 @@ "timestamp": "2021-10-22T01:25:11.224Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1200, "fields": { @@ -6784,8 +6784,8 @@ "timestamp": "2021-10-22T01:25:11.267Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1201, "fields": { @@ -6800,8 +6800,8 @@ "timestamp": "2021-10-22T01:25:11.285Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1202, "fields": { @@ -6816,8 +6816,8 @@ "timestamp": "2021-10-22T01:25:11.299Z", "additional_data": null } -}, -{ + }, + { "model": "auditlog.logentry", "pk": 1203, "fields": { @@ -6832,8 +6832,8 @@ "timestamp": "2021-10-22T01:25:11.568Z", "additional_data": null } -}, -{ + }, + { "model": "dojo.regulation", "pk": 1, "fields": { @@ -6844,8 +6844,8 @@ "description": "The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.", "reference": "http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 2, "fields": { @@ -6856,8 +6856,8 @@ "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 3, "fields": { @@ -6868,8 +6868,8 @@ "description": "The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. Other regulations under this act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses.", "reference": "http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 4, "fields": { @@ -6880,8 +6880,8 @@ "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 5, "fields": { @@ -6892,8 +6892,8 @@ "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 6, "fields": { @@ -6904,8 +6904,8 @@ "description": "The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.", "reference": "http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 7, "fields": { @@ -6916,8 +6916,8 @@ "description": "The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.", "reference": "http://en.wikipedia.org/wiki/Data_Protection_Act_1998" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 8, "fields": { @@ -6928,8 +6928,8 @@ "description": "The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the amount of cash and work involved in the law compliance.", "reference": "http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 9, "fields": { @@ -6940,8 +6940,8 @@ "description": "In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.", "reference": "http://en.wikipedia.org/wiki/California_S.B._1386" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 10, "fields": { @@ -6952,8 +6952,8 @@ "description": "The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.", "reference": "http://en.wikipedia.org/wiki/Online_Privacy_Protection_Act" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 11, "fields": { @@ -6964,8 +6964,8 @@ "description": "The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.", "reference": "http://en.wikipedia.org/wiki/Data_Protection_Directive" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 12, "fields": { @@ -6976,8 +6976,8 @@ "description": "Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.", "reference": "http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications" } -}, -{ + }, + { "model": "dojo.regulation", "pk": 13, "fields": { @@ -6988,8 +6988,8 @@ "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.", "reference": "https://www.eugdpr.org/" } -}, -{ + }, + { "model": "dojo.usercontactinfo", "pk": 1, "fields": { @@ -7004,8 +7004,8 @@ "block_execution": false, "force_password_reset": false } -}, -{ + }, + { "model": "dojo.usercontactinfo", "pk": 2, "fields": { @@ -7020,8 +7020,8 @@ "block_execution": false, "force_password_reset": false } -}, -{ + }, + { "model": "dojo.usercontactinfo", "pk": 3, "fields": { @@ -7036,52 +7036,51 @@ "block_execution": false, "force_password_reset": false } -}, -{ + }, + { "model": "dojo.role", "pk": 1, "fields": { "name": "API_Importer", "is_owner": false } -}, -{ + }, + { "model": "dojo.role", "pk": 2, "fields": { "name": "Writer", "is_owner": false } -}, -{ + }, + { "model": "dojo.role", "pk": 3, "fields": { "name": "Maintainer", "is_owner": false } -}, -{ + }, + { "model": "dojo.role", "pk": 4, "fields": { "name": "Owner", "is_owner": true } -}, -{ + }, + { "model": "dojo.role", "pk": 5, "fields": { "name": "Reader", "is_owner": false } -}, -{ + }, + { "model": "dojo.system_settings", "pk": 1, "fields": { - "enable_auditlog": true, "enable_deduplication": false, "delete_duplicates": false, "max_dupes": null, @@ -7091,6 +7090,7 @@ "jira_webhook_secret": null, "jira_minimum_severity": null, "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, "enable_github": false, "enable_slack_notifications": false, "slack_channel": "", @@ -7117,28 +7117,31 @@ "engagement_auto_close": false, "engagement_auto_close_days": 3, "enable_finding_sla": true, - "sla_critical": 7, - "sla_high": 30, - "sla_medium": 90, - "sla_low": 120, "allow_anonymous_survey_repsonse": false, "credentials": "", "disclaimer": "", - "column_widths": "", - "drive_folder_ID": "", - "enable_google_sheets": false, - "email_address": "", "risk_acceptance_form_default_days": 180, "risk_acceptance_notify_before_expiration": 10, "enable_credentials": true, "enable_questionnaires": true, "enable_checklists": true, "default_group": null, - "default_group_role": null, - "staff_user_email_pattern": "" - } -}, -{ + "default_group_role": null + } + }, + { + "model": "dojo.sla_configuration", + "pk": 1, + "fields": { + "name": "Default", + "description": "The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.", + "critical": 7, + "high": 30, + "medium": 90, + "low": 120 + } + }, + { "model": "dojo.product_type", "pk": 1, "fields": { @@ -7149,8 +7152,8 @@ "updated": null, "created": null } -}, -{ + }, + { "model": "dojo.product_type", "pk": 2, "fields": { @@ -7161,8 +7164,8 @@ "updated": "2018-08-16T17:05:29.277Z", "created": null } -}, -{ + }, + { "model": "dojo.product_type", "pk": 3, "fields": { @@ -7173,29 +7176,29 @@ "updated": "2018-08-16T17:05:42.193Z", "created": null } -}, -{ + }, + { "model": "dojo.report_type", "pk": 1, "fields": { "name": "Type 1" } -}, -{ + }, + { "model": "dojo.report_type", "pk": 2, "fields": { "name": "Type 2" } -}, -{ + }, + { "model": "dojo.report_type", "pk": 3, "fields": { "name": "Type 3" } -}, -{ + }, + { "model": "dojo.test_type", "pk": 1, "fields": { @@ -7204,8 +7207,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 2, "fields": { @@ -7214,8 +7217,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 3, "fields": { @@ -7224,8 +7227,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 4, "fields": { @@ -7234,8 +7237,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 5, "fields": { @@ -7244,8 +7247,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 6, "fields": { @@ -7254,8 +7257,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 7, "fields": { @@ -7264,8 +7267,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 8, "fields": { @@ -7274,8 +7277,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 9, "fields": { @@ -7284,8 +7287,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 10, "fields": { @@ -7294,8 +7297,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 11, "fields": { @@ -7304,8 +7307,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 12, "fields": { @@ -7314,8 +7317,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 13, "fields": { @@ -7324,8 +7327,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 14, "fields": { @@ -7334,8 +7337,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 15, "fields": { @@ -7344,8 +7347,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 16, "fields": { @@ -7354,8 +7357,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 17, "fields": { @@ -7364,8 +7367,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 18, "fields": { @@ -7374,8 +7377,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 19, "fields": { @@ -7384,8 +7387,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 20, "fields": { @@ -7394,8 +7397,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 21, "fields": { @@ -7404,8 +7407,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 22, "fields": { @@ -7414,8 +7417,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 23, "fields": { @@ -7424,8 +7427,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 24, "fields": { @@ -7434,8 +7437,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 25, "fields": { @@ -7444,8 +7447,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 27, "fields": { @@ -7454,8 +7457,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 28, "fields": { @@ -7464,8 +7467,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 29, "fields": { @@ -7474,8 +7477,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 30, "fields": { @@ -7484,8 +7487,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 31, "fields": { @@ -7494,8 +7497,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 32, "fields": { @@ -7504,8 +7507,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 33, "fields": { @@ -7514,8 +7517,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 34, "fields": { @@ -7524,8 +7527,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 35, "fields": { @@ -7534,8 +7537,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 36, "fields": { @@ -7544,8 +7547,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 37, "fields": { @@ -7554,8 +7557,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 38, "fields": { @@ -7564,8 +7567,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 39, "fields": { @@ -7574,8 +7577,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 40, "fields": { @@ -7584,8 +7587,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 41, "fields": { @@ -7594,8 +7597,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 42, "fields": { @@ -7604,8 +7607,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 43, "fields": { @@ -7614,8 +7617,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 44, "fields": { @@ -7624,8 +7627,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 45, "fields": { @@ -7634,8 +7637,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 46, "fields": { @@ -7644,8 +7647,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 47, "fields": { @@ -7654,8 +7657,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 48, "fields": { @@ -7664,8 +7667,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 49, "fields": { @@ -7674,8 +7677,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 50, "fields": { @@ -7684,8 +7687,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 51, "fields": { @@ -7694,8 +7697,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 52, "fields": { @@ -7704,8 +7707,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 53, "fields": { @@ -7714,8 +7717,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 54, "fields": { @@ -7724,8 +7727,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 55, "fields": { @@ -7734,8 +7737,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 56, "fields": { @@ -7744,8 +7747,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 57, "fields": { @@ -7754,18 +7757,18 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 58, "fields": { - "name": "Choctaw Hog Scan", + "name": "Rusty Hog Scan", "static_tool": false, "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 59, "fields": { @@ -7774,8 +7777,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 60, "fields": { @@ -7784,8 +7787,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 61, "fields": { @@ -7794,8 +7797,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 62, "fields": { @@ -7804,8 +7807,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 63, "fields": { @@ -7814,8 +7817,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 64, "fields": { @@ -7824,8 +7827,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 65, "fields": { @@ -7834,8 +7837,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 66, "fields": { @@ -7844,8 +7847,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 67, "fields": { @@ -7854,8 +7857,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 68, "fields": { @@ -7864,8 +7867,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 69, "fields": { @@ -7874,8 +7877,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 70, "fields": { @@ -7884,8 +7887,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 71, "fields": { @@ -7894,8 +7897,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 72, "fields": { @@ -7904,8 +7907,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 73, "fields": { @@ -7914,8 +7917,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 74, "fields": { @@ -7924,8 +7927,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 75, "fields": { @@ -7934,8 +7937,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 76, "fields": { @@ -7944,8 +7947,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 77, "fields": { @@ -7954,8 +7957,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 78, "fields": { @@ -7964,8 +7967,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 79, "fields": { @@ -7974,8 +7977,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 80, "fields": { @@ -7984,8 +7987,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 81, "fields": { @@ -7994,8 +7997,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 82, "fields": { @@ -8004,8 +8007,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 83, "fields": { @@ -8014,8 +8017,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 84, "fields": { @@ -8024,8 +8027,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 85, "fields": { @@ -8034,8 +8037,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 86, "fields": { @@ -8044,8 +8047,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 87, "fields": { @@ -8054,8 +8057,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 88, "fields": { @@ -8064,8 +8067,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 89, "fields": { @@ -8074,8 +8077,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 90, "fields": { @@ -8084,8 +8087,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 91, "fields": { @@ -8094,8 +8097,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 92, "fields": { @@ -8104,8 +8107,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 93, "fields": { @@ -8114,8 +8117,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 94, "fields": { @@ -8124,8 +8127,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 95, "fields": { @@ -8134,8 +8137,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 96, "fields": { @@ -8144,8 +8147,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 97, "fields": { @@ -8154,8 +8157,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 98, "fields": { @@ -8164,8 +8167,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 99, "fields": { @@ -8174,8 +8177,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 100, "fields": { @@ -8184,8 +8187,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 101, "fields": { @@ -8194,8 +8197,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 102, "fields": { @@ -8204,8 +8207,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 103, "fields": { @@ -8214,8 +8217,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 104, "fields": { @@ -8224,8 +8227,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 105, "fields": { @@ -8234,8 +8237,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 106, "fields": { @@ -8244,8 +8247,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 107, "fields": { @@ -8254,8 +8257,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 108, "fields": { @@ -8264,8 +8267,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 109, "fields": { @@ -8274,8 +8277,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 110, "fields": { @@ -8284,8 +8287,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 111, "fields": { @@ -8294,8 +8297,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 112, "fields": { @@ -8304,8 +8307,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 113, "fields": { @@ -8314,8 +8317,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 114, "fields": { @@ -8324,8 +8327,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 115, "fields": { @@ -8334,8 +8337,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 117, "fields": { @@ -8344,8 +8347,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 118, "fields": { @@ -8354,8 +8357,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 119, "fields": { @@ -8364,8 +8367,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 120, "fields": { @@ -8374,8 +8377,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 121, "fields": { @@ -8384,8 +8387,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 122, "fields": { @@ -8394,8 +8397,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 123, "fields": { @@ -8404,8 +8407,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 124, "fields": { @@ -8414,8 +8417,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 125, "fields": { @@ -8424,8 +8427,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 126, "fields": { @@ -8434,18 +8437,18 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 127, "fields": { - "name": "SSLyze 3 Scan (JSON)", + "name": "SSLyze Scan (JSON)", "static_tool": false, "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 128, "fields": { @@ -8454,8 +8457,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 129, "fields": { @@ -8464,8 +8467,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 130, "fields": { @@ -8474,8 +8477,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 131, "fields": { @@ -8484,8 +8487,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 132, "fields": { @@ -8494,8 +8497,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 133, "fields": { @@ -8504,8 +8507,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 134, "fields": { @@ -8514,8 +8517,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 135, "fields": { @@ -8524,8 +8527,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 136, "fields": { @@ -8534,8 +8537,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 137, "fields": { @@ -8544,8 +8547,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 138, "fields": { @@ -8554,8 +8557,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 139, "fields": { @@ -8564,8 +8567,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 140, "fields": { @@ -8574,18 +8577,18 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 141, "fields": { - "name": "Whitesource Scan", + "name": "Mend Scan", "static_tool": false, "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 142, "fields": { @@ -8594,8 +8597,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 143, "fields": { @@ -8604,8 +8607,8 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { "model": "dojo.test_type", "pk": 144, "fields": { @@ -8614,8 +8617,18 @@ "dynamic_tool": false, "active": true } -}, -{ + }, + { + "model": "dojo.test_type", + "pk": 149, + "fields": { + "name": "JFrog Xray On Demand Binary Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true + } + }, + { "model": "dojo.tagulous_product_tags", "pk": 1, "fields": { @@ -8624,8 +8637,8 @@ "count": 1, "protected": false } -}, -{ + }, + { "model": "dojo.product", "pk": 1, "fields": { @@ -8638,6 +8651,7 @@ "prod_type": 2, "updated": null, "tid": 0, + "sla_configuration": 1, "prod_numeric_grade": 5, "business_criticality": "high", "platform": "web", @@ -8657,8 +8671,8 @@ "retire" ] } -}, -{ + }, + { "model": "dojo.product", "pk": 2, "fields": { @@ -8671,6 +8685,7 @@ "prod_type": 2, "updated": null, "tid": 0, + "sla_configuration": 1, "prod_numeric_grade": null, "business_criticality": "medium", "platform": "web", @@ -8685,8 +8700,8 @@ "regulations": [], "tags": [] } -}, -{ + }, + { "model": "dojo.product", "pk": 3, "fields": { @@ -8699,6 +8714,7 @@ "prod_type": 3, "updated": null, "tid": 0, + "sla_configuration": 1, "prod_numeric_grade": null, "business_criticality": "high", "platform": "web", @@ -8715,48 +8731,48 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.tool_type", "pk": 1, "fields": { "name": "DAST", "description": "Dynamic Application Security Testing" } -}, -{ + }, + { "model": "dojo.tool_type", "pk": 2, "fields": { "name": "SAST", "description": "Static Application Security Testing" } -}, -{ + }, + { "model": "dojo.tool_type", "pk": 3, "fields": { "name": "IAST", "description": "Interactive Application Security Testing" } -}, -{ + }, + { "model": "dojo.tool_type", "pk": 4, "fields": { "name": "Source Code", "description": "Source Code Management" } -}, -{ + }, + { "model": "dojo.tool_type", "pk": 5, "fields": { "name": "Build Sever", "description": "Build Server" } -}, -{ + }, + { "model": "dojo.tool_configuration", "pk": 1, "fields": { @@ -8772,8 +8788,8 @@ "ssh": "", "api_key": "" } -}, -{ + }, + { "model": "dojo.tool_configuration", "pk": 2, "fields": { @@ -8789,8 +8805,8 @@ "ssh": "", "api_key": "test string" } -}, -{ + }, + { "model": "dojo.tool_configuration", "pk": 3, "fields": { @@ -8806,8 +8822,8 @@ "ssh": "test string", "api_key": "" } -}, -{ + }, + { "model": "dojo.tagulous_engagement_tags", "pk": 2, "fields": { @@ -8816,8 +8832,8 @@ "count": 2, "protected": false } -}, -{ + }, + { "model": "dojo.engagement", "pk": 1, "fields": { @@ -8860,8 +8876,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 2, "fields": { @@ -8904,8 +8920,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 3, "fields": { @@ -8948,8 +8964,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 4, "fields": { @@ -8992,8 +9008,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 6, "fields": { @@ -9038,8 +9054,8 @@ "pci" ] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 7, "fields": { @@ -9082,8 +9098,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 8, "fields": { @@ -9126,8 +9142,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 10, "fields": { @@ -9172,8 +9188,8 @@ "pci" ] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 11, "fields": { @@ -9216,8 +9232,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 12, "fields": { @@ -9260,8 +9276,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.engagement", "pk": 13, "fields": { @@ -9304,8 +9320,8 @@ "risk_acceptance": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 1, "fields": { @@ -9317,13 +9333,11 @@ "query": null, "fragment": null, "product": 2, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 2, "fields": { @@ -9335,13 +9349,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 3, "fields": { @@ -9353,13 +9365,11 @@ "query": null, "fragment": null, "product": 3, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 4, "fields": { @@ -9371,13 +9381,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 5, "fields": { @@ -9389,13 +9397,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 6, "fields": { @@ -9407,13 +9413,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 7, "fields": { @@ -9425,13 +9429,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 8, "fields": { @@ -9443,13 +9445,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 9, "fields": { @@ -9461,13 +9461,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 10, "fields": { @@ -9479,13 +9477,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 11, "fields": { @@ -9497,13 +9493,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 12, "fields": { @@ -9515,13 +9509,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 13, "fields": { @@ -9533,13 +9525,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 14, "fields": { @@ -9551,13 +9541,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 15, "fields": { @@ -9569,13 +9557,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 16, "fields": { @@ -9587,13 +9573,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 17, "fields": { @@ -9605,13 +9589,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 18, "fields": { @@ -9623,13 +9605,11 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.endpoint", "pk": 19, "fields": { @@ -9641,62 +9621,60 @@ "query": null, "fragment": null, "product": 1, - "mitigated": false, "endpoint_params": [], - "endpoint_status": [], "tags": [] } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 1, "fields": { "name": "AWS" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 2, "fields": { "name": "Staging" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 3, "fields": { "name": "Production" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 4, "fields": { "name": "Test" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 5, "fields": { "name": "Pre-prod" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 6, "fields": { "name": "Lab" } -}, -{ + }, + { "model": "dojo.development_environment", "pk": 7, "fields": { "name": "Development" } -}, -{ + }, + { "model": "dojo.test", "pk": 3, "fields": { @@ -9723,8 +9701,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 13, "fields": { @@ -9751,8 +9729,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 14, "fields": { @@ -9779,8 +9757,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 15, "fields": { @@ -9807,8 +9785,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 16, "fields": { @@ -9835,8 +9813,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 18, "fields": { @@ -9863,8 +9841,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 19, "fields": { @@ -9891,8 +9869,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 20, "fields": { @@ -9919,8 +9897,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 21, "fields": { @@ -9947,8 +9925,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 22, "fields": { @@ -9975,8 +9953,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 23, "fields": { @@ -10003,8 +9981,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 25, "fields": { @@ -10031,8 +10009,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 26, "fields": { @@ -10059,8 +10037,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 28, "fields": { @@ -10087,8 +10065,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 29, "fields": { @@ -10115,8 +10093,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 30, "fields": { @@ -10143,8 +10121,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 31, "fields": { @@ -10171,8 +10149,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.test", "pk": 32, "fields": { @@ -10199,8 +10177,8 @@ "files": [], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 2, "fields": { @@ -10260,8 +10238,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10270,8 +10246,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 3, "fields": { @@ -10331,8 +10307,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10341,8 +10315,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 4, "fields": { @@ -10402,8 +10376,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10412,8 +10384,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 5, "fields": { @@ -10473,8 +10445,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10483,8 +10453,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 6, "fields": { @@ -10544,8 +10514,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10554,8 +10522,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 7, "fields": { @@ -10615,8 +10583,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10625,8 +10591,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 8, "fields": { @@ -10686,8 +10652,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10696,8 +10660,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 9, "fields": { @@ -10757,8 +10721,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10767,8 +10729,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 10, "fields": { @@ -10828,8 +10790,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10838,8 +10798,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 11, "fields": { @@ -10899,8 +10859,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10909,8 +10867,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 12, "fields": { @@ -10970,8 +10928,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -10980,8 +10936,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 13, "fields": { @@ -11041,8 +10997,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11051,8 +11005,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 14, "fields": { @@ -11112,8 +11066,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11122,8 +11074,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 15, "fields": { @@ -11183,8 +11135,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11193,8 +11143,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 16, "fields": { @@ -11254,8 +11204,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11264,8 +11212,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 17, "fields": { @@ -11325,8 +11273,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11335,8 +11281,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 18, "fields": { @@ -11396,8 +11342,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11406,8 +11350,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 19, "fields": { @@ -11467,8 +11411,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11477,8 +11419,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 20, "fields": { @@ -11538,8 +11480,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11548,8 +11488,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 21, "fields": { @@ -11609,8 +11549,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11619,8 +11557,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 22, "fields": { @@ -11680,8 +11618,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11690,8 +11626,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 23, "fields": { @@ -11751,8 +11687,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11761,8 +11695,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 24, "fields": { @@ -11822,8 +11756,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11832,8 +11764,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 25, "fields": { @@ -11893,8 +11825,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11903,8 +11833,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 26, "fields": { @@ -11964,8 +11894,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -11974,8 +11902,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 27, "fields": { @@ -12035,8 +11963,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12045,8 +11971,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 28, "fields": { @@ -12106,8 +12032,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12116,8 +12040,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 29, "fields": { @@ -12177,8 +12101,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12187,8 +12109,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 30, "fields": { @@ -12248,8 +12170,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12258,8 +12178,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 31, "fields": { @@ -12319,8 +12239,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12329,8 +12247,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 32, "fields": { @@ -12390,8 +12308,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12400,8 +12316,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 33, "fields": { @@ -12461,8 +12377,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12471,8 +12385,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 34, "fields": { @@ -12532,8 +12446,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12542,8 +12454,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 35, "fields": { @@ -12603,8 +12515,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12613,8 +12523,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 36, "fields": { @@ -12674,8 +12584,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12684,8 +12592,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 37, "fields": { @@ -12745,8 +12653,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12755,8 +12661,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 38, "fields": { @@ -12816,8 +12722,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12826,8 +12730,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 39, "fields": { @@ -12887,8 +12791,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12897,8 +12799,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 40, "fields": { @@ -12958,8 +12860,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -12968,8 +12868,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 41, "fields": { @@ -13029,8 +12929,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13039,8 +12937,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 42, "fields": { @@ -13100,8 +12998,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13110,8 +13006,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 43, "fields": { @@ -13171,8 +13067,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13181,8 +13075,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 44, "fields": { @@ -13242,8 +13136,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13252,8 +13144,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 45, "fields": { @@ -13313,8 +13205,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13323,8 +13213,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 46, "fields": { @@ -13384,8 +13274,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13394,8 +13282,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 47, "fields": { @@ -13455,8 +13343,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13465,8 +13351,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 48, "fields": { @@ -13526,8 +13412,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13536,8 +13420,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 49, "fields": { @@ -13597,8 +13481,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13607,8 +13489,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 50, "fields": { @@ -13668,8 +13550,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13678,8 +13558,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 51, "fields": { @@ -13739,8 +13619,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13749,8 +13627,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 52, "fields": { @@ -13810,8 +13688,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13820,8 +13696,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 53, "fields": { @@ -13881,8 +13757,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13891,8 +13765,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 54, "fields": { @@ -13952,8 +13826,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -13962,8 +13834,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 55, "fields": { @@ -14023,8 +13895,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14033,8 +13903,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 56, "fields": { @@ -14094,8 +13964,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14104,8 +13972,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 57, "fields": { @@ -14165,8 +14033,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14175,8 +14041,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 58, "fields": { @@ -14236,8 +14102,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14246,8 +14110,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 59, "fields": { @@ -14307,8 +14171,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14317,8 +14179,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 60, "fields": { @@ -14378,8 +14240,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14388,8 +14248,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 61, "fields": { @@ -14449,8 +14309,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14459,8 +14317,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 62, "fields": { @@ -14520,8 +14378,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14530,8 +14386,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 63, "fields": { @@ -14591,8 +14447,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14601,8 +14455,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 64, "fields": { @@ -14662,8 +14516,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14672,8 +14524,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 65, "fields": { @@ -14733,8 +14585,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14743,8 +14593,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 66, "fields": { @@ -14804,8 +14654,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14814,8 +14662,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 67, "fields": { @@ -14875,8 +14723,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14885,8 +14731,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 68, "fields": { @@ -14946,8 +14792,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -14956,8 +14800,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 69, "fields": { @@ -15017,8 +14861,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15027,8 +14869,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 70, "fields": { @@ -15088,8 +14930,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15098,8 +14938,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 71, "fields": { @@ -15159,8 +14999,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15169,8 +15007,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 72, "fields": { @@ -15230,8 +15068,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15240,8 +15076,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 73, "fields": { @@ -15301,8 +15137,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15311,8 +15145,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 74, "fields": { @@ -15372,8 +15206,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15382,8 +15214,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 75, "fields": { @@ -15443,8 +15275,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15453,8 +15283,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 76, "fields": { @@ -15514,8 +15344,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15524,8 +15352,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 77, "fields": { @@ -15585,8 +15413,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15595,8 +15421,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 78, "fields": { @@ -15656,8 +15482,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15666,8 +15490,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 79, "fields": { @@ -15727,8 +15551,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15737,8 +15559,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 80, "fields": { @@ -15798,8 +15620,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15808,8 +15628,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 81, "fields": { @@ -15869,8 +15689,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15879,8 +15697,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 82, "fields": { @@ -15940,8 +15758,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -15950,8 +15766,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 83, "fields": { @@ -16011,8 +15827,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16021,8 +15835,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 84, "fields": { @@ -16082,8 +15896,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16092,8 +15904,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 85, "fields": { @@ -16153,8 +15965,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16163,8 +15973,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 86, "fields": { @@ -16224,8 +16034,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16234,8 +16042,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 87, "fields": { @@ -16295,8 +16103,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16305,8 +16111,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 88, "fields": { @@ -16366,8 +16172,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16376,8 +16180,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 89, "fields": { @@ -16437,8 +16241,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16447,8 +16249,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 90, "fields": { @@ -16508,8 +16310,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16518,8 +16318,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 91, "fields": { @@ -16579,8 +16379,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16589,8 +16387,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 92, "fields": { @@ -16650,8 +16448,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16660,8 +16456,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 93, "fields": { @@ -16721,8 +16517,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16731,8 +16525,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 94, "fields": { @@ -16792,8 +16586,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16802,8 +16594,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 95, "fields": { @@ -16863,8 +16655,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16873,8 +16663,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 96, "fields": { @@ -16934,8 +16724,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -16944,8 +16732,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 97, "fields": { @@ -17005,8 +16793,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17015,8 +16801,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 98, "fields": { @@ -17076,8 +16862,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17086,8 +16870,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 99, "fields": { @@ -17147,8 +16931,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17157,8 +16939,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 100, "fields": { @@ -17218,8 +17000,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17228,8 +17008,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 101, "fields": { @@ -17289,8 +17069,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17299,8 +17077,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 102, "fields": { @@ -17360,8 +17138,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17370,8 +17146,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 103, "fields": { @@ -17431,8 +17207,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17441,8 +17215,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 104, "fields": { @@ -17502,8 +17276,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17512,8 +17284,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 105, "fields": { @@ -17573,8 +17345,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17583,8 +17353,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 106, "fields": { @@ -17644,8 +17414,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17654,8 +17422,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 107, "fields": { @@ -17715,8 +17483,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17725,8 +17491,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 108, "fields": { @@ -17786,8 +17552,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17796,8 +17560,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 109, "fields": { @@ -17857,8 +17621,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17867,8 +17629,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 110, "fields": { @@ -17928,8 +17690,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -17938,8 +17698,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 111, "fields": { @@ -17999,8 +17759,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18009,8 +17767,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 112, "fields": { @@ -18070,8 +17828,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18080,8 +17836,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 113, "fields": { @@ -18141,8 +17897,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18151,8 +17905,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 114, "fields": { @@ -18212,8 +17966,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18222,8 +17974,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 115, "fields": { @@ -18283,8 +18035,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18293,8 +18043,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 116, "fields": { @@ -18354,8 +18104,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18364,8 +18112,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 117, "fields": { @@ -18425,8 +18173,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18435,8 +18181,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 118, "fields": { @@ -18496,8 +18242,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18506,8 +18250,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 119, "fields": { @@ -18567,8 +18311,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18577,8 +18319,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 120, "fields": { @@ -18638,8 +18380,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18648,8 +18388,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 121, "fields": { @@ -18709,8 +18449,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18719,8 +18457,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 122, "fields": { @@ -18780,8 +18518,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18790,8 +18526,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 123, "fields": { @@ -18851,8 +18587,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18861,8 +18595,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 124, "fields": { @@ -18922,8 +18656,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -18932,8 +18664,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 125, "fields": { @@ -18993,8 +18725,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19003,8 +18733,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 126, "fields": { @@ -19064,8 +18794,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19074,8 +18802,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 127, "fields": { @@ -19135,8 +18863,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19145,8 +18871,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 128, "fields": { @@ -19206,8 +18932,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19216,8 +18940,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 129, "fields": { @@ -19277,8 +19001,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19287,8 +19009,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 130, "fields": { @@ -19348,8 +19070,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19358,8 +19078,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 131, "fields": { @@ -19419,8 +19139,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19429,8 +19147,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 132, "fields": { @@ -19490,8 +19208,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19500,8 +19216,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 133, "fields": { @@ -19561,8 +19277,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19571,8 +19285,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 134, "fields": { @@ -19632,8 +19346,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19642,8 +19354,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 135, "fields": { @@ -19703,8 +19415,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19713,8 +19423,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 136, "fields": { @@ -19774,8 +19484,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19784,8 +19492,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 137, "fields": { @@ -19845,8 +19553,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19855,8 +19561,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 138, "fields": { @@ -19916,8 +19622,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19926,8 +19630,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 139, "fields": { @@ -19987,8 +19691,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -19997,8 +19699,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 140, "fields": { @@ -20058,8 +19760,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20068,8 +19768,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 141, "fields": { @@ -20129,8 +19829,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20139,8 +19837,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 142, "fields": { @@ -20200,8 +19898,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20210,8 +19906,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 143, "fields": { @@ -20271,8 +19967,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20281,8 +19975,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 144, "fields": { @@ -20342,8 +20036,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20352,8 +20044,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 145, "fields": { @@ -20413,8 +20105,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20423,8 +20113,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 146, "fields": { @@ -20484,8 +20174,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20494,8 +20182,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 147, "fields": { @@ -20555,8 +20243,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20565,8 +20251,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 148, "fields": { @@ -20626,8 +20312,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20636,8 +20320,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 149, "fields": { @@ -20697,8 +20381,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20707,8 +20389,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 150, "fields": { @@ -20768,8 +20450,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20778,8 +20458,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 151, "fields": { @@ -20839,8 +20519,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20849,8 +20527,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 152, "fields": { @@ -20910,8 +20588,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20920,8 +20596,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 153, "fields": { @@ -20981,8 +20657,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -20991,8 +20665,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 154, "fields": { @@ -21052,8 +20726,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21062,8 +20734,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 155, "fields": { @@ -21123,8 +20795,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21133,8 +20803,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 156, "fields": { @@ -21194,8 +20864,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21204,8 +20872,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 157, "fields": { @@ -21265,8 +20933,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21275,8 +20941,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 158, "fields": { @@ -21336,8 +21002,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21346,8 +21010,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 159, "fields": { @@ -21407,8 +21071,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21417,8 +21079,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 160, "fields": { @@ -21478,8 +21140,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21488,8 +21148,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 161, "fields": { @@ -21549,8 +21209,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21559,8 +21217,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 162, "fields": { @@ -21620,8 +21278,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21630,8 +21286,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 163, "fields": { @@ -21691,8 +21347,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21701,8 +21355,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 164, "fields": { @@ -21762,8 +21416,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21772,8 +21424,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 165, "fields": { @@ -21833,8 +21485,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21843,8 +21493,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 166, "fields": { @@ -21904,8 +21554,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21914,8 +21562,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 167, "fields": { @@ -21975,8 +21623,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -21985,8 +21631,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 168, "fields": { @@ -22046,8 +21692,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22056,8 +21700,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 169, "fields": { @@ -22117,8 +21761,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22127,8 +21769,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 170, "fields": { @@ -22188,8 +21830,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22198,8 +21838,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 171, "fields": { @@ -22259,8 +21899,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22269,8 +21907,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 172, "fields": { @@ -22330,8 +21968,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22340,8 +21976,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 173, "fields": { @@ -22401,8 +22037,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22411,8 +22045,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 174, "fields": { @@ -22472,8 +22106,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22482,8 +22114,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 175, "fields": { @@ -22543,8 +22175,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22553,8 +22183,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 176, "fields": { @@ -22614,8 +22244,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22624,8 +22252,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 177, "fields": { @@ -22685,8 +22313,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22695,8 +22321,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 178, "fields": { @@ -22756,8 +22382,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22766,8 +22390,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 179, "fields": { @@ -22827,8 +22451,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22837,8 +22459,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 180, "fields": { @@ -22898,8 +22520,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22908,8 +22528,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 181, "fields": { @@ -22969,8 +22589,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -22979,8 +22597,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 182, "fields": { @@ -23040,8 +22658,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23050,8 +22666,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 183, "fields": { @@ -23111,8 +22727,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23121,8 +22735,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 184, "fields": { @@ -23182,8 +22796,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23192,8 +22804,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 185, "fields": { @@ -23253,8 +22865,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23263,8 +22873,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 186, "fields": { @@ -23324,8 +22934,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23334,8 +22942,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 187, "fields": { @@ -23395,8 +23003,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23405,8 +23011,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 188, "fields": { @@ -23466,8 +23072,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23476,8 +23080,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 189, "fields": { @@ -23537,8 +23141,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23547,8 +23149,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 190, "fields": { @@ -23608,8 +23210,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23618,8 +23218,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 191, "fields": { @@ -23679,8 +23279,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23689,8 +23287,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 192, "fields": { @@ -23750,8 +23348,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23760,8 +23356,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 193, "fields": { @@ -23821,8 +23417,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23831,8 +23425,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 194, "fields": { @@ -23892,8 +23486,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23902,8 +23494,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 195, "fields": { @@ -23963,8 +23555,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -23973,8 +23563,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 196, "fields": { @@ -24034,8 +23624,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24044,8 +23632,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 197, "fields": { @@ -24105,8 +23693,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24115,8 +23701,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 198, "fields": { @@ -24176,8 +23762,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24186,8 +23770,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 199, "fields": { @@ -24247,8 +23831,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24257,8 +23839,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 200, "fields": { @@ -24318,8 +23900,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24328,8 +23908,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 201, "fields": { @@ -24389,8 +23969,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24399,8 +23977,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 202, "fields": { @@ -24460,8 +24038,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24470,8 +24046,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 203, "fields": { @@ -24531,8 +24107,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24541,8 +24115,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 204, "fields": { @@ -24602,8 +24176,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24612,8 +24184,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 205, "fields": { @@ -24673,8 +24245,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24683,8 +24253,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 206, "fields": { @@ -24744,8 +24314,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24754,8 +24322,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 207, "fields": { @@ -24815,8 +24383,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24825,8 +24391,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 208, "fields": { @@ -24886,8 +24452,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24896,8 +24460,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 209, "fields": { @@ -24957,8 +24521,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -24967,8 +24529,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 210, "fields": { @@ -25028,8 +24590,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25038,8 +24598,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 211, "fields": { @@ -25099,8 +24659,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25109,8 +24667,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 212, "fields": { @@ -25170,8 +24728,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25180,8 +24736,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 213, "fields": { @@ -25241,8 +24797,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25251,8 +24805,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 214, "fields": { @@ -25312,8 +24866,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25322,8 +24874,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 215, "fields": { @@ -25383,8 +24935,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25393,8 +24943,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 216, "fields": { @@ -25454,8 +25004,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25464,8 +25012,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 217, "fields": { @@ -25525,8 +25073,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25535,8 +25081,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 218, "fields": { @@ -25596,8 +25142,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25606,8 +25150,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 219, "fields": { @@ -25667,8 +25211,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25677,8 +25219,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 220, "fields": { @@ -25738,8 +25280,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25748,8 +25288,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 221, "fields": { @@ -25809,8 +25349,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25819,8 +25357,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 222, "fields": { @@ -25880,8 +25418,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25890,8 +25426,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 223, "fields": { @@ -25951,8 +25487,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -25961,8 +25495,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 224, "fields": { @@ -26022,8 +25556,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26032,8 +25564,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 225, "fields": { @@ -26093,8 +25625,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26103,8 +25633,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 226, "fields": { @@ -26164,8 +25694,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26174,8 +25702,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 227, "fields": { @@ -26235,8 +25763,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26245,8 +25771,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 228, "fields": { @@ -26306,8 +25832,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26316,8 +25840,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 229, "fields": { @@ -26377,8 +25901,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26387,8 +25909,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 230, "fields": { @@ -26448,8 +25970,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26458,8 +25978,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 231, "fields": { @@ -26519,8 +26039,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26529,8 +26047,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 232, "fields": { @@ -26590,8 +26108,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26600,8 +26116,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 233, "fields": { @@ -26661,8 +26177,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26671,8 +26185,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 234, "fields": { @@ -26732,8 +26246,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26742,8 +26254,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 235, "fields": { @@ -26803,8 +26315,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26813,8 +26323,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 236, "fields": { @@ -26874,8 +26384,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26884,8 +26392,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 237, "fields": { @@ -26945,8 +26453,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -26955,8 +26461,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 238, "fields": { @@ -27016,8 +26522,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27026,8 +26530,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 239, "fields": { @@ -27087,8 +26591,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27097,8 +26599,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 240, "fields": { @@ -27158,8 +26660,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27168,8 +26668,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 241, "fields": { @@ -27229,8 +26729,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27239,8 +26737,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 242, "fields": { @@ -27300,8 +26798,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27310,8 +26806,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 243, "fields": { @@ -27371,8 +26867,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27381,8 +26875,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 244, "fields": { @@ -27442,8 +26936,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27452,8 +26944,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 245, "fields": { @@ -27513,8 +27005,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27523,8 +27013,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 246, "fields": { @@ -27584,8 +27074,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27594,8 +27082,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 247, "fields": { @@ -27655,8 +27143,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27665,8 +27151,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 248, "fields": { @@ -27726,8 +27212,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27736,8 +27220,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 249, "fields": { @@ -27797,8 +27281,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27807,8 +27289,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 250, "fields": { @@ -27868,8 +27350,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27878,8 +27358,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 251, "fields": { @@ -27939,8 +27419,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -27949,8 +27427,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 252, "fields": { @@ -28010,8 +27488,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28020,8 +27496,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 253, "fields": { @@ -28081,8 +27557,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28091,8 +27565,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 254, "fields": { @@ -28152,8 +27626,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28162,8 +27634,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 255, "fields": { @@ -28223,8 +27695,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28233,8 +27703,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 256, "fields": { @@ -28294,8 +27764,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28304,8 +27772,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 257, "fields": { @@ -28365,8 +27833,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28375,8 +27841,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 258, "fields": { @@ -28436,8 +27902,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28446,8 +27910,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 259, "fields": { @@ -28507,8 +27971,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28517,8 +27979,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 260, "fields": { @@ -28578,8 +28040,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28588,8 +28048,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 261, "fields": { @@ -28649,8 +28109,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28659,8 +28117,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 262, "fields": { @@ -28720,8 +28178,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28730,8 +28186,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 263, "fields": { @@ -28791,8 +28247,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28801,8 +28255,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 264, "fields": { @@ -28862,8 +28316,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28872,8 +28324,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 265, "fields": { @@ -28933,8 +28385,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -28943,8 +28393,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 266, "fields": { @@ -29004,8 +28454,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29014,8 +28462,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 267, "fields": { @@ -29075,8 +28523,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29085,8 +28531,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 268, "fields": { @@ -29146,8 +28592,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29156,8 +28600,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 269, "fields": { @@ -29217,8 +28661,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29227,8 +28669,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 270, "fields": { @@ -29288,8 +28730,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29298,8 +28738,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 271, "fields": { @@ -29359,8 +28799,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29369,8 +28807,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 272, "fields": { @@ -29430,8 +28868,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29440,8 +28876,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 273, "fields": { @@ -29501,8 +28937,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29511,8 +28945,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 274, "fields": { @@ -29572,8 +29006,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29582,8 +29014,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 275, "fields": { @@ -29643,8 +29075,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29653,8 +29083,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 276, "fields": { @@ -29714,8 +29144,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29724,8 +29152,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 277, "fields": { @@ -29785,8 +29213,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29795,8 +29221,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 278, "fields": { @@ -29856,8 +29282,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29866,8 +29290,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 279, "fields": { @@ -29927,8 +29351,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -29937,8 +29359,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 280, "fields": { @@ -29998,8 +29420,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30008,8 +29428,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 281, "fields": { @@ -30069,8 +29489,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30079,8 +29497,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 282, "fields": { @@ -30140,8 +29558,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30150,8 +29566,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 283, "fields": { @@ -30211,8 +29627,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30221,8 +29635,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 284, "fields": { @@ -30282,8 +29696,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30292,8 +29704,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 285, "fields": { @@ -30353,8 +29765,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30363,8 +29773,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 286, "fields": { @@ -30424,8 +29834,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30434,8 +29842,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 287, "fields": { @@ -30495,8 +29903,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30505,8 +29911,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 288, "fields": { @@ -30566,8 +29972,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30576,8 +29980,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 289, "fields": { @@ -30637,8 +30041,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30647,8 +30049,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 290, "fields": { @@ -30708,8 +30110,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30718,8 +30118,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 291, "fields": { @@ -30779,8 +30179,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30789,8 +30187,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 292, "fields": { @@ -30850,8 +30248,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30860,8 +30256,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 293, "fields": { @@ -30921,8 +30317,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -30931,8 +30325,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 294, "fields": { @@ -30992,8 +30386,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31002,8 +30394,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 295, "fields": { @@ -31063,8 +30455,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31073,8 +30463,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 296, "fields": { @@ -31134,8 +30524,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31144,8 +30532,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 297, "fields": { @@ -31205,8 +30593,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31215,8 +30601,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 298, "fields": { @@ -31276,8 +30662,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31286,8 +30670,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 299, "fields": { @@ -31347,8 +30731,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31357,8 +30739,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 300, "fields": { @@ -31418,13 +30800,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4, - 7, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31433,8 +30808,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 301, "fields": { @@ -31494,25 +30869,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18, - 8, - 12, - 11, - 10, - 9, - 13, - 14, - 4, - 19, - 7, - 15, - 6, - 16, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31521,8 +30877,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 302, "fields": { @@ -31582,12 +30938,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 6, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31596,8 +30946,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 303, "fields": { @@ -31657,11 +31007,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31670,8 +31015,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 304, "fields": { @@ -31731,11 +31076,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31744,8 +31084,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 305, "fields": { @@ -31805,18 +31145,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 8, - 12, - 11, - 10, - 9, - 15, - 6, - 16 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31825,8 +31153,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 306, "fields": { @@ -31886,11 +31214,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31899,8 +31222,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 307, "fields": { @@ -31960,13 +31283,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 9, - 4, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -31975,8 +31291,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 308, "fields": { @@ -32036,25 +31352,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18, - 8, - 12, - 11, - 10, - 9, - 13, - 14, - 4, - 19, - 7, - 15, - 6, - 16, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32063,8 +31360,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 309, "fields": { @@ -32124,13 +31421,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4, - 7, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32139,8 +31429,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 310, "fields": { @@ -32200,8 +31490,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32210,8 +31498,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 311, "fields": { @@ -32271,8 +31559,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32281,8 +31567,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 312, "fields": { @@ -32342,8 +31628,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32352,8 +31636,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 313, "fields": { @@ -32413,8 +31697,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32423,8 +31705,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 314, "fields": { @@ -32484,8 +31766,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32494,8 +31774,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 315, "fields": { @@ -32555,8 +31835,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32565,8 +31843,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 316, "fields": { @@ -32626,8 +31904,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32636,8 +31912,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 317, "fields": { @@ -32697,8 +31973,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32707,8 +31981,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 318, "fields": { @@ -32768,8 +32042,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32778,8 +32050,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 319, "fields": { @@ -32839,8 +32111,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32849,8 +32119,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 320, "fields": { @@ -32910,8 +32180,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32920,8 +32188,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 321, "fields": { @@ -32981,8 +32249,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -32991,8 +32257,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 322, "fields": { @@ -33052,8 +32318,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33062,8 +32326,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 323, "fields": { @@ -33123,8 +32387,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33133,8 +32395,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 324, "fields": { @@ -33194,8 +32456,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33204,8 +32464,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 325, "fields": { @@ -33265,8 +32525,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33275,8 +32533,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 326, "fields": { @@ -33336,8 +32594,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33346,8 +32602,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 327, "fields": { @@ -33407,8 +32663,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33417,8 +32671,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 328, "fields": { @@ -33478,8 +32732,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33488,8 +32740,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 329, "fields": { @@ -33549,8 +32801,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33559,8 +32809,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 330, "fields": { @@ -33620,8 +32870,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33630,8 +32878,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 331, "fields": { @@ -33691,8 +32939,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33701,8 +32947,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 332, "fields": { @@ -33762,8 +33008,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33772,8 +33016,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 333, "fields": { @@ -33833,8 +33077,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33843,8 +33085,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 334, "fields": { @@ -33904,8 +33146,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33914,8 +33154,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 335, "fields": { @@ -33975,8 +33215,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -33985,8 +33223,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 336, "fields": { @@ -34046,8 +33284,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34056,8 +33292,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 337, "fields": { @@ -34117,8 +33353,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34127,8 +33361,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 338, "fields": { @@ -34188,13 +33422,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4, - 7, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34203,8 +33430,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 339, "fields": { @@ -34264,25 +33491,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18, - 8, - 12, - 11, - 10, - 9, - 13, - 14, - 4, - 19, - 7, - 15, - 6, - 16, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34291,8 +33499,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 340, "fields": { @@ -34352,12 +33560,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 6, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34366,8 +33568,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 341, "fields": { @@ -34427,11 +33629,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34440,8 +33637,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 342, "fields": { @@ -34501,11 +33698,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34514,8 +33706,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 343, "fields": { @@ -34575,18 +33767,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 8, - 12, - 11, - 10, - 9, - 15, - 6, - 16 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34595,8 +33775,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 344, "fields": { @@ -34656,11 +33836,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34669,8 +33844,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 345, "fields": { @@ -34730,13 +33905,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 9, - 4, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34745,8 +33913,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 346, "fields": { @@ -34806,25 +33974,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 18, - 8, - 12, - 11, - 10, - 9, - 13, - 14, - 4, - 19, - 7, - 15, - 6, - 16, - 17 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34833,8 +33982,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.finding", "pk": 347, "fields": { @@ -34894,13 +34043,6 @@ "sast_source_file_path": null, "nb_occurences": null, "publish_date": null, - "endpoints": [ - 5, - 4, - 7, - 6 - ], - "endpoint_status": [], "reviewers": [], "notes": [], "files": [], @@ -34909,8 +34051,8 @@ ], "tags": [] } -}, -{ + }, + { "model": "dojo.stub_finding", "pk": 2, "fields": { @@ -34921,8 +34063,8 @@ "test": 3, "reporter": 1 } -}, -{ + }, + { "model": "dojo.stub_finding", "pk": 3, "fields": { @@ -34933,8 +34075,8 @@ "test": 14, "reporter": 1 } -}, -{ + }, + { "model": "dojo.stub_finding", "pk": 4, "fields": { @@ -34945,8 +34087,8 @@ "test": 13, "reporter": 1 } -}, -{ + }, + { "model": "dojo.finding_template", "pk": 1, "fields": { @@ -34965,8 +34107,8 @@ "template_match_title": false, "tags": [] } -}, -{ + }, + { "model": "dojo.finding_template", "pk": 2, "fields": { @@ -34985,8 +34127,8 @@ "template_match_title": false, "tags": [] } -}, -{ + }, + { "model": "dojo.finding_template", "pk": 3, "fields": { @@ -35005,8 +34147,8 @@ "template_match_title": false, "tags": [] } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 1, "fields": { @@ -35014,8 +34156,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 2, "fields": { @@ -35023,8 +34165,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 3, "fields": { @@ -35032,8 +34174,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 4, "fields": { @@ -35041,8 +34183,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 5, "fields": { @@ -35050,8 +34192,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 6, "fields": { @@ -35059,8 +34201,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 7, "fields": { @@ -35068,8 +34210,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 8, "fields": { @@ -35077,8 +34219,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 9, "fields": { @@ -35086,8 +34228,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 10, "fields": { @@ -35095,8 +34237,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 11, "fields": { @@ -35104,8 +34246,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 12, "fields": { @@ -35113,8 +34255,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 13, "fields": { @@ -35122,8 +34264,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 14, "fields": { @@ -35131,8 +34273,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 15, "fields": { @@ -35140,8 +34282,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 16, "fields": { @@ -35149,8 +34291,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 17, "fields": { @@ -35158,8 +34300,8 @@ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 18, "fields": { @@ -35167,8 +34309,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 19, "fields": { @@ -35176,8 +34318,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 20, "fields": { @@ -35185,8 +34327,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 21, "fields": { @@ -35194,8 +34336,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 22, "fields": { @@ -35203,8 +34345,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 23, "fields": { @@ -35212,8 +34354,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 24, "fields": { @@ -35221,8 +34363,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 25, "fields": { @@ -35230,8 +34372,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 26, "fields": { @@ -35239,8 +34381,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 27, "fields": { @@ -35248,8 +34390,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 28, "fields": { @@ -35257,8 +34399,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 29, "fields": { @@ -35266,8 +34408,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 30, "fields": { @@ -35275,8 +34417,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 31, "fields": { @@ -35284,8 +34426,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 32, "fields": { @@ -35293,8 +34435,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 33, "fields": { @@ -35302,8 +34444,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 34, "fields": { @@ -35311,8 +34453,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 35, "fields": { @@ -35320,8 +34462,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 36, "fields": { @@ -35329,8 +34471,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 37, "fields": { @@ -35338,8 +34480,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 38, "fields": { @@ -35347,8 +34489,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 39, "fields": { @@ -35356,8 +34498,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 40, "fields": { @@ -35365,8 +34507,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 41, "fields": { @@ -35374,8 +34516,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 42, "fields": { @@ -35383,8 +34525,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 43, "fields": { @@ -35392,8 +34534,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 44, "fields": { @@ -35401,8 +34543,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 45, "fields": { @@ -35410,8 +34552,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 46, "fields": { @@ -35419,8 +34561,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 47, "fields": { @@ -35428,8 +34570,8 @@ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 48, "fields": { @@ -35437,8 +34579,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 49, "fields": { @@ -35446,8 +34588,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 50, "fields": { @@ -35455,8 +34597,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 51, "fields": { @@ -35464,8 +34606,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 52, "fields": { @@ -35473,8 +34615,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 53, "fields": { @@ -35482,8 +34624,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 54, "fields": { @@ -35491,8 +34633,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 55, "fields": { @@ -35500,8 +34642,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 56, "fields": { @@ -35509,8 +34651,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 57, "fields": { @@ -35518,8 +34660,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 58, "fields": { @@ -35527,8 +34669,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 59, "fields": { @@ -35536,8 +34678,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 60, "fields": { @@ -35545,8 +34687,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 61, "fields": { @@ -35554,8 +34696,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 62, "fields": { @@ -35563,8 +34705,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 63, "fields": { @@ -35572,8 +34714,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 64, "fields": { @@ -35581,8 +34723,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 65, "fields": { @@ -35590,8 +34732,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 66, "fields": { @@ -35599,8 +34741,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 67, "fields": { @@ -35608,8 +34750,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 68, "fields": { @@ -35617,8 +34759,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 69, "fields": { @@ -35626,8 +34768,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 70, "fields": { @@ -35635,8 +34777,8 @@ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 71, "fields": { @@ -35644,8 +34786,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 72, "fields": { @@ -35653,8 +34795,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 73, "fields": { @@ -35662,8 +34804,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 74, "fields": { @@ -35671,8 +34813,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 75, "fields": { @@ -35680,8 +34822,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 76, "fields": { @@ -35689,8 +34831,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 77, "fields": { @@ -35698,8 +34840,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 78, "fields": { @@ -35707,8 +34849,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 79, "fields": { @@ -35716,8 +34858,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 80, "fields": { @@ -35725,8 +34867,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 81, "fields": { @@ -35734,8 +34876,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 82, "fields": { @@ -35743,8 +34885,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 83, "fields": { @@ -35752,8 +34894,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 84, "fields": { @@ -35761,8 +34903,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 85, "fields": { @@ -35770,8 +34912,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 86, "fields": { @@ -35779,8 +34921,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 87, "fields": { @@ -35788,8 +34930,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 88, "fields": { @@ -35797,8 +34939,8 @@ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 89, "fields": { @@ -35806,8 +34948,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 90, "fields": { @@ -35815,8 +34957,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 91, "fields": { @@ -35824,8 +34966,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 92, "fields": { @@ -35833,8 +34975,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 93, "fields": { @@ -35842,8 +34984,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 94, "fields": { @@ -35851,8 +34993,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 95, "fields": { @@ -35860,8 +35002,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 96, "fields": { @@ -35869,8 +35011,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 97, "fields": { @@ -35878,8 +35020,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 98, "fields": { @@ -35887,8 +35029,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 99, "fields": { @@ -35896,8 +35038,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 100, "fields": { @@ -35905,8 +35047,8 @@ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 101, "fields": { @@ -35914,8 +35056,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 102, "fields": { @@ -35923,8 +35065,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 103, "fields": { @@ -35932,8 +35074,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 104, "fields": { @@ -35941,8 +35083,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 105, "fields": { @@ -35950,8 +35092,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" } -}, -{ + }, + { "model": "dojo.burprawrequestresponse", "pk": 106, "fields": { @@ -35959,8 +35101,8 @@ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" } -}, -{ + }, + { "model": "dojo.risk_acceptance", "pk": 1, "fields": { @@ -35984,8 +35126,8 @@ ], "notes": [] } -}, -{ + }, + { "model": "dojo.jira_instance", "pk": 2, "fields": { @@ -36008,8 +35150,8 @@ "false_positive_mapping_resolution": null, "global_jira_sla_notification": false } -}, -{ + }, + { "model": "dojo.jira_instance", "pk": 3, "fields": { @@ -36032,8 +35174,8 @@ "false_positive_mapping_resolution": null, "global_jira_sla_notification": false } -}, -{ + }, + { "model": "dojo.jira_instance", "pk": 4, "fields": { @@ -36056,8 +35198,8 @@ "false_positive_mapping_resolution": null, "global_jira_sla_notification": false } -}, -{ + }, + { "model": "dojo.jira_project", "pk": 1, "fields": { @@ -36073,8 +35215,8 @@ "product_jira_sla_notification": false, "risk_acceptance_expiration_notification": false } -}, -{ + }, + { "model": "dojo.jira_project", "pk": 2, "fields": { @@ -36090,8 +35232,8 @@ "product_jira_sla_notification": false, "risk_acceptance_expiration_notification": false } -}, -{ + }, + { "model": "dojo.jira_project", "pk": 3, "fields": { @@ -36107,8 +35249,8 @@ "product_jira_sla_notification": false, "risk_acceptance_expiration_notification": false } -}, -{ + }, + { "model": "dojo.jira_issue", "pk": 2, "fields": { @@ -36121,8 +35263,8 @@ "jira_creation": null, "jira_change": null } -}, -{ + }, + { "model": "dojo.jira_issue", "pk": 3, "fields": { @@ -36135,8 +35277,8 @@ "jira_creation": null, "jira_change": null } -}, -{ + }, + { "model": "dojo.tool_product_settings", "pk": 1, "fields": { @@ -36148,8 +35290,8 @@ "tool_project_id": "1", "notes": [] } -}, -{ + }, + { "model": "dojo.tool_product_settings", "pk": 2, "fields": { @@ -36161,8 +35303,8 @@ "tool_project_id": "2", "notes": [] } -}, -{ + }, + { "model": "dojo.tool_product_settings", "pk": 3, "fields": { @@ -36174,8 +35316,8 @@ "tool_project_id": "3", "notes": [] } -}, -{ + }, + { "model": "dojo.alerts", "pk": 1, "fields": { @@ -36187,8 +35329,8 @@ "user_id": null, "created": "2018-08-16T16:38:51.142Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 2, "fields": { @@ -36200,8 +35342,8 @@ "user_id": 1, "created": "2018-08-16T16:38:51.157Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 3, "fields": { @@ -36213,8 +35355,8 @@ "user_id": null, "created": "2018-08-16T17:00:20.151Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 4, "fields": { @@ -36226,8 +35368,8 @@ "user_id": 1, "created": "2018-08-16T17:00:20.164Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 5, "fields": { @@ -36239,8 +35381,8 @@ "user_id": null, "created": "2018-08-16T17:03:19.876Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 6, "fields": { @@ -36252,8 +35394,8 @@ "user_id": 1, "created": "2018-08-16T17:03:19.886Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 7, "fields": { @@ -36265,8 +35407,8 @@ "user_id": null, "created": "2018-08-16T17:03:36.803Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 8, "fields": { @@ -36278,8 +35420,8 @@ "user_id": 1, "created": "2018-08-16T17:03:36.816Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 9, "fields": { @@ -36291,8 +35433,8 @@ "user_id": null, "created": "2018-08-16T17:20:41.597Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 10, "fields": { @@ -36304,8 +35446,8 @@ "user_id": 1, "created": "2018-08-16T17:20:41.607Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 11, "fields": { @@ -36317,8 +35459,8 @@ "user_id": null, "created": "2018-08-16T17:20:59.574Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 12, "fields": { @@ -36330,8 +35472,8 @@ "user_id": 1, "created": "2018-08-16T17:20:59.584Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 13, "fields": { @@ -36343,8 +35485,8 @@ "user_id": null, "created": "2018-08-16T17:21:13.891Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 14, "fields": { @@ -36356,8 +35498,8 @@ "user_id": 1, "created": "2018-08-16T17:21:13.903Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 15, "fields": { @@ -36369,8 +35511,8 @@ "user_id": null, "created": "2018-08-16T17:21:32.201Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 16, "fields": { @@ -36382,8 +35524,8 @@ "user_id": 1, "created": "2018-08-16T17:21:32.216Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 17, "fields": { @@ -36395,8 +35537,8 @@ "user_id": null, "created": "2018-08-16T17:21:52.296Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 18, "fields": { @@ -36408,8 +35550,8 @@ "user_id": 1, "created": "2018-08-16T17:21:52.308Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 19, "fields": { @@ -36421,8 +35563,8 @@ "user_id": null, "created": "2018-08-17T14:22:26.775Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 20, "fields": { @@ -36434,8 +35576,8 @@ "user_id": 1, "created": "2018-08-17T14:22:26.784Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 21, "fields": { @@ -36447,8 +35589,8 @@ "user_id": null, "created": "2018-08-17T14:24:00.337Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 22, "fields": { @@ -36460,8 +35602,8 @@ "user_id": 1, "created": "2018-08-17T14:24:00.345Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 23, "fields": { @@ -36473,8 +35615,8 @@ "user_id": null, "created": "2018-08-17T14:25:11.195Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 24, "fields": { @@ -36486,8 +35628,8 @@ "user_id": 1, "created": "2018-08-17T14:25:11.205Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 25, "fields": { @@ -36499,8 +35641,8 @@ "user_id": null, "created": "2018-08-17T14:32:02.353Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 26, "fields": { @@ -36512,8 +35654,8 @@ "user_id": 1, "created": "2018-08-17T14:32:02.362Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 27, "fields": { @@ -36525,8 +35667,8 @@ "user_id": null, "created": "2018-08-17T14:32:14.448Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 28, "fields": { @@ -36538,8 +35680,8 @@ "user_id": 1, "created": "2018-08-17T14:32:14.456Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 29, "fields": { @@ -36551,8 +35693,8 @@ "user_id": null, "created": "2018-08-17T14:32:25.972Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 30, "fields": { @@ -36564,8 +35706,8 @@ "user_id": 1, "created": "2018-08-17T14:32:25.982Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 31, "fields": { @@ -36577,8 +35719,8 @@ "user_id": null, "created": "2018-08-17T14:44:16.610Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 32, "fields": { @@ -36590,8 +35732,8 @@ "user_id": 1, "created": "2018-08-17T14:44:16.618Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 33, "fields": { @@ -36603,8 +35745,8 @@ "user_id": null, "created": "2018-08-17T14:45:14.423Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 34, "fields": { @@ -36616,8 +35758,8 @@ "user_id": 1, "created": "2018-08-17T14:45:14.439Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 35, "fields": { @@ -36629,8 +35771,8 @@ "user_id": null, "created": "2018-08-17T18:20:59.600Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 36, "fields": { @@ -36642,8 +35784,8 @@ "user_id": 1, "created": "2018-08-17T18:20:59.609Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 37, "fields": { @@ -36655,8 +35797,8 @@ "user_id": null, "created": "2018-08-17T18:28:55.424Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 38, "fields": { @@ -36668,8 +35810,8 @@ "user_id": 1, "created": "2018-08-17T18:28:55.432Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 39, "fields": { @@ -36681,8 +35823,8 @@ "user_id": null, "created": "2018-08-17T18:30:38.607Z" } -}, -{ + }, + { "model": "dojo.alerts", "pk": 40, "fields": { @@ -36694,1808 +35836,1808 @@ "user_id": 1, "created": "2018-08-17T18:30:38.694Z" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 1, "fields": { "language": "ActionScript", "color": "#F2D7D5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 2, "fields": { "language": "Python", "color": "#006400" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 3, "fields": { "language": "Ruby", "color": "#cd5c5c" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 4, "fields": { "language": "ABAP", "color": "#F9EBEA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 5, "fields": { "language": "Ada", "color": "#E6B0AA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 6, "fields": { "language": "ADSO/IDSM", "color": "#D98880" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 7, "fields": { "language": "Agda", "color": "#CD6155" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 8, "fields": { "language": "AMPLE", "color": "#C0392B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 9, "fields": { "language": "Ant", "color": "#A93226" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 10, "fields": { "language": "ANTLR Grammar", "color": "#641E16" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 11, "fields": { "language": "Apex Trigger", "color": "#FDEDEC" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 12, "fields": { "language": "Arduino Sketch", "color": "#FADBD8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 13, "fields": { "language": "AsciiDoc", "color": "#F1948A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 14, "fields": { "language": "ASP", "color": "#E74C3C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 15, "fields": { "language": "ASP.NET", "color": "#CB4335" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 16, "fields": { "language": "AspectJ", "color": "#943126" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 17, "fields": { "language": "Assembly", "color": "#78281F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 18, "fields": { "language": "AutoHotkey", "color": "#F5EEF8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 19, "fields": { "language": "awk", "color": "#EBDEF0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 20, "fields": { "language": "Blade", "color": "#D7BDE2" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 21, "fields": { "language": "Bourne Again Shell", "color": "#C39BD3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 22, "fields": { "language": "Bourne Shell", "color": "#AF7AC5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 23, "fields": { "language": "BrightScript", "color": "#884EA0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 24, "fields": { "language": "C", "color": "#6C3483" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 25, "fields": { "language": "C Shell", "color": "#5B2C6F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 26, "fields": { "language": "C#", "color": "#4A235A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 27, "fields": { "language": "C++", "color": "#F4ECF7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 28, "fields": { "language": "C/C++ Header", "color": "#E8DAEF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 29, "fields": { "language": "CCS", "color": "#D2B4DE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 30, "fields": { "language": "Chapel", "color": "#BB8FCE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 31, "fields": { "language": "Clean", "color": "#8E44AD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 32, "fields": { "language": "Clojure", "color": "#7D3C98" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 33, "fields": { "language": "ClojureC", "color": "#7D3C98" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 34, "fields": { "language": "ClojureScript", "color": "#5B2C6F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 35, "fields": { "language": "CMake", "color": "#4A235A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 36, "fields": { "language": "COBOL", "color": "#EAF2F8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 37, "fields": { "language": "CoffeeScript", "color": "#D4E6F1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 38, "fields": { "language": "ColdFusion", "color": "#D6EAF8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 39, "fields": { "language": "ColdFusion CFScript", "color": "#A9CCE3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 40, "fields": { "language": "Coq", "color": "#7FB3D5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 41, "fields": { "language": "Crystal", "color": "#5499C7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 42, "fields": { "language": "CSON", "color": "#1A5276" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 43, "fields": { "language": "CSS", "color": "#EBF5FB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 44, "fields": { "language": "Cucumber", "color": "#D4E6F1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 45, "fields": { "language": "CUDA", "color": "#7FB3D5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 46, "fields": { "language": "Cython", "color": "#5499C7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 47, "fields": { "language": "D", "color": "#2980B9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 48, "fields": { "language": "DAL", "color": "#2471A3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 49, "fields": { "language": "Dart", "color": "#1A5276" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 50, "fields": { "language": "diff", "color": "#154360" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 51, "fields": { "language": "DITA", "color": "#EBF5FB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 52, "fields": { "language": "DOS Batch", "color": "#AED6F1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 53, "fields": { "language": "Drools", "color": "#85C1E9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 54, "fields": { "language": "DTD", "color": "#5DADE2" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 55, "fields": { "language": "dtrace", "color": "#2980B9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 56, "fields": { "language": "ECPP", "color": "#2471A3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 57, "fields": { "language": "EEx", "color": "#1F618D" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 58, "fields": { "language": "Elixir", "color": "#154360" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 59, "fields": { "language": "Elm", "color": "#EBF5FB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 60, "fields": { "language": "ERB", "color": "#D6EAF8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 61, "fields": { "language": "Erlang", "color": "#AED6F1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 62, "fields": { "language": "Expect", "color": "#85C1E9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 63, "fields": { "language": "F#", "color": "#5DADE2" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 64, "fields": { "language": "F# Script", "color": "#3498DB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 65, "fields": { "language": "Fish Shell", "color": "#2E86C1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 66, "fields": { "language": "Focus", "color": "#2874A6" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 67, "fields": { "language": "Forth", "color": "#1B4F72" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 68, "fields": { "language": "Fortran 77", "color": "#E8F8F5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 69, "fields": { "language": "Fortran 90", "color": "#D1F2EB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 70, "fields": { "language": "Freemarker Template", "color": "#" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 71, "fields": { "language": "GDScript", "color": "#A3E4D7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 72, "fields": { "language": "Gencat NLS", "color": "#76D7C4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 73, "fields": { "language": "Glade", "color": "#48C9B0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 74, "fields": { "language": "GLSL", "color": "#1ABC9C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 75, "fields": { "language": "Go", "color": "#17A589" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 76, "fields": { "language": "Grails", "color": "#148F77" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 77, "fields": { "language": "GraphQL", "color": "#117864" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 78, "fields": { "language": "Groovy", "color": "#0E6251" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 79, "fields": { "language": "Haml", "color": "#E8F6F3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 80, "fields": { "language": "Handlebars", "color": "#A3E4D7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 81, "fields": { "language": "Harbour", "color": "#76D7C4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 82, "fields": { "language": "Haskell", "color": "#48C9B0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 83, "fields": { "language": "Haxe", "color": "#1ABC9C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 84, "fields": { "language": "HCL", "color": "#17A589" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 85, "fields": { "language": "HLSL", "color": "#148F77" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 86, "fields": { "language": "HTML", "color": "#117864" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 87, "fields": { "language": "IDL", "color": "#0E6251" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 88, "fields": { "language": "Idris", "color": "#0B5345" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 89, "fields": { "language": "InstallShield", "color": "#D4EFDF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 90, "fields": { "language": "Java", "color": "#A9DFBF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 91, "fields": { "language": "JavaScript", "color": "#7DCEA0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 92, "fields": { "language": "JavaServer Faces", "color": "#52BE80" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 93, "fields": { "language": "JCL", "color": "#27AE60" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 94, "fields": { "language": "JSON", "color": "#229954" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 95, "fields": { "language": "JSP", "color": "#1E8449" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 97, "fields": { "language": "JSX", "color": "#196F3D" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 98, "fields": { "language": "Julia", "color": "#0B5345" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 99, "fields": { "language": "Kermit", "color": "#800000" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 100, "fields": { "language": "Korn Shell", "color": "#A52A2A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 101, "fields": { "language": "Kotlin", "color": "#A0522D" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 102, "fields": { "language": "Lean", "color": "#8B4513" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 103, "fields": { "language": "LESS", "color": "#D2691E" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 104, "fields": { "language": "lex", "color": "#CD853F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 105, "fields": { "language": "LFE", "color": "#DAA520" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 106, "fields": { "language": "liquid", "color": "#F4A460" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 107, "fields": { "language": "Lisp", "color": "#BC8F8F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 108, "fields": { "language": "Literate Idris", "color": "#D2B48C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 109, "fields": { "language": "LiveLink OScript", "color": "#DEB887" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 110, "fields": { "language": "Logtalk", "color": "#F5DEB3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 111, "fields": { "language": "Lua", "color": "#FFDEAD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 112, "fields": { "language": "m4", "color": "#FFE4C4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 113, "fields": { "language": "make", "color": "#FFEBCD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 114, "fields": { "language": "Mako", "color": "#FFF8DC" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 115, "fields": { "language": "Markdown", "color": "#2F4F4F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 116, "fields": { "language": "Mathematica", "color": "#708090" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 117, "fields": { "language": "MATLAB", "color": "#778899" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 118, "fields": { "language": "Maven", "color": "#696969" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 119, "fields": { "language": "Modula3", "color": "#808080" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 120, "fields": { "language": "MSBuild script", "color": "#A9A9A9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 121, "fields": { "language": "MUMPS", "color": "#FFE4E1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 122, "fields": { "language": "Mustache", "color": "#FFF0F5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 123, "fields": { "language": "MXML", "color": "#FAEBD7" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 124, "fields": { "language": "NAnt script", "color": "#FFFFF0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 125, "fields": { "language": "NASTRAN DMAP", "color": "#FFFAF0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 126, "fields": { "language": "Nemerle", "color": "#FDF5E6" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 127, "fields": { "language": "Nim", "color": "#F5F5DC" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 128, "fields": { "language": "Objective C", "color": "#cc00cc" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 129, "fields": { "language": "Objective C++", "color": "#ff9966" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 130, "fields": { "language": "OCaml", "color": "#F8F8FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 131, "fields": { "language": "OpenCL", "color": "#F0F8FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 132, "fields": { "language": "Oracle Forms", "color": "#F0FFFF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 133, "fields": { "language": "Oracle PL/SQL", "color": "#F5FFFA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 134, "fields": { "language": "Oracle Reports", "color": "#F0FFF0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 135, "fields": { "language": "Pascal", "color": "#FFFAFA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 136, "fields": { "language": "Pascal/Puppet", "color": "#C71585" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 137, "fields": { "language": "Patran Command Language", "color": "#DB7093" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 138, "fields": { "language": "Perl", "color": "#FF1493" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 139, "fields": { "language": "PHP", "color": "#FF69B4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 140, "fields": { "language": "PHP/Pascal", "color": "#FFB6C1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 141, "fields": { "language": "PL/I", "color": "#FFC0CB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 143, "fields": { "language": "PL/M", "color": "#4B0082" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 144, "fields": { "language": "PowerBuilder", "color": "#800080" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 145, "fields": { "language": "PowerShell", "color": "#8B008B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 146, "fields": { "language": "ProGuard", "color": "#9932CC" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 147, "fields": { "language": "Prolog", "color": "#9400D3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 148, "fields": { "language": "Protocol Buffers", "color": "#8A2BE2" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 149, "fields": { "language": "Pug", "color": "#9370DB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 150, "fields": { "language": "PureScript", "color": "#BA55D3" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 151, "fields": { "language": "QML", "color": "#FF00FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 152, "fields": { "language": "Qt", "color": "#FF00FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 153, "fields": { "language": "Qt Linguist", "color": "#DA70D6" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 154, "fields": { "language": "Qt Project", "color": "#EE82EE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 155, "fields": { "language": "R", "color": "#DDA0DD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 156, "fields": { "language": "Racket", "color": "#D8BFD8" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 157, "fields": { "language": "RAML", "color": "#E6E6FA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 158, "fields": { "language": "RapydScript", "color": "#483D8B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 159, "fields": { "language": "Razor", "color": "#6A5ACD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 160, "fields": { "language": "Rexx", "color": "#7B68EE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 161, "fields": { "language": "RobotFramework", "color": "#191970" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 162, "fields": { "language": "Ruby", "color": "#000080" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 163, "fields": { "language": "Ruby HTML", "color": "#00008B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 164, "fields": { "language": "Rust", "color": "#0000CD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 165, "fields": { "language": "SAS", "color": "#0000FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 166, "fields": { "language": "Sass", "color": "#4169E1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 167, "fields": { "language": "Scala", "color": "#4682B4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 168, "fields": { "language": "Scheme", "color": "#6495ED" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 169, "fields": { "language": "sed", "color": "#1E90FF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 170, "fields": { "language": "SKILL", "color": "#B0C4DE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 171, "fields": { "language": "SKILL++", "color": "#00BFFF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 172, "fields": { "language": "Skylark", "color": "#87CEEB" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 173, "fields": { "language": "Slice", "color": "#87CEFA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 174, "fields": { "language": "Slim", "color": "#ADD8E6" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 175, "fields": { "language": "Smalltalk", "color": "#B0E0E6" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 176, "fields": { "language": "Smarty", "color": "#008080" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 177, "fields": { "language": "Softbridge Basic", "color": "#008B8B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 179, "fields": { "language": "Solidity", "color": "#5F9EA0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 180, "fields": { "language": "Specman e", "color": "#20B2AA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 181, "fields": { "language": "SQL", "color": "#00CED1" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 182, "fields": { "language": "SQL Data", "color": "#48D1CC" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 183, "fields": { "language": "SQL Stored Procedure", "color": "#40E0D0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 184, "fields": { "language": "Standard ML", "color": "#AFEEEE" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 185, "fields": { "language": "Stata", "color": "#66CDAA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 186, "fields": { "language": "Stylus", "color": "#7FFFD4" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 187, "fields": { "language": "Swift", "color": "#00FFFF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 188, "fields": { "language": "SWIG", "color": "#00FFFF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 189, "fields": { "language": "Tcl/Tk", "color": "#E0FFFF" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 190, "fields": { "language": "Teamcenter met", "color": "#6B8E23" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 191, "fields": { "language": "Teamcenter mth", "color": "#556B2F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 192, "fields": { "language": "TeX", "color": "#808000" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 193, "fields": { "language": "TITAN Project File Information", "color": "#2E8B57" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 194, "fields": { "language": "Titanium Style Sheet", "color": "#3CB371" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 195, "fields": { "language": "TOML", "color": "#8FBC8F" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 196, "fields": { "language": "TTCN", "color": "#00FA9A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 197, "fields": { "language": "Twig", "color": "#006400" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 198, "fields": { "language": "TypeScript", "color": "#228B22" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 199, "fields": { "language": "Unity-Prefab", "color": "#00FF00" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 200, "fields": { "language": "Vala", "color": "#32CD32" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 201, "fields": { "language": "Vala Header", "color": "#FFFF00" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 202, "fields": { "language": "Velocity Template Language", "color": "#BDB76B" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 203, "fields": { "language": "Verilog-SystemVerilog", "color": "#F0E68C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 204, "fields": { "language": "VHDL", "color": "#EEE8AA" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 205, "fields": { "language": "vim script", "color": "#FFDAB9" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 206, "fields": { "language": "Visual Basic", "color": "#FFE4B5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 207, "fields": { "language": "Visual Fox Pro", "color": "#FFEFD5" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 208, "fields": { "language": "Visualforce Component", "color": "#FAFAD2" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 209, "fields": { "language": "Visualforce Page", "color": "#FFFACD" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 210, "fields": { "language": "Vuejs Component", "color": "#FFFFE0" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 211, "fields": { "language": "Windows Message File", "color": "#FF8C00" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 212, "fields": { "language": "Windows Module Definition", "color": "#FFA500" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 213, "fields": { "language": "Windows Resource File", "color": "#FFD700" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 214, "fields": { "language": "WiX include", "color": "#FF4500" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 215, "fields": { "language": "WiX source", "color": "#FF6347" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 216, "fields": { "language": "WiX string localization", "color": "#FF7F50" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 217, "fields": { "language": "XAML", "color": "#8B0000" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 218, "fields": { "language": "xBase", "color": "#FF0000" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 219, "fields": { "language": "xBase Header", "color": "#B22222" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 220, "fields": { "language": "XHTML", "color": "#DC143C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 221, "fields": { "language": "XMI", "color": "#CD5C5C" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 222, "fields": { "language": "XML", "color": "#F08080" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 223, "fields": { "language": "XQuery", "color": "#E9967A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 224, "fields": { "language": "XSD", "color": "#FA8072" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 225, "fields": { "language": "XSLT", "color": "#FFA07A" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 226, "fields": { "language": "yacc", "color": "#f0ffff" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 227, "fields": { "language": "YAML", "color": "#c1cdcd" } -}, -{ + }, + { "model": "dojo.language_type", "pk": 228, "fields": { "language": "zsh", "color": "#8b7d6b" } -}, -{ + }, + { "model": "dojo.languages", "pk": 1, "fields": { @@ -38508,8 +37650,8 @@ "code": 15000, "created": "2018-08-16T16:38:00.233Z" } -}, -{ + }, + { "model": "dojo.languages", "pk": 2, "fields": { @@ -38522,8 +37664,8 @@ "code": 200, "created": "2018-08-16T16:39:22.999Z" } -}, -{ + }, + { "model": "dojo.languages", "pk": 3, "fields": { @@ -38536,8 +37678,8 @@ "code": 800, "created": "2018-08-16T16:39:23.012Z" } -}, -{ + }, + { "model": "dojo.languages", "pk": 4, "fields": { @@ -38550,8 +37692,8 @@ "code": 200, "created": "2018-08-16T16:50:56.200Z" } -}, -{ + }, + { "model": "dojo.app_analysis", "pk": 1, "fields": { @@ -38566,32 +37708,32 @@ "created": "2018-08-16T16:58:23.908Z", "tags": [] } -}, -{ + }, + { "model": "dojo.objects_review", "pk": 1, "fields": { "name": "Untracked", "created": "2018-03-16T15:21:36.057Z" } -}, -{ + }, + { "model": "dojo.objects_review", "pk": 2, "fields": { "name": "Manual Code Review Required", "created": "2018-03-17T14:21:58.541Z" } -}, -{ + }, + { "model": "dojo.objects_review", "pk": 3, "fields": { "name": "Manual Code Review and Create Test", "created": "2018-03-20T20:50:31.509Z" } -}, -{ + }, + { "model": "dojo.benchmark_type", "pk": 1, "fields": { @@ -38602,8 +37744,8 @@ "updated": "2018-04-03T20:10:06.519Z", "enabled": true } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 1, "fields": { @@ -38615,8 +37757,8 @@ "created": "2018-04-03T20:10:41.006Z", "updated": "2018-04-03T20:10:41.006Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 2, "fields": { @@ -38628,8 +37770,8 @@ "created": "2018-04-09T20:12:01.803Z", "updated": "2018-04-09T20:12:01.803Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 3, "fields": { @@ -38641,8 +37783,8 @@ "created": "2018-04-10T17:20:51.811Z", "updated": "2018-04-10T17:20:51.811Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 4, "fields": { @@ -38654,8 +37796,8 @@ "created": "2018-04-10T17:24:33.975Z", "updated": "2018-04-10T17:24:33.975Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 5, "fields": { @@ -38667,8 +37809,8 @@ "created": "2018-04-10T18:46:47.356Z", "updated": "2018-04-10T18:46:47.356Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 6, "fields": { @@ -38680,8 +37822,8 @@ "created": "2018-04-10T18:56:42.504Z", "updated": "2018-04-10T18:56:42.504Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 7, "fields": { @@ -38693,8 +37835,8 @@ "created": "2018-04-10T19:13:25.863Z", "updated": "2018-04-10T19:13:25.863Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 8, "fields": { @@ -38706,8 +37848,8 @@ "created": "2018-04-10T20:02:38.179Z", "updated": "2018-04-10T20:02:38.179Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 9, "fields": { @@ -38719,8 +37861,8 @@ "created": "2018-04-11T01:34:58.018Z", "updated": "2018-04-11T01:34:58.018Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 10, "fields": { @@ -38732,8 +37874,8 @@ "created": "2018-04-11T01:48:58.751Z", "updated": "2018-04-11T01:48:58.751Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 11, "fields": { @@ -38745,8 +37887,8 @@ "created": "2018-04-11T01:51:36.593Z", "updated": "2018-04-11T01:51:36.593Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 12, "fields": { @@ -38758,8 +37900,8 @@ "created": "2018-04-11T02:00:52.815Z", "updated": "2018-04-11T02:00:52.815Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 13, "fields": { @@ -38771,8 +37913,8 @@ "created": "2018-04-11T02:13:07.053Z", "updated": "2018-04-11T02:13:07.053Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 14, "fields": { @@ -38784,8 +37926,8 @@ "created": "2018-04-11T02:13:45.949Z", "updated": "2018-04-11T02:13:45.949Z" } -}, -{ + }, + { "model": "dojo.benchmark_category", "pk": 15, "fields": { @@ -38797,8 +37939,8 @@ "created": "2018-04-11T02:14:27.877Z", "updated": "2018-04-11T02:14:27.877Z" } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 1, "fields": { @@ -38815,8 +37957,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 2, "fields": { @@ -38833,8 +37975,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 3, "fields": { @@ -38851,8 +37993,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 4, "fields": { @@ -38869,8 +38011,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 5, "fields": { @@ -38887,8 +38029,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 6, "fields": { @@ -38905,8 +38047,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 7, "fields": { @@ -38923,8 +38065,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 8, "fields": { @@ -38941,8 +38083,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 9, "fields": { @@ -38959,8 +38101,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 11, "fields": { @@ -38977,8 +38119,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 12, "fields": { @@ -38995,8 +38137,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 13, "fields": { @@ -39013,8 +38155,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 14, "fields": { @@ -39031,8 +38173,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 15, "fields": { @@ -39049,8 +38191,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 16, "fields": { @@ -39067,8 +38209,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 17, "fields": { @@ -39085,8 +38227,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 18, "fields": { @@ -39103,8 +38245,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 19, "fields": { @@ -39121,8 +38263,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 20, "fields": { @@ -39139,8 +38281,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 21, "fields": { @@ -39157,8 +38299,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 22, "fields": { @@ -39175,8 +38317,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 23, "fields": { @@ -39193,8 +38335,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 24, "fields": { @@ -39211,8 +38353,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 25, "fields": { @@ -39229,8 +38371,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 26, "fields": { @@ -39247,8 +38389,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 27, "fields": { @@ -39265,8 +38407,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 28, "fields": { @@ -39283,8 +38425,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 29, "fields": { @@ -39301,8 +38443,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 30, "fields": { @@ -39319,8 +38461,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 31, "fields": { @@ -39337,8 +38479,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 32, "fields": { @@ -39355,8 +38497,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 33, "fields": { @@ -39373,8 +38515,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 34, "fields": { @@ -39391,8 +38533,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 35, "fields": { @@ -39409,8 +38551,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 36, "fields": { @@ -39427,8 +38569,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 37, "fields": { @@ -39445,8 +38587,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 38, "fields": { @@ -39463,8 +38605,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 39, "fields": { @@ -39481,8 +38623,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 40, "fields": { @@ -39499,8 +38641,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 41, "fields": { @@ -39517,8 +38659,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 42, "fields": { @@ -39535,8 +38677,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 43, "fields": { @@ -39553,8 +38695,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 44, "fields": { @@ -39571,8 +38713,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 45, "fields": { @@ -39589,8 +38731,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 46, "fields": { @@ -39607,8 +38749,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 47, "fields": { @@ -39625,8 +38767,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 48, "fields": { @@ -39643,8 +38785,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 49, "fields": { @@ -39661,8 +38803,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 50, "fields": { @@ -39679,8 +38821,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 51, "fields": { @@ -39697,8 +38839,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 52, "fields": { @@ -39715,8 +38857,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 53, "fields": { @@ -39733,8 +38875,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 54, "fields": { @@ -39751,8 +38893,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 55, "fields": { @@ -39769,8 +38911,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 56, "fields": { @@ -39787,8 +38929,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 57, "fields": { @@ -39805,8 +38947,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 58, "fields": { @@ -39823,8 +38965,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 59, "fields": { @@ -39841,8 +38983,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 60, "fields": { @@ -39859,8 +39001,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 61, "fields": { @@ -39877,8 +39019,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 62, "fields": { @@ -39895,8 +39037,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 63, "fields": { @@ -39913,8 +39055,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 64, "fields": { @@ -39931,8 +39073,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 65, "fields": { @@ -39949,8 +39091,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 66, "fields": { @@ -39967,8 +39109,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 67, "fields": { @@ -39985,8 +39127,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 68, "fields": { @@ -40003,8 +39145,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 69, "fields": { @@ -40021,8 +39163,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 70, "fields": { @@ -40039,8 +39181,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 71, "fields": { @@ -40057,8 +39199,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 72, "fields": { @@ -40075,8 +39217,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 73, "fields": { @@ -40093,8 +39235,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 74, "fields": { @@ -40111,8 +39253,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 75, "fields": { @@ -40129,8 +39271,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 76, "fields": { @@ -40147,8 +39289,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 77, "fields": { @@ -40165,8 +39307,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 78, "fields": { @@ -40183,8 +39325,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 79, "fields": { @@ -40201,8 +39343,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 80, "fields": { @@ -40219,8 +39361,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 81, "fields": { @@ -40237,8 +39379,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 82, "fields": { @@ -40255,8 +39397,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 83, "fields": { @@ -40273,8 +39415,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 84, "fields": { @@ -40291,8 +39433,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 85, "fields": { @@ -40309,8 +39451,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 86, "fields": { @@ -40327,8 +39469,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 87, "fields": { @@ -40345,8 +39487,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 88, "fields": { @@ -40363,8 +39505,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 89, "fields": { @@ -40381,8 +39523,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 90, "fields": { @@ -40399,8 +39541,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 91, "fields": { @@ -40417,8 +39559,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 92, "fields": { @@ -40435,8 +39577,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 93, "fields": { @@ -40453,8 +39595,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 94, "fields": { @@ -40471,8 +39613,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 95, "fields": { @@ -40489,8 +39631,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 96, "fields": { @@ -40507,8 +39649,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 97, "fields": { @@ -40525,8 +39667,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 98, "fields": { @@ -40543,8 +39685,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 99, "fields": { @@ -40561,8 +39703,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 100, "fields": { @@ -40579,8 +39721,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 101, "fields": { @@ -40597,8 +39739,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 102, "fields": { @@ -40615,8 +39757,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 103, "fields": { @@ -40633,8 +39775,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 104, "fields": { @@ -40651,8 +39793,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 105, "fields": { @@ -40669,8 +39811,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 106, "fields": { @@ -40687,8 +39829,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 107, "fields": { @@ -40705,8 +39847,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 108, "fields": { @@ -40723,8 +39865,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 109, "fields": { @@ -40741,8 +39883,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 110, "fields": { @@ -40759,8 +39901,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 111, "fields": { @@ -40777,8 +39919,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 112, "fields": { @@ -40795,8 +39937,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 113, "fields": { @@ -40813,8 +39955,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 114, "fields": { @@ -40831,8 +39973,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 115, "fields": { @@ -40849,8 +39991,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 116, "fields": { @@ -40867,8 +40009,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 117, "fields": { @@ -40885,8 +40027,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 118, "fields": { @@ -40903,8 +40045,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 119, "fields": { @@ -40921,8 +40063,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 120, "fields": { @@ -40939,8 +40081,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 121, "fields": { @@ -40957,8 +40099,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 122, "fields": { @@ -40975,8 +40117,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 123, "fields": { @@ -40993,8 +40135,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 124, "fields": { @@ -41011,8 +40153,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 125, "fields": { @@ -41029,8 +40171,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 126, "fields": { @@ -41047,8 +40189,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 127, "fields": { @@ -41065,8 +40207,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 128, "fields": { @@ -41083,8 +40225,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 129, "fields": { @@ -41101,8 +40243,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 130, "fields": { @@ -41119,8 +40261,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 131, "fields": { @@ -41137,8 +40279,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 132, "fields": { @@ -41155,8 +40297,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 133, "fields": { @@ -41173,8 +40315,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 134, "fields": { @@ -41191,8 +40333,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 135, "fields": { @@ -41209,8 +40351,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 136, "fields": { @@ -41227,8 +40369,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 137, "fields": { @@ -41245,8 +40387,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 138, "fields": { @@ -41263,8 +40405,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 139, "fields": { @@ -41281,8 +40423,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 140, "fields": { @@ -41299,8 +40441,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 141, "fields": { @@ -41317,8 +40459,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 142, "fields": { @@ -41335,8 +40477,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 143, "fields": { @@ -41353,8 +40495,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 144, "fields": { @@ -41371,8 +40513,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 145, "fields": { @@ -41389,8 +40531,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 146, "fields": { @@ -41407,8 +40549,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 147, "fields": { @@ -41425,8 +40567,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 148, "fields": { @@ -41443,8 +40585,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 149, "fields": { @@ -41461,8 +40603,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 150, "fields": { @@ -41479,8 +40621,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 151, "fields": { @@ -41497,8 +40639,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 152, "fields": { @@ -41515,8 +40657,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 153, "fields": { @@ -41533,8 +40675,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 154, "fields": { @@ -41551,8 +40693,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 155, "fields": { @@ -41569,8 +40711,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 156, "fields": { @@ -41587,8 +40729,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 157, "fields": { @@ -41605,8 +40747,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 158, "fields": { @@ -41623,8 +40765,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 159, "fields": { @@ -41641,8 +40783,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 160, "fields": { @@ -41659,8 +40801,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 161, "fields": { @@ -41677,8 +40819,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 162, "fields": { @@ -41695,8 +40837,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 163, "fields": { @@ -41713,8 +40855,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 164, "fields": { @@ -41731,8 +40873,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 165, "fields": { @@ -41749,8 +40891,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 166, "fields": { @@ -41767,8 +40909,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 167, "fields": { @@ -41785,8 +40927,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 168, "fields": { @@ -41803,8 +40945,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 169, "fields": { @@ -41821,8 +40963,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 170, "fields": { @@ -41839,8 +40981,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 171, "fields": { @@ -41857,8 +40999,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 172, "fields": { @@ -41875,8 +41017,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 173, "fields": { @@ -41893,8 +41035,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 174, "fields": { @@ -41911,8 +41053,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 175, "fields": { @@ -41929,8 +41071,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 176, "fields": { @@ -41947,8 +41089,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 177, "fields": { @@ -41965,8 +41107,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 178, "fields": { @@ -41983,8 +41125,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 179, "fields": { @@ -42001,8 +41143,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 180, "fields": { @@ -42019,8 +41161,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 181, "fields": { @@ -42037,8 +41179,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 182, "fields": { @@ -42055,8 +41197,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 183, "fields": { @@ -42073,8 +41215,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 184, "fields": { @@ -42091,8 +41233,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 185, "fields": { @@ -42109,8 +41251,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 186, "fields": { @@ -42127,8 +41269,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 187, "fields": { @@ -42145,8 +41287,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 188, "fields": { @@ -42163,8 +41305,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 189, "fields": { @@ -42181,8 +41323,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 190, "fields": { @@ -42199,8 +41341,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 191, "fields": { @@ -42217,8 +41359,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_requirement", "pk": 192, "fields": { @@ -42235,8 +41377,8 @@ "cwe_mapping": [], "testing_guide": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 1, "fields": { @@ -42248,8 +41390,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 2, "fields": { @@ -42261,8 +41403,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 3, "fields": { @@ -42274,8 +41416,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 4, "fields": { @@ -42287,8 +41429,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 5, "fields": { @@ -42300,8 +41442,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 6, "fields": { @@ -42313,8 +41455,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 7, "fields": { @@ -42326,8 +41468,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 8, "fields": { @@ -42339,8 +41481,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 9, "fields": { @@ -42352,8 +41494,8 @@ "updated": "2018-08-16T15:59:50.665Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 10, "fields": { @@ -42365,8 +41507,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 11, "fields": { @@ -42378,8 +41520,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 12, "fields": { @@ -42391,8 +41533,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 13, "fields": { @@ -42404,8 +41546,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 14, "fields": { @@ -42417,8 +41559,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 15, "fields": { @@ -42430,8 +41572,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 16, "fields": { @@ -42443,8 +41585,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 17, "fields": { @@ -42456,8 +41598,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 18, "fields": { @@ -42469,8 +41611,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 19, "fields": { @@ -42482,8 +41624,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 20, "fields": { @@ -42495,8 +41637,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 21, "fields": { @@ -42508,8 +41650,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 22, "fields": { @@ -42521,8 +41663,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 23, "fields": { @@ -42534,8 +41676,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 24, "fields": { @@ -42547,8 +41689,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 25, "fields": { @@ -42560,8 +41702,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 26, "fields": { @@ -42573,8 +41715,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 27, "fields": { @@ -42586,8 +41728,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 28, "fields": { @@ -42599,8 +41741,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 29, "fields": { @@ -42612,8 +41754,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 30, "fields": { @@ -42625,8 +41767,8 @@ "updated": "2018-08-16T15:59:50.666Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 31, "fields": { @@ -42638,8 +41780,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 32, "fields": { @@ -42651,8 +41793,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 33, "fields": { @@ -42664,8 +41806,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 34, "fields": { @@ -42677,8 +41819,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 35, "fields": { @@ -42690,8 +41832,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 36, "fields": { @@ -42703,8 +41845,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 37, "fields": { @@ -42716,8 +41858,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 38, "fields": { @@ -42729,8 +41871,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 39, "fields": { @@ -42742,8 +41884,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 40, "fields": { @@ -42755,8 +41897,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 41, "fields": { @@ -42768,8 +41910,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 42, "fields": { @@ -42781,8 +41923,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 43, "fields": { @@ -42794,8 +41936,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 44, "fields": { @@ -42807,8 +41949,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 45, "fields": { @@ -42820,8 +41962,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 46, "fields": { @@ -42833,8 +41975,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 47, "fields": { @@ -42846,8 +41988,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 48, "fields": { @@ -42859,8 +42001,8 @@ "updated": "2018-08-16T15:59:50.667Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 49, "fields": { @@ -42872,8 +42014,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 50, "fields": { @@ -42885,8 +42027,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 51, "fields": { @@ -42898,8 +42040,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 52, "fields": { @@ -42911,8 +42053,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 53, "fields": { @@ -42924,8 +42066,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 54, "fields": { @@ -42937,8 +42079,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 55, "fields": { @@ -42950,8 +42092,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 56, "fields": { @@ -42963,8 +42105,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 57, "fields": { @@ -42976,8 +42118,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 58, "fields": { @@ -42989,8 +42131,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 59, "fields": { @@ -43002,8 +42144,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 60, "fields": { @@ -43015,8 +42157,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 61, "fields": { @@ -43028,8 +42170,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 62, "fields": { @@ -43041,8 +42183,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 63, "fields": { @@ -43054,8 +42196,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 64, "fields": { @@ -43067,8 +42209,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 65, "fields": { @@ -43080,8 +42222,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 66, "fields": { @@ -43093,8 +42235,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 67, "fields": { @@ -43106,8 +42248,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 68, "fields": { @@ -43119,8 +42261,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 69, "fields": { @@ -43132,8 +42274,8 @@ "updated": "2018-08-16T15:59:50.668Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 70, "fields": { @@ -43145,8 +42287,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 71, "fields": { @@ -43158,8 +42300,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 72, "fields": { @@ -43171,8 +42313,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 73, "fields": { @@ -43184,8 +42326,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 74, "fields": { @@ -43197,8 +42339,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 75, "fields": { @@ -43210,8 +42352,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 76, "fields": { @@ -43223,8 +42365,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 77, "fields": { @@ -43236,8 +42378,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 78, "fields": { @@ -43249,8 +42391,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 79, "fields": { @@ -43262,8 +42404,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 80, "fields": { @@ -43275,8 +42417,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 81, "fields": { @@ -43288,8 +42430,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 82, "fields": { @@ -43301,8 +42443,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 83, "fields": { @@ -43314,8 +42456,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 84, "fields": { @@ -43327,8 +42469,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 85, "fields": { @@ -43340,8 +42482,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 86, "fields": { @@ -43353,8 +42495,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 87, "fields": { @@ -43366,8 +42508,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 88, "fields": { @@ -43379,8 +42521,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 89, "fields": { @@ -43392,8 +42534,8 @@ "updated": "2018-08-16T15:59:50.669Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 90, "fields": { @@ -43405,8 +42547,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 91, "fields": { @@ -43418,8 +42560,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 92, "fields": { @@ -43431,8 +42573,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 93, "fields": { @@ -43444,8 +42586,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 94, "fields": { @@ -43457,8 +42599,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 95, "fields": { @@ -43470,8 +42612,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 96, "fields": { @@ -43483,8 +42625,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 97, "fields": { @@ -43496,8 +42638,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 98, "fields": { @@ -43509,8 +42651,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 99, "fields": { @@ -43522,8 +42664,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 100, "fields": { @@ -43535,8 +42677,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 101, "fields": { @@ -43548,8 +42690,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 102, "fields": { @@ -43561,8 +42703,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 103, "fields": { @@ -43574,8 +42716,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 104, "fields": { @@ -43587,8 +42729,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 105, "fields": { @@ -43600,8 +42742,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 106, "fields": { @@ -43613,8 +42755,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 107, "fields": { @@ -43626,8 +42768,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 108, "fields": { @@ -43639,8 +42781,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 109, "fields": { @@ -43652,8 +42794,8 @@ "updated": "2018-08-16T15:59:50.670Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 110, "fields": { @@ -43665,8 +42807,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 111, "fields": { @@ -43678,8 +42820,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 112, "fields": { @@ -43691,8 +42833,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 113, "fields": { @@ -43704,8 +42846,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 114, "fields": { @@ -43717,8 +42859,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 115, "fields": { @@ -43730,8 +42872,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 116, "fields": { @@ -43743,8 +42885,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 117, "fields": { @@ -43756,8 +42898,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 118, "fields": { @@ -43769,8 +42911,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 119, "fields": { @@ -43782,8 +42924,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 120, "fields": { @@ -43795,8 +42937,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 121, "fields": { @@ -43808,8 +42950,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 122, "fields": { @@ -43821,8 +42963,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 123, "fields": { @@ -43834,8 +42976,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 124, "fields": { @@ -43847,8 +42989,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 125, "fields": { @@ -43860,8 +43002,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 126, "fields": { @@ -43873,8 +43015,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 127, "fields": { @@ -43886,8 +43028,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 128, "fields": { @@ -43899,8 +43041,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 129, "fields": { @@ -43912,8 +43054,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 130, "fields": { @@ -43925,8 +43067,8 @@ "updated": "2018-08-16T15:59:50.671Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 131, "fields": { @@ -43938,8 +43080,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 132, "fields": { @@ -43951,8 +43093,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 133, "fields": { @@ -43964,8 +43106,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 134, "fields": { @@ -43977,8 +43119,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 135, "fields": { @@ -43990,8 +43132,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 136, "fields": { @@ -44003,8 +43145,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 137, "fields": { @@ -44016,8 +43158,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 138, "fields": { @@ -44029,8 +43171,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 139, "fields": { @@ -44042,8 +43184,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 140, "fields": { @@ -44055,8 +43197,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 141, "fields": { @@ -44068,8 +43210,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 142, "fields": { @@ -44081,8 +43223,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 143, "fields": { @@ -44094,8 +43236,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 144, "fields": { @@ -44107,8 +43249,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 145, "fields": { @@ -44120,8 +43262,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 146, "fields": { @@ -44133,8 +43275,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 147, "fields": { @@ -44146,8 +43288,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 148, "fields": { @@ -44159,8 +43301,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 149, "fields": { @@ -44172,8 +43314,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 150, "fields": { @@ -44185,8 +43327,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 151, "fields": { @@ -44198,8 +43340,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 152, "fields": { @@ -44211,8 +43353,8 @@ "updated": "2018-08-16T15:59:50.672Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 153, "fields": { @@ -44224,8 +43366,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 154, "fields": { @@ -44237,8 +43379,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 155, "fields": { @@ -44250,8 +43392,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 156, "fields": { @@ -44263,8 +43405,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 157, "fields": { @@ -44276,8 +43418,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 158, "fields": { @@ -44289,8 +43431,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 159, "fields": { @@ -44302,8 +43444,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 160, "fields": { @@ -44315,8 +43457,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 161, "fields": { @@ -44328,8 +43470,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 162, "fields": { @@ -44341,8 +43483,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 163, "fields": { @@ -44354,8 +43496,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 164, "fields": { @@ -44367,8 +43509,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 165, "fields": { @@ -44380,8 +43522,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 166, "fields": { @@ -44393,8 +43535,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 167, "fields": { @@ -44406,8 +43548,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 168, "fields": { @@ -44419,8 +43561,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 169, "fields": { @@ -44432,8 +43574,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 170, "fields": { @@ -44445,8 +43587,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 171, "fields": { @@ -44458,8 +43600,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 172, "fields": { @@ -44471,8 +43613,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 173, "fields": { @@ -44484,8 +43626,8 @@ "updated": "2018-08-16T15:59:50.673Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 174, "fields": { @@ -44497,8 +43639,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 175, "fields": { @@ -44510,8 +43652,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 176, "fields": { @@ -44523,8 +43665,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 177, "fields": { @@ -44536,8 +43678,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 178, "fields": { @@ -44549,8 +43691,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 179, "fields": { @@ -44562,8 +43704,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 180, "fields": { @@ -44575,8 +43717,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 181, "fields": { @@ -44588,8 +43730,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 182, "fields": { @@ -44601,8 +43743,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 183, "fields": { @@ -44614,8 +43756,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 184, "fields": { @@ -44627,8 +43769,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 185, "fields": { @@ -44640,8 +43782,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 186, "fields": { @@ -44653,8 +43795,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 187, "fields": { @@ -44666,8 +43808,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 188, "fields": { @@ -44679,8 +43821,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 189, "fields": { @@ -44692,8 +43834,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 190, "fields": { @@ -44705,8 +43847,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product", "pk": 191, "fields": { @@ -44718,8 +43860,8 @@ "updated": "2018-08-16T15:59:50.674Z", "notes": [] } -}, -{ + }, + { "model": "dojo.benchmark_product_summary", "pk": 1, "fields": { @@ -44737,8 +43879,8 @@ "created": "2018-08-16T15:59:50.722Z", "updated": "2018-08-16T15:59:50.722Z" } -}, -{ + }, + { "model": "dojo.question", "pk": 3, "fields": { @@ -44749,8 +43891,8 @@ "optional": false, "text": "What kind of infrastructure will you be using (cloud servers, load balancers, dedicated hardware, etc)?" } -}, -{ + }, + { "model": "dojo.question", "pk": 4, "fields": { @@ -44761,8 +43903,8 @@ "optional": false, "text": "Will there be a staging/pre-prod environment?" } -}, -{ + }, + { "model": "dojo.question", "pk": 5, "fields": { @@ -44773,8 +43915,8 @@ "optional": false, "text": "How many servers/regions will be used for production?" } -}, -{ + }, + { "model": "dojo.question", "pk": 6, "fields": { @@ -44785,8 +43927,8 @@ "optional": false, "text": "What kind of OS and other software will these servers run?" } -}, -{ + }, + { "model": "dojo.question", "pk": 7, "fields": { @@ -44797,8 +43939,8 @@ "optional": false, "text": "Where does the product live? (Public cloud, private cloud, dedicated, etc.)" } -}, -{ + }, + { "model": "dojo.question", "pk": 8, "fields": { @@ -44809,8 +43951,8 @@ "optional": false, "text": "If public cloud, are regions and environments separated into different accounts? Who manages the accounts?" } -}, -{ + }, + { "model": "dojo.question", "pk": 9, "fields": { @@ -44821,8 +43963,8 @@ "optional": false, "text": "How will your servers talk to one another, if at all?" } -}, -{ + }, + { "model": "dojo.question", "pk": 10, "fields": { @@ -44833,8 +43975,8 @@ "optional": false, "text": "How will you manage this infrastructure?" } -}, -{ + }, + { "model": "dojo.question", "pk": 11, "fields": { @@ -44845,8 +43987,8 @@ "optional": false, "text": "What is your patching schedule?" } -}, -{ + }, + { "model": "dojo.question", "pk": 12, "fields": { @@ -44857,8 +43999,8 @@ "optional": false, "text": "How will admin users (e.g., Ops) authenticate to the servers (LDAP based login, SSH Keys, local access)?" } -}, -{ + }, + { "model": "dojo.question", "pk": 13, "fields": { @@ -44869,8 +44011,8 @@ "optional": false, "text": "What components do you have as part of your product (Web UI, REST API, command line app, mobile app, etc.)?" } -}, -{ + }, + { "model": "dojo.question", "pk": 14, "fields": { @@ -44881,8 +44023,8 @@ "optional": false, "text": "What access control limitations are in place?" } -}, -{ + }, + { "model": "dojo.question", "pk": 15, "fields": { @@ -44893,8 +44035,8 @@ "optional": false, "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)" } -}, -{ + }, + { "model": "dojo.question", "pk": 16, "fields": { @@ -44905,8 +44047,8 @@ "optional": false, "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?" } -}, -{ + }, + { "model": "dojo.question", "pk": 17, "fields": { @@ -44917,8 +44059,8 @@ "optional": false, "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?" } -}, -{ + }, + { "model": "dojo.question", "pk": 18, "fields": { @@ -44929,8 +44071,8 @@ "optional": false, "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?" } -}, -{ + }, + { "model": "dojo.question", "pk": 19, "fields": { @@ -44941,8 +44083,8 @@ "optional": false, "text": "What identifying information are you logging?" } -}, -{ + }, + { "model": "dojo.question", "pk": 20, "fields": { @@ -44953,8 +44095,8 @@ "optional": false, "text": "Where are these logs stored?" } -}, -{ + }, + { "model": "dojo.question", "pk": 21, "fields": { @@ -44965,8 +44107,8 @@ "optional": false, "text": "How does an end user interact with the product? Do they visit it in their browser, use a proxy or a special CLI tool, log in through a terminal server, etc?" } -}, -{ + }, + { "model": "dojo.question", "pk": 22, "fields": { @@ -44977,8 +44119,8 @@ "optional": false, "text": "How public-facing is this product? (customer tool, open source project, etc.)" } -}, -{ + }, + { "model": "dojo.question", "pk": 23, "fields": { @@ -44989,8 +44131,8 @@ "optional": false, "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc." } -}, -{ + }, + { "model": "dojo.question", "pk": 24, "fields": { @@ -45001,8 +44143,8 @@ "optional": false, "text": "What services/products does your product consume? What services/products consume it?" } -}, -{ + }, + { "model": "dojo.question", "pk": 25, "fields": { @@ -45013,8 +44155,8 @@ "optional": false, "text": "What customer or corporate information does your product consume?" } -}, -{ + }, + { "model": "dojo.question", "pk": 26, "fields": { @@ -45025,8 +44167,8 @@ "optional": false, "text": "What information does the product store?" } -}, -{ + }, + { "model": "dojo.question", "pk": 27, "fields": { @@ -45037,8 +44179,8 @@ "optional": false, "text": "Where, how, and for how long is it stored?" } -}, -{ + }, + { "model": "dojo.question", "pk": 28, "fields": { @@ -45049,8 +44191,8 @@ "optional": false, "text": "Is encryption / hashing used where appropriate?" } -}, -{ + }, + { "model": "dojo.question", "pk": 29, "fields": { @@ -45061,8 +44203,8 @@ "optional": false, "text": "Are you rolling your own identification system? If so, have you considered integrating with SSO instead?" } -}, -{ + }, + { "model": "dojo.question", "pk": 30, "fields": { @@ -45073,8 +44215,8 @@ "optional": false, "text": "What information does the product send to the user?" } -}, -{ + }, + { "model": "dojo.question", "pk": 31, "fields": { @@ -45085,8 +44227,8 @@ "optional": false, "text": "If you’re managing passwords or keys across multiple servers/endpoints, where and how is that information stored?" } -}, -{ + }, + { "model": "dojo.question", "pk": 32, "fields": { @@ -45097,8 +44239,8 @@ "optional": false, "text": "What third party tools and libraries are you using? Please provide a package dump as well (apt, pip, bower, etc.)" } -}, -{ + }, + { "model": "dojo.question", "pk": 33, "fields": { @@ -45109,8 +44251,8 @@ "optional": false, "text": "What ports should be open on each node, and what services do they expose?" } -}, -{ + }, + { "model": "dojo.question", "pk": 34, "fields": { @@ -45121,8 +44263,8 @@ "optional": false, "text": "What service accounts are you utilizing, and what roles do they have?" } -}, -{ + }, + { "model": "dojo.question", "pk": 35, "fields": { @@ -45133,8 +44275,8 @@ "optional": false, "text": "What DNS entries do you have set up? (Most importantly, public-facing systems)" } -}, -{ + }, + { "model": "dojo.question", "pk": 36, "fields": { @@ -45145,8 +44287,8 @@ "optional": false, "text": "What type of monitoring are you doing? (IDS, cloud monitoring, custom log parsing script, etc.)" } -}, -{ + }, + { "model": "dojo.question", "pk": 37, "fields": { @@ -45157,8 +44299,8 @@ "optional": false, "text": "List the IPs for all infrastructure utilized for the environment in question." } -}, -{ + }, + { "model": "dojo.question", "pk": 38, "fields": { @@ -45169,8 +44311,8 @@ "optional": false, "text": "List of endpoints and documentation for any APIs created by your product." } -}, -{ + }, + { "model": "dojo.question", "pk": 39, "fields": { @@ -45181,8 +44323,8 @@ "optional": false, "text": "Locations of any web UIs or other important URLs" } -}, -{ + }, + { "model": "dojo.question", "pk": 40, "fields": { @@ -45193,8 +44335,8 @@ "optional": false, "text": "List of any service accounts or other access requests relevant to your product" } -}, -{ + }, + { "model": "dojo.question", "pk": 41, "fields": { @@ -45205,8 +44347,8 @@ "optional": false, "text": "The contact information of QE who are testing the products." } -}, -{ + }, + { "model": "dojo.question", "pk": 42, "fields": { @@ -45217,8 +44359,8 @@ "optional": false, "text": "The list of people that should be notified for our security testing." } -}, -{ + }, + { "model": "dojo.question", "pk": 43, "fields": { @@ -45229,213 +44371,213 @@ "optional": false, "text": "Any security testing that we should not run, and/or times when you would prefer we not test." } -}, -{ + }, + { "model": "dojo.textquestion", "pk": 3, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 4, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 5, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 6, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 7, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 8, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 9, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 10, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 11, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 12, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 13, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 14, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 15, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 16, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 17, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 18, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 19, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 20, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 21, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 22, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 23, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 24, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 25, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 26, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 27, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 28, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 29, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 30, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 31, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 32, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 33, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 34, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 35, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 36, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 37, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 38, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 39, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 40, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 41, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 42, "fields": {} -}, -{ + }, + { "model": "dojo.textquestion", "pk": 43, "fields": {} -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 2, "fields": { @@ -45455,8 +44597,8 @@ 12 ] } -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 3, "fields": { @@ -45474,8 +44616,8 @@ 43 ] } -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 4, "fields": { @@ -45492,8 +44634,8 @@ 20 ] } -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 5, "fields": { @@ -45507,8 +44649,8 @@ 24 ] } -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 6, "fields": { @@ -45525,8 +44667,8 @@ 31 ] } -}, -{ + }, + { "model": "dojo.engagement_survey", "pk": 7, "fields": { @@ -45541,8 +44683,8 @@ 36 ] } -}, -{ + }, + { "model": "watson.searchentry", "pk": 1, "fields": { @@ -45556,8 +44698,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 2, "fields": { @@ -45571,8 +44713,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 3, "fields": { @@ -45586,8 +44728,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 4, "fields": { @@ -45601,8 +44743,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 5, "fields": { @@ -45616,8 +44758,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 6, "fields": { @@ -45631,8 +44773,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 7, "fields": { @@ -45646,8 +44788,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 8, "fields": { @@ -45661,8 +44803,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 9, "fields": { @@ -45676,8 +44818,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 10, "fields": { @@ -45691,8 +44833,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 11, "fields": { @@ -45706,8 +44848,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 12, "fields": { @@ -45721,8 +44863,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 13, "fields": { @@ -45736,8 +44878,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 14, "fields": { @@ -45751,8 +44893,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 15, "fields": { @@ -45766,8 +44908,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 16, "fields": { @@ -45781,8 +44923,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 17, "fields": { @@ -45796,8 +44938,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 18, "fields": { @@ -45811,8 +44953,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 19, "fields": { @@ -45826,8 +44968,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 20, "fields": { @@ -45841,8 +44983,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 21, "fields": { @@ -45856,8 +44998,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 22, "fields": { @@ -45871,8 +45013,8 @@ "url": "/endpoint/8", "meta_encoded": "{\"product__name\": \"BodgeIt\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 23, "fields": { @@ -45886,8 +45028,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 24, "fields": { @@ -45901,8 +45043,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 25, "fields": { @@ -45916,8 +45058,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 26, "fields": { @@ -45931,8 +45073,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 27, "fields": { @@ -45946,8 +45088,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 28, "fields": { @@ -45961,8 +45103,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 29, "fields": { @@ -45976,8 +45118,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 30, "fields": { @@ -45991,8 +45133,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 31, "fields": { @@ -46006,8 +45148,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 32, "fields": { @@ -46021,8 +45163,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 33, "fields": { @@ -46036,8 +45178,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 34, "fields": { @@ -46051,8 +45193,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 35, "fields": { @@ -46066,8 +45208,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 36, "fields": { @@ -46081,8 +45223,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 37, "fields": { @@ -46096,8 +45238,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 38, "fields": { @@ -46111,8 +45253,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 39, "fields": { @@ -46126,8 +45268,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 40, "fields": { @@ -46141,8 +45283,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 41, "fields": { @@ -46156,8 +45298,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 42, "fields": { @@ -46171,8 +45313,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 43, "fields": { @@ -46186,8 +45328,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 44, "fields": { @@ -46201,8 +45343,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 45, "fields": { @@ -46216,8 +45358,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 46, "fields": { @@ -46231,8 +45373,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 47, "fields": { @@ -46246,8 +45388,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 48, "fields": { @@ -46261,8 +45403,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 49, "fields": { @@ -46276,8 +45418,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 50, "fields": { @@ -46291,8 +45433,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 51, "fields": { @@ -46306,8 +45448,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 52, "fields": { @@ -46321,8 +45463,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 53, "fields": { @@ -46336,8 +45478,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 54, "fields": { @@ -46351,8 +45493,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 55, "fields": { @@ -46366,8 +45508,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 56, "fields": { @@ -46381,8 +45523,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 57, "fields": { @@ -46396,8 +45538,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 58, "fields": { @@ -46411,8 +45553,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 59, "fields": { @@ -46426,8 +45568,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 60, "fields": { @@ -46441,8 +45583,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 61, "fields": { @@ -46456,8 +45598,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 62, "fields": { @@ -46471,8 +45613,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 63, "fields": { @@ -46486,8 +45628,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 64, "fields": { @@ -46501,8 +45643,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 65, "fields": { @@ -46516,8 +45658,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 66, "fields": { @@ -46531,8 +45673,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 67, "fields": { @@ -46546,8 +45688,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 68, "fields": { @@ -46561,8 +45703,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 69, "fields": { @@ -46576,8 +45718,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 70, "fields": { @@ -46591,8 +45733,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 71, "fields": { @@ -46606,8 +45748,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 72, "fields": { @@ -46621,8 +45763,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 73, "fields": { @@ -46636,8 +45778,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 74, "fields": { @@ -46651,8 +45793,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 75, "fields": { @@ -46666,8 +45808,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 76, "fields": { @@ -46681,8 +45823,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 77, "fields": { @@ -46696,8 +45838,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 78, "fields": { @@ -46711,8 +45853,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 79, "fields": { @@ -46726,8 +45868,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 80, "fields": { @@ -46741,8 +45883,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 81, "fields": { @@ -46756,8 +45898,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 82, "fields": { @@ -46771,8 +45913,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 83, "fields": { @@ -46786,8 +45928,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 84, "fields": { @@ -46801,8 +45943,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 85, "fields": { @@ -46816,8 +45958,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 86, "fields": { @@ -46831,8 +45973,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 87, "fields": { @@ -46846,8 +45988,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 88, "fields": { @@ -46861,8 +46003,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 89, "fields": { @@ -46876,8 +46018,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 90, "fields": { @@ -46891,8 +46033,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 91, "fields": { @@ -46906,8 +46048,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 92, "fields": { @@ -46921,8 +46063,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 93, "fields": { @@ -46936,8 +46078,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 94, "fields": { @@ -46951,8 +46093,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 95, "fields": { @@ -46966,8 +46108,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 96, "fields": { @@ -46981,8 +46123,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 97, "fields": { @@ -46996,8 +46138,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 98, "fields": { @@ -47011,8 +46153,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 99, "fields": { @@ -47026,8 +46168,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 100, "fields": { @@ -47041,8 +46183,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 101, "fields": { @@ -47056,8 +46198,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 102, "fields": { @@ -47071,8 +46213,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 103, "fields": { @@ -47086,8 +46228,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 104, "fields": { @@ -47101,8 +46243,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 105, "fields": { @@ -47116,8 +46258,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 106, "fields": { @@ -47131,8 +46273,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 107, "fields": { @@ -47146,8 +46288,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 108, "fields": { @@ -47161,8 +46303,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 109, "fields": { @@ -47176,8 +46318,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 110, "fields": { @@ -47191,8 +46333,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 111, "fields": { @@ -47206,8 +46348,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 112, "fields": { @@ -47221,8 +46363,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 113, "fields": { @@ -47236,8 +46378,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 114, "fields": { @@ -47251,8 +46393,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 115, "fields": { @@ -47266,8 +46408,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 116, "fields": { @@ -47281,8 +46423,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 117, "fields": { @@ -47296,8 +46438,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 118, "fields": { @@ -47311,8 +46453,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 119, "fields": { @@ -47326,8 +46468,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 120, "fields": { @@ -47341,8 +46483,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 121, "fields": { @@ -47356,8 +46498,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 122, "fields": { @@ -47371,8 +46513,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 123, "fields": { @@ -47386,8 +46528,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 124, "fields": { @@ -47401,8 +46543,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 125, "fields": { @@ -47416,8 +46558,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 126, "fields": { @@ -47431,8 +46573,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 127, "fields": { @@ -47446,8 +46588,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 128, "fields": { @@ -47461,8 +46603,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 129, "fields": { @@ -47476,8 +46618,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 130, "fields": { @@ -47491,8 +46633,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 131, "fields": { @@ -47506,8 +46648,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 132, "fields": { @@ -47521,8 +46663,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 133, "fields": { @@ -47536,8 +46678,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 134, "fields": { @@ -47551,8 +46693,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 135, "fields": { @@ -47566,8 +46708,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 136, "fields": { @@ -47581,8 +46723,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 137, "fields": { @@ -47596,8 +46738,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 138, "fields": { @@ -47611,8 +46753,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 139, "fields": { @@ -47626,8 +46768,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 140, "fields": { @@ -47641,8 +46783,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 141, "fields": { @@ -47656,8 +46798,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 142, "fields": { @@ -47671,8 +46813,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 143, "fields": { @@ -47686,8 +46828,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 144, "fields": { @@ -47701,8 +46843,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 145, "fields": { @@ -47716,8 +46858,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 146, "fields": { @@ -47731,8 +46873,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 147, "fields": { @@ -47746,8 +46888,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 148, "fields": { @@ -47761,8 +46903,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 149, "fields": { @@ -47776,8 +46918,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 150, "fields": { @@ -47791,8 +46933,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 151, "fields": { @@ -47806,8 +46948,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 152, "fields": { @@ -47821,8 +46963,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 153, "fields": { @@ -47836,8 +46978,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 154, "fields": { @@ -47851,8 +46993,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 155, "fields": { @@ -47866,8 +47008,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 156, "fields": { @@ -47881,8 +47023,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 157, "fields": { @@ -47896,8 +47038,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 158, "fields": { @@ -47911,8 +47053,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 159, "fields": { @@ -47926,8 +47068,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 160, "fields": { @@ -47941,8 +47083,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 161, "fields": { @@ -47956,8 +47098,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 162, "fields": { @@ -47971,8 +47113,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 163, "fields": { @@ -47986,8 +47128,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 164, "fields": { @@ -48001,8 +47143,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 165, "fields": { @@ -48016,8 +47158,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 166, "fields": { @@ -48031,8 +47173,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 167, "fields": { @@ -48046,8 +47188,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 168, "fields": { @@ -48061,8 +47203,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 169, "fields": { @@ -48076,8 +47218,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 170, "fields": { @@ -48091,8 +47233,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 171, "fields": { @@ -48106,8 +47248,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 172, "fields": { @@ -48121,8 +47263,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 173, "fields": { @@ -48136,8 +47278,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 174, "fields": { @@ -48151,8 +47293,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 175, "fields": { @@ -48166,8 +47308,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 176, "fields": { @@ -48181,8 +47323,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 177, "fields": { @@ -48196,8 +47338,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 178, "fields": { @@ -48211,8 +47353,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 179, "fields": { @@ -48226,8 +47368,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 180, "fields": { @@ -48241,8 +47383,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 181, "fields": { @@ -48256,8 +47398,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 182, "fields": { @@ -48271,8 +47413,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 183, "fields": { @@ -48286,8 +47428,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 184, "fields": { @@ -48301,8 +47443,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 185, "fields": { @@ -48316,8 +47458,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 186, "fields": { @@ -48331,8 +47473,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 187, "fields": { @@ -48346,8 +47488,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 188, "fields": { @@ -48361,8 +47503,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 189, "fields": { @@ -48376,8 +47518,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 190, "fields": { @@ -48391,8 +47533,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 191, "fields": { @@ -48406,8 +47548,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 192, "fields": { @@ -48421,8 +47563,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 193, "fields": { @@ -48436,8 +47578,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 194, "fields": { @@ -48451,8 +47593,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 195, "fields": { @@ -48466,8 +47608,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 196, "fields": { @@ -48481,8 +47623,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 197, "fields": { @@ -48496,8 +47638,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 198, "fields": { @@ -48511,8 +47653,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 199, "fields": { @@ -48526,8 +47668,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 200, "fields": { @@ -48541,8 +47683,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 201, "fields": { @@ -48556,8 +47698,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 202, "fields": { @@ -48571,8 +47713,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 203, "fields": { @@ -48586,8 +47728,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 204, "fields": { @@ -48601,8 +47743,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 205, "fields": { @@ -48616,8 +47758,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 206, "fields": { @@ -48631,8 +47773,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 207, "fields": { @@ -48646,8 +47788,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 208, "fields": { @@ -48661,8 +47803,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 209, "fields": { @@ -48676,8 +47818,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 210, "fields": { @@ -48691,8 +47833,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 211, "fields": { @@ -48706,8 +47848,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 212, "fields": { @@ -48721,8 +47863,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 213, "fields": { @@ -48736,8 +47878,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 214, "fields": { @@ -48751,8 +47893,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 215, "fields": { @@ -48766,8 +47908,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 216, "fields": { @@ -48781,8 +47923,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 217, "fields": { @@ -48796,8 +47938,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 218, "fields": { @@ -48811,8 +47953,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 219, "fields": { @@ -48826,8 +47968,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 220, "fields": { @@ -48841,8 +47983,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 221, "fields": { @@ -48856,8 +47998,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 222, "fields": { @@ -48871,8 +48013,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 223, "fields": { @@ -48886,8 +48028,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 224, "fields": { @@ -48901,8 +48043,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 225, "fields": { @@ -48916,8 +48058,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 226, "fields": { @@ -48931,8 +48073,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 227, "fields": { @@ -48946,8 +48088,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 228, "fields": { @@ -48961,8 +48103,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 229, "fields": { @@ -48976,8 +48118,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 230, "fields": { @@ -48991,8 +48133,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 231, "fields": { @@ -49006,8 +48148,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 232, "fields": { @@ -49021,8 +48163,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 233, "fields": { @@ -49036,8 +48178,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 234, "fields": { @@ -49051,8 +48193,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 235, "fields": { @@ -49066,8 +48208,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 236, "fields": { @@ -49081,8 +48223,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 237, "fields": { @@ -49096,8 +48238,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 238, "fields": { @@ -49111,8 +48253,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 239, "fields": { @@ -49126,8 +48268,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 240, "fields": { @@ -49141,8 +48283,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 241, "fields": { @@ -49156,8 +48298,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 242, "fields": { @@ -49171,8 +48313,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 243, "fields": { @@ -49186,8 +48328,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 244, "fields": { @@ -49201,8 +48343,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 245, "fields": { @@ -49216,8 +48358,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 246, "fields": { @@ -49231,8 +48373,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 247, "fields": { @@ -49246,8 +48388,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 248, "fields": { @@ -49261,8 +48403,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 249, "fields": { @@ -49276,8 +48418,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 250, "fields": { @@ -49291,8 +48433,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 251, "fields": { @@ -49306,8 +48448,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 252, "fields": { @@ -49321,8 +48463,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 253, "fields": { @@ -49336,8 +48478,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 254, "fields": { @@ -49351,8 +48493,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 255, "fields": { @@ -49366,8 +48508,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 256, "fields": { @@ -49381,8 +48523,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 257, "fields": { @@ -49396,8 +48538,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 258, "fields": { @@ -49411,8 +48553,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 259, "fields": { @@ -49426,8 +48568,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 260, "fields": { @@ -49441,8 +48583,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 261, "fields": { @@ -49456,8 +48598,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 262, "fields": { @@ -49471,8 +48613,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 263, "fields": { @@ -49486,8 +48628,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 264, "fields": { @@ -49501,8 +48643,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 265, "fields": { @@ -49516,8 +48658,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 266, "fields": { @@ -49531,8 +48673,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 267, "fields": { @@ -49546,8 +48688,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 268, "fields": { @@ -49561,8 +48703,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 269, "fields": { @@ -49576,8 +48718,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 270, "fields": { @@ -49591,8 +48733,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 271, "fields": { @@ -49606,8 +48748,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 272, "fields": { @@ -49621,8 +48763,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 273, "fields": { @@ -49636,8 +48778,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 274, "fields": { @@ -49651,8 +48793,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 275, "fields": { @@ -49666,8 +48808,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 276, "fields": { @@ -49681,8 +48823,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 277, "fields": { @@ -49696,8 +48838,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 278, "fields": { @@ -49711,8 +48853,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 279, "fields": { @@ -49726,8 +48868,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 280, "fields": { @@ -49741,8 +48883,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 281, "fields": { @@ -49756,8 +48898,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 282, "fields": { @@ -49771,8 +48913,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 283, "fields": { @@ -49786,8 +48928,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 284, "fields": { @@ -49801,8 +48943,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 285, "fields": { @@ -49816,8 +48958,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 286, "fields": { @@ -49831,8 +48973,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 287, "fields": { @@ -49846,8 +48988,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 288, "fields": { @@ -49861,8 +49003,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 289, "fields": { @@ -49876,8 +49018,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 290, "fields": { @@ -49891,8 +49033,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 291, "fields": { @@ -49906,8 +49048,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 292, "fields": { @@ -49921,8 +49063,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 293, "fields": { @@ -49936,8 +49078,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 294, "fields": { @@ -49951,8 +49093,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 295, "fields": { @@ -49966,8 +49108,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 296, "fields": { @@ -49981,8 +49123,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 297, "fields": { @@ -49996,8 +49138,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 298, "fields": { @@ -50011,8 +49153,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 299, "fields": { @@ -50026,8 +49168,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 300, "fields": { @@ -50041,8 +49183,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 301, "fields": { @@ -50056,8 +49198,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 302, "fields": { @@ -50071,8 +49213,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 303, "fields": { @@ -50086,8 +49228,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 304, "fields": { @@ -50101,8 +49243,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 305, "fields": { @@ -50116,8 +49258,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 306, "fields": { @@ -50131,8 +49273,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 307, "fields": { @@ -50146,8 +49288,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 308, "fields": { @@ -50161,8 +49303,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 309, "fields": { @@ -50176,8 +49318,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 310, "fields": { @@ -50191,8 +49333,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 311, "fields": { @@ -50206,8 +49348,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 312, "fields": { @@ -50221,8 +49363,8 @@ "url": "/finding/262", "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 313, "fields": { @@ -50236,8 +49378,8 @@ "url": "/finding/263", "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 314, "fields": { @@ -50251,8 +49393,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 315, "fields": { @@ -50266,8 +49408,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 316, "fields": { @@ -50281,8 +49423,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 317, "fields": { @@ -50296,8 +49438,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 318, "fields": { @@ -50311,8 +49453,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 319, "fields": { @@ -50326,8 +49468,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 320, "fields": { @@ -50341,8 +49483,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 321, "fields": { @@ -50356,8 +49498,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 322, "fields": { @@ -50371,8 +49513,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 323, "fields": { @@ -50386,8 +49528,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 324, "fields": { @@ -50401,8 +49543,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 325, "fields": { @@ -50416,8 +49558,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 326, "fields": { @@ -50431,8 +49573,8 @@ "url": "/finding/276", "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 327, "fields": { @@ -50446,8 +49588,8 @@ "url": "/finding/277", "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 328, "fields": { @@ -50461,8 +49603,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 329, "fields": { @@ -50476,8 +49618,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 330, "fields": { @@ -50491,8 +49633,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 331, "fields": { @@ -50506,8 +49648,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 332, "fields": { @@ -50521,8 +49663,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 333, "fields": { @@ -50536,8 +49678,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 334, "fields": { @@ -50551,8 +49693,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 335, "fields": { @@ -50566,8 +49708,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 336, "fields": { @@ -50581,8 +49723,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 337, "fields": { @@ -50596,8 +49738,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 338, "fields": { @@ -50611,8 +49753,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 339, "fields": { @@ -50626,8 +49768,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 340, "fields": { @@ -50641,8 +49783,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 341, "fields": { @@ -50656,8 +49798,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 342, "fields": { @@ -50671,8 +49813,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 343, "fields": { @@ -50686,8 +49828,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 344, "fields": { @@ -50701,8 +49843,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 345, "fields": { @@ -50716,8 +49858,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 346, "fields": { @@ -50731,8 +49873,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 347, "fields": { @@ -50746,8 +49888,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 348, "fields": { @@ -50761,8 +49903,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 349, "fields": { @@ -50776,8 +49918,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 350, "fields": { @@ -50791,8 +49933,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 351, "fields": { @@ -50806,8 +49948,8 @@ "url": "/finding/301", "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 352, "fields": { @@ -50821,8 +49963,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 353, "fields": { @@ -50836,8 +49978,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 354, "fields": { @@ -50851,8 +49993,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 355, "fields": { @@ -50866,8 +50008,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 356, "fields": { @@ -50881,8 +50023,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 357, "fields": { @@ -50896,8 +50038,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 358, "fields": { @@ -50911,8 +50053,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 359, "fields": { @@ -50926,8 +50068,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 360, "fields": { @@ -50941,8 +50083,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 361, "fields": { @@ -50956,8 +50098,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 362, "fields": { @@ -50971,8 +50113,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 363, "fields": { @@ -50986,8 +50128,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 364, "fields": { @@ -51001,8 +50143,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 365, "fields": { @@ -51016,8 +50158,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 366, "fields": { @@ -51031,8 +50173,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 367, "fields": { @@ -51046,8 +50188,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 368, "fields": { @@ -51061,8 +50203,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 369, "fields": { @@ -51076,8 +50218,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 370, "fields": { @@ -51091,8 +50233,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 371, "fields": { @@ -51106,8 +50248,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 372, "fields": { @@ -51121,8 +50263,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 373, "fields": { @@ -51136,8 +50278,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 374, "fields": { @@ -51151,8 +50293,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 375, "fields": { @@ -51166,8 +50308,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 376, "fields": { @@ -51181,8 +50323,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 377, "fields": { @@ -51196,8 +50338,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 378, "fields": { @@ -51211,8 +50353,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 379, "fields": { @@ -51226,8 +50368,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 380, "fields": { @@ -51241,8 +50383,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 381, "fields": { @@ -51256,8 +50398,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 382, "fields": { @@ -51271,8 +50413,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 383, "fields": { @@ -51286,8 +50428,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 384, "fields": { @@ -51301,8 +50443,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 385, "fields": { @@ -51316,8 +50458,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 386, "fields": { @@ -51331,8 +50473,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 387, "fields": { @@ -51346,8 +50488,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 388, "fields": { @@ -51361,8 +50503,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 389, "fields": { @@ -51376,8 +50518,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 390, "fields": { @@ -51391,8 +50533,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 391, "fields": { @@ -51406,8 +50548,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 392, "fields": { @@ -51421,8 +50563,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 393, "fields": { @@ -51436,8 +50578,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 394, "fields": { @@ -51451,8 +50593,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 395, "fields": { @@ -51466,8 +50608,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 396, "fields": { @@ -51481,8 +50623,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 397, "fields": { @@ -51496,8 +50638,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 398, "fields": { @@ -51511,8 +50653,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 399, "fields": { @@ -51526,8 +50668,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 400, "fields": { @@ -51541,8 +50683,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 401, "fields": { @@ -51556,8 +50698,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 402, "fields": { @@ -51571,8 +50713,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 403, "fields": { @@ -51586,8 +50728,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 404, "fields": { @@ -51601,8 +50743,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 405, "fields": { @@ -51616,8 +50758,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 406, "fields": { @@ -51631,8 +50773,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 407, "fields": { @@ -51646,8 +50788,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 408, "fields": { @@ -51661,8 +50803,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 409, "fields": { @@ -51676,8 +50818,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 410, "fields": { @@ -51691,8 +50833,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 411, "fields": { @@ -51706,8 +50848,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 412, "fields": { @@ -51721,8 +50863,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 413, "fields": { @@ -51736,8 +50878,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 414, "fields": { @@ -51751,8 +50893,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 415, "fields": { @@ -51766,8 +50908,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 416, "fields": { @@ -51781,8 +50923,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 417, "fields": { @@ -51796,8 +50938,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 418, "fields": { @@ -51811,8 +50953,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 419, "fields": { @@ -51826,8 +50968,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 420, "fields": { @@ -51841,8 +50983,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 421, "fields": { @@ -51856,8 +50998,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 422, "fields": { @@ -51871,8 +51013,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 423, "fields": { @@ -51886,8 +51028,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 424, "fields": { @@ -51901,8 +51043,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 425, "fields": { @@ -51916,8 +51058,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 426, "fields": { @@ -51931,8 +51073,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 427, "fields": { @@ -51946,8 +51088,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 428, "fields": { @@ -51961,8 +51103,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 429, "fields": { @@ -51976,8 +51118,8 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "watson.searchentry", "pk": 430, "fields": { @@ -51991,29 +51133,29 @@ "url": "", "meta_encoded": "{}" } -}, -{ + }, + { "model": "authtoken.token", "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", "fields": { "user": 2, "created": "2018-04-16T06:54:35.933Z" } -}, -{ + }, + { "model": "authtoken.token", "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", "fields": { "user": 1, "created": "2018-04-16T06:54:35.937Z" } -}, -{ + }, + { "model": "authtoken.token", "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708", "fields": { "user": 3, "created": "2018-04-16T06:54:35.940Z" } -} -] + } + ] diff --git a/dojo/fixtures/dojo_testdata.json b/dojo/fixtures/dojo_testdata.json index c1d919e3082..62486cb90cf 100644 --- a/dojo/fixtures/dojo_testdata.json +++ b/dojo/fixtures/dojo_testdata.json @@ -101,7 +101,12 @@ "is_staff": false, "last_login": null, "groups": [], - "user_permissions": [], + "user_permissions": [ + 218, + 220, + 26, + 28 + ], "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", "email": "", "date_joined": "2018-04-13T07:59:51.527Z" @@ -165,6 +170,54 @@ "content_type": 3 } }, + { + "model": "auditlog.logentry", + "pk": 803, + "fields": { + "content_type": 28, + "object_pk": "1", + "object_id": 1, + "object_repr": "BodgeIt", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:54.921Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 804, + "fields": { + "content_type": 28, + "object_pk": "2", + "object_id": 2, + "object_repr": "Internal CRM App", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.044Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 805, + "fields": { + "content_type": 28, + "object_pk": "3", + "object_id": 3, + "object_repr": "Apple Accounting Software", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.071Z", + "additional_data": null + } + }, { "pk": 1, "model": "dojo.system_settings", @@ -339,21 +392,21 @@ "pk": 120, "model": "dojo.test_type", "fields": { - "name": "Xanitizer Scan" + "name": "Xanitizer Scan" } }, { "pk": 555, "model": "dojo.test_type", "fields": { - "name": "Veracode Scan" + "name": "Veracode Scan" } }, { "pk": 999, "model": "dojo.test_type", "fields": { - "name": "Checkmarx Scan detailed" + "name": "Checkmarx Scan detailed" } }, { @@ -444,7 +497,7 @@ "product": 1, "name": "Tomcat", "user": [ - "admin" + "admin" ], "confidence": 100, "version": "8.5.1", @@ -508,7 +561,9 @@ "report_type": null, "first_contacted": null, "tmodel_path": "none", - "risk_acceptance": [], + "risk_acceptance": [ + 1 + ], "lead": 1, "version": null, "progress": "threat_model", @@ -612,7 +667,7 @@ "description": "test Engagement", "reason": null, "requester": null, -"active": true, + "active": true, "done_testing": false, "target_end": "2018-04-12", "name": "April monthly engagement2", @@ -622,6 +677,31 @@ "deduplication_on_engagement": true } }, + { + "model": "dojo.risk_acceptance", + "pk": 1, + "fields": { + "name": "Accept: Qwegqer", + "recommendation": "A", + "recommendation_details": "Fix the issue", + "decision": "A", + "decision_details": "The issue is not that big of a deal", + "accepted_by": "Somebody", + "path": "", + "owner": 1, + "expiration_date": "2023-08-28T00:00:00Z", + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2023-03-01T22:12:43.829Z", + "updated": "2023-03-01T22:12:43.891Z", + "accepted_findings": [ + 226 + ], + "notes": [] + } + }, { "pk": 6, "model": "dojo.engagement", @@ -652,7 +732,6 @@ "deduplication_on_engagement": true } }, - { "pk": 1, "model": "dojo.endpoint", @@ -670,7 +749,7 @@ "pk": 2, "model": "dojo.endpoint", "fields": { - "product": 1, + "product": 2, "protocol": "ftp", "fragment": null, "host": "localhost", @@ -692,11 +771,76 @@ "port": 22 } }, + { + "pk": 4, + "model": "dojo.endpoint", + "fields": { + "product": 1, + "protocol": "ftp", + "fragment": null, + "host": "foo.bar", + "query": null, + "path": null, + "port": 21 + } + }, + { + "pk": 5, + "model": "dojo.endpoint", + "fields": { + "product": 1, + "protocol": "http", + "fragment": null, + "host": "foo.bar", + "query": null, + "path": null, + "port": 80 + } + }, + { + "pk": 6, + "model": "dojo.endpoint", + "fields": { + "product": 1, + "protocol": "http", + "fragment": null, + "host": "bar.foo", + "query": null, + "path": null, + "port": 80 + } + }, + { + "pk": 7, + "model": "dojo.endpoint", + "fields": { + "product": 1, + "protocol": "https", + "fragment": null, + "host": "bar.foo", + "query": null, + "path": null, + "port": 443 + } + }, + { + "pk": 8, + "model": "dojo.endpoint", + "fields": { + "product": 1, + "protocol": "https", + "fragment": null, + "host": "bar.foo", + "query": null, + "path": "f6", + "port": 443 + } + }, { "pk": 1, "model": "dojo.endpoint_status", "fields": { - "date": "2020-07-01T00:00:00Z", + "date": "2020-07-01", "last_modified": "2020-07-01T17:45:39.791907Z", "mitigated": false, "mitigated_time": null, @@ -708,6 +852,118 @@ "finding": 2 } }, + { + "pk": 2, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": true, + "mitigated_time": "2020-07-01T17:45:39.791907Z", + "false_positive": false, + "out_of_scope": false, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 5, + "finding": 227 + } + }, + { + "pk": 3, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": false, + "mitigated_time": null, + "false_positive": true, + "out_of_scope": false, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 5, + "finding": 228 + } + }, + { + "pk": 4, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": false, + "mitigated_time": null, + "false_positive": false, + "out_of_scope": true, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 5, + "finding": 229 + } + }, + { + "pk": 5, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": false, + "mitigated_time": null, + "false_positive": false, + "out_of_scope": false, + "risk_accepted": true, + "mitigated_by": null, + "endpoint": 5, + "finding": 230 + } + }, + { + "pk": 6, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": true, + "mitigated_time": "2020-07-01T17:45:39.791907Z", + "false_positive": false, + "out_of_scope": false, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 6, + "finding": 227 + } + }, + { + "pk": 7, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": false, + "mitigated_time": null, + "false_positive": false, + "out_of_scope": false, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 7, + "finding": 227 + } + }, + { + "pk": 8, + "model": "dojo.endpoint_status", + "fields": { + "date": "2020-07-01", + "last_modified": "2020-07-01T17:45:39.791907Z", + "mitigated": false, + "mitigated_time": null, + "false_positive": false, + "out_of_scope": false, + "risk_accepted": false, + "mitigated_by": null, + "endpoint": 8, + "finding": 231 + } + }, { "pk": 1, "model": "dojo.development_environment", @@ -722,6 +978,7 @@ "lead": null, "estimated_time": "00:00:00", "test_type": 1, + "scan_type": "ZAP Scan", "engagement": 1, "environment": 1, "target_start": "2017-12-01T00:00:00Z", @@ -772,6 +1029,7 @@ "lead": null, "estimated_time": "00:00:00", "test_type": 999, + "scan_type": "Checkmarx Scan detailed", "engagement": 5, "environment": 1, "target_start": "2017-12-01T00:00:00Z", @@ -788,6 +1046,7 @@ "lead": null, "estimated_time": "00:00:00", "test_type": 999, + "scan_type": "Checkmarx Scan detailed", "engagement": 5, "environment": 1, "target_start": "2017-12-01T00:00:00Z", @@ -804,6 +1063,7 @@ "lead": null, "estimated_time": "00:00:00", "test_type": 555, + "scan_type": "Veracode Scan", "engagement": 5, "environment": 1, "target_start": "2017-12-01T00:00:00Z", @@ -863,6 +1123,24 @@ "target_end": "2017-12-10T00:00:00Z" } }, + { + "pk": 89, + "model": "dojo.test", + "fields": { + "lead": null, + "estimated_time": "00:00:00", + "test_type": 1, + "scan_type": "ZAP Scan", + "title": "Endpoint mitigation tests", + "engagement": 2, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "actual_time": "00:00:00", + "target_end": "2017-12-10T00:00:00Z" + } + }, { "pk": 2, "model": "dojo.finding", @@ -881,6 +1159,7 @@ "severity": "High", "title": "High Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": false, "mitigation": "test mitigation", "found_by": [ @@ -906,7 +1185,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", - "endpoints": [], "last_reviewed": null } }, @@ -928,6 +1206,7 @@ "severity": "High", "title": "High Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -953,7 +1232,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", - "endpoints": [], "last_reviewed": null } }, @@ -975,6 +1253,7 @@ "severity": "High", "title": "High Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1000,7 +1279,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", - "endpoints": [], "last_reviewed": null } }, @@ -1022,6 +1300,7 @@ "severity": "High", "title": "High Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1047,7 +1326,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", - "endpoints": [], "last_reviewed": null } }, @@ -1069,6 +1347,7 @@ "severity": "High", "title": "High Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1094,7 +1373,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", - "endpoints": [], "last_reviewed": null } }, @@ -1116,6 +1394,7 @@ "severity": "High", "title": "DUMMY FINDING", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": false, "mitigation": "MITIGATION", "found_by": [ @@ -1143,11 +1422,9 @@ ], "dynamic_finding": false, "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", - "endpoints": [], "last_reviewed": null } }, - { "pk": 22, "model": "dojo.finding", @@ -1166,6 +1443,7 @@ "severity": "Low", "title": "Low Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": false, "mitigation": "test mitigation", "found_by": [ @@ -1191,7 +1469,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", - "endpoints": [], "last_reviewed": null } }, @@ -1213,6 +1490,7 @@ "severity": "Low", "title": "Low Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1238,7 +1516,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", - "endpoints": [], "last_reviewed": null } }, @@ -1260,6 +1537,7 @@ "severity": "Low", "title": "Low Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1285,7 +1563,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", - "endpoints": [], "last_reviewed": null } }, @@ -1308,6 +1585,7 @@ "severity": "Low", "title": "Low Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": false, "mitigation": "test mitigation", "found_by": [ @@ -1333,7 +1611,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", - "endpoints": [], "last_reviewed": null } }, @@ -1356,6 +1633,7 @@ "severity": "Low", "title": "Low Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1381,7 +1659,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", - "endpoints": [], "last_reviewed": null } }, @@ -1404,6 +1681,7 @@ "severity": "Low", "title": "UID Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": false, "mitigation": "test mitigation", "found_by": [ @@ -1429,7 +1707,6 @@ "notes": [], "dynamic_finding": false, "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", - "endpoints": [], "last_reviewed": null } }, @@ -1452,6 +1729,7 @@ "severity": "Low", "title": "UID Impact Test Finding", "param": null, + "created": "2017-12-01T00:00:00Z", "duplicate": true, "mitigation": "test mitigation", "found_by": [ @@ -1477,17 +1755,322 @@ "notes": [], "dynamic_finding": false, "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", - "endpoints": [], "last_reviewed": null } }, + { + "model": "dojo.finding", + "pk": 226, + "fields": { + "title": "Test Endpoint Mitigation - Finding F1 Without Endpoints", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": true, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "a6dd6bd359ff0b504a21b8a7ae5e59f1b40dd0fa1715728bd58de8f688f01b19", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:12:52.966Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 227, + "fields": { + "title": "Test Endpoint Mitigation - Finding F2 With Many Endpoints", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "fde7dd425475851bd90a21e376eccbe753f84f94680c4394521a831846bd3aeb", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:23.760Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 228, + "fields": { + "title": "Test Endpoint Mitigation - Finding F3 EPS False Positive", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "24cd769b8b4404d95b689902931317a614c3803bbd5b161e36076eaa6a08c672", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:49.275Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 229, + "fields": { + "title": "Test Endpoint Mitigation - Finding F4 EPS Out of Scope", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "ab2a512956a76441ac537b0e78316709413be2599d37283caa7e20d92f8fa9fe", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:13.898Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 230, + "fields": { + "title": "Test Endpoint Mitigation - Finding F5 EPS Risk Accepted", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "9a80eb44b140b5d11adaac4e478f3cb74c92625a42892ab8cba4fbba72e6d733", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:38.406Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 231, + "fields": { + "title": "Test Endpoint Mitigation - Finding F6 Mitigated", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": true, + "mitigated": "2022-10-15T23:17:03.431Z", + "mitigated_by": 1, + "reporter": 1, + "numerical_severity": "S4", + "last_reviewed": "2022-10-15T23:17:03.431Z", + "last_reviewed_by": 1, + "hash_code": "6eb2b8bffe1ca07719a7249ef18403057a5bc0c834866b0a49d0f706bcec913e", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:15:34.814Z", + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, { "pk": 1, "model": "dojo.burprawrequestresponse", "fields": { - "finding": 7, - "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", - "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + "finding": 7, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" } }, { @@ -1572,21 +2155,21 @@ "pk": 2, "model": "dojo.jira_instance", "fields": { - "configuration_name": "Happy little JIRA 2", - "url": "https://defectdojo.atlassian.net/", - "username": "YOUR USERNAME", - "password": "YOU API TOKEN", - "default_issue_type": "Task", - "epic_name_id": 10011, - "open_status_key": 11, - "close_status_key": 41, - "info_mapping_severity": "Trivial", - "low_mapping_severity": "Low", - "medium_mapping_severity": "Medium", - "high_mapping_severity": "High", - "critical_mapping_severity": "Highest", - "finding_text": "", - "global_jira_sla_notification": false + "configuration_name": "Happy little JIRA 2", + "url": "https://defectdojo.atlassian.net/", + "username": "YOUR USERNAME", + "password": "YOU API TOKEN", + "default_issue_type": "Task", + "epic_name_id": 10011, + "open_status_key": 11, + "close_status_key": 41, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "Low", + "medium_mapping_severity": "Medium", + "high_mapping_severity": "High", + "critical_mapping_severity": "Highest", + "finding_text": "", + "global_jira_sla_notification": false } }, { @@ -2313,30 +2896,30 @@ "model": "dojo.language_type", "pk": 1, "fields": { - "language": "JSON", - "color": "#882B0F" + "language": "JSON", + "color": "#882B0F" } }, { "model": "dojo.language_type", "pk": 2, "fields": { - "language": "Python", - "color": "#3572A5" + "language": "Python", + "color": "#3572A5" } }, { "model": "dojo.languages", "pk": 1, "fields": { - "language": 1, - "product": 1, - "user": 1, - "files": 2, - "blank": 3, - "comment": 4, - "code": 5, - "created": "2018-04-16T06:54:35.940Z" + "language": 1, + "product": 1, + "user": 1, + "files": 2, + "blank": 3, + "comment": 4, + "code": 5, + "created": "2018-04-16T06:54:35.940Z" } }, { @@ -2345,7 +2928,122 @@ "fields": { "product": 1, "user": 2, - "product_type_added": ["slack"] + "product_type_added": [ + "slack" + ] + } + }, + { + "model": "auth.permission", + "pk": 217, + "fields": { + "name": "Can add finding_ template", + "content_type": 55, + "codename": "add_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 218, + "fields": { + "name": "Can change finding_ template", + "content_type": 55, + "codename": "change_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 219, + "fields": { + "name": "Can delete finding_ template", + "content_type": 55, + "codename": "delete_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 220, + "fields": { + "name": "Can view finding_ template", + "content_type": 55, + "codename": "view_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 25, + "fields": { + "name": "Can add log entry", + "content_type": 7, + "codename": "add_logentry" + } + }, + { + "model": "auth.permission", + "pk": 26, + "fields": { + "name": "Can change log entry", + "content_type": 7, + "codename": "change_logentry" + } + }, + { + "model": "auth.permission", + "pk": 27, + "fields": { + "name": "Can delete log entry", + "content_type": 7, + "codename": "delete_logentry" + } + }, + { + "model": "auth.permission", + "pk": 28, + "fields": { + "name": "Can view log entry", + "content_type": 7, + "codename": "view_logentry" + } + }, + { + "model": "dojo.cred_user", + "pk": 1, + "fields": { + "name": "Cred Product", + "username": "admin", + "password": "AES.1:2f3cb6d1d412a0552a46b67d972d14f5:6617146b4d29492551dfc62e4a697aca", + "role": "admin", + "authentication": "Form", + "http_authentication": "Basic", + "description": "test", + "url": "https://google.com", + "environment": 1, + "login_regex": null, + "logout_regex": null, + "is_valid": true, + "notes": [] + } + }, + { + "model": "dojo.cred_mapping", + "pk": 1, + "fields": { + "cred_id": 1, + "product": 1, + "finding": null, + "engagement": null, + "test": null, + "is_authn_provider": false, + "url": "https://google.com" + } + }, + { + "model": "dojo.announcement", + "pk": 1, + "fields": { + "message": "test message", + "dismissable": true, + "style": "danger" } } -] +] \ No newline at end of file diff --git a/dojo/fixtures/questionnaire_testdata.json b/dojo/fixtures/questionnaire_testdata.json new file mode 100644 index 00000000000..c95278c83ac --- /dev/null +++ b/dojo/fixtures/questionnaire_testdata.json @@ -0,0 +1,603 @@ +[ + { + "fields": { + "model": "question", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 65 + }, + { + "fields": { + "model": "answer", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 68 + }, + { + "fields": { + "model": "textquestion", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 66 + }, + { + "fields": { + "model": "textanswer", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 69 + }, + { + "fields": { + "model": "choicequestion", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 71 + }, + { + "fields": { + "model": "choiceanswer", + "app_label": "dojo" + }, + "model": "contenttypes.contenttype", + "pk": 70 + }, + { + "pk": 1, + "model": "auth.user", + "fields": { + "username": "admin", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": true, + "is_staff": true, + "last_login": "2018-04-17T06:00:43.171Z", + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$sT96yObJtsFk$F9YAJimsQqBXnff/QGLNTv100qhCNl/23hoBuNtSNZU=", + "email": "", + "date_joined": "2018-04-13T07:58:59.861Z" + } + }, + { + "pk": 2, + "model": "auth.user", + "fields": { + "username": "user1", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", + "model": "authtoken.token", + "fields": { + "user": 2, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", + "model": "authtoken.token", + "fields": { + "user": 1, + "created": "2018-04-16T06:54:35.937Z" + } + }, + { + "pk": 1, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "books", + "key_product": true + } + }, + { + "pk": 2, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "ebooks", + "key_product": false + } + }, + { + "pk": 1, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 1, + "name": "Python How-to", + "created": null, + "technical_contact": 1, + "product_manager": 1, + "team_manager": 1, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 2, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 2, + "name": "Security How-to", + "created": null, + "technical_contact": 2, + "product_manager": 2, + "team_manager": 2, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 1, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 2, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "In Progress", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "1st Quarter Engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 2, + "model": "dojo.engagement", + "fields": { + "product": 1, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "model": "dojo.question", + "pk": 14, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T19:57:22Z", + "modified": "2015-03-30T19:57:22Z", + "order": 1, + "optional": false, + "text": "What access control limitations are in place?" + } + }, + { + "model": "dojo.question", + "pk": 15, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T19:57:34Z", + "modified": "2015-03-30T19:57:34Z", + "order": 1, + "optional": false, + "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)" + } + }, + { + "model": "dojo.question", + "pk": 16, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T19:57:55Z", + "modified": "2015-03-30T19:57:55Z", + "order": 1, + "optional": false, + "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?" + } + }, + { + "model": "dojo.question", + "pk": 17, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T19:58:36Z", + "modified": "2015-03-30T19:58:36Z", + "order": 1, + "optional": false, + "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?" + } + }, + { + "model": "dojo.question", + "pk": 18, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T20:00:35Z", + "modified": "2015-03-30T20:00:35Z", + "order": 1, + "optional": false, + "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?" + } + }, + { + "model": "dojo.question", + "pk": 19, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T20:00:46Z", + "modified": "2015-03-30T20:00:46Z", + "order": 1, + "optional": false, + "text": "What identifying information are you logging?" + } + }, + { + "model": "dojo.question", + "pk": 20, + "fields": { + "polymorphic_ctype": 66, + "created": "2015-03-30T20:00:58Z", + "modified": "2015-03-30T20:00:58Z", + "order": 1, + "optional": false, + "text": "Where are these logs stored?" + } + }, + { + "model": "dojo.question", + "pk": 44, + "fields": { + "polymorphic_ctype": 71, + "created": "2023-03-02T17:58:59.698Z", + "modified": "2023-03-02T17:58:59.737Z", + "order": 1, + "optional": false, + "text": "somethign ,multi choice" + } + }, + { + "model": "dojo.textquestion", + "pk": 14, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 15, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 16, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 17, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 18, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 19, + "fields": {} + }, + { + "model": "dojo.textquestion", + "pk": 20, + "fields": {} + }, + { + "model": "dojo.choice", + "pk": 1, + "fields": { + "created": "2023-03-02T17:58:59.712Z", + "modified": "2023-03-02T17:58:59.712Z", + "order": 1, + "label": "a" + } + }, + { + "model": "dojo.choice", + "pk": 2, + "fields": { + "created": "2023-03-02T17:58:59.723Z", + "modified": "2023-03-02T17:58:59.723Z", + "order": 1, + "label": "b" + } + }, + { + "model": "dojo.choice", + "pk": 3, + "fields": { + "created": "2023-03-02T17:58:59.732Z", + "modified": "2023-03-02T17:58:59.732Z", + "order": 1, + "label": "3" + } + }, + { + "model": "dojo.choicequestion", + "pk": 44, + "fields": { + "multichoice": false, + "choices": [ + 1, + 2, + 3 + ] + } + }, + { + "model": "dojo.engagement_survey", + "pk": 4, + "fields": { + "name": "Access Control", + "description": "Tell us about the access control configured for your application.", + "active": true, + "questions": [ + 14, + 15, + 16, + 17, + 19, + 20, + 18 + ] + } + }, + { + "model": "dojo.engagement_survey", + "pk": 8, + "fields": { + "name": "Multichoice Survey", + "description": "Soimething here", + "active": true, + "questions": [ + 44 + ] + } + }, + { + "model": "dojo.general_survey", + "pk": 2, + "fields": { + "survey": 4, + "num_responses": 1, + "generated": "2023-03-02T18:39:36.372Z", + "expiration": "2023-03-31T00:00:00Z" + } + }, + { + "model": "dojo.general_survey", + "pk": 1, + "fields": { + "survey": 8, + "num_responses": 1, + "generated": "2023-03-02T18:39:27.769Z", + "expiration": "2023-03-31T00:00:00Z" + } + }, + { + "model": "dojo.answered_survey", + "pk": 2, + "fields": { + "engagement": 1, + "survey": 4, + "assignee": null, + "responder": 1, + "completed": true, + "answered_on": "2023-03-02" + } + }, + { + "model": "dojo.answered_survey", + "pk": 1, + "fields": { + "engagement": 2, + "survey": 8, + "assignee": null, + "responder": 1, + "completed": true, + "answered_on": "2023-03-02" + } + }, + { + "model": "dojo.answer", + "pk": 1, + "fields": { + "polymorphic_ctype": 70, + "created": "2023-03-02T19:07:55.430Z", + "modified": "2023-03-02T19:07:55.447Z", + "question": 44, + "answered_survey": 1 + } + }, + { + "model": "dojo.answer", + "pk": 2, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.816Z", + "modified": "2023-03-02T19:14:07.822Z", + "question": 14, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 3, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.829Z", + "modified": "2023-03-02T19:14:07.833Z", + "question": 15, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 4, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.838Z", + "modified": "2023-03-02T19:14:07.841Z", + "question": 16, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 5, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.845Z", + "modified": "2023-03-02T19:14:07.848Z", + "question": 17, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 6, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.853Z", + "modified": "2023-03-02T19:14:07.856Z", + "question": 19, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 7, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.861Z", + "modified": "2023-03-02T19:14:07.864Z", + "question": 20, + "answered_survey": 2 + } + }, + { + "model": "dojo.answer", + "pk": 8, + "fields": { + "polymorphic_ctype": 69, + "created": "2023-03-02T19:14:07.868Z", + "modified": "2023-03-02T19:14:07.871Z", + "question": 18, + "answered_survey": 2 + } + }, + { + "model": "dojo.textanswer", + "pk": 2, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 3, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 4, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 5, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 6, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 7, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.textanswer", + "pk": 8, + "fields": { + "answer": "Some meaningful answer" + } + }, + { + "model": "dojo.choiceanswer", + "pk": 1, + "fields": { + "answer": [ + 1 + ] + } + } +] \ No newline at end of file diff --git a/dojo/fixtures/test_type.json b/dojo/fixtures/test_type.json index a9147cbcd27..d1a9fa60726 100644 --- a/dojo/fixtures/test_type.json +++ b/dojo/fixtures/test_type.json @@ -48,4 +48,4 @@ "model": "dojo.test_type", "pk": 7 } -] +] \ No newline at end of file diff --git a/dojo/forms.py b/dojo/forms.py index a88dc8178fe..d831bb7132d 100755 --- a/dojo/forms.py +++ b/dojo/forms.py @@ -13,24 +13,24 @@ from django.core import validators from django.core.exceptions import ValidationError from django.forms import modelformset_factory -from django.forms import utils as form_utils from django.forms.widgets import Widget, Select from django.utils.dates import MONTHS from django.utils.safestring import mark_safe from django.utils import timezone +from django.utils.translation import gettext_lazy as _ import tagulous from dojo.endpoint.utils import endpoint_get_or_create, endpoint_filter, \ validate_endpoints_to_add -from dojo.models import Finding, Finding_Group, Product_Type, Product, Note_Type, \ - Check_List, User, Engagement, Test, Test_Type, Notes, Risk_Acceptance, \ +from dojo.models import Announcement, Finding, Finding_Group, Product_Type, Product, Note_Type, \ + Check_List, SLA_Configuration, User, Engagement, Test, Test_Type, Notes, Risk_Acceptance, \ Development_Environment, Dojo_User, Endpoint, Stub_Finding, Finding_Template, \ JIRA_Issue, JIRA_Project, JIRA_Instance, GITHUB_Issue, GITHUB_PKey, GITHUB_Conf, UserContactInfo, Tool_Type, \ Tool_Configuration, Tool_Product_Settings, Cred_User, Cred_Mapping, System_Settings, Notifications, \ - Languages, Language_Type, App_Analysis, Objects_Product, Benchmark_Product, Benchmark_Requirement, \ - Benchmark_Product_Summary, Rule, Child_Rule, Engagement_Presets, DojoMeta, \ + App_Analysis, Objects_Product, Benchmark_Product, Benchmark_Requirement, \ + Benchmark_Product_Summary, Engagement_Presets, DojoMeta, \ Engagement_Survey, Answered_Survey, TextAnswer, ChoiceAnswer, Choice, Question, TextQuestion, \ - ChoiceQuestion, General_Survey, Regulation, FileUpload, SEVERITY_CHOICES, Product_Type_Member, \ + ChoiceQuestion, General_Survey, Regulation, FileUpload, SEVERITY_CHOICES, EFFORT_FOR_FIXING_CHOICES, Product_Type_Member, \ Product_Member, Global_Role, Dojo_Group, Product_Group, Product_Type_Group, Dojo_Group_Member, \ Product_API_Scan_Configuration @@ -39,14 +39,17 @@ from tagulous.forms import TagField import logging from crum import get_current_user -from dojo.utils import get_system_setting, get_product +from dojo.utils import get_system_setting, get_product, is_finding_groups_enabled, \ + get_password_requirements_string from django.conf import settings from dojo.authorization.roles_permissions import Permissions from dojo.product_type.queries import get_authorized_product_types from dojo.product.queries import get_authorized_products from dojo.finding.queries import get_authorized_findings -from dojo.user.queries import get_authorized_users_for_product_and_product_type +from dojo.user.queries import get_authorized_users_for_product_and_product_type, get_authorized_users +from dojo.user.utils import get_configuration_permissions_fields from dojo.group.queries import get_authorized_groups, get_group_member_roles +import dojo.jira_link.helper as jira_helper logger = logging.getLogger(__name__) @@ -57,6 +60,15 @@ ('duplicate', 'Duplicate'), ('out_of_scope', 'Out of Scope')) +vulnerability_ids_field = forms.CharField(max_length=5000, + required=False, + label="Vulnerability Ids", + help_text="Ids of vulnerabilities in security advisories associated with this finding. Can be Common Vulnerabilities and Exposures (CVE) or from other sources." + "You may enter one vulnerability id per line.", + widget=forms.widgets.Textarea(attrs={'rows': '3', 'cols': '400'})) + +EFFORT_FOR_FIXING_INVALID_CHOICE = _('Select valid choice: Low,Medium,High') + class MultipleSelectWithPop(forms.SelectMultiple): def render(self, name, *args, **kwargs): @@ -100,7 +112,6 @@ def render(self, name, value, attrs=None, renderer=None): if match: year_val, month_val, - day_val = [int(v) for v in match.groups()] output = [] @@ -239,6 +250,11 @@ class ProductForm(forms.ModelForm): queryset=Product_Type.objects.none(), required=True) + sla_configuration = forms.ModelChoiceField(label='SLA Configuration', + queryset=SLA_Configuration.objects.all(), + required=True, + initial='Default') + product_manager = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by('first_name', 'last_name'), required=False) technical_contact = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by('first_name', 'last_name'), required=False) team_manager = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by('first_name', 'last_name'), required=False) @@ -247,11 +263,17 @@ def __init__(self, *args, **kwargs): super(ProductForm, self).__init__(*args, **kwargs) self.fields['prod_type'].queryset = get_authorized_product_types(Permissions.Product_Type_Add_Product) + # if this product has findings being asynchronously updated, disable the sla config field + if self.instance.async_updating: + self.fields['sla_configuration'].disabled = True + self.fields['sla_configuration'].widget.attrs['message'] = 'Finding SLA expiration dates are currently being recalculated. ' + \ + 'This field cannot be changed until the calculation is complete.' + class Meta: model = Product - fields = ['name', 'description', 'tags', 'product_manager', 'technical_contact', 'team_manager', 'prod_type', 'regulations', - 'business_criticality', 'platform', 'lifecycle', 'origin', 'user_records', 'revenue', 'external_audience', - 'internet_accessible', 'enable_simple_risk_acceptance', 'enable_full_risk_acceptance'] + fields = ['name', 'description', 'tags', 'product_manager', 'technical_contact', 'team_manager', 'prod_type', 'sla_configuration', 'regulations', + 'business_criticality', 'platform', 'lifecycle', 'origin', 'user_records', 'revenue', 'external_audience', 'enable_product_tag_inheritance', + 'internet_accessible', 'enable_simple_risk_acceptance', 'enable_full_risk_acceptance', 'disable_sla_breach_notifications'] class DeleteProductForm(forms.ModelForm): @@ -263,6 +285,31 @@ class Meta: fields = ['id'] +class EditFindingGroupForm(forms.ModelForm): + name = forms.CharField(max_length=255, required=True, label='Finding Group Name') + jira_issue = forms.CharField(max_length=255, required=False, label='Linked JIRA Issue', + help_text='Leave empty and check push to jira to create a new JIRA issue for this finding group.') + + def __init__(self, *args, **kwargs): + super(EditFindingGroupForm, self).__init__(*args, **kwargs) + import dojo.jira_link.helper as jira_helper + + self.fields['push_to_jira'] = forms.BooleanField() + self.fields['push_to_jira'].required = False + self.fields['push_to_jira'].help_text = "Checking this will overwrite content of your JIRA issue, or create one." + + self.fields['push_to_jira'].label = "Push to JIRA" + + if hasattr(self.instance, 'has_jira_issue') and self.instance.has_jira_issue: + jira_url = jira_helper.get_jira_url(self.instance) + self.fields['jira_issue'].initial = jira_url + self.fields['push_to_jira'].widget.attrs['checked'] = 'checked' + + class Meta: + model = Finding_Group + fields = ['name'] + + class DeleteFindingGroupForm(forms.ModelForm): id = forms.IntegerField(required=True, widget=forms.widgets.HiddenInput()) @@ -372,6 +419,9 @@ class Meta: class ImportScanForm(forms.Form): + active_verified_choices = [("not_specified", "Not specified (default)"), + ("force_to_true", "Force to True"), + ("force_to_false", "Force to False")] scan_date = forms.DateTimeField( required=False, label="Scan Completion Date", @@ -380,8 +430,13 @@ class ImportScanForm(forms.Form): minimum_severity = forms.ChoiceField(help_text='Minimum severity level to be imported', required=True, choices=SEVERITY_CHOICES) - active = forms.BooleanField(help_text="Select if these findings are currently active.", required=False, initial=True) - verified = forms.BooleanField(help_text="Select if these findings have been verified.", required=False) + active = forms.ChoiceField(required=True, choices=active_verified_choices, + help_text='Force findings to be active/inactive, or default to the original tool') + verified = forms.ChoiceField(required=True, choices=active_verified_choices, + help_text='Force findings to be verified/not verified, or default to the original tool') + + # help_do_not_reactivate = 'Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs.' + # do_not_reactivate = forms.BooleanField(help_text=help_do_not_reactivate, required=False) scan_type = forms.ChoiceField(required=True, choices=get_choices_sorted) environment = forms.ModelChoiceField( queryset=Development_Environment.objects.all().order_by('name')) @@ -398,23 +453,45 @@ class ImportScanForm(forms.Form): service = forms.CharField(max_length=200, required=False, help_text="A service is a self-contained piece of functionality within a Product. " "This is an optional field which is used in deduplication and closing of old findings when set.") + source_code_management_uri = forms.URLField(max_length=600, required=False, help_text="Resource link to source code") tags = TagField(required=False, help_text="Add tags that help describe this scan. " "Choose from the list or add new tags. Press Enter key to add.") file = forms.FileField(widget=forms.widgets.FileInput( - attrs={"accept": ".xml, .csv, .nessus, .json, .html, .js, .zip, .xlsx, .txt, .sarif"}), + attrs={"accept": ".xml, .csv, .nessus, .json, .jsonl, .html, .js, .zip, .xlsx, .txt, .sarif"}), label="Choose report file", + allow_empty_file=True, required=False) - close_old_findings = forms.BooleanField(help_text="Select if old findings no longer present in the report get closed as mitigated when importing. " + # Close Old Findings has changed. The default is engagement only, and it requires a second flag to expand to the product scope. + # Exposing the choice as two different check boxes. + # If 'close_old_findings_product_scope' is selected, the backend will ensure that both flags are set. + close_old_findings = forms.BooleanField(help_text="Old findings no longer present in the new report get closed as mitigated when importing. " "If service has been set, only the findings for this service will be closed. " - "This affects the whole engagement/product depending on your deduplication scope.", - required=False, initial=False) + "This only affects findings within the same engagement.", + label="Close old findings within this engagement", + required=False, + initial=False) + close_old_findings_product_scope = forms.BooleanField(help_text="Old findings no longer present in the new report get closed as mitigated when importing. " + "If service has been set, only the findings for this service will be closed. " + "This only affects findings within the same product.", + label="Close old findings within this product", + required=False, + initial=False) + apply_tags_to_findings = forms.BooleanField( + help_text="If set to True, the tags will be applied to the findings", + label="Apply Tags to Findings", + required=False, + initial=False + ) - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): group_by = forms.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option.') + create_finding_groups_for_all_findings = forms.BooleanField(help_text="If unchecked, finding groups will only be created when there is more than one grouped finding", required=False, initial=True) def __init__(self, *args, **kwargs): super(ImportScanForm, self).__init__(*args, **kwargs) + self.fields['active'].initial = self.active_verified_choices[0] + self.fields['verified'].initial = self.active_verified_choices[0] # couldn't find a cleaner way to add empty default if 'group_by' in self.fields: @@ -457,6 +534,9 @@ def get_scan_type(self): class ReImportScanForm(forms.Form): + active_verified_choices = [("not_specified", "Not specified (default)"), + ("force_to_true", "Force to True"), + ("force_to_false", "Force to False")] scan_date = forms.DateTimeField( required=False, label="Scan Completion Date", @@ -465,14 +545,20 @@ class ReImportScanForm(forms.Form): minimum_severity = forms.ChoiceField(help_text='Minimum severity level to be imported', required=True, choices=SEVERITY_CHOICES[0:4]) - active = forms.BooleanField(help_text="Select if these findings are currently active.", required=False, initial=True) - verified = forms.BooleanField(help_text="Select if these findings have been verified.", required=False) + active = forms.ChoiceField(required=True, choices=active_verified_choices, + help_text='Force findings to be active/inactive, or default to the original tool') + verified = forms.ChoiceField(required=True, choices=active_verified_choices, + help_text='Force findings to be verified/not verified, or default to the original tool') + + help_do_not_reactivate = 'Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs.' + do_not_reactivate = forms.BooleanField(help_text=help_do_not_reactivate, required=False) endpoints = forms.ModelMultipleChoiceField(Endpoint.objects, required=False, label='Systems / Endpoints') tags = TagField(required=False, help_text="Modify existing tags that help describe this scan. " "Choose from the list or add new tags. Press Enter key to add.") file = forms.FileField(widget=forms.widgets.FileInput( - attrs={"accept": ".xml, .csv, .nessus, .json, .html, .js, .zip, .xlsx, .txt, .sarif"}), + attrs={"accept": ".xml, .csv, .nessus, .json, .jsonl, .html, .js, .zip, .xlsx, .txt, .sarif"}), label="Choose report file", + allow_empty_file=True, required=False) close_old_findings = forms.BooleanField(help_text="Select if old findings no longer present in the report get closed as mitigated when importing.", required=False, initial=True) @@ -482,12 +568,22 @@ class ReImportScanForm(forms.Form): build_id = forms.CharField(max_length=100, required=False, help_text="ID of the build that was scanned.") api_scan_configuration = forms.ModelChoiceField(Product_API_Scan_Configuration.objects, required=False, label='API Scan Configuration') service = forms.CharField(max_length=200, required=False, help_text="A service is a self-contained piece of functionality within a Product. This is an optional field which is used in deduplication of findings when set.") + source_code_management_uri = forms.URLField(max_length=600, required=False, help_text="Resource link to source code") + apply_tags_to_findings = forms.BooleanField( + help_text="If set to True, the tags will be applied to the findings", + label="Apply Tags to Findings", + required=False, + initial=False + ) - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): group_by = forms.ChoiceField(required=False, choices=Finding_Group.GROUP_BY_OPTIONS, help_text='Choose an option to automatically group new findings by the chosen option') + create_finding_groups_for_all_findings = forms.BooleanField(help_text="If unchecked, finding groups will only be created when there is more than one grouped finding", required=False, initial=True) def __init__(self, *args, test=None, **kwargs): super(ReImportScanForm, self).__init__(*args, **kwargs) + self.fields['active'].initial = self.active_verified_choices[0] + self.fields['verified'].initial = self.active_verified_choices[0] self.scan_type = None if test: self.scan_type = test.test_type.name @@ -583,7 +679,7 @@ class MergeFindings(forms.ModelForm): help_text="The action to take on the merged finding. Set the findings to inactive or delete the findings.") def __init__(self, *args, **kwargs): - finding = kwargs.pop('finding') + _ = kwargs.pop('finding') findings = kwargs.pop('findings') super(MergeFindings, self).__init__(*args, **kwargs) @@ -648,14 +744,23 @@ def __init__(self, *args, **kwargs): self.fields['accepted_findings'].queryset = get_authorized_findings(Permissions.Risk_Acceptance) -class UploadFileForm(forms.ModelForm): - - class Meta: - model = FileUpload - fields = ['title', 'file'] +class BaseManageFileFormSet(forms.BaseModelFormSet): + def clean(self): + """Validate the IP/Mask combo is in CIDR format""" + if any(self.errors): + # Don't bother validating the formset unless each form is valid on its own + return + for form in self.forms: + print(dir(form)) + file = form.cleaned_data.get('file', None) + if file: + ext = os.path.splitext(file.name)[1] # [0] returns path+filename + valid_extensions = settings.FILE_UPLOAD_TYPES + if ext.lower() not in valid_extensions: + form.add_error('file', 'Unsupported file extension.') -ManageFileFormSet = modelformset_factory(FileUpload, extra=3, max_num=10, fields=['title', 'file'], can_delete=True) +ManageFileFormSet = modelformset_factory(FileUpload, extra=3, max_num=10, fields=['title', 'file'], can_delete=True, formset=BaseManageFileFormSet) class ReplaceRiskAcceptanceProofForm(forms.ModelForm): @@ -750,9 +855,9 @@ def __init__(self, *args, **kwargs): if product: self.fields['preset'] = forms.ModelChoiceField(help_text="Settings and notes for performing this engagement.", required=False, queryset=Engagement_Presets.objects.filter(product=product)) - self.fields['lead'].queryset = get_authorized_users_for_product_and_product_type(None, product, Permissions.Product_View) + self.fields['lead'].queryset = get_authorized_users_for_product_and_product_type(None, product, Permissions.Product_View).filter(is_active=True) else: - self.fields['lead'].queryset = User.objects.exclude(is_staff=False) + self.fields['lead'].queryset = get_authorized_users(Permissions.Engagement_View).filter(is_active=True) self.fields['product'].queryset = get_authorized_products(Permissions.Engagement_Add) @@ -783,7 +888,7 @@ def is_valid(self): class Meta: model = Engagement - exclude = ('first_contacted', 'real_start', 'engagement_type', + exclude = ('first_contacted', 'real_start', 'engagement_type', 'inherited_tags', 'real_end', 'requester', 'reason', 'updated', 'report_type', 'product', 'threat_model', 'api_test', 'pen_test', 'check_list') @@ -803,7 +908,6 @@ class TestForm(forms.ModelForm): test_type = forms.ModelChoiceField(queryset=Test_Type.objects.all().order_by('name')) environment = forms.ModelChoiceField( queryset=Development_Environment.objects.all().order_by('name')) - # credential = forms.ModelChoiceField(Cred_User.objects.all(), required=False) target_start = forms.DateTimeField(widget=forms.TextInput( attrs={'class': 'datepicker', 'autocomplete': 'off'})) target_end = forms.DateTimeField(widget=forms.TextInput( @@ -826,10 +930,10 @@ def __init__(self, *args, **kwargs): if obj: product = get_product(obj) - self.fields['lead'].queryset = get_authorized_users_for_product_and_product_type(None, product, Permissions.Product_View) + self.fields['lead'].queryset = get_authorized_users_for_product_and_product_type(None, product, Permissions.Product_View).filter(is_active=True) self.fields['api_scan_configuration'].queryset = Product_API_Scan_Configuration.objects.filter(product=product) else: - self.fields['lead'].queryset = User.objects.exclude(is_staff=False) + self.fields['lead'].queryset = get_authorized_users(Permissions.Test_View).filter(is_active=True) class Meta: model = Test @@ -847,19 +951,31 @@ class Meta: fields = ['id'] +class CopyTestForm(forms.Form): + engagement = forms.ModelChoiceField( + required=True, + queryset=Engagement.objects.none(), + error_messages={'required': '*'}) + + def __init__(self, *args, **kwargs): + authorized_lists = kwargs.pop('engagements', None) + super(CopyTestForm, self).__init__(*args, **kwargs) + self.fields['engagement'].queryset = authorized_lists + + class AddFindingForm(forms.ModelForm): title = forms.CharField(max_length=1000) date = forms.DateField(required=True, widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) cwe = forms.IntegerField(required=False) - cve = forms.CharField(max_length=28, required=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'cvsscalculator', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) description = forms.CharField(widget=forms.Textarea) severity = forms.ChoiceField( choices=SEVERITY_CHOICES, error_messages={ 'required': 'Select valid choice: In Progress, On Hold, Completed', - 'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'}) + 'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE}) mitigation = forms.CharField(widget=forms.Textarea, required=False) impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) @@ -871,9 +987,16 @@ class AddFindingForm(forms.ModelForm): widget=forms.widgets.Textarea(attrs={'rows': '3', 'cols': '400'})) references = forms.CharField(widget=forms.Textarea, required=False) publish_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_version = forms.CharField(max_length=99, required=False) + effort_for_fixing = forms.ChoiceField( + required=False, + choices=EFFORT_FOR_FIXING_CHOICES, + error_messages={ + 'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE}) # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit - field_order = ('title', 'date', 'cwe', 'cve', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', + field_order = ('title', 'date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references', 'active', 'verified', 'false_p', 'duplicate', 'out_of_scope', 'risk_accepted', 'under_defect_review') @@ -917,8 +1040,8 @@ def clean(self): class Meta: model = Finding - exclude = ('reporter', 'url', 'numerical_severity', 'endpoint', 'under_review', 'reviewers', - 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoint_status', 'sla_start_date') + exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', 'cve', 'inherited_tags', + 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoints', 'sla_start_date') class AdHocFindingForm(forms.ModelForm): @@ -926,14 +1049,14 @@ class AdHocFindingForm(forms.ModelForm): date = forms.DateField(required=True, widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) cwe = forms.IntegerField(required=False) - cve = forms.CharField(max_length=28, required=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'cvsscalculator', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) description = forms.CharField(widget=forms.Textarea) severity = forms.ChoiceField( choices=SEVERITY_CHOICES, error_messages={ 'required': 'Select valid choice: In Progress, On Hold, Completed', - 'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'}) + 'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE}) mitigation = forms.CharField(widget=forms.Textarea, required=False) impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) @@ -945,11 +1068,18 @@ class AdHocFindingForm(forms.ModelForm): widget=forms.widgets.Textarea(attrs={'rows': '3', 'cols': '400'})) references = forms.CharField(widget=forms.Textarea, required=False) publish_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_version = forms.CharField(max_length=99, required=False) + effort_for_fixing = forms.ChoiceField( + required=False, + choices=EFFORT_FOR_FIXING_CHOICES, + error_messages={ + 'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE}) # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit - field_order = ('title', 'date', 'cwe', 'cve', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', + field_order = ('title', 'date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references', 'active', 'verified', 'false_p', 'duplicate', 'out_of_scope', - 'risk_accepted', 'under_defect_review', 'sla_start_date') + 'risk_accepted', 'under_defect_review', 'sla_start_date', 'sla_expiration_date') def __init__(self, *args, **kwargs): req_resp = kwargs.pop('req_resp') @@ -988,8 +1118,9 @@ def clean(self): class Meta: model = Finding - exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', - 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoint_status', 'sla_start_date') + exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', 'cve', 'inherited_tags', + 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoints', 'sla_start_date', + 'sla_expiration_date') class PromoteFindingForm(forms.ModelForm): @@ -997,7 +1128,7 @@ class PromoteFindingForm(forms.ModelForm): date = forms.DateField(required=True, widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) cwe = forms.IntegerField(required=False) - cve = forms.CharField(max_length=28, required=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'cvsscalculator', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) description = forms.CharField(widget=forms.Textarea) severity = forms.ChoiceField( @@ -1015,9 +1146,9 @@ class PromoteFindingForm(forms.ModelForm): references = forms.CharField(widget=forms.Textarea, required=False) # the onyl reliable way without hacking internal fields to get predicatble ordering is to make it explicit - field_order = ('title', 'group', 'date', 'sla_start_date', 'cwe', 'cve', 'severity', 'cvssv3', 'cvssv3_score', 'description', 'mitigation', 'impact', - 'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references', - 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate', + field_order = ('title', 'group', 'date', 'sla_start_date', 'sla_expiration_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', + 'cvssv3_score', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification', + 'endpoints', 'endpoints_to_add', 'references', 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate', 'out_of_scope', 'risk_accept', 'under_defect_review') def __init__(self, *args, **kwargs): @@ -1045,53 +1176,8 @@ def clean(self): class Meta: model = Finding - exclude = ('reporter', 'url', 'numerical_severity', 'active', 'false_p', 'verified', 'endpoint_status', - 'duplicate', 'out_of_scope', 'under_review', 'reviewers', 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change') - - -class SplitDateTimeWidget(forms.MultiWidget): - supports_microseconds = False - template_name = 'dojo/field-datetime.html' - - def __init__(self): - widgets = ( - forms.TextInput(attrs={'type': 'date', 'autocomplete': 'off'}), - forms.TextInput(attrs={'type': 'time', 'autocomplete': 'off'}), - ) - super().__init__(widgets) - - def decompress(self, value): - if value: - value = form_utils.to_current_timezone(value) - return [value.date(), value.time()] - return [None, None] - - -class SplitDateTimeField(forms.MultiValueField): - widget = SplitDateTimeWidget - hidden_widget = forms.SplitHiddenDateTimeWidget - - def __init__(self, **kwargs): - fields = ( - forms.DateField(), - forms.TimeField(), - ) - super().__init__(fields, **kwargs) - - def compress(self, data_list): - if data_list: - # preserve default dojo behavior and set current time if any part is empty - if data_list[0] in self.empty_values: - selected_date = date.today() - else: - selected_date = data_list[0] - if data_list[1] in self.empty_values: - selected_time = datetime.now().time() - else: - selected_time = data_list[1] - # keep potential tzinfo - return form_utils.from_current_timezone(datetime.combine(selected_date, selected_time, *data_list[2:])) - return None + exclude = ('reporter', 'url', 'numerical_severity', 'active', 'false_p', 'verified', 'endpoint_status', 'cve', 'inherited_tags', + 'duplicate', 'out_of_scope', 'under_review', 'reviewers', 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'planned_remediation_date', 'planned_remediation_version', 'effort_for_fixing') class FindingForm(forms.ModelForm): @@ -1100,7 +1186,7 @@ class FindingForm(forms.ModelForm): date = forms.DateField(required=True, widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) cwe = forms.IntegerField(required=False) - cve = forms.CharField(max_length=28, required=False, strip=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'cvsscalculator', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) description = forms.CharField(widget=forms.Textarea) severity = forms.ChoiceField( @@ -1119,15 +1205,22 @@ class FindingForm(forms.ModelForm): widget=forms.widgets.Textarea(attrs={'rows': '3', 'cols': '400'})) references = forms.CharField(widget=forms.Textarea, required=False) - mitigated = SplitDateTimeField(required=False, help_text='Date and time when the flaw has been fixed') - mitigated_by = forms.ModelChoiceField(required=True, queryset=User.objects.all(), initial=get_current_user) + mitigated = forms.DateField(required=False, help_text='Date and time when the flaw has been fixed', widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) + mitigated_by = forms.ModelChoiceField(required=False, queryset=Dojo_User.objects.none()) publish_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_date = forms.DateField(widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'}), required=False) + planned_remediation_version = forms.CharField(max_length=99, required=False) + effort_for_fixing = forms.ChoiceField( + required=False, + choices=EFFORT_FOR_FIXING_CHOICES, + error_messages={ + 'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE}) - # the onyl reliable way without hacking internal fields to get predicatble ordering is to make it explicit - field_order = ('title', 'group', 'date', 'sla_start_date', 'cwe', 'cve', 'severity', 'cvssv3', 'cvssv3_score', 'description', 'mitigation', 'impact', - 'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references', - 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate', + # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit + field_order = ('title', 'group', 'date', 'sla_start_date', 'sla_expiration_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', + 'cvssv3_score', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification', + 'endpoints', 'endpoints_to_add', 'references', 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate', 'out_of_scope', 'risk_accept', 'under_defect_review') def __init__(self, *args, **kwargs): @@ -1141,6 +1234,7 @@ def __init__(self, *args, **kwargs): super(FindingForm, self).__init__(*args, **kwargs) self.fields['endpoints'].queryset = Endpoint.objects.filter(product=self.instance.test.engagement.product) + self.fields['mitigated_by'].queryset = get_authorized_users(Permissions.Test_Edit) # do not show checkbox if finding is not accepted and simple risk acceptance is disabled # if checked, always show to allow unaccept also with full risk acceptance enabled @@ -1164,6 +1258,7 @@ def __init__(self, *args, **kwargs): self.fields['duplicate'].help_text = "You can mark findings as duplicate only from the view finding page." self.fields['sla_start_date'].disabled = True + self.fields['sla_expiration_date'].disabled = True if self.can_edit_mitigated_data: if hasattr(self, 'instance'): @@ -1173,7 +1268,7 @@ def __init__(self, *args, **kwargs): del self.fields['mitigated'] del self.fields['mitigated_by'] - if not settings.FEATURE_FINDING_GROUPS or not hasattr(self.instance, 'test'): + if not is_finding_groups_enabled() or not hasattr(self.instance, 'test'): del self.fields['group'] else: self.fields['group'].queryset = self.instance.test.finding_group_set.all() @@ -1184,7 +1279,6 @@ def __init__(self, *args, **kwargs): def clean(self): cleaned_data = super(FindingForm, self).clean() - cleaned_data['cve'] = None if cleaned_data['cve'] == '' else cleaned_data['cve'] if (cleaned_data['active'] or cleaned_data['verified']) and cleaned_data['duplicate']: raise forms.ValidationError('Duplicate findings cannot be' ' verified or active') @@ -1216,7 +1310,7 @@ def _post_clean(self): class Meta: model = Finding - exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', + exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', 'cve', 'inherited_tags', 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'sonarqube_issue', 'endpoint_status') @@ -1245,7 +1339,7 @@ class ApplyFindingTemplateForm(forms.Form): title = forms.CharField(max_length=1000, required=True) cwe = forms.IntegerField(label="CWE", required=False) - cve = forms.CharField(label="CVE", max_length=28, required=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(label="CVSSv3", max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'btn btn-secondary dropdown-toggle', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) severity = forms.ChoiceField(required=False, choices=SEVERITY_CHOICES, error_messages={'required': 'Select valid choice: In Progress, On Hold, Completed', 'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'}) @@ -1261,6 +1355,8 @@ def __init__(self, template=None, *args, **kwargs): super(ApplyFindingTemplateForm, self).__init__(*args, **kwargs) self.fields['tags'].autocomplete_tags = Finding.tags.tag_model.objects.all().order_by('name') self.template = template + if template: + self.template.vulnerability_ids = '\n'.join(template.vulnerability_ids) def clean(self): cleaned_data = super(ApplyFindingTemplateForm, self).clean() @@ -1274,8 +1370,8 @@ def clean(self): return cleaned_data class Meta: - fields = ['title', 'cwe', 'cve', 'cvssv3', 'severity', 'description', 'mitigation', 'impact', 'references', 'tags'] - order = ('title', 'cwe', 'cve', 'cvssv3', 'severity', 'description', 'impact', 'is_mitigated') + fields = ['title', 'cwe', 'vulnerability_ids', 'cvssv3', 'severity', 'description', 'mitigation', 'impact', 'references', 'tags'] + order = ('title', 'cwe', 'vulnerability_ids', 'cvssv3', 'severity', 'description', 'impact', 'is_mitigated') class FindingTemplateForm(forms.ModelForm): @@ -1283,7 +1379,7 @@ class FindingTemplateForm(forms.ModelForm): title = forms.CharField(max_length=1000, required=True) cwe = forms.IntegerField(label="CWE", required=False) - cve = forms.CharField(label="CVE", max_length=28, required=False) + vulnerability_ids = vulnerability_ids_field cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={'class': 'btn btn-secondary dropdown-toggle', 'data-toggle': 'dropdown', 'aria-haspopup': 'true', 'aria-expanded': 'false'})) severity = forms.ChoiceField( required=False, @@ -1292,7 +1388,7 @@ class FindingTemplateForm(forms.ModelForm): 'required': 'Select valid choice: In Progress, On Hold, Completed', 'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'}) - field_order = ['title', 'cwe', 'cve', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'references', 'tags', 'template_match', 'template_match_cwe', 'template_match_title', 'apply_to_findings'] + field_order = ['title', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'references', 'tags', 'template_match', 'template_match_cwe', 'template_match_title', 'apply_to_findings'] def __init__(self, *args, **kwargs): super(FindingTemplateForm, self).__init__(*args, **kwargs) @@ -1300,8 +1396,8 @@ def __init__(self, *args, **kwargs): class Meta: model = Finding_Template - order = ('title', 'cwe', 'cve', 'cvssv3', 'severity', 'description', 'impact') - exclude = ('numerical_severity', 'is_mitigated', 'last_used', 'endpoint_status') + order = ('title', 'cwe', 'vulnerability_ids', 'cvssv3', 'severity', 'description', 'impact') + exclude = ('numerical_severity', 'is_mitigated', 'last_used', 'endpoint_status', 'cve') class DeleteFindingTemplateForm(forms.ModelForm): @@ -1319,11 +1415,14 @@ class FindingBulkUpdateForm(forms.ModelForm): risk_accept = forms.BooleanField(required=False) risk_unaccept = forms.BooleanField(required=False) + date = forms.DateField(required=False, widget=forms.DateInput(attrs={'class': 'datepicker'})) + planned_remediation_date = forms.DateField(required=False, widget=forms.DateInput(attrs={'class': 'datepicker'})) + planned_remediation_version = forms.CharField(required=False, max_length=99, widget=forms.TextInput(attrs={'class': 'form-control'})) finding_group = forms.BooleanField(required=False) finding_group_create = forms.BooleanField(required=False) finding_group_create_name = forms.CharField(required=False) finding_group_add = forms.BooleanField(required=False) - add_to_finding_group = forms.BooleanField(required=False) + add_to_finding_group_id = forms.CharField(required=False) finding_group_remove = forms.BooleanField(required=False) finding_group_by = forms.BooleanField(required=False) finding_group_by_option = forms.CharField(required=False) @@ -1332,6 +1431,7 @@ class FindingBulkUpdateForm(forms.ModelForm): # unlink_from_jira = forms.BooleanField(required=False) push_to_github = forms.BooleanField(required=False) tags = TagField(required=False, autocomplete_tags=Finding.tags.tag_model.objects.all().order_by('name')) + notes = forms.CharField(required=False, max_length=1024, widget=forms.TextInput(attrs={'class': 'form-control'})) def __init__(self, *args, **kwargs): super(FindingBulkUpdateForm, self).__init__(*args, **kwargs) @@ -1352,13 +1452,14 @@ def clean(self): class Meta: model = Finding - fields = ('severity', 'active', 'verified', 'false_p', 'duplicate', 'out_of_scope', 'is_mitigated') + fields = ('severity', 'date', 'planned_remediation_date', 'active', 'verified', 'false_p', 'duplicate', 'out_of_scope', + 'is_mitigated') class EditEndpointForm(forms.ModelForm): class Meta: model = Endpoint - exclude = ['product', 'endpoint_status'] + exclude = ['product', 'inherited_tags'] def __init__(self, *args, **kwargs): self.product = None @@ -1367,6 +1468,9 @@ def __init__(self, *args, **kwargs): if 'instance' in kwargs: self.endpoint_instance = kwargs.pop('instance') self.product = self.endpoint_instance.product + product_id = self.endpoint_instance.product.pk + findings = Finding.objects.filter(test__engagement__product__id=product_id) + self.fields["findings"].queryset = findings def clean(self): @@ -1509,6 +1613,12 @@ class CloseFindingForm(forms.ModelForm): 'required, please use the text area ' 'below to provide documentation.')}) + mitigated = forms.DateField(required=False, help_text='Date and time when the flaw has been fixed', widget=forms.TextInput(attrs={'class': 'datepicker', 'autocomplete': 'off'})) + mitigated_by = forms.ModelChoiceField(required=False, queryset=Dojo_User.objects.none()) + false_p = forms.BooleanField(initial=False, required=False, label='False Positive') + out_of_scope = forms.BooleanField(initial=False, required=False, label='Out of Scope') + duplicate = forms.BooleanField(initial=False, required=False, label='Duplicate') + def __init__(self, *args, **kwargs): queryset = kwargs.pop('missing_note_types') super(CloseFindingForm, self).__init__(*args, **kwargs) @@ -1517,9 +1627,48 @@ def __init__(self, *args, **kwargs): else: self.fields['note_type'] = forms.ModelChoiceField(queryset=queryset, label='Note Type', required=True) + self.can_edit_mitigated_data = kwargs.pop('can_edit_mitigated_data') if 'can_edit_mitigated_data' in kwargs \ + else False + + if self.can_edit_mitigated_data: + self.fields['mitigated_by'].queryset = get_authorized_users(Permissions.Test_Edit) + self.fields['mitigated'].initial = self.instance.mitigated + self.fields['mitigated_by'].initial = self.instance.mitigated_by + + def _post_clean(self): + super(CloseFindingForm, self)._post_clean() + + if self.can_edit_mitigated_data: + opts = self.instance._meta + if not self.cleaned_data.get('active'): + try: + opts.get_field('mitigated').save_form_data(self.instance, self.cleaned_data.get('mitigated')) + opts.get_field('mitigated_by').save_form_data(self.instance, self.cleaned_data.get('mitigated_by')) + except forms.ValidationError as e: + self._update_errors(e) + class Meta: model = Notes - fields = ['note_type', 'entry'] + fields = ['note_type', 'entry', 'mitigated', 'mitigated_by', 'false_p', 'out_of_scope', 'duplicate'] + + +class EditPlannedRemediationDateFindingForm(forms.ModelForm): + def __init__(self, *args, **kwargs): + finding = None + if 'finding' in kwargs: + finding = kwargs.pop('finding') + + super(EditPlannedRemediationDateFindingForm, self).__init__(*args, **kwargs) + + self.fields['planned_remediation_date'].required = True + self.fields['planned_remediation_date'].widget = forms.DateInput(attrs={'class': 'datepicker'}) + + if finding is not None: + self.fields['planned_remediation_date'].initial = finding.planned_remediation_date + + class Meta: + model = Finding + fields = ['planned_remediation_date'] class DefectFindingForm(forms.ModelForm): @@ -1553,28 +1702,56 @@ class Meta: class ReviewFindingForm(forms.Form): - reviewers = forms.ModelMultipleChoiceField(queryset=Dojo_User.objects.filter(is_staff=True, is_active=True), - help_text="Select all users who can review Finding.") + reviewers = forms.MultipleChoiceField( + help_text=( + "Select all users who can review Finding. Only users with " + "at least write permission to this finding can be selected"), + required=False, + ) entry = forms.CharField( required=True, max_length=2400, - help_text='Please provide a message for reviewers.', - widget=forms.Textarea, label='Notes:', - error_messages={'required': ('The reason for requesting a review is ' - 'required, please use the text area ' - 'below to provide documentation.')}) + help_text="Please provide a message for reviewers.", + widget=forms.Textarea, label="Notes:", + error_messages={"required": ("The reason for requesting a review is " + "required, please use the text area " + "below to provide documentation.")}) + allow_all_reviewers = forms.BooleanField( + required=False, + label="Allow All Eligible Reviewers", + help_text=("Checking this box will allow any user in the drop down " + "above to provide a review for this finding")) def __init__(self, *args, **kwargs): - finding = None - if 'finding' in kwargs: - finding = kwargs.pop('finding') - + finding = kwargs.pop("finding", None) + user = kwargs.pop("user", None) super(ReviewFindingForm, self).__init__(*args, **kwargs) - + # Get the list of users if finding is not None: - self.fields['reviewers'].queryset = get_authorized_users_for_product_and_product_type(None, finding.test.engagement.product, Permissions.Finding_Edit) + users = get_authorized_users_for_product_and_product_type(None, finding.test.engagement.product, Permissions.Finding_Edit) + else: + users = get_authorized_users(Permissions.Finding_Edit).filter(is_active=True) + # Remove the current user + if user is not None: + users = users.exclude(id=user.id) + # Save a copy of the original query to be used in the validator + self.reviewer_queryset = users + # Set the users in the form + self.fields["reviewers"].choices = self._get_choices(self.reviewer_queryset) + + @staticmethod + def _get_choices(queryset): + return [(item.pk, item.get_full_name()) for item in queryset] + + def clean(self): + cleaned_data = super().clean() + if cleaned_data.get("allow_all_reviewers", False): + cleaned_data["reviewers"] = [user.id for user in self.reviewer_queryset] + if len(cleaned_data.get("reviewers", [])) == 0: + raise ValidationError("Please select at least one user from the reviewers list") + return cleaned_data class Meta: - fields = ['reviewers', 'entry'] + fields = ["reviewers", "entry", "allow_all_reviewers"] class WeeklyMetricsForm(forms.Form): @@ -1838,18 +2015,20 @@ class ChangePasswordForm(forms.Form): current_password = forms.CharField(widget=forms.PasswordInput, required=True) new_password = forms.CharField(widget=forms.PasswordInput, - required=True, validators=[validate_password], - help_text='Password must contain at least 9 characters, one lowercase (a-z) and one uppercase (A-Z) letter, one number (0-9), \ - and one symbol (()[]{}|\`~!@#$%^&*_-+=;:\'\",<>./?).') # noqa W605 + required=True, + validators=[validate_password], + help_text='') confirm_password = forms.CharField(widget=forms.PasswordInput, - required=True, validators=[validate_password], - help_text='Password must match the new password entered above, following the same password rules.') + required=True, + validators=[validate_password], + help_text='Password must match the new password entered above.') def __init__(self, *args, **kwargs): self.user = None if 'user' in kwargs: self.user = kwargs.pop('user') super(ChangePasswordForm, self).__init__(*args, **kwargs) + self.fields['new_password'].help_text = get_password_requirements_string() def clean(self): cleaned_data = super().clean() @@ -1870,26 +2049,33 @@ def clean(self): class AddDojoUserForm(forms.ModelForm): password = forms.CharField(widget=forms.PasswordInput, - required=False, validators=[validate_password], - help_text='Password must contain at least 9 characters, one lowercase (a-z) and one uppercase (A-Z) letter, one number (0-9), \ - and one symbol (()[]{}|\`~!@#$%^&*_-+=;:\'\",<>./?). Leave blank to set an unusable password for this user.') # noqa W605 + required=False, + validators=[validate_password], + help_text='') class Meta: model = Dojo_User - fields = ['username', 'password', 'first_name', 'last_name', 'email', 'is_active', - 'is_staff', 'is_superuser'] - exclude = ['last_login', 'groups', 'date_joined', 'user_permissions', - 'authorized_products', 'authorized_product_types'] + fields = ['username', 'password', 'first_name', 'last_name', 'email', 'is_active', 'is_superuser'] + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + current_user = get_current_user() + if not current_user.is_superuser: + self.fields['is_superuser'].disabled = True + self.fields['password'].help_text = get_password_requirements_string() class EditDojoUserForm(forms.ModelForm): class Meta: model = Dojo_User - fields = ['username', 'first_name', 'last_name', 'email', 'is_active', - 'is_staff', 'is_superuser'] - exclude = ['password', 'last_login', 'groups', 'date_joined', 'user_permissions', - 'authorized_products', 'authorized_product_types'] + fields = ['username', 'first_name', 'last_name', 'email', 'is_active', 'is_superuser'] + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + current_user = get_current_user() + if not current_user.is_superuser: + self.fields['is_superuser'].disabled = True class DeleteUserForm(forms.ModelForm): @@ -1933,21 +2119,37 @@ def get_years(): return [(now.year, now.year), (now.year - 1, now.year - 1), (now.year - 2, now.year - 2)] -class ProductTypeCountsForm(forms.Form): +class ProductCountsFormBase(forms.Form): month = forms.ChoiceField(choices=list(MONTHS.items()), required=True, error_messages={ 'required': '*'}) year = forms.ChoiceField(choices=get_years, required=True, error_messages={ 'required': '*'}) + + +class ProductTypeCountsForm(ProductCountsFormBase): product_type = forms.ModelChoiceField(required=True, queryset=Product_Type.objects.none(), error_messages={ 'required': '*'}) def __init__(self, *args, **kwargs): - super(ProductTypeCountsForm, self).__init__(*args, **kwargs) + super().__init__(*args, **kwargs) self.fields['product_type'].queryset = get_authorized_product_types(Permissions.Product_Type_View) +class ProductTagCountsForm(ProductCountsFormBase): + product_tag = forms.ModelChoiceField(required=True, + queryset=Product.tags.tag_model.objects.none().order_by('name'), + error_messages={ + 'required': '*'}) + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + prods = get_authorized_products(Permissions.Product_View) + tags_available_to_user = Product.tags.tag_model.objects.filter(product__in=prods) + self.fields['product_tag'].queryset = tags_available_to_user + + class APIKeyForm(forms.ModelForm): id = forms.IntegerField(required=True, widget=forms.widgets.HiddenInput()) @@ -1986,6 +2188,18 @@ class Meta: fields = ['id'] +class CopyFindingForm(forms.Form): + test = forms.ModelChoiceField( + required=True, + queryset=Test.objects.none(), + error_messages={'required': '*'}) + + def __init__(self, *args, **kwargs): + authorized_lists = kwargs.pop('tests', None) + super(CopyFindingForm, self).__init__(*args, **kwargs) + self.fields['test'].queryset = authorized_lists + + class FindingFormID(forms.ModelForm): id = forms.IntegerField(required=True, widget=forms.widgets.HiddenInput()) @@ -2089,7 +2303,8 @@ def clean(self): form_data = self.cleaned_data try: - jira = jira_helper.get_jira_connection_raw(form_data['url'], form_data['username'], form_data['password']) + # Attempt to validate the credentials before moving forward + _ = jira_helper.get_jira_connection_raw(form_data['url'], form_data['username'], form_data['password']) logger.debug('valid JIRA config!') except Exception as e: # form only used by admins, so we can show full error message using str(e) which can help debug any problems @@ -2116,7 +2331,8 @@ def clean(self): form_data = self.cleaned_data try: - jira = jira_helper.get_jira_connection_raw(form_data['url'], form_data['username'], form_data['password'],) + # Attempt to validate the credentials before moving forward + _ = jira_helper.get_jira_connection_raw(form_data['url'], form_data['username'], form_data['password'],) logger.debug('valid JIRA config!') except Exception as e: # form only used by admins, so we can show full error message using str(e) which can help debug any problems @@ -2188,22 +2404,27 @@ class Meta: model = Tool_Type exclude = ['product'] + def __init__(self, *args, **kwargs): + instance = kwargs.get('instance', None) + self.newly_created = True + if instance is not None: + self.newly_created = instance.pk is None + super().__init__(*args, **kwargs) -class RegulationForm(forms.ModelForm): - class Meta: - model = Regulation - exclude = ['product'] - + def clean(self): + form_data = self.cleaned_data + if self.newly_created: + name = form_data.get("name") + # Make sure this will not create a duplicate test type + if Tool_Type.objects.filter(name=name).count() > 0: + raise forms.ValidationError('A Tool Type with the name already exists') -class LanguagesTypeForm(forms.ModelForm): - class Meta: - model = Languages - exclude = ['product'] + return form_data -class Languages_TypeTypeForm(forms.ModelForm): +class RegulationForm(forms.ModelForm): class Meta: - model = Language_Type + model = Regulation exclude = ['product'] @@ -2255,6 +2476,37 @@ def clean(self): return form_data +class SLAConfigForm(forms.ModelForm): + def __init__(self, *args, **kwargs): + super(SLAConfigForm, self).__init__(*args, **kwargs) + + # if this sla config has findings being asynchronously updated, disable the days by severity fields + if self.instance.async_updating: + msg = 'Finding SLA expiration dates are currently being recalculated. ' + \ + 'This field cannot be changed until the calculation is complete.' + self.fields['critical'].disabled = True + self.fields['critical'].widget.attrs['message'] = msg + self.fields['high'].disabled = True + self.fields['high'].widget.attrs['message'] = msg + self.fields['medium'].disabled = True + self.fields['medium'].widget.attrs['message'] = msg + self.fields['low'].disabled = True + self.fields['low'].widget.attrs['message'] = msg + + class Meta: + model = SLA_Configuration + fields = ['name', 'description', 'critical', 'high', 'medium', 'low'] + + +class DeleteSLAConfigForm(forms.ModelForm): + id = forms.IntegerField(required=True, + widget=forms.widgets.HiddenInput()) + + class Meta: + model = SLA_Configuration + fields = ['id'] + + class DeleteObjectsSettingsForm(forms.ModelForm): id = forms.IntegerField(required=True, widget=forms.widgets.HiddenInput()) @@ -2359,14 +2611,25 @@ class Meta: class SystemSettingsForm(forms.ModelForm): + jira_webhook_secret = forms.CharField(required=False) def __init__(self, *args, **kwargs): super(SystemSettingsForm, self).__init__(*args, **kwargs) self.fields['default_group_role'].queryset = get_group_member_roles() + def clean(self): + cleaned_data = super().clean() + enable_jira_value = cleaned_data.get('enable_jira') + jira_webhook_secret_value = cleaned_data.get('jira_webhook_secret').strip() + + if enable_jira_value and not jira_webhook_secret_value: + self.add_error('jira_webhook_secret', 'This field is required when enable Jira Integration is True') + + return cleaned_data + class Meta: model = System_Settings - exclude = ['product_grade', 'credentials', 'column_widths', 'drive_folder_ID'] + exclude = ['product_grade'] class BenchmarkForm(forms.ModelForm): @@ -2387,7 +2650,7 @@ class NotificationsForm(forms.ModelForm): class Meta: model = Notifications - exclude = [''] + exclude = ['template'] class ProductNotificationsForm(forms.ModelForm): @@ -2400,11 +2663,12 @@ def __init__(self, *args, **kwargs): self.initial['test_added'] = '' self.initial['scan_added'] = '' self.initial['sla_breach'] = '' + self.initial['sla_breach_combined'] = '' self.initial['risk_acceptance_expiration'] = '' class Meta: model = Notifications - fields = ['engagement_added', 'close_engagement', 'test_added', 'scan_added', 'sla_breach', 'risk_acceptance_expiration'] + fields = ['engagement_added', 'close_engagement', 'test_added', 'scan_added', 'sla_breach', 'sla_breach_combined', 'risk_acceptance_expiration'] class AjaxChoiceField(forms.ChoiceField): @@ -2412,32 +2676,6 @@ def valid_value(self, value): return True -class RuleForm(forms.ModelForm): - - class Meta: - model = Rule - exclude = ['key_product'] - - -class ChildRuleForm(forms.ModelForm): - - class Meta: - model = Child_Rule - exclude = ['key_product'] - - -RuleFormSet = modelformset_factory(Child_Rule, extra=2, max_num=10, exclude=[''], can_delete=True) - - -class DeleteRuleForm(forms.ModelForm): - id = forms.IntegerField(required=True, - widget=forms.widgets.HiddenInput()) - - class Meta: - model = Rule - fields = ['id'] - - class CredUserForm(forms.ModelForm): # selenium_script = forms.FileField(widget=forms.widgets.FileInput( # attrs={"accept": ".py"}), @@ -2469,7 +2707,7 @@ class JIRAProjectForm(forms.ModelForm): class Meta: model = JIRA_Project exclude = ['product', 'engagement'] - fields = ['inherit_from_product', 'jira_instance', 'project_key', 'issue_template_dir', 'component', 'push_all_issues', 'enable_engagement_epic_mapping', 'push_notes', 'product_jira_sla_notification', 'risk_acceptance_expiration_notification'] + fields = ['inherit_from_product', 'jira_instance', 'project_key', 'issue_template_dir', 'component', 'custom_fields', 'jira_labels', 'default_assignee', 'add_vulnerability_id_to_jira_label', 'push_all_issues', 'enable_engagement_epic_mapping', 'push_notes', 'product_jira_sla_notification', 'risk_acceptance_expiration_notification'] def __init__(self, *args, **kwargs): from dojo.jira_link import helper as jira_helper @@ -2503,6 +2741,10 @@ def __init__(self, *args, **kwargs): self.fields['project_key'].disabled = False self.fields['issue_template_dir'].disabled = False self.fields['component'].disabled = False + self.fields['custom_fields'].disabled = False + self.fields['default_assignee'].disabled = False + self.fields['jira_labels'].disabled = False + self.fields['add_vulnerability_id_to_jira_label'].disabled = False self.fields['push_all_issues'].disabled = False self.fields['enable_engagement_epic_mapping'].disabled = False self.fields['push_notes'].disabled = False @@ -2522,6 +2764,10 @@ def __init__(self, *args, **kwargs): self.initial['project_key'] = jira_project_product.project_key self.initial['issue_template_dir'] = jira_project_product.issue_template_dir self.initial['component'] = jira_project_product.component + self.initial['custom_fields'] = jira_project_product.custom_fields + self.initial['default_assignee'] = jira_project_product.default_assignee + self.initial['jira_labels'] = jira_project_product.jira_labels + self.initial['add_vulnerability_id_to_jira_label'] = jira_project_product.add_vulnerability_id_to_jira_label self.initial['push_all_issues'] = jira_project_product.push_all_issues self.initial['enable_engagement_epic_mapping'] = jira_project_product.enable_engagement_epic_mapping self.initial['push_notes'] = jira_project_product.push_notes @@ -2532,6 +2778,10 @@ def __init__(self, *args, **kwargs): self.fields['project_key'].disabled = True self.fields['issue_template_dir'].disabled = True self.fields['component'].disabled = True + self.fields['custom_fields'].disabled = True + self.fields['default_assignee'].disabled = True + self.fields['jira_labels'].disabled = True + self.fields['add_vulnerability_id_to_jira_label'].disabled = True self.fields['push_all_issues'].disabled = True self.fields['enable_engagement_epic_mapping'].disabled = True self.fields['push_notes'].disabled = True @@ -2594,7 +2844,7 @@ def __init__(self, *args, **kwargs): super(JIRAFindingForm, self).__init__(*args, **kwargs) self.fields['push_to_jira'] = forms.BooleanField() self.fields['push_to_jira'].required = False - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): self.fields['push_to_jira'].help_text = "Checking this will overwrite content of your JIRA issue, or create one. If this finding is part of a Finding Group, the group will pushed instead of the finding." else: self.fields['push_to_jira'].help_text = "Checking this will overwrite content of your JIRA issue, or create one." @@ -2613,12 +2863,12 @@ def __init__(self, *args, **kwargs): if hasattr(self.instance, 'has_jira_issue') and self.instance.has_jira_issue: self.initial['jira_issue'] = self.instance.jira_issue.jira_key self.fields['push_to_jira'].widget.attrs['checked'] = 'checked' - if settings.FEATURE_FINDING_GROUPS: + if is_finding_groups_enabled(): self.fields['jira_issue'].widget = forms.TextInput(attrs={'placeholder': 'Leave empty and check push to jira to create a new JIRA issue for this finding, or the group this finding is in.'}) else: self.fields['jira_issue'].widget = forms.TextInput(attrs={'placeholder': 'Leave empty and check push to jira to create a new JIRA issue for this finding.'}) - if self.instance and self.instance.has_jira_group_issue: + if self.instance and hasattr(self.instance, 'has_jira_group_issue') and self.instance.has_jira_group_issue: self.fields['push_to_jira'].widget.attrs['checked'] = 'checked' self.fields['jira_issue'].help_text = 'Changing the linked JIRA issue for finding groups is not (yet) supported.' self.initial['jira_issue'] = self.instance.finding_group.jira_issue.jira_key @@ -2626,27 +2876,33 @@ def __init__(self, *args, **kwargs): def clean(self): logger.debug('jform clean') - import dojo.jira_link.helper as jira_helper - cleaned_data = super(JIRAFindingForm, self).clean() + super(JIRAFindingForm, self).clean() jira_issue_key_new = self.cleaned_data.get('jira_issue') finding = self.instance jira_project = self.jira_project logger.debug('self.cleaned_data.push_to_jira: %s', self.cleaned_data.get('push_to_jira', None)) - if self.cleaned_data.get('push_to_jira', None) and finding.has_jira_group_issue: - can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(self.instance.finding_group, self.finding_form) + if self.cleaned_data.get('push_to_jira', None) and finding and finding.has_jira_group_issue: + can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(finding.finding_group, self.finding_form) if not can_be_pushed_to_jira: self.add_error('push_to_jira', ValidationError(error_message, code=error_code)) # for field in error_fields: # self.finding_form.add_error(field, error) - elif self.cleaned_data.get('push_to_jira', None): - can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(self.instance, self.finding_form) + elif self.cleaned_data.get('push_to_jira', None) and finding: + can_be_pushed_to_jira, error_message, error_code = jira_helper.can_be_pushed_to_jira(finding, self.finding_form) if not can_be_pushed_to_jira: self.add_error('push_to_jira', ValidationError(error_message, code=error_code)) # for field in error_fields: # self.finding_form.add_error(field, error) + elif self.cleaned_data.get('push_to_jira', None): + active = self.finding_form['active'].value() + verified = self.finding_form['verified'].value() + if not active or not verified: + logger.debug('Findings must be active and verified to be pushed to JIRA') + error_message = 'Findings must be active and verified to be pushed to JIRA' + self.add_error('push_to_jira', ValidationError(error_message, code='not_active_or_verified')) if jira_issue_key_new and (not finding or not finding.has_jira_group_issue): # when there is a group jira issue, we skip all the linking/unlinking as this is not supported (yet) @@ -2724,43 +2980,8 @@ def __init__(self, *args, **kwargs): self.fields['push_to_jira'].help_text = 'Checking this will update the existing EPIC in JIRA.' push_to_jira = forms.BooleanField(required=False, label="Create EPIC", help_text="Checking this will create an EPIC in JIRA for this engagement.") - - -class GoogleSheetFieldsForm(forms.Form): - cred_file = forms.FileField(widget=forms.widgets.FileInput( - attrs={"accept": ".json"}), - label="Google credentials file", - required=True, - allow_empty_file=False, - help_text="Upload the credentials file downloaded from the Google Developer Console") - drive_folder_ID = forms.CharField( - required=True, - label="Google Drive folder ID", - help_text="Extract the Drive folder ID from the URL and provide it here") - email_address = forms.EmailField( - required=True, - label="Email Address", - help_text="Enter the same email Address used to create the Service Account") - enable_service = forms.BooleanField( - initial=False, - required=False, - help_text='Tick this check box to enable Google Sheets Sync feature') - - def __init__(self, *args, **kwargs): - self.credentials_required = kwargs.pop('credentials_required') - options = ((0, 'Hide'), (100, 'Small'), (200, 'Medium'), (400, 'Large')) - protect = ['reporter', 'url', 'numerical_severity', 'endpoint', 'under_review', 'reviewers', - 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'sonarqube_issue'] - self.all_fields = kwargs.pop('all_fields') - super(GoogleSheetFieldsForm, self).__init__(*args, **kwargs) - if not self.credentials_required: - self.fields['cred_file'].required = False - for i in self.all_fields: - self.fields[i.name] = forms.ChoiceField(choices=options) - if i.name == 'id' or i.editable is False or i.many_to_one or i.name in protect: - self.fields['Protect ' + i.name] = forms.BooleanField(initial=True, required=True, disabled=True) - else: - self.fields['Protect ' + i.name] = forms.BooleanField(initial=False, required=False) + epic_name = forms.CharField(max_length=200, required=False, help_text="EPIC name in JIRA. If not specified, it defaults to the engagement name") + epic_priority = forms.CharField(max_length=200, required=False, help_text="EPIC priority. If not specified, the JIRA default priority will be used") class LoginBanner(forms.Form): @@ -2781,6 +3002,20 @@ def clean(self): return cleaned_data +class AnnouncementCreateForm(forms.ModelForm): + class Meta: + model = Announcement + fields = "__all__" + + +class AnnouncementRemoveForm(AnnouncementCreateForm): + def __init__(self, *args, **kwargs): + super(AnnouncementRemoveForm, self).__init__(*args, **kwargs) + self.fields['dismissable'].disabled = True + self.fields['message'].disabled = True + self.fields['style'].disabled = True + + # ============================== # Defect Dojo Engaegment Surveys # ============================== @@ -2844,8 +3079,6 @@ def __init__(self, *args, **kwargs): initial=initial_answer, ) - answer = self.fields['answer'] - def save(self): if not self.is_valid(): raise forms.ValidationError('form is not valid') @@ -2885,8 +3118,7 @@ def __init__(self, *args, **kwargs): # we have ChoiceAnswer instance if choice_answer: choice_answer = choice_answer[0] - initial_choices = choice_answer.answer.all().values_list('id', - flat=True) + initial_choices = list(choice_answer.answer.all().values_list('id', flat=True)) if self.question.multichoice is False: initial_choices = initial_choices[0] @@ -2919,7 +3151,7 @@ def clean_answer(self): real_answer = self.cleaned_data.get('answer') # for single choice questions, the selected answer is a single string - if type(real_answer) is not list: + if not isinstance(real_answer, list): real_answer = [real_answer] return real_answer @@ -2988,6 +3220,19 @@ class Meta: model = General_Survey exclude = ('num_responses', 'generated') + # date can only be today or in the past, not the future + def clean_expiration(self): + expiration = self.cleaned_data.get('expiration', None) + if expiration: + today = datetime.today().date() + if expiration < today: + raise forms.ValidationError("The expiration cannot be in the past") + elif expiration.day == today.day: + raise forms.ValidationError("The expiration cannot be today") + else: + raise forms.ValidationError("An expiration for the survey must be supplied") + return expiration + class Delete_Questionnaire_Form(forms.ModelForm): id = forms.IntegerField(required=True, @@ -3035,8 +3280,12 @@ class Meta: class CreateQuestionForm(forms.Form): - type = forms.ChoiceField(choices=(("---", "-----"), ("text", "Text"), ("choice", "Choice"))) - order = forms.IntegerField(min_value=1, widget=forms.TextInput(attrs={'data-type': 'both'})) + type = forms.ChoiceField( + choices=(("---", "-----"), ("text", "Text"), ("choice", "Choice"))) + order = forms.IntegerField( + min_value=1, + widget=forms.TextInput(attrs={'data-type': 'both'}), + help_text="The order the question will appear on the questionnaire") optional = forms.BooleanField(help_text="If selected, user doesn't have to answer this question", initial=False, required=False, @@ -3141,7 +3390,7 @@ def __init__(self, *args, **kwargs): assignee = kwargs.pop('asignees') super(AssignUserForm, self).__init__(*args, **kwargs) if assignee is None: - self.fields['assignee'] = forms.ModelChoiceField(queryset=Dojo_User.objects.all(), empty_label='Not Assigned', required=False) + self.fields['assignee'] = forms.ModelChoiceField(queryset=get_authorized_users(Permissions.Engagement_View), empty_label='Not Assigned', required=False) else: self.fields['assignee'].initial = assignee @@ -3169,27 +3418,7 @@ def __init__(self, *args, **kwargs): self.group = kwargs.pop('group', None) super(ConfigurationPermissionsForm, self).__init__(*args, **kwargs) - if get_system_setting('enable_questionnaires'): - questionnaire_permissions = [ - Permission_Helper(name='engagement survey', app='dojo', view=True, add=True, change=True, delete=True), - Permission_Helper(name='question', app='dojo', view=True, add=True, change=True), - ] - else: - questionnaire_permissions = [] - - permission_fields_1 = [ - Permission_Helper(name='development environment', app='dojo', view=True, add=True, change=True, delete=True), - Permission_Helper(name='finding template', app='dojo', view=True, add=True, change=True, delete=True), - Permission_Helper(name='group', app='auth', view=True, add=True), - Permission_Helper(name='permission', app='auth', change=True) - ] - permission_fields_2 = [ - Permission_Helper(name='test type', app='dojo', view=True, add=True, change=True), - Permission_Helper(name='tool type', app='dojo', view=True, add=True, change=True, delete=True), - Permission_Helper(name='user', app='auth', view=True, add=True, change=True, delete=True), - ] - - self.permission_fields = permission_fields_1 + questionnaire_permissions + permission_fields_2 + self.permission_fields = get_configuration_permissions_fields() for permission_field in self.permission_fields: for codename in permission_field.codenames(): @@ -3203,9 +3432,10 @@ def __init__(self, *args, **kwargs): self.permissions[permission.codename] = permission def save(self): - for permission_field in self.permission_fields: - for codename in permission_field.codenames(): - self.set_permission(codename) + if get_current_user().is_superuser: + for permission_field in self.permission_fields: + for codename in permission_field.codenames(): + self.set_permission(codename) def set_permission(self, codename): if self.cleaned_data[codename]: @@ -3224,55 +3454,3 @@ def set_permission(self, codename): self.group.auth_group.permissions.remove(self.permissions[codename]) else: raise Exception('Neither user or group are set') - - -class Permission_Helper: - def __init__(self, *args, **kwargs): - self.name = kwargs.pop('name') - self.app = kwargs.pop('app') - self.view = kwargs.pop('view', False) - self.add = kwargs.pop('add', False) - self.change = kwargs.pop('change', False) - self.delete = kwargs.pop('delete', False) - - def display_name(self): - if self.name == 'engagement survey': - return 'Questionnaire' - else: - return self.name.title() - - def view_codename(self): - if self.view: - return f'view_{self.name.replace(" ", "_")}' - else: - return None - - def add_codename(self): - if self.add: - return f'add_{self.name.replace(" ", "_")}' - else: - return None - - def change_codename(self): - if self.change: - return f'change_{self.name.replace(" ", "_")}' - else: - return None - - def delete_codename(self): - if self.delete: - return f'delete_{self.name.replace(" ", "_")}' - else: - return None - - def codenames(self): - codenames = [] - if self.view: - codenames.append(self.view_codename()) - if self.add: - codenames.append(self.add_codename()) - if self.change: - codenames.append(self.change_codename()) - if self.delete: - codenames.append(self.delete_codename()) - return codenames diff --git a/dojo/github_issue_link/urls.py b/dojo/github_issue_link/urls.py index 794dda947fa..05f70a58cf0 100644 --- a/dojo/github_issue_link/urls.py +++ b/dojo/github_issue_link/urls.py @@ -1,9 +1,9 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^github-webhook', views.webhook, name='github_web_hook'), - url(r'^github/add', views.new_github, name='add_github'), - url(r'^github/(?P\d+)/delete$', views.delete_github, + re_path(r'^github-webhook', views.webhook, name='github_web_hook'), + re_path(r'^github/add', views.new_github, name='add_github'), + re_path(r'^github/(?P\d+)/delete$', views.delete_github, name='delete_github'), - url(r'^github$', views.github, name='github')] + re_path(r'^github$', views.github, name='github')] diff --git a/dojo/github_issue_link/views.py b/dojo/github_issue_link/views.py index 1a499fd292b..e2e13ea948c 100644 --- a/dojo/github_issue_link/views.py +++ b/dojo/github_issue_link/views.py @@ -3,7 +3,6 @@ # Third party imports from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test from django.contrib.admin.utils import NestedObjects from django.urls import reverse from django.db import DEFAULT_DB_ALIAS @@ -16,6 +15,7 @@ from dojo.forms import GITHUBForm, DeleteGITHUBConfForm from dojo.models import GITHUB_Conf from dojo.utils import add_breadcrumb +from dojo.authorization.authorization_decorators import user_is_configuration_authorized logger = logging.getLogger(__name__) @@ -25,7 +25,7 @@ def webhook(request): return HttpResponse('') -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.add_github_conf') def new_github(request): if request.method == 'POST': gform = GITHUBForm(request.POST, instance=GITHUB_Conf()) @@ -41,34 +41,34 @@ def new_github(request): new_j.save() messages.add_message(request, messages.SUCCESS, - 'Github Configuration Successfully Created.', + 'GitHub Configuration Successfully Created.', extra_tags='alert-success') return HttpResponseRedirect(reverse('github', )) except Exception as info: logger.error(info) messages.add_message(request, messages.ERROR, - 'Unable to authenticate on github.', + 'Unable to authenticate on GitHub.', extra_tags='alert-danger') return HttpResponseRedirect(reverse('github', )) else: gform = GITHUBForm() - add_breadcrumb(title="New Github Configuration", top_level=False, request=request) + add_breadcrumb(title="New GitHub Configuration", top_level=False, request=request) return render(request, 'dojo/new_github.html', {'gform': gform}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.view_github_conf') def github(request): confs = GITHUB_Conf.objects.all() - add_breadcrumb(title="Github List", top_level=not len(request.GET), request=request) + add_breadcrumb(title="GitHub List", top_level=not len(request.GET), request=request) return render(request, 'dojo/github.html', {'confs': confs, }) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.delete_github_conf') def delete_github(request, tid): github_instance = get_object_or_404(GITHUB_Conf, pk=tid) # eng = test.engagement @@ -82,7 +82,7 @@ def delete_github(request, tid): github_instance.delete() messages.add_message(request, messages.SUCCESS, - 'Github Conf and relationships removed.', + 'GitHub Conf and relationships removed.', extra_tags='alert-success') return HttpResponseRedirect(reverse('github')) diff --git a/dojo/google_sheet/urls.py b/dojo/google_sheet/urls.py deleted file mode 100644 index da0602eb665..00000000000 --- a/dojo/google_sheet/urls.py +++ /dev/null @@ -1,11 +0,0 @@ -from django.conf.urls import url - -from dojo.google_sheet import views - -urlpatterns = [ - # google_sheet - url(r'^configure_google_sheets$', views.configure_google_sheets, - name='configure_google_sheets'), - url(r'^export_to_sheet/(?P\d+)$', views.export_to_sheet, - name='export_to_sheet'), -] diff --git a/dojo/google_sheet/views.py b/dojo/google_sheet/views.py deleted file mode 100644 index 9b269788364..00000000000 --- a/dojo/google_sheet/views.py +++ /dev/null @@ -1,914 +0,0 @@ -# google sheets - -import logging -import json -import datetime -import httplib2 -import googleapiclient.discovery -from google.oauth2 import service_account - -from django.shortcuts import render, get_object_or_404 -from django.http import HttpResponseRedirect -from django.urls import reverse -from django.utils import timezone -from django.contrib import messages -from django.contrib.auth.models import User -from django.core.exceptions import PermissionDenied -from django.contrib.auth.decorators import user_passes_test -from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters - -from dojo.models import Finding, System_Settings, Test, Dojo_User, Note_Type, NoteHistory, Notes, Sonarqube_Issue -from dojo.forms import GoogleSheetFieldsForm -from dojo.utils import add_breadcrumb, Product_Tab -from dojo.authorization.authorization_decorators import user_is_authorized -from dojo.authorization.roles_permissions import Permissions - -logger = logging.getLogger(__name__) - - -@sensitive_post_parameters() -@user_passes_test(lambda u: u.is_superuser) -def configure_google_sheets(request): - fields = Finding._meta.fields - system_settings = get_object_or_404(System_Settings, id=1) - revoke_access = False - if system_settings.credentials: - revoke_access = True - column_details = json.loads(system_settings.column_widths.replace("'", '"')) - initial = {} - for field in fields: - initial[field.name] = column_details[field.name][0] - if column_details[field.name][1] == 0: - initial['Protect ' + field.name] = False - else: - initial['Protect ' + field.name] = True - initial['drive_folder_ID'] = system_settings.drive_folder_ID - initial['email_address'] = system_settings.email_address - initial['enable_service'] = system_settings.enable_google_sheets - form = GoogleSheetFieldsForm(all_fields=fields, initial=initial, credentials_required=False) - else: - form = GoogleSheetFieldsForm(all_fields=fields, credentials_required=True) - if request.method == 'POST': - if system_settings.credentials: - form = GoogleSheetFieldsForm(request.POST, request.FILES, all_fields=fields, credentials_required=False) - else: - form = GoogleSheetFieldsForm(request.POST, request.FILES, all_fields=fields, credentials_required=True) - - if request.POST.get('revoke'): - system_settings.column_widths = "" - system_settings.credentials = "" - system_settings.drive_folder_ID = "" - system_settings.email_address = "" - system_settings.enable_google_sheets = False - system_settings.save() - messages.add_message( - request, - messages.SUCCESS, - "Access revoked", - extra_tags="alert-success",) - return HttpResponseRedirect(reverse('dashboard')) - - if request.POST.get('update'): - if form.is_valid(): - # Create a dictionary object from the uploaded credentials file - if len(request.FILES) != 0: - cred_file = request.FILES['cred_file'] - cred_byte = cred_file.read() # read data from the temporary uploaded file - cred_str = cred_byte.decode('utf8') # convert bytes object to string - initial = True - else: - cred_str = system_settings.credentials - initial = False - - # Get the drive folder ID - drive_folder_ID = form.cleaned_data['drive_folder_ID'] - validate_inputs = validate_drive_authentication(request, cred_str, drive_folder_ID) - - if validate_inputs: - # Create a dictionary of column names and widths - column_widths = {} - for i in fields: - column_widths[i.name] = [] - column_widths[i.name].append(form.cleaned_data[i.name]) - if form.cleaned_data['Protect ' + i.name]: - column_widths[i.name].append(1) - else: - column_widths[i.name].append(0) - - system_settings.column_widths = column_widths - system_settings.credentials = cred_str - system_settings.drive_folder_ID = drive_folder_ID - system_settings.email_address = form.cleaned_data['email_address'] - system_settings.enable_google_sheets = form.cleaned_data['enable_service'] - system_settings.save() - if initial: - messages.add_message( - request, - messages.SUCCESS, - "Google Drive configuration saved successfully.", - extra_tags="alert-success", - ) - else: - messages.add_message( - request, - messages.SUCCESS, - "Google Drive configuration updated successfully.", - extra_tags="alert-success", - ) - return HttpResponseRedirect(reverse('dashboard')) - else: - system_settings.enable_google_sheets = False - system_settings.save() - add_breadcrumb(title="Google Sheet Sync Configuration", top_level=True, request=request) - return render(request, 'dojo/google_sheet_configuration.html', { - 'name': 'Google Sheet Sync Configuration', - 'metric': False, - 'form': form, - 'revoke_access': revoke_access, - }) - - -@sensitive_variables('cred_str', 'drive_folder_ID', 'service_account_info') -def validate_drive_authentication(request, cred_str, drive_folder_ID): - SCOPES = ['https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/spreadsheets'] - service_account_info = json.loads(cred_str) - try: - # Validate the uploaded credentials file - credentials = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES) - except ValueError: - messages.add_message( - request, - messages.ERROR, - 'Invalid credentials file.', - extra_tags='alert-danger') - return False - else: - sheets_service = googleapiclient.discovery.build('sheets', 'v4', credentials=credentials, cache_discovery=False) - drive_service = googleapiclient.discovery.build('drive', 'v3', credentials=credentials, cache_discovery=False) - spreadsheet = { - 'properties': { - 'title': 'Test spreadsheet' - } - } - try: - # Check the sheets API is enabled or not - spreadsheet = sheets_service.spreadsheets().create(body=spreadsheet, fields='spreadsheetId').execute() - except googleapiclient.errors.HttpError: - messages.add_message( - request, - messages.ERROR, - 'Enable the Google Sheets API from the Google Developer Console.', - extra_tags='alert-danger') - return False - else: - spreadsheetId = spreadsheet.get('spreadsheetId') - try: - # Check the drive API is enabled or not - file = drive_service.files().get(fileId=spreadsheetId, fields='parents').execute() # Retrieve the existing parents to remove - except googleapiclient.errors.HttpError: - messages.add_message( - request, - messages.ERROR, - 'Enable the Google Drive API from the Google Developer Console.', - extra_tags='alert-danger') - return False - else: - previous_parents = ",".join(file.get('parents')) - folder_id = drive_folder_ID - try: - # Validate the drive folder id and it's permissions - file = drive_service.files().update(fileId=spreadsheetId, # Move the file to the new folder - addParents=folder_id, - removeParents=previous_parents, - fields='id, parents').execute() - except googleapiclient.errors.HttpError as error: - if error.resp.status == 403: - messages.add_message( - request, - messages.ERROR, - 'Unable to write to the given Google Drive folder', - extra_tags='alert-danger') - if error.resp.status == 404: - messages.add_message( - request, - messages.ERROR, - 'Invalid Google Drive folder ID', - extra_tags='alert-danger') - return False - else: - drive_service.files().delete(fileId=spreadsheetId).execute() # Delete 'test spreadsheet' - return True - - -@user_is_authorized(Test, Permissions.Test_View, 'tid') -def export_to_sheet(request, tid): - system_settings = get_object_or_404(System_Settings, id=1) - google_sheets_enabled = system_settings.enable_google_sheets - if google_sheets_enabled is False: - raise PermissionDenied - test = Test.objects.get(id=tid) - spreadsheet_name = test.engagement.product.name + "-" + test.engagement.name + "-" + str(test.id) - service_account_info = json.loads(system_settings.credentials) - SCOPES = ['https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/spreadsheets'] - credentials = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES) - try: - drive_service = googleapiclient.discovery.build('drive', 'v3', credentials=credentials, cache_discovery=False) - folder_id = system_settings.drive_folder_ID - gs_files = drive_service.files().list(q="mimeType='application/vnd.google-apps.spreadsheet' and parents in '%s' and name='%s'" % (folder_id, spreadsheet_name), - spaces='drive', - pageSize=10, - fields='files(id, name)').execute() - spreadsheets = gs_files.get('files') - if len(spreadsheets) == 1: - spreadsheetId = spreadsheets[0].get('id') - sync = sync_findings(request, tid, spreadsheetId) - errors = sync['errors'] - sheet_title = sync['sheet_title'] - if len(errors) > 0: - product_tab = Product_Tab(test.engagement.product.id, title="Syncing Errors", tab="engagements") - product_tab.setEngagement(test.engagement) - spreadsheet_url = 'https://docs.google.com/spreadsheets/d/' + spreadsheetId - return render( - request, 'dojo/syncing_errors.html', { - 'test': test, - 'errors': errors, - 'name': 'Google Drive Sync Errors', - 'product_tab': product_tab, - 'sheet_title': sheet_title, - 'spreadsheet_name': spreadsheet_name, - 'spreadsheet_url': spreadsheet_url - }) - else: - messages.add_message( - request, - messages.SUCCESS, - "Synched Google Sheet with database.", - extra_tags="alert-success", - ) - return HttpResponseRedirect(reverse('view_test', args=(tid, ))) - elif len(spreadsheets) == 0: - create_googlesheet(request, tid) - messages.add_message( - request, - messages.SUCCESS, - "Successfully exported finding details to Google Sheet.", - extra_tags="alert-success", - ) - return HttpResponseRedirect(reverse('view_test', args=(tid, ))) - else: - messages.add_message( - request, - messages.ERROR, - "More than one Google Sheet exists for this test. Please contact your system admin to solve the issue.", - extra_tags="alert-danger", - ) - return HttpResponseRedirect(reverse('view_test', args=(tid, ))) - except httplib2.ServerNotFoundError: - error_message = 'Unable to reach the Google Sheet API.' - return render(request, 'google_sheet_error.html', {'error_message': error_message}) - except googleapiclient.errors.HttpError as error: - error_message = 'There is a problem with the Google Sheets Sync Configuration. Contact your system admin to solve the issue.' - return render(request, 'google_sheet_error.html', {'error_message': error_message}) - except Exception as e: - error_message = e - return render(request, 'google_sheet_error.html', {'error_message': error_message}) - - -def create_googlesheet(request, tid): - user_email = request.user.email - if not user_email: - raise Exception('User must have an email address to use this feature.') - test = Test.objects.get(id=tid) - system_settings = get_object_or_404(System_Settings, id=1) - service_account_info = json.loads(system_settings.credentials) - SCOPES = ['https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/spreadsheets'] - credentials = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES) - sheets_service = googleapiclient.discovery.build('sheets', 'v4', credentials=credentials, cache_discovery=False) - drive_service = googleapiclient.discovery.build('drive', 'v3', credentials=credentials, cache_discovery=False) - # Create a new spreadsheet - spreadsheet_name = test.engagement.product.name + "-" + test.engagement.name + "-" + str(test.id) - spreadsheet = { - 'properties': { - 'title': spreadsheet_name - } - } - spreadsheet = sheets_service.spreadsheets().create(body=spreadsheet, fields='spreadsheetId').execute() - spreadsheetId = spreadsheet.get('spreadsheetId') - folder_id = system_settings.drive_folder_ID - - # Move the spreadsheet inside the drive folder - file = drive_service.files().get(fileId=spreadsheetId, fields='parents').execute() - previous_parents = ",".join(file.get('parents')) - file = drive_service.files().update(fileId=spreadsheetId, - addParents=folder_id, - removeParents=previous_parents, - fields='id, parents').execute() - # Share created Spreadsheet with current user - drive_service.permissions().create(body={'type': 'user', 'role': 'writer', 'emailAddress': user_email}, fileId=spreadsheetId).execute() - populate_sheet(tid, spreadsheetId) - - -def sync_findings(request, tid, spreadsheetId): - test = Test.objects.get(id=tid) - system_settings = get_object_or_404(System_Settings, id=1) - service_account_info = json.loads(system_settings.credentials) - SCOPES = ['https://www.googleapis.com/auth/spreadsheets'] - credentials = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES) - sheets_service = googleapiclient.discovery.build('sheets', 'v4', credentials=credentials, cache_discovery=False) - res = {} - spreadsheet = sheets_service.spreadsheets().get(spreadsheetId=spreadsheetId).execute() - sheet_names = [] - for sheet in spreadsheet['sheets']: - date = (sheet['properties']['title']) - try: - date = datetime.datetime.strptime(date, "%Y-%m-%d %H:%M:%S") - sheet_names.append(date) - except: - pass - try: - sheet_title = str(max(sheet_names)) - except: - raise Exception('Existing Google Spreadsheet has errors. Delete the speadsheet and export again.') - res['sheet_title'] = sheet_title - - result = sheets_service.spreadsheets().values().get(spreadsheetId=spreadsheetId, range=sheet_title).execute() - rows = result.get('values', []) - header_raw = rows[0] - findings_sheet = rows[1:] - findings_db = Finding.objects.filter(test=test).order_by('numerical_severity') - column_details = json.loads(system_settings.column_widths.replace("'", '"')) - active_note_types = Note_Type.objects.filter(is_active=True) - note_type_activation = len(active_note_types) - - errors = [] - index_of_active = header_raw.index('active') - index_of_verified = header_raw.index('verified') - index_of_duplicate = header_raw.index('duplicate') - index_of_false_p = header_raw.index('false_p') - index_of_id = header_raw.index('id') - - for finding_sheet in findings_sheet: - finding_id = finding_sheet[index_of_id] - active = finding_sheet[index_of_active] - verified = finding_sheet[index_of_verified] - duplicate = finding_sheet[index_of_duplicate] - false_p = finding_sheet[index_of_false_p] - - if (active == 'TRUE' or verified == 'TRUE') and duplicate == 'TRUE': # Check update finding conditions - error = 'Duplicate findings cannot be verified or active' - errors.append({'finding_id': finding_id, 'column_names': 'active, verified, duplicate', 'error': error}) - elif false_p == 'TRUE' and verified == 'TRUE': - error = 'False positive findings cannot be verified.' - errors.append({'finding_id': finding_id, 'column_names': 'false_p, verified', 'error': error}) - else: - try: - finding_db = findings_db.get(id=finding_id) # Update finding attributes - except: - if finding_id is None: - finding_id = 'Null' - error = 'Finding does not belong to the Test' - errors.append({'finding_id': finding_id, 'column_names': 'id', 'error': error}) - else: - finding_notes = finding_db.notes.all() - for column_name in header_raw: - if column_name in column_details: - if int(column_details[column_name][1]) == 0: - index_of_column = header_raw.index(column_name) - if finding_sheet[index_of_column] == 'TRUE': - setattr(finding_db, column_name, True) - elif finding_sheet[index_of_column] == 'FALSE': - setattr(finding_db, column_name, False) - else: - if finding_sheet[index_of_column] == '': - setattr(finding_db, column_name, None) - else: - setattr(finding_db, column_name, finding_sheet[index_of_column]) - elif column_name[:6] == '[note]' and column_name[-3:] == '_id': # Updating notes - note_column_name = column_name[:-3] - try: - index_of_note_column = header_raw.index(note_column_name) - except ValueError: - pass - else: - index_of_id_column = header_raw.index(column_name) - note_id = finding_sheet[index_of_id_column] - note_entry = finding_sheet[index_of_note_column].rstrip() - if note_entry != '': - if note_id != '': # If the note is an existing one - note_db = finding_notes.get(id=note_id) - if note_entry != note_db.entry.rstrip(): - note_db.entry = note_entry - note_db.edited = True - note_db.editor = request.user - note_db.edit_time = timezone.now() - history = NoteHistory(data=note_db.entry, - time=note_db.edit_time, - current_editor=note_db.editor) - history.save() - note_db.history.add(history) - note_db.save() - else: # If the note is a newly added one - if note_type_activation: - if note_column_name[7:12] == 'Note_': - error = 'Can not add new notes without a note-type. Add your note under the correct note-type column' - errors.append({'finding_id': finding_id, 'column_names': note_column_name, 'error': error}) - else: - note_type_name = note_column_name[7:][:-2] - try: - note_type = active_note_types.get(name=note_type_name) - except: - try: - note_type = Note_Type.objects.get(name=note_type_name) - except: - pass - else: - error = '"' + note_type_name + '" Note-type is disabled. Cannot add new notes of "' + note_type_name + '" type' - errors.append({'finding_id': finding_id, 'column_names': note_column_name, 'error': error}) - else: - new_note = Notes(note_type=note_type, - entry=note_entry, - date=timezone.now(), - author=request.user) - new_note.save() - history = NoteHistory(data=new_note.entry, - time=new_note.date, - current_editor=new_note.author, - note_type=new_note.note_type) - history.save() - new_note.history.add(history) - finding_db.notes.add(new_note) - else: - if note_column_name[7:12] == 'Note_': - new_note = Notes(entry=note_entry, - date=timezone.now(), - author=request.user) - new_note.save() - history = NoteHistory(data=new_note.entry, - time=new_note.date, - current_editor=new_note.author) - history.save() - new_note.history.add(history) - finding_db.notes.add(new_note) - else: - error_location = finding_id + ' ' + note_column_name - error = 'Note-types are not enabled. Notes cannot have a note-type.' - errors.append({'finding_id': finding_id, 'column_names': note_column_name, 'error': error}) - finding_db.save() - res['errors'] = errors - populate_sheet(tid, spreadsheetId) - return res - - -def populate_sheet(tid, spreadsheetId): - system_settings = get_object_or_404(System_Settings, id=1) - service_account_info = json.loads(system_settings.credentials) - service_account_email = service_account_info['client_email'] - email_address = system_settings.email_address - SCOPES = ['https://www.googleapis.com/auth/spreadsheets'] - credentials = service_account.Credentials.from_service_account_info(service_account_info, scopes=SCOPES) - sheets_service = googleapiclient.discovery.build('sheets', 'v4', credentials=credentials, cache_discovery=False) - findings_list = get_findings_list(tid) - row_count = len(findings_list) - column_count = len(findings_list[0]) - - # Create new sheet in the spreadsheet - now = datetime.datetime.now() - sheet_title = now.strftime("%Y-%m-%d %H:%M:%S") - new_sheet = { - "requests": [{ - "addSheet": { - "properties": { - "title": sheet_title, - "gridProperties": { - "rowCount": row_count, - "columnCount": column_count - } - } - } - }] - } - sheets_service.spreadsheets().batchUpdate(spreadsheetId=spreadsheetId, body=new_sheet).execute() - - # Move new sheet to the left most corner - spreadsheet = sheets_service.spreadsheets().get(spreadsheetId=spreadsheetId).execute() - for sheet in spreadsheet['sheets']: - if sheet['properties']['title'] == sheet_title: - sheet_id = sheet['properties']['sheetId'] - break - reqs = { - 'requests': [ - {'updateSheetProperties': { - 'properties': { - 'sheetId': sheet_id, - 'index': 0 - }, - "fields": "index" - }} - ]} - sheets_service.spreadsheets().batchUpdate(spreadsheetId=spreadsheetId, body=reqs).execute() - - # Update created sheet with finding details - result = sheets_service.spreadsheets().values().update(spreadsheetId=spreadsheetId, - range=sheet_title, - valueInputOption='RAW', - body={'values': findings_list}).execute() - - # Format the header row - body = { - "requests": [ - { - "repeatCell": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 0, - "endRowIndex": 1 - }, - "cell": { - "userEnteredFormat": { - "backgroundColor": { - "red": 0.0, - "green": 0.0, - "blue": 0.0 - }, - "horizontalAlignment": "CENTER", - "textFormat": { - "foregroundColor": { - "red": 1.0, - "green": 1.0, - "blue": 1.0 - }, - "fontSize": 12, - "bold": True - } - } - }, - "fields": "userEnteredFormat(backgroundColor,textFormat,horizontalAlignment)" - } - }, - { - "updateSheetProperties": { - "properties": { - "sheetId": sheet_id, - "gridProperties": { - "frozenRowCount": 1 - } - }, - "fields": "gridProperties.frozenRowCount" - } - }, - { - "addProtectedRange": { - "protectedRange": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 0, - "endRowIndex": 1, - "startColumnIndex": 0, - "endColumnIndex": column_count, - }, - "editors": { - "users": [ - service_account_email, - email_address - ] - }, - # "description": "Protecting total row", - "warningOnly": False - } - } - } - ] - } - sheets_service.spreadsheets().batchUpdate(spreadsheetId=spreadsheetId, body=body).execute() - - # Format columns with input field widths and protect columns - range = sheet_title + '!1:1' - result = sheets_service.spreadsheets().values().get(spreadsheetId=spreadsheetId, range=range).execute() - rows = result.get('values', []) - header_raw = rows[0] - fields = Finding._meta.fields - column_details = json.loads(system_settings.column_widths.replace("'", '"')) - body = {} - body["requests"] = [] - for column_name in header_raw: - index_of_column = header_raw.index(column_name) - if column_name in column_details: - # If column width is 0 hide column - if int(column_details[column_name][0]) == 0: - body["requests"].append({ - "updateDimensionProperties": { - "range": { - "sheetId": sheet_id, - "dimension": "COLUMNS", - "startIndex": index_of_column, - "endIndex": index_of_column + 1 - }, - "properties": { - "hiddenByUser": True, - }, - "fields": "hiddenByUser" - } - }) - else: - # If column width is not 0 adjust column to given width - body["requests"].append({ - "updateDimensionProperties": { - "range": { - "sheetId": sheet_id, - "dimension": "COLUMNS", - "startIndex": index_of_column, - "endIndex": index_of_column + 1 - }, - "properties": { - "pixelSize": column_details[column_name][0] - }, - "fields": "pixelSize" - } - }) - # If protect column is true, protect in sheet - if column_details[column_name][1] == 1: - body["requests"].append({ - "addProtectedRange": { - "protectedRange": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "editors": { - "users": [ - service_account_email, - email_address - ] - }, - "warningOnly": False - } - } - }) - # Format boolean fields in the google sheet - if (fields[index_of_column].get_internal_type()) == "BooleanField": - body["requests"].append({ - "setDataValidation": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "rule": { - "condition": { - "type": "BOOLEAN", - }, - "inputMessage": "Value must be BOOLEAN", - "strict": True - } - } - }) - # Format integer fields in the google sheet - elif (fields[index_of_column].get_internal_type()) == "IntegerField": - body["requests"].append({ - "setDataValidation": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "rule": { - "condition": { - "type": "NUMBER_GREATER", - "values": [ - { - "userEnteredValue": "-1" - } - ] - }, - "inputMessage": "Value must be an integer", - "strict": True - } - } - }) - # Format date fields in the google sheet - elif (fields[index_of_column].get_internal_type()) == "DateField": - body["requests"].append({ - "setDataValidation": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "rule": { - "condition": { - "type": "DATE_IS_VALID", - }, - "inputMessage": "Value must be a valid date", - "strict": True - } - } - }) - # Make severity column a dropdown - elif column_name == "severity": - body["requests"].append({ - "setDataValidation": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "rule": { - "condition": { - "type": "ONE_OF_LIST", - "values": [ - {"userEnteredValue": "Info"}, - {"userEnteredValue": "Low"}, - {"userEnteredValue": "Medium"}, - {"userEnteredValue": "High"}, - {"userEnteredValue": "Critical"}, - ] - }, - "inputMessage": "Value must be an one of list", - "strict": True - } - } - }) - # Hide and protect note id columns and last column - elif (column_name[:6] == '[note]' and column_name[-3:] == '_id') or column_name == 'Last column': - body["requests"].append({ - "updateDimensionProperties": { - "range": { - "sheetId": sheet_id, - "dimension": "COLUMNS", - "startIndex": index_of_column, - "endIndex": index_of_column + 1 - }, - "properties": { - "hiddenByUser": True, - }, - "fields": "hiddenByUser" - } - }) - body["requests"].append({ - "addProtectedRange": { - "protectedRange": { - "range": { - "sheetId": sheet_id, - "startRowIndex": 1, - "endRowIndex": row_count, - "startColumnIndex": index_of_column, - "endColumnIndex": index_of_column + 1, - }, - "editors": { - "users": [ - service_account_email, - email_address - ] - }, - "warningOnly": False - } - } - }) - elif column_name[:6] == '[note]' or column_name[:11] == '[duplicate]': - body["requests"].append({ - "autoResizeDimensions": { - "dimensions": { - "sheetId": sheet_id, - "dimension": "COLUMNS", - "startIndex": index_of_column, - "endIndex": index_of_column + 1 - } - } - }) - sheets_service.spreadsheets().batchUpdate(spreadsheetId=spreadsheetId, body=body).execute() - - -def get_findings_list(tid): - test = Test.objects.get(id=tid) - system_settings = get_object_or_404(System_Settings, id=1) - findings = Finding.objects.filter(test=test).order_by('numerical_severity') - active_note_types = Note_Type.objects.filter(is_active=True).order_by('id') - note_type_activation = active_note_types.count() - - # Create the header row - fields = Finding._meta.fields - findings_list = [] - headings = [] - for i in fields: - headings.append(i.name) - findings_list.append(headings) - - # Create finding rows - for finding in findings: - finding_details = [] - for field in fields: - value = getattr(finding, field.name) - if type(value) == datetime.date or type(value) == Test or type(value) == datetime.datetime: - var = str(value) - elif type(value) == User or type(value) == Dojo_User: - var = value.username - elif type(value) == Finding: - var = value.id - elif type(value) == Sonarqube_Issue: - var = value.key - else: - var = value - finding_details.append(var) - findings_list.append(finding_details) - - # Add notes into the findings_list - if note_type_activation: - for note_type in active_note_types: - max_note_count = 1 - if note_type.is_single: - findings_list[0].append('[note] ' + note_type.name + '_1_id') - findings_list[0].append('[note] ' + note_type.name + '_1') - else: - for finding in findings: - note_count = finding.notes.filter(note_type=note_type).count() - if max_note_count < note_count: - max_note_count = note_count - for n in range(max_note_count): - findings_list[0].append('[note] ' + note_type.name + '_' + str(n + 1) + '_id') - findings_list[0].append('[note] ' + note_type.name + '_' + str(n + 1)) - for f in range(findings.count()): - finding = findings[f] - notes = finding.notes.filter(note_type=note_type).order_by('id') - for note in notes: - findings_list[f + 1].append(note.id) - findings_list[f + 1].append(note.entry) - missing_notes_count = max_note_count - notes.count() - for i in range(missing_notes_count): - findings_list[f + 1].append('') - findings_list[f + 1].append('') - max_note_count = 0 - for finding in findings: - note_count = finding.notes.exclude(note_type__in=active_note_types).count() - if max_note_count < note_count: - max_note_count = note_count - if max_note_count > 0: - for i in range(max_note_count): - findings_list[0].append('[note] ' + "Note_" + str(i + 1) + '_id') - findings_list[0].append('[note] ' + "Note_" + str(i + 1)) - for f in range(findings.count()): - finding = findings[f] - notes = finding.notes.exclude(note_type__in=active_note_types).order_by('id') - for note in notes: - findings_list[f + 1].append(note.id) - findings_list[f + 1].append(note.entry) - missing_notes_count = max_note_count - notes.count() - for i in range(missing_notes_count): - findings_list[f + 1].append('') - findings_list[f + 1].append('') - else: - max_note_count = 1 - for finding in findings: - note_count = len(finding.notes.all()) - if note_count > max_note_count: - max_note_count = note_count - for i in range(max_note_count): - findings_list[0].append('[note] ' + "Note_" + str(i + 1) + '_id') - findings_list[0].append('[note] ' + "Note_" + str(i + 1)) - for f in range(findings.count()): - finding = findings[f] - notes = finding.notes.all().order_by('id') - for note in notes: - findings_list[f + 1].append(note.id) - findings_list[f + 1].append(note.entry) - missing_notes_count = max_note_count - notes.count() - for i in range(missing_notes_count): - findings_list[f + 1].append('') - findings_list[f + 1].append('') - - if system_settings.enable_deduplication: - if note_type_activation: - for note_type in active_note_types: - findings_list[0].append('[duplicate] ' + note_type.name) - for f in range(findings.count()): - original_finding = findings[f].duplicate_finding - for note_type in active_note_types: - try: - note = original_finding.notes.filter(note_type=note_type).latest('date') - findings_list[f + 1].append(note.entry) - except: - findings_list[f + 1].append('') - else: - findings_list[0].append('[duplicate] note') - for f in range(findings.count()): - original_finding = findings[f].duplicate_finding - try: - note = original_finding.notes.latest('date') - findings_list[f + 1].append(note.entry) - except: - findings_list[f + 1].append('') - - findings_list[0].append('Last column') - for f in range(findings.count()): - findings_list[f + 1].append('-') - return findings_list diff --git a/dojo/group/queries.py b/dojo/group/queries.py index 8a692cc0279..dd1114ad741 100644 --- a/dojo/group/queries.py +++ b/dojo/group/queries.py @@ -1,6 +1,5 @@ from crum import get_current_user from django.db.models import Exists, OuterRef -from django.conf import settings from dojo.models import Dojo_Group, Dojo_Group_Member, Product_Group, Product_Type_Group, Role from dojo.authorization.authorization import get_roles_for_permission from dojo.authorization.roles_permissions import Permissions @@ -15,9 +14,6 @@ def get_authorized_groups(permission): if user.is_superuser: return Dojo_Group.objects.all().order_by('name') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Dojo_Group.objects.all().order_by('name') - roles = get_roles_for_permission(permission) authorized_roles = Dojo_Group_Member.objects.filter(group=OuterRef('pk'), user=user, @@ -35,9 +31,6 @@ def get_authorized_group_members(permission): if user.is_superuser: return Dojo_Group_Member.objects.all().select_related('role') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Dojo_Group_Member.objects.all().select_related('role') - groups = get_authorized_groups(permission) return Dojo_Group_Member.objects.filter(group__in=groups).select_related('role') diff --git a/dojo/group/urls.py b/dojo/group/urls.py index 906dd88c9ed..5348f97c1d1 100644 --- a/dojo/group/urls.py +++ b/dojo/group/urls.py @@ -1,26 +1,17 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.group import views urlpatterns = [ - url(r'^group$', views.group, name='groups'), - url(r'^group/(?P\d+)$', views.view_group, - name='view_group'), - url(r'^group/(?P\d+)/edit$', views.edit_group, - name='edit_group'), - url(r'^group/(?P\d+)/delete', views.delete_group, - name='delete_group'), - url(r'^group/add$', views.add_group, name='add_group'), - url(r'^group/(?P\d+)/add_product_group', views.add_product_group, - name='add_product_group_group'), - url(r'^group/(?P\d+)/add_product_type_group', views.add_product_type_group, - name='add_product_type_group_group'), - url(r'^group/(?P\d+)/add_group_member', views.add_group_member, - name='add_group_member'), - url(r'group/member/(?P\d+)/edit_group_member', views.edit_group_member, - name='edit_group_member'), - url(r'group/member/(?P\d+)/delete_group_member', views.delete_group_member, - name='delete_group_member'), - url(r'^group/(?P\d+)/edit_permissions$', views.edit_permissions, - name='edit_group_permissions') + re_path(r'^group$', views.ListGroups.as_view(), name='groups'), + re_path(r'^group/add$', views.AddGroup.as_view(), name='add_group'), + re_path(r'^group/(?P\d+)$', views.ViewGroup.as_view(), name='view_group'), + re_path(r'^group/(?P\d+)/edit$', views.EditGroup.as_view(), name='edit_group'), + re_path(r'^group/(?P\d+)/delete$', views.DeleteGroup.as_view(), name='delete_group'), + re_path(r'^group/(?P\d+)/add_product_group$', views.add_product_group, name='add_product_group_group'), + re_path(r'^group/(?P\d+)/add_product_type_group$', views.add_product_type_group, name='add_product_type_group_group'), + re_path(r'^group/(?P\d+)/add_group_member$', views.add_group_member, name='add_group_member'), + re_path(r'group/member/(?P\d+)/edit_group_member$', views.edit_group_member, name='edit_group_member'), + re_path(r'group/member/(?P\d+)/delete_group_member$', views.delete_group_member, name='delete_group_member'), + re_path(r'^group/(?P\d+)/edit_permissions$', views.edit_permissions, name='edit_group_permissions') ] diff --git a/dojo/group/utils.py b/dojo/group/utils.py index fdfe615090d..be7f5ea1d63 100644 --- a/dojo/group/utils.py +++ b/dojo/group/utils.py @@ -3,6 +3,7 @@ from django.db.models.signals import post_save, post_delete from django.dispatch import receiver from dojo.models import Dojo_Group, Dojo_Group_Member, Role +from django.conf import settings def get_auth_group_name(group, attempt=0): @@ -14,7 +15,8 @@ def get_auth_group_name(group, attempt=0): auth_group_name = group.name + '_' + str(attempt) try: - auth_group = Group.objects.get(name=auth_group_name) + # Attempt to fetch an existing group before moving forward with the real operation + _ = Group.objects.get(name=auth_group_name) return get_auth_group_name(group, attempt + 1) except Group.DoesNotExist: return auth_group_name @@ -31,7 +33,7 @@ def group_post_save_handler(sender, **kwargs): group.auth_group = auth_group group.save() user = get_current_user() - if user: + if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS: # Add the current user as the owner of the group member = Dojo_Group_Member() member.user = user diff --git a/dojo/group/views.py b/dojo/group/views.py index 89cc819c3d8..8cdf17b31c3 100644 --- a/dojo/group/views.py +++ b/dojo/group/views.py @@ -1,10 +1,13 @@ import logging +from django.views import View +from django.db.models.query import QuerySet from django.contrib import messages from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.models import Group from django.db.models.deletion import RestrictedError from django.urls import reverse -from django.http import HttpResponseRedirect +from django.http import HttpResponseRedirect, HttpRequest +from django.core.exceptions import PermissionDenied from django.shortcuts import render, get_object_or_404 from django.contrib.admin.utils import NestedObjects from django.db import DEFAULT_DB_ALIAS @@ -15,177 +18,356 @@ from dojo.forms import DojoGroupForm, DeleteGroupForm, Add_Product_Group_GroupForm, \ Add_Product_Type_Group_GroupForm, Add_Group_MemberForm, Edit_Group_MemberForm, \ Delete_Group_MemberForm, GlobalRoleForm, ConfigurationPermissionsForm -from dojo.models import Dojo_Group, Product_Group, Product_Type_Group, Dojo_Group_Member -from dojo.utils import get_page_items, add_breadcrumb, is_title_in_breadcrumbs +from dojo.models import Dojo_Group, Product_Group, Product_Type_Group, Dojo_Group_Member, Global_Role +from dojo.utils import get_page_items, add_breadcrumb, is_title_in_breadcrumbs, redirect_to_return_url_or_else from dojo.group.queries import get_authorized_groups, get_product_groups_for_group, \ get_product_type_groups_for_group, get_group_members_for_group from dojo.authorization.authorization_decorators import user_is_configuration_authorized +from dojo.authorization.authorization import user_has_configuration_permission, user_has_permission_or_403 from dojo.group.utils import get_auth_group_name logger = logging.getLogger(__name__) -@user_is_configuration_authorized('auth.view_group', 'staff') -def group(request): - groups = get_authorized_groups(Permissions.Group_View) - groups = GroupFilter(request.GET, queryset=groups) - paged_groups = get_page_items(request, groups.qs, 25) - add_breadcrumb(title="All Groups", top_level=True, request=request) - return render(request, 'dojo/groups.html', { - 'groups': paged_groups, - 'filtered': groups, - 'name': 'All Groups' - }) - - -# Users need to be authorized to view groups in general and only the groups they are a member of -# because with the group they can see user information that might be considered as confidential -@user_is_configuration_authorized('auth.view_group', 'staff') -@user_is_authorized(Dojo_Group, Permissions.Group_View, 'gid') -def view_group(request, gid): - group = get_object_or_404(Dojo_Group, id=gid) - products = get_product_groups_for_group(group) - product_types = get_product_type_groups_for_group(group) - group_members = get_group_members_for_group(group) - - # Create authorization group if it doesn't exist and add product members - if not group.auth_group: - auth_group = Group(name=get_auth_group_name(group)) - auth_group.save() - group.auth_group = auth_group - members = group.users.all() - for member in members: - auth_group.user_set.add(member) - group.save() - configuration_permission_form = ConfigurationPermissionsForm(group=group) - - add_breadcrumb(title="View Group", top_level=False, request=request) - return render(request, 'dojo/view_group.html', { - 'group': group, - 'products': products, - 'product_types': product_types, - 'group_members': group_members, - 'configuration_permission_form': configuration_permission_form, - }) - - -@user_is_authorized(Dojo_Group, Permissions.Group_Edit, 'gid') -def edit_group(request, gid): - group = get_object_or_404(Dojo_Group, id=gid) - form = DojoGroupForm(instance=group) - - global_role = group.global_role if hasattr(group, 'global_role') else None - if global_role is None: - previous_global_role = None - global_role_form = GlobalRoleForm() - else: - previous_global_role = global_role.role - global_role_form = GlobalRoleForm(instance=global_role) - - if request.method == 'POST': - form = DojoGroupForm(request.POST, instance=group) - - if global_role is None: - global_role_form = GlobalRoleForm(request.POST) - else: - global_role_form = GlobalRoleForm(request.POST, instance=global_role) - - if form.is_valid() and global_role_form.is_valid(): - if global_role_form.cleaned_data['role'] != previous_global_role and not request.user.is_superuser: - messages.add_message(request, - messages.WARNING, - 'Only superusers are allowed to change the global role.', - extra_tags='alert-warning') +class ListGroups(View): + def get_groups(self): + return get_authorized_groups(Permissions.Group_View) + + def get_initial_context(self, request: HttpRequest, groups: QuerySet[Dojo_Group]): + filtered_groups = GroupFilter(request.GET, queryset=groups) + return { + "name": "All Groups", + "filtered": filtered_groups, + "groups": get_page_items(request, filtered_groups.qs, 25), + } + + def get_template(self): + return "dojo/groups.html" + + def get(self, request: HttpRequest): + # quick permission check + if not user_has_configuration_permission(request.user, 'auth.view_group'): + raise PermissionDenied + # Fetch the groups + groups = self.get_groups() + # Set up the initial context + context = self.get_initial_context(request, groups) + # Add a breadcrumb + add_breadcrumb(title="All Groups", top_level=True, request=request) + # Render the page + return render(request, self.get_template(), context) + + +class ViewGroup(View): + def get_group(self, group_id: int): + return get_object_or_404(Dojo_Group, id=group_id) + + def get_initial_context(self, group: Dojo_Group): + return { + "group": group, + "products": get_product_groups_for_group(group), + "product_types": get_product_type_groups_for_group(group), + "group_members": get_group_members_for_group(group), + } + + def set_configuration_permissions(self, group: Dojo_Group, context: dict): + # Create authorization group if it doesn't exist and add product members + if not group.auth_group: + auth_group = Group(name=get_auth_group_name(group)) + auth_group.save() + group.auth_group = auth_group + members = group.users.all() + for member in members: + auth_group.user_set.add(member) + group.save() + # create the config permissions form + context["configuration_permission_form"] = ConfigurationPermissionsForm(group=group) + + return context + + def get_template(self): + return "dojo/view_group.html" + + def get(self, request: HttpRequest, group_id: int): + # Fetch the group + group = self.get_group(group_id) + # quick permission check + if not user_has_configuration_permission(request.user, 'auth.view_group'): + raise PermissionDenied + user_has_permission_or_403(request.user, group, Permissions.Group_View) + # Set up the initial context + context = self.get_initial_context(group) + # Set up the config permissions + context = self.set_configuration_permissions(group, context) + # Add a breadcrumb + add_breadcrumb(title="View Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + +class EditGroup(View): + def get_group(self, group_id: int): + return get_object_or_404(Dojo_Group, id=group_id) + + def get_global_role(self, group: Dojo_Group): + # Try to pull the global role from the group object + return group.global_role if hasattr(group, 'global_role') else None + + def get_group_form(self, request: HttpRequest, group: Dojo_Group): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "instance": group, + } + + return DojoGroupForm(*args, **kwargs) + + def get_global_role_form(self, request: HttpRequest, global_role: Global_Role): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = {} + # Add the global role to te kwargs if it is present + if global_role: + kwargs["instance"] = global_role + + return GlobalRoleForm(*args, **kwargs) + + def get_initial_context(self, request: HttpRequest, group: Dojo_Group, global_role: Global_Role): + return { + "form": self.get_group_form(request, group), + "global_role_form": self.get_global_role_form(request, global_role), + "previous_global_role": global_role.role if global_role else None, + } + + def process_forms(self, request: HttpRequest, group: Dojo_Group, context: dict): + # Validate the forms + if context["form"].is_valid() and context["global_role_form"].is_valid(): + # Determine if the previous global roles was changed with proper authorization + if context["global_role_form"].cleaned_data['role'] != context["previous_global_role"] and not request.user.is_superuser: + messages.add_message( + request, + messages.WARNING, + 'Only superusers are allowed to change the global role.', + extra_tags='alert-warning') else: - form.save() - global_role = global_role_form.save(commit=False) + context["form"].save() + global_role = context["global_role_form"].save(commit=False) global_role.group = group global_role.save() - messages.add_message(request, - messages.SUCCESS, - 'Group saved successfully.', - extra_tags='alert-success') - else: - messages.add_message(request, - messages.ERROR, - 'Group was not saved successfully.', - extra_tags='alert_danger') - - add_breadcrumb(title="Edit Group", top_level=False, request=request) - return render(request, "dojo/add_group.html", { - 'form': form, - 'global_role_form': global_role_form, - }) - - -@user_is_authorized(Dojo_Group, Permissions.Group_Delete, 'gid') -def delete_group(request, gid): - group = get_object_or_404(Dojo_Group, id=gid) - form = DeleteGroupForm(instance=group) - - if request.method == 'POST': - if 'id' in request.POST and str(group.id) == request.POST['id']: - form = DeleteGroupForm(request.POST, instance=group) - if form.is_valid(): - try: - group.delete() - messages.add_message(request, - messages.SUCCESS, - 'Group and relationships successfully removed.', - extra_tags='alert-success') - except RestrictedError as err: - messages.add_message(request, - messages.WARNING, - 'Group cannot be deleted: {}'.format(err), - extra_tags='alert-warning') - return HttpResponseRedirect(reverse('groups')) + messages.add_message( + request, + messages.SUCCESS, + 'Group saved successfully.', + extra_tags='alert-success') - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([group]) - rels = collector.nested() - add_breadcrumb(title="Delete Group", top_level=False, request=request) - return render(request, 'dojo/delete_group.html', { - 'to_delete': group, - 'form': form, - 'rels': rels - }) - - -@user_is_configuration_authorized('auth.add_group', 'staff') -def add_group(request): - form = DojoGroupForm - global_role_form = GlobalRoleForm() - group = None - - if request.method == 'POST': - form = DojoGroupForm(request.POST) - global_role_form = GlobalRoleForm(request.POST) - if form.is_valid() and global_role_form.is_valid(): - if global_role_form.cleaned_data['role'] is not None and not request.user.is_superuser: - messages.add_message(request, messages.ERROR, - 'Only superusers are allowed to set global role.', - extra_tags='alert-warning') + return request, True + else: + messages.add_message( + request, + messages.ERROR, + 'Group was not saved successfully.', + extra_tags='alert_danger') + + return request, False + + def get_template(self): + return "dojo/add_group.html" + + def get(self, request: HttpRequest, group_id: int): + # Fetch the group and global role + group = self.get_group(group_id) + global_role = self.get_global_role(group) + # quick permission check + user_has_permission_or_403(request.user, group, Permissions.Group_Edit) + # Set up the initial context + context = self.get_initial_context(request, group, global_role) + # Add a breadcrumb + add_breadcrumb(title="Edit Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest, group_id: int): + # Fetch the group and global role + group = self.get_group(group_id) + global_role = self.get_global_role(group) + # quick permission check + user_has_permission_or_403(request.user, group, Permissions.Group_Edit) + # Set up the initial context + context = self.get_initial_context(request, group, global_role) + # Process the forms + request, success = self.process_forms(request, group, context) + # Handle the case of a successful form + if success: + return redirect_to_return_url_or_else(request, reverse("view_group", args=(group_id,))) + # Add a breadcrumb + add_breadcrumb(title="Edit Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + +class DeleteGroup(View): + def get_group(self, group_id: int): + return get_object_or_404(Dojo_Group, id=group_id) + + def get_group_form(self, request: HttpRequest, group: Dojo_Group): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "instance": group, + } + + return DeleteGroupForm(*args, **kwargs) + + def get_initial_context(self, request: HttpRequest, group: Dojo_Group): + # Add the related objects to the delete page + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([group]) + return { + "form": self.get_group_form(request, group), + "to_delete": group, + "rels": collector.nested() + } + + def process_forms(self, request: HttpRequest, group: Dojo_Group, context: dict): + # Validate the forms + if context["form"].is_valid(): + try: + group.delete() + messages.add_message( + request, + messages.SUCCESS, + 'Group and relationships successfully removed.', + extra_tags='alert-success') + except RestrictedError as err: + messages.add_message( + request, + messages.WARNING, + f'Group cannot be deleted: {err}', + extra_tags='alert-warning', + ) + return request, False + + return request, True + return request, False + + def get_template(self): + return "dojo/delete_group.html" + + def get(self, request: HttpRequest, group_id: int): + # Fetch the group and global role + group = self.get_group(group_id) + # quick permission check + user_has_permission_or_403(request.user, group, Permissions.Group_Delete) + # Set up the initial context + context = self.get_initial_context(request, group) + # Add a breadcrumb + add_breadcrumb(title="Delete Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest, group_id: int): + # Fetch the group and global role + group = self.get_group(group_id) + # quick permission check + user_has_permission_or_403(request.user, group, Permissions.Group_Delete) + # Set up the initial context + context = self.get_initial_context(request, group) + # Process the forms + request, success = self.process_forms(request, group, context) + # Handle the case of a successful form + if success: + return redirect_to_return_url_or_else(request, reverse("groups")) + # Add a breadcrumb + add_breadcrumb(title="Delete Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + +class AddGroup(View): + def get_group_form(self, request: HttpRequest): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = {} + + return DojoGroupForm(*args, **kwargs) + + def get_global_role_form(self, request: HttpRequest): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = {} + + return GlobalRoleForm(*args, **kwargs) + + def get_initial_context(self, request: HttpRequest): + return { + "form": self.get_group_form(request), + "global_role_form": self.get_global_role_form(request), + } + + def process_forms(self, request: HttpRequest, context: dict): + group = None + # Validate the forms + if context["form"].is_valid() and context["global_role_form"].is_valid(): + if context["global_role_form"].cleaned_data['role'] is not None and not request.user.is_superuser: + messages.add_message( + request, + messages.ERROR, + 'Only superusers are allowed to set global role.', + extra_tags='alert-warning') else: - group = form.save() - global_role = global_role_form.save(commit=False) + group = context["form"].save() + global_role = context["global_role_form"].save(commit=False) global_role.group = group global_role.save() - - messages.add_message(request, - messages.SUCCESS, - 'Group was added successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_group', args=(group.id,))) + messages.add_message( + request, + messages.SUCCESS, + 'Group was added successfully.', + extra_tags='alert-success') + return request, group, True else: - messages.add_message(request, messages.ERROR, - 'Group was not added successfully.', - extra_tags='alert-danger') - - add_breadcrumb(title="Add Group", top_level=False, request=request) - return render(request, "dojo/add_group.html", { - 'form': form, - 'global_role_form': global_role_form, - }) + messages.add_message( + request, + messages.ERROR, + 'Group was not added successfully.', + extra_tags='alert-danger') + + return request, group, False + + def get_template(self): + return "dojo/add_group.html" + + def get(self, request: HttpRequest): + # quick permission check + if not user_has_configuration_permission(request.user, 'auth.add_group'): + raise PermissionDenied + # Set up the initial context + context = self.get_initial_context(request) + # Add a breadcrumb + add_breadcrumb(title="Add Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest): + # quick permission check + if not user_has_configuration_permission(request.user, 'auth.add_group'): + raise PermissionDenied + # Set up the initial context + context = self.get_initial_context(request) + # Process the forms + request, group, success = self.process_forms(request, context) + # Handle the case of a successful form + if success: + return redirect_to_return_url_or_else(request, reverse("view_group", args=(group.id,))) + # Add a breadcrumb + add_breadcrumb(title="Add Group", top_level=False, request=request) + # Render the page + return render(request, self.get_template(), context) @user_is_authorized(Dojo_Group, Permissions.Group_Manage_Members, 'gid') @@ -367,7 +549,7 @@ def add_product_type_group(request, gid): }) -@user_is_configuration_authorized('auth.change_permission', 'superuser') +@user_is_configuration_authorized('auth.change_permission') def edit_permissions(request, gid): group = get_object_or_404(Dojo_Group, id=gid) if request.method == 'POST': diff --git a/dojo/home/urls.py b/dojo/home/urls.py index a54def5afe1..70ac70c4ed1 100644 --- a/dojo/home/urls.py +++ b/dojo/home/urls.py @@ -1,9 +1,10 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.home import views urlpatterns = [ # dojo home pages - url(r'^$', views.home, name='home'), - url(r'^dashboard$', views.dashboard, name='dashboard'), + re_path(r'^$', views.home, name='home'), + re_path(r'^dashboard$', views.dashboard, name='dashboard'), + re_path(r'^support$', views.support, name='support'), ] diff --git a/dojo/home/views.py b/dojo/home/views.py index 38c59e81e8d..1048b9e1cca 100644 --- a/dojo/home/views.py +++ b/dojo/home/views.py @@ -47,7 +47,7 @@ def dashboard(request: HttpRequest) -> HttpResponse: severity_count_by_month = get_severities_by_month(findings, today) punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26) - if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey', 'staff'): + if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey'): unassigned_surveys = Answered_Survey.objects.filter(assignee_id__isnull=True, completed__gt=0, ) \ .filter(Q(engagement__isnull=True) | Q(engagement__in=engagements)) else: @@ -71,6 +71,11 @@ def dashboard(request: HttpRequest) -> HttpResponse: }) +def support(request: HttpRequest) -> HttpResponse: + add_breadcrumb(title="Support", top_level=not len(request.GET), request=request) + return render(request, 'dojo/support.html', {}) + + def get_severities_all(findings) -> Dict[str, int]: severities_all = findings.values('severity').annotate(count=Count('severity')).order_by() return defaultdict(lambda: 0, {s['severity']: s['count'] for s in severities_all}) diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py index d74c865b791..4b3b1d43c6c 100644 --- a/dojo/importers/importer/importer.py +++ b/dojo/importers/importer/importer.py @@ -3,7 +3,7 @@ from django.db.models.query_utils import Q from dojo.importers import utils as importer_utils from dojo.decorators import dojo_async_task -from dojo.utils import get_current_user +from dojo.utils import get_current_user, is_finding_groups_enabled from dojo.celery import app from django.core.exceptions import ValidationError from django.core import serializers @@ -35,14 +35,20 @@ def create_test(self, scan_type, test_type_name, engagement, lead, environment, if created: logger.info('Created new Test_Type with name %s because a report is being imported', test_type.name) + if scan_date and not scan_date.tzinfo: + scan_date = timezone.make_aware(scan_date) + + if now and not now.tzinfo: + now = timezone.make_aware(now) + test = Test( title=title, engagement=engagement, lead=lead, test_type=test_type, scan_type=scan_type, - target_start=scan_date if scan_date else now.date(), - target_end=scan_date if scan_date else now.date(), + target_start=scan_date or now, + target_end=scan_date or now, environment=environment, percent_complete=100, version=version, @@ -50,28 +56,44 @@ def create_test(self, scan_type, test_type_name, engagement, lead, environment, build_id=build_id, commit_hash=commit_hash, api_scan_configuration=api_scan_configuration, - tags=tags) - try: - # TODO What is going on here? - test.full_clean() - except ValidationError: - pass + tags=tags, + ) + test.full_clean() test.save() return test @dojo_async_task @app.task(ignore_result=False) - def process_parsed_findings(self, test, parsed_findings, scan_type, user, active, verified, minimum_severity=None, - endpoints_to_add=None, push_to_jira=None, group_by=None, now=timezone.now(), service=None, scan_date=None, **kwargs): + def process_parsed_findings(self, test, parsed_findings, scan_type, user, active=None, verified=None, minimum_severity=None, + endpoints_to_add=None, push_to_jira=None, group_by=None, now=timezone.now(), service=None, scan_date=None, + create_finding_groups_for_all_findings=True, **kwargs): logger.debug('endpoints_to_add: %s', endpoints_to_add) new_findings = [] items = parsed_findings logger.debug('starting import of %i items.', len(items) if items else 0) - i = 0 + group_names_to_findings_dict = {} + for item in items: # FIXME hack to remove when all parsers have unit tests for this attribute - if item.severity.lower().startswith('info') and item.severity != 'Info': + # Importing the cvss module via: + # `from cvss import CVSS3` + # _and_ given a CVSS vector string such as: + # cvss_vector_str = 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N', + # the following severity calculation returns the + # string values of, "None" instead of the expected string values + # of "Info": + # ``` + # cvss_obj = CVSS3(cvss_vector_str) + # severities = cvss_obj.severities() + # print(severities) + # ('None', 'None', 'None') + # print(severities[0]) + # 'None' + # print(type(severities[0])) + # + # ``` + if (item.severity.lower().startswith('info') or item.severity.lower() == 'none') and item.severity != 'Info': item.severity = 'Info' item.numerical_severity = Finding.get_numerical_severity(item.severity) @@ -87,31 +109,31 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active item.last_reviewed_by = user if user else get_current_user logger.debug('process_parsed_findings: active from report: %s, verified from report: %s', item.active, item.verified) - # active, verified parameters = parameters from the gui or api call. - # item.active, item.verified = values from the report / the parser - # if either value of active (from the parser or from the api/gui) is false, final status is inactive - # else final status is active - # if either value of verified (from the parser or from the api/gui) is false, final status is not verified - # else final status is verified - # Note that: - # - the API (active/verified parameters) values default to True if not specified - # - the parser values default to true if not set by the parser (as per the default value in models.py) - # - there is no "not specified" in the GUI (not ticked means not active/not verified) - if item.active: + if active is not None: + # indicates an override. Otherwise, do not change the value of item.active item.active = active - if item.verified: + + if verified is not None: + # indicates an override. Otherwise, do not change the value of verified item.verified = verified # if scan_date was provided, override value from parser if scan_date: item.date = scan_date.date() - item.service = service + if service: + item.service = service item.save(dedupe_option=False) - if settings.FEATURE_FINDING_GROUPS and group_by: - finding_helper.add_finding_to_auto_group(item, group_by) + if is_finding_groups_enabled() and group_by: + # If finding groups are enabled, group all findings by group name + name = finding_helper.get_group_by_group_name(item, group_by) + if name is not None: + if name in group_names_to_findings_dict: + group_names_to_findings_dict[name].append(item) + else: + group_names_to_findings_dict[name] = [item] if (hasattr(item, 'unsaved_req_resp') and len(item.unsaved_req_resp) > 0): @@ -132,16 +154,9 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active burp_rr.clean() burp_rr.save() - if settings.ASYNC_FINDING_IMPORT: - importer_utils.chunk_endpoints_and_disperse(item, test, item.unsaved_endpoints) - else: - importer_utils.add_endpoints_to_unsaved_finding(item, test, item.unsaved_endpoints, sync=True) - + importer_utils.chunk_endpoints_and_disperse(item, test, item.unsaved_endpoints) if endpoints_to_add: - if settings.ASYNC_FINDING_IMPORT: - importer_utils.chunk_endpoints_and_disperse(item, test, endpoints_to_add) - else: - importer_utils.add_endpoints_to_unsaved_finding(item, test, endpoints_to_add, sync=True) + importer_utils.chunk_endpoints_and_disperse(item, test, endpoints_to_add) if item.unsaved_tags: item.tags = item.unsaved_tags @@ -157,40 +172,53 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active file_upload.save() item.files.add(file_upload) + importer_utils.handle_vulnerability_ids(item) + new_findings.append(item) # to avoid pushing a finding group multiple times, we push those outside of the loop - if settings.FEATURE_FINDING_GROUPS and item.finding_group: + if is_finding_groups_enabled() and group_by: item.save() else: item.save(push_to_jira=push_to_jira) - if settings.FEATURE_FINDING_GROUPS and push_to_jira: - for finding_group in set([finding.finding_group for finding in new_findings if finding.finding_group is not None]): - jira_helper.push_to_jira(finding_group) + for (group_name, findings) in group_names_to_findings_dict.items(): + finding_helper.add_findings_to_auto_group(group_name, findings, group_by, create_finding_groups_for_all_findings, **kwargs) + if push_to_jira: + if findings[0].finding_group is not None: + jira_helper.push_to_jira(findings[0].finding_group) + else: + jira_helper.push_to_jira(findings[0]) + sync = kwargs.get('sync', False) if not sync: return [serializers.serialize('json', [finding, ]) for finding in new_findings] return new_findings - def close_old_findings(self, test, scan_date_time, user, push_to_jira=None, service=None): - old_findings = [] + def close_old_findings(self, test, scan_date_time, user, push_to_jira=None, service=None, close_old_findings_product_scope=False): # Close old active findings that are not reported by this scan. - new_hash_codes = test.finding_set.values('hash_code') - - # TODO I don't think these criteria are 100% correct, why are findings with the same hash_code excluded? - # Would it make more sense to exclude duplicates? But the deduplication process can be unfinished because it's - # run in a celery async task... - if test.engagement.deduplication_on_engagement: + # Refactoring this to only call test.finding_set.values() once. + findings = test.finding_set.values() + mitigated_hash_codes = [] + new_hash_codes = [] + for finding in findings: + new_hash_codes.append(finding["hash_code"]) + if finding["is_mitigated"]: + mitigated_hash_codes.append(finding["hash_code"]) + for hash_code in new_hash_codes: + if hash_code == finding["hash_code"]: + new_hash_codes.remove(hash_code) + if close_old_findings_product_scope: + # Close old findings of the same test type in the same product old_findings = Finding.objects.exclude(test=test) \ - .exclude(hash_code__in=new_hash_codes) \ - .filter(test__engagement=test.engagement, - test__test_type=test.test_type, - active=True) + .exclude(hash_code__in=new_hash_codes) \ + .filter(test__engagement__product=test.engagement.product, + test__test_type=test.test_type, + active=True) else: - # TODO BUG? this will violate the deduplication_on_engagement setting for other engagements + # Close old findings of the same test type in the same engagement old_findings = Finding.objects.exclude(test=test) \ - .exclude(hash_code__in=new_hash_codes) \ - .filter(test__engagement__product=test.engagement.product, + .exclude(hash_code__in=new_hash_codes) \ + .filter(test__engagement=test.engagement, test__test_type=test.test_type, active=True) @@ -206,7 +234,7 @@ def close_old_findings(self, test, scan_date_time, user, push_to_jira=None, serv old_finding.notes.create(author=user, entry="This finding has been automatically closed" " as it is not present anymore in recent scans.") - endpoint_status = old_finding.endpoint_status.all() + endpoint_status = old_finding.status_finding.all() for status in endpoint_status: status.mitigated_by = user status.mitigated_time = timezone.now() @@ -217,22 +245,22 @@ def close_old_findings(self, test, scan_date_time, user, push_to_jira=None, serv old_finding.tags.add('stale') # to avoid pushing a finding group multiple times, we push those outside of the loop - if settings.FEATURE_FINDING_GROUPS and old_finding.finding_group: + if is_finding_groups_enabled() and old_finding.finding_group: # don't try to dedupe findings that we are closing old_finding.save(dedupe_option=False) else: old_finding.save(dedupe_option=False, push_to_jira=push_to_jira) - if settings.FEATURE_FINDING_GROUPS and push_to_jira: + if is_finding_groups_enabled() and push_to_jira: for finding_group in set([finding.finding_group for finding in old_findings if finding.finding_group is not None]): jira_helper.push_to_jira(finding_group) return old_findings - def import_scan(self, scan, scan_type, engagement, lead, environment, active, verified, tags=None, minimum_severity=None, + def import_scan(self, scan, scan_type, engagement, lead, environment, active=None, verified=None, tags=None, minimum_severity=None, user=None, endpoints_to_add=None, scan_date=None, version=None, branch_tag=None, build_id=None, - commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None, - service=None, title=None): + commit_hash=None, push_to_jira=None, close_old_findings=False, close_old_findings_product_scope=False, + group_by=None, api_scan_configuration=None, service=None, title=None, create_finding_groups_for_all_findings=True, apply_tags_to_findings=False): logger.debug(f'IMPORT_SCAN: parameters: {locals()}') @@ -250,7 +278,11 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active, ve parser = get_parser(scan_type) if hasattr(parser, 'get_tests'): logger.debug('IMPORT_SCAN parser v2: Create Test and parse findings') - tests = parser.get_tests(scan_type, scan) + try: + tests = parser.get_tests(scan_type, scan) + except ValueError as e: + logger.warning(e) + raise ValidationError(e) # for now we only consider the first test in the list and artificially aggregate all findings of all tests # this is the same as the old behavior as current import/reimporter implementation doesn't handle the case # when there is more than 1 test @@ -295,7 +327,11 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active, ve logger.debug('IMPORT_SCAN: Parse findings') parser = get_parser(scan_type) - parsed_findings = parser.get_findings(scan, test) + try: + parsed_findings = parser.get_findings(scan, test) + except ValueError as e: + logger.warning(e) + raise ValidationError(e) logger.debug('IMPORT_SCAN: Processing findings') new_findings = [] @@ -304,10 +340,11 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active, ve results_list = [] # First kick off all the workers for findings_list in chunk_list: - result = self.process_parsed_findings(test, findings_list, scan_type, user, active, - verified, minimum_severity=minimum_severity, + result = self.process_parsed_findings(test, findings_list, scan_type, user, active=active, + verified=verified, minimum_severity=minimum_severity, endpoints_to_add=endpoints_to_add, push_to_jira=push_to_jira, - group_by=group_by, now=now, service=service, scan_date=scan_date, sync=False) + group_by=group_by, now=now, service=service, scan_date=scan_date, sync=False, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings) # Since I dont want to wait until the task is done right now, save the id # So I can check on the task later results_list += [result] @@ -320,17 +357,18 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active, ve # Indicate that the test is not complete yet as endpoints will still be rolling in. test.percent_complete = 50 test.save() - importer_utils.update_test_progress(test) else: - new_findings = self.process_parsed_findings(test, parsed_findings, scan_type, user, active, - verified, minimum_severity=minimum_severity, + new_findings = self.process_parsed_findings(test, parsed_findings, scan_type, user, active=active, + verified=verified, minimum_severity=minimum_severity, endpoints_to_add=endpoints_to_add, push_to_jira=push_to_jira, - group_by=group_by, now=now, service=service, scan_date=scan_date, sync=True) + group_by=group_by, now=now, service=service, scan_date=scan_date, sync=True, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings) closed_findings = [] if close_old_findings: logger.debug('IMPORT_SCAN: Closing findings no longer present in scan report') - closed_findings = self.close_old_findings(test, scan_date, user=user, push_to_jira=push_to_jira, service=service) + closed_findings = self.close_old_findings(test, scan_date, user=user, push_to_jira=push_to_jira, service=service, + close_old_findings_product_scope=close_old_findings_product_scope) logger.debug('IMPORT_SCAN: Updating test/engagement timestamps') importer_utils.update_timestamps(test, version, branch_tag, build_id, commit_hash, now, scan_date) @@ -341,12 +379,18 @@ def import_scan(self, scan, scan_type, engagement, lead, environment, active, ve test_import = importer_utils.update_import_history(Test_Import.IMPORT_TYPE, active, verified, tags, minimum_severity, endpoints_to_add, version, branch_tag, build_id, commit_hash, push_to_jira, close_old_findings, test, new_findings, closed_findings) + if apply_tags_to_findings and tags: + for finding in test_import.findings_affected.all(): + for tag in tags: + finding.tags.add(tag) logger.debug('IMPORT_SCAN: Generating notifications') notifications_helper.notify_test_created(test) updated_count = len(new_findings) + len(closed_findings) - if updated_count > 0: - notifications_helper.notify_scan_added(test, updated_count, new_findings=new_findings, findings_mitigated=closed_findings) + notifications_helper.notify_scan_added(test, updated_count, new_findings=new_findings, findings_mitigated=closed_findings) + + logger.debug('IMPORT_SCAN: Updating Test progress') + importer_utils.update_test_progress(test) logger.debug('IMPORT_SCAN: Done') diff --git a/dojo/importers/reimporter/reimporter.py b/dojo/importers/reimporter/reimporter.py index 34e6841a9de..107068d11fa 100644 --- a/dojo/importers/reimporter/reimporter.py +++ b/dojo/importers/reimporter/reimporter.py @@ -12,26 +12,43 @@ from django.core.files.base import ContentFile from django.utils import timezone from dojo.importers import utils as importer_utils -from dojo.models import (BurpRawRequestResponse, FileUpload, Finding, - Notes, Test_Import) +from dojo.importers.reimporter import utils as reimporter_utils +from dojo.models import BurpRawRequestResponse, FileUpload, Finding, Notes, Test_Import from dojo.tools.factory import get_parser -from dojo.utils import get_current_user +from dojo.utils import get_current_user, is_finding_groups_enabled +from django.db.models import Q logger = logging.getLogger(__name__) deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") class DojoDefaultReImporter(object): - @dojo_async_task @app.task(ignore_result=False) - def process_parsed_findings(self, test, parsed_findings, scan_type, user, active, verified, minimum_severity=None, - endpoints_to_add=None, push_to_jira=None, group_by=None, now=timezone.now(), service=None, scan_date=None, **kwargs): + def process_parsed_findings( + self, + test, + parsed_findings, + scan_type, + user, + active=None, + verified=None, + minimum_severity=None, + endpoints_to_add=None, + push_to_jira=None, + group_by=None, + now=timezone.now(), + service=None, + scan_date=None, + do_not_reactivate=False, + create_finding_groups_for_all_findings=True, + apply_tags_to_findings=False, + **kwargs, + ): items = parsed_findings original_items = list(test.finding_set.all()) new_items = [] - mitigated_count = 0 finding_count = 0 finding_added_count = 0 reactivated_count = 0 @@ -39,106 +56,272 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active unchanged_count = 0 unchanged_items = [] - logger.debug('starting reimport of %i items.', len(items) if items else 0) - from dojo.importers.reimporter.utils import ( - get_deduplication_algorithm_from_conf, - match_new_finding_to_existing_finding, - update_endpoint_status, - reactivate_endpoint_status) - deduplication_algorithm = get_deduplication_algorithm_from_conf(scan_type) + logger.debug("starting reimport of %i items.", len(items) if items else 0) + deduplication_algorithm = test.deduplication_algorithm i = 0 - logger.debug('STEP 1: looping over findings from the reimported report and trying to match them to existing findings') - deduplicationLogger.debug('Algorithm used for matching new findings to existing findings: %s', deduplication_algorithm) + group_names_to_findings_dict = {} + logger.debug( + "STEP 1: looping over findings from the reimported report and trying to match them to existing findings" + ) + deduplicationLogger.debug( + "Algorithm used for matching new findings to existing findings: %s", + deduplication_algorithm, + ) for item in items: # FIXME hack to remove when all parsers have unit tests for this attribute - if item.severity.lower().startswith('info') and item.severity != 'Info': - item.severity = 'Info' + if item.severity.lower().startswith("info") and item.severity != "Info": + item.severity = "Info" item.numerical_severity = Finding.get_numerical_severity(item.severity) - if minimum_severity and (Finding.SEVERITIES[item.severity] > Finding.SEVERITIES[minimum_severity]): + if minimum_severity and ( + Finding.SEVERITIES[item.severity] > Finding.SEVERITIES[minimum_severity] + ): # finding's severity is below the configured threshold : ignoring the finding continue # existing findings may be from before we had component_name/version fields - component_name = item.component_name if hasattr(item, 'component_name') else None - component_version = item.component_version if hasattr(item, 'component_version') else None - - if not hasattr(item, 'test'): + component_name = ( + item.component_name if hasattr(item, "component_name") else None + ) + component_version = ( + item.component_version if hasattr(item, "component_version") else None + ) + + if not hasattr(item, "test"): item.test = test - item.service = service + if service: + item.service = service + + if item.dynamic_finding: + for e in item.unsaved_endpoints: + try: + e.clean() + except ValidationError as err: + logger.warning( + "DefectDojo is storing broken endpoint because cleaning wasn't successful: " + "{}".format(err) + ) item.hash_code = item.compute_hash_code() deduplicationLogger.debug("item's hash_code: %s", item.hash_code) - findings = match_new_finding_to_existing_finding(item, test, deduplication_algorithm, scan_type) - - deduplicationLogger.debug('found %i findings matching with current new finding', len(findings)) + findings = reimporter_utils.match_new_finding_to_existing_finding( + item, test, deduplication_algorithm + ) + deduplicationLogger.debug( + "found %i findings matching with current new finding", len(findings) + ) if findings: # existing finding found finding = findings[0] if finding.false_p or finding.out_of_scope or finding.risk_accepted: - logger.debug('%i: skipping existing finding (it is marked as false positive:%s and/or out of scope:%s or is a risk accepted:%s): %i:%s:%s:%s', i, finding.false_p, finding.out_of_scope, finding.risk_accepted, finding.id, finding, finding.component_name, finding.component_version) - elif finding.mitigated or finding.is_mitigated: - logger.debug('%i: reactivating: %i:%s:%s:%s', i, finding.id, finding, finding.component_name, finding.component_version) - finding.mitigated = None - finding.is_mitigated = False - finding.mitigated_by = None - finding.active = True - finding.verified = verified - + logger.debug( + "%i: skipping existing finding (it is marked as false positive:%s and/or out of scope:%s or is a risk accepted:%s): %i:%s:%s:%s", + i, + finding.false_p, + finding.out_of_scope, + finding.risk_accepted, + finding.id, + finding, + finding.component_name, + finding.component_version, + ) + if ( + finding.false_p == item.false_p + and finding.out_of_scope == item.out_of_scope + and finding.risk_accepted == item.risk_accepted + ): + unchanged_items.append(finding) + unchanged_count += 1 + continue + elif finding.is_mitigated: + # if the reimported item has a mitigation time, we can compare + if item.is_mitigated: + unchanged_items.append(finding) + unchanged_count += 1 + if item.mitigated: + logger.debug( + "item mitigated time: " + + str(item.mitigated.timestamp()) + ) + logger.debug( + "finding mitigated time: " + + str(finding.mitigated.timestamp()) + ) + if ( + item.mitigated.timestamp() + == finding.mitigated.timestamp() + ): + logger.debug( + "New imported finding and already existing finding have the same mitigation date, will skip as they are the same." + ) + continue + if ( + item.mitigated.timestamp() + != finding.mitigated.timestamp() + ): + logger.debug( + "New imported finding and already existing finding are both mitigated but have different dates, not taking action" + ) + # TODO: implement proper date-aware reimporting mechanism, if an imported finding is closed more recently than the defectdojo finding, then there might be details in the scanner that should be added + continue + else: + # even if there is no mitigation time, skip it, because both the current finding and the reimported finding are is_mitigated + continue + else: + if not do_not_reactivate: + logger.debug( + "%i: reactivating: %i:%s:%s:%s", + i, + finding.id, + finding, + finding.component_name, + finding.component_version, + ) + finding.mitigated = None + finding.is_mitigated = False + finding.mitigated_by = None + finding.active = True + if verified is not None: + finding.verified = verified + if do_not_reactivate: + logger.debug( + "%i: skipping reactivating by user's choice do_not_reactivate: %i:%s:%s:%s", + i, + finding.id, + finding, + finding.component_name, + finding.component_version, + ) + existing_note = finding.notes.filter( + entry="Finding has skipped reactivation from %s re-upload with user decision do_not_reactivate." + % scan_type, + author=user, + ) + if len(existing_note) == 0: + note = Notes( + entry="Finding has skipped reactivation from %s re-upload with user decision do_not_reactivate." + % scan_type, + author=user, + ) + note.save() + finding.notes.add(note) + finding.save(dedupe_option=False) + continue # existing findings may be from before we had component_name/version fields - finding.component_name = finding.component_name if finding.component_name else component_name - finding.component_version = finding.component_version if finding.component_version else component_version + finding.component_name = ( + finding.component_name + if finding.component_name + else component_name + ) + finding.component_version = ( + finding.component_version + if finding.component_version + else component_version + ) # don't dedupe before endpoints are added finding.save(dedupe_option=False) note = Notes( - entry="Re-activated by %s re-upload." % scan_type, - author=user) + entry="Re-activated by %s re-upload." % scan_type, author=user + ) note.save() - endpoint_statuses = finding.endpoint_status.all() - - # Determine if this can be run async - if settings.ASYNC_FINDING_IMPORT: - chunk_list = importer_utils.chunk_list(endpoint_statuses) - # If there is only one chunk, then do not bother with async - if len(chunk_list) < 2: - reactivate_endpoint_status(endpoint_statuses, sync=True) - logger.debug('IMPORT_SCAN: Split endpoints into ' + str(len(chunk_list)) + ' chunks of ' + str(chunk_list[0])) - # First kick off all the workers - for endpoint_status_list in chunk_list: - reactivate_endpoint_status(endpoint_status_list, sync=False) - else: - reactivate_endpoint_status(endpoint_statuses, sync=True) + endpoint_statuses = finding.status_finding.exclude( + Q(false_positive=True) + | Q(out_of_scope=True) + | Q(risk_accepted=True) + ) + reimporter_utils.chunk_endpoints_and_reactivate(endpoint_statuses) finding.notes.add(note) reactivated_items.append(finding) reactivated_count += 1 else: + # if finding associated to new item is none of risk accepted, mitigated, false positive or out of scope # existing findings may be from before we had component_name/version fields - logger.debug('%i: updating existing finding: %i:%s:%s:%s', i, finding.id, finding, finding.component_name, finding.component_version) - if not finding.component_name or not finding.component_version: - finding.component_name = finding.component_name if finding.component_name else component_name - finding.component_version = finding.component_version if finding.component_version else component_version + logger.debug( + "%i: updating existing finding: %i:%s:%s:%s", + i, + finding.id, + finding, + finding.component_name, + finding.component_version, + ) + if not (finding.mitigated and finding.is_mitigated): + logger.debug( + "Reimported item matches a finding that is currently open." + ) + if item.is_mitigated: + logger.debug( + "Reimported mitigated item matches a finding that is currently open, closing." + ) + # TODO: Implement a date comparison for opened defectdojo findings before closing them by reimporting, as they could be force closed by the scanner but a DD user forces it open ? + logger.debug( + "%i: closing: %i:%s:%s:%s", + i, + finding.id, + finding, + finding.component_name, + finding.component_version, + ) + finding.mitigated = item.mitigated + finding.is_mitigated = True + finding.mitigated_by = item.mitigated_by + finding.active = False + if verified is not None: + finding.verified = verified + elif item.risk_accepted or item.false_p or item.out_of_scope: + logger.debug('Reimported mitigated item matches a finding that is currently open, closing.') + logger.debug('%i: closing: %i:%s:%s:%s', i, finding.id, finding, finding.component_name, finding.component_version) + finding.risk_accepted = item.risk_accepted + finding.false_p = item.false_p + finding.out_of_scope = item.out_of_scope + finding.active = False + if verified is not None: + finding.verified = verified + else: + # if finding is the same but list of affected was changed, finding is marked as unchanged. This is a known issue + unchanged_items.append(finding) + unchanged_count += 1 + + if (component_name is not None and not finding.component_name) or ( + component_version is not None and not finding.component_version + ): + finding.component_name = ( + finding.component_name + if finding.component_name + else component_name + ) + finding.component_version = ( + finding.component_version + if finding.component_version + else component_version + ) finding.save(dedupe_option=False) - unchanged_items.append(finding) - unchanged_count += 1 if finding.dynamic_finding: - logger.debug("Re-import found an existing dynamic finding for this new finding. Checking the status of endpoints") - update_endpoint_status(finding, item, user) + logger.debug( + "Re-import found an existing dynamic finding for this new finding. Checking the status of endpoints" + ) + reimporter_utils.update_endpoint_status(finding, item, user) else: # no existing finding found item.reporter = user item.last_reviewed = timezone.now() item.last_reviewed_by = user - item.verified = verified - item.active = active + + if active is not None: + # indicates an override. Otherwise, do not change the value of item.active + item.active = active + + if verified is not None: + # indicates an override. Otherwise, do not change the value of verified + item.verified = verified # if scan_date was provided, override value from parser if scan_date: @@ -146,73 +329,107 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active # Save it. Don't dedupe before endpoints are added. item.save(dedupe_option=False) - logger.debug('%i: reimport created new finding as no existing finding match: %i:%s:%s:%s', i, item.id, item, item.component_name, item.component_version) + logger.debug( + "%i: reimport created new finding as no existing finding match: %i:%s:%s:%s", + i, + item.id, + item, + item.component_name, + item.component_version, + ) # only new items get auto grouped to avoid confusion around already existing items that are already grouped - if settings.FEATURE_FINDING_GROUPS and group_by: - finding_helper.add_finding_to_auto_group(item, group_by) + if is_finding_groups_enabled() and group_by: + # If finding groups are enabled, group all findings by group name + name = finding_helper.get_group_by_group_name(item, group_by) + if name is not None: + if name in group_names_to_findings_dict: + group_names_to_findings_dict[name].append(item) + else: + group_names_to_findings_dict[name] = [item] finding_added_count += 1 new_items.append(item) finding = item - if hasattr(item, 'unsaved_req_resp'): + if hasattr(item, "unsaved_req_resp"): for req_resp in item.unsaved_req_resp: burp_rr = BurpRawRequestResponse( finding=finding, - burpRequestBase64=base64.b64encode(req_resp["req"].encode("utf-8")), - burpResponseBase64=base64.b64encode(req_resp["resp"].encode("utf-8"))) + burpRequestBase64=base64.b64encode( + req_resp["req"].encode("utf-8") + ), + burpResponseBase64=base64.b64encode( + req_resp["resp"].encode("utf-8") + ), + ) burp_rr.clean() burp_rr.save() if item.unsaved_request and item.unsaved_response: burp_rr = BurpRawRequestResponse( finding=finding, - burpRequestBase64=base64.b64encode(item.unsaved_request.encode()), - burpResponseBase64=base64.b64encode(item.unsaved_response.encode())) + burpRequestBase64=base64.b64encode( + item.unsaved_request.encode() + ), + burpResponseBase64=base64.b64encode( + item.unsaved_response.encode() + ), + ) burp_rr.clean() burp_rr.save() # for existing findings: make sure endpoints are present or created if finding: finding_count += 1 - if settings.ASYNC_FINDING_IMPORT: - importer_utils.chunk_endpoints_and_disperse(finding, test, item.unsaved_endpoints) - else: - importer_utils.add_endpoints_to_unsaved_finding(finding, test, item.unsaved_endpoints, sync=True) - + importer_utils.chunk_endpoints_and_disperse( + finding, test, item.unsaved_endpoints + ) if endpoints_to_add: - if settings.ASYNC_FINDING_IMPORT: - importer_utils.chunk_endpoints_and_disperse(finding, test, endpoints_to_add) - else: - importer_utils.add_endpoints_to_unsaved_finding(finding, test, endpoints_to_add, sync=True) + importer_utils.chunk_endpoints_and_disperse( + finding, test, endpoints_to_add + ) if item.unsaved_tags: finding.tags = item.unsaved_tags if item.unsaved_files: for unsaved_file in item.unsaved_files: - data = base64.b64decode(unsaved_file.get('data')) - title = unsaved_file.get('title', '') - file_upload, file_upload_created = FileUpload.objects.get_or_create( + data = base64.b64decode(unsaved_file.get("data")) + title = unsaved_file.get("title", "") + ( + file_upload, + file_upload_created, + ) = FileUpload.objects.get_or_create( title=title, ) file_upload.file.save(title, ContentFile(data)) file_upload.save() finding.files.add(file_upload) + if finding.unsaved_vulnerability_ids: + importer_utils.handle_vulnerability_ids(finding) + # existing findings may be from before we had component_name/version fields - finding.component_name = finding.component_name if finding.component_name else component_name - finding.component_version = finding.component_version if finding.component_version else component_version + finding.component_name = ( + finding.component_name if finding.component_name else component_name + ) + finding.component_version = ( + finding.component_version + if finding.component_version + else component_version + ) # finding = new finding or existing finding still in the upload report # to avoid pushing a finding group multiple times, we push those outside of the loop - if settings.FEATURE_FINDING_GROUPS and finding.finding_group: + if is_finding_groups_enabled() and group_by: finding.save() else: finding.save(push_to_jira=push_to_jira) - to_mitigate = set(original_items) - set(reactivated_items) - set(unchanged_items) + to_mitigate = ( + set(original_items) - set(reactivated_items) - set(unchanged_items) + ) # due to #3958 we can have duplicates inside the same report # this could mean that a new finding is created and right after # that it is detected as the 'matched existing finding' for a @@ -221,63 +438,142 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active # while it is in fact a new finding. So we substract new_items untouched = set(unchanged_items) - set(to_mitigate) - set(new_items) - if settings.FEATURE_FINDING_GROUPS and push_to_jira: - for finding_group in set([finding.finding_group for finding in reactivated_items + unchanged_items + new_items if finding.finding_group is not None]): + for (group_name, findings) in group_names_to_findings_dict.items(): + finding_helper.add_findings_to_auto_group(group_name, findings, group_by, create_finding_groups_for_all_findings, **kwargs) + if push_to_jira: + if findings[0].finding_group is not None: + jira_helper.push_to_jira(findings[0].finding_group) + else: + jira_helper.push_to_jira(findings[0]) + + if is_finding_groups_enabled() and push_to_jira: + for finding_group in set( + [ + finding.finding_group + for finding in reactivated_items + unchanged_items + if finding.finding_group is not None and not finding.is_mitigated + ] + ): jira_helper.push_to_jira(finding_group) - sync = kwargs.get('sync', False) + + sync = kwargs.get("sync", False) if not sync: - serialized_new_items = [serializers.serialize('json', [finding, ]) for finding in new_items] - serialized_reactivated_items = [serializers.serialize('json', [finding, ]) for finding in reactivated_items] - serialized_to_mitigate = [serializers.serialize('json', [finding, ]) for finding in to_mitigate] - serialized_untouched = [serializers.serialize('json', [finding, ]) for finding in untouched] - return serialized_new_items, serialized_reactivated_items, serialized_to_mitigate, serialized_untouched + serialized_new_items = [ + serializers.serialize( + "json", + [ + finding, + ], + ) + for finding in new_items + ] + serialized_reactivated_items = [ + serializers.serialize( + "json", + [ + finding, + ], + ) + for finding in reactivated_items + ] + serialized_to_mitigate = [ + serializers.serialize( + "json", + [ + finding, + ], + ) + for finding in to_mitigate + ] + serialized_untouched = [ + serializers.serialize( + "json", + [ + finding, + ], + ) + for finding in untouched + ] + return ( + serialized_new_items, + serialized_reactivated_items, + serialized_to_mitigate, + serialized_untouched, + ) return new_items, reactivated_items, to_mitigate, untouched - def close_old_findings(self, test, to_mitigate, scan_date_time, user, push_to_jira=None): - logger.debug('IMPORT_SCAN: Closing findings no longer present in scan report') + def close_old_findings( + self, test, to_mitigate, scan_date_time, user, push_to_jira=None + ): + logger.debug("IMPORT_SCAN: Closing findings no longer present in scan report") mitigated_findings = [] for finding in to_mitigate: if not finding.mitigated or not finding.is_mitigated: - logger.debug('mitigating finding: %i:%s', finding.id, finding) + logger.debug("mitigating finding: %i:%s", finding.id, finding) finding.mitigated = scan_date_time finding.is_mitigated = True finding.mitigated_by = user finding.active = False - endpoint_status = finding.endpoint_status.all() - for status in endpoint_status: - status.mitigated_by = user - status.mitigated_time = timezone.now() - status.mitigated = True - status.last_modified = timezone.now() - status.save() + endpoint_status = finding.status_finding.all() + reimporter_utils.mitigate_endpoint_status( + endpoint_status, user, kwuser=user, sync=True + ) # to avoid pushing a finding group multiple times, we push those outside of the loop - if settings.FEATURE_FINDING_GROUPS and finding.finding_group: + if is_finding_groups_enabled() and finding.finding_group: # don't try to dedupe findings that we are closing finding.save(dedupe_option=False) else: finding.save(push_to_jira=push_to_jira, dedupe_option=False) - note = Notes(entry="Mitigated by %s re-upload." % test.test_type, - author=user) + note = Notes( + entry="Mitigated by %s re-upload." % test.test_type, author=user + ) note.save() finding.notes.add(note) mitigated_findings.append(finding) - if settings.FEATURE_FINDING_GROUPS and push_to_jira: - for finding_group in set([finding.finding_group for finding in to_mitigate if finding.finding_group is not None]): + if is_finding_groups_enabled() and push_to_jira: + for finding_group in set( + [ + finding.finding_group + for finding in to_mitigate + if finding.finding_group is not None + ] + ): jira_helper.push_to_jira(finding_group) return mitigated_findings - def reimport_scan(self, scan, scan_type, test, active=True, verified=True, tags=None, minimum_severity=None, - user=None, endpoints_to_add=None, scan_date=None, version=None, branch_tag=None, build_id=None, - commit_hash=None, push_to_jira=None, close_old_findings=True, group_by=None, api_scan_configuration=None, - service=None): - - logger.debug(f'REIMPORT_SCAN: parameters: {locals()}') + def reimport_scan( + self, + scan, + scan_type, + test, + active=None, + verified=None, + tags=None, + minimum_severity=None, + user=None, + endpoints_to_add=None, + scan_date=None, + version=None, + branch_tag=None, + build_id=None, + commit_hash=None, + push_to_jira=None, + close_old_findings=True, + group_by=None, + api_scan_configuration=None, + service=None, + do_not_reactivate=False, + create_finding_groups_for_all_findings=True, + apply_tags_to_findings=False, + ): + + logger.debug(f"REIMPORT_SCAN: parameters: {locals()}") user = user or get_current_user() @@ -285,16 +581,22 @@ def reimport_scan(self, scan, scan_type, test, active=True, verified=True, tags= if api_scan_configuration: if api_scan_configuration.product != test.engagement.product: - raise ValidationError('API Scan Configuration has to be from same product as the Test') + raise ValidationError( + "API Scan Configuration has to be from same product as the Test" + ) if test.api_scan_configuration != api_scan_configuration: test.api_scan_configuration = api_scan_configuration test.save() # check if the parser that handle the scan_type manage tests parser = get_parser(scan_type) - if hasattr(parser, 'get_tests'): - logger.debug('REIMPORT_SCAN parser v2: Create parse findings') - tests = parser.get_tests(scan_type, scan) + if hasattr(parser, "get_tests"): + logger.debug("REIMPORT_SCAN parser v2: Create parse findings") + try: + tests = parser.get_tests(scan_type, scan) + except ValueError as e: + logger.warning(e) + raise ValidationError(e) # for now we only consider the first test in the list and artificially aggregate all findings of all tests # this is the same as the old behavior as current import/reimporter implementation doesn't handle the case # when there is more than 1 test @@ -302,10 +604,14 @@ def reimport_scan(self, scan, scan_type, test, active=True, verified=True, tags= for test_raw in tests: parsed_findings.extend(test_raw.findings) else: - logger.debug('REIMPORT_SCAN: Parse findings') - parsed_findings = parser.get_findings(scan, test) - - logger.debug('REIMPORT_SCAN: Processing findings') + logger.debug("REIMPORT_SCAN: Parse findings") + try: + parsed_findings = parser.get_findings(scan, test) + except ValueError as e: + logger.warning(e) + raise ValidationError(e) + + logger.debug("REIMPORT_SCAN: Processing findings") new_findings = [] reactivated_findings = [] findings_to_mitigate = [] @@ -315,53 +621,152 @@ def reimport_scan(self, scan, scan_type, test, active=True, verified=True, tags= results_list = [] # First kick off all the workers for findings_list in chunk_list: - result = self.process_parsed_findings(test, findings_list, scan_type, user, active, verified, - minimum_severity=minimum_severity, endpoints_to_add=endpoints_to_add, - push_to_jira=push_to_jira, group_by=group_by, now=now, service=service, scan_date=scan_date, sync=False) + result = self.process_parsed_findings( + test, + findings_list, + scan_type, + user, + active=active, + verified=verified, + minimum_severity=minimum_severity, + endpoints_to_add=endpoints_to_add, + push_to_jira=push_to_jira, + group_by=group_by, + now=now, + service=service, + scan_date=scan_date, + sync=False, + do_not_reactivate=do_not_reactivate, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, + ) + # Since I dont want to wait until the task is done right now, save the id # So I can check on the task later results_list += [result] # After all tasks have been started, time to pull the results - logger.debug('REIMPORT_SCAN: Collecting Findings') + logger.debug("REIMPORT_SCAN: Collecting Findings") for results in results_list: - serial_new_findings, serial_reactivated_findings, serial_findings_to_mitigate, serial_untouched_findings = results.get() - new_findings += [next(serializers.deserialize("json", finding)).object for finding in serial_new_findings] - reactivated_findings += [next(serializers.deserialize("json", finding)).object for finding in serial_reactivated_findings] - findings_to_mitigate += [next(serializers.deserialize("json", finding)).object for finding in serial_findings_to_mitigate] - untouched_findings += [next(serializers.deserialize("json", finding)).object for finding in serial_untouched_findings] - logger.debug('REIMPORT_SCAN: All Findings Collected') + ( + serial_new_findings, + serial_reactivated_findings, + serial_findings_to_mitigate, + serial_untouched_findings, + ) = results.get() + new_findings += [ + next(serializers.deserialize("json", finding)).object + for finding in serial_new_findings + ] + reactivated_findings += [ + next(serializers.deserialize("json", finding)).object + for finding in serial_reactivated_findings + ] + findings_to_mitigate += [ + next(serializers.deserialize("json", finding)).object + for finding in serial_findings_to_mitigate + ] + untouched_findings += [ + next(serializers.deserialize("json", finding)).object + for finding in serial_untouched_findings + ] + logger.debug("REIMPORT_SCAN: All Findings Collected") # Indicate that the test is not complete yet as endpoints will still be rolling in. test.percent_complete = 50 test.save() importer_utils.update_test_progress(test) else: - new_findings, reactivated_findings, findings_to_mitigate, untouched_findings = \ - self.process_parsed_findings(test, parsed_findings, scan_type, user, active, verified, - minimum_severity=minimum_severity, endpoints_to_add=endpoints_to_add, - push_to_jira=push_to_jira, group_by=group_by, now=now, service=service, scan_date=scan_date, sync=True) + ( + new_findings, + reactivated_findings, + findings_to_mitigate, + untouched_findings, + ) = self.process_parsed_findings( + test, + parsed_findings, + scan_type, + user, + active=active, + verified=verified, + minimum_severity=minimum_severity, + endpoints_to_add=endpoints_to_add, + push_to_jira=push_to_jira, + group_by=group_by, + now=now, + service=service, + scan_date=scan_date, + sync=True, + do_not_reactivate=do_not_reactivate, + create_finding_groups_for_all_findings=create_finding_groups_for_all_findings, + ) closed_findings = [] if close_old_findings: - logger.debug('REIMPORT_SCAN: Closing findings no longer present in scan report') - closed_findings = self.close_old_findings(test, findings_to_mitigate, scan_date, user=user, push_to_jira=push_to_jira) - - logger.debug('REIMPORT_SCAN: Updating test/engagement timestamps') - importer_utils.update_timestamps(test, version, branch_tag, build_id, commit_hash, now, scan_date) + logger.debug( + "REIMPORT_SCAN: Closing findings no longer present in scan report" + ) + closed_findings = self.close_old_findings( + test, + findings_to_mitigate, + scan_date, + user=user, + push_to_jira=push_to_jira, + ) + + logger.debug("REIMPORT_SCAN: Updating test/engagement timestamps") + importer_utils.update_timestamps( + test, version, branch_tag, build_id, commit_hash, now, scan_date + ) + + logger.debug("REIMPORT_SCAN: Updating test tags") + importer_utils.update_tags(test, tags) test_import = None if settings.TRACK_IMPORT_HISTORY: - logger.debug('REIMPORT_SCAN: Updating Import History') - test_import = importer_utils.update_import_history(Test_Import.REIMPORT_TYPE, active, verified, tags, minimum_severity, endpoints_to_add, - version, branch_tag, build_id, commit_hash, push_to_jira, close_old_findings, - test, new_findings, closed_findings, reactivated_findings, untouched_findings) - - logger.debug('REIMPORT_SCAN: Generating notifications') - - updated_count = len(closed_findings) + len(reactivated_findings) + len(new_findings) - if updated_count > 0: - notifications_helper.notify_scan_added(test, updated_count, new_findings=new_findings, findings_mitigated=closed_findings, - findings_reactivated=reactivated_findings, findings_untouched=untouched_findings) - - logger.debug('REIMPORT_SCAN: Done') - - return test, updated_count, len(new_findings), len(closed_findings), len(reactivated_findings), len(untouched_findings), test_import + logger.debug("REIMPORT_SCAN: Updating Import History") + test_import = importer_utils.update_import_history( + Test_Import.REIMPORT_TYPE, + active, + verified, + tags, + minimum_severity, + endpoints_to_add, + version, + branch_tag, + build_id, + commit_hash, + push_to_jira, + close_old_findings, + test, + new_findings, + closed_findings, + reactivated_findings, + untouched_findings, + ) + if apply_tags_to_findings and tags: + for finding in test_import.findings_affected.all(): + for tag in tags: + finding.tags.add(tag) + logger.debug("REIMPORT_SCAN: Generating notifications") + + updated_count = ( + len(closed_findings) + len(reactivated_findings) + len(new_findings) + ) + notifications_helper.notify_scan_added( + test, + updated_count, + new_findings=new_findings, + findings_mitigated=closed_findings, + findings_reactivated=reactivated_findings, + findings_untouched=untouched_findings, + ) + + logger.debug("REIMPORT_SCAN: Done") + + return ( + test, + updated_count, + len(new_findings), + len(closed_findings), + len(reactivated_findings), + len(untouched_findings), + test_import, + ) diff --git a/dojo/importers/reimporter/utils.py b/dojo/importers/reimporter/utils.py index fe6e430a086..523b1a8a45a 100644 --- a/dojo/importers/reimporter/utils.py +++ b/dojo/importers/reimporter/utils.py @@ -18,16 +18,7 @@ """ -def get_deduplication_algorithm_from_conf(scan_type): - # Default algorithm - deduplication_algorithm = 'legacy' - # Check for an override for this scan_type in the deduplication configuration - if hasattr(settings, 'DEDUPLICATION_ALGORITHM_PER_PARSER') and scan_type in settings.DEDUPLICATION_ALGORITHM_PER_PARSER: - deduplication_algorithm = settings.DEDUPLICATION_ALGORITHM_PER_PARSER[scan_type] - return deduplication_algorithm - - -def match_new_finding_to_existing_finding(new_finding, test, deduplication_algorithm, scan_type): +def match_new_finding_to_existing_finding(new_finding, test, deduplication_algorithm): # This code should match the logic used for deduplication out of the re-import feature. # See utils.py deduplicate_* functions deduplicationLogger.debug('return findings bases on algorithm: %s', deduplication_algorithm) @@ -67,13 +58,27 @@ def match_new_finding_to_existing_finding(new_finding, test, deduplication_algor def update_endpoint_status(existing_finding, new_finding, user): # New endpoints are already added in serializers.py / views.py (see comment "# for existing findings: make sure endpoints are present or created") # So we only need to mitigate endpoints that are no longer present - existing_finding_endpoint_status_list = existing_finding.endpoint_status.all() + # using `.all()` will mark as mitigated also `endpoint_status` with flags `false_positive`, `out_of_scope` and `risk_accepted`. This is a known issue. This is not a bug. This is a future. + existing_finding_endpoint_status_list = existing_finding.status_finding.all() new_finding_endpoints_list = new_finding.unsaved_endpoints - endpoint_status_to_mitigate = list( - filter( - lambda existing_finding_endpoint_status: existing_finding_endpoint_status.endpoint not in new_finding_endpoints_list, - existing_finding_endpoint_status_list) - ) + if new_finding.is_mitigated: + # New finding is mitigated, so mitigate all old endpoints + endpoint_status_to_mitigate = existing_finding_endpoint_status_list + else: + # Mitigate any endpoints in the old finding not found in the new finding + endpoint_status_to_mitigate = list( + filter( + lambda existing_finding_endpoint_status: existing_finding_endpoint_status.endpoint not in new_finding_endpoints_list, + existing_finding_endpoint_status_list) + ) + # Re-activate any endpoints in the old finding that are in the new finding + endpoint_status_to_reactivate = list( + filter( + lambda existing_finding_endpoint_status: existing_finding_endpoint_status.endpoint in new_finding_endpoints_list, + existing_finding_endpoint_status_list) + ) + chunk_endpoints_and_reactivate(endpoint_status_to_reactivate) + # Determine if this can be run async if settings.ASYNC_FINDING_IMPORT: chunk_list = importer_utils.chunk_list(endpoint_status_to_mitigate) @@ -91,25 +96,45 @@ def update_endpoint_status(existing_finding, new_finding, user): @dojo_async_task @app.task() def mitigate_endpoint_status(endpoint_status_list, user, **kwargs): + """ Only mitigate endpoints that are actually active """ for endpoint_status in endpoint_status_list: - logger.debug("Re-import: mitigating endpoint %s that is no longer present", str(endpoint_status.endpoint)) - endpoint_status.mitigated_by = user - endpoint_status.mitigated_time = timezone.now() - endpoint_status.mitigated = True - endpoint_status.last_modified = timezone.now() - endpoint_status.save() + # Only mitigate endpoints that are actually active + if not endpoint_status.mitigated: + logger.debug("Re-import: mitigating endpoint %s that is no longer present", str(endpoint_status.endpoint)) + endpoint_status.mitigated_by = user + endpoint_status.mitigated_time = timezone.now() + endpoint_status.mitigated = True + endpoint_status.last_modified = timezone.now() + endpoint_status.save() + + +def chunk_endpoints_and_reactivate(endpoint_statuses, **kwargs): + # Determine if this can be run async + if settings.ASYNC_FINDING_IMPORT: + chunk_list = importer_utils.chunk_list(endpoint_statuses) + # If there is only one chunk, then do not bother with async + if len(chunk_list) < 2: + reactivate_endpoint_status(endpoint_statuses, sync=True) + logger.debug('IMPORT_SCAN: Split endpoints into ' + str(len(chunk_list)) + ' chunks of ' + str(chunk_list[0])) + # First kick off all the workers + for endpoint_status_list in chunk_list: + reactivate_endpoint_status(endpoint_status_list, sync=False) + else: + reactivate_endpoint_status(endpoint_statuses, sync=True) @dojo_async_task @app.task() def reactivate_endpoint_status(endpoint_status_list, **kwargs): for endpoint_status in endpoint_status_list: - logger.debug("Re-import: reactivating endpoint %s that is present in this scan", str(endpoint_status.endpoint)) - endpoint_status.mitigated_by = None - endpoint_status.mitigated_time = None - endpoint_status.mitigated = False - endpoint_status.last_modified = timezone.now() - endpoint_status.save() + # Only reactivate endpoints that are actually mitigated + if endpoint_status.mitigated: + logger.debug("Re-import: reactivating endpoint %s that is present in this scan", str(endpoint_status.endpoint)) + endpoint_status.mitigated_by = None + endpoint_status.mitigated_time = None + endpoint_status.mitigated = False + endpoint_status.last_modified = timezone.now() + endpoint_status.save() def get_target_product_if_exists(product_name=None, product_type_name=None): @@ -194,17 +219,19 @@ def get_or_create_product(product_name=None, product_type_name=None, auto_create member.role = Role.objects.get(is_owner=True) member.save() - product = Product.objects.create(name=product_name, prod_type=product_type) - member = Product_Member() - member.user = get_current_user() - member.product = product - member.role = Role.objects.get(is_owner=True) - member.save() + product, created = Product.objects.get_or_create(name=product_name, prod_type=product_type, description=product_name) + if created: + member = Product_Member() + member.user = get_current_user() + member.product = product + member.role = Role.objects.get(is_owner=True) + member.save() return product -def get_or_create_engagement(engagement_id=None, engagement_name=None, product_name=None, product_type_name=None, auto_create_context=None): +def get_or_create_engagement(engagement_id=None, engagement_name=None, product_name=None, product_type_name=None, auto_create_context=None, + deduplication_on_engagement=False, source_code_management_uri=None, target_end=None): # try to find the engagement (and product) product = get_target_product_if_exists(product_name, product_type_name) engagement = get_target_engagement_if_exists(engagement_id, engagement_name, product) @@ -220,6 +247,13 @@ def get_or_create_engagement(engagement_id=None, engagement_name=None, product_n if not product: raise ValueError('no product, unable to create engagement') - engagement = Engagement.objects.create(engagement_type="CI/CD", name=engagement_name, product=product, lead=get_current_user(), target_start=timezone.now().date(), target_end=(timezone.now() + timedelta(days=365)).date()) + target_start = timezone.now().date() + if (target_end is None) or (target_start > target_end): + target_end = (timezone.now() + timedelta(days=365)).date() + + engagement = Engagement.objects.create(engagement_type="CI/CD", name=engagement_name, product=product, lead=get_current_user(), + target_start=target_start, target_end=target_end, status="In Progress", + deduplication_on_engagement=deduplication_on_engagement, + source_code_management_uri=source_code_management_uri) return engagement diff --git a/dojo/importers/utils.py b/dojo/importers/utils.py index 84a65c16601..afe77abf443 100644 --- a/dojo/importers/utils.py +++ b/dojo/importers/utils.py @@ -1,13 +1,15 @@ from django.core.exceptions import ValidationError from django.core.exceptions import MultipleObjectsReturned from django.conf import settings +from django.utils.timezone import make_aware from dojo.decorators import dojo_async_task from dojo.celery import app from dojo.endpoint.utils import endpoint_get_or_create from dojo.utils import max_safe +from django.urls import reverse from dojo.models import IMPORT_CLOSED_FINDING, IMPORT_CREATED_FINDING, \ IMPORT_REACTIVATED_FINDING, IMPORT_UNTOUCHED_FINDING, Test_Import, Test_Import_Finding_Action, \ - Endpoint_Status + Endpoint_Status, Vulnerability_Id import logging @@ -18,30 +20,37 @@ def update_timestamps(test, version, branch_tag, build_id, commit_hash, now, sca if not scan_date: scan_date = now - test.engagement.updated = now if test.engagement.engagement_type == 'CI/CD': test.engagement.target_end = max_safe([scan_date.date(), test.engagement.target_end]) - test.updated = now - test.target_end = max_safe([scan_date, test.target_end]) + max_test_start_date = max_safe([scan_date, test.target_end]) + if not max_test_start_date.tzinfo: + max_test_start_date = make_aware(max_test_start_date) + test.target_end = max_test_start_date if version: test.version = version if branch_tag: test.branch_tag = branch_tag - test.engagement.version = version if build_id: test.build_id = build_id - if branch_tag: + if commit_hash: test.commit_hash = commit_hash test.save() test.engagement.save() +def update_tags(test, tags): + if tags: + test.tags = tags + + test.save() + + def update_import_history(type, active, verified, tags, minimum_severity, endpoints_to_add, version, branch_tag, build_id, commit_hash, push_to_jira, close_old_findings, test, new_findings=[], closed_findings=[], reactivated_findings=[], untouched_findings=[]): @@ -55,7 +64,6 @@ def update_import_history(type, active, verified, tags, minimum_severity, endpoi import_settings['push_to_jira'] = push_to_jira import_settings['tags'] = tags - # tags=tags TODO no tags field in api for reimport it seems if endpoints_to_add: import_settings['endpoints'] = [str(endpoint) for endpoint in endpoints_to_add] @@ -110,14 +118,17 @@ def chunk_list(list): def chunk_endpoints_and_disperse(finding, test, endpoints, **kwargs): - chunked_list = chunk_list(endpoints) - # If there is only one chunk, then do not bother with async - if len(chunked_list) < 2: + if settings.ASYNC_FINDING_IMPORT: + chunked_list = chunk_list(endpoints) + # If there is only one chunk, then do not bother with async + if len(chunked_list) < 2: + add_endpoints_to_unsaved_finding(finding, test, endpoints, sync=True) + return [] + # First kick off all the workers + for endpoints_list in chunked_list: + add_endpoints_to_unsaved_finding(finding, test, endpoints_list, sync=False) + else: add_endpoints_to_unsaved_finding(finding, test, endpoints, sync=True) - return [] - # First kick off all the workers - for endpoints_list in chunked_list: - add_endpoints_to_unsaved_finding(finding, test, endpoints_list, sync=False) # Since adding a model to a ManyToMany relationship does not require an additional @@ -144,21 +155,14 @@ def add_endpoints_to_unsaved_finding(finding, test, endpoints, **kwargs): fragment=endpoint.fragment, product=test.engagement.product) except (MultipleObjectsReturned): - pass + raise Exception("Endpoints in your database are broken. Please access {} and migrate them to new format or " + "remove them.".format(reverse('endpoint_migrate'))) - eps = None - try: - eps, created = Endpoint_Status.objects.get_or_create( - finding=finding, - endpoint=ep, - date=finding.date) - except (MultipleObjectsReturned): - pass + eps, created = Endpoint_Status.objects.get_or_create( + finding=finding, + endpoint=ep, + defaults={'date': finding.date}) - if ep and eps: - ep.endpoint_status.add(eps) - finding.endpoint_status.add(eps) - finding.endpoints.add(ep) logger.debug('IMPORT_SCAN: ' + str(len(endpoints)) + ' imported') @@ -166,6 +170,32 @@ def add_endpoints_to_unsaved_finding(finding, test, endpoints, **kwargs): # and after endpoint task, so this should only run after all the other ones are done @dojo_async_task @app.task() -def update_test_progress(test): +def update_test_progress(test, **kwargs): test.percent_complete = 100 test.save() + + +def handle_vulnerability_ids(finding): + # Synchronize the cve field with the unsaved_vulnerability_ids + # We do this to be as flexible as possible to handle the fields until + # the cve field is not needed anymore and can be removed. + if finding.unsaved_vulnerability_ids and finding.cve: + # Make sure the first entry of the list is the value of the cve field + finding.unsaved_vulnerability_ids.insert(0, finding.cve) + elif finding.unsaved_vulnerability_ids and not finding.cve: + # If the cve field is not set, use the first entry of the list to set it + finding.cve = finding.unsaved_vulnerability_ids[0] + elif not finding.unsaved_vulnerability_ids and finding.cve: + # If there is no list, make one with the value of the cve field + finding.unsaved_vulnerability_ids = [finding.cve] + + if finding.unsaved_vulnerability_ids: + # Remove duplicates + finding.unsaved_vulnerability_ids = list(dict.fromkeys(finding.unsaved_vulnerability_ids)) + + # Add all vulnerability ids to the database + for vulnerability_id in finding.unsaved_vulnerability_ids: + Vulnerability_Id( + vulnerability_id=vulnerability_id, + finding=finding, + ).save() diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index d4f5b36daf8..ecd5da084f8 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -5,6 +5,7 @@ import json import requests from django.conf import settings +from django.template import TemplateDoesNotExist from django.template.loader import render_to_string from django.utils import timezone from jira import JIRA @@ -98,7 +99,7 @@ def can_be_pushed_to_jira(obj, form=None): # findings or groups already having an existing jira issue can always be pushed return True, None, None - if type(obj) == Finding: + if isinstance(obj, Finding): if form: active = form['active'].value() verified = form['verified'].value() @@ -121,7 +122,7 @@ def can_be_pushed_to_jira(obj, form=None): if jira_minimum_threshold and jira_minimum_threshold > Finding.get_number_severity(severity): logger.debug('Finding below the minimum JIRA severity threshold (%s).' % System_Settings.objects.get().jira_minimum_severity) return False, 'Finding below the minimum JIRA severity threshold (%s).' % System_Settings.objects.get().jira_minimum_severity, 'below_minimum_threshold' - elif type(obj) == Finding_Group: + elif isinstance(obj, Finding_Group): if not obj.findings.all(): return False, '%s cannot be pushed to jira as it is empty.' % to_str_typed(obj), 'error_empty' if 'Active' not in obj.status(): @@ -342,10 +343,14 @@ def has_jira_configured(obj): def get_jira_connection_raw(jira_server, jira_username, jira_password): try: - jira = JIRA(server=jira_server, - basic_auth=(jira_username, jira_password), - options={"verify": settings.JIRA_SSL_VERIFY}, - max_retries=0) + jira = JIRA( + server=jira_server, + basic_auth=(jira_username, jira_password), + max_retries=0, + options={ + "verify": settings.JIRA_SSL_VERIFY, + "headers": settings.ADDITIONAL_HEADERS, + }) logger.debug('logged in to JIRA ''%s'' successfully', jira_server) @@ -378,8 +383,6 @@ def get_jira_connection_raw(jira_server, jira_username, jira_password): # Gets a connection to a Jira server based on the finding def get_jira_connection(obj): - jira = None - jira_instance = obj if not isinstance(jira_instance, JIRA_Instance): jira_instance = get_jira_instance(obj) @@ -408,9 +411,14 @@ def jira_transition(jira, issue, transition_id): jira.transition_issue(issue, transition_id) return True except JIRAError as jira_error: - logger.debug('error transisioning jira issue ' + issue.key + ' ' + str(jira_error)) + logger.debug('error transitioning jira issue ' + issue.key + ' ' + str(jira_error)) logger.exception(jira_error) - log_jira_generic_alert('error transitioning jira issue ' + issue.key, str(jira_error)) + alert_text = "JiraError HTTP %s" % jira_error.status_code + if jira_error.url: + alert_text += " url: %s" % jira_error.url + if jira_error.text: + alert_text += "\ntext: %s" % jira_error.text + log_jira_generic_alert('error transitioning jira issue ' + issue.key, alert_text) return None @@ -440,6 +448,19 @@ def get_jira_status(finding): return issue.fields.status +# Used for unit testing so geting all the connections is manadatory +def get_jira_comments(finding): + if finding.has_jira_issue: + j_issue = finding.jira_issue.jira_id + elif finding.finding_group and finding.finding_group.has_jira_issue: + j_issue = finding.finding_group.jira_issue.jira_id + + if j_issue: + project = get_jira_project(finding) + issue = jira_get_issue(project, j_issue) + return issue.fields.comment.comments + + # Logs the error to the alerts table, which appears in the notification toolbar def log_jira_generic_alert(title, description): create_notification( @@ -456,7 +477,7 @@ def log_jira_alert(error, obj): event='jira_update', title='Error pushing to JIRA ' + '(' + truncate_with_dots(prod_name(obj), 25) + ')', description=to_str_typed(obj) + ', ' + error, - url=obj.get_absolute_url, + url=obj.get_absolute_url(), icon='bullseye', source='Push to JIRA', obj=obj) @@ -474,16 +495,38 @@ def log_jira_message(text, finding): def get_labels(obj): - # Update Label with system setttings label + # Update Label with system settings label labels = [] system_settings = System_Settings.objects.get() system_labels = system_settings.jira_labels + prod_name_label = prod_name(obj).replace(" ", "_") + jira_project = get_jira_project(obj) + if system_labels: system_labels = system_labels.split() for system_label in system_labels: labels.append(system_label) # Update the label with the product name (underscore) - labels.append(prod_name(obj).replace(" ", "_")) + labels.append(prod_name_label) + + # labels per-product/engagement + if jira_project and jira_project.jira_labels: + project_labels = jira_project.jira_labels.split() + for project_label in project_labels: + labels.append(project_label) + # Update the label with the product name (underscore) + if prod_name_label not in labels: + labels.append(prod_name_label) + + if system_settings.add_vulnerability_id_to_jira_label or jira_project and jira_project.add_vulnerability_id_to_jira_label: + if isinstance(obj, Finding) and obj.vulnerability_ids: + for id in obj.vulnerability_ids: + labels.append(id) + elif isinstance(obj, Finding_Group): + for finding in obj.findings.all(): + for id in finding.vulnerability_ids: + labels.append(id) + return labels @@ -494,17 +537,23 @@ def get_tags(obj): obj_tags = obj.tags.all() if obj_tags: for tag in obj_tags: - tags.append(str(tag.name)) + tags.append(str(tag.name.replace(' ', '-'))) + if isinstance(obj, Finding_Group): + for finding in obj.findings.all(): + obj_tags = finding.tags.all() + if obj_tags: + for tag in obj_tags: + if tag not in tags: + tags.append(str(tag.name.replace(' ', '-'))) + return tags def jira_summary(obj): summary = '' - - if type(obj) == Finding: + if isinstance(obj, Finding): summary = obj.title - - if type(obj) == Finding_Group: + if isinstance(obj, Finding_Group): summary = obj.name return summary.replace('\r', '').replace('\n', '')[:255] @@ -531,9 +580,9 @@ def jira_priority(obj): def jira_environment(obj): - if type(obj) == Finding: + if isinstance(obj, Finding): return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()]) - elif type(obj) == Finding_Group: + elif isinstance(obj, Finding_Group): return "\n".join([jira_environment(finding) for finding in obj.findings.all()]) else: return '' @@ -596,6 +645,55 @@ def add_jira_issue_for_finding_group(finding_group, *args, **kwargs): return add_jira_issue(finding_group, *args, **kwargs) +def prepare_jira_issue_fields( + project_key, + issuetype_name, + summary, + description, + component_name=None, + custom_fields=None, + labels=None, + environment=None, + priority_name=None, + epic_name_field=None, + default_assignee=None, + duedate=None, + issuetype_fields=[]): + + fields = { + 'project': {'key': project_key}, + 'issuetype': {'name': issuetype_name}, + 'summary': summary, + 'description': description, + } + + if component_name: + fields['components'] = [{'name': component_name}] + + if custom_fields: + fields.update(custom_fields) + + if labels and 'labels' in issuetype_fields: + fields['labels'] = labels + + if environment and 'environment' in issuetype_fields: + fields['environment'] = environment + + if priority_name and 'priority' in issuetype_fields: + fields['priority'] = {'name': priority_name} + + if epic_name_field and epic_name_field in issuetype_fields: + fields[epic_name_field] = summary + + if duedate and 'duedate' in issuetype_fields: + fields['duedate'] = duedate.strftime('%Y-%m-%d') + + if default_assignee: + fields['assignee'] = {'name': default_assignee} + + return fields + + def add_jira_issue(obj, *args, **kwargs): logger.info('trying to create a new jira issue for %d:%s', obj.id, to_str_typed(obj)) @@ -613,9 +711,12 @@ def add_jira_issue(obj, *args, **kwargs): obj_can_be_pushed_to_jira, error_message, error_code = can_be_pushed_to_jira(obj) if not obj_can_be_pushed_to_jira: - log_jira_alert(error_message, obj) - logger.warn("%s cannot be pushed to JIRA: %s.", to_str_typed(obj), error_message) - logger.warn("The JIRA issue will NOT be created.") + if isinstance(obj, Finding) and obj.duplicate and not obj.active: + logger.warning("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) + else: + log_jira_alert(error_message, obj) + logger.warning("%s cannot be pushed to JIRA: %s.", to_str_typed(obj), error_message) + logger.warning("The JIRA issue will NOT be created.") return False logger.debug('Trying to create a new JIRA issue for %s...', to_str_typed(obj)) meta = None @@ -623,67 +724,41 @@ def add_jira_issue(obj, *args, **kwargs): JIRAError.log_to_tempfile = False jira = get_jira_connection(jira_instance) - fields = { - 'project': { - 'key': jira_project.project_key - }, - 'summary': jira_summary(obj), - 'description': jira_description(obj), - 'issuetype': { - 'name': jira_instance.default_issue_type - }, - } - - if jira_project.component: - fields['components'] = [ - { - 'name': jira_project.component - }, - ] - - # populate duedate field, but only if it's available for this project + issuetype - if not meta: - meta = get_jira_meta(jira, jira_project) - - epic_name_field = get_epic_name_field_name(jira_instance) - if epic_name_field in meta['projects'][0]['issuetypes'][0]['fields']: - # epic name is present in this issuetype - # epic name is always mandatory in jira, so we populate it - fields[epic_name_field] = fields['summary'] - - if 'priority' in meta['projects'][0]['issuetypes'][0]['fields']: - fields['priority'] = { - 'name': jira_priority(obj) - } - - labels = get_labels(obj) - tags = get_tags(obj) - jira_labels = labels + tags - if jira_labels: - if 'labels' in meta['projects'][0]['issuetypes'][0]['fields']: - fields['labels'] = jira_labels + labels = get_labels(obj) + get_tags(obj) + if labels: + labels = list(dict.fromkeys(labels)) # de-dup + duedate = None if System_Settings.objects.get().enable_finding_sla: + duedate = obj.sla_deadline() - if 'duedate' in meta['projects'][0]['issuetypes'][0]['fields']: - # jira wants YYYY-MM-DD - duedate = obj.sla_deadline() - if duedate: - fields['duedate'] = duedate.strftime('%Y-%m-%d') - - if not meta: - meta = get_jira_meta(jira, jira_project) - - if 'environment' in meta['projects'][0]['issuetypes'][0]['fields']: - fields['environment'] = jira_environment(obj) + issuetype_fields = get_issuetype_fields(jira, jira_project.project_key, jira_instance.default_issue_type) + fields = prepare_jira_issue_fields( + project_key=jira_project.project_key, + issuetype_name=jira_instance.default_issue_type, + summary=jira_summary(obj), + description=jira_description(obj), + component_name=jira_project.component, + custom_fields=jira_project.custom_fields, + labels=labels, + environment=jira_environment(obj), + priority_name=jira_priority(obj), + epic_name_field=get_epic_name_field_name(jira_instance), + duedate=duedate, + issuetype_fields=issuetype_fields, + default_assignee=jira_project.default_assignee) logger.debug('sending fields to JIRA: %s', fields) - new_issue = jira.create_issue(fields) + if jira_project.default_assignee: + created_assignee = str(new_issue.get_field('assignee')) + logger.debug("new issue created with assignee %s", created_assignee) + if created_assignee != jira_project.default_assignee: + jira.assign_issue(new_issue.key, jira_project.default_assignee) # Upload dojo finding screenshots to Jira findings = [obj] - if type(obj) == Finding_Group: + if isinstance(obj, Finding_Group): findings = obj.findings.all() for find in findings: @@ -706,7 +781,7 @@ def add_jira_issue(obj, *args, **kwargs): else: logger.info('The following EPIC does not exist: %s', eng.name) - # only link the new issue if it was succefully created, incl attachments and epic link + # only link the new issue if it was successfully created, incl attachments and epic link logger.debug('saving JIRA_Issue for %s finding %s', new_issue.key, obj.id) j_issue = JIRA_Issue( jira_id=new_issue.id, jira_key=new_issue.key, jira_project=jira_project) @@ -715,10 +790,21 @@ def add_jira_issue(obj, *args, **kwargs): j_issue.jira_creation = timezone.now() j_issue.jira_change = timezone.now() j_issue.save() - issue = jira.issue(new_issue.id) + jira.issue(new_issue.id) logger.info('Created the following jira issue for %d:%s', obj.id, to_str_typed(obj)) + + # Add any notes that already exist in the finding to the JIRA + for find in findings: + if find.notes.all(): + for note in find.notes.all().reverse(): + add_comment(obj, note) + return True + except TemplateDoesNotExist as e: + logger.exception(e) + log_jira_alert(str(e), obj) + return False except JIRAError as e: logger.exception(e) logger.error("jira_meta for project: %s and url: %s meta: %s", jira_project.project_key, jira_project.jira_instance.url, json.dumps(meta, indent=4)) # this is None safe @@ -764,50 +850,37 @@ def update_jira_issue(obj, *args, **kwargs): try: JIRAError.log_to_tempfile = False jira = get_jira_connection(jira_instance) - issue = jira.issue(j_issue.jira_id) - fields = {} - # Only update the component if it didn't exist earlier in Jira, this is to avoid assigning multiple components to an item - if issue.fields.components: - log_jira_alert( - "Component not updated, exists in Jira already. Update from Jira instead.", - obj) - elif jira_project.component: - # Add component to the Jira issue - component = [ - { - 'name': jira_project.component - }, - ] - fields = {"components": component} - - if not meta: - meta = get_jira_meta(jira, jira_project) - - labels = get_labels(obj) - tags = get_tags(obj) - jira_labels = labels + tags - if jira_labels: - if 'labels' in meta['projects'][0]['issuetypes'][0]['fields']: - fields['labels'] = jira_labels - - if 'environment' in meta['projects'][0]['issuetypes'][0]['fields']: - fields['environment'] = jira_environment(obj) + labels = get_labels(obj) + get_tags(obj) + if labels: + labels = list(dict.fromkeys(labels)) # de-dup + + issuetype_fields = get_issuetype_fields(jira, jira_project.project_key, jira_instance.default_issue_type) + fields = prepare_jira_issue_fields( + project_key=jira_project.project_key, + issuetype_name=jira_instance.default_issue_type, + summary=jira_summary(obj), + description=jira_description(obj), + component_name=jira_project.component if not issue.fields.components else None, + labels=labels, + environment=jira_environment(obj), + priority_name=jira_priority(obj), + issuetype_fields=issuetype_fields) logger.debug('sending fields to JIRA: %s', fields) issue.update( - summary=jira_summary(obj), - description=jira_description(obj), - priority={'name': jira_priority(obj)}, + summary=fields['summary'], + description=fields['description'], + priority=fields['priority'], fields=fields) push_status_to_jira(obj, jira_instance, jira, issue) # Upload dojo finding screenshots to Jira findings = [obj] - if type(obj) == Finding_Group: + if isinstance(obj, Finding_Group): findings = obj.findings.all() for find in findings: @@ -839,7 +912,9 @@ def update_jira_issue(obj, *args, **kwargs): except JIRAError as e: logger.exception(e) logger.error("jira_meta for project: %s and url: %s meta: %s", jira_project.project_key, jira_project.jira_instance.url, json.dumps(meta, indent=4)) # this is None safe - log_jira_alert(e.text, obj) + if issue_from_jira_is_active(issue): + # Only alert if the upstream JIRA is active, we don't care about closed issues + log_jira_alert(e.text, obj) return False @@ -929,61 +1004,80 @@ def push_status_to_jira(obj, jira_instance, jira, issue, save=False): obj.jira_issue.save() -# gets the metadata for the default issue type in this jira project -def get_jira_meta(jira, jira_project): - meta = jira.createmeta(projectKeys=jira_project.project_key, issuetypeNames=jira_project.jira_instance.default_issue_type, expand="projects.issuetypes.fields") - - meta_data_error = False - if len(meta['projects']) == 0: - # non-existent project, or no permissions - # [09/Nov/2020 21:04:22] DEBUG [dojo.jira_link.helper:595] get_jira_meta: { - # "expand": "projects", - # "projects": [] - # } - meta_data_error = True - message = 'unable to retrieve metadata from JIRA %s for project %s. Invalid project key or no permissions to this project?' % (jira_project.jira_instance, jira_project.project_key) - - elif len(meta['projects'][0]['issuetypes']) == 0: - # default issue type doesn't exist in project - # [09/Nov/2020 21:09:03] DEBUG [dojo.jira_link.helper:595] get_jira_meta: { - # "expand": "projects", - # "projects": [ - # { - # "expand": "issuetypes", - # "self": "https://jira-uat.com/rest/api/2/project/1212", - # "id": "1212", - # "key": "ISO", - # "name": "ISO ISMS", - # "avatarUrls": { - # "48x48": "https://jira-uat.com/secure/projectavatar?pid=14431&avatarId=17200", - # "24x24": "https://jira-uat.com/secure/projectavatar?size=small&pid=14431&avatarId=17200", - # "16x16": "https://jira-uat.com/secure/projectavatar?size=xsmall&pid=14431&avatarId=17200", - # "32x32": "https://jira-uat.com/secure/projectavatar?size=medium&pid=14431&avatarId=17200" - # }, - # "issuetypes": [] - # } - # ] - # } - meta_data_error = True - message = 'unable to retrieve metadata from JIRA %s for issuetype %s in project %s. Invalid default issue type configured in Defect Dojo?' % (jira_project.jira_instance, jira_project.jira_instance.default_issue_type, jira_project.project_key) - - if meta_data_error: - logger.warn(message) - logger.warn("get_jira_meta: %s", json.dumps(meta, indent=4)) # this is None safe - - add_error_message_to_response(message) - - raise JIRAError(text=message) - else: - return meta +# gets the metadata for the provided issue type in the provided jira project +def get_issuetype_fields( + jira, + project_key, + issuetype_name): + + issuetype_fields = None + use_cloud_api = jira.deploymentType.lower() == 'cloud' or jira._version < (9, 0, 0) + try: + if use_cloud_api: + try: + meta = jira.createmeta( + projectKeys=project_key, + issuetypeNames=issuetype_name, + expand="projects.issuetypes.fields") + except JIRAError as e: + e.text = f"Jira API call 'createmeta' failed with status: {e.status_code} and message: {e.text}" + raise e + + project = None + try: + project = meta['projects'][0] + except Exception: + raise JIRAError("Project misconfigured or no permissions in Jira ?") + + try: + issuetype_fields = project['issuetypes'][0]['fields'].keys() + except Exception: + raise JIRAError("Misconfigured default issue type ?") + + else: + try: + issuetypes = jira.project_issue_types(project_key) + except JIRAError as e: + e.text = f"Jira API call 'createmeta/issuetypes' failed with status: {e.status_code} and message: {e.text}. Project misconfigured or no permissions in Jira ?" + raise e + + issuetype_id = None + for it in issuetypes: + if it.name == issuetype_name: + issuetype_id = it.id + break + + if not issuetype_id: + raise JIRAError("Issue type ID can not be matched. Misconfigured default issue type ?") + + try: + issuetype_fields = jira.project_issue_fields(project_key, issuetype_id) + except JIRAError as e: + e.text = f"Jira API call 'createmeta/fieldtypes' failed with status: {e.status_code} and message: {e.text}. Misconfigured project or default issue type ?" + raise e + + try: + issuetype_fields = [f.fieldId for f in issuetype_fields] + except Exception: + raise JIRAError("Misconfigured default issue type ?") + + except JIRAError as e: + e.text = f"Failed retrieving field metadata from Jira version: {jira._version}, project: {project_key}, issue type: {issuetype_name}. {e.text}" + logger.warning(e.text) + add_error_message_to_response(e.text) + + raise e + + return issuetype_fields def is_jira_project_valid(jira_project): try: - meta = get_jira_meta(get_jira_connection(jira_project), jira_project) + jira = get_jira_connection(jira_project) + get_issuetype_fields(jira, jira_project.project_key, jira_project.jira_instance.default_issue_type) return True - except JIRAError as e: - logger.debug('invalid JIRA Project Config, can''t retrieve metadata for: ''%s''', jira_project) + except JIRAError: + logger.debug("invalid JIRA Project Config, can't retrieve metadata for '%s'", jira_project) return False @@ -1028,7 +1122,7 @@ def jira_check_attachment(issue, source_file_name): @dojo_async_task @app.task @dojo_model_from_id(model=Engagement) -def close_epic(eng, push_to_jira): +def close_epic(eng, push_to_jira, **kwargs): engagement = eng if not is_jira_enabled(): return False @@ -1043,7 +1137,7 @@ def close_epic(eng, push_to_jira): try: jissue = get_jira_issue(eng) if jissue is None: - logger.warn("JIRA close epic failed: no issue found") + logger.warning("JIRA close epic failed: no issue found") return False req_url = jira_instance.url + '/rest/api/latest/issue/' + \ @@ -1054,7 +1148,7 @@ def close_epic(eng, push_to_jira): auth=HTTPBasicAuth(jira_instance.username, jira_instance.password), json=json_data) if r.status_code != 204: - logger.warn("JIRA close epic failed with error: {}".format(r.text)) + logger.warning("JIRA close epic failed with error: {}".format(r.text)) return False return True except JIRAError as e: @@ -1070,7 +1164,7 @@ def close_epic(eng, push_to_jira): @dojo_async_task @app.task @dojo_model_from_id(model=Engagement) -def update_epic(engagement): +def update_epic(engagement, **kwargs): logger.debug('trying to update jira EPIC for %d:%s', engagement.id, engagement.name) if not is_jira_configured_and_enabled(engagement): @@ -1085,7 +1179,12 @@ def update_epic(engagement): jira = get_jira_connection(jira_instance) j_issue = get_jira_issue(engagement) issue = jira.issue(j_issue.jira_id) - issue.update(summary=engagement.name, description=engagement.name) + + epic_name = kwargs.get('epic_name') + if not epic_name: + epic_name = engagement.name + + issue.update(summary=epic_name, description=epic_name) return True except JIRAError as e: logger.exception(e) @@ -1101,7 +1200,7 @@ def update_epic(engagement): @dojo_async_task @app.task @dojo_model_from_id(model=Engagement) -def add_epic(engagement): +def add_epic(engagement, **kwargs): logger.debug('trying to create a new jira EPIC for %d:%s', engagement.id, engagement.name) if not is_jira_configured_and_enabled(engagement): @@ -1112,17 +1211,22 @@ def add_epic(engagement): jira_project = get_jira_project(engagement) jira_instance = get_jira_instance(engagement) if jira_project.enable_engagement_epic_mapping: + epic_name = kwargs.get('epic_name') + if not epic_name: + epic_name = engagement.name issue_dict = { 'project': { 'key': jira_project.project_key }, - 'summary': engagement.name, - 'description': engagement.name, + 'summary': epic_name, + 'description': epic_name, 'issuetype': { 'name': 'Epic' }, - get_epic_name_field_name(jira_instance): engagement.name, + get_epic_name_field_name(jira_instance): epic_name, } + if kwargs.get('epic_priority'): + issue_dict['priority'] = {'name': kwargs.get('epic_priority')} try: jira = get_jira_connection(jira_instance) logger.debug('add_epic: %s', issue_dict) @@ -1175,7 +1279,7 @@ def jira_get_issue(jira_project, issue_key): @app.task @dojo_model_from_id(model=Notes, parameter=1) @dojo_model_from_id -def add_comment(obj, note, force_push=False): +def add_comment(obj, note, force_push=False, **kwargs): if not is_jira_configured_and_enabled(obj): return False @@ -1237,7 +1341,35 @@ def finding_link_jira(request, finding, new_jira_issue_key): finding.save(push_to_jira=False, dedupe_option=False, issue_updater_option=False) - jira_issue_url = get_jira_url(finding) + return True + + +def finding_group_link_jira(request, finding_group, new_jira_issue_key): + logger.debug('linking existing jira issue %s for finding group %i', new_jira_issue_key, finding_group.id) + + existing_jira_issue = jira_get_issue(get_jira_project(finding_group), new_jira_issue_key) + + jira_project = get_jira_project(finding_group) + + if not existing_jira_issue: + raise ValueError('JIRA issue not found or cannot be retrieved: ' + new_jira_issue_key) + + jira_issue = JIRA_Issue( + jira_id=existing_jira_issue.id, + jira_key=existing_jira_issue.key, + finding_group=finding_group, + jira_project=jira_project) + + jira_issue.jira_key = new_jira_issue_key + # jira timestampe are in iso format: 'updated': '2020-07-17T09:49:51.447+0200' + # seems to be a pain to parse these in python < 3.7, so for now just record the curent time as + # as the timestamp the jira link was created / updated in DD + jira_issue.jira_creation = timezone.now() + jira_issue.jira_change = timezone.now() + + jira_issue.save() + + finding_group.save() return True @@ -1250,8 +1382,6 @@ def unlink_jira(request, obj): logger.debug('removing linked jira issue %s for %i:%s', obj.jira_issue.jira_key, obj.id, to_str_typed(obj)) obj.jira_issue.delete() # finding.save(push_to_jira=False, dedupe_option=False, issue_updater_option=False) - # jira_issue_url = get_jira_url(finding) - return True # return True if no errors @@ -1317,7 +1447,7 @@ def process_jira_project_form(request, instance=None, target=None, product=None, 'JIRA Project config stored successfully.', extra_tags='alert-success') error = False - logger.debug('stored JIRA_Project succesfully') + logger.debug('stored JIRA_Project successfully') except Exception as e: error = True logger.exception(e) @@ -1350,8 +1480,14 @@ def process_jira_epic_form(request, engagement=None): if jira_epic_form.is_valid(): if jira_epic_form.cleaned_data.get('push_to_jira'): logger.debug('pushing engagement to JIRA') - if push_to_jira(engagement): - logger.debug('Push to JIRA for Epic queued succesfully') + epic_name = engagement.name + if jira_epic_form.cleaned_data.get('epic_name'): + epic_name = jira_epic_form.cleaned_data.get('epic_name') + epic_priority = None + if jira_epic_form.cleaned_data.get('epic_priority'): + epic_priority = jira_epic_form.cleaned_data.get('epic_priority') + if push_to_jira(engagement, epic_name=epic_name, epic_priority=epic_priority): + logger.debug('Push to JIRA for Epic queued successfully') messages.add_message( request, messages.SUCCESS, diff --git a/dojo/jira_link/queries.py b/dojo/jira_link/queries.py index 343bafe4d97..ad4a383703b 100644 --- a/dojo/jira_link/queries.py +++ b/dojo/jira_link/queries.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import JIRA_Issue, JIRA_Project, Product_Member, Product_Type_Member, \ Product_Group, Product_Type_Group @@ -19,9 +18,6 @@ def get_authorized_jira_projects(permission, user=None): if user.is_superuser: return jira_projects - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return jira_projects - if user_has_global_permission(user, permission): return jira_projects @@ -91,9 +87,6 @@ def get_authorized_jira_issues(permission): if user.is_superuser: return jira_issues - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return jira_issues - if user_has_global_permission(user, permission): return jira_issues diff --git a/dojo/jira_link/urls.py b/dojo/jira_link/urls.py index b994ffc89a1..939e4adc25d 100644 --- a/dojo/jira_link/urls.py +++ b/dojo/jira_link/urls.py @@ -1,15 +1,15 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^webhook/(?P[\w-]+)$', views.webhook, name='web_hook_secret'), - url(r'^webhook/', views.webhook, name='web_hook'), - url(r'^jira/webhook/(?P[\w-]+)$', views.webhook, name='jira_web_hook_secret'), - url(r'^jira/webhook/', views.webhook, name='jira_web_hook'), - url(r'^jira/add', views.new_jira, name='add_jira'), - url(r'^jira/(?P\d+)/edit$', views.edit_jira, + re_path(r'^webhook/(?P[\w-]+)$', views.webhook, name='web_hook_secret'), + re_path(r'^webhook/', views.webhook, name='web_hook'), + re_path(r'^jira/webhook/(?P[\w-]+)$', views.webhook, name='jira_web_hook_secret'), + re_path(r'^jira/webhook/', views.webhook, name='jira_web_hook'), + re_path(r'^jira/add', views.new_jira, name='add_jira'), + re_path(r'^jira/(?P\d+)/edit$', views.edit_jira, name='edit_jira'), - url(r'^jira/(?P\d+)/delete$', views.delete_jira, + re_path(r'^jira/(?P\d+)/delete$', views.delete_jira, name='delete_jira'), - url(r'^jira$', views.jira, name='jira'), - url(r'^jira/express', views.express_new_jira, name='express_jira')] + re_path(r'^jira$', views.jira, name='jira'), + re_path(r'^jira/express', views.express_new_jira, name='express_jira')] diff --git a/dojo/jira_link/views.py b/dojo/jira_link/views.py index 17605b1f7ac..a1a73f0b015 100644 --- a/dojo/jira_link/views.py +++ b/dojo/jira_link/views.py @@ -1,10 +1,9 @@ # Standard library imports import json import logging - +import datetime # Third party imports from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test from django.contrib.admin.utils import NestedObjects from django.urls import reverse from django.db import DEFAULT_DB_ALIAS @@ -21,6 +20,7 @@ from dojo.notifications.helper import create_notification from django.views.decorators.http import require_POST import dojo.jira_link.helper as jira_helper +from dojo.authorization.authorization_decorators import user_is_configuration_authorized logger = logging.getLogger(__name__) @@ -61,10 +61,10 @@ def webhook(request, secret=None): findings = None if jissue.finding: - logging.info("Received issue update for {} for finding {}".format(jissue.jira_key, jissue.finding.id)) + logging.info(f"Received issue update for {jissue.jira_key} for finding {jissue.finding.id}") findings = [jissue.finding] elif jissue.finding_group: - logging.info("Received issue update for {} for finding group {}".format(jissue.jira_key, jissue.finding_group)) + logging.info(f"Received issue update for {jissue.jira_key} for finding group {jissue.finding_group}") findings = jissue.finding_group.findings.all() elif jissue.engagement: # if parsed['issue']['fields']['resolution'] != None: @@ -73,11 +73,14 @@ def webhook(request, secret=None): # eng.save() return HttpResponse('Update for engagement ignored') else: - logging.info("Received issue update for {} for unknown object".format(jissue.jira_key)) - raise Http404('No finding, finding_group or engagement found for JIRA issue {}'.format(jissue.jira_key)) + logging.info(f"Received issue update for {jissue.jira_key} for unknown object") + raise Http404(f'No finding, finding_group or engagement found for JIRA issue {jissue.jira_key}') assignee = parsed['issue']['fields'].get('assignee') - assignee_name = assignee['name'] if assignee else None + assignee_name = 'Jira User' + if assignee is not None: + # First look for the 'name' field. If not present, try 'displayName'. Else put None + assignee_name = assignee.get('name', assignee.get('displayName')) resolution = parsed['issue']['fields']['resolution'] @@ -102,109 +105,28 @@ def webhook(request, secret=None): if findings: for finding in findings: jira_helper.process_resolution_from_jira(finding, resolution_id, resolution_name, assignee_name, jira_now, jissue) + # Check for any comment that could have come along with the resolution + if (error_response := check_for_and_create_comment(parsed)) is not None: + return error_response if parsed.get('webhookEvent') == 'comment_created': - """ - example incoming requests from JIRA Server 8.14.0 - { - "timestamp":1610269967824, - "webhookEvent":"comment_created", - "comment":{ - "self":"https://jira.host.com/rest/api/2/issue/115254/comment/466578", - "id":"466578", - "author":{ - "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", - "name":"defect.dojo", - "key":"defect.dojo", # seems to be only present on JIRA Server, not on Cloud - "avatarUrls":{ - "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", - "24x24":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", - "16x16":"https://www.gravatar.com/avatar9637bfb970eff6176357df615f548f1c?d=mm&s=16", - "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" - }, - "displayName":"Defect Dojo", - "active":true, - "timeZone":"Europe/Amsterdam" - }, - "body":"(Valentijn Scholten):test4", - "updateAuthor":{ - "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", - "name":"defect.dojo", - "key":"defect.dojo", - "avatarUrls":{ - "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", - "24x24""https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", - "16x16":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=16", - "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" - }, - "displayName":"Defect Dojo", - "active":true, - "timeZone":"Europe/Amsterdam" - }, - "created":"2021-01-10T10:12:47.824+0100", - "updated":"2021-01-10T10:12:47.824+0100" - } - } - """ - - comment_text = parsed['comment']['body'] - commentor = '' - if 'name' in parsed['comment']['updateAuthor']: - commentor = parsed['comment']['updateAuthor']['name'] - elif 'emailAddress' in parsed['comment']['updateAuthor']: - commentor = parsed['comment']['updateAuthor']['emailAddress'] - else: - logger.debug('Could not find the author of this jira comment!') - commentor_display_name = parsed['comment']['updateAuthor']['displayName'] - # example: body['comment']['self'] = "http://www.testjira.com/jira_under_a_path/rest/api/2/issue/666/comment/456843" - jid = parsed['comment']['self'].split('/')[-3] - jissue = get_object_or_404(JIRA_Issue, jira_id=jid) - logging.info("Received issue comment for {}".format(jissue.jira_key)) - logger.debug('jissue: %s', vars(jissue)) - - jira_usernames = JIRA_Instance.objects.values_list('username', flat=True) - for jira_userid in jira_usernames: - # logger.debug('incoming username: %s jira config username: %s', commentor.lower(), jira_userid.lower()) - if jira_userid.lower() == commentor.lower(): - logger.debug('skipping incoming JIRA comment as the user id of the comment in JIRA (%s) matches the JIRA username in DefectDojo (%s)', commentor.lower(), jira_userid.lower()) - return HttpResponse('') - break - - findings = None - if jissue.finding: - findings = [jissue.finding] - create_notification(event='other', title='JIRA incoming comment - %s' % (jissue.finding), finding=jissue.finding, url=reverse("view_finding", args=(jissue.finding.id, )), icon='check') - elif jissue.finding_group: - findings = [jissue.finding_group.findings.all()] - create_notification(event='other', title='JIRA incoming comment - %s' % (jissue.finding), finding=jissue.finding, url=reverse("view_finding_group", args=(jissue.finding_group.id, )), icon='check') - elif jissue.engagement: - return HttpResponse('Comment for engagement ignored') - else: - raise Http404('No finding or engagement found for JIRA issue {}'.format(jissue.jira_key)) - - for finding in findings: - # logger.debug('finding: %s', vars(jissue.finding)) - new_note = Notes() - new_note.entry = '(%s (%s)): %s' % (commentor_display_name, commentor, comment_text) - new_note.author, created = User.objects.get_or_create(username='JIRA') - new_note.save() - finding.notes.add(new_note) - finding.jira_issue.jira_change = timezone.now() - finding.jira_issue.save() - finding.save() + if (error_response := check_for_and_create_comment(parsed)) is not None: + return error_response if parsed.get('webhookEvent') not in ['comment_created', 'jira:issue_updated']: - logger.info('Unrecognized JIRA webhook event received: {}'.format(parsed.get('webhookEvent'))) + logger.info(f"Unrecognized JIRA webhook event received: {parsed.get('webhookEvent')}") + except Exception as e: if isinstance(e, Http404): logger.warning('404 error processing JIRA webhook') + logger.warning(str(e)) else: logger.exception(e) try: logger.debug('jira_webhook_body_parsed:') logger.debug(json.dumps(parsed, indent=4)) - except: + except Exception: logger.debug('jira_webhook_body:') logger.debug(request.body.decode('utf-8')) @@ -213,6 +135,112 @@ def webhook(request, secret=None): return HttpResponse('') +def check_for_and_create_comment(parsed_json): + """ + example incoming requests from JIRA Server 8.14.0 + { + "timestamp":1610269967824, + "webhookEvent":"comment_created", + "comment":{ + "self":"https://jira.host.com/rest/api/2/issue/115254/comment/466578", + "id":"466578", + "author":{ + "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", + "name":"defect.dojo", + "key":"defect.dojo", # seems to be only present on JIRA Server, not on Cloud + "avatarUrls":{ + "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", + "24x24":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", + "16x16":"https://www.gravatar.com/avatar9637bfb970eff6176357df615f548f1c?d=mm&s=16", + "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" + }, + "displayName":"Defect Dojo", + "active":true, + "timeZone":"Europe/Amsterdam" + }, + "body":"(Valentijn Scholten):test4", + "updateAuthor":{ + "self":"https://jira.host.com/rest/api/2/user?username=defect.dojo", + "name":"defect.dojo", + "key":"defect.dojo", + "avatarUrls":{ + "48x48":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=48", + "24x24""https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=24", + "16x16":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=16", + "32x32":"https://www.gravatar.com/avatar/9637bfb970eff6176357df615f548f1c?d=mm&s=32" + }, + "displayName":"Defect Dojo", + "active":true, + "timeZone":"Europe/Amsterdam" + }, + "created":"2021-01-10T10:12:47.824+0100", + "updated":"2021-01-10T10:12:47.824+0100" + } + } + """ + comment = parsed_json.get("comment", None) + if comment is None: + return + + comment_text = comment.get('body') + commenter = '' + if 'name' in comment.get('updateAuthor'): + commenter = comment.get('updateAuthor', {}).get('name') + elif 'emailAddress' in comment.get('updateAuthor'): + commenter = comment.get('updateAuthor', {}).get('emailAddress') + else: + logger.debug('Could not find the author of this jira comment!') + commenter_display_name = comment.get('updateAuthor', {}).get('displayName') + # example: body['comment']['self'] = "http://www.testjira.com/jira_under_a_path/rest/api/2/issue/666/comment/456843" + jid = comment.get('self', '').split('/')[-3] + jissue = get_object_or_404(JIRA_Issue, jira_id=jid) + logging.info(f"Received issue comment for {jissue.jira_key}") + logger.debug('jissue: %s', vars(jissue)) + + jira_usernames = JIRA_Instance.objects.values_list('username', flat=True) + for jira_user_id in jira_usernames: + # logger.debug('incoming username: %s jira config username: %s', commenter.lower(), jira_user_id.lower()) + if jira_user_id.lower() == commenter.lower(): + logger.debug('skipping incoming JIRA comment as the user id of the comment in JIRA (%s) matches the JIRA username in DefectDojo (%s)', commenter.lower(), jira_user_id.lower()) + return HttpResponse('') + + findings = None + if jissue.finding: + findings = [jissue.finding] + create_notification(event='other', title=f'JIRA incoming comment - {jissue.finding}', finding=jissue.finding, url=reverse("view_finding", args=(jissue.finding.id,)), icon='check') + + elif jissue.finding_group: + findings = [jissue.finding_group.findings.all()] + create_notification(event='other', title=f'JIRA incoming comment - {jissue.finding}', finding=jissue.finding, url=reverse("view_finding_group", args=(jissue.finding_group.id,)), icon='check') + + elif jissue.engagement: + return HttpResponse('Comment for engagement ignored') + else: + raise Http404(f'No finding or engagement found for JIRA issue {jissue.jira_key}') + + # Set the fields for the notes + author, _ = User.objects.get_or_create(username='JIRA') + entry = f'({commenter_display_name} ({commenter})): {comment_text}' + # Iterate (potentially) over each of the findings the note should be added to + for finding in findings: + # Determine if this exact note was created within the last 30 seconds to avoid duplicate notes + existing_notes = finding.notes.filter( + entry=entry, + author=author, + date__gte=(timezone.now() - datetime.timedelta(seconds=30)), + ) + # Check the query for any hits + if existing_notes.count() == 0: + new_note = Notes() + new_note.entry = entry + new_note.author = author + new_note.save() + finding.notes.add(new_note) + finding.jira_issue.jira_change = timezone.now() + finding.jira_issue.save() + finding.save() + + def get_custom_field(jira, label): url = jira._options["server"].strip('/') + '/rest/api/2/field' response = jira._session.get(url).json() @@ -224,7 +252,7 @@ def get_custom_field(jira, label): return field -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.add_jira_instance') def express_new_jira(request): if request.method == 'POST': jform = ExpressJIRAForm(request.POST, instance=JIRA_Instance()) @@ -237,79 +265,81 @@ def express_new_jira(request): jira = jira_helper.get_jira_connection_raw(jira_server, jira_username, jira_password) except Exception as e: logger.exception(e) # already logged in jira_helper - messages.add_message(request, - messages.ERROR, - 'Unable to authenticate. Please check credentials.', - extra_tags='alert-danger') - return render(request, 'dojo/express_new_jira.html', - {'jform': jform}) + messages.add_message( + request, + messages.ERROR, + 'Unable to authenticate. Please check credentials.', + extra_tags='alert-danger') + return render(request, 'dojo/express_new_jira.html', {'jform': jform}) # authentication successful # Get the open and close keys try: issue_id = jform.cleaned_data.get('issue_key') key_url = jira_server.strip('/') + '/rest/api/latest/issue/' + issue_id + '/transitions?expand=transitions.fields' response = jira._session.get(key_url).json() - logger.debug('Retrieved JIRA issue succesfully') + logger.debug('Retrieved JIRA issue successfully') open_key = close_key = None for node in response['transitions']: if node['to']['statusCategory']['name'] == 'To Do': - open_key = int(node['id']) if not open_key else open_key + open_key = open_key or int(node['id']) if node['to']['statusCategory']['name'] == 'Done': - close_key = int(node['id']) if not close_key else close_key + close_key = close_key or int(node['id']) except Exception as e: logger.exception(e) # already logged in jira_helper - messages.add_message(request, - messages.ERROR, - 'Unable to find Open/Close ID\'s (invalid issue key specified?). They will need to be found manually', - extra_tags='alert-danger') - return render(request, 'dojo/new_jira.html', - {'jform': jform}) + messages.add_message( + request, + messages.ERROR, + 'Unable to find Open/Close ID\'s (invalid issue key specified?). They will need to be found manually', + extra_tags='alert-danger') + return render(request, 'dojo/new_jira.html', {'jform': jform}) # Get the epic id name try: epic_name = get_custom_field(jira, 'Epic Name') except Exception as e: logger.exception(e) # already logged in jira_helper - messages.add_message(request, - messages.ERROR, - 'Unable to find Epic Name. It will need to be found manually', - extra_tags='alert-danger') - return render(request, 'dojo/new_jira.html', - {'jform': jform}) - - jira_instance = JIRA_Instance(username=jira_username, - password=jira_password, - url=jira_server, - configuration_name=jform.cleaned_data.get('configuration_name'), - info_mapping_severity='Lowest', - low_mapping_severity='Low', - medium_mapping_severity='Medium', - high_mapping_severity='High', - critical_mapping_severity='Highest', - epic_name_id=epic_name, - open_status_key=open_key, - close_status_key=close_key, - finding_text='', - default_issue_type=jform.cleaned_data.get('default_issue_type')) + messages.add_message( + request, + messages.ERROR, + 'Unable to find Epic Name. It will need to be found manually', + extra_tags='alert-danger') + return render(request, 'dojo/new_jira.html', {'jform': jform}) + + jira_instance = JIRA_Instance( + username=jira_username, + password=jira_password, + url=jira_server, + configuration_name=jform.cleaned_data.get('configuration_name'), + info_mapping_severity='Lowest', + low_mapping_severity='Low', + medium_mapping_severity='Medium', + high_mapping_severity='High', + critical_mapping_severity='Highest', + epic_name_id=epic_name, + open_status_key=open_key, + close_status_key=close_key, + finding_text='', + default_issue_type=jform.cleaned_data.get('default_issue_type'), + finding_jira_sync=jform.cleaned_data.get('finding_jira_sync')) jira_instance.save() - messages.add_message(request, - messages.SUCCESS, - 'JIRA Configuration Successfully Created.', - extra_tags='alert-success') - create_notification(event='other', - title='New addition of JIRA: %s' % jform.cleaned_data.get('configuration_name'), - description='JIRA "%s" was added by %s' % - (jform.cleaned_data.get('configuration_name'), request.user), - url=request.build_absolute_uri(reverse('jira')), - ) + messages.add_message( + request, + messages.SUCCESS, + 'JIRA Configuration Successfully Created.', + extra_tags='alert-success') + create_notification( + event='other', + title=f"New addition of JIRA: {jform.cleaned_data.get('configuration_name')}", + description=f"JIRA \"{jform.cleaned_data.get('configuration_name')}\" was added by {request.user}", + url=request.build_absolute_uri(reverse('jira'))) + return HttpResponseRedirect(reverse('jira', )) else: jform = ExpressJIRAForm() add_breadcrumb(title="New Jira Configuration (Express)", top_level=False, request=request) - return render(request, 'dojo/express_new_jira.html', - {'jform': jform}) + return render(request, 'dojo/express_new_jira.html', {'jform': jform}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.add_jira_instance') def new_jira(request): if request.method == 'POST': jform = JIRAForm(request.POST, instance=JIRA_Instance()) @@ -319,32 +349,33 @@ def new_jira(request): jira_password = jform.cleaned_data.get('password') logger.debug('calling get_jira_connection_raw') - jira = jira_helper.get_jira_connection_raw(jira_server, jira_username, jira_password) + # Make sure the connection can be completed + jira_helper.get_jira_connection_raw(jira_server, jira_username, jira_password) new_j = jform.save(commit=False) new_j.url = jira_server new_j.save() - messages.add_message(request, - messages.SUCCESS, - 'JIRA Configuration Successfully Created.', - extra_tags='alert-success') - create_notification(event='other', - title='New addition of JIRA: %s' % jform.cleaned_data.get('configuration_name'), - description='JIRA "%s" was added by %s' % - (jform.cleaned_data.get('configuration_name'), request.user), - url=request.build_absolute_uri(reverse('jira')), - ) + messages.add_message( + request, + messages.SUCCESS, + 'JIRA Configuration Successfully Created.', + extra_tags='alert-success') + create_notification( + event='other', + title=f"New addition of JIRA: {jform.cleaned_data.get('configuration_name')}", + description=f"JIRA \"{jform.cleaned_data.get('configuration_name')}\" was added by {request.user}", + url=request.build_absolute_uri(reverse('jira'))) + return HttpResponseRedirect(reverse('jira', )) else: logger.error('jform.errors: %s', jform.errors) else: jform = JIRAForm() add_breadcrumb(title="New Jira Configuration", top_level=False, request=request) - return render(request, 'dojo/new_jira.html', - {'jform': jform}) + return render(request, 'dojo/new_jira.html', {'jform': jform}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.change_jira_instance') def edit_jira(request, jid): jira = JIRA_Instance.objects.get(pk=jid) jira_password_from_db = jira.password @@ -367,40 +398,34 @@ def edit_jira(request, jid): # on edit the password is optional new_j.password = jira_password new_j.save() - messages.add_message(request, - messages.SUCCESS, - 'JIRA Configuration Successfully Saved.', - extra_tags='alert-success') - create_notification(event='other', - title='Edit of JIRA: %s' % jform.cleaned_data.get('configuration_name'), - description='JIRA "%s" was edited by %s' % - (jform.cleaned_data.get('configuration_name'), request.user), - url=request.build_absolute_uri(reverse('jira')), - ) + messages.add_message( + request, + messages.SUCCESS, + 'JIRA Configuration Successfully Saved.', + extra_tags='alert-success') + create_notification( + event='other', + title=f"Edit of JIRA: {jform.cleaned_data.get('configuration_name')}", + description=f"JIRA \"{jform.cleaned_data.get('configuration_name')}\" was edited by {request.user}", + url=request.build_absolute_uri(reverse('jira'))) + return HttpResponseRedirect(reverse('jira', )) else: jform = JIRAForm(instance=jira) add_breadcrumb(title="Edit JIRA Configuration", top_level=False, request=request) - return render(request, - 'dojo/edit_jira.html', - { - 'jform': jform, - }) + return render(request, 'dojo/edit_jira.html', {'jform': jform}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.view_jira_instance') def jira(request): jira_instances = JIRA_Instance.objects.all() add_breadcrumb(title="JIRA List", top_level=not len(request.GET), request=request) - return render(request, - 'dojo/jira.html', - {'jira_instances': jira_instances, - }) + return render(request, 'dojo/jira.html', {'jira_instances': jira_instances}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.delete_jira_instance') def delete_jira(request, tid): jira_instance = get_object_or_404(JIRA_Instance, pk=tid) # eng = test.engagement @@ -413,15 +438,16 @@ def delete_jira(request, tid): if form.is_valid(): try: jira_instance.delete() - messages.add_message(request, - messages.SUCCESS, - 'JIRA Conf and relationships removed.', - extra_tags='alert-success') - create_notification(event='other', - title='Deletion of JIRA: %s' % jira_instance.configuration_name, - description='JIRA "%s" was deleted by %s' % (jira_instance.configuration_name, request.user), - url=request.build_absolute_uri(reverse('jira')), - ) + messages.add_message( + request, + messages.SUCCESS, + 'JIRA Conf and relationships removed.', + extra_tags='alert-success') + create_notification( + event='other', + title='Deletion of JIRA: %s' % jira_instance.configuration_name, + description=f"JIRA \"{jira_instance.configuration_name}\" was deleted by {request.user}", + url=request.build_absolute_uri(reverse('jira'))) return HttpResponseRedirect(reverse('jira')) except Exception as e: add_error_message_to_response('Unable to delete JIRA Instance, probably because it is used by JIRA Issues: %s' % str(e)) @@ -431,9 +457,9 @@ def delete_jira(request, tid): rels = collector.nested() add_breadcrumb(title="Delete", top_level=False, request=request) - return render(request, 'dojo/delete_jira.html', - {'inst': jira_instance, - 'form': form, - 'rels': rels, - 'deletable_objects': rels, - }) + return render(request, 'dojo/delete_jira.html', { + 'inst': jira_instance, + 'form': form, + 'rels': rels, + 'deletable_objects': rels, + }) diff --git a/dojo/locale/en/LC_MESSAGES/django.po b/dojo/locale/en/LC_MESSAGES/django.po new file mode 100644 index 00000000000..ab26c8cbdb4 --- /dev/null +++ b/dojo/locale/en/LC_MESSAGES/django.po @@ -0,0 +1,4966 @@ +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2023-01-20 05:33+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: dojo/announcement/views.py +msgid "Announcement removed for everyone." +msgstr "" + +#: dojo/announcement/views.py +msgid "Announcement updated successfully." +msgstr "" + +#: dojo/announcement/views.py +msgid "Announcement Configuration" +msgstr "" + +#: dojo/announcement/views.py +msgid "Announcement removed." +msgstr "" + +#: dojo/announcement/views.py +msgid "Failed to remove announcement." +msgstr "" + +#: dojo/api_v2/serializers.py +#, python-brace-format +msgid "Expected a list of items but got type \"{input_type}\"." +msgstr "" + +#: dojo/api_v2/serializers.py +msgid "" +"Invalid json list. A tag list submitted in string form must be valid json." +msgstr "" + +#: dojo/api_v2/serializers.py +msgid "All list items must be of string type." +msgstr "" + +#: dojo/api_v2/serializers.py +msgid "All list items must be of dict type with keys 'request' and 'response'" +msgstr "" + +#: dojo/api_v2/serializers.py +msgid "All values in the dict must be of string type." +msgstr "" + +#: dojo/filters.py +msgid "Any" +msgstr "" + +#: dojo/filters.py +msgid "Open" +msgstr "" + +#: dojo/filters.py dojo/models.py +msgid "Verified" +msgstr "" + +#: dojo/filters.py dojo/models.py +msgid "Out Of Scope" +msgstr "" + +#: dojo/filters.py dojo/models.py +msgid "False Positive" +msgstr "" + +#: dojo/filters.py +msgid "Inactive" +msgstr "" + +#: dojo/filters.py dojo/models.py +msgid "Risk Accepted" +msgstr "" + +#: dojo/filters.py +msgid "Closed" +msgstr "" + +#: dojo/filters.py dojo/models.py +msgid "Under Review" +msgstr "" + +#: dojo/filters.py +msgid "Any date" +msgstr "" + +#: dojo/filters.py +msgid "Today" +msgstr "" + +#: dojo/filters.py +msgid "Past 7 days" +msgstr "" + +#: dojo/filters.py +msgid "Past 30 days" +msgstr "" + +#: dojo/filters.py +msgid "Past 90 days" +msgstr "" + +#: dojo/filters.py +msgid "Current month" +msgstr "" + +#: dojo/filters.py +msgid "Current year" +msgstr "" + +#: dojo/filters.py +msgid "Past year" +msgstr "" + +#: dojo/filters.py +msgid "Next 7 days" +msgstr "" + +#: dojo/filters.py +msgid "Next 30 days" +msgstr "" + +#: dojo/filters.py +msgid "Next 90 days" +msgstr "" + +#: dojo/filters.py +msgid "Next year" +msgstr "" + +#: dojo/filters.py +msgid "Either" +msgstr "" + +#: dojo/filters.py +msgid "Yes" +msgstr "" + +#: dojo/filters.py +msgid "No" +msgstr "" + +#: dojo/filters.py +msgid "Was" +msgstr "" + +#: dojo/filters.py +msgid "Past 6 Months" +msgstr "" + +#: dojo/filters.py +msgid "Text Question" +msgstr "" + +#: dojo/filters.py +msgid "Choice Question" +msgstr "" + +#: dojo/forms.py +msgid "Dismissable?" +msgstr "" + +#: dojo/forms.py +msgid "Ticking this box allows users to dismiss the current announcement" +msgstr "" + +#: dojo/forms.py +msgid "Select valid choice: Low,Medium,High" +msgstr "" + +#: dojo/metrics/views.py dojo/templates/base.html +msgid "Critical Product Metrics" +msgstr "" + +#: dojo/metrics/views.py dojo/product/views.py +msgid "All objects have been filtered away. Displaying all objects" +msgstr "" + +#: dojo/metrics/views.py dojo/templates/base.html +#: dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "Metrics" +msgstr "" + +#: dojo/templates/dojo/view_finding.html +#: dojo/templates/dojo/view_test.html +#: dojo/templates/dojo/findings_list_snippet.html +#: dojo/filters.py +msgid "Planned Remediation version" +msgstr "" + +#: dojo/templates/dojo/view_finding.html +msgid "Effort for fixing" +msgstr "" + +#: dojo/metrics/views.py +#, python-format +msgid "%(product_type)s Metrics" +msgstr "" + +#: dojo/metrics/views.py +msgid "Product Type Metrics by Findings" +msgstr "" + +#: dojo/metrics/views.py +msgid "Product Type Metrics by Affected Endpoints" +msgstr "" + +#: dojo/metrics/views.py +#, python-format +msgid "%(team_name)s Metrics" +msgstr "" + +#: dojo/metrics/views.py dojo/templates/base.html +msgid "Simple Metrics" +msgstr "" + +#: dojo/metrics/views.py +msgid "Please choose month and year and the Product Type." +msgstr "" + +#: dojo/metrics/views.py +msgid "Bi-Weekly Metrics" +msgstr "" + +#: dojo/metrics/views.py dojo/templates/base.html +msgid "Engineer Metrics" +msgstr "" + +#: dojo/models.py +msgid "Privacy" +msgstr "" + +#: dojo/models.py +msgid "Finance" +msgstr "" + +#: dojo/models.py +msgid "Education" +msgstr "" + +#: dojo/models.py +msgid "Medical" +msgstr "" + +#: dojo/models.py +msgid "Corporate" +msgstr "" + +#: dojo/models.py +msgid "Other" +msgstr "" + +#: dojo/models.py +msgid "The name of the regulation." +msgstr "" + +#: dojo/models.py +msgid "A shortened representation of the name." +msgstr "" + +#: dojo/models.py +msgid "The subject of the regulation." +msgstr "" + +#: dojo/models.py +msgid "The territory over which the regulation applies." +msgstr "" + +#: dojo/models.py +msgid "Information about the regulation's purpose." +msgstr "" + +#: dojo/models.py +msgid "An external URL for more information." +msgstr "" + +#: dojo/models.py +msgid "" +"Phone number must be entered in the format: '+999999999'. Up to 15 digits " +"allowed." +msgstr "" + +#: dojo/models.py +msgid "Email address associated with your slack account" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/view_user.html +msgid "Slack Email Address" +msgstr "" + +#: dojo/models.py +msgid "" +"Instead of async deduping a finding the findings will be deduped " +"synchronously and will 'block' the user until completion." +msgstr "" + +#: dojo/models.py +msgid "Forces this user to reset their password on next login." +msgstr "" + +#: dojo/models.py +msgid "AzureAD" +msgstr "" + +#: dojo/models.py +msgid "Enable audit logging" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned on, Dojo maintains an audit log of changes made to " +"entities (Findings, Tests, Engagements, Procuts, ...)If you run big import " +"you may want to disable this because the way django-auditlog currently " +"works, there's a big performance hit. Especially during (re-)imports." +msgstr "" + +#: dojo/models.py +msgid "Deduplicate findings" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned on, Dojo deduplicates findings by comparing " +"endpoints, cwe fields, and titles. If two findings share a URL and have the " +"same CWE or title, Dojo marks the less recent finding as a duplicate. When " +"deduplication is enabled, a list of deduplicated findings is added to the " +"engagement view." +msgstr "" + +#: dojo/models.py +msgid "Requires next setting: maximum number of duplicates to retain." +msgstr "" + +#: dojo/models.py +msgid "Max Duplicates" +msgstr "" + +#: dojo/models.py +msgid "" +"When enabled, if a single issue reaches the maximum number of duplicates, " +"the oldest will be deleted. Duplicate will not be deleted when left empty. A " +"value of 0 will remove all duplicates." +msgstr "" + +#: dojo/models.py +msgid "Enable JIRA integration" +msgstr "" + +#: dojo/models.py +msgid "Enable JIRA web hook" +msgstr "" + +#: dojo/models.py +msgid "" +"Please note: It is strongly recommended to use a secret below and / or IP " +"whitelist the JIRA server using a proxy such as Nginx." +msgstr "" + +#: dojo/models.py +msgid "Disable web hook secret" +msgstr "" + +#: dojo/models.py +msgid "" +"Allows incoming requests without a secret (discouraged legacy behaviour)" +msgstr "" + +#: dojo/models.py +msgid "JIRA Webhook URL" +msgstr "" + +#: dojo/models.py +msgid "Secret needed in URL for incoming JIRA Webhook" +msgstr "" + +#: dojo/models.py +msgid "JIRA issue labels space seperated" +msgstr "" + +#: dojo/models.py +msgid "Add vulnerability Id as a JIRA label" +msgstr "" + +#: dojo/models.py +msgid "Enable GITHUB integration" +msgstr "" + +#: dojo/models.py +msgid "Enable Slack notifications" +msgstr "" + +#: dojo/models.py +msgid "Optional. Needed if you want to send global notifications." +msgstr "" + +#: dojo/models.py +msgid "" +"Token required for interacting with Slack. Get one at https://api.slack.com/" +"tokens" +msgstr "" + +#: dojo/models.py +msgid "Optional. Will take your bot name otherwise." +msgstr "" + +#: dojo/models.py +msgid "Enable Microsoft Teams notifications" +msgstr "" + +#: dojo/models.py +msgid "The full URL of the incoming webhook" +msgstr "" + +#: dojo/models.py +msgid "" +"DefectDojo will automatically mark the finding as a false positive if the " +"finding has been previously marked as a false positive. Not needed when " +"using deduplication, advised to not combine these two." +msgstr "" + +#: dojo/models.py +msgid "URL prefix if DefectDojo is installed in it's own virtual subdirectory." +msgstr "" + +#: dojo/models.py +msgid "Enable Product Grading" +msgstr "" + +#: dojo/models.py +msgid "Displays a grade letter next to a product to show the overall health." +msgstr "" + +#: dojo/models.py +msgid "Grade A" +msgstr "" + +#: dojo/models.py +msgid "Percentage score for an 'A' >=" +msgstr "" + +#: dojo/models.py +msgid "Grade B" +msgstr "" + +#: dojo/models.py +msgid "Percentage score for a 'B' >=" +msgstr "" + +#: dojo/models.py +msgid "Grade C" +msgstr "" + +#: dojo/models.py +msgid "Percentage score for a 'C' >=" +msgstr "" + +#: dojo/models.py +msgid "Grade D" +msgstr "" + +#: dojo/models.py +msgid "Percentage score for a 'D' >=" +msgstr "" + +#: dojo/models.py +msgid "Grade F" +msgstr "" + +#: dojo/models.py +msgid "Percentage score for an 'F' <=" +msgstr "" + +#: dojo/models.py +msgid "Enable Benchmarks" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables Benchmarks such as the OWASP ASVS (Application Security Verification " +"Standard)" +msgstr "" + +#: dojo/models.py +msgid "Enable Remediation Advice" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables global remediation advice and matching on CWE and Title. The text " +"will be replaced for mitigation, impact and references on a finding. Useful " +"for providing consistent impact and remediation advice regardless of the " +"scanner." +msgstr "" + +#: dojo/models.py +msgid "Enable Engagement Auto-Close" +msgstr "" + +#: dojo/models.py +msgid "" +"Closes an engagement after 3 days (default) past due date including last " +"update." +msgstr "" + +#: dojo/models.py +msgid "Engagement Auto-Close Days" +msgstr "" + +#: dojo/models.py +msgid "" +"Closes an engagement after the specified number of days past due date " +"including last update." +msgstr "" + +#: dojo/models.py +msgid "Enable Finding SLA's" +msgstr "" + +#: dojo/models.py +msgid "Enables Finding SLA's for time to remediate." +msgstr "" + +#: dojo/models.py +msgid "Enable Notifiy SLA's Breach for active Findings" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables Notify when time to remediate according to Finding SLA's is breached " +"for active Findings." +msgstr "" + +#: dojo/models.py +msgid "Enable Notifiy SLA's Breach for active, verified Findings" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables Notify when time to remediate according to Finding SLA's is breached " +"for active, verified Findings." +msgstr "" + +#: dojo/models.py +msgid "Enable Notifiy SLA's Breach for Findings linked to JIRA" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables Notify when time to remediate according to Finding SLA's is breached " +"for Findings that are linked to JIRA issues." +msgstr "" + +#: dojo/models.py +msgid "Allow Anonymous Survey Responses" +msgstr "" + +#: dojo/models.py +msgid "Enable anyone with a link to the survey to answer a survey" +msgstr "" + +#: dojo/models.py +msgid "Custom Disclaimer" +msgstr "" + +#: dojo/models.py +msgid "" +"Include this custom disclaimer on all notifications and generated reports" +msgstr "" + +#: dojo/models.py +msgid "Default expiry period for risk acceptance form." +msgstr "" + +#: dojo/models.py +msgid "Risk acceptance expiration heads up days" +msgstr "" + +#: dojo/models.py +msgid "Notify X days before risk acceptance expires. Leave empty to disable." +msgstr "" + +#: dojo/models.py +msgid "Enable credentials" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, credentials will be disabled in the user " +"interface." +msgstr "" + +#: dojo/models.py +msgid "Enable questionnaires" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, questionnaires will be disabled in the user " +"interface." +msgstr "" + +#: dojo/models.py +msgid "Enable checklists" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, checklists will be disabled in the user " +"interface." +msgstr "" + +#: dojo/models.py +msgid "Enable Endpoint Metadata Import" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, endpoint metadata import will be disabled in " +"the user interface." +msgstr "" + +#: dojo/models.py +msgid "Enable Google Sheets Integration" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, the Google sheets integration will be disabled " +"in the user interface." +msgstr "" + +#: dojo/models.py +msgid "Enable Rules Framework" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, the rules framwork will be disabled in the " +"user interface." +msgstr "" + +#: dojo/models.py +msgid "Enable user profile for writing" +msgstr "" + +#: dojo/models.py +msgid "When turned on users can edit their profiles" +msgstr "" + +#: dojo/models.py +msgid "Enable Product Tracking Files" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, the product tracking files will be disabled in " +"the user interface." +msgstr "" + +#: dojo/models.py +msgid "Enable Finding Groups" +msgstr "" + +#: dojo/models.py +msgid "With this setting turned off, the Finding Groups will be disabled." +msgstr "" + +#: dojo/models.py +msgid "Enable Calendar" +msgstr "" + +#: dojo/models.py +msgid "" +"With this setting turned off, the Calendar will be disabled in the user " +"interface." +msgstr "" + +#: dojo/models.py +msgid "New users will be assigned to this group." +msgstr "" + +#: dojo/models.py +msgid "New users will be assigned to their default group with this role." +msgstr "" + +#: dojo/models.py +msgid "" +"New users will only be assigned to the default group, when their email " +"address matches this regex pattern. This is optional condition." +msgstr "" + +#: dojo/models.py +msgid "Minimum password length" +msgstr "" + +#: dojo/models.py +msgid "Requires user to set passwords greater than minimum length." +msgstr "" + +#: dojo/models.py +msgid "Maximum password length" +msgstr "" + +#: dojo/models.py +msgid "Requires user to set passwords less than maximum length." +msgstr "" + +#: dojo/models.py +msgid "Password must contain one digit" +msgstr "" + +#: dojo/models.py +msgid "Requires user passwords to contain at least one digit (0-9)." +msgstr "" + +#: dojo/models.py +msgid "Password must contain one special character" +msgstr "" + +#: dojo/models.py +msgid "" +"Requires user passwords to contain at least one special character (()[]{}|" +"\\`~!@#$%^&*_-+=;:'\",<>./?)." +msgstr "" + +#: dojo/models.py +msgid "Password must contain one lowercase letter" +msgstr "" + +#: dojo/models.py +msgid "Requires user passwords to contain at least one lowercase letter (a-z)." +msgstr "" + +#: dojo/models.py +msgid "Password must contain one uppercase letter" +msgstr "" + +#: dojo/models.py +msgid "Requires user passwords to contain at least one uppercase letter (A-Z)." +msgstr "" + +#: dojo/models.py +msgid "This role determines the permissions of the user to manage the group." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/profile.html +#: dojo/templates/dojo/view_user.html +msgid "Group role" +msgstr "" + +#: dojo/models.py +msgid "The global role will be applied to all product types and products." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/view_user.html +msgid "Global role" +msgstr "" + +#: dojo/models.py +msgid "Custom SLA Name" +msgstr "" + +#: dojo/models.py +msgid "A unique name for the set of SLAs." +msgstr "" + +#: dojo/models.py +msgid "Critical Finding SLA Days" +msgstr "" + +#: dojo/models.py +msgid "number of days to remediate a critical finding." +msgstr "" + +#: dojo/models.py +msgid "High Finding SLA Days" +msgstr "" + +#: dojo/models.py +msgid "number of days to remediate a high finding." +msgstr "" + +#: dojo/models.py +msgid "Medium Finding SLA Days" +msgstr "" + +#: dojo/models.py +msgid "number of days to remediate a medium finding." +msgstr "" + +#: dojo/models.py +msgid "Low Finding SLA Days" +msgstr "" + +#: dojo/models.py +msgid "number of days to remediate a low finding." +msgstr "" + +#: dojo/models.py +msgid "API" +msgstr "" + +#: dojo/models.py +msgid "Desktop" +msgstr "" + +#: dojo/models.py +msgid "Internet of Things" +msgstr "" + +#: dojo/models.py +msgid "Mobile" +msgstr "" + +#: dojo/models.py +msgid "Web" +msgstr "" + +#: dojo/models.py +msgid "Construction" +msgstr "" + +#: dojo/models.py +msgid "Production" +msgstr "" + +#: dojo/models.py +msgid "Retirement" +msgstr "" + +#: dojo/models.py +msgid "Third Party Library" +msgstr "" + +#: dojo/models.py +msgid "Purchased" +msgstr "" + +#: dojo/models.py +msgid "Contractor Developed" +msgstr "" + +#: dojo/models.py +msgid "Internally Developed" +msgstr "" + +#: dojo/models.py +msgid "Open Source" +msgstr "" + +#: dojo/models.py +msgid "Outsourced" +msgstr "" + +#: dojo/models.py +msgid "Very High" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/metrics.html +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_metrics.html +msgid "High" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/metrics.html +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_metrics.html +msgid "Medium" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/metrics.html +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_metrics.html +msgid "Low" +msgstr "" + +#: dojo/models.py +msgid "Very Low" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/mail/scan_added.tpl +msgid "None" +msgstr "" + +#: dojo/models.py +msgid "Estimate the number of user records within the application." +msgstr "" + +#: dojo/models.py +msgid "Estimate the application's revenue." +msgstr "" + +#: dojo/models.py +msgid "Specify if the application is used by people outside the organization." +msgstr "" + +#: dojo/models.py +msgid "Specify if the application is accessible from the public internet." +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this product. Choose from the list or add new " +"tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "Allows simple risk acceptance by checking/unchecking a checkbox." +msgstr "" + +#: dojo/models.py +msgid "" +"Allows full risk acceptance using a risk acceptance form, expiration date, " +"uploaded proof, etc." +msgstr "" + +#: dojo/models.py +msgid "Additional definitions that will be consumed by scanner" +msgstr "" + +#: dojo/models.py +msgid "Title for SSH/API Key" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/profile.html dojo/user/views.py +msgid "API Key" +msgstr "" + +#: dojo/models.py +msgid "Location of network testing: Examples: VPN, Internet or Internal." +msgstr "" + +#: dojo/models.py +msgid "Brief description of preset." +msgstr "" + +#: dojo/models.py +msgid "" +"Description of what needs to be tested or setting up environment for testing" +msgstr "" + +#: dojo/models.py +msgid "Scope of Engagement testing, IP's/Resources/URL's)" +msgstr "" + +#: dojo/models.py +msgid "Version of the product the engagement tested." +msgstr "" + +#: dojo/models.py +msgid "Settings and notes for performing this engagement." +msgstr "" + +#: dojo/models.py +msgid "Link to epic or ticket system with changes to version." +msgstr "" + +#: dojo/models.py +msgid "Build ID of the product the engagement tested." +msgstr "" + +#: dojo/models.py +msgid "Build ID" +msgstr "" + +#: dojo/models.py +msgid "Commit hash from repo" +msgstr "" + +#: dojo/models.py +msgid "Commit Hash" +msgstr "" + +#: dojo/models.py +msgid "Tag or branch of the product the engagement tested." +msgstr "" + +#: dojo/models.py +msgid "Branch/Tag" +msgstr "" + +#: dojo/models.py +msgid "Build Server" +msgstr "" + +#: dojo/models.py +msgid "Build server responsible for CI/CD test" +msgstr "" + +#: dojo/models.py +msgid "SCM Server" +msgstr "" + +#: dojo/models.py +msgid "Source code server for CI/CD test" +msgstr "" + +#: dojo/models.py +msgid "Repo" +msgstr "" + +#: dojo/models.py +msgid "Resource link to source code" +msgstr "" + +#: dojo/models.py +msgid "Orchestration Engine" +msgstr "" + +#: dojo/models.py +msgid "Orchestration service responsible for CI/CD test" +msgstr "" + +#: dojo/models.py +msgid "Deduplication within this engagement only" +msgstr "" + +#: dojo/models.py +msgid "" +"If enabled deduplication will only mark a finding in this engagement as " +"duplicate of another finding if both findings are in this engagement. If " +"disabled, deduplication is on the product level." +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this engagement. Choose from the list or add new " +"tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "The communication protocol/scheme such as 'http', 'ftp', 'dns', etc." +msgstr "" + +#: dojo/models.py +msgid "User info as 'alice', 'bob', etc." +msgstr "" + +#: dojo/models.py +msgid "" +"The host name or IP address. It must not include the port number. For " +"example '127.0.0.1', 'localhost', 'yourdomain.com'." +msgstr "" + +#: dojo/models.py +msgid "The network port associated with the endpoint." +msgstr "" + +#: dojo/models.py +msgid "" +"The location of the resource, it must not start with a '/'. For example " +"endpoint/420/edit" +msgstr "" + +#: dojo/models.py +msgid "" +"The query string, the question mark should be omitted.For example " +"'group=4&team=8'" +msgstr "" + +#: dojo/models.py +msgid "" +"The fragment identifier which follows the hash mark. The hash mark should be " +"omitted. For example 'section-13', 'paragraph-2'." +msgstr "" + +#: dojo/models.py dojo/templates/base.html +#: dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +msgid "Findings" +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this endpoint. Choose from the list or add new " +"tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "SonarQube issue key" +msgstr "" + +#: dojo/models.py +msgid "SonarQube issue status" +msgstr "" + +#: dojo/models.py +msgid "SonarQube issue type" +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this test. Choose from the list or add new tags. " +"Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "Build ID that was tested, a reimport may update this field." +msgstr "" + +#: dojo/models.py +msgid "Commit hash tested, a reimport may update this field." +msgstr "" + +#: dojo/models.py +msgid "Tag or branch that was tested, a reimport may update this field." +msgstr "" + +#: dojo/models.py +msgid "API Scan Configuration" +msgstr "" + +#: dojo/models.py dojo/templates/dojo/alerts.html +#: dojo/templates/dojo/simple_search.html dojo/templates/dojo/users.html +#: dojo/templates/dojo/view_user.html +#: dojo/templates/notifications/mail/sla_breach.tpl +msgid "Title" +msgstr "" + +#: dojo/models.py +msgid "A short description of the flaw." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/pt_counts.html +#: dojo/templates/dojo/simple_search.html +msgid "Date" +msgstr "" + +#: dojo/models.py +msgid "The date the flaw was discovered." +msgstr "" + +#: dojo/models.py +msgid "SLA Start Date" +msgstr "" + +#: dojo/models.py +msgid "" +"(readonly)The date used as start date for SLA calculation. Set by expiring " +"risk acceptances. Empty by default, causing a fallback to 'date'." +msgstr "" + +#: dojo/models.py +msgid "CWE" +msgstr "" + +#: dojo/models.py +msgid "The CWE number associated with this flaw." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/simple_search.html +msgid "Vulnerability Id" +msgstr "" + +#: dojo/models.py +msgid "" +"An id of a vulnerability in a security advisory associated with this " +"finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other " +"sources." +msgstr "" + +#: dojo/models.py +msgid "CVSS v3" +msgstr "" + +#: dojo/models.py +msgid "" +"Common Vulnerability Scoring System version 3 (CVSSv3) score associated with " +"this flaw." +msgstr "" + +#: dojo/models.py +msgid "CVSSv3 score" +msgstr "" + +#: dojo/models.py +msgid "" +"Numerical CVSSv3 score for the vulnerability. If the vector is given, the " +"score is updated while saving the finding" +msgstr "" + +#: dojo/models.py +msgid "URL" +msgstr "" + +#: dojo/models.py +msgid "External reference that provides more information about this flaw." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/metrics.html +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/mail/sla_breach.tpl +#: dojo/templates/notifications/msteams/sla_breach.tpl +msgid "Severity" +msgstr "" + +#: dojo/models.py +msgid "" +"The severity level of this flaw (Critical, High, Medium, Low, Informational)." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/alerts.html +#: dojo/templates/dojo/metrics.html dojo/templates/dojo/simple_search.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "Description" +msgstr "" + +#: dojo/models.py +msgid "Longer more descriptive information about the flaw." +msgstr "" + +#: dojo/models.py +msgid "Mitigation" +msgstr "" + +#: dojo/models.py +msgid "Text describing how to best fix the flaw." +msgstr "" + +#: dojo/models.py +msgid "Impact" +msgstr "" + +#: dojo/models.py +msgid "" +"Text describing the impact this flaw has on systems, products, enterprise, " +"etc." +msgstr "" + +#: dojo/models.py +msgid "Steps to Reproduce" +msgstr "" + +#: dojo/models.py +msgid "" +"Text describing the steps that must be followed in order to reproduce the " +"flaw / bug." +msgstr "" + +#: dojo/models.py +msgid "Severity Justification" +msgstr "" + +#: dojo/models.py +msgid "Text describing why a certain severity was associated with this flaw." +msgstr "" + +#: dojo/models.py dojo/templates/base.html +#: dojo/templates/dojo/simple_search.html +msgid "Endpoints" +msgstr "" + +#: dojo/models.py +msgid "" +"The hosts within the product that are susceptible to this flaw. + The status " +"of the endpoint associated with this flaw (Vulnerable, Mitigated, ...)." +msgstr "" + +#: dojo/models.py +msgid "References" +msgstr "" + +#: dojo/models.py +msgid "The external documentation available for this flaw." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/msteams/test_added.tpl dojo/test/views.py +msgid "Test" +msgstr "" + +#: dojo/models.py +msgid "The test that is associated with this flaw." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/users.html +#: dojo/templates/dojo/view_user.html +msgid "Active" +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw is active or not." +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw has been manually verified by the tester." +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw has been deemed a false positive by the tester." +msgstr "" + +#: dojo/models.py +msgid "Duplicate" +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw is a duplicate of other flaws reported." +msgstr "" + +#: dojo/models.py +msgid "Duplicate Finding" +msgstr "" + +#: dojo/models.py +msgid "Link to the original finding if this finding is a duplicate." +msgstr "" + +#: dojo/models.py +msgid "" +"Denotes if this flaw falls outside the scope of the test and/or engagement." +msgstr "" + +#: dojo/models.py +msgid "Denotes if this finding has been marked as an accepted risk." +msgstr "" + +#: dojo/models.py +msgid "Denotes is this flaw is currently being reviewed." +msgstr "" + +#: dojo/models.py +msgid "Last Status Update" +msgstr "" + +#: dojo/models.py +msgid "Timestamp of latest status update (change in status related fields)." +msgstr "" + +#: dojo/models.py +msgid "Review Requested By" +msgstr "" + +#: dojo/models.py +msgid "Documents who requested a review for this finding." +msgstr "" + +#: dojo/models.py +msgid "Reviewers" +msgstr "" + +#: dojo/models.py +msgid "Documents who reviewed the flaw." +msgstr "" + +#: dojo/models.py +msgid "Under Defect Review" +msgstr "" + +#: dojo/models.py +msgid "Denotes if this finding is under defect review." +msgstr "" + +#: dojo/models.py +msgid "Defect Review Requested By" +msgstr "" + +#: dojo/models.py +msgid "Documents who requested a defect review for this flaw." +msgstr "" + +#: dojo/models.py +msgid "Is Mitigated" +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw has been fixed." +msgstr "" + +#: dojo/models.py +msgid "Thread ID" +msgstr "" + +#: dojo/models.py +msgid "Mitigated" +msgstr "" + +#: dojo/models.py +msgid "Denotes if this flaw has been fixed by storing the date it was fixed." +msgstr "" + +#: dojo/models.py +msgid "Mitigated By" +msgstr "" + +#: dojo/models.py +msgid "Documents who has marked this flaw as fixed." +msgstr "" + +#: dojo/models.py dojo/templates/dojo/metrics.html +msgid "Reporter" +msgstr "" + +#: dojo/models.py +msgid "Documents who reported the flaw." +msgstr "" + +#: dojo/models.py +msgid "Notes" +msgstr "" + +#: dojo/models.py +msgid "Stores information pertinent to the flaw or the mitigation." +msgstr "" + +#: dojo/models.py +msgid "Numerical Severity" +msgstr "" + +#: dojo/models.py +msgid "The numerical representation of the severity (S0, S1, S2, S3, S4)." +msgstr "" + +#: dojo/models.py +msgid "Last Reviewed" +msgstr "" + +#: dojo/models.py +msgid "Provides the date the flaw was last 'touched' by a tester." +msgstr "" + +#: dojo/models.py +msgid "Last Reviewed By" +msgstr "" + +#: dojo/models.py +msgid "Provides the person who last reviewed the flaw." +msgstr "" + +#: dojo/models.py +msgid "Files" +msgstr "" + +#: dojo/models.py +msgid "Files(s) related to the flaw." +msgstr "" + +#: dojo/models.py +msgid "Parameter" +msgstr "" + +#: dojo/models.py +msgid "Parameter used to trigger the issue (DAST)." +msgstr "" + +#: dojo/models.py +msgid "Payload" +msgstr "" + +#: dojo/models.py +msgid "" +"Payload used to attack the service / application and trigger the bug / " +"problem." +msgstr "" + +#: dojo/models.py +msgid "Hash Code" +msgstr "" + +#: dojo/models.py +msgid "" +"A hash over a configurable set of fields that is used for findings " +"deduplication." +msgstr "" + +#: dojo/models.py +msgid "Line number" +msgstr "" + +#: dojo/models.py +msgid "Source line number of the attack vector." +msgstr "" + +#: dojo/models.py +msgid "File path" +msgstr "" + +#: dojo/models.py +msgid "Identified file(s) containing the flaw." +msgstr "" + +#: dojo/models.py +msgid "Component name" +msgstr "" + +#: dojo/models.py +msgid "Name of the affected component (library name, part of a system, ...)." +msgstr "" + +#: dojo/models.py +msgid "Component version" +msgstr "" + +#: dojo/models.py +msgid "Version of the affected component." +msgstr "" + +#: dojo/models.py +msgid "Found by" +msgstr "" + +#: dojo/models.py +msgid "The name of the scanner that identified the flaw." +msgstr "" + +#: dojo/models.py +msgid "Static finding (SAST)" +msgstr "" + +#: dojo/models.py +msgid "" +"Flaw has been detected from a Static Application Security Testing tool " +"(SAST)." +msgstr "" + +#: dojo/models.py +msgid "Dynamic finding (DAST)" +msgstr "" + +#: dojo/models.py +msgid "" +"Flaw has been detected from a Dynamic Application Security Testing tool " +"(DAST)." +msgstr "" + +#: dojo/models.py +msgid "Created" +msgstr "" + +#: dojo/models.py +msgid "The date the finding was created inside DefectDojo." +msgstr "" + +#: dojo/models.py +msgid "Scanner confidence" +msgstr "" + +#: dojo/models.py +msgid "Confidence level of vulnerability which is supplied by the scanner." +msgstr "" + +#: dojo/models.py +msgid "The SonarQube issue associated with this finding." +msgstr "" + +#: dojo/models.py +msgid "SonarQube issue" +msgstr "" + +#: dojo/models.py +msgid "Unique ID from tool" +msgstr "" + +#: dojo/models.py +msgid "" +"Vulnerability technical id from the source tool. Allows to track unique " +"vulnerabilities." +msgstr "" + +#: dojo/models.py +msgid "Vulnerability ID from tool" +msgstr "" + +#: dojo/models.py +msgid "" +"Non-unique technical id from the source tool associated with the " +"vulnerability type." +msgstr "" + +#: dojo/models.py +msgid "SAST Source Object" +msgstr "" + +#: dojo/models.py +msgid "Source object (variable, function...) of the attack vector." +msgstr "" + +#: dojo/models.py +msgid "SAST Sink Object" +msgstr "" + +#: dojo/models.py +msgid "Sink object (variable, function...) of the attack vector." +msgstr "" + +#: dojo/models.py +msgid "SAST Source Line number" +msgstr "" + +#: dojo/models.py +msgid "SAST Source File Path" +msgstr "" + +#: dojo/models.py +msgid "Source file path of the attack vector." +msgstr "" + +#: dojo/models.py +msgid "Number of occurences" +msgstr "" + +#: dojo/models.py +msgid "" +"Number of occurences in the source tool when several vulnerabilites were " +"found and aggregated by the scanner." +msgstr "" + +#: dojo/models.py +msgid "Publish date" +msgstr "" + +#: dojo/models.py +msgid "Date when this vulnerability was made publicly available." +msgstr "" + +#: dojo/models.py +msgid "Service" +msgstr "" + +#: dojo/models.py +msgid "" +"A service is a self-contained piece of functionality within a Product. This " +"is an optional field which is used in deduplication of findings when set." +msgstr "" + +#: dojo/models.py +msgid "Planned Remediation Date" +msgstr "" + +#: dojo/models.py +msgid "Planned remediation version" +msgstr "" + +#: dojo/models.py +msgid "The date the flaw is expected to be remediated." +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this finding. Choose from the list or add new " +"tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "Template Match Enabled" +msgstr "" + +#: dojo/models.py +msgid "" +"Enables this template for matching remediation advice. Match will be applied " +"to all active, verified findings by CWE." +msgstr "" + +#: dojo/models.py +msgid "Match Template by Title and CWE" +msgstr "" + +#: dojo/models.py +msgid "Matches by title text (contains search) and CWE." +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this finding template. Choose from the list or " +"add new tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "" +"Descriptive name which in the future may also be used to group risk " +"acceptances together across engagements and products" +msgstr "" + +#: dojo/models.py +msgid "Recommendation from the security team." +msgstr "" + +#: dojo/models.py +msgid "Security Recommendation" +msgstr "" + +#: dojo/models.py +msgid "Explanation of security recommendation" +msgstr "" + +#: dojo/models.py +msgid "Security Recommendation Details" +msgstr "" + +#: dojo/models.py +msgid "Risk treatment decision by risk owner" +msgstr "" + +#: dojo/models.py +msgid "" +"If a compensating control exists to mitigate the finding or reduce risk, " +"then list the compensating control(s)." +msgstr "" + +#: dojo/models.py +msgid "Accepted By" +msgstr "" + +#: dojo/models.py +msgid "The person that accepts the risk, can be outside of DefectDojo." +msgstr "" + +#: dojo/models.py +msgid "Proof" +msgstr "" + +#: dojo/models.py +msgid "" +"User in DefectDojo owning this acceptance. Only the owner and staff users " +"can edit the risk acceptance." +msgstr "" + +#: dojo/models.py +msgid "" +"When the risk acceptance expires, the findings will be reactivated (unless " +"disabled below)." +msgstr "" + +#: dojo/models.py +msgid "" +"(readonly) Date at which notice about the risk acceptance expiration was " +"sent." +msgstr "" + +#: dojo/models.py +msgid "" +"(readonly) When the risk acceptance expiration was handled (manually or by " +"the daily job)." +msgstr "" + +#: dojo/models.py +msgid "Reactivate findings on expiration" +msgstr "" + +#: dojo/models.py +msgid "Reactivate findings when risk acceptance expires?" +msgstr "" + +#: dojo/models.py +msgid "Restart SLA on expiration" +msgstr "" + +#: dojo/models.py +msgid "" +"When enabled, the SLA for findings is restarted when the risk acceptance " +"expires." +msgstr "" + +#: dojo/models.py +msgid "" +"This dismissable message will be displayed on all pages for authenticated " +"users. It can contain basic html tags, for example https://example.com" +msgstr "" + +#: dojo/models.py +msgid "The style of banner to display. (info, success, warning, danger)" +msgstr "" + +#: dojo/models.py +msgid "" +"This message will be displayed on the login page. It can contain basic html " +"tags, for example https://example.com" +msgstr "" + +#: dojo/models.py +msgid "Enter a name to give to this configuration" +msgstr "" + +#: dojo/models.py +msgid "Enter your Github API Key" +msgstr "" + +#: dojo/models.py +msgid "GitHub issue URL" +msgstr "" + +#: dojo/models.py +msgid "Github project" +msgstr "" + +#: dojo/models.py +msgid "Specify your project location. (:user/:repo)" +msgstr "" + +#: dojo/models.py +msgid "Github Configuration" +msgstr "" + +#: dojo/models.py +msgid "" +"Notes added to findings will be automatically added to the corresponding " +"github issue" +msgstr "" + +#: dojo/models.py +msgid "JIRA URL" +msgstr "" + +#: dojo/models.py +msgid "" +"For more information how to configure Jira, read the DefectDojo " +"documentation." +msgstr "" + +#: dojo/models.py +msgid "You can define extra issue types in settings.py" +msgstr "" + +#: dojo/models.py +msgid "" +"Choose the folder containing the Django templates used to render the JIRA " +"issue description. These are stored in dojo/templates/issue-trackers. Leave " +"empty to use the default jira_full templates." +msgstr "" + +#: dojo/models.py +msgid "" +"To obtain the 'Epic name id' visit https:///rest/api/2/field " +"and search for Epic Name. Copy the number out of cf[number] and paste it " +"here." +msgstr "" + +#: dojo/models.py +msgid "Reopen Transition ID" +msgstr "" + +#: dojo/models.py +msgid "" +"Transition ID to Re-Open JIRA issues, visit https:///rest/api/" +"latest/issue//transitions?expand=transitions.fields to " +"find the ID for your JIRA instance" +msgstr "" + +#: dojo/models.py +msgid "Close Transition ID" +msgstr "" + +#: dojo/models.py +msgid "" +"Transition ID to Close JIRA issues, visit https:///rest/api/" +"latest/issue//transitions?expand=transitions.fields to " +"find the ID for your JIRA instance" +msgstr "" + +#: dojo/models.py +msgid "Maps to the 'Priority' field in Jira. For example: Info" +msgstr "" + +#: dojo/models.py +msgid "Maps to the 'Priority' field in Jira. For example: Low" +msgstr "" + +#: dojo/models.py +msgid "Maps to the 'Priority' field in Jira. For example: Medium" +msgstr "" + +#: dojo/models.py +msgid "Maps to the 'Priority' field in Jira. For example: High" +msgstr "" + +#: dojo/models.py +msgid "Maps to the 'Priority' field in Jira. For example: Critical" +msgstr "" + +#: dojo/models.py +msgid "" +"Additional text that will be added to the finding in Jira. For example " +"including how the finding was created or who to contact for more information." +msgstr "" + +#: dojo/models.py +msgid "" +"JIRA resolution names (comma-separated values) that maps to an Accepted " +"Finding" +msgstr "" + +#: dojo/models.py +msgid "" +"JIRA resolution names (comma-separated values) that maps to a False Positive " +"Finding" +msgstr "" + +#: dojo/models.py +msgid "Globally send SLA notifications as comment?" +msgstr "" + +#: dojo/models.py +msgid "This setting can be overidden at the Product level" +msgstr "" + +#: dojo/models.py +msgid "JIRA Instance" +msgstr "" + +#: dojo/models.py +msgid "" +"JIRA custom field JSON mapping of Id to value, e.g. {\"customfield_10122\": " +"[{\"name\": \"8.0.1\"}]}" +msgstr "" + +#: dojo/models.py +msgid "" +"JIRA default assignee (name). If left blank then it defaults to whatever is " +"configured in JIRA." +msgstr "" + +#: dojo/models.py +msgid "" +"Automatically maintain parity with JIRA. Always create and update JIRA " +"tickets for findings in this Product." +msgstr "" + +#: dojo/models.py +msgid "Send SLA notifications as comment?" +msgstr "" + +#: dojo/models.py +msgid "Send Risk Acceptance expiration notifications as comment?" +msgstr "" + +#: dojo/models.py +msgid "Jira creation" +msgstr "" + +#: dojo/models.py +msgid "The date a Jira issue was created from this finding." +msgstr "" + +#: dojo/models.py +msgid "Jira last update" +msgstr "" + +#: dojo/models.py +msgid "The date the linked Jira issue was last modified." +msgstr "" + +#: dojo/models.py +msgid "" +"Triggered whenever an (re-)import has been done that created/updated/closed " +"findings." +msgstr "" + +#: dojo/models.py +msgid "JIRA problems" +msgstr "" + +#: dojo/models.py +msgid "" +"JIRA sync happens in the background, errors will be shown as notifications/" +"alerts so make sure to subscribe" +msgstr "" + +#: dojo/models.py +msgid "SLA breach" +msgstr "" + +#: dojo/models.py +msgid "Get notified of (upcoming) SLA breaches" +msgstr "" + +#: dojo/models.py +msgid "Risk Acceptance Expiration" +msgstr "" + +#: dojo/models.py +msgid "Get notified of (upcoming) Risk Acceptance expiries" +msgstr "" + +#: dojo/models.py +msgid "Succesfully" +msgstr "" + +#: dojo/models.py +msgid "Login is valid" +msgstr "" + +#: dojo/models.py +msgid "Credential" +msgstr "" + +#: dojo/models.py +msgid "Authentication Provider" +msgstr "" + +#: dojo/models.py +msgid "HTML color" +msgstr "" + +#: dojo/models.py +msgid "Number of files" +msgstr "" + +#: dojo/models.py +msgid "Number of blank lines" +msgstr "" + +#: dojo/models.py +msgid "Number of comment lines" +msgstr "" + +#: dojo/models.py +msgid "Number of code lines" +msgstr "" + +#: dojo/models.py +msgid "Confidence level" +msgstr "" + +#: dojo/models.py +msgid "Version Number" +msgstr "" + +#: dojo/models.py +msgid "Full file path" +msgstr "" + +#: dojo/models.py +msgid "Folder" +msgstr "" + +#: dojo/models.py +msgid "Artifact" +msgstr "" + +#: dojo/models.py +msgid "" +"Add tags that help describe this object. Choose from the list or add new " +"tags. Press Enter key to add." +msgstr "" + +#: dojo/models.py +msgid "Test Unique Identifier" +msgstr "" + +#: dojo/models.py +msgid "Name of the test" +msgstr "" + +#: dojo/models.py +msgid "Summary of the test" +msgstr "" + +#: dojo/models.py +msgid "Objective of the test" +msgstr "" + +#: dojo/models.py +msgid "How to test the objective" +msgstr "" + +#: dojo/models.py +msgid "What the results look like for a test" +msgstr "" + +#: dojo/models.py +msgid "Benchmark Type" +msgstr "" + +#: dojo/models.py +msgid "Pass" +msgstr "" + +#: dojo/models.py +msgid "Does the product meet the requirement?" +msgstr "" + +#: dojo/models.py +msgid "Applicable for this specific product." +msgstr "" + +#: dojo/models.py +msgid "Total number of active benchmarks for this application." +msgstr "" + +#: dojo/models.py +msgid "ASVS Level 1 Score" +msgstr "" + +#: dojo/models.py +msgid "ASVS Level 2 Score" +msgstr "" + +#: dojo/models.py +msgid "ASVS Level 3 Score" +msgstr "" + +#: dojo/models.py +msgid "Publish score to Product." +msgstr "" + +#: dojo/models.py +msgid "The render order" +msgstr "" + +#: dojo/models.py +msgid "If selected, user doesn't have to answer this question" +msgstr "" + +#: dojo/models.py +msgid "The question text" +msgstr "" + +#: dojo/models.py +msgid "Select one or more" +msgstr "" + +#: dojo/models.py +msgid "Engagement Survey" +msgstr "" + +#: dojo/models.py +msgid "Answered Engagement Survey" +msgstr "" + +#: dojo/models.py +msgid "Answered Engagement Surveys" +msgstr "" + +#: dojo/models.py +msgid "General Engagement Survey" +msgstr "" + +#: dojo/models.py +msgid "General Engagement Surveys" +msgstr "" + +#: dojo/models.py +msgid "The answer text" +msgstr "" + +#: dojo/models.py +msgid "The selected choices as the answer" +msgstr "" + +#: dojo/notes/views.py +msgid "Note deleted." +msgstr "" + +#: dojo/notes/views.py +msgid "Note was not succesfully deleted." +msgstr "" + +#: dojo/notes/views.py +msgid "Note edited." +msgstr "" + +#: dojo/notes/views.py +msgid "Note was not succesfully edited." +msgstr "" + +#: dojo/notifications/helper.py +#, python-format +msgid "Product %(title)s has been created successfully." +msgstr "" + +#: dojo/notifications/helper.py +#, python-format +msgid "Product Type %(title)s has been created successfully." +msgstr "" + +#: dojo/notifications/helper.py +#, python-format +msgid "Event %(event)s has occurred." +msgstr "" + +#: dojo/notifications/views.py +msgid "Settings saved." +msgstr "" + +#: dojo/notifications/views.py +msgid "Personal notification settings" +msgstr "" + +#: dojo/notifications/views.py +msgid "System notification settings" +msgstr "" + +#: dojo/notifications/views.py +msgid "Template notification settings" +msgstr "" + +#: dojo/product/views.py +msgid "Product List" +msgstr "" + +#: dojo/product/views.py dojo/templates/dojo/metrics.html +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_search.html +#: dojo/templates/dojo/view_user.html +#: dojo/templates/notifications/msteams/engagement_added.tpl +#: dojo/templates/notifications/msteams/product_added.tpl +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/msteams/scan_added.tpl +#: dojo/templates/notifications/msteams/sla_breach.tpl +#: dojo/templates/notifications/msteams/test_added.tpl +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "Product" +msgstr "" + +#: dojo/product/views.py dojo/templates/base.html +msgid "All Engagements" +msgstr "" + +#: dojo/product/views.py +msgid "Product added successfully." +msgstr "" + +#: dojo/product/views.py +msgid "GitHub information added successfully." +msgstr "" + +#: dojo/product/views.py +msgid "This label is automatically applied to all issues created by DefectDojo" +msgstr "" + +#: dojo/product/views.py +msgid "New Product" +msgstr "" + +#: dojo/product/views.py +msgid "Product updated successfully." +msgstr "" + +#: dojo/product/views.py +msgid "GITHUB information updated successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Edit Product" +msgstr "" + +#: dojo/product/views.py +msgid "Product and relationships will be removed in the background." +msgstr "" + +#: dojo/product/views.py +msgid "Product and relationships removed." +msgstr "" + +#: dojo/product/views.py +#, python-format +msgid "Deletion of %(name)s" +msgstr "" + +#: dojo/product/views.py +#, python-format +msgid "The product \"%(name)s\" was deleted by %(user)s" +msgstr "" + +#: dojo/product/views.py +msgid "Engagement added successfully." +msgstr "" + +#: dojo/product/views.py +msgid "New CI/CD Engagement" +msgstr "" + +#: dojo/product/views.py +msgid "New Interactive Engagement" +msgstr "" + +#: dojo/product/views.py +msgid "Technology added successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Add Technology" +msgstr "" + +#: dojo/product/views.py +msgid "Technology changed successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Edit Technology" +msgstr "" + +#: dojo/product/views.py +msgid "Technology deleted successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Delete Technology" +msgstr "" + +#: dojo/product/views.py +msgid "Metadata added successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Add Metadata" +msgstr "" + +#: dojo/product/views.py +msgid "Metadata edited successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Edit Metadata" +msgstr "" + +#: dojo/product/views.py +msgid "Pen Test" +msgstr "" + +#: dojo/product/views.py +msgid "Ad Hoc Engagement" +msgstr "" + +#: dojo/product/views.py dojo/test/views.py +msgid "Can not set a finding as inactive without adding all mandatory notes" +msgstr "" + +#: dojo/product/views.py dojo/test/views.py +msgid "" +"Can not set a finding as false positive without adding all mandatory notes" +msgstr "" + +#: dojo/product/views.py dojo/test/views.py +msgid "" +"Can not set a finding as inactive or false positive without adding all " +"mandatory notes" +msgstr "" + +#: dojo/product/views.py +msgid "Finding added successfully." +msgstr "" + +#: dojo/product/views.py dojo/test/views.py +msgid "The form has errors, please correct them below." +msgstr "" + +#: dojo/product/views.py dojo/test/views.py +msgid "Add Finding" +msgstr "" + +#: dojo/product/views.py +msgid "Engagement Presets" +msgstr "" + +#: dojo/product/views.py +msgid "Edit Engagement Preset" +msgstr "" + +#: dojo/product/views.py +msgid "Engagement Preset Successfully Updated." +msgstr "" + +#: dojo/product/views.py +msgid "Engagement Preset Successfully Created." +msgstr "" + +#: dojo/product/views.py +msgid "New Engagement Preset" +msgstr "" + +#: dojo/product/views.py +msgid "Engagement presets and engagement relationships removed." +msgstr "" + +#: dojo/product/views.py +msgid "Delete Engagement Preset" +msgstr "" + +#: dojo/product/views.py +msgid "Notification settings updated." +msgstr "" + +#: dojo/product/views.py dojo/product_type/views.py +msgid "You are not permitted to add users as owners." +msgstr "" + +#: dojo/product/views.py dojo/user/views.py +msgid "Product members added successfully." +msgstr "" + +#: dojo/product/views.py dojo/user/views.py +msgid "Add Product Member" +msgstr "" + +#: dojo/product/views.py +msgid "You are not permitted to make users to owners." +msgstr "" + +#: dojo/product/views.py +msgid "Product member updated successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Edit Product Member" +msgstr "" + +#: dojo/product/views.py +msgid "Product member deleted successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Delete Product Member" +msgstr "" + +#: dojo/product/views.py +#, python-format +msgid "API connection successful with message: %(result)s." +msgstr "" + +#: dojo/product/views.py +msgid "API Scan Configuration added successfully." +msgstr "" + +#: dojo/product/views.py dojo/templates/base.html +#: dojo/templates/dojo/view_product_details.html +msgid "Add API Scan Configuration" +msgstr "" + +#: dojo/product/views.py +msgid "API Scan Configurations" +msgstr "" + +#: dojo/product/views.py +msgid "API Scan Configuration successfully updated." +msgstr "" + +#: dojo/product/views.py +msgid "Edit API Scan Configuration" +msgstr "" + +#: dojo/product/views.py +msgid "API Scan Configuration deleted." +msgstr "" + +#: dojo/product/views.py +msgid "Delete Tool Configuration" +msgstr "" + +#: dojo/product/views.py dojo/product_type/views.py +msgid "You are not permitted to make groups owners." +msgstr "" + +#: dojo/product/views.py +msgid "Product group updated successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Edit Product Group" +msgstr "" + +#: dojo/product/views.py +msgid "Product group deleted successfully." +msgstr "" + +#: dojo/product/views.py +msgid "Delete Product Group" +msgstr "" + +#: dojo/product/views.py dojo/product_type/views.py +msgid "You are not permitted to add groups as owners." +msgstr "" + +#: dojo/product/views.py +msgid "Product groups added successfully." +msgstr "" + +#: dojo/product_type/views.py dojo/templates/dojo/product_type.html +msgid "Product Type List" +msgstr "" + +#: dojo/product_type/views.py dojo/templates/base.html +#: dojo/templates/dojo/product_type.html +msgid "Add Product Type" +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type added successfully." +msgstr "" + +#: dojo/product_type/views.py +#: dojo/templates/notifications/msteams/product_type_added.tpl +msgid "View Product Type" +msgstr "" + +#: dojo/product_type/views.py +msgid "Previewing the relationships has been disabled." +msgstr "" + +#: dojo/product_type/views.py dojo/templates/dojo/delete_product_type.html +msgid "Delete Product Type" +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type updated successfully." +msgstr "" + +#: dojo/product_type/views.py dojo/user/views.py +msgid "Product type members added successfully." +msgstr "" + +#: dojo/product_type/views.py dojo/templates/dojo/view_product_type.html +#: dojo/user/views.py +msgid "Add Product Type Member" +msgstr "" + +#: dojo/product_type/views.py +msgid "Edit Product Type Member" +msgstr "" + +#: dojo/product_type/views.py +#, python-format +msgid "" +"There must be at least one owner for Product Type %(product_type_name)s." +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type member updated successfully." +msgstr "" + +#: dojo/product_type/views.py +msgid "There must be at least one owner." +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type member deleted successfully." +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type groups added successfully." +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type group updated successfully." +msgstr "" + +#: dojo/product_type/views.py +msgid "Product type group deleted successfully." +msgstr "" + +#: dojo/search/views.py +#, fuzzy +#| msgid "Search" +msgid "Simple Search" +msgstr "Поиск" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +msgid "Search" +msgstr "Поиск" + +#: dojo/templates/base.html dojo/user/views.py +msgid "API v2 Key" +msgstr "" + +#: dojo/templates/base.html +msgid "API v2 OpenAPI2 Docs" +msgstr "" + +#: dojo/templates/base.html +msgid "API v2 OpenAPI3 Docs" +msgstr "" + +#: dojo/templates/base.html +msgid "Documentation" +msgstr "" + +#: dojo/templates/base.html +msgid "SAML Logout" +msgstr "" + +#: dojo/templates/base.html +msgid "Logout" +msgstr "" + +#: dojo/templates/base.html +msgid "Dashboard" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +#: dojo/templates/dojo/view_product_type.html +msgid "Products" +msgstr "" + +#: dojo/templates/base.html +msgid "All Products" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/view_product_type.html +msgid "Add Product" +msgstr "" + +#: dojo/templates/base.html +msgid "All Product Types" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +msgid "Engagements" +msgstr "" + +#: dojo/templates/base.html +msgid "Active Engagements" +msgstr "" + +#: dojo/templates/base.html +msgid "Engagements by Product" +msgstr "" + +#: dojo/templates/base.html +msgid "Test Types" +msgstr "" + +#: dojo/templates/base.html +msgid "Environments" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +msgid "Open Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "All Findings" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/metrics.html +msgid "Closed Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "Risk Accepted Findings" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +msgid "Finding Templates" +msgstr "" + +#: dojo/templates/base.html +msgid "Components" +msgstr "" + +#: dojo/templates/base.html +msgid "All Components" +msgstr "" + +#: dojo/templates/base.html +msgid "All Endpoints" +msgstr "" + +#: dojo/templates/base.html +msgid "All Hosts" +msgstr "" + +#: dojo/templates/base.html +msgid "Vulnerable Endpoints" +msgstr "" + +#: dojo/templates/base.html +msgid "Vulnerable Hosts" +msgstr "" + +#: dojo/templates/base.html +msgid "Migrate Endpoints" +msgstr "" + +#: dojo/templates/base.html +msgid "Reports" +msgstr "" + +#: dojo/templates/base.html +msgid "Metrics Dashboard" +msgstr "" + +#: dojo/templates/base.html +msgid "Product Type Metrics" +msgstr "" + +#: dojo/templates/base.html +msgid "Product Type Counts" +msgstr "" + +#: dojo/templates/base.html +msgid "Product Tag Counts" +msgstr "" + +#: dojo/templates/base.html +msgid "Users" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/profile.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "Groups" +msgstr "" + +#: dojo/templates/base.html +msgid "Calendar" +msgstr "" + +#: dojo/templates/base.html +msgid "Questionnaires" +msgstr "" + +#: dojo/templates/base.html +msgid "All Questionnaires" +msgstr "" + +#: dojo/templates/base.html +msgid "All Questions" +msgstr "" + +#: dojo/templates/base.html +msgid "Configuration" +msgstr "" + +#: dojo/templates/base.html +msgid "Announcement" +msgstr "" + +#: dojo/templates/base.html +msgid "Credential Manager" +msgstr "" + +#: dojo/templates/base.html +msgid "GitHub" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/simple_search.html +#: dojo/templates/dojo/view_product_details.html +msgid "JIRA" +msgstr "" + +#: dojo/templates/base.html +msgid "Login banner" +msgstr "" + +#: dojo/templates/base.html +msgid "Note Types" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "Notifications" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "Regulations" +msgstr "" + +#: dojo/templates/base.html +msgid "Rules Framework" +msgstr "" + +#: dojo/templates/base.html +msgid "SLA Configuration" +msgstr "" + +#: dojo/templates/base.html +msgid "System Settings" +msgstr "" + +#: dojo/templates/base.html +msgid "Tool Configuration" +msgstr "" + +#: dojo/templates/base.html +msgid "Tool Type" +msgstr "" + +#: dojo/templates/base.html +msgid "Collapse Menu" +msgstr "" + +#: dojo/templates/base.html +msgid "Overview" +msgstr "" + +#: dojo/templates/base.html +msgid "View Engagements" +msgstr "" + +#: dojo/templates/base.html +msgid "Add New Interactive Engagement" +msgstr "" + +#: dojo/templates/base.html +msgid "Add New CI/CD Engagement" +msgstr "" + +#: dojo/templates/base.html +msgid "View Active Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "View Active Verified Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "View Critical Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "View Findings from Last 7 Days" +msgstr "" + +#: dojo/templates/base.html +msgid "View Risk Accepted Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "View All Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "View Closed Findings" +msgstr "" + +#: dojo/templates/base.html +msgid "Add New Finding" +msgstr "" + +#: dojo/templates/base.html +msgid "Import Scan Results" +msgstr "" + +#: dojo/templates/base.html +msgid "View Endpoints" +msgstr "" + +#: dojo/templates/base.html +msgid "View Hosts" +msgstr "" + +#: dojo/templates/base.html +msgid "View Vulnerable Endpoints" +msgstr "" + +#: dojo/templates/base.html +msgid "View Vulnerable Hosts" +msgstr "" + +#: dojo/templates/base.html +msgid "Endpoint Report" +msgstr "" + +#: dojo/templates/base.html +msgid "Add New Endpoint" +msgstr "" + +#: dojo/templates/base.html +msgid "Import Endpoint Meta" +msgstr "" + +#: dojo/templates/base.html +msgid "Benchmarks" +msgstr "" + +#: dojo/templates/base.html +msgid "Settings" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Edit" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "Add Custom Fields" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "Edit Custom Fields" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "View API Scan Configurations" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "Add Product Tracking Files" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/view_product_details.html +msgid "View Product Tracking Files" +msgstr "" + +#: dojo/templates/base.html +msgid "Add Credentials" +msgstr "" + +#: dojo/templates/base.html +msgid "View Credentials" +msgstr "" + +#: dojo/templates/base.html +msgid "Add Tools" +msgstr "" + +#: dojo/templates/base.html +msgid "View Tools" +msgstr "" + +#: dojo/templates/base.html +msgid "Add Engagement Presets" +msgstr "" + +#: dojo/templates/base.html +msgid "View Engagement Presets" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/users.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_user.html +msgid "View History" +msgstr "" + +#: dojo/templates/base.html dojo/templates/dojo/delete_product_type_group.html +#: dojo/templates/dojo/delete_product_type_member.html +#: dojo/templates/dojo/product_type.html dojo/templates/dojo/users.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Delete" +msgstr "" + +#: dojo/templates/base.html +msgid "DefectDojo Chop" +msgstr "" + +#: dojo/templates/base.html +msgid "See All Alerts" +msgstr "" + +#: dojo/templates/base.html +msgid "Clear All Alerts" +msgstr "" + +#: dojo/templates/base.html +msgid "No alerts found" +msgstr "" + +#: dojo/templates/dojo/add_user.html dojo/templates/dojo/profile.html +#: dojo/templates/dojo/view_user.html +msgid "Default Information" +msgstr "" + +#: dojo/templates/dojo/add_user.html dojo/templates/dojo/profile.html +msgid "Additional Contact Information" +msgstr "" + +#: dojo/templates/dojo/add_user.html dojo/templates/dojo/profile.html +#: dojo/templates/dojo/users.html +msgid "Global Role" +msgstr "" + +#: dojo/templates/dojo/add_user.html dojo/templates/dojo/edit_product_type.html +#: dojo/templates/dojo/edit_product_type_group.html +#: dojo/templates/dojo/edit_product_type_member.html +#: dojo/templates/dojo/edit_tool_type.html +#: dojo/templates/dojo/new_group_member_user.html +#: dojo/templates/dojo/new_product_member_user.html +#: dojo/templates/dojo/new_product_type.html +#: dojo/templates/dojo/new_product_type_group.html +#: dojo/templates/dojo/new_product_type_member.html +#: dojo/templates/dojo/new_product_type_member_user.html +#: dojo/templates/dojo/new_tool_type.html +#: dojo/templates/dojo/notifications.html dojo/templates/dojo/profile.html +msgid "Submit" +msgstr "" + +#: dojo/templates/dojo/alerts.html dojo/templates/dojo/simple_search.html +msgid "Type" +msgstr "" + +#: dojo/templates/dojo/alerts.html +#: dojo/templates/dojo/view_product_details.html +msgid "Source" +msgstr "" + +#: dojo/templates/dojo/alerts.html +msgid "Timeframe" +msgstr "" + +#: dojo/templates/dojo/alerts.html +msgid "Select all visible alerts" +msgstr "" + +#: dojo/templates/dojo/alerts.html +msgid "Remove selected" +msgstr "" + +#: dojo/templates/dojo/alerts.html +msgid "No alerts found." +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "Your current API key is" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "Your current API Authorization Header value is" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "Has your key been exposed? Are you ready for a new one?" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "Generate New Key" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "" +"Alternatively, you can use /api/v2/api-token-auth/ to get your token. " +"Example:" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "" +"To use your API Key you need to specify an Authorization header. Example:" +msgstr "" + +#: dojo/templates/dojo/api_v2_key.html +msgid "Here is a simple python example against the /users endpoint" +msgstr "" + +#: dojo/templates/dojo/change_pwd.html dojo/templates/dojo/profile.html +#: dojo/user/views.py +msgid "Change Password" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +#, python-format +msgid "%(name)s for %(start_date)s - %(end_date)s" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Measures Findings" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Measure Affected Endpoints" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Open Bug Count by Month" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Risk Accepted Bug Count by Month" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Open Bug Count by Week" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html dojo/templates/dojo/metrics.html +msgid "Risk Accepted Bug Count by Week" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +#, python-format +msgid "Top %(length)s Products By Bug Severity" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "Total Findings In Period By Severity" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "Total Findings Risk Accepted In Period By Severity" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "Total Findings Closed In Period By Severity" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "Weekly activity, displayed by day, of findings reported.*" +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "Week begins on date displayed." +msgstr "" + +#: dojo/templates/dojo/dashboard-metrics.html +msgid "* Weeks are only displayed if findings are available." +msgstr "" + +#: dojo/templates/dojo/delete_alerts.html +#, python-format +msgid "Delete All alerts %(product)s" +msgstr "" + +#: dojo/templates/dojo/delete_alerts.html +msgid "Delete all alerts will remove all alerts from this instance" +msgstr "" + +#: dojo/templates/dojo/delete_alerts.html +#: dojo/templates/dojo/delete_product_type.html +#: dojo/templates/dojo/delete_user.html +msgid "Danger Zone" +msgstr "" + +#: dojo/templates/dojo/delete_alerts.html +msgid "The following alerts will be deleted" +msgstr "" + +#: dojo/templates/dojo/delete_alerts.html +msgid "Delete Alert" +msgstr "" + +#: dojo/templates/dojo/delete_product_type.html +#, python-format +msgid "Delete Product Type %(product_type)s" +msgstr "" + +#: dojo/templates/dojo/delete_product_type.html +msgid "" +"Deleting this Product Type will remove any related objects associated\n" +" with it. These relationships are listed below:" +msgstr "" + +#: dojo/templates/dojo/delete_product_type.html +#: dojo/templates/dojo/delete_user.html +msgid "No relationships found." +msgstr "" + +#: dojo/templates/dojo/delete_user.html +#, python-format +msgid " Delete User %(to_delete)s" +msgstr "" + +#: dojo/templates/dojo/delete_user.html +msgid "" +"Deleting this User will remove any related objects associated with it. These " +"relationships are listed below:" +msgstr "" + +#: dojo/templates/dojo/delete_user.html dojo/user/views.py +msgid "Delete User" +msgstr "" + +#: dojo/templates/dojo/dismiss_announcement.html +msgid "Dismiss Announcement" +msgstr "" + +#: dojo/templates/dojo/dismiss_announcement.html +msgid "" +"Dismissing the announcement will remove the current announcement from your " +"view" +msgstr "" + +#: dojo/templates/dojo/edit_note.html +msgid "Edit Note" +msgstr "" + +#: dojo/templates/dojo/edit_note.html +msgid "Save" +msgstr "" + +#: dojo/templates/dojo/edit_product_type.html +#, python-format +msgid "Edit Product Type %(name)s" +msgstr "" + +#: dojo/templates/dojo/edit_product_type.html +msgid "Edit product type" +msgstr "" + +#: dojo/templates/dojo/edit_tool_type.html +msgid "Edit Tool Type Configuration" +msgstr "" + +#: dojo/templates/dojo/forgot_username.html +#: dojo/templates/dojo/forgot_username_done.html +msgid "Retrieve Username" +msgstr "" + +#: dojo/templates/dojo/forgot_username.html +msgid "" +"Forgotten your username? Enter your email address below, and we’ll email it " +"to you." +msgstr "" + +#: dojo/templates/dojo/forgot_username.html +msgid "Retreive my username" +msgstr "" + +#: dojo/templates/dojo/forgot_username_done.html +msgid "" +"We’ve emailed you information about your user account, if an account exists " +"with the email you entered. You should receive the requested information " +"shortly." +msgstr "" + +#: dojo/templates/dojo/forgot_username_done.html +#: dojo/templates/dojo/password_reset_done.html +msgid "" +"If you don’t receive an email, please make sure you’ve entered the address " +"you registered with, and check your spam folder." +msgstr "" + +#: dojo/templates/dojo/forgot_username_subject.html +#, python-format +msgid "Retrieve username on %(site_name)s" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Show Password" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "I forgot my password" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "I forgot my username" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Google" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with OKTA" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Azure AD" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Gitlab" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Auth0" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Github" +msgstr "" + +#: dojo/templates/dojo/login.html +msgid "Login with Github Enterprise" +msgstr "" + +#: dojo/templates/dojo/metrics.html +#, python-format +msgid "" +"%(name)s is affected by both critical and\n" +" high severity vulnerabilities." +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Critical Severity Vulnerabilities" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "High Severity Vulnerabilities" +msgstr "" + +#: dojo/templates/dojo/metrics.html +#, python-format +msgid "" +"\n" +" %(name)s is affected by critical " +"vulnerabilities." +msgstr "" + +#: dojo/templates/dojo/metrics.html +#, python-format +msgid "" +"\n" +" %(name)s is affected by high " +"severity vulnerabilities." +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Full Metrics" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "No Critical Products registered" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Active Bug Count by Month" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Metric Counts" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Top 10 Products
    by bug severity" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Detail Breakdown" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Opened Findings" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Accepted Findings" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Trending Open
    Bug Count" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Trending Accepted
    Bug Count" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Age of Issues" +msgstr "" + +#: dojo/templates/dojo/metrics.html dojo/templates/dojo/pt_counts.html +#: dojo/templates/dojo/simple_metrics.html +msgid "Critical" +msgstr "" + +#: dojo/templates/dojo/metrics.html dojo/templates/dojo/pt_counts.html +#: dojo/templates/dojo/simple_metrics.html +msgid "Total" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Team" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Days
    Open" +msgstr "" + +#: dojo/templates/dojo/metrics.html dojo/templates/dojo/simple_search.html +msgid "Status" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Opened During Period" +msgstr "" + +#: dojo/templates/dojo/metrics.html dojo/templates/dojo/simple_metrics.html +msgid "Info" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Accepted in Period" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Closed in Period" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Weekly" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Closed*" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Monthly" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "*Closed findings may have been opened outside of requested period." +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "By Week" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "By Month" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Days" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "Bug Count" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "0 - 30 Days" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "31 - 60 Days" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "61 - 90 Days" +msgstr "" + +#: dojo/templates/dojo/metrics.html +msgid "91+ Days" +msgstr "" + +#: dojo/templates/dojo/new_group_member_user.html +msgid "Add Some Group Members" +msgstr "" + +#: dojo/templates/dojo/new_product_member_user.html +msgid "Register new Product Members" +msgstr "" + +#: dojo/templates/dojo/new_product_type.html +msgid "Register a new Product Type" +msgstr "" + +#: dojo/templates/dojo/new_product_type_member.html +#: dojo/templates/dojo/new_product_type_member_user.html +msgid "Register new Product Type Members" +msgstr "" + +#: dojo/templates/dojo/new_tool_type.html +msgid "Add a Tool Type Configuration" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "System" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "Personal" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "Notification Settings" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "Scope" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "" +"Destinations for system notifications are configured in System Settings. " +"Destinations for personal notifications are taken from your personal contact " +"details (personal Slack notifications will be sent to you as a direct " +"message)." +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "Template" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "" +"These notification settings apply globally to all products and will " +"be sent to all superusers." +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "" +"These notification settings apply globally to all products that you " +"have read access to and will be sent to you only." +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "" +"If you want only notifications for certain products you should disable " +"everything here and enable notifications on those products." +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "These template template" +msgstr "" + +#: dojo/templates/dojo/notifications.html +#: dojo/templates/notifications/msteams/other.tpl +msgid "Event" +msgstr "" + +#: dojo/templates/dojo/notifications.html +#: dojo/templates/dojo/view_product_details.html +msgid "Slack" +msgstr "" + +#: dojo/templates/dojo/notifications.html +msgid "Microsoft Teams" +msgstr "" + +#: dojo/templates/dojo/notifications.html +#: dojo/templates/dojo/view_product_details.html +msgid "Mail" +msgstr "" + +#: dojo/templates/dojo/notifications.html +#: dojo/templates/dojo/view_product_details.html +msgid "Alert" +msgstr "" + +#: dojo/templates/dojo/paging_snippet.html +#, python-format +msgid "" +"\n" +" Showing entries %(start_index)s to %(end_index)s of %(count)s\n" +" " +msgstr "" + +#: dojo/templates/dojo/paging_snippet.html +msgid "Page Size" +msgstr "" + +#: dojo/templates/dojo/paging_snippet.html +msgid "Toggle Dropdown" +msgstr "" + +#: dojo/templates/dojo/paging_snippet.html +msgid "All" +msgstr "" + +#: dojo/templates/dojo/password_reset.html +#: dojo/templates/dojo/password_reset_complete.html +#: dojo/templates/dojo/password_reset_done.html +msgid "Password reset" +msgstr "" + +#: dojo/templates/dojo/password_reset.html +msgid "" +"Forgotten your password? Enter your email address below, and we’ll email " +"instructions for setting a new one." +msgstr "" + +#: dojo/templates/dojo/password_reset.html +msgid "Reset my password" +msgstr "" + +#: dojo/templates/dojo/password_reset_complete.html +msgid "Your password has been set. You may go ahead and log in now." +msgstr "" + +#: dojo/templates/dojo/password_reset_complete.html +msgid "Log in" +msgstr "" + +#: dojo/templates/dojo/password_reset_confirm.html +msgid "Password reset confirmation" +msgstr "" + +#: dojo/templates/dojo/password_reset_confirm.html +msgid "" +"Please enter your new password twice so we can verify you typed it in " +"correctly." +msgstr "" + +#: dojo/templates/dojo/password_reset_confirm.html +msgid "Change my password" +msgstr "" + +#: dojo/templates/dojo/password_reset_confirm.html +msgid "" +"The password reset link was invalid, possibly because it has already been " +"used. Please request a new password reset." +msgstr "" + +#: dojo/templates/dojo/password_reset_done.html +msgid "" +"We’ve emailed you instructions for setting your password, if an account " +"exists with the email you entered. You should receive them shortly." +msgstr "" + +#: dojo/templates/dojo/product_type.html +msgid "Product count" +msgstr "" + +#: dojo/templates/dojo/product_type.html +msgid "Active (Verified) findings" +msgstr "" + +#: dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/view_product_type.html +msgid "Critical product" +msgstr "" + +#: dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/view_product_type.html +msgid "Key product" +msgstr "" + +#: dojo/templates/dojo/product_type.html dojo/templates/dojo/users.html +#: dojo/templates/dojo/view_user.html +#: dojo/templates/notifications/msteams/other.tpl +#: dojo/templates/notifications/msteams/sla_breach.tpl +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "View" +msgstr "" + +#: dojo/templates/dojo/product_type.html +#: dojo/templates/dojo/view_product_type.html +msgid "Product Type Report" +msgstr "" + +#: dojo/templates/dojo/product_type.html +msgid "No product types found." +msgstr "" + +#: dojo/templates/dojo/profile.html +#, python-format +msgid " User Profile - %(full_name)s" +msgstr "" + +#: dojo/templates/dojo/profile.html +msgid "Last Login:" +msgstr "" + +#: dojo/templates/dojo/profile.html +msgid "Date Joined:" +msgstr "" + +#: dojo/templates/dojo/profile.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Add Groups" +msgstr "" + +#: dojo/templates/dojo/profile.html +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Group" +msgstr "" + +#: dojo/templates/dojo/profile.html dojo/templates/dojo/view_user.html +msgid "No group members found." +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Generate Metrics For Selected Period" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +#, python-format +msgid "" +"Finding Information For Period of %(start_date)s - %(end_date)s\n" +" " +msgstr "" + +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_metrics.html +msgid "View Details" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Total Security Bug Count In Period" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Total Security Bugs Opened In Period" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Total Security Bugs Closed In Period" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Trending Total Bug Count By Month" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Month" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Opened in Month" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Open to Date" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Total Closed" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Closed findings may have been opened outside of requested period." +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Top 10 By Bug Severity" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +#, python-format +msgid "%(pt)s Open Findings" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "No." +msgstr "" + +#: dojo/templates/dojo/pt_counts.html dojo/templates/dojo/simple_search.html +msgid "Name" +msgstr "" + +#: dojo/templates/dojo/pt_counts.html +msgid "Age" +msgstr "" + +#: dojo/templates/dojo/simple_metrics.html +msgid "Generate Metrics For Selected Month/Year" +msgstr "" + +#: dojo/templates/dojo/simple_metrics.html +msgid "Opened This Month" +msgstr "" + +#: dojo/templates/dojo/simple_metrics.html +msgid "Closed This Month" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "" +"This simple search function will return results whose findings or finding " +"templates\n" +" title, URL, description, endpoints, " +"tags, references, languages or technologies contain the search query and " +"products whose\n" +" name, tags or description contain the " +"search query.
    Advanced search operators: (Restrict results to a certain " +"type) product:,\n" +" engagement:, finding:, endpoint:, tag:, " +"language:, technology: or vulnerability_id:.\n" +" test-tags shows findings in tests that " +"are tagged with provided tag, similar for engagement-tags and product-tags.\n" +" After submitting the search query, " +"tabbed results will be displayed. The findings tab will have the possibility " +"to\n" +" to perform more finegrained filtering " +"on status fields, test type, etc." +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Vulnerability Ids" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Tests" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +#: dojo/templates/dojo/view_product_details.html +msgid "Languages" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Application Technolgies" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/msteams/engagement_added.tpl +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/msteams/scan_added.tpl +#: dojo/templates/notifications/msteams/sla_breach.tpl +#: dojo/templates/notifications/msteams/test_added.tpl +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "Engagement" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +#: dojo/templates/notifications/msteams/sla_breach.tpl +msgid "Finding" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Endpoint" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Endpoint is broken. Check documentation for look for fix process" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "No Open, Active Findings" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Language" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Technology" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Item" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Finding Template" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "ID" +msgstr "" + +#: dojo/templates/dojo/simple_search.html +msgid "Rank" +msgstr "" + +#: dojo/templates/dojo/tool_type.html +msgid "Tool Types" +msgstr "" + +#: dojo/templates/dojo/tool_type.html +msgid "Add Tool Type" +msgstr "" + +#: dojo/templates/dojo/tool_type.html +msgid "No tool types found" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "First Name" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "Last Name" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "User Name" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "Email" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "Superuser" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "New User" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "Phone Number(s)" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "Last Login" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "Phone:" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "Cell:" +msgstr "" + +#: dojo/templates/dojo/users.html dojo/templates/dojo/view_user.html +msgid "Never" +msgstr "" + +#: dojo/templates/dojo/users.html +msgid "No Users" +msgstr "" + +#: dojo/templates/dojo/view_note_history.html +msgid "Note History" +msgstr "" + +#: dojo/templates/dojo/view_note_history.html +#, python-format +msgid "commented %(time)s" +msgstr "" + +#: dojo/templates/dojo/view_note_history.html +#, python-format +msgid "made changes on %(time)s" +msgstr "" + +#: dojo/templates/dojo/view_note_history.html +msgid "Note type:" +msgstr "" + +#: dojo/templates/dojo/view_note_history.html +msgid "Return" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Product Report" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "CRITICAL" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "HIGH" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "MEDIUM" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "LOW" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "INFORMATIONAL" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "TOTAL" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Technologies" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Add new Technology" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "There are no technologies." +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "There are no regulations." +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Benchmark Progress" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Complete" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "There are no benchmarks" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "Members" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "Add Users" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "User" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Role" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Product member" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "No members found." +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Product Group" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +msgid "No groups found." +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_product_type.html +#: dojo/templates/dojo/view_user.html +msgid "Metadata" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Business Criticality" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +#: dojo/templates/dojo/view_user.html +#: dojo/templates/notifications/msteams/product_type_added.tpl +msgid "Product Type" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Platform" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Lifecycle" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Origin" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "User Records" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Revenue" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "files" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "and" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "lines of code" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Custom Fields" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Contacts" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Team Manager" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Product Manager" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "Technical Contact" +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "These are your personal settings for this product." +msgstr "" + +#: dojo/templates/dojo/view_product_details.html +msgid "saving..." +msgstr "" + +#: dojo/templates/dojo/view_product_type.html +msgid "Tags" +msgstr "" + +#: dojo/templates/dojo/view_product_type.html +msgid "Criticality" +msgstr "" + +#: dojo/templates/dojo/view_product_type.html +msgid "Active (Verified) Findings" +msgstr "" + +#: dojo/templates/dojo/view_product_type.html +msgid "No products found." +msgstr "" + +#: dojo/templates/dojo/view_product_type.html +msgid "Add Product Type Group" +msgstr "" + +#: dojo/templates/dojo/view_user.html +#, python-format +msgid "User %(full_name)s" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Username" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Contact Information" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Phone Number" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Cell Number" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Twitter Username" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Github Username" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Product Type Membership" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Add Product Types" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "No product type members found." +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Product Membership" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Add Products" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "No product members found." +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Group Membership" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Block execution" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Configuration Permissions" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "Add" +msgstr "" + +#: dojo/templates/dojo/view_user.html +msgid "(saving...)" +msgstr "" + +#: dojo/templates/notifications/alert/engagement_added.tpl +#, python-format +msgid "" +"The engagement \"%(engagement.name)s\" has been created in the product " +"\"%(engagement.product)s\"." +msgstr "" + +#: dojo/templates/notifications/alert/product_added.tpl +#, python-format +msgid "The new product \"%(title)s\" has been added" +msgstr "" + +#: dojo/templates/notifications/alert/product_type_added.tpl +#, python-format +msgid "The new product type \"%(title)s\" has been added" +msgstr "" + +#: dojo/templates/notifications/alert/report_created.tpl +#, python-format +msgid "Your report \"%(report.name)s\" is ready." +msgstr "" + +#: dojo/templates/notifications/alert/sla_breach.tpl +#, python-format +msgid "" +"SLA breach alert for finding %(finding.id)s. Relative days count to SLA due " +"date: %(sla_age)s." +msgstr "" + +#: dojo/templates/notifications/alert/test_added.tpl +#, python-format +msgid "" +"New test added for engagement %(engagement.product)s: %(test.test_type)s." +msgstr "" + +#: dojo/templates/notifications/alert/upcoming_engagement.tpl +#: dojo/templates/notifications/slack/upcoming_engagement.tpl +#, python-format +msgid "" +"The engagement \"%(engagement.product)s\" is starting on " +"%(engagement.target_start)s." +msgstr "" + +#: dojo/templates/notifications/alert/user_mentioned.tpl +#, python-format +msgid "User %(user)s jotted a note on %(section)s" +msgstr "" + +#: dojo/templates/notifications/mail/engagement_added.tpl +#: dojo/templates/notifications/mail/other.tpl +#: dojo/templates/notifications/mail/product_added.tpl +#: dojo/templates/notifications/mail/product_type_added.tpl +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/mail/scan_added.tpl +#: dojo/templates/notifications/mail/sla_breach.tpl +#: dojo/templates/notifications/mail/test_added.tpl +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +#: dojo/templates/notifications/mail/user_mentioned.tpl +msgid "Hello" +msgstr "" + +#: dojo/templates/notifications/mail/engagement_added.tpl +#, python-format +msgid "" +"The engagement \"%(engagement.name)s\" has been created in the product " +"\"%(engagement.product)s\". It can be viewed here: %(product)s / %(engagement.name)s" +msgstr "" + +#: dojo/templates/notifications/mail/engagement_added.tpl +#: dojo/templates/notifications/mail/other.tpl +#: dojo/templates/notifications/mail/product_added.tpl +#: dojo/templates/notifications/mail/product_type_added.tpl +#: dojo/templates/notifications/mail/report_created.tpl +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/mail/scan_added.tpl +#: dojo/templates/notifications/mail/sla_breach.tpl +#: dojo/templates/notifications/mail/test_added.tpl +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +#: dojo/templates/notifications/mail/user_mentioned.tpl +msgid "Kind regards" +msgstr "" + +#: dojo/templates/notifications/mail/engagement_added.tpl +#: dojo/templates/notifications/mail/other.tpl +#: dojo/templates/notifications/mail/product_added.tpl +#: dojo/templates/notifications/mail/product_type_added.tpl +#: dojo/templates/notifications/mail/report_created.tpl +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/mail/scan_added.tpl +#: dojo/templates/notifications/mail/sla_breach.tpl +#: dojo/templates/notifications/mail/test_added.tpl +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +#: dojo/templates/notifications/mail/user_mentioned.tpl +msgid "You can manage your notification settings here" +msgstr "" + +#: dojo/templates/notifications/mail/engagement_added.tpl +#: dojo/templates/notifications/mail/other.tpl +#: dojo/templates/notifications/mail/product_added.tpl +#: dojo/templates/notifications/mail/product_type_added.tpl +#: dojo/templates/notifications/mail/report_created.tpl +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/mail/scan_added.tpl +#: dojo/templates/notifications/mail/sla_breach.tpl +#: dojo/templates/notifications/mail/test_added.tpl +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +#: dojo/templates/notifications/mail/user_mentioned.tpl +#: dojo/templates/notifications/msteams/engagement_added.tpl +#: dojo/templates/notifications/msteams/other.tpl +#: dojo/templates/notifications/msteams/product_added.tpl +#: dojo/templates/notifications/msteams/product_type_added.tpl +#: dojo/templates/notifications/msteams/report_created.tpl +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/msteams/scan_added.tpl +#: dojo/templates/notifications/msteams/sla_breach.tpl +#: dojo/templates/notifications/msteams/test_added.tpl +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +#: dojo/templates/notifications/msteams/user_mentioned.tpl +#: dojo/templates/notifications/slack/engagement_added.tpl +#: dojo/templates/notifications/slack/other.tpl +#: dojo/templates/notifications/slack/product_added.tpl +#: dojo/templates/notifications/slack/product_type_added.tpl +#: dojo/templates/notifications/slack/report_created.tpl +#: dojo/templates/notifications/slack/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/slack/scan_added.tpl +#: dojo/templates/notifications/slack/sla_breach.tpl +#: dojo/templates/notifications/slack/test_added.tpl +#: dojo/templates/notifications/slack/upcoming_engagement.tpl +#: dojo/templates/notifications/slack/user_mentioned.tpl +msgid "Disclaimer" +msgstr "" + +#: dojo/templates/notifications/mail/forgot_password.tpl +#, python-format +msgid "" +"You're receiving this email because you requested a password reset for your " +"user account at %(site_name)s." +msgstr "" + +#: dojo/templates/notifications/mail/forgot_password.tpl +msgid "Please go to the following page and choose a new password:" +msgstr "" + +#: dojo/templates/notifications/mail/forgot_password.tpl +#, python-format +msgid "The link above expires on: %(link_expiration_date)s" +msgstr "" + +#: dojo/templates/notifications/mail/forgot_password.tpl +#: dojo/templates/notifications/mail/forgot_username.tpl +msgid "Thanks for using our site!" +msgstr "" + +#: dojo/templates/notifications/mail/forgot_password.tpl +#: dojo/templates/notifications/mail/forgot_username.tpl +#, python-format +msgid "The %(site_name)s team" +msgstr "" + +#: dojo/templates/notifications/mail/forgot_username.tpl +#, python-format +msgid "" +"You're receiving this email because you requested your username for your " +"user account at %(site_name)s." +msgstr "" + +#: dojo/templates/notifications/mail/forgot_username.tpl +msgid "Here is your username:" +msgstr "" + +#: dojo/templates/notifications/mail/other.tpl +#: dojo/templates/notifications/slack/other.tpl +#, python-format +msgid "More information on this event can be found here: %(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/mail/product_added.tpl +#, python-format +msgid "" +"The new product \"%(title)s\" has been added. It can be viewed here: %(title)s" +msgstr "" + +#: dojo/templates/notifications/mail/product_type_added.tpl +#, python-format +msgid "" +"The new product type \"%(title)s\" has been added. It can be viewed here: %(title)s" +msgstr "" + +#: dojo/templates/notifications/mail/report_created.tpl +msgid "Greetings" +msgstr "" + +#: dojo/templates/notifications/mail/report_created.tpl +#: dojo/templates/notifications/slack/report_created.tpl +#, python-format +msgid "" +"Your report \"%(report.name)s\" is ready. It can be downloaded here: " +"%(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#, python-format +msgid "" +"Risk acceptance " +"%(risk_acceptance)s with " +"%(risk_acceptance.accepted_findings.all| length)s has expired " +"%(risk_acceptance.expiration_date_handled|date)s" +msgstr "" + +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +#, python-format +msgid "" +"Risk acceptance " +"%(risk_acceptance)s with " +"%(risk_acceptance.accepted_findings.all| length)s will expire " +"%(risk_acceptance.expiration_date|date)s" +msgstr "" + +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +msgid "Findings have been reactivated

    " +msgstr "" + +#: dojo/templates/notifications/mail/risk_acceptance_expiration.tpl +msgid "Findings SLA start date have been reset

    " +msgstr "" + +#: dojo/templates/notifications/mail/scan_added.tpl +#, python-format +msgid "" +"%(finding_count)s findings have been updated for while a scan was uploaded" +msgstr "" + +#: dojo/templates/notifications/mail/scan_added.tpl +msgid "New findings" +msgstr "" + +#: dojo/templates/notifications/mail/scan_added.tpl +msgid "Reactivated findings" +msgstr "" + +#: dojo/templates/notifications/mail/scan_added.tpl +msgid "Closed findings" +msgstr "" + +#: dojo/templates/notifications/mail/scan_added.tpl +msgid "Untouched findings" +msgstr "" + +#: dojo/templates/notifications/mail/sla_breach.tpl +#, python-format +msgid "This security finding has breached its SLA. - Day(s) overdue: %(sla)s" +msgstr "" + +#: dojo/templates/notifications/mail/sla_breach.tpl +#, python-format +msgid "" +"A security finding is about to breach its SLA. - Day(s) remaining: %(sla)s" +msgstr "" + +#: dojo/templates/notifications/mail/sla_breach.tpl +msgid "Please refer to your SLA documentation for further guidance" +msgstr "" + +#: dojo/templates/notifications/mail/test_added.tpl +#, python-format +msgid "" +"A new test has been added: %(product)s / %(engagement.name)s / %(test)s
    Finding details in the " +"'scan_added' email, which is a separate notification (for now)." +msgstr "" + +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +#, python-format +msgid "" +"this is a reminder that the engagement \"%(engagement.product)s\" is about " +"to start shortly." +msgstr "" + +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +msgid "Project start" +msgstr "" + +#: dojo/templates/notifications/mail/upcoming_engagement.tpl +msgid "Project end" +msgstr "" + +#: dojo/templates/notifications/mail/user_mentioned.tpl +#, python-format +msgid "" +"User %(user)s jotted a note on %(section)s:

    %(note)s

    " +"It can be reviewed at %(url)s" +msgstr "" + +#: dojo/templates/notifications/msteams/engagement_added.tpl +msgid "Engagement added" +msgstr "" + +#: dojo/templates/notifications/msteams/engagement_added.tpl +msgid "A new engagement has been added" +msgstr "" + +#: dojo/templates/notifications/msteams/engagement_added.tpl +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "View Engagement" +msgstr "" + +#: dojo/templates/notifications/msteams/product_added.tpl +msgid "Product Added" +msgstr "" + +#: dojo/templates/notifications/msteams/product_added.tpl +msgid "A new product has been added" +msgstr "" + +#: dojo/templates/notifications/msteams/product_added.tpl +msgid "View Product" +msgstr "" + +#: dojo/templates/notifications/msteams/product_type_added.tpl +msgid "Product Type Added" +msgstr "" + +#: dojo/templates/notifications/msteams/product_type_added.tpl +msgid "A new product type has been added" +msgstr "" + +#: dojo/templates/notifications/msteams/report_created.tpl +msgid "Report created" +msgstr "" + +#: dojo/templates/notifications/msteams/report_created.tpl +msgid "Report is ready for download" +msgstr "" + +#: dojo/templates/notifications/msteams/report_created.tpl +msgid "Report" +msgstr "" + +#: dojo/templates/notifications/msteams/report_created.tpl +msgid "Download" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/slack/risk_acceptance_expiration.tpl +msgid "Risk Acceptance Expired" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#: dojo/templates/notifications/slack/risk_acceptance_expiration.tpl +msgid "Risk Acceptance Will Expire Soon" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#, python-format +msgid "" +"Risk acceptance %(risk_acceptance)s with " +"%(risk_acceptance.accepted_findings.all| length)s has expired " +"%(risk_acceptance.expiration_date_handled|date)s" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +#, python-format +msgid "" +"Risk acceptance %(risk_acceptance)s with " +"%(risk_acceptance.accepted_findings.all| length)s will expire " +"%(risk_acceptance.expiration_date|date)s" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +msgid "Risk Acceptance" +msgstr "" + +#: dojo/templates/notifications/msteams/risk_acceptance_expiration.tpl +msgid "View Risk Acceptance" +msgstr "" + +#: dojo/templates/notifications/msteams/scan_added.tpl +msgid "A new scan has been added" +msgstr "" + +#: dojo/templates/notifications/msteams/scan_added.tpl +msgid "Scan" +msgstr "" + +#: dojo/templates/notifications/msteams/scan_added.tpl +#: dojo/templates/notifications/msteams/test_added.tpl +msgid "View Test" +msgstr "" + +#: dojo/templates/notifications/msteams/sla_breach.tpl +msgid "SLA breached" +msgstr "" + +#: dojo/templates/notifications/msteams/sla_breach.tpl +msgid "A SLA for a finding has been breached" +msgstr "" + +#: dojo/templates/notifications/msteams/sla_breach.tpl +msgid "SLA age" +msgstr "" + +#: dojo/templates/notifications/msteams/test_added.tpl +msgid "Test added" +msgstr "" + +#: dojo/templates/notifications/msteams/test_added.tpl +msgid "A new test has been added" +msgstr "" + +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "Engagement is starting" +msgstr "" + +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "An Engagement is starting" +msgstr "" + +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "Start date" +msgstr "" + +#: dojo/templates/notifications/msteams/upcoming_engagement.tpl +msgid "End date" +msgstr "" + +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "User Mentioned" +msgstr "" + +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "A user has been mentioned" +msgstr "" + +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "Section" +msgstr "" + +#: dojo/templates/notifications/msteams/user_mentioned.tpl +msgid "note" +msgstr "" + +#: dojo/templates/notifications/slack/engagement_added.tpl +#, python-format +msgid "" +"The engagement \"%(engagement.name)s\" has been created in the product " +"\"%(engagement.product)s\". It can be viewed here: %(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/product_added.tpl +#, python-format +msgid "" +"The new product \"%(title)s\" has been added. It can be viewed here: " +"%(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/product_type_added.tpl +#, python-format +msgid "" +"The new product type \"%(title)s\" has been added. It can be viewed here: " +"%(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/risk_acceptance_expiration.tpl +#, python-format +msgid "Risk Acceptance can be viewed here: %(risk_acceptance_url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/scan_added.tpl +#, python-format +msgid "" +"%(test)s results have been uploaded. They can be viewed here: " +"%(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/sla_breach.tpl +#, python-format +msgid "" +"SLA breach alert for finding %(finding.id)s. Relative days count to SLA due " +"date: %(sla_age)s. Title: %(finding.title)s Severity: %(finding.severity)s " +"You can find details here: %(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/test_added.tpl +#, python-format +msgid "" +"New test added for engagement %(engagement.name)s in product " +"%(engagement.product)s. Title: %(test.title)s Type: %(test.test_type)s You " +"can find details here: %(url|full_url)s" +msgstr "" + +#: dojo/templates/notifications/slack/user_mentioned.tpl +#, python-format +msgid "" +"User %(user)s jotted a note on %(section)s: %(note)s Full details of the " +"note can be reviewed at %(url)s" +msgstr "" + +#: dojo/test/views.py +msgid "Note added successfully." +msgstr "" + +#: dojo/test/views.py +msgid "Unable to reach the Google Sheet API." +msgstr "" + +#: dojo/test/views.py +msgid "Test saved." +msgstr "" + +#: dojo/test/views.py +msgid "Edit Test" +msgstr "" + +#: dojo/test/views.py +msgid "Test and relationships will be removed in the background." +msgstr "" + +#: dojo/test/views.py +msgid "Test and relationships removed." +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Deletion of %(title)s" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "The test \"%(title)s\" was deleted by %(user)s" +msgstr "" + +#: dojo/test/views.py +msgid "Delete Test" +msgstr "" + +#: dojo/test/views.py +msgid "Test Calendar" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Test: %(test_type_name)s (%(product_name)s)" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "" +"Set aside for test %(test_type_name)s, on product %(product_name)s. " +"Additional detail can be found at %(detail_url)s" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Addition of %(title)s" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Finding \"%(title)s\" was added by %(user)s" +msgstr "" + +#: dojo/test/views.py +msgid "Finding from template added successfully." +msgstr "" + +#: dojo/test/views.py +msgid "Add From Template" +msgstr "" + +#: dojo/test/views.py +msgid "" +"When re-uploading a scan, any findings not found in original scan will be " +"updated as mitigated. The process attempts to identify the differences, " +"however manual verification is highly recommended." +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Report file is too large. Maximum supported size is %(size)d MB" +msgstr "" + +#: dojo/test/views.py +#, python-format +msgid "Re-upload a %(scan_type)s" +msgstr "" + +#: dojo/tool_product/views.py +msgid "Product Tool Configuration Successfully Created." +msgstr "" + +#: dojo/tool_product/views.py +msgid "Tool Configurations" +msgstr "" + +#: dojo/tool_product/views.py +msgid "Tool Product Configuration Successfully Updated." +msgstr "" + +#: dojo/tool_product/views.py +msgid "Edit Product Tool Configuration" +msgstr "" + +#: dojo/tool_product/views.py +msgid "Tool Product Successfully Deleted." +msgstr "" + +#: dojo/tool_product/views.py +msgid "Delete Product Tool Configuration" +msgstr "" + +#: dojo/tool_type/views.py +msgid "Tool Type Configuration Successfully Created." +msgstr "" + +#: dojo/tool_type/views.py +msgid "New Tool Type Configuration" +msgstr "" + +#: dojo/tool_type/views.py +msgid "Tool Type successfully updated." +msgstr "" + +#: dojo/tool_type/views.py +msgid "Edit Tool Type" +msgstr "" + +#: dojo/tool_type/views.py +msgid "Tool Type List" +msgstr "" + +#: dojo/user/validators.py +#, python-brace-format +msgid "Password must be at least {minimum_length} characters long." +msgstr "" + +#: dojo/user/validators.py +#, python-brace-format +msgid "Password must be less than {maximum_length} characters long." +msgstr "" + +#: dojo/user/validators.py +msgid "Password must contain at least 1 digit, 0-9." +msgstr "" + +#: dojo/user/validators.py +msgid "Password must contain at least 1 uppercase letter, A-Z." +msgstr "" + +#: dojo/user/validators.py +msgid "Password must contain at least 1 lowercase letter, a-z." +msgstr "" + +#: dojo/user/validators.py +msgid "" +"The password must contain at least 1 special character, ()[]{}|\\`~!@#$%^&*_-" +"+=;:'\",<>./?." +msgstr "" + +#: dojo/user/views.py +msgid "" +"Hello {name}! Your last login was {naturaltime(last_login)} ({last_login." +"strftime(\"%Y-%m-%d %I:%M:%S %p\")})" +msgstr "" + +#: dojo/user/views.py +msgid "API Key generated successfully." +msgstr "" + +#: dojo/user/views.py +msgid "You have logged out successfully." +msgstr "" + +#: dojo/user/views.py +msgid "Alerts removed." +msgstr "" + +#: dojo/user/views.py +msgid "Only superusers are allowed to change their global role." +msgstr "" + +#: dojo/user/views.py +msgid "Profile updated successfully." +msgstr "" + +#: dojo/user/views.py +#, python-format +msgid "User Profile - %(user_full_name)s" +msgstr "" + +#: dojo/user/views.py +msgid "Your password has been changed." +msgstr "" + +#: dojo/user/views.py +msgid "All Users" +msgstr "" + +#: dojo/user/views.py +msgid "Add User" +msgstr "" + +#: dojo/user/views.py +msgid "Only superusers are allowed to add superusers. User was not saved." +msgstr "" + +#: dojo/user/views.py +msgid "" +"Only superusers are allowed to add users with a global role. User was not " +"saved." +msgstr "" + +#: dojo/user/views.py +msgid "User added successfully." +msgstr "" + +#: dojo/user/views.py +msgid "User was not added successfully." +msgstr "" + +#: dojo/user/views.py +msgid "View User" +msgstr "" + +#: dojo/user/views.py +msgid "Edit User" +msgstr "" + +#: dojo/user/views.py +msgid "Only superusers are allowed to edit superusers. User was not saved." +msgstr "" + +#: dojo/user/views.py +msgid "" +"Only superusers are allowed to edit users with a global role. User was not " +"saved." +msgstr "" + +#: dojo/user/views.py +msgid "User saved successfully." +msgstr "" + +#: dojo/user/views.py +msgid "User was not saved successfully." +msgstr "" + +#: dojo/user/views.py +msgid "You may not delete yourself." +msgstr "" + +#: dojo/user/views.py +msgid "Only superusers are allowed to delete superusers. User was not removed." +msgstr "" + +#: dojo/user/views.py +msgid "" +"Only superusers are allowed to delete users with a global role. User was not " +"removed." +msgstr "" + +#: dojo/user/views.py +msgid "User and relationships removed." +msgstr "" + +#: dojo/user/views.py +#, python-format +msgid "User cannot be deleted: %(error)s" +msgstr "" + +#: dojo/user/views.py +msgid "Groups added successfully." +msgstr "" + +#: dojo/user/views.py +msgid "Add Group Member" +msgstr "" + +#: dojo/user/views.py +msgid "Permissions updated." +msgstr "" + +#: dojo/utils.py +msgid "Home" +msgstr "" diff --git a/dojo/management/commands/create_endpoint_status.py b/dojo/management/commands/create_endpoint_status.py deleted file mode 100644 index d672d9f50e5..00000000000 --- a/dojo/management/commands/create_endpoint_status.py +++ /dev/null @@ -1,47 +0,0 @@ -from django.core.management.base import BaseCommand -from django.db.models import Count -from dojo.models import Finding, Endpoint_Status - - -""" -Author: Cody Maffucci -This script will create endpoint status objects for findings and endpoints for -databases that already contain those objects. This script should only be run when -upgrading to 1.7.0>= as it is unnecessary for fresh installs -""" - - -class Command(BaseCommand): - help = 'Create status objects for Endpoints for easier tracking' - - def handle(self, *args, **options): - # Get a list of findings that have endpoints - findings = Finding.objects.annotate(count=Count('endpoints')).filter(count__gt=0) - for finding in findings: - # Get the list of endpoints on the current finding - endpoints = finding.endpoints.all() - for endpoint in endpoints: - # Superflous error checking - try: - # Create a new status for each endpoint - status, created = Endpoint_Status.objects.get_or_create( - finding=finding, - endpoint=endpoint, - ) - # Check if the status object was created, otherwise, there is nothing to do - if created: - status.date = finding.date - # If the parent endpoint was mitigated with the old system, - # reflect the same on the endpoint status object - if endpoint.mitigated: - status.mitigated = True - status.mitigated_by = finding.reporter - # Save the status object with at least one updated field - status.save() - # Attach the status to the endpoint and finding - endpoint.endpoint_status.add(status) - finding.endpoint_status.add(status) - except Exception as e: - # Something wild happened - print(e) - pass diff --git a/dojo/management/commands/csv_findings_export.py b/dojo/management/commands/csv_findings_export.py index 009e57cbd80..80c2e2b591e 100644 --- a/dojo/management/commands/csv_findings_export.py +++ b/dojo/management/commands/csv_findings_export.py @@ -26,10 +26,6 @@ def handle(self, *args, **options): findings = Finding.objects.filter(verified=True, active=True).select_related( "test__engagement__product") - opts = findings.model._meta - model = findings.model - - model = findings.model writer = csv.writer(open(file_path, 'w')) headers = [] diff --git a/dojo/management/commands/fix_broken_endpoint_status.py b/dojo/management/commands/fix_broken_endpoint_status.py new file mode 100644 index 00000000000..85c2463b3a6 --- /dev/null +++ b/dojo/management/commands/fix_broken_endpoint_status.py @@ -0,0 +1,15 @@ +from django.core.management.base import BaseCommand +from django.apps import apps +from dojo.endpoint.utils import remove_broken_endpoint_statuses + +import logging + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + + help = 'Usage: manage.py remove_broken_endpoint_statuses.py' + + def handle(self, *args, **options): + remove_broken_endpoint_statuses(apps=apps) diff --git a/dojo/management/commands/import_github_languages.py b/dojo/management/commands/import_github_languages.py index 2ac54aa6336..b92ff7921f7 100644 --- a/dojo/management/commands/import_github_languages.py +++ b/dojo/management/commands/import_github_languages.py @@ -33,7 +33,7 @@ def handle(self, *args, **options): try: language_type, created = Language_Type.objects.get_or_create(language=name) except Language_Type.MultipleObjectsReturned: - logger.warn('Language_Type {} exists multiple times'.format(name)) + logger.warning('Language_Type {} exists multiple times'.format(name)) continue if created: diff --git a/dojo/management/commands/initialize_permissions.py b/dojo/management/commands/initialize_permissions.py new file mode 100644 index 00000000000..61630eef2f1 --- /dev/null +++ b/dojo/management/commands/initialize_permissions.py @@ -0,0 +1,32 @@ +import logging +from django.core.management.base import BaseCommand +from django.contrib.contenttypes.models import ContentType +from django.contrib.auth.models import Permission + + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + """ + This management command creates non-standard Django permissions + """ + help = 'Usage: manage.py initialize_permissions' + + def handle(self, *args, **options): + try: + content_type_system_settings = ContentType.objects.get(app_label='dojo', model='system_settings') + google_permission = Permission.objects.filter(content_type=content_type_system_settings, + codename='change_google_sheet').count() + if google_permission == 0: + Permission.objects.create( + name='Can change Google Sheet', + content_type=content_type_system_settings, + codename='change_google_sheet' + ) + + logger.info('Non-standard permissions have been created') + except ContentType.DoesNotExist: + logger.warning('No content type found for dojo.system_settings') + except ContentType.MultipleObjectsReturned: + logger.warning('Multiple content types found for dojo.system_settings') diff --git a/dojo/management/commands/initialize_test_types.py b/dojo/management/commands/initialize_test_types.py index f4937120c3e..992e5e9105c 100644 --- a/dojo/management/commands/initialize_test_types.py +++ b/dojo/management/commands/initialize_test_types.py @@ -12,4 +12,6 @@ def handle(self, *args, **options): Test_Type.objects.get_or_create(name=scan_type) parser = PARSERS[scan_type] if hasattr(parser, 'requires_tool_type'): - Tool_Type.objects.get_or_create(name=parser.requires_tool_type(scan_type)) + tool_type = parser.requires_tool_type(scan_type) + if tool_type: + Tool_Type.objects.get_or_create(name=tool_type) diff --git a/dojo/management/commands/jira_status_reconciliation.py b/dojo/management/commands/jira_status_reconciliation.py index 9708a0f76ce..2b175cd9406 100644 --- a/dojo/management/commands/jira_status_reconciliation.py +++ b/dojo/management/commands/jira_status_reconciliation.py @@ -143,7 +143,7 @@ def jira_status_reconciliation(*args, **kwargs): if action == 'import_status_from_jira': message_action = 'deactivating' if find.active else 'reactivating' - status_changed = jira_helper.process_resolution_from_jira(find, resolution_id, resolution_name, assignee_name, issue_from_jira.fields.updated) if not dryrun else 'dryrun' + status_changed = jira_helper.process_resolution_from_jira(find, resolution_id, resolution_name, assignee_name, issue_from_jira.fields.updated, find.jira_issue) if not dryrun else 'dryrun' if status_changed: message = '%s; %s/finding/%d;%s;%s;%s;%s;%s;%s;%s;%s;%s;%s;%s;%s finding in defectdojo;%s' % \ (find.jira_issue.jira_key, settings.SITE_URL, find.id, find.status(), resolution_name, flag1, flag2, flag3, diff --git a/dojo/management/commands/migrate_cve.py b/dojo/management/commands/migrate_cve.py new file mode 100644 index 00000000000..739f78f7d07 --- /dev/null +++ b/dojo/management/commands/migrate_cve.py @@ -0,0 +1,57 @@ +import logging + +from django.core.management.base import BaseCommand + +from dojo.models import ( + Finding, + Finding_Template, + Vulnerability_Id, + Vulnerability_Id_Template, +) +from dojo.utils import mass_model_updater + +logger = logging.getLogger(__name__) + + +def create_vulnerability_id(finding): + Vulnerability_Id.objects.get_or_create( + finding=finding, vulnerability_id=finding.cve + ) + + +def create_vulnerability_id_template(finding_template): + Vulnerability_Id_Template.objects.get_or_create( + finding_template=finding_template, vulnerability_id=finding_template.cve + ) + + +class Command(BaseCommand): + """ + This management command creates vulnerability ids for all findings / findings_templates with cve's. + """ + + help = "Usage: manage.py migrate_cve" + + def handle(self, *args, **options): + + logger.info("Starting migration of cves for Findings") + findings = Finding.objects.filter(cve__isnull=False) + mass_model_updater( + Finding, + findings, + lambda f: create_vulnerability_id(f), + fields=None, + page_size=100, + log_prefix="creating vulnerability ids: ", + ) + + logger.info("Starting migration of cves for Finding_Templates") + finding_templates = Finding_Template.objects.filter(cve__isnull=False) + mass_model_updater( + Finding_Template, + finding_templates, + lambda f: create_vulnerability_id_template(f), + fields=None, + page_size=100, + log_prefix="creating vulnerability ids: ", + ) diff --git a/dojo/management/commands/migrate_staff_users.py b/dojo/management/commands/migrate_staff_users.py new file mode 100644 index 00000000000..ce9e82b1029 --- /dev/null +++ b/dojo/management/commands/migrate_staff_users.py @@ -0,0 +1,92 @@ +import logging +import sys +from django.core.management.base import BaseCommand +from django.contrib.auth.models import Permission + +from dojo.models import Dojo_Group, Dojo_Group_Member, Dojo_User, Role + + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + """ + This management command creates a group for staff users with all configuration + permissions staff users had in previous releases. + """ + help = 'Usage: manage.py migrate_staff_users' + + def handle(self, *args, **options): + + # If group already exists, then the migration has been running before + group_name = 'Staff users' + groups = Dojo_Group.objects.filter(name=group_name).count() + if groups > 0: + sys.exit(f'Group {group_name} already exists, migration aborted') + + # The superuser with the lowest id will be set as the owner of the group + users = Dojo_User.objects.filter(is_superuser=True).order_by('id') + if len(users) == 0: + sys.exit('No superuser found, migration aborted') + user = users[0] + + group = Dojo_Group(name=group_name, description='Migrated staff users') + group.save() + + owner_role = Role.objects.get(is_owner=True) + + owner = Dojo_Group_Member( + user=user, + group=group, + role=owner_role, + ) + owner.save() + + # All staff users are made to members of the group + reader_role = Role.objects.get(name='Reader') + staff_users = Dojo_User.objects.filter(is_staff=True) + for staff_user in staff_users: + if staff_user != owner.user: + member = Dojo_Group_Member( + user=staff_user, + group=group, + role=reader_role, + ) + member.save() + + permissions_list = Permission.objects.all() + permissions = {} + for permission in permissions_list: + permissions[permission.codename] = permission + + # Set the same configuration permissions, staff users had in previous releases + auth_group = group.auth_group + if not auth_group: + sys.exit('Group has no auth_group, migration aborted') + + auth_group.permissions.add(permissions['view_group']) + auth_group.permissions.add(permissions['add_group']) + auth_group.permissions.add(permissions['view_development_environment']) + auth_group.permissions.add(permissions['add_development_environment']) + auth_group.permissions.add(permissions['change_development_environment']) + auth_group.permissions.add(permissions['delete_development_environment']) + auth_group.permissions.add(permissions['view_finding_template']) + auth_group.permissions.add(permissions['add_finding_template']) + auth_group.permissions.add(permissions['change_finding_template']) + auth_group.permissions.add(permissions['delete_finding_template']) + auth_group.permissions.add(permissions['view_engagement_survey']) + auth_group.permissions.add(permissions['add_engagement_survey']) + auth_group.permissions.add(permissions['change_engagement_survey']) + auth_group.permissions.add(permissions['delete_engagement_survey']) + auth_group.permissions.add(permissions['view_question']) + auth_group.permissions.add(permissions['add_question']) + auth_group.permissions.add(permissions['change_question']) + auth_group.permissions.add(permissions['delete_question']) + auth_group.permissions.add(permissions['view_test_type']) + auth_group.permissions.add(permissions['add_test_type']) + auth_group.permissions.add(permissions['change_test_type']) + auth_group.permissions.add(permissions['delete_test_type']) + auth_group.permissions.add(permissions['view_user']) + auth_group.permissions.add(permissions['add_product_type']) + + logger.info(f'Migrated {len(staff_users)} staff users') diff --git a/dojo/management/commands/migrate_surveys.py b/dojo/management/commands/migrate_surveys.py index bba80706323..25d38c028c7 100644 --- a/dojo/management/commands/migrate_surveys.py +++ b/dojo/management/commands/migrate_surveys.py @@ -39,7 +39,7 @@ def handle(self, *args, **options): # Get unique ploymorphic id for the system ctype_id = 0 # First create a temp question to pull the polymorphic_ctype_id from - created_question = TextQuestion.objects.create(optional=False, order=1, text='What is love?') + TextQuestion.objects.create(optional=False, order=1, text='What is love?') # Get the ID used in this system cursor.execute("select polymorphic_ctype_id from dojo_question;") row = cursor.fetchone() diff --git a/dojo/management/commands/rename_whitesource_findings.py b/dojo/management/commands/rename_mend_findings.py similarity index 79% rename from dojo/management/commands/rename_whitesource_findings.py rename to dojo/management/commands/rename_mend_findings.py index 370c0c9b971..4d6b87880da 100644 --- a/dojo/management/commands/rename_whitesource_findings.py +++ b/dojo/management/commands/rename_mend_findings.py @@ -14,17 +14,17 @@ class Command(BaseCommand): help = 'No input commands for dedupe findings.' def handle(self, *args, **options): - rename_whitesource_finding() + rename_mend_finding() -@app.task(name='rename_whitesource_finding_task') -def rename_whitesource_finding(): - whitesource_id = Test_Type.objects.get(name="Whitesource Scan").id - findings = Finding.objects.filter(found_by=whitesource_id) +@app.task(name='rename_mend_finding_task') +def rename_mend_finding(): + mend_id = Test_Type.objects.get(name="Mend Scan").id + findings = Finding.objects.filter(found_by=mend_id) findings = findings.order_by('-pk') logger.info("######## Updating Hashcodes - deduplication is done in the background upon finding save ########") for finding in findings: - logger.info("Updating Whitesource Finding with id: %d" % finding.id) + logger.info("Updating Mend Finding with id: %d" % finding.id) lib_name_begin = re.search('\\*\\*Library Filename\\*\\* : ', finding.description).span(0)[1] lib_name_end = re.search('\\*\\*Library Description\\*\\*', finding.description).span(0)[0] lib_name = finding.description[lib_name_begin:lib_name_end - 1] diff --git a/dojo/management/commands/test_celery_decorator.py b/dojo/management/commands/test_celery_decorator.py index e5aa548f2ad..517e280c704 100644 --- a/dojo/management/commands/test_celery_decorator.py +++ b/dojo/management/commands/test_celery_decorator.py @@ -86,7 +86,7 @@ def my_test_task(new_finding, *args, **kwargs): @app.task @dojo_model_from_id(model=Notes, parameter=1) @dojo_model_from_id -def test_valentijn_task(new_finding, note): +def test_valentijn_task(new_finding, note, **kwargs): logger.debug('test_valentijn:') logger.debug(new_finding) logger.debug(note) diff --git a/dojo/metrics/urls.py b/dojo/metrics/urls.py index 1bd02db3a25..7b2683cf6f7 100644 --- a/dojo/metrics/urls.py +++ b/dojo/metrics/urls.py @@ -1,25 +1,27 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.metrics import views urlpatterns = [ # metrics - url(r'^metrics$', views.metrics, {'mtype': 'All'}, + re_path(r'^metrics$', views.metrics, {'mtype': 'All'}, name='metrics'), - url(r'^critical_product_metrics$', views.critical_product_metrics, {'mtype': 'All'}, + re_path(r'^critical_product_metrics$', views.critical_product_metrics, {'mtype': 'All'}, name='critical_product_metrics'), - url(r'^metrics/all$', views.metrics, {'mtype': 'All'}, + re_path(r'^metrics/all$', views.metrics, {'mtype': 'All'}, name='metrics_all'), - url(r'^metrics/product/type$', views.metrics, {'mtype': 'All'}, + re_path(r'^metrics/product/type$', views.metrics, {'mtype': 'All'}, name='metrics_product_type'), - url(r'^metrics/simple$', views.simple_metrics, + re_path(r'^metrics/simple$', views.simple_metrics, name='simple_metrics'), - url(r'^metrics/product/type/(?P\d+)$', + re_path(r'^metrics/product/type/(?P\d+)$', views.metrics, name='product_type_metrics'), - url(r'^metrics/product/type/counts$', + re_path(r'^metrics/product/type/counts$', views.product_type_counts, name='product_type_counts'), - url(r'^metrics/engineer$', views.engineer_metrics, + re_path(r'^metrics/product/tag/counts$', + views.product_tag_counts, name='product_tag_counts'), + re_path(r'^metrics/engineer$', views.engineer_metrics, name='engineer_metrics'), - url(r'^metrics/engineer/(?P\d+)$', views.view_engineer, + re_path(r'^metrics/engineer/(?P\d+)$', views.view_engineer, name='view_engineer'), ] diff --git a/dojo/metrics/views.py b/dojo/metrics/views.py index 12b5884d002..4d9236fb58a 100644 --- a/dojo/metrics/views.py +++ b/dojo/metrics/views.py @@ -21,7 +21,7 @@ from django.utils import timezone from dojo.filters import MetricsFindingFilter, UserFilter, MetricsEndpointFilter -from dojo.forms import SimpleMetricsForm, ProductTypeCountsForm +from dojo.forms import SimpleMetricsForm, ProductTypeCountsForm, ProductTagCountsForm from dojo.models import Product_Type, Finding, Product, Engagement, Test, \ Risk_Acceptance, Dojo_User, Endpoint_Status from dojo.utils import get_page_items, add_breadcrumb, findings_this_period, opened_in_period, count_findings, \ @@ -34,6 +34,7 @@ from dojo.finding.queries import get_authorized_findings from dojo.endpoint.queries import get_authorized_endpoint_status from dojo.authorization.authorization import user_has_permission_or_403 +from django.utils.translation import gettext as _ logger = logging.getLogger(__name__) @@ -46,7 +47,7 @@ def critical_product_metrics(request, mtype): template = 'dojo/metrics.html' - page_name = 'Critical Product Metrics' + page_name = _('Critical Product Metrics') critical_products = get_authorized_product_types(Permissions.Product_Type_View) critical_products = critical_products.filter(critical_product=True) add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) @@ -58,45 +59,51 @@ def critical_product_metrics(request, mtype): def get_date_range(objects): + tz = timezone.get_current_timezone() + start_date = objects.earliest('date').date - start_date = datetime(start_date.year, - start_date.month, start_date.day, - tzinfo=timezone.get_current_timezone()) + start_date = datetime(start_date.year, start_date.month, start_date.day, + tzinfo=tz) end_date = objects.latest('date').date - end_date = datetime(end_date.year, - end_date.month, end_date.day, - tzinfo=timezone.get_current_timezone()) + end_date = datetime(end_date.year, end_date.month, end_date.day, + tzinfo=tz) - return (start_date, end_date) + return start_date, end_date def severity_count(queryset, method, expression): total_expression = expression + '__in' return getattr(queryset, method)( total=Sum( - Case(When(**{total_expression: ('Critical', 'High', 'Medium', 'Low')}, - then=Value(1)), - output_field=IntegerField())), + Case(When(**{total_expression: ('Critical', 'High', 'Medium', 'Low', 'Info')}, + then=Value(1)), + output_field=IntegerField(), + default=0)), critical=Sum( Case(When(**{expression: 'Critical'}, - then=Value(1)), - output_field=IntegerField())), + then=Value(1)), + output_field=IntegerField(), + default=0)), high=Sum( Case(When(**{expression: 'High'}, - then=Value(1)), - output_field=IntegerField())), + then=Value(1)), + output_field=IntegerField(), + default=0)), medium=Sum( Case(When(**{expression: 'Medium'}, - then=Value(1)), - output_field=IntegerField())), + then=Value(1)), + output_field=IntegerField(), + default=0)), low=Sum( Case(When(**{expression: 'Low'}, - then=Value(1)), - output_field=IntegerField())), + then=Value(1)), + output_field=IntegerField(), + default=0)), info=Sum( Case(When(**{expression: 'Info'}, - then=Value(1)), - output_field=IntegerField())), + then=Value(1)), + output_field=IntegerField(), + default=0)), ) @@ -105,14 +112,16 @@ def identify_view(request): view = get_data.get('type', None) if view: return view - else: - if get_data.get('finding__severity', None): - return 'Endpoint' - elif get_data.get('false_positive', None): - return 'Endpoint' + + finding_severity = get_data.get('finding__severity', None) + false_positive = get_data.get('false_positive', None) + referer = request.META.get('HTTP_REFERER', None) - if referer and referer.find('type=Endpoint') > -1: + endpoint_in_referer = referer and referer.find('type=Endpoint') > -1 + + if finding_severity or false_positive or endpoint_in_referer: return 'Endpoint' + return 'Finding' @@ -133,48 +142,19 @@ def finding_querys(prod_type, request): findings_query = get_authorized_findings(Permissions.Finding_View, findings_query, request.user) - active_findings_query = Finding.objects.filter( - verified=True, - active=True, - severity__in=('Critical', 'High', 'Medium', 'Low', 'Info') - ).select_related( - 'reporter', - 'test', - 'test__engagement__product', - 'test__engagement__product__prod_type', - ).prefetch_related( - 'risk_acceptance_set', - 'test__engagement__risk_acceptance', - 'test__test_type', - ) - - active_findings_query = get_authorized_findings(Permissions.Finding_View, active_findings_query, request.user) - findings = MetricsFindingFilter(request.GET, queryset=findings_query) - active_findings = MetricsFindingFilter(request.GET, queryset=active_findings_query) - findings_qs = queryset_check(findings) - active_findings_qs = queryset_check(active_findings) if not findings_qs and not findings_query: findings = findings_query - active_findings = active_findings_query findings_qs = findings if isinstance(findings, QuerySet) else findings.qs - active_findings_qs = active_findings if isinstance(active_findings, QuerySet) else active_findings.qs messages.add_message(request, messages.ERROR, - 'All objects have been filtered away. Displaying all objects', + _('All objects have been filtered away. Displaying all objects'), extra_tags='alert-danger') try: - start_date = findings_qs.earliest('date').date - start_date = datetime(start_date.year, - start_date.month, start_date.day, - tzinfo=timezone.get_current_timezone()) - end_date = findings_qs.latest('date').date - end_date = datetime(end_date.year, - end_date.month, end_date.day, - tzinfo=timezone.get_current_timezone()) + start_date, end_date = get_date_range(findings_qs) except: start_date = timezone.now() end_date = timezone.now() @@ -212,11 +192,10 @@ def finding_querys(prod_type, request): if weeks_between <= 0: weeks_between += 2 - monthly_counts = get_period_counts(active_findings_qs, findings_qs, findings_closed, accepted_findings, months_between, start_date, + monthly_counts = get_period_counts(findings_qs, findings_closed, accepted_findings, months_between, start_date, relative_delta='months') - weekly_counts = get_period_counts(active_findings_qs, findings_qs, findings_closed, accepted_findings, weeks_between, start_date, + weekly_counts = get_period_counts(findings_qs, findings_closed, accepted_findings, weeks_between, start_date, relative_delta='weeks') - top_ten = get_authorized_products(Permissions.Product_View) top_ten = top_ten.filter(engagement__test__finding__verified=True, engagement__test__finding__false_p=False, @@ -252,42 +231,20 @@ def endpoint_querys(prod_type, request): 'finding__reporter') endpoints_query = get_authorized_endpoint_status(Permissions.Endpoint_View, endpoints_query, request.user) - - active_endpoints_query = Endpoint_Status.objects.filter(mitigated=False, - finding__severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')).prefetch_related( - 'finding__test__engagement__product', - 'finding__test__engagement__product__prod_type', - 'finding__test__engagement__risk_acceptance', - 'finding__risk_acceptance_set', - 'finding__reporter') - - active_endpoints_query = get_authorized_endpoint_status(Permissions.Endpoint_View, active_endpoints_query, request.user) - endpoints = MetricsEndpointFilter(request.GET, queryset=endpoints_query) - active_endpoints = MetricsEndpointFilter(request.GET, queryset=active_endpoints_query) endpoints_qs = queryset_check(endpoints) - active_endpoints_qs = queryset_check(active_endpoints) if not endpoints_qs: endpoints = endpoints_query - active_endpoints = active_endpoints_query endpoints_qs = endpoints if isinstance(endpoints, QuerySet) else endpoints.qs - active_endpoints_qs = active_endpoints if isinstance(active_endpoints, QuerySet) else active_endpoints.qs messages.add_message(request, messages.ERROR, - 'All objects have been filtered away. Displaying all objects', + _('All objects have been filtered away. Displaying all objects'), extra_tags='alert-danger') try: - start_date = endpoints_qs.earliest('date').date - start_date = datetime(start_date.year, - start_date.month, start_date.day, - tzinfo=timezone.get_current_timezone()) - end_date = endpoints_qs.latest('date').date - end_date = datetime(end_date.year, - end_date.month, end_date.day, - tzinfo=timezone.get_current_timezone()) + start_date, end_date = get_date_range(endpoints_qs) except: start_date = timezone.now() end_date = timezone.now() @@ -325,15 +282,16 @@ def endpoint_querys(prod_type, request): if weeks_between <= 0: weeks_between += 2 - monthly_counts = get_period_counts(active_endpoints_qs, endpoints_qs, endpoints_closed, accepted_endpoints, months_between, start_date, + monthly_counts = get_period_counts(endpoints_qs, endpoints_closed, accepted_endpoints, months_between, start_date, relative_delta='months') - weekly_counts = get_period_counts(active_endpoints_qs, endpoints_qs, endpoints_closed, accepted_endpoints, weeks_between, start_date, + weekly_counts = get_period_counts(endpoints_qs, endpoints_closed, accepted_endpoints, weeks_between, start_date, relative_delta='weeks') top_ten = get_authorized_products(Permissions.Product_View) - top_ten = top_ten.filter(engagement__test__finding__endpoint_status__mitigated=False, - engagement__test__finding__endpoint_status__false_positive=False, - engagement__test__finding__endpoint_status__out_of_scope=False, + top_ten = top_ten.filter(engagement__test__finding__status_finding__mitigated=False, + engagement__test__finding__status_finding__false_positive=False, + engagement__test__finding__status_finding__out_of_scope=False, + engagement__test__finding__status_finding__risk_accepted=False, engagement__test__finding__severity__in=( 'Critical', 'High', 'Medium', 'Low'), prod_type__in=prod_type) @@ -425,16 +383,15 @@ def metrics(request, mtype): template = 'dojo/metrics.html' show_pt_filter = True view = identify_view(request) - page_name = 'Product Type Metrics by ' + page_name = _('Metrics') if mtype != 'All': pt = Product_Type.objects.filter(id=mtype) request.GET._mutable = True request.GET.appendlist('test__engagement__product__prod_type', mtype) request.GET._mutable = False - mtype = pt[0].name show_pt_filter = False - page_name = '%s Metrics' % mtype + page_name = _('%(product_type)s Metrics') % {'product_type': mtype} prod_type = pt elif 'test__engagement__product__prod_type' in request.GET: prod_type = Product_Type.objects.filter(id__in=request.GET.getlist('test__engagement__product__prod_type', [])) @@ -445,10 +402,10 @@ def metrics(request, mtype): filters = dict() if view == 'Finding': - page_name += 'Findings' + page_name = _('Product Type Metrics by Findings') filters = finding_querys(prod_type, request) elif view == 'Endpoint': - page_name += 'Affected Endpoints' + page_name = _('Product Type Metrics by Affected Endpoints') filters = endpoint_querys(prod_type, request) in_period_counts, in_period_details, age_detail = get_in_period_details([ @@ -471,7 +428,7 @@ def metrics(request, mtype): if 'view' in request.GET and 'dashboard' == request.GET['view']: punchcard, ticks = get_punchcard_data(queryset_check(filters['all']), filters['start_date'], filters['weeks_between'], view) - page_name = (get_system_setting('team_name')) + " Metrics" + page_name = _('%(team_name)s Metrics') % {'team_name': get_system_setting('team_name')} template = 'dojo/dashboard-metrics.html' add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) @@ -510,6 +467,7 @@ def metrics(request, mtype): @cache_page(60 * 5) # cache for 5 minutes @vary_on_cookie def simple_metrics(request): + page_name = _('Simple Metrics') now = timezone.now() if request.method == 'POST': @@ -576,11 +534,11 @@ def simple_metrics(request): findings_by_product_type[pt] = findings_broken_out - add_breadcrumb(title="Simple Metrics", top_level=True, request=request) + add_breadcrumb(title=page_name, top_level=True, request=request) return render(request, 'dojo/simple_metrics.html', { 'findings': findings_by_product_type, - 'name': 'Simple Metrics', + 'name': page_name, 'metric': True, 'user': request.user, 'form': form, @@ -628,13 +586,13 @@ def product_type_counts(request): end_date.month, end_date.day, tzinfo=timezone.get_current_timezone()) - oip = opened_in_period(start_date, end_date, pt) + oip = opened_in_period(start_date, end_date, test__engagement__product__prod_type=pt) # trending data - 12 months for x in range(12, 0, -1): opened_in_period_list.append( opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x), - pt)) + test__engagement__product__prod_type=pt)) opened_in_period_list.append(oip) @@ -719,10 +677,168 @@ def product_type_counts(request): for o in overall_in_pt: aip[o['numerical_severity']] = o['numerical_severity__count'] else: - messages.add_message(request, messages.ERROR, "Please choose month and year and the Product Type.", + messages.add_message(request, messages.ERROR, _("Please choose month and year and the Product Type."), + extra_tags='alert-danger') + + add_breadcrumb(title=_("Bi-Weekly Metrics"), top_level=True, request=request) + + return render(request, + 'dojo/pt_counts.html', + {'form': form, + 'start_date': start_date, + 'end_date': end_date, + 'opened_in_period': oip, + 'trending_opened': opened_in_period_list, + 'closed_in_period': cip, + 'overall_in_pt': aip, + 'all_current_in_pt': all_current_in_pt, + 'top_ten': top_ten, + 'pt': pt} + ) + + +def product_tag_counts(request): + form = ProductTagCountsForm() + opened_in_period_list = [] + oip = None + cip = None + aip = None + all_current_in_pt = None + top_ten = None + pt = None + today = timezone.now() + first_of_month = today.replace(day=1, hour=0, minute=0, second=0, microsecond=0) + mid_month = first_of_month.replace(day=15, hour=23, minute=59, second=59, microsecond=999999) + end_of_month = mid_month.replace(day=monthrange(today.year, today.month)[1], hour=23, minute=59, second=59, + microsecond=999999) + start_date = first_of_month + end_date = end_of_month + + if request.method == 'GET' and 'month' in request.GET and 'year' in request.GET and 'product_tag' in request.GET: + form = ProductTagCountsForm(request.GET) + if form.is_valid(): + prods = get_authorized_products(Permissions.Product_View) + + pt = form.cleaned_data['product_tag'] + month = int(form.cleaned_data['month']) + year = int(form.cleaned_data['year']) + first_of_month = first_of_month.replace(month=month, year=year) + + month_requested = datetime(year, month, 1) + + end_of_month = month_requested.replace(day=monthrange(month_requested.year, month_requested.month)[1], + hour=23, minute=59, second=59, microsecond=999999) + start_date = first_of_month + start_date = datetime(start_date.year, + start_date.month, start_date.day, + tzinfo=timezone.get_current_timezone()) + end_date = end_of_month + end_date = datetime(end_date.year, + end_date.month, end_date.day, + tzinfo=timezone.get_current_timezone()) + + oip = opened_in_period(start_date, end_date, + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods) + + # trending data - 12 months + for x in range(12, 0, -1): + opened_in_period_list.append( + opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x), + test__engagement__product__tags__name=pt, test__engagement__product__in=prods)) + + opened_in_period_list.append(oip) + + closed_in_period = Finding.objects.filter(mitigated__date__range=[start_date, end_date], + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods, + severity__in=('Critical', 'High', 'Medium', 'Low')).values( + 'numerical_severity').annotate(Count('numerical_severity')).order_by('numerical_severity') + + total_closed_in_period = Finding.objects.filter(mitigated__date__range=[start_date, end_date], + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods, + severity__in=( + 'Critical', 'High', 'Medium', 'Low')).aggregate( + total=Sum( + Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), + then=Value(1)), + output_field=IntegerField())))['total'] + + overall_in_pt = Finding.objects.filter(date__lt=end_date, + verified=True, + false_p=False, + duplicate=False, + out_of_scope=False, + mitigated__isnull=True, + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods, + severity__in=('Critical', 'High', 'Medium', 'Low')).values( + 'numerical_severity').annotate(Count('numerical_severity')).order_by('numerical_severity') + + total_overall_in_pt = Finding.objects.filter(date__lte=end_date, + verified=True, + false_p=False, + duplicate=False, + out_of_scope=False, + mitigated__isnull=True, + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods, + severity__in=('Critical', 'High', 'Medium', 'Low')).aggregate( + total=Sum( + Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), + then=Value(1)), + output_field=IntegerField())))['total'] + + all_current_in_pt = Finding.objects.filter(date__lte=end_date, + verified=True, + false_p=False, + duplicate=False, + out_of_scope=False, + mitigated__isnull=True, + test__engagement__product__tags__name=pt, + test__engagement__product__in=prods, + severity__in=( + 'Critical', 'High', 'Medium', 'Low')).prefetch_related( + 'test__engagement__product', + 'test__engagement__product__prod_type', + 'test__engagement__risk_acceptance', + 'reporter').order_by( + 'numerical_severity') + + top_ten = Product.objects.filter(engagement__test__finding__date__lte=end_date, + engagement__test__finding__verified=True, + engagement__test__finding__false_p=False, + engagement__test__finding__duplicate=False, + engagement__test__finding__out_of_scope=False, + engagement__test__finding__mitigated__isnull=True, + engagement__test__finding__severity__in=( + 'Critical', 'High', 'Medium', 'Low'), + tags__name=pt, engagement__product__in=prods) + top_ten = severity_count(top_ten, 'annotate', 'engagement__test__finding__severity').order_by('-critical', '-high', '-medium', '-low')[:10] + + cip = {'S0': 0, + 'S1': 0, + 'S2': 0, + 'S3': 0, + 'Total': total_closed_in_period} + + aip = {'S0': 0, + 'S1': 0, + 'S2': 0, + 'S3': 0, + 'Total': total_overall_in_pt} + + for o in closed_in_period: + cip[o['numerical_severity']] = o['numerical_severity__count'] + + for o in overall_in_pt: + aip[o['numerical_severity']] = o['numerical_severity__count'] + else: + messages.add_message(request, messages.ERROR, _("Please choose month and year and the Product Tag."), extra_tags='alert-danger') - add_breadcrumb(title="Bi-Weekly Metrics", top_level=True, request=request) + add_breadcrumb(title=_("Bi-Weekly Metrics"), top_level=True, request=request) return render(request, 'dojo/pt_counts.html', @@ -749,7 +865,7 @@ def engineer_metrics(request): users = UserFilter(request.GET, queryset=users) paged_users = get_page_items(request, users.qs, 25) - add_breadcrumb(title="Engineer Metrics", top_level=True, request=request) + add_breadcrumb(title=_("Engineer Metrics"), top_level=True, request=request) return render(request, 'dojo/engineer_metrics.html', diff --git a/dojo/middleware.py b/dojo/middleware.py index 6053b1f0a05..733c66f4cd4 100644 --- a/dojo/middleware.py +++ b/dojo/middleware.py @@ -1,12 +1,13 @@ from django.http import HttpResponseRedirect from django.conf import settings -from django.utils.http import urlquote +from urllib.parse import quote from re import compile import logging from threading import local from django.db import models from django.urls import reverse + logger = logging.getLogger(__name__) EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))] @@ -40,19 +41,26 @@ def __call__(self, request): path = request.path_info.lstrip('/') if not any(m.match(path) for m in EXEMPT_URLS): if path == 'logout': - fullURL = "%s?next=%s" % (settings.LOGIN_URL, '/') + fullURL = f"{settings.LOGIN_URL}?next=/" else: - fullURL = "%s?next=%s" % (settings.LOGIN_URL, urlquote(request.get_full_path())) + fullURL = f"{settings.LOGIN_URL}?next={quote(request.get_full_path())}" return HttpResponseRedirect(fullURL) if request.user.is_authenticated: + logger.debug("Authenticated user: %s", str(request.user)) + try: + uwsgi = __import__('uwsgi', globals(), locals(), ['set_logvar'], 0) + # this populates dd_user log var, so can appear in the uwsgi logs + uwsgi.set_logvar('dd_user', str(request.user)) + except: + # to avoid unittests to fail + pass path = request.path_info.lstrip('/') from dojo.models import Dojo_User if Dojo_User.force_password_reset(request.user) and path != 'change_password': return HttpResponseRedirect(reverse('change_password')) - response = self.get_response(request) - return response + return self.get_response(request) class DojoSytemSettingsMiddleware(object): @@ -119,3 +127,40 @@ def get(self, no_cache=False, *args, **kwargs): return self.get_from_db(*args, **kwargs) return from_cache + + +class APITrailingSlashMiddleware: + """ + Middleware that will send a more informative error response to POST requests + made without the trailing slash. When this middleware is not active, POST requests + without the trailing slash will return a 301 status code, with no explanation as to why + """ + + def __init__(self, get_response): + + self.get_response = get_response + + def __call__(self, request): + response = self.get_response(request) + path = request.path_info.lstrip('/') + if request.method == 'POST' and 'api/v2/' in path and path[-1] != '/' and response.status_code == 400: + response.data = {'message': 'Please add a trailing slash to your request.'} + # you need to change private attribute `_is_render` + # to call render second time + response._is_rendered = False + response.render() + return response + + +class AdditionalHeaderMiddleware: + """ + Middleware that will add an arbitray amount of HTTP Request headers toall requests. + """ + + def __init__(self, get_response): + + self.get_response = get_response + + def __call__(self, request): + request.META.update(settings.ADDITIONAL_HEADERS) + return self.get_response(request) diff --git a/dojo/models.py b/dojo/models.py index 112091f33dd..77dead1482e 100755 --- a/dojo/models.py +++ b/dojo/models.py @@ -14,8 +14,9 @@ from django.db.models.expressions import Case, When from django.urls import reverse from django.core.validators import RegexValidator, validate_ipv46_address +from django.core.files.base import ContentFile from django.core.exceptions import ValidationError -from django.db import models +from django.db import models, connection from django.db.models import Q, Count from django.db.models.functions import Lower from django_extensions.db.models import TimeStampedModel @@ -30,13 +31,13 @@ from django import forms from django.utils.translation import gettext as _ from dateutil.relativedelta import relativedelta +from datetime import datetime from tagulous.models import TagField +from tagulous.models.managers import FakeTagRelatedManager import tagulous.admin from django.db.models import JSONField import hyperlink from cvss import CVSS3 -from dojo.settings.settings import SLA_BUSINESS_DAYS -from numpy import busday_count logger = logging.getLogger(__name__) @@ -47,6 +48,8 @@ SEVERITIES = [s[0] for s in SEVERITY_CHOICES] +EFFORT_FOR_FIXING_CHOICES = (('', ''), ('Low', 'Low'), ('Medium', 'Medium'), ('High', 'High')) + # fields returned in statistics, typically all status fields STATS_FIELDS = ['active', 'verified', 'duplicate', 'false_p', 'out_of_scope', 'is_mitigated', 'risk_accepted', 'total'] # default template with all values set to 0 @@ -96,6 +99,28 @@ def _get_statistics_for_queryset(qs, annotation_factory): return stats +def _manage_inherited_tags(obj, incoming_inherited_tags, potentially_existing_tags=[]): + # get copies of the current tag lists + current_inherited_tags = [] if isinstance(obj.inherited_tags, FakeTagRelatedManager) else [tag.name for tag in obj.inherited_tags.all()] + tag_list = potentially_existing_tags if isinstance(obj.tags, FakeTagRelatedManager) or len(potentially_existing_tags) > 0 else [tag.name for tag in obj.tags.all()] + # Clean existing tag list from the old inherited tags. This represents the tags on the object and not the product + cleaned_tag_list = [tag for tag in tag_list if tag not in current_inherited_tags] + # Add the incoming inherited tag list + if incoming_inherited_tags: + for tag in incoming_inherited_tags: + if tag not in cleaned_tag_list: + cleaned_tag_list.append(tag) + # Update the current list of inherited tags. iteratively do this because of tagulous object restraints + if isinstance(obj.inherited_tags, FakeTagRelatedManager): + obj.inherited_tags.set_tag_list(incoming_inherited_tags) + if incoming_inherited_tags: + obj.tags.set_tag_list(cleaned_tag_list) + else: + obj.inherited_tags.set(incoming_inherited_tags) + if incoming_inherited_tags: + obj.tags.set(cleaned_tag_list) + + @deconstructible class UniqueUploadNameProvider: """ @@ -198,32 +223,39 @@ def generate_full_name(user): class UserContactInfo(models.Model): - user = models.OneToOneField(User, on_delete=models.CASCADE) + user = models.OneToOneField(Dojo_User, on_delete=models.CASCADE) title = models.CharField(blank=True, null=True, max_length=150) phone_regex = RegexValidator(regex=r'^\+?1?\d{9,15}$', - message="Phone number must be entered in the format: '+999999999'. " - "Up to 15 digits allowed.") + message=_("Phone number must be entered in the format: '+999999999'. " + "Up to 15 digits allowed.")) phone_number = models.CharField(validators=[phone_regex], blank=True, max_length=15, - help_text="Phone number must be entered in the format: '+999999999'. " - "Up to 15 digits allowed.") + help_text=_("Phone number must be entered in the format: '+999999999'. " + "Up to 15 digits allowed.")) cell_number = models.CharField(validators=[phone_regex], blank=True, max_length=15, - help_text="Phone number must be entered in the format: '+999999999'. " - "Up to 15 digits allowed.") + help_text=_("Phone number must be entered in the format: '+999999999'. " + "Up to 15 digits allowed.")) twitter_username = models.CharField(blank=True, null=True, max_length=150) github_username = models.CharField(blank=True, null=True, max_length=150) - slack_username = models.CharField(blank=True, null=True, max_length=150, help_text="Email address associated with your slack account", verbose_name="Slack Email Address") + slack_username = models.CharField(blank=True, null=True, max_length=150, help_text=_("Email address associated with your slack account"), verbose_name=_('Slack Email Address')) slack_user_id = models.CharField(blank=True, null=True, max_length=25) - block_execution = models.BooleanField(default=False, help_text="Instead of async deduping a finding the findings will be deduped synchronously and will 'block' the user until completion.") - force_password_reset = models.BooleanField(default=False, help_text='Forces this user to reset their password on next login.') + block_execution = models.BooleanField(default=False, help_text=_("Instead of async deduping a finding the findings will be deduped synchronously and will 'block' the user until completion.")) + force_password_reset = models.BooleanField(default=False, help_text=_('Forces this user to reset their password on next login.')) class Dojo_Group(models.Model): + AZURE = 'AzureAD' + REMOTE = 'Remote' + SOCIAL_CHOICES = ( + (AZURE, _('AzureAD')), + (REMOTE, _('Remote')), + ) name = models.CharField(max_length=255, unique=True) description = models.CharField(max_length=4000, null=True, blank=True) users = models.ManyToManyField(Dojo_User, through='Dojo_Group_Member', related_name='users', blank=True) auth_group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.CASCADE) + social_provider = models.CharField(max_length=10, choices=SOCIAL_CHOICES, blank=True, null=True, help_text=_('Group imported from a social provider.'), verbose_name=_('Social Authentication Provider')) def __str__(self): return self.name @@ -241,52 +273,43 @@ class Meta: class System_Settings(models.Model): - enable_auditlog = models.BooleanField( - default=True, - blank=False, - verbose_name='Enable audit logging', - help_text="With this setting turned on, Dojo maintains an audit log " - "of changes made to entities (Findings, Tests, Engagements, Procuts, ...)" - "If you run big import you may want to disable this " - "because the way django-auditlog currently works, there's a " - "big performance hit. Especially during (re-)imports.") enable_deduplication = models.BooleanField( default=False, blank=False, - verbose_name='Deduplicate findings', - help_text="With this setting turned on, Dojo deduplicates findings by " + verbose_name=_('Deduplicate findings'), + help_text=_("With this setting turned on, DefectDojo deduplicates findings by " "comparing endpoints, cwe fields, and titles. " "If two findings share a URL and have the same CWE or " - "title, Dojo marks the less recent finding as a duplicate. " + "title, DefectDojo marks the recent finding as a duplicate. " "When deduplication is enabled, a list of " - "deduplicated findings is added to the engagement view.") - delete_duplicates = models.BooleanField(default=False, blank=False, help_text="Requires next setting: maximum number of duplicates to retain.") + "deduplicated findings is added to the engagement view.")) + delete_duplicates = models.BooleanField(default=False, blank=False, help_text=_("Requires next setting: maximum number of duplicates to retain.")) max_dupes = models.IntegerField(blank=True, null=True, default=10, - verbose_name='Max Duplicates', - help_text="When enabled, if a single " + verbose_name=_('Max Duplicates'), + help_text=_("When enabled, if a single " "issue reaches the maximum " "number of duplicates, the " - "oldest will be deleted. Duplicate will not be deleted when left empty. A value of 0 will remove all duplicates.") + "oldest will be deleted. Duplicate will not be deleted when left empty. A value of 0 will remove all duplicates.")) email_from = models.CharField(max_length=200, default='no-reply@example.com', blank=True) enable_jira = models.BooleanField(default=False, - verbose_name='Enable JIRA integration', + verbose_name=_('Enable JIRA integration'), blank=False) enable_jira_web_hook = models.BooleanField(default=False, - verbose_name='Enable JIRA web hook', - help_text='Please note: It is strongly recommended to use a secret below and / or IP whitelist the JIRA server using a proxy such as Nginx.', + verbose_name=_('Enable JIRA web hook'), + help_text=_('Please note: It is strongly recommended to use a secret below and / or IP whitelist the JIRA server using a proxy such as Nginx.'), blank=False) disable_jira_webhook_secret = models.BooleanField(default=False, - verbose_name='Disable web hook secret', - help_text='Allows incoming requests without a secret (discouraged legacy behaviour)', + verbose_name=_('Disable web hook secret'), + help_text=_('Allows incoming requests without a secret (discouraged legacy behaviour)'), blank=False) # will be set to random / uuid by initializer so null needs to be True - jira_webhook_secret = models.CharField(max_length=64, blank=False, null=True, verbose_name='JIRA Webhook URL', - help_text='Secret needed in URL for incoming JIRA Webhook') + jira_webhook_secret = models.CharField(max_length=64, blank=False, null=True, verbose_name=_('JIRA Webhook URL'), + help_text=_('Secret needed in URL for incoming JIRA Webhook')) jira_choices = (('Critical', 'Critical'), ('High', 'High'), @@ -297,182 +320,249 @@ class System_Settings(models.Model): null=True, choices=jira_choices, default='Low') jira_labels = models.CharField(max_length=200, blank=True, null=True, - help_text='JIRA issue labels space seperated') + help_text=_('JIRA issue labels space seperated')) + + add_vulnerability_id_to_jira_label = models.BooleanField(default=False, + verbose_name=_('Add vulnerability Id as a JIRA label'), + blank=False) enable_github = models.BooleanField(default=False, - verbose_name='Enable GITHUB integration', + verbose_name=_('Enable GITHUB integration'), blank=False) enable_slack_notifications = \ models.BooleanField(default=False, - verbose_name='Enable Slack notifications', + verbose_name=_('Enable Slack notifications'), blank=False) slack_channel = models.CharField(max_length=100, default='', blank=True, - help_text='Optional. Needed if you want to send global notifications.') + help_text=_('Optional. Needed if you want to send global notifications.')) slack_token = models.CharField(max_length=100, default='', blank=True, - help_text='Token required for interacting ' + help_text=_('Token required for interacting ' 'with Slack. Get one at ' - 'https://api.slack.com/tokens') + 'https://api.slack.com/tokens')) slack_username = models.CharField(max_length=100, default='', blank=True, - help_text='Optional. Will take your bot name otherwise.') + help_text=_('Optional. Will take your bot name otherwise.')) enable_msteams_notifications = \ models.BooleanField(default=False, - verbose_name='Enable Microsoft Teams notifications', + verbose_name=_('Enable Microsoft Teams notifications'), blank=False) msteams_url = models.CharField(max_length=400, default='', blank=True, - help_text='The full URL of the ' - 'incoming webhook') + help_text=_('The full URL of the ' + 'incoming webhook')) enable_mail_notifications = models.BooleanField(default=False, blank=False) mail_notifications_to = models.CharField(max_length=200, default='', blank=True) - false_positive_history = models.BooleanField(default=False, help_text="DefectDojo will automatically mark the finding as a false positive if the finding has been previously marked as a false positive. Not needed when using deduplication, advised to not combine these two.") - url_prefix = models.CharField(max_length=300, default='', blank=True, help_text="URL prefix if DefectDojo is installed in it's own virtual subdirectory.") + false_positive_history = models.BooleanField( + default=False, help_text=_( + "(EXPERIMENTAL) DefectDojo will automatically mark the finding as a " + "false positive if an equal finding (according to its dedupe algorithm) " + "has been previously marked as a false positive on the same product. " + "ATTENTION: Although the deduplication algorithm is used to determine " + "if a finding should be marked as a false positive, this feature will " + "not work if deduplication is enabled since it doesn't make sense to use both." + ) + ) + + retroactive_false_positive_history = models.BooleanField( + default=False, help_text=_( + "(EXPERIMENTAL) FP History will also retroactively mark/unmark all " + "existing equal findings in the same product as a false positives. " + "Only works if the False Positive History feature is also enabled." + ) + ) + + url_prefix = models.CharField(max_length=300, default='', blank=True, help_text=_("URL prefix if DefectDojo is installed in it's own virtual subdirectory.")) team_name = models.CharField(max_length=100, default='', blank=True) time_zone = models.CharField(max_length=50, choices=[(tz, tz) for tz in all_timezones], default='UTC', blank=False) - enable_product_grade = models.BooleanField(default=False, verbose_name="Enable Product Grading", help_text="Displays a grade letter next to a product to show the overall health.") + enable_product_grade = models.BooleanField(default=False, verbose_name=_('Enable Product Grading'), help_text=_("Displays a grade letter next to a product to show the overall health.")) product_grade = models.CharField(max_length=800, blank=True) product_grade_a = models.IntegerField(default=90, - verbose_name="Grade A", - help_text="Percentage score for an " - "'A' >=") + verbose_name=_('Grade A'), + help_text=_("Percentage score for an " + "'A' >=")) product_grade_b = models.IntegerField(default=80, - verbose_name="Grade B", - help_text="Percentage score for a " - "'B' >=") + verbose_name=_('Grade B'), + help_text=_("Percentage score for a " + "'B' >=")) product_grade_c = models.IntegerField(default=70, - verbose_name="Grade C", - help_text="Percentage score for a " - "'C' >=") + verbose_name=_('Grade C'), + help_text=_("Percentage score for a " + "'C' >=")) product_grade_d = models.IntegerField(default=60, - verbose_name="Grade D", - help_text="Percentage score for a " - "'D' >=") + verbose_name=_('Grade D'), + help_text=_("Percentage score for a " + "'D' >=")) product_grade_f = models.IntegerField(default=59, - verbose_name="Grade F", - help_text="Percentage score for an " - "'F' <=") + verbose_name=_('Grade F'), + help_text=_("Percentage score for an " + "'F' <=")) + enable_product_tag_inheritance = models.BooleanField( + default=False, + blank=False, + verbose_name=_('Enable Product Tag Inheritance'), + help_text=_("Enables product tag inheritance globally for all products. Any tags added on a product will automatically be added to all Engagements, Tests, and Findings")) + enable_benchmark = models.BooleanField( default=True, blank=False, - verbose_name="Enable Benchmarks", - help_text="Enables Benchmarks such as the OWASP ASVS " - "(Application Security Verification Standard)") + verbose_name=_('Enable Benchmarks'), + help_text=_("Enables Benchmarks such as the OWASP ASVS " + "(Application Security Verification Standard)")) enable_template_match = models.BooleanField( default=False, blank=False, - verbose_name="Enable Remediation Advice", - help_text="Enables global remediation advice and matching on CWE and Title. The text will be replaced for mitigation, impact and references on a finding. Useful for providing consistent impact and remediation advice regardless of the scanner.") + verbose_name=_('Enable Remediation Advice'), + help_text=_("Enables global remediation advice and matching on CWE and Title. The text will be replaced for mitigation, impact and references on a finding. Useful for providing consistent impact and remediation advice regardless of the scanner.")) engagement_auto_close = models.BooleanField( default=False, blank=False, - verbose_name="Enable Engagement Auto-Close", - help_text="Closes an engagement after 3 days (default) past due date including last update.") + verbose_name=_("Enable Engagement Auto-Close"), + help_text=_('Closes an engagement after 3 days (default) past due date including last update.')) engagement_auto_close_days = models.IntegerField( default=3, blank=False, - verbose_name="Engagement Auto-Close Days", - help_text="Closes an engagement after the specified number of days past due date including last update.") + verbose_name=_("Engagement Auto-Close Days"), + help_text=_("Closes an engagement after the specified number of days past due date including last update.")) enable_finding_sla = models.BooleanField( default=True, blank=False, - verbose_name="Enable Finding SLA's", - help_text="Enables Finding SLA's for time to remediate.") - - sla_critical = models.IntegerField(default=7, - verbose_name="Critical Finding SLA Days", - help_text="# of days to remediate a critical finding.") - - sla_high = models.IntegerField(default=30, - verbose_name="High Finding SLA Days", - help_text="# of days to remediate a high finding.") - sla_medium = models.IntegerField(default=90, - verbose_name="Medium Finding SLA Days", - help_text="# of days to remediate a medium finding.") - - sla_low = models.IntegerField(default=120, - verbose_name="Low Finding SLA Days", - help_text="# of days to remediate a low finding.") + verbose_name=_("Enable Finding SLA's"), + help_text=_("Enables Finding SLA's for time to remediate.")) + + enable_notify_sla_active = models.BooleanField( + default=False, + blank=False, + verbose_name=_("Enable Notify SLA's Breach for active Findings"), + help_text=_("Enables Notify when time to remediate according to Finding SLA's is breached for active Findings.")) + + enable_notify_sla_active_verified = models.BooleanField( + default=False, + blank=False, + verbose_name=_("Enable Notify SLA's Breach for active, verified Findings"), + help_text=_("Enables Notify when time to remediate according to Finding SLA's is breached for active, verified Findings.")) + + enable_notify_sla_jira_only = models.BooleanField( + default=False, + blank=False, + verbose_name=_("Enable Notify SLA's Breach only for Findings linked to JIRA"), + help_text=_("Enables Notify when time to remediate according to Finding SLA's is breached for Findings that are linked to JIRA issues. Notification is disabled for Findings not linked to JIRA issues")) + + enable_notify_sla_exponential_backoff = models.BooleanField( + default=False, + blank=False, + verbose_name=_("Enable an exponential backoff strategy for SLA breach notifications."), + help_text=_("Enable an exponential backoff strategy for SLA breach notifications, e.g. 1, 2, 4, 8, etc. Otherwise it alerts every day")) + allow_anonymous_survey_repsonse = models.BooleanField( default=False, blank=False, - verbose_name="Allow Anonymous Survey Responses", - help_text="Enable anyone with a link to the survey to answer a survey" + verbose_name=_('Allow Anonymous Survey Responses'), + help_text=_("Enable anyone with a link to the survey to answer a survey") ) credentials = models.TextField(max_length=3000, blank=True) disclaimer = models.TextField(max_length=3000, default='', blank=True, - verbose_name="Custom Disclaimer", - help_text="Include this custom disclaimer on all notifications and generated reports") - column_widths = models.TextField(max_length=1500, blank=True) - drive_folder_ID = models.CharField(max_length=100, blank=True) - email_address = models.EmailField(max_length=100, blank=True) - risk_acceptance_form_default_days = models.IntegerField(null=True, blank=True, default=180, help_text="Default expiry period for risk acceptance form.") + verbose_name=_('Custom Disclaimer'), + help_text=_("Include this custom disclaimer on all notifications and generated reports")) + risk_acceptance_form_default_days = models.IntegerField(null=True, blank=True, default=180, help_text=_("Default expiry period for risk acceptance form.")) risk_acceptance_notify_before_expiration = models.IntegerField(null=True, blank=True, default=10, - verbose_name="Risk acceptance expiration heads up days", help_text="Notify X days before risk acceptance expires. Leave empty to disable.") + verbose_name=_('Risk acceptance expiration heads up days'), help_text=_("Notify X days before risk acceptance expires. Leave empty to disable.")) enable_credentials = models.BooleanField( default=True, blank=False, - verbose_name='Enable credentials', - help_text="With this setting turned off, credentials will be disabled in the user interface.") + verbose_name=_('Enable credentials'), + help_text=_("With this setting turned off, credentials will be disabled in the user interface.")) enable_questionnaires = models.BooleanField( default=True, blank=False, - verbose_name='Enable questionnaires', - help_text="With this setting turned off, questionnaires will be disabled in the user interface.") + verbose_name=_('Enable questionnaires'), + help_text=_("With this setting turned off, questionnaires will be disabled in the user interface.")) enable_checklists = models.BooleanField( default=True, blank=False, - verbose_name='Enable checklists', - help_text="With this setting turned off, checklists will be disabled in the user interface.") + verbose_name=_('Enable checklists'), + help_text=_("With this setting turned off, checklists will be disabled in the user interface.")) enable_endpoint_metadata_import = models.BooleanField( default=True, blank=False, - verbose_name='Enable Endpoint Metadata Import', - help_text="With this setting turned off, endpoint metadata import will be disabled in the user interface.") - enable_google_sheets = models.BooleanField( - default=False, - blank=False, - verbose_name='Enable Google Sheets Integration', - help_text="With this setting turned off, the Google sheets integration will be disabled in the user interface.") - enable_rules_framework = models.BooleanField( - default=False, - blank=False, - verbose_name='Enable Rules Framework', - help_text="With this setting turned off, the rules framwork will be disabled in the user interface.") + verbose_name=_('Enable Endpoint Metadata Import'), + help_text=_("With this setting turned off, endpoint metadata import will be disabled in the user interface.")) enable_user_profile_editable = models.BooleanField( default=True, blank=False, - verbose_name='Enable user profile for writing', - help_text="When turned on users can edit their profiles") + verbose_name=_('Enable user profile for writing'), + help_text=_("When turned on users can edit their profiles")) enable_product_tracking_files = models.BooleanField( default=True, blank=False, - verbose_name='Enable Product Tracking Files', - help_text="With this setting turned off, the product tracking files will be disabled in the user interface.") + verbose_name=_('Enable Product Tracking Files'), + help_text=_("With this setting turned off, the product tracking files will be disabled in the user interface.")) + enable_finding_groups = models.BooleanField( + default=True, + blank=False, + verbose_name=_('Enable Finding Groups'), + help_text=_("With this setting turned off, the Finding Groups will be disabled.")) + enable_calendar = models.BooleanField( + default=True, + blank=False, + verbose_name=_('Enable Calendar'), + help_text=_("With this setting turned off, the Calendar will be disabled in the user interface.")) default_group = models.ForeignKey( Dojo_Group, null=True, blank=True, - help_text="New users will be assigned to this group.", + help_text=_("New users will be assigned to this group."), on_delete=models.RESTRICT) default_group_role = models.ForeignKey( Role, null=True, blank=True, - help_text="New users will be assigned to their default group with this role.", + help_text=_("New users will be assigned to their default group with this role."), on_delete=models.RESTRICT) - staff_user_email_pattern = models.CharField( + default_group_email_pattern = models.CharField( max_length=200, default='', blank=True, - verbose_name='Email pattern for staff users', - help_text="When the email address of a new user created by OAuth2 matches this regex pattern, their is_staff flag will be set to True.") + help_text=_("New users will only be assigned to the default group, when their email address matches this regex pattern. This is optional condition.")) + minimum_password_length = models.IntegerField( + default=9, + verbose_name=_('Minimum password length'), + help_text=_("Requires user to set passwords greater than minimum length.")) + maximum_password_length = models.IntegerField( + default=48, + verbose_name=_('Maximum password length'), + help_text=_("Requires user to set passwords less than maximum length.")) + number_character_required = models.BooleanField( + default=True, + blank=False, + verbose_name=_("Password must contain one digit"), + help_text=_("Requires user passwords to contain at least one digit (0-9).")) + special_character_required = models.BooleanField( + default=True, + blank=False, + verbose_name=_("Password must contain one special character"), + help_text=_("Requires user passwords to contain at least one special character (()[]{}|\`~!@#$%^&*_-+=;:\'\",<>./?).")) # noqa W605 + lowercase_character_required = models.BooleanField( + default=True, + blank=False, + verbose_name=_("Password must contain one lowercase letter"), + help_text=_("Requires user passwords to contain at least one lowercase letter (a-z).")) + uppercase_character_required = models.BooleanField( + default=True, + blank=False, + verbose_name=_("Password must contain one uppercase letter"), + help_text=_("Requires user passwords to contain at least one uppercase letter (A-Z).")) + non_common_password_required = models.BooleanField( + default=True, + blank=False, + verbose_name=_("Password must not be common"), + help_text=_("Requires user passwords to not be part of list of common passwords.")) from dojo.middleware import System_Settings_Manager objects = System_Settings_Manager() @@ -502,13 +592,13 @@ def get_current_datetime(): class Dojo_Group_Member(models.Model): group = models.ForeignKey(Dojo_Group, on_delete=models.CASCADE) user = models.ForeignKey(Dojo_User, on_delete=models.CASCADE) - role = models.ForeignKey(Role, on_delete=models.CASCADE, help_text="This role determines the permissions of the user to manage the group.", verbose_name="Group role") + role = models.ForeignKey(Role, on_delete=models.CASCADE, help_text=_("This role determines the permissions of the user to manage the group."), verbose_name=_('Group role')) class Global_Role(models.Model): - user = models.OneToOneField(User, null=True, blank=True, on_delete=models.CASCADE) + user = models.OneToOneField(Dojo_User, null=True, blank=True, on_delete=models.CASCADE) group = models.OneToOneField(Dojo_Group, null=True, blank=True, on_delete=models.CASCADE) - role = models.ForeignKey(Role, on_delete=models.CASCADE, null=True, blank=True, help_text="The global role will be applied to all product types and products.", verbose_name="Global role") + role = models.ForeignKey(Role, on_delete=models.CASCADE, null=True, blank=True, help_text=_("The global role will be applied to all product types and products."), verbose_name=_('Global role')) class Contact(models.Model): @@ -517,7 +607,7 @@ class Contact(models.Model): team = models.CharField(max_length=100) is_admin = models.BooleanField(default=False) is_globally_read_only = models.BooleanField(default=False) - updated = models.DateTimeField(editable=False) + updated = models.DateTimeField(auto_now=True) class Note_Type(models.Model): @@ -536,7 +626,14 @@ class NoteHistory(models.Model): data = models.TextField() time = models.DateTimeField(null=True, editable=False, default=get_current_datetime) - current_editor = models.ForeignKey(User, editable=False, null=True, on_delete=models.CASCADE) + current_editor = models.ForeignKey(Dojo_User, editable=False, null=True, on_delete=models.CASCADE) + + def copy(self): + copy = self + copy.pk = None + copy.id = None + copy.save() + return copy class Notes(models.Model): @@ -544,10 +641,10 @@ class Notes(models.Model): entry = models.TextField() date = models.DateTimeField(null=False, editable=False, default=get_current_datetime) - author = models.ForeignKey(User, related_name='editor_notes_set', editable=False, on_delete=models.CASCADE) + author = models.ForeignKey(Dojo_User, related_name='editor_notes_set', editable=False, on_delete=models.CASCADE) private = models.BooleanField(default=False) edited = models.BooleanField(default=False) - editor = models.ForeignKey(User, related_name='author_notes_set', editable=False, null=True, on_delete=models.CASCADE) + editor = models.ForeignKey(Dojo_User, related_name='author_notes_set', editable=False, null=True, on_delete=models.CASCADE) edit_time = models.DateTimeField(null=True, editable=False, default=get_current_datetime) history = models.ManyToManyField(NoteHistory, blank=True, @@ -559,15 +656,61 @@ class Meta: def __str__(self): return self.entry + def copy(self): + copy = self + # Save the necessary ManyToMany relationships + old_history = list(self.history.all()) + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + # Save the object before setting any ManyToMany relationships + copy.save() + # Copy the history + for history in old_history: + copy.history.add(history.copy()) + + return copy + class FileUpload(models.Model): title = models.CharField(max_length=100, unique=True) file = models.FileField(upload_to=UniqueUploadNameProvider('uploaded_files')) + def copy(self): + copy = self + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + # Add unique modifier to file name + copy.title = '{} - clone-{}'.format(self.title, str(uuid4())[:8]) + # Create new unique file name + current_url = self.file.url + _, current_full_filename = current_url.rsplit('/', 1) + _, extension = current_full_filename.split('.', 1) + new_file = ContentFile(self.file.read(), name='{}.{}'.format(uuid4(), extension)) + copy.file = new_file + copy.save() + + return copy + + def get_accessible_url(self, obj, obj_id): + if isinstance(obj, Engagement): + obj_type = 'Engagement' + elif isinstance(obj, Test): + obj_type = 'Test' + elif isinstance(obj, Finding): + obj_type = 'Finding' + + return 'access_file/{file_id}/{obj_id}/{obj_type}'.format( + file_id=self.id, + obj_id=obj_id, + obj_type=obj_type + ) + class Product_Type(models.Model): """Product types represent the top level model, these can be business unit divisions, different offices or locations, development teams, or any other logical way of distinguishing “types” of products. - +` Examples: * IAM Team * Internal / 3rd Party @@ -714,6 +857,86 @@ class Meta: ('finding', 'name')) +class SLA_Configuration(models.Model): + name = models.CharField(max_length=128, unique=True, blank=False, verbose_name=_('Custom SLA Name'), + help_text=_('A unique name for the set of SLAs.')) + description = models.CharField(max_length=512, null=True, blank=True) + critical = models.IntegerField(default=7, verbose_name=_('Critical Finding SLA Days'), + help_text=_('number of days to remediate a critical finding.')) + high = models.IntegerField(default=30, verbose_name=_('High Finding SLA Days'), + help_text=_('number of days to remediate a high finding.')) + medium = models.IntegerField(default=90, verbose_name=_('Medium Finding SLA Days'), + help_text=_('number of days to remediate a medium finding.')) + low = models.IntegerField(default=120, verbose_name=_('Low Finding SLA Days'), + help_text=_('number of days to remediate a low finding.')) + async_updating = models.BooleanField(default=False, + help_text=_('Findings under this SLA configuration are asynchronously being updated')) + + def clean(self): + sla_days = [self.critical, self.high, self.medium, self.low] + + for sla_day in sla_days: + if sla_day < 1: + raise ValidationError('SLA Days must be at least 1') + + def save(self, *args, **kwargs): + # get the initial sla config before saving (if this is an existing sla config) + initial_sla_config = None + if self.pk is not None: + initial_sla_config = SLA_Configuration.objects.get(pk=self.pk) + # if initial config exists and async finding update is already running, revert sla config before saving + if initial_sla_config and self.async_updating: + self.critical = initial_sla_config.critical + self.high = initial_sla_config.high + self.medium = initial_sla_config.medium + self.low = initial_sla_config.low + + super(SLA_Configuration, self).save(*args, **kwargs) + + # if the initial sla config exists and async finding update is not running + if initial_sla_config is not None and not self.async_updating: + # check which sla days fields changed based on severity + severities = [] + if initial_sla_config.critical != self.critical: + severities.append('Critical') + if initial_sla_config.high != self.high: + severities.append('High') + if initial_sla_config.medium != self.medium: + severities.append('Medium') + if initial_sla_config.low != self.low: + severities.append('Low') + # if severities have changed, update finding sla expiration dates with those severities + if len(severities): + # set the async updating flag to true for this sla config + self.async_updating = True + super(SLA_Configuration, self).save(*args, **kwargs) + # set the async updating flag to true for all products using this sla config + products = Product.objects.filter(sla_configuration=self) + for product in products: + product.async_updating = True + super(Product, product).save() + # launch the async task to update all finding sla expiration dates + from dojo.sla_config.helpers import update_sla_expiration_dates_sla_config_async + update_sla_expiration_dates_sla_config_async(self, tuple(severities), products) + + def __str__(self): + return self.name + + class Meta: + ordering = ['name'] + + def delete(self, *args, **kwargs): + logger.debug('%d sla configuration delete', self.id) + + if self.id != 1: + super().delete(*args, **kwargs) + else: + raise ValidationError("Unable to delete default SLA Configuration") + + def get_summary(self): + return f'{self.name} - Critical: {self.critical}, High: {self.high}, Medium: {self.medium}, Low: {self.low}' + + class Product(models.Model): WEB_PLATFORM = 'web' IOT = 'iot' @@ -777,10 +1000,16 @@ class Product(models.Model): team_manager = models.ForeignKey(Dojo_User, null=True, blank=True, related_name='team_manager', on_delete=models.RESTRICT) - created = models.DateTimeField(editable=False, null=True, blank=True) + created = models.DateTimeField(auto_now_add=True, null=True) prod_type = models.ForeignKey(Product_Type, related_name='prod_type', null=False, blank=False, on_delete=models.CASCADE) - updated = models.DateTimeField(editable=False, null=True, blank=True) + updated = models.DateTimeField(auto_now=True, null=True) + sla_configuration = models.ForeignKey(SLA_Configuration, + related_name='sla_config', + null=False, + blank=False, + default=1, + on_delete=models.RESTRICT) tid = models.IntegerField(default=0, editable=False) members = models.ManyToManyField(Dojo_User, through='Product_Member', related_name='product_members', blank=True) authorization_groups = models.ManyToManyField(Dojo_Group, through='Product_Group', related_name='product_groups', blank=True) @@ -797,11 +1026,52 @@ class Product(models.Model): internet_accessible = models.BooleanField(default=False, help_text=_('Specify if the application is accessible from the public internet.')) regulations = models.ManyToManyField(Regulation, blank=True) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this product. Choose from the list or add new tags. Press Enter key to add.") - + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this product. Choose from the list or add new tags. Press Enter key to add.")) + enable_product_tag_inheritance = models.BooleanField( + default=False, + blank=False, + verbose_name=_('Enable Product Tag Inheritance'), + help_text=_("Enables product tag inheritance. Any tags added on a product will automatically be added to all Engagements, Tests, and Findings")) enable_simple_risk_acceptance = models.BooleanField(default=False, help_text=_('Allows simple risk acceptance by checking/unchecking a checkbox.')) enable_full_risk_acceptance = models.BooleanField(default=True, help_text=_('Allows full risk acceptance using a risk acceptance form, expiration date, uploaded proof, etc.')) + disable_sla_breach_notifications = models.BooleanField( + default=False, + blank=False, + verbose_name=_("Disable SLA breach notifications"), + help_text=_("Disable SLA breach notifications if configured in the global settings")) + async_updating = models.BooleanField(default=False, + help_text=_('Findings under this Product or SLA configuration are asynchronously being updated')) + + def save(self, *args, **kwargs): + # get the product's sla config before saving (if this is an existing product) + initial_sla_config = None + if self.pk is not None: + initial_sla_config = getattr(Product.objects.get(pk=self.pk), 'sla_configuration', None) + # if initial sla config exists and async finding update is already running, revert sla config before saving + if initial_sla_config and self.async_updating: + self.sla_configuration = initial_sla_config + + super(Product, self).save(*args, **kwargs) + + # if the initial sla config exists and async finding update is not running + if initial_sla_config is not None and not self.async_updating: + # get the new sla config from the saved product + new_sla_config = getattr(self, 'sla_configuration', None) + # if the sla config has changed, update finding sla expiration dates within this product + if new_sla_config and (initial_sla_config != new_sla_config): + # set the async updating flag to true for this product + self.async_updating = True + super(Product, self).save(*args, **kwargs) + # set the async updating flag to true for the sla config assigned to this product + sla_config = getattr(self, 'sla_configuration', None) + if sla_config: + sla_config.async_updating = True + super(SLA_Configuration, sla_config).save() + # launch the async task to update all finding sla expiration dates + from dojo.product.helpers import update_sla_expiration_dates_product_async + update_sla_expiration_dates_product_async(self, sla_config) + def __str__(self): return self.name @@ -834,7 +1104,7 @@ def findings_active_verified_count(self): @cached_property def endpoint_host_count(self): # active_endpoints is (should be) prefetched - endpoints = self.active_endpoints + endpoints = getattr(self, 'active_endpoints', None) hosts = [] for e in endpoints: @@ -848,7 +1118,10 @@ def endpoint_host_count(self): @cached_property def endpoint_count(self): # active_endpoints is (should be) prefetched - return len(self.active_endpoints) + endpoints = getattr(self, 'active_endpoints', None) + if endpoints: + return len(self.active_endpoints) + return None def open_findings(self, start_date=None, end_date=None): if start_date is None or end_date is None: @@ -909,8 +1182,7 @@ def get_product_type(self): @cached_property def open_findings_list(self): findings = Finding.objects.filter(test__engagement__product=self, - active=True, - ) + active=True) findings_list = [] for i in findings: findings_list.append(i.id) @@ -925,6 +1197,12 @@ def get_absolute_url(self): from django.urls import reverse return reverse('view_product', args=[str(self.id)]) + def violates_sla(self): + findings = Finding.objects.filter(test__engagement__product=self, + active=True, + sla_expiration_date__lt=timezone.now().date()) + return findings.count() > 0 + class Product_Member(models.Model): product = models.ForeignKey(Product, on_delete=models.CASCADE) @@ -973,15 +1251,15 @@ class Tool_Configuration(models.Model): 'Username/Password'), ('SSH', 'SSH')), null=True, blank=True) - extras = models.CharField(max_length=255, null=True, blank=True, help_text="Additional definitions that will be " - "consumed by scanner") + extras = models.CharField(max_length=255, null=True, blank=True, help_text=_("Additional definitions that will be " + "consumed by scanner")) username = models.CharField(max_length=200, null=True, blank=True) password = models.CharField(max_length=600, null=True, blank=True) auth_title = models.CharField(max_length=200, null=True, blank=True, - verbose_name="Title for SSH/API Key") + verbose_name=_("Title for SSH/API Key")) ssh = models.CharField(max_length=6000, null=True, blank=True) api_key = models.CharField(max_length=600, null=True, blank=True, - verbose_name="API Key") + verbose_name=_('API Key')) class Meta: ordering = ['name'] @@ -1049,18 +1327,18 @@ class Tool_Configuration_Admin(admin.ModelAdmin): class Network_Locations(models.Model): - location = models.CharField(max_length=500, help_text="Location of network testing: Examples: VPN, Internet or Internal.") + location = models.CharField(max_length=500, help_text=_("Location of network testing: Examples: VPN, Internet or Internal.")) def __str__(self): return self.location class Engagement_Presets(models.Model): - title = models.CharField(max_length=500, default=None, help_text="Brief description of preset.") + title = models.CharField(max_length=500, default=None, help_text=_("Brief description of preset.")) test_type = models.ManyToManyField(Test_Type, default=None, blank=True) network_locations = models.ManyToManyField(Network_Locations, default=None, blank=True) - notes = models.CharField(max_length=2000, help_text="Description of what needs to be tested or setting up environment for testing", null=True, blank=True) - scope = models.CharField(max_length=800, help_text="Scope of Engagement testing, IP's/Resources/URL's)", default=None, blank=True) + notes = models.CharField(max_length=2000, help_text=_("Description of what needs to be tested or setting up environment for testing"), null=True, blank=True) + scope = models.CharField(max_length=800, help_text=_("Scope of Engagement testing, IP's/Resources/URL's)"), default=None, blank=True) product = models.ForeignKey(Product, on_delete=models.CASCADE) created = models.DateTimeField(auto_now_add=True, null=False) @@ -1083,20 +1361,20 @@ def __str__(self): class Engagement(models.Model): name = models.CharField(max_length=300, null=True, blank=True) description = models.CharField(max_length=2000, null=True, blank=True) - version = models.CharField(max_length=100, null=True, blank=True, help_text="Version of the product the engagement tested.") + version = models.CharField(max_length=100, null=True, blank=True, help_text=_("Version of the product the engagement tested.")) first_contacted = models.DateField(null=True, blank=True) target_start = models.DateField(null=False, blank=False) target_end = models.DateField(null=False, blank=False) - lead = models.ForeignKey(User, editable=True, null=True, on_delete=models.RESTRICT) + lead = models.ForeignKey(Dojo_User, editable=True, null=True, blank=True, on_delete=models.RESTRICT) requester = models.ForeignKey(Contact, null=True, blank=True, on_delete=models.CASCADE) - preset = models.ForeignKey(Engagement_Presets, null=True, blank=True, help_text="Settings and notes for performing this engagement.", on_delete=models.CASCADE) + preset = models.ForeignKey(Engagement_Presets, null=True, blank=True, help_text=_("Settings and notes for performing this engagement."), on_delete=models.CASCADE) reason = models.CharField(max_length=2000, null=True, blank=True) report_type = models.ForeignKey(Report_Type, null=True, blank=True, on_delete=models.CASCADE) product = models.ForeignKey(Product, on_delete=models.CASCADE) updated = models.DateTimeField(auto_now=True, null=True) created = models.DateTimeField(auto_now_add=True, null=True) active = models.BooleanField(default=True, editable=False) - tracker = models.URLField(max_length=200, help_text="Link to epic or ticket system with changes to version.", editable=True, blank=True, null=True) + tracker = models.URLField(max_length=200, help_text=_("Link to epic or ticket system with changes to version."), editable=True, blank=True, null=True) test_strategy = models.URLField(editable=True, blank=True, null=True) threat_model = models.BooleanField(default=True) api_test = models.BooleanField(default=True) @@ -1121,18 +1399,19 @@ class Engagement(models.Model): choices=(('Interactive', 'Interactive'), ('CI/CD', 'CI/CD'))) build_id = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Build ID of the product the engagement tested.", verbose_name="Build ID") + null=True, blank=True, help_text=_("Build ID of the product the engagement tested."), verbose_name=_('Build ID')) commit_hash = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Commit hash from repo", verbose_name="Commit Hash") + null=True, blank=True, help_text=_("Commit hash from repo"), verbose_name=_('Commit Hash')) branch_tag = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Tag or branch of the product the engagement tested.", verbose_name="Branch/Tag") - build_server = models.ForeignKey(Tool_Configuration, verbose_name="Build Server", help_text="Build server responsible for CI/CD test", null=True, blank=True, related_name='build_server', on_delete=models.CASCADE) - source_code_management_server = models.ForeignKey(Tool_Configuration, null=True, blank=True, verbose_name="SCM Server", help_text="Source code server for CI/CD test", related_name='source_code_management_server', on_delete=models.CASCADE) - source_code_management_uri = models.URLField(max_length=600, null=True, blank=True, editable=True, verbose_name="Repo", help_text="Resource link to source code") - orchestration_engine = models.ForeignKey(Tool_Configuration, verbose_name="Orchestration Engine", help_text="Orchestration service responsible for CI/CD test", null=True, blank=True, related_name='orchestration', on_delete=models.CASCADE) - deduplication_on_engagement = models.BooleanField(default=False, verbose_name="Deduplication within this engagement only", help_text="If enabled deduplication will only mark a finding in this engagement as duplicate of another finding if both findings are in this engagement. If disabled, deduplication is on the product level.") + null=True, blank=True, help_text=_("Tag or branch of the product the engagement tested."), verbose_name=_("Branch/Tag")) + build_server = models.ForeignKey(Tool_Configuration, verbose_name=_('Build Server'), help_text=_("Build server responsible for CI/CD test"), null=True, blank=True, related_name='build_server', on_delete=models.CASCADE) + source_code_management_server = models.ForeignKey(Tool_Configuration, null=True, blank=True, verbose_name=_('SCM Server'), help_text=_("Source code server for CI/CD test"), related_name='source_code_management_server', on_delete=models.CASCADE) + source_code_management_uri = models.URLField(max_length=600, null=True, blank=True, editable=True, verbose_name=_('Repo'), help_text=_("Resource link to source code")) + orchestration_engine = models.ForeignKey(Tool_Configuration, verbose_name=_('Orchestration Engine'), help_text=_("Orchestration service responsible for CI/CD test"), null=True, blank=True, related_name='orchestration', on_delete=models.CASCADE) + deduplication_on_engagement = models.BooleanField(default=False, verbose_name=_('Deduplication within this engagement only'), help_text=_("If enabled deduplication will only mark a finding in this engagement as duplicate of another finding if both findings are in this engagement. If disabled, deduplication is on the product level.")) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this engagement. Choose from the list or add new tags. Press Enter key to add.") + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this engagement. Choose from the list or add new tags. Press Enter key to add.")) + inherited_tags = TagField(blank=True, force_lowercase=True, help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field")) class Meta: ordering = ['-target_start'] @@ -1158,6 +1437,36 @@ def __str__(self): self.target_start.strftime( "%b %d, %Y")) + def copy(self): + copy = self + # Save the necessary ManyToMany relationships + old_notes = list(self.notes.all()) + old_files = list(self.files.all()) + old_tags = list(self.tags.all()) + old_risk_acceptances = list(self.risk_acceptance.all()) + old_tests = list(Test.objects.filter(engagement=self)) + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + # Save the object before setting any ManyToMany relationships + copy.save() + # Copy the notes + for notes in old_notes: + copy.notes.add(notes.copy()) + # Copy the files + for files in old_files: + copy.files.add(files.copy()) + # Copy the tests + for test in old_tests: + test.copy(engagement=copy) + # Copy the risk_acceptances + for risk_acceptance in old_risk_acceptances: + copy.risk_acceptance.add(risk_acceptance.copy(engagement=copy)) + # Assign any tags + copy.tags.set(old_tags) + + return copy + def get_breadcrumbs(self): bc = self.product.get_breadcrumbs() bc += [{'title': str(self), @@ -1192,6 +1501,11 @@ def delete(self, *args, **kwargs): super().delete(*args, **kwargs) calculate_grade(self.product) + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for tag in self.product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + class CWE(models.Model): url = models.CharField(max_length=1000) @@ -1208,74 +1522,91 @@ class Endpoint_Params(models.Model): class Endpoint_Status(models.Model): - date = models.DateTimeField(default=get_current_date) + date = models.DateField(default=get_current_date) last_modified = models.DateTimeField(null=True, editable=False, default=get_current_datetime) mitigated = models.BooleanField(default=False, blank=True) mitigated_time = models.DateTimeField(editable=False, null=True, blank=True) - mitigated_by = models.ForeignKey(User, editable=True, null=True, on_delete=models.RESTRICT) + mitigated_by = models.ForeignKey(Dojo_User, editable=True, null=True, on_delete=models.RESTRICT) false_positive = models.BooleanField(default=False, blank=True) out_of_scope = models.BooleanField(default=False, blank=True) risk_accepted = models.BooleanField(default=False, blank=True) - endpoint = models.ForeignKey('Endpoint', null=True, blank=True, on_delete=models.CASCADE, related_name='status_endpoint') - finding = models.ForeignKey('Finding', null=True, blank=True, on_delete=models.CASCADE, related_name='status_finding') + endpoint = models.ForeignKey('Endpoint', null=False, blank=False, on_delete=models.CASCADE, related_name='status_endpoint') + finding = models.ForeignKey('Finding', null=False, blank=False, on_delete=models.CASCADE, related_name='status_finding') @property def age(self): if self.mitigated: - diff = self.mitigated_time.date() - self.date.date() + diff = self.mitigated_time.date() - self.date else: - diff = get_current_date() - self.date.date() + diff = get_current_date() - self.date days = diff.days return days if days > 0 else 0 def __str__(self): - field_values = [] - for field in self._meta.get_fields(): - field_values.append(str(getattr(self, field.name, ''))) - return ' '.join(field_values) + return "'{}' on '{}'".format(str(self.finding), str(self.endpoint)) + + def copy(self, finding=None): + copy = self + current_endpoint = self.endpoint + copy.pk = None + copy.id = None + if finding: + copy.finding = finding + copy.endpoint = current_endpoint + copy.save() + + return copy class Meta: indexes = [ models.Index(fields=['finding', 'mitigated']), models.Index(fields=['endpoint', 'mitigated']), ] + constraints = [ + models.UniqueConstraint(fields=['finding', 'endpoint'], name='endpoint-finding relation') + ] class Endpoint(models.Model): protocol = models.CharField(null=True, blank=True, max_length=20, - help_text="The communication protocol/scheme such as 'http', 'ftp', 'dns', etc.") + help_text=_("The communication protocol/scheme such as 'http', 'ftp', 'dns', etc.")) userinfo = models.CharField(null=True, blank=True, max_length=500, - help_text="User info as 'alice', 'bob', etc.") + help_text=_("User info as 'alice', 'bob', etc.")) host = models.CharField(null=True, blank=True, max_length=500, - help_text="The host name or IP address. It must not include the port number. " - "For example '127.0.0.1', 'localhost', 'yourdomain.com'.") + help_text=_("The host name or IP address. It must not include the port number. " + "For example '127.0.0.1', 'localhost', 'yourdomain.com'.")) port = models.IntegerField(null=True, blank=True, - help_text="The network port associated with the endpoint.") + help_text=_("The network port associated with the endpoint.")) path = models.CharField(null=True, blank=True, max_length=500, - help_text="The location of the resource, it must not start with a '/'. For example " - "endpoint/420/edit") + help_text=_("The location of the resource, it must not start with a '/'. For example " + "endpoint/420/edit")) query = models.CharField(null=True, blank=True, max_length=1000, - help_text="The query string, the question mark should be omitted." - "For example 'group=4&team=8'") + help_text=_("The query string, the question mark should be omitted." + "For example 'group=4&team=8'")) fragment = models.CharField(null=True, blank=True, max_length=500, - help_text="The fragment identifier which follows the hash mark. The hash mark should " - "be omitted. For example 'section-13', 'paragraph-2'.") + help_text=_("The fragment identifier which follows the hash mark. The hash mark should " + "be omitted. For example 'section-13', 'paragraph-2'.")) product = models.ForeignKey(Product, null=True, blank=True, on_delete=models.CASCADE) endpoint_params = models.ManyToManyField(Endpoint_Params, blank=True, editable=False) - mitigated = models.BooleanField(default=False, blank=True) - endpoint_status = models.ManyToManyField(Endpoint_Status, blank=True, related_name='endpoint_endpoint_status') + findings = models.ManyToManyField("Finding", + blank=True, + verbose_name=_('Findings'), + through=Endpoint_Status) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this endpoint. Choose from the list or add new tags. Press Enter key to add.") + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this endpoint. Choose from the list or add new tags. Press Enter key to add.")) + inherited_tags = TagField(blank=True, force_lowercase=True, help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field")) class Meta: ordering = ['product', 'host', 'protocol', 'port', 'userinfo', 'path', 'query', 'fragment'] indexes = [ - models.Index(fields=['product', 'mitigated']), + models.Index(fields=['product']), ] def clean(self): errors = [] + null_char_list = ["0x00", "\x00"] + db_type = connection.vendor if self.protocol or self.protocol == '': if not re.match(r'^[A-Za-z][A-Za-z0-9\.\-\+]+$', self.protocol): # https://tools.ietf.org/html/rfc3986#section-3.1 errors.append(ValidationError('Protocol "{}" has invalid format'.format(self.protocol))) @@ -1309,18 +1640,39 @@ def clean(self): if self.path or self.path == '': while len(self.path) > 0 and self.path[0] == "/": # Endpoint store "root-less" path self.path = self.path[1:] + if any([null_char in self.path for null_char in null_char_list]): + old_value = self.path + if 'postgres' in db_type: + action_string = 'Postgres does not accept NULL character. Attempting to replace with %00...' + for remove_str in null_char_list: + self.path = self.path.replace(remove_str, '%00') + errors.append(ValidationError('Path "{}" has invalid format - It contains the NULL character. The following action was taken: {}'.format(old_value, action_string))) if self.path == '': self.path = None if self.query or self.query == '': if len(self.query) > 0 and self.query[0] == "?": self.query = self.query[1:] + if any([null_char in self.query for null_char in null_char_list]): + old_value = self.query + if 'postgres' in db_type: + action_string = 'Postgres does not accept NULL character. Attempting to replace with %00...' + for remove_str in null_char_list: + self.query = self.query.replace(remove_str, '%00') + errors.append(ValidationError('Query "{}" has invalid format - It contains the NULL character. The following action was taken: {}'.format(old_value, action_string))) if self.query == '': self.query = None if self.fragment or self.fragment == '': if len(self.fragment) > 0 and self.fragment[0] == "#": self.fragment = self.fragment[1:] + if any([null_char in self.fragment for null_char in null_char_list]): + old_value = self.fragment + if 'postgres' in db_type: + action_string = 'Postgres does not accept NULL character. Attempting to replace with %00...' + for remove_str in null_char_list: + self.fragment = self.fragment.replace(remove_str, '%00') + errors.append(ValidationError('Fragment "{}" has invalid format - It contains the NULL character. The following action was taken: {}'.format(old_value, action_string))) if self.fragment == '': self.fragment = None @@ -1382,7 +1734,17 @@ def __hash__(self): def __eq__(self, other): if isinstance(other, Endpoint): - return str(self) == str(other) + # Check if the contents of the endpoint match + contents_match = str(self) == str(other) + # Determine if products should be used in the equation + if self.product is not None and other.product is not None: + # Check if the products are the same + products_match = (self.product) == other.product + # Check if the contents match + return products_match and contents_match + else: + return contents_match + else: return NotImplemented @@ -1398,62 +1760,123 @@ def is_broken(self): else: return True - def vulnerable(self): - return self.active_findings_count() > 0 + @property + def mitigated(self): + return not self.vulnerable - def findings(self): - return Finding.objects.filter(endpoints=self).distinct() + @property + def vulnerable(self): + return self.active_findings_count > 0 + @property def findings_count(self): - return self.findings().count() + return self.findings.all().count() def active_findings(self): - findings = self.findings().filter(active=True, - verified=True, - out_of_scope=False, - mitigated__isnull=True, - false_p=False, - duplicate=False).order_by('numerical_severity') - findings = findings.filter(endpoint_status__mitigated=False) + findings = self.findings.filter( + active=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False + ).order_by('numerical_severity') + return findings + + def active_verified_findings(self): + findings = self.findings.filter( + active=True, + verified=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False + ).order_by('numerical_severity') return findings + @property def active_findings_count(self): return self.active_findings().count() + @property + def active_verified_findings_count(self): + return self.active_verified_findings().count() + def host_endpoints(self): return Endpoint.objects.filter(host=self.host, product=self.product).distinct() + @property def host_endpoints_count(self): return self.host_endpoints().count() def host_mitigated_endpoints(self): - return Endpoint.objects.filter(host=self.host, - product=self.product, - mitigated=True).distinct() + meps = Endpoint_Status.objects \ + .filter(endpoint__in=self.host_endpoints()) \ + .filter(Q(mitigated=True) | + Q(false_positive=True) | + Q(out_of_scope=True) | + Q(risk_accepted=True) | + Q(finding__out_of_scope=True) | + Q(finding__mitigated__isnull=False) | + Q(finding__false_p=True) | + Q(finding__duplicate=True) | + Q(finding__active=False)) + return Endpoint.objects.filter(status_endpoint__in=meps).distinct() + @property def host_mitigated_endpoints_count(self): return self.host_mitigated_endpoints().count() def host_findings(self): return Finding.objects.filter(endpoints__in=self.host_endpoints()).distinct() + @property def host_findings_count(self): - return self.host_finding().count() + return self.host_findings().count() def host_active_findings(self): - findings = self.host_findings().filter(active=True, - verified=True, - out_of_scope=False, - mitigated__isnull=True, - false_p=False, - duplicate=False).order_by('numerical_severity') - findings = findings.filter(endpoint_status__mitigated=False) + findings = Finding.objects.filter( + active=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + endpoints__in=self.host_endpoints() + ).order_by('numerical_severity') + return findings + + def host_active_verified_findings(self): + findings = Finding.objects.filter( + active=True, + verified=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + endpoints__in=self.host_endpoints() + ).order_by('numerical_severity') return findings + @property def host_active_findings_count(self): return self.host_active_findings().count() + @property + def host_active_verified_findings_count(self): + return self.host_active_verified_findings().count() + def get_breadcrumbs(self): bc = self.product.get_breadcrumbs() bc += [{'title': self.host, @@ -1464,6 +1887,9 @@ def get_breadcrumbs(self): def from_uri(uri): try: url = hyperlink.parse(url=uri) + except UnicodeDecodeError: + from urllib.parse import urlparse + url = hyperlink.parse(url="//" + urlparse(uri).netloc) except hyperlink.URLParseError as e: raise ValidationError('Invalid URL format: {}'.format(e)) @@ -1475,20 +1901,33 @@ def from_uri(uri): query_parts.append(u"=".join([k, v])) query_string = u"&".join(query_parts) + protocol = url.scheme if url.scheme != '' else None + userinfo = ':'.join(url.userinfo) if url.userinfo not in [(), ('',)] else None + host = url.host if url.host != '' else None + port = url.port + path = '/'.join(url.path)[:500] if url.path not in [None, (), ('',)] else None + query = query_string[:1000] if query_string is not None and query_string != '' else None + fragment = url.fragment[:500] if url.fragment is not None and url.fragment != '' else None + return Endpoint( - protocol=url.scheme if url.scheme != '' else None, - userinfo=':'.join(url.userinfo) if url.userinfo not in [(), ('',)] else None, - host=url.host if url.host != '' else None, - port=url.port, - path='/'.join(url.path)[:500] if url.path not in [None, (), ('',)] else None, - query=query_string[:1000] if query_string is not None and query_string != '' else None, - fragment=url.fragment[:500] if url.fragment is not None and url.fragment != '' else None + protocol=protocol, + userinfo=userinfo, + host=host, + port=port, + path=path, + query=query, + fragment=fragment, ) def get_absolute_url(self): from django.urls import reverse return reverse('view_endpoint', args=[str(self.id)]) + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for tag in self.product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + class Development_Environment(models.Model): name = models.CharField(max_length=200) @@ -1502,9 +1941,9 @@ def get_breadcrumbs(self): class Sonarqube_Issue(models.Model): - key = models.CharField(max_length=30, unique=True, help_text="SonarQube issue key") - status = models.CharField(max_length=20, help_text="SonarQube issue status") - type = models.CharField(max_length=20, help_text="SonarQube issue type") + key = models.CharField(max_length=30, unique=True, help_text=_("SonarQube issue key")) + status = models.CharField(max_length=20, help_text=_("SonarQube issue status")) + type = models.CharField(max_length=20, help_text=_("SonarQube issue type")) def __str__(self): return self.key @@ -1512,7 +1951,7 @@ def __str__(self): class Sonarqube_Issue_Transition(models.Model): sonarqube_issue = models.ForeignKey(Sonarqube_Issue, on_delete=models.CASCADE, db_index=True) - created = models.DateTimeField(null=False, editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) finding_status = models.CharField(max_length=100) sonarqube_status = models.CharField(max_length=50) transitions = models.CharField(max_length=100) @@ -1523,7 +1962,7 @@ class Meta: class Test(models.Model): engagement = models.ForeignKey(Engagement, editable=False, on_delete=models.CASCADE) - lead = models.ForeignKey(User, editable=True, null=True, on_delete=models.RESTRICT) + lead = models.ForeignKey(Dojo_User, editable=True, null=True, blank=True, on_delete=models.RESTRICT) test_type = models.ForeignKey(Test_Type, on_delete=models.CASCADE) scan_type = models.TextField(null=True) title = models.CharField(max_length=255, null=True, blank=True) @@ -1543,17 +1982,18 @@ class Test(models.Model): updated = models.DateTimeField(auto_now=True, null=True) created = models.DateTimeField(auto_now_add=True, null=True) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this test. Choose from the list or add new tags. Press Enter key to add.") + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this test. Choose from the list or add new tags. Press Enter key to add.")) + inherited_tags = TagField(blank=True, force_lowercase=True, help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field")) version = models.CharField(max_length=100, null=True, blank=True) build_id = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Build ID that was tested, a reimport may update this field.", verbose_name="Build ID") + null=True, blank=True, help_text=_("Build ID that was tested, a reimport may update this field."), verbose_name=_('Build ID')) commit_hash = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Commit hash tested, a reimport may update this field.", verbose_name="Commit Hash") + null=True, blank=True, help_text=_("Commit hash tested, a reimport may update this field."), verbose_name=_('Commit Hash')) branch_tag = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Tag or branch that was tested, a reimport may update this field.", verbose_name="Branch/Tag") - api_scan_configuration = models.ForeignKey(Product_API_Scan_Configuration, null=True, editable=True, blank=True, on_delete=models.CASCADE, verbose_name="API Scan Configuration") + null=True, blank=True, help_text=_("Tag or branch that was tested, a reimport may update this field."), verbose_name=_("Branch/Tag")) + api_scan_configuration = models.ForeignKey(Product_API_Scan_Configuration, null=True, editable=True, blank=True, on_delete=models.CASCADE, verbose_name=_('API Scan Configuration')) class Meta: indexes = [ @@ -1574,6 +2014,34 @@ def get_breadcrumbs(self): 'url': reverse('view_test', args=(self.id,))}] return bc + def copy(self, engagement=None): + copy = self + # Save the necessary ManyToMany relationships + old_notes = list(self.notes.all()) + old_files = list(self.files.all()) + old_tags = list(self.tags.all()) + old_findings = list(Finding.objects.filter(test=self)) + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + if engagement: + copy.engagement = engagement + # Save the object before setting any ManyToMany relationships + copy.save() + # Copy the notes + for notes in old_notes: + copy.notes.add(notes.copy()) + # Copy the files + for files in old_files: + copy.files.add(files.copy()) + # Copy the Findings + for finding in old_findings: + finding.copy(test=copy) + # Assign any tags + copy.tags.set(old_tags) + + return copy + # only used by bulk risk acceptance api @property def unaccepted_open_findings(self): @@ -1583,17 +2051,56 @@ def accept_risks(self, accepted_risks): self.engagement.risk_acceptance.add(*accepted_risks) @property - def dedupe_algo(self): + def deduplication_algorithm(self): deduplicationAlgorithm = settings.DEDUPE_ALGO_LEGACY - if hasattr(settings, 'DEDUPLICATION_ALGORITHM_PER_PARSER'): - scan_type = self.test_type.name - # Check for an override for this scan_type in the deduplication configuration - if (scan_type in settings.DEDUPLICATION_ALGORITHM_PER_PARSER): - deduplicationAlgorithm = settings.DEDUPLICATION_ALGORITHM_PER_PARSER[scan_type] + if hasattr(settings, 'DEDUPLICATION_ALGORITHM_PER_PARSER'): + if (self.test_type.name in settings.DEDUPLICATION_ALGORITHM_PER_PARSER): + deduplicationLogger.debug(f'using DEDUPLICATION_ALGORITHM_PER_PARSER for test_type.name: {self.test_type.name}') + deduplicationAlgorithm = settings.DEDUPLICATION_ALGORITHM_PER_PARSER[self.test_type.name] + elif (self.scan_type in settings.DEDUPLICATION_ALGORITHM_PER_PARSER): + deduplicationLogger.debug(f'using DEDUPLICATION_ALGORITHM_PER_PARSER for scan_type: {self.scan_type}') + deduplicationAlgorithm = settings.DEDUPLICATION_ALGORITHM_PER_PARSER[self.scan_type] + else: + deduplicationLogger.debug('Section DEDUPLICATION_ALGORITHM_PER_PARSER not found in settings.dist.py') + deduplicationLogger.debug(f'DEDUPLICATION_ALGORITHM_PER_PARSER is: {deduplicationAlgorithm}') return deduplicationAlgorithm + @property + def hash_code_fields(self): + hashCodeFields = None + + if hasattr(settings, 'HASHCODE_FIELDS_PER_SCANNER'): + if (self.test_type.name in settings.HASHCODE_FIELDS_PER_SCANNER): + deduplicationLogger.debug(f'using HASHCODE_FIELDS_PER_SCANNER for test_type.name: {self.test_type.name}') + hashCodeFields = settings.HASHCODE_FIELDS_PER_SCANNER[self.test_type.name] + elif (self.scan_type in settings.HASHCODE_FIELDS_PER_SCANNER): + deduplicationLogger.debug(f'using HASHCODE_FIELDS_PER_SCANNER for scan_type: {self.scan_type}') + hashCodeFields = settings.HASHCODE_FIELDS_PER_SCANNER[self.scan_type] + else: + deduplicationLogger.debug('Section HASHCODE_FIELDS_PER_SCANNER not found in settings.dist.py') + + deduplicationLogger.debug(f'HASHCODE_FIELDS_PER_SCANNER is: {hashCodeFields}') + return hashCodeFields + + @property + def hash_code_allows_null_cwe(self): + hashCodeAllowsNullCwe = True + + if hasattr(settings, 'HASHCODE_ALLOWS_NULL_CWE'): + if (self.test_type.name in settings.HASHCODE_ALLOWS_NULL_CWE): + deduplicationLogger.debug(f'using HASHCODE_ALLOWS_NULL_CWE for test_type.name: {self.test_type.name}') + hashCodeAllowsNullCwe = settings.HASHCODE_ALLOWS_NULL_CWE[self.test_type.name] + elif (self.scan_type in settings.HASHCODE_ALLOWS_NULL_CWE): + deduplicationLogger.debug(f'using HASHCODE_ALLOWS_NULL_CWE for scan_type: {self.scan_type}') + hashCodeAllowsNullCwe = settings.HASHCODE_ALLOWS_NULL_CWE[self.scan_type] + else: + deduplicationLogger.debug('Section HASHCODE_ALLOWS_NULL_CWE not found in settings.dist.py') + + deduplicationLogger.debug(f'HASHCODE_ALLOWS_NULL_CWE is: {hashCodeAllowsNullCwe}') + return hashCodeAllowsNullCwe + def get_absolute_url(self): from django.urls import reverse return reverse('view_test', args=[str(self.id)]) @@ -1608,6 +2115,11 @@ def statistics(self): """ Queries the database, no prefetching, so could be slow for lists of model instances """ return _get_statistics_for_queryset(Finding.objects.filter(test=self), _get_annotations_for_statistics) + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for tag in self.engagement.product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + class Test_Import(TimeStampedModel): @@ -1621,11 +2133,11 @@ class Test_Import(TimeStampedModel): version = models.CharField(max_length=100, null=True, blank=True) build_id = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Build ID that was tested, a reimport may update this field.", verbose_name="Build ID") + null=True, blank=True, help_text=_("Build ID that was tested, a reimport may update this field."), verbose_name=_('Build ID')) commit_hash = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Commit hash tested, a reimport may update this field.", verbose_name="Commit Hash") + null=True, blank=True, help_text=_("Commit hash tested, a reimport may update this field."), verbose_name=_('Commit Hash')) branch_tag = models.CharField(editable=True, max_length=150, - null=True, blank=True, help_text="Tag or branch that was tested, a reimport may update this field.", verbose_name="Branch/Tag") + null=True, blank=True, help_text=_("Tag or branch that was tested, a reimport may update this field."), verbose_name=_("Branch/Tag")) def get_queryset(self): logger.debug('prefetch test_import counts') @@ -1671,306 +2183,319 @@ def __str__(self): class Finding(models.Model): - title = models.CharField(max_length=511, - verbose_name="Title", - help_text="A short description of the flaw.") + verbose_name=_('Title'), + help_text=_("A short description of the flaw.")) date = models.DateField(default=get_current_date, - verbose_name="Date", - help_text="The date the flaw was discovered.") - + verbose_name=_('Date'), + help_text=_("The date the flaw was discovered.")) sla_start_date = models.DateField( blank=True, null=True, - verbose_name="SLA Start Date", - help_text="(readonly)The date used as start date for SLA calculation. Set by expiring risk acceptances. Empty by default, causing a fallback to 'date'.") - + verbose_name=_('SLA Start Date'), + help_text=_("(readonly)The date used as start date for SLA calculation. Set by expiring risk acceptances. Empty by default, causing a fallback to 'date'.")) + sla_expiration_date = models.DateField( + blank=True, + null=True, + verbose_name=_('SLA Expiration Date'), + help_text=_("(readonly)The date SLA expires for this finding. Empty by default, causing a fallback to 'date'.")) cwe = models.IntegerField(default=0, null=True, blank=True, - verbose_name="CWE", - help_text="The CWE number associated with this flaw.") - cve_regex = RegexValidator(regex=r'^[A-Z]{1,10}(-\d+)+$', - message="Vulnerability ID must be entered in the format: 'ABC-9999-9999'.") - cve = models.CharField(validators=[cve_regex], - max_length=28, + verbose_name=_("CWE"), + help_text=_("The CWE number associated with this flaw.")) + cve = models.CharField(max_length=50, null=True, blank=False, - verbose_name="CVE", - help_text="The Common Vulnerabilities and Exposures (CVE) associated with this flaw.") + verbose_name=_("Vulnerability Id"), + help_text=_("An id of a vulnerability in a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.")) cvssv3_regex = RegexValidator(regex=r'^AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]', message="CVSS must be entered in format: 'AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'") cvssv3 = models.TextField(validators=[cvssv3_regex], max_length=117, null=True, - verbose_name="CVSS v3", - help_text="Common Vulnerability Scoring System version 3 (CVSSv3) score associated with this flaw.") + verbose_name=_('CVSS v3'), + help_text=_('Common Vulnerability Scoring System version 3 (CVSSv3) score associated with this flaw.')) cvssv3_score = models.FloatField(null=True, blank=True, - verbose_name="CVSSv3 score", - help_text="Numerical CVSSv3 score for the vulnerability. If the vector is given, the score is updated while saving the finding") + verbose_name=_('CVSSv3 score'), + help_text=_("Numerical CVSSv3 score for the vulnerability. If the vector is given, the score is updated while saving the finding")) url = models.TextField(null=True, blank=True, editable=False, - verbose_name="URL", - help_text="External reference that provides more information about this flaw.") # not displayed and pretty much the same as references. To remove? + verbose_name=_('URL'), + help_text=_("External reference that provides more information about this flaw.")) # not displayed and pretty much the same as references. To remove? severity = models.CharField(max_length=200, - verbose_name="Severity", - help_text="The severity level of this flaw (Critical, High, Medium, Low, Informational).") - description = models.TextField(verbose_name="Description", - help_text="Longer more descriptive information about the flaw.") - mitigation = models.TextField(verbose_name="Mitigation", + verbose_name=_('Severity'), + help_text=_('The severity level of this flaw (Critical, High, Medium, Low, Informational).')) + description = models.TextField(verbose_name=_('Description'), + help_text=_("Longer more descriptive information about the flaw.")) + mitigation = models.TextField(verbose_name=_('Mitigation'), null=True, blank=True, - help_text="Text describing how to best fix the flaw.") - impact = models.TextField(verbose_name="Impact", + help_text=_("Text describing how to best fix the flaw.")) + impact = models.TextField(verbose_name=_('Impact'), null=True, blank=True, - help_text="Text describing the impact this flaw has on systems, products, enterprise, etc.") + help_text=_("Text describing the impact this flaw has on systems, products, enterprise, etc.")) steps_to_reproduce = models.TextField(null=True, blank=True, - verbose_name="Steps to Reproduce", - help_text="Text describing the steps that must be followed in order to reproduce the flaw / bug.") + verbose_name=_('Steps to Reproduce'), + help_text=_("Text describing the steps that must be followed in order to reproduce the flaw / bug.")) severity_justification = models.TextField(null=True, blank=True, - verbose_name="Severity Justification", - help_text="Text describing why a certain severity was associated with this flaw.") + verbose_name=_('Severity Justification'), + help_text=_("Text describing why a certain severity was associated with this flaw.")) endpoints = models.ManyToManyField(Endpoint, blank=True, - verbose_name="Endpoints", - help_text="The hosts within the product that are susceptible to this flaw.") - endpoint_status = models.ManyToManyField(Endpoint_Status, - blank=True, - related_name="finding_endpoint_status", - verbose_name="Endpoint Status", - help_text="The status of the endpoint associated with this flaw (Vulnerable, Mitigated, ...).") + verbose_name=_('Endpoints'), + help_text=_("The hosts within the product that are susceptible to this flaw. + The status of the endpoint associated with this flaw (Vulnerable, Mitigated, ...)."), + through=Endpoint_Status) references = models.TextField(null=True, blank=True, db_column="refs", - verbose_name="References", - help_text="The external documentation available for this flaw.") + verbose_name=_('References'), + help_text=_("The external documentation available for this flaw.")) test = models.ForeignKey(Test, editable=False, on_delete=models.CASCADE, - verbose_name="Test", - help_text="The test that is associated with this flaw.") + verbose_name=_('Test'), + help_text=_("The test that is associated with this flaw.")) active = models.BooleanField(default=True, - verbose_name="Active", - help_text="Denotes if this flaw is active or not.") + verbose_name=_('Active'), + help_text=_("Denotes if this flaw is active or not.")) # note that false positive findings cannot be verified # in defectdojo verified means: "we have verified the finding and it turns out that it's not a false positive" - verified = models.BooleanField(default=True, - verbose_name="Verified", - help_text="Denotes if this flaw has been manually verified by the tester.") + verified = models.BooleanField(default=False, + verbose_name=_('Verified'), + help_text=_("Denotes if this flaw has been manually verified by the tester.")) false_p = models.BooleanField(default=False, - verbose_name="False Positive", - help_text="Denotes if this flaw has been deemed a false positive by the tester.") + verbose_name=_('False Positive'), + help_text=_("Denotes if this flaw has been deemed a false positive by the tester.")) duplicate = models.BooleanField(default=False, - verbose_name="Duplicate", - help_text="Denotes if this flaw is a duplicate of other flaws reported.") + verbose_name=_('Duplicate'), + help_text=_("Denotes if this flaw is a duplicate of other flaws reported.")) duplicate_finding = models.ForeignKey('self', editable=False, null=True, related_name='original_finding', blank=True, on_delete=models.DO_NOTHING, - verbose_name="Duplicate Finding", - help_text="Link to the original finding if this finding is a duplicate.") + verbose_name=_('Duplicate Finding'), + help_text=_("Link to the original finding if this finding is a duplicate.")) out_of_scope = models.BooleanField(default=False, - verbose_name="Out Of Scope", - help_text="Denotes if this flaw falls outside the scope of the test and/or engagement.") + verbose_name=_('Out Of Scope'), + help_text=_("Denotes if this flaw falls outside the scope of the test and/or engagement.")) risk_accepted = models.BooleanField(default=False, - verbose_name="Risk Accepted", - help_text="Denotes if this finding has been marked as an accepted risk.") + verbose_name=_('Risk Accepted'), + help_text=_("Denotes if this finding has been marked as an accepted risk.")) under_review = models.BooleanField(default=False, - verbose_name="Under Review", - help_text="Denotes is this flaw is currently being reviewed.") + verbose_name=_('Under Review'), + help_text=_("Denotes is this flaw is currently being reviewed.")) last_status_update = models.DateTimeField(editable=False, null=True, blank=True, auto_now_add=True, - verbose_name="Last Status Update", - help_text="Timestamp of latest status update (change in status related fields).") + verbose_name=_('Last Status Update'), + help_text=_('Timestamp of latest status update (change in status related fields).')) review_requested_by = models.ForeignKey(Dojo_User, null=True, blank=True, related_name='review_requested_by', on_delete=models.RESTRICT, - verbose_name="Review Requested By", - help_text="Documents who requested a review for this finding.") - reviewers = models.ManyToManyField(User, + verbose_name=_('Review Requested By'), + help_text=_("Documents who requested a review for this finding.")) + reviewers = models.ManyToManyField(Dojo_User, blank=True, - verbose_name="Reviewers", - help_text="Documents who reviewed the flaw.") + verbose_name=_('Reviewers'), + help_text=_("Documents who reviewed the flaw.")) # Defect Tracking Review under_defect_review = models.BooleanField(default=False, - verbose_name="Under Defect Review", - help_text="Denotes if this finding is under defect review.") + verbose_name=_('Under Defect Review'), + help_text=_("Denotes if this finding is under defect review.")) defect_review_requested_by = models.ForeignKey(Dojo_User, null=True, blank=True, related_name='defect_review_requested_by', on_delete=models.RESTRICT, - verbose_name="Defect Review Requested By", - help_text="Documents who requested a defect review for this flaw.") + verbose_name=_('Defect Review Requested By'), + help_text=_("Documents who requested a defect review for this flaw.")) is_mitigated = models.BooleanField(default=False, - verbose_name="Is Mitigated", - help_text="Denotes if this flaw has been fixed.") + verbose_name=_('Is Mitigated'), + help_text=_("Denotes if this flaw has been fixed.")) thread_id = models.IntegerField(default=0, editable=False, - verbose_name="Thread ID") + verbose_name=_('Thread ID')) mitigated = models.DateTimeField(editable=False, null=True, blank=True, - verbose_name="Mitigated", - help_text="Denotes if this flaw has been fixed by storing the date it was fixed.") - mitigated_by = models.ForeignKey(User, + verbose_name=_('Mitigated'), + help_text=_("Denotes if this flaw has been fixed by storing the date it was fixed.")) + mitigated_by = models.ForeignKey(Dojo_User, null=True, editable=False, related_name="mitigated_by", on_delete=models.RESTRICT, - verbose_name="Mitigated By", - help_text="Documents who has marked this flaw as fixed.") - reporter = models.ForeignKey(User, + verbose_name=_('Mitigated By'), + help_text=_("Documents who has marked this flaw as fixed.")) + reporter = models.ForeignKey(Dojo_User, editable=False, default=1, related_name='reporter', on_delete=models.RESTRICT, - verbose_name="Reporter", - help_text="Documents who reported the flaw.") + verbose_name=_('Reporter'), + help_text=_("Documents who reported the flaw.")) notes = models.ManyToManyField(Notes, blank=True, editable=False, - verbose_name="Notes", - help_text="Stores information pertinent to the flaw or the mitigation.") + verbose_name=_('Notes'), + help_text=_("Stores information pertinent to the flaw or the mitigation.")) numerical_severity = models.CharField(max_length=4, - verbose_name="Numerical Severity", - help_text="The numerical representation of the severity (S0, S1, S2, S3, S4).") + verbose_name=_('Numerical Severity'), + help_text=_('The numerical representation of the severity (S0, S1, S2, S3, S4).')) last_reviewed = models.DateTimeField(null=True, editable=False, - verbose_name="Last Reviewed", - help_text="Provides the date the flaw was last 'touched' by a tester.") - last_reviewed_by = models.ForeignKey(User, + verbose_name=_('Last Reviewed'), + help_text=_("Provides the date the flaw was last 'touched' by a tester.")) + last_reviewed_by = models.ForeignKey(Dojo_User, null=True, editable=False, related_name='last_reviewed_by', on_delete=models.RESTRICT, - verbose_name="Last Reviewed By", - help_text="Provides the person who last reviewed the flaw.") + verbose_name=_('Last Reviewed By'), + help_text=_("Provides the person who last reviewed the flaw.")) files = models.ManyToManyField(FileUpload, blank=True, editable=False, - verbose_name="Files", - help_text="Files(s) related to the flaw.") + verbose_name=_('Files'), + help_text=_('Files(s) related to the flaw.')) param = models.TextField(null=True, blank=True, editable=False, - verbose_name="Parameter", - help_text="Parameter used to trigger the issue (DAST).") + verbose_name=_('Parameter'), + help_text=_('Parameter used to trigger the issue (DAST).')) payload = models.TextField(null=True, blank=True, editable=False, - verbose_name="Payload", - help_text="Payload used to attack the service / application and trigger the bug / problem.") + verbose_name=_('Payload'), + help_text=_("Payload used to attack the service / application and trigger the bug / problem.")) hash_code = models.CharField(null=True, blank=True, editable=False, max_length=64, - verbose_name="Hash Code", - help_text="A hash over a configurable set of fields that is used for findings deduplication.") + verbose_name=_('Hash Code'), + help_text=_("A hash over a configurable set of fields that is used for findings deduplication.")) line = models.IntegerField(null=True, blank=True, - verbose_name="Line number", - help_text="Source line number of the attack vector.") + verbose_name=_('Line number'), + help_text=_("Source line number of the attack vector.")) file_path = models.CharField(null=True, blank=True, max_length=4000, - verbose_name="File path", - help_text="Identified file(s) containing the flaw.") + verbose_name=_('File path'), + help_text=_('Identified file(s) containing the flaw.')) component_name = models.CharField(null=True, blank=True, - max_length=200, - verbose_name="Component name", - help_text="Name of the affected component (library name, part of a system, ...).") + max_length=500, + verbose_name=_('Component name'), + help_text=_('Name of the affected component (library name, part of a system, ...).')) component_version = models.CharField(null=True, blank=True, max_length=100, - verbose_name="Component version", - help_text="Version of the affected component.") + verbose_name=_('Component version'), + help_text=_("Version of the affected component.")) found_by = models.ManyToManyField(Test_Type, editable=False, - verbose_name="Found by", - help_text="The name of the scanner that identified the flaw.") + verbose_name=_('Found by'), + help_text=_("The name of the scanner that identified the flaw.")) static_finding = models.BooleanField(default=False, - verbose_name="Static finding (SAST)", - help_text="Flaw has been detected from a Static Application Security Testing tool (SAST).") + verbose_name=_("Static finding (SAST)"), + help_text=_('Flaw has been detected from a Static Application Security Testing tool (SAST).')) dynamic_finding = models.BooleanField(default=True, - verbose_name="Dynamic finding (DAST)", - help_text="Flaw has been detected from a Dynamic Application Security Testing tool (DAST).") + verbose_name=_("Dynamic finding (DAST)"), + help_text=_('Flaw has been detected from a Dynamic Application Security Testing tool (DAST).')) created = models.DateTimeField(auto_now_add=True, null=True, - verbose_name="Created", - help_text="The date the finding was created inside DefectDojo.") + verbose_name=_('Created'), + help_text=_("The date the finding was created inside DefectDojo.")) scanner_confidence = models.IntegerField(null=True, blank=True, default=None, editable=False, - verbose_name="Scanner confidence", - help_text="Confidence level of vulnerability which is supplied by the scanner.") + verbose_name=_('Scanner confidence'), + help_text=_("Confidence level of vulnerability which is supplied by the scanner.")) sonarqube_issue = models.ForeignKey(Sonarqube_Issue, null=True, blank=True, - help_text="The SonarQube issue associated with this finding.", - verbose_name="SonarQube issue", + help_text=_("The SonarQube issue associated with this finding."), + verbose_name=_('SonarQube issue'), on_delete=models.CASCADE) unique_id_from_tool = models.CharField(null=True, blank=True, max_length=500, - verbose_name="Unique ID from tool", - help_text="Vulnerability technical id from the source tool. Allows to track unique vulnerabilities.") + verbose_name=_('Unique ID from tool'), + help_text=_("Vulnerability technical id from the source tool. Allows to track unique vulnerabilities.")) vuln_id_from_tool = models.CharField(null=True, blank=True, max_length=500, - verbose_name="Vulnerability ID from tool", - help_text="Non-unique technical id from the source tool associated with the vulnerability type.") + verbose_name=_('Vulnerability ID from tool'), + help_text=_('Non-unique technical id from the source tool associated with the vulnerability type.')) sast_source_object = models.CharField(null=True, blank=True, max_length=500, - verbose_name="SAST Source Object", - help_text="Source object (variable, function...) of the attack vector.") + verbose_name=_('SAST Source Object'), + help_text=_('Source object (variable, function...) of the attack vector.')) sast_sink_object = models.CharField(null=True, blank=True, max_length=500, - verbose_name="SAST Sink Object", - help_text="Sink object (variable, function...) of the attack vector.") + verbose_name=_('SAST Sink Object'), + help_text=_('Sink object (variable, function...) of the attack vector.')) sast_source_line = models.IntegerField(null=True, blank=True, - verbose_name="SAST Source Line number", - help_text="Source line number of the attack vector.") + verbose_name=_('SAST Source Line number'), + help_text=_("Source line number of the attack vector.")) sast_source_file_path = models.CharField(null=True, blank=True, max_length=4000, - verbose_name="SAST Source File Path", - help_text="Source file path of the attack vector.") + verbose_name=_('SAST Source File Path'), + help_text=_("Source file path of the attack vector.")) nb_occurences = models.IntegerField(null=True, blank=True, - verbose_name="Number of occurences", - help_text="Number of occurences in the source tool when several vulnerabilites were found and aggregated by the scanner.") + verbose_name=_('Number of occurences'), + help_text=_("Number of occurences in the source tool when several vulnerabilites were found and aggregated by the scanner.")) # this is useful for vulnerabilities on dependencies : helps answer the question "Did I add this vulnerability or was it discovered recently?" publish_date = models.DateField(null=True, blank=True, - verbose_name="Publish date", - help_text="Date when this vulnerability was made publicly available.") + verbose_name=_('Publish date'), + help_text=_("Date when this vulnerability was made publicly available.")) # The service is used to generate the hash_code, so that it gets part of the deduplication of findings. service = models.CharField(null=True, blank=True, max_length=200, - verbose_name="Service", - help_text="A service is a self-contained piece of functionality within a Product. This is an optional field which is used in deduplication of findings when set.") + verbose_name=_('Service'), + help_text=_('A service is a self-contained piece of functionality within a Product. This is an optional field which is used in deduplication of findings when set.')) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this finding. Choose from the list or add new tags. Press Enter key to add.") + planned_remediation_date = models.DateField(null=True, + editable=True, + verbose_name=_('Planned Remediation Date'), + help_text=_("The date the flaw is expected to be remediated.")) + + planned_remediation_version = models.CharField(null=True, + blank=True, + max_length=99, + verbose_name=_('Planned remediation version'), + help_text=_('The target version when the vulnerability should be fixed / remediated')) + + effort_for_fixing = models.CharField(null=True, + blank=True, + max_length=99, + verbose_name=_('Effort for fixing'), + help_text=_('Effort for fixing / remediating the vulnerability (Low, Medium, High)')) + + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this finding. Choose from the list or add new tags. Press Enter key to add.")) + inherited_tags = TagField(blank=True, force_lowercase=True, help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field")) SEVERITIES = {'Info': 4, 'Low': 3, 'Medium': 2, 'High': 1, 'Critical': 0} @@ -2018,6 +2543,41 @@ def __init__(self, *args, **kwargs): self.unsaved_response = None self.unsaved_tags = None self.unsaved_files = None + self.unsaved_vulnerability_ids = None + + def copy(self, test=None): + copy = self + # Save the necessary ManyToMany relationships + old_notes = list(self.notes.all()) + old_files = list(self.files.all()) + old_status_findings = list(self.status_finding.all()) + old_reviewers = list(self.reviewers.all()) + old_found_by = list(self.found_by.all()) + old_tags = list(self.tags.all()) + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + if test: + copy.test = test + # Save the object before setting any ManyToMany relationships + copy.save() + # Copy the notes + for notes in old_notes: + copy.notes.add(notes.copy()) + # Copy the files + for files in old_files: + copy.files.add(files.copy()) + # Copy the endpoint_status + for endpoint_status in old_status_findings: + endpoint_status.copy(finding=copy) # adding or setting is not necessary, link is created by Endpoint_Status.copy() + # Assign any reviewers + copy.reviewers.set(old_reviewers) + # Assign any found_by + copy.found_by.set(old_found_by) + # Assign any tags + copy.tags.set(old_tags) + + return copy def get_absolute_url(self): from django.urls import reverse @@ -2044,66 +2604,94 @@ def risk_acceptance(self): return None def compute_hash_code(self): - if hasattr(settings, 'HASHCODE_FIELDS_PER_SCANNER') and hasattr(settings, 'HASHCODE_ALLOWS_NULL_CWE') and hasattr(settings, 'HASHCODE_ALLOWED_FIELDS'): - # Check for an override for this scan_type in the deduplication configuration - scan_type = self.test.test_type.name - if (scan_type in settings.HASHCODE_FIELDS_PER_SCANNER): - hashcodeFieldsCandidate = settings.HASHCODE_FIELDS_PER_SCANNER[scan_type] - # check that the configuration is valid: all elements of HASHCODE_FIELDS_PER_SCANNER should be in HASHCODE_ALLOWED_FIELDS - if (all(elem in settings.HASHCODE_ALLOWED_FIELDS for elem in hashcodeFieldsCandidate)): - # Makes sure that we have a cwe if we need one - if (scan_type in settings.HASHCODE_ALLOWS_NULL_CWE): - if (settings.HASHCODE_ALLOWS_NULL_CWE[scan_type] or self.cwe != 0): - hashcodeFields = hashcodeFieldsCandidate - else: - deduplicationLogger.warn( - "Cannot compute hash_code based on configured fields because cwe is 0 for finding of title '" + self.title + "' found in file '" + str(self.file_path) + - "'. Fallback to legacy mode for this finding.") - return self.compute_hash_code_legacy() - else: - # no configuration found for this scanner: defaulting to accepting null cwe when we find one - hashcodeFields = hashcodeFieldsCandidate - if(self.cwe == 0): - deduplicationLogger.debug( - "Accepting null cwe by default for finding of title '" + self.title + "' found in file '" + str(self.file_path) + - "'. This is because no configuration was found for scanner " + scan_type + " in HASHCODE_ALLOWS_NULL_CWE") - else: - deduplicationLogger.debug( - "compute_hash_code - configuration error: some elements of HASHCODE_FIELDS_PER_SCANNER are not in the allowed list HASHCODE_ALLOWED_FIELDS. " - "Using default fields") - return self.compute_hash_code_legacy() - else: - deduplicationLogger.debug( - "No configuration for hash_code computation found; using default fields for " + ('dynamic' if self.dynamic_finding else 'static') + ' scanners') - return self.compute_hash_code_legacy() - deduplicationLogger.debug("computing hash_code for finding id " + str(self.id) + " for scan_type " + scan_type + " based on: " + ', '.join(hashcodeFields)) - fields_to_hash = '' - for hashcodeField in hashcodeFields: - if(hashcodeField != 'endpoints'): - # Generically use the finding attribute having the same name, converts to str in case it's integer - fields_to_hash = fields_to_hash + str(getattr(self, hashcodeField)) - deduplicationLogger.debug(hashcodeField + ' : ' + str(getattr(self, hashcodeField))) - else: - # For endpoints, need to compute the field - myEndpoints = self.get_endpoints() - fields_to_hash = fields_to_hash + myEndpoints - deduplicationLogger.debug(hashcodeField + ' : ' + myEndpoints) - deduplicationLogger.debug("compute_hash_code - fields_to_hash = " + fields_to_hash) - return self.hash_fields(fields_to_hash) - else: + + # Check if all needed settings are defined + if not hasattr(settings, 'HASHCODE_FIELDS_PER_SCANNER') or not hasattr(settings, 'HASHCODE_ALLOWS_NULL_CWE') or not hasattr(settings, 'HASHCODE_ALLOWED_FIELDS'): deduplicationLogger.debug("no or incomplete configuration per hash_code found; using legacy algorithm") return self.compute_hash_code_legacy() + hash_code_fields = self.test.hash_code_fields + + # Check if hash_code fields are found in the settings + if not hash_code_fields: + deduplicationLogger.debug( + "No configuration for hash_code computation found; using default fields for " + ('dynamic' if self.dynamic_finding else 'static') + ' scanners') + return self.compute_hash_code_legacy() + + # Check if all elements of HASHCODE_FIELDS_PER_SCANNER are in HASHCODE_ALLOWED_FIELDS + if not (all(elem in settings.HASHCODE_ALLOWED_FIELDS for elem in hash_code_fields)): + deduplicationLogger.debug( + "compute_hash_code - configuration error: some elements of HASHCODE_FIELDS_PER_SCANNER are not in the allowed list HASHCODE_ALLOWED_FIELDS. " + "Using default fields") + return self.compute_hash_code_legacy() + + # Make sure that we have a cwe if we need one + if self.cwe == 0 and not self.test.hash_code_allows_null_cwe: + deduplicationLogger.warning( + "Cannot compute hash_code based on configured fields because cwe is 0 for finding of title '" + self.title + "' found in file '" + str(self.file_path) + + "'. Fallback to legacy mode for this finding.") + return self.compute_hash_code_legacy() + + deduplicationLogger.debug("computing hash_code for finding id " + str(self.id) + " based on: " + ', '.join(hash_code_fields)) + + fields_to_hash = '' + for hashcodeField in hash_code_fields: + if hashcodeField == 'endpoints': + # For endpoints, need to compute the field + myEndpoints = self.get_endpoints() + fields_to_hash = fields_to_hash + myEndpoints + deduplicationLogger.debug(hashcodeField + ' : ' + myEndpoints) + elif hashcodeField == 'vulnerability_ids': + # For vulnerability_ids, need to compute the field + my_vulnerability_ids = self.get_vulnerability_ids() + fields_to_hash = fields_to_hash + my_vulnerability_ids + deduplicationLogger.debug(hashcodeField + ' : ' + my_vulnerability_ids) + else: + # Generically use the finding attribute having the same name, converts to str in case it's integer + fields_to_hash = fields_to_hash + str(getattr(self, hashcodeField)) + deduplicationLogger.debug(hashcodeField + ' : ' + str(getattr(self, hashcodeField))) + deduplicationLogger.debug("compute_hash_code - fields_to_hash = " + fields_to_hash) + return self.hash_fields(fields_to_hash) + def compute_hash_code_legacy(self): fields_to_hash = self.title + str(self.cwe) + str(self.line) + str(self.file_path) + self.description deduplicationLogger.debug("compute_hash_code_legacy - fields_to_hash = " + fields_to_hash) return self.hash_fields(fields_to_hash) + # Get vulnerability_ids to use for hash_code computation + def get_vulnerability_ids(self): + vulnerability_id_str = '' + if self.id is None: + if self.unsaved_vulnerability_ids: + deduplicationLogger.debug("get_vulnerability_ids before the finding was saved") + # convert list of unsaved vulnerability_ids to the list of their canonical representation + vulnerability_id_str_list = list( + map( + lambda vulnerability_id: str(vulnerability_id), + self.unsaved_vulnerability_ids + )) + # deduplicate (usually done upon saving finding) and sort endpoints + vulnerability_id_str = ''.join(sorted(list(dict.fromkeys(vulnerability_id_str_list)))) + else: + deduplicationLogger.debug("finding has no unsaved vulnerability references") + else: + vulnerability_ids = Vulnerability_Id.objects.filter(finding=self) + deduplicationLogger.debug("get_vulnerability_ids after the finding was saved. Vulnerability references count: " + str(vulnerability_ids.count())) + # convert list of vulnerability_ids to the list of their canonical representation + vulnerability_id_str_list = list( + map( + lambda vulnerability_id: str(vulnerability_id), + vulnerability_ids.all() + )) + # sort vulnerability_ids strings + vulnerability_id_str = ''.join(sorted(vulnerability_id_str_list)) + return vulnerability_id_str + # Get endpoints to use for hash_code computation # (This sometimes reports "None") def get_endpoints(self): endpoint_str = '' - if(self.id is None): + if (self.id is None): if len(self.unsaved_endpoints) > 0: deduplicationLogger.debug("get_endpoints before the finding was saved") # convert list of unsaved endpoints to the list of their canonical representation @@ -2161,17 +2749,14 @@ def duplicate_finding_set(self): return self.original_finding.all().order_by('title') def get_scanner_confidence_text(self): - scanner_confidence_text = "" - scanner_confidence = self.scanner_confidence - if scanner_confidence: - if scanner_confidence <= 2: - scanner_confidence_text = "Certain" - elif scanner_confidence >= 3 and scanner_confidence <= 5: - scanner_confidence_text = "Firm" - elif scanner_confidence >= 6: - scanner_confidence_text = "Tentative" - - return scanner_confidence_text + if self.scanner_confidence and isinstance(self.scanner_confidence, int): + if self.scanner_confidence <= 2: + return "Certain" + elif self.scanner_confidence >= 3 and self.scanner_confidence <= 5: + return "Firm" + else: + return "Tentative" + return "" @staticmethod def get_numerical_severity(severity): @@ -2240,14 +2825,28 @@ def status(self): return ", ".join([str(s) for s in status]) def _age(self, start_date): - if SLA_BUSINESS_DAYS: + from dateutil.parser import parse + if start_date and isinstance(start_date, str): + start_date = parse(start_date).date() + + from dojo.utils import get_work_days + if settings.SLA_BUSINESS_DAYS: if self.mitigated: - days = busday_count(self.date, self.mitigated.date()) + mitigated_date = self.mitigated + if isinstance(mitigated_date, datetime): + mitigated_date = self.mitigated.date() + days = get_work_days(self.date, mitigated_date) else: - days = busday_count(self.date, get_current_date()) + days = get_work_days(self.date, get_current_date()) else: + if isinstance(start_date, datetime): + start_date = start_date.date() + if self.mitigated: - diff = self.mitigated.date() - start_date + mitigated_date = self.mitigated + if isinstance(mitigated_date, datetime): + mitigated_date = self.mitigated.date() + diff = mitigated_date - start_date else: diff = get_current_date() - start_date days = diff.days @@ -2257,31 +2856,53 @@ def _age(self, start_date): def age(self): return self._age(self.date) + @property + def sla_age(self): + return self._age(self.get_sla_start_date()) + def get_sla_start_date(self): if self.sla_start_date: return self.sla_start_date else: return self.date - @property - def sla_age(self): - return self._age(self.get_sla_start_date()) + def get_sla_period(self): + sla_configuration = SLA_Configuration.objects.filter(id=self.test.engagement.product.sla_configuration_id).first() + return getattr(sla_configuration, self.severity.lower(), None) - def sla_days_remaining(self): - sla_calculation = None - severity = self.severity - from dojo.utils import get_system_setting - sla_age = get_system_setting('sla_' + self.severity.lower()) - if sla_age: - sla_calculation = sla_age - self.age - return sla_calculation + def set_sla_expiration_date(self): + system_settings = System_Settings.objects.get() + if not system_settings.enable_finding_sla: + return None + + days_remaining = None + sla_period = self.get_sla_period() + if sla_period: + days_remaining = sla_period - self.sla_age - def sla_deadline(self): - days_remaining = self.sla_days_remaining() if days_remaining: - return self.date + relativedelta(days=days_remaining) + if self.mitigated: + mitigated_date = self.mitigated + if isinstance(mitigated_date, datetime): + mitigated_date = self.mitigated.date() + self.sla_expiration_date = mitigated_date + relativedelta(days=days_remaining) + else: + self.sla_expiration_date = get_current_date() + relativedelta(days=days_remaining) + + def sla_days_remaining(self): + if self.sla_expiration_date: + if self.mitigated: + mitigated_date = self.mitigated + if isinstance(mitigated_date, datetime): + mitigated_date = self.mitigated.date() + return (self.sla_expiration_date - mitigated_date).days + else: + return (self.sla_expiration_date - get_current_date()).days return None + def sla_deadline(self): + return self.sla_expiration_date + def github(self): try: return self.github_issue @@ -2290,7 +2911,8 @@ def github(self): def has_github_issue(self): try: - issue = self.github_issue + # Attempt to access the github issue if it exists. If not, an exception will be caught + _ = self.github_issue return True except GITHUB_Issue.DoesNotExist: return False @@ -2340,34 +2962,11 @@ def has_jira_configured(self): def has_finding_group(self): return self.finding_group is not None - def long_desc(self): - long_desc = '' - long_desc += '*' + self.title + '*\n\n' - long_desc += '*Severity:* ' + str(self.severity) + '\n\n' - long_desc += '*Cve:* ' + str(self.cve) + '\n\n' - long_desc += '*CVSS v3:* ' + str(self.cvssv3) + '\n\n' - long_desc += '*Product/Engagement:* ' + self.test.engagement.product.name + ' / ' + self.test.engagement.name + '\n\n' - if self.test.engagement.branch_tag: - long_desc += '*Branch/Tag:* ' + self.test.engagement.branch_tag + '\n\n' - if self.test.engagement.build_id: - long_desc += '*BuildID:* ' + self.test.engagement.build_id + '\n\n' - if self.test.engagement.commit_hash: - long_desc += '*Commit hash:* ' + self.test.engagement.commit_hash + '\n\n' - long_desc += '*Systems*: \n\n' - - for e in self.endpoints.all(): - long_desc += str(e) + '\n\n' - long_desc += '*Description*: \n' + str(self.description) + '\n\n' - long_desc += '*Mitigation*: \n' + str(self.mitigation) + '\n\n' - long_desc += '*Impact*: \n' + str(self.impact) + '\n\n' - long_desc += '*References*:' + str(self.references) - return long_desc - def save_no_options(self, *args, **kwargs): - return self.save(dedupe_option=False, false_history=False, rules_option=False, product_grading_option=False, + return self.save(dedupe_option=False, rules_option=False, product_grading_option=False, issue_updater_option=False, push_to_jira=False, user=None, *args, **kwargs) - def save(self, dedupe_option=True, false_history=False, rules_option=True, product_grading_option=True, + def save(self, dedupe_option=True, rules_option=True, product_grading_option=True, issue_updater_option=True, push_to_jira=False, user=None, *args, **kwargs): from dojo.finding import helper as finding_helper @@ -2392,10 +2991,6 @@ def save(self, dedupe_option=True, false_history=False, rules_option=True, produ except Exception as ex: logger.error("Can't compute cvssv3 score for finding id %i. Invalid cvssv3 vector found: '%s'. Exception: %s", self.id, self.cvssv3, ex) - if rules_option: - from dojo.utils import do_apply_rules - do_apply_rules(self, *args, **kwargs) - # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication if dedupe_option: @@ -2407,7 +3002,6 @@ def save(self, dedupe_option=True, false_history=False, rules_option=True, produ if self.pk is None: # We enter here during the first call from serializers.py - false_history = True from dojo.utils import apply_cwe_to_template self = apply_cwe_to_template(self) @@ -2430,14 +3024,17 @@ def save(self, dedupe_option=True, false_history=False, rules_option=True, produ elif (self.file_path is not None): self.static_finding = True + # update the SLA expiration date last, after all other finding fields have been updated + self.set_sla_expiration_date() + logger.debug("Saving finding of id " + str(self.id) + " dedupe_option:" + str(dedupe_option) + " (self.pk is %s)", "None" if self.pk is None else "not None") super(Finding, self).save(*args, **kwargs) self.found_by.add(self.test.test_type) # only perform post processing (in celery task) if needed. this check avoids submitting 1000s of tasks to celery that will do nothing - if dedupe_option or false_history or issue_updater_option or product_grading_option or push_to_jira: - finding_helper.post_process_finding_save(self, dedupe_option=dedupe_option, false_history=false_history, rules_option=rules_option, product_grading_option=product_grading_option, + if dedupe_option or issue_updater_option or product_grading_option or push_to_jira: + finding_helper.post_process_finding_save(self, dedupe_option=dedupe_option, rules_option=rules_option, product_grading_option=product_grading_option, issue_updater_option=issue_updater_option, push_to_jira=push_to_jira, user=user, *args, **kwargs) else: logger.debug('no options selected that require finding post processing') @@ -2464,20 +3061,41 @@ def get_breadcrumbs(self): 'url': reverse('view_finding', args=(self.id,))}] return bc + def get_valid_request_response_pairs(self): + empty_value = base64.b64encode("".encode()) + # Get a list of all req/resp pairs + all_req_resps = self.burprawrequestresponse_set.all() + # Filter away those that do not have any contents + valid_req_resps = all_req_resps.exclude( + burpRequestBase64__exact=empty_value, + burpResponseBase64__exact=empty_value, + ) + + return valid_req_resps + def get_report_requests(self): - if self.burprawrequestresponse_set.count() >= 3: - return self.burprawrequestresponse_set.all()[0:3] - elif self.burprawrequestresponse_set.count() > 0: - return self.burprawrequestresponse_set.all() + # Get the list of request response pairs that are non empty + request_response_pairs = self.get_valid_request_response_pairs() + # Determine how many to return + if request_response_pairs.count() >= 3: + return request_response_pairs[0:3] + elif request_response_pairs.count() > 0: + return request_response_pairs def get_request(self): - if self.burprawrequestresponse_set.count() > 0: - reqres = self.burprawrequestresponse_set().first() + # Get the list of request response pairs that are non empty + request_response_pairs = self.get_valid_request_response_pairs() + # Determine what to return + if request_response_pairs.count() > 0: + reqres = request_response_pairs.first() return base64.b64decode(reqres.burpRequestBase64) def get_response(self): - if self.burprawrequestresponse_set.count() > 0: - reqres = self.burprawrequestresponse_set.first() + # Get the list of request response pairs that are non empty + request_response_pairs = self.get_valid_request_response_pairs() + # Determine what to return + if request_response_pairs.count() > 0: + reqres = request_response_pairs.first() res = base64.b64decode(reqres.burpResponseBase64) # Removes all blank lines res = re.sub(r'\n\s*\n', '\n', res) @@ -2507,35 +3125,198 @@ def get_file_path_with_link(self): return None if self.test.engagement.source_code_management_uri is None: return escape(self.file_path) - link = self.test.engagement.source_code_management_uri + '/' + self.file_path - if self.line: - link = link + '#L' + str(self.line) + link = self.get_file_path_with_raw_link() return create_bleached_link(link, self.file_path) + def get_scm_type(self): + # extract scm type from product custom field 'scm-type' + + if hasattr(self.test.engagement, 'product'): + dojo_meta = DojoMeta.objects.filter(product=self.test.engagement.product, name='scm-type').first() + if dojo_meta: + st = dojo_meta.value.strip() + if st: + return st.lower() + return 'github' + + def bitbucket_public_prepare_scm_base_link(self, uri): + # bitbucket public (https://bitbucket.org) url template for browse is: + # https://bitbucket.org// + # but when you get repo url for git, its template is: + # https://bitbucket.org//.git + # so to create browser url - git url should be recomposed like below: + + parts_uri = uri.split('.git') + return parts_uri[0] + + def bitbucket_public_prepare_scm_link(self, uri): + # if commit hash or branch/tag is set for engagement/test - + # hash or branch/tag should be appended to base browser link + + link = self.bitbucket_public_prepare_scm_base_link(uri) + if self.test.commit_hash: + link += '/src/' + self.test.commit_hash + '/' + self.file_path + elif self.test.engagement.commit_hash: + link += '/src/' + self.test.engagement.commit_hash + '/' + self.file_path + elif self.test.branch_tag: + link += '/src/' + self.test.branch_tag + '/' + self.file_path + elif self.test.engagement.branch_tag: + link += '/src/' + self.test.engagement.branch_tag + '/' + self.file_path + else: + link += '/src/master/' + self.file_path + + return link + + def bitbucket_standalone_prepare_scm_base_link(self, uri): + # bitbucket onpremise/standalone url template for browse is: + # https://bb.example.com/projects//repos/ + # but when you get repo url for git, its template is: + # https://bb.example.com/scm//.git + # or for user public repo^ + # https://bb.example.com/users//repos/ + # but when you get repo url for git, its template is: + # https://bb.example.com/scm//.git (username often could be prefixed with ~) + # so to create borwser url - git url should be recomposed like below: + + parts_uri = uri.split('.git') + parts_scm = parts_uri[0].split('/scm/') + parts_project = parts_scm[1].split('/') + project = parts_project[0] + if project.startswith('~'): + return parts_scm[0] + '/users/' + parts_project[0][1:] + '/repos/' + parts_project[1] + '/browse' + else: + return parts_scm[0] + '/projects/' + parts_project[0] + '/repos/' + parts_project[1] + '/browse' + + def bitbucket_standalone_prepare_scm_link(self, uri): + # if commit hash or branch/tag is set for engagement/test - + # hash or barnch/tag should be appended to base browser link + + link = self.bitbucket_standalone_prepare_scm_base_link(uri) + if self.test.commit_hash: + link += '/' + self.file_path + '?at=' + self.test.commit_hash + elif self.test.engagement.commit_hash: + link += '/' + self.file_path + '?at=' + self.test.engagement.commit_hash + elif self.test.branch_tag: + link += '/' + self.file_path + '?at=' + self.test.branch_tag + elif self.test.engagement.branch_tag: + link += '/' + self.file_path + '?at=' + self.test.engagement.branch_tag + else: + link += '/' + self.file_path + + return link + + def github_prepare_scm_link(self, uri): + link = uri + + if self.test.commit_hash: + link += '/blob/' + self.test.commit_hash + '/' + self.file_path + elif self.test.engagement.commit_hash: + link += '/blob/' + self.test.engagement.commit_hash + '/' + self.file_path + elif self.test.branch_tag: + link += '/blob/' + self.test.branch_tag + '/' + self.file_path + elif self.test.engagement.branch_tag: + link += '/blob/' + self.test.engagement.branch_tag + '/' + self.file_path + else: + link += '/' + self.file_path + + return link + + def get_file_path_with_raw_link(self): + if self.file_path is None: + return None + + link = self.test.engagement.source_code_management_uri + scm_type = self.get_scm_type() + if (self.test.engagement.source_code_management_uri is not None): + if scm_type == 'github' or ("https://github.com/" in self.test.engagement.source_code_management_uri): + link = self.github_prepare_scm_link(link) + elif scm_type == 'bitbucket-standalone': + link = self.bitbucket_standalone_prepare_scm_link(link) + elif scm_type == 'bitbucket': + link = self.bitbucket_public_prepare_scm_link(link) + else: + link += '/' + self.file_path + else: + link += '/' + self.file_path + + # than - add line part to browser url + if self.line: + if scm_type == 'github' or scm_type == 'gitlab': + link = link + '#L' + str(self.line) + elif scm_type == 'bitbucket-standalone': + link = link + '#' + str(self.line) + elif scm_type == 'bitbucket': + link = link + '#lines-' + str(self.line) + return link + def get_references_with_links(self): import re from dojo.utils import create_bleached_link if self.references is None: return None matches = re.findall(r'([\(|\[]?(https?):((//)|(\\\\))+([\w\d:#@%/;$~_?\+-=\\\.&](#!)?)*[\)|\]]?)', self.references) + + processed_matches = [] for match in matches: # Check if match isn't already a markdown link - if not (match[0].startswith('[') or match[0].startswith('(')): + # Only replace the same matches one time, otherwise the links will be corrupted + if not (match[0].startswith('[') or match[0].startswith('(')) and not match[0] in processed_matches: self.references = self.references.replace(match[0], create_bleached_link(match[0], match[0]), 1) + processed_matches.append(match[0]) + return self.references + @cached_property + def vulnerability_ids(self): + # Get vulnerability ids from database and convert to list of strings + vulnerability_ids_model = self.vulnerability_id_set.all() + vulnerability_ids = list() + for vulnerability_id in vulnerability_ids_model: + vulnerability_ids.append(vulnerability_id.vulnerability_id) + + # Synchronize the cve field with the unsaved_vulnerability_ids + # We do this to be as flexible as possible to handle the fields until + # the cve field is not needed anymore and can be removed. + if vulnerability_ids and self.cve: + # Make sure the first entry of the list is the value of the cve field + vulnerability_ids.insert(0, self.cve) + elif not vulnerability_ids and self.cve: + # If there is no list, make one with the value of the cve field + vulnerability_ids = [self.cve] + + # Remove duplicates + vulnerability_ids = list(dict.fromkeys(vulnerability_ids)) + + return vulnerability_ids + + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for tag in self.test.engagement.product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + + @property + def violates_sla(self): + return (self.sla_expiration_date and self.sla_expiration_date < timezone.now()) + class FindingAdmin(admin.ModelAdmin): # For efficiency with large databases, display many-to-many fields with raw # IDs rather than multi-select raw_id_fields = ( 'endpoints', - 'endpoint_status', ) -Finding.endpoints.through.__str__ = lambda \ - x: "Endpoint: " + str(x.endpoint) +class Vulnerability_Id(models.Model): + finding = models.ForeignKey(Finding, editable=False, on_delete=models.CASCADE) + vulnerability_id = models.TextField(max_length=50, blank=False, null=False) + + def __str__(self): + return self.vulnerability_id + + def get_absolute_url(self): + from django.urls import reverse + return reverse('view_finding', args=[str(self.finding.id)]) class Stub_Finding(models.Model): @@ -2544,7 +3325,7 @@ class Stub_Finding(models.Model): severity = models.CharField(max_length=200, blank=True, null=True) description = models.TextField(blank=True, null=True) test = models.ForeignKey(Test, editable=False, on_delete=models.CASCADE) - reporter = models.ForeignKey(User, editable=False, default=1, on_delete=models.RESTRICT) + reporter = models.ForeignKey(Dojo_User, editable=False, default=1, on_delete=models.RESTRICT) class Meta: ordering = ('-date', 'title') @@ -2561,7 +3342,10 @@ def get_breadcrumbs(self): class Finding_Group(TimeStampedModel): - GROUP_BY_OPTIONS = [('component_name', 'Component Name'), ('component_name+component_version', 'Component Name + Version'), ('file_path', 'File path')] + GROUP_BY_OPTIONS = [('component_name', 'Component Name'), + ('component_name+component_version', 'Component Name + Version'), + ('file_path', 'File path'), + ('finding_title', 'Finding Title')] name = models.CharField(max_length=255, blank=False, null=False) test = models.ForeignKey(Test, on_delete=models.CASCADE) @@ -2614,9 +3398,6 @@ def sla_deadline(self): return min([find.sla_deadline() for find in self.findings.all() if find.sla_deadline()], default=None) - # def cves(self): - # return ', '.join([find.cve for find in self.findings.all() if find.cve is not None]) - def status(self): if not self.findings.all(): return None @@ -2647,9 +3428,11 @@ class Meta: class Finding_Template(models.Model): title = models.TextField(max_length=1000) cwe = models.IntegerField(default=None, null=True, blank=True) - cve_regex = RegexValidator(regex=r'^[A-Z]{1,10}(-\d+)+$', - message="Vulnerability ID must be entered in the format: 'ABC-9999-9999'.") - cve = models.CharField(validators=[cve_regex], max_length=28, null=True, blank=False) + cve = models.CharField(max_length=50, + null=True, + blank=False, + verbose_name="Vulnerability Id", + help_text="An id of a vulnerability in a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposures (CVE) or from other sources.") cvssv3_regex = RegexValidator(regex=r'^AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]', message="CVSS must be entered in format: 'AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'") cvssv3 = models.TextField(validators=[cvssv3_regex], max_length=117, null=True) severity = models.CharField(max_length=200, null=True, blank=True) @@ -2659,10 +3442,10 @@ class Finding_Template(models.Model): references = models.TextField(null=True, blank=True, db_column="refs") last_used = models.DateTimeField(null=True, editable=False) numerical_severity = models.CharField(max_length=4, null=True, blank=True, editable=False) - template_match = models.BooleanField(default=False, verbose_name='Template Match Enabled', help_text="Enables this template for matching remediation advice. Match will be applied to all active, verified findings by CWE.") - template_match_title = models.BooleanField(default=False, verbose_name='Match Template by Title and CWE', help_text="Matches by title text (contains search) and CWE.") + template_match = models.BooleanField(default=False, verbose_name=_('Template Match Enabled'), help_text=_("Enables this template for matching remediation advice. Match will be applied to all active, verified findings by CWE.")) + template_match_title = models.BooleanField(default=False, verbose_name=_('Match Template by Title and CWE'), help_text=_('Matches by title text (contains search) and CWE.')) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this finding template. Choose from the list or add new tags. Press Enter key to add.") + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this finding template. Choose from the list or add new tags. Press Enter key to add.")) SEVERITIES = {'Info': 4, 'Low': 3, 'Medium': 2, 'High': 1, 'Critical': 0} @@ -2682,6 +3465,34 @@ def get_absolute_url(self): from django.urls import reverse return reverse('edit_template', args=[str(self.id)]) + @cached_property + def vulnerability_ids(self): + # Get vulnerability ids from database and convert to list of strings + vulnerability_ids_model = self.vulnerability_id_template_set.all() + vulnerability_ids = list() + for vulnerability_id in vulnerability_ids_model: + vulnerability_ids.append(vulnerability_id.vulnerability_id) + + # Synchronize the cve field with the unsaved_vulnerability_ids + # We do this to be as flexible as possible to handle the fields until + # the cve field is not needed anymore and can be removed. + if vulnerability_ids and self.cve: + # Make sure the first entry of the list is the value of the cve field + vulnerability_ids.insert(0, self.cve) + elif not vulnerability_ids and self.cve: + # If there is no list, make one with the value of the cve field + vulnerability_ids = [self.cve] + + # Remove duplicates + vulnerability_ids = list(dict.fromkeys(vulnerability_ids)) + + return vulnerability_ids + + +class Vulnerability_Id_Template(models.Model): + finding_template = models.ForeignKey(Finding_Template, editable=False, on_delete=models.CASCADE) + vulnerability_id = models.TextField(max_length=50, blank=False, null=False) + class Check_List(models.Model): session_management = models.CharField(max_length=50, default='none') @@ -2766,34 +3577,42 @@ class Risk_Acceptance(models.Model): (TREATMENT_TRANSFER, 'Transfer (The risk is transferred to a 3rd party)'), ] - name = models.CharField(max_length=100, null=False, blank=False, help_text="Descriptive name which in the future may also be used to group risk acceptances together across engagements and products") + TREATMENT_TRANSLATIONS = { + 'A': 'Accept (The risk is acknowledged, yet remains)', + 'V': 'Avoid (Do not engage with whatever creates the risk)', + 'M': 'Mitigate (The risk still exists, yet compensating controls make it less of a threat)', + 'F': 'Fix (The risk is eradicated)', + 'T': 'Transfer (The risk is transferred to a 3rd party)', + } + + name = models.CharField(max_length=300, null=False, blank=False, help_text=_("Descriptive name which in the future may also be used to group risk acceptances together across engagements and products")) accepted_findings = models.ManyToManyField(Finding) - recommendation = models.CharField(choices=TREATMENT_CHOICES, max_length=2, null=False, default=TREATMENT_FIX, help_text="Recommendation from the security team.", verbose_name="Security Recommendation") + recommendation = models.CharField(choices=TREATMENT_CHOICES, max_length=2, null=False, default=TREATMENT_FIX, help_text=_("Recommendation from the security team."), verbose_name=_('Security Recommendation')) recommendation_details = models.TextField(null=True, blank=True, - help_text="Explanation of security recommendation", verbose_name="Security Recommendation Details") + help_text=_("Explanation of security recommendation"), verbose_name=_('Security Recommendation Details')) - decision = models.CharField(choices=TREATMENT_CHOICES, max_length=2, null=False, default=TREATMENT_ACCEPT, help_text="Risk treatment decision by risk owner") - decision_details = models.TextField(default=None, blank=True, null=True, help_text="If a compensating control exists to mitigate the finding or reduce risk, then list the compensating control(s).") + decision = models.CharField(choices=TREATMENT_CHOICES, max_length=2, null=False, default=TREATMENT_ACCEPT, help_text=_("Risk treatment decision by risk owner")) + decision_details = models.TextField(default=None, blank=True, null=True, help_text=_('If a compensating control exists to mitigate the finding or reduce risk, then list the compensating control(s).')) - accepted_by = models.CharField(max_length=200, default=None, null=True, blank=True, verbose_name='Accepted By', help_text="The person that accepts the risk, can be outside of DefectDojo.") + accepted_by = models.CharField(max_length=200, default=None, null=True, blank=True, verbose_name=_('Accepted By'), help_text=_("The person that accepts the risk, can be outside of DefectDojo.")) path = models.FileField(upload_to='risk/%Y/%m/%d', editable=True, null=True, - blank=True, verbose_name="Proof") - owner = models.ForeignKey(Dojo_User, editable=True, on_delete=models.RESTRICT, help_text="User in DefectDojo owning this acceptance. Only the owner and staff users can edit the risk acceptance.") + blank=True, verbose_name=_('Proof')) + owner = models.ForeignKey(Dojo_User, editable=True, on_delete=models.RESTRICT, help_text=_("User in DefectDojo owning this acceptance. Only the owner and staff users can edit the risk acceptance.")) - expiration_date = models.DateTimeField(default=None, null=True, blank=True, help_text="When the risk acceptance expires, the findings will be reactivated (unless disabled below).") - expiration_date_warned = models.DateTimeField(default=None, null=True, blank=True, help_text="(readonly) Date at which notice about the risk acceptance expiration was sent.") - expiration_date_handled = models.DateTimeField(default=None, null=True, blank=True, help_text="(readonly) When the risk acceptance expiration was handled (manually or by the daily job).") - reactivate_expired = models.BooleanField(null=False, blank=False, default=True, verbose_name="Reactivate findings on expiration", help_text="Reactivate findings when risk acceptance expires?") - restart_sla_expired = models.BooleanField(default=False, null=False, verbose_name="Restart SLA on expiration", help_text="When enabled, the SLA for findings is restarted when the risk acceptance expires.") + expiration_date = models.DateTimeField(default=None, null=True, blank=True, help_text=_('When the risk acceptance expires, the findings will be reactivated (unless disabled below).')) + expiration_date_warned = models.DateTimeField(default=None, null=True, blank=True, help_text=_('(readonly) Date at which notice about the risk acceptance expiration was sent.')) + expiration_date_handled = models.DateTimeField(default=None, null=True, blank=True, help_text=_('(readonly) When the risk acceptance expiration was handled (manually or by the daily job).')) + reactivate_expired = models.BooleanField(null=False, blank=False, default=True, verbose_name=_('Reactivate findings on expiration'), help_text=_('Reactivate findings when risk acceptance expires?')) + restart_sla_expired = models.BooleanField(default=False, null=False, verbose_name=_('Restart SLA on expiration'), help_text=_("When enabled, the SLA for findings is restarted when the risk acceptance expires.")) notes = models.ManyToManyField(Notes, editable=False) - created = models.DateTimeField(null=False, editable=False, auto_now_add=True) - updated = models.DateTimeField(editable=False, auto_now=True) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True, editable=False) def __str__(self): return str(self.name) @@ -2828,12 +3647,31 @@ def engagement(self): return None + def copy(self, engagement=None): + copy = self + # Save the necessary ManyToMany relationships + old_notes = list(self.notes.all()) + old_accepted_findings_hash_codes = [finding.hash_code for finding in self.accepted_findings.all()] + # Wipe the IDs of the new object + copy.pk = None + copy.id = None + # Save the object before setting any ManyToMany relationships + copy.save() + # Copy the notes + for notes in old_notes: + copy.notes.add(notes.copy()) + # Assign any accepted findings + if engagement: + new_accepted_findings = Finding.objects.filter(test__engagement=engagement, hash_code__in=old_accepted_findings_hash_codes, risk_accepted=True).distinct() + copy.accepted_findings.set(new_accepted_findings) + return copy + class FileAccessToken(models.Model): """This will allow reports to request the images without exposing the media root to the world without authentication""" - user = models.ForeignKey(User, null=False, blank=False, on_delete=models.CASCADE) + user = models.ForeignKey(Dojo_User, null=False, blank=False, on_delete=models.CASCADE) file = models.ForeignKey(FileUpload, null=False, blank=False, on_delete=models.CASCADE) token = models.CharField(max_length=255) size = models.CharField(max_length=9, @@ -2851,14 +3689,41 @@ def save(self, *args, **kwargs): return super(FileAccessToken, self).save(*args, **kwargs) +ANNOUNCEMENT_STYLE_CHOICES = ( + ('info', 'Info'), + ('success', 'Success'), + ('warning', 'Warning'), + ('danger', 'Danger') +) + + +class Announcement(models.Model): + message = models.CharField(max_length=500, + help_text=_("This dismissable message will be displayed on all pages for authenticated users. It can contain basic html tags, for example https://example.com"), + default='') + style = models.CharField(max_length=64, choices=ANNOUNCEMENT_STYLE_CHOICES, default='info', + help_text=_("The style of banner to display. (info, success, warning, danger)")) + dismissable = models.BooleanField(default=False, + null=False, + blank=True, + verbose_name=_('Dismissable?'), + help_text=_('Ticking this box allows users to dismiss the current announcement'), + ) + + +class UserAnnouncement(models.Model): + announcement = models.ForeignKey(Announcement, null=True, editable=False, on_delete=models.CASCADE, related_name='user_announcement') + user = models.ForeignKey(Dojo_User, null=True, editable=False, on_delete=models.CASCADE) + + class BannerConf(models.Model): banner_enable = models.BooleanField(default=False, null=True, blank=True) - banner_message = models.CharField(max_length=500, help_text="This message will be displayed on the login page. It can contain basic html tags, for example https://example.com", default='') + banner_message = models.CharField(max_length=500, help_text=_("This message will be displayed on the login page. It can contain basic html tags, for example https://example.com"), default='') class GITHUB_Conf(models.Model): - configuration_name = models.CharField(max_length=2000, help_text="Enter a name to give to this configuration", default='') - api_key = models.CharField(max_length=2000, help_text="Enter your Github API Key", default='') + configuration_name = models.CharField(max_length=2000, help_text=_("Enter a name to give to this configuration"), default='') + api_key = models.CharField(max_length=2000, help_text=_("Enter your Github API Key"), default='') def __str__(self): return self.configuration_name @@ -2866,7 +3731,7 @@ def __str__(self): class GITHUB_Issue(models.Model): issue_id = models.CharField(max_length=200) - issue_url = models.URLField(max_length=2000, verbose_name="GitHub issue URL") + issue_url = models.URLField(max_length=2000, verbose_name=_('GitHub issue URL')) finding = models.OneToOneField(Finding, null=True, blank=True, on_delete=models.CASCADE) def __str__(self): @@ -2888,18 +3753,18 @@ class GITHUB_Details_Cache(models.Model): class GITHUB_PKey(models.Model): product = models.ForeignKey(Product, on_delete=models.CASCADE) - git_project = models.CharField(max_length=200, blank=True, verbose_name="Github project", help_text="Specify your project location. (:user/:repo)") - git_conf = models.ForeignKey(GITHUB_Conf, verbose_name="Github Configuration", + git_project = models.CharField(max_length=200, blank=True, verbose_name=_('Github project'), help_text=_('Specify your project location. (:user/:repo)')) + git_conf = models.ForeignKey(GITHUB_Conf, verbose_name=_('Github Configuration'), null=True, blank=True, on_delete=models.CASCADE) - git_push_notes = models.BooleanField(default=False, blank=True, help_text="Notes added to findings will be automatically added to the corresponding github issue") + git_push_notes = models.BooleanField(default=False, blank=True, help_text=_("Notes added to findings will be automatically added to the corresponding github issue")) def __str__(self): return self.product.name + " | " + self.git_project class JIRA_Instance(models.Model): - configuration_name = models.CharField(max_length=2000, help_text="Enter a name to give to this configuration", default='') - url = models.URLField(max_length=2000, verbose_name="JIRA URL", help_text="For more information how to configure Jira, read the DefectDojo documentation.") + configuration_name = models.CharField(max_length=2000, help_text=_("Enter a name to give to this configuration"), default='') + url = models.URLField(max_length=2000, verbose_name=_('JIRA URL'), help_text=_("For more information how to configure Jira, read the DefectDojo documentation.")) username = models.CharField(max_length=2000) password = models.CharField(max_length=2000) @@ -2914,26 +3779,27 @@ class JIRA_Instance(models.Model): ('Bug', 'Bug'), ('Security', 'Security') ) - default_issue_type = models.CharField(max_length=15, + default_issue_type = models.CharField(max_length=255, choices=default_issue_type_choices, default='Bug', - help_text='You can define extra issue types in settings.py') + help_text=_('You can define extra issue types in settings.py')) issue_template_dir = models.CharField(max_length=255, null=True, blank=True, - help_text='Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.') - epic_name_id = models.IntegerField(help_text="To obtain the 'Epic name id' visit https:///rest/api/2/field and search for Epic Name. Copy the number out of cf[number] and paste it here.") - open_status_key = models.IntegerField(verbose_name="Reopen Transition ID", help_text="Transition ID to Re-Open JIRA issues, visit https:///rest/api/latest/issue//transitions?expand=transitions.fields to find the ID for your JIRA instance") - close_status_key = models.IntegerField(verbose_name="Close Transition ID", help_text="Transition ID to Close JIRA issues, visit https:///rest/api/latest/issue//transitions?expand=transitions.fields to find the ID for your JIRA instance") - info_mapping_severity = models.CharField(max_length=200, help_text="Maps to the 'Priority' field in Jira. For example: Info") - low_mapping_severity = models.CharField(max_length=200, help_text="Maps to the 'Priority' field in Jira. For example: Low") - medium_mapping_severity = models.CharField(max_length=200, help_text="Maps to the 'Priority' field in Jira. For example: Medium") - high_mapping_severity = models.CharField(max_length=200, help_text="Maps to the 'Priority' field in Jira. For example: High") - critical_mapping_severity = models.CharField(max_length=200, help_text="Maps to the 'Priority' field in Jira. For example: Critical") - finding_text = models.TextField(null=True, blank=True, help_text="Additional text that will be added to the finding in Jira. For example including how the finding was created or who to contact for more information.") - accepted_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, help_text="JIRA resolution names (comma-separated values) that maps to an Accepted Finding") - false_positive_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, help_text="JIRA resolution names (comma-separated values) that maps to a False Positive Finding") - global_jira_sla_notification = models.BooleanField(default=True, blank=False, verbose_name="Globally send SLA notifications as comment?", help_text="This setting can be overidden at the Product level") + help_text=_("Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.")) + epic_name_id = models.IntegerField(help_text=_("To obtain the 'Epic name id' visit https:///rest/api/2/field and search for Epic Name. Copy the number out of cf[number] and paste it here.")) + open_status_key = models.IntegerField(verbose_name=_('Reopen Transition ID'), help_text=_("Transition ID to Re-Open JIRA issues, visit https:///rest/api/latest/issue//transitions?expand=transitions.fields to find the ID for your JIRA instance")) + close_status_key = models.IntegerField(verbose_name=_('Close Transition ID'), help_text=_("Transition ID to Close JIRA issues, visit https:///rest/api/latest/issue//transitions?expand=transitions.fields to find the ID for your JIRA instance")) + info_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: Info")) + low_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: Low")) + medium_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: Medium")) + high_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: High")) + critical_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: Critical")) + finding_text = models.TextField(null=True, blank=True, help_text=_("Additional text that will be added to the finding in Jira. For example including how the finding was created or who to contact for more information.")) + accepted_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, help_text=_('JIRA resolution names (comma-separated values) that maps to an Accepted Finding')) + false_positive_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, help_text=_('JIRA resolution names (comma-separated values) that maps to a False Positive Finding')) + global_jira_sla_notification = models.BooleanField(default=True, blank=False, verbose_name=_("Globally send SLA notifications as comment?"), help_text=_("This setting can be overidden at the Product level")) + finding_jira_sync = models.BooleanField(default=False, blank=False, verbose_name=_("Automatically sync Findings with JIRA?"), help_text=_("If enabled, this will sync changes to a Finding automatically to JIRA")) @property def accepted_resolutions(self): @@ -2988,23 +3854,32 @@ class JIRA_Instance_Admin(admin.ModelAdmin): class JIRA_Project(models.Model): - jira_instance = models.ForeignKey(JIRA_Instance, verbose_name="JIRA Instance", + jira_instance = models.ForeignKey(JIRA_Instance, verbose_name=_('JIRA Instance'), null=True, blank=True, on_delete=models.PROTECT) project_key = models.CharField(max_length=200, blank=True) product = models.ForeignKey(Product, on_delete=models.CASCADE, null=True) issue_template_dir = models.CharField(max_length=255, null=True, blank=True, - help_text='Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.') + help_text=_("Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.")) engagement = models.OneToOneField(Engagement, on_delete=models.CASCADE, null=True, blank=True) component = models.CharField(max_length=200, blank=True) + custom_fields = models.JSONField(max_length=200, blank=True, null=True, + help_text=_("JIRA custom field JSON mapping of Id to value, e.g. {\"customfield_10122\": [{\"name\": \"8.0.1\"}]}")) + default_assignee = models.CharField(max_length=200, blank=True, null=True, + help_text=_("JIRA default assignee (name). If left blank then it defaults to whatever is configured in JIRA.")) + jira_labels = models.CharField(max_length=200, blank=True, null=True, + help_text=_('JIRA issue labels space seperated')) + add_vulnerability_id_to_jira_label = models.BooleanField(default=False, + verbose_name=_('Add vulnerability Id as a JIRA label'), + blank=False) push_all_issues = models.BooleanField(default=False, blank=True, - help_text="Automatically maintain parity with JIRA. Always create and update JIRA tickets for findings in this Product.") + help_text=_("Automatically maintain parity with JIRA. Always create and update JIRA tickets for findings in this Product.")) enable_engagement_epic_mapping = models.BooleanField(default=False, blank=True) push_notes = models.BooleanField(default=False, blank=True) - product_jira_sla_notification = models.BooleanField(default=False, blank=True, verbose_name="Send SLA notifications as comment?") - risk_acceptance_expiration_notification = models.BooleanField(default=False, blank=True, verbose_name="Send Risk Acceptance expiration notifications as comment?") + product_jira_sla_notification = models.BooleanField(default=False, blank=True, verbose_name=_("Send SLA notifications as comment?")) + risk_acceptance_expiration_notification = models.BooleanField(default=False, blank=True, verbose_name=_("Send Risk Acceptance expiration notifications as comment?")) def clean(self): if not self.jira_instance: @@ -3050,22 +3925,22 @@ class JIRA_Issue(models.Model): jira_creation = models.DateTimeField(editable=True, null=True, - verbose_name="Jira creation", - help_text="The date a Jira issue was created from this finding.") + verbose_name=_('Jira creation'), + help_text=_("The date a Jira issue was created from this finding.")) jira_change = models.DateTimeField(editable=True, null=True, - verbose_name="Jira last update", - help_text="The date the linked Jira issue was last modified.") + verbose_name=_('Jira last update'), + help_text=_("The date the linked Jira issue was last modified.")) def set_obj(self, obj): - if type(obj) == Finding: + if isinstance(obj, Finding): self.finding = obj - elif type(obj) == Finding_Group: + elif isinstance(obj, Finding_Group): self.finding_group = obj - elif type(obj) == Engagement: + elif isinstance(obj, Engagement): self.engagement = obj else: - raise ValueError('unknown objec type whiel creating JIRA_Issue: %s', to_str_typed(obj)) + raise ValueError('unknown object type while creating JIRA_Issue: %s' % to_str_typed(obj)) def __str__(self): text = "" @@ -3076,35 +3951,50 @@ def __str__(self): return text + " | Jira Key: " + str(self.jira_key) +NOTIFICATION_CHOICE_SLACK = ("slack", "slack") +NOTIFICATION_CHOICE_MSTEAMS = ("msteams", "msteams") +NOTIFICATION_CHOICE_MAIL = ("mail", "mail") +NOTIFICATION_CHOICE_ALERT = ("alert", "alert") + NOTIFICATION_CHOICES = ( - ("slack", "slack"), ("msteams", "msteams"), ("mail", "mail"), - ("alert", "alert") + NOTIFICATION_CHOICE_SLACK, + NOTIFICATION_CHOICE_MSTEAMS, + NOTIFICATION_CHOICE_MAIL, + NOTIFICATION_CHOICE_ALERT, ) +DEFAULT_NOTIFICATION = NOTIFICATION_CHOICE_ALERT + class Notifications(models.Model): - product_type_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - product_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - engagement_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - test_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - scan_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True, help_text='Triggered whenever an (re-)import has been done that created/updated/closed findings.') - jira_update = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True, verbose_name="JIRA problems", help_text="JIRA sync happens in the background, errors will be shown as notifications/alerts so make sure to subscribe") - upcoming_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - stale_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - auto_close_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - close_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - user_mentioned = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - code_review = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - review_requested = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) - other = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True) + product_type_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + product_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + engagement_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + test_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + + scan_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, help_text=_('Triggered whenever an (re-)import has been done that created/updated/closed findings.')) + scan_added_empty = MultiSelectField(choices=NOTIFICATION_CHOICES, default=[], blank=True, help_text=_('Triggered whenever an (re-)import has been done (even if that created/updated/closed no findings).')) + jira_update = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, verbose_name=_("JIRA problems"), help_text=_("JIRA sync happens in the background, errors will be shown as notifications/alerts so make sure to subscribe")) + upcoming_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + stale_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + auto_close_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + close_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + user_mentioned = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + code_review = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + review_requested = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) + other = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True) user = models.ForeignKey(Dojo_User, default=None, null=True, editable=False, on_delete=models.CASCADE) product = models.ForeignKey(Product, default=None, null=True, editable=False, on_delete=models.CASCADE) - sla_breach = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True, - verbose_name="SLA breach", - help_text="Get notified of (upcoming) SLA breaches") - risk_acceptance_expiration = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True, - verbose_name="Risk Acceptance Expiration", - help_text="Get notified of (upcoming) Risk Acceptance expiries") + template = models.BooleanField(default=False) + sla_breach = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, + verbose_name=_('SLA breach'), + help_text=_('Get notified of (upcoming) SLA breaches')) + risk_acceptance_expiration = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, + verbose_name=_('Risk Acceptance Expiration'), + help_text=_('Get notified of (upcoming) Risk Acceptance expiries')) + sla_breach_combined = MultiSelectField(choices=NOTIFICATION_CHOICES, default=DEFAULT_NOTIFICATION, blank=True, + verbose_name=_('SLA breach (combined)'), + help_text=_('Get notified of (upcoming) SLA breaches (a message per project)')) class Meta: constraints = [ @@ -3144,10 +4034,23 @@ def merge_notifications_list(cls, notifications_list): result.review_requested = merge_sets_safe(result.review_requested, notifications.review_requested) result.other = merge_sets_safe(result.other, notifications.other) result.sla_breach = merge_sets_safe(result.sla_breach, notifications.sla_breach) + result.sla_breach_combined = merge_sets_safe(result.sla_breach_combined, notifications.sla_breach_combined) result.risk_acceptance_expiration = merge_sets_safe(result.risk_acceptance_expiration, notifications.risk_acceptance_expiration) return result + def __str__(self): + return f"Notifications about {self.product or 'all projects'} for {self.user or 'system notifications'}" + + +class NotificationsAdmin(admin.ModelAdmin): + list_filter = ('user', 'product') + + def get_list_display(self, request): + list_fields = ['user', 'product'] + list_fields += [field.name for field in self.model._meta.fields if field.name not in list_fields] + return list_fields + class Tool_Product_Settings(models.Model): name = models.CharField(max_length=200, null=False) @@ -3166,7 +4069,7 @@ class Meta: class Tool_Product_History(models.Model): product = models.ForeignKey(Tool_Product_Settings, editable=False, on_delete=models.CASCADE) last_scan = models.DateTimeField(null=False, editable=False, default=now) - succesfull = models.BooleanField(default=True, verbose_name="Succesfully") + succesfull = models.BooleanField(default=True, verbose_name=_('Succesfully')) configuration_details = models.CharField(max_length=2000, null=True, blank=True) @@ -3177,8 +4080,8 @@ class Alerts(models.Model): url = models.URLField(max_length=2000, null=True, blank=True) source = models.CharField(max_length=100, default='Generic') icon = models.CharField(max_length=25, default='icon-user-check') - user_id = models.ForeignKey(User, null=True, editable=False, on_delete=models.CASCADE) - created = models.DateTimeField(null=False, editable=False, default=now) + user_id = models.ForeignKey(Dojo_User, null=True, editable=False, on_delete=models.CASCADE) + created = models.DateTimeField(auto_now_add=True, null=False) class Meta: ordering = ['-created'] @@ -3205,11 +4108,7 @@ class Cred_User(models.Model): login_regex = models.CharField(max_length=200, null=True, blank=True) logout_regex = models.CharField(max_length=200, null=True, blank=True) notes = models.ManyToManyField(Notes, blank=True, editable=False) - is_valid = models.BooleanField(default=True, verbose_name="Login is valid") - - # selenium_script = models.CharField(max_length=1000, default='none', - # editable=False, blank=True, null=True, - # verbose_name="Selenium Script File") + is_valid = models.BooleanField(default=True, verbose_name=_('Login is valid')) class Meta: ordering = ['name'] @@ -3221,7 +4120,7 @@ def __str__(self): class Cred_Mapping(models.Model): cred_id = models.ForeignKey(Cred_User, null=False, related_name="cred_user", - verbose_name="Credential", on_delete=models.CASCADE) + verbose_name=_('Credential'), on_delete=models.CASCADE) product = models.ForeignKey(Product, null=True, blank=True, related_name="product", on_delete=models.CASCADE) finding = models.ForeignKey(Finding, null=True, blank=True, @@ -3230,7 +4129,7 @@ class Cred_Mapping(models.Model): related_name="engagement", on_delete=models.CASCADE) test = models.ForeignKey(Test, null=True, blank=True, related_name="test", on_delete=models.CASCADE) is_authn_provider = models.BooleanField(default=False, - verbose_name="Authentication Provider") + verbose_name=_('Authentication Provider')) url = models.URLField(max_length=2000, null=True, blank=True) def __str__(self): @@ -3239,7 +4138,7 @@ def __str__(self): class Language_Type(models.Model): language = models.CharField(max_length=100, null=False) - color = models.CharField(max_length=7, null=True, blank=True, verbose_name='HTML color') + color = models.CharField(max_length=7, null=True, blank=True, verbose_name=_('HTML color')) def __str__(self): return self.language @@ -3248,12 +4147,12 @@ def __str__(self): class Languages(models.Model): language = models.ForeignKey(Language_Type, on_delete=models.CASCADE) product = models.ForeignKey(Product, on_delete=models.CASCADE) - user = models.ForeignKey(User, editable=True, blank=True, null=True, on_delete=models.RESTRICT) - files = models.IntegerField(blank=True, null=True, verbose_name='Number of files') - blank = models.IntegerField(blank=True, null=True, verbose_name='Number of blank lines') - comment = models.IntegerField(blank=True, null=True, verbose_name='Number of comment lines') - code = models.IntegerField(blank=True, null=True, verbose_name='Number of code lines') - created = models.DateTimeField(null=False, editable=False, default=now) + user = models.ForeignKey(Dojo_User, editable=True, blank=True, null=True, on_delete=models.RESTRICT) + files = models.IntegerField(blank=True, null=True, verbose_name=_('Number of files')) + blank = models.IntegerField(blank=True, null=True, verbose_name=_('Number of blank lines')) + comment = models.IntegerField(blank=True, null=True, verbose_name=_('Number of comment lines')) + code = models.IntegerField(blank=True, null=True, verbose_name=_('Number of code lines')) + created = models.DateTimeField(auto_now_add=True, null=False) def __str__(self): return self.language.language @@ -3265,13 +4164,13 @@ class Meta: class App_Analysis(models.Model): product = models.ForeignKey(Product, on_delete=models.CASCADE) name = models.CharField(max_length=200, null=False) - user = models.ForeignKey(User, editable=True, on_delete=models.RESTRICT) - confidence = models.IntegerField(blank=True, null=True, verbose_name='Confidence level') - version = models.CharField(max_length=200, null=True, blank=True, verbose_name='Version Number') + user = models.ForeignKey(Dojo_User, editable=True, on_delete=models.RESTRICT) + confidence = models.IntegerField(blank=True, null=True, verbose_name=_('Confidence level')) + version = models.CharField(max_length=200, null=True, blank=True, verbose_name=_('Version Number')) icon = models.CharField(max_length=200, null=True, blank=True) website = models.URLField(max_length=400, null=True, blank=True) website_found = models.URLField(max_length=400, null=True, blank=True) - created = models.DateTimeField(null=False, editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) tags = TagField(blank=True, force_lowercase=True) @@ -3281,7 +4180,7 @@ def __str__(self): class Objects_Review(models.Model): name = models.CharField(max_length=100, null=True, blank=True) - created = models.DateTimeField(null=False, editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) def __str__(self): return self.name @@ -3290,16 +4189,16 @@ def __str__(self): class Objects_Product(models.Model): product = models.ForeignKey(Product, on_delete=models.CASCADE) name = models.CharField(max_length=100, null=True, blank=True) - path = models.CharField(max_length=600, verbose_name='Full file path', + path = models.CharField(max_length=600, verbose_name=_('Full file path'), null=True, blank=True) - folder = models.CharField(max_length=400, verbose_name='Folder', + folder = models.CharField(max_length=400, verbose_name=_('Folder'), null=True, blank=True) - artifact = models.CharField(max_length=400, verbose_name='Artifact', + artifact = models.CharField(max_length=400, verbose_name=_('Artifact'), null=True, blank=True) review_status = models.ForeignKey(Objects_Review, on_delete=models.CASCADE) - created = models.DateTimeField(null=False, editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) - tags = TagField(blank=True, force_lowercase=True, help_text="Add tags that help describe this object. Choose from the list or add new tags. Press Enter key to add.") + tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this object. Choose from the list or add new tags. Press Enter key to add.")) def __str__(self): name = None @@ -3315,8 +4214,8 @@ def __str__(self): class Testing_Guide_Category(models.Model): name = models.CharField(max_length=300) - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) class Meta: ordering = ('name',) @@ -3327,14 +4226,14 @@ def __str__(self): class Testing_Guide(models.Model): testing_guide_category = models.ForeignKey(Testing_Guide_Category, on_delete=models.CASCADE) - identifier = models.CharField(max_length=20, blank=True, null=True, help_text="Test Unique Identifier") - name = models.CharField(max_length=400, help_text="Name of the test") - summary = models.CharField(max_length=800, help_text="Summary of the test") - objective = models.CharField(max_length=800, help_text="Objective of the test") - how_to_test = models.TextField(default=None, help_text="How to test the objective") - results_expected = models.CharField(max_length=800, help_text="What the results look like for a test") - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + identifier = models.CharField(max_length=20, blank=True, null=True, help_text=_("Test Unique Identifier")) + name = models.CharField(max_length=400, help_text=_("Name of the test")) + summary = models.CharField(max_length=800, help_text=_("Summary of the test")) + objective = models.CharField(max_length=800, help_text=_("Objective of the test")) + how_to_test = models.TextField(default=None, help_text=_("How to test the objective")) + results_expected = models.CharField(max_length=800, help_text=_("What the results look like for a test")) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) def __str__(self): return self.testing_guide_category.name + ': ' + self.name @@ -3349,8 +4248,8 @@ class Benchmark_Type(models.Model): benchmark_source = models.CharField(max_length=20, blank=False, null=True, choices=source, default='OWASP ASVS') - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) enabled = models.BooleanField(default=True) def __str__(self): @@ -3358,13 +4257,13 @@ def __str__(self): class Benchmark_Category(models.Model): - type = models.ForeignKey(Benchmark_Type, verbose_name='Benchmark Type', on_delete=models.CASCADE) + type = models.ForeignKey(Benchmark_Type, verbose_name=_('Benchmark Type'), on_delete=models.CASCADE) name = models.CharField(max_length=300) objective = models.TextField() references = models.TextField(blank=True, null=True) enabled = models.BooleanField(default=True) - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) class Meta: ordering = ('name',) @@ -3384,8 +4283,8 @@ class Benchmark_Requirement(models.Model): enabled = models.BooleanField(default=True) cwe_mapping = models.ManyToManyField(CWE, blank=True) testing_guide = models.ManyToManyField(Testing_Guide, blank=True) - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) def __str__(self): return str(self.objective_number) + ': ' + self.category.name @@ -3394,13 +4293,13 @@ def __str__(self): class Benchmark_Product(models.Model): product = models.ForeignKey(Product, on_delete=models.CASCADE) control = models.ForeignKey(Benchmark_Requirement, on_delete=models.CASCADE) - pass_fail = models.BooleanField(default=False, verbose_name='Pass', - help_text='Does the product meet the requirement?') + pass_fail = models.BooleanField(default=False, verbose_name=_('Pass'), + help_text=_('Does the product meet the requirement?')) enabled = models.BooleanField(default=True, - help_text='Applicable for this specific product.') + help_text=_('Applicable for this specific product.')) notes = models.ManyToManyField(Notes, blank=True, editable=False) - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) def __str__(self): return self.product.name + ': ' + self.control.objective_number + ': ' + self.control.category.name @@ -3421,15 +4320,15 @@ class Benchmark_Product_Summary(models.Model): current_level = models.CharField(max_length=15, blank=True, null=True, choices=asvs_level, default='None') - asvs_level_1_benchmark = models.IntegerField(null=False, default=0, help_text="Total number of active benchmarks for this application.") - asvs_level_1_score = models.IntegerField(null=False, default=0, help_text="ASVS Level 1 Score") - asvs_level_2_benchmark = models.IntegerField(null=False, default=0, help_text="Total number of active benchmarks for this application.") - asvs_level_2_score = models.IntegerField(null=False, default=0, help_text="ASVS Level 2 Score") - asvs_level_3_benchmark = models.IntegerField(null=False, default=0, help_text="Total number of active benchmarks for this application.") - asvs_level_3_score = models.IntegerField(null=False, default=0, help_text="ASVS Level 3 Score") - publish = models.BooleanField(default=False, help_text='Publish score to Product.') - created = models.DateTimeField(null=False, editable=False, default=now) - updated = models.DateTimeField(editable=False, default=now) + asvs_level_1_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application.")) + asvs_level_1_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 1 Score")) + asvs_level_2_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application.")) + asvs_level_2_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 2 Score")) + asvs_level_3_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application.")) + asvs_level_3_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 3 Score")) + publish = models.BooleanField(default=False, help_text=_('Publish score to Product.')) + created = models.DateTimeField(auto_now_add=True, null=False) + updated = models.DateTimeField(auto_now=True) def __str__(self): return self.product.name + ': ' + self.benchmark_type.name @@ -3438,77 +4337,6 @@ class Meta: unique_together = [('product', 'benchmark_type')] -# product_opts = [f.name for f in Product._meta.fields] -# test_opts = [f.name for f in Test._meta.fields] -# test_type_opts = [f.name for f in Test_Type._meta.fields] -finding_opts = [f.name for f in Finding._meta.fields if f.name not in ['last_status_update']] -# endpoint_opts = [f.name for f in Endpoint._meta.fields] -# engagement_opts = [f.name for f in Engagement._meta.fields] -# product_type_opts = [f.name for f in Product_Type._meta.fields] -# single_options = product_opts + test_opts + test_type_opts + finding_opts + \ -# endpoint_opts + engagement_opts + product_type_opts -all_options = [] -for x in finding_opts: - all_options.append((x, x)) -operator_options = (('Matches', 'Matches'), - ('Contains', 'Contains')) -application_options = (('Append', 'Append'), - ('Replace', 'Replace')) -blank_options = (('', ''),) - - -class Rule(models.Model): - # add UI notification to let people know what rules were applied - - name = models.CharField(max_length=200) - enabled = models.BooleanField(default=True) - text = models.TextField() - operator = models.CharField(max_length=30, choices=operator_options) - """ - model_object_options = (('Product', 'Product'), - ('Engagement', 'Engagement'), ('Test', 'Test'), - ('Finding', 'Finding'), ('Endpoint', 'Endpoint'), - ('Product Type', 'Product_Type'), ('Test Type', 'Test_Type')) - """ - model_object_options = (('Finding', 'Finding'),) - model_object = models.CharField(max_length=30, choices=model_object_options) - match_field = models.CharField(max_length=200, choices=all_options) - match_text = models.TextField() - application = models.CharField(max_length=200, choices=application_options) - applies_to = models.CharField(max_length=30, choices=model_object_options) - # TODO: Add or ? - # and_rules = models.ManyToManyField('self') - applied_field = models.CharField(max_length=200, choices=(all_options)) - child_rules = models.ManyToManyField('self', editable=False) - parent_rule = models.ForeignKey('self', editable=False, null=True, on_delete=models.CASCADE) - - -class Child_Rule(models.Model): - # add UI notification to let people know what rules were applied - operator = models.CharField(max_length=30, choices=operator_options) - """ - model_object_options = (('Product', 'Product'), - ('Engagement', 'Engagement'), ('Test', 'Test'), - ('Finding', 'Finding'), ('Endpoint', 'Endpoint'), - ('Product Type', 'Product_Type'), ('Test Type', 'Test_Type')) - """ - model_object_options = (('Finding', 'Finding'),) - model_object = models.CharField(max_length=30, choices=model_object_options) - match_field = models.CharField(max_length=200, choices=all_options) - match_text = models.TextField() - # TODO: Add or ? - # and_rules = models.ManyToManyField('self') - parent_rule = models.ForeignKey(Rule, editable=False, null=True, on_delete=models.CASCADE) - - -class FieldRule(models.Model): - field = models.CharField(max_length=200) - update_options = (('Append', 'Append'), - ('Replace', 'Replace')) - update_type = models.CharField(max_length=30, choices=update_options) - text = models.CharField(max_length=200) - - # ========================== # Defect Dojo Engaegment Surveys # ============================== @@ -3522,13 +4350,13 @@ class Meta: ordering = ['order'] order = models.PositiveIntegerField(default=1, - help_text='The render order') + help_text=_('The render order')) optional = models.BooleanField( default=False, - help_text="If selected, user doesn't have to answer this question") + help_text=_("If selected, user doesn't have to answer this question")) - text = models.TextField(blank=False, help_text='The question text', default='') + text = models.TextField(blank=False, help_text=_('The question text'), default='') def __str__(self): return self.text @@ -3570,7 +4398,7 @@ class ChoiceQuestion(Question): ''' multichoice = models.BooleanField(default=False, - help_text="Select one or more") + help_text=_("Select one or more")) choices = models.ManyToManyField(Choice) @@ -3592,7 +4420,7 @@ class Engagement_Survey(models.Model): active = models.BooleanField(default=True) class Meta: - verbose_name = "Engagement Survey" + verbose_name = _("Engagement Survey") verbose_name_plural = "Engagement Surveys" ordering = ('-active', 'name',) @@ -3609,19 +4437,19 @@ class Answered_Survey(models.Model): on_delete=models.CASCADE) # what surveys have been answered survey = models.ForeignKey(Engagement_Survey, on_delete=models.CASCADE) - assignee = models.ForeignKey(User, related_name='assignee', + assignee = models.ForeignKey(Dojo_User, related_name='assignee', null=True, blank=True, editable=True, default=None, on_delete=models.RESTRICT) # who answered it - responder = models.ForeignKey(User, related_name='responder', + responder = models.ForeignKey(Dojo_User, related_name='responder', null=True, blank=True, editable=True, default=None, on_delete=models.RESTRICT) completed = models.BooleanField(default=False) answered_on = models.DateField(null=True) class Meta: - verbose_name = "Answered Engagement Survey" - verbose_name_plural = "Answered Engagement Surveys" + verbose_name = _("Answered Engagement Survey") + verbose_name_plural = _("Answered Engagement Surveys") def __str__(self): return self.survey.name @@ -3634,8 +4462,8 @@ class General_Survey(models.Model): expiration = models.DateTimeField(null=False, blank=False) class Meta: - verbose_name = "General Engagement Survey" - verbose_name_plural = "General Engagement Surveys" + verbose_name = _("General Engagement Survey") + verbose_name_plural = _("General Engagement Surveys") def __str__(self): return self.survey.name @@ -3655,7 +4483,7 @@ class Answer(PolymorphicModel, TimeStampedModel): class TextAnswer(Answer): answer = models.TextField( blank=False, - help_text='The answer text', + help_text=_('The answer text'), default='') def __str__(self): @@ -3665,7 +4493,7 @@ def __str__(self): class ChoiceAnswer(Answer): answer = models.ManyToManyField( Choice, - help_text='The selected choices as the answer') + help_text=_('The selected choices as the answer')) def __str__(self): if len(self.answer.all()): @@ -3674,40 +4502,31 @@ def __str__(self): return 'No Response' -def enable_disable_auditlog(enable=True): - if enable: - # Register for automatic logging to database - logger.info('enabling audit logging') - auditlog.register(Dojo_User, exclude_fields=['password']) - auditlog.register(Endpoint) - auditlog.register(Engagement) - auditlog.register(Finding) - auditlog.register(Product) - auditlog.register(Test) - auditlog.register(Risk_Acceptance) - auditlog.register(Finding_Template) - auditlog.register(Cred_User, exclude_fields=['password']) - else: - logger.info('disabling audit logging') - auditlog.unregister(Dojo_User) - auditlog.unregister(Endpoint) - auditlog.unregister(Engagement) - auditlog.unregister(Finding) - auditlog.unregister(Product) - auditlog.unregister(Test) - auditlog.unregister(Risk_Acceptance) - auditlog.unregister(Finding_Template) - auditlog.unregister(Cred_User) - +if settings.ENABLE_AUDITLOG: + # Register for automatic logging to database + logger.info('enabling audit logging') + auditlog.register(Dojo_User, exclude_fields=['password']) + auditlog.register(Endpoint) + auditlog.register(Engagement) + auditlog.register(Finding) + auditlog.register(Product_Type) + auditlog.register(Product) + auditlog.register(Test) + auditlog.register(Risk_Acceptance) + auditlog.register(Finding_Template) + auditlog.register(Cred_User, exclude_fields=['password']) -from dojo.utils import calculate_grade, get_system_setting, to_str_typed -enable_disable_auditlog(enable=get_system_setting('enable_auditlog')) # on startup choose safe to retrieve system settiung) +from dojo.utils import calculate_grade, to_str_typed tagulous.admin.register(Product.tags) tagulous.admin.register(Test.tags) +tagulous.admin.register(Test.inherited_tags) tagulous.admin.register(Finding.tags) +tagulous.admin.register(Finding.inherited_tags) tagulous.admin.register(Engagement.tags) +tagulous.admin.register(Engagement.inherited_tags) tagulous.admin.register(Endpoint.tags) +tagulous.admin.register(Endpoint.inherited_tags) tagulous.admin.register(Finding_Template.tags) tagulous.admin.register(App_Analysis.tags) tagulous.admin.register(Objects_Product.tags) @@ -3739,6 +4558,8 @@ def enable_disable_auditlog(enable=True): admin.site.register(Risk_Acceptance) admin.site.register(Check_List) admin.site.register(Test_Type) +admin.site.register(Endpoint_Params) +admin.site.register(Endpoint_Status) admin.site.register(Endpoint) admin.site.register(Product) admin.site.register(Product_Type) @@ -3750,6 +4571,9 @@ def enable_disable_auditlog(enable=True): admin.site.register(JIRA_Instance, JIRA_Instance_Admin) admin.site.register(JIRA_Project) admin.site.register(GITHUB_Conf) +admin.site.register(GITHUB_Issue) +admin.site.register(GITHUB_Clone) +admin.site.register(GITHUB_Details_Cache) admin.site.register(GITHUB_PKey) admin.site.register(Tool_Configuration, Tool_Configuration_Admin) admin.site.register(Tool_Product_Settings) @@ -3757,6 +4581,7 @@ def enable_disable_auditlog(enable=True): admin.site.register(Cred_User) admin.site.register(Cred_Mapping) admin.site.register(System_Settings, System_SettingsAdmin) +admin.site.register(SLA_Configuration) admin.site.register(CWE) admin.site.register(Regulation) admin.site.register(Global_Role) @@ -3766,3 +4591,30 @@ def enable_disable_auditlog(enable=True): # SonarQube Integration admin.site.register(Sonarqube_Issue) admin.site.register(Sonarqube_Issue_Transition) + +admin.site.register(Dojo_Group_Member) +admin.site.register(Product_Member) +admin.site.register(Product_Group) +admin.site.register(Product_Type_Member) +admin.site.register(Product_Type_Group) + +admin.site.register(Contact) +admin.site.register(NoteHistory) +admin.site.register(Product_Line) +admin.site.register(Report_Type) +admin.site.register(DojoMeta) +admin.site.register(Product_API_Scan_Configuration) +admin.site.register(Development_Environment) +admin.site.register(Finding_Template) +admin.site.register(Vulnerability_Id) +admin.site.register(Vulnerability_Id_Template) +admin.site.register(BurpRawRequestResponse) +admin.site.register(Announcement) +admin.site.register(UserAnnouncement) +admin.site.register(BannerConf) +admin.site.register(Notifications, NotificationsAdmin) +admin.site.register(Tool_Product_History) +admin.site.register(General_Survey) +admin.site.register(Test_Import) +admin.site.register(Test_Import_Finding_Action) +admin.site.register(Finding_Group) diff --git a/dojo/note_type/urls.py b/dojo/note_type/urls.py index 1e89c1356b7..6f991726d83 100644 --- a/dojo/note_type/urls.py +++ b/dojo/note_type/urls.py @@ -1,16 +1,16 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.note_type import views urlpatterns = [ - url(r'^note_type$', + re_path(r'^note_type$', views.note_type, name='note_type'), - url(r'^note/type/(?P\d+)/edit$', + re_path(r'^note/type/(?P\d+)/edit$', views.edit_note_type, name='edit_note_type'), - url(r'^note/type/(?P\d+)/disable$', + re_path(r'^note/type/(?P\d+)/disable$', views.disable_note_type, name='disable_note_type'), - url(r'^note/type/(?P\d+)/enable$', + re_path(r'^note/type/(?P\d+)/enable$', views.enable_note_type, name='enable_note_type'), - url(r'^add_note_type$', + re_path(r'^add_note_type$', views.add_note_type, name='add_note_type'), ] diff --git a/dojo/note_type/views.py b/dojo/note_type/views.py index ab41d714f19..76d9c051b99 100644 --- a/dojo/note_type/views.py +++ b/dojo/note_type/views.py @@ -1,6 +1,5 @@ import logging -from django.contrib.auth.decorators import user_passes_test from django.shortcuts import render, get_object_or_404 from django.contrib import messages from django.urls import reverse @@ -10,11 +9,12 @@ from dojo.models import Note_Type from dojo.filters import NoteTypesFilter from dojo.utils import get_page_items, add_breadcrumb +from dojo.authorization.authorization_decorators import user_is_configuration_authorized logger = logging.getLogger(__name__) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.view_note_type') def note_type(request): initial_queryset = Note_Type.objects.all().order_by('name') name_words = initial_queryset.values_list('name', flat=True) @@ -30,7 +30,7 @@ def note_type(request): 'name_words': name_words}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.change_note_type') def edit_note_type(request, ntid): nt = get_object_or_404(Note_Type, pk=ntid) is_single = nt.is_single @@ -56,7 +56,7 @@ def edit_note_type(request, ntid): 'nt': nt}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.change_note_type') def disable_note_type(request, ntid): nt = get_object_or_404(Note_Type, pk=ntid) nt_form = DisableOrEnableNoteTypeForm(instance=nt) @@ -81,7 +81,7 @@ def disable_note_type(request, ntid): 'nt': nt}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.change_note_type') def enable_note_type(request, ntid): nt = get_object_or_404(Note_Type, pk=ntid) nt_form = DisableOrEnableNoteTypeForm(instance=nt) @@ -105,13 +105,13 @@ def enable_note_type(request, ntid): 'nt': nt}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.add_note_type') def add_note_type(request): form = NoteTypeForm() if request.method == 'POST': form = NoteTypeForm(request.POST) if form.is_valid(): - note_type = form.save() + form.save() messages.add_message(request, messages.SUCCESS, 'Note Type added successfully.', diff --git a/dojo/notes/urls.py b/dojo/notes/urls.py index 7985edbc2a9..92435303f5a 100644 --- a/dojo/notes/urls.py +++ b/dojo/notes/urls.py @@ -1,8 +1,8 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^notes/(?P\d+)/delete/(?P[\w-]+)/(?P\d+)$', views.delete_note, name='delete_note'), - url(r'^notes/(?P\d+)/edit/(?P[\w-]+)/(?P\d+)$', views.edit_note, name='edit_note'), - url(r'^notes/(?P\d+)/history/(?P[\w-]+)/(?P\d+)$', views.note_history, name='note_history') + re_path(r'^notes/(?P\d+)/delete/(?P[\w-]+)/(?P\d+)$', views.delete_note, name='delete_note'), + re_path(r'^notes/(?P\d+)/edit/(?P[\w-]+)/(?P\d+)$', views.edit_note, name='edit_note'), + re_path(r'^notes/(?P\d+)/history/(?P[\w-]+)/(?P\d+)$', views.note_history, name='note_history') ] diff --git a/dojo/notes/views.py b/dojo/notes/views.py index 9e50950be70..edea3a9ca62 100644 --- a/dojo/notes/views.py +++ b/dojo/notes/views.py @@ -8,6 +8,7 @@ from django.shortcuts import get_object_or_404, render from django.core.exceptions import PermissionDenied from django.utils import timezone +from django.utils.translation import gettext as _ # Local application/library imports from dojo.forms import DeleteNoteForm, NoteForm, TypedNoteForm @@ -46,12 +47,12 @@ def delete_note(request, id, page, objid): note.delete() messages.add_message(request, messages.SUCCESS, - 'Note deleted.', + _('Note deleted.'), extra_tags='alert-success') else: messages.add_message(request, messages.SUCCESS, - 'Note was not succesfully deleted.', + _('Note was not succesfully deleted.'), extra_tags='alert-danger') return HttpResponseRedirect(reverse(reverse_url, args=(object_id, ))) @@ -62,6 +63,9 @@ def edit_note(request, id, page, objid): reverse_url = None object_id = None + if page is None: + raise PermissionDenied + if page == "engagement": object = get_object_or_404(Engagement, id=objid) object_id = object.id @@ -75,8 +79,6 @@ def edit_note(request, id, page, objid): object_id = object.id reverse_url = "view_finding" - if page is None: - raise PermissionDenied if str(request.user) != note.author.username: user_has_permission_or_403(request.user, object, Permissions.Note_Edit) @@ -112,13 +114,13 @@ def edit_note(request, id, page, objid): form = NoteForm() messages.add_message(request, messages.SUCCESS, - 'Note edited.', + _('Note edited.'), extra_tags='alert-success') return HttpResponseRedirect(reverse(reverse_url, args=(object_id, ))) else: messages.add_message(request, messages.SUCCESS, - 'Note was not succesfully edited.', + _('Note was not succesfully edited.'), extra_tags='alert-danger') else: if note_type_activation: diff --git a/dojo/notifications/helper.py b/dojo/notifications/helper.py index 884fc788550..d4a95109d9f 100644 --- a/dojo/notifications/helper.py +++ b/dojo/notifications/helper.py @@ -1,15 +1,18 @@ -import requests import logging +import requests + from django.core.mail import EmailMessage -from dojo.models import Notifications, Dojo_User, Alerts, UserContactInfo, System_Settings +from django.db.models import Q, Count, Prefetch from django.template import TemplateDoesNotExist from django.template.loader import render_to_string -from django.db.models import Q, Count, Prefetch from django.urls import reverse -from dojo.celery import app -from dojo.user.queries import get_authorized_users_for_product_and_product_type, get_authorized_users_for_product_type +from django.utils.translation import gettext as _ + from dojo.authorization.roles_permissions import Permissions +from dojo.celery import app from dojo.decorators import dojo_async_task, we_want_async +from dojo.models import Notifications, Dojo_User, Alerts, UserContactInfo, System_Settings +from dojo.user.queries import get_authorized_users_for_product_and_product_type, get_authorized_users_for_product_type logger = logging.getLogger(__name__) @@ -17,13 +20,23 @@ def create_notification(event=None, **kwargs): system_settings = System_Settings.objects.get() kwargs["system_settings"] = system_settings + # System notifications + try: + system_notifications = Notifications.objects.get(user=None, template=False) + except Exception: + system_notifications = Notifications() if 'recipients' in kwargs: # mimic existing code so that when recipients is specified, no other system or personal notifications are sent. - logger.debug('creating notifications for recipients') + logger.debug('creating notifications for recipients: %s', kwargs['recipients']) for recipient_notifications in Notifications.objects.filter(user__username__in=kwargs['recipients'], user__is_active=True, product=None): - # kwargs.update({'user': recipient_notifications.user}) - process_notifications(event, recipient_notifications, **kwargs) + # merge the system level notifications with the personal level + # this allows for system to trump the personal + merged_notifications = Notifications.merge_notifications_list([system_notifications, recipient_notifications]) + merged_notifications.user = recipient_notifications.user + logger.debug('Sent notification to %s', merged_notifications.user) + process_notifications(event, merged_notifications, **kwargs) + else: logger.debug('creating system notifications for event: %s', event) # send system notifications to all admin users @@ -32,25 +45,29 @@ def create_notification(event=None, **kwargs): product_type = None if 'product_type' in kwargs: product_type = kwargs.get('product_type') + logger.debug("Defined product type %s", product_type) product = None if 'product' in kwargs: product = kwargs.get('product') + logger.debug("Defined product %s", product) + elif 'engagement' in kwargs: product = kwargs['engagement'].product + logger.debug("Defined product of engagement %s", product) + elif 'test' in kwargs: product = kwargs['test'].engagement.product + logger.debug("Defined product of test %s", product) + elif 'finding' in kwargs: product = kwargs['finding'].test.engagement.product + logger.debug("Defined product of finding %s", product) + elif 'obj' in kwargs: from dojo.utils import get_product product = get_product(kwargs['obj']) - - # System notifications - try: - system_notifications = Notifications.objects.get(user=None) - except Exception: - system_notifications = Notifications() + logger.debug("Defined product of obj %s", product) # System notifications are sent one with user=None, which will trigger email to configured system email, to global slack channel, etc. process_notifications(event, system_notifications, **kwargs) @@ -70,19 +87,28 @@ def create_notification(event=None, **kwargs): queryset=Notifications.objects.filter(Q(product_id=product) | Q(product__isnull=True)), to_attr="applicable_notifications" )).annotate(applicable_notifications_count=Count('notifications__id', filter=Q(notifications__product_id=product) | Q(notifications__product__isnull=True)))\ - .filter((Q(applicable_notifications_count__gt=0) | Q(is_superuser=True) | Q(is_staff=True))) + .filter((Q(applicable_notifications_count__gt=0) | Q(is_superuser=True))) # only send to authorized users or admin/superusers + logger.debug('Filtering users for the product %s', product) + if product: users = get_authorized_users_for_product_and_product_type(users, product, Permissions.Product_View) + elif product_type: users = get_authorized_users_for_product_type(users, product_type, Permissions.Product_Type_View) + else: + # nor product_type nor product defined, we should not make noise and send only notifications to admins + logger.debug('Product is not specified, making it silent') + users = users.filter(is_superuser=True) for user in users: + logger.debug("Authorized user for the product %s", user) # send notifications to user after merging possible multiple notifications records (i.e. personal global + personal product) # kwargs.update({'user': user}) applicable_notifications = user.applicable_notifications - if user.is_staff or user.is_superuser: + if user.is_superuser: + logger.debug("User %s is superuser", user) # admin users get all system notifications applicable_notifications.append(system_notifications) @@ -94,31 +120,31 @@ def create_notification(event=None, **kwargs): def create_description(event, *args, **kwargs): if "description" not in kwargs.keys(): if event == 'product_added': - kwargs["description"] = "Product " + kwargs['title'] + " has been created successfully." + kwargs["description"] = _('Product %(title)s has been created successfully.' % {'title': kwargs['title']}) elif event == 'product_type_added': - kwargs["description"] = "Product Type " + kwargs['title'] + " has been created successfully." + kwargs["description"] = _('Product Type %(title)s has been created successfully.' % {'title': kwargs['title']}) else: - kwargs["description"] = "Event " + str(event) + " has occured." + kwargs["description"] = _('Event %(event)s has occurred.' % {'event': str(event)}) return kwargs["description"] def create_notification_message(event, user, notification_type, *args, **kwargs): - template = 'notifications/%s.tpl' % event.replace('/', '') - kwargs.update({'type': notification_type}) + template = f"notifications/{notification_type}/{event.replace('/', '')}.tpl" kwargs.update({'user': user}) notification_message = None try: notification_message = render_to_string(template, kwargs) + logger.debug("Rendering from the template %s", template) except TemplateDoesNotExist: logger.debug('template not found or not implemented yet: %s', template) except Exception as e: - logger.error("error during rendeing of template %s exception is %s", template, e) + logger.error("error during rendering of template %s exception is %s", template, e) finally: if not notification_message: kwargs["description"] = create_description(event, *args, **kwargs) - notification_message = render_to_string('notifications/other.tpl', kwargs) + notification_message = render_to_string(f"notifications/{notification_type}/other.tpl", kwargs) return notification_message if notification_message else '' @@ -127,7 +153,7 @@ def process_notifications(event, notifications=None, **kwargs): from dojo.utils import get_system_setting if not notifications: - logger.warn('no notifications!') + logger.warning('no notifications!') return logger.debug('sending notification ' + ('asynchronously' if we_want_async() else 'synchronously')) @@ -244,8 +270,11 @@ def send_msteams_notification(event, user=None, *args, **kwargs): @app.task def send_mail_notification(event, user=None, *args, **kwargs): from dojo.utils import get_system_setting - - if user: + email_from_address = get_system_setting('email_from') + # Attempt to get the "to" address + if "recipient" in kwargs: + address = kwargs.get("recipient") + elif user: address = user.email else: address = get_system_setting('mail_notifications_to') @@ -253,26 +282,25 @@ def send_mail_notification(event, user=None, *args, **kwargs): logger.debug('notification email for user %s to %s', user, address) try: - subject = '%s notification' % get_system_setting('team_name') + subject = f"{get_system_setting('team_name')} notification" if 'title' in kwargs: - subject += ': %s' % kwargs['title'] + subject += f": {kwargs['title']}" email = EmailMessage( subject, create_notification_message(event, user, 'mail', *args, **kwargs), - get_system_setting('email_from'), + email_from_address, [address], - headers={"From": "{}".format(get_system_setting('email_from'))} + headers={"From": f"{email_from_address}"}, ) email.content_subtype = 'html' logger.debug('sending email alert') - # logger.info(create_notification_message(event, 'mail')) + # logger.info(create_notification_message(event, user, 'mail', *args, **kwargs)) email.send(fail_silently=False) except Exception as e: logger.exception(e) log_alert(e, "Email Notification", title=kwargs['title'], description=str(e), url=kwargs['url']) - pass def send_alert_notification(event, user=None, *args, **kwargs): @@ -308,28 +336,26 @@ def get_slack_user_id(user_email): url='https://slack.com/api/users.lookupByEmail', data={'token': get_system_setting('slack_token'), 'email': user_email}) - users = json.loads(res.text) + user = json.loads(res.text) slack_user_is_found = False - if users: - if 'error' in users: + if user: + if 'error' in user: logger.error("Slack is complaining. See error message below.") - logger.error(users) + logger.error(user) raise RuntimeError('Error getting user list from Slack: ' + res.text) else: - for member in users["members"]: - if "email" in member["profile"]: - if user_email == member["profile"]["email"]: - if "id" in member: - user_id = member["id"] - logger.debug("Slack user ID is {}".format(user_id)) - slack_user_is_found = True - break - else: - logger.warn("A user with email {} could not be found in this Slack workspace.".format(user_email)) + if "email" in user["user"]["profile"]: + if user_email == user["user"]["profile"]["email"]: + if "id" in user["user"]: + user_id = user["user"]["id"] + logger.debug("Slack user ID is {}".format(user_id)) + slack_user_is_found = True + else: + logger.warning("A user with email {} could not be found in this Slack workspace.".format(user_email)) if not slack_user_is_found: - logger.warn("The Slack user was not found.") + logger.warning("The Slack user was not found.") return user_id @@ -337,7 +363,7 @@ def get_slack_user_id(user_email): def log_alert(e, notification_type=None, *args, **kwargs): # no try catch here, if this fails we need to show an error - users = Dojo_User.objects.filter((Q(is_superuser=True) | Q(is_staff=True))) + users = Dojo_User.objects.filter(is_superuser=True) for user in users: alert = Alerts( user_id=user, @@ -357,8 +383,21 @@ def notify_test_created(test): url=reverse('view_test', args=(test.id,))) -def notify_scan_added(test, updated_count, new_findings, findings_mitigated=[], findings_reactivated=[], findings_untouched=[]): +def notify_scan_added(test, updated_count, new_findings=[], findings_mitigated=[], findings_reactivated=[], findings_untouched=[]): + logger.debug("Scan added notifications") + + new_findings = sorted(list(new_findings), key=lambda x: x.numerical_severity) + findings_mitigated = sorted(list(findings_mitigated), key=lambda x: x.numerical_severity) + findings_reactivated = sorted(list(findings_reactivated), key=lambda x: x.numerical_severity) + findings_untouched = sorted(list(findings_untouched), key=lambda x: x.numerical_severity) + title = 'Created/Updated ' + str(updated_count) + " findings for " + str(test.engagement.product) + ': ' + str(test.engagement.name) + ': ' + str(test) - create_notification(event='scan_added', title=title, findings_new=new_findings, findings_mitigated=findings_mitigated, findings_reactivated=findings_reactivated, + + if updated_count == 0: + event = 'scan_added_empty' + else: + event = 'scan_added' + + create_notification(event=event, title=title, findings_new=new_findings, findings_mitigated=findings_mitigated, findings_reactivated=findings_reactivated, finding_count=updated_count, test=test, engagement=test.engagement, product=test.engagement.product, findings_untouched=findings_untouched, url=reverse('view_test', args=(test.id,))) diff --git a/dojo/notifications/urls.py b/dojo/notifications/urls.py index 83bc76b7861..68d8c3f22a6 100644 --- a/dojo/notifications/urls.py +++ b/dojo/notifications/urls.py @@ -1,8 +1,9 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^notifications$', views.personal_notifications, name='notifications'), - url(r'^notifications/system$', views.system_notifications, name='system_notifications'), - url(r'^notifications/personal$', views.personal_notifications, name='personal_notifications') + re_path(r'^notifications$', views.PersonalNotificationsView.as_view(), name='notifications'), + re_path(r'^notifications/system$', views.SystemNotificationsView.as_view(), name='system_notifications'), + re_path(r'^notifications/personal$', views.PersonalNotificationsView.as_view(), name='personal_notifications'), + re_path(r'^notifications/template$', views.TemplateNotificationsView.as_view(), name='template_notifications') ] diff --git a/dojo/notifications/views.py b/dojo/notifications/views.py index e5e08115f70..98386db17c9 100644 --- a/dojo/notifications/views.py +++ b/dojo/notifications/views.py @@ -1,66 +1,132 @@ -# # product import logging from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test from django.shortcuts import render +from django.http import HttpRequest +from django.utils.translation import gettext as _ +from django.views import View +from django.core.exceptions import PermissionDenied from dojo.models import Notifications from dojo.utils import get_enabled_notifications_list from dojo.utils import add_breadcrumb from dojo.forms import NotificationsForm - logger = logging.getLogger(__name__) -def personal_notifications(request): - try: - notifications_obj = Notifications.objects.get(user=request.user, product__isnull=True) - except: - notifications_obj = Notifications(user=request.user) - - form = NotificationsForm(instance=notifications_obj) - - if request.method == 'POST': - form = NotificationsForm(request.POST, instance=notifications_obj) - if form.is_valid(): - new_settings = form.save() - messages.add_message(request, - messages.SUCCESS, - 'Settings saved.', - extra_tags='alert-success') - - add_breadcrumb(title="Personal notification settings", top_level=False, request=request) - - return render(request, 'dojo/notifications.html', - {'form': form, - 'scope': 'personal', - 'enabled_notifications': get_enabled_notifications_list(), - 'admin': request.user.is_superuser - }) - - -@user_passes_test(lambda u: u.is_superuser) -def system_notifications(request): - try: - notifications_obj = Notifications.objects.get(user=None, product__isnull=True) - except: - notifications_obj = Notifications(user=None) - - form = NotificationsForm(instance=notifications_obj) - if request.method == 'POST': - form = NotificationsForm(request.POST, instance=notifications_obj) - if form.is_valid(): - new_settings = form.save() - messages.add_message(request, - messages.SUCCESS, - 'Settings saved.', - extra_tags='alert-success') - - add_breadcrumb(title="System notification settings", top_level=False, request=request) - return render(request, 'dojo/notifications.html', - {'form': form, - 'scope': 'system', - 'enabled_notifications': get_enabled_notifications_list(), - 'admin': request.user.is_superuser}) +class SystemNotificationsView(View): + def get_notifications(self, request: HttpRequest): + try: + notifications = Notifications.objects.get(user=None, product__isnull=True, template=False) + except Notifications.DoesNotExist: + notifications = Notifications(user=None, template=False) + + return notifications + + def check_user_permissions(self, request: HttpRequest): + if not request.user.is_superuser: + raise PermissionDenied() + + def get_form(self, request: HttpRequest, notifications: Notifications): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "instance": notifications, + } + + return NotificationsForm(*args, **kwargs) + + def get_enabled_notifications(self): + return get_enabled_notifications_list() + + def get_initial_context(self, request: HttpRequest, notifications: Notifications, scope: str): + return { + 'form': self.get_form(request, notifications), + 'scope': scope, + 'enabled_notifications': self.get_enabled_notifications(), + 'admin': request.user.is_superuser + } + + def set_breadcrumbs(self, request: HttpRequest): + add_breadcrumb(title=_("System notification settings"), top_level=False, request=request) + return request + + def process_form(self, request: HttpRequest, context: dict): + if context["form"].is_valid(): + context["form"].save() + messages.add_message( + request, + messages.SUCCESS, + _('Settings saved.'), + extra_tags='alert-success') + return request, True + return request, False + + def get_template(self): + return "dojo/notifications.html" + + def get_scope(self): + return "system" + + def get(self, request: HttpRequest): + # Check permissions + self.check_user_permissions(request) + # Get the notifications object + notifications = self.get_notifications(request) + # Set up the initial context + context = self.get_initial_context(request, notifications, self.get_scope()) + # Add any breadcrumbs + request = self.set_breadcrumbs(request) + # Render the page + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest): + # Check permissions + self.check_user_permissions(request) + # Get the notifications object + notifications = self.get_notifications(request) + # Set up the initial context + context = self.get_initial_context(request, notifications, self.get_scope()) + # Determine the validity of the form + request, success = self.process_form(request, context) + # Add any breadcrumbs + request = self.set_breadcrumbs(request) + # Render the page + return render(request, self.get_template(), context) + + +class PersonalNotificationsView(SystemNotificationsView): + def get_notifications(self, request: HttpRequest): + try: + notifications = Notifications.objects.get(user=request.user, product__isnull=True) + except Notifications.DoesNotExist: + notifications = Notifications(user=request.user) + return notifications + + def check_user_permissions(self, request: HttpRequest): + pass + + def get_scope(self): + return "personal" + + def set_breadcrumbs(self, request: HttpRequest): + add_breadcrumb(title=_("Personal notification settings"), top_level=False, request=request) + return request + + +class TemplateNotificationsView(SystemNotificationsView): + def get_notifications(self, request: HttpRequest): + try: + notifications = Notifications.objects.get(template=True) + except Notifications.DoesNotExist: + notifications = Notifications(user=None, template=True) + return notifications + + def get_scope(self): + return "template" + + def set_breadcrumbs(self, request: HttpRequest): + add_breadcrumb(title=_("Template notification settings"), top_level=False, request=request) + return request diff --git a/dojo/object/urls.py b/dojo/object/urls.py index 735a803fb94..4859ccbd119 100644 --- a/dojo/object/urls.py +++ b/dojo/object/urls.py @@ -1,10 +1,10 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^product/(?P\d+)/object/add$', views.new_object, name='new_object'), - url(r'^product/(?P\d+)/object/(?P\d+)/edit$', views.edit_object, name='edit_object'), - url(r'^product/(?P\d+)/object/view$', views.view_objects, name='view_objects'), - url(r'^product/(?P\d+)/object/(?P\d+)/delete$', views.delete_object, + re_path(r'^product/(?P\d+)/object/add$', views.new_object, name='new_object'), + re_path(r'^product/(?P\d+)/object/(?P\d+)/edit$', views.edit_object, name='edit_object'), + re_path(r'^product/(?P\d+)/object/view$', views.view_objects, name='view_objects'), + re_path(r'^product/(?P\d+)/object/(?P\d+)/delete$', views.delete_object, name='delete_object'), ] diff --git a/dojo/object/views.py b/dojo/object/views.py index fffa2921f85..ec2b1f7b459 100644 --- a/dojo/object/views.py +++ b/dojo/object/views.py @@ -30,7 +30,7 @@ def new_object(request, pid): return HttpResponseRedirect(reverse('view_objects', args=(pid,))) else: tform = ObjectSettingsForm() - product_tab = Product_Tab(pid, title="Add Tracked Files to a Product", tab="settings") + product_tab = Product_Tab(prod, title="Add Tracked Files to a Product", tab="settings") return render(request, 'dojo/new_object.html', {'tform': tform, @@ -43,7 +43,7 @@ def view_objects(request, pid): product = get_object_or_404(Product, id=pid) object_queryset = Objects_Product.objects.filter(product=pid).order_by('path', 'folder', 'artifact') - product_tab = Product_Tab(pid, title="Tracked Product Files, Paths and Artifacts", tab="settings") + product_tab = Product_Tab(product, title="Tracked Product Files, Paths and Artifacts", tab="settings") return render(request, 'dojo/view_objects.html', { @@ -73,7 +73,7 @@ def edit_object(request, pid, ttid): else: tform = ObjectSettingsForm(instance=object) - product_tab = Product_Tab(pid, title="Edit Tracked Files", tab="settings") + product_tab = Product_Tab(product, title="Edit Tracked Files", tab="settings") return render(request, 'dojo/edit_object.html', { @@ -100,7 +100,7 @@ def delete_object(request, pid, ttid): else: tform = DeleteObjectsSettingsForm(instance=object) - product_tab = Product_Tab(pid, title="Delete Product Tool Configuration", tab="settings") + product_tab = Product_Tab(product, title="Delete Product Tool Configuration", tab="settings") return render(request, 'dojo/delete_object.html', { diff --git a/dojo/okta.py b/dojo/okta.py index e600668b397..c42b065250c 100644 --- a/dojo/okta.py +++ b/dojo/okta.py @@ -85,7 +85,7 @@ def validate_and_return_id_token(self, id_token, access_token): except ExpiredSignatureError: k = key break - except JWTError as e: + except JWTError: if k is None and client_id == 'a-key': k = self.get_jwks_keys()[0] pass diff --git a/dojo/pipeline.py b/dojo/pipeline.py index a346acf41ac..130a795e092 100644 --- a/dojo/pipeline.py +++ b/dojo/pipeline.py @@ -1,13 +1,18 @@ import gitlab import re +import logging +import requests +import social_core.pipeline.user from django.conf import settings -from dojo.models import Product, Product_Member, Product_Type, System_Settings, Role +from dojo.models import Product, Product_Member, Product_Type, Role, Dojo_Group, Dojo_Group_Member from social_core.backends.azuread_tenant import AzureADTenantOAuth2 from social_core.backends.google import GoogleOAuth2 from dojo.authorization.roles_permissions import Permissions, Roles from dojo.product.queries import get_authorized_products +logger = logging.getLogger(__name__) + def social_uid(backend, details, response, *args, **kwargs): if settings.AZUREAD_TENANT_OAUTH2_ENABLED and isinstance(backend, AzureADTenantOAuth2): @@ -57,13 +62,71 @@ def social_uid(backend, details, response, *args, **kwargs): def modify_permissions(backend, uid, user=None, social=None, *args, **kwargs): - if kwargs.get('is_new'): - system_settings = System_Settings.objects.get() - if system_settings.staff_user_email_pattern is not None and \ - re.fullmatch(system_settings.staff_user_email_pattern, user.email) is not None: - user.is_staff = True - else: - user.is_staff = False + pass + + +def update_azure_groups(backend, uid, user=None, social=None, *args, **kwargs): + if settings.AZUREAD_TENANT_OAUTH2_ENABLED and settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS and isinstance(backend, AzureADTenantOAuth2): + # In some wild cases, there could be two social auth users + # connected to the same DefectDojo user. Grab the newest one + soc = user.social_auth.order_by("-created").first() + token = soc.extra_data['access_token'] + group_names = [] + if 'groups' not in kwargs['response'] or kwargs['response']['groups'] == "": + logger.warning("No groups in response. Stopping to update groups of user based on azureAD") + return + group_IDs = kwargs['response']['groups'] + for group_from_response in group_IDs: + try: + logger.debug("Analysing Group_ID " + group_from_response) + request_headers = {'Authorization': 'Bearer ' + token} + if is_group_id(group_from_response): + logger.debug("detected " + group_from_response + " as groupID and will fetch the displayName from microsoft graph") + group_name_request = requests.get((str(soc.extra_data['resource']) + '/v1.0/groups/' + str(group_from_response) + '?$select=displayName'), headers=request_headers) + group_name_request.raise_for_status() + group_name_request_json = group_name_request.json() + group_name = group_name_request_json['displayName'] + else: + logger.debug("detected " + group_from_response + " as group name and will not call microsoft graph") + group_name = group_from_response + + if settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER == "" or re.search(settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER, group_name): + group_names.append(group_name) + else: + logger.debug("Skipping group " + group_name + " due to AZUREAD_TENANT_OAUTH2_GROUPS_FILTER " + settings.AZUREAD_TENANT_OAUTH2_GROUPS_FILTER) + continue + except Exception as e: + logger.error(f"Could not call microsoft graph API or save groups to member: {e}") + if len(group_names) > 0: + assign_user_to_groups(user, group_names, Dojo_Group.AZURE) + if settings.AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS: + cleanup_old_groups_for_user(user, group_names) + + +def is_group_id(group): + if re.search(r'^[a-zA-Z0-9]{8,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{12,}$', group): + return True + else: + return False + + +def assign_user_to_groups(user, group_names, social_provider): + for group_name in group_names: + group, created_group = Dojo_Group.objects.get_or_create(name=group_name, social_provider=social_provider) + if created_group: + logger.debug("Group %s for social provider %s was created", str(group), social_provider) + group_member, is_member_created = Dojo_Group_Member.objects.get_or_create(group=group, user=user, defaults={ + 'role': Role.objects.get(id=Roles.Maintainer)}) + if is_member_created: + logger.debug("User %s become member of group %s (social provider: %s)", user, str(group), social_provider) + + +def cleanup_old_groups_for_user(user, group_names): + for group_member in Dojo_Group_Member.objects.select_related('group').filter(user=user): + group = group_member.group + if str(group) not in group_names: + logger.debug("Deleting membership of user %s from %s group %s", user, group.social_provider, str(group)) + group_member.delete() def update_product_access(backend, uid, user=None, social=None, *args, **kwargs): @@ -109,3 +172,17 @@ def update_product_access(backend, uid, user=None, social=None, *args, **kwargs) if product_name not in project_names: product = Product.objects.get(name=product_name) Product_Member.objects.filter(product=product, user=user).delete() + + +def sanitize_username(username): + allowed_chars_regex = re.compile(r'[\w@.+_-]') + allowed_chars = filter(lambda char: allowed_chars_regex.match(char), list(username)) + return "".join(allowed_chars) + + +def create_user(strategy, details, backend, user=None, *args, **kwargs): + if not settings.SOCIAL_AUTH_CREATE_USER: + return + else: + details["username"] = sanitize_username(details.get("username")) + return social_core.pipeline.user.create_user(strategy, details, backend, user, args, kwargs) diff --git a/dojo/product/helpers.py b/dojo/product/helpers.py new file mode 100644 index 00000000000..74530744cde --- /dev/null +++ b/dojo/product/helpers.py @@ -0,0 +1,58 @@ +import contextlib +import logging +from dojo.celery import app +from dojo.models import SLA_Configuration, Product, Engagement, Test, Finding, Endpoint +from dojo.decorators import dojo_async_task + + +logger = logging.getLogger(__name__) + + +@dojo_async_task +@app.task +def update_sla_expiration_dates_product_async(product, sla_config, *args, **kwargs): + update_sla_expiration_dates_product_sync(product, sla_config) + + +def update_sla_expiration_dates_product_sync(product, sla_config): + logger.info(f"Updating finding SLA expiration dates within product {product}") + # update each finding that is within the SLA configuration that was saved + for f in Finding.objects.filter(test__engagement__product=product): + f.save() + # reset the async updating flag to false for the sla config assigned to this product + if sla_config: + sla_config.async_updating = False + super(SLA_Configuration, sla_config).save() + # set the async updating flag to false for the sla config assigned to this product + product.async_updating = False + super(Product, product).save() + + +@dojo_async_task +@app.task +def propagate_tags_on_product(product_id, *args, **kwargs): + with contextlib.suppress(Product.DoesNotExist): + product = Product.objects.get(id=product_id) + propagate_tags_on_product_sync(product) + + +def propagate_tags_on_product_sync(product): + # enagagements + logger.debug(f"Propagating tags from {product} to all engagements") + propagate_tags_on_object_list(Engagement.objects.filter(product=product)) + # tests + logger.debug(f"Propagating tags from {product} to all tests") + propagate_tags_on_object_list(Test.objects.filter(engagement__product=product)) + # findings + logger.debug(f"Propagating tags from {product} to all findings") + propagate_tags_on_object_list(Finding.objects.filter(test__engagement__product=product)) + # endpoints + logger.debug(f"Propagating tags from {product} to all endpoints") + propagate_tags_on_object_list(Endpoint.objects.filter(product=product)) + + +def propagate_tags_on_object_list(object_list): + for obj in object_list: + if obj and obj.id is not None: + logger.debug(f"\tPropagating tags to {str(type(obj))} - {str(obj)}") + obj.save() diff --git a/dojo/product/queries.py b/dojo/product/queries.py index 6202b895477..e55910ba011 100644 --- a/dojo/product/queries.py +++ b/dojo/product/queries.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.db.models import Exists, OuterRef, Q from dojo.models import Product, Product_Member, Product_Type_Member, App_Analysis, \ DojoMeta, Product_Group, Product_Type_Group, Languages, Engagement_Presets, \ @@ -22,9 +21,6 @@ def get_authorized_products(permission, user=None): if user.is_superuser: return Product.objects.all().order_by('name') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product.objects.all().order_by('name') - if user_has_global_permission(user, permission): return Product.objects.all().order_by('name') @@ -61,7 +57,7 @@ def get_authorized_members_for_product(product, permission): user = get_current_user() if user.is_superuser or user_has_permission(user, product, permission): - return Product_Member.objects.filter(product=product).order_by('user__first_name', 'user__last_name').select_related('role') + return Product_Member.objects.filter(product=product).order_by('user__first_name', 'user__last_name').select_related('role', 'user') else: return None @@ -85,9 +81,6 @@ def get_authorized_product_members(permission): if user.is_superuser: return Product_Member.objects.all().select_related('role') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Member.objects.all().select_related('role') - if user_has_global_permission(user, permission): return Product_Member.objects.all().select_related('role') @@ -104,9 +97,6 @@ def get_authorized_product_members_for_user(user, permission): if request_user.is_superuser: return Product_Member.objects.filter(user=user).select_related('role', 'product') - if request_user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Member.objects.filter(user=user).select_related('role', 'product') - if hasattr(request_user, 'global_role') and request_user.global_role.role is not None and role_has_permission(request_user.global_role.role.id, permission): return Product_Member.objects.filter(user=user).select_related('role', 'product') @@ -123,9 +113,6 @@ def get_authorized_product_groups(permission): if user.is_superuser: return Product_Group.objects.all().select_related('role') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Group.objects.all() - products = get_authorized_products(permission) return Product_Group.objects.filter(product__in=products).select_related('role') @@ -139,9 +126,6 @@ def get_authorized_app_analysis(permission): if user.is_superuser: return App_Analysis.objects.all().order_by('name') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return App_Analysis.objects.all().order_by('name') - if user_has_global_permission(user, permission): return App_Analysis.objects.all().order_by('name') @@ -183,9 +167,6 @@ def get_authorized_dojo_meta(permission): if user.is_superuser: return DojoMeta.objects.all().order_by('name') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return DojoMeta.objects.all().order_by('name') - if user_has_global_permission(user, permission): return DojoMeta.objects.all().order_by('name') @@ -278,9 +259,6 @@ def get_authorized_languages(permission): if user.is_superuser: return Languages.objects.all().order_by('language') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Languages.objects.all().order_by('language') - if user_has_global_permission(user, permission): return Languages.objects.all().order_by('language') @@ -322,9 +300,6 @@ def get_authorized_engagement_presets(permission): if user.is_superuser: return Engagement_Presets.objects.all().order_by('title') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Engagement_Presets.objects.all().order_by('title') - if user_has_global_permission(user, permission): return Engagement_Presets.objects.all().order_by('title') @@ -366,9 +341,6 @@ def get_authorized_product_api_scan_configurations(permission): if user.is_superuser: return Product_API_Scan_Configuration.objects.all() - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_API_Scan_Configuration.objects.all() - if user_has_global_permission(user, permission): return Product_API_Scan_Configuration.objects.all() diff --git a/dojo/product/signals.py b/dojo/product/signals.py new file mode 100644 index 00000000000..17ffc6b4b6a --- /dev/null +++ b/dojo/product/signals.py @@ -0,0 +1,77 @@ +import contextlib +from django.db.models import signals +from django.dispatch import receiver +import logging +from dojo.models import Product, Engagement, Test, Finding, Endpoint +from dojo.utils import get_system_setting +from dojo.product import helpers as async_product_funcs + +logger = logging.getLogger(__name__) + + +@receiver(signals.m2m_changed, sender=Product.tags.through) +def product_tags_post_add_remove(sender, instance, action, **kwargs): + if action in ["post_add", "post_remove"]: + running_async_process = False + with contextlib.suppress(AttributeError): + running_async_process = instance.running_async_process + # Check if the async process is already running to avoid calling it a second time + if not running_async_process and inherit_product_tags(instance): + async_product_funcs.propagate_tags_on_product(instance.id, countdown=5) + instance.running_async_process = True + + +@receiver(signals.m2m_changed, sender=Endpoint.tags.through) +@receiver(signals.m2m_changed, sender=Engagement.tags.through) +@receiver(signals.m2m_changed, sender=Test.tags.through) +@receiver(signals.m2m_changed, sender=Finding.tags.through) +def make_inherited_tags_sticky(sender, instance, action, **kwargs): + if action in ["post_add", "post_remove"]: + if inherit_product_tags(instance): + tag_list = [tag.name for tag in instance.tags.all()] + if propagate_inheritance(instance, tag_list=tag_list): + instance.inherit_tags(tag_list) + + +@receiver(signals.post_save, sender=Endpoint) +@receiver(signals.post_save, sender=Engagement) +@receiver(signals.post_save, sender=Test) +@receiver(signals.post_save, sender=Finding) +def inherit_tags_on_instance(sender, instance, created, **kwargs): + if inherit_product_tags(instance): + tag_list = instance._tags_tagulous.get_tag_list() + if propagate_inheritance(instance, tag_list=tag_list): + instance.inherit_tags(tag_list) + + +def propagate_inheritance(instance, tag_list=[]): + # Get the expected product tags + product_inherited_tags = [tag.name for tag in get_product(instance).tags.all()] + existing_inherited_tags = [tag.name for tag in instance.inherited_tags.all()] + # Check if product tags already matches inherited tags + product_tags_equals_inherited_tags = product_inherited_tags == existing_inherited_tags + # Check if product tags have already been inherited + tags_have_already_been_inherited = set(product_inherited_tags) <= set(tag_list) + return not (product_tags_equals_inherited_tags and tags_have_already_been_inherited) + + +def inherit_product_tags(instance) -> bool: + product = get_product(instance) + # Save a read in the db + if product and product.enable_product_tag_inheritance: + return True + + return get_system_setting('enable_product_tag_inheritance') + + +def get_product(instance): + if isinstance(instance, Product): + return instance + if isinstance(instance, Endpoint): + return instance.product + if isinstance(instance, Engagement): + return instance.product + if isinstance(instance, Test): + return instance.engagement.product + if isinstance(instance, Finding): + return instance.test.engagement.product diff --git a/dojo/product/urls.py b/dojo/product/urls.py index 7922594422b..263d87b66f0 100644 --- a/dojo/product/urls.py +++ b/dojo/product/urls.py @@ -1,69 +1,74 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.product import views +from dojo.engagement import views as dojo_engagement_views urlpatterns = [ # product - url(r'^product$', views.product, name='product'), - url(r'^product/(?P\d+)$', views.view_product, + re_path(r'^product$', views.product, name='product'), + re_path(r'^product/(?P\d+)$', views.view_product, name='view_product'), - url(r'^product/(?P\d+)/components$', views.view_product_components, + re_path(r'^product/(?P\d+)/components$', views.view_product_components, name='view_product_components'), - url(r'^product/(?P\d+)/engagements$', views.view_engagements, + re_path(r'^product/(?P\d+)/engagements$', views.view_engagements, name='view_engagements'), - url(r'^product/(?P\d+)/import_scan_results$', - views.import_scan_results_prod, name='import_scan_results_prod'), - url(r'^product/(?P\d+)/metrics$', views.view_product_metrics, + re_path(r'^product/(?P\d+)/import_scan_results$', + dojo_engagement_views.ImportScanResultsView.as_view(), name='import_scan_results_prod'), + re_path(r'^product/(?P\d+)/metrics$', views.view_product_metrics, name='view_product_metrics'), - url(r'^product/(?P\d+)/edit$', views.edit_product, + re_path(r'^product/(?P\d+)/async_burndown_metrics$', views.async_burndown_metrics, + name='async_burndown_metrics'), + re_path(r'^product/(?P\d+)/edit$', views.edit_product, name='edit_product'), - url(r'^product/(?P\d+)/delete$', views.delete_product, + re_path(r'^product/(?P\d+)/delete$', views.delete_product, name='delete_product'), - url(r'^product/add', views.new_product, name='new_product'), - url(r'^product/(?P\d+)/new_engagement$', views.new_eng_for_app, + re_path(r'^product/add', views.new_product, name='new_product'), + re_path(r'^product/(?P\d+)/new_engagement$', views.new_eng_for_app, name='new_eng_for_prod'), - url(r'^product/(?P\d+)/new_technology$', views.new_tech_for_prod, + re_path(r'^product/(?P\d+)/new_technology$', views.new_tech_for_prod, name='new_tech_for_prod'), - url(r'^technology/(?P\d+)/edit$', views.edit_technology, + re_path(r'^technology/(?P\d+)/edit$', views.edit_technology, name='edit_technology'), - url(r'^technology/(?P\d+)/delete$', views.delete_technology, + re_path(r'^technology/(?P\d+)/delete$', views.delete_technology, name='delete_technology'), - url(r'^product/(?P\d+)/new_engagement/cicd$', views.new_eng_for_app_cicd, + re_path(r'^product/(?P\d+)/new_engagement/cicd$', views.new_eng_for_app_cicd, name='new_eng_for_prod_cicd'), - url(r'^product/(?P\d+)/add_meta_data$', views.add_meta_data, + re_path(r'^product/(?P\d+)/add_meta_data$', views.add_meta_data, name='add_meta_data'), - url(r'^product/(?P\d+)/edit_notifications$', views.edit_notifications, + re_path(r'^product/(?P\d+)/edit_notifications$', views.edit_notifications, name='edit_notifications'), - url(r'^product/(?P\d+)/edit_meta_data$', views.edit_meta_data, + re_path(r'^product/(?P\d+)/edit_meta_data$', views.edit_meta_data, name='edit_meta_data'), - url(r'^product/(?P\d+)/ad_hoc_finding$', views.ad_hoc_finding, + re_path( + r'^product/(?P\d+)/ad_hoc_finding$', + views.AdHocFindingView.as_view(), name='ad_hoc_finding'), - url(r'^product/(?P\d+)/engagement_presets$', views.engagement_presets, + re_path(r'^product/(?P\d+)/engagement_presets$', views.engagement_presets, name='engagement_presets'), - url(r'^product/(?P\d+)/engagement_presets/(?P\d+)/edit$', views.edit_engagement_presets, + re_path(r'^product/(?P\d+)/engagement_presets/(?P\d+)/edit$', views.edit_engagement_presets, name='edit_engagement_presets'), - url(r'^product/(?P\d+)/engagement_presets/add$', views.add_engagement_presets, + re_path(r'^product/(?P\d+)/engagement_presets/add$', views.add_engagement_presets, name='add_engagement_presets'), - url(r'^product/(?P\d+)/engagement_presets/(?P\d+)/delete$', views.delete_engagement_presets, + re_path(r'^product/(?P\d+)/engagement_presets/(?P\d+)/delete$', views.delete_engagement_presets, name='delete_engagement_presets'), - url(r'^product/(?P\d+)/add_member$', views.add_product_member, + re_path(r'^product/(?P\d+)/add_member$', views.add_product_member, name='add_product_member'), - url(r'^product/member/(?P\d+)/edit$', views.edit_product_member, + re_path(r'^product/member/(?P\d+)/edit$', views.edit_product_member, name='edit_product_member'), - url(r'^product/member/(?P\d+)/delete$', views.delete_product_member, + re_path(r'^product/member/(?P\d+)/delete$', views.delete_product_member, name='delete_product_member'), - url(r'^product/(?P\d+)/add_api_scan_configuration$', views.add_api_scan_configuration, + re_path(r'^product/(?P\d+)/add_api_scan_configuration$', views.add_api_scan_configuration, name='add_api_scan_configuration'), - url(r'^product/(?P\d+)/view_api_scan_configurations$', views.view_api_scan_configurations, + re_path(r'^product/(?P\d+)/view_api_scan_configurations$', views.view_api_scan_configurations, name='view_api_scan_configurations'), - url(r'^product/(?P\d+)/edit_api_scan_configuration/(?P\d+)$', views.edit_api_scan_configuration, + re_path(r'^product/(?P\d+)/edit_api_scan_configuration/(?P\d+)$', views.edit_api_scan_configuration, name='edit_api_scan_configuration'), - url(r'^product/(?P\d+)/delete_api_scan_configuration/(?P\d+)$', views.delete_api_scan_configuration, + re_path(r'^product/(?P\d+)/delete_api_scan_configuration/(?P\d+)$', views.delete_api_scan_configuration, name='delete_api_scan_configuration'), - url(r'^product/(?P\d+)/add_group$', views.add_product_group, + re_path(r'^product/(?P\d+)/add_group$', views.add_product_group, name='add_product_group'), - url(r'^product/group/(?P\d+)/edit$', views.edit_product_group, + re_path(r'^product/group/(?P\d+)/edit$', views.edit_product_group, name='edit_product_group'), - url(r'^product/group/(?P\d+)/delete$', views.delete_product_group, + re_path(r'^product/group/(?P\d+)/delete$', views.delete_product_group, name='delete_product_group'), ] diff --git a/dojo/product/views.py b/dojo/product/views.py index 9d7479be018..c2dc16098cd 100755 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -2,62 +2,66 @@ import calendar as tcalendar import logging import base64 + from collections import OrderedDict from datetime import datetime, date, timedelta -from math import ceil from dateutil.relativedelta import relativedelta +from github import Github +from math import ceil + from django.contrib import messages -from django.core.exceptions import ValidationError -from django.urls import reverse -from django.http import HttpResponseRedirect, Http404 -from django.shortcuts import render, get_object_or_404 -from django.utils import timezone -from django.db.models import Sum, Count, Q, Max from django.contrib.admin.utils import NestedObjects +from django.contrib.postgres.aggregates import StringAgg from django.db import DEFAULT_DB_ALIAS, connection - -from dojo.templatetags.display_tags import get_level -from dojo.filters import ProductEngagementFilter, ProductFilter, EngagementFilter, MetricsEndpointFilter, MetricsFindingFilter, ProductComponentFilter -from dojo.forms import ProductForm, EngForm, DeleteProductForm, DojoMetaDataForm, JIRAProjectForm, JIRAFindingForm, AdHocFindingForm, \ - EngagementPresetsForm, DeleteEngagementPresetsForm, ProductNotificationsForm, \ - GITHUB_Product_Form, GITHUBFindingForm, AppAnalysisForm, JIRAEngagementForm, Add_Product_MemberForm, \ - Edit_Product_MemberForm, Delete_Product_MemberForm, Add_Product_GroupForm, Edit_Product_Group_Form, Delete_Product_GroupForm, \ - DeleteAppAnalysisForm, Product_API_Scan_ConfigurationForm, DeleteProduct_API_Scan_ConfigurationForm +from django.db.models import Sum, Count, Q, Max, Prefetch, F, OuterRef, Subquery +from django.db.models.query import QuerySet +from django.core.exceptions import ValidationError, PermissionDenied +from django.http import HttpResponseRedirect, Http404, JsonResponse, HttpRequest +from django.shortcuts import render, get_object_or_404 +from django.urls import reverse +from django.utils import timezone +from django.utils.translation import gettext as _ +from django.views import View + +from dojo.templatetags.display_tags import asvs_calc_level +from dojo.filters import ProductEngagementFilter, ProductFilter, EngagementFilter, MetricsEndpointFilter, \ + MetricsFindingFilter, ProductComponentFilter +from dojo.forms import ProductForm, EngForm, DeleteProductForm, DojoMetaDataForm, JIRAProjectForm, JIRAFindingForm, \ + AdHocFindingForm, \ + EngagementPresetsForm, DeleteEngagementPresetsForm, ProductNotificationsForm, \ + GITHUB_Product_Form, GITHUBFindingForm, AppAnalysisForm, JIRAEngagementForm, Add_Product_MemberForm, \ + Edit_Product_MemberForm, Delete_Product_MemberForm, Add_Product_GroupForm, Edit_Product_Group_Form, \ + Delete_Product_GroupForm, SLA_Configuration, \ + DeleteAppAnalysisForm, Product_API_Scan_ConfigurationForm, DeleteProduct_API_Scan_ConfigurationForm from dojo.models import Product_Type, Note_Type, Finding, Product, Engagement, Test, GITHUB_PKey, \ - Test_Type, System_Settings, Languages, App_Analysis, Benchmark_Type, Benchmark_Product_Summary, Endpoint_Status, \ - Endpoint, Engagement_Presets, DojoMeta, Notifications, BurpRawRequestResponse, Product_Member, \ - Product_Group, Product_API_Scan_Configuration -from dojo.utils import add_external_issue, add_error_message_to_response, add_field_errors_to_response, get_page_items, add_breadcrumb, \ - get_system_setting, Product_Tab, get_punchcard_data, queryset_check, is_title_in_breadcrumbs, get_enabled_notifications_list + Test_Type, System_Settings, Languages, App_Analysis, Benchmark_Product_Summary, Endpoint_Status, \ + Endpoint, Engagement_Presets, DojoMeta, Notifications, BurpRawRequestResponse, Product_Member, \ + Product_Group, Product_API_Scan_Configuration +from dojo.utils import add_external_issue, add_error_message_to_response, add_field_errors_to_response, get_page_items, \ + add_breadcrumb, async_delete, \ + get_system_setting, get_setting, Product_Tab, get_punchcard_data, queryset_check, is_title_in_breadcrumbs, \ + get_enabled_notifications_list, get_zero_severity_level, sum_by_severity_level, get_open_findings_burndown from dojo.notifications.helper import create_notification -from django.db.models import Prefetch, F, OuterRef, Subquery -from django.db.models.query import QuerySet -from github import Github -from django.contrib.postgres.aggregates import StringAgg from dojo.components.sql_group_concat import Sql_GroupConcat -import dojo.jira_link.helper as jira_helper from dojo.authorization.authorization import user_has_permission, user_has_permission_or_403 from dojo.authorization.roles_permissions import Permissions from dojo.authorization.authorization_decorators import user_is_authorized -from dojo.product.queries import get_authorized_products, get_authorized_members_for_product, get_authorized_groups_for_product -from dojo.product_type.queries import get_authorized_members_for_product_type, get_authorized_groups_for_product_type +from dojo.product.queries import get_authorized_products, get_authorized_members_for_product, \ + get_authorized_groups_for_product +from dojo.product_type.queries import get_authorized_members_for_product_type, get_authorized_groups_for_product_type, \ + get_authorized_product_types from dojo.tool_config.factory import create_API +from dojo.tools.factory import get_api_scan_configuration_hints + import dojo.finding.helper as finding_helper +import dojo.jira_link.helper as jira_helper logger = logging.getLogger(__name__) def product(request): - # validate prod_type param - product_type = None - if 'prod_type' in request.GET: - p = request.GET.getlist('prod_type', []) - if len(p) == 1: - product_type = get_object_or_404(Product_Type, id=p[0]) - prods = get_authorized_products(Permissions.Product_View) - # perform all stuff for filtering and pagination first, before annotation/prefetching # otherwise the paginator will perform all the annotations/prefetching already only to count the total number of records # see https://code.djangoproject.com/ticket/23771 and https://code.djangoproject.com/ticket/25375 @@ -72,13 +76,13 @@ def product(request): # print(prod_list.object_list.explain) - add_breadcrumb(title="Product List", top_level=not len(request.GET), request=request) - return render(request, - 'dojo/product.html', - {'prod_list': prod_list, - 'prod_filter': prod_filter, - 'name_words': sorted(set(name_words)), - 'user': request.user}) + add_breadcrumb(title=_("Product List"), top_level=not len(request.GET), request=request) + + return render(request, 'dojo/product.html', { + 'prod_list': prod_list, + 'prod_filter': prod_filter, + 'name_words': sorted(set(name_words)), + 'user': request.user}) def prefetch_for_product(prods): @@ -98,10 +102,11 @@ def prefetch_for_product(prods): prefetched_prods = prefetched_prods.annotate(active_finding_count=Count('engagement__test__finding__id', filter=Q( engagement__test__finding__active=True))) - prefetched_prods = prefetched_prods.annotate(active_verified_finding_count=Count('engagement__test__finding__id', - filter=Q( - engagement__test__finding__active=True, - engagement__test__finding__verified=True))) + prefetched_prods = prefetched_prods.annotate( + active_verified_finding_count=Count('engagement__test__finding__id', + filter=Q( + engagement__test__finding__active=True, + engagement__test__finding__verified=True))) prefetched_prods = prefetched_prods.prefetch_related('jira_project_set__jira_instance') prefetched_prods = prefetched_prods.prefetch_related('members') prefetched_prods = prefetched_prods.prefetch_related('prod_type__members') @@ -115,7 +120,7 @@ def prefetch_for_product(prods): if get_system_setting('enable_github'): prefetched_prods = prefetched_prods.prefetch_related( Prefetch('github_pkey_set', queryset=GITHUB_PKey.objects.all().select_related('git_conf'), - to_attr='github_confs')) + to_attr='github_confs')) else: logger.debug('unable to prefetch because query was already executed') @@ -131,7 +136,7 @@ def iso_to_gregorian(iso_year, iso_week, iso_day): @user_is_authorized(Product, Permissions.Product_View, 'pid') def view_product(request, pid): - prod_query = Product.objects.all().select_related('product_manager', 'technical_contact', 'team_manager') \ + prod_query = Product.objects.all().select_related('product_manager', 'technical_contact', 'team_manager', 'sla_configuration') \ .prefetch_related('members') \ .prefetch_related('prod_type__members') prod = get_object_or_404(prod_query, id=pid) @@ -142,15 +147,29 @@ def view_product(request, pid): personal_notifications_form = ProductNotificationsForm( instance=Notifications.objects.filter(user=request.user).filter(product=prod).first()) langSummary = Languages.objects.filter(product=prod).aggregate(Sum('files'), Sum('code'), Count('files')) - languages = Languages.objects.filter(product=prod).order_by('-code') + languages = Languages.objects.filter(product=prod).order_by('-code').select_related('language') app_analysis = App_Analysis.objects.filter(product=prod).order_by('name') - benchmark_type = Benchmark_Type.objects.filter(enabled=True).order_by('name') benchmarks = Benchmark_Product_Summary.objects.filter(product=prod, publish=True, benchmark_type__enabled=True).order_by('benchmark_type__name') + sla = SLA_Configuration.objects.filter(id=prod.sla_configuration_id).first() benchAndPercent = [] for i in range(0, len(benchmarks)): - benchAndPercent.append([benchmarks[i].benchmark_type, get_level(benchmarks[i])]) - + desired_level, total, total_pass, total_wait, total_fail, total_viewed = asvs_calc_level(benchmarks[i]) + + success_percent = round((float(total_pass) / float(total)) * 100, 2) + waiting_percent = round((float(total_wait) / float(total)) * 100, 2) + fail_percent = round(100 - success_percent - waiting_percent, 2) + print(fail_percent) + benchAndPercent.append({ + 'id': benchmarks[i].benchmark_type.id, + 'name': benchmarks[i].benchmark_type, + 'level': desired_level, + 'success': {'count': total_pass, 'percent': success_percent}, + 'waiting': {'count': total_wait, 'percent': waiting_percent}, + 'fail': {'count': total_fail, 'percent': fail_percent}, + 'pass': total_pass + total_fail, + 'total': total + }) system_settings = System_Settings.objects.get() product_metadata = dict(prod.product_meta.order_by('name').values_list('name', 'value')) @@ -182,7 +201,7 @@ def view_product(request, pid): total = critical + high + medium + low + info - product_tab = Product_Tab(pid, title="Product", tab="overview") + product_tab = Product_Tab(prod, title=_("Product"), tab="overview") return render(request, 'dojo/view_product_details.html', { 'prod': prod, 'product_tab': product_tab, @@ -205,13 +224,14 @@ def view_product(request, pid): 'product_groups': product_groups, 'product_type_groups': product_type_groups, 'personal_notifications_form': personal_notifications_form, - 'enabled_notifications': get_enabled_notifications_list()}) + 'enabled_notifications': get_enabled_notifications_list(), + 'sla': sla}) @user_is_authorized(Product, Permissions.Component_View, 'pid') def view_product_components(request, pid): prod = get_object_or_404(Product, id=pid) - product_tab = Product_Tab(pid, title="Product", tab="components") + product_tab = Product_Tab(prod, title=_("Product"), tab="components") separator = ', ' # Get components ordered by component_name and concat component versions to the same row @@ -272,7 +292,7 @@ def finding_querys(request, prod): filters = dict() findings_query = Finding.objects.filter(test__engagement__product=prod, - severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')) + severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')) # prefetch only what's needed to avoid lots of repeated queries findings_query = findings_query.prefetch_related( @@ -403,7 +423,7 @@ def endpoint_querys(request, prod): endpoints_qs = queryset_check(endpoints) messages.add_message(request, messages.ERROR, - 'All objects have been filtered away. Displaying all objects', + _('All objects have been filtered away. Displaying all objects'), extra_tags='alert-danger') try: @@ -431,7 +451,8 @@ def endpoint_querys(request, prod): mitigated=True, out_of_scope=False).order_by("date") filters['open'] = endpoints_qs.filter(date__range=[start_date, end_date], - mitigated=False) + mitigated=False, + finding__active=True) filters['inactive'] = endpoints_qs.filter(date__range=[start_date, end_date], mitigated=True) filters['closed'] = endpoints_qs.filter(date__range=[start_date, end_date], @@ -487,7 +508,6 @@ def view_product_metrics(request, pid): start_date = filters['start_date'] end_date = filters['end_date'] - week_date = filters['week'] tests = Test.objects.filter(engagement__product=prod).prefetch_related('finding_set', 'test_type') tests = tests.annotate(verified_finding_count=Count('finding__id', filter=Q(finding__verified=True))) @@ -506,12 +526,14 @@ def view_product_metrics(request, pid): add_breadcrumb(parent=prod, top_level=False, request=request) open_close_weekly = OrderedDict() - new_weekly = OrderedDict() severity_weekly = OrderedDict() critical_weekly = OrderedDict() high_weekly = OrderedDict() medium_weekly = OrderedDict() + open_objs_by_severity = get_zero_severity_level() + accepted_objs_by_severity = get_zero_severity_level() + for v in filters.get('open', None): iso_cal = v.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) @@ -547,8 +569,7 @@ def view_product_metrics(request, pid): else: severity_weekly[x][severity] = 1 else: - severity_weekly[x] = {'Critical': 0, 'High': 0, - 'Medium': 0, 'Low': 0, 'Info': 0} + severity_weekly[x] = get_zero_severity_level() severity_weekly[x][severity] = 1 severity_weekly[x]['week'] = y @@ -568,11 +589,11 @@ def view_product_metrics(request, pid): else: medium_weekly[x] = {'count': 1, 'week': y} + # Optimization: count severity level on server side + if open_objs_by_severity.get(v.severity) is not None: + open_objs_by_severity[v.severity] += 1 + for a in filters.get('accepted', None): - if view == 'Finding': - finding = a - elif view == 'Endpoint': - finding = v.finding iso_cal = a.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) y = x.strftime("%m/%d
    %Y    ") @@ -584,44 +605,75 @@ def view_product_metrics(request, pid): open_close_weekly[x] = {'closed': 0, 'open': 0, 'accepted': 1} open_close_weekly[x]['week'] = y + if accepted_objs_by_severity.get(a.severity) is not None: + accepted_objs_by_severity[a.severity] += 1 + test_data = {} for t in tests: if t.test_type.name in test_data: test_data[t.test_type.name] += t.verified_finding_count else: test_data[t.test_type.name] = t.verified_finding_count - product_tab = Product_Tab(pid, title="Product", tab="metrics") - return render(request, - 'dojo/product_metrics.html', - {'prod': prod, - 'product_tab': product_tab, - 'engs': engs, - 'inactive_engs': inactive_engs_page, - 'view': view, - 'verified_objs': filters.get('verified', None), - 'open_objs': filters.get('open', None), - 'inactive_objs': filters.get('inactive', None), - 'closed_objs': filters.get('closed', None), - 'false_positive_objs': filters.get('false_positive', None), - 'out_of_scope_objs': filters.get('out_of_scope', None), - 'accepted_objs': filters.get('accepted', None), - 'new_objs': filters.get('new_verified', None), - 'all_objs': filters.get('all', None), - 'form': filters.get('form', None), - 'reset_link': reverse('view_product_metrics', args=(prod.id,)) + '?type=' + view, - 'open_vulnerabilities': open_vulnerabilities, - 'all_vulnerabilities': all_vulnerabilities, - 'start_date': start_date, - 'punchcard': punchcard, - 'ticks': ticks, - 'open_close_weekly': open_close_weekly, - 'severity_weekly': severity_weekly, - 'critical_weekly': critical_weekly, - 'high_weekly': high_weekly, - 'medium_weekly': medium_weekly, - 'test_data': test_data, - 'user': request.user}) + product_tab = Product_Tab(prod, title=_("Product"), tab="metrics") + + open_objs_by_age = {x: len([_ for _ in filters.get('open') if _.age == x]) for x in set([_.age for _ in filters.get('open')])} + + return render(request, 'dojo/product_metrics.html', { + 'prod': prod, + 'product_tab': product_tab, + 'engs': engs, + 'inactive_engs': inactive_engs_page, + 'view': view, + 'verified_objs': filters.get('verified', None), + 'verified_objs_by_severity': sum_by_severity_level(filters.get('verified')), + 'open_objs': filters.get('open', None), + 'open_objs_by_severity': open_objs_by_severity, + 'open_objs_by_age': open_objs_by_age, + 'inactive_objs': filters.get('inactive', None), + 'inactive_objs_by_severity': sum_by_severity_level(filters.get('inactive')), + 'closed_objs': filters.get('closed', None), + 'closed_objs_by_severity': sum_by_severity_level(filters.get('closed')), + 'false_positive_objs': filters.get('false_positive', None), + 'false_positive_objs_by_severity': sum_by_severity_level(filters.get('false_positive')), + 'out_of_scope_objs': filters.get('out_of_scope', None), + 'out_of_scope_objs_by_severity': sum_by_severity_level(filters.get('out_of_scope')), + 'accepted_objs': filters.get('accepted', None), + 'accepted_objs_by_severity': accepted_objs_by_severity, + 'new_objs': filters.get('new_verified', None), + 'new_objs_by_severity': sum_by_severity_level(filters.get('new_verified')), + 'all_objs': filters.get('all', None), + 'all_objs_by_severity': sum_by_severity_level(filters.get('all')), + 'form': filters.get('form', None), + 'reset_link': reverse('view_product_metrics', args=(prod.id,)) + '?type=' + view, + 'open_vulnerabilities': open_vulnerabilities, + 'all_vulnerabilities': all_vulnerabilities, + 'start_date': start_date, + 'punchcard': punchcard, + 'ticks': ticks, + 'open_close_weekly': open_close_weekly, + 'severity_weekly': severity_weekly, + 'critical_weekly': critical_weekly, + 'high_weekly': high_weekly, + 'medium_weekly': medium_weekly, + 'test_data': test_data, + 'user': request.user}) + + +@user_is_authorized(Product, Permissions.Product_View, 'pid') +def async_burndown_metrics(request, pid): + prod = get_object_or_404(Product, id=pid) + open_findings_burndown = get_open_findings_burndown(prod) + + return JsonResponse({ + 'critical': open_findings_burndown.get('Critical', []), + 'high': open_findings_burndown.get('High', []), + 'medium': open_findings_burndown.get('Medium', []), + 'low': open_findings_burndown.get('Low', []), + 'info': open_findings_burndown.get('Info', []), + 'max': open_findings_burndown.get('y_max', 0), + 'min': open_findings_burndown.get('y_min', 0) + }) @user_is_authorized(Product, Permissions.Engagement_View, 'pid') @@ -636,38 +688,38 @@ def view_engagements(request, pid): active_engs_filter = ProductEngagementFilter(request.GET, queryset=engs, prefix='active') result_active_engs = get_page_items(request, active_engs_filter.qs, default_page_num, prefix="engs") # prefetch only after creating the filters to avoid https://code.djangoproject.com/ticket/23771 and https://code.djangoproject.com/ticket/25375 - result_active_engs.object_list = prefetch_for_view_engagements(result_active_engs.object_list, recent_test_day_count) + result_active_engs.object_list = prefetch_for_view_engagements(result_active_engs.object_list, + recent_test_day_count) # Engagements that are queued because they haven't started or paused engs = Engagement.objects.filter(~Q(status="In Progress"), product=prod, active=True).order_by('-updated') queued_engs_filter = ProductEngagementFilter(request.GET, queryset=engs, prefix='queued') result_queued_engs = get_page_items(request, queued_engs_filter.qs, default_page_num, prefix="queued_engs") - result_queued_engs.object_list = prefetch_for_view_engagements(result_queued_engs.object_list, recent_test_day_count) + result_queued_engs.object_list = prefetch_for_view_engagements(result_queued_engs.object_list, + recent_test_day_count) # Cancelled or Completed Engagements engs = Engagement.objects.filter(product=prod, active=False).order_by('-target_end') inactive_engs_filter = ProductEngagementFilter(request.GET, queryset=engs, prefix='closed') result_inactive_engs = get_page_items(request, inactive_engs_filter.qs, default_page_num, prefix="inactive_engs") - result_inactive_engs.object_list = prefetch_for_view_engagements(result_inactive_engs.object_list, recent_test_day_count) + result_inactive_engs.object_list = prefetch_for_view_engagements(result_inactive_engs.object_list, + recent_test_day_count) - title = "All Engagements" - - product_tab = Product_Tab(pid, title=title, tab="engagements") - return render(request, - 'dojo/view_engagements.html', - {'prod': prod, - 'product_tab': product_tab, - 'engs': result_active_engs, - 'engs_count': result_active_engs.paginator.count, - 'engs_filter': active_engs_filter, - 'queued_engs': result_queued_engs, - 'queued_engs_count': result_queued_engs.paginator.count, - 'queued_engs_filter': queued_engs_filter, - 'inactive_engs': result_inactive_engs, - 'inactive_engs_count': result_inactive_engs.paginator.count, - 'inactive_engs_filter': inactive_engs_filter, - 'recent_test_day_count': recent_test_day_count, - 'user': request.user}) + product_tab = Product_Tab(prod, title=_("All Engagements"), tab="engagements") + return render(request, 'dojo/view_engagements.html', { + 'prod': prod, + 'product_tab': product_tab, + 'engs': result_active_engs, + 'engs_count': result_active_engs.paginator.count, + 'engs_filter': active_engs_filter, + 'queued_engs': result_queued_engs, + 'queued_engs_count': result_queued_engs.paginator.count, + 'queued_engs_filter': queued_engs_filter, + 'inactive_engs': result_inactive_engs, + 'inactive_engs_count': result_inactive_engs.paginator.count, + 'inactive_engs_filter': inactive_engs_filter, + 'recent_test_day_count': recent_test_day_count, + 'user': request.user}) def prefetch_for_view_engagements(engagements, recent_test_day_count): @@ -681,13 +733,14 @@ def prefetch_for_view_engagements(engagements, recent_test_day_count): updated__gte=timezone.now() - timedelta(days=recent_test_day_count) ).values_list('id', flat=True) )) - ), + ), 'test_set__test_type', ).annotate( count_tests=Count('test', distinct=True), count_findings_all=Count('test__finding__id'), count_findings_open=Count('test__finding__id', filter=Q(test__finding__active=True)), - count_findings_open_verified=Count('test__finding__id', filter=Q(test__finding__active=True) & Q(test__finding__verified=True)), + count_findings_open_verified=Count('test__finding__id', + filter=Q(test__finding__active=True) & Q(test__finding__verified=True)), count_findings_close=Count('test__finding__id', filter=Q(test__finding__is_mitigated=True)), count_findings_duplicate=Count('test__finding__id', filter=Q(test__finding__duplicate=True)), count_findings_accepted=Count('test__finding__id', filter=Q(test__finding__risk_accepted=True)), @@ -709,6 +762,9 @@ def import_scan_results_prod(request, pid=None): def new_product(request, ptid=None): + if get_authorized_product_types(Permissions.Product_Type_Add_Product).count() == 0: + raise PermissionDenied() + jira_project_form = None error = False initial = None @@ -733,7 +789,7 @@ def new_product(request, ptid=None): product = form.save() messages.add_message(request, messages.SUCCESS, - 'Product added successfully.', + _('Product added successfully.'), extra_tags='alert-success') success, jira_project_form = jira_helper.process_jira_project_form(request, product=product) error = not success @@ -746,25 +802,27 @@ def new_product(request, ptid=None): github_pkey.save() messages.add_message(request, messages.SUCCESS, - 'GitHub information added successfully.', + _('GitHub information added successfully.'), extra_tags='alert-success') # Create appropriate labels in the repo logger.info('Create label in repo: ' + github_pkey.git_project) + + description = _("This label is automatically applied to all issues created by DefectDojo") try: g = Github(github_pkey.git_conf.api_key) repo = g.get_repo(github_pkey.git_project) repo.create_label(name="security", color="FF0000", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) repo.create_label(name="security / info", color="00FEFC", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) repo.create_label(name="security / low", color="B7FE00", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) repo.create_label(name="security / medium", color="FEFE00", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) repo.create_label(name="security / high", color="FE9A00", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) repo.create_label(name="security / critical", color="FE2200", - description="This label is automatically applied to all issues created by DefectDojo") + description=description) except: logger.info('Labels cannot be created - they may already exists') @@ -786,7 +844,7 @@ def new_product(request, ptid=None): else: gform = None - add_breadcrumb(title="New Product", top_level=False, request=request) + add_breadcrumb(title=_("New Product"), top_level=False, request=request) return render(request, 'dojo/new_product.html', {'form': form, 'jform': jira_project_form, @@ -815,11 +873,15 @@ def edit_product(request, pid): form = ProductForm(request.POST, instance=product) jira_project = jira_helper.get_jira_project(product) if form.is_valid(): + initial_sla_config = Product.objects.get(pk=form.instance.id).sla_configuration form.save() - tags = request.POST.getlist('tags') + msg = 'Product updated successfully.' + # check if the SLA config was changed, append additional context to message + if initial_sla_config != form.instance.sla_configuration: + msg += ' All SLA expiration dates for findings within this product will be recalculated asynchronously for the newly assigned SLA configuration.' messages.add_message(request, messages.SUCCESS, - 'Product updated successfully.', + _(msg), extra_tags='alert-success') success, jform = jira_helper.process_jira_project_form(request, instance=jira_project, product=product) @@ -840,7 +902,7 @@ def edit_product(request, pid): new_conf.save() messages.add_message(request, messages.SUCCESS, - 'GITHUB information updated successfully.', + _('GITHUB information updated successfully.'), extra_tags='alert-success') if not error: @@ -854,15 +916,15 @@ def edit_product(request, pid): else: jform = None - if github_enabled and (github_inst is not None): + if github_enabled: if github_inst is not None: gform = GITHUB_Product_Form(instance=github_inst) + else: gform = GITHUB_Product_Form() - gform = GITHUB_Product_Form() else: gform = None - product_tab = Product_Tab(pid, title="Edit Product", tab="settings") + product_tab = Product_Tab(product, title=_("Edit Product"), tab="settings") return render(request, 'dojo/edit_product.html', {'form': form, @@ -884,16 +946,23 @@ def delete_product(request, pid): form = DeleteProductForm(request.POST, instance=product) if form.is_valid(): product_type = product.prod_type - product.delete() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(product) + message = _('Product and relationships will be removed in the background.') + else: + message = _('Product and relationships removed.') + product.delete() messages.add_message(request, messages.SUCCESS, - 'Product and relationships removed.', + message, extra_tags='alert-success') create_notification(event='other', - title='Deletion of %s' % product.name, + title=_('Deletion of %(name)s') % {'name': product.name}, product_type=product_type, - description='The product "%s" was deleted by %s' % (product.name, request.user), - url=request.build_absolute_uri(reverse('product')), + description=_('The product "%(name)s" was deleted by %(user)s') % { + 'name': product.name, 'user': request.user}, + url=reverse('product'), icon="exclamation-triangle") logger.debug('delete_product: POST RETURN') return HttpResponseRedirect(reverse('product')) @@ -903,34 +972,33 @@ def delete_product(request, pid): logger.debug('delete_product: GET') - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([product]) - rels = collector.nested() + rels = ['Previewing the relationships has been disabled.', ''] + display_preview = get_setting('DELETE_PREVIEW') + if display_preview: + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([product]) + rels = collector.nested() - product_tab = Product_Tab(pid, title="Product", tab="settings") + product_tab = Product_Tab(product, title=_("Product"), tab="settings") logger.debug('delete_product: GET RENDER') - return render(request, 'dojo/delete_product.html', - {'product': product, - 'form': form, - 'product_tab': product_tab, - 'rels': rels, - }) + return render(request, 'dojo/delete_product.html', { + 'product': product, + 'form': form, + 'product_tab': product_tab, + 'rels': rels}) @user_is_authorized(Product, Permissions.Engagement_Add, 'pid') def new_eng_for_app(request, pid, cicd=False): - jira_project = None jira_project_form = None jira_epic_form = None product = Product.objects.get(id=pid) - jira_error = False if request.method == 'POST': form = EngForm(request.POST, cicd=cicd, product=product, user=request.user) - jira_project = jira_helper.get_jira_project(product) logger.debug('new_eng_for_app') if form.is_valid(): @@ -965,13 +1033,9 @@ def new_eng_for_app(request, pid, cicd=False): success, jira_epic_form = jira_helper.process_jira_epic_form(request, engagement=engagement) error = error or not success - create_notification(event='engagement_added', title=engagement.name + " for " + product.name, - engagement=engagement, url=reverse('view_engagement', args=(engagement.id,)), - objowner=engagement.lead) - messages.add_message(request, messages.SUCCESS, - 'Engagement added successfully.', + _('Engagement added successfully.'), extra_tags='alert-success') if not error: @@ -990,28 +1054,26 @@ def new_eng_for_app(request, pid, cicd=False): else: form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7), 'product': product}, cicd=cicd, - product=product, user=request.user) + product=product, user=request.user) if get_system_setting('enable_jira'): - jira_project = jira_helper.get_jira_project(product) logger.debug('showing jira-project-form') jira_project_form = JIRAProjectForm(target='engagement', product=product) logger.debug('showing jira-epic-form') jira_epic_form = JIRAEngagementForm() if cicd: - title = 'New CI/CD Engagement' + title = _('New CI/CD Engagement') else: - title = 'New Interactive Engagement' + title = _('New Interactive Engagement') - product_tab = Product_Tab(pid, title=title, tab="engagements") - return render(request, 'dojo/new_eng.html', - {'form': form, - 'title': title, - 'product_tab': product_tab, - 'jira_epic_form': jira_epic_form, - 'jira_project_form': jira_project_form, - }) + product_tab = Product_Tab(product, title=title, tab="engagements") + return render(request, 'dojo/new_eng.html', { + 'form': form, + 'title': title, + 'product_tab': product_tab, + 'jira_epic_form': jira_epic_form, + 'jira_project_form': jira_project_form}) @user_is_authorized(Product, Permissions.Technology_Add, 'pid') @@ -1024,12 +1086,12 @@ def new_tech_for_prod(request, pid): tech.save() messages.add_message(request, messages.SUCCESS, - 'Technology added successfully.', + _('Technology added successfully.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product', args=(pid,))) form = AppAnalysisForm(initial={'user': request.user}) - product_tab = Product_Tab(pid, title="Add Technology", tab="settings") + product_tab = Product_Tab(get_object_or_404(Product, id=pid), title=_("Add Technology"), tab="settings") return render(request, 'dojo/new_tech.html', {'form': form, 'product_tab': product_tab, @@ -1041,19 +1103,16 @@ def edit_technology(request, tid): technology = get_object_or_404(App_Analysis, id=tid) form = AppAnalysisForm(instance=technology) if request.method == 'POST': - form = AppAnalysisForm(request.POST) + form = AppAnalysisForm(request.POST, instance=technology) if form.is_valid(): - tech = form.save(commit=False) - tech.id = technology.id - tech.product_id = technology.product.id - tech.save() + form.save() messages.add_message(request, messages.SUCCESS, - 'Technology changed successfully.', + _('Technology changed successfully.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product', args=(technology.product.id,))) - product_tab = Product_Tab(technology.product.id, title="Edit Technology", tab="settings") + product_tab = Product_Tab(technology.product, title=_("Edit Technology"), tab="settings") return render(request, 'dojo/edit_technology.html', {'form': form, 'product_tab': product_tab, @@ -1069,12 +1128,12 @@ def delete_technology(request, tid): technology = form.instance technology.delete() messages.add_message(request, - messages.SUCCESS, - 'Technology deleted successfully.', - extra_tags='alert-success') + messages.SUCCESS, + _('Technology deleted successfully.'), + extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product', args=(technology.product.id,))) - product_tab = Product_Tab(technology.product.id, title="Delete Technology", tab="settings") + product_tab = Product_Tab(technology.product, title=_("Delete Technology"), tab="settings") return render(request, 'dojo/delete_technology.html', { 'technology': technology, 'form': form, @@ -1097,7 +1156,7 @@ def add_meta_data(request, pid): form.save() messages.add_message(request, messages.SUCCESS, - 'Metadata added successfully.', + _('Metadata added successfully.'), extra_tags='alert-success') if 'add_another' in request.POST: return HttpResponseRedirect(reverse('add_meta_data', args=(pid,))) @@ -1106,10 +1165,9 @@ def add_meta_data(request, pid): else: form = DojoMetaDataForm() - product_tab = Product_Tab(pid, title="Add Metadata", tab="settings") + product_tab = Product_Tab(prod, title=_("Add Metadata"), tab="settings") - return render(request, - 'dojo/add_product_meta_data.html', + return render(request, 'dojo/add_product_meta_data.html', {'form': form, 'product_tab': product_tab, 'product': prod, @@ -1135,170 +1193,293 @@ def edit_meta_data(request, pid): messages.add_message(request, messages.SUCCESS, - 'Metadata edited successfully.', + _('Metadata edited successfully.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product', args=(pid,))) - product_tab = Product_Tab(pid, title="Edit Metadata", tab="settings") - return render(request, - 'dojo/edit_product_meta_data.html', + product_tab = Product_Tab(prod, title=_("Edit Metadata"), tab="settings") + return render(request, 'dojo/edit_product_meta_data.html', {'product': prod, 'product_tab': product_tab, }) -@user_is_authorized(Product, Permissions.Finding_Add, 'pid') -def ad_hoc_finding(request, pid): - prod = Product.objects.get(id=pid) - test_type, _ = Test_Type.objects.get_or_create(name="Pen Test") - test = None - try: - eng = Engagement.objects.get(product=prod, name="Ad Hoc Engagement") - tests = Test.objects.filter(engagement=eng) +class AdHocFindingView(View): + def get_product(self, product_id: int): + return get_object_or_404(Product, id=product_id) + + def get_test_type(self): + test_type, nil = Test_Type.objects.get_or_create(name=_("Pen Test")) + return test_type - if len(tests) != 0: - test = tests[0] + def get_engagement(self, product: Product): + try: + return Engagement.objects.get(product=product, name=_("Ad Hoc Engagement")) + except Engagement.DoesNotExist: + return Engagement.objects.create( + name=_("Ad Hoc Engagement"), + target_start=timezone.now(), + target_end=timezone.now(), + active=False, product=product) + + def get_test(self, engagement: Engagement, test_type: Test_Type): + if test := Test.objects.filter(engagement=engagement).first(): + return test else: - test = Test(engagement=eng, test_type=test_type, - target_start=timezone.now(), target_end=timezone.now()) - test.save() - except: - eng = Engagement(name="Ad Hoc Engagement", target_start=timezone.now(), - target_end=timezone.now(), active=False, product=prod) - eng.save() - test = Test(engagement=eng, test_type=test_type, - target_start=timezone.now(), target_end=timezone.now()) - test.save() - form_error = False - push_all_jira_issues = jira_helper.is_push_all_issues(test) - jform = None - gform = None - form = AdHocFindingForm(initial={'date': timezone.now().date()}, req_resp=None, product=prod) - use_jira = jira_helper.get_jira_project(test) is not None + return Test.objects.create( + engagement=engagement, + test_type=test_type, + target_start=timezone.now(), + target_end=timezone.now()) + + def create_nested_objects(self, product: Product): + engagement = self.get_engagement(product) + test_type = self.get_test_type() + return self.get_test(engagement, test_type) + + def get_initial_context(self, request: HttpRequest, test: Test): + # Get the finding form first since it is used in another place + finding_form = self.get_finding_form(request, test.engagement.product) + product_tab = Product_Tab(test.engagement.product, title=_("Add Finding"), tab="engagements") + product_tab.setEngagement(test.engagement) + return { + "form": finding_form, + "product_tab": product_tab, + "temp": False, + "tid": test.id, + "pid": test.engagement.product.id, + "form_error": False, + "jform": self.get_jira_form(request, test, finding_form=finding_form), + "gform": self.get_github_form(request, test), + } + + def get_finding_form(self, request: HttpRequest, product: Product): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "initial": {'date': timezone.now().date()}, + "req_resp": None, + "product": product, + } + # Remove the initial state on post + if request.method == "POST": + kwargs.pop("initial") + + return AdHocFindingForm(*args, **kwargs) + + def get_jira_form(self, request: HttpRequest, test: Test, finding_form: AdHocFindingForm = None): + # Determine if jira should be used + if (jira_project := jira_helper.get_jira_project(test)) is not None: + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "push_all": jira_helper.is_push_all_issues(test), + "prefix": "jiraform", + "jira_project": jira_project, + "finding_form": finding_form, + } + + return JIRAFindingForm(*args, **kwargs) + return None + + def get_github_form(self, request: HttpRequest, test: Test): + # Determine if github should be used + if get_system_setting("enable_github"): + # Ensure there is a github conf correctly configured for the product + config_present = GITHUB_PKey.objects.filter(product=test.engagement.product) + if config_present := config_present.exclude(git_conf_id=None): + # Set up the args for the form + args = [request.POST] if request.method == "POST" else [] + # Set the initial form args + kwargs = { + "enabled": jira_helper.is_push_all_issues(test), + "prefix": "githubform" + } + + return GITHUBFindingForm(*args, **kwargs) + return None + + def validate_status_change(self, request: HttpRequest, context: dict): + if ((context["form"]['active'].value() is False or + context["form"]['false_p'].value()) and + context["form"]['duplicate'].value() is False): - if request.method == 'POST': - form = AdHocFindingForm(request.POST, req_resp=None, product=prod) - if (form['active'].value() is False or form['false_p'].value()) and form['duplicate'].value() is False: closing_disabled = Note_Type.objects.filter(is_mandatory=True, is_active=True).count() if closing_disabled != 0: - error_inactive = ValidationError('Can not set a finding as inactive without adding all mandatory notes', - code='inactive_without_mandatory_notes') + error_inactive = ValidationError( + _('Can not set a finding as inactive without adding all mandatory notes'), + code='inactive_without_mandatory_notes' + ) error_false_p = ValidationError( - 'Can not set a finding as false positive without adding all mandatory notes', - code='false_p_without_mandatory_notes') - if form['active'].value() is False: - form.add_error('active', error_inactive) - if form['false_p'].value(): - form.add_error('false_p', error_false_p) - messages.add_message(request, - messages.ERROR, - 'Can not set a finding as inactive or false positive without adding all mandatory notes', - extra_tags='alert-danger') - if use_jira: - jform = JIRAFindingForm(request.POST, prefix='jiraform', push_all=push_all_jira_issues, - jira_project=jira_helper.get_jira_project(test), finding_form=form) - - if form.is_valid() and (jform is None or jform.is_valid()): - new_finding = form.save(commit=False) - new_finding.test = test - new_finding.reporter = request.user - new_finding.numerical_severity = Finding.get_numerical_severity( - new_finding.severity) - new_finding.tags = form.cleaned_data['tags'] - new_finding.save() - + _('Can not set a finding as false positive without adding all mandatory notes'), + code='false_p_without_mandatory_notes' + ) + if context["form"]['active'].value() is False: + context["form"].add_error('active', error_inactive) + if context["form"]['false_p'].value(): + context["form"].add_error('false_p', error_false_p) + messages.add_message( + request, + messages.ERROR, + _('Can not set a finding as inactive or false positive without adding all mandatory notes'), + extra_tags='alert-danger') + + return request + + def process_finding_form(self, request: HttpRequest, test: Test, context: dict): + finding = None + if context["form"].is_valid(): + finding = context["form"].save(commit=False) + finding.test = test + finding.reporter = request.user + finding.numerical_severity = Finding.get_numerical_severity(finding.severity) + finding.tags = context["form"].cleaned_data['tags'] + finding.save() # Save and add new endpoints - finding_helper.add_endpoints(new_finding, form) + finding_helper.add_endpoints(finding, context["form"]) + # Save the finding at the end and return + finding.save() - new_finding.save() - # Push to jira? - push_to_jira = False + return finding, request, True + else: + add_error_message_to_response("The form has errors, please correct them below.") + add_field_errors_to_response(context["form"]) + + return finding, request, False + + def process_jira_form(self, request: HttpRequest, finding: Finding, context: dict): + # Capture case if the jira not being enabled + if context["jform"] is None: + return request, True, False + + if context["jform"] and context["jform"].is_valid(): + # Push to Jira? + logger.debug('jira form valid') + push_to_jira = jira_helper.is_push_all_issues(finding) or context["jform"].cleaned_data.get('push_to_jira') jira_message = None - if jform and jform.is_valid(): - # Push to Jira? - logger.debug('jira form valid') - push_to_jira = push_all_jira_issues or jform.cleaned_data.get('push_to_jira') - - # if the jira issue key was changed, update database - new_jira_issue_key = jform.cleaned_data.get('jira_issue') - if new_finding.has_jira_issue: - jira_issue = new_finding.jira_issue - - # everything in DD around JIRA integration is based on the internal id of the issue in JIRA - # instead of on the public jira issue key. - # I have no idea why, but it means we have to retrieve the issue from JIRA to get the internal JIRA id. - # we can assume the issue exist, which is already checked in the validation of the jform - - if not new_jira_issue_key: - jira_helper.finding_unlink_jira(request, new_finding) - jira_message = 'Link to JIRA issue removed successfully.' - - elif new_jira_issue_key != new_finding.jira_issue.jira_key: - jira_helper.finding_unlink_jira(request, new_finding) - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Changed JIRA link successfully.' - else: - logger.debug('finding has no jira issue yet') - if new_jira_issue_key: - logger.debug( - 'finding has no jira issue yet, but jira issue specified in request. trying to link.') - jira_helper.finding_link_jira(request, new_finding, new_jira_issue_key) - jira_message = 'Linked a JIRA issue successfully.' - - if 'githubform-push_to_github' in request.POST: - gform = GITHUBFindingForm(request.POST, prefix='jiragithub', enabled=push_all_jira_issues) - if gform.is_valid(): - add_external_issue(new_finding, 'github') + # if the jira issue key was changed, update database + new_jira_issue_key = context["jform"].cleaned_data.get('jira_issue') + if finding.has_jira_issue: + # everything in DD around JIRA integration is based on the internal id of the issue in JIRA + # instead of on the public jira issue key. + # I have no idea why, but it means we have to retrieve the issue from JIRA to get the internal JIRA id. + # we can assume the issue exist, which is already checked in the validation of the jform + if not new_jira_issue_key: + jira_helper.finding_unlink_jira(request, finding) + jira_message = 'Link to JIRA issue removed successfully.' + + elif new_jira_issue_key != finding.jira_issue.jira_key: + jira_helper.finding_unlink_jira(request, finding) + jira_helper.finding_link_jira(request, finding, new_jira_issue_key) + jira_message = 'Changed JIRA link successfully.' + else: + logger.debug('finding has no jira issue yet') + if new_jira_issue_key: + logger.debug( + 'finding has no jira issue yet, but jira issue specified in request. trying to link.') + jira_helper.finding_link_jira(request, finding, new_jira_issue_key) + jira_message = 'Linked a JIRA issue successfully.' + # Determine if a message should be added + if jira_message: + messages.add_message( + request, messages.SUCCESS, jira_message, extra_tags="alert-success" + ) + + return request, True, push_to_jira + else: + add_field_errors_to_response(context["jform"]) + + return request, False, False + + def process_github_form(self, request: HttpRequest, finding: Finding, context: dict): + if "githubform-push_to_github" not in request.POST: + return request, True - new_finding.save(push_to_jira=push_to_jira) + if context["gform"].is_valid(): + add_external_issue(finding, 'github') - if 'request' in form.cleaned_data or 'response' in form.cleaned_data: + return request, True + else: + add_field_errors_to_response(context["gform"]) + + return request, False + + def process_forms(self, request: HttpRequest, test: Test, context: dict): + form_success_list = [] + # Set vars for the completed forms + # Validate finding mitigation + request = self.validate_status_change(request, context) + # Check the validity of the form overall + finding, request, success = self.process_finding_form(request, test, context) + form_success_list.append(success) + request, success, push_to_jira = self.process_jira_form(request, finding, context) + form_success_list.append(success) + request, success = self.process_github_form(request, finding, context) + form_success_list.append(success) + # Determine if all forms were successful + all_forms_valid = all(form_success_list) + # Check the validity of all the forms + if all_forms_valid: + # if we're removing the "duplicate" in the edit finding screen + finding_helper.save_vulnerability_ids(finding, context["form"].cleaned_data["vulnerability_ids"].split()) + # Push things to jira if needed + finding.save(push_to_jira=push_to_jira) + # Save the burp req resp + if "request" in context["form"].cleaned_data or "response" in context["form"].cleaned_data: burp_rr = BurpRawRequestResponse( - finding=new_finding, - burpRequestBase64=base64.b64encode(form.cleaned_data['request'].encode()), - burpResponseBase64=base64.b64encode(form.cleaned_data['response'].encode()), + finding=finding, + burpRequestBase64=base64.b64encode(context["form"].cleaned_data["request"].encode()), + burpResponseBase64=base64.b64encode(context["form"].cleaned_data["response"].encode()), ) burp_rr.clean() burp_rr.save() + # Add a success message + messages.add_message( + request, + messages.SUCCESS, + _('Finding added successfully.'), + extra_tags='alert-success') - messages.add_message(request, - messages.SUCCESS, - 'Finding added successfully.', - extra_tags='alert-success') - + return finding, request, all_forms_valid + + def get_template(self): + return "dojo/ad_hoc_findings.html" + + def get(self, request: HttpRequest, product_id: int): + # Get the initial objects + product = self.get_product(product_id) + # Make sure the user is authorized + user_has_permission_or_403(request.user, product, Permissions.Finding_Add) + # Create the necessary nested objects + test = self.create_nested_objects(product) + # Set up the initial context + context = self.get_initial_context(request, test) + # Render the form + return render(request, self.get_template(), context) + + def post(self, request: HttpRequest, product_id: int): + # Get the initial objects + product = self.get_product(product_id) + # Make sure the user is authorized + user_has_permission_or_403(request.user, product, Permissions.Finding_Add) + # Create the necessary nested objects + test = self.create_nested_objects(product) + # Set up the initial context + context = self.get_initial_context(request, test) + # Process the form + _, request, success = self.process_forms(request, test, context) + # Handle the case of a successful form + if success: if '_Finished' in request.POST: return HttpResponseRedirect(reverse('view_test', args=(test.id,))) else: return HttpResponseRedirect(reverse('add_findings', args=(test.id,))) else: - form_error = True - add_error_message_to_response('The form has errors, please correct them below.') - add_field_errors_to_response(jform) - add_field_errors_to_response(form) - - else: - if use_jira: - jform = JIRAFindingForm(push_all=jira_helper.is_push_all_issues(test), prefix='jiraform', - jira_project=jira_helper.get_jira_project(test), finding_form=form) - - if get_system_setting('enable_github'): - if GITHUB_PKey.objects.filter(product=test.engagement.product).count() != 0: - gform = GITHUBFindingForm(enabled=push_all_jira_issues, prefix='githubform') - else: - gform = None - - product_tab = Product_Tab(pid, title="Add Finding", tab="engagements") - product_tab.setEngagement(eng) - return render(request, 'dojo/ad_hoc_findings.html', - {'form': form, - 'product_tab': product_tab, - 'temp': False, - 'tid': test.id, - 'pid': pid, - 'form_error': form_error, - 'jform': jform, - 'gform': gform, - }) + context["form_error"] = True + # Render the form + return render(request, self.get_template(), context) @user_is_authorized(Product, Permissions.Product_View, 'pid') @@ -1306,7 +1487,7 @@ def engagement_presets(request, pid): prod = get_object_or_404(Product, id=pid) presets = Engagement_Presets.objects.filter(product=prod).all() - product_tab = Product_Tab(prod.id, title="Engagement Presets", tab="settings") + product_tab = Product_Tab(prod, title=_("Engagement Presets"), tab="settings") return render(request, 'dojo/view_presets.html', {'product_tab': product_tab, @@ -1319,7 +1500,7 @@ def edit_engagement_presets(request, pid, eid): prod = get_object_or_404(Product, id=pid) preset = get_object_or_404(Engagement_Presets, id=eid) - product_tab = Product_Tab(prod.id, title="Edit Engagement Preset", tab="settings") + product_tab = Product_Tab(prod, title=_("Edit Engagement Preset"), tab="settings") if request.method == 'POST': tform = EngagementPresetsForm(request.POST, instance=preset) @@ -1328,7 +1509,7 @@ def edit_engagement_presets(request, pid, eid): messages.add_message( request, messages.SUCCESS, - 'Engagement Preset Successfully Updated.', + _('Engagement Preset Successfully Updated.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('engagement_presets', args=(pid,))) else: @@ -1353,13 +1534,13 @@ def add_engagement_presets(request, pid): messages.add_message( request, messages.SUCCESS, - 'Engagement Preset Successfully Created.', + _('Engagement Preset Successfully Created.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('engagement_presets', args=(pid,))) else: tform = EngagementPresetsForm() - product_tab = Product_Tab(pid, title="New Engagement Preset", tab="settings") + product_tab = Product_Tab(prod, title=_("New Engagement Preset"), tab="settings") return render(request, 'dojo/new_params.html', {'tform': tform, 'pid': pid, 'product_tab': product_tab}) @@ -1376,7 +1557,7 @@ def delete_engagement_presets(request, pid, eid): preset.delete() messages.add_message(request, messages.SUCCESS, - 'Engagement presets and engagement relationships removed.', + _('Engagement presets and engagement relationships removed.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('engagement_presets', args=(pid,))) @@ -1384,7 +1565,7 @@ def delete_engagement_presets(request, pid, eid): collector.collect([preset]) rels = collector.nested() - product_tab = Product_Tab(pid, title="Delete Engagement Preset", tab="settings") + product_tab = Product_Tab(prod, title=_("Delete Engagement Preset"), tab="settings") return render(request, 'dojo/delete_presets.html', {'product': product, 'form': form, @@ -1411,7 +1592,7 @@ def edit_notifications(request, pid): form.save() messages.add_message(request, messages.SUCCESS, - 'Notification settings updated.', + _('Notification settings updated.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product', args=(pid,))) @@ -1424,11 +1605,12 @@ def add_product_member(request, pid): if request.method == 'POST': memberform = Add_Product_MemberForm(request.POST, initial={'product': product.id}) if memberform.is_valid(): - if memberform.cleaned_data['role'].is_owner and not user_has_permission(request.user, product, Permissions.Product_Member_Add_Owner): + if memberform.cleaned_data['role'].is_owner and not user_has_permission(request.user, product, + Permissions.Product_Member_Add_Owner): messages.add_message(request, - messages.WARNING, - 'You are not permitted to add users as owners.', - extra_tags='alert-warning') + messages.WARNING, + _('You are not permitted to add users as owners.'), + extra_tags='alert-warning') else: if 'users' in memberform.cleaned_data and len(memberform.cleaned_data['users']) > 0: for user in memberform.cleaned_data['users']: @@ -1440,11 +1622,11 @@ def add_product_member(request, pid): product_member.role = memberform.cleaned_data['role'] product_member.save() messages.add_message(request, - messages.SUCCESS, - 'Product members added successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_product', args=(pid, ))) - product_tab = Product_Tab(pid, title="Add Product Member", tab="settings") + messages.SUCCESS, + _('Product members added successfully.'), + extra_tags='alert-success') + return HttpResponseRedirect(reverse('view_product', args=(pid,))) + product_tab = Product_Tab(product, title=_("Add Product Member"), tab="settings") return render(request, 'dojo/new_product_member.html', { 'product': product, 'form': memberform, @@ -1459,22 +1641,23 @@ def edit_product_member(request, memberid): if request.method == 'POST': memberform = Edit_Product_MemberForm(request.POST, instance=member) if memberform.is_valid(): - if member.role.is_owner and not user_has_permission(request.user, member.product, Permissions.Product_Member_Add_Owner): + if member.role.is_owner and not user_has_permission(request.user, member.product, + Permissions.Product_Member_Add_Owner): messages.add_message(request, - messages.WARNING, - 'You are not permitted to make users to owners.', - extra_tags='alert-warning') + messages.WARNING, + _('You are not permitted to make users to owners.'), + extra_tags='alert-warning') else: memberform.save() messages.add_message(request, - messages.SUCCESS, - 'Product member updated successfully.', - extra_tags='alert-success') + messages.SUCCESS, + _('Product member updated successfully.'), + extra_tags='alert-success') if is_title_in_breadcrumbs('View User'): - return HttpResponseRedirect(reverse('view_user', args=(member.user.id, ))) + return HttpResponseRedirect(reverse('view_user', args=(member.user.id,))) else: - return HttpResponseRedirect(reverse('view_product', args=(member.product.id, ))) - product_tab = Product_Tab(member.product.id, title="Edit Product Member", tab="settings") + return HttpResponseRedirect(reverse('view_product', args=(member.product.id,))) + product_tab = Product_Tab(member.product, title=_("Edit Product Member"), tab="settings") return render(request, 'dojo/edit_product_member.html', { 'memberid': memberid, 'form': memberform, @@ -1492,17 +1675,17 @@ def delete_product_member(request, memberid): user = member.user member.delete() messages.add_message(request, - messages.SUCCESS, - 'Product member deleted successfully.', - extra_tags='alert-success') + messages.SUCCESS, + _('Product member deleted successfully.'), + extra_tags='alert-success') if is_title_in_breadcrumbs('View User'): - return HttpResponseRedirect(reverse('view_user', args=(member.user.id, ))) + return HttpResponseRedirect(reverse('view_user', args=(member.user.id,))) else: if user == request.user: return HttpResponseRedirect(reverse('product')) else: - return HttpResponseRedirect(reverse('view_product', args=(member.product.id, ))) - product_tab = Product_Tab(member.product.id, title="Delete Product Member", tab="settings") + return HttpResponseRedirect(reverse('view_product', args=(member.product.id,))) + product_tab = Product_Tab(member.product, title=_("Delete Product Member"), tab="settings") return render(request, 'dojo/delete_product_member.html', { 'memberid': memberid, 'form': memberform, @@ -1512,7 +1695,6 @@ def delete_product_member(request, memberid): @user_is_authorized(Product, Permissions.Product_API_Scan_Configuration_Add, 'pid') def add_api_scan_configuration(request, pid): - product = get_object_or_404(Product, id=pid) if request.method == 'POST': form = Product_API_Scan_ConfigurationForm(request.POST) @@ -1525,12 +1707,12 @@ def add_api_scan_configuration(request, pid): result = api.test_product_connection(product_api_scan_configuration) messages.add_message(request, messages.SUCCESS, - f'API connection successful with message: {result}.', + _('API connection successful with message: %(result)s.') % {'result': result}, extra_tags='alert-success') product_api_scan_configuration.save() messages.add_message(request, messages.SUCCESS, - 'API Scan Configuration added successfully.', + _('API Scan Configuration added successfully.'), extra_tags='alert-success') if 'add_another' in request.POST: return HttpResponseRedirect(reverse('add_api_scan_configuration', args=(pid,))) @@ -1545,22 +1727,22 @@ def add_api_scan_configuration(request, pid): else: form = Product_API_Scan_ConfigurationForm() - product_tab = Product_Tab(pid, title="Add API Scan Configuration", tab="settings") + product_tab = Product_Tab(product, title=_("Add API Scan Configuration"), tab="settings") return render(request, 'dojo/add_product_api_scan_configuration.html', {'form': form, 'product_tab': product_tab, 'product': product, + 'api_scan_configuration_hints': get_api_scan_configuration_hints(), }) @user_is_authorized(Product, Permissions.Product_View, 'pid') def view_api_scan_configurations(request, pid): - product_api_scan_configurations = Product_API_Scan_Configuration.objects.filter(product=pid) - product_tab = Product_Tab(pid, title="API Scan Configurations", tab="settings") + product_tab = Product_Tab(get_object_or_404(Product, id=pid), title=_("API Scan Configurations"), tab="settings") return render(request, 'dojo/view_product_api_scan_configurations.html', { @@ -1572,10 +1754,10 @@ def view_api_scan_configurations(request, pid): @user_is_authorized(Product_API_Scan_Configuration, Permissions.Product_API_Scan_Configuration_Edit, 'pascid') def edit_api_scan_configuration(request, pid, pascid): - product_api_scan_configuration = get_object_or_404(Product_API_Scan_Configuration, id=pascid) - if product_api_scan_configuration.product.pk != int(pid): # user is trying to edit Tool Configuration from another product (trying to by-pass auth) + if product_api_scan_configuration.product.pk != int( + pid): # user is trying to edit Tool Configuration from another product (trying to by-pass auth) raise Http404() if request.method == 'POST': @@ -1588,13 +1770,13 @@ def edit_api_scan_configuration(request, pid, pascid): result = api.test_product_connection(form_copy) messages.add_message(request, messages.SUCCESS, - f'API connection successful with message: {result}.', + _('API connection successful with message: %(result)s.') % {'result': result}, extra_tags='alert-success') form.save() messages.add_message(request, messages.SUCCESS, - 'API Scan Configuration successfully updated.', + _('API Scan Configuration successfully updated.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_api_scan_configurations', args=(pid,))) except Exception as e: @@ -1606,21 +1788,22 @@ def edit_api_scan_configuration(request, pid, pascid): else: form = Product_API_Scan_ConfigurationForm(instance=product_api_scan_configuration) - product_tab = Product_Tab(pid, title="Edit API Scan Configuration", tab="settings") + product_tab = Product_Tab(get_object_or_404(Product, id=pid), title=_("Edit API Scan Configuration"), tab="settings") return render(request, 'dojo/edit_product_api_scan_configuration.html', { 'form': form, - 'product_tab': product_tab + 'product_tab': product_tab, + 'api_scan_configuration_hints': get_api_scan_configuration_hints(), }) @user_is_authorized(Product_API_Scan_Configuration, Permissions.Product_API_Scan_Configuration_Delete, 'pascid') def delete_api_scan_configuration(request, pid, pascid): - product_api_scan_configuration = get_object_or_404(Product_API_Scan_Configuration, id=pascid) - if product_api_scan_configuration.product.pk != int(pid): # user is trying to delete Tool Configuration from another product (trying to by-pass auth) + if product_api_scan_configuration.product.pk != int( + pid): # user is trying to delete Tool Configuration from another product (trying to by-pass auth) raise Http404() if request.method == 'POST': @@ -1628,13 +1811,13 @@ def delete_api_scan_configuration(request, pid, pascid): product_api_scan_configuration.delete() messages.add_message(request, messages.SUCCESS, - 'API Scan Configuration deleted.', + _('API Scan Configuration deleted.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_api_scan_configurations', args=(pid,))) else: form = DeleteProduct_API_Scan_ConfigurationForm(instance=product_api_scan_configuration) - product_tab = Product_Tab(pid, title="Delete Tool Configuration", tab="settings") + product_tab = Product_Tab(get_object_or_404(Product, id=pid), title=_("Delete Tool Configuration"), tab="settings") return render(request, 'dojo/delete_product_api_scan_configuration.html', { @@ -1652,23 +1835,24 @@ def edit_product_group(request, groupid): if request.method == 'POST': groupform = Edit_Product_Group_Form(request.POST, instance=group) if groupform.is_valid(): - if group.role.is_owner and not user_has_permission(request.user, group.product, Permissions.Product_Group_Add_Owner): + if group.role.is_owner and not user_has_permission(request.user, group.product, + Permissions.Product_Group_Add_Owner): messages.add_message(request, messages.WARNING, - 'You are not permitted to make groups owners.', + _('You are not permitted to make groups owners.'), extra_tags='alert-warning') else: groupform.save() messages.add_message(request, messages.SUCCESS, - 'Product group updated successfully.', + _('Product group updated successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View Group'): - return HttpResponseRedirect(reverse('view_group', args=(group.group.id, ))) + return HttpResponseRedirect(reverse('view_group', args=(group.group.id,))) else: - return HttpResponseRedirect(reverse('view_product', args=(group.product.id, ))) + return HttpResponseRedirect(reverse('view_product', args=(group.product.id,))) - product_tab = Product_Tab(group.product.id, title="Edit Product Group", tab="settings") + product_tab = Product_Tab(group.product, title=_("Edit Product Group"), tab="settings") return render(request, 'dojo/edit_product_group.html', { 'groupid': groupid, 'form': groupform, @@ -1687,16 +1871,16 @@ def delete_product_group(request, groupid): group.delete() messages.add_message(request, messages.SUCCESS, - 'Product group deleted successfully.', + _('Product group deleted successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View Group'): - return HttpResponseRedirect(reverse('view_group', args=(group.group.id, ))) + return HttpResponseRedirect(reverse('view_group', args=(group.group.id,))) else: # TODO: If user was in the group that was deleted and no longer has access, redirect back to product listing # page - return HttpResponseRedirect(reverse('view_product', args=(group.product.id, ))) + return HttpResponseRedirect(reverse('view_product', args=(group.product.id,))) - product_tab = Product_Tab(group.product.id, title="Delete Product Group", tab="settings") + product_tab = Product_Tab(group.product, title=_("Delete Product Group"), tab="settings") return render(request, 'dojo/delete_product_group.html', { 'groupid': groupid, 'form': groupform, @@ -1712,10 +1896,11 @@ def add_product_group(request, pid): if request.method == 'POST': group_form = Add_Product_GroupForm(request.POST, initial={'product': product.id}) if group_form.is_valid(): - if group_form.cleaned_data['role'].is_owner and not user_has_permission(request.user, product, Permissions.Product_Group_Add_Owner): + if group_form.cleaned_data['role'].is_owner and not user_has_permission(request.user, product, + Permissions.Product_Group_Add_Owner): messages.add_message(request, messages.WARNING, - 'You are not permitted to add groups as owners.', + _('You are not permitted to add groups as owners.'), extra_tags='alert-warning') else: if 'groups' in group_form.cleaned_data and len(group_form.cleaned_data['groups']) > 0: @@ -1728,11 +1913,11 @@ def add_product_group(request, pid): product_group.role = group_form.cleaned_data['role'] product_group.save() messages.add_message(request, - messages.SUCCESS, - 'Product groups added successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('view_product', args=(pid, ))) - product_tab = Product_Tab(pid, title="Edit Product Group", tab="settings") + messages.SUCCESS, + _('Product groups added successfully.'), + extra_tags='alert-success') + return HttpResponseRedirect(reverse('view_product', args=(pid,))) + product_tab = Product_Tab(product, title=_("Edit Product Group"), tab="settings") return render(request, 'dojo/new_product_group.html', { 'product': product, 'form': group_form, diff --git a/dojo/product_type/queries.py b/dojo/product_type/queries.py index 5f6cfe22eba..6b5f5657769 100644 --- a/dojo/product_type/queries.py +++ b/dojo/product_type/queries.py @@ -1,6 +1,5 @@ from crum import get_current_user from django.db.models import Exists, OuterRef, Q -from django.conf import settings from dojo.models import Product_Type, Product_Type_Member, Product_Type_Group from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission, user_has_permission, \ role_has_permission @@ -17,9 +16,6 @@ def get_authorized_product_types(permission): if user.is_superuser: return Product_Type.objects.all().order_by('name') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Type.objects.all().order_by('name') - if user_has_global_permission(user, permission): return Product_Type.objects.all().order_by('name') @@ -43,7 +39,7 @@ def get_authorized_members_for_product_type(product_type, permission): user = get_current_user() if user.is_superuser or user_has_permission(user, product_type, permission): - return Product_Type_Member.objects.filter(product_type=product_type).order_by('user__first_name', 'user__last_name').select_related('role') + return Product_Type_Member.objects.filter(product_type=product_type).order_by('user__first_name', 'user__last_name').select_related('role', 'product_type', 'user') else: return None @@ -53,7 +49,7 @@ def get_authorized_groups_for_product_type(product_type, permission): if user.is_superuser or user_has_permission(user, product_type, permission): authorized_groups = get_authorized_groups(Permissions.Group_View) - return Product_Type_Group.objects.filter(product_type=product_type, group__in=authorized_groups).order_by('group__name').select_related('role') + return Product_Type_Group.objects.filter(product_type=product_type, group__in=authorized_groups).order_by('group__name').select_related('role', 'group') else: return None @@ -67,9 +63,6 @@ def get_authorized_product_type_members(permission): if user.is_superuser: return Product_Type_Member.objects.all().select_related('role') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Type_Member.objects.all().select_related('role') - if user_has_global_permission(user, permission): return Product_Type_Member.objects.all().select_related('role') @@ -86,9 +79,6 @@ def get_authorized_product_type_members_for_user(user, permission): if request_user.is_superuser: return Product_Type_Member.objects.filter(user=user).select_related('role', 'product_type') - if request_user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Type_Member.objects.filter(user=user).select_related('role', 'product_type') - if hasattr(request_user, 'global_role') and request_user.global_role.role is not None and role_has_permission(request_user.global_role.role.id, permission): return Product_Type_Member.objects.filter(user=user).select_related('role', 'product_type') @@ -105,8 +95,5 @@ def get_authorized_product_type_groups(permission): if user.is_superuser: return Product_Type_Group.objects.all().select_related('role') - if user.is_staff and settings.AUTHORIZATION_STAFF_OVERRIDE: - return Product_Type_Group.objects.all().select_related('role') - product_types = get_authorized_product_types(permission) return Product_Type_Group.objects.filter(product_type__in=product_types).select_related('role') diff --git a/dojo/product_type/urls.py b/dojo/product_type/urls.py index 6a2a3ddf8a1..c4536aca8b0 100644 --- a/dojo/product_type/urls.py +++ b/dojo/product_type/urls.py @@ -1,32 +1,32 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.product_type import views from dojo.product import views as product_views urlpatterns = [ # product type - url(r'^product/type$', views.product_type, name='product_type'), - url(r'^product/type/(?P\d+)$', + re_path(r'^product/type$', views.product_type, name='product_type'), + re_path(r'^product/type/(?P\d+)$', views.view_product_type, name='view_product_type'), - url(r'^product/type/(?P\d+)/edit$', + re_path(r'^product/type/(?P\d+)/edit$', views.edit_product_type, name='edit_product_type'), - url(r'^product/type/(?P\d+)/delete$', + re_path(r'^product/type/(?P\d+)/delete$', views.delete_product_type, name='delete_product_type'), - url(r'^product/type/add$', views.add_product_type, + re_path(r'^product/type/add$', views.add_product_type, name='add_product_type'), - url(r'^product/type/(?P\d+)/add_product', + re_path(r'^product/type/(?P\d+)/add_product', product_views.new_product, name='add_product_to_product_type'), - url(r'^product/type/(?P\d+)/add_member$', views.add_product_type_member, + re_path(r'^product/type/(?P\d+)/add_member$', views.add_product_type_member, name='add_product_type_member'), - url(r'^product/type/member/(?P\d+)/edit$', views.edit_product_type_member, + re_path(r'^product/type/member/(?P\d+)/edit$', views.edit_product_type_member, name='edit_product_type_member'), - url(r'^product/type/member/(?P\d+)/delete$', views.delete_product_type_member, + re_path(r'^product/type/member/(?P\d+)/delete$', views.delete_product_type_member, name='delete_product_type_member'), - url(r'^product/type/(?P\d+)/add_group$', views.add_product_type_group, + re_path(r'^product/type/(?P\d+)/add_group$', views.add_product_type_group, name='add_product_type_group'), - url(r'^product/type/group/(?P\d+)/edit$', views.edit_product_type_group, + re_path(r'^product/type/group/(?P\d+)/edit$', views.edit_product_type_group, name='edit_product_type_group'), - url(r'^product/type/group/(?P\d+)/delete$', views.delete_product_type_group, + re_path(r'^product/type/group/(?P\d+)/delete$', views.delete_product_type_group, name='delete_product_type_group') ] diff --git a/dojo/product_type/views.py b/dojo/product_type/views.py index b6afb02cf46..84bb14c108e 100644 --- a/dojo/product_type/views.py +++ b/dojo/product_type/views.py @@ -6,12 +6,13 @@ from django.urls import reverse from django.http import HttpResponseRedirect from django.shortcuts import render, get_object_or_404 +from django.utils.translation import gettext as _ from dojo.filters import ProductTypeFilter from dojo.forms import Product_TypeForm, Delete_Product_TypeForm, Add_Product_Type_MemberForm, \ Edit_Product_Type_MemberForm, Delete_Product_Type_MemberForm, Add_Product_Type_GroupForm, \ Edit_Product_Type_Group_Form, Delete_Product_Type_GroupForm from dojo.models import Product_Type, Product_Type_Member, Role, Product_Type_Group -from dojo.utils import get_page_items, add_breadcrumb, is_title_in_breadcrumbs +from dojo.utils import get_page_items, add_breadcrumb, is_title_in_breadcrumbs, get_setting, async_delete from dojo.notifications.helper import create_notification from django.db.models import Count, Q from django.db.models.query import QuerySet @@ -41,9 +42,11 @@ def product_type(request): pts.object_list = prefetch_for_product_type(pts.object_list) - add_breadcrumb(title="Product Type List", top_level=True, request=request) + page_name = _("Product Type List") + add_breadcrumb(title=page_name, top_level=True, request=request) + return render(request, 'dojo/product_type.html', { - 'name': 'Product Type List', + 'name': page_name, 'pts': pts, 'ptl': ptl, 'name_words': name_words}) @@ -69,6 +72,7 @@ def prefetch_for_product_type(prod_types): @user_has_global_permission(Permissions.Product_Type_Add) def add_product_type(request): + page_name = _("Add Product Type") form = Product_TypeForm() if request.method == 'POST': form = Product_TypeForm(request.POST) @@ -81,28 +85,31 @@ def add_product_type(request): member.save() messages.add_message(request, messages.SUCCESS, - 'Product type added successfully.', + _('Product type added successfully.'), extra_tags='alert-success') create_notification(event='product_type_added', title=product_type.name, product_type=product_type, url=reverse('view_product_type', args=(product_type.id,))) return HttpResponseRedirect(reverse('product_type')) - add_breadcrumb(title="Add Product Type", top_level=False, request=request) + add_breadcrumb(title=page_name, top_level=False, request=request) + return render(request, 'dojo/new_product_type.html', { - 'name': 'Add Product Type', + 'name': page_name, 'form': form, }) @user_is_authorized(Product_Type, Permissions.Product_Type_View, 'ptid') def view_product_type(request, ptid): + page_name = _("View Product Type") pt = get_object_or_404(Product_Type, pk=ptid) members = get_authorized_members_for_product_type(pt, Permissions.Product_Type_View) groups = get_authorized_groups_for_product_type(pt, Permissions.Product_Type_View) products = get_authorized_products(Permissions.Product_View).filter(prod_type=pt) - add_breadcrumb(title="View Product Type", top_level=False, request=request) + products = get_page_items(request, products, 25) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/view_product_type.html', { - 'name': 'View Product Type', + 'name': page_name, 'pt': pt, 'products': products, 'groups': groups, @@ -118,10 +125,16 @@ def delete_product_type(request, ptid): if 'id' in request.POST and str(product_type.id) == request.POST['id']: form = Delete_Product_TypeForm(request.POST, instance=product_type) if form.is_valid(): - product_type.delete() + if get_setting("ASYNC_OBJECT_DELETE"): + async_del = async_delete() + async_del.delete(product_type) + message = 'Product Type and relationships will be removed in the background.' + else: + message = 'Product Type and relationships removed.' + product_type.delete() messages.add_message(request, messages.SUCCESS, - 'Product Type and relationships removed.', + message, extra_tags='alert-success') create_notification(event='other', title='Deletion of %s' % product_type.name, @@ -131,11 +144,14 @@ def delete_product_type(request, ptid): icon="exclamation-triangle") return HttpResponseRedirect(reverse('product_type')) - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([product_type]) - rels = collector.nested() + rels = [_('Previewing the relationships has been disabled.'), ''] + display_preview = get_setting('DELETE_PREVIEW') + if display_preview: + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([product_type]) + rels = collector.nested() - add_breadcrumb(title="Delete Product Type", top_level=False, request=request) + add_breadcrumb(title=_("Delete Product Type"), top_level=False, request=request) return render(request, 'dojo/delete_product_type.html', {'product_type': product_type, 'form': form, @@ -145,6 +161,7 @@ def delete_product_type(request, ptid): @user_is_authorized(Product_Type, Permissions.Product_Type_Edit, 'ptid') def edit_product_type(request, ptid): + page_name = "Edit Product Type" pt = get_object_or_404(Product_Type, pk=ptid) members = get_authorized_members_for_product_type(pt, Permissions.Product_Type_Manage_Members) pt_form = Product_TypeForm(instance=pt) @@ -155,13 +172,14 @@ def edit_product_type(request, ptid): messages.add_message( request, messages.SUCCESS, - 'Product type updated successfully.', + _('Product type updated successfully.'), extra_tags="alert-success", ) return HttpResponseRedirect(reverse("product_type")) - add_breadcrumb(title="Edit Product Type", top_level=False, request=request) + + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/edit_product_type.html', { - 'name': 'Edit Product Type', + 'name': page_name, 'pt_form': pt_form, 'pt': pt, 'members': members}) @@ -177,7 +195,7 @@ def add_product_type_member(request, ptid): if memberform.cleaned_data['role'].is_owner and not user_has_permission(request.user, pt, Permissions.Product_Type_Member_Add_Owner): messages.add_message(request, messages.WARNING, - 'You are not permitted to add users as owners.', + _('You are not permitted to add users as owners.'), extra_tags='alert-warning') else: if 'users' in memberform.cleaned_data and len(memberform.cleaned_data['users']) > 0: @@ -191,10 +209,10 @@ def add_product_type_member(request, ptid): product_type_member.save() messages.add_message(request, messages.SUCCESS, - 'Product type members added successfully.', + _('Product type members added successfully.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product_type', args=(ptid, ))) - add_breadcrumb(title="Add Product Type Member", top_level=False, request=request) + add_breadcrumb(title=_("Add Product Type Member"), top_level=False, request=request) return render(request, 'dojo/new_product_type_member.html', { 'pt': pt, 'form': memberform, @@ -203,6 +221,7 @@ def add_product_type_member(request, ptid): @user_is_authorized(Product_Type_Member, Permissions.Product_Type_Manage_Members, 'memberid') def edit_product_type_member(request, memberid): + page_name = _("Edit Product Type Member") member = get_object_or_404(Product_Type_Member, pk=memberid) memberform = Edit_Product_Type_MemberForm(instance=member) if request.method == 'POST': @@ -211,9 +230,8 @@ def edit_product_type_member(request, memberid): if not member.role.is_owner: owners = Product_Type_Member.objects.filter(product_type=member.product_type, role__is_owner=True).exclude(id=member.id).count() if owners < 1: - messages.add_message(request, - messages.SUCCESS, - 'There must be at least one owner for Product Type {}.'.format(member.product_type.name), + messages.add_message(request, messages.SUCCESS, + _('There must be at least one owner for Product Type %(product_type_name)s.') % {'product_type_name': member.product_type.name}, extra_tags='alert-warning') if is_title_in_breadcrumbs('View User'): return HttpResponseRedirect(reverse('view_user', args=(member.user.id, ))) @@ -228,14 +246,15 @@ def edit_product_type_member(request, memberid): memberform.save() messages.add_message(request, messages.SUCCESS, - 'Product type member updated successfully.', + _('Product type member updated successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View User'): return HttpResponseRedirect(reverse('view_user', args=(member.user.id, ))) else: return HttpResponseRedirect(reverse('view_product_type', args=(member.product_type.id, ))) - add_breadcrumb(title="Edit Product Type Member", top_level=False, request=request) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/edit_product_type_member.html', { + 'name': page_name, 'memberid': memberid, 'form': memberform, }) @@ -243,6 +262,7 @@ def edit_product_type_member(request, memberid): @user_is_authorized(Product_Type_Member, Permissions.Product_Type_Member_Delete, 'memberid') def delete_product_type_member(request, memberid): + page_name = "Delete Product Type Member" member = get_object_or_404(Product_Type_Member, pk=memberid) memberform = Delete_Product_Type_MemberForm(instance=member) if request.method == 'POST': @@ -253,7 +273,7 @@ def delete_product_type_member(request, memberid): if owners <= 1: messages.add_message(request, messages.SUCCESS, - 'There must be at least one owner.', + _('There must be at least one owner.'), extra_tags='alert-warning') return HttpResponseRedirect(reverse('view_product_type', args=(member.product_type.id, ))) @@ -261,7 +281,7 @@ def delete_product_type_member(request, memberid): member.delete() messages.add_message(request, messages.SUCCESS, - 'Product type member deleted successfully.', + _('Product type member deleted successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View User'): return HttpResponseRedirect(reverse('view_user', args=(member.user.id, ))) @@ -270,8 +290,9 @@ def delete_product_type_member(request, memberid): return HttpResponseRedirect(reverse('product_type')) else: return HttpResponseRedirect(reverse('view_product_type', args=(member.product_type.id, ))) - add_breadcrumb(title="Delete Product Type Member", top_level=False, request=request) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/delete_product_type_member.html', { + 'name': page_name, 'memberid': memberid, 'form': memberform, }) @@ -279,6 +300,7 @@ def delete_product_type_member(request, memberid): @user_is_authorized(Product_Type, Permissions.Product_Type_Group_Add, 'ptid') def add_product_type_group(request, ptid): + page_name = "Add Product Type Group" pt = get_object_or_404(Product_Type, pk=ptid) group_form = Add_Product_Type_GroupForm(initial={'product_type': pt.id}) @@ -288,7 +310,7 @@ def add_product_type_group(request, ptid): if group_form.cleaned_data['role'].is_owner and not user_has_permission(request.user, pt, Permissions.Product_Type_Group_Add_Owner): messages.add_message(request, messages.WARNING, - 'You are not permitted to add groups as owners.', + _('You are not permitted to add groups as owners.'), extra_tags='alert-warning') else: if 'groups' in group_form.cleaned_data and len(group_form.cleaned_data['groups']) > 0: @@ -302,12 +324,13 @@ def add_product_type_group(request, ptid): product_type_group.save() messages.add_message(request, messages.SUCCESS, - 'Product type groups added successfully.', + _('Product type groups added successfully.'), extra_tags='alert-success') return HttpResponseRedirect(reverse('view_product_type', args=(ptid,))) - add_breadcrumb(title="Add Product Type Group", top_level=False, request=request) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/new_product_type_group.html', { + 'name': page_name, 'pt': pt, 'form': group_form, }) @@ -315,6 +338,7 @@ def add_product_type_group(request, ptid): @user_is_authorized(Product_Type_Group, Permissions.Product_Type_Group_Edit, 'groupid') def edit_product_type_group(request, groupid): + page_name = "Edit Product Type Group" group = get_object_or_404(Product_Type_Group, pk=groupid) groupform = Edit_Product_Type_Group_Form(instance=group) @@ -324,21 +348,22 @@ def edit_product_type_group(request, groupid): if group.role.is_owner and not user_has_permission(request.user, group.product_type, Permissions.Product_Type_Group_Add_Owner): messages.add_message(request, messages.WARNING, - 'You are not permitted to make groups owners.', + _('You are not permitted to make groups owners.'), extra_tags='alert-warning') else: groupform.save() messages.add_message(request, messages.SUCCESS, - 'Product type group updated successfully.', + _('Product type group updated successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View Group'): return HttpResponseRedirect(reverse('view_group', args=(group.group.id,))) else: return HttpResponseRedirect(reverse('view_product_type', args=(group.product_type.id,))) - add_breadcrumb(title="Edit Product Type Group", top_level=False, request=request) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, 'dojo/edit_product_type_group.html', { + 'name': page_name, 'groupid': groupid, 'form': groupform }) @@ -346,6 +371,7 @@ def edit_product_type_group(request, groupid): @user_is_authorized(Product_Type_Group, Permissions.Product_Type_Group_Delete, 'groupid') def delete_product_type_group(request, groupid): + page_name = "Delete Product Type Group" group = get_object_or_404(Product_Type_Group, pk=groupid) groupform = Delete_Product_Type_GroupForm(instance=group) @@ -355,7 +381,7 @@ def delete_product_type_group(request, groupid): group.delete() messages.add_message(request, messages.SUCCESS, - 'Product type group deleted successfully.', + _('Product type group deleted successfully.'), extra_tags='alert-success') if is_title_in_breadcrumbs('View Group'): return HttpResponseRedirect(reverse('view_group', args=(group.group.id, ))) @@ -364,8 +390,9 @@ def delete_product_type_group(request, groupid): # types page return HttpResponseRedirect(reverse('view_product_type', args=(group.product_type.id, ))) - add_breadcrumb("Delete Product Type Group", top_level=False, request=request) + add_breadcrumb(page_name, top_level=False, request=request) return render(request, 'dojo/delete_product_type_group.html', { + 'name': page_name, 'groupid': groupid, 'form': groupform }) diff --git a/dojo/regulations/urls.py b/dojo/regulations/urls.py index 0badf4e7527..d99ba894401 100644 --- a/dojo/regulations/urls.py +++ b/dojo/regulations/urls.py @@ -1,8 +1,8 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^regulations/add', views.new_regulation, name='new_regulation'), - url(r'^regulations/(?P\d+)/edit$', views.edit_regulations, + re_path(r'^regulations/add', views.new_regulation, name='new_regulation'), + re_path(r'^regulations/(?P\d+)/edit$', views.edit_regulations, name='edit_regulations'), - url(r'^regulations$', views.regulations, name='regulations'), ] + re_path(r'^regulations$', views.regulations, name='regulations'), ] diff --git a/dojo/regulations/views.py b/dojo/regulations/views.py index df22fad60f7..232a87574a7 100644 --- a/dojo/regulations/views.py +++ b/dojo/regulations/views.py @@ -1,20 +1,22 @@ # # product import logging +from django.contrib.auth.decorators import login_required from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test from django.urls import reverse from django.http import HttpResponseRedirect from django.shortcuts import render from dojo.utils import add_breadcrumb from dojo.forms import RegulationForm from dojo.models import Regulation +from dojo.authorization.authorization_decorators import user_is_configuration_authorized +from dojo.authorization.authorization import user_has_configuration_permission_or_403 logger = logging.getLogger(__name__) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.add_regulation') def new_regulation(request): if request.method == 'POST': tform = RegulationForm(request.POST, instance=Regulation()) @@ -32,10 +34,11 @@ def new_regulation(request): {'form': tform}) -@user_passes_test(lambda u: u.is_superuser) +@user_is_configuration_authorized('dojo.change_regulation') def edit_regulations(request, ttid): regulation = Regulation.objects.get(pk=ttid) if request.method == 'POST' and request.POST.get('delete'): + user_has_configuration_permission_or_403(request.user, 'dojo.delete_regulation') Regulation.objects.filter(pk=ttid).delete() messages.add_message(request, messages.SUCCESS, @@ -62,6 +65,7 @@ def edit_regulations(request, ttid): }) +@login_required def regulations(request): confs = Regulation.objects.all().order_by('name') add_breadcrumb(title="Regulations", top_level=not len(request.GET), request=request) diff --git a/dojo/remote_user.py b/dojo/remote_user.py new file mode 100644 index 00000000000..7ed5f0a6a4a --- /dev/null +++ b/dojo/remote_user.py @@ -0,0 +1,101 @@ +import logging +from django.contrib.auth.middleware import RemoteUserMiddleware as OriginalRemoteUserMiddleware +from django.contrib.auth.backends import RemoteUserBackend as OriginalRemoteUserBackend +from drf_spectacular.extensions import OpenApiAuthenticationExtension +from rest_framework.authentication import RemoteUserAuthentication as OriginalRemoteUserAuthentication +from netaddr import IPAddress +from django.conf import settings +from dojo.pipeline import assign_user_to_groups, cleanup_old_groups_for_user +from dojo.models import Dojo_Group + +logger = logging.getLogger(__name__) + + +class RemoteUserAuthentication(OriginalRemoteUserAuthentication): + def authenticate(self, request): + # process only if request is comming from the trusted proxy node + if IPAddress(request.META['REMOTE_ADDR']) in settings.AUTH_REMOTEUSER_TRUSTED_PROXY: + self.header = settings.AUTH_REMOTEUSER_USERNAME_HEADER + if self.header in request.META: + return super().authenticate(request) + else: + return None + else: + logger.debug('Requested came from untrusted proxy %s; This is list of trusted proxies: %s', + IPAddress(request.META['REMOTE_ADDR']), + settings.AUTH_REMOTEUSER_TRUSTED_PROXY) + return None + + +class RemoteUserMiddleware(OriginalRemoteUserMiddleware): + def process_request(self, request): + if not settings.AUTH_REMOTEUSER_ENABLED: + return + + # process only if request is comming from the trusted proxy node + if IPAddress(request.META['REMOTE_ADDR']) in settings.AUTH_REMOTEUSER_TRUSTED_PROXY: + self.header = settings.AUTH_REMOTEUSER_USERNAME_HEADER + if self.header in request.META: + return super().process_request(request) + else: + return + else: + logger.debug('Requested came from untrusted proxy %s; This is list of trusted proxies: %s', + IPAddress(request.META['REMOTE_ADDR']), + settings.AUTH_REMOTEUSER_TRUSTED_PROXY) + return + + +class PersistentRemoteUserMiddleware(RemoteUserMiddleware): + # same as https://github.com/django/django/blob/6654289f5b350dfca3dc4f6abab777459b906756/django/contrib/auth/middleware.py#L128 + force_logout_if_no_header = False + + +class RemoteUserBackend(OriginalRemoteUserBackend): + def configure_user(self, request, user, created=True): + changed = False + + if settings.AUTH_REMOTEUSER_EMAIL_HEADER and \ + settings.AUTH_REMOTEUSER_EMAIL_HEADER in request.META and \ + user.email != request.META[settings.AUTH_REMOTEUSER_EMAIL_HEADER]: + user.email = request.META[settings.AUTH_REMOTEUSER_EMAIL_HEADER] + logger.debug("Updating email for user %s to value %s", user.username, user.email) + changed = True + + if settings.AUTH_REMOTEUSER_FIRSTNAME_HEADER and \ + settings.AUTH_REMOTEUSER_FIRSTNAME_HEADER in request.META and \ + user.first_name != request.META[settings.AUTH_REMOTEUSER_FIRSTNAME_HEADER]: + user.first_name = request.META[settings.AUTH_REMOTEUSER_FIRSTNAME_HEADER] + logger.debug("Updating first_name for user %s to value %s", user.username, user.first_name) + changed = True + + if settings.AUTH_REMOTEUSER_LASTNAME_HEADER and \ + settings.AUTH_REMOTEUSER_LASTNAME_HEADER in request.META and \ + user.last_name != request.META[settings.AUTH_REMOTEUSER_LASTNAME_HEADER]: + user.last_name = request.META[settings.AUTH_REMOTEUSER_LASTNAME_HEADER] + logger.debug("Updating last_name for user %s to value %s", user.username, user.last_name) + changed = True + + if settings.AUTH_REMOTEUSER_GROUPS_HEADER and \ + settings.AUTH_REMOTEUSER_GROUPS_HEADER in request.META: + assign_user_to_groups(user, request.META[settings.AUTH_REMOTEUSER_GROUPS_HEADER].split(','), Dojo_Group.REMOTE) + + if settings.AUTH_REMOTEUSER_GROUPS_CLEANUP and \ + settings.AUTH_REMOTEUSER_GROUPS_HEADER and \ + settings.AUTH_REMOTEUSER_GROUPS_HEADER in request.META: + cleanup_old_groups_for_user(user, request.META[settings.AUTH_REMOTEUSER_GROUPS_HEADER].split(',')) + + if changed: + user.save() + + return user + + +class RemoteUserScheme(OpenApiAuthenticationExtension): + target_class = 'dojo.remote_user.RemoteUserAuthentication' + name = 'remoteUserAuth' + match_subclasses = True + priority = 1 + + def get_security_definition(self, auto_schema): + return settings.SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['remoteUserAuth'] diff --git a/dojo/reports/urls.py b/dojo/reports/urls.py index 6b66b395d51..e4489708fc1 100644 --- a/dojo/reports/urls.py +++ b/dojo/reports/urls.py @@ -1,39 +1,39 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.reports import views urlpatterns = [ # reports - url(r'^product/type/(?P\d+)/report$', + re_path(r'^product/type/(?P\d+)/report$', views.product_type_report, name='product_type_report'), - url(r'^product/(?P\d+)/report$', + re_path(r'^product/(?P\d+)/report$', views.product_report, name='product_report'), - url(r'^product/(?P\d+)/endpoint/report$', + re_path(r'^product/(?P\d+)/endpoint/report$', views.product_endpoint_report, name='product_endpoint_report'), - url(r'^engagement/(?P\d+)/report$', views.engagement_report, + re_path(r'^engagement/(?P\d+)/report$', views.engagement_report, name='engagement_report'), - url(r'^test/(?P\d+)/report$', views.test_report, + re_path(r'^test/(?P\d+)/report$', views.test_report, name='test_report'), - url(r'^endpoint/(?P\d+)/report$', views.endpoint_report, + re_path(r'^endpoint/(?P\d+)/report$', views.endpoint_report, name='endpoint_report'), - url(r'^endpoint/host/(?P\d+)/report$', views.endpoint_host_report, + re_path(r'^endpoint/host/(?P\d+)/report$', views.endpoint_host_report, name='endpoint_host_report'), - url(r'^product/report$', + re_path(r'^product/report$', views.product_findings_report, name='product_findings_report'), - url(r'^reports/cover$', + re_path(r'^reports/cover$', views.report_cover_page, name='report_cover_page'), - url(r'^reports/builder$', + re_path(r'^reports/builder$', views.report_builder, name='report_builder'), - url(r'^reports/findings$', + re_path(r'^reports/findings$', views.report_findings, name='report_findings'), - url(r'^reports/endpoints$', + re_path(r'^reports/endpoints$', views.report_endpoints, name='report_endpoints'), - url(r'^reports/custom$', + re_path(r'^reports/custom$', views.custom_report, name='custom_report'), - url(r'^reports/quick$', + re_path(r'^reports/quick$', views.quick_report, name='quick_report'), - url(r'^reports/csv_export$', + re_path(r'^reports/csv_export$', views.csv_export, name='csv_export'), - url(r'^reports/excel_export$', + re_path(r'^reports/excel_export$', views.excel_export, name='excel_export'), ] diff --git a/dojo/reports/views.py b/dojo/reports/views.py index 57c0e69ffc9..d4697dd2dd9 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -10,10 +10,10 @@ from dateutil.relativedelta import relativedelta from django.conf import settings -from django.core.exceptions import PermissionDenied -from django.http import Http404, HttpResponseForbidden, HttpResponse, QueryDict +from django.http import Http404, HttpResponse, QueryDict from django.shortcuts import render, get_object_or_404 from django.utils import timezone +from django.core.exceptions import PermissionDenied from dojo.filters import ReportFindingFilter, EndpointReportFilter, \ EndpointFilter @@ -28,7 +28,7 @@ from dojo.authorization.roles_permissions import Permissions from dojo.authorization.authorization import user_has_permission_or_403 from dojo.finding.queries import get_authorized_findings -from dojo.finding.views import get_filtered_findings +from dojo.finding.views import BaseListFindings logger = logging.getLogger(__name__) @@ -110,14 +110,14 @@ def custom_report(request): return render(request, 'dojo/custom_html_report.html', {"widgets": widgets, - "host": host, + "host": "", "finding_notes": finding_notes, "finding_images": finding_images, "user_id": request.user.id}) else: - return HttpResponseForbidden() + raise PermissionDenied() else: - return HttpResponseForbidden() + raise PermissionDenied() def report_findings(request): @@ -130,12 +130,6 @@ def report_findings(request): paged_findings = get_page_items(request, findings.qs.distinct().order_by('numerical_severity'), 25) - product_type = None - if 'test__engagement__product__prod_type' in request.GET: - p = request.GET.getlist('test__engagement__product__prod_type', []) - if len(p) == 1: - product_type = get_object_or_404(Product_Type, id=p[0]) - return render(request, 'dojo/report_findings.html', {"findings": paged_findings, @@ -221,7 +215,6 @@ def endpoint_host_report(request, eid): @user_is_authorized(Product, Permissions.Product_View, 'pid') def product_endpoint_report(request, pid): - user = Dojo_User.objects.get(id=request.user.id) product = get_object_or_404(Product.objects.all().prefetch_related('engagement_set__test_set__test_type', 'engagement_set__test_set__environment'), id=pid) endpoint_ids = Endpoint.objects.filter(product=product, finding__active=True, @@ -247,13 +240,7 @@ def product_endpoint_report(request, pid): generate = "_generate" in request.GET add_breadcrumb(parent=product, title="Vulnerable Product Endpoints Report", top_level=False, request=request) report_form = ReportOptionsForm() - template = "dojo/product_endpoint_pdf_report.html" - report_name = "Product Endpoint Report: " + str(product) - report_title = "Product Endpoint Report" - report_subtitle = str(product) - report_info = "Generated By %s on %s" % ( - user.get_full_name(), (timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) try: start_date = Finding.objects.filter(endpoints__in=endpoints.qs).order_by('date')[:1][0].date @@ -335,7 +322,7 @@ def product_endpoint_report(request, pid): else: raise Http404() - product_tab = Product_Tab(product.id, "Product Endpoint Report", tab="endpoints") + product_tab = Product_Tab(product, "Product Endpoint Report", tab="endpoints") return render(request, 'dojo/request_endpoint_report.html', {"endpoints": paged_endpoints, @@ -354,14 +341,7 @@ def generate_report(request, obj, host_view=False): test = None endpoint = None endpoints = None - accepted_findings = None - open_findings = None - closed_findings = None - verified_findings = None report_title = None - report_subtitle = None - report_info = "Generated By %s on %s" % ( - user.get_full_name(), (timezone.now().strftime("%m/%d/%Y %I:%M%p %Z"))) if type(obj).__name__ == "Product_Type": user_has_permission_or_403(request.user, obj, Permissions.Product_Type_View) @@ -373,12 +353,14 @@ def generate_report(request, obj, host_view=False): user_has_permission_or_403(request.user, obj, Permissions.Test_View) elif type(obj).__name__ == "Endpoint": user_has_permission_or_403(request.user, obj, Permissions.Endpoint_View) - elif type(obj).__name__ == "QuerySet" or type(obj).__name__ == "CastTaggedQuerySet": + elif type(obj).__name__ == "QuerySet" or type(obj).__name__ == "CastTaggedQuerySet" or type(obj).__name__ == "TagulousCastTaggedQuerySet": # authorization taken care of by only selecting findings from product user is authed to see pass else: - if not request.user.is_staff: - raise PermissionDenied + if obj is None: + raise Exception('No object is given to generate report for') + else: + raise Exception(f'Report cannot be generated for object of type {type(obj).__name__}') report_format = request.GET.get('report_type', 'AsciiDoc') include_finding_notes = int(request.GET.get('include_finding_notes', 0)) @@ -391,14 +373,12 @@ def generate_report(request, obj, host_view=False): disclaimer = 'Please configure in System Settings.' generate = "_generate" in request.GET report_name = str(obj) - report_type = type(obj).__name__ add_breadcrumb(title="Generate Report", top_level=False, request=request) if type(obj).__name__ == "Product_Type": product_type = obj template = "dojo/product_type_pdf_report.html" report_name = "Product Type Report: " + str(product_type) report_title = "Product Type Report" - report_subtitle = str(product_type) findings = ReportFindingFilter(request.GET, prod_type=product_type, queryset=prefetch_related_findings_for_report(Finding.objects.filter( test__engagement__product__prod_type=product_type))) @@ -450,7 +430,6 @@ def generate_report(request, obj, host_view=False): template = "dojo/product_pdf_report.html" report_name = "Product Report: " + str(product) report_title = "Product Report" - report_subtitle = str(product) findings = ReportFindingFilter(request.GET, product=product, queryset=prefetch_related_findings_for_report(Finding.objects.filter( test__engagement__product=product))) ids = set(finding.id for finding in findings.qs) @@ -483,7 +462,6 @@ def generate_report(request, obj, host_view=False): report_name = "Engagement Report: " + str(engagement) template = 'dojo/engagement_pdf_report.html' report_title = "Engagement Report" - report_subtitle = str(engagement) ids = set(finding.id for finding in findings.qs) tests = Test.objects.filter(finding__id__in=ids).distinct() @@ -513,7 +491,6 @@ def generate_report(request, obj, host_view=False): template = "dojo/test_pdf_report.html" report_name = "Test Report: " + str(test) report_title = "Test Report" - report_subtitle = str(test) context = {'test': test, 'report_name': report_name, @@ -537,13 +514,10 @@ def generate_report(request, obj, host_view=False): endpoints = Endpoint.objects.filter(host=endpoint.host, product=endpoint.product).distinct() report_title = "Endpoint Host Report" - report_subtitle = endpoint.host else: report_name = "Endpoint Report: " + str(endpoint) endpoints = Endpoint.objects.filter(pk=endpoint.id).distinct() report_title = "Endpoint Report" - report_subtitle = str(endpoint) - report_type = "Endpoint" template = 'dojo/endpoint_pdf_report.html' findings = ReportFindingFilter(request.GET, queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) @@ -563,14 +537,11 @@ def generate_report(request, obj, host_view=False): 'title': report_title, 'host': report_url_resolver(request), 'user_id': request.user.id} - elif type(obj).__name__ == "QuerySet" or type(obj).__name__ == "CastTaggedQuerySet": - findings = ReportFindingFilter(request.GET, - queryset=prefetch_related_findings_for_report(obj).distinct()) + elif type(obj).__name__ in ["QuerySet", "CastTaggedQuerySet", "TagulousCastTaggedQuerySet"]: + findings = ReportFindingFilter(request.GET, queryset=prefetch_related_findings_for_report(obj).distinct()) report_name = 'Finding' - report_type = 'Finding' template = 'dojo/finding_pdf_report.html' report_title = "Finding Report" - report_subtitle = '' context = {'findings': findings.qs.distinct().order_by('numerical_severity'), 'report_name': report_name, @@ -647,18 +618,18 @@ def generate_report(request, obj, host_view=False): product_tab = None if engagement: - product_tab = Product_Tab(engagement.product.id, title="Engagement Report", tab="engagements") + product_tab = Product_Tab(engagement.product, title="Engagement Report", tab="engagements") product_tab.setEngagement(engagement) elif test: - product_tab = Product_Tab(test.engagement.product.id, title="Test Report", tab="engagements") + product_tab = Product_Tab(test.engagement.product, title="Test Report", tab="engagements") product_tab.setEngagement(test.engagement) elif product: - product_tab = Product_Tab(product.id, title="Product Report", tab="findings") + product_tab = Product_Tab(product, title="Product Report", tab="findings") elif endpoints: if host_view: - product_tab = Product_Tab(endpoint.product.id, title="Endpoint Host Report", tab="endpoints") + product_tab = Product_Tab(endpoint.product, title="Endpoint Host Report", tab="endpoints") else: - product_tab = Product_Tab(endpoint.product.id, title="Endpoint Report", tab="endpoints") + product_tab = Product_Tab(endpoint.product, title="Endpoint Report", tab="endpoints") return render(request, 'dojo/request_report.html', {'product_type': product_type, @@ -725,7 +696,7 @@ def generate_quick_report(request, findings, obj=None): def get_list_index(list, index): try: element = list[index] - except Exception as e: + except Exception: element = None return element @@ -743,7 +714,7 @@ def get_findings(request): 'false_positive', 'inactive'] # request.path = url obj_name = obj_id = view = query = None - path_items = list(filter(None, re.split('/|\?', url))) # noqa W605 + path_items = list(filter(None, re.split(r'/|\?', url))) try: finding_index = path_items.index('finding') @@ -806,7 +777,12 @@ def get_findings(request): user_has_permission_or_403(request.user, obj, Permissions.Test_View) request.GET = QueryDict(query) - findings = get_filtered_findings(request, pid, eid, tid, filter_name).qs + list_findings = BaseListFindings( + filter_name=filter_name, + product_id=pid, + engagement_id=eid, + test_id=tid) + findings = list_findings.get_fully_filtered_findings(request).qs return findings, obj @@ -820,7 +796,8 @@ def get_excludes(): return ['SEVERITIES', 'age', 'github_issue', 'jira_issue', 'objects', 'risk_acceptance', 'test__engagement__product__authorized_group', 'test__engagement__product__member', 'test__engagement__product__prod_type__authorized_group', 'test__engagement__product__prod_type__member', - 'unsaved_endpoints'] + 'unsaved_endpoints', 'unsaved_vulnerability_ids', 'unsaved_files', 'unsaved_request', 'unsaved_response', + 'unsaved_tags', 'vulnerability_ids', 'cve'] def get_foreign_keys(): @@ -828,21 +805,33 @@ def get_foreign_keys(): 'mitigated_by', 'reporter', 'review_requested_by', 'sonarqube_issue', 'test'] +def get_attributes(): + return ["sla_age", "sla_deadline", "sla_days_remaining"] + + def csv_export(request): findings, obj = get_findings(request) - response = HttpResponse(content_type='text/csv') response['Content-Disposition'] = 'attachment; filename=findings.csv' - writer = csv.writer(response) - + allowed_attributes = get_attributes() + excludes_list = get_excludes() + allowed_foreign_keys = get_attributes() first_row = True + for finding in findings: if first_row: fields = [] for key in dir(finding): - if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'): + try: + if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'): + if callable(getattr(finding, key)) and key not in allowed_attributes: + continue + fields.append(key) + except Exception as exc: + logger.error('Error in attribute: ' + str(exc)) fields.append(key) + continue fields.append('test') fields.append('found_by') fields.append('engagement_id') @@ -850,6 +839,7 @@ def csv_export(request): fields.append('product_id') fields.append('product') fields.append('endpoints') + fields.append('vulnerability_ids') writer.writerow(fields) @@ -857,13 +847,24 @@ def csv_export(request): if not first_row: fields = [] for key in dir(finding): - if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'): - value = finding.__dict__.get(key) - if key in get_foreign_keys() and getattr(finding, key): - value = str(getattr(finding, key)) - if value and isinstance(value, str): - value = value.replace('\n', ' NEWLINE ').replace('\r', '') - fields.append(value) + try: + if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'): + if not callable(getattr(finding, key)): + value = finding.__dict__.get(key) + if (key in allowed_foreign_keys or key in allowed_attributes) and getattr(finding, key): + if callable(getattr(finding, key)): + func = getattr(finding, key) + result = func() + value = result + else: + value = str(getattr(finding, key)) + if value and isinstance(value, str): + value = value.replace('\n', ' NEWLINE ').replace('\r', '') + fields.append(value) + except Exception as exc: + logger.error('Error in attribute: ' + str(exc)) + fields.append("Value not supported") + continue fields.append(finding.test.title) fields.append(finding.test.test_type.name) fields.append(finding.test.engagement.id) @@ -883,6 +884,20 @@ def csv_export(request): endpoint_value = endpoint_value[:-2] fields.append(endpoint_value) + vulnerability_ids_value = '' + num_vulnerability_ids = 0 + for vulnerability_id in finding.vulnerability_ids: + num_vulnerability_ids += 1 + if num_vulnerability_ids > 5: + vulnerability_ids_value += '...' + break + vulnerability_ids_value += f'{str(vulnerability_id)}; ' + if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: + vulnerability_ids_value += finding.cve + if vulnerability_ids_value.endswith('; '): + vulnerability_ids_value = vulnerability_ids_value[:-2] + fields.append(vulnerability_ids_value) + writer.writerow(fields) return response @@ -890,23 +905,31 @@ def csv_export(request): def excel_export(request): findings, obj = get_findings(request) - workbook = Workbook() workbook.iso_dates = True worksheet = workbook.active worksheet.title = 'Findings' - font_bold = Font(bold=True) + allowed_attributes = get_attributes() + excludes_list = get_excludes() + allowed_foreign_keys = get_attributes() row_num = 1 for finding in findings: if row_num == 1: col_num = 1 for key in dir(finding): - if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'): + try: + if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'): + if callable(getattr(finding, key)) and key not in allowed_attributes: + continue + cell = worksheet.cell(row=row_num, column=col_num, value=key) + cell.font = font_bold + col_num += 1 + except Exception as exc: + logger.error('Error in attribute: ' + str(exc)) cell = worksheet.cell(row=row_num, column=col_num, value=key) - cell.font = font_bold - col_num += 1 + continue cell = worksheet.cell(row=row_num, column=col_num, value='found_by') cell.font = font_bold col_num += 1 @@ -924,19 +947,33 @@ def excel_export(request): col_num += 1 cell = worksheet.cell(row=row_num, column=col_num, value='endpoints') cell.font = font_bold + col_num += 1 + cell = worksheet.cell(row=row_num, column=col_num, value='vulnerability_ids') + cell.font = font_bold row_num = 2 if row_num > 1: col_num = 1 for key in dir(finding): - if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'): - value = finding.__dict__.get(key) - if key in get_foreign_keys() and getattr(finding, key): - value = str(getattr(finding, key)) - if value and isinstance(value, datetime): - value = value.replace(tzinfo=None) - worksheet.cell(row=row_num, column=col_num, value=value) - col_num += 1 + try: + if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'): + if not callable(getattr(finding, key)): + value = finding.__dict__.get(key) + if (key in allowed_foreign_keys or key in allowed_attributes) and getattr(finding, key): + if callable(getattr(finding, key)): + func = getattr(finding, key) + result = func() + value = result + else: + value = str(getattr(finding, key)) + if value and isinstance(value, datetime): + value = value.replace(tzinfo=None) + worksheet.cell(row=row_num, column=col_num, value=value) + col_num += 1 + except Exception as exc: + logger.error('Error in attribute: ' + str(exc)) + worksheet.cell(row=row_num, column=col_num, value="Value not supported") + continue worksheet.cell(row=row_num, column=col_num, value=finding.test.test_type.name) col_num += 1 worksheet.cell(row=row_num, column=col_num, value=finding.test.engagement.id) @@ -959,6 +996,21 @@ def excel_export(request): if endpoint_value.endswith('; \n'): endpoint_value = endpoint_value[:-3] worksheet.cell(row=row_num, column=col_num, value=endpoint_value) + col_num += 1 + + vulnerability_ids_value = '' + num_vulnerability_ids = 0 + for vulnerability_id in finding.vulnerability_ids: + num_vulnerability_ids += 1 + if num_vulnerability_ids > 5: + vulnerability_ids_value += '...' + break + vulnerability_ids_value += f'{str(vulnerability_id)}; \n' + if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: + vulnerability_ids_value += finding.cve + if vulnerability_ids_value.endswith('; \n'): + vulnerability_ids_value = vulnerability_ids_value[:-3] + worksheet.cell(row=row_num, column=col_num, value=vulnerability_ids_value) row_num += 1 diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py index 2e7f00e2534..8de81af33be 100644 --- a/dojo/reports/widgets.py +++ b/dojo/reports/widgets.py @@ -7,7 +7,7 @@ from django.forms.utils import flatatt from django.http import QueryDict from django.template.loader import render_to_string -from django.utils.encoding import force_text +from django.utils.encoding import force_str from django.utils.html import format_html from django.utils.safestring import mark_safe @@ -28,7 +28,7 @@ class CustomReportJsonForm(forms.Form): def clean_json(self): jdata = self.cleaned_data['json'] try: - json_data = json.loads(jdata) + json.loads(jdata) except: raise forms.ValidationError("Invalid data in json") return jdata @@ -65,38 +65,38 @@ def render(self, name, value, attrs=None, renderer=None): final_attrs = self.build_attrs(attrs) return format_html( '
    ' - '' - '' + '' + '' '' - '' + '' '' - '
    ' + '
    ' '' - '' + '' '' - '' - '' - '' + '' + '' + '' '
    ' '' - '' + '' '' - '' + '' '' - '' + '' '' - '
    ' + '
    ' '' - '
    ' + '
    ' '' '
    ' '' - '
    ' + '
    ' '' - '' - '


    \r\n{}
    ', + '' + '

    \r\n{}', flatatt(final_attrs), - force_text(value)) + force_str(value)) class WYSIWYGContentForm(forms.Form): @@ -145,7 +145,7 @@ def get_option_form(self): return mark_safe( "
    " + - self.get_html() + "
    " + self.get_html() + "
    " "
    ") @@ -402,11 +402,9 @@ def report_widget_factory(json_data=None, request=None, user=None, finding_notes d = QueryDict(mutable=True) for item in widget.get(list(widget.keys())[0]): if item['name'] in d: - d.getlist(item['name']).append(item['value']) + d.appendlist(item['name'], item['value']) else: d[item['name']] = item['value'] - from dojo.endpoint.views import get_endpoint_ids - ids = get_endpoint_ids(endpoints) endpoints = Endpoint.objects.filter(id__in=endpoints) endpoints = EndpointFilter(d, queryset=endpoints, user=request.user) @@ -421,7 +419,7 @@ def report_widget_factory(json_data=None, request=None, user=None, finding_notes d = QueryDict(mutable=True) for item in widget.get(list(widget.keys())[0]): if item['name'] in d: - d.getlist(item['name']).append(item['value']) + d.appendlist(item['name'], item['value']) else: d[item['name']] = item['value'] diff --git a/dojo/risk_acceptance/api.py b/dojo/risk_acceptance/api.py index 77a82c53ff0..d862453a2fc 100644 --- a/dojo/risk_acceptance/api.py +++ b/dojo/risk_acceptance/api.py @@ -10,18 +10,21 @@ from drf_yasg.utils import swagger_auto_schema from dojo.api_v2.serializers import RiskAcceptanceSerializer -from dojo.models import Risk_Acceptance, User +from dojo.models import Risk_Acceptance, User, Vulnerability_Id from django.utils import timezone from dojo.authorization.roles_permissions import Permissions from dojo.engagement.queries import get_authorized_engagements -AcceptedRisk = NamedTuple('AcceptedRisk', (('cve', str), ('justification', str), ('accepted_by', str))) +AcceptedRisk = NamedTuple('AcceptedRisk', (('vulnerability_id', str), ('justification', str), ('accepted_by', str))) class AcceptedRiskSerializer(serializers.Serializer): - cve = serializers.CharField(max_length=28, label='CVE', help_text='CVE or vulnerability id to accept findings for') - justification = serializers.CharField(help_text='Justification for accepting findings with this CVE') + vulnerability_id = serializers.CharField( + max_length=50, + label='Vulnerability Id', + help_text='An id of a vulnerability in a security advisory associated with this finding. Can be a Common Vulnerabilities and Exposure (CVE) or from other sources.') + justification = serializers.CharField(help_text='Justification for accepting findings with this vulnerability id') accepted_by = serializers.CharField(max_length=200, help_text='Name or email of person who accepts the risk') def create(self, validated_data): @@ -91,17 +94,20 @@ def accept_risks(self, request): def _accept_risks(accepted_risks: List[AcceptedRisk], base_findings: QuerySet, owner: User): accepted = [] for risk in accepted_risks: - findings = base_findings.filter(cve=risk.cve) + vulnerability_ids = Vulnerability_Id.objects \ + .filter(vulnerability_id=risk.vulnerability_id) \ + .values('finding') + findings = base_findings.filter(id__in=vulnerability_ids) if findings.exists(): - # TODO we could use risk.cve to name the risk_acceptance, but would need to check for existing risk_acceptances in that case + # TODO we could use risk.vulnerability_id to name the risk_acceptance, but would need to check for existing risk_acceptances in that case # so for now we add some timestamp based suffix - name = risk.cve + ' via api at ' + timezone.now().strftime('%b %d, %Y, %H:%M:%S') + name = risk.vulnerability_id + ' via api at ' + timezone.now().strftime('%b %d, %Y, %H:%M:%S') acceptance = Risk_Acceptance.objects.create(owner=owner, name=name[:100], decision=Risk_Acceptance.TREATMENT_ACCEPT, decision_details=risk.justification, accepted_by=risk.accepted_by[:200]) acceptance.accepted_findings.set(findings) - findings.update(risk_accepted=True) + findings.update(risk_accepted=True, active=False) acceptance.save() accepted.append(acceptance) diff --git a/dojo/risk_acceptance/helper.py b/dojo/risk_acceptance/helper.py index 668d13a3e92..8034ce713c4 100644 --- a/dojo/risk_acceptance/helper.py +++ b/dojo/risk_acceptance/helper.py @@ -7,7 +7,7 @@ from dojo.notifications.helper import create_notification from django.urls import reverse from dojo.celery import app -from dojo.models import System_Settings, Risk_Acceptance +from dojo.models import System_Settings, Risk_Acceptance, Finding import logging logger = logging.getLogger(__name__) @@ -23,6 +23,8 @@ def expire_now(risk_acceptance): logger.debug('%i:%s: unaccepting a.k.a reactivating finding.', finding.id, finding) finding.active = True finding.risk_accepted = False + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, False) if risk_acceptance.restart_sla_expired: finding.sla_start_date = timezone.now().date() @@ -63,6 +65,8 @@ def reinstate(risk_acceptance, old_expiration_date): logger.debug('%i:%s: accepting a.k.a. deactivating finding', finding.id, finding) finding.active = False finding.risk_accepted = True + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, True) finding.save(dedupe_option=False) reinstated_findings.append(finding) else: @@ -81,6 +85,8 @@ def delete(eng, risk_acceptance): for finding in findings: finding.active = True finding.risk_accepted = False + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, False) finding.save(dedupe_option=False) # best effort jira integration, no status changes @@ -102,6 +108,8 @@ def remove_finding_from_risk_acceptance(risk_acceptance, finding): risk_acceptance.accepted_findings.remove(finding) finding.active = True finding.risk_accepted = False + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, False) finding.save(dedupe_option=False) # best effort jira integration, no status changes post_jira_comments(risk_acceptance, [finding], unaccepted_message_creator) @@ -109,10 +117,12 @@ def remove_finding_from_risk_acceptance(risk_acceptance, finding): def add_findings_to_risk_acceptance(risk_acceptance, findings): for finding in findings: - if not finding.duplicate: + if not finding.duplicate or finding.risk_accepted: finding.active = False finding.risk_accepted = True finding.save(dedupe_option=False) + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, True) risk_acceptance.accepted_findings.add(finding) risk_acceptance.save() @@ -133,7 +143,7 @@ def expiration_handler(*args, **kwargs): try: system_settings = System_Settings.objects.get() except System_Settings.DoesNotExist: - logger.warn("Unable to get system_settings, skipping risk acceptance expiration job") + logger.warning("Unable to get system_settings, skipping risk acceptance expiration job") risk_acceptances = get_expired_risk_acceptances_to_handle() @@ -267,6 +277,8 @@ def simple_risk_accept(finding, perform_save=True): finding.risk_accepted = True # risk accepted, so finding no longer considered active finding.active = False + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, True) if perform_save: finding.save(dedupe_option=False) # post_jira_comment might reload from database so see unaccepted finding. but the comment @@ -278,13 +290,13 @@ def risk_unaccept(finding, perform_save=True): logger.debug('unaccepting finding %i:%s if it is currently risk accepted', finding.id, finding) if finding.risk_accepted: logger.debug('unaccepting finding %i:%s', finding.id, finding) - # keep reference to ra to for posting comments later - risk_acceptance = finding.risk_acceptance # removing from ManyToMany will not fail for non-existing entries remove_from_any_risk_acceptance(finding) if not finding.mitigated and not finding.false_p and not finding.out_of_scope: finding.active = True finding.risk_accepted = False + # Update any endpoint statuses on each of the findings + update_endpoint_statuses(finding, False) if perform_save: logger.debug('saving unaccepted finding %i:%s', finding.id, finding) finding.save(dedupe_option=False) @@ -297,3 +309,17 @@ def risk_unaccept(finding, perform_save=True): def remove_from_any_risk_acceptance(finding): for r in finding.risk_acceptance_set.all(): r.accepted_findings.remove(finding) + + +def update_endpoint_statuses(finding: Finding, accept_risk: bool) -> None: + for status in finding.status_finding.all(): + if accept_risk: + status.active = False + status.mitigated = True + status.risk_accepted = True + else: + status.active = True + status.mitigated = False + status.risk_accepted = False + status.last_modified = timezone.now() + status.save() diff --git a/dojo/risk_acceptance/queries.py b/dojo/risk_acceptance/queries.py new file mode 100644 index 00000000000..349735b7773 --- /dev/null +++ b/dojo/risk_acceptance/queries.py @@ -0,0 +1,46 @@ +from crum import get_current_user +from django.db.models import Exists, OuterRef, Q +from dojo.models import Product_Member, Product_Type_Member, \ + Product_Group, Product_Type_Group, Risk_Acceptance +from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission + + +def get_authorized_risk_acceptances(permission): + user = get_current_user() + + if user is None: + return Risk_Acceptance.objects.none() + + if user.is_superuser: + return Risk_Acceptance.objects.all() + + if user_has_global_permission(user, permission): + return Risk_Acceptance.objects.all() + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef('engagement__product__prod_type_id'), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef('engagement__product_id'), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef('engagement__product__prod_type_id'), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef('engagement__product_id'), + group__users=user, + role__in=roles) + risk_acceptances = Risk_Acceptance.objects.annotate( + product__prod_type__member=Exists(authorized_product_type_roles), + product__member=Exists(authorized_product_roles), + product__prod_type__authorized_group=Exists(authorized_product_type_groups), + product__authorized_group=Exists(authorized_product_groups)) + risk_acceptances = risk_acceptances.filter( + Q(product__prod_type__member=True) | Q(product__member=True) | + Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + + return risk_acceptances diff --git a/dojo/rules/urls.py b/dojo/rules/urls.py deleted file mode 100644 index 7e97164ad37..00000000000 --- a/dojo/rules/urls.py +++ /dev/null @@ -1,12 +0,0 @@ -from django.conf.urls import url -from dojo.rules import views - -urlpatterns = [ - url(r'^rules', views.rules, name='rules'), - url(r'^rule/add', views.new_rule, name='Add Rule'), - url(r'^rule/(?P\d+)/edit$', views.edit_rule, - name='Edit Rule'), - url(r'^rule/(?P\d+)/add_child', views.add_child, - name='Add Child'), - url(r'^rule/(?P\d+)/delete$', views.delete_rule, - name='Delete Rule'), ] diff --git a/dojo/rules/views.py b/dojo/rules/views.py deleted file mode 100644 index 4c6a5a82dab..00000000000 --- a/dojo/rules/views.py +++ /dev/null @@ -1,166 +0,0 @@ -# Standard library imports -import json -import logging - -# Third party imports -from django.contrib import messages -from django.contrib.auth.decorators import user_passes_test -from django.urls import reverse -from django.http import HttpResponseRedirect -from django.shortcuts import render, get_object_or_404 -from django.contrib.admin.utils import NestedObjects -from django.db import DEFAULT_DB_ALIAS - -# Local application/library imports -from dojo.models import Rule,\ - System_Settings, Finding, Test, Test_Type, Engagement, \ - Product, Product_Type, Child_Rule -from dojo.forms import RuleFormSet, DeleteRuleForm, RuleForm -from dojo.utils import add_breadcrumb - -logger = logging.getLogger(__name__) - -# Fields for each model ruleset - -finding_fields = [f.name for f in Finding._meta.fields] -test_fields = [f.name for f in Test._meta.fields] -test_type_fields = [f.name for f in Test_Type._meta.fields] -engagement_fields = [f.name for f in Engagement._meta.fields] -product_fields = [f.name for f in Product._meta.fields] -product_type_fields = [f.name for f in Product_Type._meta.fields] -field_dictionary = {} -field_dictionary['Finding'] = finding_fields -field_dictionary['Test Type'] = test_type_fields -field_dictionary['Test'] = test_fields -field_dictionary['Engagement'] = engagement_fields -field_dictionary['Product'] = product_fields -field_dictionary['Product Type'] = product_type_fields - - -@user_passes_test(lambda u: u.is_superuser) -def rules(request): - initial_queryset = Rule.objects.all().order_by('name') - add_breadcrumb(title="Rules", top_level=True, request=request) - return render(request, 'dojo/rules.html', { - 'name': 'Rules List', - 'metric': False, - 'user': request.user, - 'rules': initial_queryset}) - - -@user_passes_test(lambda u: u.is_superuser) -def new_rule(request): - if request.method == 'POST': - form = RuleForm(request.POST) - if form.is_valid(): - rule = form.save() - messages.add_message(request, - messages.SUCCESS, - 'Rule created successfully.', - extra_tags='alert-success') - if "_Add Child" in request.POST: - return HttpResponseRedirect(reverse('Add Child', args=(rule.id,))) - return HttpResponseRedirect(reverse('rules')) - form = RuleForm() - add_breadcrumb(title="New Dojo Rule", top_level=False, request=request) - return render(request, 'dojo/new_rule2.html', - {'form': form, - 'finding_fields': finding_fields, - 'test_fields': test_fields, - 'engagement_fields': engagement_fields, - 'product_fields': product_fields, - 'product_type_fields': product_type_fields, - 'field_dictionary': json.dumps(field_dictionary)}) - - -@user_passes_test(lambda u: u.is_superuser) -def add_child(request, pid): - rule = get_object_or_404(Rule, pk=pid) - if request.method == 'POST': - forms = RuleFormSet(request.POST) - for form in forms: - if form.is_valid(): - cr = form.save(commit=False) - cr.parent_rule = rule - cr.save() - messages.add_message(request, - messages.SUCCESS, - 'Rule created successfully.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('rules')) - form = RuleFormSet(queryset=Child_Rule.objects.filter(parent_rule=rule)) - add_breadcrumb(title="New Dojo Rule", top_level=False, request=request) - return render(request, 'dojo/new_rule.html', - {'form': form, - 'pid': pid, - 'finding_fields': finding_fields, - 'test_fields': test_fields, - 'engagement_fields': engagement_fields, - 'product_fields': product_fields, - 'product_type_fields': product_type_fields, - 'field_dictionary': json.dumps(field_dictionary)}) - - -@user_passes_test(lambda u: u.is_superuser) -def edit_rule(request, pid): - pt = get_object_or_404(Rule, pk=pid) - children = Rule.objects.filter(parent_rule=pt) - all_rules = children | Rule.objects.filter(pk=pid) - form = RuleForm(instance=pt) - if request.method == 'POST': - form = RuleForm(request.POST, instance=pt) - if form.is_valid(): - pt = form.save() - messages.add_message(request, - messages.SUCCESS, - 'Rule updated successfully.', - extra_tags='alert-success') - if "_Add Child" in request.POST: - return HttpResponseRedirect(reverse('Add Child', args=(pt.id,))) - return HttpResponseRedirect(reverse('rules')) - add_breadcrumb(title="Edit Rule", top_level=False, request=request) - return render(request, 'dojo/edit_rule.html', { - 'name': 'Edit Rule', - 'metric': False, - 'user': request.user, - 'form': form, - 'field_dictionary': json.dumps(field_dictionary), - 'pt': pt, }) - - -@user_passes_test(lambda u: u.is_superuser) -def delete_rule(request, tid): - rule = get_object_or_404(Rule, pk=tid) - form = DeleteRuleForm(instance=rule) - - if request.method == 'POST': - # print('id' in request.POST, file=sys.stderr) - # print(str(rule.id) == request.POST['id'], file=sys.stderr) - # print(str(rule.id) == request.POST['id'], file=sys.stderr) - # if 'id' in request.POST and str(rule.id) == request.POST['id']: - form = DeleteRuleForm(request.POST, instance=rule) - # print(form.is_valid(), file=sys.stderr) - # print(form.errors, file=sys.stderr) - # print(form.non_field_errors(), file=sys.stderr) - # print('id' in request.POST, file=sys.stderr) - if form.is_valid(): - rule.delete() - messages.add_message(request, - messages.SUCCESS, - 'Rule deleted.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('rules')) - - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([rule]) - rels = collector.nested() - - add_breadcrumb(parent=rule, title="Delete", top_level=False, request=request) - system_settings = System_Settings.objects.get() - return render(request, 'dojo/delete_rule.html', - {'rule': rule, - 'form': form, - 'active_tab': 'findings', - 'system_settings': system_settings, - 'rels': rels, - }) diff --git a/dojo/search/urls.py b/dojo/search/urls.py index bb9f35d8b8d..9f88f29c7bc 100644 --- a/dojo/search/urls.py +++ b/dojo/search/urls.py @@ -1,9 +1,9 @@ -from django.conf.urls import url +from django.urls import re_path from dojo.search import views urlpatterns = [ # search - url(r'^simple_search$', views.simple_search, + re_path(r'^simple_search$', views.simple_search, name='simple_search'), ] diff --git a/dojo/search/views.py b/dojo/search/views.py index 25b7d2ad441..55d64bbb2b2 100644 --- a/dojo/search/views.py +++ b/dojo/search/views.py @@ -1,11 +1,11 @@ import logging +from django.utils.translation import gettext as _ from django.shortcuts import render from watson import search as watson from django.db.models import Q from dojo.forms import SimpleSearchForm -from dojo.models import Finding, Finding_Template, Product, Test, Engagement, Languages, \ - App_Analysis +from dojo.models import Finding, Finding_Template, Product, Test, Engagement, Languages from dojo.utils import add_breadcrumb, get_page_items, get_words_for_field import re from dojo.finding.views import prefetch_for_findings @@ -14,26 +14,22 @@ from django.conf import settings import shlex import itertools -from dojo.product.queries import get_authorized_products +from dojo.product.queries import get_authorized_products, get_authorized_app_analysis from dojo.engagement.queries import get_authorized_engagements from dojo.test.queries import get_authorized_tests -from dojo.finding.queries import get_authorized_findings +from dojo.finding.queries import get_authorized_findings, get_authorized_vulnerability_ids from dojo.endpoint.queries import get_authorized_endpoints from dojo.authorization.roles_permissions import Permissions logger = logging.getLogger(__name__) # explicitly use our own regex pattern here as django-watson is sensitive so we want to control it here independently of models.py etc. -cve_pattern = re.compile(r'(^CVE-(1999|2\d{3})-(0\d{2}[0-9]|[1-9]\d{3,}))$') -# cve_pattern = re.compile(r'(CVE-(1999|2\d{3})-(0\d{2}[0-9]|[1-9]\d{3,}))') +vulnerability_id_pattern = re.compile(r'(^[A-Z]+-[A-Z\d-]+)$') max_results = settings.SEARCH_MAX_RESULTS def simple_search(request): - ip_addresses = [] - dashes = [] - query = [] tests = None findings = None finding_templates = None @@ -48,16 +44,15 @@ def simple_search(request): endpoints = None languages = None app_analysis = None + vulnerability_ids = None clean_query = '' cookie = False - terms = '' form = SimpleSearchForm() original_clean_query = "" findings_filter = None title_words = None component_words = None - paged_generic = None # if request.method == 'GET' and "query" in request.GET: if request.method == 'GET': @@ -75,19 +70,19 @@ def simple_search(request): "not-tag" in operators or "not-test-tag" in operators or "not-engagement-tag" in operators or "not-product-tag" in operators or \ "not-tags" in operators or "not-test-tags" in operators or "not-engagement-tags" in operators or "not-product-tags" in operators - search_cve = "cve" in operators + search_vulnerability_ids = "vulnerability_id" in operators or not operators search_finding_id = "id" in operators - search_findings = "finding" in operators or search_cve or search_finding_id or search_tags or not operators + search_findings = "finding" in operators or search_finding_id or search_tags or not operators - search_finding_templates = "template" in operators or search_tags or not (operators or search_finding_id or search_cve) - search_tests = "test" in operators or search_tags or not (operators or search_finding_id or search_cve) - search_engagements = "engagement" in operators or search_tags or not (operators or search_finding_id or search_cve) + search_finding_templates = "template" in operators or search_tags or not (operators or search_finding_id) + search_tests = "test" in operators or search_tags or not (operators or search_finding_id) + search_engagements = "engagement" in operators or search_tags or not (operators or search_finding_id) - search_products = "product" in operators or search_tags or not (operators or search_finding_id or search_cve) - search_endpoints = "endpoint" in operators or search_tags or not (operators or search_finding_id or search_cve) - search_languages = "language" in operators or search_tags or not (operators or search_finding_id or search_cve) - search_technologies = "technology" in operators or search_tags or not (operators or search_finding_id or search_cve) + search_products = "product" in operators or search_tags or not (operators or search_finding_id) + search_endpoints = "endpoint" in operators or search_tags or not (operators or search_finding_id) + search_languages = "language" in operators or search_tags or not (operators or search_finding_id) + search_technologies = "technology" in operators or search_tags or not (operators or search_finding_id) authorized_findings = get_authorized_findings(Permissions.Finding_View) authorized_tests = get_authorized_tests(Permissions.Test_View) @@ -95,14 +90,18 @@ def simple_search(request): authorized_products = get_authorized_products(Permissions.Product_View) authorized_endpoints = get_authorized_endpoints(Permissions.Endpoint_View) authorized_finding_templates = Finding_Template.objects.all() + authorized_app_analysis = get_authorized_app_analysis(Permissions.Product_View) + authorized_vulnerability_ids = get_authorized_vulnerability_ids(Permissions.Finding_View) - # TODO better get findings in their own query and match on id. that would allow filtering on additional fields such cve, prod_id, etc. + # TODO better get findings in their own query and match on id. that would allow filtering on additional fields such prod_id, etc. findings = authorized_findings tests = authorized_tests engagements = authorized_engagements products = authorized_products endpoints = authorized_endpoints + app_analysis = authorized_app_analysis + vulnerability_ids = authorized_vulnerability_ids findings_filter = None title_words = None @@ -130,7 +129,6 @@ def simple_search(request): findings = apply_tag_filters(findings, operators) findings = apply_endpoint_filter(findings, operators) - findings = apply_cve_filter(findings, operators) findings = perform_keyword_search_for_operator(findings, operators, 'finding', keywords_query) @@ -272,19 +270,33 @@ def simple_search(request): if search_technologies: logger.debug('searching technologies') - app_analysis = App_Analysis.objects.filter(name__icontains=keywords_query) + app_analysis = authorized_app_analysis + app_analysis = app_analysis.filter(name__icontains=keywords_query) app_analysis = app_analysis[:max_results] else: app_analysis = None - # make sure watson only searches in authorized model instances + if search_vulnerability_ids: + logger.debug('searching vulnerability_ids') + + vulnerability_ids = authorized_vulnerability_ids + vulnerability_ids = apply_vulnerability_id_filter(vulnerability_ids, operators) + if keywords_query: + watson_results = watson.filter(vulnerability_ids, keywords_query) + vulnerability_ids = vulnerability_ids.filter(id__in=[watson.id for watson in watson_results]) + vulnerability_ids = vulnerability_ids.prefetch_related('finding__test__engagement__product', 'finding__test__engagement__product__tags') + vulnerability_ids = vulnerability_ids[:max_results] + else: + vulnerability_ids = None + if keywords_query: logger.debug('searching generic') logger.debug('going generic with: %s', keywords_query) generic = watson.search(keywords_query, models=( authorized_findings, authorized_tests, authorized_engagements, authorized_products, authorized_endpoints, - authorized_finding_templates, App_Analysis)).prefetch_related('object')[:max_results] + authorized_finding_templates, authorized_vulnerability_ids, authorized_app_analysis)) \ + .prefetch_related('object')[:max_results] else: generic = None @@ -303,7 +315,7 @@ def simple_search(request): logger.debug(form.errors) form = SimpleSearchForm() - add_breadcrumb(title="Simple Search", top_level=True, request=request) + add_breadcrumb(title=_("Simple Search"), top_level=True, request=request) activetab = 'findings' if findings \ else 'products' if products \ @@ -311,7 +323,8 @@ def simple_search(request): 'tests' if tests else \ 'endpoint' if endpoints else \ 'tagged' if tagged_results else \ - 'generic' + 'vulnerability_ids' if vulnerability_ids else \ + 'generic' response = render(request, 'dojo/simple_search.html', { 'clean_query': original_clean_query, @@ -332,7 +345,8 @@ def simple_search(request): 'tagged_engagements': tagged_engagements, 'engagements': engagements, 'endpoints': endpoints, - 'name': 'Simple Search', + 'vulnerability_ids': vulnerability_ids, + 'name': _('Simple Search'), 'metric': False, 'user': request.user, 'form': form, @@ -381,8 +395,8 @@ def simple_search(request): operators: {'tags': ['anchorse']} keywords: ['some', 'space inside'] - query: tags:anchore cve:CVE-2020-1234 jquery - operators: {'tags': ['anchore'], 'cve': ['CVE-2020-1234']} + query: tags:anchore vulnerability_id:CVE-2020-1234 jquery + operators: {'tags': ['anchore'], 'vulnerability_id': ['CVE-2020-1234']} keywords: ['jquery'] ''' @@ -405,11 +419,8 @@ def parse_search_query(clean_query): operators[operator] = [] operators[operator].append(parameter) - - # if operator == 'cve': # operator filters on findings, keywords go to watson - # keywords.append(cve_fix(parameter)) else: - keywords.append(cve_fix(query_part)) + keywords.append(vulnerability_id_fix(query_part)) logger.debug('query: %s' % clean_query) logger.debug('operators: %s' % operators) @@ -418,23 +429,23 @@ def parse_search_query(clean_query): return operators, keywords -def cve_fix(keyword): +def vulnerability_id_fix(keyword): # if the query contains hyphens, django-watson will escape these leading to problems. - # for cve we make this workaround because we really want to be able to search for CVEs + # for vulnerability_ids we make this workaround because we really want to be able to search for them # problem still remains for other case, i.e. searching for "valentijn-scholten" will return no results because of the hyphen. # see: # - https://github.com/etianen/django-watson/issues/223 # - https://github.com/DefectDojo/django-DefectDojo/issues/1092 # - https://github.com/DefectDojo/django-DefectDojo/issues/2081 - cves = [] + vulnerability_ids = [] keyword_parts = keyword.split(',') for keyword_part in keyword_parts: - if bool(cve_pattern.match(keyword_part)): - cves.append('\'' + keyword_part + '\'') + if bool(vulnerability_id_pattern.match(keyword_part)): + vulnerability_ids.append('\'' + keyword_part + '\'') - if cves: - return ' '.join(cves) + if vulnerability_ids: + return ' '.join(vulnerability_ids) else: return keyword @@ -510,9 +521,9 @@ def apply_endpoint_filter(qs, operators): return qs -def apply_cve_filter(qs, operators): - if 'cve' in operators: - value = operators['cve'] +def apply_vulnerability_id_filter(qs, operators): + if 'vulnerability_id' in operators: + value = operators['vulnerability_id'] # possible value: # ['CVE-2020-6754] @@ -521,9 +532,9 @@ def apply_cve_filter(qs, operators): # ['CVE-2020-6754,CVE-2018-7489', 'CVE-2020-1234'] # so flatten like mad: - cves = list(itertools.chain.from_iterable([cve.split(',') for cve in value])) - logger.debug('cve filter: %s', cves) - qs = qs.filter(Q(cve__in=cves)) + vulnerability_ids = list(itertools.chain.from_iterable([vulnerability_id.split(',') for vulnerability_id in value])) + logger.debug('vulnerability_id filter: %s', vulnerability_ids) + qs = qs.filter(Q(vulnerability_id__in=vulnerability_ids)) return qs diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 0462f3300c3..fad2454b7ca 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -4,14 +4,20 @@ from celery.schedules import crontab from dojo import __version__ import environ +from netaddr import IPNetwork, IPSet +import json +import logging +import warnings -# See https://defectdojo.github.io/django-DefectDojo/getting_started/configuration/ for options +logger = logging.getLogger(__name__) + +# See https://documentation.defectdojo.com/getting_started/configuration/ for options # how to tune the configuration to your needs. root = environ.Path(__file__) - 3 # Three folders back # reference: https://pypi.org/project/django-environ/ -env = environ.Env( +env = environ.FileAwareEnv( # Set casting and default values DD_SITE_URL=(str, 'http://localhost:8080'), DD_DEBUG=(bool, False), @@ -24,19 +30,24 @@ DD_SESSION_COOKIE_HTTPONLY=(bool, True), DD_CSRF_COOKIE_HTTPONLY=(bool, True), DD_SECURE_SSL_REDIRECT=(bool, False), + DD_SECURE_CROSS_ORIGIN_OPENER_POLICY=(str, 'same-origin'), DD_SECURE_HSTS_INCLUDE_SUBDOMAINS=(bool, False), DD_SECURE_HSTS_SECONDS=(int, 31536000), # One year expiration DD_SESSION_COOKIE_SECURE=(bool, False), DD_SESSION_EXPIRE_AT_BROWSER_CLOSE=(bool, False), DD_SESSION_COOKIE_AGE=(int, 1209600), # 14 days DD_CSRF_COOKIE_SECURE=(bool, False), + DD_CSRF_TRUSTED_ORIGINS=(list, []), DD_SECURE_CONTENT_TYPE_NOSNIFF=(bool, True), + DD_CSRF_COOKIE_SAMESITE=(str, 'Lax'), + DD_SESSION_COOKIE_SAMESITE=(str, 'Lax'), + DD_APPEND_SLASH=(bool, True), DD_TIME_ZONE=(str, 'UTC'), DD_LANG=(str, 'en-us'), DD_TEAM_NAME=(str, 'Security Team'), DD_ADMINS=(str, 'DefectDojo:dojo@localhost,Admin:admin@localhost'), DD_WHITENOISE=(bool, False), - DD_TRACK_MIGRATIONS=(bool, False), + DD_TRACK_MIGRATIONS=(bool, True), DD_SECURE_PROXY_SSL_HEADER=(bool, False), DD_TEST_RUNNER=(str, 'django.test.runner.DiscoverRunner'), DD_URL_PREFIX=(str, ''), @@ -58,6 +69,7 @@ DD_CELERY_BROKER_PORT=(int, -1), DD_CELERY_BROKER_PATH=(str, '/dojo.celerydb.sqlite'), DD_CELERY_BROKER_PARAMS=(str, ''), + DD_CELERY_BROKER_TRANSPORT_OPTIONS=(str, ''), DD_CELERY_TASK_IGNORE_RESULT=(bool, True), DD_CELERY_RESULT_BACKEND=(str, 'django-db'), DD_CELERY_RESULT_EXPIRES=(int, 86400), @@ -80,7 +92,10 @@ DD_CREDENTIAL_AES_256_KEY=(str, '.'), DD_DATA_UPLOAD_MAX_MEMORY_SIZE=(int, 8388608), # Max post size set to 8mb DD_FORGOT_PASSWORD=(bool, True), # do we show link "I forgot my password" on login screen + DD_PASSWORD_RESET_TIMEOUT=(int, 259200), # 3 days, in seconds (the deafult) + DD_FORGOT_USERNAME=(bool, True), # do we show link "I forgot my username" on login screen DD_SOCIAL_AUTH_SHOW_LOGIN_FORM=(bool, True), # do we show user/pass input + DD_SOCIAL_AUTH_CREATE_USER=(bool, True), # if True creates user at first login DD_SOCIAL_LOGIN_AUTO_REDIRECT=(bool, False), # auto-redirect if there is only one social login method DD_SOCIAL_AUTH_TRAILING_SLASH=(bool, True), DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED=(bool, False), @@ -96,12 +111,15 @@ DD_SOCIAL_AUTH_OKTA_OAUTH2_ENABLED=(bool, False), DD_SOCIAL_AUTH_OKTA_OAUTH2_KEY=(str, ''), DD_SOCIAL_AUTH_OKTA_OAUTH2_SECRET=(str, ''), - DD_SOCIAL_AUTH_OKTA_OAUTH2_API_URL=(str, 'https://{your-org-url}/oauth2/default'), + DD_SOCIAL_AUTH_OKTA_OAUTH2_API_URL=(str, 'https://{your-org-url}/oauth2'), DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_ENABLED=(bool, False), DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY=(str, ''), DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET=(str, ''), DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID=(str, ''), DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE=(str, 'https://graph.microsoft.com/'), + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=(bool, False), + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER=(str, ''), + DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS=(bool, True), DD_SOCIAL_AUTH_GITLAB_OAUTH2_ENABLED=(bool, False), DD_SOCIAL_AUTH_GITLAB_PROJECT_AUTO_IMPORT=(bool, False), DD_SOCIAL_AUTH_GITLAB_PROJECT_IMPORT_TAGS=(bool, False), @@ -110,8 +128,24 @@ DD_SOCIAL_AUTH_GITLAB_KEY=(str, ''), DD_SOCIAL_AUTH_GITLAB_SECRET=(str, ''), DD_SOCIAL_AUTH_GITLAB_API_URL=(str, 'https://gitlab.com'), - DD_SOCIAL_AUTH_GITLAB_SCOPE=(list, ['api', 'read_user', 'openid', 'profile', 'email']), + DD_SOCIAL_AUTH_GITLAB_SCOPE=(list, ['read_user', 'openid']), + DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED=(bool, False), + DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT=(str, 'Login with Keycloak'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED=(bool, False), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, ''), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, ''), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, ''), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, ''), DD_SAML2_ENABLED=(bool, False), + # Allows to override default SAML authentication backend. Check https://djangosaml2.readthedocs.io/contents/setup.html#custom-user-attributes-processing + DD_SAML2_AUTHENTICATION_BACKENDS=(str, 'djangosaml2.backends.Saml2Backend'), + # Force Authentication to make SSO possible with SAML2 + DD_SAML2_FORCE_AUTH=(bool, True), DD_SAML2_LOGIN_BUTTON_TEXT=(str, 'Login with SAML'), # Optional: display the idp SAML Logout URL in DefectDojo DD_SAML2_LOGOUT_URL=(str, ''), @@ -131,15 +165,33 @@ 'Lastname': 'last_name' }), DD_SAML2_ALLOW_UNKNOWN_ATTRIBUTE=(bool, False), + # Authentication via HTTP Proxy which put username to HTTP Header REMOTE_USER + DD_AUTH_REMOTEUSER_ENABLED=(bool, False), + # Names of headers which will be used for processing user data. + # WARNING: Possible spoofing of headers. Read Warning in https://docs.djangoproject.com/en/3.2/howto/auth-remote-user/#configuration + DD_AUTH_REMOTEUSER_USERNAME_HEADER=(str, 'REMOTE_USER'), + DD_AUTH_REMOTEUSER_EMAIL_HEADER=(str, ''), + DD_AUTH_REMOTEUSER_FIRSTNAME_HEADER=(str, ''), + DD_AUTH_REMOTEUSER_LASTNAME_HEADER=(str, ''), + DD_AUTH_REMOTEUSER_GROUPS_HEADER=(str, ''), + DD_AUTH_REMOTEUSER_GROUPS_CLEANUP=(bool, True), + # Comma separated list of IP ranges with trusted proxies + DD_AUTH_REMOTEUSER_TRUSTED_PROXY=(list, ['127.0.0.1/32']), + # REMOTE_USER will be processed only on login page. Check https://docs.djangoproject.com/en/3.2/howto/auth-remote-user/#using-remote-user-on-login-pages-only + DD_AUTH_REMOTEUSER_LOGIN_ONLY=(bool, False), + # if somebody is using own documentation how to use DefectDojo in his own company + DD_DOCUMENTATION_URL=(str, 'https://documentation.defectdojo.com'), # merging findings doesn't always work well with dedupe and reimport etc. # disable it if you see any issues (and report them on github) DD_DISABLE_FINDING_MERGE=(bool, False), # SLA Notifications via alerts and JIRA comments - # enable either DD_SLA_NOTIFY_ACTIVE or DD_SLA_NOTIFY_ACTIVE_VERIFIED_ONLY to enable the feature + # enable either DD_SLA_NOTIFY_ACTIVE or DD_SLA_NOTIFY_ACTIVE_VERIFIED_ONLY to enable the feature. + # If desired you can enable to only notify for Findings that are linked to JIRA issues. + # All three flags are moved to system_settings, will be removed from settings file DD_SLA_NOTIFY_ACTIVE=(bool, False), DD_SLA_NOTIFY_ACTIVE_VERIFIED_ONLY=(bool, False), - # finetuning settings for when enabled DD_SLA_NOTIFY_WITH_JIRA_ONLY=(bool, False), + # finetuning settings for when enabled DD_SLA_NOTIFY_PRE_BREACH=(int, 3), DD_SLA_NOTIFY_POST_BREACH=(int, 7), # Use business day's to calculate SLA's and age instead of calendar days @@ -149,8 +201,12 @@ DD_SIMILAR_FINDINGS_MAX_RESULTS=(int, 25), DD_MAX_AUTOCOMPLETE_WORDS=(int, 20000), DD_JIRA_SSL_VERIFY=(bool, True), + # You can set extra Jira issue types via a simple env var that supports a csv format, like "Work Item,Vulnerability" + DD_JIRA_EXTRA_ISSUE_TYPES=(str, ''), # if you want to keep logging to the console but in json format, change this here to 'json_console' DD_LOGGING_HANDLER=(str, 'console'), + # If true, drf-spectacular will load CSS & JS from default CDN, otherwise from static resources + DD_DEFAULT_SWAGGER_UI=(bool, True), DD_ALERT_REFRESH=(bool, True), DD_DISABLE_ALERT_COUNTER=(bool, False), # to disable deleting alerts per user set value to -1 @@ -169,11 +225,10 @@ DD_EDITABLE_MITIGATED_DATA=(bool, False), # new feature that tracks history across multiple reimports for the same test DD_TRACK_IMPORT_HISTORY=(bool, True), - - # When enabled, staff users have full access to all product types and products - DD_AUTHORIZATION_STAFF_OVERRIDE=(bool, False), - + # Delete Auditlogs older than x month; -1 to keep all logs + DD_AUDITLOG_FLUSH_RETENTION_PERIOD=(int, -1), # Allow grouping of findings in the same test, for example to group findings per dependency + # DD_FEATURE_FINDING_GROUPS feature is moved to system_settings, will be removed from settings file DD_FEATURE_FINDING_GROUPS=(bool, True), DD_JIRA_TEMPLATE_ROOT=(str, 'dojo/templates/issue-trackers'), DD_TEMPLATE_DIR_PREFIX=(str, 'dojo/templates/'), @@ -194,10 +249,38 @@ DD_SONARQUBE_API_PARSER_HOTSPOTS=(bool, True), # when enabled, finding importing will occur asynchronously, default False DD_ASYNC_FINDING_IMPORT=(bool, False), - # The number fo findings to be processed per celeryworker + # The number of findings to be processed per celeryworker DD_ASYNC_FINDING_IMPORT_CHUNK_SIZE=(int, 100), - # Feature toggle for new authorization for configurations - DD_FEATURE_CONFIGURATION_AUTHORIZATION=(bool, False), + # When enabled, deleting objects will be occur from the bottom up. In the example of deleting an engagement + # The objects will be deleted as follows Endpoints -> Findings -> Tests -> Engagement + DD_ASYNC_OBJECT_DELETE=(bool, False), + # The number of objects to be deleted per celeryworker + DD_ASYNC_OBEJECT_DELETE_CHUNK_SIZE=(int, 100), + # When enabled, display the preview of objects to be deleted. This can take a long time to render + # for very large objects + DD_DELETE_PREVIEW=(bool, True), + # List of acceptable file types that can be uploaded to a given object via arbitrary file upload + DD_FILE_UPLOAD_TYPES=(list, ['.txt', '.pdf', '.json', '.xml', '.csv', '.yml', '.png', '.jpeg', + '.sarif', '.xslx', '.doc', '.html', '.js', '.nessus', '.zip']), + # Max file size for scan added via API in MB + DD_SCAN_FILE_MAX_SIZE=(int, 100), + # When disabled, existing user tokens will not be removed but it will not be + # possible to create new and it will not be possible to use exising. + DD_API_TOKENS_ENABLED=(bool, True), + # You can set extra Jira headers by suppling a dictionary in header: value format (pass as env var like "headr_name=value,another_header=anohter_value") + DD_ADDITIONAL_HEADERS=(dict, {}), + # Set fields used by the hashcode generator for deduplication, via en env variable that contains a JSON string + DD_HASHCODE_FIELDS_PER_SCANNER=(str, ''), + # Set deduplication algorithms per parser, via en env variable that contains a JSON string + DD_DEDUPLICATION_ALGORITHM_PER_PARSER=(str, ''), + # Dictates whether cloud banner is created or not + DD_CREATE_CLOUD_BANNER=(bool, True), + # With this setting turned on, Dojo maintains an audit log of changes made to entities (Findings, Tests, Engagements, Procuts, ...) + # If you run big import you may want to disable this because the way django-auditlog currently works, there's + # a big performance hit. Especially during (re-)imports. + DD_ENABLE_AUDITLOG=(bool, True), + # Specifies whether the "first seen" date of a given report should be used over the "last seen" date + DD_USE_FIRST_SEEN=(bool, False), ) @@ -390,6 +473,9 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'dojo.okta.OktaOAuth2', 'social_core.backends.azuread_tenant.AzureADTenantOAuth2', 'social_core.backends.gitlab.GitLabOAuth2', + 'social_core.backends.keycloak.KeycloakOAuth2', + 'social_core.backends.github_enterprise.GithubEnterpriseOAuth2', + 'dojo.remote_user.RemoteUserBackend', 'django.contrib.auth.backends.RemoteUserBackend', 'django.contrib.auth.backends.ModelBackend', ) @@ -418,19 +504,23 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'social_core.pipeline.social_auth.social_user', 'social_core.pipeline.user.get_username', 'social_core.pipeline.social_auth.associate_by_email', - 'social_core.pipeline.user.create_user', + 'dojo.pipeline.create_user', 'dojo.pipeline.modify_permissions', 'social_core.pipeline.social_auth.associate_user', 'social_core.pipeline.social_auth.load_extra_data', 'social_core.pipeline.user.user_details', + 'dojo.pipeline.update_azure_groups', 'dojo.pipeline.update_product_access', ) CLASSIC_AUTH_ENABLED = True FORGOT_PASSWORD = env('DD_FORGOT_PASSWORD') +FORGOT_USERNAME = env('DD_FORGOT_USERNAME') +PASSWORD_RESET_TIMEOUT = env('DD_PASSWORD_RESET_TIMEOUT') # Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.) SHOW_LOGIN_FORM = env('DD_SOCIAL_AUTH_SHOW_LOGIN_FORM') SOCIAL_LOGIN_AUTO_REDIRECT = env('DD_SOCIAL_LOGIN_AUTO_REDIRECT') +SOCIAL_AUTH_CREATE_USER = env('DD_SOCIAL_AUTH_CREATE_USER') SOCIAL_AUTH_STRATEGY = 'social_django.strategy.DjangoStrategy' SOCIAL_AUTH_STORAGE = 'social_django.models.DjangoStorage' @@ -455,6 +545,9 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET') SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID') SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE') +AZUREAD_TENANT_OAUTH2_GET_GROUPS = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS') +AZUREAD_TENANT_OAUTH2_GROUPS_FILTER = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER') +AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS = env('DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS') GITLAB_OAUTH2_ENABLED = env('DD_SOCIAL_AUTH_GITLAB_OAUTH2_ENABLED') GITLAB_PROJECT_AUTO_IMPORT = env('DD_SOCIAL_AUTH_GITLAB_PROJECT_AUTO_IMPORT') @@ -466,6 +559,10 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param SOCIAL_AUTH_GITLAB_API_URL = env('DD_SOCIAL_AUTH_GITLAB_API_URL') SOCIAL_AUTH_GITLAB_SCOPE = env('DD_SOCIAL_AUTH_GITLAB_SCOPE') +# Add required scope if auto import is enabled +if GITLAB_PROJECT_AUTO_IMPORT: + SOCIAL_AUTH_GITLAB_SCOPE += ['read_repository'] + AUTH0_OAUTH2_ENABLED = env('DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED') SOCIAL_AUTH_AUTH0_KEY = env('DD_SOCIAL_AUTH_AUTH0_KEY') SOCIAL_AUTH_AUTH0_SECRET = env('DD_SOCIAL_AUTH_AUTH0_SECRET') @@ -473,10 +570,27 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param SOCIAL_AUTH_AUTH0_SCOPE = env('DD_SOCIAL_AUTH_AUTH0_SCOPE') SOCIAL_AUTH_TRAILING_SLASH = env('DD_SOCIAL_AUTH_TRAILING_SLASH') +KEYCLOAK_OAUTH2_ENABLED = env('DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED') +SOCIAL_AUTH_KEYCLOAK_KEY = env('DD_SOCIAL_AUTH_KEYCLOAK_KEY') +SOCIAL_AUTH_KEYCLOAK_SECRET = env('DD_SOCIAL_AUTH_KEYCLOAK_SECRET') +SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = env('DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY') +SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = env('DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL') +SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = env('DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL') +SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT = env('DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT') + +GITHUB_ENTERPRISE_OAUTH2_ENABLED = env('DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED') +SOCIAL_AUTH_GITHUB_ENTERPRISE_URL = env('DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL') +SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL = env('DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL') +SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = env('DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY') +SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = env('DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET') + +DOCUMENTATION_URL = env('DD_DOCUMENTATION_URL') + # Setting SLA_NOTIFY_ACTIVE and SLA_NOTIFY_ACTIVE_VERIFIED to False will disable the feature # If you import thousands of Active findings through your pipeline everyday, # and make the choice of enabling SLA notifications for non-verified findings, # be mindful of performance. +# 'SLA_NOTIFY_ACTIVE', 'SLA_NOTIFY_ACTIVE_VERIFIED_ONLY' and 'SLA_NOTIFY_WITH_JIRA_ONLY' are moved to system settings, will be removed here SLA_NOTIFY_ACTIVE = env('DD_SLA_NOTIFY_ACTIVE') # this will include 'verified' findings as well as non-verified. SLA_NOTIFY_ACTIVE_VERIFIED_ONLY = env('DD_SLA_NOTIFY_ACTIVE_VERIFIED_ONLY') SLA_NOTIFY_WITH_JIRA_ONLY = env('DD_SLA_NOTIFY_WITH_JIRA_ONLY') # Based on the 2 above, but only with a JIRA link @@ -501,18 +615,19 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param r'complete/', r'empty_questionnaire/([\d]+)/answer', r'^%spassword_reset/' % URL_PREFIX, + r'^%sforgot_username' % URL_PREFIX, r'^%sreset/' % URL_PREFIX, ) AUTH_PASSWORD_VALIDATORS = [ { - 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', - 'OPTIONS': { - 'min_length': 9, - } + 'NAME': 'dojo.user.validators.DojoCommonPasswordValidator', + }, + { + 'NAME': 'dojo.user.validators.MinLengthValidator' }, { - 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + 'NAME': 'dojo.user.validators.MaxLengthValidator' }, { 'NAME': 'dojo.user.validators.NumberValidator' @@ -557,9 +672,24 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # the cookie will be marked as secure, which means browsers may ensure that the # cookie is only sent with an HTTPS connection. SESSION_COOKIE_SECURE = env('DD_SESSION_COOKIE_SECURE') +SESSION_COOKIE_SAMESITE = env('DD_SESSION_COOKIE_SAMESITE') + +# Override default Django behavior for incorrect URLs +APPEND_SLASH = env('DD_APPEND_SLASH') # Whether to use a secure cookie for the CSRF cookie. CSRF_COOKIE_SECURE = env('DD_CSRF_COOKIE_SECURE') +CSRF_COOKIE_SAMESITE = env('DD_CSRF_COOKIE_SAMESITE') + +# A list of trusted origins for unsafe requests (e.g. POST). +# Use comma-separated list of domains, they will be split to list automatically +# Only specify this settings if the contents is not an empty list (the default) +if env('DD_CSRF_TRUSTED_ORIGINS') != ['[]']: + CSRF_TRUSTED_ORIGINS = env('DD_CSRF_TRUSTED_ORIGINS') + +# Unless set to None, the SecurityMiddleware sets the Cross-Origin Opener Policy +# header on all responses that do not already have it to the value provided. +SECURE_CROSS_ORIGIN_OPENER_POLICY = env('DD_SECURE_CROSS_ORIGIN_OPENER_POLICY') if env('DD_SECURE_CROSS_ORIGIN_OPENER_POLICY') != 'None' else None if env('DD_SECURE_PROXY_SSL_HEADER'): SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') @@ -606,11 +736,12 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # API V2 # ------------------------------------------------------------------------------ +API_TOKENS_ENABLED = env('DD_API_TOKENS_ENABLED') + REST_FRAMEWORK = { 'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema', 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', - 'rest_framework.authentication.TokenAuthentication', 'rest_framework.authentication.BasicAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( @@ -624,29 +755,53 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'EXCEPTION_HANDLER': 'dojo.api_v2.exception_handler.custom_exception_handler' } +if API_TOKENS_ENABLED: + REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] += ('rest_framework.authentication.TokenAuthentication',) + SWAGGER_SETTINGS = { 'SECURITY_DEFINITIONS': { - 'api_key': { + 'basicAuth': { + 'type': 'basic' + }, + 'cookieAuth': { 'type': 'apiKey', - 'in': 'header', - 'name': 'Authorization' - } + 'in': 'cookie', + 'name': 'sessionid' + }, }, 'DOC_EXPANSION': "none", 'JSON_EDITOR': True, 'SHOW_REQUEST_HEADERS': True, } +if API_TOKENS_ENABLED: + SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['tokenAuth'] = { + 'type': 'apiKey', + 'in': 'header', + 'name': 'Authorization' + } + SPECTACULAR_SETTINGS = { 'TITLE': 'Defect Dojo API v2', 'DESCRIPTION': 'Defect Dojo - Open Source vulnerability Management made easy. Prefetch related parameters/responses not yet in the schema.', 'VERSION': __version__, + 'SCHEMA_PATH_PREFIX': "/api/v2", # OTHER SETTINGS # the following set to False could help some client generators # 'ENUM_ADD_EXPLICIT_BLANK_NULL_CHOICE': False, - 'POSTPROCESSING_HOOKS': ['dojo.api_v2.prefetch.schema.prefetch_postprocessing_hook'] + 'PREPROCESSING_HOOKS': ['dojo.urls.drf_spectacular_preprocessing_filter_spec'], + 'POSTPROCESSING_HOOKS': ['dojo.api_v2.prefetch.schema.prefetch_postprocessing_hook'], + # show file selection dialogue, see https://github.com/tfranzel/drf-spectacular/issues/455 + "COMPONENT_SPLIT_REQUEST": True, + "SWAGGER_UI_SETTINGS": { + "docExpansion": "none" + } } +if not env('DD_DEFAULT_SWAGGER_UI'): + SPECTACULAR_SETTINGS['SWAGGER_UI_DIST'] = 'SIDECAR' + SPECTACULAR_SETTINGS['SWAGGER_UI_FAVICON_HREF'] = 'SIDECAR' + # ------------------------------------------------------------------------------ # TEMPLATES # ------------------------------------------------------------------------------ @@ -664,9 +819,10 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'django.contrib.messages.context_processors.messages', 'social_django.context_processors.backends', 'social_django.context_processors.login_redirect', - 'dojo.context_processors.globalize_oauth_vars', + 'dojo.context_processors.globalize_vars', 'dojo.context_processors.bind_system_settings', 'dojo.context_processors.bind_alert_count', + 'dojo.context_processors.bind_announcement', ], }, }, @@ -700,7 +856,9 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'social_django', 'drf_yasg', 'drf_spectacular', - 'tagulous' + 'drf_spectacular_sidecar', # required for Django collectstatic discovery + 'tagulous', + 'fontawesomefree' ) # ------------------------------------------------------------------------------ @@ -708,6 +866,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # ------------------------------------------------------------------------------ DJANGO_MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', + 'dojo.middleware.APITrailingSlashMiddleware', 'dojo.middleware.DojoSytemSettingsMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', @@ -716,6 +875,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'dojo.middleware.LoginRequiredMiddleware', + 'dojo.middleware.AdditionalHeaderMiddleware', 'social_django.middleware.SocialAuthExceptionMiddleware', 'watson.middleware.SearchContextMiddleware', 'auditlog.middleware.AuditlogMiddleware', @@ -772,7 +932,7 @@ def saml2_attrib_map_format(dict): SAML_METADATA['local'] = [env('DD_SAML2_METADATA_LOCAL_FILE_PATH')] INSTALLED_APPS += ('djangosaml2',) MIDDLEWARE.append('djangosaml2.middleware.SamlSessionMiddleware') - AUTHENTICATION_BACKENDS += ('djangosaml2.backends.Saml2Backend',) + AUTHENTICATION_BACKENDS += (env('DD_SAML2_AUTHENTICATION_BACKENDS'),) LOGIN_EXEMPT_URLS += (r'^%ssaml2/' % URL_PREFIX,) SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_POST SAML_IGNORE_LOGOUT_ERRORS = True @@ -781,6 +941,8 @@ def saml2_attrib_map_format(dict): SAML_USE_NAME_ID_AS_USERNAME = True SAML_CREATE_UNKNOWN_USER = env('DD_SAML2_CREATE_USER') SAML_ATTRIBUTE_MAPPING = saml2_attrib_map_format(env('DD_SAML2_ATTRIBUTES_MAP')) + SAML_FORCE_AUTH = env('DD_SAML2_FORCE_AUTH') + SAML_ALLOW_UNKNOWN_ATTRIBUTES = env('DD_SAML2_ALLOW_UNKNOWN_ATTRIBUTE') BASEDIR = path.dirname(path.abspath(__file__)) if len(env('DD_SAML2_ENTITY_ID')) == 0: SAML2_ENTITY_ID = '%s/saml2/metadata/' % SITE_URL @@ -797,7 +959,7 @@ def saml2_attrib_map_format(dict): # directory with attribute mapping 'attribute_map_dir': path.join(BASEDIR, 'attribute-maps'), # do now discard attributes not specified in attribute-maps - 'allow_unknown_attributes': env('DD_SAML2_ALLOW_UNKNOWN_ATTRIBUTE'), + 'allow_unknown_attributes': SAML_ALLOW_UNKNOWN_ATTRIBUTES, # this block states what services we provide 'service': { # we are just a lonely SP @@ -806,7 +968,7 @@ def saml2_attrib_map_format(dict): 'name_id_format': saml2.saml.NAMEID_FORMAT_TRANSIENT, 'want_response_signed': False, 'want_assertions_signed': True, - 'force_authn': True, + 'force_authn': SAML_FORCE_AUTH, 'allow_unsolicited': True, # For Okta add signed logout requets. Enable this: @@ -896,6 +1058,42 @@ def saml2_attrib_map_format(dict): } # ------------------------------------------------------------------------------ +# REMOTE_USER +# ------------------------------------------------------------------------------ + +AUTH_REMOTEUSER_ENABLED = env('DD_AUTH_REMOTEUSER_ENABLED') +AUTH_REMOTEUSER_USERNAME_HEADER = env('DD_AUTH_REMOTEUSER_USERNAME_HEADER') +AUTH_REMOTEUSER_EMAIL_HEADER = env('DD_AUTH_REMOTEUSER_EMAIL_HEADER') +AUTH_REMOTEUSER_FIRSTNAME_HEADER = env('DD_AUTH_REMOTEUSER_FIRSTNAME_HEADER') +AUTH_REMOTEUSER_LASTNAME_HEADER = env('DD_AUTH_REMOTEUSER_LASTNAME_HEADER') +AUTH_REMOTEUSER_GROUPS_HEADER = env('DD_AUTH_REMOTEUSER_GROUPS_HEADER') +AUTH_REMOTEUSER_GROUPS_CLEANUP = env('DD_AUTH_REMOTEUSER_GROUPS_CLEANUP') + +AUTH_REMOTEUSER_TRUSTED_PROXY = IPSet() +for ip_range in env('DD_AUTH_REMOTEUSER_TRUSTED_PROXY'): + AUTH_REMOTEUSER_TRUSTED_PROXY.add(IPNetwork(ip_range)) + +if env('DD_AUTH_REMOTEUSER_LOGIN_ONLY'): + RemoteUserMiddleware = 'dojo.remote_user.PersistentRemoteUserMiddleware' +else: + RemoteUserMiddleware = 'dojo.remote_user.RemoteUserMiddleware' +# we need to add middleware just behindAuthenticationMiddleware as described in https://docs.djangoproject.com/en/3.2/howto/auth-remote-user/#configuration +for i in range(len(MIDDLEWARE)): + if MIDDLEWARE[i] == 'django.contrib.auth.middleware.AuthenticationMiddleware': + MIDDLEWARE.insert(i + 1, RemoteUserMiddleware) + break + +if AUTH_REMOTEUSER_ENABLED: + REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = \ + ('dojo.remote_user.RemoteUserAuthentication',) + \ + REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] + + SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['remoteUserAuth'] = { + 'type': 'apiKey', + 'in': 'header', + 'name': AUTH_REMOTEUSER_USERNAME_HEADER[5:].replace('_', '-') + } +# ------------------------------------------------------------------------------ # CELERY # ------------------------------------------------------------------------------ @@ -920,6 +1118,9 @@ def saml2_attrib_map_format(dict): CELERY_TASK_SERIALIZER = env('DD_CELERY_TASK_SERIALIZER') CELERY_PASS_MODEL_BY_ID = env('DD_CELERY_PASS_MODEL_BY_ID') +if len(env('DD_CELERY_BROKER_TRANSPORT_OPTIONS')) > 0: + CELERY_BROKER_TRANSPORT_OPTIONS = json.loads(env('DD_CELERY_BROKER_TRANSPORT_OPTIONS')) + CELERY_IMPORTS = ('dojo.tools.tool_issue_updater', ) # Celery beat scheduled tasks @@ -938,6 +1139,10 @@ def saml2_attrib_map_format(dict): 'schedule': timedelta(minutes=1), 'args': [timedelta(minutes=1)] }, + 'flush_auditlog': { + 'task': 'dojo.tasks.flush_auditlog', + 'schedule': timedelta(hours=8), + }, 'update-findings-from-source-issues': { 'task': 'dojo.tools.tool_issue_updater.update_findings_from_source_issues', 'schedule': timedelta(hours=3), @@ -995,75 +1200,123 @@ def saml2_attrib_map_format(dict): # In checkmarx, same CWE may appear with different severities: example "sql injection" (high) and "blind sql injection" (low). # Including the severity in the hash_code keeps those findings not duplicate 'Anchore Engine Scan': ['title', 'severity', 'component_name', 'component_version', 'file_path'], + 'AnchoreCTL Vuln Report': ['title', 'severity', 'component_name', 'component_version', 'file_path'], + 'AnchoreCTL Policies Report': ['title', 'severity', 'component_name', 'file_path'], + 'Anchore Enterprise Policy Check': ['title', 'severity', 'component_name', 'file_path'], 'Anchore Grype': ['title', 'severity', 'component_name', 'component_version'], - 'Aqua Scan': ['severity', 'cve', 'component_name', 'component_version'], + 'Aqua Scan': ['severity', 'vulnerability_ids', 'component_name', 'component_version'], 'Bandit Scan': ['file_path', 'line', 'vuln_id_from_tool'], - 'CargoAudit Scan': ['cve', 'severity', 'component_name', 'component_version', 'vuln_id_from_tool'], + 'CargoAudit Scan': ['vulnerability_ids', 'severity', 'component_name', 'component_version', 'vuln_id_from_tool'], 'Checkmarx Scan': ['cwe', 'severity', 'file_path'], - 'Checkmarx OSA': ['cve', 'component_name'], + 'Checkmarx OSA': ['vulnerability_ids', 'component_name'], 'Cloudsploit Scan': ['title', 'description'], 'SonarQube Scan': ['cwe', 'severity', 'file_path'], 'SonarQube API Import': ['title', 'file_path', 'line'], - 'Dependency Check Scan': ['cve', 'cwe', 'file_path'], + 'Dependency Check Scan': ['title', 'cwe', 'file_path'], 'Dockle Scan': ['title', 'description', 'vuln_id_from_tool'], - 'Dependency Track Finding Packaging Format (FPF) Export': ['component_name', 'component_version', 'cwe', 'cve'], + 'Dependency Track Finding Packaging Format (FPF) Export': ['component_name', 'component_version', 'vulnerability_ids'], 'Mobsfscan Scan': ['title', 'severity', 'cwe'], - 'Nessus Scan': ['title', 'severity', 'cve', 'cwe'], - 'Nexpose Scan': ['title', 'severity', 'cve', 'cwe'], + 'Tenable Scan': ['title', 'severity', 'vulnerability_ids', 'cwe'], + 'Nexpose Scan': ['title', 'severity', 'vulnerability_ids', 'cwe'], # possible improvement: in the scanner put the library name into file_path, then dedup on cwe + file_path + severity - 'NPM Audit Scan': ['title', 'severity', 'file_path', 'cve', 'cwe'], + 'NPM Audit Scan': ['title', 'severity', 'file_path', 'vulnerability_ids', 'cwe'], # possible improvement: in the scanner put the library name into file_path, then dedup on cwe + file_path + severity - 'Yarn Audit Scan': ['title', 'severity', 'file_path', 'cve', 'cwe'], - # possible improvement: in the scanner put the library name into file_path, then dedup on cve + file_path + severity - 'Whitesource Scan': ['title', 'severity', 'description'], + 'Yarn Audit Scan': ['title', 'severity', 'file_path', 'vulnerability_ids', 'cwe'], + # possible improvement: in the scanner put the library name into file_path, then dedup on vulnerability_ids + file_path + severity + 'Mend Scan': ['title', 'severity', 'description'], 'ZAP Scan': ['title', 'cwe', 'severity'], - 'Qualys Scan': ['title', 'severity'], + 'Qualys Scan': ['title', 'severity', 'endpoints'], # 'Qualys Webapp Scan': ['title', 'unique_id_from_tool'], - 'PHP Symfony Security Check': ['title', 'cve'], - 'Clair Scan': ['title', 'cve', 'description', 'severity'], + 'PHP Symfony Security Check': ['title', 'vulnerability_ids'], + 'Clair Scan': ['title', 'vulnerability_ids', 'description', 'severity'], 'Clair Klar Scan': ['title', 'description', 'severity'], # for backwards compatibility because someone decided to rename this scanner: - 'Symfony Security Check': ['title', 'cve'], - 'DSOP Scan': ['cve'], + 'Symfony Security Check': ['title', 'vulnerability_ids'], + 'DSOP Scan': ['vulnerability_ids'], 'Acunetix Scan': ['title', 'description'], + 'Acunetix360 Scan': ['title', 'description'], 'Terrascan Scan': ['vuln_id_from_tool', 'title', 'severity', 'file_path', 'line', 'component_name'], - 'Trivy Scan': ['title', 'severity', 'cve', 'cwe'], + 'Trivy Operator Scan': ['title', 'severity', 'vulnerability_ids'], + 'Trivy Scan': ['title', 'severity', 'vulnerability_ids', 'cwe', 'description'], 'TFSec Scan': ['severity', 'vuln_id_from_tool', 'file_path', 'line'], 'Snyk Scan': ['vuln_id_from_tool', 'file_path', 'component_name', 'component_version'], - 'GitLab Dependency Scanning Report': ['title', 'cve', 'file_path', 'component_name', 'component_version'], + 'GitLab Dependency Scanning Report': ['title', 'vulnerability_ids', 'file_path', 'component_name', 'component_version'], 'SpotBugs Scan': ['cwe', 'severity', 'file_path', 'line'], - 'JFrog Xray Unified Scan': ['cve', 'file_path', 'component_name', 'component_version'], + 'JFrog Xray Unified Scan': ['vulnerability_ids', 'file_path', 'component_name', 'component_version'], + 'JFrog Xray On Demand Binary Scan': ["title", "component_name", "component_version"], 'Scout Suite Scan': ['file_path', 'vuln_id_from_tool'], # for now we use file_path as there is no attribute for "service" - 'AWS Security Hub Scan': ['unique_id_from_tool'], 'Meterian Scan': ['cwe', 'component_name', 'component_version', 'description', 'severity'], - 'Github Vulnerability Scan': ['unique_id_from_tool'], - 'Azure Security Center Recommendations Scan': ['unique_id_from_tool'], + 'Github Vulnerability Scan': ['title', 'severity', 'component_name', 'vulnerability_ids', 'file_path'], 'Solar Appscreener Scan': ['title', 'file_path', 'line', 'severity'], 'pip-audit Scan': ['vuln_id_from_tool', 'component_name', 'component_version'], + 'Rubocop Scan': ['vuln_id_from_tool', 'file_path', 'line'], + 'JFrog Xray Scan': ['title', 'description', 'component_name', 'component_version'], + 'CycloneDX Scan': ['vuln_id_from_tool', 'component_name', 'component_version'], + 'SSLyze Scan (JSON)': ['title', 'description'], + 'Harbor Vulnerability Scan': ['title', 'mitigation'], + 'Rusty Hog Scan': ['file_path', 'payload'], + 'StackHawk HawkScan': ['vuln_id_from_tool', 'component_name', 'component_version'], + 'Hydra Scan': ['title', 'description'], + 'DrHeader JSON Importer': ['title', 'description'], + 'Whispers': ['vuln_id_from_tool', 'file_path', 'line'], + 'Blackduck Hub Scan': ['title', 'vulnerability_ids', 'component_name', 'component_version'], + 'Veracode SourceClear Scan': ['title', 'vulnerability_ids', 'component_name', 'component_version', 'severity'], + 'Vulners Scan': ['vuln_id_from_tool', 'component_name'], + 'Twistlock Image Scan': ['title', 'severity', 'component_name', 'component_version'], + 'NeuVector (REST)': ['title', 'severity', 'component_name', 'component_version'], + 'NeuVector (compliance)': ['title', 'vuln_id_from_tool', 'description'], + 'Wpscan': ['title', 'description', 'severity'], + 'Popeye Scan': ['title', 'description'], + 'Nuclei Scan': ['title', 'cwe', 'severity'], + 'KubeHunter Scan': ['title', 'description'], + 'kube-bench Scan': ['title', 'vuln_id_from_tool', 'description'], + 'Threagile risks report': ['title', 'cwe', "severity"], + 'Trufflehog Scan': ['title', 'description', 'line'], + 'Humble Json Importer': ['title'], + 'MSDefender Parser': ['title', 'description'], + 'HCLAppScan XML': ['title', 'description'], } +# Override the hardcoded settings here via the env var +if len(env('DD_HASHCODE_FIELDS_PER_SCANNER')) > 0: + env_hashcode_fields_per_scanner = json.loads(env('DD_HASHCODE_FIELDS_PER_SCANNER')) + for key, value in env_hashcode_fields_per_scanner.items(): + if key in HASHCODE_FIELDS_PER_SCANNER: + logger.info("Replacing {} with value {} (previously set to {}) from env var DD_HASHCODE_FIELDS_PER_SCANNER".format(key, value, HASHCODE_FIELDS_PER_SCANNER[key])) + HASHCODE_FIELDS_PER_SCANNER[key] = value + if key not in HASHCODE_FIELDS_PER_SCANNER: + logger.info("Adding {} with value {} from env var DD_HASHCODE_FIELDS_PER_SCANNER".format(key, value)) + HASHCODE_FIELDS_PER_SCANNER[key] = value + + # This tells if we should accept cwe=0 when computing hash_code with a configurable list of fields from HASHCODE_FIELDS_PER_SCANNER (this setting doesn't apply to legacy algorithm) # If False and cwe = 0, then the hash_code computation will fallback to legacy algorithm for the concerned finding # Default is True (if scanner is not configured here but is configured in HASHCODE_FIELDS_PER_SCANNER, it allows null cwe) HASHCODE_ALLOWS_NULL_CWE = { 'Anchore Engine Scan': True, + 'AnchoreCTL Vuln Report': True, + 'AnchoreCTL Policies Report': True, + 'Anchore Enterprise Policy Check': True, 'Anchore Grype': True, 'AWS Prowler Scan': True, + 'AWS Prowler V3': True, 'Checkmarx Scan': False, 'Checkmarx OSA': True, 'Cloudsploit Scan': True, 'SonarQube Scan': False, 'Dependency Check Scan': True, 'Mobsfscan Scan': False, - 'Nessus Scan': True, + 'Tenable Scan': True, 'Nexpose Scan': True, 'NPM Audit Scan': True, 'Yarn Audit Scan': True, - 'Whitesource Scan': True, + 'Mend Scan': True, 'ZAP Scan': False, 'Qualys Scan': True, 'DSOP Scan': True, 'Acunetix Scan': True, + 'Acunetix360 Scan': True, + 'Trivy Operator Scan': True, 'Trivy Scan': True, 'SpotBugs Scan': False, 'Scout Suite Scan': True, @@ -1073,12 +1326,23 @@ def saml2_attrib_map_format(dict): 'Hadolint Dockerfile check': True, 'Semgrep JSON Report': True, 'Generic Findings Import': True, + 'Edgescan Scan': True, + 'Bugcrowd API Import': True, + 'Veracode SourceClear Scan': True, + 'Vulners Scan': True, + 'Twistlock Image Scan': True, + 'Wpscan': True, + 'Rusty Hog Scan': True, + 'Codechecker Report native': True, + 'Wazuh': True, + 'Nuclei Scan': True, + 'Threagile risks report': True } # List of fields that are known to be usable in hash_code computation) # 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners) # 'unique_id_from_tool' is often not needed here as it can be used directly in the dedupe algorithm, but it's also possible to use it for hashing -HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'cve', 'line', 'file_path', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool'] +HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'vulnerability_ids', 'line', 'file_path', 'payload', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool', 'mitigation'] # Adding fields to the hash_code calculation regardless of the previous settings HASH_CODE_FIELDS_ALWAYS = ['service'] @@ -1097,21 +1361,38 @@ def saml2_attrib_map_format(dict): # Makes it possible to deduplicate on a technical id (same parser) and also on some functional fields (cross-parsers deduplication) DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE = 'unique_id_from_tool_or_hash_code' +# Allows to deduplicate with endpoints if endpoints is not included in the hashcode. +# Possible values are: scheme, host, port, path, query, fragment, userinfo, and user. For a details description see https://hyperlink.readthedocs.io/en/latest/api.html#attributes. +# Example: +# Finding A and B have the same hashcode. Finding A has endpoint http://defectdojo.com and finding B has endpoint https://defectdojo.com/finding. +# - An empyt list ([]) means, no fields are used. B is marked as duplicated of A. +# - Host (['host']) means: B is marked as duplicate of A because the host (defectdojo.com) is the same. +# - Host and path (['host', 'path']) means: A and B stay untouched because the path is different. +# +# If a finding has more than one endpoint, only one endpoint pair must match to mark the finding as duplicate. +DEDUPE_ALGO_ENDPOINT_FIELDS = ['host', 'path'] + # Choice of deduplication algorithm per parser # Key = the scan_type from factory.py (= the test_type) # Default is DEDUPE_ALGO_LEGACY DEDUPLICATION_ALGORITHM_PER_PARSER = { 'Anchore Engine Scan': DEDUPE_ALGO_HASH_CODE, + 'AnchoreCTL Vuln Report': DEDUPE_ALGO_HASH_CODE, + 'AnchoreCTL Policies Report': DEDUPE_ALGO_HASH_CODE, + 'Anchore Enterprise Policy Check': DEDUPE_ALGO_HASH_CODE, 'Anchore Grype': DEDUPE_ALGO_HASH_CODE, 'Aqua Scan': DEDUPE_ALGO_HASH_CODE, 'AuditJS Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'AWS Prowler Scan': DEDUPE_ALGO_HASH_CODE, + 'AWS Prowler V3': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + "AWS Security Finding Format (ASFF) Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Burp REST API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Bandit Scan': DEDUPE_ALGO_HASH_CODE, 'CargoAudit Scan': DEDUPE_ALGO_HASH_CODE, 'Checkmarx Scan detailed': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Checkmarx Scan': DEDUPE_ALGO_HASH_CODE, 'Checkmarx OSA': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, + 'Codechecker Report native': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Coverity API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Cobalt.io API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Dependency Track Finding Packaging Format (FPF) Export': DEDUPE_ALGO_HASH_CODE, @@ -1121,50 +1402,100 @@ def saml2_attrib_map_format(dict): 'SonarQube API Import': DEDUPE_ALGO_HASH_CODE, 'Dependency Check Scan': DEDUPE_ALGO_HASH_CODE, 'Dockle Scan': DEDUPE_ALGO_HASH_CODE, - 'Nessus Scan': DEDUPE_ALGO_HASH_CODE, + 'Tenable Scan': DEDUPE_ALGO_HASH_CODE, 'Nexpose Scan': DEDUPE_ALGO_HASH_CODE, 'NPM Audit Scan': DEDUPE_ALGO_HASH_CODE, 'Yarn Audit Scan': DEDUPE_ALGO_HASH_CODE, - 'Whitesource Scan': DEDUPE_ALGO_HASH_CODE, + 'Mend Scan': DEDUPE_ALGO_HASH_CODE, 'ZAP Scan': DEDUPE_ALGO_HASH_CODE, 'Qualys Scan': DEDUPE_ALGO_HASH_CODE, 'PHP Symfony Security Check': DEDUPE_ALGO_HASH_CODE, 'Acunetix Scan': DEDUPE_ALGO_HASH_CODE, + 'Acunetix360 Scan': DEDUPE_ALGO_HASH_CODE, 'Clair Scan': DEDUPE_ALGO_HASH_CODE, 'Clair Klar Scan': DEDUPE_ALGO_HASH_CODE, # 'Qualys Webapp Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, # Must also uncomment qualys webapp line in hashcode fields per scanner 'Veracode Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, + 'Veracode SourceClear Scan': DEDUPE_ALGO_HASH_CODE, # for backwards compatibility because someone decided to rename this scanner: 'Symfony Security Check': DEDUPE_ALGO_HASH_CODE, 'DSOP Scan': DEDUPE_ALGO_HASH_CODE, 'Terrascan Scan': DEDUPE_ALGO_HASH_CODE, + 'Trivy Operator Scan': DEDUPE_ALGO_HASH_CODE, 'Trivy Scan': DEDUPE_ALGO_HASH_CODE, 'TFSec Scan': DEDUPE_ALGO_HASH_CODE, 'HackerOne Cases': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, 'Snyk Scan': DEDUPE_ALGO_HASH_CODE, 'GitLab Dependency Scanning Report': DEDUPE_ALGO_HASH_CODE, 'GitLab SAST Report': DEDUPE_ALGO_HASH_CODE, + 'Govulncheck Scanner': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'GitLab Container Scan': DEDUPE_ALGO_HASH_CODE, + 'GitLab Secret Detection Report': DEDUPE_ALGO_HASH_CODE, 'Checkov Scan': DEDUPE_ALGO_HASH_CODE, 'SpotBugs Scan': DEDUPE_ALGO_HASH_CODE, 'JFrog Xray Unified Scan': DEDUPE_ALGO_HASH_CODE, + 'JFrog Xray On Demand Binary Scan': DEDUPE_ALGO_HASH_CODE, 'Scout Suite Scan': DEDUPE_ALGO_HASH_CODE, 'AWS Security Hub Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Meterian Scan': DEDUPE_ALGO_HASH_CODE, - 'Github Vulnerability Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Github Vulnerability Scan': DEDUPE_ALGO_HASH_CODE, 'Cloudsploit Scan': DEDUPE_ALGO_HASH_CODE, 'KICS Scan': DEDUPE_ALGO_HASH_CODE, - 'SARIF': DEDUPE_ALGO_HASH_CODE, + 'SARIF': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, 'Azure Security Center Recommendations Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Hadolint Dockerfile check': DEDUPE_ALGO_HASH_CODE, - 'Semgrep JSON Report': DEDUPE_ALGO_HASH_CODE, + 'Semgrep JSON Report': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, 'Generic Findings Import': DEDUPE_ALGO_HASH_CODE, + 'Trufflehog Scan': DEDUPE_ALGO_HASH_CODE, 'Trufflehog3 Scan': DEDUPE_ALGO_HASH_CODE, 'Detect-secrets Scan': DEDUPE_ALGO_HASH_CODE, 'Solar Appscreener Scan': DEDUPE_ALGO_HASH_CODE, 'Gitleaks Scan': DEDUPE_ALGO_HASH_CODE, 'pip-audit Scan': DEDUPE_ALGO_HASH_CODE, + 'Edgescan Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Bugcrowd API Import': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Rubocop Scan': DEDUPE_ALGO_HASH_CODE, + 'JFrog Xray Scan': DEDUPE_ALGO_HASH_CODE, + 'CycloneDX Scan': DEDUPE_ALGO_HASH_CODE, + 'SSLyze Scan (JSON)': DEDUPE_ALGO_HASH_CODE, + 'Harbor Vulnerability Scan': DEDUPE_ALGO_HASH_CODE, + 'Rusty Hog Scan': DEDUPE_ALGO_HASH_CODE, + 'StackHawk HawkScan': DEDUPE_ALGO_HASH_CODE, + 'Hydra Scan': DEDUPE_ALGO_HASH_CODE, + 'DrHeader JSON Importer': DEDUPE_ALGO_HASH_CODE, + 'PWN SAST': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Whispers': DEDUPE_ALGO_HASH_CODE, + 'Blackduck Hub Scan': DEDUPE_ALGO_HASH_CODE, + 'BlackDuck API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Blackduck Binary Analysis': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'docker-bench-security Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Vulners Scan': DEDUPE_ALGO_HASH_CODE, + 'Twistlock Image Scan': DEDUPE_ALGO_HASH_CODE, + 'NeuVector (REST)': DEDUPE_ALGO_HASH_CODE, + 'NeuVector (compliance)': DEDUPE_ALGO_HASH_CODE, + 'Wpscan': DEDUPE_ALGO_HASH_CODE, + 'Popeye Scan': DEDUPE_ALGO_HASH_CODE, + 'Nuclei Scan': DEDUPE_ALGO_HASH_CODE, + 'KubeHunter Scan': DEDUPE_ALGO_HASH_CODE, + 'kube-bench Scan': DEDUPE_ALGO_HASH_CODE, + 'Threagile risks report': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, + 'Humble Json Importer': DEDUPE_ALGO_HASH_CODE, + 'Wazuh Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'MSDefender Parser': DEDUPE_ALGO_HASH_CODE, + 'HCLAppScan XML': DEDUPE_ALGO_HASH_CODE, } +# Override the hardcoded settings here via the env var +if len(env('DD_DEDUPLICATION_ALGORITHM_PER_PARSER')) > 0: + env_dedup_algorithm_per_parser = json.loads(env('DD_DEDUPLICATION_ALGORITHM_PER_PARSER')) + for key, value in env_dedup_algorithm_per_parser.items(): + if key in DEDUPLICATION_ALGORITHM_PER_PARSER: + logger.info("Replacing {} with value {} (previously set to {}) from env var DD_DEDUPLICATION_ALGORITHM_PER_PARSER".format(key, value, DEDUPLICATION_ALGORITHM_PER_PARSER[key])) + DEDUPLICATION_ALGORITHM_PER_PARSER[key] = value + if key not in DEDUPLICATION_ALGORITHM_PER_PARSER: + logger.info("Adding {} with value {} from env var DD_DEDUPLICATION_ALGORITHM_PER_PARSER".format(key, value)) + DEDUPLICATION_ALGORITHM_PER_PARSER[key] = value + DUPE_DELETE_MAX_PER_RUN = env('DD_DUPE_DELETE_MAX_PER_RUN') DISABLE_FINDING_MERGE = env('DD_DISABLE_FINDING_MERGE') @@ -1184,6 +1515,13 @@ def saml2_attrib_map_format(dict): ('Security', 'Security') ) +if env('DD_JIRA_EXTRA_ISSUE_TYPES') != '': + if env('DD_JIRA_EXTRA_ISSUE_TYPES').count(',') > 0: + for extra_type in env('DD_JIRA_EXTRA_ISSUE_TYPES').split(','): + JIRA_ISSUE_TYPE_CHOICES_CONFIG += (extra_type, extra_type), + else: + JIRA_ISSUE_TYPE_CHOICES_CONFIG += (env('DD_JIRA_EXTRA_ISSUE_TYPES'), env('DD_JIRA_EXTRA_ISSUE_TYPES')), + JIRA_SSL_VERIFY = env('DD_JIRA_SSL_VERIFY') # ------------------------------------------------------------------------------ @@ -1238,8 +1576,8 @@ def saml2_attrib_map_format(dict): 'loggers': { 'django.request': { 'handlers': ['mail_admins', 'console'], - 'level': 'WARN', - 'propagate': True, + 'level': '%s' % LOG_LEVEL, + 'propagate': False, }, 'django.security': { 'handlers': [r'%s' % LOGGING_HANDLER], @@ -1266,17 +1604,18 @@ def saml2_attrib_map_format(dict): 'saml2': { 'handlers': [r'%s' % LOGGING_HANDLER], 'level': '%s' % LOG_LEVEL, + 'propagate': False, }, 'MARKDOWN': { # The markdown library is too verbose in it's logging, reducing the verbosity in our logs. 'handlers': [r'%s' % LOGGING_HANDLER], - 'level': 'WARNING', + 'level': '%s' % LOG_LEVEL, 'propagate': False, }, 'titlecase': { # The titlecase library is too verbose in it's logging, reducing the verbosity in our logs. 'handlers': [r'%s' % LOGGING_HANDLER], - 'level': 'WARNING', + 'level': '%s' % LOG_LEVEL, 'propagate': False, }, } @@ -1293,7 +1632,7 @@ def saml2_attrib_map_format(dict): DATA_UPLOAD_MAX_NUMBER_FIELDS = 10240 # Maximum size of a scan file in MB -SCAN_FILE_MAX_SIZE = 100 +SCAN_FILE_MAX_SIZE = env("DD_SCAN_FILE_MAX_SIZE") # Apply a severity level to "Security Weaknesses" in Qualys WAS QUALYS_WAS_WEAKNESS_IS_VULN = env("DD_QUALYS_WAS_WEAKNESS_IS_VULN") @@ -1324,13 +1663,11 @@ def saml2_attrib_map_format(dict): # using 'element' for width should take width from css defined in template, but it doesn't. So set to 70% here. TAGULOUS_AUTOCOMPLETE_SETTINGS = {'placeholder': "Enter some tags (comma separated, use enter to select / create a new tag)", 'width': '70%'} -# When enabled, staff users have full access to all product types and products -AUTHORIZATION_STAFF_OVERRIDE = env('DD_AUTHORIZATION_STAFF_OVERRIDE') - EDITABLE_MITIGATED_DATA = env('DD_EDITABLE_MITIGATED_DATA') USE_L10N = True +# FEATURE_FINDING_GROUPS feature is moved to system_settings, will be removed from settings file FEATURE_FINDING_GROUPS = env('DD_FEATURE_FINDING_GROUPS') JIRA_TEMPLATE_ROOT = env('DD_JIRA_TEMPLATE_ROOT') TEMPLATE_DIR_PREFIX = env('DD_TEMPLATE_DIR_PREFIX') @@ -1342,7 +1679,52 @@ def saml2_attrib_map_format(dict): # when enabled, finding importing will occur asynchronously, default False ASYNC_FINDING_IMPORT = env("DD_ASYNC_FINDING_IMPORT") -# The number fo findings to be processed per celeryworker +# The number of findings to be processed per celeryworker ASYNC_FINDING_IMPORT_CHUNK_SIZE = env("DD_ASYNC_FINDING_IMPORT_CHUNK_SIZE") -# Feature toggle for new authorization for configurations -FEATURE_CONFIGURATION_AUTHORIZATION = env("DD_FEATURE_CONFIGURATION_AUTHORIZATION") +# When enabled, deleting objects will be occur from the bottom up. In the example of deleting an engagement +# The objects will be deleted as follows Endpoints -> Findings -> Tests -> Engagement +ASYNC_OBJECT_DELETE = env("DD_ASYNC_OBJECT_DELETE") +# The number of objects to be deleted per celeryworker +ASYNC_OBEJECT_DELETE_CHUNK_SIZE = env("DD_ASYNC_OBEJECT_DELETE_CHUNK_SIZE") +# When enabled, display the preview of objects to be deleted. This can take a long time to render +# for very large objects +DELETE_PREVIEW = env("DD_DELETE_PREVIEW") + +# django-auditlog imports django-jsonfield-backport raises a warning that can be ignored, +# see https://github.com/laymonage/django-jsonfield-backport +SILENCED_SYSTEM_CHECKS = ["django_jsonfield_backport.W001"] + +VULNERABILITY_URLS = { + 'CVE': 'https://nvd.nist.gov/vuln/detail/', + 'GHSA': 'https://github.com/advisories/', + 'OSV': 'https://osv.dev/vulnerability/', + 'PYSEC': 'https://osv.dev/vulnerability/', + 'SNYK': 'https://snyk.io/vuln/', + 'RUSTSEC': 'https://rustsec.org/advisories/', + 'VNS': 'https://vulners.com/', +} +# List of acceptable file types that can be uploaded to a given object via arbitrary file upload +FILE_UPLOAD_TYPES = env("DD_FILE_UPLOAD_TYPES") +# Fixes error +# AttributeError: Problem installing fixture '/app/dojo/fixtures/defect_dojo_sample_data.json': 'Settings' object has no attribute 'AUDITLOG_DISABLE_ON_RAW_SAVE' +AUDITLOG_DISABLE_ON_RAW_SAVE = False +# You can set extra Jira headers by suppling a dictionary in header: value format (pass as env var like "headr_name=value,another_header=anohter_value") +ADDITIONAL_HEADERS = env('DD_ADDITIONAL_HEADERS') +# Dictates whether cloud banner is created or not +CREATE_CLOUD_BANNER = env('DD_CREATE_CLOUD_BANNER') + +# ------------------------------------------------------------------------------ +# Auditlog +# ------------------------------------------------------------------------------ +AUDITLOG_FLUSH_RETENTION_PERIOD = env('DD_AUDITLOG_FLUSH_RETENTION_PERIOD') +ENABLE_AUDITLOG = env('DD_ENABLE_AUDITLOG') +USE_FIRST_SEEN = env('DD_USE_FIRST_SEEN') + +# TODO - these warnings needs to be removed +if DEBUG: + from django.utils.deprecation import RemovedInDjango50Warning + warnings.filterwarnings("ignore", category=RemovedInDjango50Warning) + warnings.filterwarnings("ignore", message="invalid escape sequence.*") + warnings.filterwarnings("ignore", message="'cgi' is deprecated and slated for removal in Python 3\\.13") + warnings.filterwarnings("ignore", message="DateTimeField .+ received a naive datetime .+ while time zone support is active\\.") + warnings.filterwarnings("ignore", message="unclosed file .+") diff --git a/dojo/settings/settings.py b/dojo/settings/settings.py index cc279de81f7..6ec2fdd92c5 100644 --- a/dojo/settings/settings.py +++ b/dojo/settings/settings.py @@ -1,6 +1,6 @@ from split_settings.tools import optional, include -# See https://defectdojo.github.io/django-DefectDojo/getting_started/configuration/ for options +# See https://documentation.defectdojo.com/getting_started/configuration/ for options # how to tune the configuration to your needs. include( diff --git a/dojo/settings/template-local_settings b/dojo/settings/template-local_settings index 8e45462701e..337027bff92 100644 --- a/dojo/settings/template-local_settings +++ b/dojo/settings/template-local_settings @@ -3,7 +3,8 @@ # this example configures the django debug toolbar and sets some loglevels to DEBUG -from django.conf.urls import include, url +from django.urls import re_path +from django.conf.urls import include # UPDATE: Adding debug_toolbar to to INSTALLED_APPS here prevents the nginx container from generating the correct static files # So add debug_toolbar to INSTALLED_APPS in settings.dist.py and rebuild to get started with the debug_toolbar. @@ -57,4 +58,4 @@ DEBUG_TOOLBAR_PANELS = [ ] import debug_toolbar -EXTRA_URL_PATTERNS = [url(r"^__debug__/", include(debug_toolbar.urls))] +EXTRA_URL_PATTERNS = [re_path(r"^__debug__/", include(debug_toolbar.urls))] diff --git a/dojo/tools/ccvs/__init__.py b/dojo/sla_config/__init__.py similarity index 100% rename from dojo/tools/ccvs/__init__.py rename to dojo/sla_config/__init__.py diff --git a/dojo/sla_config/helpers.py b/dojo/sla_config/helpers.py new file mode 100644 index 00000000000..e9665adce45 --- /dev/null +++ b/dojo/sla_config/helpers.py @@ -0,0 +1,26 @@ +import logging +from dojo.models import SLA_Configuration, Product, Finding +from dojo.celery import app +from dojo.decorators import dojo_async_task + +logger = logging.getLogger(__name__) + + +@dojo_async_task +@app.task +def update_sla_expiration_dates_sla_config_async(sla_config, severities, products, *args, **kwargs): + update_sla_expiration_dates_sla_config_sync(sla_config, severities, products) + + +def update_sla_expiration_dates_sla_config_sync(sla_config, severities, products): + logger.info(f"Updating finding SLA expiration dates within the {sla_config} SLA configuration") + # update each finding that is within the SLA configuration that was saved + for f in Finding.objects.filter(test__engagement__product__sla_configuration_id=sla_config.id, severity__in=severities): + f.save() + # reset the async updating flag to false for all products using this sla config + for product in products: + product.async_updating = False + super(Product, product).save() + # reset the async updating flag to false for this sla config + sla_config.async_updating = False + super(SLA_Configuration, sla_config).save() diff --git a/dojo/sla_config/urls.py b/dojo/sla_config/urls.py new file mode 100644 index 00000000000..73f458ebe6e --- /dev/null +++ b/dojo/sla_config/urls.py @@ -0,0 +1,8 @@ +from django.urls import re_path +from . import views + +urlpatterns = [ + re_path(r'^sla_config/add', views.new_sla_config, name='new_sla_config'), + re_path(r'^sla_config/(?P\d+)/edit$', views.edit_sla_config, name='edit_sla_config'), + re_path(r'^sla_config$', views.sla_config, name='sla_config'), +] diff --git a/dojo/sla_config/views.py b/dojo/sla_config/views.py new file mode 100644 index 00000000000..e85b06ea8fc --- /dev/null +++ b/dojo/sla_config/views.py @@ -0,0 +1,104 @@ +import logging + +from django.contrib import messages +from django.http import HttpResponseRedirect +from django.shortcuts import render +from django.urls import reverse + +from dojo.authorization.authorization import user_has_configuration_permission_or_403 +from dojo.authorization.authorization_decorators import user_is_configuration_authorized +from dojo.forms import SLAConfigForm +from dojo.models import SLA_Configuration, System_Settings, Product +from dojo.utils import add_breadcrumb + +logger = logging.getLogger(__name__) + + +@user_is_configuration_authorized('dojo.add_sla_configuration') +def new_sla_config(request): + if request.method == 'POST': + tform = SLAConfigForm(request.POST, instance=SLA_Configuration()) + if tform.is_valid(): + tform.save() + messages.add_message(request, + messages.SUCCESS, + 'SLA configuration Successfully Created.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('sla_config', )) + else: + tform = SLAConfigForm() + add_breadcrumb( + title="New SLA configuration", + top_level=False, + request=request) + return render(request, 'dojo/new_sla_config.html', + {'form': tform}) + + +@user_is_configuration_authorized('dojo.change_sla_configuration') +def edit_sla_config(request, slaid): + sla_config = SLA_Configuration.objects.get(pk=slaid) + + if request.method == 'POST' and request.POST.get('delete'): + if sla_config.id != 1: + if Product.objects.filter(sla_configuration=sla_config).count(): + msg = f"The \"{sla_config}\" SLA configuration could not be deleted, as it is currently in use by one or more products." + messages.add_message(request, + messages.ERROR, + msg, + extra_tags='alert-warning') + else: + user_has_configuration_permission_or_403( + request.user, 'dojo.delete_sla_configuration') + sla_config.delete() + messages.add_message(request, + messages.SUCCESS, + 'SLA Configuration Deleted.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('sla_config', )) + else: + messages.add_message(request, + messages.ERROR, + 'The Default SLA Configuration cannot be deleted.', + extra_tags='alert-danger') + return HttpResponseRedirect(reverse('sla_config', )) + + elif request.method == 'POST': + form = SLAConfigForm(request.POST, instance=sla_config) + if form.is_valid(): + form.save(commit=True) + messages.add_message(request, + messages.SUCCESS, + 'SLA configuration successfully updated. All SLA expiration dates for findings within this SLA configuration will be recalculated asynchronously.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('sla_config', )) + else: + form = SLAConfigForm(instance=sla_config) + + add_breadcrumb( + title="Edit SLA Configuration", + top_level=False, + request=request) + + return render(request, + 'dojo/edit_sla_config.html', + { + 'form': form, + }) + + +@user_is_configuration_authorized('dojo.view_sla_configuration') +def sla_config(request): + settings = System_Settings.objects.all() + + confs = SLA_Configuration.objects.all().order_by('name') + add_breadcrumb( + title="SLA Configurations", + top_level=not len( + request.GET), + request=request) + return render(request, + 'dojo/sla_config.html', + {'confs': confs, + 'settings': settings + }) diff --git a/dojo/static/dojo/css/bootswatch/yeti/bootstrap.min.css b/dojo/static/dojo/css/bootswatch/yeti/bootstrap.min.css new file mode 100644 index 00000000000..4e3953938da --- /dev/null +++ b/dojo/static/dojo/css/bootswatch/yeti/bootstrap.min.css @@ -0,0 +1,12 @@ +@charset "UTF-8";/*! + * Bootswatch v5.2.3 (https://bootswatch.com) + * Theme: yeti + * Copyright 2012-2022 Thomas Park + * Licensed under MIT + * Based on Bootstrap +*//*! + * Bootstrap v5.2.3 (https://getbootstrap.com/) + * Copyright 2011-2022 The Bootstrap Authors + * Copyright 2011-2022 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) + */@import url(https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&display=swap);:root{--bs-blue:#008cba;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#e83e8c;--bs-red:#f04124;--bs-orange:#fd7e14;--bs-yellow:#e99002;--bs-green:#43ac6a;--bs-teal:#20c997;--bs-cyan:#5bc0de;--bs-black:#000;--bs-white:#fff;--bs-gray:#888;--bs-gray-dark:#333;--bs-gray-100:#f8f9fa;--bs-gray-200:#eee;--bs-gray-300:#dee2e6;--bs-gray-400:#ccc;--bs-gray-500:#adb5bd;--bs-gray-600:#888;--bs-gray-700:#495057;--bs-gray-800:#333;--bs-gray-900:#222;--bs-primary:#008cba;--bs-secondary:#eee;--bs-success:#43ac6a;--bs-info:#5bc0de;--bs-warning:#e99002;--bs-danger:#f04124;--bs-light:#eee;--bs-dark:#222;--bs-primary-rgb:0,140,186;--bs-secondary-rgb:238,238,238;--bs-success-rgb:67,172,106;--bs-info-rgb:91,192,222;--bs-warning-rgb:233,144,2;--bs-danger-rgb:240,65,36;--bs-light-rgb:238,238,238;--bs-dark-rgb:34,34,34;--bs-white-rgb:255,255,255;--bs-black-rgb:0,0,0;--bs-body-color-rgb:34,34,34;--bs-body-bg-rgb:255,255,255;--bs-font-sans-serif:"Open Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--bs-font-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255, 0.15), rgba(255, 255, 255, 0));--bs-body-font-family:var(--bs-font-sans-serif);--bs-body-font-size:1rem;--bs-body-font-weight:400;--bs-body-line-height:1.5;--bs-body-color:#222;--bs-body-bg:#fff;--bs-border-width:1px;--bs-border-style:solid;--bs-border-color:#dee2e6;--bs-border-color-translucent:rgba(0, 0, 0, 0.175);--bs-border-radius:0;--bs-border-radius-sm:0;--bs-border-radius-lg:0;--bs-border-radius-xl:1rem;--bs-border-radius-2xl:2rem;--bs-border-radius-pill:50rem;--bs-link-color:#008cba;--bs-link-hover-color:#007095;--bs-code-color:#e83e8c;--bs-highlight-bg:#fbe9cc}*,::after,::before{box-sizing:border-box}@media (prefers-reduced-motion:no-preference){:root{scroll-behavior:smooth}}body{margin:0;font-family:var(--bs-body-font-family);font-size:var(--bs-body-font-size);font-weight:var(--bs-body-font-weight);line-height:var(--bs-body-line-height);color:var(--bs-body-color);text-align:var(--bs-body-text-align);background-color:var(--bs-body-bg);-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}hr{margin:1rem 0;color:inherit;border:0;border-top:1px solid;opacity:.25}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:300;line-height:1.2}.h1,h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px){.h1,h1{font-size:2.5rem}}.h2,h2{font-size:calc(1.325rem + .9vw)}@media (min-width:1200px){.h2,h2{font-size:2rem}}.h3,h3{font-size:calc(1.3rem + .6vw)}@media (min-width:1200px){.h3,h3{font-size:1.75rem}}.h4,h4{font-size:calc(1.275rem + .3vw)}@media (min-width:1200px){.h4,h4{font-size:1.5rem}}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}p{margin-top:0;margin-bottom:1rem}abbr[title]{-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}ol,ul{padding-left:2rem}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}.small,small{font-size:.875em}.mark,mark{padding:.1875em;background-color:var(--bs-highlight-bg)}sub,sup{position:relative;font-size:.75em;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:var(--bs-link-color);text-decoration:underline}a:hover{color:var(--bs-link-hover-color)}a:not([href]):not([class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:var(--bs-font-monospace);font-size:1em}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font-size:.875em}pre code{font-size:inherit;color:inherit;word-break:normal}code{font-size:.875em;color:var(--bs-code-color);word-wrap:break-word}a>code{color:inherit}kbd{padding:.1875rem .375rem;font-size:.875em;color:var(--bs-body-bg);background-color:var(--bs-body-color);border-radius:0}kbd kbd{padding:0;font-size:1em}figure{margin:0 0 1rem}img,svg{vertical-align:middle}table{caption-side:bottom;border-collapse:collapse}caption{padding-top:.5rem;padding-bottom:.5rem;color:#888;text-align:left}th{text-align:inherit;text-align:-webkit-match-parent}tbody,td,tfoot,th,thead,tr{border-color:inherit;border-style:solid;border-width:0}label{display:inline-block}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}select:disabled{opacity:1}[list]:not([type=date]):not([type=datetime-local]):not([type=month]):not([type=week]):not([type=time])::-webkit-calendar-picker-indicator{display:none!important}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:left;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem + .3vw);line-height:inherit}@media (min-width:1200px){legend{font-size:1.5rem}}legend+*{clear:left}::-webkit-datetime-edit-day-field,::-webkit-datetime-edit-fields-wrapper,::-webkit-datetime-edit-hour-field,::-webkit-datetime-edit-minute,::-webkit-datetime-edit-month-field,::-webkit-datetime-edit-text,::-webkit-datetime-edit-year-field{padding:0}::-webkit-inner-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:textfield}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-color-swatch-wrapper{padding:0}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}::file-selector-button{font:inherit;-webkit-appearance:button}output{display:inline-block}iframe{border:0}summary{display:list-item;cursor:pointer}progress{vertical-align:baseline}[hidden]{display:none!important}.lead{font-size:1.25rem;font-weight:300}.display-1{font-size:calc(1.625rem + 4.5vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-1{font-size:5rem}}.display-2{font-size:calc(1.575rem + 3.9vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-2{font-size:4.5rem}}.display-3{font-size:calc(1.525rem + 3.3vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-3{font-size:4rem}}.display-4{font-size:calc(1.475rem + 2.7vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-4{font-size:3.5rem}}.display-5{font-size:calc(1.425rem + 2.1vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-5{font-size:3rem}}.display-6{font-size:calc(1.375rem + 1.5vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-6{font-size:2.5rem}}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:.5rem}.initialism{font-size:.875em;text-transform:uppercase}.blockquote{margin-bottom:1rem;font-size:1.25rem}.blockquote>:last-child{margin-bottom:0}.blockquote-footer{margin-top:-1rem;margin-bottom:1rem;font-size:.875em;color:#888}.blockquote-footer::before{content:"— "}.img-fluid{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:#fff;border:1px solid var(--bs-border-color);border-radius:0;max-width:100%;height:auto}.figure{display:inline-block}.figure-img{margin-bottom:.5rem;line-height:1}.figure-caption{font-size:.875em;color:#888}.container,.container-fluid,.container-lg,.container-md,.container-sm,.container-xl,.container-xxl{--bs-gutter-x:1.5rem;--bs-gutter-y:0;width:100%;padding-right:calc(var(--bs-gutter-x) * .5);padding-left:calc(var(--bs-gutter-x) * .5);margin-right:auto;margin-left:auto}@media (min-width:576px){.container,.container-sm{max-width:540px}}@media (min-width:768px){.container,.container-md,.container-sm{max-width:720px}}@media (min-width:992px){.container,.container-lg,.container-md,.container-sm{max-width:960px}}@media (min-width:1200px){.container,.container-lg,.container-md,.container-sm,.container-xl{max-width:1140px}}@media (min-width:1400px){.container,.container-lg,.container-md,.container-sm,.container-xl,.container-xxl{max-width:1320px}}.row{--bs-gutter-x:1.5rem;--bs-gutter-y:0;display:flex;flex-wrap:wrap;margin-top:calc(-1 * var(--bs-gutter-y));margin-right:calc(-.5 * var(--bs-gutter-x));margin-left:calc(-.5 * var(--bs-gutter-x))}.row>*{flex-shrink:0;width:100%;max-width:100%;padding-right:calc(var(--bs-gutter-x) * .5);padding-left:calc(var(--bs-gutter-x) * .5);margin-top:var(--bs-gutter-y)}.col{flex:1 0 0%}.row-cols-auto>*{flex:0 0 auto;width:auto}.row-cols-1>*{flex:0 0 auto;width:100%}.row-cols-2>*{flex:0 0 auto;width:50%}.row-cols-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-4>*{flex:0 0 auto;width:25%}.row-cols-5>*{flex:0 0 auto;width:20%}.row-cols-6>*{flex:0 0 auto;width:16.6666666667%}.col-auto{flex:0 0 auto;width:auto}.col-1{flex:0 0 auto;width:8.33333333%}.col-2{flex:0 0 auto;width:16.66666667%}.col-3{flex:0 0 auto;width:25%}.col-4{flex:0 0 auto;width:33.33333333%}.col-5{flex:0 0 auto;width:41.66666667%}.col-6{flex:0 0 auto;width:50%}.col-7{flex:0 0 auto;width:58.33333333%}.col-8{flex:0 0 auto;width:66.66666667%}.col-9{flex:0 0 auto;width:75%}.col-10{flex:0 0 auto;width:83.33333333%}.col-11{flex:0 0 auto;width:91.66666667%}.col-12{flex:0 0 auto;width:100%}.offset-1{margin-left:8.33333333%}.offset-2{margin-left:16.66666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.33333333%}.offset-5{margin-left:41.66666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.33333333%}.offset-8{margin-left:66.66666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.33333333%}.offset-11{margin-left:91.66666667%}.g-0,.gx-0{--bs-gutter-x:0}.g-0,.gy-0{--bs-gutter-y:0}.g-1,.gx-1{--bs-gutter-x:0.25rem}.g-1,.gy-1{--bs-gutter-y:0.25rem}.g-2,.gx-2{--bs-gutter-x:0.5rem}.g-2,.gy-2{--bs-gutter-y:0.5rem}.g-3,.gx-3{--bs-gutter-x:1rem}.g-3,.gy-3{--bs-gutter-y:1rem}.g-4,.gx-4{--bs-gutter-x:1.5rem}.g-4,.gy-4{--bs-gutter-y:1.5rem}.g-5,.gx-5{--bs-gutter-x:3rem}.g-5,.gy-5{--bs-gutter-y:3rem}@media (min-width:576px){.col-sm{flex:1 0 0%}.row-cols-sm-auto>*{flex:0 0 auto;width:auto}.row-cols-sm-1>*{flex:0 0 auto;width:100%}.row-cols-sm-2>*{flex:0 0 auto;width:50%}.row-cols-sm-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-sm-4>*{flex:0 0 auto;width:25%}.row-cols-sm-5>*{flex:0 0 auto;width:20%}.row-cols-sm-6>*{flex:0 0 auto;width:16.6666666667%}.col-sm-auto{flex:0 0 auto;width:auto}.col-sm-1{flex:0 0 auto;width:8.33333333%}.col-sm-2{flex:0 0 auto;width:16.66666667%}.col-sm-3{flex:0 0 auto;width:25%}.col-sm-4{flex:0 0 auto;width:33.33333333%}.col-sm-5{flex:0 0 auto;width:41.66666667%}.col-sm-6{flex:0 0 auto;width:50%}.col-sm-7{flex:0 0 auto;width:58.33333333%}.col-sm-8{flex:0 0 auto;width:66.66666667%}.col-sm-9{flex:0 0 auto;width:75%}.col-sm-10{flex:0 0 auto;width:83.33333333%}.col-sm-11{flex:0 0 auto;width:91.66666667%}.col-sm-12{flex:0 0 auto;width:100%}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.33333333%}.offset-sm-2{margin-left:16.66666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.33333333%}.offset-sm-5{margin-left:41.66666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.33333333%}.offset-sm-8{margin-left:66.66666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.33333333%}.offset-sm-11{margin-left:91.66666667%}.g-sm-0,.gx-sm-0{--bs-gutter-x:0}.g-sm-0,.gy-sm-0{--bs-gutter-y:0}.g-sm-1,.gx-sm-1{--bs-gutter-x:0.25rem}.g-sm-1,.gy-sm-1{--bs-gutter-y:0.25rem}.g-sm-2,.gx-sm-2{--bs-gutter-x:0.5rem}.g-sm-2,.gy-sm-2{--bs-gutter-y:0.5rem}.g-sm-3,.gx-sm-3{--bs-gutter-x:1rem}.g-sm-3,.gy-sm-3{--bs-gutter-y:1rem}.g-sm-4,.gx-sm-4{--bs-gutter-x:1.5rem}.g-sm-4,.gy-sm-4{--bs-gutter-y:1.5rem}.g-sm-5,.gx-sm-5{--bs-gutter-x:3rem}.g-sm-5,.gy-sm-5{--bs-gutter-y:3rem}}@media (min-width:768px){.col-md{flex:1 0 0%}.row-cols-md-auto>*{flex:0 0 auto;width:auto}.row-cols-md-1>*{flex:0 0 auto;width:100%}.row-cols-md-2>*{flex:0 0 auto;width:50%}.row-cols-md-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-md-4>*{flex:0 0 auto;width:25%}.row-cols-md-5>*{flex:0 0 auto;width:20%}.row-cols-md-6>*{flex:0 0 auto;width:16.6666666667%}.col-md-auto{flex:0 0 auto;width:auto}.col-md-1{flex:0 0 auto;width:8.33333333%}.col-md-2{flex:0 0 auto;width:16.66666667%}.col-md-3{flex:0 0 auto;width:25%}.col-md-4{flex:0 0 auto;width:33.33333333%}.col-md-5{flex:0 0 auto;width:41.66666667%}.col-md-6{flex:0 0 auto;width:50%}.col-md-7{flex:0 0 auto;width:58.33333333%}.col-md-8{flex:0 0 auto;width:66.66666667%}.col-md-9{flex:0 0 auto;width:75%}.col-md-10{flex:0 0 auto;width:83.33333333%}.col-md-11{flex:0 0 auto;width:91.66666667%}.col-md-12{flex:0 0 auto;width:100%}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.33333333%}.offset-md-2{margin-left:16.66666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.33333333%}.offset-md-5{margin-left:41.66666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.33333333%}.offset-md-8{margin-left:66.66666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.33333333%}.offset-md-11{margin-left:91.66666667%}.g-md-0,.gx-md-0{--bs-gutter-x:0}.g-md-0,.gy-md-0{--bs-gutter-y:0}.g-md-1,.gx-md-1{--bs-gutter-x:0.25rem}.g-md-1,.gy-md-1{--bs-gutter-y:0.25rem}.g-md-2,.gx-md-2{--bs-gutter-x:0.5rem}.g-md-2,.gy-md-2{--bs-gutter-y:0.5rem}.g-md-3,.gx-md-3{--bs-gutter-x:1rem}.g-md-3,.gy-md-3{--bs-gutter-y:1rem}.g-md-4,.gx-md-4{--bs-gutter-x:1.5rem}.g-md-4,.gy-md-4{--bs-gutter-y:1.5rem}.g-md-5,.gx-md-5{--bs-gutter-x:3rem}.g-md-5,.gy-md-5{--bs-gutter-y:3rem}}@media (min-width:992px){.col-lg{flex:1 0 0%}.row-cols-lg-auto>*{flex:0 0 auto;width:auto}.row-cols-lg-1>*{flex:0 0 auto;width:100%}.row-cols-lg-2>*{flex:0 0 auto;width:50%}.row-cols-lg-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-lg-4>*{flex:0 0 auto;width:25%}.row-cols-lg-5>*{flex:0 0 auto;width:20%}.row-cols-lg-6>*{flex:0 0 auto;width:16.6666666667%}.col-lg-auto{flex:0 0 auto;width:auto}.col-lg-1{flex:0 0 auto;width:8.33333333%}.col-lg-2{flex:0 0 auto;width:16.66666667%}.col-lg-3{flex:0 0 auto;width:25%}.col-lg-4{flex:0 0 auto;width:33.33333333%}.col-lg-5{flex:0 0 auto;width:41.66666667%}.col-lg-6{flex:0 0 auto;width:50%}.col-lg-7{flex:0 0 auto;width:58.33333333%}.col-lg-8{flex:0 0 auto;width:66.66666667%}.col-lg-9{flex:0 0 auto;width:75%}.col-lg-10{flex:0 0 auto;width:83.33333333%}.col-lg-11{flex:0 0 auto;width:91.66666667%}.col-lg-12{flex:0 0 auto;width:100%}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.33333333%}.offset-lg-2{margin-left:16.66666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.33333333%}.offset-lg-5{margin-left:41.66666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.33333333%}.offset-lg-8{margin-left:66.66666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.33333333%}.offset-lg-11{margin-left:91.66666667%}.g-lg-0,.gx-lg-0{--bs-gutter-x:0}.g-lg-0,.gy-lg-0{--bs-gutter-y:0}.g-lg-1,.gx-lg-1{--bs-gutter-x:0.25rem}.g-lg-1,.gy-lg-1{--bs-gutter-y:0.25rem}.g-lg-2,.gx-lg-2{--bs-gutter-x:0.5rem}.g-lg-2,.gy-lg-2{--bs-gutter-y:0.5rem}.g-lg-3,.gx-lg-3{--bs-gutter-x:1rem}.g-lg-3,.gy-lg-3{--bs-gutter-y:1rem}.g-lg-4,.gx-lg-4{--bs-gutter-x:1.5rem}.g-lg-4,.gy-lg-4{--bs-gutter-y:1.5rem}.g-lg-5,.gx-lg-5{--bs-gutter-x:3rem}.g-lg-5,.gy-lg-5{--bs-gutter-y:3rem}}@media (min-width:1200px){.col-xl{flex:1 0 0%}.row-cols-xl-auto>*{flex:0 0 auto;width:auto}.row-cols-xl-1>*{flex:0 0 auto;width:100%}.row-cols-xl-2>*{flex:0 0 auto;width:50%}.row-cols-xl-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-xl-4>*{flex:0 0 auto;width:25%}.row-cols-xl-5>*{flex:0 0 auto;width:20%}.row-cols-xl-6>*{flex:0 0 auto;width:16.6666666667%}.col-xl-auto{flex:0 0 auto;width:auto}.col-xl-1{flex:0 0 auto;width:8.33333333%}.col-xl-2{flex:0 0 auto;width:16.66666667%}.col-xl-3{flex:0 0 auto;width:25%}.col-xl-4{flex:0 0 auto;width:33.33333333%}.col-xl-5{flex:0 0 auto;width:41.66666667%}.col-xl-6{flex:0 0 auto;width:50%}.col-xl-7{flex:0 0 auto;width:58.33333333%}.col-xl-8{flex:0 0 auto;width:66.66666667%}.col-xl-9{flex:0 0 auto;width:75%}.col-xl-10{flex:0 0 auto;width:83.33333333%}.col-xl-11{flex:0 0 auto;width:91.66666667%}.col-xl-12{flex:0 0 auto;width:100%}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.33333333%}.offset-xl-2{margin-left:16.66666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.33333333%}.offset-xl-5{margin-left:41.66666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.33333333%}.offset-xl-8{margin-left:66.66666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.33333333%}.offset-xl-11{margin-left:91.66666667%}.g-xl-0,.gx-xl-0{--bs-gutter-x:0}.g-xl-0,.gy-xl-0{--bs-gutter-y:0}.g-xl-1,.gx-xl-1{--bs-gutter-x:0.25rem}.g-xl-1,.gy-xl-1{--bs-gutter-y:0.25rem}.g-xl-2,.gx-xl-2{--bs-gutter-x:0.5rem}.g-xl-2,.gy-xl-2{--bs-gutter-y:0.5rem}.g-xl-3,.gx-xl-3{--bs-gutter-x:1rem}.g-xl-3,.gy-xl-3{--bs-gutter-y:1rem}.g-xl-4,.gx-xl-4{--bs-gutter-x:1.5rem}.g-xl-4,.gy-xl-4{--bs-gutter-y:1.5rem}.g-xl-5,.gx-xl-5{--bs-gutter-x:3rem}.g-xl-5,.gy-xl-5{--bs-gutter-y:3rem}}@media (min-width:1400px){.col-xxl{flex:1 0 0%}.row-cols-xxl-auto>*{flex:0 0 auto;width:auto}.row-cols-xxl-1>*{flex:0 0 auto;width:100%}.row-cols-xxl-2>*{flex:0 0 auto;width:50%}.row-cols-xxl-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-xxl-4>*{flex:0 0 auto;width:25%}.row-cols-xxl-5>*{flex:0 0 auto;width:20%}.row-cols-xxl-6>*{flex:0 0 auto;width:16.6666666667%}.col-xxl-auto{flex:0 0 auto;width:auto}.col-xxl-1{flex:0 0 auto;width:8.33333333%}.col-xxl-2{flex:0 0 auto;width:16.66666667%}.col-xxl-3{flex:0 0 auto;width:25%}.col-xxl-4{flex:0 0 auto;width:33.33333333%}.col-xxl-5{flex:0 0 auto;width:41.66666667%}.col-xxl-6{flex:0 0 auto;width:50%}.col-xxl-7{flex:0 0 auto;width:58.33333333%}.col-xxl-8{flex:0 0 auto;width:66.66666667%}.col-xxl-9{flex:0 0 auto;width:75%}.col-xxl-10{flex:0 0 auto;width:83.33333333%}.col-xxl-11{flex:0 0 auto;width:91.66666667%}.col-xxl-12{flex:0 0 auto;width:100%}.offset-xxl-0{margin-left:0}.offset-xxl-1{margin-left:8.33333333%}.offset-xxl-2{margin-left:16.66666667%}.offset-xxl-3{margin-left:25%}.offset-xxl-4{margin-left:33.33333333%}.offset-xxl-5{margin-left:41.66666667%}.offset-xxl-6{margin-left:50%}.offset-xxl-7{margin-left:58.33333333%}.offset-xxl-8{margin-left:66.66666667%}.offset-xxl-9{margin-left:75%}.offset-xxl-10{margin-left:83.33333333%}.offset-xxl-11{margin-left:91.66666667%}.g-xxl-0,.gx-xxl-0{--bs-gutter-x:0}.g-xxl-0,.gy-xxl-0{--bs-gutter-y:0}.g-xxl-1,.gx-xxl-1{--bs-gutter-x:0.25rem}.g-xxl-1,.gy-xxl-1{--bs-gutter-y:0.25rem}.g-xxl-2,.gx-xxl-2{--bs-gutter-x:0.5rem}.g-xxl-2,.gy-xxl-2{--bs-gutter-y:0.5rem}.g-xxl-3,.gx-xxl-3{--bs-gutter-x:1rem}.g-xxl-3,.gy-xxl-3{--bs-gutter-y:1rem}.g-xxl-4,.gx-xxl-4{--bs-gutter-x:1.5rem}.g-xxl-4,.gy-xxl-4{--bs-gutter-y:1.5rem}.g-xxl-5,.gx-xxl-5{--bs-gutter-x:3rem}.g-xxl-5,.gy-xxl-5{--bs-gutter-y:3rem}}.table{--bs-table-color:var(--bs-body-color);--bs-table-bg:transparent;--bs-table-border-color:var(--bs-border-color);--bs-table-accent-bg:transparent;--bs-table-striped-color:var(--bs-body-color);--bs-table-striped-bg:rgba(0, 0, 0, 0.05);--bs-table-active-color:var(--bs-body-color);--bs-table-active-bg:rgba(0, 0, 0, 0.1);--bs-table-hover-color:var(--bs-body-color);--bs-table-hover-bg:rgba(0, 0, 0, 0.075);width:100%;margin-bottom:1rem;color:var(--bs-table-color);vertical-align:top;border-color:var(--bs-table-border-color)}.table>:not(caption)>*>*{padding:.5rem .5rem;background-color:var(--bs-table-bg);border-bottom-width:1px;box-shadow:inset 0 0 0 9999px var(--bs-table-accent-bg)}.table>tbody{vertical-align:inherit}.table>thead{vertical-align:bottom}.table-group-divider{border-top:2px solid currentcolor}.caption-top{caption-side:top}.table-sm>:not(caption)>*>*{padding:.25rem .25rem}.table-bordered>:not(caption)>*{border-width:1px 0}.table-bordered>:not(caption)>*>*{border-width:0 1px}.table-borderless>:not(caption)>*>*{border-bottom-width:0}.table-borderless>:not(:first-child){border-top-width:0}.table-striped>tbody>tr:nth-of-type(odd)>*{--bs-table-accent-bg:var(--bs-table-striped-bg);color:var(--bs-table-striped-color)}.table-striped-columns>:not(caption)>tr>:nth-child(even){--bs-table-accent-bg:var(--bs-table-striped-bg);color:var(--bs-table-striped-color)}.table-active{--bs-table-accent-bg:var(--bs-table-active-bg);color:var(--bs-table-active-color)}.table-hover>tbody>tr:hover>*{--bs-table-accent-bg:var(--bs-table-hover-bg);color:var(--bs-table-hover-color)}.table-primary{--bs-table-color:#fff;--bs-table-bg:#008cba;--bs-table-border-color:#1a98c1;--bs-table-striped-bg:#0d92bd;--bs-table-striped-color:#fff;--bs-table-active-bg:#1a98c1;--bs-table-active-color:#fff;--bs-table-hover-bg:#1395bf;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-secondary{--bs-table-color:#000;--bs-table-bg:#eeeeee;--bs-table-border-color:#d6d6d6;--bs-table-striped-bg:#e2e2e2;--bs-table-striped-color:#000;--bs-table-active-bg:#d6d6d6;--bs-table-active-color:#000;--bs-table-hover-bg:gainsboro;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-success{--bs-table-color:#fff;--bs-table-bg:#43ac6a;--bs-table-border-color:#56b479;--bs-table-striped-bg:#4cb071;--bs-table-striped-color:#fff;--bs-table-active-bg:#56b479;--bs-table-active-color:#fff;--bs-table-hover-bg:#51b275;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-info{--bs-table-color:#fff;--bs-table-bg:#5bc0de;--bs-table-border-color:#6bc6e1;--bs-table-striped-bg:#63c3e0;--bs-table-striped-color:#fff;--bs-table-active-bg:#6bc6e1;--bs-table-active-color:#fff;--bs-table-hover-bg:#67c5e0;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-warning{--bs-table-color:#fff;--bs-table-bg:#e99002;--bs-table-border-color:#eb9b1b;--bs-table-striped-bg:#ea960f;--bs-table-striped-color:#fff;--bs-table-active-bg:#eb9b1b;--bs-table-active-color:#fff;--bs-table-hover-bg:#eb9815;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-danger{--bs-table-color:#fff;--bs-table-bg:#f04124;--bs-table-border-color:#f2543a;--bs-table-striped-bg:#f14b2f;--bs-table-striped-color:#fff;--bs-table-active-bg:#f2543a;--bs-table-active-color:#fff;--bs-table-hover-bg:#f14f34;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-light{--bs-table-color:#000;--bs-table-bg:#eee;--bs-table-border-color:#d6d6d6;--bs-table-striped-bg:#e2e2e2;--bs-table-striped-color:#000;--bs-table-active-bg:#d6d6d6;--bs-table-active-color:#000;--bs-table-hover-bg:gainsboro;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-dark{--bs-table-color:#fff;--bs-table-bg:#222;--bs-table-border-color:#383838;--bs-table-striped-bg:#2d2d2d;--bs-table-striped-color:#fff;--bs-table-active-bg:#383838;--bs-table-active-color:#fff;--bs-table-hover-bg:#333333;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-responsive{overflow-x:auto;-webkit-overflow-scrolling:touch}@media (max-width:575.98px){.table-responsive-sm{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:767.98px){.table-responsive-md{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:991.98px){.table-responsive-lg{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:1199.98px){.table-responsive-xl{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:1399.98px){.table-responsive-xxl{overflow-x:auto;-webkit-overflow-scrolling:touch}}.form-label{margin-bottom:.5rem}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.5rem + 1px);font-size:1.25rem}.col-form-label-sm{padding-top:calc(.25rem + 1px);padding-bottom:calc(.25rem + 1px);font-size:.875rem}.form-text{margin-top:.25rem;font-size:.875em;color:#888}.form-control{display:block;width:100%;padding:.375rem .5rem;font-size:1rem;font-weight:400;line-height:1.5;color:#222;background-color:#fff;background-clip:padding-box;border:1px solid #ccc;-webkit-appearance:none;-moz-appearance:none;appearance:none;border-radius:0;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control{transition:none}}.form-control[type=file]{overflow:hidden}.form-control[type=file]:not(:disabled):not([readonly]){cursor:pointer}.form-control:focus{color:#222;background-color:#fff;border-color:#80c6dd;outline:0;box-shadow:0 0 0 .25rem rgba(0,140,186,.25)}.form-control::-webkit-date-and-time-value{height:1.5em}.form-control::-moz-placeholder{color:#888;opacity:1}.form-control::placeholder{color:#888;opacity:1}.form-control:disabled{background-color:#eee;opacity:1}.form-control::-webkit-file-upload-button{padding:.375rem .5rem;margin:-.375rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem;color:#222;background-color:#eee;pointer-events:none;border-color:inherit;border-style:solid;border-width:0;border-inline-end-width:1px;border-radius:0;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}.form-control::file-selector-button{padding:.375rem .5rem;margin:-.375rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem;color:#222;background-color:#eee;pointer-events:none;border-color:inherit;border-style:solid;border-width:0;border-inline-end-width:1px;border-radius:0;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control::-webkit-file-upload-button{-webkit-transition:none;transition:none}.form-control::file-selector-button{transition:none}}.form-control:hover:not(:disabled):not([readonly])::-webkit-file-upload-button{background-color:#e2e2e2}.form-control:hover:not(:disabled):not([readonly])::file-selector-button{background-color:#e2e2e2}.form-control-plaintext{display:block;width:100%;padding:.375rem 0;margin-bottom:0;line-height:1.5;color:#222;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext:focus{outline:0}.form-control-plaintext.form-control-lg,.form-control-plaintext.form-control-sm{padding-right:0;padding-left:0}.form-control-sm{min-height:calc(1.5em + .5rem + 2px);padding:.25rem .5rem;font-size:.875rem;border-radius:0}.form-control-sm::-webkit-file-upload-button{padding:.25rem .5rem;margin:-.25rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem}.form-control-sm::file-selector-button{padding:.25rem .5rem;margin:-.25rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem}.form-control-lg{min-height:calc(1.5em + 1rem + 2px);padding:.5rem 1rem;font-size:1.25rem;border-radius:0}.form-control-lg::-webkit-file-upload-button{padding:.5rem 1rem;margin:-.5rem -1rem;-webkit-margin-end:1rem;margin-inline-end:1rem}.form-control-lg::file-selector-button{padding:.5rem 1rem;margin:-.5rem -1rem;-webkit-margin-end:1rem;margin-inline-end:1rem}textarea.form-control{min-height:calc(1.5em + .75rem + 2px)}textarea.form-control-sm{min-height:calc(1.5em + .5rem + 2px)}textarea.form-control-lg{min-height:calc(1.5em + 1rem + 2px)}.form-control-color{width:3rem;height:calc(1.5em + .75rem + 2px);padding:.375rem}.form-control-color:not(:disabled):not([readonly]){cursor:pointer}.form-control-color::-moz-color-swatch{border:0!important;border-radius:0}.form-control-color::-webkit-color-swatch{border-radius:0}.form-control-color.form-control-sm{height:calc(1.5em + .5rem + 2px)}.form-control-color.form-control-lg{height:calc(1.5em + 1rem + 2px)}.form-select{display:block;width:100%;padding:.375rem 1.5rem .375rem .5rem;-moz-padding-start:calc(0.5rem - 3px);font-size:1rem;font-weight:400;line-height:1.5;color:#222;background-color:#fff;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23333' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right .5rem center;background-size:16px 12px;border:1px solid #ccc;border-radius:0;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-webkit-appearance:none;-moz-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-select{transition:none}}.form-select:focus{border-color:#80c6dd;outline:0;box-shadow:0 0 0 .25rem rgba(0,140,186,.25)}.form-select[multiple],.form-select[size]:not([size="1"]){padding-right:.5rem;background-image:none}.form-select:disabled{background-color:#eee}.form-select:-moz-focusring{color:transparent;text-shadow:0 0 0 #222}.form-select-sm{padding-top:.25rem;padding-bottom:.25rem;padding-left:.5rem;font-size:.875rem;border-radius:0}.form-select-lg{padding-top:.5rem;padding-bottom:.5rem;padding-left:1rem;font-size:1.25rem;border-radius:0}.form-check{display:block;min-height:1.5rem;padding-left:1.5em;margin-bottom:.125rem}.form-check .form-check-input{float:left;margin-left:-1.5em}.form-check-reverse{padding-right:1.5em;padding-left:0;text-align:right}.form-check-reverse .form-check-input{float:right;margin-right:-1.5em;margin-left:0}.form-check-input{width:1em;height:1em;margin-top:.25em;vertical-align:top;background-color:#fff;background-repeat:no-repeat;background-position:center;background-size:contain;border:1px solid rgba(0,0,0,.25);-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-print-color-adjust:exact;color-adjust:exact;print-color-adjust:exact}.form-check-input[type=checkbox]{border-radius:.25em}.form-check-input[type=radio]{border-radius:50%}.form-check-input:active{filter:brightness(90%)}.form-check-input:focus{border-color:#80c6dd;outline:0;box-shadow:0 0 0 .25rem rgba(0,140,186,.25)}.form-check-input:checked{background-color:#008cba;border-color:#008cba}.form-check-input:checked[type=checkbox]{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='m6 10 3 3 6-6'/%3e%3c/svg%3e")}.form-check-input:checked[type=radio]{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='2' fill='%23fff'/%3e%3c/svg%3e")}.form-check-input[type=checkbox]:indeterminate{background-color:#008cba;border-color:#008cba;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10h8'/%3e%3c/svg%3e")}.form-check-input:disabled{pointer-events:none;filter:none;opacity:.5}.form-check-input:disabled~.form-check-label,.form-check-input[disabled]~.form-check-label{cursor:default;opacity:.5}.form-switch{padding-left:2.5em}.form-switch .form-check-input{width:2em;margin-left:-2.5em;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='rgba%280, 0, 0, 0.25%29'/%3e%3c/svg%3e");background-position:left center;border-radius:2em;transition:background-position .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-switch .form-check-input{transition:none}}.form-switch .form-check-input:focus{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%2380c6dd'/%3e%3c/svg%3e")}.form-switch .form-check-input:checked{background-position:right center;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%23fff'/%3e%3c/svg%3e")}.form-switch.form-check-reverse{padding-right:2.5em;padding-left:0}.form-switch.form-check-reverse .form-check-input{margin-right:-2.5em;margin-left:0}.form-check-inline{display:inline-block;margin-right:1rem}.btn-check{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.btn-check:disabled+.btn,.btn-check[disabled]+.btn{pointer-events:none;filter:none;opacity:.65}.form-range{width:100%;height:1.5rem;padding:0;background-color:transparent;-webkit-appearance:none;-moz-appearance:none;appearance:none}.form-range:focus{outline:0}.form-range:focus::-webkit-slider-thumb{box-shadow:0 0 0 1px #fff,0 0 0 .25rem rgba(0,140,186,.25)}.form-range:focus::-moz-range-thumb{box-shadow:0 0 0 1px #fff,0 0 0 .25rem rgba(0,140,186,.25)}.form-range::-moz-focus-outer{border:0}.form-range::-webkit-slider-thumb{width:1rem;height:1rem;margin-top:-.25rem;background-color:#008cba;border:0;border-radius:1rem;-webkit-transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;-webkit-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-range::-webkit-slider-thumb{-webkit-transition:none;transition:none}}.form-range::-webkit-slider-thumb:active{background-color:#b3ddea}.form-range::-webkit-slider-runnable-track{width:100%;height:.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.form-range::-moz-range-thumb{width:1rem;height:1rem;background-color:#008cba;border:0;border-radius:1rem;-moz-transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;-moz-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-range::-moz-range-thumb{-moz-transition:none;transition:none}}.form-range::-moz-range-thumb:active{background-color:#b3ddea}.form-range::-moz-range-track{width:100%;height:.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.form-range:disabled{pointer-events:none}.form-range:disabled::-webkit-slider-thumb{background-color:#adb5bd}.form-range:disabled::-moz-range-thumb{background-color:#adb5bd}.form-floating{position:relative}.form-floating>.form-control,.form-floating>.form-control-plaintext,.form-floating>.form-select{height:calc(3.5rem + 2px);line-height:1.25}.form-floating>label{position:absolute;top:0;left:0;width:100%;height:100%;padding:1rem .5rem;overflow:hidden;text-align:start;text-overflow:ellipsis;white-space:nowrap;pointer-events:none;border:1px solid transparent;transform-origin:0 0;transition:opacity .1s ease-in-out,transform .1s ease-in-out}@media (prefers-reduced-motion:reduce){.form-floating>label{transition:none}}.form-floating>.form-control,.form-floating>.form-control-plaintext{padding:1rem .5rem}.form-floating>.form-control-plaintext::-moz-placeholder,.form-floating>.form-control::-moz-placeholder{color:transparent}.form-floating>.form-control-plaintext::placeholder,.form-floating>.form-control::placeholder{color:transparent}.form-floating>.form-control-plaintext:not(:-moz-placeholder-shown),.form-floating>.form-control:not(:-moz-placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control-plaintext:focus,.form-floating>.form-control-plaintext:not(:placeholder-shown),.form-floating>.form-control:focus,.form-floating>.form-control:not(:placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control-plaintext:-webkit-autofill,.form-floating>.form-control:-webkit-autofill{padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-select{padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control:not(:-moz-placeholder-shown)~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control-plaintext~label,.form-floating>.form-control:focus~label,.form-floating>.form-control:not(:placeholder-shown)~label,.form-floating>.form-select~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control:-webkit-autofill~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control-plaintext~label{border-width:1px 0}.input-group{position:relative;display:flex;flex-wrap:wrap;align-items:stretch;width:100%}.input-group>.form-control,.input-group>.form-floating,.input-group>.form-select{position:relative;flex:1 1 auto;width:1%;min-width:0}.input-group>.form-control:focus,.input-group>.form-floating:focus-within,.input-group>.form-select:focus{z-index:5}.input-group .btn{position:relative;z-index:2}.input-group .btn:focus{z-index:5}.input-group-text{display:flex;align-items:center;padding:.375rem .5rem;font-size:1rem;font-weight:400;line-height:1.5;color:#222;text-align:center;white-space:nowrap;background-color:#eee;border:1px solid #ccc;border-radius:0}.input-group-lg>.btn,.input-group-lg>.form-control,.input-group-lg>.form-select,.input-group-lg>.input-group-text{padding:.5rem 1rem;font-size:1.25rem;border-radius:0}.input-group-sm>.btn,.input-group-sm>.form-control,.input-group-sm>.form-select,.input-group-sm>.input-group-text{padding:.25rem .5rem;font-size:.875rem;border-radius:0}.input-group-lg>.form-select,.input-group-sm>.form-select{padding-right:2rem}.input-group:not(.has-validation)>.dropdown-toggle:nth-last-child(n+3),.input-group:not(.has-validation)>.form-floating:not(:last-child)>.form-control,.input-group:not(.has-validation)>.form-floating:not(:last-child)>.form-select,.input-group:not(.has-validation)>:not(:last-child):not(.dropdown-toggle):not(.dropdown-menu):not(.form-floating){border-top-right-radius:0;border-bottom-right-radius:0}.input-group.has-validation>.dropdown-toggle:nth-last-child(n+4),.input-group.has-validation>.form-floating:nth-last-child(n+3)>.form-control,.input-group.has-validation>.form-floating:nth-last-child(n+3)>.form-select,.input-group.has-validation>:nth-last-child(n+3):not(.dropdown-toggle):not(.dropdown-menu):not(.form-floating){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>:not(:first-child):not(.dropdown-menu):not(.valid-tooltip):not(.valid-feedback):not(.invalid-tooltip):not(.invalid-feedback){margin-left:-1px;border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.form-floating:not(:first-child)>.form-control,.input-group>.form-floating:not(:first-child)>.form-select{border-top-left-radius:0;border-bottom-left-radius:0}.valid-feedback{display:none;width:100%;margin-top:.25rem;font-size:.875em;color:#43ac6a}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.25rem .5rem;margin-top:.1rem;font-size:.875rem;color:#fff;background-color:rgba(67,172,106,.9);border-radius:0}.is-valid~.valid-feedback,.is-valid~.valid-tooltip,.was-validated :valid~.valid-feedback,.was-validated :valid~.valid-tooltip{display:block}.form-control.is-valid,.was-validated .form-control:valid{border-color:#43ac6a;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%2343ac6a' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(.375em + .1875rem) center;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-valid:focus,.was-validated .form-control:valid:focus{border-color:#43ac6a;box-shadow:0 0 0 .25rem rgba(67,172,106,.25)}.was-validated textarea.form-control:valid,textarea.form-control.is-valid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.form-select.is-valid,.was-validated .form-select:valid{border-color:#43ac6a}.form-select.is-valid:not([multiple]):not([size]),.form-select.is-valid:not([multiple])[size="1"],.was-validated .form-select:valid:not([multiple]):not([size]),.was-validated .form-select:valid:not([multiple])[size="1"]{padding-right:2.75rem;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23333' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e"),url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%2343ac6a' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");background-position:right .5rem center,center right 1.5rem;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.form-select.is-valid:focus,.was-validated .form-select:valid:focus{border-color:#43ac6a;box-shadow:0 0 0 .25rem rgba(67,172,106,.25)}.form-control-color.is-valid,.was-validated .form-control-color:valid{width:calc(3rem + calc(1.5em + .75rem))}.form-check-input.is-valid,.was-validated .form-check-input:valid{border-color:#43ac6a}.form-check-input.is-valid:checked,.was-validated .form-check-input:valid:checked{background-color:#43ac6a}.form-check-input.is-valid:focus,.was-validated .form-check-input:valid:focus{box-shadow:0 0 0 .25rem rgba(67,172,106,.25)}.form-check-input.is-valid~.form-check-label,.was-validated .form-check-input:valid~.form-check-label{color:#43ac6a}.form-check-inline .form-check-input~.valid-feedback{margin-left:.5em}.input-group>.form-control:not(:focus).is-valid,.input-group>.form-floating:not(:focus-within).is-valid,.input-group>.form-select:not(:focus).is-valid,.was-validated .input-group>.form-control:not(:focus):valid,.was-validated .input-group>.form-floating:not(:focus-within):valid,.was-validated .input-group>.form-select:not(:focus):valid{z-index:3}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:.875em;color:#f04124}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.25rem .5rem;margin-top:.1rem;font-size:.875rem;color:#fff;background-color:rgba(240,65,36,.9);border-radius:0}.is-invalid~.invalid-feedback,.is-invalid~.invalid-tooltip,.was-validated :invalid~.invalid-feedback,.was-validated :invalid~.invalid-tooltip{display:block}.form-control.is-invalid,.was-validated .form-control:invalid{border-color:#f04124;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f04124'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f04124' stroke='none'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(.375em + .1875rem) center;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-invalid:focus,.was-validated .form-control:invalid:focus{border-color:#f04124;box-shadow:0 0 0 .25rem rgba(240,65,36,.25)}.was-validated textarea.form-control:invalid,textarea.form-control.is-invalid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.form-select.is-invalid,.was-validated .form-select:invalid{border-color:#f04124}.form-select.is-invalid:not([multiple]):not([size]),.form-select.is-invalid:not([multiple])[size="1"],.was-validated .form-select:invalid:not([multiple]):not([size]),.was-validated .form-select:invalid:not([multiple])[size="1"]{padding-right:2.75rem;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23333' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e"),url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f04124'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f04124' stroke='none'/%3e%3c/svg%3e");background-position:right .5rem center,center right 1.5rem;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.form-select.is-invalid:focus,.was-validated .form-select:invalid:focus{border-color:#f04124;box-shadow:0 0 0 .25rem rgba(240,65,36,.25)}.form-control-color.is-invalid,.was-validated .form-control-color:invalid{width:calc(3rem + calc(1.5em + .75rem))}.form-check-input.is-invalid,.was-validated .form-check-input:invalid{border-color:#f04124}.form-check-input.is-invalid:checked,.was-validated .form-check-input:invalid:checked{background-color:#f04124}.form-check-input.is-invalid:focus,.was-validated .form-check-input:invalid:focus{box-shadow:0 0 0 .25rem rgba(240,65,36,.25)}.form-check-input.is-invalid~.form-check-label,.was-validated .form-check-input:invalid~.form-check-label{color:#f04124}.form-check-inline .form-check-input~.invalid-feedback{margin-left:.5em}.input-group>.form-control:not(:focus).is-invalid,.input-group>.form-floating:not(:focus-within).is-invalid,.input-group>.form-select:not(:focus).is-invalid,.was-validated .input-group>.form-control:not(:focus):invalid,.was-validated .input-group>.form-floating:not(:focus-within):invalid,.was-validated .input-group>.form-select:not(:focus):invalid{z-index:4}.btn{--bs-btn-padding-x:0.5rem;--bs-btn-padding-y:0.375rem;--bs-btn-font-family: ;--bs-btn-font-size:1rem;--bs-btn-font-weight:300;--bs-btn-line-height:1.5;--bs-btn-color:#222;--bs-btn-bg:transparent;--bs-btn-border-width:1px;--bs-btn-border-color:transparent;--bs-btn-border-radius:0;--bs-btn-hover-border-color:transparent;--bs-btn-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.15),0 1px 1px rgba(0, 0, 0, 0.075);--bs-btn-disabled-opacity:0.65;--bs-btn-focus-box-shadow:0 0 0 0.25rem rgba(var(--bs-btn-focus-shadow-rgb), .5);display:inline-block;padding:var(--bs-btn-padding-y) var(--bs-btn-padding-x);font-family:var(--bs-btn-font-family);font-size:var(--bs-btn-font-size);font-weight:var(--bs-btn-font-weight);line-height:var(--bs-btn-line-height);color:var(--bs-btn-color);text-align:center;text-decoration:none;vertical-align:middle;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;user-select:none;border:var(--bs-btn-border-width) solid var(--bs-btn-border-color);border-radius:var(--bs-btn-border-radius);background-color:var(--bs-btn-bg);transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.btn{transition:none}}.btn:hover{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color)}.btn-check+.btn:hover{color:var(--bs-btn-color);background-color:var(--bs-btn-bg);border-color:var(--bs-btn-border-color)}.btn:focus-visible{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color);outline:0;box-shadow:var(--bs-btn-focus-box-shadow)}.btn-check:focus-visible+.btn{border-color:var(--bs-btn-hover-border-color);outline:0;box-shadow:var(--bs-btn-focus-box-shadow)}.btn-check:checked+.btn,.btn.active,.btn.show,.btn:first-child:active,:not(.btn-check)+.btn:active{color:var(--bs-btn-active-color);background-color:var(--bs-btn-active-bg);border-color:var(--bs-btn-active-border-color)}.btn-check:checked+.btn:focus-visible,.btn.active:focus-visible,.btn.show:focus-visible,.btn:first-child:active:focus-visible,:not(.btn-check)+.btn:active:focus-visible{box-shadow:var(--bs-btn-focus-box-shadow)}.btn.disabled,.btn:disabled,fieldset:disabled .btn{color:var(--bs-btn-disabled-color);pointer-events:none;background-color:var(--bs-btn-disabled-bg);border-color:var(--bs-btn-disabled-border-color);opacity:var(--bs-btn-disabled-opacity)}.btn-primary{--bs-btn-color:#fff;--bs-btn-bg:#008cba;--bs-btn-border-color:#008cba;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#00779e;--bs-btn-hover-border-color:#007095;--bs-btn-focus-shadow-rgb:38,157,196;--bs-btn-active-color:#fff;--bs-btn-active-bg:#007095;--bs-btn-active-border-color:#00698c;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#008cba;--bs-btn-disabled-border-color:#008cba}.btn-secondary{--bs-btn-color:#000;--bs-btn-bg:#eee;--bs-btn-border-color:#eee;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#f1f1f1;--bs-btn-hover-border-color:#f0f0f0;--bs-btn-focus-shadow-rgb:202,202,202;--bs-btn-active-color:#000;--bs-btn-active-bg:#f1f1f1;--bs-btn-active-border-color:#f0f0f0;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#000;--bs-btn-disabled-bg:#eee;--bs-btn-disabled-border-color:#eee}.btn-success{--bs-btn-color:#fff;--bs-btn-bg:#43ac6a;--bs-btn-border-color:#43ac6a;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#39925a;--bs-btn-hover-border-color:#368a55;--bs-btn-focus-shadow-rgb:95,184,128;--bs-btn-active-color:#fff;--bs-btn-active-bg:#368a55;--bs-btn-active-border-color:#328150;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#43ac6a;--bs-btn-disabled-border-color:#43ac6a}.btn-info{--bs-btn-color:#fff;--bs-btn-bg:#5bc0de;--bs-btn-border-color:#5bc0de;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#4da3bd;--bs-btn-hover-border-color:#499ab2;--bs-btn-focus-shadow-rgb:116,201,227;--bs-btn-active-color:#fff;--bs-btn-active-bg:#499ab2;--bs-btn-active-border-color:#4490a7;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#5bc0de;--bs-btn-disabled-border-color:#5bc0de}.btn-warning{--bs-btn-color:#fff;--bs-btn-bg:#e99002;--bs-btn-border-color:#e99002;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#c67a02;--bs-btn-hover-border-color:#ba7302;--bs-btn-focus-shadow-rgb:236,161,40;--bs-btn-active-color:#fff;--bs-btn-active-bg:#ba7302;--bs-btn-active-border-color:#af6c02;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#e99002;--bs-btn-disabled-border-color:#e99002}.btn-danger{--bs-btn-color:#fff;--bs-btn-bg:#f04124;--bs-btn-border-color:#f04124;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#cc371f;--bs-btn-hover-border-color:#c0341d;--bs-btn-focus-shadow-rgb:242,94,69;--bs-btn-active-color:#fff;--bs-btn-active-bg:#c0341d;--bs-btn-active-border-color:#b4311b;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#f04124;--bs-btn-disabled-border-color:#f04124}.btn-light{--bs-btn-color:#000;--bs-btn-bg:#eee;--bs-btn-border-color:#eee;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#cacaca;--bs-btn-hover-border-color:#bebebe;--bs-btn-focus-shadow-rgb:202,202,202;--bs-btn-active-color:#000;--bs-btn-active-bg:#bebebe;--bs-btn-active-border-color:#b3b3b3;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#000;--bs-btn-disabled-bg:#eee;--bs-btn-disabled-border-color:#eee}.btn-dark{--bs-btn-color:#fff;--bs-btn-bg:#222;--bs-btn-border-color:#222;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#434343;--bs-btn-hover-border-color:#383838;--bs-btn-focus-shadow-rgb:67,67,67;--bs-btn-active-color:#fff;--bs-btn-active-bg:#4e4e4e;--bs-btn-active-border-color:#383838;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#222;--bs-btn-disabled-border-color:#222}.btn-outline-primary{--bs-btn-color:#008cba;--bs-btn-border-color:#008cba;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#008cba;--bs-btn-hover-border-color:#008cba;--bs-btn-focus-shadow-rgb:0,140,186;--bs-btn-active-color:#fff;--bs-btn-active-bg:#008cba;--bs-btn-active-border-color:#008cba;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#008cba;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#008cba;--bs-gradient:none}.btn-outline-secondary{--bs-btn-color:#eee;--bs-btn-border-color:#eee;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#eee;--bs-btn-hover-border-color:#eee;--bs-btn-focus-shadow-rgb:238,238,238;--bs-btn-active-color:#000;--bs-btn-active-bg:#eee;--bs-btn-active-border-color:#eee;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#eee;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#eee;--bs-gradient:none}.btn-outline-success{--bs-btn-color:#43ac6a;--bs-btn-border-color:#43ac6a;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#43ac6a;--bs-btn-hover-border-color:#43ac6a;--bs-btn-focus-shadow-rgb:67,172,106;--bs-btn-active-color:#fff;--bs-btn-active-bg:#43ac6a;--bs-btn-active-border-color:#43ac6a;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#43ac6a;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#43ac6a;--bs-gradient:none}.btn-outline-info{--bs-btn-color:#5bc0de;--bs-btn-border-color:#5bc0de;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#5bc0de;--bs-btn-hover-border-color:#5bc0de;--bs-btn-focus-shadow-rgb:91,192,222;--bs-btn-active-color:#fff;--bs-btn-active-bg:#5bc0de;--bs-btn-active-border-color:#5bc0de;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#5bc0de;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#5bc0de;--bs-gradient:none}.btn-outline-warning{--bs-btn-color:#e99002;--bs-btn-border-color:#e99002;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#e99002;--bs-btn-hover-border-color:#e99002;--bs-btn-focus-shadow-rgb:233,144,2;--bs-btn-active-color:#fff;--bs-btn-active-bg:#e99002;--bs-btn-active-border-color:#e99002;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#e99002;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#e99002;--bs-gradient:none}.btn-outline-danger{--bs-btn-color:#f04124;--bs-btn-border-color:#f04124;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#f04124;--bs-btn-hover-border-color:#f04124;--bs-btn-focus-shadow-rgb:240,65,36;--bs-btn-active-color:#fff;--bs-btn-active-bg:#f04124;--bs-btn-active-border-color:#f04124;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#f04124;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#f04124;--bs-gradient:none}.btn-outline-light{--bs-btn-color:#eee;--bs-btn-border-color:#eee;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#eee;--bs-btn-hover-border-color:#eee;--bs-btn-focus-shadow-rgb:238,238,238;--bs-btn-active-color:#000;--bs-btn-active-bg:#eee;--bs-btn-active-border-color:#eee;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#eee;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#eee;--bs-gradient:none}.btn-outline-dark{--bs-btn-color:#222;--bs-btn-border-color:#222;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#222;--bs-btn-hover-border-color:#222;--bs-btn-focus-shadow-rgb:34,34,34;--bs-btn-active-color:#fff;--bs-btn-active-bg:#222;--bs-btn-active-border-color:#222;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#222;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#222;--bs-gradient:none}.btn-link{--bs-btn-font-weight:400;--bs-btn-color:var(--bs-link-color);--bs-btn-bg:transparent;--bs-btn-border-color:transparent;--bs-btn-hover-color:var(--bs-link-hover-color);--bs-btn-hover-border-color:transparent;--bs-btn-active-color:var(--bs-link-hover-color);--bs-btn-active-border-color:transparent;--bs-btn-disabled-color:#888;--bs-btn-disabled-border-color:transparent;--bs-btn-box-shadow:none;--bs-btn-focus-shadow-rgb:38,157,196;text-decoration:underline}.btn-link:focus-visible{color:var(--bs-btn-color)}.btn-link:hover{color:var(--bs-btn-hover-color)}.btn-group-lg>.btn,.btn-lg{--bs-btn-padding-y:0.5rem;--bs-btn-padding-x:1rem;--bs-btn-font-size:1.25rem;--bs-btn-border-radius:0}.btn-group-sm>.btn,.btn-sm{--bs-btn-padding-y:0.25rem;--bs-btn-padding-x:0.5rem;--bs-btn-font-size:0.875rem;--bs-btn-border-radius:0}.fade{transition:opacity .15s linear}@media (prefers-reduced-motion:reduce){.fade{transition:none}}.fade:not(.show){opacity:0}.collapse:not(.show){display:none}.collapsing{height:0;overflow:hidden;transition:height .35s ease}@media (prefers-reduced-motion:reduce){.collapsing{transition:none}}.collapsing.collapse-horizontal{width:0;height:auto;transition:width .35s ease}@media (prefers-reduced-motion:reduce){.collapsing.collapse-horizontal{transition:none}}.dropdown,.dropdown-center,.dropend,.dropstart,.dropup,.dropup-center{position:relative}.dropdown-toggle{white-space:nowrap}.dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid;border-right:.3em solid transparent;border-bottom:0;border-left:.3em solid transparent}.dropdown-toggle:empty::after{margin-left:0}.dropdown-menu{--bs-dropdown-zindex:1000;--bs-dropdown-min-width:10rem;--bs-dropdown-padding-x:0;--bs-dropdown-padding-y:0.5rem;--bs-dropdown-spacer:0.125rem;--bs-dropdown-font-size:1rem;--bs-dropdown-color:#222;--bs-dropdown-bg:#fff;--bs-dropdown-border-color:rgba(0, 0, 0, 0.1);--bs-dropdown-border-radius:0;--bs-dropdown-border-width:1px;--bs-dropdown-inner-border-radius:-1px;--bs-dropdown-divider-bg:rgba(0, 0, 0, 0.1);--bs-dropdown-divider-margin-y:0.5rem;--bs-dropdown-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-dropdown-link-color:#222;--bs-dropdown-link-hover-color:#1f1f1f;--bs-dropdown-link-hover-bg:#eee;--bs-dropdown-link-active-color:#fff;--bs-dropdown-link-active-bg:#008cba;--bs-dropdown-link-disabled-color:#adb5bd;--bs-dropdown-item-padding-x:1rem;--bs-dropdown-item-padding-y:0.25rem;--bs-dropdown-header-color:#888;--bs-dropdown-header-padding-x:1rem;--bs-dropdown-header-padding-y:0.5rem;position:absolute;z-index:var(--bs-dropdown-zindex);display:none;min-width:var(--bs-dropdown-min-width);padding:var(--bs-dropdown-padding-y) var(--bs-dropdown-padding-x);margin:0;font-size:var(--bs-dropdown-font-size);color:var(--bs-dropdown-color);text-align:left;list-style:none;background-color:var(--bs-dropdown-bg);background-clip:padding-box;border:var(--bs-dropdown-border-width) solid var(--bs-dropdown-border-color);border-radius:var(--bs-dropdown-border-radius)}.dropdown-menu[data-bs-popper]{top:100%;left:0;margin-top:var(--bs-dropdown-spacer)}.dropdown-menu-start{--bs-position:start}.dropdown-menu-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-end{--bs-position:end}.dropdown-menu-end[data-bs-popper]{right:0;left:auto}@media (min-width:576px){.dropdown-menu-sm-start{--bs-position:start}.dropdown-menu-sm-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-sm-end{--bs-position:end}.dropdown-menu-sm-end[data-bs-popper]{right:0;left:auto}}@media (min-width:768px){.dropdown-menu-md-start{--bs-position:start}.dropdown-menu-md-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-md-end{--bs-position:end}.dropdown-menu-md-end[data-bs-popper]{right:0;left:auto}}@media (min-width:992px){.dropdown-menu-lg-start{--bs-position:start}.dropdown-menu-lg-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-lg-end{--bs-position:end}.dropdown-menu-lg-end[data-bs-popper]{right:0;left:auto}}@media (min-width:1200px){.dropdown-menu-xl-start{--bs-position:start}.dropdown-menu-xl-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-xl-end{--bs-position:end}.dropdown-menu-xl-end[data-bs-popper]{right:0;left:auto}}@media (min-width:1400px){.dropdown-menu-xxl-start{--bs-position:start}.dropdown-menu-xxl-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-xxl-end{--bs-position:end}.dropdown-menu-xxl-end[data-bs-popper]{right:0;left:auto}}.dropup .dropdown-menu[data-bs-popper]{top:auto;bottom:100%;margin-top:0;margin-bottom:var(--bs-dropdown-spacer)}.dropup .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty::after{margin-left:0}.dropend .dropdown-menu[data-bs-popper]{top:0;right:auto;left:100%;margin-top:0;margin-left:var(--bs-dropdown-spacer)}.dropend .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:0;border-bottom:.3em solid transparent;border-left:.3em solid}.dropend .dropdown-toggle:empty::after{margin-left:0}.dropend .dropdown-toggle::after{vertical-align:0}.dropstart .dropdown-menu[data-bs-popper]{top:0;right:100%;left:auto;margin-top:0;margin-right:var(--bs-dropdown-spacer)}.dropstart .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:""}.dropstart .dropdown-toggle::after{display:none}.dropstart .dropdown-toggle::before{display:inline-block;margin-right:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:.3em solid;border-bottom:.3em solid transparent}.dropstart .dropdown-toggle:empty::after{margin-left:0}.dropstart .dropdown-toggle::before{vertical-align:0}.dropdown-divider{height:0;margin:var(--bs-dropdown-divider-margin-y) 0;overflow:hidden;border-top:1px solid var(--bs-dropdown-divider-bg);opacity:1}.dropdown-item{display:block;width:100%;padding:var(--bs-dropdown-item-padding-y) var(--bs-dropdown-item-padding-x);clear:both;font-weight:400;color:var(--bs-dropdown-link-color);text-align:inherit;text-decoration:none;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:focus,.dropdown-item:hover{color:var(--bs-dropdown-link-hover-color);background-color:var(--bs-dropdown-link-hover-bg)}.dropdown-item.active,.dropdown-item:active{color:var(--bs-dropdown-link-active-color);text-decoration:none;background-color:var(--bs-dropdown-link-active-bg)}.dropdown-item.disabled,.dropdown-item:disabled{color:var(--bs-dropdown-link-disabled-color);pointer-events:none;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:var(--bs-dropdown-header-padding-y) var(--bs-dropdown-header-padding-x);margin-bottom:0;font-size:.875rem;color:var(--bs-dropdown-header-color);white-space:nowrap}.dropdown-item-text{display:block;padding:var(--bs-dropdown-item-padding-y) var(--bs-dropdown-item-padding-x);color:var(--bs-dropdown-link-color)}.dropdown-menu-dark{--bs-dropdown-color:#dee2e6;--bs-dropdown-bg:#333;--bs-dropdown-border-color:rgba(0, 0, 0, 0.1);--bs-dropdown-box-shadow: ;--bs-dropdown-link-color:#dee2e6;--bs-dropdown-link-hover-color:#fff;--bs-dropdown-divider-bg:rgba(0, 0, 0, 0.1);--bs-dropdown-link-hover-bg:rgba(255, 255, 255, 0.15);--bs-dropdown-link-active-color:#fff;--bs-dropdown-link-active-bg:#008cba;--bs-dropdown-link-disabled-color:#adb5bd;--bs-dropdown-header-color:#adb5bd}.btn-group,.btn-group-vertical{position:relative;display:inline-flex;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;flex:1 1 auto}.btn-group-vertical>.btn-check:checked+.btn,.btn-group-vertical>.btn-check:focus+.btn,.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn-check:checked+.btn,.btn-group>.btn-check:focus+.btn,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:1}.btn-toolbar{display:flex;flex-wrap:wrap;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group{border-radius:0}.btn-group>.btn-group:not(:first-child),.btn-group>:not(.btn-check:first-child)+.btn{margin-left:-1px}.btn-group>.btn-group:not(:last-child)>.btn,.btn-group>.btn.dropdown-toggle-split:first-child,.btn-group>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:not(:first-child)>.btn,.btn-group>.btn:nth-child(n+3),.btn-group>:not(.btn-check)+.btn{border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.dropdown-toggle-split::after,.dropend .dropdown-toggle-split::after,.dropup .dropdown-toggle-split::after{margin-left:0}.dropstart .dropdown-toggle-split::before{margin-right:0}.btn-group-sm>.btn+.dropdown-toggle-split,.btn-sm+.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.btn-group-lg>.btn+.dropdown-toggle-split,.btn-lg+.dropdown-toggle-split{padding-right:.75rem;padding-left:.75rem}.btn-group-vertical{flex-direction:column;align-items:flex-start;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn-group:not(:first-child),.btn-group-vertical>.btn:not(:first-child){margin-top:-1px}.btn-group-vertical>.btn-group:not(:last-child)>.btn,.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child)>.btn,.btn-group-vertical>.btn~.btn{border-top-left-radius:0;border-top-right-radius:0}.nav{--bs-nav-link-padding-x:1rem;--bs-nav-link-padding-y:0.5rem;--bs-nav-link-font-weight: ;--bs-nav-link-color:var(--bs-link-color);--bs-nav-link-hover-color:var(--bs-link-hover-color);--bs-nav-link-disabled-color:#ccc;display:flex;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:var(--bs-nav-link-padding-y) var(--bs-nav-link-padding-x);font-size:var(--bs-nav-link-font-size);font-weight:var(--bs-nav-link-font-weight);color:var(--bs-nav-link-color);text-decoration:none;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out}@media (prefers-reduced-motion:reduce){.nav-link{transition:none}}.nav-link:focus,.nav-link:hover{color:var(--bs-nav-link-hover-color)}.nav-link.disabled{color:var(--bs-nav-link-disabled-color);pointer-events:none;cursor:default}.nav-tabs{--bs-nav-tabs-border-width:1px;--bs-nav-tabs-border-color:rgba(0, 0, 0, 0.1);--bs-nav-tabs-border-radius:0;--bs-nav-tabs-link-hover-border-color:rgba(0, 0, 0, 0.1);--bs-nav-tabs-link-active-color:#495057;--bs-nav-tabs-link-active-bg:#fff;--bs-nav-tabs-link-active-border-color:rgba(0, 0, 0, 0.1);border-bottom:var(--bs-nav-tabs-border-width) solid var(--bs-nav-tabs-border-color)}.nav-tabs .nav-link{margin-bottom:calc(-1 * var(--bs-nav-tabs-border-width));background:0 0;border:var(--bs-nav-tabs-border-width) solid transparent;border-top-left-radius:var(--bs-nav-tabs-border-radius);border-top-right-radius:var(--bs-nav-tabs-border-radius)}.nav-tabs .nav-link:focus,.nav-tabs .nav-link:hover{isolation:isolate;border-color:var(--bs-nav-tabs-link-hover-border-color)}.nav-tabs .nav-link.disabled,.nav-tabs .nav-link:disabled{color:var(--bs-nav-link-disabled-color);background-color:transparent;border-color:transparent}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{color:var(--bs-nav-tabs-link-active-color);background-color:var(--bs-nav-tabs-link-active-bg);border-color:var(--bs-nav-tabs-link-active-border-color)}.nav-tabs .dropdown-menu{margin-top:calc(-1 * var(--bs-nav-tabs-border-width));border-top-left-radius:0;border-top-right-radius:0}.nav-pills{--bs-nav-pills-border-radius:0;--bs-nav-pills-link-active-color:#fff;--bs-nav-pills-link-active-bg:#008cba}.nav-pills .nav-link{background:0 0;border:0;border-radius:var(--bs-nav-pills-border-radius)}.nav-pills .nav-link:disabled{color:var(--bs-nav-link-disabled-color);background-color:transparent;border-color:transparent}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:var(--bs-nav-pills-link-active-color);background-color:var(--bs-nav-pills-link-active-bg)}.nav-fill .nav-item,.nav-fill>.nav-link{flex:1 1 auto;text-align:center}.nav-justified .nav-item,.nav-justified>.nav-link{flex-basis:0;flex-grow:1;text-align:center}.nav-fill .nav-item .nav-link,.nav-justified .nav-item .nav-link{width:100%}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{--bs-navbar-padding-x:0;--bs-navbar-padding-y:0.5rem;--bs-navbar-color:rgba(0, 0, 0, 0.55);--bs-navbar-hover-color:rgba(0, 0, 0, 0.7);--bs-navbar-disabled-color:rgba(0, 0, 0, 0.3);--bs-navbar-active-color:rgba(0, 0, 0, 0.9);--bs-navbar-brand-padding-y:0.3125rem;--bs-navbar-brand-margin-end:1rem;--bs-navbar-brand-font-size:1.25rem;--bs-navbar-brand-color:rgba(0, 0, 0, 0.9);--bs-navbar-brand-hover-color:rgba(0, 0, 0, 0.9);--bs-navbar-nav-link-padding-x:0.5rem;--bs-navbar-toggler-padding-y:0.25rem;--bs-navbar-toggler-padding-x:0.75rem;--bs-navbar-toggler-font-size:1.25rem;--bs-navbar-toggler-icon-bg:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%280, 0, 0, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e");--bs-navbar-toggler-border-color:rgba(0, 0, 0, 0.1);--bs-navbar-toggler-border-radius:0;--bs-navbar-toggler-focus-width:0.25rem;--bs-navbar-toggler-transition:box-shadow 0.15s ease-in-out;position:relative;display:flex;flex-wrap:wrap;align-items:center;justify-content:space-between;padding:var(--bs-navbar-padding-y) var(--bs-navbar-padding-x)}.navbar>.container,.navbar>.container-fluid,.navbar>.container-lg,.navbar>.container-md,.navbar>.container-sm,.navbar>.container-xl,.navbar>.container-xxl{display:flex;flex-wrap:inherit;align-items:center;justify-content:space-between}.navbar-brand{padding-top:var(--bs-navbar-brand-padding-y);padding-bottom:var(--bs-navbar-brand-padding-y);margin-right:var(--bs-navbar-brand-margin-end);font-size:var(--bs-navbar-brand-font-size);color:var(--bs-navbar-brand-color);text-decoration:none;white-space:nowrap}.navbar-brand:focus,.navbar-brand:hover{color:var(--bs-navbar-brand-hover-color)}.navbar-nav{--bs-nav-link-padding-x:0;--bs-nav-link-padding-y:0.5rem;--bs-nav-link-font-weight: ;--bs-nav-link-color:var(--bs-navbar-color);--bs-nav-link-hover-color:var(--bs-navbar-hover-color);--bs-nav-link-disabled-color:var(--bs-navbar-disabled-color);display:flex;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link.active,.navbar-nav .show>.nav-link{color:var(--bs-navbar-active-color)}.navbar-nav .dropdown-menu{position:static}.navbar-text{padding-top:.5rem;padding-bottom:.5rem;color:var(--bs-navbar-color)}.navbar-text a,.navbar-text a:focus,.navbar-text a:hover{color:var(--bs-navbar-active-color)}.navbar-collapse{flex-basis:100%;flex-grow:1;align-items:center}.navbar-toggler{padding:var(--bs-navbar-toggler-padding-y) var(--bs-navbar-toggler-padding-x);font-size:var(--bs-navbar-toggler-font-size);line-height:1;color:var(--bs-navbar-color);background-color:transparent;border:var(--bs-border-width) solid var(--bs-navbar-toggler-border-color);border-radius:var(--bs-navbar-toggler-border-radius);transition:var(--bs-navbar-toggler-transition)}@media (prefers-reduced-motion:reduce){.navbar-toggler{transition:none}}.navbar-toggler:hover{text-decoration:none}.navbar-toggler:focus{text-decoration:none;outline:0;box-shadow:0 0 0 var(--bs-navbar-toggler-focus-width)}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;background-image:var(--bs-navbar-toggler-icon-bg);background-repeat:no-repeat;background-position:center;background-size:100%}.navbar-nav-scroll{max-height:var(--bs-scroll-height,75vh);overflow-y:auto}@media (min-width:576px){.navbar-expand-sm{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-sm .navbar-nav{flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-sm .navbar-nav-scroll{overflow:visible}.navbar-expand-sm .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}.navbar-expand-sm .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-sm .offcanvas .offcanvas-header{display:none}.navbar-expand-sm .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:768px){.navbar-expand-md{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-md .navbar-nav{flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-md .navbar-nav-scroll{overflow:visible}.navbar-expand-md .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}.navbar-expand-md .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-md .offcanvas .offcanvas-header{display:none}.navbar-expand-md .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:992px){.navbar-expand-lg{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-lg .navbar-nav{flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-lg .navbar-nav-scroll{overflow:visible}.navbar-expand-lg .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}.navbar-expand-lg .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-lg .offcanvas .offcanvas-header{display:none}.navbar-expand-lg .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:1200px){.navbar-expand-xl{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-xl .navbar-nav{flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-xl .navbar-nav-scroll{overflow:visible}.navbar-expand-xl .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}.navbar-expand-xl .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-xl .offcanvas .offcanvas-header{display:none}.navbar-expand-xl .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:1400px){.navbar-expand-xxl{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-xxl .navbar-nav{flex-direction:row}.navbar-expand-xxl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xxl .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-xxl .navbar-nav-scroll{overflow:visible}.navbar-expand-xxl .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-xxl .navbar-toggler{display:none}.navbar-expand-xxl .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-xxl .offcanvas .offcanvas-header{display:none}.navbar-expand-xxl .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}.navbar-expand{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand .navbar-nav{flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand .navbar-nav-scroll{overflow:visible}.navbar-expand .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-expand .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand .offcanvas .offcanvas-header{display:none}.navbar-expand .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}.navbar-dark{--bs-navbar-color:rgba(255, 255, 255, 0.7);--bs-navbar-hover-color:#fff;--bs-navbar-disabled-color:rgba(255, 255, 255, 0.25);--bs-navbar-active-color:#fff;--bs-navbar-brand-color:#fff;--bs-navbar-brand-hover-color:#fff;--bs-navbar-toggler-border-color:rgba(255, 255, 255, 0.1);--bs-navbar-toggler-icon-bg:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.7%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e")}.card{--bs-card-spacer-y:1rem;--bs-card-spacer-x:1rem;--bs-card-title-spacer-y:0.5rem;--bs-card-border-width:1px;--bs-card-border-color:var(--bs-border-color-translucent);--bs-card-border-radius:0;--bs-card-box-shadow: ;--bs-card-inner-border-radius:0;--bs-card-cap-padding-y:0.5rem;--bs-card-cap-padding-x:1rem;--bs-card-cap-bg:rgba(0, 0, 0, 0.03);--bs-card-cap-color: ;--bs-card-height: ;--bs-card-color: ;--bs-card-bg:#fff;--bs-card-img-overlay-padding:1rem;--bs-card-group-margin:0.75rem;position:relative;display:flex;flex-direction:column;min-width:0;height:var(--bs-card-height);word-wrap:break-word;background-color:var(--bs-card-bg);background-clip:border-box;border:var(--bs-card-border-width) solid var(--bs-card-border-color);border-radius:var(--bs-card-border-radius)}.card>hr{margin-right:0;margin-left:0}.card>.list-group{border-top:inherit;border-bottom:inherit}.card>.list-group:first-child{border-top-width:0;border-top-left-radius:var(--bs-card-inner-border-radius);border-top-right-radius:var(--bs-card-inner-border-radius)}.card>.list-group:last-child{border-bottom-width:0;border-bottom-right-radius:var(--bs-card-inner-border-radius);border-bottom-left-radius:var(--bs-card-inner-border-radius)}.card>.card-header+.list-group,.card>.list-group+.card-footer{border-top:0}.card-body{flex:1 1 auto;padding:var(--bs-card-spacer-y) var(--bs-card-spacer-x);color:var(--bs-card-color)}.card-title{margin-bottom:var(--bs-card-title-spacer-y)}.card-subtitle{margin-top:calc(-.5 * var(--bs-card-title-spacer-y));margin-bottom:0}.card-text:last-child{margin-bottom:0}.card-link+.card-link{margin-left:var(--bs-card-spacer-x)}.card-header{padding:var(--bs-card-cap-padding-y) var(--bs-card-cap-padding-x);margin-bottom:0;color:var(--bs-card-cap-color);background-color:var(--bs-card-cap-bg);border-bottom:var(--bs-card-border-width) solid var(--bs-card-border-color)}.card-header:first-child{border-radius:var(--bs-card-inner-border-radius) var(--bs-card-inner-border-radius) 0 0}.card-footer{padding:var(--bs-card-cap-padding-y) var(--bs-card-cap-padding-x);color:var(--bs-card-cap-color);background-color:var(--bs-card-cap-bg);border-top:var(--bs-card-border-width) solid var(--bs-card-border-color)}.card-footer:last-child{border-radius:0 0 var(--bs-card-inner-border-radius) var(--bs-card-inner-border-radius)}.card-header-tabs{margin-right:calc(-.5 * var(--bs-card-cap-padding-x));margin-bottom:calc(-1 * var(--bs-card-cap-padding-y));margin-left:calc(-.5 * var(--bs-card-cap-padding-x));border-bottom:0}.card-header-tabs .nav-link.active{background-color:var(--bs-card-bg);border-bottom-color:var(--bs-card-bg)}.card-header-pills{margin-right:calc(-.5 * var(--bs-card-cap-padding-x));margin-left:calc(-.5 * var(--bs-card-cap-padding-x))}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:var(--bs-card-img-overlay-padding);border-radius:var(--bs-card-inner-border-radius)}.card-img,.card-img-bottom,.card-img-top{width:100%}.card-img,.card-img-top{border-top-left-radius:var(--bs-card-inner-border-radius);border-top-right-radius:var(--bs-card-inner-border-radius)}.card-img,.card-img-bottom{border-bottom-right-radius:var(--bs-card-inner-border-radius);border-bottom-left-radius:var(--bs-card-inner-border-radius)}.card-group>.card{margin-bottom:var(--bs-card-group-margin)}@media (min-width:576px){.card-group{display:flex;flex-flow:row wrap}.card-group>.card{flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:not(:last-child) .card-header,.card-group>.card:not(:last-child) .card-img-top{border-top-right-radius:0}.card-group>.card:not(:last-child) .card-footer,.card-group>.card:not(:last-child) .card-img-bottom{border-bottom-right-radius:0}.card-group>.card:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:not(:first-child) .card-header,.card-group>.card:not(:first-child) .card-img-top{border-top-left-radius:0}.card-group>.card:not(:first-child) .card-footer,.card-group>.card:not(:first-child) .card-img-bottom{border-bottom-left-radius:0}}.accordion{--bs-accordion-color:#222;--bs-accordion-bg:#fff;--bs-accordion-transition:color 0.15s ease-in-out,background-color 0.15s ease-in-out,border-color 0.15s ease-in-out,box-shadow 0.15s ease-in-out,border-radius 0.15s ease;--bs-accordion-border-color:var(--bs-border-color);--bs-accordion-border-width:1px;--bs-accordion-border-radius:0;--bs-accordion-inner-border-radius:-1px;--bs-accordion-btn-padding-x:1.25rem;--bs-accordion-btn-padding-y:1rem;--bs-accordion-btn-color:#222;--bs-accordion-btn-bg:var(--bs-accordion-bg);--bs-accordion-btn-icon:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23222'%3e%3cpath fill-rule='evenodd' d='M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e");--bs-accordion-btn-icon-width:1.25rem;--bs-accordion-btn-icon-transform:rotate(-180deg);--bs-accordion-btn-icon-transition:transform 0.2s ease-in-out;--bs-accordion-btn-active-icon:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23007ea7'%3e%3cpath fill-rule='evenodd' d='M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e");--bs-accordion-btn-focus-border-color:#80c6dd;--bs-accordion-btn-focus-box-shadow:0 0 0 0.25rem rgba(0, 140, 186, 0.25);--bs-accordion-body-padding-x:1.25rem;--bs-accordion-body-padding-y:1rem;--bs-accordion-active-color:#007ea7;--bs-accordion-active-bg:#e6f4f8}.accordion-button{position:relative;display:flex;align-items:center;width:100%;padding:var(--bs-accordion-btn-padding-y) var(--bs-accordion-btn-padding-x);font-size:1rem;color:var(--bs-accordion-btn-color);text-align:left;background-color:var(--bs-accordion-btn-bg);border:0;border-radius:0;overflow-anchor:none;transition:var(--bs-accordion-transition)}@media (prefers-reduced-motion:reduce){.accordion-button{transition:none}}.accordion-button:not(.collapsed){color:var(--bs-accordion-active-color);background-color:var(--bs-accordion-active-bg);box-shadow:inset 0 calc(-1 * var(--bs-accordion-border-width)) 0 var(--bs-accordion-border-color)}.accordion-button:not(.collapsed)::after{background-image:var(--bs-accordion-btn-active-icon);transform:var(--bs-accordion-btn-icon-transform)}.accordion-button::after{flex-shrink:0;width:var(--bs-accordion-btn-icon-width);height:var(--bs-accordion-btn-icon-width);margin-left:auto;content:"";background-image:var(--bs-accordion-btn-icon);background-repeat:no-repeat;background-size:var(--bs-accordion-btn-icon-width);transition:var(--bs-accordion-btn-icon-transition)}@media (prefers-reduced-motion:reduce){.accordion-button::after{transition:none}}.accordion-button:hover{z-index:2}.accordion-button:focus{z-index:3;border-color:var(--bs-accordion-btn-focus-border-color);outline:0;box-shadow:var(--bs-accordion-btn-focus-box-shadow)}.accordion-header{margin-bottom:0}.accordion-item{color:var(--bs-accordion-color);background-color:var(--bs-accordion-bg);border:var(--bs-accordion-border-width) solid var(--bs-accordion-border-color)}.accordion-item:first-of-type{border-top-left-radius:var(--bs-accordion-border-radius);border-top-right-radius:var(--bs-accordion-border-radius)}.accordion-item:first-of-type .accordion-button{border-top-left-radius:var(--bs-accordion-inner-border-radius);border-top-right-radius:var(--bs-accordion-inner-border-radius)}.accordion-item:not(:first-of-type){border-top:0}.accordion-item:last-of-type{border-bottom-right-radius:var(--bs-accordion-border-radius);border-bottom-left-radius:var(--bs-accordion-border-radius)}.accordion-item:last-of-type .accordion-button.collapsed{border-bottom-right-radius:var(--bs-accordion-inner-border-radius);border-bottom-left-radius:var(--bs-accordion-inner-border-radius)}.accordion-item:last-of-type .accordion-collapse{border-bottom-right-radius:var(--bs-accordion-border-radius);border-bottom-left-radius:var(--bs-accordion-border-radius)}.accordion-body{padding:var(--bs-accordion-body-padding-y) var(--bs-accordion-body-padding-x)}.accordion-flush .accordion-collapse{border-width:0}.accordion-flush .accordion-item{border-right:0;border-left:0;border-radius:0}.accordion-flush .accordion-item:first-child{border-top:0}.accordion-flush .accordion-item:last-child{border-bottom:0}.accordion-flush .accordion-item .accordion-button,.accordion-flush .accordion-item .accordion-button.collapsed{border-radius:0}.breadcrumb{--bs-breadcrumb-padding-x:0.75rem;--bs-breadcrumb-padding-y:0.375rem;--bs-breadcrumb-margin-bottom:1rem;--bs-breadcrumb-bg: ;--bs-breadcrumb-border-radius:3px;--bs-breadcrumb-divider-color:#888;--bs-breadcrumb-item-padding-x:0.5rem;--bs-breadcrumb-item-active-color:#888;display:flex;flex-wrap:wrap;padding:var(--bs-breadcrumb-padding-y) var(--bs-breadcrumb-padding-x);margin-bottom:var(--bs-breadcrumb-margin-bottom);font-size:var(--bs-breadcrumb-font-size);list-style:none;background-color:var(--bs-breadcrumb-bg);border-radius:var(--bs-breadcrumb-border-radius)}.breadcrumb-item+.breadcrumb-item{padding-left:var(--bs-breadcrumb-item-padding-x)}.breadcrumb-item+.breadcrumb-item::before{float:left;padding-right:var(--bs-breadcrumb-item-padding-x);color:var(--bs-breadcrumb-divider-color);content:var(--bs-breadcrumb-divider, "/")}.breadcrumb-item.active{color:var(--bs-breadcrumb-item-active-color)}.pagination{--bs-pagination-padding-x:0.75rem;--bs-pagination-padding-y:0.375rem;--bs-pagination-font-size:1rem;--bs-pagination-color:#888;--bs-pagination-bg:#fff;--bs-pagination-border-width:1px;--bs-pagination-border-color:rgba(0, 0, 0, 0.1);--bs-pagination-border-radius:0;--bs-pagination-hover-color:var(--bs-link-hover-color);--bs-pagination-hover-bg:#eee;--bs-pagination-hover-border-color:#dee2e6;--bs-pagination-focus-color:var(--bs-link-hover-color);--bs-pagination-focus-bg:#eee;--bs-pagination-focus-box-shadow:0 0 0 0.25rem rgba(0, 140, 186, 0.25);--bs-pagination-active-color:#fff;--bs-pagination-active-bg:#008cba;--bs-pagination-active-border-color:#0079a1;--bs-pagination-disabled-color:#eee;--bs-pagination-disabled-bg:#fff;--bs-pagination-disabled-border-color:#dee2e6;display:flex;padding-left:0;list-style:none}.page-link{position:relative;display:block;padding:var(--bs-pagination-padding-y) var(--bs-pagination-padding-x);font-size:var(--bs-pagination-font-size);color:var(--bs-pagination-color);text-decoration:none;background-color:var(--bs-pagination-bg);border:var(--bs-pagination-border-width) solid var(--bs-pagination-border-color);transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.page-link{transition:none}}.page-link:hover{z-index:2;color:var(--bs-pagination-hover-color);background-color:var(--bs-pagination-hover-bg);border-color:var(--bs-pagination-hover-border-color)}.page-link:focus{z-index:3;color:var(--bs-pagination-focus-color);background-color:var(--bs-pagination-focus-bg);outline:0;box-shadow:var(--bs-pagination-focus-box-shadow)}.active>.page-link,.page-link.active{z-index:3;color:var(--bs-pagination-active-color);background-color:var(--bs-pagination-active-bg);border-color:var(--bs-pagination-active-border-color)}.disabled>.page-link,.page-link.disabled{color:var(--bs-pagination-disabled-color);pointer-events:none;background-color:var(--bs-pagination-disabled-bg);border-color:var(--bs-pagination-disabled-border-color)}.page-item:not(:first-child) .page-link{margin-left:-1px}.page-item:first-child .page-link{border-top-left-radius:var(--bs-pagination-border-radius);border-bottom-left-radius:var(--bs-pagination-border-radius)}.page-item:last-child .page-link{border-top-right-radius:var(--bs-pagination-border-radius);border-bottom-right-radius:var(--bs-pagination-border-radius)}.pagination-lg{--bs-pagination-padding-x:1.5rem;--bs-pagination-padding-y:0.75rem;--bs-pagination-font-size:1.25rem;--bs-pagination-border-radius:0}.pagination-sm{--bs-pagination-padding-x:0.5rem;--bs-pagination-padding-y:0.25rem;--bs-pagination-font-size:0.875rem;--bs-pagination-border-radius:0}.badge{--bs-badge-padding-x:1rem;--bs-badge-padding-y:0.35em;--bs-badge-font-size:0.75em;--bs-badge-font-weight:300;--bs-badge-color:#fff;--bs-badge-border-radius:0;display:inline-block;padding:var(--bs-badge-padding-y) var(--bs-badge-padding-x);font-size:var(--bs-badge-font-size);font-weight:var(--bs-badge-font-weight);line-height:1;color:var(--bs-badge-color);text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:var(--bs-badge-border-radius)}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.alert{--bs-alert-bg:transparent;--bs-alert-padding-x:1rem;--bs-alert-padding-y:1rem;--bs-alert-margin-bottom:1rem;--bs-alert-color:inherit;--bs-alert-border-color:transparent;--bs-alert-border:1px solid var(--bs-alert-border-color);--bs-alert-border-radius:0;position:relative;padding:var(--bs-alert-padding-y) var(--bs-alert-padding-x);margin-bottom:var(--bs-alert-margin-bottom);color:var(--bs-alert-color);background-color:var(--bs-alert-bg);border:var(--bs-alert-border);border-radius:var(--bs-alert-border-radius)}.alert-heading{color:inherit}.alert-link{font-weight:400}.alert-dismissible{padding-right:3rem}.alert-dismissible .btn-close{position:absolute;top:0;right:0;z-index:2;padding:1.25rem 1rem}.alert-primary{--bs-alert-color:#005470;--bs-alert-bg:#008cba;--bs-alert-border-color:#b3ddea}.alert-primary .alert-link{color:#00435a}.alert-secondary{--bs-alert-color:#8f8f8f;--bs-alert-bg:#eeeeee;--bs-alert-border-color:#fafafa}.alert-secondary .alert-link{color:#727272}.alert-success{--bs-alert-color:#286740;--bs-alert-bg:#43ac6a;--bs-alert-border-color:#c7e6d2}.alert-success .alert-link{color:#205233}.alert-info{--bs-alert-color:#377385;--bs-alert-bg:#5bc0de;--bs-alert-border-color:#ceecf5}.alert-info .alert-link{color:#2c5c6a}.alert-warning{--bs-alert-color:#8c5601;--bs-alert-bg:#e99002;--bs-alert-border-color:#f8deb3}.alert-warning .alert-link{color:#704501}.alert-danger{--bs-alert-color:#902716;--bs-alert-bg:#f04124;--bs-alert-border-color:#fbc6bd}.alert-danger .alert-link{color:#731f12}.alert-light{--bs-alert-color:#8f8f8f;--bs-alert-bg:#eeeeee;--bs-alert-border-color:#fafafa}.alert-light .alert-link{color:#727272}.alert-dark{--bs-alert-color:#a7a7a7;--bs-alert-bg:#222222;--bs-alert-border-color:#bdbdbd}.alert-dark .alert-link{color:#868686}@keyframes progress-bar-stripes{0%{background-position-x:1rem}}.progress{--bs-progress-height:1rem;--bs-progress-font-size:0.75rem;--bs-progress-bg:#ccc;--bs-progress-border-radius:0;--bs-progress-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.075);--bs-progress-bar-color:#fff;--bs-progress-bar-bg:#008cba;--bs-progress-bar-transition:width 0.6s ease;display:flex;height:var(--bs-progress-height);overflow:hidden;font-size:var(--bs-progress-font-size);background-color:var(--bs-progress-bg);border-radius:var(--bs-progress-border-radius)}.progress-bar{display:flex;flex-direction:column;justify-content:center;overflow:hidden;color:var(--bs-progress-bar-color);text-align:center;white-space:nowrap;background-color:var(--bs-progress-bar-bg);transition:var(--bs-progress-bar-transition)}@media (prefers-reduced-motion:reduce){.progress-bar{transition:none}}.progress-bar-striped{background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-size:var(--bs-progress-height) var(--bs-progress-height)}.progress-bar-animated{animation:1s linear infinite progress-bar-stripes}@media (prefers-reduced-motion:reduce){.progress-bar-animated{animation:none}}.list-group{--bs-list-group-color:#222;--bs-list-group-bg:#fff;--bs-list-group-border-color:rgba(0, 0, 0, 0.125);--bs-list-group-border-width:1px;--bs-list-group-border-radius:0;--bs-list-group-item-padding-x:1rem;--bs-list-group-item-padding-y:0.5rem;--bs-list-group-action-color:#495057;--bs-list-group-action-hover-color:#495057;--bs-list-group-action-hover-bg:#f8f9fa;--bs-list-group-action-active-color:#222;--bs-list-group-action-active-bg:#eee;--bs-list-group-disabled-color:#888;--bs-list-group-disabled-bg:#eee;--bs-list-group-active-color:#fff;--bs-list-group-active-bg:#008cba;--bs-list-group-active-border-color:#008cba;display:flex;flex-direction:column;padding-left:0;margin-bottom:0;border-radius:var(--bs-list-group-border-radius)}.list-group-numbered{list-style-type:none;counter-reset:section}.list-group-numbered>.list-group-item::before{content:counters(section, ".") ". ";counter-increment:section}.list-group-item-action{width:100%;color:var(--bs-list-group-action-color);text-align:inherit}.list-group-item-action:focus,.list-group-item-action:hover{z-index:1;color:var(--bs-list-group-action-hover-color);text-decoration:none;background-color:var(--bs-list-group-action-hover-bg)}.list-group-item-action:active{color:var(--bs-list-group-action-active-color);background-color:var(--bs-list-group-action-active-bg)}.list-group-item{position:relative;display:block;padding:var(--bs-list-group-item-padding-y) var(--bs-list-group-item-padding-x);color:var(--bs-list-group-color);text-decoration:none;background-color:var(--bs-list-group-bg);border:var(--bs-list-group-border-width) solid var(--bs-list-group-border-color)}.list-group-item:first-child{border-top-left-radius:inherit;border-top-right-radius:inherit}.list-group-item:last-child{border-bottom-right-radius:inherit;border-bottom-left-radius:inherit}.list-group-item.disabled,.list-group-item:disabled{color:var(--bs-list-group-disabled-color);pointer-events:none;background-color:var(--bs-list-group-disabled-bg)}.list-group-item.active{z-index:2;color:var(--bs-list-group-active-color);background-color:var(--bs-list-group-active-bg);border-color:var(--bs-list-group-active-border-color)}.list-group-item+.list-group-item{border-top-width:0}.list-group-item+.list-group-item.active{margin-top:calc(-1 * var(--bs-list-group-border-width));border-top-width:var(--bs-list-group-border-width)}.list-group-horizontal{flex-direction:row}.list-group-horizontal>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal>.list-group-item.active{margin-top:0}.list-group-horizontal>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}@media (min-width:576px){.list-group-horizontal-sm{flex-direction:row}.list-group-horizontal-sm>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-sm>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-sm>.list-group-item.active{margin-top:0}.list-group-horizontal-sm>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-sm>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:768px){.list-group-horizontal-md{flex-direction:row}.list-group-horizontal-md>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-md>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-md>.list-group-item.active{margin-top:0}.list-group-horizontal-md>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-md>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:992px){.list-group-horizontal-lg{flex-direction:row}.list-group-horizontal-lg>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-lg>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-lg>.list-group-item.active{margin-top:0}.list-group-horizontal-lg>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-lg>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:1200px){.list-group-horizontal-xl{flex-direction:row}.list-group-horizontal-xl>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-xl>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-xl>.list-group-item.active{margin-top:0}.list-group-horizontal-xl>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-xl>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:1400px){.list-group-horizontal-xxl{flex-direction:row}.list-group-horizontal-xxl>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-xxl>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-xxl>.list-group-item.active{margin-top:0}.list-group-horizontal-xxl>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-xxl>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}.list-group-flush{border-radius:0}.list-group-flush>.list-group-item{border-width:0 0 var(--bs-list-group-border-width)}.list-group-flush>.list-group-item:last-child{border-bottom-width:0}.list-group-item-primary{color:#005470;background-color:#cce8f1}.list-group-item-primary.list-group-item-action:focus,.list-group-item-primary.list-group-item-action:hover{color:#005470;background-color:#b8d1d9}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#005470;border-color:#005470}.list-group-item-secondary{color:#8f8f8f;background-color:#fcfcfc}.list-group-item-secondary.list-group-item-action:focus,.list-group-item-secondary.list-group-item-action:hover{color:#8f8f8f;background-color:#e3e3e3}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#8f8f8f;border-color:#8f8f8f}.list-group-item-success{color:#286740;background-color:#d9eee1}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#286740;background-color:#c3d6cb}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#286740;border-color:#286740}.list-group-item-info{color:#377385;background-color:#def2f8}.list-group-item-info.list-group-item-action:focus,.list-group-item-info.list-group-item-action:hover{color:#377385;background-color:#c8dadf}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#377385;border-color:#377385}.list-group-item-warning{color:#8c5601;background-color:#fbe9cc}.list-group-item-warning.list-group-item-action:focus,.list-group-item-warning.list-group-item-action:hover{color:#8c5601;background-color:#e2d2b8}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#8c5601;border-color:#8c5601}.list-group-item-danger{color:#902716;background-color:#fcd9d3}.list-group-item-danger.list-group-item-action:focus,.list-group-item-danger.list-group-item-action:hover{color:#902716;background-color:#e3c3be}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#902716;border-color:#902716}.list-group-item-light{color:#8f8f8f;background-color:#fcfcfc}.list-group-item-light.list-group-item-action:focus,.list-group-item-light.list-group-item-action:hover{color:#8f8f8f;background-color:#e3e3e3}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#8f8f8f;border-color:#8f8f8f}.list-group-item-dark{color:#141414;background-color:#d3d3d3}.list-group-item-dark.list-group-item-action:focus,.list-group-item-dark.list-group-item-action:hover{color:#141414;background-color:#bebebe}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#141414;border-color:#141414}.btn-close{box-sizing:content-box;width:1em;height:1em;padding:.25em .25em;color:#888;background:transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23888'%3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat;border:0;border-radius:0;opacity:.6}.btn-close:hover{color:#888;text-decoration:none;opacity:1}.btn-close:focus{outline:0;box-shadow:0 0 0 .25rem rgba(0,140,186,.25);opacity:1}.btn-close.disabled,.btn-close:disabled{pointer-events:none;-webkit-user-select:none;-moz-user-select:none;user-select:none;opacity:.25}.btn-close-white{filter:invert(1) grayscale(100%) brightness(200%)}.toast{--bs-toast-zindex:1090;--bs-toast-padding-x:0.75rem;--bs-toast-padding-y:0.5rem;--bs-toast-spacing:1.5rem;--bs-toast-max-width:350px;--bs-toast-font-size:0.875rem;--bs-toast-color: ;--bs-toast-bg:rgba(255, 255, 255, 0.85);--bs-toast-border-width:1px;--bs-toast-border-color:var(--bs-border-color-translucent);--bs-toast-border-radius:0;--bs-toast-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-toast-header-color:#888;--bs-toast-header-bg:rgba(255, 255, 255, 0.85);--bs-toast-header-border-color:rgba(0, 0, 0, 0.05);width:var(--bs-toast-max-width);max-width:100%;font-size:var(--bs-toast-font-size);color:var(--bs-toast-color);pointer-events:auto;background-color:var(--bs-toast-bg);background-clip:padding-box;border:var(--bs-toast-border-width) solid var(--bs-toast-border-color);box-shadow:var(--bs-toast-box-shadow);border-radius:var(--bs-toast-border-radius)}.toast.showing{opacity:0}.toast:not(.show){display:none}.toast-container{--bs-toast-zindex:1090;position:absolute;z-index:var(--bs-toast-zindex);width:-webkit-max-content;width:-moz-max-content;width:max-content;max-width:100%;pointer-events:none}.toast-container>:not(:last-child){margin-bottom:var(--bs-toast-spacing)}.toast-header{display:flex;align-items:center;padding:var(--bs-toast-padding-y) var(--bs-toast-padding-x);color:var(--bs-toast-header-color);background-color:var(--bs-toast-header-bg);background-clip:padding-box;border-bottom:var(--bs-toast-border-width) solid var(--bs-toast-header-border-color);border-top-left-radius:calc(var(--bs-toast-border-radius) - var(--bs-toast-border-width));border-top-right-radius:calc(var(--bs-toast-border-radius) - var(--bs-toast-border-width))}.toast-header .btn-close{margin-right:calc(-.5 * var(--bs-toast-padding-x));margin-left:var(--bs-toast-padding-x)}.toast-body{padding:var(--bs-toast-padding-x);word-wrap:break-word}.modal{--bs-modal-zindex:1055;--bs-modal-width:500px;--bs-modal-padding:1rem;--bs-modal-margin:0.5rem;--bs-modal-color: ;--bs-modal-bg:#fff;--bs-modal-border-color:var(--bs-border-color-translucent);--bs-modal-border-width:1px;--bs-modal-border-radius:0;--bs-modal-box-shadow:0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);--bs-modal-inner-border-radius:-1px;--bs-modal-header-padding-x:1rem;--bs-modal-header-padding-y:1rem;--bs-modal-header-padding:1rem 1rem;--bs-modal-header-border-color:var(--bs-border-color);--bs-modal-header-border-width:1px;--bs-modal-title-line-height:1.5;--bs-modal-footer-gap:0.5rem;--bs-modal-footer-bg: ;--bs-modal-footer-border-color:var(--bs-border-color);--bs-modal-footer-border-width:1px;position:fixed;top:0;left:0;z-index:var(--bs-modal-zindex);display:none;width:100%;height:100%;overflow-x:hidden;overflow-y:auto;outline:0}.modal-dialog{position:relative;width:auto;margin:var(--bs-modal-margin);pointer-events:none}.modal.fade .modal-dialog{transition:transform .3s ease-out;transform:translate(0,-50px)}@media (prefers-reduced-motion:reduce){.modal.fade .modal-dialog{transition:none}}.modal.show .modal-dialog{transform:none}.modal.modal-static .modal-dialog{transform:scale(1.02)}.modal-dialog-scrollable{height:calc(100% - var(--bs-modal-margin) * 2)}.modal-dialog-scrollable .modal-content{max-height:100%;overflow:hidden}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:flex;align-items:center;min-height:calc(100% - var(--bs-modal-margin) * 2)}.modal-content{position:relative;display:flex;flex-direction:column;width:100%;color:var(--bs-modal-color);pointer-events:auto;background-color:var(--bs-modal-bg);background-clip:padding-box;border:var(--bs-modal-border-width) solid var(--bs-modal-border-color);border-radius:var(--bs-modal-border-radius);outline:0}.modal-backdrop{--bs-backdrop-zindex:1050;--bs-backdrop-bg:#000;--bs-backdrop-opacity:0.5;position:fixed;top:0;left:0;z-index:var(--bs-backdrop-zindex);width:100vw;height:100vh;background-color:var(--bs-backdrop-bg)}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:var(--bs-backdrop-opacity)}.modal-header{display:flex;flex-shrink:0;align-items:center;justify-content:space-between;padding:var(--bs-modal-header-padding);border-bottom:var(--bs-modal-header-border-width) solid var(--bs-modal-header-border-color);border-top-left-radius:var(--bs-modal-inner-border-radius);border-top-right-radius:var(--bs-modal-inner-border-radius)}.modal-header .btn-close{padding:calc(var(--bs-modal-header-padding-y) * .5) calc(var(--bs-modal-header-padding-x) * .5);margin:calc(-.5 * var(--bs-modal-header-padding-y)) calc(-.5 * var(--bs-modal-header-padding-x)) calc(-.5 * var(--bs-modal-header-padding-y)) auto}.modal-title{margin-bottom:0;line-height:var(--bs-modal-title-line-height)}.modal-body{position:relative;flex:1 1 auto;padding:var(--bs-modal-padding)}.modal-footer{display:flex;flex-shrink:0;flex-wrap:wrap;align-items:center;justify-content:flex-end;padding:calc(var(--bs-modal-padding) - var(--bs-modal-footer-gap) * .5);background-color:var(--bs-modal-footer-bg);border-top:var(--bs-modal-footer-border-width) solid var(--bs-modal-footer-border-color);border-bottom-right-radius:var(--bs-modal-inner-border-radius);border-bottom-left-radius:var(--bs-modal-inner-border-radius)}.modal-footer>*{margin:calc(var(--bs-modal-footer-gap) * .5)}@media (min-width:576px){.modal{--bs-modal-margin:1.75rem;--bs-modal-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15)}.modal-dialog{max-width:var(--bs-modal-width);margin-right:auto;margin-left:auto}.modal-sm{--bs-modal-width:300px}}@media (min-width:992px){.modal-lg,.modal-xl{--bs-modal-width:800px}}@media (min-width:1200px){.modal-xl{--bs-modal-width:1140px}}.modal-fullscreen{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen .modal-footer,.modal-fullscreen .modal-header{border-radius:0}.modal-fullscreen .modal-body{overflow-y:auto}@media (max-width:575.98px){.modal-fullscreen-sm-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-sm-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-sm-down .modal-footer,.modal-fullscreen-sm-down .modal-header{border-radius:0}.modal-fullscreen-sm-down .modal-body{overflow-y:auto}}@media (max-width:767.98px){.modal-fullscreen-md-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-md-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-md-down .modal-footer,.modal-fullscreen-md-down .modal-header{border-radius:0}.modal-fullscreen-md-down .modal-body{overflow-y:auto}}@media (max-width:991.98px){.modal-fullscreen-lg-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-lg-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-lg-down .modal-footer,.modal-fullscreen-lg-down .modal-header{border-radius:0}.modal-fullscreen-lg-down .modal-body{overflow-y:auto}}@media (max-width:1199.98px){.modal-fullscreen-xl-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-xl-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-xl-down .modal-footer,.modal-fullscreen-xl-down .modal-header{border-radius:0}.modal-fullscreen-xl-down .modal-body{overflow-y:auto}}@media (max-width:1399.98px){.modal-fullscreen-xxl-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-xxl-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-xxl-down .modal-footer,.modal-fullscreen-xxl-down .modal-header{border-radius:0}.modal-fullscreen-xxl-down .modal-body{overflow-y:auto}}.tooltip{--bs-tooltip-zindex:1080;--bs-tooltip-max-width:200px;--bs-tooltip-padding-x:0.5rem;--bs-tooltip-padding-y:0.25rem;--bs-tooltip-margin: ;--bs-tooltip-font-size:0.875rem;--bs-tooltip-color:#fff;--bs-tooltip-bg:#000;--bs-tooltip-border-radius:0;--bs-tooltip-opacity:0.9;--bs-tooltip-arrow-width:0.8rem;--bs-tooltip-arrow-height:0.4rem;z-index:var(--bs-tooltip-zindex);display:block;padding:var(--bs-tooltip-arrow-height);margin:var(--bs-tooltip-margin);font-family:var(--bs-font-sans-serif);font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;white-space:normal;word-spacing:normal;line-break:auto;font-size:var(--bs-tooltip-font-size);word-wrap:break-word;opacity:0}.tooltip.show{opacity:var(--bs-tooltip-opacity)}.tooltip .tooltip-arrow{display:block;width:var(--bs-tooltip-arrow-width);height:var(--bs-tooltip-arrow-height)}.tooltip .tooltip-arrow::before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-auto[data-popper-placement^=top] .tooltip-arrow,.bs-tooltip-top .tooltip-arrow{bottom:0}.bs-tooltip-auto[data-popper-placement^=top] .tooltip-arrow::before,.bs-tooltip-top .tooltip-arrow::before{top:-1px;border-width:var(--bs-tooltip-arrow-height) calc(var(--bs-tooltip-arrow-width) * .5) 0;border-top-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=right] .tooltip-arrow,.bs-tooltip-end .tooltip-arrow{left:0;width:var(--bs-tooltip-arrow-height);height:var(--bs-tooltip-arrow-width)}.bs-tooltip-auto[data-popper-placement^=right] .tooltip-arrow::before,.bs-tooltip-end .tooltip-arrow::before{right:-1px;border-width:calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height) calc(var(--bs-tooltip-arrow-width) * .5) 0;border-right-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=bottom] .tooltip-arrow,.bs-tooltip-bottom .tooltip-arrow{top:0}.bs-tooltip-auto[data-popper-placement^=bottom] .tooltip-arrow::before,.bs-tooltip-bottom .tooltip-arrow::before{bottom:-1px;border-width:0 calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height);border-bottom-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=left] .tooltip-arrow,.bs-tooltip-start .tooltip-arrow{right:0;width:var(--bs-tooltip-arrow-height);height:var(--bs-tooltip-arrow-width)}.bs-tooltip-auto[data-popper-placement^=left] .tooltip-arrow::before,.bs-tooltip-start .tooltip-arrow::before{left:-1px;border-width:calc(var(--bs-tooltip-arrow-width) * .5) 0 calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height);border-left-color:var(--bs-tooltip-bg)}.tooltip-inner{max-width:var(--bs-tooltip-max-width);padding:var(--bs-tooltip-padding-y) var(--bs-tooltip-padding-x);color:var(--bs-tooltip-color);text-align:center;background-color:var(--bs-tooltip-bg);border-radius:var(--bs-tooltip-border-radius)}.popover{--bs-popover-zindex:1070;--bs-popover-max-width:276px;--bs-popover-font-size:0.875rem;--bs-popover-bg:#fff;--bs-popover-border-width:1px;--bs-popover-border-color:var(--bs-border-color-translucent);--bs-popover-border-radius:0;--bs-popover-inner-border-radius:-1px;--bs-popover-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-popover-header-padding-x:1rem;--bs-popover-header-padding-y:0.5rem;--bs-popover-header-font-size:1rem;--bs-popover-header-color: ;--bs-popover-header-bg:#f0f0f0;--bs-popover-body-padding-x:1rem;--bs-popover-body-padding-y:1rem;--bs-popover-body-color:#222;--bs-popover-arrow-width:1rem;--bs-popover-arrow-height:0.5rem;--bs-popover-arrow-border:var(--bs-popover-border-color);z-index:var(--bs-popover-zindex);display:block;max-width:var(--bs-popover-max-width);font-family:var(--bs-font-sans-serif);font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;white-space:normal;word-spacing:normal;line-break:auto;font-size:var(--bs-popover-font-size);word-wrap:break-word;background-color:var(--bs-popover-bg);background-clip:padding-box;border:var(--bs-popover-border-width) solid var(--bs-popover-border-color);border-radius:var(--bs-popover-border-radius)}.popover .popover-arrow{display:block;width:var(--bs-popover-arrow-width);height:var(--bs-popover-arrow-height)}.popover .popover-arrow::after,.popover .popover-arrow::before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid;border-width:0}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow,.bs-popover-top>.popover-arrow{bottom:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width))}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::before,.bs-popover-top>.popover-arrow::after,.bs-popover-top>.popover-arrow::before{border-width:var(--bs-popover-arrow-height) calc(var(--bs-popover-arrow-width) * .5) 0}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::before,.bs-popover-top>.popover-arrow::before{bottom:0;border-top-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::after,.bs-popover-top>.popover-arrow::after{bottom:var(--bs-popover-border-width);border-top-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow,.bs-popover-end>.popover-arrow{left:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width));width:var(--bs-popover-arrow-height);height:var(--bs-popover-arrow-width)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::before,.bs-popover-end>.popover-arrow::after,.bs-popover-end>.popover-arrow::before{border-width:calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height) calc(var(--bs-popover-arrow-width) * .5) 0}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::before,.bs-popover-end>.popover-arrow::before{left:0;border-right-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::after,.bs-popover-end>.popover-arrow::after{left:var(--bs-popover-border-width);border-right-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow,.bs-popover-bottom>.popover-arrow{top:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width))}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::before,.bs-popover-bottom>.popover-arrow::after,.bs-popover-bottom>.popover-arrow::before{border-width:0 calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::before,.bs-popover-bottom>.popover-arrow::before{top:0;border-bottom-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::after,.bs-popover-bottom>.popover-arrow::after{top:var(--bs-popover-border-width);border-bottom-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=bottom] .popover-header::before,.bs-popover-bottom .popover-header::before{position:absolute;top:0;left:50%;display:block;width:var(--bs-popover-arrow-width);margin-left:calc(-.5 * var(--bs-popover-arrow-width));content:"";border-bottom:var(--bs-popover-border-width) solid var(--bs-popover-header-bg)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow,.bs-popover-start>.popover-arrow{right:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width));width:var(--bs-popover-arrow-height);height:var(--bs-popover-arrow-width)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::before,.bs-popover-start>.popover-arrow::after,.bs-popover-start>.popover-arrow::before{border-width:calc(var(--bs-popover-arrow-width) * .5) 0 calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::before,.bs-popover-start>.popover-arrow::before{right:0;border-left-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::after,.bs-popover-start>.popover-arrow::after{right:var(--bs-popover-border-width);border-left-color:var(--bs-popover-bg)}.popover-header{padding:var(--bs-popover-header-padding-y) var(--bs-popover-header-padding-x);margin-bottom:0;font-size:var(--bs-popover-header-font-size);color:var(--bs-popover-header-color);background-color:var(--bs-popover-header-bg);border-bottom:var(--bs-popover-border-width) solid var(--bs-popover-border-color);border-top-left-radius:var(--bs-popover-inner-border-radius);border-top-right-radius:var(--bs-popover-inner-border-radius)}.popover-header:empty{display:none}.popover-body{padding:var(--bs-popover-body-padding-y) var(--bs-popover-body-padding-x);color:var(--bs-popover-body-color)}.carousel{position:relative}.carousel.pointer-event{touch-action:pan-y}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner::after{display:block;clear:both;content:""}.carousel-item{position:relative;display:none;float:left;width:100%;margin-right:-100%;-webkit-backface-visibility:hidden;backface-visibility:hidden;transition:transform .6s ease-in-out}@media (prefers-reduced-motion:reduce){.carousel-item{transition:none}}.carousel-item-next,.carousel-item-prev,.carousel-item.active{display:block}.active.carousel-item-end,.carousel-item-next:not(.carousel-item-start){transform:translateX(100%)}.active.carousel-item-start,.carousel-item-prev:not(.carousel-item-end){transform:translateX(-100%)}.carousel-fade .carousel-item{opacity:0;transition-property:opacity;transform:none}.carousel-fade .carousel-item-next.carousel-item-start,.carousel-fade .carousel-item-prev.carousel-item-end,.carousel-fade .carousel-item.active{z-index:1;opacity:1}.carousel-fade .active.carousel-item-end,.carousel-fade .active.carousel-item-start{z-index:0;opacity:0;transition:opacity 0s .6s}@media (prefers-reduced-motion:reduce){.carousel-fade .active.carousel-item-end,.carousel-fade .active.carousel-item-start{transition:none}}.carousel-control-next,.carousel-control-prev{position:absolute;top:0;bottom:0;z-index:1;display:flex;align-items:center;justify-content:center;width:15%;padding:0;color:#fff;text-align:center;background:0 0;border:0;opacity:.5;transition:opacity .15s ease}@media (prefers-reduced-motion:reduce){.carousel-control-next,.carousel-control-prev{transition:none}}.carousel-control-next:focus,.carousel-control-next:hover,.carousel-control-prev:focus,.carousel-control-prev:hover{color:#fff;text-decoration:none;outline:0;opacity:.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-next-icon,.carousel-control-prev-icon{display:inline-block;width:2rem;height:2rem;background-repeat:no-repeat;background-position:50%;background-size:100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23fff'%3e%3cpath d='M11.354 1.646a.5.5 0 0 1 0 .708L5.707 8l5.647 5.646a.5.5 0 0 1-.708.708l-6-6a.5.5 0 0 1 0-.708l6-6a.5.5 0 0 1 .708 0z'/%3e%3c/svg%3e")}.carousel-control-next-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23fff'%3e%3cpath d='M4.646 1.646a.5.5 0 0 1 .708 0l6 6a.5.5 0 0 1 0 .708l-6 6a.5.5 0 0 1-.708-.708L10.293 8 4.646 2.354a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e")}.carousel-indicators{position:absolute;right:0;bottom:0;left:0;z-index:2;display:flex;justify-content:center;padding:0;margin-right:15%;margin-bottom:1rem;margin-left:15%;list-style:none}.carousel-indicators [data-bs-target]{box-sizing:content-box;flex:0 1 auto;width:30px;height:3px;padding:0;margin-right:3px;margin-left:3px;text-indent:-999px;cursor:pointer;background-color:#fff;background-clip:padding-box;border:0;border-top:10px solid transparent;border-bottom:10px solid transparent;opacity:.5;transition:opacity .6s ease}@media (prefers-reduced-motion:reduce){.carousel-indicators [data-bs-target]{transition:none}}.carousel-indicators .active{opacity:1}.carousel-caption{position:absolute;right:15%;bottom:1.25rem;left:15%;padding-top:1.25rem;padding-bottom:1.25rem;color:#fff;text-align:center}.carousel-dark .carousel-control-next-icon,.carousel-dark .carousel-control-prev-icon{filter:invert(1) grayscale(100)}.carousel-dark .carousel-indicators [data-bs-target]{background-color:#000}.carousel-dark .carousel-caption{color:#000}.spinner-border,.spinner-grow{display:inline-block;width:var(--bs-spinner-width);height:var(--bs-spinner-height);vertical-align:var(--bs-spinner-vertical-align);border-radius:50%;animation:var(--bs-spinner-animation-speed) linear infinite var(--bs-spinner-animation-name)}@keyframes spinner-border{to{transform:rotate(360deg)}}.spinner-border{--bs-spinner-width:2rem;--bs-spinner-height:2rem;--bs-spinner-vertical-align:-0.125em;--bs-spinner-border-width:0.25em;--bs-spinner-animation-speed:0.75s;--bs-spinner-animation-name:spinner-border;border:var(--bs-spinner-border-width) solid currentcolor;border-right-color:transparent}.spinner-border-sm{--bs-spinner-width:1rem;--bs-spinner-height:1rem;--bs-spinner-border-width:0.2em}@keyframes spinner-grow{0%{transform:scale(0)}50%{opacity:1;transform:none}}.spinner-grow{--bs-spinner-width:2rem;--bs-spinner-height:2rem;--bs-spinner-vertical-align:-0.125em;--bs-spinner-animation-speed:0.75s;--bs-spinner-animation-name:spinner-grow;background-color:currentcolor;opacity:0}.spinner-grow-sm{--bs-spinner-width:1rem;--bs-spinner-height:1rem}@media (prefers-reduced-motion:reduce){.spinner-border,.spinner-grow{--bs-spinner-animation-speed:1.5s}}.offcanvas,.offcanvas-lg,.offcanvas-md,.offcanvas-sm,.offcanvas-xl,.offcanvas-xxl{--bs-offcanvas-zindex:1045;--bs-offcanvas-width:400px;--bs-offcanvas-height:30vh;--bs-offcanvas-padding-x:1rem;--bs-offcanvas-padding-y:1rem;--bs-offcanvas-color: ;--bs-offcanvas-bg:#fff;--bs-offcanvas-border-width:1px;--bs-offcanvas-border-color:var(--bs-border-color-translucent);--bs-offcanvas-box-shadow:0 0.125rem 0.25rem rgba(0, 0, 0, 0.075)}@media (max-width:575.98px){.offcanvas-sm{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:575.98px) and (prefers-reduced-motion:reduce){.offcanvas-sm{transition:none}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:575.98px){.offcanvas-sm.show:not(.hiding),.offcanvas-sm.showing{transform:none}}@media (max-width:575.98px){.offcanvas-sm.hiding,.offcanvas-sm.show,.offcanvas-sm.showing{visibility:visible}}@media (min-width:576px){.offcanvas-sm{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-sm .offcanvas-header{display:none}.offcanvas-sm .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:767.98px){.offcanvas-md{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:767.98px) and (prefers-reduced-motion:reduce){.offcanvas-md{transition:none}}@media (max-width:767.98px){.offcanvas-md.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:767.98px){.offcanvas-md.show:not(.hiding),.offcanvas-md.showing{transform:none}}@media (max-width:767.98px){.offcanvas-md.hiding,.offcanvas-md.show,.offcanvas-md.showing{visibility:visible}}@media (min-width:768px){.offcanvas-md{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-md .offcanvas-header{display:none}.offcanvas-md .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:991.98px){.offcanvas-lg{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:991.98px) and (prefers-reduced-motion:reduce){.offcanvas-lg{transition:none}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:991.98px){.offcanvas-lg.show:not(.hiding),.offcanvas-lg.showing{transform:none}}@media (max-width:991.98px){.offcanvas-lg.hiding,.offcanvas-lg.show,.offcanvas-lg.showing{visibility:visible}}@media (min-width:992px){.offcanvas-lg{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-lg .offcanvas-header{display:none}.offcanvas-lg .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:1199.98px){.offcanvas-xl{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:1199.98px) and (prefers-reduced-motion:reduce){.offcanvas-xl{transition:none}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:1199.98px){.offcanvas-xl.show:not(.hiding),.offcanvas-xl.showing{transform:none}}@media (max-width:1199.98px){.offcanvas-xl.hiding,.offcanvas-xl.show,.offcanvas-xl.showing{visibility:visible}}@media (min-width:1200px){.offcanvas-xl{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-xl .offcanvas-header{display:none}.offcanvas-xl .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:1399.98px){.offcanvas-xxl{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:1399.98px) and (prefers-reduced-motion:reduce){.offcanvas-xxl{transition:none}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:1399.98px){.offcanvas-xxl.show:not(.hiding),.offcanvas-xxl.showing{transform:none}}@media (max-width:1399.98px){.offcanvas-xxl.hiding,.offcanvas-xxl.show,.offcanvas-xxl.showing{visibility:visible}}@media (min-width:1400px){.offcanvas-xxl{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-xxl .offcanvas-header{display:none}.offcanvas-xxl .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}.offcanvas{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}@media (prefers-reduced-motion:reduce){.offcanvas{transition:none}}.offcanvas.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}.offcanvas.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}.offcanvas.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}.offcanvas.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}.offcanvas.show:not(.hiding),.offcanvas.showing{transform:none}.offcanvas.hiding,.offcanvas.show,.offcanvas.showing{visibility:visible}.offcanvas-backdrop{position:fixed;top:0;left:0;z-index:1040;width:100vw;height:100vh;background-color:#000}.offcanvas-backdrop.fade{opacity:0}.offcanvas-backdrop.show{opacity:.5}.offcanvas-header{display:flex;align-items:center;justify-content:space-between;padding:var(--bs-offcanvas-padding-y) var(--bs-offcanvas-padding-x)}.offcanvas-header .btn-close{padding:calc(var(--bs-offcanvas-padding-y) * .5) calc(var(--bs-offcanvas-padding-x) * .5);margin-top:calc(-.5 * var(--bs-offcanvas-padding-y));margin-right:calc(-.5 * var(--bs-offcanvas-padding-x));margin-bottom:calc(-.5 * var(--bs-offcanvas-padding-y))}.offcanvas-title{margin-bottom:0;line-height:1.5}.offcanvas-body{flex-grow:1;padding:var(--bs-offcanvas-padding-y) var(--bs-offcanvas-padding-x);overflow-y:auto}.placeholder{display:inline-block;min-height:1em;vertical-align:middle;cursor:wait;background-color:currentcolor;opacity:.5}.placeholder.btn::before{display:inline-block;content:""}.placeholder-xs{min-height:.6em}.placeholder-sm{min-height:.8em}.placeholder-lg{min-height:1.2em}.placeholder-glow .placeholder{animation:placeholder-glow 2s ease-in-out infinite}@keyframes placeholder-glow{50%{opacity:.2}}.placeholder-wave{-webkit-mask-image:linear-gradient(130deg,#000 55%,rgba(0,0,0,0.8) 75%,#000 95%);mask-image:linear-gradient(130deg,#000 55%,rgba(0,0,0,0.8) 75%,#000 95%);-webkit-mask-size:200% 100%;mask-size:200% 100%;animation:placeholder-wave 2s linear infinite}@keyframes placeholder-wave{100%{-webkit-mask-position:-200% 0%;mask-position:-200% 0%}}.clearfix::after{display:block;clear:both;content:""}.text-bg-primary{color:#fff!important;background-color:RGBA(0,140,186,var(--bs-bg-opacity,1))!important}.text-bg-secondary{color:#000!important;background-color:RGBA(238,238,238,var(--bs-bg-opacity,1))!important}.text-bg-success{color:#fff!important;background-color:RGBA(67,172,106,var(--bs-bg-opacity,1))!important}.text-bg-info{color:#fff!important;background-color:RGBA(91,192,222,var(--bs-bg-opacity,1))!important}.text-bg-warning{color:#fff!important;background-color:RGBA(233,144,2,var(--bs-bg-opacity,1))!important}.text-bg-danger{color:#fff!important;background-color:RGBA(240,65,36,var(--bs-bg-opacity,1))!important}.text-bg-light{color:#000!important;background-color:RGBA(238,238,238,var(--bs-bg-opacity,1))!important}.text-bg-dark{color:#fff!important;background-color:RGBA(34,34,34,var(--bs-bg-opacity,1))!important}.link-primary{color:#008cba!important}.link-primary:focus,.link-primary:hover{color:#007095!important}.link-secondary{color:#eee!important}.link-secondary:focus,.link-secondary:hover{color:#f1f1f1!important}.link-success{color:#43ac6a!important}.link-success:focus,.link-success:hover{color:#368a55!important}.link-info{color:#5bc0de!important}.link-info:focus,.link-info:hover{color:#499ab2!important}.link-warning{color:#e99002!important}.link-warning:focus,.link-warning:hover{color:#ba7302!important}.link-danger{color:#f04124!important}.link-danger:focus,.link-danger:hover{color:#c0341d!important}.link-light{color:#eee!important}.link-light:focus,.link-light:hover{color:#f1f1f1!important}.link-dark{color:#222!important}.link-dark:focus,.link-dark:hover{color:#1b1b1b!important}.ratio{position:relative;width:100%}.ratio::before{display:block;padding-top:var(--bs-aspect-ratio);content:""}.ratio>*{position:absolute;top:0;left:0;width:100%;height:100%}.ratio-1x1{--bs-aspect-ratio:100%}.ratio-4x3{--bs-aspect-ratio:75%}.ratio-16x9{--bs-aspect-ratio:56.25%}.ratio-21x9{--bs-aspect-ratio:42.8571428571%}.fixed-top{position:fixed;top:0;right:0;left:0;z-index:1030}.fixed-bottom{position:fixed;right:0;bottom:0;left:0;z-index:1030}.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}@media (min-width:576px){.sticky-sm-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-sm-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:768px){.sticky-md-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-md-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:992px){.sticky-lg-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-lg-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:1200px){.sticky-xl-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-xl-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:1400px){.sticky-xxl-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-xxl-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}.hstack{display:flex;flex-direction:row;align-items:center;align-self:stretch}.vstack{display:flex;flex:1 1 auto;flex-direction:column;align-self:stretch}.visually-hidden,.visually-hidden-focusable:not(:focus):not(:focus-within){position:absolute!important;width:1px!important;height:1px!important;padding:0!important;margin:-1px!important;overflow:hidden!important;clip:rect(0,0,0,0)!important;white-space:nowrap!important;border:0!important}.stretched-link::after{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;content:""}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.vr{display:inline-block;align-self:stretch;width:1px;min-height:1em;background-color:currentcolor;opacity:.25}.align-baseline{vertical-align:baseline!important}.align-top{vertical-align:top!important}.align-middle{vertical-align:middle!important}.align-bottom{vertical-align:bottom!important}.align-text-bottom{vertical-align:text-bottom!important}.align-text-top{vertical-align:text-top!important}.float-start{float:left!important}.float-end{float:right!important}.float-none{float:none!important}.opacity-0{opacity:0!important}.opacity-25{opacity:.25!important}.opacity-50{opacity:.5!important}.opacity-75{opacity:.75!important}.opacity-100{opacity:1!important}.overflow-auto{overflow:auto!important}.overflow-hidden{overflow:hidden!important}.overflow-visible{overflow:visible!important}.overflow-scroll{overflow:scroll!important}.d-inline{display:inline!important}.d-inline-block{display:inline-block!important}.d-block{display:block!important}.d-grid{display:grid!important}.d-table{display:table!important}.d-table-row{display:table-row!important}.d-table-cell{display:table-cell!important}.d-flex{display:flex!important}.d-inline-flex{display:inline-flex!important}.d-none{display:none!important}.shadow{box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important}.shadow-sm{box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important}.shadow-lg{box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important}.shadow-none{box-shadow:none!important}.position-static{position:static!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.position-fixed{position:fixed!important}.position-sticky{position:-webkit-sticky!important;position:sticky!important}.top-0{top:0!important}.top-50{top:50%!important}.top-100{top:100%!important}.bottom-0{bottom:0!important}.bottom-50{bottom:50%!important}.bottom-100{bottom:100%!important}.start-0{left:0!important}.start-50{left:50%!important}.start-100{left:100%!important}.end-0{right:0!important}.end-50{right:50%!important}.end-100{right:100%!important}.translate-middle{transform:translate(-50%,-50%)!important}.translate-middle-x{transform:translateX(-50%)!important}.translate-middle-y{transform:translateY(-50%)!important}.border{border:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-0{border:0!important}.border-top{border-top:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-top-0{border-top:0!important}.border-end{border-right:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-end-0{border-right:0!important}.border-bottom{border-bottom:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-bottom-0{border-bottom:0!important}.border-start{border-left:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-start-0{border-left:0!important}.border-primary{--bs-border-opacity:1;border-color:rgba(var(--bs-primary-rgb),var(--bs-border-opacity))!important}.border-secondary{--bs-border-opacity:1;border-color:rgba(var(--bs-secondary-rgb),var(--bs-border-opacity))!important}.border-success{--bs-border-opacity:1;border-color:rgba(var(--bs-success-rgb),var(--bs-border-opacity))!important}.border-info{--bs-border-opacity:1;border-color:rgba(var(--bs-info-rgb),var(--bs-border-opacity))!important}.border-warning{--bs-border-opacity:1;border-color:rgba(var(--bs-warning-rgb),var(--bs-border-opacity))!important}.border-danger{--bs-border-opacity:1;border-color:rgba(var(--bs-danger-rgb),var(--bs-border-opacity))!important}.border-light{--bs-border-opacity:1;border-color:rgba(var(--bs-light-rgb),var(--bs-border-opacity))!important}.border-dark{--bs-border-opacity:1;border-color:rgba(var(--bs-dark-rgb),var(--bs-border-opacity))!important}.border-white{--bs-border-opacity:1;border-color:rgba(var(--bs-white-rgb),var(--bs-border-opacity))!important}.border-1{--bs-border-width:1px}.border-2{--bs-border-width:2px}.border-3{--bs-border-width:3px}.border-4{--bs-border-width:4px}.border-5{--bs-border-width:5px}.border-opacity-10{--bs-border-opacity:0.1}.border-opacity-25{--bs-border-opacity:0.25}.border-opacity-50{--bs-border-opacity:0.5}.border-opacity-75{--bs-border-opacity:0.75}.border-opacity-100{--bs-border-opacity:1}.w-25{width:25%!important}.w-50{width:50%!important}.w-75{width:75%!important}.w-100{width:100%!important}.w-auto{width:auto!important}.mw-100{max-width:100%!important}.vw-100{width:100vw!important}.min-vw-100{min-width:100vw!important}.h-25{height:25%!important}.h-50{height:50%!important}.h-75{height:75%!important}.h-100{height:100%!important}.h-auto{height:auto!important}.mh-100{max-height:100%!important}.vh-100{height:100vh!important}.min-vh-100{min-height:100vh!important}.flex-fill{flex:1 1 auto!important}.flex-row{flex-direction:row!important}.flex-column{flex-direction:column!important}.flex-row-reverse{flex-direction:row-reverse!important}.flex-column-reverse{flex-direction:column-reverse!important}.flex-grow-0{flex-grow:0!important}.flex-grow-1{flex-grow:1!important}.flex-shrink-0{flex-shrink:0!important}.flex-shrink-1{flex-shrink:1!important}.flex-wrap{flex-wrap:wrap!important}.flex-nowrap{flex-wrap:nowrap!important}.flex-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-start{justify-content:flex-start!important}.justify-content-end{justify-content:flex-end!important}.justify-content-center{justify-content:center!important}.justify-content-between{justify-content:space-between!important}.justify-content-around{justify-content:space-around!important}.justify-content-evenly{justify-content:space-evenly!important}.align-items-start{align-items:flex-start!important}.align-items-end{align-items:flex-end!important}.align-items-center{align-items:center!important}.align-items-baseline{align-items:baseline!important}.align-items-stretch{align-items:stretch!important}.align-content-start{align-content:flex-start!important}.align-content-end{align-content:flex-end!important}.align-content-center{align-content:center!important}.align-content-between{align-content:space-between!important}.align-content-around{align-content:space-around!important}.align-content-stretch{align-content:stretch!important}.align-self-auto{align-self:auto!important}.align-self-start{align-self:flex-start!important}.align-self-end{align-self:flex-end!important}.align-self-center{align-self:center!important}.align-self-baseline{align-self:baseline!important}.align-self-stretch{align-self:stretch!important}.order-first{order:-1!important}.order-0{order:0!important}.order-1{order:1!important}.order-2{order:2!important}.order-3{order:3!important}.order-4{order:4!important}.order-5{order:5!important}.order-last{order:6!important}.m-0{margin:0!important}.m-1{margin:.25rem!important}.m-2{margin:.5rem!important}.m-3{margin:1rem!important}.m-4{margin:1.5rem!important}.m-5{margin:3rem!important}.m-auto{margin:auto!important}.mx-0{margin-right:0!important;margin-left:0!important}.mx-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-3{margin-right:1rem!important;margin-left:1rem!important}.mx-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-5{margin-right:3rem!important;margin-left:3rem!important}.mx-auto{margin-right:auto!important;margin-left:auto!important}.my-0{margin-top:0!important;margin-bottom:0!important}.my-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-0{margin-top:0!important}.mt-1{margin-top:.25rem!important}.mt-2{margin-top:.5rem!important}.mt-3{margin-top:1rem!important}.mt-4{margin-top:1.5rem!important}.mt-5{margin-top:3rem!important}.mt-auto{margin-top:auto!important}.me-0{margin-right:0!important}.me-1{margin-right:.25rem!important}.me-2{margin-right:.5rem!important}.me-3{margin-right:1rem!important}.me-4{margin-right:1.5rem!important}.me-5{margin-right:3rem!important}.me-auto{margin-right:auto!important}.mb-0{margin-bottom:0!important}.mb-1{margin-bottom:.25rem!important}.mb-2{margin-bottom:.5rem!important}.mb-3{margin-bottom:1rem!important}.mb-4{margin-bottom:1.5rem!important}.mb-5{margin-bottom:3rem!important}.mb-auto{margin-bottom:auto!important}.ms-0{margin-left:0!important}.ms-1{margin-left:.25rem!important}.ms-2{margin-left:.5rem!important}.ms-3{margin-left:1rem!important}.ms-4{margin-left:1.5rem!important}.ms-5{margin-left:3rem!important}.ms-auto{margin-left:auto!important}.p-0{padding:0!important}.p-1{padding:.25rem!important}.p-2{padding:.5rem!important}.p-3{padding:1rem!important}.p-4{padding:1.5rem!important}.p-5{padding:3rem!important}.px-0{padding-right:0!important;padding-left:0!important}.px-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-3{padding-right:1rem!important;padding-left:1rem!important}.px-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-5{padding-right:3rem!important;padding-left:3rem!important}.py-0{padding-top:0!important;padding-bottom:0!important}.py-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-0{padding-top:0!important}.pt-1{padding-top:.25rem!important}.pt-2{padding-top:.5rem!important}.pt-3{padding-top:1rem!important}.pt-4{padding-top:1.5rem!important}.pt-5{padding-top:3rem!important}.pe-0{padding-right:0!important}.pe-1{padding-right:.25rem!important}.pe-2{padding-right:.5rem!important}.pe-3{padding-right:1rem!important}.pe-4{padding-right:1.5rem!important}.pe-5{padding-right:3rem!important}.pb-0{padding-bottom:0!important}.pb-1{padding-bottom:.25rem!important}.pb-2{padding-bottom:.5rem!important}.pb-3{padding-bottom:1rem!important}.pb-4{padding-bottom:1.5rem!important}.pb-5{padding-bottom:3rem!important}.ps-0{padding-left:0!important}.ps-1{padding-left:.25rem!important}.ps-2{padding-left:.5rem!important}.ps-3{padding-left:1rem!important}.ps-4{padding-left:1.5rem!important}.ps-5{padding-left:3rem!important}.gap-0{gap:0!important}.gap-1{gap:.25rem!important}.gap-2{gap:.5rem!important}.gap-3{gap:1rem!important}.gap-4{gap:1.5rem!important}.gap-5{gap:3rem!important}.font-monospace{font-family:var(--bs-font-monospace)!important}.fs-1{font-size:calc(1.375rem + 1.5vw)!important}.fs-2{font-size:calc(1.325rem + .9vw)!important}.fs-3{font-size:calc(1.3rem + .6vw)!important}.fs-4{font-size:calc(1.275rem + .3vw)!important}.fs-5{font-size:1.25rem!important}.fs-6{font-size:1rem!important}.fst-italic{font-style:italic!important}.fst-normal{font-style:normal!important}.fw-light{font-weight:300!important}.fw-lighter{font-weight:lighter!important}.fw-normal{font-weight:400!important}.fw-bold{font-weight:700!important}.fw-semibold{font-weight:600!important}.fw-bolder{font-weight:bolder!important}.lh-1{line-height:1!important}.lh-sm{line-height:1.25!important}.lh-base{line-height:1.5!important}.lh-lg{line-height:2!important}.text-start{text-align:left!important}.text-end{text-align:right!important}.text-center{text-align:center!important}.text-decoration-none{text-decoration:none!important}.text-decoration-underline{text-decoration:underline!important}.text-decoration-line-through{text-decoration:line-through!important}.text-lowercase{text-transform:lowercase!important}.text-uppercase{text-transform:uppercase!important}.text-capitalize{text-transform:capitalize!important}.text-wrap{white-space:normal!important}.text-nowrap{white-space:nowrap!important}.text-break{word-wrap:break-word!important;word-break:break-word!important}.text-primary{--bs-text-opacity:1;color:rgba(var(--bs-primary-rgb),var(--bs-text-opacity))!important}.text-secondary{--bs-text-opacity:1;color:rgba(var(--bs-secondary-rgb),var(--bs-text-opacity))!important}.text-success{--bs-text-opacity:1;color:rgba(var(--bs-success-rgb),var(--bs-text-opacity))!important}.text-info{--bs-text-opacity:1;color:rgba(var(--bs-info-rgb),var(--bs-text-opacity))!important}.text-warning{--bs-text-opacity:1;color:rgba(var(--bs-warning-rgb),var(--bs-text-opacity))!important}.text-danger{--bs-text-opacity:1;color:rgba(var(--bs-danger-rgb),var(--bs-text-opacity))!important}.text-light{--bs-text-opacity:1;color:rgba(var(--bs-light-rgb),var(--bs-text-opacity))!important}.text-dark{--bs-text-opacity:1;color:rgba(var(--bs-dark-rgb),var(--bs-text-opacity))!important}.text-black{--bs-text-opacity:1;color:rgba(var(--bs-black-rgb),var(--bs-text-opacity))!important}.text-white{--bs-text-opacity:1;color:rgba(var(--bs-white-rgb),var(--bs-text-opacity))!important}.text-body{--bs-text-opacity:1;color:rgba(var(--bs-body-color-rgb),var(--bs-text-opacity))!important}.text-muted{--bs-text-opacity:1;color:#888!important}.text-black-50{--bs-text-opacity:1;color:rgba(0,0,0,.5)!important}.text-white-50{--bs-text-opacity:1;color:rgba(255,255,255,.5)!important}.text-reset{--bs-text-opacity:1;color:inherit!important}.text-opacity-25{--bs-text-opacity:0.25}.text-opacity-50{--bs-text-opacity:0.5}.text-opacity-75{--bs-text-opacity:0.75}.text-opacity-100{--bs-text-opacity:1}.bg-primary{--bs-bg-opacity:1;background-color:rgba(var(--bs-primary-rgb),var(--bs-bg-opacity))!important}.bg-secondary{--bs-bg-opacity:1;background-color:rgba(var(--bs-secondary-rgb),var(--bs-bg-opacity))!important}.bg-success{--bs-bg-opacity:1;background-color:rgba(var(--bs-success-rgb),var(--bs-bg-opacity))!important}.bg-info{--bs-bg-opacity:1;background-color:rgba(var(--bs-info-rgb),var(--bs-bg-opacity))!important}.bg-warning{--bs-bg-opacity:1;background-color:rgba(var(--bs-warning-rgb),var(--bs-bg-opacity))!important}.bg-danger{--bs-bg-opacity:1;background-color:rgba(var(--bs-danger-rgb),var(--bs-bg-opacity))!important}.bg-light{--bs-bg-opacity:1;background-color:rgba(var(--bs-light-rgb),var(--bs-bg-opacity))!important}.bg-dark{--bs-bg-opacity:1;background-color:rgba(var(--bs-dark-rgb),var(--bs-bg-opacity))!important}.bg-black{--bs-bg-opacity:1;background-color:rgba(var(--bs-black-rgb),var(--bs-bg-opacity))!important}.bg-white{--bs-bg-opacity:1;background-color:rgba(var(--bs-white-rgb),var(--bs-bg-opacity))!important}.bg-body{--bs-bg-opacity:1;background-color:rgba(var(--bs-body-bg-rgb),var(--bs-bg-opacity))!important}.bg-transparent{--bs-bg-opacity:1;background-color:transparent!important}.bg-opacity-10{--bs-bg-opacity:0.1}.bg-opacity-25{--bs-bg-opacity:0.25}.bg-opacity-50{--bs-bg-opacity:0.5}.bg-opacity-75{--bs-bg-opacity:0.75}.bg-opacity-100{--bs-bg-opacity:1}.bg-gradient{background-image:var(--bs-gradient)!important}.user-select-all{-webkit-user-select:all!important;-moz-user-select:all!important;user-select:all!important}.user-select-auto{-webkit-user-select:auto!important;-moz-user-select:auto!important;user-select:auto!important}.user-select-none{-webkit-user-select:none!important;-moz-user-select:none!important;user-select:none!important}.pe-none{pointer-events:none!important}.pe-auto{pointer-events:auto!important}.rounded{border-radius:var(--bs-border-radius)!important}.rounded-0{border-radius:0!important}.rounded-1{border-radius:var(--bs-border-radius-sm)!important}.rounded-2{border-radius:var(--bs-border-radius)!important}.rounded-3{border-radius:var(--bs-border-radius-lg)!important}.rounded-4{border-radius:var(--bs-border-radius-xl)!important}.rounded-5{border-radius:var(--bs-border-radius-2xl)!important}.rounded-circle{border-radius:50%!important}.rounded-pill{border-radius:var(--bs-border-radius-pill)!important}.rounded-top{border-top-left-radius:var(--bs-border-radius)!important;border-top-right-radius:var(--bs-border-radius)!important}.rounded-end{border-top-right-radius:var(--bs-border-radius)!important;border-bottom-right-radius:var(--bs-border-radius)!important}.rounded-bottom{border-bottom-right-radius:var(--bs-border-radius)!important;border-bottom-left-radius:var(--bs-border-radius)!important}.rounded-start{border-bottom-left-radius:var(--bs-border-radius)!important;border-top-left-radius:var(--bs-border-radius)!important}.visible{visibility:visible!important}.invisible{visibility:hidden!important}@media (min-width:576px){.float-sm-start{float:left!important}.float-sm-end{float:right!important}.float-sm-none{float:none!important}.d-sm-inline{display:inline!important}.d-sm-inline-block{display:inline-block!important}.d-sm-block{display:block!important}.d-sm-grid{display:grid!important}.d-sm-table{display:table!important}.d-sm-table-row{display:table-row!important}.d-sm-table-cell{display:table-cell!important}.d-sm-flex{display:flex!important}.d-sm-inline-flex{display:inline-flex!important}.d-sm-none{display:none!important}.flex-sm-fill{flex:1 1 auto!important}.flex-sm-row{flex-direction:row!important}.flex-sm-column{flex-direction:column!important}.flex-sm-row-reverse{flex-direction:row-reverse!important}.flex-sm-column-reverse{flex-direction:column-reverse!important}.flex-sm-grow-0{flex-grow:0!important}.flex-sm-grow-1{flex-grow:1!important}.flex-sm-shrink-0{flex-shrink:0!important}.flex-sm-shrink-1{flex-shrink:1!important}.flex-sm-wrap{flex-wrap:wrap!important}.flex-sm-nowrap{flex-wrap:nowrap!important}.flex-sm-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-sm-start{justify-content:flex-start!important}.justify-content-sm-end{justify-content:flex-end!important}.justify-content-sm-center{justify-content:center!important}.justify-content-sm-between{justify-content:space-between!important}.justify-content-sm-around{justify-content:space-around!important}.justify-content-sm-evenly{justify-content:space-evenly!important}.align-items-sm-start{align-items:flex-start!important}.align-items-sm-end{align-items:flex-end!important}.align-items-sm-center{align-items:center!important}.align-items-sm-baseline{align-items:baseline!important}.align-items-sm-stretch{align-items:stretch!important}.align-content-sm-start{align-content:flex-start!important}.align-content-sm-end{align-content:flex-end!important}.align-content-sm-center{align-content:center!important}.align-content-sm-between{align-content:space-between!important}.align-content-sm-around{align-content:space-around!important}.align-content-sm-stretch{align-content:stretch!important}.align-self-sm-auto{align-self:auto!important}.align-self-sm-start{align-self:flex-start!important}.align-self-sm-end{align-self:flex-end!important}.align-self-sm-center{align-self:center!important}.align-self-sm-baseline{align-self:baseline!important}.align-self-sm-stretch{align-self:stretch!important}.order-sm-first{order:-1!important}.order-sm-0{order:0!important}.order-sm-1{order:1!important}.order-sm-2{order:2!important}.order-sm-3{order:3!important}.order-sm-4{order:4!important}.order-sm-5{order:5!important}.order-sm-last{order:6!important}.m-sm-0{margin:0!important}.m-sm-1{margin:.25rem!important}.m-sm-2{margin:.5rem!important}.m-sm-3{margin:1rem!important}.m-sm-4{margin:1.5rem!important}.m-sm-5{margin:3rem!important}.m-sm-auto{margin:auto!important}.mx-sm-0{margin-right:0!important;margin-left:0!important}.mx-sm-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-sm-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-sm-3{margin-right:1rem!important;margin-left:1rem!important}.mx-sm-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-sm-5{margin-right:3rem!important;margin-left:3rem!important}.mx-sm-auto{margin-right:auto!important;margin-left:auto!important}.my-sm-0{margin-top:0!important;margin-bottom:0!important}.my-sm-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-sm-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-sm-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-sm-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-sm-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-sm-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-sm-0{margin-top:0!important}.mt-sm-1{margin-top:.25rem!important}.mt-sm-2{margin-top:.5rem!important}.mt-sm-3{margin-top:1rem!important}.mt-sm-4{margin-top:1.5rem!important}.mt-sm-5{margin-top:3rem!important}.mt-sm-auto{margin-top:auto!important}.me-sm-0{margin-right:0!important}.me-sm-1{margin-right:.25rem!important}.me-sm-2{margin-right:.5rem!important}.me-sm-3{margin-right:1rem!important}.me-sm-4{margin-right:1.5rem!important}.me-sm-5{margin-right:3rem!important}.me-sm-auto{margin-right:auto!important}.mb-sm-0{margin-bottom:0!important}.mb-sm-1{margin-bottom:.25rem!important}.mb-sm-2{margin-bottom:.5rem!important}.mb-sm-3{margin-bottom:1rem!important}.mb-sm-4{margin-bottom:1.5rem!important}.mb-sm-5{margin-bottom:3rem!important}.mb-sm-auto{margin-bottom:auto!important}.ms-sm-0{margin-left:0!important}.ms-sm-1{margin-left:.25rem!important}.ms-sm-2{margin-left:.5rem!important}.ms-sm-3{margin-left:1rem!important}.ms-sm-4{margin-left:1.5rem!important}.ms-sm-5{margin-left:3rem!important}.ms-sm-auto{margin-left:auto!important}.p-sm-0{padding:0!important}.p-sm-1{padding:.25rem!important}.p-sm-2{padding:.5rem!important}.p-sm-3{padding:1rem!important}.p-sm-4{padding:1.5rem!important}.p-sm-5{padding:3rem!important}.px-sm-0{padding-right:0!important;padding-left:0!important}.px-sm-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-sm-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-sm-3{padding-right:1rem!important;padding-left:1rem!important}.px-sm-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-sm-5{padding-right:3rem!important;padding-left:3rem!important}.py-sm-0{padding-top:0!important;padding-bottom:0!important}.py-sm-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-sm-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-sm-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-sm-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-sm-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-sm-0{padding-top:0!important}.pt-sm-1{padding-top:.25rem!important}.pt-sm-2{padding-top:.5rem!important}.pt-sm-3{padding-top:1rem!important}.pt-sm-4{padding-top:1.5rem!important}.pt-sm-5{padding-top:3rem!important}.pe-sm-0{padding-right:0!important}.pe-sm-1{padding-right:.25rem!important}.pe-sm-2{padding-right:.5rem!important}.pe-sm-3{padding-right:1rem!important}.pe-sm-4{padding-right:1.5rem!important}.pe-sm-5{padding-right:3rem!important}.pb-sm-0{padding-bottom:0!important}.pb-sm-1{padding-bottom:.25rem!important}.pb-sm-2{padding-bottom:.5rem!important}.pb-sm-3{padding-bottom:1rem!important}.pb-sm-4{padding-bottom:1.5rem!important}.pb-sm-5{padding-bottom:3rem!important}.ps-sm-0{padding-left:0!important}.ps-sm-1{padding-left:.25rem!important}.ps-sm-2{padding-left:.5rem!important}.ps-sm-3{padding-left:1rem!important}.ps-sm-4{padding-left:1.5rem!important}.ps-sm-5{padding-left:3rem!important}.gap-sm-0{gap:0!important}.gap-sm-1{gap:.25rem!important}.gap-sm-2{gap:.5rem!important}.gap-sm-3{gap:1rem!important}.gap-sm-4{gap:1.5rem!important}.gap-sm-5{gap:3rem!important}.text-sm-start{text-align:left!important}.text-sm-end{text-align:right!important}.text-sm-center{text-align:center!important}}@media (min-width:768px){.float-md-start{float:left!important}.float-md-end{float:right!important}.float-md-none{float:none!important}.d-md-inline{display:inline!important}.d-md-inline-block{display:inline-block!important}.d-md-block{display:block!important}.d-md-grid{display:grid!important}.d-md-table{display:table!important}.d-md-table-row{display:table-row!important}.d-md-table-cell{display:table-cell!important}.d-md-flex{display:flex!important}.d-md-inline-flex{display:inline-flex!important}.d-md-none{display:none!important}.flex-md-fill{flex:1 1 auto!important}.flex-md-row{flex-direction:row!important}.flex-md-column{flex-direction:column!important}.flex-md-row-reverse{flex-direction:row-reverse!important}.flex-md-column-reverse{flex-direction:column-reverse!important}.flex-md-grow-0{flex-grow:0!important}.flex-md-grow-1{flex-grow:1!important}.flex-md-shrink-0{flex-shrink:0!important}.flex-md-shrink-1{flex-shrink:1!important}.flex-md-wrap{flex-wrap:wrap!important}.flex-md-nowrap{flex-wrap:nowrap!important}.flex-md-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-md-start{justify-content:flex-start!important}.justify-content-md-end{justify-content:flex-end!important}.justify-content-md-center{justify-content:center!important}.justify-content-md-between{justify-content:space-between!important}.justify-content-md-around{justify-content:space-around!important}.justify-content-md-evenly{justify-content:space-evenly!important}.align-items-md-start{align-items:flex-start!important}.align-items-md-end{align-items:flex-end!important}.align-items-md-center{align-items:center!important}.align-items-md-baseline{align-items:baseline!important}.align-items-md-stretch{align-items:stretch!important}.align-content-md-start{align-content:flex-start!important}.align-content-md-end{align-content:flex-end!important}.align-content-md-center{align-content:center!important}.align-content-md-between{align-content:space-between!important}.align-content-md-around{align-content:space-around!important}.align-content-md-stretch{align-content:stretch!important}.align-self-md-auto{align-self:auto!important}.align-self-md-start{align-self:flex-start!important}.align-self-md-end{align-self:flex-end!important}.align-self-md-center{align-self:center!important}.align-self-md-baseline{align-self:baseline!important}.align-self-md-stretch{align-self:stretch!important}.order-md-first{order:-1!important}.order-md-0{order:0!important}.order-md-1{order:1!important}.order-md-2{order:2!important}.order-md-3{order:3!important}.order-md-4{order:4!important}.order-md-5{order:5!important}.order-md-last{order:6!important}.m-md-0{margin:0!important}.m-md-1{margin:.25rem!important}.m-md-2{margin:.5rem!important}.m-md-3{margin:1rem!important}.m-md-4{margin:1.5rem!important}.m-md-5{margin:3rem!important}.m-md-auto{margin:auto!important}.mx-md-0{margin-right:0!important;margin-left:0!important}.mx-md-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-md-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-md-3{margin-right:1rem!important;margin-left:1rem!important}.mx-md-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-md-5{margin-right:3rem!important;margin-left:3rem!important}.mx-md-auto{margin-right:auto!important;margin-left:auto!important}.my-md-0{margin-top:0!important;margin-bottom:0!important}.my-md-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-md-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-md-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-md-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-md-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-md-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-md-0{margin-top:0!important}.mt-md-1{margin-top:.25rem!important}.mt-md-2{margin-top:.5rem!important}.mt-md-3{margin-top:1rem!important}.mt-md-4{margin-top:1.5rem!important}.mt-md-5{margin-top:3rem!important}.mt-md-auto{margin-top:auto!important}.me-md-0{margin-right:0!important}.me-md-1{margin-right:.25rem!important}.me-md-2{margin-right:.5rem!important}.me-md-3{margin-right:1rem!important}.me-md-4{margin-right:1.5rem!important}.me-md-5{margin-right:3rem!important}.me-md-auto{margin-right:auto!important}.mb-md-0{margin-bottom:0!important}.mb-md-1{margin-bottom:.25rem!important}.mb-md-2{margin-bottom:.5rem!important}.mb-md-3{margin-bottom:1rem!important}.mb-md-4{margin-bottom:1.5rem!important}.mb-md-5{margin-bottom:3rem!important}.mb-md-auto{margin-bottom:auto!important}.ms-md-0{margin-left:0!important}.ms-md-1{margin-left:.25rem!important}.ms-md-2{margin-left:.5rem!important}.ms-md-3{margin-left:1rem!important}.ms-md-4{margin-left:1.5rem!important}.ms-md-5{margin-left:3rem!important}.ms-md-auto{margin-left:auto!important}.p-md-0{padding:0!important}.p-md-1{padding:.25rem!important}.p-md-2{padding:.5rem!important}.p-md-3{padding:1rem!important}.p-md-4{padding:1.5rem!important}.p-md-5{padding:3rem!important}.px-md-0{padding-right:0!important;padding-left:0!important}.px-md-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-md-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-md-3{padding-right:1rem!important;padding-left:1rem!important}.px-md-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-md-5{padding-right:3rem!important;padding-left:3rem!important}.py-md-0{padding-top:0!important;padding-bottom:0!important}.py-md-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-md-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-md-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-md-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-md-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-md-0{padding-top:0!important}.pt-md-1{padding-top:.25rem!important}.pt-md-2{padding-top:.5rem!important}.pt-md-3{padding-top:1rem!important}.pt-md-4{padding-top:1.5rem!important}.pt-md-5{padding-top:3rem!important}.pe-md-0{padding-right:0!important}.pe-md-1{padding-right:.25rem!important}.pe-md-2{padding-right:.5rem!important}.pe-md-3{padding-right:1rem!important}.pe-md-4{padding-right:1.5rem!important}.pe-md-5{padding-right:3rem!important}.pb-md-0{padding-bottom:0!important}.pb-md-1{padding-bottom:.25rem!important}.pb-md-2{padding-bottom:.5rem!important}.pb-md-3{padding-bottom:1rem!important}.pb-md-4{padding-bottom:1.5rem!important}.pb-md-5{padding-bottom:3rem!important}.ps-md-0{padding-left:0!important}.ps-md-1{padding-left:.25rem!important}.ps-md-2{padding-left:.5rem!important}.ps-md-3{padding-left:1rem!important}.ps-md-4{padding-left:1.5rem!important}.ps-md-5{padding-left:3rem!important}.gap-md-0{gap:0!important}.gap-md-1{gap:.25rem!important}.gap-md-2{gap:.5rem!important}.gap-md-3{gap:1rem!important}.gap-md-4{gap:1.5rem!important}.gap-md-5{gap:3rem!important}.text-md-start{text-align:left!important}.text-md-end{text-align:right!important}.text-md-center{text-align:center!important}}@media (min-width:992px){.float-lg-start{float:left!important}.float-lg-end{float:right!important}.float-lg-none{float:none!important}.d-lg-inline{display:inline!important}.d-lg-inline-block{display:inline-block!important}.d-lg-block{display:block!important}.d-lg-grid{display:grid!important}.d-lg-table{display:table!important}.d-lg-table-row{display:table-row!important}.d-lg-table-cell{display:table-cell!important}.d-lg-flex{display:flex!important}.d-lg-inline-flex{display:inline-flex!important}.d-lg-none{display:none!important}.flex-lg-fill{flex:1 1 auto!important}.flex-lg-row{flex-direction:row!important}.flex-lg-column{flex-direction:column!important}.flex-lg-row-reverse{flex-direction:row-reverse!important}.flex-lg-column-reverse{flex-direction:column-reverse!important}.flex-lg-grow-0{flex-grow:0!important}.flex-lg-grow-1{flex-grow:1!important}.flex-lg-shrink-0{flex-shrink:0!important}.flex-lg-shrink-1{flex-shrink:1!important}.flex-lg-wrap{flex-wrap:wrap!important}.flex-lg-nowrap{flex-wrap:nowrap!important}.flex-lg-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-lg-start{justify-content:flex-start!important}.justify-content-lg-end{justify-content:flex-end!important}.justify-content-lg-center{justify-content:center!important}.justify-content-lg-between{justify-content:space-between!important}.justify-content-lg-around{justify-content:space-around!important}.justify-content-lg-evenly{justify-content:space-evenly!important}.align-items-lg-start{align-items:flex-start!important}.align-items-lg-end{align-items:flex-end!important}.align-items-lg-center{align-items:center!important}.align-items-lg-baseline{align-items:baseline!important}.align-items-lg-stretch{align-items:stretch!important}.align-content-lg-start{align-content:flex-start!important}.align-content-lg-end{align-content:flex-end!important}.align-content-lg-center{align-content:center!important}.align-content-lg-between{align-content:space-between!important}.align-content-lg-around{align-content:space-around!important}.align-content-lg-stretch{align-content:stretch!important}.align-self-lg-auto{align-self:auto!important}.align-self-lg-start{align-self:flex-start!important}.align-self-lg-end{align-self:flex-end!important}.align-self-lg-center{align-self:center!important}.align-self-lg-baseline{align-self:baseline!important}.align-self-lg-stretch{align-self:stretch!important}.order-lg-first{order:-1!important}.order-lg-0{order:0!important}.order-lg-1{order:1!important}.order-lg-2{order:2!important}.order-lg-3{order:3!important}.order-lg-4{order:4!important}.order-lg-5{order:5!important}.order-lg-last{order:6!important}.m-lg-0{margin:0!important}.m-lg-1{margin:.25rem!important}.m-lg-2{margin:.5rem!important}.m-lg-3{margin:1rem!important}.m-lg-4{margin:1.5rem!important}.m-lg-5{margin:3rem!important}.m-lg-auto{margin:auto!important}.mx-lg-0{margin-right:0!important;margin-left:0!important}.mx-lg-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-lg-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-lg-3{margin-right:1rem!important;margin-left:1rem!important}.mx-lg-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-lg-5{margin-right:3rem!important;margin-left:3rem!important}.mx-lg-auto{margin-right:auto!important;margin-left:auto!important}.my-lg-0{margin-top:0!important;margin-bottom:0!important}.my-lg-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-lg-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-lg-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-lg-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-lg-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-lg-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-lg-0{margin-top:0!important}.mt-lg-1{margin-top:.25rem!important}.mt-lg-2{margin-top:.5rem!important}.mt-lg-3{margin-top:1rem!important}.mt-lg-4{margin-top:1.5rem!important}.mt-lg-5{margin-top:3rem!important}.mt-lg-auto{margin-top:auto!important}.me-lg-0{margin-right:0!important}.me-lg-1{margin-right:.25rem!important}.me-lg-2{margin-right:.5rem!important}.me-lg-3{margin-right:1rem!important}.me-lg-4{margin-right:1.5rem!important}.me-lg-5{margin-right:3rem!important}.me-lg-auto{margin-right:auto!important}.mb-lg-0{margin-bottom:0!important}.mb-lg-1{margin-bottom:.25rem!important}.mb-lg-2{margin-bottom:.5rem!important}.mb-lg-3{margin-bottom:1rem!important}.mb-lg-4{margin-bottom:1.5rem!important}.mb-lg-5{margin-bottom:3rem!important}.mb-lg-auto{margin-bottom:auto!important}.ms-lg-0{margin-left:0!important}.ms-lg-1{margin-left:.25rem!important}.ms-lg-2{margin-left:.5rem!important}.ms-lg-3{margin-left:1rem!important}.ms-lg-4{margin-left:1.5rem!important}.ms-lg-5{margin-left:3rem!important}.ms-lg-auto{margin-left:auto!important}.p-lg-0{padding:0!important}.p-lg-1{padding:.25rem!important}.p-lg-2{padding:.5rem!important}.p-lg-3{padding:1rem!important}.p-lg-4{padding:1.5rem!important}.p-lg-5{padding:3rem!important}.px-lg-0{padding-right:0!important;padding-left:0!important}.px-lg-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-lg-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-lg-3{padding-right:1rem!important;padding-left:1rem!important}.px-lg-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-lg-5{padding-right:3rem!important;padding-left:3rem!important}.py-lg-0{padding-top:0!important;padding-bottom:0!important}.py-lg-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-lg-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-lg-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-lg-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-lg-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-lg-0{padding-top:0!important}.pt-lg-1{padding-top:.25rem!important}.pt-lg-2{padding-top:.5rem!important}.pt-lg-3{padding-top:1rem!important}.pt-lg-4{padding-top:1.5rem!important}.pt-lg-5{padding-top:3rem!important}.pe-lg-0{padding-right:0!important}.pe-lg-1{padding-right:.25rem!important}.pe-lg-2{padding-right:.5rem!important}.pe-lg-3{padding-right:1rem!important}.pe-lg-4{padding-right:1.5rem!important}.pe-lg-5{padding-right:3rem!important}.pb-lg-0{padding-bottom:0!important}.pb-lg-1{padding-bottom:.25rem!important}.pb-lg-2{padding-bottom:.5rem!important}.pb-lg-3{padding-bottom:1rem!important}.pb-lg-4{padding-bottom:1.5rem!important}.pb-lg-5{padding-bottom:3rem!important}.ps-lg-0{padding-left:0!important}.ps-lg-1{padding-left:.25rem!important}.ps-lg-2{padding-left:.5rem!important}.ps-lg-3{padding-left:1rem!important}.ps-lg-4{padding-left:1.5rem!important}.ps-lg-5{padding-left:3rem!important}.gap-lg-0{gap:0!important}.gap-lg-1{gap:.25rem!important}.gap-lg-2{gap:.5rem!important}.gap-lg-3{gap:1rem!important}.gap-lg-4{gap:1.5rem!important}.gap-lg-5{gap:3rem!important}.text-lg-start{text-align:left!important}.text-lg-end{text-align:right!important}.text-lg-center{text-align:center!important}}@media (min-width:1200px){.float-xl-start{float:left!important}.float-xl-end{float:right!important}.float-xl-none{float:none!important}.d-xl-inline{display:inline!important}.d-xl-inline-block{display:inline-block!important}.d-xl-block{display:block!important}.d-xl-grid{display:grid!important}.d-xl-table{display:table!important}.d-xl-table-row{display:table-row!important}.d-xl-table-cell{display:table-cell!important}.d-xl-flex{display:flex!important}.d-xl-inline-flex{display:inline-flex!important}.d-xl-none{display:none!important}.flex-xl-fill{flex:1 1 auto!important}.flex-xl-row{flex-direction:row!important}.flex-xl-column{flex-direction:column!important}.flex-xl-row-reverse{flex-direction:row-reverse!important}.flex-xl-column-reverse{flex-direction:column-reverse!important}.flex-xl-grow-0{flex-grow:0!important}.flex-xl-grow-1{flex-grow:1!important}.flex-xl-shrink-0{flex-shrink:0!important}.flex-xl-shrink-1{flex-shrink:1!important}.flex-xl-wrap{flex-wrap:wrap!important}.flex-xl-nowrap{flex-wrap:nowrap!important}.flex-xl-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-xl-start{justify-content:flex-start!important}.justify-content-xl-end{justify-content:flex-end!important}.justify-content-xl-center{justify-content:center!important}.justify-content-xl-between{justify-content:space-between!important}.justify-content-xl-around{justify-content:space-around!important}.justify-content-xl-evenly{justify-content:space-evenly!important}.align-items-xl-start{align-items:flex-start!important}.align-items-xl-end{align-items:flex-end!important}.align-items-xl-center{align-items:center!important}.align-items-xl-baseline{align-items:baseline!important}.align-items-xl-stretch{align-items:stretch!important}.align-content-xl-start{align-content:flex-start!important}.align-content-xl-end{align-content:flex-end!important}.align-content-xl-center{align-content:center!important}.align-content-xl-between{align-content:space-between!important}.align-content-xl-around{align-content:space-around!important}.align-content-xl-stretch{align-content:stretch!important}.align-self-xl-auto{align-self:auto!important}.align-self-xl-start{align-self:flex-start!important}.align-self-xl-end{align-self:flex-end!important}.align-self-xl-center{align-self:center!important}.align-self-xl-baseline{align-self:baseline!important}.align-self-xl-stretch{align-self:stretch!important}.order-xl-first{order:-1!important}.order-xl-0{order:0!important}.order-xl-1{order:1!important}.order-xl-2{order:2!important}.order-xl-3{order:3!important}.order-xl-4{order:4!important}.order-xl-5{order:5!important}.order-xl-last{order:6!important}.m-xl-0{margin:0!important}.m-xl-1{margin:.25rem!important}.m-xl-2{margin:.5rem!important}.m-xl-3{margin:1rem!important}.m-xl-4{margin:1.5rem!important}.m-xl-5{margin:3rem!important}.m-xl-auto{margin:auto!important}.mx-xl-0{margin-right:0!important;margin-left:0!important}.mx-xl-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-xl-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-xl-3{margin-right:1rem!important;margin-left:1rem!important}.mx-xl-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-xl-5{margin-right:3rem!important;margin-left:3rem!important}.mx-xl-auto{margin-right:auto!important;margin-left:auto!important}.my-xl-0{margin-top:0!important;margin-bottom:0!important}.my-xl-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-xl-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-xl-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-xl-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-xl-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-xl-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-xl-0{margin-top:0!important}.mt-xl-1{margin-top:.25rem!important}.mt-xl-2{margin-top:.5rem!important}.mt-xl-3{margin-top:1rem!important}.mt-xl-4{margin-top:1.5rem!important}.mt-xl-5{margin-top:3rem!important}.mt-xl-auto{margin-top:auto!important}.me-xl-0{margin-right:0!important}.me-xl-1{margin-right:.25rem!important}.me-xl-2{margin-right:.5rem!important}.me-xl-3{margin-right:1rem!important}.me-xl-4{margin-right:1.5rem!important}.me-xl-5{margin-right:3rem!important}.me-xl-auto{margin-right:auto!important}.mb-xl-0{margin-bottom:0!important}.mb-xl-1{margin-bottom:.25rem!important}.mb-xl-2{margin-bottom:.5rem!important}.mb-xl-3{margin-bottom:1rem!important}.mb-xl-4{margin-bottom:1.5rem!important}.mb-xl-5{margin-bottom:3rem!important}.mb-xl-auto{margin-bottom:auto!important}.ms-xl-0{margin-left:0!important}.ms-xl-1{margin-left:.25rem!important}.ms-xl-2{margin-left:.5rem!important}.ms-xl-3{margin-left:1rem!important}.ms-xl-4{margin-left:1.5rem!important}.ms-xl-5{margin-left:3rem!important}.ms-xl-auto{margin-left:auto!important}.p-xl-0{padding:0!important}.p-xl-1{padding:.25rem!important}.p-xl-2{padding:.5rem!important}.p-xl-3{padding:1rem!important}.p-xl-4{padding:1.5rem!important}.p-xl-5{padding:3rem!important}.px-xl-0{padding-right:0!important;padding-left:0!important}.px-xl-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-xl-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-xl-3{padding-right:1rem!important;padding-left:1rem!important}.px-xl-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-xl-5{padding-right:3rem!important;padding-left:3rem!important}.py-xl-0{padding-top:0!important;padding-bottom:0!important}.py-xl-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-xl-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-xl-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-xl-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-xl-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-xl-0{padding-top:0!important}.pt-xl-1{padding-top:.25rem!important}.pt-xl-2{padding-top:.5rem!important}.pt-xl-3{padding-top:1rem!important}.pt-xl-4{padding-top:1.5rem!important}.pt-xl-5{padding-top:3rem!important}.pe-xl-0{padding-right:0!important}.pe-xl-1{padding-right:.25rem!important}.pe-xl-2{padding-right:.5rem!important}.pe-xl-3{padding-right:1rem!important}.pe-xl-4{padding-right:1.5rem!important}.pe-xl-5{padding-right:3rem!important}.pb-xl-0{padding-bottom:0!important}.pb-xl-1{padding-bottom:.25rem!important}.pb-xl-2{padding-bottom:.5rem!important}.pb-xl-3{padding-bottom:1rem!important}.pb-xl-4{padding-bottom:1.5rem!important}.pb-xl-5{padding-bottom:3rem!important}.ps-xl-0{padding-left:0!important}.ps-xl-1{padding-left:.25rem!important}.ps-xl-2{padding-left:.5rem!important}.ps-xl-3{padding-left:1rem!important}.ps-xl-4{padding-left:1.5rem!important}.ps-xl-5{padding-left:3rem!important}.gap-xl-0{gap:0!important}.gap-xl-1{gap:.25rem!important}.gap-xl-2{gap:.5rem!important}.gap-xl-3{gap:1rem!important}.gap-xl-4{gap:1.5rem!important}.gap-xl-5{gap:3rem!important}.text-xl-start{text-align:left!important}.text-xl-end{text-align:right!important}.text-xl-center{text-align:center!important}}@media (min-width:1400px){.float-xxl-start{float:left!important}.float-xxl-end{float:right!important}.float-xxl-none{float:none!important}.d-xxl-inline{display:inline!important}.d-xxl-inline-block{display:inline-block!important}.d-xxl-block{display:block!important}.d-xxl-grid{display:grid!important}.d-xxl-table{display:table!important}.d-xxl-table-row{display:table-row!important}.d-xxl-table-cell{display:table-cell!important}.d-xxl-flex{display:flex!important}.d-xxl-inline-flex{display:inline-flex!important}.d-xxl-none{display:none!important}.flex-xxl-fill{flex:1 1 auto!important}.flex-xxl-row{flex-direction:row!important}.flex-xxl-column{flex-direction:column!important}.flex-xxl-row-reverse{flex-direction:row-reverse!important}.flex-xxl-column-reverse{flex-direction:column-reverse!important}.flex-xxl-grow-0{flex-grow:0!important}.flex-xxl-grow-1{flex-grow:1!important}.flex-xxl-shrink-0{flex-shrink:0!important}.flex-xxl-shrink-1{flex-shrink:1!important}.flex-xxl-wrap{flex-wrap:wrap!important}.flex-xxl-nowrap{flex-wrap:nowrap!important}.flex-xxl-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-xxl-start{justify-content:flex-start!important}.justify-content-xxl-end{justify-content:flex-end!important}.justify-content-xxl-center{justify-content:center!important}.justify-content-xxl-between{justify-content:space-between!important}.justify-content-xxl-around{justify-content:space-around!important}.justify-content-xxl-evenly{justify-content:space-evenly!important}.align-items-xxl-start{align-items:flex-start!important}.align-items-xxl-end{align-items:flex-end!important}.align-items-xxl-center{align-items:center!important}.align-items-xxl-baseline{align-items:baseline!important}.align-items-xxl-stretch{align-items:stretch!important}.align-content-xxl-start{align-content:flex-start!important}.align-content-xxl-end{align-content:flex-end!important}.align-content-xxl-center{align-content:center!important}.align-content-xxl-between{align-content:space-between!important}.align-content-xxl-around{align-content:space-around!important}.align-content-xxl-stretch{align-content:stretch!important}.align-self-xxl-auto{align-self:auto!important}.align-self-xxl-start{align-self:flex-start!important}.align-self-xxl-end{align-self:flex-end!important}.align-self-xxl-center{align-self:center!important}.align-self-xxl-baseline{align-self:baseline!important}.align-self-xxl-stretch{align-self:stretch!important}.order-xxl-first{order:-1!important}.order-xxl-0{order:0!important}.order-xxl-1{order:1!important}.order-xxl-2{order:2!important}.order-xxl-3{order:3!important}.order-xxl-4{order:4!important}.order-xxl-5{order:5!important}.order-xxl-last{order:6!important}.m-xxl-0{margin:0!important}.m-xxl-1{margin:.25rem!important}.m-xxl-2{margin:.5rem!important}.m-xxl-3{margin:1rem!important}.m-xxl-4{margin:1.5rem!important}.m-xxl-5{margin:3rem!important}.m-xxl-auto{margin:auto!important}.mx-xxl-0{margin-right:0!important;margin-left:0!important}.mx-xxl-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-xxl-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-xxl-3{margin-right:1rem!important;margin-left:1rem!important}.mx-xxl-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-xxl-5{margin-right:3rem!important;margin-left:3rem!important}.mx-xxl-auto{margin-right:auto!important;margin-left:auto!important}.my-xxl-0{margin-top:0!important;margin-bottom:0!important}.my-xxl-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-xxl-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-xxl-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-xxl-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-xxl-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-xxl-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-xxl-0{margin-top:0!important}.mt-xxl-1{margin-top:.25rem!important}.mt-xxl-2{margin-top:.5rem!important}.mt-xxl-3{margin-top:1rem!important}.mt-xxl-4{margin-top:1.5rem!important}.mt-xxl-5{margin-top:3rem!important}.mt-xxl-auto{margin-top:auto!important}.me-xxl-0{margin-right:0!important}.me-xxl-1{margin-right:.25rem!important}.me-xxl-2{margin-right:.5rem!important}.me-xxl-3{margin-right:1rem!important}.me-xxl-4{margin-right:1.5rem!important}.me-xxl-5{margin-right:3rem!important}.me-xxl-auto{margin-right:auto!important}.mb-xxl-0{margin-bottom:0!important}.mb-xxl-1{margin-bottom:.25rem!important}.mb-xxl-2{margin-bottom:.5rem!important}.mb-xxl-3{margin-bottom:1rem!important}.mb-xxl-4{margin-bottom:1.5rem!important}.mb-xxl-5{margin-bottom:3rem!important}.mb-xxl-auto{margin-bottom:auto!important}.ms-xxl-0{margin-left:0!important}.ms-xxl-1{margin-left:.25rem!important}.ms-xxl-2{margin-left:.5rem!important}.ms-xxl-3{margin-left:1rem!important}.ms-xxl-4{margin-left:1.5rem!important}.ms-xxl-5{margin-left:3rem!important}.ms-xxl-auto{margin-left:auto!important}.p-xxl-0{padding:0!important}.p-xxl-1{padding:.25rem!important}.p-xxl-2{padding:.5rem!important}.p-xxl-3{padding:1rem!important}.p-xxl-4{padding:1.5rem!important}.p-xxl-5{padding:3rem!important}.px-xxl-0{padding-right:0!important;padding-left:0!important}.px-xxl-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-xxl-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-xxl-3{padding-right:1rem!important;padding-left:1rem!important}.px-xxl-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-xxl-5{padding-right:3rem!important;padding-left:3rem!important}.py-xxl-0{padding-top:0!important;padding-bottom:0!important}.py-xxl-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-xxl-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-xxl-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-xxl-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-xxl-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-xxl-0{padding-top:0!important}.pt-xxl-1{padding-top:.25rem!important}.pt-xxl-2{padding-top:.5rem!important}.pt-xxl-3{padding-top:1rem!important}.pt-xxl-4{padding-top:1.5rem!important}.pt-xxl-5{padding-top:3rem!important}.pe-xxl-0{padding-right:0!important}.pe-xxl-1{padding-right:.25rem!important}.pe-xxl-2{padding-right:.5rem!important}.pe-xxl-3{padding-right:1rem!important}.pe-xxl-4{padding-right:1.5rem!important}.pe-xxl-5{padding-right:3rem!important}.pb-xxl-0{padding-bottom:0!important}.pb-xxl-1{padding-bottom:.25rem!important}.pb-xxl-2{padding-bottom:.5rem!important}.pb-xxl-3{padding-bottom:1rem!important}.pb-xxl-4{padding-bottom:1.5rem!important}.pb-xxl-5{padding-bottom:3rem!important}.ps-xxl-0{padding-left:0!important}.ps-xxl-1{padding-left:.25rem!important}.ps-xxl-2{padding-left:.5rem!important}.ps-xxl-3{padding-left:1rem!important}.ps-xxl-4{padding-left:1.5rem!important}.ps-xxl-5{padding-left:3rem!important}.gap-xxl-0{gap:0!important}.gap-xxl-1{gap:.25rem!important}.gap-xxl-2{gap:.5rem!important}.gap-xxl-3{gap:1rem!important}.gap-xxl-4{gap:1.5rem!important}.gap-xxl-5{gap:3rem!important}.text-xxl-start{text-align:left!important}.text-xxl-end{text-align:right!important}.text-xxl-center{text-align:center!important}}@media (min-width:1200px){.fs-1{font-size:2.5rem!important}.fs-2{font-size:2rem!important}.fs-3{font-size:1.75rem!important}.fs-4{font-size:1.5rem!important}}@media print{.d-print-inline{display:inline!important}.d-print-inline-block{display:inline-block!important}.d-print-block{display:block!important}.d-print-grid{display:grid!important}.d-print-table{display:table!important}.d-print-table-row{display:table-row!important}.d-print-table-cell{display:table-cell!important}.d-print-flex{display:flex!important}.d-print-inline-flex{display:inline-flex!important}.d-print-none{display:none!important}}:root{color-scheme:light}.navbar{font-weight:300}.bg-primary .dropdown-menu{background-color:#008cba}.bg-primary .dropdown-menu .dropdown-item,.bg-primary .dropdown-menu .dropdown-item:focus{color:rgba(255,255,255,.7)}.bg-primary .dropdown-menu .dropdown-item.active,.bg-primary .dropdown-menu .dropdown-item:focus,.bg-primary .dropdown-menu .dropdown-item:hover{color:#fff;background-color:#007ea7}.bg-dark{background-color:#333!important}.bg-dark .dropdown-menu{background-color:#333}.bg-dark .dropdown-menu .dropdown-item,.bg-dark .dropdown-menu .dropdown-item:focus{color:rgba(255,255,255,.7)}.bg-dark .dropdown-menu .dropdown-item.active,.bg-dark .dropdown-menu .dropdown-item:focus,.bg-dark .dropdown-menu .dropdown-item:hover{color:#fff;background-color:#2e2e2e}.bg-light .dropdown-menu{background-color:#eee}.bg-light .dropdown-menu .dropdown-item,.bg-light .dropdown-menu .dropdown-item:focus{color:rgba(0,0,0,.55)}.bg-light .dropdown-menu .dropdown-item.active,.bg-light .dropdown-menu .dropdown-item:focus,.bg-light .dropdown-menu .dropdown-item:hover{color:rgba(0,0,0,.7);background-color:#f0f0f0}.btn-primary{border-color:#007ea7}.btn-secondary{border-color:#d6d6d6}.btn-success{border-color:#3c9b5f}.btn-info{color:#fff;border-color:#52adc8}.btn-danger{border-color:#d83b20}.btn-warning{color:#fff;border-color:#d28202}.btn-light{border-color:#d6d6d6}.btn-dark{border-color:#1f1f1f}.btn-outline-secondary{color:#000}.btn-group .dropdown-menu{border-top-width:0}.btn-group .dropdown-toggle.btn-primary~.dropdown-menu{background-color:#008cba;border-color:#007ea7}.btn-group .dropdown-toggle.btn-primary~.dropdown-menu .dropdown-item{color:#fff}.btn-group .dropdown-toggle.btn-primary~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-primary~.dropdown-menu .dropdown-item:hover{background-color:#00769c}.btn-group .dropdown-toggle.btn-secondary~.dropdown-menu{background-color:#eee;border-color:#d6d6d6}.btn-group .dropdown-toggle.btn-secondary~.dropdown-menu .dropdown-item{color:#222}.btn-group .dropdown-toggle.btn-secondary~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-secondary~.dropdown-menu .dropdown-item:hover{background-color:#c8c8c8}.btn-group .dropdown-toggle.btn-success~.dropdown-menu{background-color:#43ac6a;border-color:#3c9b5f}.btn-group .dropdown-toggle.btn-success~.dropdown-menu .dropdown-item{color:#fff}.btn-group .dropdown-toggle.btn-success~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-success~.dropdown-menu .dropdown-item:hover{background-color:#389059}.btn-group .dropdown-toggle.btn-info~.dropdown-menu{background-color:#5bc0de;border-color:#52adc8}.btn-group .dropdown-toggle.btn-info~.dropdown-menu .dropdown-item{color:#fff}.btn-group .dropdown-toggle.btn-info~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-info~.dropdown-menu .dropdown-item:hover{background-color:#4ca1ba}.btn-group .dropdown-toggle.btn-warning~.dropdown-menu{background-color:#e99002;border-color:#d28202}.btn-group .dropdown-toggle.btn-warning~.dropdown-menu .dropdown-item{color:#fff}.btn-group .dropdown-toggle.btn-warning~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-warning~.dropdown-menu .dropdown-item:hover{background-color:#c47902}.btn-group .dropdown-toggle.btn-danger~.dropdown-menu{background-color:#f04124;border-color:#d83b20}.btn-group .dropdown-toggle.btn-danger~.dropdown-menu .dropdown-item{color:#fff}.btn-group .dropdown-toggle.btn-danger~.dropdown-menu .dropdown-item:focus,.btn-group .dropdown-toggle.btn-danger~.dropdown-menu .dropdown-item:hover{background-color:#ca371e}.text-secondary{color:#495057!important}.blockquote-footer{color:#888}table{font-size:.875rem}.checkbox,.control-label,.form-control-feedback,.help-block,.radio,label{font-size:.875rem}.dropdown-item{padding-top:.75rem;padding-bottom:.75rem;font-size:.875rem;font-weight:300}.nav-tabs .nav-link,.nav-tabs .nav-link.disabled,.nav-tabs .nav-link.disabled:focus,.nav-tabs .nav-link.disabled:hover{background-color:#eee;border-color:rgba(0,0,0,.1)}.nav-tabs .nav-item+.nav-item .nav-link{border-left:none}.nav-pills .active{border:1px solid #007ea7}.breadcrumb{font-size:.875rem;font-weight:300;text-transform:uppercase;border:1px solid rgba(0,0,0,.1)}.pagination{font-weight:300}.pagination .page-link{margin-right:.1em;margin-left:.1em;border-color:transparent;border-radius:3px}.pagination .page-link:focus,.pagination .page-link:hover{text-decoration:none}.pagination .page-item.disabled .page-link{border-color:transparent}.pagination .page-item:first-child .page-link,.pagination .page-item:last-child .page-link,.pagination-lg .page-item:first-child .page-link,.pagination-lg .page-item:last-child .page-link,.pagination-sm .page-item:first-child .page-link,.pagination-sm .page-item:last-child .page-link{border-radius:3px}.list-group{font-size:.875rem;font-weight:300}.alert{font-size:.875rem;font-weight:300;color:#fff}.alert .alert-link{color:#fff;text-decoration:underline}.alert:not(.alert-secondary):not(.alert-light) .btn-close{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23fff'%3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e")}.alert-light,.alert-light .alert-link,.alert-light a:not(.btn),.alert-secondary,.alert-secondary .alert-link,.alert-secondary a:not(.btn){color:#222}.badge.bg-light,.badge.bg-secondary{color:#222}.progress[value]{height:22px;padding:2px;background-color:#f6f6f6;border:1px solid #ccc}.popover-header{border-top-left-radius:0;border-top-right-radius:0} \ No newline at end of file diff --git a/dojo/static/dojo/css/dojo.css b/dojo/static/dojo/css/dojo.css index e77e012d54c..4a5cbf7e8ce 100644 --- a/dojo/static/dojo/css/dojo.css +++ b/dojo/static/dojo/css/dojo.css @@ -41,12 +41,14 @@ textarea, margin-left: 6px; } -a { - color: #546474; +.min, +.max { + overscroll-behavior: none!important; + overflow-x: clip!important; } -.progress-bar { - background-color: #546474; +a { + color: #546474; } .panel-default .btn-primary { @@ -124,6 +126,11 @@ a:hover { text-decoration: none; } +.nav.nav-second-level.nav-up { + transform: translateY(-100%); + margin-top: 41px; +} + .nav-tabs { border-bottom: 1px solid rgb(148, 168, 187); } @@ -326,6 +333,21 @@ form.metric_form p label { border-top: 0px solid #ddd; } +.panel-blue .panel-heading, +.panel-blue { + color: #f5f5f5; + background-color: #546474!important; + border-color: #546474!important; +} + +.panel-blue a { + color: #546474; +} + +.panel-blue a:hover { + color: #38434d; +} + .nowrap { white-space: nowrap; } @@ -365,6 +387,12 @@ form.metric_form p label { margin: -10px 1px 10px; } +.error-page-box { + display: inline-block; + vertical-align: middle; + padding-right: 25px; +} + .inline-block { display: inline-block; } @@ -584,7 +612,7 @@ form ul#id_accepted_findings input { } .pagination { - margin: 10px 0 15px; + margin: 10px; } .pagination>.active>a, .pagination>.active>a:focus, .pagination>.active>a:hover, .pagination>.active>span, .pagination>.active>span:focus, .pagination>.active>span:hover @@ -593,6 +621,11 @@ form ul#id_accepted_findings input { border-color: #546474; } +.pagination-in-panel { + margin-left: 10px!important; + margin-right: 10px!important; +} + #risk_acceptance table form { margin: 0; } @@ -664,7 +697,94 @@ div.page_select { } input#simple_search { + width: 100%!important; +} + +.support-page-wrapper { + display: flex; + flex-flow: column; + align-items: center; +} + +.support-container { + display: flex; + width: 75%; + margin-bottom: 150px; +} + +.support-box { + display: flex; + flex-direction: column; + justify-content: flex-start; + flex: 1; + font-size: 16px; + font-weight: 500; +} + +.support-box.shape { + border-radius: 12px; + padding: 10px 25px 25px 25px; + margin: 0px 10px 0px 10px; + transition: transform .5s; +} + +.community { + color: #546474!important; + background-color: #e7e7e7!important; +} + +.commercial { + color: #e7e7e7!important; + background-color: #1d4565!important; +} + +.support-box.hover:hover { + transform: translateY(-10px); +} + +.btn-primary.support { + font-size: 16px; + font-weight: 500; + padding: 10px!important; + border-radius: 6px!important; + margin: 20px 10px 0px 10px!important; + border: none!important; +} + +.btn-primary.support.dark:hover { + color: #546474!important; + background-color: #f7f7f7!important; +} + +.btn-primary.support.light:hover { + color: #e7e7e7!important; + background-color: #235175!important; +} + +.divider { + border-bottom: 1px solid; + margin: 10px 25px 15px 25px; +} + +.divider.dark { + border-color: #546474!important +} + +.divider.light { + border-color: #e7e7e7!important +} + +.dojo-modals-wrapper { + display: none; + flex-direction: column; + position: fixed; + z-index: 1; + padding-top: 100px; + left: 0; + top: 0; width: 100%; + height: 100%; + overflow: auto; } .footer { @@ -732,6 +852,11 @@ body #header form#api_selector .input a#explore { margin: 0 } +div.dataTables_wrapper +div.dataTables_filter { + margin: 10px!important; +} + .navbar li.search-form { width: 170px } @@ -977,6 +1102,11 @@ div.custom-search-form { width: 265px; } +.announcement-banner { + margin: 0px -15px; + border-radius: 0px 0px 4px 4px; +} + @media (min-width: 795px) { div.custom-search-form { height: 21px; @@ -995,18 +1125,30 @@ div.custom-search-form { #page-wrapper { margin: 75px 0 0 0; } + + #footer-wrapper { + margin: 75px 0 0 0; + } } @media (min-width: 359px) { #page-wrapper { margin: 100px 0 0 0; } + + #footer-wrapper { + margin: 100px 0 0 0; + } } @media (min-width: 600px) { #page-wrapper { margin: 50px 0 0 0; } + + #footer-wrapper { + margin: 50px 0 0 0; + } } @media (min-width: 768px) { @@ -1018,6 +1160,11 @@ div.custom-search-form { margin: 0 0 0 175px; } + #footer-wrapper { + margin: 0 0 0 175px; + border-left: 1px solid #e7e7e7; + } + li#minimize-menu-li { display: inline-block; visibility: visible; @@ -1060,6 +1207,11 @@ div.custom-search-form { body.min #page-wrapper { margin: 0 0 0 50px; + border-left: 1px solid #e7e7e7; + } + + body.min #footer-wrapper { + margin: 0 0 0 50px; } body.min div.navbar-default.sidebar { @@ -1081,6 +1233,10 @@ div.custom-search-form { body.max #min-menu i:before { content: "\f0a8" !important; } + + .announcement-banner { + margin: 0px -30px; + } } @@ -1105,6 +1261,31 @@ div.custom-search-form { margin-right: 25px; } +.dojo-filter-set.form-inline .filter-form-group { + display: flex; + flex-wrap: wrap; + flex-basis: auto; + flex-grow: 4; + align-content: stretch; + margin-bottom: 10px; + vertical-align: middle; + margin-right: 25px; +} + +.dojo-filter-set.form-inline .filter-form-input { + margin-right: 25px; + margin-bottom: 10px; +} + +.dojo-filter-set.form-inline .filter-form-control { + width: auto!important; + vertical-align: middle; +} + +.dojo-filter-set.form-inline .form-control { + height: auto!important; +} + .report-filter-set { padding-left: 10px; } @@ -1128,6 +1309,18 @@ div.custom-search-form { background-color: #f9f9f9; } +#the-filters-open { + background-color: #f9f9f9; +} + +#the-filters-paused { + background-color: #f9f9f9; +} + +#the-filters-closed { + background-color: #f9f9f9; +} + .panel-default { border: 1px solid #dddedf; } @@ -1201,6 +1394,17 @@ div.custom-search-form { border-left: 1px solid #dcdedf; } +.graph { + min-height: 158px; +} + +.graph-loader { + min-height: 158px; + display: flex; + flex-direction: column; + justify-content: center; +} + .panel-footer { background-color: #dddedf; border-top: 1px solid #ddd; @@ -1212,6 +1416,10 @@ div.custom-search-form { color: #246c91; } +div.dt-buttons { + margin: 10px!important; +} + table#product_types .btn-success{ background-color: #546474; border-color: #546474; @@ -1264,27 +1472,16 @@ span.pull-right.clickable i.glyphicon-chevron-up, span.pull-right.clickable i.gl background-color: rgb(255, 255, 123); } -.level1 { - background-color: #FEFFA2; -} -.level2 { - background-color: #B7D784; -} -.level3 { - background-color: #BDE8EF; -} + .benchmark_pass { - background-color: #DAF89F; + background-color: #dff0d8; } .benchmark_fail { - background-color: #FFEEEE; + background-color: #f2dede; } .benchmark_disabled { background-color: #eaedf2 } -.highlight_asvs_level_1 { - background-color: #89C4F4 -} form#quick-add-form { display: inline-block; @@ -1634,6 +1831,10 @@ small { min-width:200px; } +.EasyMDEContainer .table { + width: unset!important; +} + /* remove spinners (up & down arrow) for integer / number fields /* For Firefox */ @@ -1647,4 +1848,4 @@ input[type=number]::-webkit-inner-spin-button, input[type=number]::-webkit-outer-spin-button { -webkit-appearance: none; margin: 0; -} +} \ No newline at end of file diff --git a/dojo/static/dojo/js/cvss_calculator.js b/dojo/static/dojo/js/cvss_calculator.js index b1e170eeff1..83f9c2e354f 100644 --- a/dojo/static/dojo/js/cvss_calculator.js +++ b/dojo/static/dojo/js/cvss_calculator.js @@ -1,316 +1,316 @@ -var response = ''+ -''+ -''+ -''+ +'' + +' .scoreRating { position: absolute; top:-36px; right:0; padding: 0 0.4em; margin: 0 15px; border: 2px solid #666666; background: #dddddd;' + +' font-size:11px; border-radius: 10px; width: 100px; height: auto; line-height: 150%; text-align: center; }' + +' .scoreRating.none,' + +' .scoreRating.low,' + +' .scoreRating.medium,' + +' .scoreRating.high,' + +' .scoreRating.critical { color:#ffffff;}' + +'' + +' .scoreRating.none { background:#53aa33; border:2px solid #53aa33; }' + +' .scoreRating.low { background:#ffcb0d; border:2px solid #ffcb0d; }' + +' .scoreRating.medium { background:#f9a009; border:2px solid #f9a009; }' + +' .scoreRating.high { background:#df3d03; border:2px solid #df3d03; }' + +' .scoreRating.critical { background:#cc0500; border:2px solid #cc0500; }' + +' .scoreRating span { font-size: 150%; font-weight: bold; width: 100%; }' + +' .needBaseMetrics { text-align:center; line-height:100%; padding-top:5px; font-size:15px; }' + +'' + +' #baseMetricScore,' + +' #temporalMetricScore,' + +' #environmentalMetricScore { display: block; font-size: 32px; line-height: 32px; font-weight: normal; margin-top: 4px; }' + +'' + +' #baseSeverity,' + +' #temporalSeverity,' + +' #environmentalSeverity { font-size: 16px; font-weight: normal; margin-bottom: 5px; display: block; }' + +'' + +' div#scriptWarning { border: solid red 2px; background: #f5dddd; padding: 1em 1em 1em 1em; margin: 0.4em 0; }' + +'' + +'' + +'' + ''+ -''+ -''+ -'
    '+ -''+ -''+ -'
    '+ -' Base Score'+ -''+ -'
    '+ -''+ -'
    '+ -'

    Attack Vector (AV)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Attack Complexity (AC)

    '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Privileges Required (PR)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    User Interaction (UI)

    '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -''+ -''+ -'
    '+ -''+ -'
    '+ -'

    Scope (S)

    '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Confidentiality (C)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Integrity (I)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Availability (A)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -''+ -''+ -'
    '+ -'

    Select values for all base metrics to generate score

    '+ -' '+ -' '+ -'
    '+ -'
    '+ -'
    '+ -''+ +'' + +'' + +'' + +'' + +'' + +'
    ' + +' Base Score' + +'' + +'
    ' + +'' + +'
    ' + +'

    Attack Vector (AV)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Attack Complexity (AC)

    ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Privileges Required (PR)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    User Interaction (UI)

    ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'' + +'' + +'
    ' + +'' + +'
    ' + +'

    Scope (S)

    ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Confidentiality (C)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Integrity (I)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Availability (A)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'' + +'' + +'
    ' + +'

    Select values for all base metrics to generate score

    ' + +' ' + +' ' + +'
    ' + +'
    ' + +'
    ' + +'' + '
    '+ -'

    Vector String -'+ -' select values for all base metrics to generate a vector'+ -' '+ -'

    '+ -'
    '+ -''+ -''+ -'
    '+ -' Temporal Score'+ -''+ -'
    '+ -''+ -'
    '+ -'

    Exploit Code Maturity (E)

    '+ -' '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Remediation Level (RL)

    '+ -' '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Report Confidence (RC)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -''+ -'
    '+ -'

    Select values for all base metrics to generate score

    '+ -' '+ -' '+ -'
    '+ -'
    '+ -'
    '+ -''+ -''+ -''+ -'
    '+ -' Environmental Score'+ -''+ -'
    '+ -''+ -'
    '+ -'

    Confidentiality Requirement (CR)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Integrity Requirement (IR)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Availability Requirement (AR)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -'
    '+ -''+ -'
    '+ -'
    '+ -'

    Modified Attack Vector (MAV)

    '+ -' '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Attack Complexity (MAC)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Privileges Required (MPR)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified User Interaction (MUI)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Scope (MS)

    '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Confidentiality (MC)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Integrity (MI)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -''+ -'
    '+ -'

    Modified Availability (MA)

    '+ -' '+ -' '+ -' '+ -' '+ -'
    '+ -'
    '+ -''+ -'
    '+ -'

    Select values for all base metrics to generate score

    '+ -' '+ -' '+ -'
    '+ -'
    '+ -'
    '+ -''+ -'
    '+ +'

    Vector String -' + +' select values for all base metrics to generate a vector' + +' ' + +'

    ' + +'' + +'' + +'' + +'
    ' + +' Temporal Score' + +'' + +'
    ' + +'' + +'
    ' + +'

    Exploit Code Maturity (E)

    ' + +' ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Remediation Level (RL)

    ' + +' ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Report Confidence (RC)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'' + +'
    ' + +'

    Select values for all base metrics to generate score

    ' + +' ' + +' ' + +'
    ' + +'
    ' + +'
    ' + +'' + +'' + +'' + +'
    ' + +' Environmental Score' + +'' + +'
    ' + +'' + +'
    ' + +'

    Confidentiality Requirement (CR)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Integrity Requirement (IR)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Availability Requirement (AR)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'
    ' + +'' + +'
    ' + +'
    ' + +'

    Modified Attack Vector (MAV)

    ' + +' ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Attack Complexity (MAC)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Privileges Required (MPR)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified User Interaction (MUI)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Scope (MS)

    ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Confidentiality (MC)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Integrity (MI)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'' + +'
    ' + +'

    Modified Availability (MA)

    ' + +' ' + +' ' + +' ' + +' ' + +'
    ' + +'
    ' + +'' + +'
    ' + +'

    Select values for all base metrics to generate score

    ' + +' ' + +' ' + +'
    ' + +'
    ' + +'
    ' + +'' + +'' + ''; $(".cvsscalculator").parent().append(response); @@ -328,20 +328,19 @@ $(document).mouseup(function (e){ }); "use strict"; - function updateScores() { - var result = CVSS.calculateCVSSFromMetrics(inputValue('input[type="radio"][name=AV]:checked'), inputValue('input[type="radio"][name=AC]:checked'), inputValue('input[type="radio"][name=PR]:checked'), inputValue('input[type="radio"][name=UI]:checked'), inputValue('input[type="radio"][name=S]:checked'), inputValue('input[type="radio"][name=C]:checked'), inputValue('input[type="radio"][name=I]:checked'), inputValue('input[type="radio"][name=A]:checked'), inputValue('input[type="radio"][name=E]:checked'), inputValue('input[type="radio"][name=RL]:checked'), inputValue('input[type="radio"][name=RC]:checked'), inputValue('input[type="radio"][name=CR]:checked'), inputValue('input[type="radio"][name=IR]:checked'), inputValue('input[type="radio"][name=AR]:checked'), inputValue('input[type="radio"][name=MAV]:checked'), inputValue('input[type="radio"][name=MAC]:checked'), inputValue('input[type="radio"][name=MPR]:checked'), inputValue('input[type="radio"][name=MUI]:checked'), inputValue('input[type="radio"][name=MS]:checked'), inputValue('input[type="radio"][name=MC]:checked'), inputValue('input[type="radio"][name=MI]:checked'), inputValue('input[type="radio"][name=MA]:checked')); - if (result.success === true) { - var L = document.querySelectorAll(".needBaseMetrics"), - i = L.length; + var result = CVSS31.calculateCVSSFromMetrics(inputValue('input[type="radio"][name=AV]:checked'), inputValue('input[type="radio"][name=AC]:checked'), inputValue('input[type="radio"][name=PR]:checked'), inputValue('input[type="radio"][name=UI]:checked'), inputValue('input[type="radio"][name=S]:checked'), inputValue('input[type="radio"][name=C]:checked'), inputValue('input[type="radio"][name=I]:checked'), inputValue('input[type="radio"][name=A]:checked'), inputValue('input[type="radio"][name=E]:checked'), inputValue('input[type="radio"][name=RL]:checked'), inputValue('input[type="radio"][name=RC]:checked'), inputValue('input[type="radio"][name=CR]:checked'), inputValue('input[type="radio"][name=IR]:checked'), inputValue('input[type="radio"][name=AR]:checked'), inputValue('input[type="radio"][name=MAV]:checked'), inputValue('input[type="radio"][name=MAC]:checked'), inputValue('input[type="radio"][name=MPR]:checked'), inputValue('input[type="radio"][name=MUI]:checked'), inputValue('input[type="radio"][name=MS]:checked'), inputValue('input[type="radio"][name=MC]:checked'), inputValue('input[type="radio"][name=MI]:checked'), inputValue('input[type="radio"][name=MA]:checked')); + if (result.success === !0) { + var L = document.querySelectorAll(".needBaseMetrics") + , i = L.length; while (i--) { hide(L[i]) } - parentNode(text("#baseMetricScore", result.baseMetricScore), ".scoreRating").className = "scoreRating " + result.baseSeverity.toLowerCase(); + parentNode(text("#baseMetricScore", result.baseMetricScore), '.scoreRating').className = 'scoreRating ' + result.baseSeverity.toLowerCase(); text("#baseSeverity", "(" + result.baseSeverity + ")"); - parentNode(text("#temporalMetricScore", result.temporalMetricScore), ".scoreRating").className = "scoreRating " + result.temporalSeverity.toLowerCase(); + parentNode(text("#temporalMetricScore", result.temporalMetricScore), '.scoreRating').className = 'scoreRating ' + result.temporalSeverity.toLowerCase(); text("#temporalSeverity", "(" + result.temporalSeverity + ")"); - parentNode(text("#environmentalMetricScore", result.environmentalMetricScore), ".scoreRating").className = "scoreRating " + result.environmentalSeverity.toLowerCase(); + parentNode(text("#environmentalMetricScore", result.environmentalMetricScore), '.scoreRating').className = 'scoreRating ' + result.environmentalSeverity.toLowerCase(); text("#environmentalSeverity", "(" + result.environmentalSeverity + ")"); show(inputValue("#vectorString", result.vectorString)); document.getElementById("id_cvssv3").value = result.vectorString; @@ -367,80 +366,62 @@ function updateScores() { function delayedUpdateScores() { setTimeout(updateScores, 100) } -window.Element && function (ElementPrototype) { - ElementPrototype.matchesSelector = ElementPrototype.matchesSelector || ElementPrototype.mozMatchesSelector || ElementPrototype.msMatchesSelector || ElementPrototype.oMatchesSelector || ElementPrototype.webkitMatchesSelector || function (selector) { - var node = this, - nodes = (node.parentNode || node.document).querySelectorAll(selector), - i = -1; - while (nodes[++i] && nodes[i] != node) {} +window.Element && function(ElementPrototype) { + ElementPrototype.matchesSelector = ElementPrototype.matchesSelector || ElementPrototype.mozMatchesSelector || ElementPrototype.msMatchesSelector || ElementPrototype.oMatchesSelector || ElementPrototype.webkitMatchesSelector || function(selector) { + var node = this + , nodes = (node.parentNode || node.document).querySelectorAll(selector) + , i = -1; + while (nodes[++i] && nodes[i] != node) + ; return !!nodes[i] } }(Element.prototype); -var matchesSelector = function (node, selector) { - if (!("parentNode" in node) || !node.parentNode) { - return false - } +var matchesSelector = function(node, selector) { + if (!('parentNode'in node) || !node.parentNode) + return !1; return Array.prototype.indexOf.call(node.parentNode.querySelectorAll(selector)) != -1 }; - function node() { for (var i = 0; i < arguments.length; i++) { var o = arguments[i]; - if (typeof (o) == "string" && o) { - return document.querySelector(o) - } else { - if ("nodeName" in o) { - return o - } else { - if ("jquery" in o) { - return o.get(0) - } - } - } + if (typeof (o) == 'string' && o) + return document.querySelector(o); + else if ('nodeName'in o) + return o; + else if ('jquery'in o) + return o.get(0) } - return false + return !1 } - function parentNode(p, q) { - if (!p || !(p = node(p))) { + if (!p || !(p = node(p))) + return; + else if ((typeof (q) == 'string' && p.matchesSelector(q)) || p == q) + return p; + else if (p.nodeName.toLowerCase() != 'html') + return parentNode(p.parentNode, q); + else return - } else { - if ((typeof (q) == "string" && p.matchesSelector(q)) || p == q) { - return p - } else { - if (p.nodeName.toLowerCase() != "html") { - return parentNode(p.parentNode, q) - } else { - return - } - } - } } - function bind(q, tg, fn) { var o = node(q); - if (!o) { - return - } + if (!o) + return; if (o.addEventListener) { - o.addEventListener(tg, fn, false) + o.addEventListener(tg, fn, !1) + } else if (o.attachEvent) { + o.attachEvent('on' + tg, fn) } else { - if (o.attachEvent) { - o.attachEvent("on" + tg, fn) - } else { - o["on" + tg] = fn - } + o['on' + tg] = fn } return o } - function text(q, s) { var e = node(q); - if (!e) { - return - } + if (!e) + return; if (arguments.length > 1) { - if ("textContent" in e) { + if ('textContent'in e) { e.textContent = s } else { e.innerText = s @@ -449,39 +430,32 @@ function text(q, s) { } return e.textContent || e.innerText } - function hide(q) { var e = node(q); - if (!e) { - return - } - e.setAttribute("style", "display:none"); + if (!e) + return; + e.setAttribute('style', 'display:none'); return e } - function show(q) { var e = node(q); - if (!e) { - return - } - e.setAttribute("style", "display:inline-block"); + if (!e) + return; + e.setAttribute('style', 'display:inline-block'); return e } - function inputValue(q, v) { var e = document.querySelector(q); - if (!e || e.nodeName.toLowerCase() != "input") { - return - } + if (!e || e.nodeName.toLowerCase() != 'input') + return; if (arguments.length > 1) { e.value = v; return e } return e.value } - function setMetricsFromVector(vectorString) { - var result = true; + var result = !0; var urlMetric; var metricValuesToSet = { AV: undefined, @@ -506,17 +480,17 @@ function setMetricsFromVector(vectorString) { MC: "X", MI: "X", MA: "X" - }; - var vectorStringRegex_30 = /^CVSS:3.0\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; - if (vectorStringRegex_30.test(vectorString)) { - var urlMetrics = vectorString.substring("CVSS:3.0/".length).split("/"); + } + var vectorStringRegex_31 = /^CVSS:3.1\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; + if (vectorStringRegex_31.test(vectorString)) { + var urlMetrics = vectorString.substring("CVSS:3.1/".length).split("/"); for (var p in urlMetrics) { var urlMetric = urlMetrics[p].split(":"); metricValuesToSet[urlMetric[0]] = urlMetric[1] } if (metricValuesToSet.AV !== undefined && metricValuesToSet.AC !== undefined && metricValuesToSet.PR !== undefined && metricValuesToSet.UI !== undefined && metricValuesToSet.S !== undefined && metricValuesToSet.C !== undefined && metricValuesToSet.I !== undefined && metricValuesToSet.A !== undefined) { for (var p in metricValuesToSet) { - document.getElementById(p + "_" + metricValuesToSet[p]).checked = true + document.getElementById(p + "_" + metricValuesToSet[p]).checked = !0 } } else { result = "NotAllBaseMetricsProvided" @@ -528,19 +502,16 @@ function setMetricsFromVector(vectorString) { return result } var CVSSVectorInURL; - function urlhash() { var h = document.getElementById("id_cvssv3").value; CVSSVectorInURL = h; setMetricsFromVector(h) } - function inputSelect() { this.setSelectionRange(0, this.value.length) } - function cvssCalculator() { - if (!("CVSS" in window) || !("CVSS_Help" in window )) { + if (!('CVSS31'in window) || !('CVSS31_Help'in window)) { setTimeout(cvssCalculator, 100); return } @@ -548,17 +519,18 @@ function cvssCalculator() { L = document.querySelectorAll("#cvsscalculator input"); i = L.length; while (i--) { - bind(L[i], "click", delayedUpdateScores) + bind(L[i], 'click', delayedUpdateScores) } - for (n in CVSS_Help.helpText_en) { - document.getElementById(n).setAttribute("title", CVSS_Help.helpText_en[n]) + for (n in CVSS31_Help.helpText_en) { + document.getElementById(n).setAttribute('title', CVSS31_Help.helpText_en[n]) } urlhash(); - if (("onhashchange" in window)) { + if (("onhashchange"in window)) { window.onhashchange = urlhash } - bind(bind("#vectorString", "click", inputSelect), "contextmenu", inputSelect) + bind(bind("#vectorString", 'click', inputSelect), "contextmenu", inputSelect) } + if ((document.getElementById("id_cvssv3")) && (document.getElementById("cvsscalculator"))) { cvssCalculator(); } \ No newline at end of file diff --git a/dojo/static/dojo/js/cvsscalc30.js b/dojo/static/dojo/js/cvsscalc31.js similarity index 65% rename from dojo/static/dojo/js/cvsscalc30.js rename to dojo/static/dojo/js/cvsscalc31.js index 84c7f3cf380..20a5c8f6bd5 100644 --- a/dojo/static/dojo/js/cvsscalc30.js +++ b/dojo/static/dojo/js/cvsscalc31.js @@ -1,4 +1,4 @@ -/* Copyright (c) 2015, FIRST.ORG, INC. +/* Copyright (c) 2019, FIRST.ORG, INC. * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the @@ -22,12 +22,38 @@ /* This JavaScript contains two main functions. Both take CVSS metric values and calculate CVSS scores for Base, * Temporal and Environmental metric groups, their associated severity ratings, and an overall Vector String. * - * Use CVSS.calculateCVSSFromMetrics if you wish to pass metric values as individual parameters. - * Use CVSS.calculateCVSSFromVector if you wish to pass metric values as a single Vector String. + * Use CVSS31.calculateCVSSFromMetrics if you wish to pass metric values as individual parameters. + * Use CVSS31.calculateCVSSFromVector if you wish to pass metric values as a single Vector String. * * Changelog * - * 2018-02-15 Darius Wiles Added a missing pair of parantheses in the Environmental score, specifically + * 2019-06-01 Darius Wiles Updates for CVSS version 3.1: + * + * 1) The CVSS31.roundUp1 function now performs rounding using integer arithmetic to + * eliminate problems caused by tiny errors introduced during JavaScript math + * operations. Thanks to Stanislav Kontar of Red Hat for suggesting and testing + * various implementations. + * + * 2) Environmental formulas changed to prevent the Environmental Score decreasing when + * the value of an Environmental metric is raised. The problem affected a small + * percentage of CVSS v3.0 metrics. The change is to the modifiedImpact + * formula, but only affects scores where the Modified Scope is Changed (or the + * Scope is Changed if Modified Scope is Not Defined). + * + * 3) The JavaScript object containing everything in this file has been renamed from + * "CVSS" to "CVSS31" to allow both objects to be included without causing a + * naming conflict. + * + * 4) Variable names and code order have changed to more closely reflect the formulas + * in the CVSS v3.1 Specification Document. + * + * 5) A successful call to calculateCVSSFromMetrics now returns sub-formula values. + * + * Note that some sets of metrics will produce different scores between CVSS v3.0 and + * v3.1 as a result of changes 1 and 2. See the explanation of changes between these + * two standards in the CVSS v3.1 User Guide for more details. + * + * 2018-02-15 Darius Wiles Added a missing pair of parentheses in the Environmental score, specifically * in the code setting envScore in the main clause (not the else clause). It was changed * from "min (...), 10" to "min ((...), 10)". This correction does not alter any final * Environmental scores. @@ -54,23 +80,23 @@ // Constants used in the formula. They are not declared as "const" to avoid problems in older browsers. -var CVSS = {}; +var CVSS31 = {}; -CVSS.CVSSVersionIdentifier = "CVSS:3.0"; -CVSS.exploitabilityCoefficient = 8.22; -CVSS.scopeCoefficient = 1.08; +CVSS31.CVSSVersionIdentifier = "CVSS:3.1"; +CVSS31.exploitabilityCoefficient = 8.22; +CVSS31.scopeCoefficient = 1.08; -// A regular expression to validate that a CVSS 3.0 vector string is well formed. It checks metrics and metric +// A regular expression to validate that a CVSS 3.1 vector string is well formed. It checks metrics and metric // values. It does not check that a metric is specified more than once and it does not check that all base // metrics are present. These checks need to be performed separately. -CVSS.vectorStringRegex_30 = /^CVSS:3\.0\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; +CVSS31.vectorStringRegex_31 = /^CVSS:3\.1\/((AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])\/)*(AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]|E:[XUPFH]|RL:[XOTWU]|RC:[XURC]|[CIA]R:[XLMH]|MAV:[XNALP]|MAC:[XLH]|MPR:[XUNLH]|MUI:[XNR]|MS:[XUC]|M[CIA]:[XNLH])$/; -// Associative arrays mapping each metric value to the constant defined in the CVSS scoring formula in the CVSS v3.0 +// Associative arrays mapping each metric value to the constant defined in the CVSS scoring formula in the CVSS v3.1 // specification. -CVSS.Weight = { +CVSS31.Weight = { AV: { N: 0.85, A: 0.62, L: 0.55, P: 0.2}, AC: { H: 0.44, L: 0.77}, PR: { U: {N: 0.85, L: 0.62, H: 0.27}, // These values are used if Scope is Unchanged @@ -87,21 +113,21 @@ CVSS.Weight = { }; -// Severity rating bands, as defined in the CVSS v3.0 specification. +// Severity rating bands, as defined in the CVSS v3.1 specification. -CVSS.severityRatings = [ { name: "None", bottom: 0.0, top: 0.0}, - { name: "Low", bottom: 0.1, top: 3.9}, - { name: "Medium", bottom: 4.0, top: 6.9}, - { name: "High", bottom: 7.0, top: 8.9}, - { name: "Critical", bottom: 9.0, top: 10.0} ]; +CVSS31.severityRatings = [ { name: "None", bottom: 0.0, top: 0.0}, + { name: "Low", bottom: 0.1, top: 3.9}, + { name: "Medium", bottom: 4.0, top: 6.9}, + { name: "High", bottom: 7.0, top: 8.9}, + { name: "Critical", bottom: 9.0, top: 10.0} ]; -/* ** CVSS.calculateCVSSFromMetrics ** +/* ** CVSS31.calculateCVSSFromMetrics ** * * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.0 standard definition of the Vector String. For example, the AttackComplexity parameter + * defined in the CVSS v3.1 standard definition of the Vector String. For example, the AttackComplexity parameter * should be either "H" or "L". * * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics @@ -117,14 +143,19 @@ CVSS.severityRatings = [ { name: "None", bottom: 0.0, top: 0.0}, * environmentalMetricScore, environmentalSeverity, * vectorString * + * The following properties are also defined, and contain sub-formula values: + * baseISS, baseImpact, baseExploitability, + * environmentalMISS, environmentalModifiedImpact, environmentalModifiedExploitability + * + * * If errors are encountered, success is Boolean "false", and the following other properties are defined: * errorType - a string indicating the error. Either: * "MissingBaseMetric", if at least one Base metric has not been defined; or * "UnknownMetricValue", if at least one metric value is invalid. * errorMetrics - an array of strings representing the metrics at fault. The strings are abbreviated versions of the - * metrics, as defined in the CVSS v3.0 standard definition of the Vector String. + * metrics, as defined in the CVSS v3.1 standard definition of the Vector String. */ -CVSS.calculateCVSSFromMetrics = function ( +CVSS31.calculateCVSSFromMetrics = function ( AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, ExploitCodeMaturity, RemediationLevel, ReportConfidence, ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, @@ -196,30 +227,30 @@ CVSS.calculateCVSSFromMetrics = function ( // with their Base metric equivalents later in the function. For example, an MAV of "X" will be replaced with the // value given for AV. We therefore need to explicitly allow a value of "X" for Environmental metrics. - if (!CVSS.Weight.AV.hasOwnProperty(AV)) { badMetrics.push("AV"); } - if (!CVSS.Weight.AC.hasOwnProperty(AC)) { badMetrics.push("AC"); } - if (!CVSS.Weight.PR.U.hasOwnProperty(PR)) { badMetrics.push("PR"); } - if (!CVSS.Weight.UI.hasOwnProperty(UI)) { badMetrics.push("UI"); } - if (!CVSS.Weight.S.hasOwnProperty(S)) { badMetrics.push("S"); } - if (!CVSS.Weight.CIA.hasOwnProperty(C)) { badMetrics.push("C"); } - if (!CVSS.Weight.CIA.hasOwnProperty(I)) { badMetrics.push("I"); } - if (!CVSS.Weight.CIA.hasOwnProperty(A)) { badMetrics.push("A"); } - - if (!CVSS.Weight.E.hasOwnProperty(E)) { badMetrics.push("E"); } - if (!CVSS.Weight.RL.hasOwnProperty(RL)) { badMetrics.push("RL"); } - if (!CVSS.Weight.RC.hasOwnProperty(RC)) { badMetrics.push("RC"); } - - if (!(CR === "X" || CVSS.Weight.CIAR.hasOwnProperty(CR))) { badMetrics.push("CR"); } - if (!(IR === "X" || CVSS.Weight.CIAR.hasOwnProperty(IR))) { badMetrics.push("IR"); } - if (!(AR === "X" || CVSS.Weight.CIAR.hasOwnProperty(AR))) { badMetrics.push("AR"); } - if (!(MAV === "X" || CVSS.Weight.AV.hasOwnProperty(MAV))) { badMetrics.push("MAV"); } - if (!(MAC === "X" || CVSS.Weight.AC.hasOwnProperty(MAC))) { badMetrics.push("MAC"); } - if (!(MPR === "X" || CVSS.Weight.PR.U.hasOwnProperty(MPR))) { badMetrics.push("MPR"); } - if (!(MUI === "X" || CVSS.Weight.UI.hasOwnProperty(MUI))) { badMetrics.push("MUI"); } - if (!(MS === "X" || CVSS.Weight.S.hasOwnProperty(MS))) { badMetrics.push("MS"); } - if (!(MC === "X" || CVSS.Weight.CIA.hasOwnProperty(MC))) { badMetrics.push("MC"); } - if (!(MI === "X" || CVSS.Weight.CIA.hasOwnProperty(MI))) { badMetrics.push("MI"); } - if (!(MA === "X" || CVSS.Weight.CIA.hasOwnProperty(MA))) { badMetrics.push("MA"); } + if (!CVSS31.Weight.AV.hasOwnProperty(AV)) { badMetrics.push("AV"); } + if (!CVSS31.Weight.AC.hasOwnProperty(AC)) { badMetrics.push("AC"); } + if (!CVSS31.Weight.PR.U.hasOwnProperty(PR)) { badMetrics.push("PR"); } + if (!CVSS31.Weight.UI.hasOwnProperty(UI)) { badMetrics.push("UI"); } + if (!CVSS31.Weight.S.hasOwnProperty(S)) { badMetrics.push("S"); } + if (!CVSS31.Weight.CIA.hasOwnProperty(C)) { badMetrics.push("C"); } + if (!CVSS31.Weight.CIA.hasOwnProperty(I)) { badMetrics.push("I"); } + if (!CVSS31.Weight.CIA.hasOwnProperty(A)) { badMetrics.push("A"); } + + if (!CVSS31.Weight.E.hasOwnProperty(E)) { badMetrics.push("E"); } + if (!CVSS31.Weight.RL.hasOwnProperty(RL)) { badMetrics.push("RL"); } + if (!CVSS31.Weight.RC.hasOwnProperty(RC)) { badMetrics.push("RC"); } + + if (!(CR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(CR))) { badMetrics.push("CR"); } + if (!(IR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(IR))) { badMetrics.push("IR"); } + if (!(AR === "X" || CVSS31.Weight.CIAR.hasOwnProperty(AR))) { badMetrics.push("AR"); } + if (!(MAV === "X" || CVSS31.Weight.AV.hasOwnProperty(MAV))) { badMetrics.push("MAV"); } + if (!(MAC === "X" || CVSS31.Weight.AC.hasOwnProperty(MAC))) { badMetrics.push("MAC"); } + if (!(MPR === "X" || CVSS31.Weight.PR.U.hasOwnProperty(MPR))) { badMetrics.push("MPR"); } + if (!(MUI === "X" || CVSS31.Weight.UI.hasOwnProperty(MUI))) { badMetrics.push("MUI"); } + if (!(MS === "X" || CVSS31.Weight.S.hasOwnProperty(MS))) { badMetrics.push("MS"); } + if (!(MC === "X" || CVSS31.Weight.CIA.hasOwnProperty(MC))) { badMetrics.push("MC"); } + if (!(MI === "X" || CVSS31.Weight.CIA.hasOwnProperty(MI))) { badMetrics.push("MI"); } + if (!(MA === "X" || CVSS31.Weight.CIA.hasOwnProperty(MA))) { badMetrics.push("MA"); } if (badMetrics.length > 0) { return { success: false, errorType: "UnknownMetricValue", errorMetrics: badMetrics }; @@ -229,102 +260,110 @@ CVSS.calculateCVSSFromMetrics = function ( // GATHER WEIGHTS FOR ALL METRICS - var metricWeightAV = CVSS.Weight.AV [AV]; - var metricWeightAC = CVSS.Weight.AC [AC]; - var metricWeightPR = CVSS.Weight.PR [S][PR]; // PR depends on the value of Scope (S). - var metricWeightUI = CVSS.Weight.UI [UI]; - var metricWeightS = CVSS.Weight.S [S]; - var metricWeightC = CVSS.Weight.CIA [C]; - var metricWeightI = CVSS.Weight.CIA [I]; - var metricWeightA = CVSS.Weight.CIA [A]; + var metricWeightAV = CVSS31.Weight.AV [AV]; + var metricWeightAC = CVSS31.Weight.AC [AC]; + var metricWeightPR = CVSS31.Weight.PR [S][PR]; // PR depends on the value of Scope (S). + var metricWeightUI = CVSS31.Weight.UI [UI]; + var metricWeightS = CVSS31.Weight.S [S]; + var metricWeightC = CVSS31.Weight.CIA [C]; + var metricWeightI = CVSS31.Weight.CIA [I]; + var metricWeightA = CVSS31.Weight.CIA [A]; - var metricWeightE = CVSS.Weight.E [E]; - var metricWeightRL = CVSS.Weight.RL [RL]; - var metricWeightRC = CVSS.Weight.RC [RC]; + var metricWeightE = CVSS31.Weight.E [E]; + var metricWeightRL = CVSS31.Weight.RL [RL]; + var metricWeightRC = CVSS31.Weight.RC [RC]; // For metrics that are modified versions of Base Score metrics, e.g. Modified Attack Vector, use the value of // the Base Score metric if the modified version value is "X" ("Not Defined"). - var metricWeightCR = CVSS.Weight.CIAR [CR]; - var metricWeightIR = CVSS.Weight.CIAR [IR]; - var metricWeightAR = CVSS.Weight.CIAR [AR]; - var metricWeightMAV = CVSS.Weight.AV [MAV !== "X" ? MAV : AV]; - var metricWeightMAC = CVSS.Weight.AC [MAC !== "X" ? MAC : AC]; - var metricWeightMPR = CVSS.Weight.PR [MS !== "X" ? MS : S] [MPR !== "X" ? MPR : PR]; // Depends on MS. - var metricWeightMUI = CVSS.Weight.UI [MUI !== "X" ? MUI : UI]; - var metricWeightMS = CVSS.Weight.S [MS !== "X" ? MS : S]; - var metricWeightMC = CVSS.Weight.CIA [MC !== "X" ? MC : C]; - var metricWeightMI = CVSS.Weight.CIA [MI !== "X" ? MI : I]; - var metricWeightMA = CVSS.Weight.CIA [MA !== "X" ? MA : A]; + var metricWeightCR = CVSS31.Weight.CIAR [CR]; + var metricWeightIR = CVSS31.Weight.CIAR [IR]; + var metricWeightAR = CVSS31.Weight.CIAR [AR]; + var metricWeightMAV = CVSS31.Weight.AV [MAV !== "X" ? MAV : AV]; + var metricWeightMAC = CVSS31.Weight.AC [MAC !== "X" ? MAC : AC]; + var metricWeightMPR = CVSS31.Weight.PR [MS !== "X" ? MS : S] [MPR !== "X" ? MPR : PR]; // Depends on MS. + var metricWeightMUI = CVSS31.Weight.UI [MUI !== "X" ? MUI : UI]; + var metricWeightMS = CVSS31.Weight.S [MS !== "X" ? MS : S]; + var metricWeightMC = CVSS31.Weight.CIA [MC !== "X" ? MC : C]; + var metricWeightMI = CVSS31.Weight.CIA [MI !== "X" ? MI : I]; + var metricWeightMA = CVSS31.Weight.CIA [MA !== "X" ? MA : A]; // CALCULATE THE CVSS BASE SCORE + var iss; /* Impact Sub-Score */ + var impact; + var exploitability; var baseScore; - var impactSubScore; - var exploitabalitySubScore = CVSS.exploitabilityCoefficient * metricWeightAV * metricWeightAC * metricWeightPR * metricWeightUI; - var impactSubScoreMultiplier = (1 - ((1 - metricWeightC) * (1 - metricWeightI) * (1 - metricWeightA))); + + iss = (1 - ((1 - metricWeightC) * (1 - metricWeightI) * (1 - metricWeightA))); if (S === 'U') { - impactSubScore = metricWeightS * impactSubScoreMultiplier; + impact = metricWeightS * iss; } else { - impactSubScore = metricWeightS * (impactSubScoreMultiplier - 0.029) - 3.25 * Math.pow(impactSubScoreMultiplier - 0.02, 15); + impact = metricWeightS * (iss - 0.029) - 3.25 * Math.pow(iss - 0.02, 15); } - if (impactSubScore <= 0) { + exploitability = CVSS31.exploitabilityCoefficient * metricWeightAV * metricWeightAC * metricWeightPR * metricWeightUI; + + if (impact <= 0) { baseScore = 0; } else { if (S === 'U') { - baseScore = CVSS.roundUp1(Math.min((exploitabalitySubScore + impactSubScore), 10)); + baseScore = CVSS31.roundUp1(Math.min((exploitability + impact), 10)); } else { - baseScore = CVSS.roundUp1(Math.min((exploitabalitySubScore + impactSubScore) * CVSS.scopeCoefficient, 10)); + baseScore = CVSS31.roundUp1(Math.min(CVSS31.scopeCoefficient * (exploitability + impact), 10)); } } - // CALCULATE THE CVSS TEMPORAL SCORE - var temporalScore = CVSS.roundUp1(baseScore * metricWeightE * metricWeightRL * metricWeightRC); + var temporalScore = CVSS31.roundUp1(baseScore * metricWeightE * metricWeightRL * metricWeightRC); // CALCULATE THE CVSS ENVIRONMENTAL SCORE // - // - envExploitabalitySubScore recalculates the Base Score Exploitability sub-score using any modified values from the + // - modifiedExploitability recalculates the Base Score Exploitability sub-score using any modified values from the // Environmental metrics group in place of the values specified in the Base Score, if any have been defined. - // - envAdjustedImpactSubScore recalculates the Base Score Impact sub-score using any modified values from the + // - modifiedImpact recalculates the Base Score Impact sub-score using any modified values from the // Environmental metrics group in place of the values specified in the Base Score, and any additional weightings // given in the Environmental metrics group. + var miss; /* Modified Impact Sub-Score */ + var modifiedImpact; var envScore; - var envModifiedImpactSubScore; - var envModifiedExploitabalitySubScore = CVSS.exploitabilityCoefficient * metricWeightMAV * metricWeightMAC * metricWeightMPR * metricWeightMUI; + var modifiedExploitability; - var envImpactSubScoreMultiplier = Math.min (1 - ( - (1 - metricWeightMC * metricWeightCR) * - (1 - metricWeightMI * metricWeightIR) * - (1 - metricWeightMA * metricWeightAR)), 0.915); + miss = Math.min (1 - + ( (1 - metricWeightMC * metricWeightCR) * + (1 - metricWeightMI * metricWeightIR) * + (1 - metricWeightMA * metricWeightAR)), 0.915); if (MS === "U" || (MS === "X" && S === "U")) { - envModifiedImpactSubScore = metricWeightMS * envImpactSubScoreMultiplier; - envScore = CVSS.roundUp1(CVSS.roundUp1(Math.min((envModifiedImpactSubScore + envModifiedExploitabalitySubScore), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); - } else { - envModifiedImpactSubScore = metricWeightMS * (envImpactSubScoreMultiplier - 0.029) - 3.25 * Math.pow(envImpactSubScoreMultiplier - 0.02, 15); - envScore = CVSS.roundUp1(CVSS.roundUp1(Math.min(CVSS.scopeCoefficient * (envModifiedImpactSubScore + envModifiedExploitabalitySubScore), 10)) * - metricWeightE * metricWeightRL * metricWeightRC); + modifiedImpact = metricWeightMS * miss; + } else { + modifiedImpact = metricWeightMS * (miss - 0.029) - 3.25 * Math.pow(miss * 0.9731 - 0.02, 13); } - if (envModifiedImpactSubScore <= 0) { + modifiedExploitability = CVSS31.exploitabilityCoefficient * metricWeightMAV * metricWeightMAC * metricWeightMPR * metricWeightMUI; + + if (modifiedImpact <= 0) { envScore = 0; + } else if (MS === "U" || (MS === "X" && S === "U")) { + envScore = CVSS31.roundUp1(CVSS31.roundUp1(Math.min((modifiedImpact + modifiedExploitability), 10)) * + metricWeightE * metricWeightRL * metricWeightRC); + } else { + envScore = CVSS31.roundUp1(CVSS31.roundUp1(Math.min(CVSS31.scopeCoefficient * (modifiedImpact + modifiedExploitability), 10)) * + metricWeightE * metricWeightRL * metricWeightRC); } // CONSTRUCT THE VECTOR STRING var vectorString = - CVSS.CVSSVersionIdentifier + + CVSS31.CVSSVersionIdentifier + "/AV:" + AV + "/AC:" + AC + "/PR:" + PR + @@ -352,17 +391,25 @@ CVSS.calculateCVSSFromMetrics = function ( // Return an object containing the scores for all three metric groups, and an overall vector string. + // Sub-formula values are also included. return { success: true, + baseMetricScore: baseScore.toFixed(1), - baseSeverity: CVSS.severityRating( baseScore.toFixed(1) ), + baseSeverity: CVSS31.severityRating( baseScore.toFixed(1) ), + baseISS: iss, + baseImpact: impact, + baseExploitability: exploitability, temporalMetricScore: temporalScore.toFixed(1), - temporalSeverity: CVSS.severityRating( temporalScore.toFixed(1) ), + temporalSeverity: CVSS31.severityRating( temporalScore.toFixed(1) ), environmentalMetricScore: envScore.toFixed(1), - environmentalSeverity: CVSS.severityRating( envScore.toFixed(1) ), + environmentalSeverity: CVSS31.severityRating( envScore.toFixed(1) ), + environmentalMISS: miss, + environmentalModifiedImpact: modifiedImpact, + environmentalModifiedExploitability: modifiedExploitability, vectorString: vectorString }; @@ -371,22 +418,22 @@ CVSS.calculateCVSSFromMetrics = function ( -/* ** CVSS.calculateCVSSFromVector ** +/* ** CVSS31.calculateCVSSFromVector ** * * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.0 standard definition of the Vector String. + * in the CVSS v3.1 standard definition of the Vector String. * * Returns Base, Temporal and Environmental scores, severity ratings, and an overall Vector String. All Base metrics * are required to generate this output. All Temporal and Environmental metric values are optional. Any that are not * passed default to "X" ("Not Defined"). * - * See the comment for the CVSS.calculateCVSSFromMetrics function for details on the function output. In addition to + * See the comment for the CVSS31.calculateCVSSFromMetrics function for details on the function output. In addition to * the error conditions listed for that function, this function can also return: - * "MalformedVectorString", if the Vector String passed is does not conform to the format in the standard; or + * "MalformedVectorString", if the Vector String passed does not conform to the format in the standard; or * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), * more than once. */ -CVSS.calculateCVSSFromVector = function ( vectorString ) { +CVSS31.calculateCVSSFromVector = function ( vectorString ) { var metricValues = { AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, @@ -400,11 +447,11 @@ CVSS.calculateCVSSFromVector = function ( vectorString ) { // If input validation fails, this array is populated with strings indicating which metrics failed validation. var badMetrics = []; - if (!CVSS.vectorStringRegex_30.test(vectorString)) { + if (!CVSS31.vectorStringRegex_31.test(vectorString)) { return { success: false, errorType: "MalformedVectorString" }; } - var metricNameValue = vectorString.substring(CVSS.CVSSVersionIdentifier.length).split("/"); + var metricNameValue = vectorString.substring(CVSS31.CVSSVersionIdentifier.length).split("/"); for (var i in metricNameValue) { if (metricNameValue.hasOwnProperty(i)) { @@ -423,7 +470,7 @@ CVSS.calculateCVSSFromVector = function ( vectorString ) { return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; } - return CVSS.calculateCVSSFromMetrics ( + return CVSS31.calculateCVSSFromMetrics ( metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, metricValues.C, metricValues.I, metricValues.A, metricValues.E, metricValues.RL, metricValues.RC, @@ -435,21 +482,37 @@ CVSS.calculateCVSSFromVector = function ( vectorString ) { -/* ** CVSS.roundUp1 ** +/* ** CVSS31.roundUp1 ** * - * Rounds up the number passed as a parameter to 1 decimal place and returns the result. + * Rounds up its parameter to 1 decimal place and returns the result. * * Standard JavaScript errors thrown when arithmetic operations are performed on non-numbers will be returned if the * given input is not a number. + * + * Implementation note: Tiny representation errors in floating point numbers makes rounding complex. For example, + * consider calculating Math.ceil((1-0.58)*100) by hand. It can be simplified to Math.ceil(0.42*100), then + * Math.ceil(42), and finally 42. Most JavaScript implementations give 43. The problem is that, on many systems, + * 1-0.58 = 0.42000000000000004, and the tiny error is enough to push ceil up to the next integer. The implementation + * below avoids such problems by performing the rounding using integers. The input is first multiplied by 100,000 + * and rounded to the nearest integer to consider 6 decimal places of accuracy, so 0.000001 results in 0.0, but + * 0.000009 results in 0.1. + * + * A more elegant solution may be possible, but the following gives answers consistent with results from an arbitrary + * precision library. */ -CVSS.roundUp1 = function (d) { - return Math.ceil (d * 10) / 10; -}; +CVSS31.roundUp1 = function Roundup (input) { + var int_input = Math.round(input * 100000); + if (int_input % 10000 === 0) { + return int_input / 100000; + } else { + return (Math.floor(int_input / 10000) + 1) / 10; + } +}; -/* ** CVSS.severityRating ** +/* ** CVSS31.severityRating ** * * Given a CVSS score, returns the name of the severity rating as defined in the CVSS standard. * The input needs to be a number between 0.0 to 10.0, to one decimal place of precision. @@ -458,8 +521,8 @@ CVSS.roundUp1 = function (d) { * NaN (JavaScript "Not a Number") - if the input is not a number. * undefined - if the input is a number that is not within the range of any defined severity rating. */ -CVSS.severityRating = function (score) { - var severityRatingLength = CVSS.severityRatings.length; +CVSS31.severityRating = function (score) { + var severityRatingLength = CVSS31.severityRatings.length; var validatedScore = Number(score); @@ -468,8 +531,8 @@ CVSS.severityRating = function (score) { } for (var i = 0; i < severityRatingLength; i++) { - if (score >= CVSS.severityRatings[i].bottom && score <= CVSS.severityRatings[i].top) { - return CVSS.severityRatings[i].name; + if (score >= CVSS31.severityRatings[i].bottom && score <= CVSS31.severityRatings[i].top) { + return CVSS31.severityRatings[i].name; } } @@ -484,36 +547,37 @@ CVSS.severityRating = function (score) { // A mapping between abbreviated metric values and the string used in the XML representation. // For example, a Remediation Level (RL) abbreviated metric value of "W" maps to "WORKAROUND". -// For brevity, Base metric values their modified equivalents in the Environmental metric group. We can do this -// because the latter is the same as the former, except it also includes a "NOT_DEFINED" value. +// For brevity, every Base metric shares its definition with its equivalent Environmental metric. This is possible +// because the metric values are same between these groups, except that the latter have an additional metric value +// of "NOT_DEFINED". -CVSS.XML_MetricNames = { +CVSS31.XML_MetricNames = { E: { X: "NOT_DEFINED", U: "UNPROVEN", P: "PROOF_OF_CONCEPT", F: "FUNCTIONAL", H: "HIGH"}, RL: { X: "NOT_DEFINED", O: "OFFICIAL_FIX", T: "TEMPORARY_FIX", W: "WORKAROUND", U: "UNAVAILABLE"}, RC: { X: "NOT_DEFINED", U: "UNKNOWN", R: "REASONABLE", C: "CONFIRMED"}, - CIAR: { X: "NOT_DEFINED", L: "LOW", M: "MEDIUM", H: "HIGH"}, // CR, IR and AR use the same metric names + CIAR: { X: "NOT_DEFINED", L: "LOW", M: "MEDIUM", H: "HIGH"}, // CR, IR and AR use the same values MAV: { N: "NETWORK", A: "ADJACENT_NETWORK", L: "LOCAL", P: "PHYSICAL", X: "NOT_DEFINED" }, MAC: { H: "HIGH", L: "LOW", X: "NOT_DEFINED" }, MPR: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" }, MUI: { N: "NONE", R: "REQUIRED", X: "NOT_DEFINED" }, MS: { U: "UNCHANGED", C: "CHANGED", X: "NOT_DEFINED" }, - MCIA: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" } // C, I and A use the same metric names + MCIA: { N: "NONE", L: "LOW", H: "HIGH", X: "NOT_DEFINED" } // C, I and A use the same values }; -/* ** CVSS.generateXMLFromMetrics ** +/* ** CVSS31.generateXMLFromMetrics ** * * Takes Base, Temporal and Environmental metric values as individual parameters. Their values are in the short format - * defined in the CVSS v3.0 standard definition of the Vector String. For example, the AttackComplexity parameter + * defined in the CVSS v3.1 standard definition of the Vector String. For example, the AttackComplexity parameter * should be either "H" or "L". * * Returns a single string containing the metric values in XML form. All Base metrics are required to generate this * output. All Temporal and Environmental metric values are optional. Any that are not passed will be represented in * the XML as NOT_DEFINED. The function returns a string for simplicity. It is arguably better to return the XML as * a DOM object, but at the time of writing this leads to complexity due to older browsers using different JavaScript - * interfaces to do this. Also for simplicity, all Temporal and Environmental metrics are include in the string, + * interfaces to do this. Also for simplicity, all Temporal and Environmental metrics are included in the string, * even though those with a value of "Not Defined" do not need to be included. * * The output of this function is an object which always has a property named "success". @@ -522,9 +586,9 @@ CVSS.XML_MetricNames = { * representation. * * If errors are encountered, success is Boolean "false", and other properties are defined as per the - * CVSS.calculateCVSSFromMetrics function. Refer to the comment for that function for more details. + * CVSS31.calculateCVSSFromMetrics function. Refer to the comment for that function for more details. */ -CVSS.generateXMLFromMetrics = function ( +CVSS31.generateXMLFromMetrics = function ( AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, ExploitCodeMaturity, RemediationLevel, ReportConfidence, ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, @@ -535,9 +599,9 @@ CVSS.generateXMLFromMetrics = function ( // their values, based on the inputs passed to this function. var xmlTemplate = '\n' + - '\n' + '\n' + ' \n' + @@ -577,12 +641,12 @@ CVSS.generateXMLFromMetrics = function ( ' __EnvironmentalSeverityRating__\n' + ' \n' + '\n' + - '\n'; + '\n'; - // Call CVSS.calculateCVSSFromMetrics to validate all the parameters and generate scores and severity ratings. + // Call CVSS31.calculateCVSSFromMetrics to validate all the parameters and generate scores and severity ratings. // If that function returns an error, immediately return it to the caller of this function. - var result = CVSS.calculateCVSSFromMetrics ( + var result = CVSS31.calculateCVSSFromMetrics ( AttackVector, AttackComplexity, PrivilegesRequired, UserInteraction, Scope, Confidentiality, Integrity, Availability, ExploitCodeMaturity, RemediationLevel, ReportConfidence, ConfidentialityRequirement, IntegrityRequirement, AvailabilityRequirement, @@ -594,34 +658,34 @@ CVSS.generateXMLFromMetrics = function ( } var xmlOutput = xmlTemplate; - xmlOutput = xmlOutput.replace ("__AttackVector__", CVSS.XML_MetricNames["MAV"][AttackVector]); - xmlOutput = xmlOutput.replace ("__AttackComplexity__", CVSS.XML_MetricNames["MAC"][AttackComplexity]); - xmlOutput = xmlOutput.replace ("__PrivilegesRequired__", CVSS.XML_MetricNames["MPR"][PrivilegesRequired]); - xmlOutput = xmlOutput.replace ("__UserInteraction__", CVSS.XML_MetricNames["MUI"][UserInteraction]); - xmlOutput = xmlOutput.replace ("__Scope__", CVSS.XML_MetricNames["MS"][Scope]); - xmlOutput = xmlOutput.replace ("__Confidentiality__", CVSS.XML_MetricNames["MCIA"][Confidentiality]); - xmlOutput = xmlOutput.replace ("__Integrity__", CVSS.XML_MetricNames["MCIA"][Integrity]); - xmlOutput = xmlOutput.replace ("__Availability__", CVSS.XML_MetricNames["MCIA"][Availability]); + xmlOutput = xmlOutput.replace ("__AttackVector__", CVSS31.XML_MetricNames["MAV"][AttackVector]); + xmlOutput = xmlOutput.replace ("__AttackComplexity__", CVSS31.XML_MetricNames["MAC"][AttackComplexity]); + xmlOutput = xmlOutput.replace ("__PrivilegesRequired__", CVSS31.XML_MetricNames["MPR"][PrivilegesRequired]); + xmlOutput = xmlOutput.replace ("__UserInteraction__", CVSS31.XML_MetricNames["MUI"][UserInteraction]); + xmlOutput = xmlOutput.replace ("__Scope__", CVSS31.XML_MetricNames["MS"][Scope]); + xmlOutput = xmlOutput.replace ("__Confidentiality__", CVSS31.XML_MetricNames["MCIA"][Confidentiality]); + xmlOutput = xmlOutput.replace ("__Integrity__", CVSS31.XML_MetricNames["MCIA"][Integrity]); + xmlOutput = xmlOutput.replace ("__Availability__", CVSS31.XML_MetricNames["MCIA"][Availability]); xmlOutput = xmlOutput.replace ("__BaseScore__", result.baseMetricScore); xmlOutput = xmlOutput.replace ("__BaseSeverityRating__", result.baseSeverity); - xmlOutput = xmlOutput.replace ("__ExploitCodeMaturity__", CVSS.XML_MetricNames["E"][ExploitCodeMaturity || "X"]); - xmlOutput = xmlOutput.replace ("__RemediationLevel__", CVSS.XML_MetricNames["RL"][RemediationLevel || "X"]); - xmlOutput = xmlOutput.replace ("__ReportConfidence__", CVSS.XML_MetricNames["RC"][ReportConfidence || "X"]); + xmlOutput = xmlOutput.replace ("__ExploitCodeMaturity__", CVSS31.XML_MetricNames["E"][ExploitCodeMaturity || "X"]); + xmlOutput = xmlOutput.replace ("__RemediationLevel__", CVSS31.XML_MetricNames["RL"][RemediationLevel || "X"]); + xmlOutput = xmlOutput.replace ("__ReportConfidence__", CVSS31.XML_MetricNames["RC"][ReportConfidence || "X"]); xmlOutput = xmlOutput.replace ("__TemporalScore__", result.temporalMetricScore); xmlOutput = xmlOutput.replace ("__TemporalSeverityRating__", result.temporalSeverity); - xmlOutput = xmlOutput.replace ("__ConfidentialityRequirement__", CVSS.XML_MetricNames["CIAR"][ConfidentialityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__IntegrityRequirement__", CVSS.XML_MetricNames["CIAR"][IntegrityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__AvailabilityRequirement__", CVSS.XML_MetricNames["CIAR"][AvailabilityRequirement || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackVector__", CVSS.XML_MetricNames["MAV"][ModifiedAttackVector || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAttackComplexity__", CVSS.XML_MetricNames["MAC"][ModifiedAttackComplexity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedPrivilegesRequired__", CVSS.XML_MetricNames["MPR"][ModifiedPrivilegesRequired || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedUserInteraction__", CVSS.XML_MetricNames["MUI"][ModifiedUserInteraction || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedScope__", CVSS.XML_MetricNames["MS"][ModifiedScope || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedConfidentiality__", CVSS.XML_MetricNames["MCIA"][ModifiedConfidentiality || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedIntegrity__", CVSS.XML_MetricNames["MCIA"][ModifiedIntegrity || "X"]); - xmlOutput = xmlOutput.replace ("__ModifiedAvailability__", CVSS.XML_MetricNames["MCIA"][ModifiedAvailability || "X"]); + xmlOutput = xmlOutput.replace ("__ConfidentialityRequirement__", CVSS31.XML_MetricNames["CIAR"][ConfidentialityRequirement || "X"]); + xmlOutput = xmlOutput.replace ("__IntegrityRequirement__", CVSS31.XML_MetricNames["CIAR"][IntegrityRequirement || "X"]); + xmlOutput = xmlOutput.replace ("__AvailabilityRequirement__", CVSS31.XML_MetricNames["CIAR"][AvailabilityRequirement || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedAttackVector__", CVSS31.XML_MetricNames["MAV"][ModifiedAttackVector || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedAttackComplexity__", CVSS31.XML_MetricNames["MAC"][ModifiedAttackComplexity || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedPrivilegesRequired__", CVSS31.XML_MetricNames["MPR"][ModifiedPrivilegesRequired || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedUserInteraction__", CVSS31.XML_MetricNames["MUI"][ModifiedUserInteraction || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedScope__", CVSS31.XML_MetricNames["MS"][ModifiedScope || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedConfidentiality__", CVSS31.XML_MetricNames["MCIA"][ModifiedConfidentiality || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedIntegrity__", CVSS31.XML_MetricNames["MCIA"][ModifiedIntegrity || "X"]); + xmlOutput = xmlOutput.replace ("__ModifiedAvailability__", CVSS31.XML_MetricNames["MCIA"][ModifiedAvailability || "X"]); xmlOutput = xmlOutput.replace ("__EnvironmentalScore__", result.environmentalMetricScore); xmlOutput = xmlOutput.replace ("__EnvironmentalSeverityRating__", result.environmentalSeverity); @@ -630,19 +694,19 @@ CVSS.generateXMLFromMetrics = function ( -/* ** CVSS.generateXMLFromVector ** +/* ** CVSS31.generateXMLFromVector ** * * Takes Base, Temporal and Environmental metric values as a single string in the Vector String format defined - * in the CVSS v3.0 standard definition of the Vector String. + * in the CVSS v3.1 standard definition of the Vector String. * - * Returns an XML string representation of this input. See the comment for CVSS.generateXMLFromMetrics for more + * Returns an XML string representation of this input. See the comment for CVSS31.generateXMLFromMetrics for more * detail on inputs, return values and errors. In addition to the error conditions listed for that function, this * function can also return: * "MalformedVectorString", if the Vector String passed is does not conform to the format in the standard; or * "MultipleDefinitionsOfMetric", if the Vector String is well formed but defines the same metric (or metrics), * more than once. - -CVSS.generateXMLFromVector = function ( vectorString ) { + */ +CVSS31.generateXMLFromVector = function ( vectorString ) { var metricValues = { AV: undefined, AC: undefined, PR: undefined, UI: undefined, S: undefined, @@ -656,11 +720,11 @@ CVSS.generateXMLFromVector = function ( vectorString ) { // If input validation fails, this array is populated with strings indicating which metrics failed validation. var badMetrics = []; - if (!CVSS.vectorStringRegex_30.test(vectorString)) { + if (!CVSS31.vectorStringRegex_31.test(vectorString)) { return { success: false, errorType: "MalformedVectorString" }; } - var metricNameValue = vectorString.substring(CVSS.CVSSVersionIdentifier.length).split("/"); + var metricNameValue = vectorString.substring(CVSS31.CVSSVersionIdentifier.length).split("/"); for (var i in metricNameValue) { if (metricNameValue.hasOwnProperty(i)) { @@ -679,7 +743,7 @@ CVSS.generateXMLFromVector = function ( vectorString ) { return { success: false, errorType: "MultipleDefinitionsOfMetric", errorMetrics: badMetrics }; } - return CVSS.generateXMLFromMetrics ( + return CVSS31.generateXMLFromMetrics ( metricValues.AV, metricValues.AC, metricValues.PR, metricValues.UI, metricValues.S, metricValues.C, metricValues.I, metricValues.A, metricValues.E, metricValues.RL, metricValues.RC, @@ -687,4 +751,3 @@ CVSS.generateXMLFromVector = function ( vectorString ) { metricValues.MAV, metricValues.MAC, metricValues.MPR, metricValues.MUI, metricValues.MS, metricValues.MC, metricValues.MI, metricValues.MA); }; -*/ \ No newline at end of file diff --git a/dojo/static/dojo/js/cvsscalc30_helptext.js b/dojo/static/dojo/js/cvsscalc31_helptext.js similarity index 66% rename from dojo/static/dojo/js/cvsscalc30_helptext.js rename to dojo/static/dojo/js/cvsscalc31_helptext.js index 9fcef5b0af3..2b64a0b77b7 100644 --- a/dojo/static/dojo/js/cvsscalc30_helptext.js +++ b/dojo/static/dojo/js/cvsscalc31_helptext.js @@ -1,4 +1,4 @@ -/* Copyright (c) 2015, FIRST.ORG, INC. +/* Copyright (c) 2019, FIRST.ORG, INC. * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the @@ -19,69 +19,69 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -var CVSS_Help = {}; +var CVSS31_Help = {}; // This object is used as an associative array mapping the names of elements on the web page to help text that is // added as title text. Browsers will display the text when the element is hovered over with the cursor. -CVSS_Help.helpText_en = { +CVSS31_Help.helpText_en = { "baseMetricGroup_Legend" : "The Base Metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Determine the vulnerable component and score Attack Vector, Attack Complexity, Privileges Required and User Interaction relative to this.", "AV_Heading" : "This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.", - "AV_N_Label" : "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed \"remotely exploitable\” and can be thought of as an attack being exploitable one or more network hops away.", - "AV_A_Label" : "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).", - "AV_L_Label" : "A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.", - "AV_P_Label" : "A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.", + "AV_N_Label" : "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed, up to and including the entire Internet. Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers).", + "AV_A_Label" : "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone).", + "AV_L_Label" : "The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document).", + "AV_P_Label" : "The attack requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.", - "AC_Heading" : "This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target, the presence of certain system configuration settings, or computational exceptions.", + "AC_Heading" : "This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.", "AC_L_Label" : "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component.", - "AC_H_Label" : "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require the attacker: to perform target-specific reconnaissance; to prepare the target environment to improve exploit reliability; or to inject herself into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g. a man in the middle attack).", + "AC_H_Label" : "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require an attacker to: gather knowledge about the environment in which the vulnerable target/component exists; prepare the target environment to improve exploit reliability; or inject themselves into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g., a man in the middle attack).", - "PR_Heading" : "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. This Base Score increases as fewer privileges are required.", + "PR_Heading" : "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "PR_N_Label" : "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack.", - "PR_L_Label" : "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.", - "PR_H_Label" : "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files.", + "PR_L_Label" : "The attacker is authorized with (i.e., requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.", + "PR_H_Label" : "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable component that could affect component-wide settings and files.", - "UI_Heading" : "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The Base Score is highest when no user interaction is required.", + "UI_Heading" : "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.", "UI_N_Label" : "The vulnerable system can be exploited without any interaction from any user.", "UI_R_Label" : "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.", "S_Heading" : "Does a successful attack impact a component other than the vulnerable component? If so, the Base Score increases and the Confidentiality, Integrity and Authentication metrics should be scored relative to the impacted component.", - "S_U_Label" : "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same.", - "S_C_Label" : "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different.", + "S_U_Label" : "An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.", + "S_C_Label" : "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.", "C_Heading" : "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "C_N_Label" : "There is no loss of confidentiality within the impacted component.", - "C_L_Label" : "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component.", + "C_L_Label" : "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component.", "C_H_Label" : "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact.", "I_Heading" : "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.", "I_N_Label" : "There is no loss of integrity within the impacted component.", - "I_L_Label" : "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component.", + "I_L_Label" : "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.", "I_H_Label" : "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.", "A_Heading" : "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. It refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component.", "A_N_Label" : "There is no impact to availability within the impacted component.", - "A_L_Label" : "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component.", + "A_L_Label" : "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component.", "A_H_Label" : "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable).", "temporalMetricGroup_Legend" : "The Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability.", "E_Heading" : "This metric measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation.", - "E_X_Label" : "Assigning this value to the metric will not influence the score.", + "E_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Temporal Score, i.e., it has the same effect on scoring as assigning High.", "E_U_Label" : "No exploit code is available, or an exploit is theoretical.", "E_P_Label" : "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker.", "E_F_Label" : "Functional exploit code is available. The code works in most situations where the vulnerability exists.", "E_H_Label" : "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools.", "RL_Heading" : "The Remediation Level of a vulnerability is an important factor for prioritization. The typical vulnerability is unpatched when initially published. Workarounds or hotfixes may offer interim remediation until an official patch or upgrade is issued. Each of these respective stages adjusts the temporal score downwards, reflecting the decreasing urgency as remediation becomes final.", - "RL_X_Label" : "Assigning this value to the metric will not influence the score.", + "RL_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Temporal Score, i.e., it has the same effect on scoring as assigning Unavailable.", "RL_O_Label" : "A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.", "RL_T_Label" : "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool, or workaround.", "RL_W_Label" : "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate the vulnerability.", "RL_U_Label" : "There is either no solution available or it is impossible to apply.", "RC_Heading" : "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details. Sometimes only the existence of vulnerabilities are publicized, but without specific details. For example, an impact may be recognized as undesirable, but the root cause may not be known. The vulnerability may later be corroborated by research which suggests where the vulnerability may lie, though the research may not be certain. Finally, a vulnerability may be confirmed through acknowledgement by the author or vendor of the affected technology. The urgency of a vulnerability is higher when a vulnerability is known to exist with certainty. This metric also suggests the level of technical knowledge available to would-be attackers.", - "RC_X_Label" : "Assigning this value to the metric will not influence the score.", + "RC_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Temporal Score, i.e., it has the same effect on scoring as assigning Confirmed.", "RC_U_Label" : "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described. An example is a bug report which notes that an intermittent but non-reproducible crash occurs, with evidence of memory corruption suggesting that denial of service, or possible more serious impacts, may result.", "RC_R_Label" : "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (Proof-of-concept exploits may provide this). An example is a detailed write-up of research into a vulnerability with an explanation (possibly obfuscated or 'left as an exercise to the reader') that gives assurances on how to reproduce the results.", "RC_C_Label" : "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability.", @@ -89,68 +89,69 @@ CVSS_Help.helpText_en = { "environmentalMetricGroup_Legend" : "These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of complementary/alternative security controls in place, Confidentiality, Integrity, and Availability. The metrics are the modified equivalent of base metrics and are assigned metric values based on the component placement in organization infrastructure.", "CR_Heading" : "These metrics enable the analyst to customize the CVSS score depending on the importance of the Confidentiality of the affected IT asset to a user’s organization, relative to other impacts. This metric modifies the environmental score by reweighting the Modified Confidentiality impact metric versus the other modified impacts.", - "CR_X_Label" : "Assigning this value to the metric will not influence the score.", + "CR_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium.", "CR_L_Label" : "Loss of Confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", "CR_M_Label" : "Assigning this value to the metric will not influence the score.", "CR_H_Label" : "Loss of Confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", "IR_Heading" : "These metrics enable the analyst to customize the CVSS score depending on the importance of the Integrity of the affected IT asset to a user’s organization, relative to other impacts. This metric modifies the environmental score by reweighting the Modified Integrity impact metric versus the other modified impacts.", - "IR_X_Label" : "Assigning this value to the metric will not influence the score.", + "IR_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium.", "IR_L_Label" : "Loss of Integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", "IR_M_Label" : "Assigning this value to the metric will not influence the score.", "IR_H_Label" : "Loss of Integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", "AR_Heading" : "These metrics enable the analyst to customize the CVSS score depending on the importance of the Availability of the affected IT asset to a user’s organization, relative to other impacts. This metric modifies the environmental score by reweighting the Modified Availability impact metric versus the other modified impacts.", - "AR_X_Label" : "Assigning this value to the metric will not influence the score.", + "AR_X_Label" : "Assigning this value indicates there is insufficient information to choose one of the other values, and has no impact on the overall Environmental Score, i.e., it has the same effect on scoring as assigning Medium.", "AR_L_Label" : "Loss of Availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", "AR_M_Label" : "Assigning this value to the metric will not influence the score.", "AR_H_Label" : "Loss of Availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).", // All the following text should be copied exactly from the Base Score metrics (above), except that - // "Not Defined (X)" values need to be added. - "MAV_Heading" : "This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.", - "MAV_X_Label" : "Use the value assigned to the corresponding Base Score metric.", - "MAV_N_Label" : "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed \"remotely exploitable\” and can be thought of as an attack being exploitable one or more network hops away.", - "MAV_A_Label" : "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router).", - "MAV_L_Label" : "A vulnerability exploitable with local access means that the vulnerable component is not bound to the network stack, and the attacker’s path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file.", - "MAV_P_Label" : "A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.", - - "MAC_Heading" : "This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target, the presence of certain system configuration settings, or computational exceptions.", - "MAC_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + // "Not Defined (X)" values need to be added for each metric. + + "MAV_Heading" : "This metric reflects the context by which vulnerability exploitation is possible. The Environmental Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.", + "MAV_X_Label" : "The value assigned to the corresponding Base metric is used.", + "MAV_N_Label" : "The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed, up to and including the entire Internet. Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable at the protocol level one or more network hops away.", + "MAV_A_Label" : "The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN).", + "MAV_L_Label" : "The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document).", + "MAV_P_Label" : "The attack requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief or persistent.", + + "MAC_Heading" : "This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.", + "MAC_X_Label" : "The value assigned to the corresponding Base metric is used.", "MAC_L_Label" : "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component.", - "MAC_H_Label" : "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require the attacker: to perform target-specific reconnaissance; to prepare the target environment to improve exploit reliability; or to inject herself into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g. a man in the middle attack).", + "MAC_H_Label" : "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require an attacker to: gather knowledge about the environment in which the vulnerable target/component exists; prepare the target environment to improve exploit reliability; or inject themselves into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g., a man in the middle attack).", - "MPR_Heading" : "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. This Base Score increases as fewer privileges are required.", - "MPR_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + "MPR_Heading" : "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "MPR_X_Label" : "The value assigned to the corresponding Base metric is used.", "MPR_N_Label" : "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack.", - "MPR_L_Label" : "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.", - "MPR_H_Label" : "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files.", + "MPR_L_Label" : "The attacker is authorized with (i.e., requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.", + "MPR_H_Label" : "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable component that could affect component-wide settings and files.", - "MUI_Heading" : "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The Base Score is highest when no user interaction is required.", - "MUI_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + "MUI_Heading" : "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.", + "MUI_X_Label" : "The value assigned to the corresponding Base metric is used.", "MUI_N_Label" : "The vulnerable system can be exploited without any interaction from any user.", "MUI_R_Label" : "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.", "MS_Heading" : "Does a successful attack impact a component other than the vulnerable component? If so, the Base Score increases and the Confidentiality, Integrity and Authentication metrics should be scored relative to the impacted component.", - "MS_X_Label" : "Use the value assigned to the corresponding Base Score metric.", - "MS_U_Label" : "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same.", - "MS_C_Label" : "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different.", + "MS_X_Label" : "The value assigned to the corresponding Base metric is used.", + "MS_U_Label" : "An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.", + "MS_C_Label" : "An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.", "MC_Heading" : "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", - "MC_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + "MC_X_Label" : "The value assigned to the corresponding Base metric is used.", "MC_N_Label" : "There is no loss of confidentiality within the impacted component.", - "MC_L_Label" : "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component.", + "MC_L_Label" : "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component.", "MC_H_Label" : "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact.", "MI_Heading" : "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.", - "MI_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + "MI_X_Label" : "The value assigned to the corresponding Base metric is used.", "MI_N_Label" : "There is no loss of integrity within the impacted component.", - "MI_L_Label" : "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component.", + "MI_L_Label" : "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.", "MI_H_Label" : "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.", "MA_Heading" : "This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. It refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component.", - "MA_X_Label" : "Use the value assigned to the corresponding Base Score metric.", + "MA_X_Label" : "The value assigned to the corresponding Base metric is used.", "MA_N_Label" : "There is no impact to availability within the impacted component.", - "MA_L_Label" : "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component.", + "MA_L_Label" : "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the impacted component are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the impacted component.", "MA_H_Label" : "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable)." }; diff --git a/dojo/static/dojo/js/index.js b/dojo/static/dojo/js/index.js index cdcdf690a20..6f2bca172d9 100644 --- a/dojo/static/dojo/js/index.js +++ b/dojo/static/dojo/js/index.js @@ -1,5 +1,5 @@ $(function () { - $('body').append(''); + $('body').append(''); $(window).scroll(function () { if ($(this).scrollTop() > 300) { $('#toTop').fadeIn(); @@ -25,7 +25,7 @@ $(function () { }) setTimeout(function () { - $('.alert-dismissible').slideUp('slow') + $('.alert-dismissible').not('.announcement-banner').slideUp('slow') }, 20000); $('#side-menu').metisMenu(); @@ -62,7 +62,6 @@ $.fn.serializeObject = function() return o; }; - function sidebar() { // minimize side nav bar var action = 'min'; var remove = 'max'; @@ -247,11 +246,11 @@ function togglePassVisibility() { // swap password if (passwdInput.type === "password") { passwdInput.type = "text"; - toggleBox.innerHTML = "\ + toggleBox.innerHTML = "\ Hide Password"; } else { passwdInput.type = "password"; - toggleBox.innerHTML = "\ + toggleBox.innerHTML = "\ Show Password"; } } diff --git a/dojo/static/dojo/js/metrics.js b/dojo/static/dojo/js/metrics.js index 40717669480..392ad2ac6f8 100644 --- a/dojo/static/dojo/js/metrics.js +++ b/dojo/static/dojo/js/metrics.js @@ -733,6 +733,61 @@ function accepted_per_week_2(critical, high, medium, low) { product_metrics.html */ +function open_findings_burndown(critical, high, medium, low, info, y_max, y_min) { + var options = { + xaxes: [{ + mode: "time", + timeformat: "%Y/%m/%d" + }], + yaxes: [{ + max: y_max, + min: y_min + }], + series: { + lines: { + show: true + }, + points: { + show: true, + radius: 1 + } + }, + grid: { + hoverable: true, + borderWidth: 1, + borderColor: '#e7e7e7', + + }, + legend: { + position: 'nw' + }, + tooltip: true, + }; + + var plotObj = $.plot($("#open_findings_burndown"), [{ + data: critical, + label: " Critical", + color: "#d9534f", + }, { + data: high, + label: " High", + color: '#f0ad4e', + }, { + data: medium, + label: " Medium", + color: '#f0de28', + }, { + data: low, + label: " Low", + color: '#4cae4c', + }, { + data: info, + label: " Info", + color: '#337ab7', + }], + options); +} + function accepted_objs(d1, d2, d3, d4, d5, ticks) { var data = [ { @@ -1980,7 +2035,8 @@ function languages_pie(data) { } }, legend: { - show: true + show: true, + container: "#donut-lang-container", }, grid: { hoverable: true, diff --git a/dojo/survey/urls.py b/dojo/survey/urls.py index 51b9613709f..23c22981532 100644 --- a/dojo/survey/urls.py +++ b/dojo/survey/urls.py @@ -3,7 +3,7 @@ @author: jay7958 ''' -from django.conf.urls import url +from django.urls import re_path from django.contrib import admin from django.apps import apps from dojo.survey import views @@ -13,66 +13,66 @@ admin.autodiscover() urlpatterns = [ - url(r'^questionnaire$', + re_path(r'^questionnaire$', views.questionnaire, name='questionnaire'), - url(r'^questionnaire/create$', + re_path(r'^questionnaire/create$', views.create_questionnaire, name='create_questionnaire'), - url(r'^questionnaire/(?P\d+)/edit$', + re_path(r'^questionnaire/(?P\d+)/edit$', views.edit_questionnaire, name='edit_questionnaire'), - url(r'^questionnaire/(?P\d+)/delete', + re_path(r'^questionnaire/(?P\d+)/delete', views.delete_questionnaire, name='delete_questionnaire'), - url(r'^questionnaire/(?P\d+)/edit/questions$', + re_path(r'^questionnaire/(?P\d+)/edit/questions$', views.edit_questionnaire_questions, name='edit_questionnaire_questions'), - url(r'^questions$', + re_path(r'^questions$', views.questions, name='questions'), - url(r'^questions/add$', + re_path(r'^questions/add$', views.create_question, name='create_question'), - url(r'^questions/(?P\d+)/edit$', + re_path(r'^questions/(?P\d+)/edit$', views.edit_question, name='edit_question'), - url(r'^choices/add$', + re_path(r'^choices/add$', views.add_choices, name='add_choices'), - url(r'^engagement/(?P\d+)/add_questionnaire$', + re_path(r'^engagement/(?P\d+)/add_questionnaire$', views.add_questionnaire, name='add_questionnaire'), - url(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/answer', + re_path(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/answer', views.answer_questionnaire, name='answer_questionnaire'), - url(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/delete', + re_path(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/delete', views.delete_engagement_survey, name='delete_engagement_survey'), - url(r'^engagement/(?P\d+)/questionnaire/(?P\d+)$', + re_path(r'^engagement/(?P\d+)/questionnaire/(?P\d+)$', views.view_questionnaire, name='view_questionnaire'), - url(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/assign', + re_path(r'^engagement/(?P\d+)/questionnaire/(?P\d+)/assign', views.assign_questionnaire, name='assign_questionnaire'), # Questionnaires without an engagemnet - url(r'^empty_questionnaire$', + re_path(r'^empty_questionnaire$', views.add_empty_questionnaire, name='add_empty_questionnaire'), - url(r'^empty_questionnaire/(?P\d+)$', + re_path(r'^empty_questionnaire/(?P\d+)$', views.view_empty_survey, name='view_empty_survey'), - url(r'^empty_questionnaire/(?P\d+)/delete$', + re_path(r'^empty_questionnaire/(?P\d+)/delete$', views.delete_empty_questionnaire, name='delete_empty_questionnaire'), - url(r'^general_questionnaire/(?P\d+)/delete$', + re_path(r'^general_questionnaire/(?P\d+)/delete$', views.delete_general_questionnaire, name='delete_general_questionnaire'), - url(r'^empty_questionnaire/(?P\d+)/answer$', + re_path(r'^empty_questionnaire/(?P\d+)/answer$', views.answer_empty_survey, name='answer_empty_survey'), - url(r'^empty_questionnaire/(?P\d+)/new_engagement$', + re_path(r'^empty_questionnaire/(?P\d+)/new_engagement$', views.engagement_empty_survey, name='engagement_empty_survey'), ] diff --git a/dojo/survey/views.py b/dojo/survey/views.py index b02043a5913..f3043b1b757 100644 --- a/dojo/survey/views.py +++ b/dojo/survey/views.py @@ -10,6 +10,8 @@ from django.utils.html import escape from datetime import timedelta from django.utils import timezone as tz +from django.contrib.admin.utils import NestedObjects +from django.db import DEFAULT_DB_ALIAS from dojo.filters import QuestionnaireFilter, QuestionFilter from dojo.models import Engagement, System_Settings @@ -28,9 +30,7 @@ def delete_engagement_survey(request, eid, sid): engagement = get_object_or_404(Engagement, id=eid) survey = get_object_or_404(Answered_Survey, id=sid) - questions = get_answered_questions(survey=survey, read_only=True) - form = Delete_Questionnaire_Form(instance=survey) if request.method == 'POST': @@ -43,50 +43,59 @@ def delete_engagement_survey(request, eid, sid): for answer in answers: answer.delete() survey.delete() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire deleted successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire deleted successfully.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('view_engagement', args=(engagement.id, ))) else: - messages.add_message(request, - messages.ERROR, - 'Unable to delete Questionnaire.', - extra_tags='alert-danger') - add_breadcrumb(title="Delete " + survey.survey.name + " Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', - {'survey': survey, - 'form': form, - 'engagement': engagement, - 'questions': questions, - }) + messages.add_message( + request, + messages.ERROR, + 'Unable to delete Questionnaire.', + extra_tags='alert-danger') + + add_breadcrumb( + title="Delete " + survey.survey.name + " Questionnaire", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', { + 'survey': survey, + 'form': form, + 'engagement': engagement, + 'questions': questions + }) def answer_questionnaire(request, eid, sid): survey = get_object_or_404(Answered_Survey, id=sid) engagement = get_object_or_404(Engagement, id=eid) - prod = engagement.product system_settings = System_Settings.objects.all()[0] if not system_settings.allow_anonymous_survey_repsonse: - auth = user_has_permission(request.user, engagement, Permissions.Engagement_Edit) + auth = user_has_permission( + request.user, + engagement, + Permissions.Engagement_Edit) if not auth: - messages.add_message(request, - messages.ERROR, - 'You must be authorized to answer questionnaire. Otherwise, enable anonymous response in system settings.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + 'You must be authorized to answer questionnaire. Otherwise, enable anonymous response in system settings.', + extra_tags='alert-danger') raise PermissionDenied questions = get_answered_questions(survey=survey, read_only=False) if request.method == 'POST': questions = [ - q.get_form()(request.POST or None, - prefix=str(q.id), - answered_survey=survey, - question=q, form_tag=False) - for q in survey.survey.questions.all() - ] + q.get_form()( + request.POST or None, + prefix=str(q.id), + answered_survey=survey, + question=q, form_tag=False) + for q in survey.survey.questions.all()] questions_are_valid = [] @@ -102,24 +111,27 @@ def answer_questionnaire(request, eid, sid): survey.responder = request.user survey.answered_on = date.today() survey.save() - messages.add_message(request, - messages.SUCCESS, - 'Successfully answered, all answers valid.', - extra_tags='alert-success') - return HttpResponseRedirect( - reverse('view_engagement', args=(engagement.id, ))) + messages.add_message( + request, + messages.SUCCESS, + 'Successfully answered, all answers valid.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('view_engagement', args=(engagement.id, ))) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire has errors, please correct.', - extra_tags='alert-danger') - add_breadcrumb(title="Answer " + survey.survey.name + " Survey", top_level=False, request=request) - return render(request, - 'defectDojo-engagement-survey/answer_survey.html', - {'survey': survey, - 'engagement': engagement, - 'questions': questions, - }) + messages.add_message( + request, + messages.ERROR, + 'Questionnaire has errors, please correct.', + extra_tags='alert-danger') + add_breadcrumb( + title="Answer " + survey.survey.name + " Survey", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/answer_survey.html', { + 'survey': survey, + 'engagement': engagement, + 'questions': questions, + }) @user_is_authorized(Engagement, Permissions.Engagement_Edit, 'eid') @@ -135,43 +147,48 @@ def assign_questionnaire(request, eid, sid): survey.assignee = user survey.save() return HttpResponseRedirect(reverse('view_engagement', args=(engagement.id,))) + add_breadcrumb(title="Assign Questionnaire", top_level=False, request=request) - return render(request, - 'defectDojo-engagement-survey/assign_survey.html', - {'survey': survey, - 'form': form, - }) + return render(request, 'defectDojo-engagement-survey/assign_survey.html', { + 'survey': survey, + 'form': form, + }) @user_is_authorized(Engagement, Permissions.Engagement_View, 'eid') def view_questionnaire(request, eid, sid): survey = get_object_or_404(Answered_Survey, id=sid) engagement = get_object_or_404(Engagement, id=eid) - questions = get_answered_questions(survey=survey, read_only=True) - add_breadcrumb(title=survey.survey.name + " Questionnaire Responses", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/view_survey.html', - {'survey': survey, - 'user': request.user, - 'engagement': engagement, - 'questions': questions, - 'name': survey.survey.name + " Questionnaire Responses" - }) + + add_breadcrumb( + title=survey.survey.name + " Questionnaire Responses", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/view_survey.html', { + 'survey': survey, + 'user': request.user, + 'engagement': engagement, + 'questions': questions, + 'name': survey.survey.name + " Questionnaire Responses" + }) def get_answered_questions(survey=None, read_only=False): if survey is None: return None - questions = [q.get_form()(prefix=str(q.id), - answered_survey=survey, - question=q, form_tag=False) - for q in survey.survey.questions.all() - ] + questions = [ + q.get_form()( + prefix=str(q.id), + answered_survey=survey, + question=q, + form_tag=False) + for q in survey.survey.questions.all()] + if read_only: for question in questions: - question.fields['answer'].widget.attrs = {"readonly": "readonly", - "disabled": "disabled"} + question.fields['answer'].widget.attrs = {"readonly": "readonly", "disabled": "disabled"} return questions @@ -180,97 +197,98 @@ def get_answered_questions(survey=None, read_only=False): def add_questionnaire(request, eid): user = request.user engagement = get_object_or_404(Engagement, id=eid) - ids = [survey.survey.id for survey in - Answered_Survey.objects.filter(engagement=engagement)] - surveys = Engagement_Survey.objects.exclude( - id__in=ids) + ids = [survey.survey.id for survey in Answered_Survey.objects.filter(engagement=engagement)] + surveys = Engagement_Survey.objects.exclude(id__in=ids) form = Add_Questionnaire_Form() + if request.method == 'POST': form = Add_Questionnaire_Form(request.POST) if form.is_valid(): survey = form.save(commit=False) survey.engagement = engagement survey.save() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire successfully added, answers pending.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire successfully added, answers pending.', + extra_tags='alert-success') if 'respond_survey' in request.POST: - return HttpResponseRedirect(reverse( - 'answer_questionnaire', args=(eid, survey.id))) - + return HttpResponseRedirect(reverse('answer_questionnaire', args=(eid, survey.id))) return HttpResponseRedirect(reverse('view_engagement', args=(eid,))) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire could not be added.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + 'Questionnaire could not be added.', + extra_tags='alert-danger') + form.fields["survey"].queryset = surveys add_breadcrumb(title="Add Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/add_survey.html', - {'surveys': surveys, - 'user': user, - 'form': form, - 'engagement': engagement}) + return render(request, 'defectDojo-engagement-survey/add_survey.html', { + 'surveys': surveys, + 'user': user, + 'form': form, + 'engagement': engagement + }) -@user_is_configuration_authorized('dojo.change_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.change_engagement_survey') def edit_questionnaire(request, sid): survey = get_object_or_404(Engagement_Survey, id=sid) old_name = survey.name old_desc = survey.description old_active = survey.active - form = CreateQuestionnaireForm(instance=survey) answered = Answered_Survey.objects.filter(survey=survey) + if len(answered) > 0: - messages.add_message(request, - messages.ERROR, - 'This questionnaire already has answered instances. If you change it, the responses may no longer' - ' be valid.', - extra_tags='alert-info') + messages.add_message( + request, + messages.ERROR, + 'This questionnaire already has answered instances. If you change it, the responses may no longer be valid.', + extra_tags='alert-info') if request.method == 'POST': form = CreateQuestionnaireForm(request.POST, instance=survey) if form.is_valid(): if survey.name != old_name or \ - survey.description != old_desc or \ - survey.active != old_active: + survey.description != old_desc or \ + survey.active != old_active: survey = form.save() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire successfully updated, you may now add/edit questions.', - extra_tags='alert-success') - return HttpResponseRedirect(reverse('questionnaire', args=(survey.id,))) + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire successfully updated, you may now add/edit questions.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('edit_questionnaire', args=(survey.id,))) else: - messages.add_message(request, - messages.SUCCESS, - 'No changes detected, questionnaire not updated.', - extra_tags='alert-warning') + messages.add_message( + request, + messages.SUCCESS, + 'No changes detected, questionnaire not updated.', + extra_tags='alert-warning') if 'add_questions' in request.POST: return HttpResponseRedirect(reverse('edit_questionnaire_questions', args=(survey.id,))) else: - messages.add_message(request, - messages.ERROR, - 'Please correct any errors displayed below.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + 'Please correct any errors displayed below.', + extra_tags='alert-danger') + add_breadcrumb(title="Edit Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/create_questionnaire.html', - {"survey": survey, - "form": form, - "name": "Edit Questionnaire", - }) + return render(request, 'defectDojo-engagement-survey/create_questionnaire.html', { + "survey": survey, + "form": form, + "name": "Edit Questionnaire", + }) -@user_is_configuration_authorized('dojo.delete_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.delete_engagement_survey') def delete_questionnaire(request, sid): survey = get_object_or_404(Engagement_Survey, id=sid) form = Delete_Eng_Survey_Form(instance=survey) - - from django.contrib.admin.utils import NestedObjects - from django.db import DEFAULT_DB_ALIAS - collector = NestedObjects(using=DEFAULT_DB_ALIAS) collector.collect([survey]) rels = collector.nested() @@ -280,20 +298,22 @@ def delete_questionnaire(request, sid): form = Delete_Eng_Survey_Form(request.POST, instance=survey) if form.is_valid(): survey.delete() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire and relationships removed.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire and relationships removed.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('questionnaire')) + add_breadcrumb(title="Delete Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', - {'survey': survey, - 'form': form, - 'rels': rels, - }) + return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', { + 'survey': survey, + 'form': form, + 'rels': rels, + }) -@user_is_configuration_authorized('dojo.add_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.add_engagement_survey') def create_questionnaire(request): form = CreateQuestionnaireForm() survey = None @@ -302,38 +322,39 @@ def create_questionnaire(request): form = CreateQuestionnaireForm(request.POST) if form.is_valid(): survey = form.save() - - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire successfully created, you may now add questions.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire successfully created, you may now add questions.', + extra_tags='alert-success') if 'add_questions' in request.POST: return HttpResponseRedirect(reverse('edit_questionnaire_questions', args=(survey.id,))) else: return HttpResponseRedirect(reverse('questionnaire')) else: - messages.add_message(request, - messages.ERROR, - 'Please correct any errors displayed below.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + 'Please correct any errors displayed below.', + extra_tags='alert-danger') + add_breadcrumb(title="Create Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/create_questionnaire.html', - {"survey": survey, - "form": form, - "name": "Create Survey", - }) + return render(request, 'defectDojo-engagement-survey/create_questionnaire.html', { + "survey": survey, + "form": form, + "name": "Create Survey", + }) # complex permission check inside the function def edit_questionnaire_questions(request, sid): survey = get_object_or_404(Engagement_Survey, id=sid) - if not user_has_configuration_permission(request.user, 'dojo.add_engagement_survey', 'staff') and \ - not user_has_configuration_permission(request.user, 'dojo.change_engagement_survey', 'staff'): + if not user_has_configuration_permission(request.user, 'dojo.add_engagement_survey') and \ + not user_has_configuration_permission(request.user, 'dojo.change_engagement_survey'): raise PermissionDenied() answered_surveys = Answered_Survey.objects.filter(survey=survey) reverted = False - form = EditQuestionnaireQuestionsForm(instance=survey) if request.method == 'POST': @@ -348,68 +369,65 @@ def edit_questionnaire_questions(request, sid): reverted = True if reverted: - messages.add_message(request, - messages.SUCCESS, - 'Answered questionnaires associated with this survey have been set to uncompleted.', - extra_tags='alert-warning') - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire questions successfully saved.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Answered questionnaires associated with this survey have been set to uncompleted.', + extra_tags='alert-warning') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire questions successfully saved.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('questionnaire')) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire questions not saved, please correct any errors displayed below.', - extra_tags='alert-success') + messages.add_message( + request, + messages.ERROR, + 'Questionnaire questions not saved, please correct any errors displayed below.', + extra_tags='alert-success') + add_breadcrumb(title="Update Questionnaire Questions", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/edit_survey_questions.html', - {"survey": survey, - "form": form, - "name": "Update Survey Questions", - }) + return render(request, 'defectDojo-engagement-survey/edit_survey_questions.html', { + "survey": survey, + "form": form, + "name": "Update Survey Questions", + }) -@user_is_configuration_authorized('dojo.view_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.view_engagement_survey') def questionnaire(request): - user = request.user surveys = Engagement_Survey.objects.all() surveys = QuestionnaireFilter(request.GET, queryset=surveys) paged_surveys = get_page_items(request, surveys.qs, 25) general_surveys = General_Survey.objects.all() for survey in general_surveys: - survey_exp = survey.expiration if survey.expiration < tz.now(): survey.delete() - messages.add_message(request, - messages.INFO, - 'Surveys have migrated to core DefectDojo! Please run python3 manage.py migrate_surveys to retrieve data. ' + - 'For docker-compose, run `docker ps -a` to find the uwsgi container name then `docker exec -it ./manage.py migrate_surveys`', - extra_tags='alert-info') add_breadcrumb(title="Questionnaires", top_level=True, request=request) - return render(request, 'defectDojo-engagement-survey/list_surveys.html', - {"surveys": paged_surveys, - "filtered": surveys, - "general": general_surveys, - "name": "Questionnaires", - }) + return render(request, 'defectDojo-engagement-survey/list_surveys.html', { + "surveys": paged_surveys, + "filtered": surveys, + "general": general_surveys, + "name": "Questionnaires", + }) -@user_is_configuration_authorized('dojo.view_question', 'staff') +@user_is_configuration_authorized('dojo.view_question') def questions(request): questions = Question.objects.all() questions = QuestionFilter(request.GET, queryset=questions) paged_questions = get_page_items(request, questions.qs, 25) add_breadcrumb(title="Questions", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/list_questions.html', - {"questions": paged_questions, - "filtered": questions, - "name": "Questions", - }) + return render(request, 'defectDojo-engagement-survey/list_questions.html', { + "questions": paged_questions, + "filtered": questions, + "name": "Questions", + }) -@user_is_configuration_authorized('dojo.add_question', 'staff') +@user_is_configuration_authorized('dojo.add_question') def create_question(request): error = False form = CreateQuestionForm() @@ -427,42 +445,41 @@ def create_question(request): if form.is_valid(): type = form.cleaned_data['type'] - if type == 'text': - if textQuestionForm.is_valid(): - created_question = TextQuestion.objects.create(optional=form.cleaned_data['optional'], - order=form.cleaned_data['order'], - text=form.cleaned_data['text']) - messages.add_message(request, - messages.SUCCESS, - 'Text Question added successfully.', - extra_tags='alert-success') + created_question = TextQuestion.objects.create( + optional=form.cleaned_data['optional'], + order=form.cleaned_data['order'], + text=form.cleaned_data['text']) + messages.add_message( + request, + messages.SUCCESS, + 'Text Question added successfully.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('questions')) else: error = True elif type == 'choice': - if choiceQuestionFrom.is_valid(): - - created_question = ChoiceQuestion.objects.create(optional=form.cleaned_data['optional'], - order=form.cleaned_data['order'], - text=form.cleaned_data['text'], - multichoice=choiceQuestionFrom.cleaned_data[ - 'multichoice']) - + created_question = ChoiceQuestion.objects.create( + optional=form.cleaned_data['optional'], + order=form.cleaned_data['order'], + text=form.cleaned_data['text'], + multichoice=choiceQuestionFrom.cleaned_data['multichoice']) choices_to_process = pickle.loads(choiceQuestionFrom.cleaned_data['answer_choices']) for c in choices_to_process: if c is not None and len(c) > 0: - created_question.choices.add(Choice.objects.get_or_create(label=c)[0]) - + created_question.choices.add( + Choice.objects.get_or_create(label=c)[0]) created_question.save() - - messages.add_message(request, - messages.SUCCESS, - 'Choice Question added successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Choice Question added successfully.', + extra_tags='alert-success') + return HttpResponseRedirect(reverse('questions')) else: error = True @@ -471,32 +488,31 @@ def create_question(request): % (escape(created_question._get_pk_val()), escape(created_question.text)) resp += '' return HttpResponse(resp) + add_breadcrumb(title="Add Question", top_level=False, request=request) return render(request, 'defectDojo-engagement-survey/create_related_question.html', { 'name': 'Add Question', 'form': form, 'textForm': textQuestionForm, - 'choiceForm': choiceQuestionFrom}) + 'choiceForm': choiceQuestionFrom + }) -@user_is_configuration_authorized('dojo.change_question', 'staff') +@user_is_configuration_authorized('dojo.change_question') def edit_question(request, qid): - error = False - question = get_object_or_404(Question, id=qid) survey = Engagement_Survey.objects.filter(questions__in=[question]) reverted = False - answered = [] if survey: answered = Answered_Survey.objects.filter(survey__in=survey) if answered.count() > 0: - messages.add_message(request, - messages.ERROR, - 'This question is part of an already answered survey. If you change it, the responses ' - 'may no longer be valid.', - extra_tags='alert-info') - + messages.add_message( + request, + messages.ERROR, + 'This question is part of an already answered survey. If you change it, the responses ' + 'may no longer be valid.', + extra_tags='alert-info') type = str(ContentType.objects.get_for_model(question)) if type == 'dojo | text question': @@ -516,32 +532,33 @@ def edit_question(request, qid): if form.is_valid(): form.save() - for answered_survey in answered: answered_survey.completed = False answered_survey.answered_on = None answered_survey.save() reverted = True - if reverted: - messages.add_message(request, - messages.SUCCESS, - 'Answered surveys associated with this survey have been set to uncompleted.', - extra_tags='alert-warning') - - messages.add_message(request, - messages.SUCCESS, - 'Question updated successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Answered surveys associated with this survey have been set to uncompleted.', + extra_tags='alert-warning') + messages.add_message( + request, + messages.SUCCESS, + 'Question updated successfully.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('questions')) + add_breadcrumb(title="Edit Question", top_level=False, request=request) return render(request, 'defectDojo-engagement-survey/edit_question.html', { 'name': 'Edit Question', 'question': question, - 'form': form}) + 'form': form + }) -@user_is_configuration_authorized('dojo.change_question', 'staff') +@user_is_configuration_authorized('dojo.change_question') def add_choices(request): form = AddChoicesForm() if request.method == 'POST': @@ -549,10 +566,11 @@ def add_choices(request): if form.is_valid(): choice, created = Choice.objects.get_or_create(**form.cleaned_data) if created: - messages.add_message(request, - messages.SUCCESS, - 'Choice added successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Choice added successfully.', + extra_tags='alert-success') if '_popup' in request.GET: resp = '' if created: @@ -563,11 +581,12 @@ def add_choices(request): add_breadcrumb(title="Add Choice", top_level=False, request=request) return render(request, 'defectDojo-engagement-survey/add_choices.html', { 'name': 'Add Choice', - 'form': form}) + 'form': form + }) # Empty questionnaire functions -@user_is_configuration_authorized('dojo.add_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.add_engagement_survey') def add_empty_questionnaire(request): user = request.user surveys = Engagement_Survey.objects.all() @@ -579,149 +598,165 @@ def add_empty_questionnaire(request): survey = form.save(commit=False) survey.generated = tz.now() survey.save() - messages.add_message(request, - messages.SUCCESS, - 'Engagement Created, Questionnaire successfully added, answers pending.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Engagement Created, Questionnaire successfully added, answers pending.', + extra_tags='alert-success') if 'respond_survey' in request.POST: return HttpResponseRedirect(reverse('dashboard')) - return HttpResponseRedirect(reverse('questionnaire')) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire could not be added.', - extra_tags='alert-danger') + messages.add_message( + request, + messages.ERROR, + 'Questionnaire could not be added.', + extra_tags='alert-danger') + form.fields["survey"].queryset = surveys add_breadcrumb(title="Add Empty Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/add_survey.html', - {'surveys': surveys, - 'user': user, - 'form': form, - 'engagement': engagement}) + return render(request, 'defectDojo-engagement-survey/add_survey.html', { + 'surveys': surveys, + 'user': user, + 'form': form, + 'engagement': engagement + }) -@user_is_configuration_authorized('dojo.view_engagement_survey', 'staff') +@user_is_configuration_authorized('dojo.view_engagement_survey') def view_empty_survey(request, esid): survey = get_object_or_404(Answered_Survey, id=esid) engagement = None - questions = get_answered_questions(survey=survey, read_only=True) - add_breadcrumb(title=survey.survey.name + " Questionnaire Responses", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/view_survey.html', - {'survey': survey, - 'user': request.user, - 'engagement': engagement, - 'questions': questions, - 'name': survey.survey.name + " Questionnaire Responses" - }) - - -@user_is_configuration_authorized('dojo.delete_engagement_survey', 'staff') + add_breadcrumb( + title=survey.survey.name + " Questionnaire Responses", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/view_survey.html', { + 'survey': survey, + 'user': request.user, + 'engagement': engagement, + 'questions': questions, + 'name': survey.survey.name + " Questionnaire Responses" + }) + + +@user_is_configuration_authorized('dojo.delete_engagement_survey') def delete_empty_questionnaire(request, esid): engagement = None survey = get_object_or_404(Answered_Survey, id=esid) - questions = get_answered_questions(survey=survey, read_only=True) - form = Delete_Questionnaire_Form(instance=survey) if request.method == 'POST': form = Delete_Questionnaire_Form(request.POST, instance=survey) if form.is_valid(): answers = Answer.objects.filter( - question__in=[ - question.id for question in survey.survey.questions.all()], + question__in=[question.id for question in survey.survey.questions.all()], answered_survey=survey) for answer in answers: answer.delete() survey.delete() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire deleted successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire deleted successfully.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('survey')) else: - messages.add_message(request, - messages.ERROR, - 'Unable to delete Questionnaire.', - extra_tags='alert-danger') - add_breadcrumb(title="Delete " + survey.survey.name + " Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', - {'survey': survey, - 'form': form, - 'engagement': engagement, - 'questions': questions, - }) - - -@user_is_configuration_authorized('dojo.delete_engagement_survey', 'staff') + messages.add_message( + request, + messages.ERROR, + 'Unable to delete Questionnaire.', + extra_tags='alert-danger') + + add_breadcrumb( + title="Delete " + survey.survey.name + " Questionnaire", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', { + 'survey': survey, + 'form': form, + 'engagement': engagement, + 'questions': questions, + }) + + +@user_is_configuration_authorized('dojo.delete_engagement_survey') def delete_general_questionnaire(request, esid): engagement = None questions = None survey = get_object_or_404(General_Survey, id=esid) - form = DeleteGeneralQuestionnaireForm(instance=survey) if request.method == 'POST': form = DeleteGeneralQuestionnaireForm(request.POST, instance=survey) if form.is_valid(): survey.delete() - messages.add_message(request, - messages.SUCCESS, - 'Questionnaire deleted successfully.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Questionnaire deleted successfully.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('questionnaire')) else: - messages.add_message(request, - messages.ERROR, - 'Unable to delete questionnaire.', - extra_tags='alert-danger') - add_breadcrumb(title="Delete " + survey.survey.name + " Questionnaire", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', - {'survey': survey, - 'form': form, - 'engagement': engagement, - 'questions': questions, - }) + messages.add_message( + request, + messages.ERROR, + 'Unable to delete questionnaire.', + extra_tags='alert-danger') + + add_breadcrumb( + title="Delete " + survey.survey.name + " Questionnaire", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/delete_questionnaire.html', { + 'survey': survey, + 'form': form, + 'engagement': engagement, + 'questions': questions, + }) def answer_empty_survey(request, esid): general_survey = get_object_or_404(General_Survey, id=esid) engagement_survey = get_object_or_404(Engagement_Survey, id=general_survey.survey_id) engagement, survey = None, None - settings = System_Settings.objects.all()[0] if not settings.allow_anonymous_survey_repsonse: - auth = request.user.is_staff - if not auth: - messages.add_message(request, - messages.ERROR, - 'You must be logged in to answer questionnaire. Otherwise, enable anonymous response in system settings.', - extra_tags='alert-danger') + if not request.user.is_authenticated: + messages.add_message( + request, + messages.ERROR, + 'You must be logged in to answer questionnaire. Otherwise, enable anonymous response in system settings.', + extra_tags='alert-danger') # will render 403 - raise PermissionDenied + raise PermissionDenied() - questions = [q.get_form()(prefix=str(q.id), - engagement_survey=engagement_survey, - question=q, form_tag=False) - for q in engagement_survey.questions.all() - ] + questions = [ + q.get_form()( + prefix=str(q.id), + engagement_survey=engagement_survey, + question=q, + form_tag=False) + for q in engagement_survey.questions.all() + ] if request.method == 'POST': survey = Answered_Survey(survey=engagement_survey) survey.save() questions = [ - q.get_form()(request.POST or None, - prefix=str(q.id), - answered_survey=survey, - question=q, form_tag=False) + q.get_form()( + request.POST or None, + prefix=str(q.id), + answered_survey=survey, + question=q, + form_tag=False) for q in survey.survey.questions.all() - ] + ] questions_are_valid = [] - for question in questions: valid = question.is_valid() questions_are_valid.append(valid) @@ -741,26 +776,30 @@ def answer_empty_survey(request, esid): else: message = 'Successfully answered, all answers valid.' - messages.add_message(request, - messages.SUCCESS, - message, - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + message, + extra_tags='alert-success') return HttpResponseRedirect( - reverse('dashboard')) + reverse('dashboard')) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire has errors, please correct.', - extra_tags='alert-danger') - add_breadcrumb(title="Answer Empty " + engagement_survey.name + " Questionnaire", top_level=False, request=request) + messages.add_message( + request, + messages.ERROR, + 'Questionnaire has errors, please correct.', + extra_tags='alert-danger') + add_breadcrumb( + title="Answer Empty " + engagement_survey.name + " Questionnaire", + top_level=False, + request=request) if survey is None: survey = engagement_survey - return render(request, - 'defectDojo-engagement-survey/answer_survey.html', - {'survey': survey, - 'engagement': engagement, - 'questions': questions, - }) + return render(request, 'defectDojo-engagement-survey/answer_survey.html', { + 'survey': survey, + 'engagement': engagement, + 'questions': questions, + }) def engagement_empty_survey(request, esid): @@ -773,22 +812,27 @@ def engagement_empty_survey(request, esid): if form.is_valid(): product = form.cleaned_data.get('product') user_has_permission_or_403(request.user, product, Permissions.Engagement_Add) - engagement = Engagement(product_id=product.id, - target_start=tz.now().date(), - target_end=tz.now().date() + timedelta(days=7)) + engagement = Engagement( + product_id=product.id, + target_start=tz.now().date(), + target_end=tz.now().date() + timedelta(days=7)) engagement.save() survey.engagement = engagement survey.save() - messages.add_message(request, - messages.SUCCESS, - 'Engagement created and questionnaire successfully linked.', - extra_tags='alert-success') + messages.add_message( + request, + messages.SUCCESS, + 'Engagement created and questionnaire successfully linked.', + extra_tags='alert-success') return HttpResponseRedirect(reverse('edit_engagement', args=(engagement.id, ))) else: - messages.add_message(request, - messages.ERROR, - 'Questionnaire could not be added.', - extra_tags='alert-danger') - add_breadcrumb(title="Link Questionnaire to new Engagement", top_level=False, request=request) - return render(request, 'defectDojo-engagement-survey/add_engagement.html', - {'form': form}) + messages.add_message( + request, + messages.ERROR, + 'Questionnaire could not be added.', + extra_tags='alert-danger') + add_breadcrumb( + title="Link Questionnaire to new Engagement", + top_level=False, + request=request) + return render(request, 'defectDojo-engagement-survey/add_engagement.html', {'form': form}) diff --git a/dojo/system_settings/urls.py b/dojo/system_settings/urls.py index 7e2c4e23a2f..ab09d255bcf 100644 --- a/dojo/system_settings/urls.py +++ b/dojo/system_settings/urls.py @@ -1,6 +1,6 @@ -from django.conf.urls import url +from django.urls import re_path from . import views urlpatterns = [ - url(r'^system_settings$', views.system_settings, name='system_settings') + re_path(r'^system_settings$', views.system_settings, name='system_settings') ] diff --git a/dojo/system_settings/views.py b/dojo/system_settings/views.py index 86889f98e49..d8e885599de 100644 --- a/dojo/system_settings/views.py +++ b/dojo/system_settings/views.py @@ -2,14 +2,12 @@ import logging from django.contrib import messages from django.contrib.auth.decorators import user_passes_test -from django.urls import reverse from django.shortcuts import render -from dojo.models import System_Settings, enable_disable_auditlog +from dojo.models import System_Settings from dojo.utils import (add_breadcrumb, get_celery_worker_status) from dojo.forms import SystemSettingsForm from django.conf import settings -from django.http import HttpResponseRedirect logger = logging.getLogger(__name__) @@ -57,14 +55,28 @@ def system_settings(request): messages.WARNING, 'Settings cannot be saved: Default group and Default group role must either both be set or both be empty.', extra_tags='alert-warning') + elif form.cleaned_data['minimum_password_length'] >= form.cleaned_data['maximum_password_length']: + messages.add_message(request, + messages.WARNING, + 'Settings cannot be saved: Minimum required password length must be less than maximum required password length.', + extra_tags='alert-warning') + elif form.cleaned_data['enable_deduplication'] is True and form.cleaned_data['false_positive_history'] is True: + messages.add_message(request, + messages.WARNING, + 'Settings cannot be saved: Deduplicate findings and False positive history can not be set at the same time.', + extra_tags='alert-warning') + elif form.cleaned_data['retroactive_false_positive_history'] is True and form.cleaned_data['false_positive_history'] is False: + messages.add_message(request, + messages.WARNING, + 'Settings cannot be saved: Retroactive false positive history can not be set without False positive history.', + extra_tags='alert-warning') else: - new_settings = form.save() - enable_disable_auditlog(enable=new_settings.enable_auditlog) + form.save() messages.add_message(request, messages.SUCCESS, 'Settings saved.', extra_tags='alert-success') - return HttpResponseRedirect(reverse('system_settings', )) + return render(request, 'dojo/system_settings.html', {'form': form}) else: # Celery needs to be set with the setting: CELERY_RESULT_BACKEND = 'db+sqlite:///dojo.celeryresults.sqlite' diff --git a/dojo/tasks.py b/dojo/tasks.py index bb123bd0105..50d48049a80 100644 --- a/dojo/tasks.py +++ b/dojo/tasks.py @@ -1,11 +1,13 @@ import logging -from datetime import timedelta +from auditlog.models import LogEntry +from datetime import timedelta, date +from dateutil.relativedelta import relativedelta from django.db.models import Count, Prefetch from django.conf import settings from django.urls import reverse from dojo.celery import app from celery.utils.log import get_task_logger -from dojo.models import Alerts, Product, Finding, Engagement, System_Settings, User +from dojo.models import Alerts, Product, Engagement, Finding, System_Settings, User from django.utils import timezone from dojo.utils import calculate_grade from dojo.utils import sla_compute_and_notify @@ -86,6 +88,26 @@ def cleanup_alerts(*args, **kwargs): logger.info('total number of alerts deleted: %s', total_deleted_count) +@app.task(bind=True) +def flush_auditlog(*args, **kwargs): + retention_period = settings.AUDITLOG_FLUSH_RETENTION_PERIOD + + if retention_period < 0: + logger.info("Flushing auditlog is disabled") + return + + logger.info("Running Cleanup Task for Logentries with %d Months retention", retention_period) + retention_date = date.today() - relativedelta(months=retention_period) + subset = LogEntry.objects.filter(timestamp__date__lt=retention_date) + event_count = subset.count() + logger.debug("Initially received %d Logentries", event_count) + if event_count > 0: + subset._raw_delete(subset.db) + logger.debug('Total number of audit log entries deleted: %s', event_count) + else: + logger.debug('No outdated Logentries found') + + @app.task(bind=True) def async_dupe_delete(*args, **kwargs): try: @@ -154,6 +176,7 @@ def async_sla_compute_and_notify_task(*args, **kwargs): if system_settings.enable_finding_sla: sla_compute_and_notify(*args, **kwargs) except Exception as e: + logger.exception(e) logger.error("An unexpected error was thrown calling the SLA code: {}".format(e)) diff --git a/dojo/templates/400.html b/dojo/templates/400.html new file mode 100644 index 00000000000..e5c9a93ab20 --- /dev/null +++ b/dojo/templates/400.html @@ -0,0 +1,17 @@ +{% extends "base.html" %} +{% block content %} + {{ block.super }} +
    + +
    +
    +

    + Oops... +

    +

    + ...something went wrong. +

    +
    +
    +

    400 Bad Request

    +{% endblock %} diff --git a/dojo/templates/403.html b/dojo/templates/403.html index 22d5a771a6f..8813d551531 100644 --- a/dojo/templates/403.html +++ b/dojo/templates/403.html @@ -1,9 +1,17 @@ {% extends "base.html" %} {% block content %} {{ block.super }} -

    403

    +
    + +
    +
    +

    + Oops... +

    +

    + ...looks like you don't have permission to do that. +

    +
    -

    - You don't have permission to do that. Contact your administrator for additional access. -

    - {% endblock %} +

    403 Forbidden

    +{% endblock %} diff --git a/dojo/templates/404.html b/dojo/templates/404.html index 81cc4d4c945..17ba8226405 100644 --- a/dojo/templates/404.html +++ b/dojo/templates/404.html @@ -1,12 +1,17 @@ {% extends "base.html" %} {% block content %} {{ block.super }} -

    404

    +
    + +
    +
    +

    + Well... +

    +

    + ...we can't find what you're looking for. +

    +
    -

    - Well... -

    -

    - ...we can't find what you need. -

    -{% endblock %} +

    404 Not Found

    +{% endblock %} \ No newline at end of file diff --git a/dojo/templates/500.html b/dojo/templates/500.html new file mode 100644 index 00000000000..005e678f549 --- /dev/null +++ b/dojo/templates/500.html @@ -0,0 +1,17 @@ +{% extends "base.html" %} +{% block content %} + {{ block.super }} +
    + +
    +
    +

    + Well... +

    +

    + ...this was unexpected. +

    +
    +
    +

    500 Internal Server Error

    +{% endblock %} diff --git a/dojo/templates/base.html b/dojo/templates/base.html index c321126ac5d..f4043d42e3c 100644 --- a/dojo/templates/base.html +++ b/dojo/templates/base.html @@ -1,807 +1,1169 @@ {% load navigation_tags %} {% load display_tags %} {% load authorization_tags %} +{% load i18n %} {% load static %} + + + + + + + + {% if request.session.dojo_breadcrumbs and not product_tab.tab %} + {% with request.session.dojo_breadcrumbs|last as last %} + {{ last.title }} | + {% endwith %} + {% elif product_tab.title %} + {{ product_tab.title }} | + {% endif %} + DefectDojo + + {% block add_css_before %} + {% endblock %} - - - - - - - - - {% if request.session.dojo_breadcrumbs and not product_tab.tab %} - {% with request.session.dojo_breadcrumbs|last as last %} - {{ last.title }} | - {% endwith %} - {% elif product_tab.title %} - {{ product_tab.title }} | - {% endif %} - DefectDojo - - {% block add_css_before %} - {% endblock %} - - - - - - - - - - - - + + + + + + + + - + + - - - - - - - - - - - - - - - - - + - - + + + + + + + + + + + + + + + + + - + + - - + - - + + - - + + - - + + - - + + - {% block add_css %} - {% endblock %} - - - - - {% block dojo_css %} - - {% endblock %} - - {% comment %} {% endcomment %} - - + + + + - - - + + {% comment %} {% endcomment %} + + -
    - {% block navigation %} - - + {% endblock %} + +
    + {% if request.user.is_authenticated and announcement %} + {% load announcement_banner_tags %} + + {% endif %} +
    + + {% block tab_bar %} + {% if product_tab.tab %} +
    +
    +

    + {{ product_tab.product }} + {% if system_settings.enable_benchmark == 9 %} + {% for benchmark in tab_benchmarks%} + + {{ benchmark.desired_level }} + {% endfor %} {% endif %} - {% if request.user.is_superuser %} -
  • Rules Framework
    • + {% with grade=product_tab.product|product_grade %} + {% if grade %} +
    {{ grade }}
     + {% endif %} + {% endwith %} + {% include "dojo/snippets/tags.html" with tags=product_tab.product.tags.all.all %} +

    + - - {% endblock %} - -
  • - - - Collapse Menu - -
    • - -
    - -
    - - {% endif %} - - {% endblock %} - -
    -
    - - {% if product_tab.tab %} -
    -
    -

    - {{ product_tab.product }} - {% if system_settings.enable_benchmark == 9 %} - {% for benchmark in tab_benchmarks%} - - {{ benchmark.desired_level }} - {% endfor %} - {% endif %} - {% with grade=product_tab.product|product_grade %} - {% if grade %} -
    {{ grade }}
     - {% endif %} - {% endwith %} - {% include "dojo/snippets/tags.html" with tags=product_tab.product.tags.all.all %} -

    - -
    -
    - {% else %} - - {% endif %} - -
    -
    - {% if messages %} - {% for message in messages %} -
    - {% endfor %} - {% endif %} -
    - -
    - -
    -
    - {% include "dojo/breadcrumbs/settings_breadcrumb.html" %} - {% include "dojo/breadcrumbs/engagement_breadcrumb.html" %} - {% include "dojo/breadcrumbs/finding_breadcrumb.html" %} - {% include "dojo/breadcrumbs/endpoint_breadcrumb.html" %} - {% include "dojo/breadcrumbs/custom_breadcrumb.html" %} - {% block content %} + {% else %} + + {% endif %} {% endblock %} + +
    +
    + {% if messages %} + {% for message in messages %} + + {% endfor %} + {% endif %} +
    + +
    + +
    +
    + {% include "dojo/breadcrumbs/settings_breadcrumb.html" %} + {% include "dojo/breadcrumbs/engagement_breadcrumb.html" %} + {% include "dojo/breadcrumbs/finding_breadcrumb.html" %} + {% include "dojo/breadcrumbs/endpoint_breadcrumb.html" %} + {% include "dojo/breadcrumbs/custom_breadcrumb.html" %} + {% block content %} + {% endblock %} +
    + +
    - +
    -
    - -
    - -
    -
    -
    -
    -

    - - {% block footer_logo %} - - {% endblock %} - -
    -
    - {% dojo_version %} ( {% dojo_current_hash %} ) -

    -

    - Detailed DefectDojo documentation can be found in our GitHub Pages. -

    -

    - DefectDojo is licensed under the 3-Clause BSD - License. | Dependencies Notice. -

    -

    - © {% now "Y" %} DefectDojo Maintainers. All rights reserved. -

    -
    + + + +
    + {% block modals %} + {% endblock %}
    + + + + +
    - - -
    -
    - + - - + + - - - - - + + + -{% block extra_javascript %} -{% endblock %} -{% block postscript %} -{% endblock %} - + $('select').not('#notification-scope').addClass('selectpicker'); + $('.selectpicker').attr('data-live-search', 'true'); + $('.selectpicker').attr('data-container', 'body'); + $('.selectpicker').css('width', '70%'); + $('.selectpicker').selectpicker('render'); + }); + + {% block extra_javascript %} + {% endblock %} + {% block postscript %} + {% endblock %} + diff --git a/dojo/templates/defectDojo-engagement-survey/add_choices.html b/dojo/templates/defectDojo-engagement-survey/add_choices.html index 319662364e8..aa6fc1b2062 100644 --- a/dojo/templates/defectDojo-engagement-survey/add_choices.html +++ b/dojo/templates/defectDojo-engagement-survey/add_choices.html @@ -1,4 +1,4 @@ -{% extends "dojo/add_related.html" %} +{% extends "base.html" %} {% block content %} {{ block.super }}

    Add Choice

    diff --git a/dojo/templates/defectDojo-engagement-survey/add_surveys.html b/dojo/templates/defectDojo-engagement-survey/add_surveys.html index 01be455435e..1ecc4345fdf 100644 --- a/dojo/templates/defectDojo-engagement-survey/add_surveys.html +++ b/dojo/templates/defectDojo-engagement-survey/add_surveys.html @@ -1,3 +1,3 @@ {% if surveys %} - + {% endif %} \ No newline at end of file diff --git a/dojo/templates/defectDojo-engagement-survey/create_questionnaire.html b/dojo/templates/defectDojo-engagement-survey/create_questionnaire.html index 5ba4647e94d..864f7fa255d 100644 --- a/dojo/templates/defectDojo-engagement-survey/create_questionnaire.html +++ b/dojo/templates/defectDojo-engagement-survey/create_questionnaire.html @@ -12,7 +12,7 @@

    Create New Questionnaire

    - {% if "dojo.delete_engagement_survey"|has_configuration_permission:"staff" %} + {% if "dojo.delete_engagement_survey"|has_configuration_permission:request %} Delete Questionnaire {% endif %} {% else %} diff --git a/dojo/templates/defectDojo-engagement-survey/create_related_question.html b/dojo/templates/defectDojo-engagement-survey/create_related_question.html index 13af7a41bf7..03b5cb03124 100644 --- a/dojo/templates/defectDojo-engagement-survey/create_related_question.html +++ b/dojo/templates/defectDojo-engagement-survey/create_related_question.html @@ -28,7 +28,7 @@ - + @@ -41,7 +41,7 @@
    -
    + {{ name }} {% csrf_token %} {% include "dojo/form_fields.html" with form=form %} @@ -59,59 +59,30 @@
    -{% endblock %} - +{% endblock content %} - - - - - - - - - - - - - - - - - - - - - - - - - - + +{% endblock postscript %} \ No newline at end of file diff --git a/dojo/templates/defectDojo-engagement-survey/edit_survey_questions.html b/dojo/templates/defectDojo-engagement-survey/edit_survey_questions.html index 2c56a40af58..9bf921b56ec 100644 --- a/dojo/templates/defectDojo-engagement-survey/edit_survey_questions.html +++ b/dojo/templates/defectDojo-engagement-survey/edit_survey_questions.html @@ -1,13 +1,10 @@ {% extends "base.html" %} -{% block add_css %} - {{ block.super }} - -{% endblock %} {% block content %} {{ block.super }}

    Edit Questionnaire Questions ({{ survey.name }})

    {% csrf_token %} +
    {% include "dojo/form_fields.html" with form=form %}
    @@ -16,15 +13,18 @@

    Edit Questionnaire Questions ({{ survey.name }})

    -{% endblock %} +{% endblock content %} {% block postscript %} {{ block.super }} - -{% endblock %} \ No newline at end of file +{% endblock postscript %} \ No newline at end of file diff --git a/dojo/templates/defectDojo-engagement-survey/list_questions.html b/dojo/templates/defectDojo-engagement-survey/list_questions.html index 58eba28ad0f..1ca8a749e8e 100644 --- a/dojo/templates/defectDojo-engagement-survey/list_questions.html +++ b/dojo/templates/defectDojo-engagement-survey/list_questions.html @@ -1,6 +1,7 @@ {% extends "base.html" %} {% load display_tags %} {% load authorization_tags %} +{% load event_tags %} {% block content %} {{ block.super }}
    @@ -27,7 +28,7 @@ {% for question in questions %} - {% if "dojo.change_question"|has_configuration_permission:"staff" %} + {% if "dojo.change_question"|has_configuration_permission:request %} {{ question.text }} {% else %} {{ question.text }} @@ -50,7 +51,7 @@
    {% if filtered.form %} - {% if "dojo.add_question"|has_configuration_permission:"staff" %} + {% if "dojo.add_question"|has_configuration_permission:request %}
    Actions
    @@ -60,7 +61,15 @@ {% endif %}
    Filters
    - {{ filtered.form.as_p }} + {% for field in filtered.form.visible_fields %} +
    + {{ field.errors }} + + {% with placeholder="placeholder:"|add:field.label %} + {{ field|addcss:"class:form-control input-sm"|addcss:placeholder }} + {% endwith %} +
    + {% endfor %}


    [Clear Filters] diff --git a/dojo/templates/defectDojo-engagement-survey/list_surveys.html b/dojo/templates/defectDojo-engagement-survey/list_surveys.html index 9053486339d..7dd2ea10068 100644 --- a/dojo/templates/defectDojo-engagement-survey/list_surveys.html +++ b/dojo/templates/defectDojo-engagement-survey/list_surveys.html @@ -1,5 +1,6 @@ {% extends "base.html" %} {% load authorization_tags %} +{% load event_tags %} {% block content %} {{ block.super }}
    @@ -23,7 +24,7 @@ {% for survey in surveys %} - {% if "dojo.change_engagement_survey"|has_configuration_permission:"staff" %} + {% if "dojo.change_engagement_survey"|has_configuration_permission:request %} {{ survey.name }} {% else %} {{ survey.name }} @@ -46,8 +47,8 @@
    General Questionnaires - {% if "dojo.add_engagement_survey"|has_configuration_permission:"staff" %} - + {% if "dojo.add_engagement_survey"|has_configuration_permission:request %} + {% endif %}
    @@ -73,9 +74,9 @@ - {% if "dojo.delete_engagement_survey"|has_configuration_permission:"staff" %} + {% if "dojo.delete_engagement_survey"|has_configuration_permission:request %} Delete Questionnaire @@ -97,7 +98,7 @@
    {% if filtered.form %} - {% if "dojo.add_engagement_survey"|has_configuration_permission:"staff" %} + {% if "dojo.add_engagement_survey"|has_configuration_permission:request %}
    Actions
    @@ -107,7 +108,15 @@ {% endif %}
    Filters
    - {{ filtered.form.as_p }} + {% for field in filtered.form.visible_fields %} +
    + {{ field.errors }} + + {% with placeholder="placeholder:"|add:field.label %} + {{ field|addcss:"class:form-control input-sm"|addcss:placeholder }} + {% endwith %} +
    + {% endfor %}


    [Clear Filters] @@ -157,5 +166,5 @@
    {% if history %}
    diff --git a/dojo/templates/dojo/ad_hoc_findings.html b/dojo/templates/dojo/ad_hoc_findings.html index 624f9247116..1a4bc78d4e8 100644 --- a/dojo/templates/dojo/ad_hoc_findings.html +++ b/dojo/templates/dojo/ad_hoc_findings.html @@ -24,12 +24,14 @@

    Add Findings to a Test

    {% csrf_token %} {% include "dojo/form_fields.html" with form=form %} + {% block additional_forms %} + {% endblock additional_forms %} {% if jform %}

    JIRA

    @@ -66,13 +68,12 @@

    Github

    $ = django.jQuery; $(function () { $("textarea").each(function (index, elem) { - if (elem.hasAttribute("required")) { elem.removeAttribute("required"); elem.id = "req" } - if (elem.name != 'endpoints_to_add') { + if (elem.name != 'endpoints_to_add' && elem.name != 'vulnerability_ids' && !$(elem).hasClass('select2-search__field')) { var mde = new EasyMDE({ spellChecker: false, element: elem, diff --git a/dojo/templates/dojo/add_endpoint_meta_data.html b/dojo/templates/dojo/add_endpoint_meta_data.html index 7bc8aa01464..ebc6fce3407 100644 --- a/dojo/templates/dojo/add_endpoint_meta_data.html +++ b/dojo/templates/dojo/add_endpoint_meta_data.html @@ -3,7 +3,7 @@ {% block content %} {{ block.super }} -

    Add Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata

    +

    Add Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata


    {% csrf_token %} {% include "dojo/form_fields.html" with form=form %} diff --git a/dojo/templates/dojo/add_findings.html b/dojo/templates/dojo/add_findings.html index 26af11b8011..76fb340250e 100644 --- a/dojo/templates/dojo/add_findings.html +++ b/dojo/templates/dojo/add_findings.html @@ -31,7 +31,7 @@

    JIRA

    @@ -57,12 +57,14 @@

    {% csrf_token %} {% include "dojo/form_fields.html" with form=form %} + {% block additional_forms %} + {% endblock additional_forms %} {% if jform %}

    JIRA

    @@ -112,29 +114,28 @@

    JIRA

    {% endif %} }); - $("textarea").each(function (index, elem) { - - if (elem.hasAttribute("required")) { - elem.removeAttribute("required"); - elem.id = "req" - } + $("textarea").each(function (index, elem) { + if (elem.hasAttribute("required")) { + elem.removeAttribute("required"); + elem.id = "req" + } - if (elem.name != 'endpoints_to_add') { - var mde = new EasyMDE({ - spellChecker: false, - element: elem, - autofocus: false, - forceSync: true, - toolbar: ["bold", "italic", "heading", "|", - "quote", "unordered-list", "ordered-list", "|", - "link", "image", "|", - "table", "horizontal-rule", "code", "|", - "guide" - ] - }); - mde.render(); - } - }); + if (elem.name != 'endpoints_to_add' && elem.name != 'vulnerability_ids' && !$(elem).hasClass('select2-search__field')) { + var mde = new EasyMDE({ + spellChecker: false, + element: elem, + autofocus: false, + forceSync: true, + toolbar: ["bold", "italic", "heading", "|", + "quote", "unordered-list", "ordered-list", "|", + "link", "image", "|", + "table", "horizontal-rule", "code", "|", + "guide" + ] + }); + mde.render(); + } + }); $("#add_finding").submit(function () { var isFormValid = true; diff --git a/dojo/templates/dojo/add_group.html b/dojo/templates/dojo/add_group.html index a9eab78c762..b52a1740be5 100644 --- a/dojo/templates/dojo/add_group.html +++ b/dojo/templates/dojo/add_group.html @@ -2,60 +2,66 @@ {% load display_tags %} {% load static %} {% block add_css %} - - + {% endblock %} {% block add_styles %} -.editor-toolbar, .editor-statusbar, .editor-preview-side, .CodeMirror { -width: 70% !important; -} -.chosen-container.chosen-container-multi { -width: 70% !important; -} + .editor-toolbar, .editor-statusbar, .editor-preview-side, .CodeMirror { + width: 70% !important; + } + + .chosen-container.chosen-container-multi { + width: 70% !important; + } {% endblock %} -{% block content %} +{% block content %} {% csrf_token %} -
    - Default Information - {% include "dojo/form_fields.html" with form=form %} -
    -
    - Global Role - {% include "dojo/form_fields.html" with form=global_role_form %} -
    -
    -
    - +
    + {% block group_form %} + Default Information + {% include "dojo/form_fields.html" with form=form %} + {% endblock group_form %} +
    +
    + {% block global_role_form %} + Global Role + {% include "dojo/form_fields.html" with form=global_role_form %} + {% endblock global_role_form %} +
    +
    +
    + +
    -
    {% endblock %} + {% block postscript %} {% endblock %} diff --git a/dojo/templates/dojo/add_product_api_scan_configuration.html b/dojo/templates/dojo/add_product_api_scan_configuration.html index a423bb48c3a..525f4da6178 100644 --- a/dojo/templates/dojo/add_product_api_scan_configuration.html +++ b/dojo/templates/dojo/add_product_api_scan_configuration.html @@ -15,12 +15,20 @@

    Add {{ product.name }} API Scan Configuration

    - API Scan Configurations are supported for the test types SonarQube API and Cobalt.io API. -
      -
    • For SonarQube API the field Service key 1 has to be set with the SonarQube project key.
      • -
    • For Cobalt.io API the field Service key 1 has to be set with the Cobalt.io asset id. - Service key 2 will be populated with the asset name while saving the configuration.
      • -
    + API Scan Configurations are supported for these test types. +
    {% endblock %} {% block postscript %} diff --git a/dojo/templates/dojo/add_related.html b/dojo/templates/dojo/add_related.html index ea84ed84af5..f6c74e1c530 100644 --- a/dojo/templates/dojo/add_related.html +++ b/dojo/templates/dojo/add_related.html @@ -28,7 +28,7 @@ - + @@ -64,7 +64,7 @@ - + diff --git a/dojo/templates/dojo/add_risk_acceptance.html b/dojo/templates/dojo/add_risk_acceptance.html index 3f13f032540..e3d2de0a2ca 100644 --- a/dojo/templates/dojo/add_risk_acceptance.html +++ b/dojo/templates/dojo/add_risk_acceptance.html @@ -23,7 +23,7 @@

    Risk acceptance

    A risk acceptance can consist of compensating control(s) and documentation. Documentation can be in the form of an image or PDF file.
    - Select the findings that apply to this acceptance. These findings will be automatically be deactivated. + Select the findings that apply to this acceptance. These findings will be automatically deactivated.


    @@ -65,4 +65,4 @@

    Risk acceptance

    } }); -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/dojo/templates/dojo/add_template.html b/dojo/templates/dojo/add_template.html index 7377998d16c..09926f8dcfa 100644 --- a/dojo/templates/dojo/add_template.html +++ b/dojo/templates/dojo/add_template.html @@ -1,5 +1,6 @@ {% extends "base.html" %} {% load static %} +{% load authorization_tags %} {% block add_css %} {{ block.super }} @@ -32,16 +33,18 @@

    {{ name }} {{ template }}

    {% if template %} -
    - {% csrf_token %} -
    -
    - - + {% if "Finding_Delete"|has_global_permission %} + + {% csrf_token %} +
    +
    + + +
    -
    - + + {% endif %} {% endif %} {% endblock %} {% block postscript %} @@ -66,26 +69,28 @@

    {{ name }} {{ template }}

    $(function () { $("textarea").each(function (index, elem) { - if (elem.hasAttribute("required")) { elem.removeAttribute("required"); elem.id = "req" } - var mde = new EasyMDE({ - spellChecker: false, - element: elem, - autofocus: false, - forceSync: true, - toolbar: ["bold", "italic", "heading", "|", - "quote", "unordered-list", "ordered-list", "|", - "link", "image", "|", - "table", "horizontal-rule", "code", "|", - "guide" - ] - }); - mde.render(); + if (elem.name != 'vulnerability_ids' && !$(elem).hasClass('select2-search__field')) { + var mde = new EasyMDE({ + spellChecker: false, + element: elem, + autofocus: false, + forceSync: true, + toolbar: ["bold", "italic", "heading", "|", + "quote", "unordered-list", "ordered-list", "|", + "link", "image", "|", + "table", "horizontal-rule", "code", "|", + "guide" + ] + }); + mde.render(); + } }); + // add req id to input field which enables input length check $("input").each(function (index, elem) { diff --git a/dojo/templates/dojo/add_tests.html b/dojo/templates/dojo/add_tests.html index 3b9fe22c5ad..c5959bbaf38 100644 --- a/dojo/templates/dojo/add_tests.html +++ b/dojo/templates/dojo/add_tests.html @@ -12,6 +12,9 @@ {{ block.super }}

    Add Tests

    +

    + Documentation +

    {% csrf_token %} {% include "dojo/form_fields.html" with form=form %} {% include "dojo/form_fields.html" with form=cred_form %} @@ -26,4 +29,4 @@

    Add Tests

    {% endblock %} {% block postscript %} {{ block.super }} -{% endblock %} +{% endblock %} \ No newline at end of file diff --git a/dojo/templates/dojo/add_user.html b/dojo/templates/dojo/add_user.html index 2c6e4a1102e..cef8211cd4d 100644 --- a/dojo/templates/dojo/add_user.html +++ b/dojo/templates/dojo/add_user.html @@ -1,4 +1,5 @@ {% extends "base.html" %} +{% load i18n %} {% load display_tags %} {% load static %} @@ -7,41 +8,27 @@

    {{ name }} {% if to_edit %}- {{ to_edit.username }}{% endif %}

    {% csrf_token %}
    - Default Information + {% trans "Default Information" %} {% include "dojo/form_fields.html" with form=form %}
    - Additional Contact Information + {% trans "Additional Contact Information" %} {% include "dojo/form_fields.html" with form=contact_form %}
    - Global Role + {% trans "Global Role" %} {% include "dojo/form_fields.html" with form=global_role_form %}
    - +
    {% endblock %} {% block postscript %} {{ block.super }} - {% if to_add or to_edit and not to_edit.is_staff %} - - {% else %} - - {% endif %} + {% if not user.is_superuser %} {% endblock %} +{% block add_styles %} + td p { + margin-bottom: 0px; + } + + td p a { + color: #337ab7; + } + + .table>tbody>tr>td, + .table>tbody>tr>th, + .table>tfoot>tr>td, + .table>tfoot>tr>th, + .table>thead>tr>td, + .table>thead>tr>th { + padding: 12px 10px + } + + table.level-1 tr.level-1 td:first-child, + table.level-2 tr.level-1 td:first-child, + table.level-3 tr.level-1 td:first-child, + table.level-2 tr.level-2 td:first-child, + table.level-3 tr.level-2 td:first-child, + table.level-3 tr.level-3 td:first-child { + background-color: #DCEDFB; + } + + table.level-1 tr.level-2, + table.level-1 tr.level-3, + table.level-2 tr.level-3 { + opacity: 0.55; + } +{% endblock %} diff --git a/dojo/templates/dojo/breadcrumbs/endpoint_breadcrumb.html b/dojo/templates/dojo/breadcrumbs/endpoint_breadcrumb.html index c0c487eb3fb..c1a3e0952d5 100644 --- a/dojo/templates/dojo/breadcrumbs/endpoint_breadcrumb.html +++ b/dojo/templates/dojo/breadcrumbs/endpoint_breadcrumb.html @@ -9,7 +9,7 @@ {% if host_view %}
  • {{endpoint.host}}
    • {% else %} -
  • {{endpoint}}{% if endpoint.is_broken %} 🚩{% endif %}
    • +
  • {{endpoint}}{% if endpoint.is_broken %} 🚩{% endif %}
    • {% endif %} {% endif %} {% if product_tab.title %} diff --git a/dojo/templates/dojo/calendar.html b/dojo/templates/dojo/calendar.html index 5a47708a387..d2d2ae84d1c 100644 --- a/dojo/templates/dojo/calendar.html +++ b/dojo/templates/dojo/calendar.html @@ -6,13 +6,13 @@
    -
    +
    -
    +
    -
    +
    @@ -34,9 +34,9 @@ {% block postscript %} {{ block.super }} {% endblock %} diff --git a/dojo/templates/dojo/change_pwd.html b/dojo/templates/dojo/change_pwd.html index a1169b07ae3..1bbee0630c0 100644 --- a/dojo/templates/dojo/change_pwd.html +++ b/dojo/templates/dojo/change_pwd.html @@ -1,15 +1,15 @@ {% extends "base.html" %} +{% load i18n %} {% block content %} {{ block.super }} {% csrf_token %}
    - Change Password + {% trans "Change Password" %} {% include "dojo/form_fields.html" with form=form %}
    - - +
    diff --git a/dojo/templates/dojo/close_finding.html b/dojo/templates/dojo/close_finding.html index ab99a7cd846..6c3c2f7c251 100644 --- a/dojo/templates/dojo/close_finding.html +++ b/dojo/templates/dojo/close_finding.html @@ -4,9 +4,9 @@ {{ block.super }}

    Close a Finding

    {{ finding.title }}

    - {% if note_types|length == 0 %} + {% if note_types|length <= 1 %}

    Please provide a reason why this finding is being closed.

    - {% elif note_types|length > 0 %} + {% elif note_types|length > 1 %}

    Please add atleast one note from the following note type(s):

    {% for note_type in note_types %} {{ note_type.name}}
    @@ -17,9 +17,9 @@

    {{ finding.title }}

    {% include "dojo/form_fields.html" with form=form %}
    - {% if note_types|length == 0 %} + {% if note_types|length <= 1 %} - {% elif note_types|length > 0 %} + {% elif note_types|length > 1 %} {% endif %}
    diff --git a/dojo/templates/dojo/components.html b/dojo/templates/dojo/components.html index 61b87ca2dfe..1d1667de233 100644 --- a/dojo/templates/dojo/components.html +++ b/dojo/templates/dojo/components.html @@ -11,7 +11,7 @@

    Components
    - +

    @@ -124,7 +124,10 @@

    // Mapping of table columns to objects for proper cleanup and data formatting var dojoTable = $('#components').DataTable({ drawCallback: function(){ - $('.has-popover').popover({'trigger':'hover'}); + $('#components .has-popover').hover( + function() { $(this).popover('show'); }, // hover + function() { $(this).popover('hide'); } // unhover + ); }, "columns": [ { "data": "Component_name" }, diff --git a/dojo/templates/dojo/copy_object.html b/dojo/templates/dojo/copy_object.html new file mode 100644 index 00000000000..e353f8d3775 --- /dev/null +++ b/dojo/templates/dojo/copy_object.html @@ -0,0 +1,26 @@ +{% extends "base.html" %} +{% load static %} +{% block add_css %} + {{ block.super }} + +{% endblock add_css %} +{% block content %} + {{ block.super }} + {% if product_tab.tab == "engagements" and destination_label == "Product" %} +

    Copy {{ source }} in {{ product_tab.product }}

    + {% else %} +

    Copy {{ source }} to a new {{ destination_label }}

    + + {% endif %} + + {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
    +
    + +
    +
    + +{% endblock content %} \ No newline at end of file diff --git a/dojo/templates/dojo/custom_html_report.html b/dojo/templates/dojo/custom_html_report.html index 08c396f16b0..d921fd1a3b2 100644 --- a/dojo/templates/dojo/custom_html_report.html +++ b/dojo/templates/dojo/custom_html_report.html @@ -4,7 +4,7 @@ {{ report_name }} - + \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", + "body" : "\n\n\n\n\n\n\n\n \n \n \n \n \n \n \n DefectDojo\n \n \n \n\n \n \n \n \n \n \n\n \n \n\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n\n \n \n\n \n \n\n \n \n\n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", "dom" : { "url" : "https://demo.defectdojo.org/login?next=/", "transitions" : [], @@ -293,7 +293,7 @@ } }, "page" : { - "body" : "\n\n\n\n\n\n\n\n \n \n \n \n \n \n \n DefectDojo\n \n \n \n\n \n \n \n \n \n \n\n \n \n\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n\n \n \n\n \n \n\n \n \n\n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", + "body" : "\n\n\n\n\n\n\n\n \n \n \n \n \n \n \n DefectDojo\n \n \n \n\n \n \n \n \n \n \n\n \n \n\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n\n \n \n\n \n \n\n \n \n\n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", "dom" : { "url" : "https://demo.defectdojo.org/login?next=/", "transitions" : [], @@ -329,7 +329,7 @@ "code" : 200, "ip_address" : "104.131.110.75", "headers_string" : "HTTP/1.1 200 OK\r\nCache-Control: max-age=0, no-cache, no-store, must-revalidate\r\nContent-Length: 13456\r\nContent-Type: text/html; charset=utf-8\r\nDate: Wed, 17 Mar 2021 18:37:26 GMT\r\nExpires: Wed, 17 Mar 2021 18:37:26 GMT\r\nServer: Caddy\r\nServer: nginx/1.19.7\r\nSet-Cookie: csrftoken=ozdf8aj3T8aHuFq5KFMtxy7TgCxqGXjINwjolgbqcAW9wnvE99HfZdw6dWF8Ud7o; expires=Wed, 16 Mar 2022 18:37:26 GMT; HttpOnly; Max-Age=31449600; Path=/; SameSite=Lax\r\nVary: Cookie\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Xss-Protection: 1; mode=block\r\n\r\n", - "body" : "\n\n\n\n\n\n\n\n \n \n \n \n \n \n \n DefectDojo\n \n \n \n\n \n \n \n \n \n \n\n \n \n\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n\n \n \n\n \n \n\n \n \n\n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", + "body" : "\n\n\n\n\n\n\n\n \n \n \n \n \n \n \n DefectDojo\n \n \n \n\n \n \n \n \n \n \n\n \n \n\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n\n \n \n\n \n \n\n \n \n\n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n \n\n\n\n
    \n \n \n \n \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n
    \n \n \n
    \n
    \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n

    Login

    \n
    \n
    \n \n
    \n Greetings from Germany\n
    \n \n\n \n \n\n \n\n\n \n\n\n\n\n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n
    \n \n \n \n \n
    \n \n\n\n \n
    \n \n
    \n\n \n\n \n
    \n \n
    \n \n Show Password\n
    \n \n \n
    \n \n
    \n \n
    \n
    \n \n\n \n\n \n\n \n\n \n\n \n
    \n
    \n
    \n\n
    \n \n
    \n
    \n \n
    \n \n
    \n
    \n
    \n
    \n

    \n \"DefectDojo
    \n v. 1.13.1 ( release mode )\n

    \n

    \n Detailed DefectDojo documentation can be found at Read The Docs.\n

    \n

    \n DefectDojo is licensed under the Simplified BSD\n license.\n

    \n

    \n © 2021 DefectDojo\n

    \n
    \n
    \n
    \n

    True

    \n

    False

    \n
    \n
    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", "time" : 0.21874, "app_time" : 0.103239, "total_time" : 0.21874, diff --git a/unittests/scans/arachni/js.com.afr.json b/unittests/scans/arachni/js.com.afr.json index 86fc6415c09..b0e8f41d74b 100644 --- a/unittests/scans/arachni/js.com.afr.json +++ b/unittests/scans/arachni/js.com.afr.json @@ -2961,7 +2961,7 @@ "class" : "Arachni::Element::Link", "type" : "link", "url" : "https://juice-shop.herokuapp.com/", - "source" : "\n
    \n
    \n \n
    \n \n \n \n \n \n \n
    \n \n
    \n \n GitHub\n \n
    \n    ", + "source" : "\n
    \n
    \n \n
    \n \n \n \n \n \n \n
    \n \n
    \n \n GitHub\n \n
    \n    ", "affected_input_name" : "to", "affected_input_value" : "https://www.6c78ef9032b42c79e79988f7862ddb55.com//?https://github.com/bkimminich/juice-shop", "seed" : "https://www.6c78ef9032b42c79e79988f7862ddb55.com/", @@ -2976,7 +2976,7 @@ "method" : "get" }, "referring_page" : { - "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", + "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", "dom" : { "url" : "https://juice-shop.herokuapp.com/#/", "transitions" : [ @@ -4363,7 +4363,7 @@ "affected_input_name" : null }, "referring_page" : { - "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", + "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", "dom" : { "url" : "https://juice-shop.herokuapp.com/#/", "transitions" : [ @@ -5042,7 +5042,7 @@ } }, "page" : { - "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", + "body" : " \n \n \n \n\n\n\n\n\n \n OWASP Juice Shop\n \n \n \n \n \n \n\n \n \n\n \n \n\n\n
    This website uses fruit cookies to ensure you get the juiciest tracking experience. But me wait!
    Me want it!
    \n

    OWASP Juice Shop

    Account

    Contact

    feedback Customer Feedback

    Company

    business_center About Us
    camera Photo Wall
    Score Board
    GitHub
    OWASP Juice Shop
    v12.6.1
                 
    close search
    All Products
    \"Apple
    Apple Juice (1000ml)
    1.99¤
    \"Apple
    Apple Pomace
    0.89¤
    \"Banana
    Banana Juice (1000ml)
    1.99¤
    Only 1 left
    \"Best
    Best Juice Shop Salesman Artwork
    5000¤
    \"Carrot
    Carrot Juice (1000ml)
    2.99¤
    \"Eggfruit
    Eggfruit Juice (500ml)
    8.99¤
    \"Fruit
    Fruit Press
    89.99¤
    \"Green
    Green Smoothie
    1.99¤
    Only 1 left
    \"Juice
    Juice Shop \"Permafrost\" 2020 Edition
    9999.99¤
    \"Lemon
    Lemon Juice (500ml)
    2.99¤
    Only 3 left
    \"Melon
    Melon Bike (Comeback-Product 2018 Edition)
    2999¤
    Sold Out
    \"OWASP
    OWASP Juice Shop \"King of the Hill\" Facemask
    13.49¤
    Items per page:
    12
    1 – 12 of 34
    \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n\n
    Language has been changed to English
    Open side menu
    Choose language
    Click for more information
    ", "dom" : { "url" : "https://juice-shop.herokuapp.com/#/", "transitions" : [ diff --git a/unittests/scans/asff/guardduty/Unusual Behaviors-User-Persistence IAMUser-NetworkPermissions.json b/unittests/scans/asff/guardduty/Unusual Behaviors-User-Persistence IAMUser-NetworkPermissions.json new file mode 100644 index 00000000000..259d0224ca2 --- /dev/null +++ b/unittests/scans/asff/guardduty/Unusual Behaviors-User-Persistence IAMUser-NetworkPermissions.json @@ -0,0 +1,107 @@ +[ + { + "AwsAccountId": "123456789012", + "CreatedAt": "2020-11-11T11:47:26.511Z", + "Description": "APIs commonly used to change the network access permissions for security groups, routes and ACLs, was invoked by IAM principal GeneratedFindingUserName. Such activity is not typically seen from this principal.", + "FirstObservedAt": "2020-11-11T11:47:26.511Z", + "GeneratorId": "arn:aws:guardduty:eu-west-1:123456789012:detector/cab6a714deb3b739eaddacbdfd5ef2f2", + "Id": "arn:aws:guardduty:eu-west-1:123456789012:detector/cab6a714deb3b739eaddacbdfd5ef2f2/finding/d6badb90e557d4bd811488a53ca89895", + "LastObservedAt": "2020-11-28T23:11:30.811Z", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/guardduty", + "ProductFields": { + "aws/guardduty/service/action/actionType": "AWS_API_CALL", + "aws/guardduty/service/action/awsApiCallAction/affectedResources": "THIS_WAS_PREVIOUSLY_EMPTY_AND_WAS_ADDED_BY_NE", + "aws/guardduty/service/action/awsApiCallAction/api": "GeneratedFindingAPIName", + "aws/guardduty/service/action/awsApiCallAction/callerType": "Remote IP", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/city/cityName": "GeneratedFindingCityName", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/country/countryName": "GeneratedFindingCountryName", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/geoLocation/lat": "0", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/geoLocation/lon": "0", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/ipAddressV4": "198.51.100.0", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/organization/asn": "-1", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/organization/asnOrg": "GeneratedFindingASNOrg", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/organization/isp": "GeneratedFindingISP", + "aws/guardduty/service/action/awsApiCallAction/remoteIpDetails/organization/org": "GeneratedFindingORG", + "aws/guardduty/service/action/awsApiCallAction/serviceName": "GeneratedFindingAPIServiceName", + "aws/guardduty/service/additionalInfo/recentApiCalls.0_/api": "GeneratedFindingAPIName1", + "aws/guardduty/service/additionalInfo/recentApiCalls.0_/count": "2", + "aws/guardduty/service/additionalInfo/recentApiCalls.1_/api": "GeneratedFindingAPIName2", + "aws/guardduty/service/additionalInfo/recentApiCalls.1_/count": "2", + "aws/guardduty/service/additionalInfo/sample": "true", + "aws/guardduty/service/archived": "false", + "aws/guardduty/service/count": "2", + "aws/guardduty/service/detectorId": "cab6a714deb3b739eaddacbdfd5ef2f2", + "aws/guardduty/service/eventFirstSeen": "2020-11-11T11:47:26.511Z", + "aws/guardduty/service/eventLastSeen": "2020-11-28T23:11:30.811Z", + "aws/guardduty/service/resourceRole": "TARGET", + "aws/guardduty/service/serviceName": "guardduty", + "aws/securityhub/CompanyName": "Amazon", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/guardduty/arn:aws:guardduty:eu-west-1:123456789012:detector/cab6a714deb3b739eaddacbdfd5ef2f2/finding/d6badb90e557d4bd811488a53ca89895", + "aws/securityhub/ProductName": "GuardDuty" + }, + "RecordState": "ACTIVE", + "Resources": [ + { + "Details": { + "AwsEc2Instance": { + "IamInstanceProfileArn": "arn:aws:iam::123456789012:example/instance/profile", + "ImageId": "ami-99999999", + "IpV4Addresses": [ + "10.0.0.1", + "198.51.100.0" + ], + "LaunchedAt": "2016-08-02T02:05:06Z", + "SubnetId": "GeneratedFindingSubnetId", + "Type": "m3.xlarge", + "VpcId": "GeneratedFindingVPCId" + } + }, + "Id": "arn:aws:ec2:eu-west-1:123456789012:instance/i-99999999", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "GeneratedFindingInstaceTag1": "GeneratedFindingInstaceValue1", + "GeneratedFindingInstaceTag2": "GeneratedFindingInstaceTagValue2", + "GeneratedFindingInstaceTag3": "GeneratedFindingInstaceTagValue3", + "GeneratedFindingInstaceTag4": "GeneratedFindingInstaceTagValue4", + "GeneratedFindingInstaceTag5": "GeneratedFindingInstaceTagValue5", + "GeneratedFindingInstaceTag6": "GeneratedFindingInstaceTagValue6", + "GeneratedFindingInstaceTag7": "GeneratedFindingInstaceTagValue7", + "GeneratedFindingInstaceTag8": "GeneratedFindingInstaceTagValue8", + "GeneratedFindingInstaceTag9": "GeneratedFindingInstaceTagValue9" + }, + "Type": "AwsEc2Instance" + }, + { + "Details": { + "AwsIamAccessKey": { + "PrincipalId": "GeneratedFindingPrincipalId", + "PrincipalName": "GeneratedFindingUserName", + "PrincipalType": "IAMUser" + } + }, + "Id": "AWS::IAM::AccessKey:GeneratedFindingAccessKeyId", + "Partition": "aws", + "Region": "eu-west-1", + "Type": "AwsIamAccessKey" + } + ], + "SchemaVersion": "2018-10-08", + "Severity": { + "Label": "MEDIUM", + "Normalized": 50, + "Product": 5 + }, + "SourceUrl": "https://eu-west-1.console.aws.amazon.com/guardduty/home?region=eu-west-1#/findings?macros=current&fId=d6badb90e557d4bd811488a53ca89895", + "Title": "Unusual changes to network permissions by GeneratedFindingUserName.", + "Types": [ + "TTPs/Persistence/Persistence:IAMUser-NetworkPermissions", + "Unusual Behaviors/User/Persistence:IAMUser-NetworkPermissions" + ], + "UpdatedAt": "2020-11-28T23:11:30.811Z", + "Workflow": { + "Status": "NEW" + }, + "WorkflowState": "NEW" + } +] \ No newline at end of file diff --git a/unittests/scans/asff/many_vulns.json b/unittests/scans/asff/many_vulns.json new file mode 100644 index 00000000000..bf22112af9f --- /dev/null +++ b/unittests/scans/asff/many_vulns.json @@ -0,0 +1,766 @@ +[ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/e7dd7a6979b7ce39de463533b1e6cd44", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2017-9735 - org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-util", + "Description": "Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/instanceId": "i-0asd2da21c8csd28s", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/e7dd7a6979b7ce39de463533b1e6cd44", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0asd2da21c8csd28s", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "OS": "Ubuntu", + "envtype": "production", + "name": "MyServer1 - new", + "OS-version": "18.04", + "department": "it", + "envcategory": "production", + "Name": "MyServer1" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-1234shgh268csd28s", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12kk2qwe", + "SubnetId": "subnet-s12u28as", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2017-9735", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-server", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.server_8.1.14.v20131031.jar", + "FixedInVersion": "9.4.6.v20170531", + "Remediation": "Update jetty-server to 9.4.6.v20170531" + }, + { + "Name": "org.eclipse.jetty:jetty-util", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.util_8.1.14.v20131031.jar", + "FixedInVersion": "9.4.6.v20170531", + "Remediation": "Update jetty-util to 9.4.6.v20170531" + } + ], + "Cvss": [ + { + "Version": "2.0", + "BaseScore": 5, + "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9735", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2017-06-16T21:29:00Z", + "VendorUpdatedAt": "2022-03-15T14:55:00Z" + }, + "ReferenceUrls": [ + "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", + "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", + "https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559@%3Ccommon-dev.hadoop.apache.org%3E", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://bugs.debian.org/864631", + "https://www.oracle.com/security-alerts/cpuoct2020.html", + "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a@%3Ccommon-issues.hadoop.apache.org%3E", + "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/96a4d357714e4eb40e17e4a9c6171ce4", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "CVE-2019-10247 - org.eclipse.jetty:jetty-server", + "Description": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "5.3", + "aws/inspector/instanceId": "i-0asd2da21c8csd28s", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/96a4d357714e4eb40e17e4a9c6171ce4", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0asd2da21c8csd28s", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "Name": "MyServer1" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-1234shgh268csd28s", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12kk2qwe", + "SubnetId": "subnet-s12u28as", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2019-10247", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-server", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.server_8.1.14.v20131031.jar", + "FixedInVersion": "9.4.17.v20190418", + "Remediation": "Update jetty-server to 9.4.17.v20190418" + } + ], + "Cvss": [ + { + "Version": "2.0", + "BaseScore": 5, + "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247", + "VendorSeverity": "MEDIUM", + "VendorCreatedAt": "2019-04-22T20:29:00Z", + "VendorUpdatedAt": "2022-04-22T20:09:00Z" + }, + "ReferenceUrls": [ + "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", + "https://www.oracle.com/security-alerts/cpuapr2020.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuoct2020.html", + "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", + "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", + "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", + "https://www.debian.org/security/2021/dsa-4949", + "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "https://www.oracle.com/security-alerts/cpujul2020.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", + "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577" + ], + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/957fcab569b7cfd5faa067a3be3c0728", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "CVE-2023-26048 - org.eclipse.jetty:jetty-server", + "Description": "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "5.3", + "aws/inspector/instanceId": "i-0asd2da21c8csd28s", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/957fcab569b7cfd5faa067a3be3c0728", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0asd2da21c8csd28s", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "Name": "MyServer1" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-1234shgh268csd28s", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12kk2qwe", + "SubnetId": "subnet-s12u28as", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-26048", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-server", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.server_8.1.14.v20131031.jar", + "FixedInVersion": "12.0.0.beta0", + "Remediation": "Update jetty-server to 12.0.0.beta0" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", + "VendorSeverity": "MEDIUM", + "VendorCreatedAt": "2023-04-18T21:15:00Z", + "VendorUpdatedAt": "2023-05-26T20:15:00Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/723630f6ce983dbf1b8d2a5f3d6df888", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2021-28165 - org.eclipse.jetty:jetty-io", + "Description": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/instanceId": "i-0asd2da21c8csd28s", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/723630f6ce983dbf1b8d2a5f3d6df888", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0asd2da21c8csd28s", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "Name": "MyServer1" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-1234shgh268csd28s", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12kk2qwe", + "SubnetId": "subnet-s12u28as", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2021-28165", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-io", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.io_8.1.14.v20131031.jar", + "FixedInVersion": "11.0.2", + "Remediation": "Update jetty-io to 11.0.2" + } + ], + "Cvss": [ + { + "Version": "2.0", + "BaseScore": 7.8, + "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2021-04-01T15:15:00Z", + "VendorUpdatedAt": "2022-07-29T17:05:00Z" + }, + "ReferenceUrls": [ + "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E", + "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E", + "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E", + "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E", + "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E", + "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E", + "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E", + "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E", + "https://www.debian.org/security/2021/dsa-4949", + "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E", + "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E", + "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/71344c6204b894be7a0c28bed223bf9b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "CVE-2023-26049 - org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http", + "Description": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still ...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "5.3", + "aws/inspector/instanceId": "i-0asd2da21c8csd28s", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/71344c6204b894be7a0c28bed223bf9b", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0asd2da21c8csd28s", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "Name": "MyServer1" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-1234shgh268csd28s", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12kk2qwe", + "SubnetId": "subnet-s12u28as", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-26049", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-server", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.server_8.1.14.v20131031.jar", + "FixedInVersion": "12.0.0.beta0", + "Remediation": "Update jetty-server to 12.0.0.beta0" + }, + { + "Name": "org.eclipse.jetty:jetty-http", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.http_8.1.14.v20131031.jar", + "FixedInVersion": "12.0.0.beta0", + "Remediation": "Update jetty-http to 12.0.0.beta0" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 5.3, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", + "VendorSeverity": "MEDIUM", + "VendorCreatedAt": "2023-04-18T21:15:00Z", + "VendorUpdatedAt": "2023-05-26T20:15:00Z" + }, + "ReferenceUrls": [ + "https://www.rfc-editor.org/rfc/rfc6265", + "https://www.rfc-editor.org/rfc/rfc2965" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + } +] \ No newline at end of file diff --git a/unittests/scans/asff/one_vuln.json b/unittests/scans/asff/one_vuln.json new file mode 100644 index 00000000000..6b339bd32fb --- /dev/null +++ b/unittests/scans/asff/one_vuln.json @@ -0,0 +1,147 @@ +[ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-west-1:123456789123:finding/e7dd7a6979b7ce39de463533b1e6cd44", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-west-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789123", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-08-30T20:07:14Z", + "LastObservedAt": "2023-09-15T07:00:24Z", + "CreatedAt": "2023-08-30T20:07:14Z", + "UpdatedAt": "2023-09-15T07:00:24Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2017-9735 - org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-util", + "Description": "Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/instanceId": "i-0sdg8sa1k2l3j11m2", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "UBUNTU_20_04", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/inspector/arn:aws:inspector2:eu-west-1:123456789123:finding/e7dd7a6979b7ce39de463533b1e6cd44", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-west-1:123456789123:instance/i-0sdg8sa1k2l3j11m2", + "Partition": "aws", + "Region": "eu-west-1", + "Tags": { + "Name": "MyWebServer" + }, + "Details": { + "AwsEc2Instance": { + "Type": "m5d.large", + "ImageId": "ami-0211k2j12l987bg2h7", + "IpV4Addresses": [ + "123.123.123.123", + "172.31.0.31" + ], + "KeyName": "MySSHkey", + "IamInstanceProfileArn": "arn:aws:iam::123456789123:instance-profile/AmazonSSMRole", + "VpcId": "vpc-12jh8mgg", + "SubnetId": "subnet-k12i88jh", + "LaunchedAt": "2023-08-30T05:09:41Z" + } + } + } + + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2017-9735", + "VulnerablePackages": [ + { + "Name": "org.eclipse.jetty:jetty-server", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.server_8.1.14.v20131031.jar", + "FixedInVersion": "9.4.6.v20170531", + "Remediation": "Update jetty-server to 9.4.6.v20170531" + }, + { + "Name": "org.eclipse.jetty:jetty-util", + "Version": "8.1.14.v20131031", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "/usr/lib/jvm/java-8-oracle/lib/missioncontrol/plugins/org.eclipse.jetty.util_8.1.14.v20131031.jar", + "FixedInVersion": "9.4.6.v20170531", + "Remediation": "Update jetty-util to 9.4.6.v20170531" + } + ], + "Cvss": [ + { + "Version": "2.0", + "BaseScore": 5, + "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9735", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2017-06-16T21:29:00Z", + "VendorUpdatedAt": "2022-03-15T14:55:00Z" + }, + "ReferenceUrls": [ + "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", + "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", + "https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559@%3Ccommon-dev.hadoop.apache.org%3E", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://bugs.debian.org/864631", + "https://www.oracle.com/security-alerts/cpuoct2020.html", + "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", + "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a@%3Ccommon-issues.hadoop.apache.org%3E", + "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + } +] \ No newline at end of file diff --git a/unittests/scans/asff/prowler-output.asff.json b/unittests/scans/asff/prowler-output.asff.json new file mode 100644 index 00000000000..971f61535be --- /dev/null +++ b/unittests/scans/asff/prowler-output.asff.json @@ -0,0 +1,43588 @@ +[{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-eu-west-1-f0b4a19e3", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:access-analyzer:eu-west-1:123456789012:analyzer/ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69 is enabled", + "Resources": [ + { + "Type": "Other", + "Id": "arn:aws:access-analyzer:eu-west-1:123456789012:analyzer/ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.20", + "CIS-1.4 1.20" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-eu-west-1-f0b4a19e3", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:access-analyzer:eu-west-1:123456789012:analyzer/ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69 does not have active findings", + "Resources": [ + { + "Type": "Other", + "Id": "arn:aws:access-analyzer:eu-west-1:123456789012:analyzer/ConsoleAnalyzer-3334742f-fcf5-444e-8b27-ff5650996b69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-accessanalyzer_enabled_without_findings-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-accessanalyzer_enabled_without_findings", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if IAM Access Analyzer is enabled without findings", + "Description": "IAM Access Analyzer in account 123456789012 is not enabled", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-account_maintain_current_contact_details-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-account_maintain_current_contact_details", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Maintain current contact details.", + "Description": "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "INFOED", + "RelatedRequirements": [ + "CIS-1.5 1.1", + "ENS-RD2022 op.ext.7.aws.am.1", + "CIS-1.4 1.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Using the Billing and Cost Management console complete contact details.", + "Url": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-account_security_contact_information_is_registered-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-account_security_contact_information_is_registered", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure security contact information is registered.", + "Description": "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "INFOED", + "RelatedRequirements": [ + "CIS-1.5 1.2", + "ENS-RD2022 op.ext.7.aws.am.1", + "CIS-1.4 1.2", + "AWS-Foundational-Security-Best-Practices account acm" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Go to the My Account section and complete alternate contacts.", + "Url": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-account_security_questions_are_registered_in_the_aws_account-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-account_security_questions_are_registered_in_the_aws_account", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure security questions are registered in the AWS account.", + "Description": "Manual check: Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "INFOED", + "RelatedRequirements": [ + "CIS-1.5 1.3", + "ENS-RD2022 op.ext.7.aws.am.1", + "CIS-1.4 1.3" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Login as root account and from My Account configure Security questions.", + "Url": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-security-challenge.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-awslambda_function_invoke_api_operations_cloudtrail_logging_enabled-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia" + }, + "GeneratorId": "prowler-awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Lambda functions invoke API operations are being recorded by CloudTrail.", + "Description": "Lambda function load-wikipedia is not recorded by CloudTrail", + "Resources": [ + { + "Type": "AwsLambdaFunction", + "Id": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.", + "Url": "https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-awslambda_function_no_secrets_in_code-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia" + }, + "GeneratorId": "prowler-awslambda_function_no_secrets_in_code", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Find secrets in Lambda functions code.", + "Description": "No secrets found in Lambda function load-wikipedia code", + "Resources": [ + { + "Type": "AwsLambdaFunction", + "Id": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.", + "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-awslambda_function_no_secrets_in_variables-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia" + }, + "GeneratorId": "prowler-awslambda_function_no_secrets_in_variables", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Find secrets in Lambda functions variables.", + "Description": "No secrets found in Lambda function load-wikipedia variables", + "Resources": [ + { + "Type": "AwsLambdaFunction", + "Id": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.", + "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-awslambda_function_not_publicly_accessible-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia" + }, + "GeneratorId": "prowler-awslambda_function_not_publicly_accessible", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Check if Lambda functions have resource-based policy set as Public.", + "Description": "Lambda function load-wikipedia has a policy resource-based policy not public", + "Resources": [ + { + "Type": "AwsLambdaFunction", + "Id": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "NIST-CSF-1.1 ac_3 ac_5 pt_4", + "PCI-3.2.1 lambda", + "ENS-RD2022 op.acc.4.aws.iam.1", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_312_a_1 164_312_e_1", + "FFIEC d3-pc-im-b-1", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-3 ac-4 ac-6 ac-17-1 cm-2 sc-7-3 ", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_13_1 3_13_2 " + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Grant usage permission on a per-resource basis and applying least privilege principle.", + "Url": "https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-awslambda_function_using_supported_runtimes-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia" + }, + "GeneratorId": "prowler-awslambda_function_using_supported_runtimes", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Find obsolete Lambda runtimes.", + "Description": "Lambda function load-wikipedia is using python2.7 which is obsolete", + "Resources": [ + { + "Type": "AwsLambdaFunction", + "Id": "arn:aws:lambda:eu-west-1:123456789012:function:load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "AWS-Foundational-Security-Best-Practices lambda" + ], + "AssociatedStandards": [ + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Test new runtimes as they are made available. Implement them in production as soon as possible.", + "Url": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-northeast-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-northeast-2-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-northeast-3-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-south-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-southeast-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ap-southeast-2-266d98fa9", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-ca-central-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-eu-central-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-eu-north-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-eu-west-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-eu-west-2-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-eu-west-3-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-sa-east-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-us-east-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-us-east-2-266d98fa9", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-us-west-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_multi_region_enabled-123456789012-us-west-2-266d98fa9", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_multi_region_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure CloudTrail is enabled in all regions", + "Description": "No CloudTrail trails enabled and logging were found", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "No trails", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 ac_2 au_2 au_3 au_12 cm_2", + "CIS-1.5 3.1", + "SOC2 cc_2_1 cc_7_2 cc_a_1_2", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "PCI-3.2.1 cloudtrail", + "ENS-RD2022 op.acc.6.r5.aws.iam.1 op.exp.5.aws.ct.1 op.exp.8.aws", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k 11.300-d", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.1", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 1-risk-management 4.2-validation-documentation-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices cloudtrail", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_4_1 3_6_1 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_s3_dataevents_read_enabled-123456789012-eu-west-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_s3_dataevents_read_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail.", + "Description": "No CloudTrail trails have a data event to record all S3 object-level API operations.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 au_2 au_3 au_12", + "CIS-1.5 3.11", + "SOC2 cc_2_1 cc_7_2", + "NIST-CSF-1.1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 ds_5", + "ENS-RD2022 op.exp.8.r1.aws.ct.2 op.exp.8.r1.aws.ct.4", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.11", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_30", + "GxP-EU-Annex-11 8.2-printouts-data-changes 9-audit-trails 12.4-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_13_1 3_14_6 " + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudtrail_s3_dataevents_write_enabled-123456789012-eu-west-1-266d98fa9", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "No trails" + }, + "GeneratorId": "prowler-cloudtrail_s3_dataevents_write_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail.", + "Description": "No CloudTrail trails have a data event to record all S3 object-level API operations.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "No trails", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 au_2 au_3 au_12", + "CIS-1.5 3.10", + "SOC2 cc_2_1 cc_7_2", + "NIST-CSF-1.1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 ds_5", + "ENS-RD2022 op.exp.8.aws.ct.4 op.exp.8.r1.aws.ct.2 op.exp.8.r1.a", + "FedRAMP-Low-Revision-4 ac-2 au-2 ca-7", + "GxP-21-CFR-Part-11 11.10-e 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 3.10", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_30", + "GxP-EU-Annex-11 8.2-printouts-data-changes 9-audit-trails 12.4-", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_13_1 3_14_6 " + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_changes_to_network_acls_alarm_configured-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_changes_to_network_acls_alarm_configured", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 au_6_1 au_6_3 au_7_1 ca_7 ir_4_1 ", + "CIS-1.5 4.11", + "SOC2 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_5 cm_2 cm_5 cp_4 ra_5", + "FedRAMP-Low-Revision-4 ac-2 ca-7 ir-4", + "CIS-1.4 4.11", + "HIPAA 164_308_a_6_i", + "FFIEC d5-dr-de-b-1 d5-dr-de-b-3", + "FedRamp-Moderate-Revision-4 ac-2-4 au-6-1-3 au-7-1 ca-7-a-b ir-", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_6_1 3_6_2 3_12_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_changes_to_network_gateways_alarm_configured-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_changes_to_network_gateways_alarm_configured", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for changes to network gateways.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 au_6_1 au_6_3 au_7_1 ca_7 ir_4_1 ", + "CIS-1.5 4.12", + "SOC2 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_5 cm_2 cm_5 cp_4 ra_5", + "FedRAMP-Low-Revision-4 ir-4", + "CIS-1.4 4.12", + "HIPAA 164_308_a_6_i", + "FFIEC d5-dr-de-b-1 d5-dr-de-b-3", + "FedRamp-Moderate-Revision-4 ac-2-4 au-6-1-3 au-7-1 ca-7-a-b ir-", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_6_1 3_6_2 3_12_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_changes_to_network_route_tables_alarm_configured-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_changes_to_network_route_tables_alarm_configured", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for route table changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 au_6_1 au_6_3 au_7_1 ca_7 ir_4_1 ", + "CIS-1.5 4.13", + "SOC2 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_5 cm_2 cm_5 cp_4 ra_5", + "FedRAMP-Low-Revision-4 ir-4", + "CIS-1.4 4.13", + "HIPAA 164_308_a_6_i", + "FFIEC d5-dr-de-b-1 d5-dr-de-b-3", + "FedRamp-Moderate-Revision-4 ac-2-4 au-6-1-3 au-7-1 ca-7-a-b ir-", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_6_1 3_6_2 3_12_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_changes_to_vpcs_alarm_configured-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_changes_to_vpcs_alarm_configured", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for VPC changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_4 au_6_1 au_6_3 au_7_1 ca_7 ir_4_1 ", + "CIS-1.5 4.14", + "SOC2 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_5 cm_2 cm_5 cp_4 ra_5", + "FedRAMP-Low-Revision-4 ir-4", + "CIS-1.4 4.14", + "HIPAA 164_308_a_6_i", + "FFIEC d5-dr-de-b-1 d5-dr-de-b-3", + "FedRamp-Moderate-Revision-4 ac-2-4 au-6-1-3 au-7-1 ca-7-a-b ir-", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_6_1 3_6_2 3_12_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_cross_account_sharing_disabled-123456789012-eu-west-1-1fe0be6b0", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "CloudWatch-CrossAccountSharingRole" + }, + "GeneratorId": "prowler-cloudwatch_cross_account_sharing_disabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if CloudWatch has allowed cross-account sharing.", + "Description": "CloudWatch doesn't allows cross-account sharing", + "Resources": [ + { + "Type": "AwsCloudWatch", + "Id": "CloudWatch-CrossAccountSharingRole", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.4.aws.iam.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", + "Url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_group_kms_encryption_enabled-123456789012-eu-west-1-e3399fb46", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*" + }, + "GeneratorId": "prowler-cloudwatch_log_group_kms_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if CloudWatch log groups are protected by AWS KMS.", + "Description": "Log Group /aws/lambda/load-wikipedia does not have AWS KMS keys associated.", + "Resources": [ + { + "Type": "AwsLogsLogGroup", + "Id": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_9 sc_28", + "SOC2 cc_7_3", + "NIST-CSF-1.1 ds_1", + "FedRAMP-Low-Revision-4 au-9", + "GxP-21-CFR-Part-11 11.30", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GDPR article_32", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 au-9 sc-28", + "NIST-800-53-Revision-5 au_9_3 cp_9_d sc_8_3 sc_8_4 sc_13_a sc_2", + "NIST-800-171-Revision-2 3_3_8 3_13_11 3_13_16" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Associate KMS Key with Cloudwatch log group.", + "Url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_group_no_secrets_in_logs-123456789012-eu-west-1-e3399fb46", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*" + }, + "GeneratorId": "prowler-cloudwatch_log_group_no_secrets_in_logs", + "AwsAccountId": "123456789012", + "Types": [ + "Protect", + "Secure development" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if secrets exists in CloudWatch logs.", + "Description": "No secrets found in /aws/lambda/load-wikipedia log group.", + "Resources": [ + { + "Type": "AwsCloudTrailLogGroup", + "Id": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", + "Url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_group_retention_policy_specific_days_enabled-123456789012-eu-west-1-e3399fb46", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*" + }, + "GeneratorId": "prowler-cloudwatch_log_group_retention_policy_specific_days_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Retention" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if CloudWatch Log Groups have a retention policy of specific days.", + "Description": "Log Group /aws/lambda/load-wikipedia has less than 365 days retention period (0 days).", + "Resources": [ + { + "Type": "AwsLogsLogGroup", + "Id": "arn:aws:logs:eu-west-1:123456789012:log-group:/aws/lambda/load-wikipedia:*", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_11 si_12", + "SOC2 cc_7_2 cc_7_3", + "ENS-RD2022 op.exp.8.r3.aws.cw.1", + "FedRAMP-Low-Revision-4 au-11", + "GxP-21-CFR-Part-11 11.10-c 11.10-e", + "HIPAA 164_312_b", + "FFIEC d2-ma-ma-b-1", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-6-1-3 au-11 si-12", + "NIST-800-53-Revision-5 ac_16_b au_6_3 au_6_4 au_6_6 au_6_9 au_1", + "NIST-800-171-Revision-2 3_3_1 3_6_1 3_6_2" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", + "Url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.9", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "CIS-1.4 4.9", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.5", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.8.aws.ct.2 op.exp.8.r1.aws.ct.2", + "CISA your-data-2", + "CIS-1.4 4.5", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_authentication_failures-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_authentication_failures", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.6", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.8.aws.ct.5", + "CIS-1.4 4.6", + "HIPAA 164_308_a_5_ii_c 164_308_a_6_i 164_308_a_6_ii", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_aws_organizations_changes-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_aws_organizations_changes", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.15", + "CIS-1.4 4.15" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.7", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.10.aws.cmk.4 op.exp.10.aws.cmk.5", + "CIS-1.4 4.7", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.8", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "CIS-1.4 4.8", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_policy_changes-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_policy_changes", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for IAM policy changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.4", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.8.aws.ct.5", + "CIS-1.4 4.4", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_root_usage-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_root_usage", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for usage of root account.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.3", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "PCI-3.2.1 cw", + "ENS-RD2022 op.exp.8.aws.ct.5 op.exp.8.aws.cw.1", + "CIS-1.4 4.3", + "HIPAA 164_308_a_6_i 164_308_a_6_ii", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_security_group_changes-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_security_group_changes", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for security group changes.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.10", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "CIS-1.4 4.10", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_sign_in_without_mfa-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_sign_in_without_mfa", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.2", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.8.aws.ct.5", + "CIS-1.4 4.2", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-cloudwatch_log_metric_filter_unauthorized_api_calls-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-cloudwatch_log_metric_filter_unauthorized_api_calls", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", + "Description": "No CloudWatch log groups found with metric filters or alarms associated.", + "Resources": [ + { + "Type": "AwsCloudTrailTrail", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 4.1", + "NIST-CSF-1.1 cm_2 ra_5 sc_4", + "ENS-RD2022 op.exp.8.aws.ct.5", + "CIS-1.4 4.1", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.", + "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-config_recorder_all_regions_enabled-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-config_recorder_all_regions_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure AWS Config is enabled in all regions.", + "Description": "AWS Config recorder 123456789012 is disabled.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 3.5", + "SOC2 cc_2_1 cc_3_1 cc_3_4 cc_8_1", + "NIST-CSF-1.1 cm_2 am_1 ra_5 sc_4 ip_12", + "PCI-3.2.1 config", + "ENS-RD2022 op.exp.1.aws.cfg.1 op.exp.3.aws.cfg.1 op.exp.3.r3.aw", + "CIS-1.4 3.5", + "HIPAA 164_308_a_1_ii_a", + "GDPR article_25 article_30", + "GxP-EU-Annex-11 10-change-and-configuration-management 4.5-vali", + "AWS-Foundational-Security-Best-Practices config" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-northeast-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-northeast-2-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-northeast-3-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-south-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-southeast-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ap-southeast-2-d9e11455e", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-ca-central-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-eu-central-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-eu-north-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-eu-west-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-eu-west-2-d9e11455e", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-eu-west-3-d9e11455e", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-sa-east-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-us-east-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-us-east-2-d9e11455e", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-us-west-1-d9e11455e", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_ebs_default_encryption-123456789012-us-west-2-d9e11455e", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "EBS Default Encryption" + }, + "GeneratorId": "prowler-ec2_ebs_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if EBS Default Encryption is activated.", + "Description": "EBS Default Encryption is not activated.", + "Resources": [ + { + "Type": "Other", + "Id": "EBS Default Encryption", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "AWS-Audit-Manager-Control-Tower-Guardrails 1.0.3", + "GxP-21-CFR-Part-11 11.10-g 11.30", + "CISA your-systems-3 your-data-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices ec2", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d sc_8_3 sc_8_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-northeast-1-13939c04e", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-c777e5a1 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-northeast-2-bf2e16da1", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-75e1951e has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-northeast-3-15a1c258a", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-bb1b62d2 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-south-1-088746f76", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-a676adcd has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-southeast-1-aef041b9f", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-8787e0e1 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ap-southeast-2-a39628a8a", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-4e4dc228 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-ca-central-1-eb6bedd8d", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-63e1ed0b has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-eu-central-1-a8d6e9d2c", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-6ebcec04 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-eu-north-1-4dc22e746", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-dfb10ab6 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-eu-west-1-9591d0c25", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-ed4be494 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-eu-west-2-f9bc618c1", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-003d0768 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-eu-west-3-b42efdf19", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-c74e7dae has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-sa-east-1-f3db97735", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-43816e25 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-us-east-1-9d0c2946c", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-f1a6ae8c has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-us-east-2-dae169bb9", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-b06507db has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-us-west-1-39fa535c4", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-14a0c772 has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_any_port-123456789012-us-west-2-30cbd3687", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", + "Description": "Network ACL acl-f76adc8c has every port open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 cm_2 sc_7_3 sc_7", + "CIS-1.5 5.1", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 pt_4", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-data-2", + "CIS-1.4 5.1", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_1_3 annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_1 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-northeast-1-13939c04e", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-c777e5a1 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-northeast-2-bf2e16da1", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-75e1951e has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-northeast-3-15a1c258a", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-bb1b62d2 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-south-1-088746f76", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-a676adcd has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-southeast-1-aef041b9f", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-8787e0e1 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ap-southeast-2-a39628a8a", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-4e4dc228 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-ca-central-1-eb6bedd8d", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-63e1ed0b has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-eu-central-1-a8d6e9d2c", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-6ebcec04 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-eu-north-1-4dc22e746", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-dfb10ab6 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-eu-west-1-9591d0c25", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-ed4be494 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-eu-west-2-f9bc618c1", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-003d0768 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-eu-west-3-b42efdf19", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-c74e7dae has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-sa-east-1-f3db97735", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-43816e25 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-us-east-1-9d0c2946c", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-f1a6ae8c has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-us-east-2-dae169bb9", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-b06507db has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-us-west-1-39fa535c4", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-14a0c772 has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_22-123456789012-us-west-2-30cbd3687", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", + "Description": "Network ACL acl-f76adc8c has SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-northeast-1-13939c04e", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-c777e5a1 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:network-acl/acl-c777e5a1", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-northeast-2-bf2e16da1", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-75e1951e has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:network-acl/acl-75e1951e", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-northeast-3-15a1c258a", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-bb1b62d2 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:network-acl/acl-bb1b62d2", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-south-1-088746f76", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-a676adcd has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-south-1:123456789012:network-acl/acl-a676adcd", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-southeast-1-aef041b9f", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-8787e0e1 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:network-acl/acl-8787e0e1", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ap-southeast-2-a39628a8a", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-4e4dc228 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:network-acl/acl-4e4dc228", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-ca-central-1-eb6bedd8d", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-63e1ed0b has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:ca-central-1:123456789012:network-acl/acl-63e1ed0b", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-eu-central-1-a8d6e9d2c", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-6ebcec04 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-central-1:123456789012:network-acl/acl-6ebcec04", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-eu-north-1-4dc22e746", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-dfb10ab6 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-north-1:123456789012:network-acl/acl-dfb10ab6", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-eu-west-1-9591d0c25", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-ed4be494 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-1:123456789012:network-acl/acl-ed4be494", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-eu-west-2-f9bc618c1", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-003d0768 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-2:123456789012:network-acl/acl-003d0768", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-eu-west-3-b42efdf19", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-c74e7dae has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:eu-west-3:123456789012:network-acl/acl-c74e7dae", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-sa-east-1-f3db97735", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-43816e25 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:sa-east-1:123456789012:network-acl/acl-43816e25", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-us-east-1-9d0c2946c", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-f1a6ae8c has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-f1a6ae8c", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-us-east-2-dae169bb9", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-b06507db has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-east-2:123456789012:network-acl/acl-b06507db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-us-west-1-39fa535c4", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-14a0c772 has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-1:123456789012:network-acl/acl-14a0c772", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389-123456789012-us-west-2-30cbd3687", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c" + }, + "GeneratorId": "prowler-ec2_networkacl_allow_ingress_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", + "Description": "Network ACL acl-f76adc8c has Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2NetworkAcl", + "Id": "arn:aws:ec2:us-west-2:123456789012:network-acl/acl-f76adc8c", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 5.1", + "CIS-1.4 5.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-6569b32b) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-854e9bfe) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-9be71df6) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-3e983346) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-71eb4839) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-8a48ccc0) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-62215504) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-c1194bbf) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-09c1e96a) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-186a6a69) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-223b755a) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-4cc9d827) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-3965844c) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-4574a94e) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-a81474db) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-778f4e3e) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_any_port", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", + "Description": "Security group default (sg-a9b5628e) has not all ports open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-6569b32b) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-854e9bfe) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-9be71df6) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-3e983346) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-71eb4839) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-8a48ccc0) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-62215504) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-c1194bbf) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-09c1e96a) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-186a6a69) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-223b755a) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-4cc9d827) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-3965844c) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-4574a94e) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-a81474db) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-778f4e3e) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", + "Description": "Security group default (sg-a9b5628e) has not MongoDB ports 27017 and 27018 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-6569b32b) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-854e9bfe) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-9be71df6) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-3e983346) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-71eb4839) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-8a48ccc0) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-62215504) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-c1194bbf) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-09c1e96a) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-186a6a69) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-223b755a) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-4cc9d827) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-3965844c) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-4574a94e) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-a81474db) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-778f4e3e) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", + "Description": "Security group default (sg-a9b5628e) has not FTP ports 20 and 21 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-6569b32b) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-854e9bfe) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-9be71df6) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-3e983346) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-71eb4839) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-8a48ccc0) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-62215504) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-c1194bbf) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-09c1e96a) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-186a6a69) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-223b755a) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-4cc9d827) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-3965844c) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-4574a94e) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-a81474db) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-778f4e3e) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", + "Description": "Security group default (sg-a9b5628e) has not SSH port 22 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.2 5.3", + "SOC2 cc_7_2", + "NIST-CSF-1.1 ae_1 ac_3 ac_5 ds_7 pt_4", + "PCI-3.2.1 ec2", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.2", + "HIPAA 164_308_a_1_ii_b 164_312_e_1", + "FFIEC d3-pc-am-b-10 d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c", + "RBI-Cyber-Security-Framework annex_i_5_1 annex_i_7_3", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 cm-2 sc-4 sc-7-3 sc-7", + "NIST-800-53-Revision-5 ac_17_b ac_17_1 ac_17_9 ac_17_10 cm_9_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_7 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-6569b32b) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-854e9bfe) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-9be71df6) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-3e983346) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-71eb4839) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-8a48ccc0) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-62215504) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-c1194bbf) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-09c1e96a) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-186a6a69) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-223b755a) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-4cc9d827) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-3965844c) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-4574a94e) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-a81474db) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-778f4e3e) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", + "Description": "Security group default (sg-a9b5628e) has not Microsoft RDP port 3389 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 5.2 5.3", + "PCI-3.2.1 ec2", + "AWS-Audit-Manager-Control-Tower-Guardrails 2.0.1", + "CIS-1.4 5.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-6569b32b) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-854e9bfe) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-9be71df6) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-3e983346) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-71eb4839) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-8a48ccc0) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-62215504) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-c1194bbf) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-09c1e96a) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-186a6a69) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-223b755a) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-4cc9d827) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-3965844c) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-4574a94e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-a81474db) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-778f4e3e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", + "Description": "Security group default (sg-a9b5628e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-6569b32b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-854e9bfe) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-9be71df6) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-3e983346) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-71eb4839) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-8a48ccc0) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-62215504) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-c1194bbf) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-09c1e96a) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-186a6a69) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-223b755a) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-4cc9d827) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-3965844c) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-4574a94e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-a81474db) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-778f4e3e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", + "Description": "Security group default (sg-a9b5628e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-6569b32b) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-854e9bfe) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-9be71df6) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-3e983346) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-71eb4839) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-8a48ccc0) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-62215504) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-c1194bbf) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-09c1e96a) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-186a6a69) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-223b755a) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-4cc9d827) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-3965844c) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-4574a94e) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-a81474db) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-778f4e3e) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", + "Description": "Security group default (sg-a9b5628e) has not Kafka port 9092 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-6569b32b) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-854e9bfe) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-9be71df6) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-3e983346) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-71eb4839) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-8a48ccc0) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-62215504) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-c1194bbf) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-09c1e96a) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-186a6a69) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-223b755a) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-4cc9d827) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-3965844c) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-4574a94e) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-a81474db) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-778f4e3e) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", + "Description": "Security group default (sg-a9b5628e) has not Memcached port 11211 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-6569b32b) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-854e9bfe) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-9be71df6) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-3e983346) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-71eb4839) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-8a48ccc0) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-62215504) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-c1194bbf) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-09c1e96a) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-186a6a69) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-223b755a) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-4cc9d827) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-3965844c) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-4574a94e) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-a81474db) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-778f4e3e) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", + "Description": "Security group default (sg-a9b5628e) has not MySQL port 3306 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-6569b32b) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-854e9bfe) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-9be71df6) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-3e983346) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-71eb4839) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-8a48ccc0) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-62215504) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-c1194bbf) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-09c1e96a) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-186a6a69) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-223b755a) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-4cc9d827) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-3965844c) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-4574a94e) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-a81474db) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-778f4e3e) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", + "Description": "Security group default (sg-a9b5628e) has not Oracle ports 1521 and 2483 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-6569b32b) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-854e9bfe) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-9be71df6) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-3e983346) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-71eb4839) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-8a48ccc0) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-62215504) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-c1194bbf) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-09c1e96a) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-186a6a69) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-223b755a) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-4cc9d827) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-3965844c) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-4574a94e) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-a81474db) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-778f4e3e) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", + "Description": "Security group default (sg-a9b5628e) has not Postgres port 5432 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-6569b32b) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-854e9bfe) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-9be71df6) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-3e983346) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-71eb4839) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-8a48ccc0) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-62215504) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-c1194bbf) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-09c1e96a) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-186a6a69) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-223b755a) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-4cc9d827) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-3965844c) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-4574a94e) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-a81474db) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-778f4e3e) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", + "Description": "Security group default (sg-a9b5628e) has not Redis port 6379 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-6569b32b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-854e9bfe) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-9be71df6) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-3e983346) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-71eb4839) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-8a48ccc0) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-62215504) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-c1194bbf) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-09c1e96a) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-186a6a69) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-223b755a) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-4cc9d827) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-3965844c) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-4574a94e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-a81474db) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-778f4e3e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", + "Description": "Security group default (sg-a9b5628e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-6569b32b) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-854e9bfe) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-9be71df6) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-3e983346) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-71eb4839) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-8a48ccc0) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-62215504) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-c1194bbf) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-09c1e96a) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-186a6a69) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-223b755a) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-4cc9d827) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-3965844c) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-4574a94e) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-a81474db) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-778f4e3e) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", + "Description": "Security group default (sg-a9b5628e) has not Telnet port 23 open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-6569b32b) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-854e9bfe) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-9be71df6) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-3e983346) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-71eb4839) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-8a48ccc0) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-62215504) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-c1194bbf) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-09c1e96a) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-186a6a69) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-223b755a) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-4cc9d827) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-3965844c) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-4574a94e) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-a81474db) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-778f4e3e) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_allow_wide_open_public_ipv4", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.", + "Description": "Security group default (sg-a9b5628e) has no potential wide-open non-RFC1918 address.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-6569b32b) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-854e9bfe) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-9be71df6) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-3e983346) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-71eb4839) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-8a48ccc0) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-62215504) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-c1194bbf) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-09c1e96a) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-186a6a69) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-223b755a) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-4cc9d827) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-3965844c) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-4574a94e) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-a81474db) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-778f4e3e) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_default_restrict_traffic-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_default_restrict_traffic", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure the default security group of every VPC restricts all traffic.", + "Description": "Default Security Group (sg-a9b5628e) is not open to the Internet.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_4 sc_7_3 sc_7", + "CIS-1.5 5.4", + "NIST-CSF-1.1 ae_1 ac_3 ac_5", + "PCI-3.2.1 ec2", + "ENS-RD2022 mp.com.1.aws.sg.1", + "FedRAMP-Low-Revision-4 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "CIS-1.4 5.3", + "FFIEC d3-pc-im-b-1 d3-pc-im-b-2 d3-pc-im-b-6 d4-c-co-b-2", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_5_1", + "FedRamp-Moderate-Revision-4 ac-4 ac-17-1 ac-21-b cm-2 sc-4 sc-7", + "NIST-800-53-Revision-5 ac_4_21 ac_17_b ac_17_1 ac_17_4_a ac_17_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_4_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-6569b32b) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-854e9bfe) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-9be71df6) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-3e983346) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-71eb4839) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-8a48ccc0) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-62215504) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-c1194bbf) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-09c1e96a) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-186a6a69) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-223b755a) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-4cc9d827) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) was created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-3965844c) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-4574a94e) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-a81474db) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-778f4e3e) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_from_launch_wizard-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_from_launch_wizard", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Security Groups created by EC2 Launch Wizard.", + "Description": "Security group default (sg-a9b5628e) was not created using the EC2 Launch Wizard.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", + "Url": "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-6569b32b) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-854e9bfe) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-9be71df6) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-3e983346) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-71eb4839) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-8a48ccc0) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-62215504) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-c1194bbf) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-09c1e96a) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has no ingress filtering and it is not being used.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-186a6a69) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-223b755a) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-4cc9d827) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has no ingress filtering and it is not being used.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-3965844c) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-4574a94e) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-a81474db) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-778f4e3e) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_in_use_without_ingress_filtering-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_in_use_without_ingress_filtering", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure there are no Security Groups without ingress filtering being used.", + "Description": "Security group default (sg-a9b5628e) has ingress filtering.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_not_used-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_not_used", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Ensure there are no Security Groups not being used.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) it is not being used.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.3", + "AWS-Foundational-Security-Best-Practices ec2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "List all the security groups and then use the cli to check if they are attached to an instance.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_not_used-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_not_used", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Ensure there are no Security Groups not being used.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) it is not being used.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.3", + "AWS-Foundational-Security-Best-Practices ec2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "List all the security groups and then use the cli to check if they are attached to an instance.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_not_used-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_not_used", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Ensure there are no Security Groups not being used.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) it is not being used.", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 mp.com.1.aws.sg.3", + "AWS-Foundational-Security-Best-Practices ec2" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "List all the security groups and then use the cli to check if they are attached to an instance.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-northeast-1-905428f2d", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-6569b32b) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-1:123456789012:security-group/sg-6569b32b", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-northeast-2-85351e20f", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-854e9bfe) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-2:123456789012:security-group/sg-854e9bfe", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-northeast-3-65ca6f74e", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-9be71df6) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-northeast-3:123456789012:security-group/sg-9be71df6", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-south-1-59d862784", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-3e983346) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-south-1:123456789012:security-group/sg-3e983346", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-southeast-1-f47f54c7b", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-71eb4839) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-1:123456789012:security-group/sg-71eb4839", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ap-southeast-2-532f67c08", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-8a48ccc0) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ap-southeast-2:123456789012:security-group/sg-8a48ccc0", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-ca-central-1-2fe9fd37b", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-62215504) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:ca-central-1:123456789012:security-group/sg-62215504", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-central-1-688f2bc04", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-c1194bbf) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-central-1:123456789012:security-group/sg-c1194bbf", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-north-1-7a0746f8f", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-09c1e96a) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-north-1:123456789012:security-group/sg-09c1e96a", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-1-14e8860bc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group ElasticMapReduce-master (sg-0c59ae38c42100171) has 4 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-0c59ae38c42100171", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-1-643d91254", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-186a6a69) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-186a6a69", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-1-f3e3a5dcc", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group ElasticMapReduce-slave (sg-02063087593480392) has 3 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-1:123456789012:security-group/sg-02063087593480392", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-2-091ab1796", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-223b755a) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-2:123456789012:security-group/sg-223b755a", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-3-9abab3fae", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-4cc9d827) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-4cc9d827", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-eu-west-3-59d43717c", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group launch-wizard-1 (sg-000c4c21c24f75b85) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:eu-west-3:123456789012:security-group/sg-000c4c21c24f75b85", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-sa-east-1-49c27aa6d", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-3965844c) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:sa-east-1:123456789012:security-group/sg-3965844c", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-us-east-1-346cee1a8", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-4574a94e) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-4574a94e", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-us-east-2-c4a5abfac", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-a81474db) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-east-2:123456789012:security-group/sg-a81474db", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-us-west-1-3915bbc2d", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-778f4e3e) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-1:123456789012:security-group/sg-778f4e3e", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-ec2_securitygroup_with_many_ingress_egress_rules-123456789012-us-west-2-03e52d447", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e" + }, + "GeneratorId": "prowler-ec2_securitygroup_with_many_ingress_egress_rules", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Find security groups with more than 50 ingress or egress rules.", + "Description": "Security group default (sg-a9b5628e) has 1 inbound rules and 1 outbound rules", + "Resources": [ + { + "Type": "AwsEc2SecurityGroup", + "Id": "arn:aws:ec2:us-west-2:123456789012:security-group/sg-a9b5628e", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", + "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-emr_cluster_account_public_block_enabled-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-emr_cluster_account_public_block_enabled", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "EMR Account Public Access Block enabled.", + "Description": "EMR Account has Block Public Access enabled", + "Resources": [ + { + "Type": "AwsEMR", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable EMR Account Public Access Block.", + "Url": "https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_connection_passwords_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have encrypt connection password enabled.", + "Description": "Glue data catalog connection password is not encrypted.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "On the AWS Glue console; you can enable this option on the Data catalog settings page.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-northeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-northeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-northeast-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-south-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-southeast-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ap-southeast-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-ca-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-eu-central-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-eu-north-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-eu-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-eu-west-3-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-sa-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-us-east-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-us-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-glue_data_catalogs_metadata_encryption_enabled-123456789012-us-west-2-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-glue_data_catalogs_metadata_encryption_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Glue data catalog settings have metadata encryption enabled.", + "Description": "Glue data catalog settings have metadata encryption disabled.", + "Resources": [ + { + "Type": "AwsGlue", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.", + "Url": "https://docs.aws.amazon.com/glue/latest/dg/encrypt-glue-data-catalog.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_administrator_access_with_mfa-123456789012-eu-west-1-4f0e631f9", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:group/devs" + }, + "GeneratorId": "prowler-iam_administrator_access_with_mfa", + "AwsAccountId": "123456789012", + "Types": [ + "Infrastructure Security" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled", + "Description": "Group devs has no policies.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:group/devs", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.6.r2.aws.iam.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure this repository and its contents should be publicly accessible.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_avoid_root_usage-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_avoid_root_usage", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Avoid the use of the root accounts", + "Description": "Root user in the account wasn't accessed in the last 1 days.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.7", + "ENS-RD2022 op.acc.2.aws.iam.4 op.acc.4.aws.iam.7", + "CIS-1.4 1.7" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", + "Url": "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_30_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_30_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 30 days or greater are disabled", + "Description": "User dams does not have a console password or is unused.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.6.r7.aws.iam.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_30_days_credentials-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_disable_30_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 30 days or greater are disabled", + "Description": "User has not used access key 1 in the last 30 days (532 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.6.r7.aws.iam.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_30_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_30_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 30 days or greater are disabled", + "Description": "User dams has not used access key 2 in the last 30 days (729 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.6.r7.aws.iam.1" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_45_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_45_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 45 days or greater are disabled", + "Description": "User dams does not have a console password or is unused.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.12", + "CIS-1.4 1.12" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_45_days_credentials-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_disable_45_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 45 days or greater are disabled", + "Description": "User has not used access key 1 in the last 45 days (532 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.12", + "CIS-1.4 1.12" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_45_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_45_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 45 days or greater are disabled", + "Description": "User dams has not used access key 2 in the last 45 days (729 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.12", + "CIS-1.4 1.12" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_90_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_90_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 90 days or greater are disabled", + "Description": "User dams does not have a console password or is unused.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_3 ac_2 ac_3 ac_6", + "SOC2 cc_1_3", + "NIST-CSF-1.1 ac_1 ac_4", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.aws.iam.2 op.acc.6.aws.iam.3 op.acc.6.r7.aw", + "FedRAMP-Low-Revision-4 ac-2 ac-3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.300-b", + "CISA your-systems-3", + "HIPAA 164_308_a_3_ii_b 164_308_a_4_ii_c 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-2-3 ac-3 ac", + "NIST-800-53-Revision-5 ac_2_1 ac_2_3_a ac_2_3_b ac_2_3_c ac_2_3", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_4 3_1_5 3_5_6 3_5_7 3_5" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_90_days_credentials-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_disable_90_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 90 days or greater are disabled", + "Description": "User has not used access key 1 in the last 90 days (532 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_3 ac_2 ac_3 ac_6", + "SOC2 cc_1_3", + "NIST-CSF-1.1 ac_1 ac_4", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.aws.iam.2 op.acc.6.aws.iam.3 op.acc.6.r7.aw", + "FedRAMP-Low-Revision-4 ac-2 ac-3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.300-b", + "CISA your-systems-3", + "HIPAA 164_308_a_3_ii_b 164_308_a_4_ii_c 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-2-3 ac-3 ac", + "NIST-800-53-Revision-5 ac_2_1 ac_2_3_a ac_2_3_b ac_2_3_c ac_2_3", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_4 3_1_5 3_5_6 3_5_7 3_5" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_disable_90_days_credentials-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_disable_90_days_credentials", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure credentials unused for 90 days or greater are disabled", + "Description": "User dams has not used access key 2 in the last 90 days (729 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_3 ac_2 ac_3 ac_6", + "SOC2 cc_1_3", + "NIST-CSF-1.1 ac_1 ac_4", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.aws.iam.2 op.acc.6.aws.iam.3 op.acc.6.r7.aw", + "FedRAMP-Low-Revision-4 ac-2 ac-3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.300-b", + "CISA your-systems-3", + "HIPAA 164_308_a_3_ii_b 164_308_a_4_ii_c 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-2-3 ac-3 ac", + "NIST-800-53-Revision-5 ac_2_1 ac_2_3_a ac_2_3_b ac_2_3_c ac_2_3", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_4 3_1_5 3_5_6 3_5_7 3_5" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_no_custom_policy_permissive_role_assumption-123456789012-eu-west-1-6d86e8ff6", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85" + }, + "GeneratorId": "prowler-iam_no_custom_policy_permissive_role_assumption", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)", + "Description": "Custom Policy AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85 does not allow permissive STS Role assumption", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.4.aws.iam.1 op.acc.4.aws.iam.2 op.exp.8.r4.aw", + "CISA your-systems-3 your-surroundings-3" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CISA" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the least privilege principle when granting permissions.", + "Url": "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_no_root_access_key-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_no_root_access_key", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure no root account access key exists", + "Description": "User has one active access key.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 ac_3 ac_6_10 ac_6", + "CIS-1.5 1.4", + "NIST-CSF-1.1 ac_1 ac_4 pt_3", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.4.aws.iam.7", + "FedRAMP-Low-Revision-4 ac-2 ac-3 ia-2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200", + "CISA your-systems-3 your-surroundings-3", + "CIS-1.4 1.4", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_308_a_3_ii_b 164_308_a", + "GDPR article_25", + "FFIEC d3-pc-am-b-1 d3-pc-am-b-3 d3-pc-am-b-8", + "AWS-Foundational-Security-Best-Practices iam", + "RBI-Cyber-Security-Framework annex_i_7_1", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-3 ac-5-c ac", + "NIST-800-53-Revision-5 ac_2_1 ac_2_6 ac_3_3 ac_3_3_a ac_3_3_b_1", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_4 3_1_5 3_1_6 3_1_7 3_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the credential report to that the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_expires_passwords_within_90_days_or_less-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_expires_passwords_within_90_days_or_less", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy expires passwords within 90 days or less", + "Description": "Password expiration is not set.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.6.aws.iam.3", + "NIST-800-171-Revision-2 3_5_5 3_5_6 3_5_7 3_5_8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure Password expiration period (in days): is set to 90 or less.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_lowercase-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_lowercase", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy require at least one lowercase letter", + "Description": "IAM password policy does not require at least one lowercase letter.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3 your-surroundings-4", + "HIPAA 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6 d3-pc-am-b-7", + "NIST-800-171-Revision-2 3_5_7" + ], + "AssociatedStandards": [ + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_minimum_length_14-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_minimum_length_14", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy requires minimum length of 14 or greater", + "Description": "IAM password policy does not require minimum length of 14 characters.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.8", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "FedRAMP-Low-Revision-4 ac-2 ia-2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3 your-surroundings-4", + "CIS-1.4 1.8", + "HIPAA 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6 d3-pc-am-b-7", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-2-3 ac-5-c ", + "NIST-800-53-Revision-5 ac_2_1 ac_2_3_a ac_2_3_b ac_2_3_c ac_2_3", + "NIST-800-171-Revision-2 3_5_7" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_number-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_number", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy require at least one number", + "Description": "IAM password policy does not require at least one number.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3 your-surroundings-4", + "HIPAA 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6 d3-pc-am-b-7", + "NIST-800-171-Revision-2 3_5_7" + ], + "AssociatedStandards": [ + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_reuse_24-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_reuse_24", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy prevents password reuse: 24 or greater", + "Description": "IAM password policy reuse prevention is less than 24 or not set.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2 ia_2 ia_5_1 ia_5_4", + "CIS-1.5 1.9", + "NIST-CSF-1.1 ac_1", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "CIS-1.4 1.9", + "HIPAA 164_308_a_4_ii_c 164_308_a_5_ii_d 164_312_d", + "GDPR article_25", + "RBI-Cyber-Security-Framework annex_i_7_2", + "NIST-800-171-Revision-2 3_5_5 3_5_6 3_5_7 3_5_8" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Number of passwords to remember\" is set to 24.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_symbol-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_symbol", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy require at least one symbol", + "Description": "IAM password policy does not require at least one symbol.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3 your-surroundings-4", + "HIPAA 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6 d3-pc-am-b-7", + "NIST-800-171-Revision-2 3_5_7" + ], + "AssociatedStandards": [ + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_password_policy_uppercase-123456789012-eu-west-1-2056ecfdb", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "password_policy" + }, + "GeneratorId": "prowler-iam_password_policy_uppercase", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM password policy requires at least one uppercase letter", + "Description": "IAM password policy does not require at least one uppercase letter.", + "Resources": [ + { + "Type": "AwsIamPasswordPolicy", + "Id": "password_policy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r1.aws.iam.1", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3 your-surroundings-4", + "HIPAA 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6 d3-pc-am-b-7", + "NIST-800-171-Revision-2 3_5_7" + ], + "AssociatedStandards": [ + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_policy_allows_privilege_escalation-123456789012-eu-west-1-6d86e8ff6", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85" + }, + "GeneratorId": "prowler-iam_policy_allows_privilege_escalation", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation", + "Description": "Customer Managed IAM Policy arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85 not allows for privilege escalation", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "ENS-RD2022 op.acc.4.aws.iam.1 op.acc.4.aws.iam.2 op.exp.8.r4.aw" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Grant usage permission on a per-resource basis and applying least privilege principle.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_policy_attached_only_to_group_or_roles-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_policy_attached_only_to_group_or_roles", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Ensure IAM policies are attached only to groups or roles", + "Description": "User dams has no inline or attached policies", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_6", + "CIS-1.5 1.15", + "SOC2 cc_1_3", + "ENS-RD2022 op.exp.8.r4.aws.ct.8", + "FedRAMP-Low-Revision-4 ac-2 ac-3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CIS-1.4 1.15", + "FFIEC d3-pc-am-b-1 d3-pc-im-b-7", + "RBI-Cyber-Security-Framework annex_i_7_1", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-3 ac-5-c sc", + "NIST-800-53-Revision-5 ac_2_1 ac_2_6 ac_2_i_2 ac_3 ac_3_3 ac_3_", + "NIST-800-171-Revision-2 3_4_6" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Remove any policy attached directly to the user. Use groups or roles instead.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_policy_no_administrative_privileges-123456789012-eu-west-1-6d86e8ff6", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85" + }, + "GeneratorId": "prowler-iam_policy_no_administrative_privileges", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure IAM policies that allow full \"*:*\" administrative privileges are not created", + "Description": "Policy AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85 does not allow '*:*' administrative privileges", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:policy/service-role/AWSLambdaBasicExecutionRole-676647ec-377e-496c-8355-37f23bf12c85", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 ac_3 ac_5 ac_6 sc_2", + "CIS-1.5 1.16", + "SOC2 cc_1_3 cc_6_3", + "NIST-CSF-1.1 ac_1 ac_4 pt_3", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.4.aws.iam.1 op.acc.4.aws.iam.2 op.acc.4.aws.i", + "FedRAMP-Low-Revision-4 ac-2 ac-3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-surroundings-3", + "CIS-1.4 1.16", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_308_a_3_ii_b 164_308_a", + "GDPR article_25", + "FFIEC d3-pc-am-b-1 d3-pc-am-b-16 d3-pc-am-b-2 d3-pc-am-b-3 d3-p", + "AWS-Foundational-Security-Best-Practices iam", + "RBI-Cyber-Security-Framework annex_i_7_1", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ac-3 ac-5-c ac", + "NIST-800-53-Revision-5 ac_2_1 ac_2_6 ac_2_i_2 ac_3 ac_3_3 ac_3_", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_4 3_1_5 3_1_6 3_1_7 3_4" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", + "Url": "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-64b147792", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role AWSServiceRoleForAccessAnalyzer prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-301403415", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role AWSServiceRoleForEMRCleanup prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-9dbc4725d", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role AWSServiceRoleForSecurityHub prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-29fabc0b5", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role AWSServiceRoleForSupport prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-e64bb8279", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role AWSServiceRoleForTrustedAdvisor prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-cd6a32eab", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/EMR_AutoScaling_DefaultRole" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role EMR_AutoScaling_DefaultRole prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/EMR_AutoScaling_DefaultRole", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-eab3cc645", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/EMR_DefaultRole" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role EMR_DefaultRole prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/EMR_DefaultRole", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-05ac0c1d5", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role EMR_EC2_DefaultRole prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_role_cross_service_confused_deputy_prevention-123456789012-eu-west-1-5e1327f66", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:role/service-role/load-wikipedia" + }, + "GeneratorId": "prowler-iam_role_cross_service_confused_deputy_prevention", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", + "Description": "IAM Service Role load-wikipedia prevents against a cross-service confused deputy attack", + "Resources": [ + { + "Type": "AwsIamPolicy", + "Id": "arn:aws:iam::123456789012:role/service-role/load-wikipedia", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "ENS-RD2022 op.exp.8.r4.aws.ct.8" + ], + "AssociatedStandards": [ + { + "StandardsId": "ENS-RD2022" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_root_hardware_mfa_enabled-123456789012-eu-west-1-99adc231b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_root_hardware_mfa_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure only hardware MFA is enabled for the root account", + "Description": "MFA is not enabled for root account.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ia_2_1 ia_2_11", + "CIS-1.5 1.6", + "NIST-CSF-1.1 ac_3 ac_7", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r4.aws.iam.1", + "FedRAMP-Low-Revision-4 ac-2 ia-2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200", + "CISA your-systems-3 your-surroundings-2", + "CIS-1.4 1.6", + "HIPAA 164_308_a_3_ii_a 164_312_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-15 d3-pc-am-b-3 d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ia-2-1-2 ia-2-1", + "NIST-800-53-Revision-5 ac_2_1 ac_3_2 ac_3_3 ac_3_3_a ac_3_3_b_1", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_5_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_root_mfa_enabled-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_root_mfa_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure MFA is enabled for the root account", + "Description": "MFA is not enabled for root account.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 ia_2_1 ia_2_11", + "CIS-1.5 1.5", + "NIST-CSF-1.1 ac_3 ac_7", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r2.aws.iam.1", + "FedRAMP-Low-Revision-4 ac-2 ia-2", + "AWS-Audit-Manager-Control-Tower-Guardrails 3.0.3", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200", + "CISA your-systems-3 your-surroundings-2 booting-up-thing-to-do-", + "CIS-1.4 1.5", + "HIPAA 164_308_a_3_ii_a 164_312_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-15 d3-pc-am-b-3 d3-pc-am-b-6", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ia-2-1-2 ia-2-1", + "NIST-800-53-Revision-5 ac_2_1 ac_3_2 ac_3_3 ac_3_3_a ac_3_3_b_1", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_5_2 3_5_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_rotate_access_key_90_days-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_rotate_access_key_90_days", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure access keys are rotated every 90 days or less", + "Description": "User has not rotated access key 1 in over 90 days (729 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2", + "CIS-1.5 1.14", + "NIST-CSF-1.1 ac_1", + "ENS-RD2022 op.acc.6.aws.iam.2 op.acc.6.aws.iam.3", + "FedRAMP-Low-Revision-4 ac-2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3", + "CIS-1.4 1.14", + "HIPAA 164_308_a_3_ii_c 164_308_a_4_ii_c 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j", + "NIST-800-53-Revision-5 ac_2_1 ac_3_3 ac_3_3_a ac_3_3_b_1 ac_3_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_rotate_access_key_90_days-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_rotate_access_key_90_days", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure access keys are rotated every 90 days or less", + "Description": "User dams has not rotated access key 2 in over 90 days (1512 days).", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2", + "CIS-1.5 1.14", + "NIST-CSF-1.1 ac_1", + "ENS-RD2022 op.acc.6.aws.iam.2 op.acc.6.aws.iam.3", + "FedRAMP-Low-Revision-4 ac-2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200 11.300-b", + "CISA your-systems-3", + "CIS-1.4 1.14", + "HIPAA 164_308_a_3_ii_c 164_308_a_4_ii_c 164_308_a_5_ii_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j", + "NIST-800-53-Revision-5 ac_2_1 ac_3_3 ac_3_3_a ac_3_3_b_1 ac_3_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_support_role_created-123456789012-eu-west-1-8974ad496", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" + }, + "GeneratorId": "prowler-iam_support_role_created", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure a support role has been created to manage incidents with AWS Support", + "Description": "Support policy attached to role AWSServiceRoleForSupport", + "Resources": [ + { + "Type": "AwsIamRole", + "Id": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.17", + "ENS-RD2022 op.acc.3.r1.aws.iam.1", + "CIS-1.4 1.17", + "GDPR article_25" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "GDPR" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Create an IAM role for managing incidents with AWS.", + "Url": "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_hardware_mfa_enabled-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_user_hardware_mfa_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if IAM users have Hardware MFA enabled.", + "Description": "User dams does not have any type of MFA enabled.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "FedRAMP-Low-Revision-4 ac-2", + "CISA booting-up-thing-to-do-first-2" + ], + "AssociatedStandards": [ + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "CISA" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_mfa_enabled_console_access-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_user_mfa_enabled_console_access", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", + "Description": "User does not have Console Password enabled.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ia_2_1 ia_2_2 ia_2_11", + "CIS-1.5 1.10", + "NIST-CSF-1.1 ac_3 ac_7", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r2.aws.iam.1 op.acc.6.r4.aws.iam.1 op.acc.6", + "FedRAMP-Low-Revision-4 ac-2 ia-2", + "AWS-Audit-Manager-Control-Tower-Guardrails 3.0.1 3.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200", + "CISA your-systems-3 your-surroundings-2 booting-up-thing-to-do-", + "CIS-1.4 1.10", + "HIPAA 164_308_a_3_ii_a 164_312_a_1 164_312_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-15 d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ia-2-1-2 ia-2-1", + "NIST-800-53-Revision-5 ac_2_1 ac_3_2 ac_3_3 ac_3_3_a ac_3_3_b_1", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_14 3_5_2 3_5_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_mfa_enabled_console_access-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_user_mfa_enabled_console_access", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", + "Description": "User dams does not have Console Password enabled.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ia_2_1 ia_2_2 ia_2_11", + "CIS-1.5 1.10", + "NIST-CSF-1.1 ac_3 ac_7", + "PCI-3.2.1 iam", + "ENS-RD2022 op.acc.6.r2.aws.iam.1 op.acc.6.r4.aws.iam.1 op.acc.6", + "FedRAMP-Low-Revision-4 ac-2 ia-2", + "AWS-Audit-Manager-Control-Tower-Guardrails 3.0.1 3.0.2", + "GxP-21-CFR-Part-11 11.10-d 11.10-g 11.200", + "CISA your-systems-3 your-surroundings-2 booting-up-thing-to-do-", + "CIS-1.4 1.10", + "HIPAA 164_308_a_3_ii_a 164_312_a_1 164_312_d", + "GDPR article_25", + "FFIEC d3-pc-am-b-15 d3-pc-am-b-6", + "AWS-Foundational-Security-Best-Practices iam", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-f ac-2-j ia-2-1-2 ia-2-1", + "NIST-800-53-Revision-5 ac_2_1 ac_3_2 ac_3_3 ac_3_3_a ac_3_3_b_1", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_14 3_5_2 3_5_3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_no_setup_initial_access_key-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_user_no_setup_initial_access_key", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Do not setup access keys during initial user setup for all IAM users that have a console password", + "Description": "User does not have access keys or uses the access keys configured", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.11", + "ENS-RD2022 op.acc.6.aws.iam.4", + "CIS-1.4 1.11" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "From the IAM console: generate credential report and disable not required keys.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_no_setup_initial_access_key-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_user_no_setup_initial_access_key", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Do not setup access keys during initial user setup for all IAM users that have a console password", + "Description": "User dams does not have access keys or uses the access keys configured", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.11", + "ENS-RD2022 op.acc.6.aws.iam.4", + "CIS-1.4 1.11" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "From the IAM console: generate credential report and disable not required keys.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_two_active_access_key-123456789012-eu-west-1-03f429136", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:root" + }, + "GeneratorId": "prowler-iam_user_two_active_access_key", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if IAM users have two active access keys", + "Description": "User does not have 2 active access keys.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:root", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 1.13", + "ENS-RD2022 op.acc.6.aws.iam.1", + "CIS-1.4 1.13" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Avoid using long lived access keys.", + "Url": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-iam_user_two_active_access_key-123456789012-eu-west-1-2bb0c5a32", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:iam::123456789012:user/dams" + }, + "GeneratorId": "prowler-iam_user_two_active_access_key", + "AwsAccountId": "123456789012", + "Types": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if IAM users have two active access keys", + "Description": "User dams has 2 active access keys.", + "Resources": [ + { + "Type": "AwsIamUser", + "Id": "arn:aws:iam::123456789012:user/dams", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 1.13", + "ENS-RD2022 op.acc.6.aws.iam.1", + "CIS-1.4 1.13" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Avoid using long lived access keys.", + "Url": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-northeast-1-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-northeast-2-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-northeast-3-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-south-1-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-southeast-1-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ap-southeast-2-821131a1a", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-ca-central-1-821131a1a", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-eu-central-1-821131a1a", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-eu-north-1-821131a1a", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-eu-west-1-821131a1a", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-eu-west-2-821131a1a", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-eu-west-3-821131a1a", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-sa-east-1-821131a1a", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-us-east-1-821131a1a", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-us-east-2-821131a1a", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-us-west-1-821131a1a", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-macie_is_enabled-123456789012-us-west-2-821131a1a", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Macie" + }, + "GeneratorId": "prowler-macie_is_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "LOW" + }, + "Title": "Check if Amazon Macie is enabled.", + "Description": "Macie is not enabled.", + "Resources": [ + { + "Type": "AwsMacieSession", + "Id": "Macie", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.4", + "CIS-1.4 2.1.4" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Enable Amazon Macie and create appropriate jobs to discover sensitive data.", + "Url": "https://aws.amazon.com/macie/getting-started/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_account_level_public_access_blocks-123456789012-eu-west-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-s3_account_level_public_access_blocks", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "HIGH" + }, + "Title": "Check S3 Account Level Public Access Block.", + "Description": "Block Public Access is not configured for the account 123456789012.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "123456789012", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_7_3 sc_7", + "CIS-1.5 2.1.5", + "NIST-CSF-1.1 ac_3 ac_5 ds_5 ip_8 pt_3", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-d 11.10-g", + "CISA your-systems-3 your-data-2", + "CIS-1.4 2.1.5", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i", + "FFIEC d3-pc-im-b-1", + "AWS-Foundational-Security-Best-Practices s3", + "FedRamp-Moderate-Revision-4 ac-3 ac-6 ac-17-1 ac-21-b cm-2 sc-4", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_1_14 3_1_20 3_3_8 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_acl_prohibited-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_acl_prohibited", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have ACLs enabled", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 has bucket ACLs enabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CISA your-data-2", + "AWS-Foundational-Security-Best-Practices s3" + ], + "AssociatedStandards": [ + { + "StandardsId": "CISA" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_acl_prohibited-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_acl_prohibited", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have ACLs enabled", + "Description": "S3 Bucket wikipedia-bff has bucket ACLs enabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CISA your-data-2", + "AWS-Foundational-Security-Best-Practices s3" + ], + "AssociatedStandards": [ + { + "StandardsId": "CISA" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_default_encryption-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 has Server Side Encryption with AES256.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "CIS-1.5 2.1.1", + "NIST-CSF-1.1 ds_1", + "PCI-3.2.1 s3", + "ENS-RD2022 mp.si.2.aws.s3.1", + "FedRAMP-Low-Revision-4 sc-13", + "GxP-21-CFR-Part-11 11.10-c 11.30", + "CISA your-systems-3 your-data-1 your-data-2", + "CIS-1.4 2.1.1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GDPR article_32", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 sc-13 sc-28", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d cp_9_8 pm_11", + "NIST-800-171-Revision-2 3_3_8 3_5_10 3_13_11 3_13_16" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets has encryption at rest enabled.", + "Url": "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_default_encryption-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_default_encryption", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", + "Description": "S3 Bucket wikipedia-bff has Server Side Encryption with AES256.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 sc_28", + "CIS-1.5 2.1.1", + "NIST-CSF-1.1 ds_1", + "PCI-3.2.1 s3", + "ENS-RD2022 mp.si.2.aws.s3.1", + "FedRAMP-Low-Revision-4 sc-13", + "GxP-21-CFR-Part-11 11.10-c 11.30", + "CISA your-systems-3 your-data-1 your-data-2", + "CIS-1.4 2.1.1", + "HIPAA 164_308_a_1_ii_b 164_308_a_4_ii_a 164_312_a_2_iv 164_312_", + "GDPR article_32", + "GxP-EU-Annex-11 7.1-data-storage-damage-protection", + "FFIEC d3-pc-am-b-12", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 sc-13 sc-28", + "NIST-800-53-Revision-5 au_9_3 cm_6_a cm_9_b cp_9_d cp_9_8 pm_11", + "NIST-800-171-Revision-2 3_3_8 3_5_10 3_13_11 3_13_16" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets has encryption at rest enabled.", + "Url": "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_level_public_access_block-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_level_public_access_block", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check S3 Bucket Level Public Access Block.", + "Description": "Block Public Access is not configured for the S3 Bucket aws-logs-123456789012-eu-west-1.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.5", + "CIS-1.4 2.1.5" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_level_public_access_block-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_level_public_access_block", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check S3 Bucket Level Public Access Block.", + "Description": "Block Public Access is configured for the S3 Bucket wikipedia-bff.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "CIS-1.5 2.1.5", + "CIS-1.4 2.1.5" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_no_mfa_delete-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_no_mfa_delete", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 bucket MFA Delete is not enabled.", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 has MFA Delete disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.3", + "CIS-1.4 2.1.3" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_no_mfa_delete-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_no_mfa_delete", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 bucket MFA Delete is not enabled.", + "Description": "S3 Bucket wikipedia-bff has MFA Delete disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "CIS-1.5 2.1.3", + "CIS-1.4 2.1.3" + ], + "AssociatedStandards": [ + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "CIS-1.4" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_object_versioning-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_object_versioning", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have object versioning enabled", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 has versioning disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 cp_10 si_12", + "SOC2 cc_7_4 cc_a_1_2 cc_c_1_2", + "NIST-CSF-1.1 be_5 ds_4 ip_4 ip_9 pt_5 rp_1 rp_1", + "FedRAMP-Low-Revision-4 au-9 cp-9 cp-10 sc-5", + "AWS-Audit-Manager-Control-Tower-Guardrails 5.1.1", + "GxP-21-CFR-Part-11 11.10-a 11.10-c", + "CISA your-systems-3 your-data-4 booting-up-thing-to-do-first-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_7_i 164_308_a_7_ii_a 164_308_a", + "GxP-EU-Annex-11 5-data 7.1-data-storage-damage-protection 7.2-d", + "FFIEC d5-ir-pl-b-6", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_12", + "FedRamp-Moderate-Revision-4 au-9-2 cp-9-b cp-10 sc-5 si-12", + "NIST-800-53-Revision-5 au_9_2 cp_1_2 cp_2_5 cp_6_a cp_6_1 cp_6_", + "NIST-800-171-Revision-2 3_3_8" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_object_versioning-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_object_versioning", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have object versioning enabled", + "Description": "S3 Bucket wikipedia-bff has versioning disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 cp_10 si_12", + "SOC2 cc_7_4 cc_a_1_2 cc_c_1_2", + "NIST-CSF-1.1 be_5 ds_4 ip_4 ip_9 pt_5 rp_1 rp_1", + "FedRAMP-Low-Revision-4 au-9 cp-9 cp-10 sc-5", + "AWS-Audit-Manager-Control-Tower-Guardrails 5.1.1", + "GxP-21-CFR-Part-11 11.10-a 11.10-c", + "CISA your-systems-3 your-data-4 booting-up-thing-to-do-first-1", + "HIPAA 164_308_a_1_ii_b 164_308_a_7_i 164_308_a_7_ii_a 164_308_a", + "GxP-EU-Annex-11 5-data 7.1-data-storage-damage-protection 7.2-d", + "FFIEC d5-ir-pl-b-6", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_12", + "FedRamp-Moderate-Revision-4 au-9-2 cp-9-b cp-10 sc-5 si-12", + "NIST-800-53-Revision-5 au_9_2 cp_1_2 cp_2_5 cp_6_a cp_6_1 cp_6_", + "NIST-800-171-Revision-2 3_3_8" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_policy_public_write_access-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_policy_public_write_access", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Check if S3 buckets have policies which allow WRITE access.", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 does not have a bucket policy.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_3 ac_4 ac_6 ac_21 sc_7_3 sc_7", + "NIST-CSF-1.1 ac_3 ac_5 ds_5 ip_8 pt_3", + "PCI-3.2.1 s3", + "ENS-RD2022 op.acc.4.aws.iam.1 op.exp.8.r4.aws.ct.2", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 4.1.2", + "GxP-21-CFR-Part-11 11.10-c 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_312_a_1", + "FFIEC d3-pc-im-b-1", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-3 ac-4 ac-6 ac-17-1 ac-21-b cm-2", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_3_8 3_4_6 3_13_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure proper bucket policy is in place with the least privilege principle applied.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_policy_public_write_access-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_policy_public_write_access", + "AwsAccountId": "123456789012", + "Types": [ + "IAM" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Check if S3 buckets have policies which allow WRITE access.", + "Description": "S3 Bucket wikipedia-bff does not have a bucket policy.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_3 ac_4 ac_6 ac_21 sc_7_3 sc_7", + "NIST-CSF-1.1 ac_3 ac_5 ds_5 ip_8 pt_3", + "PCI-3.2.1 s3", + "ENS-RD2022 op.acc.4.aws.iam.1 op.exp.8.r4.aws.ct.2", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "AWS-Audit-Manager-Control-Tower-Guardrails 4.1.2", + "GxP-21-CFR-Part-11 11.10-c 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_312_a_1", + "FFIEC d3-pc-im-b-1", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-3 ac-4 ac-6 ac-17-1 ac-21-b cm-2", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_3_8 3_4_6 3_13_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "AWS-Audit-Manager-Control-Tower-Guardrails" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure proper bucket policy is in place with the least privilege principle applied.", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_public_access-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_public_access", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 is not public.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_3 ac_4 ac_6 ac_21 sc_7_3 sc_7", + "SOC2 cc_6_1", + "NIST-CSF-1.1 ac_3 ac_5 ds_5 ip_8 pt_3", + "PCI-3.2.1 s3", + "ENS-RD2022 op.exp.8.r4.aws.ct.2", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-c 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_312_a_1 164_312_a_2_i", + "FFIEC d3-pc-im-b-1", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-3 ac-4 ac-6 ac-17-1 ac-21-b cm-2", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_3_8 3_4_6 3_13_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_public_access-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_public_access", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "CRITICAL" + }, + "Title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", + "Description": "S3 Bucket wikipedia-bff is not public.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_3 ac_4 ac_6 ac_21 sc_7_3 sc_7", + "SOC2 cc_6_1", + "NIST-CSF-1.1 ac_3 ac_5 ds_5 ip_8 pt_3", + "PCI-3.2.1 s3", + "ENS-RD2022 op.exp.8.r4.aws.ct.2", + "FedRAMP-Low-Revision-4 ac-3 ac-17 cm-2 sc-7", + "GxP-21-CFR-Part-11 11.10-c 11.10-d 11.10-g 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_b 164_308_a_3_i 164_312_a_1 164_312_a_2_i", + "FFIEC d3-pc-im-b-1", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-3 ac-4 ac-6 ac-17-1 ac-21-b cm-2", + "NIST-800-53-Revision-5 ac_2_6 ac_3 ac_3_7 ac_4_21 ac_6 ac_17_b ", + "NIST-800-171-Revision-2 3_1_1 3_1_2 3_1_3 3_3_8 3_4_6 3_13_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_secure_transport_policy-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_secure_transport_policy", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have secure transport policy.", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 does not have a bucket policy, thus it allows HTTP requests.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_17_2 sc_7 sc_8_1 sc_8", + "CIS-1.5 2.1.2", + "NIST-CSF-1.1 ds_2", + "PCI-3.2.1 s3", + "ENS-RD2022 mp.com.1.aws.s3.1 mp.com.3.aws.s3.1", + "FedRAMP-Low-Revision-4 ac-17 sc-7", + "GxP-21-CFR-Part-11 11.10-c 11.30", + "CISA your-systems-3 your-data-2", + "CIS-1.4 2.1.2", + "HIPAA 164_308_a_1_ii_b 164_312_a_2_iv 164_312_c_1 164_312_c_2 1", + "GDPR article_32", + "FFIEC d3-pc-am-b-12 d3-pc-am-b-13 d3-pc-am-b-15", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-17-2 sc-7 sc-8-1 sc-8 sc-23", + "NIST-800-53-Revision-5 ac_4 ac_4_22 ac_17_2 ac_24_1 au_9_3 ca_9", + "NIST-800-171-Revision-2 3_1_13 3_5_10 3_13_1 3_13_5 3_13_8 3_13" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets has encryption in transit enabled.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_secure_transport_policy-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_secure_transport_policy", + "AwsAccountId": "123456789012", + "Types": [ + "Data Protection" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have secure transport policy.", + "Description": "S3 Bucket wikipedia-bff does not have a bucket policy, thus it allows HTTP requests.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_17_2 sc_7 sc_8_1 sc_8", + "CIS-1.5 2.1.2", + "NIST-CSF-1.1 ds_2", + "PCI-3.2.1 s3", + "ENS-RD2022 mp.com.1.aws.s3.1 mp.com.3.aws.s3.1", + "FedRAMP-Low-Revision-4 ac-17 sc-7", + "GxP-21-CFR-Part-11 11.10-c 11.30", + "CISA your-systems-3 your-data-2", + "CIS-1.4 2.1.2", + "HIPAA 164_308_a_1_ii_b 164_312_a_2_iv 164_312_c_1 164_312_c_2 1", + "GDPR article_32", + "FFIEC d3-pc-am-b-12 d3-pc-am-b-13 d3-pc-am-b-15", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_1_3", + "FedRamp-Moderate-Revision-4 ac-17-2 sc-7 sc-8-1 sc-8 sc-23", + "NIST-800-53-Revision-5 ac_4 ac_4_22 ac_17_2 ac_24_1 au_9_3 ca_9", + "NIST-800-171-Revision-2 3_1_13 3_5_10 3_13_1 3_13_5 3_13_8 3_13" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets has encryption in transit enabled.", + "Url": "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_server_access_logging_enabled-123456789012-eu-west-1-78e0803bd", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::aws-logs-123456789012-eu-west-1" + }, + "GeneratorId": "prowler-s3_bucket_server_access_logging_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have server access logging enabled", + "Description": "S3 Bucket aws-logs-123456789012-eu-west-1 has server access logging disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::aws-logs-123456789012-eu-west-1", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 au_2 au_3 au_12", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "FedRAMP-Low-Revision-4 ac-2 au-2", + "GxP-21-CFR-Part-11 11.10-e 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d5-dr", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-s3_bucket_server_access_logging_enabled-123456789012-eu-west-1-d4d44e72b", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:s3:::wikipedia-bff" + }, + "GeneratorId": "prowler-s3_bucket_server_access_logging_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if S3 buckets have server access logging enabled", + "Description": "S3 Bucket wikipedia-bff has server access logging disabled.", + "Resources": [ + { + "Type": "AwsS3Bucket", + "Id": "arn:aws:s3:::wikipedia-bff", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2 au_2 au_3 au_12", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 ae_4 cm_1 cm_3 cm_6 cm_7 am_3 ac_6 ds_5 ", + "FedRAMP-Low-Revision-4 ac-2 au-2", + "GxP-21-CFR-Part-11 11.10-e 11.10-k", + "CISA your-systems-3 your-data-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d5-dr", + "AWS-Foundational-Security-Best-Practices s3", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-4 ac-2-g au-2-a-d au-3 au-6-1-", + "NIST-800-53-Revision-5 ac_2_4 ac_3_1 ac_3_10 ac_4_26 ac_6_9 au_", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_2 3_3_3 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-northeast-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-northeast-2-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-northeast-3-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-south-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-southeast-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ap-southeast-2-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-ca-central-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-eu-central-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-eu-north-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-eu-west-1-1625cdb75", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "arn:aws:securityhub:eu-west-1:123456789012:hub/default" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is enabled with standards: cis-aws-foundations-benchmark aws-foundational-security-best-practices ", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "arn:aws:securityhub:eu-west-1:123456789012:hub/default", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "PASSED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-eu-west-2-d053c2dfc", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-eu-west-3-d053c2dfc", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-sa-east-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-us-east-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-us-east-2-d053c2dfc", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-us-west-1-d053c2dfc", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-securityhub_enabled-123456789012-us-west-2-d053c2dfc", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "Security Hub" + }, + "GeneratorId": "prowler-securityhub_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check if Security Hub is enabled and its standard subscriptions.", + "Description": "Security Hub is not enabled", + "Resources": [ + { + "Type": "AwsSecurityHubHub", + "Id": "Security Hub", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 ac_2_1 ac_2_4 ac_2_12 ac_2 ac_17_1 au_6_", + "CIS-1.5 4.16", + "SOC2 cc_3_1 cc_6_8 cc_7_1 cc_7_2 cc_7_3 cc_7_4", + "NIST-CSF-1.1 ae_2 ae_4 cm_1 cm_2 cm_3 cm_4 cm_5 cm_6 cm_7 cp_4 ", + "ENS-RD2022 op.exp.7.aws.sh.1 op.mon.2.aws.sh.1 op.mon.3.r1.aws.", + "FedRAMP-Low-Revision-4 ac-2 ac-17 ca-7 ir-4", + "GxP-21-CFR-Part-11 11.300-d", + "CISA your-systems-3 your-crisis-response-2", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_5_ii_c 164_30", + "GxP-EU-Annex-11 1-risk-management", + "FFIEC d2-is-is-b-1 d2-ti-ti-b-1 d2-ti-ti-b-2 d2-ti-ti-b-3 d3-dc", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 ac-2-1 ac-2-4 ac-2-12-a ac-2-g ac-1", + "NIST-800-53-Revision-5 au_6_1 au_6_5 au_12_3 au_14_a au_14_b ca", + "NIST-800-171-Revision-2 3_1_12 3_3_1 3_3_4 3_3_5 3_6_1 3_6_2 3_" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GxP-EU-Annex-11" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.", + "Url": "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-trustedadvisor_errors_and_warnings-123456789012-us-east-1-fb33278bd", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "123456789012" + }, + "GeneratorId": "prowler-trustedadvisor_errors_and_warnings", + "AwsAccountId": "123456789012", + "Types": [], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Check Trusted Advisor for errors and warnings.", + "Description": "Amazon Web Services Premium Support Subscription is required to use this service.", + "Resources": [ + { + "Type": "Other", + "Id": "123456789012", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "INFOED", + "RelatedRequirements": [], + "AssociatedStandards": [] + }, + "Remediation": { + "Recommendation": { + "Text": "Review and act upon its recommendations.", + "Url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-northeast-1-dcd26add6", + "ProductArn": "arn:aws:securityhub:ap-northeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-0cbc506a" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-0cbc506a Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-0cbc506a", + "Partition": "aws", + "Region": "ap-northeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-northeast-2-96f358bdf", + "ProductArn": "arn:aws:securityhub:ap-northeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-73f44e18" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-73f44e18 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-73f44e18", + "Partition": "aws", + "Region": "ap-northeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-northeast-3-0054098f0", + "ProductArn": "arn:aws:securityhub:ap-northeast-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-47b7dd2e" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-47b7dd2e Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-47b7dd2e", + "Partition": "aws", + "Region": "ap-northeast-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-south-1-b3baa1c6a", + "ProductArn": "arn:aws:securityhub:ap-south-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-2651a14d" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-2651a14d Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-2651a14d", + "Partition": "aws", + "Region": "ap-south-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-southeast-1-d4cdaf767", + "ProductArn": "arn:aws:securityhub:ap-southeast-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-04ed1062" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-04ed1062 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-04ed1062", + "Partition": "aws", + "Region": "ap-southeast-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ap-southeast-2-c3cef32e4", + "ProductArn": "arn:aws:securityhub:ap-southeast-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-5d22c33b" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-5d22c33b Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-5d22c33b", + "Partition": "aws", + "Region": "ap-southeast-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-ca-central-1-19bded0ad", + "ProductArn": "arn:aws:securityhub:ca-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-b5113ddd" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-b5113ddd Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-b5113ddd", + "Partition": "aws", + "Region": "ca-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-eu-central-1-193fc2a67", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-78b43312" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-78b43312 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-78b43312", + "Partition": "aws", + "Region": "eu-central-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-eu-north-1-546dc7118", + "ProductArn": "arn:aws:securityhub:eu-north-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-fa259d93" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-fa259d93 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-fa259d93", + "Partition": "aws", + "Region": "eu-north-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-eu-west-1-53d006973", + "ProductArn": "arn:aws:securityhub:eu-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-f24c7994" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-f24c7994 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-f24c7994", + "Partition": "aws", + "Region": "eu-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-eu-west-2-0a4ed76ad", + "ProductArn": "arn:aws:securityhub:eu-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-3fa2fa57" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-3fa2fa57 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-3fa2fa57", + "Partition": "aws", + "Region": "eu-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-eu-west-3-9800b4bb9", + "ProductArn": "arn:aws:securityhub:eu-west-3::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-87d3fdee" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-87d3fdee Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-87d3fdee", + "Partition": "aws", + "Region": "eu-west-3" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-sa-east-1-fa5a14a51", + "ProductArn": "arn:aws:securityhub:sa-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-b14fa4d7" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-b14fa4d7 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-b14fa4d7", + "Partition": "aws", + "Region": "sa-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-us-east-1-7a3082bfa", + "ProductArn": "arn:aws:securityhub:us-east-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-ba1cbdc7" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-ba1cbdc7 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-ba1cbdc7", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-us-east-2-c181fd581", + "ProductArn": "arn:aws:securityhub:us-east-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-e429ad8f" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-e429ad8f Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-e429ad8f", + "Partition": "aws", + "Region": "us-east-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-us-west-1-a6418151c", + "ProductArn": "arn:aws:securityhub:us-west-1::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-6e6fa508" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-6e6fa508 Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-6e6fa508", + "Partition": "aws", + "Region": "us-west-1" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +},{ + "SchemaVersion": "2018-10-08", + "Id": "prowler-vpc_flow_logs_enabled-123456789012-us-west-2-887fc2b8d", + "ProductArn": "arn:aws:securityhub:us-west-2::product/prowler/prowler", + "RecordState": "ACTIVE", + "ProductFields": { + "ProviderName": "Prowler", + "ProviderVersion": "3.3.0", + "ProwlerResourceName": "vpc-d45709ac" + }, + "GeneratorId": "prowler-vpc_flow_logs_enabled", + "AwsAccountId": "123456789012", + "Types": [ + "Logging and Monitoring" + ], + "FirstObservedAt": "2023-03-18T15:43:31Z", + "UpdatedAt": "2023-03-18T15:43:31Z", + "CreatedAt": "2023-03-18T15:43:31Z", + "Severity": { + "Label": "MEDIUM" + }, + "Title": "Ensure VPC Flow Logging is Enabled in all VPCs.", + "Description": "VPC vpc-d45709ac Flow logs are disabled.", + "Resources": [ + { + "Type": "AwsEc2Vpc", + "Id": "vpc-d45709ac", + "Partition": "aws", + "Region": "us-west-2" + } + ], + "Compliance": { + "Status": "FAILED", + "RelatedRequirements": [ + "NIST-800-53-Revision-4 au_2 au_3 au_12", + "CIS-1.5 3.9", + "SOC2 cc_7_2 cc_7_3", + "NIST-CSF-1.1 ae_1 ae_3 cm_1 cm_7 am_3 ds_5 pt_1", + "PCI-3.2.1 ec2", + "ENS-RD2022 op.mon.1.aws.flow.1", + "FedRAMP-Low-Revision-4 au-2", + "GxP-21-CFR-Part-11 11.10-e", + "CISA your_-urroundings-1 your-data-2", + "CIS-1.4 3.9", + "HIPAA 164_308_a_1_ii_d 164_308_a_3_ii_a 164_308_a_6_ii 164_312_", + "GDPR article_25 article_30", + "FFIEC d2-ma-ma-b-1 d2-ma-ma-b-2 d3-dc-an-b-3 d3-dc-an-b-4 d3-dc", + "AWS-Foundational-Security-Best-Practices ec2", + "RBI-Cyber-Security-Framework annex_i_7_4", + "FedRamp-Moderate-Revision-4 au-2-a-d au-3 au-6-1-3 au-12-a-c", + "NIST-800-53-Revision-5 ac_4_26 au_2_b au_3_a au_3_b au_3_c au_3", + "NIST-800-171-Revision-2 3_3_1 3_3_3 3_6_1 3_6_2 3_13_1 3_14_6 3" + ], + "AssociatedStandards": [ + { + "StandardsId": "NIST-800-53-Revision-4" + }, + { + "StandardsId": "CIS-1.5" + }, + { + "StandardsId": "SOC2" + }, + { + "StandardsId": "NIST-CSF-1.1" + }, + { + "StandardsId": "PCI-3.2.1" + }, + { + "StandardsId": "ENS-RD2022" + }, + { + "StandardsId": "FedRAMP-Low-Revision-4" + }, + { + "StandardsId": "GxP-21-CFR-Part-11" + }, + { + "StandardsId": "CISA" + }, + { + "StandardsId": "CIS-1.4" + }, + { + "StandardsId": "HIPAA" + }, + { + "StandardsId": "GDPR" + }, + { + "StandardsId": "FFIEC" + }, + { + "StandardsId": "AWS-Foundational-Security-Best-Practices" + }, + { + "StandardsId": "RBI-Cyber-Security-Framework" + }, + { + "StandardsId": "FedRamp-Moderate-Revision-4" + }, + { + "StandardsId": "NIST-800-53-Revision-5" + }, + { + "StandardsId": "NIST-800-171-Revision-2" + } + ] + }, + "Remediation": { + "Recommendation": { + "Text": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", + "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" + } + } +}] \ No newline at end of file diff --git a/unittests/scans/auditjs/auditjs_with_package_namespace.json b/unittests/scans/auditjs/auditjs_with_package_namespace.json new file mode 100644 index 00000000000..683576e0ef4 --- /dev/null +++ b/unittests/scans/auditjs/auditjs_with_package_namespace.json @@ -0,0 +1,65 @@ +[ + { + "coordinates": "pkg:npm/loose-envify@1.4.0", + "description": "Fast (and loose) selective `process.env` replacer using js-tokens instead of an AST", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/loose-envify@1.4.0?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + }, + { + "coordinates": "pkg:npm/js-tokens@4.0.0", + "description": "Tiny JavaScript tokenizer.", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/js-tokens@4.0.0?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + }, + { + "coordinates": "pkg:npm/react-dom@18.2.0", + "description": "React package for working with the DOM.", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/react-dom@18.2.0?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + }, + { + "coordinates": "pkg:npm/scheduler@0.23.0", + "description": "Cooperative scheduler for the browser environment.", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/scheduler@0.23.0?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + }, + { + "coordinates": "pkg:npm/next@12.2.2", + "description": "The React Framework", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/next@12.2.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [ + + ] + }, + { + "coordinates": "pkg:npm/%40next/env@12.2.2", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/%40next/env@12.2.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [ + { + "id": "da5a3b11-c75b-48e7-9c28-1123f0a492bf", + "title": "Unverified Certificate", + "description": "> When using SSL to connect to a MySQL server, the SSL procedure implemented does not actually check if the remote server has a trusted certificate or not.\n> \n> -- [github.com](https://github.com/mysqljs/mysql/issues/816)", + "cvssScore": 9.6, + "cvssVector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "reference": "https://ossindex.sonatype.org/vulnerability/da5a3b11-c75b-48e7-9c28-1123f0a492bf?component-type=npm&component-name=mysql&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25" + } + ] + }, + { + "coordinates": "pkg:npm/%40swc/helpers@0.4.2", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/%40swc/helpers@0.4.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [ + + ] + }, + { + "coordinates": "pkg:npm/%40next/swc-linux-x64-gnu@12.2.2", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/%40next/swc-linux-x64-gnu@12.2.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + }, + { + "coordinates": "pkg:npm/%40next/swc-linux-x64-musl@12.2.2", + "reference": "https://ossindex.sonatype.org/component/pkg:npm/%40next/swc-linux-x64-musl@12.2.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.37", + "vulnerabilities": [] + } +] diff --git a/unittests/scans/aws_prowler_v3/many_vuln.json b/unittests/scans/aws_prowler_v3/many_vuln.json new file mode 100644 index 00000000000..49dc1756d22 --- /dev/null +++ b/unittests/scans/aws_prowler_v3/many_vuln.json @@ -0,0 +1,195 @@ +[{ + "AssessmentStartTime": "2023-04-25T23:49:42.744599", + "FindingUniqueId": "prowler-aws-acm_certificates_expiration_check-999999999999-us-east-1-api.teste.teste.com", + "Provider": "aws", + "CheckID": "acm_certificates_expiration_check", + "CheckTitle": "Check if ACM Certificates are about to expire in specific days or less", + "CheckType": [ + "Data Protection" + ], + "ServiceName": "acm", + "SubServiceName": "", + "Status": "FAIL", + "StatusExtended": "ACM Certificate for api.teste.teste.com is about to expire in 7 days.", + "Severity": "high", + "ResourceType": "AwsCertificateManagerCertificate", + "ResourceDetails": "", + "Description": "Check if ACM Certificates are about to expire in specific days or less", + "Risk": "Expired certificates can impact service availability.", + "RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html", + "Remediation": { + "Code": { + "NativeIaC": "", + "Terraform": "", + "CLI": "", + "Other": "" + }, + "Recommendation": { + "Text": "Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.", + "Url": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html" + } + }, + "Compliance": { + "FedRAMP-Low-Revision-4": [ + "ac-17", + "sc-12" + ], + "NIST-800-53-Revision-4": [ + "ac_4", + "ac_17_2", + "sc_12" + ], + "NIST-CSF-1.1": [ + "ac_5", + "ds_2" + ], + "NIST-800-53-Revision-5": [ + "sc_7_12", + "sc_7_16" + ], + "FedRamp-Moderate-Revision-4": [ + "ac-4", + "ac-17-2", + "sc-12" + ], + "RBI-Cyber-Security-Framework": [ + "annex_i_1_3" + ], + "SOC2": [ + "cc_6_7" + ], + "FFIEC": [ + "d3-pc-im-b-1" + ], + "CISA": [ + "your-data-2" + ], + "HIPAA": [ + "164_308_a_4_ii_a", + "164_312_e_1" + ], + "NIST-800-171-Revision-2": [ + "3_13_1", + "3_13_2", + "3_13_8", + "3_13_11" + ], + "GDPR": [ + "article_32" + ] + }, + "Categories": [], + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Profile": null, + "AccountId": "999999999999", + "OrganizationsInfo": null, + "Region": "us-east-1", + "ResourceId": "api.teste.teste.com", + "ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000", + "ResourceTags": {} +},{ + "AssessmentStartTime": "2023-04-25T23:49:42.744599", + "FindingUniqueId": "prowler-aws-accessanalyzer_enabled-999999999999-us-east-1-999999999999", + "Provider": "aws", + "CheckID": "accessanalyzer_enabled", + "CheckTitle": "Check if IAM Access Analyzer is enabled", + "CheckType": [ + "IAM" + ], + "ServiceName": "accessanalyzer", + "SubServiceName": "", + "Status": "FAIL", + "StatusExtended": "IAM Access Analyzer in account 999999999999 is not enabled", + "Severity": "low", + "ResourceType": "Other", + "ResourceDetails": "", + "Description": "Check if IAM Access Analyzer is enabled", + "Risk": "AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.", + "RelatedUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", + "Remediation": { + "Code": { + "NativeIaC": "", + "Terraform": "", + "CLI": "aws accessanalyzer create-analyzer --analyzer-name --type ", + "Other": "" + }, + "Recommendation": { + "Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).", + "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html" + } + }, + "Compliance": { + "CIS-1.4": [ + "1.20" + ], + "CIS-1.5": [ + "1.20" + ] + }, + "Categories": [], + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Profile": null, + "AccountId": "999999999999", + "OrganizationsInfo": null, + "Region": "us-east-1", + "ResourceId": "999999999999", + "ResourceArn": "", + "ResourceTags": {} +},{ + "AssessmentStartTime": "2023-04-25T23:49:42.744599", + "FindingUniqueId": "prowler-aws-account_maintain_current_contact_details-999999999999-us-east-1-999999999999", + "Provider": "aws", + "CheckID": "account_maintain_current_contact_details", + "CheckTitle": "Maintain current contact details.", + "CheckType": [ + "IAM" + ], + "ServiceName": "account", + "SubServiceName": "", + "Status": "FAIL", + "StatusExtended": "Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", + "Severity": "medium", + "ResourceType": "Other", + "ResourceDetails": "", + "Description": "Maintain current contact details.", + "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.", + "RelatedUrl": "", + "Remediation": { + "Code": { + "NativeIaC": "", + "Terraform": "", + "CLI": "No command available.", + "Other": "https://docs.bridgecrew.io/docs/iam_18-maintain-contact-details#aws-console" + }, + "Recommendation": { + "Text": "Using the Billing and Cost Management console complete contact details.", + "Url": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html" + } + }, + "Compliance": { + "CIS-1.4": [ + "1.1" + ], + "ENS-RD2022": [ + "op.ext.7.aws.am.1" + ], + "CIS-1.5": [ + "1.1" + ] + }, + "Categories": [], + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Profile": null, + "AccountId": "999999999999", + "OrganizationsInfo": null, + "Region": "us-east-1", + "ResourceId": "999999999999", + "ResourceArn": "", + "ResourceTags": {} +}] \ No newline at end of file diff --git a/unittests/scans/aws_prowler_v3/no_vuln.json b/unittests/scans/aws_prowler_v3/no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/aws_prowler_v3/no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/aws_prowler_v3/one_vuln.json b/unittests/scans/aws_prowler_v3/one_vuln.json new file mode 100644 index 00000000000..e195d50a81c --- /dev/null +++ b/unittests/scans/aws_prowler_v3/one_vuln.json @@ -0,0 +1,92 @@ +[{ + "AssessmentStartTime": "2023-04-25T23:49:42.744599", + "FindingUniqueId": "prowler-aws-acm_certificates_expiration_check-999999999999-us-east-1-api.sandbox.partner.teste.com", + "Provider": "aws", + "CheckID": "acm_certificates_expiration_check", + "CheckTitle": "Check if ACM Certificates are about to expire in specific days or less", + "CheckType": [ + "Data Protection" + ], + "ServiceName": "acm", + "SubServiceName": "", + "Status": "FAIL", + "StatusExtended": "ACM Certificate for api.sandbox.partner.teste.com is about to expire in 7 days.", + "Severity": "high", + "ResourceType": "AwsCertificateManagerCertificate", + "ResourceDetails": "", + "Description": "Check if ACM Certificates are about to expire in specific days or less", + "Risk": "Expired certificates can impact service availability.", + "RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html", + "Remediation": { + "Code": { + "NativeIaC": "", + "Terraform": "", + "CLI": "", + "Other": "" + }, + "Recommendation": { + "Text": "Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.", + "Url": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html" + } + }, + "Compliance": { + "FedRAMP-Low-Revision-4": [ + "ac-17", + "sc-12" + ], + "NIST-800-53-Revision-4": [ + "ac_4", + "ac_17_2", + "sc_12" + ], + "NIST-CSF-1.1": [ + "ac_5", + "ds_2" + ], + "NIST-800-53-Revision-5": [ + "sc_7_12", + "sc_7_16" + ], + "FedRamp-Moderate-Revision-4": [ + "ac-4", + "ac-17-2", + "sc-12" + ], + "RBI-Cyber-Security-Framework": [ + "annex_i_1_3" + ], + "SOC2": [ + "cc_6_7" + ], + "FFIEC": [ + "d3-pc-im-b-1" + ], + "CISA": [ + "your-data-2" + ], + "HIPAA": [ + "164_308_a_4_ii_a", + "164_312_e_1" + ], + "NIST-800-171-Revision-2": [ + "3_13_1", + "3_13_2", + "3_13_8", + "3_13_11" + ], + "GDPR": [ + "article_32" + ] + }, + "Categories": [], + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Profile": null, + "AccountId": "999999999999", + "OrganizationsInfo": null, + "Region": "us-east-1", + "ResourceId": "api.teste.teste.com", + "ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000", + "ResourceTags": {} +}] \ No newline at end of file diff --git a/unittests/scans/awssecurityhub/README.md b/unittests/scans/awssecurityhub/README.md new file mode 100644 index 00000000000..dd08fde5e85 --- /dev/null +++ b/unittests/scans/awssecurityhub/README.md @@ -0,0 +1,17 @@ +AWS Security Hub consolidates findings from a multitude of sources. For a detailed list of integrations with AWS Services and third-party products, please refer to its [official documentation](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html). + +Given the variety of finding contents, DefectDojo offers varying degrees of support for each provider. However, it should at least import basic information without errors. + +This directory contains sample reports from Security Hub. They are meant as test cases. + +To keep some order, let's keep them prefixed with the names of the services that generated them: + +* `config_`: findings generated by AWS Config rules, for example by benchmarking against "AWS Foundational Security Best Practices" + +* `inspector_ec2_`: findings from AWS Inspector with results of scanning EC2 instances + +* `inspector_ecr_`: findings from AWS Inspector with results of Enhanced ECR Scanning, currently contains 7 findings with vulnerabilities associated with 8 different values of `PackageManager` + +* `inspector_lambda_`: findings from AWS Inspector with results of scanning Lambdas + +* `guardduty_`: findings from AWS Guard Duty diff --git a/unittests/scans/awssecurityhub/many_findings.json b/unittests/scans/awssecurityhub/config_many_findings.json similarity index 100% rename from unittests/scans/awssecurityhub/many_findings.json rename to unittests/scans/awssecurityhub/config_many_findings.json diff --git a/unittests/scans/awssecurityhub/one_finding.json b/unittests/scans/awssecurityhub/config_one_finding.json similarity index 100% rename from unittests/scans/awssecurityhub/one_finding.json rename to unittests/scans/awssecurityhub/config_one_finding.json diff --git a/unittests/scans/awssecurityhub/config_one_finding_active.json b/unittests/scans/awssecurityhub/config_one_finding_active.json new file mode 100644 index 00000000000..72d5b16ac1b --- /dev/null +++ b/unittests/scans/awssecurityhub/config_one_finding_active.json @@ -0,0 +1,62 @@ +{ + "findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", + "GeneratorId": "aws-foundational-security-best-practices/v/1.0.0/IAM.5", + "AwsAccountId": "012345678912", + "Types": [ + "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices" + ], + "FirstObservedAt": "2020-06-08T14:33:07.560Z", + "LastObservedAt": "2020-06-14T21:02:53.940Z", + "CreatedAt": "2020-06-08T14:33:07.560Z", + "UpdatedAt": "2020-06-14T21:02:53.454Z", + "Severity": { + "Product": 40, + "Label": "MEDIUM", + "Normalized": 40, + "Original": "MEDIUM" + }, + "Title": "IAM.5 MFA should be enabled for all IAM users that have console password", + "Description": "This AWS control checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password.", + "Remediation": { + "Recommendation": { + "Text": "For directions on how to fix this issue, please consult the AWS Security Hub Foundational Security Best Practices documentation.", + "Url": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation" + } + }, + "ProductFields": { + "StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0", + "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0", + "ControlId": "IAM.5", + "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation", + "RelatedAWSResources:0/name": "securityhub-mfa-enabled-for-iam-console-access-9ae73a2f", + "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", + "StandardsControlArn": "arn:aws:securityhub:us-east-1:012345678912:control/aws-foundational-security-best-practices/v/1.0.0/IAM.5", + "aws/securityhub/SeverityLabel": "MEDIUM", + "aws/securityhub/ProductName": "Security Hub", + "aws/securityhub/CompanyName": "AWS", + "aws/securityhub/annotation": "AWS Config evaluated your resources against the rule. The rule did not apply to the AWS resources in its scope, the specified resources were deleted, or the evaluation results were deleted.", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1" + }, + "Resources": [ + { + "Type": "AwsAccount", + "Id": "AWS::::Account:012345678912", + "Partition": "aws", + "Region": "us-east-1" + } + ], + "Compliance": { + "Status": "FAILED" + }, + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE" + } + ] +} \ No newline at end of file diff --git a/unittests/scans/awssecurityhub/repeated_findings.json b/unittests/scans/awssecurityhub/config_repeated_findings.json similarity index 100% rename from unittests/scans/awssecurityhub/repeated_findings.json rename to unittests/scans/awssecurityhub/config_repeated_findings.json diff --git a/unittests/scans/awssecurityhub/inspector_ec2_cve.json b/unittests/scans/awssecurityhub/inspector_ec2_cve.json new file mode 100644 index 00000000000..cb134914cac --- /dev/null +++ b/unittests/scans/awssecurityhub/inspector_ec2_cve.json @@ -0,0 +1,595 @@ +{ + "Findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/c830773636319eaf8313475ae5876490", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "XXXXXXXXXXXX", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T08:04:10Z", + "LastObservedAt": "2023-03-01T08:34:29Z", + "CreatedAt": "2023-03-01T08:04:10Z", + "UpdatedAt": "2023-03-01T08:34:29Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/c830773636319eaf8313475ae5876490", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": {}, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/something", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T08:03:19Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-3643", + "VulnerablePackages": [ + { + "Name": "kernel", + "Version": "4.14.301", + "Epoch": "0", + "Release": "224.520.amzn2", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:5.10.162-141.675.amzn2", + "Remediation": "yum update kernel" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD", + "Adjustments": [] + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3643", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2022-12-07T01:15:00Z", + "VendorUpdatedAt": "2023-01-10T19:41:00Z" + }, + "ReferenceUrls": [ + "https://xenbits.xenproject.org/xsa/advisory-423.txt", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" + ], + "FixAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:111111111111:finding/421f47a297307b649173d4ac3e44bc0c", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "111111111111", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T08:06:17Z", + "LastObservedAt": "2023-03-01T08:06:17Z", + "CreatedAt": "2023-03-01T08:06:17Z", + "UpdatedAt": "2023-03-01T08:06:17Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:111111111111:finding/421f47a297307b649173d4ac3e44bc0c", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:111111111111:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": { + }, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::111111111111:instance-profile/...2022021512482163910000000f", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T08:04:12Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-3643", + "VulnerablePackages": [ + { + "Name": "kernel", + "Version": "4.14.301", + "Epoch": "0", + "Release": "224.520.amzn2", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:5.10.162-141.675.amzn2", + "Remediation": "yum update kernel" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD", + "Adjustments": [] + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3643", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2022-12-07T01:15:00Z", + "VendorUpdatedAt": "2023-01-10T19:41:00Z" + }, + "ReferenceUrls": [ + "https://xenbits.xenproject.org/xsa/advisory-423.txt", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" + ], + "FixAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/637ce0c44b523b292b8e99f7a9481e60", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "XXXXXXXXXXXX", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T08:02:40Z", + "LastObservedAt": "2023-03-01T08:03:46Z", + "CreatedAt": "2023-03-01T08:02:40Z", + "UpdatedAt": "2023-03-01T08:03:46Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/637ce0c44b523b292b8e99f7a9481e60", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": {}, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/...20220119092435965400000017", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T08:01:37Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-3643", + "VulnerablePackages": [ + { + "Name": "kernel", + "Version": "4.14.301", + "Epoch": "0", + "Release": "224.520.amzn2", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:5.10.162-141.675.amzn2", + "Remediation": "yum update kernel" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD", + "Adjustments": [] + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3643", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2022-12-07T01:15:00Z", + "VendorUpdatedAt": "2023-01-10T19:41:00Z" + }, + "ReferenceUrls": [ + "https://xenbits.xenproject.org/xsa/advisory-423.txt", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" + ], + "FixAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/7133acf918e320c6e3a85f17bd251800", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "XXXXXXXXXXXX", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T07:01:16Z", + "LastObservedAt": "2023-03-01T07:32:14Z", + "CreatedAt": "2023-03-01T07:01:16Z", + "UpdatedAt": "2023-03-01T07:32:14Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/7133acf918e320c6e3a85f17bd251800", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": {}, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/...20220119092435965400000017", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T07:00:13Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-3643", + "VulnerablePackages": [ + { + "Name": "kernel", + "Version": "4.14.301", + "Epoch": "0", + "Release": "224.520.amzn2", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:5.10.162-141.675.amzn2", + "Remediation": "yum update kernel" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD", + "Adjustments": [] + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3643", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2022-12-07T01:15:00Z", + "VendorUpdatedAt": "2023-01-10T19:41:00Z" + }, + "ReferenceUrls": [ + "https://xenbits.xenproject.org/xsa/advisory-423.txt", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" + ], + "FixAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/adbc664a6ecdbd966b0cd30cde9f805d", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "XXXXXXXXXXXX", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T07:02:22Z", + "LastObservedAt": "2023-03-01T07:31:54Z", + "CreatedAt": "2023-03-01T07:02:22Z", + "UpdatedAt": "2023-03-01T07:31:54Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/adbc664a6ecdbd966b0cd30cde9f805d", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": {}, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/...20211202232238853000000014", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T07:00:23Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-3643", + "VulnerablePackages": [ + { + "Name": "kernel", + "Version": "4.14.301", + "Epoch": "0", + "Release": "224.520.amzn2", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:5.10.162-141.675.amzn2", + "Remediation": "yum update kernel" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 10, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "Source": "NVD", + "Adjustments": [] + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3643", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2022-12-07T01:15:00Z", + "VendorUpdatedAt": "2023-01-10T19:41:00Z" + }, + "ReferenceUrls": [ + "https://xenbits.xenproject.org/xsa/advisory-423.txt", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" + ], + "FixAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + } + ] +} \ No newline at end of file diff --git a/unittests/scans/awssecurityhub/inspector_ec2_cve_no_vulnerabilities.json b/unittests/scans/awssecurityhub/inspector_ec2_cve_no_vulnerabilities.json new file mode 100644 index 00000000000..119b139ec1c --- /dev/null +++ b/unittests/scans/awssecurityhub/inspector_ec2_cve_no_vulnerabilities.json @@ -0,0 +1,78 @@ +{ + "Findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/c830773636319eaf8313475ae5876490", + "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "us-east-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "XXXXXXXXXXXX", + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ], + "FirstObservedAt": "2023-03-01T08:04:10Z", + "LastObservedAt": "2023-03-01T08:34:29Z", + "CreatedAt": "2023-03-01T08:04:10Z", + "UpdatedAt": "2023-03-01T08:34:29Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2022-3643 - kernel", + "Description": "Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.", + "Remediation": { + "Recommendation": { + "Text": "None Provided" + } + }, + "ProductFields": { + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "10.0", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", + "aws/inspector/ProductVersion": "2", + "aws/inspector/instanceId": "i-11111111111111111", + "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:XXXXXXXXXXXX:finding/c830773636319eaf8313475ae5876490", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:i-11111111111111111", + "Partition": "aws", + "Region": "us-east-1", + "Tags": {}, + "Details": { + "AwsEc2Instance": { + "Type": "c6i.large", + "ImageId": "ami-11111111111111111", + "IpV4Addresses": [ + "11.1.11.111" + ], + "IamInstanceProfileArn": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/something", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-03-01T08:03:19Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": [ + "Software and Configuration Checks/Vulnerabilities/CVE" + ] + } + } + ] +} \ No newline at end of file diff --git a/unittests/scans/awssecurityhub/inspector_ec2_ghsa.json b/unittests/scans/awssecurityhub/inspector_ec2_ghsa.json new file mode 100644 index 00000000000..476f6b56fc4 --- /dev/null +++ b/unittests/scans/awssecurityhub/inspector_ec2_ghsa.json @@ -0,0 +1,112 @@ +{ + "Findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:012345678912:finding/e07acd3c1cac9df14b96604ceef247be", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "012345678912", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-09-07T17:20:26Z", + "LastObservedAt": "2023-09-07T17:20:26Z", + "CreatedAt": "2023-09-07T17:20:26Z", + "UpdatedAt": "2023-09-07T17:20:26Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "GHSA-p98r-538v-jgw5 - kernel-5.15", + "Description": "An out-of-bounds read issue was found in the Linux kernel’s crc16 implementation in lib/crc16.c when called from fs/ext4/super.c. ext4_group_desc_csum does not properly check an offset which may lead to out-of-bounds read.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/instanceId": "i-07c11cc535d830123", + "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "BOTTLEROCKET", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:012345678912:finding/e07acd3c1cac9df14b96604ceef247be", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEc2Instance", + "Id": "arn:aws:ec2:eu-central-1:012345678912:instance/i-07c11cc535d830123", + "Partition": "aws", + "Region": "eu-central-1", + "Tags": { + "EKS_GROUP_NAME": "EKS managed node group", + "aws:eks:cluster-name": "eks01", + "eks:cluster-name": "eks01", + "kubernetes.io/cluster/eks01": "owned", + "aws:ec2launchtemplate:version": "3", + "k8s.io/cluster-autoscaler/enabled": "true", + "NODE_ROLE": "tester", + "k8s.io/cluster-autoscaler/eks01": "owned", + "Name": "eks01-testers", + "Role": "kubernetes", + "aws:autoscaling:groupName": "eks-eks01-testers-20230322111111111100000001-10c38473-1b1c-e880-202d-e076e43e6ece", + "aws:ec2:fleet-id": "fleet-2e2437ad-ea95-e13c-2c92-0e8875e53bff", + "eks:nodegroup-name": "eks01-testers-20230322103837516200000001", + "aws:ec2launchtemplate:id": "lt-040e834ea0c57553b" + }, + "Details": { + "AwsEc2Instance": { + "Type": "c4.4xlarge", + "ImageId": "ami-0b4a5f1e4bcfe46a3", + "IpV4Addresses": ["123.123.123.123"], + "IamInstanceProfileArn": "arn:aws:iam::012345678912:instance-profile/eks-10c38473-1b1c-e880-202d-e076e43e6ece", + "VpcId": "vpc-11111111111111111", + "SubnetId": "subnet-11111111111111111", + "LaunchedAt": "2023-09-07T17:19:47Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "GHSA-p98r-538v-jgw5", + "VulnerablePackages": [ + { + "Name": "kernel-5.15", + "Version": "1.14.1", + "Epoch": "0", + "Release": "842c7134", + "Architecture": "X86_64", + "PackageManager": "OS", + "FixedInVersion": "0:1.14.2-0", + "Remediation": "apiclient update check && apiclient update apply" + } + ], + "RelatedVulnerabilities": ["GHSA-p98r-538v-jgw5", "CVE-2023-34256"], + "Vendor": { + "Name": "BOTTLEROCKET", + "Url": "https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-p98r-538v-jgw5", + "VendorSeverity": "medium", + "VendorCreatedAt": "2023-07-07T20:56:55Z", + "VendorUpdatedAt": "2023-07-07T20:56:55Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + } + ] +} diff --git a/unittests/scans/awssecurityhub/inspector_ecr.json b/unittests/scans/awssecurityhub/inspector_ecr.json new file mode 100644 index 00000000000..daa4225e61a --- /dev/null +++ b/unittests/scans/awssecurityhub/inspector_ecr.json @@ -0,0 +1,805 @@ +{ + "Findings": [ + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fbd353dda17ad52c47774ad7d62360b2", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-23T14:00:39Z", + "LastObservedAt": "2023-08-30T21:11:07Z", + "CreatedAt": "2023-08-23T14:00:39Z", + "UpdatedAt": "2023-08-30T21:11:07Z", + "Severity": { + "Label": "MEDIUM", + "Normalized": 40 + }, + "Title": "CVE-2023-2650 - openssl", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time comp...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "6.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_11", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:d5fad00d4eb04c332a8728ee7642bff8fb9cd3cec653ca301ab69a4ca075a757", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fbd353dda17ad52c47774ad7d62360b2", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-os", + "Architecture": "amd64", + "ImageDigest": "sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", + "ImageTags": ["2023-08-23"], + "ImagePublishedAt": "2023-08-23T14:00:14Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-2650", + "VulnerablePackages": [ + { + "Name": "openssl", + "Version": "1.1.1n", + "Epoch": "0", + "Release": "0+deb11u4", + "Architecture": "AMD64", + "PackageManager": "OS", + "FixedInVersion": "0:1.1.1n-0+deb11u5", + "Remediation": "apt-get update && apt-get upgrade", + "SourceLayerHash": "sha256:d5fad00d4eb04c332a8728ee7642bff8fb9cd3cec653ca301ab69a4ca075a757" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 6.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 6.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "DEBIAN_CVE", + "Url": "https://security-tracker.debian.org/tracker/CVE-2023-2650", + "VendorSeverity": "not yet assigned" + }, + "ReferenceUrls": [ + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=null" + ], + "FixAvailable": "YES", + "EpssScore": 0.0014, + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "MEDIUM" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fabd67b4e814d66ce64fb34f2f20b559", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-09T06:27:25Z", + "LastObservedAt": "2023-08-30T21:11:47Z", + "CreatedAt": "2023-08-09T06:27:25Z", + "UpdatedAt": "2023-08-30T21:11:47Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-32149 - golang.org/x/text, golang.org/x/text and 1 more", + "Description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_12", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf,sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf,sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fabd67b4e814d66ce64fb34f2f20b559", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-gomod/sha256:a94c3dfd6c8ecb573a30fae7c18cf682de4b6c16f3c7250c107de1770db41220", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-gomod", + "Architecture": "amd64", + "ImageDigest": "sha256:a94c3dfd6c8ecb573a30fae7c18cf682de4b6c16f3c7250c107de1770db41220", + "ImageTags": ["c-c4036e958892d4e087301fa446c19ff5b7b80ecd"], + "ImagePublishedAt": "2023-08-01T13:13:45Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-32149", + "VulnerablePackages": [ + { + "Name": "golang.org/x/text", + "Version": "0.3.8-0.20220509174342-b4bca84b0361", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/go.mod", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + }, + { + "Name": "golang.org/x/text", + "Version": "0.3.3", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/something/go.sum", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + }, + { + "Name": "golang.org/x/text", + "Version": "0.3.8-0.20220509174342-b4bca84b0361", + "Epoch": "0", + "PackageManager": "GOMOD", + "FilePath": "usr/local/go/src/go.sum", + "FixedInVersion": "0.3.8", + "Remediation": "Update text to 0.3.8", + "SourceLayerHash": "sha256:98386e4f090a680777a76ed54c91064550622229029076560f990b1c2cb3f4cf" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2022-10-14T15:15:00Z", + "VendorUpdatedAt": "2022-10-18T17:41:00Z" + }, + "ReferenceUrls": [ + "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/ed174f9755171e51f5f45e2bfc0bb685", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-30T14:28:53Z", + "LastObservedAt": "2023-08-30T14:28:53Z", + "CreatedAt": "2023-08-30T14:28:53Z", + "UpdatedAt": "2023-08-30T14:28:53Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-25883 - semver", + "Description": "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_18", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:751194035c3611aead30c71ecc70008764778b49867f805c9a12b0c42a5e07bf", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/ed174f9755171e51f5f45e2bfc0bb685", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-nodepkg/sha256:1e9cf640d33e8a4fca7cb8d7ddf952ef0a3cd54b9446567d44e638a6571385bd", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-nodepkg", + "Architecture": "amd64", + "ImageDigest": "sha256:1e9cf640d33e8a4fca7cb8d7ddf952ef0a3cd54b9446567d44e638a6571385bd", + "ImageTags": ["c-5081c9b0cf8160ea0c46bd49a1362f92f3aa4e73"], + "ImagePublishedAt": "2023-08-30T14:28:45Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-25883", + "VulnerablePackages": [ + { + "Name": "semver", + "Version": "7.5.1", + "Epoch": "0", + "PackageManager": "NODEPKG", + "FilePath": "usr/local/lib/node_modules/npm/node_modules/semver/package.json", + "FixedInVersion": "7.5.2", + "Remediation": "Update semver to 7.5.2", + "SourceLayerHash": "sha256:751194035c3611aead30c71ecc70008764778b49867f805c9a12b0c42a5e07bf" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-06-21T05:15:00Z", + "VendorUpdatedAt": "2023-07-12T00:53:00Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/fb283a3490f48eec11b6500faab7470c", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-10T07:36:46Z", + "LastObservedAt": "2023-08-21T17:01:53Z", + "CreatedAt": "2023-08-10T07:36:46Z", + "UpdatedAt": "2023-08-21T17:01:53Z", + "Severity": { + "Label": "CRITICAL", + "Normalized": 90 + }, + "Title": "CVE-2023-37920 - certifi, certifi and 2 more", + "Description": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "9.8", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "DEBIAN_11", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e,sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e,sha256:3d418b079937b4bec95f67f57b775741b05df804006733b418dd0633d553c751,sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/fb283a3490f48eec11b6500faab7470c", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-poetry/sha256:d0406162a81777e5fe3eb5835fec5d4436ca750a1e12e367474efc39cc62cfbf", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-poetry", + "Architecture": "amd64", + "ImageDigest": "sha256:d0406162a81777e5fe3eb5835fec5d4436ca750a1e12e367474efc39cc62cfbf", + "ImageTags": ["tag1", "tag2", "tag-last"], + "ImagePublishedAt": "2023-08-10T07:36:02Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-37920", + "VulnerablePackages": [ + { + "Name": "certifi", + "Version": "2022.12.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + }, + { + "Name": "certifi", + "Version": "2023.5.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + }, + { + "Name": "certifi", + "Version": "2023.5.7", + "Epoch": "0", + "PackageManager": "PYTHONPKG", + "FilePath": "app/.cache/pypoetry/virtualenvs/something-ANnMAkq9-py3.9/lib/python3.9/site-packages/certifi-2023.5.7.dist-info/METADATA", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:3d418b079937b4bec95f67f57b775741b05df804006733b418dd0633d553c751" + }, + { + "Name": "certifi", + "Version": "2022.12.7", + "Epoch": "0", + "PackageManager": "POETRY", + "FilePath": "app/poetry.lock", + "FixedInVersion": "2023.7.22", + "Remediation": "Update certifi to 2023.7.22", + "SourceLayerHash": "sha256:5d982d4bf57c6a5661a4a4624fa46b4235430afdfc5c7477457e76ac0f780d7e" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 9.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 9.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", + "VendorSeverity": "CRITICAL", + "VendorCreatedAt": "2023-07-25T21:15:00Z", + "VendorUpdatedAt": "2023-08-12T06:16:00Z" + }, + "ReferenceUrls": [ + "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/" + ], + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "CRITICAL" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/b05900ac9880dc902ef729b72a91a21a", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T13:40:40Z", + "LastObservedAt": "2023-08-21T13:41:59Z", + "CreatedAt": "2023-08-21T13:40:40Z", + "UpdatedAt": "2023-08-21T13:41:59Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2022-31163 - tzinfo", + "Description": "TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a p...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "8.1", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_17", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:6ce38273df14da22f8dbb8d224d0f7ed007da6daa6fde797eb3e505e8932eb20", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/b05900ac9880dc902ef729b72a91a21a", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-bundler/sha256:f15d536b44e9700b6d687947139cec8f7741ea4f796f807d4d909b68fb34c418", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-bundler", + "Architecture": "amd64", + "ImageDigest": "sha256:f15d536b44e9700b6d687947139cec8f7741ea4f796f807d4d909b68fb34c418", + "ImagePublishedAt": "2023-08-21T13:40:31Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2022-31163", + "VulnerablePackages": [ + { + "Name": "tzinfo", + "Version": "1.2.9", + "Epoch": "0", + "PackageManager": "BUNDLER", + "FilePath": "app/node_modules/@something/Gemfile.lock", + "FixedInVersion": "1.2.10", + "Remediation": "Update tzinfo to 1.2.10", + "SourceLayerHash": "sha256:6ce38273df14da22f8dbb8d224d0f7ed007da6daa6fde797eb3e505e8932eb20" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 8.1, + "BaseVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 8.1, + "BaseVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2022-07-22T04:15:00Z", + "VendorUpdatedAt": "2022-10-26T19:00:00Z" + }, + "ReferenceUrls": [ + "https://lists.debian.org/debian-lts-announce/2022/08/msg00009.html" + ], + "FixAvailable": "YES", + "ExploitAvailable": "NO" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/1f46c626e66f19961cb634e30463b913", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T13:39:12Z", + "LastObservedAt": "2023-08-21T13:41:58Z", + "CreatedAt": "2023-08-21T13:39:12Z", + "UpdatedAt": "2023-08-21T13:41:58Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2023-37788 - github.com/elazarl/goproxy", + "Description": "goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "7.5", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_17", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:ead62b4140ce38991b50e86efa65ebae81a6384f2024e8147b4b85d05f2bb5fa", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/1f46c626e66f19961cb634e30463b913", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-gobinary/sha256:6b48d92046b51a4761462e432d99724343006425dca0694b41634fd0b6ecce7c", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-gobinary", + "Architecture": "amd64", + "ImageDigest": "sha256:6b48d92046b51a4761462e432d99724343006425dca0694b41634fd0b6ecce7c", + "ImageTags": ["tag-2023.123", "c-12345"], + "ImagePublishedAt": "2023-08-21T13:39:01Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-37788", + "VulnerablePackages": [ + { + "Name": "github.com/elazarl/goproxy", + "Version": "v0.0.0-20220901064549-fbd10ff4f5a1", + "Epoch": "0", + "PackageManager": "GOBINARY", + "FilePath": "app/snyk-alpine", + "FixedInVersion": "0.0.0-20230731152917-f99041a5c027", + "Remediation": "Update goproxy to 0.0.0-20230731152917-f99041a5c027", + "SourceLayerHash": "sha256:ead62b4140ce38991b50e86efa65ebae81a6384f2024e8147b4b85d05f2bb5fa" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 7.5, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37788", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-07-18T19:15:00Z", + "VendorUpdatedAt": "2023-07-27T04:05:00Z" + }, + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + }, + { + "SchemaVersion": "2018-10-08", + "Id": "arn:aws:inspector2:eu-central-1:123456789012:finding/8ba5034cf5b39282316fb9a919a2c556", + "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/inspector", + "ProductName": "Inspector", + "CompanyName": "Amazon", + "Region": "eu-central-1", + "GeneratorId": "AWSInspector", + "AwsAccountId": "123456789012", + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"], + "FirstObservedAt": "2023-08-21T07:01:06Z", + "LastObservedAt": "2023-08-21T13:06:22Z", + "CreatedAt": "2023-08-21T07:01:06Z", + "UpdatedAt": "2023-08-21T13:06:22Z", + "Severity": { + "Label": "HIGH", + "Normalized": 70 + }, + "Title": "CVE-2023-25194 - org.apache.kafka:kafka-clients", + "Description": "A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerabili...Truncated", + "Remediation": { + "Recommendation": { + "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above.For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." + } + }, + "ProductFields": { + "aws/inspector/ProductVersion": "2", + "aws/inspector/FindingStatus": "ACTIVE", + "aws/inspector/inspectorScore": "8.8", + "aws/inspector/resources/1/resourceDetails/awsEcrContainerImageDetails/platform": "ALPINE_LINUX_3_15", + "aws/inspector/packageVulnerabilityDetails/vulnerablePackages/sourceLayerHashes": "sha256:66023291c834d436a456d628643f8ae182ab688f2ea3d9f7741652027dec1efb", + "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/inspector/arn:aws:inspector2:eu-central-1:123456789012:finding/8ba5034cf5b39282316fb9a919a2c556", + "aws/securityhub/ProductName": "Inspector", + "aws/securityhub/CompanyName": "Amazon" + }, + "Resources": [ + { + "Type": "AwsEcrContainerImage", + "Id": "arn:aws:ecr:eu-central-1:123456789012:repository/repo-jar/sha256:856d54232d3e463b6aa99d3f951cac8bacb6deb95e5795c1440f4be4ad60cf63", + "Partition": "aws", + "Region": "eu-central-1", + "Details": { + "AwsEcrContainerImage": { + "RegistryId": "123456789012", + "RepositoryName": "repo-jar", + "Architecture": "amd64", + "ImageDigest": "sha256:856d54232d3e463b6aa99d3f951cac8bacb6deb95e5795c1440f4be4ad60cf63", + "ImageTags": ["tag123"], + "ImagePublishedAt": "2023-08-21T07:00:59Z" + } + } + } + ], + "WorkflowState": "NEW", + "Workflow": { + "Status": "NEW" + }, + "RecordState": "ACTIVE", + "Vulnerabilities": [ + { + "Id": "CVE-2023-25194", + "VulnerablePackages": [ + { + "Name": "org.apache.kafka:kafka-clients", + "Version": "3.1.2", + "Epoch": "0", + "PackageManager": "JAR", + "FilePath": "app/app.jar", + "FixedInVersion": "3.4.0", + "Remediation": "Update kafka-clients to 3.4.0", + "SourceLayerHash": "sha256:66023291c834d436a456d628643f8ae182ab688f2ea3d9f7741652027dec1efb" + } + ], + "Cvss": [ + { + "Version": "3.1", + "BaseScore": 8.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + }, + { + "Version": "3.1", + "BaseScore": 8.8, + "BaseVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Source": "NVD" + } + ], + "Vendor": { + "Name": "NVD", + "Url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194", + "VendorSeverity": "HIGH", + "VendorCreatedAt": "2023-02-07T20:15:00Z", + "VendorUpdatedAt": "2023-07-21T12:15:00Z" + }, + "ReferenceUrls": [ + "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz", + "https://kafka.apache.org/cve-list" + ], + "FixAvailable": "YES", + "ExploitAvailable": "YES" + } + ], + "FindingProviderFields": { + "Severity": { + "Label": "HIGH" + }, + "Types": ["Software and Configuration Checks/Vulnerabilities/CVE"] + } + } + ] +} diff --git a/unittests/scans/bandit/dd.json b/unittests/scans/bandit/dd.json index 4f6d3cad935..e2b6c06360a 100644 --- a/unittests/scans/bandit/dd.json +++ b/unittests/scans/bandit/dd.json @@ -2570,7 +2570,7 @@ "loc": 62, "nosec": 0 }, - "dojo/tools/whitesource/__init__.py": { + "dojo/tools/mend/__init__.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -2582,7 +2582,7 @@ "loc": 0, "nosec": 0 }, - "dojo/tools/whitesource/parser.py": { + "dojo/tools/mend/parser.py": { "CONFIDENCE.HIGH": 1.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -3336,7 +3336,7 @@ }, { "code": "103 def _dedup_and_create_finding(dupes, vuln):\n104 dupe_key = hashlib.md5(vuln.get('description').encode('utf-8') + vuln.get('title').encode('utf-8')).hexdigest()\n105 \n", - "filename": "dojo/tools/whitesource/parser.py", + "filename": "dojo/tools/mend/parser.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", "issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", diff --git a/unittests/scans/bandit/dd2.json b/unittests/scans/bandit/dd2.json index 762b1bac918..59488004353 100644 --- a/unittests/scans/bandit/dd2.json +++ b/unittests/scans/bandit/dd2.json @@ -2750,7 +2750,7 @@ "loc": 19, "nosec": 0 }, - "dojo/management/commands/rename_whitesource_findings.py": { + "dojo/management/commands/rename_mend_findings.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -7178,7 +7178,7 @@ "loc": 163, "nosec": 0 }, - "dojo/tools/whitesource/__init__.py": { + "dojo/tools/mend/__init__.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -7190,7 +7190,7 @@ "loc": 0, "nosec": 0 }, - "dojo/tools/whitesource/parser.py": { + "dojo/tools/mend/parser.py": { "CONFIDENCE.HIGH": 1.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -7874,7 +7874,7 @@ "test_name": "blacklist" }, { - "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", + "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", "filename": "dojo/reports/widgets.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", @@ -7891,7 +7891,7 @@ "test_name": "django_mark_safe" }, { - "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", + "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", "filename": "dojo/reports/widgets.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", @@ -9767,7 +9767,7 @@ }, { "code": "103 def _dedup_and_create_finding(dupes, vuln):\n104 dupe_key = hashlib.md5(vuln.get('description').encode('utf-8') + vuln.get('title').encode('utf-8')).hexdigest()\n105 \n", - "filename": "dojo/tools/whitesource/parser.py", + "filename": "dojo/tools/mend/parser.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", "issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", diff --git a/unittests/scans/bandit/many_vulns.json b/unittests/scans/bandit/many_vulns.json index 523953a1d85..6db9d9b86e7 100644 --- a/unittests/scans/bandit/many_vulns.json +++ b/unittests/scans/bandit/many_vulns.json @@ -1670,7 +1670,7 @@ "loc": 19, "nosec": 0 }, - "dojo/management\\commands\\rename_whitesource_findings.py": { + "dojo/management\\commands\\rename_mend_findings.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -5078,7 +5078,7 @@ "loc": 110, "nosec": 0 }, - "dojo/tools\\whitesource\\__init__.py": { + "dojo/tools\\mend\\__init__.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -5090,7 +5090,7 @@ "loc": 0, "nosec": 0 }, - "dojo/tools\\whitesource\\parser.py": { + "dojo/tools\\mend\\parser.py": { "CONFIDENCE.HIGH": 1.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -6266,7 +6266,7 @@ "loc": 19, "nosec": 0 }, - "dojo/unittests\\test_whitesource_parser.py": { + "dojo/unittests\\test_mend_parser.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, @@ -6901,7 +6901,7 @@ "test_name": "blacklist" }, { - "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", + "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", "filename": "dojo/reports\\widgets.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", @@ -6918,7 +6918,7 @@ "test_name": "django_mark_safe" }, { - "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", + "code": "144 def get_option_form(self):\n145 return mark_safe(\n146 \"
    \" +\n148 self.get_html() + \"
    \"\n149 \"
    \")\n", "filename": "dojo/reports\\widgets.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", @@ -9188,7 +9188,7 @@ }, { "code": "93 def _dedup_and_create_finding(vuln):\n94 dupe_key = hashlib.md5(vuln.get('description').encode('utf-8') + vuln.get('title').encode('utf-8')).hexdigest()\n95 \n", - "filename": "dojo/tools\\whitesource\\parser.py", + "filename": "dojo/tools\\mend\\parser.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", "issue_text": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", diff --git a/unittests/scans/blackduck_binary_analysis/many_vulns.csv b/unittests/scans/blackduck_binary_analysis/many_vulns.csv new file mode 100644 index 00000000000..d56281f75dd --- /dev/null +++ b/unittests/scans/blackduck_binary_analysis/many_vulns.csv @@ -0,0 +1,6 @@ +"Component","Version","Latest version","CVE","Matching type","CVSS","CVE publication date","Object compilation date","Object","Object full path","Object SHA1","CVSS3","CVSS vector (v2)","CVSS vector (v3)","Summary","Distribution package","CVSS (Distribution)","CVSS3 (Distribution)","Triage vectors","Unresolving triage vectors","Note type","Note reason","Vulnerability URL","Missing exploit mitigations","BDSA","Version override type" +"zlib","1.2.13","1.3","CVE-2023-45853","Exact match","0.0","2023-10-14T02:15:00Z","2023-07-27T16:07:30Z","instrument.dll","JRE.msi:JRE.msi-30276-90876123.cab:instrument.dll","d705de134ef609dd4e228edb5196e7bc358f0d94","9.8","","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2023-45853","","","" +"zlib","1.2.13","1.3","CVE-2023-45853","Exact match","0.0","2023-10-14T02:15:00Z","2023-07-27T16:07:30Z","java.exe","JRE.msi:JRE.msi-30276-90876123.cab:java.exe","0da9b7f7150f7bea9176f4d8ed26dda56cb5699b","9.8","","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2023-45853","no-control-flow-guard, no-enforced-code-integrity","","" +"zlib","1.2.13","1.3","CVE-2023-45853","Exact match","0.0","2023-10-14T02:15:00Z","2023-07-27T16:07:30Z","javaw.exe","JRE.msi:JRE.msi-30276-90876123.cab:javaw.exe","9a84fab609156bf1610889a713b4270970eb0803","9.8","","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2023-45853","no-control-flow-guard, no-enforced-code-integrity","","" +"zlib","1.2.13","1.3","CVE-2023-45853","Exact match","0.0","2023-10-14T02:15:00Z","2023-07-27T16:07:30Z","jli.dll","JRE.msi:JRE.msi-30276-90876123.cab:jli.dll","b3d90ab21456853d952e83f35946bcf95fa6e876","9.8","","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2023-45853","no-control-flow-guard, no-enforced-code-integrity","","" +"libjpeg","6b","9e","CVE-2020-14152","Exact match","5.8","2020-06-15T17:15:00Z","2023-07-27T16:07:30Z","jpeg.dll","JRE.msi:JRE.msi-20645-40905494.cab:jpeg.dll","652de1409d3a745c789b20aa7b4f64a09265adaa","7.1","","AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2020-14152","no-control-flow-guard, no-enforced-code-integrity","BDSA-2020-1425","" diff --git a/unittests/scans/blackduck_binary_analysis/no_vuln.csv b/unittests/scans/blackduck_binary_analysis/no_vuln.csv new file mode 100644 index 00000000000..0e3c7dcee09 --- /dev/null +++ b/unittests/scans/blackduck_binary_analysis/no_vuln.csv @@ -0,0 +1 @@ +"Component","Version","Latest version","CVE","Matching type","CVSS","CVE publication date","Object compilation date","Object","Object full path","Object SHA1","CVSS3","CVSS vector (v2)","CVSS vector (v3)","Summary","Distribution package","CVSS (Distribution)","CVSS3 (Distribution)","Triage vectors","Unresolving triage vectors","Note type","Note reason","Vulnerability URL","Missing exploit mitigations","BDSA","Version override type" diff --git a/unittests/scans/blackduck_binary_analysis/one_vuln.csv b/unittests/scans/blackduck_binary_analysis/one_vuln.csv new file mode 100644 index 00000000000..269832e92bb --- /dev/null +++ b/unittests/scans/blackduck_binary_analysis/one_vuln.csv @@ -0,0 +1,2 @@ +"Component","Version","Latest version","CVE","Matching type","CVSS","CVE publication date","Object compilation date","Object","Object full path","Object SHA1","CVSS3","CVSS vector (v2)","CVSS vector (v3)","Summary","Distribution package","CVSS (Distribution)","CVSS3 (Distribution)","Triage vectors","Unresolving triage vectors","Note type","Note reason","Vulnerability URL","Missing exploit mitigations","BDSA","Version override type" +"zlib","1.2.13","1.3","CVE-2023-45853","Exact match","0.0","2023-10-14T02:15:00Z","2023-07-27T16:07:30Z","instrument.dll","JRE.msi:JRE.msi-30276-90876123.cab:instrument.dll","c706de1a4ef608dd4e218edb3196eebc357f0d94","9.8","","AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","","","","","","","","","http://nvd.nist.gov/vuln/detail/CVE-2023-45853","","","" diff --git a/unittests/scans/burp_api/fix_issue_9128.json b/unittests/scans/burp_api/fix_issue_9128.json new file mode 100644 index 00000000000..5033f1cd936 --- /dev/null +++ b/unittests/scans/burp_api/fix_issue_9128.json @@ -0,0 +1,74 @@ +{ + "scan_metrics": { + "current_url": "", + "crawl_requests_made": 38451, + "crawl_network_errors": 8, + "crawl_unique_locations_visited": 82, + "crawl_requests_queued": 0, + "audit_queue_items_completed": 0, + "audit_queue_items_waiting": 64, + "audit_requests_made": 2140789, + "audit_network_errors": 131, + "issue_events": 1, + "crawl_and_audit_caption": "Auditing. 54m estimated time remaining.", + "crawl_and_audit_progress": 95, + "total_elapsed_time": 67898 + }, + "issue_events": [ + + { + "id": "74", + "type": "issue_found", + "issue": { + "name": "Content type incorrectly stated", + "type_index": 8389632, + "serial_number": "8825325317190135808", + "origin": "https://pentest-website.com", + "path": "", + "severity": "low", + "confidence": "firm", + "description": "Description of Issue", + "issue_background": "

    Issue background data

    ", + "remediation_background": "

    remediation background data

    ", + "caption": "", + "evidence": [ + { + "type": "FirstOrderEvidence", + "detail": { + "band_flags": [ + "in_band" + ] + }, + "request_response": { + "url": "https://pentest-website.com", + "request": [ + { + "type": "DataSegment", + "data": "R0VUIC9mb250cy9mYS1icmFuZHMtNzc3LmFhYTIgSFRUUC8yDQpIb3N0OiBwZW50ZXN0LXdlYnNpdGUuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIGJyDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNw0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTAuOSxlbjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOS4wLjYwNDUuMTk5IFNhZmFyaS81MzcuMzYNCkNvbm5lY3Rpb246IGNsb3NlDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTANCkNvb2tpZTogbXBfNmI2NDFhOWVmODRiYmZiYjJjZDYwYjI4MjJkYzRmMDdfbWl4cGFuZWw9JTdCJTIyZGlzdGluY3RfaWQlMjIlM0ElMjAlMjIlMjRkZXZpY2UlM0ExOGMzYTk3ZjZmZTYwZi0wMjk0ZjcwOWY0ZTZmZC02ZDMyNWU1My03NTMwMC0xOGMzYTk3ZjZmZjYwZiUyMiUyQyUyMiUyNGRldmljZV9pZCUyMiUzQSUyMCUyMjE4YzNhOTdmNmZlNjBmLTAyOTRmNzA5ZjRlNmZkLTZkMzI1ZTUzLTc1MzAwLTE4YzNhOTdmNmZmNjBmJTIyJTJDJTIyJTI0aW5pdGlhbF9yZWZlcnJlciUyMiUzQSUyMCUyMiUyNGRpcmVjdCUyMiUyQyUyMiUyNGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiUyMiUzQSUyMCUyMiUyNGRpcmVjdCUyMiUyQyUyMlN1YmRvbWFpbiUyMiUzQSUyMCUyMnBlbnRlc3QtcmMlMjIlMkMlMjJQbGF0Zm9ybSUyMiUzQSUyMCUyMldlYkFwcCUyMiUyQyUyMnN1cGVyX3N1YmRvbWFpbiUyMiUzQSUyMCUyMnBlbnRlc3QtcmMlMjIlMkMlMjJzdXBlcl9wbGF0Zm9ybSUyMiUzQSUyMCUyMldlYkFwcCUyMiU3RA0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KU2VjLUNILVVBOiAiLk5vdC9BKUJyYW5kIjt2PSI5OSIsICJHb29nbGUgQ2hyb21lIjt2PSIxMTkiLCAiQ2hyb21pdW0iO3Y9IjExOSINClNlYy1DSC1VQS1QbGF0Zm9ybTogV2luZG93cw0KU2VjLUNILVVBLU1vYmlsZTogPzANCg0K", + "length": 1150 + } + ], + "response": [ + + { + "type": "DataSegment", + "data": "DQpDb250ZW50LUxlbmd0aDogNjUzODQNClNlcnZlcjogZW52b3kNCkRhdGU6IFR1ZSwgMDUgRGVjIDIwMjMgMTM6Mjg6NDcgR01UDQpFeHBpcmVzOiBUdWUsIDA1IERlYyAyMDIzIDE0OjI4OjQ3IEdNVA0KTGFzdC1Nb2RpZmllZDogV2VkLCAyOSBOb3YgMjAyMyAwODowOToyNyBHTVQNCkV0YWc6ICI3YWE3YTc3N2FhNzdhYTc3N2E3NzdhN2FhNzdhYTc3YSINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMwMDAwMDAsIHB1YmxpYywgcy1tYXhhZ2U9MzAwMDAwMA0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpDb250ZW50LVNlY3VyaXR5LVBvbGljeTogZnJhbWUtcGFyZW50ICdzZWxmJzsNClN0cmljdC1UcmFuc3BvcnQtU2VjdXJpdHk6IG1heC1hZ2U9Nzc3NzcwMDA7IGluY2x1ZGVTdWJEb21haW5zOyBwcmVsb2FkDQpWaWE6IDEuMSBnb29nbGUsIDEuMSA3YWFhN2FhYWFhYTdhYTc3YTdhYWFhNzdhNzc3N2FhNy5jbG91ZGZyb250Lm5ldCAoQ2xvdWRGcm9udCkNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClgtQW16LUNmLVBvcDogQUFBNzctQTINClgtQW16LUNmLUlkOiA3N2FhLUE3QUFhLWFBN2E3YUFhQTc3YTdBQTdhYTdBQTdhNzc3ZGhCQWVoWEhTNG9Lb3NUM1E9PQ0KQWdlOiA3MTYxDQoNCndPRjIAAQAAAAD/aAALAAAAAc8cAAD/FAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxUBlYAszAKhqpkhOt4ATYCJAOLeAuFfgAEIAWGKgejf1vsa3Gn8GB/szQodVeV33O+bgdnRQd02DiANpCNFh2IPQ6UotZk/////xuSiYxZcsAladsCoADiNufPF5q5ChPXSXIBVUw1ZeKIwhGYl6nOy5okg5vwDgk5hK3tx/l4oEu17Qi5VFB2oY6knlG+rnS/WjkepZze", + "length": 858 + } + + ], + "was_redirect_followed": false, + "request_time": "1701790182891" + } + } + ], + "internal_data": "eyJmbGFncyI6MCwidmFyaWFudCI6MCwiaXNzdWVfZGV0YWlsc19tYXAiOnsiMjQiOiIxIiwiMjUiOiIsIjI2IjoiIiwiMjciOiJJbnRlcm5ldCBFeHBsb3JlciAxMadJbnRlcm5ldCBFeHBsb3JlciAxMSAoQ29tcGF0aWJpbGl0eSBNb2RlKaciLCI3IjoiZm9udC93b2ZmMiJ9fQ==" + } + } + + ], + "task_id": "18", + "scan_status": "auditing", + "message": "", + "error_code": 0 + } \ No newline at end of file diff --git a/unittests/scans/burp_enterprise/many_vulns.html b/unittests/scans/burp_enterprise/many_vulns.html new file mode 100644 index 00000000000..c6e1512bcb9 --- /dev/null +++ b/unittests/scans/burp_enterprise/many_vulns.html @@ -0,0 +1,2978 @@ + + +Scan Remediation Report #13 + + + + + +
    +
    + +
    +
    +

    Scan Remediation

    +

    Report

    +
    + +
    + +
    +Generated by Burp Suite Enterprise Edition | 2022-06-28 11:03 AM +
    + +
    + + + + + + + +
    +
    Site name:
    +
    https://example.com
    +
    Scanned:
    + + + + + + + + + + + +
    +
    Start:
    +    		 +
    2022-06-11 5:00 PM
    +
    +
    End:
    +    		 +
    2022-06-12 3:49 AM
    +
    +
    Duration:
    +
    10h 48m
    +
    Status:
    +
    Completed
    +    		 +
    Included URLs:
    +
    https://example.com
    + +
    Excluded URLs:
    +
    https://test.example.com
    + +
    Scan configurations:
    +
    Never stop crawl due to application errors
    Never stop audit due to application errors
    Audit coverage - maximum
    + +
    Application logins:
    +
    Testing Credentials
    + +
    Reference:
    + +
    +#13 + Go to scan >> +
    +
    +
    + +
    + + + + + + + +
    +

    Issues by severity

    + + + + + + + + + + + + + + + + + + + + + + + +
    High:1
    Medium:0
    Low:2
    Information:26
    Total issues found:29
    +    		 +

    Scan statistics

    + + + + + + + + + + + + + + + + + + + +
    Total scanned URLs:62
    URLs with errors:46
    Requests made:921159
    Network errors:205
    +
    +
    + +
    + +
    +

    Issues found on https://example.com

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    URLs By issue typeSeverityConfidenceMore detail
    Cross-origin resource sharing: arbitrary origin trusted [1]
    +/redacted +HighCertain>>
    Strict transport security not enforced [1]
    +/redacted +LowCertain>>
    Cross-origin resource sharing: unencrypted origin trusted [1]
    +/redacted +LowCertain>>
    TLS certificate [1]
    +/ +InfoCertain>>
    Cross-origin resource sharing [1]
    +/redacted +InfoCertain>>
    WAF Detected: redacted [1]
    +/redacted +InfoCertain>>
    Cookie scoped to parent domain [1]
    +/robots.txt +InfoCertain>>
    Email addresses disclosed [3]
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    Robots.txt file [1]
    +/robots.txt +InfoCertain>>
    Cacheable HTTPS response [1]
    +/ +InfoCertain>>
    User agent-dependent response [7]
    +/redacted +InfoFirm>>
    +/redacted +InfoFirm>>
    +/redacted +InfoFirm>>
    +/redacted +InfoFirm>>
    +/redacted +InfoTentative>>
    +/redacted +InfoTentative>>
    +/redacted +InfoTentative>>
    Cross-site request forgery [1]
    +/redacted +InfoTentative>>
    +
    + +
    +

    Issues found on https://example.com

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    URLs By issue typeSeverityConfidenceMore detail
    Cookie scoped to parent domain [9]
    +/ +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +/redacted +InfoCertain>>
    +
    + +
    + +
    +

    More details for https://example.com

    +
    + +
    +
    + +

    Cross-origin resource sharing: arbitrary origin trusted

    +/redacted + +

    Issue detail:

    +
    +The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

    The application allowed access from the requested origin https://llqvfwgbsdau.com +
    + +

    +Issue background +

    +
    +

    An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

    +Trusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites. Unless the response consists only of unprotected public content, this policy is likely to present a security risk.

    +

    If the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. Even if it does not, attackers may be able to bypass any IP-based access controls by proxying through users' browsers.

    +
    + +

    +Issue remediation +

    +
    +

    Rather than using a wildcard or programmatically verifying supplied origins, use a whitelist of trusted domains.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=daed328c5bcfbc7d405794c7b97140aabba4ae88-1654942102 +Origin: https://llqvfwgbsdau.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 4685 + +https://example.com
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 10:08:23 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://llqvfwgbsdau.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 71998b93d9b330a4-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    +
    + +

    Strict transport security not enforced

    +/redacted + +

    Issue detail:

    +
    +This issue was found in multiple locations under the reported path. +
    + +

    +Issue background +

    +
    +

    The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process.

    +

    +To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

    +
    + +

    +Issue remediation +

    +
    +

    The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.

    +

    Note that because HSTS is a "trust on first use" (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=239b7646d8e83ceff3a082b1f62dad581f4af8c3-1654931034 +Origin: https://example.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 5077 + +https://example.com
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:03:54 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 71987d577be960bf-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    +
    + +

    Cross-origin resource sharing: unencrypted origin trusted

    +/redacted + +

    Issue detail:

    +
    +The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request which trusts websites accessed using unencrypted communications. +
    + +

    +Issue background +

    +
    +

    An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

    +

    If a site allows interaction from an origin that uses unencrypted HTTP communications, then it is vulnerable to an attacker who is in a position to view and modify a user's unencrypted network traffic. The attacker can control the responses from unencrypted origins, thereby injecting content that is able to interact with the application that publishes the policy. This means that the application is effectively extending trust to all such attackers, thereby undoing much of the benefit of using HTTPS communications.

    +
    + +

    +Issue remediation +

    +
    +

    Only trust origins that use encrypted HTTPS communications.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=ffba0631a3cf20c7fbba942d6291ab754c7fd041-1654934772 +Origin: https://example.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 4720 + +https://example.com
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 08:06:13 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 7198d89ece7d08ff-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    +
    + +

    TLS certificate

    +/ + +

    Issue detail:

    +
    +The server presented a valid, trusted TLS certificate. This issue is purely informational.

    The server presented the following certificates:

    Server certificate

    Issued to:  redacted.com, *.kr.redacted.com
    Issued by:  redacted Inc ECC CA-3
    Valid from:  Mon Apr 18 00:00:00 GMT 2022
    Valid to:  Tue Apr 18 23:59:59 GMT 2023

    Certificate chain #1

    Issued to:  redacted Inc ECC CA-3
    Issued by:  Baltimore CyberTrust Root
    Valid from:  Mon Jan 27 12:48:08 GMT 2020
    Valid to:  Tue Dec 31 23:59:59 GMT 2024

    Certificate chain #2

    Issued to:  Baltimore CyberTrust Root
    Issued by:  Baltimore CyberTrust Root
    Valid from:  Fri May 12 18:46:00 GMT 2000
    Valid to:  Mon May 12 23:59:00 GMT 2025
    +
    + +

    +Issue background +

    +
    +

    TLS (or SSL) helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an TLS certificate that is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, TLS connections to the server will not provide the full protection for which TLS is designed.

    +

    It should be noted that various attacks exist against TLS in general, and in the context of HTTPS web connections in particular. It may be possible for a determined and suitably-positioned attacker to compromise TLS connections without user detection even when a valid TLS certificate is used.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +
    +
    + +
    +
    + +

    Cross-origin resource sharing

    +/redacted + +

    Issue detail:

    +
    +The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request. +
    + +

    +Issue background +

    +
    +

    An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

    If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially retrieve content from the application, and sometimes carry out actions within the security context of the logged in user.

    +

    Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by an attacker to exploit the trust relationship and attack the application that allows access. CORS policies on pages containing sensitive information should be reviewed to determine whether it is appropriate for the application to trust both the intentions and security posture of any domains granted access.

    +
    + +

    +Issue remediation +

    +
    +

    Any inappropriate domains should be removed from the CORS policy.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=803af1a277c706c58c208ae27a67bd73f7b31e76-1654934757 +Origin: https://example.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 4727 + +https://example.com
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 08:06:00 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 7198d84b088708ff-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    +
    + +

    WAF Detected: redacted

    +/redacted + +

    Issue origin

    +
    +This issue was generated by the extension: WAFDetect +
    + +

    Issue detail:

    +
    +Fingerprint Details:
    +
    +WAF Type : redacted
    +WAF tech. details : Cloud-based CDN, WAF & DDoS prevention
    +Reference : https://www.redacted.com
    +Matching regex : ^Server: redacted
    +Highlighting keyword : redacted
    +Header-only search? : true +
    + +

    Request:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=419dce148f6ccf578d6a43bbb2c10373caa4b71a-1654931022 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:03:42 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=3744 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-ea0" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 2 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Age: 188 +Expect-Ct: max-age=604800, report-uri="https://report-uri.redacted.com/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/a.nel.redacted.com\/report\/v3?s=zWSKP8pWrwW1sL1b7HEL93ntZ9UEq75YHco1SqKNm0oze3lJUaLse696k3D9qGAqiPmfrYrvh9q%2BzFRxAiHqD5NMsusj1bDl97%2FDe0MUS02nqj560us35UNMX49fpFPbQ5Ok2dyD"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71987d0d9cbf60bf-SEA + +https://example.com
    + +
    +
    + +
    +
    + +

    Cookie scoped to parent domain

    +/robots.txt + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /robots.txt HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:00:32 GMT +Content-Type: text/plain +Last-Modified: Mon, 18 Apr 2022 22:57:57 GMT +Etag: W/"625decf5-43" +Cross-Origin-Opener-Policy: same-origin +Cross-Origin-Embedder-Policy: require-corp +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' static.redactedinsights.com 'unsafe-eval' https://*.smartlook.com https://*.smartlook.cloud; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://*.smartlook.com https://*.smartlook.cloud; frame-ancestors 'none'; form-action 'self'; +Cache-Control: no-store +X-Envoy-Upstream-Service-Time: 1 +X-Content-Type-Options: nosniff +X-Frame-Options: DENY +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Xss-Protection: 1; mode=block +Referrer-Policy: no-referrer +X-Dns-Prefetch-Control: off +Cf-Cache-Status: MISS +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=2Nm81z8201Ew37Q7eTK5zAFr6WzdIiSBDODDHSj7vi%2FLve161cFN%2B7cuS7kE2gpwyzI%2FNidAGvUSI2z9bFA8Ql9wyHjx%2BTfiht6A7Pw%2F2Qwp8a9TnQoA9J2q9ZtmRzD5grCJSUSY"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=3ae282485f38a38817aaed77ac83bc9b6dea168c-1654930832; path=/; domain=.redacted.com; HttpOnly; Secure; SameSite=None +Server: redacted +Cf-Ray: 71987863dc0d08a5-SEA + +# https://www.robotstxt.org/robotstxt.html +User-agent: * +Disallow: +
    + +
    +
    + +
    +
    + +

    Email addresses disclosed

    +/redacted + +

    Issue detail:

    +
    +The following email addresses were disclosed in the response:
    • fake-user@testing.com
    • fake-admin@testing.com
    • support@redacted.com
    • contact@redacted.com
    • support@xijiabrainmap.com
    • u4E3Asupport@xijiabrainmap.com
    • u81F3support@xijiabrainmap.com
    • u81F3contact@xijiabrainmap.com
    +
    + +

    +Issue background +

    +
    +

    The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

    +

    However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

    +
    + +

    +Issue remediation +

    +
    +

    Consider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

    +

    To reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:00:34 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=1056677 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-101fa5" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 4 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=vRqxYM8JkDo2GbO5Q9oa5Cq9wpBPHZxKtNH2bkqem%2Fu9XdfaxHKOGrOUSoUCwwOwKxL1YQqxWBfXnWi1WWp4oZmPnkEyyWj1ZbKMGUOYBxhWgbHcpRI5%2BwGdG%2Fh0ZRc%2BLZ7%2B6Pi8"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 719878719aa608a5-SEA + +https://example.com
    + +
    + +

    Email addresses disclosed

    +/redacted + +

    Issue detail:

    +
    +The following email addresses were disclosed in the response:
    • privacy@redacted.com
    • support@redacted.com
    • u81F3contact@xijiabrainmap.com
    • u81F3support@xijiabrainmap.com
    • u8FC7contact@xijiabrainmap.com
    +
    + +

    +Issue background +

    +
    +

    The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

    +

    However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

    +
    + +

    +Issue remediation +

    +
    +

    Consider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

    +

    To reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=8d467a9836d19fd26dfe28fbf19907453cba442d-1654930838 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:01:40 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=2292583 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-22fb67" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 1 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=bhtutj7FNAQJrPT0XV2e6Se1viu%2Bu1EgoA7kr7db2%2BAAicKCaiMX3jrhhcTv9eL2Fi5F2V5CwzUalIAfGUaeCGD6h2soxZ1zS3mxVWohIu%2F%2F5oAu1TkBUqOeAk8oyMG%2F%2FFYPrq9%2B"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71987a0b0a6f681d-SEA + +https://example.com
    + +
    + +

    Email addresses disclosed

    +/redacted + +

    Issue detail:

    +
    +The following email address was disclosed in the response:
    • support@redacted.com
    +
    + +

    +Issue background +

    +
    +

    The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

    +

    However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

    +
    + +

    +Issue remediation +

    +
    +

    Consider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

    +

    To reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=074289c7818d20a3c6748bac71c59f2e8bf6e439-1654931032 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:03:52 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=583995 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-8e93b" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 1 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Age: 198 +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=OMuLXOAyGzl4KTZKDoq8FKklHYnVo2pq7HUhdcO4mTwQ7WoSmyc5B76gc29NAmDTEwkY94AhoS9am1UmhteJug60L9%2BCP4kVpFa%2F8qtW44bT9uncd2%2BNpX700x1%2FSJImbVfAmeXB"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71987d4c1e4960bf-SEA + +https://example.com
    + +
    +
    + +
    +
    + +

    Robots.txt file

    +/robots.txt + +

    Issue detail:

    +
    +The web server contains a robots.txt file. +
    + +

    +Issue background +

    +
    +

    The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site that robots are allowed, or not allowed, to crawl and index.

    +

    The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

    +
    + +

    +Issue remediation +

    +
    +

    The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honor the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorized access.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /robots.txt HTTP/1.1 +Host: https://example.com +Accept-Encoding: gzip, deflate +Accept: */* +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 200 OK +Date: Sat, 11 Jun 2022 07:03:58 GMT +Content-Type: text/plain +Connection: close +last-modified: Mon, 18 Apr 2022 22:57:57 GMT +etag: W/"625decf5-43" +cross-origin-opener-policy: same-origin +cross-origin-embedder-policy: require-corp +content-security-policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' static.redactedinsights.com 'unsafe-eval' https://*.smartlook.com https://*.smartlook.cloud; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://*.smartlook.com https://*.smartlook.cloud; frame-ancestors 'none'; form-action 'self'; +cache-control: no-store +x-envoy-upstream-service-time: 1 +x-content-type-options: nosniff +x-frame-options: DENY +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-xss-protection: 1; mode=block +referrer-policy: no-referrer +x-dns-prefetch-control: off +CF-Cache-Status: MISS +Expect-CT: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=ynnvsK4T2prb16%2Fo3RPBv0jEAiLb7OGY1NTq2ExfJILS8vae2%2B4X79suO6i7bf5AmymMXmPcqotnf%2FEytPM9Tde8UN9dYIBNm%2BlOenSRurJxBX1SFBkQivzEPfqMR3b16SbatiYw"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=7b3900cfcdaf23aa1f227837917f50cb19399621-1654931038; path=/; domain=.redacted.com; HttpOnly; Secure; SameSite=None +Server: redacted +CF-RAY: 71987d6f3a8c0899-SEA +Content-Length: 67 + +# https://www.robotstxt.org/robotstxt.html +User-agent: * +Disallow: +
    + +
    +
    + +
    +
    + +

    Cacheable HTTPS response

    +/ + +

    Issue detail:

    +
    +This issue was found in multiple locations under the reported path. +
    + +

    +Issue background +

    +
    +

    Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

    +
    + +

    +Issue remediation +

    +
    +

    Applications should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

    +
      +
    • Cache-control: no-store
    • Pragma: no-cache
    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=239b7646d8e83ceff3a082b1f62dad581f4af8c3-1654931034 +Origin: https://example.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 5077 + +https://example.com
    +

    Response 1:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:03:54 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 71987d577be960bf-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    +

    Request 2:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=fff14e8fa4018dd72cbb80e5cd5b011a7248f150-1654930970 +Origin: https://example.com +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 5379 + +https://example.com
    +

    Response 2:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:02:50 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 71987bc429b739c0-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    +

    Request 3:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=6eb94ef0c78d0776ac6d858be948c98a942e2928-1654931030 +Origin: https://example.com +Accept: */* +content-type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 3791 + +https://example.com
    +

    Response 3:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:03:51 GMT +Content-Type: text/plain +Access-Control-Allow-Origin: https://example.com +Access-Control-Allow-Methods: POST,OPTIONS +Access-Control-Max-Age: 86400 +Vary: Origin +Access-Control-Allow-Credentials: true +Server: redacted +Cf-Ray: 71987d40f85860bf-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 07:32:34 GMT +Content-Type: application/json +Retry-After: 3006 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=RJ%2FLblvlEwFsDazt1ays223SPw4TUGQ6m6yNvZPbNTooTY2tWTbj7PoXF4z2nI1sfyLLPN7%2Fo2tekNO0e4Lb47%2FBuPB8EeUhnxfCNBELB9uMVYQ3EQnmpN1TLj0fz7apA2dlQaL2"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198a750787a27ee-SEA + +https://example.com +
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=5deb9f366c412f14053591956654f073b61e26e8-1654934727 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 08:05:28 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=1056677 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-101fa5" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 4 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Age: 25 +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=YLtpwWxvA39%2BiQj%2BhHipVuV%2B4hDnBSau%2FCOvAtRkCtpVrQ8VinDRCKIVREFPXFUKS0EATeaTrgURTt%2Bwgas6IU83S35K4mI2mMuKq%2BpDVo2ZCBwh%2Bd736Nz51OTzezKBlA%2Fr9H7Y"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=2edd2ade6bfe0221a0dda2561b62f8ecb736fba6-1654934728; path=/; domain=.redacted.com; HttpOnly; Secure; SameSite=None +Server: redacted +Cf-Ray: 7198d78809d508ff-SEA + +https://example.com
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 08:09:22 GMT +Content-Type: application/json +Retry-After: 797 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=yKrg5BohMh0gtqakk8YPrEBpg7HBfjTL2z8btjXKdrOKvapgujhdDesRNuCm5q0H2n4AQ1Iv8ecdLGmy0L5ZGCLfuOKl%2FLSuv5RF1kmonPxQgGwuxMDV34LaBSJ0sxZNEKWYMMDG"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198dd3cce8b13aa-SEA + +https://example.com +
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 08:19:14 GMT +Content-Type: application/json +Retry-After: 2842 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=f34GPKSkR279Sg8xQQ6EYiUhpgsWheW78Jr9xSe7ZgL3K3Qp1nivcC4%2BUDyE%2Fz1n6zWSGCzy1%2BIdsUrCmGOL41mRR2WAXanK8bnPeYFPAZLHFwEWs1KZf%2B4%2BowfhtuP8w4rwdhDE"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198ebb16865e38e-SEA + +https://example.com +
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 09:20:53 GMT +Content-Type: application/json +Retry-After: 2818 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=Zs8esUH4FsawFLIKwTgA41O6gHo8yk6xjp5AfOcZakslERBcR8g2iDrS6ZX8Nh%2FNaUCub0RyvNUUKrI9lMnTKvzp0kZ%2FqnlkypZpJ8s8oSkusBnbwAE9wR7DEvlbclyt%2BpvjHEb2"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 719945feec8930b3-SEA + +https://example.com +
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 09:59:52 GMT +Content-Type: application/json +Retry-After: 469 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=XfhO0F6GUs3XPeA%2FQtW7DeE9yPaC%2BR2UgUQ9wKTfCiIE65OhVd7yI6R0mrESv%2Fwvi%2FZgXQwu4qJd4sW7E7Q%2FJXYSzMsoL6UrFvEF7Ol07igCNqq8aT92HUCanVvTumb1WH1dRyfw"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71997f197f2408ad-SEA + +https://example.com +
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 08:10:07 GMT +Content-Type: application/json +Retry-After: 752 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=q4E1umE2icia9bteAeOMZBe7zKjDpnySIZ3kaJ%2BC8T09V5bUa0tjbLZPUSyo0fwf4kgC3wbR9hyBrsTtHIj22bQjmrhdDMyFIT0C4soGiEAwN8b8pLdFLHEaPPmgU%2Bxdqx2XR5da"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198de55ed5013aa-SEA + +https://example.com +
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 08:19:26 GMT +Content-Type: application/json +Retry-After: 2831 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=PaCCX51GD5LQcfV39thxYDFqKDTkny2s8t%2FpjyHlomBbTIu45mh5i1fp20%2FrmtQB5KLSA8y1RZNx5uXRsjD9OqDJg%2F7YVi%2Fa5svxPlnvdsQqZ1Ki7dHd5fRgvjo5aeBSeZU7K%2Ba%2B"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198ebfbfb12e38e-SEA + +https://example.com +
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:22:36 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=20194 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-4ee2" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 0 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Age: 1322 +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=ikK%2FjEBZAL9defkuMUuqDGzJhyOtxNdPIrz8S6Wbgjb9k0oqsRfk1FY7fxUS39oGKGHRCGEY1GEit9b1CEesILnYz2oYlLj3vK2cA7Szt11BC4gG5MUSI%2FpO%2BsD4kYYlYFsv318U"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 719898b76abc39e3-SEA + +https://example.com
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 07:41:32 GMT +Content-Type: application/json +Retry-After: 1410 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=L2WFTibBpt%2BDhz%2FM6xUsroO7aDsCqxemxbtfR5S2iCsjTRaytUG%2FkpoCM14Y90hhfm8KiD88byOP3wtdTPNURqNUE18gjpH7cEXpn2yhCOZ9STqt6Hgcwd4dsUUfw4Qgt3xxCBTK"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 7198b477ff230905-SEA + +https://example.com +
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 09:07:48 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=1049193 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-100269" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 2 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=cCFLlw6n5wW3Ldjjl6LuyTV8wSe2NB%2BTvbYZ53oMUMIcG3zPtSdA%2F%2BiVsFefROIRswr1sqVCHiWhGCsJhKycCtU7E2r88BYZodxu7l8wCz98bmxHdsBkYlw%2FRLnZi1J17M0aG5T6"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 719932cea804139a-SEA + +https://example.com
    +

    Request 2:

    +
    GET /redacted?94ef82ad72dfadb7b729 HTTP/2 +Host: https://example.com +Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 09:20:42 GMT +Content-Type: application/json +Retry-After: 2818 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=chRQ6%2BPF07VW3O%2B6vBiO3yqbR0IOtbfwIaFIaZhYUIc%2BJ6LqK09OIF4tLv4GV688UAYkyazUxuoKSnpPydJ5Hn0GUgRAiVx9LE2x6icFWbKHCyvnkQNcfO%2FL6hV2%2FOdai2qrPy%2Bq"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 719945bc0d4830b3-SEA + +https://example.com +
    + +
    + +

    User agent-dependent response

    +/redacted + +

    +Issue description +

    +
    +

    Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

    +

    This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

    +

    To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Burp Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request 1:

    +
    GET /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=8d467a9836d19fd26dfe28fbf19907453cba442d-1654930838 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 1:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 09:13:49 GMT +Content-Type: application/javascript +Cf-Bgj: minify +Cf-Polished: origSize=2292583 +Cache-Control: public, max-age=3600, s-maxage=3600 +Content-Security-Policy: default-src 'none'; base-uri 'self'; media-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; img-src 'self'; font-src 'self'; manifest-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; +Cross-Origin-Embedder-Policy: require-corp +Cross-Origin-Opener-Policy: same-origin +Etag: W/"625ded12-22fb67" +Last-Modified: Mon, 18 Apr 2022 22:58:26 GMT +Referrer-Policy: no-referrer +Strict-Transport-Security: max-age=63072000; includeSubDomains; preload +X-Content-Type-Options: nosniff +X-Dns-Prefetch-Control: off +X-Envoy-Upstream-Service-Time: 1 +X-Frame-Options: DENY +X-Xss-Protection: 1; mode=block +Cf-Cache-Status: HIT +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=okxX%2FMljEx19SvTpIPCbfs6HvHM190lKPe8L586%2FbLJZVBx3b18wX8cvEfdTyNFluurNkt6zK%2BKSI84Ch3CNuRtnC6J6UIPetbGv55WMjnDVPFeqzFWRwboNxbRnOq5dsKos10Wj"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71993ba43aae3089-SEA + +https://example.com
    +

    Request 2:

    +
    GET /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=8d467a9836d19fd26dfe28fbf19907453cba442d-1654930838 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 + +Connection: close +Cache-Control: max-age=0 + +
    +

    Response 2:

    +
    HTTP/2 429 Too Many Requests +Date: Sat, 11 Jun 2022 09:22:58 GMT +Content-Type: application/json +Retry-After: 2683 +Cache-Control: no-cache +Expect-Ct: max-age=604800, report-uri="https://redacted/redacted/beacon/expect-ct" +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=dEEtpbiEmmeZY0lUd6wmrN5rAobfkW8a6OXkOTZtaDHtG0DV04ignJ8ekAzI04sCFDml0BJW3LeC8XugVpcVPr5xO%2B8WXrgLBumMdZj9oo%2BH1OUYz8KNrMpyREuNkmMX2T1bgJpp"}],"group":"cf-nel","max_age":604800} +Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Server: redacted +Cf-Ray: 71994908ee1a5fe6-SEA +
    + +
    +
    + +
    +
    + +

    Cross-site request forgery

    +/redacted + +

    Issue detail:

    +
    +The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users. +
    + +

    +Issue background +

    +
    +

    Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:

    +
      +
    • The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.
      • +
    • The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.
      • +
    • The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.
    • The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.
    +
    + +

    +Issue remediation +

    +
    +

    The most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.

    +

    An alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses.

    +
    + +

    References

    +
    + +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    POST /redacted HTTP/2 +Host: https://example.com +Cookie: __cfruid=d1db725338a0a9a40800e81127effa72b4e1cbde-1654931039 +Origin: https://example.com +sec-ch-ua: +sec-ch-ua-mobile: ?0 +Accept: */* +sec-ch-ua-platform: +Content-Type: application/json +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 +Content-Length: 0 + +
    +

    Response:

    +
    HTTP/2 200 OK +Date: Sat, 11 Jun 2022 07:04:01 GMT +Server: redacted +Cf-Ray: 71987d814c2260bf-SEA +X-Frame-Options: DENY +X-Content-Type-Options: nosniff + +
    + +
    +
    + +
    + +
    +

    More details for https://example.com

    +
    + +
    +
    + +

    Cookie scoped to parent domain

    +/ + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET / HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:00:33 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:00:33 GMT +Location: https://example.com/ +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=%2FUALE32sIebIUo0DOfNh0d0AVf5FfGomVqTAAlbT%2FdyKoCo1Cr6vwT9slKXiN9Ru5jUdIU4qjqv0Fyn1EpWNLtl5fgwns8tSuUzMKsUw8sCwyfRkEFnzHfeBobZZPpuyIaPAXsrR"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=d75817bc7ad6710ac75db6ba48f6fc37f6551137-1654930833; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 7198786d5cb8091d-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:01:42 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:01:42 GMT +Location: https://example.com/help +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=qCzD4g%2F1kw7nbUSLpSh0sZ853HE6ito40XIvo%2FH%2BQhbpe6Uze7RDJ3zIVdgeyhfcckimNlr08Yf5F6UtGxxIUHP2pXethA72jAjfSVSQPcrYYselewPcD77kfWRFfDVkpHVlmKbY"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=b4ed5cee943ab8a032d98b9afb748493ad5508af-1654930902; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987a1a99db3a0e-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:01:43 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:01:43 GMT +Location: https://example.com/redactedSet-Cookie: __cfruid=f6065aa88005db6a289e73f76240abfef21a0126-1654930903; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987a23eb0b0927-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:01:45 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:01:45 GMT +Location: https://example.com/redactedSet-Cookie: __cfruid=b7ee4175eb89f8f65a910c14e5e855b2fd3a1516-1654930905; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987a2e0a7f5fbc-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:02:48 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:02:48 GMT +Location: https://example.com/redactedSet-Cookie: __cfruid=692fabd448314c08d72b2f148b1c1328793fe491-1654930968; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987bb8dde327ea-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:02:46 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:02:46 GMT +Location: https://example.com/redactedSet-Cookie: __cfruid=7ef2437b49ccb592ab22c9631737966ef28f6125-1654930966; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987bae8cb3610e-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:00:37 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:00:37 GMT +Location: https://example.com/login +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=%2F%2B0j4iAiIhKtlxfKUYRRvGBw1A3CoB8kliM2XyzsJvn3k%2BclSaArx8aLpFKX9A4mzLetuBJjeizmhrt5uLVNbpHqg5OIa%2B%2By8ci4AnmMoFVaR2izPeSz3z7iifpcca9GK%2BnkBk4N"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=d8bd325d60ec6072ebaf4ebdf5385a328bf88620-1654930837; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 719878863c0f611a-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:00:38 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:00:38 GMT +Location: https://example.com/query +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=GITu%2FNkeUJ7i4GNvI8eqYIL8PI8PhziTbWEkjnRpK5ZqLqoUhNYcNBik1jzvHozRQg91RPLgFSl4Xdh1Yc6z%2Bch1htbvWD48lpVK4FO%2BLrybGXSUNTc7iDGy1yRu3745H7hflz4W"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=8d467a9836d19fd26dfe28fbf19907453cba442d-1654930838; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 7198788f9990611a-SEA +Content-Length: 0 + +
    + +
    + +

    Cookie scoped to parent domain

    +/redacted + +

    Issue detail:

    +
    +The following cookie was issued by the application and is scoped to a parent of the issuing domain:
    • __cfruid
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function. +
    + +

    +Issue background +

    +
    +

    A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

    +
    + +

    +Issue remediation +

    +
    +

    By default, cookies are scoped to the issuing domain, and on IE/Edge to subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems that support those applications.

    +
    + +

    Vulnerability classifications

    +
    + +
    + +

    Request:

    +
    GET /redacted HTTP/1.1 +Host: https://example.com +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Upgrade-Insecure-Requests: 1 +Accept-Encoding: gzip, deflate +Accept-Language: en-US;q=0.9,en;q=0.8 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 +Connection: close +Cache-Control: max-age=0 + +
    +

    Response:

    +
    HTTP/1.1 301 Moved Permanently +Date: Sat, 11 Jun 2022 07:01:40 GMT +Connection: close +Cache-Control: max-age=3600 +Expires: Sat, 11 Jun 2022 08:01:40 GMT +Location: https://example.com/settings +Report-To: {"endpoints":[{"url":"https:\/\/redacted.com\/report\/v3?s=TOW3kVkXp0bQxMYOOZT7OMzLRtYV6%2FXOyYqp9xIhzJLiSAhal9Kjiko6HpWytDihL7fQx3esZQiCibP5337D%2FSZKaZ1IOXiFT10xheOjwURaL6hW%2BzOcUa0AArPFOf54aerC8ZdK"}],"group":"cf-nel","max_age":604800} +NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} +Vary: Accept-Encoding +Set-Cookie: __cfruid=c5070c5ee4b26bb8d7c32b51ade8b2dbe7f31828-1654930900; path=/; domain=.redacted.com; HttpOnly +Server: redacted +CF-RAY: 71987a1159355fda-SEA +Content-Length: 0 + +
    + +
    +
    + +
    + +
    + + \ No newline at end of file diff --git a/unittests/scans/burp_graphql/null_request_segments.json b/unittests/scans/burp_graphql/null_request_segments.json new file mode 100644 index 00000000000..e1517827c04 --- /dev/null +++ b/unittests/scans/burp_graphql/null_request_segments.json @@ -0,0 +1,25 @@ +{ + "Issues":[ + { + "issue_type":{ + "name":"TLS certificate", + "description_html":null, + "remediation_html":null, + "vulnerability_classifications_html":"", + "references_html":"" + }, + "description_html":null, + "remediation_html":null, + "severity":"medium", + "path":"/", + "origin":"https://verysecretcompany.domain", + "serial_number":"0000000000000000000000", + "evidence":[ + { + "request_index":0, + "request_segments":null + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/ccvs/many_vulns.json b/unittests/scans/ccvs/many_vulns.json deleted file mode 100644 index 36197bf2f0c..00000000000 --- a/unittests/scans/ccvs/many_vulns.json +++ /dev/null @@ -1,184 +0,0 @@ -{ - "id": "ff4cc20c-fdd8-4297-bd21-3703daba1bef", - "status": "finished", - "created_at": "2020-06-23T14:12:44.176922Z", - "updated_at": "2020-06-23T14:14:05.899405Z", - "image": "docker-image:tag", - "vendors": { - "anchore_engine": { - "output": "anchore_output", - "image_id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "clair": { - "output": "clair_output", - "image_id": "sha256_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_yyyyyyyyyyyy" - } - }, - "errors": [], - "result": "failed", - "ccvs_results": { - "anchore_engine": { - "low_vulns": [ - { - "fix": "232-25+deb9u7", - "url": "https://security-tracker.debian.org/tracker/CVE-2018-16866", - "name": "CVE-2018-16866", - "severity": "Low", - "package_name": "libsystemd0", - "package_version": "232-25+deb9u4" - }, - { - "fix": "232-25+deb9u8", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-3815", - "name": "CVE-2019-3815", - "severity": "Low", - "package_name": "libsystemd0", - "package_version": "232-25+deb9u4" - }, - { - "fix": "232-25+deb9u7", - "url": "https://security-tracker.debian.org/tracker/CVE-2018-16866", - "name": "CVE-2018-16866", - "severity": "Low", - "package_name": "libudev1", - "package_version": "232-25+deb9u4" - }, - { - "fix": "232-25+deb9u8", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-3815", - "name": "CVE-2019-3815", - "severity": "Low", - "package_name": "libudev1", - "package_version": "232-25+deb9u4" - } - ], - "high_vulns": [ - { - "fix": "1.4.9", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-3462", - "name": "CVE-2019-3462", - "severity": "High", - "package_name": "apt", - "package_version": "1.4.8" - }, - { - "fix": "1.4.9", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-3462", - "name": "CVE-2019-3462", - "severity": "High", - "package_name": "libapt-pkg5.0", - "package_version": "1.4.8" - } - ], - "medium_vulns": [ - { - "fix": "1.4.10", - "url": "https://security-tracker.debian.org/tracker/CVE-2020-3810", - "name": "CVE-2020-3810", - "severity": "Medium", - "package_name": "apt", - "package_version": "1.4.8" - }, - { - "fix": "1.43.4-2+deb9u1", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-5094", - "name": "CVE-2019-5094", - "severity": "Medium", - "package_name": "e2fslibs", - "package_version": "1.43.4-2" - } - ], - "negligible_vulns": [ - { - "fix": "None", - "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "name": "CVE-2011-3374", - "severity": "Negligible", - "package_name": "apt", - "package_version": "1.4.8" - }, - { - "fix": "None", - "url": "https://security-tracker.debian.org/tracker/CVE-2017-18018", - "name": "CVE-2017-18018", - "severity": "Negligible", - "package_name": "coreutils", - "package_version": "8.26-3" - }, - { - "fix": "None", - "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "name": "CVE-2011-3374", - "severity": "Negligible", - "package_name": "libapt-pkg5.0", - "package_version": "1.4.8" - } - ] - }, - "clair": { - "low_vulns": [ - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2019-17543", - "name": "CVE-2019-17543", - "severity": "Low", - "package_name": "lz4", - "package_version": "0.0~r131-2" - }, - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2019-7665", - "name": "CVE-2019-7665", - "severity": "Low", - "package_name": "elfutils", - "package_version": "0.168-1" - } - ], - "unknown_vulns": [ - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2020-3810", - "name": "CVE-2020-3810", - "severity": "Unknown", - "package_name": "apt", - "package_version": "1.4.8" - }, - { - "fix": "1.4.9", - "url": "https://security-tracker.debian.org/tracker/CVE-2019-3462", - "name": "CVE-2019-3462", - "severity": "Unknown", - "package_name": "apt", - "package_version": "1.4.8" - } - ], - "negligible_vulns": [ - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374", - "name": "CVE-2011-3374", - "severity": "Negligible", - "package_name": "apt", - "package_version": "1.4.8" - }, - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2019-7148", - "name": "CVE-2019-7148", - "severity": "Negligible", - "package_name": "elfutils", - "package_version": "0.168-1" - }, - { - "fix": null, - "url": "https://security-tracker.debian.org/tracker/CVE-2019-19882", - "name": "CVE-2019-19882", - "severity": "Negligible", - "package_name": "shadow", - "package_version": "1:4.4-4.1" - } - ] - } - }, - "whitelist": {} -} \ No newline at end of file diff --git a/unittests/scans/ccvs/no_vuln.json b/unittests/scans/ccvs/no_vuln.json deleted file mode 100644 index 3577c8d751b..00000000000 --- a/unittests/scans/ccvs/no_vuln.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "id": "4ce2f2cc-72a0-4efc-858f-bc9722daaf96", - "status": "finished", - "created_at": "2020-06-23T14:12:44.176922Z", - "updated_at": "2020-06-23T14:14:05.899405Z", - "image": "docker-image:tag", - "vendors": { - "anchore_engine": { - "output": "anchore_output", - "image_id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "clair": { - "output": "clair_output", - "image_id": "sha256_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_yyyyyyyyyyyy" - } - }, - "errors": [], - "result": "passed", - "ccvs_results": { - "anchore_engine": {}, - "clair": {} - }, - "whitelist": {} -} \ No newline at end of file diff --git a/unittests/scans/ccvs/one_vuln_one_vendor.json b/unittests/scans/ccvs/one_vuln_one_vendor.json deleted file mode 100644 index 76f89fa8d84..00000000000 --- a/unittests/scans/ccvs/one_vuln_one_vendor.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "id": "4ce2f2cc-72a0-4efc-858f-bc9722daaf96", - "status": "finished", - "created_at": "2020-06-23T14:12:44.176922Z", - "updated_at": "2020-06-23T14:14:05.899405Z", - "image": "docker-image:tag", - "vendors": { - "anchore_engine": { - "output": "anchore_output", - "image_id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "clair": { - "output": "clair_output", - "image_id": "sha256_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_yyyyyyyyyyyy" - } - }, - "errors": [], - "result": "failed", - "ccvs_results": { - "anchore_engine": {}, - "clair": { - "unknown_vulns": [ - { - "fix": "1.6_rc1-r0", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4074", - "name": "CVE-2016-4074", - "severity": "Unknown", - "package_name": "jq", - "package_version": "1.6-r0" - } - ] - } - }, - "whitelist": {} -} \ No newline at end of file diff --git a/unittests/scans/checkmarx/many_aggregated_findings.xml b/unittests/scans/checkmarx/many_aggregated_findings.xml new file mode 100644 index 00000000000..77208806220 --- /dev/null +++ b/unittests/scans/checkmarx/many_aggregated_findings.xml @@ -0,0 +1,3520 @@ + + + + + + + filename3.cs + 283 + 13 + 1 + catch + + 5 + + + 283 + catch (System.Exception ex1) + + + + + + + + + filename3.cs + 322 + 13 + 1 + catch + + 5 + + + 322 + catch (System.Exception ex2) + + + + + + + + + filename3.cs + 360 + 17 + 1 + catch + + 5 + + + 360 + catch (System.Exception ex3) + + + + + + + + + filename3.cs + 348 + 17 + 1 + catch + + 5 + + + 348 + catch (System.Exception ex3) + + + + + + + + + filename3.cs + 387 + 13 + 1 + catch + + 5 + + + 387 + catch (System.Exception ex4) + + + + + + + + + filename3.cs + 414 + 13 + 1 + catch + + 5 + + + 414 + catch (System.Exception ex5) + + + + + + + + + filename3.cs + 443 + 13 + 1 + catch + + 5 + + + 443 + catch (System.Exception ex6) + + + + + + + + + filename3.cs + 472 + 13 + 1 + catch + + 5 + + + 472 + catch (System.Exception ex7) + + + + + + + + + filename3.cs + 501 + 13 + 1 + catch + + 5 + + + 501 + catch (System.Exception ex8) + + + + + + + + + filename3.cs + 530 + 13 + 1 + catch + + 5 + + + 530 + catch (System.Exception ex9) + + + + + + + + + filename3.cs + 559 + 13 + 1 + catch + + 5 + + + 559 + catch (System.Exception ex10) + + + + + + + + + filename3.cs + 588 + 13 + 1 + catch + + 5 + + + 588 + catch (System.Exception ex11) + + + + + + + + + filename3.cs + 616 + 13 + 1 + catch + + 5 + + + 616 + catch (System.Exception ex12) + + + + + + + + + filename3.cs + 653 + 13 + 1 + catch + + 5 + + + 653 + catch (System.Exception ex13) + + + + + + + + + filename3.cs + 682 + 13 + 1 + catch + + 5 + + + 682 + catch (System.Exception ex14) + + + + + + + + + filename3.cs + 771 + 13 + 1 + catch + + 5 + + + 771 + catch (System.Exception ex15) + + + + + + + + + filename3.cs + 861 + 13 + 1 + catch + + 5 + + + 861 + catch (System.Exception ex16) + + + + + + + + + filename3.cs + 900 + 13 + 1 + catch + + 5 + + + 900 + catch (System.Exception ex17) + + + + + + + + + filename3.cs + 939 + 13 + 1 + catch + + 5 + + + 939 + catch (System.Exception ex18) + + + + + + + + + filename3.cs + 988 + 13 + 1 + catch + + 5 + + + 988 + catch (System.Exception ex19) + + + + + + + + + filename3.cs + 1014 + 13 + 1 + catch + + 5 + + + 1014 + catch (System.Exception ex20) + + + + + + + + + filename3.cs + 1041 + 13 + 1 + catch + + 5 + + + 1041 + catch (System.Exception ex21) + + + + + + + + + filename3.cs + 1068 + 13 + 1 + catch + + 5 + + + 1068 + catch (System.Exception ex22) + + + + + + + + + filename3.cs + 1098 + 13 + 1 + catch + + 5 + + + 1098 + catch (System.Exception ex23) + + + + + + + + + filename3.cs + 1137 + 13 + 1 + catch + + 5 + + + 1137 + catch (System.Exception ex24) + + + + + + + + + filename3.cs + 1199 + 13 + 1 + catch + + 5 + + + 1199 + catch (System.Exception ex25) + + + + + + + + + filename3.cs + 1271 + 13 + 1 + catch + + 5 + + + 1271 + catch (System.Exception ex26) + + + + + + + + + filename3.cs + 1343 + 13 + 1 + catch + + 5 + + + 1343 + catch (System.Exception ex27) + + + + + + + + + filename3.cs + 1415 + 13 + 1 + catch + + 5 + + + 1415 + catch (System.Exception ex28) + + + + + + + + + filename3.cs + 1483 + 13 + 1 + catch + + 5 + + + 1483 + catch (System.Exception ex29) + + + + + + + + + filename3.cs + 1579 + 13 + 1 + catch + + 5 + + + 1579 + catch (System.Exception ex30) + + + + + + + + + filename3.cs + 1651 + 13 + 1 + catch + + 5 + + + 1651 + catch (System.Exception ex31) + + + + + + + + + filename3.cs + 1711 + 13 + 1 + catch + + 5 + + + 1711 + catch (System.Exception ex32) + + + + + + + + + filename3.cs + 1743 + 13 + 1 + catch + + 5 + + + 1743 + catch (System.Exception ex33) + + + + + + + + + filename3.cs + 1781 + 13 + 1 + catch + + 5 + + + 1781 + catch (System.Exception ex34) + + + + + + + + + filename3.cs + 1817 + 13 + 1 + catch + + 5 + + + 1817 + catch (System.Exception ex35) + + + + + + + + + filename3.cs + 1874 + 13 + 1 + catch + + 5 + + + 1874 + catch (System.Exception ex36) + + + + + + + + + filename3.cs + 1930 + 13 + 1 + catch + + 5 + + + 1930 + catch (System.Exception ex37) + + + + + + + + + filename3.cs + 1987 + 13 + 1 + catch + + 5 + + + 1987 + catch (System.Exception ex38) + + + + + + + + + filename3.cs + 2038 + 13 + 1 + catch + + 5 + + + 2038 + catch (System.Exception ex39) + + + + + + + + + filename3.cs + 2072 + 13 + 1 + catch + + 5 + + + 2072 + catch (System.Exception ex40) + + + + + + + + + filename3.cs + 2106 + 13 + 1 + catch + + 5 + + + 2106 + catch (System.Exception ex41) + + + + + + + + + filename3.cs + 2157 + 13 + 1 + catch + + 5 + + + 2157 + catch (System.Exception ex42) + + + + + + + + + filename3.cs + 2214 + 13 + 1 + catch + + 5 + + + 2214 + catch (System.Exception ex43) + + + + + + + + + filename3.cs + 2263 + 13 + 1 + catch + + 5 + + + 2263 + catch (System.Exception ex44) + + + + + + + + + filename3.cs + 2314 + 13 + 1 + catch + + 5 + + + 2314 + catch (System.Exception ex45) + + + + + + + + + filename3.cs + 2357 + 13 + 1 + catch + + 5 + + + 2357 + catch (System.Exception ex46) + + + + + + + + + filename3.cs + 2385 + 13 + 1 + catch + + 5 + + + 2385 + catch (System.Exception ex46) + + + + + + + + + filename3.cs + 2425 + 13 + 1 + catch + + 5 + + + 2425 + catch (System.Exception ex46) + + + + + + + + + filename3.cs + 2475 + 13 + 1 + catch + + 5 + + + 2475 + catch (System.Exception ex47) + + + + + + + + + filename3.cs + 2525 + 13 + 1 + catch + + 5 + + + 2525 + catch (System.Exception ex48) + + + + + + + + + filename3.cs + 2575 + 13 + 1 + catch + + 5 + + + 2575 + catch (System.Exception ex49) + + + + + + + + + filename3.cs + 2625 + 13 + 1 + catch + + 5 + + + 2625 + catch (System.Exception ex50) + + + + + + + + + filename3.cs + 2675 + 13 + 1 + catch + + 5 + + + 2675 + catch (System.Exception ex51) + + + + + + + + + filename3.cs + 2702 + 13 + 1 + catch + + 5 + + + 2702 + catch (System.Exception ex52) + + + + + + + + + filename3.cs + 2752 + 13 + 1 + catch + + 5 + + + 2752 + catch (System.Exception ex53) + + + + + + + + + filename3.cs + 2791 + 13 + 1 + catch + + 5 + + + 2791 + catch (System.Exception ex54) + + + + + + + + + filename3.cs + 2864 + 13 + 1 + catch + + 5 + + + 2864 + catch (System.Exception ex55) + + + + + + + + + filename3.cs + 2957 + 13 + 1 + catch + + 5 + + + 2957 + catch (System.Exception ex56) + + + + + + + + + filename3.cs + 3055 + 13 + 1 + catch + + 5 + + + 3055 + catch (System.Exception ex57) + + + + + + + + + filename3.cs + 3107 + 13 + 1 + catch + + 5 + + + 3107 + catch (System.Exception ex58) + + + + + + + + + filename3.cs + 3204 + 13 + 1 + catch + + 5 + + + 3204 + catch (System.Exception ex59) + + + + + + + + + filename3.cs + 3346 + 13 + 1 + catch + + 5 + + + 3346 + catch (System.Exception ex60) + + + + + + + + + filename3.cs + 3673 + 13 + 1 + catch + + 5 + + + 3673 + catch (System.Exception ex61) + + + + + + + + + filename3.cs + 4191 + 13 + 1 + catch + + 5 + + + 4191 + catch (System.Exception ex62) + + + + + + + + + filename3.cs + 4481 + 13 + 1 + catch + + 5 + + + 4481 + catch (System.Exception ex63) + + + + + + + + + filename3.cs + 4568 + 13 + 1 + catch + + 5 + + + 4568 + catch (System.Exception ex64) + + + + + + + + + filename3.cs + 4662 + 13 + 1 + catch + + 5 + + + 4662 + catch (System.Exception ex65) + + + + + + + + + filename3.cs + 4767 + 13 + 1 + catch + + 5 + + + 4767 + catch (System.Exception ex66) + + + + + + + + + filename3.cs + 4799 + 13 + 1 + catch + + 5 + + + 4799 + catch (System.Exception ex67) + + + + + + + + + filename3.cs + 4833 + 13 + 1 + catch + + 5 + + + 4833 + catch (System.Exception ex68) + + + + + + + + + filename3.cs + 4862 + 13 + 1 + catch + + 5 + + + 4862 + catch (System.Exception ex69) + + + + + + + + + filename3.cs + 4891 + 13 + 1 + catch + + 5 + + + 4891 + catch (System.Exception ex70) + + + + + + + + + filename3.cs + 4923 + 13 + 1 + catch + + 5 + + + 4923 + catch (System.Exception ex71) + + + + + + + + + filename3.cs + 4972 + 13 + 1 + catch + + 5 + + + 4972 + catch (System.Exception ex72) + + + + + + + + + filename3.cs + 5010 + 13 + 1 + catch + + 5 + + + 5010 + catch (System.Exception ex73) + + + + + + + + + filename3.cs + 5048 + 13 + 1 + catch + + 5 + + + 5048 + catch (System.Exception ex74) + + + + + + + + + filename3.cs + 5098 + 13 + 1 + catch + + 5 + + + 5098 + catch (System.Exception ex75) + + + + + + + + + filename3.cs + 5133 + 13 + 1 + catch + + 5 + + + 5133 + catch (System.Exception ex76) + + + + + + + + + filename3.cs + 5166 + 13 + 1 + catch + + 5 + + + 5166 + catch (System.Exception ex77) + + + + + + + + + filename3.cs + 5201 + 13 + 1 + catch + + 5 + + + 5201 + catch (System.Exception ex78) + + + + + + + + + filename3.cs + 5270 + 13 + 1 + catch + + 5 + + + 5270 + catch (System.Exception ex79) + + + + + + + + + filename3.cs + 5324 + 13 + 1 + catch + + 5 + + + 5324 + catch (System.Exception ex80) + + + + + + + + + filename3.cs + 5382 + 13 + 1 + catch + + 5 + + + 5382 + catch (System.Exception ex81) + + + + + + + + + filename3.cs + 5421 + 13 + 1 + catch + + 5 + + + 5421 + catch (System.Exception ex82) + + + + + + + + + filename3.cs + 5455 + 13 + 1 + catch + + 5 + + + 5455 + catch (System.Exception ex83) + + + + + + + + + filename3.cs + 5517 + 13 + 1 + catch + + 5 + + + 5517 + catch (System.Exception ex84) + + + + + + + + + filename3.cs + 5586 + 13 + 1 + catch + + 5 + + + 5586 + catch (System.Exception ex85) + + + + + + + + + filename3.cs + 5657 + 13 + 1 + catch + + 5 + + + 5657 + catch (System.Exception ex86) + + + + + + + + + filename3.cs + 5876 + 13 + 1 + catch + + 5 + + + 5876 + catch (System.Exception ex87) + + + + + + + + + filename3.cs + 5948 + 13 + 1 + catch + + 5 + + + 5948 + catch (System.Exception ex88) + + + + + + + + + filename3.cs + 5999 + 17 + 1 + catch + + 5 + + + 5999 + catch(Exception ex) + + + + + + + + + filename3.cs + 6027 + 25 + 1 + catch + + 5 + + + 6027 + catch(Exception ex) + + + + + + + + + filename3.cs + 6082 + 13 + 1 + catch + + 5 + + + 6082 + catch (System.Exception ex89) + + + + + + + + + filename3.cs + 6131 + 13 + 1 + catch + + 5 + + + 6131 + catch (System.Exception ex90) + + + + + + + + + filename3.cs + 6175 + 13 + 1 + catch + + 5 + + + 6175 + catch (System.Exception ex91) + + + + + + + + + filename3.cs + 6234 + 33 + 1 + catch + + 5 + + + 6234 + catch(Exception ex) + + + + + + + + + filename3.cs + 6260 + 13 + 1 + catch + + 5 + + + 6260 + catch (System.Exception ex91) + + + + + + + + + filename3.cs + 6310 + 13 + 1 + catch + + 5 + + + 6310 + catch (System.Exception ex93) + + + + + + + + + filename3.cs + 6359 + 13 + 1 + catch + + 5 + + + 6359 + catch (System.Exception ex94) + + + + + + + + + filename3.cs + 6547 + 13 + 1 + catch + + 5 + + + 6547 + catch (System.Exception ex94) + + + + + + + + + filename3.cs + 6628 + 13 + 1 + catch + + 5 + + + 6628 + catch (System.Exception ex95) + + + + + + + + + filename3.cs + 6819 + 13 + 1 + catch + + 5 + + + 6819 + catch (System.Exception ex96) + + + + + + + + + filename3.cs + 6937 + 13 + 1 + catch + + 5 + + + 6937 + catch (System.Exception ex97) + + + + + + + + + filename3.cs + 7111 + 13 + 1 + catch + + 5 + + + 7111 + catch (System.Exception ex99) + + + + + + + + + filename3.cs + 7194 + 13 + 1 + catch + + 5 + + + 7194 + catch (System.Exception ex100) + + + + + + + + + filename3.cs + 7250 + 13 + 1 + catch + + 5 + + + 7250 + catch (System.Exception ex101) + + + + + + + + + filename3.cs + 7348 + 13 + 1 + catch + + 5 + + + 7348 + catch (System.Exception ex102) + + + + + + + + + filename3.cs + 7395 + 13 + 1 + catch + + 5 + + + 7395 + catch (System.Exception ex103) + + + + + + + + + filename3.cs + 7447 + 13 + 1 + catch + + 5 + + + 7447 + catch (System.Exception ex104) + + + + + + + + + filename3.cs + 7493 + 13 + 1 + catch + + 5 + + + 7493 + catch (System.Exception ex105) + + + + + + + + + filename3.cs + 7547 + 13 + 1 + catch + + 5 + + + 7547 + catch (System.Exception ex106) + + + + + + + + + filename3.cs + 7601 + 13 + 1 + catch + + 5 + + + 7601 + catch (System.Exception ex107) + + + + + + + + + filename3.cs + 7655 + 13 + 1 + catch + + 5 + + + 7655 + catch (System.Exception ex108) + + + + + + + + + filename3.cs + 7742 + 13 + 1 + catch + + 5 + + + 7742 + catch (System.Exception ex109) + + + + + + + + + filename3.cs + 7831 + 13 + 1 + catch + + 5 + + + 7831 + catch (System.Exception ex110) + + + + + + + + + filename3.cs + 7908 + 13 + 1 + catch + + 5 + + + 7908 + catch (System.Exception ex111) + + + + + + + + + filename3.cs + 7963 + 13 + 1 + catch + + 5 + + + 7963 + catch (System.Exception ex112) + + + + + + + + + filename3.cs + 8019 + 13 + 1 + catch + + 5 + + + 8019 + catch (System.Exception ex113) + + + + + + + + + filename3.cs + 8094 + 13 + 1 + catch + + 5 + + + 8094 + catch (System.Exception ex114) + + + + + + + + + filename3.cs + 8150 + 13 + 1 + catch + + 5 + + + 8150 + catch (System.Exception ex115) + + + + + + + + + filename3.cs + 8182 + 13 + 1 + catch + + 5 + + + 8182 + catch (System.Exception ex116) + + + + + + + + + filename3.cs + 8213 + 13 + 1 + catch + + 5 + + + 8213 + catch (System.Exception ex117) + + + + + + + + + filename3.cs + 8270 + 13 + 1 + catch + + 5 + + + 8270 + catch (System.Exception ex118) + + + + + + + + + filename3.cs + 8329 + 13 + 1 + catch + + 5 + + + 8329 + catch (System.Exception ex119) + + + + + + + + + filename3.cs + 8426 + 13 + 1 + catch + + 5 + + + 8426 + catch (System.Exception ex120) + + + + + + + + + filename3.cs + 8485 + 13 + 1 + catch + + 5 + + + 8485 + catch (System.Exception ex121) + + + + + + + + + filename3.cs + 8514 + 13 + 1 + catch + + 5 + + + 8514 + catch (System.Exception ex122) + + + + + + + + + filename3.cs + 8539 + 13 + 1 + catch + + 5 + + + 8539 + catch (System.Exception ex123) + + + + + + + + + filename3.cs + 8590 + 13 + 1 + catch + + 5 + + + 8590 + catch (System.Exception ex124) + + + + + + + + + filename3.cs + 8639 + 13 + 1 + catch + + 5 + + + 8639 + catch (System.Exception ex125) + + + + + + + + + filename3.cs + 8709 + 13 + 1 + catch + + 5 + + + 8709 + catch (System.Exception ex126) + + + + + + + + + filename3.cs + 8757 + 13 + 1 + catch + + 5 + + + 8757 + catch (System.Exception ex127) + + + + + + + + + filename3.cs + 8889 + 13 + 1 + catch + + 5 + + + 8889 + catch (System.Exception ex127) + + + + + + + + + filename3.cs + 8919 + 13 + 1 + catch + + 5 + + + 8919 + catch (System.Exception ex129) + + + + + + + + + filename3.cs + 8994 + 13 + 1 + catch + + 5 + + + 8994 + catch (System.Exception ex130) + + + + + + + + + filename3.cs + 9068 + 13 + 1 + catch + + 5 + + + 9068 + catch (System.Exception ex131) + + + + + + + + + filename3.cs + 9131 + 13 + 1 + catch + + 5 + + + 9131 + catch (System.Exception ex132) + + + + + + + + + filename3.cs + 9193 + 13 + 1 + catch + + 5 + + + 9193 + catch (System.Exception ex133) + + + + + + + + + filename3.cs + 9210 + 13 + 1 + catch + + 5 + + + 9210 + catch(Exception ex) + + + + + + + + + filename3.cs + 9311 + 13 + 1 + catch + + 5 + + + 9311 + catch (System.Exception ex134) + + + + + + + + + filename3.cs + 9337 + 13 + 1 + catch + + 5 + + + 9337 + catch (System.Exception ex135) + + + + + + + + + filename3.cs + 9392 + 13 + 1 + catch + + 5 + + + 9392 + catch (System.Exception ex136) + + + + + + + + + filename3.cs + 9470 + 13 + 1 + catch + + 5 + + + 9470 + catch (System.Exception ex137) + + + + + + + + + filename3.cs + 9510 + 13 + 1 + catch + + 5 + + + 9510 + catch (System.Exception ex138) + + + + + + + + + filename3.cs + 9591 + 13 + 1 + catch + + 5 + + + 9591 + catch (System.Exception ex139) + + + + + + + + + filename3.cs + 9699 + 13 + 1 + catch + + 5 + + + 9699 + catch (System.Exception ex139) + + + + + + + + + filename3.cs + 9809 + 13 + 1 + catch + + 5 + + + 9809 + catch (System.Exception ex140) + + + + + + + + + filename3.cs + 9860 + 13 + 1 + catch + + 5 + + + 9860 + catch (System.Exception ex142) + + + + + + + + + filename3.cs + 9900 + 13 + 1 + catch + + 5 + + + 9900 + catch (System.Exception ex143) + + + + + + + + + filename3.cs + 9967 + 13 + 1 + catch + + 5 + + + 9967 + catch (System.Exception ex143) + + + + + + + + + filename3.cs + 10157 + 13 + 1 + catch + + 5 + + + 10157 + catch (System.Exception ex145) + + + + + + + + + filename3.cs + 10249 + 13 + 1 + catch + + 5 + + + 10249 + catch (System.Exception ex146) + + + + + + + + + filename3.cs + 10290 + 13 + 1 + catch + + 5 + + + 10290 + catch (System.Exception ex147) + + + + + + + + + filename3.cs + 10341 + 13 + 1 + catch + + 5 + + + 10341 + catch (System.Exception ex148) + + + + + + + + + filename3.cs + 10392 + 13 + 1 + catch + + 5 + + + 10392 + catch (System.Exception ex149) + + + + + + + + + filename3.cs + 10447 + 13 + 1 + catch + + 5 + + + 10447 + catch (System.Exception ex150) + + + + + + + + + filename3.cs + 10502 + 13 + 1 + catch + + 5 + + + 10502 + catch (System.Exception ex151) + + + + + + + + + filename3.cs + 10600 + 13 + 1 + catch + + 5 + + + 10600 + catch (System.Exception ex152) + + + + + + + + + filename3.cs + 10696 + 13 + 1 + catch + + 5 + + + 10696 + catch (System.Exception ex153) + + + + + + + + + filename3.cs + 10741 + 13 + 1 + catch + + 5 + + + 10741 + catch (System.Exception ex154) + + + + + + + + + filename3.cs + 10774 + 13 + 1 + catch + + 5 + + + 10774 + catch (System.Exception ex155) + + + + + + + + + filename3.cs + 10824 + 13 + 1 + catch + + 5 + + + 10824 + catch (System.Exception ex156) + + + + + + + + + filename3.cs + 10866 + 13 + 1 + catch + + 5 + + + 10866 + catch (System.Exception ex157) + + + + + + + + + filename3.cs + 10915 + 13 + 1 + catch + + 5 + + + 10915 + catch (System.Exception ex158) + + + + + + + + + filename3.cs + 10957 + 13 + 1 + catch + + 5 + + + 10957 + catch (System.Exception ex159) + + + + + + + + + filename3.cs + 11003 + 13 + 1 + catch + + 5 + + + 11003 + catch (System.Exception ex160) + + + + + + + + + filename3.cs + 11045 + 13 + 1 + catch + + 5 + + + 11045 + catch (System.Exception ex161) + + + + + + + + + filename3.cs + 11144 + 13 + 1 + catch + + 5 + + + 11144 + catch (System.Exception ex162) + + + + + + + + + filename3.cs + 11284 + 13 + 1 + catch + + 5 + + + 11284 + catch (System.Exception ex163) + + + + + + + + + filename3.cs + 11334 + 13 + 1 + catch + + 5 + + + 11334 + catch (System.Exception ex164) + + + + + + + + + filename3.cs + 11465 + 13 + 1 + catch + + 5 + + + 11465 + catch (System.Exception ex165) + + + + + + + + + filename3.cs + 11512 + 13 + 1 + catch + + 5 + + + 11512 + catch (System.Exception ex166) + + + + + + + + + filename3.cs + 11550 + 13 + 1 + catch + + 5 + + + 11550 + catch (System.Exception ex167) + + + + + + + + + filename3.cs + 11588 + 13 + 1 + catch + + 5 + + + 11588 + catch (System.Exception ex168) + + + + + + + + + filename3.cs + 11635 + 13 + 1 + catch + + 5 + + + 11635 + catch (System.Exception ex169) + + + + + + + + + filename3.cs + 11691 + 13 + 1 + catch + + 5 + + + 11691 + catch (System.Exception ex170) + + + + + + + + + filename3.cs + 11762 + 13 + 1 + catch + + 5 + + + 11762 + catch (System.Exception ex171) + + + + + + + + + filename3.cs + 11801 + 13 + 1 + catch + + 5 + + + 11801 + catch (System.Exception ex172) + + + + + + + + + filename3.cs + 11852 + 13 + 1 + catch + + 5 + + + 11852 + catch (System.Exception ex173) + + + + + + + + + filename3.cs + 11924 + 13 + 1 + catch + + 5 + + + 11924 + catch (System.Exception ex174) + + + + + + + + + filename3.cs + 11958 + 13 + 1 + catch + + 5 + + + 11958 + catch (System.Exception ex175) + + + + + + + + + filename3.cs + 12003 + 13 + 1 + catch + + 5 + + + 12003 + catch (System.Exception ex176) + + + + + + + + + filename3.cs + 12050 + 13 + 1 + catch + + 5 + + + 12050 + catch (System.Exception ex177) + + + + + + + + + filename3.cs + 12067 + 13 + 1 + catch + + 5 + + + 12067 + catch (Exception ex) + + + + + + + diff --git a/unittests/scans/checkmarx/multiple_findings.json b/unittests/scans/checkmarx/multiple_findings.json new file mode 100644 index 00000000000..5e6a3c8f293 --- /dev/null +++ b/unittests/scans/checkmarx/multiple_findings.json @@ -0,0 +1,577 @@ +{ + "reportId": "hidden", + "reportHeader": { + "projectName": "DIVA", + "createdDate": "2022-02-25T21:56:10.318Z", + "tenantId": "hidden" + }, + "executiveSummary": { + "branchName": "", + "projectName": "DIVA", + "engines": [ + "SAST" + ], + "riskLevel": "No Risk", + "totalVulnerabilities": 11, + "newVulnerabilities": 10, + "recurrentVulnerabilities": 0, + "vulnerabilitiesPerEngine": { + "SAST": 10 + }, + "resultsTriage": { + "SAST": { + "Confirmed": { + "name": "Confirmed", + "amount": 0, + "percentage": 0 + }, + "Not exploitable": { + "name": "Not exploitable", + "amount": 0, + "percentage": 0 + }, + "To verify": { + "name": "To verify", + "amount": 10, + "percentage": 100 + }, + "Urgent": { + "name": "Urgent", + "amount": 0, + "percentage": 0 + } + } + } + }, + "scanSummary": { + "scanId": "hidden", + "languages": [ + "Java" + ], + "enginesCount": 1, + "scanCompletedDate": "2022-02-25 21:55:16.281169 +0000 UTC", + "engineTypes": [ + "SAST" + ] + }, + "scanResults": { + "sast": { + "languages": [ + { + "languageName": "Java", + "queries": [ + { + "queryName": "SQL_Injection", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 3, + "vulnerabilities": [ + { + "id": "/oiUUpBjigtUpTb1+haL9nypVaQ=", + "similarityId": -665784454, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 API", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "FISMA 2014", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2017" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 88, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java", + "fullName": "jakhar.aseem.diva.SQLInjectionActivity.search.srchtxt.getText", + "length": 1, + "line": 70, + "methodLine": 66, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "search" + }, + { + "column": 99, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java", + "fullName": "jakhar.aseem.diva.SQLInjectionActivity.search.toString", + "length": 1, + "line": 70, + "methodLine": 66, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "search" + }, + { + "column": 30, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java", + "fullName": "jakhar.aseem.diva.SQLInjectionActivity.mDB.rawQuery", + "length": 1, + "line": 70, + "methodLine": 66, + "name": "rawQuery", + "domType": "MethodInvokeExpr", + "method": "search" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:07Z" + }, + { + "id": "RjtOspmU6+BMRIMlftOJo6ATMuA=", + "similarityId": 816060275, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 API", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "FISMA 2014", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2017" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 68, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.usr.getText", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 79, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.toString", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 24, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.mDB.execSQL", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "execSQL", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:07Z" + }, + { + "id": "YmC0We6hAbZWhIrrniEWGot4AHQ=", + "similarityId": -722600838, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 API", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "FISMA 2014", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2017" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 102, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.pwd.getText", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 113, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.toString", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 24, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.mDB.execSQL", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "execSQL", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:07Z" + } + ] + }, + { + "queryName": "CSRF", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "mJHdLIgE2fx10ehNLPytxzPTVCo=", + "similarityId": 1268494559, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 352, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 68, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.usr.getText", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 79, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.toString", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 24, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.mDB.execSQL", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "execSQL", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + }, + { + "id": "IJOkZAzX5emCOIeTESXgsNulW2w=", + "similarityId": -443707656, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 352, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 102, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.pwd.getText", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 113, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.toString", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + }, + { + "column": 24, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.mDB.execSQL", + "length": 1, + "line": 67, + "methodLine": 63, + "name": "execSQL", + "domType": "MethodInvokeExpr", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + } + ] + }, + { + "queryName": "Log_Forging", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "Zxmd7VE19ZSJwJVDs00YugwMhwo=", + "similarityId": 2017000979, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 102, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/LogActivity.java", + "fullName": "jakhar.aseem.diva.LogActivity.checkout.cctxt.getText", + "length": 1, + "line": 56, + "methodLine": 49, + "name": "getText", + "domType": "MethodInvokeExpr", + "method": "checkout" + }, + { + "column": 113, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/LogActivity.java", + "fullName": "jakhar.aseem.diva.LogActivity.checkout.toString", + "length": 1, + "line": 56, + "methodLine": 49, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "checkout" + }, + { + "column": 18, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/LogActivity.java", + "fullName": "Log.e", + "length": 1, + "line": 56, + "methodLine": 49, + "name": "e", + "domType": "MethodInvokeExpr", + "method": "checkout" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + } + ] + }, + { + "queryName": "Heap_Inspection", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 4, + "vulnerabilities": [ + { + "id": "nV+sCoSYJnxpcQLod+sD4+I8Z58=", + "similarityId": -1853810714, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 244, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2021" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 18, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage4Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage4Activity.saveCredentials.pwd", + "length": 3, + "line": 55, + "methodLine": 53, + "name": "pwd", + "domType": "Declarator", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + }, + { + "id": "b7tGSONiaSObAFTnmF18NcRIuA4=", + "similarityId": 1375153830, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 244, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2021" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 18, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage3Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage3Activity.saveCredentials.pwd", + "length": 3, + "line": 56, + "methodLine": 54, + "name": "pwd", + "domType": "Declarator", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + }, + { + "id": "1Jfdpc6JtKmb0v3aj8/Jj1QjtYQ=", + "similarityId": 309151078, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 244, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2021" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 18, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage2Activity.saveCredentials.pwd", + "length": 3, + "line": 65, + "methodLine": 63, + "name": "pwd", + "domType": "Declarator", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + }, + { + "id": "udB1urKobWKTYYlRQbAAub1yRAc=", + "similarityId": -756851674, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 244, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2021" + ], + "firstScanId": "hidden", + "nodes": [ + { + "column": 18, + "fileName": "/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage1Activity.java", + "fullName": "jakhar.aseem.diva.InsecureDataStorage1Activity.saveCredentials.pwd", + "length": 3, + "line": 54, + "methodLine": 50, + "name": "pwd", + "domType": "Declarator", + "method": "saveCredentials" + } + ], + "foundDate": "2022-02-25T21:55:08Z", + "firstFoundDate": "2022-02-25T21:55:06Z" + } + ] + } + ] + } + ], + "vulnerabilities": { + "total": 10, + "high": 3, + "medium": 2, + "low": 5, + "info": 0 + } + }, + "sca": null, + "kics": null + } +} diff --git a/unittests/scans/checkmarx/sample_report.json b/unittests/scans/checkmarx/sample_report.json new file mode 100644 index 00000000000..e89acf93bd0 --- /dev/null +++ b/unittests/scans/checkmarx/sample_report.json @@ -0,0 +1,44900 @@ +{ + "reportId": "", + "reportHeader": { + "projectName": "WebGoat", + "createdDate": "", + "tenantId": "", + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z" + }, + "executiveSummary": { + "branchName": "", + "projectName": "WebGoat", + "engines": [ + "SAST", + "SCA", + "KICS" + ], + "riskLevel": "High", + "totalVulnerabilities": 817, + "newVulnerabilities": 669, + "recurrentVulnerabilities": 0, + "vulnerabilitiesPerEngine": { + "KICS": 31, + "SAST": 669, + "SCA": 117 + }, + "resultsTriage": { + "KICS": { + "Confirmed": { + "name": "Confirmed", + "amount": 0, + "percentage": 0 + }, + "Not exploitable": { + "name": "Not exploitable", + "amount": 0, + "percentage": 0 + }, + "To verify": { + "name": "To verify", + "amount": 31, + "percentage": 100 + }, + "Urgent": { + "name": "Urgent", + "amount": 0, + "percentage": 0 + } + }, + "SAST": { + "Confirmed": { + "name": "Confirmed", + "amount": 0, + "percentage": 0 + }, + "Not exploitable": { + "name": "Not exploitable", + "amount": 0, + "percentage": 0 + }, + "To verify": { + "name": "To verify", + "amount": 669, + "percentage": 100 + }, + "Urgent": { + "name": "Urgent", + "amount": 0, + "percentage": 0 + } + }, + "SCA": { + "Confirmed": { + "name": "Confirmed", + "amount": 0, + "percentage": 0 + }, + "Not exploitable": { + "name": "Not exploitable", + "amount": 0, + "percentage": 0 + }, + "To verify": { + "name": "To verify", + "amount": 117, + "percentage": 100 + }, + "Urgent": { + "name": "Urgent", + "amount": 0, + "percentage": 0 + } + } + } + }, + "scanSummary": { + "scanId": "", + "languages": [ + "Java", + "JavaScript", + "Java" + ], + "enginesCount": 3, + "scanCompletedDate": "2022-09-14 11:06:54.009121 +0000 UTC", + "engineTypes": [ + "SAST", + "SCA", + "KICS" + ] + }, + "scanResults": { + "sast": { + "languages": [ + { + "languageName": "Java", + "queries": [ + { + "queryName": "Reflected_XSS_All_Clients", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "", + "similarityId": -1833874157, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 76, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.link", + "length": 4, + "line": 85, + "methodLine": 85, + "name": "link", + "domType": "ParamDecl", + "method": "resetPassword" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.link", + "length": 4, + "line": 89, + "methodLine": 85, + "name": "link", + "domType": "UnknownReference", + "method": "resetPassword" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.form.setResetLink", + "length": 1, + "line": 89, + "methodLine": 85, + "name": "setResetLink", + "domType": "MethodInvokeExpr", + "method": "resetPassword" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.form", + "length": 4, + "line": 89, + "methodLine": 85, + "name": "form", + "domType": "UnknownReference", + "method": "resetPassword" + }, + { + "column": 44, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.form", + "length": 4, + "line": 91, + "methodLine": 85, + "name": "form", + "domType": "UnknownReference", + "method": "resetPassword" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.modelAndView.addObject", + "length": 1, + "line": 91, + "methodLine": 85, + "name": "addObject", + "domType": "MethodInvokeExpr", + "method": "resetPassword" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.modelAndView", + "length": 12, + "line": 91, + "methodLine": 85, + "name": "modelAndView", + "domType": "UnknownReference", + "method": "resetPassword" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.modelAndView", + "length": 12, + "line": 92, + "methodLine": 85, + "name": "modelAndView", + "domType": "UnknownReference", + "method": "resetPassword" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.resetPassword.modelAndView", + "length": 12, + "line": 96, + "methodLine": 85, + "name": "modelAndView", + "domType": "UnknownReference", + "method": "resetPassword" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "nj5k8j0lJP+WGh4c/YwQkYe02ss=", + "similarityId": -1145439153, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.request", + "length": 7, + "line": 69, + "methodLine": 69, + "name": "request", + "domType": "ParamDecl", + "method": "getSha256" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.request", + "length": 7, + "line": 71, + "methodLine": 69, + "name": "request", + "domType": "UnknownReference", + "method": "getSha256" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.request.getSession", + "length": 1, + "line": 71, + "methodLine": 69, + "name": "getSession", + "domType": "MethodInvokeExpr", + "method": "getSha256" + }, + { + "column": 61, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.getAttribute", + "length": 1, + "line": 71, + "methodLine": 69, + "name": "getAttribute", + "domType": "MethodInvokeExpr", + "method": "getSha256" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.sha256", + "length": 6, + "line": 71, + "methodLine": 69, + "name": "sha256", + "domType": "Declarator", + "method": "getSha256" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getSha256.sha256", + "length": 6, + "line": 78, + "methodLine": 69, + "name": "sha256", + "domType": "UnknownReference", + "method": "getSha256" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + } + ] + }, + { + "queryName": "SQL_Injection", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 29, + "vulnerabilities": [ + { + "id": "NwUqWyp8EqzurmxF26/LLruiXMA=", + "similarityId": 1277592223, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.column", + "length": 6, + "line": 67, + "methodLine": 67, + "name": "column", + "domType": "ParamDecl", + "method": "sort" + }, + { + "column": 189, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.column", + "length": 6, + "line": 71, + "methodLine": 67, + "name": "column", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.connection.prepareStatement", + "length": 1, + "line": 71, + "methodLine": 67, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "sort" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement", + "length": 17, + "line": 71, + "methodLine": 67, + "name": "preparedStatement", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement", + "length": 17, + "line": 72, + "methodLine": 67, + "name": "preparedStatement", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement.executeQuery", + "length": 1, + "line": 72, + "methodLine": 67, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "sort" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "VDaUNk3simII5S4NmHsDT2COULY=", + "similarityId": 1179552659, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.username_reg", + "length": 12, + "line": 56, + "methodLine": 56, + "name": "username_reg", + "domType": "ParamDecl", + "method": "registerNewUser" + }, + { + "column": 101, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.username_reg", + "length": 12, + "line": 63, + "methodLine": 56, + "name": "username_reg", + "domType": "UnknownReference", + "method": "registerNewUser" + }, + { + "column": 24, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.checkUserQuery", + "length": 14, + "line": 63, + "methodLine": 56, + "name": "checkUserQuery", + "domType": "Declarator", + "method": "registerNewUser" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.checkUserQuery", + "length": 14, + "line": 65, + "methodLine": 56, + "name": "checkUserQuery", + "domType": "UnknownReference", + "method": "registerNewUser" + }, + { + "column": 61, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.statement.executeQuery", + "length": 1, + "line": 65, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "registerNewUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "bEGSvBn40cp99etnudzTeskzJRQ=", + "similarityId": 1090770047, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.username_login", + "length": 14, + "line": 52, + "methodLine": 52, + "name": "username_login", + "domType": "ParamDecl", + "method": "login" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.username_login", + "length": 14, + "line": 60, + "methodLine": 52, + "name": "username_login", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.connection.prepareStatement", + "length": 1, + "line": 60, + "methodLine": 52, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 60, + "methodLine": 52, + "name": "statement", + "domType": "Declarator", + "method": "login" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 61, + "methodLine": 52, + "name": "statement", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 57, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement.executeQuery", + "length": 1, + "line": 61, + "methodLine": 52, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "Sq8nqOn9ksliTfdr4cra8D/tGEU=", + "similarityId": -1222358298, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.header.get", + "length": 1, + "line": 92, + "methodLine": 91, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + }, + { + "column": 38, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 92, + "methodLine": 91, + "name": "kid", + "domType": "Declarator", + "method": "resolveSigningKeyBytes" + }, + { + "column": 128, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 94, + "methodLine": 91, + "name": "kid", + "domType": "UnknownReference", + "method": "resolveSigningKeyBytes" + }, + { + "column": 85, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.executeQuery", + "length": 1, + "line": 94, + "methodLine": 91, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "dMasGmOGIetxSk68ekAxtkiPt60=", + "similarityId": -487936408, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 89, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.password_login", + "length": 14, + "line": 52, + "methodLine": 52, + "name": "password_login", + "domType": "ParamDecl", + "method": "login" + }, + { + "column": 169, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.password_login", + "length": 14, + "line": 60, + "methodLine": 52, + "name": "password_login", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.connection.prepareStatement", + "length": 1, + "line": 60, + "methodLine": 52, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 60, + "methodLine": 52, + "name": "statement", + "domType": "Declarator", + "method": "login" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 61, + "methodLine": 52, + "name": "statement", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 57, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement.executeQuery", + "length": 1, + "line": 61, + "methodLine": 52, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "Ei3xP8/mkX3R/yJY+3vymDT7u8M=", + "similarityId": -854989740, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm.getPassword", + "length": 1, + "line": 42, + "methodLine": 36, + "name": "getPassword", + "domType": "MethodInvokeExpr", + "method": "registration" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "password", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "password", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "password", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "hwdAkfUuq05WE7mPgy/aeVJVVic=", + "similarityId": -1213859962, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 101, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 48, + "methodLine": 48, + "name": "userId", + "domType": "ParamDecl", + "method": "attack" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId.toUpperCase", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "toUpperCase", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.replace", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.replace", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 50, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 53, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "SYlu22e7ZQydKJFOlC/o1EsyixQ=", + "similarityId": 1348868587, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.completed.query", + "length": 5, + "line": 65, + "methodLine": 65, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.completed.query", + "length": 5, + "line": 66, + "methodLine": 65, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.query", + "length": 5, + "line": 69, + "methodLine": 69, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.query", + "length": 5, + "line": 72, + "methodLine": 69, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 39, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.statement.executeQuery", + "length": 1, + "line": 72, + "methodLine": 69, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "QjEcGfL0C/nJqGFbyed+rpG9t6A=", + "similarityId": 560170763, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 76, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "userForm", + "domType": "ParamDecl", + "method": "registration" + }, + { + "column": 53, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm", + "length": 8, + "line": 42, + "methodLine": 36, + "name": "userForm", + "domType": "UnknownReference", + "method": "registration" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm.getPassword", + "length": 1, + "line": 42, + "methodLine": 36, + "name": "getPassword", + "domType": "MethodInvokeExpr", + "method": "registration" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "password", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "password", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "password", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "Ld33LDETNO7t4JqDyqCZa6DywCg=", + "similarityId": -1985098734, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm.getUsername", + "length": 1, + "line": 42, + "methodLine": 36, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "registration" + }, + { + "column": 32, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.username", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "username", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 63, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.username", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "username", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 31, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.username", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "username", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.username", + "length": 8, + "line": 37, + "methodLine": 36, + "name": "username", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 37, + "methodLine": 36, + "name": "username", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "ClaS/dYKB4IeNMLfN8BFLzJMdoA=", + "similarityId": -224488581, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.completed.query", + "length": 5, + "line": 55, + "methodLine": 55, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.completed.query", + "length": 5, + "line": 56, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.query", + "length": 5, + "line": 59, + "methodLine": 59, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "hXpNcUdb+1RNGMh1RKjsgOgmh+g=", + "similarityId": 976162447, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.completed.query", + "length": 5, + "line": 56, + "methodLine": 56, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.completed.query", + "length": 5, + "line": 57, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 60, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.query", + "length": 5, + "line": 63, + "methodLine": 60, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 63, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "AppbW9Msel0udgMzDLvHtlNPRyU=", + "similarityId": 771832084, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 52, + "methodLine": 52, + "name": "action_string", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 44, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 53, + "methodLine": 52, + "name": "action_string", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 56, + "methodLine": 56, + "name": "action", + "domType": "ParamDecl", + "method": "injectableQueryAvailability" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 58, + "methodLine": 56, + "name": "action", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 58, + "methodLine": 56, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryAvailability" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 63, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.statement.executeQuery", + "length": 1, + "line": 63, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryAvailability" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "JO47Fksp3Lf0U6NtjF9uSsaRHaE=", + "similarityId": 394429562, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser", + "length": 7, + "line": 84, + "methodLine": 84, + "name": "newUser", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser", + "length": 7, + "line": 86, + "methodLine": 84, + "name": "newUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 66, + "methodLine": 65, + "name": "password", + "domType": "MemberAccess", + "method": "getPassword" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser.getPassword", + "length": 1, + "line": 86, + "methodLine": 84, + "name": "getPassword", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "password", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "password", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "password", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "3nR4g8bI5plensWMzuPYb9Pp174=", + "similarityId": -1633692246, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 54, + "methodLine": 54, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 54, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 58, + "methodLine": 58, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 60, + "methodLine": 58, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 66, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 58, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "LzHWOr+Nwoc/cfASFtmoeGZ37pw=", + "similarityId": -1739763877, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 54, + "methodLine": 54, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 54, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 58, + "methodLine": 58, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 60, + "methodLine": 58, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 65, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "CkCN13RajT4GvNG8DQssOLtveyc=", + "similarityId": -948107820, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 86, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.operator", + "length": 8, + "line": 53, + "methodLine": 53, + "name": "operator", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.operator", + "length": 8, + "line": 54, + "methodLine": 53, + "name": "operator", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "tymE1v5za8jVSF79KmPzzyXOFec=", + "similarityId": -971974478, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 55, + "methodLine": 55, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 56, + "methodLine": 55, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 59, + "methodLine": 59, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 61, + "methodLine": 59, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 66, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "TwacogBt89Cxkr9XCmeRSveQQXA=", + "similarityId": 624302635, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 55, + "methodLine": 55, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 56, + "methodLine": 55, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 59, + "methodLine": 59, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 61, + "methodLine": 59, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 65, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "HlRf9TvvdgC3ziiSXdt5iHMr9d8=", + "similarityId": -480479464, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 117, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.injection", + "length": 9, + "line": 53, + "methodLine": 53, + "name": "injection", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 65, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.injection", + "length": 9, + "line": 54, + "methodLine": 53, + "name": "injection", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "JoGYp+WMM+F2eDzq88bL6jo5OGY=", + "similarityId": 2023859267, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 55, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 56, + "methodLine": 55, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 59, + "methodLine": 59, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 61, + "methodLine": 59, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 66, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "5ARXQvKXQLR/nIXD5inzSf115ug=", + "similarityId": -1168534534, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 55, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 56, + "methodLine": 55, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 59, + "methodLine": 59, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 61, + "methodLine": 59, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 65, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "hRmchYUGCLSdirDVEUl4GfEod6U=", + "similarityId": -908268143, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.completed.query", + "length": 5, + "line": 56, + "methodLine": 56, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.completed.query", + "length": 5, + "line": 57, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 60, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.query", + "length": 5, + "line": 65, + "methodLine": 60, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 65, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "H+P7ddS/91Y/BBZAyRE9jq8c+b8=", + "similarityId": 20310877, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 89, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 48, + "methodLine": 48, + "name": "userId", + "domType": "ParamDecl", + "method": "attack" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 52, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "JBveLxSHp51tpxqzTrWMDn8S8vU=", + "similarityId": -1667851874, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.completed.userid", + "length": 6, + "line": 51, + "methodLine": 51, + "name": "userid", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 45, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.completed.userid", + "length": 6, + "line": 52, + "methodLine": 51, + "name": "userid", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.accountName", + "length": 11, + "line": 55, + "methodLine": 55, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 55, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.queryString", + "length": 11, + "line": 56, + "methodLine": 55, + "name": "queryString", + "domType": "Declarator", + "method": "injectableQuery" + }, + { + "column": 67, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.queryString", + "length": 11, + "line": 58, + "methodLine": 55, + "name": "queryString", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.connection.prepareStatement", + "length": 1, + "line": 58, + "methodLine": 55, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 58, + "methodLine": 55, + "name": "query", + "domType": "Declarator", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 68, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 71, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query.executeQuery", + "length": 1, + "line": 71, + "methodLine": 55, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "cGETeFnpt0/I43yu8rmfW1gTZlY=", + "similarityId": -1825853279, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.account", + "length": 7, + "line": 53, + "methodLine": 53, + "name": "account", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.account", + "length": 7, + "line": 54, + "methodLine": 53, + "name": "account", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "74f8NzK0ExHNjQa3n3ioYwz+YfE=", + "similarityId": 1675057915, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 54, + "methodLine": 54, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 55, + "methodLine": 54, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 58, + "methodLine": 58, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 60, + "methodLine": 58, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 66, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 58, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "8saFqygwSdGyNBetzZbA9G/jktU=", + "similarityId": 605875882, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 54, + "methodLine": 54, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 55, + "methodLine": 54, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 58, + "methodLine": 58, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 60, + "methodLine": 58, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 65, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "sNeLeveSjUV7tp0NdQjJRF/drv4=", + "similarityId": -2058767441, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2021", + "ASD STIG 4.10", + "OWASP Top 10 API", + "FISMA 2014", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.completed.userid_6a", + "length": 9, + "line": 51, + "methodLine": 51, + "name": "userid_6a", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.completed.userid_6a", + "length": 9, + "line": 52, + "methodLine": 51, + "name": "userid_6a", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + } + ] + }, + { + "queryName": "Second_Order_SQL_Injection", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "Sc0yXBBd2OnBtR9XJbkMxeHt0nY=", + "similarityId": 209503881, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 77, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "BinaryExpr", + "domType": "BinaryExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835171 + } + } + ] + }, + { + "queryName": "Reflected_XSS_All_Clients", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "mzJDXqhEBVK7837U9CSJl2XdD5U=", + "similarityId": -417271855, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.request", + "length": 7, + "line": 50, + "methodLine": 50, + "name": "request", + "domType": "ParamDecl", + "method": "getPrivateKey" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.request", + "length": 7, + "line": 52, + "methodLine": 50, + "name": "request", + "domType": "UnknownReference", + "method": "getPrivateKey" + }, + { + "column": 50, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.request.getSession", + "length": 1, + "line": 52, + "methodLine": 50, + "name": "getSession", + "domType": "MethodInvokeExpr", + "method": "getPrivateKey" + }, + { + "column": 65, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.getAttribute", + "length": 1, + "line": 52, + "methodLine": 50, + "name": "getAttribute", + "domType": "MethodInvokeExpr", + "method": "getPrivateKey" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.privateKey", + "length": 10, + "line": 52, + "methodLine": 50, + "name": "privateKey", + "domType": "Declarator", + "method": "getPrivateKey" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.getPrivateKey.privateKey", + "length": 10, + "line": 59, + "methodLine": 50, + "name": "privateKey", + "domType": "UnknownReference", + "method": "getPrivateKey" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + }, + { + "id": "3VXnu2XCtES3sSuayJ5Pc4VpNdA=", + "similarityId": 362104373, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "Java_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.request", + "length": 7, + "line": 49, + "methodLine": 49, + "name": "request", + "domType": "ParamDecl", + "method": "getMd5" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.request", + "length": 7, + "line": 51, + "methodLine": 49, + "name": "request", + "domType": "UnknownReference", + "method": "getMd5" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.request.getSession", + "length": 1, + "line": 51, + "methodLine": 49, + "name": "getSession", + "domType": "MethodInvokeExpr", + "method": "getMd5" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.getAttribute", + "length": 1, + "line": 51, + "methodLine": 49, + "name": "getAttribute", + "domType": "MethodInvokeExpr", + "method": "getMd5" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.md5Hash", + "length": 7, + "line": 51, + "methodLine": 49, + "name": "md5Hash", + "domType": "Declarator", + "method": "getMd5" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.HashingAssignment.getMd5.md5Hash", + "length": 7, + "line": 64, + "methodLine": 49, + "name": "md5Hash", + "domType": "UnknownReference", + "method": "getMd5" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + } + ] + } + ] + }, + { + "languageName": "JavaScript", + "queries": [ + { + "queryName": "Client_DOM_XSS", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "UovVSTGNybfkYXXy5ulcVIjBGJo=", + "similarityId": 737398481, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/backbone-min.js", + "fullName": "window.location", + "length": 8, + "line": 1188, + "methodLine": 1184, + "name": "location", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 18, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/backbone-min.js", + "fullName": "location", + "length": 8, + "line": 1188, + "methodLine": 1184, + "name": "location", + "domType": "MemberAccess", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + } + ] + }, + { + "queryName": "Client_DOM_Stored_XSS", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 9, + "vulnerabilities": [ + { + "id": "vsk0fU3uUxrKUsOyLNOo6uyBeyg=", + "similarityId": -2108557613, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.result", + "length": 6, + "line": 43, + "methodLine": 43, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.result", + "length": 6, + "line": 56, + "methodLine": 43, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.result.average", + "length": 7, + "line": 56, + "methodLine": 43, + "name": "average", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate.replace", + "length": 7, + "line": 56, + "methodLine": 43, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 56, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 59, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate.replace", + "length": 7, + "line": 59, + "methodLine": 43, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 59, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 61, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate.replace", + "length": 7, + "line": 61, + "methodLine": 43, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 61, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "CxJSNS_90d902d2.getVotings.Lambda.voteTemplate", + "length": 12, + "line": 63, + "methodLine": 43, + "name": "voteTemplate", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js", + "fullName": "append", + "length": 6, + "line": 63, + "methodLine": 43, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "cqDJ7Nx6xobJqA4bT4ZQGZ3012o=", + "similarityId": -407799786, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.result", + "length": 6, + "line": 17, + "methodLine": 17, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.result", + "length": 6, + "line": 32, + "methodLine": 17, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.result.Salary", + "length": 6, + "line": 32, + "methodLine": 17, + "name": "Salary", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 32, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 33, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 33, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 35, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 35, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.html", + "length": 4, + "line": 38, + "methodLine": 17, + "name": "html", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js", + "fullName": "CxJSNS_72944e37.ajaxFunction.Lambda.newdiv.innerHTML", + "length": 9, + "line": 38, + "methodLine": 17, + "name": "innerHTML", + "domType": "MemberAccess", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "03XlBcP4moMmBl1/KbfRyeYfWvc=", + "similarityId": 797708046, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.result", + "length": 6, + "line": 72, + "methodLine": 72, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 50, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.result", + "length": 6, + "line": 77, + "methodLine": 72, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.result.text", + "length": 4, + "line": 77, + "methodLine": 72, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment.replace", + "length": 7, + "line": 77, + "methodLine": 72, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment", + "length": 7, + "line": 77, + "methodLine": 72, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment", + "length": 7, + "line": 78, + "methodLine": 72, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "append", + "length": 6, + "line": 78, + "methodLine": 72, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "QoDt573OWsMt9rFu5pDLqZRB7Ys=", + "similarityId": 1662801704, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.result", + "length": 6, + "line": 43, + "methodLine": 43, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.result", + "length": 6, + "line": 56, + "methodLine": 43, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.result.description", + "length": 11, + "line": 56, + "methodLine": 43, + "name": "description", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.server.replace", + "length": 7, + "line": 56, + "methodLine": 43, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.server", + "length": 6, + "line": 56, + "methodLine": 43, + "name": "server", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 34, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "CxJSNS_61d33ecd.getServers.Lambda.server", + "length": 6, + "line": 57, + "methodLine": 43, + "name": "server", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 27, + "fileName": "/webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js", + "fullName": "append", + "length": 6, + "line": 57, + "methodLine": 43, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "L/+gm5p0S3b3dvMxrJdTGilo5JE=", + "similarityId": 1359913399, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.result", + "length": 6, + "line": 35, + "methodLine": 35, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.result", + "length": 6, + "line": 40, + "methodLine": 35, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.result.stars", + "length": 5, + "line": 40, + "methodLine": 35, + "name": "stars", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment.replace", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 41, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "append", + "length": 6, + "line": 41, + "methodLine": 35, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "aj/EavSSo6NBVEwB2GnZh+IsuOE=", + "similarityId": 646471811, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 58, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.result", + "length": 6, + "line": 35, + "methodLine": 35, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 54, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.result", + "length": 6, + "line": 39, + "methodLine": 35, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 64, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.result.text", + "length": 4, + "line": 39, + "methodLine": 35, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment.replace", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "append", + "length": 6, + "line": 40, + "methodLine": 35, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "0iQrWPRkCSTEAqQecwKdkOH/jFI=", + "similarityId": 1925253312, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "CxJSNS_a9cb656c.doVote.Lambda.result", + "length": 6, + "line": 46, + "methodLine": 46, + "name": "result", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 34, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "CxJSNS_a9cb656c.doVote.Lambda.result", + "length": 6, + "line": 52, + "methodLine": 46, + "name": "result", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "CxJSNS_a9cb656c.doVote.Lambda.result.message", + "length": 7, + "line": 52, + "methodLine": 46, + "name": "message", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "html", + "length": 4, + "line": 52, + "methodLine": 46, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "nMEBNhah4B1oCYbv2ylfHip1qSU=", + "similarityId": 15011039, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 69, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js", + "fullName": "CxJSNS_8cd9229b.Lambda.CxAssociativeArray_75dc0652.Cxc09a0906.Lambda.reply", + "length": 5, + "line": 56, + "methodLine": 56, + "name": "reply", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js", + "fullName": "CxJSNS_8cd9229b.Lambda.CxAssociativeArray_75dc0652.Cxc09a0906.Lambda.reply", + "length": 5, + "line": 57, + "methodLine": 56, + "name": "reply", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js", + "fullName": "CxJSNS_8cd9229b.Lambda.CxAssociativeArray_75dc0652.Cxc09a0906.Lambda.html", + "length": 4, + "line": 57, + "methodLine": 56, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "z/GyosIPjRBcLFDS2L9zN7vyAkg=", + "similarityId": 1959005240, + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "groupName": "JavaScript_High_Risk", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 43, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "CxJSNS_a9cb656c.loadVotes.Lambda.votes", + "length": 5, + "line": 7, + "methodLine": 7, + "name": "votes", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "CxJSNS_a9cb656c.loadVotes.Lambda.votes", + "length": 5, + "line": 18, + "methodLine": 7, + "name": "votes", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/challenge/src/main/resources/js/challenge8.js", + "fullName": "html", + "length": 4, + "line": 18, + "methodLine": 7, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + } + ] + }, + { + "queryName": "Unchecked_Input_For_Loop_Condition", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 3, + "vulnerabilities": [ + { + "id": "4YLn3NYzsINKcgbNIeodmv5EH08=", + "similarityId": 481713126, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 606, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 249, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.req.get", + "length": 3, + "line": 469, + "methodLine": 469, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 72, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "length": 8, + "line": 469, + "methodLine": 467, + "name": "MethodInvokeExpr", + "domType": "MethodInvokeExpr", + "method": "s" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.hasProp.e", + "length": 1, + "line": 41, + "methodLine": 41, + "name": "e", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 9, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "length": 6, + "line": 41, + "methodLine": 40, + "name": "MethodInvokeExpr", + "domType": "MethodInvokeExpr", + "method": "hasProp" + }, + { + "column": 16, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.hasProp", + "length": 7, + "line": 44, + "methodLine": 43, + "name": "hasProp", + "domType": "MethodInvokeExpr", + "method": "getOwn" + }, + { + "column": 38, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.getOwn", + "length": 6, + "line": 348, + "methodLine": 347, + "name": "getOwn", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_e969c163.Cxef6bd519.Lambda.r", + "length": 1, + "line": 348, + "methodLine": 347, + "name": "r", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 60, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_e969c163.Cxef6bd519.Lambda.Lambda", + "length": 8, + "line": 365, + "methodLine": 365, + "name": "Lambda", + "domType": "LambdaExpr", + "method": "Lambda" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_e969c163.Cxef6bd519.Lambda.r", + "length": 1, + "line": 365, + "methodLine": 365, + "name": "r", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 33, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.e", + "length": 1, + "line": 515, + "methodLine": 515, + "name": "e", + "domType": "ParamDecl", + "method": "Cx7ca09452" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.e", + "length": 1, + "line": 520, + "methodLine": 515, + "name": "e", + "domType": "UnknownReference", + "method": "Cx7ca09452" + }, + { + "column": 50, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.e.split", + "length": 5, + "line": 520, + "methodLine": 515, + "name": "split", + "domType": "MethodInvokeExpr", + "method": "Cx7ca09452" + }, + { + "column": 62, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.length", + "length": 6, + "line": 520, + "methodLine": 515, + "name": "length", + "domType": "MemberAccess", + "method": "Cx7ca09452" + }, + { + "column": 39, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.o", + "length": 1, + "line": 520, + "methodLine": 515, + "name": "o", + "domType": "UnknownReference", + "method": "Cx7ca09452" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/require.min.js", + "fullName": "CxJSNS_a6e0da7a.Lambda.newContext.Lambda.CxAssociativeArray_527858af.Cx7ca09452.o", + "length": 1, + "line": 520, + "methodLine": 515, + "name": "o", + "domType": "UnknownReference", + "method": "Cx7ca09452" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835171 + } + }, + { + "id": "rGJnIyHBiu4l7ZcEHr/F9bljYUk=", + "similarityId": 1885451210, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 606, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 22, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.e.data", + "length": 4, + "line": 21094, + "methodLine": 21090, + "name": "data", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold", + "length": 4, + "line": 21094, + "methodLine": 21090, + "name": "fold", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold", + "length": 4, + "line": 21096, + "methodLine": 21090, + "name": "fold", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold.end", + "length": 3, + "line": 21096, + "methodLine": 21090, + "name": "end", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold.end.row", + "length": 3, + "line": 21096, + "methodLine": 21090, + "name": "row", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.end", + "length": 3, + "line": 21096, + "methodLine": 21090, + "name": "end", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.end", + "length": 3, + "line": 21098, + "methodLine": 21090, + "name": "end", + "domType": "UnknownReference", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835171 + } + }, + { + "id": "UyNmlsdHAExzYbN6hyg+3Ut+qeo=", + "similarityId": 1666596492, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 606, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 22, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.e.data", + "length": 4, + "line": 21094, + "methodLine": 21090, + "name": "data", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold", + "length": 4, + "line": 21094, + "methodLine": 21090, + "name": "fold", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold", + "length": 4, + "line": 21095, + "methodLine": 21090, + "name": "fold", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 26, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold.start", + "length": 5, + "line": 21095, + "methodLine": 21090, + "name": "start", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 32, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.fold.start.row", + "length": 3, + "line": 21095, + "methodLine": 21090, + "name": "row", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.start", + "length": 5, + "line": 21095, + "methodLine": 21090, + "name": "start", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 22, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.start", + "length": 5, + "line": 21098, + "methodLine": 21090, + "name": "start", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 18, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.i", + "length": 1, + "line": 21098, + "methodLine": 21090, + "name": "i", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 33, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.Lambda.i", + "length": 1, + "line": 21098, + "methodLine": 21090, + "name": "i", + "domType": "UnknownReference", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835171 + } + } + ] + }, + { + "queryName": "Client_Potential_XSS", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 23, + "vulnerabilities": [ + { + "id": "3zZsHmbx8TzaGon5u4BbP934OnY=", + "similarityId": -4633378, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 55, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 68, + "methodLine": 64, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "pnDo9yzY8vZnLIbvF5Cl93ejAfE=", + "similarityId": 1624643614, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 69, + "methodLine": 64, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "qynTDfOQlOdYIVltfKvQZ8ucrVg=", + "similarityId": 1858978958, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 23, + "methodLine": 18, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "fUDLh0cCsYVUsXY3VnfDdz08+bo=", + "similarityId": 1863737738, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 54, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 24, + "methodLine": 18, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "7uuLaMjn4l0lrqQmRukounsiVVo=", + "similarityId": 1213974974, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 39, + "methodLine": 35, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "IcpzfkjsdI+6CkTyELv6NDFrbpc=", + "similarityId": -2101899042, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 55, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 70, + "methodLine": 64, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "gOjRi5pak/oMXr/zj3O6ZjC0NvA=", + "similarityId": -407401794, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 40, + "methodLine": 35, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "+8pYEeUZ5N2Qfv3nxLe02LHGgsQ=", + "similarityId": 1269419902, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 6, + "methodLine": 1, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "5y5Gs2Gd0nMYIRfZRVlE7JyNJvM=", + "similarityId": 1425302974, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 41, + "methodLine": 35, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "SaJ2NYLsE0zCUgZCV0TOgw4jb3s=", + "similarityId": -389086466, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 7, + "methodLine": 1, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "0AuOl5JQQUZ/3z1KyOPpsuac6p4=", + "similarityId": -1157893250, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 8, + "methodLine": 1, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "+PtY7h7h0h78DO54F5QBPdhw2ag=", + "similarityId": 1799898510, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 54, + "fileName": "/webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js", + "fullName": "val", + "length": 3, + "line": 22, + "methodLine": 18, + "name": "val", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "iTFPWxONPRSrXVin5fYShgPjpYU=", + "similarityId": -2000480784, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 81, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 107, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.contentType", + "length": 11, + "line": 107, + "methodLine": 86, + "name": "contentType", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 78, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.contentType", + "length": 11, + "line": 115, + "methodLine": 86, + "name": "contentType", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.contentType", + "length": 11, + "line": 115, + "methodLine": 86, + "name": "contentType", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 125, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 40, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.output", + "length": 6, + "line": 125, + "methodLine": 123, + "name": "output", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 183, + "methodLine": 183, + "name": "output", + "domType": "ParamDecl", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 184, + "methodLine": 183, + "name": "output", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 184, + "methodLine": 183, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 184, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 185, + "methodLine": 183, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx36c35add" + }, + { + "column": 33, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.$curOutput.html", + "length": 4, + "line": 185, + "methodLine": 183, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "qrxdnqsqNMLFbuRJSVBe7D5hKZM=", + "similarityId": 2024776044, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 81, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 107, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.contentType", + "length": 11, + "line": 107, + "methodLine": 86, + "name": "contentType", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 78, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.contentType", + "length": 11, + "line": 115, + "methodLine": 86, + "name": "contentType", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.contentType", + "length": 11, + "line": 115, + "methodLine": 86, + "name": "contentType", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 124, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.feedback", + "length": 8, + "line": 124, + "methodLine": 123, + "name": "feedback", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 39, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 176, + "methodLine": 176, + "name": "feedback", + "domType": "ParamDecl", + "method": "Cx16296f00" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 177, + "methodLine": 176, + "name": "feedback", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 177, + "methodLine": 176, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 177, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 54, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 178, + "methodLine": 176, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx16296f00" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.$curFeedback.html", + "length": 4, + "line": 178, + "methodLine": 176, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "8KWa3ol6EFcWuI9neS/kQRHwQ3w=", + "similarityId": 815003301, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 106, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formMethod", + "length": 10, + "line": 106, + "methodLine": 86, + "name": "formMethod", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formMethod", + "length": 10, + "line": 113, + "methodLine": 86, + "name": "formMethod", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.method", + "length": 6, + "line": 113, + "methodLine": 86, + "name": "method", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 125, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 40, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.output", + "length": 6, + "line": 125, + "methodLine": 123, + "name": "output", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 183, + "methodLine": 183, + "name": "output", + "domType": "ParamDecl", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 184, + "methodLine": 183, + "name": "output", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 184, + "methodLine": 183, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 184, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 185, + "methodLine": 183, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx36c35add" + }, + { + "column": 33, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.$curOutput.html", + "length": 4, + "line": 185, + "methodLine": 183, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "s5MEuG856qsv+1mTpfxueueECK8=", + "similarityId": -551524767, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 106, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formMethod", + "length": 10, + "line": 106, + "methodLine": 86, + "name": "formMethod", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formMethod", + "length": 10, + "line": 113, + "methodLine": 86, + "name": "formMethod", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.method", + "length": 6, + "line": 113, + "methodLine": 86, + "name": "method", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 124, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.feedback", + "length": 8, + "line": 124, + "methodLine": 123, + "name": "feedback", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 39, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 176, + "methodLine": 176, + "name": "feedback", + "domType": "ParamDecl", + "method": "Cx16296f00" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 177, + "methodLine": 176, + "name": "feedback", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 177, + "methodLine": 176, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 177, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 54, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 178, + "methodLine": 176, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx16296f00" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.$curFeedback.html", + "length": 4, + "line": 178, + "methodLine": 176, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "od2y6bGlGlR9izlZgO1+CSUeOEM=", + "similarityId": -730263490, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 105, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formUrl", + "length": 7, + "line": 105, + "methodLine": 86, + "name": "formUrl", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 26, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formUrl", + "length": 7, + "line": 111, + "methodLine": 86, + "name": "formUrl", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.url", + "length": 3, + "line": 111, + "methodLine": 86, + "name": "url", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 125, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 40, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.output", + "length": 6, + "line": 125, + "methodLine": 123, + "name": "output", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 183, + "methodLine": 183, + "name": "output", + "domType": "ParamDecl", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.output", + "length": 6, + "line": 184, + "methodLine": 183, + "name": "output", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 184, + "methodLine": 183, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 184, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.s", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "s", + "domType": "UnknownReference", + "method": "Cx36c35add" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 185, + "methodLine": 183, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx36c35add" + }, + { + "column": 33, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx36c35add.$curOutput.html", + "length": 4, + "line": 185, + "methodLine": 183, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx36c35add" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "dvaZ58LQ0bKahTYp9sIQIODal/o=", + "similarityId": 1554524474, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.attr", + "length": 4, + "line": 105, + "methodLine": 86, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formUrl", + "length": 7, + "line": 105, + "methodLine": 86, + "name": "formUrl", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 26, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.formUrl", + "length": 7, + "line": 111, + "methodLine": 86, + "name": "formUrl", + "domType": "UnknownReference", + "method": "Cx487f1859" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.CxAssociativeArray_285e05df.url", + "length": 3, + "line": 111, + "methodLine": 86, + "name": "url", + "domType": "Declarator", + "method": "Cx487f1859" + }, + { + "column": 19, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.$.ajax", + "length": 4, + "line": 110, + "methodLine": 86, + "name": "ajax", + "domType": "MethodInvokeExpr", + "method": "Cx487f1859" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 117, + "methodLine": 117, + "name": "data", + "domType": "ParamDecl", + "method": "Lambda" + }, + { + "column": 44, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx487f1859.Lambda.data", + "length": 4, + "line": 118, + "methodLine": 117, + "name": "data", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 123, + "methodLine": 123, + "name": "data", + "domType": "ParamDecl", + "method": "Cxe1f4fc01" + }, + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data", + "length": 4, + "line": 124, + "methodLine": 123, + "name": "data", + "domType": "UnknownReference", + "method": "Cxe1f4fc01" + }, + { + "column": 42, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxe1f4fc01.data.feedback", + "length": 8, + "line": 124, + "methodLine": 123, + "name": "feedback", + "domType": "MemberAccess", + "method": "Cxe1f4fc01" + }, + { + "column": 39, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 176, + "methodLine": 176, + "name": "feedback", + "domType": "ParamDecl", + "method": "Cx16296f00" + }, + { + "column": 52, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.feedback", + "length": 8, + "line": 177, + "methodLine": 176, + "name": "feedback", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 169, + "methodLine": 169, + "name": "str", + "domType": "ParamDecl", + "method": "Cxc1baa99a" + }, + { + "column": 24, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str", + "length": 3, + "line": 173, + "methodLine": 169, + "name": "str", + "domType": "UnknownReference", + "method": "Cxc1baa99a" + }, + { + "column": 28, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cxc1baa99a.str.replace", + "length": 7, + "line": 173, + "methodLine": 169, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Cxc1baa99a" + }, + { + "column": 30, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.removeSlashesFromJSON", + "length": 21, + "line": 177, + "methodLine": 176, + "name": "removeSlashesFromJSON", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 177, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.s", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "s", + "domType": "UnknownReference", + "method": "Cx16296f00" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "polyglot.t", + "length": 1, + "line": 178, + "methodLine": 176, + "name": "t", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + }, + { + "column": 54, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "||", + "length": 2, + "line": 178, + "methodLine": 176, + "name": "||", + "domType": "BinaryExpr", + "method": "Cx16296f00" + }, + { + "column": 35, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js", + "fullName": "CxJSNS_bd79d808.Lambda.CxAssociativeArray_77200b93.Cx16296f00.$curFeedback.html", + "length": 4, + "line": 178, + "methodLine": 176, + "name": "html", + "domType": "MethodInvokeExpr", + "method": "Cx16296f00" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "pdis28brX1bpUfI6osg9H5mLlgs=", + "similarityId": 578088414, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.result.text", + "length": 4, + "line": 39, + "methodLine": 35, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment.replace", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 27, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment.replace", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "CxJSNS_d31b2f83.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 41, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js", + "fullName": "append", + "length": 6, + "line": 41, + "methodLine": 35, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "adJOwEl9TYLUpuESwr2H9Li534c=", + "similarityId": -254706405, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 60, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.result.text", + "length": 4, + "line": 77, + "methodLine": 72, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment.replace", + "length": 7, + "line": 77, + "methodLine": 72, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment", + "length": 7, + "line": 77, + "methodLine": 72, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "CxJSNS_e0f60d96.getComments.Lambda.comment", + "length": 7, + "line": 78, + "methodLine": 72, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/xxe/src/main/resources/js/xxe.js", + "fullName": "append", + "length": 6, + "line": 78, + "methodLine": 72, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "0fsn+sQr1MXakN4X6+UYAYOKcto=", + "similarityId": -33967822, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.result.text", + "length": 4, + "line": 39, + "methodLine": 35, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment.replace", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 39, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "CxJSNS_70d1cba1.anony_e678f16e.getChallenges.Lambda.comment", + "length": 7, + "line": 40, + "methodLine": 35, + "name": "comment", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js", + "fullName": "append", + "length": 6, + "line": 40, + "methodLine": 35, + "name": "append", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "idAXkO+xyqC1TmJ1ghRteHL8gV8=", + "similarityId": -823138006, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js", + "fullName": "attr", + "length": 4, + "line": 9, + "methodLine": 8, + "name": "attr", + "domType": "MethodInvokeExpr", + "method": "anony_89492630" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js", + "fullName": "CxJSNS_4aab3e94.anony_e678f16e.anony_89492630.clase", + "length": 5, + "line": 9, + "methodLine": 8, + "name": "clase", + "domType": "UnknownReference", + "method": "anony_89492630" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js", + "fullName": "CxJSNS_4aab3e94.anony_e678f16e.anony_89492630.clase", + "length": 5, + "line": 11, + "methodLine": 8, + "name": "clase", + "domType": "UnknownReference", + "method": "anony_89492630" + }, + { + "column": 15, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js", + "length": 1, + "line": 11, + "methodLine": 8, + "name": "BinaryExpr", + "domType": "BinaryExpr", + "method": "anony_89492630" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js", + "fullName": "$", + "length": 1, + "line": 11, + "methodLine": 8, + "name": "$", + "domType": "MethodInvokeExpr", + "method": "anony_89492630" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + }, + { + "id": "OKQRWM+49NGasy/arIbgRSl9zNA=", + "similarityId": 928061984, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "JavaScript_Medium_Threat", + "cweId": 79, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.gutterAnno.text", + "length": 4, + "line": 21469, + "methodLine": 21415, + "name": "text", + "domType": "MemberAccess", + "method": "Lambda" + }, + { + "column": 36, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.gutterAnno.text.join", + "length": 4, + "line": 21469, + "methodLine": 21415, + "name": "join", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 8, + "fileName": "/webgoat-container/src/main/resources/static/js/libs/ace.js", + "fullName": "CxJSNS_64c1e832.Lambda.el.innerHTML", + "length": 9, + "line": 21469, + "methodLine": 21415, + "name": "innerHTML", + "domType": "MemberAccess", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835162 + } + } + ] + }, + { + "queryName": "Use_Of_Hardcoded_Password", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 4, + "vulnerabilities": [ + { + "id": "y4z5YxMHNGXi81ILWHPEITPKA7I=", + "similarityId": -1898061958, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "JavaScript_Server_Side_Vulnerabilities", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js", + "fullName": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "length": 42, + "line": 5, + "methodLine": 1, + "name": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "domType": "StringLiteral", + "method": "submit_secret_credentials" + }, + { + "column": 6, + "fileName": "/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_9318e351.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 229, + "fileName": "/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_9318e351.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 220, + "fileName": "/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_9318e351.submit_secret_credentials.CxAssociativeArray_538b1361.password", + "length": 8, + "line": 5, + "methodLine": 1, + "name": "password", + "domType": "Declarator", + "method": "submit_secret_credentials" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192259 + } + }, + { + "id": "5nF3R4H0eg3rCUh94PafsgzlYvQ=", + "similarityId": -1898061958, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "JavaScript_Server_Side_Vulnerabilities", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/ssrf/src/main/resources/js/credentials.js", + "fullName": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "length": 42, + "line": 5, + "methodLine": 1, + "name": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "domType": "StringLiteral", + "method": "submit_secret_credentials" + }, + { + "column": 6, + "fileName": "/webgoat-lessons/ssrf/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_2ba30735.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 229, + "fileName": "/webgoat-lessons/ssrf/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_2ba30735.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 220, + "fileName": "/webgoat-lessons/ssrf/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_2ba30735.submit_secret_credentials.CxAssociativeArray_538b1361.password", + "length": 8, + "line": 5, + "methodLine": 1, + "name": "password", + "domType": "Declarator", + "method": "submit_secret_credentials" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192259 + } + }, + { + "id": "hmzdm4BukWf3ml+b6aN4covkkIQ=", + "similarityId": -1898061958, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "JavaScript_Server_Side_Vulnerabilities", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js", + "fullName": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "length": 42, + "line": 5, + "methodLine": 1, + "name": "\"\\x42\\x6C\\x61\\x63\\x6B\\x50\\x65\\x61\\x72\\x6C\"", + "domType": "StringLiteral", + "method": "submit_secret_credentials" + }, + { + "column": 6, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_e690f9b1.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 229, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_e690f9b1.submit_secret_credentials._0xb7f9", + "length": 7, + "line": 5, + "methodLine": 1, + "name": "_0xb7f9", + "domType": "UnknownReference", + "method": "submit_secret_credentials" + }, + { + "column": 220, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js", + "fullName": "CxJSNS_e690f9b1.submit_secret_credentials.CxAssociativeArray_538b1361.password", + "length": 8, + "line": 5, + "methodLine": 1, + "name": "password", + "domType": "Declarator", + "method": "submit_secret_credentials" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192259 + } + }, + { + "id": "lFrhGc6fkX5phKvtgtFxC3vG+hk=", + "similarityId": 1881820985, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "JavaScript_Server_Side_Vulnerabilities", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js", + "fullName": "\"bm5nhSkxCXZkKRy4\"", + "length": 18, + "line": 10, + "methodLine": 5, + "name": "\"bm5nhSkxCXZkKRy4\"", + "domType": "StringLiteral", + "method": "login" + }, + { + "column": 43, + "fileName": "/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js", + "fullName": "CxJSNS_87e3ddf1.login.CxAssociativeArray_a8018e1d.CxAssociativeArray_8fdaeec1.password", + "length": 8, + "line": 10, + "methodLine": 5, + "name": "password", + "domType": "Declarator", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192259 + } + } + ] + }, + { + "queryName": "Missing_CSP_Header", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "go6NoHCnAkQrER4DwXqkmQyiHvM=", + "similarityId": -765791731, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "JavaScript_Server_Side_Vulnerabilities", + "cweId": 346, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-container/src/main/resources/static/js/goatApp/templates/lesson_overview.html", + "fullName": "CxOutput", + "length": 8, + "line": 3, + "methodLine": 2, + "name": "CxOutput", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + } + ] + } + ] + }, + { + "languageName": "Java", + "queries": [ + { + "queryName": "Use_of_a_One_Way_Hash_with_a_Predictable_Salt", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "rEgvo1BzDiFn8R022ABwdVA9n00=", + "similarityId": -591965996, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 760, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "org.owasp.webgoat.missing_ac.DisplayUser.genUserHash.password", + "length": 8, + "line": 65, + "methodLine": 62, + "name": "password", + "domType": "UnknownReference", + "method": "genUserHash" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "org.owasp.webgoat.missing_ac.DisplayUser.genUserHash.salted", + "length": 6, + "line": 65, + "methodLine": 62, + "name": "salted", + "domType": "Declarator", + "method": "genUserHash" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "org.owasp.webgoat.missing_ac.DisplayUser.genUserHash.salted", + "length": 6, + "line": 67, + "methodLine": 62, + "name": "salted", + "domType": "UnknownReference", + "method": "genUserHash" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "org.owasp.webgoat.missing_ac.DisplayUser.genUserHash.salted.getBytes", + "length": 1, + "line": 67, + "methodLine": 62, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "genUserHash" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "org.owasp.webgoat.missing_ac.DisplayUser.genUserHash.md.digest", + "length": 1, + "line": 67, + "methodLine": 62, + "name": "digest", + "domType": "MethodInvokeExpr", + "method": "genUserHash" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835173 + } + } + ] + }, + { + "queryName": "Session_Fixation", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "YVHuvVPiAeGiFjfjeuLN2AWAONI=", + "similarityId": 1523417065, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 384, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java", + "fullName": "org.owasp.webgoat.controller.Welcome.welcome.session.setAttribute", + "length": 1, + "line": 67, + "methodLine": 60, + "name": "setAttribute", + "domType": "MethodInvokeExpr", + "method": "welcome" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1651835169 + } + } + ] + }, + { + "queryName": "Parameter_Tampering", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "x/wUaiegYTFzj1IexeSCUvAJaxc=", + "similarityId": 1577405871, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 472, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 52, + "methodLine": 52, + "name": "action_string", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 44, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 53, + "methodLine": 52, + "name": "action_string", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 56, + "methodLine": 56, + "name": "action", + "domType": "ParamDecl", + "method": "injectableQueryAvailability" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 58, + "methodLine": 56, + "name": "action", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 58, + "methodLine": 56, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryAvailability" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 63, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.statement.executeQuery", + "length": 1, + "line": 63, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryAvailability" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835167 + } + }, + { + "id": "nPysGBX4nRP55dXrMA07dYBGtWQ=", + "similarityId": 1513077149, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 472, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.header.get", + "length": 1, + "line": 92, + "methodLine": 91, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + }, + { + "column": 38, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 92, + "methodLine": 91, + "name": "kid", + "domType": "Declarator", + "method": "resolveSigningKeyBytes" + }, + { + "column": 128, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 94, + "methodLine": 91, + "name": "kid", + "domType": "UnknownReference", + "method": "resolveSigningKeyBytes" + }, + { + "column": 85, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.executeQuery", + "length": 1, + "line": 94, + "methodLine": 91, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835167 + } + } + ] + }, + { + "queryName": "HttpOnlyCookies", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "ov7HZExB58HYgCYzh7CSPmkeaEA=", + "similarityId": 401131506, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 1004, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 105, + "methodLine": 96, + "name": "cookie", + "domType": "Declarator", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 106, + "methodLine": 96, + "name": "cookie", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.addCookie", + "length": 1, + "line": 106, + "methodLine": 96, + "name": "addCookie", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835164 + } + }, + { + "id": "iSQCdGBsskUYFh+fBiom2eBi4AQ=", + "similarityId": -533612491, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 1004, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 110, + "methodLine": 96, + "name": "cookie", + "domType": "Declarator", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 111, + "methodLine": 96, + "name": "cookie", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.addCookie", + "length": 1, + "line": 111, + "methodLine": 96, + "name": "addCookie", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1651835164 + } + } + ] + }, + { + "queryName": "Cleartext_Submission_of_Sensitive_Information", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "+9qqKY4lf6h1bZk5seTRs2bJmIg=", + "similarityId": 2121410106, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 319, + "confidenceLevel": 42, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 103, + "methodLine": 96, + "name": "JWT_PASSWORD", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.signWith", + "length": 1, + "line": 103, + "methodLine": 96, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.compact", + "length": 1, + "line": 104, + "methodLine": 96, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 101, + "methodLine": 96, + "name": "token", + "domType": "Declarator", + "method": "login" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 105, + "methodLine": 96, + "name": "token", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "Cookie", + "length": 3, + "line": 105, + "methodLine": 96, + "name": "Cookie", + "domType": "ObjectCreateExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 105, + "methodLine": 96, + "name": "cookie", + "domType": "Declarator", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.cookie", + "length": 6, + "line": 106, + "methodLine": 96, + "name": "cookie", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.addCookie", + "length": 1, + "line": 106, + "methodLine": 96, + "name": "addCookie", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1663153610 + } + } + ] + }, + { + "queryName": "Absolute_Path_Traversal", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "vx3IKcQMh9lLDV6c7zt8qgseZY4=", + "similarityId": 118601578, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 36, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.main.args", + "length": 4, + "line": 48, + "methodLine": 48, + "name": "args", + "domType": "ParamDecl", + "method": "main" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.main.args", + "length": 4, + "line": 52, + "methodLine": 48, + "name": "args", + "domType": "UnknownReference", + "method": "main" + }, + { + "column": 25, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.main.element", + "length": 7, + "line": 52, + "methodLine": 48, + "name": "element", + "domType": "Declarator", + "method": "main" + }, + { + "column": 67, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.main.element", + "length": 7, + "line": 54, + "methodLine": 48, + "name": "element", + "domType": "UnknownReference", + "method": "main" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "File", + "length": 3, + "line": 54, + "methodLine": 48, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + }, + { + "id": "VDZf98gXqMlqkM9xfZqUnsUi3BU=", + "similarityId": -1053022711, + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "groupName": "Java_Medium_Threat", + "cweId": 36, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.args", + "length": 4, + "line": 48, + "methodLine": 48, + "name": "args", + "domType": "ParamDecl", + "method": "main" + }, + { + "column": 39, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.args", + "length": 4, + "line": 50, + "methodLine": 48, + "name": "args", + "domType": "UnknownReference", + "method": "main" + }, + { + "column": 30, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "File", + "length": 3, + "line": 50, + "methodLine": 48, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1651835160 + } + } + ] + }, + { + "queryName": "Use_Of_Hardcoded_Password", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 16, + "vulnerabilities": [ + { + "id": "ToRg6yVb88lnXghcswqV+IPptcw=", + "similarityId": 540532353, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 35, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "\"\"124\"\"", + "length": 5, + "line": 62, + "methodLine": 58, + "name": "\"\"124\"\"", + "domType": "StringLiteral", + "method": "whenPasswordDoNotMatchShouldFail" + }, + { + "column": 34, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "org.owasp.webwolf.user.UserValidatorTest.whenPasswordDoNotMatchShouldFail.validUserForm.setPassword", + "length": 1, + "line": 62, + "methodLine": 58, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "whenPasswordDoNotMatchShouldFail" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "c/YIj8ew2XMSFOVvkbJRNmsKRog=", + "similarityId": 198926049, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 30, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "\"\"test12345\"\"", + "length": 11, + "line": 38, + "methodLine": 34, + "name": "\"\"test12345\"\"", + "domType": "StringLiteral", + "method": "shouldGiveErrorWhenPasswordsDoNotMatch" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "org.owasp.webgoat.users.UserValidatorTest.shouldGiveErrorWhenPasswordsDoNotMatch.userForm.setPassword", + "length": 1, + "line": 38, + "methodLine": 34, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "shouldGiveErrorWhenPasswordsDoNotMatch" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "0YhGXGMmAXuvpWTVhiw8i1UpLZQ=", + "similarityId": 1035758335, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 30, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "\"\"test1234\"\"", + "length": 10, + "line": 26, + "methodLine": 22, + "name": "\"\"test1234\"\"", + "domType": "StringLiteral", + "method": "passwordsShouldMatch" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "org.owasp.webgoat.users.UserValidatorTest.passwordsShouldMatch.userForm.setPassword", + "length": 1, + "line": 26, + "methodLine": 22, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "passwordsShouldMatch" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "BWVWBh7keuEKOxcVttUTm/yLtHs=", + "similarityId": 1355824449, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 35, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "\"\"123\"\"", + "length": 5, + "line": 49, + "methodLine": 45, + "name": "\"\"123\"\"", + "domType": "StringLiteral", + "method": "validUserFormShouldNotHaveErrors" + }, + { + "column": 34, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "org.owasp.webwolf.user.UserValidatorTest.validUserFormShouldNotHaveErrors.validUserForm.setPassword", + "length": 1, + "line": 49, + "methodLine": 45, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "validUserFormShouldNotHaveErrors" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "D66HEsZ0DE/ooOpEEvbFJcwFx7w=", + "similarityId": -522242017, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 35, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "\"\"124\"\"", + "length": 5, + "line": 77, + "methodLine": 71, + "name": "\"\"124\"\"", + "domType": "StringLiteral", + "method": "registerExistingUserAgainShouldFail" + }, + { + "column": 34, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "org.owasp.webwolf.user.UserValidatorTest.registerExistingUserAgainShouldFail.validUserForm.setPassword", + "length": 1, + "line": 77, + "methodLine": 71, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "registerExistingUserAgainShouldFail" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "sNcYyKzjyt41kaJNjjQyBgn2Ybk=", + "similarityId": -1404323423, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 30, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "\"\"test12345\"\"", + "length": 11, + "line": 51, + "methodLine": 47, + "name": "\"\"test12345\"\"", + "domType": "StringLiteral", + "method": "shouldGiveErrorWhenUserAlreadyExists" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java", + "fullName": "org.owasp.webgoat.users.UserValidatorTest.shouldGiveErrorWhenUserAlreadyExists.userForm.setPassword", + "length": 1, + "line": 51, + "methodLine": 47, + "name": "setPassword", + "domType": "MethodInvokeExpr", + "method": "shouldGiveErrorWhenUserAlreadyExists" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "6LNt/I6wzyf/vuO95pEdn5KcMXg=", + "similarityId": 450291619, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 13, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java", + "fullName": "org.owasp.webwolf.user.UserValidatorTest.registerExistingUserAgainShouldFail.password", + "length": 8, + "line": 73, + "methodLine": 71, + "name": "password", + "domType": "Declarator", + "method": "registerExistingUserAgainShouldFail" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "SQNLWj8u/8tuE156dzPLY93UnOM=", + "similarityId": -901518783, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 13, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java", + "fullName": "org.owasp.webwolf.user.UserServiceTest.testAddUser.password", + "length": 8, + "line": 73, + "methodLine": 71, + "name": "password", + "domType": "Declarator", + "method": "testAddUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "v0ES1dL+Esfjd0QnZzGbRnF3L2I=", + "similarityId": -818048643, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 81, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 13, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java", + "fullName": "org.owasp.webwolf.user.UserServiceTest.testLoadUserByUsername.password", + "length": 8, + "line": 51, + "methodLine": 49, + "name": "password", + "domType": "Declarator", + "method": "testLoadUserByUsername" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "j3Bi+DiIY//amEwSVOgHUDQygDA=", + "similarityId": 471077353, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.password", + "length": 8, + "line": 61, + "methodLine": 60, + "name": "password", + "domType": "Declarator", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "IT9kDc6DnBiWm2fXcATHbxRxyiw=", + "similarityId": -1055168719, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", + "fullName": "org.owasp.webgoat.password_reset.ResetLinkAssignment.PASSWORD_TOM_9", + "length": 14, + "line": 54, + "methodLine": 54, + "name": "PASSWORD_TOM_9", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "9VpjF8zUOI7760OH3ELt5wMoJSk=", + "similarityId": -651007999, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTRefreshEndpoint.JWT_PASSWORD", + "length": 12, + "line": 62, + "methodLine": 62, + "name": "JWT_PASSWORD", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "lsMOCFgiJUhsxLXLwiRlLAvm5o4=", + "similarityId": -87623391, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTRefreshEndpoint.PASSWORD", + "length": 8, + "line": 61, + "methodLine": 61, + "name": "PASSWORD", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "RgUkWBM3jG7RG122ClAX0Y2uRNw=", + "similarityId": 1813155871, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.ADMIN_PASSWORD_LINK", + "length": 19, + "line": 36, + "methodLine": 36, + "name": "ADMIN_PASSWORD_LINK", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "Zq8mlM/vQbRg7ZEQ/pkmDJEtg3k=", + "similarityId": 2111194503, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.PASSWORD_TOM", + "length": 12, + "line": 35, + "methodLine": 35, + "name": "PASSWORD_TOM", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "7WYPcSzaF971eQ5DcwX1DlxZZ1o=", + "similarityId": -1300663831, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 259, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.PASSWORD", + "length": 8, + "line": 34, + "methodLine": 34, + "name": "PASSWORD", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + } + ] + }, + { + "queryName": "Use_of_Broken_or_Risky_Cryptographic_Algorithm", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "rWMarCMxJKb5tfhUhCrXIzeyegw=", + "similarityId": -158396904, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 327, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "MessageDigest.getInstance", + "length": 1, + "line": 56, + "methodLine": 49, + "name": "getInstance", + "domType": "MethodInvokeExpr", + "method": "getMd5" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111294 + } + } + ] + }, + { + "queryName": "Trust_Boundary_Violation_in_Session_Variables", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "tFFQkLCKuNxqXRMbfVKkR+itqm4=", + "similarityId": 1326426560, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 501, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.request", + "length": 7, + "line": 47, + "methodLine": 47, + "name": "request", + "domType": "ParamDecl", + "method": "getBasicAuth" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.request", + "length": 7, + "line": 50, + "methodLine": 47, + "name": "request", + "domType": "UnknownReference", + "method": "getBasicAuth" + }, + { + "column": 45, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.request.getUserPrincipal", + "length": 1, + "line": 50, + "methodLine": 47, + "name": "getUserPrincipal", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.getName", + "length": 1, + "line": 50, + "methodLine": 47, + "name": "getName", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 10, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.username", + "length": 8, + "line": 50, + "methodLine": 47, + "name": "username", + "domType": "Declarator", + "method": "getBasicAuth" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.username", + "length": 8, + "line": 53, + "methodLine": 47, + "name": "username", + "domType": "UnknownReference", + "method": "getBasicAuth" + }, + { + "column": 43, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.username", + "length": 8, + "line": 41, + "methodLine": 41, + "name": "username", + "domType": "ParamDecl", + "method": "getBasicAuth" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.username", + "length": 8, + "line": 42, + "methodLine": 41, + "name": "username", + "domType": "UnknownReference", + "method": "getBasicAuth" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.username.concat", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 75, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.concat", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.getBytes", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.encodeToString", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "encodeToString", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth", + "length": 1, + "line": 53, + "methodLine": 47, + "name": "getBasicAuth", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + }, + { + "column": 4, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.basicAuth", + "length": 9, + "line": 53, + "methodLine": 47, + "name": "basicAuth", + "domType": "UnknownReference", + "method": "getBasicAuth" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.basicAuth", + "length": 9, + "line": 54, + "methodLine": 47, + "name": "basicAuth", + "domType": "UnknownReference", + "method": "getBasicAuth" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111294 + } + } + ] + }, + { + "queryName": "Reliance_on_Cookies_in_a_Decision", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 6, + "vulnerabilities": [ + { + "id": "HZ7yBAVowI0oryYrBlK1eeRvgL0=", + "similarityId": -1546037661, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 125, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.vote.accessToken", + "length": 11, + "line": 143, + "methodLine": 143, + "name": "accessToken", + "domType": "ParamDecl", + "method": "vote" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.vote.accessToken", + "length": 11, + "line": 144, + "methodLine": 143, + "name": "accessToken", + "domType": "UnknownReference", + "method": "vote" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "StringUtils.isEmpty", + "length": 1, + "line": 144, + "methodLine": 143, + "name": "isEmpty", + "domType": "MethodInvokeExpr", + "method": "vote" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "GDlqcqNJL4wzMzL7OPIBKhmN3Ic=", + "similarityId": -1507764817, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 98, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.accessToken", + "length": 11, + "line": 165, + "methodLine": 165, + "name": "accessToken", + "domType": "ParamDecl", + "method": "resetVotes" + }, + { + "column": 75, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.accessToken", + "length": 11, + "line": 170, + "methodLine": 165, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.parse", + "length": 1, + "line": 170, + "methodLine": 165, + "name": "parse", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.jwt", + "length": 3, + "line": 170, + "methodLine": 165, + "name": "jwt", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.jwt", + "length": 3, + "line": 171, + "methodLine": 165, + "name": "jwt", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.jwt.getBody", + "length": 1, + "line": 171, + "methodLine": 165, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 24, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.claims", + "length": 6, + "line": 171, + "methodLine": 165, + "name": "claims", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.claims", + "length": 6, + "line": 172, + "methodLine": 165, + "name": "claims", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.claims.get", + "length": 1, + "line": 172, + "methodLine": 165, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 50, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "Boolean.valueOf", + "length": 1, + "line": 172, + "methodLine": 165, + "name": "valueOf", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 25, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.isAdmin", + "length": 7, + "line": 172, + "methodLine": 165, + "name": "isAdmin", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.isAdmin", + "length": 7, + "line": 173, + "methodLine": 165, + "name": "isAdmin", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "Not", + "length": 1, + "line": 173, + "methodLine": 165, + "name": "Not", + "domType": "UnaryExpr", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "F1rf87lgIKnW+j7MM9rCJiHOXGQ=", + "similarityId": 1198849539, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 78, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.completed.request.getCookies", + "length": 1, + "line": 73, + "methodLine": 61, + "name": "getCookies", + "domType": "MethodInvokeExpr", + "method": "completed" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.cookies", + "length": 7, + "line": 103, + "methodLine": 103, + "name": "cookies", + "domType": "ParamDecl", + "method": "requestContainsWebGoatCookie" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.cookies", + "length": 7, + "line": 105, + "methodLine": 103, + "name": "cookies", + "domType": "UnknownReference", + "method": "requestContainsWebGoatCookie" + }, + { + "column": 25, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.c", + "length": 1, + "line": 105, + "methodLine": 103, + "name": "c", + "domType": "Declarator", + "method": "requestContainsWebGoatCookie" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.c", + "length": 1, + "line": 106, + "methodLine": 103, + "name": "c", + "domType": "UnknownReference", + "method": "requestContainsWebGoatCookie" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.c.getName", + "length": 1, + "line": 106, + "methodLine": 103, + "name": "getName", + "domType": "MethodInvokeExpr", + "method": "requestContainsWebGoatCookie" + }, + { + "column": 39, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "org.owasp.webgoat.csrf.CSRFFeedback.requestContainsWebGoatCookie.equals", + "length": 1, + "line": 106, + "methodLine": 103, + "name": "equals", + "domType": "MethodInvokeExpr", + "method": "requestContainsWebGoatCookie" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "+SYvMnT0eG1KzZ1xSXt1N17uWp8=", + "similarityId": 1544887211, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 98, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.accessToken", + "length": 11, + "line": 165, + "methodLine": 165, + "name": "accessToken", + "domType": "ParamDecl", + "method": "resetVotes" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.resetVotes.accessToken", + "length": 11, + "line": 166, + "methodLine": 165, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "StringUtils.isEmpty", + "length": 1, + "line": 166, + "methodLine": 165, + "name": "isEmpty", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "0MTk9/jLi+hkEUgnV+nZMafb2k8=", + "similarityId": -36090601, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 103, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.accessToken", + "length": 11, + "line": 119, + "methodLine": 119, + "name": "accessToken", + "domType": "ParamDecl", + "method": "getVotes" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.accessToken", + "length": 11, + "line": 121, + "methodLine": 119, + "name": "accessToken", + "domType": "UnknownReference", + "method": "getVotes" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "StringUtils.isEmpty", + "length": 1, + "line": 121, + "methodLine": 119, + "name": "isEmpty", + "domType": "MethodInvokeExpr", + "method": "getVotes" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "dP3yRZ/k37TbnASUJV6Tl66VAnc=", + "similarityId": -767992385, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 784, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2021", + "OWASP Top 10 2017" + ], + "firstScanId": "", + "nodes": [ + { + "column": 103, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.accessToken", + "length": 11, + "line": 119, + "methodLine": 119, + "name": "accessToken", + "domType": "ParamDecl", + "method": "getVotes" + }, + { + "column": 75, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.accessToken", + "length": 11, + "line": 125, + "methodLine": 119, + "name": "accessToken", + "domType": "UnknownReference", + "method": "getVotes" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.parse", + "length": 1, + "line": 125, + "methodLine": 119, + "name": "parse", + "domType": "MethodInvokeExpr", + "method": "getVotes" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.jwt", + "length": 3, + "line": 125, + "methodLine": 119, + "name": "jwt", + "domType": "Declarator", + "method": "getVotes" + }, + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.jwt", + "length": 3, + "line": 126, + "methodLine": 119, + "name": "jwt", + "domType": "UnknownReference", + "method": "getVotes" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.jwt.getBody", + "length": 1, + "line": 126, + "methodLine": 119, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "getVotes" + }, + { + "column": 24, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.claims", + "length": 6, + "line": 126, + "methodLine": 119, + "name": "claims", + "domType": "Declarator", + "method": "getVotes" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.claims", + "length": 6, + "line": 127, + "methodLine": 119, + "name": "claims", + "domType": "UnknownReference", + "method": "getVotes" + }, + { + "column": 50, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.claims.get", + "length": 1, + "line": 127, + "methodLine": 119, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "getVotes" + }, + { + "column": 24, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.user", + "length": 4, + "line": 127, + "methodLine": 119, + "name": "user", + "domType": "Declarator", + "method": "getVotes" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.user", + "length": 4, + "line": 128, + "methodLine": 119, + "name": "user", + "domType": "UnknownReference", + "method": "getVotes" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.getVotes.equals", + "length": 1, + "line": 128, + "methodLine": 119, + "name": "equals", + "domType": "MethodInvokeExpr", + "method": "getVotes" + }, + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "||", + "length": 2, + "line": 128, + "methodLine": 119, + "name": "||", + "domType": "BinaryExpr", + "method": "getVotes" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + } + ] + }, + { + "queryName": "Plaintext_Storage_in_a_Cookie", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 45, + "vulnerabilities": [ + { + "id": "z7s5rocuk0UNA998g/aPLtm0KXc=", + "similarityId": 807356202, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"true\"\"", + "length": 6, + "line": 185, + "methodLine": 183, + "name": "\"\"true\"\"", + "domType": "StringLiteral", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims.put", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 185, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 186, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 187, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.setClaims", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.compact", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 187, + "methodLine": 183, + "name": "token", + "domType": "Declarator", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 190, + "methodLine": 183, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "x3d8jvfXB8RZniMIt37DjDCgIB4=", + "similarityId": 524753544, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 87, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"alg\"\"", + "length": 5, + "line": 137, + "methodLine": 120, + "name": "\"\"alg\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 137, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode", + "length": 10, + "line": 137, + "methodLine": 120, + "name": "headerNode", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 73, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode", + "length": 10, + "line": 142, + "methodLine": 120, + "name": "headerNode", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 92, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode.toString", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 72, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 142, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 143, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "/vbhOn1Z5+72nIT1qmB0KhNlamg=", + "similarityId": 37560058, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"true\"\"", + "length": 6, + "line": 197, + "methodLine": 195, + "name": "\"\"true\"\"", + "domType": "StringLiteral", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims.put", + "length": 1, + "line": 197, + "methodLine": 195, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 197, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 198, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 199, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.setClaims", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.compact", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 199, + "methodLine": 195, + "name": "token", + "domType": "Declarator", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 202, + "methodLine": 195, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "76djf2BTPPx/p5t+Wif3ofKBg4I=", + "similarityId": 443580912, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"admin\"\"", + "length": 7, + "line": 69, + "methodLine": 66, + "name": "\"\"admin\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims.put", + "length": 1, + "line": 69, + "methodLine": 66, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 69, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 70, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 71, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setClaims", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "wYwgXuyIN+ZWfMzw4LZdUG434PI=", + "similarityId": 840725352, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"admin\"\"", + "length": 7, + "line": 185, + "methodLine": 183, + "name": "\"\"admin\"\"", + "domType": "StringLiteral", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims.put", + "length": 1, + "line": 185, + "methodLine": 183, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 185, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 186, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 187, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.setClaims", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.compact", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 187, + "methodLine": 183, + "name": "token", + "domType": "Declarator", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 190, + "methodLine": 183, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "dHiQ7Xj5L+Q7KqKm1bXCxo2byaY=", + "similarityId": 717666044, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"admin\"\"", + "length": 7, + "line": 197, + "methodLine": 195, + "name": "\"\"admin\"\"", + "domType": "StringLiteral", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims.put", + "length": 1, + "line": 197, + "methodLine": 195, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 197, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 198, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 199, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.setClaims", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.compact", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 199, + "methodLine": 195, + "name": "token", + "domType": "Declarator", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 202, + "methodLine": 195, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "HIxYusmSXDDpV0yKpT2H0WqTOm4=", + "similarityId": -133587346, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"true\"\"", + "length": 6, + "line": 69, + "methodLine": 66, + "name": "\"\"true\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims.put", + "length": 1, + "line": 69, + "methodLine": 66, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 69, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 70, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 71, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setClaims", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "wsZNGtsOfxJJyACDQqZqphXlQIM=", + "similarityId": 2002981866, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\".\"\"", + "length": 3, + "line": 143, + "methodLine": 120, + "name": "\"\".\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 143, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "sd/aQxSofyPRMfoWESehjud+nAg=", + "similarityId": -1181457596, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 87, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 60, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"true\"\"", + "length": 6, + "line": 140, + "methodLine": 120, + "name": "\"\"true\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 140, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 60, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 144, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 79, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 90, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 59, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 144, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "Ju8EAMsSMixAEmHxOphpRCby6Pc=", + "similarityId": -523260428, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 79, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 124, + "methodLine": 120, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.cookie", + "length": 1, + "line": 124, + "methodLine": 120, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.get", + "length": 1, + "line": 125, + "methodLine": 120, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.then", + "length": 1, + "line": 126, + "methodLine": 120, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.extract", + "length": 1, + "line": 127, + "methodLine": 120, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.cookie", + "length": 1, + "line": 127, + "methodLine": 120, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 13, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 121, + "methodLine": 120, + "name": "accessToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 50, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 129, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 129, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 73, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 44, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken.substring", + "length": 1, + "line": 132, + "methodLine": 120, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 132, + "methodLine": 120, + "name": "body", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 133, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 70, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body.getBytes", + "length": 1, + "line": 133, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 56, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.decode", + "length": 1, + "line": 133, + "methodLine": 120, + "name": "decode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 133, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 133, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 139, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.mapper.readTree", + "length": 1, + "line": 139, + "methodLine": 120, + "name": "readTree", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 139, + "methodLine": 120, + "name": "bodyObject", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 140, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 60, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 144, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 79, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 90, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 59, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 144, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "+C6L5Y3KXZzZdixGviXewfL6n/M=", + "similarityId": -112879693, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 79, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"none\"\"", + "length": 6, + "line": 71, + "methodLine": 66, + "name": "\"\"none\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "l0YnUBZOQJSv2Gsx/3n16cP7aqs=", + "similarityId": 565499074, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 91, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"WEBWOLFSESSION\"\"", + "length": 16, + "line": 109, + "methodLine": 104, + "name": "\"\"WEBWOLFSESSION\"\"", + "domType": "StringLiteral", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 109, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.get", + "length": 1, + "line": 110, + "methodLine": 104, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.then", + "length": 1, + "line": 111, + "methodLine": 104, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.extract", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.response", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "response", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.getBody", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.asString", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "asString", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 105, + "methodLine": 104, + "name": "result", + "domType": "Declarator", + "method": "callTrickHtml" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 113, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 38, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 114, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 116, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 82, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.testCSRFLesson.Lambda.callTrickHtml", + "length": 1, + "line": 73, + "methodLine": 73, + "name": "callTrickHtml", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 182, + "methodLine": 182, + "name": "goatURL", + "domType": "ParamDecl", + "method": "checkAssignment8" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 199, + "methodLine": 182, + "name": "goatURL", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "JEbhvQyI/JKZkQ71gBIEXEDE7fM=", + "similarityId": 565499074, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 91, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"WEBWOLFSESSION\"\"", + "length": 16, + "line": 109, + "methodLine": 104, + "name": "\"\"WEBWOLFSESSION\"\"", + "domType": "StringLiteral", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 109, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.get", + "length": 1, + "line": 110, + "methodLine": 104, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.then", + "length": 1, + "line": 111, + "methodLine": 104, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.extract", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.response", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "response", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.getBody", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.asString", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "asString", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 105, + "methodLine": 104, + "name": "result", + "domType": "Declarator", + "method": "callTrickHtml" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 113, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 38, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 114, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 116, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 82, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.testCSRFLesson.Lambda.callTrickHtml", + "length": 1, + "line": 73, + "methodLine": 73, + "name": "callTrickHtml", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 182, + "methodLine": 182, + "name": "goatURL", + "domType": "ParamDecl", + "method": "checkAssignment8" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 199, + "methodLine": 182, + "name": "goatURL", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "UGAmx5eg0rthkxRNQM+6rS1KHoo=", + "similarityId": -2020463116, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"csrf-\"\"", + "length": 7, + "line": 189, + "methodLine": 182, + "name": "\"\"csrf-\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params.put", + "length": 1, + "line": 189, + "methodLine": 182, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 189, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 190, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "r3OnS1mtHygMQb2ezyK5iAm8L1o=", + "similarityId": -2020463116, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"csrf-\"\"", + "length": 7, + "line": 189, + "methodLine": 182, + "name": "\"\"csrf-\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params.put", + "length": 1, + "line": 189, + "methodLine": 182, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 189, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 190, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "fLJUSd2R7tPPVr0AQv5pwjtps6c=", + "similarityId": -1381014904, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 81, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"access_token\"\"", + "length": 14, + "line": 127, + "methodLine": 120, + "name": "\"\"access_token\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.cookie", + "length": 1, + "line": 127, + "methodLine": 120, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 13, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 121, + "methodLine": 120, + "name": "accessToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 50, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 129, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 129, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 73, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken", + "length": 11, + "line": 132, + "methodLine": 120, + "name": "accessToken", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 44, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.accessToken.substring", + "length": 1, + "line": 132, + "methodLine": 120, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 132, + "methodLine": 120, + "name": "body", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 133, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 70, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body.getBytes", + "length": 1, + "line": 133, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 56, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.decode", + "length": 1, + "line": 133, + "methodLine": 120, + "name": "decode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 133, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 133, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.body", + "length": 4, + "line": 139, + "methodLine": 120, + "name": "body", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.mapper.readTree", + "length": 1, + "line": 139, + "methodLine": 120, + "name": "readTree", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 139, + "methodLine": 120, + "name": "bodyObject", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 140, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 60, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 144, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 79, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 90, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 59, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 144, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "PMg8bmI7aGLlTLqmXPUA6gQV5Yo=", + "similarityId": -786469577, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"Referer\"\"", + "length": 9, + "line": 197, + "methodLine": 182, + "name": "\"\"Referer\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "PmR6UOfxOjs94XON9ZeavFq98SQ=", + "similarityId": -786469577, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"Referer\"\"", + "length": 9, + "line": 197, + "methodLine": 182, + "name": "\"\"Referer\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "XeoQg324Tm1gSDtsarfx1+deG2U=", + "similarityId": 475548645, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 87, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"admin\"\"", + "length": 7, + "line": 140, + "methodLine": 120, + "name": "\"\"admin\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 140, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 140, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 60, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject", + "length": 10, + "line": 144, + "methodLine": 120, + "name": "bodyObject", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 79, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.bodyObject.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 90, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 59, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 144, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.toString", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "DIgDrSwXr4RzCyv/YAQEPEcc0rM=", + "similarityId": -1897773271, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"Intruder\"\"", + "length": 10, + "line": 186, + "methodLine": 183, + "name": "\"\"Intruder\"\"", + "domType": "StringLiteral", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims.put", + "length": 1, + "line": 186, + "methodLine": 183, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 186, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 187, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.setClaims", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.compact", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 187, + "methodLine": 183, + "name": "token", + "domType": "Declarator", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 190, + "methodLine": 183, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "tvKAwGJxWxJ2CTJ/aNTwpYHUF/c=", + "similarityId": -254611339, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"password\"\"", + "length": 10, + "line": 190, + "methodLine": 182, + "name": "\"\"password\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params.put", + "length": 1, + "line": 190, + "methodLine": 182, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 190, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "+iCbYQPfcQoM/X9aFtnNGvVSayI=", + "similarityId": -254611339, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"password\"\"", + "length": 10, + "line": 190, + "methodLine": 182, + "name": "\"\"password\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params.put", + "length": 1, + "line": 190, + "methodLine": 182, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 190, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 6, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "D0PFgCn4q/Mg638XdWh/NDkZFuw=", + "similarityId": 1502423647, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"=\"\"", + "length": 3, + "line": 145, + "methodLine": 120, + "name": "\"\"=\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "BOZsyMwxmTCeKdDoBfNueG1FgHY=", + "similarityId": 464288565, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 72, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"alg\"\"", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "\"\"alg\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "D9lSMTdZyGHECOJ57YqaDNSajuM=", + "similarityId": -1286296826, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 99, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "\"\"127.0.0.1\"\"", + "length": 11, + "line": 28, + "methodLine": 28, + "name": "\"\"127.0.0.1\"\"", + "domType": "StringLiteral" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTNAME", + "length": 16, + "line": 28, + "methodLine": 28, + "name": "WEBWOLF_HOSTNAME", + "domType": "Declarator" + }, + { + "column": 48, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTNAME", + "length": 16, + "line": 37, + "methodLine": 37, + "name": "WEBWOLF_HOSTNAME", + "domType": "UnknownReference" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTHEADER", + "length": 18, + "line": 37, + "methodLine": 37, + "name": "WEBWOLF_HOSTHEADER", + "domType": "Declarator" + }, + { + "column": 53, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTHEADER", + "length": 18, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_HOSTHEADER", + "domType": "UnknownReference" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_URL", + "domType": "Declarator" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 89, + "methodLine": 87, + "name": "WEBWOLF_URL", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "dlWWIuFTRiF0FS9zJz57Gap9FYs=", + "similarityId": -1286296826, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 99, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "\"\"127.0.0.1\"\"", + "length": 11, + "line": 28, + "methodLine": 28, + "name": "\"\"127.0.0.1\"\"", + "domType": "StringLiteral" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTNAME", + "length": 16, + "line": 28, + "methodLine": 28, + "name": "WEBWOLF_HOSTNAME", + "domType": "Declarator" + }, + { + "column": 48, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTNAME", + "length": 16, + "line": 37, + "methodLine": 37, + "name": "WEBWOLF_HOSTNAME", + "domType": "UnknownReference" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTHEADER", + "length": 18, + "line": 37, + "methodLine": 37, + "name": "WEBWOLF_HOSTHEADER", + "domType": "Declarator" + }, + { + "column": 53, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_HOSTHEADER", + "length": 18, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_HOSTHEADER", + "domType": "UnknownReference" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_URL", + "domType": "Declarator" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 89, + "methodLine": 87, + "name": "WEBWOLF_URL", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "N88PTMuAVLBt1g0XAw+otOVoPvQ=", + "similarityId": 963951481, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"/files/fake.html\"\"", + "length": 18, + "line": 197, + "methodLine": 182, + "name": "\"\"/files/fake.html\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 40, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 87, + "methodLine": 87, + "name": "url", + "domType": "ParamDecl", + "method": "webWolfUrl" + }, + { + "column": 15, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 65, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 30, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 89, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "7IIeFeT0SRprBBEa0jDpT502wEM=", + "similarityId": 963951481, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"/files/fake.html\"\"", + "length": 18, + "line": 197, + "methodLine": 182, + "name": "\"\"/files/fake.html\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 40, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 87, + "methodLine": 87, + "name": "url", + "domType": "ParamDecl", + "method": "webWolfUrl" + }, + { + "column": 15, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 65, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 88, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 30, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl.url", + "length": 3, + "line": 89, + "methodLine": 87, + "name": "url", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "9FjzcV9hRmMeOfMA4FHqJjdR3eY=", + "similarityId": -1864404121, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"user\"\"", + "length": 6, + "line": 186, + "methodLine": 183, + "name": "\"\"user\"\"", + "domType": "StringLiteral", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims.put", + "length": 1, + "line": 186, + "methodLine": 183, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 186, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.claims", + "length": 6, + "line": 187, + "methodLine": 183, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.setClaims", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.compact", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 187, + "methodLine": 183, + "name": "token", + "domType": "Declarator", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 190, + "methodLine": 183, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "K//Lxk0Sfg+rOE43TkvYUGliisM=", + "similarityId": 1393033030, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 201, + "methodLine": 182, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "li7c9ojpdgyh+R/EmykUrbCiF30=", + "similarityId": 1393033030, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 201, + "methodLine": 182, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "QTjDA3sa5FR0LYjjehNv2xd9x8s=", + "similarityId": -797022533, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"user\"\"", + "length": 6, + "line": 198, + "methodLine": 195, + "name": "\"\"user\"\"", + "domType": "StringLiteral", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims.put", + "length": 1, + "line": 198, + "methodLine": 195, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 198, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 199, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.setClaims", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.compact", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 199, + "methodLine": 195, + "name": "token", + "domType": "Declarator", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 202, + "methodLine": 195, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "6wRz7nMp0BcxuyuvR+bPpHpY40Q=", + "similarityId": -1142231744, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"Tom\"\"", + "length": 5, + "line": 70, + "methodLine": 66, + "name": "\"\"Tom\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims.put", + "length": 1, + "line": 70, + "methodLine": 66, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 70, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 71, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setClaims", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "uCRBFmaKFkVGAVgAScXEhR4h7Ls=", + "similarityId": -1477128519, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"Intruder\"\"", + "length": 10, + "line": 198, + "methodLine": 195, + "name": "\"\"Intruder\"\"", + "domType": "StringLiteral", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims.put", + "length": 1, + "line": 198, + "methodLine": 195, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 198, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 114, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.claims", + "length": 6, + "line": 199, + "methodLine": 195, + "name": "claims", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.setClaims", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.compact", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 199, + "methodLine": 195, + "name": "token", + "domType": "Declarator", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 202, + "methodLine": 195, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "WpfG9e2F0YhdPalqa5bdPFpahGs=", + "similarityId": 1896843312, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 90, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 108, + "methodLine": 104, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 108, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 109, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.get", + "length": 1, + "line": 110, + "methodLine": 104, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.then", + "length": 1, + "line": 111, + "methodLine": 104, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.extract", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.response", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "response", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.getBody", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.asString", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "asString", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 105, + "methodLine": 104, + "name": "result", + "domType": "Declarator", + "method": "callTrickHtml" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 113, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 38, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 114, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 116, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 82, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.testCSRFLesson.Lambda.callTrickHtml", + "length": 1, + "line": 73, + "methodLine": 73, + "name": "callTrickHtml", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 182, + "methodLine": 182, + "name": "goatURL", + "domType": "ParamDecl", + "method": "checkAssignment8" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 199, + "methodLine": 182, + "name": "goatURL", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "0yHLxap0j/TcDZVF6aU6lpTyrew=", + "similarityId": 1896843312, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 90, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 108, + "methodLine": 104, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 108, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.cookie", + "length": 1, + "line": 109, + "methodLine": 104, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.get", + "length": 1, + "line": 110, + "methodLine": 104, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.then", + "length": 1, + "line": 111, + "methodLine": 104, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.extract", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.response", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "response", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.getBody", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.asString", + "length": 1, + "line": 112, + "methodLine": 104, + "name": "asString", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 105, + "methodLine": 104, + "name": "result", + "domType": "Declarator", + "method": "callTrickHtml" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 113, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 113, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 38, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result.substring", + "length": 1, + "line": 114, + "methodLine": 104, + "name": "substring", + "domType": "MethodInvokeExpr", + "method": "callTrickHtml" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 114, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.callTrickHtml.result", + "length": 6, + "line": 116, + "methodLine": 104, + "name": "result", + "domType": "UnknownReference", + "method": "callTrickHtml" + }, + { + "column": 82, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.testCSRFLesson.Lambda.callTrickHtml", + "length": 1, + "line": 73, + "methodLine": 73, + "name": "callTrickHtml", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 42, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 182, + "methodLine": 182, + "name": "goatURL", + "domType": "ParamDecl", + "method": "checkAssignment8" + }, + { + "column": 23, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.goatURL", + "length": 7, + "line": 199, + "methodLine": 182, + "name": "goatURL", + "domType": "UnknownReference", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "TMa2VuCP3DFQhKAioJJrVY6fZio=", + "similarityId": 167288203, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 86, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"victory\"\"", + "length": 9, + "line": 70, + "methodLine": 70, + "name": "\"\"victory\"\"", + "domType": "StringLiteral" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "TextCodec.BASE64.encode", + "length": 1, + "line": 70, + "methodLine": 70, + "name": "encode", + "domType": "MethodInvokeExpr" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 70, + "methodLine": 70, + "name": "JWT_PASSWORD", + "domType": "Declarator" + }, + { + "column": 90, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 187, + "methodLine": 183, + "name": "JWT_PASSWORD", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.signWith", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.setClaims", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.compact", + "length": 1, + "line": 187, + "methodLine": 183, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 187, + "methodLine": 183, + "name": "token", + "domType": "Declarator", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserWithValidTokenShouldNotBeAbleToVote.token", + "length": 5, + "line": 190, + "methodLine": 183, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "0DIw0dPBCIn32AD/RdQE2lTOm6E=", + "similarityId": 660950851, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 86, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"victory\"\"", + "length": 9, + "line": 70, + "methodLine": 70, + "name": "\"\"victory\"\"", + "domType": "StringLiteral" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "TextCodec.BASE64.encode", + "length": 1, + "line": 70, + "methodLine": 70, + "name": "encode", + "domType": "MethodInvokeExpr" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 70, + "methodLine": 70, + "name": "JWT_PASSWORD", + "domType": "Declarator" + }, + { + "column": 90, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 199, + "methodLine": 195, + "name": "JWT_PASSWORD", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.signWith", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 113, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.setClaims", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.compact", + "length": 1, + "line": 199, + "methodLine": 195, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 199, + "methodLine": 195, + "name": "token", + "domType": "Declarator", + "method": "unknownUserShouldSeeGuestView" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.unknownUserShouldSeeGuestView.token", + "length": 5, + "line": 202, + "methodLine": 195, + "name": "token", + "domType": "UnknownReference", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "yG8SGYb7UzClKIZRbvyd+7svCXI=", + "similarityId": -202743263, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "\"\"http://\"\"", + "length": 9, + "line": 39, + "methodLine": 39, + "name": "\"\"http://\"\"", + "domType": "StringLiteral" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_URL", + "domType": "Declarator" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 89, + "methodLine": 87, + "name": "WEBWOLF_URL", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "YYGtp1+9gCv9hISz/Vokq6ifBzA=", + "similarityId": -202743263, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "\"\"http://\"\"", + "length": 9, + "line": 39, + "methodLine": 39, + "name": "\"\"http://\"\"", + "domType": "StringLiteral" + }, + { + "column": 27, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 39, + "methodLine": 39, + "name": "WEBWOLF_URL", + "domType": "Declarator" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.WEBWOLF_URL", + "length": 11, + "line": 89, + "methodLine": 87, + "name": "WEBWOLF_URL", + "domType": "UnknownReference", + "method": "webWolfUrl" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.webWolfUrl", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "webWolfUrl", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "TxehZT/OrTYsQQlIei6mzvBKpwU=", + "similarityId": 1502423647, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 19, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\".\"\"", + "length": 3, + "line": 145, + "methodLine": 120, + "name": "\"\".\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "U1EM/I56+obhJF3ENYD8hWI8H3U=", + "similarityId": -1772609017, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 196, + "methodLine": 182, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 196, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 207, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "1kOb7P6J0JgWGNiGuBMUGcq8R0A=", + "similarityId": -1772609017, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "\"\"JSESSIONID\"\"", + "length": 12, + "line": 196, + "methodLine": 182, + "name": "\"\"JSESSIONID\"\"", + "domType": "StringLiteral", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 196, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.header", + "length": 1, + "line": 197, + "methodLine": 182, + "name": "header", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 24, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.params", + "length": 1, + "line": 198, + "methodLine": 182, + "name": "params", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.post", + "length": 1, + "line": 199, + "methodLine": 182, + "name": "post", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.then", + "length": 1, + "line": 200, + "methodLine": 182, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.extract", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 34, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.cookie", + "length": 1, + "line": 201, + "methodLine": 182, + "name": "cookie", + "domType": "MethodInvokeExpr", + "method": "checkAssignment8" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 193, + "methodLine": 182, + "name": "newCookie", + "domType": "Declarator", + "method": "checkAssignment8" + }, + { + "column": 39, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.checkAssignment8.newCookie", + "length": 9, + "line": 216, + "methodLine": 182, + "name": "newCookie", + "domType": "UnknownReference", + "method": "checkAssignment8" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "gaK5k0VPCHR2ZczymqR0iHv/3ko=", + "similarityId": -565063486, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 95, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "\"\"user\"\"", + "length": 6, + "line": 70, + "methodLine": 66, + "name": "\"\"user\"\"", + "domType": "StringLiteral", + "method": "solveAssignment" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims.put", + "length": 1, + "line": 70, + "methodLine": 66, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 70, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.claims", + "length": 6, + "line": 71, + "methodLine": 66, + "name": "claims", + "domType": "UnknownReference", + "method": "solveAssignment" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setClaims", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.setHeaderParam", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "setHeaderParam", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 94, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.compact", + "length": 1, + "line": 71, + "methodLine": 66, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "solveAssignment" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 71, + "methodLine": 66, + "name": "token", + "domType": "Declarator", + "method": "solveAssignment" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpointTest.solveAssignment.token", + "length": 5, + "line": 76, + "methodLine": 66, + "name": "token", + "domType": "UnknownReference", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "/xdV/nRnWZy50QQZE6vyIB4f+N4=", + "similarityId": -1132252697, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 87, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 58, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "\"\"NONE\"\"", + "length": 6, + "line": 137, + "methodLine": 120, + "name": "\"\"NONE\"\"", + "domType": "StringLiteral", + "method": "resetVotes" + }, + { + "column": 51, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.put", + "length": 1, + "line": 137, + "methodLine": 120, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode", + "length": 10, + "line": 137, + "methodLine": 120, + "name": "headerNode", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 73, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode", + "length": 10, + "line": 142, + "methodLine": 120, + "name": "headerNode", + "domType": "UnknownReference", + "method": "resetVotes" + }, + { + "column": 92, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.headerNode.toString", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "toString", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 103, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.getBytes", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "getBytes", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 72, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.encode", + "length": 1, + "line": 142, + "methodLine": 120, + "name": "encode", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "String", + "length": 3, + "line": 142, + "methodLine": 120, + "name": "String", + "domType": "ObjectCreateExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 143, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 144, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.concat", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "concat", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 31, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replace", + "length": 1, + "line": 145, + "methodLine": 120, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "resetVotes" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 142, + "methodLine": 120, + "name": "replacedToken", + "domType": "Declarator", + "method": "resetVotes" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java", + "fullName": "org.owasp.webgoat.JWTLessonTest.resetVotes.replacedToken", + "length": 13, + "line": 152, + "methodLine": 120, + "name": "replacedToken", + "domType": "UnknownReference", + "method": "resetVotes" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + } + ] + }, + { + "queryName": "Incorrect_Permission_Assignment_For_Critical_Resources", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 7, + "vulnerabilities": [ + { + "id": "endcdx7e6qmvXwcvqq/hKCVVGY4=", + "similarityId": -537195585, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignmentTest.solveOnlyParamReferenceEntityInExternalDTD.targetFile", + "length": 10, + "line": 111, + "methodLine": 110, + "name": "targetFile", + "domType": "Declarator", + "method": "solveOnlyParamReferenceEntityInExternalDTD" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "thH3UBe7SspZ1T9wneqj4v/H2j8=", + "similarityId": -810606887, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignmentTest.solve.targetFile", + "length": 10, + "line": 87, + "methodLine": 86, + "name": "targetFile", + "domType": "Declarator", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "fb3QHmEHc3YoaHgUSG1VDkPR3K4=", + "similarityId": -127321601, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignmentTest.simpleXXEShouldNotWork.targetFile", + "length": 10, + "line": 77, + "methodLine": 76, + "name": "targetFile", + "domType": "Declarator", + "method": "simpleXXEShouldNotWork" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "fH8lTOq/jgy9YDsT7BipilsflYM=", + "similarityId": 741163455, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret.webWolfFilePath", + "length": 15, + "line": 57, + "methodLine": 55, + "name": "webWolfFilePath", + "domType": "Declarator", + "method": "getSecret" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "EScqZgEujQMkJ4ILn7mC70My5Dk=", + "similarityId": 1154635647, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java", + "fullName": "org.owasp.webgoat.PathTraversalTest.assignment5.webGoatDirectory", + "length": 16, + "line": 114, + "methodLine": 110, + "name": "webGoatDirectory", + "domType": "Declarator", + "method": "assignment5" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "Um+8s/SU9+Ji79UU6HebZGUY/AQ=", + "similarityId": -193424839, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.uploadTrickHtml.webWolfFilePath", + "length": 15, + "line": 88, + "methodLine": 85, + "name": "webWolfFilePath", + "domType": "Declarator", + "method": "uploadTrickHtml" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "r0fFau0K5Q8rrMGU0/vxYERLOMc=", + "similarityId": -499352713, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 69, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java", + "fullName": "org.owasp.webgoat.PathTraversalTest.fileToUpload", + "length": 12, + "line": 38, + "methodLine": 37, + "name": "fileToUpload", + "domType": "UnknownReference", + "method": "init" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + } + ] + }, + { + "queryName": "Information_Exposure_Through_an_Error_Message", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 3, + "vulnerabilities": [ + { + "id": "OA+IB0Qw5PHaqDlN3PA4nsl+drw=", + "similarityId": 1277970851, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 95, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java", + "fullName": "org.owasp.webgoat.AjaxAuthenticationEntryPoint.commence.authException", + "length": 13, + "line": 53, + "methodLine": 51, + "name": "authException", + "domType": "UnknownReference", + "method": "commence" + }, + { + "column": 61, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java", + "fullName": "org.owasp.webgoat.AjaxAuthenticationEntryPoint.commence.authException.getMessage", + "length": 1, + "line": 53, + "methodLine": 51, + "name": "getMessage", + "domType": "MethodInvokeExpr", + "method": "commence" + }, + { + "column": 31, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java", + "fullName": "org.owasp.webgoat.AjaxAuthenticationEntryPoint.commence.response.sendError", + "length": 1, + "line": 53, + "methodLine": 51, + "name": "sendError", + "domType": "MethodInvokeExpr", + "method": "commence" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "nNQillKfYk0raFglKT/v1/+Db94=", + "similarityId": 264082994, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 98, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e", + "length": 1, + "line": 41, + "methodLine": 25, + "name": "e", + "domType": "Declarator", + "method": "runTests" + }, + { + "column": 4, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e", + "length": 1, + "line": 42, + "methodLine": 25, + "name": "e", + "domType": "UnknownReference", + "method": "runTests" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e.printStackTrace", + "length": 1, + "line": 42, + "methodLine": 25, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "runTests" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "sOsoWCobyeOmJjIjBVpYK8aJRmU=", + "similarityId": -2077443407, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 98, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e", + "length": 1, + "line": 34, + "methodLine": 25, + "name": "e", + "domType": "Declarator", + "method": "runTests" + }, + { + "column": 4, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e", + "length": 1, + "line": 35, + "methodLine": 25, + "name": "e", + "domType": "UnknownReference", + "method": "runTests" + }, + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "org.owasp.webgoat.CryptoTest.runTests.e.printStackTrace", + "length": 1, + "line": 35, + "methodLine": 25, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "runTests" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + } + ] + }, + { + "queryName": "Improper_Resource_Access_Authorization", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "sTOnRRVES/UZAYgJcobHI0pMOvY=", + "similarityId": -585239209, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 95, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.solvedIt.uploadedFile.getCanonicalFile", + "length": 1, + "line": 64, + "methodLine": 63, + "name": "getCanonicalFile", + "domType": "MethodInvokeExpr", + "method": "solvedIt" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "9/uedY61APNGNLIqTHretG5YaXc=", + "similarityId": -889630759, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 95, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 129, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.uploadedFile.getAbsoluteFile", + "length": 1, + "line": 52, + "methodLine": 30, + "name": "getAbsoluteFile", + "domType": "MethodInvokeExpr", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + } + ] + }, + { + "queryName": "Relative_Path_Traversal", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 7, + "vulnerabilities": [ + { + "id": "umDx4GOmGrjnou7X3BGQMaV8tSA=", + "similarityId": 2064563580, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 86, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013", + "OWASP Top 10 2017" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.get", + "length": 1, + "line": 301, + "methodLine": 294, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 22, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.then", + "length": 1, + "line": 302, + "methodLine": 294, + "name": "then", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.extract", + "length": 1, + "line": 303, + "methodLine": 294, + "name": "extract", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 36, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.response", + "length": 1, + "line": 303, + "methodLine": 294, + "name": "response", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.getBody", + "length": 1, + "line": 303, + "methodLine": 294, + "name": "getBody", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 57, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.asString", + "length": 1, + "line": 303, + "methodLine": 294, + "name": "asString", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.result", + "length": 6, + "line": 297, + "methodLine": 294, + "name": "result", + "domType": "Declarator", + "method": "getWebWolfServerPath" + }, + { + "column": 18, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.result", + "length": 6, + "line": 304, + "methodLine": 294, + "name": "result", + "domType": "UnknownReference", + "method": "getWebWolfServerPath" + }, + { + "column": 32, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.result.replace", + "length": 1, + "line": 304, + "methodLine": 294, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "getWebWolfServerPath" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.result", + "length": 6, + "line": 304, + "methodLine": 294, + "name": "result", + "domType": "UnknownReference", + "method": "getWebWolfServerPath" + }, + { + "column": 16, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath.result", + "length": 6, + "line": 305, + "methodLine": 294, + "name": "result", + "domType": "UnknownReference", + "method": "getWebWolfServerPath" + }, + { + "column": 46, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.IntegrationTest.getWebWolfServerPath", + "length": 1, + "line": 27, + "methodLine": 24, + "name": "getWebWolfServerPath", + "domType": "MethodInvokeExpr", + "method": "runTests" + }, + { + "column": 9, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.webwolfFileDir", + "length": 14, + "line": 27, + "methodLine": 24, + "name": "webwolfFileDir", + "domType": "UnknownReference", + "method": "runTests" + }, + { + "column": 98, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret", + "length": 1, + "line": 30, + "methodLine": 24, + "name": "getSecret", + "domType": "MethodInvokeExpr", + "method": "runTests" + }, + { + "column": 42, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.webwolfFileDir", + "length": 14, + "line": 57, + "methodLine": 55, + "name": "webwolfFileDir", + "domType": "UnknownReference", + "method": "getSecret" + }, + { + "column": 41, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "Paths.get", + "length": 1, + "line": 57, + "methodLine": 55, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "getSecret" + }, + { + "column": 14, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret.webWolfFilePath", + "length": 15, + "line": 57, + "methodLine": 55, + "name": "webWolfFilePath", + "domType": "Declarator", + "method": "getSecret" + }, + { + "column": 13, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret.webWolfFilePath", + "length": 15, + "line": 58, + "methodLine": 55, + "name": "webWolfFilePath", + "domType": "UnknownReference", + "method": "getSecret" + }, + { + "column": 26, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret.webWolfFilePath", + "length": 15, + "line": 59, + "methodLine": 55, + "name": "webWolfFilePath", + "domType": "UnknownReference", + "method": "getSecret" + }, + { + "column": 49, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "org.owasp.webgoat.XXETest.getSecret.webWolfFilePath.resolve", + "length": 1, + "line": 59, + "methodLine": 55, + "name": "resolve", + "domType": "MethodInvokeExpr", + "method": "getSecret" + }, + { + "column": 25, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java", + "fullName": "Files.delete", + "length": 1, + "line": 59, + "methodLine": 55, + "name": "delete", + "domType": "MethodInvokeExpr", + "method": "getSecret" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "WVqB4qzAV6CHrFK48hYmm6W/JUs=", + "similarityId": 1792312730, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 94, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.uploadFileHandler.file", + "length": 4, + "line": 38, + "methodLine": 38, + "name": "file", + "domType": "ParamDecl", + "method": "uploadFileHandler" + }, + { + "column": 14, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.uploadFileHandler.file", + "length": 4, + "line": 39, + "methodLine": 38, + "name": "file", + "domType": "UnknownReference", + "method": "uploadFileHandler" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.uploadFileHandler.file", + "length": 4, + "line": 42, + "methodLine": 38, + "name": "file", + "domType": "UnknownReference", + "method": "uploadFileHandler" + }, + { + "column": 57, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.file", + "length": 4, + "line": 47, + "methodLine": 47, + "name": "file", + "domType": "ParamDecl", + "method": "processZipUpload" + }, + { + "column": 61, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.file", + "length": 4, + "line": 56, + "methodLine": 47, + "name": "file", + "domType": "UnknownReference", + "method": "processZipUpload" + }, + { + "column": 85, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.file.getOriginalFilename", + "length": 1, + "line": 56, + "methodLine": 47, + "name": "getOriginalFilename", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "File", + "length": 3, + "line": 56, + "methodLine": 47, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "RTvoTh5nTHxgCt6p5gOg2wmmY44=", + "similarityId": 1058920700, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 72, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile", + "length": 6, + "line": 69, + "methodLine": 69, + "name": "myFile", + "domType": "ParamDecl", + "method": "importFile" + }, + { + "column": 9, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile", + "length": 6, + "line": 73, + "methodLine": 69, + "name": "myFile", + "domType": "UnknownReference", + "method": "importFile" + }, + { + "column": 64, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile", + "length": 6, + "line": 74, + "methodLine": 69, + "name": "myFile", + "domType": "UnknownReference", + "method": "importFile" + }, + { + "column": 90, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile.getOriginalFilename", + "length": 1, + "line": 74, + "methodLine": 69, + "name": "getOriginalFilename", + "domType": "MethodInvokeExpr", + "method": "importFile" + }, + { + "column": 39, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "File", + "length": 3, + "line": 74, + "methodLine": 69, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "importFile" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "vablo0GMfvUOatZxoi2/DDUmmIw=", + "similarityId": -1534960227, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 75, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadFix.uploadFileHandler.fullName", + "length": 8, + "line": 30, + "methodLine": 28, + "name": "fullName", + "domType": "ParamDecl", + "method": "uploadFileHandler" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadFix.uploadFileHandler.fullName", + "length": 8, + "line": 31, + "methodLine": 28, + "name": "fullName", + "domType": "UnknownReference", + "method": "uploadFileHandler" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadFix.uploadFileHandler.fullName.replace", + "length": 1, + "line": 31, + "methodLine": 28, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "uploadFileHandler" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 30, + "methodLine": 30, + "name": "fullName", + "domType": "ParamDecl", + "method": "execute" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 45, + "methodLine": 30, + "name": "fullName", + "domType": "UnknownReference", + "method": "execute" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "File", + "length": 3, + "line": 45, + "methodLine": 30, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "L6Ngs4gL+eKCp4yCDPSO4GhON+U=", + "similarityId": 770103585, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 102, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRemoveUserInput.uploadFileHandler.file", + "length": 4, + "line": 26, + "methodLine": 26, + "name": "file", + "domType": "ParamDecl", + "method": "uploadFileHandler" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRemoveUserInput.uploadFileHandler.file", + "length": 4, + "line": 27, + "methodLine": 26, + "name": "file", + "domType": "UnknownReference", + "method": "uploadFileHandler" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRemoveUserInput.uploadFileHandler.file.getOriginalFilename", + "length": 1, + "line": 27, + "methodLine": 26, + "name": "getOriginalFilename", + "domType": "MethodInvokeExpr", + "method": "uploadFileHandler" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 30, + "methodLine": 30, + "name": "fullName", + "domType": "ParamDecl", + "method": "execute" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 45, + "methodLine": 30, + "name": "fullName", + "domType": "UnknownReference", + "method": "execute" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "File", + "length": 3, + "line": 45, + "methodLine": 30, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "eHqrLtaIiPfClMLaT3SlCkZsBps=", + "similarityId": -1873249816, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 152, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUpload.uploadFileHandler.fullName", + "length": 8, + "line": 28, + "methodLine": 28, + "name": "fullName", + "domType": "ParamDecl", + "method": "uploadFileHandler" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUpload.uploadFileHandler.fullName", + "length": 8, + "line": 29, + "methodLine": 28, + "name": "fullName", + "domType": "UnknownReference", + "method": "uploadFileHandler" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 30, + "methodLine": 30, + "name": "fullName", + "domType": "ParamDecl", + "method": "execute" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.fullName", + "length": 8, + "line": 45, + "methodLine": 30, + "name": "fullName", + "domType": "UnknownReference", + "method": "execute" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "File", + "length": 3, + "line": 45, + "methodLine": 30, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "qkZJJo5rwYSkQZzx339lFhrC3W4=", + "similarityId": 1860107595, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 23, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "OWASP Top 10 2010", + "OWASP Top 10 2013" + ], + "firstScanId": "", + "nodes": [ + { + "column": 72, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile", + "length": 6, + "line": 69, + "methodLine": 69, + "name": "myFile", + "domType": "ParamDecl", + "method": "importFile" + }, + { + "column": 52, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile", + "length": 6, + "line": 73, + "methodLine": 69, + "name": "myFile", + "domType": "UnknownReference", + "method": "importFile" + }, + { + "column": 78, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.myFile.getOriginalFilename", + "length": 1, + "line": 73, + "methodLine": 69, + "name": "getOriginalFilename", + "domType": "MethodInvokeExpr", + "method": "importFile" + }, + { + "column": 27, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "File", + "length": 3, + "line": 73, + "methodLine": 69, + "name": "File", + "domType": "ObjectCreateExpr", + "method": "importFile" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + } + ] + }, + { + "queryName": "Plaintext_Storage_in_a_Cookie", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 4, + "vulnerabilities": [ + { + "id": "e6PYDZWW77fT3r1hEJpkihdsUMg=", + "similarityId": 616248938, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"victory\"\"", + "length": 9, + "line": 70, + "methodLine": 70, + "name": "\"\"victory\"\"", + "domType": "StringLiteral" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "TextCodec.BASE64.encode", + "length": 1, + "line": 70, + "methodLine": 70, + "name": "encode", + "domType": "MethodInvokeExpr" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 70, + "methodLine": 70, + "name": "JWT_PASSWORD", + "domType": "Declarator" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD", + "length": 12, + "line": 103, + "methodLine": 96, + "name": "JWT_PASSWORD", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.signWith", + "length": 1, + "line": 103, + "methodLine": 96, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.compact", + "length": 1, + "line": 104, + "methodLine": 96, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 101, + "methodLine": 96, + "name": "token", + "domType": "Declarator", + "method": "login" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 105, + "methodLine": 96, + "name": "token", + "domType": "UnknownReference", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "sMHbpT7WfbNRv73y1p1BVpCiflg=", + "similarityId": -1194656837, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 24, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"user\"\"", + "length": 6, + "line": 100, + "methodLine": 96, + "name": "\"\"user\"\"", + "domType": "StringLiteral", + "method": "login" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims.put", + "length": 1, + "line": 100, + "methodLine": 96, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 100, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 102, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.setClaims", + "length": 1, + "line": 102, + "methodLine": 96, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.signWith", + "length": 1, + "line": 103, + "methodLine": 96, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.compact", + "length": 1, + "line": 104, + "methodLine": 96, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 101, + "methodLine": 96, + "name": "token", + "domType": "Declarator", + "method": "login" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 105, + "methodLine": 96, + "name": "token", + "domType": "UnknownReference", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "yTTt/5fhPeLFw89Rxqez7jQ9PPM=", + "similarityId": -1243671881, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 24, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"admin\"\"", + "length": 7, + "line": 99, + "methodLine": 96, + "name": "\"\"admin\"\"", + "domType": "StringLiteral", + "method": "login" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims.put", + "length": 1, + "line": 99, + "methodLine": 96, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 99, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 100, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 102, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.setClaims", + "length": 1, + "line": 102, + "methodLine": 96, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.signWith", + "length": 1, + "line": 103, + "methodLine": 96, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.compact", + "length": 1, + "line": 104, + "methodLine": 96, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 101, + "methodLine": 96, + "name": "token", + "domType": "Declarator", + "method": "login" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 105, + "methodLine": 96, + "name": "token", + "domType": "UnknownReference", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "8OsiterWUT/U+j4oUQd4G2226ZA=", + "similarityId": -1964100231, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 315, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "\"\"false\"\"", + "length": 7, + "line": 99, + "methodLine": 96, + "name": "\"\"false\"\"", + "domType": "StringLiteral", + "method": "login" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims.put", + "length": 1, + "line": 99, + "methodLine": 96, + "name": "put", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 99, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 100, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.claims", + "length": 6, + "line": 102, + "methodLine": 96, + "name": "claims", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.setClaims", + "length": 1, + "line": 102, + "methodLine": 96, + "name": "setClaims", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.signWith", + "length": 1, + "line": 103, + "methodLine": 96, + "name": "signWith", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.compact", + "length": 1, + "line": 104, + "methodLine": 96, + "name": "compact", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 101, + "methodLine": 96, + "name": "token", + "domType": "Declarator", + "method": "login" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.token", + "length": 5, + "line": 105, + "methodLine": 96, + "name": "token", + "domType": "UnknownReference", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + } + ] + }, + { + "queryName": "Public_Data_Assigned_to_Private_Array", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 3, + "vulnerabilities": [ + { + "id": "x6vMeqH1diQWL+J5fwIrlGvlAUY=", + "similarityId": 1640005410, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 496, + "confidenceLevel": 0, + "compliance": null, + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 359, + "methodLine": 359, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 360, + "methodLine": 359, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 335, + "methodLine": 335, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 336, + "methodLine": 335, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 287, + "methodLine": 287, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.state.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "IndexerRef", + "method": "update" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.MD5State.buffer", + "length": 6, + "line": 488, + "methodLine": 488, + "name": "buffer", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "mlf0aFooUwCwENolhvawE/LIRz4=", + "similarityId": 1068543173, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 496, + "confidenceLevel": 0, + "compliance": null, + "firstScanId": "", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.b", + "length": 1, + "line": 116, + "methodLine": 116, + "name": "b", + "domType": "ParamDecl", + "method": "getHashString" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.b", + "length": 1, + "line": 118, + "methodLine": 116, + "name": "b", + "domType": "UnknownReference", + "method": "getHashString" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 335, + "methodLine": 335, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 336, + "methodLine": 335, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 287, + "methodLine": 287, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.state.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "IndexerRef", + "method": "update" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.MD5State.buffer", + "length": 6, + "line": 488, + "methodLine": 488, + "name": "buffer", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "XJaBg1HWqqmCS4spRpR7i+zDsUc=", + "similarityId": 817955477, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 496, + "confidenceLevel": 0, + "compliance": null, + "firstScanId": "", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.b", + "length": 1, + "line": 103, + "methodLine": 103, + "name": "b", + "domType": "ParamDecl", + "method": "getHash" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.b", + "length": 1, + "line": 105, + "methodLine": 103, + "name": "b", + "domType": "UnknownReference", + "method": "getHash" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 335, + "methodLine": 335, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 336, + "methodLine": 335, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 287, + "methodLine": 287, + "name": "buffer", + "domType": "ParamDecl", + "method": "update" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "UnknownReference", + "method": "update" + }, + { + "column": 23, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.update.state.buffer", + "length": 6, + "line": 319, + "methodLine": 287, + "name": "buffer", + "domType": "IndexerRef", + "method": "update" + }, + { + "column": 22, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.MD5State.buffer", + "length": 6, + "line": 488, + "methodLine": 488, + "name": "buffer", + "domType": "Declarator" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + } + ] + }, + { + "queryName": "Log_Forging", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 7, + "vulnerabilities": [ + { + "id": "JtEVE57PysVhSpIVEd03DCQZoYg=", + "similarityId": 909627465, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 106, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "org.owasp.webgoat.service.LabelService.fetchLabels.lang", + "length": 4, + "line": 81, + "methodLine": 81, + "name": "lang", + "domType": "ParamDecl", + "method": "fetchLabels" + }, + { + "column": 68, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "org.owasp.webgoat.service.LabelService.fetchLabels.lang", + "length": 4, + "line": 85, + "methodLine": 81, + "name": "lang", + "domType": "UnknownReference", + "method": "fetchLabels" + }, + { + "column": 22, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "log.debug", + "length": 1, + "line": 85, + "methodLine": 81, + "name": "debug", + "domType": "MethodInvokeExpr", + "method": "fetchLabels" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "NS4SBX/4jNgmxFjNHp8+sNqoD5A=", + "similarityId": 567919279, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 116, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.text", + "length": 4, + "line": 49, + "methodLine": 49, + "name": "text", + "domType": "ParamDecl", + "method": "logRequest" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.text", + "length": 4, + "line": 50, + "methodLine": 49, + "name": "text", + "domType": "UnknownReference", + "method": "logRequest" + }, + { + "column": 39, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "string.format", + "length": 1, + "line": 50, + "methodLine": 49, + "name": "format", + "domType": "MethodInvokeExpr", + "method": "logRequest" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.logLine", + "length": 7, + "line": 50, + "methodLine": 49, + "name": "logLine", + "domType": "Declarator", + "method": "logRequest" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.logLine", + "length": 7, + "line": 51, + "methodLine": 49, + "name": "logLine", + "domType": "UnknownReference", + "method": "logRequest" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "log.debug", + "length": 1, + "line": 51, + "methodLine": 49, + "name": "debug", + "domType": "MethodInvokeExpr", + "method": "logRequest" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "mWNX0pcbZ7JPiWek3K7JxgAUmEI=", + "similarityId": 722816432, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 66, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.userAgent", + "length": 9, + "line": 49, + "methodLine": 49, + "name": "userAgent", + "domType": "ParamDecl", + "method": "logRequest" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.userAgent", + "length": 9, + "line": 50, + "methodLine": 49, + "name": "userAgent", + "domType": "UnknownReference", + "method": "logRequest" + }, + { + "column": 39, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "string.format", + "length": 1, + "line": 50, + "methodLine": 49, + "name": "format", + "domType": "MethodInvokeExpr", + "method": "logRequest" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.logLine", + "length": 7, + "line": 50, + "methodLine": 49, + "name": "logLine", + "domType": "Declarator", + "method": "logRequest" + }, + { + "column": 19, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.logLine", + "length": 7, + "line": 51, + "methodLine": 49, + "name": "logLine", + "domType": "UnknownReference", + "method": "logRequest" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "log.debug", + "length": 1, + "line": 51, + "methodLine": 49, + "name": "debug", + "domType": "MethodInvokeExpr", + "method": "logRequest" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "SFaimC6EVsaM+eHYJOouOBcaswE=", + "similarityId": 1165013670, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 84, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.completed.modulus", + "length": 7, + "line": 64, + "methodLine": 64, + "name": "modulus", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "org.owasp.webgoat.crypto.SigningAssignment.completed.modulus", + "length": 7, + "line": 73, + "methodLine": 64, + "name": "modulus", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 12, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "log.warn", + "length": 1, + "line": 73, + "methodLine": 64, + "name": "warn", + "domType": "MethodInvokeExpr", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "sMZcfgC7YgmoClsT6LgKuPNXsQo=", + "similarityId": 830040802, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "org.owasp.webgoat.StartWebGoat.main.args", + "length": 4, + "line": 50, + "methodLine": 50, + "name": "args", + "domType": "ParamDecl", + "method": "main" + }, + { + "column": 92, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "org.owasp.webgoat.StartWebGoat.main.args", + "length": 4, + "line": 51, + "methodLine": 50, + "name": "args", + "domType": "UnknownReference", + "method": "main" + }, + { + "column": 91, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "StringUtils.arrayToCommaDelimitedString", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "arrayToCommaDelimitedString", + "domType": "MethodInvokeExpr", + "method": "main" + }, + { + "column": 17, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "log.info", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "info", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "pbvjY//OI10SnKJsE3HUztW6QXA=", + "similarityId": -239194266, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 72, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "org.owasp.webwolf.requests.LandingPage.ok.request.getRequestURL", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "getRequestURL", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 22, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "log.trace", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "trace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + }, + { + "id": "mLioXJ3KC2LR97R+tzeAyF9+lXI=", + "similarityId": -151958743, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 117, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "OWASP Mobile Top 10 2016", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "org.owasp.webwolf.requests.LandingPage.ok.request", + "length": 7, + "line": 40, + "methodLine": 40, + "name": "request", + "domType": "ParamDecl", + "method": "ok" + }, + { + "column": 51, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "org.owasp.webwolf.requests.LandingPage.ok.request", + "length": 7, + "line": 42, + "methodLine": 41, + "name": "request", + "domType": "UnknownReference", + "method": "Lambda" + }, + { + "column": 72, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "org.owasp.webwolf.requests.LandingPage.ok.request.getRequestURL", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "getRequestURL", + "domType": "MethodInvokeExpr", + "method": "Lambda" + }, + { + "column": 22, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java", + "fullName": "log.trace", + "length": 1, + "line": 42, + "methodLine": 41, + "name": "trace", + "domType": "MethodInvokeExpr", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111293 + } + } + ] + }, + { + "queryName": "Insufficiently_Protected_Credentials", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 2, + "vulnerabilities": [ + { + "id": "PdY1/6ZAJ8m2uyVHDrjrkYZOeIs=", + "similarityId": 1741668542, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 522, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 67, + "methodLine": 60, + "name": "results", + "domType": "Declarator", + "method": "getPassword" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 69, + "methodLine": 60, + "name": "results", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 70, + "methodLine": 60, + "name": "results", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results.getString", + "length": 1, + "line": 70, + "methodLine": 60, + "name": "getString", + "domType": "MethodInvokeExpr", + "method": "getPassword" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.password", + "length": 8, + "line": 70, + "methodLine": 60, + "name": "password", + "domType": "UnknownReference", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "pq2/YRRFEHMlYn56I2G0dbobiWA=", + "similarityId": -220098850, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 522, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 67, + "methodLine": 60, + "name": "results", + "domType": "Declarator", + "method": "getPassword" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 69, + "methodLine": 60, + "name": "results", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results", + "length": 7, + "line": 70, + "methodLine": 60, + "name": "results", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 49, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.results.getString", + "length": 1, + "line": 70, + "methodLine": 60, + "name": "getString", + "domType": "MethodInvokeExpr", + "method": "getPassword" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.password", + "length": 8, + "line": 70, + "methodLine": 60, + "name": "password", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.password", + "length": 8, + "line": 80, + "methodLine": 60, + "name": "password", + "domType": "UnknownReference", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Incorrect_Permission_Assignment_For_Critical_Resources", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 59, + "vulnerabilities": [ + { + "id": "6+dSJBaDeuzqcMOMI0l9opQ7g8E=", + "similarityId": -575868801, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java", + "fullName": "org.owasp.webgoat.LessonDataSource.setLogWriter.out", + "length": 3, + "line": 43, + "methodLine": 42, + "name": "out", + "domType": "UnknownReference", + "method": "setLogWriter" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "nOJ8GkKhvuTidpSzpG6jg4pt6NM=", + "similarityId": -1953078593, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/MvcConfiguration.java", + "fullName": "org.owasp.webwolf.MvcConfiguration.createDirectory.file", + "length": 4, + "line": 62, + "methodLine": 61, + "name": "file", + "domType": "Declarator", + "method": "createDirectory" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "9JtCu4rPme65EN6i05TExAoZTHc=", + "similarityId": -1044898135, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.getFiles.destinationDir", + "length": 14, + "line": 97, + "methodLine": 94, + "name": "destinationDir", + "domType": "Declarator", + "method": "getFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "2eG6+f909Dj51fdy58NRgwGjkkI=", + "similarityId": -1872557665, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.importFile.destinationDir", + "length": 14, + "line": 71, + "methodLine": 69, + "name": "destinationDir", + "domType": "Declarator", + "method": "importFile" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "PGhmrlDx6Z70s1eEduSmgn1YxZA=", + "similarityId": 572894751, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.logFile", + "length": 7, + "line": 52, + "methodLine": 49, + "name": "logFile", + "domType": "Declarator", + "method": "logRequest" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "1wTPAeceMNNq0ypV4/r+bamDS60=", + "similarityId": 96758065, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignment.createSecretFileWithRandomContents.targetDirectory", + "length": 15, + "line": 66, + "methodLine": 65, + "name": "targetDirectory", + "domType": "Declarator", + "method": "createSecretFileWithRandomContents" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "iC9M/Vvzdc0advl50yiIaDl7GWo=", + "similarityId": 2003434687, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.uploadDirectory", + "length": 15, + "line": 49, + "methodLine": 47, + "name": "uploadDirectory", + "domType": "Declarator", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "SpMzQVo9bEnrjwfORmHW1ZJhvyQ=", + "similarityId": 1582149431, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.tmpZipDirectory", + "length": 15, + "line": 48, + "methodLine": 47, + "name": "tmpZipDirectory", + "domType": "Declarator", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "VWOluMYo1EW6s8RmgDuF/3hOAtY=", + "similarityId": 907419039, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRetrieval.getProfilePicture.catPicture", + "length": 10, + "line": 86, + "methodLine": 79, + "name": "catPicture", + "domType": "Declarator", + "method": "getProfilePicture" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "BZ373viRf8vV8XyKxC3kWdSZASg=", + "similarityId": -18706337, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRetrieval.initAssignment.secretDirectory", + "length": 15, + "line": 60, + "methodLine": 52, + "name": "secretDirectory", + "domType": "Declarator", + "method": "initAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "nK5YuWsTX6BJ8OYPHE8Kj/diezA=", + "similarityId": 838451287, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.getProfilePictureAsBase64.profilePictureDirectory", + "length": 23, + "line": 77, + "methodLine": 76, + "name": "profilePictureDirectory", + "domType": "Declarator", + "method": "getProfilePictureAsBase64" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "XBJYV1+tYIdcGCaVqPNpcK0OcEM=", + "similarityId": 1010726175, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.uploadDirectory", + "length": 15, + "line": 38, + "methodLine": 30, + "name": "uploadDirectory", + "domType": "Declarator", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "CbXzTrzH/1aycAfi2V53at8rTKQ=", + "similarityId": 255484895, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java", + "fullName": "org.owasp.webgoat.client_side_filtering.Salaries.invoke.d", + "length": 1, + "line": 76, + "methodLine": 74, + "name": "d", + "domType": "Declarator", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "FjvtgVZL656rYbmMbhRKoWMzt6g=", + "similarityId": -2046522443, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java", + "fullName": "org.owasp.webgoat.client_side_filtering.Salaries.copyFiles.targetDirectory", + "length": 15, + "line": 61, + "methodLine": 59, + "name": "targetDirectory", + "domType": "Declarator", + "method": "copyFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "ikdgPHATi4yZ9A9S7FUdfeUYiKs=", + "similarityId": 860241955, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.baseDirectory", + "length": 13, + "line": 50, + "methodLine": 48, + "name": "baseDirectory", + "domType": "Declarator", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "irETsQAiJ3sr2hBWUUV3iLb7qko=", + "similarityId": -1494855197, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "path", + "length": 4, + "line": 62, + "methodLine": 64, + "name": "path", + "domType": "UnknownReference", + "method": "getFileLocation" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "2yNvrNdu78tSmkkIZBEVyD3kYXQ=", + "similarityId": -1549428481, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "path", + "length": 4, + "line": 112, + "methodLine": 114, + "name": "path", + "domType": "UnknownReference", + "method": "setSecurity" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "HC0NjaRMd0EJESY+H67peDzq1HU=", + "similarityId": 794841759, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "path", + "length": 4, + "line": 103, + "methodLine": 105, + "name": "path", + "domType": "UnknownReference", + "method": "getSampleDTDFile" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "qiiKn2eTJzHcu01PZStPoiaxN7Y=", + "similarityId": -49084673, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "path", + "length": 4, + "line": 97, + "methodLine": 99, + "name": "path", + "domType": "UnknownReference", + "method": "getWebGoatHomeDirectory" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "/Hr/b/GffKt3Po5N8uk1RsEpzs0=", + "similarityId": -817670657, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "path", + "length": 4, + "line": 67, + "methodLine": 69, + "name": "path", + "domType": "UnknownReference", + "method": "createNewComment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "sEcigmFHhcHfESXt+MBerihGXQQ=", + "similarityId": 753722851, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java", + "fullName": "path", + "length": 4, + "line": 57, + "methodLine": 59, + "name": "path", + "domType": "UnknownReference", + "method": "createNewUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "gRWsTzFWhLcxKVRlnMqA3lmgMSE=", + "similarityId": 679228319, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java", + "fullName": "path", + "length": 4, + "line": 77, + "methodLine": 79, + "name": "path", + "domType": "UnknownReference", + "method": "addComment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "tAZnu46mLdFWxmd1gp3iQSDZxyE=", + "similarityId": 545260199, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SimpleMailAssignment.java", + "fullName": "path", + "length": 4, + "line": 56, + "methodLine": 58, + "name": "path", + "domType": "UnknownReference", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "nmaxDrqyXSdNABtb7mqeMhY1c1I=", + "similarityId": -886325719, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/QuestionsAssignment.java", + "fullName": "path", + "length": 4, + "line": 53, + "methodLine": 55, + "name": "path", + "domType": "UnknownReference", + "method": "passwordReset" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "liCh3RMsOR9qkBT70HaklpuIN1A=", + "similarityId": -1915908225, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHash.java", + "fullName": "path", + "length": 4, + "line": 44, + "methodLine": 46, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "5ItX7x+HVdJ2BZT6qAqZTAHUXls=", + "similarityId": 1849588543, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "path", + "length": 4, + "line": 81, + "methodLine": 84, + "name": "path", + "domType": "UnknownReference", + "method": "addUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "LSc7RZtLUzVvjVkuXcdaA2Y/Muc=", + "similarityId": 543727167, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "path", + "length": 4, + "line": 69, + "methodLine": 71, + "name": "path", + "domType": "UnknownReference", + "method": "usersService" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "0EARr23UTB2Pfvia11WfKB7y9CI=", + "similarityId": -1409771361, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "path", + "length": 4, + "line": 52, + "methodLine": 53, + "name": "path", + "domType": "UnknownReference", + "method": "listUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "A9QmixEEPuDHfK6YngRGmsjIkhI=", + "similarityId": -379835233, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java", + "fullName": "path", + "length": 4, + "line": 45, + "methodLine": 47, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "kSsxU5xuyIpcmdbz87JsCEXuirc=", + "similarityId": 299447551, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java", + "fullName": "path", + "length": 4, + "line": 59, + "methodLine": 61, + "name": "path", + "domType": "UnknownReference", + "method": "getSecretToken" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "HKbp+jwpzjpN5wza+CpMvjbMJtY=", + "similarityId": 213606591, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java", + "fullName": "path", + "length": 4, + "line": 43, + "methodLine": 45, + "name": "path", + "domType": "UnknownReference", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "KMwTDb2jTfFjp/vNDLfWDn3pm1I=", + "similarityId": -770328401, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOtherProfile.java", + "fullName": "path", + "length": 4, + "line": 46, + "methodLine": 48, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "IwdJsym3/xQhSlKZCYhCT+tZJiY=", + "similarityId": -763425607, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java", + "fullName": "path", + "length": 4, + "line": 43, + "methodLine": 45, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "gp41wGxFuilo7DC6VxhiHcZnqFY=", + "similarityId": -1709347745, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java", + "fullName": "path", + "length": 4, + "line": 40, + "methodLine": 42, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "BGQjyFcyo1Tl8uO359YUSegO+nc=", + "similarityId": -1900408907, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/ForgedReviews.java", + "fullName": "path", + "length": 4, + "line": 69, + "methodLine": 71, + "name": "path", + "domType": "UnknownReference", + "method": "retrieveReviews" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "npROPm5UHW0C3AQ1yFxJR6lYUoI=", + "similarityId": -639836229, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java", + "fullName": "path", + "length": 4, + "line": 50, + "methodLine": 52, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "mxb7g4ho7gSDYvmtI0rVEwIiNCs=", + "similarityId": -296990401, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java", + "fullName": "path", + "length": 4, + "line": 49, + "methodLine": 51, + "name": "path", + "domType": "UnknownReference", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "jJUm1vbPagXK5Zv0hM8ekjm1Wro=", + "similarityId": -1982732215, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java", + "fullName": "path", + "length": 4, + "line": 83, + "methodLine": 85, + "name": "path", + "domType": "UnknownReference", + "method": "flag" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "ReTA+yk+OjU86dVeVNu3Rzi7SLU=", + "similarityId": 1489885727, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFConfirmFlag1.java", + "fullName": "path", + "length": 4, + "line": 45, + "methodLine": 47, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "LxyFOr12HIUQtTQkkaa7b+8TQ4Q=", + "similarityId": 362970303, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java", + "fullName": "path", + "length": 4, + "line": 48, + "methodLine": 50, + "name": "path", + "domType": "UnknownReference", + "method": "getPrivateKey" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "yIOJ33GOgxxJFUAXk1+vfmeAkKA=", + "similarityId": 1938398683, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "path", + "length": 4, + "line": 67, + "methodLine": 69, + "name": "path", + "domType": "UnknownReference", + "method": "getSha256" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "LM3r8ebkGX70SlD7+/j2PJ8wxWU=", + "similarityId": -1571676117, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java", + "fullName": "path", + "length": 4, + "line": 47, + "methodLine": 49, + "name": "path", + "domType": "UnknownReference", + "method": "getMd5" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "GnoUddJnk5zqPWmDv2BpkSvBG2Y=", + "similarityId": 536246943, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "path", + "length": 4, + "line": 45, + "methodLine": 47, + "name": "path", + "domType": "UnknownReference", + "method": "getBasicAuth" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "//0akt8VD6iXWCsy6LJSDjMyoI0=", + "similarityId": 120759845, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/stored/StoredXssComments.java", + "fullName": "path", + "length": 4, + "line": 73, + "methodLine": 75, + "name": "path", + "domType": "UnknownReference", + "method": "retrieveComments" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "JsidE74bARWVqj91UBzhAfEHuls=", + "similarityId": 799236191, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkLesson.java", + "fullName": "path", + "length": 4, + "line": 55, + "methodLine": 57, + "name": "path", + "domType": "UnknownReference", + "method": "ok" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "F+zQRi3isIkhH13Yc7cGLZglohY=", + "similarityId": 129392607, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java", + "fullName": "path", + "length": 4, + "line": 70, + "methodLine": 72, + "name": "path", + "domType": "UnknownReference", + "method": "postFlag" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "YZnLNgB2M3dfbOShCLr90f+TibQ=", + "similarityId": 935850655, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 18, + "fileName": "/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/VerifyAccount.java", + "fullName": "path", + "length": 4, + "line": 57, + "methodLine": 59, + "name": "path", + "domType": "UnknownReference", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "7fs64UG8RGYq9TbSnjVcKKLZrwg=", + "similarityId": 2128395071, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/SessionService.java", + "fullName": "path", + "length": 4, + "line": 37, + "methodLine": 39, + "name": "path", + "domType": "UnknownReference", + "method": "showSession" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "NZy52HKpQTdpz2IVDbJpbiEdD6I=", + "similarityId": 1564679129, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java", + "fullName": "path", + "length": 4, + "line": 50, + "methodLine": 52, + "name": "path", + "domType": "UnknownReference", + "method": "restartLesson" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "Z/BVkQmebD7+/1VSykDQOpCBW9k=", + "similarityId": -584180867, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java", + "fullName": "path", + "length": 4, + "line": 67, + "methodLine": 69, + "name": "path", + "domType": "UnknownReference", + "method": "reportCard" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "ISemkHC9CzoMgp9bvo+BU/TNkr4=", + "similarityId": -301553121, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java", + "fullName": "path", + "length": 4, + "line": 30, + "methodLine": 33, + "name": "path", + "domType": "UnknownReference", + "method": "showPlan" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "6I8umKwlH7nETtglGH4QpiCTPEg=", + "similarityId": 2090842623, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java", + "fullName": "path", + "length": 4, + "line": 80, + "methodLine": 83, + "name": "path", + "domType": "UnknownReference", + "method": "showLeftNav" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "j+LSLz73jK245ZlsONMEtNEoWV4=", + "similarityId": 1948998655, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java", + "fullName": "path", + "length": 4, + "line": 29, + "methodLine": 31, + "name": "path", + "domType": "UnknownReference", + "method": "getLessonInfo" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "RwsaSHQumzGV6sYyd/tD/ER1CaM=", + "similarityId": -1924382875, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "path", + "length": 4, + "line": 79, + "methodLine": 81, + "name": "path", + "domType": "UnknownReference", + "method": "fetchLabels" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "w8znepOZqlQNJcq6oBnnta72YGw=", + "similarityId": -1306141345, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java", + "fullName": "path", + "length": 4, + "line": 68, + "methodLine": 70, + "name": "path", + "domType": "UnknownReference", + "method": "checkDebuggingStatus" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "WXa8GlNlOo3q+Re7JdUql+VZrkU=", + "similarityId": -525961819, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java", + "fullName": "path", + "length": 4, + "line": 42, + "methodLine": 44, + "name": "path", + "domType": "UnknownReference", + "method": "getHints" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "dopilhQmCaenunwk0L/uSPlpaZ0=", + "similarityId": 1302016767, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java", + "fullName": "path", + "length": 4, + "line": 59, + "methodLine": 60, + "name": "path", + "domType": "UnknownReference", + "method": "welcome" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "UnHJlNajFPHNljwcyxYJ11peV04=", + "similarityId": 1944775467, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java", + "fullName": "path", + "length": 4, + "line": 65, + "methodLine": 66, + "name": "path", + "domType": "UnknownReference", + "method": "start" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "XYde/+sYmAYi/PxotMUpMlIOrxc=", + "similarityId": -1685049185, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 732, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java", + "fullName": "path", + "length": 4, + "line": 57, + "methodLine": 58, + "name": "path", + "domType": "UnknownReference", + "method": "attack" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Improper_Exception_Handling", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 31, + "vulnerabilities": [ + { + "id": "zsWG6+130P6H1/0cHNtAyTsO9zw=", + "similarityId": -1203623223, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "6X82/pQHn8xVXLZbUfqmJ/fOXeo=", + "similarityId": 1714029513, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 25, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/MvcConfiguration.java", + "fullName": "org.owasp.webwolf.MvcConfiguration.createDirectory.file.exists", + "length": 1, + "line": 63, + "methodLine": 61, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "createDirectory" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "zcN2fQJU+VGqfKJbxhaJLHW1M5g=", + "similarityId": 149364363, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 39, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.getFiles.changeIndicatorFile.exists", + "length": 1, + "line": 102, + "methodLine": 94, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "getFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "y0HfHJgvNOWf+Q1PZbylva8QXIM=", + "similarityId": 136956457, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignment.createSecretFileWithRandomContents.targetDirectory.exists", + "length": 1, + "line": 67, + "methodLine": 65, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "createSecretFileWithRandomContents" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "rXCeXVVFdAmm1V9XQfZSB04z2+4=", + "similarityId": -459610733, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.execute.uploadDirectory.exists", + "length": 1, + "line": 39, + "methodLine": 30, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "execute" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "dp1Mbe3ikng0CotkPpzWp74VKeQ=", + "similarityId": 1059010363, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java", + "fullName": "org.owasp.webgoat.client_side_filtering.Salaries.copyFiles.targetDirectory.exists", + "length": 1, + "line": 62, + "methodLine": 59, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "copyFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "kLJHDLwwwdKsmQdqVwblwk8rnPI=", + "similarityId": 1489102729, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 46, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.exists", + "length": 1, + "line": 79, + "methodLine": 48, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "8Mfa/QvtMKaEuzWkSJvUxCIhiho=", + "similarityId": -1909475675, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 43, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.mavenWrapperPropertyFile.exists", + "length": 1, + "line": 57, + "methodLine": 48, + "name": "exists", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "UcWiCiymM6xmwmsU8smHXQK4oZ0=", + "similarityId": 1887636001, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "Files.createDirectories", + "length": 1, + "line": 52, + "methodLine": 47, + "name": "createDirectories", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "eKzlnwMf09165NtOm7LU8zlTqxk=", + "similarityId": 533502927, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "Files.createDirectories", + "length": 1, + "line": 51, + "methodLine": 47, + "name": "createDirectories", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "E1IZe24xuHnqDr+UnzljrS7z7EA=", + "similarityId": 407125801, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 24, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/MvcConfiguration.java", + "fullName": "org.owasp.webwolf.MvcConfiguration.createDirectory.file.mkdirs", + "length": 1, + "line": 64, + "methodLine": 61, + "name": "mkdirs", + "domType": "MethodInvokeExpr", + "method": "createDirectory" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "A0m0zqt/wz6g2Wl40QGeeNV6WF4=", + "similarityId": -1960838071, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRetrieval.catPicturesDirectory.mkdirs", + "length": 1, + "line": 48, + "methodLine": 46, + "name": "mkdirs", + "domType": "MethodInvokeExpr", + "method": "ProfileUploadRetrieval" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "+9SP/uUM3mAZrQgaWE481ATxxNY=", + "similarityId": -1567826569, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 50, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.mkdirs", + "length": 1, + "line": 80, + "methodLine": 48, + "name": "mkdirs", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "e30z73NMUNjUM7RkVFcrQP925ZM=", + "similarityId": 351136137, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java", + "fullName": "org.owasp.webgoat.xxe.BlindSendFileAssignment.createSecretFileWithRandomContents.targetDirectory.mkdir", + "length": 1, + "line": 68, + "methodLine": 65, + "name": "mkdir", + "domType": "MethodInvokeExpr", + "method": "createSecretFileWithRandomContents" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "HcrQCiIRrb+7RL6TglAOToY8HeI=", + "similarityId": 1401986345, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java", + "fullName": "org.owasp.webgoat.client_side_filtering.Salaries.copyFiles.targetDirectory.mkdir", + "length": 1, + "line": 63, + "methodLine": 59, + "name": "mkdir", + "domType": "MethodInvokeExpr", + "method": "copyFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "0LpTVMBO0XGcE5veIcA1zyRlW8U=", + "similarityId": 333764635, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.getFiles.destinationDir.listFiles", + "length": 1, + "line": 108, + "methodLine": 94, + "name": "listFiles", + "domType": "MethodInvokeExpr", + "method": "getFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "524plkTl7IFuvWm1KSp2fJcrgvo=", + "similarityId": 1801754153, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.getProfilePictureAsBase64.profilePictureDirectory.listFiles", + "length": 1, + "line": 78, + "methodLine": 76, + "name": "listFiles", + "domType": "MethodInvokeExpr", + "method": "getProfilePictureAsBase64" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "G6Z+A6AIOAh4c+oV++NVmi1pE9s=", + "similarityId": -243750061, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 75, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.getFiles.file.length", + "length": 1, + "line": 111, + "methodLine": 94, + "name": "length", + "domType": "MethodInvokeExpr", + "method": "getFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "1U/ctf0SgzE+7RbwAEJ/mXtHvfM=", + "similarityId": 312651709, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 91, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 52, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "wptmEhxcm0Qkq0naTRa3VqMPl5o=", + "similarityId": 312651709, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 52, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "gTcTs5ggYorUgYNjmMwer7+EsEk=", + "similarityId": 1214110123, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 91, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 51, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "ud3e34yRU3sUrQoUc9P7nRBrzKw=", + "similarityId": 1214110123, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 51, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "3CVr8l4VFF4qTUcHW6IRldbWydE=", + "similarityId": -1100621417, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 44, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 50, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "63F/3gp80W4HNWnu6h5afylZmkE=", + "similarityId": 637077897, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 44, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getenv", + "length": 1, + "line": 49, + "methodLine": 46, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "o9R3J1ISVouC5guDDDTXvKjGh+Y=", + "similarityId": 729026185, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 91, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.getenv", + "length": 1, + "line": 56, + "methodLine": 50, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "m2omSaCIPTfgzhioBgHhWm5ZutI=", + "similarityId": 729026185, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.getenv", + "length": 1, + "line": 56, + "methodLine": 50, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "EJkNtxMiYjYjwPArN7tHAcqnNXY=", + "similarityId": 1630937673, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 44, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.getenv", + "length": 1, + "line": 55, + "methodLine": 50, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "VIO80/N8K85SE487oOVWa8PHSzA=", + "similarityId": 138658631, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 44, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.getenv", + "length": 1, + "line": 54, + "methodLine": 50, + "name": "getenv", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "vBdT6k5pqaT3X7chs4ooX2rOY3M=", + "similarityId": -1585511305, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 69, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java", + "fullName": "System.getProperty", + "length": 1, + "line": 43, + "methodLine": 42, + "name": "getProperty", + "domType": "MethodInvokeExpr", + "method": "decode" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "aYpf560WAdyQdlPJJ4lW5VW+abk=", + "similarityId": -1416723511, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.getProperty", + "length": 1, + "line": 53, + "methodLine": 46, + "name": "getProperty", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "1AD+jNIh6aVGMVyNZfcDo8Dsx7M=", + "similarityId": 109769293, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/OperatingSystemMacro.java", + "fullName": "System.getProperty", + "length": 1, + "line": 20, + "methodLine": 19, + "name": "getProperty", + "domType": "MethodInvokeExpr", + "method": "process" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Information_Exposure_Through_an_Error_Message", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 13, + "vulnerabilities": [ + { + "id": "avD1A72MlpOcAASCdo0SX3NqQZA=", + "similarityId": 1098077941, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 104, + "methodLine": 48, + "name": "e", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 105, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 109, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e.printStackTrace", + "length": 1, + "line": 109, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "rWY9/Fo9gfEWSKROrCNaLF0h950=", + "similarityId": -407245451, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 83, + "methodLine": 48, + "name": "e", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 84, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 88, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 34, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e.printStackTrace", + "length": 1, + "line": 88, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "5uKWR+u02WZcDA+DNiUxKLD00ro=", + "similarityId": 1402619169, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlInjectionLesson10b.getJavaFileContentsAsString.exception", + "length": 9, + "line": 111, + "methodLine": 106, + "name": "exception", + "domType": "Declarator", + "method": "getJavaFileContentsAsString" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlInjectionLesson10b.getJavaFileContentsAsString.exception", + "length": 9, + "line": 112, + "methodLine": 106, + "name": "exception", + "domType": "UnknownReference", + "method": "getJavaFileContentsAsString" + }, + { + "column": 38, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlInjectionLesson10b.getJavaFileContentsAsString.exception.printStackTrace", + "length": 1, + "line": 112, + "methodLine": 106, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getJavaFileContentsAsString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "lkEk771lFt5hakbiG6jHaU3sV/M=", + "similarityId": 1098077941, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 104, + "methodLine": 48, + "name": "e", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 105, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e.printStackTrace", + "length": 1, + "line": 105, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "0vgWB+hEOuGVNF+tER1WPsMM8v0=", + "similarityId": 1932250452, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle", + "length": 4, + "line": 99, + "methodLine": 48, + "name": "sqle", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle", + "length": 4, + "line": 100, + "methodLine": 48, + "name": "sqle", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle.printStackTrace", + "length": 1, + "line": 100, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "Mg8P1epn0DUghjU4NdjE2GePpp8=", + "similarityId": -257354645, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.e", + "length": 1, + "line": 94, + "methodLine": 56, + "name": "e", + "domType": "Declarator", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.e", + "length": 1, + "line": 95, + "methodLine": 56, + "name": "e", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.e.printStackTrace", + "length": 1, + "line": 95, + "methodLine": 56, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "4XpwL7xqQgUuq84DCtPoXi6mFQs=", + "similarityId": -2027040932, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.e", + "length": 1, + "line": 90, + "methodLine": 48, + "name": "e", + "domType": "Declarator", + "method": "main" + }, + { + "column": 13, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.e", + "length": 1, + "line": 92, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "main" + }, + { + "column": 30, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.e.printStackTrace", + "length": 1, + "line": 92, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "IiIr5Zr5wMwExTRfT+BhFfCqdjI=", + "similarityId": -407245451, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 83, + "methodLine": 48, + "name": "e", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e", + "length": 1, + "line": 84, + "methodLine": 48, + "name": "e", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 34, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.e.printStackTrace", + "length": 1, + "line": 84, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "9AoDk6tjeb6LTm9KTU5VoiWyuo4=", + "similarityId": -2011538843, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.e", + "length": 1, + "line": 76, + "methodLine": 60, + "name": "e", + "domType": "Declarator", + "method": "getPassword" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.e", + "length": 1, + "line": 77, + "methodLine": 60, + "name": "e", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.e.printStackTrace", + "length": 1, + "line": 77, + "methodLine": 60, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "o3OizxEJNcZ9B3asdYSqzHuWUk4=", + "similarityId": 2110548305, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle", + "length": 4, + "line": 74, + "methodLine": 48, + "name": "sqle", + "domType": "Declarator", + "method": "getUsers" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle", + "length": 4, + "line": 75, + "methodLine": 48, + "name": "sqle", + "domType": "UnknownReference", + "method": "getUsers" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "org.owasp.webgoat.missing_ac.Users.getUsers.sqle.printStackTrace", + "length": 1, + "line": 75, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "D/gjshI/Ee1fwZ1+kDuKZ2nZC1Y=", + "similarityId": 1157575465, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java", + "fullName": "org.owasp.webgoat.LessonTemplateResolver.computeTemplateResource.e", + "length": 1, + "line": 73, + "methodLine": 67, + "name": "e", + "domType": "Declarator", + "method": "computeTemplateResource" + }, + { + "column": 17, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java", + "fullName": "org.owasp.webgoat.LessonTemplateResolver.computeTemplateResource.e", + "length": 1, + "line": 74, + "methodLine": 67, + "name": "e", + "domType": "UnknownReference", + "method": "computeTemplateResource" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java", + "fullName": "org.owasp.webgoat.LessonTemplateResolver.computeTemplateResource.e.printStackTrace", + "length": 1, + "line": 74, + "methodLine": 67, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "computeTemplateResource" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "dOm9xpWB8SS0OKfnSKYyngfwrio=", + "similarityId": 1280996661, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.sqle", + "length": 4, + "line": 72, + "methodLine": 60, + "name": "sqle", + "domType": "Declarator", + "method": "getPassword" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.sqle", + "length": 4, + "line": 73, + "methodLine": 60, + "name": "sqle", + "domType": "UnknownReference", + "method": "getPassword" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6b.getPassword.sqle.printStackTrace", + "length": 1, + "line": 73, + "methodLine": 60, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "FmXAcAMi5nCbhcDQ6xPWgFlQ5vM=", + "similarityId": 1624416303, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 209, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "OWASP Top 10 API", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java", + "fullName": "org.owasp.webgoat.ssrf.SSRFTask1.stealTheCheese.e", + "length": 1, + "line": 67, + "methodLine": 44, + "name": "e", + "domType": "Declarator", + "method": "stealTheCheese" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java", + "fullName": "org.owasp.webgoat.ssrf.SSRFTask1.stealTheCheese.e", + "length": 1, + "line": 68, + "methodLine": 44, + "name": "e", + "domType": "UnknownReference", + "method": "stealTheCheese" + }, + { + "column": 30, + "fileName": "/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java", + "fullName": "org.owasp.webgoat.ssrf.SSRFTask1.stealTheCheese.e.printStackTrace", + "length": 1, + "line": 68, + "methodLine": 44, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "stealTheCheese" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Improper_Transaction_Handling", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "JgpW8jNY7p4eP0CILX3zw35oI58=", + "similarityId": -688097315, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 460, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "try", + "length": 3, + "line": 62, + "methodLine": 60, + "name": "try", + "domType": "TryCatchFinallyStmt", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Improper_Resource_Access_Authorization", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 24, + "vulnerabilities": [ + { + "id": "vmyOIp4vRkNnAiNcp4XHrdgPlNs=", + "similarityId": 1072538391, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java", + "fullName": "org.owasp.webwolf.WebSecurityConfig.configure.http.authorizeRequests", + "length": 1, + "line": 52, + "methodLine": 50, + "name": "authorizeRequests", + "domType": "MethodInvokeExpr", + "method": "configure" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "H6Xj9RFb3fFTLcpx5s4euJJB8i8=", + "similarityId": -587695689, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "Files.copy", + "length": 1, + "line": 65, + "methodLine": 47, + "name": "copy", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "b8EI5SwVIvkBqAlT6R4FMOtxPOg=", + "similarityId": 388998181, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 48, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/FileServer.java", + "fullName": "org.owasp.webwolf.FileServer.getFiles.destinationDir.listFiles", + "length": 1, + "line": 108, + "methodLine": 94, + "name": "listFiles", + "domType": "MethodInvokeExpr", + "method": "getFiles" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "QIw+1ZOiwtnrfF1TsSikbnZWUDs=", + "similarityId": -1260852451, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 103, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadRetrieval.getProfilePicture.listFiles", + "length": 1, + "line": 101, + "methodLine": 79, + "name": "listFiles", + "domType": "MethodInvokeExpr", + "method": "getProfilePicture" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "9E734tpNjp5F1/H+rl9iaYNB8ak=", + "similarityId": 1960373335, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.getProfilePictureAsBase64.profilePictureDirectory.listFiles", + "length": 1, + "line": 78, + "methodLine": 76, + "name": "listFiles", + "domType": "MethodInvokeExpr", + "method": "getProfilePictureAsBase64" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "5SRAlJRBbHspXfwDbZlLGoqhJTo=", + "similarityId": -1503392927, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java", + "fullName": "org.owasp.webgoat.xxe.Ping.logRequest.pw.println", + "length": 1, + "line": 55, + "methodLine": 49, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "logRequest" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "L033+3BUhWeeqspl81+2IR8tN8s=", + "similarityId": -1854672283, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.fromString.ois.readObject", + "length": 1, + "line": 21, + "methodLine": 16, + "name": "readObject", + "domType": "MethodInvokeExpr", + "method": "fromString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "rl+fZfRf+99QkYh9EOnOiTVYY/A=", + "similarityId": 753120695, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java", + "fullName": "org.owasp.webgoat.deserialization.InsecureDeserializationTask.completed.ois.readObject", + "length": 1, + "line": 56, + "methodLine": 46, + "name": "readObject", + "domType": "MethodInvokeExpr", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "qd7xef6gmjnRaqMV2qpC3lp34GM=", + "similarityId": 1117742903, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java", + "fullName": "org.owasp.webgoat.ssrf.SSRFTask2.furBall.in.readAllBytes", + "length": 1, + "line": 54, + "methodLine": 50, + "name": "readAllBytes", + "domType": "MethodInvokeExpr", + "method": "furBall" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "MAUAP4bvPEZb6szd9PL0Xule8fk=", + "similarityId": 2128758173, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.in.read", + "length": 1, + "line": 152, + "methodLine": 148, + "name": "read", + "domType": "MethodInvokeExpr", + "method": "getHashString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "E0GuVhMY986gCY2LMR4ZFOYog5g=", + "similarityId": -1438599347, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.in.read", + "length": 1, + "line": 134, + "methodLine": 130, + "name": "read", + "domType": "MethodInvokeExpr", + "method": "getHash" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "mhJvxQ/VgHLnIO2HjWc81A967hU=", + "similarityId": -752916265, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 89, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java", + "fullName": "org.owasp.webgoat.challenges.challenge1.ImageServlet.doGet.readAllBytes", + "length": 1, + "line": 25, + "methodLine": 22, + "name": "readAllBytes", + "domType": "MethodInvokeExpr", + "method": "doGet" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "BNunlhndh8XUGzub9fGXALFWD4o=", + "similarityId": -1811404337, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 129, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java", + "fullName": "org.owasp.webgoat.LessonTemplateResolver.computeTemplateResource.readAllBytes", + "length": 1, + "line": 72, + "methodLine": 67, + "name": "readAllBytes", + "domType": "MethodInvokeExpr", + "method": "computeTemplateResource" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "XFGjzEi4F0jPO3NdxAFNGgmXXg8=", + "similarityId": 655817107, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "4xFJPlxeVNvHYqEkQgM3e9ctcEU=", + "similarityId": 1686592599, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "Y30rJCAvSlp2AMBnOg29csPB/p8=", + "similarityId": -1122103101, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 58, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "8i4Q2jPk5K/pY3O/qaYYSj7fDqs=", + "similarityId": 1177063859, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "fZh44rLLbrW2yfp0DPBbqQuR4a4=", + "similarityId": 1274041719, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.statement.executeQuery", + "length": 1, + "line": 72, + "methodLine": 69, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "99ORKqAR78jqJJlzke8G1XduopE=", + "similarityId": -1755521629, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 63, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "DXncfKEnAzUrnr2JBJW05FIQY0U=", + "similarityId": 1148898273, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 65, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "auIgeYP7BlFEM/0G3d+N3MWTASI=", + "similarityId": 1713473783, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 55, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "hUv02B07BChR6FcRB8OfU8dsNz0=", + "similarityId": 888838071, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.statement.executeQuery", + "length": 1, + "line": 63, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryAvailability" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "ViFo5xDQhAa7m+w0pJJMLjFJ5bU=", + "similarityId": 447716023, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + }, + { + "id": "MUJpfhYPlBMgPHGLejuE8/C6ZYw=", + "similarityId": 976373241, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 285, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "OWASP Top 10 2021", + "FISMA 2014" + ], + "firstScanId": "", + "nodes": [ + { + "column": 61, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.statement.executeQuery", + "length": 1, + "line": 65, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "registerNewUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652111292 + } + } + ] + }, + { + "queryName": "Improper_Exception_Handling", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 4, + "vulnerabilities": [ + { + "id": "U4p8xjcK3HiFJXQaYFDxwFKYDaM=", + "similarityId": -1542490775, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 99, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java", + "fullName": "Files.createFile", + "length": 1, + "line": 38, + "methodLine": 37, + "name": "createFile", + "domType": "MethodInvokeExpr", + "method": "init" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "EopmOogkukBlH9B1DD2U1MxVOz0=", + "similarityId": -1816051691, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 99, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java", + "fullName": "Files.write", + "length": 1, + "line": 40, + "methodLine": 37, + "name": "write", + "domType": "MethodInvokeExpr", + "method": "init" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "e1EWtIUXTOYPu1wNVy5i4yEyRFo=", + "similarityId": 607696001, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 99, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "System.getProperty", + "length": 1, + "line": 23, + "methodLine": 23, + "name": "getProperty", + "domType": "MethodInvokeExpr" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + }, + { + "id": "3nUygb+s9vRzFIZbYtlvcrzZQ3s=", + "similarityId": -1002434871, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 248, + "confidenceLevel": 99, + "compliance": [ + "OWASP Top 10 2021", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java", + "fullName": "System.getProperty", + "length": 1, + "line": 13, + "methodLine": 13, + "name": "getProperty", + "domType": "MethodInvokeExpr" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1663153611 + } + } + ] + }, + { + "queryName": "Improper_Resource_Shutdown_or_Release", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 12, + "vulnerabilities": [ + { + "id": "SuMN/XgxuqsZfLpD/+lwRqAccc4=", + "similarityId": 42788114, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "ObjectOutputStream", + "length": 3, + "line": 29, + "methodLine": 26, + "name": "ObjectOutputStream", + "domType": "ObjectCreateExpr", + "method": "toString" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.toString.oos", + "length": 3, + "line": 29, + "methodLine": 26, + "name": "oos", + "domType": "Declarator", + "method": "toString" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.toString.oos", + "length": 3, + "line": 30, + "methodLine": 26, + "name": "oos", + "domType": "UnknownReference", + "method": "toString" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.toString.oos", + "length": 3, + "line": 31, + "methodLine": 26, + "name": "oos", + "domType": "UnknownReference", + "method": "toString" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.toString.oos.close", + "length": 1, + "line": 31, + "methodLine": 26, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "toString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "sJjYLdcj1UaAz7KBXUNRSYcBKeg=", + "similarityId": -526948952, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "DataOutputStream", + "length": 3, + "line": 37, + "methodLine": 35, + "name": "DataOutputStream", + "domType": "ObjectCreateExpr", + "method": "show" + }, + { + "column": 26, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.show.dos", + "length": 3, + "line": 37, + "methodLine": 35, + "name": "dos", + "domType": "Declarator", + "method": "show" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.show.dos", + "length": 3, + "line": 38, + "methodLine": 35, + "name": "dos", + "domType": "UnknownReference", + "method": "show" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.show.dos", + "length": 3, + "line": 39, + "methodLine": 35, + "name": "dos", + "domType": "UnknownReference", + "method": "show" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.show.dos.close", + "length": 1, + "line": 39, + "methodLine": 35, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "show" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "7sxnhFTzwuW9LluWglinRstRIuY=", + "similarityId": 1784647675, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 26, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "FileInputStream", + "length": 3, + "line": 167, + "methodLine": 166, + "name": "FileInputStream", + "domType": "ObjectCreateExpr", + "method": "getHash" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.is", + "length": 2, + "line": 167, + "methodLine": 166, + "name": "is", + "domType": "Declarator", + "method": "getHash" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.is", + "length": 2, + "line": 169, + "methodLine": 166, + "name": "is", + "domType": "UnknownReference", + "method": "getHash" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHash.is.close", + "length": 1, + "line": 169, + "methodLine": 166, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "getHash" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "bGuhBSoD8b2tpR7HGQUPsk2+3nM=", + "similarityId": 1474302291, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "ObjectInputStream", + "length": 3, + "line": 19, + "methodLine": 16, + "name": "ObjectInputStream", + "domType": "ObjectCreateExpr", + "method": "fromString" + }, + { + "column": 27, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.fromString.ois", + "length": 3, + "line": 19, + "methodLine": 16, + "name": "ois", + "domType": "Declarator", + "method": "fromString" + }, + { + "column": 20, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.fromString.ois", + "length": 3, + "line": 21, + "methodLine": 16, + "name": "ois", + "domType": "UnknownReference", + "method": "fromString" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.fromString.ois", + "length": 3, + "line": 22, + "methodLine": 16, + "name": "ois", + "domType": "UnknownReference", + "method": "fromString" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java", + "fullName": "org.owasp.webgoat.deserialization.SerializationHelper.fromString.ois.close", + "length": 1, + "line": 22, + "methodLine": 16, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "fromString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "e69WhCYSBH94EM/i/s5Re2Tycyw=", + "similarityId": -705424209, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 32, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "FileOutputStream", + "length": 3, + "line": 111, + "methodLine": 97, + "name": "FileOutputStream", + "domType": "ObjectCreateExpr", + "method": "downloadFileFromURL" + }, + { + "column": 26, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.downloadFileFromURL.fos", + "length": 3, + "line": 111, + "methodLine": 97, + "name": "fos", + "domType": "Declarator", + "method": "downloadFileFromURL" + }, + { + "column": 9, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.downloadFileFromURL.fos", + "length": 3, + "line": 112, + "methodLine": 97, + "name": "fos", + "domType": "UnknownReference", + "method": "downloadFileFromURL" + }, + { + "column": 9, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.downloadFileFromURL.fos", + "length": 3, + "line": 113, + "methodLine": 97, + "name": "fos", + "domType": "UnknownReference", + "method": "downloadFileFromURL" + }, + { + "column": 18, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.downloadFileFromURL.fos.close", + "length": 1, + "line": 113, + "methodLine": 97, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "downloadFileFromURL" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "RGlcoRdaACpiEbv1XZgNeHRR4hU=", + "similarityId": 121589228, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "ZipFile", + "length": 3, + "line": 59, + "methodLine": 47, + "name": "ZipFile", + "domType": "ObjectCreateExpr", + "method": "processZipUpload" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.zip", + "length": 3, + "line": 59, + "methodLine": 47, + "name": "zip", + "domType": "Declarator", + "method": "processZipUpload" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.zip", + "length": 3, + "line": 60, + "methodLine": 47, + "name": "zip", + "domType": "UnknownReference", + "method": "processZipUpload" + }, + { + "column": 34, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.zip", + "length": 3, + "line": 64, + "methodLine": 47, + "name": "zip", + "domType": "UnknownReference", + "method": "processZipUpload" + }, + { + "column": 52, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.zip.getInputStream", + "length": 1, + "line": 64, + "methodLine": 47, + "name": "getInputStream", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.is", + "length": 2, + "line": 64, + "methodLine": 47, + "name": "is", + "domType": "Declarator", + "method": "processZipUpload" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.is", + "length": 2, + "line": 65, + "methodLine": 47, + "name": "is", + "domType": "UnknownReference", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "1dgmzQC0Kq/XCo0YaZTk71W2A4w=", + "similarityId": -1133668308, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "getResourceAsStream", + "length": 1, + "line": 93, + "methodLine": 92, + "name": "getResourceAsStream", + "domType": "MethodInvokeExpr", + "method": "defaultImage" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.defaultImage.inputStream", + "length": 11, + "line": 93, + "methodLine": 92, + "name": "inputStream", + "domType": "Declarator", + "method": "defaultImage" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileUploadBase.defaultImage.inputStream", + "length": 11, + "line": 94, + "methodLine": 92, + "name": "inputStream", + "domType": "UnknownReference", + "method": "defaultImage" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "gxH2G7/gHrY0gx7dpdaOwwqm23M=", + "similarityId": 1312218292, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.zip.getInputStream", + "length": 1, + "line": 64, + "methodLine": 47, + "name": "getInputStream", + "domType": "MethodInvokeExpr", + "method": "processZipUpload" + }, + { + "column": 29, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.is", + "length": 2, + "line": 64, + "methodLine": 47, + "name": "is", + "domType": "Declarator", + "method": "processZipUpload" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java", + "fullName": "org.owasp.webgoat.path_traversal.ProfileZipSlip.processZipUpload.is", + "length": 2, + "line": 65, + "methodLine": 47, + "name": "is", + "domType": "UnknownReference", + "method": "processZipUpload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "cwityXAvRRu1GZWu8www2f1I54M=", + "similarityId": -1100837686, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 84, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.getResourceAsStream", + "length": 1, + "line": 110, + "methodLine": 107, + "name": "getResourceAsStream", + "domType": "MethodInvokeExpr", + "method": "readInputStreamOrFallbackToEnglish" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.is", + "length": 2, + "line": 110, + "methodLine": 107, + "name": "is", + "domType": "UnknownReference", + "method": "readInputStreamOrFallbackToEnglish" + }, + { + "column": 16, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.is", + "length": 2, + "line": 112, + "methodLine": 107, + "name": "is", + "domType": "UnknownReference", + "method": "readInputStreamOrFallbackToEnglish" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "LTl5dcEBuPeTwKgEPhIfCK6XxsI=", + "similarityId": -1232573125, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 26, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "FileInputStream", + "length": 3, + "line": 182, + "methodLine": 181, + "name": "FileInputStream", + "domType": "ObjectCreateExpr", + "method": "getHashString" + }, + { + "column": 21, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.is", + "length": 2, + "line": 182, + "methodLine": 181, + "name": "is", + "domType": "Declarator", + "method": "getHashString" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.is", + "length": 2, + "line": 184, + "methodLine": 181, + "name": "is", + "domType": "UnknownReference", + "method": "getHashString" + }, + { + "column": 17, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "org.owasp.webgoat.challenges.challenge7.MD5.getHashString.is.close", + "length": 1, + "line": 184, + "methodLine": 181, + "name": "close", + "domType": "MethodInvokeExpr", + "method": "getHashString" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "2PLXwsnOoBLwzlCyS3XAp0z/uO8=", + "similarityId": 1132933848, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 92, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.getResourceAsStream", + "length": 1, + "line": 108, + "methodLine": 107, + "name": "getResourceAsStream", + "domType": "MethodInvokeExpr", + "method": "readInputStreamOrFallbackToEnglish" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.is", + "length": 2, + "line": 108, + "methodLine": 107, + "name": "is", + "domType": "Declarator", + "method": "readInputStreamOrFallbackToEnglish" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java", + "fullName": "org.owasp.webgoat.AsciiDoctorTemplateResolver.readInputStreamOrFallbackToEnglish.is", + "length": 2, + "line": 109, + "methodLine": 107, + "name": "is", + "domType": "UnknownReference", + "method": "readInputStreamOrFallbackToEnglish" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "yBEnc4KbYOquxnPzGaXp9Dnm8BA=", + "similarityId": 1707809185, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 404, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java", + "fullName": "org.owasp.webgoat.LessonDataSource.originalDataSource.getConnection", + "length": 1, + "line": 24, + "methodLine": 23, + "name": "getConnection", + "domType": "MethodInvokeExpr", + "method": "getConnection" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java", + "fullName": "org.owasp.webgoat.LessonDataSource.getConnection.targetConnection", + "length": 16, + "line": 24, + "methodLine": 23, + "name": "targetConnection", + "domType": "Declarator", + "method": "getConnection" + }, + { + "column": 55, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java", + "fullName": "org.owasp.webgoat.LessonDataSource.getConnection.targetConnection", + "length": 16, + "line": 28, + "methodLine": 23, + "name": "targetConnection", + "domType": "UnknownReference", + "method": "getConnection" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Blind_SQL_Injections", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 28, + "vulnerabilities": [ + { + "id": "mM+yShShnY7kY0MkyLtm90iyzBY=", + "similarityId": 1211919278, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser", + "length": 7, + "line": 84, + "methodLine": 84, + "name": "newUser", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser", + "length": 7, + "line": 86, + "methodLine": 84, + "name": "newUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 66, + "methodLine": 65, + "name": "password", + "domType": "MemberAccess", + "method": "getPassword" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACUsers.addUser.newUser.getPassword", + "length": 1, + "line": 86, + "methodLine": 84, + "name": "getPassword", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "password", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "password", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "password", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "iFjU0E7DsE9jzuF8mf2IEBZW9g8=", + "similarityId": -37500024, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm.getPassword", + "length": 1, + "line": 42, + "methodLine": 36, + "name": "getPassword", + "domType": "MethodInvokeExpr", + "method": "registration" + }, + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "password", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 73, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.password", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "password", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 48, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "password", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 38, + "methodLine": 36, + "name": "password", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "hFz5/iva1JoZv5E7jpnZeBwZOhs=", + "similarityId": -1167609018, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java", + "fullName": "org.owasp.webgoat.users.RegistrationController.registration.userForm.getUsername", + "length": 1, + "line": 42, + "methodLine": 36, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "registration" + }, + { + "column": 32, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.username", + "length": 8, + "line": 39, + "methodLine": 39, + "name": "username", + "domType": "ParamDecl", + "method": "addUser" + }, + { + "column": 63, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.username", + "length": 8, + "line": 42, + "methodLine": 39, + "name": "username", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 31, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.username", + "length": 8, + "line": 36, + "methodLine": 36, + "name": "username", + "domType": "ParamDecl", + "method": "WebGoatUser" + }, + { + "column": 25, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.WebGoatUser.username", + "length": 8, + "line": 37, + "methodLine": 36, + "name": "username", + "domType": "UnknownReference", + "method": "WebGoatUser" + }, + { + "column": 14, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 37, + "methodLine": 36, + "name": "username", + "domType": "MemberAccess", + "method": "WebGoatUser" + }, + { + "column": 47, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "WebGoatUser", + "length": 3, + "line": 42, + "methodLine": 39, + "name": "WebGoatUser", + "domType": "ObjectCreateExpr", + "method": "addUser" + }, + { + "column": 46, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.userRepository.save", + "length": 1, + "line": 42, + "methodLine": 39, + "name": "save", + "domType": "MethodInvokeExpr", + "method": "addUser" + }, + { + "column": 13, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 42, + "methodLine": 39, + "name": "webGoatUser", + "domType": "Declarator", + "method": "addUser" + }, + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.addUser.webGoatUser", + "length": 11, + "line": 46, + "methodLine": 39, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "addUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 50, + "methodLine": 50, + "name": "webGoatUser", + "domType": "ParamDecl", + "method": "createLessonsForUser" + }, + { + "column": 51, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser", + "length": 11, + "line": 51, + "methodLine": 50, + "name": "webGoatUser", + "domType": "UnknownReference", + "method": "createLessonsForUser" + }, + { + "column": 21, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.username", + "length": 8, + "line": 62, + "methodLine": 61, + "name": "username", + "domType": "MemberAccess", + "method": "getUsername" + }, + { + "column": 74, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.createLessonsForUser.webGoatUser.getUsername", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "getUsername", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + }, + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java", + "fullName": "org.owasp.webgoat.users.UserService.jdbcTemplate.execute", + "length": 1, + "line": 51, + "methodLine": 50, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "createLessonsForUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "mnKqpLhyY9Q5hQetZ3cXfh6c7i4=", + "similarityId": -396370246, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 101, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 48, + "methodLine": 48, + "name": "userId", + "domType": "ParamDecl", + "method": "attack" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId.toUpperCase", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "toUpperCase", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 46, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.replace", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.replace", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "attack" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 50, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidationOnKeywords.attack.userId", + "length": 6, + "line": 53, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "3K0vZQ5avpbr6LKlgatQVULzJBs=", + "similarityId": -850362158, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.completed.userid", + "length": 6, + "line": 51, + "methodLine": 51, + "name": "userid", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 45, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.completed.userid", + "length": 6, + "line": 52, + "methodLine": 51, + "name": "userid", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 71, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.accountName", + "length": 11, + "line": 55, + "methodLine": 55, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 55, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.queryString", + "length": 11, + "line": 56, + "methodLine": 55, + "name": "queryString", + "domType": "Declarator", + "method": "injectableQuery" + }, + { + "column": 67, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.queryString", + "length": 11, + "line": 58, + "methodLine": 55, + "name": "queryString", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.connection.prepareStatement", + "length": 1, + "line": 58, + "methodLine": 55, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 58, + "methodLine": 55, + "name": "query", + "domType": "Declarator", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 68, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query", + "length": 5, + "line": 71, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5b.injectableQuery.query.executeQuery", + "length": 1, + "line": 71, + "methodLine": 55, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "9MgGShK1e7TovYCo4pS+OxsXBYg=", + "similarityId": 837800593, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 89, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 48, + "methodLine": 48, + "name": "userId", + "domType": "ParamDecl", + "method": "attack" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 49, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.SqlOnlyInputValidation.attack.userId", + "length": 6, + "line": 52, + "methodLine": 48, + "name": "userId", + "domType": "UnknownReference", + "method": "attack" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "QXudUW+qZqgdUh7ez5JGNCPRnfU=", + "similarityId": -351044818, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 55, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 56, + "methodLine": 55, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 59, + "methodLine": 59, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 61, + "methodLine": 59, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 65, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "6uS6Sn3LkS+cEkPBR0llhSzYvNQ=", + "similarityId": -1453618313, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 55, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.auth_tan", + "length": 8, + "line": 56, + "methodLine": 55, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 59, + "methodLine": 59, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.auth_tan", + "length": 8, + "line": 61, + "methodLine": 59, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 66, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "1Arwp5zvw7RuiN5Taj1WLB+snqE=", + "similarityId": 1441792351, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 55, + "methodLine": 55, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 56, + "methodLine": 55, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 59, + "methodLine": 59, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 61, + "methodLine": 59, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 65, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "dsL4/sWHNQtFClTdUrodKpLOdsc=", + "similarityId": -154484762, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 55, + "methodLine": 55, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.completed.name", + "length": 4, + "line": 56, + "methodLine": 55, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 59, + "methodLine": 59, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryIntegrity" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.name", + "length": 4, + "line": 61, + "methodLine": 59, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 61, + "methodLine": 59, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryIntegrity" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.query", + "length": 5, + "line": 66, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryIntegrity" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson9.injectableQueryIntegrity.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "3UelU/AzUrHSV/BElbjTZQWfgOo=", + "similarityId": -922274161, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 54, + "methodLine": 54, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 54, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 58, + "methodLine": 58, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 60, + "methodLine": 58, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 65, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "DxRNG/nZkC7ewmv3FBuMO28H7fo=", + "similarityId": -816202530, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 83, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 54, + "methodLine": 54, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.auth_tan", + "length": 8, + "line": 55, + "methodLine": 54, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 58, + "methodLine": 58, + "name": "auth_tan", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 102, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.auth_tan", + "length": 8, + "line": 60, + "methodLine": 58, + "name": "auth_tan", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 66, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 58, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "RFPaoAdbAwyKDkBPv+7O5No1AN4=", + "similarityId": 1423365598, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 54, + "methodLine": 54, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 55, + "methodLine": 54, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 58, + "methodLine": 58, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 60, + "methodLine": 58, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 33, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 65, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 128, + "methodLine": 128, + "name": "action", + "domType": "ParamDecl", + "method": "log" + }, + { + "column": 18, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action.replace", + "length": 1, + "line": 129, + "methodLine": 128, + "name": "replace", + "domType": "MethodInvokeExpr", + "method": "log" + }, + { + "column": 9, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 129, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 95, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.action", + "length": 6, + "line": 134, + "methodLine": 128, + "name": "action", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 134, + "methodLine": 128, + "name": "logQuery", + "domType": "Declarator", + "method": "log" + }, + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.logQuery", + "length": 8, + "line": 138, + "methodLine": 128, + "name": "logQuery", + "domType": "UnknownReference", + "method": "log" + }, + { + "column": 36, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.log.statement.executeUpdate", + "length": 1, + "line": 138, + "methodLine": 128, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "log" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "9Ln+6KLf4FNgV1fehHKi5xoKhWk=", + "similarityId": -1802419665, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 54, + "methodLine": 54, + "name": "name", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.completed.name", + "length": 4, + "line": 55, + "methodLine": 54, + "name": "name", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 58, + "methodLine": 58, + "name": "name", + "domType": "ParamDecl", + "method": "injectableQueryConfidentiality" + }, + { + "column": 72, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.name", + "length": 4, + "line": 60, + "methodLine": 58, + "name": "name", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 60, + "methodLine": 58, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryConfidentiality" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.query", + "length": 5, + "line": 66, + "methodLine": 58, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryConfidentiality" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson8.injectableQueryConfidentiality.statement.executeQuery", + "length": 1, + "line": 66, + "methodLine": 58, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "Oaah7eWXh/wuP1VEHBsEhTF2ubo=", + "similarityId": 337010252, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 117, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.injection", + "length": 9, + "line": 53, + "methodLine": 53, + "name": "injection", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 65, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.injection", + "length": 9, + "line": 54, + "methodLine": 53, + "name": "injection", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "fBjYZ6cAFXs3lcgaoyof7abjRqs=", + "similarityId": -130618104, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 86, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.operator", + "length": 8, + "line": 53, + "methodLine": 53, + "name": "operator", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.operator", + "length": 8, + "line": 54, + "methodLine": 53, + "name": "operator", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "AqFFdJVPv08//zpiBUdjAOv+XnQ=", + "similarityId": -1008363563, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.account", + "length": 7, + "line": 53, + "methodLine": 53, + "name": "account", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.completed.account", + "length": 7, + "line": 54, + "methodLine": 53, + "name": "account", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 57, + "methodLine": 57, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 93, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 57, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 57, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 57, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "fZJdRyAJ1PFJ9lxR+hxHyupRIhU=", + "similarityId": 1589321800, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 52, + "methodLine": 52, + "name": "action_string", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 44, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.completed.action_string", + "length": 13, + "line": 53, + "methodLine": 52, + "name": "action_string", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 63, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 56, + "methodLine": 56, + "name": "action", + "domType": "ParamDecl", + "method": "injectableQueryAvailability" + }, + { + "column": 74, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.action", + "length": 6, + "line": 58, + "methodLine": 56, + "name": "action", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 16, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 58, + "methodLine": 56, + "name": "query", + "domType": "Declarator", + "method": "injectableQueryAvailability" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.query", + "length": 5, + "line": 63, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQueryAvailability" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson10.injectableQueryAvailability.statement.executeQuery", + "length": 1, + "line": 63, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQueryAvailability" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "NktRmSZKQ3gFd8np4GiBIZfkEFc=", + "similarityId": -1241277725, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.completed.userid_6a", + "length": 9, + "line": 51, + "methodLine": 51, + "name": "userid_6a", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.completed.userid_6a", + "length": 9, + "line": 52, + "methodLine": 51, + "name": "userid_6a", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 56, + "methodLine": 56, + "name": "accountName", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.accountName", + "length": 11, + "line": 60, + "methodLine": 56, + "name": "accountName", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 13, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 60, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.query", + "length": 5, + "line": 67, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 59, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a.injectableQuery.statement.executeQuery", + "length": 1, + "line": 67, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "PE4/Ar8/Fhwplu0j8r407cY3GPc=", + "similarityId": 2095081939, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.column", + "length": 6, + "line": 67, + "methodLine": 67, + "name": "column", + "domType": "ParamDecl", + "method": "sort" + }, + { + "column": 189, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.column", + "length": 6, + "line": 71, + "methodLine": 67, + "name": "column", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 79, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.connection.prepareStatement", + "length": 1, + "line": 71, + "methodLine": 67, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "sort" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement", + "length": 17, + "line": 71, + "methodLine": 67, + "name": "preparedStatement", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 28, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement", + "length": 17, + "line": 72, + "methodLine": 67, + "name": "preparedStatement", + "domType": "UnknownReference", + "method": "sort" + }, + { + "column": 58, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "org.owasp.webgoat.sql_injection.mitigation.Servers.sort.preparedStatement.executeQuery", + "length": 1, + "line": 72, + "methodLine": 67, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "sort" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "pm9CCybeVT8wtjlG00aUPiTCibI=", + "similarityId": 329553308, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 89, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.password_login", + "length": 14, + "line": 52, + "methodLine": 52, + "name": "password_login", + "domType": "ParamDecl", + "method": "login" + }, + { + "column": 169, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.password_login", + "length": 14, + "line": 60, + "methodLine": 52, + "name": "password_login", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.connection.prepareStatement", + "length": 1, + "line": 60, + "methodLine": 52, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 60, + "methodLine": 52, + "name": "statement", + "domType": "Declarator", + "method": "login" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 61, + "methodLine": 52, + "name": "statement", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 57, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement.executeQuery", + "length": 1, + "line": 61, + "methodLine": 52, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "j6qprzZ/n7ERAKKNPDL+wpQJ7sY=", + "similarityId": 1908259763, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.username_login", + "length": 14, + "line": 52, + "methodLine": 52, + "name": "username_login", + "domType": "ParamDecl", + "method": "login" + }, + { + "column": 129, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.username_login", + "length": 14, + "line": 60, + "methodLine": 52, + "name": "username_login", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 70, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.connection.prepareStatement", + "length": 1, + "line": 60, + "methodLine": 52, + "name": "prepareStatement", + "domType": "MethodInvokeExpr", + "method": "login" + }, + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 60, + "methodLine": 52, + "name": "statement", + "domType": "Declarator", + "method": "login" + }, + { + "column": 35, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement", + "length": 9, + "line": 61, + "methodLine": 52, + "name": "statement", + "domType": "UnknownReference", + "method": "login" + }, + { + "column": 57, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "org.owasp.webgoat.challenges.challenge5.Assignment5.login.statement.executeQuery", + "length": 1, + "line": 61, + "methodLine": 52, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "8WQp+Ql9DXDzGfmhctsQ3ok6aV8=", + "similarityId": -2128608993, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.completed.query", + "length": 5, + "line": 65, + "methodLine": 65, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.completed.query", + "length": 5, + "line": 66, + "methodLine": 65, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.query", + "length": 5, + "line": 69, + "methodLine": 69, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.query", + "length": 5, + "line": 72, + "methodLine": 69, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 39, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5.injectableQuery.statement.executeQuery", + "length": 1, + "line": 72, + "methodLine": 69, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "2BLiOpBRzCCvP5ZzjKX9di3AqJs=", + "similarityId": 1997042375, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.username_reg", + "length": 12, + "line": 56, + "methodLine": 56, + "name": "username_reg", + "domType": "ParamDecl", + "method": "registerNewUser" + }, + { + "column": 101, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.username_reg", + "length": 12, + "line": 63, + "methodLine": 56, + "name": "username_reg", + "domType": "UnknownReference", + "method": "registerNewUser" + }, + { + "column": 24, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.checkUserQuery", + "length": 14, + "line": 63, + "methodLine": 56, + "name": "checkUserQuery", + "domType": "Declarator", + "method": "registerNewUser" + }, + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.checkUserQuery", + "length": 14, + "line": 65, + "methodLine": 56, + "name": "checkUserQuery", + "domType": "UnknownReference", + "method": "registerNewUser" + }, + { + "column": 61, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionChallenge.registerNewUser.statement.executeQuery", + "length": 1, + "line": 65, + "methodLine": 56, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "registerNewUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "meRi2ZBp0Cn2Y0LtZcDJlJpdzws=", + "similarityId": -90778427, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.completed.query", + "length": 5, + "line": 56, + "methodLine": 56, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.completed.query", + "length": 5, + "line": 57, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 60, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.query", + "length": 5, + "line": 65, + "methodLine": 60, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson3.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 65, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "asfx5WQUVbRK5pji4RdMWOFFv/Y=", + "similarityId": 1793652163, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.completed.query", + "length": 5, + "line": 56, + "methodLine": 56, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.completed.query", + "length": 5, + "line": 57, + "methodLine": 56, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.query", + "length": 5, + "line": 60, + "methodLine": 60, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.query", + "length": 5, + "line": 63, + "methodLine": 60, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson4.injectableQuery.statement.executeUpdate", + "length": 1, + "line": 63, + "methodLine": 60, + "name": "executeUpdate", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "P3VEd6bGBM9O9iDZ04zI0XmDSko=", + "similarityId": 593001135, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.completed.query", + "length": 5, + "line": 55, + "methodLine": 55, + "name": "query", + "domType": "ParamDecl", + "method": "completed" + }, + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.completed.query", + "length": 5, + "line": 56, + "methodLine": 55, + "name": "query", + "domType": "UnknownReference", + "method": "completed" + }, + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.query", + "length": 5, + "line": 59, + "methodLine": 59, + "name": "query", + "domType": "ParamDecl", + "method": "injectableQuery" + }, + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.query", + "length": 5, + "line": 62, + "methodLine": 59, + "name": "query", + "domType": "UnknownReference", + "method": "injectableQuery" + }, + { + "column": 55, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java", + "fullName": "org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson2.injectableQuery.statement.executeQuery", + "length": 1, + "line": 62, + "methodLine": 59, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + }, + { + "id": "pFmGA0yVdNaJGykRC5Hy7Jnpdxs=", + "similarityId": -404868582, + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "groupName": "Java_Low_Visibility", + "cweId": 89, + "confidenceLevel": 0, + "compliance": [ + "FISMA 2014", + "OWASP Top 10 2021", + "NIST SP 800-53", + "OWASP Top 10 2013", + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "OWASP Top 10 2017", + "OWASP Top 10 2010", + "OWASP Top 10 API" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.header.get", + "length": 1, + "line": 92, + "methodLine": 91, + "name": "get", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + }, + { + "column": 38, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 92, + "methodLine": 91, + "name": "kid", + "domType": "Declarator", + "method": "resolveSigningKeyBytes" + }, + { + "column": 128, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.kid", + "length": 3, + "line": 94, + "methodLine": 91, + "name": "kid", + "domType": "UnknownReference", + "method": "resolveSigningKeyBytes" + }, + { + "column": 85, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTFinalEndpoint.anonymous_class_91_35.resolveSigningKeyBytes.executeQuery", + "length": 1, + "line": 94, + "methodLine": 91, + "name": "executeQuery", + "domType": "MethodInvokeExpr", + "method": "resolveSigningKeyBytes" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192256 + } + } + ] + }, + { + "queryName": "Unchecked_Error_Condition", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 5, + "vulnerabilities": [ + { + "id": "4aPUXKhf1hFKFw2/fyTMG+JOeZQ=", + "similarityId": -1966002967, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 391, + "confidenceLevel": 100, + "compliance": [ + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1", + "ASD STIG 4.10" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java", + "fullName": "catch", + "length": 5, + "line": 22, + "methodLine": 19, + "name": "catch", + "domType": "Catch", + "method": "CxStaticBlock1" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1660129676 + } + }, + { + "id": "zKMq2Kh6aJrUCRL47vNkDcwPckg=", + "similarityId": 1243763913, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 391, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java", + "fullName": "catch", + "length": 5, + "line": 93, + "methodLine": 68, + "name": "catch", + "domType": "Catch", + "method": "encode" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "b8BfDnw7GTeaWYZmwYiPKoeAOYw=", + "similarityId": 24476649, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 391, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "catch", + "length": 5, + "line": 58, + "methodLine": 52, + "name": "catch", + "domType": "Catch", + "method": "createUser" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "6TI84tqv1WKlrTr9pOgJPyYzxww=", + "similarityId": -1302062071, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 391, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java", + "fullName": "catch", + "length": 5, + "line": 97, + "methodLine": 92, + "name": "catch", + "domType": "Catch", + "method": "fakeClickingLinkEmail" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "iRW8TQCjD4aO2HaU9/dKIJtYP84=", + "similarityId": 1323048617, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 391, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 19, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "catch", + "length": 5, + "line": 71, + "methodLine": 48, + "name": "catch", + "domType": "Catch", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153613 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + } + ] + }, + { + "queryName": "Potentially_Serializable_Class_With_Sensitive_Data", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 10, + "vulnerabilities": [ + { + "id": "UTb2eq+0B/U8ZYj99zIg5lqPtTg=", + "similarityId": -2039794886, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java", + "fullName": "org.owasp.webwolf.user.WebGoatUser.password", + "length": 8, + "line": 50, + "methodLine": 50, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java", + "fullName": "WebGoatUser", + "length": 1, + "line": 41, + "methodLine": 41, + "name": "WebGoatUser", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "G/eNLQacyr+DJ0ghm/haLsxe/KU=", + "similarityId": 239092704, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java", + "fullName": "org.owasp.webwolf.user.UserForm.matchingPassword", + "length": 16, + "line": 47, + "methodLine": 47, + "name": "matchingPassword", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java", + "fullName": "UserForm", + "length": 1, + "line": 35, + "methodLine": 35, + "name": "UserForm", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "+2wr5gYXj4TPuc2Wr686T+HwyLw=", + "similarityId": -702294822, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java", + "fullName": "org.owasp.webwolf.user.UserForm.password", + "length": 8, + "line": 44, + "methodLine": 44, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java", + "fullName": "UserForm", + "length": 1, + "line": 35, + "methodLine": 35, + "name": "UserForm", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "x0aN+3ldJvguhXXWFVXLd/g4uD8=", + "similarityId": 1200385182, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/User.java", + "fullName": "org.owasp.webgoat.xxe.User.password", + "length": 8, + "line": 31, + "methodLine": 31, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/User.java", + "fullName": "org.owasp.webgoat.xxe.User", + "length": 1, + "line": 27, + "methodLine": 27, + "name": "User", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "m4NnCHwDYh0FLEUJaXlVKcBli54=", + "similarityId": -426624230, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/resetlink/PasswordChangeForm.java", + "fullName": "org.owasp.webgoat.password_reset.resetlink.PasswordChangeForm.password", + "length": 8, + "line": 19, + "methodLine": 19, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/resetlink/PasswordChangeForm.java", + "fullName": "PasswordChangeForm", + "length": 1, + "line": 13, + "methodLine": 13, + "name": "PasswordChangeForm", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "jij/cgFb4pQv2K6TM/E6lrPQaZs=", + "similarityId": -2039794886, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "org.owasp.webgoat.users.WebGoatUser.password", + "length": 8, + "line": 28, + "methodLine": 28, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java", + "fullName": "WebGoatUser", + "length": 1, + "line": 19, + "methodLine": 19, + "name": "WebGoatUser", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "/BNs4w/e0+Yx44XOjXaNiCBp2Hg=", + "similarityId": 239092704, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java", + "fullName": "org.owasp.webgoat.users.UserForm.matchingPassword", + "length": 16, + "line": 27, + "methodLine": 27, + "name": "matchingPassword", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java", + "fullName": "UserForm", + "length": 1, + "line": 14, + "methodLine": 14, + "name": "UserForm", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "gTZStSMcjgdtOF9c/5ZqcWvXjJ8=", + "similarityId": -702294822, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java", + "fullName": "org.owasp.webgoat.users.UserForm.password", + "length": 8, + "line": 24, + "methodLine": 24, + "name": "password", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java", + "fullName": "UserForm", + "length": 1, + "line": 14, + "methodLine": 14, + "name": "UserForm", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "GwYOz5MzLd5tutxAbhVSgbPOMW0=", + "similarityId": -312023034, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 20, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java", + "fullName": "org.owasp.webwolf.jwt.JWTToken.secretKey", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "secretKey", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java", + "fullName": "JWTToken", + "length": 1, + "line": 26, + "methodLine": 26, + "name": "JWTToken", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + }, + { + "id": "I7izKaNZiIp/aalJgxRmPh90Yz0=", + "similarityId": 173649671, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 499, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java", + "fullName": "org.owasp.webgoat.template.SampleAttack.secretValue", + "length": 11, + "line": 48, + "methodLine": 48, + "name": "secretValue", + "domType": "FieldDecl" + }, + { + "column": 1, + "fileName": "/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java", + "fullName": "org.owasp.webgoat.template.SampleAttack", + "length": 1, + "line": 44, + "methodLine": 44, + "name": "SampleAttack", + "domType": "ClassDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192258 + } + } + ] + }, + { + "queryName": "Exposure_of_Resource_to_Wrong_Sphere", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 25, + "vulnerabilities": [ + { + "id": "7HRr/DsQgSAFAHSH7m16auBWnYA=", + "similarityId": 640127199, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 9, + "fileName": "/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java", + "fullName": "org.owasp.webgoat.vulnerable_components.VulnerableComponentsLessonTest.contact", + "length": 7, + "line": 47, + "methodLine": 47, + "name": "contact", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Cbqgn17aSkFX31AwQxk7E6iK3m8=", + "similarityId": 1000275487, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 9, + "fileName": "/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java", + "fullName": "org.owasp.webgoat.vulnerable_components.VulnerableComponentsLessonTest.strangeContact", + "length": 14, + "line": 36, + "methodLine": 36, + "name": "strangeContact", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "+C47BPvejKxym9Hk8EYa0qwFRcI=", + "similarityId": -1127593953, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java", + "fullName": "org.owasp.webgoat.service.LabelServiceTest.mockMvc", + "length": 7, + "line": 54, + "methodLine": 54, + "name": "mockMvc", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "K0UoPinZ8YIb39DW4wSD8nK0LzU=", + "similarityId": -254935013, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 10, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java", + "fullName": "org.owasp.webgoat.PathTraversalTest.tempDir", + "length": 7, + "line": 31, + "methodLine": 31, + "name": "tempDir", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "NwEIIrZhml9D7+edkSoUhF26rkU=", + "similarityId": 1285770783, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 17, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.Overview.solved", + "length": 6, + "line": 243, + "methodLine": 243, + "name": "solved", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "psPQOGwgKFa6VAnnhYoNkIH8hnA=", + "similarityId": 73770783, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 20, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java", + "fullName": "org.owasp.webgoat.CSRFTest.Overview.assignment", + "length": 10, + "line": 242, + "methodLine": 242, + "name": "assignment", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "iJsByn+YDfKo8UltYKx02M4Y8BA=", + "similarityId": -493710763, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java", + "fullName": "org.owasp.webgoat.template.SampleAttack.secretValue", + "length": 11, + "line": 48, + "methodLine": 48, + "name": "secretValue", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "kxuy207OlpcSxmaxj1tbhvvPWTE=", + "similarityId": -243906913, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionQuiz.guesses", + "length": 7, + "line": 45, + "methodLine": 45, + "name": "guesses", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "uZR4kQ/HfSOcX0G3/6dJal1PMuM=", + "similarityId": 1263327327, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java", + "fullName": "org.owasp.webgoat.sql_injection.advanced.SqlInjectionQuiz.solutions", + "length": 9, + "line": 44, + "methodLine": 44, + "name": "solutions", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "SdX53e+c67l8M87tPSWsqB3yQOg=", + "similarityId": 300748447, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java", + "fullName": "org.owasp.webgoat.missing_ac.MissingFunctionACHiddenMenus.userSessionData", + "length": 15, + "line": 42, + "methodLine": 42, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "P81Zdd9sXlv02K4GTEX+kYm08OY=", + "similarityId": -1165022369, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java", + "fullName": "org.owasp.webgoat.idor.IDORViewOwnProfileAltUrl.userSessionData", + "length": 15, + "line": 41, + "methodLine": 41, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "kUNCehXc067oPbZn3czliAp7ALY=", + "similarityId": -346261665, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java", + "fullName": "org.owasp.webgoat.idor.IDORViewOwnProfile.userSessionData", + "length": 15, + "line": 41, + "methodLine": 41, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "LtDCzoWTi/Jd3GQekrpb4s+uP4I=", + "similarityId": -1847472417, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOtherProfile.java", + "fullName": "org.owasp.webgoat.idor.IDORViewOtherProfile.userSessionData", + "length": 15, + "line": 44, + "methodLine": 44, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "1Q14mryWpsZz+ANyBSTLE4uwwUM=", + "similarityId": 281613117, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java", + "fullName": "org.owasp.webgoat.csrf.CSRFGetFlag.userSessionData", + "length": 15, + "line": 45, + "methodLine": 45, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "+B2moL1VsFk2/VUOitHYHuvUfTA=", + "similarityId": 716077567, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFConfirmFlag1.java", + "fullName": "org.owasp.webgoat.csrf.CSRFConfirmFlag1.userSessionData", + "length": 15, + "line": 43, + "methodLine": 43, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "E0mh8oZUmysSetHU4fVMPk4HcuQ=", + "similarityId": 1471906431, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingQuiz.java", + "fullName": "org.owasp.webgoat.xss.CrossSiteScriptingQuiz.guesses", + "length": 7, + "line": 39, + "methodLine": 39, + "name": "guesses", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "ezLwGAG0LjrXyMAU5jIONVtu5F4=", + "similarityId": -989858049, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingQuiz.java", + "fullName": "org.owasp.webgoat.xss.CrossSiteScriptingQuiz.solutions", + "length": 9, + "line": 38, + "methodLine": 38, + "name": "solutions", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "r1gA6HR4d+wa1qXXlTptsw9dTQo=", + "similarityId": 1291119679, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson6a.java", + "fullName": "org.owasp.webgoat.xss.CrossSiteScriptingLesson6a.userSessionData", + "length": 15, + "line": 41, + "methodLine": 41, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "lwDG+FQY+SeQ1lCDtiz2SV6E2T8=", + "similarityId": 733905311, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson5a.java", + "fullName": "org.owasp.webgoat.xss.CrossSiteScriptingLesson5a.userSessionData", + "length": 15, + "line": 48, + "methodLine": 48, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "7W91l9aIHcRjkIJ81IvBj0VM5+Y=", + "similarityId": -1292731927, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIAQuiz.java", + "fullName": "org.owasp.webgoat.cia.CIAQuiz.guesses", + "length": 7, + "line": 15, + "methodLine": 15, + "name": "guesses", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "zowzTbbckgqS6Q2HK0+vdvyhfMM=", + "similarityId": 1299591023, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 14, + "fileName": "/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIAQuiz.java", + "fullName": "org.owasp.webgoat.cia.CIAQuiz.solutions", + "length": 9, + "line": 14, + "methodLine": 14, + "name": "solutions", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "s6Z5M+IFjSbxbx/IPRDmvVT9Ujg=", + "similarityId": -211896163, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.ADMIN_PASSWORD_LINK", + "length": 19, + "line": 36, + "methodLine": 36, + "name": "ADMIN_PASSWORD_LINK", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "8bAdHct+sgTQzb1IdhnqkI8GIvw=", + "similarityId": 86142469, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.PASSWORD_TOM", + "length": 12, + "line": 35, + "methodLine": 35, + "name": "PASSWORD_TOM", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "fmw3Hv10EccVZnJ1G7bK2K84LZs=", + "similarityId": 969251431, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 12, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java", + "fullName": "org.owasp.webgoat.challenges.SolutionConstants.PASSWORD", + "length": 8, + "line": 34, + "methodLine": 34, + "name": "PASSWORD", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "LtMZjaQzingqyUowhgNAKm3p8kw=", + "similarityId": -424874775, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/VerifyAccount.java", + "fullName": "org.owasp.webgoat.auth_bypass.VerifyAccount.userSessionData", + "length": 15, + "line": 55, + "methodLine": 55, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Declaration_of_Throws_for_Generic_Exception", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 177, + "vulnerabilities": [ + { + "id": "fJfwPViWL90HxKQRzjIz4Fr0yqg=", + "similarityId": -127312124, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 69, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java", + "fullName": "Exception", + "length": 9, + "line": 112, + "methodLine": 112, + "name": "Exception", + "domType": "TypeRef", + "method": "differentUserShouldNotBeAbleToReadOwnEmail" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Ub88q23RjwaHQYxuJ8TxSA7LYAk=", + "similarityId": 1376335236, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java", + "fullName": "Exception", + "length": 9, + "line": 93, + "methodLine": 93, + "name": "Exception", + "domType": "TypeRef", + "method": "userShouldBeAbleToReadOwnEmail" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "TZZ0a7NyabPL61APAcw0JLY98pg=", + "similarityId": 1104754820, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java", + "fullName": "Exception", + "length": 9, + "line": 79, + "methodLine": 79, + "name": "Exception", + "domType": "TypeRef", + "method": "sendingMailShouldStoreIt" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "wZ8qv1RPLMGX17doebJhPAQDTWE=", + "similarityId": 748226054, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java", + "fullName": "Exception", + "length": 9, + "line": 81, + "methodLine": 81, + "name": "Exception", + "domType": "TypeRef", + "method": "postingPlainTextShouldShwoException" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "oL9Y72hmlTpbheaNesCstFKJJ3A=", + "similarityId": -1677576214, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 78, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java", + "fullName": "Exception", + "length": 9, + "line": 73, + "methodLine": 73, + "name": "Exception", + "domType": "TypeRef", + "method": "postingXmlCommentWithoutXXEShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "RHuNT9Hp//i6Ori5rwBS/lScLbk=", + "similarityId": 2001469706, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 69, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java", + "fullName": "Exception", + "length": 9, + "line": 65, + "methodLine": 65, + "name": "Exception", + "domType": "TypeRef", + "method": "postingJsonCommentShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "uE7Rs0n3IjZMXTvztxiihUYW/r4=", + "similarityId": -385086846, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "workingAttack" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "jqnpLbgTtfkI5LqO8s/72jNiWsQ=", + "similarityId": -1986739612, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 61, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 88, + "methodLine": 88, + "name": "Exception", + "domType": "TypeRef", + "method": "postingInvalidJsonShouldAddComment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "7gLnmICIINscnHR/5r9DP+Qu8mE=", + "similarityId": -66520988, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 54, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 78, + "methodLine": 78, + "name": "Exception", + "domType": "TypeRef", + "method": "postingJsonShouldAddComment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "cnIvIX4ZGAxSUjgQHBCAn7Q+tz8=", + "similarityId": -1091377700, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "workingAttack" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "zofuO1zMsBovek9GcYTnL1e8CuE=", + "similarityId": 877437348, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 60, + "methodLine": 60, + "name": "Exception", + "domType": "TypeRef", + "method": "sendingXmlButContentTypeIsJson" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "VFWfZ2hpgBLQw+9bmEn0qn2cE40=", + "similarityId": -671562238, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 133, + "methodLine": 133, + "name": "Exception", + "domType": "TypeRef", + "method": "performXXE" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Tb/dOJ+lQZg5nTYp9QUN9nuP9G8=", + "similarityId": 1470534704, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 69, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 110, + "methodLine": 110, + "name": "Exception", + "domType": "TypeRef", + "method": "solveOnlyParamReferenceEntityInExternalDTD" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "wj2IGPxvoJZG3myKv4ux8+O5yr8=", + "similarityId": 1548545600, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 86, + "methodLine": 86, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "bbC8l2aWFHCo7q8nA9YaUs6Bkyg=", + "similarityId": 749783472, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 76, + "methodLine": 76, + "name": "Exception", + "domType": "TypeRef", + "method": "simpleXXEShouldNotWork" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "l84+Ip1NiH4D72Rc5I9VYMDtdUs=", + "similarityId": 1436443208, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 54, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 66, + "methodLine": 66, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongXmlShouldGiveErrorBack" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "zJc/JV6qt6wAxTACKTt53+aF6AE=", + "similarityId": -1220921848, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 55, + "methodLine": 55, + "name": "Exception", + "domType": "TypeRef", + "method": "validCommentMustBeAdded" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "HLwuVLO2S451oRuKbMyyoG+R9a8=", + "similarityId": -2034620736, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java", + "fullName": "Exception", + "length": 9, + "line": 71, + "methodLine": 71, + "name": "Exception", + "domType": "TypeRef", + "method": "testIllegalPayload" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "XFM7ZSLrlCWH6ingnoZExbGeJU0=", + "similarityId": 1235020352, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java", + "fullName": "Exception", + "length": 9, + "line": 61, + "methodLine": 61, + "name": "Exception", + "domType": "TypeRef", + "method": "testIllegalTransformation" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "iBj8/YBv+Pc6ppPX68oAYRjZNAc=", + "similarityId": 2115924672, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java", + "fullName": "Exception", + "length": 9, + "line": 51, + "methodLine": 51, + "name": "Exception", + "domType": "TypeRef", + "method": "testTransformation" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "2KvqeS9DDO8s/0zef4g68NcCUac=", + "similarityId": -2065440104, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java", + "fullName": "Exception", + "length": 9, + "line": 63, + "methodLine": 63, + "name": "Exception", + "domType": "TypeRef", + "method": "modifyUrlCat" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "fHBFWCQRI185LIhKzxxQk7tMSA4=", + "similarityId": 1410816152, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "modifyUrlIfconfigPro" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "vkolJrs2swTuMGfWlGVv8cdFZ6Y=", + "similarityId": 1136091286, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java", + "fullName": "Exception", + "length": 9, + "line": 48, + "methodLine": 48, + "name": "Exception", + "domType": "TypeRef", + "method": "modifyUrlCat" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "3peuYAE2e8oUWuO7Fdvnx5gsvO0=", + "similarityId": 1784401430, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java", + "fullName": "Exception", + "length": 9, + "line": 41, + "methodLine": 41, + "name": "Exception", + "domType": "TypeRef", + "method": "modifyUrlJerry" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "jJxW551lWkyHB/6YsG2QH8Z6KrU=", + "similarityId": -1924051050, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "modifyUrlTom" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Sa/1b9YJiYds+rJxuJKlgChKsL4=", + "similarityId": -1917530528, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java", + "fullName": "Exception", + "length": 9, + "line": 27, + "methodLine": 27, + "name": "Exception", + "domType": "TypeRef", + "method": "containsSpace" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "m7AvD9MSr1WrFRo281gMB/jU4Fg=", + "similarityId": -317943200, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java", + "fullName": "Exception", + "length": 9, + "line": 18, + "methodLine": 18, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "DeBQCcXkwswzYL3ZvH2LWOlhJ88=", + "similarityId": 428053696, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 54, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java", + "fullName": "Exception", + "length": 9, + "line": 27, + "methodLine": 27, + "name": "Exception", + "domType": "TypeRef", + "method": "containsForbiddenSqlKeyword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Z7XF2tSIKQB2ss9RdOJYTQVYVA4=", + "similarityId": -1596542144, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java", + "fullName": "Exception", + "length": 9, + "line": 18, + "methodLine": 18, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "yNzV8cfq0X9Y5r8YpGu34roMUuc=", + "similarityId": -2052932448, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 67, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 97, + "methodLine": 97, + "name": "Exception", + "domType": "TypeRef", + "method": "postingWrongAnswerShouldNotPassTheLesson" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "q6/NONqY9CPja2SkooUIEFdxOm0=", + "similarityId": 874895456, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 89, + "methodLine": 89, + "name": "Exception", + "domType": "TypeRef", + "method": "postingCorrectAnswerShouldPassTheLesson" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "tGjp5WFK72SmPrrrdI+T7vydB04=", + "similarityId": 805318688, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 81, + "methodLine": 81, + "name": "Exception", + "domType": "TypeRef", + "method": "addressIncorrectShouldOrderByHostname" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "IBamjNBM6TIjRBDeeirjOrCRPX8=", + "similarityId": -66786016, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 72, + "methodLine": 72, + "name": "Exception", + "domType": "TypeRef", + "method": "falseShouldSortById" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "PsMYdyyjaQKZ1Hu+zQ0/uGMawdE=", + "similarityId": -520714080, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 63, + "methodLine": 63, + "name": "Exception", + "domType": "TypeRef", + "method": "trueShouldSortByHostname" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "WcBDabVpnThxASRpGnfnrKwU0AU=", + "similarityId": 2112556832, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 69, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 55, + "methodLine": 55, + "name": "Exception", + "domType": "TypeRef", + "method": "addressIncorrectShouldOrderByIdUsingSubstr" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "eAwqSOEtAoiVWsuseYxnUAj08yE=", + "similarityId": 1479194656, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 37, + "methodLine": 37, + "name": "Exception", + "domType": "TypeRef", + "method": "addressCorrectShouldOrderByHostnameUsingSubstr" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "zWaPgFAtzdj3vr3rjdrEy9pg1Lg=", + "similarityId": 118806368, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 29, + "methodLine": 29, + "name": "Exception", + "domType": "TypeRef", + "method": "addressCorrectShouldOrderByHostname" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "cyZyZJbrBz8CYz3C+u83jLa6PLE=", + "similarityId": 1129544672, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java", + "fullName": "Exception", + "length": 9, + "line": 21, + "methodLine": 21, + "name": "Exception", + "domType": "TypeRef", + "method": "knownAccountShouldDisplayData" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "V5nwA98ehrUC2lnepew5RvxxOFk=", + "similarityId": -1353175588, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 170, + "methodLine": 170, + "name": "Exception", + "domType": "TypeRef", + "method": "SmithIsMostEarningCompletesAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "uEJ+X0Jzl6tr7lqwRgNE4SxpTl8=", + "similarityId": -1762129004, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 146, + "methodLine": 146, + "name": "Exception", + "domType": "TypeRef", + "method": "malformedQueryReturnsError" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "7RADbOyuq7NbVb8PTB2AV20wDY0=", + "similarityId": 241661824, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 121, + "methodLine": 121, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongTANReturnsNoAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "DERv3XO/1LN54bqLFYiH2Bky80o=", + "similarityId": 1207528340, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 96, + "methodLine": 96, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongNameReturnsNoAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "MV1T2Rw62vkTBSkfbFMHnxbujNE=", + "similarityId": -492089068, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 43, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 71, + "methodLine": 71, + "name": "Exception", + "domType": "TypeRef", + "method": "multipleAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "OE7blMUsZC8y2T+bpbhTAD1GS58=", + "similarityId": 168513108, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java", + "fullName": "Exception", + "length": 9, + "line": 46, + "methodLine": 46, + "name": "Exception", + "domType": "TypeRef", + "method": "oneAccount" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "1qWqYXg52brym/h97uju67kRmbw=", + "similarityId": 355521234, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java", + "fullName": "Exception", + "length": 9, + "line": 92, + "methodLine": 92, + "name": "Exception", + "domType": "TypeRef", + "method": "malformedQueryReturnsError" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Mp4/4NG8ZsluVD3nDAG1MPXItRs=", + "similarityId": 154057214, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java", + "fullName": "Exception", + "length": 9, + "line": 80, + "methodLine": 80, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongTANReturnsNoAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "buc0vTvAs/IfVfuAtXo44/G2u2w=", + "similarityId": -969788718, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java", + "fullName": "Exception", + "length": 9, + "line": 68, + "methodLine": 68, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongNameReturnsNoAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "nw/h5ccPOADDHlcNgP2lElgf4CU=", + "similarityId": 1821169874, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 43, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "multipleAccounts" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "WNa0gpu1NnKpAGtAbXeZiogc9iY=", + "similarityId": -1839838830, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java", + "fullName": "Exception", + "length": 9, + "line": 44, + "methodLine": 44, + "name": "Exception", + "domType": "TypeRef", + "method": "oneAccount" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "wS0XyGz2SsoKh03UeH/Ho3FXGvo=", + "similarityId": 1605113056, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java", + "fullName": "Exception", + "length": 9, + "line": 51, + "methodLine": 51, + "name": "Exception", + "domType": "TypeRef", + "method": "submitWrongPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "2+xuYMd1gj1iTZGLSjD1xwJK1F8=", + "similarityId": 1982972320, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java", + "fullName": "Exception", + "length": 9, + "line": 43, + "methodLine": 43, + "name": "Exception", + "domType": "TypeRef", + "method": "submitCorrectPassword" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "DmEQEoISLnYTyuepHAMK77J7q6E=", + "similarityId": -1349189248, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 92, + "methodLine": 92, + "name": "Exception", + "domType": "TypeRef", + "method": "noUnionUsed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "sad+8Ryuk1d/9+hotAQxL4b53v4=", + "similarityId": -1966141504, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 44, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 82, + "methodLine": 82, + "name": "Exception", + "domType": "TypeRef", + "method": "noResultsReturned" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "+7GwSnMJblv11UOz5f+Z99w0m7E=", + "similarityId": -1105316480, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 73, + "methodLine": 73, + "name": "Exception", + "domType": "TypeRef", + "method": "correctSolution" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "6nEsSMVI1T2NfbTEKjTO/+GqR5A=", + "similarityId": -1307075584, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 49, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 63, + "methodLine": 63, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongDataTypeOfColumns" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "VR7AHcHjE1yDnUIF4Z1bZzVHQXo=", + "similarityId": -527130368, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 53, + "methodLine": 53, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongNumberOfColumns" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "vMkTgGEXBEbz+gCyigF/rlB0ILk=", + "similarityId": 1524873792, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java", + "fullName": "Exception", + "length": 9, + "line": 44, + "methodLine": 44, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongSolution" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "D6Ul9AHiTj/6XYDvvTIJ8SsVzRY=", + "similarityId": 244059828, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java", + "fullName": "Exception", + "length": 9, + "line": 68, + "methodLine": 68, + "name": "Exception", + "domType": "TypeRef", + "method": "noGrantShouldNotSolveIt" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "5ExlqpNXhMxdbbNX1r0+3Ax8r58=", + "similarityId": -71229108, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java", + "fullName": "Exception", + "length": 9, + "line": 60, + "methodLine": 60, + "name": "Exception", + "domType": "TypeRef", + "method": "differentTableShouldNotSolveIt" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "pA4DZq1fgf/xCYwux+b1AjNp0kk=", + "similarityId": -1575515532, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java", + "fullName": "Exception", + "length": 9, + "line": 52, + "methodLine": 52, + "name": "Exception", + "domType": "TypeRef", + "method": "grantSolution" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "WDphUjcIxOize36HDiJaxyRDL+M=", + "similarityId": 848772128, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java", + "fullName": "Exception", + "length": 9, + "line": 77, + "methodLine": 77, + "name": "Exception", + "domType": "TypeRef", + "method": "sqlInjectionWrongShouldDisplayError" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "CljzGmI+trkWqrCrN3yqU4B8J18=", + "similarityId": 994480480, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java", + "fullName": "Exception", + "length": 9, + "line": 65, + "methodLine": 65, + "name": "Exception", + "domType": "TypeRef", + "method": "sqlInjection" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "ehsCFKbI4J3s4FWNSsZIju5Jyi8=", + "similarityId": 954904800, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java", + "fullName": "Exception", + "length": 9, + "line": 54, + "methodLine": 54, + "name": "Exception", + "domType": "TypeRef", + "method": "unknownAccount" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "v3/E0fIGcMlIEVvYLq6TFMzEENQ=", + "similarityId": 1919417888, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java", + "fullName": "Exception", + "length": 9, + "line": 41, + "methodLine": 41, + "name": "Exception", + "domType": "TypeRef", + "method": "knownAccountShouldDisplayData" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "AWQ7fIKjk+ud3p25lLAnfO5etUo=", + "similarityId": -652361466, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2Test.java", + "fullName": "Exception", + "length": 9, + "line": 39, + "methodLine": 39, + "name": "Exception", + "domType": "TypeRef", + "method": "solution" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "bbeHj7FTrqx25e12haWshhe2ZO4=", + "similarityId": 2043945088, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java", + "fullName": "Exception", + "length": 9, + "line": 66, + "methodLine": 66, + "name": "Exception", + "domType": "TypeRef", + "method": "tableMissingIsSuccess" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Nhq7ILIrK04aqZxwAkJdRJl8AqA=", + "similarityId": -1285180288, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 47, + "fileName": "/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java", + "fullName": "Exception", + "length": 9, + "line": 45, + "methodLine": 45, + "name": "Exception", + "domType": "TypeRef", + "method": "tableExistsIsFailure" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Zj6sqXlFGz1kcPaVlUBfKSP7les=", + "similarityId": -811377736, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java", + "fullName": "Exception", + "length": 9, + "line": 71, + "methodLine": 71, + "name": "Exception", + "domType": "TypeRef", + "method": "normalUpdate" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Z7P3svd22Pc6CcsWdx/j1J8SAKQ=", + "similarityId": -80371304, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java", + "fullName": "Exception", + "length": 9, + "line": 59, + "methodLine": 59, + "name": "Exception", + "domType": "TypeRef", + "method": "shouldNotOverrideExistingFile" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "m5mjP0V7oom+AH5HEvyRGo027g8=", + "similarityId": 1101156760, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java", + "fullName": "Exception", + "length": 9, + "line": 46, + "methodLine": 46, + "name": "Exception", + "domType": "TypeRef", + "method": "attemptWithWrongDirectory" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Rb/zyQoYjYg0e0hdNmXNA8m29fo=", + "similarityId": -1112899768, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "LR7CbFUJh+SQ46KD0re2kDvmLqM=", + "similarityId": 1309452608, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 65, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java", + "fullName": "Exception", + "length": 9, + "line": 80, + "methodLine": 80, + "name": "Exception", + "domType": "TypeRef", + "method": "unknownFileShouldGiveDirectoryContents" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "XIcqWJ1IY3RL7sl9sSU2ZCoWWP8=", + "similarityId": 1443708224, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java", + "fullName": "Exception", + "length": 9, + "line": 72, + "methodLine": 72, + "name": "Exception", + "domType": "TypeRef", + "method": "shouldReceiveRandomPicture" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Y0r09yDBkLijGRiCAZsSQKF9llw=", + "similarityId": 1357335872, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java", + "fullName": "Exception", + "length": 9, + "line": 42, + "methodLine": 42, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "gVn0+108OGU1Cq20vUMN7OEi0es=", + "similarityId": 626245088, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java", + "fullName": "Exception", + "length": 9, + "line": 46, + "methodLine": 46, + "name": "Exception", + "domType": "TypeRef", + "method": "normalUpdate" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "h5Ah0TEdWX6annXMLIdO8ppeIr4=", + "similarityId": 2052395424, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "M6Q0x3TBnY9k4k8QRdUkUjwFmJY=", + "similarityId": 1697186336, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java", + "fullName": "Exception", + "length": 9, + "line": 46, + "methodLine": 46, + "name": "Exception", + "domType": "TypeRef", + "method": "normalUpdate" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "d0+Ah3W21DUUMobyFDCQ4sAZt8Q=", + "similarityId": 271170656, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 32, + "fileName": "/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "solve" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "cGzJ4vkmpkC5CIPlHPP22IMTkKo=", + "similarityId": -165098592, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 68, + "fileName": "/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 72, + "methodLine": 72, + "name": "Exception", + "domType": "TypeRef", + "method": "solvingForOneUserDoesNotSolveForOtherUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "35EZFgOuNoB10X6IAvafO0rWYGk=", + "similarityId": 463653600, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 77, + "fileName": "/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 58, + "methodLine": 58, + "name": "Exception", + "domType": "TypeRef", + "method": "answeringSameQuestionTwiceShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "8M6jBpoF4/SVQIZFfrkWEaJLPTI=", + "similarityId": -268028576, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 42, + "methodLine": 42, + "name": "Exception", + "domType": "TypeRef", + "method": "twoQuestionsShouldSolveTheAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "C6RhhRkTt7MFHzjaiE7wxWfGQ0U=", + "similarityId": 1411481568, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 65, + "fileName": "/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 32, + "methodLine": 32, + "name": "Exception", + "domType": "TypeRef", + "method": "oneQuestionShouldNotSolveTheAssignment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "mY5Z4NLPTpfeEWbuaR8vtTF/YbI=", + "similarityId": 597153034, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java", + "fullName": "Exception", + "length": 9, + "line": 73, + "methodLine": 73, + "name": "Exception", + "domType": "TypeRef", + "method": "hashMatches" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "qjTsXwbhcgS0zhk9436VaPGs3BA=", + "similarityId": -230314526, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 43, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java", + "fullName": "Exception", + "length": 9, + "line": 64, + "methodLine": 64, + "name": "Exception", + "domType": "TypeRef", + "method": "HashDoesNotMatch" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Q6rKDrj+kr0Rbj9/OSgt2DIcryk=", + "similarityId": -1689077298, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsersTest.java", + "fullName": "Exception", + "length": 9, + "line": 60, + "methodLine": 60, + "name": "Exception", + "domType": "TypeRef", + "method": "TestContentTypeApplicationJSON" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Exu7fsoxsxW37mmh4pqdPYLSho4=", + "similarityId": 785413984, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java", + "fullName": "Exception", + "length": 9, + "line": 68, + "methodLine": 68, + "name": "Exception", + "domType": "TypeRef", + "method": "HiddenMenusFailure" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "oPCKJuk5CayZliCilwtRd9G3Xgk=", + "similarityId": 189188960, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 44, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java", + "fullName": "Exception", + "length": 9, + "line": 59, + "methodLine": 59, + "name": "Exception", + "domType": "TypeRef", + "method": "HiddenMenusClose" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "VYpXZRgdCXhLWi5U3vM3GxCAwMI=", + "similarityId": 79432480, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 46, + "fileName": "/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java", + "fullName": "Exception", + "length": 9, + "line": 50, + "methodLine": 50, + "name": "Exception", + "domType": "TypeRef", + "method": "HiddenMenusSuccess" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "FHduIczBiwlGyVHcgMHXizbfOaw=", + "similarityId": 2137785708, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 75, + "methodLine": 75, + "name": "Exception", + "domType": "TypeRef", + "method": "userDetailsServiceBean" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "XydkZiZVr0k+x69sT1dgzNS/eKA=", + "similarityId": -765678742, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 75, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "configureGlobal" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "MIJgj3ealtwctVJsxhlFeriVoJI=", + "similarityId": 1684706530, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 50, + "methodLine": 50, + "name": "Exception", + "domType": "TypeRef", + "method": "configure" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "O5tis8nJNg7ms8OLddkfQi0E3n4=", + "similarityId": 1701284640, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 109, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "createNewComment" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "kPVxDVJcF9VCDQgB8MBZwTNDX7U=", + "similarityId": 1502995386, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 157, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java", + "fullName": "Exception", + "length": 9, + "line": 59, + "methodLine": 59, + "name": "Exception", + "domType": "TypeRef", + "method": "createNewUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "vEb4l8igVzKFn7X4zUcKP8fKXAM=", + "similarityId": -1835874400, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 66, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java", + "fullName": "Exception", + "length": 9, + "line": 67, + "methodLine": 67, + "name": "Exception", + "domType": "TypeRef", + "method": "sort" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "aWznE7apt1UgzPs/qAz5b8zkhCY=", + "similarityId": 645316324, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 112, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallengeLogin.java", + "fullName": "Exception", + "length": 9, + "line": 46, + "methodLine": 46, + "name": "Exception", + "domType": "TypeRef", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "1TC0QmP1VMCX0lcI+CBf3Ymyykw=", + "similarityId": 1426237216, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 150, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "registerNewUser" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "3DrJVbb/9rTkY4by3d/f66Dkn0g=", + "similarityId": -677709664, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 195, + "methodLine": 195, + "name": "Exception", + "domType": "TypeRef", + "method": "unknownUserShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "7xUlgBvs36Q2lY/jLYTO5BSqYck=", + "similarityId": 147412256, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 73, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 183, + "methodLine": 183, + "name": "Exception", + "domType": "TypeRef", + "method": "unknownUserWithValidTokenShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "EaecvG1ipL0tIJKWPOWFCb2I+28=", + "similarityId": 782493728, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 176, + "methodLine": 176, + "name": "Exception", + "domType": "TypeRef", + "method": "guestShouldNotBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "IBNg9Ur548KXn9aMipamJ5HUQHc=", + "similarityId": -81685536, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 48, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 141, + "methodLine": 141, + "name": "Exception", + "domType": "TypeRef", + "method": "tomShouldBeAbleToVote" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "9ICcOQ9cD+tTkXlsyH1oMzhhMik=", + "similarityId": 1082238240, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 131, + "methodLine": 131, + "name": "Exception", + "domType": "TypeRef", + "method": "invalidTokenShouldSeeGuestView" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "t3losLGAhs91ldwzhTZrRkiZsO0=", + "similarityId": 1022884320, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 52, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 116, + "methodLine": 116, + "name": "Exception", + "domType": "TypeRef", + "method": "tomShouldSeeNumberOfVotes" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "9de9v53KCgLhYsyq9oQBL8oBlBc=", + "similarityId": -283344608, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 106, + "methodLine": 106, + "name": "Exception", + "domType": "TypeRef", + "method": "guestShouldNotSeeNumberOfVotes" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "8c24aXRI27TTfUEjHPA4FczIRUI=", + "similarityId": 1481892384, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 98, + "methodLine": 98, + "name": "Exception", + "domType": "TypeRef", + "method": "tomShouldGetAToken" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "pZrXCoa4QnCqOIW09wPqd105pWg=", + "similarityId": 1731735328, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 90, + "methodLine": 90, + "name": "Exception", + "domType": "TypeRef", + "method": "guestShouldNotGetAToken" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Zr6wGA7+bFKxLgZaOEPw+Tzkrys=", + "similarityId": 2102701344, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 57, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 82, + "methodLine": 82, + "name": "Exception", + "domType": "TypeRef", + "method": "resetWithoutTokenShouldNotWork" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "yeZnKeAxTGyUNeGi+2LNoz4f29c=", + "similarityId": 77594784, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 66, + "methodLine": 66, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "SFq5rMJy9eoTS9F1MPesAS9xPqE=", + "similarityId": -333774112, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 122, + "methodLine": 122, + "name": "Exception", + "domType": "TypeRef", + "method": "incorrectToken" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "vVua/3sC0XCyE2hSIS81IDn02TM=", + "similarityId": 1825580384, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 111, + "methodLine": 111, + "name": "Exception", + "domType": "TypeRef", + "method": "incorrectUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "+2l6o1E8l2LYuqIsXNZvFsoW3Bw=", + "similarityId": -1690501344, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 99, + "methodLine": 99, + "name": "Exception", + "domType": "TypeRef", + "method": "oneOfClaimIsMissingShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "LgyaCwGMw7VnVD7lBpT+gFMwf/c=", + "similarityId": 572083040, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 55, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 88, + "methodLine": 88, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignmentWithLowercase" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "t+bXNv/63cfmbTwD9/eqeVBdxQM=", + "similarityId": -2028924704, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 77, + "methodLine": 77, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "1a2/DM5AgwpEaBZfEr+wL2/u7FI=", + "similarityId": 1742975296, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 212, + "methodLine": 212, + "name": "Exception", + "domType": "TypeRef", + "method": "noTokenWhileLoginShouldReturn401" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Y+hYRWvWMj0SBSvIyAZr4gGPYYI=", + "similarityId": -1383123520, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 72, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 206, + "methodLine": 206, + "name": "Exception", + "domType": "TypeRef", + "method": "noTokenWhileRequestingNewTokenShouldReturn401" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Ue74q3rYi/tKUF+zasD0B3fmMB8=", + "similarityId": 2132195392, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 62, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 200, + "methodLine": 200, + "name": "Exception", + "domType": "TypeRef", + "method": "noTokenWhileCheckoutShouldReturn401" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "UDdICT9RK1tw801pwhC0f4dw9kI=", + "similarityId": 585290400, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 68, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 178, + "methodLine": 178, + "name": "Exception", + "domType": "TypeRef", + "method": "unknownRefreshTokenShouldGiveUnauthorized" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "PeDUDQZwYxERQzcKurEYF18d1Ps=", + "similarityId": 988182432, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 155, + "methodLine": 155, + "name": "Exception", + "domType": "TypeRef", + "method": "newTokenShouldWorkForJerry" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "8jTNXnLBbO1aJ+1a+Ehjbksbjxo=", + "similarityId": -498207200, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 144, + "methodLine": 144, + "name": "Exception", + "domType": "TypeRef", + "method": "loginShouldNotWorkForTom" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "bPoT4dl8m2J8DmURMESZCTiQ7Ww=", + "similarityId": -511243296, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 133, + "methodLine": 133, + "name": "Exception", + "domType": "TypeRef", + "method": "loginShouldNotWorkForJerryWithWrongPassword" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "QiIDRKpQJmqGMB5BWnNux5eXc88=", + "similarityId": -343785440, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 114, + "methodLine": 114, + "name": "Exception", + "domType": "TypeRef", + "method": "flowForJerryAlwaysWorks" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "pHl3EFyzk3gg/XYzwUWmN2B4IiQ=", + "similarityId": 1109693472, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 105, + "methodLine": 105, + "name": "Exception", + "domType": "TypeRef", + "method": "checkoutWitRandomTokenShouldFail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "7OWZ7oAlpiRxz0S5npSqB2T+CgM=", + "similarityId": 1427043616, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 71, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 96, + "methodLine": 96, + "name": "Exception", + "domType": "TypeRef", + "method": "checkoutWithTomsTokenFromAccessLogShouldFail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "1G5CzX5xBF5M6Se9GMJdYCrrygM=", + "similarityId": 1744017184, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 61, + "methodLine": 61, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "+QRn40QscRZ7c7z0A6A7jsUG2Og=", + "similarityId": -469894656, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 65, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "shouldNotBeAbleToBypassWithSimpleToken" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "ZaV5r0zLJ320of6OD3QkkurQXTw=", + "similarityId": 885199296, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 64, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 60, + "methodLine": 60, + "name": "Exception", + "domType": "TypeRef", + "method": "withJerrysKeyShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "MNDLeLEdgZI7hiCPZyLr78UmY4A=", + "similarityId": -1121995584, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 42, + "methodLine": 42, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "0fJSU2hz2x28OueBnl1lHWWEJaE=", + "similarityId": 2128416796, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 60, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 39, + "methodLine": 39, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongUserShouldNotSolveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "9rBbqz7UmEwqGVvZMoiYso5h/to=", + "similarityId": -47331652, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 30, + "methodLine": 30, + "name": "Exception", + "domType": "TypeRef", + "method": "solveAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "ikoYjuyzK62vSe3n7JZLIJA+Afg=", + "similarityId": 1833375202, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 43, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "Exception", + "length": 9, + "line": 80, + "methodLine": 80, + "name": "Exception", + "domType": "TypeRef", + "method": "checkOtherObject" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Fjgv8CfHR0DCshylcjphD/Lfj9U=", + "similarityId": -1231183458, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "Exception", + "length": 9, + "line": 67, + "methodLine": 67, + "name": "Exception", + "domType": "TypeRef", + "method": "expiredTask" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "aLQsgk2hNu7LSCO/T54EAtiLfzw=", + "similarityId": 1570614242, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongVersion" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "uVulR+htN4x7oqLBChM65qewEx4=", + "similarityId": 47599778, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "Exception", + "length": 9, + "line": 48, + "methodLine": 48, + "name": "Exception", + "domType": "TypeRef", + "method": "fail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "ynuGm7rmIKbhU6qDzCB1bMMFL+s=", + "similarityId": -1205982846, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java", + "fullName": "Exception", + "length": 9, + "line": 33, + "methodLine": 33, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "drKtmeMXtYcrLC1yTrgzSWvcd1c=", + "similarityId": 377833600, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 58, + "fileName": "/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java", + "fullName": "Exception", + "length": 9, + "line": 89, + "methodLine": 89, + "name": "Exception", + "domType": "TypeRef", + "method": "whenPostAssignmentShouldNotPass" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Rw//YE7C1ztcJv36K5d+vqJ0HDI=", + "similarityId": 1303024704, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 40, + "fileName": "/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java", + "fullName": "Exception", + "length": 9, + "line": 80, + "methodLine": 80, + "name": "Exception", + "domType": "TypeRef", + "method": "missingHeader" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "ogTqzJ6LPQSkl7SWGRVYZbSmJgk=", + "similarityId": -1890047168, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java", + "fullName": "Exception", + "length": 9, + "line": 71, + "methodLine": 71, + "name": "Exception", + "domType": "TypeRef", + "method": "missingParam" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "i8e1odu8CObcdrXtXde3oTvkKIo=", + "similarityId": 386241664, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java", + "fullName": "Exception", + "length": 9, + "line": 61, + "methodLine": 61, + "name": "Exception", + "domType": "TypeRef", + "method": "failure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "NyLf86hSiTCCYkab9HPt1ecQwKc=", + "similarityId": -842867136, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java", + "fullName": "Exception", + "length": 9, + "line": 51, + "methodLine": 51, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "2Dl3v5FoHMtQKejAtepBKAbXid8=", + "similarityId": 1413209952, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 37, + "fileName": "/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "csrfAttack" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "EzDoROVFwPmyqMWUnzK/lgzM1zY=", + "similarityId": 1750520672, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 69, + "fileName": "/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java", + "fullName": "Exception", + "length": 9, + "line": 60, + "methodLine": 60, + "name": "Exception", + "domType": "TypeRef", + "method": "postingJsonMessageThroughWebGoatShouldWork" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "h8oTilS9chC4igTDvrBL3bho+iQ=", + "similarityId": -406985674, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java", + "fullName": "Exception", + "length": 9, + "line": 82, + "methodLine": 82, + "name": "Exception", + "domType": "TypeRef", + "method": "isNotEncoded" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "PeshZocbUOGq6gz23B6DlCKxqeY=", + "similarityId": 1079727474, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java", + "fullName": "Exception", + "length": 9, + "line": 66, + "methodLine": 66, + "name": "Exception", + "domType": "TypeRef", + "method": "failure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "/p1ydX6+a+lrpl5+3Ewn55oMiUw=", + "similarityId": 219221206, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "77E2RF6tcPeGOyxsjAheeuc2BUk=", + "similarityId": -240508988, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java", + "fullName": "Exception", + "length": 9, + "line": 67, + "methodLine": 67, + "name": "Exception", + "domType": "TypeRef", + "method": "failure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "bAc4iv/v2GloX+8VO4a2V7S1pe8=", + "similarityId": 867896872, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Pw0GnYEn/XrUZB/q0/FxlHszfYM=", + "similarityId": 1145574432, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 70, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ShopEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 76, + "methodLine": 76, + "name": "Exception", + "domType": "TypeRef", + "method": "fetchAllTheCouponsShouldContainGetItForFree" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "4yjRms22wXqPdpIm5vrYaj6qJsM=", + "similarityId": 2082080736, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ShopEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "askForUnknownCouponCode" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "WG1jvcaKR9w4PepDb44Er3RI+pQ=", + "similarityId": 1482289952, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ShopEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 62, + "methodLine": 62, + "name": "Exception", + "domType": "TypeRef", + "method": "getCoupon" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "RcRduI3YyGRIOctDcE7sfL2ssHg=", + "similarityId": -1834884576, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 41, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ShopEndpointTest.java", + "fullName": "Exception", + "length": 9, + "line": 55, + "methodLine": 55, + "name": "Exception", + "domType": "TypeRef", + "method": "getSuperCoupon" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "0OEst2nMAOWShDYhBFRtYItBLow=", + "similarityId": -308528974, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 45, + "methodLine": 45, + "name": "Exception", + "domType": "TypeRef", + "method": "getSalaries" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "HwcaDcjGz2wQDRg5Eij1brUtqYk=", + "similarityId": -1306126058, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 37, + "methodLine": 37, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongSalary" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "U7/f1vSGjf1tR+bZgksHQ6d4NlI=", + "similarityId": 620566214, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 30, + "methodLine": 30, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "IfUxEFhyWZSYfe0OvaJNlTRbHlE=", + "similarityId": -223897630, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 41, + "methodLine": 41, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongCouponCode" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Le13t3rwa1p1UtUyUnv9OsBVgME=", + "similarityId": -1751655314, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringAssignmentTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "xeRf3PfHXcwjEBU6Vhd26gRtZZg=", + "similarityId": -1236084348, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 79, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 183, + "methodLine": 183, + "name": "Exception", + "domType": "TypeRef", + "method": "allAnswersFalseGetResultsReturnsFalseFalseFalseFalse" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "WXv7Ok9ZtAHt58rHfYKsDSFW0Xg=", + "similarityId": 184389524, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 78, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 162, + "methodLine": 162, + "name": "Exception", + "domType": "TypeRef", + "method": "secondAnswerFalseGetResultsReturnsTrueFalseTrueTrue" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "VFSbwQV3FyN7G959uaEpTpp5VT0=", + "similarityId": -2053795260, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 77, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 141, + "methodLine": 141, + "name": "Exception", + "domType": "TypeRef", + "method": "firstAnswerFalseGetResultsReturnsFalseTrueTrueTrue" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "MQwNDJiVQkI8MTkq3ohG/WyDzGM=", + "similarityId": -2044551996, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 77, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 120, + "methodLine": 120, + "name": "Exception", + "domType": "TypeRef", + "method": "allAnswersCorrectGetResultsReturnsTrueTrueTrueTrue" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "M7Lyqy/MSdFsOx7VSVrZcTcDysY=", + "similarityId": 932657220, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 103, + "methodLine": 103, + "name": "Exception", + "domType": "TypeRef", + "method": "allAnswersWrongIsFailure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "VdPI5KMAvFzobt25iI+fC1WJHuc=", + "similarityId": -1906798716, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 86, + "methodLine": 86, + "name": "Exception", + "domType": "TypeRef", + "method": "threeAnswersWrongIsFailure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "dlQWCidvm6MmY4B1VYbK1Y7kMPo=", + "similarityId": 897865860, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 69, + "methodLine": 69, + "name": "Exception", + "domType": "TypeRef", + "method": "twoAnswersWrongIsFailure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "LfZ12FPW1Ek4UE0N0bBG4p33uAE=", + "similarityId": 802610548, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 52, + "methodLine": 52, + "name": "Exception", + "domType": "TypeRef", + "method": "oneAnswerWrongIsFailure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Dy9f0IMbHuR4FyMeBtcwvujBfmQ=", + "similarityId": -172789436, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java", + "fullName": "Exception", + "length": 9, + "line": 35, + "methodLine": 35, + "name": "Exception", + "domType": "TypeRef", + "method": "allAnswersCorrectIsSuccess" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "gNTcyEwEqrv+15HbtlGyQtPgWx0=", + "similarityId": -510805504, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java", + "fullName": "Exception", + "length": 9, + "line": 43, + "methodLine": 43, + "name": "Exception", + "domType": "TypeRef", + "method": "NetworkAssignmentTest_Fail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "mgOH8N72b0oO0kBJ6AQdza3Wfi0=", + "similarityId": -887762432, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "NetworkAssignmentTest_Success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "Ewzo6zitzrph0DNyO8exYTLhwT4=", + "similarityId": -1955956178, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/challenges/Assignment1Test.java", + "fullName": "Exception", + "length": 9, + "line": 71, + "methodLine": 71, + "name": "Exception", + "domType": "TypeRef", + "method": "wrongPassword" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "xe0ryuJn/4ij6617RXPwU+PubAc=", + "similarityId": 1663713134, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/challenges/Assignment1Test.java", + "fullName": "Exception", + "length": 9, + "line": 59, + "methodLine": 59, + "name": "Exception", + "domType": "TypeRef", + "method": "success" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "7zX0bJ9HPZncwrbJbWoD9u08MoM=", + "similarityId": 492873248, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 53, + "fileName": "/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java", + "fullName": "Exception", + "length": 9, + "line": 62, + "methodLine": 62, + "name": "Exception", + "domType": "TypeRef", + "method": "notBypassingAllFieldShouldNotPass" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "8EMb7zEzG+zb0bKQlDCFndeJ0ZE=", + "similarityId": 1966560416, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 44, + "fileName": "/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java", + "fullName": "Exception", + "length": 9, + "line": 48, + "methodLine": 48, + "name": "Exception", + "domType": "TypeRef", + "method": "bypassAllFieldShouldPass" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "csyI2NT+p3LvlHwR+BnuifVtkJA=", + "similarityId": -1377715296, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java", + "fullName": "Exception", + "length": 9, + "line": 34, + "methodLine": 34, + "name": "Exception", + "domType": "TypeRef", + "method": "noChangesShouldNotPassTheLesson" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "mUb77QEg6WT40tEetXNYrvfi6EE=", + "similarityId": -410058232, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 56, + "methodLine": 56, + "name": "Exception", + "domType": "TypeRef", + "method": "withLessons" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "w2P3CwP7P/79s5AMFw+i5s2zvPI=", + "similarityId": -938127678, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 85, + "methodLine": 85, + "name": "Exception", + "domType": "TypeRef", + "method": "jsonLessonOverview" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "FQF9iLvh2Qd+BFdTqs91zfr7tEY=", + "similarityId": -415670878, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 35, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 91, + "methodLine": 91, + "name": "Exception", + "domType": "TypeRef", + "method": "lessonCompleted" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "awOX05t/HTcyTCS0nlygWRA65rg=", + "similarityId": 1604113130, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 42, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 73, + "methodLine": 73, + "name": "Exception", + "domType": "TypeRef", + "method": "lessonsShouldBeOrdered" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "cfmxnnVNUXdDyTsq2J+p+oJldjA=", + "similarityId": 739229120, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 30, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 72, + "methodLine": 72, + "name": "Exception", + "domType": "TypeRef", + "method": "withLocale" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "acpsQgacASEjfiSDVJERXVxrcO8=", + "similarityId": 930059072, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 33, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 64, + "methodLine": 64, + "name": "Exception", + "domType": "TypeRef", + "method": "withoutLocale" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + }, + { + "id": "xOHVnPAolxIXbrR59FQcmkF09M4=", + "similarityId": 840132946, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 8, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 38, + "fileName": "/webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java", + "fullName": "Exception", + "length": 9, + "line": 40, + "methodLine": 40, + "name": "Exception", + "domType": "TypeRef", + "method": "hintsPerAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129368 + } + } + ] + }, + { + "queryName": "ESAPI_Banned_API", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 35, + "vulnerabilities": [ + { + "id": "5XagZDmpcUkUSoDUIpXcvHRsf+U=", + "similarityId": -1506381633, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.setContentType", + "length": 1, + "line": 113, + "methodLine": 96, + "name": "setContentType", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "2nTzRYAz5ow3aJHAMPVW+fN5Rrc=", + "similarityId": 646226707, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.addCookie", + "length": 1, + "line": 111, + "methodLine": 96, + "name": "addCookie", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "PfxFWawy2OKGOWSPO4/U6w71Os8=", + "similarityId": -1506381633, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 36, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.setContentType", + "length": 1, + "line": 108, + "methodLine": 96, + "name": "setContentType", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "HPe92p0RP+KvCegFuCyOe87/hMw=", + "similarityId": 646226707, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java", + "fullName": "org.owasp.webgoat.jwt.JWTVotesEndpoint.login.response.addCookie", + "length": 1, + "line": 106, + "methodLine": 96, + "name": "addCookie", + "domType": "MethodInvokeExpr", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "KRj0j/Jox7kdPOBTg4ZJd+OzUfw=", + "similarityId": -659905351, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java", + "fullName": "org.owasp.webgoat.challenges.challenge1.ImageServlet.doGet.response.setContentType", + "length": 1, + "line": 34, + "methodLine": 22, + "name": "setContentType", + "domType": "MethodInvokeExpr", + "method": "doGet" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "qZdWwzZ0FJr27T6sddTzqSf74rk=", + "similarityId": 531293971, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 51, + "fileName": "/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java", + "fullName": "org.owasp.webgoat.csrf.CSRFLogin.completed.request.getUserPrincipal", + "length": 1, + "line": 53, + "methodLine": 52, + "name": "getUserPrincipal", + "domType": "MethodInvokeExpr", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "xtWRTbkdQclhA5mH1hi9wCWxf2c=", + "similarityId": -1443406521, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 45, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java", + "fullName": "org.owasp.webgoat.crypto.EncodingAssignment.getBasicAuth.request.getUserPrincipal", + "length": 1, + "line": 50, + "methodLine": 47, + "name": "getUserPrincipal", + "domType": "MethodInvokeExpr", + "method": "getBasicAuth" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "PAQ57nS4SSADqAAFvZ4vLlrYduY=", + "similarityId": 1011542903, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 55, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonConnectionInvocationHandler.java", + "fullName": "Statement.execute", + "length": 1, + "line": 28, + "methodLine": 24, + "name": "execute", + "domType": "MethodInvokeExpr", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "TAptcjMR62Jke4Z5zCw8ngQ4664=", + "similarityId": 999753089, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "org.owasp.webgoat.service.LabelService.fetchLabels.allProperties.putAll", + "length": 1, + "line": 89, + "methodLine": 81, + "name": "putAll", + "domType": "MethodInvokeExpr", + "method": "fetchLabels" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "civuprciiel7+TFF6yCkoNiJCEM=", + "similarityId": 201095515, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 29, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java", + "fullName": "org.owasp.webgoat.service.LabelService.fetchLabels.allProperties.putAll", + "length": 1, + "line": 88, + "methodLine": 81, + "name": "putAll", + "domType": "MethodInvokeExpr", + "method": "fetchLabels" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "pXT5PJkRi552iWVHZOmAygwXpR0=", + "similarityId": -1905764121, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 34, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java", + "fullName": "org.owasp.webgoat.i18n.PluginMessages.refreshProperties.properties.putAll", + "length": 1, + "line": 65, + "methodLine": 54, + "name": "putAll", + "domType": "MethodInvokeExpr", + "method": "refreshProperties" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "+oliKhpxDNyf/PM291k+EUxcYbA=", + "similarityId": -1486668557, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 57, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.mavenWrapperProperties.getProperty", + "length": 1, + "line": 63, + "methodLine": 48, + "name": "getProperty", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "OOHf5s1hDCUMDvz0zUJZSgM5d0o=", + "similarityId": 1409734963, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 44, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.mavenWrapperProperties.load", + "length": 1, + "line": 62, + "methodLine": 48, + "name": "load", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "Umi9d4Tp/F3tp2H5wQQJEVvvm5s=", + "similarityId": 973714721, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 59, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/SessionService.java", + "fullName": "org.owasp.webgoat.service.SessionService.showSession.session.getId", + "length": 1, + "line": 41, + "methodLine": 39, + "name": "getId", + "domType": "MethodInvokeExpr", + "method": "showSession" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "XTBvMnS42Ta6nAqknVkSeHSqNwo=", + "similarityId": -1758940845, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java", + "fullName": "org.dummy.insecure.framework.VulnerableTaskHolder.readObject.in.readLine", + "length": 1, + "line": 63, + "methodLine": 38, + "name": "readLine", + "domType": "MethodInvokeExpr", + "method": "readObject" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "3S4E8g54JjcnJH6pDoDJ6Ydg3n4=", + "similarityId": -1146508749, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 50, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java", + "fullName": "org.dummy.insecure.framework.VulnerableTaskHolder.readObject.exec", + "length": 1, + "line": 59, + "methodLine": 38, + "name": "exec", + "domType": "MethodInvokeExpr", + "method": "readObject" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "FEimnPF2kUyPmhjpqcF3TaEpknY=", + "similarityId": -223252715, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 30, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "MavenWrapperDownloader.main.e.printStackTrace", + "length": 1, + "line": 92, + "methodLine": 48, + "name": "printStackTrace", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "RgBS4WRhCvtwauigQmbo5ichKd0=", + "similarityId": -352875341, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.out.println", + "length": 1, + "line": 69, + "methodLine": 46, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "5c00F05vCHF1a043i2y/tyBvuuc=", + "similarityId": -1281211163, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.out.println", + "length": 1, + "line": 65, + "methodLine": 46, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "XTrojbrv6hHA0vbQANYSK2IkNFw=", + "similarityId": 1088718355, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.out.println", + "length": 1, + "line": 60, + "methodLine": 46, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "V6X7iD2Bmqu5+KID9b13O4sf57I=", + "similarityId": -2012355747, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebWolf.java", + "fullName": "System.out.println", + "length": 1, + "line": 59, + "methodLine": 46, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "z12AheusY0k8eK3iImfWXVqZRl0=", + "similarityId": 1153740019, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java", + "fullName": "System.out.println", + "length": 1, + "line": 41, + "methodLine": 33, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "JegreXijjfQG28yx2VTyOFsUeVs=", + "similarityId": 98753395, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java", + "fullName": "System.out.println", + "length": 1, + "line": 40, + "methodLine": 33, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "gL9HRvaFi7Y2kns8tr4+khsfugw=", + "similarityId": -1818421517, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java", + "fullName": "System.out.println", + "length": 1, + "line": 35, + "methodLine": 33, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "HDuoykXpH+Odp/rpSuD7+skKnhk=", + "similarityId": 648772957, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 39, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java", + "fullName": "System.out.println", + "length": 1, + "line": 54, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "YwsnqLYeIvqHDNcEz7ygLA7fQuQ=", + "similarityId": 560480223, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.out.println", + "length": 1, + "line": 67, + "methodLine": 50, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "yqsjc20SdDWpCzzexpM4F2V6blM=", + "similarityId": -1668820053, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 28, + "fileName": "/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java", + "fullName": "System.out.println", + "length": 1, + "line": 62, + "methodLine": 50, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "m78JdTdWmt7obA03o5N4BqsUZrE=", + "similarityId": -1877079127, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 91, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "B4a/gXpHDL3NmacGNDx4EgpUEMs=", + "similarityId": 1272180787, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 31, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 88, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "syjD6sAfidNoQkCPmYqnW1Aor/4=", + "similarityId": -761196557, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 85, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "UP52dWfXBoOiNreRxOMWRdUk1RQ=", + "similarityId": 1886175667, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 81, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "/sbis4An26nWm5h3b/27efWRjr8=", + "similarityId": -1357163893, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 76, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "7Z0CmEY8TaDfDcck+C3wfZaApv8=", + "similarityId": 1452435067, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 35, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 65, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "YfU6lLJaFi9PVKb+zsK8rdemdVE=", + "similarityId": 150338907, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 51, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "o7CHD1nyHNZ0TL8Maq3CGr1eqQ8=", + "similarityId": 1994171095, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 676, + "confidenceLevel": 0, + "compliance": [ + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 27, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "System.out.println", + "length": 1, + "line": 49, + "methodLine": 48, + "name": "println", + "domType": "MethodInvokeExpr", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Exposure_of_Resource_to_Wrong_Sphere", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "JZ1jfHBWj2Q4Ofo6oc2JeHeO3Ik=", + "similarityId": 335883679, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 493, + "confidenceLevel": 0, + "compliance": [ + "OWASP Top 10 2013", + "OWASP Top 10 2017", + "OWASP Top 10 2021", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 21, + "fileName": "/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java", + "fullName": "org.owasp.webgoat.template.SampleAttack.userSessionData", + "length": 15, + "line": 52, + "methodLine": 52, + "name": "userSessionData", + "domType": "FieldDecl" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Declaration_of_Throws_for_Generic_Exception", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 10, + "vulnerabilities": [ + { + "id": "ziqSddsuyoGjXRoXGXGzghmmnPc=", + "similarityId": -870611404, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 68, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 81, + "methodLine": 81, + "name": "Exception", + "domType": "TypeRef", + "method": "authenticationManager" + } + ], + "foundDate": { + "seconds": 1663153611 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "l5+7gf2OkETSW6wXy5OxKd35jxw=", + "similarityId": 991567232, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 61, + "fileName": "/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java", + "fullName": "Exception", + "length": 9, + "line": 38, + "methodLine": 38, + "name": "Exception", + "domType": "TypeRef", + "method": "readObject" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "YtDx7/wH/XTzbeJg+TEEXyGXVdA=", + "similarityId": 1357363680, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 112, + "fileName": "/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", + "fullName": "Exception", + "length": 9, + "line": 52, + "methodLine": 52, + "name": "Exception", + "domType": "TypeRef", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "oOoLf8l/l6ldYoqsYIxxF/4DTjI=", + "similarityId": 29820160, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 109, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java", + "fullName": "Exception", + "length": 9, + "line": 84, + "methodLine": 84, + "name": "Exception", + "domType": "TypeRef", + "method": "setDebuggingStatus" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "HpGvwwPjs8vd5jvCYbUS8LsFdSc=", + "similarityId": 706339008, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 77, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonConnectionInvocationHandler.java", + "fullName": "Throwable", + "length": 9, + "line": 24, + "methodLine": 24, + "name": "Throwable", + "domType": "TypeRef", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "mUSlxtB436MoR66bYYLQ9Sf4I1U=", + "similarityId": -870611404, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 68, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 91, + "methodLine": 91, + "name": "Exception", + "domType": "TypeRef", + "method": "authenticationManager" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "obqpECqaEr6VTicidepuPSnSD4I=", + "similarityId": 2137785708, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 63, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 85, + "methodLine": 85, + "name": "Exception", + "domType": "TypeRef", + "method": "userDetailsServiceBean" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "vbJXUM65Id1k8zqRWN1RztXRKcw=", + "similarityId": -765678742, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 75, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 79, + "methodLine": 79, + "name": "Exception", + "domType": "TypeRef", + "method": "configureGlobal" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "gfmD15B1qMdSCrDj2XXfcVatE+o=", + "similarityId": 1684706530, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 56, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java", + "fullName": "Exception", + "length": 9, + "line": 58, + "methodLine": 58, + "name": "Exception", + "domType": "TypeRef", + "method": "configure" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "mCoj/4U0JxS1994Wx1wVBbHf1Dk=", + "similarityId": -1031631314, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 88, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "Exception", + "length": 9, + "line": 97, + "methodLine": 97, + "name": "Exception", + "domType": "TypeRef", + "method": "downloadFileFromURL" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Detection_of_Error_Condition_Without_Action", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 4, + "vulnerabilities": [ + { + "id": "y4gfcmHA1YRwyKNVoZJINXyxNYw=", + "similarityId": 661124379, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 390, + "confidenceLevel": 100, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java", + "fullName": "catch", + "length": 5, + "line": 22, + "methodLine": 19, + "name": "catch", + "domType": "Catch", + "method": "CxStaticBlock1" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "MxV4LMTuieb8qaOUu6PWv7J5cFo=", + "similarityId": -1643363301, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 390, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "catch", + "length": 5, + "line": 58, + "methodLine": 52, + "name": "catch", + "domType": "Catch", + "method": "createUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "I5utMOPMDUl1GkTNvh142o8oibE=", + "similarityId": 1325065275, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 390, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java", + "fullName": "catch", + "length": 5, + "line": 97, + "methodLine": 92, + "name": "catch", + "domType": "Catch", + "method": "fakeClickingLinkEmail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "ERZrg3H/7IMNCUv7nNSsJgjyOro=", + "similarityId": -344791333, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 390, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 19, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "catch", + "length": 5, + "line": 71, + "methodLine": 48, + "name": "catch", + "domType": "Catch", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Declaration_Of_Catch_For_Generic_Exception", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 40, + "vulnerabilities": [ + { + "id": "4BMV3s78t3xmqVXfHLiXNRui/oM=", + "similarityId": 761160253, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 100, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java", + "fullName": "catch", + "length": 5, + "line": 27, + "methodLine": 18, + "name": "catch", + "domType": "Catch", + "method": "testSigningAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "+S7LBI7lziJfqs8HGd0n9ykWZxQ=", + "similarityId": 2132813289, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 100, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java", + "fullName": "catch", + "length": 5, + "line": 53, + "methodLine": 29, + "name": "catch", + "domType": "Catch", + "method": "setUpAndLogin" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "q20d5z8CIxIZBdfWoYpRowbklgc=", + "similarityId": -1479848747, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 100, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java", + "fullName": "catch", + "length": 5, + "line": 22, + "methodLine": 19, + "name": "catch", + "domType": "Catch", + "method": "CxStaticBlock1" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "23JrO0ZFhk0x5ee6zGYbEckjgqU=", + "similarityId": 666673285, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 100, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java", + "fullName": "catch", + "length": 5, + "line": 46, + "methodLine": 42, + "name": "catch", + "domType": "Catch", + "method": "Lambda" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "psCZ26w+niDLG+SG8EBb/fLg1NY=", + "similarityId": 315391157, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 100, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java", + "fullName": "catch", + "length": 5, + "line": 41, + "methodLine": 25, + "name": "catch", + "domType": "Catch", + "method": "runTests" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1660129367 + } + }, + { + "id": "T9Au5MPzIHDG40CfMRaCuT/+7is=", + "similarityId": -1541807747, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java", + "fullName": "catch", + "length": 5, + "line": 82, + "methodLine": 69, + "name": "catch", + "domType": "Catch", + "method": "createNewComment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "BL6tha8+aNi4KvAP+4MTkRras/s=", + "similarityId": 1569588501, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java", + "fullName": "catch", + "length": 5, + "line": 79, + "methodLine": 59, + "name": "catch", + "domType": "Catch", + "method": "createNewUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "ay6Rgda08chUIDnrInnxZoTvaFM=", + "similarityId": -1149055435, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java", + "fullName": "catch", + "length": 5, + "line": 95, + "methodLine": 79, + "name": "catch", + "domType": "Catch", + "method": "addComment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "0ZbiBUeEB8ZAP/CfSXmFcR5++mU=", + "similarityId": 291543441, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java", + "fullName": "catch", + "length": 5, + "line": 64, + "methodLine": 41, + "name": "catch", + "domType": "Catch", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "VqiknRiz6VxFaIqyfJEL1Z8+knI=", + "similarityId": -1092907851, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java", + "fullName": "catch", + "length": 5, + "line": 53, + "methodLine": 41, + "name": "catch", + "domType": "Catch", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "6DEp1B8R30Mf6De28454GzmEukk=", + "similarityId": -1000894073, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java", + "fullName": "catch", + "length": 5, + "line": 67, + "methodLine": 44, + "name": "catch", + "domType": "Catch", + "method": "stealTheCheese" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "+v3I/A3afoLZDeAT0qp/coKf26o=", + "similarityId": 806588341, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java", + "fullName": "catch", + "length": 5, + "line": 111, + "methodLine": 106, + "name": "catch", + "domType": "Catch", + "method": "getJavaFileContentsAsString" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "oyj1dFxiAkBq8VhCLPIaeI2cDsY=", + "similarityId": 1859096501, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java", + "fullName": "catch", + "length": 5, + "line": 89, + "methodLine": 53, + "name": "catch", + "domType": "Catch", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "4mbph72v+h+isgD4dTSqRMxIYNA=", + "similarityId": -559150033, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java", + "fullName": "catch", + "length": 5, + "line": 83, + "methodLine": 59, + "name": "catch", + "domType": "Catch", + "method": "injectableQueryIntegrity" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "bgWbNQTPqN0Pm5xfAlKUYg7R000=", + "similarityId": 1610614907, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java", + "fullName": "catch", + "length": 5, + "line": 92, + "methodLine": 58, + "name": "catch", + "domType": "Catch", + "method": "injectableQueryConfidentiality" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "AdFc37sx2xx8SdGsvkpGmDRBhLU=", + "similarityId": -592332395, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "catch", + "length": 5, + "line": 63, + "methodLine": 55, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "1lpwAyCVyYGoeNJe0kfrFpdL7c4=", + "similarityId": 2021498917, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java", + "fullName": "catch", + "length": 5, + "line": 94, + "methodLine": 55, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "J2oLmAvV2iVp4tCuZT0U32SFTFY=", + "similarityId": -765054357, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java", + "fullName": "catch", + "length": 5, + "line": 83, + "methodLine": 57, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "4W9jxQmBZxVmKdR7+Wdy6Ofx93o=", + "similarityId": -2017603851, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "catch", + "length": 5, + "line": 78, + "methodLine": 69, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "Ih0NFOqLYerMlxFDi/eiM7EUqw0=", + "similarityId": -1277092395, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", + "fullName": "catch", + "length": 5, + "line": 58, + "methodLine": 52, + "name": "catch", + "domType": "Catch", + "method": "createUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "iSiaujjACmaRob4/6e6b5up36do=", + "similarityId": 1609101717, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java", + "fullName": "catch", + "length": 5, + "line": 77, + "methodLine": 60, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "UcoGyaapuhnQzNxhF6zDIvvG6P4=", + "similarityId": 940839989, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java", + "fullName": "catch", + "length": 5, + "line": 81, + "methodLine": 60, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "deM4W1eu1KvXyG/YscoLpd7Cd0E=", + "similarityId": 441603349, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java", + "fullName": "catch", + "length": 5, + "line": 84, + "methodLine": 56, + "name": "catch", + "domType": "Catch", + "method": "injectableQueryAvailability" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "NkbCjSOo83BxHPwZ34g8fLTlnxk=", + "similarityId": -1747000999, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java", + "fullName": "catch", + "length": 5, + "line": 76, + "methodLine": 60, + "name": "catch", + "domType": "Catch", + "method": "getPassword" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "YDUL1+CKPddLTMKti9m3umHIWbA=", + "similarityId": 233690965, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java", + "fullName": "catch", + "length": 5, + "line": 94, + "methodLine": 56, + "name": "catch", + "domType": "Catch", + "method": "injectableQuery" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "XkKonxLCNTzc2q2fx0lkmsR0z5M=", + "similarityId": 549637205, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "catch", + "length": 5, + "line": 102, + "methodLine": 79, + "name": "catch", + "domType": "Catch", + "method": "getProfilePicture" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "xHZWKj74OXCVjh0y67/GJMV/vqw=", + "similarityId": -266819531, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java", + "fullName": "catch", + "length": 5, + "line": 56, + "methodLine": 52, + "name": "catch", + "domType": "Catch", + "method": "initAssignment" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "taNa4wBZaXCfkujGiFLa56GAPZk=", + "similarityId": -1735525963, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java", + "fullName": "catch", + "length": 5, + "line": 97, + "methodLine": 92, + "name": "catch", + "domType": "Catch", + "method": "fakeClickingLinkEmail" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "huLVEz4Treb4Wlxt3n2AbbanK0A=", + "similarityId": 1817731701, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 19, + "fileName": "/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java", + "fullName": "catch", + "length": 5, + "line": 73, + "methodLine": 62, + "name": "catch", + "domType": "Catch", + "method": "sendPasswordResetLink" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "F/L9OwH+5M/BRtyl7mlQCFyzKIA=", + "similarityId": 1206493141, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java", + "fullName": "catch", + "length": 5, + "line": 104, + "methodLine": 48, + "name": "catch", + "domType": "Catch", + "method": "getUsers" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "ojKGoAzMQ77TPi9YkMYXPFVlLXI=", + "similarityId": 1718019765, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java", + "fullName": "catch", + "length": 5, + "line": 88, + "methodLine": 84, + "name": "catch", + "domType": "Catch", + "method": "addUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "YIz9dfNwS2PnEk1hzSyFBS+NDFg=", + "similarityId": -1262538805, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "catch", + "length": 5, + "line": 55, + "methodLine": 43, + "name": "catch", + "domType": "Catch", + "method": "DisplayUser" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "uAP2d03av80lT16BF97IPwXh/WY=", + "similarityId": 914253461, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java", + "fullName": "catch", + "length": 5, + "line": 91, + "methodLine": 76, + "name": "catch", + "domType": "Catch", + "method": "login" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "3cK3cF3ZNw3BSA2LosXTj/aeoFE=", + "similarityId": -1701192743, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java", + "fullName": "catch", + "length": 5, + "line": 62, + "methodLine": 45, + "name": "catch", + "domType": "Catch", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "4FPUYn+OENN/HHVyq/POz0So5ms=", + "similarityId": 1066009109, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 10, + "fileName": "/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java", + "fullName": "catch", + "length": 5, + "line": 60, + "methodLine": 45, + "name": "catch", + "domType": "Catch", + "method": "invoke" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "Q0pVov2lBg+o4FpHiVSSEXEa5YY=", + "similarityId": 738918421, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java", + "fullName": "catch", + "length": 5, + "line": 93, + "methodLine": 71, + "name": "catch", + "domType": "Catch", + "method": "verifyMessage" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "+OxCU0mjDUY4eQMBDkrGMZSTP9U=", + "similarityId": -173024395, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 5, + "fileName": "/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java", + "fullName": "catch", + "length": 5, + "line": 63, + "methodLine": 48, + "name": "catch", + "domType": "Catch", + "method": "signMessage" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "u0xg4KlYjJh6pCZleOYlMXmAH2c=", + "similarityId": -316512363, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java", + "fullName": "catch", + "length": 5, + "line": 74, + "methodLine": 44, + "name": "catch", + "domType": "Catch", + "method": "completed" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "VQht+iahQcsxTRqP5QfOOVuv7z4=", + "similarityId": -290853739, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java", + "fullName": "catch", + "length": 5, + "line": 67, + "methodLine": 54, + "name": "catch", + "domType": "Catch", + "method": "refreshProperties" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + }, + { + "id": "PW9nolfKjEcGrHsn/zpYqjq8i2E=", + "similarityId": 83904787, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 396, + "confidenceLevel": 0, + "compliance": [ + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53", + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 11, + "fileName": "/.mvn/wrapper/MavenWrapperDownloader.java", + "fullName": "catch", + "length": 5, + "line": 90, + "methodLine": 48, + "name": "catch", + "domType": "Catch", + "method": "main" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Declaration_of_Throws_for_Generic_Exception", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "5OJ36wRmyrebMBUL1bxuhPAPbsQ=", + "similarityId": -150719616, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 397, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1", + "ASD STIG 4.10", + "FISMA 2014", + "NIST SP 800-53" + ], + "firstScanId": "", + "nodes": [ + { + "column": 75, + "fileName": "/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java", + "fullName": "Exception", + "length": 9, + "line": 62, + "methodLine": 62, + "name": "Exception", + "domType": "TypeRef", + "method": "genUserHash" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + }, + { + "queryName": "Detection_of_Error_Condition_Without_Action", + "queryId": "", + "description": "", + "vulnerabilitiesTotal": 1, + "vulnerabilities": [ + { + "id": "9aeCdjqpfoMcSdqkMQB6yf32rqo=", + "similarityId": -424076037, + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "groupName": "Java_Best_Coding_Practice", + "cweId": 390, + "confidenceLevel": 0, + "compliance": [ + "PCI DSS v3.2.1" + ], + "firstScanId": "", + "nodes": [ + { + "column": 15, + "fileName": "/webwolf/src/main/java/org/owasp/webwolf/jwt/JWTToken.java", + "fullName": "catch", + "length": 5, + "line": 93, + "methodLine": 68, + "name": "catch", + "domType": "Catch", + "method": "encode" + } + ], + "foundDate": { + "seconds": 1663153610 + }, + "firstFoundDate": { + "seconds": 1652192257 + } + } + ] + } + ] + } + ], + "vulnerabilities": { + "total": 669, + "high": 44, + "medium": 35, + "low": 281, + "info": 309 + } + }, + "sca": { + "packagesCount": 117, + "packages": [ + { + "name": "Npm-underscore-1.10.2", + "vulnerabilities": [ + { + "id": "GkVx1zoIKcd1EF72zqWrGzeVTmo=", + "similarityId": "CVE-2021-23358", + "version": "1.10.2", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", + "cveId": "CVE-2021-23358", + "cveName": "CVE-2021-23358", + "cwe": "94", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-ui-1.10.4", + "vulnerabilities": [ + { + "id": "SQeYGoqLuPvE7daCDtZCBKPlxAs=", + "similarityId": "CVE-2021-41184", + "version": "1.10.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0-alpha.1, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0-alpha.1. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.", + "cveId": "CVE-2021-41184", + "cveName": "CVE-2021-41184", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-ui-1.10.4", + "vulnerabilities": [ + { + "id": "NHg4m0NbNDjv8guNuTntNzlL8x8=", + "similarityId": "CVE-2021-41183", + "version": "1.10.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0-alpha.1, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0-alpha.1. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.", + "cveId": "CVE-2021-41183", + "cveName": "CVE-2021-41183", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-ui-1.10.4", + "vulnerabilities": [ + { + "id": "NOXV1o0QbFcvLhxIzNZfMy52Gl4=", + "similarityId": "CVE-2021-41182", + "version": "1.10.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0-alpha.1, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0-alpha.1. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.", + "cveId": "CVE-2021-41182", + "cveName": "CVE-2021-41182", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-ui-1.10.4", + "vulnerabilities": [ + { + "id": "41a87edYYQsM6HcyguvwmMwZW5c=", + "similarityId": "CVE-2016-7103", + "version": "1.10.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0-beta.1 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.", + "cveId": "CVE-2016-7103", + "cveName": "CVE-2016-7103", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-ui-1.10.4", + "vulnerabilities": [ + { + "id": "Xacy6uwmTYMZR0C0ZjiME5YEhrE=", + "similarityId": "CVE-2022-31160", + "version": "1.10.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( \"refresh\" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.", + "cveId": "CVE-2022-31160", + "cveName": "CVE-2022-31160", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "EY7NFSfj2qJV8MBzKzZqjY/MJyo=", + "similarityId": "Cxf0b588a3-5c6f", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "The package `jQuery` before 1.12.0, between 1.12.2 and 2.1.4 and between 2.2.2 and 2.2.4 is vulnerable to `XSS`. The function `jQuery.parseHTML()` in the file `src/core/parseHTML.js` doesn't stop scripts or inline event handlers from being executed immediately, which could result in XSS as the attacker could embed malicious scripts in the HTML (img nodes with embedded src url's which are pre-loaded when the page is requested) which would get executed immediately in the victim's browser even without user's intervention.", + "cveId": "Cxf0b588a3-5c6f", + "cveName": "", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "V1Zltu1FttvzrlYX39Q22/v1xMY=", + "similarityId": "CVE-2020-11022", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In jQuery versions before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", + "cveId": "CVE-2020-11022", + "cveName": "CVE-2020-11022", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "7k8ylXTKMJhn3z4UdGoenydrD3Q=", + "similarityId": "CVE-2019-11358", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", + "cveId": "CVE-2019-11358", + "cveName": "CVE-2019-11358", + "cwe": "1321", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "Nx/6GXaeWR2TJs608uPdUlmXkyE=", + "similarityId": "CVE-2016-10707", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Versions prior to 3.0.0 in jQuery are vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.", + "cveId": "CVE-2016-10707", + "cveName": "CVE-2016-10707", + "cwe": "400", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "eiwQ4JZwtKoF4COuf3KPrm7fnLM=", + "similarityId": "CVE-2015-9251", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery before 3.0.0-beta1 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", + "cveId": "CVE-2015-9251", + "cveName": "CVE-2015-9251", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "5NozyQppmITs2hWjYbAjK3uUcWE=", + "similarityId": "CVE-2014-6071", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery can potentially allow remote attackers to conduct Cross-site scripting (XSS) attacks when using methods such as jQuery(), append() and after(). These methods accept an HTML string and can, by design, execute code. This can be avoided by sanitizing inputs when obtained from untrusted sources.", + "cveId": "CVE-2014-6071", + "cveName": "CVE-2014-6071", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "N3OrhpPirRcV4tbqfNaT1XusG4o=", + "similarityId": "CVE-2007-2379", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\" The package maintainer disputes the validity of this vulnerability.", + "cveId": "CVE-2007-2379", + "cveName": "CVE-2007-2379", + "cwe": "200", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-jquery-2.1.4", + "vulnerabilities": [ + { + "id": "8ippcAx3yRI/Z9r7xIsC3UPZDlk=", + "similarityId": "CVE-2020-11023", + "version": "2.1.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", + "cveId": "CVE-2020-11023", + "cveName": "CVE-2020-11023", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-froala-editor-1.1.7", + "vulnerabilities": [ + { + "id": "EgSquYIZPOVKUeZJaivfeIYPDdY=", + "similarityId": "CVE-2021-30109", + "version": "1.1.7", + "riskLevel": "INFO", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "All versions of Froala Editor are affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.", + "cveId": "CVE-2021-30109", + "cveName": "CVE-2021-30109", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-froala-editor-1.1.7", + "vulnerabilities": [ + { + "id": "tzo9CEYVbvLC8fh+Ri6hRg07Tls=", + "similarityId": "CVE-2020-22864", + "version": "1.1.7", + "riskLevel": "INFO", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor through 4.0.6 allows attackers to execute arbitrary web scripts or HTML.", + "cveId": "CVE-2020-22864", + "cveName": "CVE-2020-22864", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-froala-editor-1.1.7", + "vulnerabilities": [ + { + "id": "8n9kelDOfTEFSmcPMlXUNzwNjKM=", + "similarityId": "CVE-2019-19935", + "version": "1.1.7", + "riskLevel": "INFO", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Froala WYSIWYG HTML Editor before 3.2.3 allows DOM-based XSS. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor content to execute arbitrary JavaScript in the context of the victim's session.", + "cveId": "CVE-2019-19935", + "cveName": "CVE-2019-19935", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-froala-editor-1.1.7", + "vulnerabilities": [ + { + "id": "3vo0vD/DXfj/4NNkVr9MZoNNT40=", + "similarityId": "CVE-2020-26523", + "version": "1.1.7", + "riskLevel": "INFO", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Froala Editor before 3.2.2 allows XSS via pasted content.", + "cveId": "CVE-2020-26523", + "cveName": "CVE-2020-26523", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "VZRMENVGmDDtbMiWmL3kf/xC3ek=", + "similarityId": "CVE-2018-14042", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the data-container property of tooltip.", + "cveId": "CVE-2018-14042", + "cveName": "CVE-2018-14042", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "1oRuL503f6lpqYBElpU6foVel88=", + "similarityId": "CVE-2018-14040", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the collapse data-parent attribute.", + "cveId": "CVE-2018-14040", + "cveName": "CVE-2018-14040", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "ZSsbcgSSE8j0F2qYcO8wleaozMc=", + "similarityId": "CVE-2016-10735", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", + "cveId": "CVE-2016-10735", + "cveName": "CVE-2016-10735", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "Iis4Ttmtd3ptHLWq5o5PXX706Us=", + "similarityId": "CVE-2018-20677", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", + "cveId": "CVE-2018-20677", + "cveName": "CVE-2018-20677", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "XHO2E+ua0bLk6BiXlR5dmtiVRYU=", + "similarityId": "CVE-2019-8331", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.1 and 4.x.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", + "cveId": "CVE-2019-8331", + "cveName": "CVE-2019-8331", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Npm-bootstrap-3.1.1", + "vulnerabilities": [ + { + "id": "+DwYawMYwHxhmy2eGxqzIMgMHR8=", + "similarityId": "CVE-2018-20676", + "version": "3.1.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.", + "cveId": "CVE-2018-20676", + "cveName": "CVE-2018-20676", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.yaml:snakeyaml-1.27", + "vulnerabilities": [ + { + "id": "iG/SdL0pD8bZMYihmtakJHhO/qk=", + "similarityId": "CVE-2022-38752", + "version": "1.27", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. This issue affects versions through 1.32.", + "cveId": "CVE-2022-38752", + "cveName": "CVE-2022-38752", + "cwe": "787", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.yaml:snakeyaml-1.27", + "vulnerabilities": [ + { + "id": "Kv/jKfaFFNsr5crBqVou8Sjtb94=", + "similarityId": "CVE-2022-25857", + "version": "1.27", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "The package org.yaml:snakeyaml before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "cveId": "CVE-2022-25857", + "cveName": "CVE-2022-25857", + "cwe": "400", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.webjars:jquery-3.5.1", + "vulnerabilities": [ + { + "id": "RV58stCf8l6PsX/oulaxPJYv5rk=", + "similarityId": "CVE-2007-2379", + "version": "3.5.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\" The package maintainer disputes the validity of this vulnerability.", + "cveId": "CVE-2007-2379", + "cveName": "CVE-2007-2379", + "cwe": "200", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.webjars:jquery-3.5.1", + "vulnerabilities": [ + { + "id": "kqshcV5Z5/nOpDRtGXdmUITitrE=", + "similarityId": "CVE-2014-6071", + "version": "3.5.1", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jQuery can potentially allow remote attackers to conduct Cross-site scripting (XSS) attacks when using methods such as jQuery(), append() and after(). These methods accept an HTML string and can, by design, execute code. This can be avoided by sanitizing inputs when obtained from untrusted sources.", + "cveId": "CVE-2014-6071", + "cveName": "CVE-2014-6071", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.webjars:bootstrap-3.3.7", + "vulnerabilities": [ + { + "id": "JZBnOtwSzDZotKR7NpxsGRRMVzA=", + "similarityId": "CVE-2018-14042", + "version": "3.3.7", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the data-container property of tooltip.", + "cveId": "CVE-2018-14042", + "cveName": "CVE-2018-14042", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.webjars:bootstrap-3.3.7", + "vulnerabilities": [ + { + "id": "ZrBqj4TS3lhqBLVCRstGpEFYHpo=", + "similarityId": "CVE-2018-14040", + "version": "3.3.7", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the collapse data-parent attribute.", + "cveId": "CVE-2018-14040", + "cveName": "CVE-2018-14040", + "cwe": "79", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.thymeleaf:thymeleaf-spring5-3.0.12.RELEASE", + "vulnerabilities": [ + { + "id": "j3NHb6N+nDOzpTwbwpQT/Bdi2ro=", + "similarityId": "CVE-2021-43466", + "version": "3.0.12.RELEASE", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In the thymeleaf-spring3:3.0.12, thymeleaf-spring4:3.0.12, thymeleaf-spring5:3.0.12 components, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.", + "cveId": "CVE-2021-43466", + "cveName": "CVE-2021-43466", + "cwe": "94", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-web-5.3.4", + "vulnerabilities": [ + { + "id": "DB8KZF919ObIQyKHfKt2ctG5H+E=", + "similarityId": "CVE-2021-22118", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework, versions 5.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.", + "cveId": "CVE-2021-22118", + "cveName": "CVE-2021-22118", + "cwe": "269", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-expression-5.3.4", + "vulnerabilities": [ + { + "id": "usN/T+kuUopDEOzxbHpyfgU/bYo=", + "similarityId": "CVE-2022-22950", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.3.0 through 5.3.16, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", + "cveId": "CVE-2022-22950", + "cveName": "CVE-2022-22950", + "cwe": "770", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-core-5.3.4", + "vulnerabilities": [ + { + "id": "KZ96fwvMmIBYKKTxlY035ypjweE=", + "similarityId": "CVE-2022-22970", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.2.0 through 5.2.21, 5.3.0 through 5.3.19, and older unsupported versions, applications that handle file uploads are vulnerable to DoS attacks if they rely on data binding to set a \"MultipartFile\" or \"javax.servlet.Part\" to a \"field\" in a model object.", + "cveId": "CVE-2022-22970", + "cveName": "CVE-2022-22970", + "cwe": "400", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-core-5.3.4", + "vulnerabilities": [ + { + "id": "h3TKfQQDt+IaQxLEfQqVkDixJSg=", + "similarityId": "CVE-2022-22950", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.3.0 through 5.3.16, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.", + "cveId": "CVE-2022-22950", + "cveName": "CVE-2022-22950", + "cwe": "770", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-core-5.3.4", + "vulnerabilities": [ + { + "id": "ypUeyFwMkgWRtY8hYnDIeRJ8sxo=", + "similarityId": "CVE-2021-22096", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.3.0 through 5.3.11, 5.2.0 through 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.", + "cveId": "CVE-2021-22096", + "cveName": "CVE-2021-22096", + "cwe": "117", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-core-5.3.4", + "vulnerabilities": [ + { + "id": "JaLOtGtGA3PA7oHuOGZDp4gl6Ss=", + "similarityId": "CVE-2021-22060", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.2.x before 5.2.19.RELEASE, 5.3.x before 5.3.14 and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", + "cveId": "CVE-2021-22060", + "cveName": "CVE-2021-22060", + "cwe": "117", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-core-5.3.4", + "vulnerabilities": [ + { + "id": "5Mpq0bJG/l0802SnlaGr2QHJW2E=", + "similarityId": "CVE-2022-22971", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.2.0 through 5.2.21, 5.3.0 through 5.3.19, and older unsupported versions, application with a \"STOMP\" over \"WebSocket\" endpoint is vulnerable to a Denial of Service attack by an authenticated user.", + "cveId": "CVE-2022-22971", + "cveName": "CVE-2022-22971", + "cwe": "400", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-context-5.3.4", + "vulnerabilities": [ + { + "id": "xL5qXM7NZEsVsTEGV08k4athXNI=", + "similarityId": "CVE-2022-22968", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions before 5.2.2.RELEASE, and 5.3.0 through 5.3.18, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", + "cveId": "CVE-2022-22968", + "cveName": "CVE-2022-22968", + "cwe": "178", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-beans-5.3.4", + "vulnerabilities": [ + { + "id": "u6gTXKT9C4n4rtqnMVNBYsCU1Vo=", + "similarityId": "CVE-2022-22965", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "spring or spring-beans running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. This was fixed in versions 5.2.20 and 5.3.18.", + "cveId": "CVE-2022-22965", + "cveName": "CVE-2022-22965", + "cwe": "94", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework:spring-beans-5.3.4", + "vulnerabilities": [ + { + "id": "GKSnswag6zTk592hPDC4AjvjVo0=", + "similarityId": "CVE-2022-22970", + "version": "5.3.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Framework versions 5.2.0 through 5.2.21, 5.3.0 through 5.3.19, and older unsupported versions, applications that handle file uploads are vulnerable to DoS attacks if they rely on data binding to set a \"MultipartFile\" or \"javax.servlet.Part\" to a \"field\" in a model object.", + "cveId": "CVE-2022-22970", + "cveName": "CVE-2022-22970", + "cwe": "400", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework.security:spring-security-web-5.4.5", + "vulnerabilities": [ + { + "id": "FWgbDWG1dQAPOzl6tGtYWNixUc8=", + "similarityId": "CVE-2022-22978", + "version": "5.4.5", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Spring Security versions before 5.5.7, and 5.6.x before 5.6.4, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.", + "cveId": "CVE-2022-22978", + "cveName": "CVE-2022-22978", + "cwe": "863", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.springframework.security:spring-security-core-5.4.5", + "vulnerabilities": [ + { + "id": "io7XZZeV3Q/LbL/uq4VHwlOT+Ik=", + "similarityId": "CVE-2022-22976", + "version": "5.4.5", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.", + "cveId": "CVE-2022-22976", + "cveName": "CVE-2022-22976", + "cwe": "190", + "foundDate": "2022-09-14T11:02:28Z", + "firstFoundDate": "2022-05-06T10:47:54Z" + } + ] + }, + { + "name": "Maven-org.postgresql:postgresql-42.2.18", + "vulnerabilities": [ + { + "id": "d4JZTZLy2FKySt9PAjKIstBuc1g=", + "similarityId": "Cx06bea32e-26f2", + "version": "42.2.18", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "An arbitrary file write vulnerability in postgresql from 42.1.0 through 42.3.2 can lead to remote code execution when specifying an arbitrary filename in the loggerFileName connection parameter.", + "cveId": "Cx06bea32e-26f2", + "cveName": "", + "cwe": "94", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.postgresql:postgresql-42.2.18", + "vulnerabilities": [ + { + "id": "FUgJ0UXu7t6hZ/nbWG7elzaOFu0=", + "similarityId": "CVE-2022-26520", + "version": "42.2.18", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.", + "cveId": "CVE-2022-26520", + "cveName": "CVE-2022-26520", + "cwe": "94", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.postgresql:postgresql-42.2.18", + "vulnerabilities": [ + { + "id": "xcRsbm9yGSyAgmBZToRo0Hb14Mk=", + "similarityId": "CVE-2022-21724", + "version": "42.2.18", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. This vulnerability affects versions 9.4.1208 prior to 42.2.25 and 42.3.x prior to 42.3.2.", + "cveId": "CVE-2022-21724", + "cveName": "CVE-2022-21724", + "cwe": "668", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.postgresql:postgresql-42.2.18", + "vulnerabilities": [ + { + "id": "PKHNtAUo/BmsGSVIlIaACrDvACU=", + "similarityId": "CVE-2022-31197", + "version": "42.2.18", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "PostgreSQL JDBC Driver (PgJDBC for short) 42.2.x prior to 42.2.26, 42.3.x, and 42.4.x prior to 42.4.1 allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method is impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.", + "cveId": "CVE-2022-31197", + "cveName": "CVE-2022-31197", + "cwe": "89", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.jsoup:jsoup-1.14.2", + "vulnerabilities": [ + { + "id": "DwkyGgeBagSK/bxKhHXHMwcOQbw=", + "similarityId": "CVE-2022-36033", + "version": "1.14.2", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue affects versions before 1.15.3.", + "cveId": "CVE-2022-36033", + "cveName": "CVE-2022-36033", + "cwe": "79", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.jsoup:jsoup-1.13.1", + "vulnerabilities": [ + { + "id": "3wHQSzuH/SFYNMXusUIXUfjtXhc=", + "similarityId": "CVE-2021-37714", + "version": "1.13.1", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.", + "cveId": "CVE-2021-37714", + "cveName": "CVE-2021-37714", + "cwe": "248", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.jsoup:jsoup-1.13.1", + "vulnerabilities": [ + { + "id": "EPKGPP+N5IcV25DZ1uLVdwjDxJs=", + "similarityId": "CVE-2022-36033", + "version": "1.13.1", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue affects versions before 1.15.3.", + "cveId": "CVE-2022-36033", + "cveName": "CVE-2022-36033", + "cwe": "79", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.jboss.xnio:xnio-nio-3.8.0.Final", + "vulnerabilities": [ + { + "id": "IdEfKP3PsMGsxwo7YgA/6uOJTPw=", + "similarityId": "CVE-2020-14340", + "version": "3.8.0.Final", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XNIO prior to 3.7.9.Final and 3.8.0.Final through 3.8.1.Final has a file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. This may allow an attacker to cause a denial of service.", + "cveId": "CVE-2020-14340", + "cveName": "CVE-2020-14340", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.jboss.xnio:xnio-api-3.8.0.Final", + "vulnerabilities": [ + { + "id": "F3a7KNzxFSO29ld3gnFxD/p1B68=", + "similarityId": "CVE-2022-0084", + "version": "3.8.0.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", + "cveId": "CVE-2022-0084", + "cveName": "CVE-2022-0084", + "cwe": "770", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.glassfish:jakarta.el-3.0.3", + "vulnerabilities": [ + { + "id": "W34XexuGW4XOmY70YARrgNJHAY8=", + "similarityId": "CVE-2021-28170", + "version": "3.0.3", + "riskLevel": "HIGH", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In the Jakarta Expression Language implementation before 3.0.4 and 4.0.x before 4.0.2, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.", + "cveId": "CVE-2021-28170", + "cveName": "CVE-2021-28170", + "cwe": "917", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-servlets-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "qQFCaDMWJOC2/YfTu0TcNig79UI=", + "similarityId": "CVE-2021-28169", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", + "cveId": "CVE-2021-28169", + "cveName": "CVE-2021-28169", + "cwe": "200", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "hBmb4zr/Uc2xSD/4OzTUcjmHAI0=", + "similarityId": "CVE-2022-2047", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty versions through 9.4.46, 10.0.x through 10.0.9, and 11.0.x through 11.0.9, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", + "cveId": "CVE-2022-2047", + "cveName": "CVE-2022-2047", + "cwe": "20", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "vUrfMgWDhRKjM9pZ2GTzBfiFPb0=", + "similarityId": "CVE-2021-34428", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.", + "cveId": "CVE-2021-34428", + "cveName": "CVE-2021-34428", + "cwe": "613", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "rKIsoE2KDyny7TTO0YAs/rYzR9c=", + "similarityId": "CVE-2021-28169", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", + "cveId": "CVE-2021-28169", + "cveName": "CVE-2021-28169", + "cwe": "200", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-proxy-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "7DJc2F5NyQYe21Gce9aBC4mHd+M=", + "similarityId": "CVE-2022-2047", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty versions through 9.4.46, 10.0.x through 10.0.9, and 11.0.x through 11.0.9, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", + "cveId": "CVE-2022-2047", + "cveName": "CVE-2022-2047", + "cwe": "20", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-io-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "2R3Pc7nCML/6DxsNdL2zKd/JtM8=", + "similarityId": "CVE-2021-28165", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty from 7.2.2.v20101205 to 9.4.38.v20210224, 10.0.X before 10.0.2 and 11.0.X before 11.0.2, CPU usage can reach 100% upon receiving a large invalid TLS frame.", + "cveId": "CVE-2021-28165", + "cveName": "CVE-2021-28165", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-http-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "ySmYhH8aCRNdaYoIYp1v9MIO1Ho=", + "similarityId": "CVE-2022-2047", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty versions through 9.4.46, 10.0.x through 10.0.9, and 11.0.x through 11.0.9, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", + "cveId": "CVE-2022-2047", + "cveName": "CVE-2022-2047", + "cwe": "20", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-http-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "bni15BwV66TCEQD4iMku+dzMPA8=", + "similarityId": "CVE-2020-27223", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", + "cveId": "CVE-2020-27223", + "cveName": "CVE-2020-27223", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-http-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "DHT3E3yvmpc4MoWFUkaoUoA4uOg=", + "similarityId": "CVE-2021-28169", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.", + "cveId": "CVE-2021-28169", + "cveName": "CVE-2021-28169", + "cwe": "200", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.eclipse.jetty:jetty-client-9.4.36.v20210114", + "vulnerabilities": [ + { + "id": "J9RTz0ldR68ummGiRAVR1/Lwf0w=", + "similarityId": "CVE-2022-2047", + "version": "9.4.36.v20210114", + "riskLevel": "MEDIUM", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Eclipse Jetty versions through 9.4.46, 10.0.x through 10.0.9, and 11.0.x through 11.0.9, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", + "cveId": "CVE-2022-2047", + "cveName": "CVE-2022-2047", + "cwe": "20", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.apache.commons:commons-compress-1.20", + "vulnerabilities": [ + { + "id": "6/zzxJgyoxlUpIQ+3lGDHZXF63Q=", + "similarityId": "CVE-2021-35516", + "version": "1.20", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "When reading a specially crafted 7Z archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.", + "cveId": "CVE-2021-35516", + "cveName": "CVE-2021-35516", + "cwe": "130", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.apache.commons:commons-compress-1.20", + "vulnerabilities": [ + { + "id": "pYYTtIbX/XWgO+JvKXmHCANKLUM=", + "similarityId": "CVE-2021-35515", + "version": "1.20", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "When reading a specially crafted 7Z archive before 1.21, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.", + "cveId": "CVE-2021-35515", + "cveName": "CVE-2021-35515", + "cwe": "834", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.apache.commons:commons-compress-1.20", + "vulnerabilities": [ + { + "id": "2Cx0nN3h1fwHd/jIkayt53o6aOw=", + "similarityId": "CVE-2021-35517", + "version": "1.20", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "When reading a specially crafted TAR archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.", + "cveId": "CVE-2021-35517", + "cveName": "CVE-2021-35517", + "cwe": "130", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-org.apache.commons:commons-compress-1.20", + "vulnerabilities": [ + { + "id": "q52a9g0ae1NoOHInc7671wvsvNQ=", + "similarityId": "CVE-2021-36090", + "version": "1.20", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "When reading a specially crafted ZIP archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.", + "cveId": "CVE-2021-36090", + "cveName": "CVE-2021-36090", + "cwe": "130", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-net.minidev:json-smart-2.3", + "vulnerabilities": [ + { + "id": "EO0hY6vjwevXNzGK4pdtX4+8A30=", + "similarityId": "CVE-2021-31684", + "version": "2.3", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.x versions prior to 2.4.4 which causes a denial of service (DOS) via a crafted web request.", + "cveId": "CVE-2021-31684", + "cveName": "CVE-2021-31684", + "cwe": "787", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-net.minidev:json-smart-2.3", + "vulnerabilities": [ + { + "id": "tlTBwAiFyT8TuAnpPT/mAPgtOVM=", + "similarityId": "CVE-2021-27568", + "version": "2.3", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "An issue was discovered in netplex json-smart-v1 before 1.3.2 and json-smart-v2 before 2.3.1. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.", + "cveId": "CVE-2021-27568", + "cveName": "CVE-2021-27568", + "cwe": "754", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-websockets-jsr-2.2.4.Final", + "vulnerabilities": [ + { + "id": "v2T9iNJgFU34IgLAyL9MGw3MEgU=", + "similarityId": "CVE-2021-3690", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Buffer leak on incoming WebSocket PONG message(s) in Undertow prior to 2.0.40.Final and 2.1.x prior to 2.2.10.Final can lead to memory exhaustion and allow a denial of service.", + "cveId": "CVE-2021-3690", + "cveName": "CVE-2021-3690", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-core-2.2.4.Final", + "vulnerabilities": [ + { + "id": "cJZ+fIdtVckTlePRd3SYsbHLS4U=", + "similarityId": "CVE-2022-2053", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This issue affects Undertow through 2.2.18.Final and 2.3.0.Alpha1.", + "cveId": "CVE-2022-2053", + "cveName": "CVE-2022-2053", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-core-2.2.4.Final", + "vulnerabilities": [ + { + "id": "a9/tfc9ULFRQHxZR0siY6jHu+R0=", + "similarityId": "CVE-2021-3859", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Undertow versions prior to 2.2.15 Final, client side invocation timeout raised when calling over HTTP2. This vulnerability allows an attacker to carry out a Denial of Service (DoS) attack.", + "cveId": "CVE-2021-3859", + "cveName": "CVE-2021-3859", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-core-2.2.4.Final", + "vulnerabilities": [ + { + "id": "QdeccAfjc8Ctk0PINkrG0uh07C4=", + "similarityId": "CVE-2021-3629", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions through 2.0.39.Final and 2.1.0.Final through 2.2.10.Final.", + "cveId": "CVE-2021-3629", + "cveName": "CVE-2021-3629", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-core-2.2.4.Final", + "vulnerabilities": [ + { + "id": "LiAerlHlDz87Hy0Dsx52aVWCZNk=", + "similarityId": "CVE-2021-3597", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A flaw was found in Undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions through 2.0.38.Final and 2.1.0.Final through 2.2.8.Final.", + "cveId": "CVE-2021-3597", + "cveName": "CVE-2021-3597", + "cwe": "362", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-io.undertow:undertow-core-2.2.4.Final", + "vulnerabilities": [ + { + "id": "33DVTB5MVSfG2wbwOaK8WHgzeIo=", + "similarityId": "CVE-2021-3690", + "version": "2.2.4.Final", + "riskLevel": "LOW", + "severity": "INFO", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Buffer leak on incoming WebSocket PONG message(s) in Undertow prior to 2.0.40.Final and 2.1.x prior to 2.2.10.Final can lead to memory exhaustion and allow a denial of service.", + "cveId": "CVE-2021-3690", + "cveName": "CVE-2021-3690", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "7wDFkqZLF6LDh8T9/rJ3fRPNS58=", + "similarityId": "CVE-2021-21344", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21344", + "cveName": "CVE-2021-21344", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Sd6An7tN+J0pIsgEq/TW3G3Wmzk=", + "similarityId": "CVE-2021-21343", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21343", + "cveName": "CVE-2021-21343", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "IG3smqTViJjXUvN0m7iRd1PcybY=", + "similarityId": "CVE-2021-21342", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21342", + "cveName": "CVE-2021-21342", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "0nGodSjoOrNmeymidonaDegi2K0=", + "similarityId": "CVE-2021-21341", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21341", + "cveName": "CVE-2021-21341", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "iyAAkML0BwZUntbtU/d9MVrOutI=", + "similarityId": "CVE-2020-26258", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", + "cveId": "CVE-2020-26258", + "cveName": "CVE-2020-26258", + "cwe": "918", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Vuie7+s8mNFNL3j3g98qRDdU5Dg=", + "similarityId": "CVE-2020-26217", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14, and patched in versions 1.4.14-jdk7 and 1.4.14-java7.", + "cveId": "CVE-2020-26217", + "cveName": "CVE-2020-26217", + "cwe": "78", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "bI4IlYhczYYExop1eCbo67x0iTE=", + "similarityId": "CVE-2017-7957", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"\u003cvoid/\u003e\") call.", + "cveId": "CVE-2017-7957", + "cveName": "CVE-2017-7957", + "cwe": "20", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "hyy2v19ZopYbCT4lasUrjhdV9qY=", + "similarityId": "CVE-2016-3674", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.", + "cveId": "CVE-2016-3674", + "cveName": "CVE-2016-3674", + "cwe": "200", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "OhxyC5qODbw/UsSPveWE3q11aM8=", + "similarityId": "CVE-2013-7285", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Xstream API versions up to 1.4.6, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.", + "cveId": "CVE-2013-7285", + "cveName": "CVE-2013-7285", + "cwe": "77", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "KNAyU2m1Ii816odvB1fWFTiZ6b4=", + "similarityId": "CVE-2020-26259", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary known files on the host as long as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", + "cveId": "CVE-2020-26259", + "cveName": "CVE-2020-26259", + "cwe": "78", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "4ThK5cWUGU++slYq6aIS5i0cFFs=", + "similarityId": "CVE-2021-43859", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.", + "cveId": "CVE-2021-43859", + "cveName": "CVE-2021-43859", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "va+bDVWqRUUVcJIfknFe7Wcjl/Y=", + "similarityId": "CVE-2021-39154", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39154", + "cveName": "CVE-2021-39154", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "I1WxskM3y89TCbqrpUv0cd8nNRE=", + "similarityId": "CVE-2021-39153", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39153", + "cveName": "CVE-2021-39153", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "l3C0HriBfv6sImgVmN2Tc+fFJds=", + "similarityId": "CVE-2021-39152", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.", + "cveId": "CVE-2021-39152", + "cveName": "CVE-2021-39152", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "eawIpl35YmZAzJOalKV/UgLLh1g=", + "similarityId": "CVE-2021-39151", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39151", + "cveName": "CVE-2021-39151", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Wa/JI50YDqKBG7oPcF1vXaw8vmY=", + "similarityId": "CVE-2021-39150", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.", + "cveId": "CVE-2021-39150", + "cveName": "CVE-2021-39150", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "gacNZENwtq37vu5G2430n4KnucI=", + "similarityId": "CVE-2021-39149", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39149", + "cveName": "CVE-2021-39149", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "ExMmFfnOZYUdlJ1GMvhgAzwgBD0=", + "similarityId": "CVE-2021-39148", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39148", + "cveName": "CVE-2021-39148", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Br1VAq4i8dwmn/HNvhElh8j7mko=", + "similarityId": "CVE-2021-39147", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39147", + "cveName": "CVE-2021-39147", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "xo+U6dkUtppknNjXpHC7OpATSUI=", + "similarityId": "CVE-2021-39146", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39146", + "cveName": "CVE-2021-39146", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "6gWnVM0yb+CSgTwLwloSmudWJA4=", + "similarityId": "CVE-2021-39145", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39145", + "cveName": "CVE-2021-39145", + "cwe": "434", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "f5TKMNJyfeUPTBVlJcSSeuuK8Og=", + "similarityId": "CVE-2021-39144", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39144", + "cveName": "CVE-2021-39144", + "cwe": "94", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "gNeNKfeC4DLuvUnayJdNYRLPoOA=", + "similarityId": "CVE-2021-39141", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39141", + "cveName": "CVE-2021-39141", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Nn2rwneHvLit2+Nbz6h9rHFVOPs=", + "similarityId": "CVE-2021-39140", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39140", + "cveName": "CVE-2021-39140", + "cwe": "835", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "Bj3hviN3+aTLTaiU8lbs27UKzsA=", + "similarityId": "CVE-2021-39139", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.", + "cveId": "CVE-2021-39139", + "cveName": "CVE-2021-39139", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "4seMZrha9aARZ6wAeTY6SNJuUPU=", + "similarityId": "CVE-2021-21351", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21351", + "cveName": "CVE-2021-21351", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "g5CJcSNFuGyJOa+fv/+GMXlQlwc=", + "similarityId": "CVE-2021-21350", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21350", + "cveName": "CVE-2021-21350", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "lN9iSqFfVHw8gNGBrZ01zeTTQd0=", + "similarityId": "CVE-2021-21349", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21349", + "cveName": "CVE-2021-21349", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "DhBFJ0FEyN33zbKRzLEsjCfFOu4=", + "similarityId": "CVE-2021-21348", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21348", + "cveName": "CVE-2021-21348", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "jYf3jdToKM1qdnmp0dLQT+5m6oU=", + "similarityId": "CVE-2021-21347", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21347", + "cveName": "CVE-2021-21347", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "B0rvEx1gc4WxxukjitHlusMsgeU=", + "similarityId": "CVE-2021-21346", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21346", + "cveName": "CVE-2021-21346", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.thoughtworks.xstream:xstream-1.4.5", + "vulnerabilities": [ + { + "id": "nGtEJ4SlhR98zW5Cj1IDUKfMhao=", + "similarityId": "CVE-2021-21345", + "version": "1.4.5", + "riskLevel": "INFO", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", + "cveId": "CVE-2021-21345", + "cveName": "CVE-2021-21345", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-commons-io:commons-io-2.6", + "vulnerabilities": [ + { + "id": "N0//ugNGcRxVfluMnb44lNg/h+w=", + "similarityId": "CVE-2021-29425", + "version": "2.6", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Apache Commons IO from 2.2 up to 2.6, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", + "cveId": "CVE-2021-29425", + "cveName": "CVE-2021-29425", + "cwe": "22", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-commons-io:commons-io-2.2", + "vulnerabilities": [ + { + "id": "FEK1v9TCNTDwGEr5ztbPkStWA/c=", + "similarityId": "CVE-2021-29425", + "version": "2.2", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In Apache Commons IO from 2.2 up to 2.6, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", + "cveId": "CVE-2021-29425", + "cveName": "CVE-2021-29425", + "cwe": "22", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.google.guava:guava-25.0-jre", + "vulnerabilities": [ + { + "id": "sUXp6E0+WRJVkbx77S9LYrdv16M=", + "similarityId": "CVE-2020-8908", + "version": "25.0-jre", + "riskLevel": "LOW", + "severity": "LOW", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.", + "cveId": "CVE-2020-8908", + "cveName": "CVE-2020-8908", + "cwe": "732", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.google.guava:guava-20.0", + "vulnerabilities": [ + { + "id": "X8F2khahSMtI+d/hPuNGE59FCtI=", + "similarityId": "CVE-2018-10237", + "version": "20.0", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.", + "cveId": "CVE-2018-10237", + "cveName": "CVE-2018-10237", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.google.guava:guava-20.0", + "vulnerabilities": [ + { + "id": "2vL6CVH8yfdLf+HzkWkJ6Ji3mf0=", + "similarityId": "CVE-2020-8908", + "version": "20.0", + "riskLevel": "LOW", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.", + "cveId": "CVE-2020-8908", + "cveName": "CVE-2020-8908", + "cwe": "732", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.fasterxml.jackson.core:jackson-databind-2.11.4", + "vulnerabilities": [ + { + "id": "YlUPMDmvaoDreUsvhfsjoIWGaUk=", + "similarityId": "Cxced0c06c-935c", + "version": "2.11.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "A flaw was found in jackson-databind 2.10.x before 2.12.6, 2.13.x before 2.13.1. DoS is possible if using JDK serialization to serialize and deserialize JsonNode values.", + "cveId": "Cxced0c06c-935c", + "cveName": "", + "cwe": "400", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.fasterxml.jackson.core:jackson-databind-2.11.4", + "vulnerabilities": [ + { + "id": "H4O+19JA2qf63rEgXD+5lHLHfjA=", + "similarityId": "CVE-2020-36518", + "version": "2.11.4", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jackson-databind before 2.12.6.1 and 2.13.x before 2.13.2.1 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", + "cveId": "CVE-2020-36518", + "cveName": "CVE-2020-36518", + "cwe": "787", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-com.beust:jcommander-1.72", + "vulnerabilities": [ + { + "id": "uyMK4VTBGdFNjDqiSGgztjYEnFM=", + "similarityId": "Cx8fd408ac-dd80", + "version": "1.72", + "riskLevel": "LOW", + "severity": "HIGH", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "jcommander prior to 1.78 includes dependencies over HTTP instead of HTTPS, and thus the included contents could have been compromised and still used as trusted.", + "cveId": "Cx8fd408ac-dd80", + "cveName": "", + "cwe": "829", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-ch.qos.logback:logback-core-1.2.3", + "vulnerabilities": [ + { + "id": "WBv5uR4wnOeKev6mrTis1ffQCXU=", + "similarityId": "CVE-2021-42550", + "version": "1.2.3", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In logback versions prior to 1.2.9 and 1.3.x prior to 1.3.0-alpha11, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "cveId": "CVE-2021-42550", + "cveName": "CVE-2021-42550", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + }, + { + "name": "Maven-ch.qos.logback:logback-classic-1.2.3", + "vulnerabilities": [ + { + "id": "/suyBcXL1hs6H3CuqHCKyyBmj3Q=", + "similarityId": "CVE-2021-42550", + "version": "1.2.3", + "riskLevel": "MEDIUM", + "severity": "MEDIUM", + "outdated": true, + "firstScanId": "", + "status": "NEW", + "state": "To verify", + "description": "In logback versions prior to 1.2.9 and 1.3.x prior to 1.3.0-alpha11, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "cveId": "CVE-2021-42550", + "cveName": "CVE-2021-42550", + "cwe": "502", + "foundDate": "2022-09-14T11:02:26Z", + "firstFoundDate": "2022-05-06T10:47:52Z" + } + ] + } + ], + "vulnerabilities": { + "total": 117, + "high": 57, + "medium": 53, + "low": 7, + "info": 0 + } + }, + "kics": { + "results": [ + { + "name": "Dockerfile", + "vulnerabilities": [ + { + "id": "eZrh18HAPbe2LbDAprSPrwncAC0=", + "similarityId": "1909cb578cc8fa18e9aa3663cfa89c12edc69f0f58a316e52566080c8f449a5e", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webgoat-server/Dockerfile", + "description": "After using apt-get install, it is needed to delete apt-get lists", + "queryName": "Apt Get Install Lists Were Not Deleted", + "expectedValue": "After using apt-get install, it is needed to delete apt-get lists", + "actualValue": "After using apt-get install, the apt-get lists were not deleted", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "Bv47lpJQBcfV/wJsHliDDcxqG0A=", + "similarityId": "a6bf34491175c502a8a39c10e899992b9865764961bfc1669dea7f2ebb406118", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "After using apt-get install, it is needed to delete apt-get lists", + "queryName": "Apt Get Install Lists Were Not Deleted", + "expectedValue": "After using apt-get install, it is needed to delete apt-get lists", + "actualValue": "After using apt-get install, the apt-get lists were not deleted", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "owqQ8S5U6j4C9jDE6UxqTlnL6HI=", + "similarityId": "b2352b369f8a2e621703b74342d4b1b356ead3736967d25da37e9ef64a63605f", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webwolf/Dockerfile", + "description": "After using apt-get install, it is needed to delete apt-get lists", + "queryName": "Apt Get Install Lists Were Not Deleted", + "expectedValue": "After using apt-get install, it is needed to delete apt-get lists", + "actualValue": "After using apt-get install, the apt-get lists were not deleted", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "dkTeEgXAZRl2Ms2L7ysA6+9GgJc=", + "similarityId": "9ac11753e780dfc2f1fc0f93e3f6222fb68cdb6ddfb7f7dca21b658dbb9c5590", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.", + "queryName": "APT-GET Not Avoiding Additional Packages", + "expectedValue": "'RUN apt-get -y install apt-utils nginx' uses '--no-install-recommends' flag to avoid installing additional packages", + "actualValue": "'RUN apt-get -y install apt-utils nginx' does not use '--no-install-recommends' flag to avoid installing additional packages", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "Lfun/EKIDfnaHpgz6OqhROuE0Qc=", + "similarityId": "4d4b85eb511066507ecef8d56c60c3616397e4f8b4a196f9f903b925f2590c0e", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webgoat-server/Dockerfile", + "description": "Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.", + "queryName": "APT-GET Not Avoiding Additional Packages", + "expectedValue": "'RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webgoat --create-home -U webgoat' uses '--no-install-recommends' flag to avoid installing additional packages", + "actualValue": "'RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webgoat --create-home -U webgoat' does not use '--no-install-recommends' flag to avoid installing additional packages", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "OrroRnlfA9J3co2+V+H+EamRaa0=", + "similarityId": "360ca5bd9a2f280c80e0c5b86bd96213344c014ee34ccabdd112d865d1569184", + "status": "NEW", + "state": "To verify", + "severity": "INFO", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webwolf/Dockerfile", + "description": "Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.", + "queryName": "APT-GET Not Avoiding Additional Packages", + "expectedValue": "'RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webwolf --create-home -U webwolf' uses '--no-install-recommends' flag to avoid installing additional packages", + "actualValue": "'RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webwolf --create-home -U webwolf' does not use '--no-install-recommends' flag to avoid installing additional packages", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "KhAjQ0Wb99bAcJ04DMNMk4hd+zo=", + "similarityId": "ed440168d16f631592d46e6511d6db66ea1927402a550aa04c48a3709bf4023d", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "Multiple commands (RUN, Copy, And) should be grouped in order to reduce the number of layers.", + "queryName": "Multiple RUN, ADD, COPY, Instructions Listed", + "expectedValue": "There isn´t any RUN instruction that could be grouped", + "actualValue": "There are RUN instructions that could be grouped", + "issueType": "RedundantAttribute", + "category": "Best Practices" + }, + { + "id": "9ra/S5McxCWzhdYN3q8cPfZKAD8=", + "similarityId": "51806f284ae7397bae4739968db142d682718585c7bb3ed8918963b427268f91", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", + "queryName": "Healthcheck Instruction Missing", + "expectedValue": "Dockerfile contains instruction 'HEALTHCHECK'", + "actualValue": "Dockerfile doesn't contain instruction 'HEALTHCHECK'", + "issueType": "MissingAttribute", + "category": "Insecure Configurations" + }, + { + "id": "Ohns/LuO7a7peWCl1YyB5wsYVk8=", + "similarityId": "68fa32e94a9f1d783d8bf6a304277261ed6bd5936cbe8220fab796b08d45a913", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webwolf/Dockerfile", + "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", + "queryName": "Healthcheck Instruction Missing", + "expectedValue": "Dockerfile contains instruction 'HEALTHCHECK'", + "actualValue": "Dockerfile doesn't contain instruction 'HEALTHCHECK'", + "issueType": "MissingAttribute", + "category": "Insecure Configurations" + }, + { + "id": "htCo3AA+YPkmxOIXDY7+2x9d0bM=", + "similarityId": "93dda958bd47aca55ec094efd920122dc7d7ad6135c008a4a485774fdacdb70c", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webgoat-server/Dockerfile", + "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", + "queryName": "Healthcheck Instruction Missing", + "expectedValue": "Dockerfile contains instruction 'HEALTHCHECK'", + "actualValue": "Dockerfile doesn't contain instruction 'HEALTHCHECK'", + "issueType": "MissingAttribute", + "category": "Insecure Configurations" + } + ], + "vulnerabilitiesTotal": 10 + }, + { + "name": "DockerCompose", + "vulnerabilities": [ + { + "id": "mdLkYDLiIMlbXZL8riAalgGnsMg=", + "similarityId": "5d2ee4b4cebb89fb9c99459e65c8a2095a95e689cf8850de1d30053b22b117a1", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests", + "queryName": "Cpus Not Limited", + "expectedValue": "'deploy.resources.limits.cpus' is defined", + "actualValue": "'deploy' is not defined", + "issueType": "MissingAttribute", + "category": "Resource Management" + }, + { + "id": "FgQC8cxfcUFDKSzDhlHc2fmaABA=", + "similarityId": "895c0c1c3798397014e3f307d7755bd66df6deaaf1dd0719396486f526ba6a92", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.", + "queryName": "Container Capabilities Unrestricted", + "expectedValue": "Docker compose file to have 'cap_drop' attribute", + "actualValue": "Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.", + "issueType": "MissingAttribute", + "category": "Resource Management" + }, + { + "id": "madx8Ec86dwZZJaGDLxTAtRyGw8=", + "similarityId": "757f71dc81a680c81ba2fc7a49713bd5b70d5dfd990e451c5375e0d888eedd39", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Attribute 'security_opt' should be defined.", + "queryName": "Security Opt Not Set", + "expectedValue": "Docker compose file to have 'security_opt' attribute", + "actualValue": "Docker compose file does not have 'security_opt' attribute", + "issueType": "MissingAttribute", + "category": "Resource Management" + }, + { + "id": "6F79SJv78N3fDnGcuTwjOyWv368=", + "similarityId": "e4d2a2ca7c66d62b506c963fb09ec20dcc66fb9a44f6434e390938531fcdfd4e", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Setting networks in services ensures you are not using dockers default bridge (docker0), which shares traffic bewteen all containers.", + "queryName": "Networks Not Set", + "expectedValue": "There is a network declared for the service 'checkmarx'", + "actualValue": "There is no network declared for the service 'checkmarx'", + "issueType": "MissingAttribute", + "category": "Networking and Firewall" + }, + { + "id": "qdhwuDjvm5LeAoZy843Hr8j3Od4=", + "similarityId": "fc9be25f6cbbe99df42b81f28803a6fee95b52d6d924e5e718b3cb51f7d88274", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory", + "queryName": "Memory Not Limited", + "expectedValue": "'deploy.resources.limits.memory' is defined", + "actualValue": "'deploy' is not defined", + "issueType": "MissingAttribute", + "category": "Resource Management" + }, + { + "id": "UNcrSm9H8MPt15X37rJS4QZsPGo=", + "similarityId": "69486b051750551d5734392ab9ca757059b8cf79493da2fe2ac3130b509af160", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "The hosts process namespace should not be shared by containers", + "queryName": "Host Namespace is Shared", + "expectedValue": "There is a pid mode declared", + "actualValue": "There is no pid declared", + "issueType": "MissingAttribute", + "category": "Resource Management" + }, + { + "id": "sTgAWpyQ73cEvKIWxd5a7a1zVpo=", + "similarityId": "6e9531e3bd65e4124a309a31733b162b9437511390e488bac2fe2b0a2b3c0433", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Check containers periodically to see if they are running properly.", + "queryName": "Healthcheck Not Set", + "expectedValue": "Healthcheck to be defined.", + "actualValue": "Healthcheck is not defined.", + "issueType": "MissingAttribute", + "category": "Availability" + }, + { + "id": "BaU9X5PRI++MyDC5hbBLJ5lEDLk=", + "similarityId": "800cce54f232334915c7555b160efdb7a35f59c2d2bea2d4bff7b06fd3c188a4", + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "firstScanId": "1b3e4c26-ab98-4115-82f9-8aae2ee8070a", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-08-10T10:53:02Z", + "fileName": "/docker-compose.yml", + "description": "Container has sensitive host directory mounted as a volume", + "queryName": "Volume Has Sensitive Host Directory", + "expectedValue": "There is no sensitive directory mounted as a volume", + "actualValue": "There is a sensitive directory mounted as a volume", + "issueType": "IncorrectValue", + "category": "Build Process" + } + ], + "vulnerabilitiesTotal": 8 + }, + { + "name": "Dockerfile", + "vulnerabilities": [ + { + "id": "AtwQh+LTQxgcItxbxEqfAfrzP3g=", + "similarityId": "4816e8d3444a0b6e75ca263b7e6e2f7e867393a03848608efc028a86bd2cde13", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership", + "queryName": "Chown Flag Exists", + "expectedValue": "The 'Dockerfile' shouldn´t contain the 'chown' flag", + "actualValue": "The 'Dockerfile' contains the 'chown' flag", + "issueType": "IncorrectValue", + "category": "Best Practices" + }, + { + "id": "yKfPX7tjg8YWL7SikZ240gq1xUw=", + "similarityId": "a102c3bde2c93c652bac6e11ad8f67d3c95834f3ceb376041695c0a25dcaaa48", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership", + "queryName": "Chown Flag Exists", + "expectedValue": "The 'Dockerfile' shouldn´t contain the 'chown' flag", + "actualValue": "The 'Dockerfile' contains the 'chown' flag", + "issueType": "IncorrectValue", + "category": "Best Practices" + }, + { + "id": "apzKVWhuoVTnw2JV7iq8+eHGT2A=", + "similarityId": "dbd1c158e7116bfe3279d801446093995f026c484d65149e3a6e9a8fc5d798ae", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership", + "queryName": "Chown Flag Exists", + "expectedValue": "The 'Dockerfile' shouldn´t contain the 'chown' flag", + "actualValue": "The 'Dockerfile' contains the 'chown' flag", + "issueType": "IncorrectValue", + "category": "Best Practices" + }, + { + "id": "S2Cvjf3WX+zsxxe2NDZJSQL8LpY=", + "similarityId": "137016df7d8cb46d56873ecb2e52307aa0147283facf0ad3d56bd6f3e47f72de", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership", + "queryName": "Chown Flag Exists", + "expectedValue": "The 'Dockerfile' shouldn´t contain the 'chown' flag", + "actualValue": "The 'Dockerfile' contains the 'chown' flag", + "issueType": "IncorrectValue", + "category": "Best Practices" + }, + { + "id": "KoD64rmkXGpA9tgnlCbSVE8i9BI=", + "similarityId": "d7362c0d74e55a7874e634e5468760b9f3ca27c49a400ac96fb25595dca63be1", + "status": "NEW", + "state": "To verify", + "severity": "LOW", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership", + "queryName": "Chown Flag Exists", + "expectedValue": "The 'Dockerfile' shouldn´t contain the 'chown' flag", + "actualValue": "The 'Dockerfile' contains the 'chown' flag", + "issueType": "IncorrectValue", + "category": "Best Practices" + }, + { + "id": "RRGpLL7SH4DnqNFT/gF81zHTjfU=", + "similarityId": "ce53515a98f2e21f1a7c7a65e2f74b9993f7666713efdf07ffd21d405ea9677b", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "Instruction 'RUN \u003cpackage-manager\u003e update' should always be followed by '\u003cpackage-manager\u003e install' in the same RUN statement", + "queryName": "Update Instruction Alone", + "expectedValue": "Instruction 'RUN \u003cpackage-manager\u003e update' is followed by 'RUN \u003cpackage-manager\u003e install' ", + "actualValue": "Instruction 'RUN \u003cpackage-manager\u003e update' isn't followed by 'RUN \u003cpackage-manager\u003e install in the same 'RUN' statement", + "issueType": "IncorrectValue", + "category": "Build Process" + }, + { + "id": "LVYv65F5xy7IX9KXEpDdJoHLhRM=", + "similarityId": "9efd5b1fb5c0f9b90f89847d0e568fd8de3896698974419a485179486ed70828", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webgoat-server/Dockerfile", + "description": "Use WORKDIR instead of proliferating instructions like RUN cd … \u0026\u0026 do-something, which are hard to read, troubleshoot, and maintain.", + "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", + "expectedValue": "Using WORKDIR to change directory", + "actualValue": "RUN cd /home/webgoat/; mkdir -p .webgoat-${webgoat_version}'", + "issueType": "IncorrectValue", + "category": "Build Process" + }, + { + "id": "V0orhxon4gDprSHpVWqM+jDMmQI=", + "similarityId": "45cceae128c3ace3c9bddf30fbbe918283e71d4ad30a82f041418a0b26ff0ee4", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments", + "queryName": "Not Using JSON In CMD And ENTRYPOINT Arguments", + "expectedValue": "FROM={{openjdk:16-slim}}.{{ENTRYPOINT /bin/bash /home/webgoat/start.sh $webgoat_version_env}} is in the JSON Notation", + "actualValue": "FROM={{openjdk:16-slim}}.{{ENTRYPOINT /bin/bash /home/webgoat/start.sh $webgoat_version_env}} isn't in the JSON Notation", + "issueType": "IncorrectValue", + "category": "Build Process" + }, + { + "id": "QKUP72fU3csKYNOCPaNNHrRxgVI=", + "similarityId": "f0e0acb4b98e233d6b5f5b51bd38c6eb3bab31938d08f847c56ac0001152f63f", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "When installing a package, its pin version should be defined", + "queryName": "Apt Get Install Pin Version Not Defined", + "expectedValue": "Package 'apt-utils' has version defined", + "actualValue": "Package 'apt-utils' does not have version defined", + "issueType": "MissingAttribute", + "category": "Supply-Chain" + }, + { + "id": "yuT2QCq7V/77kUc+ExzFtrRYRWE=", + "similarityId": "1ef5deb11581e4553a46b70aac2ed510e5f5d361ad17246645de96f89135b28d", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/docker/Dockerfile", + "description": "When installing a package, its pin version should be defined", + "queryName": "Apt Get Install Pin Version Not Defined", + "expectedValue": "Package 'nginx' has version defined", + "actualValue": "Package 'nginx' does not have version defined", + "issueType": "MissingAttribute", + "category": "Supply-Chain" + }, + { + "id": "UJsWR990JzF3NCzW4cJcIrRshcA=", + "similarityId": "ff0035037b5ebc675a823ac918007a9e17b12532e08c7d015357cd831dea9e98", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webgoat-server/Dockerfile", + "description": "Check if apt-get calls use the flag -y to avoid user manual input.", + "queryName": "APT-GET Missing '-y' To Avoid Manual Input", + "expectedValue": "FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webgoat --create-home -U webgoat}} avoids manual input", + "actualValue": "FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webgoat --create-home -U webgoat}} doesn't avoid manual input", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + }, + { + "id": "VPApqWKJjQIXf8jw98M3MGy+suw=", + "similarityId": "390bbc4b0e70c6dedc27e6054375792e31c73c14a94dc451610d73769a88d9e3", + "status": "NEW", + "state": "To verify", + "severity": "MEDIUM", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-06T10:45:26Z", + "fileName": "/webwolf/Dockerfile", + "description": "Check if apt-get calls use the flag -y to avoid user manual input.", + "queryName": "APT-GET Missing '-y' To Avoid Manual Input", + "expectedValue": "FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webwolf --create-home -U webwolf}} avoids manual input", + "actualValue": "FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN apt-get update \u0026\u0026 apt-get install \u0026\u0026 useradd --home-dir /home/webwolf --create-home -U webwolf}} doesn't avoid manual input", + "issueType": "IncorrectValue", + "category": "Supply-Chain" + } + ], + "vulnerabilitiesTotal": 12 + }, + { + "name": "Common", + "vulnerabilities": [ + { + "id": "", + "similarityId": "", + "status": "NEW", + "state": "To verify", + "severity": "HIGH", + "firstScanId": "", + "foundDate": "2022-09-14T10:58:32Z", + "firstFoundDate": "2022-05-09T15:38:11Z", + "fileName": "", + "description": "Query to find passwords and secrets in infrastructure code.", + "queryName": "Passwords And Secrets - Generic Secret", + "expectedValue": "Hardcoded secret key should not appear in source", + "actualValue": "", + "issueType": "RedundantAttribute", + "category": "Secret Management" + } + ], + "vulnerabilitiesTotal": 1 + } + ], + "vulnerabilities": { + "total": 31, + "high": 2, + "medium": 12, + "low": 11, + "info": 6 + } + } + } +} \ No newline at end of file diff --git a/unittests/scans/checkov/checkov-report-severity.json b/unittests/scans/checkov/checkov-report-severity.json new file mode 100644 index 00000000000..6f0ec084f35 --- /dev/null +++ b/unittests/scans/checkov/checkov-report-severity.json @@ -0,0 +1,410 @@ +{ + "check_type":"terraform", + "results":{ + "passed_checks":[ + + ], + "failed_checks":[ + { + "check_id":"CKV_GCP_29", + "bc_check_id":"BC_GCP_GCS_2", + "check_name":"Ensure that Cloud Storage buckets have uniform bucket-level access enabled", + "check_result":{ + "result":"FAILED", + "evaluated_keys":[ + "uniform_bucket_level_access" + ] + }, + "code_block":[ + [ + 1, + "resource \"google_storage_bucket\" \"terragoat_website\" {\n" + ], + [ + 2, + " name = \"terragot-${var.environment}\"\n" + ], + [ + 3, + " location = var.location\n" + ], + [ + 4, + " force_destroy = true\n" + ], + [ + 5, + " labels = {\n" + ], + [ + 6, + " git_commit = \"2bdc0871a5f4505be58244029cc6485d45d7bb8e\"\n" + ], + [ + 7, + " git_file = \"terraform__gcp__gcs_tf\"\n" + ], + [ + 8, + " git_last_modified_at = \"2022-01-19-17-02-27\"\n" + ], + [ + 9, + " git_last_modified_by = \"jameswoolfenden\"\n" + ], + [ + 10, + " git_modifiers = \"jameswoolfenden__nimrodkor\"\n" + ], + [ + 11, + " git_org = \"bridgecrewio\"\n" + ], + [ + 12, + " git_repo = \"terragoat\"\n" + ], + [ + 13, + " yor_trace = \"bd00cd2e-f53f-4daf-8d4d-74c47846c1cc\"\n" + ], + [ + 14, + " }\n" + ], + [ + 15, + "}\n" + ] + ], + "file_path":"/gcs.tf", + "file_abs_path":"/tf/gcs.tf", + "repo_file_path":"/gcs.tf", + "file_line_range":[ + 1, + 15 + ], + "resource":"google_storage_bucket.terragoat_website", + "evaluations":null, + "check_class":"checkov.terraform.checks.resource.gcp.GoogleStorageBucketUniformAccess", + "fixed_definition":null, + "entity_tags":null, + "caller_file_path":null, + "caller_file_line_range":null, + "resource_address":null, + "severity":"MEDIUM", + "bc_category":"Storage", + "benchmarks":{ + "CIS GCP V1.1":[ + { + "name":"5.2", + "description":"Ensure that Cloud Storage buckets have uniform bucket-level access enabled" + } + ] + }, + "description":null, + "short_description":null, + "vulnerability_details":null, + "connected_node":null, + "guideline":"https://docs.bridgecrew.io/docs/bc_gcp_gcs_2", + "details":[ + + ] + }, + { + "check_id":"CKV_GCP_62", + "bc_check_id":"BC_GCP_GCS_3", + "check_name":"Bucket should log access", + "check_result":{ + "result":"FAILED", + "evaluated_keys":[ + "logging/[0]/log_bucket" + ] + }, + "code_block":[ + [ + 1, + "resource \"google_storage_bucket\" \"terragoat_website\" {\n" + ], + [ + 2, + " name = \"terragot-${var.environment}\"\n" + ], + [ + 3, + " location = var.location\n" + ], + [ + 4, + " force_destroy = true\n" + ], + [ + 5, + " labels = {\n" + ], + [ + 6, + " git_commit = \"2bdc0871a5f4505be58244029cc6485d45d7bb8e\"\n" + ], + [ + 7, + " git_file = \"terraform__gcp__gcs_tf\"\n" + ], + [ + 8, + " git_last_modified_at = \"2022-01-19-17-02-27\"\n" + ], + [ + 9, + " git_last_modified_by = \"jameswoolfenden\"\n" + ], + [ + 10, + " git_modifiers = \"jameswoolfenden__nimrodkor\"\n" + ], + [ + 11, + " git_org = \"bridgecrewio\"\n" + ], + [ + 12, + " git_repo = \"terragoat\"\n" + ], + [ + 13, + " yor_trace = \"bd00cd2e-f53f-4daf-8d4d-74c47846c1cc\"\n" + ], + [ + 14, + " }\n" + ], + [ + 15, + "}\n" + ] + ], + "file_path":"/gcs.tf", + "file_abs_path":"/tf/gcs.tf", + "repo_file_path":"/gcs.tf", + "file_line_range":[ + 1, + 15 + ], + "resource":"google_storage_bucket.terragoat_website", + "evaluations":null, + "check_class":"checkov.terraform.checks.resource.gcp.CloudStorageLogging", + "fixed_definition":null, + "entity_tags":null, + "caller_file_path":null, + "caller_file_line_range":null, + "resource_address":null, + "severity":"MEDIUM", + "bc_category":"Storage", + "benchmarks":{ + + }, + "description":null, + "short_description":null, + "vulnerability_details":null, + "connected_node":null, + "guideline":"https://docs.bridgecrew.io/docs/bc_gcp_logging_2", + "details":[ + + ] + }, + { + "check_id":"CKV_GCP_78", + "bc_check_id":"BC_GCP_GENERAL_39", + "check_name":"Ensure Cloud storage has versioning enabled", + "check_result":{ + "result":"FAILED", + "evaluated_keys":[ + "versioning/[0]/enabled" + ] + }, + "code_block":[ + [ + 1, + "resource \"google_storage_bucket\" \"terragoat_website\" {\n" + ], + [ + 2, + " name = \"terragot-${var.environment}\"\n" + ], + [ + 3, + " location = var.location\n" + ], + [ + 4, + " force_destroy = true\n" + ], + [ + 5, + " labels = {\n" + ], + [ + 6, + " git_commit = \"2bdc0871a5f4505be58244029cc6485d45d7bb8e\"\n" + ], + [ + 7, + " git_file = \"terraform__gcp__gcs_tf\"\n" + ], + [ + 8, + " git_last_modified_at = \"2022-01-19-17-02-27\"\n" + ], + [ + 9, + " git_last_modified_by = \"jameswoolfenden\"\n" + ], + [ + 10, + " git_modifiers = \"jameswoolfenden__nimrodkor\"\n" + ], + [ + 11, + " git_org = \"bridgecrewio\"\n" + ], + [ + 12, + " git_repo = \"terragoat\"\n" + ], + [ + 13, + " yor_trace = \"bd00cd2e-f53f-4daf-8d4d-74c47846c1cc\"\n" + ], + [ + 14, + " }\n" + ], + [ + 15, + "}\n" + ] + ], + "file_path":"/gcs.tf", + "file_abs_path":"/tf/gcs.tf", + "repo_file_path":"/gcs.tf", + "file_line_range":[ + 1, + 15 + ], + "resource":"google_storage_bucket.terragoat_website", + "evaluations":null, + "check_class":"checkov.terraform.checks.resource.gcp.CloudStorageVersioningEnabled", + "fixed_definition":null, + "entity_tags":null, + "caller_file_path":null, + "caller_file_line_range":null, + "resource_address":null, + "severity":"LOW", + "bc_category":"General", + "benchmarks":{ + + }, + "description":null, + "short_description":null, + "vulnerability_details":null, + "connected_node":null, + "guideline":"https://docs.bridgecrew.io/docs/ensure-gcp-cloud-storage-has-versioning-enabled", + "details":[ + + ] + }, + { + "check_id":"CKV_GCP_28", + "bc_check_id":"BC_GCP_PUBLIC_1", + "check_name":"Ensure that Cloud Storage bucket is not anonymously or publicly accessible", + "check_result":{ + "result":"FAILED", + "evaluated_keys":[ + "members", + "member" + ] + }, + "code_block":[ + [ + 17, + "resource \"google_storage_bucket_iam_binding\" \"allow_public_read\" {\n" + ], + [ + 18, + " bucket = google_storage_bucket.terragoat_website.id\n" + ], + [ + 19, + " members = [\"allUsers\"]\n" + ], + [ + 20, + " role = \"roles/storage.objectViewer\"\n" + ], + [ + 21, + "}" + ] + ], + "file_path":"/gcs.tf", + "file_abs_path":"/tf/gcs.tf", + "repo_file_path":"/gcs.tf", + "file_line_range":[ + 17, + 21 + ], + "resource":"google_storage_bucket_iam_binding.allow_public_read", + "evaluations":null, + "check_class":"checkov.terraform.checks.resource.gcp.GoogleStorageBucketNotPublic", + "fixed_definition":null, + "entity_tags":null, + "caller_file_path":null, + "caller_file_line_range":null, + "resource_address":null, + "severity":"HIGH", + "bc_category":"Public", + "benchmarks":{ + "ISO27001":[ + { + "name":"A.8.2.3", + "description":"Disciplinary process" + }, + { + "name":"A.14.1.3", + "description":"Protecting application service transactions" + } + ], + "CIS GCP V1.1":[ + { + "name":"5.1", + "description":"Ensure that Cloud Storage bucket is not anonymously or publicly accessible" + } + ] + }, + "description":null, + "short_description":null, + "vulnerability_details":null, + "connected_node":null, + "guideline":"https://docs.bridgecrew.io/docs/bc_gcp_public_1", + "details":[ + + ] + } + ], + "skipped_checks":[ + + ], + "parsing_errors":[ + + ] + }, + "summary":{ + "passed":0, + "failed":4, + "skipped":0, + "parsing_errors":0, + "resource_count":2, + "checkov_version":"2.2.34" + }, + "url":"https://www.bridgecrew.cloud/projects?repository=*********/tf&branch=bc-47d01eb_master&runId=latest" + } diff --git a/unittests/scans/checkov/checkov2-report-0-vuln.json b/unittests/scans/checkov/checkov2-report-0-vuln.json new file mode 100644 index 00000000000..de908e7ae61 --- /dev/null +++ b/unittests/scans/checkov/checkov2-report-0-vuln.json @@ -0,0 +1,8 @@ +{ + "passed": 0, + "failed": 0, + "skipped": 0, + "parsingerrors": 0, + "resourcecount": 0, + "checkov_version": "2.1.269" +} \ No newline at end of file diff --git a/unittests/scans/chefinspect/many_findings.log b/unittests/scans/chefinspect/many_findings.log new file mode 100644 index 00000000000..f1b61a489c2 --- /dev/null +++ b/unittests/scans/chefinspect/many_findings.log @@ -0,0 +1,10 @@ +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.1.1","title":"Ensure time synchronization is in use","impact":0.0,"control_tags":{"ISO27001_2013":["A.12.4.4"],"cis":"distribution-independent-linux:2.2.1.1","level":1},"description":"System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them.\n\nRationale: Time synchronization is important to support time sensitive security mechanisms like Kerberos and also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"System Package chrony is expected to be installed","run_time":0.00044244,"start_time":"2022-10-03T11:02:14+00:00"},{"status":"passed","code_desc":"Command: `chronyd` is expected to exist","run_time":0.00015116,"start_time":"2022-10-03T11:02:14+00:00"}],"control_runtime":0.0005936} +{"status":"skipped","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.1.2","title":"Ensure ntp is configured","impact":1.0,"control_tags":{"ISO27001_2013":["A.12.4.4"],"cis":"distribution-independent-linux:2.2.1.2","level":1},"description":"ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. ntp can be configured to be a client and/or a server.\nThis recommendation only applies if ntp is in use on the system.\n\nRationale: If ntp is in use on the system proper configuration is vital to ensuring time synchronization is working properly.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"skipped","code_desc":"No-op","run_time":7.893e-06,"start_time":"2022-10-03T11:02:14+00:00","resource":"No-op","skip_message":"Skipped control due to only_if condition."}],"control_runtime":7.893e-06} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.1.3","title":"Ensure chrony is configured","impact":1.0,"control_tags":{"ISO27001_2013":["A.12.4.4"],"cis":"distribution-independent-linux:2.2.1.3","level":1},"description":"chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a server.\n\nRationale: If chrony is in use on the system proper configuration is vital to ensuring time synchronization is working properly.\nThis recommendation only applies if chrony is in use on the system.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"File /etc/chrony.conf content is expected to match /^server\\s+\\S+/","run_time":0.000128649,"start_time":"2022-10-03T11:02:14+00:00"},{"status":"passed","code_desc":"Processes chronyd users is expected to cmp == \"chrony\"","run_time":0.000184573,"start_time":"2022-10-03T11:02:14+00:00"}],"control_runtime":0.000313222} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.2","title":"Ensure X Window System is not installed","impact":1.0,"control_tags":{"ISO27001_2013":["A.12.5.1"],"cis":"distribution-independent-linux:2.2.2","level":1},"description":"The X Window System provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Windows system is typically used on workstations where users login, but not on servers where users typically do not login.\n\nRationale: Unless your organization specifically requires graphical login access via X Windows, remove it to reduce the potential attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Packages /^xserver-xorg.*/ names is expected to be empty","run_time":0.014531242,"start_time":"2022-10-03T11:02:14+00:00"},{"status":"passed","code_desc":"Packages /^xorg-x11-server.*/ names is expected to be empty","run_time":0.00461028,"start_time":"2022-10-03T11:02:14+00:00"}],"control_runtime":0.019141522} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.3","title":"Ensure Avahi Server is not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.3","level":1},"description":"Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automatically finds printers to print to, files to look at and people to talk to, as well as network services running on the machine.\n\nRationale: Automatic discovery of network services is not normally required for system functionality. It is recommended to disable the service to reduce the potential attach surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service avahi-daemon is expected not to be enabled","run_time":0.599389271,"start_time":"2022-10-03T11:02:14+00:00"},{"status":"passed","code_desc":"Service avahi-daemon is expected not to be running","run_time":0.000153889,"start_time":"2022-10-03T11:02:15+00:00"}],"control_runtime":0.59954316} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.4","title":"Ensure CUPS is not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.4","level":1},"description":"The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability.\n\nRationale: If the system does not need to print jobs or accept print jobs from other systems, it is recommended that CUPS be disabled to reduce the potential attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service cups is expected not to be enabled","run_time":0.633429634,"start_time":"2022-10-03T11:02:15+00:00"},{"status":"passed","code_desc":"Service cups is expected not to be running","run_time":0.000191051,"start_time":"2022-10-03T11:02:15+00:00"}],"control_runtime":0.633620685} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.5","title":"Ensure DHCP Server is not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.5","level":1},"description":"The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses.\n\nRationale: Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service isc-dhcp-server is expected not to be enabled","run_time":0.639691591,"start_time":"2022-10-03T11:02:15+00:00"},{"status":"passed","code_desc":"Service isc-dhcp-server is expected not to be running","run_time":0.000160418,"start_time":"2022-10-03T11:02:16+00:00"},{"status":"passed","code_desc":"Service isc-dhcp-server6 is expected not to be enabled","run_time":0.644534045,"start_time":"2022-10-03T11:02:16+00:00"},{"status":"passed","code_desc":"Service isc-dhcp-server6 is expected not to be running","run_time":0.000268166,"start_time":"2022-10-03T11:02:17+00:00"},{"status":"passed","code_desc":"Service dhcpd is expected not to be enabled","run_time":0.643181648,"start_time":"2022-10-03T11:02:17+00:00"},{"status":"passed","code_desc":"Service dhcpd is expected not to be running","run_time":0.000231542,"start_time":"2022-10-03T11:02:17+00:00"}],"control_runtime":1.92806741} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.6","title":"Ensure LDAP server is not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.6","level":1},"description":"The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.\n\nRationale: If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service slapd is expected not to be enabled","run_time":0.630785667,"start_time":"2022-10-03T11:02:17+00:00"},{"status":"passed","code_desc":"Service slapd is expected not to be running","run_time":0.000193827,"start_time":"2022-10-03T11:02:18+00:00"}],"control_runtime":0.6309794940000001} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.7","title":"Ensure NFS and RPC are not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.7","level":1},"description":"The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.\n\nRationale: If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service nfs-kernel-server is expected not to be enabled","run_time":0.632784742,"start_time":"2022-10-03T11:02:18+00:00"},{"status":"passed","code_desc":"Service nfs-kernel-server is expected not to be running","run_time":0.000166672,"start_time":"2022-10-03T11:02:19+00:00"},{"status":"passed","code_desc":"Service nfs is expected not to be enabled","run_time":0.640653182,"start_time":"2022-10-03T11:02:19+00:00"},{"status":"passed","code_desc":"Service nfs is expected not to be running","run_time":0.000215897,"start_time":"2022-10-03T11:02:19+00:00"},{"status":"passed","code_desc":"Service rpcbind is expected not to be enabled","run_time":0.643515006,"start_time":"2022-10-03T11:02:19+00:00"},{"status":"passed","code_desc":"Service rpcbind is expected not to be running","run_time":0.000154942,"start_time":"2022-10-03T11:02:20+00:00"}],"control_runtime":1.917490441} +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.8","title":"Ensure DNS Server is not enabled","impact":1.0,"control_tags":{"ISO27001_2013":["A.13.1.3"],"cis":"distribution-independent-linux:2.2.8","level":1},"description":"The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network.\n\nRationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the package be deleted to reduce the potential attack surface.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"Service named is expected not to be enabled","run_time":0.632303089,"start_time":"2022-10-03T11:02:20+00:00"},{"status":"passed","code_desc":"Service named is expected not to be running","run_time":0.000154262,"start_time":"2022-10-03T11:02:20+00:00"},{"status":"passed","code_desc":"Service bind is expected not to be enabled","run_time":0.654657749,"start_time":"2022-10-03T11:02:20+00:00"},{"status":"passed","code_desc":"Service bind is expected not to be running","run_time":0.000212705,"start_time":"2022-10-03T11:02:21+00:00"},{"status":"passed","code_desc":"Service bind9 is expected not to be enabled","run_time":0.642811638,"start_time":"2022-10-03T11:02:21+00:00"},{"status":"passed","code_desc":"Service bind9 is expected not to be running","run_time":0.000207277,"start_time":"2022-10-03T11:02:22+00:00"}],"control_runtime":1.9303467199999997} diff --git a/unittests/scans/chefinspect/no_finding.log b/unittests/scans/chefinspect/no_finding.log new file mode 100644 index 00000000000..e69de29bb2d diff --git a/unittests/scans/chefinspect/one_finding.log b/unittests/scans/chefinspect/one_finding.log new file mode 100644 index 00000000000..5a599ab5fac --- /dev/null +++ b/unittests/scans/chefinspect/one_finding.log @@ -0,0 +1 @@ +{"status":"passed","batch_runtime":"2022-10-03","application_group":"logserver","zone":"domain","office":"officename","dc":null,"environment":"unknown","id":"cis-dil-benchmark-2.2.1.1","title":"Ensure time synchronization is in use","impact":0.0,"control_tags":{"ISO27001_2013":["A.12.4.4"],"cis":"distribution-independent-linux:2.2.1.1","level":1},"description":"System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them.\n\nRationale: Time synchronization is important to support time sensitive security mechanisms like Kerberos and also ensures log files have consistent time records across the enterprise, which aids in forensic investigations.","platform":{"name":"redhat","release":"8.5","target_id":"logsrv01.domain.dk"},"profile":{"name":"cis-dil-benchmark","title":"CIS Distribution Independent Linux Benchmark Profile","version":"0.3.0","supports":"[{\"platform-family\":\"linux\"}]"},"group":{"id":"controls/2_2_special_purpose_services.rb","title":"2.2 Special Purpose Services"},"results":[{"status":"passed","code_desc":"System Package chrony is expected to be installed","run_time":0.00044244,"start_time":"2022-10-03T11:02:14+00:00"},{"status":"passed","code_desc":"Command: `chronyd` is expected to exist","run_time":0.00015116,"start_time":"2022-10-03T11:02:14+00:00"}],"control_runtime":0.0005936} diff --git a/unittests/scans/clair/empty.json b/unittests/scans/clair/clair_empty.json similarity index 100% rename from unittests/scans/clair/empty.json rename to unittests/scans/clair/clair_empty.json diff --git a/unittests/scans/clair/few_vuln.json b/unittests/scans/clair/clair_few_vuln.json similarity index 100% rename from unittests/scans/clair/few_vuln.json rename to unittests/scans/clair/clair_few_vuln.json diff --git a/unittests/scans/clair/many_vul.json b/unittests/scans/clair/clair_many_vul.json similarity index 100% rename from unittests/scans/clair/many_vul.json rename to unittests/scans/clair/clair_many_vul.json diff --git a/unittests/scans/clair-klar/empty.json b/unittests/scans/clair/clairklar_empty.json similarity index 100% rename from unittests/scans/clair-klar/empty.json rename to unittests/scans/clair/clairklar_empty.json diff --git a/unittests/scans/clair-klar/high.json b/unittests/scans/clair/clairklar_high.json similarity index 100% rename from unittests/scans/clair-klar/high.json rename to unittests/scans/clair/clairklar_high.json diff --git a/unittests/scans/clair-klar/mixed.json b/unittests/scans/clair/clairklar_mixed.json similarity index 100% rename from unittests/scans/clair-klar/mixed.json rename to unittests/scans/clair/clairklar_mixed.json diff --git a/unittests/scans/codechecker/cc-report-0-vuln.json b/unittests/scans/codechecker/cc-report-0-vuln.json new file mode 100644 index 00000000000..65f28e66ae9 --- /dev/null +++ b/unittests/scans/codechecker/cc-report-0-vuln.json @@ -0,0 +1,5 @@ +{ + "version": 1, + "reports": [ + ] +} \ No newline at end of file diff --git a/unittests/scans/codechecker/cc-report-1-vuln.json b/unittests/scans/codechecker/cc-report-1-vuln.json new file mode 100644 index 00000000000..06537339ca8 --- /dev/null +++ b/unittests/scans/codechecker/cc-report-1-vuln.json @@ -0,0 +1,45 @@ +{ + "version": 1, + "reports": [ + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d5e8aec375bc1d89630e5e848b442109", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 576, + "start_col": 20, + "end_line": 576, + "end_col": 20 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/codechecker/cc-report-many-vuln.json b/unittests/scans/codechecker/cc-report-many-vuln.json new file mode 100644 index 00000000000..4578d82aa8b --- /dev/null +++ b/unittests/scans/codechecker/cc-report-many-vuln.json @@ -0,0 +1,10026 @@ +{ + "version": 1, + "reports": [ + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d5e8aec375bc1d89630e5e848b442109", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 576, + "start_col": 20, + "end_line": 576, + "end_col": 20 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "b5dd5b1079dfaefb3893465ef56d58f2", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 679, + "start_col": 13, + "end_line": 679, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "7d783dcf75b8fad6597fe70e3a900b9c", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "range": { + "start_line": 402, + "start_col": 52, + "end_line": 402, + "end_col": 52 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a368fa650a319c07bc041d0de26bb973", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 91, + "start_col": 19, + "end_line": 91, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 117, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "16d424a2781030079df820c417f8e3be", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 117, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 117, + "start_col": 19, + "end_line": 117, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 193, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a368fa650a319c07bc041d0de26bb973", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 193, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 193, + "start_col": 19, + "end_line": 193, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 206, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "5ed4dd12a69982b5cafa820c657ddc41", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 206, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 206, + "start_col": 23, + "end_line": 206, + "end_col": 23 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 225, + "column": 39, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a9dcb43c74779e3bfc5d542c23dd3d2f", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 225, + "column": 39, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 225, + "start_col": 39, + "end_line": 225, + "end_col": 39 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 273, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "ee87634ca73a5ab693d5118d4a1ea470", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 273, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 273, + "start_col": 19, + "end_line": 273, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/mtcp.c_cppcheck_95a68fc67b7e003515726cf3810cb9df.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mtcp.c" + }, + "line": 341, + "column": 13, + "message": "Assignment of function parameter has no effect outside the function. Did you forget dereferencing it?", + "checker_name": "cppcheck-uselessAssignmentPtrArg", + "severity": "MEDIUM", + "report_hash": "0b762e20dd2c386244ced97d33f00738", + "analyzer_name": "cppcheck", + "category": "warning", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mtcp.c" + }, + "line": 341, + "column": 13, + "message": "Assignment of function parameter has no effect outside the function. Did you forget dereferencing it?", + "range": { + "start_line": 341, + "start_col": 13, + "end_line": 341, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/mtcp.c_cppcheck_95a68fc67b7e003515726cf3810cb9df.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mtcp.c" + }, + "line": 467, + "column": 5, + "message": "Address of local auto-variable assigned to a function parameter.", + "checker_name": "cppcheck-autoVariables", + "severity": "HIGH", + "report_hash": "330eb9118020a8862cdc94cb61cf137b", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mtcp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mtcp.c" + }, + "line": 467, + "column": 5, + "message": "Address of local auto-variable assigned to a function parameter.", + "range": { + "start_line": 467, + "start_col": 5, + "end_line": 467, + "end_col": 5 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/auth-pam.c_clangsa_482b0915cfac7c8424fa7abd525b8d4e.plist", + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 277, + "column": 13, + "message": "Dereference of null pointer (loaded from variable 'query')", + "checker_name": "core.NullDereference", + "severity": "HIGH", + "report_hash": "99cb81b00cc67338a7220b963f5175cc", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 640, + "column": 9, + "message": "Assuming 'n' is > 0", + "range": { + "start_line": 640, + "start_col": 9, + "end_line": 640, + "end_col": 14 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 640, + "column": 19, + "message": "Assuming 'n' is <= PAM_MAX_NUM_MSG", + "range": { + "start_line": 640, + "start_col": 19, + "end_line": 640, + "end_col": 37 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 644, + "column": 9, + "message": "Assuming the condition is false", + "range": { + "start_line": 644, + "start_col": 9, + "end_line": 644, + "end_col": 50 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 650, + "column": 17, + "message": "Entering loop body", + "range": { + "start_line": 650, + "start_col": 17, + "end_line": 650, + "end_col": 21 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 656, + "column": 13, + "message": "Assuming field 'verb' is >= 4", + "range": { + "start_line": 656, + "start_col": 13, + "end_line": 656, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 660, + "column": 21, + "message": "Assuming field 'msg' is null", + "range": { + "start_line": 660, + "start_col": 21, + "end_line": 660, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 664, + "column": 13, + "message": "Assuming field 'name_value_list' is non-null", + "range": { + "start_line": 664, + "start_col": 13, + "end_line": 664, + "end_col": 31 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 664, + "column": 36, + "message": "Assuming field 'len' is > 0", + "range": { + "start_line": 664, + "start_col": 36, + "end_line": 664, + "end_col": 63 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 671, + "column": 25, + "message": "Entering loop body", + "range": { + "start_line": 671, + "start_col": 25, + "end_line": 671, + "end_col": 37 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 676, + "column": 38, + "message": "Passing null pointer value via 1st parameter 'query'", + "range": { + "start_line": 676, + "start_col": 38, + "end_line": 676, + "end_col": 45 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 676, + "column": 21, + "message": "Calling 'name_value_match'", + "range": { + "start_line": 676, + "start_col": 21, + "end_line": 676, + "end_col": 58 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 274, + "column": 1, + "message": "Entered call from 'my_conv'", + "range": { + "start_line": 274, + "start_col": 1, + "end_line": 274, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 277, + "column": 13, + "message": "Dereference of null pointer (loaded from variable 'query')", + "range": { + "start_line": 277, + "start_col": 13, + "end_line": 277, + "end_col": 27 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 633, + "start_col": 5, + "end_line": 633, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 640, + "start_col": 5, + "end_line": 640, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 640, + "start_col": 9, + "end_line": 640, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 640, + "start_col": 19, + "end_line": 640, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 644, + "start_col": 5, + "end_line": 644, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 644, + "start_col": 9, + "end_line": 644, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 650, + "start_col": 5, + "end_line": 650, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 650, + "start_col": 17, + "end_line": 650, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 652, + "start_col": 9, + "end_line": 652, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 654, + "start_col": 9, + "end_line": 654, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 656, + "start_col": 13, + "end_line": 656, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 658, + "start_col": 13, + "end_line": 658, + "end_col": 22 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 660, + "start_col": 21, + "end_line": 660, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 664, + "start_col": 9, + "end_line": 664, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 664, + "start_col": 13, + "end_line": 664, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 664, + "start_col": 36, + "end_line": 664, + "end_col": 37 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 667, + "start_col": 13, + "end_line": 667, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 671, + "start_col": 13, + "end_line": 671, + "end_col": 15 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 671, + "start_col": 25, + "end_line": 671, + "end_col": 25 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 673, + "start_col": 17, + "end_line": 673, + "end_col": 21 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 676, + "start_col": 17, + "end_line": 676, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 676, + "start_col": 38, + "end_line": 676, + "end_col": 40 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 676, + "start_col": 21, + "end_line": 676, + "end_col": 36 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 274, + "start_col": 1, + "end_line": 274, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 277, + "start_col": 5, + "end_line": 277, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + }, + { + "range": { + "start_line": 277, + "start_col": 13, + "end_line": 277, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "DEBUG", + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 656, + "column": 13, + "message": "((up->verb) >= 4)", + "range": { + "start_line": 656, + "start_col": 13, + "end_line": 656, + "end_col": 13 + } + }, + { + "name": "isalnum", + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 277, + "column": 13, + "message": "((*__ctype_b_loc ())[(int) ((*query))] & (unsigned short int) _ISalnum)", + "range": { + "start_line": 277, + "start_col": 13, + "end_line": 277, + "end_col": 13 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/env_set.c_clang-tidy_45c4f6a52f46fb31c5b84477ee4a878a.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "path": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/env_set.c" + }, + "line": 73, + "column": 14, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "8860dbb38e5074acf316929aa1557130", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "path": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/env_set.c" + }, + "line": 73, + "column": 14, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 73, + "start_col": 14, + "end_line": 73, + "end_col": 14 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/env_set.c_clang-tidy_45c4f6a52f46fb31c5b84477ee4a878a.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "path": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/env_set.c" + }, + "line": 74, + "column": 14, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "19e675b7339808ac6f2d7afe1330a112", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "path": "/opt/_ga/openvpn/src/openvpn/env_set.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/env_set.c" + }, + "line": 74, + "column": 14, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 74, + "start_col": 14, + "end_line": 74, + "end_col": 14 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/clinat.c_clangsa_d0fe8d29f751b7ac915e8aed3c500ac3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 217, + "column": 20, + "message": "Dereference of null pointer", + "checker_name": "core.NullDereference", + "severity": "HIGH", + "report_hash": "592f0594027111b44181bb0e56e8bb8e", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 212, + "column": 17, + "message": "Assuming 'i' is < field 'n'", + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 212, + "column": 17, + "message": "Entering loop body", + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 215, + "column": 13, + "message": "Assuming the condition is true", + "range": { + "start_line": 215, + "start_col": 13, + "end_line": 215, + "end_col": 31 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 217, + "column": 20, + "message": "Dereference of null pointer", + "range": { + "start_line": 217, + "start_col": 20, + "end_line": 217, + "end_col": 45 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 199, + "start_col": 5, + "end_line": 199, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 207, + "start_col": 5, + "end_line": 207, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 212, + "start_col": 5, + "end_line": 212, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 214, + "start_col": 9, + "end_line": 214, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 215, + "start_col": 9, + "end_line": 215, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 215, + "start_col": 13, + "end_line": 215, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 217, + "start_col": 13, + "end_line": 217, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 217, + "start_col": 20, + "end_line": 217, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/clinat.c_clangsa_d0fe8d29f751b7ac915e8aed3c500ac3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 222, + "column": 20, + "message": "Dereference of null pointer", + "checker_name": "core.NullDereference", + "severity": "HIGH", + "report_hash": "3081a2bcfbf07606138b2d3450af3ff6", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 212, + "column": 17, + "message": "Assuming 'i' is < field 'n'", + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 212, + "column": 17, + "message": "Entering loop body", + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 215, + "column": 13, + "message": "Assuming the condition is false", + "range": { + "start_line": 215, + "start_col": 13, + "end_line": 215, + "end_col": 31 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 222, + "column": 20, + "message": "Dereference of null pointer", + "range": { + "start_line": 222, + "start_col": 20, + "end_line": 222, + "end_col": 45 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 199, + "start_col": 5, + "end_line": 199, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 207, + "start_col": 5, + "end_line": 207, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 212, + "start_col": 5, + "end_line": 212, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 212, + "start_col": 17, + "end_line": 212, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 214, + "start_col": 9, + "end_line": 214, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 215, + "start_col": 9, + "end_line": 215, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 215, + "start_col": 13, + "end_line": 215, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 222, + "start_col": 13, + "end_line": 222, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + }, + { + "range": { + "start_line": 222, + "start_col": 20, + "end_line": 222, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clangsa_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2037, + "column": 63, + "message": "Assigned value is garbage or undefined", + "checker_name": "core.uninitialized.Assign", + "severity": "HIGH", + "report_hash": "b79407e508f4b1c59bc1e52e024378ce", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2268, + "column": 5, + "message": "Assuming 'sock' is non-null", + "range": { + "start_line": 2268, + "start_col": 5, + "end_line": 2268, + "end_col": 16 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2269, + "column": 5, + "message": "Assuming 'sig_info' is non-null", + "range": { + "start_line": 2269, + "start_col": 5, + "end_line": 2269, + "end_col": 20 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2271, + "column": 9, + "message": "Assuming field 'signal_received' is 0", + "range": { + "start_line": 2271, + "start_col": 9, + "end_line": 2271, + "end_col": 33 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2285, + "column": 9, + "message": "Assuming field 'resolve_retry_seconds' is 0", + "range": { + "start_line": 2285, + "start_col": 9, + "end_line": 2285, + "end_col": 35 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2291, + "column": 9, + "message": "Assuming field 'inetd' is not equal to 0", + "range": { + "start_line": 2291, + "start_col": 9, + "end_line": 2291, + "end_col": 19 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2293, + "column": 9, + "message": "Calling 'phase2_inetd'", + "range": { + "start_line": 2293, + "start_col": 9, + "end_line": 2293, + "end_col": 78 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2019, + "column": 1, + "message": "Entered call from 'link_socket_init_phase2'", + "range": { + "start_line": 2019, + "start_col": 1, + "end_line": 2019, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2026, + "column": 9, + "message": "Assuming field 'proto' is equal to PROTO_TCP_SERVER", + "range": { + "start_line": 2026, + "start_col": 9, + "end_line": 2026, + "end_col": 44 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2035, + "column": 17, + "message": "Assuming the condition is true", + "range": { + "start_line": 2035, + "start_col": 17, + "end_line": 2035, + "end_col": 73 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2037, + "column": 63, + "message": "Assigned value is garbage or undefined", + "range": { + "start_line": 2037, + "start_col": 65, + "end_line": 2037, + "end_col": 92 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 2265, + "start_col": 5, + "end_line": 2265, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2266, + "start_col": 5, + "end_line": 2266, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2268, + "start_col": 5, + "end_line": 2268, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2271, + "start_col": 5, + "end_line": 2271, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2271, + "start_col": 9, + "end_line": 2271, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2278, + "start_col": 5, + "end_line": 2278, + "end_col": 21 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2285, + "start_col": 5, + "end_line": 2285, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2285, + "start_col": 9, + "end_line": 2285, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2291, + "start_col": 5, + "end_line": 2291, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2291, + "start_col": 9, + "end_line": 2291, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2293, + "start_col": 9, + "end_line": 2293, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2019, + "start_col": 1, + "end_line": 2019, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2024, + "start_col": 5, + "end_line": 2024, + "end_col": 8 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2026, + "start_col": 5, + "end_line": 2026, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2026, + "start_col": 9, + "end_line": 2026, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2029, + "start_col": 9, + "end_line": 2029, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2033, + "start_col": 13, + "end_line": 2033, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2035, + "start_col": 13, + "end_line": 2035, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2035, + "start_col": 17, + "end_line": 2035, + "end_col": 27 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2037, + "start_col": 17, + "end_line": 2037, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + }, + { + "range": { + "start_line": 2037, + "start_col": 63, + "end_line": 2037, + "end_col": 63 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "ASSERT", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2268, + "column": 5, + "message": "do { if (!(sock)) {assert_failed(,, \"sock\");}} while (0)", + "range": { + "start_line": 2268, + "start_col": 5, + "end_line": 2268, + "end_col": 5 + } + }, + { + "name": "ASSERT", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2269, + "column": 5, + "message": "do { if (!(sig_info)) {assert_failed(,, \"sig_info\");}} while (0)", + "range": { + "start_line": 2269, + "start_col": 5, + "end_line": 2269, + "end_col": 5 + } + }, + { + "name": "bool", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 2024, + "column": 5, + "message": "_Bool", + "range": { + "start_line": 2024, + "start_col": 5, + "end_line": 2024, + "end_col": 5 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/options.c_cppcheck_d435c160746e2e24aa06c15b3bdd07ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 1105, + "column": 13, + "message": "%x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.", + "checker_name": "cppcheck-invalidScanfArgType_int", + "severity": "MEDIUM", + "report_hash": "fd87d7990cabff9ea046ffe64628c0ec", + "analyzer_name": "cppcheck", + "category": "warning", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 1105, + "column": 13, + "message": "%x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.", + "range": { + "start_line": 1105, + "start_col": 13, + "end_line": 1105, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/options.c_cppcheck_d435c160746e2e24aa06c15b3bdd07ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 796, + "column": 5, + "message": "Using argument o that points at uninitialized variable defaults", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "0b5f98d3fcbc8e7a64a212a118764627", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 2010, + "column": 17, + "message": "Calling function init_options, 1st argument is uninitialized", + "range": { + "start_line": 2010, + "start_col": 17, + "end_line": 2010, + "end_col": 17 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 796, + "column": 5, + "message": "Using argument o", + "range": { + "start_line": 796, + "start_col": 5, + "end_line": 796, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 796, + "column": 5, + "message": "Using argument o that points at uninitialized variable defaults", + "range": { + "start_line": 796, + "start_col": 5, + "end_line": 796, + "end_col": 5 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 2010, + "start_col": 17, + "end_line": 2010, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + } + }, + { + "range": { + "start_line": 796, + "start_col": 5, + "end_line": 796, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ps.c_clang-tidy_64fc4b5e49c21dac8803691ac255e5d9.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ps.c", + "path": "/opt/_ga/openvpn/src/openvpn/ps.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ps.c" + }, + "line": 364, + "column": 41, + "message": "comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "e7c463fb4c90a168dd2e06cbe0510f1c", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ps.c", + "path": "/opt/_ga/openvpn/src/openvpn/ps.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ps.c" + }, + "line": 364, + "column": 41, + "message": "comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long'", + "range": { + "start_line": 364, + "start_col": 41, + "end_line": 364, + "end_col": 41 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/platform.c_clang-tidy_cffc40d8e44b4f873880d4ed619148c0.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/platform.c", + "path": "/opt/_ga/openvpn/src/openvpn/platform.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/platform.c" + }, + "line": 446, + "column": 23, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "eebd21127f7e7ef1c0d041238a7ce635", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/platform.c", + "path": "/opt/_ga/openvpn/src/openvpn/platform.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/platform.c" + }, + "line": 446, + "column": 23, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 446, + "start_col": 23, + "end_line": 446, + "end_col": 23 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/auth-pam.c_cppcheck_48aef4fd9c398eb0797e35d8ffdc8777.plist", + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 505, + "column": 9, + "message": "Memory leak: context", + "checker_name": "cppcheck-memleak", + "severity": "HIGH", + "report_hash": "23ba34278df51967acfb02c91c3b2e6f", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c", + "original_path": "/opt/_ga/openvpn/src/plugins/auth-pam/auth-pam.c" + }, + "line": 505, + "column": 9, + "message": "Memory leak: context", + "range": { + "start_line": 505, + "start_col": 9, + "end_line": 505, + "end_col": 9 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/networking_sitnl.c_clangsa_c131806c87dbfd5d9f72eb1e59574fc9.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c", + "path": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c" + }, + "line": 247, + "column": 26, + "message": "Although the value stored to 'seq' is used in the enclosing expression, the value is never actually read from 'seq'", + "checker_name": "deadcode.DeadStores", + "severity": "LOW", + "report_hash": "10e2ed90d4b6e3f11ce41969e15d922b", + "analyzer_name": "clangsa", + "category": "Dead store", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c", + "path": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/networking_sitnl.c" + }, + "line": 247, + "column": 26, + "message": "Although the value stored to 'seq' is used in the enclosing expression, the value is never actually read from 'seq'", + "range": { + "start_line": 247, + "start_col": 32, + "end_line": 247, + "end_col": 41 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/init.c_clang-tidy_e2b400dcb9faeabd060186b44cffa2f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 575, + "column": 45, + "message": "comparison of integers of different signs: 'unsigned int' and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "9b46b3170d61af9890400ad8f8324937", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 575, + "column": 45, + "message": "comparison of integers of different signs: 'unsigned int' and 'int'", + "range": { + "start_line": 575, + "start_col": 45, + "end_line": 575, + "end_col": 45 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/init.c_cppcheck_e2b400dcb9faeabd060186b44cffa2f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 315, + "column": 47, + "message": "Either the condition 'if(parameters)' is redundant or there is possible null pointer dereference: parameters.", + "checker_name": "cppcheck-nullPointerRedundantCheck", + "severity": "MEDIUM", + "report_hash": "5f99afa463ae1fdc1051117714b0ef5a", + "analyzer_name": "cppcheck", + "category": "warning", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 324, + "column": 8, + "message": "Assuming that condition 'if(parameters)' is not redundant", + "range": { + "start_line": 324, + "start_col": 8, + "end_line": 324, + "end_col": 8 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 315, + "column": 47, + "message": "Null pointer dereference", + "range": { + "start_line": 315, + "start_col": 47, + "end_line": 315, + "end_col": 47 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 315, + "column": 47, + "message": "Either the condition 'if(parameters)' is redundant or there is possible null pointer dereference: parameters.", + "range": { + "start_line": 315, + "start_col": 47, + "end_line": 315, + "end_col": 47 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 324, + "start_col": 8, + "end_line": 324, + "end_col": 8 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + } + }, + { + "range": { + "start_line": 315, + "start_col": 47, + "end_line": 315, + "end_col": 47 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/init.c_cppcheck_e2b400dcb9faeabd060186b44cffa2f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 75, + "column": 5, + "message": "Using argument c that points at uninitialized variable c", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "309f3ed0cc1f347b782eeacbbf62c41e", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 4769, + "column": 22, + "message": "Calling function context_clear, 1st argument is uninitialized", + "range": { + "start_line": 4769, + "start_col": 22, + "end_line": 4769, + "end_col": 22 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 75, + "column": 5, + "message": "Using argument c", + "range": { + "start_line": 75, + "start_col": 5, + "end_line": 75, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + }, + "line": 75, + "column": 5, + "message": "Using argument c that points at uninitialized variable c", + "range": { + "start_line": 75, + "start_col": 5, + "end_line": 75, + "end_col": 5 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 4769, + "start_col": 22, + "end_line": 4769, + "end_col": 22 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + } + }, + { + "range": { + "start_line": 75, + "start_col": 5, + "end_line": 75, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/init.c", + "path": "/opt/_ga/openvpn/src/openvpn/init.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/init.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socks.c_clang-tidy_4fa481ccdec1bb0b170cc208eb5d1305.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socks.c", + "path": "/opt/_ga/openvpn/src/openvpn/socks.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socks.c" + }, + "line": 126, + "column": 14, + "message": "comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "b205a03cd42f398dfea2532ae26e7779", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socks.c", + "path": "/opt/_ga/openvpn/src/openvpn/socks.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socks.c" + }, + "line": 126, + "column": 14, + "message": "comparison of integers of different signs: 'ssize_t' (aka 'long') and 'unsigned long'", + "range": { + "start_line": 126, + "start_col": 14, + "end_line": 126, + "end_col": 14 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 201, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "dde5da4a3666ed0884b84c1ccda1daec", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 201, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 201, + "start_col": 22, + "end_line": 201, + "end_col": 22 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 377, + "column": 37, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "0dcb2bc2d5d9e473eb8d15e9ed3272a9", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 377, + "column": 37, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 377, + "start_col": 37, + "end_line": 377, + "end_col": 37 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 429, + "column": 35, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "96b75556c526d160f3b1dd2af0c7cc68", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 429, + "column": 35, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 429, + "start_col": 35, + "end_line": 429, + "end_col": 35 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 487, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "198402292f64114b786656e02ea70d41", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 487, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 487, + "start_col": 29, + "end_line": 487, + "end_col": 29 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 586, + "column": 35, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "96b75556c526d160f3b1dd2af0c7cc68", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 586, + "column": 35, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 586, + "start_col": 35, + "end_line": 586, + "end_col": 35 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/tls_crypt.c_clang-tidy_65a5446e34bd4f808954a5614b391611.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 648, + "column": 34, + "message": "missing field 'keys' initializer", + "checker_name": "clang-diagnostic-missing-field-initializers", + "severity": "MEDIUM", + "report_hash": "8fa4146cfb0eee791454286783851b59", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/tls_crypt.c" + }, + "line": 648, + "column": 34, + "message": "missing field 'keys' initializer", + "range": { + "start_line": 648, + "start_col": 34, + "end_line": 648, + "end_col": 34 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/comp-lz4.c_clang-tidy_9828f9ec732eac3b5454283398f6759d.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c", + "path": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c" + }, + "line": 84, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long')", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "db889a119197ccb5baed2c05df0be244", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c", + "path": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/comp-lz4.c" + }, + "line": 84, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long')", + "range": { + "start_line": 84, + "start_col": 22, + "end_line": 84, + "end_col": 22 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/misc.c_clangsa_9137ec1fdae78f67da6437d94f7fced7.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 214, + "column": 55, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "checker_name": "core.NonNullParamChecker", + "severity": "HIGH", + "report_hash": "f4ff4953ad1d6a7bb98388e14ef9aa7e", + "analyzer_name": "clangsa", + "category": "API", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 164, + "column": 9, + "message": "Assuming field 'defined' is false", + "range": { + "start_line": 164, + "start_col": 9, + "end_line": 164, + "end_col": 20 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 166, + "column": 31, + "message": "Assuming 'auth_file' is null", + "range": { + "start_line": 166, + "start_col": 31, + "end_line": 166, + "end_col": 39 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 171, + "column": 13, + "message": "Assuming the condition is false", + "range": { + "start_line": 171, + "start_col": 13, + "end_line": 171, + "end_col": 55 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 180, + "column": 13, + "message": "Assuming 'management' is null", + "range": { + "start_line": 180, + "start_col": 13, + "end_line": 180, + "end_col": 22 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 195, + "column": 13, + "message": "Assuming the condition is false", + "range": { + "start_line": 195, + "start_col": 13, + "end_line": 195, + "end_col": 41 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 211, + "column": 18, + "message": "Assuming the condition is true", + "range": { + "start_line": 211, + "start_col": 18, + "end_line": 211, + "end_col": 51 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 214, + "column": 55, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "range": { + "start_line": 214, + "start_col": 62, + "end_line": 214, + "end_col": 70 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 162, + "start_col": 5, + "end_line": 162, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 164, + "start_col": 5, + "end_line": 164, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 164, + "start_col": 9, + "end_line": 164, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 166, + "start_col": 9, + "end_line": 166, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 166, + "start_col": 31, + "end_line": 166, + "end_col": 39 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 166, + "start_col": 9, + "end_line": 166, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 171, + "start_col": 9, + "end_line": 171, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 171, + "start_col": 13, + "end_line": 171, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 180, + "start_col": 9, + "end_line": 180, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 180, + "start_col": 13, + "end_line": 180, + "end_col": 22 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 195, + "start_col": 9, + "end_line": 195, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 195, + "start_col": 13, + "end_line": 195, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 211, + "start_col": 14, + "end_line": 211, + "end_col": 15 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 211, + "start_col": 18, + "end_line": 211, + "end_col": 22 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 213, + "start_col": 13, + "end_line": 213, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 214, + "start_col": 13, + "end_line": 214, + "end_col": 24 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + }, + { + "range": { + "start_line": 214, + "start_col": 55, + "end_line": 214, + "end_col": 60 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "bool", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 166, + "column": 9, + "message": "_Bool", + "range": { + "start_line": 166, + "start_col": 9, + "end_line": 166, + "end_col": 9 + } + }, + { + "name": "bool", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/misc.c", + "path": "/opt/_ga/openvpn/src/openvpn/misc.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/misc.c" + }, + "line": 166, + "column": 9, + "message": "_Bool", + "range": { + "start_line": 166, + "start_col": 9, + "end_line": 166, + "end_col": 9 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ntlm.c_clang-tidy_6ff102146490b0d06e65369b01448e36.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "path": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ntlm.c" + }, + "line": 141, + "column": 16, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "9ef90c1611f36cea83b8998a5f0e92ae", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/usr/include/ctype.h", + "path": "/usr/include/ctype.h", + "original_path": "/usr/include/ctype.h" + }, + "line": 221, + "column": 22, + "message": "expanded from macro 'toupper'", + "range": { + "start_line": 221, + "start_col": 22, + "end_line": 221, + "end_col": 22 + } + }, + { + "file": { + "id": "/usr/include/ctype.h", + "path": "/usr/include/ctype.h", + "original_path": "/usr/include/ctype.h" + }, + "line": 162, + "column": 18, + "message": "expanded from macro '__tobody'", + "range": { + "start_line": 162, + "start_col": 18, + "end_line": 162, + "end_col": 18 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "path": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ntlm.c" + }, + "line": 141, + "column": 16, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 141, + "start_col": 16, + "end_line": 141, + "end_col": 16 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 22, + "end_line": 221, + "end_col": 22 + }, + "file": { + "id": "/usr/include/ctype.h", + "path": "/usr/include/ctype.h", + "original_path": "/usr/include/ctype.h" + } + }, + { + "range": { + "start_line": 162, + "start_col": 18, + "end_line": 162, + "end_col": 18 + }, + "file": { + "id": "/usr/include/ctype.h", + "path": "/usr/include/ctype.h", + "original_path": "/usr/include/ctype.h" + } + }, + { + "range": { + "start_line": 141, + "start_col": 16, + "end_line": 141, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "path": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ntlm.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ntlm.c_clang-tidy_6ff102146490b0d06e65369b01448e36.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "path": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ntlm.c" + }, + "line": 330, + "column": 39, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "b059e1af13cc4ebd2956ca7bd93f07cd", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "path": "/opt/_ga/openvpn/src/openvpn/ntlm.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ntlm.c" + }, + "line": 330, + "column": 39, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 330, + "start_col": 39, + "end_line": 330, + "end_col": 39 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify_openssl.c_clang-tidy_5283e7d95d8f97335bb1bc9d0f6a37d1.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 254, + "column": 51, + "message": "comparison of integers of different signs: 'unsigned long' and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "b81f392bf07f13f1000a92bac021b3a0", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 254, + "column": 51, + "message": "comparison of integers of different signs: 'unsigned long' and 'int'", + "range": { + "start_line": 254, + "start_col": 51, + "end_line": 254, + "end_col": 51 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify_openssl.c_clang-tidy_5283e7d95d8f97335bb1bc9d0f6a37d1.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 683, + "column": 47, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "41482644d6162f2aa7c0615c2faf22b8", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 683, + "column": 47, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "range": { + "start_line": 683, + "start_col": 47, + "end_line": 683, + "end_col": 47 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify_openssl.c_clang-tidy_5283e7d95d8f97335bb1bc9d0f6a37d1.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 695, + "column": 30, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d05ab731e9b73e74f5f70ba33031ea07", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify_openssl.c" + }, + "line": 695, + "column": 30, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "range": { + "start_line": 695, + "start_col": 30, + "end_line": 695, + "end_col": 30 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/lzo.c_clang-tidy_fbabff171bbbd763dc003debb2f5971d.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/lzo.c", + "path": "/opt/_ga/openvpn/src/openvpn/lzo.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/lzo.c" + }, + "line": 167, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long')", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d86942c0c7b1dd5bbadc34af38a1fbb8", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/lzo.c", + "path": "/opt/_ga/openvpn/src/openvpn/lzo.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/lzo.c" + }, + "line": 167, + "column": 22, + "message": "comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long')", + "range": { + "start_line": 167, + "start_col": 22, + "end_line": 167, + "end_col": 22 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/route.c_cppcheck_907c1c282d4f5c3b73748fd08ec46024.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 314, + "column": 5, + "message": "Using argument r that points at uninitialized variable r", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "9a07e256055e63964b8f70600a557b62", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 702, + "column": 28, + "message": "Calling function init_route, 1st argument is uninitialized", + "range": { + "start_line": 702, + "start_col": 28, + "end_line": 702, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 314, + "column": 5, + "message": "Using argument r", + "range": { + "start_line": 314, + "start_col": 5, + "end_line": 314, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 314, + "column": 5, + "message": "Using argument r that points at uninitialized variable r", + "range": { + "start_line": 314, + "start_col": 5, + "end_line": 314, + "end_col": 5 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 702, + "start_col": 28, + "end_line": 702, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + } + }, + { + "range": { + "start_line": 314, + "start_col": 5, + "end_line": 314, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/mudp.c_clang-tidy_19a8a518e4fc68408ac79814b120210c.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mudp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mudp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mudp.c" + }, + "line": 73, + "column": 47, + "message": "comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "4e00df80dad6002a2e28a39a8a033355", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/mudp.c", + "path": "/opt/_ga/openvpn/src/openvpn/mudp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/mudp.c" + }, + "line": 73, + "column": 47, + "message": "comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'int'", + "range": { + "start_line": 73, + "start_col": 47, + "end_line": 73, + "end_col": 47 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/manage.c_cppcheck_9a21a4f5d118c146435c21c0010c0da3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + }, + "line": 4037, + "column": 5, + "message": "Using argument h that points at uninitialized variable newlog", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "811b90a7210f84dda05cea73615ff1d8", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + }, + "line": 4100, + "column": 29, + "message": "Calling function log_history_obj_init, 1st argument is uninitialized", + "range": { + "start_line": 4100, + "start_col": 29, + "end_line": 4100, + "end_col": 29 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + }, + "line": 4037, + "column": 5, + "message": "Using argument h", + "range": { + "start_line": 4037, + "start_col": 5, + "end_line": 4037, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + }, + "line": 4037, + "column": 5, + "message": "Using argument h that points at uninitialized variable newlog", + "range": { + "start_line": 4037, + "start_col": 5, + "end_line": 4037, + "end_col": 5 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 4100, + "start_col": 29, + "end_line": 4100, + "end_col": 29 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + } + }, + { + "range": { + "start_line": 4037, + "start_col": 5, + "end_line": 4037, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/manage.c", + "path": "/opt/_ga/openvpn/src/openvpn/manage.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/manage.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/base64.c_clangsa_3560117e893efbe1feebcef94f7308ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 71, + "column": 5, + "message": "Value stored to 'i' is never read", + "checker_name": "deadcode.DeadStores", + "severity": "LOW", + "report_hash": "803f028c89cb35eaf87d73c54435f65d", + "analyzer_name": "clangsa", + "category": "Dead store", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 71, + "column": 5, + "message": "Value stored to 'i' is never read", + "range": { + "start_line": 71, + "start_col": 9, + "end_line": 71, + "end_col": 9 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/base64.c_clangsa_3560117e893efbe1feebcef94f7308ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 183, + "column": 14, + "message": "Dereference of null pointer", + "checker_name": "core.NullDereference", + "severity": "HIGH", + "report_hash": "d099efc9a23298c90e6afbf42bebf223", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 166, + "column": 5, + "message": "Value assigned to 'q'", + "range": { + "start_line": 166, + "start_col": 5, + "end_line": 166, + "end_col": 12 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 167, + "column": 9, + "message": "Assuming 'size' is >= 0", + "range": { + "start_line": 167, + "start_col": 9, + "end_line": 167, + "end_col": 17 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 171, + "column": 19, + "message": "Assuming the condition is true", + "range": { + "start_line": 171, + "start_col": 19, + "end_line": 171, + "end_col": 20 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 171, + "column": 26, + "message": "Assuming the condition is true", + "range": { + "start_line": 171, + "start_col": 26, + "end_line": 171, + "end_col": 34 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 175, + "column": 13, + "message": "Assuming 'val' is not equal to DECODE_ERROR", + "range": { + "start_line": 175, + "start_col": 13, + "end_line": 175, + "end_col": 31 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 179, + "column": 13, + "message": "Assuming 'e' is null", + "range": { + "start_line": 179, + "start_col": 13, + "end_line": 179, + "end_col": 13 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + }, + "line": 183, + "column": 14, + "message": "Dereference of null pointer", + "range": { + "start_line": 183, + "start_col": 9, + "end_line": 183, + "end_col": 33 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 162, + "start_col": 5, + "end_line": 162, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 166, + "start_col": 5, + "end_line": 166, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 167, + "start_col": 5, + "end_line": 167, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 167, + "start_col": 9, + "end_line": 167, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 169, + "start_col": 9, + "end_line": 169, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 171, + "start_col": 5, + "end_line": 171, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 171, + "start_col": 19, + "end_line": 171, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 171, + "start_col": 26, + "end_line": 171, + "end_col": 26 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 173, + "start_col": 9, + "end_line": 173, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 175, + "start_col": 9, + "end_line": 175, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 175, + "start_col": 13, + "end_line": 175, + "end_col": 15 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 179, + "start_col": 9, + "end_line": 179, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 179, + "start_col": 13, + "end_line": 179, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 183, + "start_col": 9, + "end_line": 183, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + }, + { + "range": { + "start_line": 183, + "start_col": 14, + "end_line": 183, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/base64.c", + "path": "/opt/_ga/openvpn/src/openvpn/base64.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/base64.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/forward.c_clangsa_a959ab369b6dd85a2d874398518d010a.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1449, + "column": 9, + "message": "Null pointer passed to 2nd parameter expecting 'nonnull'", + "checker_name": "core.NonNullParamChecker", + "severity": "HIGH", + "report_hash": "bb514ae84c5e92529283755c7849ef30", + "analyzer_name": "clangsa", + "category": "API", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2089, + "column": 9, + "message": "Assuming the condition is false", + "range": { + "start_line": 2089, + "start_col": 9, + "end_line": 2089, + "end_col": 51 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2097, + "column": 9, + "message": "Assuming the condition is false", + "range": { + "start_line": 2097, + "start_col": 9, + "end_line": 2097, + "end_col": 29 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2102, + "column": 14, + "message": "Assuming the condition is false", + "range": { + "start_line": 2102, + "start_col": 14, + "end_line": 2102, + "end_col": 31 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2107, + "column": 14, + "message": "Assuming the condition is false", + "range": { + "start_line": 2107, + "start_col": 14, + "end_line": 2107, + "end_col": 33 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2116, + "column": 14, + "message": "Assuming the condition is true", + "range": { + "start_line": 2116, + "start_col": 14, + "end_line": 2116, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2119, + "column": 13, + "message": "Assuming field 'signal_received' is 0", + "range": { + "start_line": 2119, + "start_col": 13, + "end_line": 2119, + "end_col": 22 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 2121, + "column": 13, + "message": "Calling 'process_incoming_tun'", + "range": { + "start_line": 2121, + "start_col": 13, + "end_line": 2121, + "end_col": 35 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1263, + "column": 1, + "message": "Entered call from 'process_io'", + "range": { + "start_line": 1263, + "start_col": 1, + "end_line": 1263, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1270, + "column": 9, + "message": "Assuming field 'len' is > 0", + "range": { + "start_line": 1270, + "start_col": 9, + "end_line": 1270, + "end_col": 25 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1276, + "column": 9, + "message": "Assuming field 'log_rw' is false", + "range": { + "start_line": 1276, + "start_col": 9, + "end_line": 1276, + "end_col": 20 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1287, + "column": 14, + "message": "Assuming field 'mode' is not equal to MODE_POINT_TO_POINT", + "range": { + "start_line": 1287, + "start_col": 14, + "end_line": 1287, + "end_col": 51 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1297, + "column": 9, + "message": "Calling 'process_ip_header'", + "range": { + "start_line": 1297, + "start_col": 9, + "end_line": 1297, + "end_col": 47 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1457, + "column": 1, + "message": "Entered call from 'process_incoming_tun'", + "range": { + "start_line": 1457, + "start_col": 1, + "end_line": 1457, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1460, + "column": 9, + "message": "Assuming field 'mssfix' is not equal to 0", + "range": { + "start_line": 1460, + "start_col": 9, + "end_line": 1460, + "end_col": 29 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1465, + "column": 9, + "message": "Assuming field 'passtos' is true", + "range": { + "start_line": 1465, + "start_col": 9, + "end_line": 1465, + "end_col": 27 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1470, + "column": 9, + "message": "Assuming field 'client_nat' is non-null", + "range": { + "start_line": 1470, + "start_col": 9, + "end_line": 1470, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1474, + "column": 9, + "message": "Assuming field 'route_gateway_via_dhcp' is true", + "range": { + "start_line": 1474, + "start_col": 9, + "end_line": 1474, + "end_col": 42 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1478, + "column": 9, + "message": "Assuming field 'block_ipv6' is true", + "range": { + "start_line": 1478, + "start_col": 9, + "end_line": 1478, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1498, + "column": 25, + "message": "Assuming field 'tuntap' is null", + "range": { + "start_line": 1498, + "start_col": 25, + "end_line": 1498, + "end_col": 49 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1498, + "column": 17, + "message": "Assuming the condition is false", + "range": { + "start_line": 1498, + "start_col": 17, + "end_line": 1498, + "end_col": 58 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1530, + "column": 22, + "message": "Assuming the condition is true", + "range": { + "start_line": 1530, + "start_col": 22, + "end_line": 1530, + "end_col": 63 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1541, + "column": 21, + "message": "Calling 'ipv6_send_icmp_unreachable'", + "range": { + "start_line": 1541, + "start_col": 21, + "end_line": 1542, + "end_col": 88 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1331, + "column": 1, + "message": "Entered call from 'process_ip_header'", + "range": { + "start_line": 1331, + "start_col": 1, + "end_line": 1331, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1346, + "column": 9, + "message": "Assuming the condition is false", + "range": { + "start_line": 1346, + "start_col": 9, + "end_line": 1346, + "end_col": 63 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1364, + "column": 9, + "message": "Assuming field 'ifconfig_ipv6_remote' is null", + "range": { + "start_line": 1364, + "start_col": 9, + "end_line": 1364, + "end_col": 39 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1419, + "column": 5, + "message": "Assuming the condition is false", + "range": { + "start_line": 1419, + "start_col": 5, + "end_line": 1419, + "end_col": 56 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1438, + "column": 9, + "message": "Assuming field 'tuntap' is non-null", + "range": { + "start_line": 1438, + "start_col": 9, + "end_line": 1438, + "end_col": 33 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1438, + "column": 9, + "message": "Assuming the condition is true", + "range": { + "start_line": 1438, + "start_col": 9, + "end_line": 1438, + "end_col": 49 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1440, + "column": 13, + "message": "Assuming the condition is false", + "range": { + "start_line": 1440, + "start_col": 13, + "end_line": 1440, + "end_col": 58 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1449, + "column": 9, + "message": "Null pointer passed to 2nd parameter expecting 'nonnull'", + "range": { + "start_line": 1449, + "start_col": 31, + "end_line": 1449, + "end_col": 47 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 2086, + "start_col": 5, + "end_line": 2086, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2089, + "start_col": 5, + "end_line": 2089, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2089, + "start_col": 9, + "end_line": 2089, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2097, + "start_col": 5, + "end_line": 2097, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2097, + "start_col": 9, + "end_line": 2097, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2102, + "start_col": 10, + "end_line": 2102, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2102, + "start_col": 14, + "end_line": 2102, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2107, + "start_col": 10, + "end_line": 2107, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2107, + "start_col": 14, + "end_line": 2107, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2116, + "start_col": 10, + "end_line": 2116, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2116, + "start_col": 14, + "end_line": 2116, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2118, + "start_col": 9, + "end_line": 2118, + "end_col": 25 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2119, + "start_col": 9, + "end_line": 2119, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2119, + "start_col": 13, + "end_line": 2119, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 2121, + "start_col": 13, + "end_line": 2121, + "end_col": 32 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1263, + "start_col": 1, + "end_line": 1263, + "end_col": 4 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1266, + "start_col": 5, + "end_line": 1266, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1270, + "start_col": 5, + "end_line": 1270, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1270, + "start_col": 9, + "end_line": 1270, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1272, + "start_col": 9, + "end_line": 1272, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1276, + "start_col": 5, + "end_line": 1276, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1276, + "start_col": 9, + "end_line": 1276, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1283, + "start_col": 5, + "end_line": 1283, + "end_col": 8 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1285, + "start_col": 19, + "end_line": 1285, + "end_col": 21 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1285, + "start_col": 5, + "end_line": 1285, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1287, + "start_col": 9, + "end_line": 1287, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1287, + "start_col": 14, + "end_line": 1287, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1295, + "start_col": 9, + "end_line": 1295, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1297, + "start_col": 9, + "end_line": 1297, + "end_col": 25 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1457, + "start_col": 1, + "end_line": 1457, + "end_col": 4 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1460, + "start_col": 5, + "end_line": 1460, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1460, + "start_col": 9, + "end_line": 1460, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1465, + "start_col": 5, + "end_line": 1465, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1465, + "start_col": 9, + "end_line": 1465, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1470, + "start_col": 5, + "end_line": 1470, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1470, + "start_col": 9, + "end_line": 1470, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1474, + "start_col": 5, + "end_line": 1474, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1474, + "start_col": 9, + "end_line": 1474, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1478, + "start_col": 5, + "end_line": 1478, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1478, + "start_col": 9, + "end_line": 1478, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1483, + "start_col": 14, + "end_line": 1483, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1483, + "start_col": 5, + "end_line": 1483, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1497, + "start_col": 13, + "end_line": 1497, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1498, + "start_col": 13, + "end_line": 1498, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1498, + "start_col": 25, + "end_line": 1498, + "end_col": 35 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1498, + "start_col": 17, + "end_line": 1498, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1530, + "start_col": 30, + "end_line": 1530, + "end_col": 40 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1530, + "start_col": 18, + "end_line": 1530, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1530, + "start_col": 22, + "end_line": 1530, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1535, + "start_col": 21, + "end_line": 1535, + "end_col": 34 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1541, + "start_col": 21, + "end_line": 1541, + "end_col": 46 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1331, + "start_col": 1, + "end_line": 1331, + "end_col": 4 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1335, + "start_col": 5, + "end_line": 1335, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1342, + "start_col": 5, + "end_line": 1342, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1344, + "start_col": 13, + "end_line": 1344, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1344, + "start_col": 5, + "end_line": 1344, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1346, + "start_col": 5, + "end_line": 1346, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1346, + "start_col": 9, + "end_line": 1346, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1351, + "start_col": 5, + "end_line": 1351, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1364, + "start_col": 5, + "end_line": 1364, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1364, + "start_col": 9, + "end_line": 1364, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1370, + "start_col": 9, + "end_line": 1370, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1373, + "start_col": 5, + "end_line": 1373, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1385, + "start_col": 5, + "end_line": 1385, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1387, + "start_col": 9, + "end_line": 1387, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1397, + "start_col": 5, + "end_line": 1397, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1405, + "start_col": 5, + "end_line": 1405, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1405, + "start_col": 9, + "end_line": 1405, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1407, + "start_col": 9, + "end_line": 1407, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1408, + "start_col": 9, + "end_line": 1408, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1419, + "start_col": 5, + "end_line": 1419, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1426, + "start_col": 5, + "end_line": 1426, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1438, + "start_col": 5, + "end_line": 1438, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1438, + "start_col": 9, + "end_line": 1438, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1440, + "start_col": 9, + "end_line": 1440, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1440, + "start_col": 13, + "end_line": 1440, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1445, + "start_col": 9, + "end_line": 1445, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + }, + { + "range": { + "start_line": 1449, + "start_col": 9, + "end_line": 1449, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "dmsg", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1283, + "column": 5, + "message": "do { if (msg_test( ((6) | ((( 69) &0xFF) <<24) |(1<<7)))) {x_msg(( ((6) | ((( 69) &0xFF) <<24) |(1<<7))), \"TUN READ [%d]\", (buf_len(&c->c2.buf)));} do { if (( ((6) | ((( 69) &0xFF) <<24) |(1<<7))) &(1<<4)) {_exit(1);}} while (0); } while (0)", + "range": { + "start_line": 1283, + "start_col": 5, + "end_line": 1283, + "end_col": 5 + } + }, + { + "name": "TUNNEL_TYPE", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1498, + "column": 25, + "message": "((c->c1.tuntap) ? ((c->c1.tuntap)->type) :0)", + "range": { + "start_line": 1498, + "start_col": 25, + "end_line": 1498, + "end_col": 25 + } + }, + { + "name": "TUNNEL_TYPE", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1530, + "column": 30, + "message": "((c->c1.tuntap) ? ((c->c1.tuntap)->type) :0)", + "range": { + "start_line": 1530, + "start_col": 30, + "end_line": 1530, + "end_col": 30 + } + }, + { + "name": "TUNNEL_TYPE", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1344, + "column": 13, + "message": "((c->c1.tuntap) ? ((c->c1.tuntap)->type) :0)", + "range": { + "start_line": 1344, + "start_col": 13, + "end_line": 1344, + "end_col": 13 + } + }, + { + "name": "BLEN", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1346, + "column": 9, + "message": "(buf_len(&inputipbuf))", + "range": { + "start_line": 1346, + "start_col": 9, + "end_line": 1346, + "end_col": 9 + } + }, + { + "name": "TUNNEL_TYPE", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1387, + "column": 9, + "message": "((c->c1.tuntap) ? ((c->c1.tuntap)->type) :0)", + "range": { + "start_line": 1387, + "start_col": 9, + "end_line": 1387, + "end_col": 9 + } + }, + { + "name": "ASSERT", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1419, + "column": 5, + "message": "do { if (!(buf_copy_n(outbuf, &inputipbuf, payload_len))) {assert_failed(,, \"buf_copy_n\"(outbuf, &inputipbuf, payload_len));}} while (0)", + "range": { + "start_line": 1419, + "start_col": 5, + "end_line": 1419, + "end_col": 5 + } + }, + { + "name": "TUNNEL_TYPE", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1438, + "column": 9, + "message": "((c->c1.tuntap) ? ((c->c1.tuntap)->type) :0)", + "range": { + "start_line": 1438, + "start_col": 9, + "end_line": 1438, + "end_col": 9 + } + }, + { + "name": "BLEN", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/forward.c", + "path": "/opt/_ga/openvpn/src/openvpn/forward.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/forward.c" + }, + "line": 1440, + "column": 13, + "message": "(buf_len(buf))", + "range": { + "start_line": 1440, + "start_col": 13, + "end_line": 1440, + "end_col": 13 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/proto.c_clang-tidy_ea014f34cb550d394606256779e3b3a5.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 51, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "4884bfd0bcf2ee611d0331a4fc083c11", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 51, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 51, + "start_col": 23, + "end_line": 51, + "end_col": 23 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/proto.c_clang-tidy_ea014f34cb550d394606256779e3b3a5.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 60, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "37cad4c0978529dbf9e0553e20a5801b", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 60, + "column": 23, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 60, + "start_col": 23, + "end_line": 60, + "end_col": 23 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/proto.c_clang-tidy_ea014f34cb550d394606256779e3b3a5.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 77, + "column": 27, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "fc65e1d487ce6fefadba78d8a3eb9ad9", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/proto.c", + "path": "/opt/_ga/openvpn/src/openvpn/proto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/proto.c" + }, + "line": 77, + "column": 27, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 77, + "start_col": 27, + "end_line": 77, + "end_col": 27 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/auth_token.c_clang-tidy_3e80a87beab0599d2cf35449de74e7d4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 353, + "column": 30, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long')", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "832ec66ac56748dc4ef09071d4645aaa", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 353, + "column": 30, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long')", + "range": { + "start_line": 353, + "start_col": 30, + "end_line": 353, + "end_col": 30 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/auth_token.c_clang-tidy_3e80a87beab0599d2cf35449de74e7d4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 354, + "column": 33, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a9f9cdf85a2268aa4b2aa94e51c9e9ac", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 354, + "column": 33, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'unsigned long'", + "range": { + "start_line": 354, + "start_col": 33, + "end_line": 354, + "end_col": 33 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/auth_token.c_clang-tidy_3e80a87beab0599d2cf35449de74e7d4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 377, + "column": 16, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "4d9a9d32d9df975b2778d974c5a8b657", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "path": "/opt/_ga/openvpn/src/openvpn/auth_token.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/auth_token.c" + }, + "line": 377, + "column": 16, + "message": "comparison of integers of different signs: 'time_t' (aka 'long') and 'unsigned long'", + "range": { + "start_line": 377, + "start_col": 16, + "end_line": 377, + "end_col": 16 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/error.c_cppcheck_0651cde92dc6ca5ccd53a37e1f1b42ff.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 802, + "column": 6, + "message": "Null pointer dereference: null", + "checker_name": "cppcheck-nullPointer", + "severity": "HIGH", + "report_hash": "8c5e34cf719e41038d77de934099d68f", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 801, + "column": 18, + "message": "Assignment 'null=NULL', assigned value is 0", + "range": { + "start_line": 801, + "start_col": 18, + "end_line": 801, + "end_col": 18 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 802, + "column": 6, + "message": "Null pointer dereference", + "range": { + "start_line": 802, + "start_col": 6, + "end_line": 802, + "end_col": 6 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 802, + "column": 6, + "message": "Null pointer dereference: null", + "range": { + "start_line": 802, + "start_col": 6, + "end_line": 802, + "end_col": 6 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 801, + "start_col": 18, + "end_line": 801, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + } + }, + { + "range": { + "start_line": 802, + "start_col": 6, + "end_line": 802, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/buffer.c_clang-tidy_77b484b4d6799e33e47d475f34b774b8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "path": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/buffer.c" + }, + "line": 310, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long')", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "372faffba979c694b45941936a356c53", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "path": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/buffer.c" + }, + "line": 310, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long')", + "range": { + "start_line": 310, + "start_col": 29, + "end_line": 310, + "end_col": 29 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/buffer.c_clang-tidy_77b484b4d6799e33e47d475f34b774b8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "path": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/buffer.c" + }, + "line": 1321, + "column": 35, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "634d066777fd7b62dcfe1c17336ed12a", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "path": "/opt/_ga/openvpn/src/openvpn/buffer.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/buffer.c" + }, + "line": 1321, + "column": 35, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "range": { + "start_line": 1321, + "start_col": 35, + "end_line": 1321, + "end_col": 35 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 1262, + "column": 12, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "checker_name": "bugprone-sizeof-expression", + "severity": "HIGH", + "report_hash": "655ba5a3c948813443758d3954b4d57f", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + }, + "line": 30, + "column": 28, + "message": "expanded from macro 'SIZE'", + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 1262, + "column": 12, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "range": { + "start_line": 1262, + "start_col": 12, + "end_line": 1262, + "end_col": 12 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + } + }, + { + "range": { + "start_line": 1262, + "start_col": 12, + "end_line": 1262, + "end_col": 12 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 1891, + "column": 45, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "03a470387b847c3dbc3bee8e55c9c342", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + }, + "line": 221, + "column": 30, + "message": "expanded from macro 'ASSERT'", + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 1891, + "column": 45, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 1891, + "start_col": 45, + "end_line": 1891, + "end_col": 45 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + } + }, + { + "range": { + "start_line": 1891, + "start_col": 45, + "end_line": 1891, + "end_col": 45 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2674, + "column": 32, + "message": "comparison of integers of different signs: 'counter_type' (aka 'unsigned long long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "4a31e05600e2621d5b3c338d1e2f69ab", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2674, + "column": 32, + "message": "comparison of integers of different signs: 'counter_type' (aka 'unsigned long long') and 'int'", + "range": { + "start_line": 2674, + "start_col": 32, + "end_line": 2674, + "end_col": 32 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2676, + "column": 34, + "message": "comparison of integers of different signs: 'counter_type' (aka 'unsigned long long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "4e2712ea69c9e09ac73e023b26790f0e", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2676, + "column": 34, + "message": "comparison of integers of different signs: 'counter_type' (aka 'unsigned long long') and 'int'", + "range": { + "start_line": 2676, + "start_col": 34, + "end_line": 2676, + "end_col": 34 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 3149, + "column": 35, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "checker_name": "bugprone-sizeof-expression", + "severity": "HIGH", + "report_hash": "0fcc6eafb1a017698a5ab6bc26bc032f", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + }, + "line": 30, + "column": 28, + "message": "expanded from macro 'SIZE'", + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 3149, + "column": 35, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "range": { + "start_line": 3149, + "start_col": 35, + "end_line": 3149, + "end_col": 35 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + } + }, + { + "range": { + "start_line": 3149, + "start_col": 35, + "end_line": 3149, + "end_col": 35 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clang-tidy_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 3166, + "column": 39, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "checker_name": "bugprone-sizeof-expression", + "severity": "HIGH", + "report_hash": "97518d26e1cd713b8df8fcef41662d86", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + }, + "line": 30, + "column": 28, + "message": "expanded from macro 'SIZE'", + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 3166, + "column": 39, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "range": { + "start_line": 3166, + "start_col": 39, + "end_line": 3166, + "end_col": 39 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 30, + "start_col": 28, + "end_line": 30, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/basic.h", + "path": "/opt/_ga/openvpn/src/openvpn/basic.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/basic.h" + } + }, + { + "range": { + "start_line": 3166, + "start_col": 39, + "end_line": 3166, + "end_col": 39 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/options.c_clang-tidy_d435c160746e2e24aa06c15b3bdd07ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 4130, + "column": 13, + "message": "the result from calling 'memcpy' is not null-terminated", + "checker_name": "bugprone-not-null-terminated-result", + "severity": "MEDIUM", + "report_hash": "8c4eb47e69d499ecca15cc856f12e688", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 4130, + "column": 13, + "message": "strcpy (fixit)", + "range": { + "start_line": 4130, + "start_col": 13, + "end_line": 4130, + "end_col": 13 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 4130, + "column": 13, + "message": "the result from calling 'memcpy' is not null-terminated", + "range": { + "start_line": 4130, + "start_col": 13, + "end_line": 4130, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_cppcheck_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1028, + "column": 9, + "message": "Using argument key that points at uninitialized variable key", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "503953dbc8adb5515ca1625278bb5459", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1455, + "column": 28, + "message": "Calling function generate_key_random, 1st argument is uninitialized", + "range": { + "start_line": 1455, + "start_col": 28, + "end_line": 1455, + "end_col": 28 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1028, + "column": 9, + "message": "Using argument key", + "range": { + "start_line": 1028, + "start_col": 9, + "end_line": 1028, + "end_col": 9 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1028, + "column": 9, + "message": "Using argument key that points at uninitialized variable key", + "range": { + "start_line": 1028, + "start_col": 9, + "end_line": 1028, + "end_col": 9 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 1455, + "start_col": 28, + "end_line": 1455, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + }, + { + "range": { + "start_line": 1028, + "start_col": 9, + "end_line": 1028, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_cppcheck_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1563, + "column": 5, + "message": "Using argument kds that points at uninitialized variable kds", + "checker_name": "cppcheck-ctuuninitvar", + "severity": "UNSPECIFIED", + "report_hash": "42db02ca2d309ad51908025224a854b9", + "analyzer_name": "cppcheck", + "category": "error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 877, + "column": 29, + "message": "Calling function key_direction_state_init, 1st argument is uninitialized", + "range": { + "start_line": 877, + "start_col": 29, + "end_line": 877, + "end_col": 29 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1563, + "column": 5, + "message": "Using argument kds", + "range": { + "start_line": 1563, + "start_col": 5, + "end_line": 1563, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1563, + "column": 5, + "message": "Using argument kds that points at uninitialized variable kds", + "range": { + "start_line": 1563, + "start_col": 5, + "end_line": 1563, + "end_col": 5 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 877, + "start_col": 29, + "end_line": 877, + "end_col": 29 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + }, + { + "range": { + "start_line": 1563, + "start_col": 5, + "end_line": 1563, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/route.c_clang-tidy_907c1c282d4f5c3b73748fd08ec46024.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 601, + "column": 23, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "5634791446bdbf75834a797c918cd265", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 601, + "column": 23, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "range": { + "start_line": 601, + "start_col": 23, + "end_line": 601, + "end_col": 23 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/route.c_clang-tidy_907c1c282d4f5c3b73748fd08ec46024.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 1544, + "column": 27, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d1e97c517eb078e753e12b177eb93630", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/route.c", + "path": "/opt/_ga/openvpn/src/openvpn/route.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/route.c" + }, + "line": 1544, + "column": 27, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'const int'", + "range": { + "start_line": 1544, + "start_col": 27, + "end_line": 1544, + "end_col": 27 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clangsa_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 491, + "column": 24, + "message": "Value stored to 'e' during its initialization is never read", + "checker_name": "deadcode.DeadStores", + "severity": "LOW", + "report_hash": "35ee8e31c778d371847407a3a67ae370", + "analyzer_name": "clangsa", + "category": "Dead store", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 491, + "column": 24, + "message": "Value stored to 'e' during its initialization is never read", + "range": { + "start_line": 491, + "start_col": 24, + "end_line": 491, + "end_col": 24 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/argv.c_clang-tidy_457447e967f32d3f9ab9beb37392c0ca.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/argv.c", + "path": "/opt/_ga/openvpn/src/openvpn/argv.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/argv.c" + }, + "line": 300, + "column": 30, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "01c572c55ed7c60001a6afc80e785672", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/argv.c", + "path": "/opt/_ga/openvpn/src/openvpn/argv.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/argv.c" + }, + "line": 300, + "column": 30, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 300, + "start_col": 30, + "end_line": 300, + "end_col": 30 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/argv.c_clang-tidy_457447e967f32d3f9ab9beb37392c0ca.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/argv.c", + "path": "/opt/_ga/openvpn/src/openvpn/argv.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/argv.c" + }, + "line": 394, + "column": 24, + "message": "comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long')", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "0508d1e51e21a7f7df3027db6bdcf61f", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/argv.c", + "path": "/opt/_ga/openvpn/src/openvpn/argv.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/argv.c" + }, + "line": 394, + "column": 24, + "message": "comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long')", + "range": { + "start_line": 394, + "start_col": 24, + "end_line": 394, + "end_col": 24 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/pool.c_cppcheck_fd92985be702ae89a296d898021f4701.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 222, + "column": 32, + "message": "Shifting signed 32-bit value by 31 bits is implementation-defined behaviour. See condition at line 213.", + "checker_name": "cppcheck-shiftTooManyBitsSigned", + "severity": "HIGH", + "report_hash": "aff6d4e1b9acc55f86a888c756722dcf", + "analyzer_name": "cppcheck", + "category": "portability", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 213, + "column": 34, + "message": "Assuming that condition '(128-ipv6_netbits)<32' is not redundant", + "range": { + "start_line": 213, + "start_col": 34, + "end_line": 213, + "end_col": 34 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 222, + "column": 32, + "message": "Shift", + "range": { + "start_line": 222, + "start_col": 32, + "end_line": 222, + "end_col": 32 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 222, + "column": 32, + "message": "Shifting signed 32-bit value by 31 bits is implementation-defined behaviour. See condition at line 213.", + "range": { + "start_line": 222, + "start_col": 32, + "end_line": 222, + "end_col": 32 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 213, + "start_col": 34, + "end_line": 213, + "end_col": 34 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + } + }, + { + "range": { + "start_line": 222, + "start_col": 32, + "end_line": 222, + "end_col": 32 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clang-tidy_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 720, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "d6876887f7540805c6738301ced2a21e", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 720, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 720, + "start_col": 21, + "end_line": 720, + "end_col": 21 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clang-tidy_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 823, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "d6876887f7540805c6738301ced2a21e", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 823, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 823, + "start_col": 21, + "end_line": 823, + "end_col": 21 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clang-tidy_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3227, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "e293b511debe235b2de85ab4ae12c802", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3227, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 3227, + "start_col": 19, + "end_line": 3227, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clang-tidy_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3241, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "e293b511debe235b2de85ab4ae12c802", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3241, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 3241, + "start_col": 19, + "end_line": 3241, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/socket.c_clang-tidy_9ecb0af867e1acc193eae92eba21d9c8.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3279, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "e293b511debe235b2de85ab4ae12c802", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/socket.c", + "path": "/opt/_ga/openvpn/src/openvpn/socket.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/socket.c" + }, + "line": 3279, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 3279, + "start_col": 19, + "end_line": 3279, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl.c_clangsa_2c08de4de2203de4639fb0616025663f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2826, + "column": 13, + "message": "Value stored to 'state_change' is never read", + "checker_name": "deadcode.DeadStores", + "severity": "LOW", + "report_hash": "6c2f5535a66b7bc0e699892778f3d68f", + "analyzer_name": "clangsa", + "category": "Dead store", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl.c" + }, + "line": 2826, + "column": 13, + "message": "Value stored to 'state_change' is never read", + "range": { + "start_line": 2826, + "start_col": 28, + "end_line": 2826, + "end_col": 31 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/options.c_clangsa_d435c160746e2e24aa06c15b3bdd07ea.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 6744, + "column": 17, + "message": "Value stored to 'msglevel_fc' is never read", + "checker_name": "deadcode.DeadStores", + "severity": "LOW", + "report_hash": "434ff1ac9ff525d3cdd11d8a04f44cc9", + "analyzer_name": "clangsa", + "category": "Dead store", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/options.c", + "path": "/opt/_ga/openvpn/src/openvpn/options.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/options.c" + }, + "line": 6744, + "column": 17, + "message": "Value stored to 'msglevel_fc' is never read", + "range": { + "start_line": 6744, + "start_col": 31, + "end_line": 6744, + "end_col": 76 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify.c_clangsa_308554663363d3e5ca940ad43b231671.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 229, + "column": 9, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "checker_name": "core.NonNullParamChecker", + "severity": "HIGH", + "report_hash": "ac32da14aa097d892b351b2d1eee1f84", + "analyzer_name": "clangsa", + "category": "API", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 216, + "column": 9, + "message": "Assuming 'error_depth' is >= 0", + "range": { + "start_line": 216, + "start_col": 9, + "end_line": 216, + "end_col": 24 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 216, + "column": 29, + "message": "Assuming 'error_depth' is < MAX_CERT_DEPTH", + "range": { + "start_line": 216, + "start_col": 29, + "end_line": 216, + "end_col": 56 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 218, + "column": 13, + "message": "Assuming field 'cert_hash_set' is non-null", + "range": { + "start_line": 218, + "start_col": 13, + "end_line": 218, + "end_col": 35 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 222, + "column": 13, + "message": "Assuming the condition is true", + "range": { + "start_line": 222, + "start_col": 13, + "end_line": 222, + "end_col": 52 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 228, + "column": 9, + "message": "Assuming the condition is true", + "range": { + "start_line": 228, + "start_col": 9, + "end_line": 228, + "end_col": 58 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 229, + "column": 9, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "range": { + "start_line": 229, + "start_col": 16, + "end_line": 229, + "end_col": 30 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 216, + "start_col": 5, + "end_line": 216, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 216, + "start_col": 9, + "end_line": 216, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 216, + "start_col": 29, + "end_line": 216, + "end_col": 39 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 218, + "start_col": 9, + "end_line": 218, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 218, + "start_col": 13, + "end_line": 218, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 222, + "start_col": 9, + "end_line": 222, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 222, + "start_col": 13, + "end_line": 222, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 224, + "start_col": 13, + "end_line": 224, + "end_col": 21 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 227, + "start_col": 9, + "end_line": 227, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 228, + "start_col": 9, + "end_line": 228, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "ALLOC_OBJ", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 224, + "column": 13, + "message": "{ check_malloc_return((session->cert_hash_set->ch[error_depth]) = ( struct cert_hash *) malloc(sizeof( struct cert_hash))); }", + "range": { + "start_line": 224, + "start_col": 13, + "end_line": 224, + "end_col": 13 + } + }, + { + "name": "ASSERT", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 228, + "column": 9, + "message": "do { if (!(sizeof(ch->sha256_hash) == (buf_len(cert_hash)))) {assert_failed(,, \"sizeof\"(ch->sha256_hash) == (buf_len(cert_hash)));}} while (0)", + "range": { + "start_line": 228, + "start_col": 9, + "end_line": 228, + "end_col": 9 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify.c_clangsa_308554663363d3e5ca940ad43b231671.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 298, + "column": 17, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "checker_name": "core.NonNullParamChecker", + "severity": "HIGH", + "report_hash": "f7114e656df3d73f58a40cabd0bd8e4e", + "analyzer_name": "clangsa", + "category": "API", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 309, + "column": 9, + "message": "Assuming 'chs' is non-null", + "range": { + "start_line": 309, + "start_col": 9, + "end_line": 309, + "end_col": 11 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 309, + "column": 16, + "message": "Assuming field 'locked_cert_hash_set' is null", + "range": { + "start_line": 309, + "start_col": 16, + "end_line": 309, + "end_col": 43 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 311, + "column": 39, + "message": "Calling 'cert_hash_copy'", + "range": { + "start_line": 311, + "start_col": 39, + "end_line": 311, + "end_col": 57 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 284, + "column": 1, + "message": "Entered call from 'tls_lock_cert_hash_set'", + "range": { + "start_line": 284, + "start_col": 1, + "end_line": 284, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 292, + "column": 21, + "message": "Entering loop body", + "range": { + "start_line": 292, + "start_col": 21, + "end_line": 292, + "end_col": 38 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 295, + "column": 17, + "message": "Assuming 'ch' is non-null", + "range": { + "start_line": 295, + "start_col": 17, + "end_line": 295, + "end_col": 18 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 298, + "column": 17, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "range": { + "start_line": 298, + "start_col": 24, + "end_line": 298, + "end_col": 47 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 308, + "start_col": 5, + "end_line": 308, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 309, + "start_col": 5, + "end_line": 309, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 309, + "start_col": 9, + "end_line": 309, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 309, + "start_col": 16, + "end_line": 309, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 311, + "start_col": 9, + "end_line": 311, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 311, + "start_col": 39, + "end_line": 311, + "end_col": 52 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 284, + "start_col": 1, + "end_line": 284, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 287, + "start_col": 5, + "end_line": 287, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 288, + "start_col": 5, + "end_line": 288, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 288, + "start_col": 9, + "end_line": 288, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 290, + "start_col": 9, + "end_line": 290, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 291, + "start_col": 9, + "end_line": 291, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 292, + "start_col": 9, + "end_line": 292, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 294, + "start_col": 13, + "end_line": 294, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 295, + "start_col": 13, + "end_line": 295, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 295, + "start_col": 17, + "end_line": 295, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 297, + "start_col": 17, + "end_line": 297, + "end_col": 25 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + } + ], + "notes": [], + "macro_expansions": [ + { + "name": "ALLOC_OBJ_CLEAR", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 291, + "column": 9, + "message": "{ { check_malloc_return((dest) = ( struct cert_hash_set *) malloc(sizeof( struct cert_hash_set))); }; memset((dest), 0, sizeof( struct cert_hash_set)); }", + "range": { + "start_line": 291, + "start_col": 9, + "end_line": 291, + "end_col": 9 + } + }, + { + "name": "ALLOC_OBJ", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 297, + "column": 17, + "message": "{ check_malloc_return((dest->ch[i]) = ( struct cert_hash *) malloc(sizeof( struct cert_hash))); }", + "range": { + "start_line": 297, + "start_col": 17, + "end_line": 297, + "end_col": 17 + } + } + ] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_verify.c_clangsa_308554663363d3e5ca940ad43b231671.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1418, + "column": 37, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "checker_name": "core.NonNullParamChecker", + "severity": "HIGH", + "report_hash": "53304ce36b9ba5b1d6a5e41f6e13754b", + "analyzer_name": "clangsa", + "category": "API", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1309, + "column": 9, + "message": "Assuming field 'auth_token_generate' is false", + "range": { + "start_line": 1309, + "start_col": 9, + "end_line": 1309, + "end_col": 41 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1342, + "column": 10, + "message": "Calling 'set_verify_user_pass_env'", + "range": { + "start_line": 1342, + "start_col": 10, + "end_line": 1342, + "end_col": 53 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1241, + "column": 1, + "message": "Entered call from 'verify_user_pass'", + "range": { + "start_line": 1241, + "start_col": 1, + "end_line": 1241, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1246, + "column": 10, + "message": "Assuming the condition is true", + "range": { + "start_line": 1246, + "start_col": 10, + "end_line": 1246, + "end_col": 63 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1260, + "column": 9, + "message": "Value assigned to field 'auth_token', which participates in a condition later", + "range": { + "start_line": 1260, + "start_col": 9, + "end_line": 1260, + "end_col": 49 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1342, + "column": 10, + "message": "Returning from 'set_verify_user_pass_env'", + "range": { + "start_line": 1342, + "start_col": 10, + "end_line": 1342, + "end_col": 53 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1357, + "column": 13, + "message": "Assuming the condition is false", + "range": { + "start_line": 1357, + "start_col": 13, + "end_line": 1357, + "end_col": 87 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1362, + "column": 13, + "message": "Assuming field 'auth_user_pass_verify_script' is null", + "range": { + "start_line": 1362, + "start_col": 13, + "end_line": 1362, + "end_col": 54 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1369, + "column": 10, + "message": "Assuming the condition is false", + "range": { + "start_line": 1369, + "start_col": 10, + "end_line": 1369, + "end_col": 63 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1386, + "column": 12, + "message": "Calling 'tls_lock_username'", + "range": { + "start_line": 1386, + "start_col": 12, + "end_line": 1386, + "end_col": 49 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 164, + "column": 1, + "message": "Entered call from 'verify_user_pass'", + "range": { + "start_line": 164, + "start_col": 1, + "end_line": 164, + "end_col": 1 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 167, + "column": 9, + "message": "Assuming field 'locked_username' is null", + "range": { + "start_line": 167, + "start_col": 9, + "end_line": 167, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 182, + "column": 13, + "message": "Assuming 'username' is null", + "range": { + "start_line": 182, + "start_col": 13, + "end_line": 182, + "end_col": 20 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 187, + "column": 5, + "message": "Returning without writing to 'multi->auth_token', which participates in a condition later", + "range": { + "start_line": 187, + "start_col": 5, + "end_line": 187, + "end_col": 5 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 187, + "column": 5, + "message": "Returning the value 1, which participates in a condition later", + "range": { + "start_line": 187, + "start_col": 5, + "end_line": 187, + "end_col": 15 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1386, + "column": 12, + "message": "Returning from 'tls_lock_username'", + "range": { + "start_line": 1386, + "start_col": 12, + "end_line": 1386, + "end_col": 49 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1406, + "column": 13, + "message": "Assuming field 'auth_token_generate' is true", + "range": { + "start_line": 1406, + "start_col": 13, + "end_line": 1406, + "end_col": 47 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1414, + "column": 17, + "message": "Assuming field 'auth_token' is null", + "range": { + "start_line": 1414, + "start_col": 17, + "end_line": 1414, + "end_col": 34 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1415, + "column": 21, + "message": "Assuming the condition is true", + "range": { + "start_line": 1415, + "start_col": 21, + "end_line": 1415, + "end_col": 67 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1416, + "column": 20, + "message": "Assuming the condition is true", + "range": { + "start_line": 1416, + "start_col": 20, + "end_line": 1416, + "end_col": 69 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + }, + "line": 1418, + "column": 37, + "message": "Null pointer passed to 1st parameter expecting 'nonnull'", + "range": { + "start_line": 1418, + "start_col": 44, + "end_line": 1418, + "end_col": 55 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 1280, + "start_col": 5, + "end_line": 1280, + "end_col": 7 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1287, + "start_col": 5, + "end_line": 1287, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1294, + "start_col": 5, + "end_line": 1294, + "end_col": 25 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1309, + "start_col": 5, + "end_line": 1309, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1309, + "start_col": 9, + "end_line": 1309, + "end_col": 15 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1342, + "start_col": 5, + "end_line": 1342, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1342, + "start_col": 10, + "end_line": 1342, + "end_col": 33 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1241, + "start_col": 1, + "end_line": 1241, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1246, + "start_col": 5, + "end_line": 1246, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1246, + "start_col": 10, + "end_line": 1246, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1248, + "start_col": 9, + "end_line": 1248, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1260, + "start_col": 9, + "end_line": 1260, + "end_col": 29 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1261, + "start_col": 9, + "end_line": 1261, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1342, + "start_col": 10, + "end_line": 1342, + "end_col": 33 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1349, + "start_col": 5, + "end_line": 1349, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1349, + "start_col": 10, + "end_line": 1349, + "end_col": 18 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1352, + "start_col": 9, + "end_line": 1352, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1352, + "start_col": 13, + "end_line": 1352, + "end_col": 24 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1357, + "start_col": 9, + "end_line": 1357, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1357, + "start_col": 13, + "end_line": 1357, + "end_col": 26 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1362, + "start_col": 9, + "end_line": 1362, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1362, + "start_col": 13, + "end_line": 1362, + "end_col": 19 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1369, + "start_col": 5, + "end_line": 1369, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1369, + "start_col": 10, + "end_line": 1369, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1378, + "start_col": 5, + "end_line": 1378, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1378, + "start_col": 9, + "end_line": 1378, + "end_col": 9 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1378, + "start_col": 10, + "end_line": 1378, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1382, + "start_col": 15, + "end_line": 1382, + "end_col": 16 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1384, + "start_col": 12, + "end_line": 1384, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1386, + "start_col": 12, + "end_line": 1386, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 164, + "start_col": 1, + "end_line": 164, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 167, + "start_col": 5, + "end_line": 167, + "end_col": 6 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 167, + "start_col": 9, + "end_line": 167, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 182, + "start_col": 9, + "end_line": 182, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 182, + "start_col": 13, + "end_line": 182, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 187, + "start_col": 5, + "end_line": 187, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 187, + "start_col": 5, + "end_line": 187, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 187, + "start_col": 5, + "end_line": 187, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1386, + "start_col": 12, + "end_line": 1386, + "end_col": 28 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1388, + "start_col": 9, + "end_line": 1388, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1390, + "start_col": 9, + "end_line": 1390, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1390, + "start_col": 13, + "end_line": 1390, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1396, + "start_col": 9, + "end_line": 1396, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1396, + "start_col": 13, + "end_line": 1396, + "end_col": 24 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1406, + "start_col": 9, + "end_line": 1406, + "end_col": 10 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1406, + "start_col": 13, + "end_line": 1406, + "end_col": 13 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1414, + "start_col": 13, + "end_line": 1414, + "end_col": 14 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1414, + "start_col": 17, + "end_line": 1414, + "end_col": 17 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1415, + "start_col": 21, + "end_line": 1415, + "end_col": 22 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1416, + "start_col": 20, + "end_line": 1416, + "end_col": 20 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1418, + "start_col": 17, + "end_line": 1418, + "end_col": 21 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + }, + { + "range": { + "start_line": 1418, + "start_col": 37, + "end_line": 1418, + "end_col": 42 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_verify.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/pool.c_clang-tidy_fd92985be702ae89a296d898021f4701.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 632, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "checker_name": "bugprone-signed-char-misuse", + "severity": "MEDIUM", + "report_hash": "6d4ba32080c8c07b0ba95b53787215cf", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/pool.c", + "path": "/opt/_ga/openvpn/src/openvpn/pool.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/pool.c" + }, + "line": 632, + "column": 21, + "message": "'signed char' to 'int' conversion; consider casting to 'unsigned char' first.", + "range": { + "start_line": 632, + "start_col": 21, + "end_line": 632, + "end_col": 21 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_clang-tidy_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 87, + "column": 23, + "message": "comparison of integers of different signs: 'const int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "be597fa49cb6e77ec6b02587bfde1bfc", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + }, + "line": 221, + "column": 30, + "message": "expanded from macro 'ASSERT'", + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 87, + "column": 23, + "message": "comparison of integers of different signs: 'const int' and 'unsigned long'", + "range": { + "start_line": 87, + "start_col": 23, + "end_line": 87, + "end_col": 23 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + } + }, + { + "range": { + "start_line": 87, + "start_col": 23, + "end_line": 87, + "end_col": 23 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_clang-tidy_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 393, + "column": 37, + "message": "comparison of integers of different signs: 'const size_t' (aka 'const unsigned long') and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "7685c9a6421d0eccae2e7b36d99890a5", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + }, + "line": 221, + "column": 30, + "message": "expanded from macro 'ASSERT'", + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 393, + "column": 37, + "message": "comparison of integers of different signs: 'const size_t' (aka 'const unsigned long') and 'const int'", + "range": { + "start_line": 393, + "start_col": 37, + "end_line": 393, + "end_col": 37 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + } + }, + { + "range": { + "start_line": 393, + "start_col": 37, + "end_line": 393, + "end_col": 37 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_clang-tidy_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 394, + "column": 45, + "message": "comparison of integers of different signs: 'unsigned long' and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "0dfd36b5655abec37006595e015c1ba0", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 394, + "column": 45, + "message": "comparison of integers of different signs: 'unsigned long' and 'const int'", + "range": { + "start_line": 394, + "start_col": 45, + "end_line": 394, + "end_col": 45 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto.c_clang-tidy_5b9d2cd2bc4c3006525b18761a5ec2a3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1109, + "column": 46, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "f4e7480111650b6a08b59d7c2e651964", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + }, + "line": 221, + "column": 30, + "message": "expanded from macro 'ASSERT'", + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + }, + "line": 1109, + "column": 46, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 1109, + "start_col": 46, + "end_line": 1109, + "end_col": 46 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + } + }, + { + "range": { + "start_line": 1109, + "start_col": 46, + "end_line": 1109, + "end_col": 46 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto_openssl.c_clang-tidy_76851cd2c2ae1a28624786ef2eebf0c3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 311, + "column": 49, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "checker_name": "bugprone-sizeof-expression", + "severity": "HIGH", + "report_hash": "815e87e6a6a4b70fe7929082a55875df", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 311, + "column": 49, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "range": { + "start_line": 311, + "start_col": 49, + "end_line": 311, + "end_col": 49 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto_openssl.c_clang-tidy_76851cd2c2ae1a28624786ef2eebf0c3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 319, + "column": 51, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "checker_name": "bugprone-sizeof-expression", + "severity": "HIGH", + "report_hash": "a93e59d0e457fa9c4259ff92066f9752", + "analyzer_name": "clang-tidy", + "category": "bugprone", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 319, + "column": 51, + "message": "suspicious usage of 'sizeof(A*)'; pointer to aggregate", + "range": { + "start_line": 319, + "start_col": 51, + "end_line": 319, + "end_col": 51 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/crypto_openssl.c_clang-tidy_76851cd2c2ae1a28624786ef2eebf0c3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 1019, + "column": 27, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "0863e20936f7237133865ba3a17f7fd2", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + }, + "line": 221, + "column": 30, + "message": "expanded from macro 'ASSERT'", + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + }, + "line": 1019, + "column": 27, + "message": "comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int'", + "range": { + "start_line": 1019, + "start_col": 27, + "end_line": 1019, + "end_col": 27 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 221, + "start_col": 30, + "end_line": 221, + "end_col": 30 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.h", + "path": "/opt/_ga/openvpn/src/openvpn/error.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.h" + } + }, + { + "range": { + "start_line": 1019, + "start_col": 27, + "end_line": 1019, + "end_col": 27 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/crypto_openssl.c" + } + } + ], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/clinat.c_clang-tidy_d0fe8d29f751b7ac915e8aed3c500ac3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 265, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "162268fac94db8b6565c390a7b194d2f", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 265, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 265, + "start_col": 29, + "end_line": 265, + "end_col": 29 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/clinat.c_clang-tidy_d0fe8d29f751b7ac915e8aed3c500ac3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 272, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "03e7755f5361305ced7cf03b141e56cd", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "path": "/opt/_ga/openvpn/src/openvpn/clinat.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/clinat.c" + }, + "line": 272, + "column": 29, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 272, + "start_col": 29, + "end_line": 272, + "end_col": 29 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_openssl.c_clang-tidy_1a7c8967041c2fcdb1ebae7610ca59e3.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c" + }, + "line": 1271, + "column": 17, + "message": "comparison of integers of different signs: 'int' and 'unsigned int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "1ab9cf1ed89fd064a122020fb8a38144", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_openssl.c" + }, + "line": 1271, + "column": 17, + "message": "comparison of integers of different signs: 'int' and 'unsigned int'", + "range": { + "start_line": 1271, + "start_col": 17, + "end_line": 1271, + "end_col": 17 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/ssl_ncp.c_clang-tidy_bb3adebe65b2ae30212fabd7ea8214c6.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c" + }, + "line": 145, + "column": 51, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "e30f22ec39213584933a82da516eace8", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c", + "path": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/ssl_ncp.c" + }, + "line": 145, + "column": 51, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 145, + "start_col": 51, + "end_line": 145, + "end_col": 51 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/error.c_clangsa_0651cde92dc6ca5ccd53a37e1f1b42ff.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 802, + "column": 11, + "message": "Dereference of null pointer (loaded from variable 'null')", + "checker_name": "core.NullDereference", + "severity": "HIGH", + "report_hash": "c43d57e6d2cd550cf84d6a1c1047792e", + "analyzer_name": "clangsa", + "category": "Logic error", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 801, + "column": 5, + "message": "'null' initialized to a null pointer value", + "range": { + "start_line": 801, + "start_col": 5, + "end_line": 801, + "end_col": 14 + } + }, + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + }, + "line": 802, + "column": 11, + "message": "Dereference of null pointer (loaded from variable 'null')", + "range": { + "start_line": 802, + "start_col": 6, + "end_line": 802, + "end_col": 9 + } + } + ], + "bug_path_positions": [ + { + "range": { + "start_line": 801, + "start_col": 5, + "end_line": 801, + "end_col": 8 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + } + }, + { + "range": { + "start_line": 802, + "start_col": 5, + "end_line": 802, + "end_col": 5 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + } + }, + { + "range": { + "start_line": 802, + "start_col": 11, + "end_line": 802, + "end_col": 11 + }, + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/error.c", + "path": "/opt/_ga/openvpn/src/openvpn/error.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/error.c" + } + } + ], + "notes": [], + "macro_expansions": [] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/codechecker/cc-report-review-status.json b/unittests/scans/codechecker/cc-report-review-status.json new file mode 100644 index 00000000000..dedc2228ff7 --- /dev/null +++ b/unittests/scans/codechecker/cc-report-review-status.json @@ -0,0 +1,165 @@ +{ + "version": 1, + "reports": [ + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "d5e8aec375bc1d89630e5e848b442109", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 576, + "start_col": 20, + "end_line": 576, + "end_col": 20 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "b5dd5b1079dfaefb3893465ef56d58f2", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "confirmed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 679, + "start_col": 13, + "end_line": 679, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "7d783dcf75b8fad6597fe70e3a900b9c", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "false_positive", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "range": { + "start_line": 402, + "start_col": 52, + "end_line": 402, + "end_col": 52 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a368fa650a319c07bc041d0de26bb973", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "intentional", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 91, + "start_col": 19, + "end_line": 91, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/codechecker/cc-report-severity.json b/unittests/scans/codechecker/cc-report-severity.json new file mode 100644 index 00000000000..1d86755a412 --- /dev/null +++ b/unittests/scans/codechecker/cc-report-severity.json @@ -0,0 +1,245 @@ +{ + "version": 1, + "reports": [ + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "UNSPECIFIED", + "report_hash": "d5e8aec375bc1d89630e5e848b442109", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 576, + "column": 20, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 576, + "start_col": 20, + "end_line": 576, + "end_col": 20 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/push.c_clang-tidy_5fb42dafea6e0be180d0fe28ce1a41f4.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "STYLE", + "report_hash": "b5dd5b1079dfaefb3893465ef56d58f2", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/push.c", + "path": "/opt/_ga/openvpn/src/openvpn/push.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/push.c" + }, + "line": 679, + "column": 13, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 679, + "start_col": 13, + "end_line": 679, + "end_col": 13 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "LOW", + "report_hash": "7d783dcf75b8fad6597fe70e3a900b9c", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/multi.h", + "path": "/opt/_ga/openvpn/src/openvpn/multi.h", + "original_path": "/opt/_ga/openvpn/src/openvpn/multi.h" + }, + "line": 402, + "column": 52, + "message": "comparison of integers of different signs: 'unsigned int' and 'const int'", + "range": { + "start_line": 402, + "start_col": 52, + "end_line": 402, + "end_col": 52 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "MEDIUM", + "report_hash": "a368fa650a319c07bc041d0de26bb973", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 91, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 91, + "start_col": 19, + "end_line": 91, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 117, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "HIGH", + "report_hash": "16d424a2781030079df820c417f8e3be", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 117, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 117, + "start_col": 19, + "end_line": 117, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + }, + { + "analyzer_result_file_path": "/opt/_ga/openvpn/.codechecker/vlan.c_clang-tidy_716d1455021645c9134d79fcb2b9da6f.plist", + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 193, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "checker_name": "clang-diagnostic-sign-compare", + "severity": "CRITICAL", + "report_hash": "a368fa650a319c07bc041d0de26bb973", + "analyzer_name": "clang-tidy", + "category": "clang", + "type": null, + "source_code_comments": [], + "review_status": "unreviewed", + "bug_path_events": [ + { + "file": { + "id": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "path": "/opt/_ga/openvpn/src/openvpn/vlan.c", + "original_path": "/opt/_ga/openvpn/src/openvpn/vlan.c" + }, + "line": 193, + "column": 19, + "message": "comparison of integers of different signs: 'int' and 'unsigned long'", + "range": { + "start_line": 193, + "start_col": 19, + "end_line": 193, + "end_col": 19 + } + } + ], + "bug_path_positions": [], + "notes": [], + "macro_expansions": [] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/cyclonedx/cyclonedx_cwe.json b/unittests/scans/cyclonedx/cyclonedx_cwe.json new file mode 100644 index 00000000000..8e56c799a92 --- /dev/null +++ b/unittests/scans/cyclonedx/cyclonedx_cwe.json @@ -0,0 +1 @@ +{"bomFormat":"CycloneDX","specVersion":"1.4","version":"1","serialNumber":"fb206469-0178-4dec-9397-987f51f4d4e0","vulnerabilities":[{"id":"CVE-2018-10054","source":{"url":"https://www.exploit-db.com/exploits/44422/","name":"Vendor Disclosure"},"ratings":[{"score":6.5,"severity":"medium","method":"CVSSv2","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"score":8.8,"severity":"high","method":"CVSSv3","vector":"AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"created":"2018-06-25T00:00:00.000+0000","published":"2018-03-29T00:00:00.000+0000","updated":"2022-06-17T00:00:00.000+0000","cwes":[20],"description":"Arbitrary Code Execution H2 Database Engine is vulnerable to arbitrary code execution.It allows an authorized user to inject arbitrary java code using H2 SQL ALIAS command `CREATE ALIAS`.","affects":[{"ref":"maven:com.h2database:h2:2.1.210:"}],"properties":[{"name":"Vulnerability Link","value":"https://www.exploit-db.com/exploits/44422/"},{"name":"Vulnerability Link","value":"https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html"},{"name":"Vulnerability Link","value":"http://blog.datomic.com/2018/03/important-security-update.html"},{"name":"Vulnerability Link","value":"https://forum.datomic.com/t/important-security-update-0-9-5697/379"},{"name":"Vulnerability Link","value":"https://github.com/h2database/h2database/blob/f97a3dcc856c012b45112cea48d0f1e1bc5518b4/h2/src/main/org/h2/server/web/WebServer.java#L279-L280"},{"name":"Vulnerability Link","value":"https://github.com/h2database/h2database/blob/f97a3dcc856c012b45112cea48d0f1e1bc5518b4/h2/src/main/org/h2/server/web/WebServer.java#L267"},{"name":"Vulnerability Link","value":"https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E"}]}]} diff --git a/unittests/scans/cyclonedx/issue_8022.json b/unittests/scans/cyclonedx/issue_8022.json new file mode 100644 index 00000000000..d009d477ddc --- /dev/null +++ b/unittests/scans/cyclonedx/issue_8022.json @@ -0,0 +1,121 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ] + } + ] + } \ No newline at end of file diff --git a/unittests/scans/cyclonedx/issue_9277.json b/unittests/scans/cyclonedx/issue_9277.json new file mode 100644 index 00000000000..c415dbbf6d6 --- /dev/null +++ b/unittests/scans/cyclonedx/issue_9277.json @@ -0,0 +1,8026 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:0a6ed783-9138-4492-8d51-a4d02937ca69", + "version": 1, + "metadata": { + "timestamp": "2024-01-04T15:25:30+00:00", + "tools": [ + { + "vendor": "aquasecurity", + "name": "trivy", + "version": "0.48.1" + } + ], + "component": { + "bom-ref": "pkg:oci/ubuntu@sha256%3A6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fubuntu", + "type": "container", + "name": "ubuntu:latest", + "purl": "pkg:oci/ubuntu@sha256%3A6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fubuntu", + "properties": [ + { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:ImageID", + "value": "sha256:174c8c134b2a94b5bb0b37d9a2b6ba0663d82d23ebf62bd51f74a2fd457333da" + }, + { + "name": "aquasecurity:trivy:RepoDigest", + "value": "ubuntu@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b" + }, + { + "name": "aquasecurity:trivy:RepoTag", + "value": "ubuntu:latest" + }, + { + "name": "aquasecurity:trivy:SchemaVersion", + "value": "2" + } + ] + } + }, + "components": [ + { + "bom-ref": "5303f1e6-739c-497b-8ad9-01b5318e8266", + "type": "operating-system", + "name": "ubuntu", + "version": "22.04", + "properties": [ + { + "name": "aquasecurity:trivy:Class", + "value": "os-pkgs" + }, + { + "name": "aquasecurity:trivy:Type", + "value": "ubuntu" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "adduser", + "version": "3.118ubuntu5", + "hashes": [ + { + "alg": "SHA-256", + "content": "53c30389227d4d16f1108a1df7ae1540c890378318335d1dc7ee95b7257f1f17" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "adduser@3.118ubuntu5" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "adduser" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.118ubuntu5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/apt@2.4.11?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "apt", + "version": "2.4.11", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/apt@2.4.11?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "apt@2.4.11" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "apt" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.4.11" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/base-files@12ubuntu4.4?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "base-files", + "version": "12ubuntu4.4", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/base-files@12ubuntu4.4?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "base-files@12ubuntu4.4" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "base-files" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "12ubuntu4.4" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Colin Watson " + }, + "name": "base-passwd", + "version": "3.5.52build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "b82ef485b59eb330ed56bc4afc54c6bd809e158da0019788ff0ba3cbab9d7bf9" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "public-domain" + } + } + ], + "purl": "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "base-passwd@3.5.52build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "base-passwd" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.5.52build1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/bash@5.1-6ubuntu1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "bash", + "version": "5.1-6ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "543fc0be88d2cf33ada88fe0cf82e1ec3fdcdd56e411dd2958eb3ef6e1a3d2fa" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/bash@5.1-6ubuntu1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "bash@5.1-6ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "bash" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "6ubuntu1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "5.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "bsdutils", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "8e863dcd6b6efbdccb83ef32fea9d80a051e48ae2311e718ea46d18bf1a4eab8" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "bsdutils@1:2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "coreutils", + "version": "8.32-4.1ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "b4bef42afe93036b1010a8b4cb03f0d3e715eed64d0cd88f7a945be40d0316f6" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "coreutils@8.32-4.1ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "coreutils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4.1ubuntu1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "8.32" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "dash", + "version": "0.5.11+git20210903+057cd650a4ed-3build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "a539a1fc715f9f52cf9159e1f2c8d254a611d1f2c176a25ca7d99372fa76f4b8" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "FSFULLR" + } + }, + { + "license": { + "name": "FSFUL" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "public-domain" + } + } + ], + "purl": "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "dash@0.5.11+git20210903+057cd650a4ed-3build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "dash" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.5.11+git20210903+057cd650a4ed" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "debconf", + "version": "1.5.79ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "395a65b3a9539304391456d4d0e5531f4249f297b6e67eb0fcaf2ff77ddc3dc3" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-2-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "debconf@1.5.79ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "debconf" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.5.79ubuntu1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "debianutils", + "version": "5.5-1ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "a285df5a72f6eadd75a042c148f4a26c6bead543e73077f12d8d0069b315082d" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "debianutils@5.5-1ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "debianutils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "5.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "diffutils", + "version": "3.8-0ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "521bdc309168c15662347d4a861ece04d85745dbf9237b1e166d4f90f35c1bb5" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL" + } + } + ], + "purl": "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "diffutils@1:3.8-0ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "diffutils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.8" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "dpkg", + "version": "1.21.1ubuntu2.2", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "public-domain-s-s-d" + } + }, + { + "license": { + "name": "public-domain-md5" + } + } + ], + "purl": "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "dpkg@1.21.1ubuntu2.2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "dpkg" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.21.1ubuntu2.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "e2fsprogs", + "version": "1.46.5-2ubuntu1.1", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "e2fsprogs@1.46.5-2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "e2fsprogs" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.46.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "findutils", + "version": "4.8.0-1ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "36b82c9455c45b4f1b88d07bdf30a1b62a4ad6164595b55254c0def2265ff4d6" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.3" + } + } + ], + "purl": "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "findutils@4.8.0-1ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "findutils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.8.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Core developers " + }, + "name": "gcc-12-base", + "version": "12.3.0-1ubuntu1~22.04", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.2" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "Artistic" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "gcc-12-base@12.3.0-1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gcc-12" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "12.3.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "gpgv", + "version": "2.2.27-3ubuntu2.1", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "permissive" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "RFC-Reference" + } + }, + { + "license": { + "name": "TinySCHEME" + } + }, + { + "license": { + "name": "CC0-1.0" + } + } + ], + "purl": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "gpgv@2.2.27-3ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gnupg2" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.2.27" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "grep", + "version": "3.7-1build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "26d08b9c96962528c73c13b5c11f245b91e49edab15f73bf8705bad1472a0113" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "grep@3.7-1build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "grep" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.7" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "gzip", + "version": "1.10-4ubuntu4.1", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.3+-no-invariant" + } + }, + { + "license": { + "name": "FSF-manpages" + } + }, + { + "license": { + "name": "GFDL-3" + } + } + ], + "purl": "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "gzip@1.10-4ubuntu4.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gzip" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu4.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.10" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "hostname", + "version": "3.23ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "cec0448fef88a43a3c232fd9df555ca4c468cf5e16ddf3a1b0a5f7b7f076e413" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "hostname@3.23ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "hostname" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.23ubuntu2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "init-system-helpers", + "version": "1.62", + "hashes": [ + { + "alg": "SHA-256", + "content": "810bc27b9b3cecab056d80d726de535ca68f00fcd955683bf46674d779f4e710" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "init-system-helpers@1.62" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "init-system-helpers" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.62" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libacl1", + "version": "2.3.1-1", + "hashes": [ + { + "alg": "SHA-256", + "content": "4db2c64ec74f673ed022e92cce7b83d0cbe0b779e02ca60a56ba59ae07754e05" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + } + ], + "purl": "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libacl1@2.3.1-1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "acl" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.3.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libapt-pkg6.0@2.4.11?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libapt-pkg6.0", + "version": "2.4.11", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libapt-pkg6.0@2.4.11?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libapt-pkg6.0@2.4.11" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "apt" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.4.11" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libattr1", + "version": "2.5.1-1build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "bb4448dcade4f169846d6e3dc00b768f39afd16db07877f595a1d3d92d191050" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + } + ], + "purl": "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libattr1@1:2.5.1-1build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "attr" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.5.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libaudit-common", + "version": "3.0.7-1build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "86697036d05c956b5b42339bf61ecf3743f7c6fd4d59a67ab16add9a2cd7802a" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-1.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libaudit-common@1:3.0.7-1build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "audit" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.0.7" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libaudit1", + "version": "3.0.7-1build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "36710fbc49150a13f14f1f9c2c8288ee840cf9425f8a609c22fefa6b64eb51c1" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-1.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libaudit1@1:3.0.7-1build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "audit" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.0.7" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libblkid1", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "f5ce929bf28632d227588fcc58b1aa6ec609dc89420161347a758f16efcdb34f" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libblkid1@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libbz2-1.0", + "version": "1.0.8-5build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "3bfeaf4259eadbb7faa09feee86cd6cad172cd95907d7465afd0eb5aebb5433f" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-variant" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libbz2-1.0@1.0.8-5build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "bzip2" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "5build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.0.8" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libc-bin", + "version": "2.35-0ubuntu3.5", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GFDL-1.3" + } + } + ], + "purl": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libc-bin@2.35-0ubuntu3.5" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "glibc" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu3.5" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.35" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libc6", + "version": "2.35-0ubuntu3.5", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GFDL-1.3" + } + } + ], + "purl": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libc6@2.35-0ubuntu3.5" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "glibc" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu3.5" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.35" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libcap-ng0", + "version": "0.7.9-2.2build3", + "hashes": [ + { + "alg": "SHA-256", + "content": "124d0c8748a841f279e996298ef8aac69a249e294792f4b5e16dc00496f1d3ac" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libcap-ng0@0.7.9-2.2build3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libcap-ng" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2.2build3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.7.9" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libcap2", + "version": "2.44-1ubuntu0.22.04.1", + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libcap2@1:2.44-1ubuntu0.22.04.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libcap2" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu0.22.04.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.44" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libcom-err2", + "version": "1.46.5-2ubuntu1.1", + "purl": "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libcom-err2@1.46.5-2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "e2fsprogs" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.46.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libcrypt1", + "version": "4.4.27-1", + "hashes": [ + { + "alg": "SHA-256", + "content": "3fa566e9f861a08736cbc5a97562d9d6e4f0c00450fbeafcb6d7583423b04a98" + } + ], + "purl": "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libcrypt1@1:4.4.27-1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libxcrypt" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.4.27" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libdb5.3", + "version": "5.3.28+dfsg1-0.8ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "ce60e446c9cb0e94bb4b4d0fe4f969e772edec250deb186bacf955e4d196548b" + } + ], + "purl": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libdb5.3@5.3.28+dfsg1-0.8ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "db5.3" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0.8ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "5.3.28+dfsg1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libdebconfclient0", + "version": "0.261ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "508d09720201f533ee98fa139dbf49d7d980a053693809be11609559f81eb2c0" + } + ], + "purl": "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libdebconfclient0@0.261ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "cdebconf" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.261ubuntu1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libext2fs2", + "version": "1.46.5-2ubuntu1.1", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libext2fs2@1.46.5-2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "e2fsprogs" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.46.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libffi8", + "version": "3.4.2-4", + "hashes": [ + { + "alg": "SHA-256", + "content": "b4f88c91fa6f4c942097be6abfc365fb133c5e147640168cbb7704fd855eac10" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libffi8@3.4.2-4" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libffi" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.4.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Core developers " + }, + "name": "libgcc-s1", + "version": "12.3.0-1ubuntu1~22.04", + "purl": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgcc-s1@12.3.0-1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gcc-12" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "12.3.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libgcrypt20", + "version": "1.9.4-3ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "fe7d7e9f83b280f4fafaaa3852e462f43a9e854bc268e06667da2bf1b3e9d658" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgcrypt20@1.9.4-3ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libgcrypt20" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.9.4" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libgmp10", + "version": "6.2.1+dfsg-3ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "d199a77e11701d4d620dd4f62e05740e3072dce893856ea3bbaa6ae9fa19fef1" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgmp10@2:6.2.1+dfsg-3ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "2" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gmp" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3ubuntu1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.2.1+dfsg" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libgnutls30", + "version": "3.7.3-4ubuntu1.3", + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.3" + } + }, + { + "license": { + "name": "CC0" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "Apache-2.0" + } + }, + { + "license": { + "name": "LGPLv3+" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgnutls30@3.7.3-4ubuntu1.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gnutls28" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu1.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.7.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libgpg-error0", + "version": "1.43-3", + "hashes": [ + { + "alg": "SHA-256", + "content": "1fbacdf9bd1e431cee874a697b339f6f925182bc79bba5a112b53669b33265c5" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "g10-permissive" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgpg-error0@1.43-3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libgpg-error" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.43" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libgssapi-krb5-2", + "version": "1.19.2-2ubuntu0.3", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libgssapi-krb5-2@1.19.2-2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "krb5" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.19.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libhogweed6", + "version": "3.7.3-1build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "2402ac51ebc760799b01f3fd4933126c5eb446e5b043832601fb589f5e50c363" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0-with-autoconf-exception" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "GAP" + } + } + ], + "purl": "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libhogweed6@3.7.3-1build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "nettle" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.7.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libidn2-0", + "version": "2.3.2-2build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "bc935e1871aa4a75d3f4ff549af32b7316aecfbea2200d85055878767b8398c8" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "Unicode" + } + } + ], + "purl": "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libidn2-0@2.3.2-2build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libidn2" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.3.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libk5crypto3", + "version": "1.19.2-2ubuntu0.3", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libk5crypto3@1.19.2-2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "krb5" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.19.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libkeyutils1", + "version": "1.6.1-2ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "940daf78ee0229549b4eabc92ffd79dd038ed96a44e2e912305a23540cf22a0a" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libkeyutils1@1.6.1-2ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "keyutils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.6.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libkrb5-3", + "version": "1.19.2-2ubuntu0.3", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libkrb5-3@1.19.2-2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "krb5" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.19.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libkrb5support0", + "version": "1.19.2-2ubuntu0.3", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libkrb5support0@1.19.2-2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "krb5" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.19.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "liblz4-1", + "version": "1.9.3-2build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "ac9b54d0feb840345060c74fb687675c5e1eb2b195effafae38c5f9991041e98" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "liblz4-1@1.9.3-2build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "lz4" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.9.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "liblzma5", + "version": "5.2.5-2ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "8f1c46e7d3f5102a5e4fdca7c949728a343ba71c2a7c124118df2c13d4c444f7" + } + ], + "licenses": [ + { + "license": { + "name": "PD" + } + }, + { + "license": { + "name": "probably-PD" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "permissive-fsf" + } + }, + { + "license": { + "name": "Autoconf" + } + }, + { + "license": { + "name": "permissive-nowarranty" + } + }, + { + "license": { + "name": "none" + } + }, + { + "license": { + "name": "config-h" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "noderivs" + } + }, + { + "license": { + "name": "PD-debian" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "liblzma5@5.2.5-2ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "xz-utils" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "5.2.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libmount1", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "d38fb72ed15461ac652215fa488c5fc3b4e6c86dcc6341eb833aef8dc8ad6e0f" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libmount1@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libncurses6", + "version": "6.3-2ubuntu0.1", + "purl": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libncurses6@6.3-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ncurses" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libncursesw6", + "version": "6.3-2ubuntu0.1", + "purl": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libncursesw6@6.3-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ncurses" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libnettle8", + "version": "3.7.3-1build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "6da09e685e5587f8873f662b007de45f75424fb33d2c4a51837380e683d33c7e" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0-with-autoconf-exception" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "GAP" + } + } + ], + "purl": "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libnettle8@3.7.3-1build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "nettle" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.7.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libnsl2", + "version": "1.3.0-2build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "cfeef478f96ace59617f4f93c2497776b98a33c99bf3602af46844ccf9cba9d3" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "permissive-fsf" + } + }, + { + "license": { + "name": "permissive-makefile-in" + } + }, + { + "license": { + "name": "permissive-autoconf-m4-no-warranty" + } + }, + { + "license": { + "name": "GPL-3+-autoconf-exception" + } + }, + { + "license": { + "name": "permissive-configure" + } + }, + { + "license": { + "name": "GPL-2+-autoconf-exception" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "GPL-2+-libtool-exception" + } + }, + { + "license": { + "name": "permissive-autoconf-m4" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libnsl2@1.3.0-2build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libnsl" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.3.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libp11-kit0", + "version": "0.24.0-6build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "70d9009af3c5cbf70c374b493f3a51f4d722757a8efe0d89af9796da78a51262" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "permissive-like-automake-output" + } + }, + { + "license": { + "name": "ISC" + } + }, + { + "license": { + "name": "ISC+IBM" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "Apache-2.0" + } + }, + { + "license": { + "name": "same-as-rest-of-p11kit" + } + } + ], + "purl": "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libp11-kit0@0.24.0-6build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "p11-kit" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "6build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.24.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpam-modules-bin", + "version": "1.4.0-11ubuntu2.3", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpam-modules-bin@1.4.0-11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pam" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.4.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpam-modules", + "version": "1.4.0-11ubuntu2.3", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpam-modules@1.4.0-11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pam" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.4.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.3?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpam-runtime", + "version": "1.4.0-11ubuntu2.3", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.3?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpam-runtime@1.4.0-11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pam" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.4.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpam0g", + "version": "1.4.0-11ubuntu2.3", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpam0g@1.4.0-11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pam" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "11ubuntu2.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.4.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpcre2-8-0", + "version": "10.39-3ubuntu0.1", + "purl": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpcre2-8-0@10.39-3ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pcre2" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "10.39" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libpcre3", + "version": "8.39-13ubuntu0.22.04.1", + "purl": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libpcre3@2:8.39-13ubuntu0.22.04.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "2" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pcre3" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "13ubuntu0.22.04.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "8.39" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libprocps8", + "version": "3.3.17-6ubuntu2.1", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libprocps8@2:3.3.17-6ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "2" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "procps" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "6ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3.17" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libseccomp2", + "version": "2.5.3-2ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "684ebb02924935f6c176eea7d42ac367fcd8f019450e4782c79e5abb349d6aab" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + } + ], + "purl": "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libseccomp2@2.5.3-2ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libseccomp" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.5.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libselinux1", + "version": "3.3-1build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "b96c6b40ee2388bd51341cb11c0f1d5bcca29b9180b6e3a77a06b881f2913f7e" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libselinux1@3.3-1build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libselinux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libsemanage-common", + "version": "3.3-1build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "bb60d1049ed3d7838b395785cab09f2210c04878fcae9391ea3499f62d04ec2d" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libsemanage-common@3.3-1build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libsemanage" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libsemanage2", + "version": "3.3-1build2", + "hashes": [ + { + "alg": "SHA-256", + "content": "0ab2748fce09293ca2c4c1214460409f834be1736ec1b1841927302efd8fa9da" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libsemanage2@3.3-1build2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libsemanage" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libsepol2", + "version": "3.3-1build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "d47b019f21865a9692e361d260e96a3234fd934cee37026dad8f41228d9363d8" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libsepol2@3.3-1build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libsepol" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libsmartcols1", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "b61722721fc4e2534823e391e6ed73655cf8c5b13e2977003f3b930f166260b0" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libsmartcols1@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libss2", + "version": "1.46.5-2ubuntu1.1", + "purl": "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libss2@1.46.5-2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "e2fsprogs" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.46.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.12?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libssl3", + "version": "3.0.2-0ubuntu1.12", + "licenses": [ + { + "license": { + "name": "Apache-2.0" + } + }, + { + "license": { + "name": "Artistic" + } + }, + { + "license": { + "name": "GPL-1.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.12?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libssl3@3.0.2-0ubuntu1.12" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "openssl" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu1.12" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.0.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Core developers " + }, + "name": "libstdc++6", + "version": "12.3.0-1ubuntu1~22.04", + "purl": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libstdc++6@12.3.0-1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "gcc-12" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu1~22.04" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "12.3.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libsystemd0", + "version": "249.11-0ubuntu3.11", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "CC0-1.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-2 with Linux-syscall-note exception" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "public-domain" + } + } + ], + "purl": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libsystemd0@249.11-0ubuntu3.11" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "systemd" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu3.11" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "249.11" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libtasn1-6", + "version": "4.18.0-4build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "c4258c87f569f6070312ad4b64a35cb00a9fffca07982b4aac5a3f340ab3e2cd" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.3" + } + } + ], + "purl": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libtasn1-6@4.18.0-4build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libtasn1-6" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.18.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libtinfo6", + "version": "6.3-2ubuntu0.1", + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + }, + { + "license": { + "name": "X11" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libtinfo6@6.3-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ncurses" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libtirpc-common", + "version": "1.3.2-2ubuntu0.1", + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "__AUTO_PERMISSIVE__" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "PERMISSIVE" + } + } + ], + "purl": "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libtirpc-common@1.3.2-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libtirpc" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.3.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libtirpc3", + "version": "1.3.2-2ubuntu0.1", + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "__AUTO_PERMISSIVE__" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "PERMISSIVE" + } + } + ], + "purl": "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libtirpc3@1.3.2-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libtirpc" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.3.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libudev1", + "version": "249.11-0ubuntu3.11", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "CC0-1.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-2 with Linux-syscall-note exception" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "public-domain" + } + } + ], + "purl": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libudev1@249.11-0ubuntu3.11" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "systemd" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "0ubuntu3.11" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "249.11" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libunistring2", + "version": "1.0-1", + "hashes": [ + { + "alg": "SHA-256", + "content": "988fb59de6a0a313844277e8a6e45d3dc16f5ea75a603a46b16b936426f0ac65" + } + ], + "licenses": [ + { + "license": { + "name": "LGPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "FreeSoftware" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GFDL-1.2+" + } + }, + { + "license": { + "name": "GPL-2+ with distribution exception" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "GFDL-1.2" + } + } + ], + "purl": "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libunistring2@1.0-1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libunistring" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libuuid1", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "94f24383876c575a85c4fd87226e72fe9c9bbdbb52b6f4d71dade805e0d60d48" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libuuid1@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libxxhash0", + "version": "0.8.1-1", + "hashes": [ + { + "alg": "SHA-256", + "content": "71cf4300213c7ce65deadf37a21dc250d8162cdf1e41d7fda1e279a390051169" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libxxhash0@0.8.1-1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "xxhash" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.8.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "libzstd1", + "version": "1.4.8+dfsg-3build1", + "hashes": [ + { + "alg": "SHA-256", + "content": "ae7db00ce8b093e50c994518b90203544e063b4bc574836a048bb142b950b2c9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "Zlib" + } + }, + { + "license": { + "name": "Expat" + } + } + ], + "purl": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libzstd1@1.4.8+dfsg-3build1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libzstd" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3build1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.4.8+dfsg" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "login", + "version": "4.8.1-2ubuntu2.1", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "login@1:4.8.1-2ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "shadow" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.8.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "logsave", + "version": "1.46.5-2ubuntu1.1", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "logsave@1.46.5-2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "e2fsprogs" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu1.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.46.5" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "lsb-base", + "version": "11.1.0ubuntu4", + "hashes": [ + { + "alg": "SHA-256", + "content": "23ac3e99b0c2cd0179a7f40fa5a24248345e16c515f222164dad2a638b4f04cf" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "lsb-base@11.1.0ubuntu4" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "lsb" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "11.1.0ubuntu4" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "mawk", + "version": "1.3.4.20200120-3", + "hashes": [ + { + "alg": "SHA-256", + "content": "73aea4eef18e9960e04ea2de58c3ee1bb552af6c1dc889ab33c6c896d3387c97" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "mawk@1.3.4.20200120-3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "mawk" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.3.4.20200120" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "mount", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "0f7242d9ffbc6a1147a633f0cff1de1476f436fe72846501d9232b63845dfdc3" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "mount@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "ncurses-base", + "version": "6.3-2ubuntu0.1", + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + }, + { + "license": { + "name": "X11" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "ncurses-base@6.3-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ncurses" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "ncurses-bin", + "version": "6.3-2ubuntu0.1", + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + }, + { + "license": { + "name": "X11" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "ncurses-bin@6.3-2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ncurses" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu0.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "6.3" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "passwd", + "version": "4.8.1-2ubuntu2.1", + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "passwd@1:4.8.1-2ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "shadow" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.8.1" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "perl-base", + "version": "5.34.0-3ubuntu1.3", + "licenses": [ + { + "license": { + "name": "GPL-1.0" + } + }, + { + "license": { + "name": "Artistic" + } + }, + { + "license": { + "name": "Expat" + } + }, + { + "license": { + "name": "REGCOMP" + } + }, + { + "license": { + "name": "GPL-2.0-with-bison-exception" + } + }, + { + "license": { + "name": "Unicode" + } + }, + { + "license": { + "name": "BZIP" + } + }, + { + "license": { + "name": "Zlib" + } + }, + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "RRA-KEEP-THIS-NOTICE" + } + }, + { + "license": { + "name": "BSD-3-clause-with-weird-numbering" + } + }, + { + "license": { + "name": "CC0-1.0" + } + }, + { + "license": { + "name": "TEXT-TABS" + } + }, + { + "license": { + "name": "BSD-4-clause-POWERDOG" + } + }, + { + "license": { + "name": "BSD-3-clause-GENERIC" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "SDBM-PUBLIC-DOMAIN" + } + }, + { + "license": { + "name": "DONT-CHANGE-THE-GPL" + } + }, + { + "license": { + "name": "Artistic-dist" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "Artistic-2" + } + }, + { + "license": { + "name": "HSIEH-DERIVATIVE" + } + }, + { + "license": { + "name": "HSIEH-BSD" + } + } + ], + "purl": "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "perl-base@5.34.0-3ubuntu1.3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "perl" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "3ubuntu1.3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "5.34.0" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "procps", + "version": "3.3.17-6ubuntu2.1", + "licenses": [ + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "procps@2:3.3.17-6ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "2" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "procps" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "6ubuntu2.1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.3.17" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "sed", + "version": "4.8-1ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb871eba3078dbfe67770e9b8c2087cf568f06769611360a7de293a806f266c5" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "sed@4.8-1ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "sed" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "4.8" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "sensible-utils", + "version": "0.0.17", + "hashes": [ + { + "alg": "SHA-256", + "content": "68fa82f5a319ffe48f51ea874117be3d6781c5f6b2ac4f172485fa690ebde4a3" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "All-permissive" + } + }, + { + "license": { + "name": "configure" + } + }, + { + "license": { + "name": "installsh" + } + } + ], + "purl": "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "sensible-utils@0.0.17" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "sensible-utils" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.0.17" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "sysvinit-utils", + "version": "3.01-1ubuntu1", + "hashes": [ + { + "alg": "SHA-256", + "content": "54c24d33f48253b1460a32208d3f91f30f97fb5094ffa03afb2d687ab4319a04" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "sysvinit-utils@3.01-1ubuntu1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "sysvinit" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu1" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.01" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "tar", + "version": "1.34+dfsg-1ubuntu0.1.22.04.2", + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "tar@1.34+dfsg-1ubuntu0.1.22.04.2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "tar" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "1ubuntu0.1.22.04.2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.34+dfsg" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Dimitri John Ledkov " + }, + "name": "ubuntu-keyring", + "version": "2021.03.26", + "hashes": [ + { + "alg": "SHA-256", + "content": "0d0e7ed6b112f5d03eabf3c7eb01ebdacf9c57714b279e90495cfc58c8c4520f" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "ubuntu-keyring@2021.03.26" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ubuntu-keyring" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2021.03.26" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "usrmerge", + "version": "25ubuntu2", + "hashes": [ + { + "alg": "SHA-256", + "content": "43bed2d23b2005c0690017d7bf8c332d0fd73fea18be245bd838a3fe104c93ad" + } + ], + "licenses": [ + { + "license": { + "name": "GPL v2" + } + }, + { + "license": { + "name": "later" + } + } + ], + "purl": "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "usrmerge@25ubuntu2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "usrmerge" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "25ubuntu2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "util-linux", + "version": "2.37.2-4ubuntu3", + "hashes": [ + { + "alg": "SHA-256", + "content": "df52c8d589844aaf98b24fb22a9ce1be677eb30c70d8311c1a10c8c2d8b988d2" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + }, + { + "license": { + "name": "GPL-3.0" + } + }, + { + "license": { + "name": "public-domain" + } + }, + { + "license": { + "name": "BSD-4-Clause" + } + }, + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + }, + { + "license": { + "name": "LGPL-2.0" + } + }, + { + "license": { + "name": "LGPL-2.1" + } + }, + { + "license": { + "name": "LGPL-3.0" + } + } + ], + "purl": "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "util-linux@2.37.2-4ubuntu3" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "util-linux" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "4ubuntu3" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.37.2" + } + ] + }, + { + "bom-ref": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "type": "library", + "supplier": { + "name": "Ubuntu Developers " + }, + "name": "zlib1g", + "version": "1.2.11.dfsg-2ubuntu9.2", + "licenses": [ + { + "license": { + "name": "Zlib" + } + } + ], + "purl": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:a1360aae5271bbbf575b4057cb4158dbdfbcae76698189b55fb1039bc0207400" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:a486411936734b0d1d201c8a0ed8e9d449a64d5033fdc33411ec95bc26460efb" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "ubuntu" + }, + { + "name": "aquasecurity:trivy:SrcEpoch", + "value": "1" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "zlib" + }, + { + "name": "aquasecurity:trivy:SrcRelease", + "value": "2ubuntu9.2" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.11.dfsg" + } + ] + } + ], + "dependencies": [ + { + "ref": "5303f1e6-739c-497b-8ad9-01b5318e8266", + "dependsOn": [ + "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/apt@2.4.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/base-files@12ubuntu4.4?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/bash@5.1-6ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libapt-pkg6.0@2.4.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.3?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.12?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtasn1-6@4.18.0-4build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1" + ] + }, + { + "ref": "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1" + ] + }, + { + "ref": "pkg:deb/ubuntu/apt@2.4.11?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libapt-pkg6.0@2.4.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/base-files@12ubuntu4.4?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1" + ] + }, + { + "ref": "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/bash@5.1-6ubuntu1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/base-files@12ubuntu4.4?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1" + ] + }, + { + "ref": "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libapt-pkg6.0@2.4.11?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1" + ] + }, + { + "ref": "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all&distro=ubuntu-22.04&epoch=1", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtasn1-6@4.18.0-4build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.12?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.3?arch=all&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.12?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.11?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.3?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "dependsOn": [ + "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all&distro=ubuntu-22.04", + "dependsOn": [ + "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.3?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3?arch=amd64&distro=ubuntu-22.04", + "dependsOn": [] + }, + { + "ref": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64&distro=ubuntu-22.04&epoch=1", + "dependsOn": [ + "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04" + ] + }, + { + "ref": "pkg:oci/ubuntu@sha256%3A6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fubuntu", + "dependsOn": [ + "5303f1e6-739c-497b-8ad9-01b5318e8266" + ] + } + ], + "vulnerabilities": [ + { + "id": "CVE-2016-2781", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + + "ratings": [ + { + "source": { + "name": "cbl-mariner" + }, + "severity": "medium" + }, + { + "source": { + "name": "nvd" + }, + "score": 2.1, + "severity": "info", + "method": "CVSSv2", + "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N" + }, + { + "source": { + "name": "nvd" + }, + "score": 6.5, + "severity": "medium", + "method": "CVSSv3", + "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" + }, + { + "source": { + "name": "redhat" + }, + "score": 6.2, + "severity": "medium", + "method": "CVSSv2", + "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C" + }, + { + "source": { + "name": "redhat" + }, + "score": 8.6, + "severity": "medium", + "method": "CVSSv3", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 20 + ], + "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + { + "url": "http://seclists.org/oss-sec/2016/q1/452" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2016/02/28/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2016/02/28/3" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2016-2781" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" + }, + { + "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + }, + { + "url": "https://lore.kernel.org/patchwork/patch/793178/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2781" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781" + } + ], + "published": "2017-02-07T15:59:00+00:00", + "updated": "2023-11-07T02:32:03+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "8.32-4.1ubuntu1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "TEMP-0290435-0B57B5", + "source": { + "name": "debian", + "url": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "ratings": [ + { + "source": { + "name": "debian" + }, + "severity": "low" + } + ], + "advisories": [ + { + "url": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5" + } + ], + "affects": [ + { + "ref": "pkg:deb/debian/tar@1.30%2Bdfsg-6?arch=amd64&distro=debian-10.12", + "versions": [ + { + "version": "1.30+dfsg-6", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2017-11164", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "nvd" + }, + "score": 7.8, + "severity": "high", + "method": "CVSSv2", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C" + }, + { + "source": { + "name": "nvd" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "photon" + }, + "severity": "high" + }, + { + "source": { + "name": "redhat" + }, + "score": 3.3, + "severity": "low", + "method": "CVSSv3", + "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 674 + ], + "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2017-11164" + }, + { + "url": "http://openwall.com/lists/oss-security/2017/07/11/3" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/04/11/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/04/12/1" + }, + { + "url": "http://www.securityfocus.com/bid/99575" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2017-11164" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" + }, + { + "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11164" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2017-11164" + } + ], + "published": "2017-07-11T03:29:00+00:00", + "updated": "2023-11-07T02:38:10+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64&distro=ubuntu-22.04&epoch=2", + "versions": [ + { + "version": "2:8.39-13ubuntu0.22.04.1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2016-20013", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "nvd" + }, + "score": 5, + "severity": "medium", + "method": "CVSSv2", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + }, + { + "source": { + "name": "nvd" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 770 + ], + "description": "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2016-20013" + }, + { + "url": "https://akkadia.org/drepper/SHA-crypt.txt" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013" + }, + { + "url": "https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/" + }, + { + "url": "https://twitter.com/solardiz/status/795601240151457793" + } + ], + "published": "2022-02-19T05:15:09+00:00", + "updated": "2022-03-03T16:43:19+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "2.35-0ubuntu3.5", + "status": "affected" + } + ] + }, + { + "ref": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.5?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "2.35-0ubuntu3.5", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2022-27943", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "amazon" + }, + "severity": "low" + }, + { + "source": { + "name": "nvd" + }, + "score": 4.3, + "severity": "medium", + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" + }, + { + "source": { + "name": "nvd" + }, + "score": 5.5, + "severity": "medium", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "redhat" + }, + "score": 5.5, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 674 + ], + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2022-27943" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943" + }, + { + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039" + }, + { + "url": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79" + }, + { + "url": "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-27943" + } + ], + "published": "2022-03-26T13:15:07+00:00", + "updated": "2023-11-07T03:45:32+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "12.3.0-1ubuntu1~22.04", + "status": "affected" + } + ] + }, + { + "ref": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "12.3.0-1ubuntu1~22.04", + "status": "affected" + } + ] + }, + { + "ref": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "12.3.0-1ubuntu1~22.04", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2023-29383", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "nvd" + }, + "score": 3.3, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + }, + { + "source": { + "name": "photon" + }, + "severity": "low" + }, + { + "source": { + "name": "redhat" + }, + "score": 5.5, + "severity": "medium", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 74 + ], + "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2023-29383" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-29383" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29383" + }, + { + "url": "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d" + }, + { + "url": "https://github.com/shadow-maint/shadow/pull/687" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29383" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-29383" + }, + { + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/" + }, + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" + } + ], + "published": "2023-04-14T22:15:07+00:00", + "updated": "2023-04-24T18:05:30+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "versions": [ + { + "version": "1:4.8.1-2ubuntu2.1", + "status": "affected" + } + ] + }, + { + "ref": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.1?arch=amd64&distro=ubuntu-22.04&epoch=1", + "versions": [ + { + "version": "1:4.8.1-2ubuntu2.1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2020-22916", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "nvd" + }, + "score": 5.5, + "severity": "medium", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "redhat" + }, + "score": 5.5, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "medium" + } + ], + "description": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of \"endless output\" and \"denial of service\" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2020-22916" + }, + { + "url": "http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2020-22916" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234987" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1214590" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22916" + }, + { + "url": "https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability" + }, + { + "url": "https://github.com/tukaani-project/xz/issues/61" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22916" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2020-22916" + }, + { + "url": "https://tukaani.org/xz/" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916" + } + ], + "published": "2023-08-22T19:16:19+00:00", + "updated": "2023-11-07T03:19:47+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "5.2.5-2ubuntu1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2022-3715", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "alma" + }, + "severity": "medium" + }, + { + "source": { + "name": "amazon" + }, + "severity": "medium" + }, + { + "source": { + "name": "nvd" + }, + "score": 7.8, + "severity": "high", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "source": { + "name": "oracle-oval" + }, + "severity": "medium" + }, + { + "source": { + "name": "redhat" + }, + "score": 6.6, + "severity": "medium", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" + }, + { + "source": { + "name": "rocky" + }, + "severity": "medium" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 787, + 119 + ], + "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2022-3715" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:0340" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2022-3715" + }, + { + "url": "https://bugzilla.redhat.com/2126720" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126720" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3715" + }, + { + "url": "https://errata.almalinux.org/9/ALSA-2023-0340.html" + }, + { + "url": "https://errata.rockylinux.org/RLSA-2023:0340" + }, + { + "url": "https://linux.oracle.com/cve/CVE-2022-3715.html" + }, + { + "url": "https://linux.oracle.com/errata/ELSA-2023-0340.html" + }, + { + "url": "https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3715" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715" + } + ], + "published": "2023-01-05T15:15:10+00:00", + "updated": "2023-02-24T18:38:10+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/bash@5.1-6ubuntu1?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "5.1-6ubuntu1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2022-3219", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "nvd" + }, + "score": 3.3, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + }, + { + "source": { + "name": "redhat" + }, + "score": 6.2, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 787 + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2022-3219" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219" + }, + { + "url": "https://dev.gnupg.org/D556" + }, + { + "url": "https://dev.gnupg.org/T5993" + }, + { + "url": "https://marc.info/?l=oss-security&m=165696590211434&w=4" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230324-0001/" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-3219" + } + ], + "published": "2023-02-23T20:15:12+00:00", + "updated": "2023-05-26T16:31:34+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.1?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "2.2.27-3ubuntu2.1", + "status": "affected" + } + ] + } + ] + }, + { + "id": "CVE-2022-4899", + "source": { + "name": "ubuntu", + "url": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "ratings": [ + { + "source": { + "name": "amazon" + }, + "severity": "medium" + }, + { + "source": { + "name": "ghsa" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "nvd" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "photon" + }, + "severity": "high" + }, + { + "source": { + "name": "redhat" + }, + "score": 7.5, + "severity": "low", + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + { + "source": { + "name": "ubuntu" + }, + "severity": "low" + } + ], + "cwes": [ + 400 + ], + "description": "asdfasfdA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", + "advisories": [ + { + "url": "https://avd.aquasec.com/nvd/cve-2022-4899" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2022-4899" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899" + }, + { + "url": "https://github.com/facebook/zstd" + }, + { + "url": "https://github.com/facebook/zstd/issues/3200" + }, + { + "url": "https://github.com/facebook/zstd/pull/3220" + }, + { + "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml" + }, + { + "url": "https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899" + } + ], + "published": "2023-03-31T20:15:07+00:00", + "updated": "2023-11-07T03:59:16+00:00", + "affects": [ + { + "ref": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64&distro=ubuntu-22.04", + "versions": [ + { + "version": "1.4.8+dfsg-3build1", + "status": "affected" + } + ] + } + ] + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/cyclonedx/jake.json b/unittests/scans/cyclonedx/jake.json new file mode 100644 index 00000000000..93333275c4e --- /dev/null +++ b/unittests/scans/cyclonedx/jake.json @@ -0,0 +1,602 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:121d3591-2fa5-46f1-bf7f-8647df93fa82", + "version": 1, + "metadata": { + "timestamp": "2022-01-23T21:32:26.030422+00:00", + "tools": [ + { + "vendor": "CycloneDX", + "name": "cyclonedx-python-lib", + "version": "1.1.1", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-python-lib/" + }, + { + "type": "documentation", + "url": "https://cyclonedx.github.io/cyclonedx-python-lib/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib" + }, + { + "type": "website", + "url": "https://cyclonedx.org" + } + ] + } + ] + }, + "components": [ + { + "type": "library", + "author": "Andrey Petrov", + "name": "urllib3", + "version": "1.26.8", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/urllib3@1.26.8" + }, + { + "type": "library", + "name": "types-toml", + "version": "0.10.1", + "licenses": [ + { + "expression": "Apache-2.0 license" + } + ], + "purl": "pkg:pypi/types-toml@0.10.1" + }, + { + "type": "library", + "name": "types-setuptools", + "version": "57.4.4", + "licenses": [ + { + "expression": "Apache-2.0 license" + } + ], + "purl": "pkg:pypi/types-setuptools@57.4.4" + }, + { + "type": "library", + "author": "William Pearson", + "name": "toml", + "version": "0.10.2", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/toml@0.10.2" + }, + { + "type": "library", + "author": "Markus Siemens", + "name": "tinydb", + "version": "4.6.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/tinydb@4.6.1" + }, + { + "type": "library", + "author": "Python Packaging Authority", + "name": "setuptools", + "version": "58.1.0", + "purl": "pkg:pypi/setuptools@58.1.0" + }, + { + "type": "library", + "author": "Will McGugan", + "name": "rich", + "version": "11.0.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/rich@11.0.0" + }, + { + "type": "library", + "author": "Kenneth Reitz", + "name": "requests", + "version": "2.27.1", + "licenses": [ + { + "expression": "Apache 2.0" + } + ], + "purl": "pkg:pypi/requests@2.27.1" + }, + { + "type": "library", + "author": "Stuart Bishop", + "name": "pytz", + "version": "2021.3", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pytz@2021.3" + }, + { + "type": "library", + "author": "Georg Brandl", + "name": "Pygments", + "version": "2.11.2", + "licenses": [ + { + "expression": "BSD License" + } + ], + "purl": "pkg:pypi/pygments@2.11.2" + }, + { + "type": "library", + "author": "A lot of people", + "name": "pyflakes", + "version": "2.4.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pyflakes@2.4.0" + }, + { + "type": "library", + "author": "Peter Waller (Thanks to Christopher Jones and Stefano Rivera)", + "name": "pyfiglet", + "version": "0.8.post1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pyfiglet@0.8.post1" + }, + { + "type": "library", + "author": "Johann C. Rocholl", + "name": "pycodestyle", + "version": "2.8.0", + "licenses": [ + { + "expression": "Expat license" + } + ], + "purl": "pkg:pypi/pycodestyle@2.8.0" + }, + { + "type": "library", + "author": "Donal Mee", + "name": "polling2", + "version": "0.5.0", + "purl": "pkg:pypi/polling2@0.5.0" + }, + { + "type": "library", + "author": "The pip developers", + "name": "pip", + "version": "21.2.4", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pip@21.2.4" + }, + { + "type": "library", + "author": "the purl authors", + "name": "packageurl-python", + "version": "0.9.6", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/packageurl-python@0.9.6" + }, + { + "type": "library", + "author": "Paul Horton", + "name": "ossindex-lib", + "version": "0.2.1", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/ossindex-lib@0.2.1" + }, + { + "type": "library", + "author": "Ian Cordasco", + "name": "mccabe", + "version": "0.6.1", + "licenses": [ + { + "expression": "Expat license" + } + ], + "purl": "pkg:pypi/mccabe@0.6.1" + }, + { + "type": "library", + "author": "Sonatype Community", + "name": "jake", + "version": "1.4.0", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/jake@1.4.0" + }, + { + "type": "library", + "author": "Kim Davies", + "name": "idna", + "version": "3.3", + "licenses": [ + { + "expression": "BSD-3-Clause" + } + ], + "purl": "pkg:pypi/idna@3.3" + }, + { + "type": "library", + "author": "Tarek Ziade", + "name": "flake8", + "version": "4.0.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/flake8@4.0.1" + }, + { + "type": "library", + "author": "Django Software Foundation", + "name": "Django", + "version": "2.0.1", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/django@2.0.1" + }, + { + "type": "library", + "author": "Paul Horton", + "name": "cyclonedx-python-lib", + "version": "1.1.1", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/cyclonedx-python-lib@1.1.1" + }, + { + "type": "library", + "author": "Steven Springett", + "name": "cyclonedx-bom", + "version": "2.0.0", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/cyclonedx-bom@2.0.0" + }, + { + "type": "library", + "author": "Bibek Kafle , Roland Shoemaker ", + "name": "commonmark", + "version": "0.9.1", + "licenses": [ + { + "expression": "BSD-3-Clause" + } + ], + "purl": "pkg:pypi/commonmark@0.9.1" + }, + { + "type": "library", + "author": "Jonathan Hartley", + "name": "colorama", + "version": "0.4.4", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/colorama@0.4.4" + }, + { + "type": "library", + "author": "Ahmed TAHRI @Ousret", + "name": "charset-normalizer", + "version": "2.0.10", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/charset-normalizer@2.0.10" + }, + { + "type": "library", + "author": "Kenneth Reitz", + "name": "certifi", + "version": "2021.10.8", + "licenses": [ + { + "expression": "MPL-2.0" + } + ], + "purl": "pkg:pypi/certifi@2021.10.8" + } + ], + "vulnerabilities": [ + { + "bom-ref": "c7129ff8-08bc-4afe-82ec-7d97b9491741", + "id": "CVE-2021-33203", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/c7129ff8-08bc-4afe-82ec-7d97b9491741?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/c7129ff8-08bc-4afe-82ec-7d97b9491741?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "description": "[CVE-2021-33203] Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential ...", + "detail": "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories." + }, + { + "bom-ref": "c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0", + "id": "CVE-2018-7536", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" + } + }, + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7536" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 5.3, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "description": "[CVE-2018-7536] Incorrect Regular Expression", + "detail": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable." + }, + { + "bom-ref": "40fb7665-767b-40f5-bb08-3d0ed295cfaf", + "id": "CVE-2018-7537", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/40fb7665-767b-40f5-bb08-3d0ed295cfaf?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" + } + }, + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7537" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/40fb7665-767b-40f5-bb08-3d0ed295cfaf?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 5.3, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "description": "[CVE-2018-7537] Incorrect Regular Expression", + "detail": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable." + }, + { + "bom-ref": "87a595e6-8e97-40a3-8677-13bd76364267", + "id": "CVE-2018-14574", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/87a595e6-8e97-40a3-8677-13bd76364267?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" + } + }, + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14574" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/87a595e6-8e97-40a3-8677-13bd76364267?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 6.1, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "description": "[CVE-2018-14574] URL Redirection to Untrusted Site (\"Open Redirect\")", + "detail": "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." + }, + { + "bom-ref": "4fe076be-8570-4056-beec-dd93d99543bd", + "id": "CVE-2019-3498", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/4fe076be-8570-4056-beec-dd93d99543bd?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/4fe076be-8570-4056-beec-dd93d99543bd?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 6.5, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "description": "[CVE-2019-3498] Improper Input Validation", + "detail": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content." + }, + { + "bom-ref": "eeeaf73f-4e79-4d40-b6c1-75c75f5460a1", + "id": "CVE-2019-6975", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/eeeaf73f-4e79-4d40-b6c1-75c75f5460a1?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6975" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/eeeaf73f-4e79-4d40-b6c1-75c75f5460a1?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "description": "[CVE-2019-6975] Uncontrolled Resource Consumption (\"Resource Exhaustion\")", + "detail": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function." + }, + { + "bom-ref": "90cfba6a-ddc9-4708-b131-5d875e8c558d", + "id": "CVE-2018-6188", + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/90cfba6a-ddc9-4708-b131-5d875e8c558d?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "source": { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + } + }, + { + "source": { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + } + } + ], + "ratings": [ + { + "source": { + "name": "Oss Index", + "url": "https://ossindex.sonatype.org/vulnerability/90cfba6a-ddc9-4708-b131-5d875e8c558d?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "description": "[CVE-2018-6188] Information Exposure", + "detail": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive." + } + ] +} \ No newline at end of file diff --git a/unittests/scans/cyclonedx/jake2.json b/unittests/scans/cyclonedx/jake2.json new file mode 100644 index 00000000000..37be798e2a1 --- /dev/null +++ b/unittests/scans/cyclonedx/jake2.json @@ -0,0 +1,1223 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:cae44a0d-ea73-4f5e-babd-07003f849cbe", + "version": 1, + "metadata": { + "timestamp": "2022-01-28T07:05:16.397158+00:00", + "tools": [ + { + "vendor": "CycloneDX", + "name": "cyclonedx-python-lib", + "version": "1.3.0", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-python-lib/" + }, + { + "type": "documentation", + "url": "https://cyclonedx.github.io/cyclonedx-python-lib/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib" + }, + { + "type": "website", + "url": "https://cyclonedx.org" + } + ] + } + ] + }, + "components": [ + { + "type": "library", + "bom-ref": "9eb026b5-fde4-4ebf-979e-4dbeecfe3573", + "author": "Geoffrey Sneddon", + "name": "webencodings", + "version": "0.5.1", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/webencodings@0.5.1" + }, + { + "type": "library", + "bom-ref": "4e0f48be-f14b-463f-8635-aa6d70aacc9d", + "author": "Bernat Gabor", + "name": "virtualenv", + "version": "20.13.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/virtualenv@20.13.0" + }, + { + "type": "library", + "bom-ref": "5b4048af-d4aa-4f66-8bcf-baf199726f33", + "author": "Andrey Petrov", + "name": "urllib3", + "version": "1.26.8", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/urllib3@1.26.8" + }, + { + "type": "library", + "bom-ref": "0119ad87-9f3b-49ef-915a-931c940383da", + "name": "types-toml", + "version": "0.10.3", + "licenses": [ + { + "expression": "Apache-2.0 license" + } + ], + "purl": "pkg:pypi/types-toml@0.10.3" + }, + { + "type": "library", + "bom-ref": "d088f0a8-923c-4b64-9676-71929b80c632", + "name": "types-setuptools", + "version": "57.4.7", + "licenses": [ + { + "expression": "Apache-2.0 license" + } + ], + "purl": "pkg:pypi/types-setuptools@57.4.7" + }, + { + "type": "library", + "bom-ref": "e1bc3f9b-ee5f-4b9e-a738-bd2b4ffa3de4", + "author": "Holger Krekel, Oliver Bestwalter, Bern\u00e1t G\u00e1bor and others", + "name": "tox", + "version": "3.24.5", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/tox@3.24.5" + }, + { + "type": "library", + "bom-ref": "9396b081-4b64-42a7-8370-f4b3a44666bd", + "author": "S\u00e9bastien Eustace", + "name": "tomlkit", + "version": "0.8.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/tomlkit@0.8.0" + }, + { + "type": "library", + "bom-ref": "03b0aa74-14ab-489b-80ab-7140f2b75c94", + "author": "William Pearson", + "name": "toml", + "version": "0.10.2", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/toml@0.10.2" + }, + { + "type": "library", + "bom-ref": "486a2360-b5e0-41a7-9314-36ddac52e546", + "author": "Markus Siemens", + "name": "tinydb", + "version": "4.6.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/tinydb@4.6.1" + }, + { + "type": "library", + "bom-ref": "b0376dbf-ff8b-4178-91ff-a95798637497", + "author": "Benjamin Peterson", + "name": "six", + "version": "1.16.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/six@1.16.0" + }, + { + "type": "library", + "bom-ref": "a910fba5-4464-4eb7-aa47-43b9c88256ee", + "author": "Tzu-ping Chung", + "name": "shellingham", + "version": "1.4.0", + "licenses": [ + { + "expression": "ISC License" + } + ], + "purl": "pkg:pypi/shellingham@1.4.0" + }, + { + "type": "library", + "bom-ref": "ef0156df-cf43-45dc-8f42-a5ec8f290175", + "author": "Python Packaging Authority", + "name": "setuptools", + "version": "58.1.0", + "purl": "pkg:pypi/setuptools@58.1.0" + }, + { + "type": "library", + "bom-ref": "a782c7aa-144c-4159-ad8b-014c19a77b48", + "author": "Dmitry Shachnev", + "name": "SecretStorage", + "version": "3.3.1", + "licenses": [ + { + "expression": "BSD 3-Clause License" + } + ], + "purl": "pkg:pypi/secretstorage@3.3.1" + }, + { + "type": "library", + "bom-ref": "db9324b5-a8ac-4b0c-ba1a-a8bdbad553e0", + "author": "Will McGugan", + "name": "rich", + "version": "11.0.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/rich@11.0.0" + }, + { + "type": "library", + "bom-ref": "af205bfe-cbed-46d2-a2eb-c3e01e308e5b", + "author": "Kenneth Reitz", + "name": "requests", + "version": "2.27.1", + "licenses": [ + { + "expression": "Apache 2.0" + } + ], + "purl": "pkg:pypi/requests@2.27.1" + }, + { + "type": "library", + "bom-ref": "a2f30b6d-791c-450a-9461-501e031dccb9", + "author": "Ian Cordasco, Cory Benfield", + "name": "requests-toolbelt", + "version": "0.9.1", + "licenses": [ + { + "expression": "Apache 2.0" + } + ], + "purl": "pkg:pypi/requests-toolbelt@0.9.1" + }, + { + "type": "library", + "bom-ref": "26d71b8e-492d-4dae-83e6-058220d30710", + "author": "Stuart Bishop", + "name": "pytz", + "version": "2021.3", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pytz@2021.3" + }, + { + "type": "library", + "bom-ref": "5882c271-4d1c-4d98-8dd9-fd6775cc9a34", + "author": "Holger Krekel, Bruno Oliveira, Ronny Pfannschmidt, Floris Bruynooghe, Brianna Laugher, Florian Bruhin and others", + "name": "pytest", + "version": "6.2.5", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pytest@6.2.5" + }, + { + "type": "library", + "bom-ref": "e4c9031c-e995-440e-ba30-590fa93e447b", + "author": "Paul McGuire", + "name": "pyparsing", + "version": "3.0.7", + "licenses": [ + { + "expression": "MIT License" + } + ], + "purl": "pkg:pypi/pyparsing@3.0.7" + }, + { + "type": "library", + "bom-ref": "f5435686-c3c7-4671-bb9b-e586c862be53", + "author": "Daniel Lindsley", + "name": "pylev", + "version": "1.4.0", + "purl": "pkg:pypi/pylev@1.4.0" + }, + { + "type": "library", + "bom-ref": "536f0092-034b-41bb-8732-546b42b76e0e", + "author": "Georg Brandl", + "name": "Pygments", + "version": "2.11.2", + "licenses": [ + { + "expression": "BSD License" + } + ], + "purl": "pkg:pypi/pygments@2.11.2" + }, + { + "type": "library", + "bom-ref": "31b70fd9-1ed6-4aff-acff-e8e226a2caa1", + "author": "A lot of people", + "name": "pyflakes", + "version": "2.4.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pyflakes@2.4.0" + }, + { + "type": "library", + "bom-ref": "5e964e86-e7d0-4f32-bd0b-7a5ebcd90749", + "author": "Peter Waller (Thanks to Christopher Jones and Stefano Rivera)", + "name": "pyfiglet", + "version": "0.8.post1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pyfiglet@0.8.post1" + }, + { + "type": "library", + "bom-ref": "b0266c5d-8fe8-4645-bde6-7acc0bf44d17", + "author": "Eli Bendersky", + "name": "pycparser", + "version": "2.21", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/pycparser@2.21" + }, + { + "type": "library", + "bom-ref": "77f12bf8-ad92-48d1-bf1e-04526e7a2519", + "author": "Johann C. Rocholl", + "name": "pycodestyle", + "version": "2.8.0", + "licenses": [ + { + "expression": "Expat license" + } + ], + "purl": "pkg:pypi/pycodestyle@2.8.0" + }, + { + "type": "library", + "bom-ref": "c64d1d07-ce11-42d2-a89c-e4b1673435a8", + "author": "holger krekel, Ronny Pfannschmidt, Benjamin Peterson and others", + "name": "py", + "version": "1.11.0", + "licenses": [ + { + "expression": "MIT license" + } + ], + "purl": "pkg:pypi/py@1.11.0" + }, + { + "type": "library", + "bom-ref": "aaa35070-3c9d-46ad-b3fe-f3aa3d02446c", + "author": "Thomas Kluyver", + "name": "ptyprocess", + "version": "0.7.0", + "purl": "pkg:pypi/ptyprocess@0.7.0" + }, + { + "type": "library", + "bom-ref": "f0c72ae8-4302-4a16-b334-6df60314b43c", + "author": "Donal Mee", + "name": "polling2", + "version": "0.5.0", + "purl": "pkg:pypi/polling2@0.5.0" + }, + { + "type": "library", + "bom-ref": "b90f6d03-fbf9-48ed-94a2-a893072848ec", + "author": "S\u00e9bastien Eustace", + "name": "poetry", + "version": "1.1.12", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/poetry@1.1.12" + }, + { + "type": "library", + "bom-ref": "5c6efd6e-605d-408f-8532-d1cacbd8e268", + "author": "S\u00e9bastien Eustace", + "name": "poetry-core", + "version": "1.0.7", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/poetry-core@1.0.7" + }, + { + "type": "library", + "bom-ref": "15f1b267-0518-41a0-a13a-5109b7f87323", + "author": "Holger Krekel", + "name": "pluggy", + "version": "1.0.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pluggy@1.0.0" + }, + { + "type": "library", + "bom-ref": "4389bb59-95cc-4627-be1e-58ddbc3ef074", + "name": "platformdirs", + "version": "2.4.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/platformdirs@2.4.0" + }, + { + "type": "library", + "bom-ref": "38e70333-d2aa-40af-8353-23045ab9cc00", + "author": "Tres Seaver, Agendaless Consulting", + "name": "pkginfo", + "version": "1.8.2", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pkginfo@1.8.2" + }, + { + "type": "library", + "bom-ref": "053aedd3-c017-41bb-93af-a73a9651c92a", + "author": "The pip developers", + "name": "pip", + "version": "21.2.4", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pip@21.2.4" + }, + { + "type": "library", + "bom-ref": "b0196394-0b5d-4246-b91c-5815dce68d7a", + "author": "Noah Spurrier; Thomas Kluyver; Jeff Quast", + "name": "pexpect", + "version": "4.8.0", + "licenses": [ + { + "expression": "ISC license" + } + ], + "purl": "pkg:pypi/pexpect@4.8.0" + }, + { + "type": "library", + "bom-ref": "35038bae-2a82-40f0-8f36-72aa39f7d61c", + "author": "S\u00e9bastien Eustace", + "name": "pastel", + "version": "0.2.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/pastel@0.2.1" + }, + { + "type": "library", + "bom-ref": "1aa8b959-197d-4a70-9586-2037f4bf9442", + "author": "Donald Stufft and individual contributors", + "name": "packaging", + "version": "21.3", + "licenses": [ + { + "expression": "BSD-2-Clause or Apache-2.0" + } + ], + "purl": "pkg:pypi/packaging@21.3" + }, + { + "type": "library", + "bom-ref": "b167e4b1-1cba-427d-b9ce-8df31eca81a6", + "author": "the purl authors", + "name": "packageurl-python", + "version": "0.9.6", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/packageurl-python@0.9.6" + }, + { + "type": "library", + "bom-ref": "22e0ae48-c358-4a46-86da-787d83cfad94", + "author": "Paul Horton", + "name": "ossindex-lib", + "version": "0.2.1", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/ossindex-lib@0.2.1" + }, + { + "type": "library", + "bom-ref": "e22436c8-7efa-4c33-946d-2283f42c8240", + "author": "Inada Naoki", + "name": "msgpack", + "version": "1.0.3", + "licenses": [ + { + "expression": "Apache 2.0" + } + ], + "purl": "pkg:pypi/msgpack@1.0.3" + }, + { + "type": "library", + "bom-ref": "51dee689-67bd-4fa9-85cd-35e116bbbcf2", + "author": "Ian Cordasco", + "name": "mccabe", + "version": "0.6.1", + "licenses": [ + { + "expression": "Expat license" + } + ], + "purl": "pkg:pypi/mccabe@0.6.1" + }, + { + "type": "library", + "bom-ref": "65d4933b-8267-42c2-8c47-9f796bdd278e", + "author": "OpenStack", + "name": "lockfile", + "version": "0.12.2", + "purl": "pkg:pypi/lockfile@0.12.2" + }, + { + "type": "library", + "bom-ref": "6648bc59-a9fa-47a4-87dc-76e64f611f22", + "author": "Kang Zhang", + "name": "keyring", + "version": "21.8.0", + "purl": "pkg:pypi/keyring@21.8.0" + }, + { + "type": "library", + "bom-ref": "e07ccc0b-2b90-475c-9dbc-48746c7dc8cb", + "author": "Thomas Kluyver", + "name": "jeepney", + "version": "0.7.1", + "purl": "pkg:pypi/jeepney@0.7.1" + }, + { + "type": "library", + "bom-ref": "dd2523e8-36d6-4e44-a854-b897ae6fa36e", + "author": "Sonatype Community", + "name": "jake", + "version": "1.4.2", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/jake@1.4.2" + }, + { + "type": "library", + "bom-ref": "c220064e-e6fa-4d5e-bb33-2857b43385e8", + "author": "Ronny Pfannschmidt, Holger Krekel", + "name": "iniconfig", + "version": "1.1.1", + "licenses": [ + { + "expression": "MIT License" + } + ], + "purl": "pkg:pypi/iniconfig@1.1.1" + }, + { + "type": "library", + "bom-ref": "d1a95f47-3d7f-4e8d-ba23-b460271940c1", + "author": "Kim Davies", + "name": "idna", + "version": "3.3", + "licenses": [ + { + "expression": "BSD-3-Clause" + } + ], + "purl": "pkg:pypi/idna@3.3" + }, + { + "type": "library", + "bom-ref": "34e21471-05d5-4df0-b477-1cf6c5107ee2", + "name": "html5lib", + "version": "1.1", + "licenses": [ + { + "expression": "MIT License" + } + ], + "purl": "pkg:pypi/html5lib@1.1" + }, + { + "type": "library", + "bom-ref": "72768a02-bea3-47d6-8c5e-478a07a74fd3", + "author": "Tarek Ziade", + "name": "flake8", + "version": "4.0.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/flake8@4.0.1" + }, + { + "type": "library", + "bom-ref": "1cc798a9-8135-4b2e-80a7-dbc0d82a86b9", + "author": "Benedikt Schmitt", + "name": "filelock", + "version": "3.4.1", + "licenses": [ + { + "expression": "Unlicense" + } + ], + "purl": "pkg:pypi/filelock@3.4.1" + }, + { + "type": "library", + "bom-ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "author": "Django Software Foundation", + "name": "Django", + "version": "2.0", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/django@2.0" + }, + { + "type": "library", + "bom-ref": "d96f37eb-45b2-4d23-b5f5-42ce0c189af1", + "author": "Vinay Sajip", + "name": "distlib", + "version": "0.3.4", + "licenses": [ + { + "expression": "Python license" + } + ], + "purl": "pkg:pypi/distlib@0.3.4" + }, + { + "type": "library", + "bom-ref": "f9dac4b6-795d-4e35-8a11-aeca2aa74353", + "author": "Paul Horton", + "name": "cyclonedx-python-lib", + "version": "1.3.0", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/cyclonedx-python-lib@1.3.0" + }, + { + "type": "library", + "bom-ref": "755dd08c-ab74-4670-8800-7608d21d03cc", + "author": "Steven Springett", + "name": "cyclonedx-bom", + "version": "2.0.1", + "licenses": [ + { + "expression": "Apache-2.0" + } + ], + "purl": "pkg:pypi/cyclonedx-bom@2.0.1" + }, + { + "type": "library", + "bom-ref": "8a9d228a-db2e-4b6c-9f04-35b5a57c78d9", + "author": "The Python Cryptographic Authority and individual contributors", + "name": "cryptography", + "version": "36.0.1", + "licenses": [ + { + "expression": "BSD or Apache License, Version 2.0" + } + ], + "purl": "pkg:pypi/cryptography@36.0.1" + }, + { + "type": "library", + "bom-ref": "696ea976-c649-459f-9195-a850c45ce906", + "author": "S\u00e9bastien Eustace", + "name": "crashtest", + "version": "0.3.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/crashtest@0.3.1" + }, + { + "type": "library", + "bom-ref": "006a9533-54b4-4d49-9cfc-215062d45a19", + "author": "Ned Batchelder and 146 others", + "name": "coverage", + "version": "6.2", + "licenses": [ + { + "expression": "Apache 2.0" + } + ], + "purl": "pkg:pypi/coverage@6.2" + }, + { + "type": "library", + "bom-ref": "22051db4-a5c1-43b7-bf6f-8fa3c1bf8f63", + "author": "Bibek Kafle , Roland Shoemaker ", + "name": "commonmark", + "version": "0.9.1", + "licenses": [ + { + "expression": "BSD-3-Clause" + } + ], + "purl": "pkg:pypi/commonmark@0.9.1" + }, + { + "type": "library", + "bom-ref": "33f4b60f-cf7b-4d08-b709-e97f43357f4d", + "author": "Jonathan Hartley", + "name": "colorama", + "version": "0.4.4", + "licenses": [ + { + "expression": "BSD" + } + ], + "purl": "pkg:pypi/colorama@0.4.4" + }, + { + "type": "library", + "bom-ref": "273cb428-5f13-4323-a132-f3ed957c5fc3", + "author": "S\u00e9bastien Eustace", + "name": "clikit", + "version": "0.6.2", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/clikit@0.6.2" + }, + { + "type": "library", + "bom-ref": "516cc286-9470-4be2-9e48-35b61406d670", + "author": "S\u00e9bastien Eustace", + "name": "cleo", + "version": "0.8.1", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/cleo@0.8.1" + }, + { + "type": "library", + "bom-ref": "7fafe824-2f3a-471c-a648-ee2b30acdc49", + "author": "Ahmed TAHRI @Ousret", + "name": "charset-normalizer", + "version": "2.0.10", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/charset-normalizer@2.0.10" + }, + { + "type": "library", + "bom-ref": "6f547984-4c1c-453b-a38b-e56e4a1726e0", + "author": "Armin Rigo, Maciej Fijalkowski", + "name": "cffi", + "version": "1.15.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/cffi@1.15.0" + }, + { + "type": "library", + "bom-ref": "8e4c0162-ca59-4d8a-a2d6-8b8381f78304", + "author": "Kenneth Reitz", + "name": "certifi", + "version": "2021.10.8", + "licenses": [ + { + "expression": "MPL-2.0" + } + ], + "purl": "pkg:pypi/certifi@2021.10.8" + }, + { + "type": "library", + "bom-ref": "fdd29662-6a83-4b59-ae38-4be8d915f8d1", + "author": "S\u00e9bastien Eustace", + "name": "cachy", + "version": "0.3.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/cachy@0.3.0" + }, + { + "type": "library", + "bom-ref": "74437179-95fc-440b-8fc7-e1e529a405ae", + "author": "Eric Larson", + "name": "CacheControl", + "version": "0.12.10", + "purl": "pkg:pypi/cachecontrol@0.12.10" + }, + { + "type": "library", + "bom-ref": "38d9f758-1477-4e0d-8c49-ef31610661a2", + "author": "Hynek Schlawack", + "name": "attrs", + "version": "21.4.0", + "licenses": [ + { + "expression": "MIT" + } + ], + "purl": "pkg:pypi/attrs@21.4.0" + } + ], + "vulnerabilities": [ + { + "bom-ref": "c7129ff8-08bc-4afe-82ec-7d97b9491741", + "id": "c7129ff8-08bc-4afe-82ec-7d97b9491741", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c7129ff8-08bc-4afe-82ec-7d97b9491741?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2021-33203", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c7129ff8-08bc-4afe-82ec-7d97b9491741?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c7129ff8-08bc-4afe-82ec-7d97b9491741?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "description": "[CVE-2021-33203] Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential ...", + "detail": "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.", + "advisories": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0", + "id": "c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2018-7536", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 5.3, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "description": "[CVE-2018-7536] Incorrect Regular Expression", + "detail": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.", + "advisories": [ + { + "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7536" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "40fb7665-767b-40f5-bb08-3d0ed295cfaf", + "id": "40fb7665-767b-40f5-bb08-3d0ed295cfaf", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/40fb7665-767b-40f5-bb08-3d0ed295cfaf?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2018-7537", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/40fb7665-767b-40f5-bb08-3d0ed295cfaf?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/40fb7665-767b-40f5-bb08-3d0ed295cfaf?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 5.3, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "description": "[CVE-2018-7537] Incorrect Regular Expression", + "detail": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", + "advisories": [ + { + "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7537" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "87a595e6-8e97-40a3-8677-13bd76364267", + "id": "87a595e6-8e97-40a3-8677-13bd76364267", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/87a595e6-8e97-40a3-8677-13bd76364267?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2018-14574", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/87a595e6-8e97-40a3-8677-13bd76364267?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/87a595e6-8e97-40a3-8677-13bd76364267?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 6.1, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "description": "[CVE-2018-14574] URL Redirection to Untrusted Site (\"Open Redirect\")", + "detail": "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.", + "advisories": [ + { + "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14574" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "4fe076be-8570-4056-beec-dd93d99543bd", + "id": "4fe076be-8570-4056-beec-dd93d99543bd", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/4fe076be-8570-4056-beec-dd93d99543bd?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2019-3498", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/4fe076be-8570-4056-beec-dd93d99543bd?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/4fe076be-8570-4056-beec-dd93d99543bd?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 6.5, + "severity": "medium", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "description": "[CVE-2019-3498] Improper Input Validation", + "detail": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.", + "advisories": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "eeeaf73f-4e79-4d40-b6c1-75c75f5460a1", + "id": "eeeaf73f-4e79-4d40-b6c1-75c75f5460a1", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/eeeaf73f-4e79-4d40-b6c1-75c75f5460a1?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2019-6975", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/eeeaf73f-4e79-4d40-b6c1-75c75f5460a1?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/eeeaf73f-4e79-4d40-b6c1-75c75f5460a1?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "description": "[CVE-2019-6975] Uncontrolled Resource Consumption (\"Resource Exhaustion\")", + "detail": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.", + "advisories": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6975" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + }, + { + "bom-ref": "90cfba6a-ddc9-4708-b131-5d875e8c558d", + "id": "90cfba6a-ddc9-4708-b131-5d875e8c558d", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/90cfba6a-ddc9-4708-b131-5d875e8c558d?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "references": [ + { + "id": "CVE-2018-6188", + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/90cfba6a-ddc9-4708-b131-5d875e8c558d?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + } + } + ], + "ratings": [ + { + "source": { + "name": "OSS Index", + "url": "https://ossindex.sonatype.org/vulnerability/90cfba6a-ddc9-4708-b131-5d875e8c558d?component-type=pypi&component-name=django&utm_source=python-oss-index-lib%400.2.1&utm_medium=integration" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "description": "[CVE-2018-6188] Information Exposure", + "detail": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.", + "advisories": [ + { + "url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188" + } + ], + "affects": [ + { + "ref": "6290db55-8336-4d2b-9cec-2efdda9f1b28", + "versions": [ + { + "version": "2.0", + "status": "affected" + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/cyclonedx/log4j.json b/unittests/scans/cyclonedx/log4j.json new file mode 100644 index 00000000000..c14861227c1 --- /dev/null +++ b/unittests/scans/cyclonedx/log4j.json @@ -0,0 +1,562 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:b93c5d57-4484-44ba-830e-dae7ef559120", + "version": 1, + "metadata": { + "timestamp": "2022-07-22T09:45:32+01:00", + "tools": [ + { + "vendor": "anchore", + "name": "grype", + "version": "0.41.0" + } + ], + "component": { + "type": "file", + "name": "./configuration/.m2/repository/org/apache/logging/log4j/log4j-core/2.13.2" + } + }, + "components": [ + { + "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede", + "type": "library", + "name": "log4j-core", + "version": "2.13.2", + "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2" + } + ], + "vulnerabilities": [ + { + "id": "CVE-2021-44228", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228" + }, + "ratings": [ + { + "severity": "critical" + }, + { + "score": 10, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C" + }, + { + "score": 10, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", + "advisories": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" + }, + { + "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" + }, + { + "url": "https://twitter.com/kurtseifried/status/1469345530182455296" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5020" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" + }, + { + "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" + }, + { + "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" + }, + { + "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" + }, + { + "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" + }, + { + "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db" + }, + { + "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" + }, + { + "url": "https://support.apple.com/kb/HT213189" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Mar/23" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" + }, + { + "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-44832", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" + }, + "ratings": [ + { + "severity": "medium" + }, + { + "score": 6.6, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C" + }, + { + "score": 6.6, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", + "advisories": [ + { + "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" + }, + { + "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-45046", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046" + }, + "ratings": [ + { + "severity": "critical" + }, + { + "score": 9, + "method": "CVSSv2", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P" + }, + { + "score": 9, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.", + "advisories": [ + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5022" + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-45105", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105" + }, + "ratings": [ + { + "severity": "medium" + }, + { + "score": 5.9, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" + }, + { + "score": 5.9, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", + "advisories": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5024" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "GHSA-7rjr-3q55-vv33", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-7rjr-3q55-vv33" + }, + "ratings": [ + { + "severity": "critical" + } + ], + "description": "Incomplete fix for Apache Log4j vulnerability", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-7rjr-3q55-vv33" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.16.0" + } + ] + }, + { + "id": "GHSA-8489-44mv-ggj8", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-8489-44mv-ggj8" + }, + "ratings": [ + { + "severity": "medium" + } + ], + "description": "Improper Input Validation and Injection in Apache Log4j2", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-8489-44mv-ggj8" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.17.1" + } + ] + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" + }, + "ratings": [ + { + "severity": "critical" + } + ], + "description": "Remote code injection in Log4j", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.15.0" + } + ] + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g" + }, + "ratings": [ + { + "severity": "high" + } + ], + "description": "Improper Input Validation and Uncontrolled Recursion in Apache Log4j2", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.17.0" + } + ] + } + ] +} diff --git a/unittests/scans/cyclonedx/log4j.xml b/unittests/scans/cyclonedx/log4j.xml new file mode 100644 index 00000000000..f89e661e5df --- /dev/null +++ b/unittests/scans/cyclonedx/log4j.xml @@ -0,0 +1,544 @@ + + + + 2022-07-22T09:45:22+01:00 + + + anchore + grype + 0.41.0 + + + + ./configuration/.m2/repository/org/apache/logging/log4j/log4j-core/2.13.2 + + + + + log4j-core + 2.13.2 + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2 + + + + + CVE-2021-44228 + + nvd:cpe + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 + + + + critical + + + 10 + CVSSv2 + AV:N/AC:M/Au:N/C:C/I:C/A:C + + + 10 + CVSSv31 + CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + + + Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. + + + https://logging.apache.org/log4j/2.x/security.html + + + http://www.openwall.com/lists/oss-security/2021/12/10/1 + + + http://www.openwall.com/lists/oss-security/2021/12/10/2 + + + http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + + https://security.netapp.com/advisory/ntap-20211210-0007/ + + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + http://www.openwall.com/lists/oss-security/2021/12/10/3 + + + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ + + + http://www.openwall.com/lists/oss-security/2021/12/13/1 + + + http://www.openwall.com/lists/oss-security/2021/12/13/2 + + + https://twitter.com/kurtseifried/status/1469345530182455296 + + + https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html + + + https://www.debian.org/security/2021/dsa-5020 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + + + http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + + http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html + + + http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html + + + http://www.openwall.com/lists/oss-security/2021/12/14/4 + + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + + https://www.kb.cert.org/vuls/id/930724 + + + http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html + + + http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html + + + http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html + + + http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html + + + http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html + + + http://www.openwall.com/lists/oss-security/2021/12/15/3 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + + + https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html + + + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + + + http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ + + + https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md + + + http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html + + + http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html + + + https://www.oracle.com/security-alerts/cpujan2022.html + + + https://github.com/cisagov/log4j-affected-db + + + https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 + + + https://support.apple.com/kb/HT213189 + + + http://seclists.org/fulldisclosure/2022/Mar/23 + + + https://www.oracle.com/security-alerts/cpuapr2022.html + + + https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 + + + https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + + + CVE-2021-44832 + + nvd:cpe + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 + + + + medium + + + 6.6 + CVSSv2 + AV:N/AC:M/Au:S/C:C/I:C/A:C + + + 6.6 + CVSSv31 + CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H + + + Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. + + + https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 + + + https://issues.apache.org/jira/browse/LOG4J2-3293 + + + http://www.openwall.com/lists/oss-security/2021/12/28/1 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf + + + https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html + + + https://security.netapp.com/advisory/ntap-20220104-0001/ + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ + + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + https://www.oracle.com/security-alerts/cpujan2022.html + + + https://www.oracle.com/security-alerts/cpuapr2022.html + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + + + CVE-2021-45046 + + nvd:cpe + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 + + + + critical + + + 9 + CVSSv2 + AV:N/AC:H/Au:N/C:P/I:P/A:P + + + 9 + CVSSv31 + CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H + + + It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. + + + http://www.openwall.com/lists/oss-security/2021/12/14/4 + + + https://logging.apache.org/log4j/2.x/security.html + + + https://www.cve.org/CVERecord?id=CVE-2021-44228 + + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + http://www.openwall.com/lists/oss-security/2021/12/15/3 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + + + https://www.kb.cert.org/vuls/id/930724 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + + + https://www.debian.org/security/2021/dsa-5022 + + + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + + + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + http://www.openwall.com/lists/oss-security/2021/12/18/1 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + + + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/ + + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/ + + + https://www.oracle.com/security-alerts/cpujan2022.html + + + https://www.oracle.com/security-alerts/cpuapr2022.html + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + + + CVE-2021-45105 + + nvd:cpe + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 + + + + medium + + + 5.9 + CVSSv2 + AV:N/AC:M/Au:N/C:N/I:N/A:P + + + 5.9 + CVSSv31 + CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + + + Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. + + + https://logging.apache.org/log4j/2.x/security.html + + + https://security.netapp.com/advisory/ntap-20211218-0001/ + + + http://www.openwall.com/lists/oss-security/2021/12/19/1 + + + https://www.debian.org/security/2021/dsa-5024 + + + https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ + + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + + + https://www.kb.cert.org/vuls/id/930724 + + + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + https://www.oracle.com/security-alerts/cpujan2022.html + + + https://www.oracle.com/security-alerts/cpuapr2022.html + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + + + GHSA-7rjr-3q55-vv33 + + github:language:java + https://github.com/advisories/GHSA-7rjr-3q55-vv33 + + + + critical + + + Incomplete fix for Apache Log4j vulnerability + + + https://github.com/advisories/GHSA-7rjr-3q55-vv33 + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + 2.16.0 + + + + GHSA-8489-44mv-ggj8 + + github:language:java + https://github.com/advisories/GHSA-8489-44mv-ggj8 + + + + medium + + + Improper Input Validation and Injection in Apache Log4j2 + + + https://github.com/advisories/GHSA-8489-44mv-ggj8 + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + 2.17.1 + + + + GHSA-jfh8-c2jp-5v3q + + github:language:java + https://github.com/advisories/GHSA-jfh8-c2jp-5v3q + + + + critical + + + Remote code injection in Log4j + + + https://github.com/advisories/GHSA-jfh8-c2jp-5v3q + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + 2.15.0 + + + + GHSA-p6xc-xr62-6r2g + + github:language:java + https://github.com/advisories/GHSA-p6xc-xr62-6r2g + + + + high + + + Improper Input Validation and Uncontrolled Recursion in Apache Log4j2 + + + https://github.com/advisories/GHSA-p6xc-xr62-6r2g + + + + in_triage + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede + + + + 2.17.0 + + + + \ No newline at end of file diff --git a/unittests/scans/cyclonedx/nested-component-log4j.json b/unittests/scans/cyclonedx/nested-component-log4j.json new file mode 100644 index 00000000000..e8ef5672732 --- /dev/null +++ b/unittests/scans/cyclonedx/nested-component-log4j.json @@ -0,0 +1,570 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:b93c5d57-4484-44ba-830e-dae7ef559120", + "version": 1, + "metadata": { + "timestamp": "2022-07-22T09:45:32+01:00", + "tools": [ + { + "vendor": "anchore", + "name": "grype", + "version": "0.41.0" + } + ], + "component": { + "type": "file", + "name": "./configuration/.m2/repository/org/apache/logging/log4j/log4j-core/2.13.2" + } + }, + "components": [ + { + "type": "container", + "bom-ref": "pkg:oci/testcontainer?repository_url=testregistry.test", + "name": "testcontainer:test", + "purl": "pkg:oci/testcontainer?repository_url=testregistry.test", + "components": [ + { + "bom-ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede", + "type": "library", + "name": "log4j-core", + "version": "2.13.2", + "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2" + } + ] + } + ], + "vulnerabilities": [ + { + "id": "CVE-2021-44228", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228" + }, + "ratings": [ + { + "severity": "critical" + }, + { + "score": 10, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C" + }, + { + "score": 10, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", + "advisories": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" + }, + { + "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" + }, + { + "url": "https://twitter.com/kurtseifried/status/1469345530182455296" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5020" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" + }, + { + "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" + }, + { + "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" + }, + { + "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" + }, + { + "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" + }, + { + "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" + }, + { + "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://github.com/cisagov/log4j-affected-db" + }, + { + "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" + }, + { + "url": "https://support.apple.com/kb/HT213189" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Mar/23" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" + }, + { + "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-44832", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" + }, + "ratings": [ + { + "severity": "medium" + }, + { + "score": 6.6, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C" + }, + { + "score": 6.6, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", + "advisories": [ + { + "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" + }, + { + "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-45046", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046" + }, + "ratings": [ + { + "severity": "critical" + }, + { + "score": 9, + "method": "CVSSv2", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P" + }, + { + "score": 9, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.", + "advisories": [ + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" + }, + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" + }, + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5022" + }, + { + "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "CVE-2021-45105", + "source": { + "name": "nvd:cpe", + "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105" + }, + "ratings": [ + { + "severity": "medium" + }, + { + "score": 5.9, + "method": "CVSSv2", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P" + }, + { + "score": 5.9, + "method": "CVSSv31", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", + "advisories": [ + { + "url": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" + }, + { + "url": "https://www.debian.org/security/2021/dsa-5024" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" + }, + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/930724" + }, + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [] + }, + { + "id": "GHSA-7rjr-3q55-vv33", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-7rjr-3q55-vv33" + }, + "ratings": [ + { + "severity": "critical" + } + ], + "description": "Incomplete fix for Apache Log4j vulnerability", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-7rjr-3q55-vv33" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.16.0" + } + ] + }, + { + "id": "GHSA-8489-44mv-ggj8", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-8489-44mv-ggj8" + }, + "ratings": [ + { + "severity": "medium" + } + ], + "description": "Improper Input Validation and Injection in Apache Log4j2", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-8489-44mv-ggj8" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.17.1" + } + ] + }, + { + "id": "GHSA-jfh8-c2jp-5v3q", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" + }, + "ratings": [ + { + "severity": "critical" + } + ], + "description": "Remote code injection in Log4j", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.15.0" + } + ] + }, + { + "id": "GHSA-p6xc-xr62-6r2g", + "source": { + "name": "github:language:java", + "url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g" + }, + "ratings": [ + { + "severity": "high" + } + ], + "description": "Improper Input Validation and Uncontrolled Recursion in Apache Log4j2", + "advisories": [ + { + "url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g" + } + ], + "analysis": { + "state": "in_triage" + }, + "affects": [ + { + "ref": "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2?package-id=5f39f8a11642bede" + } + ], + "properties": [ + { + "name": "grype:fixed_versions", + "value": "2.17.0" + } + ] + } + ] +} diff --git a/unittests/scans/cyclonedx/spec1_lowfirst.xml b/unittests/scans/cyclonedx/spec1_lowfirst.xml new file mode 100644 index 00000000000..76dd53a4ccc --- /dev/null +++ b/unittests/scans/cyclonedx/spec1_lowfirst.xml @@ -0,0 +1,53 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.9 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9 + + + + + CVE-2018-7489 + + https://nvd.nist.gov/vuln/detail/CVE-2018-7489 + + + + Low + OWASP Risk + OWASP/K9:M1:O0:Z2/D1:X1:W1:L3/C2:I1:A1:T1/F1:R1:S2:P3/50 + + + + 9.8 + 5.9 + 3.0 + + Critical + CVSSv3 + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade + + + https://github.com/FasterXML/jackson-databind/issues/1931 + http://www.securityfocus.com/bid/103203 + http://www.securitytracker.com/id/1040693 + http://www.securitytracker.com/id/1041890 + + + + \ No newline at end of file diff --git a/unittests/scans/cyclonedx/valid-vulnerability-1.4.json b/unittests/scans/cyclonedx/valid-vulnerability-1.4.json new file mode 100644 index 00000000000..78d8ced819d --- /dev/null +++ b/unittests/scans/cyclonedx/valid-vulnerability-1.4.json @@ -0,0 +1,122 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/cyclonedx/valid-vulnerability-1.4.xml b/unittests/scans/cyclonedx/valid-vulnerability-1.4.xml new file mode 100644 index 00000000000..05a12b980c0 --- /dev/null +++ b/unittests/scans/cyclonedx/valid-vulnerability-1.4.xml @@ -0,0 +1,121 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + + diff --git a/unittests/scans/dependency_check/PR6439.xml b/unittests/scans/dependency_check/PR6439.xml new file mode 100644 index 00000000000..eac3d7b7bac --- /dev/null +++ b/unittests/scans/dependency_check/PR6439.xml @@ -0,0 +1,41869 @@ + + + + 7.3.0 + + NVD CVE Checked + 2022-12-14T01:03:02 + + + NVD CVE Modified + 2022-12-14T00:00:02 + + + VersionCheckOn + 2022-11-29T00:17:12 + + + + Business Process Center - Runtime Environment + de.virtimo.bpc + karaf + 4.1.0-SNAPSHOT + 2022-12-14T01:35:43.684166Z + This report contains data retrieved from the National Vulnerability Database: + https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the + RetireJS community. + + + + activation-1.1.1.jar + + /var/lib/jenkins/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar + 46a37512971d8eca81c3fcf245bf07d2 + 485de3a253e23f645037828c07f1d7f1af40763a + ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99 + The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage + MIME data + COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: + https://glassfish.dev.java.net/public/CDDLv1.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + activation + + + jar + package name + activation + + + jar + package name + javax + + + jar + package name + sun + + + jar (hint) + package name + oracle + + + Manifest + extension-name + javax.activation + + + Manifest + Implementation-Vendor + Sun Microsystems, Inc. + + + Manifest + Implementation-Vendor-Id + com.sun + + + Manifest + specification-vendor + Sun Microsystems, Inc. + + + pom + artifactid + activation + + + pom + artifactid + activation + + + pom + groupid + javax.activation + + + pom + name + JavaBeans(TM) Activation Framework + + + pom + url + http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp + + + file + name + activation + + + jar + package name + activation + + + jar + package name + javax + + + Manifest + extension-name + javax.activation + + + Manifest + specification-title + JavaBeans(TM) Activation Framework Specification + + + pom + artifactid + activation + + + pom + groupid + javax.activation + + + pom + name + JavaBeans(TM) Activation Framework + + + pom + url + http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp + + + file + version + 1.1.1 + + + Manifest + Implementation-Version + 1.1.1 + + + pom + version + 1.1.1 + + + + + pkg:maven/javax.activation/activation@1.1.1 + + https://ossindex.sonatype.org/component/pkg:maven/javax.activation/activation@1.1.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:1.1.1:*:*:*:*:*:*:* + + + + + activemq-broker-5.16.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/activemq/activemq-broker/5.16.5/activemq-broker-5.16.5.jar + 4005538e6007d7919ebe8d631658180c + d26c3d79e72de556cbb1d23b59f89c1af1d80e9c + 0ac90edf1fac05f98accdea68214bd23bb5759c0c31f5c430f45728845ef6d82 + The ActiveMQ Message Broker implementation + + Business Process Center - Runtime Environment:compile + + + + activemq-client-5.16.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/activemq/activemq-client/5.16.5/activemq-client-5.16.5.jar + c8b9f23aff76385e3afc1eb8a285a932d9487e79c607f925ae43e819b64c2899 + 2740e1342f27873fdbb8047314111e29fd43ec85 + 8bcef830b21290942e6abd1c705bdca4 + + + pkg:maven/org.apache.activemq/activemq-client@5.16.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.activemq/activemq-client@5.16.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + activemq-broker + + + jar + package name + activemq + + + jar + package name + apache + + + jar + package name + broker + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + activemq-broker + + + pom + artifactid + activemq-broker + + + pom + groupid + org.apache.activemq + + + pom + name + ActiveMQ :: Broker + + + pom + parent-artifactid + activemq-parent + + + file + name + activemq-broker + + + jar + package name + activemq + + + jar + package name + apache + + + jar + package name + broker + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + Implementation-Title + ActiveMQ :: Broker + + + Manifest + specification-title + ActiveMQ :: Broker + + + pom + artifactid + activemq-broker + + + pom + groupid + org.apache.activemq + + + pom + name + ActiveMQ :: Broker + + + pom + parent-artifactid + activemq-parent + + + file + version + 5.16.5 + + + Manifest + Implementation-Version + 5.16.5 + + + pom + version + 5.16.5 + + + + + pkg:maven/org.apache.activemq/activemq-broker@5.16.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.activemq/activemq-broker@5.16.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:activemq:5.16.5:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Aactivemq&cpe_version=cpe%3A%2F%3Aapache%3Aactivemq%3A5.16.5 + + + + + CVE-2015-3208 + + 9.8 + N + L + N + N + U + H + H + H + CRITICAL + + + CWE-611 + + XML external entity (XXE) vulnerability in the XPath selector component in + Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote + attackers to have unspecified impact via unknown vectors. + Ist eine Dependency vom CXF. Der im Finding erwähnte Bug ist seit Version 1.0 in + activemq-broker behoben. + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3208 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3208 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2015-3208?component-type=maven&component-name=org.apache.activemq%2Factivemq-broker&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2015-3208] CWE-611: Improper Restriction of XML External Entity Reference + ('XXE') + + + OSSIndex + + https://github.com/apache/activemq-artemis/commit/8ecd255f981e5d806173cf86f6fac9c4c7c25167#diff-04c6e90faac2675aa89e2176d2eec7d8R5 + + https://github.com/apache/activemq-artemis/commit/8ecd255f981e5d806173cf86f6fac9c4c7c25167#diff-04c6e90faac2675aa89e2176d2eec7d8R5 + + + OSSIndex + https://bugzilla.redhat.com/show_bug.cgi?id=1225252 + https://bugzilla.redhat.com/show_bug.cgi?id=1225252 + + + + + cpe:2.3:a:org.apache.activemq:activemq-broker:5.16.5:*:*:*:*:*:*:* + + + + + + activemq-openwire-legacy-5.16.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/activemq/activemq-openwire-legacy/5.16.5/activemq-openwire-legacy-5.16.5.jar + e2f99480f67855a4e172e5348bc1b80b + 4d8cb2960853c0fbfd21b512588e5b4077562094 + ef85d6c5a94e7331dc85f4faf885114d6bb4971a951d39ca7118282a9b564f27 + The ActiveMQ Openwire Legacy Support Module + + Business Process Center - Runtime Environment:compile + + + + file + name + activemq-openwire-legacy + + + jar + package name + activemq + + + jar + package name + apache + + + jar + package name + openwire + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + activemq-openwire-legacy + + + pom + artifactid + activemq-openwire-legacy + + + pom + groupid + org.apache.activemq + + + pom + name + ActiveMQ :: Openwire Legacy Support + + + pom + parent-artifactid + activemq-parent + + + file + name + activemq-openwire-legacy + + + jar + package name + activemq + + + jar + package name + apache + + + jar + package name + openwire + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + Implementation-Title + ActiveMQ :: Openwire Legacy Support + + + Manifest + specification-title + ActiveMQ :: Openwire Legacy Support + + + pom + artifactid + activemq-openwire-legacy + + + pom + groupid + org.apache.activemq + + + pom + name + ActiveMQ :: Openwire Legacy Support + + + pom + parent-artifactid + activemq-parent + + + file + version + 5.16.5 + + + Manifest + Implementation-Version + 5.16.5 + + + pom + version + 5.16.5 + + + + + pkg:maven/org.apache.activemq/activemq-openwire-legacy@5.16.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.activemq/activemq-openwire-legacy@5.16.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + animal-sniffer-annotations-1.9.jar + + /var/lib/jenkins/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.9/animal-sniffer-annotations-1.9.jar + 41f47a4c81b5a9f76bc7f12af69e4fbe + c29299253a087898aaff7f4eac57effa46b1910a + cd96feeb47f34b2559704715db7b179a03a3721f9dc4092c345c718e29b42de4 + + Business Process Center - Runtime Environment:runtime + + + + file + name + animal-sniffer-annotations + + + jar + package name + animal_sniffer + + + jar + package name + codehaus + + + jar + package name + codehaus + + + jar + package name + mojo + + + jar + package name + mojo + + + pom + artifactid + animal-sniffer-annotations + + + pom + artifactid + animal-sniffer-annotations + + + pom + groupid + org.codehaus.mojo + + + pom + name + Animal Sniffer Annotations + + + pom + parent-artifactid + animal-sniffer-parent + + + file + name + animal-sniffer-annotations + + + jar + package name + animal_sniffer + + + jar + package name + codehaus + + + jar + package name + ignorejrerequirement + + + jar + package name + mojo + + + jar + package name + mojo + + + pom + artifactid + animal-sniffer-annotations + + + pom + groupid + org.codehaus.mojo + + + pom + name + Animal Sniffer Annotations + + + pom + parent-artifactid + animal-sniffer-parent + + + file + version + 1.9 + + + pom + version + 1.9 + + + + + pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.9 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.9?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + antlr-2.7.7.jar + /var/lib/jenkins/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar + f8f1352c52a4c6a500b597596501fc64 + 83cd2cd674a217ade95a4bb83a8a14f351f48bd0 + 88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c + + A framework for constructing recognizers, compilers, + and translators from grammatical descriptions containing + Java, C#, C++, or Python actions. + + BSD License: http://www.antlr.org/license.html + + Business Process Center - Runtime Environment:runtime + + + + file + name + antlr + + + jar + package name + actions + + + jar + package name + antlr + + + jar + package name + antlr + + + jar + package name + java + + + jar + package name + parser + + + jar + package name + python + + + pom + artifactid + antlr + + + pom + artifactid + antlr + + + pom + groupid + antlr + + + pom + name + AntLR Parser Generator + + + pom + url + http://www.antlr.org/ + + + file + name + antlr + + + jar + package name + actions + + + jar + package name + antlr + + + jar + package name + java + + + jar + package name + parser + + + jar + package name + python + + + pom + artifactid + antlr + + + pom + groupid + antlr + + + pom + name + AntLR Parser Generator + + + pom + url + http://www.antlr.org/ + + + file + version + 2.7.7 + + + pom + version + 2.7.7 + + + + + pkg:maven/antlr/antlr@2.7.7 + + https://ossindex.sonatype.org/component/pkg:maven/antlr/antlr@2.7.7?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + asm-9.3.jar + /var/lib/jenkins/.m2/repository/org/ow2/asm/asm/9.3/asm-9.3.jar + e1c3b96035117ab516ffe0de9bd696e0 + 8e6300ef51c1d801a7ed62d07cd221aca3a90640 + 1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc + ASM, a very small and fast Java bytecode manipulation framework + BSD-3-Clause: https://asm.ow2.io/license.html + + Business Process Center - Runtime Environment:compile + + + + file + name + asm + + + jar + package name + asm + + + jar + package name + objectweb + + + Manifest + bundle-docurl + http://asm.ow2.org + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + org.objectweb.asm + + + pom + artifactid + asm + + + pom + artifactid + asm + + + pom + developer email + ebruneton@free.fr + + + pom + developer email + eu@javatx.org + + + pom + developer email + forax@univ-mlv.fr + + + pom + developer id + ebruneton + + + pom + developer id + eu + + + pom + developer id + forax + + + pom + developer name + Eric Bruneton + + + pom + developer name + Eugene Kuleshov + + + pom + developer name + Remi Forax + + + pom + groupid + org.ow2.asm + + + pom + name + asm + + + pom + organization name + OW2 + + + pom + organization url + http://www.ow2.org/ + + + pom + parent-artifactid + ow2 + + + pom + parent-groupid + org.ow2 + + + pom + url + http://asm.ow2.io/ + + + file + name + asm + + + jar + package name + asm + + + jar + package name + objectweb + + + Manifest + bundle-docurl + http://asm.ow2.org + + + Manifest + Bundle-Name + org.objectweb.asm + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + org.objectweb.asm + + + Manifest + Implementation-Title + ASM, a very small and fast Java bytecode manipulation framework + + + pom + artifactid + asm + + + pom + developer email + ebruneton@free.fr + + + pom + developer email + eu@javatx.org + + + pom + developer email + forax@univ-mlv.fr + + + pom + developer id + ebruneton + + + pom + developer id + eu + + + pom + developer id + forax + + + pom + developer name + Eric Bruneton + + + pom + developer name + Eugene Kuleshov + + + pom + developer name + Remi Forax + + + pom + groupid + org.ow2.asm + + + pom + name + asm + + + pom + organization name + OW2 + + + pom + organization url + http://www.ow2.org/ + + + pom + parent-artifactid + ow2 + + + pom + parent-groupid + org.ow2 + + + pom + url + http://asm.ow2.io/ + + + file + version + 9.3 + + + Manifest + Implementation-Version + 9.3 + + + pom + parent-version + 9.3 + + + pom + version + 9.3 + + + + + pkg:maven/org.ow2.asm/asm@9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ow2.asm/asm@9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar + f87997e590d1afc78c37d913bfabbb54 + ac7c15a66e1f36726d51540ff274bd27c5378858 + 8eaf773c6bc28ee96c54be4510d978badb94568d73cb98a5da6c02fc38335ad7 + + Business Process Center - Runtime Environment:runtime + + + + file + name + base + + + Manifest + build-jdk-spec + 11 + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + base + + + pom + artifactid + base + + + pom + groupid + org.apache.karaf.features + + + pom + name + Apache Karaf :: Assemblies :: Features :: Base + + + pom + parent-artifactid + features + + + pom + parent-groupid + org.apache.karaf.assemblies.features + + + file + name + base + + + Manifest + build-jdk-spec + 11 + + + Manifest + Implementation-Title + Apache Karaf :: Assemblies :: Features :: Base + + + Manifest + specification-title + Apache Karaf :: Assemblies :: Features :: Base + + + pom + artifactid + base + + + pom + groupid + org.apache.karaf.features + + + pom + name + Apache Karaf :: Assemblies :: Features :: Base + + + pom + parent-artifactid + features + + + pom + parent-groupid + org.apache.karaf.assemblies.features + + + file + version + 4.4.2 + + + Manifest + Implementation-Version + 4.4.2 + + + pom + version + 4.4.2 + + + + + pkg:maven/org.apache.karaf.features/base@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.features/base@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:karaf:4.4.2:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Akaraf&cpe_version=cpe%3A%2F%3Aapache%3Akaraf%3A4.4.2 + + + + + base-4.4.2.jar: karaf-service-win.exe + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/bin/contrib/karaf-service-win.exe + 3f7cc971b4808227d4ec380b97c2b831 + 8d7d7144c5bc1ebe4d6c50e117595d34d5b10e6d + 1b1a3984b5f7a13c0df1e33812e17046fc516e0788ff59bd7a71d7ee169f4939 + + Business Process Center - Runtime Environment:runtime + + + + file + name + karaf-service-win + + + file + name + karaf-service-win + + + + + base-4.4.2.jar: osgi.core-8.0.0.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/boot/osgi.core-8.0.0.jar + ffd1f4098da0e85a2a781df130230c37 + daa42a0e96c3b881e8c330a413813983e92d2426 + 41c24d187f67aaaf4745fab78fd1da66de7f37dd82581dbbbc9ba89645ba0166 + OSGi Core Release 8, Interfaces and Classes for use in compiling bundles + Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:runtime + + + + file + name + osgi.core + + + jar + package name + osgi + + + Manifest + automatic-module-name + osgi.core + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2020). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + bundle-symbolicname + osgi.core + + + Manifest + git-descriptor + r8-core-final + + + Manifest + git-sha + 6eee417af367c749a6f84a11239d94cc63f6bdcb + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact1)(version=1.8))" + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + name + osgi.core + + + jar + package name + filter + + + jar + package name + osgi + + + jar + package name + version + + + Manifest + automatic-module-name + osgi.core + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2020). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + Bundle-Name + org.osgi:osgi.core + + + Manifest + bundle-symbolicname + osgi.core + + + Manifest + git-descriptor + r8-core-final + + + Manifest + git-sha + 6eee417af367c749a6f84a11239d94cc63f6bdcb + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact1)(version=1.8))" + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + version + 8.0.0 + + + pom + version + 8.0.0 + + + + + pkg:maven/org.osgi/osgi.core@8.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/osgi.core@8.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + bcprov-jdk15on-1.64.jar + + /var/lib/jenkins/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.64/bcprov-jdk15on-1.64.jar + 1d172df000184d005b49bc6d30892a05 + 1467dac1b787b5ad2a18201c0c281df69882259e + a4f463ce552b908a722fa198ef4892a226b3225e453f8df10d5c0a5bfe5db6b6 + The Bouncy Castle Crypto package is a Java implementation of cryptographic + algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle + Cryptography APIs for Java 5 to Java 11. + Bouncy Castle Licence: https://www.bouncycastle.org/licence.html + + Business Process Center - Runtime Environment:compile + + + + file + name + bcprov-jdk15on + + + jar + package name + bouncycastle + + + jar + package name + crypto + + + jar + package name + jce + + + jar + package name + provider + + + Manifest + application-library-allowable-codebase + * + + + Manifest + application-name + Bouncy Castle Provider + + + Manifest + automatic-module-name + org.bouncycastle.provider + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + bcprov + + + Manifest + caller-allowable-codebase + * + + + Manifest + codebase + * + + + Manifest + extension-name + org.bouncycastle.bcprovider + + + Manifest + Implementation-Vendor + BouncyCastle.org + + + Manifest + Implementation-Vendor-Id + org.bouncycastle + + + Manifest + multi-release + true + + + Manifest + originally-created-by + 25.222-b10 (Private Build) + + + Manifest + permissions + all-permissions + + + Manifest + specification-vendor + BouncyCastle.org + + + Manifest + trusted-library + true + + + pom + artifactid + bcprov-jdk15on + + + pom + artifactid + bcprov-jdk15on + + + pom + developer email + feedback-crypto@bouncycastle.org + + + pom + developer id + feedback-crypto + + + pom + developer name + The Legion of the Bouncy Castle Inc. + + + pom + groupid + org.bouncycastle + + + pom + name + Bouncy Castle Provider + + + pom + url + https://www.bouncycastle.org/java.html + + + file + name + bcprov-jdk15on + + + hint analyzer + product + legion-of-the-bouncy-castle-java-crytography-api + + + hint analyzer + product + the_bouncy_castle_crypto_package_for_java + + + jar + package name + bouncycastle + + + jar + package name + crypto + + + jar + package name + jce + + + jar + package name + provider + + + Manifest + application-library-allowable-codebase + * + + + Manifest + application-name + Bouncy Castle Provider + + + Manifest + automatic-module-name + org.bouncycastle.provider + + + Manifest + Bundle-Name + bcprov + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + bcprov + + + Manifest + caller-allowable-codebase + * + + + Manifest + codebase + * + + + Manifest + extension-name + org.bouncycastle.bcprovider + + + Manifest + multi-release + true + + + Manifest + originally-created-by + 25.222-b10 (Private Build) + + + Manifest + permissions + all-permissions + + + Manifest + trusted-library + true + + + pom + artifactid + bcprov-jdk15on + + + pom + developer email + feedback-crypto@bouncycastle.org + + + pom + developer id + feedback-crypto + + + pom + developer name + The Legion of the Bouncy Castle Inc. + + + pom + groupid + org.bouncycastle + + + pom + name + Bouncy Castle Provider + + + pom + url + https://www.bouncycastle.org/java.html + + + file + version + 1.64 + + + Manifest + Bundle-Version + 1.64 + + + pom + version + 1.64 + + + + + pkg:maven/org.bouncycastle/bcprov-jdk15on@1.64 + + https://ossindex.sonatype.org/component/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.64?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.64:*:*:*:*:*:*:* + + + cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.64:*:*:*:*:*:*:* + + + cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.64:*:*:*:*:*:*:* + + + + cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.64:*:*:*:*:*:*:* + + + cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.64:*:*:*:*:*:*:* + + + + + CVE-2020-15522 + MEDIUM + + 4.3 + NETWORK + MEDIUM + NONE + PARTIAL + NONE + NONE + MEDIUM + 2.0 + 8.6 + 2.9 + + + 5.9 + NETWORK + HIGH + NONE + NONE + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.2 + 3.6 + 3.1 + + + CWE-362 + + Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before + 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math + library that can expose information about the private key when an attacker is able to + observe timing information for the generation of multiple deterministic ECDSA + signatures. + + + MISC + https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522 + https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522 + + + MISC + https://www.bouncycastle.org/releasenotes.html + https://www.bouncycastle.org/releasenotes.html + + + CONFIRM + https://security.netapp.com/advisory/ntap-20210622-0007/ + https://security.netapp.com/advisory/ntap-20210622-0007/ + + + MISC + https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 + https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 + + + + cpe:2.3:a:bouncycastle:bc-csharp:*:*:*:*:*:*:*:* + + cpe:2.3:a:bouncycastle:bouncy_castle_fips_.net_api:*:*:*:*:*:*:*:* + + cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api:*:*:*:*:*:*:*:* + + cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api:*:*:*:*:*:*:*:* + + cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:*:*:*:*:*:*:*:* + + + + CVE-2020-0187 + MEDIUM + + 5.5 + L + L + + H + N + N + MEDIUM + + + CWE-310 + + In engineSetMode of BaseBlockCipher.java, there is a possible incorrect + cryptographic algorithm chosen due to an incomplete comparison. This could lead to local + information disclosure with no additional execution privileges needed. User interaction + is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: + A-148517383 + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0187 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0187 + + + OSSIndex + + https://android.googlesource.com/platform/external/bouncycastle/+/14ceec126e49f2f4748f0d540be820515cc725a6 + + https://android.googlesource.com/platform/external/bouncycastle/+/14ceec126e49f2f4748f0d540be820515cc725a6 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2020-0187?component-type=maven&component-name=org.bouncycastle%2Fbcprov-jdk15on&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2020-0187] CWE-310 + + + OSSIndex + https://source.android.com/security/bulletin/pixel/2020-06-01 + https://source.android.com/security/bulletin/pixel/2020-06-01 + + + + + cpe:2.3:a:org.bouncycastle:bcprov-jdk15on:1.64:*:*:*:*:*:*:* + + + + + + byte-buddy-1.12.8.jar (shaded: net.bytebuddy:byte-buddy-dep:1.12.8) + + /var/lib/jenkins/.m2/repository/net/bytebuddy/byte-buddy/1.12.8/byte-buddy-1.12.8.jar/META-INF/maven/net.bytebuddy/byte-buddy-dep/pom.xml + 9ecf97324302e72dbfeb515bf8abf62b + 67eda7d6d955cc20105d834170c400b8817be0ae + 85181a440aacf363b7a3cc51bdc3c81230a65cde267c91e5472e3d84336fc8c6 + + Byte Buddy is a Java library for creating Java classes at run time. + This artifact is a build of Byte Buddy with a remaining dependency onto ASM. + You should never depend on this module without repackaging Byte Buddy and ASM into your own + namespace. + + + Business Process Center - Runtime Environment:runtime + + + + pom + artifactid + byte-buddy-dep + + + pom + groupid + net.bytebuddy + + + pom + name + Byte Buddy (with dependencies) + + + pom + parent-artifactid + byte-buddy-parent + + + pom + artifactid + byte-buddy-dep + + + pom + groupid + net.bytebuddy + + + pom + name + Byte Buddy (with dependencies) + + + pom + parent-artifactid + byte-buddy-parent + + + pom + version + 1.12.8 + + + + + pkg:maven/net.bytebuddy/byte-buddy-dep@1.12.8 + + https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy-dep@1.12.8?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + byte-buddy-1.12.8.jar + + /var/lib/jenkins/.m2/repository/net/bytebuddy/byte-buddy/1.12.8/byte-buddy-1.12.8.jar + f27aad75d9ee672b30112606a750b1c7 + aa42edb39e624cbf8a5b33cb5c5e920027cee42b + 42ba43dcccd8d9d77bfe8776a83e72b67f1fa52c4038a98629e7d288b648da4e + + Byte Buddy is a Java library for creating Java classes at run time. + This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own + name space. + + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + byte-buddy + + + jar + package name + asm + + + jar + package name + build + + + jar + package name + bytebuddy + + + jar + package name + net + + + Manifest + bundle-symbolicname + net.bytebuddy.byte-buddy + + + Manifest + multi-release + true + + + pom + artifactid + byte-buddy + + + pom + artifactid + byte-buddy + + + pom + groupid + net.bytebuddy + + + pom + name + Byte Buddy (without dependencies) + + + pom + parent-artifactid + byte-buddy-parent + + + file + name + byte-buddy + + + jar + package name + asm + + + jar + package name + build + + + jar + package name + bytebuddy + + + jar + package name + net + + + Manifest + Bundle-Name + Byte Buddy (without dependencies) + + + Manifest + bundle-symbolicname + net.bytebuddy.byte-buddy + + + Manifest + multi-release + true + + + pom + artifactid + byte-buddy + + + pom + groupid + net.bytebuddy + + + pom + name + Byte Buddy (without dependencies) + + + pom + parent-artifactid + byte-buddy-parent + + + file + version + 1.12.8 + + + Manifest + Bundle-Version + 1.12.8 + + + pom + version + 1.12.8 + + + + + pkg:maven/net.bytebuddy/byte-buddy@1.12.8 + + https://ossindex.sonatype.org/component/pkg:maven/net.bytebuddy/byte-buddy@1.12.8?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + classmate-1.5.1.jar + /var/lib/jenkins/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar + e91fcd30ba329fd1b0b6dc5321fd067c + 3fe0bed568c62df5e89f4f174c101eab25345b6c + aab4de3006808c09d25dd4ff4a3611cfb63c95463cfd99e73d2e1680d229a33b + Library for introspecting types with full generic information + including resolving of field and method types. + + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + classmate + + + jar + package name + classmate + + + jar + package name + fasterxml + + + jar + package name + types + + + Manifest + automatic-module-name + com.fasterxml.classmate + + + Manifest + bundle-docurl + https://github.com/FasterXML/java-classmate + + + Manifest + bundle-symbolicname + com.fasterxml.classmate + + + Manifest + implementation-build-date + 2019-10-19 22:46:35+0000 + + + Manifest + Implementation-Vendor + fasterxml.com + + + Manifest + Implementation-Vendor-Id + com.fasterxml + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-vendor + fasterxml.com + + + pom + artifactid + classmate + + + pom + artifactid + classmate + + + pom + developer email + blangel@ocheyedan.net + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + blangel + + + pom + developer id + tatu + + + pom + developer name + Brian Langel + + + pom + developer name + Tatu Saloranta + + + pom + groupid + com.fasterxml + + + pom + name + ClassMate + + + pom + organization name + fasterxml.com + + + pom + organization url + https://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + url + FasterXML/java-classmate + + + file + name + classmate + + + jar + package name + classmate + + + jar + package name + fasterxml + + + jar + package name + filter + + + jar + package name + types + + + Manifest + automatic-module-name + com.fasterxml.classmate + + + Manifest + bundle-docurl + https://github.com/FasterXML/java-classmate + + + Manifest + Bundle-Name + ClassMate + + + Manifest + bundle-symbolicname + com.fasterxml.classmate + + + Manifest + implementation-build-date + 2019-10-19 22:46:35+0000 + + + Manifest + Implementation-Title + ClassMate + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-title + ClassMate + + + pom + artifactid + classmate + + + pom + developer email + blangel@ocheyedan.net + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + blangel + + + pom + developer id + tatu + + + pom + developer name + Brian Langel + + + pom + developer name + Tatu Saloranta + + + pom + groupid + com.fasterxml + + + pom + name + ClassMate + + + pom + organization name + fasterxml.com + + + pom + organization url + https://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + url + FasterXML/java-classmate + + + file + version + 1.5.1 + + + Manifest + Bundle-Version + 1.5.1 + + + Manifest + Implementation-Version + 1.5.1 + + + pom + parent-version + 1.5.1 + + + pom + version + 1.5.1 + + + + + pkg:maven/com.fasterxml/classmate@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml/classmate@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.1.0 + + + + + commons-codec-1.15.jar + + /var/lib/jenkins/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar + 303baf002ce6d382198090aedd9d79a2 + 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d + b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63 + + The Apache Commons Codec package contains simple encoder and decoders for + various formats such as Base64 and Hexadecimal. In addition to these + widely used encoders and decoders, the codec package also maintains a + collection of phonetic encoding utilities. + + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + commons-codec + + + jar + package name + apache + + + jar + package name + codec + + + jar + package name + commons + + + jar + package name + encoder + + + Manifest + automatic-module-name + org.apache.commons.codec + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://commons.apache.org/proper/commons-codec/ + + + Manifest + bundle-symbolicname + org.apache.commons.commons-codec + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + commons-codec + + + pom + artifactid + commons-codec + + + pom + developer email + bayard@apache.org + + + pom + developer email + chtompki@apache.org + + + pom + developer email + dgraham@apache.org + + + pom + developer email + dlr@finemaltcoding.com + + + pom + developer email + ggregory@apache.org + + + pom + developer email + jon@collab.net + + + pom + developer email + julius@apache.org + + + pom + developer email + rwaldhoff@apache.org + + + pom + developer email + sanders@totalsync.com + + + pom + developer email + tn@apache.org + + + pom + developer email + tobrien@apache.org + + + pom + developer id + bayard + + + pom + developer id + chtompki + + + pom + developer id + dgraham + + + pom + developer id + dlr + + + pom + developer id + ggregory + + + pom + developer id + jon + + + pom + developer id + julius + + + pom + developer id + rwaldhoff + + + pom + developer id + sanders + + + pom + developer id + tn + + + pom + developer id + tobrien + + + pom + developer name + Daniel Rall + + + pom + developer name + David Graham + + + pom + developer name + Gary Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + Jon S. Stevens + + + pom + developer name + Julius Davies + + + pom + developer name + Rob Tompkins + + + pom + developer name + Rodney Waldhoff + + + pom + developer name + Scott Sanders + + + pom + developer name + Thomas Neidhart + + + pom + developer name + Tim OBrien + + + pom + developer org URL + http://juliusdavies.ca/ + + + pom + groupid + commons-codec + + + pom + name + Apache Commons Codec + + + pom + parent-artifactid + commons-parent + + + pom + parent-groupid + org.apache.commons + + + pom + url + https://commons.apache.org/proper/commons-codec/ + + + file + name + commons-codec + + + jar + package name + apache + + + jar + package name + codec + + + jar + package name + commons + + + jar + package name + encoder + + + Manifest + automatic-module-name + org.apache.commons.codec + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://commons.apache.org/proper/commons-codec/ + + + Manifest + Bundle-Name + Apache Commons Codec + + + Manifest + bundle-symbolicname + org.apache.commons.commons-codec + + + Manifest + Implementation-Title + Apache Commons Codec + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + Manifest + specification-title + Apache Commons Codec + + + pom + artifactid + commons-codec + + + pom + developer email + bayard@apache.org + + + pom + developer email + chtompki@apache.org + + + pom + developer email + dgraham@apache.org + + + pom + developer email + dlr@finemaltcoding.com + + + pom + developer email + ggregory@apache.org + + + pom + developer email + jon@collab.net + + + pom + developer email + julius@apache.org + + + pom + developer email + rwaldhoff@apache.org + + + pom + developer email + sanders@totalsync.com + + + pom + developer email + tn@apache.org + + + pom + developer email + tobrien@apache.org + + + pom + developer id + bayard + + + pom + developer id + chtompki + + + pom + developer id + dgraham + + + pom + developer id + dlr + + + pom + developer id + ggregory + + + pom + developer id + jon + + + pom + developer id + julius + + + pom + developer id + rwaldhoff + + + pom + developer id + sanders + + + pom + developer id + tn + + + pom + developer id + tobrien + + + pom + developer name + Daniel Rall + + + pom + developer name + David Graham + + + pom + developer name + Gary Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + Jon S. Stevens + + + pom + developer name + Julius Davies + + + pom + developer name + Rob Tompkins + + + pom + developer name + Rodney Waldhoff + + + pom + developer name + Scott Sanders + + + pom + developer name + Thomas Neidhart + + + pom + developer name + Tim OBrien + + + pom + developer org URL + http://juliusdavies.ca/ + + + pom + groupid + commons-codec + + + pom + name + Apache Commons Codec + + + pom + parent-artifactid + commons-parent + + + pom + parent-groupid + org.apache.commons + + + pom + url + https://commons.apache.org/proper/commons-codec/ + + + file + version + 1.15 + + + Manifest + Implementation-Version + 1.15 + + + pom + parent-version + 1.15 + + + pom + version + 1.15 + + + + + pkg:maven/commons-codec/commons-codec@1.15 + + https://ossindex.sonatype.org/component/pkg:maven/commons-codec/commons-codec@1.15?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:1.15:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_net&cpe_version=cpe%3A%2F%3Aapache%3Acommons_net%3A1.15 + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + commons-lang3-3.12.0.jar + + /var/lib/jenkins/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar + 19fe50567358922bdad277959ea69545 + c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e + d919d904486c037f8d193412da0c92e22a9fa24230b9d67a57855c5c31c7e94e + + Apache Commons Lang, a package of Java utility classes for the + classes that are in java.lang's hierarchy, or are considered to be so + standard as to justify existence in java.lang. + + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + commons-lang3 + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + lang3 + + + Manifest + automatic-module-name + org.apache.commons.lang3 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://commons.apache.org/proper/commons-lang/ + + + Manifest + bundle-symbolicname + org.apache.commons.lang3 + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + commons-lang3 + + + pom + artifactid + commons-lang3 + + + pom + developer email + bayard@apache.org + + + pom + developer email + britter@apache.org + + + pom + developer email + chtompki@apache.org + + + pom + developer email + djones@apache.org + + + pom + developer email + dlr@finemaltcoding.com + + + pom + developer email + ggregory@apache.org + + + pom + developer email + jcarman@apache.org + + + pom + developer email + joerg.schaible@gmx.de + + + pom + developer email + lguibert@apache.org + + + pom + developer email + oheger@apache.org + + + pom + developer email + pbenedict@apache.org + + + pom + developer email + rdonkin@apache.org + + + pom + developer email + scolebourne@joda.org + + + pom + developer email + stevencaswell@apache.org + + + pom + developer id + bayard + + + pom + developer id + britter + + + pom + developer id + chtompki + + + pom + developer id + djones + + + pom + developer id + dlr + + + pom + developer id + fredrik + + + pom + developer id + ggregory + + + pom + developer id + jcarman + + + pom + developer id + joehni + + + pom + developer id + lguibert + + + pom + developer id + mbenson + + + pom + developer id + niallp + + + pom + developer id + oheger + + + pom + developer id + pbenedict + + + pom + developer id + rdonkin + + + pom + developer id + scaswell + + + pom + developer id + scolebourne + + + pom + developer name + Benedikt Ritter + + + pom + developer name + Daniel Rall + + + pom + developer name + Duncan Jones + + + pom + developer name + Fredrik Westermarck + + + pom + developer name + Gary D. Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + James Carman + + + pom + developer name + Joerg Schaible + + + pom + developer name + Loic Guibert + + + pom + developer name + Matt Benson + + + pom + developer name + Niall Pemberton + + + pom + developer name + Oliver Heger + + + pom + developer name + Paul Benedict + + + pom + developer name + Rob Tompkins + + + pom + developer name + Robert Burrell Donkin + + + pom + developer name + Stephen Colebourne + + + pom + developer name + Steven Caswell + + + pom + developer org + Carman Consulting, Inc. + + + pom + developer org + CollabNet, Inc. + + + pom + developer org + SITA ATS Ltd + + + pom + groupid + org.apache.commons + + + pom + name + Apache Commons Lang + + + pom + parent-artifactid + commons-parent + + + pom + url + https://commons.apache.org/proper/commons-lang/ + + + file + name + commons-lang3 + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + lang3 + + + Manifest + automatic-module-name + org.apache.commons.lang3 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://commons.apache.org/proper/commons-lang/ + + + Manifest + Bundle-Name + Apache Commons Lang + + + Manifest + bundle-symbolicname + org.apache.commons.lang3 + + + Manifest + Implementation-Title + Apache Commons Lang + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Commons Lang + + + pom + artifactid + commons-lang3 + + + pom + developer email + bayard@apache.org + + + pom + developer email + britter@apache.org + + + pom + developer email + chtompki@apache.org + + + pom + developer email + djones@apache.org + + + pom + developer email + dlr@finemaltcoding.com + + + pom + developer email + ggregory@apache.org + + + pom + developer email + jcarman@apache.org + + + pom + developer email + joerg.schaible@gmx.de + + + pom + developer email + lguibert@apache.org + + + pom + developer email + oheger@apache.org + + + pom + developer email + pbenedict@apache.org + + + pom + developer email + rdonkin@apache.org + + + pom + developer email + scolebourne@joda.org + + + pom + developer email + stevencaswell@apache.org + + + pom + developer id + bayard + + + pom + developer id + britter + + + pom + developer id + chtompki + + + pom + developer id + djones + + + pom + developer id + dlr + + + pom + developer id + fredrik + + + pom + developer id + ggregory + + + pom + developer id + jcarman + + + pom + developer id + joehni + + + pom + developer id + lguibert + + + pom + developer id + mbenson + + + pom + developer id + niallp + + + pom + developer id + oheger + + + pom + developer id + pbenedict + + + pom + developer id + rdonkin + + + pom + developer id + scaswell + + + pom + developer id + scolebourne + + + pom + developer name + Benedikt Ritter + + + pom + developer name + Daniel Rall + + + pom + developer name + Duncan Jones + + + pom + developer name + Fredrik Westermarck + + + pom + developer name + Gary D. Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + James Carman + + + pom + developer name + Joerg Schaible + + + pom + developer name + Loic Guibert + + + pom + developer name + Matt Benson + + + pom + developer name + Niall Pemberton + + + pom + developer name + Oliver Heger + + + pom + developer name + Paul Benedict + + + pom + developer name + Rob Tompkins + + + pom + developer name + Robert Burrell Donkin + + + pom + developer name + Stephen Colebourne + + + pom + developer name + Steven Caswell + + + pom + developer org + Carman Consulting, Inc. + + + pom + developer org + CollabNet, Inc. + + + pom + developer org + SITA ATS Ltd + + + pom + groupid + org.apache.commons + + + pom + name + Apache Commons Lang + + + pom + parent-artifactid + commons-parent + + + pom + url + https://commons.apache.org/proper/commons-lang/ + + + file + version + 3.12.0 + + + Manifest + Bundle-Version + 3.12.0 + + + Manifest + Implementation-Version + 3.12.0 + + + pom + parent-version + 3.12.0 + + + pom + version + 3.12.0 + + + + + pkg:maven/org.apache.commons/commons-lang3@3.12.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/commons-lang3@3.12.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.2 + + + cpe:2.3:a:apache:commons_net:3.12.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_net&cpe_version=cpe%3A%2F%3Aapache%3Acommons_net%3A3.12.0 + + + + + cryptacular-1.2.4.jar + + /var/lib/jenkins/.m2/repository/org/cryptacular/cryptacular/1.2.4/cryptacular-1.2.4.jar + 5838c2a0d1bb0a0b115dea4007e6f029 + 4994c015d87886212683245d13e87f6fb903a760 + 97feff80494a54f1b5001f6f4bbdbd45cb64ccbb2dffeb679da9da9be0434b07 + The spectacular complement to the Bouncy Castle crypto API for Java. + Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt + GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + cryptacular + + + hint analyzer + vendor + Virginia Tech + + + hint analyzer + vendor + vt + + + jar + package name + cryptacular + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-symbolicname + org.cryptacular + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + cryptacular + + + pom + artifactid + cryptacular + + + pom + developer email + dfisher@vt.edu + + + pom + developer email + serac@vt.edu + + + pom + developer id + dfisher + + + pom + developer id + serac + + + pom + developer name + Daniel Fisher + + + pom + developer name + Marvin S. Addison + + + pom + developer org + Virginia Tech + + + pom + developer org URL + http://www.vt.edu + + + pom + groupid + org.cryptacular + + + pom + name + Cryptacular Library + + + pom + url + http://www.cryptacular.org + + + file + name + cryptacular + + + jar + package name + cryptacular + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + Bundle-Name + Cryptacular Library + + + Manifest + bundle-symbolicname + org.cryptacular + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + cryptacular + + + pom + developer email + dfisher@vt.edu + + + pom + developer email + serac@vt.edu + + + pom + developer id + dfisher + + + pom + developer id + serac + + + pom + developer name + Daniel Fisher + + + pom + developer name + Marvin S. Addison + + + pom + developer org + Virginia Tech + + + pom + developer org URL + http://www.vt.edu + + + pom + groupid + org.cryptacular + + + pom + name + Cryptacular Library + + + pom + url + http://www.cryptacular.org + + + file + version + 1.2.4 + + + Manifest + Bundle-Version + 1.2.4 + + + pom + version + 1.2.4 + + + + + pkg:maven/org.cryptacular/cryptacular@1.2.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.cryptacular/cryptacular@1.2.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:vt:cryptacular:1.2.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Avt&cpe_product=cpe%3A%2F%3Avt%3Acryptacular&cpe_version=cpe%3A%2F%3Avt%3Acryptacular%3A1.2.4 + + + + + cxf-core-3.5.4.jar + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-core/3.5.4/cxf-core-3.5.4.jar + f5d59fe544f8ea88950e90dd7abfb3fe + adf4d8a8b376c90f9412949c77f66de02775ca43 + a175898d690b582a498402066856d0dae9206c6a40ec73ed52192c8feabaab92 + Apache CXF Core + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + cxf-rt-bindings-xml-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-bindings-xml/3.5.4/cxf-rt-bindings-xml-3.5.4.jar + ed6cd5b7ea52f9528ec6abf75037f9997336630ed233d21c06d1d0eb7da84a07 + 95451519d5596efb7dc4c683aff9492ba862de1d + b86f8d57c573189afc6d9cedcda4dac9 + + + pkg:maven/org.apache.cxf/cxf-rt-bindings-xml@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-bindings-xml@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-databinding-jaxb-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-databinding-jaxb/3.5.4/cxf-rt-databinding-jaxb-3.5.4.jar + 14f4398b5fa08f0a1908ac6a88f3e02edb6bed6d98a6c96b09355abcc004df25 + 33d13084ae357a2d9af69d8fb453fe34f799e57f + 43bd5ed314182cfeeb507705b529b6a0 + + + pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-databinding-jaxb@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-frontend-jaxws-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-frontend-jaxws/3.5.4/cxf-rt-frontend-jaxws-3.5.4.jar + df2619b2c262a0311273f7f82de0122bddf6c1f05dc09b1cb139e3ad6ca38dbb + 236a36c186a420da102845d873e8a60fb9cbb1d5 + 42c6b2e944c7dc8c3a799370a5855a6b + + + pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxws@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxws@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-frontend-simple-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-frontend-simple/3.5.4/cxf-rt-frontend-simple-3.5.4.jar + 863afef88791db904f346c33ca4b2386e50673b6e1f8f658f65de9ae0efbc24c + fdf99848324838ac9905de7ea4083c6e21c3852a + 28f0a7d16123edb9127ecff8eff20a21 + + + pkg:maven/org.apache.cxf/cxf-rt-frontend-simple@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-simple@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-management-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-management/3.5.4/cxf-rt-management-3.5.4.jar + b3b41cd8983c584e41f9339d479a689187e7f1191e6e193969f7877a3847aa78 + b0fdfe22d30d4da0d27fdfa1c994e57a950219e1 + c126821a20e95c06b89550d668181aae + + + pkg:maven/org.apache.cxf/cxf-rt-management@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-management@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-rs-json-basic-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-rs-json-basic/3.5.4/cxf-rt-rs-json-basic-3.5.4.jar + 7bb45f3f142a672af2545cd7cc92e8c118cfb8a59fb239557f3f6c465efbf1ab + bae18f2c1caf4d054ca439ca93375d2d86da033d + 182481645d3cc6e52af38c22a610cd4d + + + pkg:maven/org.apache.cxf/cxf-rt-rs-json-basic@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-rs-json-basic@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-rs-security-jose-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-rs-security-jose/3.5.4/cxf-rt-rs-security-jose-3.5.4.jar + 0de51682011121f80a48706ffc474a23ed8d6d9036fdd6ee0a8c0ed426867858 + 977f71a0389dea41d6d21dffbdf1e0ab9564391e + 9b985a3d3b4304ca87d7d682f0c23105 + + + pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-rs-security-jose@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-security-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-security/3.5.4/cxf-rt-security-3.5.4.jar + f4c7414f717cb9581dd0f8559a204cfb8d5fdc39f9827931aeaa48e402d437df + 95bc6b8bc65f183bc436c8b8f4627b3fd6f4796b + 3c9d85baefd96f2fc13a60f667339273 + + + pkg:maven/org.apache.cxf/cxf-rt-security@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-security@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-transports-http-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-transports-http/3.5.4/cxf-rt-transports-http-3.5.4.jar + 8805a4035211c55b6aed85bc22562a5816d7d0c40f21cf4bd1f45a77fe5d27df + 79c228644c1f94ef8e48e69984462e12cdb779d6 + 05f506da347fd141a447d2f44c0de02a + + + pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-transports-udp-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-transports-udp/3.5.4/cxf-rt-transports-udp-3.5.4.jar + a851ccaedeb9a1f4643c3e89aca6f891bd9e38b4b5769c36bcaaa4d0f193c08f + 6ec3643c8d835db47706c534e62460e167d19483 + d586d56507814ba3be60b7b182b9e925 + + + pkg:maven/org.apache.cxf/cxf-rt-transports-udp@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-transports-udp@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-ws-addr-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-ws-addr/3.5.4/cxf-rt-ws-addr-3.5.4.jar + a27c9ffb2e0dcd37a34cc6364275831df1d6e7fcd479f8f74d28e56a988ae223 + ed7125e355f2173f54f9a012db92c70628682675 + 3ca131db1031f932c421df93c98c96bc + + + pkg:maven/org.apache.cxf/cxf-rt-ws-addr@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-ws-addr@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-ws-mex-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-ws-mex/3.5.4/cxf-rt-ws-mex-3.5.4.jar + 230983d67f6214e089e4ec87355b6c33a47054e53a990803584ddc5a4176791d + 21f7dc904c7b2d0704f3123fe291a1f91af66619 + 38559b99857f6ed196d8204fc4364f8e + + + pkg:maven/org.apache.cxf/cxf-rt-ws-mex@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-ws-mex@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-ws-policy-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-ws-policy/3.5.4/cxf-rt-ws-policy-3.5.4.jar + e34dace33320599ffb0481f6473e6da670db2db942c9b04312216e0e03124ed2 + 3c95a6fadbd265009164cf357041081fae904254 + 3e64c3d89aa8f4fa656f24a135c98953 + + + pkg:maven/org.apache.cxf/cxf-rt-ws-policy@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-ws-policy@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-ws-rm-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-ws-rm/3.5.4/cxf-rt-ws-rm-3.5.4.jar + 7759dd886579b4b4591979b9f14aa5030ddf2e1008ad9b9e104db99f52768a49 + 2043d04cdc409a90499151484499a347aa85d34b + 2df5ed9294fbf2a72e30459258fb18fc + + + pkg:maven/org.apache.cxf/cxf-rt-ws-rm@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-ws-rm@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-ws-security-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-ws-security/3.5.4/cxf-rt-ws-security-3.5.4.jar + 6be7f69b1bbe3502dd8464fc07466a0dafefa376db2e0281a11db8a501ea97de + d084f48f5e9061dbe00874f6720712851f7393cb + d90895b6ca37ec8e8603e71dd6bffe1b + + + pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-rt-wsdl-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-wsdl/3.5.4/cxf-rt-wsdl-3.5.4.jar + 70c5f97cfbd1d6b8de8bee2c205523c34e77deae0a5b681e9488c3eed74417d4 + e5ad5cbe748f8315595bb64e0f3c5c85e3a25f92 + b90ced79a059e34b05efca81bccc0bfe + + + pkg:maven/org.apache.cxf/cxf-rt-wsdl@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-wsdl@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-sts-core-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/sts/cxf-services-sts-core/3.5.4/cxf-services-sts-core-3.5.4.jar + 6c88dddf5d71f7ba2b386a1f92ae1387f22ae11133bf4ac43c31ca5051c0da83 + b0f4369254622d4a9146cf07e73ca32ff5dc16a7 + 7601d51a8bcf788d25ff285acae2081d + + + pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.sts/cxf-services-sts-core@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-ws-discovery-api-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/ws-discovery/cxf-services-ws-discovery-api/3.5.4/cxf-services-ws-discovery-api-3.5.4.jar + fc59d3cae82a44f1f7c99d2e55c1753b765e5900e2bf9b55d3038eb856b9e697 + fb038775132f14f3c20da1887db4732c6da4b1e6 + 381639bfc7c8d69911f6121a7cc818f2 + + + pkg:maven/org.apache.cxf.services.ws-discovery/cxf-services-ws-discovery-api@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.ws-discovery/cxf-services-ws-discovery-api@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-wsn-api-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/wsn/cxf-services-wsn-api/3.5.4/cxf-services-wsn-api-3.5.4.jar + a26216fba70edefb2c37fd5ef0055cfd9b3b6c487a505ab61574f41513242af3 + 71fbbb3711c07cf5806605f33d40009e25aaa269 + 1e2e3f888bb66082d1006707237d54a4 + + + pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-api@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-api@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-wsn-core-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/wsn/cxf-services-wsn-core/3.5.4/cxf-services-wsn-core-3.5.4.jar + fb32ba0c461ae077372527a6006a564baf1b9c088f1be11ec797daaeea5d3113 + dee01599758b0038ed16722ede33c8894fe65fff + 726bdf7d2d68ccad1f61b19c14594a41 + + + pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-core@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-core@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-wsn-osgi-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/wsn/cxf-services-wsn-osgi/3.5.4/cxf-services-wsn-osgi-3.5.4.jar + d6afefcbab2c7f2531b33909cb0537110f153997bcb7dbb9a4b66047db6265b5 + e48aa2a30ea27b2b9c9db0298a7d206752ebfbaa + a47618d31eb78849ad14acff71f7c659 + + + pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-osgi@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.wsn/cxf-services-wsn-osgi@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-servlet-compatible-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-servlet-compatible/3.5.4/cxf-servlet-compatible-3.5.4.jar + 32b0ea104b4e60a118df05c36afb5e2072f2b56cd352c7081e10f03d1353ff97 + 86f7f67be5f12fe4b342de50775de0c37e0e8e2f + 9db8ff76e37d772686d731cf724e7802 + + + pkg:maven/org.apache.cxf/cxf-servlet-compatible@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-servlet-compatible@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + cxf-core + + + jar + package name + apache + + + jar + package name + cxf + + + Manifest + automatic-module-name + org.apache.cxf.core + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + bundle-symbolicname + org.apache.cxf.cxf-core + + + Manifest + export-service + + org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + cxf-core + + + pom + artifactid + cxf-core + + + pom + groupid + org.apache.cxf + + + pom + name + Apache CXF Core + + + pom + parent-artifactid + cxf-parent + + + pom + url + https://cxf.apache.org + + + file + name + cxf-core + + + jar + package name + apache + + + jar + package name + blueprint + + + jar + package name + configuration + + + jar + package name + cxf + + + jar + package name + http + + + jar + package name + osgi + + + jar + package name + security + + + jar + package name + service + + + jar + package name + version + + + jar + package name + wsdl + + + Manifest + automatic-module-name + org.apache.cxf.core + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + Bundle-Name + Apache CXF Core + + + Manifest + bundle-symbolicname + org.apache.cxf.cxf-core + + + Manifest + export-service + + org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + cxf-core + + + pom + groupid + org.apache.cxf + + + pom + name + Apache CXF Core + + + pom + parent-artifactid + cxf-parent + + + pom + url + https://cxf.apache.org + + + file + version + 3.5.4 + + + Manifest + Bundle-Version + 3.5.4 + + + Manifest + Implementation-Version + 3.5.4 + + + pom + version + 3.5.4 + + + + + pkg:maven/org.apache.cxf/cxf-core@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-core@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:cxf:3.5.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acxf&cpe_version=cpe%3A%2F%3Aapache%3Acxf%3A3.5.4 + + + + + cxf-karaf-commands-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/karaf/cxf-karaf-commands/3.5.4/cxf-karaf-commands-3.5.4.jar + e0536e5cbff8d1e86e8325e107ffa81d + a2fec939dc237cc53a27b3555593dbcffb5196ee + ec876879a77960ad65ef3dbc64a6d58a79dcaa1233b1407428a4317c8f28b2cd + Apache CXF Karaf Commands + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + cxf-karaf-commands + + + jar + package name + apache + + + jar + package name + commands + + + jar + package name + cxf + + + jar + package name + karaf + + + Manifest + automatic-module-name + org.apache.cxf.karaf.commands + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + bundle-symbolicname + org.apache.cxf.karaf.cxf-karaf-commands + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + karaf-commands + * + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + cxf-karaf-commands + + + pom + artifactid + cxf-karaf-commands + + + pom + groupid + org.apache.cxf.karaf + + + pom + name + Apache CXF Karaf Commands + + + pom + parent-artifactid + karaf-parent + + + file + name + cxf-karaf-commands + + + jar + package name + apache + + + jar + package name + commands + + + jar + package name + cxf + + + jar + package name + karaf + + + Manifest + automatic-module-name + org.apache.cxf.karaf.commands + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + Bundle-Name + Apache CXF Karaf Commands + + + Manifest + bundle-symbolicname + org.apache.cxf.karaf.cxf-karaf-commands + + + Manifest + karaf-commands + * + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + cxf-karaf-commands + + + pom + groupid + org.apache.cxf.karaf + + + pom + name + Apache CXF Karaf Commands + + + pom + parent-artifactid + karaf-parent + + + file + version + 3.5.4 + + + Manifest + Bundle-Version + 3.5.4 + + + Manifest + Implementation-Version + 3.5.4 + + + pom + version + 3.5.4 + + + + + pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.karaf/cxf-karaf-commands@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:cxf:3.5.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acxf&cpe_version=cpe%3A%2F%3Aapache%3Acxf%3A3.5.4 + + + cpe:2.3:a:apache:karaf:3.5.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Akaraf&cpe_version=cpe%3A%2F%3Aapache%3Akaraf%3A3.5.4 + + + + + CVE-2018-11786 + HIGH + + 9.0 + NETWORK + LOW + SINGLE + COMPLETE + COMPLETE + COMPLETE + HIGH + 2.0 + 8.0 + 10.0 + + + 8.8 + NETWORK + LOW + LOW + NONE + UNCHANGED + HIGH + HIGH + HIGH + HIGH + 2.8 + 5.9 + 3.0 + + + CWE-269 + + In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left + on so an administrator can manage the running instance, any user with rights to the + Karaf console can pivot and read/write any file on the file system to which the Karaf + process user has access. This can be locked down a bit by using chroot to change the + root directory to protect files outside of the Karaf install directory; it can be + further locked down by defining a security manager policy that limits file system access + to those directories beneath the Karaf home that are necessary for the system to run. + However, this still allows anyone with ssh access to the Karaf process to read and write + a large number of files as the Karaf process user. + + + CONFIRM + https://issues.apache.org/jira/browse/KARAF-5427 + https://issues.apache.org/jira/browse/KARAF-5427 + + + MLIST + + https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E + [karaf-dev] 20180918 [SECURITY] New security advisory for CVE-2018-11786 + released for Apache Karaf + + + CONFIRM + http://karaf.apache.org/security/cve-2018-11786.txt + http://karaf.apache.org/security/cve-2018-11786.txt + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2021-41766 + HIGH + + 6.8 + NETWORK + MEDIUM + NONE + PARTIAL + PARTIAL + PARTIAL + MEDIUM + 2.0 + 8.6 + 6.4 + + + 8.1 + NETWORK + HIGH + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + HIGH + 2.2 + 5.9 + 3.1 + + + CWE-502 + + Apache Karaf allows monitoring of applications and the Java runtime by using + the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on + Java serialized objects for client server communication. Whereas the default JMX + implementation is hardened against unauthenticated deserialization attacks, the + implementation used by Apache Karaf is not protected against this kind of attack. The + impact of Java deserialization vulnerabilities strongly depends on the classes that are + available within the targets class path. Generally speaking, deserialization of + untrusted data does always represent a high security risk and should be prevented. The + risk is low as, by default, Karaf uses a limited set of classes in the JMX server class + path. It depends of system scoped classes (e.g. jar in the lib folder). + + + CONFIRM + https://karaf.apache.org/security/cve-2021-41766.txt + N/A + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2016-8750 + MEDIUM + + 4.0 + NETWORK + LOW + SINGLE + NONE + NONE + PARTIAL + MEDIUM + 2.0 + 8.0 + 2.9 + + + 6.5 + NETWORK + LOW + LOW + NONE + UNCHANGED + NONE + NONE + HIGH + MEDIUM + 2.8 + 3.6 + 3.0 + + + CWE-90 + + Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to + a directory via LDAP. However, it did not encoding usernames properly and hence was + vulnerable to LDAP injection attacks leading to a denial of service. + + + BID + http://www.securityfocus.com/bid/103098 + 103098 + + + REDHAT + https://access.redhat.com/errata/RHSA-2018:1322 + RHSA-2018:1322 + + + CONFIRM + https://karaf.apache.org/security/cve-2016-8750.txt + https://karaf.apache.org/security/cve-2016-8750.txt + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2019-0191 + MEDIUM + + 4.0 + NETWORK + LOW + SINGLE + NONE + PARTIAL + NONE + MEDIUM + 2.0 + 8.0 + 2.9 + + + 6.5 + NETWORK + LOW + LOW + NONE + UNCHANGED + NONE + HIGH + NONE + MEDIUM + 2.8 + 3.6 + 3.0 + + + CWE-22 + + Apache Karaf kar deployer reads .kar archives and extracts the paths from the + "repository/" and "resources/" entries in the zip file. It then + writes out the content of these paths to the Karaf repo and resources directories. + However, it doesn't do any validation on the paths in the zip file. This means that + a malicious user could craft a .kar file with ".." directory names and break + out of the directories to write arbitrary content to the filesystem. This is the + "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. + This vulnerability is low if the Karaf process user has limited permission on the + filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. + + + MLIST + + https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1@%3Cuser.karaf.apache.org%3E + [karaf-user] 20190307 [SECURITY] New security advisory for CVE-2019-0191 + released for Apache Karaf + + + BID + http://www.securityfocus.com/bid/107462 + 107462 + + + MLIST + + https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070@%3Ccommits.karaf.apache.org%3E + [karaf-commits] 20190506 [karaf-site] branch trunk updated: Publish + CVE-2019-0226 + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2020-11980 + MEDIUM + + 6.5 + NETWORK + LOW + SINGLE + PARTIAL + PARTIAL + PARTIAL + MEDIUM + 2.0 + 8.0 + 6.4 + + + 6.3 + NETWORK + LOW + LOW + NONE + UNCHANGED + LOW + LOW + LOW + MEDIUM + 2.8 + 3.4 + 3.1 + + + CWE-918 + + In Karaf, JMX authentication takes place using JAAS and authorization takes + place using ACL files. By default, only an "admin" can actually invoke on an + MBean. However there is a vulnerability there for someone who is not an admin, but has a + "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. + It's possible to authenticate as a viewer role + invokes on the MLet + getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, + which is then registered in Karaf. At this point the attack fails as "viewer" + doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF + style attack and also it essentially allows a "viewer" role to pollute the + MBean registry, which is a kind of privilege escalation. The vulnerability is low as + it's possible to add a ACL to limit access. Users should update to Apache Karaf + 4.2.9 or newer. + + + MISC + http://karaf.apache.org/security/cve-2020-11980.txt + http://karaf.apache.org/security/cve-2020-11980.txt + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2014-0219 + MEDIUM + + 2.1 + LOCAL + LOW + NONE + NONE + NONE + PARTIAL + LOW + 2.0 + 3.9 + 2.9 + + + 5.5 + LOCAL + LOW + LOW + NONE + UNCHANGED + NONE + NONE + HIGH + MEDIUM + 1.8 + 3.6 + 3.0 + + + CWE-20 + + Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, + which allows local users to cause a denial of service (shutdown) by sending a shutdown + command to all listening high ports. + + + CONFIRM + https://bugzilla.redhat.com/show_bug.cgi?id=1095974 + https://bugzilla.redhat.com/show_bug.cgi?id=1095974 + + + CONFIRM + http://karaf.apache.org/security/cve-2014-0219.txt + http://karaf.apache.org/security/cve-2014-0219.txt + + + BID + http://www.securityfocus.com/bid/101872 + 101872 + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2022-22932 + MEDIUM + + 5.0 + NETWORK + LOW + NONE + PARTIAL + NONE + NONE + MEDIUM + 2.0 + 10.0 + 2.9 + + + 5.3 + NETWORK + LOW + NONE + NONE + UNCHANGED + LOW + NONE + NONE + MEDIUM + 3.9 + 1.4 + 3.1 + + + CWE-22 + + Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have + partial path traversal which allows to break out of expected folder. The risk is low as + obr:* commands are not very used and the entry is set by user. This has been fixed in + revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 + https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users + should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. + JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326 + + + CONFIRM + https://karaf.apache.org/security/cve-2022-22932.txt + N/A + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2019-0226 + MEDIUM + + 5.5 + NETWORK + LOW + SINGLE + NONE + PARTIAL + PARTIAL + MEDIUM + 2.0 + 8.0 + 4.9 + + + 4.9 + NETWORK + LOW + HIGH + NONE + UNCHANGED + NONE + HIGH + NONE + MEDIUM + 1.2 + 3.6 + 3.0 + + + CWE-22 + + Apache Karaf Config service provides a install method (via service or MBean) + that could be used to travel in any directory and overwrite existing file. The + vulnerability is low if the Karaf process user has limited permission on the filesystem. + Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf + 4.2.5 or later. + + + MLIST + + https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E + [karaf-dev] 20190506 [SECURITY] New security advisory for CVE-2019-0226 released + for Apache Karaf + + + MLIST + + https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E + [karaf-commits] 20200612 [karaf-site] branch trunk updated: Publish + CVE-2020-11980 + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + + + CVE-2018-11788 + + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + HIGH + 2.0 + 10.0 + 6.4 + + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.0 + + + CWE-611 + + Apache Karaf provides a features deployer, which allows users to "hot + deploy" a features XML by dropping the file directly in the deploy folder. The + features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class + doesn't contain any mitigation codes against XXE. This is a potential security risk + as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or + 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. + Laut dem Finding ist es seit dem Karaf 4.1.7 und 4.2.2 behoben. Wir verwenden >= + 4.3.2. + + + BID + http://www.securityfocus.com/bid/106479 + 106479 + + + MISC + http://karaf.apache.org/security/cve-2018-11788.txt + http://karaf.apache.org/security/cve-2018-11788.txt + + + + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* + cpe:2.3:a:apache:karaf:4.2.0:milestone1:*:*:*:*:*:* + cpe:2.3:a:apache:karaf:4.2.0:milestone2:*:*:*:*:*:* + + + + + + cxf-rt-bindings-soap-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-bindings-soap/3.5.4/cxf-rt-bindings-soap-3.5.4.jar + 484c5da55105c3246b21721f11bd65e1 + 18606d8e2b4e5454936f87aa8d5e516222b02c6c + fa85dba9b3667749bc27554dfce79b72fe37e3a0f476db921db50c4d7b4eb4ad + Apache CXF Runtime SOAP Binding + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + cxf-rt-security-saml-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/cxf-rt-security-saml/3.5.4/cxf-rt-security-saml-3.5.4.jar + 78d36f63c523b996df22c7ff606268e6fd71c94613c9bdadc3d1c33478e4e501 + dfc48d65980c8fe730f7171121606fa5f2d1763f + a5a004a958109fdbbe932b3168524b78 + + + pkg:maven/org.apache.cxf/cxf-rt-security-saml@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-security-saml@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + cxf-services-ws-discovery-service-3.5.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/cxf/services/ws-discovery/cxf-services-ws-discovery-service/3.5.4/cxf-services-ws-discovery-service-3.5.4.jar + 1aa93d13f677737759d1556e79287617318736540da74a197a6e209bd10c04ea + 209928e004dc6739dc73b231d1fcb2087a329be8 + 9cae3033c454a270601ab2e7b7d56ff6 + + + + pkg:maven/org.apache.cxf.services.ws-discovery/cxf-services-ws-discovery-service@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf.services.ws-discovery/cxf-services-ws-discovery-service@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + cxf-rt-bindings-soap + + + jar + package name + apache + + + jar + package name + binding + + + jar + package name + cxf + + + jar + package name + soap + + + Manifest + automatic-module-name + org.apache.cxf.binding.soap + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + bundle-symbolicname + org.apache.cxf.cxf-rt-bindings-soap + + + Manifest + export-service + + org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/bindings/soap" + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + cxf-rt-bindings-soap + + + pom + artifactid + cxf-rt-bindings-soap + + + pom + groupid + org.apache.cxf + + + pom + name + Apache CXF Runtime SOAP Binding + + + pom + parent-artifactid + cxf-parent + + + pom + url + https://cxf.apache.org + + + file + name + cxf-rt-bindings-soap + + + jar + package name + apache + + + jar + package name + binding + + + jar + package name + cxf + + + jar + package name + soap + + + Manifest + automatic-module-name + org.apache.cxf.binding.soap + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-docurl + http://cxf.apache.org + + + Manifest + Bundle-Name + Apache CXF Runtime SOAP Binding + + + Manifest + bundle-symbolicname + org.apache.cxf.cxf-rt-bindings-soap + + + Manifest + export-service + + org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/bindings/soap" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + cxf-rt-bindings-soap + + + pom + groupid + org.apache.cxf + + + pom + name + Apache CXF Runtime SOAP Binding + + + pom + parent-artifactid + cxf-parent + + + pom + url + https://cxf.apache.org + + + file + version + 3.5.4 + + + Manifest + Bundle-Version + 3.5.4 + + + Manifest + Implementation-Version + 3.5.4 + + + pom + version + 3.5.4 + + + + + pkg:maven/org.apache.cxf/cxf-rt-bindings-soap@3.5.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-bindings-soap@3.5.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:cxf:3.5.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acxf&cpe_version=cpe%3A%2F%3Aapache%3Acxf%3A3.5.4 + + + cpe:2.3:a:apache:soap:3.5.4:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Asoap&cpe_version=cpe%3A%2F%3Aapache%3Asoap%3A3.5.4 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache.modules:ehcache-107:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-107/pom.xml + 254cc52e8e1bad1afad13b91dd6e0fc4 + 96604203f3916ae35528dbb98c26799136bad83e + 59d54bbd1dd653c91c49ce1c08908c4e1512cc11f9b0d2f4efeadd65d689410b + The JSR-107 compatibility module of Ehcache 3 + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-107 + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 JSR-107 module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-107 + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 JSR-107 module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache.modules/ehcache-107@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-107@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache.modules:ehcache-api:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-api/pom.xml + 5cfa257a6d31bdd88862a5c52627a0cb + 2f78fe726d4d84845c0162ea1bdc033df2ae8242 + 6bee6796ccd0b26590f9b09a60309428db5798d83f04bcc5dbb548bec683d765 + The API module of Ehcache 3 + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-api + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 API module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-api + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 API module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache.modules/ehcache-api@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-api@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache.modules:ehcache-core:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-core/pom.xml + 2e102e15cbb3fbb21b79e9ee396b4c67 + 36a4859b9b365119637d04af175ac5f59899196f + d06c3bca420a3d87fcc075236f02aa7d6185baf7e88fff67d20f9bbe620f9049 + The Core module of Ehcache 3 + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-core + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 Core module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-core + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 Core module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache.modules/ehcache-core@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-core@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache.modules:ehcache-impl:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-impl/pom.xml + 6777a3b5ff3cc527964ca288e49418db + 968670682e7439635e207964ca1e235661d9c7a4 + 27cac7c5e188db016a61fe4738c058f34eeb2201ca3c71f56a7700940bbbd4c0 + The implementation module of Ehcache 3 + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-impl + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 Implementation module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-impl + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 Implementation module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache.modules/ehcache-impl@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-impl@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache.modules:ehcache-xml:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-xml/pom.xml + 4abc022ef5d0cf91b406b0e5506b1848 + c4d6cc76a99ba15b9210b000b68855a420495e5a + 7ac16925c5f4d2eb8e0d54dd4350d86c9e81235ef3e2caff9ab85c48037f6c52 + The module containing all XML parsing logic Ehcache 3 + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-xml + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 XML Parsing module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-xml + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache.modules + + + pom + name + Ehcache 3 XML Parsing module + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache.modules/ehcache-xml@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache.modules/ehcache-xml@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache:ehcache-dist:3.9.3) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache.modules/ehcache-dist/pom.xml + 53c69d3c62aa8c7ec3a397394e54e9d5 + 61b76026ae9514c4f6e087f5e90c6d92e42368c1 + 4be23d596e3d8ec9867442a7853d9d4a1ee4ea288893d31709c8ae6bf42bd490 + End-user ehcache3 jar artifact + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ehcache-dist + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache + + + pom + name + Ehcache + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + artifactid + ehcache-dist + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache + + + pom + name + Ehcache + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache/ehcache-dist@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/ehcache-dist@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.ehcache:sizeof:0.4.0) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.ehcache/sizeof/pom.xml + 4c6f7de9f499531083e2a0d03392f3cf + 73ae8131061b4f5b29fa15819c0ed429ac4708d4 + e9a89defb70a370e182e4eb1e4ced5e8b5a0ebc3c21d1da4342ed040bf02d4ad + SizeOf engine, extracted from Ehcache + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + sizeof + + + pom + groupid + org.ehcache + + + pom + name + Ehcache SizeOf Engine + + + pom + organization name + Terracotta + + + pom + organization url + http://terracotta.org + + + pom + url + ehcache/sizeof + + + pom + artifactid + sizeof + + + pom + groupid + org.ehcache + + + pom + name + Ehcache SizeOf Engine + + + pom + organization name + Terracotta + + + pom + organization url + http://terracotta.org + + + pom + url + ehcache/sizeof + + + pom + version + 0.4.0 + + + + + pkg:maven/org.ehcache/sizeof@0.4.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/sizeof@0.4.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.terracotta:offheap-store:2.5.1) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.terracotta/offheap-store/pom.xml + 08634dd0d6ab80cd54ed820f0dd351f6 + 33e7ba9347b8e73fe00137370f81f0340c067841 + 99d215fffd2e2048625cdd9fd0b55ac52cf2d1e766b245504be774cec74ef8fc + A library that offers data structures allocated off the java heap. + The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + offheap-store + + + pom + developer email + chris.dennis@terracottatech.com + + + pom + developer name + Chris Dennis + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Off-Heap Store + + + pom + url + Terracotta-OSS/offheap-store/ + + + pom + artifactid + offheap-store + + + pom + developer email + chris.dennis@terracottatech.com + + + pom + developer name + Chris Dennis + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Off-Heap Store + + + pom + url + Terracotta-OSS/offheap-store/ + + + pom + version + 2.5.1 + + + + + pkg:maven/org.terracotta/offheap-store@2.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/offheap-store@2.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.terracotta:statistics:2.1) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.terracotta/statistics/pom.xml + c2e7d02d7e332392956c557deed20543 + 56e7b6d8a273bd82f2d7066b7063de656763f2b7 + c97d57efb3ac671e65a39fc2109e354ef5ea665a1a6490491e5a348e0dbf1ebb + A statistics framework used inside Ehcache and the Terracotta products + The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + statistics + + + pom + developer email + chris.dennis@terracottatech.com + + + pom + developer email + Chris.Schanck@terracottatech.com + + + pom + developer email + ludovic.orban@terracottatech.com + + + pom + developer name + Chris Dennis + + + pom + developer name + Chris Schanck + + + pom + developer name + Ludovic Orban + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Statistics + + + pom + url + Terracotta-OSS/statistics + + + pom + artifactid + statistics + + + pom + developer email + chris.dennis@terracottatech.com + + + pom + developer email + Chris.Schanck@terracottatech.com + + + pom + developer email + ludovic.orban@terracottatech.com + + + pom + developer name + Chris Dennis + + + pom + developer name + Chris Schanck + + + pom + developer name + Ludovic Orban + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Statistics + + + pom + url + Terracotta-OSS/statistics + + + pom + version + 2.1 + + + + + pkg:maven/org.terracotta/statistics@2.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/statistics@2.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar (shaded: org.terracotta:terracotta-utilities-tools:0.0.8) + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/META-INF/maven/org.terracotta/terracotta-utilities-tools/pom.xml + 6544811727a5353ff85feed6d9889f74 + 036c8f042404b2337a1f4fb783abc34d063696b6 + fdbd9a5bfa8f997fe1e40db96eb66943bf3c115f0830071036b05e1187245df4 + Utility classes/methods for common Java tasks + The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + terracotta-utilities-tools + + + pom + developer email + clifford.johnson@softwareag.com + + + pom + developer name + Clifford W Johnson + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Utilities Tools + + + pom + parent-artifactid + terracotta-utilities-parent + + + pom + url + Terracotta-OSS/terracotta-utilities/ + + + pom + artifactid + terracotta-utilities-tools + + + pom + developer email + clifford.johnson@softwareag.com + + + pom + developer name + Clifford W Johnson + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + https://terracotta.org + + + pom + groupid + org.terracotta + + + pom + name + Terracotta Utilities Tools + + + pom + parent-artifactid + terracotta-utilities-parent + + + pom + url + Terracotta-OSS/terracotta-utilities/ + + + pom + version + 0.0.8 + + + + + pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.8 + + https://ossindex.sonatype.org/component/pkg:maven/org.terracotta/terracotta-utilities-tools@0.0.8?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ehcache-3.9.3.jar + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar + e0ac3ca32b4256d7e7159f9796e8c769 + 67a2758b89b942dfa622d764353fcf08fba2e7bb + 30f709462667c7f3c754c45be54034922523ea6cb9564be6ceaf73e9d959a634 + End-user ehcache3 jar artifact + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + ehcache + + + jar + package name + ehcache + + + jar + package name + org + + + jar + package name + terracotta + + + Manifest + build-time + 2021-04-21T02:04:48+0000 + + + Manifest + bundle-docurl + http://ehcache.org + + + Manifest + bundle-symbolicname + org.ehcache + + + Manifest + provide-capability + + osgi.service;objectClass:List="javax.cache.spi.CachingProvider",osgi.service;objectClass:List="org.ehcache.core.spi.service.ServiceFactory",osgi.service;objectClass:List="org.ehcache.xml.CacheManagerServiceConfigurationParser",osgi.service;objectClass:List="org.ehcache.xml.CacheServiceConfigurationParser" + + + Manifest + require-capability + + osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + service-component + OSGI-INF/*.xml + + + pom + artifactid + ehcache + + + pom + artifactid + ehcache + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache + + + pom + name + Ehcache + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + file + name + ehcache + + + jar + package name + cache + + + jar + package name + cachemanagerserviceconfigurationparser + + + jar + package name + cacheserviceconfigurationparser + + + jar + package name + core + + + jar + package name + ehcache + + + jar + package name + filter + + + jar + package name + org + + + jar + package name + osgi + + + jar + package name + service + + + jar + package name + spi + + + jar + package name + terracotta + + + jar + package name + xml + + + Manifest + build-time + 2021-04-21T02:04:48+0000 + + + Manifest + bundle-docurl + http://ehcache.org + + + Manifest + Bundle-Name + Ehcache 3 + + + Manifest + bundle-symbolicname + org.ehcache + + + Manifest + Implementation-Title + ehcache-dist + + + Manifest + provide-capability + + osgi.service;objectClass:List="javax.cache.spi.CachingProvider",osgi.service;objectClass:List="org.ehcache.core.spi.service.ServiceFactory",osgi.service;objectClass:List="org.ehcache.xml.CacheManagerServiceConfigurationParser",osgi.service;objectClass:List="org.ehcache.xml.CacheServiceConfigurationParser" + + + Manifest + require-capability + + osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + service-component + OSGI-INF/*.xml + + + pom + artifactid + ehcache + + + pom + developer email + tc-oss@softwareag.com + + + pom + developer name + Terracotta Engineers + + + pom + developer org + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + developer org URL + http://ehcache.org + + + pom + groupid + org.ehcache + + + pom + name + Ehcache + + + pom + organization name + Terracotta Inc., a wholly-owned subsidiary of Software AG USA, Inc. + + + pom + organization url + http://terracotta.org + + + pom + url + http://ehcache.org + + + file + version + 3.9.3 + + + Manifest + Bundle-Version + 3.9.3 + + + pom + version + 3.9.3 + + + + + pkg:maven/org.ehcache/ehcache@3.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ehcache/ehcache@3.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:3.9.3:*:*:*:*:*:*:* + + + + + ehcache-3.9.3.jar: sizeof-agent.jar + + /var/lib/jenkins/.m2/repository/org/ehcache/ehcache/3.9.3/ehcache-3.9.3.jar/org/ehcache/sizeof/impl/sizeof-agent.jar + ebbbeb86eb031d51e9607e2e5581ec70 + fb0f17e0abef2dce271fe80fff4ec331bb635a2a + e0bc6c03760bf71296d00ca2c15eb4b9bfa19f60a287edf002b2b2423f993d88 + + Business Process Center - Runtime Environment:compile + + + + file + name + sizeof-agent + + + jar + package name + ehcache + + + jar + package name + impl + + + jar + package name + sizeof + + + file + name + sizeof-agent + + + jar + package name + impl + + + jar + package name + sizeof + + + jar + package name + sizeofagent + + + + + failureaccess-1.0.1.jar + + /var/lib/jenkins/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar + 091883993ef5bfa91da01dcc8fc52236 + 1dcf1de382a0bf95a3d8b0849546c88bac1292c9 + a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26 + + Contains + com.google.common.util.concurrent.internal.InternalFutureFailureAccess and + InternalFutures. Most users will never need to use this artifact. Its + classes is conceptually a part of Guava, but they're in this separate + artifact so that Android libraries can use them without pulling in all of + Guava (just as they can use ListenableFuture by depending on the + listenablefuture artifact). + + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + failureaccess + + + jar + package name + common + + + jar + package name + concurrent + + + jar + package name + google + + + jar + package name + util + + + Manifest + bundle-docurl + https://github.com/google/guava/ + + + Manifest + bundle-symbolicname + com.google.guava.failureaccess + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + failureaccess + + + pom + artifactid + failureaccess + + + pom + groupid + com.google.guava + + + pom + name + Guava InternalFutureFailureAccess and InternalFutures + + + pom + parent-artifactid + guava-parent + + + file + name + failureaccess + + + jar + package name + common + + + jar + package name + concurrent + + + jar + package name + google + + + jar + package name + util + + + Manifest + bundle-docurl + https://github.com/google/guava/ + + + Manifest + Bundle-Name + Guava InternalFutureFailureAccess and InternalFutures + + + Manifest + bundle-symbolicname + com.google.guava.failureaccess + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + failureaccess + + + pom + groupid + com.google.guava + + + pom + name + Guava InternalFutureFailureAccess and InternalFutures + + + pom + parent-artifactid + guava-parent + + + file + version + 1.0.1 + + + Manifest + Bundle-Version + 1.0.1 + + + pom + parent-version + 1.0.1 + + + pom + version + 1.0.1 + + + + + pkg:maven/com.google.guava/failureaccess@1.0.1 + + https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/failureaccess@1.0.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.1.1 + + + + + geronimo-j2ee-management_1.1_spec-1.0.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-j2ee-management_1.1_spec/1.0.1/geronimo-j2ee-management_1.1_spec-1.0.1.jar + 7e1708a3b808e9749b5789668fd9ca8b + 5372615b0c04c1913c95c34a0414cef720ca2855 + 7ad780c72a92039bc07cbc09b6ee8d06571a1fbd92d4361a19a433d783b6e221 + Provides open-source implementations of Sun specifications. + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + geronimo-j2ee-management_1.1_spec-1.0.1 + + + jar + package name + j2ee + + + jar + package name + management + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-j2ee-management_1.1_spec + + + pom + artifactid + geronimo-j2ee-management_1.1_spec + + + pom + artifactid + geronimo-j2ee-management_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + J2EE Management 1.1 + + + pom + parent-artifactid + specs + + + file + name + geronimo-j2ee-management_1.1_spec-1.0.1 + + + jar + package name + j2ee + + + jar + package name + management + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + Bundle-Name + geronimo-j2ee-management_1.1_spec + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-j2ee-management_1.1_spec + + + Manifest + Implementation-Title + Apache Geronimo + + + pom + artifactid + geronimo-j2ee-management_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + J2EE Management 1.1 + + + pom + parent-artifactid + specs + + + Manifest + Bundle-Version + 1.0.1 + + + Manifest + Implementation-Version + 1.0.1 + + + pom + parent-version + 1.0.1 + + + pom + version + 1.0.1 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-j2ee-management_1.1_spec@1.0.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-j2ee-management_1.1_spec@1.0.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-javamail_1.4_mail-1.8.4.jar (shaded: + org.apache.geronimo.javamail:geronimo-javamail_1.4_provider:1.8.4) + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/javamail/geronimo-javamail_1.4_mail/1.8.4/geronimo-javamail_1.4_mail-1.8.4.jar/META-INF/maven/org.apache.geronimo.javamail/geronimo-javamail_1.4_provider/pom.xml + 5d79ca674ab7a6e5ad6ae72f989ae053 + 919158e6c9900760bc37c25e420e15d2a10677f2 + a3531252b166422870ab30b19a3220e374afaa6bd796454b8bcc21e9256371a8 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + geronimo-javamail_1.4_provider + + + pom + groupid + org.apache.geronimo.javamail + + + pom + name + Geronimo JavaMail 1.4 :: Provider + + + pom + parent-artifactid + geronimo-javamail_1.4 + + + pom + artifactid + geronimo-javamail_1.4_provider + + + pom + groupid + org.apache.geronimo.javamail + + + pom + name + Geronimo JavaMail 1.4 :: Provider + + + pom + parent-artifactid + geronimo-javamail_1.4 + + + pom + version + 1.8.4 + + + + + pkg:maven/org.apache.geronimo.javamail/geronimo-javamail_1.4_provider@1.8.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.javamail/geronimo-javamail_1.4_provider@1.8.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-javamail_1.4_mail-1.8.4.jar (shaded: + org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1) + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/javamail/geronimo-javamail_1.4_mail/1.8.4/geronimo-javamail_1.4_mail-1.8.4.jar/META-INF/maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec/pom.xml + 3743449ae3615be03030800b9e3a7635 + 74ae043414f17033b626ec465233bccc5fb844fc + 2ef870e5dcabdb2438e83ea8d466c22816741bf08ffe410c8bacc70c6fe14b5a + Javamail 1.4 Specification + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + geronimo-javamail_1.4_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JavaMail 1.4 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.7.1 + + + pom + artifactid + geronimo-javamail_1.4_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JavaMail 1.4 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.7.1 + + + pom + parent-version + 1.7.1 + + + pom + version + 1.7.1 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec@1.7.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-javamail_1.4_spec@1.7.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-javamail_1.4_mail-1.8.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/javamail/geronimo-javamail_1.4_mail/1.8.4/geronimo-javamail_1.4_mail-1.8.4.jar + f0f877ca397f77198f4c941bee52f0a4 + 0c111549605e4fb904984e4f40299a3a653871ea + e3e58acb4962ee0615cc398c8903e46cf866fb666a58b3bb80f8d59712c1e69a + Geronimmo JavaMail Bundle. + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + geronimo-javamail_1.4_mail-1.8.4 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + javamail + + + Manifest + bundle-docurl + + http://geronimo.apache.org/maven/javamail/geronimo-javamail_1.4_mail/1.8.4/geronimo-javamail_1.4_mail + + + Manifest + bundle-symbolicname + org.apache.geronimo.javamail.geronimo-javamail_1.4_mail;singleton=true + + + Manifest + specification-vendor + Sun Microsystems, Inc. + + + pom + artifactid + geronimo-javamail_1.4_mail + + + pom + artifactid + geronimo-javamail_1.4_mail + + + pom + groupid + org.apache.geronimo.javamail + + + pom + name + Geronimo JavaMail 1.4 :: Mail + + + pom + parent-artifactid + geronimo-javamail_1.4 + + + file + name + geronimo-javamail_1.4_mail-1.8.4 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + javamail + + + Manifest + bundle-docurl + + http://geronimo.apache.org/maven/javamail/geronimo-javamail_1.4_mail/1.8.4/geronimo-javamail_1.4_mail + + + Manifest + Bundle-Name + Geronimo JavaMail 1.4 :: Mail + + + Manifest + bundle-symbolicname + org.apache.geronimo.javamail.geronimo-javamail_1.4_mail;singleton=true + + + Manifest + Implementation-Title + Geronimo JavaMail 1.4 :: Mail + + + Manifest + specification-title + JSR-919 Javamail API 1.4 merged bundle + + + pom + artifactid + geronimo-javamail_1.4_mail + + + pom + groupid + org.apache.geronimo.javamail + + + pom + name + Geronimo JavaMail 1.4 :: Mail + + + pom + parent-artifactid + geronimo-javamail_1.4 + + + Manifest + Bundle-Version + 1.8.4 + + + Manifest + Implementation-Version + 1.8.4 + + + pom + version + 1.8.4 + + + + + pkg:maven/org.apache.geronimo.javamail/geronimo-javamail_1.4_mail@1.8.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.javamail/geronimo-javamail_1.4_mail@1.8.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-jaxws_2.2_spec-1.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-jaxws_2.2_spec/1.2/geronimo-jaxws_2.2_spec-1.2.jar + 41c53e6e0a33ac903776e3d0a2a659fe + c5ece362fcac7f92b16120399d8b0911260b3271 + f82650e7c27e2763822cc9efc67c645f91a8328aaeb201e909c9747a985f16af + Java API for XML Web Services 2.2 + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + geronimo-jaxws_2.2_spec-1.2 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + ws + + + jar + package name + xml + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-jaxws_2.2_spec/1.2 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jaxws_2.2_spec;singleton=true + + + Manifest + specification-vendor + Sun Microsystems, Inc. + + + pom + artifactid + geronimo-jaxws_2.2_spec + + + pom + artifactid + geronimo-jaxws_2.2_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo JAX-WS Spec 2.2 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.2 + + + file + name + geronimo-jaxws_2.2_spec-1.2 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + http + + + jar + package name + ws + + + jar + package name + xml + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-jaxws_2.2_spec/1.2 + + + Manifest + Bundle-Name + Apache Geronimo JAX-WS Spec 2.2 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jaxws_2.2_spec;singleton=true + + + Manifest + Implementation-Title + Apache Geronimo JAX-WS Spec 2.2 + + + Manifest + specification-title + JSR-224 Java API for XML based Web Services 2.2 + + + pom + artifactid + geronimo-jaxws_2.2_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo JAX-WS Spec 2.2 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.2 + + + Manifest + Bundle-Version + 1.2 + + + Manifest + Implementation-Version + 1.2 + + + pom + parent-version + 1.2 + + + pom + version + 1.2 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-jaxws_2.2_spec@1.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-jaxws_2.2_spec@1.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-jms_1.1_spec-1.1.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-jms_1.1_spec/1.1.1/geronimo-jms_1.1_spec-1.1.1.jar + d80ce71285696d36c1add1989b94f084 + c872b46c601d8dc03633288b81269f9e42762cea + 18d9ff7b9066aa99cf89843f5055d2fe58b1abe4346ee9df0daf4ac18ca232d7 + Provides open-source implementations of Sun specifications. + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + geronimo-jms_1.1_spec-1.1.1 + + + jar + package name + jms + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jms_1.1_spec + + + pom + artifactid + geronimo-jms_1.1_spec + + + pom + artifactid + geronimo-jms_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JMS 1.1 + + + pom + parent-artifactid + specs + + + file + name + geronimo-jms_1.1_spec-1.1.1 + + + jar + package name + jms + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + Bundle-Name + geronimo-jms_1.1_spec + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jms_1.1_spec + + + Manifest + Implementation-Title + Apache Geronimo + + + pom + artifactid + geronimo-jms_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JMS 1.1 + + + pom + parent-artifactid + specs + + + Manifest + Bundle-Version + 1.1.1 + + + Manifest + Implementation-Version + 1.1.1 + + + pom + parent-version + 1.1.1 + + + pom + version + 1.1.1 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-jms_1.1_spec@1.1.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-jms_1.1_spec@1.1.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-json_1.1_spec-1.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-json_1.1_spec/1.5/geronimo-json_1.1_spec-1.5.jar + a289c903d88374da4b6ea4ae460e990d + 4e1944c446960787a90b8ee62baa3c67b666d5f8 + 8c0494ab337b467a95883efef7551c8ee6dbb55f38ddf9ecc5e7336610c93fc7 + Apache Geronimo implementation of the JSR-374 + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + geronimo-json_1.1_spec-1.5 + + + jar + package name + javax + + + jar + package name + json + + + Manifest + automatic-module-name + javax.json + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-json_1.1_spec/1.5 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-json_1.1_spec + + + Manifest + implementation-url + http://geronimo.apache.org/maven/specs/geronimo-json_1.1_spec/1.5 + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache.geronimo.specs + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSONP;uses:="javax.json,javax.json.stream,javax.json.spi";version:List="1.1,1.0" + + + Manifest + require-capability + + osgi.serviceloader;filter:="(osgi.serviceloader=javax.json.spi.JsonProvider)";cardinality:=multiple,osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + geronimo-json_1.1_spec + + + pom + artifactid + geronimo-json_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo JSON Spec 1.1 + + + pom + parent-artifactid + genesis-java8-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${project.version} + + + file + name + geronimo-json_1.1_spec-1.5 + + + jar + package name + javax + + + jar + package name + json + + + jar + package name + jsonprovider + + + jar + package name + spi + + + jar + package name + stream + + + Manifest + automatic-module-name + javax.json + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-json_1.1_spec/1.5 + + + Manifest + Bundle-Name + Apache Geronimo JSON Spec 1.1 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-json_1.1_spec + + + Manifest + Implementation-Title + Apache Geronimo JSON Spec 1.1 + + + Manifest + implementation-url + http://geronimo.apache.org/maven/specs/geronimo-json_1.1_spec/1.5 + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSONP;uses:="javax.json,javax.json.stream,javax.json.spi";version:List="1.1,1.0" + + + Manifest + require-capability + + osgi.serviceloader;filter:="(osgi.serviceloader=javax.json.spi.JsonProvider)";cardinality:=multiple,osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Geronimo JSON Spec 1.1 + + + pom + artifactid + geronimo-json_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo JSON Spec 1.1 + + + pom + parent-artifactid + genesis-java8-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${project.version} + + + Manifest + Implementation-Version + 1.5 + + + pom + parent-version + 1.5 + + + pom + version + 1.5 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-json_1.1_spec@1.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-json_1.1_spec@1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:list_site_pro:list_site_pro:1.5:*:*:*:*:*:*:* + + + + + geronimo-jta_1.1_spec-1.1.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-jta_1.1_spec/1.1.1/geronimo-jta_1.1_spec-1.1.1.jar + 4aa8d50456bcec0bf6f032ceb182ad64 + aabab3165b8ea936b9360abbf448459c0d04a5a4 + 3a0c3c1bbc2efe8383969574922791959670ef547d6c897496915617025c3023 + Provides open-source implementations of Sun specifications. + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + geronimo-jta_1.1_spec-1.1.1 + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jta_1.1_spec + + + pom + artifactid + geronimo-jta_1.1_spec + + + pom + artifactid + geronimo-jta_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JTA 1.1 + + + pom + parent-artifactid + specs + + + file + name + geronimo-jta_1.1_spec-1.1.1 + + + Manifest + bundle-docurl + http://www.apache.org + + + Manifest + Bundle-Name + geronimo-jta_1.1_spec + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-jta_1.1_spec + + + Manifest + Implementation-Title + Apache Geronimo + + + pom + artifactid + geronimo-jta_1.1_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + JTA 1.1 + + + pom + parent-artifactid + specs + + + Manifest + Bundle-Version + 1.1.1 + + + Manifest + Implementation-Version + 1.1.1 + + + pom + parent-version + 1.1.1 + + + pom + version + 1.1.1 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-jta_1.1_spec@1.1.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + geronimo-saaj_1.3_spec-1.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-saaj_1.3_spec/1.1/geronimo-saaj_1.3_spec-1.1.jar + 3ad94b4a728eadf47458ac4a9ae8fb23 + be6e6fc49ca84631f7c47a04d5438e193db54d7c + 6cc02675a2e9dc78f7ebb4e450a670619e0915c6246cbb5b93a5ee27b3345aa9 + SOAP AA for Java 1.3 + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + geronimo-saaj_1.3_spec-1.1 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + soap + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-saaj_1.3_spec/1.1 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-saaj_1.3_spec;singleton=true + + + Manifest + specification-vendor + Sun Microsystems, Inc. + + + pom + artifactid + geronimo-saaj_1.3_spec + + + pom + artifactid + geronimo-saaj_1.3_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + SAAJ 1.3 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.1 + + + file + name + geronimo-saaj_1.3_spec-1.1 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + soap + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-saaj_1.3_spec/1.1 + + + Manifest + Bundle-Name + SAAJ 1.3 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-saaj_1.3_spec;singleton=true + + + Manifest + Implementation-Title + SAAJ 1.3 + + + Manifest + specification-title + JSR-67 Soap with Attachments API for Java 1.3 + + + pom + artifactid + geronimo-saaj_1.3_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + SAAJ 1.3 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.1 + + + Manifest + Bundle-Version + 1.1 + + + Manifest + Implementation-Version + 1.1 + + + pom + parent-version + 1.1 + + + pom + version + 1.1 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-saaj_1.3_spec@1.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-saaj_1.3_spec@1.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:soap:1.1:*:*:*:*:*:*:* + + + + + CVE-2022-45378 + CRITICAL + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.1 + + + CWE-287 + + ** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, + an RPCRouterServlet is available without authentication. This gives an attacker the + possibility to invoke methods on the classpath that meet certain criteria. Depending on + what classes are available on the classpath this might even lead to arbitrary remote + code execution. NOTE: This vulnerability only affects products that are no longer + supported by the maintainer. + + + CONFIRM + https://lists.apache.org/thread/g4l64s283njhnph2otx7q4gs2j952d31 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/11/14/4 + [oss-security] 20221114 CVE-2022-45378: Apache SOAP allows unauthenticated users + to potentially invoke arbitrary code + + + + + cpe:2.3:a:apache:soap:*:*:*:*:*:*:*:* + + + + + + geronimo-stax-api_1.2_spec-1.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/geronimo/specs/geronimo-stax-api_1.2_spec/1.2/geronimo-stax-api_1.2_spec-1.2.jar + 7c33bab3af8433a5c2a2c9a05c1c0bff + e3f2cbc94d2fb7b0715049627e73d60029aff488 + 1a01074b2029d50b1ce78add4a1c023786011cd5f1c52602c2c9fd496675d215 + Java STAX Spec API 1.2 + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + geronimo-stax-api_1.2_spec-1.2 + + + jar + package name + apache + + + jar + package name + geronimo + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-stax-api_1.2_spec/1.2 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-stax-api_1.2_spec;singleton=true + + + Manifest + specification-vendor + Sun Microsystems, Inc. + + + pom + artifactid + geronimo-stax-api_1.2_spec + + + pom + artifactid + geronimo-stax-api_1.2_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo STAX Spec 1.2 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.2 + + + file + name + geronimo-stax-api_1.2_spec-1.2 + + + jar + package name + apache + + + jar + package name + geronimo + + + jar + package name + xml + + + Manifest + bundle-docurl + http://geronimo.apache.org/maven/specs/geronimo-stax-api_1.2_spec/1.2 + + + Manifest + Bundle-Name + Apache Geronimo STAX Spec 1.2 + + + Manifest + bundle-symbolicname + org.apache.geronimo.specs.geronimo-stax-api_1.2_spec;singleton=true + + + Manifest + Implementation-Title + Apache Geronimo STAX Spec 1.2 + + + Manifest + specification-title + JSR-137 Streaming API for XML 1.2 + + + pom + artifactid + geronimo-stax-api_1.2_spec + + + pom + groupid + org.apache.geronimo.specs + + + pom + name + Apache Geronimo STAX Spec 1.2 + + + pom + parent-artifactid + genesis-java5-flava + + + pom + parent-groupid + org.apache.geronimo.genesis + + + pom + url + http://geronimo.apache.org/maven/${siteId}/${version} + + + pom + url + http://geronimo.apache.org/maven/${siteId}/1.2 + + + Manifest + Bundle-Version + 1.2 + + + Manifest + Implementation-Version + 1.2 + + + pom + parent-version + 1.2 + + + pom + version + 1.2 + + + + + pkg:maven/org.apache.geronimo.specs/geronimo-stax-api_1.2_spec@1.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.geronimo.specs/geronimo-stax-api_1.2_spec@1.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + guava-30.1-jre.jar + /var/lib/jenkins/.m2/repository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar + 2f8966f27f06101a08083bfa9f9277e7 + 00d0c3ce2311c9e36e73228da25a6e99b2ab826f + e6dd072f9d3fe02a4600688380bd422bdac184caf6fe2418cfdd0934f09432aa + + Guava is a suite of core and expanded libraries that include + utility classes, Google's collections, I/O classes, and + much more. + + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + guava + + + jar + package name + common + + + jar + package name + google + + + Manifest + automatic-module-name + com.google.common + + + Manifest + bundle-docurl + https://github.com/google/guava/ + + + Manifest + bundle-symbolicname + com.google.guava + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + guava + + + pom + artifactid + guava + + + pom + groupid + com.google.guava + + + pom + name + Guava: Google Core Libraries for Java + + + pom + parent-artifactid + guava-parent + + + file + name + guava + + + jar + package name + common + + + jar + package name + google + + + Manifest + automatic-module-name + com.google.common + + + Manifest + bundle-docurl + https://github.com/google/guava/ + + + Manifest + Bundle-Name + Guava: Google Core Libraries for Java + + + Manifest + bundle-symbolicname + com.google.guava + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + guava + + + pom + groupid + com.google.guava + + + pom + name + Guava: Google Core Libraries for Java + + + pom + parent-artifactid + guava-parent + + + pom + version + 30.1-jre + + + + + pkg:maven/com.google.guava/guava@30.1-jre + + https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/guava@30.1-jre?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:google:guava:30.1:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agoogle&cpe_product=cpe%3A%2F%3Agoogle%3Aguava&cpe_version=cpe%3A%2F%3Agoogle%3Aguava%3A30.1 + + + + + hawtbuf-1.11.jar + /var/lib/jenkins/.m2/repository/org/fusesource/hawtbuf/hawtbuf/1.11/hawtbuf-1.11.jar + a80061bd945ca0f13072861777ff27b1 + 8f0e50ad8bea37b84b698ec40cce09e47714a63e + c6b45db967f3b2b3e28fd2f0724b1730a89d3f5aa9eef3664de29caba219593e + HawtBuf: a rich byte buffer library + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + hawtbuf + + + jar + package name + fusesource + + + jar + package name + hawtbuf + + + Manifest + bundle-docurl + http://fusesource.com/ + + + Manifest + bundle-symbolicname + org.fusesource.hawtbuf.hawtbuf + + + Manifest + Implementation-Vendor + FuseSource, Corp. + + + Manifest + Implementation-Vendor-Id + org.fusesource.hawtbuf + + + pom + artifactid + hawtbuf + + + pom + artifactid + hawtbuf + + + pom + groupid + org.fusesource.hawtbuf + + + pom + name + ${project.artifactId} + + + pom + parent-artifactid + hawtbuf-project + + + file + name + hawtbuf + + + jar + package name + buffer + + + jar + package name + fusesource + + + jar + package name + hawtbuf + + + Manifest + bundle-docurl + http://fusesource.com/ + + + Manifest + Bundle-Name + hawtbuf + + + Manifest + bundle-symbolicname + org.fusesource.hawtbuf.hawtbuf + + + Manifest + Implementation-Title + hawtbuf + + + Manifest + specification-title + hawtbuf + + + pom + artifactid + hawtbuf + + + pom + groupid + org.fusesource.hawtbuf + + + pom + name + ${project.artifactId} + + + pom + parent-artifactid + hawtbuf-project + + + file + version + 1.11 + + + Manifest + Implementation-Version + 1.11 + + + pom + version + 1.11 + + + + + pkg:maven/org.fusesource.hawtbuf/hawtbuf@1.11 + + https://ossindex.sonatype.org/component/pkg:maven/org.fusesource.hawtbuf/hawtbuf@1.11?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + hibernate-commons-annotations-5.1.2.Final.jar + + /var/lib/jenkins/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar + 2a2490b3eb8e7585a6a899d27d7ed43f + e59ffdbc6ad09eeb33507b39ffcf287679a498c8 + 1c7ce712b2679fea0a5441eb02a04144297125b768944819be0765befb996275 + Common reflection code used in support of annotation processing + GNU Library General Public License v2.1 or later: + http://www.opensource.org/licenses/LGPL-2.1 + + Business Process Center - Runtime Environment:runtime + + + + file + name + hibernate-commons-annotations + + + hint analyzer + vendor + redhat + + + jar + package name + annotations + + + jar + package name + common + + + jar + package name + hibernate + + + jar + package name + reflection + + + Manifest + automatic-module-name + org.hibernate.commons.annotations + + + Manifest + bundle-symbolicname + org.hibernate.common.hibernate-commons-annotations + + + Manifest + implementation-url + http://hibernate.org + + + Manifest + Implementation-Vendor + Hibernate.org + + + Manifest + Implementation-Vendor-Id + org.hibernate + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + hibernate-commons-annotations + + + pom + artifactid + hibernate-commons-annotations + + + pom + developer id + hibernate-team + + + pom + developer name + The Hibernate Development Team + + + pom + developer org + Hibernate.org + + + pom + developer org URL + http://hibernate.org + + + pom + groupid + org.hibernate.common + + + pom + name + Hibernate Commons Annotations + + + pom + organization name + Hibernate.org + + + pom + organization url + http://hibernate.org + + + pom + url + http://hibernate.org + + + file + name + hibernate-commons-annotations + + + jar + package name + annotations + + + jar + package name + common + + + jar + package name + hibernate + + + jar + package name + reflection + + + jar + package name + version + + + Manifest + automatic-module-name + org.hibernate.commons.annotations + + + Manifest + Bundle-Name + hibernate-commons-annotations + + + Manifest + bundle-symbolicname + org.hibernate.common.hibernate-commons-annotations + + + Manifest + implementation-url + http://hibernate.org + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + hibernate-commons-annotations + + + pom + developer id + hibernate-team + + + pom + developer name + The Hibernate Development Team + + + pom + developer org + Hibernate.org + + + pom + developer org URL + http://hibernate.org + + + pom + groupid + org.hibernate.common + + + pom + name + Hibernate Commons Annotations + + + pom + organization name + Hibernate.org + + + pom + organization url + http://hibernate.org + + + pom + url + http://hibernate.org + + + Manifest + Bundle-Version + 5.1.2.Final + + + Manifest + Implementation-Version + 5.1.2.Final + + + pom + version + 5.1.2.Final + + + + + pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.1.2.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.1.2.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + hibernate-core-5.6.7.Final.jar + + /var/lib/jenkins/.m2/repository/org/hibernate/hibernate-core/5.6.7.Final/hibernate-core-5.6.7.Final.jar + 97b999aa2d55111b24326cc03ac145e2 + c62626c463b75530acb4f2fb2ae3ca85d80cfa06 + 8b234921fbd4210a8b48da49041eefb09a12cc444ca4dd779beac464f4246586 + Hibernate's core ORM functionality + GNU Library General Public License v2.1 or later: + https://www.opensource.org/licenses/LGPL-2.1 + + Business Process Center - Runtime Environment:runtime + + + + hibernate-osgi-5.6.7.Final.jar + + /var/lib/jenkins/.m2/repository/org/hibernate/hibernate-osgi/5.6.7.Final/hibernate-osgi-5.6.7.Final.jar + e55a7b0982647c7c864ab8386719097c74794120da5a10302f0f762e2dd4445e + fc0488b2c4616923d02a68724b13dc3fc07be3b9 + 44d85b97c6201b30bab16f927c331ac1 + + + pkg:maven/org.hibernate/hibernate-osgi@5.6.7.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-osgi@5.6.7.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + hibernate-core + + + hint analyzer + vendor + redhat + + + jar + package name + hibernate + + + Manifest + automatic-module-name + org.hibernate.orm.core + + + Manifest + bundle-docurl + https://hibernate.org/orm/5.6 + + + Manifest + bundle-symbolicname + org.hibernate.orm.core + + + Manifest + implementation-url + https://hibernate.org/orm + + + Manifest + Implementation-Vendor + Hibernate.org + + + Manifest + Implementation-Vendor-Id + org.hibernate + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Hibernate.org + + + pom + artifactid + hibernate-core + + + pom + artifactid + hibernate-core + + + pom + developer id + hibernate-team + + + pom + developer name + The Hibernate Development Team + + + pom + developer org + Hibernate.org + + + pom + developer org URL + https://hibernate.org + + + pom + groupid + org.hibernate + + + pom + name + Hibernate ORM - hibernate-core + + + pom + organization name + Hibernate.org + + + pom + organization url + https://hibernate.org + + + pom + url + https://hibernate.org/orm + + + file + name + hibernate-core + + + hint analyzer + product + orm + + + jar + package name + filter + + + jar + package name + hibernate + + + jar + package name + version + + + Manifest + automatic-module-name + org.hibernate.orm.core + + + Manifest + bundle-docurl + https://hibernate.org/orm/5.6 + + + Manifest + Bundle-Name + hibernate-core + + + Manifest + bundle-symbolicname + org.hibernate.orm.core + + + Manifest + Implementation-Title + hibernate-core + + + Manifest + implementation-url + https://hibernate.org/orm + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + hibernate-core + + + pom + artifactid + hibernate-core + + + pom + developer id + hibernate-team + + + pom + developer name + The Hibernate Development Team + + + pom + developer org + Hibernate.org + + + pom + developer org URL + https://hibernate.org + + + pom + groupid + org.hibernate + + + pom + name + Hibernate ORM - hibernate-core + + + pom + organization name + Hibernate.org + + + pom + organization url + https://hibernate.org + + + pom + url + https://hibernate.org/orm + + + Manifest + Bundle-Version + 5.6.7.Final + + + Manifest + Implementation-Version + 5.6.7.Final + + + pom + version + 5.6.7.Final + + + + + pkg:maven/org.hibernate/hibernate-core@5.6.7.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.hibernate/hibernate-core@5.6.7.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:hibernate:hibernate_orm:5.6.7:*:*:*:*:*:*:* + + + + + istack-commons-runtime-3.0.10.jar + + /var/lib/jenkins/.m2/repository/com/sun/istack/istack-commons-runtime/3.0.10/istack-commons-runtime-3.0.10.jar + 05660669c45f5bb65cece45bf01d92bc + be8418d9a1c91d8569045e82e8ad73cadbaa1f0d + 85239e7fff2463b7d8a9c3962f78ee3e2c6db9455c724f29281e2c5f663e22be + istack common utility code + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: istack-commons-runtime-3.0.10.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/istack-commons-runtime-3.0.10.jar + 85239e7fff2463b7d8a9c3962f78ee3e2c6db9455c724f29281e2c5f663e22be + be8418d9a1c91d8569045e82e8ad73cadbaa1f0d + 05660669c45f5bb65cece45bf01d92bc + + + pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10 + + https://ossindex.sonatype.org/component/pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + istack-commons-runtime + + + jar + package name + com + + + jar + package name + istack + + + jar + package name + sun + + + jar (hint) + package name + oracle + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + com.sun.istack.commons-runtime + + + Manifest + implementation-build-id + 3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000 + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + com.sun.istack + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + istack-commons-runtime + + + pom + artifactid + istack-commons-runtime + + + pom + groupid + com.sun.istack + + + pom + name + istack common utility code runtime + + + pom + parent-artifactid + istack-commons + + + file + name + istack-commons-runtime + + + jar + package name + com + + + jar + package name + istack + + + jar + package name + sun + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + istack common utility code runtime + + + Manifest + bundle-symbolicname + com.sun.istack.commons-runtime + + + Manifest + implementation-build-id + 3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000 + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + istack-commons-runtime + + + pom + groupid + com.sun.istack + + + pom + name + istack common utility code runtime + + + pom + parent-artifactid + istack-commons + + + file + version + 3.0.10 + + + Manifest + Bundle-Version + 3.0.10 + + + Manifest + implementation-build-id + 3.0.10 + + + pom + version + 3.0.10 + + + + + pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10 + + https://ossindex.sonatype.org/component/pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:3.0.10:*:*:*:*:*:*:* + + + + + jackson-core-2.13.3.jar + + /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3.jar + 9a6679e6a2f7d601a9f212576fda550c + a27014716e4421684416e5fa83d896ddb87002da + ab119a8ea3cc69472ebc0e870b849bfbbe536ad57d613dc38453ccd592ca6a3d + Core Jackson processing abstractions (aka Streaming API), implementation for JSON + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + jackson-annotations-2.13.3.jar + + /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar + 5326a6fbcde7cf8817f36c254101cd45f6acea4258518cd3c80ee5b89f4e4b9b + 7198b3aac15285a49e218e08441c5f70af00fc51 + 3fb8ee542a62a113fa7474fe88bb97e8 + + + pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.3 + + https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.13.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + jackson-core + + + jar + package name + base + + + jar + package name + core + + + jar + package name + fasterxml + + + jar + package name + jackson + + + jar + package name + json + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://github.com/FasterXML/jackson-core + + + Manifest + bundle-symbolicname + com.fasterxml.jackson.core.jackson-core + + + Manifest + implementation-build-date + 2022-05-14 14:38:40+0000 + + + Manifest + Implementation-Vendor + FasterXML + + + Manifest + Implementation-Vendor-Id + com.fasterxml.jackson.core + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-vendor + FasterXML + + + pom + artifactid + jackson-core + + + pom + artifactid + jackson-core + + + pom + groupid + com.fasterxml.jackson.core + + + pom + name + Jackson-core + + + pom + parent-artifactid + jackson-base + + + pom + parent-groupid + com.fasterxml.jackson + + + pom + url + FasterXML/jackson-core + + + file + name + jackson-core + + + hint analyzer + product + java8 + + + hint analyzer + product + modules + + + jar + package name + base + + + jar + package name + core + + + jar + package name + fasterxml + + + jar + package name + filter + + + jar + package name + jackson + + + jar + package name + json + + + jar + package name + version + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://github.com/FasterXML/jackson-core + + + Manifest + Bundle-Name + Jackson-core + + + Manifest + bundle-symbolicname + com.fasterxml.jackson.core.jackson-core + + + Manifest + implementation-build-date + 2022-05-14 14:38:40+0000 + + + Manifest + Implementation-Title + Jackson-core + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-title + Jackson-core + + + pom + artifactid + jackson-core + + + pom + groupid + com.fasterxml.jackson.core + + + pom + name + Jackson-core + + + pom + parent-artifactid + jackson-base + + + pom + parent-groupid + com.fasterxml.jackson + + + pom + url + FasterXML/jackson-core + + + file + version + 2.13.3 + + + Manifest + Bundle-Version + 2.13.3 + + + Manifest + Implementation-Version + 2.13.3 + + + pom + version + 2.13.3 + + + + + pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.3 + + https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:* + + + + + jackson-databind-2.13.3.jar + + /var/lib/jenkins/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar + e35e2adf33b2eed8e9f538a911244175 + 56deb9ea2c93a7a556b3afbedd616d342963464e + 6444bf08d8cd4629740afc3db1276938f494728deb663ce585c4e91f6b45eb84 + General data-binding functionality for Jackson: works on core streaming API + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + jackson-databind + + + jar + package name + databind + + + jar + package name + fasterxml + + + jar + package name + jackson + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://github.com/FasterXML/jackson + + + Manifest + bundle-symbolicname + com.fasterxml.jackson.core.jackson-databind + + + Manifest + implementation-build-date + 2022-05-14 14:56:14+0000 + + + Manifest + Implementation-Vendor + FasterXML + + + Manifest + Implementation-Vendor-Id + com.fasterxml.jackson.core + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + FasterXML + + + pom + artifactid + jackson-databind + + + pom + artifactid + jackson-databind + + + pom + groupid + com.fasterxml.jackson.core + + + pom + name + jackson-databind + + + pom + parent-artifactid + jackson-base + + + pom + parent-groupid + com.fasterxml.jackson + + + pom + url + http://github.com/FasterXML/jackson + + + file + name + jackson-databind + + + hint analyzer + product + java8 + + + hint analyzer + product + modules + + + jar + package name + databind + + + jar + package name + fasterxml + + + jar + package name + jackson + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://github.com/FasterXML/jackson + + + Manifest + Bundle-Name + jackson-databind + + + Manifest + bundle-symbolicname + com.fasterxml.jackson.core.jackson-databind + + + Manifest + implementation-build-date + 2022-05-14 14:56:14+0000 + + + Manifest + Implementation-Title + jackson-databind + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + jackson-databind + + + pom + artifactid + jackson-databind + + + pom + groupid + com.fasterxml.jackson.core + + + pom + name + jackson-databind + + + pom + parent-artifactid + jackson-base + + + pom + parent-groupid + com.fasterxml.jackson + + + pom + url + http://github.com/FasterXML/jackson + + + file + version + 2.13.3 + + + Manifest + Bundle-Version + 2.13.3 + + + Manifest + Implementation-Version + 2.13.3 + + + pom + version + 2.13.3 + + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3 + + https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:fasterxml:jackson-databind:2.13.3:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.13.3 + + + cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:* + + + + + CVE-2022-42003 + HIGH + + 7.5 + NETWORK + LOW + NONE + NONE + UNCHANGED + NONE + NONE + HIGH + HIGH + 3.9 + 3.6 + 3.1 + + + CWE-502 + + In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can + occur because of a lack of a check in primitive value deserializers to avoid deep + wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. + Additional fix version in 2.13.4.1 and 2.12.17.1 + + + DEBIAN + https://www.debian.org/security/2022/dsa-5283 + DSA-5283 + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42003 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42003 + + + OSSIndex + https://github.com/FasterXML/jackson-databind/issues/3590 + https://github.com/FasterXML/jackson-databind/issues/3590 + + + MISC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 + + + MLIST + https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html + [debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security + update + + + GENTOO + https://security.gentoo.org/glsa/202210-21 + GLSA-202210-21 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2022-42003?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2022-42003] CWE-502: Deserialization of Untrusted Data + + + MISC + https://github.com/FasterXML/jackson-databind/issues/3590 + https://github.com/FasterXML/jackson-databind/issues/3590 + + + MISC + + https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 + + https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 + + + OSSIndex + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20221124-0004/ + https://security.netapp.com/advisory/ntap-20221124-0004/ + + + + + cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* + cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* + cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* + + + + CVE-2022-42004 + HIGH + + 7.5 + NETWORK + LOW + NONE + NONE + UNCHANGED + NONE + NONE + HIGH + HIGH + 3.9 + 3.6 + 3.1 + + + CWE-502 + + In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur + because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of + deeply nested arrays. An application is vulnerable only with certain customized choices + for deserialization. + + + DEBIAN + https://www.debian.org/security/2022/dsa-5283 + DSA-5283 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2022-42004?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2022-42004] CWE-502: Deserialization of Untrusted Data + + + MLIST + https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html + [debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security + update + + + OSSIndex + https://github.com/FasterXML/jackson-databind/issues/3582 + https://github.com/FasterXML/jackson-databind/issues/3582 + + + MISC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 + + + GENTOO + https://security.gentoo.org/glsa/202210-21 + GLSA-202210-21 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20221118-0008/ + https://security.netapp.com/advisory/ntap-20221118-0008/ + + + MISC + + https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 + + https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004 + + + OSSIndex + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 + + + MISC + https://github.com/FasterXML/jackson-databind/issues/3582 + https://github.com/FasterXML/jackson-databind/issues/3582 + + + + + cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* + cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* + cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* + + + + + + jakarta.activation-1.2.2.jar + + /var/lib/jenkins/.m2/repository/com/sun/activation/jakarta.activation/1.2.2/jakarta.activation-1.2.2.jar + 0b8bee3bf29b9a015f8b992035581a7c + 74548703f9851017ce2f556066659438019e7eb5 + 02156773e4ae9d048d14a56ad35d644bee9f1052a791d072df3ded3c656e6e1a + Jakarta Activation + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.activation + + + jar + package name + activation + + + jar + package name + sun + + + jar (hint) + package name + oracle + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + com.sun.activation.jakarta.activation + + + Manifest + extension-name + jakarta.activation + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + com.sun + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.activation + + + pom + artifactid + jakarta.activation + + + pom + groupid + com.sun.activation + + + pom + name + Jakarta Activation + + + pom + parent-artifactid + all + + + file + name + jakarta.activation + + + jar + package name + activation + + + jar + package name + javax + + + jar + package name + sun + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Activation + + + Manifest + bundle-symbolicname + com.sun.activation.jakarta.activation + + + Manifest + extension-name + jakarta.activation + + + Manifest + Implementation-Title + javax.activation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" + + + Manifest + specification-title + Jakarta Activation Specification + + + pom + artifactid + jakarta.activation + + + pom + groupid + com.sun.activation + + + pom + name + Jakarta Activation + + + pom + parent-artifactid + all + + + file + version + 1.2.2 + + + Manifest + Bundle-Version + 1.2.2 + + + Manifest + Implementation-Version + 1.2.2 + + + pom + version + 1.2.2 + + + + + pkg:maven/com.sun.activation/jakarta.activation@1.2.2 + + https://ossindex.sonatype.org/component/pkg:maven/com.sun.activation/jakarta.activation@1.2.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:1.2.2:*:*:*:*:*:*:* + + + + + jakarta.activation-api-1.2.2.jar + + /var/lib/jenkins/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar + 1cbb480310fa1987f9db7a3ed7118af7 + 99f53adba383cb1bf7c3862844488574b559621f + a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d + Jakarta Activation API jar + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.activation-api + + + jar + package name + activation + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.activation-api + + + Manifest + extension-name + jakarta.activation + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + com.sun + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.activation-api + + + pom + artifactid + jakarta.activation-api + + + pom + groupid + jakarta.activation + + + pom + name + Jakarta Activation API jar + + + pom + parent-artifactid + all + + + pom + parent-groupid + com.sun.activation + + + file + name + jakarta.activation-api + + + jar + package name + activation + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Activation API jar + + + Manifest + bundle-symbolicname + jakarta.activation-api + + + Manifest + extension-name + jakarta.activation + + + Manifest + Implementation-Title + jakarta.activation.jakarta.activation-api + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))" + + + Manifest + specification-title + jakarta.activation.jakarta.activation-api + + + pom + artifactid + jakarta.activation-api + + + pom + groupid + jakarta.activation + + + pom + name + Jakarta Activation API jar + + + pom + parent-artifactid + all + + + pom + parent-groupid + com.sun.activation + + + file + version + 1.2.2 + + + Manifest + Bundle-Version + 1.2.2 + + + Manifest + Implementation-Version + 1.2.2 + + + pom + version + 1.2.2 + + + + + pkg:maven/jakarta.activation/jakarta.activation-api@1.2.2 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.activation/jakarta.activation-api@1.2.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.2 + + + + + jakarta.annotation-api-1.3.5.jar + + /var/lib/jenkins/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar + 8b165cf58df5f8c2a222f637c0a07c97 + 59eb84ee0d616332ff44aba065f3888cf002cd2d + 85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a + Jakarta Annotations API + EPL 2.0: http://www.eclipse.org/legal/epl-2.0 + GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.annotation-api + + + jar + package name + annotation + + + Manifest + automatic-module-name + java.annotation + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.annotation-api + + + Manifest + extension-name + jakarta.annotation + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + org.glassfish + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.annotation-api + + + pom + artifactid + jakarta.annotation-api + + + pom + developer name + Linda De Michiel + + + pom + developer org + Oracle Corp. + + + pom + groupid + jakarta.annotation + + + pom + name + Jakarta Annotations API + + + pom + parent-artifactid + ca-parent + + + pom + url + https://projects.eclipse.org/projects/ee4j.ca + + + file + name + jakarta.annotation-api + + + jar + package name + annotation + + + Manifest + automatic-module-name + java.annotation + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Annotations API + + + Manifest + bundle-symbolicname + jakarta.annotation-api + + + Manifest + extension-name + jakarta.annotation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.annotation-api + + + pom + developer name + Linda De Michiel + + + pom + developer org + Oracle Corp. + + + pom + groupid + jakarta.annotation + + + pom + name + Jakarta Annotations API + + + pom + parent-artifactid + ca-parent + + + pom + url + https://projects.eclipse.org/projects/ee4j.ca + + + file + version + 1.3.5 + + + Manifest + Bundle-Version + 1.3.5 + + + Manifest + Implementation-Version + 1.3.5 + + + pom + version + 1.3.5 + + + + + pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.0.4 + + + cpe:2.3:a:oracle:java_se:1.3.5:*:*:*:*:*:*:* + + + cpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:* + + + + + jakarta.el-api-3.0.3.jar + + /var/lib/jenkins/.m2/repository/jakarta/el/jakarta.el-api/3.0.3/jakarta.el-api-3.0.3.jar + 528ed6138395d22fb54912b2b889e88e + f311ab94bb1d4380690a53d737226a6b879dd4f1 + 47ae0a91fb6dd32fdaa5d9bda63df043ac8148e00c297ccce8ab9c56b95cf261 + + Jakarta Expression Language defines an expression language for Java applications + + EPL 2.0: http://www.eclipse.org/legal/epl-2.0 + GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.el-api + + + jar + package name + el + + + jar + package name + expression + + + jar + package name + javax + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + javax.el-api + + + Manifest + extension-name + javax.el + + + Manifest + Implementation-Vendor + Oracle Corporation + + + Manifest + specification-vendor + Oracle Corporation + + + pom + artifactid + jakarta.el-api + + + pom + artifactid + jakarta.el-api + + + pom + developer id + yaminikb + + + pom + developer name + Yamini K B + + + pom + developer org + Oracle Corporation + + + pom + developer org URL + http://www.oracle.com/ + + + pom + groupid + jakarta.el + + + pom + name + Jakarta Expression Language 3.0 API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + https://projects.eclipse.org/projects/ee4j.el + + + file + name + jakarta.el-api + + + jar + package name + el + + + jar + package name + expression + + + jar + package name + javax + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Expression Language 3.0 API + + + Manifest + bundle-symbolicname + javax.el-api + + + Manifest + extension-name + javax.el + + + pom + artifactid + jakarta.el-api + + + pom + developer id + yaminikb + + + pom + developer name + Yamini K B + + + pom + developer org + Oracle Corporation + + + pom + developer org URL + http://www.oracle.com/ + + + pom + groupid + jakarta.el + + + pom + name + Jakarta Expression Language 3.0 API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + https://projects.eclipse.org/projects/ee4j.el + + + file + version + 3.0.3 + + + Manifest + Bundle-Version + 3.0.3 + + + Manifest + Implementation-Version + 3.0.3 + + + pom + parent-version + 3.0.3 + + + pom + version + 3.0.3 + + + + + pkg:maven/jakarta.el/jakarta.el-api@3.0.3 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.el/jakarta.el-api@3.0.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:eclipse:jakarta_expression_language:3.0.3:*:*:*:*:*:*:* + + + + + jakarta.jws-api-2.1.0.jar + + /var/lib/jenkins/.m2/repository/jakarta/jws/jakarta.jws-api/2.1.0/jakarta.jws-api-2.1.0.jar + 9e3bc505722b1e84535d7edb3d582ca1 + 7d283ef13e49c1422701e30639371edca788c609 + d4c321f47a72001977fa11d2df408db23bf5f46e954aeb2c6f1ecda4dfef8fd8 + Jakarta Web Services Metadata API + Eclipse Distribution License - v 1.0: + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.jws-api + + + jar + package name + jws + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.jws-api + + + Manifest + extension-name + jakarta.jws + + + Manifest + implementation-build-id + 2.1.0-RELEASE-2072849 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.jws-api + + + pom + artifactid + jakarta.jws-api + + + pom + developer id + lukasj + + + pom + developer name + Lukas Jungmann + + + pom + developer org + Oracle + + + pom + groupid + jakarta.jws + + + pom + name + Jakarta Web Services Metadata API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/jws-api + + + pom (hint) + developer org + sun + + + file + name + jakarta.jws-api + + + jar + package name + jws + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Web Services Metadata API + + + Manifest + bundle-symbolicname + jakarta.jws-api + + + Manifest + extension-name + jakarta.jws + + + Manifest + implementation-build-id + 2.1.0-RELEASE-2072849 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.jws-api + + + pom + developer id + lukasj + + + pom + developer name + Lukas Jungmann + + + pom + developer org + Oracle + + + pom + groupid + jakarta.jws + + + pom + name + Jakarta Web Services Metadata API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/jws-api + + + file + version + 2.1.0 + + + Manifest + Bundle-Version + 2.1.0 + + + Manifest + Implementation-Version + 2.1.0 + + + pom + parent-version + 2.1.0 + + + pom + version + 2.1.0 + + + + + pkg:maven/jakarta.jws/jakarta.jws-api@2.1.0 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.jws/jakarta.jws-api@2.1.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:web_services:2.1.0:*:*:*:*:*:*:* + + + + + jakarta.servlet-api-4.0.4.jar + + /var/lib/jenkins/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar + f5d1d7a29978e4ae0be5a456ee1c65c3 + b8a1142e04838fe54194049c6e7a18dae8f9b960 + 586e27706c21258f5882f43be06904f49b02db9ac54e345d393fe4a32494d127 + Jakarta Servlet 4.0 + EPL 2.0: http://www.eclipse.org/legal/epl-2.0 + GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.servlet-api + + + jar + package name + javax + + + jar + package name + servlet + + + Manifest + automatic-module-name + java.servlet + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.servlet-api + + + Manifest + extension-name + javax.servlet + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + org.eclipse + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.servlet-api + + + pom + artifactid + jakarta.servlet-api + + + pom + developer id + yaminikb + + + pom + developer name + Yamini K B + + + pom + developer org + Oracle Corporation + + + pom + developer org URL + http://www.oracle.com/ + + + pom + groupid + jakarta.servlet + + + pom + name + Jakarta Servlet + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + https://projects.eclipse.org/projects/ee4j.servlet + + + file + name + jakarta.servlet-api + + + jar + package name + filter + + + jar + package name + javax + + + jar + package name + servlet + + + Manifest + automatic-module-name + java.servlet + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta Servlet + + + Manifest + bundle-symbolicname + jakarta.servlet-api + + + Manifest + extension-name + javax.servlet + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.servlet-api + + + pom + developer id + yaminikb + + + pom + developer name + Yamini K B + + + pom + developer org + Oracle Corporation + + + pom + developer org URL + http://www.oracle.com/ + + + pom + groupid + jakarta.servlet + + + pom + name + Jakarta Servlet + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + https://projects.eclipse.org/projects/ee4j.servlet + + + file + version + 4.0.4 + + + Manifest + Implementation-Version + 4.0.4 + + + pom + parent-version + 4.0.4 + + + pom + version + 4.0.4 + + + + + pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.servlet/jakarta.servlet-api@4.0.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:4.0.4:*:*:*:*:*:*:* + + + cpe:2.3:a:oracle:projects:4.0.4:*:*:*:*:*:*:* + + + + + jakarta.xml.bind-api-2.3.3.jar + + /var/lib/jenkins/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar + 61286918ca0192e9f87d1358aef718dd + 48e3b9cfc10752fba3521d6511f4165bea951801 + c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5 + Jakarta XML Binding API 2.3 Design Specification + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: jakarta.xml.bind-api-2.3.3.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/jakarta.xml.bind-api-2.3.3.jar + c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5 + 48e3b9cfc10752fba3521d6511f4165bea951801 + 61286918ca0192e9f87d1358aef718dd + + + pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + jakarta.xml.bind-api + + + jar + package name + bind + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.xml.bind-api + + + Manifest + extension-name + jakarta.xml.bind + + + Manifest + implementation-build-id + 2.3.3-RELEASE-fd06b2b + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.xml.bind-api + + + pom + artifactid + jakarta.xml.bind-api + + + pom + groupid + jakarta.xml.bind + + + pom + name + Jakarta XML Binding API + + + pom + parent-artifactid + jakarta.xml.bind-api-parent + + + file + name + jakarta.xml.bind-api + + + jar + package name + bind + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta XML Binding API + + + Manifest + bundle-symbolicname + jakarta.xml.bind-api + + + Manifest + extension-name + jakarta.xml.bind + + + Manifest + implementation-build-id + 2.3.3-RELEASE-fd06b2b + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.xml.bind-api + + + pom + groupid + jakarta.xml.bind + + + pom + name + Jakarta XML Binding API + + + pom + parent-artifactid + jakarta.xml.bind-api-parent + + + file + version + 2.3.3 + + + Manifest + Bundle-Version + 2.3.3 + + + Manifest + Implementation-Version + 2.3.3 + + + pom + version + 2.3.3 + + + + + pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jakarta.xml.soap-api-1.4.2.jar + + /var/lib/jenkins/.m2/repository/jakarta/xml/soap/jakarta.xml.soap-api/1.4.2/jakarta.xml.soap-api-1.4.2.jar + d19eb8a4a5401296985db733868425e0 + 4f71fa8ca30be4d04ba658339df3c927fa21209a + 0b2e9db574869c09b18e7fe87482be2e4e14b3f3cc8207646595806eede77706 + Provides the API for creating and building SOAP messages. + Eclipse Distribution License - v 1.0: + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.xml.soap-api + + + jar + package name + soap + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.xml.soap-api + + + Manifest + extension-name + jakarta.xml.soap + + + Manifest + implementation-build-id + 1.4.2-RELEASE-27e9ccd + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.xml.soap-api + + + pom + artifactid + jakarta.xml.soap-api + + + pom + developer id + lukasj + + + pom + developer name + Lukas Jungmann + + + pom + developer org + Oracle, Inc. + + + pom + groupid + jakarta.xml.soap + + + pom + name + Jakarta SOAP with Attachments API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/saaj-api + + + file + name + jakarta.xml.soap-api + + + jar + package name + soap + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta SOAP with Attachments API + + + Manifest + bundle-symbolicname + jakarta.xml.soap-api + + + Manifest + extension-name + jakarta.xml.soap + + + Manifest + implementation-build-id + 1.4.2-RELEASE-27e9ccd + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.xml.soap-api + + + pom + developer id + lukasj + + + pom + developer name + Lukas Jungmann + + + pom + developer org + Oracle, Inc. + + + pom + groupid + jakarta.xml.soap + + + pom + name + Jakarta SOAP with Attachments API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/saaj-api + + + file + version + 1.4.2 + + + Manifest + Bundle-Version + 1.4.2 + + + Manifest + Implementation-Version + 1.4.2 + + + pom + parent-version + 1.4.2 + + + pom + version + 1.4.2 + + + + + pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@1.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.xml.soap/jakarta.xml.soap-api@1.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:1.4.2:*:*:*:*:*:*:* + + + + + jakarta.xml.ws-api-2.3.3.jar + + /var/lib/jenkins/.m2/repository/jakarta/xml/ws/jakarta.xml.ws-api/2.3.3/jakarta.xml.ws-api-2.3.3.jar + ce470c38b9dbdcb8e505d41d767be748 + 529fe0136be92861e5a255fbc99146f1943c4332 + c8e0ba03c47cd5e996fd5d83540caaeab69cd8d531f128318d88e15467d112c1 + Jakarta XML Web Services API + Eclipse Distribution License - v 1.0: + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jakarta.xml.ws-api + + + hint analyzer + vendor + web services + + + jar + package name + ws + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + jakarta.xml.ws-api + + + Manifest + extension-name + jakarta.xml.ws + + + Manifest + implementation-build-id + 2.3.3-RELEASE-126af43 + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Eclipse Foundation + + + pom + artifactid + jakarta.xml.ws-api + + + pom + artifactid + jakarta.xml.ws-api + + + pom + developer email + lukas.jungmann@oracle.com + + + pom + developer email + Roman.Grigoriadi@oracle.com + + + pom + developer email + zheng.jun.li@oracle.com + + + pom + developer id + bravehorsie + + + pom + developer id + zhengjl + + + pom + developer name + Lukas Jungmann + + + pom + developer name + Roman Grigoriadi + + + pom + developer name + Zheng Jun Li + + + pom + developer org + Oracle Corporation + + + pom + groupid + jakarta.xml.ws + + + pom + name + Jakarta XML Web Services API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/jax-ws-api + + + file + name + jakarta.xml.ws-api + + + hint analyzer + product + web services + + + jar + package name + ws + + + jar + package name + xml + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Jakarta XML Web Services API + + + Manifest + bundle-symbolicname + jakarta.xml.ws-api + + + Manifest + extension-name + jakarta.xml.ws + + + Manifest + implementation-build-id + 2.3.3-RELEASE-126af43 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jakarta.xml.ws-api + + + pom + developer email + lukas.jungmann@oracle.com + + + pom + developer email + Roman.Grigoriadi@oracle.com + + + pom + developer email + zheng.jun.li@oracle.com + + + pom + developer id + bravehorsie + + + pom + developer id + zhengjl + + + pom + developer name + Lukas Jungmann + + + pom + developer name + Roman Grigoriadi + + + pom + developer name + Zheng Jun Li + + + pom + developer org + Oracle Corporation + + + pom + groupid + jakarta.xml.ws + + + pom + name + Jakarta XML Web Services API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + pom + url + eclipse-ee4j/jax-ws-api + + + file + version + 2.3.3 + + + Manifest + Bundle-Version + 2.3.3 + + + Manifest + Implementation-Version + 2.3.3 + + + pom + parent-version + 2.3.3 + + + pom + version + 2.3.3 + + + + + pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.xml.ws/jakarta.xml.ws-api@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:web_services:2.3.3:*:*:*:*:*:*:* + + + + + jandex-2.4.2.Final.jar + /var/lib/jenkins/.m2/repository/org/jboss/jandex/2.4.2.Final/jandex-2.4.2.Final.jar + 489f7a97d2ed7ae34ea56d01b3566d57 + 1e1c385990b258ff1a24c801e84aebbacf70eb39 + 3f2ce55c7d71e744581488dc5105806aa8084c08e6e916a019bab8f8698994f0 + Parent POM for JBoss projects. Provides default project build configuration. + Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + jandex + + + hint analyzer + vendor + redhat + + + jar + package name + indexer + + + jar + package name + jandex + + + jar + package name + jboss + + + Manifest + automatic-module-name + org.jboss.jandex + + + Manifest + build-timestamp + Čt, 6 Led 2022 17:31:47 +0100 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + org.jboss.jandex + + + Manifest + implementation-url + http://www.jboss.org/jandex + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.jboss + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + jandex + + + pom + artifactid + jandex + + + pom + groupid + org.jboss + + + pom + name + Java Annotation Indexer + + + pom + parent-artifactid + jboss-parent + + + file + name + jandex + + + jar + package name + indexer + + + jar + package name + jandex + + + jar + package name + jboss + + + Manifest + automatic-module-name + org.jboss.jandex + + + Manifest + build-timestamp + Čt, 6 Led 2022 17:31:47 +0100 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + Java Annotation Indexer + + + Manifest + bundle-symbolicname + org.jboss.jandex + + + Manifest + Implementation-Title + Java Annotation Indexer + + + Manifest + implementation-url + http://www.jboss.org/jandex + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + specification-title + Java Annotation Indexer + + + pom + artifactid + jandex + + + pom + groupid + org.jboss + + + pom + name + Java Annotation Indexer + + + pom + parent-artifactid + jboss-parent + + + Manifest + Bundle-Version + 2.4.2.Final + + + Manifest + Implementation-Version + 2.4.2.Final + + + pom + parent-version + 2.4.2.Final + + + pom + version + 2.4.2.Final + + + + + pkg:maven/org.jboss/jandex@2.4.2.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss/jandex@2.4.2.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jasypt-1.9.3.jar + /var/lib/jenkins/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.3.jar + 39327c7e38782102ecdb3c9dc4e8dcd3 + 0d99ef9540f51c617f2a293b460f025d2ee563dd + f481fbb8dd8ce754bfde7552af4fcbe8c5e303d53663bb3d8ce9d4338e0e55aa + Java library which enables encryption in java apps with minimum effort. + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + jasypt + + + jar + package name + encryption + + + jar + package name + jasypt + + + jar + package name + jasypt + + + jar + package name + org + + + pom + artifactid + jasypt + + + pom + artifactid + jasypt + + + pom + developer email + dfernandez AT users.sourceforge.net + + + pom + developer id + dfernandez + + + pom + developer name + Daniel Fernandez + + + pom + groupid + org.jasypt + + + pom + name + JASYPT: Java Simplified Encryption + + + pom + organization name + The JASYPT team + + + pom + organization url + http://www.jasypt.org + + + pom + url + http://www.jasypt.org + + + file + name + jasypt + + + jar + package name + encryption + + + jar + package name + jasypt + + + jar + package name + org + + + pom + artifactid + jasypt + + + pom + developer email + dfernandez AT users.sourceforge.net + + + pom + developer id + dfernandez + + + pom + developer name + Daniel Fernandez + + + pom + groupid + org.jasypt + + + pom + name + JASYPT: Java Simplified Encryption + + + pom + organization name + The JASYPT team + + + pom + organization url + http://www.jasypt.org + + + pom + url + http://www.jasypt.org + + + file + version + 1.9.3 + + + pom + version + 1.9.3 + + + + + pkg:maven/org.jasypt/jasypt@1.9.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.jasypt/jasypt@1.9.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:jasypt_project:jasypt:1.9.3:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajasypt_project&cpe_product=cpe%3A%2F%3Ajasypt_project%3Ajasypt&cpe_version=cpe%3A%2F%3Ajasypt_project%3Ajasypt%3A1.9.3 + + + + + java-support-7.5.2.jar + + /var/lib/jenkins/.m2/repository/net/shibboleth/utilities/java-support/7.5.2/java-support-7.5.2.jar + 8841e4abf4e88a32737d0f2870f2f4af + 1b0a80b8c0713e3d6233c643c7421ece305b544f + bc6a861d2447d3a67c81fdf61f0595d38c94ebbe4364bec6d59cb1b87cb2e8b2 + + Business Process Center - Runtime Environment:compile + + + + file + name + java-support + + + jar + package name + java + + + jar + package name + net + + + jar + package name + shibboleth + + + jar + package name + utilities + + + Manifest + automatic-module-name + net.shibboleth.utilities.java.support + + + pom + artifactid + java-support + + + pom + artifactid + java-support + + + pom + groupid + net.shibboleth.utilities + + + pom + name + java-support + + + pom + parent-artifactid + parent + + + pom + parent-groupid + net.shibboleth + + + file + name + java-support + + + jar + package name + java + + + jar + package name + net + + + jar + package name + shibboleth + + + jar + package name + utilities + + + Manifest + automatic-module-name + net.shibboleth.utilities.java.support + + + pom + artifactid + java-support + + + pom + groupid + net.shibboleth.utilities + + + pom + name + java-support + + + pom + parent-artifactid + parent + + + pom + parent-groupid + net.shibboleth + + + file + version + 7.5.2 + + + pom + parent-version + 7.5.2 + + + pom + version + 7.5.2 + + + + + pkg:maven/net.shibboleth.utilities/java-support@7.5.2 + + https://ossindex.sonatype.org/component/pkg:maven/net.shibboleth.utilities/java-support@7.5.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + javax.annotation-api-1.3.2.jar + + /var/lib/jenkins/.m2/repository/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar + 2ab1973eefffaa2aeec47d50b9e40b9d + 934c04d3cfef185a8008e7bf34331b79730a9d43 + e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b + Common Annotations for the JavaTM Platform API + CDDL + GPLv2 with classpath exception: + https://github.com/javaee/javax.annotation/blob/master/LICENSE + + Business Process Center - Runtime Environment:runtime + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: javax.annotation-api-1.3.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/javax.annotation-api-1.3.2.jar + e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b + 934c04d3cfef185a8008e7bf34331b79730a9d43 + 2ab1973eefffaa2aeec47d50b9e40b9d + + + pkg:maven/javax.annotation/javax.annotation-api@1.3.2 + + https://ossindex.sonatype.org/component/pkg:maven/javax.annotation/javax.annotation-api@1.3.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.2 + + + + + + + file + name + javax.annotation-api + + + jar + package name + annotation + + + jar + package name + javax + + + Manifest + automatic-module-name + java.annotation + + + Manifest + bundle-docurl + https://javaee.github.io/glassfish + + + Manifest + bundle-symbolicname + javax.annotation-api + + + Manifest + extension-name + javax.annotation + + + Manifest + Implementation-Vendor + GlassFish Community + + + Manifest + Implementation-Vendor-Id + org.glassfish + + + Manifest + specification-vendor + Oracle Corporation + + + pom + artifactid + javax.annotation-api + + + pom + artifactid + javax.annotation-api + + + pom + developer id + ldemichiel + + + pom + developer name + Linda De Michiel + + + pom + developer org + Oracle Corp. + + + pom + groupid + javax.annotation + + + pom + name + ${extension.name} API + + + pom + organization name + GlassFish Community + + + pom + organization url + https://javaee.github.io/glassfish + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + http://jcp.org/en/jsr/detail?id=250 + + + file + name + javax.annotation-api + + + jar + package name + annotation + + + jar + package name + javax + + + Manifest + automatic-module-name + java.annotation + + + Manifest + bundle-docurl + https://javaee.github.io/glassfish + + + Manifest + Bundle-Name + javax.annotation API + + + Manifest + bundle-symbolicname + javax.annotation-api + + + Manifest + extension-name + javax.annotation + + + pom + artifactid + javax.annotation-api + + + pom + developer id + ldemichiel + + + pom + developer name + Linda De Michiel + + + pom + developer org + Oracle Corp. + + + pom + groupid + javax.annotation + + + pom + name + ${extension.name} API + + + pom + organization name + GlassFish Community + + + pom + organization url + https://javaee.github.io/glassfish + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + http://jcp.org/en/jsr/detail?id=250 + + + file + version + 1.3.2 + + + Manifest + Bundle-Version + 1.3.2 + + + Manifest + Implementation-Version + 1.3.2 + + + pom + parent-version + 1.3.2 + + + pom + version + 1.3.2 + + + + + pkg:maven/javax.annotation/javax.annotation-api@1.3.2 + + https://ossindex.sonatype.org/component/pkg:maven/javax.annotation/javax.annotation-api@1.3.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.2 + + + + + javax.interceptor-api-1.2.jar + + /var/lib/jenkins/.m2/repository/javax/interceptor/javax.interceptor-api/1.2/javax.interceptor-api-1.2.jar + 001934e19937dc127ff1d4d60cd8fc5d + a5c058610aebacc1eb89c89e8fde2a978090e374 + 62acf2da0e19e813e0f5aa5de09108368b12e40b4a2f47c66a88f984f4f5143b + Project GlassFish Interceptor API + CDDL + GPLv2 with classpath exception: + https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html + + Business Process Center - Runtime Environment:runtime + + + + file + name + javax.interceptor-api + + + jar + package name + interceptor + + + jar + package name + javax + + + Manifest + bundle-docurl + https://glassfish.java.net + + + Manifest + bundle-symbolicname + javax.interceptor-api + + + Manifest + extension-name + javax.interceptor + + + Manifest + Implementation-Vendor + GlassFish Community + + + Manifest + Implementation-Vendor-Id + org.glassfish} + + + Manifest + specification-vendor + Oracle Corporation + + + pom + artifactid + javax.interceptor-api + + + pom + artifactid + javax.interceptor-api + + + pom + developer id + mvatkina + + + pom + developer name + Marina Vatkina + + + pom + developer org + Oracle, Inc. + + + pom + groupid + javax.interceptor + + + pom + name + ${extension.name} API + + + pom + organization name + GlassFish Community + + + pom + organization url + https://glassfish.java.net + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + http://interceptors-spec.java.net + + + file + name + javax.interceptor-api + + + jar + package name + interceptor + + + jar + package name + javax + + + Manifest + bundle-docurl + https://glassfish.java.net + + + Manifest + Bundle-Name + javax.interceptor API + + + Manifest + bundle-symbolicname + javax.interceptor-api + + + Manifest + extension-name + javax.interceptor + + + pom + artifactid + javax.interceptor-api + + + pom + developer id + mvatkina + + + pom + developer name + Marina Vatkina + + + pom + developer org + Oracle, Inc. + + + pom + groupid + javax.interceptor + + + pom + name + ${extension.name} API + + + pom + organization name + GlassFish Community + + + pom + organization url + https://glassfish.java.net + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + http://interceptors-spec.java.net + + + file + version + 1.2 + + + Manifest + Bundle-Version + 1.2 + + + Manifest + Implementation-Version + 1.2 + + + pom + parent-version + 1.2 + + + pom + version + 1.2 + + + + + pkg:maven/javax.interceptor/javax.interceptor-api@1.2 + + https://ossindex.sonatype.org/component/pkg:maven/javax.interceptor/javax.interceptor-api@1.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + javax.persistence-api-2.2.jar + + /var/lib/jenkins/.m2/repository/javax/persistence/javax.persistence-api/2.2/javax.persistence-api-2.2.jar + e6520b3435f5b6d58eee415b5542abf8 + 25665ac8c0b62f50e6488173233239120fc52c96 + 5578b71b37999a5eaed3fea0d14aa61c60c6ec6328256f2b63472f336318baf4 + Java(TM) Persistence API + Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html + Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + + + + file + name + javax.persistence-api + + + jar + package name + javax + + + jar + package name + persistence + + + Manifest + automatic-module-name + java.persistence + + + Manifest + bundle-symbolicname + javax.persistence-api + + + Manifest + extension-name + javax.persistence + + + Manifest + Implementation-Vendor-Id + com.oracle + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + Oracle Corporation + + + pom + artifactid + javax.persistence-api + + + pom + artifactid + javax.persistence-api + + + pom + groupid + javax.persistence + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + javaee/jpa-spec + + + file + name + javax.persistence-api + + + jar + package name + javax + + + jar + package name + persistence + + + jar + package name + version + + + Manifest + automatic-module-name + java.persistence + + + Manifest + Bundle-Name + Java(TM) Persistence API jar + + + Manifest + bundle-symbolicname + javax.persistence-api + + + Manifest + extension-name + javax.persistence + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + javax.persistence-api + + + pom + groupid + javax.persistence + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + url + javaee/jpa-spec + + + file + version + 2.2 + + + Manifest + Bundle-Version + 2.2 + + + Manifest + Implementation-Version + 2.2 + + + pom + parent-version + 2.2 + + + pom + version + 2.2 + + + + + pkg:maven/javax.persistence/javax.persistence-api@2.2 + + https://ossindex.sonatype.org/component/pkg:maven/javax.persistence/javax.persistence-api@2.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:2.2:*:*:*:*:*:*:* + + + + + jaxb-runtime-2.3.3.jar + + /var/lib/jenkins/.m2/repository/org/glassfish/jaxb/jaxb-runtime/2.3.3/jaxb-runtime-2.3.3.jar + d7090494db8bd70f17f0b4a2fb9b666c + c46b68a6e3a2d84ba4eb14c6a8a1a9a7be4048bc + 3fcbf9247b08303ecaef2b8b91b47e220b6eced843e02837a5379d011c2c623d + JAXB (JSR 222) Reference Implementation + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: jaxb-runtime-2.3.3.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/jaxb-runtime-2.3.3.jar + 3fcbf9247b08303ecaef2b8b91b47e220b6eced843e02837a5379d011c2c623d + c46b68a6e3a2d84ba4eb14c6a8a1a9a7be4048bc + d7090494db8bd70f17f0b4a2fb9b666c + + + pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + jaxb-runtime + + + jar + package name + bind + + + jar + package name + com + + + jar + package name + sun + + + jar + package name + xml + + + jar (hint) + package name + oracle + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + org.glassfish.jaxb.runtime + + + Manifest + git-revision + 60e0433 + + + Manifest + implementation-build-id + 2.3.3 - 60e0433 + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + org.glassfish.jaxb + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jaxb-runtime + + + pom + artifactid + jaxb-runtime + + + pom + groupid + org.glassfish.jaxb + + + pom + name + JAXB Runtime + + + pom + parent-artifactid + jaxb-runtime-parent + + + pom + parent-groupid + com.sun.xml.bind.mvn + + + file + name + jaxb-runtime + + + jar + package name + bind + + + jar + package name + com + + + jar + package name + sun + + + jar + package name + xml + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + JAXB Runtime + + + Manifest + bundle-symbolicname + org.glassfish.jaxb.runtime + + + Manifest + git-revision + 60e0433 + + + Manifest + implementation-build-id + 2.3.3 - 60e0433 + + + Manifest + Implementation-Title + Jakarta XML Binding Implementation + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Jakarta XML Binding + + + pom + artifactid + jaxb-runtime + + + pom + groupid + org.glassfish.jaxb + + + pom + name + JAXB Runtime + + + pom + parent-artifactid + jaxb-runtime-parent + + + pom + parent-groupid + com.sun.xml.bind.mvn + + + file + version + 2.3.3 + + + Manifest + build-id + 2.3.3 + + + Manifest + Bundle-Version + 2.3.3 + + + Manifest + implementation-build-id + 2.3.3 + + + Manifest + Implementation-Version + 2.3.3 + + + Manifest + major-version + 2.3.3 + + + pom + version + 2.3.3 + + + + + pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:2.3.3:*:*:*:*:*:*:* + + + + + jboss-logging-3.4.3.Final.jar + + /var/lib/jenkins/.m2/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final.jar + b298d4b79e591843c1eb1458ea79f070 + c4bd7e12a745c0e7f6cf98c45cdcdf482fd827ea + 0b324cca4d550060e51e70cc0045a6cce62f264278ec1f5082aafeb670fcac49 + The JBoss Logging Framework + Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + jboss-logging + + + hint analyzer + vendor + redhat + + + jar + package name + jboss + + + jar + package name + logging + + + Manifest + automatic-module-name + org.jboss.logging + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + org.jboss.logging.jboss-logging + + + Manifest + implementation-url + http://www.jboss.org + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + jboss-logging + + + pom + artifactid + jboss-logging + + + pom + groupid + org.jboss.logging + + + pom + name + JBoss Logging 3 + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + pom + url + http://www.jboss.org + + + file + name + jboss-logging + + + jar + package name + jboss + + + jar + package name + logging + + + Manifest + automatic-module-name + org.jboss.logging + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + JBoss Logging 3 + + + Manifest + bundle-symbolicname + org.jboss.logging.jboss-logging + + + Manifest + Implementation-Title + JBoss Logging 3 + + + Manifest + implementation-url + http://www.jboss.org + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + JBoss Logging 3 + + + pom + artifactid + jboss-logging + + + pom + groupid + org.jboss.logging + + + pom + name + JBoss Logging 3 + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + pom + url + http://www.jboss.org + + + Manifest + Bundle-Version + 3.4.3.Final + + + Manifest + Implementation-Version + 3.4.3.Final + + + pom + parent-version + 3.4.3.Final + + + pom + version + 3.4.3.Final + + + + + pkg:maven/org.jboss.logging/jboss-logging@3.4.3.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss.logging/jboss-logging@3.4.3.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jboss-threads-3.4.2.Final.jar + + /var/lib/jenkins/.m2/repository/org/jboss/threads/jboss-threads/3.4.2.Final/jboss-threads-3.4.2.Final.jar + f8ffb44da68bbe64783943c0a06f65f4 + 496b9194df9f632884ea1144201776be348669e6 + a743d6b1020cb58d0a9ffe7ede32ef134734d2315d29b2a0a0c2ce3363fca6e7 + Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + jboss-threads + + + hint analyzer + vendor + redhat + + + jar + package name + jboss + + + jar + package name + org + + + jar + package name + threads + + + Manifest + implementation-url + http://www.jboss.org/jboss-threads + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.jboss.threads + + + Manifest + multi-release + true + + + Manifest + os-arch + x86_64 + + + Manifest + os-name + Mac OS X + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + jboss-threads + + + pom + artifactid + jboss-threads + + + pom + groupid + org.jboss.threads + + + pom + name + JBoss Threads + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + file + name + jboss-threads + + + jar + package name + jboss + + + jar + package name + org + + + jar + package name + threads + + + Manifest + Implementation-Title + JBoss Threads + + + Manifest + implementation-url + http://www.jboss.org/jboss-threads + + + Manifest + multi-release + true + + + Manifest + os-arch + x86_64 + + + Manifest + os-name + Mac OS X + + + Manifest + specification-title + JBoss Threads + + + pom + artifactid + jboss-threads + + + pom + groupid + org.jboss.threads + + + pom + name + JBoss Threads + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + Manifest + Implementation-Version + 3.4.2.Final + + + pom + parent-version + 3.4.2.Final + + + pom + version + 3.4.2.Final + + + + + pkg:maven/org.jboss.threads/jboss-threads@3.4.2.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss.threads/jboss-threads@3.4.2.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jboss-transaction-api_1.2_spec-1.1.1.Final.jar + + /var/lib/jenkins/.m2/repository/org/jboss/spec/javax/transaction/jboss-transaction-api_1.2_spec/1.1.1.Final/jboss-transaction-api_1.2_spec-1.1.1.Final.jar + 1e633c47138aba999d39692a31a1a124 + a8485cab9484dda36e9a8c319e76b5cc18797b58 + a310a50b9bdc44aaf36362dc9bb212235a147ffa8ef72dc9544a39c329eabbc3 + The Java Transaction 1.2 API classes + Common Development and Distribution License: + http://repository.jboss.org/licenses/cddl.txt + GNU General Public License, Version 2 with the Classpath Exception: + http://repository.jboss.org/licenses/gpl-2.0-ce.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + jboss-transaction-api_1.2_spec-1.1.1.Final + + + hint analyzer + vendor + redhat + + + jar + package name + javax + + + jar + package name + transaction + + + Manifest + automatic-module-name + java.transaction + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec + + + Manifest + implementation-url + http://www.jboss.org/jboss-transaction-api_1.2_spec + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.jboss.spec.javax.transaction + + + Manifest + os-arch + x86 + + + Manifest + os-name + Windows 10 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + jboss-transaction-api_1.2_spec + + + pom + artifactid + jboss-transaction-api_1.2_spec + + + pom + groupid + org.jboss.spec.javax.transaction + + + pom + name + Java Transaction API + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + file + name + jboss-transaction-api_1.2_spec-1.1.1.Final + + + jar + package name + javax + + + jar + package name + transaction + + + Manifest + automatic-module-name + java.transaction + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + Java Transaction API + + + Manifest + bundle-symbolicname + org.jboss.spec.javax.transaction.jboss-transaction-api_1.2_spec + + + Manifest + Implementation-Title + Java Transaction API + + + Manifest + implementation-url + http://www.jboss.org/jboss-transaction-api_1.2_spec + + + Manifest + os-arch + x86 + + + Manifest + os-name + Windows 10 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + Manifest + specification-title + JSR 907: Java Transaction API (JTA) + + + pom + artifactid + jboss-transaction-api_1.2_spec + + + pom + groupid + org.jboss.spec.javax.transaction + + + pom + name + Java Transaction API + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + Manifest + Bundle-Version + 1.1.1.Final + + + Manifest + Implementation-Version + 1.1.1.Final + + + pom + parent-version + 1.1.1.Final + + + pom + version + 1.1.1.Final + + + + + pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.1.1.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.1.1.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jcl-over-slf4j-1.7.32.jar + + /var/lib/jenkins/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.32/jcl-over-slf4j-1.7.32.jar + 8788169f5d5be6550efc75d3bfffc82c + 32c060250bcc5282cdbc1fd7008c12eb4ebad00e + 60f3bda5922e3912889cca1311d1b227753610bf60cb4e5e914e8b2eaa0326b4 + JCL 1.2 implemented over SLF4J + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + jcl-over-slf4j + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + logging + + + Manifest + automatic-module-name + org.apache.commons.logging + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + jcl.over.slf4j + + + pom + artifactid + jcl-over-slf4j + + + pom + artifactid + jcl-over-slf4j + + + pom + groupid + org.slf4j + + + pom + name + JCL 1.2 implemented over SLF4J + + + pom + parent-artifactid + slf4j-parent + + + pom + url + http://www.slf4j.org + + + file + name + jcl-over-slf4j + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + logging + + + Manifest + automatic-module-name + org.apache.commons.logging + + + Manifest + Bundle-Name + jcl-over-slf4j + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + jcl.over.slf4j + + + Manifest + Implementation-Title + jcl-over-slf4j + + + pom + artifactid + jcl-over-slf4j + + + pom + groupid + org.slf4j + + + pom + name + JCL 1.2 implemented over SLF4J + + + pom + parent-artifactid + slf4j-parent + + + pom + url + http://www.slf4j.org + + + file + version + 1.7.32 + + + Manifest + Bundle-Version + 1.7.32 + + + Manifest + Implementation-Version + 1.7.32 + + + pom + version + 1.7.32 + + + + + pkg:maven/org.slf4j/jcl-over-slf4j@1.7.32 + + https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/jcl-over-slf4j@1.7.32?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:1.7.32:*:*:*:*:*:*:* + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + jetty-io-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-io/9.4.49.v20220914/jetty-io-9.4.49.v20220914.jar + de743b404e22bcb7d1048febe14c1c85 + cb33d9a3bdb6e2173b9b9cfc94c0b45f9a21a1af + 9ee7fcec407cb4b16b252596d9b9a23b4ee9cd4cf65921ae95872684af083bb3 + Jetty module for Jetty :: IO Utility + http://www.apache.org/licenses/LICENSE-2.0, + https://www.eclipse.org/org/documents/epl-v10.php + + Business Process Center - Runtime Environment:compile + + + + jetty-http-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-http/9.4.49.v20220914/jetty-http-9.4.49.v20220914.jar + c39bfec2941a45396bd67da1aea53ea587c97ca31fdcee0d8ea4351b9f043704 + ef1e3bde212115eb4bb0740aaf79029b624d4e30 + 2b04329b9eedcec0ec9484ea7c797545 + + + pkg:maven/org.eclipse.jetty/jetty-http@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-http@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-jaas-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-jaas/9.4.49.v20220914/jetty-jaas-9.4.49.v20220914.jar + 2e6cdf614c763df69ae99d9f8d7c98508b51abc38c7ea3f02032dbac772e044e + a10cb9b914b6e0d29cfd9fc2752294877c1bf631 + 82e6396a69773cf4f466cad41bde0d24 + + + pkg:maven/org.eclipse.jetty/jetty-jaas@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-jaas@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-security-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-security/9.4.49.v20220914/jetty-security-9.4.49.v20220914.jar + 5dd804fc4cf166b8106b06cb427b649f99cf36a48dbb0b19a88d76a9fb5c4e06 + 057a67eeb12078b620131664b3b7a37ea4c5aefe + 90ac74048766749cdc81cc86eef85b71 + + + pkg:maven/org.eclipse.jetty/jetty-security@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-security@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-servlet-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-servlet/9.4.49.v20220914/jetty-servlet-9.4.49.v20220914.jar + 8bf6a78836715859789e9183f779ece85f769206c75e606c09cb1f03f0623334 + 53ca0898f02e72b6830551031ee0062430134a05 + 33ffd378efa54dab102807331870423a + + + pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-util-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-util/9.4.49.v20220914/jetty-util-9.4.49.v20220914.jar + 679313e158f334135e0e80ac200fd6dea605cde73fd7bf255aaaf47773d2f801 + 29008dbc6dfac553d209f54193b505d73c253a41 + 312173fff994adf15a3f2c4e72115746 + + + pkg:maven/org.eclipse.jetty/jetty-util@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-util@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-util-ajax-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-util-ajax/9.4.49.v20220914/jetty-util-ajax-9.4.49.v20220914.jar + 9a61fd75a52936aa6c6737e411ca81ada5203cd3d1371f3815644614b5ce7247 + 3b267b5ae59b7b826d5b579f2ee8b8914b286547 + 0a732c157104fdbc438b2d33dd2af182 + + + pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-util-ajax@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jetty-xml-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-xml/9.4.49.v20220914/jetty-xml-9.4.49.v20220914.jar + 0047f7b8569bff65523c3023d1ac2e483faccb003dcf9e307763bc2d21aef85b + 34e602eae6dd2fe54a00ec77fc98c5e77737906b + 1aa15ef4f0f1365b21ad561102d7734c + + + pkg:maven/org.eclipse.jetty/jetty-xml@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-xml@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + jetty-io + + + jar + package name + eclipse + + + jar + package name + io + + + jar + package name + jetty + + + Manifest + automatic-module-name + org.eclipse.jetty.io + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. + + + Manifest + bundle-docurl + https://eclipse.org/jetty + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.8 + + + Manifest + bundle-symbolicname + org.eclipse.jetty.io + + + Manifest + Implementation-Vendor + Eclipse Jetty Project + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + url + https://eclipse.org/jetty + + + pom + artifactid + jetty-io + + + pom + artifactid + jetty-io + + + pom + groupid + org.eclipse.jetty + + + pom + name + Jetty :: IO Utility + + + pom + parent-artifactid + jetty-project + + + file + name + jetty-io + + + jar + package name + eclipse + + + jar + package name + io + + + jar + package name + jetty + + + Manifest + automatic-module-name + org.eclipse.jetty.io + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. + + + Manifest + bundle-docurl + https://eclipse.org/jetty + + + Manifest + Bundle-Name + Jetty :: IO Utility + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.8 + + + Manifest + bundle-symbolicname + org.eclipse.jetty.io + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + url + https://eclipse.org/jetty + + + pom + artifactid + jetty-io + + + pom + groupid + org.eclipse.jetty + + + pom + name + Jetty :: IO Utility + + + pom + parent-artifactid + jetty-project + + + file + version + 9.4.49.v20220914 + + + Manifest + Bundle-Version + 9.4.49.v20220914 + + + Manifest + Implementation-Version + 9.4.49.v20220914 + + + pom + version + 9.4.49.v20220914 + + + + + pkg:maven/org.eclipse.jetty/jetty-io@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-io@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:eclipse:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aeclipse&cpe_product=cpe%3A%2F%3Aeclipse%3Ajetty&cpe_version=cpe%3A%2F%3Aeclipse%3Ajetty%3A9.4.49 + + + cpe:2.3:a:jetty:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajetty&cpe_product=cpe%3A%2F%3Ajetty%3Ajetty&cpe_version=cpe%3A%2F%3Ajetty%3Ajetty%3A9.4.49 + + + cpe:2.3:a:mortbay_jetty:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Amortbay_jetty&cpe_product=cpe%3A%2F%3Amortbay_jetty%3Ajetty&cpe_version=cpe%3A%2F%3Amortbay_jetty%3Ajetty%3A9.4.49 + + + + + jetty-server-9.4.49.v20220914.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/jetty/jetty-server/9.4.49.v20220914/jetty-server-9.4.49.v20220914.jar + abe0a1deccaf25f99dfa60c854336483 + 502f99eed028139e71a4afebefa291ace12b9c1c + 06ae86baded124f81935a0701ed6af7b9e7ce33ee8ef58a87b779bb0a6b23dc4 + The core jetty server artifact. + http://www.apache.org/licenses/LICENSE-2.0, + https://www.eclipse.org/org/documents/epl-v10.php + + Business Process Center - Runtime Environment:compile + + + + file + name + jetty-server + + + jar + package name + eclipse + + + jar + package name + jetty + + + jar + package name + server + + + Manifest + automatic-module-name + org.eclipse.jetty.server + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. + + + Manifest + bundle-docurl + https://eclipse.org/jetty + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.8 + + + Manifest + bundle-symbolicname + org.eclipse.jetty.server + + + Manifest + Implementation-Vendor + Eclipse Jetty Project + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + url + https://eclipse.org/jetty + + + pom + artifactid + jetty-server + + + pom + artifactid + jetty-server + + + pom + groupid + org.eclipse.jetty + + + pom + name + Jetty :: Server Core + + + pom + parent-artifactid + jetty-project + + + file + name + jetty-server + + + jar + package name + eclipse + + + jar + package name + jetty + + + jar + package name + server + + + Manifest + automatic-module-name + org.eclipse.jetty.server + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + Copyright (c) 2008-2022 Mort Bay Consulting Pty Ltd and others. + + + Manifest + bundle-docurl + https://eclipse.org/jetty + + + Manifest + Bundle-Name + Jetty :: Server Core + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.8 + + + Manifest + bundle-symbolicname + org.eclipse.jetty.server + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + url + https://eclipse.org/jetty + + + pom + artifactid + jetty-server + + + pom + groupid + org.eclipse.jetty + + + pom + name + Jetty :: Server Core + + + pom + parent-artifactid + jetty-project + + + file + version + 9.4.49.v20220914 + + + Manifest + Bundle-Version + 9.4.49.v20220914 + + + Manifest + Implementation-Version + 9.4.49.v20220914 + + + pom + version + 9.4.49.v20220914 + + + + + pkg:maven/org.eclipse.jetty/jetty-server@9.4.49.v20220914 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.49.v20220914?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:eclipse:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aeclipse&cpe_product=cpe%3A%2F%3Aeclipse%3Ajetty&cpe_version=cpe%3A%2F%3Aeclipse%3Ajetty%3A9.4.49 + + + cpe:2.3:a:jetty:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajetty&cpe_product=cpe%3A%2F%3Ajetty%3Ajetty&cpe_version=cpe%3A%2F%3Ajetty%3Ajetty%3A9.4.49 + + + cpe:2.3:a:jetty:jetty_http_server:9.4.49:20220914:*:*:*:*:*:* + + + cpe:2.3:a:mortbay_jetty:jetty:9.4.49:20220914:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Amortbay_jetty&cpe_product=cpe%3A%2F%3Amortbay_jetty%3Ajetty&cpe_version=cpe%3A%2F%3Amortbay_jetty%3Ajetty%3A9.4.49 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-builtins:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-builtins/pom.xml + a521b7cd959beb16301d0eb42427818d + 6d4c3583aadb4472296ed1c1e7005f3e7f041672 + f66bd0f30ad6a73e39e95355c74bd667661a2bc1c155eb9c8b906326523bc77f + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-builtins + + + pom + groupid + org.jline + + + pom + name + JLine Builtins + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-builtins + + + pom + groupid + org.jline + + + pom + name + JLine Builtins + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-builtins@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-builtins@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-reader:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-reader/pom.xml + 4953892c87289161c13188b9b74cc42d + 7ea62b448b3416cd71a8aa87b4666b2453b9687b + 636d42ee067f6a6a4ed6bd4059ec2ee94d4ef9a027f647214d49dc9c4e3df5a0 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-reader + + + pom + groupid + org.jline + + + pom + name + JLine Reader + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-reader + + + pom + groupid + org.jline + + + pom + name + JLine Reader + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-reader@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-reader@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-remote-ssh:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-remote-ssh/pom.xml + 7aaa64c727eec0ddcf05307dbd12b13d + bfd255425f16fc3dc65baf032fd5d00bcce65ef4 + 659d9e41a3e48a3aab3381d3173176488736259a1028a08fcff71c861e6de0f8 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-remote-ssh + + + pom + groupid + org.jline + + + pom + name + JLine Remote SSH + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-remote-ssh + + + pom + groupid + org.jline + + + pom + name + JLine Remote SSH + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-remote-ssh@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-remote-ssh@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-remote-telnet:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-remote-telnet/pom.xml + f245343d43838fb9544e4cb6c23a406f + e6ac3796302460aabcd5bd9c67ef05b275bbd142 + 8327df9c89f8fc5e71cbbdcf972ef74982f202eb252be2bc59c3b4673c06f2fc + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-remote-telnet + + + pom + groupid + org.jline + + + pom + name + JLine Remote Telnet + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-remote-telnet + + + pom + groupid + org.jline + + + pom + name + JLine Remote Telnet + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-remote-telnet@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-remote-telnet@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-style:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-style/pom.xml + 4dacba1496f684d18cea594a331965c4 + 0ce05ccc234b415ae4620e2b5d39e8707307f46e + 67ea7f0858cd86437657e2ce2ad6ffc00124445827e8761aa40e0a5f2b696b18 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-style + + + pom + groupid + org.jline + + + pom + name + JLine Style + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-style + + + pom + groupid + org.jline + + + pom + name + JLine Style + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-style@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-style@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-terminal-jansi:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-terminal-jansi/pom.xml + b7a11de4ca7413f4cfce23d51ebbce9e + 53990108c8efce2a0679fbadc053800fef24c2b9 + 5d0535a04332452b3505f9be82d1dfd4824e2b33a2379f9e9c055ce0ec202b3d + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-terminal-jansi + + + pom + groupid + org.jline + + + pom + name + JLine JANSI Terminal + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-terminal-jansi + + + pom + groupid + org.jline + + + pom + name + JLine JANSI Terminal + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-terminal-jansi@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-terminal-jansi@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-terminal-jna:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-terminal-jna/pom.xml + 9ea71e9a165cc5a45157c4a8577996c0 + b6e0d12ad0c52d335817d367e35477042c5ea7fe + e2562b3e081eb9d29631b8827f04a8d9591c22d8227255b82c5c986288907b7b + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-terminal-jna + + + pom + groupid + org.jline + + + pom + name + JLine JNA Terminal + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-terminal-jna + + + pom + groupid + org.jline + + + pom + name + JLine JNA Terminal + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-terminal-jna@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-terminal-jna@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar (shaded: org.jline:jline-terminal:3.21.0) + + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar/META-INF/maven/org.jline/jline-terminal/pom.xml + 0fd07da36b31c25f71bce6473d1803d2 + bc610e6da74e2da2c8a3a8f3e35f078db9ab35ff + ccce20dce04dba30f5835ddecc8c3191d542e1b8da9fe0a7e3a764ac203b8aa4 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + jline-terminal + + + pom + groupid + org.jline + + + pom + name + JLine Terminal + + + pom + parent-artifactid + jline-parent + + + pom + artifactid + jline-terminal + + + pom + groupid + org.jline + + + pom + name + JLine Terminal + + + pom + parent-artifactid + jline-parent + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline-terminal@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline-terminal@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jline-3.21.0.jar + /var/lib/jenkins/.m2/repository/org/jline/jline/3.21.0/jline-3.21.0.jar + 859778f9cdd3bd42bbaaf0f6f7fe5e6a + 2bf6f2311356f309fda0412e9389d2499346b5a1 + 1e7d63a2bd1c26354ca1987e55469ea4327c4a3845c10d7a7790ca9729c49c02 + JLine + https://opensource.org/licenses/BSD-3-Clause + + Business Process Center - Runtime Environment:compile + + + + file + name + jline + + + jar + package name + jline + + + Manifest + automatic-module-name + org.jline + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-symbolicname + org.jline + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jline + + + pom + artifactid + jline + + + pom + groupid + org.jline + + + pom + name + JLine Bundle + + + pom + parent-artifactid + jline-parent + + + file + name + jline + + + jar + package name + jline + + + Manifest + automatic-module-name + org.jline + + + Manifest + build-jdk-spec + 11 + + + Manifest + Bundle-Name + JLine Bundle + + + Manifest + bundle-symbolicname + org.jline + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + jline + + + pom + groupid + org.jline + + + pom + name + JLine Bundle + + + pom + parent-artifactid + jline-parent + + + file + version + 3.21.0 + + + Manifest + Bundle-Version + 3.21.0 + + + pom + version + 3.21.0 + + + + + pkg:maven/org.jline/jline@3.21.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.jline/jline@3.21.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + jna-5.12.1.jar + /var/lib/jenkins/.m2/repository/net/java/dev/jna/jna/5.12.1/jna-5.12.1.jar + 3bab13d7f5ca715013fcac64ceb4108d + b1e93a735caea94f503e95e6fe79bf9cdc1e985d + 91a814ac4f40d60dee91d842e1a8ad874c62197984403d0e3c30d39e55cf53b3 + Java Native Access + LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1 + Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + jna + + + jar + package name + jna + + + jar + package name + native + + + jar + package name + sun + + + jar (hint) + package name + oracle + + + Manifest + automatic-module-name + com.sun.jna + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-category + jni + + + Manifest + bundle-nativecode + com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, + com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, + com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, + com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, + com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, + com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, + com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, + com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, + com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, + com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, + com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, + com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, + com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, + com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, + com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, + com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, + com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, + com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, + com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, + com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, + com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, + com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, + com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, + com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, + com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, + com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, + com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, + com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, + com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, + com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, + com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, + com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, + com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, + com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, + com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.6 + + + Manifest + bundle-symbolicname + com.sun.jna + + + Manifest + Implementation-Vendor + JNA Development Team + + + Manifest + specification-vendor + JNA Development Team + + + pom + artifactid + jna + + + pom + artifactid + jna + + + pom + developer email + mblaesing@doppel-helix.eu + + + pom + developer id + twall + + + pom + developer name + Matthias Bläsing + + + pom + developer name + Timothy Wall + + + pom + groupid + net.java.dev.jna + + + pom + name + Java Native Access + + + pom + url + java-native-access/jna + + + file + name + jna + + + jar + package name + jna + + + jar + package name + library + + + jar + package name + native + + + jar + package name + sun + + + jar + package name + win32 + + + Manifest + automatic-module-name + com.sun.jna + + + Manifest + bundle-activationpolicy + lazy + + + Manifest + bundle-category + jni + + + Manifest + Bundle-Name + jna + + + Manifest + bundle-nativecode + com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, + com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, + com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, + com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, + com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, + com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, + com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, + com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, + com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, + com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, + com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, + com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, + com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, + com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, + com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, + com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, + com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, + com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, + com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, + com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, + com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, + com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, + com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, + com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, + com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, + com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, + com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, + com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, + com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, + com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, + com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, + com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, + com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, + com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, + com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.6 + + + Manifest + bundle-symbolicname + com.sun.jna + + + Manifest + Implementation-Title + com.sun.jna + + + Manifest + specification-title + Java Native Access (JNA) + + + pom + artifactid + jna + + + pom + developer email + mblaesing@doppel-helix.eu + + + pom + developer id + twall + + + pom + developer name + Matthias Bläsing + + + pom + developer name + Timothy Wall + + + pom + groupid + net.java.dev.jna + + + pom + name + Java Native Access + + + pom + url + java-native-access/jna + + + file + version + 5.12.1 + + + Manifest + Bundle-Version + 5.12.1 + + + pom + version + 5.12.1 + + + + + pkg:maven/net.java.dev.jna/jna@5.12.1 + + https://ossindex.sonatype.org/component/pkg:maven/net.java.dev.jna/jna@5.12.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:5.12.1:*:*:*:*:*:*:* + + + + + jna-5.12.1.jar: jnidispatch.dll + + /var/lib/jenkins/.m2/repository/net/java/dev/jna/jna/5.12.1/jna-5.12.1.jar/com/sun/jna/win32-aarch64/jnidispatch.dll + 6246d1cb026e3b8dea164588071c4b6d + e373e6db56eee6c2433527639a89ee57a1cbe052 + 00ee77c40ac6a939ec963fdc682c41535ad4c7178beba40b7a640875dd00dae8 + + Business Process Center - Runtime Environment:runtime + + + + file + name + jnidispatch + + + file + name + jnidispatch + + + + + jna-5.12.1.jar: jnidispatch.dll + + /var/lib/jenkins/.m2/repository/net/java/dev/jna/jna/5.12.1/jna-5.12.1.jar/com/sun/jna/win32-x86-64/jnidispatch.dll + cfebe457d00a97c2c5f8930bdbaae1f0 + 526e95d2afde5ef07dd0aca671261dfbc7fcfa17 + cf8e552ee05cb0e872797ecffe0f9d3dc67e513748f3cd957f79e0f2f3d66ac2 + + Business Process Center - Runtime Environment:runtime + + + + file + name + jnidispatch + + + file + name + jnidispatch + + + + + jna-5.12.1.jar: jnidispatch.dll + + /var/lib/jenkins/.m2/repository/net/java/dev/jna/jna/5.12.1/jna-5.12.1.jar/com/sun/jna/win32-x86/jnidispatch.dll + 44cee45ec3a7aecada1e95c902133989 + abe2802abe3d8e7b03bf73e39b4d66cdf3809f0c + 775a81faf08e0e7870692ed268f8616e770f6364141ffa8cedbdf8e8c7cfbe7a + + Business Process Center - Runtime Environment:runtime + + + + file + name + jnidispatch + + + file + name + jnidispatch + + + + + jna-platform-5.12.1.jar + + /var/lib/jenkins/.m2/repository/net/java/dev/jna/jna-platform/5.12.1/jna-platform-5.12.1.jar + 061ec627ed090f59104e33cea38c97cd + 097406a297c852f4a41e688a176ec675f72e8329 + 8ce969116cac95bd61b07a8d5e07174b352e63301473caac72c395e3c08488d2 + Java Native Access Platform + LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1 + Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + file + name + jna-platform + + + jar + package name + jna + + + jar + package name + platform + + + jar + package name + sun + + + jar (hint) + package name + oracle + + + Manifest + automatic-module-name + com.sun.jna.platform + + + Manifest + bundle-category + jni + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.4 + + + Manifest + bundle-symbolicname + com.sun.jna.platform + + + Manifest + Implementation-Vendor + JNA Development Team + + + Manifest + require-bundle + com.sun.jna;bundle-version="5.12.1" + + + Manifest + specification-vendor + JNA Development Team + + + pom + artifactid + jna-platform + + + pom + artifactid + jna-platform + + + pom + developer email + mblaesing@doppel-helix.eu + + + pom + developer id + twall + + + pom + developer name + Matthias Bläsing + + + pom + developer name + Timothy Wall + + + pom + groupid + net.java.dev.jna + + + pom + name + Java Native Access Platform + + + pom + url + java-native-access/jna + + + file + name + jna-platform + + + jar + package name + jna + + + jar + package name + platform + + + jar + package name + sun + + + Manifest + automatic-module-name + com.sun.jna.platform + + + Manifest + bundle-category + jni + + + Manifest + Bundle-Name + jna-platform + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.4 + + + Manifest + bundle-symbolicname + com.sun.jna.platform + + + Manifest + Implementation-Title + com.sun.jna.platform + + + Manifest + require-bundle + com.sun.jna;bundle-version="5.12.1" + + + Manifest + specification-title + Java Native Access (JNA) + + + pom + artifactid + jna-platform + + + pom + developer email + mblaesing@doppel-helix.eu + + + pom + developer id + twall + + + pom + developer name + Matthias Bläsing + + + pom + developer name + Timothy Wall + + + pom + groupid + net.java.dev.jna + + + pom + name + Java Native Access Platform + + + pom + url + java-native-access/jna + + + file + version + 5.12.1 + + + Manifest + Bundle-Version + 5.12.1 + + + pom + version + 5.12.1 + + + + + pkg:maven/net.java.dev.jna/jna-platform@5.12.1 + + https://ossindex.sonatype.org/component/pkg:maven/net.java.dev.jna/jna-platform@5.12.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + joda-time-2.10.10.jar + /var/lib/jenkins/.m2/repository/joda-time/joda-time/2.10.10/joda-time-2.10.10.jar + c2a46de8a73ec7b60011429561ae72e3 + 29e8126e31f41e5c12b9fe3a7eb02e704c47d70b + dd8e7c92185a678d1b7b933f31209b6203c8ffa91e9880475a1be0346b9617e3 + Date and time library to replace JDK date handling + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + joda-time + + + jar + package name + joda + + + jar + package name + time + + + Manifest + automatic-module-name + org.joda.time + + + Manifest + bundle-docurl + https://www.joda.org/joda-time/ + + + Manifest + bundle-symbolicname + joda-time + + + Manifest + extension-name + joda-time + + + Manifest + implementation-url + https://www.joda.org/joda-time/ + + + Manifest + Implementation-Vendor + Joda.org + + + Manifest + Implementation-Vendor-Id + org.joda + + + Manifest + specification-vendor + Joda.org + + + pom + artifactid + joda-time + + + pom + artifactid + joda-time + + + pom + developer id + broneill + + + pom + developer id + jodastephen + + + pom + developer name + Brian S O'Neill + + + pom + developer name + Stephen Colebourne + + + pom + groupid + joda-time + + + pom + name + Joda-Time + + + pom + organization name + Joda.org + + + pom + organization url + https://www.joda.org + + + pom + url + https://www.joda.org/joda-time/ + + + file + name + joda-time + + + jar + package name + joda + + + jar + package name + time + + + Manifest + automatic-module-name + org.joda.time + + + Manifest + bundle-docurl + https://www.joda.org/joda-time/ + + + Manifest + Bundle-Name + Joda-Time + + + Manifest + bundle-symbolicname + joda-time + + + Manifest + extension-name + joda-time + + + Manifest + Implementation-Title + org.joda.time + + + Manifest + implementation-url + https://www.joda.org/joda-time/ + + + Manifest + specification-title + Joda-Time + + + pom + artifactid + joda-time + + + pom + developer id + broneill + + + pom + developer id + jodastephen + + + pom + developer name + Brian S O'Neill + + + pom + developer name + Stephen Colebourne + + + pom + groupid + joda-time + + + pom + name + Joda-Time + + + pom + organization name + Joda.org + + + pom + organization url + https://www.joda.org + + + pom + url + https://www.joda.org/joda-time/ + + + file + version + 2.10.10 + + + Manifest + Bundle-Version + 2.10.10 + + + Manifest + Implementation-Version + 2.10.10 + + + pom + version + 2.10.10 + + + + + pkg:maven/joda-time/joda-time@2.10.10 + + https://ossindex.sonatype.org/component/pkg:maven/joda-time/joda-time@2.10.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.2 + + + + + logback-core-1.2.11.jar + + /var/lib/jenkins/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar + 115da115b5e66ef64e774ec35af1fb1a + a01230df5ca5c34540cdaa3ad5efb012f1f1f792 + 6ce1e9397be8298a2e99029f55f955c6fa3cef255171c554d0b9c201cffd0159 + logback-core module + http://www.eclipse.org/legal/epl-v10.html, + http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html + + Business Process Center - Runtime Environment:compile + + + + logback-classic-1.2.11.jar + + /var/lib/jenkins/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11.jar + 4d8e899621a3006c2f66e19feab002b11e6cfc5cb1854fc41f01532c00deb2aa + 4741689214e9d1e8408b206506cbe76d1c6a7d60 + e13679004cc76ad5792f275f04884fab + + + pkg:maven/ch.qos.logback/logback-classic@1.2.11 + + https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-classic@1.2.11?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + logback-core + + + jar + package name + ch + + + jar + package name + core + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.qos.ch + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.6 + + + Manifest + bundle-symbolicname + ch.qos.logback.core + + + Manifest + originally-created-by + Apache Maven Bundle Plugin 5.1.4 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + pom + artifactid + logback-core + + + pom + artifactid + logback-core + + + pom + groupid + ch.qos.logback + + + pom + name + Logback Core Module + + + pom + parent-artifactid + logback-parent + + + file + name + logback-core + + + jar + package name + ch + + + jar + package name + core + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.qos.ch + + + Manifest + Bundle-Name + Logback Core Module + + + Manifest + bundle-requiredexecutionenvironment + JavaSE-1.6 + + + Manifest + bundle-symbolicname + ch.qos.logback.core + + + Manifest + originally-created-by + Apache Maven Bundle Plugin 5.1.4 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + pom + artifactid + logback-core + + + pom + groupid + ch.qos.logback + + + pom + name + Logback Core Module + + + pom + parent-artifactid + logback-parent + + + file + version + 1.2.11 + + + Manifest + Bundle-Version + 1.2.11 + + + pom + version + 1.2.11 + + + + + pkg:maven/ch.qos.logback/logback-core@1.2.11 + + https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback/logback-core@1.2.11?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:qos:logback:1.2.11:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aqos&cpe_product=cpe%3A%2F%3Aqos%3Alogback&cpe_version=cpe%3A%2F%3Aqos%3Alogback%3A1.2.11 + + + + + logback-jackson-0.1.5.jar + + /var/lib/jenkins/.m2/repository/ch/qos/logback/contrib/logback-jackson/0.1.5/logback-jackson-0.1.5.jar + 16960ad8a1dc45d22bf3d38897a247a8 + 0e8b202a23691048a01e6322dd040f75e08e9ca2 + c6f8863934218faa1bfa0f325659aa899e6a28473de2ec09cf43192c78409ab4 + Logback Contrib provides community-driven and supported extensions to the Logback + logging framework. All contributions are made by contributors with CLA on file. + http://www.eclipse.org/legal/epl-v10.html, + http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html + + Business Process Center - Runtime Environment:compile + + + + file + name + logback-jackson + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-jackson + + + pom + artifactid + logback-jackson + + + pom + artifactid + logback-jackson + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: Jackson + + + pom + parent-artifactid + logback-contrib-parent + + + file + name + logback-jackson + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + Bundle-Name + Logback Contrib :: Jackson + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-jackson + + + pom + artifactid + logback-jackson + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: Jackson + + + pom + parent-artifactid + logback-contrib-parent + + + file + version + 0.1.5 + + + Manifest + Bundle-Version + 0.1.5 + + + pom + version + 0.1.5 + + + + + pkg:maven/ch.qos.logback.contrib/logback-jackson@0.1.5 + + https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback.contrib/logback-jackson@0.1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + logback-json-classic-0.1.5.jar + + /var/lib/jenkins/.m2/repository/ch/qos/logback/contrib/logback-json-classic/0.1.5/logback-json-classic-0.1.5.jar + 4b13ef0b7a6af69d131e933c3318d331 + f7fd4e747a9b0c50fc4f71b0055d5bea64dc05c3 + 257194ac9c57f65e72e7b18e60d7b78d3ea1bc85e734332a4a8bbb46a5af305a + Logback Contrib provides community-driven and supported extensions to the Logback + logging framework. All contributions are made by contributors with CLA on file. + http://www.eclipse.org/legal/epl-v10.html, + http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html + + Business Process Center - Runtime Environment:compile + + + + file + name + logback-json-classic + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-json-classic + + + pom + artifactid + logback-json-classic + + + pom + artifactid + logback-json-classic + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: JSON :: Classic + + + pom + parent-artifactid + logback-json-parent + + + file + name + logback-json-classic + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + Bundle-Name + Logback Contrib :: JSON :: Classic + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-json-classic + + + pom + artifactid + logback-json-classic + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: JSON :: Classic + + + pom + parent-artifactid + logback-json-parent + + + file + version + 0.1.5 + + + Manifest + Bundle-Version + 0.1.5 + + + pom + version + 0.1.5 + + + + + pkg:maven/ch.qos.logback.contrib/logback-json-classic@0.1.5 + + https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback.contrib/logback-json-classic@0.1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + logback-json-core-0.1.5.jar + + /var/lib/jenkins/.m2/repository/ch/qos/logback/contrib/logback-json-core/0.1.5/logback-json-core-0.1.5.jar + 70fc4a12ede1bc381dca0d20ee948b9f + 90bdb547819957fc940188f5830b7b59375f6fdd + 8409ebc3c875fcb3dfd933787b559c0da9c9ce8660b02665be05ad33ce0ae31d + Logback Contrib provides community-driven and supported extensions to the Logback + logging framework. All contributions are made by contributors with CLA on file. + http://www.eclipse.org/legal/epl-v10.html, + http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html + + Business Process Center - Runtime Environment:compile + + + + file + name + logback-json-core + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-json-core + + + pom + artifactid + logback-json-core + + + pom + artifactid + logback-json-core + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: JSON :: Core + + + pom + parent-artifactid + logback-json-parent + + + file + name + logback-json-core + + + jar + package name + ch + + + jar + package name + contrib + + + jar + package name + logback + + + jar + package name + qos + + + Manifest + Bundle-Name + Logback Contrib :: JSON :: Core + + + Manifest + bundle-symbolicname + ch.qos.logback.contrib.logback-json-core + + + pom + artifactid + logback-json-core + + + pom + groupid + ch.qos.logback.contrib + + + pom + name + Logback Contrib :: JSON :: Core + + + pom + parent-artifactid + logback-json-parent + + + file + version + 0.1.5 + + + Manifest + Bundle-Version + 0.1.5 + + + pom + version + 0.1.5 + + + + + pkg:maven/ch.qos.logback.contrib/logback-json-core@0.1.5 + + https://ossindex.sonatype.org/component/pkg:maven/ch.qos.logback.contrib/logback-json-core@0.1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + maven-resolver-api-1.8.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.8.2/maven-resolver-api-1.8.2.jar + 3472778bb4d8bbbc785275a271afd7f6 + af6c5d8660e3c127c3987c385069d301848800a2 + f6b8860554f6620cdc539746383264a211d0ae2886770de227b10ced518cf15f + + The application programming interface for the repository system. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + maven-resolver-api + + + jar + package name + artifact + + + jar + package name + repository + + + Manifest + automatic-module-name + org.apache.maven.resolver + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-api/ + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.api + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + maven-resolver-api + + + pom + artifactid + maven-resolver-api + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver API + + + pom + parent-artifactid + maven-resolver + + + file + name + maven-resolver-api + + + jar + package name + artifact + + + jar + package name + repository + + + jar + package name + version + + + Manifest + automatic-module-name + org.apache.maven.resolver + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-api/ + + + Manifest + Bundle-Name + Maven Artifact Resolver API + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.api + + + Manifest + Implementation-Title + Maven Artifact Resolver API + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Maven Artifact Resolver API + + + pom + artifactid + maven-resolver-api + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver API + + + pom + parent-artifactid + maven-resolver + + + file + version + 1.8.2 + + + Manifest + Bundle-Version + 1.8.2 + + + Manifest + Implementation-Version + 1.8.2 + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-api@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-api@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + maven-resolver-impl-1.8.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.8.2/maven-resolver-impl-1.8.2.jar + 1d11314cd969b46e6b7a3474008cb2a8 + 5f08b1e7d0bc89d8254cd46881a5e228c98303df + c702e03dbd4b4f585e807816375fadf81f203b036bbc0c1f0d847628616e9f6a + + An implementation of the repository system. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + maven-resolver-impl + + + jar + package name + impl + + + Manifest + automatic-module-name + org.apache.maven.resolver.impl + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-impl/ + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.impl + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + maven-resolver-impl + + + pom + artifactid + maven-resolver-impl + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Implementation + + + pom + parent-artifactid + maven-resolver + + + file + name + maven-resolver-impl + + + jar + package name + impl + + + Manifest + automatic-module-name + org.apache.maven.resolver.impl + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-impl/ + + + Manifest + Bundle-Name + Maven Artifact Resolver Implementation + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.impl + + + Manifest + Implementation-Title + Maven Artifact Resolver Implementation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Maven Artifact Resolver Implementation + + + pom + artifactid + maven-resolver-impl + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Implementation + + + pom + parent-artifactid + maven-resolver + + + file + version + 1.8.2 + + + Manifest + Bundle-Version + 1.8.2 + + + Manifest + Implementation-Version + 1.8.2 + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + maven-resolver-named-locks-1.8.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.8.2/maven-resolver-named-locks-1.8.2.jar + dbe2bc77cd28fe81dfe8fc0347f89f8a + 6d81987c220cdb9672f15a1f2ee3e4ba9f80d50f + 349a057956bedd0ab01f83d55152e06ac79942d1480c506710edb44ef6efc3f1 + + A synchronization utility implementation using Named locks. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + maven-resolver-named-locks + + + jar + package name + named + + + Manifest + automatic-module-name + org.apache.maven.resolver.named + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-named-locks/ + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.named + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + maven-resolver-named-locks + + + pom + artifactid + maven-resolver-named-locks + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Named Locks + + + pom + parent-artifactid + maven-resolver + + + file + name + maven-resolver-named-locks + + + jar + package name + named + + + jar + package name + support + + + Manifest + automatic-module-name + org.apache.maven.resolver.named + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-named-locks/ + + + Manifest + Bundle-Name + Maven Artifact Resolver Named Locks + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.named + + + Manifest + Implementation-Title + Maven Artifact Resolver Named Locks + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Maven Artifact Resolver Named Locks + + + pom + artifactid + maven-resolver-named-locks + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Named Locks + + + pom + parent-artifactid + maven-resolver + + + file + version + 1.8.2 + + + Manifest + Bundle-Version + 1.8.2 + + + Manifest + Implementation-Version + 1.8.2 + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + maven-resolver-spi-1.8.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.8.2/maven-resolver-spi-1.8.2.jar + 47664b1ea8e0ee3d7aff0fe4a7ec01b4 + 0d0768a341173c2ef88e8dbcab2f30ebfe7ef526 + a301acbeca7bb42e85bf8be48c677ba70e9107465e4f9438124a2dc623543b84 + + The service provider interface for repository system implementations and repository + connectors. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + maven-resolver-spi + + + jar + package name + spi + + + Manifest + automatic-module-name + org.apache.maven.resolver.spi + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-spi/ + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.spi + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + maven-resolver-spi + + + pom + artifactid + maven-resolver-spi + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver SPI + + + pom + parent-artifactid + maven-resolver + + + file + name + maven-resolver-spi + + + jar + package name + spi + + + Manifest + automatic-module-name + org.apache.maven.resolver.spi + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-spi/ + + + Manifest + Bundle-Name + Maven Artifact Resolver SPI + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.spi + + + Manifest + Implementation-Title + Maven Artifact Resolver SPI + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Maven Artifact Resolver SPI + + + pom + artifactid + maven-resolver-spi + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver SPI + + + pom + parent-artifactid + maven-resolver + + + file + version + 1.8.2 + + + Manifest + Bundle-Version + 1.8.2 + + + Manifest + Implementation-Version + 1.8.2 + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + maven-resolver-util-1.8.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.8.2/maven-resolver-util-1.8.2.jar + e7f3441a38bab7861629fbe74d19a41b + cfb9b2e4c71d2a819aa4519800c9687c74b71584 + a2cc000cb37065740f1e8d4857cc81b3ee51d637d68c8b22b95ee303fef97b4a + + A collection of utility classes to ease usage of the repository system. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + maven-resolver-util + + + jar + package name + artifact + + + jar + package name + repository + + + jar + package name + util + + + Manifest + automatic-module-name + org.apache.maven.resolver.util + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-util/ + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.util + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + maven-resolver-util + + + pom + artifactid + maven-resolver-util + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Utilities + + + pom + parent-artifactid + maven-resolver + + + file + name + maven-resolver-util + + + jar + package name + artifact + + + jar + package name + filter + + + jar + package name + repository + + + jar + package name + util + + + jar + package name + version + + + Manifest + automatic-module-name + org.apache.maven.resolver.util + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-developers + rfscholte;email="rfscholte@apache.org";name="Robert + Scholte";roles="PMC + Chair";timezone="Europe/Amsterdam",aheritier;email="aheritier@apache.org";name="Arnaud + Héritier";roles="PMC + Member";timezone="+1",andham;email="andham@apache.org";name="Anders + Hammar";roles="PMC + Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie + Treloar";roles="PMC + Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson + Margulies";roles="PMC + Member";timezone="America/New_York",brianf;email="brianf@apache.org";name="Brian + Fox";organization=Sonatype;roles="PMC + Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas + Cservenak";roles="PMC + Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis + Lundberg";organization=ASF;roles="PMC + Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel + Kulp";organization=ASF;roles="PMC + Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel + Venisse";organization=ASF;roles="PMC + Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume + Boué";roles="PMC + Member";timezone="Europe/Paris",hboutemy;email="hboutemy@apache.org";name="Hervé + Boutemy";organization=ASF;roles="PMC + Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor + Fedorenko";organization=Sonatype;roles="PMC + Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van + Zyl";roles="PMC + Member";timezone=-5,khmarbaise;email="khmarbaise@apache.org";name="Karl + Heinz Marbaise";roles="PMC + Member";timezone="+1",krosenvold;email="krosenvold@apache.org";name="Kristian + Rosenvold";roles="PMC + Member";timezone="+1",mkleint;name="Milos + Kleint";roles="PMC + Member",olamy;email="olamy@apache.org";name="Olivier + Lamy";roles="PMC + Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael + Osipov";roles="PMC + Member";timezone="Europe/Berlin",rgoers;email="rgoers@apache.org";name="Ralph + Goers";organization=Intuit;roles="PMC + Member";timezone=-8,stephenc;email="stephenc@apache.org";name="Stephen + Connolly";roles="PMC + Member";timezone=0,struberg;email="struberg@apache.org";name="Mark + Struberg";roles="PMC + Member",tibordigana;email="tibordigana@apache.org";name="Tibor + Digaňa";roles="PMC + Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent + Siveton";organization=ASF;roles="PMC + Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne + Fay";organization=ASF;roles="PMC + Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas + Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian + Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice + Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin + Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris + Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan + Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian + Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett + Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel + Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico + Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio + Giustina";organization=openmind;roles=Committer;timezone="+1",gnodet;email="gnodet@apache.org";name="Guillaume + Nodet";organization="Red + Hat";roles=Committer;timezone="Europe/Paris",godin;email="godin@apache.org";name="Evgeny + Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew + Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik + Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff + Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas + Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark + Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin + Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mthmulders;email="mthmulders@apache.org";name="Maarten + Mulders";organization="Info + Support";roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro + Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko + Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred + Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de + Loof";roles=Committer,oching;name="Maria Odea B. + Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul + Gier";organization="Red + Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar + Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël + Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian + Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane + Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone + Tripodi";roles=Committer;timezone="+1",sjaranowski;email="sjaranowski@apache.org";name="Slawomir + Jaranowski";roles=Committer;timezone="Europe/Warsaw",sor;email="sor@apache.org";name="Christian + Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony + Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent + Massol";organization=ASF;roles=Committer;timezone="+1",slachiewicz;email="slachiewicz@apache.org";name="Sylwester + Lachiewicz";roles=Committer;timezone="Europe/Warsaw",elharo;email="elharo@apache.org";name="Elliotte + Rusty + Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas + Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan + Q. Ramirez";roles=Emeritus,bayard;name="Henri + Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos + Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris + Stevenson";roles=Emeritus,dblevins;name="David + Blevins";roles=Emeritus,dlr;name="Daniel + Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin + Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe + Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John + Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse + McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim + Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny + Ruiz III";roles=Emeritus,jstrachan;name="James + Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto + Tolentino + Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney + Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike + Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg + Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick + Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul + Thakur";roles=Emeritus,shinobu;name="Shinobu + Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli + Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve + Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy + Smoak";roles=Emeritus;timezone=-7 + + + Manifest + bundle-docurl + https://maven.apache.org/resolver/maven-resolver-util/ + + + Manifest + Bundle-Name + Maven Artifact Resolver Utilities + + + Manifest + bundle-symbolicname + org.apache.maven.resolver.util + + + Manifest + Implementation-Title + Maven Artifact Resolver Utilities + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Maven Artifact Resolver Utilities + + + pom + artifactid + maven-resolver-util + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Utilities + + + pom + parent-artifactid + maven-resolver + + + file + version + 1.8.2 + + + Manifest + Bundle-Version + 1.8.2 + + + Manifest + Implementation-Version + 1.8.2 + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-util@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-util@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + metrics-core-3.1.5.jar + + /var/lib/jenkins/.m2/repository/io/dropwizard/metrics/metrics-core/3.1.5/metrics-core-3.1.5.jar + cc57fc46b3c5404655e23cfea6f7ac15 + b07d2c8b79a11dd0a7d6d48adc96f396d7b58808 + 79d903d4ae850c9dee8d3939e5bd8d4172a91fda40b31b7e40a5d8c3e1fe4534 + + Metrics is a Java library which gives you unparalleled insight into what your code does in + production. Metrics provides a powerful toolkit of ways to measure the behavior of critical + components in your production environment. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + metrics-core + + + jar + package name + metrics + + + Manifest + bundle-symbolicname + io.dropwizard.metrics.core + + + Manifest + Implementation-Vendor-Id + io.dropwizard.metrics + + + pom + artifactid + metrics-core + + + pom + artifactid + metrics-core + + + pom + groupid + io.dropwizard.metrics + + + pom + name + Metrics Core + + + pom + parent-artifactid + metrics-parent + + + file + name + metrics-core + + + jar + package name + metrics + + + Manifest + Bundle-Name + Metrics Core + + + Manifest + bundle-symbolicname + io.dropwizard.metrics.core + + + Manifest + Implementation-Title + Metrics Core + + + pom + artifactid + metrics-core + + + pom + groupid + io.dropwizard.metrics + + + pom + name + Metrics Core + + + pom + parent-artifactid + metrics-parent + + + file + version + 3.1.5 + + + Manifest + Bundle-Version + 3.1.5 + + + Manifest + Implementation-Version + 3.1.5 + + + pom + version + 3.1.5 + + + + + pkg:maven/io.dropwizard.metrics/metrics-core@3.1.5 + + https://ossindex.sonatype.org/component/pkg:maven/io.dropwizard.metrics/metrics-core@3.1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + mina-core-2.1.5.jar + /var/lib/jenkins/.m2/repository/org/apache/mina/mina-core/2.1.5/mina-core-2.1.5.jar + 736e29bde17121395bcad67794487e16 + 0e9a0b59d93f3095f0ae35909d7f413bf49ce1a6 + 4cbe14958b044df2d3a22d9f954ed8a3cea12c2c6527d438aac81b4e9ea81041 + Apache MINA is a network application framework which helps users develop high + performance and highly scalable network applications easily. It provides an abstract + event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java + NIO. + https://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + mina-core + + + jar + package name + apache + + + jar + package name + core + + + jar + package name + mina + + + Manifest + bundle-docurl + https://mina.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.mina.core + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + mina-core + + + pom + artifactid + mina-core + + + pom + groupid + org.apache.mina + + + pom + name + Apache MINA Core + + + pom + parent-artifactid + mina-parent + + + file + name + mina-core + + + jar + package name + apache + + + jar + package name + core + + + jar + package name + event + + + jar + package name + filter + + + jar + package name + mina + + + Manifest + bundle-docurl + https://mina.apache.org/ + + + Manifest + Bundle-Name + Apache MINA Core + + + Manifest + bundle-symbolicname + org.apache.mina.core + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + mina-core + + + pom + groupid + org.apache.mina + + + pom + name + Apache MINA Core + + + pom + parent-artifactid + mina-parent + + + file + version + 2.1.5 + + + Manifest + Bundle-Version + 2.1.5 + + + pom + version + 2.1.5 + + + + + pkg:maven/org.apache.mina/mina-core@2.1.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.mina/mina-core@2.1.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:mina:2.1.5:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Amina&cpe_version=cpe%3A%2F%3Aapache%3Amina%3A2.1.5 + + + + + neethi-3.2.0.jar + /var/lib/jenkins/.m2/repository/org/apache/neethi/neethi/3.2.0/neethi-3.2.0.jar + e6040db3584bfdbadd0515dbdba6b25a + 4e409cf251f420f65130d458256f7be1ad68f055 + 6ed3c2cd20444972936c1f9b623862d1415592290ce1eb79e1cf1008f999aa3b + Apache Neethi provides general framework for the programmers to use WS Policy. It + is compliant with latest WS Policy specification which was published in March 2006. This + framework is specifically written to enable the Apache Web services stack to use WS Policy + as a way of expressing it's requirements and capabilities. + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + neethi + + + jar + package name + apache + + + jar + package name + neethi + + + jar + package name + policy + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.neethi + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + neethi + + + pom + artifactid + neethi + + + pom + developer email + chatra@gmail.com + + + pom + developer email + dims@yahoo.com + + + pom + developer email + dkulp@apache.org + + + pom + developer email + sanjiva@opensource.lk + + + pom + developer email + sanka@apache.org + + + pom + developer email + veithen@apache.org + + + pom + developer email + werner.dittmann@siemens.com + + + pom + developer id + chatra + + + pom + developer id + dims + + + pom + developer id + dkulp + + + pom + developer id + sanjiva + + + pom + developer id + sanka + + + pom + developer id + veithen + + + pom + developer id + werner + + + pom + developer name + Andreas Veithen + + + pom + developer name + Chatra Nakkawita + + + pom + developer name + Daniel Kulp + + + pom + developer name + Davanum Srinivas + + + pom + developer name + Dittmann, Werner + + + pom + developer name + Sanjiva Weerawarana + + + pom + developer name + Sanka Samaranayake + + + pom + developer org + IBM + + + pom + developer org + WSO2 Inc. + + + pom + groupid + org.apache.neethi + + + pom + name + Apache Neethi + + + pom + organization name + The Apache Software Foundation + + + pom + organization url + https://www.apache.org/ + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + https://ws.apache.org/neethi/ + + + file + name + neethi + + + jar + package name + apache + + + jar + package name + neethi + + + jar + package name + policy + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache Neethi + + + Manifest + bundle-symbolicname + org.apache.neethi + + + Manifest + Implementation-Title + Apache Neethi + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Neethi + + + pom + artifactid + neethi + + + pom + developer email + chatra@gmail.com + + + pom + developer email + dims@yahoo.com + + + pom + developer email + dkulp@apache.org + + + pom + developer email + sanjiva@opensource.lk + + + pom + developer email + sanka@apache.org + + + pom + developer email + veithen@apache.org + + + pom + developer email + werner.dittmann@siemens.com + + + pom + developer id + chatra + + + pom + developer id + dims + + + pom + developer id + dkulp + + + pom + developer id + sanjiva + + + pom + developer id + sanka + + + pom + developer id + veithen + + + pom + developer id + werner + + + pom + developer name + Andreas Veithen + + + pom + developer name + Chatra Nakkawita + + + pom + developer name + Daniel Kulp + + + pom + developer name + Davanum Srinivas + + + pom + developer name + Dittmann, Werner + + + pom + developer name + Sanjiva Weerawarana + + + pom + developer name + Sanka Samaranayake + + + pom + developer org + IBM + + + pom + developer org + WSO2 Inc. + + + pom + groupid + org.apache.neethi + + + pom + name + Apache Neethi + + + pom + organization name + The Apache Software Foundation + + + pom + organization url + https://www.apache.org/ + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + https://ws.apache.org/neethi/ + + + file + version + 3.2.0 + + + Manifest + Bundle-Version + 3.2.0 + + + Manifest + Implementation-Version + 3.2.0 + + + pom + parent-version + 3.2.0 + + + pom + version + 3.2.0 + + + + + pkg:maven/org.apache.neethi/neethi@3.2.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.neethi/neethi@3.2.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-core-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-core/3.4.6/opensaml-core-3.4.6.jar + 078679e8cb6a0c3361eac985019e8e5b + 75b749a9ce605414d071ffabbf7e61cd11b9204d + d9b867c9c2b6a44d75a95504a467d94b5183def09fa1f3f0f1a95a79621ec1e1 + Core + + Business Process Center - Runtime Environment:compile + + + + opensaml-profile-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-profile-api/3.4.6/opensaml-profile-api-3.4.6.jar + d4aa4269af0d25b7ed5740c46a9894123fc0501546891188678aa74df0f141ba + cf3d855a2eb9a7c44b2d10919746bea5b4f0e6fe + 0cb5bed685408a677fff00c5cbcf4e8d + + + pkg:maven/org.opensaml/opensaml-profile-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-profile-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-security-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-security-api/3.4.6/opensaml-security-api-3.4.6.jar + a84c4e51d8a90c30e70cfa37da22e4d18e54af747e2771fc4e39c6d8c76ae41a + d5cfb49df6b78b0dea66015040fe9940ace2fe71 + 5b128a68409ed07d1094b40281576c3b + + + pkg:maven/org.opensaml/opensaml-security-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-security-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-security-impl-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-security-impl/3.4.6/opensaml-security-impl-3.4.6.jar + 78fa84dc93d47756a37bf7a3e5f443630981607f29a0a97ce5e78e8c4272655a + 0dd4e7128d4de8c304827ecc972ee57ae46230fa + f6059e2364579e717f39aaa65f3e395b + + + pkg:maven/org.opensaml/opensaml-security-impl@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-security-impl@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-soap-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-soap-api/3.4.6/opensaml-soap-api-3.4.6.jar + 76cc47c3610e97df80921611aef80cbbc0f273dcd7323e6e08c70996d121254a + 6e4dacb4caac0d5ed000719b3a772d384ceff916 + 65e52ff6f3a55badf553ba021f08696f + + + pkg:maven/org.opensaml/opensaml-soap-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-soap-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xacml-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xacml-api/3.4.6/opensaml-xacml-api-3.4.6.jar + 9af782e9674b1e5b34f1c1406e919eea3d91aa09003465d43f6446db5f67e3e6 + 2fc136cf70605b6e490daf01a28161cb87b0ffc4 + cfb758241b65c48297e510c5c1b129fa + + + pkg:maven/org.opensaml/opensaml-xacml-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xacml-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xacml-impl-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xacml-impl/3.4.6/opensaml-xacml-impl-3.4.6.jar + 2e0b08bd9aabb0f49ee4f98e6fe3d489db94281627f386c80ddc79b4fe903146 + 542a94404fe6b51858cc291e18b1890772de555c + 9d8cb6a9cf8d68af9bc2bab3053d9a30 + + + pkg:maven/org.opensaml/opensaml-xacml-impl@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xacml-impl@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xmlsec-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xmlsec-api/3.4.6/opensaml-xmlsec-api-3.4.6.jar + fb6234bab21f5582f021467a772bb9c4cfb32af8bc1900504811795992bb23fd + 3f84e8ce2dc40c247247be036a3a5c6adfae4a70 + 83483c37e5b6cd7c234866d9b5e1ac47 + + + pkg:maven/org.opensaml/opensaml-xmlsec-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xmlsec-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xmlsec-impl-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xmlsec-impl/3.4.6/opensaml-xmlsec-impl-3.4.6.jar + 8151f782375205f6698941fba656dec077f35e4a05e8a3a94e31b84cc7c912a7 + f07084d063f046dc762b86f90ff1350c923aa6ac + 29d0993ae0e882f5ab843fdca178ad53 + + + pkg:maven/org.opensaml/opensaml-xmlsec-impl@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xmlsec-impl@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + opensaml-core + + + hint analyzer + vendor + shibboleth + + + jar + package name + core + + + jar + package name + opensaml + + + Manifest + automatic-module-name + org.opensaml.core + + + manifest: org/opensaml/core/ + Implementation-Vendor + opensaml.org + + + pom + artifactid + opensaml-core + + + pom + artifactid + opensaml-core + + + pom + groupid + org.opensaml + + + pom + name + OpenSAML :: Core + + + pom + parent-artifactid + opensaml-parent + + + file + name + opensaml-core + + + hint analyzer + product + opensaml + + + jar + package name + core + + + jar + package name + opensaml + + + Manifest + automatic-module-name + org.opensaml.core + + + manifest: org/opensaml/core/ + Implementation-Title + opensaml-core + + + pom + artifactid + opensaml-core + + + pom + groupid + org.opensaml + + + pom + name + OpenSAML :: Core + + + pom + parent-artifactid + opensaml-parent + + + file + version + 3.4.6 + + + manifest: org/opensaml/core/ + Implementation-Version + 3.4.6 + + + pom + version + 3.4.6 + + + + + pkg:maven/org.opensaml/opensaml-core@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-core@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:shibboleth:opensaml:3.4.6:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ashibboleth&cpe_product=cpe%3A%2F%3Ashibboleth%3Aopensaml&cpe_version=cpe%3A%2F%3Ashibboleth%3Aopensaml%3A3.4.6 + + + + + opensaml-saml-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-saml-api/3.4.6/opensaml-saml-api-3.4.6.jar + d55c4ec6f542c201b6d5aad5c7115138 + 571c2b041583625850afefdb3283fcf17940f9cd + a48e58ca9a98753aaa3f58b47ac6f941892b8980ff52381491b244ce02093fce + SAML Provider API + + Business Process Center - Runtime Environment:compile + + + + opensaml-saml-impl-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-saml-impl/3.4.6/opensaml-saml-impl-3.4.6.jar + c9b818689fbcda211fcf4a4c970bfc143c5955645129df53b9bdca8f7f83c1b4 + c51f094b49d8875a9d1e51aefc01331dff461729 + 16822d1228404b5fc14a607f94c04b69 + + + pkg:maven/org.opensaml/opensaml-saml-impl@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-saml-impl@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xacml-saml-api-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xacml-saml-api/3.4.6/opensaml-xacml-saml-api-3.4.6.jar + c25795b730cf4892c3cfb01dd7ec3237dafdc952d78fb6abbabb81d678ae916b + d4d573d93257738309cd079a290a1da7ecdc762e + 75f667b52f160481e65e7c317ab1c20f + + + pkg:maven/org.opensaml/opensaml-xacml-saml-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xacml-saml-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + opensaml-xacml-saml-impl-3.4.6.jar + + /var/lib/jenkins/.m2/repository/org/opensaml/opensaml-xacml-saml-impl/3.4.6/opensaml-xacml-saml-impl-3.4.6.jar + 536349704d93a73bcd9475fee89606e6841f2d6f53c58a46fc0c2f659cdc8620 + 2a8dfe1251c1d3ef0c0f1b876b2a7dd7d3bf0cb8 + 0eaa70b47d18c2a7ae72ec0ce1e47038 + + + pkg:maven/org.opensaml/opensaml-xacml-saml-impl@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-xacml-saml-impl@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + opensaml-saml-api + + + hint analyzer + vendor + shibboleth + + + jar + package name + opensaml + + + jar + package name + saml + + + Manifest + automatic-module-name + org.opensaml.saml + + + pom + artifactid + opensaml-saml-api + + + pom + artifactid + opensaml-saml-api + + + pom + groupid + org.opensaml + + + pom + name + OpenSAML :: SAML Provider API + + + pom + parent-artifactid + opensaml-parent + + + file + name + opensaml-saml-api + + + hint analyzer + product + opensaml + + + jar + package name + opensaml + + + jar + package name + saml + + + Manifest + automatic-module-name + org.opensaml.saml + + + pom + artifactid + opensaml-saml-api + + + pom + groupid + org.opensaml + + + pom + name + OpenSAML :: SAML Provider API + + + pom + parent-artifactid + opensaml-parent + + + file + version + 3.4.6 + + + pom + version + 3.4.6 + + + + + pkg:maven/org.opensaml/opensaml-saml-api@3.4.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.opensaml/opensaml-saml-api@3.4.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:saml_project:saml:3.4.6:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Asaml_project&cpe_product=cpe%3A%2F%3Asaml_project%3Asaml&cpe_version=cpe%3A%2F%3Asaml_project%3Asaml%3A3.4.6 + + + cpe:2.3:a:shibboleth:opensaml:3.4.6:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ashibboleth&cpe_product=cpe%3A%2F%3Ashibboleth%3Aopensaml&cpe_version=cpe%3A%2F%3Ashibboleth%3Aopensaml%3A3.4.6 + + + + + ops4j-base-lang-1.5.1.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/base/ops4j-base-lang/1.5.1/ops4j-base-lang-1.5.1.jar + 3db9cc6750a4187a60239faa6a82697f + e9b72250e97d403fd08e5deb5936680afe7524a7 + 095f44a513ebf63e8b3c587d2c8e73ec075fcb9e4b6cde736e641511ac63bd88 + + OPS4J Base - Utilities/Extensions related to java.lang. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + ops4j-base-lang + + + jar + package name + lang + + + jar + package name + ops4j + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.base.lang + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-lang + + + pom + artifactid + ops4j-base-lang + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Lang + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + name + ops4j-base-lang + + + jar + package name + lang + + + jar + package name + ops4j + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Base - Lang + + + Manifest + bundle-symbolicname + org.ops4j.base.lang + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-lang + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Lang + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + version + 1.5.1 + + + Manifest + Bundle-Version + 1.5.1 + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-lang@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-lang@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ops4j-base-util-collections-1.5.1.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/base/ops4j-base-util-collections/1.5.1/ops4j-base-util-collections-1.5.1.jar + 448faf0468f80eb7154a0f9e123b58a6 + a8180a5a26876e751b7d7491a07a428696bf4305 + 799381fa71ffe40da5fc9195e1c9ee22fa9d5b77801928c49070fb5a7c116860 + + OPS4J Base - Utilities/Extensions related to java collections. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + ops4j-base-util-collections + + + jar + package name + collections + + + jar + package name + ops4j + + + jar + package name + util + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.base.util.collections + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-collections + + + pom + artifactid + ops4j-base-util-collections + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - Collections + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + name + ops4j-base-util-collections + + + jar + package name + collections + + + jar + package name + ops4j + + + jar + package name + util + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Base - Util - Collections + + + Manifest + bundle-symbolicname + org.ops4j.base.util.collections + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-collections + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - Collections + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + version + 1.5.1 + + + Manifest + Bundle-Version + 1.5.1 + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-util-collections@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-util-collections@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ops4j-base-util-property-1.5.1.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/base/ops4j-base-util-property/1.5.1/ops4j-base-util-property-1.5.1.jar + f02955a01370d5d9c06d3e33aa8a91a5 + 43689baff554fed107ca4e8aac6ceec2a55182ed + d6333bc4b4b3ed9555451e6b6b9f605c0d4309c35f95dcf549ccb81c1b10e1a1 + + OPS4J Base - Utilities/Extensions related to sytem/configuration properties. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + ops4j-base-util-property + + + jar + package name + ops4j + + + jar + package name + property + + + jar + package name + util + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.base.util.property + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-property + + + pom + artifactid + ops4j-base-util-property + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - Property + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + name + ops4j-base-util-property + + + jar + package name + ops4j + + + jar + package name + property + + + jar + package name + util + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Base - Util - Property + + + Manifest + bundle-symbolicname + org.ops4j.base.util.property + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-property + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - Property + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + version + 1.5.1 + + + Manifest + Bundle-Version + 1.5.1 + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-util-property@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-util-property@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + ops4j-base-util-xml-1.5.1.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/base/ops4j-base-util-xml/1.5.1/ops4j-base-util-xml-1.5.1.jar + 90aba33f61950bebabc61998f42a1993 + 2022435467e88f7d0bec80508bb4c08420ab15cc + dbd620159cc3d9a37119e0cb10c066ca573ce76234d53c792059c0b3dd3f1b40 + + OPS4J Base - Utilities/Extensions related to xml. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + ops4j-base-util-xml + + + jar + package name + ops4j + + + jar + package name + util + + + jar + package name + xml + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.base.util.xml + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-xml + + + pom + artifactid + ops4j-base-util-xml + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - XML + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + name + ops4j-base-util-xml + + + jar + package name + ops4j + + + jar + package name + util + + + jar + package name + xml + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Base - Util - XML + + + Manifest + bundle-symbolicname + org.ops4j.base.util.xml + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + ops4j-base-util-xml + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Util - XML + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + file + version + 1.5.1 + + + Manifest + Bundle-Version + 1.5.1 + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-util-xml@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-util-xml@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.felix.cm.json-1.0.6.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.cm.json/1.0.6/org.apache.felix.cm.json-1.0.6.jar + b01572d478b6d6eb77d8989d5b982eff + 0a3048ecc665da93cd65b34938f8f71d485ca70d + 88f4b3ace90f6795267c0c1745a7d0e953a61aa80beb3462222d7259ad7652c5 + + Support for OSGi configurations specified in JSON documents. + + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.felix.cm.json + + + jar + package name + apache + + + jar + package name + cm + + + jar + package name + felix + + + jar + package name + json + + + Manifest + bundle-category + osgi + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.felix.cm.json + + + Manifest + require-capability + + osgi.contract;osgi.contract=JavaJSONP;filter:="(&(osgi.contract=JavaJSONP)(version=1.1.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.felix.cm.json + + + pom + artifactid + org.apache.felix.cm.json + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Json + + + pom + parent-artifactid + felix-parent + + + file + name + org.apache.felix.cm.json + + + jar + package name + apache + + + jar + package name + cm + + + jar + package name + felix + + + jar + package name + json + + + Manifest + bundle-category + osgi + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache Felix Configuration Json + + + Manifest + bundle-symbolicname + org.apache.felix.cm.json + + + Manifest + require-capability + + osgi.contract;osgi.contract=JavaJSONP;filter:="(&(osgi.contract=JavaJSONP)(version=1.1.0))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.felix.cm.json + + + pom + artifactid + org.apache.felix.cm.json + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Json + + + pom + parent-artifactid + felix-parent + + + file + version + 1.0.6 + + + Manifest + Bundle-Version + 1.0.6 + + + pom + parent-version + 1.0.6 + + + pom + version + 1.0.6 + + + + + pkg:maven/org.apache.felix/org.apache.felix.cm.json@1.0.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.cm.json@1.0.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.felix.configadmin-1.9.24.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.configadmin/1.9.24/org.apache.felix.configadmin-1.9.24.jar + a77daf3d531aca965e694d0006541700 + e87723822c884bf1ed57c4d937aa2792702bae2d + cce49df8a3a72950ed6b3f4d057bb3bf72880e4872a510342a95c4f64caa06eb + + Implementation of the OSGi Configuration Admin Service Specification 1.6 + + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.felix.configadmin + + + jar + package name + apache + + + jar + package name + configuration + + + jar + package name + felix + + + jar + package name + osgi + + + jar + package name + service + + + Manifest + bundle-category + osgi + + + Manifest + bundle-docurl + http://felix.apache.org/site/apache-felix-config-admin.html + + + Manifest + bundle-symbolicname + org.apache.felix.configadmin + + + Manifest + provide-capability + + osgi.service;objectClass:List="org.osgi.service.cm.ConfigurationAdmin";uses:="org.osgi.service.cm,org.apache.felix.cm",osgi.service;objectClass:List="org.apache.felix.cm.PersistenceManager";uses:="org.osgi.service.cm,org.apache.felix.cm",osgi.implementation;osgi.implementation="osgi.cm";uses:="org.osgi.service.cm,org.apache.felix.cm";version:Version="1.6" + + + Manifest + require-capability + + osgi.service;filter:="(objectClass=org.osgi.service.log.LogService)";effective:=active;resolution:=optional,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + apache.felix.configadmin + + + pom + artifactid + org.apache.felix.configadmin + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Admin Service + + + pom + parent-artifactid + felix-parent + + + file + name + org.apache.felix.configadmin + + + jar + package name + apache + + + jar + package name + cm + + + jar + package name + configuration + + + jar + package name + configurationadmin + + + jar + package name + felix + + + jar + package name + osgi + + + jar + package name + persistencemanager + + + jar + package name + service + + + Manifest + bundle-category + osgi + + + Manifest + bundle-docurl + http://felix.apache.org/site/apache-felix-config-admin.html + + + Manifest + Bundle-Name + Apache Felix Configuration Admin Service + + + Manifest + bundle-symbolicname + org.apache.felix.configadmin + + + Manifest + provide-capability + + osgi.service;objectClass:List="org.osgi.service.cm.ConfigurationAdmin";uses:="org.osgi.service.cm,org.apache.felix.cm",osgi.service;objectClass:List="org.apache.felix.cm.PersistenceManager";uses:="org.osgi.service.cm,org.apache.felix.cm",osgi.implementation;osgi.implementation="osgi.cm";uses:="org.osgi.service.cm,org.apache.felix.cm";version:Version="1.6" + + + Manifest + require-capability + + osgi.service;filter:="(objectClass=org.osgi.service.log.LogService)";effective:=active;resolution:=optional,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + apache.felix.configadmin + + + pom + artifactid + org.apache.felix.configadmin + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Admin Service + + + pom + parent-artifactid + felix-parent + + + file + version + 1.9.24 + + + Manifest + Bundle-Version + 1.9.24 + + + pom + parent-version + 1.9.24 + + + pom + version + 1.9.24 + + + + + pkg:maven/org.apache.felix/org.apache.felix.configadmin@1.9.24 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.configadmin@1.9.24?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:1.9.24:*:*:*:*:*:*:* + + + + + org.apache.felix.configadmin.plugin.interpolation-1.2.6.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.configadmin.plugin.interpolation/1.2.6/org.apache.felix.configadmin.plugin.interpolation-1.2.6.jar + 9c8de7913c3f7d0ea17a5e48560ce9fc + 1dc586a1e81f8125b38c0e2a858c6df3d6871c36 + 2dcab78d4b698b672cb186f8b22a5212be154e9ff4569343a4e0dc713ea60035 + + This plugin makes it possible to substitute placeholder values in ConfigAdmin configuration + with values from the + file system, environment variables or system properties. + + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.felix.configadmin.plugin.interpolation + + + jar + package name + apache + + + jar + package name + configadmin + + + jar + package name + felix + + + jar + package name + plugin + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://felix.apache.org/org.apache.felix.configadmin.plugin.interpolation/ + + + Manifest + bundle-symbolicname + org.apache.felix.configadmin.plugin.interpolation + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + apache.felix.configadmin.plugin.interpolation + + + pom + artifactid + org.apache.felix.configadmin.plugin.interpolation + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Admin Values Interpolation Plugin + + + pom + parent-artifactid + felix-parent + + + file + name + org.apache.felix.configadmin.plugin.interpolation + + + jar + package name + apache + + + jar + package name + configadmin + + + jar + package name + felix + + + jar + package name + plugin + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://felix.apache.org/org.apache.felix.configadmin.plugin.interpolation/ + + + Manifest + Bundle-Name + Apache Felix Configuration Admin Values Interpolation Plugin + + + Manifest + bundle-symbolicname + org.apache.felix.configadmin.plugin.interpolation + + + Manifest + Implementation-Title + Apache Felix Configuration Admin Values Interpolation Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Felix Configuration Admin Values Interpolation Plugin + + + pom + artifactid + apache.felix.configadmin.plugin.interpolation + + + pom + artifactid + org.apache.felix.configadmin.plugin.interpolation + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Configuration Admin Values Interpolation Plugin + + + pom + parent-artifactid + felix-parent + + + file + version + 1.2.6 + + + Manifest + Bundle-Version + 1.2.6 + + + Manifest + Implementation-Version + 1.2.6 + + + pom + parent-version + 1.2.6 + + + pom + version + 1.2.6 + + + + + pkg:maven/org.apache.felix/org.apache.felix.configadmin.plugin.interpolation@1.2.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.configadmin.plugin.interpolation@1.2.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.felix.fileinstall-3.7.4.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.fileinstall/3.7.4/org.apache.felix.fileinstall-3.7.4.jar + b34fc8b979a5e5722d10a1b5f9e1501c + 599dcee01be2623897aae7ca5caf693e61929cc1 + 32c8d6ab6deddde0b6bde08e91ee78117e66518ce6f76facbea530dff658a733 + A utility to automatically install bundles from a directory. + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.felix.fileinstall + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + fileinstall + + + Manifest + bundle-docurl + http://felix.apache.org/site/apache-felix-file-install.html + + + Manifest + bundle-symbolicname + org.apache.felix.fileinstall + + + Manifest + implementation-url + http://felix.apache.org/site/apache-felix-file-install.html + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache.felix + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + apache.felix.fileinstall + + + pom + artifactid + org.apache.felix.fileinstall + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix File Install + + + pom + parent-artifactid + felix-parent + + + pom + url + http://felix.apache.org/site/apache-felix-file-install.html + + + file + name + org.apache.felix.fileinstall + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + fileinstall + + + Manifest + bundle-docurl + http://felix.apache.org/site/apache-felix-file-install.html + + + Manifest + Bundle-Name + Apache Felix File Install + + + Manifest + bundle-symbolicname + org.apache.felix.fileinstall + + + Manifest + Implementation-Title + Apache Felix File Install + + + Manifest + implementation-url + http://felix.apache.org/site/apache-felix-file-install.html + + + Manifest + specification-title + Apache Felix File Install + + + pom + artifactid + apache.felix.fileinstall + + + pom + artifactid + org.apache.felix.fileinstall + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix File Install + + + pom + parent-artifactid + felix-parent + + + pom + url + http://felix.apache.org/site/apache-felix-file-install.html + + + file + version + 3.7.4 + + + Manifest + Bundle-Version + 3.7.4 + + + Manifest + Implementation-Version + 3.7.4 + + + pom + parent-version + 3.7.4 + + + pom + version + 3.7.4 + + + + + pkg:maven/org.apache.felix/org.apache.felix.fileinstall@3.7.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.fileinstall@3.7.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.felix.framework-7.0.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.framework/7.0.5/org.apache.felix.framework-7.0.5.jar + 82e51fdc1bde2a02d69d6310a02a4620 + dd4cb10c68d9ceb7897e561be7c4c16d25347193 + aba72932c5ffe52d1ae9fb735415474bc8305fd04f050e851f3a8f67da1834fd + OSGi R8 framework implementation. + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + base-4.4.2.jar: org.apache.felix.framework-7.0.5.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/system/org/apache/felix/org.apache.felix.framework/7.0.5/org.apache.felix.framework-7.0.5.jar + aba72932c5ffe52d1ae9fb735415474bc8305fd04f050e851f3a8f67da1834fd + dd4cb10c68d9ceb7897e561be7c4c16d25347193 + 82e51fdc1bde2a02d69d6310a02a4620 + + + pkg:maven/org.apache.felix/org.apache.felix.framework@7.0.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.framework@7.0.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + org.apache.felix.framework + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + framework + + + Manifest + add-opens + java.base/java.net java.base/sun.net.www.protocol.file + java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http + java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar + java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto + java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.felix.framework + + + Manifest + provide-capability + + osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.felix.framework + + + pom + artifactid + org.apache.felix.framework + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Framework + + + pom + parent-artifactid + felix-parent + + + file + name + org.apache.felix.framework + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + filter + + + jar + package name + framework + + + jar + package name + osgi + + + jar + package name + packageadmin + + + jar + package name + service + + + jar + package name + startlevel + + + jar + package name + version + + + Manifest + add-opens + java.base/java.net java.base/sun.net.www.protocol.file + java.base/sun.net.www.protocol.ftp java.base/sun.net.www.protocol.http + java.base/sun.net.www.protocol.https java.base/sun.net.www.protocol.jar + java.base/sun.net.www.protocol.jmod java.base/sun.net.www.protocol.mailto + java.base/sun.net.www.protocol.jrt java.base/jdk.internal.loader java.base/java.security + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache Felix Framework + + + Manifest + bundle-symbolicname + org.apache.felix.framework + + + Manifest + provide-capability + + osgi.service;objectClass="org.osgi.service.packageadmin.PackageAdmin",osgi.service;objectClass="org.osgi.service.startlevel.StartLevel" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.felix.framework + + + pom + artifactid + org.apache.felix.framework + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Framework + + + pom + parent-artifactid + felix-parent + + + file + version + 7.0.5 + + + Manifest + Bundle-Version + 7.0.5 + + + pom + parent-version + 7.0.5 + + + pom + version + 7.0.5 + + + + + pkg:maven/org.apache.felix/org.apache.felix.framework@7.0.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.framework@7.0.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:sun:sun_ftp:7.0.5:*:*:*:*:*:*:* + + + + + org.apache.felix.utils-1.11.8.jar + + /var/lib/jenkins/.m2/repository/org/apache/felix/org.apache.felix.utils/1.11.8/org.apache.felix.utils-1.11.8.jar + 33d17db23165504cf8bc84c7ee09aeb2 + 4f4b4414c2ca9f7273c162d4e9aca16daab376a5 + 36d166cd01b1b369048ff741a1ca2c8e066482a619757c062d753e8c352d0cf2 + Utility classes for OSGi. + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.felix.utils + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + utils + + + Manifest + implementation-url + http://felix.apache.org/org.apache.felix.utils/ + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache.felix + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + apache.felix.utils + + + pom + artifactid + org.apache.felix.utils + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Utils + + + pom + parent-artifactid + felix-parent + + + file + name + org.apache.felix.utils + + + jar + package name + apache + + + jar + package name + felix + + + jar + package name + utils + + + Manifest + Implementation-Title + Apache Felix Utils + + + Manifest + implementation-url + http://felix.apache.org/org.apache.felix.utils/ + + + Manifest + specification-title + Apache Felix Utils + + + pom + artifactid + apache.felix.utils + + + pom + artifactid + org.apache.felix.utils + + + pom + groupid + org.apache.felix + + + pom + name + Apache Felix Utils + + + pom + parent-artifactid + felix-parent + + + file + version + 1.11.8 + + + Manifest + Implementation-Version + 1.11.8 + + + pom + parent-version + 1.11.8 + + + pom + version + 1.11.8 + + + + + pkg:maven/org.apache.felix/org.apache.felix.utils@1.11.8 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.felix/org.apache.felix.utils@1.11.8?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.config.core-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/config/org.apache.karaf.config.core/4.4.2/org.apache.karaf.config.core-4.4.2.jar + ac724fa83bab31f7a607653442c4ae65 + 027c99a1d5ce2050ee0bb84a52e651845c89092b + b6654ad7d89bc5c9f16fd89f769cf6fda7f869fb9c7caf8c3c511e3ffebed4db + This bundle provides Karaf services + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: org.apache.karaf.client-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/system/org/apache/karaf/org.apache.karaf.client/4.4.2/org.apache.karaf.client-4.4.2.jar + 44d88a6fb3b7d8bc84f7fdd68c1f0c2d19a3b014ed2ba8c29799db762aab5628 + 402b77750be5ee760b1cce4cfa83061ae5c35b0e + 8a72fd375de068b401f250a13953cd1e + + + pkg:maven/org.apache.karaf/org.apache.karaf.client@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf/org.apache.karaf.client@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar: org.apache.karaf.main-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/boot/org.apache.karaf.main-4.4.2.jar + 52ba5c2fd949ea76358c8dc3237e10397725f12a9f76257b23d283ffab048a1f + c16c9a1efd656af1dd8b7c92fbd0f6f2e2459710 + d4ca88a78d2d83ff6a10f633752a13d3 + + + pkg:maven/org.apache.karaf/org.apache.karaf.main@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf/org.apache.karaf.main@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar: org.apache.karaf.specs.activator-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/boot/org.apache.karaf.specs.activator-4.4.2.jar + f513aebafbc55df3c7c2cb03a87baa1e174207fb054e96621efb1b9c08ed9934 + 889ee728b7374c1c2637447a53ffcbfda7b748b2 + c8f5c1f97d2c74bb786ac3ef006b1789 + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.activator@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.activator@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar: org.apache.karaf.specs.java.xml-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.2.jar + 192ce3d9b1d50b8f8ef0d7c6daf40e0f907465915d2c4fbd684ad0dc74a7e9ac + 227d3a1e0f8f6c61bfbf00b736ce57cd0a6f5675 + 72c358abeb36bb576e89e0f550627196 + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar: org.apache.karaf.specs.java.xml.ws-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/endorsed/org.apache.karaf.specs.java.xml.ws-4.4.2.jar + a972f5c3b43fbf92e85fbcbe5daeba5372ad9d645ec216c6fdde33659a2ff312 + bc062447866d56d6e2a374f33b29b8ab8b3fe483 + 2dc171d800f111e48b1668aac19a114f + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml.ws@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml.ws@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + base-4.4.2.jar: org.apache.karaf.specs.locator-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/endorsed/org.apache.karaf.specs.locator-4.4.2.jar + d824c7637d18ee92d00541deead6132882b2bfc9ae997615c15bc12b679da0c0 + 614f62cc8c56d96755c20165d45044e33ad242f4 + 8f4733ebae45e5344899d1598620083f + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.locator@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.locator@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.client-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/org.apache.karaf.client/4.4.2/org.apache.karaf.client-4.4.2.jar + 44d88a6fb3b7d8bc84f7fdd68c1f0c2d19a3b014ed2ba8c29799db762aab5628 + 402b77750be5ee760b1cce4cfa83061ae5c35b0e + 8a72fd375de068b401f250a13953cd1e + + + pkg:maven/org.apache.karaf/org.apache.karaf.client@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf/org.apache.karaf.client@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.diagnostic.boot-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/diagnostic/org.apache.karaf.diagnostic.boot/4.4.2/org.apache.karaf.diagnostic.boot-4.4.2.jar + 004d17fc006134d48c46f742e0621d9e6ea6e4ca6ac8db57703086a59842f9bf + d841ba0b907f9a124a99dcd027d516b0e52a3d7a + 8fe95f518bceb2e2bc22424d2118d1cf + + + pkg:maven/org.apache.karaf.diagnostic/org.apache.karaf.diagnostic.boot@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.diagnostic/org.apache.karaf.diagnostic.boot@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.features.core-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/org.apache.karaf.features.core/4.4.2/org.apache.karaf.features.core-4.4.2.jar + f6b4981047afc9d06acc7f752ed7a0206565186ff0c9e76d7b096ce574322ab0 + d40328e16e3a2bcdfd6880a76324b76c61e800de + 94e611dfe80eacd937db1b90c1938cd8 + + + pkg:maven/org.apache.karaf.features/org.apache.karaf.features.core@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.features/org.apache.karaf.features.core@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.features.extension-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/org.apache.karaf.features.extension/4.4.2/org.apache.karaf.features.extension-4.4.2.jar + f382a74745a8f848dc4f104b7cff601a45c3191f1a744c9d295aa3db83c68d80 + 59d1ef169413adfeb9062c175d5036d85841e1eb + a0da2765a647385f70c5d78bc246960f + + + pkg:maven/org.apache.karaf.features/org.apache.karaf.features.extension@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.features/org.apache.karaf.features.extension@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.jaas.boot-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/jaas/org.apache.karaf.jaas.boot/4.4.2/org.apache.karaf.jaas.boot-4.4.2.jar + 39d463313936bd917ed08a06984f3e4d72c1e0c4099a9ea5b0ed6b0f5d8ab96a + 5efbabdcf34f8752b0d005acd3b7ef6714634dbb + bc418e34f6314f966fcd41517081ec84 + + + pkg:maven/org.apache.karaf.jaas/org.apache.karaf.jaas.boot@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.jaas/org.apache.karaf.jaas.boot@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.main-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/org.apache.karaf.main/4.4.2/org.apache.karaf.main-4.4.2.jar + 52ba5c2fd949ea76358c8dc3237e10397725f12a9f76257b23d283ffab048a1f + c16c9a1efd656af1dd8b7c92fbd0f6f2e2459710 + d4ca88a78d2d83ff6a10f633752a13d3 + + + pkg:maven/org.apache.karaf/org.apache.karaf.main@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf/org.apache.karaf.main@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.specs.activator-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/specs/org.apache.karaf.specs.activator/4.4.2/org.apache.karaf.specs.activator-4.4.2.jar + f513aebafbc55df3c7c2cb03a87baa1e174207fb054e96621efb1b9c08ed9934 + 889ee728b7374c1c2637447a53ffcbfda7b748b2 + c8f5c1f97d2c74bb786ac3ef006b1789 + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.activator@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.activator@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.specs.java.xml-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/specs/org.apache.karaf.specs.java.xml/4.4.2/org.apache.karaf.specs.java.xml-4.4.2.jar + 192ce3d9b1d50b8f8ef0d7c6daf40e0f907465915d2c4fbd684ad0dc74a7e9ac + 227d3a1e0f8f6c61bfbf00b736ce57cd0a6f5675 + 72c358abeb36bb576e89e0f550627196 + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.specs.java.xml.ws-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/specs/org.apache.karaf.specs.java.xml.ws/4.4.2/org.apache.karaf.specs.java.xml.ws-4.4.2.jar + a972f5c3b43fbf92e85fbcbe5daeba5372ad9d645ec216c6fdde33659a2ff312 + bc062447866d56d6e2a374f33b29b8ab8b3fe483 + 2dc171d800f111e48b1668aac19a114f + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml.ws@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml.ws@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.specs.locator-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/specs/org.apache.karaf.specs.locator/4.4.2/org.apache.karaf.specs.locator-4.4.2.jar + d824c7637d18ee92d00541deead6132882b2bfc9ae997615c15bc12b679da0c0 + 614f62cc8c56d96755c20165d45044e33ad242f4 + 8f4733ebae45e5344899d1598620083f + + + pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.locator@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.locator@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.karaf.util-4.4.2.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/org.apache.karaf.util/4.4.2/org.apache.karaf.util-4.4.2.jar + cb880d7cb63390224e8b49308d2690a8e6873b97e50f5b16ba3e69da5d28abce + 24842905ebe88e935ba5b71682d7ff20a3cec82c + 160e62b8e464a90a20bbba4f139225dd + + + pkg:maven/org.apache.karaf/org.apache.karaf.util@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf/org.apache.karaf.util@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + org.apache.karaf.config.core + + + jar + package name + apache + + + jar + package name + config + + + jar + package name + core + + + jar + package name + karaf + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://karaf.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.karaf.config.core + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass="org.apache.karaf.config.core.ConfigRepository",osgi.service;effective:=active;objectClass="org.osgi.service.cm.ConfigurationPlugin",osgi.service;effective:=active;objectClass="org.apache.felix.fileinstall.ArtifactInstaller",osgi.service;effective:=active;objectClass="org.osgi.service.cm.ConfigurationListener" + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.karaf.config.core + + + pom + artifactid + org.apache.karaf.config.core + + + pom + groupid + org.apache.karaf.config + + + pom + name + Apache Karaf :: ConfigAdmin :: Core + + + pom + parent-artifactid + karaf + + + pom + parent-groupid + org.apache.karaf + + + file + name + org.apache.karaf.config.core + + + jar + package name + apache + + + jar + package name + config + + + jar + package name + core + + + jar + package name + felix + + + jar + package name + karaf + + + jar + package name + version + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://karaf.apache.org/ + + + Manifest + Bundle-Name + Apache Karaf :: ConfigAdmin :: Core + + + Manifest + bundle-symbolicname + org.apache.karaf.config.core + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass="org.apache.karaf.config.core.ConfigRepository",osgi.service;effective:=active;objectClass="org.osgi.service.cm.ConfigurationPlugin",osgi.service;effective:=active;objectClass="org.apache.felix.fileinstall.ArtifactInstaller",osgi.service;effective:=active;objectClass="org.osgi.service.cm.ConfigurationListener" + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.osgi.service.cm.ConfigurationAdmin)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.karaf.config.core + + + pom + artifactid + org.apache.karaf.config.core + + + pom + groupid + org.apache.karaf.config + + + pom + name + Apache Karaf :: ConfigAdmin :: Core + + + pom + parent-artifactid + karaf + + + pom + parent-groupid + org.apache.karaf + + + file + version + 4.4.2 + + + Manifest + Bundle-Version + 4.4.2 + + + pom + version + 4.4.2 + + + + + pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@4.4.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@4.4.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:karaf:4.4.2:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Akaraf&cpe_version=cpe%3A%2F%3Aapache%3Akaraf%3A4.4.2 + + + + + org.apache.karaf.shell.core-4.3.7.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/shell/org.apache.karaf.shell.core/4.3.7/org.apache.karaf.shell.core-4.3.7.jar + 7735daf38443dae52fc5731770d56716 + 3af8f92172a5c24d2c2af59efb775827af9ff095 + bf25cde68271e441ff2b50d2b1dff233f4f859fdfade333e014cddbb5e50905f + This bundle provides OSGi shell integration and console support. + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.karaf.shell.core + + + jar + package name + apache + + + jar + package name + karaf + + + jar + package name + shell + + + jar + package name + support + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://karaf.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.karaf.shell.core + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass="org.apache.karaf.shell.api.console.SessionFactory",org.apache.felix.gogo;org.apache.felix.gogo="command.implementation";version:Version="1.0.0",org.apache.felix.gogo;org.apache.felix.gogo="runtime.implementation";version:Version="1.0.0",org.apache.felix.gogo;org.apache.felix.gogo="shell.implementation";version:Version="1.0.0";implementation.name="gogo.jline",osgi.service;objectClass="org.apache.felix.service.command.CommandProcessor",osgi.service;objectClass="org.apache.felix.service.threadio.ThreadIO" + + + Manifest + require-capability + + org.apache.felix.gogo;filter:="(&(org.apache.felix.gogo=command.implementation)(version>=1.0.0)(!(version>=2.0.0)))";effective:=active,org.apache.felix.gogo;filter:="(&(org.apache.felix.gogo=shell.implementation)(version>=1.0.0)(!(version>=2.0.0)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + apache.karaf.shell.core + + + pom + artifactid + org.apache.karaf.shell.core + + + pom + groupid + org.apache.karaf.shell + + + pom + name + Apache Karaf :: Shell :: Core + + + pom + parent-artifactid + shell + + + file + name + org.apache.karaf.shell.core + + + jar + package name + apache + + + jar + package name + api + + + jar + package name + command + + + jar + package name + felix + + + jar + package name + gogo + + + jar + package name + jline + + + jar + package name + karaf + + + jar + package name + runtime + + + jar + package name + service + + + jar + package name + shell + + + jar + package name + support + + + jar + package name + threadio + + + jar + package name + version + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + http://karaf.apache.org/ + + + Manifest + Bundle-Name + Apache Karaf :: Shell :: Core + + + Manifest + bundle-symbolicname + org.apache.karaf.shell.core + + + Manifest + Implementation-Title + Apache Karaf :: Shell :: Core + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass="org.apache.karaf.shell.api.console.SessionFactory",org.apache.felix.gogo;org.apache.felix.gogo="command.implementation";version:Version="1.0.0",org.apache.felix.gogo;org.apache.felix.gogo="runtime.implementation";version:Version="1.0.0",org.apache.felix.gogo;org.apache.felix.gogo="shell.implementation";version:Version="1.0.0";implementation.name="gogo.jline",osgi.service;objectClass="org.apache.felix.service.command.CommandProcessor",osgi.service;objectClass="org.apache.felix.service.threadio.ThreadIO" + + + Manifest + require-capability + + org.apache.felix.gogo;filter:="(&(org.apache.felix.gogo=command.implementation)(version>=1.0.0)(!(version>=2.0.0)))";effective:=active,org.apache.felix.gogo;filter:="(&(org.apache.felix.gogo=shell.implementation)(version>=1.0.0)(!(version>=2.0.0)))";effective:=active,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Karaf :: Shell :: Core + + + pom + artifactid + apache.karaf.shell.core + + + pom + artifactid + org.apache.karaf.shell.core + + + pom + groupid + org.apache.karaf.shell + + + pom + name + Apache Karaf :: Shell :: Core + + + pom + parent-artifactid + shell + + + file + version + 4.3.7 + + + Manifest + Bundle-Version + 4.3.7 + + + Manifest + Implementation-Version + 4.3.7 + + + pom + version + 4.3.7 + + + + + pkg:maven/org.apache.karaf.shell/org.apache.karaf.shell.core@4.3.7 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.karaf.shell/org.apache.karaf.shell.core@4.3.7?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:karaf:4.3.7:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Akaraf&cpe_version=cpe%3A%2F%3Aapache%3Akaraf%3A4.3.7 + + + + + org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar (shaded: + jakarta.activation:jakarta.activation-api:1.2.1) + + /var/lib/jenkins/.m2/repository/org/apache/servicemix/specs/org.apache.servicemix.specs.activation-api-1.2.1/1.2.1_3/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar/META-INF/maven/jakarta.activation/jakarta.activation-api/pom.xml + 70bac9dbf001350891ba8d66da2e5f75 + b9c1b2502949970360efe8d75ec5268d87d38a82 + 42585cb07dda7f23aa04eb5e0940061944a246a67ad3d16942fbe569ff03cd31 + + Business Process Center - Runtime Environment:runtime + + + + base-4.4.2.jar: org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + (shaded: jakarta.activation:jakarta.activation-api:1.2.1) + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar/META-INF/maven/jakarta.activation/jakarta.activation-api/pom.xml + 42585cb07dda7f23aa04eb5e0940061944a246a67ad3d16942fbe569ff03cd31 + b9c1b2502949970360efe8d75ec5268d87d38a82 + 70bac9dbf001350891ba8d66da2e5f75 + + + pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + pom + artifactid + jakarta.activation-api + + + pom + groupid + jakarta.activation + + + pom + name + JavaBeans Activation Framework API jar + + + pom + parent-artifactid + all + + + pom + parent-groupid + com.sun.activation + + + pom + artifactid + jakarta.activation-api + + + pom + groupid + jakarta.activation + + + pom + name + JavaBeans Activation Framework API jar + + + pom + parent-artifactid + all + + + pom + parent-groupid + com.sun.activation + + + pom + version + 1.2.1 + + + + + pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 + + https://ossindex.sonatype.org/component/pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar (shaded: + org.apache.servicemix.specs:org.apache.servicemix.specs.locator:2.10) + + /var/lib/jenkins/.m2/repository/org/apache/servicemix/specs/org.apache.servicemix.specs.activation-api-1.2.1/1.2.1_3/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar/META-INF/maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator/pom.xml + 2f892780d0b0730df74de29e13e4b608 + 1de5bdbac02ed09a54a698df1b7a256f3c21ed28 + 5bcf21c3d9be61959baeda7ee1e9fd896af595a9ede2c78217d1532fec104013 + + Business Process Center - Runtime Environment:runtime + + + + base-4.4.2.jar: org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + (shaded: org.apache.servicemix.specs:org.apache.servicemix.specs.locator:2.10) + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar/META-INF/maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator/pom.xml + 5bcf21c3d9be61959baeda7ee1e9fd896af595a9ede2c78217d1532fec104013 + 1de5bdbac02ed09a54a698df1b7a256f3c21ed28 + 2f892780d0b0730df74de29e13e4b608 + + + pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator@2.10 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator@2.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + pom + artifactid + apache.servicemix.specs.locator + + + pom + groupid + org.apache.servicemix.specs + + + pom + name + Apache ServiceMix :: Specs :: Locator + + + pom + parent-artifactid + specs-pom + + + pom + artifactid + apache.servicemix.specs.locator + + + pom + groupid + org.apache.servicemix.specs + + + pom + name + Apache ServiceMix :: Specs :: Locator + + + pom + parent-artifactid + specs-pom + + + pom + parent-version + 2.10 + + + pom + version + 2.10 + + + + + pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator@2.10 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.locator@2.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:2.10:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aservice_project&cpe_product=cpe%3A%2F%3Aservice_project%3Aservice&cpe_version=cpe%3A%2F%3Aservice_project%3Aservice%3A2.10 + + + + + org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + + /var/lib/jenkins/.m2/repository/org/apache/servicemix/specs/org.apache.servicemix.specs.activation-api-1.2.1/1.2.1_3/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + a56cc27373f2a74f3829dd3e368e0cc0 + 1990267c85546fff9dc1585b5782eb67230b1df2 + a01eaa3de604558252893a5fb73bcec8f5463f8e87a4106f4c9c4f325e675fde + This pom provides project information that is common to all ServiceMix branches. + http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:runtime + + + + base-4.4.2.jar: org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3.jar + a01eaa3de604558252893a5fb73bcec8f5463f8e87a4106f4c9c4f325e675fde + 1990267c85546fff9dc1585b5782eb67230b1df2 + a56cc27373f2a74f3829dd3e368e0cc0 + + + + pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.activation-api-1.2.1@1.2.1_3 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.activation-api-1.2.1@1.2.1_3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3 + + + jar + package name + activation + + + jar + package name + apache + + + jar + package name + servicemix + + + jar + package name + specs + + + Manifest + bundle-docurl + http://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.servicemix.specs.activation-api-1.2.1 + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.servicemix.specs.activation-api-1.2.1 + + + pom + artifactid + org.apache.servicemix.specs.activation-api-1.2.1 + + + pom + groupid + org.apache.servicemix.specs + + + pom + name + Apache ServiceMix :: Specs :: Activation API 1.2.1 + + + pom + parent-artifactid + specs-pom + + + file + name + org.apache.servicemix.specs.activation-api-1.2.1-1.2.1_3 + + + jar + package name + activation + + + jar + package name + apache + + + jar + package name + servicemix + + + jar + package name + specs + + + Manifest + bundle-docurl + http://www.apache.org/ + + + Manifest + Bundle-Name + Apache ServiceMix :: Specs :: Activation API 1.2.1 + + + Manifest + bundle-symbolicname + org.apache.servicemix.specs.activation-api-1.2.1 + + + Manifest + Implementation-Title + Apache ServiceMix + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + apache.servicemix.specs.activation-api-1.2.1 + + + pom + artifactid + org.apache.servicemix.specs.activation-api-1.2.1 + + + pom + groupid + org.apache.servicemix.specs + + + pom + name + Apache ServiceMix :: Specs :: Activation API 1.2.1 + + + pom + parent-artifactid + specs-pom + + + Manifest + Implementation-Version + 1.2.1_3 + + + pom + parent-version + 1.2.1_3 + + + pom + version + 1.2.1_3 + + + + + + pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.activation-api-1.2.1@1.2.1_3 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.servicemix.specs/org.apache.servicemix.specs.activation-api-1.2.1@1.2.1_3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:1.2.1.3:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aservice_project&cpe_product=cpe%3A%2F%3Aservice_project%3Aservice&cpe_version=cpe%3A%2F%3Aservice_project%3Aservice%3A1.2.1.3 + + + + + org.apache.sling.commons.johnzon-1.2.14.jar + + /var/lib/jenkins/.m2/repository/org/apache/sling/org.apache.sling.commons.johnzon/1.2.14/org.apache.sling.commons.johnzon-1.2.14.jar + 80730e0fa894c28a8e654adde9577aed + b702a268275aebbc7c01971162a7faf2b0841b50 + efca1eacadb072fb9588dd00934fd1418bce6c6b3fdc3835c2a0ca8ab17f663a + Apache Johnzon powered javax.json library + "Apache License, Version + 2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt" + + Business Process Center - Runtime Environment:compile + + + + file + name + org.apache.sling.commons.johnzon + + + jar + package name + apache + + + jar + package name + javax + + + jar + package name + johnzon + + + jar + package name + json + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-category + sling + + + Manifest + bundle-developers + sling;name="Apache Sling Project" + + + Manifest + bundle-docurl + https://sling.apache.org + + + Manifest + bundle-symbolicname + org.apache.sling.commons.johnzon + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSONP;uses:="javax.json,javax.json.spi,javax.json.stream";version:List="1.1,1.0" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + apache.sling.commons.johnzon + + + pom + artifactid + org.apache.sling.commons.johnzon + + + pom + groupid + org.apache.sling + + + pom + name + Apache Sling Commons Johnzon Wrapper Library + + + pom + parent-artifactid + sling-bundle-parent + + + file + name + org.apache.sling.commons.johnzon + + + jar + package name + apache + + + jar + package name + javax + + + jar + package name + johnzon + + + jar + package name + json + + + jar + package name + spi + + + jar + package name + stream + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-category + sling + + + Manifest + bundle-developers + sling;name="Apache Sling Project" + + + Manifest + bundle-docurl + https://sling.apache.org + + + Manifest + Bundle-Name + Apache Sling Commons Johnzon Wrapper Library + + + Manifest + bundle-symbolicname + org.apache.sling.commons.johnzon + + + Manifest + Implementation-Title + Apache Sling Commons Johnzon Wrapper Library + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSONP;uses:="javax.json,javax.json.spi,javax.json.stream";version:List="1.1,1.0" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Sling Commons Johnzon Wrapper Library + + + pom + artifactid + apache.sling.commons.johnzon + + + pom + artifactid + org.apache.sling.commons.johnzon + + + pom + groupid + org.apache.sling + + + pom + name + Apache Sling Commons Johnzon Wrapper Library + + + pom + parent-artifactid + sling-bundle-parent + + + file + version + 1.2.14 + + + Manifest + Bundle-Version + 1.2.14 + + + Manifest + Implementation-Version + 1.2.14 + + + pom + parent-version + 1.2.14 + + + pom + version + 1.2.14 + + + + + pkg:maven/org.apache.sling/org.apache.sling.commons.johnzon@1.2.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.sling/org.apache.sling.commons.johnzon@1.2.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:1.2.14:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_net&cpe_version=cpe%3A%2F%3Aapache%3Acommons_net%3A1.2.14 + + + cpe:2.3:a:apache:sling:1.2.14:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Asling&cpe_version=cpe%3A%2F%3Aapache%3Asling%3A1.2.14 + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + org.eclipse.osgi-3.18.0.jar + + /var/lib/jenkins/.m2/repository/org/eclipse/platform/org.eclipse.osgi/3.18.0/org.eclipse.osgi-3.18.0.jar + 6c4dac085d3b857724a1ff77ecf8ad55 + 6f5d53b49a1f60559b39df01a16ac05e8cd13d75 + e4feacfbe8843b67608beeaff8a9513654902767999d6e3de941c6d4b85c9a1e + OSGi System Bundle + + %systemBundle + Eclipse Public License - v 2.0: https://www.eclipse.org/legal/epl-2.0/ + + Business Process Center - Runtime Environment:runtime + + + + base-4.4.2.jar: org.eclipse.osgi-3.18.0.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/system/org/eclipse/platform/org.eclipse.osgi/3.18.0/org.eclipse.osgi-3.18.0.jar + e4feacfbe8843b67608beeaff8a9513654902767999d6e3de941c6d4b85c9a1e + 6f5d53b49a1f60559b39df01a16ac05e8cd13d75 + 6c4dac085d3b857724a1ff77ecf8ad55 + + + + + file + name + org.eclipse.osgi + + + jar + package name + bundle + + + jar + package name + eclipse + + + jar + package name + osgi + + + Manifest + automatic-module-name + org.eclipse.osgi + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + %copyright + + + Manifest + bundle-docurl + http://www.eclipse.org + + + Manifest + bundle-localization + systembundle + + + Manifest + bundle-symbolicname + org.eclipse.osgi; singleton:=true + + + Manifest + eclipse-bundleshape + jar + + + Manifest + eclipse-extensibleapi + true + + + Manifest + eclipse-systembundle + true + + + Manifest + provide-capability + osgi.service; + objectClass:List="org.osgi.service.log.LogReaderService,org.eclipse.equinox.log.ExtendedLogReaderService"; + uses:="org.osgi.service.log",osgi.service; + objectClass:List="org.osgi.service.log.LoggerFactory,org.osgi.service.log.LogService,org.eclipse.equinox.log.ExtendedLogService"; + uses:="org.osgi.service.log",osgi.service; + objectClass:List="org.osgi.service.log.admin.LoggerAdmin"; + uses:="org.osgi.service.log.admin",osgi.service; + objectClass:List="org.eclipse.osgi.framework.log.FrameworkLog"; + uses:="",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.user.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.instance.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.configuration.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.install.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="eclipse.home.location"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.environment.EnvironmentInfo"; + uses:="org.eclipse.osgi.service.environment",osgi.service; + objectClass:List="org.osgi.service.packageadmin.PackageAdmin"; + uses:="org.osgi.service.packageadmin",osgi.service; + objectClass:List="org.osgi.service.startlevel.StartLevel"; + uses:="org.osgi.service.startlevel",osgi.service; + objectClass:List="org.osgi.service.permissionadmin.PermissionAdmin"; + uses:="org.osgi.service.permissionadmin",osgi.service; + objectClass:List="org.osgi.service.condpermadmin.ConditionalPermissionAdmin"; + uses:="org.osgi.service.condpermadmin",osgi.service; + objectClass:List="org.osgi.service.resolver.Resolver"; + uses:="org.osgi.service.resolver",osgi.service; + objectClass:List="org.eclipse.osgi.service.debug.DebugOptions"; + uses:="org.eclipse.osgi.service.debug",osgi.service; + objectClass:List="org.eclipse.osgi.service.urlconversion.URLConverter"; + uses:="org.eclipse.osgi.service.urlconversion",osgi.service; + objectClass:List="org.eclipse.osgi.service.localization.BundleLocalization"; + uses:="org.eclipse.osgi.service.localization",osgi.service; + objectClass:List="org.eclipse.osgi.service.security.TrustEngine"; + uses:="org.eclipse.osgi.service.security",osgi.service; + objectClass:List="org.eclipse.osgi.signedcontent.SignedContentFactory"; + uses:="org.eclipse.osgi.signedcontent",osgi.service; + objectClass:List="org.osgi.service.condition.Condition"; + osgi.condition.id="true"; uses:="org.osgi.service.condition" + + + Manifest + require-capability + osgi.ee; filter:="(| (&(osgi.ee=JavaSE)(version=1.8)) + (&(osgi.ee=JavaSE/compact1)(version=1.8)) )" + + + pom + artifactid + eclipse.osgi + + + pom + artifactid + org.eclipse.osgi + + + pom + groupid + org.eclipse.platform + + + pom + name + OSGi System Bundle + + + pom + organization name + Eclipse Foundation + + + pom + organization url + http://www.eclipse.org/ + + + pom + url + http://www.eclipse.org/platform + + + file + name + org.eclipse.osgi + + + jar + package name + admin + + + jar + package name + bundle + + + jar + package name + conditionalpermissionadmin + + + jar + package name + condpermadmin + + + jar + package name + datalocation + + + jar + package name + debug + + + jar + package name + eclipse + + + jar + package name + environment + + + jar + package name + equinox + + + jar + package name + extendedlogreaderservice + + + jar + package name + extendedlogservice + + + jar + package name + filter + + + jar + package name + framework + + + jar + package name + localization + + + jar + package name + log + + + jar + package name + loggerfactory + + + jar + package name + logreaderservice + + + jar + package name + logservice + + + jar + package name + osgi + + + jar + package name + packageadmin + + + jar + package name + permissionadmin + + + jar + package name + resolver + + + jar + package name + security + + + jar + package name + service + + + jar + package name + signedcontent + + + jar + package name + signedcontentfactory + + + jar + package name + startlevel + + + jar + package name + urlconversion + + + jar + package name + version + + + Manifest + automatic-module-name + org.eclipse.osgi + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-copyright + %copyright + + + Manifest + bundle-docurl + http://www.eclipse.org + + + Manifest + bundle-localization + systembundle + + + Manifest + Bundle-Name + %systemBundle + + + Manifest + bundle-symbolicname + org.eclipse.osgi; singleton:=true + + + Manifest + eclipse-bundleshape + jar + + + Manifest + eclipse-extensibleapi + true + + + Manifest + eclipse-systembundle + true + + + Manifest + provide-capability + osgi.service; + objectClass:List="org.osgi.service.log.LogReaderService,org.eclipse.equinox.log.ExtendedLogReaderService"; + uses:="org.osgi.service.log",osgi.service; + objectClass:List="org.osgi.service.log.LoggerFactory,org.osgi.service.log.LogService,org.eclipse.equinox.log.ExtendedLogService"; + uses:="org.osgi.service.log",osgi.service; + objectClass:List="org.osgi.service.log.admin.LoggerAdmin"; + uses:="org.osgi.service.log.admin",osgi.service; + objectClass:List="org.eclipse.osgi.framework.log.FrameworkLog"; + uses:="",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.user.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.instance.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.configuration.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="osgi.install.area"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.datalocation.Location"; + type="eclipse.home.location"; + uses:="org.eclipse.osgi.service.datalocation",osgi.service; + objectClass:List="org.eclipse.osgi.service.environment.EnvironmentInfo"; + uses:="org.eclipse.osgi.service.environment",osgi.service; + objectClass:List="org.osgi.service.packageadmin.PackageAdmin"; + uses:="org.osgi.service.packageadmin",osgi.service; + objectClass:List="org.osgi.service.startlevel.StartLevel"; + uses:="org.osgi.service.startlevel",osgi.service; + objectClass:List="org.osgi.service.permissionadmin.PermissionAdmin"; + uses:="org.osgi.service.permissionadmin",osgi.service; + objectClass:List="org.osgi.service.condpermadmin.ConditionalPermissionAdmin"; + uses:="org.osgi.service.condpermadmin",osgi.service; + objectClass:List="org.osgi.service.resolver.Resolver"; + uses:="org.osgi.service.resolver",osgi.service; + objectClass:List="org.eclipse.osgi.service.debug.DebugOptions"; + uses:="org.eclipse.osgi.service.debug",osgi.service; + objectClass:List="org.eclipse.osgi.service.urlconversion.URLConverter"; + uses:="org.eclipse.osgi.service.urlconversion",osgi.service; + objectClass:List="org.eclipse.osgi.service.localization.BundleLocalization"; + uses:="org.eclipse.osgi.service.localization",osgi.service; + objectClass:List="org.eclipse.osgi.service.security.TrustEngine"; + uses:="org.eclipse.osgi.service.security",osgi.service; + objectClass:List="org.eclipse.osgi.signedcontent.SignedContentFactory"; + uses:="org.eclipse.osgi.signedcontent",osgi.service; + objectClass:List="org.osgi.service.condition.Condition"; + osgi.condition.id="true"; uses:="org.osgi.service.condition" + + + Manifest + require-capability + osgi.ee; filter:="(| (&(osgi.ee=JavaSE)(version=1.8)) + (&(osgi.ee=JavaSE/compact1)(version=1.8)) )" + + + pom + artifactid + eclipse.osgi + + + pom + artifactid + org.eclipse.osgi + + + pom + groupid + org.eclipse.platform + + + pom + name + OSGi System Bundle + + + pom + organization name + Eclipse Foundation + + + pom + organization url + http://www.eclipse.org/ + + + pom + url + http://www.eclipse.org/platform + + + file + version + 3.18.0 + + + pom + version + 3.18.0 + + + + + pkg:maven/org.eclipse.platform/org.eclipse.osgi@3.18.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.platform/org.eclipse.osgi@3.18.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:eclipse:equinox:3.18.0:*:*:*:*:*:*:* + + + cpe:2.3:a:eclipse:platform:3.18.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aeclipse&cpe_product=cpe%3A%2F%3Aeclipse%3Aplatform&cpe_version=cpe%3A%2F%3Aeclipse%3Aplatform%3A3.18.0 + + + + + CVE-2021-41033 + HIGH + + 6.8 + NETWORK + MEDIUM + NONE + PARTIAL + PARTIAL + PARTIAL + MEDIUM + 2.0 + 8.6 + 6.4 + + + 8.1 + NETWORK + HIGH + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + HIGH + 2.2 + 5.9 + 3.1 + + + NVD-CWE-noinfo + + In all released versions of Eclipse Equinox, at least until version 4.21 + (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 + repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and + entirely alter the local installation, particularly by installing plug-ins that may then + run malicious code. + + + CONFIRM + https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688 + https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688 + + + + + cpe:2.3:a:eclipse:equinox:*:*:*:*:*:*:*:* + cpe:2.3:a:eclipse:equinox:4.21:*:*:*:*:*:*:* + + + + CVE-2020-27225 + HIGH + + 4.6 + LOCAL + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + MEDIUM + 2.0 + 3.9 + 6.4 + + + 7.8 + LOCAL + LOW + LOW + NONE + UNCHANGED + HIGH + HIGH + HIGH + HIGH + 1.8 + 5.9 + 3.1 + + + CWE-306 + + In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does + not authenticate active help requests to the local help web server, allowing an + unauthenticated local attacker to issue active help commands to the associated Eclipse + Platform process or Eclipse Rich Client Platform process. + + + CONFIRM + https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 + https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 + + + + + cpe:2.3:a:eclipse:platform:*:*:*:*:*:*:*:* + + + + + + org.osgi.annotation.versioning-1.1.1.jar + + /var/lib/jenkins/.m2/repository/org/osgi/org.osgi.annotation.versioning/1.1.1/org.osgi.annotation.versioning-1.1.1.jar + 262ce07ff1239ca544f06c6c43bd5db9 + 59536790b38c44f37b7edab009f283165c888444 + 5bc5c80fd01fc7373d21a5f69df2747a7550c2896faaf0d55d1768a9c745c0a9 + OSGi Companion Code for org.osgi.annotation.versioning Version 1.1.1 + Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + org.osgi.annotation.versioning + + + jar + package name + annotation + + + jar + package name + osgi + + + jar + package name + versioning + + + Manifest + automatic-module-name + org.osgi.annotation.versioning + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2020). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + bundle-symbolicname + org.osgi.annotation.versioning + + + Manifest + git-descriptor + r8-core-final + + + Manifest + git-sha + 6eee417af367c749a6f84a11239d94cc63f6bdcb + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact1)(version=1.8))" + + + pom + artifactid + org.osgi.annotation.versioning + + + pom + artifactid + osgi.annotation.versioning + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:org.osgi.annotation.versioning + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + name + org.osgi.annotation.versioning + + + jar + package name + annotation + + + jar + package name + osgi + + + jar + package name + version + + + jar + package name + versioning + + + Manifest + automatic-module-name + org.osgi.annotation.versioning + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2020). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + Bundle-Name + org.osgi:org.osgi.annotation.versioning + + + Manifest + bundle-symbolicname + org.osgi.annotation.versioning + + + Manifest + git-descriptor + r8-core-final + + + Manifest + git-sha + 6eee417af367c749a6f84a11239d94cc63f6bdcb + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact1)(version=1.8))" + + + pom + artifactid + org.osgi.annotation.versioning + + + pom + artifactid + osgi.annotation.versioning + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:org.osgi.annotation.versioning + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + version + 1.1.1 + + + pom + version + 1.1.1 + + + + + pkg:maven/org.osgi/org.osgi.annotation.versioning@1.1.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/org.osgi.annotation.versioning@1.1.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.osgi.compendium-5.0.0.jar + + /var/lib/jenkins/.m2/repository/org/osgi/org.osgi.compendium/5.0.0/org.osgi.compendium-5.0.0.jar + 9536e0ce63ca8c06eacec820c88fccf7 + 9d7a9c35591f6fa1c98ac85af32775c12361aee4 + f1ef32cc1530f4e66aac606c24363b627ace4780a7737b045bfb3b908d801bcd + + OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles. + + + Apache License, Version 2.0 + : + http://opensource.org/licenses/apache2.0.php + + + Business Process Center - Runtime Environment:runtime + + + + file + name + org.osgi.compendium + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved. + + + Manifest + bundle-symbolicname + osgi.cmpn + + + pom + artifactid + org.osgi.compendium + + + pom + artifactid + org.osgi.compendium + + + pom + developer email + davidb@apache.org + + + pom + developer id + davidb@apache.org + + + pom + developer name + davidb + + + pom + developer org + apache + + + pom + groupid + org.osgi + + + pom + groupid + org.osgi + + + pom + name + osgi.cmpn + + + pom + organization name + OSGi Alliance + + + pom + organization url + http://www.osgi.org + + + pom + url + http://www.osgi.org + + + file + name + org.osgi.compendium + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved. + + + Manifest + Bundle-Name + osgi.cmpn + + + Manifest + bundle-symbolicname + osgi.cmpn + + + pom + artifactid + org.osgi.compendium + + + pom + artifactid + org.osgi.compendium + + + pom + developer email + davidb@apache.org + + + pom + developer id + davidb@apache.org + + + pom + developer name + davidb + + + pom + developer org + apache + + + pom + groupid + org.osgi + + + pom + name + osgi.cmpn + + + pom + organization name + OSGi Alliance + + + pom + organization url + http://www.osgi.org + + + pom + url + http://www.osgi.org + + + pom + version + 5.0.0 + + + + + pkg:maven/org.osgi/org.osgi.compendium@5.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/org.osgi.compendium@5.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + org.osgi.core-6.0.0.jar + /var/lib/jenkins/.m2/repository/org/osgi/org.osgi.core/6.0.0/org.osgi.core-6.0.0.jar + cae291c61fe8b7a4476d713550c7ff49 + 0c49acdc9ac62cf69ee49cb6f1905b4fdb79ea5c + 1c1bb435eb34cbf1f743653da38f604d45d53fbc95979053768cd3fc293cb931 + OSGi Core Release 6, Interfaces and Classes for use in compiling bundles. + Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:runtime + + + + file + name + org.osgi.core + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2014). All Rights Reserved. + + + Manifest + bundle-symbolicname + osgi.core + + + pom + artifactid + org.osgi.core + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer name + OSGi Alliance + + + pom + groupid + org.osgi + + + pom + name + org.osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + http://www.osgi.org + + + pom + url + http://www.osgi.org + + + file + name + org.osgi.core + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2014). All Rights Reserved. + + + Manifest + Bundle-Name + osgi.core + + + Manifest + bundle-symbolicname + osgi.core + + + pom + artifactid + org.osgi.core + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer name + OSGi Alliance + + + pom + groupid + org.osgi + + + pom + name + org.osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + http://www.osgi.org + + + pom + url + http://www.osgi.org + + + file + version + 6.0.0 + + + pom + version + 6.0.0 + + + + + pkg:maven/org.osgi/org.osgi.core@6.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/org.osgi.core@6.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + osgi.annotation-7.0.0.jar + + /var/lib/jenkins/.m2/repository/org/osgi/osgi.annotation/7.0.0/osgi.annotation-7.0.0.jar + 4cf01e7378d9a9c047864712c2dd078b + c8c21fdf695aa93d8df0547c15fb6b52f3395787 + d5f4083cc4c781a3b12832a5fafd7c5536ba4bdd31f411a8cd5c93b73370d70c + OSGi Annotation Release 7, Annotations for use in compiling bundles + Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + osgi.annotation + + + jar + package name + annotation + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + bundle-symbolicname + osgi.annotation + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + osgi.annotation + + + pom + artifactid + osgi.annotation + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.annotation + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + name + osgi.annotation + + + jar + package name + annotation + + + jar + package name + osgi + + + jar + package name + version + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + Bundle-Name + org.osgi:osgi.annotation + + + Manifest + bundle-symbolicname + osgi.annotation + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + osgi.annotation + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.annotation + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + version + 7.0.0 + + + pom + version + 7.0.0 + + + + + pkg:maven/org.osgi/osgi.annotation@7.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/osgi.annotation@7.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + osgi.cmpn-7.0.0.jar + /var/lib/jenkins/.m2/repository/org/osgi/osgi.cmpn/7.0.0/osgi.cmpn-7.0.0.jar + bc6bd0fe88a2d543d6477e611865a01b + 4fa9f239a60aeca4a27648df329d112d562a350c + 8e6445afe1abb3dcd43c60c8cd6c0f15b052a8f4228812559ba521c5ce91db34 + OSGi Compendium Release 7, Interfaces and Classes for use in compiling bundles + Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + osgi.cmpn + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + bundle-symbolicname + osgi.cmpn + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact2)(version=1.8))" + + + pom + artifactid + osgi.cmpn + + + pom + artifactid + osgi.cmpn + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.cmpn + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + name + osgi.cmpn + + + jar + package name + osgi + + + jar + package name + unresolvable + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + Bundle-Name + org.osgi:osgi.cmpn + + + Manifest + bundle-symbolicname + osgi.cmpn + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE/compact2)(version=1.8))" + + + pom + artifactid + osgi.cmpn + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.cmpn + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + version + 7.0.0 + + + pom + version + 7.0.0 + + + + + pkg:maven/org.osgi/osgi.cmpn@7.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/osgi.cmpn@7.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + osgi.core-7.0.0.jar + /var/lib/jenkins/.m2/repository/org/osgi/osgi.core/7.0.0/osgi.core-7.0.0.jar + 2fc4ef3c19433d05df79a114f822f0ec + 7545eab9bd1f85e9f1162865a7281c8becb417f2 + a9218f9bee68a41c4ddbd92cdfb2ee8ae660fa25b372f78d01812b1770e4525b + OSGi Core Release 7, Interfaces and Classes for use in compiling bundles + Apache-2.0: http://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + osgi.core + + + jar + package name + osgi + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + bundle-symbolicname + osgi.core + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + osgi.core + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + name + osgi.core + + + jar + package name + filter + + + jar + package name + osgi + + + jar + package name + version + + + Manifest + bundle-copyright + Copyright (c) OSGi Alliance (2000, 2018). All Rights Reserved. + + + Manifest + bundle-developers + osgi; email=info@osgi.org; name="OSGi Alliance"; organization="OSGi + Alliance"; organizationUrl=https://www.osgi.org/ + + + Manifest + bundle-docurl + https://www.osgi.org/ + + + Manifest + Bundle-Name + org.osgi:osgi.core + + + Manifest + bundle-symbolicname + osgi.core + + + Manifest + git-descriptor + hudson-build.core-1432 + + + Manifest + git-sha + ac877b9fdaa36e26adb939cf9dd425e77243f449 + + + Manifest + require-capability + + osgi.unresolvable;filter:="(&(must.not.resolve=*)(!(must.not.resolve=*)))",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + pom + artifactid + osgi.core + + + pom + developer email + info@osgi.org + + + pom + developer id + osgi + + + pom + developer name + OSGi Alliance + + + pom + developer org + OSGi Alliance + + + pom + developer org URL + https://www.osgi.org/ + + + pom + groupid + org.osgi + + + pom + name + org.osgi:osgi.core + + + pom + organization name + OSGi Alliance + + + pom + organization url + https://www.osgi.org/ + + + pom + url + https://www.osgi.org/ + + + file + version + 7.0.0 + + + pom + version + 7.0.0 + + + + + pkg:maven/org.osgi/osgi.core@7.0.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.osgi/osgi.core@7.0.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-logging-api-2.1.3.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/logging/pax-logging-api/2.1.3/pax-logging-api-2.1.3.jar + fbc9a9a349b73d4ca64bb9adca83293e + 3c2ab068f84a61cb4daea1d561af05738a1042cd + 31a4886527bd60cb3ea776436d8d3dc0d643c1034ac08955e9c9f9217f86be37 + + Pax Logging API Library is a collection of logging APIs from different libraries/facades. + It supports SLF4J, Commons Logging, JULI Logging, Log4J1 API, Log4J2 API, JBoss Logging and + Avalon APIs. + Additionally, Pax Logging specific library is available as backend implementation with its + specific configuration mechanisms, + but it's not required. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-logging-api + + + jar + package name + avalon + + + jar + package name + commons + + + jar + package name + jboss + + + jar + package name + juli + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + org + + + jar + package name + pax + + + jar + package name + slf4j + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-api + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-api + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-api + + + pom + artifactid + pax-logging-api + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - API + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-logging-api + + + jar + package name + avalon + + + jar + package name + commons + + + jar + package name + filter + + + jar + package name + jboss + + + jar + package name + juli + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + org + + + jar + package name + osgi + + + jar + package name + pax + + + jar + package name + slf4j + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-api + + + Manifest + Bundle-Name + OPS4J Pax Logging - API + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-api + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-api + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - API + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 2.1.3 + + + Manifest + Bundle-Version + 2.1.3 + + + pom + version + 2.1.3 + + + + + pkg:maven/org.ops4j.pax.logging/pax-logging-api@2.1.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.logging/pax-logging-api@2.1.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-logging-log4j2-2.1.3.jar (shaded: org.apache.logging.log4j:log4j-core:2.18.0) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/logging/pax-logging-log4j2/2.1.3/pax-logging-log4j2-2.1.3.jar/META-INF/maven/org.apache.logging.log4j/log4j-core/pom.xml + c093c3b28b89e1a57a29497ccc6e3cf3 + 7d0a59ef826d959270c7b0f6faba97e6e39c8f70 + 094b5f5f9dbcecbdaf1c940686b1d850c9de00ea0ea9eac1bce87185ec0dab7b + The Apache Log4j Implementation + + Business Process Center - Runtime Environment:compile + + + + pax-logging-log4j2-2.1.3.jar (shaded: + org.apache.logging.log4j:log4j-layout-template-json:2.18.0) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/logging/pax-logging-log4j2/2.1.3/pax-logging-log4j2-2.1.3.jar/META-INF/maven/org.apache.logging.log4j/log4j-layout-template-json/pom.xml + 2d43d7dccb626f5086242fece083890c2cbea88c202fecb2eb154eb2c9e5af4a + 2a0d752b295d54a0b7a66719105e5584644a0fd4 + f27aeea0d2f3972344c0c390a0a0d1cb + + + pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.18.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-layout-template-json@2.18.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + pom + artifactid + log4j-core + + + pom + groupid + org.apache.logging.log4j + + + pom + name + Apache Log4j Core + + + pom + parent-artifactid + log4j + + + pom + artifactid + log4j-core + + + pom + groupid + org.apache.logging.log4j + + + pom + name + Apache Log4j Core + + + pom + parent-artifactid + log4j + + + pom + version + 2.18.0 + + + + + pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:log4j:2.18.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Alog4j&cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A2.18.0 + + + + + pax-logging-log4j2-2.1.3.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/logging/pax-logging-log4j2/2.1.3/pax-logging-log4j2-2.1.3.jar + 4f3266b471267064e4121a5a982cdc2d + 87941004dc554575f6c2022baea22d354823c5c4 + d003940fc68f36ff8326dfad44493b916c555e6b6b856d501206ffccfa076454 + + Pax Logging backend implementation based on Apache Log4J2. It provides Log4J2 specific + implementation + of PaxLoggingService interface and Log4J2 specific configuration methods. + Users may customize Log4J2 behaviour (appenders, layouts) by creating fragment attached to + this bundle. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-logging-log4j2 + + + jar + package name + apache + + + jar + package name + log4j2 + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + pax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-log4j2 + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-log4j2 + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.osgi.service.log.LogService,org.osgi.service.log.LoggerFactory,org.ops4j.pax.logging.PaxLoggingService,org.osgi.service.cm.ManagedService";uses="org.osgi.service.log" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-log4j2 + + + pom + artifactid + pax-logging-log4j2 + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - Log4Jv2 implementation + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-logging-log4j2 + + + jar + package name + apache + + + jar + package name + log4j2 + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + pax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-log4j2 + + + Manifest + Bundle-Name + OPS4J Pax Logging - Log4Jv2 implementation + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-log4j2 + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.osgi.service.log.LogService,org.osgi.service.log.LoggerFactory,org.ops4j.pax.logging.PaxLoggingService,org.osgi.service.cm.ManagedService";uses="org.osgi.service.log" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-log4j2 + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - Log4Jv2 implementation + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 2.1.3 + + + Manifest + Bundle-Version + 2.1.3 + + + pom + version + 2.1.3 + + + + + pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@2.1.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@2.1.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:log4j:2.1.3:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Alog4j&cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A2.1.3 + + + + + CVE-2021-44228 + + 9.3 + NETWORK + MEDIUM + NONE + COMPLETE + COMPLETE + COMPLETE + HIGH + 2.0 + 8.6 + 10.0 + + + 10.0 + NETWORK + LOW + NONE + NONE + CHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 6.0 + 3.1 + + + CWE-400 + CWE-502 + CWE-20 + + Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, + 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do + not protect against attacker controlled LDAP and other JNDI related endpoints. An + attacker who can control log messages or log message parameters can execute arbitrary + code loaded from LDAP servers when message lookup substitution is enabled. From log4j + 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with + 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that + this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or + other Apache Logging Services projects. + file name: pax-logging-log4j2-2.0.16.jar + + + MISC + https://twitter.com/kurtseifried/status/1469345530182455296 + https://twitter.com/kurtseifried/status/1469345530182455296 + + + MISC + https://www.oracle.com/security-alerts/cpuapr2022.html + https://www.oracle.com/security-alerts/cpuapr2022.html + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/13/2 + [oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in + JMSAppender in Apache Log4j 1.2 + + + CONFIRM + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + + + MISC + https://github.com/cisagov/log4j-affected-db + https://github.com/cisagov/log4j-affected-db + + + MISC + https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 + https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 + + + MISC + + http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html + + http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html + + + MISC + http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html + http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html + + + MISC + + http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html + + http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html + + + CONFIRM + https://support.apple.com/kb/HT213189 + https://support.apple.com/kb/HT213189 + + + MISC + + http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ + FEDORA-2021-66d6c484f3 + + + DEBIAN + https://www.debian.org/security/2021/dsa-5020 + DSA-5020 + + + MISC + https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html + https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/10/1 + [oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not + protect against attacker controlled LDAP and other JNDI related endpoints + + + MISC + + http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + + + MISC + http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html + http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html + + + FULLDISC + http://seclists.org/fulldisclosure/2022/Jul/11 + 20220721 Open-Xchange Security Advisory 2022-07-21 + + + FULLDISC + http://seclists.org/fulldisclosure/2022/Dec/2 + 20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation + + + CISCO + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + 20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: + December 2021 + + + MISC + http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html + + http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ + FEDORA-2021-f0f501d01f + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/10/2 + [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not + protect against attacker controlled LDAP and other JNDI related endpoints + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/10/3 + [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not + protect against attacker controlled LDAP and other JNDI related endpoints + + + MISC + http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html + http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/15/3 + [oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message + Pattern and Context Lookup Pattern vulnerable to a denial of service attack + + + MS + + https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 + + + MISC + https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md + https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md + + + MISC + + http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html + + http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html + + + MISC + https://www.oracle.com/security-alerts/cpujan2022.html + https://www.oracle.com/security-alerts/cpujan2022.html + + + MISC + + http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html + + http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html + + + MISC + + http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html + + http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + + + MISC + https://logging.apache.org/log4j/2.x/security.html + https://logging.apache.org/log4j/2.x/security.html + + + MISC + + http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html + + http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html + + + FULLDISC + http://seclists.org/fulldisclosure/2022/Mar/23 + 20220314 APPLE-SA-2022-03-14-7 Xcode 13.3 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20211210-0007/ + https://security.netapp.com/advisory/ntap-20211210-0007/ + + + MLIST + https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html + [debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security + update + + + CERT-VN + https://www.kb.cert.org/vuls/id/930724 + VU#930724 + + + MISC + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + + + CONFIRM + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + + MISC + http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html + http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/14/4 + [oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message + Pattern and Context Lookup Pattern vulnerable to a denial of service attack + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/13/1 + [oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in + JMSAppender in Apache Log4j 1.2 + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + MISC + https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 + https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 + + + CONFIRM + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + MISC + + http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html + + http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html + + + MISC + + http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html + + http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:* + + cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:* + cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:* + + cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:* + cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000\.:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:* + cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:* + cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:dna_spaces\:_connector:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.5\(1\):su1:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.5\(1\):su2:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.6\(1\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.6\(1\):es01:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.6\(1\):es02:*:*:*:*:*:* + cpe:2.3:a:cisco:finesse:12.6\(1\):es03:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:* + + cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:* + cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:* + cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:* + cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:8.3\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:8.4\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:8.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:9.0\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:9.0\(2\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:9.1\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:12.5\(2\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:paging_server:14.0\(1\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:* + cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:-:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:session_management:*:*:* + cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7:*:*:*:*:*:* + + cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):*:*:*:*:*:*:* + cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):*:*:*:*:*:*:* + + cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:* + cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:* + + cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:* + + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:* + + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:* + + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:* + + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:* + cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:* + + cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:* + cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:data_center_manager:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:* + cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* + cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* + cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* + cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:* + cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:* + cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:* + cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:* + cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:* + cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:* + cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:* + cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:* + + cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:* + + cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:* + + cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:* + + + + CVE-2017-5645 + + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + HIGH + 2.0 + 10.0 + 6.4 + + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.1 + + + CWE-502 + + In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP + socket server to receive serialized log events from another application, a specially + crafted binary payload can be sent that, when deserialized, can execute arbitrary code. + file name: pax-logging-log4j2-2.0.16.jar + + + MLIST + + https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E + [logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of + untrusted data in SocketServer + + + MISC + https://www.oracle.com/security-alerts/cpuoct2020.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + CONFIRM + https://security.netapp.com/advisory/ntap-20180726-0002/ + https://security.netapp.com/advisory/ntap-20180726-0002/ + + + CONFIRM + http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html + http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2810 + RHSA-2017:2810 + + + MLIST + + https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by + AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2423 + RHSA-2017:2423 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20181107-0002/ + https://security.netapp.com/advisory/ntap-20181107-0002/ + + + MLIST + + https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] + [activemq-all] [5.15.10] + + + MLIST + + https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] + [activemq-all] [5.15.10] + + + CONFIRM + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + SECTRACK + http://www.securitytracker.com/id/1040200 + 1040200 + + + MLIST + + https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E + [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by + Apache Tika 1.23 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3E + [logging-commits] 20200425 svn commit: r1059809 - + /websites/production/logging/content/log4j/2.13.2/security.html + + + MISC + https://www.oracle.com/security-alerts/cpujan2021.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + MLIST + + https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E + [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:1801 + RHSA-2017:1801 + + + MLIST + + https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3E + [beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request + #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 + + + REDHAT + https://access.redhat.com/errata/RHSA-2019:1545 + RHSA-2019:1545 + + + MLIST + + https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by + AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + N/A + https://www.oracle.com/security-alerts/cpuapr2020.html + N/A + + + MLIST + + https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E + [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + MLIST + + https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E + [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by + Apache Tika 1.23 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E + [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + MLIST + + https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E + [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + MLIST + + https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3E + [beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull + request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:3400 + RHSA-2017:3400 + + + MLIST + + https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E + [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by + Apache Tika 1.23 is vulnerable to CVE-2019-17571 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2638 + RHSA-2017:2638 + + + MLIST + + https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3E + [beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request + #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:3244 + RHSA-2017:3244 + + + MISC + https://www.oracle.com/security-alerts/cpuApr2021.html + https://www.oracle.com/security-alerts/cpuApr2021.html + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2636 + RHSA-2017:2636 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2889 + RHSA-2017:2889 + + + MLIST + + https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E + [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + CONFIRM + https://issues.apache.org/jira/browse/LOG4J2-1863 + https://issues.apache.org/jira/browse/LOG4J2-1863 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2888 + RHSA-2017:2888 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2811 + RHSA-2017:2811 + + + MLIST + + https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] + [activemq-all] [5.15.10] + + + MLIST + + https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + MISC + https://www.oracle.com/security-alerts/cpujan2022.html + https://www.oracle.com/security-alerts/cpujan2022.html + + + MISC + https://www.oracle.com/security-alerts/cpujul2020.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + MLIST + + https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2635 + RHSA-2017:2635 + + + MLIST + + https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E + [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue + #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image + + + MLIST + http://www.openwall.com/lists/oss-security/2019/12/19/2 + [oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of + untrusted data in SocketServer + + + MLIST + + https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + MISC + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html + + + MLIST + + https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] + [activemq-all] [5.15.10] + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2633 + RHSA-2017:2633 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:1417 + RHSA-2017:1417 + + + MISC + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html + + + MLIST + + https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by + AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:1802 + RHSA-2017:1802 + + + MLIST + + https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3E + [beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request + #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 + + + SECTRACK + http://www.securitytracker.com/id/1041294 + 1041294 + + + CONFIRM + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + CONFIRM + https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + MLIST + + https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E + [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + MLIST + + https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3E + [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used + by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3E + [doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull + request #5594: [FE][Bug]Update log4j-web to fix a security issue + + + MLIST + + https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E + [beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: + [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 + + + BID + http://www.securityfocus.com/bid/97702 + 97702 + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2809 + RHSA-2017:2809 + + + MLIST + + https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E + [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] + [tika-app] [1.23] + + + MLIST + + https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E + [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache + Tika 1.23 is vulnerable to CVE-2019-17571 + + + MISC + https://www.oracle.com/security-alerts/cpujan2020.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2808 + RHSA-2017:2808 + + + MLIST + + https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E + [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull + request #8878: Address security vulnerabilities + + + MLIST + + https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E + [announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of + untrusted data in SocketServer + + + MLIST + + https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E + [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by + Apache Tika 1.23 is vulnerable to CVE-2019-17571 + + + MLIST + + https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E + [logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of + untrusted data in SocketServer + + + MISC + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + MLIST + + https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E + [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues + in geode-core-1.12 + + + MISC + https://www.oracle.com/security-alerts/cpuoct2021.html + https://www.oracle.com/security-alerts/cpuoct2021.html + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:3399 + RHSA-2017:3399 + + + MLIST + + https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E + [logging-dev] 20191215 Re: Is there any chance that there will be a security fix + for log4j-v1.2.17? + + + CONFIRM + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + + + MLIST + + https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3E + [beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is + using a log4j version with security issues + + + REDHAT + https://access.redhat.com/errata/RHSA-2017:2637 + RHSA-2017:2637 + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* + cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:* + cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:* + cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* + cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:* + + + + CVE-2021-45046 + + 5.1 + NETWORK + HIGH + NONE + PARTIAL + PARTIAL + PARTIAL + MEDIUM + 2.0 + 4.9 + 6.4 + + + 9.0 + NETWORK + HIGH + NONE + NONE + CHANGED + HIGH + HIGH + HIGH + CRITICAL + 2.2 + 6.0 + 3.1 + + + CWE-502 + + It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 + was incomplete in certain non-default configurations. This could allows attackers with + control over Thread Context Map (MDC) input data when the logging configuration uses a + non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) + or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using + a JNDI Lookup pattern resulting in an information leak and remote code execution in some + environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and + 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and + disabling JNDI functionality by default. + file name: pax-logging-log4j2-2.0.16.jar + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/15/3 + [oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message + Pattern and Context Lookup Pattern vulnerable to a denial of service attack + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/18/1 + [oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message + Pattern and Context Lookup Pattern vulnerable to a denial of service attack + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/ + FEDORA-2021-abbe24e41c + + + MISC + https://www.oracle.com/security-alerts/cpuapr2022.html + https://www.oracle.com/security-alerts/cpuapr2022.html + + + MISC + https://www.oracle.com/security-alerts/cpujan2022.html + https://www.oracle.com/security-alerts/cpujan2022.html + + + MISC + https://www.cve.org/CVERecord?id=CVE-2021-44228 + https://www.cve.org/CVERecord?id=CVE-2021-44228 + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + + + N/A + https://www.oracle.com/security-alerts/cpujul2022.html + N/A + + + DEBIAN + https://www.debian.org/security/2021/dsa-5022 + DSA-5022 + + + CONFIRM + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/14/4 + [oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message + Pattern and Context Lookup Pattern vulnerable to a denial of service attack + + + CONFIRM + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + + + MISC + https://logging.apache.org/log4j/2.x/security.html + https://logging.apache.org/log4j/2.x/security.html + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/ + FEDORA-2021-5c9d12a93e + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + CONFIRM + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + CISCO + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: + December 2021 + + + CERT-VN + https://www.kb.cert.org/vuls/id/930724 + VU#930724 + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:* + cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:* + cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:* + cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:* + cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:* + cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:* + cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:* + cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:* + cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:* + + cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:* + cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:* + cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:* + cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:* + cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:* + cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:* + cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:* + + cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:* + + + + CVE-2021-44832 + + 8.5 + NETWORK + MEDIUM + SINGLE + COMPLETE + COMPLETE + COMPLETE + HIGH + 2.0 + 6.8 + 10.0 + + + 6.6 + NETWORK + HIGH + HIGH + NONE + UNCHANGED + HIGH + HIGH + HIGH + MEDIUM + 0.7 + 5.9 + 3.1 + + + CWE-20 + + Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix + releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a + configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has + control of the target LDAP server. This issue is fixed by limiting JNDI data source + names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. + file name: pax-logging-log4j2-2.0.16.jar + + + MISC + https://issues.apache.org/jira/browse/LOG4J2-3293 + https://issues.apache.org/jira/browse/LOG4J2-3293 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20220104-0001/ + https://security.netapp.com/advisory/ntap-20220104-0001/ + + + MISC + https://www.oracle.com/security-alerts/cpuapr2022.html + https://www.oracle.com/security-alerts/cpuapr2022.html + + + MISC + https://www.oracle.com/security-alerts/cpujan2022.html + https://www.oracle.com/security-alerts/cpujan2022.html + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf + + + N/A + https://www.oracle.com/security-alerts/cpujul2022.html + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/28/1 + [oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC + Appender when attacker controls configuration + + + MLIST + https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html + [debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security + update + + + CISCO + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: + December 2021 + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ + FEDORA-2021-1bd9151bab + + + MISC + https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 + https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 + + + FEDORA + + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ + FEDORA-2021-c6f471ce0f + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:* + cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:* + cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* + + + + CVE-2021-45105 + + 4.3 + NETWORK + MEDIUM + NONE + NONE + NONE + PARTIAL + MEDIUM + 2.0 + 8.6 + 2.9 + + + 5.9 + NETWORK + HIGH + NONE + NONE + UNCHANGED + NONE + NONE + HIGH + MEDIUM + 2.2 + 3.6 + 3.1 + + + CWE-20 + CWE-674 + + Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) + did not protect from uncontrolled recursion from self-referential lookups. This allows + an attacker with control over Thread Context Map data to cause a denial of service when + a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and + 2.3.1. + file name: pax-logging-log4j2-2.0.16.jar + + + MISC + https://www.oracle.com/security-alerts/cpuapr2022.html + https://www.oracle.com/security-alerts/cpuapr2022.html + + + MISC + https://www.oracle.com/security-alerts/cpujan2022.html + https://www.oracle.com/security-alerts/cpujan2022.html + + + N/A + https://www.oracle.com/security-alerts/cpujul2022.html + N/A + + + CONFIRM + https://security.netapp.com/advisory/ntap-20211218-0001/ + https://security.netapp.com/advisory/ntap-20211218-0001/ + + + DEBIAN + https://www.debian.org/security/2021/dsa-5024 + DSA-5024 + + + MISC + https://logging.apache.org/log4j/2.x/security.html + https://logging.apache.org/log4j/2.x/security.html + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + + + CONFIRM + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + + + MLIST + http://www.openwall.com/lists/oss-security/2021/12/19/1 + [oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect + from infinite recursion in lookup evaluation + + + CONFIRM + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + + + CISCO + + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: + December 2021 + + + MISC + https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ + https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ + + + CERT-VN + https://www.kb.cert.org/vuls/id/930724 + VU#930724 + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* + cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:* + cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* + + cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:* + + cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:* + + cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:* + + cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:* + + + + CVE-2020-9488 + + 4.3 + NETWORK + MEDIUM + NONE + PARTIAL + NONE + NONE + MEDIUM + 2.0 + 8.6 + 2.9 + + + 3.7 + NETWORK + HIGH + NONE + NONE + UNCHANGED + LOW + NONE + NONE + LOW + 2.2 + 1.4 + 3.1 + + + CWE-295 + + Improper validation of certificate with host mismatch in Apache Log4j SMTP + appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle + attack which could leak any log messages sent through that appender. Fixed in Apache + Log4j 2.12.3 and 2.13.1 + file name: pax-logging-log4j2-2.0.16.jar + + + MISC + https://www.oracle.com/security-alerts/cpuoct2020.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + MISC + https://www.oracle.com/security-alerts/cpuapr2022.html + https://www.oracle.com/security-alerts/cpuapr2022.html + + + MLIST + + https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due + to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E + [kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address + CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the + board? + + + MLIST + + https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull + request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MISC + + https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E + + https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E + + + MLIST + + https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E + [hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to + 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing + due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpujan2021.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + MLIST + + https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due + to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E + [hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + CONFIRM + https://security.netapp.com/advisory/ntap-20200504-0003/ + https://security.netapp.com/advisory/ntap-20200504-0003/ + + + MLIST + + https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E + [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue + #8967: CVSS issue list + + + MLIST + + https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E + [hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + DEBIAN + https://www.debian.org/security/2021/dsa-5020 + DSA-5020 + + + MLIST + + https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E + [zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to + CVE-2020-9488 + + + MLIST + https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html + [debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security + update + + + MISC + + https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E + + https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E + + + MLIST + + https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685 + + + MLIST + + https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E + [hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 + to 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E + [kafka-users] 20210617 vulnerabilities + + + MLIST + + https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E + [flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request + #15879: [FLINK-22407][build] Bump log4j to 2.24.1 + + + MLIST + + https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 + to 2.13.2+ due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpuApr2021.html + https://www.oracle.com/security-alerts/cpuApr2021.html + + + MLIST + + https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to + address CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: + ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E + [hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpujul2020.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + MLIST + + https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + CONFIRM + https://issues.apache.org/jira/browse/LOG4J2-2819 + https://issues.apache.org/jira/browse/LOG4J2-2819 + + + MLIST + + https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E + [hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to + 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E + [kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to + address security vulnerabilities + + + MLIST + + https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 Build failed in Jenkins: + zookeeper-master-maven-owasp #489 + + + MLIST + + https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: + ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report + to the board? + + + MLIST + + https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E + [zookeeper-dev] 20200504 log4j SmtpAppender related CVE + + + MLIST + + https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: + suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due + to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull + request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E + [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in + common/lib/log4j-1.2.17.jar + + + MLIST + + https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due + to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E + [hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpuoct2021.html + https://www.oracle.com/security-alerts/cpuoct2021.html + + + MLIST + + https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address + CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E + [hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j + 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E + [hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 + to 2.13.2+ due to CVE-2020-9488 + + + MLIST + + https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 + to address security vulnerabilities + + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* + + cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* + cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:* + + + + + + pax-logging-logback-2.1.3.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/logging/pax-logging-logback/2.1.3/pax-logging-logback-2.1.3.jar + 76ce62795b093ac94bc1c7abf161aa4d + 60d288e4cb50bfb4dd924b3b5e1e50fa71acd7c4 + 3f93e0de15acaaa08b741404edbdcd8925f4555ce92d1cc85b1b303c84390bc8 + + Pax Logging backend implementation based on Logback. It provides Logback specific + implementation + of PaxLoggingService interface and Logback specific configuration methods. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-logging-logback + + + jar + package name + logback + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + pax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-logback + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-logback + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.osgi.service.log.LogService,org.osgi.service.log.LoggerFactory,org.ops4j.pax.logging.PaxLoggingService,org.osgi.service.cm.ManagedService";uses="org.osgi.service.log" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-logback + + + pom + artifactid + pax-logging-logback + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - Logback implementation + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-logging-logback + + + jar + package name + logback + + + jar + package name + logging + + + jar + package name + ops4j + + + jar + package name + pax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxlogging/overview/pax-logging-logback + + + Manifest + Bundle-Name + OPS4J Pax Logging - Logback implementation + + + Manifest + bundle-symbolicname + org.ops4j.pax.logging.pax-logging-logback + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.osgi.service.log.LogService,org.osgi.service.log.LoggerFactory,org.ops4j.pax.logging.PaxLoggingService,org.osgi.service.cm.ManagedService";uses="org.osgi.service.log" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-logging-logback + + + pom + groupid + org.ops4j.pax.logging + + + pom + name + OPS4J Pax Logging - Logback implementation + + + pom + parent-artifactid + logging + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 2.1.3 + + + Manifest + Bundle-Version + 2.1.3 + + + pom + version + 2.1.3 + + + + + pkg:maven/org.ops4j.pax.logging/pax-logging-logback@2.1.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.logging/pax-logging-logback@2.1.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:2.1.3:*:*:*:*:*:*:* + + + + + pax-swissbox-property-1.8.5.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/swissbox/pax-swissbox-property/1.8.5/pax-swissbox-property-1.8.5.jar + 24f4f6e0582b320b05a2f7acb7211e64 + 9b12d6525d30e90cbf0f047cc497e101a4ccdd4c + 3ce9518693953e44e27793be2010c287b716d370e5cd9c09f2ea2624818ef85b + + OPS4J Pax Swissbox - Utilities related to properties in osgi. + Detailed information to be found at http://wiki.ops4j.org/confluence/x/OARN. + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-swissbox-property + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + property + + + jar + package name + swissbox + + + Manifest + bundle-docurl + http://team.ops4j.org/wiki/display/PAXSB + + + Manifest + bundle-symbolicname + org.ops4j.pax.swissbox.property + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + pom + artifactid + pax-swissbox-property + + + pom + artifactid + pax-swissbox-property + + + pom + groupid + org.ops4j.pax.swissbox + + + pom + name + OPS4J Pax Swissbox :: Property + + + pom + parent-artifactid + swissbox + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-swissbox-property + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + property + + + jar + package name + swissbox + + + Manifest + bundle-docurl + http://team.ops4j.org/wiki/display/PAXSB + + + Manifest + Bundle-Name + OPS4J Pax Swissbox :: Property + + + Manifest + bundle-symbolicname + org.ops4j.pax.swissbox.property + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + pom + artifactid + pax-swissbox-property + + + pom + groupid + org.ops4j.pax.swissbox + + + pom + name + OPS4J Pax Swissbox :: Property + + + pom + parent-artifactid + swissbox + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 1.8.5 + + + Manifest + Bundle-Version + 1.8.5 + + + pom + version + 1.8.5 + + + + + pkg:maven/org.ops4j.pax.swissbox/pax-swissbox-property@1.8.5 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.swissbox/pax-swissbox-property@1.8.5?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: commons-io:commons-io:2.11.0) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/commons-io/commons-io/pom.xml + ed40a393d42caba44e038ecff0ee95cd + 3fe5d6ebed1afb72c3e8c166dba0b0e00fdd1f16 + 2e016fd7e3244b5f2c20acad834d93aa4790486ee1e4564641361a3e831eef59 + + The Apache Commons IO library contains utility classes, stream implementations, file + filters, + file comparators, endian transformation classes, and much more. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + commons-io + + + pom + developer email + bayard@apache.org + + + pom + developer email + dion@apache.org + + + pom + developer email + ggregory at apache.org + + + pom + developer email + jeremias@apache.org + + + pom + developer email + jochen.wiedmann@gmail.com + + + pom + developer email + krosenvold@apache.org + + + pom + developer email + martinc@apache.org + + + pom + developer email + matth@apache.org + + + pom + developer email + nicolaken@apache.org + + + pom + developer email + roxspring@apache.org + + + pom + developer email + sanders@apache.org + + + pom + developer id + bayard + + + pom + developer id + dion + + + pom + developer id + ggregory + + + pom + developer id + jeremias + + + pom + developer id + jochen + + + pom + developer id + jukka + + + pom + developer id + krosenvold + + + pom + developer id + martinc + + + pom + developer id + matth + + + pom + developer id + niallp + + + pom + developer id + nicolaken + + + pom + developer id + roxspring + + + pom + developer id + sanders + + + pom + developer id + scolebourne + + + pom + developer name + dIon Gillard + + + pom + developer name + Gary Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + Jeremias Maerki + + + pom + developer name + Jochen Wiedmann + + + pom + developer name + Jukka Zitting + + + pom + developer name + Kristian Rosenvold + + + pom + developer name + Martin Cooper + + + pom + developer name + Matthew Hawthorne + + + pom + developer name + Niall Pemberton + + + pom + developer name + Nicola Ken Barozzi + + + pom + developer name + Rob Oxspring + + + pom + developer name + Scott Sanders + + + pom + developer name + Stephen Colebourne + + + pom + developer org + The Apache Software Foundation + + + pom + developer org URL + https://www.apache.org/ + + + pom + groupid + commons-io + + + pom + name + Apache Commons IO + + + pom + parent-artifactid + commons-parent + + + pom + parent-groupid + org.apache.commons + + + pom + url + https://commons.apache.org/proper/commons-io/ + + + pom + artifactid + commons-io + + + pom + developer email + bayard@apache.org + + + pom + developer email + dion@apache.org + + + pom + developer email + ggregory at apache.org + + + pom + developer email + jeremias@apache.org + + + pom + developer email + jochen.wiedmann@gmail.com + + + pom + developer email + krosenvold@apache.org + + + pom + developer email + martinc@apache.org + + + pom + developer email + matth@apache.org + + + pom + developer email + nicolaken@apache.org + + + pom + developer email + roxspring@apache.org + + + pom + developer email + sanders@apache.org + + + pom + developer id + bayard + + + pom + developer id + dion + + + pom + developer id + ggregory + + + pom + developer id + jeremias + + + pom + developer id + jochen + + + pom + developer id + jukka + + + pom + developer id + krosenvold + + + pom + developer id + martinc + + + pom + developer id + matth + + + pom + developer id + niallp + + + pom + developer id + nicolaken + + + pom + developer id + roxspring + + + pom + developer id + sanders + + + pom + developer id + scolebourne + + + pom + developer name + dIon Gillard + + + pom + developer name + Gary Gregory + + + pom + developer name + Henri Yandell + + + pom + developer name + Jeremias Maerki + + + pom + developer name + Jochen Wiedmann + + + pom + developer name + Jukka Zitting + + + pom + developer name + Kristian Rosenvold + + + pom + developer name + Martin Cooper + + + pom + developer name + Matthew Hawthorne + + + pom + developer name + Niall Pemberton + + + pom + developer name + Nicola Ken Barozzi + + + pom + developer name + Rob Oxspring + + + pom + developer name + Scott Sanders + + + pom + developer name + Stephen Colebourne + + + pom + developer org + The Apache Software Foundation + + + pom + developer org URL + https://www.apache.org/ + + + pom + groupid + commons-io + + + pom + name + Apache Commons IO + + + pom + parent-artifactid + commons-parent + + + pom + parent-groupid + org.apache.commons + + + pom + url + https://commons.apache.org/proper/commons-io/ + + + pom + parent-version + 2.11.0 + + + pom + version + 2.11.0 + + + + + pkg:maven/commons-io/commons-io@2.11.0 + + https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io@2.11.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_io&cpe_version=cpe%3A%2F%3Aapache%3Acommons_io%3A2.11.0 + + + cpe:2.3:a:apache:commons_net:2.11.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_net&cpe_version=cpe%3A%2F%3Aapache%3Acommons_net%3A2.11.0 + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.httpcomponents:httpclient:4.5.13) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.httpcomponents/httpclient/pom.xml + f0fe2f767b2d875566dc6cbf96cac01a + e5b134e5cd3e28dc431ca5397e9b53d28d1cfa74 + 78eb9ada74929fcd63d07adc4f49236841a45cc29d5f817bf45801f513fd7e6c + + Apache HttpComponents Client + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + httpclient + + + pom + groupid + org.apache.httpcomponents + + + pom + name + Apache HttpClient + + + pom + parent-artifactid + httpcomponents-client + + + pom + url + http://hc.apache.org/httpcomponents-client + + + pom + artifactid + httpclient + + + pom + groupid + org.apache.httpcomponents + + + pom + name + Apache HttpClient + + + pom + parent-artifactid + httpcomponents-client + + + pom + url + http://hc.apache.org/httpcomponents-client + + + pom + version + 4.5.13 + + + + + pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.httpcomponents/httpclient@4.5.13?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Ahttpclient&cpe_version=cpe%3A%2F%3Aapache%3Ahttpclient%3A4.5.13 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.httpcomponents:httpcore:4.4.10) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.httpcomponents/httpcore/pom.xml + 01a57a4fefb5c6e78eb93c2d7018ad1a + cbbf1989463d9f3e284c1348e50ea8bf426e4e1c + c5c12066df2b3b88a89a2c8602b81ea9a61627e976e5129eea1899ebbaea392b + + Apache HttpComponents Core (blocking I/O) + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + httpcore + + + pom + groupid + org.apache.httpcomponents + + + pom + name + Apache HttpCore + + + pom + parent-artifactid + httpcomponents-core + + + pom + url + http://hc.apache.org/httpcomponents-core-ga + + + pom + artifactid + httpcore + + + pom + groupid + org.apache.httpcomponents + + + pom + name + Apache HttpCore + + + pom + parent-artifactid + httpcomponents-core + + + pom + url + http://hc.apache.org/httpcomponents-core-ga + + + pom + version + 4.4.10 + + + + + pkg:maven/org.apache.httpcomponents/httpcore@4.4.10 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.httpcomponents/httpcore@4.4.10?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: + org.apache.maven.resolver:maven-resolver-connector-basic:1.8.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.resolver/maven-resolver-connector-basic/pom.xml + 129f7ea566c223c87c8c7873957f4dcb + ebf279393786863861d210237a7fa01dd1ebf101 + f8de2d09c72eaa80d953a51c9fca129d57ffe3078ec09cfe5b32a301baa085df + + A repository connector implementation for repositories using URI-based layouts. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-resolver-connector-basic + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Connector Basic + + + pom + parent-artifactid + maven-resolver + + + pom + artifactid + maven-resolver-connector-basic + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Connector Basic + + + pom + parent-artifactid + maven-resolver + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-connector-basic@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-connector-basic@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: + org.apache.maven.resolver:maven-resolver-transport-wagon:1.8.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.resolver/maven-resolver-transport-wagon/pom.xml + b8ac7987b8e91c28f8ce61e10852a1e2 + 9d5f16d407b68f79282d20b8e3ed07c29085bb0e + a09dadbb73818b47aa1bed4a9bb477c08ed6551155faba6d5c7a63977b6581ac + + A transport implementation based on Maven Wagon. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-resolver-transport-wagon + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Transport Wagon + + + pom + parent-artifactid + maven-resolver + + + pom + artifactid + maven-resolver-transport-wagon + + + pom + groupid + org.apache.maven.resolver + + + pom + name + Maven Artifact Resolver Transport Wagon + + + pom + parent-artifactid + maven-resolver + + + pom + version + 1.8.2 + + + + + pkg:maven/org.apache.maven.resolver/maven-resolver-transport-wagon@1.8.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.resolver/maven-resolver-transport-wagon@1.8.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:maven_wagon:1.8.2:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Amaven_wagon&cpe_version=cpe%3A%2F%3Aapache%3Amaven_wagon%3A1.8.2 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven.wagon:wagon-file:3.5.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.wagon/wagon-file/pom.xml + 583f40efe101ef77bce662be246d3b6b + ca155550a612b582f5ce4cc19fd2c8484ab6d400 + 7ffedc5d318d78cf0370ed0a2954c071bb0142ff20dd208b12389e3f5e3c2bde + + Wagon provider that gets and puts artifacts using file system protocol + + + Business Process Center - Runtime Environment:compile + + + + pax-url-aether-2.6.12.jar (shaded: + org.apache.maven.wagon:wagon-http-shared:3.5.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.wagon/wagon-http-shared/pom.xml + 47e12edbc9b37d90d35b32922bce76f99e0fcdd772607f83ccde7f2b03610c73 + f17f22599580ed5705a54d8fd3ccaf132a82c12a + 93067523da543f1a165336e5cf9eec53 + + + pkg:maven/org.apache.maven.wagon/wagon-http-shared@3.5.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.wagon/wagon-http-shared@3.5.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven.wagon:wagon-http:3.5.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.wagon/wagon-http/pom.xml + 21220ab11c41f0e01e422c768b0951df46ea47694effdf8bdbe1963cc4caec2a + d9d0203913188bc94b1b7bf1d0836c3a40926d79 + f8db5cd8478e1ff6a78f710da79f38cd + + + pkg:maven/org.apache.maven.wagon/wagon-http@3.5.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.wagon/wagon-http@3.5.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: + org.apache.maven.wagon:wagon-provider-api:3.5.2) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven.wagon/wagon-provider-api/pom.xml + 62db040f74d7828982e206c54014eb66a06643c3e0c9f21a272d8db087634de5 + 8e9c8718442c6ac9475dea16a0b5bc70f205ab3a + c73ca9c7c8b765708f7455ab50dd1f6a + + + pkg:maven/org.apache.maven.wagon/wagon-provider-api@3.5.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.wagon/wagon-provider-api@3.5.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + pom + artifactid + wagon-file + + + pom + groupid + org.apache.maven.wagon + + + pom + name + Apache Maven Wagon :: Providers :: File Provider + + + pom + parent-artifactid + wagon-providers + + + pom + artifactid + wagon-file + + + pom + groupid + org.apache.maven.wagon + + + pom + name + Apache Maven Wagon :: Providers :: File Provider + + + pom + parent-artifactid + wagon-providers + + + pom + version + 3.5.2 + + + + + pkg:maven/org.apache.maven.wagon/wagon-file@3.5.2 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven.wagon/wagon-file@3.5.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:maven_wagon:3.5.2:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Amaven_wagon&cpe_version=cpe%3A%2F%3Aapache%3Amaven_wagon%3A3.5.2 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-artifact:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-artifact/pom.xml + 61f0a801e6f843557e2e85ce248dbc13 + cc91f2f7952610f61897d8e0151e450ec1ec3e13 + 34d4d890004d181c7f412c2f5e8e08489f9df5a5317c24f5f48ec69eddb6826c + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-artifact + + + pom + groupid + org.apache.maven + + + pom + name + Maven Artifact + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-artifact + + + pom + groupid + org.apache.maven + + + pom + name + Maven Artifact + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-artifact@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-artifact@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-builder-support:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-builder-support/pom.xml + 1a5d27c8438ea17aabf2de6b7fb362d8 + a0bd99b09f7ec801adb2b1b72be21b28dadd1d7f + 28ebd49fdb015a3fe50f42747554241b0c7896f28a27fcdb2a787d2929ea2d95 + Support for descriptor builders (model, setting, toolchains) + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-builder-support + + + pom + groupid + org.apache.maven + + + pom + name + Maven Builder Support + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-builder-support + + + pom + groupid + org.apache.maven + + + pom + name + Maven Builder Support + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-builder-support@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-builder-support@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-model-builder:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-model-builder/pom.xml + a5c97289a5418ccd3e496909e0084a3c + 15f1f7041be03665b38c04d041053262b5c7a742 + 78fefb752b801705c8d238e1355a962209bbf2501000f921d59efa5bf648c014 + The effective model builder, with inheritance, profile activation, interpolation, + ... + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-model-builder + + + pom + groupid + org.apache.maven + + + pom + name + Maven Model Builder + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-model-builder + + + pom + groupid + org.apache.maven + + + pom + name + Maven Model Builder + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-model-builder@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-model-builder@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-model:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-model/pom.xml + 5e0688bf6d68714f4c9cdd24bd262459 + 213b6ef03b48b2fb2763e2c1bacf9f4c308797a9 + e465bc09128b9b9ed92e26c56bba72a2c6101560abf7d60df5753f6b05222a41 + Model for Maven POM (Project Object Model) + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-model + + + pom + groupid + org.apache.maven + + + pom + name + Maven Model + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-model + + + pom + groupid + org.apache.maven + + + pom + name + Maven Model + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-model@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-model@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-repository-metadata:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-repository-metadata/pom.xml + 643c1f83030b3ee896475e45dd4fb357 + 1be3309d0b44557f1b12901361226863b1a46983 + e38ad14b9c6596e0133c58511aa668e3b14784484e0df5d0ef92438dbeb0682a + Per-directory local and remote repository metadata. + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-repository-metadata + + + pom + groupid + org.apache.maven + + + pom + name + Maven Repository Metadata Model + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-repository-metadata + + + pom + groupid + org.apache.maven + + + pom + name + Maven Repository Metadata Model + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-repository-metadata@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-repository-metadata@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-resolver-provider:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-resolver-provider/pom.xml + cf32941fa727599f312aa0f2ac19bf28 + d3e9f9956afe8492189aa7eb02bd4e1cd7a64051 + 2431faf4c35b658b2e98f2ea4e10f5e7bd95d11bbb75338856088fe1099c14fb + Extensions to Maven Resolver for utilizing Maven POM and repository metadata. + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-resolver-provider + + + pom + groupid + org.apache.maven + + + pom + name + Maven Artifact Resolver Provider + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-resolver-provider + + + pom + groupid + org.apache.maven + + + pom + name + Maven Artifact Resolver Provider + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-resolver-provider@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-resolver-provider@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-settings-builder:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-settings-builder/pom.xml + 3a9170c26c8f622c7745b48d3155a157 + c14af751db60bb11a30f2680e633c21aa43a5651 + 7c5d8d6e20e1a2a8e64ac9dec72043ea4e39628b245f75f2e1fdc5d0d6877fc0 + The effective settings builder, with inheritance and password decryption. + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-settings-builder + + + pom + groupid + org.apache.maven + + + pom + name + Maven Settings Builder + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-settings-builder + + + pom + groupid + org.apache.maven + + + pom + name + Maven Settings Builder + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-settings-builder@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-settings-builder@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.apache.maven:maven-settings:3.8.6) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.apache.maven/maven-settings/pom.xml + 2341e09edd98a8b05a97c36dcdf71a1b + ac145ad4f6dccced0f96570a0593f342050c704f + 7868cb444944c97f8623aacad804cf51330326d6886d8ee88e99275461397936 + Maven Settings model. + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + maven-settings + + + pom + groupid + org.apache.maven + + + pom + name + Maven Settings + + + pom + parent-artifactid + maven + + + pom + artifactid + maven-settings + + + pom + groupid + org.apache.maven + + + pom + name + Maven Settings + + + pom + parent-artifactid + maven + + + pom + version + 3.8.6 + + + + + pkg:maven/org.apache.maven/maven-settings@3.8.6 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-settings@3.8.6?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.codehaus.plexus:plexus-cipher:2.0) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.codehaus.plexus/plexus-cipher/pom.xml + 2967b1e6042d2e605b9dce940bf9bbe0 + edb7a328686edfde9014336839f155acbbeabeaf + 04842f331b0225b85a5e20439710d228ea7a6302abe6d53c9c9846fbc5bf99ff + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + plexus-cipher + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Cipher: encryption/decryption Component + + + pom + parent-artifactid + plexus + + + pom + artifactid + plexus-cipher + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Cipher: encryption/decryption Component + + + pom + parent-artifactid + plexus + + + pom + parent-version + 2.0 + + + pom + version + 2.0 + + + + + pkg:maven/org.codehaus.plexus/plexus-cipher@2.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-cipher@2.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.codehaus.plexus:plexus-interpolation:1.26) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml + 0bfdfcfcd1cdd7023081e8a24f7088ec + af412be9edee5aad63bbb304752ac0deda35ff08 + e1c10b3a6335641eb74a668daa9ee86ae4ab06610174e59ba07c8c68042327f7 + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + plexus-interpolation + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Interpolation API + + + pom + parent-artifactid + plexus + + + pom + artifactid + plexus-interpolation + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Interpolation API + + + pom + parent-artifactid + plexus + + + pom + parent-version + 1.26 + + + pom + version + 1.26 + + + + + pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.codehaus.plexus:plexus-sec-dispatcher:2.0) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.codehaus.plexus/plexus-sec-dispatcher/pom.xml + f349bff266348edb409e84cad0b354ea + 7984d552dff3a2a2c885452537429dded9e48117 + 9b28bb307017938a94d06c85b2b099bc46912b859d084fb293e569f432eadb7c + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + plexus-sec-dispatcher + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Security Dispatcher Component + + + pom + parent-artifactid + plexus + + + pom + artifactid + plexus-sec-dispatcher + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Security Dispatcher Component + + + pom + parent-artifactid + plexus + + + pom + parent-version + 2.0 + + + pom + version + 2.0 + + + + + pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Asec_project&cpe_product=cpe%3A%2F%3Asec_project%3Asec&cpe_version=cpe%3A%2F%3Asec_project%3Asec%3A2.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.codehaus.plexus:plexus-utils:3.0.24) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.codehaus.plexus/plexus-utils/pom.xml + d531bf99914951bcc8761751ba162150 + 288f4a74efd0cea03e1d59272271f07d598b88d6 + 11067f6a75fded12bcdc8daf7a66ddd942ce289c3daf88a3fe0f8b12858a2ee6 + A collection of various utility classes to ease working with strings, files, + command lines, XML and + more. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + plexus-utils + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Common Utilities + + + pom + parent-artifactid + plexus + + + pom + artifactid + plexus-utils + + + pom + groupid + org.codehaus.plexus + + + pom + name + Plexus Common Utilities + + + pom + parent-artifactid + plexus + + + pom + parent-version + 3.0.24 + + + pom + version + 3.0.24 + + + + + pkg:maven/org.codehaus.plexus/plexus-utils@3.0.24 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-utils@3.0.24?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:plexus-utils_project:plexus-utils:3.0.24:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aplexus-utils_project&cpe_product=cpe%3A%2F%3Aplexus-utils_project%3Aplexus-utils&cpe_version=cpe%3A%2F%3Aplexus-utils_project%3Aplexus-utils%3A3.0.24 + + + + + pax-url-aether-2.6.12.jar (shaded: org.ops4j.base:ops4j-base-io:1.5.1) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.ops4j.base/ops4j-base-io/pom.xml + 37d41f0f3c88d21451f5776afced8b55 + 95e00d40f319727dafdfc4134cd64c0637343d10 + 604240b504116ad67605334cdd125fc37da420f8dd34ec56a3b78a82c9b6d704 + + OPS4J Base - Utilities/Extensions related to java.io. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ops4j-base-io + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - IO + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + artifactid + ops4j-base-io + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - IO + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-io@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-io@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.ops4j.base:ops4j-base-monitors:1.5.1) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.ops4j.base/ops4j-base-monitors/pom.xml + 0e41ab43ba0ff0afd3322be87c6e39c5 + 1d010edf1463c2b920d02808d697f69e34ac4903 + c42e68625ba8d78746eedf1412db6e63a711040ca9aad25ac21d00234d371196 + + OPS4J Base - Utilities/Extensions related to monitoring. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ops4j-base-monitors + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Monitors + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + artifactid + ops4j-base-monitors + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Monitors + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-monitors@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-monitors@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.ops4j.base:ops4j-base-net:1.5.1) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.ops4j.base/ops4j-base-net/pom.xml + 31f599e6968fbded04e83ec3a8c90250 + e28a0a2d2f03860049e8e570eb50e102a4311a74 + 3c17e39b6aa0f365169046976280f919c791f622c8861529850247a894ad2913 + + OPS4J Base - Utilities/Extensions related to java.net. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + ops4j-base-net + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Net + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + artifactid + ops4j-base-net + + + pom + groupid + org.ops4j.base + + + pom + name + OPS4J Base - Net + + + pom + parent-artifactid + base + + + pom + parent-groupid + org.ops4j + + + pom + version + 1.5.1 + + + + + pkg:maven/org.ops4j.base/ops4j-base-net@1.5.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.base/ops4j-base-net@1.5.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.ops4j.pax.url:pax-url-commons:2.6.12) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.ops4j.pax.url/pax-url-commons/pom.xml + 325b623e1b671389783903374a3807b5 + 20d4903979f7e529b79e95b376861a0765564060 + 697bf124e7cc7e7af161e7aab708ed1c4131c670ddcaba9fed9fb32def41416e + OPS4J Pax Shared - Shared classes between protocol handlers. + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + pax-url-commons + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - Commons + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + pom + artifactid + pax-url-commons + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - Commons + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + pom + version + 2.6.12 + + + + + pkg:maven/org.ops4j.pax.url/pax-url-commons@2.6.12 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.url/pax-url-commons@2.6.12?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar (shaded: org.sonatype.plexus:plexus-sec-dispatcher:1.4) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar/META-INF/maven/org.sonatype.plexus/plexus-sec-dispatcher/pom.xml + af1d7fad28b5b4082da180458e50ff24 + 18c39936b9da963de44b4d68adf204f7c5df3a45 + b4d6f1e2b9172fb7510e18b14aea4ca5a0646fc8b3a2d70a2ebffa6fe48787dc + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + plexus-sec-dispatcher + + + pom + groupid + org.sonatype.plexus + + + pom + name + Plexus Security Dispatcher Component + + + pom + parent-artifactid + spice-parent + + + pom + parent-groupid + org.sonatype.spice + + + pom + url + http://spice.sonatype.org/${project.artifactId} + + + pom + artifactid + plexus-sec-dispatcher + + + pom + groupid + org.sonatype.plexus + + + pom + name + Plexus Security Dispatcher Component + + + pom + parent-artifactid + spice-parent + + + pom + parent-groupid + org.sonatype.spice + + + pom + url + http://spice.sonatype.org/${project.artifactId} + + + pom + parent-version + 1.4 + + + pom + version + 1.4 + + + + + pkg:maven/org.sonatype.plexus/plexus-sec-dispatcher@1.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.sonatype.plexus/plexus-sec-dispatcher@1.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-url-aether-2.6.12.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether/2.6.12/pax-url-aether-2.6.12.jar + 83f6c23d312d8d8a965b34c84a16d246 + a8f63b2282a320aa0d94d96b930ba4c7f3a5d494 + d35d9e45d1600f2ac0f65f28ca08088b3853353bd5e0510df48e3b50bd2567cd + OPS4J Pax Url - mvn: protocol handler + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-url-aether + + + jar + package name + aether + + + jar + package name + mvn + + + jar + package name + ops4j + + + jar + package name + org + + + jar + package name + pax + + + jar + package name + singleton + + + jar + package name + url + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxurl/overview + + + Manifest + bundle-symbolicname + org.ops4j.pax.url.mvn; singleton:=true + + + Manifest + export-service + org.osgi.service.url.URLStreamHandlerService; url.handler.protocol=mvn, + org.ops4j.pax.url.mvn.MavenResolver + + + pom + artifactid + pax-url-aether + + + pom + artifactid + pax-url-aether + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - mvn: + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-url-aether + + + jar + package name + aether + + + jar + package name + mvn + + + jar + package name + ops4j + + + jar + package name + org + + + jar + package name + osgi + + + jar + package name + pax + + + jar + package name + singleton + + + jar + package name + url + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://ops4j1.jira.com/wiki/spaces/paxurl/overview + + + Manifest + Bundle-Name + OPS4J Pax Url - mvn: + + + Manifest + bundle-symbolicname + org.ops4j.pax.url.mvn; singleton:=true + + + Manifest + export-service + org.osgi.service.url.URLStreamHandlerService; url.handler.protocol=mvn, + org.ops4j.pax.url.mvn.MavenResolver + + + pom + artifactid + pax-url-aether + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - mvn: + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 2.6.12 + + + Manifest + Bundle-Version + 2.6.12 + + + pom + version + 2.6.12 + + + + + pkg:maven/org.ops4j.pax.url/pax-url-aether@2.6.12 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.url/pax-url-aether@2.6.12?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:2.6.12:*:*:*:*:*:*:* + + + + + pax-url-aether-support-2.6.12.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/url/pax-url-aether-support/2.6.12/pax-url-aether-support-2.6.12.jar + 4bab96c8f3c8e9c37e1e123f954a93f2 + a037761ce1ca94436e097919d0e36b1c957cb0c9 + 3bc2d318c990220d1948db6ba975952ad387d6d28dec550141b0ff2993f648bf + OPS4J Pax Url - mvn: protocol handler - support library + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-url-aether-support + + + jar + package name + aether + + + jar + package name + aether + + + jar + package name + eclipse + + + jar + package name + internal + + + pom + artifactid + pax-url-aether-support + + + pom + artifactid + pax-url-aether-support + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - mvn: - support library + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-url-aether-support + + + jar + package name + aether + + + jar + package name + aether + + + jar + package name + impl + + + jar + package name + internal + + + pom + artifactid + pax-url-aether-support + + + pom + groupid + org.ops4j.pax.url + + + pom + name + OPS4J Pax Url - mvn: - support library + + + pom + parent-artifactid + url + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 2.6.12 + + + pom + version + 2.6.12 + + + + + pkg:maven/org.ops4j.pax.url/pax-url-aether-support@2.6.12 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.url/pax-url-aether-support@2.6.12?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-api-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-api/8.0.14/pax-web-api-8.0.14.jar + e19def6d4bae325c3f19a388353a0908 + 89f5db8b4411e2bebc3fea31929901978fd31101 + 929b2d461d6207e96fc124fe954af7868dc03695da525d6ff50210b363b26678 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-api + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-api + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-api + + + pom + artifactid + pax-web-api + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - API + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-api + + + jar + package name + http + + + jar + package name + ops4j + + + jar + package name + osgi + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + jar + package name + whiteboard + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - API + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-api + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-api + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - API + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-api@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-api@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-compatibility-annotation13-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-compatibility-annotation13/8.0.14/pax-web-compatibility-annotation13-8.0.14.jar + 160ce0dd36fdf227e270e98938058b05 + 2812679593dac80c4754e025c8e6dc411dd88518 + 9448d51c3fb8e4c08dd025cf69b88afabd75dd4356a7930069ea19493461d97e + + This fragment bundle can be used together with _canonical_ (IMO) jakarta.annotation-api + instead of + more OSGi aware geronimo-annotation_1.3_spec (that declares additional caps/reqs) + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-compatibility-annotation13 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-annotation13 + + + Manifest + fragment-host + jakarta.annotation-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaAnnotation;uses:="javax.annotation,javax.annotation.sql,javax.annotation.security";version:List="1.3,1.2,1.1,1.0" + + + pom + artifactid + pax-web-compatibility-annotation13 + + + pom + artifactid + pax-web-compatibility-annotation13 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Annotation 1.3 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + name + pax-web-compatibility-annotation13 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Annotation 1.3 compatibility + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-annotation13 + + + Manifest + fragment-host + jakarta.annotation-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaAnnotation;uses:="javax.annotation,javax.annotation.sql,javax.annotation.security";version:List="1.3,1.2,1.1,1.0" + + + pom + artifactid + pax-web-compatibility-annotation13 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Annotation 1.3 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-compatibility-annotation13@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-compatibility-annotation13@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-compatibility-el2-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-compatibility-el2/8.0.14/pax-web-compatibility-el2-8.0.14.jar + 00c1d38ded7d2c03b02f5b878b9307f8 + e8c34ae22cbe59545971eda79e2e9f9e967412a1 + 6ce48441674861046ee8a4809ecacd78254d7a6a3b1b723693561ebbae385c78 + + This fragment bundle can be used together with _canonical_ (IMO) jakarta.el-api instead of + more OSGi aware geronimo-el_2.2_spec (that declares additional caps/reqs) + + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-compatibility-el2 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-el2 + + + Manifest + fragment-host + javax.el-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaEL;uses:="javax.el";version:List="3.0,2.2,2.1,2.0,1.0" + + + pom + artifactid + pax-web-compatibility-el2 + + + pom + artifactid + pax-web-compatibility-el2 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - EL 2.2 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + name + pax-web-compatibility-el2 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - EL 2.2 compatibility + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-el2 + + + Manifest + fragment-host + javax.el-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaEL;uses:="javax.el";version:List="3.0,2.2,2.1,2.0,1.0" + + + pom + artifactid + pax-web-compatibility-el2 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - EL 2.2 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-compatibility-el2@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-compatibility-el2@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-compatibility-servlet31-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-compatibility-servlet31/8.0.14/pax-web-compatibility-servlet31-8.0.14.jar + 7b9d8f6174725c15a0b77c07acc69de5 + fd802652c8722b2f8b0333c26d77930f09ccfbec + 06c6a36c9f7833353f6f3302ed33bb39bbb288c357380da4bc59245f078d8867 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-compatibility-servlet31 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-servlet31 + + + Manifest + fragment-host + jakarta.servlet-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaServlet;uses:="javax.servlet,javax.servlet.http,javax.servlet.descriptor,javax.servlet.annotation";version:List="4.0,3.1,3.0,2.6" + + + pom + artifactid + pax-web-compatibility-servlet31 + + + pom + artifactid + pax-web-compatibility-servlet31 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Servlet API 3.1 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + name + pax-web-compatibility-servlet31 + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Servlet API 3.1 compatibility + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-compatibility-servlet31 + + + Manifest + fragment-host + jakarta.servlet-api + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaServlet;uses:="javax.servlet,javax.servlet.http,javax.servlet.descriptor,javax.servlet.annotation";version:List="4.0,3.1,3.0,2.6" + + + pom + artifactid + pax-web-compatibility-servlet31 + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Servlet API 3.1 compatibility + + + pom + parent-artifactid + pax-web-fragments + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-compatibility-servlet31@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-compatibility-servlet31@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-extender-war-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-extender-war/8.0.14/pax-web-extender-war-8.0.14.jar + 8a0e492b661bf9f43afec83a01e62b18 + d11b191ba7145dc2b33a3ea3855525f2d72e152d + 2ce33e2bebf8ebccb3352b53e4c0a64edec5368a8651c92971b6bb485e6b71db + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-extender-war + + + jar + package name + extender + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-extender-war + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-extender-war + + + pom + artifactid + pax-web-extender-war + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Extender - WAR + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-extender-war + + + jar + package name + extender + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Extender - WAR + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-extender-war + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-extender-war + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Extender - WAR + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-extender-war@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-extender-war@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-extender-whiteboard-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-extender-whiteboard/8.0.14/pax-web-extender-whiteboard-8.0.14.jar + 698935c4e1745ff65c9f586da115b835 + 32b7c03dc863c383f93e01e819f86c65ede2233a + f202d34917e16f1d83879ecdc92b9ef90c55d45404cc49d35ab4caeb88fa8eb5 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-extender-whiteboard + + + jar + package name + extender + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-extender-whiteboard + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-extender-whiteboard + + + pom + artifactid + pax-web-extender-whiteboard + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Extender - Whiteboard + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-extender-whiteboard + + + jar + package name + extender + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Extender - Whiteboard + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-extender-whiteboard + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-extender-whiteboard + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Extender - Whiteboard + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-extender-whiteboard@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-extender-whiteboard@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-jetty-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-jetty/8.0.14/pax-web-jetty-8.0.14.jar + 968451fc1a893cde0996bee8004c5b01 + f1eab1228e1fbff380660a0a552b061509cf34c2 + 69678c80ad59cf5839d8e180b143f7371b9a8afdc5e27011a1259c16e2450acf + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-jetty + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-jetty + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-jetty + + + pom + artifactid + pax-web-jetty + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Jetty + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-jetty + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Jetty + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-jetty + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-jetty + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Jetty + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-jetty@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-jetty@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:jetty:jetty:8.0.14:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajetty&cpe_product=cpe%3A%2F%3Ajetty%3Ajetty&cpe_version=cpe%3A%2F%3Ajetty%3Ajetty%3A8.0.14 + + + + + pax-web-jsp-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-jsp/8.0.14/pax-web-jsp-8.0.14.jar + fd9b4946c330926fc04e4f00d093c72e + 197cd205367bbd1b7d99350828883d020088827c + ed259665005c3d67dad08aea0dc4437520774fbe695b4c9273bb25923c65b2a9 + Pax Web JSP/EL/JSTL Support via Tomcat Jasper 2. + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-jsp + + + jar + package name + el + + + jar + package name + jasper + + + jar + package name + jsp + + + jar + package name + jstl + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-jsp + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSP;uses:="javax.servlet.jsp,javax.servlet.jsp.el,javax.servlet.jsp.tagext";version:List="2.3,2.2,2.1,2" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-jsp + + + pom + artifactid + pax-web-jsp + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - JSP Support + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-jsp + + + jar + package name + el + + + jar + package name + jasper + + + jar + package name + javax + + + jar + package name + jsp + + + jar + package name + jstl + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + servlet + + + jar + package name + tagext + + + jar + package name + version + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - JSP Support + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-jsp + + + Manifest + provide-capability + + osgi.contract;osgi.contract=JavaJSP;uses:="javax.servlet.jsp,javax.servlet.jsp.el,javax.servlet.jsp.tagext";version:List="2.3,2.2,2.1,2" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-jsp + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - JSP Support + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-jsp@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-jsp@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-runtime-8.0.14.jar (shaded: + org.ops4j.pax.swissbox:pax-swissbox-property:1.8.4) + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-runtime/8.0.14/pax-web-runtime-8.0.14.jar/META-INF/maven/org.ops4j.pax.swissbox/pax-swissbox-property/pom.xml + f25a57a8024d402bc4e86c2e137f73c6 + 5f78b8a4925aaaa5c0c9159adce9cf5b059dd19e + 72c8240fc15010469673a8ed4055734c574b6330c336217bb310e2a52993dc6e + + OPS4J Pax Swissbox - Utilities related to properties in osgi. + Detailed information to be found at http://wiki.ops4j.org/confluence/x/OARN. + + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + pax-swissbox-property + + + pom + groupid + org.ops4j.pax.swissbox + + + pom + name + OPS4J Pax Swissbox :: Property + + + pom + parent-artifactid + swissbox + + + pom + parent-groupid + org.ops4j.pax + + + pom + artifactid + pax-swissbox-property + + + pom + groupid + org.ops4j.pax.swissbox + + + pom + name + OPS4J Pax Swissbox :: Property + + + pom + parent-artifactid + swissbox + + + pom + parent-groupid + org.ops4j.pax + + + pom + version + 1.8.4 + + + + + pkg:maven/org.ops4j.pax.swissbox/pax-swissbox-property@1.8.4 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.swissbox/pax-swissbox-property@1.8.4?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-runtime-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-runtime/8.0.14/pax-web-runtime-8.0.14.jar + 647745eae2ac6b01971a12acc3a949ab + 1beebbde25c95ac0597b312598da7eec045a6f32 + 21a0deaae21e5448fd5367a5a0fea8e6b8f9582ba339b9c90401f51d2c66b1c4 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-runtime + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-runtime + + + Manifest + provide-capability + + osgi.implementation;osgi.implementation="osgi.http";version:Version="1.1";uses:="javax.servlet,javax.servlet.http,org.osgi.service.http.context,org.osgi.service.http.whiteboard",osgi.service;objectClass:List="org.osgi.service.http.runtime.HttpServiceRuntime";uses:="org.osgi.service.http.runtime,org.osgi.service.http.runtime.dto",osgi.service;effective:=active;objectClass:List="org.osgi.service.http.HttpService,org.ops4j.pax.web.service.WebContainer" + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.ops4j.pax.web.service.spi.ServerControllerFactory)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-runtime + + + pom + artifactid + pax-web-runtime + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Runtime + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-runtime + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Runtime + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-runtime + + + Manifest + provide-capability + + osgi.implementation;osgi.implementation="osgi.http";version:Version="1.1";uses:="javax.servlet,javax.servlet.http,org.osgi.service.http.context,org.osgi.service.http.whiteboard",osgi.service;objectClass:List="org.osgi.service.http.runtime.HttpServiceRuntime";uses:="org.osgi.service.http.runtime,org.osgi.service.http.runtime.dto",osgi.service;effective:=active;objectClass:List="org.osgi.service.http.HttpService,org.ops4j.pax.web.service.WebContainer" + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.ops4j.pax.web.service.spi.ServerControllerFactory)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-runtime + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Runtime + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-runtime@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-runtime@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:service_project:service:8.0.14:*:*:*:*:*:*:* + + + + + pax-web-spi-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-spi/8.0.14/pax-web-spi-8.0.14.jar + 70ad399e77af5711507922cd977034c5 + b6d02f62ddf41e81c7e41fc57f577a43f2e0aae6 + 1a03c8cd802218e9109771a93e76f2eefc77462dc73a414e0251851618ec1aa5 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-spi + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-spi + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-spi + + + pom + artifactid + pax-web-spi + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Service SPI (internal) + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-spi + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Service SPI (internal) + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-spi + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-spi + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Service SPI (internal) + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-spi@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-spi@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-tomcat-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-tomcat/8.0.14/pax-web-tomcat-8.0.14.jar + dbee3d2836298361eef8291e82c83bf0 + 46c3ebc9da82727b6e5dc4e2b1abec247a81a769 + c9ee1a9f474a6eb65523dfe038f0e7a83d437db734c3a01e7feef17dd840a042 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-tomcat + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + tomcat + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat + + + pom + artifactid + pax-web-tomcat + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-tomcat + + + jar + package name + http + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + tomcat + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Tomcat + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-tomcat@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-tomcat@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-tomcat-common-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-tomcat-common/8.0.14/pax-web-tomcat-common-8.0.14.jar + 64871c5e3c672c83683e5398fba84097 + 4a14f2ac07ba08ce823660022cdfafa05efd76af + b04077e3238acb39151161c7e455e657a1f20597e22ef2820e28509d6e8e11d9 + Pax Web bundle to export packages required by pax-web-jsp and pax-web-tomcat. + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-tomcat-common + + + jar + package name + tomcat + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat-common + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat-common + + + pom + artifactid + pax-web-tomcat-common + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat Common + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-tomcat-common + + + jar + package name + tomcat + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Tomcat Common + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat-common + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat-common + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat Common + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-tomcat-common@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-tomcat-common@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-tomcat-websocket-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-tomcat-websocket/8.0.14/pax-web-tomcat-websocket-8.0.14.jar + c741fbf07f586437abe139bce55b28f8 + 3cb7d1d5f4c5cc0d34e1a70340ee520cfd9ad8c9 + 3ea4dd68da4edc7a9c2e81cf1b70f3833535dcabe23ff29daa405f860d3b0992 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-tomcat-websocket + + + jar + package name + tomcat + + + jar + package name + websocket + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat-websocket + + + pom + artifactid + pax-web-tomcat-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat WebSocket implementation + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-tomcat-websocket + + + jar + package name + tomcat + + + jar + package name + websocket + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Tomcat WebSocket implementation + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-tomcat-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-tomcat-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Tomcat WebSocket implementation + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-tomcat-websocket@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-tomcat-websocket@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-undertow-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-undertow/8.0.14/pax-web-undertow-8.0.14.jar + beb03c2c2f54c624cb62f16eef3574c4 + cd54745acb390b882269502ad4b2623ea52f10d2 + 81f8088765fc29012d1cdd0b0cc02031f05fce52ea91b255e54c475764867f0f + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-undertow + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-undertow + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-undertow + + + pom + artifactid + pax-web-undertow + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Undertow + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-undertow + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + version + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Undertow + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-undertow + + + Manifest + provide-capability + + osgi.service;effective:=active;objectClass:List="org.ops4j.pax.web.service.spi.ServerControllerFactory" + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-undertow + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Undertow + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-undertow@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-undertow@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-undertow-websocket-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-undertow-websocket/8.0.14/pax-web-undertow-websocket-8.0.14.jar + e943bbde9c037e4cd282fe71e0b3ea3c + 2821d3fbdb551651271eca5e755ddebc8590d4da + 108ff893b904a9bff184413563fdedbc082c1a60c1a2d8a9e4a628c5dd32e383 + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-undertow-websocket + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-undertow-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-undertow-websocket + + + pom + artifactid + pax-web-undertow-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Undertow WebSocket implementation + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-undertow-websocket + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + service + + + jar + package name + web + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - Undertow WebSocket implementation + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-undertow-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-undertow-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - Undertow WebSocket implementation + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-undertow-websocket@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-undertow-websocket@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + pax-web-websocket-8.0.14.jar + + /var/lib/jenkins/.m2/repository/org/ops4j/pax/web/pax-web-websocket/8.0.14/pax-web-websocket-8.0.14.jar + 5c5e04db7703f9a89c42472c17071c23 + 68ccaa2f1cb35880861dbd503fa41cc95981c4f6 + dd00802a5243fe4d6c05255186c654eecce0891aac01c24e985242e837bd677b + Pax Web - OPS4J implementation of OSGi HTTP service and OSGi HTTP Whiteboard + service + http://www.apache.org/licenses/LICENSE-2.0.html + + Business Process Center - Runtime Environment:compile + + + + file + name + pax-web-websocket + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + jar + package name + websocket + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-websocket + + + pom + artifactid + pax-web-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - WebSocket support + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + name + pax-web-websocket + + + jar + package name + ops4j + + + jar + package name + pax + + + jar + package name + web + + + jar + package name + websocket + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.ops4j.org/ + + + Manifest + Bundle-Name + OPS4J Pax Web - WebSocket support + + + Manifest + bundle-symbolicname + org.ops4j.pax.web.pax-web-websocket + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + pax-web-websocket + + + pom + groupid + org.ops4j.pax.web + + + pom + name + OPS4J Pax Web - WebSocket support + + + pom + parent-artifactid + web + + + pom + parent-groupid + org.ops4j.pax + + + file + version + 8.0.14 + + + Manifest + Bundle-Version + 8.0.14 + + + pom + version + 8.0.14 + + + + + pkg:maven/org.ops4j.pax.web/pax-web-websocket@8.0.14 + + https://ossindex.sonatype.org/component/pkg:maven/org.ops4j.pax.web/pax-web-websocket@8.0.14?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + saaj-impl-1.5.3.jar + + /var/lib/jenkins/.m2/repository/com/sun/xml/messaging/saaj/saaj-impl/1.5.3/saaj-impl-1.5.3.jar + 9c3bd20b7350f99f18f8c38fbed90199 + 1cd4aa51ea7a8987fe930083e3cd05e2ac72505b + 21d451aa7dbe1254388ecc4e5ea71aabbc519c7d7344c9d93e9f79954f38b32b + + Implementation of Jakarta SOAP with Attachments Specification + + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + + + + file + name + saaj-impl + + + jar + package name + messaging + + + jar + package name + saaj + + + jar + package name + sun + + + jar + package name + xml + + + jar (hint) + package name + oracle + + + Manifest + bundle-docurl + http://www.oracle.com/ + + + Manifest + bundle-symbolicname + com.sun.xml.messaging.saaj.impl + + + Manifest + implementation-build-id + 1.5.3 - 3f22ced + + + Manifest + Implementation-Vendor + Oracle Corporation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + saaj-impl + + + pom + artifactid + saaj-impl + + + pom + groupid + com.sun.xml.messaging.saaj + + + pom + name + Jakarta SOAP Implementation + + + pom + parent-artifactid + metro-saaj + + + file + name + saaj-impl + + + jar + package name + messaging + + + jar + package name + saaj + + + jar + package name + sun + + + jar + package name + xml + + + Manifest + bundle-docurl + http://www.oracle.com/ + + + Manifest + Bundle-Name + Jakarta SOAP Implementation + + + Manifest + bundle-symbolicname + com.sun.xml.messaging.saaj.impl + + + Manifest + implementation-build-id + 1.5.3 - 3f22ced + + + Manifest + Implementation-Title + Jakarta SOAP Implementation + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + saaj-impl + + + pom + groupid + com.sun.xml.messaging.saaj + + + pom + name + Jakarta SOAP Implementation + + + pom + parent-artifactid + metro-saaj + + + file + version + 1.5.3 + + + Manifest + Bundle-Version + 1.5.3 + + + Manifest + implementation-build-id + 1.5.3 + + + Manifest + Implementation-Version + 1.5.3 + + + pom + version + 1.5.3 + + + + + pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3 + + https://ossindex.sonatype.org/component/pkg:maven/com.sun.xml.messaging.saaj/saaj-impl@1.5.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:1.5.3:*:*:*:*:*:*:* + + + + + slf4j-api-1.7.32.jar + /var/lib/jenkins/.m2/repository/org/slf4j/slf4j-api/1.7.32/slf4j-api-1.7.32.jar + fbcf58513bc25b80f075d812aad3e3cf + cdcff33940d9f2de763bc41ea05a0be5941176c3 + 3624f8474c1af46d75f98bc097d7864a323c81b3808aa43689a6e1c601c027be + The slf4j API + + Business Process Center - Runtime Environment:compile + + + + file + name + slf4j-api + + + jar + package name + slf4j + + + Manifest + automatic-module-name + org.slf4j + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + slf4j.api + + + pom + artifactid + slf4j-api + + + pom + artifactid + slf4j-api + + + pom + groupid + org.slf4j + + + pom + name + SLF4J API Module + + + pom + parent-artifactid + slf4j-parent + + + pom + url + http://www.slf4j.org + + + file + name + slf4j-api + + + jar + package name + slf4j + + + Manifest + automatic-module-name + org.slf4j + + + Manifest + Bundle-Name + slf4j-api + + + Manifest + bundle-requiredexecutionenvironment + J2SE-1.5 + + + Manifest + bundle-symbolicname + slf4j.api + + + Manifest + Implementation-Title + slf4j-api + + + pom + artifactid + slf4j-api + + + pom + groupid + org.slf4j + + + pom + name + SLF4J API Module + + + pom + parent-artifactid + slf4j-parent + + + pom + url + http://www.slf4j.org + + + file + version + 1.7.32 + + + Manifest + Bundle-Version + 1.7.32 + + + Manifest + Implementation-Version + 1.7.32 + + + pom + version + 1.7.32 + + + + + pkg:maven/org.slf4j/slf4j-api@1.7.32 + + https://ossindex.sonatype.org/component/pkg:maven/org.slf4j/slf4j-api@1.7.32?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + spring-core-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-core/5.3.22/spring-core-5.3.22.jar + 8f768c0706314fb9c71cd5db24a6225a + 661fc01832716c7eedebf995c6841b2f7117c63d + 6e97fb95215c583b06098c0a73d27237c6165ccd4f8103e2ded40303382bcba3 + Spring Core + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + spring-aop-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-aop/5.3.22/spring-aop-5.3.22.jar + 52c0efeaa4528e30b805bbd3d908281d8488e487cd2a45d8e4d7b591e6b08e77 + 2f9f00efbff8432f145ccffeb93e6a1819bac362 + 8f59cdaf80f1836a9631b3e3c8513cb4 + + + pkg:maven/org.springframework/spring-aop@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-aop@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + spring-beans-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-beans/5.3.22/spring-beans-5.3.22.jar + 4adff173a6f68ffc5a5333c8c8a37d10740b0cc124f9aafaed88a3a8ca431ca4 + 866c2022b5fef05b1702f4a07cfa5598660ce08a + 254c6d03b5b6164328329a188267291f + + + pkg:maven/org.springframework/spring-beans@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-beans@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + spring-context-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-context/5.3.22/spring-context-5.3.22.jar + e7f9c4727c98aaf02542056f1c2c504dcdb4478f75c4baeb81ab15059b7552c5 + fdd59bb4795c7a399e95ec4a5c8b91103e3189fd + 3b00971f0b99194b13d5762ca319b9c5 + + + pkg:maven/org.springframework/spring-context@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + spring-expression-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-expression/5.3.22/spring-expression-5.3.22.jar + c4088592b55c8c29888a3fefdd1e0ba8192b4216c3be963ed66a5c6b82b53428 + c056f9e9994b18c95deead695f9471952d1f21d1 + 1648040f13200e725ec6393c6ffa1f9c + + + pkg:maven/org.springframework/spring-expression@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-expression@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + spring-jcl-5.3.22.jar + + /var/lib/jenkins/.m2/repository/org/springframework/spring-jcl/5.3.22/spring-jcl-5.3.22.jar + 9850007771da9a266a1c8176a7a8387cc33603f5f92dc753afc846dec125c880 + 811ace5e5eb379654ed96fd7844809db51af74a5 + ee2f0e6c61acc47fa33c908177c921c0 + + + pkg:maven/org.springframework/spring-jcl@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-jcl@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + spring-core + + + hint analyzer + vendor + pivotal software + + + hint analyzer + vendor + SpringSource + + + hint analyzer + vendor + vmware + + + jar + package name + core + + + jar + package name + io + + + jar + package name + springframework + + + Manifest + automatic-module-name + spring.core + + + pom + artifactid + spring-core + + + pom + artifactid + spring-core + + + pom + developer email + jhoeller@pivotal.io + + + pom + developer id + jhoeller + + + pom + developer name + Juergen Hoeller + + + pom + groupid + org.springframework + + + pom + name + Spring Core + + + pom + organization name + Spring IO + + + pom + organization url + https://spring.io/projects/spring-framework + + + pom + url + spring-projects/spring-framework + + + file + name + spring-core + + + hint analyzer + product + springsource_spring_framework + + + jar + package name + core + + + jar + package name + io + + + jar + package name + springframework + + + Manifest + automatic-module-name + spring.core + + + Manifest + Implementation-Title + spring-core + + + pom + artifactid + spring-core + + + pom + developer email + jhoeller@pivotal.io + + + pom + developer id + jhoeller + + + pom + developer name + Juergen Hoeller + + + pom + groupid + org.springframework + + + pom + name + Spring Core + + + pom + organization name + Spring IO + + + pom + organization url + https://spring.io/projects/spring-framework + + + pom + url + spring-projects/spring-framework + + + file + version + 5.3.22 + + + Manifest + Implementation-Version + 5.3.22 + + + pom + version + 5.3.22 + + + + + pkg:maven/org.springframework/spring-core@5.3.22 + + https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.3.22?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:pivotal_software:spring_framework:5.3.22:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Apivotal_software&cpe_product=cpe%3A%2F%3Apivotal_software%3Aspring_framework&cpe_version=cpe%3A%2F%3Apivotal_software%3Aspring_framework%3A5.3.22 + + + cpe:2.3:a:springsource:spring_framework:5.3.22:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aspringsource&cpe_product=cpe%3A%2F%3Aspringsource%3Aspring_framework&cpe_version=cpe%3A%2F%3Aspringsource%3Aspring_framework%3A5.3.22 + + + cpe:2.3:a:vmware:spring_framework:5.3.22:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Avmware&cpe_product=cpe%3A%2F%3Avmware%3Aspring_framework&cpe_version=cpe%3A%2F%3Avmware%3Aspring_framework%3A5.3.22 + + + + + sshd-osgi-2.9.1.jar + /var/lib/jenkins/.m2/repository/org/apache/sshd/sshd-osgi/2.9.1/sshd-osgi-2.9.1.jar + f26106764b481b3f334b1a44af9464ad + 9ed1a653da98a1aabe3ae092ee8310299718e914 + e06c2b0c05dac8bab96ff81e111f30a8ad53db3e9843e45eeca278b30a504550 + The Apache Software Foundation provides support for the Apache community of + open-source software projects. The Apache projects are characterized by a collaborative, + consensus based development process, an open and pragmatic software license, and a desire to + create high quality software that leads the way in its field. We consider ourselves not + simply a group of projects sharing a server, but rather a community of developers and users. + https://www.apache.org/licenses/LICENSE-2.0 + + Business Process Center - Runtime Environment:compile + + + + file + name + sshd-osgi + + + jar + package name + apache + + + jar + package name + sshd + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.sshd.osgi + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + sshd-osgi + + + pom + artifactid + sshd-osgi + + + pom + groupid + org.apache.sshd + + + pom + name + Apache Mina SSHD :: OSGi + + + pom + parent-artifactid + sshd + + + file + name + sshd-osgi + + + jar + package name + apache + + + jar + package name + server + + + jar + package name + sshd + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache Mina SSHD :: OSGi + + + Manifest + bundle-symbolicname + org.apache.sshd.osgi + + + Manifest + Implementation-Title + Apache Mina SSHD :: OSGi + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache Mina SSHD :: OSGi + + + pom + artifactid + sshd-osgi + + + pom + groupid + org.apache.sshd + + + pom + name + Apache Mina SSHD :: OSGi + + + pom + parent-artifactid + sshd + + + file + version + 2.9.1 + + + Manifest + Bundle-Version + 2.9.1 + + + Manifest + Implementation-Version + 2.9.1 + + + pom + version + 2.9.1 + + + + + pkg:maven/org.apache.sshd/sshd-osgi@2.9.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.sshd/sshd-osgi@2.9.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:sshd:2.9.1:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Asshd&cpe_version=cpe%3A%2F%3Aapache%3Asshd%3A2.9.1 + + + + + CVE-2022-45047 + CRITICAL + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.1 + + + CWE-502 + + Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in + Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized + java.security.PrivateKey. The class is one of several implementations that an + implementor using Apache MINA SSHD can choose for loading the host keys of an SSH + server. + + + CONFIRM + https://www.mail-archive.com/dev@mina.apache.org/msg39312.html + N/A + + + + + cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:* + + + + + + stax-ex-1.8.3.jar + /var/lib/jenkins/.m2/repository/org/jvnet/staxex/stax-ex/1.8.3/stax-ex-1.8.3.jar + f6d943e74064cc1e7986236699d6cd04 + 4d69b68ee007aa15238cd4477392068b32747df3 + bee08da10bbc481418a1af70b9e9a80321b745bfb4dbdebbe98c1aa17c45caf8 + Extensions to JSR-173 StAX API. + Eclipse Distribution License - v 1.0: + http://www.eclipse.org/org/documents/edl-v10.php + + Business Process Center - Runtime Environment:runtime + + + + file + name + stax-ex + + + jar + package name + jvnet + + + jar + package name + staxex + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + bundle-symbolicname + org.jvnet.staxex.stax-ex + + + Manifest + implementation-build-id + 1.8.3 - 1.8.3-RELEASE-eb4e2c1 + + + Manifest + implementation-url + https://projects.eclipse.org/projects/ee4j/stax-ex + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + org.jvnet.staxex + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + stax-ex + + + pom + artifactid + stax-ex + + + pom + developer email + Roman.Grigoriadi@oracle.com + + + pom + developer email + Zheng.Jun.Li@oracle.com + + + pom + developer id + bravehorsie + + + pom + developer id + zhengjl + + + pom + developer name + Roman Grigoriadi + + + pom + developer name + Zheng Jun Li + + + pom + groupid + org.jvnet.staxex + + + pom + name + Extended StAX API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + file + name + stax-ex + + + jar + package name + jvnet + + + jar + package name + staxex + + + Manifest + build-jdk-spec + 11 + + + Manifest + bundle-docurl + https://www.eclipse.org + + + Manifest + Bundle-Name + Extended StAX API + + + Manifest + bundle-symbolicname + org.jvnet.staxex.stax-ex + + + Manifest + implementation-build-id + 1.8.3 - 1.8.3-RELEASE-eb4e2c1 + + + Manifest + Implementation-Title + Extended StAX API + + + Manifest + implementation-url + https://projects.eclipse.org/projects/ee4j/stax-ex + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + pom + artifactid + stax-ex + + + pom + developer email + Roman.Grigoriadi@oracle.com + + + pom + developer email + Zheng.Jun.Li@oracle.com + + + pom + developer id + bravehorsie + + + pom + developer id + zhengjl + + + pom + developer name + Roman Grigoriadi + + + pom + developer name + Zheng Jun Li + + + pom + groupid + org.jvnet.staxex + + + pom + name + Extended StAX API + + + pom + parent-artifactid + project + + + pom + parent-groupid + org.eclipse.ee4j + + + file + version + 1.8.3 + + + Manifest + Bundle-Version + 1.8.3 + + + Manifest + implementation-build-id + 1.8.3 + + + Manifest + Implementation-Version + 1.8.3 + + + pom + parent-version + 1.8.3 + + + pom + version + 1.8.3 + + + + + pkg:maven/org.jvnet.staxex/stax-ex@1.8.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.jvnet.staxex/stax-ex@1.8.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:oracle:java_se:1.8.3:*:*:*:*:*:*:* + + + cpe:2.3:a:oracle:projects:1.8.3:*:*:*:*:*:*:* + + + + + stax2-api-4.2.1.jar + + /var/lib/jenkins/.m2/repository/org/codehaus/woodstox/stax2-api/4.2.1/stax2-api-4.2.1.jar + af8377bc7882332e22456616a9f164f6 + a3f7325c52240418c2ba257b103c3c550e140c83 + 678567e48b51a42c65c699f266539ad3d676d4b1a5b0ad7d89ece8b9d5772579 + tax2 API is an extension to basic Stax 1.0 API that adds significant new + functionality, such as full-featured bi-direction validation interface and high-performance + Typed Access API. + + The BSD License: http://www.opensource.org/licenses/bsd-license.php + + Business Process Center - Runtime Environment:compile + + + + file + name + stax2-api + + + jar + package name + codehaus + + + jar + package name + stax2 + + + jar + package name + typed + + + jar + package name + validation + + + Manifest + automatic-module-name + org.codehaus.stax2 + + + Manifest + bundle-docurl + http://github.com/FasterXML/stax2-api + + + Manifest + bundle-symbolicname + stax2-api + + + Manifest + implementation-build-date + 2020-05-14 04:15:18+0000 + + + Manifest + Implementation-Vendor + fasterxml.com + + + Manifest + Implementation-Vendor-Id + org.codehaus.woodstox + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-vendor + fasterxml.com + + + pom + artifactid + stax2-api + + + pom + artifactid + stax2-api + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + tatu + + + pom + developer name + Tatu Saloranta + + + pom + groupid + org.codehaus.woodstox + + + pom + name + Stax2 API + + + pom + organization name + fasterxml.com + + + pom + organization url + http://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + parent-groupid + com.fasterxml + + + pom + url + http://github.com/FasterXML/stax2-api + + + file + name + stax2-api + + + jar + package name + codehaus + + + jar + package name + osgi + + + jar + package name + stax2 + + + jar + package name + typed + + + jar + package name + validation + + + Manifest + automatic-module-name + org.codehaus.stax2 + + + Manifest + bundle-docurl + http://github.com/FasterXML/stax2-api + + + Manifest + Bundle-Name + Stax2 API + + + Manifest + bundle-symbolicname + stax2-api + + + Manifest + implementation-build-date + 2020-05-14 04:15:18+0000 + + + Manifest + Implementation-Title + Stax2 API + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-title + Stax2 API + + + pom + artifactid + stax2-api + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + tatu + + + pom + developer name + Tatu Saloranta + + + pom + groupid + org.codehaus.woodstox + + + pom + name + Stax2 API + + + pom + organization name + fasterxml.com + + + pom + organization url + http://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + parent-groupid + com.fasterxml + + + pom + url + http://github.com/FasterXML/stax2-api + + + file + version + 4.2.1 + + + Manifest + Bundle-Version + 4.2.1 + + + Manifest + Implementation-Version + 4.2.1 + + + pom + parent-version + 4.2.1 + + + pom + version + 4.2.1 + + + + + pkg:maven/org.codehaus.woodstox/stax2-api@4.2.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.woodstox/stax2-api@4.2.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + txw2-2.3.3.jar + /var/lib/jenkins/.m2/repository/org/glassfish/jaxb/txw2/2.3.3/txw2-2.3.3.jar + 795e37279908ec42316a6c5a5e5bfc7e + 12f70b0ea4fc1ad45315e842f63f7c9a46f46530 + 97de89031348fced8d8d58b9c288c2185ab07bedc7a591f070377c45ddb05fee + + TXW is a library that allows you to write XML documents. + + + Business Process Center - Runtime Environment:runtime + Business Process Center - Runtime Environment:compile + + + + base-4.4.2.jar: txw2-2.3.3.jar + + /var/lib/jenkins/.m2/repository/org/apache/karaf/features/base/4.4.2/base-4.4.2.jar/resources/lib/jdk9plus/txw2-2.3.3.jar + 97de89031348fced8d8d58b9c288c2185ab07bedc7a591f070377c45ddb05fee + 12f70b0ea4fc1ad45315e842f63f7c9a46f46530 + 795e37279908ec42316a6c5a5e5bfc7e + + + pkg:maven/org.glassfish.jaxb/txw2@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.glassfish.jaxb/txw2@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + txw2 + + + jar + package name + sun + + + jar + package name + txw + + + jar + package name + txw2 + + + jar + package name + xml + + + jar (hint) + package name + oracle + + + Manifest + git-revision + 60e0433 + + + Manifest + Implementation-Vendor + Eclipse Foundation + + + Manifest + Implementation-Vendor-Id + org.eclipse + + + pom + artifactid + txw2 + + + pom + artifactid + txw2 + + + pom + groupid + org.glassfish.jaxb + + + pom + name + TXW2 Runtime + + + pom + parent-artifactid + jaxb-txw-parent + + + pom + parent-groupid + com.sun.xml.bind.mvn + + + file + name + txw2 + + + jar + package name + sun + + + jar + package name + txw + + + jar + package name + txw2 + + + jar + package name + xml + + + Manifest + git-revision + 60e0433 + + + Manifest + Implementation-Title + Jakarta XML Binding Implementation + + + Manifest + specification-title + Jakarta XML Binding + + + pom + artifactid + txw2 + + + pom + groupid + org.glassfish.jaxb + + + pom + name + TXW2 Runtime + + + pom + parent-artifactid + jaxb-txw-parent + + + pom + parent-groupid + com.sun.xml.bind.mvn + + + file + version + 2.3.3 + + + Manifest + build-id + 2.3.3 + + + Manifest + Implementation-Version + 2.3.3 + + + Manifest + major-version + 2.3.3 + + + pom + version + 2.3.3 + + + + + pkg:maven/org.glassfish.jaxb/txw2@2.3.3 + + https://ossindex.sonatype.org/component/pkg:maven/org.glassfish.jaxb/txw2@2.3.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + undertow-core-2.2.21.Final.jar + + /var/lib/jenkins/.m2/repository/io/undertow/undertow-core/2.2.21.Final/undertow-core-2.2.21.Final.jar + b27a9e5517bb2b92ae824a49db653b83 + fba0d0ec898ac297a455a2ad7a8f3b7cac4b757b + 6d1b35a8199b3de0dc64d9922c67601fdef8f8d94437444d1ebd7836022b9777 + Undertow + http://repository.jboss.org/licenses/apache-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + undertow-core + + + hint analyzer + vendor + redhat + + + jar + package name + core + + + jar + package name + io + + + jar + package name + undertow + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + io.undertow.core + + + Manifest + implementation-url + http://www.jboss.org/undertow-parent/undertow-core + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + io.undertow + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + undertow-core + + + pom + artifactid + undertow-core + + + pom + groupid + io.undertow + + + pom + name + Undertow Core + + + pom + parent-artifactid + undertow-parent + + + file + name + undertow-core + + + jar + package name + core + + + jar + package name + http + + + jar + package name + io + + + jar + package name + undertow + + + jar + package name + version + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + Undertow Core + + + Manifest + bundle-symbolicname + io.undertow.core + + + Manifest + Implementation-Title + Undertow Core + + + Manifest + implementation-url + http://www.jboss.org/undertow-parent/undertow-core + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Undertow Core + + + pom + artifactid + undertow-core + + + pom + groupid + io.undertow + + + pom + name + Undertow Core + + + pom + parent-artifactid + undertow-parent + + + Manifest + Bundle-Version + 2.2.21.Final + + + Manifest + Implementation-Version + 2.2.21.Final + + + pom + version + 2.2.21.Final + + + + + pkg:maven/io.undertow/undertow-core@2.2.21.Final + + https://ossindex.sonatype.org/component/pkg:maven/io.undertow/undertow-core@2.2.21.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:redhat:undertow:2.2.21:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.2.21 + + + + + CVE-2016-6311 + MEDIUM + + 5.3 + N + L + N + N + U + L + N + N + MEDIUM + + + CWE-200 + + Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose + internal IP addresses to remote attackers. + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6311 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6311 + + + OSSIndex + https://bugzilla.redhat.com/show_bug.cgi?id=1362735 + https://bugzilla.redhat.com/show_bug.cgi?id=1362735 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2016-6311?component-type=maven&component-name=io.undertow%2Fundertow-core&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2016-6311] CWE-200: Information Exposure + + + + + cpe:2.3:a:io.undertow:undertow-core:2.2.21.Final:*:*:*:*:*:*:* + + + + + + undertow-servlet-2.2.21.Final.jar + + /var/lib/jenkins/.m2/repository/io/undertow/undertow-servlet/2.2.21.Final/undertow-servlet-2.2.21.Final.jar + d787a2ab9c1045285e96443f45ddbb3b + c2c846c9723ccfc6b3da72245a78ca7747ef0ff0 + e5a2abe5f88a9fc59fb9a084478a79ef96dc7e74d815b30a316830e7d481592a + Undertow + http://repository.jboss.org/licenses/apache-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + undertow-websockets-jsr-2.2.21.Final.jar + + /var/lib/jenkins/.m2/repository/io/undertow/undertow-websockets-jsr/2.2.21.Final/undertow-websockets-jsr-2.2.21.Final.jar + 1de3a4972362c5935a3d0ffc1942664488d08d4df2fa8215fbb9811ffdca1e23 + aff5d92a0eb4942a6167e40f329a505e0a5af138 + 710aff9cf7328519a59c21a3e163e990 + + + pkg:maven/io.undertow/undertow-websockets-jsr@2.2.21.Final + + https://ossindex.sonatype.org/component/pkg:maven/io.undertow/undertow-websockets-jsr@2.2.21.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + undertow-servlet + + + hint analyzer + vendor + redhat + + + jar + package name + io + + + jar + package name + servlet + + + jar + package name + undertow + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + io.undertow.servlet + + + Manifest + implementation-url + http://www.jboss.org/undertow-parent/undertow-servlet + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + io.undertow + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + undertow-servlet + + + pom + artifactid + undertow-servlet + + + pom + groupid + io.undertow + + + pom + name + Undertow Servlet + + + pom + parent-artifactid + undertow-parent + + + file + name + undertow-servlet + + + jar + package name + io + + + jar + package name + servlet + + + jar + package name + undertow + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + Undertow Servlet + + + Manifest + bundle-symbolicname + io.undertow.servlet + + + Manifest + Implementation-Title + Undertow Servlet + + + Manifest + implementation-url + http://www.jboss.org/undertow-parent/undertow-servlet + + + Manifest + originally-created-by + Apache Maven Bundle Plugin + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Undertow Servlet + + + pom + artifactid + undertow-servlet + + + pom + groupid + io.undertow + + + pom + name + Undertow Servlet + + + pom + parent-artifactid + undertow-parent + + + Manifest + Bundle-Version + 2.2.21.Final + + + Manifest + Implementation-Version + 2.2.21.Final + + + pom + version + 2.2.21.Final + + + + + pkg:maven/io.undertow/undertow-servlet@2.2.21.Final + + https://ossindex.sonatype.org/component/pkg:maven/io.undertow/undertow-servlet@2.2.21.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:redhat:undertow:2.2.21:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.2.21 + + + + + wildfly-client-config-1.0.1.Final.jar + + /var/lib/jenkins/.m2/repository/org/wildfly/client/wildfly-client-config/1.0.1.Final/wildfly-client-config-1.0.1.Final.jar + 77f13d40c0fc70d05b48d43ac8ae2581 + 2a803b23c40a0de0f03a90d1fd3755747bc05f4b + 80a4e963ce94ebb043ecb0f2c0e77d327f23dc87d81350b863752eedfa2c3bb3 + Library for supporting WildFly common client configuration + Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + wildfly-client-config + + + hint analyzer + vendor + redhat + + + jar + package name + client + + + jar + package name + config + + + jar + package name + wildfly + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + org.wildfly.client.wildfly-client-config + + + Manifest + implementation-url + http://www.jboss.org/wildfly-client-config + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.wildfly.client + + + Manifest + os-arch + x86_64 + + + Manifest + os-name + Mac OS X + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + wildfly-client-config + + + pom + artifactid + wildfly-client-config + + + pom + groupid + org.wildfly.client + + + pom + name + WildFly Client Configuration + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + file + name + wildfly-client-config + + + jar + package name + client + + + jar + package name + config + + + jar + package name + wildfly + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + WildFly Client Configuration + + + Manifest + bundle-symbolicname + org.wildfly.client.wildfly-client-config + + + Manifest + Implementation-Title + WildFly Client Configuration + + + Manifest + implementation-url + http://www.jboss.org/wildfly-client-config + + + Manifest + os-arch + x86_64 + + + Manifest + os-name + Mac OS X + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + WildFly Client Configuration + + + pom + artifactid + wildfly-client-config + + + pom + groupid + org.wildfly.client + + + pom + name + WildFly Client Configuration + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + Manifest + Bundle-Version + 1.0.1.Final + + + Manifest + Implementation-Version + 1.0.1.Final + + + pom + parent-version + 1.0.1.Final + + + pom + version + 1.0.1.Final + + + + + pkg:maven/org.wildfly.client/wildfly-client-config@1.0.1.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.wildfly.client/wildfly-client-config@1.0.1.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wildfly-common-1.5.4.Final.jar + + /var/lib/jenkins/.m2/repository/org/wildfly/common/wildfly-common/1.5.4.Final/wildfly-common-1.5.4.Final.jar + 56d909f0e3f28084ae38c7604bf23192 + 735ceee5616d5143bac1bc740e444697073c002f + 9fda3caf8bd528dec56ebc70daf78f5a9ff5d0bfcea8b3e41ab7ae838747e46a + Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + wildfly-common + + + hint analyzer + vendor + redhat + + + jar + package name + common + + + jar + package name + org + + + jar + package name + wildfly + + + Manifest + implementation-url + http://www.jboss.org/wildfly-common + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.wildfly.common + + + Manifest + multi-release + true + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + wildfly-common + + + pom + artifactid + wildfly-common + + + pom + groupid + org.wildfly.common + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + file + name + wildfly-common + + + jar + package name + common + + + jar + package name + org + + + jar + package name + wildfly + + + Manifest + Implementation-Title + wildfly-common + + + Manifest + implementation-url + http://www.jboss.org/wildfly-common + + + Manifest + multi-release + true + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + specification-title + wildfly-common + + + pom + artifactid + wildfly-common + + + pom + groupid + org.wildfly.common + + + pom + parent-artifactid + jboss-parent + + + pom + parent-groupid + org.jboss + + + Manifest + Implementation-Version + 1.5.4.Final + + + pom + parent-version + 1.5.4.Final + + + pom + version + 1.5.4.Final + + + + + pkg:maven/org.wildfly.common/wildfly-common@1.5.4.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.wildfly.common/wildfly-common@1.5.4.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + woodstox-core-6.2.8.jar (shaded: com.sun.xml.bind.jaxb:isorelax:20090621) + + /var/lib/jenkins/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.8/woodstox-core-6.2.8.jar/META-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml + 6fbb4bc95fbf2072bc6e3b790553fe81 + 314ec72948d5c1fc71d553cbbd7a130caa6f9f13 + cda6451d0231a973352b592ff950e39224ba6ba1a2f35eeab66511b5c225dff1 + Unknown version of isorelax library used in JAXB project + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + isorelax + + + pom + groupid + com.sun.xml.bind.jaxb + + + pom + name + JAXB isorelax library + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + artifactid + isorelax + + + pom + groupid + com.sun.xml.bind.jaxb + + + pom + name + JAXB isorelax library + + + pom + parent-artifactid + jvnet-parent + + + pom + parent-groupid + net.java + + + pom + parent-version + 20090621 + + + pom + version + 20090621 + + + + + pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621 + + https://ossindex.sonatype.org/component/pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + woodstox-core-6.2.8.jar (shaded: net.java.dev.msv:xsdlib:2013.6.1) + + /var/lib/jenkins/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.8/woodstox-core-6.2.8.jar/META-INF/maven/net.java.dev.msv/xsdlib/pom.xml + aaf872ed9d1aabee25e03c2a132ffd8e + 47f218a999411ed028f089d59ebef8f14e0fe914 + d6e83c124436049d83238fc532a26c5d8ccd7e4ab10eba6d96043c850ac82f3c + XML Schema datatypes library + + Business Process Center - Runtime Environment:compile + + + + pom + artifactid + xsdlib + + + pom + groupid + net.java.dev.msv + + + pom + name + MSV XML Schema Library + + + pom + parent-artifactid + msv + + + pom + artifactid + xsdlib + + + pom + groupid + net.java.dev.msv + + + pom + name + MSV XML Schema Library + + + pom + parent-artifactid + msv + + + pom + version + 2013.6.1 + + + + + pkg:maven/net.java.dev.msv/xsdlib@2013.6.1 + + https://ossindex.sonatype.org/component/pkg:maven/net.java.dev.msv/xsdlib@2013.6.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + woodstox-core-6.2.8.jar + + /var/lib/jenkins/.m2/repository/com/fasterxml/woodstox/woodstox-core/6.2.8/woodstox-core-6.2.8.jar + a06f113f68a07546494ee9cb1d5fb0c6 + 670748292899c53b1963730d9eb7f8ab71314e90 + 3801762d429c5edf3aef9d734118987bb7bf09c786eecb7b7613e9b658d031cc + Woodstox is a high-performance XML processor that implements Stax (JSR-173), + SAX2 and Stax2 APIs + + The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + woodstox-core + + + jar + package name + stax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://github.com/FasterXML/woodstox + + + Manifest + bundle-symbolicname + com.fasterxml.woodstox.woodstox-core + + + Manifest + implementation-build-date + 2022-01-14 01:38:52+0000 + + + Manifest + Implementation-Vendor + FasterXML + + + Manifest + Implementation-Vendor-Id + com.fasterxml.woodstox + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-vendor + FasterXML + + + pom + artifactid + woodstox-core + + + pom + artifactid + woodstox-core + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + cowtowncoder + + + pom + developer name + Tatu Saloranta + + + pom + groupid + com.fasterxml.woodstox + + + pom + name + Woodstox + + + pom + organization name + FasterXML + + + pom + organization url + http://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + parent-groupid + com.fasterxml + + + pom + url + FasterXML/woodstox + + + file + name + woodstox-core + + + jar + package name + osgi + + + jar + package name + stax + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + https://github.com/FasterXML/woodstox + + + Manifest + Bundle-Name + Woodstox + + + Manifest + bundle-symbolicname + com.fasterxml.woodstox.woodstox-core + + + Manifest + implementation-build-date + 2022-01-14 01:38:52+0000 + + + Manifest + Implementation-Title + Woodstox + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" + + + Manifest + specification-title + Woodstox + + + pom + artifactid + woodstox-core + + + pom + developer email + tatu@fasterxml.com + + + pom + developer id + cowtowncoder + + + pom + developer name + Tatu Saloranta + + + pom + groupid + com.fasterxml.woodstox + + + pom + name + Woodstox + + + pom + organization name + FasterXML + + + pom + organization url + http://fasterxml.com + + + pom + parent-artifactid + oss-parent + + + pom + parent-groupid + com.fasterxml + + + pom + url + FasterXML/woodstox + + + file + version + 6.2.8 + + + Manifest + Bundle-Version + 6.2.8 + + + Manifest + Implementation-Version + 6.2.8 + + + pom + parent-version + 6.2.8 + + + pom + version + 6.2.8 + + + + + pkg:maven/com.fasterxml.woodstox/woodstox-core@6.2.8 + + https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.2.8?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + CVE-2022-40152 + HIGH + + 7.5 + N + L + + N + N + H + HIGH + + + CWE-787 + + Those using Woodstox to parse XML data may be vulnerable to Denial of Service + attacks (DOS) if DTD support is enabled. If the parser is running on user supplied + input, an attacker may supply content that causes the parser to crash by stackoverflow. + This effect may support a denial of service attack. + + + OSSIndex + https://github.com/FasterXML/woodstox/issues/157 + https://github.com/FasterXML/woodstox/issues/157 + + + OSSIndex + https://github.com/FasterXML/woodstox/issues/160 + https://github.com/FasterXML/woodstox/issues/160 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2022-40152?component-type=maven&component-name=com.fasterxml.woodstox%2Fwoodstox-core&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2022-40152] CWE-787: Out-of-bounds Write + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40152 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40152 + + + OSSIndex + https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 + https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 + + + OSSIndex + https://github.com/FasterXML/woodstox/pull/159 + https://github.com/FasterXML/woodstox/pull/159 + + + + + cpe:2.3:a:com.fasterxml.woodstox:woodstox-core:6.2.8:*:*:*:*:*:*:* + + + + + + wsdl4j-1.6.3.jar + /var/lib/jenkins/.m2/repository/wsdl4j/wsdl4j/1.6.3/wsdl4j-1.6.3.jar + cfc28d89625c5e88589aec7a9aee0208 + 6d106a6845a3d3477a1560008479312888e94f2f + 740f448e6b3bc110e02f4a1e56fb57672e732d2ecaf29ae15835051ae8af4725 + Java stub generator for WSDL + CPL: http://www.opensource.org/licenses/cpl1.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + wsdl4j + + + jar + package name + ibm + + + jar + package name + wsdl + + + Manifest + Implementation-Vendor + IBM + + + Manifest + specification-vendor + IBM (Java Community Process) + + + pom + artifactid + wsdl4j + + + pom + artifactid + wsdl4j + + + pom + developer email + wsdl4j-discuss@sourceforge.net + + + pom + developer id + wsdl4j + + + pom + developer name + WSDL4J + + + pom + groupid + wsdl4j + + + pom + name + WSDL4J + + + pom + url + http://sf.net/projects/wsdl4j + + + file + name + wsdl4j + + + jar + package name + wsdl + + + Manifest + Implementation-Title + WSDL4J + + + Manifest + specification-title + JWSDL + + + pom + artifactid + wsdl4j + + + pom + developer email + wsdl4j-discuss@sourceforge.net + + + pom + developer id + wsdl4j + + + pom + developer name + WSDL4J + + + pom + groupid + wsdl4j + + + pom + name + WSDL4J + + + pom + url + http://sf.net/projects/wsdl4j + + + file + version + 1.6.3 + + + Manifest + Implementation-Version + 1.6.3 + + + pom + version + 1.6.3 + + + + + pkg:maven/wsdl4j/wsdl4j@1.6.3 + + https://ossindex.sonatype.org/component/pkg:maven/wsdl4j/wsdl4j@1.6.3?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wss4j-policy-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-policy/2.4.1/wss4j-policy-2.4.1.jar + ee99d2acd4e3ea7dc8546e1e474e157a + 31920443760afe7a51b16ecd5d607eefeed2b188 + 359bcbeb84d02a754583089352935e5ed0d7f43572d80dc45a587d8d1e1fdf60 + Apache WSS4J parent pom + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + wss4j-bindings-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-bindings/2.4.1/wss4j-bindings-2.4.1.jar + 4be1434a9fe0b75f2759d707a34aa219d20d266709054b5d2588f82a3b8aabe8 + 5c55b53cfc3c7edba51a08681fa688a3865a5daa + 8da90ad948f3534830748b16f8543325 + + + pkg:maven/org.apache.wss4j/wss4j-bindings@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-bindings@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wss4j-ws-security-common-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-ws-security-common/2.4.1/wss4j-ws-security-common-2.4.1.jar + a15f05408872faddbf3f4c44cccb8777f4856f60b6a7e991ceccfbbc5ecab7cf + 9196e471abd2509d0880421d2ead95e7ab7732d1 + 131753b201ebb1f15f275ccef0e28b49 + + + pkg:maven/org.apache.wss4j/wss4j-ws-security-common@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-ws-security-common@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wss4j-ws-security-dom-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-ws-security-dom/2.4.1/wss4j-ws-security-dom-2.4.1.jar + 1c2e83a062ec83bebe1d50333fb814f3d3421f177eaa09ee95bee1be8474d309 + 947dab5118870ac6afe3198b38fd047fb7d01cf7 + 112489f02b8b4d55de1170392be63212 + + + pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wss4j-ws-security-policy-stax-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-ws-security-policy-stax/2.4.1/wss4j-ws-security-policy-stax-2.4.1.jar + b0e68a308269b17f44c58e4bd4317e7abd3231acd7908154903767bdb2fba011 + 34612fc8b687bc0fe180419e5b96b0b71a7bc115 + b28f7d24b8c71362e3cdfc66fe426168 + + + pkg:maven/org.apache.wss4j/wss4j-ws-security-policy-stax@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-ws-security-policy-stax@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + wss4j-ws-security-stax-2.4.1.jar + + /var/lib/jenkins/.m2/repository/org/apache/wss4j/wss4j-ws-security-stax/2.4.1/wss4j-ws-security-stax-2.4.1.jar + 6681b0971261b83bec424599b4d844cfb85ccaabeee93a55eb474ca01ab237a6 + ca5829560d6bfc9bd76007ddfd49c485cacf40ce + 753b48d8804b7042199d1d71890f4628 + + + pkg:maven/org.apache.wss4j/wss4j-ws-security-stax@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-ws-security-stax@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + wss4j-policy + + + jar + package name + apache + + + jar + package name + model + + + jar + package name + policy + + + jar + package name + wss4j + + + Manifest + automatic-module-name + org.apache.wss4j.policy + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://ws.apache.org/wss4j + + + Manifest + bundle-symbolicname + org.apache.wss4j.wss4j-policy + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + wss4j-policy + + + pom + artifactid + wss4j-policy + + + pom + groupid + org.apache.wss4j + + + pom + name + Apache WSS4J WS-SecurityPolicy model + + + pom + parent-artifactid + wss4j-parent + + + file + name + wss4j-policy + + + jar + package name + apache + + + jar + package name + model + + + jar + package name + policy + + + jar + package name + wss4j + + + Manifest + automatic-module-name + org.apache.wss4j.policy + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://ws.apache.org/wss4j + + + Manifest + Bundle-Name + Apache WSS4J WS-SecurityPolicy model + + + Manifest + bundle-symbolicname + org.apache.wss4j.wss4j-policy + + + Manifest + Implementation-Title + Apache WSS4J WS-SecurityPolicy model + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache WSS4J WS-SecurityPolicy model + + + pom + artifactid + wss4j-policy + + + pom + groupid + org.apache.wss4j + + + pom + name + Apache WSS4J WS-SecurityPolicy model + + + pom + parent-artifactid + wss4j-parent + + + file + version + 2.4.1 + + + Manifest + Bundle-Version + 2.4.1 + + + Manifest + Implementation-Version + 2.4.1 + + + pom + version + 2.4.1 + + + + + pkg:maven/org.apache.wss4j/wss4j-policy@2.4.1 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.wss4j/wss4j-policy@2.4.1?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:wss4j:2.4.1:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Awss4j&cpe_version=cpe%3A%2F%3Aapache%3Awss4j%3A2.4.1 + + + + + xml-apis-1.4.01.jar + /var/lib/jenkins/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar + 7eaad6fea5925cca6c36ee8b3e02ac9d + 3789d9fada2d3d458c4ba2de349d48780f381ee3 + a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad + xml-commons provides an Apache-hosted set of DOM, SAX, and + JAXP interfaces for use in other xml-based projects. Our hope is that we + can standardize on both a common version and packaging scheme for these + critical XML standards interfaces to make the lives of both our developers + and users easier. The External Components portion of xml-commons contains + interfaces that are defined by external standards organizations. For DOM, + that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for + JAXP it's Sun. + The Apache Software License, Version 2.0: + http://www.apache.org/licenses/LICENSE-2.0.txt + The SAX License: http://www.saxproject.org/copying.html + The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip + + Business Process Center - Runtime Environment:runtime + + + + file + name + xml-apis + + + jar + package name + apache + + + jar + package name + dom + + + jar + package name + sax + + + jar + package name + version + + + jar + package name + w3c + + + jar + package name + xml + + + manifest: javax/xml/datatype/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/namespace/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/parsers/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/stream/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/transform/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/validation/ + Implementation-Vendor + Apache Software Foundation + + + manifest: javax/xml/xpath/ + Implementation-Vendor + Apache Software Foundation + + + manifest: org/apache/xmlcommons/Version + Implementation-Vendor + Apache Software Foundation + + + manifest: org/w3c/dom/ + Implementation-Vendor + World Wide Web Consortium + + + manifest: org/w3c/dom/ls/ + Implementation-Vendor + World Wide Web Consortium + + + manifest: org/xml/sax/ + Implementation-Vendor + David Megginson + + + pom + artifactid + xml-apis + + + pom + artifactid + xml-apis + + + pom + developer email + commons-dev@xml.apache.org + + + pom + developer id + xml-apis + + + pom + developer name + Apache Software Foundation + + + pom + developer org + Apache Software Foundation + + + pom + developer org URL + http://www.apache.org + + + pom + groupid + xml-apis + + + pom + name + XML Commons External Components XML APIs + + + pom + url + http://xml.apache.org/commons/components/external/ + + + file + name + xml-apis + + + jar + package name + apache + + + jar + package name + datatype + + + jar + package name + document + + + jar + package name + dom + + + jar + package name + javax + + + jar + package name + ls + + + jar + package name + namespace + + + jar + package name + parsers + + + jar + package name + sax + + + jar + package name + stax + + + jar + package name + stream + + + jar + package name + transform + + + jar + package name + validation + + + jar + package name + version + + + jar + package name + w3c + + + jar + package name + xml + + + jar + package name + xmlcommons + + + jar + package name + xpath + + + manifest: javax/xml/datatype/ + Implementation-Title + javax.xml.datatype + + + manifest: javax/xml/datatype/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: javax/xml/namespace/ + Implementation-Title + javax.xml.namespace + + + manifest: javax/xml/namespace/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: javax/xml/parsers/ + Implementation-Title + javax.xml.parsers + + + manifest: javax/xml/parsers/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: javax/xml/stream/ + Implementation-Title + javax.xml.stream + + + manifest: javax/xml/stream/ + Specification-Title + Streaming API for XML (StAX) 1.0 + + + manifest: javax/xml/transform/ + Implementation-Title + javax.xml.transform + + + manifest: javax/xml/transform/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: javax/xml/validation/ + Implementation-Title + javax.xml.validation + + + manifest: javax/xml/validation/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: javax/xml/xpath/ + Implementation-Title + javax.xml.xpath + + + manifest: javax/xml/xpath/ + Specification-Title + Java API for XML Processing (JAXP) 1.4 + + + manifest: org/apache/xmlcommons/Version + Implementation-Title + org.apache.xmlcommons.Version + + + manifest: org/w3c/dom/ + Implementation-Title + org.w3c.dom + + + manifest: org/w3c/dom/ + Specification-Title + Document Object Model (DOM) Level 3 Core + + + manifest: org/w3c/dom/ls/ + Implementation-Title + org.w3c.dom.ls + + + manifest: org/w3c/dom/ls/ + Specification-Title + Document Object Model (DOM) Level 3 Load and Save + + + manifest: org/xml/sax/ + Implementation-Title + org.xml.sax + + + manifest: org/xml/sax/ + Specification-Title + Simple API for XML + + + pom + artifactid + xml-apis + + + pom + developer email + commons-dev@xml.apache.org + + + pom + developer id + xml-apis + + + pom + developer name + Apache Software Foundation + + + pom + developer org + Apache Software Foundation + + + pom + developer org URL + http://www.apache.org + + + pom + groupid + xml-apis + + + pom + name + XML Commons External Components XML APIs + + + pom + url + http://xml.apache.org/commons/components/external/ + + + file + version + 1.4.01 + + + manifest: javax/xml/datatype/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/namespace/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/parsers/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/stream/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/transform/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/validation/ + Implementation-Version + 1.4.01 + + + manifest: javax/xml/xpath/ + Implementation-Version + 1.4.01 + + + manifest: org/apache/xmlcommons/Version + Implementation-Version + 1.4.01 + + + pom + version + 1.4.01 + + + + + pkg:maven/xml-apis/xml-apis@1.4.01 + + https://ossindex.sonatype.org/component/pkg:maven/xml-apis/xml-apis@1.4.01?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:1.4.01:*:*:*:*:*:*:* + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + xml-resolver-1.2.jar + /var/lib/jenkins/.m2/repository/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar + 706c533146c1f4ee46b66659ea14583a + 3d0f97750b3a03e0971831566067754ba4bfd68c + 47dcde8986019314ef78ae7280a94973a21d2ed95075a40a000b42da956429e1 + xml-commons provides an Apache-hosted set of DOM, SAX, and + JAXP interfaces for use in other xml-based projects. Our hope is that we + can standardize on both a common version and packaging scheme for these + critical XML standards interfaces to make the lives of both our developers + and users easier. + + Business Process Center - Runtime Environment:compile + + + + file + name + xml-resolver + + + jar + package name + apache + + + jar + package name + resolver + + + jar + package name + version + + + jar + package name + xml + + + manifest: org/apache/xml/resolver + Implementation-Vendor + Apache Software Foundation + + + pom + artifactid + xml-resolver + + + pom + artifactid + xml-resolver + + + pom + groupid + xml-resolver + + + pom + name + XML Commons Resolver Component + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + http://xml.apache.org/commons/components/resolver/ + + + file + name + xml-resolver + + + jar + package name + apache + + + jar + package name + catalog + + + jar + package name + resolver + + + jar + package name + version + + + jar + package name + xml + + + manifest: org/apache/xml/resolver + Implementation-Title + org.apache.xml.resolver.Catalog + + + pom + artifactid + xml-resolver + + + pom + groupid + xml-resolver + + + pom + name + XML Commons Resolver Component + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + http://xml.apache.org/commons/components/resolver/ + + + file + version + 1.2 + + + manifest: org/apache/xml/resolver + Implementation-Version + 1.2 + + + pom + parent-version + 1.2 + + + pom + version + 1.2 + + + + + pkg:maven/xml-resolver/xml-resolver@1.2 + + https://ossindex.sonatype.org/component/pkg:maven/xml-resolver/xml-resolver@1.2?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:* + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + xmlschema-core-2.3.0.jar + + /var/lib/jenkins/.m2/repository/org/apache/ws/xmlschema/xmlschema-core/2.3.0/xmlschema-core-2.3.0.jar + b8993a59697b293e5b1f123990df0020 + 5b99c4a647ee7155fcab0f7ec2a8737129281d68 + ab4ca02ae5634caf114161e40df94cb7e6bec2b33d372d46bd78189a4cb27dfa + Commons XMLSchema is a light weight schema object model that can be used to + manipulate or + generate XML schema. + https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + xmlschema-core + + + hint analyzer + vendor + web services + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + ws + + + Manifest + bundle-docurl + http://ws.apache.org/xmlschema/ + + + Manifest + bundle-symbolicname + org.apache.ws.xmlschema.core + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + xmlschema-core + + + pom + artifactid + xmlschema-core + + + pom + groupid + org.apache.ws.xmlschema + + + pom + name + XmlSchema Core + + + pom + parent-artifactid + xmlschema + + + file + name + xmlschema-core + + + hint analyzer + product + web services + + + jar + package name + apache + + + jar + package name + commons + + + jar + package name + ws + + + Manifest + bundle-docurl + http://ws.apache.org/xmlschema/ + + + Manifest + Bundle-Name + XmlSchema Core + + + Manifest + bundle-symbolicname + org.apache.ws.xmlschema.core + + + pom + artifactid + xmlschema-core + + + pom + groupid + org.apache.ws.xmlschema + + + pom + name + XmlSchema Core + + + pom + parent-artifactid + xmlschema + + + file + version + 2.3.0 + + + Manifest + Bundle-Version + 2.3.0 + + + pom + version + 2.3.0 + + + + + pkg:maven/org.apache.ws.xmlschema/xmlschema-core@2.3.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.ws.xmlschema/xmlschema-core@2.3.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:commons_net:2.3.0:*:*:*:*:*:*:* + + + + + CVE-2021-37533 + MEDIUM + + 6.5 + NETWORK + LOW + NONE + REQUIRED + UNCHANGED + HIGH + NONE + NONE + MEDIUM + 2.8 + 3.6 + 3.1 + + + CWE-20 + + Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from + PASV response by default. A malicious server can redirect the Commons Net code to use a + different host, but the user has to connect to the malicious server in the first place. + This may lead to leakage of information about services running on the private network of + the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL + does. See https://issues.apache.org/jira/browse/NET-711. + + + CONFIRM + https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + N/A + + + MLIST + http://www.openwall.com/lists/oss-security/2022/12/03/1 + [oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client + trusts the host from PASV response by default + + + + + cpe:2.3:a:apache:commons_net:*:*:*:*:*:*:*:* + + + + + + xmlsec-2.3.0.jar + /var/lib/jenkins/.m2/repository/org/apache/santuario/xmlsec/2.3.0/xmlsec-2.3.0.jar + 8cc3288e65ca5e11ce2c1202969780a4 + fbe5bf9896f9f90346e36e7d839b1be6f304c500 + 4b77d41c1a4415dae7cc284d75c69375a46696ff0f811d2cc88bf2ab48a78ca5 + + Apache XML Security for Java supports XML-Signature Syntax and Processing, + W3C Recommendation 12 February 2002, and XML Encryption Syntax and + Processing, W3C Recommendation 10 December 2002. As of version 1.4, + the library supports the standard Java API JSR-105: XML Digital Signature APIs. + + Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + file + name + xmlsec + + + jar + package name + apache + + + jar + package name + encryption + + + jar + package name + security + + + jar + package name + signature + + + jar + package name + xml + + + Manifest + automatic-module-name + org.apache.santuario.xmlsec + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.santuario.xmlsec + + + Manifest + implementation-url + https://santuario.apache.org/ + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache.santuario + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + xmlsec + + + pom + artifactid + xmlsec + + + pom + groupid + org.apache.santuario + + + pom + name + Apache XML Security for Java + + + pom + organization name + The Apache Software Foundation + + + pom + organization url + https://www.apache.org/ + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + https://santuario.apache.org/ + + + file + name + xmlsec + + + jar + package name + apache + + + jar + package name + encryption + + + jar + package name + security + + + jar + package name + signature + + + jar + package name + xml + + + Manifest + automatic-module-name + org.apache.santuario.xmlsec + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache XML Security for Java + + + Manifest + bundle-symbolicname + org.apache.santuario.xmlsec + + + Manifest + Implementation-Title + Apache XML Security for Java + + + Manifest + implementation-url + https://santuario.apache.org/ + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + Apache XML Security for Java + + + pom + artifactid + xmlsec + + + pom + groupid + org.apache.santuario + + + pom + name + Apache XML Security for Java + + + pom + organization name + The Apache Software Foundation + + + pom + organization url + https://www.apache.org/ + + + pom + parent-artifactid + apache + + + pom + parent-groupid + org.apache + + + pom + url + https://santuario.apache.org/ + + + file + version + 2.3.0 + + + Manifest + Bundle-Version + 2.3.0 + + + Manifest + Implementation-Version + 2.3.0 + + + pom + parent-version + 2.3.0 + + + pom + version + 2.3.0 + + + + + pkg:maven/org.apache.santuario/xmlsec@2.3.0 + + https://ossindex.sonatype.org/component/pkg:maven/org.apache.santuario/xmlsec@2.3.0?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:apache:santuario_xml_security_for_java:2.3.0:*:*:*:*:*:*:* + + + cpe:2.3:a:apache:xml_security_for_java:2.3.0:*:*:*:*:*:*:* + + + + + xnio-api-3.8.6.Final.jar + + /var/lib/jenkins/.m2/repository/org/jboss/xnio/xnio-api/3.8.6.Final/xnio-api-3.8.6.Final.jar + 9931d762f6637329bff076f7cce957c3 + 68052c0d04b051653b59110ddfd49fc8597243b1 + 3dafd120f2ac4127f930059a5b63d25d9b26b2aadf2c5add1e4c39fa3961e8ca + The API JAR of the XNIO project + http://repository.jboss.org/licenses/apache-2.0.txt + + Business Process Center - Runtime Environment:compile + + + + xnio-nio-3.8.6.Final.jar + + /var/lib/jenkins/.m2/repository/org/jboss/xnio/xnio-nio/3.8.6.Final/xnio-nio-3.8.6.Final.jar + 6afb7091c3ec1a85ff63d4b7fa781d242c5fb1c8073f5c472f2c55ec05baa86b + 5b13dd672834c8b16b1421b9b7f0a8ce9b9f4794 + 8af16bbea862ddabcf34fb53347f61c9 + + + pkg:maven/org.jboss.xnio/xnio-nio@3.8.6.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss.xnio/xnio-nio@3.8.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + + + + + file + name + xnio-api + + + hint analyzer + vendor + redhat + + + jar + package name + xnio + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + bundle-symbolicname + org.jboss.xnio.api + + + Manifest + implementation-url + http://www.jboss.org/xnio + + + Manifest + Implementation-Vendor + JBoss by Red Hat + + + Manifest + Implementation-Vendor-Id + org.jboss.xnio + + + Manifest + jar-name + xnio-api + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.xnio.Xnio)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-vendor + JBoss by Red Hat + + + pom + artifactid + xnio-api + + + pom + artifactid + xnio-api + + + pom + groupid + org.jboss.xnio + + + pom + name + XNIO API + + + pom + parent-artifactid + xnio-all + + + pom + url + http://www.jboss.org/xnio + + + file + name + xnio-api + + + jar + package name + http + + + jar + package name + version + + + jar + package name + xnio + + + Manifest + build-jdk-spec + 1.8 + + + Manifest + bundle-docurl + http://www.jboss.org + + + Manifest + Bundle-Name + XNIO API + + + Manifest + bundle-symbolicname + org.jboss.xnio.api + + + Manifest + Implementation-Title + XNIO API + + + Manifest + implementation-url + http://www.jboss.org/xnio + + + Manifest + jar-name + xnio-api + + + Manifest + os-arch + amd64 + + + Manifest + os-name + Linux + + + Manifest + require-capability + + osgi.service;effective:=active;filter:="(objectClass=org.xnio.Xnio)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" + + + Manifest + specification-title + XNIO API + + + pom + artifactid + xnio-api + + + pom + groupid + org.jboss.xnio + + + pom + name + XNIO API + + + pom + parent-artifactid + xnio-all + + + pom + url + http://www.jboss.org/xnio + + + Manifest + Bundle-Version + 3.8.6.Final + + + Manifest + Implementation-Version + 3.8.6.Final + + + Manifest + jar-version + 3.8.6.Final + + + pom + version + 3.8.6.Final + + + + + pkg:maven/org.jboss.xnio/xnio-api@3.8.6.Final + + https://ossindex.sonatype.org/component/pkg:maven/org.jboss.xnio/xnio-api@3.8.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + + + cpe:2.3:a:redhat:xnio:3.8.6:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Axnio&cpe_version=cpe%3A%2F%3Aredhat%3Axnio%3A3.8.6 + + + + + CVE-2022-0084 + HIGH + + 7.5 + NETWORK + LOW + NONE + NONE + UNCHANGED + NONE + NONE + HIGH + HIGH + 3.9 + 3.6 + 3.1 + + + CWE-770 + + A flaw was found in XNIO, specifically in the notifyReadClosed method. The + issue revealed this method was logging a message to another expected end. This flaw + allows an attacker to send flawed requests to a server, possibly causing log + contention-related performance concerns or an unwanted disk fill-up. + + + OSSIndex + https://bugzilla.redhat.com/show_bug.cgi?id=2064226 + https://bugzilla.redhat.com/show_bug.cgi?id=2064226 + + + MISC + https://github.com/xnio/xnio/pull/291 + https://github.com/xnio/xnio/pull/291 + + + MISC + https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12 + https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12 + + + OSSINDEX + + https://ossindex.sonatype.org/vulnerability/CVE-2022-0084?component-type=maven&component-name=org.jboss.xnio%2Fxnio-api&utm_source=dependency-check&utm_medium=integration&utm_content=7.3.0 + [CVE-2022-0084] CWE-770: Allocation of Resources Without Limits or Throttling + + + OSSIndex + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0084 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0084 + + + MISC + https://bugzilla.redhat.com/show_bug.cgi?id=2064226 + https://bugzilla.redhat.com/show_bug.cgi?id=2064226 + + + MISC + https://access.redhat.com/security/cve/CVE-2022-0084 + https://access.redhat.com/security/cve/CVE-2022-0084 + + + OSSIndex + https://security-tracker.debian.org/tracker/CVE-2022-0084 + https://security-tracker.debian.org/tracker/CVE-2022-0084 + + + OSSIndex + https://access.redhat.com/security/cve/cve-2022-0084 + https://access.redhat.com/security/cve/cve-2022-0084 + + + + cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* + cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* + cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* + + cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:* + + + + + + \ No newline at end of file diff --git a/unittests/scans/dependency_check/dc_empty.xml b/unittests/scans/dependency_check/dc_empty.xml new file mode 100644 index 00000000000..7899e9f0e1e --- /dev/null +++ b/unittests/scans/dependency_check/dc_empty.xml @@ -0,0 +1 @@ +6.5.3NVD CVE Checked2022-01-22T14:36:52NVD CVE Modified2022-01-22T14:00:01VersionCheckOn2022-01-15T15:27:202022-01-22T13:40:32.740468526ZThis report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. \ No newline at end of file diff --git a/unittests/scans/dependency_check/multiple_vulnerabilities_has_multiple_findings.xml b/unittests/scans/dependency_check/multiple_vulnerabilities_has_multiple_findings.xml new file mode 100644 index 00000000000..fcb245f0f0a --- /dev/null +++ b/unittests/scans/dependency_check/multiple_vulnerabilities_has_multiple_findings.xml @@ -0,0 +1,529 @@ + + + + + + Test Project + 2016-11-05T14:52:15.748-0400 + This report contains data retrieved from the National Vulnerability Database: + http://nvd.nist.gov + + + + component1 + C:\\Projectestproject\\libraries\\component1.dll + ba5a6a10bae6ce2abbabec9facae23a4 + ae917bbce68733468b1972113e0e1fc5dc7444a0 + + + file + name + component1.dll + + + file + name + component1 + + + file + name + component1 + + + file + version + 1 + + + + + adapter-ear1.ear: dom4j-2.1.1.jar + /var/lib/adapter-ear1.ear/dom4j-2.1.1.jar + 21b24bc199530e07cb15d93c7f929f04 + a29f196740ab608199488c574f536529b5c21242 + + + adapter-ear8.ear: dom4j-2.1.1.jar + /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar + a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 + 080c5a481cd7abf27bfd4b48edf73b1cb214085e + add18b9f953221ff565cf7a34aac0ed9 + + + adapter-ear1.ear: dom4j-extensions-2.1.1.jar + /var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar + a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 + 080c5a481cd7abf27bfd4b48edf73b1cb214085e + add18b9f953221ff565cf7a34aac0ed9 + + + + + file + name + org.jdom + + + file + name + dom4j + + + + + + pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 + + https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 + + + cpe:2.3:a:dom4j_project:dom4j:2.1.1.hat-00001:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1.hat-00001 + + + + cpe:/a:apache:xalan-java:2.7.1 + + https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Axalan-java%3A2.7.1 + + + xalan:serializer:2.7.1 + + https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar + + + + + CVE-0000-0001 + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + High + CWE-00 Bad Vulnerability + Description of a bad vulnerability. + + + Reference1 + http://localhost/badvulnerability.htm + Reference Name + + + MISC + http://localhost2/reference_for_badvulnerability.pdf + Reference for a bad vulnerability + + + + cpe:/a:component2:component2:1.0 + + + + + + yargs-parser:5.0.0 + + /var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser + + + + + + /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar + a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 + 080c5a481cd7abf27bfd4b48edf73b1cb214085e + add18b9f953221ff565cf7a34aac0ed9 + + + /var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar + a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 + 080c5a481cd7abf27bfd4b48edf73b1cb214085e + add18b9f953221ff565cf7a34aac0ed9 + + + + package-lock.json: transitive + + + + package.json + name + yargs-parser + + + package.json + name + yargs-parser + + + package.json + version + 5.0.0 + + + + + pkg:npm/yargs-parser@5.0.0 + https://ossindex.sonatype.org/component/pkg:npm/yargs-parser@5.0.0 + + + + + 1500 + low + Affected versions of `yargs-parser` are vulnerable to prototype + pollution. Arguments are not properly sanitized, allowing an attacker to + modify the prototype of `Object`, causing the addition or modification of an + existing property that will exist on all objects.Parsing the argument + `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to + all objects. This is only exploitable if attackers have control over the + arguments being passed to `yargs-parser`. + + + Advisory 1500: Prototype Pollution + - [Snyk Report](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) + + + + + cpe:2.3:a:*:yargs-parser:\\<13.1.2\\|\\|\\>\\=14.0.0\\<15.0.1\\|\\|\\>\\=16.0.0\\<18.1.2:*:*:*:*:*:*:* + + + + CVE-2020-7608 + HIGH + + 7.5 + N + L + N + N + U + N + H + N + HIGH + + yargs-parser could be tricked into adding or modifying properties + of Object.prototype using a "__proto__" payload. + + + OSSINDEX + https://ossindex.sonatype.org/vuln/b7740d41-fc85-4d22-8af5-5a3159e114ea?component-type=npm&component-name=yargs-parser + [CVE-2020-7608] yargs-parser could be tricked into adding or modifying properties of Object.prot... + + + + + cpe:2.3:a:*:yargs-parser:5.0.0:*:*:*:*:*:*:* + + + + CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') + HIGH + + 7.5 + N + L + N + N + U + N + N + H + HIGH + + + CWE-400 + + The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. + + + OSSINDEX + https://ossindex.sonatype.org/vuln/7ccaaed0-205b-4382-a963-8a30a0b151b1?component-type=npm&component-name=yargs-parser + CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') + + + + + cpe:2.3:a:*:yargs-parser:5.0.0:*:*:*:*:*:*:* + + + + + + adapter-ear2.ear: dom4j-2.1.1.jar + C:\\Projectestproject\\libraries\\component2.dll + 21b24bc199530e07cb15d93c7f929f04 + a29f196740ab608199488c574f536529b5c21242 + + + file + name + org.jdom + + + file + name + dom4j + + + + + + pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 + + https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 + + + cpe:2.3:a:dom4j_project:dom4j:2.1.1.hat-00001:*:*:*:*:*:*:* + + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1.hat-00001 + + + + cpe:/a:apache:xalan-java:2.7.1 + + https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Axalan-java%3A2.7.1 + + + xalan:serializer:2.7.1 + + https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar + + + + + CVE-0000-0001 + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + High + CWE-00 Bad Vulnerability + Description of a bad vulnerability. + + + Reference1 + http://localhost/badvulnerability.htm + Reference Name + + + MISC + http://localhost2/reference_for_badvulnerability.pdf + Reference for a bad vulnerability + + + + cpe:/a:component2:component2:1.0 + + + + + + adapter-ear3.ear: dom4j-2.1.1.jar + C:\\Projectestproject\\libraries\\component2.dll + 21b24bc199530e07cb15d93c7f929f04 + a29f196740ab608199488c574f536529b5c21242 + + + file + name + 2.1.1 + + + file + name + dom4j + + + + + CVE-0000-0001 + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + High + CWE-00 Bad Vulnerability + Description of a bad vulnerability. + + + Reference1 + http://localhost/badvulnerability.htm + Reference Name + + + MISC + http://localhost2/reference_for_badvulnerability.pdf + Reference for a bad vulnerability + + + + cpe:/a:component2:component2:1.0 + + + + + + adapter-ear4.ear: liquibase-core-3.5.3.jar: jquery.js + C:\\Projectestproject\\libraries\\component3.dll + 21b24bc199530e07cb15d93c7f929f03 + a29f196740ab608199488c574f536529b5c21243 + + + file + name + 3.1.1 + + + file + name + jquery + + + + + CVE-0000-0001 + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + High + CWE-00 Bad Vulnerability + Description of a bad vulnerability. + + + Reference1 + http://localhost/badvulnerability.htm + Reference Name + + + MISC + http://localhost2/reference_for_badvulnerability.pdf + Reference for a bad vulnerability + + + + cpe:/a:component3:component3:1.0 + + + + CVE-2019-7238 + + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + HIGH + 2.0 + 10.0 + 6.4 + + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.0 + + + NVD-CWE-noinfo + + Sonatype Nexus Repository Manager before 3.15.0 has Incorrect + Access Control. + + + MISC + https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019 + https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019 + + + + + cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:* + + + + CVE-2017-1000487 + + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + HIGH + 2.0 + 10.0 + 6.4 + true + + + 9.8 + NETWORK + LOW + NONE + NONE + UNCHANGED + HIGH + HIGH + HIGH + CRITICAL + 3.9 + 5.9 + 3.1 + + + CWE-78 + + Plexus-utils before 3.0.16 is vulnerable to command injection + because it does not correctly process the contents of double quoted strings. + This is our reason for not to upgrade it. + + + MLIST + https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html + [debian-lts-announce] 20180109 [SECURITY] [DLA 1237-1] plexus-utils2 security update + + + DEBIAN + https://www.debian.org/security/2018/dsa-4146 + DSA-4146 + + + + + cpe:2.3:a:plexus-utils_project:plexus-utils:*:*:*:*:*:*:*:* + + + + + + \ No newline at end of file diff --git a/unittests/scans/dependency_check/single_dependency_with_related_no_vulnerability.xml b/unittests/scans/dependency_check/single_dependency_with_related_no_vulnerability.xml new file mode 100644 index 00000000000..2d4d5b7efd9 --- /dev/null +++ b/unittests/scans/dependency_check/single_dependency_with_related_no_vulnerability.xml @@ -0,0 +1,50 @@ + + + + + + Test Project + 2016-11-05T14:52:15.748-0400 + This report contains data retrieved from the National Vulnerability Database: + http://nvd.nist.gov + + + + component1.dll + C:\\Projectsestproject\\libraries\\component1.dll + ba5a6a10bae6ce2abbabec9facae23a4 + ae917bbce68733468b1972113e0e1fc5dc7444a0 + + + adapter-ear8.ear: dom4j-2.1.1.jar + /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar + a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 + 080c5a481cd7abf27bfd4b48edf73b1cb214085e + add18b9f953221ff565cf7a34aac0ed9 + + + + + file + name + component1.dll + + + file + name + component1 + + + file + name + component1 + + + file + version + 1 + + + + + \ No newline at end of file diff --git a/unittests/scans/dependency_check/single_vuln.xml b/unittests/scans/dependency_check/single_vuln.xml new file mode 100644 index 00000000000..86ad050524c --- /dev/null +++ b/unittests/scans/dependency_check/single_vuln.xml @@ -0,0 +1,96 @@ + + + + + + Test Project + 2016-11-05T14:52:15.748-0400 + This report contains data retrieved from the National Vulnerability Database: + http://nvd.nist.gov + + + + component1.dll + C:\\Projectsestproject\\libraries\\component1.dll + ba5a6a10bae6ce2abbabec9facae23a4 + ae917bbce68733468b1972113e0e1fc5dc7444a0 + + + file + name + component1.dll + + + file + name + component1 + + + file + name + component1 + + + file + version + 1 + + + + + component2.dll + C:\\Projectestproject\\libraries\\component2.dll + 21b24bc199530e07cb15d93c7f929f04 + a29f196740ab608199488c574f536529b5c21242 + + + file + name + component2 + + + file + name + component2 + + + + + org.owasp:library:6.7.8 + + https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar + + + + + CVE-0000-0001 + 7.5 + NETWORK + LOW + NONE + PARTIAL + PARTIAL + PARTIAL + Moderate + CWE-00 Bad Vulnerability + Description of a bad vulnerability. + + + Reference1 + http://localhost/badvulnerability.htm + Reference Name + + + MISC + http://localhost2/reference_for_badvulnerability.pdf + Reference for a bad vulnerability + + + + cpe:/a:component2:component2:1.0 + + + + + + \ No newline at end of file diff --git a/unittests/scans/dependency_check/version-6.5.3.xml b/unittests/scans/dependency_check/version-6.5.3.xml new file mode 100644 index 00000000000..bc0ae40cbf4 --- /dev/null +++ b/unittests/scans/dependency_check/version-6.5.3.xml @@ -0,0 +1,648 @@ + + + + 6.5.3 + + NVD CVE Checked + 2022-01-15T15:27:20 + + + NVD CVE Modified + 2022-01-15T14:00:01 + + + VersionCheckOn + 2022-01-15T15:27:20 + + + + + 2022-01-15T14:31:13.042600508Z + This report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. + + + + log4j-api-2.12.4.jar + /home/damien/vulnerabilities/apache-log4j-2.12.4-bin/log4j-api-2.12.4.jar + f0edf6299d91b0661456d539f641cae4 + c1d3c1f6b392ebd4ca8a9d65e8bad549e885fcbc + 109df2737a67e8a6a962fdebd31a5f076cfc61bd348d893cffdb48caa264a826 + The Apache Log4j API + https://www.apache.org/licenses/LICENSE-2.0.txt + + + file + name + log4j-api + + + jar + package name + apache + + + jar + package name + log4j + + + jar + package name + logging + + + jar + package name + org + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + bundle-symbolicname + org.apache.logging.log4j.api + + + Manifest + implementation-url + https://logging.apache.org/log4j/2.x/log4j-api/ + + + Manifest + Implementation-Vendor + The Apache Software Foundation + + + Manifest + Implementation-Vendor-Id + org.apache.logging.log4j + + + Manifest + log4jreleasekey + B3D8E1BA + + + Manifest + log4jreleasemanager + Ralph Goers + + + Manifest + log4jsigningusername + rgoers@apache.org + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + Manifest + specification-vendor + The Apache Software Foundation + + + pom + artifactid + log4j-api + + + pom + groupid + org.apache.logging.log4j + + + pom + name + Apache Log4j API + + + pom + parent-artifactid + log4j + + + file + name + log4j-api + + + jar + package name + apache + + + jar + package name + log4j + + + jar + package name + logging + + + jar + package name + org + + + Manifest + bundle-docurl + https://www.apache.org/ + + + Manifest + Bundle-Name + Apache Log4j API + + + Manifest + bundle-symbolicname + org.apache.logging.log4j.api + + + Manifest + Implementation-Title + Apache Log4j API + + + Manifest + implementation-url + https://logging.apache.org/log4j/2.x/log4j-api/ + + + Manifest + log4jreleasekey + B3D8E1BA + + + Manifest + log4jreleasemanager + Ralph Goers + + + Manifest + log4jsigningusername + rgoers@apache.org + + + Manifest + multi-release + true + + + Manifest + require-capability + osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" + + + Manifest + specification-title + Apache Log4j API + + + pom + artifactid + log4j-api + + + pom + groupid + org.apache.logging.log4j + + + pom + name + Apache Log4j API + + + pom + parent-artifactid + log4j + + + file + version + 2.12.4 + + + Manifest + Bundle-Version + 2.12.4 + + + Manifest + Implementation-Version + 2.12.4 + + + Manifest + log4jreleaseversion + 2.12.4 + + + pom + version + 2.12.4 + + + + + pkg:maven/org.apache.logging.log4j/log4j-api@2.12.4 + https://ossindex.sonatype.org/component/pkg:maven/org.apache.logging.log4j/log4j-api@2.12.4?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2 + + + cpe:2.3:a:apache:log4j:2.12.4:*:*:*:*:*:*:* + https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Alog4j&cpe_version=cpe%3A%2F%3Aapache%3Alog4j%3A2.12.4 + + + + + CVE-2020-9488 + LOW + + 4.3 + NETWORK + MEDIUM + NONE + PARTIAL + NONE + NONE + MEDIUM + 2.0 + 8.6 + 2.9 + + + 3.7 + NETWORK + HIGH + NONE + NONE + UNCHANGED + LOW + NONE + NONE + LOW + 2.2 + 1.4 + 3.1 + + + CWE-295 + + Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. + + + MISC + https://www.oracle.com/security-alerts/cpuoct2020.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + MLIST + https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E + [hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpujul2020.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + MLIST + https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E + [kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board? + + + MLIST + https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MISC + https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E + https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E + + + CONFIRM + https://issues.apache.org/jira/browse/LOG4J2-2819 + https://issues.apache.org/jira/browse/LOG4J2-2819 + + + MLIST + https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E + [hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E + [hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpujan2021.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + MLIST + https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E + [kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities + + + MLIST + https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E + [hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489 + + + MLIST + https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board? + + + CONFIRM + https://security.netapp.com/advisory/ntap-20200504-0003/ + https://security.netapp.com/advisory/ntap-20200504-0003/ + + + MLIST + https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E + [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list + + + MLIST + https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E + [zookeeper-dev] 20200504 log4j SmtpAppender related CVE + + + MLIST + https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E + [hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + DEBIAN + https://www.debian.org/security/2021/dsa-5020 + DSA-5020 + + + MLIST + https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E + [zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html + [debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update + + + MLIST + https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E + [zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MISC + https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E + https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E + + + MLIST + https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E + [db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685 + + + MLIST + https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E + [hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E + [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar + + + MLIST + https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E + [kafka-users] 20210617 vulnerabilities + + + MLIST + https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E + [zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E + [hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E + [flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1 + + + MISC + https://www.oracle.com/security-alerts/cpuoct2021.html + https://www.oracle.com/security-alerts/cpuoct2021.html + + + MLIST + https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E + [hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 + + + MISC + https://www.oracle.com/security-alerts/cpuApr2021.html + https://www.oracle.com/security-alerts/cpuApr2021.html + + + MLIST + https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E + [hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E + [hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E + [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 + + + MLIST + https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E + [kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities + + + + cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:* + cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:* + cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:* + cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* + cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* + cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* + cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:* + cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* + cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* + + + + + + + diff --git a/unittests/scans/dependency_track_samples/dependency_track_3.8.0_2021-01-18.json b/unittests/scans/dependency_track/dependency_track_3.8.0_2021-01-18.json similarity index 100% rename from unittests/scans/dependency_track_samples/dependency_track_3.8.0_2021-01-18.json rename to unittests/scans/dependency_track/dependency_track_3.8.0_2021-01-18.json diff --git a/unittests/scans/dependency_track_samples/many_findings.json b/unittests/scans/dependency_track/many_findings.json similarity index 100% rename from unittests/scans/dependency_track_samples/many_findings.json rename to unittests/scans/dependency_track/many_findings.json diff --git a/unittests/scans/dependency_track/many_findings_with_alias.json b/unittests/scans/dependency_track/many_findings_with_alias.json new file mode 100644 index 00000000000..dd2d06b9475 --- /dev/null +++ b/unittests/scans/dependency_track/many_findings_with_alias.json @@ -0,0 +1,625 @@ +{ + "meta": { + "application": "Dependency-Track", + "version": "4.7.0", + "timestamp": "2023-02-08T13:43:13Z" + }, + "findings": [ + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.814" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-rgv9-q543-rqg4", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42004", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-rgv9-q543-rqg4" + }, + "cveId": "CVE-2022-42004", + "ghsaId": "GHSA-rgv9-q543-rqg4", + "id": 8089, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in FasterXML jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "8af37107-7e63-49d1-99fa-18226135f4f6" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:8af37107-7e63-49d1-99fa-18226135f4f6" + }, + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.85" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-jjjh-jjxp-wpff", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42003", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-jjjh-jjxp-wpff" + }, + "cveId": "CVE-2022-42003", + "ghsaId": "GHSA-jjjh-jjxp-wpff", + "id": 8088, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.1, and 2.14.0.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in Jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "f2060109-fbd1-41b7-89f6-3261b9716670" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:f2060109-fbd1-41b7-89f6-3261b9716670" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.004" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-9w3m-gqgf-c4p9", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38752", + "GITHUB": "GHSA-9w3m-gqgf-c4p9" + }, + "cveId": "CVE-2022-38752", + "ghsaId": "GHSA-9w3m-gqgf-c4p9", + "id": 7158 + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.04" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-w37g-rhq8-7m4j", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41854", + "GITHUB": "GHSA-w37g-rhq8-7m4j" + }, + "cveId": "CVE-2022-41854", + "ghsaId": "GHSA-w37g-rhq8-7m4j", + "id": 37892 + } + ], + "cweId": 121, + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "source": "GITHUB", + "title": "Snakeyaml vulnerable to Stack overflow leading to denial of service", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.081" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-c4r9-r8fh-9vj2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38749", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-c4r9-r8fh-9vj2" + }, + "cveId": "CVE-2022-38749", + "ghsaId": "GHSA-c4r9-r8fh-9vj2", + "id": 7675, + "osvId": "DLA-3132-1" + } + ], + "cweId": 121, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.113" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-98wm-3w3q-mw94", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38751", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-98wm-3w3q-mw94" + }, + "cveId": "CVE-2022-38751", + "ghsaId": "GHSA-98wm-3w3q-mw94", + "id": 7676, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.143" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-hhhw-99gj-p3c3", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38750", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-hhhw-99gj-p3c3" + }, + "cveId": "CVE-2022-38750", + "ghsaId": "GHSA-hhhw-99gj-p3c3", + "id": 7677, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.19" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-3mc7-4q67-w48m", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-25857", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-3mc7-4q67-w48m" + }, + "cveId": "CVE-2022-25857", + "ghsaId": "GHSA-3mc7-4q67-w48m", + "id": 7678, + "osvId": "DLA-3132-1" + } + ], + "cweId": 400, + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in snakeyaml", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.237" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-mjmj-j48q-9wg2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-1471", + "GITHUB": "GHSA-mjmj-j48q-9wg2" + }, + "cveId": "CVE-2022-1471", + "ghsaId": "GHSA-mjmj-j48q-9wg2", + "id": 38484 + } + ], + "cweId": 502, + "description": "### Summary\nSnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in 'string', line 1, column 1:\n payload: !!javax.script.ScriptEn ... \n ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in 'string', line 1, column 10:\n payload: !!javax.script.ScriptEngineManag ... \n ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\nA proposed fix is planned for version 1.34. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374 for more information.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**: \n**Date disclosed**: 10/13/2022", + "source": "GITHUB", + "title": "SnakeYaml Constructor Deserialization Remote Code Execution", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "dc37054d-7573-4b46-93a5-c065b952284b" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:dc37054d-7573-4b46-93a5-c065b952284b" + }, + { + "component": { + "latestVersion": "5.0.0.Alpha2", + "name": "netty-codec-haproxy", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.netty/netty-codec-haproxy@4.1.78.Final?type=jar", + "uuid": "c5e1399d-25ed-4ce8-9646-e508b6c5d3f3", + "version": "4.1.78.Final", + "group": "io.netty" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.388" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Uncontrolled Recursion", + "vulnId": "GHSA-fx2c-96vj-985v", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41881", + "OSV": "DLA-3268-1", + "GITHUB": "GHSA-fx2c-96vj-985v" + }, + "cveId": "CVE-2022-41881", + "ghsaId": "GHSA-fx2c-96vj-985v", + "id": 38485, + "osvId": "DLA-3268-1" + } + ], + "cweId": 674, + "description": "### Impact\nA StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.\n\n### Patches\nUsers should upgrade to 4.1.86.Final.\n\n### Workarounds\nThere is no workaround, except using a custom HaProxyMessageDecoder.\n\n### References\nWhen parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.\nThe only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.\nProviding a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.\nThe StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [netty](https://github.com/netty/netty)\n", + "source": "GITHUB", + "title": "HAProxyMessageDecoder Stack Exhaustion DoS", + "cwes": [ + { + "cweId": 674, + "name": "Uncontrolled Recursion", + "id": 0 + } + ], + "uuid": "29b575bb-4e58-4fba-82e4-242159996903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:c5e1399d-25ed-4ce8-9646-e508b6c5d3f3:29b575bb-4e58-4fba-82e4-242159996903" + }, + { + "component": { + "latestVersion": "6.0.4", + "name": "spring-web", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.springframework/spring-web@5.3.21?type=jar", + "uuid": "7548389b-8231-428f-9879-3918a4a393bd", + "version": "5.3.21", + "group": "org.springframework" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.74" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-4wrc-f8pq-fpqp", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2016-1000027", + "GITHUB": "GHSA-4wrc-f8pq-fpqp" + }, + "cveId": "CVE-2016-1000027", + "ghsaId": "GHSA-4wrc-f8pq-fpqp", + "id": 37708 + } + ], + "cweId": 502, + "description": "Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.\n\nMaintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, and version 6.0.0 and above [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f). ", + "source": "GITHUB", + "title": "Pivotal Spring Framework contains unsafe Java deserialization methods", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:7548389b-8231-428f-9879-3918a4a393bd:e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + { + "component": { + "latestVersion": "2.3.3.Final", + "name": "undertow-core", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.undertow/undertow-core@2.2.18.Final?type=jar", + "uuid": "df54982d-d929-4764-bfdc-ecc39994a116", + "version": "2.2.18.Final", + "group": "io.undertow" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.805" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-95rf-557x-44g5", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-2053", + "GITHUB": "GHSA-95rf-557x-44g5" + }, + "cveId": "CVE-2022-2053", + "ghsaId": "GHSA-95rf-557x-44g5", + "id": 6883 + } + ], + "cweId": 400, + "description": "When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.", + "source": "GITHUB", + "title": "Undertow vulnerable to Dos via Large AJP request", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "79cfe5aa-b44c-4823-a3d0-e23685616b93" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:df54982d-d929-4764-bfdc-ecc39994a116:79cfe5aa-b44c-4823-a3d0-e23685616b93" + } + ], + "project": { + "name": "project", + "uuid": "fba4704e-7b21-4637-b441-8390af5d0710", + "version": "develop-snapshot" + }, + "version": "1.1" +} \ No newline at end of file diff --git a/unittests/scans/dependency_track/many_findings_with_cvssV3_score.json b/unittests/scans/dependency_track/many_findings_with_cvssV3_score.json new file mode 100644 index 00000000000..0a45fdb0d3a --- /dev/null +++ b/unittests/scans/dependency_track/many_findings_with_cvssV3_score.json @@ -0,0 +1,637 @@ +{ + "meta": { + "application": "Dependency-Track", + "version": "4.7.0", + "timestamp": "2023-02-08T13:43:13Z" + }, + "findings": [ + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.814" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cvssV3BaseScore": 8.3, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-rgv9-q543-rqg4", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42004", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-rgv9-q543-rqg4" + }, + "cveId": "CVE-2022-42004", + "ghsaId": "GHSA-rgv9-q543-rqg4", + "id": 8089, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in FasterXML jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "8af37107-7e63-49d1-99fa-18226135f4f6" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:8af37107-7e63-49d1-99fa-18226135f4f6" + }, + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.85" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cvssV3BaseScore": 7.8, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-jjjh-jjxp-wpff", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42003", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-jjjh-jjxp-wpff" + }, + "cveId": "CVE-2022-42003", + "ghsaId": "GHSA-jjjh-jjxp-wpff", + "id": 8088, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.1, and 2.14.0.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in Jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "f2060109-fbd1-41b7-89f6-3261b9716670" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:f2060109-fbd1-41b7-89f6-3261b9716670" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.004" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.7, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-9w3m-gqgf-c4p9", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38752", + "GITHUB": "GHSA-9w3m-gqgf-c4p9" + }, + "cveId": "CVE-2022-38752", + "ghsaId": "GHSA-9w3m-gqgf-c4p9", + "id": 7158 + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.04" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.7, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-w37g-rhq8-7m4j", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41854", + "GITHUB": "GHSA-w37g-rhq8-7m4j" + }, + "cveId": "CVE-2022-41854", + "ghsaId": "GHSA-w37g-rhq8-7m4j", + "id": 37892 + } + ], + "cweId": 121, + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "source": "GITHUB", + "title": "Snakeyaml vulnerable to Stack overflow leading to denial of service", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.081" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.4, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-c4r9-r8fh-9vj2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38749", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-c4r9-r8fh-9vj2" + }, + "cveId": "CVE-2022-38749", + "ghsaId": "GHSA-c4r9-r8fh-9vj2", + "id": 7675, + "osvId": "DLA-3132-1" + } + ], + "cweId": 121, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.113" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.4, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-98wm-3w3q-mw94", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38751", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-98wm-3w3q-mw94" + }, + "cveId": "CVE-2022-38751", + "ghsaId": "GHSA-98wm-3w3q-mw94", + "id": 7676, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.143" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.4, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-hhhw-99gj-p3c3", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38750", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-hhhw-99gj-p3c3" + }, + "cveId": "CVE-2022-38750", + "ghsaId": "GHSA-hhhw-99gj-p3c3", + "id": 7677, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.19" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cvssV3BaseScore": 8.6, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-3mc7-4q67-w48m", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-25857", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-3mc7-4q67-w48m" + }, + "cveId": "CVE-2022-25857", + "ghsaId": "GHSA-3mc7-4q67-w48m", + "id": 7678, + "osvId": "DLA-3132-1" + } + ], + "cweId": 400, + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in snakeyaml", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.237" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cvssV3BaseScore": 8.6, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-mjmj-j48q-9wg2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-1471", + "GITHUB": "GHSA-mjmj-j48q-9wg2" + }, + "cveId": "CVE-2022-1471", + "ghsaId": "GHSA-mjmj-j48q-9wg2", + "id": 38484 + } + ], + "cweId": 502, + "description": "### Summary\nSnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in 'string', line 1, column 1:\n payload: !!javax.script.ScriptEn ... \n ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in 'string', line 1, column 10:\n payload: !!javax.script.ScriptEngineManag ... \n ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\nA proposed fix is planned for version 1.34. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374 for more information.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**: \n**Date disclosed**: 10/13/2022", + "source": "GITHUB", + "title": "SnakeYaml Constructor Deserialization Remote Code Execution", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "dc37054d-7573-4b46-93a5-c065b952284b" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:dc37054d-7573-4b46-93a5-c065b952284b" + }, + { + "component": { + "latestVersion": "5.0.0.Alpha2", + "name": "netty-codec-haproxy", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.netty/netty-codec-haproxy@4.1.78.Final?type=jar", + "uuid": "c5e1399d-25ed-4ce8-9646-e508b6c5d3f3", + "version": "4.1.78.Final", + "group": "io.netty" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.388" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.4, + "cweName": "Uncontrolled Recursion", + "vulnId": "GHSA-fx2c-96vj-985v", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41881", + "OSV": "DLA-3268-1", + "GITHUB": "GHSA-fx2c-96vj-985v" + }, + "cveId": "CVE-2022-41881", + "ghsaId": "GHSA-fx2c-96vj-985v", + "id": 38485, + "osvId": "DLA-3268-1" + } + ], + "cweId": 674, + "description": "### Impact\nA StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.\n\n### Patches\nUsers should upgrade to 4.1.86.Final.\n\n### Workarounds\nThere is no workaround, except using a custom HaProxyMessageDecoder.\n\n### References\nWhen parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.\nThe only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.\nProviding a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.\nThe StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [netty](https://github.com/netty/netty)\n", + "source": "GITHUB", + "title": "HAProxyMessageDecoder Stack Exhaustion DoS", + "cwes": [ + { + "cweId": 674, + "name": "Uncontrolled Recursion", + "id": 0 + } + ], + "uuid": "29b575bb-4e58-4fba-82e4-242159996903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:c5e1399d-25ed-4ce8-9646-e508b6c5d3f3:29b575bb-4e58-4fba-82e4-242159996903" + }, + { + "component": { + "latestVersion": "6.0.4", + "name": "spring-web", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.springframework/spring-web@5.3.21?type=jar", + "uuid": "7548389b-8231-428f-9879-3918a4a393bd", + "version": "5.3.21", + "group": "org.springframework" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.74" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cvssV3BaseScore": 5.4, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-4wrc-f8pq-fpqp", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2016-1000027", + "GITHUB": "GHSA-4wrc-f8pq-fpqp" + }, + "cveId": "CVE-2016-1000027", + "ghsaId": "GHSA-4wrc-f8pq-fpqp", + "id": 37708 + } + ], + "cweId": 502, + "description": "Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.\n\nMaintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, and version 6.0.0 and above [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f). ", + "source": "GITHUB", + "title": "Pivotal Spring Framework contains unsafe Java deserialization methods", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:7548389b-8231-428f-9879-3918a4a393bd:e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + { + "component": { + "latestVersion": "2.3.3.Final", + "name": "undertow-core", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.undertow/undertow-core@2.2.18.Final?type=jar", + "uuid": "df54982d-d929-4764-bfdc-ecc39994a116", + "version": "2.2.18.Final", + "group": "io.undertow" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.805" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cvssV3BaseScore": 8.2, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-95rf-557x-44g5", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-2053", + "GITHUB": "GHSA-95rf-557x-44g5" + }, + "cveId": "CVE-2022-2053", + "ghsaId": "GHSA-95rf-557x-44g5", + "id": 6883 + } + ], + "cweId": 400, + "description": "When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.", + "source": "GITHUB", + "title": "Undertow vulnerable to Dos via Large AJP request", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "79cfe5aa-b44c-4823-a3d0-e23685616b93" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:df54982d-d929-4764-bfdc-ecc39994a116:79cfe5aa-b44c-4823-a3d0-e23685616b93" + } + ], + "project": { + "name": "project", + "uuid": "fba4704e-7b21-4637-b441-8390af5d0710", + "version": "develop-snapshot" + }, + "version": "1.1" +} \ No newline at end of file diff --git a/unittests/scans/dependency_track/many_findings_with_empty_alias.json b/unittests/scans/dependency_track/many_findings_with_empty_alias.json new file mode 100644 index 00000000000..f83be0798a5 --- /dev/null +++ b/unittests/scans/dependency_track/many_findings_with_empty_alias.json @@ -0,0 +1,615 @@ +{ + "meta": { + "application": "Dependency-Track", + "version": "4.7.0", + "timestamp": "2023-02-08T13:43:13Z" + }, + "findings": [ + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.814" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-rgv9-q543-rqg4", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42004", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-rgv9-q543-rqg4" + }, + "cveId": "CVE-2022-42004", + "ghsaId": "GHSA-rgv9-q543-rqg4", + "id": 8089, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in FasterXML jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "8af37107-7e63-49d1-99fa-18226135f4f6" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:8af37107-7e63-49d1-99fa-18226135f4f6" + }, + { + "component": { + "latestVersion": "2.14.2", + "name": "jackson-databind", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3?type=jar", + "uuid": "911e562b-150b-447e-abd7-796204527bf7", + "version": "2.13.3", + "group": "com.fasterxml.jackson.core" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:37.85" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-jjjh-jjxp-wpff", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-42003", + "OSV": "DSA-5283-1", + "GITHUB": "GHSA-jjjh-jjxp-wpff" + }, + "cveId": "CVE-2022-42003", + "ghsaId": "GHSA-jjjh-jjxp-wpff", + "id": 8088, + "osvId": "DSA-5283-1" + } + ], + "cweId": 400, + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.1, and 2.14.0.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in Jackson-databind", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + }, + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "f2060109-fbd1-41b7-89f6-3261b9716670" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:911e562b-150b-447e-abd7-796204527bf7:f2060109-fbd1-41b7-89f6-3261b9716670" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.004" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-9w3m-gqgf-c4p9", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38752", + "GITHUB": "GHSA-9w3m-gqgf-c4p9" + }, + "cveId": "CVE-2022-38752", + "ghsaId": "GHSA-9w3m-gqgf-c4p9", + "id": 7158 + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:61b80aee-51bf-4d82-ac76-8c98f3c93da5" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.04" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-w37g-rhq8-7m4j", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41854", + "GITHUB": "GHSA-w37g-rhq8-7m4j" + }, + "cveId": "CVE-2022-41854", + "ghsaId": "GHSA-w37g-rhq8-7m4j", + "id": 37892 + } + ], + "cweId": 121, + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "source": "GITHUB", + "title": "Snakeyaml vulnerable to Stack overflow leading to denial of service", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:81bb04f7-4e73-4b1e-9369-755aed57d903" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.081" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Stack-based Buffer Overflow", + "vulnId": "GHSA-c4r9-r8fh-9vj2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38749", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-c4r9-r8fh-9vj2" + }, + "cveId": "CVE-2022-38749", + "ghsaId": "GHSA-c4r9-r8fh-9vj2", + "id": 7675, + "osvId": "DLA-3132-1" + } + ], + "cweId": 121, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 121, + "name": "Stack-based Buffer Overflow", + "id": 0 + }, + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:703ec00f-8bbe-42b4-959e-0562e226ecfa" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.113" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-98wm-3w3q-mw94", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38751", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-98wm-3w3q-mw94" + }, + "cveId": "CVE-2022-38751", + "ghsaId": "GHSA-98wm-3w3q-mw94", + "id": 7676, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:e85c0f1d-1d69-4fc7-b947-a12438ddb4e9" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.143" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Out-of-bounds Write", + "vulnId": "GHSA-hhhw-99gj-p3c3", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-38750", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-hhhw-99gj-p3c3" + }, + "cveId": "CVE-2022-38750", + "ghsaId": "GHSA-hhhw-99gj-p3c3", + "id": 7677, + "osvId": "DLA-3132-1" + } + ], + "cweId": 787, + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "source": "GITHUB", + "title": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write", + "cwes": [ + { + "cweId": 787, + "name": "Out-of-bounds Write", + "id": 0 + } + ], + "uuid": "7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:7a13ba24-7abd-4967-b6a4-5745c27a8c61" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.19" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "GHSA-3mc7-4q67-w48m", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-25857", + "OSV": "DLA-3132-1", + "GITHUB": "GHSA-3mc7-4q67-w48m" + }, + "cveId": "CVE-2022-25857", + "ghsaId": "GHSA-3mc7-4q67-w48m", + "id": 7678, + "osvId": "DLA-3132-1" + } + ], + "cweId": 400, + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "source": "GITHUB", + "title": "Uncontrolled Resource Consumption in snakeyaml", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:852e59cc-3a12-4ce9-a7fd-eea4f1abd003" + }, + { + "component": { + "latestVersion": "1.33", + "name": "snakeyaml", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.yaml/snakeyaml@1.30?type=jar", + "uuid": "f97c2704-ae2f-4229-8f71-d884d25bccda", + "version": "1.30", + "group": "org.yaml" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.237" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-mjmj-j48q-9wg2", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-1471", + "GITHUB": "GHSA-mjmj-j48q-9wg2" + }, + "cveId": "CVE-2022-1471", + "ghsaId": "GHSA-mjmj-j48q-9wg2", + "id": 38484 + } + ], + "cweId": 502, + "description": "### Summary\nSnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in 'string', line 1, column 1:\n payload: !!javax.script.ScriptEn ... \n ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in 'string', line 1, column 10:\n payload: !!javax.script.ScriptEngineManag ... \n ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\nA proposed fix is planned for version 1.34. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374 for more information.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**: \n**Date disclosed**: 10/13/2022", + "source": "GITHUB", + "title": "SnakeYaml Constructor Deserialization Remote Code Execution", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "dc37054d-7573-4b46-93a5-c065b952284b" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:f97c2704-ae2f-4229-8f71-d884d25bccda:dc37054d-7573-4b46-93a5-c065b952284b" + }, + { + "component": { + "latestVersion": "5.0.0.Alpha2", + "name": "netty-codec-haproxy", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.netty/netty-codec-haproxy@4.1.78.Final?type=jar", + "uuid": "c5e1399d-25ed-4ce8-9646-e508b6c5d3f3", + "version": "4.1.78.Final", + "group": "io.netty" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.388" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Uncontrolled Recursion", + "vulnId": "GHSA-fx2c-96vj-985v", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2022-41881", + "OSV": "DLA-3268-1", + "GITHUB": "GHSA-fx2c-96vj-985v" + }, + "cveId": "CVE-2022-41881", + "ghsaId": "GHSA-fx2c-96vj-985v", + "id": 38485, + "osvId": "DLA-3268-1" + } + ], + "cweId": 674, + "description": "### Impact\nA StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.\n\n### Patches\nUsers should upgrade to 4.1.86.Final.\n\n### Workarounds\nThere is no workaround, except using a custom HaProxyMessageDecoder.\n\n### References\nWhen parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.\nThe only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.\nProviding a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.\nThe StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [netty](https://github.com/netty/netty)\n", + "source": "GITHUB", + "title": "HAProxyMessageDecoder Stack Exhaustion DoS", + "cwes": [ + { + "cweId": 674, + "name": "Uncontrolled Recursion", + "id": 0 + } + ], + "uuid": "29b575bb-4e58-4fba-82e4-242159996903" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:c5e1399d-25ed-4ce8-9646-e508b6c5d3f3:29b575bb-4e58-4fba-82e4-242159996903" + }, + { + "component": { + "latestVersion": "6.0.4", + "name": "spring-web", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/org.springframework/spring-web@5.3.21?type=jar", + "uuid": "7548389b-8231-428f-9879-3918a4a393bd", + "version": "5.3.21", + "group": "org.springframework" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.74" + }, + "vulnerability": { + "severity": "MEDIUM", + "severityRank": 2, + "cweName": "Deserialization of Untrusted Data", + "vulnId": "GHSA-4wrc-f8pq-fpqp", + "aliases": [ + { + "allBySource": { + "NVD": "CVE-2016-1000027", + "GITHUB": "GHSA-4wrc-f8pq-fpqp" + }, + "cveId": "CVE-2016-1000027", + "ghsaId": "GHSA-4wrc-f8pq-fpqp", + "id": 37708 + } + ], + "cweId": 502, + "description": "Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.\n\nMaintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, and version 6.0.0 and above [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f). ", + "source": "GITHUB", + "title": "Pivotal Spring Framework contains unsafe Java deserialization methods", + "cwes": [ + { + "cweId": 502, + "name": "Deserialization of Untrusted Data", + "id": 0 + } + ], + "uuid": "e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:7548389b-8231-428f-9879-3918a4a393bd:e9b74c34-0c1c-4101-85cc-dd61f8038068" + }, + { + "component": { + "latestVersion": "2.3.3.Final", + "name": "undertow-core", + "project": "fba4704e-7b21-4637-b441-8390af5d0710", + "purl": "pkg:maven/io.undertow/undertow-core@2.2.18.Final?type=jar", + "uuid": "df54982d-d929-4764-bfdc-ecc39994a116", + "version": "2.2.18.Final", + "group": "io.undertow" + }, + "attribution": { + "analyzerIdentity": "INTERNAL_ANALYZER", + "attributedOn": "2023-02-07 21:51:38.805" + }, + "vulnerability": { + "severity": "HIGH", + "severityRank": 1, + "cweName": "Uncontrolled Resource Consumption", + "vulnId": "CVE-2022-2053", + "aliases": [], + "cweId": 400, + "description": "When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.", + "source": "NVD", + "title": "Undertow vulnerable to Dos via Large AJP request", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption", + "id": 0 + } + ], + "uuid": "79cfe5aa-b44c-4823-a3d0-e23685616b93" + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "fba4704e-7b21-4637-b441-8390af5d0710:df54982d-d929-4764-bfdc-ecc39994a116:79cfe5aa-b44c-4823-a3d0-e23685616b93" + } + ], + "project": { + "name": "project", + "uuid": "fba4704e-7b21-4637-b441-8390af5d0710", + "version": "develop-snapshot" + }, + "version": "1.1" +} \ No newline at end of file diff --git a/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_empty_list.json b/unittests/scans/dependency_track/no_findings_because_findings_key_is_empty_list.json similarity index 100% rename from unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_empty_list.json rename to unittests/scans/dependency_track/no_findings_because_findings_key_is_empty_list.json diff --git a/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_missing.json b/unittests/scans/dependency_track/no_findings_because_findings_key_is_missing.json similarity index 100% rename from unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_missing.json rename to unittests/scans/dependency_track/no_findings_because_findings_key_is_missing.json diff --git a/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_null.json b/unittests/scans/dependency_track/no_findings_because_findings_key_is_null.json similarity index 100% rename from unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_null.json rename to unittests/scans/dependency_track/no_findings_because_findings_key_is_null.json diff --git a/unittests/scans/dependency_track_samples/one_finding.json b/unittests/scans/dependency_track/one_finding.json similarity index 100% rename from unittests/scans/dependency_track_samples/one_finding.json rename to unittests/scans/dependency_track/one_finding.json diff --git a/unittests/scans/dockerbench/docker-bench-report-many-vulns.json b/unittests/scans/dockerbench/docker-bench-report-many-vulns.json new file mode 100644 index 00000000000..de6b7ca19b8 --- /dev/null +++ b/unittests/scans/dockerbench/docker-bench-report-many-vulns.json @@ -0,0 +1,853 @@ +{ + "dockerbenchsecurity": "1.3.6", + "start": 1659371395, + + "tests": [ + { + "id": "1", + "desc": "Host Configuration", + "results": [ + { + "id": "1.1.1", + "desc": "Ensure a separate partition for containers has been created (Automated)", + "result": "WARN", + "remediation": "For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition.", + "remediation-impact": "None." + }, + { + "id": "1.1.2", + "desc": "Ensure only trusted users are allowed to control Docker daemon (Automated)", + "result": "INFO", + "details": "doubtfulusers: jubjubbird", + "items": [ + "jubjubbird" + ], + "remediation": "You should remove any untrusted users from the docker group using command sudo gpasswd -d docker or add trusted users to the docker group using command sudo usermod -aG docker . You should not create a mapping of sensitive directories from the host to container volumes.", + "remediation-impact": "Only trust user are allow to build and execute containers as normal user." + }, + { + "id": "1.1.3", + "desc": "Ensure auditing is configured for the Docker daemon (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/dockerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.4", + "desc": "Ensure auditing is configured for Docker files and directories -/run/containerd (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -a exit,always -F path=/run/containerd -F perm=war -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.5", + "desc": "Ensure auditing is configured for Docker files and directories - /var/lib/docker (Automated)", + "result": "INFO", + "details": "Directory not found", + "remediation": "Install auditd. Add -w /var/lib/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.6", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/docker (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /etc/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.7", + "desc": "Ensure auditing is configured for Docker files and directories - docker.service (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.service -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.8", + "desc": "Ensure auditing is configured for Docker files and directories - containerd.sock (Automated)", + "result": "INFO", + "details": "File not found", + "remediation": "Install auditd. Add -w -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.9", + "desc": "Ensure auditing is configured for Docker files and directories - docker.socket (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.socket -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.10", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/default/docker (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /etc/default/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.11", + "desc": "Ensure auditing is configured for Dockerfiles and directories - /etc/docker/daemon.json (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.12", + "desc": "1.1.12 Ensure auditing is configured for Dockerfiles and directories - /etc/containerd/config.toml (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /etc/containerd/config.toml -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.13", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Automated)", + "result": "INFO", + "details": "File not found", + "remediation": "Install auditd. Add -w /etc/sysconfig/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.14", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/containerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.15", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.16", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v1 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.17", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2 (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v2 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.18", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/runc (Automated)", + "result": "WARN", + "remediation": "Install auditd. Add -w /usr/bin/runc -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.2.1", + "desc": "Ensure the container host has been Hardened (Manual)", + "result": "INFO", + "remediation": "You may consider various Security Benchmarks for your container host.", + "remediation-impact": "None." + }, + { + "id": "1.2.2", + "desc": "Ensure that the version of Docker is up to date (Manual)", + "result": "INFO", + "details": "Using 20.10.17", + "remediation": "You should monitor versions of Docker releases and make sure your software is updated as required.", + "remediation-impact": "You should perform a risk assessment regarding Docker version updates and review how they may impact your operations." + } + ] + }, + { + "id": "2", + "desc": "Docker daemon configuration", + "results": [ + { + "id": "2.1", + "desc": "Run the Docker daemon as a non-root user, if possible (Manual)", + "result": "INFO", + "remediation": "Follow the current Dockerdocumentation on how to install the Docker daemon as a non-root user.", + "remediation-impact": "There are multiple prerequisites depending on which distribution that is in use, and also known limitations regarding networking and resource limitation. Running in rootless mode also changes the location of any configuration files in use, including all containers using the daemon." + }, + { + "id": "2.2", + "desc": "Ensure network traffic is restricted between containers on the default bridge (Scored)", + "result": "WARN", + "remediation": "Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: icc: false.", + "remediation-impact": "Inter-container communication is disabled on the default network bridge. If any communication between containers on the same host is desired, it needs to be explicitly defined using container linking or custom networks." + }, + { + "id": "2.3", + "desc": "Ensure the logging level is set to 'info' (Scored)", + "result": "PASS" + }, + { + "id": "2.4", + "desc": "Ensure Docker is allowed to make changes to iptables (Scored)", + "result": "PASS" + }, + { + "id": "2.5", + "desc": "Ensure insecure registries are not used (Scored)", + "result": "WARN", + "remediation": "You should ensure that no insecure registries are in use.", + "remediation-impact": "None." + }, + { + "id": "2.6", + "desc": "Ensure aufs storage driver is not used (Scored)", + "result": "PASS" + }, + { + "id": "2.7", + "desc": "Ensure TLS authentication for Docker daemon is configured (Scored)", + "result": "INFO", + "details": "Docker daemon not listening on TCP", + "remediation": "Follow the steps mentioned in the Docker documentation or other references. By default, TLS authentication is not configured.", + "remediation-impact": "You would need to manage and guard certificates and keys for the Docker daemon and Docker clients." + }, + { + "id": "2.8", + "desc": "Ensure the default ulimit is configured appropriately (Manual)", + "result": "INFO", + "details": "Default ulimit doesn't appear to be set", + "remediation": "Run Docker in daemon mode and pass --default-ulimit as option with respective ulimits as appropriate in your environment and in line with your security policy. Example: dockerd --default-ulimit nproc=1024:2048 --default-ulimit nofile=100:200", + "remediation-impact": "If ulimits are set incorrectly this could cause issues with system resources, possibly causing a denial of service condition." + }, + { + "id": "2.9", + "desc": "Enable user namespace support (Scored)", + "result": "WARN", + "remediation": "Please consult the Docker documentation for various ways in which this can be configured depending upon your requirements. The high-level steps are: Ensure that the files /etc/subuid and /etc/subgid exist. Start the docker daemon with --userns-remap flag.", + "remediation-impact": "User namespace remapping is incompatible with a number of Docker features and also currently breaks some of its functionalities." + }, + { + "id": "2.10", + "desc": "Ensure the default cgroup usage has been confirmed (Scored)", + "result": "PASS" + }, + { + "id": "2.11", + "desc": "Ensure base device size is not changed until needed (Scored)", + "result": "PASS" + }, + { + "id": "2.12", + "desc": "Ensure that authorization for Docker client commands is enabled (Scored)", + "result": "WARN", + "remediation": "Install/Create an authorization plugin. Configure the authorization policy as desired. Start the docker daemon using command dockerd --authorization-plugin=", + "remediation-impact": "Each Docker command needs to pass through the authorization plugin mechanism. This may have a performance impact" + }, + { + "id": "2.13", + "desc": "Ensure centralized and remote logging is configured (Scored)", + "result": "WARN", + "remediation": "Set up the desired log driver following its documentation. Start the docker daemon using that logging driver. Example: dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx", + "remediation-impact": "None." + }, + { + "id": "2.14", + "desc": "Ensure containers are restricted from acquiring new privileges (Scored)", + "result": "WARN", + "remediation": "You should run the Docker daemon using command: dockerd --no-new-privileges", + "remediation-impact": "no_new_priv prevents LSMs such as SELinux from escalating the privileges of individual containers." + }, + { + "id": "2.15", + "desc": "Ensure live restore is enabled (Scored)", + "result": "WARN", + "remediation": "Run Docker in daemon mode and pass --live-restore option.", + "remediation-impact": "None." + }, + { + "id": "2.16", + "desc": "Ensure Userland Proxy is Disabled (Scored)", + "result": "WARN", + "remediation": "You should run the Docker daemon using command: dockerd --userland-proxy=false", + "remediation-impact": "Some systems with older Linux kernels may not be able to support hairpin NAT and therefore require the userland proxy service. Also, some networking setups can be impacted by the removal of the userland proxy." + }, + { + "id": "2.17", + "desc": "Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Manual)", + "result": "PASS" + }, + { + "id": "2.18", + "desc": "Ensure that experimental features are not implemented in production (Scored)", + "result": "INFO", + "remediation": "You should not pass --experimental as a runtime parameter to the Docker daemon on production systems.", + "remediation-impact": "None." + } + ] + }, + { + "id": "3", + "desc": "Docker daemon configuration files", + "results": [ + { + "id": "3.1", + "desc": "Ensure that the docker.service file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.2", + "desc": "Ensure that docker.service file permissions are appropriately set (Automated)", + "result": "PASS" + }, + { + "id": "3.3", + "desc": "Ensure that docker.socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.4", + "desc": "Ensure that docker.socket file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.5", + "desc": "Ensure that the /etc/docker directory ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.6", + "desc": "Ensure that /etc/docker directory permissions are set to 755 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.7", + "desc": "Ensure that registry certificate file ownership is set to root:root (Automated)", + "result": "INFO", + "details": "Directory not found", + "remediation": "You should run the following command: chown root:root /etc/docker/certs.d//*. This would set the individual ownership and group ownership for the registry certificate files to root.", + "remediation-impact": "None." + }, + { + "id": "3.8", + "desc": "Ensure that registry certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "INFO", + "details": "Directory not found", + "remediation": "You should run the following command: chmod 444 /etc/docker/certs.d//*. This would set the permissions for the registry certificate files to 444.", + "remediation-impact": "None." + }, + { + "id": "3.9", + "desc": "Ensure that TLS CA certificate file ownership is set to root:root (Automated)", + "result": "INFO", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the TLS CA certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.10", + "desc": "Ensure that TLS CA certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "INFO", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions on the TLS CA file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.11", + "desc": "Ensure that Docker server certificate file ownership is set to root:root (Automated)", + "result": "INFO", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and the group ownership for the Docker server certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.12", + "desc": "Ensure that the Docker server certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "INFO", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions of the Docker server certificate file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.13", + "desc": "Ensure that the Docker server certificate key file ownership is set to root:root (Automated)", + "result": "INFO", + "details": "No TLS Key found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the Docker server certificate key file to root.", + "remediation-impact": "None." + }, + { + "id": "3.14", + "desc": "Ensure that the Docker server certificate key file permissions are set to 400 (Automated)", + "result": "INFO", + "details": "No TLS Key found", + "remediation": "You should run the following command: chmod 400 . This sets the Docker server certificate key file permissions to 400.", + "remediation-impact": "None." + }, + { + "id": "3.15", + "desc": "Ensure that the Docker socket file ownership is set to root:docker (Automated)", + "result": "PASS" + }, + { + "id": "3.16", + "desc": "Ensure that the Docker socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.17", + "desc": "Ensure that the daemon.json file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.18", + "desc": "Ensure that daemon.json file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.19", + "desc": "Ensure that the /etc/default/docker file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.20", + "desc": "Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "INFO", + "details": "File not found", + "remediation": "You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644.", + "remediation-impact": "None." + }, + { + "id": "3.21", + "desc": "Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)", + "result": "INFO", + "details": "File not found", + "remediation": "You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root.", + "remediation-impact": "None." + }, + { + "id": "3.22", + "desc": "Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.23", + "desc": "Ensure that the Containerd socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.24", + "desc": "Ensure that the Containerd socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "4", + "desc": "Container Images and Build File", + "results": [ + { + "id": "4.1", + "desc": "Ensure that a user for the container has been created (Automated)", + "result": "WARN", + "details": "running as root: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should ensure that the Dockerfile for each container image contains the information: USER . If there is no specific user created in the container base image, then make use of the useradd command to add a specific user before the USER instruction in the Dockerfile.", + "remediation-impact": "Running as a non-root user can present challenges where you wish to bind mount volumes from the underlying host. In this case, care should be taken to ensure that the user running the contained process can read and write to the bound directory, according to their requirements." + }, + { + "id": "4.2", + "desc": "Ensure that containers use only trusted base images (Manual)", + "result": "NOTE", + "remediation": "Configure and use Docker Content trust. View the history of each Docker image to evaluate its risk, dependent on the sensitivity of the application you wish to deploy using it. Scan Docker images for vulnerabilities at regular intervals.", + "remediation-impact": "None." + }, + { + "id": "4.3", + "desc": "Ensure that unnecessary packages are not installed in the container (Manual)", + "result": "NOTE", + "remediation": "You should not install anything within the container that is not required. You should consider using a minimal base image if you can. Some of the options available include BusyBox and Alpine. Not only can this trim your image size considerably, but there would also be fewer pieces of software which could contain vectors for attack.", + "remediation-impact": "None." + }, + { + "id": "4.4", + "desc": "Ensure images are scanned and rebuilt to include security patches (Manual)", + "result": "NOTE", + "remediation": "Images should be re-built ensuring that the latest version of the base images are used, to keep the operating system patch level at an appropriate level. Once the images have been re-built, containers should be re-started making use of the updated images.", + "remediation-impact": "None." + }, + { + "id": "4.5", + "desc": "Ensure Content trust for Docker is Enabled (Automated)", + "result": "NOTE", + "remediation": "Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo DOCKER_CONTENT_TRUST=1 | sudo tee -a /etc/environment.", + "remediation-impact": "This prevents users from working with tagged images unless they contain a signature." + }, + { + "id": "4.6", + "desc": "Ensure that HEALTHCHECK instructions have been added to container images (Automated)", + "result": "WARN", + "details": "Images w/o HEALTHCHECK: [wpscanteam/wpscan:latest] [rck:latest] bda1f32ec1e4 2d398157782a 7a8a1063c561 5f19144ab0b6 b10df0cd4a6a a867ff3a3e3c [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] cdcb9ae2d885 [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] 4e41a85f1af2 9262f2a9471b 2678608471c8 8919183187d6 dcce782aa487 184d8bf2f33f d875ec36b2b8 b5642ba43deb [gaportal:latest] 42a381593e41 ce311566f27c 79b0e16c1bad 68f9992d3cc7 14906f200691 4e393dbb9775 6c93966dc5fc 91322ae02f71 291a1f0d5cc1 74c1b9bc803e 927ab68fdca7 37b8ff914d01 35783d794ac1 f492f9238335 829f23a347cd d9f443233c10 e63a0b88ab31 286c369966a5 7f2f6c63605a 7ebb75d84380 4437516aaa14 e07c53151791 8cab67f5ecf4 1ee0fef66b38 4854b36cdf03 29a0d411a79f 77b8748b4973 e174bcfa574e 791989246c84 af05be4786a9 ea60df4d6bbf d0f4b3253e19 663b2cfdd453 a0626498f5c5 80c792ab0ae1 106befd07998 64f17a60cdd1 4927ce6e44b0 053ded55556e f83f7061e501 3f91fefd81f7 56e7c34300a3 40fa96ef3796 db517bb48152 91ea0a45ed64 61d8cd3970fb 456afead8bb9 [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] c51ad89c3650 89361d0f3618 c926bc9b2759 16bf40078206 0144cb47122e 05fa3b295790 e3fe14102ca7 4e9761616248 [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] 23a23dad37db [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [node:16-alpine] [ubuntu:20.04] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [alpine:3.15] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[wpscanteam/wpscan:latest]","[rck:latest]","bda1f32ec1e4","2d398157782a","7a8a1063c561","5f19144ab0b6","b10df0cd4a6a","a867ff3a3e3c","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","cdcb9ae2d885","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","4e41a85f1af2","9262f2a9471b","2678608471c8","8919183187d6","dcce782aa487","184d8bf2f33f","d875ec36b2b8","b5642ba43deb","[gaportal:latest]","42a381593e41","ce311566f27c","79b0e16c1bad","68f9992d3cc7","14906f200691","4e393dbb9775","6c93966dc5fc","91322ae02f71","291a1f0d5cc1","74c1b9bc803e","927ab68fdca7","37b8ff914d01","35783d794ac1","f492f9238335","829f23a347cd","d9f443233c10","e63a0b88ab31","286c369966a5","7f2f6c63605a","7ebb75d84380","4437516aaa14","e07c53151791","8cab67f5ecf4","1ee0fef66b38","4854b36cdf03","29a0d411a79f","77b8748b4973","e174bcfa574e","791989246c84","af05be4786a9","ea60df4d6bbf","d0f4b3253e19","663b2cfdd453","a0626498f5c5","80c792ab0ae1","106befd07998","64f17a60cdd1","4927ce6e44b0","053ded55556e","f83f7061e501","3f91fefd81f7","56e7c34300a3","40fa96ef3796","db517bb48152","91ea0a45ed64","61d8cd3970fb","456afead8bb9","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","c51ad89c3650","89361d0f3618","c926bc9b2759","16bf40078206","0144cb47122e","05fa3b295790","e3fe14102ca7","4e9761616248","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","23a23dad37db","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[node:16-alpine]","[ubuntu:20.04]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[alpine:3.15]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should follow the Docker documentation and rebuild your container images to include the HEALTHCHECK instruction.", + "remediation-impact": "None." + }, + { + "id": "4.7", + "desc": "Ensure update instructions are not used alone in the Dockerfile (Manual)", + "result": "INFO", + "details": "Update instructions found: [rck:latest] [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [gaportal:latest] [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [mobsf_mobsf:latest] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[rck:latest]","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[gaportal:latest]","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[mobsf_mobsf:latest]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should use update instructions together with install instructions and version pinning for packages while installing them. This prevent caching and force the extraction of the required versions. Alternatively, you could use the --no-cache flag during the docker build process to avoid using cached layers.", + "remediation-impact": "None." + }, + { + "id": "4.8", + "desc": "Ensure setuid and setgid permissions are removed (Manual)", + "result": "NOTE", + "remediation": "You should allow setuid and setgid permissions only on executables which require them. You could remove these permissions at build time by adding the following command in your Dockerfile, preferably towards the end of the Dockerfile: RUN find / -perm /6000 -type f -exec chmod a-s {} ; || true", + "remediation-impact": "The above command would break all executables that depend on setuid or setgid permissions including legitimate ones. You should therefore be careful to modify the command to suit your requirements so that it does not reduce the permissions of legitimate programs excessively. Because of this, you should exercise a degree of caution and examine all processes carefully before making this type of modification in order to avoid outages." + }, + { + "id": "4.9", + "desc": "Ensure that COPY is used instead of ADD in Dockerfiles (Manual)", + "result": "INFO", + "details": "Images using ADD: [fedora:30]", + "items": [ + "[fedora:30]" + ], + "remediation": "You should use COPY rather than ADD instructions in Dockerfiles.", + "remediation-impact": "Care needs to be taken in implementing this control if the application requires functionality that is part of the ADD instruction, for example, if you need to retrieve files from remote URLS." + }, + { + "id": "4.10", + "desc": "Ensure secrets are not stored in Dockerfiles (Manual)", + "result": "NOTE", + "remediation": "Do not store any kind of secrets within Dockerfiles. Where secrets are required during the build process, make use of a secrets management tool, such as the buildkit builder included with Docker.", + "remediation-impact": "A proper secrets management process will be required for Docker image building." + }, + { + "id": "4.11", + "desc": "Ensure only verified packages are installed (Manual)", + "result": "NOTE", + "remediation": "You should use a secure package distribution mechanism of your choice to ensure the authenticity of software packages.", + "remediation-impact": "None." + }, + { + "id": "4.12", + "desc": "Ensure all signed artifacts are validated (Manual)", + "result": "NOTE", + "remediation": "Validate artifacts signatures before uploading to the package registry.", + "remediation-impact": "None." + } + ] + }, + { + "id": "5", + "desc": "Container Runtime", + "results": [ + { + "id": "5.1", + "desc": "Ensure that, if applicable, an AppArmor Profile is enabled (Automated)", + "result": "PASS" + }, + { + "id": "5.2", + "desc": "Ensure that, if applicable, SELinux security options are set (Automated)", + "result": "WARN", + "details": "Containers with no SecurityOptions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Set the SELinux State. Set the SELinux Policy. Create or import a SELinux policy template for Docker containers. Start Docker in daemon mode with SELinux enabled. Start your Docker container using the security options.", + "remediation-impact": "Any restrictions defined in the SELinux policy will be applied to your containers. It should be noted that if your SELinux policy is misconfigured, this may have an impact on the correct operation of the affected containers." + }, + { + "id": "5.3", + "desc": "Ensure that Linux kernel capabilities are restricted within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.4", + "desc": "Ensure that privileged containers are not used (Automated)", + "result": "PASS" + }, + { + "id": "5.5", + "desc": "Ensure sensitive host system directories are not mounted on containers (Automated)", + "result": "PASS" + }, + { + "id": "5.6", + "desc": "Ensure sshd is not run within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.7", + "desc": "Ensure privileged ports are not mapped within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.8", + "desc": "Ensure that only needed ports are open on the container (Manual)", + "result": "WARN", + "details": "Containers with open ports: mobsf_postgres_1:5432", + "items": [ + "mobsf_postgres_1:5432" + ], + "remediation": "You should ensure that the Dockerfile for each container image only exposes needed ports.", + "remediation-impact": "None." + }, + { + "id": "5.9", + "desc": "Ensure that the host's network namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.10", + "desc": "Ensure that the memory usage for containers is limited (Automated)", + "result": "WARN", + "details": "Container running without memory restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should run the container with only as much memory as it requires by using the --memory argument.", + "remediation-impact": "If correct memory limits are not set on each container, one process can expand its usage and cause other containers to run out of resources." + }, + { + "id": "5.11", + "desc": "Ensure that CPU priority is set appropriately on containers (Automated)", + "result": "WARN", + "details": "Containers running without CPU restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should manage the CPU runtime between your containers dependent on their priority within your organization. To do so start the container using the --cpu-shares argument.", + "remediation-impact": "If you do not correctly assign CPU thresholds, the container process may run out of resources and become unresponsive. If CPU resources on the host are not constrainted, CPU shares do not place any restrictions on individual resources." + }, + { + "id": "5.12", + "desc": "Ensure that the container's root filesystem is mounted as read only (Automated)", + "result": "WARN", + "details": "Containers running with root FS mounted R/W: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should add a --read-only flag at a container's runtime to enforce the container's root filesystem being mounted as read only.", + "remediation-impact": "Enabling --read-only at container runtime may break some container OS packages if a data writing strategy is not defined. You should define what the container's data should and should not persist at runtime in order to decide which strategy to use." + }, + { + "id": "5.13", + "desc": "Ensure that incoming container traffic is bound to a specific host interface (Automated)", + "result": "WARN", + "details": "Containers with port bound to wildcard IP: mobsf_postgres_1:0.0.0.0", + "items": [ + "mobsf_postgres_1:0.0.0.0" + ], + "remediation": "You should bind the container port to a specific host interface on the desired host port. Example: docker run --detach --publish 10.2.3.4:49153:80 nginx In this example, the container port 80 is bound to the host port on 49153 and would accept incoming connection only from the 10.2.3.4 external interface.", + "remediation-impact": "None." + }, + { + "id": "5.14", + "desc": "Ensure that the 'on-failure' container restart policy is set to '5' (Automated)", + "result": "WARN", + "details": "Containers with MaximumRetryCount not set to 5: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "If you wish a container to be automatically restarted, a sample command is docker run --detach --restart=on-failure:5 nginx", + "remediation-impact": "If this option is set, a container will only attempt to restart itself 5 times." + }, + { + "id": "5.15", + "desc": "Ensure that the host's process namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.16", + "desc": "Ensure that the host's IPC namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.17", + "desc": "Ensure that host devices are not directly exposed to containers (Manual)", + "result": "PASS" + }, + { + "id": "5.18", + "desc": "Ensure that the default ulimit is overwritten at runtime if needed (Manual)", + "result": "INFO", + "details": "Containers with no default ulimit override: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should only override the default ulimit settings if needed in a specific case.", + "remediation-impact": "If ulimits are not set correctly, overutilization by individual containers could make the host system unusable." + }, + { + "id": "5.19", + "desc": "Ensure mount propagation mode is not set to shared (Automated)", + "result": "PASS" + }, + { + "id": "5.20", + "desc": "Ensure that the host's UTS namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.21", + "desc": "Ensure the default seccomp profile is not Disabled (Automated)", + "result": "PASS" + }, + { + "id": "5.22", + "desc": "Ensure that docker exec commands are not used with the privileged option (Automated)", + "result": "NOTE", + "remediation": "You should not use the --privileged option in docker exec commands.", + "remediation-impact": "If you need enhanced capabilities within a container, then run it with all the permissions it requires. These should be specified individually." + }, + { + "id": "5.23", + "desc": "Ensure that docker exec commands are not used with the user=root option (Manual)", + "result": "NOTE", + "remediation": "You should not use the --user=root option in docker exec commands.", + "remediation-impact": "None." + }, + { + "id": "5.24", + "desc": "Ensure that cgroup usage is confirmed (Automated)", + "result": "PASS" + }, + { + "id": "5.25", + "desc": "Ensure that the container is restricted from acquiring additional privileges (Automated)", + "result": "WARN", + "details": "Containers without restricted privileges: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should start your container with the options: docker run --rm -it --security-opt=no-new-privileges ubuntu bash", + "remediation-impact": "The no_new_priv option prevents LSMs like SELinux from allowing processes to acquire new privileges." + }, + { + "id": "5.26", + "desc": "Ensure that container health is checked at runtime (Automated)", + "result": "PASS" + }, + { + "id": "5.27", + "desc": "Ensure that Docker commands always make use of the latest version of their image (Manual)", + "result": "INFO", + "remediation": "You should use proper version pinning mechanisms (the tag which is assigned by default is still vulnerable to caching attacks) to avoid extracting cached older versions. Version pinning mechanisms should be used for base images, packages, and entire images. You can customize version pinning rules according to your requirements.", + "remediation-impact": "None." + }, + { + "id": "5.28", + "desc": "Ensure that the PIDs cgroup limit is used (Automated)", + "result": "WARN", + "details": "Containers without PIDs cgroup limit: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Use --pids-limit flag with an appropriate value when launching the container.", + "remediation-impact": "Set the PIDs limit value as appropriate. Incorrect values might leave containers unusable." + }, + { + "id": "5.29", + "desc": "Ensure that Docker's default bridge 'docker0' is not used (Manual)", + "result": "PASS" + }, + { + "id": "5.30", + "desc": "Ensure that the host's user namespaces are not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.31", + "desc": "Ensure that the Docker socket is not mounted inside any containers (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "6", + "desc": "Docker Security Operations", + "results": [ + { + "id": "6.1", + "desc": "Ensure that image sprawl is avoided (Manual)", + "result": "INFO", + "details": "0 active/96 in use", + "remediation": "You should keep only the images that you actually need and establish a workflow to remove old or stale images from the host. Additionally, you should use features such as pull-by-digest to get specific images from the registry.", + "remediation-impact": "docker system prune -a removes all exited containers as well as all images and volumes that are not referenced by running containers, including for UCP and DTR." + }, + { + "id": "6.2", + "desc": "Ensure that container sprawl is avoided (Manual)", + "result": "INFO", + "details": "93 total/1 running", + "remediation": "You should periodically check your container inventory on each host and clean up containers which are not in active use with the command: docker container prune", + "remediation-impact": "You should retain containers that are actively in use, and delete ones which are no longer needed." + } + ] + }, + { + "id": "7", + "desc": "Docker Swarm Configuration", + "results": [ + { + "id": "7.1", + "desc": "Ensure swarm mode is not Enabled, if not needed (Automated)", + "result": "PASS" + }, + { + "id": "7.2", + "desc": "Ensure that the minimum number of manager nodes have been created in a swarm (Automated)", + "result": "PASS" + }, + { + "id": "7.3", + "desc": "Ensure that swarm services are bound to a specific host interface (Automated)", + "result": "PASS" + }, + { + "id": "7.4", + "desc": "Ensure that all Docker swarm overlay networks are encrypted (Automated)", + "result": "PASS" + }, + { + "id": "7.5", + "desc": "Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster (Manual)", + "result": "PASS" + }, + { + "id": "7.6", + "desc": "Ensure that swarm manager is run in auto-lock mode (Automated)", + "result": "PASS" + }, + { + "id": "7.7", + "desc": "Ensure that the swarm manager auto-lock key is rotated periodically (Manual)", + "result": "PASS" + }, + { + "id": "7.8", + "desc": "Ensure that node certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.9", + "desc": "Ensure that CA certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.10", + "desc": "Ensure that management plane traffic is separated from data plane traffic (Manual)", + "result": "PASS" + } + ] + } + ], + "checks": 117, + "score": 6, + "end": 1659371409 +} \ No newline at end of file diff --git a/unittests/scans/dockerbench/docker-bench-report-single-vuln.json b/unittests/scans/dockerbench/docker-bench-report-single-vuln.json new file mode 100644 index 00000000000..0c972ed7daa --- /dev/null +++ b/unittests/scans/dockerbench/docker-bench-report-single-vuln.json @@ -0,0 +1,853 @@ +{ + "dockerbenchsecurity": "1.3.6", + "start": 1659371395, + "tests": [ + { + "id": "1", + "desc": "Host Configuration", + "results": [ + { + "id": "1.1.1", + "desc": "Ensure a separate partition for containers has been created (Automated)", + "result": "PASS", + "remediation": "For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition.", + "remediation-impact": "None." + }, + { + "id": "1.1.2", + "desc": "Ensure only trusted users are allowed to control Docker daemon (Automated)", + "result": "PASS", + "details": "doubtfulusers: jubjubbird", + "items": [ + "jubjubbird" + ], + "remediation": "You should remove any untrusted users from the docker group using command sudo gpasswd -d docker or add trusted users to the docker group using command sudo usermod -aG docker . You should not create a mapping of sensitive directories from the host to container volumes.", + "remediation-impact": "Only trust user are allow to build and execute containers as normal user." + }, + { + "id": "1.1.3", + "desc": "Ensure auditing is configured for the Docker daemon (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/dockerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.4", + "desc": "Ensure auditing is configured for Docker files and directories -/run/containerd (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -a exit,always -F path=/run/containerd -F perm=war -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.5", + "desc": "Ensure auditing is configured for Docker files and directories - /var/lib/docker (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "Install auditd. Add -w /var/lib/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.6", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/docker (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.7", + "desc": "Ensure auditing is configured for Docker files and directories - docker.service (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.service -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.8", + "desc": "Ensure auditing is configured for Docker files and directories - containerd.sock (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "Install auditd. Add -w -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.9", + "desc": "Ensure auditing is configured for Docker files and directories - docker.socket (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.socket -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.10", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/default/docker (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/default/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.11", + "desc": "Ensure auditing is configured for Dockerfiles and directories - /etc/docker/daemon.json (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.12", + "desc": "1.1.12 Ensure auditing is configured for Dockerfiles and directories - /etc/containerd/config.toml (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/containerd/config.toml -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.13", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "Install auditd. Add -w /etc/sysconfig/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.14", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.15", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.16", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v1 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.17", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2 (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v2 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.18", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/runc (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/runc -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.2.1", + "desc": "Ensure the container host has been Hardened (Manual)", + "result": "PASS", + "remediation": "You may consider various Security Benchmarks for your container host.", + "remediation-impact": "None." + }, + { + "id": "1.2.2", + "desc": "Ensure that the version of Docker is up to date (Manual)", + "result": "PASS", + "details": "Using 20.10.17", + "remediation": "You should monitor versions of Docker releases and make sure your software is updated as required.", + "remediation-impact": "You should perform a risk assessment regarding Docker version updates and review how they may impact your operations." + } + ] + }, + { + "id": "2", + "desc": "Docker daemon configuration", + "results": [ + { + "id": "2.1", + "desc": "Run the Docker daemon as a non-root user, if possible (Manual)", + "result": "PASS", + "remediation": "Follow the current Dockerdocumentation on how to install the Docker daemon as a non-root user.", + "remediation-impact": "There are multiple prerequisites depending on which distribution that is in use, and also known limitations regarding networking and resource limitation. Running in rootless mode also changes the location of any configuration files in use, including all containers using the daemon." + }, + { + "id": "2.2", + "desc": "Ensure network traffic is restricted between containers on the default bridge (Scored)", + "result": "PASS", + "remediation": "Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: icc: false.", + "remediation-impact": "Inter-container communication is disabled on the default network bridge. If any communication between containers on the same host is desired, it needs to be explicitly defined using container linking or custom networks." + }, + { + "id": "2.3", + "desc": "Ensure the logging level is set to 'info' (Scored)", + "result": "PASS" + }, + { + "id": "2.4", + "desc": "Ensure Docker is allowed to make changes to iptables (Scored)", + "result": "PASS" + }, + { + "id": "2.5", + "desc": "Ensure insecure registries are not used (Scored)", + "result": "PASS", + "remediation": "You should ensure that no insecure registries are in use.", + "remediation-impact": "None." + }, + { + "id": "2.6", + "desc": "Ensure aufs storage driver is not used (Scored)", + "result": "PASS" + }, + { + "id": "2.7", + "desc": "Ensure TLS authentication for Docker daemon is configured (Scored)", + "result": "PASS", + "details": "Docker daemon not listening on TCP", + "remediation": "Follow the steps mentioned in the Docker documentation or other references. By default, TLS authentication is not configured.", + "remediation-impact": "You would need to manage and guard certificates and keys for the Docker daemon and Docker clients." + }, + { + "id": "2.8", + "desc": "Ensure the default ulimit is configured appropriately (Manual)", + "result": "PASS", + "details": "Default ulimit doesn't appear to be set", + "remediation": "Run Docker in daemon mode and pass --default-ulimit as option with respective ulimits as appropriate in your environment and in line with your security policy. Example: dockerd --default-ulimit nproc=1024:2048 --default-ulimit nofile=100:200", + "remediation-impact": "If ulimits are set incorrectly this could cause issues with system resources, possibly causing a denial of service condition." + }, + { + "id": "2.9", + "desc": "Enable user namespace support (Scored)", + "result": "PASS", + "remediation": "Please consult the Docker documentation for various ways in which this can be configured depending upon your requirements. The high-level steps are: Ensure that the files /etc/subuid and /etc/subgid exist. Start the docker daemon with --userns-remap flag.", + "remediation-impact": "User namespace remapping is incompatible with a number of Docker features and also currently breaks some of its functionalities." + }, + { + "id": "2.10", + "desc": "Ensure the default cgroup usage has been confirmed (Scored)", + "result": "PASS" + }, + { + "id": "2.11", + "desc": "Ensure base device size is not changed until needed (Scored)", + "result": "WARN", + "remediation": "some kind of remediation could be here" + }, + { + "id": "2.12", + "desc": "Ensure that authorization for Docker client commands is enabled (Scored)", + "result": "PASS", + "remediation": "Install/Create an authorization plugin. Configure the authorization policy as desired. Start the docker daemon using command dockerd --authorization-plugin=", + "remediation-impact": "Each Docker command needs to pass through the authorization plugin mechanism. This may have a performance impact" + }, + { + "id": "2.13", + "desc": "Ensure centralized and remote logging is configured (Scored)", + "result": "PASS", + "remediation": "Set up the desired log driver following its documentation. Start the docker daemon using that logging driver. Example: dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx", + "remediation-impact": "None." + }, + { + "id": "2.14", + "desc": "Ensure containers are restricted from acquiring new privileges (Scored)", + "result": "PASS", + "remediation": "You should run the Docker daemon using command: dockerd --no-new-privileges", + "remediation-impact": "no_new_priv prevents LSMs such as SELinux from escalating the privileges of individual containers." + }, + { + "id": "2.15", + "desc": "Ensure live restore is enabled (Scored)", + "result": "PASS", + "remediation": "Run Docker in daemon mode and pass --live-restore option.", + "remediation-impact": "None." + }, + { + "id": "2.16", + "desc": "Ensure Userland Proxy is Disabled (Scored)", + "result": "PASS", + "remediation": "You should run the Docker daemon using command: dockerd --userland-proxy=false", + "remediation-impact": "Some systems with older Linux kernels may not be able to support hairpin NAT and therefore require the userland proxy service. Also, some networking setups can be impacted by the removal of the userland proxy." + }, + { + "id": "2.17", + "desc": "Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Manual)", + "result": "PASS" + }, + { + "id": "2.18", + "desc": "Ensure that experimental features are not implemented in production (Scored)", + "result": "PASS", + "remediation": "You should not pass --experimental as a runtime parameter to the Docker daemon on production systems.", + "remediation-impact": "None." + } + ] + }, + { + "id": "3", + "desc": "Docker daemon configuration files", + "results": [ + { + "id": "3.1", + "desc": "Ensure that the docker.service file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.2", + "desc": "Ensure that docker.service file permissions are appropriately set (Automated)", + "result": "PASS" + }, + { + "id": "3.3", + "desc": "Ensure that docker.socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.4", + "desc": "Ensure that docker.socket file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.5", + "desc": "Ensure that the /etc/docker directory ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.6", + "desc": "Ensure that /etc/docker directory permissions are set to 755 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.7", + "desc": "Ensure that registry certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "You should run the following command: chown root:root /etc/docker/certs.d//*. This would set the individual ownership and group ownership for the registry certificate files to root.", + "remediation-impact": "None." + }, + { + "id": "3.8", + "desc": "Ensure that registry certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "You should run the following command: chmod 444 /etc/docker/certs.d//*. This would set the permissions for the registry certificate files to 444.", + "remediation-impact": "None." + }, + { + "id": "3.9", + "desc": "Ensure that TLS CA certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the TLS CA certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.10", + "desc": "Ensure that TLS CA certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions on the TLS CA file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.11", + "desc": "Ensure that Docker server certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and the group ownership for the Docker server certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.12", + "desc": "Ensure that the Docker server certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions of the Docker server certificate file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.13", + "desc": "Ensure that the Docker server certificate key file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS Key found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the Docker server certificate key file to root.", + "remediation-impact": "None." + }, + { + "id": "3.14", + "desc": "Ensure that the Docker server certificate key file permissions are set to 400 (Automated)", + "result": "PASS", + "details": "No TLS Key found", + "remediation": "You should run the following command: chmod 400 . This sets the Docker server certificate key file permissions to 400.", + "remediation-impact": "None." + }, + { + "id": "3.15", + "desc": "Ensure that the Docker socket file ownership is set to root:docker (Automated)", + "result": "PASS" + }, + { + "id": "3.16", + "desc": "Ensure that the Docker socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.17", + "desc": "Ensure that the daemon.json file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.18", + "desc": "Ensure that daemon.json file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.19", + "desc": "Ensure that the /etc/default/docker file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.20", + "desc": "Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644.", + "remediation-impact": "None." + }, + { + "id": "3.21", + "desc": "Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root.", + "remediation-impact": "None." + }, + { + "id": "3.22", + "desc": "Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.23", + "desc": "Ensure that the Containerd socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.24", + "desc": "Ensure that the Containerd socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "4", + "desc": "Container Images and Build File", + "results": [ + { + "id": "4.1", + "desc": "Ensure that a user for the container has been created (Automated)", + "result": "PASS", + "details": "running as root: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should ensure that the Dockerfile for each container image contains the information: USER . If there is no specific user created in the container base image, then make use of the useradd command to add a specific user before the USER instruction in the Dockerfile.", + "remediation-impact": "Running as a non-root user can present challenges where you wish to bind mount volumes from the underlying host. In this case, care should be taken to ensure that the user running the contained process can read and write to the bound directory, according to their requirements." + }, + { + "id": "4.2", + "desc": "Ensure that containers use only trusted base images (Manual)", + "result": "NOTE", + "remediation": "Configure and use Docker Content trust. View the history of each Docker image to evaluate its risk, dependent on the sensitivity of the application you wish to deploy using it. Scan Docker images for vulnerabilities at regular intervals.", + "remediation-impact": "None." + }, + { + "id": "4.3", + "desc": "Ensure that unnecessary packages are not installed in the container (Manual)", + "result": "NOTE", + "remediation": "You should not install anything within the container that is not required. You should consider using a minimal base image if you can. Some of the options available include BusyBox and Alpine. Not only can this trim your image size considerably, but there would also be fewer pieces of software which could contain vectors for attack.", + "remediation-impact": "None." + }, + { + "id": "4.4", + "desc": "Ensure images are scanned and rebuilt to include security patches (Manual)", + "result": "NOTE", + "remediation": "Images should be re-built ensuring that the latest version of the base images are used, to keep the operating system patch level at an appropriate level. Once the images have been re-built, containers should be re-started making use of the updated images.", + "remediation-impact": "None." + }, + { + "id": "4.5", + "desc": "Ensure Content trust for Docker is Enabled (Automated)", + "result": "PASS", + "remediation": "Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo DOCKER_CONTENT_TRUST=1 | sudo tee -a /etc/environment.", + "remediation-impact": "This prevents users from working with tagged images unless they contain a signature." + }, + { + "id": "4.6", + "desc": "Ensure that HEALTHCHECK instructions have been added to container images (Automated)", + "result": "PASS", + "details": "Images w/o HEALTHCHECK: [wpscanteam/wpscan:latest] [rck:latest] bda1f32ec1e4 2d398157782a 7a8a1063c561 5f19144ab0b6 b10df0cd4a6a a867ff3a3e3c [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] cdcb9ae2d885 [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] 4e41a85f1af2 9262f2a9471b 2678608471c8 8919183187d6 dcce782aa487 184d8bf2f33f d875ec36b2b8 b5642ba43deb [gaportal:latest] 42a381593e41 ce311566f27c 79b0e16c1bad 68f9992d3cc7 14906f200691 4e393dbb9775 6c93966dc5fc 91322ae02f71 291a1f0d5cc1 74c1b9bc803e 927ab68fdca7 37b8ff914d01 35783d794ac1 f492f9238335 829f23a347cd d9f443233c10 e63a0b88ab31 286c369966a5 7f2f6c63605a 7ebb75d84380 4437516aaa14 e07c53151791 8cab67f5ecf4 1ee0fef66b38 4854b36cdf03 29a0d411a79f 77b8748b4973 e174bcfa574e 791989246c84 af05be4786a9 ea60df4d6bbf d0f4b3253e19 663b2cfdd453 a0626498f5c5 80c792ab0ae1 106befd07998 64f17a60cdd1 4927ce6e44b0 053ded55556e f83f7061e501 3f91fefd81f7 56e7c34300a3 40fa96ef3796 db517bb48152 91ea0a45ed64 61d8cd3970fb 456afead8bb9 [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] c51ad89c3650 89361d0f3618 c926bc9b2759 16bf40078206 0144cb47122e 05fa3b295790 e3fe14102ca7 4e9761616248 [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] 23a23dad37db [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [node:16-alpine] [ubuntu:20.04] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [alpine:3.15] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[wpscanteam/wpscan:latest]","[rck:latest]","bda1f32ec1e4","2d398157782a","7a8a1063c561","5f19144ab0b6","b10df0cd4a6a","a867ff3a3e3c","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","cdcb9ae2d885","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","4e41a85f1af2","9262f2a9471b","2678608471c8","8919183187d6","dcce782aa487","184d8bf2f33f","d875ec36b2b8","b5642ba43deb","[gaportal:latest]","42a381593e41","ce311566f27c","79b0e16c1bad","68f9992d3cc7","14906f200691","4e393dbb9775","6c93966dc5fc","91322ae02f71","291a1f0d5cc1","74c1b9bc803e","927ab68fdca7","37b8ff914d01","35783d794ac1","f492f9238335","829f23a347cd","d9f443233c10","e63a0b88ab31","286c369966a5","7f2f6c63605a","7ebb75d84380","4437516aaa14","e07c53151791","8cab67f5ecf4","1ee0fef66b38","4854b36cdf03","29a0d411a79f","77b8748b4973","e174bcfa574e","791989246c84","af05be4786a9","ea60df4d6bbf","d0f4b3253e19","663b2cfdd453","a0626498f5c5","80c792ab0ae1","106befd07998","64f17a60cdd1","4927ce6e44b0","053ded55556e","f83f7061e501","3f91fefd81f7","56e7c34300a3","40fa96ef3796","db517bb48152","91ea0a45ed64","61d8cd3970fb","456afead8bb9","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","c51ad89c3650","89361d0f3618","c926bc9b2759","16bf40078206","0144cb47122e","05fa3b295790","e3fe14102ca7","4e9761616248","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","23a23dad37db","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[node:16-alpine]","[ubuntu:20.04]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[alpine:3.15]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should follow the Docker documentation and rebuild your container images to include the HEALTHCHECK instruction.", + "remediation-impact": "None." + }, + { + "id": "4.7", + "desc": "Ensure update instructions are not used alone in the Dockerfile (Manual)", + "result": "PASS", + "details": "Update instructions found: [rck:latest] [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [gaportal:latest] [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [mobsf_mobsf:latest] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[rck:latest]","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[gaportal:latest]","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[mobsf_mobsf:latest]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should use update instructions together with install instructions and version pinning for packages while installing them. This prevent caching and force the extraction of the required versions. Alternatively, you could use the --no-cache flag during the docker build process to avoid using cached layers.", + "remediation-impact": "None." + }, + { + "id": "4.8", + "desc": "Ensure setuid and setgid permissions are removed (Manual)", + "result": "NOTE", + "remediation": "You should allow setuid and setgid permissions only on executables which require them. You could remove these permissions at build time by adding the following command in your Dockerfile, preferably towards the end of the Dockerfile: RUN find / -perm /6000 -type f -exec chmod a-s {} ; || true", + "remediation-impact": "The above command would break all executables that depend on setuid or setgid permissions including legitimate ones. You should therefore be careful to modify the command to suit your requirements so that it does not reduce the permissions of legitimate programs excessively. Because of this, you should exercise a degree of caution and examine all processes carefully before making this type of modification in order to avoid outages." + }, + { + "id": "4.9", + "desc": "Ensure that COPY is used instead of ADD in Dockerfiles (Manual)", + "result": "PASS", + "details": "Images using ADD: [fedora:30]", + "items": [ + "[fedora:30]" + ], + "remediation": "You should use COPY rather than ADD instructions in Dockerfiles.", + "remediation-impact": "Care needs to be taken in implementing this control if the application requires functionality that is part of the ADD instruction, for example, if you need to retrieve files from remote URLS." + }, + { + "id": "4.10", + "desc": "Ensure secrets are not stored in Dockerfiles (Manual)", + "result": "NOTE", + "remediation": "Do not store any kind of secrets within Dockerfiles. Where secrets are required during the build process, make use of a secrets management tool, such as the buildkit builder included with Docker.", + "remediation-impact": "A proper secrets management process will be required for Docker image building." + }, + { + "id": "4.11", + "desc": "Ensure only verified packages are installed (Manual)", + "result": "NOTE", + "remediation": "You should use a secure package distribution mechanism of your choice to ensure the authenticity of software packages.", + "remediation-impact": "None." + }, + { + "id": "4.12", + "desc": "Ensure all signed artifacts are validated (Manual)", + "result": "NOTE", + "remediation": "Validate artifacts signatures before uploading to the package registry.", + "remediation-impact": "None." + } + ] + }, + { + "id": "5", + "desc": "Container Runtime", + "results": [ + { + "id": "5.1", + "desc": "Ensure that, if applicable, an AppArmor Profile is enabled (Automated)", + "result": "PASS" + }, + { + "id": "5.2", + "desc": "Ensure that, if applicable, SELinux security options are set (Automated)", + "result": "PASS", + "details": "Containers with no SecurityOptions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Set the SELinux State. Set the SELinux Policy. Create or import a SELinux policy template for Docker containers. Start Docker in daemon mode with SELinux enabled. Start your Docker container using the security options.", + "remediation-impact": "Any restrictions defined in the SELinux policy will be applied to your containers. It should be noted that if your SELinux policy is misconfigured, this may have an impact on the correct operation of the affected containers." + }, + { + "id": "5.3", + "desc": "Ensure that Linux kernel capabilities are restricted within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.4", + "desc": "Ensure that privileged containers are not used (Automated)", + "result": "PASS" + }, + { + "id": "5.5", + "desc": "Ensure sensitive host system directories are not mounted on containers (Automated)", + "result": "PASS" + }, + { + "id": "5.6", + "desc": "Ensure sshd is not run within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.7", + "desc": "Ensure privileged ports are not mapped within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.8", + "desc": "Ensure that only needed ports are open on the container (Manual)", + "result": "PASS", + "details": "Containers with open ports: mobsf_postgres_1:5432", + "items": [ + "mobsf_postgres_1:5432" + ], + "remediation": "You should ensure that the Dockerfile for each container image only exposes needed ports.", + "remediation-impact": "None." + }, + { + "id": "5.9", + "desc": "Ensure that the host's network namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.10", + "desc": "Ensure that the memory usage for containers is limited (Automated)", + "result": "PASS", + "details": "Container running without memory restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should run the container with only as much memory as it requires by using the --memory argument.", + "remediation-impact": "If correct memory limits are not set on each container, one process can expand its usage and cause other containers to run out of resources." + }, + { + "id": "5.11", + "desc": "Ensure that CPU priority is set appropriately on containers (Automated)", + "result": "PASS", + "details": "Containers running without CPU restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should manage the CPU runtime between your containers dependent on their priority within your organization. To do so start the container using the --cpu-shares argument.", + "remediation-impact": "If you do not correctly assign CPU thresholds, the container process may run out of resources and become unresponsive. If CPU resources on the host are not constrainted, CPU shares do not place any restrictions on individual resources." + }, + { + "id": "5.12", + "desc": "Ensure that the container's root filesystem is mounted as read only (Automated)", + "result": "PASS", + "details": "Containers running with root FS mounted R/W: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should add a --read-only flag at a container's runtime to enforce the container's root filesystem being mounted as read only.", + "remediation-impact": "Enabling --read-only at container runtime may break some container OS packages if a data writing strategy is not defined. You should define what the container's data should and should not persist at runtime in order to decide which strategy to use." + }, + { + "id": "5.13", + "desc": "Ensure that incoming container traffic is bound to a specific host interface (Automated)", + "result": "PASS", + "details": "Containers with port bound to wildcard IP: mobsf_postgres_1:0.0.0.0", + "items": [ + "mobsf_postgres_1:0.0.0.0" + ], + "remediation": "You should bind the container port to a specific host interface on the desired host port. Example: docker run --detach --publish 10.2.3.4:49153:80 nginx In this example, the container port 80 is bound to the host port on 49153 and would accept incoming connection only from the 10.2.3.4 external interface.", + "remediation-impact": "None." + }, + { + "id": "5.14", + "desc": "Ensure that the 'on-failure' container restart policy is set to '5' (Automated)", + "result": "PASS", + "details": "Containers with MaximumRetryCount not set to 5: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "If you wish a container to be automatically restarted, a sample command is docker run --detach --restart=on-failure:5 nginx", + "remediation-impact": "If this option is set, a container will only attempt to restart itself 5 times." + }, + { + "id": "5.15", + "desc": "Ensure that the host's process namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.16", + "desc": "Ensure that the host's IPC namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.17", + "desc": "Ensure that host devices are not directly exposed to containers (Manual)", + "result": "PASS" + }, + { + "id": "5.18", + "desc": "Ensure that the default ulimit is overwritten at runtime if needed (Manual)", + "result": "PASS", + "details": "Containers with no default ulimit override: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should only override the default ulimit settings if needed in a specific case.", + "remediation-impact": "If ulimits are not set correctly, overutilization by individual containers could make the host system unusable." + }, + { + "id": "5.19", + "desc": "Ensure mount propagation mode is not set to shared (Automated)", + "result": "PASS" + }, + { + "id": "5.20", + "desc": "Ensure that the host's UTS namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.21", + "desc": "Ensure the default seccomp profile is not Disabled (Automated)", + "result": "PASS" + }, + { + "id": "5.22", + "desc": "Ensure that docker exec commands are not used with the privileged option (Automated)", + "result": "PASS", + "remediation": "You should not use the --privileged option in docker exec commands.", + "remediation-impact": "If you need enhanced capabilities within a container, then run it with all the permissions it requires. These should be specified individually." + }, + { + "id": "5.23", + "desc": "Ensure that docker exec commands are not used with the user=root option (Manual)", + "result": "NOTE", + "remediation": "You should not use the --user=root option in docker exec commands.", + "remediation-impact": "None." + }, + { + "id": "5.24", + "desc": "Ensure that cgroup usage is confirmed (Automated)", + "result": "PASS" + }, + { + "id": "5.25", + "desc": "Ensure that the container is restricted from acquiring additional privileges (Automated)", + "result": "PASS", + "details": "Containers without restricted privileges: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should start your container with the options: docker run --rm -it --security-opt=no-new-privileges ubuntu bash", + "remediation-impact": "The no_new_priv option prevents LSMs like SELinux from allowing processes to acquire new privileges." + }, + { + "id": "5.26", + "desc": "Ensure that container health is checked at runtime (Automated)", + "result": "PASS" + }, + { + "id": "5.27", + "desc": "Ensure that Docker commands always make use of the latest version of their image (Manual)", + "result": "PASS", + "remediation": "You should use proper version pinning mechanisms (the tag which is assigned by default is still vulnerable to caching attacks) to avoid extracting cached older versions. Version pinning mechanisms should be used for base images, packages, and entire images. You can customize version pinning rules according to your requirements.", + "remediation-impact": "None." + }, + { + "id": "5.28", + "desc": "Ensure that the PIDs cgroup limit is used (Automated)", + "result": "PASS", + "details": "Containers without PIDs cgroup limit: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Use --pids-limit flag with an appropriate value when launching the container.", + "remediation-impact": "Set the PIDs limit value as appropriate. Incorrect values might leave containers unusable." + }, + { + "id": "5.29", + "desc": "Ensure that Docker's default bridge 'docker0' is not used (Manual)", + "result": "PASS" + }, + { + "id": "5.30", + "desc": "Ensure that the host's user namespaces are not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.31", + "desc": "Ensure that the Docker socket is not mounted inside any containers (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "6", + "desc": "Docker Security Operations", + "results": [ + { + "id": "6.1", + "desc": "Ensure that image sprawl is avoided (Manual)", + "result": "PASS", + "details": "0 active/96 in use", + "remediation": "You should keep only the images that you actually need and establish a workflow to remove old or stale images from the host. Additionally, you should use features such as pull-by-digest to get specific images from the registry.", + "remediation-impact": "docker system prune -a removes all exited containers as well as all images and volumes that are not referenced by running containers, including for UCP and DTR." + }, + { + "id": "6.2", + "desc": "Ensure that container sprawl is avoided (Manual)", + "result": "PASS", + "details": "93 total/1 running", + "remediation": "You should periodically check your container inventory on each host and clean up containers which are not in active use with the command: docker container prune", + "remediation-impact": "You should retain containers that are actively in use, and delete ones which are no longer needed." + } + ] + }, + { + "id": "7", + "desc": "Docker Swarm Configuration", + "results": [ + { + "id": "7.1", + "desc": "Ensure swarm mode is not Enabled, if not needed (Automated)", + "result": "PASS" + }, + { + "id": "7.2", + "desc": "Ensure that the minimum number of manager nodes have been created in a swarm (Automated)", + "result": "PASS" + }, + { + "id": "7.3", + "desc": "Ensure that swarm services are bound to a specific host interface (Automated)", + "result": "PASS" + }, + { + "id": "7.4", + "desc": "Ensure that all Docker swarm overlay networks are encrypted (Automated)", + "result": "PASS" + }, + { + "id": "7.5", + "desc": "Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster (Manual)", + "result": "PASS" + }, + { + "id": "7.6", + "desc": "Ensure that swarm manager is run in auto-lock mode (Automated)", + "result": "PASS" + }, + { + "id": "7.7", + "desc": "Ensure that the swarm manager auto-lock key is rotated periodically (Manual)", + "result": "PASS" + }, + { + "id": "7.8", + "desc": "Ensure that node certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.9", + "desc": "Ensure that CA certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.10", + "desc": "Ensure that management plane traffic is separated from data plane traffic (Manual)", + "result": "PASS" + } + ] + } + ], + "checks": 117, + "score": 6, + "end": 1659371409 +} \ No newline at end of file diff --git a/unittests/scans/dockerbench/docker-bench-report-zero-vulns.json b/unittests/scans/dockerbench/docker-bench-report-zero-vulns.json new file mode 100644 index 00000000000..588008e0ffc --- /dev/null +++ b/unittests/scans/dockerbench/docker-bench-report-zero-vulns.json @@ -0,0 +1,852 @@ +{ + "dockerbenchsecurity": "1.3.6", + "start": 1659371395, + "tests": [ + { + "id": "1", + "desc": "Host Configuration", + "results": [ + { + "id": "1.1.1", + "desc": "Ensure a separate partition for containers has been created (Automated)", + "result": "PASS", + "remediation": "For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition.", + "remediation-impact": "None." + }, + { + "id": "1.1.2", + "desc": "Ensure only trusted users are allowed to control Docker daemon (Automated)", + "result": "PASS", + "details": "doubtfulusers: jubjubbird", + "items": [ + "jubjubbird" + ], + "remediation": "You should remove any untrusted users from the docker group using command sudo gpasswd -d docker or add trusted users to the docker group using command sudo usermod -aG docker . You should not create a mapping of sensitive directories from the host to container volumes.", + "remediation-impact": "Only trust user are allow to build and execute containers as normal user." + }, + { + "id": "1.1.3", + "desc": "Ensure auditing is configured for the Docker daemon (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/dockerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.4", + "desc": "Ensure auditing is configured for Docker files and directories -/run/containerd (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -a exit,always -F path=/run/containerd -F perm=war -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.5", + "desc": "Ensure auditing is configured for Docker files and directories - /var/lib/docker (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "Install auditd. Add -w /var/lib/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.6", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/docker (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.7", + "desc": "Ensure auditing is configured for Docker files and directories - docker.service (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.service -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.8", + "desc": "Ensure auditing is configured for Docker files and directories - containerd.sock (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "Install auditd. Add -w -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.9", + "desc": "Ensure auditing is configured for Docker files and directories - docker.socket (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /lib/systemd/system/docker.socket -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.10", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/default/docker (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/default/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.11", + "desc": "Ensure auditing is configured for Dockerfiles and directories - /etc/docker/daemon.json (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.12", + "desc": "1.1.12 Ensure auditing is configured for Dockerfiles and directories - /etc/containerd/config.toml (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /etc/containerd/config.toml -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.13", + "desc": "Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "Install auditd. Add -w /etc/sysconfig/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.14", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.15", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.16", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v1 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.17", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2 (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/containerd-shim-runc-v2 -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.1.18", + "desc": "Ensure auditing is configured for Docker files and directories - /usr/bin/runc (Automated)", + "result": "PASS", + "remediation": "Install auditd. Add -w /usr/bin/runc -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "remediation-impact": "Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." + }, + { + "id": "1.2.1", + "desc": "Ensure the container host has been Hardened (Manual)", + "result": "PASS", + "remediation": "You may consider various Security Benchmarks for your container host.", + "remediation-impact": "None." + }, + { + "id": "1.2.2", + "desc": "Ensure that the version of Docker is up to date (Manual)", + "result": "PASS", + "details": "Using 20.10.17", + "remediation": "You should monitor versions of Docker releases and make sure your software is updated as required.", + "remediation-impact": "You should perform a risk assessment regarding Docker version updates and review how they may impact your operations." + } + ] + }, + { + "id": "2", + "desc": "Docker daemon configuration", + "results": [ + { + "id": "2.1", + "desc": "Run the Docker daemon as a non-root user, if possible (Manual)", + "result": "PASS", + "remediation": "Follow the current Dockerdocumentation on how to install the Docker daemon as a non-root user.", + "remediation-impact": "There are multiple prerequisites depending on which distribution that is in use, and also known limitations regarding networking and resource limitation. Running in rootless mode also changes the location of any configuration files in use, including all containers using the daemon." + }, + { + "id": "2.2", + "desc": "Ensure network traffic is restricted between containers on the default bridge (Scored)", + "result": "PASS", + "remediation": "Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: icc: false.", + "remediation-impact": "Inter-container communication is disabled on the default network bridge. If any communication between containers on the same host is desired, it needs to be explicitly defined using container linking or custom networks." + }, + { + "id": "2.3", + "desc": "Ensure the logging level is set to 'info' (Scored)", + "result": "PASS" + }, + { + "id": "2.4", + "desc": "Ensure Docker is allowed to make changes to iptables (Scored)", + "result": "PASS" + }, + { + "id": "2.5", + "desc": "Ensure insecure registries are not used (Scored)", + "result": "PASS", + "remediation": "You should ensure that no insecure registries are in use.", + "remediation-impact": "None." + }, + { + "id": "2.6", + "desc": "Ensure aufs storage driver is not used (Scored)", + "result": "PASS" + }, + { + "id": "2.7", + "desc": "Ensure TLS authentication for Docker daemon is configured (Scored)", + "result": "PASS", + "details": "Docker daemon not listening on TCP", + "remediation": "Follow the steps mentioned in the Docker documentation or other references. By default, TLS authentication is not configured.", + "remediation-impact": "You would need to manage and guard certificates and keys for the Docker daemon and Docker clients." + }, + { + "id": "2.8", + "desc": "Ensure the default ulimit is configured appropriately (Manual)", + "result": "PASS", + "details": "Default ulimit doesn't appear to be set", + "remediation": "Run Docker in daemon mode and pass --default-ulimit as option with respective ulimits as appropriate in your environment and in line with your security policy. Example: dockerd --default-ulimit nproc=1024:2048 --default-ulimit nofile=100:200", + "remediation-impact": "If ulimits are set incorrectly this could cause issues with system resources, possibly causing a denial of service condition." + }, + { + "id": "2.9", + "desc": "Enable user namespace support (Scored)", + "result": "PASS", + "remediation": "Please consult the Docker documentation for various ways in which this can be configured depending upon your requirements. The high-level steps are: Ensure that the files /etc/subuid and /etc/subgid exist. Start the docker daemon with --userns-remap flag.", + "remediation-impact": "User namespace remapping is incompatible with a number of Docker features and also currently breaks some of its functionalities." + }, + { + "id": "2.10", + "desc": "Ensure the default cgroup usage has been confirmed (Scored)", + "result": "PASS" + }, + { + "id": "2.11", + "desc": "Ensure base device size is not changed until needed (Scored)", + "result": "PASS" + }, + { + "id": "2.12", + "desc": "Ensure that authorization for Docker client commands is enabled (Scored)", + "result": "PASS", + "remediation": "Install/Create an authorization plugin. Configure the authorization policy as desired. Start the docker daemon using command dockerd --authorization-plugin=", + "remediation-impact": "Each Docker command needs to pass through the authorization plugin mechanism. This may have a performance impact" + }, + { + "id": "2.13", + "desc": "Ensure centralized and remote logging is configured (Scored)", + "result": "PASS", + "remediation": "Set up the desired log driver following its documentation. Start the docker daemon using that logging driver. Example: dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx", + "remediation-impact": "None." + }, + { + "id": "2.14", + "desc": "Ensure containers are restricted from acquiring new privileges (Scored)", + "result": "PASS", + "remediation": "You should run the Docker daemon using command: dockerd --no-new-privileges", + "remediation-impact": "no_new_priv prevents LSMs such as SELinux from escalating the privileges of individual containers." + }, + { + "id": "2.15", + "desc": "Ensure live restore is enabled (Scored)", + "result": "PASS", + "remediation": "Run Docker in daemon mode and pass --live-restore option.", + "remediation-impact": "None." + }, + { + "id": "2.16", + "desc": "Ensure Userland Proxy is Disabled (Scored)", + "result": "PASS", + "remediation": "You should run the Docker daemon using command: dockerd --userland-proxy=false", + "remediation-impact": "Some systems with older Linux kernels may not be able to support hairpin NAT and therefore require the userland proxy service. Also, some networking setups can be impacted by the removal of the userland proxy." + }, + { + "id": "2.17", + "desc": "Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Manual)", + "result": "PASS" + }, + { + "id": "2.18", + "desc": "Ensure that experimental features are not implemented in production (Scored)", + "result": "PASS", + "remediation": "You should not pass --experimental as a runtime parameter to the Docker daemon on production systems.", + "remediation-impact": "None." + } + ] + }, + { + "id": "3", + "desc": "Docker daemon configuration files", + "results": [ + { + "id": "3.1", + "desc": "Ensure that the docker.service file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.2", + "desc": "Ensure that docker.service file permissions are appropriately set (Automated)", + "result": "PASS" + }, + { + "id": "3.3", + "desc": "Ensure that docker.socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.4", + "desc": "Ensure that docker.socket file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.5", + "desc": "Ensure that the /etc/docker directory ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.6", + "desc": "Ensure that /etc/docker directory permissions are set to 755 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.7", + "desc": "Ensure that registry certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "You should run the following command: chown root:root /etc/docker/certs.d//*. This would set the individual ownership and group ownership for the registry certificate files to root.", + "remediation-impact": "None." + }, + { + "id": "3.8", + "desc": "Ensure that registry certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "Directory not found", + "remediation": "You should run the following command: chmod 444 /etc/docker/certs.d//*. This would set the permissions for the registry certificate files to 444.", + "remediation-impact": "None." + }, + { + "id": "3.9", + "desc": "Ensure that TLS CA certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the TLS CA certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.10", + "desc": "Ensure that TLS CA certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "No TLS CA certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions on the TLS CA file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.11", + "desc": "Ensure that Docker server certificate file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and the group ownership for the Docker server certificate file to root.", + "remediation-impact": "None." + }, + { + "id": "3.12", + "desc": "Ensure that the Docker server certificate file permissions are set to 444 or more restrictively (Automated)", + "result": "PASS", + "details": "No TLS Server certificate found", + "remediation": "You should run the following command: chmod 444 . This sets the file permissions of the Docker server certificate file to 444.", + "remediation-impact": "None." + }, + { + "id": "3.13", + "desc": "Ensure that the Docker server certificate key file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "No TLS Key found", + "remediation": "You should run the following command: chown root:root . This sets the individual ownership and group ownership for the Docker server certificate key file to root.", + "remediation-impact": "None." + }, + { + "id": "3.14", + "desc": "Ensure that the Docker server certificate key file permissions are set to 400 (Automated)", + "result": "PASS", + "details": "No TLS Key found", + "remediation": "You should run the following command: chmod 400 . This sets the Docker server certificate key file permissions to 400.", + "remediation-impact": "None." + }, + { + "id": "3.15", + "desc": "Ensure that the Docker socket file ownership is set to root:docker (Automated)", + "result": "PASS" + }, + { + "id": "3.16", + "desc": "Ensure that the Docker socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.17", + "desc": "Ensure that the daemon.json file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.18", + "desc": "Ensure that daemon.json file permissions are set to 644 or more restrictive (Automated)", + "result": "PASS" + }, + { + "id": "3.19", + "desc": "Ensure that the /etc/default/docker file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.20", + "desc": "Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644.", + "remediation-impact": "None." + }, + { + "id": "3.21", + "desc": "Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)", + "result": "PASS", + "details": "File not found", + "remediation": "You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root.", + "remediation-impact": "None." + }, + { + "id": "3.22", + "desc": "Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)", + "result": "PASS" + }, + { + "id": "3.23", + "desc": "Ensure that the Containerd socket file ownership is set to root:root (Automated)", + "result": "PASS" + }, + { + "id": "3.24", + "desc": "Ensure that the Containerd socket file permissions are set to 660 or more restrictively (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "4", + "desc": "Container Images and Build File", + "results": [ + { + "id": "4.1", + "desc": "Ensure that a user for the container has been created (Automated)", + "result": "PASS", + "details": "running as root: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should ensure that the Dockerfile for each container image contains the information: USER . If there is no specific user created in the container base image, then make use of the useradd command to add a specific user before the USER instruction in the Dockerfile.", + "remediation-impact": "Running as a non-root user can present challenges where you wish to bind mount volumes from the underlying host. In this case, care should be taken to ensure that the user running the contained process can read and write to the bound directory, according to their requirements." + }, + { + "id": "4.2", + "desc": "Ensure that containers use only trusted base images (Manual)", + "result": "NOTE", + "remediation": "Configure and use Docker Content trust. View the history of each Docker image to evaluate its risk, dependent on the sensitivity of the application you wish to deploy using it. Scan Docker images for vulnerabilities at regular intervals.", + "remediation-impact": "None." + }, + { + "id": "4.3", + "desc": "Ensure that unnecessary packages are not installed in the container (Manual)", + "result": "NOTE", + "remediation": "You should not install anything within the container that is not required. You should consider using a minimal base image if you can. Some of the options available include BusyBox and Alpine. Not only can this trim your image size considerably, but there would also be fewer pieces of software which could contain vectors for attack.", + "remediation-impact": "None." + }, + { + "id": "4.4", + "desc": "Ensure images are scanned and rebuilt to include security patches (Manual)", + "result": "NOTE", + "remediation": "Images should be re-built ensuring that the latest version of the base images are used, to keep the operating system patch level at an appropriate level. Once the images have been re-built, containers should be re-started making use of the updated images.", + "remediation-impact": "None." + }, + { + "id": "4.5", + "desc": "Ensure Content trust for Docker is Enabled (Automated)", + "result": "PASS", + "remediation": "Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo DOCKER_CONTENT_TRUST=1 | sudo tee -a /etc/environment.", + "remediation-impact": "This prevents users from working with tagged images unless they contain a signature." + }, + { + "id": "4.6", + "desc": "Ensure that HEALTHCHECK instructions have been added to container images (Automated)", + "result": "PASS", + "details": "Images w/o HEALTHCHECK: [wpscanteam/wpscan:latest] [rck:latest] bda1f32ec1e4 2d398157782a 7a8a1063c561 5f19144ab0b6 b10df0cd4a6a a867ff3a3e3c [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] cdcb9ae2d885 [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] 4e41a85f1af2 9262f2a9471b 2678608471c8 8919183187d6 dcce782aa487 184d8bf2f33f d875ec36b2b8 b5642ba43deb [gaportal:latest] 42a381593e41 ce311566f27c 79b0e16c1bad 68f9992d3cc7 14906f200691 4e393dbb9775 6c93966dc5fc 91322ae02f71 291a1f0d5cc1 74c1b9bc803e 927ab68fdca7 37b8ff914d01 35783d794ac1 f492f9238335 829f23a347cd d9f443233c10 e63a0b88ab31 286c369966a5 7f2f6c63605a 7ebb75d84380 4437516aaa14 e07c53151791 8cab67f5ecf4 1ee0fef66b38 4854b36cdf03 29a0d411a79f 77b8748b4973 e174bcfa574e 791989246c84 af05be4786a9 ea60df4d6bbf d0f4b3253e19 663b2cfdd453 a0626498f5c5 80c792ab0ae1 106befd07998 64f17a60cdd1 4927ce6e44b0 053ded55556e f83f7061e501 3f91fefd81f7 56e7c34300a3 40fa96ef3796 db517bb48152 91ea0a45ed64 61d8cd3970fb 456afead8bb9 [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] c51ad89c3650 89361d0f3618 c926bc9b2759 16bf40078206 0144cb47122e 05fa3b295790 e3fe14102ca7 4e9761616248 [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] 23a23dad37db [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [node:16-alpine] [ubuntu:20.04] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [alpine:3.15] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[wpscanteam/wpscan:latest]","[rck:latest]","bda1f32ec1e4","2d398157782a","7a8a1063c561","5f19144ab0b6","b10df0cd4a6a","a867ff3a3e3c","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","cdcb9ae2d885","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","4e41a85f1af2","9262f2a9471b","2678608471c8","8919183187d6","dcce782aa487","184d8bf2f33f","d875ec36b2b8","b5642ba43deb","[gaportal:latest]","42a381593e41","ce311566f27c","79b0e16c1bad","68f9992d3cc7","14906f200691","4e393dbb9775","6c93966dc5fc","91322ae02f71","291a1f0d5cc1","74c1b9bc803e","927ab68fdca7","37b8ff914d01","35783d794ac1","f492f9238335","829f23a347cd","d9f443233c10","e63a0b88ab31","286c369966a5","7f2f6c63605a","7ebb75d84380","4437516aaa14","e07c53151791","8cab67f5ecf4","1ee0fef66b38","4854b36cdf03","29a0d411a79f","77b8748b4973","e174bcfa574e","791989246c84","af05be4786a9","ea60df4d6bbf","d0f4b3253e19","663b2cfdd453","a0626498f5c5","80c792ab0ae1","106befd07998","64f17a60cdd1","4927ce6e44b0","053ded55556e","f83f7061e501","3f91fefd81f7","56e7c34300a3","40fa96ef3796","db517bb48152","91ea0a45ed64","61d8cd3970fb","456afead8bb9","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","c51ad89c3650","89361d0f3618","c926bc9b2759","16bf40078206","0144cb47122e","05fa3b295790","e3fe14102ca7","4e9761616248","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","23a23dad37db","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[node:16-alpine]","[ubuntu:20.04]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[alpine:3.15]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should follow the Docker documentation and rebuild your container images to include the HEALTHCHECK instruction.", + "remediation-impact": "None." + }, + { + "id": "4.7", + "desc": "Ensure update instructions are not used alone in the Dockerfile (Manual)", + "result": "PASS", + "details": "Update instructions found: [rck:latest] [tomcat:9.0-jre8] [tomcat:10.1.0-M12-jdk11-openjdk-buster] [10.126.120.118:9090/cm-portal/python-openldap:3.8] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.103.151:9090/mitre/mitreattack:latest mitreattack:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [10.126.120.118:9090/mitre/mitrenav:latest mitrenav:latest] [gaportal:latest] [python:3.8] [python:3.9] [node:16] [maxasut/python-installer:linux] [python:3.9-buster] [10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1 10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest] [mobsf_mobsf:latest] [postgres:latest] [bellsoft/liberica-openjdk-debian:8u312-7] [python:3.8-buster] [cyclonedx/cyclonedx-dotnet:latest] [oscarakaelvis/evil-winrm:latest] [fedora:30]", + "items": [ + "[rck:latest]","[tomcat:9.0-jre8]","[tomcat:10.1.0-M12-jdk11-openjdk-buster]","[10.126.120.118:9090/cm-portal/python-openldap:3.8]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.103.151:9090/mitre/mitreattack:latest","mitreattack:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[10.126.120.118:9090/mitre/mitrenav:latest","mitrenav:latest]","[gaportal:latest]","[python:3.8]","[python:3.9]","[node:16]","[maxasut/python-installer:linux]","[python:3.9-buster]","[10.126.120.118:9092/rbpo/builder/liberica-8-maven-3.8.4:1.0.1]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:1.0.1","10.126.103.151:9091/rbpo/builder/liberica-8-maven-3.8.4:latest]","[mobsf_mobsf:latest]","[postgres:latest]","[bellsoft/liberica-openjdk-debian:8u312-7]","[python:3.8-buster]","[cyclonedx/cyclonedx-dotnet:latest]","[oscarakaelvis/evil-winrm:latest]","[fedora:30]" + ], + "remediation": "You should use update instructions together with install instructions and version pinning for packages while installing them. This prevent caching and force the extraction of the required versions. Alternatively, you could use the --no-cache flag during the docker build process to avoid using cached layers.", + "remediation-impact": "None." + }, + { + "id": "4.8", + "desc": "Ensure setuid and setgid permissions are removed (Manual)", + "result": "NOTE", + "remediation": "You should allow setuid and setgid permissions only on executables which require them. You could remove these permissions at build time by adding the following command in your Dockerfile, preferably towards the end of the Dockerfile: RUN find / -perm /6000 -type f -exec chmod a-s {} ; || true", + "remediation-impact": "The above command would break all executables that depend on setuid or setgid permissions including legitimate ones. You should therefore be careful to modify the command to suit your requirements so that it does not reduce the permissions of legitimate programs excessively. Because of this, you should exercise a degree of caution and examine all processes carefully before making this type of modification in order to avoid outages." + }, + { + "id": "4.9", + "desc": "Ensure that COPY is used instead of ADD in Dockerfiles (Manual)", + "result": "PASS", + "details": "Images using ADD: [fedora:30]", + "items": [ + "[fedora:30]" + ], + "remediation": "You should use COPY rather than ADD instructions in Dockerfiles.", + "remediation-impact": "Care needs to be taken in implementing this control if the application requires functionality that is part of the ADD instruction, for example, if you need to retrieve files from remote URLS." + }, + { + "id": "4.10", + "desc": "Ensure secrets are not stored in Dockerfiles (Manual)", + "result": "NOTE", + "remediation": "Do not store any kind of secrets within Dockerfiles. Where secrets are required during the build process, make use of a secrets management tool, such as the buildkit builder included with Docker.", + "remediation-impact": "A proper secrets management process will be required for Docker image building." + }, + { + "id": "4.11", + "desc": "Ensure only verified packages are installed (Manual)", + "result": "NOTE", + "remediation": "You should use a secure package distribution mechanism of your choice to ensure the authenticity of software packages.", + "remediation-impact": "None." + }, + { + "id": "4.12", + "desc": "Ensure all signed artifacts are validated (Manual)", + "result": "NOTE", + "remediation": "Validate artifacts signatures before uploading to the package registry.", + "remediation-impact": "None." + } + ] + }, + { + "id": "5", + "desc": "Container Runtime", + "results": [ + { + "id": "5.1", + "desc": "Ensure that, if applicable, an AppArmor Profile is enabled (Automated)", + "result": "PASS" + }, + { + "id": "5.2", + "desc": "Ensure that, if applicable, SELinux security options are set (Automated)", + "result": "PASS", + "details": "Containers with no SecurityOptions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Set the SELinux State. Set the SELinux Policy. Create or import a SELinux policy template for Docker containers. Start Docker in daemon mode with SELinux enabled. Start your Docker container using the security options.", + "remediation-impact": "Any restrictions defined in the SELinux policy will be applied to your containers. It should be noted that if your SELinux policy is misconfigured, this may have an impact on the correct operation of the affected containers." + }, + { + "id": "5.3", + "desc": "Ensure that Linux kernel capabilities are restricted within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.4", + "desc": "Ensure that privileged containers are not used (Automated)", + "result": "PASS" + }, + { + "id": "5.5", + "desc": "Ensure sensitive host system directories are not mounted on containers (Automated)", + "result": "PASS" + }, + { + "id": "5.6", + "desc": "Ensure sshd is not run within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.7", + "desc": "Ensure privileged ports are not mapped within containers (Automated)", + "result": "PASS" + }, + { + "id": "5.8", + "desc": "Ensure that only needed ports are open on the container (Manual)", + "result": "PASS", + "details": "Containers with open ports: mobsf_postgres_1:5432", + "items": [ + "mobsf_postgres_1:5432" + ], + "remediation": "You should ensure that the Dockerfile for each container image only exposes needed ports.", + "remediation-impact": "None." + }, + { + "id": "5.9", + "desc": "Ensure that the host's network namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.10", + "desc": "Ensure that the memory usage for containers is limited (Automated)", + "result": "PASS", + "details": "Container running without memory restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should run the container with only as much memory as it requires by using the --memory argument.", + "remediation-impact": "If correct memory limits are not set on each container, one process can expand its usage and cause other containers to run out of resources." + }, + { + "id": "5.11", + "desc": "Ensure that CPU priority is set appropriately on containers (Automated)", + "result": "PASS", + "details": "Containers running without CPU restrictions: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should manage the CPU runtime between your containers dependent on their priority within your organization. To do so start the container using the --cpu-shares argument.", + "remediation-impact": "If you do not correctly assign CPU thresholds, the container process may run out of resources and become unresponsive. If CPU resources on the host are not constrainted, CPU shares do not place any restrictions on individual resources." + }, + { + "id": "5.12", + "desc": "Ensure that the container's root filesystem is mounted as read only (Automated)", + "result": "PASS", + "details": "Containers running with root FS mounted R/W: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should add a --read-only flag at a container's runtime to enforce the container's root filesystem being mounted as read only.", + "remediation-impact": "Enabling --read-only at container runtime may break some container OS packages if a data writing strategy is not defined. You should define what the container's data should and should not persist at runtime in order to decide which strategy to use." + }, + { + "id": "5.13", + "desc": "Ensure that incoming container traffic is bound to a specific host interface (Automated)", + "result": "PASS", + "details": "Containers with port bound to wildcard IP: mobsf_postgres_1:0.0.0.0", + "items": [ + "mobsf_postgres_1:0.0.0.0" + ], + "remediation": "You should bind the container port to a specific host interface on the desired host port. Example: docker run --detach --publish 10.2.3.4:49153:80 nginx In this example, the container port 80 is bound to the host port on 49153 and would accept incoming connection only from the 10.2.3.4 external interface.", + "remediation-impact": "None." + }, + { + "id": "5.14", + "desc": "Ensure that the 'on-failure' container restart policy is set to '5' (Automated)", + "result": "PASS", + "details": "Containers with MaximumRetryCount not set to 5: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "If you wish a container to be automatically restarted, a sample command is docker run --detach --restart=on-failure:5 nginx", + "remediation-impact": "If this option is set, a container will only attempt to restart itself 5 times." + }, + { + "id": "5.15", + "desc": "Ensure that the host's process namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.16", + "desc": "Ensure that the host's IPC namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.17", + "desc": "Ensure that host devices are not directly exposed to containers (Manual)", + "result": "PASS" + }, + { + "id": "5.18", + "desc": "Ensure that the default ulimit is overwritten at runtime if needed (Manual)", + "result": "PASS", + "details": "Containers with no default ulimit override: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should only override the default ulimit settings if needed in a specific case.", + "remediation-impact": "If ulimits are not set correctly, overutilization by individual containers could make the host system unusable." + }, + { + "id": "5.19", + "desc": "Ensure mount propagation mode is not set to shared (Automated)", + "result": "PASS" + }, + { + "id": "5.20", + "desc": "Ensure that the host's UTS namespace is not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.21", + "desc": "Ensure the default seccomp profile is not Disabled (Automated)", + "result": "PASS" + }, + { + "id": "5.22", + "desc": "Ensure that docker exec commands are not used with the privileged option (Automated)", + "result": "PASS", + "remediation": "You should not use the --privileged option in docker exec commands.", + "remediation-impact": "If you need enhanced capabilities within a container, then run it with all the permissions it requires. These should be specified individually." + }, + { + "id": "5.23", + "desc": "Ensure that docker exec commands are not used with the user=root option (Manual)", + "result": "NOTE", + "remediation": "You should not use the --user=root option in docker exec commands.", + "remediation-impact": "None." + }, + { + "id": "5.24", + "desc": "Ensure that cgroup usage is confirmed (Automated)", + "result": "PASS" + }, + { + "id": "5.25", + "desc": "Ensure that the container is restricted from acquiring additional privileges (Automated)", + "result": "PASS", + "details": "Containers without restricted privileges: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "You should start your container with the options: docker run --rm -it --security-opt=no-new-privileges ubuntu bash", + "remediation-impact": "The no_new_priv option prevents LSMs like SELinux from allowing processes to acquire new privileges." + }, + { + "id": "5.26", + "desc": "Ensure that container health is checked at runtime (Automated)", + "result": "PASS" + }, + { + "id": "5.27", + "desc": "Ensure that Docker commands always make use of the latest version of their image (Manual)", + "result": "PASS", + "remediation": "You should use proper version pinning mechanisms (the tag which is assigned by default is still vulnerable to caching attacks) to avoid extracting cached older versions. Version pinning mechanisms should be used for base images, packages, and entire images. You can customize version pinning rules according to your requirements.", + "remediation-impact": "None." + }, + { + "id": "5.28", + "desc": "Ensure that the PIDs cgroup limit is used (Automated)", + "result": "PASS", + "details": "Containers without PIDs cgroup limit: mobsf_postgres_1", + "items": [ + "mobsf_postgres_1" + ], + "remediation": "Use --pids-limit flag with an appropriate value when launching the container.", + "remediation-impact": "Set the PIDs limit value as appropriate. Incorrect values might leave containers unusable." + }, + { + "id": "5.29", + "desc": "Ensure that Docker's default bridge 'docker0' is not used (Manual)", + "result": "PASS" + }, + { + "id": "5.30", + "desc": "Ensure that the host's user namespaces are not shared (Automated)", + "result": "PASS" + }, + { + "id": "5.31", + "desc": "Ensure that the Docker socket is not mounted inside any containers (Automated)", + "result": "PASS" + } + ] + }, + { + "id": "6", + "desc": "Docker Security Operations", + "results": [ + { + "id": "6.1", + "desc": "Ensure that image sprawl is avoided (Manual)", + "result": "PASS", + "details": "0 active/96 in use", + "remediation": "You should keep only the images that you actually need and establish a workflow to remove old or stale images from the host. Additionally, you should use features such as pull-by-digest to get specific images from the registry.", + "remediation-impact": "docker system prune -a removes all exited containers as well as all images and volumes that are not referenced by running containers, including for UCP and DTR." + }, + { + "id": "6.2", + "desc": "Ensure that container sprawl is avoided (Manual)", + "result": "PASS", + "details": "93 total/1 running", + "remediation": "You should periodically check your container inventory on each host and clean up containers which are not in active use with the command: docker container prune", + "remediation-impact": "You should retain containers that are actively in use, and delete ones which are no longer needed." + } + ] + }, + { + "id": "7", + "desc": "Docker Swarm Configuration", + "results": [ + { + "id": "7.1", + "desc": "Ensure swarm mode is not Enabled, if not needed (Automated)", + "result": "PASS" + }, + { + "id": "7.2", + "desc": "Ensure that the minimum number of manager nodes have been created in a swarm (Automated)", + "result": "PASS" + }, + { + "id": "7.3", + "desc": "Ensure that swarm services are bound to a specific host interface (Automated)", + "result": "PASS" + }, + { + "id": "7.4", + "desc": "Ensure that all Docker swarm overlay networks are encrypted (Automated)", + "result": "PASS" + }, + { + "id": "7.5", + "desc": "Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster (Manual)", + "result": "PASS" + }, + { + "id": "7.6", + "desc": "Ensure that swarm manager is run in auto-lock mode (Automated)", + "result": "PASS" + }, + { + "id": "7.7", + "desc": "Ensure that the swarm manager auto-lock key is rotated periodically (Manual)", + "result": "PASS" + }, + { + "id": "7.8", + "desc": "Ensure that node certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.9", + "desc": "Ensure that CA certificates are rotated as appropriate (Manual)", + "result": "PASS" + }, + { + "id": "7.10", + "desc": "Ensure that management plane traffic is separated from data plane traffic (Manual)", + "result": "PASS" + } + ] + } + ], + "checks": 117, + "score": 6, + "end": 1659371409 +} \ No newline at end of file diff --git a/unittests/scans/drheader/multiple_urls.json b/unittests/scans/drheader/multiple_urls.json new file mode 100644 index 00000000000..25eb4b3f286 --- /dev/null +++ b/unittests/scans/drheader/multiple_urls.json @@ -0,0 +1,44 @@ +[ + { + "url": "https://example.com", + "report": [ + { + "rule": "Content-Security-Policy", + "message": "Header not included in response", + "severity": "high" + }, + { + "rule": "Pragma", + "message": "Header not included in response", + "severity": "high", + "expected": [ + "no-cache" + ] + } + ] + }, + { + "url": "http://example2.com", + "report": [ + { + "rule": "X-Frame-Options", + "message": "Header not included in response", + "severity": "high", + "expected": [ + "DENY", + "SAMEORIGIN" + ] + }, + { + "rule": "X-XSS-Protection", + "message": "Header not included in response", + "severity": "high", + "expected": [ + "1", + "mode=block" + ], + "delimiter": ";" + } + ] + } +] diff --git a/unittests/scans/drheader/no_vulns.json b/unittests/scans/drheader/no_vulns.json new file mode 100644 index 00000000000..e69de29bb2d diff --git a/unittests/scans/fortify/issue6082.xml b/unittests/scans/fortify/issue6082.xml new file mode 100644 index 00000000000..ee09b6dff56 --- /dev/null +++ b/unittests/scans/fortify/issue6082.xml @@ -0,0 +1,396 @@ + + + Fortify Security Report + + /MF_logo.png + Copyright 2022 Micro Focus or one of its affiliates. + + + Executive Summary + + Issues Overview + This section provides an overview of the issues uncovered during analysis. The report covers a summary of vulnerability categories discovered by the tool. The auditor should augment this section with higher-level conclusions derived from human review of the application (including architecture reviews, black-box testing, compliance issues, etc.) + On Jan 4, 2023, a source code review was performed over the javaWebApp code base. 15 files, 126 LOC (Executable) were scanned and reviewed for defects that could lead to potential security vulnerabilities. A total of 22 reviewed findings were uncovered during the analysis. + + + Issue Summary by Fortify Priority Order + A table summarizing the number of issues found and the breakdown of issues in each Fortify Priority Level + + + + Fortify Priority Order + Analysis + + Low + + + High + + + + + + Recommendations and Conclusions + This section gives some high-level recommendations on remediating the issues discussed in the Issues Summary sub section. Recommendations will vary based on deployment scenarios, risk appetite, and existing mitigating strategies. The auditor should supplement the Fortify generic recommendations with specific information that takes into account the application specific variables. + The Issues Category section provides Fortify recommendations for addressing issues at a generic level. The recommendations for specific fixes can be extrapolated from those generic recommendations by the development group. + + + + Project Summary + + Code Base Summary + Summary of the Codebase that was analyzed + Code location: C:/Fortify/Fortify_SCA_and_Apps_22.1.0/Samples/advanced/javaWebApp/LoginProject +Number of Files: 15 +Lines of Code: 126 +Build Label: <No Build Label> + + + Scan Information + Details of the analysis + Scan time: 01:14 +SCA Engine version: 22.1.0.0166 +Machine Name: LT094139 +Username running scan: n170294 + + + Results Certification + A full summary of the Results Certification for this project + Results Certification Valid + +Details: + +Results Signature: + + SCA Analysis Results has Valid signature + + +Rules Signature: + + There were no custom rules used in this scan + + + Attack Surface + A full summary of the attack surface for this project + Attack Surface: +System Information: + null.null.null + +Web: + null.null.null + + + + Filter Set Summary + A brief summary of the filterset used to create this report + Current Enabled Filter Set: +Security Auditor View + +Filter Set Details: + +Folder Filters: +If [fortify priority order] contains critical Then set folder to Critical +If [fortify priority order] contains high Then set folder to High +If [fortify priority order] contains medium Then set folder to Medium +If [fortify priority order] contains low Then set folder to Low + + + Audit Guide Summary + Summary of the impact of the audit guide + Audit guide not enabled + + + + Results Outline + + Overall number of results + Results count + The scan found 22 issues. + + + Vulnerability Examples by Category + Results summary for critical and high priority issues. Vulnerability examples are provided by category. + + [fortify priority order]:critical OR [fortify priority order]:high + + Category + Analysis + + Privacy Violation: Autocomplete + + +Abstract +The form in login.html uses autocompletion on line 19, which allows some browsers to retain sensitive information in their history. + + +Explanation +With autocompletion enabled, some browsers retain user input across sessions, which could allow someone using the computer after the initial user to see information previously submitted. + + +Recommendations +Explicitly disable autocompletion on forms or sensitive inputs. By disabling autocompletion, information previously entered will not be presented back to the user as they type. It will also disable the "remember my password" functionality of most major browsers. + +Example 1: In an HTML form, disable autocompletion for all input fields by explicitly setting the value of the autocomplete attribute to off on the form tag. + + + <form method="post" autocomplete="off"> + Address: <input name="address" /> + Password: <input name="password" type="password" /> + </form> + + +Example 2: Alternatively, disable autocompletion for specific input fields by explicitly setting the value of the autocomplete attribute to off on the corresponding tags. + + + <form method="post"> + Address: <input name="address" /> + Password: <input name="password" type="password" autocomplete="off"/> + </form> + + +Note that the default value of the autocomplete attributed is on. Therefore do not omit the attribute when dealing with sensitive inputs. + + +<Unaudited> +0 + + +Not an Issue +4 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Privacy Violation: Autocomplete + High + Security Features + The form in login.html uses autocompletion on line 19, which allows some browsers to retain sensitive information in their history. + High + +Analysis +Not an Issue + + +Severity +High + + +Date +2023-01-04 + + +login.html +login.html +19 + <center>用户登录</center><br/><br/> + USER: <br/> <input type="text" name="user"></input><br/><br/> + PASS: <br/><input type="password" name="pass"></input> + <br/> + <br/> +null() + + + + + Unreleased Resource: Database + + +Abstract +The function contextInitialized() in MyContextListener.java sometimes fails to release a database resource allocated by getConnection() on line 28. + + +Explanation +Resource leaks have at least two common causes: + +- Error conditions and other exceptional circumstances. + +- Confusion over which part of the program is responsible for releasing the resource. + +Most unreleased resource issues result in general software reliability problems. However, if an attacker can intentionally trigger a resource leak, the attacker may be able to launch a denial of service attack by depleting the resource pool. + +Example: Under normal conditions, the following code executes a database query, processes the results returned by the database, and closes the allocated statement object. But if an exception occurs while executing the SQL or processing the results, the statement object will not be closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries. + + Statement stmt = conn.createStatement(); + ResultSet rs = stmt.executeQuery(CXN_SQL); + harvestResults(rs); + stmt.close(); + + + + +Recommendations +1. Never rely on finalize() to reclaim resources. In order for an object's finalize() method to be invoked, the garbage collector must determine that the object is eligible for garbage collection. Because the garbage collector is not required to run unless the JVM is low on memory, there is no guarantee that an object's finalize() method will be invoked in an expedient fashion. When the garbage collector finally does run, it may cause a large number of resources to be reclaimed in a short period of time, which can lead to "bursty" performance and lower overall system throughput. This effect becomes more pronounced as the load on the system increases. + +Finally, if it is possible for a resource reclamation operation to hang (if it requires communicating over a network to a database, for example), then the thread that is executing the finalize() method will hang. + +2. Release resources in a finally block. The code for the Example should be rewritten as follows: + + + public void execCxnSql(Connection conn) { + Statement stmt; + try { + stmt = conn.createStatement(); + ResultSet rs = stmt.executeQuery(CXN_SQL); + ... + } + finally { + if (stmt != null) { + safeClose(stmt); + } + } +} + +public static void safeClose(Statement stmt) { + if (stmt != null) { + try { + stmt.close(); + } catch (SQLException e) { + log(e); + } + } +} + + +This solution uses a helper function to log the exceptions that might occur when trying to close the statement. Presumably this helper function will be reused whenever a statement needs to be closed. + +Also, the execCxnSql method does not initialize the stmt object to null. Instead, it checks to ensure that stmt is not null before calling safeClose(). Without the null check, the Java compiler reports that stmt might not be initialized. This choice takes advantage of Java's ability to detect uninitialized variables. If stmt is initialized to null in a more complex method, cases in which stmt is used without being initialized will not be detected by the compiler. + + +Tips +1. Be aware that closing a database connection may or may not automatically free other resources associated with the connection object. If the application uses connection pooling, it is best to explicitly close the other resources after the connection is closed. If the application is not using connection pooling, the other resources are automatically closed when the database connection is closed. In such a case, this vulnerability is invalid. + + +<Unaudited> +0 + + +Not an Issue +1 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Unreleased Resource: Database + High + Code Quality + The function contextInitialized() in MyContextListener.java sometimes fails to release a database resource allocated by getConnection() on line 28. + High + +Analysis +Not an Issue + + +Severity +High + + +Date +2023-01-04 + + +MyContextListener.java +src/adrui/MyContextListener.java +28 + try{ + Class.forName(driver);//加载驱动程åº�ç±», 高版本jdbcå�¯ä»¥çœ�去, 相关å�¯è‡ªè¡Œç™¾åº¦ + Connection conn = DriverManager.getConnection(url, user, pass); + sc.setAttribute("conn", conn); + System.out.println("Connect Succeed!"); +conn = getConnection(...) + + + + + + + + + Issue Count by Category + + Issues By Category + + + + Category + Analysis + + Privacy Violation: Autocomplete + + + Cross-Site Request Forgery + + + Poor Error Handling: Overly Broad Catch + + + Poor Logging Practice: Use of a System Output Stream + + + System Information Leak + + + SQL Injection + + + J2EE Bad Practices: getConnection() + + + J2EE Misconfiguration: Excessive Session Timeout + + + J2EE Misconfiguration: Missing Error Handling + + + Unreleased Resource: Database + + + + + + + Issue Breakdown by Analysis + + Issue by Analysis + + + + Analysis + Analysis + + Not an Issue + + + + + + diff --git a/unittests/scans/fortify/issue6260.xml b/unittests/scans/fortify/issue6260.xml new file mode 100644 index 00000000000..a070e665590 --- /dev/null +++ b/unittests/scans/fortify/issue6260.xml @@ -0,0 +1,1832 @@ + + + Fortify Security Report + + /MF_logo.jpg + Copyright 2018 Micro Focus or one of its affiliates. + + + Executive Summary + + Issues Overview + This section provides an overview of the issues uncovered during analysis. The report covers a summary of vulnerability categories discovered by the tool. The auditor should augment this section with higher-level conclusions derived from human review of the application (including architecture reviews, black-box testing, compliance issues, etc.) + On 2022-5-9, a source code review was performed over the untitile code base. 7 files, 29 LOC (Executable) were scanned and reviewed for defects that could lead to potential security vulnerabilities. A total of 16 reviewed findings were uncovered during the analysis. + + + Issue Summary by Fortify Priority Order + A table summarizing the number of issues found and the breakdown of issues in each Fortify Priority Level + + + + Fortify Priority Order + Analysis + + Low + + + High + + + + + + Recommendations and Conclusions + This section gives some high-level recommendations on remediating the issues discussed in the Issues Summary sub section. Recommendations will vary based on deployment scenarios, risk appetite, and existing mitigating strategies. The auditor should supplement the Fortify generic recommendations with specific information that takes into account the application specific variables. + The Issues Category section provides Fortify recommendations for addressing issues at a generic level. The recommendations for specific fixes can be extrapolated from those generic recommendations by the development group. + + + + Project Summary + + Code Base Summary + Summary of the Codebase that was analyzed + Code location: D:/code/cecloud_code/untitled1 +Number of Files: 7 +Lines of Code: 29 +Build Label: <No Build Label> + + + Scan Information + Details of the analysis + Scan time: 00:11 +SCA Engine version: 20.1.1.0007 +Machine Name: LAPTOP-R8EIHNHP +Username running scan: admin + + + Results Certification + A full summary of the Results Certification for this project + Results Certification Valid + +Details: + +Results Signature: + + SCA Analysis Results has Valid signature + + +Rules Signature: + + There were no custom rules used in this scan + + + Attack Surface + A full summary of the attack surface for this project + Attack Surface: +Command Line Arguments: + null.command.main + +System Information: + null.null.null + + + + Filter Set Summary + A brief summary of the filterset used to create this report + Current Enabled Filter Set: +Security Auditor View + +Filter Set Details: + +Folder Filters: +If [fortify priority order] contains critical Then set folder to Critical +If [fortify priority order] contains high Then set folder to High +If [fortify priority order] contains medium Then set folder to Medium +If [fortify priority order] contains low Then set folder to Low + + + Audit Guide Summary + Summary of the impact of the audit guide + Audit guide not enabled + + + + Results Outline + + Overall number of results + Results count + The scan found 16 issues. + + + Vulnerability Examples by Category + Results summary for critical and high priority issues. Vulnerability examples are provided by category. + + + + Category + Analysis + + Command Injection + + +Abstract +command.java 中的 callCmd() 方法会利用由不可信赖的数据构建的命令来调用 exec()。这种调用会导致程序以攻击者的名义执行恶意命令。 + + +Explanation +Command Injection 漏洞主要表现为以下两种形式: + +- 攻击者能够篡改程序执行的命令:攻击者直接控制了所执行的命令。 + +- 攻击者能够篡改命令的执行环境:攻击者间接地控制了所执行的命令。 + +在这种情况下,我们着重关注第一种情况,即攻击者有可能控制所执行命令。这种类型的 Command Injection 漏洞会在以下情况下出现: + +1. 数据从不可信赖的数据源进入应用程序。 + + +2. 数据被用作代表应用程序所执行命令的字符串,或字符串的一部分。 + +3. 通过命令的执行,应用程序会授予攻击者一种原本不该拥有的特权或能力。 + +例 1:下面这段来自系统实用程序的代码根据系统属性 APPHOME 来决定其安装目录,然后根据指定目录的相对路径执行一个初始化脚本。 + + + ... + String home = System.getProperty("APPHOME"); + String cmd = home + INITCMD; + java.lang.Runtime.getRuntime().exec(cmd); + ... + + +Example 1 中的代码可以使攻击者通过修改系统属性 APPHOME 以指向包含恶意版本 INITCMD 的其他路径来提高自己在应用程序中的权限,继而随心所欲地执行命令。由于程序不会验证从环境中读取的值,因此如果攻击者能够控制系统属性 APPHOME 的值,他们就能欺骗应用程序去运行恶意代码,从而取得系统控制权。 + +例 2:下面的代码来自一个管理 Web 应用程序,旨在使用户能够使用一个围绕 rman 实用程序的批处理文件封装器来启动 Oracle 数据库备份,然后运行一个 cleanup.bat 脚本来删除一些临时文件。脚本 rmanDB.bat 接受单个命令行参数,该参数指定了要执行的备份类型。由于访问数据库受限,所以应用程序执行备份需要具有较高权限的用户。 + + +... +String btype = request.getParameter("backuptype"); +String cmd = new String("cmd.exe /K +\"c:\\util\\rmanDB.bat "+btype+"&&c:\\util\\cleanup.bat\"") +System.Runtime.getRuntime().exec(cmd); +... + + +这里的问题是:程序没有对读取自用户的 backuptype参数进行任何验证。通常情况下 Runtime.exec() 函数不会执行多条命令,但在这种情况下,程序会首先运行 cmd.exe shell,从而可以通过调用一次 Runtime.exec() 来执行多条命令。在调用该 shell 之后,它即会允许执行用两个与号分隔的多条命令。如果攻击者传递了一个形式为 "&& del c:\\dbms\\*.*" 的字符串,那么应用程序将随程序指定的其他命令一起执行此命令。由于该应用程序的特性,运行该应用程序需要具备与数据库进行交互所需的权限,这就意味着攻击者注入的任何命令都将通过这些权限得以运行。 + +示例 3:下面的代码来自一个 Web 应用程序,用户可通过该应用程序提供的界面在系统上更新他们的密码。在某些网络环境中更新密码时,其中的一个步骤就是在 /var/yp 目录中运行 make 命令。 + + +... +System.Runtime.getRuntime().exec("make"); +... + + +这里的问题在于程序没有在它的构造中指定一个绝对路径,并且没能在执行 Runtime.exec() 调用前清除它的环境变量。如果攻击者能够修改 $PATH 变量,把它指向名为 make 恶意二进制代码,程序就会在其指定的环境下执行,然后加载该恶意二进制代码,而非原本期望的代码。由于应用程序自身的特性,运行该应用程序需要具备执行系统操作所需的权限,这意味着攻击者会利用这些权限执行自己的 make,从而可能导致攻击者完全控制系统。 + +有些人认为在移动世界中,典型的漏洞(如 Command Injection)是无意义的 -- 为什么用户要攻击自己?但是,谨记移动平台的本质是从各种来源下载并在相同设备上运行的应用程序。恶意软件在银行应用程序附近运行的可能性很高,它们会强制扩展移动应用程序的攻击面(包括跨进程通信)。 + +例 4:以下代码可从 Android Intent 中读取要执行的命令。 + + +... + String[] cmds = this.getIntent().getStringArrayExtra("commands"); + Process p = Runtime.getRuntime().exec("su"); + DataOutputStream os = new DataOutputStream(p.getOutputStream()); + for (String cmd : cmds) { + os.writeBytes(cmd+"\n"); + } + os.writeBytes("exit\n"); + os.flush(); +... + + +在经过 root 的设备上,恶意应用程序会强迫受攻击应用程序使用超级用户权限执行任意命令。 + + +Recommendations +应当禁止用户直接控制由程序执行的命令。在用户的输入会影响命令执行的情况下,应将用户输入限制为从预定的安全命令集合中进行选择。如果输入中出现了恶意的内容,传递到命令执行函数的值将默认从安全命令集合中选择,或者程序将拒绝执行任何命令。 + +在需要将用户的输入用作程序命令中的参数时,由于合法的参数集合实在很大,或是难以跟踪,使得这个方法通常都不切实际。开发者通常的做法是使用黑名单。在输入之前,黑名单会有选择地拒绝或避免潜在的危险字符。但是,任何一个定义不安全内容的列表都很可能是不完整的,并且会严重地依赖于执行命令的环境。更好的方法是创建一份白名单,允许其中的字符出现在输入中,并且只接受完全由这些经认可的字符组成的输入。 + +攻击者可以通过修改程序运行命令的环境来间接控制这些命令的执行。我们不应当完全信赖环境,还需采取预防措施,防止攻击者利用某些控制环境的手段进行攻击。无论何时,只要有可能,都应由应用程序来控制命令,并使用绝对路径执行命令。如果编译时尚不了解路径(如在跨平台应用程序中),应该在执行过程中利用可信赖的值构建一个绝对路径。应对照一系列定义有效值的常量,仔细地检查从配置文件或者环境中读取的命令值和路径。 + +有时还可以执行其他检验,以检查这些来源是否已被恶意篡改。例如,如果一个配置文件为可写,程序可能会拒绝运行。如果能够预先得知有关要执行的二进制代码的信息,程序就会进行检测,以检验这个二进制代码的合法性。如果一个二进制代码始终属于某个特定的用户,或者被指定了一组特定的访问权限,这些属性就会在执行二进制代码前通过程序进行检验。 + +尽管可能无法完全阻止强大的攻击者为了控制程序执行的命令而对系统进行的攻击,但只要程序执行外部命令,就务必使用最小授权原则:不给予超过执行该命令所必需的权限。 + + +Tips +1. 许多现代 Web 框架都会提供对用户输入执行验证的机制(包括 Struts 和 Spring MVC)。为了突出显示未经验证的输入源,Fortify 安全编码规则包会对 Fortify Static Code Analyzer(Fortify 静态代码分析器)报告的问题动态重新调整优先级,即在采用框架验证机制时降低这些问题被利用的几率并提供指向相应证据的指针。我们将这种功能称之为上下文敏感排序。为了进一步帮助 Fortify 用户执行审计过程,Fortify 软件安全研究团队开发了 Data Validation(数据验证)项目模板,该模板根据应用于输入源的验证机制按文件夹对问题进行了分组。 + +2. Fortify RTA adds protection against this category. + + +<Unaudited> +5 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Command Injection + Low + Input Validation and Representation + command.java 中的 main() 方法调用 ProcessBuilder() 来执行命令。通过这种调用,攻击者可能会向应用程序中注入恶意命令。 + Low + +command.java +src/main/java/command.java +40 + String line = ""; + try { + ProcessBuilder processBuilder = new ProcessBuilder(); + cmt.validate(args[0]); + Process proc = processBuilder.command(args[0]).start(); +ProcessBuilder() + + + + Command Injection + High + Input Validation and Representation + command.java 中的 main() 方法会利用由不可信赖的数据构建的命令来调用 exec()。这种调用会导致程序以攻击者的名义执行恶意命令。 + High + +command.java +src/main/java/command.java +55 + } + String[][] cmd = {args, args}; + Process proc = Runtime.getRuntime().exec(args); + + String s = cmt.callCmd(cmd); +java.lang.Runtime.exec() + + +command.java +src/main/java/command.java +33 + return result; + } + public static void main(String[] args) throws IOException { + + +main(0) + + + + Command Injection + High + Input Validation and Representation + command.java 中的 callCmd() 方法会利用由不可信赖的数据构建的命令来调用 exec()。这种调用会导致程序以攻击者的名义执行恶意命令。 + High + +command.java +src/main/java/command.java +21 + try { + for (int i = 0;i <cmd.length ;i++) { + Process proc = Runtime.getRuntime().exec(cmd[i]); + InputStreamReader is = new InputStreamReader(proc.getInputStream()); + BufferedReader br = new BufferedReader(is); +java.lang.Runtime.exec() + + +command.java +src/main/java/command.java +33 + return result; + } + public static void main(String[] args) throws IOException { + + +main(0) + + + + Command Injection + High + Input Validation and Representation + command.java 中的 main() 方法会利用由不可信赖的数据构建的命令来调用 command()。这种调用会导致程序以攻击者的名义执行恶意命令。 + High + +command.java +src/main/java/command.java +42 + ProcessBuilder processBuilder = new ProcessBuilder(); + cmt.validate(args[0]); + Process proc = processBuilder.command(args[0]).start(); + proc.waitFor(); // 宸茬粡鎵ц瀹岀涓�涓懡浠わ紝鍑嗗鎵ц绗簩涓懡浠� + proc = processBuilder.command(args[1]).start(); +java.lang.ProcessBuilder.command() + + +command.java +src/main/java/command.java +33 + return result; + } + public static void main(String[] args) throws IOException { + + +main(0) + + + + Command Injection + High + Input Validation and Representation + command.java 中的 main() 方法会利用由不可信赖的数据构建的命令来调用 command()。这种调用会导致程序以攻击者的名义执行恶意命令。 + High + +command.java +src/main/java/command.java +44 + Process proc = processBuilder.command(args[0]).start(); + proc.waitFor(); // 宸茬粡鎵ц瀹岀涓�涓懡浠わ紝鍑嗗鎵ц绗簩涓懡浠� + proc = processBuilder.command(args[1]).start(); + InputStreamReader is = new InputStreamReader(proc.getInputStream()); + BufferedReader br = new BufferedReader(is); +java.lang.ProcessBuilder.command() + + +command.java +src/main/java/command.java +33 + return result; + } + public static void main(String[] args) throws IOException { + + +main(0) + + + + + Denial of Service + + +Abstract +调用 command.java 中第 24 行的 readLine() 可能会使攻击者造成程序崩溃或让合法用户无法进行使用。 + + +Explanation +攻击者可能通过对应用程序发送大量请求,而使它拒绝对合法用户的服务,但是这种攻击形式经常会在网络层就被排除掉了。更加严重的是那些只需要使用少量请求就可以使得攻击者让应用程序过载的 bug。这种 bug 允许攻击者去指定请求使用系统资源的数量,或者是持续使用这些系统资源的时间。 + +示例 1:通过以下代码,用户可以指定线程处于休眠状态的时长。通过指定一个较大的数值,攻击者可以无限期地占用该线程。因此,只需少量的请求,攻击者就能耗尽应用程序的线程池。 + + + int usrSleepTime = Integer.parseInt(usrInput); + Thread.sleep(usrSleepTime); + + +示例 2:以下代码从一个 zip 文件中读取字符串。因为它使用 readLine() 方法,所以可以读取一批极大量的输入。攻击者能够利用该代码引发一个 OutOfMemoryException 异常,或者消耗大量的内存,从而致使程序需要更多的时间去执行垃圾信息的收集,或在随后的操作过程中用完内存资源。 + + + InputStream zipInput = zipFile.getInputStream(zipEntry); + Reader zipReader = new InputStreamReader(zipInput); + BufferedReader br = new BufferedReader(zipReader); + String line = br.readLine(); + + + +Recommendations +校验用户输入以确保它不会引起不适当的资源利用。 + +示例 3:以下代码允许用户指定线程休眠的时间量,就像Example 1 中一样,但前提是该值处于合理范围内。 + + int usrSleepTime = Integer.parseInt(usrInput); + if (usrSleepTime >= SLEEP_MIN && + usrSleepTime <= SLEEP_MAX) { + Thread.sleep(usrSleepTime); + } else { + throw new Exception("Invalid sleep duration"); + } +} + + +示例 4:以下代码会从 zip 文件中读取字符串,就像在Example 2 中一样,但它读取的最大字符串长度为 MAX_STR_LEN 个字符。 + + InputStream zipInput = zipFile.getInputStream(zipEntry); + Reader zipReader = new InputStreamReader(zipInput); + BufferedReader br = new BufferedReader(zipReader); + StringBuffer sb = new StringBuffer(); + int intC; + while ((intC = br.read()) != -1) { + char c = (char) intC; + if (c == '\n') { + break; + } + if (sb.length() >= MAX_STR_LEN) { + throw new Exception("input too long"); + } + sb.append(c); + } + String line = sb.toString(); + + + +Tips +1. 即使消耗的系统资源总量或持续使用这些系统资源的时间未被黑客控制或至少未被直接控制,仍有可能发生 Denial of service。相反,程序员可能选择不安全的常量指定这些参数。Fortify 安全编码规则包会将此类情况作为潜在 Denial of Service 漏洞报告。 + + +<Unaudited> +3 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Denial of Service + Low + Input Validation and Representation + 调用 command.java 中第 43 行的 waitFor() 可能会使攻击者造成程序崩溃或让合法用户无法进行使用。 + Low + +command.java +src/main/java/command.java +43 + cmt.validate(args[0]); + Process proc = processBuilder.command(args[0]).start(); + proc.waitFor(); // 宸茬粡鎵ц瀹岀涓�涓懡浠わ紝鍑嗗鎵ц绗簩涓懡浠� + proc = processBuilder.command(args[1]).start(); + InputStreamReader is = new InputStreamReader(proc.getInputStream()); +waitFor() + + + + Denial of Service + Low + Input Validation and Representation + 调用 command.java 中第 24 行的 readLine() 可能会使攻击者造成程序崩溃或让合法用户无法进行使用。 + Low + +command.java +src/main/java/command.java +24 + InputStreamReader is = new InputStreamReader(proc.getInputStream()); + BufferedReader br = new BufferedReader(is); + while ((line = br.readLine()) != null) { + result += line; + } +readLine() + + + + Denial of Service + Low + Input Validation and Representation + 调用 command.java 中第 47 行的 readLine() 可能会使攻击者造成程序崩溃或让合法用户无法进行使用。 + Low + +command.java +src/main/java/command.java +47 + InputStreamReader is = new InputStreamReader(proc.getInputStream()); + BufferedReader br = new BufferedReader(is); + while ((line = br.readLine()) != null) { + result += line; + } +readLine() + + + + + Poor Style: Value Never Read + + +Abstract +command.java 中的 main() 方法从来不会使用赋给第 55 行中变量 proc 的值。 + + +Explanation +没有使用该变量的值。赋值之后,变量或者被重新赋值,或者超出范围之外。 + +示例:以下摘录的代码为变量 r 赋值,并在没有使用所赋数值的情况下,对其加以重写。 + + + r = getName(); + r = getNewBuffer(buf); + + + +Recommendations +为了使代码易于理解和维护,删除不必要的赋值。 + + +<Unaudited> +2 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Poor Style: Value Never Read + Low + Code Quality + command.java 中的 main() 方法从来不会使用赋给第 55 行中变量 proc 的值。 + Low + +command.java +src/main/java/command.java +55 + } + String[][] cmd = {args, args}; + Process proc = Runtime.getRuntime().exec(args); + + String s = cmt.callCmd(cmd); +VariableAccess: proc + + + + Poor Style: Value Never Read + Low + Code Quality + command.java 中的 main() 方法从来不会使用赋给第 57 行中变量 s 的值。 + Low + +command.java +src/main/java/command.java +57 + Process proc = Runtime.getRuntime().exec(args); + + String s = cmt.callCmd(cmd); + + } +VariableAccess: s + + + + + System Information Leak + + +Abstract +command.java 中的 callCmd() 函数可能通过调用第 29 行的 printStackTrace() 来揭示系统数据或调试信息。由 printStackTrace() 揭示的信息有助于攻击者制定攻击计划。 + + +Explanation +当系统数据或调试信息通过输出流或者日志功能流出程序时,就会发生信息泄漏。 + + + +示例 1:以下代码会将一个异常写入标准错误流: + + +try { + ... +} catch (Exception e) { + e.printStackTrace(); +} + + +依据这一系统配置,该信息可转储到控制台,写成日志文件,或者显示给远程用户。例如,凭借脚本机制,可以轻松将输出信息从"标准错误"或"标准输出"重定向至文件或其他程序。或者,运行程序的系统可能具有将日志发送至远程设备的远程日志记录系统,例如 "syslog" 服务器。在开发过程中,您将无法知道此信息最终可能显示的位置。 + +在某些情况下,该错误消息恰好可以告诉攻击者入侵这一系统的可能性究竟有多大。例如,一则数据库错误消息可以揭示应用程序容易受到 SQL Injection 攻击。其他的错误消息可以揭示有关该系统的更多间接线索。在Example 1 中,泄露的信息可能会暗示有关操作系统类型、系统上安装了哪些应用程序以及管理员在配置程序时采取了哪些保护措施的信息。 + +这是另一种情况,特定于移动世界。大多数移动设备现在执行的是“近场通信”(NFC) 协议,以便使用无线电通信在设备之间快速共享信息。它在设备极为贴近或互相接触时有效。即使 NFC 的通信范围仅局限于几厘米,也可能发生窃听、修改数据以及各种其他类型的攻击情况,因为 NFC 本身并不能确保通信安全。 + +示例 2:Android 平台提供对 NFC 的支持。以下代码将创建一条消息,该消息会被发送给所在范围内的其他设备。 + +... +public static final String TAG = "NfcActivity"; +private static final String DATA_SPLITTER = "__:DATA:__"; +private static final String MIME_TYPE = "application/my.applications.mimetype"; +... +public NdefMessage createNdefMessage(NfcEvent event) { + TelephonyManager tm = (TelephonyManager)Context.getSystemService(Context.TELEPHONY_SERVICE); + String VERSION = tm.getDeviceSoftwareVersion(); + String text = TAG + DATA_SPLITTER + VERSION; + NdefRecord record = new NdefRecord(NdefRecord.TNF_MIME_MEDIA, + MIME_TYPE.getBytes(), new byte[0], text.getBytes()); + NdefRecord[] records = { record }; + NdefMessage msg = new NdefMessage(records); + return msg; +} +... + + +NFC 数据交换格式 (NDEF) 消息包含类型化数据、URI 或自定义应用程序有效负载。如果该消息包含与应用程序有关的信息(如其名称、MIME 类型或设备软件版本),则此信息可能会泄露给窃听者。在Example 2 中,Fortify Static Code Analyzer(Fortify 静态代码分析器)会在返回语句中报告 System Information Leak 漏洞。 + + +Recommendations +编写错误消息时,始终要牢记安全性。在编码的过程中,尽量避免使用繁复的消息,提倡使用简短的错误消息。限制生成与存储繁复的输出数据将有助于管理员和程序员诊断问题的所在。此外,还要留意有关调试的跟踪信息,有时它可能出现在不明显的位置(例如嵌入在错误页 HTML 代码的注释行中)。 + +即便是并未揭示栈踪迹或数据库转储的简短错误消息,也有可能帮助攻击者发起攻击。例如,“Access Denied”(拒绝访问)消息可以揭示系统中存在一个文件或用户。 + +如果您担心 Android 设备上的系统数据会通过 NFC 泄露,那么您可以采取以下三种措施之一。不把系统数据包括在发送到范围内其他设备的消息中,或加密消息负载,或在更高层中建立安全通信通道。 + + +Tips +1. 不要依赖于封装器脚本、组织内部的 IT 策略或是思维敏捷的系统管理员来避免 System Information Leak 漏洞。编写安全的软件才是关键。 + +2. 这类漏洞并不适用于所有类型的程序。例如,如果您在一个客户机上执行应用程序,而攻击者已经获取了该客户机上的系统信息,或者如果您仅把系统信息打印到一个可信赖的日志文件中,就可以使用 AuditGuide 来过滤这一类别。 + +3. Fortify RTA adds protection against this category. + + +<Unaudited> +2 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + System Information Leak + Low + Encapsulation + command.java 中的 main() 函数可能通过调用第 52 行的 printStackTrace() 来揭示系统数据或调试信息。由 printStackTrace() 揭示的信息有助于攻击者制定攻击计划。 + Low + +command.java +src/main/java/command.java +52 + + } catch (Exception e) { + e.printStackTrace(); + } + String[][] cmd = {args, args}; +printStackTrace() + + + + System Information Leak + Low + Encapsulation + command.java 中的 callCmd() 函数可能通过调用第 29 行的 printStackTrace() 来揭示系统数据或调试信息。由 printStackTrace() 揭示的信息有助于攻击者制定攻击计划。 + Low + +command.java +src/main/java/command.java +29 + } + } catch (Exception e) { + e.printStackTrace(); + } + return result; +printStackTrace() + + + + + Build Misconfiguration: External Maven Dependency Repository + + +Abstract +这一 Maven 编译脚本依赖于外部数据源,这会导致攻击者能够将恶意代码插入最终产品中,或者控制编译计算机。 + + +Explanation +可通过 Java 开发环境中的几个工具来帮助进行依赖项管理:Apache Ant 和 Apache Maven 编译系统都包含专门用来管理依赖项的功能,而 Apache Ivy 则是明确作为依赖项管理器而开发的。尽管这些工具在行为方式上存在差异,但它们都有一种通用的功能,即会自动下载在编译过程中指定的外部依赖项。这样一来,两个不同的开发人员用同一种方式来编译软件就容易得多。开发人员只需在编译文件中存储依赖项信息即可,这意味着,每个开发人员和编译工程师都可通过同一种方式来获得依赖项、编译代码并进行部署,而不需要手动进行繁琐的依赖项管理。以下示例演示了如何使用 Ivy、Ant 和 Maven 在编译过程中管理外部依赖项。 + +采用 Maven 时,开发人员将具体指定 dependency 的名称和版本,而不是列出从中检索 dependency 的显式 URL,Maven 依靠其底层配置来识别要从中检索 dependency 的服务器。通用组件使得开发人员不必花时间探查 dependency 的具体位置。 + +例 1:以下内容摘自 Maven pom.xml 文件,这些内容显示了开发人员如何用名称和版本来指定多个外部 dependency: + + +<dependencies> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>1.1</version> + </dependency> + <dependency> + <groupId>javax.jms</groupId> + <artifactId>jms</artifactId> + <version>1.1</version> + </dependency> + ... +</dependencies> + + +两种截然不同的攻击情形会影响这些系统:攻击者可能会危害托管 dependency 的服务器,也可能危害 DNS 服务器,编译计算机用它将对托管 dependency 的服务器主机名的请求重定向到被攻击者控制的计算机。这两种攻击情形都会导致攻击者能够将恶意的 dependency 版本注入到一个未受到危害的计算机上所运行的编译中。 + +不管攻击者用来投递 Trojan dependency 的攻击手段是什么,这些情形均存在一种共同的因素,即 build system 盲目地接受恶意二进制码并且将其包含在编译中。因为 build system 无法拒绝恶意的二进制码和现有安全机制(如代码审查),所以通常会关注内部开发地代码而不是外部 dependency,这种攻击深潜于内部,不易察觉,它会传播到开发环境各处并有可能传入产品中。 + +虽然手动编译过程中存在一定的 dependency 受到危害的风险,但是由于自动化 build system 存在从一个外部数据源检索 dependency 的趋势,每当 build system 运行在新环境下时,会大大增加攻击者的攻击机会。攻击者只需在 dependency 服务器或 DNS 服务器多次提取 dependency 时造成一次危害,即会危害发生编译的计算机。 + + +Recommendations +最简单的解决方案是完全避免采用自动化的依赖项管理系统。手动管理依赖项可防止发生可能因编译系统而导致的意外行为。很显然,攻击者仍然能针对手动检索依赖项发动如前所述的某种攻击,但限制需要检索依赖项的频率会极大地减少攻击者的攻击机会。最终,该解决方法会迫使开发组织采用一个看起来十分陈旧的编译系统。采用手动依赖项管理的系统往往更难使用和维护,并且在一些软件开发环境中可能不被接受。 + +第二种解决方法综合了传统的手动 dependency 管理方法和全自动化解决方法,这是现在流行的一种做法。手动编译过程的最大优势是减小了攻击机会,它可以通过从内部复制外部 dependency 服务器来实现一个半自动化系统。这样,任何需要利用外部 dependency 的 build system 都能用硬编码的内部 IP 地址来指向内部服务器,以此避开基于 DNS 的攻击风险。如果添加了新的 dependency 并发布了新的版本,可以一次性下载它们,并将其包含在内部存储库中。这一解决方法减小了攻击机会,并且使组织能够充分利用现有的内部网络安全基础架构。 + +要通过 Maven 实施这一解决方法,项目应该在 pom.xml 中对一个内部存储库的 IP 地址进行硬编码。在 pom.xml 中明确指定 IP 地址可确保编译使用其相应的内部存储库,内部存储库与具体的项目相关联。或者,也可以在 settings.xml 中指定 IP 地址,这样使得多个项目更容易共享配置。 + +例 2:以下 Maven pom.xml 演示了显式内部 IP 地址的用法(这些条目也可以用在 settings.xml 中): + + +<project> + ... + <repositories> + <repository> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + <checksumPolicy>warn</checksumPolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>never</updatePolicy> + <checksumPolicy>fail</checksumPolicy> + </snapshots> + <id>central</id> + <name>Internal Repository</name> + <url>http://172.16.1.13/maven2</url> + <layout>default</layout> + </repository> + </repositories> + <pluginRepositories> + ... + </pluginRepositories> + ... +</project> + + + +<Unaudited> +1 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Build Misconfiguration: External Maven Dependency Repository + Low + Environment + 这一 Maven 编译脚本依赖于外部数据源,这会导致攻击者能够将恶意代码插入最终产品中,或者控制编译计算机。 + Low + +pom.xml +pom.xml +4 +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + +//project/repositories() + + + + + J2EE Bad Practices: Leftover Debug Code + + +Abstract +类 command 包含调试代码,它可以在部署的 web 应用程序中建立一些意想不到的入口点。 + + +Explanation +开发过程中一般会为了调试和测试目的增加一些“后门”代码,这些代码不会随应用程序一起提供或部署。如果这类调试代码无意中被保留在应用程序中,则会导致应用程序向计划外的交互模式开放。这些后门入口点很容易产生安全隐患,因为它们不在当初的设计或者测试的考虑之内,并且不会出现在应用程序设计中的操作环境里。 + +遗忘调试代码中最常见例子出现在 web 应用程序中的 main() 方法。尽管这在产品的开发过程中是完全可以接受的,但是属于 J2EE 应用程序中的那部分类不应该定义 main()。 + + +Recommendations +务必在部署应用程序的产品版之前删除调试代码。无论是否存在直接的安全威胁,一旦早期开发阶段结束,就没有任何理由将这样的代码保留在应用程序中。 + + +Tips +1. 出现方法 main() 可能预示着一个十分严重安全问题。在查找调用 main() 的操作时,请检查是否存在其他迹象,表明开发者编程时过于仓促,或者出于其他情况没能正常地结束工作。 + +2. 如果您审计一个非 J2EE Java 应用程序,J2EE Bad Practices 分类可能不适用于您的环境。在这种情况下,您可以使用 AuditGuide 来消除这些问题。 + + +<Unaudited> +1 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + J2EE Bad Practices: Leftover Debug Code + Low + Encapsulation + 类 command 包含调试代码,它可以在部署的 web 应用程序中建立一些意想不到的入口点。 + Low + +command.java +src/main/java/command.java +33 + return result; + } + public static void main(String[] args) throws IOException { + + +Function: main() + + + + + Poor Error Handling: Overly Broad Catch + + +Abstract +command.java 中第 28 行的 catch 块可以处理的异常种类很多,但往往会由于过多的考虑不应该在此位置处理的各种问题或故障而困扰不已。 + + +Explanation +多个 catch 块看上去繁琐,但使用一个“简约”的 catch 块捕获高级别的异常类(如 Exception),可能会混淆那些需要特殊处理的异常,或是捕获了不应在程序中这一点捕获的异常。本质上,捕获范围过大的异常与“Java 分类定义异常”这一目的是相违背的,随着程序的增加而抛出新异常时,这种做法会十分危险。而新发生的异常类型也不会被注意到。 + +示例:以下代码使用了同一方式来处理三种不同的异常类型。 + + + try { + doExchange(); + } + catch (IOException e) { + logger.error("doExchange failed", e); + } + catch (InvocationTargetException e) { + logger.error("doExchange failed", e); + } + catch (SQLException e) { + logger.error("doExchange failed", e); + } + + +其实,与其这样,还不如使用一个单独的 catch 块来处理这三种异常,如下所示: + + + try { + doExchange(); + } + catch (Exception e) { + logger.error("doExchange failed", e); + } + + +但是如果修改 doExchange(),以抛出需要以某种不同的方式处理的新异常类型,则范围过大的 catch 块会阻止编译器指出这一情况(有新的异常抛出)。此外,新 catch 块也将处理那些来自于 RuntimeException 的异常,比如 ClassCastException 和 NullPointerException,而这些异常的发生是不在程序员的计划之内的。 + + +Recommendations +不要捕获范围过大的异常类,比如 Exception、Throwable、Error 或 RuntimeException,除非是级别非常高的程序或线程。 + + +Tips +1. 如果有问题的 catch 块立即抛出一个新异常,Fortify 安全编码规则包将不会标记出 overly broad catch 块。 + + +<Unaudited> +1 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Poor Error Handling: Overly Broad Catch + Low + Errors + command.java 中第 28 行的 catch 块可以处理的异常种类很多,但往往会由于过多的考虑不应该在此位置处理的各种问题或故障而困扰不已。 + Low + +command.java +src/main/java/command.java +28 + } + } + } catch (Exception e) { + e.printStackTrace(); + } +CatchBlock() + + + + + Unchecked Return Value + + +Abstract +command.java 中的 main() 方法忽略了第 43 行的 waitFor() 返回的值,这可能会导致程序无法发现意外状况和情况。 + + +Explanation +Java 程序员常常会误解包含在许多 java.io 类中的 read() 及相关方法。在 Java 结果中,将大部分错误和异常事件都作为异常抛出。(这是 Java 相对于 C 语言等编程语言的优势:各种异常更加便于程序员考虑是哪里出现了问题。)但是,如果只有少量的数据可用,stream 和 reader 类并不认为这是异常的情况。这些类只是将这些少量的数据添加到返回值缓冲区,并且将返回值设置为读取的字节或字符数。所以,并不能保证返回的数据量一定等于请求的数据量。 + +这样,程序员就需要检查 read() 和其他 IO 方法的返回值,以确保接收到期望的数据量。 + + + +示例:下列代码会在一组用户中进行循环,读取每个用户的私人数据文件。程序员假设这些文件总是正好 1000 字节,从而忽略了检查 read() 的返回值。如果攻击者能够创建一个较小的文件,程序就会重复利用前一个用户的剩余数据,并对这些数据进行处理,就像这些数据属于攻击者一样。 + + +FileInputStream fis; +byte[] byteArray = new byte[1024]; +for (Iterator i=users.iterator(); i.hasNext();) { + String userName = (String) i.next(); + String pFileName = PFILE_ROOT + "/" + userName; + FileInputStream fis = new FileInputStream(pFileName); + fis.read(byteArray); // the file is always 1k bytes + fis.close(); + processPFile(userName, byteArray); +} + + + +Recommendations + + FileInputStream fis; + byte[] byteArray = new byte[1024]; + for (Iterator i=users.iterator(); i.hasNext();) { + String userName = (String) i.next(); + String pFileName = PFILE_ROOT + "/" + userName; + fis = new FileInputStream(pFileName); + int bRead = 0; + while (bRead < 1024) { + int rd = fis.read(byteArray, bRead, 1024 - bRead); + if (rd == -1) { + throw new IOException("file is unusually small"); + } + bRead += rd; + } + // could add check to see if file is too large here + fis.close(); + processPFile(userName, byteArray); + } + + +注:因为该问题的修复相当地复杂,您可能试图使用一个更简单的方法,例如在开始阅读前检查文件的大小。这种方法将导致应用程序容易受到文件系统 race condition 的攻击,凭借这个攻击者可以在文件大小检查和从文件调用读取数据之间使用恶意文件替换结构良好的文件。 + + +Tips +1. 为了对此类问题进行辩解,某些程序员这样解释道:“这是绝对不可能会发生的,因为...”,对此我们必须加以提防。如今,程序员能够利用自己的开发环境来拓展对系统运行方式的直观认识。如果软件最终运行在不同种类或版本的操作系统上、采用不同的硬件配置或运行时环境,那么原有的直观认识可能就不再适用了。 + + +<Unaudited> +1 + + +Not an Issue +0 + + +Reliability Issue +0 + + +Bad Practice +0 + + +Suspicious +0 + + +Exploitable +0 + + + + Unchecked Return Value + Low + API Abuse + command.java 中的 main() 方法忽略了第 43 行的 waitFor() 返回的值,这可能会导致程序无法发现意外状况和情况。 + Low + +command.java +src/main/java/command.java +43 + cmt.validate(args[0]); + Process proc = processBuilder.command(args[0]).start(); + proc.waitFor(); // 宸茬粡鎵ц瀹岀涓�涓懡浠わ紝鍑嗗鎵ц绗簩涓懡浠� + proc = processBuilder.command(args[1]).start(); + InputStreamReader is = new InputStreamReader(proc.getInputStream()); +waitFor() + + + + + + + + + Detailed Project Summary + + Files Scanned + A detailed listing of all scanned files. Files are listed with paths relative to the Source Base Path + Code base location: D:/code/cecloud_code/untitled1 +Files Scanned: +src/main/java/command.java java 29 Lines 1.8 KB 2022-5-9 15:30:33 +.idea/jarRepositories.xml xml 2022-5-9 15:24:18 +.idea/workspace.xml xml 2.7 KB 2022-5-9 15:39:38 +.idea/compiler.xml xml 2022-5-9 15:24:18 +.idea/synopsys_code_sight_state.xml xml 2022-5-9 15:24:18 +pom.xml xml 2022-5-9 15:30:17 +.idea/misc.xml xml 2022-5-9 15:23:39 + + + Reference Elements + A Listing of all libraries used for the translation phase of the analysis + Classpath: + +No classpath specified during translation + +Libdirs: + +No libdirs specified during translation + + + Rulepacks + A listing of all rulepacks used in the analysis + Valid Rulepacks: + +Name: Fortify 安全编码规则、核心、Android +Version: 2019.4.1.0002 +ID: 5EF8CC97-4634-4E13-B357-C1C33629D474 +SKU: RUL13105 + +Name: Fortify 安全编码规则、核心、Annotations +Version: 2019.4.1.0002 +ID: 915E3017-FDC9-4494-8DFA-E61B0ED7B726 +SKU: RUL13081 + +Name: Fortify 安全编码规则、核心、Java +Version: 2019.4.1.0002 +ID: D044EBBB-7081-4451-BDD6-5A163AD639C3 +SKU: RUL13040 + +Name: Fortify 安全编码规则、扩展、配置 +Version: 2019.4.1.0002 +ID: 8DA5519F-A16E-492A-81CC-750AFB8A8D3F +SKU: RUL13042 + +Name: Fortify 安全编码规则、扩展、内容 +Version: 2019.4.1.0002 +ID: E5468AFF-F0AB-4F60-A2F8-65CBE5167BCA +SKU: RUL13076 + +Name: Fortify 安全编码规则、扩展、Java +Version: 2019.4.1.0002 +ID: 908C68F5-D8DB-4D23-8AB5-FAAD5C53F11B +SKU: RUL13045 + +Name: Fortify 安全编码规则、扩展、JSP +Version: 2019.4.1.0002 +ID: E9341D69-1DF9-45B6-A19C-454863D1694D +SKU: RUL13046 + +External Metadata: +Version: 2019.4.1.0002 + +Name: CWE +ID: 3ADB9EE4-5761-4289-8BD3-CBFCC593EBBC +由 MITRE 参与制定并维护的通用缺陷列表 (CWE) 在全球范围内免费供公众使用。CWE 提供了一组统一的可度量软件缺陷,以便更高效地讨论、描述、选择和使用可用于在源代码和可操作系统中查找这些缺陷的软件安全工具和服务,并更好地了解和管理与体系结构和设计相关的软件缺陷。 + +Name: CWE Top 25 2019 +ID: 7AF935C9-15AA-45B2-8EEC-0EAE4194ACDE +2019 CWE Top 25 最危险的软件错误列举了最普遍、最危险的缺陷,其中的错误可导致软件漏洞(如国家漏洞数据库 (National Vulnerability Database) 所示)。这些缺陷出现频繁、容易查找且易于被利用。由于它们将频繁地允许攻击者完全控制软件、窃取数据或使软件完全无法运行,因此具有危险性。此列表是 CWE 团队将启发式公式与数据驱动型方法结合使用而得出的,数据驱动型方法利用的是常见的漏洞和风险 (CVE)、国家漏洞数据库 (National Vulnerability Database, NVD) 和常见的漏洞评分系统 (CVSS)。因 CWE 分类具有层次结构,Fortify 将 Top 25 条目子项的所有 CWE ID 视作条目上下文的一部分,因为层次结构中存在 "CHILD-OF" 关系。只使用此 Top 25 列表来合理分配审核尝试时,应小心谨慎,因为接受分析的软件可能与用于定义 Top 25 的启发式假设不一致。例如,这些缺陷中的许多缺陷与 C 类语言相关,接受分析的软件可能并不属于语言的 C 系列。因此,许多 CWE 不在范围内。 + +Name: DISA CCI 2 +ID: 7F037130-41E5-40F0-B653-7819A4B3E241 +美国国防信息系统局 (DISA) 控制关联标识符 (CCI) 的目的是为基于策略的要求提供标准标识符,这些要求将高级策略表达式与低级技术实施相关联。 与每个 CCI 相关联的是对影响信息保证 (IA) 控制或 IA 最佳实践的每个单一、可操作语句的描述。 使用 CCI,可以分解高级策略框架安全要求,并与低级实施明确关联,从而能够评估涵盖异构技术的相关合规性评估结果。 可以使用 DISA STIG Viewer 查看 NIST SP 800-53 修订版 4 中指定的与每个 CCI 关联的当前 IA 控制和最佳实践。 <br />下表汇总了按 Fortify Priority Order 细分的不同 CCI 中发现的问题数量。 当未针对给定 CCI 报告问题时,则认为 CCI 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的结果,则 CCI-003187 不被视为“就位”。 类似地,如果项目缺少 Micro Focus Fortify WebInspect 扫描,或者扫描中包含任何重要结果,则 CCI-000366 和 CCI-000256 不被视为“就位”。 + +Name: FISMA +ID: B40F9EE0-3824-4879-B9FE-7A789C89307C +联邦信息处理标准 (FIPS) 200 文档是由国家标准与技术研究所 (NIST) 发行的一系列官方出版物的组成部分,与根据联邦信息安全管理法案 (FISMA) 条款采用并颁布的标准和准则相关。尤其是,FIPS 出版物 200 规定了“联邦信息和信息系统的最低安全性要求”。 + +Name: GDPR +ID: 771C470C-9274-4580-8556-C12F5E4BEC51 +欧盟通用数据保护条例 (GDPR) 将取代数据保护指令 95/46/EC,并且旨在统一整个欧洲的数据隐私法,以保护和加强所有欧盟公民的数据隐私,并重塑该地区的组织处理数据隐私的方式。 GDPR 将于 2018 年 5 月 25 日生效,它为各组织提供有关如何处理个人数据的框架。 根据 GDPR 条例,个人数据“表示与已识别或可识别的自然人(“数据主体”)相关的任何信息;可识别的自然人为可直接或间接识别的自然人,尤其是通过引用如姓名、身份证号码、位置数据、网络标识等标识或引用特定于该自然人的身体、生理、遗传、心理、经济、文化或社会身份的一个或多个因素进行识别。” 与应用程序安全相关并要求企业在其产品和服务的设计和开发期间保护个人数据的 GDPR 条款包括:<br /><br /> - 第 25 条,依据设计的默认数据保护 - 要求“控制器应实施适当的技术和组织措施,以确保默认仅处理为实现每个特定处理目的所需的个人数据。”<br /> - 第 32 条,安全处理 - 要求企业保护其系统和应用程序“免遭意外或非法的破坏、损失、更改、未经授权的个人数据披露或访问”。 此报告可能由各组织用作帮助识别和保护与应用程序安全相关的个人数据的框架。 + +Name: MISRA C 2012 +ID: 555A3A66-A0E1-47AF-910C-3F19A6FB2506 +现在,在第三版中,《汽车工业软件可靠性协会 (MISRA) C 指南》描述了一个 C 编程语言子集,使用这种编程语言,在关键系统中引入错误的风险会显著降低。尽管《MISRA C 指南》专注于安全相关的软件开发,但规则子集也反应了安全属性。Fortify 在安全上下文中解析《MISRA C 指南》,提供安全漏洞类别到 MISRA 定义的规则的相互关联。Fortify 提供这些以安全为中心的检测机制以及标准规则包,然而,与安全相关的《MISRA C 指南》的进一步支持可以通过使用自定义规则来添加。本报告中的结果有助于为 MISRA 创建合规性矩阵。 + +Name: MISRA C++ 2008 +ID: 5D4B75A1-FC91-4B4B-BD4D-C81BBE9604FA +《汽车工业软件可靠性协会 (MISRA) C++ 指南》(Motor Industry Software Reliability Association (MISRA) C++ Guidelines) 描述了一个 C++ 编程语言子集,使用这种编程语言,在关键系统中引入错误的风险会显著降低。尽管《MISRA C++ 指南》专注于安全相关的软件开发,但规则子集也反应了安全属性。Fortify 在安全上下文中解析《MISRA C++ 指南》,提供安全漏洞类别到 MISRA 定义的规则的相互关联。Fortify 提供这些以安全为中心的检测机制以及标准规则包,然而,与安全相关的《MISRA C++ 指南》的进一步支持可以通过使用自定义规则来添加。本报告中的结果有助于为 MISRA 创建合规性矩阵。 + +Name: NIST SP 800-53 Rev.4 +ID: 1114583B-EA24-45BE-B7F8-B61201BACDD0 +NIST Special Publication 800-53 Revision 4 提供一系列安全和隐私控制,旨在保护联邦组织和信息系统免受安全威胁。下表汇总了不同控制发现且区分过 Fortify 优先级的问题数量。 + +Name: OWASP Mobile 2014 +ID: EEE3F9E7-28D6-4456-8761-3DA56C36F4EE +OWASP Mobile Top 10 Risks 2014 提供了有关移动应用程序安全威胁的重要宣传文档。OWASP Mobile Top 10 代表就最严重的移动应用程序安全缺陷所达成的广泛共识。项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: OWASP Top 10 2004 +ID: 771C470C-9274-4580-8556-C023E4D3ADB4 +OWASP Top Ten 2004 提供了有关 Web 应用程序安全威胁的重要文档。OWASP Top Ten 代表就最危险 Web 应用程序安全缺陷所达成的普遍共识。项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: OWASP Top 10 2007 +ID: 1EB1EC0E-74E6-49A0-BCE5-E6603802987A +OWASP Top Ten 2007 提供了有关 Web 应用程序安全威胁的重要文档。OWASP Top Ten 代表就最危险 Web 应用程序安全缺陷所达成的普遍共识。项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: OWASP Top 10 2010 +ID: FDCECA5E-C2A8-4BE8-BB26-76A8ECD0ED59 +OWASP Top Ten 2010 提供了有关 Web 应用程序安全威胁的重要文档。OWASP Top Ten 代表就最危险 Web 应用程序安全缺陷所达成的普遍共识。项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: OWASP Top 10 2013 +ID: 1A2B4C7E-93B0-4502-878A-9BE40D2A25C4 +OWASP Top Ten 2013 提供了有关 Web 应用程序安全威胁的重要文档。OWASP Top Ten 代表就最危险 Web 应用程序安全缺陷所达成的普遍共识。项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: OWASP Top 10 2017 +ID: 3C6ECB67-BBD9-4259-A8DB-B49328927248 +OWASP Top Ten 2017 提供了有关如何提高 Web 应用程序安全意识的强大文档,聚焦于告知社区团体最常见和最重要的 Web 应用程序安全缺陷所造成的后果。 OWASP Top Ten 代表就数据收集和调查结果中存在的最危险 Web 应用程序安全漏洞所达成的广泛共识。 项目成员包括来自世界各地的安全专家,他们结合自身专业知识共同敲定这一安全威胁榜单。 + +Name: PCI 1.1 +ID: CBDB9D4D-FC20-4C04-AD58-575901CAB531 +支付卡行业 (PCI) 数据安全标准 (DSS) 1.1 合规性标准列出了 12 项要求,按逻辑分成 6 个相关组,称作“控制目标”。如果系统存储、处理或传输了主帐号 (PAN),则 PCI DSS 要求适用。 + +Name: PCI 1.2 +ID: 57940BDB-99F0-48BF-BF2E-CFC42BA035E5 +支付卡行业数据安全标准版本 1.2 说明 + +Name: PCI 2.0 +ID: 8970556D-7F9F-4EA7-8033-9DF39D68FF3E +PCI DSS 2.0 合规性标准(尤其是 6.3、6.5 和 6.6 部分)将 OWASP Top 10 漏洞目录作为必须检测和修复的核心目录。下表汇总了按照不同 PCI DSS 要求发现且区分过 Fortify 优先级的问题数量。 + +Name: PCI 3.0 +ID: E2FB0D38-0192-4F03-8E01-FE2A12680CA3 +下面是支付卡行业 (PCI) 数据安全标准 (DSS) v3.0 的应用程序安全部分摘要。Fortify 会针对 PCI DSS 的第 1、2、3、4、6、7、8 和 10 部分的 32 项应用程序安全性相关的要求进行测试,并报告每项要求是处于“就位”还是“未就位”状态,以指示是否符合这些要求。此报告旨在度量特定应用程序处理的符合性级别(与 PCI DSS 3.0 合规性进行比较),而不是作为综合合规性 (ROC) 报告。本报告中包含的信息主要面向项目经理、安全审计人员和合规性审计人员。 + +Name: PCI 3.1 +ID: AC0D18CF-C1DA-47CF-9F1A-E8EC0A4A717E +下面是支付卡行业 (PCI) 数据安全标准 (DSS) v3.1 的应用程序安全部分摘要。Fortify 会针对 PCI DSS 的第 1、2、3、4、6、7、8 和 10 部分的 31 项应用程序安全性相关的要求进行测试,并报告每项要求是处于“就位”还是“未就位”状态,以指示是否符合这些要求。此报告旨在度量特定应用程序处理的符合性级别(与 PCI DSS 3.1 合规性进行比较),而不是作为综合合规性 (ROC) 报告。本报告中包含的信息主要面向项目经理、安全审计人员和合规性审计人员。 + +Name: PCI 3.2 +ID: 4E8431F9-1BA1-41A8-BDBD-087D5826751A +下面是支付卡行业 (PCI) 数据安全标准 (DSS) v3.2 的应用程序安全部分摘要。Fortify 会针对 PCI DSS 的第 1、2、3、4、6、7、8 和 10 部分的 31 项应用程序安全性相关的要求进行测试,并报告每项要求是处于“就位”还是“未就位”状态,以指示是否符合这些要求。此报告旨在度量特定应用程序处理的符合性级别(与 PCI DSS 3.2 合规性进行比较),而不是作为综合合规性 (ROC) 报告。本报告中包含的信息主要面向项目经理、安全审计人员和合规性审计人员。 + +Name: PCI 3.2.1 +ID: EADE255F-6561-4EFE-AD31-2914F6BFA329 +下面是支付卡行业 (PCI) 数据安全标准 (DSS) v3.2.1 的应用程序安全部分摘要。Fortify 会针对 PCI DSS 的第 1、2、3、4、6、7、8 和 10 部分的 31 项应用程序安全性相关的要求进行测试,并报告每项要求是处于“就位”还是“未就位”状态,以指示是否符合这些要求。此报告旨在测量特定应用程序具备的符合性级别(与 PCI DSS 3.2.1 合规性进行比较),而不是作为综合合规性报告 (ROC)。此报告中包含的信息面向项目经理、安全审计员和合规性审计员。 + +Name: PCI SSF 1.0 +ID: 0F551543-AF0E-4334-BEDF-1DDCD5F4BF74 +下面是支付卡行业 (PCI) 软件安全框架 (SSF) v1.0 中定义的“安全软件要求和评估程序”应用程序安全部分的摘要。Fortify 会针对 PCI SSF 的控制目标部分 2、3、4、5、6、7、8 和 A.2 的 23 项应用程序安全性相关的控制目标进行测试,并报告每个控制目标是处于“就位”还是“未就位”状态,以指示是否符合这些要求。此报告旨在衡量特定应用程序与 PCI SSF 1.0 合规性相比的符合性程度,并不用作全面的合规性报告 (ROC)。此报告中包含的信息面向项目经理、安全审计员和合规性审计员。 + +Name: SANS Top 25 2009 +ID: 939EF193-507A-44E2-ABB7-C00B2168B6D8 +2009 CWE/SANS Top 25 编程错误列出了最严重的编程错误,这些错误可能会导致严重的软件漏洞。它们出现频繁、容易查找且易于被利用。由于它们将频繁地允许攻击者完全控制软件、窃取数据或使软件完全无法运行,因此具有危险性。此列表是系统网络安全协会、MITRE 和许多顶尖的软件安全专家共同协作的成果。 + +Name: SANS Top 25 2010 +ID: 72688795-4F7B-484C-88A6-D4757A6121CA +SANS Top 25 2010 最危险的软件错误列举了最普遍、最危险的错误,以通用缺陷列表 (CWE) 标识符分类,其中的错误可导致软件漏洞 (http://cwe.mitre.org/)。这些软件错误通常很容易找到和被利用。这些错误的根本危险在于它们可以使攻击者完全控制软件、窃取数据或使软件完全无法运行。 + +Name: SANS Top 25 2011 +ID: 92EB4481-1FD9-4165-8E16-F2DE6CB0BD63 +SANS Top 25 2011 最危险的软件错误列举了最普遍、最危险的错误,以通用缺陷列表 (CWE) 标识符分类,其中的错误可导致软件漏洞 (http://cwe.mitre.org/)。这些软件错误通常很容易找到和被利用。这些错误的根本危险在于它们可以使攻击者完全控制软件、窃取数据或使软件完全无法运行。 + +Name: STIG 3.1 +ID: F2FA57EA-5AAA-4DDE-90A5-480BE65CE7E7 +安全技术实施指南版本 3.1 说明 + +Name: STIG 3.10 +ID: 788A87FE-C9F9-4533-9095-0379A9B35B12 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APP5080: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APP5100: CAT II 不会被视为“就位”。 + +Name: STIG 3.4 +ID: 58E2C21D-C70F-4314-8994-B859E24CF855 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 可识别漏洞的严重性:<br /> +<LI>CAT I:允许攻击者立即访问机器,允许超级用户访问或绕过防火墙。</LI> +<LI>CAT II:提供很可能帮助入侵者获得访问权限的信息。</LI> +<LI>CAT III:提供可能危及安全的信息。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 + +Name: STIG 3.5 +ID: DD18E81F-3507-41FA-9DFA-2A9A15B5479F +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 可识别漏洞的严重性:<br /> +<LI>CAT I:允许攻击者立即访问机器,允许超级用户访问或绕过防火墙。</LI> +<LI>CAT II:提供很可能帮助入侵者获得访问权限的信息。</LI> +<LI>CAT III:提供可能危及安全的信息。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 + +Name: STIG 3.6 +ID: 000CA760-0FED-4374-8AA2-6FA3968A07B1 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 可识别漏洞的严重性:<br /> +<LI>CAT I:允许攻击者立即访问机器,允许超级用户访问或绕过防火墙。</LI> +<LI>CAT II:提供很可能帮助入侵者获得访问权限的信息。</LI> +<LI>CAT III:提供可能危及安全的信息。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APP5080: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APP5100: CAT II 不会被视为“就位”。 + +Name: STIG 3.7 +ID: E69C07C0-81D8-4B04-9233-F3E74167C3D2 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 可识别漏洞的严重性:<br /> +<LI>CAT I:允许攻击者立即访问机器,允许超级用户访问或绕过防火墙。</LI> +<LI>CAT II:提供很可能帮助入侵者获得访问权限的信息。</LI> +<LI>CAT III:提供可能危及安全的信息。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APP5080: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APP5100: CAT II 不会被视为“就位”。 + +Name: STIG 3.9 +ID: 1A9D736B-2D4A-49D1-88CA-DF464B40D732 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APP<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APP5080: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APP5100: CAT II 不会被视为“就位”。 + +Name: STIG 4.1 +ID: 95227C50-A9E4-4C9D-A8AF-FD98ABAE1F3C +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.10 +ID: EF1FF442-1673-4CF1-B7C4-920F1A96A8150 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170:CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.2 +ID: 672C15F8-8822-4E05-8C9E-1A4BAAA7A373 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.3 +ID: A0B313F0-29BD-430B-9E34-6D10F1178506 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了区分过 Fortify 优先级的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.4 +ID: ECEC5CA2-7ACA-4B70-BF44-3248B9C6F4F8 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。 当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.5 +ID: E6010E0A-7F71-4388-B8B7-EE9A02143474 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。 当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.6 +ID: EFB9B012-44D6-456D-B197-03D2FD7C7AD6 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。 当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.7 +ID: B04A1E01-F1C1-48D3-A827-0F70872182D7 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。 当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.8 +ID: E6805D9F-D5B5-4192-962C-46828FF68507 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer (SCA) 扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: STIG 4.9 +ID: 7B9F7B3B-07FC-4B61-99A1-70E3BB23A6A0 +由美国国防信息系统局 (DISA) STIG 识别的每个要求或建议以 STIG 标识符 (STIGID) 表示,并且标识符与清单项和严重性代码 [APSC-DV-<I>ID</I>: CAT <I>SEV</I>] 相对应。DISA STIG 根据以下情况定义了漏洞的三种严重性:<br /> +<LI>对漏洞加以利用会直接和立即导致机密性、可用性或完整性丧失 (CAT I)。</LI> +<LI>对漏洞加以利用可能会导致机密性、可用性或完整性丧失 (CAT II)。</LI> +<LI>如果存在这些漏洞,会削弱针对防止机密性、可用性或完整性丧失的保护 (CAT III)。</LI> </UL> + <br />下表汇总了由 Fortify Priority Order 细分的不同 STIGID 发现的问题数量。当未针对给定 STIGID 报告问题时,则认为 STIGID 的状态为“就位”。 <br /><br />如果项目缺少 Fortify Static Code Analyzer(SCA)扫描,或者扫描中包含尚未修复、隐藏或抑制的发现,则 STIGID APSC-DV-003170: CAT II 不会被视为“就位”。类似地,如果项目缺少 Fortify WebInspect 扫描,或者扫描中包含任何重要发现,则 STIGID APSC-DV-001460: CAT II 和 STIGID APSC-DV-002930: CAT II 不会被视为“就位”。 + +Name: WASC 2.00 +ID: 74f8081d-dd49-49da-880f-6830cebe9777 +共同努力创建 Web 应用安全联盟 (WASC) 的目的是对 Web 站点的安全威胁进行标准化、阐明和整理。威胁分类版本 2.00 概述了通常会导致网站被破坏的攻击和缺陷。 + +Name: WASC 24 + 2 +ID: 9DC61E7F-1A48-4711-BBFD-E9DFF537871F +共同努力创建 Web 应用安全联盟 (WASC) 的目的是对 Web 站点的安全威胁进行标准化、阐明和整理。 + + + + + Properties + A complete listing of all properties set during analysis phase + WinForms.CollectionMutationMonitor.Label=WinFormsDataSource +awt.toolkit=sun.awt.windows.WToolkit +com.fortify.AuthenticationKey=C:\Users\admin\AppData\Local/Fortify/config/tools +com.fortify.Core=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core +com.fortify.InstallRoot=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1 +com.fortify.InstallationUserName=admin +com.fortify.SCAExecutablePath=D:/Program Files/Fortify/Fortify_SCA_and_Apps_20.1.1/bin/sourceanalyzer.exe +com.fortify.TotalPhysicalMemory=42739228672 +com.fortify.VS.RequireASPPrecompilation=true +com.fortify.WorkingDirectory=C:\Users\admin\AppData\Local/Fortify +com.fortify.locale=zh_CN +com.fortify.log.console=true +com.fortify.sca.AddImpliedMethods=true +com.fortify.sca.AntCompilerClass=com.fortify.dev.ant.SCACompiler +com.fortify.sca.AppendLogFile=true +com.fortify.sca.AspnetTranslator=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/aspcodegen.exe +com.fortify.sca.BuildID=untitile +com.fortify.sca.BuildOptions=-b untitile . +com.fortify.sca.BundleControlflowIssues=true +com.fortify.sca.BytecodePreview=true +com.fortify.sca.CollectPerformanceData=true +com.fortify.sca.CustomRulesDir=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core\config\customrules +com.fortify.sca.DaemonCompilers=com.fortify.sca.util.compilers.GppCompiler,com.fortify.sca.util.compilers.GccCompiler,com.fortify.sca.util.compilers.AppleGppCompiler,com.fortify.sca.util.compilers.AppleGccCompiler,com.fortify.sca.util.compilers.MicrosoftCompiler,com.fortify.sca.util.compilers.MicrosoftLinker,com.fortify.sca.util.compilers.LdCompiler,com.fortify.sca.util.compilers.ArUtil,com.fortify.sca.util.compilers.SunCCompiler,com.fortify.sca.util.compilers.SunCppCompiler,com.fortify.sca.util.compilers.IntelCompiler,com.fortify.sca.util.compilers.ExternalCppAdapter,com.fortify.sca.util.compilers.ClangCompiler +com.fortify.sca.DeadCodeFilter=true +com.fortify.sca.DeadCodeIgnoreTrivialPredicates=true +com.fortify.sca.DefaultAnalyzers=semantic:dataflow:controlflow:nullptr:configuration:content:structural:buffer +com.fortify.sca.DefaultFileTypes=java,rb,erb,jsp,jspx,jspf,tag,tagx,tld,sql,cfm,php,phtml,ctp,pks,pkh,pkb,xml,config,Config,settings,properties,dll,exe,winmd,cs,vb,asax,ascx,ashx,asmx,aspx,master,Master,xaml,baml,cshtml,vbhtml,inc,asp,vbscript,js,jsx,ini,bas,cls,vbs,frm,ctl,html,htm,xsd,wsdd,xmi,py,cfml,cfc,abap,xhtml,cpx,xcfg,jsff,as,mxml,cbl,cscfg,csdef,wadcfg,wadcfgx,appxmanifest,wsdl,plist,bsp,ABAP,BSP,swift,page,trigger,scala,ts,tsx,conf,json,yaml,yml,go,kt,kts +com.fortify.sca.DefaultJarsDirs=default_jars +com.fortify.sca.DefaultRulesDir=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core\config\rules +com.fortify.sca.DisableDeadCodeElimination=false +com.fortify.sca.DisableFunctionPointers=false +com.fortify.sca.DisableGlobals=false +com.fortify.sca.DisableInferredConstants=false +com.fortify.sca.DotnetDecompiler=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/dotnet-decompiler.exe +com.fortify.sca.DotnetTranslator=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/dotnet-translator.exe +com.fortify.sca.EnableInterproceduralConstantResolution=true +com.fortify.sca.EnableNestedWrappers=true +com.fortify.sca.EnableStructuralMatchCache=true +com.fortify.sca.EnableWrapperDetection=true +com.fortify.sca.FVDLDisableDescriptions=false +com.fortify.sca.FVDLDisableProgramData=false +com.fortify.sca.FVDLDisableSnippets=false +com.fortify.sca.FVDLStylesheet=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/resources/sca/fvdl2html.xsl +com.fortify.sca.GoTranslator=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/golang.exe +com.fortify.sca.IndirectCallGraphBuilders=WinFormsAdHocFunctionBuilder,VirtualCGBuilder,J2EEIndirectCGBuilder,JNICGBuilder,StoredProcedureResolver,JavaWSCGBuilder,StrutsCGBuilder,DotNetWSCGBuilder,SqlServerSPResolver,ASPCGBuilder,ScriptedCGBuilder,NewJspCustomTagCGBuilder,DotNetCABCGBuilder,StateInjectionCGBuilder,SqlServerSPResolver2,PHPLambdaResolver,JavaWebCGBuilder +com.fortify.sca.JVMArgs=-XX:SoftRefLRUPolicyMSPerMB=3000 -Xmx34359738367 -Xss16M +com.fortify.sca.JavaSourcepathSearch=true +com.fortify.sca.JdkVersion=1.8 +com.fortify.sca.LogFile=C:\Users\admin\AppData\Local\Fortify\sca20.1\log\sca +com.fortify.sca.LogFileDir=C:\Users\admin\AppData\Local\Fortify\sca20.1\log +com.fortify.sca.LogFileExt=.log +com.fortify.sca.LogFileName=sca.log +com.fortify.sca.LogFileNameNoExt=sca +com.fortify.sca.LogFilePath=C:\Users\admin\AppData\Local\Fortify\sca20.1\log\sca.log +com.fortify.sca.LogLevel=INFO +com.fortify.sca.LowSeverityCutoff=1.0 +com.fortify.sca.MultithreadedAnalysis=true +com.fortify.sca.NoNestedOutTagOutput=org.apache.taglibs.standard.tag.rt.core.RemoveTag,org.apache.taglibs.standard.tag.rt.core.SetTag +com.fortify.sca.OldVbNetExcludeFileTypes=vb,asax,ascx,ashx,asmx,aspx,xaml,cshtml,vbhtml +com.fortify.sca.PID=5308 +com.fortify.sca.Phase0HigherOrder.Languages=python,ruby,swift,javascript,typescript +com.fortify.sca.Phase0HigherOrder.Level=1 +com.fortify.sca.PrintPerformanceDataAfterScan=false +com.fortify.sca.ProjectRoot=C:\Users\admin\AppData\Local/Fortify +com.fortify.sca.ProjectRoot=C:\Users\admin\AppData\Local/Fortify +com.fortify.sca.RequireMapKeys=classrule +com.fortify.sca.ResultsFile=untitile.fpr +com.fortify.sca.ScaMSBuild=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/msbuild/current/bin/msbuild.exe +com.fortify.sca.SolverTimeout=15 +com.fortify.sca.SqlLanguage=TSQL +com.fortify.sca.SuppressLowSeverity=true +com.fortify.sca.ThreadCount.NameTableLoading=1 +com.fortify.sca.TypeInferenceFunctionTimeout=60 +com.fortify.sca.TypeInferenceLanguages=javascript,typescript,python,ruby +com.fortify.sca.TypeInferencePhase0Timeout=300 +com.fortify.sca.UnicodeInputFile=true +com.fortify.sca.UniversalBlacklist=.*yyparse.* +com.fortify.sca.alias.mode.csharp=fs +com.fortify.sca.alias.mode.javascript=fi +com.fortify.sca.alias.mode.scala=fi +com.fortify.sca.alias.mode.swift=fi +com.fortify.sca.alias.mode.typescript=fi +com.fortify.sca.alias.mode.vb=fs +com.fortify.sca.analyzer.controlflow.EnableLivenessOptimization=false +com.fortify.sca.analyzer.controlflow.EnableMachineFiltering=false +com.fortify.sca.analyzer.controlflow.EnableRefRuleOptimization=false +com.fortify.sca.analyzer.controlflow.EnableTimeOut=true +com.fortify.sca.compilers.ant=com.fortify.sca.util.compilers.AntAdapter +com.fortify.sca.compilers.ar=com.fortify.sca.util.compilers.ArUtil +com.fortify.sca.compilers.armcc=com.fortify.sca.util.compilers.ArmCcCompiler +com.fortify.sca.compilers.armcpp=com.fortify.sca.util.compilers.ArmCppCompiler +com.fortify.sca.compilers.c++=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.c89=com.fortify.sca.util.compilers.C89Compiler +com.fortify.sca.compilers.cc=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.cl=com.fortify.sca.util.compilers.MicrosoftCompiler +com.fortify.sca.compilers.clearmake=com.fortify.sca.util.compilers.TouchlessCompiler +com.fortify.sca.compilers.devenv=com.fortify.sca.util.compilers.DevenvAdapter +com.fortify.sca.compilers.fortify=com.fortify.sca.util.compilers.FortifyCompiler +com.fortify.sca.compilers.g++=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.g++-*=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.g++2*=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.g++3*=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.g++4*=com.fortify.sca.util.compilers.GppCompiler +com.fortify.sca.compilers.gcc=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.gcc-*=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.gcc2*=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.gcc3*=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.gcc4*=com.fortify.sca.util.compilers.GccCompiler +com.fortify.sca.compilers.gmake=com.fortify.sca.util.compilers.TouchlessCompiler +com.fortify.sca.compilers.gradle=com.fortify.sca.util.compilers.GradleAdapter +com.fortify.sca.compilers.gradlew=com.fortify.sca.util.compilers.GradleAdapter +com.fortify.sca.compilers.icc=com.fortify.sca.util.compilers.IntelCompiler +com.fortify.sca.compilers.icl=com.fortify.sca.util.compilers.MicrosoftCompiler +com.fortify.sca.compilers.icpc=com.fortify.sca.util.compilers.IntelCompiler +com.fortify.sca.compilers.jam=com.fortify.sca.util.compilers.TouchlessCompiler +com.fortify.sca.compilers.javac=com.fortify.sca.util.compilers.JavacCompiler +com.fortify.sca.compilers.ld=com.fortify.sca.util.compilers.LdCompiler +com.fortify.sca.compilers.link=com.fortify.sca.util.compilers.MicrosoftLinker +com.fortify.sca.compilers.make=com.fortify.sca.util.compilers.TouchlessCompiler +com.fortify.sca.compilers.msbuild=com.fortify.sca.util.compilers.MSBuildAdapter +com.fortify.sca.compilers.msdev=com.fortify.sca.util.compilers.MSDevAdapter +com.fortify.sca.compilers.mvn=com.fortify.sca.util.compilers.MavenAdapter +com.fortify.sca.compilers.nmake=com.fortify.sca.util.compilers.TouchlessCompiler +com.fortify.sca.compilers.scalac=com.fortify.sca.util.compilers.ScalacCompiler +com.fortify.sca.compilers.tcc=com.fortify.sca.util.compilers.ArmCcCompiler +com.fortify.sca.compilers.tcpp=com.fortify.sca.util.compilers.ArmCppCompiler +com.fortify.sca.compilers.touchless=com.fortify.sca.util.compilers.FortifyCompiler +com.fortify.sca.compilers.xilink=com.fortify.sca.util.compilers.MicrosoftLinker +com.fortify.sca.cpfe.441.command=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/cpfe441.rfct +com.fortify.sca.cpfe.command=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core/private-bin/sca/cpfe48.exe +com.fortify.sca.cpfe.file.option=--gen_c_file_name +com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused +com.fortify.sca.cpfe.options=--remove_unneeded_entities --suppress_vtbl -tused +com.fortify.sca.env.exesearchpath=D:\code\cecloud_code\untitled1;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin;C:\Python39\Scripts\;C:\Python39\;C:\Program Files\Python38\Scripts\;C:\Program Files\Python38\;C:\Program Files\Java\jdk1.8.0_202\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;D:\install\cmder\vendor\git-for-windows\mingw64\bin;D:\Program Files\TortoiseGit\bin;D:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;D:\Program Files\Go\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;D:\SAST_POC_CODE\代码卫士\02_C#前端\SkyNet;D:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\Current\Bin;D:\Program Files\CodeTestFront\bin;C:\Program Files\dotnet\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;D:\install\apache-tomcat-8.5.77\bin;D:\install\cmder\vendor\git-for-windows\bin\;D:\install\python3.9.2\Scripts\;D:\install\python3.9.2\;C:\Program Files\MySQL\MySQL Shell 8.0\bin\;C:\Program Files\Java\jdk1.8.0_202\bin;D:\Program Files\Python\Python38\Scripts\;D:\Program Files\Python\Python38\;C:\Users\admin\AppData\Local\Microsoft\WindowsApps;D:\install\sonar-scanner-cli-4.6.0.2311-windows\sonar-scanner-4.6.0.2311-windows\bin;D:\install\apache-maven-3.8.1-bin\apache-maven-3.8.1\bin;D:\install\cmder\vendor\git-for-windows\mingw64\bin;C:\Program Files\JetBrains\PyCharm 2020.1.2\bin;;D:\Program Files\JetBrains\GoLand 2021.1.1\bin;;D:\install\apache-ant-1.10.10\bin;D:\install\gradle-7.0.1\bin;C:\Program Files\JetBrains\IntelliJ IDEA 2020.1.2\bin;;D:\Program Files\Microsoft VS Code\bin;C:\Users\admin\AppData\Roaming\npm;C:\Users\admin\go\bin;D:\Program Files\Go\bin\;C:\Users\admin\.dotnet\tools;C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\Hostx86\x64;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin; +com.fortify.sca.fileextensions.ABAP=ABAP +com.fortify.sca.fileextensions.BSP=ABAP +com.fortify.sca.fileextensions.Config=XML +com.fortify.sca.fileextensions.Master=ASPNET +com.fortify.sca.fileextensions.abap=ABAP +com.fortify.sca.fileextensions.appxmanifest=XML +com.fortify.sca.fileextensions.as=ACTIONSCRIPT +com.fortify.sca.fileextensions.asax=ASPNET +com.fortify.sca.fileextensions.ascx=ASPNET +com.fortify.sca.fileextensions.ashx=ASPNET +com.fortify.sca.fileextensions.asmx=ASPNET +com.fortify.sca.fileextensions.asp=ASP +com.fortify.sca.fileextensions.aspx=ASPNET +com.fortify.sca.fileextensions.axml=ASPNET +com.fortify.sca.fileextensions.baml=MSIL +com.fortify.sca.fileextensions.bas=VB6 +com.fortify.sca.fileextensions.bsp=ABAP +com.fortify.sca.fileextensions.cfc=CFML +com.fortify.sca.fileextensions.cfm=CFML +com.fortify.sca.fileextensions.cfml=CFML +com.fortify.sca.fileextensions.cls=VB6 +com.fortify.sca.fileextensions.conf=HOCON +com.fortify.sca.fileextensions.config=XML +com.fortify.sca.fileextensions.cpx=XML +com.fortify.sca.fileextensions.cs=CSHARP +com.fortify.sca.fileextensions.cscfg=XML +com.fortify.sca.fileextensions.csdef=XML +com.fortify.sca.fileextensions.cshtml=ASPNET +com.fortify.sca.fileextensions.ctl=VB6 +com.fortify.sca.fileextensions.ctp=PHP +com.fortify.sca.fileextensions.dll=MSIL +com.fortify.sca.fileextensions.erb=RUBY_ERB +com.fortify.sca.fileextensions.exe=MSIL +com.fortify.sca.fileextensions.faces=JSPX +com.fortify.sca.fileextensions.frm=VB6 +com.fortify.sca.fileextensions.go=GO +com.fortify.sca.fileextensions.htm=HTML +com.fortify.sca.fileextensions.html=HTML +com.fortify.sca.fileextensions.ini=JAVA_PROPERTIES +com.fortify.sca.fileextensions.java=JAVA +com.fortify.sca.fileextensions.js=TYPESCRIPT +com.fortify.sca.fileextensions.jsff=JSPX +com.fortify.sca.fileextensions.json=JSON +com.fortify.sca.fileextensions.jsp=JSP +com.fortify.sca.fileextensions.jspf=JSP +com.fortify.sca.fileextensions.jspx=JSPX +com.fortify.sca.fileextensions.jsx=TYPESCRIPT +com.fortify.sca.fileextensions.kt=KOTLIN +com.fortify.sca.fileextensions.kts=KOTLIN +com.fortify.sca.fileextensions.master=ASPNET +com.fortify.sca.fileextensions.mdl=MSIL +com.fortify.sca.fileextensions.mod=MSIL +com.fortify.sca.fileextensions.mxml=MXML +com.fortify.sca.fileextensions.page=VISUAL_FORCE +com.fortify.sca.fileextensions.php=PHP +com.fortify.sca.fileextensions.phtml=PHP +com.fortify.sca.fileextensions.pkb=PLSQL +com.fortify.sca.fileextensions.pkh=PLSQL +com.fortify.sca.fileextensions.pks=PLSQL +com.fortify.sca.fileextensions.plist=XML +com.fortify.sca.fileextensions.properties=JAVA_PROPERTIES +com.fortify.sca.fileextensions.py=PYTHON +com.fortify.sca.fileextensions.rb=RUBY +com.fortify.sca.fileextensions.scala=SCALA +com.fortify.sca.fileextensions.settings=XML +com.fortify.sca.fileextensions.sql=SQL +com.fortify.sca.fileextensions.swift=SWIFT +com.fortify.sca.fileextensions.tag=JSP +com.fortify.sca.fileextensions.tagx=JSP +com.fortify.sca.fileextensions.tld=TLD +com.fortify.sca.fileextensions.trigger=APEX_TRIGGER +com.fortify.sca.fileextensions.ts=TYPESCRIPT +com.fortify.sca.fileextensions.tsx=TYPESCRIPT +com.fortify.sca.fileextensions.vb=VB +com.fortify.sca.fileextensions.vbhtml=ASPNET +com.fortify.sca.fileextensions.vbs=VBSCRIPT +com.fortify.sca.fileextensions.vbscript=VBSCRIPT +com.fortify.sca.fileextensions.wadcfg=XML +com.fortify.sca.fileextensions.wadcfgx=XML +com.fortify.sca.fileextensions.winmd=MSIL +com.fortify.sca.fileextensions.wsdd=XML +com.fortify.sca.fileextensions.wsdl=XML +com.fortify.sca.fileextensions.xaml=ASPNET +com.fortify.sca.fileextensions.xcfg=XML +com.fortify.sca.fileextensions.xhtml=JSPX +com.fortify.sca.fileextensions.xmi=XML +com.fortify.sca.fileextensions.xml=XML +com.fortify.sca.fileextensions.xsd=XML +com.fortify.sca.fileextensions.yaml=YAML +com.fortify.sca.fileextensions.yml=YAML +com.fortify.sca.jsp.UseNativeParser=true +com.fortify.sca.parser.python.ignore.module.1=test.badsyntax_future3 +com.fortify.sca.parser.python.ignore.module.2=test.badsyntax_future4 +com.fortify.sca.parser.python.ignore.module.3=test.badsyntax_future5 +com.fortify.sca.parser.python.ignore.module.4=test.badsyntax_future6 +com.fortify.sca.parser.python.ignore.module.5=test.badsyntax_future7 +com.fortify.sca.parser.python.ignore.module.6=test.badsyntax_future8 +com.fortify.sca.parser.python.ignore.module.7=test.badsyntax_future9 +com.fortify.sca.parser.python.ignore.module.8=test.badsyntax_nocaret +com.fortify.sca.skip.libraries.AngularJS=angular.js,angular.min.js,angular-animate.js,angular-aria.js,angular_1_router.js,angular-cookies.js,angular-message-format.js,angular-messages.js,angular-mocks.js,angular-parse-ext.js,angular-resource.js,angular-route.js,angular-sanitize.js,angular-touch.js +com.fortify.sca.skip.libraries.ES6=es6-shim.min.js,system-polyfills.js,shims_for_IE.js +com.fortify.sca.skip.libraries.jQuery=jquery.js,jquery.min.js,jquery-migrate.js,jquery-migrate.min.js,jquery-ui.js,jquery-ui.min.js,jquery.mobile.js,jquery.mobile.min.js,jquery.color.js,jquery.color.min.js,jquery.color.svg-names.js,jquery.color.svg-names.min.js,jquery.color.plus-names.js,jquery.color.plus-names.min.js,jquery.tools.min.js +com.fortify.sca.skip.libraries.javascript=bootstrap.js,bootstrap.min.js,typescript.js,typescriptServices.js +com.fortify.sca.skip.libraries.typescript=typescript.d.ts,typescriptServices.d.ts +com.fortify.search.defaultSyntaxVer=2 +com.sun.management.jmxremote=true +dotnet.install.dir=C:\Windows\Microsoft.NET\Framework64\ +dotnet.sdk.v11.install.dir= +dotnet.sdk.v20.install.dir= +dotnet.sdk.v3x.install.dir= +dotnet.v30.referenceAssemblies= +dotnet.v35.referenceAssemblies= +file.encoding=GBK +file.encoding.pkg=sun.io +file.separator=\ +java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment +java.awt.headless=true +java.awt.printerjob=sun.awt.windows.WPrinterJob +java.class.path=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core\lib\exe\sca-exe.jar +java.class.version=52.0 +java.endorsed.dirs=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\endorsed +java.ext.dirs=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext +java.home=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre +java.io.tmpdir=C:\Users\admin\AppData\Local\Temp\ +java.library.path=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin;C:\Python39\Scripts\;C:\Python39\;C:\Program Files\Python38\Scripts\;C:\Program Files\Python38\;C:\Program Files\Java\jdk1.8.0_202\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;D:\install\cmder\vendor\git-for-windows\mingw64\bin;D:\Program Files\TortoiseGit\bin;D:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;D:\Program Files\Go\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;D:\SAST_POC_CODE\代码卫士\02_C#前端\SkyNet;D:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\Current\Bin;D:\Program Files\CodeTestFront\bin;C:\Program Files\dotnet\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;D:\install\apache-tomcat-8.5.77\bin;D:\install\cmder\vendor\git-for-windows\bin\;D:\install\python3.9.2\Scripts\;D:\install\python3.9.2\;C:\Program Files\MySQL\MySQL Shell 8.0\bin\;C:\Program Files\Java\jdk1.8.0_202\bin;D:\Program Files\Python\Python38\Scripts\;D:\Program Files\Python\Python38\;C:\Users\admin\AppData\Local\Microsoft\WindowsApps;D:\install\sonar-scanner-cli-4.6.0.2311-windows\sonar-scanner-4.6.0.2311-windows\bin;D:\install\apache-maven-3.8.1-bin\apache-maven-3.8.1\bin;D:\install\cmder\vendor\git-for-windows\mingw64\bin;C:\Program Files\JetBrains\PyCharm 2020.1.2\bin;;D:\Program Files\JetBrains\GoLand 2021.1.1\bin;;D:\install\apache-ant-1.10.10\bin;D:\install\gradle-7.0.1\bin;C:\Program Files\JetBrains\IntelliJ IDEA 2020.1.2\bin;;D:\Program Files\Microsoft VS Code\bin;C:\Users\admin\AppData\Roaming\npm;C:\Users\admin\go\bin;D:\Program Files\Go\bin\;C:\Users\admin\.dotnet\tools;C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\Hostx86\x64;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin;;. +java.rmi.server.randomIDs=true +java.runtime.name=OpenJDK Runtime Environment +java.runtime.version=1.8.0_181-b02 +java.specification.name=Java Platform API Specification +java.specification.vendor=Oracle Corporation +java.specification.version=1.8 +java.vendor=Azul Systems, Inc. +java.vendor.url=http://www.azulsystems.com/ +java.vendor.url.bug=http://www.azulsystems.com/support/ +java.version=1.8.0_181 +java.vm.info=mixed mode +java.vm.name=OpenJDK 64-Bit Server VM +java.vm.specification.name=Java Virtual Machine Specification +java.vm.specification.vendor=Oracle Corporation +java.vm.specification.version=1.8 +java.vm.vendor=Azul Systems, Inc. +java.vm.version=25.181-b02 +line.separator= + +log4j.configurationFile=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core\config\log4j2.xml +log4j.isThreadContextMapInheritable=true +max.file.path.length=255 +os.arch=amd64 +os.name=Windows 10 +os.version=10.0 +path.separator=; +stderr.isatty=true +stdout.isatty=true +sun.arch.data.model=64 +sun.boot.class.path=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\resources.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\rt.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\sunrsasign.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\jsse.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\jce.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\charsets.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\lib\jfr.jar;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\classes +sun.boot.library.path=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\jre\bin +sun.cpu.endian=little +sun.cpu.isalist=amd64 +sun.desktop=windows +sun.io.unicode.encoding=UnicodeLittle +sun.java.command=sourceanalyzer -Djava.awt.headless=true -Dcom.sun.management.jmxremote=true -XX:SoftRefLRUPolicyMSPerMB=3000 -Dwin32.LocalAppdata=C:\Users\admin\AppData\Local -Ddotnet.install.dir=C:\Windows\Microsoft.NET\Framework64\ -Ddotnet.sdk.v11.install.dir= -Ddotnet.sdk.v20.install.dir= -Ddotnet.sdk.v3x.install.dir= -Ddotnet.v30.referenceAssemblies= -Ddotnet.v35.referenceAssemblies= -Dcom.fortify.sca.env.exesearchpath=D:\code\cecloud_code\untitled1;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin;C:\Python39\Scripts\;C:\Python39\;C:\Program Files\Python38\Scripts\;C:\Program Files\Python38\;C:\Program Files\Java\jdk1.8.0_202\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;D:\install\cmder\vendor\git-for-windows\mingw64\bin;D:\Program Files\TortoiseGit\bin;D:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;D:\Program Files\Go\bin;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;D:\SAST_POC_CODE\代码卫士\02_C#前端\SkyNet;D:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\Current\Bin;D:\Program Files\CodeTestFront\bin;C:\Program Files\dotnet\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;D:\install\apache-tomcat-8.5.77\bin;D:\install\cmder\vendor\git-for-windows\bin\;D:\install\python3.9.2\Scripts\;D:\install\python3.9.2\;C:\Program Files\MySQL\MySQL Shell 8.0\bin\;C:\Program Files\Java\jdk1.8.0_202\bin;D:\Program Files\Python\Python38\Scripts\;D:\Program Files\Python\Python38\;C:\Users\admin\AppData\Local\Microsoft\WindowsApps;D:\install\sonar-scanner-cli-4.6.0.2311-windows\sonar-scanner-4.6.0.2311-windows\bin;D:\install\apache-maven-3.8.1-bin\apache-maven-3.8.1\bin;D:\install\cmder\vendor\git-for-windows\mingw64\bin;C:\Program Files\JetBrains\PyCharm 2020.1.2\bin;;D:\Program Files\JetBrains\GoLand 2021.1.1\bin;;D:\install\apache-ant-1.10.10\bin;D:\install\gradle-7.0.1\bin;C:\Program Files\JetBrains\IntelliJ IDEA 2020.1.2\bin;;D:\Program Files\Microsoft VS Code\bin;C:\Users\admin\AppData\Roaming\npm;C:\Users\admin\go\bin;D:\Program Files\Go\bin\;C:\Users\admin\.dotnet\tools;C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\Hostx86\x64;D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\bin; -Dcom.fortify.sca.ProjectRoot=C:\Users\admin\AppData\Local/Fortify -Dstdout.isatty=true -Dstderr.isatty=true -Dcom.fortify.sca.PID=5308 -Xmx34359738367 -Dcom.fortify.TotalPhysicalMemory=42739228672 -Xss16M -Dcom.fortify.sca.JVMArgs=-XX:SoftRefLRUPolicyMSPerMB=3000 -Xmx34359738367 -Xss16M -Djava.class.path=D:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.1\Core\lib\exe\sca-exe.jar -b untitile -scan -f untitile.fpr +sun.jnu.encoding=GBK +sun.management.compiler=HotSpot 64-Bit Tiered Compilers +sun.os.patch.level= +sun.stderr.encoding=ms936 +sun.stdout.encoding=ms936 +user.country=CN +user.dir=D:\code\cecloud_code\untitled1 +user.home=C:\Users\admin +user.language=zh +user.name=admin +user.script= +user.timezone=Asia/Shanghai +user.variant= +win32.LocalAppdata=C:\Users\admin\AppData\Local + + + + Commandline Arguments + A listing of all arguments passed to SCA during the analysis phase + -b +untitile +-scan +-f +untitile.fpr + + + + Warnings + A listing of all warnings that occurred during the scan, during both translation and analysis phase + [12003] Assuming Java source level to be 1.8 as it was not specified. Note that the default value may change in future versions. + + + + Issue Count by Category + + Issues By Category + + + + Category + Analysis + + Command Injection + + + Denial of Service + + + Poor Style: Value Never Read + + + System Information Leak + + + Build Misconfiguration: External Maven Dependency Repository + + + J2EE Bad Practices: Leftover Debug Code + + + Poor Error Handling: Overly Broad Catch + + + Unchecked Return Value + + + + + + + Issue Breakdown by Analysis + + Issue by Analysis + + + + Analysis + Analysis + + <none> + + + + + + + New Issues + + New Issues + A list of issues discovered since the previous analysis. + The following issues have been discovered since the last scan. + + + + New Issue + Analysis + + Issue New: 2022-5-9 + + + + + + diff --git a/unittests/scans/gcloud_artifact_scan/many_vulns.json b/unittests/scans/gcloud_artifact_scan/many_vulns.json new file mode 100644 index 00000000000..2ab43ad9617 --- /dev/null +++ b/unittests/scans/gcloud_artifact_scan/many_vulns.json @@ -0,0 +1,514 @@ +{ + "discovery_summary": { + "discovery": [ + { + "createTime": "2023-08-23T16:57:29.302830Z", + "discovery": { + "analysisCompleted": { + "analysisType": [ + "OS", + "GO", + "MAVEN", + "PYPI", + "NPM" + ] + }, + "analysisStatus": "FINISHED_SUCCESS", + "continuousAnalysis": "ACTIVE", + "lastScanTime": "2023-08-23T16:57:34.358092699Z" + }, + "kind": "DISCOVERY", + "name": "projects/test/occurrences/1ae41139-7c9c-4c43-817e-9186d7583563", + "noteName": "projects/goog-analysis/notes/PACKAGE_VULNERABILITY", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.487918Z" + } + ] + }, + "image_summary": { + "digest": "sha256:d2eecb48a0d1c6be1ec96d2d0a52c3b95936c4cdde2208299c04d6106b769658", + "fully_qualified_digest": "northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "registry": "northamerica-northeast1-docker.pkg.dev", + "repository": "testing", + "slsa_build_level": "unknown" + }, + "package_vulnerability_summary": { + "vulnerabilities": { + "CRITICAL": [ + { + "createTime": "2023-08-23T16:57:34.258042Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/17762f5b-88a9-4e15-b92d-ce5b4de56519", + "noteName": "projects/goog-vulnz/notes/CVE-2023-29405", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.258042Z", + "vulnerability": { + "cvssScore": 9.8, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.8, + "confidentialityImpact": "IMPACT_HIGH", + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.19.10", + "kind": "NORMAL", + "name": "1.19.10" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2023-29405" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29405" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2023-29405" + } + }, + { + "createTime": "2023-08-23T16:57:34.195901Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/9375502a-c7a7-4605-88f7-caf1ca8137ae", + "noteName": "projects/goog-vulnz/notes/CVE-2023-29402", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.195901Z", + "vulnerability": { + "cvssScore": 9.8, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.8, + "confidentialityImpact": "IMPACT_HIGH", + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.19.10", + "kind": "NORMAL", + "name": "1.19.10" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2023-29402" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29402" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2023-29402" + } + }, + { + "createTime": "2023-08-23T16:57:34.291202Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/94d3ba5b-8ea5-4df9-9e4b-6719f3549046", + "noteName": "projects/goog-vulnz/notes/CVE-2023-29404", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.291202Z", + "vulnerability": { + "cvssScore": 9.8, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.8, + "confidentialityImpact": "IMPACT_HIGH", + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.19.10", + "kind": "NORMAL", + "name": "1.19.10" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2023-29404" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29404" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2023-29404" + } + }, + { + "createTime": "2023-08-23T16:57:34.110140Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/9534a1c6-84cf-4141-b5d2-3b80fb6935cb", + "noteName": "projects/goog-vulnz/notes/CVE-2023-24540", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.110140Z", + "vulnerability": { + "cvssScore": 9.8, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.8, + "confidentialityImpact": "IMPACT_HIGH", + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.19.9", + "kind": "NORMAL", + "name": "1.19.9" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2023-24540" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2023-24540" + } + }, + { + "createTime": "2023-08-23T16:57:34.290433Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/99c6aa0f-018a-4cc9-bb93-1d90b0dbc97e", + "noteName": "projects/goog-vulnz/notes/CVE-2023-24538", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.290433Z", + "vulnerability": { + "cvssScore": 9.8, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.8, + "confidentialityImpact": "IMPACT_HIGH", + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.19.8", + "kind": "NORMAL", + "name": "1.19.8" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2023-24538" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2023-24538" + } + }, + { + "createTime": "2023-08-23T16:57:33.746649Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/b0e9e452-35cd-4c14-b929-3b5e6b270903", + "noteName": "projects/goog-vulnz/notes/CVE-2022-23806", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:33.746649Z", + "vulnerability": { + "cvssScore": 9.1, + "cvssV2": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "authentication": "AUTHENTICATION_NONE", + "availabilityImpact": "IMPACT_PARTIAL", + "baseScore": 6.4, + "confidentialityImpact": "IMPACT_NONE", + "integrityImpact": "IMPACT_PARTIAL" + }, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 9.1, + "confidentialityImpact": "IMPACT_NONE", + "exploitabilityScore": 3.9, + "impactScore": 5.2, + "integrityImpact": "IMPACT_HIGH", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "CRITICAL", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "CRITICAL", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.17.7", + "kind": "NORMAL", + "name": "1.17.7" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2022-23806" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" + } + ], + "severity": "CRITICAL", + "shortDescription": "CVE-2022-23806" + } + } + ], + "HIGH": [ + { + "createTime": "2023-08-23T16:57:34.166285Z", + "kind": "VULNERABILITY", + "name": "projects/test/occurrences/0339e7f1-7a8a-4a89-b121-65040b8d3c84", + "noteName": "projects/goog-vulnz/notes/CVE-2022-41715", + "resourceUri": "https://northamerica-northeast1-docker.pkg.dev/testing/test-docker/test-image@sha256:deadbeef0000000000000000000000000000000000", + "updateTime": "2023-08-23T16:57:34.166285Z", + "vulnerability": { + "cvssScore": 7.5, + "cvssVersion": "CVSS_VERSION_3", + "cvssv3": { + "attackComplexity": "ATTACK_COMPLEXITY_LOW", + "attackVector": "ATTACK_VECTOR_NETWORK", + "availabilityImpact": "IMPACT_HIGH", + "baseScore": 7.5, + "confidentialityImpact": "IMPACT_NONE", + "exploitabilityScore": 3.9, + "impactScore": 3.6, + "integrityImpact": "IMPACT_NONE", + "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", + "scope": "SCOPE_UNCHANGED", + "userInteraction": "USER_INTERACTION_NONE" + }, + "effectiveSeverity": "HIGH", + "fixAvailable": true, + "longDescription": "NIST vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "packageIssue": [ + { + "affectedCpeUri": "cpe:/o:debian:debian_linux:12", + "affectedPackage": "go", + "affectedVersion": { + "fullName": "1.17.6", + "kind": "NORMAL", + "name": "1.17.6" + }, + "effectiveSeverity": "HIGH", + "fileLocation": [ + { + "filePath": "/tmp/pdscan" + } + ], + "fixAvailable": true, + "fixedCpeUri": "cpe:/o:debian:debian_linux:12", + "fixedPackage": "go", + "fixedVersion": { + "fullName": "1.18.7", + "kind": "NORMAL", + "name": "1.18.7" + }, + "packageType": "GO_STDLIB" + } + ], + "relatedUrls": [ + { + "label": "More Info", + "url": "https://security-tracker.debian.org/tracker/CVE-2022-41715" + }, + { + "label": "More Info", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" + } + ], + "severity": "HIGH", + "shortDescription": "CVE-2022-41715" + } + } + ] + } + } +} \ No newline at end of file diff --git a/unittests/scans/generic/generic_custom_test.json b/unittests/scans/generic/generic_custom_test.json new file mode 100644 index 00000000000..657e83dafbd --- /dev/null +++ b/unittests/scans/generic/generic_custom_test.json @@ -0,0 +1,24 @@ +{ + "name": "Test 1", + "type": "Tool 1", + "findings": [ + { + "title": "test title", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau", + "active": true, + "verified": true, + "severity": "Medium", + "impact": "Some impact", + "date": "2021-01-06", + "cve": "CVE-2020-36234", + "cwe": 261, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "tags": [ + "security", + "network" + ], + "unique_id_from_tool": "3287f2d0-554f-491b-8516-3c349ead8ee5", + "vuln_id_from_tool": "TEST1" + } + ] +} \ No newline at end of file diff --git a/unittests/scans/generic/generic_empty.json b/unittests/scans/generic/generic_empty.json new file mode 100644 index 00000000000..bf6a13f3039 --- /dev/null +++ b/unittests/scans/generic/generic_empty.json @@ -0,0 +1,5 @@ +{ + "findings": [ + {} + ] +} \ No newline at end of file diff --git a/unittests/scans/generic/generic_invalid.json b/unittests/scans/generic/generic_invalid.json new file mode 100644 index 00000000000..f0c9f4c6e2c --- /dev/null +++ b/unittests/scans/generic/generic_invalid.json @@ -0,0 +1,11 @@ +{ + "findings": [ + { + "title": "title", + "severity": "Low", + "description": "description", + "invalid_field": "this is invalid field", + "last_status_update": "this field should not be modified" + } + ] +} \ No newline at end of file diff --git a/unittests/scans/generic/generic_report4.csv b/unittests/scans/generic/generic_report4.csv index c9120dae374..aaa72e19534 100644 --- a/unittests/scans/generic/generic_report4.csv +++ b/unittests/scans/generic/generic_report4.csv @@ -1,5 +1,5 @@ -Title,Description,Severity,Date,Url -Title1,,,28/02/2021,www.example.com -Title2,,,28/02/2021,localhost -Title3,,,28/02/2021,127.0.0.1:80 -Title4,,,28/02/2021,foo.bar/path +Title,Description,Severity,Date,Url,Vulnerability Id +Title1,,,28/02/2021,www.example.com,CVE-2015-9235 +Title2,,,28/02/2021,localhost,GHSA-5mrr-rgp6-x4gr +Title3,,,28/02/2021,127.0.0.1:80, +Title4,,,28/02/2021,foo.bar/path, diff --git a/unittests/scans/generic/generic_report4.json b/unittests/scans/generic/generic_report4.json index e107996992d..11c5ca2be42 100644 --- a/unittests/scans/generic/generic_report4.json +++ b/unittests/scans/generic/generic_report4.json @@ -1,11 +1,18 @@ { "findings": [ { + "title": "title", + "severity": "Low", + "description": "description", "endpoints": [ "www.example.com", "localhost", "127.0.0.1:80", "foo.bar/path" + ], + "vulnerability_ids": [ + "GHSA-5mrr-rgp6-x4gr", + "CVE-2015-9235" ] } ] diff --git a/unittests/scans/ggshield/many_findings.json b/unittests/scans/ggshield/many_findings.json new file mode 100755 index 00000000000..e495f22fa8d --- /dev/null +++ b/unittests/scans/ggshield/many_findings.json @@ -0,0 +1,108 @@ +{ + "id": "54c2793a-89f2-4480-8468-ad042349357b", + "type": "commit-range", + "scans": [ + { + "id": "03a2bf6cba491559f8b760a2c9bf8dd9f53916a0", + "type": "commit", + "entities_with_incidents": [ + { + "mode": "NEW", + "filename": "wapf/settings.py", + "incidents": [ + { + "policy": "Secrets detection", + "occurrences": [ + { + "match": "&dtzi36g3***************-*****+**********ljel3*ji5", + "type": "apikey", + "line_start": 23, + "line_end": 23, + "index_start": 14, + "index_end": 64, + "post_line_start": 23, + "post_line_end": 23 + } + ], + "type": "Django Secret Key", + "validity": "no_checker", + "ignore_sha": "06b15f1d8c0095386c7bbc4f423f5ec30b41b22b1565a836e55b978202ba569b", + "total_occurrences": 1 + } + ], + "total_incidents": 1, + "total_occurrences": 1 + } + ], + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Sat Mar 13 17:42:00 2021 +0530" + }, + "total_incidents": 1, + "total_occurrences": 1 + }, + { + "id": "8f388be3452f8d9f20ed788c94ebc11faa8ae7b6", + "type": "commit", + "entities_with_incidents": [ + { + "mode": "MODIFY", + "filename": "wapf/settings.py", + "incidents": [ + { + "policy": "Secrets detection", + "occurrences": [ + { + "match": "&dtzi36g3***************-*****+**********ljel3*ji5", + "type": "apikey", + "line_start": null, + "line_end": null, + "index_start": 31, + "index_end": 81 + } + ], + "type": "Django Secret Key", + "validity": "no_checker", + "ignore_sha": "06b15f1d8c0095386c7bbc4f423f5ec30b41b22b1565a836e55b978202ba569b", + "total_occurrences": 1 + } + ], + "total_incidents": 1, + "total_occurrences": 1 + } + ], + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Mon Jul 5 12:54:43 2021 +0530" + }, + "total_incidents": 1, + "total_occurrences": 1 + }, + { + "id": "4e98ab3bef98720f1e3b8516fe26e9ed364aae6c", + "type": "commit", + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Sun May 16 21:54:07 2021 +0530" + }, + "total_incidents": 0, + "total_occurrences": 0 + }, + { + "id": "890170cbbfd8331c406e288136036fe8d85b57fa", + "type": "commit", + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Thu Apr 1 23:16:15 2021 +0530" + }, + "total_incidents": 0, + "total_occurrences": 0 + } + ], + "total_incidents": 2, + "total_occurrences": 2 +} \ No newline at end of file diff --git a/unittests/scans/ggshield/no_finding.json b/unittests/scans/ggshield/no_finding.json new file mode 100755 index 00000000000..37dc51892b7 --- /dev/null +++ b/unittests/scans/ggshield/no_finding.json @@ -0,0 +1,30 @@ +{ + "id": "54c2793a-89f2-4480-8468-ad042349357b", + "type": "commit-range", + "scans": [ + { + "id": "2eb228870f21f9da5eece8fdbc72f41f1cb56360", + "type": "commit", + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Thu Mar 25 22:46:08 2021 +0530" + }, + "total_incidents": 0, + "total_occurrences": 0 + }, + { + "id": "1618bd930e893442f9d0f2a9cc220a18e200db78", + "type": "commit", + "extra_info": { + "author": "iamnihal", + "email": "nihalcyberdude@gmail.com", + "date": "Fri Mar 26 17:58:18 2021 +0530" + }, + "total_incidents": 0, + "total_occurrences": 0 + } + ], + "total_incidents": 0, + "total_occurrences": 0 +} \ No newline at end of file diff --git a/unittests/scans/ggshield/one_finding.json b/unittests/scans/ggshield/one_finding.json new file mode 100755 index 00000000000..ffd9eab9715 --- /dev/null +++ b/unittests/scans/ggshield/one_finding.json @@ -0,0 +1,46 @@ +{ + "id": "54c2793a-89f2-4480-8468-ad042349357b", + "type": "commit-range", + "scans": [ + { + "id": "8f388be3452f8d9f20ed788c94ebc11faa8ae7b6", + "type": "commit", + "entities_with_incidents": [ + { + "mode": "MODIFY", + "filename": "wapf/settings.py", + "incidents": [ + { + "policy": "Secrets detection", + "occurrences": [ + { + "match": "&dtzi36g3***************-*****+**********ljel3*ji5", + "type": "apikey", + "line_start": null, + "line_end": null, + "index_start": 31, + "index_end": 81 + } + ], + "type": "Django Secret Key", + "validity": "no_checker", + "ignore_sha": "06b15f1d8c0095386c7bbc4f423f5ec30b41b22b1565a836e55b978202ba569b", + "total_occurrences": 1 + } + ], + "total_incidents": 1, + "total_occurrences": 1 + } + ], + "extra_info": { + "author": "iamnihal", + "email": "infosec.nihal@gmail.com", + "date": "Mon Jul 5 12:54:43 2021 +0530" + }, + "total_incidents": 1, + "total_occurrences": 1 + } + ], + "total_incidents": 1, + "total_occurrences": 1 +} \ No newline at end of file diff --git a/unittests/scans/github_vulnerability/github-1-vuln-repo-dependabot-link.json b/unittests/scans/github_vulnerability/github-1-vuln-repo-dependabot-link.json new file mode 100644 index 00000000000..4c493c8360a --- /dev/null +++ b/unittests/scans/github_vulnerability/github-1-vuln-repo-dependabot-link.json @@ -0,0 +1,46 @@ +{ + "data": { + "repository": { + "nameWithOwner": "OWASP/test-repository", + "search": { + "nodes": [ + { + "vulnerabilityAlerts": { + "nodes": [ + { + "id": "aabbccddeeff1122334401", + "number": "1", + "securityVulnerability": { + "severity": "CRITICAL", + "package": { + "name": "package" + }, + "advisory": { + "description": "This is a sample description for sample description from Github API.", + "summary": "Critical severity vulnerability that affects package", + "identifiers": [ + { + "type": "TEST_SOURCE_1", + "value": "TEST-aaaa-bbbb-cccc" + }, + { + "type": "TEST_SOURCE_2", + "value": "TEST-1111-2222-3333" + } + ], + "references": [ + { + "url": "https://help.github.com/en/github/managing-security-vulnerabilities" + } + ] + } + } + } + ] + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/unittests/scans/github_vulnerability/github-vuln-version.json b/unittests/scans/github_vulnerability/github-vuln-version.json new file mode 100644 index 00000000000..e80afe7e583 --- /dev/null +++ b/unittests/scans/github_vulnerability/github-vuln-version.json @@ -0,0 +1,106 @@ +{ + "data": { + "repository": { + "vulnerabilityAlerts": { + "nodes": [ + { + "id": "RVA_kwDOLJyUo88AAAABQUWapw", + "createdAt": "2024-01-26T02:42:32Z", + "vulnerableManifestPath": "sompath/pom.xml", + "securityVulnerability": { + "severity": "CRITICAL", + "updatedAt": "2022-12-09T22:02:22Z", + "package": { + "name": "org.springframework:spring-web", + "ecosystem": "MAVEN" + }, + "firstPatchedVersion": { + "identifier": "6.0.0" + }, + "vulnerableVersionRange": "< 6.0.0", + "advisory": { + "description": "Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.\n\nMaintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, version 5.3.0 [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/issues/25379) and version 6.0.0 [removed it entirely](https://github.com/spring-projects/spring-framework/issues/27422).", + "summary": "Pivotal Spring Framework contains unsafe Java deserialization methods", + "identifiers": [ + { + "value": "GHSA-4wrc-f8pq-fpqp", + "type": "GHSA" + }, + { + "value": "CVE-2016-1000027", + "type": "CVE" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000027" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000027" + }, + { + "url": "https://www.tenable.com/security/research/tra-2016-20" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/24434" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-1231625331" + }, + { + "url": "https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa" + }, + { + "url": "https://support.contrastsecurity.com/hc/en-us/articles/4402400830612-Spring-web-Java-Deserialization-CVE-2016-1000027" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/21680" + }, + { + "url": "https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f" + }, + { + "url": "https://jira.spring.io/browse/SPR-17143?redirect=false" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417" + }, + { + "url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230420-0009/" + }, + { + "url": "https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now" + }, + { + "url": "https://github.com/advisories/GHSA-4wrc-f8pq-fpqp" + } + ], + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + } + }, + "state": "OPEN", + "vulnerableManifestFilename": "pom.xml", + "vulnerableRequirements": "= 5.3.29", + "number": 1, + "dependencyScope": "RUNTIME", + "dismissComment": null, + "dismissReason": null, + "dismissedAt": null, + "fixedAt": null + } + ] + } + } + } +} diff --git a/unittests/scans/github_vulnerability/github_h2.json b/unittests/scans/github_vulnerability/github_h2.json new file mode 100644 index 00000000000..89a4e72b0bd --- /dev/null +++ b/unittests/scans/github_vulnerability/github_h2.json @@ -0,0 +1 @@ +{"data":{"repository":{"vulnerabilityAlerts":{"nodes":[{"createdAt":"2022-05-09T09:43:40Z","dismissedAt":null,"id":"RVA_kwDOAQoNos6MAo1b","vulnerableManifestPath":"apache/cxf/syncope/cxf-syncope/pom.xml", "securityVulnerability":{"severity":"CRITICAL","package":{"name":"com.h2database:h2"},"advisory":{"description":"### Impact\nH2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI.\n\nH2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet).\n\nIt is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users.\n\n### Patches\nSince version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used.\n\n### Workarounds\nH2 Console should never be available to untrusted users.\n\n`-webAllowOthers` is a dangerous setting that should be avoided.\n\nH2 Console Servlet deployed on a web server can be protected with a security constraint:\nhttps://h2database.com/html/tutorial.html#usingH2ConsoleServlet\nIf `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details.\n\n### References\nThis issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\n","summary":"RCE in H2 Console","identifiers":[{"type":"GHSA","value":"GHSA-h376-j262-vhq6"},{"type":"CVE","value":"CVE-2021-42392"}],"cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"cwes":{"nodes":[{"cweId":"CWE-502"}]},"references":[{"url":"https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"},{"url":"https://github.com/h2database/h2database/releases/tag/version-2.0.206"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42392"},{"url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"},{"url":"https://security.netapp.com/advisory/ntap-20220119-0001/"},{"url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"},{"url":"https://www.debian.org/security/2022/dsa-5076"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://github.com/advisories/GHSA-h376-j262-vhq6"}]}}}]}}}} diff --git a/unittests/scans/github_vulnerability/github_search4_null_cvss_vector.json b/unittests/scans/github_vulnerability/github_search4_null_cvss_vector.json new file mode 100644 index 00000000000..5209756c457 --- /dev/null +++ b/unittests/scans/github_vulnerability/github_search4_null_cvss_vector.json @@ -0,0 +1,84 @@ +{ + "data": { + "repository": { + "vulnerabilityAlerts": { + "nodes": [ + { + "id": "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQyMDg2Nzc5NzY=", + "createdAt": "2020-01-06T19:15:41Z", + "securityVulnerability": { + "severity": "CRITICAL", + "package": { + "name": "log4j:log4j", + "ecosystem": "MAVEN" + }, + "advisory": { + "description": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.\n\nUsers are advised to migrate to `org.apache.logging.log4j:log4j-core`", + "summary": "Deserialization of Untrusted Data in Log4j", + "identifiers": [ + { + "value": "GHSA-2qrg-x229-3v8q", + "type": "GHSA" + }, + { + "value": "CVE-2019-17571", + "type": "CVE" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17571" + }, + { + "url": "https://github.com/advisories/GHSA-2qrg-x229-3v8q" + } + ], + "cvss": { + "vectorString": null + } + } + }, + "vulnerableManifestPath": "gogoph-crawler/pom.xml" + }, + { + "id": "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQ1NTE5NTI2OTM=", + "createdAt": "2021-03-16T13:26:31Z", + "securityVulnerability": { + "severity": "CRITICAL", + "package": { + "name": "log4j:log4j", + "ecosystem": "MAVEN" + }, + "advisory": { + "description": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.\n\nUsers are advised to migrate to `org.apache.logging.log4j:log4j-core`", + "summary": "Deserialization of Untrusted Data in Log4j", + "identifiers": [ + { + "value": "GHSA-2qrg-x229-3v8q", + "type": "GHSA" + }, + { + "value": "CVE-2019-17571", + "type": "CVE" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17571" + }, + { + "url": "https://github.com/advisories/GHSA-2qrg-x229-3v8q" + } + ], + "cvss": { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + } + }, + "vulnerableManifestPath": "gogoph/pom.xml" + } + ] + } + } + } +} diff --git a/unittests/scans/github_vulnerability/github_shiro.json b/unittests/scans/github_vulnerability/github_shiro.json new file mode 100644 index 00000000000..a2640ffe01d --- /dev/null +++ b/unittests/scans/github_vulnerability/github_shiro.json @@ -0,0 +1 @@ +{"data":{"repository":{"vulnerabilityAlerts":{"nodes":[{"createdAt":"2021-09-20T20:33:13Z","dismissedAt":null,"id":"RVA_kwDOAQoNos5VQZSk","vulnerableManifestPath":"apache/cxf/cxf-shiro/pom.xml","state":"FIXED","securityVulnerability":{"severity":"CRITICAL","package":{"name":"org.apache.shiro:shiro-core"},"advisory":{"description":"Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.","summary":"Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass","identifiers":[{"type":"GHSA","value":"GHSA-f6jp-j6w3-w9hm"},{"type":"CVE","value":"CVE-2021-41303"}],"cvss":{"score":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"cwes":{"nodes":[{"cweId":"CWE-287"}]},"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41303"},{"url":"https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E"},{"url":"https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E"},{"url":"https://security.netapp.com/advisory/ntap-20220609-0001/"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"url":"https://github.com/advisories/GHSA-f6jp-j6w3-w9hm"}]}}}]}}}} diff --git a/unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln.json b/unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln.json rename to unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v14.json diff --git a/unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v15.json b/unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v15.json new file mode 100644 index 00000000000..dab08a0a472 --- /dev/null +++ b/unittests/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v15.json @@ -0,0 +1,40 @@ +{ + "version": "3.0", + "vulnerabilities": [ + { + "id": "c83603d0befefe01644abdda1abbfaac842fccbabfbe336db9f370386e40f702", + "name": "name", + "cve": "", + "severity": "Low", + "location": { + "crash_type": "Index-out-of-range", + "crash_state": "go-fuzzing-example.ParseComplex.func6\ngo-fuzzing-example.ParseComplex\ngo-fuzzing-example.Fuzz\n", + "stacktrace_snippet": "INFO: Seed: 1156723483\nINFO: 65536 Extra Counters\nINFO: 2 files found in corpus\nINFO: 1 files found in ./seed_corpus\nINFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes\nINFO: seed corpus: files: 3 min: 1b max: 6b total: 8b rss: 38Mb\n#4\tINITED ft: 11 corp: 2/7b lim: 4 exec/s: 0 rss: 39Mb\n#32768\tpulse ft: 11 corp: 2/7b lim: 33 exec/s: 10922 rss: 39Mb\npanic: runtime error: index out of range [6] with length 6\n\ngoroutine 17 [running, locked to thread]:\ngitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example.ParseComplex.func6(...)\n\t/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/parse_complex.go:5\ngitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example.ParseComplex(0x2e9a6b0, 0x6, 0x6, 0x7ffe97693e20)\n\t/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/parse_complex.go:5 +0x1b8\ngitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example.Fuzz(...)\n\t/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/parse_complex_fuzz.go:6\nmain.LLVMFuzzerTestOneInput(0x2e9a6b0, 0x6, 0x18)\n\tgitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/go.fuzz.main/main.go:35 +0x85\nmain._cgoexpwrap_12b3abfc237e_LLVMFuzzerTestOneInput(0x2e9a6b0, 0x6, 0x5a4d80)\n\t_cgo_gotypes.go:64 +0x37\n==1330== ERROR: libFuzzer: deadly signal\n #0 0x450ddf in __sanitizer_print_stack_trace (/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/fuzzer+0x450ddf)\n #1 0x430f4b in fuzzer::PrintStackTrace() (/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/fuzzer+0x430f4b)\n #2 0x414b7b in fuzzer::Fuzzer::CrashCallback() (/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/fuzzer+0x414b7b)\n #3 0x414b3f in fuzzer::Fuzzer::StaticCrashSignalCallback() (/builds/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/fuzzer+0x414b3f)\n #4 0x7f3eae9b372f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1272f)\n #5 0x4b3a80 in runtime.raise runtime/sys_linux_amd64.s:164\n\nNOTE: libFuzzer has rudimentary signal handlers.\n Combine libFuzzer with AddressSanitizer or similar for better crash reports.\nSUMMARY: libFuzzer: deadly signal\nMS: 1 ChangeByte-; base unit: 7442c1f343cf72f63e3f35bb1dcb221390e01080\n0x46,0x55,0x5a,0x5a,0x49,0x4e,\nFUZZIN\nartifact_prefix='./crashes/'; Test unit written to ./crashes/crash-14b5f09dd74fe15430d803af773ba09a0524670d\nBase64: RlVaWklO\nstat::number_of_executed_units: 47920\nstat::average_exec_per_sec: 11980\nstat::new_units_added: 0\nstat::slowest_unit_time_sec: 0\nstat::peak_rss_mb: 40\n" + }, + "identifiers": [ + { + "type": "cwe", + "name": "Index-out-of-range", + "value": "129", + "url": "https://cwe.mitre.org/data/definitions/129.html" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "libfuzzer", + "name": "libfuzzer", + "url": "https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing", + "vendor": { + "name": "GitLab" + }, + "version": "f248ff98" + }, + "type": "coverage_fuzzing", + "start_time": "2021-02-08T12:19:48", + "end_time": "2021-02-08T12:19:54", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln.json b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln.json rename to unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v14.json diff --git a/unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v15.json b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v15.json new file mode 100644 index 00000000000..faa41d59ea9 --- /dev/null +++ b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v15.json @@ -0,0 +1,80 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "df52bc8ce9a2ae56bbcb0c4ecda62123fbd6f69b", + "description": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.", + "severity": "High", + "solution": "Upgrade apt from 1.4.8 to 1.4.9", + "location": { + "dependency": { + "package": { + "name": "apt" + }, + "version": "1.4.8" + }, + "operating_system": "debian:9.4", + "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2019-3462", + "value": "CVE-2019-3462", + "url": "http://www.securityfocus.com/bid/106690" + } + ], + "links": [ + { + "url": "http://www.securityfocus.com/bid/106690" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462" + }, + { + "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" + }, + { + "url": "https://usn.ubuntu.com/3863-1/" + }, + { + "url": "https://usn.ubuntu.com/3863-2/" + }, + { + "url": "https://usn.ubuntu.com/usn/usn-3863-1" + }, + { + "url": "https://usn.ubuntu.com/usn/usn-3863-2" + }, + { + "url": "https://www.debian.org/security/2019/dsa-4371" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "trivy", + "name": "Trivy", + "url": "https://github.com/aquasecurity/trivy/", + "vendor": { + "name": "GitLab" + }, + "version": "0.16.0" + }, + "type": "container_scanning", + "start_time": "2021-04-14T19:45:58", + "end_time": "2021-04-14T19:46:18", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln.json b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln.json rename to unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v14.json diff --git a/unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v15.json b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v15.json new file mode 100644 index 00000000000..18ca9de15e2 --- /dev/null +++ b/unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v15.json @@ -0,0 +1,206 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "e3923d3ecd659db1569dd8f10768189b9220cce7", + "description": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.", + "cve": "CVE-2020-1751", + "severity": "High", + "solution": "No solution provided", + "location": { + "dependency": { "package": { "name": "libc6" }, "version": "2.28-10" }, + "operating_system": "debian 10.9", + "image": "registry/vulnerable-project:latest" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2020-1751", + "value": "CVE-2020-1751", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751" + } + ], + "links": [ + { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751" }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751" + }, + { "url": "https://linux.oracle.com/cve/CVE-2020-1751.html" }, + { "url": "https://linux.oracle.com/errata/ELSA-2020-4444.html" }, + { "url": "https://security.gentoo.org/glsa/202006-04" }, + { "url": "https://security.netapp.com/advisory/ntap-20200430-0002/" }, + { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423" }, + { "url": "https://usn.ubuntu.com/4416-1/" }, + { "url": "https://usn.ubuntu.com/usn/usn-4416-1" } + ] + }, + { + "id": "539b91e1bbb1c1a89cd34310c462e113b55a3a47", + "description": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", + "cve": "CVE-2020-1752", + "severity": "High", + "solution": "No solution provided", + "location": { + "dependency": { "package": { "name": "libc6" }, "version": "2.28-10" }, + "operating_system": "debian 10.9", + "image": "registry/vulnerable-project:latest" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2020-1752", + "value": "CVE-2020-1752", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752" + } + ], + "links": [ + { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752" }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752" + }, + { "url": "https://linux.oracle.com/cve/CVE-2020-1752.html" }, + { "url": "https://linux.oracle.com/errata/ELSA-2020-4444.html" }, + { "url": "https://security.gentoo.org/glsa/202101-20" }, + { "url": "https://security.netapp.com/advisory/ntap-20200511-0005/" }, + { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25414" }, + { + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c" + }, + { "url": "https://usn.ubuntu.com/4416-1/" }, + { "url": "https://usn.ubuntu.com/usn/usn-4416-1" } + ] + }, + { + "id": "c10ff6acb5bda2aa0917b507d15dcc5084231995", + "description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.", + "cve": "CVE-2021-3326", + "severity": "High", + "solution": "No solution provided", + "location": { + "dependency": { "package": { "name": "libc6" }, "version": "2.28-10" }, + "operating_system": "debian 10.9", + "image": "registry/vulnerable-project:latest" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-3326", + "value": "CVE-2021-3326", + "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2" + } + ], + "links": [ + { "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2" }, + { "url": "https://linux.oracle.com/cve/CVE-2021-3326.html" }, + { "url": "https://linux.oracle.com/errata/ELSA-2021-1585.html" }, + { "url": "https://security.netapp.com/advisory/ntap-20210304-0007/" }, + { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256" }, + { + "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888" + } + ] + }, + { + "id": "9b3644fda668e8cff802e55229ec84bf142a62e3", + "description": "The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", + "cve": "CVE-2021-33574", + "severity": "High", + "solution": "No solution provided", + "location": { + "dependency": { "package": { "name": "libc6" }, "version": "2.28-10" }, + "operating_system": "debian 10.9", + "image": "registry/vulnerable-project:latest" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-33574", + "value": "CVE-2021-33574", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896" + } + ], + "links": [ + { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896" } + ] + }, + { + "id": "e06a8d6ae0aabb679a54fdd4082ff78b96c2f9fd", + "description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", + "cve": "CVE-2019-25013", + "severity": "Medium", + "solution": "No solution provided", + "location": { + "dependency": { "package": { "name": "libc6" }, "version": "2.28-10" }, + "operating_system": "debian 10.9", + "image": "registry/vulnerable-project:latest" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2019-25013", + "value": "CVE-2019-25013", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013" + } + ], + "links": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013" + }, + { "url": "https://linux.oracle.com/cve/CVE-2019-25013.html" }, + { "url": "https://linux.oracle.com/errata/ELSA-2021-1585.html" }, + { + "url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" + }, + { "url": "https://security.netapp.com/advisory/ntap-20210205-0004/" }, + { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973" }, + { + "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "trivy", + "name": "Trivy", + "url": "https://github.com/aquasecurity/trivy/", + "vendor": { "name": "GitLab" }, + "version": "0.16.0" + }, + "type": "container_scanning", + "start_time": "2021-06-01T21:20:59", + "end_time": "2021-06-01T21:21:00", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_container_scan/issue6639_v14.json b/unittests/scans/gitlab_container_scan/issue6639_v14.json new file mode 100644 index 00000000000..ff1c5a21dc0 --- /dev/null +++ b/unittests/scans/gitlab_container_scan/issue6639_v14.json @@ -0,0 +1,5834 @@ +{ + "version": "14.0.6", + "vulnerabilities": [ + { + "id": "CVE-2022-28391", + "category": "container_scanning", + "message": "busybox: remote attackers may execute arbitrary code if netstat is used", + "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", + "cve": "CVE-2022-28391", + "severity": "Critical", + "solution": "Upgrade busybox to 1.34.1-r5", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "busybox" + }, + "version": "1.34.1-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-28391", + "value": "CVE-2022-28391", + "url": "https://avd.aquasec.com/nvd/cve-2022-28391" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-28391" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" + },{ + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" + } + ] + }, + { + "id": "CVE-2022-32207", + "category": "container_scanning", + "message": "curl: Unpreserved file permissions", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "category": "container_scanning", + "message": "curl: OAUTH2 bearer bypass in connection re-use", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "category": "container_scanning", + "message": "curl: bad local IPv6 connection reuse", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "category": "container_scanning", + "message": "curl: percent-encoded path separator in URL host", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "category": "container_scanning", + "message": "curl: CERTINFO never-ending busy-loop", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "category": "container_scanning", + "message": "curl: TLS and SSH connection too eager reuse", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "category": "container_scanning", + "message": "curl: credential leak on redirect", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "category": "container_scanning", + "message": "curl: auth/cookie leak on redirect", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "category": "container_scanning", + "message": "curl: Set-Cookie denial of service", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "category": "container_scanning", + "message": "curl: HTTP compression denial of service", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "category": "container_scanning", + "message": "curl: FTP-KRB bad message verification", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-32207", + "category": "container_scanning", + "message": "curl: Unpreserved file permissions", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "category": "container_scanning", + "message": "curl: OAUTH2 bearer bypass in connection re-use", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "category": "container_scanning", + "message": "curl: bad local IPv6 connection reuse", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "category": "container_scanning", + "message": "curl: percent-encoded path separator in URL host", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "category": "container_scanning", + "message": "curl: CERTINFO never-ending busy-loop", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "category": "container_scanning", + "message": "curl: TLS and SSH connection too eager reuse", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "category": "container_scanning", + "message": "curl: credential leak on redirect", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "category": "container_scanning", + "message": "curl: auth/cookie leak on redirect", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "category": "container_scanning", + "message": "curl: Set-Cookie denial of service", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "category": "container_scanning", + "message": "curl: HTTP compression denial of service", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "category": "container_scanning", + "message": "curl: FTP-KRB bad message verification", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-24407", + "category": "container_scanning", + "message": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands", + "description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "cve": "CVE-2022-24407", + "severity": "High", + "solution": "Upgrade cyrus-sasl-dev to 2.1.28-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "cyrus-sasl-dev" + }, + "version": "2.1.27-r14" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24407", + "value": "CVE-2022-24407", + "url": "https://avd.aquasec.com/nvd/cve-2022-24407" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24407" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407" + },{ + "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-24407.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9239.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-2" + },{ + "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" + },{ + "url": "https://www.debian.org/security/2022/dsa-5087" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-25235", + "category": "container_scanning", + "message": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution", + "description": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", + "cve": "CVE-2022-25235", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25235", + "value": "CVE-2022-25235", + "url": "https://avd.aquasec.com/nvd/cve-2022-25235" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25235" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562/commits/367ae600b48d74261bbc339b17e9318424049791 (fix)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562/commits/97cfdc3fa7dca759880d81e371901f4620279106 (tests)" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25235.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5288-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25236", + "category": "container_scanning", + "message": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution", + "description": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", + "cve": "CVE-2022-25236", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25236", + "value": "CVE-2022-25236", + "url": "https://avd.aquasec.com/nvd/cve-2022-25236" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/errata/RHSA-2022:0951" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25236" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://bugzilla.redhat.com/2044451" + },{ + "url": "https://bugzilla.redhat.com/2044455" + },{ + "url": "https://bugzilla.redhat.com/2044457" + },{ + "url": "https://bugzilla.redhat.com/2044464" + },{ + "url": "https://bugzilla.redhat.com/2044467" + },{ + "url": "https://bugzilla.redhat.com/2044479" + },{ + "url": "https://bugzilla.redhat.com/2044484" + },{ + "url": "https://bugzilla.redhat.com/2044488" + },{ + "url": "https://bugzilla.redhat.com/2044613" + },{ + "url": "https://bugzilla.redhat.com/2056363" + },{ + "url": "https://bugzilla.redhat.com/2056366" + },{ + "url": "https://bugzilla.redhat.com/2056370" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-0951.html" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/577" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25236.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5288-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25315", + "category": "container_scanning", + "message": "expat: Integer overflow in storeRawNames()", + "description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", + "cve": "CVE-2022-25315", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25315", + "value": "CVE-2022-25315", + "url": "https://avd.aquasec.com/nvd/cve-2022-25315" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/errata/RHSA-2022:0951" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25315" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://bugzilla.redhat.com/2044451" + },{ + "url": "https://bugzilla.redhat.com/2044455" + },{ + "url": "https://bugzilla.redhat.com/2044457" + },{ + "url": "https://bugzilla.redhat.com/2044464" + },{ + "url": "https://bugzilla.redhat.com/2044467" + },{ + "url": "https://bugzilla.redhat.com/2044479" + },{ + "url": "https://bugzilla.redhat.com/2044484" + },{ + "url": "https://bugzilla.redhat.com/2044488" + },{ + "url": "https://bugzilla.redhat.com/2044613" + },{ + "url": "https://bugzilla.redhat.com/2056363" + },{ + "url": "https://bugzilla.redhat.com/2056366" + },{ + "url": "https://bugzilla.redhat.com/2056370" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-0951.html" + },{ + "url": "https://github.com/libexpat/libexpat/pull/559" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25315.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25314", + "category": "container_scanning", + "message": "expat: integer overflow in copyString()", + "description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", + "cve": "CVE-2022-25314", + "severity": "High", + "solution": "Upgrade expat to 2.4.5-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25314", + "value": "CVE-2022-25314", + "url": "https://avd.aquasec.com/nvd/cve-2022-25314" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25314" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" + },{ + "url": "https://github.com/libexpat/libexpat/pull/560" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25314.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5314.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25313", + "category": "container_scanning", + "message": "expat: stack exhaustion in doctype parsing", + "description": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", + "cve": "CVE-2022-25313", + "severity": "Medium", + "solution": "Upgrade expat to 2.4.5-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25313", + "value": "CVE-2022-25313", + "url": "https://avd.aquasec.com/nvd/cve-2022-25313" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25313" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" + },{ + "url": "https://github.com/libexpat/libexpat/pull/558" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25313.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5314.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-27404", + "category": "container_scanning", + "message": "FreeType: Buffer Overflow", + "description": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", + "cve": "CVE-2022-27404", + "severity": "Critical", + "solution": "Upgrade freetype to 2.11.1-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27404", + "value": "CVE-2022-27404", + "url": "https://avd.aquasec.com/nvd/cve-2022-27404" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27404" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27404" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-27405", + "category": "container_scanning", + "message": "FreeType: Segementation Fault", + "description": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", + "cve": "CVE-2022-27405", + "severity": "High", + "solution": "Upgrade freetype to 2.11.1-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27405", + "value": "CVE-2022-27405", + "url": "https://avd.aquasec.com/nvd/cve-2022-27405" + } + ], + "links": [{ + "url": "http://freetype.com" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27405" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27405" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-27406", + "category": "container_scanning", + "message": "Freetype: Segmentation violation", + "description": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", + "cve": "CVE-2022-27406", + "severity": "High", + "solution": "Upgrade freetype to 2.11.1-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27406", + "value": "CVE-2022-27406", + "url": "https://avd.aquasec.com/nvd/cve-2022-27406" + } + ], + "links": [{ + "url": "http://freetype.com" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27406" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27406" + },{ + "url": "https://ubuntu.com/security/notices/USN-5453-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-24765", + "category": "container_scanning", + "message": "git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade git to 2.34.2-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "category": "container_scanning", + "message": "git: Bypass of safe.directory protections", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade git to 2.34.4-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2022-24765", + "category": "container_scanning", + "message": "git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade git-perl to 2.34.2-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "git-perl" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "category": "container_scanning", + "message": "git: Bypass of safe.directory protections", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade git-perl to 2.34.4-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "git-perl" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2021-37750", + "category": "container_scanning", + "message": "krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field", + "description": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.", + "cve": "CVE-2021-37750", + "severity": "Medium", + "solution": "Upgrade krb5-libs to 1.19.3-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "krb5-libs" + }, + "version": "1.19.2-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-37750", + "value": "CVE-2021-37750", + "url": "https://avd.aquasec.com/nvd/cve-2021-37750" + } + ], + "links": [{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2021-37750" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750" + },{ + "url": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49" + },{ + "url": "https://github.com/krb5/krb5/releases" + },{ + "url": "https://linux.oracle.com/cve/CVE-2021-37750.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2021-4788.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37750" + },{ + "url": "https://security.netapp.com/advisory/ntap-20210923-0002/" + },{ + "url": "https://web.mit.edu/kerberos/advisories/" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-0778", + "category": "container_scanning", + "message": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libcrypto1.1 to 1.1.1n-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcrypto1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "category": "container_scanning", + "message": "openssl: AES OCB fails to encrypt some bytes", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade libcrypto1.1 to 1.1.1q-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcrypto1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-32207", + "category": "container_scanning", + "message": "curl: Unpreserved file permissions", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "category": "container_scanning", + "message": "curl: OAUTH2 bearer bypass in connection re-use", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "category": "container_scanning", + "message": "curl: bad local IPv6 connection reuse", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "category": "container_scanning", + "message": "curl: percent-encoded path separator in URL host", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "category": "container_scanning", + "message": "curl: CERTINFO never-ending busy-loop", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "category": "container_scanning", + "message": "curl: TLS and SSH connection too eager reuse", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "category": "container_scanning", + "message": "curl: credential leak on redirect", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "category": "container_scanning", + "message": "curl: auth/cookie leak on redirect", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "category": "container_scanning", + "message": "curl: Set-Cookie denial of service", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "category": "container_scanning", + "message": "curl: HTTP compression denial of service", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "category": "container_scanning", + "message": "curl: FTP-KRB bad message verification", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-0778", + "category": "container_scanning", + "message": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libretls to 3.3.4-r3", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libretls" + }, + "version": "3.3.4-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-24407", + "category": "container_scanning", + "message": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands", + "description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "cve": "CVE-2022-24407", + "severity": "High", + "solution": "Upgrade libsasl to 2.1.28-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libsasl" + }, + "version": "2.1.27-r14" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24407", + "value": "CVE-2022-24407", + "url": "https://avd.aquasec.com/nvd/cve-2022-24407" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24407" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407" + },{ + "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-24407.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9239.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-2" + },{ + "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" + },{ + "url": "https://www.debian.org/security/2022/dsa-5087" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-0778", + "category": "container_scanning", + "message": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libssl1.1 to 1.1.1n-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libssl1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "category": "container_scanning", + "message": "openssl: AES OCB fails to encrypt some bytes", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade libssl1.1 to 1.1.1q-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libssl1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-23308", + "category": "container_scanning", + "message": "libxml2: Use-after-free of ID and IDREF attributes", + "description": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", + "cve": "CVE-2022-23308", + "severity": "High", + "solution": "Upgrade libxml2 to 2.9.13-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libxml2" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-23308", + "value": "CVE-2022-23308", + "url": "https://avd.aquasec.com/nvd/cve-2022-23308" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/34" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/36" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/37" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-23308" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308" + },{ + "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-23308.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-0899.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" + },{ + "url": "https://support.apple.com/kb/HT213253" + },{ + "url": "https://support.apple.com/kb/HT213254" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://support.apple.com/kb/HT213258" + },{ + "url": "https://ubuntu.com/security/notices/USN-5324-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-29824", + "category": "container_scanning", + "message": "libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write", + "description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", + "cve": "CVE-2022-29824", + "severity": "Medium", + "solution": "Upgrade libxml2 to 2.9.14-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libxml2" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29824", + "value": "CVE-2022-29824", + "url": "https://avd.aquasec.com/nvd/cve-2022-29824" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29824" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-29824.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5317.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5142" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-23308", + "category": "container_scanning", + "message": "libxml2: Use-after-free of ID and IDREF attributes", + "description": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", + "cve": "CVE-2022-23308", + "severity": "High", + "solution": "Upgrade libxml2-dev to 2.9.13-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libxml2-dev" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-23308", + "value": "CVE-2022-23308", + "url": "https://avd.aquasec.com/nvd/cve-2022-23308" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/34" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/36" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/37" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-23308" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308" + },{ + "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-23308.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-0899.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" + },{ + "url": "https://support.apple.com/kb/HT213253" + },{ + "url": "https://support.apple.com/kb/HT213254" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://support.apple.com/kb/HT213258" + },{ + "url": "https://ubuntu.com/security/notices/USN-5324-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-29824", + "category": "container_scanning", + "message": "libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write", + "description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", + "cve": "CVE-2022-29824", + "severity": "Medium", + "solution": "Upgrade libxml2-dev to 2.9.14-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libxml2-dev" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29824", + "value": "CVE-2022-29824", + "url": "https://avd.aquasec.com/nvd/cve-2022-29824" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29824" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-29824.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5317.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5142" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2021-30560", + "category": "container_scanning", + "message": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...", + "description": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "cve": "CVE-2021-30560", + "severity": "High", + "solution": "Upgrade libxslt to 1.1.35-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "libxslt" + }, + "version": "1.1.34-r1" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-30560", + "value": "CVE-2021-30560", + "url": "https://avd.aquasec.com/nvd/cve-2021-30560" + } + ], + "links": [{ + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + },{ + "url": "https://crbug.com/1219209" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560" + } + ] + }, + { + "id": "CVE-2022-1348", + "category": "container_scanning", + "message": "logrotate: potential DoS from unprivileged users via the state file", + "description": "A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.", + "cve": "CVE-2022-1348", + "severity": "Medium", + "solution": "Upgrade logrotate to 3.18.1-r2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "logrotate" + }, + "version": "3.18.1-r1" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1348", + "value": "CVE-2022-1348", + "url": "https://avd.aquasec.com/nvd/cve-2022-1348" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/3" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/4" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/5" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1348" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1348" + },{ + "url": "https://github.com/logrotate/logrotate/blame/master/logrotate.c#L3015-L3017" + },{ + "url": "https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1348" + },{ + "url": "https://ubuntu.com/security/notices/USN-5447-1" + } + ] + }, + { + "id": "CVE-2022-29458", + "category": "container_scanning", + "message": "ncurses: segfaulting OOB read", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "cve": "CVE-2022-29458", + "severity": "High", + "solution": "Upgrade ncurses-libs to 6.3_p20211120-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "ncurses-libs" + }, + "version": "6.3_p20211120-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29458", + "value": "CVE-2022-29458", + "url": "https://avd.aquasec.com/nvd/cve-2022-29458" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29458" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458" + },{ + "url": "https://invisible-island.net/ncurses/NEWS.html#t20220416" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458" + },{ + "url": "https://ubuntu.com/security/notices/USN-5477-1" + } + ] + }, + { + "id": "CVE-2022-29458", + "category": "container_scanning", + "message": "ncurses: segfaulting OOB read", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "cve": "CVE-2022-29458", + "severity": "High", + "solution": "Upgrade ncurses-terminfo-base to 6.3_p20211120-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "ncurses-terminfo-base" + }, + "version": "6.3_p20211120-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29458", + "value": "CVE-2022-29458", + "url": "https://avd.aquasec.com/nvd/cve-2022-29458" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29458" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458" + },{ + "url": "https://invisible-island.net/ncurses/NEWS.html#t20220416" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458" + },{ + "url": "https://ubuntu.com/security/notices/USN-5477-1" + } + ] + }, + { + "id": "CVE-2022-0778", + "category": "container_scanning", + "message": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade openssl to 1.1.1n-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "openssl" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "category": "container_scanning", + "message": "openssl: AES OCB fails to encrypt some bytes", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade openssl to 1.1.1q-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "openssl" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-0778", + "category": "container_scanning", + "message": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade openssl-dev to 1.1.1n-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "openssl-dev" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "category": "container_scanning", + "message": "openssl: AES OCB fails to encrypt some bytes", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade openssl-dev to 1.1.1q-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "openssl-dev" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-1586", + "category": "container_scanning", + "message": "pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c", + "description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", + "cve": "CVE-2022-1586", + "severity": "Critical", + "solution": "Upgrade pcre2 to 10.40-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "pcre2" + }, + "version": "10.39-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1586", + "value": "CVE-2022-1586", + "url": "https://avd.aquasec.com/nvd/cve-2022-1586" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1586" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976," + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586" + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a," + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1586.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5251.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1586" + } + ] + }, + { + "id": "CVE-2022-1587", + "category": "container_scanning", + "message": "pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c", + "description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", + "cve": "CVE-2022-1587", + "severity": "Critical", + "solution": "Upgrade pcre2 to 10.40-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "pcre2" + }, + "version": "10.39-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1587", + "value": "CVE-2022-1587", + "url": "https://avd.aquasec.com/nvd/cve-2022-1587" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1587" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983," + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587" + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1587.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5251.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1587" + } + ] + }, + { + "id": "CVE-2022-24765", + "category": "container_scanning", + "message": "git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade perl-git to 2.34.2-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "perl-git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "category": "container_scanning", + "message": "git: Bypass of safe.directory protections", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade perl-git to 2.34.4-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "perl-git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2022-28391", + "category": "container_scanning", + "message": "busybox: remote attackers may execute arbitrary code if netstat is used", + "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", + "cve": "CVE-2022-28391", + "severity": "Critical", + "solution": "Upgrade ssl_client to 1.34.1-r5", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "ssl_client" + }, + "version": "1.34.1-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-28391", + "value": "CVE-2022-28391", + "url": "https://avd.aquasec.com/nvd/cve-2022-28391" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-28391" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" + },{ + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" + } + ] + }, + { + "id": "CVE-2022-1271", + "category": "container_scanning", + "message": "gzip: arbitrary-file-write vulnerability", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz to 5.2.5-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "xz" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2022-1271", + "category": "container_scanning", + "message": "gzip: arbitrary-file-write vulnerability", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz-dev to 5.2.5-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "xz-dev" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2022-1271", + "category": "container_scanning", + "message": "gzip: arbitrary-file-write vulnerability", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz-libs to 5.2.5-r1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "xz-libs" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2018-25032", + "category": "container_scanning", + "message": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs", + "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", + "cve": "CVE-2018-25032", + "severity": "High", + "solution": "Upgrade zlib to 1.2.12-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "zlib" + }, + "version": "1.2.11-r3" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2018-25032", + "value": "CVE-2018-25032", + "url": "https://avd.aquasec.com/nvd/cve-2018-25032" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2018-25032" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-2201.html" + },{ + "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" + },{ + "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" + },{ + "url": "https://github.com/madler/zlib/issues/605" + },{ + "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" + },{ + "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" + },{ + "url": "https://linux.oracle.com/cve/CVE-2018-25032.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5111" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2018-25032", + "category": "container_scanning", + "message": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs", + "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", + "cve": "CVE-2018-25032", + "severity": "High", + "solution": "Upgrade zlib-dev to 1.2.12-r0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "zlib-dev" + }, + "version": "1.2.11-r3" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2018-25032", + "value": "CVE-2018-25032", + "url": "https://avd.aquasec.com/nvd/cve-2018-25032" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2018-25032" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-2201.html" + },{ + "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" + },{ + "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" + },{ + "url": "https://github.com/madler/zlib/issues/605" + },{ + "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" + },{ + "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" + },{ + "url": "https://linux.oracle.com/cve/CVE-2018-25032.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5111" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2021-43138", + "category": "container_scanning", + "message": "Prototype Pollution in async", + "description": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", + "cve": "CVE-2021-43138", + "severity": "High", + "solution": "Upgrade async to 2.6.4, 3.2.2", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "async" + }, + "version": "2.6.3" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-43138", + "value": "CVE-2021-43138", + "url": "https://avd.aquasec.com/nvd/cve-2021-43138" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25" + },{ + "url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js" + },{ + "url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js" + },{ + "url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264" + },{ + "url": "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" + },{ + "url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" + },{ + "url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4" + },{ + "url": "https://github.com/caolan/async/pull/1828" + },{ + "url": "https://jsfiddle.net/oz5twjd9/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138" + } + ] + }, + { + "id": "CVE-2022-0155", + "category": "container_scanning", + "message": "follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor", + "description": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", + "cve": "CVE-2022-0155", + "severity": "High", + "solution": "Upgrade follow-redirects to 1.14.7", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "follow-redirects" + }, + "version": "1.14.1" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0155", + "value": "CVE-2022-0155", + "url": "https://avd.aquasec.com/nvd/cve-2022-0155" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0155" + },{ + "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q" + },{ + "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" + },{ + "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406" + },{ + "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0155" + } + ] + }, + { + "id": "CVE-2022-0536", + "category": "container_scanning", + "message": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak", + "description": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.", + "cve": "CVE-2022-0536", + "severity": "Medium", + "solution": "Upgrade follow-redirects to 1.14.8", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "follow-redirects" + }, + "version": "1.14.1" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0536", + "value": "CVE-2022-0536", + "url": "https://avd.aquasec.com/nvd/cve-2022-0536" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0536" + },{ + "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c" + },{ + "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" + },{ + "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536" + } + ] + }, + { + "id": "CVE-2022-31147", + "category": "container_scanning", + "message": "jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method", + "description": "The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.", + "cve": "CVE-2022-31147", + "severity": "High", + "solution": "Upgrade jquery-validation to 1.19.5", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "jquery-validation" + }, + "version": "1.19.4" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31147", + "value": "CVE-2022-31147", + "url": "https://avd.aquasec.com/nvd/cve-2022-31147" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-ffmh-x56j-9rc3" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31147" + } + ] + }, + { + "id": "CVE-2021-44906", + "category": "container_scanning", + "message": "minimist: prototype pollution", + "description": "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", + "cve": "CVE-2021-44906", + "severity": "Critical", + "solution": "Upgrade minimist to 1.2.6", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "minimist" + }, + "version": "1.2.5" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-44906", + "value": "CVE-2021-44906", + "url": "https://avd.aquasec.com/nvd/cve-2021-44906" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2021-44906" + },{ + "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" + },{ + "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" + },{ + "url": "https://github.com/substack/minimist/blob/master/index.js#L69" + },{ + "url": "https://github.com/substack/minimist/issues/164" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" + },{ + "url": "https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" + },{ + "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" + } + ] + }, + { + "id": "CVE-2022-31129", + "category": "container_scanning", + "message": "moment: inefficient parsing algorithim resulting in DoS", + "description": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", + "cve": "CVE-2022-31129", + "severity": "High", + "solution": "Upgrade moment to 2.29.4", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "moment" + }, + "version": "2.29.3" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31129", + "value": "CVE-2022-31129", + "url": "https://avd.aquasec.com/nvd/cve-2022-31129" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-31129" + },{ + "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g" + },{ + "url": "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3" + },{ + "url": "https://github.com/moment/moment/pull/6015#issuecomment-1152961973" + },{ + "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" + },{ + "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" + } + ] + }, + { + "id": "CVE-2021-23566", + "category": "container_scanning", + "message": "nanoid: Information disclosure via valueOf() function", + "description": "The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.", + "cve": "CVE-2021-23566", + "severity": "Medium", + "solution": "Upgrade nanoid to 3.1.31", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "nanoid" + }, + "version": "3.1.29" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-23566", + "value": "CVE-2021-23566", + "url": "https://avd.aquasec.com/nvd/cve-2021-23566" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2021-23566" + },{ + "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444" + },{ + "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2" + },{ + "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575" + },{ + "url": "https://github.com/ai/nanoid/pull/328" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193" + } + ] + }, + { + "id": "CVE-2022-24771", + "category": "container_scanning", + "message": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24771", + "severity": "High", + "solution": "Upgrade node-forge to 1.3.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24771", + "value": "CVE-2022-24771", + "url": "https://avd.aquasec.com/nvd/cve-2022-24771" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24771" + },{ + "url": "https://github.com/advisories/GHSA-cfm4-qjh2-4765" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" + } + ] + }, + { + "id": "CVE-2022-24772", + "category": "container_scanning", + "message": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24772", + "severity": "High", + "solution": "Upgrade node-forge to 1.3.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24772", + "value": "CVE-2022-24772", + "url": "https://avd.aquasec.com/nvd/cve-2022-24772" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24772" + },{ + "url": "https://github.com/advisories/GHSA-x4jg-mjrx-434g" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" + } + ] + }, + { + "id": "CVE-2022-0122", + "category": "container_scanning", + "message": "Open Redirect in node-forge", + "description": "forge is vulnerable to URL Redirection to Untrusted Site", + "cve": "CVE-2022-0122", + "severity": "Medium", + "solution": "Upgrade node-forge to 1.0.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0122", + "value": "CVE-2022-0122", + "url": "https://avd.aquasec.com/nvd/cve-2022-0122" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-8fr3-hfg3-gpgp" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e" + },{ + "url": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0122" + } + ] + }, + { + "id": "CVE-2022-24773", + "category": "container_scanning", + "message": "node-forge: Signature verification leniency in checking `DigestInfo` structure", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24773", + "severity": "Medium", + "solution": "Upgrade node-forge to 1.3.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24773", + "value": "CVE-2022-24773", + "url": "https://avd.aquasec.com/nvd/cve-2022-24773" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24773" + },{ + "url": "https://github.com/advisories/GHSA-2r2c-g63r-vccr" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773" + } + ] + }, + { + "id": "GHSA-5rrq-pxf6-6jx5", + "category": "container_scanning", + "message": "Prototype Pollution in node-forge debug API.", + "description": "### Impact\nThe `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.\n\n### Patches\nThe `forge.debug` API and related functions were removed in 1.0.0.\n\n### Workarounds\nDon't use the `forge.debug` API directly or indirectly with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/1-npm-node-forge/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge).\n* Email us at support@digitalbazaar.com.", + "cve": "GHSA-5rrq-pxf6-6jx5", + "severity": "Low", + "solution": "Upgrade node-forge to 1.0.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "GHSA-5rrq-pxf6-6jx5", + "value": "GHSA-5rrq-pxf6-6jx5", + "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5" + } + ] + }, + { + "id": "GHSA-gf8q-jrpm-jvxq", + "category": "container_scanning", + "message": "URL parsing in node-forge could lead to undesired behavior.", + "description": "### Impact\nThe regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.\n\n### Patches\n`forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.\n\n### Workarounds\nEnsure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge)\n* Email us at support@digitalbazaar.com\n", + "cve": "GHSA-gf8q-jrpm-jvxq", + "severity": "Low", + "solution": "Upgrade node-forge to 1.0.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "GHSA-gf8q-jrpm-jvxq", + "value": "GHSA-gf8q-jrpm-jvxq", + "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0122" + },{ + "url": "https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae" + } + ] + }, + { + "id": "CVE-2022-25858", + "category": "container_scanning", + "message": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...", + "description": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.", + "cve": "CVE-2022-25858", + "severity": "High", + "solution": "Upgrade terser to 5.14.2, 4.8.1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "terser" + }, + "version": "4.8.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25858", + "value": "CVE-2022-25858", + "url": "https://avd.aquasec.com/nvd/cve-2022-25858" + } + ], + "links": [{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858" + },{ + "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc" + },{ + "url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135" + },{ + "url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b" + },{ + "url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366" + } + ] + }, + { + "id": "CVE-2022-25858", + "category": "container_scanning", + "message": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...", + "description": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.", + "cve": "CVE-2022-25858", + "severity": "High", + "solution": "Upgrade terser to 5.14.2, 4.8.1", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "terser" + }, + "version": "5.9.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25858", + "value": "CVE-2022-25858", + "url": "https://avd.aquasec.com/nvd/cve-2022-25858" + } + ], + "links": [{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858" + },{ + "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc" + },{ + "url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135" + },{ + "url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b" + },{ + "url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366" + } + ] + }, + { + "id": "CVE-2022-29248", + "category": "container_scanning", + "message": "Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...", + "description": "Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.", + "cve": "CVE-2022-29248", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.3, 6.5.6", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29248", + "value": "CVE-2022-29248", + "url": "https://avd.aquasec.com/nvd/cve-2022-29248" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3" + },{ + "url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" + },{ + "url": "https://github.com/guzzle/guzzle/pull/3018" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248" + },{ + "url": "https://www.drupal.org/sa-core-2022-010" + } + ] + }, + { + "id": "CVE-2022-31042", + "category": "container_scanning", + "message": "Guzzle is an open source PHP HTTP client. In affected versions the `Co ...", + "description": "Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.", + "cve": "CVE-2022-31042", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.4, 6.5.7", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31042", + "value": "CVE-2022-31042", + "url": "https://avd.aquasec.com/nvd/cve-2022-31042" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml" + },{ + "url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9" + },{ + "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042" + },{ + "url": "https://www.drupal.org/sa-core-2022-011" + },{ + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" + } + ] + }, + { + "id": "CVE-2022-31043", + "category": "container_scanning", + "message": "Guzzle is an open source PHP HTTP client. In affected versions `Author ...", + "description": "Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.", + "cve": "CVE-2022-31043", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.4, 6.5.7", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31043", + "value": "CVE-2022-31043", + "url": "https://avd.aquasec.com/nvd/cve-2022-31043" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml" + },{ + "url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q" + },{ + "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043" + },{ + "url": "https://www.drupal.org/sa-core-2022-011" + },{ + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" + } + ] + }, + { + "id": "CVE-2022-31091", + "category": "container_scanning", + "message": "Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...", + "description": "Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.", + "cve": "CVE-2022-31091", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.5, 6.5.8", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31091", + "value": "CVE-2022-31091", + "url": "https://avd.aquasec.com/nvd/cve-2022-31091" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml" + },{ + "url": "https://github.com/advisories/GHSA-q559-8m2m-g699" + },{ + "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091" + } + ] + }, + { + "id": "CVE-2022-31090", + "category": "container_scanning", + "message": "Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...", + "description": "Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.", + "cve": "CVE-2022-31090", + "severity": "Medium", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.5, 6.5.8", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31090", + "value": "CVE-2022-31090", + "url": "https://avd.aquasec.com/nvd/cve-2022-31090" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml" + },{ + "url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r" + },{ + "url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md" + },{ + "url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md" + },{ + "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090" + } + ] + }, + { + "id": "CVE-2022-24775", + "category": "container_scanning", + "message": "guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...", + "description": "guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.", + "cve": "CVE-2022-24775", + "severity": "High", + "solution": "Upgrade guzzlehttp/psr7 to 2.1.1, 1.8.4", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/psr7" + }, + "version": "2.1.0" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24775", + "value": "CVE-2022-24775", + "url": "https://avd.aquasec.com/nvd/cve-2022-24775" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" + },{ + "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" + },{ + "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" + },{ + "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" + },{ + "url": "https://www.drupal.org/sa-core-2022-006" + } + ] + }, + { + "id": "CVE-2021-43808", + "category": "container_scanning", + "message": "Laravel is a web application framework. Laravel prior to versions 8.75 ...", + "description": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.", + "cve": "CVE-2021-43808", + "severity": "Medium", + "solution": "Upgrade laravel/framework to 6.20.42, 7.30.6, 8.75.0", + "scanner": { + "id": "trivy", + "name": "trivy" + }, + "location": { + "dependency": { + "package": { + "name": "laravel/framework" + }, + "version": "v8.74.0" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-43808", + "value": "CVE-2021-43808", + "url": "https://avd.aquasec.com/nvd/cve-2021-43808" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-66hf-2p6w-jqfw" + },{ + "url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b" + },{ + "url": "https://github.com/laravel/framework/pull/39906" + },{ + "url": "https://github.com/laravel/framework/pull/39908" + },{ + "url": "https://github.com/laravel/framework/pull/39909" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v6.20.42" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v7.30.6" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v8.75.0" + },{ + "url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw" + } + ] + } + ], + "remediations": [] +} diff --git a/unittests/scans/gitlab_container_scan/issue6639_v15.json b/unittests/scans/gitlab_container_scan/issue6639_v15.json new file mode 100644 index 00000000000..a31d5f5f70a --- /dev/null +++ b/unittests/scans/gitlab_container_scan/issue6639_v15.json @@ -0,0 +1,5246 @@ +{ + "version": "14.0.6", + "vulnerabilities": [ + { + "id": "CVE-2022-28391", + "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", + "cve": "CVE-2022-28391", + "severity": "Critical", + "solution": "Upgrade busybox to 1.34.1-r5", + "location": { + "dependency": { + "package": { + "name": "busybox" + }, + "version": "1.34.1-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-28391", + "value": "CVE-2022-28391", + "url": "https://avd.aquasec.com/nvd/cve-2022-28391" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-28391" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" + },{ + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" + } + ] + }, + { + "id": "CVE-2022-32207", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade curl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-32207", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade curl-dev to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "curl-dev" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-24407", + "description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "cve": "CVE-2022-24407", + "severity": "High", + "solution": "Upgrade cyrus-sasl-dev to 2.1.28-r0", + "location": { + "dependency": { + "package": { + "name": "cyrus-sasl-dev" + }, + "version": "2.1.27-r14" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24407", + "value": "CVE-2022-24407", + "url": "https://avd.aquasec.com/nvd/cve-2022-24407" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24407" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407" + },{ + "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-24407.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9239.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-2" + },{ + "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" + },{ + "url": "https://www.debian.org/security/2022/dsa-5087" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-25235", + "description": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", + "cve": "CVE-2022-25235", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25235", + "value": "CVE-2022-25235", + "url": "https://avd.aquasec.com/nvd/cve-2022-25235" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25235" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562/commits/367ae600b48d74261bbc339b17e9318424049791 (fix)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/562/commits/97cfdc3fa7dca759880d81e371901f4620279106 (tests)" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25235.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5288-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25236", + "description": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", + "cve": "CVE-2022-25236", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25236", + "value": "CVE-2022-25236", + "url": "https://avd.aquasec.com/nvd/cve-2022-25236" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/errata/RHSA-2022:0951" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25236" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://bugzilla.redhat.com/2044451" + },{ + "url": "https://bugzilla.redhat.com/2044455" + },{ + "url": "https://bugzilla.redhat.com/2044457" + },{ + "url": "https://bugzilla.redhat.com/2044464" + },{ + "url": "https://bugzilla.redhat.com/2044467" + },{ + "url": "https://bugzilla.redhat.com/2044479" + },{ + "url": "https://bugzilla.redhat.com/2044484" + },{ + "url": "https://bugzilla.redhat.com/2044488" + },{ + "url": "https://bugzilla.redhat.com/2044613" + },{ + "url": "https://bugzilla.redhat.com/2056363" + },{ + "url": "https://bugzilla.redhat.com/2056366" + },{ + "url": "https://bugzilla.redhat.com/2056370" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-0951.html" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)" + },{ + "url": "https://github.com/libexpat/libexpat/pull/577" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25236.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5288-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25315", + "description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", + "cve": "CVE-2022-25315", + "severity": "Critical", + "solution": "Upgrade expat to 2.4.5-r0", + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25315", + "value": "CVE-2022-25315", + "url": "https://avd.aquasec.com/nvd/cve-2022-25315" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/errata/RHSA-2022:0951" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25315" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://bugzilla.redhat.com/2044451" + },{ + "url": "https://bugzilla.redhat.com/2044455" + },{ + "url": "https://bugzilla.redhat.com/2044457" + },{ + "url": "https://bugzilla.redhat.com/2044464" + },{ + "url": "https://bugzilla.redhat.com/2044467" + },{ + "url": "https://bugzilla.redhat.com/2044479" + },{ + "url": "https://bugzilla.redhat.com/2044484" + },{ + "url": "https://bugzilla.redhat.com/2044488" + },{ + "url": "https://bugzilla.redhat.com/2044613" + },{ + "url": "https://bugzilla.redhat.com/2056363" + },{ + "url": "https://bugzilla.redhat.com/2056366" + },{ + "url": "https://bugzilla.redhat.com/2056370" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-0951.html" + },{ + "url": "https://github.com/libexpat/libexpat/pull/559" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25315.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9359.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25314", + "description": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", + "cve": "CVE-2022-25314", + "severity": "High", + "solution": "Upgrade expat to 2.4.5-r0", + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25314", + "value": "CVE-2022-25314", + "url": "https://avd.aquasec.com/nvd/cve-2022-25314" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25314" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" + },{ + "url": "https://github.com/libexpat/libexpat/pull/560" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25314.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5314.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-25313", + "description": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", + "cve": "CVE-2022-25313", + "severity": "Medium", + "solution": "Upgrade expat to 2.4.5-r0", + "location": { + "dependency": { + "package": { + "name": "expat" + }, + "version": "2.4.4-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25313", + "value": "CVE-2022-25313", + "url": "https://avd.aquasec.com/nvd/cve-2022-25313" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-25313" + },{ + "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" + },{ + "url": "https://github.com/libexpat/libexpat/pull/558" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-25313.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5314.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5320-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5085" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + } + ] + }, + { + "id": "CVE-2022-27404", + "description": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", + "cve": "CVE-2022-27404", + "severity": "Critical", + "solution": "Upgrade freetype to 2.11.1-r1", + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27404", + "value": "CVE-2022-27404", + "url": "https://avd.aquasec.com/nvd/cve-2022-27404" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27404" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27404" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-27405", + "description": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", + "cve": "CVE-2022-27405", + "severity": "High", + "solution": "Upgrade freetype to 2.11.1-r2", + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27405", + "value": "CVE-2022-27405", + "url": "https://avd.aquasec.com/nvd/cve-2022-27405" + } + ], + "links": [{ + "url": "http://freetype.com" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27405" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27405" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-27406", + "description": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", + "cve": "CVE-2022-27406", + "severity": "High", + "solution": "Upgrade freetype to 2.11.1-r2", + "location": { + "dependency": { + "package": { + "name": "freetype" + }, + "version": "2.11.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27406", + "value": "CVE-2022-27406", + "url": "https://avd.aquasec.com/nvd/cve-2022-27406" + } + ], + "links": [{ + "url": "http://freetype.com" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27406" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406" + },{ + "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27406" + },{ + "url": "https://ubuntu.com/security/notices/USN-5453-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5528-1" + } + ] + }, + { + "id": "CVE-2022-24765", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade git to 2.34.2-r0", + "location": { + "dependency": { + "package": { + "name": "git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade git to 2.34.4-r0", + "location": { + "dependency": { + "package": { + "name": "git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2022-24765", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade git-perl to 2.34.2-r0", + "location": { + "dependency": { + "package": { + "name": "git-perl" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade git-perl to 2.34.4-r0", + "location": { + "dependency": { + "package": { + "name": "git-perl" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2021-37750", + "description": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.", + "cve": "CVE-2021-37750", + "severity": "Medium", + "solution": "Upgrade krb5-libs to 1.19.3-r0", + "location": { + "dependency": { + "package": { + "name": "krb5-libs" + }, + "version": "1.19.2-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-37750", + "value": "CVE-2021-37750", + "url": "https://avd.aquasec.com/nvd/cve-2021-37750" + } + ], + "links": [{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2021-37750" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750" + },{ + "url": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49" + },{ + "url": "https://github.com/krb5/krb5/releases" + },{ + "url": "https://linux.oracle.com/cve/CVE-2021-37750.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2021-4788.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37750" + },{ + "url": "https://security.netapp.com/advisory/ntap-20210923-0002/" + },{ + "url": "https://web.mit.edu/kerberos/advisories/" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libcrypto1.1 to 1.1.1n-r0", + "location": { + "dependency": { + "package": { + "name": "libcrypto1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade libcrypto1.1 to 1.1.1q-r0", + "location": { + "dependency": { + "package": { + "name": "libcrypto1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-32207", + "description": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", + "cve": "CVE-2022-32207", + "severity": "Critical", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32207", + "value": "CVE-2022-32207", + "url": "https://avd.aquasec.com/nvd/cve-2022-32207" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32207" + },{ + "url": "https://curl.se/docs/CVE-2022-32207.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207" + },{ + "url": "https://hackerone.com/reports/1573634" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-22576", + "description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "cve": "CVE-2022-22576", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-22576", + "value": "CVE-2022-22576", + "url": "https://avd.aquasec.com/nvd/cve-2022-22576" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-22576" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-22576.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1526328" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-22576.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27775", + "description": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", + "cve": "CVE-2022-27775", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27775", + "value": "CVE-2022-27775", + "url": "https://avd.aquasec.com/nvd/cve-2022-27775" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27775" + },{ + "url": "https://curl.se/docs/CVE-2022-27775.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775" + },{ + "url": "https://hackerone.com/reports/1546268" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27780", + "description": "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", + "cve": "CVE-2022-27780", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27780", + "value": "CVE-2022-27780", + "url": "https://avd.aquasec.com/nvd/cve-2022-27780" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27780" + },{ + "url": "https://curl.se/docs/CVE-2022-27780.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780" + },{ + "url": "https://hackerone.com/reports/1553841" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27781", + "description": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", + "cve": "CVE-2022-27781", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27781", + "value": "CVE-2022-27781", + "url": "https://avd.aquasec.com/nvd/cve-2022-27781" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27781" + },{ + "url": "https://curl.se/docs/CVE-2022-27781.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781" + },{ + "url": "https://github.com/curl/curl/commit/f6c335d63f" + },{ + "url": "https://hackerone.com/reports/1555441" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-27782", + "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "cve": "CVE-2022-27782", + "severity": "High", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27782", + "value": "CVE-2022-27782", + "url": "https://avd.aquasec.com/nvd/cve-2022-27782" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27782" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27782.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1555796" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27782.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5412-1" + } + ] + }, + { + "id": "CVE-2022-27774", + "description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "cve": "CVE-2022-27774", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27774", + "value": "CVE-2022-27774", + "url": "https://avd.aquasec.com/nvd/cve-2022-27774" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27774" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27774.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1543773" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27774.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-27776", + "description": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", + "cve": "CVE-2022-27776", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r1", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-27776", + "value": "CVE-2022-27776", + "url": "https://avd.aquasec.com/nvd/cve-2022-27776" + } + ], + "links": [{ + "url": "https://access.redhat.com/errata/RHSA-2022:5313" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-27776" + },{ + "url": "https://bugzilla.redhat.com/2077541" + },{ + "url": "https://bugzilla.redhat.com/2077547" + },{ + "url": "https://bugzilla.redhat.com/2078408" + },{ + "url": "https://bugzilla.redhat.com/2082215" + },{ + "url": "https://curl.se/docs/CVE-2022-27776.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-5313.html" + },{ + "url": "https://hackerone.com/reports/1547048" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-27776.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5313.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5397-1" + } + ] + }, + { + "id": "CVE-2022-32205", + "description": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.", + "cve": "CVE-2022-32205", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32205", + "value": "CVE-2022-32205", + "url": "https://avd.aquasec.com/nvd/cve-2022-32205" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32205" + },{ + "url": "https://curl.se/docs/CVE-2022-32205.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205" + },{ + "url": "https://hackerone.com/reports/1569946" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32206", + "description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "cve": "CVE-2022-32206", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32206", + "value": "CVE-2022-32206", + "url": "https://avd.aquasec.com/nvd/cve-2022-32206" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32206" + },{ + "url": "https://curl.se/docs/CVE-2022-32206.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206" + },{ + "url": "https://hackerone.com/reports/1570651" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + } + ] + }, + { + "id": "CVE-2022-32208", + "description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "cve": "CVE-2022-32208", + "severity": "Medium", + "solution": "Upgrade libcurl to 7.80.0-r2", + "location": { + "dependency": { + "package": { + "name": "libcurl" + }, + "version": "7.80.0-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-32208", + "value": "CVE-2022-32208", + "url": "https://avd.aquasec.com/nvd/cve-2022-32208" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-32208" + },{ + "url": "https://curl.se/docs/CVE-2022-32208.html" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208" + },{ + "url": "https://hackerone.com/reports/1590071" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208" + },{ + "url": "https://ubuntu.com/security/notices/USN-5495-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5499-1" + } + ] + }, + { + "id": "CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libretls to 3.3.4-r3", + "location": { + "dependency": { + "package": { + "name": "libretls" + }, + "version": "3.3.4-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-24407", + "description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "cve": "CVE-2022-24407", + "severity": "High", + "solution": "Upgrade libsasl to 2.1.28-r0", + "location": { + "dependency": { + "package": { + "name": "libsasl" + }, + "version": "2.1.27-r14" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24407", + "value": "CVE-2022-24407", + "url": "https://avd.aquasec.com/nvd/cve-2022-24407" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24407" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407" + },{ + "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-24407.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9239.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5301-2" + },{ + "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" + },{ + "url": "https://www.debian.org/security/2022/dsa-5087" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade libssl1.1 to 1.1.1n-r0", + "location": { + "dependency": { + "package": { + "name": "libssl1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade libssl1.1 to 1.1.1q-r0", + "location": { + "dependency": { + "package": { + "name": "libssl1.1" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-23308", + "description": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", + "cve": "CVE-2022-23308", + "severity": "High", + "solution": "Upgrade libxml2 to 2.9.13-r0", + "location": { + "dependency": { + "package": { + "name": "libxml2" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-23308", + "value": "CVE-2022-23308", + "url": "https://avd.aquasec.com/nvd/cve-2022-23308" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/34" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/36" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/37" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-23308" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308" + },{ + "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-23308.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-0899.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" + },{ + "url": "https://support.apple.com/kb/HT213253" + },{ + "url": "https://support.apple.com/kb/HT213254" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://support.apple.com/kb/HT213258" + },{ + "url": "https://ubuntu.com/security/notices/USN-5324-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-29824", + "description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", + "cve": "CVE-2022-29824", + "severity": "Medium", + "solution": "Upgrade libxml2 to 2.9.14-r0", + "location": { + "dependency": { + "package": { + "name": "libxml2" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29824", + "value": "CVE-2022-29824", + "url": "https://avd.aquasec.com/nvd/cve-2022-29824" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29824" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-29824.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5317.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5142" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-23308", + "description": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", + "cve": "CVE-2022-23308", + "severity": "High", + "solution": "Upgrade libxml2-dev to 2.9.13-r0", + "location": { + "dependency": { + "package": { + "name": "libxml2-dev" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-23308", + "value": "CVE-2022-23308", + "url": "https://avd.aquasec.com/nvd/cve-2022-23308" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/34" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/36" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/37" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-23308" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308" + },{ + "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-23308.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-0899.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220331-0008/" + },{ + "url": "https://support.apple.com/kb/HT213253" + },{ + "url": "https://support.apple.com/kb/HT213254" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://support.apple.com/kb/HT213258" + },{ + "url": "https://ubuntu.com/security/notices/USN-5324-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2022-29824", + "description": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", + "cve": "CVE-2022-29824", + "severity": "Medium", + "solution": "Upgrade libxml2-dev to 2.9.14-r0", + "location": { + "dependency": { + "package": { + "name": "libxml2-dev" + }, + "version": "2.9.12-r2" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29824", + "value": "CVE-2022-29824", + "url": "https://avd.aquasec.com/nvd/cve-2022-29824" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29824" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-29824.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5317.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5422-1" + },{ + "url": "https://www.debian.org/security/2022/dsa-5142" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2021-30560", + "description": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", + "cve": "CVE-2021-30560", + "severity": "High", + "solution": "Upgrade libxslt to 1.1.35-r0", + "location": { + "dependency": { + "package": { + "name": "libxslt" + }, + "version": "1.1.34-r1" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-30560", + "value": "CVE-2021-30560", + "url": "https://avd.aquasec.com/nvd/cve-2021-30560" + } + ], + "links": [{ + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + },{ + "url": "https://crbug.com/1219209" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2" + },{ + "url": "https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560" + } + ] + }, + { + "id": "CVE-2022-1348", + "description": "A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.", + "cve": "CVE-2022-1348", + "severity": "Medium", + "solution": "Upgrade logrotate to 3.18.1-r2", + "location": { + "dependency": { + "package": { + "name": "logrotate" + }, + "version": "3.18.1-r1" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1348", + "value": "CVE-2022-1348", + "url": "https://avd.aquasec.com/nvd/cve-2022-1348" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/3" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/4" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/05/25/5" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1348" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1348" + },{ + "url": "https://github.com/logrotate/logrotate/blame/master/logrotate.c#L3015-L3017" + },{ + "url": "https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1348" + },{ + "url": "https://ubuntu.com/security/notices/USN-5447-1" + } + ] + }, + { + "id": "CVE-2022-29458", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "cve": "CVE-2022-29458", + "severity": "High", + "solution": "Upgrade ncurses-libs to 6.3_p20211120-r1", + "location": { + "dependency": { + "package": { + "name": "ncurses-libs" + }, + "version": "6.3_p20211120-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29458", + "value": "CVE-2022-29458", + "url": "https://avd.aquasec.com/nvd/cve-2022-29458" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29458" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458" + },{ + "url": "https://invisible-island.net/ncurses/NEWS.html#t20220416" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458" + },{ + "url": "https://ubuntu.com/security/notices/USN-5477-1" + } + ] + }, + { + "id": "CVE-2022-29458", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "cve": "CVE-2022-29458", + "severity": "High", + "solution": "Upgrade ncurses-terminfo-base to 6.3_p20211120-r1", + "location": { + "dependency": { + "package": { + "name": "ncurses-terminfo-base" + }, + "version": "6.3_p20211120-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29458", + "value": "CVE-2022-29458", + "url": "https://avd.aquasec.com/nvd/cve-2022-29458" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29458" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458" + },{ + "url": "https://invisible-island.net/ncurses/NEWS.html#t20220416" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html" + },{ + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458" + },{ + "url": "https://ubuntu.com/security/notices/USN-5477-1" + } + ] + }, + { + "id": "CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade openssl to 1.1.1n-r0", + "location": { + "dependency": { + "package": { + "name": "openssl" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade openssl to 1.1.1q-r0", + "location": { + "dependency": { + "package": { + "name": "openssl" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-0778", + "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "cve": "CVE-2022-0778", + "severity": "High", + "solution": "Upgrade openssl-dev to 1.1.1n-r0", + "location": { + "dependency": { + "package": { + "name": "openssl-dev" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0778", + "value": "CVE-2022-0778", + "url": "https://avd.aquasec.com/nvd/cve-2022-0778" + } + ], + "links": [{ + "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0778" + },{ + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1065.html" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-0778.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" + },{ + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220429-0005/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5328-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5103" + },{ + "url": "https://www.openssl.org/news/secadv/20220315.txt" + },{ + "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + },{ + "url": "https://www.tenable.com/security/tns-2022-06" + },{ + "url": "https://www.tenable.com/security/tns-2022-07" + },{ + "url": "https://www.tenable.com/security/tns-2022-08" + },{ + "url": "https://www.tenable.com/security/tns-2022-09" + } + ] + }, + { + "id": "CVE-2022-2097", + "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "cve": "CVE-2022-2097", + "severity": "High", + "solution": "Upgrade openssl-dev to 1.1.1q-r0", + "location": { + "dependency": { + "package": { + "name": "openssl-dev" + }, + "version": "1.1.1l-r8" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-2097", + "value": "CVE-2022-2097", + "url": "https://avd.aquasec.com/nvd/cve-2022-2097" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-2097" + },{ + "url": "https://crates.io/crates/openssl-src" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" + },{ + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" + },{ + "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" + },{ + "url": "https://ubuntu.com/security/notices/USN-5502-1" + },{ + "url": "https://www.openssl.org/news/secadv/20220705.txt" + } + ] + }, + { + "id": "CVE-2022-1586", + "description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", + "cve": "CVE-2022-1586", + "severity": "Critical", + "solution": "Upgrade pcre2 to 10.40-r0", + "location": { + "dependency": { + "package": { + "name": "pcre2" + }, + "version": "10.39-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1586", + "value": "CVE-2022-1586", + "url": "https://avd.aquasec.com/nvd/cve-2022-1586" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1586" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976," + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586" + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a," + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1586.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5251.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1586" + } + ] + }, + { + "id": "CVE-2022-1587", + "description": "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", + "cve": "CVE-2022-1587", + "severity": "Critical", + "solution": "Upgrade pcre2 to 10.40-r0", + "location": { + "dependency": { + "package": { + "name": "pcre2" + }, + "version": "10.39-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1587", + "value": "CVE-2022-1587", + "url": "https://avd.aquasec.com/nvd/cve-2022-1587" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1587" + },{ + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077983," + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587" + },{ + "url": "https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1587.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5251.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1587" + } + ] + }, + { + "id": "CVE-2022-24765", + "description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", + "cve": "CVE-2022-24765", + "severity": "High", + "solution": "Upgrade perl-git to 2.34.2-r0", + "location": { + "dependency": { + "package": { + "name": "perl-git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24765", + "value": "CVE-2022-24765", + "url": "https://avd.aquasec.com/nvd/cve-2022-24765" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/31" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/04/12/7" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24765" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765" + },{ + "url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash" + },{ + "url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode" + },{ + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://support.apple.com/kb/HT213261" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5376-3" + } + ] + }, + { + "id": "CVE-2022-29187", + "description": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.", + "cve": "CVE-2022-29187", + "severity": "High", + "solution": "Upgrade perl-git to 2.34.4-r0", + "location": { + "dependency": { + "package": { + "name": "perl-git" + }, + "version": "2.34.1-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29187", + "value": "CVE-2022-29187", + "url": "https://avd.aquasec.com/nvd/cve-2022-29187" + } + ], + "links": [{ + "url": "http://www.openwall.com/lists/oss-security/2022/07/14/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2022-29187" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" + },{ + "url": "https://github.blog/2022-04-12-git-security-vulnerability-announced" + },{ + "url": "https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/" + },{ + "url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u" + },{ + "url": "https://ubuntu.com/security/notices/USN-5511-1" + } + ] + }, + { + "id": "CVE-2022-28391", + "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", + "cve": "CVE-2022-28391", + "severity": "Critical", + "solution": "Upgrade ssl_client to 1.34.1-r5", + "location": { + "dependency": { + "package": { + "name": "ssl_client" + }, + "version": "1.34.1-r4" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-28391", + "value": "CVE-2022-28391", + "url": "https://avd.aquasec.com/nvd/cve-2022-28391" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-28391" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" + },{ + "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" + },{ + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" + } + ] + }, + { + "id": "CVE-2022-1271", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz to 5.2.5-r1", + "location": { + "dependency": { + "package": { + "name": "xz" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2022-1271", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz-dev to 5.2.5-r1", + "location": { + "dependency": { + "package": { + "name": "xz-dev" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2022-1271", + "description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "cve": "CVE-2022-1271", + "severity": "High", + "solution": "Upgrade xz-libs to 5.2.5-r1", + "location": { + "dependency": { + "package": { + "name": "xz-libs" + }, + "version": "5.2.5-r0" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-1271", + "value": "CVE-2022-1271", + "url": "https://avd.aquasec.com/nvd/cve-2022-1271" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-1271" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-1537.html" + },{ + "url": "https://linux.oracle.com/cve/CVE-2022-1271.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-5052.html" + },{ + "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-3" + },{ + "url": "https://ubuntu.com/security/notices/USN-5378-4" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" + } + ] + }, + { + "id": "CVE-2018-25032", + "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", + "cve": "CVE-2018-25032", + "severity": "High", + "solution": "Upgrade zlib to 1.2.12-r0", + "location": { + "dependency": { + "package": { + "name": "zlib" + }, + "version": "1.2.11-r3" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2018-25032", + "value": "CVE-2018-25032", + "url": "https://avd.aquasec.com/nvd/cve-2018-25032" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2018-25032" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-2201.html" + },{ + "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" + },{ + "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" + },{ + "url": "https://github.com/madler/zlib/issues/605" + },{ + "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" + },{ + "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" + },{ + "url": "https://linux.oracle.com/cve/CVE-2018-25032.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5111" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2018-25032", + "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", + "cve": "CVE-2018-25032", + "severity": "High", + "solution": "Upgrade zlib-dev to 1.2.12-r0", + "location": { + "dependency": { + "package": { + "name": "zlib-dev" + }, + "version": "1.2.11-r3" + }, + "operating_system": "Unknown", + "image": "XXXXXX.dkr.ecr.eu-west-3.amazonaws.com/XXX/admintools/tools:pipeline-ci" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2018-25032", + "value": "CVE-2018-25032", + "url": "https://avd.aquasec.com/nvd/cve-2018-25032" + } + ], + "links": [{ + "url": "http://seclists.org/fulldisclosure/2022/May/33" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/35" + },{ + "url": "http://seclists.org/fulldisclosure/2022/May/38" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" + },{ + "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" + },{ + "url": "https://access.redhat.com/security/cve/CVE-2018-25032" + },{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" + },{ + "url": "https://errata.almalinux.org/8/ALSA-2022-2201.html" + },{ + "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" + },{ + "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" + },{ + "url": "https://github.com/madler/zlib/issues/605" + },{ + "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" + },{ + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" + },{ + "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" + },{ + "url": "https://linux.oracle.com/cve/CVE-2018-25032.html" + },{ + "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" + },{ + "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" + },{ + "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" + },{ + "url": "https://support.apple.com/kb/HT213255" + },{ + "url": "https://support.apple.com/kb/HT213256" + },{ + "url": "https://support.apple.com/kb/HT213257" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5355-2" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-1" + },{ + "url": "https://ubuntu.com/security/notices/USN-5359-2" + },{ + "url": "https://www.debian.org/security/2022/dsa-5111" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" + },{ + "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" + },{ + "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + } + ] + }, + { + "id": "CVE-2021-43138", + "description": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", + "cve": "CVE-2021-43138", + "severity": "High", + "solution": "Upgrade async to 2.6.4, 3.2.2", + "location": { + "dependency": { + "package": { + "name": "async" + }, + "version": "2.6.3" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-43138", + "value": "CVE-2021-43138", + "url": "https://avd.aquasec.com/nvd/cve-2021-43138" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25" + },{ + "url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js" + },{ + "url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js" + },{ + "url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264" + },{ + "url": "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" + },{ + "url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" + },{ + "url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4" + },{ + "url": "https://github.com/caolan/async/pull/1828" + },{ + "url": "https://jsfiddle.net/oz5twjd9/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138" + } + ] + }, + { + "id": "CVE-2022-0155", + "description": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", + "cve": "CVE-2022-0155", + "severity": "High", + "solution": "Upgrade follow-redirects to 1.14.7", + "location": { + "dependency": { + "package": { + "name": "follow-redirects" + }, + "version": "1.14.1" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0155", + "value": "CVE-2022-0155", + "url": "https://avd.aquasec.com/nvd/cve-2022-0155" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0155" + },{ + "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q" + },{ + "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" + },{ + "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406" + },{ + "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0155" + } + ] + }, + { + "id": "CVE-2022-0536", + "description": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.", + "cve": "CVE-2022-0536", + "severity": "Medium", + "solution": "Upgrade follow-redirects to 1.14.8", + "location": { + "dependency": { + "package": { + "name": "follow-redirects" + }, + "version": "1.14.1" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0536", + "value": "CVE-2022-0536", + "url": "https://avd.aquasec.com/nvd/cve-2022-0536" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-0536" + },{ + "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c" + },{ + "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" + },{ + "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536" + } + ] + }, + { + "id": "CVE-2022-31147", + "description": "The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.", + "cve": "CVE-2022-31147", + "severity": "High", + "solution": "Upgrade jquery-validation to 1.19.5", + "location": { + "dependency": { + "package": { + "name": "jquery-validation" + }, + "version": "1.19.4" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31147", + "value": "CVE-2022-31147", + "url": "https://avd.aquasec.com/nvd/cve-2022-31147" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-ffmh-x56j-9rc3" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5" + },{ + "url": "https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31147" + } + ] + }, + { + "id": "CVE-2021-44906", + "description": "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", + "cve": "CVE-2021-44906", + "severity": "Critical", + "solution": "Upgrade minimist to 1.2.6", + "location": { + "dependency": { + "package": { + "name": "minimist" + }, + "version": "1.2.5" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-44906", + "value": "CVE-2021-44906", + "url": "https://avd.aquasec.com/nvd/cve-2021-44906" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2021-44906" + },{ + "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" + },{ + "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" + },{ + "url": "https://github.com/substack/minimist/blob/master/index.js#L69" + },{ + "url": "https://github.com/substack/minimist/issues/164" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" + },{ + "url": "https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" + },{ + "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" + } + ] + }, + { + "id": "CVE-2022-31129", + "description": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", + "cve": "CVE-2022-31129", + "severity": "High", + "solution": "Upgrade moment to 2.29.4", + "location": { + "dependency": { + "package": { + "name": "moment" + }, + "version": "2.29.3" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31129", + "value": "CVE-2022-31129", + "url": "https://avd.aquasec.com/nvd/cve-2022-31129" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-31129" + },{ + "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g" + },{ + "url": "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3" + },{ + "url": "https://github.com/moment/moment/pull/6015#issuecomment-1152961973" + },{ + "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" + },{ + "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/" + },{ + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" + } + ] + }, + { + "id": "CVE-2021-23566", + "description": "The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.", + "cve": "CVE-2021-23566", + "severity": "Medium", + "solution": "Upgrade nanoid to 3.1.31", + "location": { + "dependency": { + "package": { + "name": "nanoid" + }, + "version": "3.1.29" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-23566", + "value": "CVE-2021-23566", + "url": "https://avd.aquasec.com/nvd/cve-2021-23566" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2021-23566" + },{ + "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444" + },{ + "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2" + },{ + "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575" + },{ + "url": "https://github.com/ai/nanoid/pull/328" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193" + } + ] + }, + { + "id": "CVE-2022-24771", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24771", + "severity": "High", + "solution": "Upgrade node-forge to 1.3.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24771", + "value": "CVE-2022-24771", + "url": "https://avd.aquasec.com/nvd/cve-2022-24771" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24771" + },{ + "url": "https://github.com/advisories/GHSA-cfm4-qjh2-4765" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" + } + ] + }, + { + "id": "CVE-2022-24772", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24772", + "severity": "High", + "solution": "Upgrade node-forge to 1.3.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24772", + "value": "CVE-2022-24772", + "url": "https://avd.aquasec.com/nvd/cve-2022-24772" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24772" + },{ + "url": "https://github.com/advisories/GHSA-x4jg-mjrx-434g" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" + } + ] + }, + { + "id": "CVE-2022-0122", + "description": "forge is vulnerable to URL Redirection to Untrusted Site", + "cve": "CVE-2022-0122", + "severity": "Medium", + "solution": "Upgrade node-forge to 1.0.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-0122", + "value": "CVE-2022-0122", + "url": "https://avd.aquasec.com/nvd/cve-2022-0122" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-8fr3-hfg3-gpgp" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e" + },{ + "url": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0122" + } + ] + }, + { + "id": "CVE-2022-24773", + "description": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.", + "cve": "CVE-2022-24773", + "severity": "Medium", + "solution": "Upgrade node-forge to 1.3.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24773", + "value": "CVE-2022-24773", + "url": "https://avd.aquasec.com/nvd/cve-2022-24773" + } + ], + "links": [{ + "url": "https://access.redhat.com/security/cve/CVE-2022-24773" + },{ + "url": "https://github.com/advisories/GHSA-2r2c-g63r-vccr" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + },{ + "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773" + } + ] + }, + { + "id": "GHSA-5rrq-pxf6-6jx5", + "description": "### Impact\nThe `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.\n\n### Patches\nThe `forge.debug` API and related functions were removed in 1.0.0.\n\n### Workarounds\nDon't use the `forge.debug` API directly or indirectly with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/1-npm-node-forge/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge).\n* Email us at support@digitalbazaar.com.", + "cve": "GHSA-5rrq-pxf6-6jx5", + "severity": "Low", + "solution": "Upgrade node-forge to 1.0.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "GHSA-5rrq-pxf6-6jx5", + "value": "GHSA-5rrq-pxf6-6jx5", + "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5" + } + ] + }, + { + "id": "GHSA-gf8q-jrpm-jvxq", + "description": "### Impact\nThe regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.\n\n### Patches\n`forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.\n\n### Workarounds\nEnsure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge)\n* Email us at support@digitalbazaar.com\n", + "cve": "GHSA-gf8q-jrpm-jvxq", + "severity": "Low", + "solution": "Upgrade node-forge to 1.0.0", + "location": { + "dependency": { + "package": { + "name": "node-forge" + }, + "version": "0.10.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "GHSA-gf8q-jrpm-jvxq", + "value": "GHSA-gf8q-jrpm-jvxq", + "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq" + },{ + "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0122" + },{ + "url": "https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae" + } + ] + }, + { + "id": "CVE-2022-25858", + "description": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.", + "cve": "CVE-2022-25858", + "severity": "High", + "solution": "Upgrade terser to 5.14.2, 4.8.1", + "location": { + "dependency": { + "package": { + "name": "terser" + }, + "version": "4.8.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25858", + "value": "CVE-2022-25858", + "url": "https://avd.aquasec.com/nvd/cve-2022-25858" + } + ], + "links": [{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858" + },{ + "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc" + },{ + "url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135" + },{ + "url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b" + },{ + "url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366" + } + ] + }, + { + "id": "CVE-2022-25858", + "description": "The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.", + "cve": "CVE-2022-25858", + "severity": "High", + "solution": "Upgrade terser to 5.14.2, 4.8.1", + "location": { + "dependency": { + "package": { + "name": "terser" + }, + "version": "5.9.0" + }, + "operating_system": "Unknown", + "image": "Node.js" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-25858", + "value": "CVE-2022-25858", + "url": "https://avd.aquasec.com/nvd/cve-2022-25858" + } + ], + "links": [{ + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858" + },{ + "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc" + },{ + "url": "https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135" + },{ + "url": "https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b" + },{ + "url": "https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858" + },{ + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722" + },{ + "url": "https://snyk.io/vuln/SNYK-JS-TERSER-2806366" + } + ] + }, + { + "id": "CVE-2022-29248", + "description": "Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.", + "cve": "CVE-2022-29248", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.3, 6.5.6", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-29248", + "value": "CVE-2022-29248", + "url": "https://avd.aquasec.com/nvd/cve-2022-29248" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-cwmx-hcrq-mhc3" + },{ + "url": "https://github.com/guzzle/guzzle/commit/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" + },{ + "url": "https://github.com/guzzle/guzzle/pull/3018" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29248" + },{ + "url": "https://www.drupal.org/sa-core-2022-010" + } + ] + }, + { + "id": "CVE-2022-31042", + "description": "Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.", + "cve": "CVE-2022-31042", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.4, 6.5.7", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31042", + "value": "CVE-2022-31042", + "url": "https://avd.aquasec.com/nvd/cve-2022-31042" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31042.yaml" + },{ + "url": "https://github.com/advisories/GHSA-f2wf-25xc-69c9" + },{ + "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31042" + },{ + "url": "https://www.drupal.org/sa-core-2022-011" + },{ + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" + } + ] + }, + { + "id": "CVE-2022-31043", + "description": "Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.", + "cve": "CVE-2022-31043", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.4, 6.5.7", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31043", + "value": "CVE-2022-31043", + "url": "https://avd.aquasec.com/nvd/cve-2022-31043" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31043.yaml" + },{ + "url": "https://github.com/advisories/GHSA-w248-ffj2-4v5q" + },{ + "url": "https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31043" + },{ + "url": "https://www.drupal.org/sa-core-2022-011" + },{ + "url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx" + } + ] + }, + { + "id": "CVE-2022-31091", + "description": "Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.", + "cve": "CVE-2022-31091", + "severity": "High", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.5, 6.5.8", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31091", + "value": "CVE-2022-31091", + "url": "https://avd.aquasec.com/nvd/cve-2022-31091" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31091.yaml" + },{ + "url": "https://github.com/advisories/GHSA-q559-8m2m-g699" + },{ + "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31091" + } + ] + }, + { + "id": "CVE-2022-31090", + "description": "Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.", + "cve": "CVE-2022-31090", + "severity": "Medium", + "solution": "Upgrade guzzlehttp/guzzle to 7.4.5, 6.5.8", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/guzzle" + }, + "version": "7.4.1" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-31090", + "value": "CVE-2022-31090", + "url": "https://avd.aquasec.com/nvd/cve-2022-31090" + } + ], + "links": [{ + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-31090.yaml" + },{ + "url": "https://github.com/advisories/GHSA-25mq-v84q-4j7r" + },{ + "url": "https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md" + },{ + "url": "https://github.com/guzzle/guzzle/blob/7.4.5/CHANGELOG.md" + },{ + "url": "https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82" + },{ + "url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31090" + } + ] + }, + { + "id": "CVE-2022-24775", + "description": "guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.", + "cve": "CVE-2022-24775", + "severity": "High", + "solution": "Upgrade guzzlehttp/psr7 to 2.1.1, 1.8.4", + "location": { + "dependency": { + "package": { + "name": "guzzlehttp/psr7" + }, + "version": "2.1.0" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2022-24775", + "value": "CVE-2022-24775", + "url": "https://avd.aquasec.com/nvd/cve-2022-24775" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-q7rv-6hp3-vh96" + },{ + "url": "https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1" + },{ + "url": "https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc" + },{ + "url": "https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96" + },{ + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24775" + },{ + "url": "https://www.drupal.org/sa-core-2022-006" + } + ] + }, + { + "id": "CVE-2021-43808", + "description": "Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.", + "cve": "CVE-2021-43808", + "severity": "Medium", + "solution": "Upgrade laravel/framework to 6.20.42, 7.30.6, 8.75.0", + "location": { + "dependency": { + "package": { + "name": "laravel/framework" + }, + "version": "v8.74.0" + }, + "operating_system": "Unknown", + "image": "var/www/composer.lock" + }, + "identifiers": [ + { + "type": "cve", + "name": "CVE-2021-43808", + "value": "CVE-2021-43808", + "url": "https://avd.aquasec.com/nvd/cve-2021-43808" + } + ], + "links": [{ + "url": "https://github.com/advisories/GHSA-66hf-2p6w-jqfw" + },{ + "url": "https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b" + },{ + "url": "https://github.com/laravel/framework/pull/39906" + },{ + "url": "https://github.com/laravel/framework/pull/39908" + },{ + "url": "https://github.com/laravel/framework/pull/39909" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v6.20.42" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v7.30.6" + },{ + "url": "https://github.com/laravel/framework/releases/tag/v8.75.0" + },{ + "url": "https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw" + } + ] + } + ], + "remediations": [] +} diff --git a/unittests/scans/gitlab_dast/gitlab_dast_many_vul.json b/unittests/scans/gitlab_dast/gitlab_dast_many_vul_v14.json similarity index 100% rename from unittests/scans/gitlab_dast/gitlab_dast_many_vul.json rename to unittests/scans/gitlab_dast/gitlab_dast_many_vul_v14.json diff --git a/unittests/scans/gitlab_dast/gitlab_dast_many_vul_v15.json b/unittests/scans/gitlab_dast/gitlab_dast_many_vul_v15.json new file mode 100644 index 00000000000..9e4fa7b9001 --- /dev/null +++ b/unittests/scans/gitlab_dast/gitlab_dast_many_vul_v15.json @@ -0,0 +1,1352 @@ +{ + "@generated": "Fri, 23 Apr 2021 15:46:48", + "@version": "D-2020-08-26", + "remediations": [], + "scan": { + "end_time": "2021-04-23T15:46:48", + "messages": [], + "scanned_resources": [ + { + "method": "GET", + "type": "url", + "url": "http://api-server/" + }, + { + "method": "GET", + "type": "url", + "url": "http://api-server/v1" + }, + { + "method": "DELETE", + "type": "url", + "url": "http://api-server/v1/tree/10" + }, + { + "method": "GET", + "type": "url", + "url": "http://api-server/v1/tree/10" + }, + { + "method": "GET", + "type": "url", + "url": "http://api-server/v1/trees" + }, + { + "method": "POST", + "type": "url", + "url": "http://api-server/v1/trees" + } + ], + "scanner": { + "id": "zaproxy", + "name": "OWASP Zed Attack Proxy (ZAP)", + "url": "https://www.zaproxy.org", + "version": "D-2020-08-26", + "vendor": { + "name": "GitLab" + } + }, + "start_time": "2021-04-23T15:46:34", + "status": "success", + "type": "dast" + }, + "site": [ + { + "@host": "api-server", + "@name": "http://api-server", + "@port": "80", + "@ssl": "false", + "alerts": [ + { + "alert": "PII Disclosure", + "confidence": "3", + "count": "1", + "cweid": "359", + "desc": "

    The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.

    ", + "instances": [ + { + "attack": "", + "evidence": "378282246310005", + "method": "GET", + "param": "", + "uri": "http://api-server/v1/trees" + } + ], + "name": "PII Disclosure", + "otherinfo": "

    Credit Card Type detected: American Express

    Bank Identification Number: 378282

    Brand: AMERICAN EXPRESS

    Category: SMALL CORPORATE

    Issuer: AMERICAN EXPRESS COMPANY

    ", + "pluginid": "10062", + "reference": "

    ", + "riskcode": "3", + "riskdesc": "High (High)", + "solution": "

    ", + "sourceid": "3" + }, + { + "alert": "Content Security Policy (CSP) Header Not Set", + "confidence": "3", + "count": "1", + "cweid": "16", + "desc": "

    Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

    ", + "instances": [ + { + "attack": "", + "evidence": "", + "method": "DELETE", + "param": "", + "uri": "http://api-server/v1/tree/10" + } + ], + "name": "Content Security Policy (CSP) Header Not Set", + "otherinfo": "", + "pluginid": "10038", + "reference": "

    https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy

    https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

    http://www.w3.org/TR/CSP/

    http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html

    http://www.html5rocks.com/en/tutorials/security/content-security-policy/

    http://caniuse.com/#feat=contentsecuritypolicy

    http://content-security-policy.com/

    ", + "riskcode": "2", + "riskdesc": "Medium (High)", + "solution": "

    Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: \"Content-Security-Policy\" for Chrome 25+, Firefox 23+ and Safari 7+, \"X-Content-Security-Policy\" for Firefox 4.0+ and Internet Explorer 10+, and \"X-WebKit-CSP\" for Chrome 14+ and Safari 6+.

    ", + "sourceid": "3" + }, + { + "alert": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "confidence": "3", + "count": "6", + "cweid": "200", + "desc": "

    The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

    ", + "instances": [ + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "GET", + "param": "", + "uri": "http://api-server/" + }, + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "DELETE", + "param": "", + "uri": "http://api-server/v1/tree/10" + }, + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "GET", + "param": "", + "uri": "http://api-server/v1/tree/10" + }, + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "GET", + "param": "", + "uri": "http://api-server/v1/trees" + }, + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "POST", + "param": "", + "uri": "http://api-server/v1/trees" + }, + { + "attack": "", + "evidence": "nginx/1.17.6", + "method": "GET", + "param": "", + "uri": "http://api-server/v1" + } + ], + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "otherinfo": "", + "pluginid": "10036", + "reference": "

    http://httpd.apache.org/docs/current/mod/core.html#servertokens

    http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007

    http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

    http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html

    ", + "riskcode": "1", + "riskdesc": "Low (High)", + "solution": "

    Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.

    ", + "sourceid": "3" + }, + { + "alert": "X-Content-Type-Options Header Missing", + "confidence": "2", + "count": "2", + "cweid": "16", + "desc": "

    The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

    ", + "instances": [ + { + "attack": "", + "evidence": "", + "method": "GET", + "param": "X-Content-Type-Options", + "uri": "http://api-server/v1/trees" + }, + { + "attack": "", + "evidence": "", + "method": "POST", + "param": "X-Content-Type-Options", + "uri": "http://api-server/v1/trees" + } + ], + "name": "X-Content-Type-Options Header Missing", + "otherinfo": "

    This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

    At \"High\" threshold this scan rule will not alert on client or server error responses.

    ", + "pluginid": "10021", + "reference": "

    http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx

    https://owasp.org/www-community/Security_Headers

    ", + "riskcode": "1", + "riskdesc": "Low (Medium)", + "solution": "

    Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

    If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

    ", + "sourceid": "3" + } + ] + } + ], + "spider": { + "progress": "100", + "result": { + "urlsInScope": [ + { + "method": "", + "processed": "", + "reasonNotProcessed": "", + "statusCode": "", + "statusReason": "", + "url": "" + } + ], + "urlsIoError": [], + "urlsOutOfScope": [] + }, + "state": "FINISHED" + }, + "version": "13.1.0", + "vulnerabilities": [ + { + "cve": "10062", + "description": "The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.", + "discovered_at": "2021-04-23T15:46:40.615", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "OK", + "status_code": 200 + }, + "summary": "378282246310005; Credit Card Type detected: American Express Bank Identification Number: 378282 Brand: AMERICAN EXPRESS Category: SMALL CORPORATE Issuer: AMERICAN EXPRESS COMPANY" + }, + "id": "5ec00bbc-2e53-44cb-83e9-3d35365277e3", + "identifiers": [ + { + "name": "PII Disclosure", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10062" + }, + { + "name": "CWE-359", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/359.html", + "value": "359" + } + ], + "links": [], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/v1/trees" + }, + "severity": "High", + "solution": "" + }, + { + "cve": "10038", + "description": "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.", + "discovered_at": "2021-04-23T15:46:40.644", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "DELETE", + "url": "http://api-server/v1/tree/10" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Not Allowed", + "status_code": 405 + }, + "summary": "" + }, + "id": "87e98ddf-7d75-444a-be6d-45400151a0fe", + "identifiers": [ + { + "name": "Content Security Policy (CSP) Header Not Set", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10038" + }, + { + "name": "CWE-16", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/16.html", + "value": "16" + } + ], + "links": [ + { + "url": "https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy" + }, + { + "url": "https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html" + }, + { + "url": "http://www.w3.org/TR/CSP/" + }, + { + "url": "http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html" + }, + { + "url": "http://www.html5rocks.com/en/tutorials/security/content-security-policy/" + }, + { + "url": "http://caniuse.com/#feat=contentsecuritypolicy" + }, + { + "url": "http://content-security-policy.com/" + } + ], + "location": { + "hostname": "http://api-server", + "method": "DELETE", + "param": "", + "path": "/v1/tree/10" + }, + "severity": "Medium", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: \"Content-Security-Policy\" for Chrome 25+, Firefox 23+ and Safari 7+, \"X-Content-Security-Policy\" for Firefox 4.0+ and Internet Explorer 10+, and \"X-WebKit-CSP\" for Chrome 14+ and Safari 6+." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.644", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "DELETE", + "url": "http://api-server/v1/tree/10" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Not Allowed", + "status_code": 405 + }, + "summary": "nginx/1.17.6" + }, + "id": "df7641d3-1a33-4930-a1c7-e1cc5edfdc2f", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "DELETE", + "param": "", + "path": "/v1/tree/10" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.584", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Moved Temporarily", + "status_code": 302 + }, + "summary": "nginx/1.17.6" + }, + "id": "4ff21131-f7e3-491e-8e9b-7fcdd0352d4c", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.605", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Moved Temporarily", + "status_code": 302 + }, + "summary": "nginx/1.17.6" + }, + "id": "eb35495a-9b43-43bf-82ef-e014af424d2d", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/v1" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.638", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1/tree/10" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Not Found", + "status_code": 404 + }, + "summary": "nginx/1.17.6" + }, + "id": "9ffabe21-a3b2-46ef-93c9-9d2aaffed8e4", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/v1/tree/10" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.615", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "OK", + "status_code": 200 + }, + "summary": "nginx/1.17.6" + }, + "id": "a1339166-77c2-45c7-974c-6fe6caa870ec", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/v1/trees" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10036", + "description": "The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.", + "discovered_at": "2021-04-23T15:46:40.632", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "23" + }, + { + "name": "Content-Type", + "value": "application/json" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "POST", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "23" + }, + { + "name": "Content-Type", + "value": "application/json" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Created", + "status_code": 201 + }, + "summary": "nginx/1.17.6" + }, + "id": "356f4003-ce8f-46b0-a3c4-2e39bbdfad62", + "identifiers": [ + { + "name": "Server Leaks Version Information via \"Server\" HTTP Response Header Field", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10036" + }, + { + "name": "CWE-200", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/200.html", + "value": "200" + } + ], + "links": [ + { + "url": "http://httpd.apache.org/docs/current/mod/core.html#servertokens" + }, + { + "url": "http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007" + }, + { + "url": "http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx" + }, + { + "url": "http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html" + } + ], + "location": { + "hostname": "http://api-server", + "method": "POST", + "param": "", + "path": "/v1/trees" + }, + "severity": "Low", + "solution": "Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details." + }, + { + "cve": "10021", + "description": "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.", + "discovered_at": "2021-04-23T15:46:40.615", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "OK", + "status_code": 200 + }, + "summary": "This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At \"High\" threshold this scan rule will not alert on client or server error responses." + }, + "id": "36ce923d-d163-4c8e-8af2-811d235f8f02", + "identifiers": [ + { + "name": "X-Content-Type-Options Header Missing", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10021" + }, + { + "name": "CWE-16", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/16.html", + "value": "16" + } + ], + "links": [ + { + "url": "http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx" + }, + { + "url": "https://owasp.org/www-community/Security_Headers" + } + ], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "X-Content-Type-Options", + "path": "/v1/trees" + }, + "severity": "Low", + "solution": "Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing." + }, + { + "cve": "10021", + "description": "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.", + "discovered_at": "2021-04-23T15:46:40.632", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "23" + }, + { + "name": "Content-Type", + "value": "application/json" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "POST", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "23" + }, + { + "name": "Content-Type", + "value": "application/json" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "Created", + "status_code": 201 + }, + "summary": "This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At \"High\" threshold this scan rule will not alert on client or server error responses." + }, + "id": "4c980571-fe02-4f11-aaa8-16aface3339a", + "identifiers": [ + { + "name": "X-Content-Type-Options Header Missing", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10021" + }, + { + "name": "CWE-16", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/16.html", + "value": "16" + } + ], + "links": [ + { + "url": "http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx" + }, + { + "url": "https://owasp.org/www-community/Security_Headers" + } + ], + "location": { + "hostname": "http://api-server", + "method": "POST", + "param": "X-Content-Type-Options", + "path": "/v1/trees" + }, + "severity": "Low", + "solution": "Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing." + } + ] + } \ No newline at end of file diff --git a/unittests/scans/gitlab_dast/gitlab_dast_one_vul.json b/unittests/scans/gitlab_dast/gitlab_dast_one_vul_v14.json similarity index 100% rename from unittests/scans/gitlab_dast/gitlab_dast_one_vul.json rename to unittests/scans/gitlab_dast/gitlab_dast_one_vul_v14.json diff --git a/unittests/scans/gitlab_dast/gitlab_dast_one_vul_v15.json b/unittests/scans/gitlab_dast/gitlab_dast_one_vul_v15.json new file mode 100644 index 00000000000..3d7b6ecd658 --- /dev/null +++ b/unittests/scans/gitlab_dast/gitlab_dast_one_vul_v15.json @@ -0,0 +1,105 @@ +{ + "__comment__": "This is a cut of from the test_api_scan.json", + "vulnerabilities": [ + { + "cve": "10062", + "description": "The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.", + "discovered_at": "2021-04-23T15:46:40.615", + "evidence": { + "request": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "method": "GET", + "url": "http://api-server/v1/trees" + }, + "response": { + "headers": [ + { + "name": "Accept", + "value": "*/*" + }, + { + "name": "Authorization", + "value": "********" + }, + { + "name": "Cache-Control", + "value": "no-cache" + }, + { + "name": "Content-Length", + "value": "0" + }, + { + "name": "Host", + "value": "api-server" + }, + { + "name": "Pragma", + "value": "no-cache" + }, + { + "name": "User-Agent", + "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" + } + ], + "reason_phrase": "OK", + "status_code": 200 + }, + "summary": "378282246310005; Credit Card Type detected: American Express Bank Identification Number: 378282 Brand: AMERICAN EXPRESS Category: SMALL CORPORATE Issuer: AMERICAN EXPRESS COMPANY" + }, + "id": "5ec00bbc-2e53-44cb-83e9-3d35365277e3", + "identifiers": [ + { + "name": "PII Disclosure", + "type": "ZAProxy_PluginId", + "url": "https://github.com/zaproxy/zaproxy/blob/w2019-01-14/docs/scanners.md", + "value": "10062" + }, + { + "name": "CWE-359", + "type": "CWE", + "url": "https://cwe.mitre.org/data/definitions/359.html", + "value": "359" + } + ], + "links": [], + "location": { + "hostname": "http://api-server", + "method": "GET", + "param": "", + "path": "/v1/trees" + }, + "severity": "High", + "solution": "" + } + ] + } \ No newline at end of file diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln.json rename to unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v14.json diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v15.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v15.json new file mode 100644 index 00000000000..9784289392f --- /dev/null +++ b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v15.json @@ -0,0 +1,71 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "2d8b607cb56d9866c73cdcf33a016f64b4fa37d909c1dd300037b1ac026a3ca5", + "name": "XML Entity Expansion", + "description": "go-yaml is vulnerable to a Billion Laughs Attack.", + "cve": "service/go.sum:gopkg.in/yaml.v2:gemnasium:7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "severity": "Unknown", + "solution": "Upgrade to version 2.2.3 or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "value": "7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/gopkg.in/yaml.v2/GMS-2019-2.yml" + } + ], + "links": [ + { + "url": "https://github.com/docker/cli/pull/2117" + } + ] + } + ], + "remediations": [], + "dependency_files": [ + { + "path": "service/go.sum", + "package_manager": "go", + "dependencies": [ + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.2" + }, + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.4" + } + ] + } + ], + "scan": { + "scanner": { + "id": "gemnasium", + "name": "Gemnasium", + "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium", + "vendor": { + "name": "GitLab" + }, + "version": "2.24.1" + }, + "type": "dependency_scanning", + "start_time": "2020-12-23T13:43:48", + "end_time": "2020-12-23T13:43:49", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v14.json similarity index 100% rename from unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component.json rename to unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v14.json diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v15.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v15.json new file mode 100644 index 00000000000..7acd36660d5 --- /dev/null +++ b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v15.json @@ -0,0 +1,110 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "2d8b607cb56d9866c73cdcf33a016f64b4fa37d909c1dd300037b1ac026a3ca5", + "name": "XML Entity Expansion", + "description": "go-yaml is vulnerable to a Billion Laughs Attack.", + "cve": "service/go.sum:gopkg.in/yaml.v2:gemnasium:7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "severity": "Unknown", + "solution": "Upgrade to version 2.2.3 or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { } + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "value": "7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/gopkg.in/yaml.v2/GMS-2019-2.yml" + } + ], + "links": [ + { + "url": "https://github.com/docker/cli/pull/2117" + } + ] + }, + { + "id": "e4f855103139f6af7b2ac8c83aa6779fc97a168e06a45235fb6f072cf707c1b5", + "name": "Nil Pointer Dereference", + "description": "A nil pointer dereference in the `golang.org/x/crypto/ssh` component allows remote attackers to cause a denial of service against SSH servers.", + "cve": "service/go.sum:golang.org/x/crypto:gemnasium:ffb814a0-404c-11eb-b378-0242ac130002", + "severity": "High", + "solution": "Upgrade to version v0.0.0-20201216223049-8b5274cf687f or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20190308221718-c2843e01d9a2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-ffb814a0-404c-11eb-b378-0242ac130002", + "value": "ffb814a0-404c-11eb-b378-0242ac130002", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/crypto/CVE-2020-29652.yml" + }, + { + "type": "cve", + "name": "CVE-2020-29652", + "value": "CVE-2020-29652", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652" + } + ], + "links": [ + { + "url": "https://go-review.googlesource.com/c/crypto/+/278852" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" + } + ] + } + ], + "remediations": [], + "dependency_files": [ + { + "path": "service/go.sum", + "package_manager": "go", + "dependencies": [ + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.2" + }, + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.4" + } + ] + } + ], + "scan": { + "scanner": { + "id": "gemnasium", + "name": "Gemnasium", + "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium", + "vendor": { + "name": "GitLab" + }, + "version": "2.24.1" + }, + "type": "dependency_scanning", + "start_time": "2020-12-23T13:43:48", + "end_time": "2020-12-23T13:43:49", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln.json rename to unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v14.json diff --git a/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v15.json b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v15.json new file mode 100644 index 00000000000..a2b5d3b4efa --- /dev/null +++ b/unittests/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v15.json @@ -0,0 +1,623 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "8a562c9eec7059db9bda22cc3b58657c4bd1f4213e87fcae8876635c0d5803d8", + "name": "Nil Pointer Dereference", + "description": "A nil pointer dereference in the `golang.org/x/crypto/ssh` component allows remote attackers to cause a denial of service against SSH servers.", + "cve": "service/go.sum:golang.org/x/crypto:gemnasium:ffb814a0-404c-11eb-b378-0242ac130002", + "severity": "High", + "solution": "Upgrade to version v0.0.0-20201216223049-8b5274cf687f or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20190219172222-a4c6cb3142f2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-ffb814a0-404c-11eb-b378-0242ac130002", + "value": "ffb814a0-404c-11eb-b378-0242ac130002", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/crypto/CVE-2020-29652.yml" + }, + { + "type": "cve", + "name": "CVE-2020-29652", + "value": "CVE-2020-29652", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652" + } + ], + "links": [ + { + "url": "https://go-review.googlesource.com/c/crypto/+/278852" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" + } + ] + }, + { + "id": "e4f855103139f6af7b2ac8c83aa6779fc97a168e06a45235fb6f072cf707c1b5", + "name": "Nil Pointer Dereference", + "description": "A nil pointer dereference in the `golang.org/x/crypto/ssh` component allows remote attackers to cause a denial of service against SSH servers.", + "cve": "service/go.sum:golang.org/x/crypto:gemnasium:ffb814a0-404c-11eb-b378-0242ac130002", + "severity": "High", + "solution": "Upgrade to version v0.0.0-20201216223049-8b5274cf687f or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20190308221718-c2843e01d9a2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-ffb814a0-404c-11eb-b378-0242ac130002", + "value": "ffb814a0-404c-11eb-b378-0242ac130002", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/crypto/CVE-2020-29652.yml" + }, + { + "type": "cve", + "name": "CVE-2020-29652", + "value": "CVE-2020-29652", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652" + } + ], + "links": [ + { + "url": "https://go-review.googlesource.com/c/crypto/+/278852" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" + } + ] + }, + { + "id": "52bd3ac2d5a6e23e85c8e56356e6abefdda9907cba630c6c31e25ef745dd7c5d", + "name": "Nil Pointer Dereference", + "description": "A nil pointer dereference in the `golang.org/x/crypto/ssh` component allows remote attackers to cause a denial of service against SSH servers.", + "cve": "service/go.sum:golang.org/x/crypto:gemnasium:ffb814a0-404c-11eb-b378-0242ac130002", + "severity": "High", + "solution": "Upgrade to version v0.0.0-20201216223049-8b5274cf687f or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20200302210943-78000ba7a073" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-ffb814a0-404c-11eb-b378-0242ac130002", + "value": "ffb814a0-404c-11eb-b378-0242ac130002", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/crypto/CVE-2020-29652.yml" + }, + { + "type": "cve", + "name": "CVE-2020-29652", + "value": "CVE-2020-29652", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652" + } + ], + "links": [ + { + "url": "https://go-review.googlesource.com/c/crypto/+/278852" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652" + } + ] + }, + { + "id": "957c4dc61df3f8927b2ad51a6c25644d9ac75cd902d5c93e6366719118e34180", + "name": "Loop with Unreachable Exit Condition (Infinite Loop)", + "description": "The `x/text` package for Go has a vulnerability in `encoding/unicode` that could lead to the `UTF-16` decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a `UTF16` decoder instantiated with `UseBOM` or `ExpectBOM` to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to `golang.org/x/text/transform.String`.", + "cve": "service/go.sum:golang.org/x/text:gemnasium:8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "severity": "High", + "solution": "Upgrade to version 0.3.3 or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/text" + }, + "version": "v0.3.0" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "value": "8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/text/CVE-2020-14040.yml" + }, + { + "type": "cve", + "name": "CVE-2020-14040", + "value": "CVE-2020-14040", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040" + } + ], + "links": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" + } + ] + }, + { + "id": "f9d0c9f6512b04b2c2414a3cb81389e27c6b73291d3471ff2cf365f7fe8ca388", + "name": "Loop with Unreachable Exit Condition (Infinite Loop)", + "description": "The `x/text` package for Go has a vulnerability in `encoding/unicode` that could lead to the `UTF-16` decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a `UTF16` decoder instantiated with `UseBOM` or `ExpectBOM` to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to `golang.org/x/text/transform.String`.", + "cve": "service/go.sum:golang.org/x/text:gemnasium:8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "severity": "High", + "solution": "Upgrade to version 0.3.3 or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "golang.org/x/text" + }, + "version": "v0.3.2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "value": "8ab0265a-d1a9-4085-a661-0d9d9931f0ad", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/golang.org/x/text/CVE-2020-14040.yml" + }, + { + "type": "cve", + "name": "CVE-2020-14040", + "value": "CVE-2020-14040", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040" + } + ], + "links": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" + } + ] + }, + { + "id": "2d8b607cb56d9866c73cdcf33a016f64b4fa37d909c1dd300037b1ac026a3ca5", + "name": "XML Entity Expansion", + "description": "go-yaml is vulnerable to a Billion Laughs Attack.", + "cve": "service/go.sum:gopkg.in/yaml.v2:gemnasium:7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "severity": "Unknown", + "solution": "Upgrade to version 2.2.3 or above.", + "location": { + "file": "service/go.sum", + "dependency": { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.2" + } + }, + "identifiers": [ + { + "type": "gemnasium", + "name": "Gemnasium-7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "value": "7368f513-0aa9-4e34-a08d-40ea81f48e0e", + "url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/go/gopkg.in/yaml.v2/GMS-2019-2.yml" + } + ], + "links": [ + { + "url": "https://github.com/docker/cli/pull/2117" + } + ] + } + ], + "remediations": [], + "dependency_files": [ + { + "path": "service/go.sum", + "package_manager": "go", + "dependencies": [ + { + "package": { + "name": "github.com/alcortesm/tgz" + }, + "version": "v0.0.0-20161220082320-9c5fe88206d7" + }, + { + "package": { + "name": "github.com/anmitsu/go-shlex" + }, + "version": "v0.0.0-20161002113705-648efa622239" + }, + { + "package": { + "name": "github.com/armon/go-socks5" + }, + "version": "v0.0.0-20160902184237-e75332964ef5" + }, + { + "package": { + "name": "github.com/creack/pty" + }, + "version": "v1.1.9" + }, + { + "package": { + "name": "github.com/davecgh/go-spew" + }, + "version": "v1.1.0" + }, + { + "package": { + "name": "github.com/davecgh/go-spew" + }, + "version": "v1.1.1" + }, + { + "package": { + "name": "github.com/emirpasic/gods" + }, + "version": "v1.12.0" + }, + { + "package": { + "name": "github.com/flynn/go-shlex" + }, + "version": "v0.0.0-20150515145356-3f9db97f8568" + }, + { + "package": { + "name": "github.com/gliderlabs/ssh" + }, + "version": "v0.2.2" + }, + { + "package": { + "name": "github.com/go-git/gcfg" + }, + "version": "v1.5.0" + }, + { + "package": { + "name": "github.com/go-git/go-billy/v5" + }, + "version": "v5.0.0" + }, + { + "package": { + "name": "github.com/go-git/go-git-fixtures/v4" + }, + "version": "v4.0.2-0.20200613231340-f56387b50c12" + }, + { + "package": { + "name": "github.com/go-git/go-git/v5" + }, + "version": "v5.2.0" + }, + { + "package": { + "name": "github.com/golang/protobuf" + }, + "version": "v1.2.0" + }, + { + "package": { + "name": "github.com/google/go-cmp" + }, + "version": "v0.3.0" + }, + { + "package": { + "name": "github.com/google/go-querystring" + }, + "version": "v1.0.0" + }, + { + "package": { + "name": "github.com/hashicorp/go-cleanhttp" + }, + "version": "v0.5.1" + }, + { + "package": { + "name": "github.com/hashicorp/go-hclog" + }, + "version": "v0.9.2" + }, + { + "package": { + "name": "github.com/hashicorp/go-retryablehttp" + }, + "version": "v0.6.4" + }, + { + "package": { + "name": "github.com/imdario/mergo" + }, + "version": "v0.3.9" + }, + { + "package": { + "name": "github.com/jbenet/go-context" + }, + "version": "v0.0.0-20150711004518-d14ea06fba99" + }, + { + "package": { + "name": "github.com/jessevdk/go-flags" + }, + "version": "v1.4.0" + }, + { + "package": { + "name": "github.com/kevinburke/ssh_config" + }, + "version": "v0.0.0-20190725054713-01f96b0aa0cd" + }, + { + "package": { + "name": "github.com/kr/pretty" + }, + "version": "v0.1.0" + }, + { + "package": { + "name": "github.com/kr/pty" + }, + "version": "v1.1.1" + }, + { + "package": { + "name": "github.com/kr/text" + }, + "version": "v0.1.0" + }, + { + "package": { + "name": "github.com/kr/text" + }, + "version": "v0.2.0" + }, + { + "package": { + "name": "github.com/mitchellh/go-homedir" + }, + "version": "v1.1.0" + }, + { + "package": { + "name": "github.com/niemeyer/pretty" + }, + "version": "v0.0.0-20200227124842-a10e7caefd8e" + }, + { + "package": { + "name": "github.com/pkg/errors" + }, + "version": "v0.8.1" + }, + { + "package": { + "name": "github.com/pmezard/go-difflib" + }, + "version": "v1.0.0" + }, + { + "package": { + "name": "github.com/sergi/go-diff" + }, + "version": "v1.1.0" + }, + { + "package": { + "name": "github.com/stretchr/objx" + }, + "version": "v0.1.0" + }, + { + "package": { + "name": "github.com/stretchr/testify" + }, + "version": "v1.2.2" + }, + { + "package": { + "name": "github.com/stretchr/testify" + }, + "version": "v1.4.0" + }, + { + "package": { + "name": "github.com/xanzy/go-gitlab" + }, + "version": "v0.38.2" + }, + { + "package": { + "name": "github.com/xanzy/ssh-agent" + }, + "version": "v0.2.1" + }, + { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20190219172222-a4c6cb3142f2" + }, + { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20190308221718-c2843e01d9a2" + }, + { + "package": { + "name": "golang.org/x/crypto" + }, + "version": "v0.0.0-20200302210943-78000ba7a073" + }, + { + "package": { + "name": "golang.org/x/net" + }, + "version": "v0.0.0-20180724234803-3673e40ba225" + }, + { + "package": { + "name": "golang.org/x/net" + }, + "version": "v0.0.0-20181108082009-03003ca0c849" + }, + { + "package": { + "name": "golang.org/x/net" + }, + "version": "v0.0.0-20190404232315-eb5bcb51f2a3" + }, + { + "package": { + "name": "golang.org/x/net" + }, + "version": "v0.0.0-20200301022130-244492dfa37a" + }, + { + "package": { + "name": "golang.org/x/oauth2" + }, + "version": "v0.0.0-20181106182150-f42d05182288" + }, + { + "package": { + "name": "golang.org/x/sync" + }, + "version": "v0.0.0-20181108010431-42b317875d0f" + }, + { + "package": { + "name": "golang.org/x/sys" + }, + "version": "v0.0.0-20190215142949-d0b11bdaac8a" + }, + { + "package": { + "name": "golang.org/x/sys" + }, + "version": "v0.0.0-20190221075227-b4e8571b14e0" + }, + { + "package": { + "name": "golang.org/x/sys" + }, + "version": "v0.0.0-20190412213103-97732733099d" + }, + { + "package": { + "name": "golang.org/x/sys" + }, + "version": "v0.0.0-20200302150141-5c8b2ff67527" + }, + { + "package": { + "name": "golang.org/x/text" + }, + "version": "v0.3.0" + }, + { + "package": { + "name": "golang.org/x/text" + }, + "version": "v0.3.2" + }, + { + "package": { + "name": "golang.org/x/time" + }, + "version": "v0.0.0-20191024005414-555d28b269f0" + }, + { + "package": { + "name": "golang.org/x/tools" + }, + "version": "v0.0.0-20180917221912-90fa682c2a6e" + }, + { + "package": { + "name": "google.golang.org/appengine" + }, + "version": "v1.3.0" + }, + { + "package": { + "name": "gopkg.in/check.v1" + }, + "version": "v0.0.0-20161208181325-20d25e280405" + }, + { + "package": { + "name": "gopkg.in/check.v1" + }, + "version": "v1.0.0-20190902080502-41f04d3bba15" + }, + { + "package": { + "name": "gopkg.in/check.v1" + }, + "version": "v1.0.0-20200227125254-8fa46927fb4f" + }, + { + "package": { + "name": "gopkg.in/warnings.v0" + }, + "version": "v0.1.2" + }, + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.2" + }, + { + "package": { + "name": "gopkg.in/yaml.v2" + }, + "version": "v2.2.4" + } + ] + } + ], + "scan": { + "scanner": { + "id": "gemnasium", + "name": "Gemnasium", + "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium", + "vendor": { + "name": "GitLab" + }, + "version": "2.24.1" + }, + "type": "dependency_scanning", + "start_time": "2020-12-23T09:49:18", + "end_time": "2020-12-23T09:49:19", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json b/unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json rename to unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v14.json diff --git a/unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json b/unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json new file mode 100644 index 00000000000..921c4820314 --- /dev/null +++ b/unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json @@ -0,0 +1,27 @@ +{ + "version": "2.3", + "vulnerabilities": [ + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "docker-compose.override.unit_tests.yml:4dd25cfea7294af80c58a87f764286ce21ec612e78ae7a208c0a92887870963b:Password in URL", + "severity": "Critical", + "location": { + "file": "docker-compose.override.unit_tests.yml", + "start_line": 19, + "end_line": 19, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + } + ], + "remediations": [] +} diff --git a/unittests/scans/gitlab_sast/gl-sast-report-confidence.json b/unittests/scans/gitlab_sast/gl-sast-report-confidence_v14.json similarity index 100% rename from unittests/scans/gitlab_sast/gl-sast-report-confidence.json rename to unittests/scans/gitlab_sast/gl-sast-report-confidence_v14.json diff --git a/unittests/scans/gitlab_sast/gl-sast-report-confidence_v15.json b/unittests/scans/gitlab_sast/gl-sast-report-confidence_v15.json new file mode 100644 index 00000000000..500c892e7a0 --- /dev/null +++ b/unittests/scans/gitlab_sast/gl-sast-report-confidence_v15.json @@ -0,0 +1,214 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "c4c9c908068d938a0acf63c69b2e37c755bad1920f1a5d7b419ea5ae1a5fe5b1", + "name": "node_username", + "description": "A hardcoded username in plain text is identified. Store it properly in an environment variable.", + "cve": "data/datacreator.js:246:node_username:CWE-798", + "severity": "High", + "location": { + "file": "data/datacreator.js", + "start_line": 246, + "end_line": 246 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_username", + "value": "A hardcoded username in plain text is identified. Store it properly in an environment variable." + }, + { + "type": "cwe", + "name": "CWE-798", + "value": "node_username" + } + ] + }, + { + "id": "5e5c3291fc206c0bc4bd0a1278e78967076ac093ed482fcb38c39ab161025c2f", + "name": "node_username", + "description": "A hardcoded username in plain text is identified. Store it properly in an environment variable.", + "cve": "data/datacreator.js:250:node_username:CWE-798", + "severity": "High", + "location": { + "file": "data/datacreator.js", + "start_line": 250, + "end_line": 250 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_username", + "value": "A hardcoded username in plain text is identified. Store it properly in an environment variable." + }, + { + "type": "cwe", + "name": "CWE-798", + "value": "node_username" + } + ] + }, + { + "id": "5e6efd7a1bef47a9ebef9f1fd11fb11bd01e2f6f0decdd0316d3158750f7d391", + "name": "hardcoded_jwt_secret", + "description": "Hardcoded JWT secret was found. Store it properly in an environment variable.", + "cve": "lib/insecurity.js:9:hardcoded_jwt_secret:CWE-798", + "severity": "High", + "location": { + "file": "lib/insecurity.js", + "start_line": 9, + "end_line": 34 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "hardcoded_jwt_secret", + "value": "Hardcoded JWT secret was found. Store it properly in an environment variable." + }, + { + "type": "cwe", + "name": "CWE-798", + "value": "hardcoded_jwt_secret" + } + ] + }, + { + "id": "46af6f74b3a85f6b9009268e97027b75b378053ee8f81fc9aa8930d65ec2d468", + "name": "node_nosqli_injection", + "description": "Untrusted user input in findOne() function can result in NoSQL Injection.", + "cve": "routes/likeProductReviews.js:13:node_nosqli_injection:CWE-943", + "severity": "High", + "location": { + "file": "routes/likeProductReviews.js", + "start_line": 13, + "end_line": 56 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_nosqli_injection", + "value": "Untrusted user input in findOne() function can result in NoSQL Injection." + }, + { + "type": "cwe", + "name": "CWE-943", + "value": "node_nosqli_injection" + } + ] + }, + { + "id": "ac0fb217a233731d52e8e2558ecaa49d139ccb863b9b9922e82349c2b571d54f", + "name": "node_sqli_injection", + "description": "Untrusted input concatinated with raw SQL query can result in SQL Injection.", + "cve": "routes/login.js:29:node_sqli_injection:CWE-89", + "severity": "High", + "location": { + "file": "routes/login.js", + "start_line": 29, + "end_line": 29 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_sqli_injection", + "value": "Untrusted input concatinated with raw SQL query can result in SQL Injection." + }, + { + "type": "cwe", + "name": "CWE-89", + "value": "node_sqli_injection" + } + ] + }, + { + "id": "cdae14ebd54e5c96817e08c21686eaf72a47738b7c4af80faa6c284b5c8892f1", + "name": "node_ssrf", + "description": "User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).", + "cve": "routes/profileImageUrlUpload.js:15:node_ssrf:CWE-918", + "severity": "High", + "location": { + "file": "routes/profileImageUrlUpload.js", + "start_line": 15, + "end_line": 34 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_ssrf", + "value": "User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF)." + }, + { + "type": "cwe", + "name": "CWE-918", + "value": "node_ssrf" + } + ] + }, + { + "id": "9b5327ba93ebcf995af9d64176e2af564ff23d88b3a545cb2b9020a77d2f1d9a", + "name": "node_ssrf", + "description": "User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).", + "cve": "routes/profileImageUrlUpload.js:17:node_ssrf:CWE-918", + "severity": "High", + "location": { + "file": "routes/profileImageUrlUpload.js", + "start_line": 17, + "end_line": 17 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_ssrf", + "value": "User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF)." + }, + { + "type": "cwe", + "name": "CWE-918", + "value": "node_ssrf" + } + ] + }, + { + "id": "863c039d992efa87e76afe04831d0b986a7f492a6badc3cd04e6cfab4e90ee09", + "name": "node_sqli_injection", + "description": "Untrusted input concatinated with raw SQL query can result in SQL Injection.", + "cve": "routes/search.js:12:node_sqli_injection:CWE-89", + "severity": "High", + "location": { + "file": "routes/search.js", + "start_line": 12, + "end_line": 58 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_sqli_injection", + "value": "Untrusted input concatinated with raw SQL query can result in SQL Injection." + }, + { + "type": "cwe", + "name": "CWE-89", + "value": "node_sqli_injection" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "njsscan", + "name": "njsscan", + "url": "https://github.com/ajinabraham/njsscan", + "vendor": { + "name": "GitLab" + }, + "version": "0.1.9" + }, + "type": "sast", + "start_time": "2020-12-30T07:17:08", + "end_time": "2020-12-30T07:18:45", + "status": "success" + } + } + \ No newline at end of file diff --git a/unittests/scans/gitlab_sast/gl-sast-report-cwe.json b/unittests/scans/gitlab_sast/gl-sast-report-cwe_v14.json similarity index 100% rename from unittests/scans/gitlab_sast/gl-sast-report-cwe.json rename to unittests/scans/gitlab_sast/gl-sast-report-cwe_v14.json diff --git a/unittests/scans/gitlab_sast/gl-sast-report-cwe_v15.json b/unittests/scans/gitlab_sast/gl-sast-report-cwe_v15.json new file mode 100644 index 00000000000..3bf712dcda7 --- /dev/null +++ b/unittests/scans/gitlab_sast/gl-sast-report-cwe_v15.json @@ -0,0 +1,101 @@ +{ + "version": "3.0.0", + "vulnerabilities": [ + { + "id": "38e1bf843be70b01cd6847ba877897acb4185d3445256f818871a4b66c0af712", + "name": "Servlet reflected cross site scripting vulnerability", + "description": "HTTP parameter written to Servlet output in servlets.module.lesson.XssLesson.doPost(HttpServletRequest, HttpServletResponse)", + "cve": "3e7ef723fe684a84eb7f9a94b27d1ea2:XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER:src/main/java/servlets/module/lesson/XssLesson.java:96", + "severity": "High", + "location": { + "file": "src/main/java/servlets/module/lesson/XssLesson.java", + "start_line": 96, + "end_line": 96, + "class": "servlets.module.lesson.XssLesson", + "method": "doPost" + }, + "identifiers": [ + { + "type": "find_sec_bugs_type", + "name": "Find Security Bugs-XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER", + "value": "XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER", + "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#xss-servlet-reflected-cross-site-scripting-vulnerability-xss-request-parameter-to-servlet-writer" + }, + { + "type": "cwe", + "name": "CWE-79", + "value": "79", + "url": "https://cwe.mitre.org/data/definitions/79.html" + } + ] + }, + { + "id": "41be9454f42f7effeefe0ca644a74c2ba64cfe7ad1990c4efd60904afbe94b3c", + "name": "Nonconstant string passed to execute or addBatch method on an SQL statement", + "description": "servlets.module.lesson.SqlInjectionLesson.getSqlInjectionResult(String, String) passes a nonconstant String to an execute or addBatch method on an SQL statement", + "cve": "10b6dd4f1881b067a00b77b2b910e433:SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE:src/main/java/servlets/module/lesson/SqlInjectionLesson.java:136", + "severity": "Medium", + "location": { + "file": "src/main/java/servlets/module/lesson/SqlInjectionLesson.java", + "start_line": 136, + "end_line": 136, + "class": "servlets.module.lesson.SqlInjectionLesson", + "method": "getSqlInjectionResult" + }, + "identifiers": [ + { + "type": "find_sec_bugs_type", + "name": "Find Security Bugs-SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE", + "value": "SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE", + "url": "https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sql-nonconstant-string-passed-to-execute-or-addbatch-method-on-an-sql-statement-sql-nonconstant-string-passed-to-execute" + }, + { + "type": "cwe", + "name": "CWE-89", + "value": 89, + "url": "https://cwe.mitre.org/data/definitions/89.html" + } + ] + }, + { + "id": "46af6f74b3a85f6b9009268e97027b75b378053ee8f81fc9aa8930d65ec2d468", + "name": "node_nosqli_injection", + "description": "Untrusted user input in findOne() function can result in NoSQL Injection.", + "cve": "routes/likeProductReviews.js:13:node_nosqli_injection:CWE-943", + "severity": "High", + "location": { + "file": "routes/likeProductReviews.js", + "start_line": 13, + "end_line": 56 + }, + "identifiers": [ + { + "type": "njsscan_rule_type", + "name": "node_nosqli_injection", + "value": "Untrusted user input in findOne() function can result in NoSQL Injection." + }, + { + "type": "cwe", + "name": "CWE-943", + "value": "node_nosqli_injection" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "find_sec_bugs", + "name": "Find Security Bugs", + "url": "https://spotbugs.github.io", + "vendor": { + "name": "GitLab" + }, + "version": "4.2.0" + }, + "type": "sast", + "start_time": "2020-12-21T17:33:58", + "end_time": "2020-12-21T17:38:43", + "status": "success" + } + } \ No newline at end of file diff --git a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json similarity index 99% rename from unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json rename to unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json index 5efef7ccfd4..32b01fe016c 100644 --- a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json +++ b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json @@ -4091,7 +4091,7 @@ { "category": "sast", "message": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", - "cve": "dojo/tools/whitesource/parser.py:52cbbccfd7b77010f6c50b6ece5cc13b2ba7257ab48b8b35bba8757149365b47:B303", + "cve": "dojo/tools/mend/parser.py:52cbbccfd7b77010f6c50b6ece5cc13b2ba7257ab48b8b35bba8757149365b47:B303", "severity": "Medium", "confidence": "High", "scanner": { @@ -4099,7 +4099,7 @@ "name": "Bandit" }, "location": { - "file": "dojo/tools/whitesource/parser.py", + "file": "dojo/tools/mend/parser.py", "start_line": 85, "end_line": 85, "dependency": { diff --git a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json new file mode 100644 index 00000000000..d436e275820 --- /dev/null +++ b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json @@ -0,0 +1,9737 @@ +{ + "version": "2.3", + "vulnerabilities": [ + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "docker-compose.override.unit_tests.yml:4dd25cfea7294af80c58a87f764286ce21ec612e78ae7a208c0a92887870963b:Password in URL", + "severity": "Critical", + "location": { + "file": "docker-compose.override.unit_tests.yml", + "start_line": 19, + "end_line": 19, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "docker-compose.yml:f118b746c89ea593e3d99a34330b35a9a46270e71dd253f0c9ff29507d3601fe:Password in URL", + "severity": "Critical", + "location": { + "file": "docker-compose.yml", + "start_line": 27, + "end_line": 27, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "PKCS8 key", + "description": "PKCS8 private key detected; please remove and revoke it if this is a leak.", + "cve": "docker/key.pem:3021d90eb9437b2d8f30e8363695c4418b5e5f1870801b5c317e9398ee0f572d:PKCS8", + "severity": "Critical", + "location": { + "file": "docker/key.pem", + "start_line": 1, + "end_line": 52, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "gitleaks_rule_id", + "name": "Gitleaks rule ID PKCS8", + "value": "PKCS8" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/settings/settings.dist.py:ac48da3029b35c40a4126d516386d226bbe00c27f9d6b44834458c29ef9d8779:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/settings/settings.dist.py", + "start_line": 155, + "end_line": 155, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/unittests/scans/sonarqube/sonar-6-findings.html:918c6716cd1d9901f678ac3aaf725ccb381ae66f63c84d3f2001e083743b4971:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-6-findings.html", + "start_line": 2590, + "end_line": 2590, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/unittests/scans/sonarqube/sonar-no-finding.html:918c6716cd1d9901f678ac3aaf725ccb381ae66f63c84d3f2001e083743b4971:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-no-finding.html", + "start_line": 29890, + "end_line": 29890, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html:918c6716cd1d9901f678ac3aaf725ccb381ae66f63c84d3f2001e083743b4971:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html", + "start_line": 359, + "end_line": 359, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/unittests/scans/sonarqube/sonar-single-finding.html:918c6716cd1d9901f678ac3aaf725ccb381ae66f63c84d3f2001e083743b4971:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-single-finding.html", + "start_line": 2539, + "end_line": 2539, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html:918c6716cd1d9901f678ac3aaf725ccb381ae66f63c84d3f2001e083743b4971:Password in URL", + "severity": "Critical", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html", + "start_line": 359, + "end_line": 359, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "entrypoint_scripts/os/linux.sh:4d29e6f03b929e137462e9e8691ff7e7463048983b6ba57fb760aae13c11a75b:Password in URL", + "severity": "Critical", + "location": { + "file": "entrypoint_scripts/os/linux.sh", + "start_line": 136, + "end_line": 136, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "entrypoint_scripts/run/startup-docker.bash:32f21f0a91c39a44f0da1c77143262107220fe53230553d0acfc5f21e09127df:Password in URL", + "severity": "Critical", + "location": { + "file": "entrypoint_scripts/run/startup-docker.bash", + "start_line": 13, + "end_line": 13, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "setup/scripts/common/dojo-shared-resources.sh:cd35d0621aa5b6223a812bc618cda3c037c81973ad3285070f1ac62c7fd04b1f:Password in URL", + "severity": "Critical", + "location": { + "file": "setup/scripts/common/dojo-shared-resources.sh", + "start_line": 493, + "end_line": 493, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "name": "Password in URL", + "description": "Password in URL detected; please remove and revoke it if this is a leak.", + "cve": "setup/scripts/os/linux.sh:4d29e6f03b929e137462e9e8691ff7e7463048983b6ba57fb760aae13c11a75b:Password in URL", + "severity": "Critical", + "location": { + "file": "setup/scripts/os/linux.sh", + "start_line": 282, + "end_line": 282, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "trufflehog_rule_id", + "name": "TruffleHog rule ID Password in URL", + "value": "Password in URL" + } + ] + }, + { + "cve": "tests/check_status.py:b75a5383b20ff7998b549669f81157bb6a63ec522d4f63306a262a7ee971ef50:B501", + "severity": "High", + "location": { + "file": "tests/check_status.py", + "start_line": 61, + "end_line": 61, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B501", + "value": "B501", + "url": "https://docs.openstack.org/bandit/latest/plugins/b501_request_with_no_cert_validation.html" + } + ] + }, + { + "cve": "tests/check_status.py:c8197e0544a456059ce0a2351c220a09095cec8f353771255682a54a14fb182c:B501", + "severity": "High", + "location": { + "file": "tests/check_status.py", + "start_line": 70, + "end_line": 70, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B501", + "value": "B501", + "url": "https://docs.openstack.org/bandit/latest/plugins/b501_request_with_no_cert_validation.html" + } + ] + }, + { + "cve": "tests/check_status.py:c8197e0544a456059ce0a2351c220a09095cec8f353771255682a54a14fb182c:B501", + "severity": "High", + "location": { + "file": "tests/check_status.py", + "start_line": 79, + "end_line": 79, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B501", + "value": "B501", + "url": "https://docs.openstack.org/bandit/latest/plugins/b501_request_with_no_cert_validation.html" + } + ] + }, + { + "cve": "tests/check_status.py:c8197e0544a456059ce0a2351c220a09095cec8f353771255682a54a14fb182c:B501", + "severity": "High", + "location": { + "file": "tests/check_status.py", + "start_line": 51, + "end_line": 51, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B501", + "value": "B501", + "url": "https://docs.openstack.org/bandit/latest/plugins/b501_request_with_no_cert_validation.html" + } + ] + }, + { + "cve": "dojo/finding/views.py:1a36ff64cacd4285dd7cf6eb408304de6885feba5761b1754de34259dfc983f8:B308", + "severity": "Medium", + "location": { + "file": "dojo/finding/views.py", + "start_line": 1293, + "end_line": 1295, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/finding/views.py:1a36ff64cacd4285dd7cf6eb408304de6885feba5761b1754de34259dfc983f8:B703", + "severity": "Medium", + "location": { + "file": "dojo/finding/views.py", + "start_line": 1293, + "end_line": 1295, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/forms.py:30697c2b83aa3f80d65bc3a8e90fce40b00d1909d11aa2461e6150d221af2c5e:B308", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 122, + "end_line": 122, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/forms.py:30697c2b83aa3f80d65bc3a8e90fce40b00d1909d11aa2461e6150d221af2c5e:B703", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 122, + "end_line": 122, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B308", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 58, + "end_line": 58, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B308", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 50, + "end_line": 50, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B308", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 42, + "end_line": 42, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B703", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 50, + "end_line": 50, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B703", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 42, + "end_line": 42, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/forms.py:a0090bb4aff12faf70e10e7b9a7237bc1c9dfc0318970659651a92fd20b828c9:B703", + "severity": "Medium", + "location": { + "file": "dojo/forms.py", + "start_line": 58, + "end_line": 58, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/google_sheet/views.py:3179111f4a512eb1bce4d1849a63a4f44c60ba701a7a1cd0867d9b701deb911e:B307", + "severity": "Medium", + "location": { + "file": "dojo/google_sheet/views.py", + "start_line": 788, + "end_line": 788, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B307", + "value": "B307" + } + ] + }, + { + "cve": "dojo/google_sheet/views.py:a58bd7716041e6ee1c32bc8be9bc66f87601c075f021de22b29eb8bd6b82ee2b:B307", + "severity": "Medium", + "location": { + "file": "dojo/google_sheet/views.py", + "start_line": 786, + "end_line": 786, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B307", + "value": "B307" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:036a2fcffa4cad42c948dab73377334e3df3a8664bed0f34cfb217d3739c5bdd:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 181, + "end_line": 181, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:036a2fcffa4cad42c948dab73377334e3df3a8664bed0f34cfb217d3739c5bdd:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 204, + "end_line": 204, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:036a2fcffa4cad42c948dab73377334e3df3a8664bed0f34cfb217d3739c5bdd:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 163, + "end_line": 163, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:1777dbb9d46e7f34a15f6f79678bc2951f92a2a218721c0e6ce1819f47fbc771:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 374, + "end_line": 374, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:1777dbb9d46e7f34a15f6f79678bc2951f92a2a218721c0e6ce1819f47fbc771:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 295, + "end_line": 295, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:1777dbb9d46e7f34a15f6f79678bc2951f92a2a218721c0e6ce1819f47fbc771:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 295, + "end_line": 295, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:1777dbb9d46e7f34a15f6f79678bc2951f92a2a218721c0e6ce1819f47fbc771:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 374, + "end_line": 374, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:180f6c3138ca70881e3f966a7f50c995ac06762132106acf5baf6029fbb6ef87:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 139, + "end_line": 139, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:22c625c4b5195514ed916b531e05d03183859070f7c90ac74adf080032e4284a:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 160, + "end_line": 160, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:24efac74b9185d9613acb0862a7dacdbcf9fe5702675a48d27656f6fd1e65caf:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 384, + "end_line": 384, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:24efac74b9185d9613acb0862a7dacdbcf9fe5702675a48d27656f6fd1e65caf:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 316, + "end_line": 316, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:24efac74b9185d9613acb0862a7dacdbcf9fe5702675a48d27656f6fd1e65caf:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 384, + "end_line": 384, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:24efac74b9185d9613acb0862a7dacdbcf9fe5702675a48d27656f6fd1e65caf:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 316, + "end_line": 316, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:2aeb539f51f9dbafa0f7c397f5bf5b3c568132af9d5d260d72bd9567eec9f3d6:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 228, + "end_line": 228, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:2aeb539f51f9dbafa0f7c397f5bf5b3c568132af9d5d260d72bd9567eec9f3d6:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 228, + "end_line": 228, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:3952aadd50072f2f4f87233cdee91d09075522b1097850d7b2d7be4fe7ca4d8b:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 145, + "end_line": 148, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:3952aadd50072f2f4f87233cdee91d09075522b1097850d7b2d7be4fe7ca4d8b:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 145, + "end_line": 148, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:3a19db702835df97699dba14514d491897110cc440183b72e448e54844bf6172:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 239, + "end_line": 239, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:3a19db702835df97699dba14514d491897110cc440183b72e448e54844bf6172:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 239, + "end_line": 239, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:96af52918a417777a4fcc830be862544ad4b29d4db9d36ab9507aef7d255a2b6:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 233, + "end_line": 233, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:96af52918a417777a4fcc830be862544ad4b29d4db9d36ab9507aef7d255a2b6:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 233, + "end_line": 233, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:d40780ead5af790dc78de5d21af7d853a565a33012dfaacd2718fad55e632dce:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 215, + "end_line": 215, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:d40780ead5af790dc78de5d21af7d853a565a33012dfaacd2718fad55e632dce:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 193, + "end_line": 193, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:d40780ead5af790dc78de5d21af7d853a565a33012dfaacd2718fad55e632dce:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 193, + "end_line": 193, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:d40780ead5af790dc78de5d21af7d853a565a33012dfaacd2718fad55e632dce:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 215, + "end_line": 215, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:e183821e1294de2c84f8608fc24af8bae0f2bf199520f6848b36948682f8df82:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 305, + "end_line": 305, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:e183821e1294de2c84f8608fc24af8bae0f2bf199520f6848b36948682f8df82:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 365, + "end_line": 365, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:e183821e1294de2c84f8608fc24af8bae0f2bf199520f6848b36948682f8df82:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 365, + "end_line": 365, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:e183821e1294de2c84f8608fc24af8bae0f2bf199520f6848b36948682f8df82:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 305, + "end_line": 305, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:ea4c6ab95275b82f672fe021f7acf64df297d15274c8bf5faffde8600ca92f1b:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 142, + "end_line": 142, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:fd09529cdd2dccb3553e2faa9d6f5468b0d874e131be03a280c72d19843b8d7f:B308", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 170, + "end_line": 170, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/reports/widgets.py:fd09529cdd2dccb3553e2faa9d6f5468b0d874e131be03a280c72d19843b8d7f:B703", + "severity": "Medium", + "location": { + "file": "dojo/reports/widgets.py", + "start_line": 170, + "end_line": 170, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0d30f007e501126c5fe9c88c0d0e38c6cc86eb04596f959dbf1b983c3c602acb:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 566, + "end_line": 566, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0d30f007e501126c5fe9c88c0d0e38c6cc86eb04596f959dbf1b983c3c602acb:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 566, + "end_line": 566, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0f311263567a8a02c5c8ac3c670e58b329c73e61d05accc52905838cb3631633:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 618, + "end_line": 618, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0f311263567a8a02c5c8ac3c670e58b329c73e61d05accc52905838cb3631633:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 618, + "end_line": 618, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0f9b1254dd27c226bbcb1844593e4c00335b4dd1c581cb78c4d96ef48d8c933b:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 626, + "end_line": 626, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:0f9b1254dd27c226bbcb1844593e4c00335b4dd1c581cb78c4d96ef48d8c933b:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 626, + "end_line": 626, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:122989ed5997ffdb34c840bb23d98b4169d2cc1f28d7975d6074ea5a9ba6555b:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 624, + "end_line": 624, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:122989ed5997ffdb34c840bb23d98b4169d2cc1f28d7975d6074ea5a9ba6555b:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 624, + "end_line": 624, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1232e36a125a80f7a0026464a727b30d65b781178b035695f7b3e45a2857c57d:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 570, + "end_line": 570, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1232e36a125a80f7a0026464a727b30d65b781178b035695f7b3e45a2857c57d:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 570, + "end_line": 570, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1b5d1acdb6ede987d7a341e2c79e09ca9d79a2bc68ede5e05d19e005fc0874b4:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 620, + "end_line": 620, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1b5d1acdb6ede987d7a341e2c79e09ca9d79a2bc68ede5e05d19e005fc0874b4:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 620, + "end_line": 620, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:27c175394c9e8e6a172c47c86981ef93c4224e0abfa7c62e31a0ff0a9749fca7:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 604, + "end_line": 604, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:27c175394c9e8e6a172c47c86981ef93c4224e0abfa7c62e31a0ff0a9749fca7:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 604, + "end_line": 604, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:2c6421ab3d61d072bb103297b37db1fa2ecce7028d71e976f6ff1d5bd10eb8ee:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 622, + "end_line": 622, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:2c6421ab3d61d072bb103297b37db1fa2ecce7028d71e976f6ff1d5bd10eb8ee:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 622, + "end_line": 622, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:2ef7cedb22cdfbf69d3531f9aad7e1553b6d1bcfa5d65543d304ddd4083ff79e:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 608, + "end_line": 608, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:2ef7cedb22cdfbf69d3531f9aad7e1553b6d1bcfa5d65543d304ddd4083ff79e:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 608, + "end_line": 608, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:41f621be7e6b2d8321b928f81fb20a92f2bbcc8a904fac9431da37bc8cd567bd:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 606, + "end_line": 606, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:41f621be7e6b2d8321b928f81fb20a92f2bbcc8a904fac9431da37bc8cd567bd:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 606, + "end_line": 606, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:443c2db185d3cb20727cfc61ac46870f3f71c37a1fe7c3b62081a44ec6ffe8cd:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 596, + "end_line": 596, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:443c2db185d3cb20727cfc61ac46870f3f71c37a1fe7c3b62081a44ec6ffe8cd:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 596, + "end_line": 596, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:5790a486535a0410f29f0a5aad559e38e99490ef408cf62957fdfd561414fbfa:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 135, + "end_line": 135, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:5790a486535a0410f29f0a5aad559e38e99490ef408cf62957fdfd561414fbfa:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 135, + "end_line": 135, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:64e8d0dc13933001e5c46adc5c9a5f2ff4adb709b184b191bc62a96e5d36bb48:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 108, + "end_line": 108, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:64e8d0dc13933001e5c46adc5c9a5f2ff4adb709b184b191bc62a96e5d36bb48:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 108, + "end_line": 108, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:84623a8efe67663d5136a6024c9732a72188b8372a07de66e5c4609fafc5851a:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 588, + "end_line": 588, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:84623a8efe67663d5136a6024c9732a72188b8372a07de66e5c4609fafc5851a:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 588, + "end_line": 588, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:8d1b7b342ae3a851cc81f019566c59865c337048f544f45189b33c787664bb6e:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 564, + "end_line": 564, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:8d1b7b342ae3a851cc81f019566c59865c337048f544f45189b33c787664bb6e:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 564, + "end_line": 564, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:966faebd1155aa824a0d229514ee2ad0c82cdd061035f3cded93730331c58d7c:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 572, + "end_line": 572, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:966faebd1155aa824a0d229514ee2ad0c82cdd061035f3cded93730331c58d7c:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 572, + "end_line": 572, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:97df1a3d77959fcae6426514e1c53cbcebc65448ddbbe989fbc402489bb8f8b7:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 634, + "end_line": 634, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:97df1a3d77959fcae6426514e1c53cbcebc65448ddbbe989fbc402489bb8f8b7:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 634, + "end_line": 634, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:9c779cbf390307832a61784029abf2614b822c696d06d876aef39fc8c606af46:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 590, + "end_line": 590, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:9c779cbf390307832a61784029abf2614b822c696d06d876aef39fc8c606af46:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 590, + "end_line": 590, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:a0d1cd338707f1d259784c40577dff57578fb4e6b8882e8a9091a6f7530fbbdf:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 616, + "end_line": 616, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:a0d1cd338707f1d259784c40577dff57578fb4e6b8882e8a9091a6f7530fbbdf:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 616, + "end_line": 616, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:c17fee716e095b80cdbd7d54a52de7b16aa8fdac7dc988a9f5c9704d0ea917ce:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 594, + "end_line": 594, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:c17fee716e095b80cdbd7d54a52de7b16aa8fdac7dc988a9f5c9704d0ea917ce:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 594, + "end_line": 594, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:c4c57127d0c3d1964e4c99e1e9f973ef95d7891f621d83e3620efbf9dc12d441:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 592, + "end_line": 592, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:c4c57127d0c3d1964e4c99e1e9f973ef95d7891f621d83e3620efbf9dc12d441:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 592, + "end_line": 592, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:cc7ec564aec514b3b53c574fded8aa38f63f03087fe54fc1d59d490a682abfff:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 60, + "end_line": 60, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:cc7ec564aec514b3b53c574fded8aa38f63f03087fe54fc1d59d490a682abfff:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 60, + "end_line": 60, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e29c477f99e8f3c200f373b50ed5e5df1030389f41322c3ffffc85a6fdef5d19:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 562, + "end_line": 562, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e29c477f99e8f3c200f373b50ed5e5df1030389f41322c3ffffc85a6fdef5d19:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 562, + "end_line": 562, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e7812e2b73f1bd44ff588dbf3ace6114635688bf2c1c380e6889b3cacdd1ba4d:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 337, + "end_line": 337, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e7812e2b73f1bd44ff588dbf3ace6114635688bf2c1c380e6889b3cacdd1ba4d:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 337, + "end_line": 337, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e8f95b1755393ef559183fb5027b402377fe8bdd371e3526a58b3cd2f1dac90f:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 642, + "end_line": 642, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:e8f95b1755393ef559183fb5027b402377fe8bdd371e3526a58b3cd2f1dac90f:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 642, + "end_line": 642, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:f249142c577065fc7b2249852f7db81d8c00cf3827c1adcab72bf8cda3abaf77:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 568, + "end_line": 568, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:f249142c577065fc7b2249852f7db81d8c00cf3827c1adcab72bf8cda3abaf77:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 568, + "end_line": 568, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:fdde08c891bf6d63b6698dd5291857f417464cde2cf2a8f6f1781ab66b26b6a7:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 443, + "end_line": 443, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:459a3afaf3f411633787691308be69132eb7150eadaa69c557f32e2d9f50c261:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 134, + "end_line": 134, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:8c80a09327a61007c74f10b737ddcf11cc6977819d852ecc8a551fa4ad17bdaf:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 139, + "end_line": 139, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:aeaab78b80d46c804e7fd0237c0b0272ae6e7fa1a6b87355908f619a27d79c3e:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 29, + "end_line": 29, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:aeaab78b80d46c804e7fd0237c0b0272ae6e7fa1a6b87355908f619a27d79c3e:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 29, + "end_line": 29, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:f80b5bb842ed18247cfa3a639c71b9d249feb116e6c008588ab1e72b98cd1681:B308", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 77, + "end_line": 77, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B308", + "value": "B308" + } + ] + }, + { + "cve": "dojo/templatetags/navigation_tags.py:f80b5bb842ed18247cfa3a639c71b9d249feb116e6c008588ab1e72b98cd1681:B703", + "severity": "Medium", + "location": { + "file": "dojo/templatetags/navigation_tags.py", + "start_line": 77, + "end_line": 77, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B703", + "value": "B703" + } + ] + }, + { + "cve": "dojo/tools/acunetix/parser_helper.py:5624b9f257743c82ff40294c9a7660bb22731d7964a67a456200a713f03d34b4:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/acunetix/parser_helper.py", + "start_line": 24, + "end_line": 24, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/blackduck/parser.py:0103fabc08063f8578c7c57649e94b36171f79f5a8913fb7db684100eeeff624:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/blackduck/parser.py", + "start_line": 36, + "end_line": 37, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/bundler_audit/parser.py:1e8afbcd739b24028c1d2f46748066ffc7552104461abed802ad9712541d2763:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/bundler_audit/parser.py", + "start_line": 48, + "end_line": 48, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/burp/parser.py:0c5fb6e0c48e4d929a0c216acb4269ab8a3d4ba31e1b84f5182bb1871b61cfb7:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/burp/parser.py", + "start_line": 63, + "end_line": 63, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/burp/parser.py:c793da06d0684b9744e5b2db1897581024e40511b62c5799c1248a70b85ccb53:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/burp/parser.py", + "start_line": 70, + "end_line": 70, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/cobalt/parser.py:49b5550cea992e995fec56fc3656c028626cf23ed78f453f9dd3f8f8bb708335:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/cobalt/parser.py", + "start_line": 46, + "end_line": 46, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/contrast/parser.py:201f2506423a7509b04958cb52cecef9b76c5643365c46e26eb78d38d4a13900:B104", + "severity": "Medium", + "location": { + "file": "dojo/tools/contrast/parser.py", + "start_line": 91, + "end_line": 91, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B104", + "value": "B104", + "url": "https://docs.openstack.org/bandit/latest/plugins/b104_hardcoded_bind_all_interfaces.html" + } + ] + }, + { + "cve": "dojo/tools/contrast/parser.py:7e86a0ba581c320828d653b03fe5c75f220a7345ae706dd9fc125086224c08cb:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/contrast/parser.py", + "start_line": 33, + "end_line": 33, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/dawnscanner/parser.py:c25465d01d23706a581396e93a724f0f0b50df2d4030f3e1d59e72c1128f492a:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/dawnscanner/parser.py", + "start_line": 43, + "end_line": 43, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/dependency_check/parser.py:54c33ace789fc3d44625228b7ad4a9cfc8d27e85cca1d02660317b0e4f6af0ab:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/dependency_check/parser.py", + "start_line": 125, + "end_line": 125, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/generic/parser.py:0999f0165c8838b46df99da5f883da57e40cc8ed8eebecf31615b186f9a1154a:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/generic/parser.py", + "start_line": 338, + "end_line": 338, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/h1/parser.py:8024e53a017c99ccb251d2f70bcc3e60a033fd9f55306686de975d1b01b9bbec:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/h1/parser.py", + "start_line": 59, + "end_line": 59, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/ibm_app/parser.py:0acada6e436d14c9e6d62a4a0719a3e3684e2b4622ded796f5f5f5d4cbd61989:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/ibm_app/parser.py", + "start_line": 80, + "end_line": 80, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/immuniweb/parser.py:3cc6f6b411d3d6e162efb7a9bc710b473a689638a05b161eb40c7b0084af8ffc:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/immuniweb/parser.py", + "start_line": 62, + "end_line": 62, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/kiuwan/parser.py:4d04066e6857ecc8e5f5f428a7c4419817177ad950d1028b4e531bbf485cd487:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/kiuwan/parser.py", + "start_line": 83, + "end_line": 83, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/microfocus_webinspect/parser.py:eea6ab266612ed97736103a4bd4d62004e68889d509ac2ae3546ab47f8e9b7cf:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/microfocus_webinspect/parser.py", + "start_line": 70, + "end_line": 70, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/mozilla_observatory/parser.py:227fad54cd6a22727423321a2f00a1d9f2773da56236922b288a775b6ff614ed:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/mozilla_observatory/parser.py", + "start_line": 47, + "end_line": 47, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/nikto/parser.py:802632239706a7812580910732e8f09df3e34955060283397faf9dc3279b1889:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/nikto/parser.py", + "start_line": 59, + "end_line": 59, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/nmap/parser.py:1d5dab23203edfe47cc3bb1516af3aeb54a4e54b16793d4dea24432250c3fe6a:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/nmap/parser.py", + "start_line": 16, + "end_line": 16, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/openscap/parser.py:78ad2547f504d29e462b82784e77b8313397e91eac6645ea84d7d5e7ed934c15:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/openscap/parser.py", + "start_line": 64, + "end_line": 64, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/openvas_csv/parser.py:63bb9ca2bdadf712d2ff3a5dd39345e99873fe8ab0748cdb93b8c2dbad69d534:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/openvas_csv/parser.py", + "start_line": 339, + "end_line": 339, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/qualys/parser.py:f4d36e5f17394f2eb1e261e90df78aa9a04db3ae7880bcc619c7ae838ac48d5a:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/qualys/parser.py", + "start_line": 212, + "end_line": 212, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/qualys_webapp/parser.py:4bc8bc8a3ea378ff4ae121c5a307efac025f3e590dda3550ab5aea1adf6da36e:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/qualys_webapp/parser.py", + "start_line": 144, + "end_line": 144, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/retirejs/parser.py:75c8b1f94d79f55f50bc0defb71d386049cf6bb89fac6f411613fb2d86eea1ed:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/retirejs/parser.py", + "start_line": 45, + "end_line": 45, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/safety/parser.py:d31826e17ae93489b9744de869d4e407304fe51f4c25fe5a1a272fd1bc14670c:B310", + "severity": "Medium", + "location": { + "file": "dojo/tools/safety/parser.py", + "start_line": 11, + "end_line": 11, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B310", + "value": "B310" + } + ] + }, + { + "cve": "dojo/tools/skf/parser.py:6169d2559920d062dbbe2717cb462c4ad8b82cf558ba16abe317d45302d1b568:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/skf/parser.py", + "start_line": 135, + "end_line": 135, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/sonarqube/parser.py:19e9efc69a6b9013834977fd3f953646857a13369fb321ce42c04e30f9534672:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/sonarqube/parser.py", + "start_line": 14, + "end_line": 14, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/sonarqube_api/importer.py:dbe06ea0c7925d869fb9f24e452be6ced16e56aa414d3e7e81820ddaf46c94cc:B320", + "severity": "Medium", + "location": { + "file": "dojo/tools/sonarqube_api/importer.py", + "start_line": 159, + "end_line": 159, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/tools/sslscan/parser.py:d07e3f666f367b2d3bfdfff63549e8f999c7070f9eba408a3aabee18876eb60c:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/sslscan/parser.py", + "start_line": 52, + "end_line": 52, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/sslyze/parser.py:d07e3f666f367b2d3bfdfff63549e8f999c7070f9eba408a3aabee18876eb60c:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/sslyze/parser.py", + "start_line": 101, + "end_line": 101, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/testssl/parser.py:d07e3f666f367b2d3bfdfff63549e8f999c7070f9eba408a3aabee18876eb60c:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/testssl/parser.py", + "start_line": 57, + "end_line": 57, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/trufflehog/parser.py:eb8a35b1e8d290d29090630f165593a7507a4f8a6ac4e857ea5d38962b0ec340:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/trufflehog/parser.py", + "start_line": 40, + "end_line": 40, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/trustwave/parser.py:bd260e0162a79501cc8b2ef81745123d36363fc2d74c1b0cea4f07adfa530253:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/trustwave/parser.py", + "start_line": 178, + "end_line": 178, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/vcg/parser.py:ea3547b9aedbf2dd59d30565d48e05f1e1d663b4f25439b6d95d27eb68505d63:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/vcg/parser.py", + "start_line": 172, + "end_line": 172, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/vcg/parser.py:ea3547b9aedbf2dd59d30565d48e05f1e1d663b4f25439b6d95d27eb68505d63:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/vcg/parser.py", + "start_line": 112, + "end_line": 112, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/wapiti/parser.py:eea6ab266612ed97736103a4bd4d62004e68889d509ac2ae3546ab47f8e9b7cf:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/wapiti/parser.py", + "start_line": 63, + "end_line": 63, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/mend/parser.py:52cbbccfd7b77010f6c50b6ece5cc13b2ba7257ab48b8b35bba8757149365b47:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/mend/parser.py", + "start_line": 85, + "end_line": 85, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/tools/wpscan/parser.py:bc6b119fd1d8a48a663fb350ce9936813d44148315817875658848c0606b9d62:B303", + "severity": "Medium", + "location": { + "file": "dojo/tools/wpscan/parser.py", + "start_line": 54, + "end_line": 54, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B303", + "value": "B303" + } + ] + }, + { + "cve": "dojo/wsgi.py:8f83be41ce233ffdd3ba538f5cf8dcbc594351800eea73148308f607f57ee863:B104", + "severity": "Medium", + "location": { + "file": "dojo/wsgi.py", + "start_line": 53, + "end_line": 53, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B104", + "value": "B104", + "url": "https://docs.openstack.org/bandit/latest/plugins/b104_hardcoded_bind_all_interfaces.html" + } + ] + }, + { + "cve": "tests/validate_acunetix_scan_xml.py:5624b9f257743c82ff40294c9a7660bb22731d7964a67a456200a713f03d34b4:B320", + "severity": "Medium", + "location": { + "file": "tests/validate_acunetix_scan_xml.py", + "start_line": 15, + "end_line": 15, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B320", + "value": "B320" + } + ] + }, + { + "cve": "dojo/benchmark/views.py:c988492d15a140a3b200ee45ef43f60934d984d5b90b035d160b2df9cdbf500d:B110", + "severity": "Low", + "location": { + "file": "dojo/benchmark/views.py", + "start_line": 26, + "end_line": 26, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/cred/views.py:bca9484e5547f64d3a0cc1a228028b87eaa866bfa32ed0e6f01e695d40348a24:B110", + "severity": "Low", + "location": { + "file": "dojo/cred/views.py", + "start_line": 602, + "end_line": 602, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/finding/views.py:ea88e3621f293029f0be0a07923f647c3f31929cac53117009219c0da3cb486e:B110", + "severity": "Low", + "location": { + "file": "dojo/finding/views.py", + "start_line": 1097, + "end_line": 1097, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/google_sheet/views.py:0d99d8da76a3f9f531a267e26ee81770b4e4cf9b69f329ed72738dee376e6a2e:B110", + "severity": "Low", + "location": { + "file": "dojo/google_sheet/views.py", + "start_line": 402, + "end_line": 402, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/google_sheet/views.py:7f3ea599070d54d4357e3c0a97a717ee2a63de9a0f56c489e7ce1e61555b155f:B110", + "severity": "Low", + "location": { + "file": "dojo/google_sheet/views.py", + "start_line": 312, + "end_line": 312, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/middleware.py:134dadbf05483a5ef25ece4de17484c6d7ee52b1954640def46dcd811e987bf6:B101", + "severity": "Low", + "location": { + "file": "dojo/middleware.py", + "start_line": 31, + "end_line": 36, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "dojo/models.py:4728303944c6bbf8b9fa2df9f108f60d3ed619f32dd5484f6f70e23feee8f594:B105", + "severity": "Low", + "location": { + "file": "dojo/models.py", + "start_line": 1822, + "end_line": 1822, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B105", + "value": "B105", + "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" + } + ] + }, + { + "cve": "dojo/models.py:b8547f6af0a7532068fd37deb8dc2c5b5e721ca91d52960b63a8f57344c4747b:B105", + "severity": "Low", + "location": { + "file": "dojo/models.py", + "start_line": 1824, + "end_line": 1824, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B105", + "value": "B105", + "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" + } + ] + }, + { + "cve": "dojo/okta.py:ed0865cc9fe7680777b1dc5425c2122ff86a77b4e35553e741e6c5c952c1d833:B105", + "severity": "Low", + "location": { + "file": "dojo/okta.py", + "start_line": 69, + "end_line": 69, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B105", + "value": "B105", + "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" + } + ] + }, + { + "cve": "dojo/okta.py:f5dca5b0a23106e19e0b7cc47bda0a13e1f5b37bac4a9cd9420874e290c9088d:B105", + "severity": "Low", + "location": { + "file": "dojo/okta.py", + "start_line": 36, + "end_line": 36, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B105", + "value": "B105", + "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html" + } + ] + }, + { + "cve": "dojo/product/views.py:cf996664718e6b84aaa94f5e80ee016f29ffed64e074662d8a1d8267f0c77598:B110", + "severity": "Low", + "location": { + "file": "dojo/product/views.py", + "start_line": 564, + "end_line": 564, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1ae99eae2ca3d9ad9478620b191075ca9fcb52db25824784b4a41ad03228c268:B311", + "severity": "Low", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 408, + "end_line": 408, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B311", + "value": "B311" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:1b7f212d248d62df8555cc93aea885b9f08e9546cd6e561610a322bb8c4e6042:B110", + "severity": "Low", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 302, + "end_line": 302, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:54c2ed9b789ed5da2d7a7f450cb6b96d836c21c17c852670bfac29544e6d4c3a:B110", + "severity": "Low", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 506, + "end_line": 506, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/templatetags/display_tags.py:f8fd75c0acde92adece2cd6186bde8494a4e1ca816ddaebffdf0377eeb63242c:B311", + "severity": "Low", + "location": { + "file": "dojo/templatetags/display_tags.py", + "start_line": 380, + "end_line": 380, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B311", + "value": "B311" + } + ] + }, + { + "cve": "dojo/tools/acunetix/parser_helper.py:d9c198cb448ea07d896bca670d26bbb050841a3420f3626498387815191b3203:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/acunetix/parser_helper.py", + "start_line": 3, + "end_line": 3, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/acunetix/parser_helper.py:df5fc3aac40e61145ad26a493655beb7ce8f1da45cb950aa4d510a638c89c340:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/acunetix/parser_helper.py", + "start_line": 2, + "end_line": 2, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/burp/parser.py:94a935dd00fd2a2ebdc42d605a46cb7f5f7fa43c3c2734534b4f4e0f75701f2b:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/burp/parser.py", + "start_line": 12, + "end_line": 12, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/kiuwan/parser.py:b644f1fec7a87fe4373190f8ebb8bbe7e7ebc669ca61c51dba06f61e0708a7e5:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/kiuwan/parser.py", + "start_line": 74, + "end_line": 74, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/microfocus_webinspect/parser.py:2ada57343510b672d4d963454207d279aec27e78a0582b311df3df29fb76a4f0:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/microfocus_webinspect/parser.py", + "start_line": 117, + "end_line": 117, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/nmap/parser.py:bce553e3b09674e6a6125fb3a0cdcc621572e34ba7c1264dc3f6813c15d49be3:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/nmap/parser.py", + "start_line": 2, + "end_line": 2, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/openscap/parser.py:2ada57343510b672d4d963454207d279aec27e78a0582b311df3df29fb76a4f0:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/openscap/parser.py", + "start_line": 120, + "end_line": 120, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/openscap/parser.py:58e6a7cb38a5b6cddfb0df163d35a6b1156e367e418ad22a2401e62015b384d7:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/openscap/parser.py", + "start_line": 55, + "end_line": 55, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/qualys/parser.py:d4df7250950bfaaeb5d748ac0d79d837651eeb1e6f16e0c537dbadc27a428174:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/qualys/parser.py", + "start_line": 18, + "end_line": 18, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/qualys_webapp/parser.py:d4df7250950bfaaeb5d748ac0d79d837651eeb1e6f16e0c537dbadc27a428174:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/qualys_webapp/parser.py", + "start_line": 13, + "end_line": 13, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/sonarqube/parser.py:4f6a24a1086d429277287a8574e24b193f3638406e58e9a80e7d68eebb91024f:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/sonarqube/parser.py", + "start_line": 1, + "end_line": 1, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/sonarqube_api/importer.py:678f945f5af5f7299602ceb5390e50042ebd7cb63f2418b546fd7871b8d58645:B410", + "severity": "Low", + "location": { + "file": "dojo/tools/sonarqube_api/importer.py", + "start_line": 4, + "end_line": 4, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "dojo/tools/testssl/parser.py:2ada57343510b672d4d963454207d279aec27e78a0582b311df3df29fb76a4f0:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/testssl/parser.py", + "start_line": 98, + "end_line": 98, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/wapiti/parser.py:2ada57343510b672d4d963454207d279aec27e78a0582b311df3df29fb76a4f0:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/wapiti/parser.py", + "start_line": 111, + "end_line": 111, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/wpscan/parser.py:9eefa5df69d920528497986083a686694f36618af3df510e67f574575e268077:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/wpscan/parser.py", + "start_line": 27, + "end_line": 27, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/tools/zap/parser.py:2c7efcf155541cf48317870607f8537f7a7da8f370001716cad6b18b031731d4:B110", + "severity": "Low", + "location": { + "file": "dojo/tools/zap/parser.py", + "start_line": 154, + "end_line": 154, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "dojo/unittests/test_api_v1.py:2c944926db291952b7cca0ec9c28a004abb5ce5ccbcc054a1b077b8e745f8766:B311", + "severity": "Low", + "location": { + "file": "dojo/unittests/test_api_v1.py", + "start_line": 28, + "end_line": 28, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B311", + "value": "B311" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:0115b13a8c1742ecfce96e34469ff9906e5387b1934b2e4a3d51fdd4eb7aea0a:B110", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 271, + "end_line": 271, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B110", + "value": "B110", + "url": "https://docs.openstack.org/bandit/latest/plugins/b110_try_except_pass.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:23f1fc4b4c60fb3616d5bbe78930e8f2ceb581d4272ea8a8f9bf73c7ac982403:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 150, + "end_line": 150, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:5a098258f5abaff5e93231ba498f693ffcec0a983952e3320f6aea33d23c2f23:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 314, + "end_line": 314, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:646cbbbdfb6b839a4b412ce958d1622f2096e7870843a18b6e360ac9e028fa9c:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 82, + "end_line": 82, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:bdcd5dcb9e6e49f8ab0ead80ce7ae5e6245eee6bcb1ce82138c5d06be06a15f3:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 228, + "end_line": 228, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:e34fd58a8455d9fde85a5035b4aa68d5b730344f73ca68514595967ea6559d63:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 188, + "end_line": 188, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/Import_scanner_unit_test.py:e6772c9a7cf3b0092303fc9ff187667c94830dca2219af89b84a7cb4013fde98:B101", + "severity": "Low", + "location": { + "file": "tests/Import_scanner_unit_test.py", + "start_line": 112, + "end_line": 112, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B101", + "value": "B101", + "url": "https://docs.openstack.org/bandit/latest/plugins/b101_assert_used.html" + } + ] + }, + { + "cve": "tests/validate_acunetix_scan_xml.py:c0563421814d4b3b21adec4248397d3ec2a5490a615e31732e235a32ada8236b:B410", + "severity": "Low", + "location": { + "file": "tests/validate_acunetix_scan_xml.py", + "start_line": 2, + "end_line": 2, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "cve": "tests/validate_acunetix_scan_xml.py:c0563421814d4b3b21adec4248397d3ec2a5490a615e31732e235a32ada8236b:B410", + "severity": "Low", + "location": { + "file": "tests/validate_acunetix_scan_xml.py", + "start_line": 1, + "end_line": 1, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "bandit_test_id", + "name": "Bandit Test ID B410", + "value": "B410" + } + ] + }, + { + "name": "Found fs.openSync with non literal argument at index 0", + "description": "A variable is present in the filename argument of fs calls, this might allow an attacker to access anything on your system.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-non-literal-fs-filename", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 29, + "end_line": 29, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-non-literal-fs-filename", + "value": "security/detect-non-literal-fs-filename", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-non-literal-fs-filename" + } + ] + }, + { + "name": "Found fs.open with non literal argument at index 0", + "description": "A variable is present in the filename argument of fs calls, this might allow an attacker to access anything on your system.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-non-literal-fs-filename", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 349, + "end_line": 349, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-non-literal-fs-filename", + "value": "security/detect-non-literal-fs-filename", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-non-literal-fs-filename" + } + ] + }, + { + "name": "Found non-literal argument to RegExp Constructor", + "description": "RegExp() called with a variable, this might allow an attacker to DOS your application with a long-running regular expression.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-non-literal-regexp", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 351, + "end_line": 351, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-non-literal-regexp", + "value": "security/detect-non-literal-regexp", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-non-literal-regexp" + } + ] + }, + { + "name": "Found non-literal argument to RegExp Constructor", + "description": "RegExp() called with a variable, this might allow an attacker to DOS your application with a long-running regular expression.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-non-literal-regexp", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 29, + "end_line": 29, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-non-literal-regexp", + "value": "security/detect-non-literal-regexp", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-non-literal-regexp" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 62, + "end_line": 62, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 58, + "end_line": 58, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 59, + "end_line": 59, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 60, + "end_line": 60, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 61, + "end_line": 61, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 57, + "end_line": 57, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 63, + "end_line": 63, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 65, + "end_line": 65, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 66, + "end_line": 66, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 67, + "end_line": 67, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 68, + "end_line": 68, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 71, + "end_line": 71, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 72, + "end_line": 72, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 73, + "end_line": 73, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 74, + "end_line": 74, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 77, + "end_line": 77, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 79, + "end_line": 79, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 81, + "end_line": 81, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 82, + "end_line": 82, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 83, + "end_line": 83, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 84, + "end_line": 84, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 87, + "end_line": 87, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 88, + "end_line": 88, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 89, + "end_line": 89, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 90, + "end_line": 90, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 96, + "end_line": 96, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 97, + "end_line": 97, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 98, + "end_line": 98, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 56, + "end_line": 56, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 100, + "end_line": 100, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 101, + "end_line": 101, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 102, + "end_line": 102, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 103, + "end_line": 103, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 104, + "end_line": 104, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 105, + "end_line": 105, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 106, + "end_line": 106, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 674, + "end_line": 674, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 107, + "end_line": 107, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 108, + "end_line": 108, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 109, + "end_line": 109, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 110, + "end_line": 110, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 111, + "end_line": 111, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 112, + "end_line": 112, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 113, + "end_line": 113, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 114, + "end_line": 114, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 115, + "end_line": 115, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 116, + "end_line": 116, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 117, + "end_line": 117, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 122, + "end_line": 122, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 123, + "end_line": 123, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 129, + "end_line": 129, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 130, + "end_line": 130, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 131, + "end_line": 131, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 133, + "end_line": 133, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 134, + "end_line": 134, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 135, + "end_line": 135, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 136, + "end_line": 136, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 137, + "end_line": 137, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 138, + "end_line": 138, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 139, + "end_line": 139, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 140, + "end_line": 140, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 142, + "end_line": 142, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 143, + "end_line": 143, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 144, + "end_line": 144, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 147, + "end_line": 147, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 148, + "end_line": 148, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 149, + "end_line": 149, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 150, + "end_line": 150, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 151, + "end_line": 151, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 152, + "end_line": 152, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 153, + "end_line": 153, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 154, + "end_line": 154, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 155, + "end_line": 155, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 158, + "end_line": 158, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 159, + "end_line": 159, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 161, + "end_line": 161, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 163, + "end_line": 163, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 164, + "end_line": 164, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 165, + "end_line": 165, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 167, + "end_line": 167, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 168, + "end_line": 168, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 169, + "end_line": 169, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 172, + "end_line": 172, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 173, + "end_line": 173, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 174, + "end_line": 174, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 176, + "end_line": 176, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 178, + "end_line": 178, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 179, + "end_line": 179, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 194, + "end_line": 194, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 195, + "end_line": 195, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 198, + "end_line": 198, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 199, + "end_line": 199, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 200, + "end_line": 200, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 202, + "end_line": 202, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 205, + "end_line": 205, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 214, + "end_line": 214, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 215, + "end_line": 215, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 233, + "end_line": 233, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 234, + "end_line": 234, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 236, + "end_line": 236, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 237, + "end_line": 237, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 243, + "end_line": 243, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 246, + "end_line": 246, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 252, + "end_line": 252, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 255, + "end_line": 255, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 256, + "end_line": 256, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 257, + "end_line": 257, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 258, + "end_line": 258, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 273, + "end_line": 273, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 274, + "end_line": 274, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 275, + "end_line": 275, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 278, + "end_line": 278, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 279, + "end_line": 279, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 280, + "end_line": 280, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 282, + "end_line": 282, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 283, + "end_line": 283, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 287, + "end_line": 287, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 288, + "end_line": 288, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 289, + "end_line": 289, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 290, + "end_line": 290, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 291, + "end_line": 291, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 292, + "end_line": 292, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 293, + "end_line": 293, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 299, + "end_line": 299, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 301, + "end_line": 301, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 305, + "end_line": 305, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 673, + "end_line": 673, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 312, + "end_line": 312, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 331, + "end_line": 331, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 333, + "end_line": 333, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 344, + "end_line": 344, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 345, + "end_line": 345, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 346, + "end_line": 346, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 348, + "end_line": 348, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 351, + "end_line": 351, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 361, + "end_line": 361, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 362, + "end_line": 362, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 363, + "end_line": 363, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 365, + "end_line": 365, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 368, + "end_line": 368, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 379, + "end_line": 379, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 388, + "end_line": 388, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 389, + "end_line": 389, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 390, + "end_line": 390, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 391, + "end_line": 391, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 392, + "end_line": 392, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 393, + "end_line": 393, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 395, + "end_line": 395, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 396, + "end_line": 396, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 397, + "end_line": 397, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 400, + "end_line": 400, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 402, + "end_line": 402, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 403, + "end_line": 403, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 406, + "end_line": 406, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 408, + "end_line": 408, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 422, + "end_line": 422, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 436, + "end_line": 436, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 437, + "end_line": 437, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 438, + "end_line": 438, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 439, + "end_line": 439, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 440, + "end_line": 440, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 441, + "end_line": 441, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 443, + "end_line": 443, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 55, + "end_line": 55, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 445, + "end_line": 445, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 446, + "end_line": 446, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 448, + "end_line": 448, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 461, + "end_line": 461, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 462, + "end_line": 462, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 463, + "end_line": 463, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 486, + "end_line": 486, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 488, + "end_line": 488, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 490, + "end_line": 490, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 491, + "end_line": 491, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 503, + "end_line": 503, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 506, + "end_line": 506, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 507, + "end_line": 507, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 510, + "end_line": 510, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 518, + "end_line": 518, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 519, + "end_line": 519, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 521, + "end_line": 521, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 524, + "end_line": 524, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 525, + "end_line": 525, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 526, + "end_line": 526, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 530, + "end_line": 530, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 531, + "end_line": 531, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 534, + "end_line": 534, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 542, + "end_line": 542, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 568, + "end_line": 568, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 569, + "end_line": 569, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 574, + "end_line": 574, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Variable Assigned to Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 575, + "end_line": 575, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 589, + "end_line": 589, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 592, + "end_line": 592, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 593, + "end_line": 593, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 594, + "end_line": 594, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 595, + "end_line": 595, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 631, + "end_line": 631, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 661, + "end_line": 661, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 663, + "end_line": 663, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 664, + "end_line": 664, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 667, + "end_line": 667, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 668, + "end_line": 668, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 54, + "end_line": 54, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 671, + "end_line": 671, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 53, + "end_line": 53, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 52, + "end_line": 52, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 49, + "end_line": 49, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 47, + "end_line": 47, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 45, + "end_line": 45, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 672, + "end_line": 672, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 29, + "end_line": 29, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 26, + "end_line": 26, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 25, + "end_line": 25, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 24, + "end_line": 24, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 444, + "end_line": 444, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 99, + "end_line": 99, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 670, + "end_line": 670, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 200, + "end_line": 200, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 632, + "end_line": 632, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 310, + "end_line": 310, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 293, + "end_line": 293, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 363, + "end_line": 363, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 132, + "end_line": 132, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Unsafe Regular Expression", + "description": "Potentially unsafe regular expressions. It may take a very long time to run.", + "cve": "dojo/static/dojo/js/datatables.min.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-unsafe-regex", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/datatables.min.js", + "start_line": 182, + "end_line": 182, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-unsafe-regex", + "value": "security/detect-unsafe-regex", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-unsafe-regex" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/index.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/index.js", + "start_line": 289, + "end_line": 289, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/index.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/index.js", + "start_line": 203, + "end_line": 203, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/index.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/index.js", + "start_line": 202, + "end_line": 202, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/static/dojo/js/index.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/static/dojo/js/index.js", + "start_line": 277, + "end_line": 277, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule.html:174bf82e7bf9414dfe3028414c56de510e6e452ec85dc103a8d1ae8879d521a4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule.html", + "start_line": 74, + "end_line": 74, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule.html:71101e0d191826f7a732714d5288da2446ab9bdb9eadb7e486b76624709f56ae:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule.html", + "start_line": 71, + "end_line": 71, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule.html:d89cdbb643440389e600693b61f838d7ebd9c0b6e51526fddef1566e555cbb02:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule.html", + "start_line": 73, + "end_line": 73, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule2.html:174bf82e7bf9414dfe3028414c56de510e6e452ec85dc103a8d1ae8879d521a4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule2.html", + "start_line": 81, + "end_line": 81, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule2.html:71101e0d191826f7a732714d5288da2446ab9bdb9eadb7e486b76624709f56ae:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule2.html", + "start_line": 78, + "end_line": 78, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/edit_rule2.html:d89cdbb643440389e600693b61f838d7ebd9c0b6e51526fddef1566e555cbb02:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/edit_rule2.html", + "start_line": 80, + "end_line": 80, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/endpoints.html:06c0a08b858a757bbfb193940ed6944251feb2c7e52c4092405edeb63fe8d9d4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/endpoints.html", + "start_line": 140, + "end_line": 140, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/endpoints.html:06c0a08b858a757bbfb193940ed6944251feb2c7e52c4092405edeb63fe8d9d4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/endpoints.html", + "start_line": 196, + "end_line": 196, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/endpoints.html:06c0a08b858a757bbfb193940ed6944251feb2c7e52c4092405edeb63fe8d9d4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/endpoints.html", + "start_line": 183, + "end_line": 183, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/endpoints.html:09cd1a209ee7018f0590a7dd95372220e504852b7bbbdeb4a6577597e4e8c6b1:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/endpoints.html", + "start_line": 246, + "end_line": 246, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/endpoints.html:75d022b5aeb8d0ebd057ed8a6dd71e34c96fda0e982a79a89ecb64bfbe229d76:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/endpoints.html", + "start_line": 141, + "end_line": 141, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/new_rule.html:174bf82e7bf9414dfe3028414c56de510e6e452ec85dc103a8d1ae8879d521a4:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/new_rule.html", + "start_line": 89, + "end_line": 89, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/new_rule.html:71101e0d191826f7a732714d5288da2446ab9bdb9eadb7e486b76624709f56ae:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/new_rule.html", + "start_line": 86, + "end_line": 86, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/new_rule.html:d89cdbb643440389e600693b61f838d7ebd9c0b6e51526fddef1566e555cbb02:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/new_rule.html", + "start_line": 88, + "end_line": 88, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/view_cred_all_details.html:09cd1a209ee7018f0590a7dd95372220e504852b7bbbdeb4a6577597e4e8c6b1:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/view_cred_all_details.html", + "start_line": 236, + "end_line": 236, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/view_cred_details.html:09cd1a209ee7018f0590a7dd95372220e504852b7bbbdeb4a6577597e4e8c6b1:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/view_cred_details.html", + "start_line": 283, + "end_line": 283, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/view_objects.html:09cd1a209ee7018f0590a7dd95372220e504852b7bbbdeb4a6577597e4e8c6b1:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/view_objects.html", + "start_line": 131, + "end_line": 131, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Function Call Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/templates/dojo/view_objects_eng.html:09cd1a209ee7018f0590a7dd95372220e504852b7bbbdeb4a6577597e4e8c6b1:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/templates/dojo/view_objects_eng.html", + "start_line": 121, + "end_line": 121, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html:68695edf4fa8fa9a21e1f17705ca2436a74e03690cd79bc121f8059aeff23d66:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html", + "start_line": 6705, + "end_line": 6705, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html:e68e1c09aea26f3557910e998c55d5efcc3fcf8f07ff618085cf9e2ff77c1377:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html", + "start_line": 6709, + "end_line": 6709, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html:e8208d82c08970eea19d4137099f8f71ee21a2cc9f51319dbccf1a2fe0bb2574:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html", + "start_line": 6702, + "end_line": 6702, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-6-findings.html:68695edf4fa8fa9a21e1f17705ca2436a74e03690cd79bc121f8059aeff23d66:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-6-findings.html", + "start_line": 7494, + "end_line": 7494, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-6-findings.html:e68e1c09aea26f3557910e998c55d5efcc3fcf8f07ff618085cf9e2ff77c1377:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-6-findings.html", + "start_line": 7498, + "end_line": 7498, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-6-findings.html:e8208d82c08970eea19d4137099f8f71ee21a2cc9f51319dbccf1a2fe0bb2574:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-6-findings.html", + "start_line": 7491, + "end_line": 7491, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html:68695edf4fa8fa9a21e1f17705ca2436a74e03690cd79bc121f8059aeff23d66:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html", + "start_line": 437, + "end_line": 437, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html:e68e1c09aea26f3557910e998c55d5efcc3fcf8f07ff618085cf9e2ff77c1377:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html", + "start_line": 441, + "end_line": 441, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html:e8208d82c08970eea19d4137099f8f71ee21a2cc9f51319dbccf1a2fe0bb2574:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-rule-undefined.html", + "start_line": 434, + "end_line": 434, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-single-finding.html:68695edf4fa8fa9a21e1f17705ca2436a74e03690cd79bc121f8059aeff23d66:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-single-finding.html", + "start_line": 7443, + "end_line": 7443, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-single-finding.html:e68e1c09aea26f3557910e998c55d5efcc3fcf8f07ff618085cf9e2ff77c1377:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-single-finding.html", + "start_line": 7447, + "end_line": 7447, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-single-finding.html:e8208d82c08970eea19d4137099f8f71ee21a2cc9f51319dbccf1a2fe0bb2574:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-single-finding.html", + "start_line": 7440, + "end_line": 7440, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html:68695edf4fa8fa9a21e1f17705ca2436a74e03690cd79bc121f8059aeff23d66:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html", + "start_line": 486, + "end_line": 486, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html:e68e1c09aea26f3557910e998c55d5efcc3fcf8f07ff618085cf9e2ff77c1377:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html", + "start_line": 490, + "end_line": 490, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + }, + { + "name": "Generic Object Injection Sink", + "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.", + "cve": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html:e8208d82c08970eea19d4137099f8f71ee21a2cc9f51319dbccf1a2fe0bb2574:security/detect-object-injection", + "severity": "Unknown", + "location": { + "file": "dojo/unittests/scans/sonarqube/sonar-table-in-table.html", + "start_line": 483, + "end_line": 483, + "dependency": { + "package": {} + } + }, + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-object-injection", + "value": "security/detect-object-injection", + "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection" + } + ] + } + ], + "remediations": [] +} diff --git a/unittests/scans/gitlab_sast/gl-sast-report_issue4344.json b/unittests/scans/gitlab_sast/gl-sast-report_issue4344_v14.json similarity index 100% rename from unittests/scans/gitlab_sast/gl-sast-report_issue4344.json rename to unittests/scans/gitlab_sast/gl-sast-report_issue4344_v14.json diff --git a/unittests/scans/gitlab_sast/gl-sast-report_issue4344_v15.json b/unittests/scans/gitlab_sast/gl-sast-report_issue4344_v15.json new file mode 100644 index 00000000000..4d02d99f7e6 --- /dev/null +++ b/unittests/scans/gitlab_sast/gl-sast-report_issue4344_v15.json @@ -0,0 +1,38 @@ +{ + "version": "14.0.0", + "vulnerabilities": [ + { + "id": "38646099571534a07b62ae42b37fb3640d620c48d561456fb3ecdf929b9e5933", + "name": "Potential XSS vulnerability", + "cve": "XXXX.aspx.cs:98:SCS0029", + "location": { + "file": "XXXXX.aspx.cs", + "start_line": 98 + }, + "identifiers": [ + { + "type": "security_code_scan_rule_id", + "name": "SCS0029", + "value": "SCS0029", + "url": "https://security-code-scan.github.io/#SCS0029" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "security_code_scan", + "name": "Security Code Scan", + "url": "https://security-code-scan.github.io", + "vendor": { + "name": "GitLab" + }, + "version": "3.5.3" + }, + "type": "sast", + "start_time": "2021-04-22T09:32:27", + "end_time": "2021-04-22T09:33:29", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json rename to unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v14.json diff --git a/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v15.json b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v15.json new file mode 100644 index 00000000000..a94bc78fe30 --- /dev/null +++ b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v15.json @@ -0,0 +1,45 @@ +{ + "version": "14.0.0", + "vulnerabilities": [ + { + "id": "714ed3e4e289ad35a089e0a888e8d0120b6a6083b1090a189cbc6a3227396240", + "name": "AWS", + "description": "AWS", + "cve": "README.md:1a5d44a2dca19669d72edf4c4f1c27c4c1ca4b4408fbb17f6ce4ad452d78ddb3:AWS", + "severity": "Critical", + "raw_source_code_extract": "AKIAIOSFODNN7EXAMPLE", + "location": { + "file": "README.md", + "commit": { + "date": "0001-01-01T00:00:00Z", + "sha": "0000000" + }, + "start_line": 5, + "end_line": 5 + }, + "identifiers": [ + { + "type": "gitleaks_rule_id", + "name": "Gitleaks rule ID AWS", + "value": "AWS" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "gitleaks", + "name": "Gitleaks", + "url": "https://github.com/zricethezav/gitleaks", + "vendor": { + "name": "GitLab" + }, + "version": "v7.5.0" + }, + "type": "secret_detection", + "start_time": "2021-06-02T09:13:09", + "end_time": "2021-06-02T09:13:09", + "status": "success" + } +} diff --git a/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v14.json similarity index 100% rename from unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json rename to unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v14.json diff --git a/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v15.json b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v15.json new file mode 100644 index 00000000000..56b52edc6d8 --- /dev/null +++ b/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v15.json @@ -0,0 +1,93 @@ +{ + "version": "14.0.0", + "vulnerabilities": [ + { + "id": "918e2cdfda408c352ee1f9b1fd148926578a8cfec32a82cd0cd21d4aded6e85e", + "name": "SSH private key", + "description": "SSH private key", + "cve": "README.md:03d104c669e3c7b6be7f989db8b12c8b910d3be8c1e2a73c9369d3cc0ba803b5:SSH private key", + "severity": "Critical", + "raw_source_code_extract": "-----BEGIN OPENSSH PRIVATE KEY-----", + "location": { + "file": "README.md", + "commit": { + "date": "0001-01-01T00:00:00Z", + "sha": "0000000" + }, + "start_line": 20, + "end_line": 20 + }, + "identifiers": [ + { + "type": "gitleaks_rule_id", + "name": "Gitleaks rule ID SSH private key", + "value": "SSH private key" + } + ] + }, + { + "id": "5f2fe26d5029737fcd2d131b5f881ddb32edf7ebc003dfab8b5bcd4f05640f98", + "name": "AWS", + "description": "AWS", + "cve": "README.md:1a5d44a2dca19669d72edf4c4f1c27c4c1ca4b4408fbb17f6ce4ad452d78ddb3:AWS", + "severity": "Critical", + "raw_source_code_extract": "AKIAIOSFODNN7EXAMPLE", + "location": { + "file": "README.md", + "commit": { + "date": "0001-01-01T00:00:00Z", + "sha": "0000000" + }, + "start_line": 7, + "end_line": 7 + }, + "identifiers": [ + { + "type": "gitleaks_rule_id", + "name": "Gitleaks rule ID AWS", + "value": "AWS" + } + ] + }, + { + "id": "b472ce0c4949cc5e22fc0193978b8eab4a7bafe5cd3d23c8de217d11a59431c5", + "name": "Password in URL", + "description": "Password in URL", + "cve": "README.md:9aa1da8f23a3e99f2b894638b0d6c584b1613075eca0f74d79de0c7bd07e150b:Password in URL", + "severity": "Critical", + "raw_source_code_extract": "https://random:password@endpoint.com/path", + "location": { + "file": "README.md", + "commit": { + "date": "0001-01-01T00:00:00Z", + "sha": "0000000" + }, + "start_line": 14, + "end_line": 14 + }, + "identifiers": [ + { + "type": "gitleaks_rule_id", + "name": "Gitleaks rule ID Password in URL", + "value": "Password in URL" + } + ] + } + ], + "remediations": [], + "scan": { + "scanner": { + "id": "gitleaks", + "name": "Gitleaks", + "url": "https://github.com/zricethezav/gitleaks", + "vendor": { + "name": "GitLab" + }, + "version": "v7.5.0" + }, + "type": "secret_detection", + "start_time": "2021-06-02T09:25:50", + "end_time": "2021-06-02T09:25:50", + "status": "success" + } +} diff --git a/unittests/scans/govulncheck/empty.json b/unittests/scans/govulncheck/empty.json new file mode 100644 index 00000000000..e69de29bb2d diff --git a/unittests/scans/govulncheck/many_vulns.json b/unittests/scans/govulncheck/many_vulns.json new file mode 100644 index 00000000000..4746606d35a --- /dev/null +++ b/unittests/scans/govulncheck/many_vulns.json @@ -0,0 +1,3300 @@ +{ + "Calls": { + "Functions": { + "1": { + "ID": 1, + "Name": "main", + "RecvType": "", + "PkgPath": "github.com/jharper-sec/evil-app", + "Pos": { + "Filename": "/home/dtimoshenko/test_parser/evil-app/main.go", + "Offset": 77, + "Line": 9, + "Column": 6 + }, + "CallSites": null + }, + "10": { + "ID": 10, + "Name": "startGracefulShutdownInternal", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 171852, + "Line": 5054, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 11, + "Name": "startGracefulShutdownInternal", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 221922, + "Line": 6655, + "Column": 36 + }, + "Resolved": true + }, + { + "Parent": 23, + "Name": "startGracefulShutdownInternal", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 178469, + "Line": 5269, + "Column": 36 + }, + "Resolved": true + }, + { + "Parent": 33, + "Name": "startGracefulShutdownInternal", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 185976, + "Line": 5482, + "Column": 34 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "startGracefulShutdownInternal", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 158048, + "Line": 4633, + "Column": 38 + }, + "Resolved": true + } + ] + }, + "11": { + "ID": 11, + "Name": "startPush$1", + "RecvType": "", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 221157, + "Line": 6637, + "Column": 24 + }, + "CallSites": [ + { + "Parent": 12, + "Name": "t46", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 166581, + "Line": 4892, + "Column": 47 + }, + "Resolved": false + } + ] + }, + "12": { + "ID": 12, + "Name": "startFrameWrite", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 165708, + "Line": 4869, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 13, + "Name": "startFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 169720, + "Line": 4992, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 13, + "Name": "startFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 169966, + "Line": 5002, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 13, + "Name": "startFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 170218, + "Line": 5010, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 13, + "Name": "startFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 170292, + "Line": 5015, + "Column": 22 + }, + "Resolved": true + } + ] + }, + "13": { + "ID": 13, + "Name": "scheduleFrameWrite", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 169479, + "Line": 4983, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 14, + "Name": "scheduleFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 179737, + "Line": 5307, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 3, + "Name": "scheduleFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 172112, + "Line": 5066, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 20, + "Name": "scheduleFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 165472, + "Line": 4863, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 24, + "Name": "scheduleFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 169044, + "Line": 4970, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 32, + "Name": "scheduleFrameWrite", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 177189, + "Line": 5225, + "Column": 23 + }, + "Resolved": true + } + ] + }, + "14": { + "ID": 14, + "Name": "processSettings", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 178812, + "Line": 5283, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processSettings", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174586, + "Line": 5150, + "Column": 28 + }, + "Resolved": true + } + ] + }, + "15": { + "ID": 15, + "Name": "processFrame", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174215, + "Line": 5137, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 16, + "Name": "processFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 173540, + "Line": 5110, + "Column": 24 + }, + "Resolved": true + } + ] + }, + "16": { + "ID": 16, + "Name": "processFrameFromReader", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 172677, + "Line": 5085, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "processFrameFromReader", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 157289, + "Line": 4607, + "Column": 33 + }, + "Resolved": true + } + ] + }, + "17": { + "ID": 17, + "Name": "serve", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 155022, + "Line": 4536, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 6, + "Name": "serve", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 142548, + "Line": 4190, + "Column": 10 + }, + "Resolved": true + } + ] + }, + "18": { + "ID": 18, + "Name": "http2ConfigureServer$1", + "RecvType": "", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 135485, + "Line": 3997, + "Column": 18 + }, + "CallSites": [ + { + "Parent": 19, + "Name": "t131", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 59380, + "Line": 1899, + "Column": 7 + }, + "Resolved": false + } + ] + }, + "19": { + "ID": 19, + "Name": "serve", + "RecvType": "*net/http.conn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 57194, + "Line": 1842, + "Column": 16 + }, + "CallSites": [ + { + "Parent": 5, + "Name": "serve", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 98382, + "Line": 3102, + "Column": 3 + }, + "Resolved": true + } + ] + }, + "2": { + "ID": 2, + "Name": "canonicalHeader", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 152110, + "Line": 4429, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 40, + "Name": "canonicalHeader", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 192142, + "Line": 5658, + "Column": 29 + }, + "Resolved": true + }, + { + "Parent": 41, + "Name": "canonicalHeader", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 195704, + "Line": 5768, + "Column": 35 + }, + "Resolved": true + } + ] + }, + "20": { + "ID": 20, + "Name": "writeFrame", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 163322, + "Line": 4805, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 21, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 202533, + "Line": 6022, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 29, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 172350, + "Line": 5076, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 30, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 176003, + "Line": 5193, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 31, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 223023, + "Line": 6683, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 155354, + "Line": 4548, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "writeFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 156878, + "Line": 4594, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "21": { + "ID": 21, + "Name": "sendWindowUpdate32", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 202327, + "Line": 6010, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 22, + "Name": "sendWindowUpdate32", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 202192, + "Line": 6003, + "Column": 24 + }, + "Resolved": true + }, + { + "Parent": 22, + "Name": "sendWindowUpdate32", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 202250, + "Line": 6006, + "Column": 23 + }, + "Resolved": true + }, + { + "Parent": 27, + "Name": "sendWindowUpdate32", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 185555, + "Line": 5465, + "Column": 25 + }, + "Resolved": true + }, + { + "Parent": 27, + "Name": "sendWindowUpdate32", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 185590, + "Line": 5466, + "Column": 25 + }, + "Resolved": true + } + ] + }, + "22": { + "ID": 22, + "Name": "sendWindowUpdate", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 201786, + "Line": 5994, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 23, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 178633, + "Line": 5275, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 27, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 183929, + "Line": 5423, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 27, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 185145, + "Line": 5453, + "Column": 24 + }, + "Resolved": true + }, + { + "Parent": 28, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 201518, + "Line": 5985, + "Column": 21 + }, + "Resolved": true + }, + { + "Parent": 28, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 201713, + "Line": 5989, + "Column": 22 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "sendWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 155924, + "Line": 4561, + "Column": 22 + }, + "Resolved": true + } + ] + }, + "23": { + "ID": 23, + "Name": "closeStream", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 177854, + "Line": 5248, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 24, + "Name": "closeStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 168588, + "Line": 4953, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 24, + "Name": "closeStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 168829, + "Line": 4960, + "Column": 19 + }, + "Resolved": true + }, + { + "Parent": 24, + "Name": "closeStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 168888, + "Line": 4963, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 25, + "Name": "closeStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 177763, + "Line": 5243, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 26, + "Name": "closeStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 154478, + "Line": 4510, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "24": { + "ID": 24, + "Name": "wroteFrame", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 167392, + "Line": 4919, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 12, + "Name": "wroteFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 166859, + "Line": 4905, + "Column": 16 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "wroteFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 156932, + "Line": 4596, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "wroteFrame", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 157222, + "Line": 4603, + "Column": 19 + }, + "Resolved": true + } + ] + }, + "25": { + "ID": 25, + "Name": "processResetStream", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 177234, + "Line": 5229, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processResetStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174874, + "Line": 5160, + "Column": 31 + }, + "Resolved": true + } + ] + }, + "26": { + "ID": 26, + "Name": "closeAllStreamsOnConnClose", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 154379, + "Line": 4507, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "closeAllStreamsOnConnClose", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 155097, + "Line": 4540, + "Column": 2 + }, + "Resolved": true + } + ] + }, + "27": { + "ID": 27, + "Name": "processData", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 181854, + "Line": 5372, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processData", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174812, + "Line": 5158, + "Column": 24 + }, + "Resolved": true + } + ] + }, + "28": { + "ID": 28, + "Name": "noteBodyRead", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 201440, + "Line": 5983, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "noteBodyRead", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 157461, + "Line": 4616, + "Column": 19 + }, + "Resolved": true + } + ] + }, + "29": { + "ID": 29, + "Name": "resetStream", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 172282, + "Line": 5074, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 24, + "Name": "resetStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 168494, + "Line": 4951, + "Column": 18 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "resetStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 173652, + "Line": 5118, + "Column": 17 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "resetStream", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 156842, + "Line": 4591, + "Column": 19 + }, + "Resolved": true + } + ] + }, + "3": { + "ID": 3, + "Name": "goAway", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 171943, + "Line": 5058, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 10, + "Name": "goAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 171896, + "Line": 5055, + "Column": 11 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "goAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 172833, + "Line": 5090, + "Column": 13 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "goAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 173710, + "Line": 5121, + "Column": 12 + }, + "Resolved": true + }, + { + "Parent": 16, + "Name": "goAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 173871, + "Line": 5125, + "Column": 12 + }, + "Resolved": true + }, + { + "Parent": 17, + "Name": "goAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 157829, + "Line": 4628, + "Column": 15 + }, + "Resolved": true + } + ] + }, + "30": { + "ID": 30, + "Name": "processPing", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 175373, + "Line": 5175, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processPing", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174762, + "Line": 5156, + "Column": 24 + }, + "Resolved": true + } + ] + }, + "31": { + "ID": 31, + "Name": "startPush", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 220342, + "Line": 6616, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 17, + "Name": "startPush", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 158146, + "Line": 4638, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "32": { + "ID": 32, + "Name": "processWindowUpdate", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 176099, + "Line": 5197, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processWindowUpdate", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174712, + "Line": 5154, + "Column": 32 + }, + "Resolved": true + } + ] + }, + "33": { + "ID": 33, + "Name": "processGoAway", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 185691, + "Line": 5475, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processGoAway", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174986, + "Line": 5164, + "Column": 26 + }, + "Resolved": true + } + ] + }, + "34": { + "ID": 34, + "Name": "ServeHTTP", + "RecvType": "*net/http.ServeMux", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 77607, + "Line": 2478, + "Column": 22 + }, + "CallSites": [ + { + "Parent": 35, + "Name": "t15", + "RecvType": "net/http.Handler", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 93472, + "Line": 2947, + "Column": 19 + }, + "Resolved": false + }, + { + "Parent": 37, + "Name": "handler", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 199219, + "Line": 5908, + "Column": 9 + }, + "Resolved": false + } + ] + }, + "35": { + "ID": 35, + "Name": "ServeHTTP", + "RecvType": "net/http.serverHandler", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 92722, + "Line": 2926, + "Column": 25 + }, + "CallSites": [ + { + "Parent": 36, + "Name": "ServeHTTP", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 111643, + "Line": 3556, + "Column": 15 + }, + "Resolved": true + }, + { + "Parent": 19, + "Name": "ServeHTTP", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 62418, + "Line": 1991, + "Column": 36 + }, + "Resolved": true + } + ] + }, + "36": { + "ID": 36, + "Name": "ServeHTTP", + "RecvType": "net/http.initALPNRequest", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 111370, + "Line": 3545, + "Column": 26 + }, + "CallSites": [ + { + "Parent": 37, + "Name": "handler", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 199219, + "Line": 5908, + "Column": 9 + }, + "Resolved": false + } + ] + }, + "37": { + "ID": 37, + "Name": "runHandler", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 198603, + "Line": 5887, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 38, + "Name": "runHandler", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 191505, + "Line": 5638, + "Column": 2 + }, + "Resolved": true + }, + { + "Parent": 11, + "Name": "runHandler", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 222932, + "Line": 6679, + "Column": 3 + }, + "Resolved": true + } + ] + }, + "38": { + "ID": 38, + "Name": "processHeaders", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 187453, + "Line": 5527, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 15, + "Name": "processHeaders", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 174646, + "Line": 5152, + "Column": 27 + }, + "Resolved": true + } + ] + }, + "39": { + "ID": 39, + "Name": "serveFile", + "RecvType": "", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 16934, + "Line": 587, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 4, + "Name": "serveFile", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 24223, + "Line": 850, + "Column": 11 + }, + "Resolved": true + } + ] + }, + "4": { + "ID": 4, + "Name": "ServeHTTP", + "RecvType": "*net/http.fileHandler", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 24067, + "Line": 844, + "Column": 23 + }, + "CallSites": [ + { + "Parent": 34, + "Name": "t5", + "RecvType": "net/http.Handler", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 77830, + "Line": 2487, + "Column": 13 + }, + "Resolved": false + } + ] + }, + "40": { + "ID": 40, + "Name": "processTrailerHeaders", + "RecvType": "*net/http.http2stream", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 191578, + "Line": 5642, + "Column": 24 + }, + "CallSites": [ + { + "Parent": 38, + "Name": "processTrailerHeaders", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 188789, + "Line": 5559, + "Column": 34 + }, + "Resolved": true + } + ] + }, + "41": { + "ID": 41, + "Name": "newWriterAndRequest", + "RecvType": "*net/http.http2serverConn", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 194292, + "Line": 5731, + "Column": 28 + }, + "CallSites": [ + { + "Parent": 38, + "Name": "newWriterAndRequest", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 190523, + "Line": 5608, + "Column": 40 + }, + "Resolved": true + } + ] + }, + "5": { + "ID": 5, + "Name": "Serve", + "RecvType": "*net/http.Server", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 96944, + "Line": 3040, + "Column": 20 + }, + "CallSites": [ + { + "Parent": 7, + "Name": "Serve", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 95140, + "Line": 2999, + "Column": 18 + }, + "Resolved": true + } + ] + }, + "6": { + "ID": 6, + "Name": "ServeConn", + "RecvType": "*net/http.http2Server", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 137942, + "Line": 4079, + "Column": 23 + }, + "CallSites": [ + { + "Parent": 18, + "Name": "ServeConn", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/h2_bundle.go", + "Offset": 136015, + "Line": 4013, + "Column": 17 + }, + "Resolved": true + } + ] + }, + "7": { + "ID": 7, + "Name": "ListenAndServe", + "RecvType": "*net/http.Server", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 94921, + "Line": 2987, + "Column": 20 + }, + "CallSites": [ + { + "Parent": 9, + "Name": "ListenAndServe", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 103014, + "Line": 3255, + "Column": 30 + }, + "Resolved": true + } + ] + }, + "8": { + "ID": 8, + "Name": "Open", + "RecvType": "net/http.Dir", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 2176, + "Line": 71, + "Column": 14 + }, + "CallSites": [ + { + "Parent": 39, + "Name": "fs", + "RecvType": "net/http.FileSystem", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 17318, + "Line": 598, + "Column": 19 + }, + "Resolved": false + }, + { + "Parent": 39, + "Name": "fs", + "RecvType": "net/http.FileSystem", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/fs.go", + "Offset": 18208, + "Line": 640, + "Column": 21 + }, + "Resolved": false + } + ] + }, + "9": { + "ID": 9, + "Name": "ListenAndServe", + "RecvType": "", + "PkgPath": "net/http", + "Pos": { + "Filename": "/home/dtimoshenko/go/go/src/net/http/server.go", + "Offset": 102883, + "Line": 3253, + "Column": 6 + }, + "CallSites": [ + { + "Parent": 1, + "Name": "ListenAndServe", + "RecvType": "", + "Pos": { + "Filename": "/home/dtimoshenko/test_parser/evil-app/main.go", + "Offset": 480, + "Line": 22, + "Column": 21 + }, + "Resolved": true + } + ] + } + }, + "Entries": [ + 1 + ] + }, + "Imports": { + "Packages": { + "1": { + "ID": 1, + "Name": "syscall", + "Path": "syscall", + "Module": 1, + "ImportedBy": [ + 2, + 4, + 5, + 7, + 8, + 15, + 19, + 22, + 31 + ] + }, + "10": { + "ID": 10, + "Name": "driver", + "Path": "database/sql/driver", + "Module": 1, + "ImportedBy": [ + 11, + 20, + 22 + ] + }, + "11": { + "ID": 11, + "Name": "sql", + "Path": "database/sql", + "Module": 1, + "ImportedBy": [ + 22, + 60 + ] + }, + "12": { + "ID": 12, + "Name": "json", + "Path": "encoding/json", + "Module": 1, + "ImportedBy": [ + 60 + ] + }, + "13": { + "ID": 13, + "Name": "hex", + "Path": "encoding/hex", + "Module": 1, + "ImportedBy": [ + 20, + 45, + 46 + ] + }, + "14": { + "ID": 14, + "Name": "big", + "Path": "math/big", + "Module": 1, + "ImportedBy": [ + 15, + 32, + 33, + 36, + 37, + 38, + 41, + 44, + 45, + 46, + 47 + ] + }, + "15": { + "ID": 15, + "Name": "rand", + "Path": "crypto/rand", + "Module": 1, + "ImportedBy": [ + 20, + 41, + 42, + 47, + 54, + 57 + ] + }, + "16": { + "ID": 16, + "Name": "godebug", + "Path": "internal/godebug", + "Module": 1, + "ImportedBy": [ + 17, + 19, + 46, + 57 + ] + }, + "17": { + "ID": 17, + "Name": "intern", + "Path": "internal/intern", + "Module": 1, + "ImportedBy": [ + 18 + ] + }, + "18": { + "ID": 18, + "Name": "netip", + "Path": "net/netip", + "Module": 1, + "ImportedBy": [ + 19 + ] + }, + "19": { + "ID": 19, + "Name": "net", + "Path": "net", + "Module": 1, + "ImportedBy": [ + 20, + 29, + 30, + 46, + 47, + 48, + 56, + 57 + ] + }, + "2": { + "ID": 2, + "Name": "time", + "Path": "time", + "Module": 1, + "ImportedBy": [ + 3, + 6, + 7, + 8, + 10, + 11, + 15, + 19, + 20, + 22, + 24, + 32, + 33, + 34, + 45, + 46, + 47, + 48, + 51, + 57 + ] + }, + "20": { + "ID": 20, + "Name": "uuid", + "Path": "github.com/google/uuid", + "Module": 3, + "ImportedBy": [ + 60 + ] + }, + "21": { + "ID": 21, + "Name": "url", + "Path": "net/url", + "Module": 1, + "ImportedBy": [ + 22, + 46, + 56, + 57, + 59 + ] + }, + "22": { + "ID": 22, + "Name": "sqlite3", + "Path": "github.com/mattn/go-sqlite3", + "Module": 2, + "ImportedBy": [ + 60 + ] + }, + "23": { + "ID": 23, + "Name": "ioutil", + "Path": "io/ioutil", + "Module": 1, + "ImportedBy": [ + 39, + 60 + ] + }, + "24": { + "ID": 24, + "Name": "log", + "Path": "log", + "Module": 1, + "ImportedBy": [ + 25, + 57 + ] + }, + "25": { + "ID": 25, + "Name": "bidi", + "Path": "vendor/golang.org/x/text/unicode/bidi", + "Module": 1, + "ImportedBy": [ + 27, + 28 + ] + }, + "26": { + "ID": 26, + "Name": "norm", + "Path": "vendor/golang.org/x/text/unicode/norm", + "Module": 1, + "ImportedBy": [ + 28 + ] + }, + "27": { + "ID": 27, + "Name": "bidirule", + "Path": "vendor/golang.org/x/text/secure/bidirule", + "Module": 1, + "ImportedBy": [ + 28 + ] + }, + "28": { + "ID": 28, + "Name": "idna", + "Path": "vendor/golang.org/x/net/idna", + "Module": 1, + "ImportedBy": [ + 30, + 56, + 57 + ] + }, + "29": { + "ID": 29, + "Name": "textproto", + "Path": "net/textproto", + "Module": 1, + "ImportedBy": [ + 30, + 48, + 54, + 57 + ] + }, + "3": { + "ID": 3, + "Name": "context", + "Path": "context", + "Module": 1, + "ImportedBy": [ + 10, + 11, + 19, + 22, + 47, + 48, + 57 + ] + }, + "30": { + "ID": 30, + "Name": "httpguts", + "Path": "vendor/golang.org/x/net/http/httpguts", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "31": { + "ID": 31, + "Name": "filepath", + "Path": "path/filepath", + "Module": 1, + "ImportedBy": [ + 46, + 54, + 57, + 59, + 60 + ] + }, + "32": { + "ID": 32, + "Name": "asn1", + "Path": "encoding/asn1", + "Module": 1, + "ImportedBy": [ + 33, + 45, + 46 + ] + }, + "33": { + "ID": 33, + "Name": "cryptobyte", + "Path": "vendor/golang.org/x/crypto/cryptobyte", + "Module": 1, + "ImportedBy": [ + 38, + 46, + 47 + ] + }, + "34": { + "ID": 34, + "Name": "embed", + "Path": "embed", + "Module": 1, + "ImportedBy": [ + 35 + ] + }, + "35": { + "ID": 35, + "Name": "nistec", + "Path": "crypto/internal/nistec", + "Module": 1, + "ImportedBy": [ + 36 + ] + }, + "36": { + "ID": 36, + "Name": "elliptic", + "Path": "crypto/elliptic", + "Module": 1, + "ImportedBy": [ + 38, + 46, + 47 + ] + }, + "37": { + "ID": 37, + "Name": "bbig", + "Path": "crypto/internal/boring/bbig", + "Module": 1, + "ImportedBy": [ + 38, + 41 + ] + }, + "38": { + "ID": 38, + "Name": "ecdsa", + "Path": "crypto/ecdsa", + "Module": 1, + "ImportedBy": [ + 46, + 47 + ] + }, + "39": { + "ID": 39, + "Name": "cpu", + "Path": "vendor/golang.org/x/sys/cpu", + "Module": 1, + "ImportedBy": [ + 40 + ] + }, + "4": { + "ID": 4, + "Name": "unix", + "Path": "internal/syscall/unix", + "Module": 1, + "ImportedBy": [ + 7, + 8, + 15 + ] + }, + "40": { + "ID": 40, + "Name": "chacha20poly1305", + "Path": "vendor/golang.org/x/crypto/chacha20poly1305", + "Module": 1, + "ImportedBy": [ + 47 + ] + }, + "41": { + "ID": 41, + "Name": "rsa", + "Path": "crypto/rsa", + "Module": 1, + "ImportedBy": [ + 46, + 47 + ] + }, + "42": { + "ID": 42, + "Name": "ed25519", + "Path": "crypto/ed25519", + "Module": 1, + "ImportedBy": [ + 46, + 47 + ] + }, + "43": { + "ID": 43, + "Name": "curve25519", + "Path": "vendor/golang.org/x/crypto/curve25519", + "Module": 1, + "ImportedBy": [ + 47 + ] + }, + "44": { + "ID": 44, + "Name": "dsa", + "Path": "crypto/dsa", + "Module": 1, + "ImportedBy": [ + 46 + ] + }, + "45": { + "ID": 45, + "Name": "pkix", + "Path": "crypto/x509/pkix", + "Module": 1, + "ImportedBy": [ + 46 + ] + }, + "46": { + "ID": 46, + "Name": "x509", + "Path": "crypto/x509", + "Module": 1, + "ImportedBy": [ + 47 + ] + }, + "47": { + "ID": 47, + "Name": "tls", + "Path": "crypto/tls", + "Module": 1, + "ImportedBy": [ + 48, + 57 + ] + }, + "48": { + "ID": 48, + "Name": "httptrace", + "Path": "net/http/httptrace", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "49": { + "ID": 49, + "Name": "mime", + "Path": "mime", + "Module": 1, + "ImportedBy": [ + 54, + 57 + ] + }, + "5": { + "ID": 5, + "Name": "execenv", + "Path": "internal/syscall/execenv", + "Module": 1, + "ImportedBy": [ + 8 + ] + }, + "50": { + "ID": 50, + "Name": "flate", + "Path": "compress/flate", + "Module": 1, + "ImportedBy": [ + 51 + ] + }, + "51": { + "ID": 51, + "Name": "gzip", + "Path": "compress/gzip", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "52": { + "ID": 52, + "Name": "hpack", + "Path": "vendor/golang.org/x/net/http2/hpack", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "53": { + "ID": 53, + "Name": "quotedprintable", + "Path": "mime/quotedprintable", + "Module": 1, + "ImportedBy": [ + 54 + ] + }, + "54": { + "ID": 54, + "Name": "multipart", + "Path": "mime/multipart", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "55": { + "ID": 55, + "Name": "internal", + "Path": "net/http/internal", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "56": { + "ID": 56, + "Name": "httpproxy", + "Path": "vendor/golang.org/x/net/http/httpproxy", + "Module": 1, + "ImportedBy": [ + 57 + ] + }, + "57": { + "ID": 57, + "Name": "http", + "Path": "net/http", + "Module": 1, + "ImportedBy": [ + 60 + ] + }, + "58": { + "ID": 58, + "Name": "parse", + "Path": "text/template/parse", + "Module": 1, + "ImportedBy": [ + 59 + ] + }, + "59": { + "ID": 59, + "Name": "template", + "Path": "text/template", + "Module": 1, + "ImportedBy": [ + 60 + ] + }, + "6": { + "ID": 6, + "Name": "fs", + "Path": "io/fs", + "Module": 1, + "ImportedBy": [ + 8, + 23, + 31, + 34, + 46, + 57, + 59 + ] + }, + "60": { + "ID": 60, + "Name": "main", + "Path": "github.com/jharper-sec/evil-app", + "Module": 4, + "ImportedBy": null + }, + "7": { + "ID": 7, + "Name": "poll", + "Path": "internal/poll", + "Module": 1, + "ImportedBy": [ + 8, + 19 + ] + }, + "8": { + "ID": 8, + "Name": "os", + "Path": "os", + "Module": 1, + "ImportedBy": [ + 9, + 15, + 16, + 19, + 20, + 23, + 24, + 31, + 39, + 46, + 47, + 49, + 54, + 56, + 57, + 59, + 60 + ] + }, + "9": { + "ID": 9, + "Name": "fmt", + "Path": "fmt", + "Module": 1, + "ImportedBy": [ + 10, + 11, + 12, + 13, + 14, + 20, + 21, + 22, + 24, + 25, + 26, + 28, + 29, + 32, + 33, + 43, + 45, + 46, + 47, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60 + ] + } + }, + "Entries": [ + 60 + ] + }, + "Requires": { + "Modules": { + "1": { + "ID": 1, + "Path": "stdlib", + "Version": "v1.19.0", + "Replace": 0, + "RequiredBy": [ + 2, + 3, + 4 + ] + }, + "2": { + "ID": 2, + "Path": "github.com/mattn/go-sqlite3", + "Version": "v1.14.6", + "Replace": 0, + "RequiredBy": [ + 4 + ] + }, + "3": { + "ID": 3, + "Path": "github.com/google/uuid", + "Version": "v1.2.0", + "Replace": 0, + "RequiredBy": [ + 4 + ] + }, + "4": { + "ID": 4, + "Path": "github.com/jharper-sec/evil-app", + "Version": "", + "Replace": 0, + "RequiredBy": null + } + }, + "Entries": [ + 4 + ] + }, + "Vulns": [ + { + "OSV": { + "id": "GO-2022-1144", + "published": "2022-12-08T19:01:21Z", + "modified": "2022-12-08T19:01:21Z", + "aliases": [ + "CVE-2022-41717" + ], + "details": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.\n\nHTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1144" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.canonicalHeader" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56350" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455717" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455635" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "ListenAndServe", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 9, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1144", + "published": "2022-12-08T19:01:21Z", + "modified": "2022-12-08T19:01:21Z", + "aliases": [ + "CVE-2022-41717" + ], + "details": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.\n\nHTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1144" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.canonicalHeader" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56350" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455717" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455635" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "Server.ListenAndServe", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 7, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1144", + "published": "2022-12-08T19:01:21Z", + "modified": "2022-12-08T19:01:21Z", + "aliases": [ + "CVE-2022-41717" + ], + "details": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.\n\nHTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1144" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.canonicalHeader" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56350" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455717" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455635" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "Server.Serve", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 5, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1144", + "published": "2022-12-08T19:01:21Z", + "modified": "2022-12-08T19:01:21Z", + "aliases": [ + "CVE-2022-41717" + ], + "details": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.\n\nHTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1144" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.canonicalHeader" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56350" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455717" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455635" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "http2Server.ServeConn", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 6, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1144", + "published": "2022-12-08T19:01:21Z", + "modified": "2022-12-08T19:01:21Z", + "aliases": [ + "CVE-2022-41717" + ], + "details": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.\n\nHTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1144" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.canonicalHeader" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56350" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455717" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455635" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "http2serverConn.canonicalHeader", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 2, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1143", + "published": "2022-12-07T16:08:45Z", + "modified": "2022-12-07T16:08:45Z", + "aliases": [ + "CVE-2022-41720" + ], + "details": "On Windows, restricted files can be accessed via os.DirFS and http.Dir.\n\nThe os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access.\n\nIn addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system.\n\nWith fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1143" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "os", + "goos": [ + "windows" + ], + "symbols": [ + "DirFS", + "dirFS.Open", + "dirFS.Stat" + ] + }, + { + "path": "net/http", + "goos": [ + "windows" + ], + "symbols": [ + "Dir.Open", + "ServeFile", + "fileHandler.ServeHTTP", + "fileTransport.RoundTrip" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56694" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455716" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "Dir.Open", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 8, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-1143", + "published": "2022-12-07T16:08:45Z", + "modified": "2022-12-07T16:08:45Z", + "aliases": [ + "CVE-2022-41720" + ], + "details": "On Windows, restricted files can be accessed via os.DirFS and http.Dir.\n\nThe os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access.\n\nIn addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system.\n\nWith fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.9" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.4" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1143" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "os", + "goos": [ + "windows" + ], + "symbols": [ + "DirFS", + "dirFS.Open", + "dirFS.Stat" + ] + }, + { + "path": "net/http", + "goos": [ + "windows" + ], + "symbols": [ + "Dir.Open", + "ServeFile", + "fileHandler.ServeHTTP", + "fileTransport.RoundTrip" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56694" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/455716" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" + } + ] + }, + "Symbol": "fileHandler.ServeHTTP", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 4, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0969", + "published": "2022-09-12T20:23:06Z", + "modified": "2022-11-21T19:50:45Z", + "aliases": [ + "CVE-2022-27664" + ], + "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.6" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.goAway" + ] + } + ] + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + { + "type": "REPORT", + "url": "https://go.dev/issue/54658" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/428735" + } + ] + }, + "Symbol": "ListenAndServe", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 9, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0969", + "published": "2022-09-12T20:23:06Z", + "modified": "2022-11-21T19:50:45Z", + "aliases": [ + "CVE-2022-27664" + ], + "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.6" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.goAway" + ] + } + ] + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + { + "type": "REPORT", + "url": "https://go.dev/issue/54658" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/428735" + } + ] + }, + "Symbol": "Server.ListenAndServe", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 7, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0969", + "published": "2022-09-12T20:23:06Z", + "modified": "2022-11-21T19:50:45Z", + "aliases": [ + "CVE-2022-27664" + ], + "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.6" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.goAway" + ] + } + ] + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + { + "type": "REPORT", + "url": "https://go.dev/issue/54658" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/428735" + } + ] + }, + "Symbol": "Server.Serve", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 5, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0969", + "published": "2022-09-12T20:23:06Z", + "modified": "2022-11-21T19:50:45Z", + "aliases": [ + "CVE-2022-27664" + ], + "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.6" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.goAway" + ] + } + ] + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + { + "type": "REPORT", + "url": "https://go.dev/issue/54658" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/428735" + } + ] + }, + "Symbol": "http2Server.ServeConn", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 6, + "ImportSink": 57, + "RequireSink": 1 + }, + { + "OSV": { + "id": "GO-2022-0969", + "published": "2022-09-12T20:23:06Z", + "modified": "2022-11-21T19:50:45Z", + "aliases": [ + "CVE-2022-27664" + ], + "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.18.6" + }, + { + "introduced": "1.19.0" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-0969" + }, + "ecosystem_specific": { + "imports": [ + { + "path": "net/http", + "symbols": [ + "ListenAndServe", + "ListenAndServeTLS", + "Serve", + "ServeTLS", + "Server.ListenAndServe", + "Server.ListenAndServeTLS", + "Server.Serve", + "Server.ServeTLS", + "http2Server.ServeConn", + "http2serverConn.goAway" + ] + } + ] + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" + }, + { + "type": "REPORT", + "url": "https://go.dev/issue/54658" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/428735" + } + ] + }, + "Symbol": "http2serverConn.goAway", + "PkgPath": "net/http", + "ModPath": "stdlib", + "CallSink": 3, + "ImportSink": 57, + "RequireSink": 1 + } + ], + "Modules": [ + { + "Path": "github.com/google/uuid", + "Version": "v1.2.0", + "Dir": "", + "Replace": null + }, + { + "Path": "github.com/jharper-sec/evil-app", + "Version": "", + "Dir": "", + "Replace": null + }, + { + "Path": "github.com/mattn/go-sqlite3", + "Version": "v1.14.6", + "Dir": "", + "Replace": null + }, + { + "Path": "stdlib", + "Version": "v1.19.0", + "Dir": "", + "Replace": null + } + ] +} diff --git a/unittests/scans/govulncheck/many_vulns_new_version.json b/unittests/scans/govulncheck/many_vulns_new_version.json new file mode 100644 index 00000000000..0dbd64a4198 --- /dev/null +++ b/unittests/scans/govulncheck/many_vulns_new_version.json @@ -0,0 +1,267 @@ +[ + { + "config": { + "protocol_version": "v1.0.0", + "scanner_name": "govulncheck", + "scanner_version": "v1.0.0", + "db": "https://vuln.go.dev", + "db_last_modified": "2023-08-11T01:41:48Z", + "go_version": "go1.20.1", + "scan_level": "symbol" + } + },{ + "progress": { + "message": "Scanning your code and 554 packages across 80 dependent modules for known vulnerabilities..." + } + },{ + "osv": { + "schema_version": "1.3.1", + "id": "GO-2023-1840", + "modified": "2023-06-12T18:45:41Z", + "published": "2023-06-08T20:16:06Z", + "aliases": [ + "CVE-2023-29403" + ], + "summary": "Unsafe behavior in setuid/setgid binaries in runtime", + "details": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors.\n\nIf a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "affected": [ + { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.19.10" + }, + { + "introduced": "1.20.0-0" + }, + { + "fixed": "1.20.5" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "runtime" + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/60272" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/501223" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ" + } + ], + "credits": [ + { + "name": "Vincent Dehors from Synacktiv" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2023-1840" + } + } + }, { + "finding": { + "osv": "GO-2023-1840", + "fixed_version": "v1.20.5", + "trace": [ + { + "module": "stdlib", + "version": "v1.20.1", + "package": "runtime", + "function": "BlockProfile" + }, + { + "module": "stdlib", + "version": "v1.20.1", + "package": "runtime/pprof", + "function": "writeProfileInternal", + "position": { + "filename": "/usr/local/go/src/runtime/pprof/pprof.go", + "offset": 27563, + "line": 867, + "column": 25 + } + }, + { + "module": "stdlib", + "version": "v1.20.1", + "package": "runtime/pprof", + "function": "writeBlock", + "position": { + "filename": "/usr/local/go/src/runtime/pprof/pprof.go", + "offset": 27040, + "line": 856, + "column": 29 + } + }, + { + "module": "stdlib", + "version": "v1.20.1", + "package": "runtime/pprof", + "function": "WriteTo", + "receiver": "*Profile", + "position": { + "filename": "/usr/local/go/src/runtime/pprof/pprof.go", + "offset": 10453, + "line": 329, + "column": 17 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "newLookupProfilingState$1", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/profiling.go", + "offset": 2067, + "line": 64, + "column": 25 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "profile", + "receiver": "*profilingState", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/profiling.go", + "offset": 4506, + "line": 149, + "column": 30 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "start$1", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/profiling.go", + "offset": 3898, + "line": 128, + "column": 26 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "start", + "receiver": "*profilingState", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/profiling.go", + "offset": 3811, + "line": 126, + "column": 2 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "loop", + "receiver": "*Tracer", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/tracer.go", + "offset": 34540, + "line": 1065, + "column": 27 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "newTracer", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/tracer.go", + "offset": 15939, + "line": 496, + "column": 2 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "init#2", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/tracer.go", + "offset": 1884, + "line": 64, + "column": 27 + } + }, + { + "module": "go.elastic.co/apm", + "version": "v1.15.0", + "package": "go.elastic.co/apm", + "function": "init", + "position": { + "filename": "/Users/Ma1tobiose/pkg/mod/go.elastic.co/apm@v1.15.0/breakdown.go", + "offset": 794, + "line": 18, + "column": 1 + } + }, + { + "module": "testproject", + "package": "testproject/sdk/trace", + "function": "init", + "position": { + "filename": "/tmp/testproject/sdk/trace/apm.go", + "offset": 75, + "line": 9, + "column": 2 + } + }, + { + "module": "testproject", + "package": "testproject/sdk/logger", + "function": "init", + "position": { + "filename": "/tmp/testproject/sdk/logger/hooks.go", + "offset": 134, + "line": 8, + "column": 2 + } + }, + { + "module": "testproject", + "package": "testproject", + "function": "init", + "position": { + "filename": "/tmp/testproject/main.go", + "offset": 545, + "line": 13, + "column": 2 + } + } + ] + } + } +] \ No newline at end of file diff --git a/unittests/scans/govulncheck/many_vulns_new_version_custom_severity.json b/unittests/scans/govulncheck/many_vulns_new_version_custom_severity.json new file mode 100644 index 00000000000..4f37dbeb652 --- /dev/null +++ b/unittests/scans/govulncheck/many_vulns_new_version_custom_severity.json @@ -0,0 +1,196 @@ +[ + { + "config": { + "protocol_version": "v1.0.0", + "scanner_name": "govulncheck", + "scanner_version": "v1.0.1", + "db": "https://vuln.go.dev", + "db_last_modified": "2024-01-04T18:39:51Z", + "go_version": "go1.21.4", + "scan_level": "symbol" + } + }, + { + "progress": { + "message": "Scanning your code and 47 packages across 1 dependent module for known vulnerabilities..." + } + }, + { + "osv": { + "schema_version": "1.3.1", + "id": "GO-2021-0113", + "modified": "2023-06-12T18:45:41Z", + "published": "2021-10-06T17:51:21Z", + "severity":"Low", + "aliases": [ + "CVE-2021-38561", + "GHSA-ppp9-7jff-5vj2" + ], + "summary": "Out-of-bounds read in golang.org/x/text/language", + "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack.", + "affected": [ + { + "package": { + "name": "golang.org/x/text", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.7" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "golang.org/x/text/language", + "symbols": [ + "MatchStrings", + "MustParse", + "Parse", + "ParseAcceptLanguage" + ] + } + ] + } + } + ], + "references": [ + { + "type": "FIX", + "url": "https://go.dev/cl/340830" + }, + { + "type": "FIX", + "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + } + ], + "credits": [ + { + "name": "Guido Vranken" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2021-0113" + } + } + }, + { + "finding": { + "osv": "GO-2021-0113", + "fixed_version": "v0.3.7", + "trace": [ + { + "module": "golang.org/x/text", + "version": "v0.3.5", + "package": "golang.org/x/text/language", + "function": "Parse" + }, + { + "module": "vuln.tutorial", + "package": "vuln.tutorial", + "function": "main", + "position": { + "filename": "govulncheck/vulnerable/main.go", + "offset": 189, + "line": 12, + "column": 43 + } + } + ] + } + }, + { + "osv": { + "schema_version": "1.3.1", + "id": "GO-2022-1059", + "modified": "2023-06-12T18:45:41Z", + "published": "2022-10-11T18:16:24Z", + "severity": "High", + "aliases": [ + "CVE-2022-32149", + "GHSA-69ch-w2m2-3vjp" + ], + "summary": "Denial of service via crafted Accept-Language header in golang.org/x/text/language", + "details": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", + "affected": [ + { + "package": { + "name": "golang.org/x/text", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.8" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "golang.org/x/text/language", + "symbols": [ + "MatchStrings", + "ParseAcceptLanguage" + ] + } + ] + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://go.dev/issue/56152" + }, + { + "type": "FIX", + "url": "https://go.dev/cl/442235" + }, + { + "type": "WEB", + "url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ" + } + ], + "credits": [ + { + "name": "Adam Korczynski (ADA Logics)" + }, + { + "name": "OSS-Fuzz" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1059" + } + } + }, + { + "finding": { + "osv": "GO-2022-1059", + "fixed_version": "v0.3.8", + "trace": [ + { + "module": "golang.org/x/text", + "version": "v0.3.5", + "package": "golang.org/x/text/language" + } + ] + } + } +] + \ No newline at end of file diff --git a/unittests/scans/govulncheck/no_vulns.json b/unittests/scans/govulncheck/no_vulns.json new file mode 100644 index 00000000000..ad98d9849a6 --- /dev/null +++ b/unittests/scans/govulncheck/no_vulns.json @@ -0,0 +1,167 @@ +{ + "Calls": { + "Functions": {}, + "Entries": null + }, + "Imports": { + "Packages": { + "1": { + "ID": 1, + "Name": "syscall", + "Path": "syscall", + "Module": 1, + "ImportedBy": [ + 2, + 3, + 5, + 6, + 7 + ] + }, + "10": { + "ID": 10, + "Name": "log", + "Path": "log", + "Module": 1, + "ImportedBy": [ + 11 + ] + }, + "11": { + "ID": 11, + "Name": "main", + "Path": "my_project", + "Module": 1, + "ImportedBy": null + }, + "2": { + "ID": 2, + "Name": "execenv", + "Path": "internal/syscall/execenv", + "Module": 1, + "ImportedBy": [ + 7 + ] + }, + "3": { + "ID": 3, + "Name": "time", + "Path": "time", + "Module": 1, + "ImportedBy": [ + 4, + 6, + 7, + 10 + ] + }, + "4": { + "ID": 4, + "Name": "fs", + "Path": "io/fs", + "Module": 1, + "ImportedBy": [ + 7 + ] + }, + "5": { + "ID": 5, + "Name": "unix", + "Path": "internal/syscall/unix", + "Module": 1, + "ImportedBy": [ + 6, + 7 + ] + }, + "6": { + "ID": 6, + "Name": "poll", + "Path": "internal/poll", + "Module": 1, + "ImportedBy": [ + 7 + ] + }, + "7": { + "ID": 7, + "Name": "os", + "Path": "os", + "Module": 1, + "ImportedBy": [ + 8, + 10 + ] + }, + "8": { + "ID": 8, + "Name": "fmt", + "Path": "fmt", + "Module": 1, + "ImportedBy": [ + 9, + 10, + 11 + ] + }, + "9": { + "ID": 9, + "Name": "gocvss31", + "Path": "github.com/pandatix/go-cvss/31", + "Module": 2, + "ImportedBy": [ + 11 + ] + } + }, + "Entries": [ + 11 + ] + }, + "Requires": { + "Modules": { + "1": { + "ID": 1, + "Path": "stdlib", + "Version": "v1.19.0", + "Replace": 0, + "RequiredBy": [ + 2 + ] + }, + "2": { + "ID": 2, + "Path": "github.com/pandatix/go-cvss", + "Version": "v0.3.0", + "Replace": 0, + "RequiredBy": [ + 1 + ] + } + }, + "Entries": [ + 1 + ] + }, + "Vulns": null, + "Modules": [ + { + "Path": "github.com/pandatix/go-cvss", + "Version": "v0.3.0", + "Dir": "", + "Replace": null + }, + { + "Path": "my_project", + "Version": "", + "Dir": "", + "Replace": null + }, + { + "Path": "stdlib", + "Version": "v1.19.0", + "Dir": "", + "Replace": null + } + ] +} diff --git a/unittests/scans/govulncheck/no_vulns_new_version.json b/unittests/scans/govulncheck/no_vulns_new_version.json new file mode 100644 index 00000000000..4ff229e385c --- /dev/null +++ b/unittests/scans/govulncheck/no_vulns_new_version.json @@ -0,0 +1,18 @@ +[ + { + "config": { + "protocol_version": "v1.0.0", + "scanner_name": "govulncheck", + "scanner_version": "v1.0.1", + "db": "https://vuln.go.dev", + "db_last_modified": "2024-01-04T18:39:51Z", + "go_version": "go1.21.4", + "scan_level": "symbol" + } + }, + { + "progress": { + "message": "Scanning your code and 0 packages across 0 dependent modules for known vulnerabilities..." + } + } +] \ No newline at end of file diff --git a/unittests/scans/harbor_vulnerability/harbor-trivy-vuln.json b/unittests/scans/harbor_vulnerability/harbor-trivy-vuln.json new file mode 100644 index 00000000000..c4afc58afc6 --- /dev/null +++ b/unittests/scans/harbor_vulnerability/harbor-trivy-vuln.json @@ -0,0 +1,125 @@ +{ + "application/vnd.security.vulnerability.report; version=1.1": { + "generated_at": "2023-09-08T00:19:11.258693685Z", + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "v0.44.0" + }, + "severity": "Critical", + "vulnerabilities": [ + { + "id": "CVE-2022-1304", + "package": "e2fsprogs", + "version": "1.46.2-2", + "fix_version": "", + "severity": "High", + "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", + "links": [ + "https://avd.aquasec.com/nvd/cve-2022-1304" + ], + "artifact_digests": [ + "sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" + ], + "preferred_cvss": { + "score_v3": 7.8, + "score_v2": null, + "vector_v3": "", + "vector_v2": "" + }, + "cwe_ids": [ + "CWE-125", + "CWE-787" + ], + "vendor_attributes": { + "CVSS": { + "nvd": { + "V2Score": 6.8, + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Score": 7.8, + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + "redhat": { + "V3Score": 5.8, + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" + } + } + } + }, + { + "id": "CVE-2019-1010023", + "package": "libc6", + "version": "2.31-13+deb11u3", + "fix_version": "", + "severity": "Low", + "description": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", + "links": [ + "https://avd.aquasec.com/nvd/cve-2019-1010023" + ], + "artifact_digests": [ + "sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" + ], + "preferred_cvss": { + "score_v3": 8.8, + "score_v2": null, + "vector_v3": "", + "vector_v2": "" + }, + "cwe_ids": [ + "" + ], + "vendor_attributes": { + "CVSS": { + "nvd": { + "V2Score": 6.8, + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Score": 8.8, + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + "redhat": { + "V3Score": 7.8, + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + } + } + }, + { + "id": "CVE-2019-1010024", + "package": "libc6", + "version": "2.31-13+deb11u3", + "fix_version": "", + "severity": "Low", + "description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", + "links": [ + "https://avd.aquasec.com/nvd/cve-2019-1010024" + ], + "artifact_digests": [ + "sha256:711103cfce07dc03d61f51e819fad7d6fbbad20fc99caa039cc8da77e7a1c51b" + ], + "preferred_cvss": { + "score_v3": 5.3, + "score_v2": null, + "vector_v3": "", + "vector_v2": "" + }, + "cwe_ids": [ + "CWE-200" + ], + "vendor_attributes": { + "CVSS": { + "nvd": { + "V2Score": 5, + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Score": 5.3, + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "redhat": { + "V3Score": 5.3, + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/unittests/scans/harbor_vulnerability/harborapipip.json b/unittests/scans/harbor_vulnerability/harborapipip.json new file mode 100644 index 00000000000..356d7ecf03b --- /dev/null +++ b/unittests/scans/harbor_vulnerability/harborapipip.json @@ -0,0 +1,86 @@ +{ + "generated_at": "2023-11-16T00:14:12.726598+00:00", + "artifact": null, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "v0.44.0" + }, + "severity": "High", + "vulnerabilities": [ + { + "id": "CVE-1999-123", + "package": "libs", + "version": "1.2.3.4.5.6", + "fix_version": "", + "severity": "Medium", + "description": "out-of-bounds write to the ram", + "links": [ + "https://avd.aquasec.com/nvd/cve-1999-123" + ], + "preferred_cvss": { + "score_v3": 9.8, + "score_v2": null, + "vector_v3": "", + "vector_v2": "" + }, + "cwe_ids": [ + "CWE-787" + ], + "vendor_attributes": { + "CVSS": { + "nvd": { + "V2Score": 7.5, + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Score": 9.8, + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "redhat": { + "V3Score": 4, + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + } + }, + "artifact_digests": [ + "sha256:1829318312389123819231839" + ] + }, + { + "id": "CVE-1999-1234", + "package": "asdf", + "version": "1.2.3.4.5", + "fix_version": "", + "severity": "High", + "description": "Lorem ipsum.", + "links": [ + "https://avd.aquasec.com/nvd/cve-1999-1234" + ], + "preferred_cvss": { + "score_v3": 7.5, + "score_v2": null, + "vector_v3": "", + "vector_v2": "" + }, + "cwe_ids": [ + "CWE-190" + ], + "vendor_attributes": { + "CVSS": { + "nvd": { + "V2Score": 5, + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Score": 7.5, + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "redhat": { + "V3Score": 6.2, + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + } + }, + "artifact_digests": [ + "sha256:3db2f7b39ef243df9640a3844c95e5cd403447a0dcf8cb4f1cbb5e034971b29b" + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/hcl_appscan/issue_9279.xml b/unittests/scans/hcl_appscan/issue_9279.xml new file mode 100644 index 00000000000..20677077e4d --- /dev/null +++ b/unittests/scans/hcl_appscan/issue_9279.xml @@ -0,0 +1,13009 @@ + + + + + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 0 + 0 + + + Secure + Scheme + Same Site + Comments + Scan started: + Issue Types + Threat Classification: + AppScan Web Application Security Report + Untested Web Server + URL: + Original Response + WASC Threat Classification + Unwanted + Test optimization level: + Affected Products: + URLs Status + Issues Sorted by URL + Concurrent logins: + Response + Simulation of the pop-up that appears when this page is opened in a browser + None or Unknown + Document Map + Components + Fix Recommendation: + This request/response contains binary content, which is not included in generated reports. + Summary + Entity: + General + Tracked or session ID cookies: + This summary report was created with the Application Security Analyzer Free Plan. Once you purchase the full service you will have access to a complete report with detailed descriptions of the issues found and how to remediate them. + CVSS Score: + TextArea + Informational + In-session pattern: + Image + Difference: + Radio + This section includes a detailed listing of the scan results, including all issue types found, all recommended remediation tasks, all vulnerable URLs, etc., and is intended to provide a detailed understanding of the security status of the application, as well as to assist in scoping and prioritizing the work required to remedy the issues found. + Fixed Issues + Test Description: + Login method: + Total security issues discovered in the scan: + External References: + CVSS version: + Scan Summary + Failed Requests + Test policy: + Parameters + General information about the scan, including the project name, purpose of the scan, etc. + Simple Link + Path Limit + Rules: + New URLs + Body + Open Issues + Filtered URLs + Operating system: + This report consists of the following sections: + Base Scan Started: + Detailed Security Issues by Sections + Test Login + Informational severity issues: + JavaScripts + Unknown + Path + Vulnerable URLs + {0} Unique issues detected across {1} sections of the regulation: + High severity issues: + Likely Similar DOM + Fix: + True + None + Comment + Cookies + First Set + Host + AppScan performs real-time security assessments of web applications. These assessments aim to uncover any security issues in the application, explain the impact and risks associated with these issues, and provide guidance in planning and prioritizing the remediation, The objective of this assignment was to perform controlled attack and penetration activities to assess the overall level of security of the application. + Checkbox + Body Parameter + Harmless + Id + This attack is not supported by AppScan. + Button + Raw Test Response: + Login Settings + This report was created by HCL AppScan Standard + Report Produced on Tree node: + Additional Data: + Issues Status + Test Response (next-to-last) + Application server: + General Information + Test Type: + This section is a high-level "overview" of the information gathered during the scan, using graphs or comparative numbers, and is intended to provide a general understanding of the security status of the application. + XML + Delta Analysis + Test Response (last) + Hidden + CWE: + CVE: + of + added to request: + Number of Issues + Similar DOM + Exploit Example: + Free Plan + Compliance issues found: + Malicious + Automatic + Submit + added + Fixed + Cause + Index + Issue + Query + Select + Value + The following weak cipher suites are supported by the server: + Fix + Low + New + TOC + URL + PHP + Low severity issues: + Visited URLs + Sample Report + Remaining + Expires + Removed URLs + Target Scan + Custom + How to Fix + Medium severity issues: + File Extension + Issue Type + Logout Filter + Password + Scan file name: + JavaScript execution: + JS Stack Trace + Prompt + Web server: + Enabled + Objectives + X-Force: + This report contains the results of a web application security scan performed by HCL AppScan Standard. + Technical Description: + Variant + AppScan Severity + HTTP Request Method + Issues detected across {0} sections of the regulation: + Total security issues included in the report: + Table of Contents + Introduction and Objectives + Depth Limit + Version + Tracked or session ID parameters: + Original Requests and Responses: + In-session detection: + Total Visited Links Limit + New Issues + HTTP Only + total security issues + Introduction + Recorded login + Target Scan Started: + Base Scan + Test Response (first) + Cause: + Violated Section + Critical + Port + Fast + Valid Login + Severity: + Parameter + Severity + Application Data + Test Request: + Fix Recommendations + Reasoning: + Domain + .Net + Advisories + Entity + Risk: + This report was created by IBM Application Security Analyzer - Dynamic, Security rules version: + Critical severity issues: + GDPR Articles + File + JSON + Text + Comprehensive Security Report + Issue Types + Security entities tested: + Regulations + removed + Query Parameter + Image Context + Removed + Medium + Method + URL Length Limit + SSL Version + Faster + (Modified) + Sections + Causes + Cookie + Scanned pages: + Header + Unknown + General Regular Expression + Fastest + Disabled + Vulnerable URLs + manipulated from: + Issue Distribution by Scan + Threat + Normal + Security Risks + Risk: + Requested URL + Test Requests and Responses: + this is now the same as the one below - should be removed + Request + Please Note: + Remediation Task + Detailed Summary + Issues Sorted by Issue Type + Remaining URLs + Name + to: + Nesting Limit + Test Response + removed from request: + Similar Body + Original Request + Body + Code + High + Name + Open + Type + J2EE + Path + Port + Risk + Section Violation By Issue + False + Any + Login sequence: + Issue Types that this task fixes + Reason + + + 0 + + <report-type /> + <description /> + <header /> + <footer /> + <include-date>1</include-date> + <report-date-and-time>1/4/2024 12:22:44 PM</report-date-and-time> + <company-logo-path /> + <additional-logo-path /> + <margins>1</margins> + <node-path /> + <coverage>StandardFullReport</coverage> + </layout> + <scan-information> + <scan-name>demo.testfire.net</scan-name> + <scan-file-name>demo.testfire.net.scan</scan-file-name> + <scan-date-and-time>11/2/2023 10:39:49 AM</scan-date-and-time> + <scan-date-and-time-iso>2023-11-02T10:39:49Z</scan-date-and-time-iso> + <product-name>HCL AppScan Standard</product-name> + <product-version>10.4.0</product-version> + <cvss-version>3.1</cvss-version> + </scan-information> + <scan-configuration> + <login-settings-group> + <allow-concurrent-logins>dictionaryEnabled</allow-concurrent-logins> + <enable-Jsx-In-login-replay>dictionaryDisabled</enable-Jsx-In-login-replay> + <session-management-mode>dictionarySessionManagementModeRecorded</session-management-mode> + <session-verifier-enabled>dictionaryEnabled</session-verifier-enabled> + <session-verifier-pattern>>Sign Off<</session-verifier-pattern> + <tracked-cookies> + <cookie>JSESSIONID</cookie> + <cookie>AltoroAccounts</cookie> + </tracked-cookies> + <tracked-parameters /> + <recorded-urls-sequence> + <url>https://demo.testfire.net/</url> + <url>https://demo.testfire.net/login.jsp</url> + <url>https://demo.testfire.net/doLogin</url> + <url>https://demo.testfire.net/bank/main.jsp</url> + </recorded-urls-sequence> + </login-settings-group> + <test-policy-name>Default</test-policy-name> + <test-optimization-level>testOptimizationFast</test-optimization-level> + <starting-url>https://demo.testfire.net</starting-url> + <link-limit-state>dictionaryDisabled</link-limit-state> + <link-limit>500</link-limit> + <depth-limit-state>dictionaryEnabled</depth-limit-state> + <depth-limit>20</depth-limit> + <path-limit-state>dictionaryDisabled</path-limit-state> + <path-limit>5</path-limit> + <form-filler-state>dictionaryEnabled</form-filler-state> + <java-script-links-execution>dictionaryDisabled</java-script-links-execution> + <java-script-links-extraction>dictionaryEnabled</java-script-links-extraction> + <flash-execution-state>dictionaryDisabled</flash-execution-state> + <flash-links-extraction-state>dictionaryDisabled</flash-links-extraction-state> + <additional-servers-and-domains /> + <multi-phase-operation-names> + <multi-phase-operation-name>Sequence 1</multi-phase-operation-name> + </multi-phase-operation-names> + <path-filters> + <path-filter> + <path>.*/deleteweb.aspx</path> + <type>Exclude</type> + <matching>True</matching> + </path-filter> + </path-filters> + <custom-proxy-settings>dictionaryDisabled</custom-proxy-settings> + <use-ie-proxy-settings>dictionaryEnabled</use-ie-proxy-settings> + <proxy-settings-ip-address /> + <proxy-settings-port>8080</proxy-settings-port> + <scanned-hosts> + <item> + <host>demo.testfire.net</host> + <port>443</port> + <operating-system>GeneralInformation.Unknown</operating-system> + <web-server>Apache</web-server> + <application-server>Tomcat</application-server> + </item> + </scanned-hosts> + </scan-configuration> + <scan-summary> + <scan-Duration>00:47:16.6591694</scan-Duration> + <num-pages-scanned>61</num-pages-scanned> + <total-num-pages>61</total-num-pages> + <num-security-entities-tested>264</num-security-entities-tested> + <total-num-security-entities>264</total-num-security-entities> + <num-issues-found>113</num-issues-found> + <total-issues-severity-critical>5</total-issues-severity-critical> + <total-issues-severity-high>11</total-issues-severity-high> + <total-issues-severity-medium>34</total-issues-severity-medium> + <total-issues-severity-low>46</total-issues-severity-low> + <total-issues-severity-informational>17</total-issues-severity-informational> + <test-policy>Default</test-policy> + </scan-summary> + <issue-type-group> + <item id="attBlindSqlInjectionStrings" count="1" maxIssueSeverity="6"> + <name>Blind SQL Injection</name> + <cve /> + <cwe>89</cwe> + <xfid>8783</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>attBlindSqlInjectionStrings</ref> + </advisory> + <threat-class> + <ref>catSQLInjection</ref> + </threat-class> + <fix-recommendation> + <ref>attBlindSqlInjectionStrings</ref> + </fix-recommendation> + <causes> + <ref>Cause_0</ref> + </causes> + <security-risks> + <ref>databaseManipulations</ref> + </security-risks> + <affected-products /> + </item> + <item id="attSqlInjectionChecks" count="4" maxIssueSeverity="6"> + <name>SQL Injection</name> + <cve /> + <cwe>89</cwe> + <xfid>8783</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>attSqlInjectionChecks</ref> + </advisory> + <threat-class> + <ref>catSQLInjection</ref> + </threat-class> + <fix-recommendation> + <ref>attSqlInjectionChecks</ref> + </fix-recommendation> + <causes> + <ref>Cause_1</ref> + <ref>Cause_2</ref> + <ref>Cause_3</ref> + <ref>Cause_4</ref> + </causes> + <security-risks> + <ref>databaseManipulations</ref> + </security-risks> + <affected-products /> + </item> + <item id="attIntegerOverflow" count="2" maxIssueSeverity="3"> + <name>Integer Overflow</name> + <cve /> + <cwe>190</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_50300</ref> + </remediation> + <advisory> + <ref>attIntegerOverflow</ref> + </advisory> + <threat-class> + <ref>catIntegerOverflow</ref> + </threat-class> + <fix-recommendation> + <ref>attIntegerOverflow</ref> + </fix-recommendation> + <causes> + <ref>Cause_5</ref> + </causes> + <security-risks> + <ref>debugErrorInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attRedirectInURL" count="1" maxIssueSeverity="3"> + <name>Phishing Through URL Redirection</name> + <cve /> + <cwe>601</cwe> + <xfid>52830</xfid> + <remediation> + <ref>fix_53140</ref> + </remediation> + <advisory> + <ref>attRedirectInURL</ref> + </advisory> + <threat-class> + <ref>catURLRedirectoryAbuse</ref> + </threat-class> + <fix-recommendation> + <ref>attRedirectInURL</ref> + </fix-recommendation> + <causes> + <ref>Cause_6</ref> + <ref>Cause_7</ref> + <ref>Cause_8</ref> + </causes> + <security-risks> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="attCrossSiteScripting" count="8" maxIssueSeverity="3"> + <name>Reflected Cross Site Scripting</name> + <cve /> + <cwe>79</cwe> + <xfid>6784</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>attCrossSiteScripting</ref> + </advisory> + <threat-class> + <ref>catCrossSiteScripting</ref> + </threat-class> + <fix-recommendation> + <ref>attCrossSiteScripting</ref> + </fix-recommendation> + <causes> + <ref>Cause_9</ref> + <ref>Cause_10</ref> + <ref>Cause_11</ref> + <ref>Cause_12</ref> + </causes> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attSameSiteCookie" count="2" maxIssueSeverity="2"> + <name>Cookie with Insecure or Improper or Missing SameSite attribute</name> + <cve /> + <cwe>1275</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61797</ref> + </remediation> + <advisory> + <ref>attSameSiteCookie</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <fix-recommendation> + <ref>attSameSiteCookie</ref> + </fix-recommendation> + <causes> + <ref>Cause_13</ref> + </causes> + <security-risks> + <ref>risk_attSameSiteCookie</ref> + </security-risks> + <affected-products /> + </item> + <item id="attCrossSiteRequestForgery" count="5" maxIssueSeverity="2"> + <name>Cross-Site Request Forgery</name> + <cve /> + <cwe>352</cwe> + <xfid>6784</xfid> + <remediation> + <ref>fix_60130</ref> + </remediation> + <advisory> + <ref>attCrossSiteRequestForgery</ref> + </advisory> + <threat-class> + <ref>catCrossSiteRequestForgery</ref> + </threat-class> + <fix-recommendation> + <ref>attCrossSiteRequestForgery</ref> + </fix-recommendation> + <causes> + <ref>Cause_14</ref> + <ref>Cause_15</ref> + <ref>Cause_16</ref> + <ref>Cause_17</ref> + </causes> + <security-risks> + <ref>CSRF_risk</ref> + </security-risks> + <affected-products /> + </item> + <item id="GV_SQLErr" count="6" maxIssueSeverity="2"> + <name>Database Error Pattern Found</name> + <cve /> + <cwe>209</cwe> + <xfid>52577</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>GV_SQLErr</ref> + </advisory> + <threat-class> + <ref>catSQLInjection</ref> + </threat-class> + <fix-recommendation> + <ref>GV_SQLErr</ref> + </fix-recommendation> + <causes> + <ref>Cause_0</ref> + </causes> + <security-risks> + <ref>databaseManipulations</ref> + </security-risks> + <affected-products /> + </item> + <item id="DirectAccesstoAdministrationPages" count="2" maxIssueSeverity="2"> + <name>Direct Access to Administration Pages</name> + <cve /> + <cwe>306</cwe> + <xfid>52579</xfid> + <remediation> + <ref>fix_54860</ref> + </remediation> + <advisory> + <ref>DirectAccesstoAdministrationPages</ref> + </advisory> + <threat-class> + <ref>catPredictableResourceLocation</ref> + </threat-class> + <fix-recommendation> + <ref>DirectAccesstoAdministrationPages</ref> + </fix-recommendation> + <causes> + <ref>Cause_18</ref> + </causes> + <security-risks> + <ref>privilegeEscalation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attHostHeaderInjection" count="1" maxIssueSeverity="2"> + <name>Host Header Injection</name> + <cve /> + <cwe>644</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61481</ref> + </remediation> + <advisory> + <ref>attHostHeaderInjection</ref> + </advisory> + <threat-class> + <ref>catAbuseOfFunctionality</ref> + </threat-class> + <fix-recommendation> + <ref>attHostHeaderInjection</ref> + </fix-recommendation> + <causes> + <ref>Cause_19</ref> + </causes> + <security-risks> + <ref>cachePoisoning</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="attAccountLockout" count="1" maxIssueSeverity="2"> + <name>Inadequate Account Lockout</name> + <cve /> + <cwe>307</cwe> + <xfid>52623</xfid> + <remediation> + <ref>fix_59220</ref> + </remediation> + <advisory> + <ref>attAccountLockout</ref> + </advisory> + <threat-class> + <ref>catBruteForce</ref> + </threat-class> + <fix-recommendation> + <ref>attAccountLockout</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>privilegeEscalation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attLinkInjection" count="6" maxIssueSeverity="2"> + <name>Link Injection (facilitates Cross-Site Request Forgery)</name> + <cve /> + <cwe>74</cwe> + <xfid>6784</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>attLinkInjection</ref> + </advisory> + <threat-class> + <ref>catContentSpoofing</ref> + </threat-class> + <fix-recommendation> + <ref>attLinkInjection</ref> + </fix-recommendation> + <causes> + <ref>Cause_0</ref> + </causes> + <security-risks> + <ref>phishing</ref> + <ref>userImpersonation</ref> + <ref>siteDefacement</ref> + </security-risks> + <affected-products /> + </item> + <item id="attRespCookieNotSecureSSL" count="1" maxIssueSeverity="2"> + <name>Missing Secure Attribute in Encrypted Session (SSL) Cookie</name> + <cve /> + <cwe>614</cwe> + <xfid>52696</xfid> + <remediation> + <ref>fix_52740</ref> + </remediation> + <advisory> + <ref>attRespCookieNotSecureSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attRespCookieNotSecureSSL</ref> + </fix-recommendation> + <causes> + <ref>Cause_21</ref> + </causes> + <security-risks> + <ref>unsecureCookieInSSL</ref> + </security-risks> + <affected-products /> + </item> + <item id="OldTLS" count="1" maxIssueSeverity="2"> + <name>Older TLS Version is Supported</name> + <cve /> + <cwe>327</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61030</ref> + </remediation> + <advisory> + <ref>OldTLS</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <fix-recommendation> + <ref>OldTLS</ref> + </fix-recommendation> + <causes> + <ref>Cause_18</ref> + </causes> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <affected-products /> + </item> + <item id="phishingInFrames" count="7" maxIssueSeverity="2"> + <name>Phishing Through Frames</name> + <cve /> + <cwe>79</cwe> + <xfid>52829</xfid> + <remediation> + <ref>fix_52000</ref> + </remediation> + <advisory> + <ref>phishingInFrames</ref> + </advisory> + <threat-class> + <ref>catContentSpoofing</ref> + </threat-class> + <fix-recommendation> + <ref>phishingInFrames</ref> + </fix-recommendation> + <causes> + <ref>Cause_0</ref> + </causes> + <security-risks> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="SHA1CipherSuites" count="1" maxIssueSeverity="2"> + <name>SHA-1 cipher suites were detected</name> + <cve /> + <cwe>327</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61754</ref> + </remediation> + <advisory> + <ref>SHA1CipherSuites</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <fix-recommendation> + <ref>SHA1CipherSuites</ref> + </fix-recommendation> + <causes> + <ref>Cause_18</ref> + </causes> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <affected-products /> + </item> + <item id="constTransient" count="1" maxIssueSeverity="2"> + <name>Session Identifier Not Updated</name> + <cve /> + <cwe>304</cwe> + <xfid>52863</xfid> + <remediation> + <ref>fix_60310</ref> + </remediation> + <advisory> + <ref>constTransient</ref> + </advisory> + <threat-class> + <ref>catSessionFixation</ref> + </threat-class> + <fix-recommendation> + <ref>constTransient</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <affected-products /> + </item> + <item id="GD_autocompleteInForm" count="4" maxIssueSeverity="1"> + <name>Autocomplete HTML Attribute Not Disabled for Password Field</name> + <cve /> + <cwe>522</cwe> + <xfid>85989</xfid> + <remediation> + <ref>fix_61640</ref> + </remediation> + <advisory> + <ref>GD_autocompleteInForm</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>GD_autocompleteInForm</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>authBypass</ref> + </security-risks> + <affected-products /> + </item> + <item id="bodyParamsInQuery" count="3" maxIssueSeverity="1"> + <name>Body Parameters Accepted in Query</name> + <cve /> + <cwe>200</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61757</ref> + </remediation> + <advisory> + <ref>bodyParamsInQuery</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>bodyParamsInQuery</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="attCachedSSL" count="17" maxIssueSeverity="1"> + <name>Cacheable SSL Page Found</name> + <cve /> + <cwe>525</cwe> + <xfid>52512</xfid> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attCachedSSL</ref> + </fix-recommendation> + <causes> + <ref>Cause_22</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="GD_CreditCardVisa" count="4" maxIssueSeverity="1"> + <name>Credit Card Number Pattern Found (Visa)</name> + <cve /> + <cwe>200</cwe> + <xfid>51894</xfid> + <remediation> + <ref>fix_59161</ref> + </remediation> + <advisory> + <ref>GD_CreditCardVisa</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>GD_CreditCardVisa</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attHttpsToHttp" count="1" maxIssueSeverity="1"> + <name>Encryption Not Enforced</name> + <cve /> + <cwe>311</cwe> + <xfid>52586</xfid> + <remediation> + <ref>fix_52721</ref> + </remediation> + <advisory> + <ref>attHttpsToHttp</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attHttpsToHttp</ref> + </fix-recommendation> + <causes> + <ref>Cause_23</ref> + <ref>Cause_24</ref> + </causes> + <security-risks> + <ref>sensitiveNotOverSSL</ref> + </security-risks> + <affected-products /> + </item> + <item id="attContentSecurityPolicy" count="1" maxIssueSeverity="1"> + <name>Missing "Content-Security-Policy" header</name> + <cve /> + <cwe>1032</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61770</ref> + </remediation> + <advisory> + <ref>attContentSecurityPolicy</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attContentSecurityPolicy</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="attRespCookieNotHttpOnlySessionCookie" count="1" maxIssueSeverity="1"> + <name>Missing HttpOnly Attribute in Session Cookie</name> + <cve /> + <cwe>653</cwe> + <xfid>85873</xfid> + <remediation> + <ref>fix_52741</ref> + </remediation> + <advisory> + <ref>attRespCookieNotHttpOnlySessionCookie</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attRespCookieNotHttpOnlySessionCookie</ref> + </fix-recommendation> + <causes> + <ref>Cause_25</ref> + </causes> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <affected-products /> + </item> + <item id="ContentTypeOptions" count="1" maxIssueSeverity="1"> + <name>Missing or insecure "X-Content-Type-Options" header</name> + <cve /> + <cwe>200</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61767</ref> + </remediation> + <advisory> + <ref>ContentTypeOptions</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>ContentTypeOptions</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="XFS" count="1" maxIssueSeverity="1"> + <name>Missing or insecure Cross-Frame Scripting Defence</name> + <cve /> + <cwe>1021</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61763</ref> + </remediation> + <advisory> + <ref>XFS</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>XFS</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="HSTS" count="1" maxIssueSeverity="1"> + <name>Missing or insecure HTTP Strict-Transport-Security Header</name> + <cve /> + <cwe>200</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61750</ref> + </remediation> + <advisory> + <ref>HSTS</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>HSTS</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="GETParamOverSSL" count="11" maxIssueSeverity="1"> + <name>Query Parameter in SSL Request</name> + <cve /> + <cwe>598</cwe> + <xfid>52845</xfid> + <remediation> + <ref>fix_52720</ref> + </remediation> + <advisory> + <ref>GETParamOverSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>GETParamOverSSL</ref> + </fix-recommendation> + <causes> + <ref>Cause_26</ref> + </causes> + <security-risks> + <ref>sensitiveNotOverSSL</ref> + </security-risks> + <affected-products /> + </item> + <item id="attUnnecessaryResponseHeaders" count="1" maxIssueSeverity="1"> + <name>Unnecessary Http Response Headers found in the Application</name> + <cve /> + <cwe>200</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_MA_attInformationLeakage</ref> + </remediation> + <advisory> + <ref>attUnnecessaryResponseHeaders</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attUnnecessaryResponseHeaders</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attUndefinedState" count="7" maxIssueSeverity="0"> + <name>Application Error</name> + <cve /> + <cwe>550</cwe> + <xfid>52502</xfid> + <remediation> + <ref>fix_50300</ref> + </remediation> + <advisory> + <ref>attUndefinedState</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attUndefinedState</ref> + </fix-recommendation> + <causes> + <ref>Cause_27</ref> + <ref>Cause_28</ref> + </causes> + <security-risks> + <ref>debugErrorInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="GD_EmailAddress" count="4" maxIssueSeverity="0"> + <name>Email Address Pattern Found</name> + <cve /> + <cwe>359</cwe> + <xfid>52584</xfid> + <remediation> + <ref>fix_60260</ref> + </remediation> + <advisory> + <ref>GD_EmailAddress</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>GD_EmailAddress</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attSensitiveInHtmlComments" count="4" maxIssueSeverity="0"> + <name>HTML Comments Sensitive Information Disclosure</name> + <cve /> + <cwe>615</cwe> + <xfid>52601</xfid> + <remediation> + <ref>fix_50750</ref> + </remediation> + <advisory> + <ref>attSensitiveInHtmlComments</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attSensitiveInHtmlComments</ref> + </fix-recommendation> + <causes> + <ref>Cause_29</ref> + <ref>Cause_30</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <affected-products /> + </item> + <item id="attReferrerPolicyHeaderExist" count="1" maxIssueSeverity="0"> + <name>Missing "Referrer policy" Security Header</name> + <cve /> + <cwe>200</cwe> + <xfid>0</xfid> + <remediation> + <ref>fix_61771</ref> + </remediation> + <advisory> + <ref>attReferrerPolicyHeaderExist</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>attReferrerPolicyHeaderExist</ref> + </fix-recommendation> + <causes> + <ref>Cause_20</ref> + </causes> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <affected-products /> + </item> + <item id="GD_PathDisclosure" count="1" maxIssueSeverity="0"> + <name>Possible Server Path Disclosure Pattern Found</name> + <cve /> + <cwe>200</cwe> + <xfid>52839</xfid> + <remediation> + <ref>fix_60510</ref> + </remediation> + <advisory> + <ref>GD_PathDisclosure</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <fix-recommendation> + <ref>GD_PathDisclosure</ref> + </fix-recommendation> + <causes> + <ref>Cause_31</ref> + </causes> + <security-risks> + <ref>pathDisclosure</ref> + </security-risks> + <affected-products /> + </item> + </issue-type-group> + <fix-recommendation-group> + <item id="attBlindSqlInjectionStrings"> + <general> + <fixRecommendation type="General"> + <text>There are several mitigation techniques:</text> + <text>[1] Strategy: Libraries or Frameworks</text> + <text>Use a vetted library or framework that does not allow this weakness or provides constructs that make it easier to avoid.</text> + <text /> + <text>[2] Strategy: Parameterization</text> + <text>If available, use structured mechanisms that automatically enforce separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this at every point where output is generated.</text> + <text /> + <text>[3] Strategy: Environment Hardening</text> + <text>Run your code using the lowest privileges that are required to accomplish the necessary tasks.</text> + <text /> + <text>[4] Strategy: Output Encoding</text> + <text>If you need to use dynamically-generated query strings or commands in spite of the risk, properly quote arguments, and escape any special characters within those arguments.</text> + <text /> + <text>[5] Strategy: Input Validation</text> + <text>Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on detecting for malicious or malformed inputs with a blacklist. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.</text> + <text>Here are two possible ways to protect your web application against SQL injection attacks:</text> + <text /> + <text>[1] Use a stored procedure rather than dynamically built SQL query string. The way parameters are passed to SQL Server stored procedures, prevents the use of apostrophes and hyphens.</text> + <text /> + <text>Here is a simple example of how to use stored procedures in ASP.NET:</text> + <text /> + <text> ' Visual Basic example + Dim DS As DataSet + Dim MyConnection As SqlConnection + Dim MyCommand As SqlDataAdapter + + Dim SelectCommand As String = "select * from users where username = @username" + ... + MyCommand.SelectCommand.Parameters.Add(New SqlParameter("@username", SqlDbType.NVarChar, 20)) + MyCommand.SelectCommand.Parameters("@username").Value = UserNameField.Value + + + // C# example + String selectCmd = "select * from Authors where state = @username"; + SqlConnection myConnection = new SqlConnection("server=..."); + SqlDataAdapter myCommand = new SqlDataAdapter(selectCmd, myConnection); + + myCommand.SelectCommand.Parameters.Add(new SqlParameter("@username", SqlDbType.NVarChar, 20)); + myCommand.SelectCommand.Parameters["@username"].Value = UserNameField.Value; +</text> + <text /> + <text>[2] You can add input validation to Web Forms pages by using validation controls. Validation controls provide an easy-to-use mechanism for all common types of standard validation - for example, testing for valid dates or values within a range - plus ways to provide custom-written validation. In addition, validation controls allow you to completely customize how error information is displayed to the user. Validation controls can be used with any controls that are processed in a Web Forms page's class file, including both HTML and Web server controls.</text> + <text /> + <text>In order to make sure user input contains only valid values, you can use one of the following validation controls:</text> + <text /> + <text>a. "RangeValidator": checks that a user's entry (value) is between specified lower and upper boundaries. You can check ranges within pairs of numbers, alphabetic characters, and dates.</text> + <text /> + <text>b. "RegularExpressionValidator": checks that the entry matches a pattern defined by a regular expression. This type of validation allows you to check for predictable sequences of characters, such as those in social security numbers, e-mail addresses, telephone numbers, postal codes, and so on.</text> + <text /> + <text>Important note: validation controls do not block user input or change the flow of page processing; they only set an error state, and produce error messages. It is the programmer's responsibility to test the state of the controls in the code before performing further application-specific actions.</text> + <text /> + <text>There are two ways to check for user input validity: </text> + <text /> + <text>1. Testing for a general error state: </text> + <text /> + <text>In your code, test the page's IsValid property. This property rolls up the values of the IsValid properties of all the validation controls on the page (using a logical AND). If one of the validation controls is set to invalid, the page's property will return false.</text> + <text /> + <text>2. Testing for the error state of individual controls:</text> + <text /> + <text>Loop through the page's Validators collection, which contains references to all the validation controls. You can then examine the IsValid property of each validation control.</text> + <text>** Prepared Statements:</text> + <text /> + <text>There are 3 possible ways to protect your application against SQL injection, i.e. malicious tampering of SQL parameters. Instead of dynamically building SQL statements, use:</text> + <text /> + <text>[1] PreparedStatement, which is precompiled and stored in a pool of PreparedStatement objects. PreparedStatement defines setters to register input parameters that are compatible with the supported JDBC SQL data types. For example, setString should be used for input parameters of type VARCHAR or LONGVARCHAR (refer to the Java API for further details). This way of setting input parameters prevents an attacker from manipulating the SQL statement through injection of bad characters, such as apostrophe.</text> + <text /> + <text>Example of how to use a PreparedStatement in J2EE:</text> + <text /> + <text> // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareStatement("select * from users where username = ?"); + myStatement.setString(1, userNameField); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } +</text> + <text /> + <text>[2] CallableStatement, which extends PreparedStatement to execute database SQL stored procedures. This class inherits input setters from PreparedStatement (see [1] above).</text> + <text /> + <text>The following example assumes that this database stored procedure has been created:</text> + <text /> + <text>CREATE PROCEDURE select_user (@username varchar(20))</text> + <text>AS SELECT * FROM USERS WHERE USERNAME = @username;</text> + <text /> + <text>Example of how to use a CallableStatement in J2EE to execute the above stored procedure:</text> + <text /> + <text> // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareCall("{?= call select_user ?,?}"); + myStatement.setString(1, userNameField); + myStatement.registerOutParameter(1, Types.VARCHAR); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } +</text> + <text /> + <text>[3] Entity Bean, which represents an EJB business object in a persistent storage mechanism. There are two types of entity beans: bean-managed and container-managed. With bean-managed persistence, the developer is responsible of writing the SQL code to access the database (refer to sections [1] and [2] above). With container-managed persistence, the EJB container automatically generates the SQL code. As a result, the container is responsible of preventing malicious attempts to tamper with the generated SQL code.</text> + <text /> + <text>Example of how to use an Entity Bean in J2EE:</text> + <text /> + <text> // J2EE EJB Example + try { + // lookup the User home interface + UserHome userHome = (UserHome)context.lookup(User.class); + // find the User remote interface + User = userHome.findByPrimaryKey(new UserKey(userNameField)); + ... + } catch (Exception e) { + ... + } +</text> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>N/A</text> + <text /> + <text>REFERENCES</text> + <link target="https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html">https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html</link> + <link target="https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html">https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html</link> + <text /> + <text /> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must be performed on the server-tier using Servlets. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement the above routine as static methods in a "Validator" utility class. The following sections describe an example validator class.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. </text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // Java example to validate required fields + public Class Validator { + ... + public static boolean validateRequired(String value) { + boolean isFieldValid = false; + if (value != null && value.trim().length() > 0) { + isFieldValid = true; + } + return isFieldValid; + } + ... + } + ... + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateRequired(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. Use the Java primitive wrapper classes to check if the field value can be safely converted to the desired primitive data type.</text> + <text /> + <text>Example of how to validate a numeric field (type int):</text> + <text /> + <text> // Java example to validate that a field is an int number + public Class Validator { + ... + public static boolean validateInt(String value) { + boolean isFieldValid = false; + try { + Integer.parseInt(value); + isFieldValid = true; + } catch (Exception e) { + isFieldValid = false; + } + return isFieldValid; + } + ... + } + ... + // check if the HTTP request parameter is of type int + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>A good practice is to convert all HTTP request parameters to their respective data types. For example, the developer should store the "integerValue" of a request parameter in a request attribute and use it as shown in the following example:</text> + <text /> + <text> // Example to convert the HTTP request parameter to a primitive wrapper data type + // and store this value in a request attribute for further processing + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // convert fieldValue to an Integer + Integer integerValue = Integer.getInteger(fieldValue); + // store integerValue in a request attribute + request.setAttribute("fieldName", integerValue); + } + ... + // Use the request attribute for further processing + Integer integerValue = (Integer)request.getAttribute("fieldName"); + ... +</text> + <text /> + <text>The primary Java data types that the application should handle:</text> + <text>- Byte</text> + <text>- Short</text> + <text>- Integer</text> + <text>- Long</text> + <text>- Float</text> + <text>- Double</text> + <text>- Date</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>Example to validate that the length of the userName field is between 8 and 20 characters:</text> + <text /> + <text> // Example to validate the field length + public Class Validator { + ... + public static boolean validateLength(String value, int minLength, int maxLength) { + String validatedValue = value; + if (!validateRequired(value)) { + validatedValue = ""; + } + return (validatedValue.length() >= minLength && + validatedValue.length() <= maxLength); + } + ... + } + ... + String userName = request.getParameter("userName"); + if (Validator.validateRequired(userName)) { + if (Validator.validateLength(userName, 8, 20)) { + // userName is valid, continue further processing + ... + } + } +</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>Example to validate that the input numberOfChoices is between 10 and 20:</text> + <text /> + <text> // Example to validate the field range + public Class Validator { + ... + public static boolean validateRange(int value, int min, int max) { + return (value >= min && value <= max); + } + ... + } + ... + String fieldValue = request.getParameter("numberOfChoices"); + if (Validator.validateRequired(fieldValue)) { + if (Validator.validateInt(fieldValue)) { + int numberOfChoices = Integer.parseInt(fieldValue); + if (Validator.validateRange(numberOfChoices, 10, 20)) { + // numberOfChoices is valid, continue processing request + ... + } + } + } +</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>Example to validate the user selection against a list of allowed options:</text> + <text /> + <text> // Example to validate user selection against a list of options + public Class Validator { + ... + public static boolean validateOption(Object[] options, Object value) { + boolean isValidValue = false; + try { + List list = Arrays.asList(options); + if (list != null) { + isValidValue = list.contains(value); + } + } catch (Exception e) { + } + return isValidValue; + } + ... + } + ... + // Allowed options + String[] options = {"option1", "option2", "option3"); + // Verify that the user selection is one of the allowed options + String userSelection = request.getParameter("userSelection"); + if (Validator.validateOption(options, userSelection)) { + // valid user selection, continue processing request + ... + } +</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that the user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]*$</text> + <text /> + <text>Java 1.3 or earlier versions do not include any regular expression packages. Apache Regular Expression Package (see Resources below) is recommended for use with Java 1.3 to resolve this lack of support. Example to perform regular expression validation:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Apache regular expression package + import org.apache.regexp.RE; + import org.apache.regexp.RESyntaxException; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + RE r = new RE(expression); + match = r.match(value); + } + return match; + } + ... + } + ... + // Verify that the userName request parameter is alpha-numeric + String userName = request.getParameter("userName"); + if (Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + // userName is valid, continue processing request + ... + } +</text> + <text /> + <text>Java 1.4 introduced a new regular expression package (java.util.regex). Here is a modified version of Validator.matchPattern using the new Java 1.4 regular expression package:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Java 1.4 regular expression package + import java.util.regex.Pattern; + import java.util.regexe.Matcher; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + match = Pattern.matches(expression, value); + } + return match; + } + ... + } +</text> + <text /> + <text>[7] Cookie value</text> + <text>Use the javax.servlet.http.Cookie object to validate the cookie value. The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>Example to validate a required cookie value:</text> + <text /> + <text> // Example to validate a required cookie value + // First retrieve all available cookies submitted in the HTTP request + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + // find the "user" cookie + for (int i=0; i<cookies.length; ++i) { + if (cookies[i].getName().equals("user")) { + // validate the cookie value + if (Validator.validateRequired(cookies[i].getValue()) { + // valid cookie value, continue processing request + ... + } + } + } + } +</text> + <text /> + <text>[8] HTTP Response</text> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>Example to filter a specified string by converting sensitive characters to their corresponding character entities:</text> + <text /> + <text> // Example to filter sensitive data to prevent cross-site scripting + public Class Validator { + ... + public static String filter(String value) { + if (value == null) { + return null; + } + StringBuffer result = new StringBuffer(value.length()); + for (int i=0; i<value.length(); ++i) { + switch (value.charAt(i)) { + case '<': + result.append("<"); + break; + case '>': + result.append(">"); + break; + case '"': + result.append("""); + break; + case '\'': + result.append("'"); + break; + case '%': + result.append("%"); + break; + case ';': + result.append(";"); + break; + case '(': + result.append("("); + break; + case ')': + result.append(")"); + break; + case '&': + result.append("&"); + break; + case '+': + result.append("+"); + break; + default: + result.append(value.charAt(i)); + break; + } + return result; + } + ... + } + ... + // Filter the HTTP response using Validator.filter + PrintWriter out = response.getWriter(); + // set output response + out.write(Validator.filter(response)); + out.close(); +</text> + <text /> + <text>The Java Servlet API 2.3 introduced Filters, which supports the interception and transformation of HTTP requests or responses.</text> + <text /> + <text>Example of using a Servlet Filter to sanitize the response using Validator.filter:</text> + <text /> + <text> // Example to filter all sensitive characters in the HTTP response using a Java Filter. + // This example is for illustration purposes since it will filter all content in the response, including HTML tags! + public class SensitiveCharsFilter implements Filter { + ... + public void doFilter(ServletRequest request, + ServletResponse response, + FilterChain chain) + throws IOException, ServletException { + + PrintWriter out = response.getWriter(); + ResponseWrapper wrapper = new ResponseWrapper((HttpServletResponse)response); + chain.doFilter(request, wrapper); + + CharArrayWriter caw = new CharArrayWriter(); + caw.write(Validator.filter(wrapper.toString())); + + response.setContentType("text/html"); + response.setContentLength(caw.toString().length()); + out.write(caw.toString()); + out.close(); + } + ... + public class CharResponseWrapper extends HttpServletResponseWrapper { + private CharArrayWriter output; + + public String toString() { + return output.toString(); + } + + public CharResponseWrapper(HttpServletResponse response){ + super(response); + output = new CharArrayWriter(); + } + + public PrintWriter getWriter(){ + return new PrintWriter(output); + } + } + } + + } +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text>When storing sensitive data in a cookie, make sure to set the secure flag of the cookie in the HTTP response, using Cookie.setSecure(boolean flag) to instruct the browser to send the cookie using a secure protocol, such as HTTPS or SSL.</text> + <text /> + <text>Example to secure the "user" cookie:</text> + <text /> + <text> // Example to secure a cookie, i.e. instruct the browser to + // send the cookie using a secure protocol + Cookie cookie = new Cookie("user", "sensitive"); + cookie.setSecure(true); + response.addCookie(cookie); +</text> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a powerful framework that implements all the above data validation requirements. These rules are configured in an XML file that defines input validation rules for form fields. Struts supports output filtering of dangerous characters in the [8] HTTP Response by default on all data written using the Struts 'bean:write' tag. This filtering may be disabled by setting the 'filter=false' flag.</text> + <text /> + <text>Struts defines the following basic input validators, but custom validators may also be defined:</text> + <text>required: succeeds if the field contains any characters other than white space.</text> + <text>mask: succeeds if the value matches the regular expression given by the mask attribute.</text> + <text>range: succeeds if the value is within the values given by the min and max attributes ((value >= min) & (value <= max)).</text> + <text>maxLength: succeeds if the field is length is less than or equal to the max attribute.</text> + <text>minLength: succeeds if the field is length is greater than or equal to the min attribute.</text> + <text>byte, short, integer, long, float, double: succeeds if the value can be converted to the corresponding primitive.</text> + <text>date: succeeds if the value represents a valid date. A date pattern may be provided.</text> + <text>creditCard: succeeds if the value could be a valid credit card number.</text> + <text>e-mail: succeeds if the value could be a valid e-mail address.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events and input validation.</text> + <text /> + <text>The JavaServer Faces API implements the following basic validators, but custom validators may be defined:</text> + <text>validate_doublerange: registers a DoubleRangeValidator on a component</text> + <text>validate_length: registers a LengthValidator on a component</text> + <text>validate_longrange: registers a LongRangeValidator on a component</text> + <text>validate_required: registers a RequiredValidator on a component</text> + <text>validate_stringrange: registers a StringRangeValidator on a component</text> + <text>validator: registers a custom Validator on a component</text> + <text /> + <text>The JavaServer Faces API defines the following UIInput and UIOutput Renderers (Tags):</text> + <text>input_date: accepts a java.util.Date formatted with a java.text.Date instance</text> + <text>output_date: displays a java.util.Date formatted with a java.text.Date instance</text> + <text>input_datetime: accepts a java.util.Date formatted with a java.text.DateTime instance</text> + <text>output_datetime: displays a java.util.Date formatted with a java.text.DateTime instance</text> + <text>input_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>output_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>input_text: accepts a text string of one line.</text> + <text>output_text: displays a text string of one line.</text> + <text>input_time: accepts a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>output_time: displays a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>input_hidden: allows a page author to include a hidden variable in a page</text> + <text>input_secret: accepts one line of text with no spaces and displays it as a set of asterisks as it is typed</text> + <text>input_textarea: accepts multiple lines of text</text> + <text>output_errors: displays error messages for an entire page or error messages associated with a specified client identifier</text> + <text>output_label: displays a nested component as a label for a specified input field</text> + <text>output_message: displays a localized message</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text /> + <text>** Error Handling:</text> + <text /> + <text>Many J2EE web application architectures follow the Model View Controller (MVC) pattern. In this pattern a Servlet acts as a Controller. A Servlet delegates the application processing to a JavaBean such as an EJB Session Bean (the Model). The Servlet then forwards the request to a JSP (View) to render the processing results. Servlets should check all input, output, return codes, error codes and known exceptions to ensure that the expected processing actually occurred.</text> + <text /> + <text>While data validation protects applications against malicious data tampering, a sound error handling strategy is necessary to prevent the application from inadvertently disclosing internal error messages such as exception stack traces. A good error handling strategy addresses the following items:</text> + <text /> + <text>[1] Defining Errors</text> + <text>[2] Reporting Errors</text> + <text>[3] Rendering Errors</text> + <text>[4] Error Mapping</text> + <text /> + <text>[1] Defining Errors</text> + <text>Hard-coded error messages in the application layer (e.g. Servlets) should be avoided. Instead, the application should use error keys that map to known application failures. A good practice is to define error keys that map to validation rules for HTML form fields or other bean properties. For example, if the "user_name" field is required, is alphanumeric, and must be unique in the database, then the following error keys should be defined:</text> + <text /> + <text>(a) ERROR_USERNAME_REQUIRED: this error key is used to display a message notifying the user that the "user_name" field is required;</text> + <text>(b) ERROR_USERNAME_ALPHANUMERIC: this error key is used to display a message notifying the user that the "user_name" field should be alphanumeric;</text> + <text>(c) ERROR_USERNAME_DUPLICATE: this error key is used to display a message notifying the user that the "user_name" value is a duplicate in the database;</text> + <text>(d) ERROR_USERNAME_INVALID: this error key is used to display a generic message notifying the user that the "user_name" value is invalid;</text> + <text /> + <text>A good practice is to define the following framework Java classes which are used to store and report application errors:</text> + <text /> + <text>- ErrorKeys: defines all error keys</text> + <text /> + <text> // Example: ErrorKeys defining the following error keys: + // - ERROR_USERNAME_REQUIRED + // - ERROR_USERNAME_ALPHANUMERIC + // - ERROR_USERNAME_DUPLICATE + // - ERROR_USERNAME_INVALID + // ... + public Class ErrorKeys { + public static final String ERROR_USERNAME_REQUIRED = "error.username.required"; + public static final String ERROR_USERNAME_ALPHANUMERIC = "error.username.alphanumeric"; + public static final String ERROR_USERNAME_DUPLICATE = "error.username.duplicate"; + public static final String ERROR_USERNAME_INVALID = "error.username.invalid"; + ... + } +</text> + <text>- Error: encapsulates an individual error</text> + <text /> + <text> // Example: Error encapsulates an error key. + // Error is serializable to support code executing in multiple JVMs. + public Class Error implements Serializable { + + // Constructor given a specified error key + public Error(String key) { + this(key, null); + } + + // Constructor given a specified error key and array of placeholder objects + public Error(String key, Object[] values) { + this.key = key; + this.values = values; + } + + // Returns the error key + public String getKey() { + return this.key; + } + + // Returns the placeholder values + public Object[] getValues() { + return this.values; + } + + private String key = null; + private Object[] values = null; + } +</text> + <text /> + <text>- Errors: encapsulates a Collection of errors</text> + <text /> + <text> // Example: Errors encapsulates the Error objects being reported to the presentation layer. + // Errors are stored in a HashMap where the key is the bean property name and value is an + // ArrayList of Error objects. + public Class Errors implements Serializable { + + // Adds an Error object to the Collection of errors for the specified bean property. + public void addError(String property, Error error) { + ArrayList propertyErrors = (ArrayList)errors.get(property); + if (propertyErrors == null) { + propertyErrors = new ArrayList(); + errors.put(property, propertyErrors); + } + propertyErrors.put(error); + } + + // Returns true if there are any errors + public boolean hasErrors() { + return (errors.size > 0); + } + + // Returns the Errors for the specified property + public ArrayList getErrors(String property) { + return (ArrayList)errors.get(property); + } + + private HashMap errors = new HashMap(); + } +</text> + <text /> + <text>Using the above framework classes, here is an example to process validation errors of the "user_name" field:</text> + <text /> + <text> // Example to process validation errors of the "user_name" field. + Errors errors = new Errors(); + String userName = request.getParameter("user_name"); + // (a) Required validation rule + if (!Validator.validateRequired(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_REQUIRED)); + } // (b) Alpha-numeric validation rule + else if (!Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_ALPHANUMERIC)); + } + else + { + // (c) Duplicate check validation rule + // We assume that there is an existing UserValidationEJB session bean that implements + // a checkIfDuplicate() method to verify if the user already exists in the database. + try { + ... + if (UserValidationEJB.checkIfDuplicate(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE)); + } + } catch (RemoteException e) { + // log the error + logger.error("Could not validate user for specified userName: " + userName); + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE); + } + } + // set the errors object in a request attribute called "errors" + request.setAttribute("errors", errors); + ... +</text> + <text /> + <text>[2] Reporting Errors</text> + <text>There are two ways to report web-tier application errors:</text> + <text>(a) Servlet Error Mechanism</text> + <text>(b) JSP Error Mechanism</text> + <text /> + <text>[2-a] Servlet Error Mechanism</text> + <text>A Servlet may report errors by:</text> + <text>- forwarding to the input JSP (having already stored the errors in a request attribute), OR</text> + <text>- calling response.sendError with an HTTP error code argument, OR</text> + <text>- throwing an exception</text> + <text /> + <text>It is good practice to process all known application errors (as described in section [1]), store them in a request attribute, and forward to the input JSP. The input JSP should display the error messages and prompt the user to re-enter the data. The following example illustrates how to forward to an input JSP (userInput.jsp):</text> + <text /> + <text> // Example to forward to the userInput.jsp following user validation errors + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd != null) { + rd.forward(request, response); + } +</text> + <text /> + <text>If the Servlet cannot forward to a known JSP page, the second option is to report an error using the response.sendError method with HttpServletResponse.SC_INTERNAL_SERVER_ERROR (status code 500) as argument. Refer to the javadoc of javax.servlet.http.HttpServletResponse for more details on the various HTTP status codes. Example to return a HTTP error:</text> + <text /> + <text> // Example to return a HTTP error code + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd == null) { + // messages is a resource bundle with all message keys and values + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + messages.getMessage(ErrorKeys.ERROR_USERNAME_INVALID)); + } +</text> + <text /> + <text>As a last resort, Servlets can throw an exception, which must be a subclass of one of the following classes:</text> + <text>- RuntimeException</text> + <text>- ServletException</text> + <text>- IOException</text> + <text /> + <text>[2-b] JSP Error Mechanism</text> + <text>JSP pages provide a mechanism to handle runtime exceptions by defining an errorPage directive as shown in the following example:</text> + <text /> + <text> <%@ page errorPage="/errors/userValidation.jsp" %> +</text> + <text /> + <text>Uncaught JSP exceptions are forwarded to the specified errorPage, and the original exception is set in a request parameter called javax.servlet.jsp.jspException. The error page must include a isErrorPage directive as shown below:</text> + <text /> + <text> <%@ page isErrorPage="true" %> +</text> + <text /> + <text>The isErrorPage directive causes the "exception" variable to be initialized to the exception object being thrown.</text> + <text /> + <text>[3] Rendering Errors</text> + <text>The J2SE Internationalization APIs provide utility classes for externalizing application resources and formatting messages including:</text> + <text /> + <text>(a) Resource Bundles</text> + <text>(b) Message Formatting</text> + <text /> + <text>[3-a] Resource Bundles</text> + <text>Resource bundles support internationalization by separating localized data from the source code that uses it. Each resource bundle stores a map of key/value pairs for a specific locale.</text> + <text /> + <text>It is common to use or extend java.util.PropertyResourceBundle, which stores the content in an external properties file as shown in the following example:</text> + <text /> + <text> ################################################ + # ErrorMessages.properties + ################################################ + # required user name error message + error.username.required=User name field is required + + # invalid user name format + error.username.alphanumeric=User name must be alphanumeric + + # duplicate user name error message + error.username.duplicate=User name {0} already exists, please choose another one + + ... +</text> + <text /> + <text>Multiple resources can be defined to support different locales (hence the name resource bundle). For example, ErrorMessages_fr.properties can be defined to support the French member of the bundle family. If the resource member of the requested locale does not exist, the default member is used. In the above example, the default resource is ErrorMessages.properties. Depending on the user's locale, the application (JSP or Servlet) retrieves content from the appropriate resource.</text> + <text /> + <text>[3-b] Message Formatting</text> + <text>The J2SE standard class java.util.MessageFormat provides a generic way to create messages with replacement placeholders. A MessageFormat object contains a pattern string with embedded format specifiers as shown below:</text> + <text /> + <text> // Example to show how to format a message using placeholder parameters + String pattern = "User name {0} already exists, please choose another one"; + String userName = request.getParameter("user_name"); + Object[] args = new Object[1]; + args[0] = userName; + String message = MessageFormat.format(pattern, args); +</text> + <text /> + <text>Here is a more comprehensive example to render error messages using ResourceBundle and MessageFormat:</text> + <text /> + <text> // Example to render an error message from a localized ErrorMessages resource (properties file) + // Utility class to retrieve locale-specific error messages + public Class ErrorMessageResource { + + // Returns the error message for the specified error key in the environment locale + public String getErrorMessage(String errorKey) { + return getErrorMessage(errorKey, defaultLocale); + } + + // Returns the error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Locale locale) { + return getErrorMessage(errorKey, null, locale); + } + + // Returns a formatted error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Object[] args, Locale locale) { + // Get localized ErrorMessageResource + ResourceBundle errorMessageResource = ResourceBundle.getBundle("ErrorMessages", locale); + // Get localized error message + String errorMessage = errorMessageResource.getString(errorKey); + if (args != null) { + // Format the message using the specified placeholders args + return MessageFormat.format(errorMessage, args); + } else { + return errorMessage; + } + } + + // default environment locale + private Locale defaultLocale = Locale.getDefaultLocale(); + } + ... + // Get the user's locale + Locale userLocale = request.getLocale(); + // Check if there were any validation errors + Errors errors = (Errors)request.getAttribute("errors"); + if (errors != null && errors.hasErrors()) { + // iterate through errors and output error messages corresponding to the "user_name" property + ArrayList userNameErrors = errors.getErrors("user_name"); + ListIterator iterator = userNameErrors.iterator(); + while (iterator.hasNext()) { + // Get the next error object + Error error = (Error)iterator.next(); + String errorMessage = ErrorMessageResource.getErrorMessage(error.getKey(), userLocale); + output.write(errorMessage + "\r\n"); + } + } +</text> + <text /> + <text>It is recommended to define a custom JSP tag, e.g. displayErrors, to iterate through and render error messages as shown in the above example.</text> + <text /> + <text>[4] Error Mapping</text> + <text>Normally, the Servlet Container will return a default error page corresponding to either the response status code or the exception. A mapping between the status code or the exception and a web resource may be specified using custom error pages. It is a good practice to develop static error pages that do not disclose internal error states (by default, most Servlet containers will report internal error messages). This mapping is configured in the Web Deployment Descriptor (web.xml) as specified in the following example:</text> + <text /> + <text> <!-- Mapping of HTTP error codes and application exceptions to error pages --> + <error-page> + <exception-type>UserValidationException</exception-type> + <location>/errors/validationError.html</error-page> + </error-page> + <error-page> + <error-code>500</exception-type> + <location>/errors/internalError.html</error-page> + </error-page> + <error-page> + ... + </error-page> + ... +</text> + <text /> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a Java framework that defines the error handling mechanism as described above. Validation rules are configured in an XML file that defines input validation rules for form fields and the corresponding validation error keys. Struts provides internationalization support to build localized applications using resource bundles and message formatting.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>The Struts JSP tag library defines the "errors" tag that conditionally displays a set of accumulated error messages as shown in the following example:</text> + <text /> + <text> <%@ page language="java" %> + <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> + <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> + <html:html> + <head> + <body> + <html:form action="/logon.do"> + <table border="0" width="100%"> + <tr> + <th align="right"> + <html:errors property="username"/> + <bean:message key="prompt.username"/> + </th> + <td align="left"> + <html:text property="username" size="16"/> + </td> + </tr> + <tr> + <td align="right"> + <html:submit><bean:message key="button.submit"/></html:submit> + </td> + <td align="right"> + <html:reset><bean:message key="button.reset"/></html:reset> + </td> + </tr> + </table> + </html:form> + </body> + </html:html> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events, validate input, and support internationalization.</text> + <text /> + <text>The JavaServer Faces API defines the "output_errors" UIOutput Renderer, which displays error messages for an entire page or error messages associated with a specified client identifier.</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text>** Filter User Input</text> + <text /> + <text>Before passing any data to a SQL query, it should always be properly filtered with whitelisting techniques. This cannot be over-emphasized. Filtering user input will correct many injection flaws before they arrive at the database.</text> + <text /> + <text>** Quote User Input</text> + <text /> + <text>Regardless of data type, it is always a good idea to place single quotes around all user data if this is permitted by the database. MySQL allows this formatting technique.</text> + <text /> + <text>** Escape the Data Values</text> + <text /> + <text>If you're using MySQL 4.3.0 or newer, you should escape all strings with mysql_real_escape_string(). If you are using an older version of MySQL, you should use the mysql_escape_string() function. If you are not using MySQL, you might choose to use the specific escaping function for your particular database. If you are not aware of an escaping function, you might choose to utilize a more generic escaping function such as addslashes().</text> + <text /> + <text>If you're using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder.</text> + <text /> + <text>REFERENCES</text> + <link target="http://ca3.php.net/mysql_real_escape_string">http://ca3.php.net/mysql_real_escape_string</link> + <link target="http://ca.php.net/mysql_escape_string">http://ca.php.net/mysql_escape_string</link> + <link target="http://ca.php.net/addslashes">http://ca.php.net/addslashes</link> + <link target="http://pear.php.net/package-info.php?package=DB">http://pear.php.net/package-info.php?package=DB</link> + <text /> + <text /> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must always be performed on the server-tier. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement a function or functions that validates each application parameter. The following sections describe some example checking.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces.</text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // PHP example to validate required fields + function validateRequired($input) { + ... + $pass = false; + if (strlen(trim($input))>0){ + $pass = true; + } + return $pass; + ... + } + ... + if (validateRequired($fieldName)) { + // fieldName is valid, continue processing request + ... + } +</text> + <text /> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type.</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]+$</text> + <text /> + <text>[7] Cookie value</text> + <text>The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>[8] HTTP Response</text> + <text /> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, the developer should sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>PHP includes some automatic sanitization utility functions, such as htmlentities():</text> + <text /> + <text> $input = htmlentities($input, ENT_QUOTES, 'UTF-8'); +</text> + <text /> + <text>In addition, in order to avoid UTF-7 variants of Cross-site Scripting, you should explicitly define the Content-Type header of the response, for example:</text> + <text /> + <text> <?php + + header('Content-Type: text/html; charset=UTF-8'); + + ?> +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text /> + <text>When storing sensitive data in a cookie and transporting it over SSL, make sure that you first set the secure flag of the cookie in the HTTP response. This will instruct the browser to only use that cookie over SSL connections.</text> + <text /> + <text>You can use the following code example, for securing the cookie:</text> + <text /> + <text> <$php + + $value = "some_value"; + $time = time()+3600; + $path = "/application/"; + $domain = ".example.com"; + $secure = 1; + + setcookie("CookieName", $value, $time, $path, $domain, $secure, TRUE); + ?> + +</text> + <text /> + <text>In addition, we recommend that you use the HttpOnly flag. When the HttpOnly flag is set to TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).</text> + <text /> + <text>The HttpOnly flag was Added in PHP 5.2.0.</text> + <text /> + <text>REFERENCES</text> + <text /> + <text>[1] Mitigating Cross-site Scripting With HTTP-only Cookies: </text> + <link target="http://msdn2.microsoft.com/en-us/library/ms533046.aspx">http://msdn2.microsoft.com/en-us/library/ms533046.aspx</link> + <text>[2] PHP Security Consortium: </text> + <link target="http://phpsec.org/">http://phpsec.org/</link> + <text>[3] PHP & Web Application Security Blog (Chris Shiflett): </text> + <link target="http://shiflett.org/">http://shiflett.org/</link> + </fixRecommendation> + </general> + </item> + <item id="attSqlInjectionChecks"> + <general> + <fixRecommendation type="General"> + <text>Use stored procedures with parameters to prevent injection of SQL commands in data, or at least parameterized database calls that do not allow the injection of code. Do not include any dynamic SQL execution in the stored procedures.</text> + <text>An even better solution is to use an ORM (object-relational mapping) framework such as Hibernate or EntityFramework, if you have one available on your platform.</text> + <text>Ensure that all user input is validated and filtered on the server side, not just to disallow bad characters such as a single quote ( ' ) and double quotes ("), but rather to only allow safe characters. Narrowly define the set of safe characters based on the expected value of the parameter in the request.</text> + <text>Use escaping functions on all user input.</text> + <text>Configure the application identity for the least database privileges that are required to accomplish the necessary tasks. Harden the database server to disable any unneeded functionality, such as shell commands.</text> + </fixRecommendation> + </general> + </item> + <item id="attIntegerOverflow"> + <general> + <fixRecommendation type="General"> + <text>Validate all inputs are within an expected range and the sign before relying on their values or using them in arithmetic calculations.</text> + <text>Be sure to check both upper bounds and lower bounds, including negative lower bounds for signed integers (integer overflow is also possible with very large negative numbers).</text> + <text>Use unsigned integers where possible.</text> + <text>Consider using a safe integer-handling library (such as C/C++ SafeInt or IntegerLib).</text> + <text>Consider enabling compiler extensions that prevent some classes of buffer overflows.</text> + </fixRecommendation> + </general> + </item> + <item id="attRedirectInURL"> + <general> + <fixRecommendation type="General"> + <text>Avoid redirecting requests based on untrusted data if possible.</text> + <text>If relying on user input cannot be avoided, the URL should first be validated before redirection. Data that a user can modify must be treated as untrusted data.</text> + <text>A unique token, linked to the current user session, should be sent along with the redirect field value. This unique token should then be verified by the server before the actual redirect takes place. This ensures that attackers would have a harder time using the redirect field to propagate their malicious activities, since they cannot guess the user's session token.</text> + <text>Sanitize input by comparing to a predefined list of trusted URLs, based on an allow-list.</text> + <text>Force all redirects to first go through a page notifying users that they are about to leave your site, with the destination clearly displayed, and have them click a link to confirm.</text> + </fixRecommendation> + </general> + </item> + <item id="attCrossSiteScripting"> + <general> + <fixRecommendation type="General"> + <text>Fully encode all dynamic data from an untrusted source that is inserted into the webpage, to ensure it is treated as literal text and not as a script that could be executed or markup that could be rendered.</text> + <text>Consider the context in which your data will be used, and contextually encode the data as close as possible to the actual output: e.g. HTML encoding for HTML content; HTML Attribute encoding for data output to attribute values; JavaScript encoding for dynamically generated JavaScript. For example, when HTML encoding non-alphanumeric characters into HTML entities, `<` and `>` would become `&lt;` and `&gt;`.</text> + <text>As an extra defensive measure, validate all external input on the server, regardless of source. Carefully check each input parameter against a rigorous positive specification (allowlist) defining data type; size; range; format; and acceptable values. Regular expressions or framework controls may be useful in some cases, though this is not a replacement for output encoding.</text> + <text>Output encoding and data validation must be done on all untrusted data, wherever it comes from: e.g. form fields, URL parameters, web service arguments, cookies, any data from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files and filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.</text> + <text>For every web page that is returned by the server, explicitly set the `Content-Type` HTTP response header. This header value should define a specific character encoding (charset), such as `ISO-8859-1` or `UTF-8`. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page, which would allow a potential attacker to bypass XSS protections.</text> + <text>Additionally, set the `httpOnly` flag on the session cookie, to prevent any XSS exploits from stealing a user's cookie.</text> + <text>Prefer using a framework or standard library that prevents this vulnerability by automatically encoding all dynamic output based on context, or at least that provides constructs that make it easier to avoid.</text> + <text>For every web page that is returned by the server, explicitly set the `Content-Security-Policy` HTTP response header, In order to make it significantly more difficult for the attacker to actually exploit the XSS attack.</text> + </fixRecommendation> + </general> + </item> + <item id="attSameSiteCookie"> + <general> + <fixRecommendation type="General"> + <text>[1] Review possible solutions for configuring SameSite Cookie attribute to recommended values.</text> + <text>[2] Restrict Cookies to a first-party or same-site context.</text> + <text>[3] Verify and set the SameSite attribute of your cookie to Strict, to ensure that the cookie will only be sent in a first-party context.</text> + <text>[4] Or, if you want to relax the restrictions of first-party context, then verify and set the SameSite attribute of the cookie to Lax with Secure Flag enabled and transferred over HTTPS.</text> + </fixRecommendation> + </general> + </item> + <item id="attCrossSiteRequestForgery"> + <general> + <fixRecommendation type="General"> + <text>Set all session and authentication cookies to include the `SameSite` attribute, setting it to `Strict` or `Lax`. When setting this attribute to `Lax` ensure that no sensitive action can be performed via a `GET` request, as per the HTTP standard.</text> + <text>Use built-in CSRF protection provided by the platform or framework, and ensure to activate it appropriately whether in configuration or code.</text> + <text>If your platform does not provide a built-in anti-CSRF mechanism, consider integrating a well-vetted library to implement the protection, such as OWASP CSRFGuard.</text> + <text>Avoid building a custom anti-CSRF implementation, as this can be complicated to achieve correctly without allowing trivial bypass. If you absolutely must do so due to lack of standard library support, you should generate a secure, random and non-predictable token (e.g. GUID v4) on the server and embed it in each HTML form, while binding it to the user's session. Upon receiving the submitted form, verify that the included form token matches the token previously bound to the user. It is also feasible to embed the CSRF token in a designated cookie ('double-submitted cookie'), or even better use a custom request header - when the server receives these together with the submitted form token, it is simple to validate that they match (instead of storing in the user's session).</text> + <text>An alternative approach would be to require user reauthentication for specific actions, to ensure the user's active confirmation. Note that this would substantially impact user experience, so this should be used sparingly and only for especially sensitive actions.</text> + <text>Verify the source of the request by validating the `Origin` header if present, or at least the `Referer` header. Discard sensitive requests that originate from a different site.</text> + </fixRecommendation> + </general> + </item> + <item id="GV_SQLErr"> + <general> + <fixRecommendation type="General"> + <text>There are several mitigation techniques:</text> + <text>[1] Strategy: Libraries or Frameworks</text> + <text>Use a vetted library or framework that does not allow this weakness to occur, or provides constructs that make it easier to avoid.</text> + <text /> + <text>[2] Strategy: Parameterization</text> + <text>If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.</text> + <text /> + <text>[3] Strategy: Environment Hardening</text> + <text>Run your code using the lowest privileges that are required to accomplish the necessary tasks.</text> + <text /> + <text>[4] Strategy: Output Encoding</text> + <text>If you need to use dynamically-generated query strings or commands in spite of the risk, properly quote arguments and escape any special characters within those arguments.</text> + <text /> + <text>[5] Strategy: Input Validation</text> + <text>Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on blacklisting malicious or malformed inputs. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.</text> + <text>Here are two possible ways to protect your web application against SQL injection attacks:</text> + <text /> + <text>[1] Use a stored procedure rather than dynamically built SQL query string. The way parameters are passed to SQL Server stored procedures, prevents the use of apostrophes and hyphens.</text> + <text /> + <text>Here is a simple example of how to use stored procedures in ASP.NET:</text> + <text /> + <text> ' Visual Basic example + Dim DS As DataSet + Dim MyConnection As SqlConnection + Dim MyCommand As SqlDataAdapter + + Dim SelectCommand As String = "select * from users where username = @username" + ... + MyCommand.SelectCommand.Parameters.Add(New SqlParameter("@username", SqlDbType.NVarChar, 20)) + MyCommand.SelectCommand.Parameters("@username").Value = UserNameField.Value + + + // C# example + String selectCmd = "select * from Authors where state = @username"; + SqlConnection myConnection = new SqlConnection("server=..."); + SqlDataAdapter myCommand = new SqlDataAdapter(selectCmd, myConnection); + + myCommand.SelectCommand.Parameters.Add(new SqlParameter("@username", SqlDbType.NVarChar, 20)); + myCommand.SelectCommand.Parameters["@username"].Value = UserNameField.Value; +</text> + <text /> + <text>[2] You can add input validation to Web Forms pages by using validation controls. Validation controls provide an easy-to-use mechanism for all common types of standard validation - for example, testing for valid dates or values within a range - plus ways to provide custom-written validation. In addition, validation controls allow you to completely customize how error information is displayed to the user. Validation controls can be used with any controls that are processed in a Web Forms page's class file, including both HTML and Web server controls.</text> + <text /> + <text>In order to make sure user input contains only valid values, you can use one of the following validation controls:</text> + <text /> + <text>a. "RangeValidator": checks that a user's entry (value) is between specified lower and upper boundaries. You can check ranges within pairs of numbers, alphabetic characters, and dates.</text> + <text /> + <text>b. "RegularExpressionValidator": checks that the entry matches a pattern defined by a regular expression. This type of validation allows you to check for predictable sequences of characters, such as those in social security numbers, e-mail addresses, telephone numbers, postal codes, and so on.</text> + <text /> + <text>Important note: validation controls do not block user input or change the flow of page processing; they only set an error state, and produce error messages. It is the programmer's responsibility to test the state of the controls in the code before performing further application-specific actions.</text> + <text /> + <text>There are two ways to check for user input validity: </text> + <text /> + <text>1. Testing for a general error state: </text> + <text /> + <text>In your code, test the page's IsValid property. This property rolls up the values of the IsValid properties of all the validation controls on the page (using a logical AND). If one of the validation controls is set to invalid, the page's property will return false.</text> + <text /> + <text>2. Testing for the error state of individual controls:</text> + <text /> + <text>Loop through the page's Validators collection, which contains references to all the validation controls. You can then examine the IsValid property of each validation control.</text> + <text>** Prepared Statements:</text> + <text /> + <text>There are 3 possible ways to protect your application against SQL injection, i.e. malicious tampering of SQL parameters. Instead of dynamically building SQL statements, use:</text> + <text /> + <text>[1] PreparedStatement, which is precompiled and stored in a pool of PreparedStatement objects. PreparedStatement defines setters to register input parameters that are compatible with the supported JDBC SQL data types. For example, setString should be used for input parameters of type VARCHAR or LONGVARCHAR (refer to the Java API for further details). This way of setting input parameters prevents an attacker from manipulating the SQL statement through injection of bad characters, such as apostrophe.</text> + <text /> + <text>Example of how to use a PreparedStatement in J2EE:</text> + <text /> + <text> // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareStatement("select * from users where username = ?"); + myStatement.setString(1, userNameField); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } +</text> + <text /> + <text>[2] CallableStatement, which extends PreparedStatement to execute database SQL stored procedures. This class inherits input setters from PreparedStatement (see [1] above).</text> + <text /> + <text>The following example assumes that this database stored procedure has been created:</text> + <text /> + <text>CREATE PROCEDURE select_user (@username varchar(20))</text> + <text>AS SELECT * FROM USERS WHERE USERNAME = @username;</text> + <text /> + <text>Example of how to use a CallableStatement in J2EE to execute the above stored procedure:</text> + <text /> + <text> // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareCall("{?= call select_user ?,?}"); + myStatement.setString(1, userNameField); + myStatement.registerOutParameter(1, Types.VARCHAR); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } +</text> + <text /> + <text>[3] Entity Bean, which represents an EJB business object in a persistent storage mechanism. There are two types of entity beans: bean-managed and container-managed. With bean-managed persistence, the developer is responsible of writing the SQL code to access the database (refer to sections [1] and [2] above). With container-managed persistence, the EJB container automatically generates the SQL code. As a result, the container is responsible of preventing malicious attempts to tamper with the generated SQL code.</text> + <text /> + <text>Example of how to use an Entity Bean in J2EE:</text> + <text /> + <text> // J2EE EJB Example + try { + // lookup the User home interface + UserHome userHome = (UserHome)context.lookup(User.class); + // find the User remote interface + User = userHome.findByPrimaryKey(new UserKey(userNameField)); + ... + } catch (Exception e) { + ... + } +</text> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>N/A</text> + <text /> + <text>REFERENCES</text> + <link target="https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html">https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html</link> + <link target="https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html">https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html</link> + <text /> + <text /> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must be performed on the server-tier using Servlets. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement the above routine as static methods in a "Validator" utility class. The following sections describe an example validator class.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. </text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // Java example to validate required fields + public Class Validator { + ... + public static boolean validateRequired(String value) { + boolean isFieldValid = false; + if (value != null && value.trim().length() > 0) { + isFieldValid = true; + } + return isFieldValid; + } + ... + } + ... + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateRequired(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. Use the Java primitive wrapper classes to check if the field value can be safely converted to the desired primitive data type.</text> + <text /> + <text>Example of how to validate a numeric field (type int):</text> + <text /> + <text> // Java example to validate that a field is an int number + public Class Validator { + ... + public static boolean validateInt(String value) { + boolean isFieldValid = false; + try { + Integer.parseInt(value); + isFieldValid = true; + } catch (Exception e) { + isFieldValid = false; + } + return isFieldValid; + } + ... + } + ... + // check if the HTTP request parameter is of type int + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>A good practice is to convert all HTTP request parameters to their respective data types. For example, the developer should store the "integerValue" of a request parameter in a request attribute and use it as shown in the following example:</text> + <text /> + <text> // Example to convert the HTTP request parameter to a primitive wrapper data type + // and store this value in a request attribute for further processing + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // convert fieldValue to an Integer + Integer integerValue = Integer.getInteger(fieldValue); + // store integerValue in a request attribute + request.setAttribute("fieldName", integerValue); + } + ... + // Use the request attribute for further processing + Integer integerValue = (Integer)request.getAttribute("fieldName"); + ... +</text> + <text /> + <text>The primary Java data types that the application should handle:</text> + <text>- Byte</text> + <text>- Short</text> + <text>- Integer</text> + <text>- Long</text> + <text>- Float</text> + <text>- Double</text> + <text>- Date</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>Example to validate that the length of the userName field is between 8 and 20 characters:</text> + <text /> + <text> // Example to validate the field length + public Class Validator { + ... + public static boolean validateLength(String value, int minLength, int maxLength) { + String validatedValue = value; + if (!validateRequired(value)) { + validatedValue = ""; + } + return (validatedValue.length() >= minLength && + validatedValue.length() <= maxLength); + } + ... + } + ... + String userName = request.getParameter("userName"); + if (Validator.validateRequired(userName)) { + if (Validator.validateLength(userName, 8, 20)) { + // userName is valid, continue further processing + ... + } + } +</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>Example to validate that the input numberOfChoices is between 10 and 20:</text> + <text /> + <text> // Example to validate the field range + public Class Validator { + ... + public static boolean validateRange(int value, int min, int max) { + return (value >= min && value <= max); + } + ... + } + ... + String fieldValue = request.getParameter("numberOfChoices"); + if (Validator.validateRequired(fieldValue)) { + if (Validator.validateInt(fieldValue)) { + int numberOfChoices = Integer.parseInt(fieldValue); + if (Validator.validateRange(numberOfChoices, 10, 20)) { + // numberOfChoices is valid, continue processing request + ... + } + } + } +</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>Example to validate the user selection against a list of allowed options:</text> + <text /> + <text> // Example to validate user selection against a list of options + public Class Validator { + ... + public static boolean validateOption(Object[] options, Object value) { + boolean isValidValue = false; + try { + List list = Arrays.asList(options); + if (list != null) { + isValidValue = list.contains(value); + } + } catch (Exception e) { + } + return isValidValue; + } + ... + } + ... + // Allowed options + String[] options = {"option1", "option2", "option3"); + // Verify that the user selection is one of the allowed options + String userSelection = request.getParameter("userSelection"); + if (Validator.validateOption(options, userSelection)) { + // valid user selection, continue processing request + ... + } +</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that the user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]*$</text> + <text /> + <text>Java 1.3 or earlier versions do not include any regular expression packages. Apache Regular Expression Package (see Resources below) is recommended for use with Java 1.3 to resolve this lack of support. Example to perform regular expression validation:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Apache regular expression package + import org.apache.regexp.RE; + import org.apache.regexp.RESyntaxException; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + RE r = new RE(expression); + match = r.match(value); + } + return match; + } + ... + } + ... + // Verify that the userName request parameter is alpha-numeric + String userName = request.getParameter("userName"); + if (Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + // userName is valid, continue processing request + ... + } +</text> + <text /> + <text>Java 1.4 introduced a new regular expression package (java.util.regex). Here is a modified version of Validator.matchPattern using the new Java 1.4 regular expression package:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Java 1.4 regular expression package + import java.util.regex.Pattern; + import java.util.regexe.Matcher; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + match = Pattern.matches(expression, value); + } + return match; + } + ... + } +</text> + <text /> + <text>[7] Cookie value</text> + <text>Use the javax.servlet.http.Cookie object to validate the cookie value. The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>Example to validate a required cookie value:</text> + <text /> + <text> // Example to validate a required cookie value + // First retrieve all available cookies submitted in the HTTP request + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + // find the "user" cookie + for (int i=0; i<cookies.length; ++i) { + if (cookies[i].getName().equals("user")) { + // validate the cookie value + if (Validator.validateRequired(cookies[i].getValue()) { + // valid cookie value, continue processing request + ... + } + } + } + } +</text> + <text /> + <text>[8] HTTP Response</text> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>Example to filter a specified string by converting sensitive characters to their corresponding character entities:</text> + <text /> + <text> // Example to filter sensitive data to prevent cross-site scripting + public Class Validator { + ... + public static String filter(String value) { + if (value == null) { + return null; + } + StringBuffer result = new StringBuffer(value.length()); + for (int i=0; i<value.length(); ++i) { + switch (value.charAt(i)) { + case '<': + result.append("<"); + break; + case '>': + result.append(">"); + break; + case '"': + result.append("""); + break; + case '\'': + result.append("'"); + break; + case '%': + result.append("%"); + break; + case ';': + result.append(";"); + break; + case '(': + result.append("("); + break; + case ')': + result.append(")"); + break; + case '&': + result.append("&"); + break; + case '+': + result.append("+"); + break; + default: + result.append(value.charAt(i)); + break; + } + return result; + } + ... + } + ... + // Filter the HTTP response using Validator.filter + PrintWriter out = response.getWriter(); + // set output response + out.write(Validator.filter(response)); + out.close(); +</text> + <text /> + <text>The Java Servlet API 2.3 introduced Filters, which supports the interception and transformation of HTTP requests or responses.</text> + <text /> + <text>Example of using a Servlet Filter to sanitize the response using Validator.filter:</text> + <text /> + <text> // Example to filter all sensitive characters in the HTTP response using a Java Filter. + // This example is for illustration purposes since it will filter all content in the response, including HTML tags! + public class SensitiveCharsFilter implements Filter { + ... + public void doFilter(ServletRequest request, + ServletResponse response, + FilterChain chain) + throws IOException, ServletException { + + PrintWriter out = response.getWriter(); + ResponseWrapper wrapper = new ResponseWrapper((HttpServletResponse)response); + chain.doFilter(request, wrapper); + + CharArrayWriter caw = new CharArrayWriter(); + caw.write(Validator.filter(wrapper.toString())); + + response.setContentType("text/html"); + response.setContentLength(caw.toString().length()); + out.write(caw.toString()); + out.close(); + } + ... + public class CharResponseWrapper extends HttpServletResponseWrapper { + private CharArrayWriter output; + + public String toString() { + return output.toString(); + } + + public CharResponseWrapper(HttpServletResponse response){ + super(response); + output = new CharArrayWriter(); + } + + public PrintWriter getWriter(){ + return new PrintWriter(output); + } + } + } + + } +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text>When storing sensitive data in a cookie, make sure to set the secure flag of the cookie in the HTTP response, using Cookie.setSecure(boolean flag) to instruct the browser to send the cookie using a secure protocol, such as HTTPS or SSL.</text> + <text /> + <text>Example to secure the "user" cookie:</text> + <text /> + <text> // Example to secure a cookie, i.e. instruct the browser to + // send the cookie using a secure protocol + Cookie cookie = new Cookie("user", "sensitive"); + cookie.setSecure(true); + response.addCookie(cookie); +</text> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a powerful framework that implements all the above data validation requirements. These rules are configured in an XML file that defines input validation rules for form fields. Struts supports output filtering of dangerous characters in the [8] HTTP Response by default on all data written using the Struts 'bean:write' tag. This filtering may be disabled by setting the 'filter=false' flag.</text> + <text /> + <text>Struts defines the following basic input validators, but custom validators may also be defined:</text> + <text>required: succeeds if the field contains any characters other than white space.</text> + <text>mask: succeeds if the value matches the regular expression given by the mask attribute.</text> + <text>range: succeeds if the value is within the values given by the min and max attributes ((value >= min) & (value <= max)).</text> + <text>maxLength: succeeds if the field is length is less than or equal to the max attribute.</text> + <text>minLength: succeeds if the field is length is greater than or equal to the min attribute.</text> + <text>byte, short, integer, long, float, double: succeeds if the value can be converted to the corresponding primitive.</text> + <text>date: succeeds if the value represents a valid date. A date pattern may be provided.</text> + <text>creditCard: succeeds if the value could be a valid credit card number.</text> + <text>e-mail: succeeds if the value could be a valid e-mail address.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events and input validation.</text> + <text /> + <text>The JavaServer Faces API implements the following basic validators, but custom validators may be defined:</text> + <text>validate_doublerange: registers a DoubleRangeValidator on a component</text> + <text>validate_length: registers a LengthValidator on a component</text> + <text>validate_longrange: registers a LongRangeValidator on a component</text> + <text>validate_required: registers a RequiredValidator on a component</text> + <text>validate_stringrange: registers a StringRangeValidator on a component</text> + <text>validator: registers a custom Validator on a component</text> + <text /> + <text>The JavaServer Faces API defines the following UIInput and UIOutput Renderers (Tags):</text> + <text>input_date: accepts a java.util.Date formatted with a java.text.Date instance</text> + <text>output_date: displays a java.util.Date formatted with a java.text.Date instance</text> + <text>input_datetime: accepts a java.util.Date formatted with a java.text.DateTime instance</text> + <text>output_datetime: displays a java.util.Date formatted with a java.text.DateTime instance</text> + <text>input_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>output_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>input_text: accepts a text string of one line.</text> + <text>output_text: displays a text string of one line.</text> + <text>input_time: accepts a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>output_time: displays a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>input_hidden: allows a page author to include a hidden variable in a page</text> + <text>input_secret: accepts one line of text with no spaces and displays it as a set of asterisks as it is typed</text> + <text>input_textarea: accepts multiple lines of text</text> + <text>output_errors: displays error messages for an entire page or error messages associated with a specified client identifier</text> + <text>output_label: displays a nested component as a label for a specified input field</text> + <text>output_message: displays a localized message</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text /> + <text>** Error Handling:</text> + <text /> + <text>Many J2EE web application architectures follow the Model View Controller (MVC) pattern. In this pattern a Servlet acts as a Controller. A Servlet delegates the application processing to a JavaBean such as an EJB Session Bean (the Model). The Servlet then forwards the request to a JSP (View) to render the processing results. Servlets should check all input, output, return codes, error codes and known exceptions to ensure that the expected processing actually occurred.</text> + <text /> + <text>While data validation protects applications against malicious data tampering, a sound error handling strategy is necessary to prevent the application from inadvertently disclosing internal error messages such as exception stack traces. A good error handling strategy addresses the following items:</text> + <text /> + <text>[1] Defining Errors</text> + <text>[2] Reporting Errors</text> + <text>[3] Rendering Errors</text> + <text>[4] Error Mapping</text> + <text /> + <text>[1] Defining Errors</text> + <text>Hard-coded error messages in the application layer (e.g. Servlets) should be avoided. Instead, the application should use error keys that map to known application failures. A good practice is to define error keys that map to validation rules for HTML form fields or other bean properties. For example, if the "user_name" field is required, is alphanumeric, and must be unique in the database, then the following error keys should be defined:</text> + <text /> + <text>(a) ERROR_USERNAME_REQUIRED: this error key is used to display a message notifying the user that the "user_name" field is required;</text> + <text>(b) ERROR_USERNAME_ALPHANUMERIC: this error key is used to display a message notifying the user that the "user_name" field should be alphanumeric;</text> + <text>(c) ERROR_USERNAME_DUPLICATE: this error key is used to display a message notifying the user that the "user_name" value is a duplicate in the database;</text> + <text>(d) ERROR_USERNAME_INVALID: this error key is used to display a generic message notifying the user that the "user_name" value is invalid;</text> + <text /> + <text>A good practice is to define the following framework Java classes which are used to store and report application errors:</text> + <text /> + <text>- ErrorKeys: defines all error keys</text> + <text /> + <text> // Example: ErrorKeys defining the following error keys: + // - ERROR_USERNAME_REQUIRED + // - ERROR_USERNAME_ALPHANUMERIC + // - ERROR_USERNAME_DUPLICATE + // - ERROR_USERNAME_INVALID + // ... + public Class ErrorKeys { + public static final String ERROR_USERNAME_REQUIRED = "error.username.required"; + public static final String ERROR_USERNAME_ALPHANUMERIC = "error.username.alphanumeric"; + public static final String ERROR_USERNAME_DUPLICATE = "error.username.duplicate"; + public static final String ERROR_USERNAME_INVALID = "error.username.invalid"; + ... + } +</text> + <text>- Error: encapsulates an individual error</text> + <text /> + <text> // Example: Error encapsulates an error key. + // Error is serializable to support code executing in multiple JVMs. + public Class Error implements Serializable { + + // Constructor given a specified error key + public Error(String key) { + this(key, null); + } + + // Constructor given a specified error key and array of placeholder objects + public Error(String key, Object[] values) { + this.key = key; + this.values = values; + } + + // Returns the error key + public String getKey() { + return this.key; + } + + // Returns the placeholder values + public Object[] getValues() { + return this.values; + } + + private String key = null; + private Object[] values = null; + } +</text> + <text /> + <text>- Errors: encapsulates a Collection of errors</text> + <text /> + <text> // Example: Errors encapsulates the Error objects being reported to the presentation layer. + // Errors are stored in a HashMap where the key is the bean property name and value is an + // ArrayList of Error objects. + public Class Errors implements Serializable { + + // Adds an Error object to the Collection of errors for the specified bean property. + public void addError(String property, Error error) { + ArrayList propertyErrors = (ArrayList)errors.get(property); + if (propertyErrors == null) { + propertyErrors = new ArrayList(); + errors.put(property, propertyErrors); + } + propertyErrors.put(error); + } + + // Returns true if there are any errors + public boolean hasErrors() { + return (errors.size > 0); + } + + // Returns the Errors for the specified property + public ArrayList getErrors(String property) { + return (ArrayList)errors.get(property); + } + + private HashMap errors = new HashMap(); + } +</text> + <text /> + <text>Using the above framework classes, here is an example to process validation errors of the "user_name" field:</text> + <text /> + <text> // Example to process validation errors of the "user_name" field. + Errors errors = new Errors(); + String userName = request.getParameter("user_name"); + // (a) Required validation rule + if (!Validator.validateRequired(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_REQUIRED)); + } // (b) Alpha-numeric validation rule + else if (!Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_ALPHANUMERIC)); + } + else + { + // (c) Duplicate check validation rule + // We assume that there is an existing UserValidationEJB session bean that implements + // a checkIfDuplicate() method to verify if the user already exists in the database. + try { + ... + if (UserValidationEJB.checkIfDuplicate(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE)); + } + } catch (RemoteException e) { + // log the error + logger.error("Could not validate user for specified userName: " + userName); + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE); + } + } + // set the errors object in a request attribute called "errors" + request.setAttribute("errors", errors); + ... +</text> + <text /> + <text>[2] Reporting Errors</text> + <text>There are two ways to report web-tier application errors:</text> + <text>(a) Servlet Error Mechanism</text> + <text>(b) JSP Error Mechanism</text> + <text /> + <text>[2-a] Servlet Error Mechanism</text> + <text>A Servlet may report errors by:</text> + <text>- forwarding to the input JSP (having already stored the errors in a request attribute), OR</text> + <text>- calling response.sendError with an HTTP error code argument, OR</text> + <text>- throwing an exception</text> + <text /> + <text>It is good practice to process all known application errors (as described in section [1]), store them in a request attribute, and forward to the input JSP. The input JSP should display the error messages and prompt the user to re-enter the data. The following example illustrates how to forward to an input JSP (userInput.jsp):</text> + <text /> + <text> // Example to forward to the userInput.jsp following user validation errors + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd != null) { + rd.forward(request, response); + } +</text> + <text /> + <text>If the Servlet cannot forward to a known JSP page, the second option is to report an error using the response.sendError method with HttpServletResponse.SC_INTERNAL_SERVER_ERROR (status code 500) as argument. Refer to the javadoc of javax.servlet.http.HttpServletResponse for more details on the various HTTP status codes. Example to return a HTTP error:</text> + <text /> + <text> // Example to return a HTTP error code + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd == null) { + // messages is a resource bundle with all message keys and values + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + messages.getMessage(ErrorKeys.ERROR_USERNAME_INVALID)); + } +</text> + <text /> + <text>As a last resort, Servlets can throw an exception, which must be a subclass of one of the following classes:</text> + <text>- RuntimeException</text> + <text>- ServletException</text> + <text>- IOException</text> + <text /> + <text>[2-b] JSP Error Mechanism</text> + <text>JSP pages provide a mechanism to handle runtime exceptions by defining an errorPage directive as shown in the following example:</text> + <text /> + <text> <%@ page errorPage="/errors/userValidation.jsp" %> +</text> + <text /> + <text>Uncaught JSP exceptions are forwarded to the specified errorPage, and the original exception is set in a request parameter called javax.servlet.jsp.jspException. The error page must include a isErrorPage directive as shown below:</text> + <text /> + <text> <%@ page isErrorPage="true" %> +</text> + <text /> + <text>The isErrorPage directive causes the "exception" variable to be initialized to the exception object being thrown.</text> + <text /> + <text>[3] Rendering Errors</text> + <text>The J2SE Internationalization APIs provide utility classes for externalizing application resources and formatting messages including:</text> + <text /> + <text>(a) Resource Bundles</text> + <text>(b) Message Formatting</text> + <text /> + <text>[3-a] Resource Bundles</text> + <text>Resource bundles support internationalization by separating localized data from the source code that uses it. Each resource bundle stores a map of key/value pairs for a specific locale.</text> + <text /> + <text>It is common to use or extend java.util.PropertyResourceBundle, which stores the content in an external properties file as shown in the following example:</text> + <text /> + <text> ################################################ + # ErrorMessages.properties + ################################################ + # required user name error message + error.username.required=User name field is required + + # invalid user name format + error.username.alphanumeric=User name must be alphanumeric + + # duplicate user name error message + error.username.duplicate=User name {0} already exists, please choose another one + + ... +</text> + <text /> + <text>Multiple resources can be defined to support different locales (hence the name resource bundle). For example, ErrorMessages_fr.properties can be defined to support the French member of the bundle family. If the resource member of the requested locale does not exist, the default member is used. In the above example, the default resource is ErrorMessages.properties. Depending on the user's locale, the application (JSP or Servlet) retrieves content from the appropriate resource.</text> + <text /> + <text>[3-b] Message Formatting</text> + <text>The J2SE standard class java.util.MessageFormat provides a generic way to create messages with replacement placeholders. A MessageFormat object contains a pattern string with embedded format specifiers as shown below:</text> + <text /> + <text> // Example to show how to format a message using placeholder parameters + String pattern = "User name {0} already exists, please choose another one"; + String userName = request.getParameter("user_name"); + Object[] args = new Object[1]; + args[0] = userName; + String message = MessageFormat.format(pattern, args); +</text> + <text /> + <text>Here is a more comprehensive example to render error messages using ResourceBundle and MessageFormat:</text> + <text /> + <text> // Example to render an error message from a localized ErrorMessages resource (properties file) + // Utility class to retrieve locale-specific error messages + public Class ErrorMessageResource { + + // Returns the error message for the specified error key in the environment locale + public String getErrorMessage(String errorKey) { + return getErrorMessage(errorKey, defaultLocale); + } + + // Returns the error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Locale locale) { + return getErrorMessage(errorKey, null, locale); + } + + // Returns a formatted error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Object[] args, Locale locale) { + // Get localized ErrorMessageResource + ResourceBundle errorMessageResource = ResourceBundle.getBundle("ErrorMessages", locale); + // Get localized error message + String errorMessage = errorMessageResource.getString(errorKey); + if (args != null) { + // Format the message using the specified placeholders args + return MessageFormat.format(errorMessage, args); + } else { + return errorMessage; + } + } + + // default environment locale + private Locale defaultLocale = Locale.getDefaultLocale(); + } + ... + // Get the user's locale + Locale userLocale = request.getLocale(); + // Check if there were any validation errors + Errors errors = (Errors)request.getAttribute("errors"); + if (errors != null && errors.hasErrors()) { + // iterate through errors and output error messages corresponding to the "user_name" property + ArrayList userNameErrors = errors.getErrors("user_name"); + ListIterator iterator = userNameErrors.iterator(); + while (iterator.hasNext()) { + // Get the next error object + Error error = (Error)iterator.next(); + String errorMessage = ErrorMessageResource.getErrorMessage(error.getKey(), userLocale); + output.write(errorMessage + "\r\n"); + } + } +</text> + <text /> + <text>It is recommended to define a custom JSP tag, e.g. displayErrors, to iterate through and render error messages as shown in the above example.</text> + <text /> + <text>[4] Error Mapping</text> + <text>Normally, the Servlet Container will return a default error page corresponding to either the response status code or the exception. A mapping between the status code or the exception and a web resource may be specified using custom error pages. It is a good practice to develop static error pages that do not disclose internal error states (by default, most Servlet containers will report internal error messages). This mapping is configured in the Web Deployment Descriptor (web.xml) as specified in the following example:</text> + <text /> + <text> <!-- Mapping of HTTP error codes and application exceptions to error pages --> + <error-page> + <exception-type>UserValidationException</exception-type> + <location>/errors/validationError.html</error-page> + </error-page> + <error-page> + <error-code>500</exception-type> + <location>/errors/internalError.html</error-page> + </error-page> + <error-page> + ... + </error-page> + ... +</text> + <text /> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a Java framework that defines the error handling mechanism as described above. Validation rules are configured in an XML file that defines input validation rules for form fields and the corresponding validation error keys. Struts provides internationalization support to build localized applications using resource bundles and message formatting.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>The Struts JSP tag library defines the "errors" tag that conditionally displays a set of accumulated error messages as shown in the following example:</text> + <text /> + <text> <%@ page language="java" %> + <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> + <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> + <html:html> + <head> + <body> + <html:form action="/logon.do"> + <table border="0" width="100%"> + <tr> + <th align="right"> + <html:errors property="username"/> + <bean:message key="prompt.username"/> + </th> + <td align="left"> + <html:text property="username" size="16"/> + </td> + </tr> + <tr> + <td align="right"> + <html:submit><bean:message key="button.submit"/></html:submit> + </td> + <td align="right"> + <html:reset><bean:message key="button.reset"/></html:reset> + </td> + </tr> + </table> + </html:form> + </body> + </html:html> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events, validate input, and support internationalization.</text> + <text /> + <text>The JavaServer Faces API defines the "output_errors" UIOutput Renderer, which displays error messages for an entire page or error messages associated with a specified client identifier.</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text>** Filter User Input</text> + <text /> + <text>Before passing any data to a SQL query, it should always be properly filtered with whitelisting techniques. This cannot be over-emphasized. Filtering user input will correct many injection flaws before they arrive at the database.</text> + <text /> + <text>** Quote User Input</text> + <text /> + <text>Regardless of data type, it is always a good idea to place single quotes around all user data if this is permitted by the database. MySQL allows this formatting technique.</text> + <text /> + <text>** Escape the Data Values</text> + <text /> + <text>If you're using MySQL 4.3.0 or newer, you should escape all strings with mysql_real_escape_string(). If you are using an older version of MySQL, you should use the mysql_escape_string() function. If you are not using MySQL, you might choose to use the specific escaping function for your particular database. If you are not aware of an escaping function, you might choose to utilize a more generic escaping function such as addslashes().</text> + <text /> + <text>If you're using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder.</text> + <text /> + <text>REFERENCES</text> + <link target="http://ca3.php.net/mysql_real_escape_string">http://ca3.php.net/mysql_real_escape_string</link> + <link target="http://ca.php.net/mysql_escape_string">http://ca.php.net/mysql_escape_string</link> + <link target="http://ca.php.net/addslashes">http://ca.php.net/addslashes</link> + <link target="http://pear.php.net/package-info.php?package=DB">http://pear.php.net/package-info.php?package=DB</link> + <text /> + <text /> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must always be performed on the server-tier. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement a function or functions that validates each application parameter. The following sections describe some example checking.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces.</text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // PHP example to validate required fields + function validateRequired($input) { + ... + $pass = false; + if (strlen(trim($input))>0){ + $pass = true; + } + return $pass; + ... + } + ... + if (validateRequired($fieldName)) { + // fieldName is valid, continue processing request + ... + } +</text> + <text /> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type.</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]+$</text> + <text /> + <text>[7] Cookie value</text> + <text>The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>[8] HTTP Response</text> + <text /> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, the developer should sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>PHP includes some automatic sanitization utility functions, such as htmlentities():</text> + <text /> + <text> $input = htmlentities($input, ENT_QUOTES, 'UTF-8'); +</text> + <text /> + <text>In addition, in order to avoid UTF-7 variants of Cross-site Scripting, you should explicitly define the Content-Type header of the response, for example:</text> + <text /> + <text> <?php + + header('Content-Type: text/html; charset=UTF-8'); + + ?> +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text /> + <text>When storing sensitive data in a cookie and transporting it over SSL, make sure that you first set the secure flag of the cookie in the HTTP response. This will instruct the browser to only use that cookie over SSL connections.</text> + <text /> + <text>You can use the following code example, for securing the cookie:</text> + <text /> + <text> <$php + + $value = "some_value"; + $time = time()+3600; + $path = "/application/"; + $domain = ".example.com"; + $secure = 1; + + setcookie("CookieName", $value, $time, $path, $domain, $secure, TRUE); + ?> + +</text> + <text /> + <text>In addition, we recommend that you use the HttpOnly flag. When the HttpOnly flag is set to TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).</text> + <text /> + <text>The HttpOnly flag was Added in PHP 5.2.0.</text> + <text /> + <text>REFERENCES</text> + <text /> + <text>[1] Mitigating Cross-site Scripting With HTTP-only Cookies: </text> + <link target="http://msdn2.microsoft.com/en-us/library/ms533046.aspx">http://msdn2.microsoft.com/en-us/library/ms533046.aspx</link> + <text>[2] PHP Security Consortium: </text> + <link target="http://phpsec.org/">http://phpsec.org/</link> + <text>[3] PHP & Web Application Security Blog (Chris Shiflett): </text> + <link target="http://shiflett.org/">http://shiflett.org/</link> + </fixRecommendation> + </general> + </item> + <item id="DirectAccesstoAdministrationPages"> + <general> + <fixRecommendation type="General"> + <text>Do not allow access to administration scripts without proper authorization, as it may allow an attacker to gain privileged rights.</text> + </fixRecommendation> + </general> + </item> + <item id="attHostHeaderInjection"> + <general> + <fixRecommendation type="General"> + <text>Validate and sanitize the user supplied inputs properly</text> + </fixRecommendation> + </general> + </item> + <item id="attAccountLockout"> + <general> + <fixRecommendation type="General"> + <text>Decide upon the number of login attempts to be allowed (usually from 3 to 5), and make sure that the account will be locked once the permitted number of attempts is exceeded. </text> + <text>To avoid unnecessary support calls from genuine users who were locked out of their account and require enabling, it is possible to suspend account activity only temporarily, and enable it after a specific period of time. Locking the account for a period of ten minutes or so is usually sufficient to block brute force attacks.</text> + </fixRecommendation> + </general> + </item> + <item id="attLinkInjection"> + <general> + <fixRecommendation type="General"> + <text>There are several mitigation techniques:</text> + <text>[1] Strategy: Libraries or Frameworks</text> + <text>Use a vetted library or framework that does not allow this weakness to occur, or provides constructs that make it easier to avoid.</text> + <text>Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.</text> + <text /> + <text>[2] Understand the context in which your data will be used, and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.</text> + <text>For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.</text> + <text>Parts of the same output document may require different encodings, which will vary depending on whether the output is in the:</text> + <text>[-] HTML body</text> + <text>[-] Element attributes (such as src="XYZ")</text> + <text>[-] URIs</text> + <text>[-] JavaScript sections</text> + <text>[-] Cascading Style Sheets and style property</text> + <text>Note that HTML Entity Encoding is only appropriate for the HTML body.</text> + <text>Consult the XSS Prevention Cheat Sheet </text> + <link target="http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet">http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet</link> + <text>for more details on the types of encoding and escaping that are needed.</text> + <text /> + <text>[3] Strategy: Identify and Reduce Attack Surface</text> + <text>Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.</text> + <text /> + <text>[4] Strategy: Output Encoding</text> + <text>For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing the web page encoding. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.</text> + <text /> + <text>[5] Strategy: Identify and Reduce Attack Surface</text> + <text>To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.</text> + <text /> + <text>[6] Strategy: Input Validation</text> + <text>Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on a blacklist of malicious or malformed inputs. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.</text> + <text>When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."</text> + <text>When dynamically constructing web pages, use stringent whitelists that limit the character set based on the expected value of the parameter in the request. All input should be validated and cleansed: not only parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so on. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. It is common to see data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.</text> + <text>Note that proper output encoding, escaping, and quoting is the most effective solution for preventing XSS, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent XSS, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, in a chat application, the heart emoticon ("<3") would likely pass the validation step, since it is commonly used. However, it cannot be directly inserted into the web page because it contains the "<" character, which would need to be escaped or otherwise handled. In this case, stripping the "<" might reduce the risk of XSS, but it would produce incorrect behavior because the emoticon would not be recorded. This might seem to be a minor inconvenience, but it would be more important in a mathematical forum that wants to represent inequalities.</text> + <text>Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address.</text> + <text>Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.</text> + </fixRecommendation> + </general> + </item> + <item id="attRespCookieNotSecureSSL"> + <general> + <fixRecommendation type="General"> + <text>Basically the only required attribute for the cookie is the "name" field. Common optional attributes are: "comment", "domain", "path", etc.</text> + <text>The "secure" attribute must be set accordingly in order to prevent to cookie from being sent unencrypted.</text> + <text>For more information on how to set the secure flag, see OWASP "Secure Attribute" cheatsheet at </text> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#secure-attribute">https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#secure-attribute</link> + <text /> + <text /> + <text>RFC 2965 states:</text> + <text>"The Secure attribute (with no value) directs the user agent to use only (unspecified) secure means to contact the origin server whenever it sends back this cookie, to protect the confidentially and authenticity of the information in the cookie."</text> + <text>For further reference please see the HTTP State Management Mechanism RFC 2965 at: </text> + <link target="http://www.ietf.org/rfc/rfc2965.txt">http://www.ietf.org/rfc/rfc2965.txt</link> + <text>and for "Best current practice" for use of HTTP State Management please see </text> + <link target="http://tools.ietf.org/html/rfc2964">http://tools.ietf.org/html/rfc2964</link> + </fixRecommendation> + </general> + </item> + <item id="OldTLS"> + <general> + <fixRecommendation type="General"> + <text>Reconfigure the server to avoid the use of weak cipher suites. The configuration changes are server-specific.</text> + <text>For Microsoft Windows XP and Microsoft Windows Server 2003, follow these instructions: </text> + <text>http://support.microsoft.com/kb/245030</text> + <text>For Microsoft Windows Vista, Microsoft Windows 7, and Microsoft Windows Server 2008, remove the cipher suites that were identified as weak from the Supported Cipher Suite list by following these instructions:</text> + <text>http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v=vs.85).aspx</text> + <text>For Apache TomCat server, follow these instructions: </text> + <text>https://www.owasp.org/index.php/Talk:Securing_tomcat#Disabling_weak_ciphers_in_Tomcat</text> + <text>For Apache server, follow these instructions:</text> + <text>https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html</text> + </fixRecommendation> + </general> + </item> + <item id="phishingInFrames"> + <general> + <fixRecommendation type="General"> + <text>There are several mitigation techniques:</text> + <text>[1] Strategy: Libraries or Frameworks</text> + <text>Use a vetted library or framework that does not allow this weakness to occur, or provides constructs that make it easier to avoid.</text> + <text>Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.</text> + <text /> + <text>[2] Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.</text> + <text>For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.</text> + <text>Parts of the same output document may require different encodings, which will vary depending on whether the output is in the:</text> + <text>[-] HTML body</text> + <text>[-] Element attributes (such as src="XYZ")</text> + <text>[-] URIs</text> + <text>[-] JavaScript sections</text> + <text>[-] Cascading Style Sheets and style property</text> + <text>Note that HTML Entity Encoding is only appropriate for the HTML body.</text> + <text>Consult the XSS Prevention Cheat Sheet </text> + <link target="http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet">http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet</link> + <text>for more details on the types of encoding and escaping that are needed.</text> + <text /> + <text>[3] Strategy: Identify and Reduce Attack Surface</text> + <text>Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.</text> + <text /> + <text>[4] Strategy: Output Encoding</text> + <text>For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.</text> + <text /> + <text>[5] Strategy: Identify and Reduce Attack Surface</text> + <text>To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.</text> + <text /> + <text>[6] Strategy: Input Validation</text> + <text>Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on a blacklist of malicious or malformed inputs. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.</text> + <text>When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."</text> + <text>When dynamically constructing web pages, use stringent whitelists that limit the character set based on the expected value of the parameter in the request. All input should be validated and cleansed, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. It is common to see data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.</text> + <text>Note that proper output encoding, escaping, and quoting is the most effective solution for preventing XSS, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent XSS, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, in a chat application, the heart emoticon ("<3") would likely pass the validation step, since it is commonly used. However, it cannot be directly inserted into the web page because it contains the "<" character, which would need to be escaped or otherwise handled. In this case, stripping the "<" might reduce the risk of XSS, but it would produce incorrect behavior because the emoticon would not be recorded. This might seem to be a minor inconvenience, but it would be more important in a mathematical forum that wants to represent inequalities.</text> + <text>Even if you make a mistake in your validation (such as forgetting one of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address.</text> + <text>Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.</text> + </fixRecommendation> + </general> + </item> + <item id="SHA1CipherSuites"> + <general> + <fixRecommendation type="General"> + <text>Secure Cipher-Suites best practices:</text> + <text /> + <text>[1]</text> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html#use-strong-cryptographic-hashing-algorithms"> Use strong cryptographic hashing algorithms</link> + <text /> + <text>[2]</text> + <link target="https://docs.microsoft.com/en-us/power-platform/admin/server-cipher-tls-requirements"> Server cipher TLS requirements</link> + </fixRecommendation> + </general> + </item> + <item id="constTransient"> + <general> + <fixRecommendation type="General"> + <text>Prevent user ability to manipulate session ID. Do not accept session IDs provided by the user's browser at login; always generate a new session to which the user will log in if successfully authenticated. </text> + <text>Invalidate any existing session identifiers prior to authorizing a new user session.</text> + <text>For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user's browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don't match, invalidate the session, and force the user to log on again.</text> + </fixRecommendation> + </general> + </item> + <item id="GD_autocompleteInForm"> + <general> + <fixRecommendation type="General"> + <text>If the "autocomplete" attribute is missing in the "password" field of the "input" element, add it and set it to "off".</text> + <text>If the "autocomplete" attribute is set to "on", change it to "off".</text> + <text /> + <text>For example:</text> + <text /> + <text>Vulnerable site:</text> + <text> <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" /> + <input type="submit" value="Submit" /> + <form> +</text> + <text /> + <text>Non-vulnerable site:</text> + <text> <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" autocomplete="off"/> + <input type="submit" value="Submit" /> + <form> +</text> + </fixRecommendation> + </general> + </item> + <item id="bodyParamsInQuery"> + <general> + <fixRecommendation type="General"> + <text>Re-program the application to disallow handling of POST parameters that were listed in the Query</text> + </fixRecommendation> + </general> + </item> + <item id="attCachedSSL"> + <general> + <fixRecommendation type="General"> + <text>Disable caching on all SSL pages or all pages that contain sensitive data.</text> + <text>This can be achieved by using "Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache" response directives in your SSL page headers.</text> + <text /> + <text>Cache-Control: private - This directive instructs proxies that the page contains private information, and therefore should not be cached by a shared cache. However, it does not instruct browsers to refrain from caching the pages.</text> + <text /> + <text>Cache-Control: no-cache - This directive also instructs proxies that the page contains private information, and therefore should not be cached. It also instructs the browser to revalidate with the server to check if a new version is available. This means that the browser may store sensitive pages or information to be used in the revalidation. Certain browsers do not necessarily follow the RFC and may treat no-cache as no-store.</text> + <text /> + <text>Cache-Control: no-store - This is the most secure directive. It instructs both the proxy and the browser not to cache the page or store it in its cache folders.</text> + <text /> + <text>Pragma: no-cache - This directive is required for older browsers, that do not support the Cache-Control header.</text> + </fixRecommendation> + </general> + </item> + <item id="GD_CreditCardVisa"> + <general> + <fixRecommendation type="General"> + <text>Refrain from including credit card numbers in your website.</text> + </fixRecommendation> + </general> + </item> + <item id="attHttpsToHttp"> + <general> + <fixRecommendation type="General"> + <text>You should always transmit all data over a TLS/SSL connection only. This includes all external communications, including browsers, backend connections such as databases, third party APIs, and other services.</text> + <text>In addition, several privacy regulations state that sensitive information such as user credentials will always be sent encrypted to the web site.</text> + <text>Always enforce the use of an encrypted connection (e.g. TLS/SSL), and do not allow any access to sensitive information using unencrypted HTTP.</text> + <text>Use TLS 1.2 or TLS 1.3 and use strong cryptographic hashing algorithms and cipher suites.</text> + </fixRecommendation> + </general> + </item> + <item id="attContentSecurityPolicy"> + <general> + <fixRecommendation type="General"> + <text>Configure your server to send the "Content-Security-Policy" header.</text> + <text>It is recommended to configure Content-Security-Policy header with secure values for its directives as below:</text> + <text>For 'default-src', and 'script-src' secure values such as 'none', or https://any.example.com.</text> + <text>For 'frame-ancestors', and 'object-src' secure values such as 'self', 'none' or https://any.example.com are expected.</text> + <text>"unsafe-inline" and "unsafe-eval" must not be used in any circumstance. Using nonce / hash would be only considered for short-term workaround.</text> + <text>For Apache, see: </text> + <text>http://httpd.apache.org/docs/2.2/mod/mod_headers.html</text> + <text>For IIS, see: </text> + <text>https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx</text> + <text>For nginx, see: </text> + <text>http://nginx.org/en/docs/http/ngx_http_headers_module.html</text> + </fixRecommendation> + </general> + </item> + <item id="attRespCookieNotHttpOnlySessionCookie"> + <general> + <fixRecommendation type="General"> + <text>Basically the only required attribute for the cookie is the "name" field.</text> + <text>Common optional attributes are: "comment", "domain", "path", etc.</text> + <text>The "HttpOnly" attribute must be set accordingly in order to prevent session cookies from being accessed by scripts.</text> + </fixRecommendation> + </general> + </item> + <item id="ContentTypeOptions"> + <general> + <fixRecommendation type="General"> + <text>Configure your server to send the "X-Content-Type-Options" header with value "nosniff" on all outgoing requests.</text> + <text /> + <text>For Apache, see: </text> + <link target="http://httpd.apache.org/docs/2.2/mod/mod_headers.html">http://httpd.apache.org/docs/2.2/mod/mod_headers.html</link> + <text>For IIS, see: </text> + <link target="https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx">https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx</link> + <text>For nginx, see: </text> + <link target="http://nginx.org/en/docs/http/ngx_http_headers_module.html">http://nginx.org/en/docs/http/ngx_http_headers_module.html</link> + </fixRecommendation> + </general> + </item> + <item id="XFS"> + <general> + <fixRecommendation type="General"> + <text>Use the X-Frame-Options to prevent (or limit) pages from being embedded in iFrames. For older browser, include a "frame-breaker" script in each page that should not be framed.</text> + </fixRecommendation> + </general> + </item> + <item id="HSTS"> + <general> + <fixRecommendation type="General"> + <text>Implement the The HTTP Strict Transport Security policy by adding the "Strict-Transport-Security" response header to the web application responses.</text> + <text>For more information please see </text> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html">https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html</link> + </fixRecommendation> + </general> + </item> + <item id="GETParamOverSSL"> + <general> + <fixRecommendation type="General"> + <text>Make sure that sensitive information such as:</text> + <text>- Username</text> + <text>- Password</text> + <text>- Social Security number</text> + <text>- Credit Card number</text> + <text>- Driver's License number</text> + <text>- e-mail address</text> + <text>- Phone number</text> + <text>- Zip code</text> + <text /> + <text>is always sent in the body part of an HTTP POST request.</text> + </fixRecommendation> + </general> + </item> + <item id="attUnnecessaryResponseHeaders"> + <general> + <fixRecommendation type="General"> + <text>Configure your server to remove the default "Server" header from being sent to all outgoing requests.</text> + <text>For IIS, see:</text> + <text>https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710</text> + <text>For nginx, see: </text> + <text>https://www.getpagespeed.com/server-setup/nginx/how-to-remove-the-server-header-in-nginx</text> + <text>For Weblogic, see: </text> + <text>https://docs.oracle.com/cd/E13222_01/wls/docs81/adminguide/web_server.html</text> + <text>For Apache, see: </text> + <text>https://techglimpse.com/set-modify-response-headers-http-tip/</text> + </fixRecommendation> + </general> + </item> + <item id="attUndefinedState"> + <general> + <fixRecommendation type="General"> + <text>[1] Check incoming requests for the presence of all expected parameters and values. When a parameter is missing, issue a proper error message or use default values.</text> + <text>[2] The application should verify that its input consists of valid characters (after decoding). For example, an input value containing the null byte (encoded as %00), apostrophe, quotes, etc. should be rejected.</text> + <text>[3] Enforce values in their expected ranges and types. If your application expects a certain parameter to have a value from a certain set, then the application should ensure that the value it receives indeed belongs to the set. For example, if your application expects a value in the range 10..99, then it should make sure that the value is indeed numeric, and that its value is in 10..99.</text> + <text>[4] Verify that the data belongs to the set offered to the client.</text> + <text>[5] Do not output debugging error messages and exceptions in a production environment.</text> + <text>In order to disable debugging in ASP.NET, edit your web.config file to contain the following:</text> + <text><compilation </text> + <text>debug="false"</text> + <text>/></text> + <text /> + <text>For more information, see "HOW TO: Disable Debugging for ASP.NET Applications" in: </text> + <link target="http://support.microsoft.com/default.aspx?scid=kb;en-us;815157">http://support.microsoft.com/default.aspx?scid=kb;en-us;815157</link> + <text /> + <text>You can add input validation to Web Forms pages by using validation controls. Validation controls provide an easy-to-use mechanism for all common types of standard validation (for example, testing for valid dates or values within a range), plus ways to provide custom-written validation. In addition, validation controls allow you to completely customize how error information is displayed to the user. Validation controls can be used with any controls that are processed in a Web Forms page's class file, including both HTML and Web server controls.</text> + <text /> + <text>To make sure that all the required parameters exist in a request, use the "RequiredFieldValidator" validation control. This control ensures that the user does not skip an entry in the web form.</text> + <text /> + <text>To make sure user input contains only valid values, you can use one of the following validation controls:</text> + <text /> + <text>[1] "RangeValidator": checks that a user's entry (value) is between specified lower and upper boundaries. You can check ranges within pairs of numbers, alphabetic characters, and dates.</text> + <text /> + <text>[2] "RegularExpressionValidator": checks that the entry matches a pattern defined by a regular expression. This type of validation allows you to check for predictable sequences of characters, such as those in social security numbers, e-mail addresses, telephone numbers, postal codes, and so on.</text> + <text /> + <text>Important note: validation controls do not block user input or change the flow of page processing; they only set an error state, and produce error messages. It is the programmer's responsibility to test the state of the controls in the code before performing further application-specific actions.</text> + <text /> + <text>There are two ways to check for user input validity: </text> + <text /> + <text>1. Test for a general error state: </text> + <text /> + <text>In your code, test the page's IsValid property. This property rolls up the values of the IsValid properties of all the validation controls on the page (using a logical AND). If one of the validation controls is set to invalid, the page's property will return false.</text> + <text /> + <text>2. Test for the error state of individual controls:</text> + <text /> + <text>Loop through the page's Validators collection, which contains references to all the validation controls. You can then examine the IsValid property of each validation control.</text> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must be performed on the server-tier using Servlets. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement the above routine as static methods in a "Validator" utility class. The following sections describe an example validator class.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. </text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // Java example to validate required fields + public Class Validator { + ... + public static boolean validateRequired(String value) { + boolean isFieldValid = false; + if (value != null && value.trim().length() > 0) { + isFieldValid = true; + } + return isFieldValid; + } + ... + } + ... + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateRequired(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. Use the Java primitive wrapper classes to check if the field value can be safely converted to the desired primitive data type.</text> + <text /> + <text>Example of how to validate a numeric field (type int):</text> + <text /> + <text> // Java example to validate that a field is an int number + public Class Validator { + ... + public static boolean validateInt(String value) { + boolean isFieldValid = false; + try { + Integer.parseInt(value); + isFieldValid = true; + } catch (Exception e) { + isFieldValid = false; + } + return isFieldValid; + } + ... + } + ... + // check if the HTTP request parameter is of type int + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } +</text> + <text /> + <text>A good practice is to convert all HTTP request parameters to their respective data types. For example, store the "integerValue" of a request parameter in a request attribute and use it as shown in the following example:</text> + <text /> + <text> // Example to convert the HTTP request parameter to a primitive wrapper data type + // and store this value in a request attribute for further processing + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // convert fieldValue to an Integer + Integer integerValue = Integer.getInteger(fieldValue); + // store integerValue in a request attribute + request.setAttribute("fieldName", integerValue); + } + ... + // Use the request attribute for further processing + Integer integerValue = (Integer)request.getAttribute("fieldName"); + ... +</text> + <text /> + <text>The primary Java data types that the application should handle:</text> + <text>- Byte</text> + <text>- Short</text> + <text>- Integer</text> + <text>- Long</text> + <text>- Float</text> + <text>- Double</text> + <text>- Date</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>Example to validate that the length of the userName field is between 8 and 20 characters:</text> + <text /> + <text> // Example to validate the field length + public Class Validator { + ... + public static boolean validateLength(String value, int minLength, int maxLength) { + String validatedValue = value; + if (!validateRequired(value)) { + validatedValue = ""; + } + return (validatedValue.length() >= minLength && + validatedValue.length() <= maxLength); + } + ... + } + ... + String userName = request.getParameter("userName"); + if (Validator.validateRequired(userName)) { + if (Validator.validateLength(userName, 8, 20)) { + // userName is valid, continue further processing + ... + } + } +</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>Example to validate that the input numberOfChoices is between 10 and 20:</text> + <text /> + <text> // Example to validate the field range + public Class Validator { + ... + public static boolean validateRange(int value, int min, int max) { + return (value >= min && value <= max); + } + ... + } + ... + String fieldValue = request.getParameter("numberOfChoices"); + if (Validator.validateRequired(fieldValue)) { + if (Validator.validateInt(fieldValue)) { + int numberOfChoices = Integer.parseInt(fieldValue); + if (Validator.validateRange(numberOfChoices, 10, 20)) { + // numberOfChoices is valid, continue processing request + ... + } + } + } +</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>Example to validate the user selection against a list of allowed options:</text> + <text /> + <text> // Example to validate user selection against a list of options + public Class Validator { + ... + public static boolean validateOption(Object[] options, Object value) { + boolean isValidValue = false; + try { + List list = Arrays.asList(options); + if (list != null) { + isValidValue = list.contains(value); + } + } catch (Exception e) { + } + return isValidValue; + } + ... + } + ... + // Allowed options + String[] options = {"option1", "option2", "option3"); + // Verify that the user selection is one of the allowed options + String userSelection = request.getParameter("userSelection"); + if (Validator.validateOption(options, userSelection)) { + // valid user selection, continue processing request + ... + } +</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that the user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]*$</text> + <text /> + <text>Java 1.3 or earlier versions do not include any regular expression packages. Apache Regular Expression Package (see Resources below) is recommended for use with Java 1.3 to resolve this lack of support. </text> + <text>Example to perform regular expression validation:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Apache regular expression package + import org.apache.regexp.RE; + import org.apache.regexp.RESyntaxException; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + RE r = new RE(expression); + match = r.match(value); + } + return match; + } + ... + } + ... + // Verify that the userName request parameter is alpha-numeric + String userName = request.getParameter("userName"); + if (Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + // userName is valid, continue processing request + ... + } +</text> + <text /> + <text>Java 1.4 introduced a new regular expression package (java.util.regex). Here is a modified version of Validator.matchPattern using the new Java 1.4 regular expression package:</text> + <text /> + <text> // Example to validate that a given value matches a specified pattern + // using the Java 1.4 regular expression package + import java.util.regex.Pattern; + import java.util.regexe.Matcher; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + match = Pattern.matches(expression, value); + } + return match; + } + ... + } +</text> + <text /> + <text>[7] Cookie value</text> + <text>Use the javax.servlet.http.Cookie object to validate the cookie value. The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>Example to validate a required cookie value:</text> + <text /> + <text> // Example to validate a required cookie value + // First retrieve all available cookies submitted in the HTTP request + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + // find the "user" cookie + for (int i=0; i<cookies.length; ++i) { + if (cookies[i].getName().equals("user")) { + // validate the cookie value + if (Validator.validateRequired(cookies[i].getValue()) { + // valid cookie value, continue processing request + ... + } + } + } + } +</text> + <text /> + <text>[8] HTTP Response</text> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>Example to filter a specified string by converting sensitive characters to their corresponding character entities:</text> + <text /> + <text> // Example to filter sensitive data to prevent cross-site scripting + public Class Validator { + ... + public static String filter(String value) { + if (value == null) { + return null; + } + StringBuffer result = new StringBuffer(value.length()); + for (int i=0; i<value.length(); ++i) { + switch (value.charAt(i)) { + case '<': + result.append("<"); + break; + case '>': + result.append(">"); + break; + case '"': + result.append("""); + break; + case '\'': + result.append("'"); + break; + case '%': + result.append("%"); + break; + case ';': + result.append(";"); + break; + case '(': + result.append("("); + break; + case ')': + result.append(")"); + break; + case '&': + result.append("&"); + break; + case '+': + result.append("+"); + break; + default: + result.append(value.charAt(i)); + break; + } + return result; + } + ... + } + ... + // Filter the HTTP response using Validator.filter + PrintWriter out = response.getWriter(); + // set output response + out.write(Validator.filter(response)); + out.close(); +</text> + <text /> + <text>The Java Servlet API 2.3 introduced Filters, which supports the interception and transformation of HTTP requests or responses.</text> + <text /> + <text>Example of using a Servlet Filter to sanitize the response using Validator.filter:</text> + <text /> + <text> // Example to filter all sensitive characters in the HTTP response using a Java Filter. + // This example is for illustration purposes since it will filter all content in the response, including HTML tags! + public class SensitiveCharsFilter implements Filter { + ... + public void doFilter(ServletRequest request, + ServletResponse response, + FilterChain chain) + throws IOException, ServletException { + + PrintWriter out = response.getWriter(); + ResponseWrapper wrapper = new ResponseWrapper((HttpServletResponse)response); + chain.doFilter(request, wrapper); + + CharArrayWriter caw = new CharArrayWriter(); + caw.write(Validator.filter(wrapper.toString())); + + response.setContentType("text/html"); + response.setContentLength(caw.toString().length()); + out.write(caw.toString()); + out.close(); + } + ... + public class CharResponseWrapper extends HttpServletResponseWrapper { + private CharArrayWriter output; + + public String toString() { + return output.toString(); + } + + public CharResponseWrapper(HttpServletResponse response){ + super(response); + output = new CharArrayWriter(); + } + + public PrintWriter getWriter(){ + return new PrintWriter(output); + } + } + } + + } +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text>When storing sensitive data in a cookie, make sure to set the secure flag of the cookie in the HTTP response, using Cookie.setSecure(boolean flag) to instruct the browser to send the cookie using a secure protocol, such as HTTPS or SSL.</text> + <text /> + <text>Example to secure the "user" cookie:</text> + <text /> + <text> // Example to secure a cookie, i.e. instruct the browser to + // send the cookie using a secure protocol + Cookie cookie = new Cookie("user", "sensitive"); + cookie.setSecure(true); + response.addCookie(cookie); +</text> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a powerful framework that implements all the above data validation requirements. These rules are configured in an XML file that defines input validation rules for form fields. Struts supports output filtering of dangerous characters in the [8] HTTP Response by default on all data written using the Struts 'bean:write' tag. This filtering may be disabled by setting the 'filter=false' flag.</text> + <text /> + <text>Struts defines the following basic input validators, but custom validators may also be defined:</text> + <text>required: succeeds if the field contains any characters other than white space.</text> + <text>mask: succeeds if the value matches the regular expression given by the mask attribute.</text> + <text>range: succeeds if the value is within the values given by the min and max attributes ((value >= min) & (value <= max)).</text> + <text>maxLength: succeeds if the field is length is less than or equal to the max attribute.</text> + <text>minLength: succeeds if the field is length is greater than or equal to the min attribute.</text> + <text>byte, short, integer, long, float, double: succeeds if the value can be converted to the corresponding primitive.</text> + <text>date: succeeds if the value represents a valid date. A date pattern may be provided.</text> + <text>creditCard: succeeds if the value could be a valid credit card number.</text> + <text>e-mail: succeeds if the value could be a valid e-mail address.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events and input validation.</text> + <text /> + <text>The JavaServer Faces API implements the following basic validators, but custom validators may be defined:</text> + <text>validate_doublerange: registers a DoubleRangeValidator on a component</text> + <text>validate_length: registers a LengthValidator on a component</text> + <text>validate_longrange: registers a LongRangeValidator on a component</text> + <text>validate_required: registers a RequiredValidator on a component</text> + <text>validate_stringrange: registers a StringRangeValidator on a component</text> + <text>validator: registers a custom Validator on a component</text> + <text /> + <text>The JavaServer Faces API defines the following UIInput and UIOutput Renderers (Tags):</text> + <text>input_date: accepts a java.util.Date formatted with a java.text.Date instance</text> + <text>output_date: displays a java.util.Date formatted with a java.text.Date instance</text> + <text>input_datetime: accepts a java.util.Date formatted with a java.text.DateTime instance</text> + <text>output_datetime: displays a java.util.Date formatted with a java.text.DateTime instance</text> + <text>input_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>output_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat</text> + <text>input_text: accepts a text string of one line.</text> + <text>output_text: displays a text string of one line.</text> + <text>input_time: accepts a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>output_time: displays a java.util.Date, formatted with a java.text.DateFormat time instance</text> + <text>input_hidden: allows a page author to include a hidden variable in a page</text> + <text>input_secret: accepts one line of text with no spaces and displays it as a set of asterisks as it is typed</text> + <text>input_textarea: accepts multiple lines of text</text> + <text>output_errors: displays error messages for an entire page or error messages associated with a specified client identifier</text> + <text>output_label: displays a nested component as a label for a specified input field</text> + <text>output_message: displays a localized message</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text /> + <text>** Error Handling:</text> + <text /> + <text>Many J2EE web application architectures follow the Model View Controller (MVC) pattern. In this pattern a Servlet acts as a Controller. A Servlet delegates the application processing to a JavaBean such as an EJB Session Bean (the Model). The Servlet then forwards the request to a JSP (View) to render the processing results. Servlets should check all input, output, return codes, error codes and known exceptions to ensure that the expected processing actually occurred.</text> + <text /> + <text>While data validation protects applications against malicious data tampering, a sound error handling strategy is necessary to prevent the application from inadvertently disclosing internal error messages such as exception stack traces. A good error handling strategy addresses the following items:</text> + <text /> + <text>[1] Defining Errors</text> + <text>[2] Reporting Errors</text> + <text>[3] Rendering Errors</text> + <text>[4] Error Mapping</text> + <text /> + <text>[1] Defining Errors</text> + <text>Hard-coded error messages in the application layer (e.g. Servlets) should be avoided. Instead, the application should use error keys that map to known application failures. A good practice is to define error keys that map to validation rules for HTML form fields or other bean properties. For example, if the "user_name" field is required, is alphanumeric, and must be unique in the database, then the following error keys should be defined:</text> + <text /> + <text>(a) ERROR_USERNAME_REQUIRED: this error key is used to display a message notifying the user that the "user_name" field is required;</text> + <text>(b) ERROR_USERNAME_ALPHANUMERIC: this error key is used to display a message notifying the user that the "user_name" field should be alphanumeric;</text> + <text>(c) ERROR_USERNAME_DUPLICATE: this error key is used to display a message notifying the user that the "user_name" value is a duplicate in the database;</text> + <text>(d) ERROR_USERNAME_INVALID: this error key is used to display a generic message notifying the user that the "user_name" value is invalid;</text> + <text /> + <text>A good practice is to define the following framework Java classes which are used to store and report application errors:</text> + <text /> + <text>- ErrorKeys: defines all error keys</text> + <text /> + <text> // Example: ErrorKeys defining the following error keys: + // - ERROR_USERNAME_REQUIRED + // - ERROR_USERNAME_ALPHANUMERIC + // - ERROR_USERNAME_DUPLICATE + // - ERROR_USERNAME_INVALID + // ... + public Class ErrorKeys { + public static final String ERROR_USERNAME_REQUIRED = "error.username.required"; + public static final String ERROR_USERNAME_ALPHANUMERIC = "error.username.alphanumeric"; + public static final String ERROR_USERNAME_DUPLICATE = "error.username.duplicate"; + public static final String ERROR_USERNAME_INVALID = "error.username.invalid"; + ... + } +</text> + <text>- Error: encapsulates an individual error</text> + <text /> + <text> // Example: Error encapsulates an error key. + // Error is serializable to support code executing in multiple JVMs. + public Class Error implements Serializable { + + // Constructor given a specified error key + public Error(String key) { + this(key, null); + } + + // Constructor given a specified error key and array of placeholder objects + public Error(String key, Object[] values) { + this.key = key; + this.values = values; + } + + // Returns the error key + public String getKey() { + return this.key; + } + + // Returns the placeholder values + public Object[] getValues() { + return this.values; + } + + private String key = null; + private Object[] values = null; + } +</text> + <text /> + <text>- Errors: encapsulates a Collection of errors</text> + <text /> + <text> // Example: Errors encapsulates the Error objects being reported to the presentation layer. + // Errors are stored in a HashMap where the key is the bean property name and value is an + // ArrayList of Error objects. + public Class Errors implements Serializable { + + // Adds an Error object to the Collection of errors for the specified bean property. + public void addError(String property, Error error) { + ArrayList propertyErrors = (ArrayList)errors.get(property); + if (propertyErrors == null) { + propertyErrors = new ArrayList(); + errors.put(property, propertyErrors); + } + propertyErrors.put(error); + } + + // Returns true if there are any errors + public boolean hasErrors() { + return (errors.size > 0); + } + + // Returns the Errors for the specified property + public ArrayList getErrors(String property) { + return (ArrayList)errors.get(property); + } + + private HashMap errors = new HashMap(); + } +</text> + <text /> + <text>Using the above framework classes, here is an example to process validation errors of the "user_name" field:</text> + <text /> + <text> // Example to process validation errors of the "user_name" field. + Errors errors = new Errors(); + String userName = request.getParameter("user_name"); + // (a) Required validation rule + if (!Validator.validateRequired(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_REQUIRED)); + } // (b) Alpha-numeric validation rule + else if (!Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_ALPHANUMERIC)); + } + else + { + // (c) Duplicate check validation rule + // We assume that there is an existing UserValidationEJB session bean that implements + // a checkIfDuplicate() method to verify if the user already exists in the database. + try { + ... + if (UserValidationEJB.checkIfDuplicate(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE)); + } + } catch (RemoteException e) { + // log the error + logger.error("Could not validate user for specified userName: " + userName); + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE); + } + } + // set the errors object in a request attribute called "errors" + request.setAttribute("errors", errors); + ... +</text> + <text /> + <text>[2] Reporting Errors</text> + <text>There are two ways to report web-tier application errors:</text> + <text>(a) Servlet Error Mechanism</text> + <text>(b) JSP Error Mechanism</text> + <text /> + <text>[2-a] Servlet Error Mechanism</text> + <text>A Servlet may report errors by:</text> + <text>- forwarding to the input JSP (having already stored the errors in a request attribute), OR</text> + <text>- calling response.sendError with an HTTP error code argument, OR</text> + <text>- throwing an exception</text> + <text /> + <text>It is good practice to process all known application errors (as described in section [1]), store them in a request attribute, and forward to the input JSP. The input JSP should display the error messages and prompt the user to re-enter the data. The following example illustrates how to forward to an input JSP (userInput.jsp):</text> + <text /> + <text> // Example to forward to the userInput.jsp following user validation errors + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd != null) { + rd.forward(request, response); + } +</text> + <text /> + <text>If the Servlet cannot forward to a known JSP page, the second option is to report an error using the response.sendError method with HttpServletResponse.SC_INTERNAL_SERVER_ERROR (status code 500) as argument. Refer to the javadoc of javax.servlet.http.HttpServletResponse for more details on the various HTTP status codes. </text> + <text /> + <text>Example to return a HTTP error:</text> + <text> // Example to return a HTTP error code + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd == null) { + // messages is a resource bundle with all message keys and values + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + messages.getMessage(ErrorKeys.ERROR_USERNAME_INVALID)); + } +</text> + <text /> + <text>As a last resort, Servlets can throw an exception, which must be a subclass of one of the following classes:</text> + <text>- RuntimeException</text> + <text>- ServletException</text> + <text>- IOException</text> + <text /> + <text>[2-b] JSP Error Mechanism</text> + <text>JSP pages provide a mechanism to handle runtime exceptions by defining an errorPage directive as shown in the following example:</text> + <text /> + <text> <%@ page errorPage="/errors/userValidation.jsp" %> +</text> + <text /> + <text>Uncaught JSP exceptions are forwarded to the specified errorPage, and the original exception is set in a request parameter called javax.servlet.jsp.jspException. The error page must include a isErrorPage directive as shown below:</text> + <text /> + <text> <%@ page isErrorPage="true" %> +</text> + <text /> + <text>The isErrorPage directive causes the "exception" variable to be initialized to the exception object being thrown.</text> + <text /> + <text>[3] Rendering Errors</text> + <text>The J2SE Internationalization APIs provide utility classes for externalizing application resources and formatting messages including:</text> + <text /> + <text>(a) Resource Bundles</text> + <text>(b) Message Formatting</text> + <text /> + <text>[3-a] Resource Bundles</text> + <text>Resource bundles support internationalization by separating localized data from the source code that uses it. Each resource bundle stores a map of key/value pairs for a specific locale.</text> + <text /> + <text>It is common to use or extend java.util.PropertyResourceBundle, which stores the content in an external properties file as shown in the following example:</text> + <text /> + <text> ################################################ + # ErrorMessages.properties + ################################################ + # required user name error message + error.username.required=User name field is required + + # invalid user name format + error.username.alphanumeric=User name must be alphanumeric + + # duplicate user name error message + error.username.duplicate=User name {0} already exists, please choose another one + + ... +</text> + <text /> + <text>Multiple resources can be defined to support different locales (hence the name resource bundle). For example, ErrorMessages_fr.properties can be defined to support the French member of the bundle family. If the resource member of the requested locale does not exist, the default member is used. In the above example, the default resource is ErrorMessages.properties. Depending on the user's locale, the application (JSP or Servlet) retrieves content from the appropriate resource.</text> + <text /> + <text>[3-b] Message Formatting</text> + <text>The J2SE standard class java.util.MessageFormat provides a generic way to create messages with replacement placeholders. A MessageFormat object contains a pattern string with embedded format specifiers as shown below:</text> + <text /> + <text> // Example to show how to format a message using placeholder parameters + String pattern = "User name {0} already exists, please choose another one"; + String userName = request.getParameter("user_name"); + Object[] args = new Object[1]; + args[0] = userName; + String message = MessageFormat.format(pattern, args); +</text> + <text /> + <text>Here is a more comprehensive example to render error messages using ResourceBundle and MessageFormat:</text> + <text /> + <text> // Example to render an error message from a localized ErrorMessages resource (properties file) + // Utility class to retrieve locale-specific error messages + public Class ErrorMessageResource { + + // Returns the error message for the specified error key in the environment locale + public String getErrorMessage(String errorKey) { + return getErrorMessage(errorKey, defaultLocale); + } + + // Returns the error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Locale locale) { + return getErrorMessage(errorKey, null, locale); + } + + // Returns a formatted error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Object[] args, Locale locale) { + // Get localized ErrorMessageResource + ResourceBundle errorMessageResource = ResourceBundle.getBundle("ErrorMessages", locale); + // Get localized error message + String errorMessage = errorMessageResource.getString(errorKey); + if (args != null) { + // Format the message using the specified placeholders args + return MessageFormat.format(errorMessage, args); + } else { + return errorMessage; + } + } + + // default environment locale + private Locale defaultLocale = Locale.getDefaultLocale(); + } + ... + // Get the user's locale + Locale userLocale = request.getLocale(); + // Check if there were any validation errors + Errors errors = (Errors)request.getAttribute("errors"); + if (errors != null && errors.hasErrors()) { + // iterate through errors and output error messages corresponding to the "user_name" property + ArrayList userNameErrors = errors.getErrors("user_name"); + ListIterator iterator = userNameErrors.iterator(); + while (iterator.hasNext()) { + // Get the next error object + Error error = (Error)iterator.next(); + String errorMessage = ErrorMessageResource.getErrorMessage(error.getKey(), userLocale); + output.write(errorMessage + "\r\n"); + } + } +</text> + <text /> + <text>It is recommended to define a custom JSP tag, e.g. displayErrors, to iterate through and render error messages as shown in the above example.</text> + <text /> + <text>[4] Error Mapping</text> + <text>Normally, the Servlet Container will return a default error page corresponding to either the response status code or the exception. A mapping between the status code or the exception and a web resource may be specified using custom error pages. It is a good practice to develop static error pages that do not disclose internal error states (by default, most Servlet containers will report internal error messages). This mapping is configured in the Web Deployment Descriptor (web.xml) as specified in the following example:</text> + <text /> + <text> <!-- Mapping of HTTP error codes and application exceptions to error pages --> + <error-page> + <exception-type>UserValidationException</exception-type> + <location>/errors/validationError.html</error-page> + </error-page> + <error-page> + <error-code>500</exception-type> + <location>/errors/internalError.html</error-page> + </error-page> + <error-page> + ... + </error-page> + ... +</text> + <text /> + <text /> + <text>RECOMMENDED JAVA TOOLS</text> + <text>The two main Java frameworks for server-side validation are:</text> + <text>[1] Jakarta Commons Validator (integrated with Struts 1.1)</text> + <text>The Jakarta Commons Validator is a Java framework that defines the error handling mechanism as described above. Validation rules are configured in an XML file that defines input validation rules for form fields and the corresponding validation error keys. Struts provides internationalization support to build localized applications using resource bundles and message formatting.</text> + <text /> + <text>Example to validate the userName field of a loginForm using Struts Validator:</text> + <text> <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> +</text> + <text /> + <text>The Struts JSP tag library defines the "errors" tag that conditionally displays a set of accumulated error messages as shown in the following example:</text> + <text /> + <text> <%@ page language="java" %> + <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> + <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> + <html:html> + <head> + <body> + <html:form action="/logon.do"> + <table border="0" width="100%"> + <tr> + <th align="right"> + <html:errors property="username"/> + <bean:message key="prompt.username"/> + </th> + <td align="left"> + <html:text property="username" size="16"/> + </td> + </tr> + <tr> + <td align="right"> + <html:submit><bean:message key="button.submit"/></html:submit> + </td> + <td align="right"> + <html:reset><bean:message key="button.reset"/></html:reset> + </td> + </tr> + </table> + </html:form> + </body> + </html:html> +</text> + <text /> + <text>[2] JavaServer Faces Technology</text> + <text>JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events, validate input, and support internationalization.</text> + <text /> + <text>The JavaServer Faces API defines the "output_errors" UIOutput Renderer, which displays error messages for an entire page or error messages associated with a specified client identifier.</text> + <text /> + <text>Example to validate the userName field of a loginForm using JavaServer Faces:</text> + <text> <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> +</text> + <text /> + <text>REFERENCES</text> + <text>Java API 1.3 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html</link> + <text>Java API 1.4 - </text> + <link target="https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html">https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html</link> + <text>Java Servlet API 2.3 - </text> + <link target="https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api">https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api</link> + <text>Java Regular Expression Package - </text> + <link target="http://jakarta.apache.org/regexp/">http://jakarta.apache.org/regexp/</link> + <text>Jakarta Validator - </text> + <link target="http://jakarta.apache.org/commons/validator/">http://jakarta.apache.org/commons/validator/</link> + <text>JavaServer Faces Technology - </text> + <link target="http://www.javaserverfaces.org/">http://www.javaserverfaces.org/</link> + <text>** Input Data Validation:</text> + <text /> + <text>While data validations may be provided as a user convenience on the client-tier, data validation must always be performed on the server-tier. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript.</text> + <text /> + <text>A good design usually requires the web application framework to provide server-side utility routines to validate the following:</text> + <text>[1] Required field</text> + <text>[2] Field data type (all HTTP request parameters are Strings by default)</text> + <text>[3] Field length</text> + <text>[4] Field range</text> + <text>[5] Field options</text> + <text>[6] Field pattern</text> + <text>[7] Cookie values</text> + <text>[8] HTTP Response</text> + <text /> + <text>A good practice is to implement a function or functions that validates each application parameter. The following sections describe some example checking.</text> + <text /> + <text>[1] Required field</text> + <text>Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces.</text> + <text /> + <text>Example of how to validate required fields:</text> + <text /> + <text> // PHP example to validate required fields + function validateRequired($input) { + ... + $pass = false; + if (strlen(trim($input))>0){ + $pass = true; + } + return $pass; + ... + } + ... + if (validateRequired($fieldName)) { + // fieldName is valid, continue processing request + ... + } +</text> + <text /> + <text /> + <text>[2] Field data type</text> + <text>In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type.</text> + <text /> + <text>[3] Field length</text> + <text>Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length.</text> + <text /> + <text>[4] Field range</text> + <text>Always ensure that the input parameter is within a range as defined by the functional requirements.</text> + <text /> + <text>[5] Field options</text> + <text>Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements.</text> + <text /> + <text>[6] Field pattern</text> + <text>Always check that user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression:</text> + <text>^[a-zA-Z0-9]+$</text> + <text /> + <text>[7] Cookie value</text> + <text>The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc.</text> + <text /> + <text>[8] HTTP Response</text> + <text /> + <text>[8-1] Filter user input</text> + <text>To guard the application against cross-site scripting, the developer should sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters:</text> + <text>< > " ' % ; ) ( & +</text> + <text /> + <text>PHP includes some automatic sanitization utility functions, such as htmlentities():</text> + <text /> + <text> $input = htmlentities($input, ENT_QUOTES, 'UTF-8'); +</text> + <text /> + <text>In addition, in order to avoid UTF-7 variants of Cross-site Scripting, you should explicitly define the Content-Type header of the response, for example:</text> + <text /> + <text> <?php + + header('Content-Type: text/html; charset=UTF-8'); + + ?> +</text> + <text /> + <text>[8-2] Secure the cookie</text> + <text /> + <text>When storing sensitive data in a cookie and transporting it over SSL, make sure that you first set the secure flag of the cookie in the HTTP response. This will instruct the browser to only use that cookie over SSL connections.</text> + <text /> + <text>You can use the following code example, for securing the cookie:</text> + <text /> + <text> <$php + + $value = "some_value"; + $time = time()+3600; + $path = "/application/"; + $domain = ".example.com"; + $secure = 1; + + setcookie("CookieName", $value, $time, $path, $domain, $secure, TRUE); + ?> + +</text> + <text /> + <text>In addition, we recommend that you use the HttpOnly flag. When the HttpOnly flag is set to TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).</text> + <text /> + <text>The HttpOnly flag was Added in PHP 5.2.0.</text> + <text /> + <text>REFERENCES</text> + <text /> + <text>[1] Mitigating Cross-site Scripting With HTTP-only Cookies: </text> + <link target="http://msdn2.microsoft.com/en-us/library/ms533046.aspx">http://msdn2.microsoft.com/en-us/library/ms533046.aspx</link> + <text>[2] PHP Security Consortium: </text> + <link target="http://phpsec.org/">http://phpsec.org/</link> + <text>[3] PHP & Web Application Security Blog (Chris Shiflett): </text> + <link target="http://shiflett.org/">http://shiflett.org/</link> + </fixRecommendation> + </general> + </item> + <item id="GD_EmailAddress"> + <general> + <fixRecommendation type="General"> + <text>Remove any e-mail addresses from the website so that they won't be exploited by malicious users.</text> + </fixRecommendation> + </general> + </item> + <item id="attSensitiveInHtmlComments"> + <general> + <fixRecommendation type="General"> + <text>Remove client-side comments that could reveal internal information for development time. Consider processing files before deployment to automatically remove all comments. This allows comments to be visible to internal developers but not to external users.</text> + <text>Do not leave any sensitive information, such as filenames, file paths, passwords, or SQL queries, in HTML or JavaScript comments.</text> + <text>Remove traces of previous (or future) site links in the production site comments.</text> + </fixRecommendation> + </general> + </item> + <item id="attReferrerPolicyHeaderExist"> + <general> + <fixRecommendation type="General"> + <text>Configure your server to send the "Referrer Policy" header.</text> + <text>It is recommended to configure Referrer Policy header with secure values for its directives as below:</text> + <text>"strict-origin-when-cross-origin" offers more privacy. With this policy, only the origin is sent in the Referer header of cross-origin requests.</text> + <text /> + <text>For Google Chrome, see: </text> + <link target="https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default">https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default</link> + <text>For Firefox , see: </text> + <link target="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy.">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy.</link> + </fixRecommendation> + </general> + </item> + <item id="GD_PathDisclosure"> + <general> + <fixRecommendation type="General"> + <text>There are several mitigation techniques:</text> + <text>[1] In case the vulnerability is in the application itself, fix the server code so it doesn’t include file locations in any output.</text> + <text>[2] Otherwise, if the application is in a 3rd party product, download the relevant security patch depending on the 3rd party product you are using on your web server or web application.</text> + </fixRecommendation> + </general> + </item> + </fix-recommendation-group> + <threat-class-group> + <item id="catSQLInjection" href="http://projects.webappsec.org/SQL-Injection">SQL Injection</item> + <item id="catIntegerOverflow" href="http://projects.webappsec.org/Integer-Overflows">Integer Overflows</item> + <item id="catURLRedirectoryAbuse" href="http://projects.webappsec.org/URL-Redirector-Abuse">URL Redirector Abuse</item> + <item id="catCrossSiteScripting" href="http://projects.webappsec.org/Cross-Site+Scripting">Cross-site Scripting</item> + <item id="catServerMisconfiguration" href="http://projects.webappsec.org/Server-Misconfiguration">Server Misconfiguration</item> + <item id="catCrossSiteRequestForgery" href="http://projects.webappsec.org/Cross-Site-Request-Forgery">Cross-site Request Forgery</item> + <item id="catPredictableResourceLocation" href="http://projects.webappsec.org/Predictable-Resource-Location">Predictable Resource Location</item> + <item id="catAbuseOfFunctionality" href="http://projects.webappsec.org/Abuse-of-Functionality">Abuse of Functionality</item> + <item id="catBruteForce" href="http://projects.webappsec.org/Brute-Force">Brute Force</item> + <item id="catContentSpoofing" href="http://projects.webappsec.org/Content-Spoofing">Content Spoofing</item> + <item id="catInformationLeakage" href="http://projects.webappsec.org/Information-Leakage">Information Leakage</item> + <item id="catSessionFixation" href="http://projects.webappsec.org/Session-Fixation">Session Fixation</item> + </threat-class-group> + <url-group> + <item id="775863246"> + <name>https://demo.testfire.net/bank/ccApply</name> + <issue-type>attBlindSqlInjectionStrings</issue-type> + <issues-count informational="1" low="1" medium="1" critical="1" total="4" /> + <max-severity>6</max-severity> + </item> + <item id="651044833"> + <name>https://demo.testfire.net/bank/showTransactions</name> + <issue-type>attSqlInjectionChecks</issue-type> + <issues-count informational="2" low="1" medium="4" critical="2" total="9" /> + <max-severity>6</max-severity> + </item> + <item id="1948842127"> + <name>https://demo.testfire.net/doLogin</name> + <issue-type>attSqlInjectionChecks</issue-type> + <issues-count medium="5" critical="2" total="7" /> + <max-severity>6</max-severity> + </item> + <item id="1271360813"> + <name>https://demo.testfire.net/bank/doTransfer</name> + <issue-type>attIntegerOverflow</issue-type> + <issues-count informational="3" low="2" medium="1" high="1" total="7" /> + <max-severity>3</max-severity> + </item> + <item id="-629986450"> + <name>https://demo.testfire.net/bank/showAccount</name> + <issue-type>attIntegerOverflow</issue-type> + <issues-count informational="2" low="3" high="1" total="6" /> + <max-severity>3</max-severity> + </item> + <item id="1339814455"> + <name>https://demo.testfire.net/bank/customize.jsp</name> + <issue-type>attRedirectInURL</issue-type> + <issues-count low="3" medium="3" high="3" total="9" /> + <max-severity>3</max-severity> + </item> + <item id="-1996295944"> + <name>https://demo.testfire.net/bank/queryxpath.jsp</name> + <issue-type>attCrossSiteScripting</issue-type> + <issues-count low="3" medium="3" high="1" total="7" /> + <max-severity>3</max-severity> + </item> + <item id="-536121314"> + <name>https://demo.testfire.net/index.jsp</name> + <issue-type>attCrossSiteScripting</issue-type> + <issues-count low="3" medium="2" high="1" total="6" /> + <max-severity>3</max-severity> + </item> + <item id="1165086597"> + <name>https://demo.testfire.net/search.jsp</name> + <issue-type>attCrossSiteScripting</issue-type> + <issues-count low="2" medium="2" high="1" total="5" /> + <max-severity>3</max-severity> + </item> + <item id="1592530293"> + <name>https://demo.testfire.net/sendFeedback</name> + <issue-type>attCrossSiteScripting</issue-type> + <issues-count medium="3" high="2" total="5" /> + <max-severity>3</max-severity> + </item> + <item id="1134871332"> + <name>https://demo.testfire.net/util/serverStatusCheckService.jsp</name> + <issue-type>attCrossSiteScripting</issue-type> + <issues-count low="2" medium="2" high="1" total="5" /> + <max-severity>3</max-severity> + </item> + <item id="1792737604"> + <name>https://demo.testfire.net/</name> + <issue-type>attSameSiteCookie</issue-type> + <issues-count informational="1" low="6" medium="4" total="11" /> + <max-severity>2</max-severity> + </item> + <item id="-154706909"> + <name>https://demo.testfire.net/admin/admin.jsp</name> + <issue-type>attCrossSiteRequestForgery</issue-type> + <issues-count informational="2" low="3" medium="1" total="6" /> + <max-severity>2</max-severity> + </item> + <item id="-1929661216"> + <name>https://demo.testfire.net/admin/</name> + <issue-type>DirectAccesstoAdministrationPages</issue-type> + <issues-count medium="1" total="1" /> + <max-severity>2</max-severity> + </item> + <item id="-299437858"> + <name>https://demo.testfire.net/login.jsp</name> + <issue-type>OldTLS</issue-type> + <issues-count informational="1" low="3" medium="2" total="6" /> + <max-severity>2</max-severity> + </item> + <item id="812105649"> + <name>https://demo.testfire.net/bank/apply.jsp</name> + <issue-type>GD_autocompleteInForm</issue-type> + <issues-count low="2" total="2" /> + <max-severity>1</max-severity> + </item> + <item id="1469354828"> + <name>https://demo.testfire.net/bank/main.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="2" total="2" /> + <max-severity>1</max-severity> + </item> + <item id="-1261426540"> + <name>https://demo.testfire.net/bank/transaction.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="1" total="1" /> + <max-severity>1</max-severity> + </item> + <item id="325438362"> + <name>https://demo.testfire.net/bank/transfer.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="2" total="2" /> + <max-severity>1</max-severity> + </item> + <item id="-38179879"> + <name>https://demo.testfire.net/feedback.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count informational="1" low="1" total="2" /> + <max-severity>1</max-severity> + </item> + <item id="1761041858"> + <name>https://demo.testfire.net/status_check.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="1" total="1" /> + <max-severity>1</max-severity> + </item> + <item id="2028812105"> + <name>https://demo.testfire.net/subscribe.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="1" total="1" /> + <max-severity>1</max-severity> + </item> + <item id="-959239324"> + <name>https://demo.testfire.net/survey_questions.jsp</name> + <issue-type>attCachedSSL</issue-type> + <issues-count low="3" total="3" /> + <max-severity>1</max-severity> + </item> + <item id="-2065932717"> + <name>https://demo.testfire.net/swagger/properties.json</name> + <issue-type>attCachedSSL</issue-type> + <issues-count informational="1" low="1" total="2" /> + <max-severity>1</max-severity> + </item> + <item id="345404385"> + <name>https://demo.testfire.net/doSubscribe</name> + <issue-type>GD_EmailAddress</issue-type> + <issues-count informational="1" total="1" /> + <max-severity>0</max-severity> + </item> + <item id="-1112684816"> + <name>https://demo.testfire.net/swagger/swagger-ui-bundle.js</name> + <issue-type>GD_EmailAddress</issue-type> + <issues-count informational="1" total="1" /> + <max-severity>0</max-severity> + </item> + <item id="-1625474485"> + <name>https://demo.testfire.net/swagger/swagger-ui-standalone-preset.js</name> + <issue-type>GD_EmailAddress</issue-type> + <issues-count informational="1" total="1" /> + <max-severity>0</max-severity> + </item> + </url-group> + <entity-group> + <item id="7089695691196187648"> + <name>demo.testfire.net</name> + <url-name>https://demo.testfire.net/login.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-3539107900041520384"> + <name>login.jsp</name> + <url-name>https://demo.testfire.net/login.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="2309187148794231040"> + <name>index.jsp</name> + <url-name>https://demo.testfire.net/index.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="7372740714070585856"> + <name>JSESSIONID</name> + <url-name>https://demo.testfire.net/</url-name> + <entity-type>Cookie</entity-type> + </item> + <item id="1010167929559218944"> + <name>feedback.jsp</name> + <url-name>https://demo.testfire.net/feedback.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-5939543974179105024"> + <name>properties.json</name> + <url-name>https://demo.testfire.net/swagger/properties.json</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-3517474992796452096"> + <name>queryxpath.jsp</name> + <url-name>https://demo.testfire.net/bank/queryxpath.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="2822766115314697472"> + <name>transaction.jsp</name> + <url-name>https://demo.testfire.net/bank/transaction.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="1834802225548946688"> + <name>apply.jsp</name> + <url-name>https://demo.testfire.net/bank/apply.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="3855082450745769216"> + <name>customize.jsp</name> + <url-name>https://demo.testfire.net/bank/customize.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="4927821206135434240"> + <name>main.jsp</name> + <url-name>https://demo.testfire.net/bank/main.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-2166482836966180864"> + <name>transfer.jsp</name> + <url-name>https://demo.testfire.net/bank/transfer.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="4232534407132182784"> + <name>showTransactions</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-3873382253807372032"> + <name>search.jsp</name> + <url-name>https://demo.testfire.net/search.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-4873707097942489088"> + <name>showAccount</name> + <url-name>https://demo.testfire.net/bank/showAccount</url-name> + <entity-type>Page</entity-type> + </item> + <item id="6449140091464153600"> + <name>subscribe.jsp</name> + <url-name>https://demo.testfire.net/subscribe.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-1452623662241870080"> + <name>showTransactions</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Global</entity-type> + </item> + <item id="6473554968846338816"> + <name>status_check.jsp</name> + <url-name>https://demo.testfire.net/status_check.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="7463535076884699136"> + <name>sendFeedback</name> + <url-name>https://demo.testfire.net/sendFeedback</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-3961925784633657600"> + <name>doTransfer</name> + <url-name>https://demo.testfire.net/bank/doTransfer</url-name> + <entity-type>Page</entity-type> + </item> + <item id="4989988208601256960"> + <name>doSubscribe</name> + <url-name>https://demo.testfire.net/doSubscribe</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-8100816465074548224"> + <name>serverStatusCheckService.jsp</name> + <url-name>https://demo.testfire.net/util/serverStatusCheckService.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-2761707092542850560"> + <name>swagger-ui-standalone-preset.js</name> + <url-name>https://demo.testfire.net/swagger/swagger-ui-standalone-preset.js</url-name> + <entity-type>Page</entity-type> + </item> + <item id="4214307616682893568"> + <name>startDate</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="4035308366481687552"> + <name>swagger-ui-bundle.js</name> + <url-name>https://demo.testfire.net/swagger/swagger-ui-bundle.js</url-name> + <entity-type>Page</entity-type> + </item> + <item id="8787226202325719296"> + <name>query</name> + <url-name>https://demo.testfire.net/search.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-13292272741911040"> + <name>ccApply</name> + <url-name>https://demo.testfire.net/bank/ccApply</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-2605020402746782464"> + <name>survey_questions.jsp</name> + <url-name>https://demo.testfire.net/survey_questions.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-4831459913268758016"> + <name>HostName</name> + <url-name>https://demo.testfire.net/util/serverStatusCheckService.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-6284830949157645056"> + <name>endDate</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-2105342084864231680"> + <name>content</name> + <url-name>https://demo.testfire.net/index.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-4784596934833808640"> + <name>name</name> + <url-name>https://demo.testfire.net/sendFeedback</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-4344886403399488000"> + <name>listAccounts</name> + <url-name>https://demo.testfire.net/bank/showAccount</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="6856104062088173056"> + <name>transferAmount</name> + <url-name>https://demo.testfire.net/bank/doTransfer</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-6983105739602322944"> + <name>email_addr</name> + <url-name>https://demo.testfire.net/sendFeedback</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="4395093134614225152"> + <name>startDate</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Global</entity-type> + </item> + <item id="-2578790552666065408"> + <name>endDate</name> + <url-name>https://demo.testfire.net/bank/showTransactions</url-name> + <entity-type>Global</entity-type> + </item> + <item id="4751107591038376192"> + <name>toAccount</name> + <url-name>https://demo.testfire.net/bank/doTransfer</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-2094775300248269312"> + <name>passwd</name> + <url-name>https://demo.testfire.net/bank/ccApply</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-8616786764826749184"> + <name>admin.jsp</name> + <url-name>https://demo.testfire.net/admin/</url-name> + <entity-type>Page</entity-type> + </item> + <item id="5415789320716974080"> + <name>step</name> + <url-name>https://demo.testfire.net/survey_questions.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-228016076698823936"> + <name>transfer</name> + <url-name>https://demo.testfire.net/bank/doTransfer</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="2495632636453037824"> + <name>job</name> + <url-name>https://demo.testfire.net/index.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-7168640119326840064"> + <name>lang</name> + <url-name>https://demo.testfire.net/bank/customize.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="4795255983614942464"> + <name>To modify account information do not connect to SQL source directly. Make all changes</name> + <url-name>https://demo.testfire.net/bank/showAccount</url-name> + <entity-type>Page</entity-type> + </item> + <item id="559640856319848448"> + <name>txtEmail</name> + <url-name>https://demo.testfire.net/survey_questions.jsp</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-9201148799232170496"> + <name>To get the latest admin login, please contact SiteOps at 415-555-6159</name> + <url-name>https://demo.testfire.net/login.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="997280275077376256"> + <name>doLogin</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Page</entity-type> + </item> + <item id="-1062602607834918144"> + <name>AltoroAccounts</name> + <url-name>https://demo.testfire.net/</url-name> + <entity-type>Cookie</entity-type> + </item> + <item id="6419376628788214784"> + <name>uid</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="7017457843490478080"> + <name>uid</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Global</entity-type> + </item> + <item id="7553320665850814720"> + <name>passw</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Parameter</entity-type> + </item> + <item id="-2879177742401463040"> + <name>passw</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Global</entity-type> + </item> + <item id="-8192025389945628672"> + <name>doLogin</name> + <url-name>https://demo.testfire.net/doLogin</url-name> + <entity-type>Global</entity-type> + </item> + <item id="3665851486236943616"> + <name>Be careful what you change. All changes are made directly to AltoroJ database.</name> + <url-name>https://demo.testfire.net/admin/admin.jsp</url-name> + <entity-type>Page</entity-type> + </item> + <item id="2537967696232628224"> + <name>action="changePassword"</name> + <url-name>https://demo.testfire.net/admin/admin.jsp</url-name> + <entity-type>Page</entity-type> + </item> + </entity-group> + <issue-group total="113"> + <item id="4817056231027443712" id-v2="-8937896718345817344"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>200</cwe> + <issue-type> + <ref>attUnnecessaryResponseHeaders</ref> + </issue-type> + <remediation> + <ref>fix_MA_attInformationLeakage</ref> + </remediation> + <advisory> + <ref>attUnnecessaryResponseHeaders</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>-299437858</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>insecureWebAppConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="1"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>1</variant-id> + <issue-tip>Inspect the test response headers, to verify if it exposes sensitive information, which may help attackers in planning further attacks.</issue-tip> + <issue-tips> + <issue-tip>Inspect the test response headers, to verify if it exposes sensitive information, which may help attackers in planning further attacks.</issue-tip> + </issue-tips> + <variantID>1</variantID> + <testResponseChunk>... + +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8 +Content-Length: 0 + + +HTTP/1.1 200 OK +--begin_highlight_tag--Server--end_highlight_tag--: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:01:47 GMT + + + + + + + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3527">The response contains unnecessary headers, which may help attackers in planning further attacks.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /login.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8 +Content-Length: 0 + + +HTTP/1.1 200 OK +--begin_highlight_tag--Server--end_highlight_tag--: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:16:07 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="4402203607203598336" id-v2="-7861571020548500736"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>311</cwe> + <issue-type> + <ref>attHttpsToHttp</ref> + </issue-type> + <remediation> + <ref>fix_52721</ref> + </remediation> + <advisory> + <ref>attHttpsToHttp</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>1792737604</ref> + </url> + <security-risks> + <ref>sensitiveNotOverSSL</ref> + </security-risks> + <cause-id> + <ref>sensitiveDataNotSSL</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="12"> + <issue-information> + <template>RendOrigTestResp_Template</template> + <variant-id>12</variant-id> + <issue-tip>Compare the test response with the original response, and make sure that they are the same, even though the test response did not use HTTPS.</issue-tip> + <issue-tips> + <issue-tip>Compare the test response with the original response, and make sure that they are the same, even though the test response did not use HTTPS.</issue-tip> + </issue-tips> + <variantID>12</variantID> + <originalResponseImageValue>Images/12_2.jpg</originalResponseImageValue> + <testResponseImageValue>Images/12_1.jpg</testResponseImageValue> + <originalResponseChunk /> + <testResponseChunk /> + </issue-information> + <comments /> + <reasoning id="3210">The test response is very similar to the original response. This indicates that the the resource was successfully accessed using HTTP instead of HTTPS.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences> + <item altered="http" original="https" difference-type="changed" difference-element="scheme" /> + <item altered="80" original="443" difference-type="changed" difference-element="port" /> + <item altered="demo.testfire.net:80" original="demo.testfire.net" name="Host" difference-type="changed" difference-element="header" /> + </differences> + <iast-info /> + <test-http-traffic>GET / HTTP/1.1 +Host: --begin_mark_tag--demo.testfire.net:80--end_mark_tag-- +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: none +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:18 GMT +Set-Cookie: JSESSIONID=4869F050B8D631EF652E1E073F3CBF2C; Path=/; HttpOnly + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "--begin_mark_tag--http--end_mark_tag--://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="Ca +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="-4922263171817193216" id-v2="7766105197396905216"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>200</cwe> + <issue-type> + <ref>ContentTypeOptions</ref> + </issue-type> + <remediation> + <ref>fix_61767</ref> + </remediation> + <advisory> + <ref>ContentTypeOptions</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>1792737604</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <cause-id> + <ref>insecureWebAppConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="13"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>13</variant-id> + <issue-tip>Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value</issue-tip> + <issue-tips> + <issue-tip>Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value</issue-tip> + </issue-tips> + <variantID>13</variantID> + <testResponseChunk>... + +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: none +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:20 GMT +Set-Cookie: JSESSIONID=6E9208129C77FD658F688F6A07E27501; Path=/; Secure; HttpOnly + +--begin_highlight_tag----end_highlight_tag-- + + + + + + + + + + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3430">AppScan detected that the "X-Content-Type-Options" response header is missing or has an insecure value, which increases exposure to drive-by download attacks</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET / HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: none +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:20 GMT +Set-Cookie: JSESSIONID=6E9208129C77FD658F688F6A07E27501; Path=/; Secure; HttpOnly + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subh +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="3214224542828837120" id-v2="-8732287359059888896"> + <severity>medium</severity> + <severity-id>2</severity-id> + <cvss-score>5.3</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>327</cwe> + <issue-type> + <ref>OldTLS</ref> + </issue-type> + <remediation> + <ref>fix_61030</ref> + </remediation> + <advisory> + <ref>OldTLS</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>-299437858</ref> + </url> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <cause-id> + <ref>insecureWebServerConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="3"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>3</variant-id> + <issue-tip>Manually connect to the server, specifying TLS version 1.0 or 1.1, and verify that the connection was successful</issue-tip> + <issue-tips> + <issue-tip>Manually connect to the server, specifying TLS version 1.0 or 1.1, and verify that the connection was successful</issue-tip> + </issue-tips> + <variantID>3</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Date: Thu, 02 Nov 2023 09:00:33 GMT +Content-Length: 8519 + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3447">AppScan discovered that the server supports an older TLS version (either TLSv1.0 or TLSv1.1)</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /login.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=3ACA6BE6E0307851EB7E08C4128D7298 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Date: Thu, 02 Nov 2023 09:25:21 GMT +Content-Length: 8519 + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subheader" href="index.jsp?content=insi +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="8855262540970660864" id-v2="-7823638085273590784"> + <severity>medium</severity> + <severity-id>2</severity-id> + <cvss-score>5.3</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>327</cwe> + <issue-type> + <ref>SHA1CipherSuites</ref> + </issue-type> + <remediation> + <ref>fix_61754</ref> + </remediation> + <advisory> + <ref>SHA1CipherSuites</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>-299437858</ref> + </url> + <security-risks> + <ref>userImpersonation</ref> + </security-risks> + <cause-id> + <ref>insecureWebServerConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="6"> + <issue-information> + <template>CipherSuites_Template</template> + <variant-id>6</variant-id> + <issue-tip>Verify that the site uses the cryptographically weak cipher suites listed here.</issue-tip> + <issue-tips> + <issue-tip>Verify that the site uses the cryptographically weak cipher suites listed here.</issue-tip> + </issue-tips> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <CipherSuites> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.0</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.1</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>51</Id> + <Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>57</Id> + <Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49171</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + <CipherSuite> + <Id>49172</Id> + <Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name> + <SslVersion>TLS 1.2</SslVersion> + </CipherSuite> + </CipherSuites> + <variantID>6</variantID> + </issue-information> + <comments /> + <reasoning id="3358">AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here.</reasoning> + <additional-data><CipherSuites><CipherSuite><Id>51</Id><Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.0</SslVersion></CipherSuite><CipherSuite><Id>57</Id><Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.0</SslVersion></CipherSuite><CipherSuite><Id>49171</Id><Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.0</SslVersion></CipherSuite><CipherSuite><Id>49172</Id><Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.0</SslVersion></CipherSuite><CipherSuite><Id>51</Id><Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.1</SslVersion></CipherSuite><CipherSuite><Id>57</Id><Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.1</SslVersion></CipherSuite><CipherSuite><Id>49171</Id><Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.1</SslVersion></CipherSuite><CipherSuite><Id>49172</Id><Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.1</SslVersion></CipherSuite><CipherSuite><Id>51</Id><Name>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.2</SslVersion></CipherSuite><CipherSuite><Id>57</Id><Name>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.2</SslVersion></CipherSuite><CipherSuite><Id>49171</Id><Name>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Name><SslVersion>TLS 1.2</SslVersion></CipherSuite><CipherSuite><Id>49172</Id><Name>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Name><SslVersion>TLS 1.2</SslVersion></CipherSuite></CipherSuites></additional-data> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /login.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=3ACA6BE6E0307851EB7E08C4128D7298 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Date: Thu, 02 Nov 2023 09:25:21 GMT +Content-Length: 8519 + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subheader" href="index.jsp?content=insi +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="-4267717693997616128" id-v2="-4057357914707973632"> + <severity>informational</severity> + <severity-id>0</severity-id> + <cvss-score>0.0</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>200</cwe> + <issue-type> + <ref>attReferrerPolicyHeaderExist</ref> + </issue-type> + <remediation> + <ref>fix_61771</ref> + </remediation> + <advisory> + <ref>attReferrerPolicyHeaderExist</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="HEAD"> + <ref>1792737604</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <cause-id> + <ref>insecureWebAppConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="17"> + <comments /> + <reasoning id="3530">AppScan detected that the Referrer Policy Response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>This request/response contains binary content, which is not included in generated reports.</test-http-traffic> + </item> + </variant-group> + </item> + <item id="8310705748913625600" id-v2="8541228502175636480"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>-3539107900041520384</ref> + </entity> + <url original_request_method="GET"> + <ref>-299437858</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="19"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>19</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>19</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:50 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /login.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:16:07 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subheader" href="index.jsp?content=in +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="8063836920509851904" id-v2="-3985381215337334784"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>200</cwe> + <issue-type> + <ref>HSTS</ref> + </issue-type> + <remediation> + <ref>fix_61750</ref> + </remediation> + <advisory> + <ref>HSTS</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>7089695691196187648</ref> + </entity> + <url original_request_method="GET"> + <ref>1792737604</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + <ref>phishing</ref> + </security-risks> + <cause-id> + <ref>insecureWebAppConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="14"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>14</variant-id> + <issue-tip>Open the test response, and look for the HTTP Strict-Transport-Security header. It is either missing or with insufficient "max-age"</issue-tip> + <issue-tips> + <issue-tip>Open the test response, and look for the HTTP Strict-Transport-Security header. It is either missing or with insufficient "max-age"</issue-tip> + </issue-tips> + <variantID>14</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:20 GMT +Set-Cookie: JSESSIONID=6E9208129C77FD658F688F6A07E27501; Path=/; Secure; HttpOnly + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3403">AppScan detected that the HTTP Strict-Transport-Security response header is missing or with insufficient "max-age"</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET / HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: none +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:20 GMT +Set-Cookie: JSESSIONID=6E9208129C77FD658F688F6A07E27501; Path=/; Secure; HttpOnly + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">I +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="-1392238194277092608" id-v2="5590681010321058560"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>522</cwe> + <issue-type> + <ref>GD_autocompleteInForm</ref> + </issue-type> + <remediation> + <ref>fix_61640</ref> + </remediation> + <advisory> + <ref>GD_autocompleteInForm</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>-3539107900041520384</ref> + </entity> + <url original_request_method="GET"> + <ref>-299437858</ref> + </url> + <security-risks> + <ref>authBypass</ref> + </security-risks> + <cause-id> + <ref>insecureWebAppConfiguration</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="22"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>22</variant-id> + <issue-tip>Verify that the password field of the form either is missing the autocomplete attribute or that the autocomplete attribute is set to "on".</issue-tip> + <issue-tips> + <issue-tip>Verify that the password field of the form either is missing the autocomplete attribute or that the autocomplete attribute is set to "on".</issue-tip> + </issue-tips> + <variantID>22</variantID> + <testResponseChunk>... + + </td> + <td> + </td> + </tr> + <tr> + <td> + Password: + </td> + <td> + --begin_highlight_tag--<input type="password" id="passw" name="passw" style="width: 150px;">--end_highlight_tag-- + </td> + </tr> + <tr> + <td></td> + <td> + <input type="submit" name="btnSubmit" value="Login"> + </td> + </tr> + </table> + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3302">AppScan has found that a password field does not enforce the disabling of the autocomplete feature.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /login.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/ +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:16:07 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.j +... +... +... + + <td> + Password: + </td> + <td> + --begin_highlight_tag--<input type="password" id="passw" name="passw" style="width: 150px;">--end_highlight_tag-- + </td> + </tr> + <tr> + <td></td> +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="6027976286845670912" id-v2="-1474745306123455232"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>2309187148794231040</ref> + </entity> + <url original_request_method="GET"> + <ref>-536121314</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="15"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>15</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>15</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:21 GMT + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /index.jsp HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: https://demo.testfire.net/logout.jsp +Host: demo.testfire.net +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:21 GMT + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink13" href="index.jsp?conten +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="7983147879895373824" id-v2="-1735976782401668864"> + <severity>medium</severity> + <severity-id>2</severity-id> + <cvss-score>4.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>1275</cwe> + <issue-type> + <ref>attSameSiteCookie</ref> + </issue-type> + <remediation> + <ref>fix_61797</ref> + </remediation> + <advisory> + <ref>attSameSiteCookie</ref> + </advisory> + <threat-class> + <ref>catServerMisconfiguration</ref> + </threat-class> + <entity> + <ref>7372740714070585856</ref> + </entity> + <url original_request_method="GET"> + <ref>1792737604</ref> + </url> + <security-risks> + <ref>risk_attSameSiteCookie</ref> + </security-risks> + <cause-id> + <ref>cause_attSameSiteCookie</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="9"> + <issue-information> + <template>RawOrigResp_Template</template> + <variant-id>9</variant-id> + <issue-tip>View the Set-Cookie header, and verify that the SameSite attribute is set to either 'Lax' or 'Strict' to ensure that the cookie is restricted to first-party or same-site context.</issue-tip> + <issue-tips> + <issue-tip>View the Set-Cookie header, and verify that the SameSite attribute is set to either 'Lax' or 'Strict' to ensure that the cookie is restricted to first-party or same-site context.</issue-tip> + </issue-tips> + <variantID>9</variantID> + <testResponseChunk>... + +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:19 GMT +--begin_highlight_tag--Set-Cookie: JSESSIONID=992EEE657118C508CE46528D92B33F19; Path=/; Secure; HttpOnly--end_highlight_tag-- + + + + + + + + + + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3528">The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead to Cookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additional protections in place.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET / HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: none +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Accept-Language: en-US +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:19 GMT +--begin_highlight_tag--Set-Cookie: JSESSIONID=992EEE657118C508CE46528D92B33F19; Path=/; Secure; HttpOnly--end_highlight_tag-- + + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/login.jsp"><font style="font-weight: bold; color: red;">Sign In</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink3" class="subh +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="5038612902394148864" id-v2="-4190384546636583680"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>1010167929559218944</ref> + </entity> + <url original_request_method="GET"> + <ref>-38179879</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="26"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>26</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>26</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:53 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /feedback.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/index.jsp?content=inside_contact.htm +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:13:54 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> + <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> + <li><a id="MenuHyperLink11" href="index.jsp?content=business_ +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="2088265890053804032" id-v2="1639607924908779520"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>-5939543974179105024</ref> + </entity> + <url original_request_method="GET"> + <ref>-2065932717</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="143"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>143</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>143</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Accept-Ranges: bytes +ETag: W/"9400-1553517609517" +Last-Modified: Mon, 25 Mar 2019 12:40:09 GMT +Content-Type: application/json +Content-Length: 9400 +Date: Thu, 02 Nov 2023 09:04:58 GMT + +{ + "basePath": "/api", + "paths": { + "/login": { + "get": { + "tags": [ + "1. Login" + ], + "summary": "Check if any user is logged in", + "description": "If a user is loggedin the username will be returned", + "operationId": "checkLogin", +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /swagger/properties.json HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +Accept: application/json,*/* +sec-ch-ua-mobile: ?0 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +sec-ch-ua-platform: "Windows" +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: https://demo.testfire.net/swagger/index.html +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Accept-Ranges: bytes +ETag: W/"9400-1553517609517" +Last-Modified: Mon, 25 Mar 2019 12:40:09 GMT +Content-Type: application/json +Content-Length: 9400 +Date: Thu, 02 Nov 2023 09:16:00 GMT + +{ + "basePath": "/api", + "paths": { + "/login": { + "get": { + "tags": [ + "1. Login" + ], + "summary": "Check if any user is logged in", + "description": "If a user is loggedin the username will be returned", + "operationId": "checkLogin", + "produces": [ + "application/json" + ], + "parameters": [ + { + "name": "Authorization", + "in": "header", + "required": true, + "description": "Authorization token (provided upon successful login)", + "type": "string" + } + ], + "responses": { + "401": { + "description": "Logged out" + }, + "200": { + "description": "Logged in" + } + } + }, + "post": { + "tags": [ + "1. Login" + ], + "summary": "Login method", + "description": "After a successful login a token is returned. This is a Bearer token. To authenticate with it use the Authorization header and set value to Bearer empty space and the token value.", + "operationId": "login", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "description": "Username and password combination to allow users to log-in", + "required": true, + "schema": { + "$ref": "#/definitions/login" + } + } + ], + "responses": { + "200": { + "description": "Success message when login is complete" + }, + "400": { + "description": "Bad parameters: Please check provided values" + }, + "500": { + "description": "Internal server error: Please see error message or logs for details" + } + } + } + }, + "/account": { + "get": { + "tags": [ + "2. Account" + ], + "operationId": "getAccount", + "produces": [ + "application/json" + ], + "description": "Returns a list of all the accounts owned by the user", + "parameters": [ + { + "name": "Authorization", + "in": "header", + "required": true, + "description": "Authorization token (provided upon successful login)", + "type": "string" + } + ], + "responses": { + "200": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized request" + }, + "500": { + "description": "Internal server error" + } + } + } + }, + "/account/{accountNo}": { + "get": { + "tags": [ + "2. Account" + ], + "operationId": "getAccountBalance", + "produces": [ + "application/json" + ], + "description": "Returns details about a specific account", + "parameters": [ + { + "name": "Authorization", + "in": "header", + "required": true, + "description": "Authorization token (provided upon successful login)", + "type": "string" + }, + { + "name": "accountNo", + "in": "path", + "required": true, + "description": "Account id", + "type": "string" + } + ], + "responses": { + "200": { + "description": "Successful operation" + }, + "401": { + "description": "Unauthorized request" + }, + "500": { + "description": "Internal server error" + } + } + } + }, + "/account/{accountNo}/transactions": { + "get": { + "tags": [ + "2. Account" + ], + "operationId": "showLastTenTransactions", + "description": "Returns the last 10 transactions attached to an account", + "produces": [ + "application/json" + ], + "parameters": [ + { + "name": "Authorization", + "in": "header", + "required": true, + "description": "Authorization token (provided upon successful login)", + "type": "string" + }, + { + "name": "accountNo", + "in": "path", + "required": true, + "description": "Account id", + "type": "string" + } + ], + "responses": { + "200": { + "description": "Suc +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="-6741875111884696832" id-v2="3619546670498382592"> + <severity>medium</severity> + <severity-id>2</severity-id> + <cvss-score>5.3</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>644</cwe> + <issue-type> + <ref>attHostHeaderInjection</ref> + </issue-type> + <remediation> + <ref>fix_61481</ref> + </remediation> + <advisory> + <ref>attHostHeaderInjection</ref> + </advisory> + <threat-class> + <ref>catAbuseOfFunctionality</ref> + </threat-class> + <entity> + <ref>-3517474992796452096</ref> + </entity> + <url original_request_method="GET"> + <ref>-1996295944</ref> + </url> + <security-risks> + <ref>cachePoisoning</ref> + <ref>phishing</ref> + </security-risks> + <cause-id> + <ref>redirectionFromWithinSite</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="30"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>30</variant-id> + <issue-tip>N/A</issue-tip> + <issue-tips> + <issue-tip>N/A</issue-tip> + </issue-tips> + <variantID>30</variantID> + <testResponseChunk>... + + <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> + </ul> + + </td> +<!-- MEMBER TOC END --> + <td valign="top" colspan="3" class="bb"> + + <div class="fl" style="width: 99%;"> + <h1>Search News Articles</h1> + --begin_highlight_tag--<form id="QueryXpath" method="get" action="https://appscanheaderinjection.com--end_highlight_tag--/bank/queryxpath.jsp"> + Search our news articles database + <br /><br /> + <input type="hidden" id=content" name="content" value="queryxpath.jsp"/> + <input type="text" id="query" name="query" width=450 value="Enter title (e.g. Watchfire)"/> + <input type="submit" width=75 id="Button1" value="Query"> + <br /><br /> + + + </form> + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3536">The value AppScan injected seems to be included in the response.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences> + <item altered="appscanheaderinjection.com" original="demo.testfire.net" name="Host" difference-type="changed" difference-element="header" /> + </differences> + <iast-info /> + <test-http-traffic>GET /bank/queryxpath.jsp HTTP/1.1 +Host: --begin_mark_tag--appscanheaderinjection.com--end_mark_tag-- +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/bank/transaction.jsp +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 5607 +Date: Thu, 02 Nov 2023 09:02:54 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + <!-- MEMBER TOC BEGIN --> + + + + + +<table cellspacing="0" width="100%"> + + + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + <b>I WANT TO ...</b> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="/bank/main.jsp">View Account Summary</a></li> + <li><a id="MenuHyperLink2" href="/bank/transaction.jsp">View Recent Transactions</a></li> + <li><a id="MenuHyperLink3" href="/bank/transfer.jsp">Transfer Funds</a></li> + <!-- <li><a id="MenuHyperLink3" href="/bank/stocks.jsp">Trade Stocks</a></li>--> + + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> + <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> + </ul> + + </td> +<!-- MEMBER TOC END --> + <td valign="top" colspan="3" class="bb"> + + <div class="fl" style="width: 99%;"> + <h1>Search News Articles</h1> + --begin_highlight_tag--<form id="QueryXpath" method="get" action="https://appscanheaderinjection.com--end_highlight_tag--/bank/queryxpath.jsp"> + Search our news articles database + <br /><br /> + <input type="hidden" id=content" name="content" value="queryxpath.jsp"/> + <input type="text" id="query" name="query" width=450 value="Enter title (e.g. Watchfire)"/> + <input type="submit" width=75 id="Button1" value="Query"> + <br /><br /> + + + </form> + </div> + </td> +</div> + + + +<!-- BEGIN FOOTER --> + + +</ +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="1848862540169527296" id-v2="-4823402215344196096"> + <severity>informational</severity> + <severity-id>0</severity-id> + <cvss-score>0.0</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>200</cwe> + <issue-type> + <ref>GD_PathDisclosure</ref> + </issue-type> + <remediation> + <ref>fix_60510</ref> + </remediation> + <advisory> + <ref>GD_PathDisclosure</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>1010167929559218944</ref> + </entity> + <url original_request_method="GET"> + <ref>-38179879</ref> + </url> + <security-risks> + <ref>pathDisclosure</ref> + </security-risks> + <cause-id> + <ref>missingPatchesForThirdPartyProds</ref> + <ref>errorMessagesReturned</ref> + <ref>debugInfoInHtmlSource</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="34"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>34</variant-id> + <issue-tip>Verify that absolute paths to files on the server appear in the response.</issue-tip> + <issue-tips> + <issue-tip>Verify that absolute paths to files on the server appear in the response.</issue-tip> + </issue-tips> + <variantID>34</variantID> + <testResponseChunk>... + + <p>Our Frequently Asked Questions area will help you with many of your inquiries.<br /> + If you can't find your question, return to this page and use the e-mail form below.</p> + + <p><b>IMPORTANT!</b> This feedback facility is not secure. Please do not send any <br /> + account information in a message sent from here.</p> + + <form name="cmt" method="post" action="sendFeedback"> + + <!--- Dave- Hard code this into the final script - Possible security problem. + Re-generated every Tuesday and old files are saved to .bak format at--begin_highlight_tag-- L:\--end_highlight_tag--backup\website\oldfiles ---> + <input type="hidden" name="cfile" value="comments.txt"> + + <table border=0> + <tr> + <td align=right>To:</td> + <td valign=top><b>Online Banking</b> </td> + </tr> + <tr> + <td align=right>Your Name:</td> + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3048">The response contains the absolute paths and/or filenames of files on the server.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /feedback.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/index.jsp?content=inside_contact.htm +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:13:54 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + + +<!-- TOC BEGIN --> + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + + <a id="CatLink1" class="subheader" href="index.jsp?content=personal.htm">PERSONAL</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="index.jsp?content=personal_deposit.htm">Deposit Product</a></li> + <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> + <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> + <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Investments &amp; Insurance</a></li> + <li><a id="MenuHyperLink6" href="index.jsp?content=personal_other.htm">Other Services</a></li> + </ul> + + <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> + <ul class="sidebar"> + <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> + +... +... +... + + + <form name="cmt" method="post" action="sendFeedback"> + + <!--- Dave- Hard code this into the final script - Possible security problem. + Re-generated every Tuesday and old files are saved to .bak format at--begin_highlight_tag-- L:\--end_highlight_tag--backup\website\oldfiles ---> + <input type="hidden" name="cfile" value="comments.txt"> + + <table border=0> + <tr> +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="4361256704605503744" id-v2="-4381261870390529792"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>-3517474992796452096</ref> + </entity> + <url original_request_method="GET"> + <ref>-1996295944</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="37"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>37</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>37</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 5598 +Date: Thu, 02 Nov 2023 09:02:55 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /bank/queryxpath.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/bank/transaction.jsp +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 5598 +Date: Thu, 02 Nov 2023 09:02:55 GMT + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + <!-- MEMBER TOC BEGIN --> + + + + + +<table cellspacing="0" width="100%"> + + + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + <b>I WANT TO ...</b> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="/bank/main.jsp">View Account Summary</a></li> + <li><a id="MenuHyperLink2" href="/bank/transaction.jsp">View Recent Transactions</a></li> + <li><a id="MenuHyperLink3" href="/bank/transfer.jsp">Transfer Funds</a></li> + <!-- <li><a id="MenuHyperLink3" href="/bank/stocks.jsp">Trade Stocks</a></li>--> + + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> + <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> + </ul> + + </td> +<!-- MEMBER TOC END --> + <td valign="top" colspan="3" class="bb"> + + <div class="fl" style="width: 99%;"> + <h1>Search News Articles</h1> + <form id="QueryXpath" method="get" action="https://demo.testfire.net/bank/queryxpath.jsp"> + Search our news articles database + <br /><br /> + <input type="hidden" id=content" name="content" value="queryxpath.jsp"/> + <input type="text" id="query" name="query" width=450 value="Enter title (e.g. Watchfire)"/> + <input type="submit" width=75 id="Button1" value="Query"> + <br /><br /> + + + </form> + </div> + </td> +</div> + + + +<!-- BEGIN FOOTER --> + + +</tr> +</table> +<div id="footer" style="width: 99%;"> + <a id="HyperLink5" href="/index.jsp?co +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="5589970947926074368" id-v2="6313051952010436864"> + <severity>low</severity> + <severity-id>1</severity-id> + <cvss-score>3.7</cvss-score> + <cvss-vector> + <vector>AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>525</cwe> + <issue-type> + <ref>attCachedSSL</ref> + </issue-type> + <remediation> + <ref>fix_60210</ref> + </remediation> + <advisory> + <ref>attCachedSSL</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>2822766115314697472</ref> + </entity> + <url original_request_method="GET"> + <ref>-1261426540</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>SensitiveCache</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="40"> + <issue-information> + <template>RawTestResp_Template</template> + <variant-id>40</variant-id> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + <issue-tips> + <issue-tip>Examine the response, and verify that it doesn't contain both cache control headers or meta tags ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").</issue-tip> + </issue-tips> + <variantID>40</variantID> + <testResponseChunk>HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:55 GMT + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > +...</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3204">The application has responded with a response that indicates the page should be cached, but cache controls aren't set (you can set "Cache-Control: no-store" or "Cache-Control: no-cache" or "Pragma: no-cache" to prevent caching).</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /bank/transaction.jsp HTTP/1.1 +Host: demo.testfire.net +Connection: keep-alive +sec-ch-ua: "Not)A;Brand";v="24", "Chromium";v="116" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "Windows" +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: https://demo.testfire.net/bank/main.jsp +Accept-Language: en-US +Cookie: JSESSIONID=6354734A2B825ABCB2DC812C04629BE8; AltoroAccounts=ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8 +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:02:55 GMT + + + + + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + <!-- MEMBER TOC BEGIN --> + + + + + +<table cellspacing="0" width="100%"> + + + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + <b>I WANT TO ...</b> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="/bank/main.jsp">View Account Summary</a></li> + <li><a id="MenuHyperLink2" href="/bank/transaction.jsp">View Recent Transactions</a></li> + <li><a id="MenuHyperLink3" href="/bank/transfer.jsp">Transfer Funds</a></li> + <!-- <li><a id="MenuHyperLink3" href="/bank/stocks.jsp">Trade Stocks</a></li>--> + + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> + <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> + </ul> + + </td> +<!-- MEMBER TOC END --> + <td valign="top" colspan="3" class="bb"> + + + + + <div class="fl" style="width: 99%;"> + + + + <h1>Recent Transactions</h1> + + <script type="text/javascript"> + function confirminput(myform) { + + if (myform.startDate.value != ""){ + var valid = false; + var splitStrings = myform.startDate.value.split("-"); + if (splitStrings.length == 3) { + var year = parseInt(splitStrings[0]); + var month = parseInt((splitStrings[1].charAt(0)==0 && splitStrings[1].length == 2)?splitStrings[1].charAt(1):splitStrings[1]); + var day = parseInt((splitStrings[2].charAt(0)==0 && splitStrings[2].length == 2)?splitStrings[2].charAt(1):splitStrings[2]); + + var va +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + <item id="-3019653408243740928" id-v2="696389365463240704"> + <severity>informational</severity> + <severity-id>0</severity-id> + <cvss-score>0.0</cvss-score> + <cvss-vector> + <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X</vector> + </cvss-vector> + <cwe>615</cwe> + <issue-type> + <ref>attSensitiveInHtmlComments</ref> + </issue-type> + <remediation> + <ref>fix_50750</ref> + </remediation> + <advisory> + <ref>attSensitiveInHtmlComments</ref> + </advisory> + <threat-class> + <ref>catInformationLeakage</ref> + </threat-class> + <entity> + <ref>2537967696232628224</ref> + </entity> + <url original_request_method="GET"> + <ref>-154706909</ref> + </url> + <security-risks> + <ref>sensitiveInformation</ref> + </security-risks> + <cause-id> + <ref>debugInfoInHtmlSource</ref> + </cause-id> + <user-image-group /> + <variant-group> + <item id="2876"> + <issue-information> + <template>RawOrigResp_Template</template> + <variant-id>2876</variant-id> + <issue-tip>Examine the HTML comments for sensitive information.</issue-tip> + <issue-tips> + <issue-tip>Examine the HTML comments for sensitive information.</issue-tip> + </issue-tips> + <variantID>2876</variantID> + <testResponseChunk>... + + <option Value="Checking">Checking</option> + <option Value="Savings" Selected>Savings</option> + <option Value="IRA">IRA</option> + </Select></td> + <td></td> + <td><input type="submit" value="Add Account"></td> + </tr> + </form> + + <!-- action="change--begin_highlight_tag--Password--end_highlight_tag--" --> + <form id="changePass" name="changePass" action="" method="post" onsubmit="return confirmpass(this);"> + <tr> + <td colspan="4"><h2><br><br>Change user's password</h2></td> + </tr> + <tr> + <th> + Users: + </th> + <th> + +... + +</testResponseChunk> + </issue-information> + <comments /> + <reasoning id="3252">AppScan discovered HTML comments containing what appears to be sensitive information.</reasoning> + <additional-data /> + <cwe /> + <image-comment /> + <differences /> + <iast-info /> + <test-http-traffic>GET /admin/admin.jsp HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: https://demo.testfire.net/index.jsp?content=personal_other.htm +Host: demo.testfire.net +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Cookie: JSESSIONID=3D7E6256EC7DF679DA0F61CC8A0F1205; AltoroAccounts="ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjguMjkxMjcyMDg1NTE3OTNFMjB8NDUzOTA4MjAzOTM5NjI4OH5DcmVkaXQgQ2FyZH4tMS45OTk1NDM0MDEyNzg3MTIzMkUxOHw=" +Content-Length: 0 + + +HTTP/1.1 200 OK +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Thu, 02 Nov 2023 09:25:06 GMT + + + + + + + +<!-- BEGIN HEADER --> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > + + + +<head> + <title>Altoro Mutual</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link href="/style.css" rel="stylesheet" type="text/css" /> +</head> +<body style="margin-top:5px;"> + +<div id="header" style="margin-bottom:5px; width: 99%;"> + <form id="frmSearch" method="get" action="/search.jsp"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td rowspan="2"><a id="HyperLink1" href="/index.jsp"><img src="/images/logo.gif" width=283 height=80/></a></td> + <td align="right" valign="top"> + <a id="LoginLink" href="/logout.jsp"><font style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> | <label for="txtSearch">Search</label> + <input type="text" name="query" id="query" accesskey="S" /> + <input type="submit" value="Go" /> + </td> + </tr> + <tr> + <td align="right" style="background-image:url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="/images/header_pic.jpg" alt="" width=354 height=60/></td> + </tr> + </table> + </form> +</div> + +<table cellspacing="0" width="100%"> + <tr> + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink" href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header2"><a id="LinkHeader2" class="focus" href="/index.jsp?content=personal.htm" >PERSONAL</a></div></td> + <td width="25%" class="cc bt br bb"><div id="Header3"><a id="LinkHeader3" class="focus" href="/index.jsp?content=business.htm" >SMALL BUSINESS</a></div></td> + <td width="25%" class="cc bt bb"><div id="Header4"><a id="LinkHeader4" class="focus" href="/index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a></div></td> + </tr> + <tr> + + <!-- END HEADER --> + + +<div id="wrapper" style="width: 99%;"> + <!-- MEMBER TOC BEGIN --> + + + + + +<table cellspacing="0" width="100%"> + + + <td valign="top" class="cc br bb"> + <br style="line-height: 10px;"/> + <b>I WANT TO ...</b> + <ul class="sidebar"> + <li><a id="MenuHyperLink1" href="/bank/main.jsp">View Account Summary</a></li> + <li><a id="MenuHyperLink2" href="/bank/transaction.jsp">View Recent Transactions</a></li> + <li><a id="MenuHyperLink3" href="/bank/transfer.jsp">Transfer Funds</a></li> + <!-- <li><a id="MenuHyperLink3" href="/bank/stocks.jsp">Trade Stocks</a></li>--> + + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> + <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> + </ul> + + </td> +<!-- MEMBER TOC END --> + <td valign="top" colspan="3" class="bb"> + + + + <script language="javascript"> + + function confirmpass(myform) + { + if (myform.password1.value.length && (myform.password1.value==myform.password2.value)) + { + return true; + } + else + { + myform.password1.value=""; + myform.password2.value=""; + myform.password1.focus(); + alert ("Passwords do not match"); + return false; + } + + } + </script> + + <!-- Be careful what you change. All changes are made directly to AltoroJ database. --> + <div class="fl" style="width: 99%;"> + <p><span style="color:#FF0066;font-size:12pt;font-weight:bold;"> + + </s +... +... +... + + <td><input type="submit" value="Add Account"></td> + </tr> + </form> + + <!-- action="change--begin_highlight_tag--Password--end_highlight_tag--" --> + <form id="changePass" name="changePass" action="" method="post" onsubmit="return confirmpass(this);"> + <tr> + <td colspan="4"><h2><br><br>Change user's password</h2></td> + </tr> +... +... +... +</test-http-traffic> + </item> + </variant-group> + </item> + </issue-group> + <cause-group> + <item id="Cause_0">Sanitation of hazardous characters was not performed correctly on user input</item> + <item id="Cause_1">Sanitization of hazardous characters was not performed correctly on user input.</item> + <item id="Cause_2">Dynamically generating queries that include unvalidated user input can lead to SQL injection attacks. An attacker can insert SQL commands or modifiers in the user input that can cause the query to behave in an unsafe manner.</item> + <item id="Cause_3">Without sufficient validation and encapsulation of user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands.</item> + <item id="Cause_4">SQL payloads can enter the system through any untrusted data, including user input, data previously stored in the database, files, 3rd party APIs, and more.</item> + <item id="Cause_5">An Integer Overflow (or wraparound) occurs when a value that is too large is stored (larger than the maximum value the variable can hold) in an integer data type (including byte, short, long, and other types). The most significant bits of the integer are lost, and the remaining value is relative to the minimum value (either 0 or very negative value for signed types).</item> + <item id="Cause_6">The web application redirects users to an external site based on untrusted data.</item> + <item id="Cause_7">In particular, the submitted request was found to include a URL as a parameter. The web application uses this value to redirect the user's browser to the specified URL.</item> + <item id="Cause_8">An attacker can modify this URL value to an arbitrary address. The attacker would then cause the victim to submit the altered request, thus being redirected to a site of the attacker's choosing.</item> + <item id="Cause_9">Cross-site scripting (XSS) vulnerabilities arise when an attacker sends malicious code to the victim's browser, mostly using JavaScript. A vulnerable web application might embed untrusted data in the output, without filtering or encoding it. In this way, an attacker can inject a malicious script to the application, and the script will be returned in the response. This will then run on the victim's browser.</item> + <item id="Cause_10">In particular, sanitization of hazardous characters was not performed correctly on user input or untrusted data.</item> + <item id="Cause_11">In reflected attacks, an attacker tricks an end user into sending request containing malicious code to a vulnerable Web server, which then reflects the attack back to the end user's browser.</item> + <item id="Cause_12">The server receives the malicious data directly from the HTTP request and reflects it back in the HTTP response. The most common method of sending malicious content is adding it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs that contain the malicious script constitute the core of many phishing schemes, whereby the convinced victim visits a URL that refers to a vulnerable site. The site then reflects the malicious content back to the victim, and then the content is executed by the victim's browser.</item> + <item id="Cause_13">Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute</item> + <item id="Cause_14">This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally.</item> + <item id="Cause_15">An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. When this request is sent from an authenticated victim's browser, it will include the victim's session cookie or authentication header. The application will accept this as a valid request from an authenticated user. </item> + <item id="Cause_16">When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, an attacker may be able to trick a client into making an unintentional request from a different site, which will be treated as an authentic request by the application. This can be done by submitting a form, loading an image, sending an XMLHttpRequest in JavaScript, and more.</item> + <item id="Cause_17">For example, this IMG tag can be embedded in an attacker's webpage, and the victim's browser will submit a request to retrieve the image. This valid request will be processed by the application, and the browser will not display a broken image. `<img src="https://myapp.com/transfer?acct=VICTIM&amount=10000" width=0 height=0 border=0>`. As a result, money is transferred from the victim's account to the attacker, using the victim’s session.</item> + <item id="Cause_18">The web server or application server are configured in an insecure way</item> + <item id="Cause_19">Lack of input validation and sanitization</item> + <item id="Cause_20">Insecure web application programming or configuration</item> + <item id="Cause_21">The web application sends non-secure cookies over SSL</item> + <item id="Cause_22">Sensitive information might have been cached by your browser</item> + <item id="Cause_23">The application does not use a secure channel, such as TLS/SSL, to exchange sensitive information.</item> + <item id="Cause_24">An attacker with access to the network traffic can eavesdrop on packets over the connection. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels.</item> + <item id="Cause_25">The web application sets session cookies without the HttpOnly attribute</item> + <item id="Cause_26">Query parameters were passed over SSL, and may contain sensitive information</item> + <item id="Cause_27">Proper bounds checking were not performed on incoming parameter values</item> + <item id="Cause_28">No validation was done in order to make sure that user input matches the data type expected</item> + <item id="Cause_29">Many web application programmers use HTML comments to help debug the application when needed. While adding general comments is very useful, some programmers tend to leave important data in client-side comments, such as filenames related to the web application, links which were not meant to be browsed by users, old code fragments including passwords, etc.</item> + <item id="Cause_30">Comments such as BUG, FIXME, and TODO may be an indication of missing security functionality and checking. Others indicate code problems that you should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues. Comments in HTML and JavaScript are usually easily viewable by end users.</item> + <item id="Cause_31">Latest patches or hotfixes for 3rd. party products were not installed</item> + </cause-group> + <security-risk-group maxIssuesByRisk="38"> + <item id="databaseManipulations">It is possible to view, modify or delete database entries and tables</item> + <item id="debugErrorInformation">It is possible to gather sensitive debugging information</item> + <item id="phishing">It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</item> + <item id="userImpersonation">It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</item> + <item id="risk_attSameSiteCookie">Prevent cookie information leakage by restricting cookies to first-party or same-site context, Attacks can extend to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).</item> + <item id="CSRF_risk">It may be possible to force an end-user to execute unwanted actions on a web application in which they're currently authenticated.</item> + <item id="privilegeEscalation">It might be possible to escalate user privileges and gain administrative permissions over the web application</item> + <item id="cachePoisoning">It is possible to deface the site content through web-cache poisoning</item> + <item id="siteDefacement">It is possible to upload, modify or delete web pages, scripts and files on the web server</item> + <item id="unsecureCookieInSSL">It may be possible to steal user and session information (cookies) that was sent during an encrypted session</item> + <item id="authBypass">It may be possible to bypass the web application's authentication mechanism</item> + <item id="sensitiveInformation">It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</item> + <item id="sensitiveNotOverSSL">It may be possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted</item> + <item id="pathDisclosure">It is possible to retrieve the absolute path of the web server installation, which might help an attacker to develop further attacks and to gain information about the file system structure of the web application</item> + </security-risk-group> + <advisory-group> + <item id="attBlindSqlInjectionStrings"> + <advisory> + <id>attBlindSqlInjectionStrings</id> + <name>Blind SQL Injection</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>SQL Injection</name> + <reference>http://projects.webappsec.org/SQL-Injection</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_0</cause> + </causes> + <securityRisks> + <text>It is possible to view, modify or delete database entries and tables</text> + <text>The software constructs all or part of an SQL command using externally-influenced input, but fails to neutralize elements that could modify the SQL command when it is sent to the database.</text> + <text /> + <text>Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands.</text> + <text /> + <text>For example, let's say we have an HTML page with a login form, which eventually runs the following SQL query on the database using the user input:</text> + <text> SELECT * FROM accounts WHERE username='$user' AND password='$pass' +</text> + <text>The two variables, $user and $pass, contain the user credentials entered by the user in the login form.</text> + <text>If the user has input "jsmith" as the username, and "Demo1234" as the password, the SQL query will look like this:</text> + <text> SELECT * FROM accounts WHERE username='jsmith' AND password='Demo1234' +</text> + <text>But if the user input "'" (a single apostrophe) as the username, and "'" (a single apostrophe) as the password, the SQL query will look like this:</text> + <text> SELECT * FROM accounts WHERE username=''' AND password=''' +</text> + <text>This, of course, is a malformed SQL query, and will invoke an error message, which may be returned in the HTTP response.</text> + <text>An error such as this informs the attacker that an SQL Injection has succeeded, which will lead the attacker to attempt further attack vectors.</text> + <text /> + <text>Blind SQL Injection is similar of SQL Injection. The difference lies in the fact that to leverage it, the attacker does not need to look for SQL errors in the response. Therefore, the method AppScan uses to identify it is also different.</text> + <text>Instead of attempting to invoke an SQL error, AppScan locates scripts that are susceptible to SQL injection, by manipulating the logic of the application through multiple requests.</text> + <text /> + <text>The technique calls for sending requests whose vulnerable parameter (the parameter that gets embedded in the SQL query) is modified so that the response indicates whether the data is used in SQL query context or not. The modification involves the use of an AND Boolean expression with the original string, which evaluates once as True and once as False. In one case, the net result should be identical to the original result (a successful login), and in the other case, the result should be significantly different (a failed login). An OR expression which evaluates as True may also be useful for some rare cases.</text> + <text /> + <text>If the original data is numeric, a simpler trick can be played. Let's consider original data 123. This can be replaced with 0+123 in one request, and with 456+123 in another. The result of the first request should be identical to the original result, whereas the result of the second request should be different (as the number is evaluated as 579). For some cases, we still need a version of the attack described above (using AND and OR), but without escaping from string context.</text> + <text /> + <text>The concept behind Blind SQL Injection is that it is possible, even without receiving direct data from the database (in the form of an error message, or leaked information), to extract data from the database, one bit at a time, or to modify the query in a malicious way. The idea is that the application's behavior (returning responses that are identical or different to the original response) can provide a single bit of information about the evaluated (modified) query, meaning, it's possible for the attacker to formulate an SQL Boolean expression whose evaluation (single bit) is compromised in the form of the application behavior (identical/un-identical to the original behavior).</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/89.html" id="CWE-89">89</link> + </cwe> + <xfid /> + <references> + <link target="http://www.cgisecurity.com/lib/webappdis.doc">"Web Application Disassembly with ODBC Error Messages" (By David Litchfield)</link> + <link target="http://shh.thathost.com/text/binary-search-sql-injection.txt">"Using Binary Search with SQL Injection" (By Sverre H. Huseby)</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attBlindSqlInjectionStrings</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attSqlInjectionChecks"> + <advisory> + <id>Injection.SQL</id> + <name>SQL Injection</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>SQL Injection</name> + <reference>http://projects.webappsec.org/SQL-Injection</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_1</cause> + <cause>Cause_2</cause> + <cause>Cause_3</cause> + <cause>Cause_4</cause> + </causes> + <securityRisks> + <text>Potential consequences include the loss of:</text> + <text>Confidentiality - Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities.</text> + <text>Authentication - If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password.</text> + <text>Authorization - If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL injection vulnerability.</text> + <text>Integrity - Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/89.html" id="CWE-89">89</link> + </cwe> + <xfid /> + <references> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">OWASP - SQL Injection Prevention Cheat Sheet</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attSqlInjectionChecks</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attIntegerOverflow"> + <advisory> + <id>IntegerOverflow</id> + <name>Integer Overflow</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Integer Overflows</name> + <reference>http://projects.webappsec.org/Integer-Overflows</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_5</cause> + </causes> + <securityRisks> + <text>When an integer overflow occurs, the interpreted value will appear to have 'wrapped around' past the maximum value and reset back to the minimum value.</text> + <text>The value can unexpectedly become zero or negative. This can have security implications if the value is used to control looping, manage resources (such as memory allocation), or make business logic decisions.</text> + <text>For example, an integer overflow can give money to the customer in addition to their purchases, when the transaction is completed.</text> + <text>In particular, if a mathematical operation results in a number larger than the maximum possible for the integer type, the value wraps around and the variable is set to zero, or negative.</text> + <text>i=UINT_MAX+1; // Maximum value for a variable of type unsigned int - 4294967295 (0xffffffff). The result is: i=0</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/190.html" id="CWE-190">190</link> + </cwe> + <xfid /> + <references> + <link target="https://docs.microsoft.com/en-us/cpp/safeint/safeint-library?view=msvc-160">SafeInt Library</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attIntegerOverflow</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attRedirectInURL"> + <advisory> + <id>UnvalidatedRedirect</id> + <name>Phishing Through URL Redirection</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>URL Redirector Abuse</name> + <reference>http://projects.webappsec.org/URL-Redirector-Abuse</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample> + <text>The following example shows a URL redirection to untrusted site.</text> + <text>The redir parameter is used to redirect the user to a different page automatically.</text> + <code>[REQUEST] +GET /MyPage.php?redir=/AnotherPage.php HTTP/1.1 +</code> + <br /> + <code>[RESPONSE] +</code> + <br /> + <text>An attacker might trick the GET parameter used to redirect the user to an external site</text> + <code>[REQUEST] +GET /MyPage.php?redir=https://www.malware.com HTTP/1.1 +</code> + <br /> + <code>[RESPONSE] +</code> + <br /> + </exploitExample> + <causes> + <cause>Cause_6</cause> + <cause>Cause_7</cause> + <cause>Cause_8</cause> + </causes> + <securityRisks> + <text>This vulnerability can allow an attacker to take advantage of the trust the user holds for the application, causing them to trust an arbitrary site under control of the attacker as well. This would often be leveraged through the use of phishing techniques.</text> + <text>Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or "fishing" for information.</text> + <text>An attacker may successfully launch a phishing scam and steal user credentials or other sensitive information such as credit card number, social security number, and more.</text> + <text>It can also be possible to redirect the user to install malware that could infect the user's computer.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/601.html" id="CWE-601">601</link> + </cwe> + <xfid /> + <references> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">Unvalidated Redirects and Forwards Cheat Sheet</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attRedirectInURL</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attCrossSiteScripting"> + <advisory> + <id>CrossSiteScripting.Reflected</id> + <name>Reflected Cross Site Scripting</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Cross-site Scripting</name> + <reference>http://projects.webappsec.org/Cross-Site+Scripting</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample> + <text>The following example shows a script that returns a parameter value in the response.</text> + <text>The parameter value is sent to the script using a GET request, and then returned in the response embedded in the HTML.</text> + <code>[REQUEST] +GET /index.aspx?name=JSmith HTTP/1.1 +</code> + <br /> + <code>[RESPONSE] +HTTP/1.1 200 OK +Server: SomeServer +Date: Sun, 01 Jan 2002 00:31:19 GMT +Content-Type: text/html +Accept-Ranges: bytes +Content-Length: 27 + +<HTML> +Hello JSmith +</HTML> +</code> + <br /> + <text>An attacker might leverage the attack like this. In this case, the JavaScript code will be executed by the browser.</text> + <code>[REQUEST] +GET /index.aspx?name=>"'><script>alert('XSS')</script> HTTP/1.1 +</code> + <br /> + <code>[RESPONSE] +HTTP/1.1 200 OK +Server: SomeServer +Date: Sun, 01 Jan 2002 00:31:19 GMT +Content-Type: text/html +Accept-Ranges: bytes +Content-Length: 83 + +<HTML> +Hello >"'><script>alert('XSS')</script> +</HTML> +</code> + <br /> + </exploitExample> + <causes> + <cause>Cause_9</cause> + <cause>Cause_10</cause> + <cause>Cause_11</cause> + <cause>Cause_12</cause> + </causes> + <securityRisks> + <text>XSS attacks can expose the user's session cookie, allowing the attacker to hijack the user's session and gain access to the user's account, which could lead to impersonation of users.</text> + <text>An attacker could modify and view the users' records and perform transactions as those users. The attacker may be able to perform privileged operations on behalf of the user, or gain access to any sensitive data belonging to the user. This would be especially dangerous if the user has administrator permissions.</text> + <text>The attacker could even run a malicious script on the victim's browser which would redirect the user to other pages or sites, modify content presentation, or even make it possible to run malicious software or a crypto miner.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/79.html" id="CWE-79">79</link> + </cwe> + <xfid /> + <references> + <link target="https://owasp.org/www-community/attacks/xss/">Cross-site Scripting (XSS)</link> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">OWASP XSS Cheat Sheet</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attCrossSiteScripting</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attSameSiteCookie"> + <advisory> + <id>attSameSiteCookie</id> + <name>Cookie with Insecure or Improper or Missing SameSite attribute</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Server Misconfiguration</name> + <reference>http://projects.webappsec.org/Server-Misconfiguration</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_13</cause> + </causes> + <securityRisks> + <text>Prevent Cookie information leakage by restricting cookies to first-party or same-site context</text> + <text>Attacks can extend to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).</text> + <text>The SameSite attribute controls how cookies are sent for cross-domain requests.</text> + <text /> + <text>The attribute may have three values: 'Lax', 'Strict', or 'None'. If 'None' is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request.</text> + <text /> + <text>This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).</text> + <text /> + <text>Modes and their uses:</text> + <text>'Lax' mode: the cookie will only be sent with a top-level get request.</text> + <text>'Strict' mode; the cookie will not be sent with any cross-site usage even if the user follows a link to another website.</text> + <text>'None' mode: the cookie will be sent with the cross-site requests.</text> + <text /> + <text>The attribute having: 'Lax' or 'None' must have 'Secure' Flag set and must be transferred over https.</text> + <text>Example - Set-Cookie: key=value; SameSite=Lax;Secure</text> + <text /> + <text>Setting attribute to 'Strict' is the recommended option.</text> + <text>Example - Set-Cookie: key=value; SameSite=Strict</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/1275.html" id="CWE-1275">1275</link> + </cwe> + <xfid /> + <references> + <link target="http://www.webappsec.org/projects/threat/classes/information_leakage.shtml">WASC Threat Classification: Information Leakage</link> + <link target="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite">SameSite Cookies</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attSameSiteCookie</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attCrossSiteRequestForgery"> + <advisory> + <id>CrossSiteRequestForgery</id> + <name>Cross-Site Request Forgery</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Cross-site Request Forgery</name> + <reference>http://projects.webappsec.org/Cross-Site-Request-Forgery</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_14</cause> + <cause>Cause_15</cause> + <cause>Cause_16</cause> + <cause>Cause_17</cause> + </causes> + <securityRisks> + <text>An attacker can exploit this vulnerability to perform sensitive actions in another user's account, or using their privileges.</text> + <text>It may be possible to force an end-user to execute unwanted actions on a web application in which they're currently authenticated. This would allow the attacker to alter user records and to perform transactions as that user. </text> + <text>If the user is currently logged-in to the victim site, the request will automatically use the user's credentials such as session cookies, IP address, and other browser authentication methods. Using this method, the attacker forges the victim's identity and submits actions on their behalf.</text> + <text>The severity of this vulnerability depends on the affected functionality in context of the application. For example, a CSRF attack on a search page is less severe than a CSRF attack on a money-transfer or profile-update page.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/352.html" id="CWE-352">352</link> + </cwe> + <xfid /> + <references> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html">OWASP CSRF Cheat Sheet</link> + <link target="https://owasp.org/www-project-csrfguard/">OWASP CSRFGuard</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attCrossSiteRequestForgery</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GV_SQLErr"> + <advisory> + <id>GVSQLErr</id> + <name>Database Error Pattern Found</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>SQL Injection</name> + <reference>http://projects.webappsec.org/SQL-Injection</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_0</cause> + </causes> + <securityRisks> + <text>It is possible to view, modify or delete database entries and tables</text> + <text>AppScan discovered Database Errors in the test response, that may have been triggered by an attack other than SQL Injection.</text> + <text>It is possible, though not certain, that this error indicates a possible SQL Injection vulnerability in the application.</text> + <text>If it does, please read the following SQL Injection advisory carefully.</text> + <text /> + <text>The software constructs all or part of an SQL command using externally-influenced input, but it incorrectly neutralizes special elements that could modify the intended SQL command when sent to the database.</text> + <text /> + <text>Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, and possibly including execution of system commands.</text> + <text /> + <text>For example, let's say we have an HTML page with a login form, which eventually runs the following SQL query on the database using the user input:</text> + <text> SELECT * FROM accounts WHERE username='$user' AND password='$pass' +</text> + <text>The two variables, $user and $pass, contain the user credentials entered by the user in the login form.</text> + <text>Therefore, if the user has input "jsmith" as the username, and "Demo1234" as the password, the SQL query will look like this:</text> + <text> SELECT * FROM accounts WHERE username='jsmith' AND password='Demo1234' +</text> + <text>But if the user input "'" (a single apostrophe) as the username, and "'" (a single apostrophe) as the password, the SQL query will look like this:</text> + <text> SELECT * FROM accounts WHERE username=''' AND password=''' +</text> + <text>This, of course, is a malformed SQL query, and will invoke an error message, which may be returned in the HTTP response.</text> + <text>An error such as this informs the attacker that an SQL Injection has succeeded, which will lead the attacker to attempt further attack vectors.</text> + <text /> + <text>Sample Exploit:</text> + <text>The following C# code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.</text> + <text> ... + string userName = ctx.getAuthenticatedUserName(); + string query = "SELECT * FROM items WHERE owner = "'" + + userName + "' AND itemname = '" + + ItemName.Text + "'"; + sda = new SqlDataAdapter(query, conn); + DataTable dt = new DataTable(); + sda.Fill(dt); + ... +</text> + <text>The query that this code intends to execute follows:</text> + <text> SELECT * FROM items WHERE owner = AND itemname = ; +</text> + <text>However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string "name' OR 'a'='a" for itemName, then the query becomes the following:</text> + <text> SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name' OR 'a'='a'; +</text> + <text>The addition of the OR 'a'='a' condition causes the where clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query:</text> + <text> SELECT * FROM items; +</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/209.html" id="CWE-209">209</link> + </cwe> + <xfid /> + <references> + <link target="http://www.cgisecurity.com/lib/webappdis.doc">"Web Application Disassembly with ODBC Error Messages" (By David Litchfield)</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">GV_SQLErr</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="DirectAccesstoAdministrationPages"> + <advisory> + <id>DirectAccesstoAdministrationPages</id> + <name>Direct Access to Administration Pages</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Predictable Resource Location</name> + <reference>http://projects.webappsec.org/Predictable-Resource-Location</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_18</cause> + </causes> + <securityRisks> + <text>It might be possible to escalate user privileges and gain administrative permissions over the web application</text> + <text>A common user can access certain pages on a site through simple surfing (i.e. following web links). However, there might be pages and scripts that are not accessible through simple surfing, (i.e. pages and scripts that are not linked).</text> + <text>An attacker may be able to access these pages by guessing their name, e.g. admin.php, admin.asp, admin.cgi, admin.html, etc.</text> + <text /> + <text>Example request for a script named "admin.php": </text> + <text>http://[SERVER]/admin.php</text> + <text /> + <text>Access to administration scripts should not be allowed without proper authorization, as it may allow an attacker to gain privileged rights.</text> + <text /> + <text>Sample Exploit:</text> + <text>http://[SERVER]/admin.php</text> + <text>http://[SERVER]/admin.asp</text> + <text>http://[SERVER]/admin.aspx</text> + <text>http://[SERVER]/admin.html</text> + <text>http://[SERVER]/admin.cfm</text> + <text>http://[SERVER]/admin.cgi</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/306.html" id="CWE-306">306</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">DirectAccesstoAdministrationPages</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attHostHeaderInjection"> + <advisory> + <id>attHostHeaderInjection</id> + <name>Host Header Injection</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Abuse of Functionality</name> + <reference>http://projects.webappsec.org/Abuse-of-Functionality</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_19</cause> + </causes> + <securityRisks> + <text> + - Dispatch requests to the first virtual host on the list + - Cause a redirect to an attacker-controlled domain + - Perform web cache poisoning + - Manipulate password reset functionality +</text> + <text>A web server commonly hosts several web applications on the same IP address, referring to each application via the virtual host. </text> + <text>In an incoming HTTP request, web servers often dispatch the request to the target virtual host based on the value supplied in the Host or X-Forwarded-Host header.</text> + <text /> + <text>Sample Exploit:</text> + <text>GET /login.html HTTP/1.1</text> + <text>Host: evilhost.com</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/644.html" id="CWE-644">644</link> + </cwe> + <xfid /> + <references> + <link target="https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection">OWASP - WSTG Latest</link> + <link target="https://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html">Practical Host header attacks</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attHostHeaderInjection</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attAccountLockout"> + <advisory> + <id>attAccountLockout</id> + <name>Inadequate Account Lockout</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Brute Force</name> + <reference>http://projects.webappsec.org/Brute-Force</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It might be possible to escalate user privileges and gain administrative permissions over the web application</text> + <text>AppScan Detected that the application does not limit the number of false login attempts.</text> + <text>It did so by sending 10 requests with a bad password, and then successfully logged in using the correct credentials.</text> + <text>Not limiting the number of false login attempts exposes the application to a brute force attack.</text> + <text>A brute force attack is an attempt by a malicious user to gain access to the application by sending a large number of possible passwords and/or usernames.</text> + <text>Since this technique involves a large amount of login attempts, an application that does not limit the number of false login requests allowed is vulnerable to these attacks.</text> + <text>It is therefore highly recommended to restrict the number of false login attempts allowed on an account before it is locked.</text> + <text /> + <text>Sample Exploit:</text> + <text>The following request illustrates a password-guessing request:</text> + <text /> + <text>http://site/login.asp?username=EXISTING_USERNAME&password=GUESSED_PASSWORD</text> + <text /> + <text>If the site does not lock the tested account after several false attempts, the attacker may eventually discover the account password and use it to impersonate the account's legitimate user.</text> + </securityRisks> + <affectedProducts> + <text>This issue affects several applications</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/307.html" id="CWE-307">307</link> + </cwe> + <xfid /> + <references> + <link target="http://www.codeguru.com/csharp/csharp/cs_webservices/security/article.php/c7907/">"Blocking Brute-Force Attacks" by Mark Burnett</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attAccountLockout</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attLinkInjection"> + <advisory> + <id>attLinkInjection</id> + <name>Link Injection (facilitates Cross-Site Request Forgery)</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Content Spoofing</name> + <reference>http://projects.webappsec.org/Content-Spoofing</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_0</cause> + </causes> + <securityRisks> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</text> + <text>It is possible to upload, modify or delete web pages, scripts and files on the web server</text> + <text>The software constructs all or part of a command, data structure, or record using externally-influenced input, but fails to neutralize elements that could modify how it is parsed or interpreted.</text> + <text /> + <text>Link Injection is the modifying of the content of a site by embedding in it a URL to an external site, or to a script in the vulnerable site. After embedding the URL in the vulnerable site, an attacker is able to use it as a platform to launch attacks against other sites, as well as against the vulnerable site itself.</text> + <text /> + <text>Some of these possible attacks require the user to be logged in to the site during the attack. By launching these attacks from the vulnerable site itself, the attacker increases the chances of success, because the user is more likely to be logged in.</text> + <text /> + <text>The Link Injection vulnerability is a result of insufficient user input sanitization, the input being later returned to the user in the site response. The resulting ability to inject hazardous characters into the response makes it possible for attackers to embed URLs, among other possible content modifications.</text> + <text /> + <text>Below is an example for a Link Injection (We will assume that site "www.vulnerable.com" has a parameter called "name", which is used to greet users).</text> + <text /> + <text>The following request:</text> + <text>HTTP://www.vulnerable.com/greet.asp?name=John Smith</text> + <text /> + <text>Will yield the following response:</text> + <text> <HTML> + <BODY> + Hello, John Smith. + </BODY> + </HTML> +</text> + <text>However, a malicious user may send the following request:</text> + <text>HTTP://www.vulnerable.com/greet.asp?name=<IMG SRC="http://www.ANY-SITE.com/ANY-SCRIPT.asp"></text> + <text /> + <text>This will return the following response:</text> + <text> <HTML> + <BODY> + Hello, <IMG SRC="http://www.ANY-SITE.com/ANY-SCRIPT.asp">. + </BODY> + </HTML> +</text> + <text>As this example shows, it is possible to cause a user's browser to issue automatic requests to virtually any site the attacker desires. As a result, Link Injection vulnerability can be used to launch several types of attack:</text> + <text>[-] Cross-Site Request Forgery</text> + <text>[-] Cross-Site Scripting</text> + <text>[-] Phishing</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/74.html" id="CWE-74">74</link> + </cwe> + <xfid /> + <references> + <link target="https://owasp.org/www-community/attacks/csrf">OWASP Article</link> + <link target="http://www.cgisecurity.com/csrf-faq.html">The Cross-Site Request Forgery FAQ</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attLinkInjection</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attRespCookieNotSecureSSL"> + <advisory> + <id>attRespCookieNotSecureSSL</id> + <name>Missing Secure Attribute in Encrypted Session (SSL) Cookie</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_21</cause> + </causes> + <securityRisks> + <text>It may be possible to steal user and session information (cookies) that was sent during an encrypted session</text> + <text>During the application test, it was detected that the tested web application set a cookie without the "secure" attribute, during an encrypted session. Since this cookie does not contain the "secure" attribute, it might also be sent to the site during an unencrypted session. Any information such as cookies, session tokens or user credentials that are sent to the server as clear text, may be stolen and used later for identity theft or user impersonation.</text> + <text /> + <text>In addition, several privacy regulations state that sensitive information such as user credentials will always be sent encrypted to the web site</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/614.html" id="CWE-614">614</link> + </cwe> + <xfid /> + <references> + <link target="http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act/">Financial Privacy: The Gramm-Leach Bliley Act</link> + <link target="http://www.hhs.gov/ocr/hipaa/">Health Insurance Portability and Accountability Act (HIPAA)</link> + <link target="http://www.sec.gov/spotlight/sarbanes-oxley.htm">Sarbanes-Oxley Act</link> + <link target="http://www.leginfo.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html">California SB1386</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attRespCookieNotSecureSSL</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="OldTLS"> + <advisory> + <id>OldTLS</id> + <name>Older TLS Version is Supported</name> + <testDescription>Infrastructure</testDescription> + <threatClassification> + <name>Server Misconfiguration</name> + <reference>http://projects.webappsec.org/Server-Misconfiguration</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_18</cause> + </causes> + <securityRisks> + <text>It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</text> + <text>The server supports TLS cipher suites that either do not offer encryption or use weak encryption algorithms. An attacker may therefore be able to </text> + <text>decrypt the secure communication between the client and the server, or successfully execute a "man-in-the-middle" attack on the client, enabling them to view sensitive information and perform actions on behalf of the client.</text> + <text>Current most secure TLS version is 1.3</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/327.html" id="CWE-327">327</link> + </cwe> + <xfid /> + <references> + <link target="https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/">Deprecating TLS 1.0 and 1.1</link> + <link target="https://kinsta.com/blog/tls-1-3/">Overview of TLS 1.3</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">OldTLS</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="phishingInFrames"> + <advisory> + <id>phishingInFrames</id> + <name>Phishing Through Frames</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Content Spoofing</name> + <reference>http://projects.webappsec.org/Content-Spoofing</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_0</cause> + </causes> + <securityRisks> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or "fishing" for information.</text> + <text /> + <text>It is possible for an attacker to inject a frame or an iframe tag with malicious content. An incautious user may browse it and not realize that he is leaving the original site and surfing to a malicious site. The attacker may then lure the user to login again, thus acquiring his login credentials.</text> + <text>The fact that the fake site is embedded in the original site helps the attacker by giving his phishing attempts a more reliable appearance.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/79.html" id="CWE-79">79</link> + </cwe> + <xfid /> + <references> + <link target="http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm">FTC Consumer Alert - "How Not to Get Hooked by a 'Phishing' Scam"</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">phishingInFrames</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="SHA1CipherSuites"> + <advisory> + <id>SHA1CipherSuites</id> + <name>SHA-1 cipher suites were detected</name> + <testDescription>Infrastructure</testDescription> + <threatClassification> + <name>Server Misconfiguration</name> + <reference>http://projects.webappsec.org/Server-Misconfiguration</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_18</cause> + </causes> + <securityRisks> + <text>It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</text> + <text>The server supports SHA-1 ciphersuites.</text> + <text /> + <text>SHA-1 was officially deprecated by NIST in 2011, but many applications still rely on it.</text> + <text>Up until now (2021), only theoretical attacks have been known agsinst SHA-1, which is why many applications still rely on it.</text> + <text>Recently, a practical attack was introduced by CWI Amsterdam and Google Research teams ( [1] and [2] ).</text> + <text /> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/327.html" id="CWE-327">327</link> + </cwe> + <xfid /> + <references> + <link target="http://shattered.io/">[1] SHATTERED</link> + <link target="http://shattered.io/static/shattered.pdf">[2] The first collision for full SHA-1</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">SHA1CipherSuites</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="constTransient"> + <advisory> + <id>constTransient</id> + <name>Session Identifier Not Updated</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Session Fixation</name> + <reference>http://projects.webappsec.org/Session-Fixation</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</text> + <text>Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier, gives an attacker the opportunity to steal authenticated sessions.</text> + <text /> + <text>Such a scenario is commonly observed when:</text> + <text>[1] A web application authenticates a user without first invalidating the existing session, thereby continuing to use the session already associated with the user</text> + <text>[2] An attacker is able to force a known session identifier on a user so that, once the user authenticates, the attacker has access to the authenticated session</text> + <text>[3] The application or container uses predictable session identifiers.</text> + <text /> + <text>In the generic exploit of session fixation vulnerabilities, an attacker creates a new session on a web application and records the associated session identifier. The attacker then causes the victim to associate, and possibly authenticate, against the server using that session identifier, giving the attacker access to the user's account through the active session.</text> + <text /> + <text>AppScan has found that the session identifiers before and after the login process were not updated, which means that user impersonation may be possible. Preliminary knowledge of the session identifier value may enable a remote attacker to pose as a logged-in legitimate user.</text> + <text>The flow of attack:</text> + <text>a) An attacker uses the victim's browser to open the login form of the vulnerable site.</text> + <text>b) Once the form is open, the attacker writes down the session identifier value, and waits.</text> + <text>c) When the victim logs into the vulnerable site, his session identifier is not updated.</text> + <text>d) The attacker can then use the session identifier value to impersonate the victim user, and operate on his behalf.</text> + <text /> + <text>The session identifier value can be obtained by utilizing a Cross-Site Scripting vulnerability, causing the victim's browser to use a predefined session identifier when contacting the vulnerable site, or by launching a Session Fixation attack that will cause the site to present a predefined session identifier to the victim's browser.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/304.html" id="CWE-304">304</link> + </cwe> + <xfid /> + <references> + <link target="http://www.acrossecurity.com/papers/session_fixation.pdf">"Session Fixation Vulnerability in Web-based Applications", By Mitja Kolsek - Acros Security</link> + <link target="http://il2.php.net/session#session.security">PHP Manual, Session Handling Functions, Sessions and security</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">constTransient</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GD_autocompleteInForm"> + <advisory> + <id>GDautocompleteInForm</id> + <name>Autocomplete HTML Attribute Not Disabled for Password Field</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It may be possible to bypass the web application's authentication mechanism</text> + <text>The "autocomplete" attribute has been standardized in the HTML5 standard. W3C's site states that the attribute has two states, "on" and "off", and that omitting it altogether is equivalent to setting it to "on".</text> + <text /> + <text>This page is vulnerable since it does not set the "autocomplete" attribute to "off" for the "password" field in the "input" element.</text> + <text>This may enable an unauthorized user (with local access to an authorized client) to autofill the username and password fields, and thus log in to the site.</text> + </securityRisks> + <affectedProducts> + <text>N/A</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/522.html" id="CWE-522">522</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">GD_autocompleteInForm</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="bodyParamsInQuery"> + <advisory> + <id>bodyParamsInQuery</id> + <name>Body Parameters Accepted in Query</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>GET requests are designed to query the server, while POST requests are for submitting data.</text> + <text>However, aside from the technical purpose, attacking query parameters is easier than body parameters, because sending a link to the original site, or posting it in a blog or comment, is easier and has better results than the alternative - in order to attack a request with body parameters, an attacker would need to create a page containing a form that will be submitted when visited by the victim.</text> + <text>It is a lot harder to convince the victim to visit a page that he doesn't know, than letting him visit the original site. It it therefore not recommended to support body parameters that arrive in the query string.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references> + <link target="http://tools.ietf.org/html/rfc7231#section-4.3.1">GET</link> + <link target="http://tools.ietf.org/html/rfc7231#section-4.3.3">POST</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">bodyParamsInQuery</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attCachedSSL"> + <advisory> + <id>attCachedSSL</id> + <name>Cacheable SSL Page Found</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_22</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>Most web browsers are configured by default to cache the user's pages during use. This means that SSL pages are cached as well. </text> + <text /> + <text>It is not recommended to enable the web browser to save any SSL information, since this information might be compromised when a vulnerability exists.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/525.html" id="CWE-525">525</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">attCachedSSL</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GD_CreditCardVisa"> + <advisory> + <id>GDCreditCardVisa</id> + <name>Credit Card Number Pattern Found (Visa)</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>AppScan detected a response containing a complete Visa credit card number.</text> + <text>For reasons of security and privacy, credit card numbers should not appear in web pages.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">GD_CreditCardVisa</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attHttpsToHttp"> + <advisory> + <id>Communications.Unencrypted</id> + <name>Encryption Not Enforced</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_23</cause> + <cause>Cause_24</cause> + </causes> + <securityRisks> + <text>Any information sent to the server as clear text may be stolen over the network and used later for identity theft or user impersonation.</text> + <text>It may be possible to intercept sensitive data such as user login information (usernames and passwords), credit card numbers, social security numbers etc. that are sent unencrypted.</text> + <text>It may be possible to perform man in the middle (MitM) attacks, which would give an attacker full control of the communication, including changing content, stealing data, or impersonating the user to the server.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/319.html" id="CWE-319">319</link> + </cwe> + <xfid /> + <references> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html">OWASP - TLS Cipher String Cheat Sheet</link> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">OWASP - Transport Layer Protection Cheat Sheet</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attHttpsToHttp</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attContentSecurityPolicy"> + <advisory> + <id>attContentSecurityPolicy</id> + <name>Missing "Content-Security-Policy" header</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>The absence or improper values of CSP can cause the web application being vulnerable to XSS, clickjacking, etc.</text> + <text>The "Content-Security-Policy" header is designed to modify the way browsers render pages, and thus to protect from various cross-site injections, including Cross-Site Scripting. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. For example, if the header is set to prevent execution of inline JavaScript, the web site must not use inline JavaScript in its pages.</text> + <text>To protect against Cross-Site Scripting, Cross-Frame Scripting and clickjacking, it is important to set the following policies with proper values:</text> + <text>Both of 'default-src' and 'frame-ancestors' policies, *OR* all of 'script-src', 'object-src' and 'frame-ancestors’ policies.</text> + <text>For 'default-src', 'script-src' and 'object-src', insecure values such as '*', 'data:', 'unsafe-inline' or 'unsafe-eval' should be avoided.</text> + <text>For 'frame-ancestors', insecure values such as '*' or 'data:' should be avoided.</text> + <text>Additionally for 'script-src', and 'default-src' (fallback directive for 'script-src') 'self' is considered insecure and should be avoided.</text> + <text>Please refer the following links for more information.</text> + <text>Please note that “Content-Security-Policy” includes four different tests. A general test that verifies if the "Content-Security-Policy" header is being used and three additional tests that check if "Frame-Ancestors", "Object-Src" and "Script-Src" were configured correctly.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/1032.html" id="CWE-1032">1032</link> + </cwe> + <xfid /> + <references> + <link target="https://owasp.org/www-project-secure-headers/">List of some secure Headers</link> + <link target="http://www.html5rocks.com/en/tutorials/security/content-security-policy/">An Introduction to Content Security Policy</link> + <link target="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy">MDN web docs - Content-Security-Policy</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attContentSecurityPolicy</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attRespCookieNotHttpOnlySessionCookie"> + <advisory> + <id>attRespCookieNotHttpOnlySessionCookie</id> + <name>Missing HttpOnly Attribute in Session Cookie</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_25</cause> + </causes> + <securityRisks> + <text>It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user</text> + <text>During the application test, it was detected that the tested web application set a session cookie without the "HttpOnly" attribute. Since this session cookie does not contain the "HttpOnly" attribute, it might be accessed by a malicous script injected to the site, and its value can be stolen. Any information stored in session tokens may be stolen and used later for identity theft or user impersonation.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/653.html" id="CWE-653">653</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">attRespCookieNotHttpOnlySessionCookie</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="ContentTypeOptions"> + <advisory> + <id>ContentTypeOptions</id> + <name>Missing or insecure "X-Content-Type-Options" header</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a response.</text> + <text>This action may prevent untrusted content (e.g. user uploaded content) from being executed on the user browser (after a malicious naming, for example).</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references> + <link target="https://www.owasp.org/index.php/List_of_useful_HTTP_headers">List of useful HTTP headers</link> + <link target="https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx">Reducing MIME type security risks</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">ContentTypeOptions</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="XFS"> + <advisory> + <id>XFS</id> + <name>Missing or insecure Cross-Frame Scripting Defence</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site.</text> + <text>The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forgery, sensitive information leakage, and more.</text> + <text>For best protection, it is advised to set the header value to DENY or SAMEORIGIN.</text> + <text /> + <text>Sample Exploit:</text> + <text>Within a malicious site, it is possible to embed the vulnerable page:</text> + <text><frame src="http://vulnerable.com/login.html"></text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/1021.html" id="CWE-1021">1021</link> + </cwe> + <xfid /> + <references> + <link target="https://owasp.org/www-community/attacks/Cross_Frame_Scripting">Cross-Frame Scripting</link> + <link target="https://owasp.org/www-community/attacks/Clickjacking">Clickjacking</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">XFS</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="HSTS"> + <advisory> + <id>HSTS</id> + <name>Missing or insecure HTTP Strict-Transport-Security Header</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>HTTP Strict Transport Security (HSTS) is a mechanism which protects secure (HTTPS) websites from being downgraded to non-secure HTTP. This mechanism enables web servers to instruct their clients (web browsers or other user agents) to use secure HTTPS connections when interacting with the server, and never use the insecure HTTP protocol.</text> + <text>It is important to set the 'max-age' to a high enough value to prevent falling back to an insecure connection prematurely.</text> + <text /> + <text>The HTTP Strict Transport Security policy is communicated by the server to its clients using a response header named "Strict-Transport-Security". The value of this header is a period of time during which the client should access the server in HTTPS only. Other header attributes include "includeSubDomains" and "preload".</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references> + <link target="https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html">OWASP "HTTP Strict Transport Security"</link> + <link target="http://tools.ietf.org/html/rfc6797">HSTS Spec</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">HSTS</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GETParamOverSSL"> + <advisory> + <id>GETParamOverSSL</id> + <name>Query Parameter in SSL Request</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_26</cause> + </causes> + <securityRisks> + <text>It may be possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted</text> + <text>During the application test, it was detected that a request, which was sent over SSL, contained parameters that were transmitted in the Query part of an HTTP request.</text> + <text>When sending requests, the browser's history can be used to reveal the URLs, which contain the query parameter names and values.</text> + <text /> + <text>Due to the sensitivity of encrypted requests, it is suggested to use HTTP POST (without parameters in the URL string) when possible, in order to avoid the disclosure of URLs and parameter values to others.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/598.html" id="CWE-598">598</link> + </cwe> + <xfid /> + <references> + <link target="http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act/">Financial Privacy: The Gramm-Leach Bliley Act</link> + <link target="http://www.hhs.gov/ocr/hipaa/">Health Insurance Portability and Accountability Act (HIPAA)</link> + <link target="http://www.sec.gov/spotlight/sarbanes-oxley.htm">Sarbanes-Oxley Act</link> + <link target="http://www.leginfo.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html">California SB1386</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">GETParamOverSSL</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attUnnecessaryResponseHeaders"> + <advisory> + <id>attUnnecessaryResponseHeaders</id> + <name>Unnecessary Http Response Headers found in the Application</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web server type, version, OS and more.</text> + <text>AppScan detected a Http response header that is unnecessary.</text> + <text>For reasons of security and privacy, The Http response headers like "Server", "X-Powered-By", "X-AspNetMvc-Version" and "X-AspNet-Version" should not appear in web pages.</text> + <text>The "Server" header is a header that is added usually by default whenever a response is sent to the client by the server.</text> + <text>The "X-Powered-By" header is a header that might be added by default whenever a response is sent to the client by the server.</text> + <text>These added header(s) may reveal sensitive information about the internal server software version and type, thus enabling attackers to fingerprint it and attack it with targeted exploits. Moreover, when a new exploit becomes known to the public, the server will most likely get attacked with it.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references> + <link target="http://projects.webappsec.org/w/page/13246925/Fingerprinting">Fingerprinting</link> + <link target="https://www.hacksplaining.com/prevention/information-leakage">Preventing Information Leakage</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attUnnecessaryResponseHeaders</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attUndefinedState"> + <advisory> + <id>attUndefinedState</id> + <name>Application Error</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_27</cause> + <cause>Cause_28</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive debugging information</text> + <text>If an attacker probes the application by forging a request that contains parameters or parameter values other than the ones expected by the application (examples are listed below), the application may enter an undefined state that makes it vulnerable to attack. The attacker can gain useful information from the application's response to this request, which information may be exploited to locate application weaknesses.</text> + <text>For example, if the parameter field should be an apostrophe-quoted string (e.g. in an ASP script or SQL query), the injected apostrophe symbol will prematurely terminate the string stream, thus changing the normal flow/syntax of the script.</text> + <text>Another cause of vital information being revealed in error messages, is when the scripting engine, web server, or database are misconfigured.</text> + <text /> + <text>Here are some different variants:</text> + <text>[1] Remove parameter</text> + <text>[2] Remove parameter value</text> + <text>[3] Set parameter value to null</text> + <text>[4] Set parameter value to a numeric overflow (+/- 99999999)</text> + <text>[5] Set parameter value to hazardous characters, such as ' " \' \" ) ;</text> + <text>[6] Append some string to a numeric parameter value</text> + <text>[7] Append "." (dot) or "[]" (angle brackets) to the parameter name</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/550.html" id="CWE-550">550</link> + </cwe> + <xfid /> + <references> + <link target="https://packetstormsecurity.com/files/10631/rfp2k01.txt.html">An example for using apostrophe to hack a site can be found in "How I hacked PacketStorm (by Rain Forest Puppy), RFP's site"</link> + <link target="http://www.cgisecurity.com/lib/webappdis.doc">"Web Application Disassembly with ODBC Error Messages" (By David Litchfield)</link> + <link target="http://www.cert.org/advisories/CA-1997-25.html">CERT Advisory (CA-1997-25): Sanitizing user-supplied data in CGI scripts</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attUndefinedState</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GD_EmailAddress"> + <advisory> + <id>GDEmailAddress</id> + <name>Email Address Pattern Found</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>Spambots crawl internet sites, set out to find e-mail addresses in order to build mailing lists for sending unsolicited e-mail (spam).</text> + <text /> + <text>AppScan detected a response containing one or more e-mail addresses, which may be exploited to send spam mail</text> + <text /> + <text>Furthermore, the e-mail addresses found may be private and thus should not be accessible to the general public.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/359.html" id="CWE-359">359</link> + </cwe> + <xfid /> + <references> + <link target="http://en.wikipedia.org/wiki/Spambot">Definition of Spambot (Wikipedia)</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">GD_EmailAddress</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attSensitiveInHtmlComments"> + <advisory> + <id>Quality.Comments</id> + <name>HTML Comments Sensitive Information Disclosure</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_29</cause> + <cause>Cause_30</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.</text> + <text>An attacker who finds these comments can map the application's structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.</text> + </securityRisks> + <affectedProducts /> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/615.html" id="CWE-615">615</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">attSensitiveInHtmlComments</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="attReferrerPolicyHeaderExist"> + <advisory> + <id>attReferrerPolicyHeaderExist</id> + <name>Missing "Referrer policy" Security Header</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_20</cause> + </causes> + <securityRisks> + <text>It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations</text> + <text>It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.</text> + <text>The absence or improper values of Referrer Policy can cause URL leak itself, and even sensitive information contained in the URL will be leaked to the cross-site.</text> + <text>This is a part of ruleset to check if Referrer Policy is present and if so to test its configuration. The "Referer Policy" header defines what data is made available in the Referer header, and for navigation and iframes in the destination's (document.referrer). This header is designed to modify the way browsers render pages, and thus to prevent cross-domain Referer leakage. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site.</text> + <text>Referer header is a request header that indicates the site which the traffic originated from. If there is no adequate prevention in place, the URL itself, and even sensitive information contained in the URL will be leaked to the cross-site.</text> + <text /> + <text>"no-referrer-when-downgrade" and "unsafe-url" are the policies which leaks the Full Url for the ThirdParty Sites. The remaining policies are"no-referrer", "origin", "origin-when-cross-origin","same-origin", "strict-origin", "strict-origin-when-cross-origin.</text> + <text /> + <text>Please refer the following links for more information.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references> + <link target="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy">MDN web docs - Referrer-Policy</link> + </references> + <fixRecommendations> + <fixRecommendation type="General">attReferrerPolicyHeaderExist</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + <item id="GD_PathDisclosure"> + <advisory> + <id>GDPathDisclosure</id> + <name>Possible Server Path Disclosure Pattern Found</name> + <testDescription>Application</testDescription> + <threatClassification> + <name>Information Leakage</name> + <reference>http://projects.webappsec.org/Information-Leakage</reference> + </threatClassification> + <testTechnicalDescription /> + <exploitExample /> + <causes> + <cause>Cause_31</cause> + </causes> + <securityRisks> + <text>It is possible to retrieve the absolute path of the web server installation, which might help an attacker to develop further attacks and to gain information about the file system structure of the web application</text> + <text>AppScan detected a response containing a file's absolute path (e.g. c:\dir\file in Windows, or /dir/file in Unix).</text> + <text /> + <text>An attacker may be able to exploit this information to access sensitive information on the directory structure of the server machine which could be used for further attacks against the site.</text> + </securityRisks> + <affectedProducts> + <text>This issue may affect different types of products.</text> + </affectedProducts> + <cwe> + <link target="http://cwe.mitre.org/data/definitions/200.html" id="CWE-200">200</link> + </cwe> + <xfid /> + <references /> + <fixRecommendations> + <fixRecommendation type="General">GD_PathDisclosure</fixRecommendation> + </fixRecommendations> + </advisory> + </item> + </advisory-group> + <affected-product-group /> + <remediation-group> + <item id="fix_53140"> + <name>Disable redirection to external sites based on parameter values</name> + <priority>High</priority> + <priority-id>2</priority-id> + </item> + <item id="fix_52000"> + <name>Review possible solutions for hazardous character injection</name> + <priority>High</priority> + <priority-id>2</priority-id> + </item> + <item id="fix_50300"> + <name>Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions</name> + <priority>High</priority> + <priority-id>2</priority-id> + </item> + <item id="fix_52740"> + <name>Add the 'Secure' attribute to all sensitive cookies</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_54860"> + <name>Apply proper authorization to administration scripts</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_61754"> + <name>Change server's supported ciphersuites</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_60310"> + <name>Change session identifier values after login</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_61481"> + <name>Construct HTTP headers very carefully, avoiding the use of non-validated/unsanitized input data</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_59220"> + <name>Enforce account lockout after several failed login attempts</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_61797"> + <name>Review possible solutions for configuring SameSite Cookie attribute to recommended values</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_61030"> + <name>Use a different signature algorithm for the certificate. See "Fix Recommentation" for specific server instructions</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_60130"> + <name>Validate the value of the "Referer" header, and use a one-time-nonce for each submitted form</name> + <priority>Medium</priority> + <priority-id>1</priority-id> + </item> + <item id="fix_52741"> + <name>Add the 'HttpOnly' attribute to all session cookies</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_52720"> + <name>Always use SSL and POST (body) parameters when sending sensitive information.</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61770"> + <name>Config your server to use the "Content-Security-Policy" header with secure policies</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61771"> + <name>Config your server to use the "Referrer Policy" header with secure policies</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61767"> + <name>Config your server to use the "X-Content-Type-Options" header with "nosniff" value</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61763"> + <name>Config your server to use the "X-Frame-Options" header with DENY or SAMEORIGIN value</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61640"> + <name>Correctly set the "autocomplete" attribute to "off"</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61757"> + <name>Do not accept body parameters that are sent in the query string</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_MA_attInformationLeakage"> + <name>Do not allow sensitive information to leak.</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_60510"> + <name>Download the relevant security patch for your web server or web application.</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_52721"> + <name>Enforce the use of HTTPS when sending sensitive information</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_61750"> + <name>Implement the HTTP Strict-Transport-Security policy with a long "max-age"</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_60210"> + <name>Prevent caching of SSL pages by adding "Cache-Control: no-store" and "Pragma: no-cache" headers to their responses.</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_59161"> + <name>Remove credit card numbers from your website</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_60260"> + <name>Remove e-mail addresses from the website</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + <item id="fix_50750"> + <name>Remove sensitive information from HTML comments</name> + <priority>Low</priority> + <priority-id>0</priority-id> + </item> + </remediation-group> + <cookie-group> + <total>2</total> + <item> + <name>AltoroAccounts</name> + <value>ODAwMDAyflNhdmluZ3N+LTEuOTk5NTQzNDA3MDM5MTU2MjJFMTh8ODAwMDAzfkNoZWNraW5nfjcuMTA2ODA0NjQ0NzM3ODg1RTIwfDQ1MzkwODIwMzkzOTYyODh+Q3JlZGl0IENhcmR+LTEuOTk5NTQzNDAxMjc4NzEyMzJFMTh8</value> + <first-set-in-url>https://demo.testfire.net/doLogin</first-set-in-url> + <first-requested-in-url>https://demo.testfire.net/bank/main.jsp</first-requested-in-url> + <domain>demo.testfire.net</domain> + <expires /> + <secure>dictionaryFalse</secure> + <http-only>dictionaryFalse</http-only> + <same-site /> + <js-stack-trace /> + </item> + <item> + <name>JSESSIONID</name> + <value>A496F85EFEC2D4852626C21B50001A3A</value> + <first-set-in-url>https://demo.testfire.net/</first-set-in-url> + <first-requested-in-url>https://demo.testfire.net/login.jsp</first-requested-in-url> + <domain>demo.testfire.net</domain> + <expires /> + <secure>dictionaryTrue</secure> + <http-only>dictionaryTrue</http-only> + <same-site /> + <js-stack-trace /> + </item> + </cookie-group> + <component-group> + <total>0</total> + </component-group> + <java-script-group> + <total>22</total> + <item> + <text> + function setfocus() { + if (document.login.uid.value=="") { + document.login.uid.focus(); + } else { + document.login.passw.focus(); + } + } + + function confirminput(myform) { + if (myform.uid.value.length && myform.passw.value.length) { + return (true); + } else if (!(myform.uid.value.length)) { + myform.reset(); + myform.uid.focus(); + alert ("You must enter a valid username"); + return (false); + } else { + myform.passw.focus(); + alert ("You must enter a valid password"); + return (false); + } + } + window.onload = setfocus; + </text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>return (confirminput(login));</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>window.open('disclaimer.htm?url=http://www.netscape.com', '_blank', 'status=no,location=no,menubar=no,resizable=no,scrollbars=no,toolbar=no,width=450,height=200'); return false;</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>window.open('disclaimer.htm?url=http://www.microsoft.com', '_blank', 'status=no,location=no,menubar=no,resizable=no,scrollbars=no,toolbar=no,width=450,height=200'); return false;</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text> + _uacct = "1234abc"; + urchinTracker(); + </text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text> + function confirmEmail(sEmail) { + var msg = null; + if (sEmail != "") { + var emailFilter=/^[\w\d\.\%-]+@[\w\d\.\%-]+\.\w{2,4}$/; + if (!(emailFilter.test(sEmail))) { + var illegalChars= /[^\w\d\.\%\-@]/; + if (sEmail.match(illegalChars)) { + msg = "Your email can only contain alphanumeric\ncharacters and the following: @.%-\n\n"; + } else { + msg = "Your email address does not appear to be valid. Please try again.\n\n"; + } + } + } else { + msg = "Please enter an email address.\n\n"; + } + if (msg != null) { + alert(msg); + return false; + } else { + return true; + } + } + </text> + <url>https://demo.testfire.net/subscribe.jsp</url> + </item> + <item> + <text>return confirmEmail(txtEmail.value);</text> + <url>https://demo.testfire.net/subscribe.jsp</url> + </item> + <item> + <text> +var xmlHttp = false; + + //http://www.ibm.com/developerworks/web/library/wa-ajaxintro1/index.html + /* Create a new XMLHttpRequest object to talk to the Web server */ + xmlHttp = false; + /*@cc_on @*/ + /*@if (@_jscript_version >= 5) + try { + xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); + } catch (e) { + try { + xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); + } catch (e2) { + xmlHttp = false; + } + } + @end @*/ + + + if (!xmlHttp && typeof XMLHttpRequest != 'undefined') { + xmlHttp = new XMLHttpRequest(); + } + +var sLastHostName=''; +function checkSiteStatus(sHostName) +{ + sLastHostName = sHostName; + //Make JSON request + xmlHttp.open("GET","util/serverStatusCheckService.jsp?HostName=" + sHostName); + xmlHttp.onreadystatechange = StateChangeForJSON; + xmlHttp.send(null); +} +function StateChangeForJSON() +{ + if(xmlHttp.readyState == 4 && xmlHttp.status == 200) + { + var jsonObj = eval('('+ xmlHttp.responseText + ')'); + var jsonFetchHostStatus = jsonObj["HostStatus"]; + var jsonFetchHostName=jsonObj["HostName"]; + //get JSON values and output + x=document.getElementById('FetchHostName'); + x.innerHTML=jsonFetchHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML=jsonFetchHostStatus; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 500) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned an error. Please be patient while our administrators fix the issue.'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 404) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned an error. The status service appears to not be available'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 401) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned a 401 unauthorized error, indicating it was implemented incorrectly'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 302) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned a 302 redirect, indicating it was implemented incorrectly'; + } +} + + +</text> + <url>https://demo.testfire.net/status_check.jsp</url> + </item> + <item> + <text> + window.onload = function() { + + // Build a system + const ui = SwaggerUIBundle({ + url: window.location.href.substr(0, window.location.href.lastIndexOf("\/") + 1) + "properties.json", + dom_id: '#swagger-ui', + deepLinking: true, + presets: [ + SwaggerUIBundle.presets.apis, + SwaggerUIStandalonePreset + ], + plugins: [ + SwaggerUIBundle.plugins.DownloadUrl + ], + layout: "StandaloneLayout" + }) + + window.ui = ui + } + </text> + <url>https://demo.testfire.net/swagger/index.html</url> + </item> + <item> + <text>!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.SwaggerUIStandalonePreset=e():t.SwaggerUIStandalonePreset=e()}(this,function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="/dist",n(n.s=206)}([function(t,e,n){"use strict";var r=n(52),i=["kind","resolve","construct","instanceOf","predicate","represent","defaultStyle","styleAliases"],o=["scalar","sequence","mapping"];t.exports=function(t,e){var n,u;if(e=e||{},Object.keys(e).forEach(function(e){if(-1===i.indexOf(e))throw new r('Unknown option "'+e+'" is met in definition of "'+t+'" YAML type.')}),this.tag=t,this.kind=e.kind||null,this.resolve=e.resolve||function(){return!0},this.construct=e.construct||function(t){return t},this.instanceOf=e.instanceOf||null,this.predicate=e.predicate||null,this.represent=e.represent||null,this.defaultStyle=e.defaultStyle||null,this.styleAliases=(n=e.styleAliases||null,u={},null!==n&&Object.keys(n).forEach(function(t){n[t].forEach(function(e){u[String(e)]=t})}),u),-1===o.indexOf(this.kind))throw new r('Unknown kind "'+this.kind+'" is specified for "'+t+'" YAML type.')}},function(t,e,n){var r=n(133)("wks"),i=n(98),o=n(5).Symbol,u="function"==typeof o;(t.exports=function(t){return r[t]||(r[t]=u&&o[t]||(u?o:i)("Symbol."+t))}).store=r},function(t,e){var n=t.exports={version:"2.5.5"};"number"==typeof __e&&(__e=n)},function(t,e,n){var r=n(5),i=n(19),o=n(17),u=n(30),a=n(60),s=function(t,e,n){var c,f,l,p,h=t&s.F,d=t&s.G,v=t&s.S,y=t&s.P,g=t&s.B,m=d?r:v?r[e]||(r[e]={}):(r[e]||{}).prototype,_=d?i:i[e]||(i[e]={}),b=_.prototype||(_.prototype={});for(c in d&&(n=e),n)l=((f=!h&&m&&void 0!==m[c])?m:n)[c],p=g&&f?a(l,r):y&&"function"==typeof l?a(Function.call,l):l,m&&u(m,c,l,t&s.U),_[c]!=l&&o(_,c,p),y&&b[c]!=l&&(b[c]=l)};r.core=i,s.F=1,s.G=2,s.S=4,s.P=8,s.B=16,s.W=32,s.U=64,s.R=128,t.exports=s},function(t,e,n){var r=n(3),i=n(43),o=n(10),u=/"/g,a=function(t,e,n,r){var i=String(o(t)),a="<"+e;return""!==n&&(a+=" "+n+'="'+String(r).replace(u,"&quot;")+'"'),a+">"+i+"</"+e+">"};t.exports=function(t,e){var n={};n[t]=e(a),r(r.P+r.F*i(function(){var e=""[t]('"');return e!==e.toLowerCase()||e.split('"').length>3}),"String",n)}},function(t,e){var n=t.exports="undefined"!=typeof window&&window.Math==Math?window:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")();"number"==typeof __g&&(__g=n)},function(t,e,n){var r=n(93)("wks"),i=n(55),o=n(9).Symbol,u="function"==typeof o;(t.exports=function(t){return r[t]||(r[t]=u&&o[t]||(u?o:i)("Symbol."+t))}).store=r},function(t,e,n){var r=n(169),i="object"==typeof self&&self&&self.Object===Object&&self,o=r||i||Function("return this")();t.exports=o},function(t,e){var n=Array.isArray;t.exports=n},function(t,e){var n=t.exports="undefined"!=typeof window&&window.Math==Math?window:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")();"number"==typeof __g&&(__g=n)},function(t,e){t.exports=function(t){if(void 0==t)throw TypeError("Can't call method on "+t);return t}},function(t,e){var n;n=function(){return this}();try{n=n||Function("return this")()||(0,eval)("this")}catch(t){"object"==typeof window&&(n=window)}t.exports=n},function(t,e,n){"use strict";t.exports=function(t){if("function"!=typeof t)throw new TypeError(t+" is not a function");return t}},function(t,e,n){var r=n(9),i=n(2),o=n(126),u=n(26),a=n(16),s=function(t,e,n){var c,f,l,p=t&s.F,h=t&s.G,d=t&s.S,v=t&s.P,y=t&s.B,g=t&s.W,m=h?i:i[e]||(i[e]={}),_=m.prototype,b=h?r:d?r[e]:(r[e]||{}).prototype;for(c in h&&(n=e),n)(f=!p&&b&&void 0!==b[c])&&a(m,c)||(l=f?b[c]:n[c],m[c]=h&&"function"!=typeof b[c]?n[c]:y&&f?o(l,r):g&&b[c]==l?function(t){var e=function(e,n,r){if(this instanceof t){switch(arguments.length){case 0:return new t;case 1:return new t(e);case 2:return new t(e,n)}return new t(e,n,r)}return t.apply(this,arguments)};return e.prototype=t.prototype,e}(l):v&&"function"==typeof l?o(Function.call,l):l,v&&((m.virtual||(m.virtual={}))[c]=l,t&s.R&&_&&!_[c]&&u(_,c,l)))};s.F=1,s.G=2,s.S=4,s.P=8,s.B=16,s.W=32,s.U=64,s.R=128,t.exports=s},function(t,e,n){var r=n(27),i=n(127),o=n(89),u=Object.defineProperty;e.f=n(15)?Object.defineProperty:function(t,e,n){if(r(t),e=o(e,!0),r(n),i)try{return u(t,e,n)}catch(t){}if("get"in n||"set"in n)throw TypeError("Accessors not supported!");return"value"in n&&(t[e]=n.value),t}},function(t,e,n){t.exports=!n(29)(function(){return 7!=Object.defineProperty({},"a",{get:function(){return 7}}).a})},function(t,e){var n={}.hasOwnProperty;t.exports=function(t,e){return n.call(t,e)}},function(t,...</text> + <url>https://demo.testfire.net/swagger/swagger-ui-standalone-preset.js</url> + </item> + <item> + <text>!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.SwaggerUIBundle=t():e.SwaggerUIBundle=t()}(this,function(){return function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:r})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/dist",n(n.s=446)}([function(e,t,n){"use strict";e.exports=n(75)},function(e,t,n){e.exports=n(854)()},function(e,t,n){"use strict";t.__esModule=!0,t.default=function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}},function(e,t,n){"use strict";t.__esModule=!0;var r,o=n(262),i=(r=o)&&r.__esModule?r:{default:r};t.default=function(){function e(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),(0,i.default)(e,r.key,r)}}return function(t,n,r){return n&&e(t.prototype,n),r&&e(t,r),t}}()},function(e,t,n){e.exports={default:n(767),__esModule:!0}},function(e,t,n){"use strict";t.__esModule=!0;var r,o=n(45),i=(r=o)&&r.__esModule?r:{default:r};t.default=function(e,t){if(!e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!t||"object"!==(void 0===t?"undefined":(0,i.default)(t))&&"function"!=typeof t?e:t}},function(e,t,n){"use strict";t.__esModule=!0;var r=a(n(769)),o=a(n(350)),i=a(n(45));function a(e){return e&&e.__esModule?e:{default:e}}t.default=function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function, not "+(void 0===t?"undefined":(0,i.default)(t)));e.prototype=(0,o.default)(t&&t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}}),t&&(r.default?(0,r.default)(e,t):e.__proto__=t)}},function(e,t,n){var r;r=function(){"use strict";var e=Array.prototype.slice;function t(e,t){t&&(e.prototype=Object.create(t.prototype)),e.prototype.constructor=e}function n(e){return a(e)?e:J(e)}function r(e){return u(e)?e:Y(e)}function o(e){return s(e)?e:K(e)}function i(e){return a(e)&&!l(e)?e:G(e)}function a(e){return!(!e||!e[f])}function u(e){return!(!e||!e[p])}function s(e){return!(!e||!e[d])}function l(e){return u(e)||s(e)}function c(e){return!(!e||!e[h])}t(r,n),t(o,n),t(i,n),n.isIterable=a,n.isKeyed=u,n.isIndexed=s,n.isAssociative=l,n.isOrdered=c,n.Keyed=r,n.Indexed=o,n.Set=i;var f="@@__IMMUTABLE_ITERABLE__@@",p="@@__IMMUTABLE_KEYED__@@",d="@@__IMMUTABLE_INDEXED__@@",h="@@__IMMUTABLE_ORDERED__@@",v=5,m=1<<v,y=m-1,g={},b={value:!1},_={value:!1};function w(e){return e.value=!1,e}function E(e){e&&(e.value=!0)}function x(){}function S(e,t){t=t||0;for(var n=Math.max(0,e.length-t),r=new Array(n),o=0;o<n;o++)r[o]=e[o+t];return r}function C(e){return void 0===e.size&&(e.size=e.__iterate(A)),e.size}function k(e,t){if("number"!=typeof t){var n=t>>>0;if(""+n!==t||4294967295===n)return NaN;t=n}return t<0?C(e)+t:t}function A(){return!0}function O(e,t,n){return(0===e||void 0!==n&&e<=-n)&&(void 0===t||void 0!==n&&t>=n)}function P(e,t){return M(e,t,0)}function T(e,t){return M(e,t,t)}function M(e,t,n){return void 0===e?n:e<0?Math.max(0,t+e):void 0===t?e:Math.min(t,e)}var I=0,j=1,N=2,R="function"==typeof Symbol&&Symbol.iterator,D="@@iterator",L=R||D;function U(e){this.next=e}function q(e,t,n,r){var o=0===e?t:1===e?n:[t,n];return r?r.value=o:r={value:o,done:!1},r}function F(){return{value:void 0,done:!0}}function z(e){return!!H(e)}function B(e){return e&&"function"==typeof e.next}function V(e){var t=H(e);return t&&t.call(e)}function H(e){var t=e&&(R&&e[R]||e[D]);if("function"==typeof t)return t}function W(e){return e&&"number"==typeof e.length}function J(e){return null===e||void 0===e?ie():a(e)?e.toSeq():function(e){var t=se(e)||"object"==typeof e&&new te(e);if(!t)throw new TypeError("Expected Array or iterable object of values, or keyed object: "+e);return t}(e)}function Y(e){return null===e||void 0===e?ie().toKeyedSeq():a(e)?u(e)?e.toSeq():e.fromEntrySeq():ae(e)}function K(e){return null===e||void 0===e?ie():a(e)?u(e)?e.entrySeq():e.toIndexedSeq():ue(e)}function G(e){return(null===e||void 0===e?ie():a(e)?u(e)?e.entrySeq():e:ue(e)).toSetSeq()}U.prototype.toString=function(){return"[Iterator]"},U.KEYS=I,U.VALUES=j,U.ENTRIES=N,U.prototype.inspect=U.prototype.toSource=function(){return this.toString()},U.prototype[L]=function(){return this},t(J,n),J.of=function(){return J(arguments)},J.prototype.toSeq=function(){return this},J.prototype.toString=function(){return this.__toString("Seq {","}")},J.prototype.cacheResult=function(){return!this._cache&&this.__iterateUncached&&(this._cache=this.entrySeq().toArray(),this.size=this._cache.length),this},J.pro...</text> + <url>https://demo.testfire.net/swagger/swagger-ui-bundle.js</url> + </item> + <item> + <text> + function confirminput(myform) { + + if (myform.startDate.value != ""){ + var valid = false; + var splitStrings = myform.startDate.value.split("-"); + if (splitStrings.length == 3) { + var year = parseInt(splitStrings[0]); + var month = parseInt((splitStrings[1].charAt(0)==0 && splitStrings[1].length == 2)?splitStrings[1].charAt(1):splitStrings[1]); + var day = parseInt((splitStrings[2].charAt(0)==0 && splitStrings[2].length == 2)?splitStrings[2].charAt(1):splitStrings[2]); + + var validNums = !(isNaN(year) || isNaN(month) || isNaN(day)); + + if (validNums) + valid = validateDate(month, day, year); + } + + if (!valid){ + alert ("'After' date of " + myform.startDate.value + " is not valid."); + return false; + } + } + + if (myform.endDate.value != ""){ + var valid2 = false; + var splitStrings2 = myform.endDate.value.split("-"); + if (splitStrings2.length == 3) { + var year2 = parseInt(splitStrings2[0]); + var month2 = parseInt((splitStrings2[1].charAt(0)==0 && splitStrings2[1].length == 2)?splitStrings2[1].charAt(1):splitStrings2[1]); + var day2 = parseInt((splitStrings2[2].charAt(0)==0 && splitStrings2[2].length == 2)?splitStrings2[2].charAt(1):splitStrings2[2]); + + var validNums2 = !(isNaN(year2) || isNaN(month2) || isNaN(day2)); + + if (validNums2) + valid2 = validateDate(month2, day2, year2); + } + + if (!valid2){ + alert ("'Before' date of " + myform.endDate.value + " is not valid."); + return false; + } + } + return true; + } + + function validateDate(month, day, year){ + try { + var thisDate = new Date(); + var wrongMonth = month<1 || month>12; + var wrongDay = (day<1) || (day>31) || (day>30 && ((month==4)||(month==6)||(month==9)||(month==11))) || (day>29 && month==2 && (year%4==0) && (year%100!=0 || year%400==0)) || (day>28 && month==2 && ((year%4!=0) || (year%100==0 && year%400!=0))); + var wrongYear = year < 1990 || year > parseInt(thisDate.getFullYear()); + + var thisYear = parseInt(thisDate.getFullYear()); + var thisMonth = parseInt(thisDate.getMonth())+1; + var thisDay = parseInt(thisDate.getDate()); + var wrongDate = year==thisYear && ((thisMonth<month) || (thisMonth==month && thisDay<(day-1))); + + if (wrongMonth ||wrongDay || wrongYear || wrongDate) + return false; + + } catch (error){ + return false; + } + + return true; + } + </text> + <url>https://demo.testfire.net/bank/transaction.jsp</url> + </item> + <item> + <text>return (confirminput(Form1));</text> + <url>https://demo.testfire.net/bank/transaction.jsp</url> + </item> + <item> + <text> + + function confirminput(myform) { + var dbt=document.getElementById("fromAccount").value; + var cdt=document.getElementById("toAccount").value; + var amt=document.getElementById("transferAmount").value; + + if (dbt == cdt) { + alert("From Account and To Account fields cannot be the same."); + return false; + } + else if (!(amt > 0)){ + alert("Transfer Amount must be a number greater than 0."); + return false; + } + + return true; + } + + </text> + <url>https://demo.testfire.net/bank/transfer.jsp</url> + </item> + <item> + <text>return (confirminput(tForm));</text> + <url>https://demo.testfire.net/bank/transfer.jsp</url> + </item> + <item> + <text> + + function go() { + var iPos = document.URL.indexOf("url=")+4; + var sDst = document.URL.substring(iPos,document.URL.length); + if (window.opener) { + window.opener.location.href = sDst; + cl(); + } else { + window.location.href = sDst; + } + } + + function cl() { + window.close(); + } + + var iPos = document.URL.indexOf("url=")+4; + var sDst = document.URL.substring(iPos,document.URL.length); + // if redirection is in the application's domain, don't ask for authorization + if ( sDst.indexOf("http") == 0 && sDst.indexOf(document.location.hostname) != -1 ) { + if (window.opener) { + window.opener.location.href = "http" + sDst.substring(4); + cl(); + } else { + window.location.href = "http" + sDst.substring(4); + } + } + + </text> + <url>https://demo.testfire.net/disclaimer.htm</url> + </item> + <item> + <text>document.write(encodeURI(sDst));</text> + <url>https://demo.testfire.net/disclaimer.htm</url> + </item> + <item> + <text>go();return false;</text> + <url>https://demo.testfire.net/disclaimer.htm</url> + </item> + <item> + <text>cl();return false;</text> + <url>https://demo.testfire.net/disclaimer.htm</url> + </item> + <item> + <text> + +var jobs = { + "Administration":{"ExecutiveAssistant":"jobs/20061023.htm"}, + "ConsumaerBanking":{"Teller":"jobs/20061019.htm"}, + "CustomerService":{"CustomerServiceRepresentative":"jobs/20061026.htm"}, + "Marketing":{"LoyaltyMarketingProgramManager":"jobs/20061025.htm"}, + "RiskManagement":{"OperationalRiskManager":"jobs/20061027.htm"}, + "Sales":{"MortgageLendingAccountExecutive":"jobs/20061024.htm"} +}; + +function loadPage() { + if (document.location.hash == "#alljobs") { + document.location.hash = ""; + return; + } + /* check if job parameter exists */ + var job = getParameter("job"); + if (job && job.length > 0) { + var sp = job.split(':'); + if (sp.length == 2 && jobs[sp[1]] && jobs[sp[1]] != "") { + /* check if job exists */ + if (jobs[sp[1]][sp[0]] && jobs[sp[1]][sp[0]] != "") { + document.location.href = "index.jsp?content="+jobs[sp[1]][sp[0]]; + } else { + /* tell the user the job isn't open anymore */ + document.write("<h2 style='color:#ff0000'>We're sorry, but it appears the position for " + sp[0] + " in group " + sp[1] + " is not open anymore</h2>"); + } + } + } +} + +function getParameter(name) { + var searchStr = document.location.search.substring(1); + var params = searchStr.split('&'); + for (var i=0; i < params.length; i++) { + nv = params[i].split('='); + if (nv.length == 2 && nv[0] == name) { + return nv[1]; + } + } + return ""; +} + +function sethash() { + document.location.hash = "alljobs"; +} + +/* set IE to go back to orig page when pressing the back command in teh next page */ +if (navigator.appName == 'Microsoft Internet Explorer') { + window.onbeforeunload=sethash; +} + +window.onload = loadPage; + +</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text> + + function confirmpass(myform) + { + if (myform.password1.value.length && (myform.password1.value==myform.password2.value)) + { + return true; + } + else + { + myform.password1.value=""; + myform.password2.value=""; + myform.password1.focus(); + alert ("Passwords do not match"); + return false; + } + + } + </text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <text>return confirmpass(this);</text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + </java-script-group> + <comment-group> + <total>40</total> + <item> + <text>BEGIN HEADER</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"></text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>END HEADER</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>TOC BEGIN</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>TOC END</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>To get the latest admin login, please contact SiteOps at 415-555-6159</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>BEGIN FOOTER</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>END FOOTER</text> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, online banking, banking, checking, savings, accounts</text> + <url>https://demo.testfire.net/</url> + </item> + <item> + <text>MEMBER TOC BEGIN</text> + <url>https://demo.testfire.net/bank/main.jsp</url> + </item> + <item> + <text><li><a id="MenuHyperLink3" href="/bank/stocks.jsp">Trade Stocks</a></li></text> + <url>https://demo.testfire.net/bank/main.jsp</url> + </item> + <item> + <text>MEMBER TOC END</text> + <url>https://demo.testfire.net/bank/main.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, online banking, contact information, subscriptions</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>- Dave- Hard code this into the final script - Possible security problem. + Re-generated every Tuesday and old files are saved to .bak format at L:\backup\website\oldfiles -</text> + <url>https://demo.testfire.net/feedback.jsp</url> + </item> + <item> + <text>To modify account information do not connect to SQL source directly. Make all changes + through the admin page.</text> + <url>https://demo.testfire.net/bank/showAccount</url> + </item> + <item> + <text>Keywords:Altoro Mutual, personal deposit, personal checking, personal loans, personal cards, personal investments</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, deposit products, personal deposits</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, personal checking, checking platinum, checking gold, checking silver, checking bronze</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, auto loans, boat loans, lines of credit, home equity, mortgage loans, student loans</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, brokerage services, retirement, insurance, private banking, wealth and tax services</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, Altoro Private Bank, Altoro Wealth and Tax</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, real estate loans, small business loands, small business loands, equipment leasing, credit line</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, credit cards, platinum cards, premium credit</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, press releases, media, news, events, public relations</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, job openings, benefits, student internships, management trainee programs</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, privacy, information collection, safeguards, data usage</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, security, security, security, we provide security, secure online banking</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>HTML for static distribution bundle build</text> + <url>https://demo.testfire.net/swagger/index.html</url> + </item> + <item> + <text><!DOCTYPE html></text> + <url>https://demo.testfire.net/swagger/index.html</url> + </item> + <item> + <text>TODO PAGES: <td colspan="4"><span>1</span>&nbsp;<a href="javascript:__doPostBack('_ctl0$_ctl0$Content$Main$MyTransactions$_ctl54$_ctl1','')">2</a></td></text> + <url>https://demo.testfire.net/bank/transaction.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual Press Release</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, benefits, child-care, flexible time, health club, company discounts, paid vacations</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, careers, opportunities, jobs, management</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, management trainess, Careers, advancement</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Keywords:Altoro Mutual, executives, board of directors</text> + <url>https://demo.testfire.net/index.jsp</url> + </item> + <item> + <text>Be careful what you change. All changes are made directly to AltoroJ database.</text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <text>action="addAccount"</text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <text>action="changePassword"</text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <text>action="addUser"</text> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + </comment-group> + <script-parameter-group> + <total>33</total> + <item> + <name>content</name> + <values> + <value>customize.jsp</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=international</url> + </item> + <item> + <name>content</name> + <values> + <value>queryxpath.jsp</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Hidden</parameter-type> + <url>https://demo.testfire.net/bank/queryxpath.jsp?content=queryxpath.jsp&query=Enter+title+(e.g.+Watchfire)</url> + </item> + <item> + <name>passwd</name> + <values> + <value>**CONFIDENTIAL 0**</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Password</parameter-type> + <url>https://demo.testfire.net/bank/ccApply</url> + </item> + <item> + <name>step</name> + <values> + <value>a</value> + <value>b</value> + <value>done</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/survey_questions.jsp?step=a</url> + </item> + <item> + <name>txtEmail</name> + <values> + <value>jsmith@mail.com</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/survey_questions.jsp?step=done&txtEmail=jsmith@mail.com</url> + </item> + <item> + <name>uid</name> + <values> + <value>jsmith</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/doLogin</url> + </item> + <item> + <name>passw</name> + <values> + <value>**CONFIDENTIAL 0**</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Password</parameter-type> + <url>https://demo.testfire.net/doLogin</url> + </item> + <item> + <name>listAccounts</name> + <values> + <value>800003</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Select</parameter-type> + <url>https://demo.testfire.net/bank/showAccount?listAccounts=800003</url> + </item> + <item> + <name>url</name> + <values> + <value>http://www.netscape.com</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com</url> + </item> + <item> + <name>btnSubmit</name> + <values> + <value>Subscribe</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Submit</parameter-type> + <url>https://demo.testfire.net/doSubscribe</url> + </item> + <item> + <name>content</name> + <values> + <value>inside_contact.htm</value> + <value>personal.htm</value> + <value>inside.htm</value> + <value>personal_deposit.htm</value> + <value>personal_checking.htm</value> + <value>personal_loans.htm</value> + <value>personal_investments.htm</value> + <value>personal_other.htm</value> + <value>business_lending.htm</value> + <value>business_cards.htm</value> + <value>business_retirement.htm</value> + <value>inside_about.htm</value> + <value>inside_press.htm</value> + <value>inside_careers.htm</value> + <value>privacy.htm</value> + <value>security.htm</value> + <value>pr/20061109.htm</value> + <value>inside_executives.htm</value> + <value>inside_jobs.htm</value> + <value>inside_benefits.htm</value> + <value>inside_trainee.htm</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + </item> + <item> + <name>btnSubmit</name> + <values> + <value>Login</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Submit</parameter-type> + <url>https://demo.testfire.net/doLogin</url> + </item> + <item> + <name>query</name> + <values> + <value>Enter title (e.g. Watchfire)</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/bank/queryxpath.jsp?content=queryxpath.jsp&query=Enter+title+(e.g.+Watchfire)</url> + </item> + <item> + <name>query</name> + <values> + <value>1234</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + </item> + <item> + <name>Submit</name> + <values> + <value>Submit</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Submit</parameter-type> + <url>https://demo.testfire.net/bank/ccApply</url> + </item> + <item> + <name>endDate</name> + <values> + <value>2019-01-01</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/bank/showTransactions</url> + </item> + <item> + <name>submit</name> + <values> + <value>+Submit+</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Submit</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>transferAmount</name> + <values> + <value>1234</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <name>txtEmail</name> + <values> + <value>test@altoromutual.com</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/doSubscribe</url> + </item> + <item> + <name>cfile</name> + <values> + <value>comments.txt</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Hidden</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>startDate</name> + <values> + <value>2019-01-01</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/bank/showTransactions</url> + </item> + <item> + <name>name</name> + <values> + <value>John+Smith</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>accttypes</name> + <values> + <value>Savings</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Select</parameter-type> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <name>transfer</name> + <values> + <value>Transfer Money</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Submit</parameter-type> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <name>HostName</name> + <values> + <value>AltoroMutual</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=AltoroMutual</url> + </item> + <item> + <name>email_addr</name> + <values> + <value>753+Main+Street</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Text</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>toAccount</name> + <values> + <value>800003</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Select</parameter-type> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <name>comments</name> + <values> + <value>1234</value> + </values> + <parameter-type>ApplicationData.HttpParamType.TextArea</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>username</name> + <values> + <value>sspeed</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Select</parameter-type> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <name>fromAccount</name> + <values> + <value>800003</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Select</parameter-type> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <name>subject</name> + <values> + <value>1234</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Post_Data</parameter-type> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <name>job</name> + <values> + <value>OperationalRiskManager:RiskManagement</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=OperationalRiskManager:RiskManagement</url> + </item> + <item> + <name>lang</name> + <values> + <value>international</value> + </values> + <parameter-type>ApplicationData.HttpParamType.Simple_Link</parameter-type> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=international</url> + </item> + </script-parameter-group> + <header-group> + <total>0</total> + </header-group> + <visited-link-group> + <total>60</total> + <item> + <url>https://demo.testfire.net/</url> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/doLogin</url> + </item> + <item> + <url>https://demo.testfire.net/bank/main.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + </item> + <item> + <url>https://demo.testfire.net/feedback.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <url>https://demo.testfire.net/bank/showAccount?listAccounts=800003</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_deposit.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_checking.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_loans.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_investments.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_other.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_lending.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_cards.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_retirement.htm</url> + </item> + <item> + <url>https://demo.testfire.net/retirement.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_about.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_press.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_careers.htm</url> + </item> + <item> + <url>https://demo.testfire.net/subscribe.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/doSubscribe</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=privacy.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=security.htm</url> + </item> + <item> + <url>https://demo.testfire.net/status_check.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=AltoroMutual</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/index.html</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/swagger-ui-standalone-preset.js</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/properties.json</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/swagger-ui-bundle.js</url> + </item> + <item> + <url>https://demo.testfire.net/bank/transaction.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/showTransactions</url> + </item> + <item> + <url>https://demo.testfire.net/bank/transfer.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/queryxpath.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/queryxpath.jsp?content=queryxpath.jsp&query=Enter+title+(e.g.+Watchfire)</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=international</url> + </item> + <item> + <url>https://demo.testfire.net/bank/apply.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/ccApply</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=a</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=b</url> + </item> + <item> + <url>https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com</url> + </item> + <item> + <url>https://demo.testfire.net/subscribe.swf</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_executives.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20061109.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_benefits.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_trainee.htm</url> + </item> + <item> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=international</url> + </item> + <item> + <url>https://demo.testfire.net/logout.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=OperationalRiskManager:RiskManagement</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=done&txtEmail=jsmith@mail.com</url> + </item> + <item> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + </visited-link-group> + <unique-visited-link-group> + <max-issues-in-url>11</max-issues-in-url> + <item> + <url>https://demo.testfire.net/</url> + </item> + <item> + <url>https://demo.testfire.net/admin/admin.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/apply.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/ccApply</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=international</url> + </item> + <item> + <url>https://demo.testfire.net/bank/doTransfer</url> + </item> + <item> + <url>https://demo.testfire.net/bank/main.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/queryxpath.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/queryxpath.jsp?content=queryxpath.jsp&query=Enter+title+(e.g.+Watchfire)</url> + </item> + <item> + <url>https://demo.testfire.net/bank/showAccount?listAccounts=800003</url> + </item> + <item> + <url>https://demo.testfire.net/bank/showTransactions</url> + </item> + <item> + <url>https://demo.testfire.net/bank/transaction.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/bank/transfer.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com</url> + </item> + <item> + <url>https://demo.testfire.net/doLogin</url> + </item> + <item> + <url>https://demo.testfire.net/doSubscribe</url> + </item> + <item> + <url>https://demo.testfire.net/feedback.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_cards.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_lending.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_retirement.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_about.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_benefits.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_careers.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_executives.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=OperationalRiskManager:RiskManagement</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_press.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_trainee.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_checking.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_deposit.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_investments.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_loans.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_other.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20061109.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=privacy.htm</url> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=security.htm</url> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/logout.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/retirement.htm</url> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + </item> + <item> + <url>https://demo.testfire.net/sendFeedback</url> + </item> + <item> + <url>https://demo.testfire.net/status_check.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/subscribe.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/subscribe.swf</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=a</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=b</url> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=done&txtEmail=jsmith@mail.com</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/index.html</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/properties.json</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/swagger-ui-bundle.js</url> + </item> + <item> + <url>https://demo.testfire.net/swagger/swagger-ui-standalone-preset.js</url> + </item> + <item> + <url>https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=AltoroMutual</url> + </item> + </unique-visited-link-group> + <broken-link-group> + <total>6</total> + <item> + <url>https://demo.testfire.net/default.jsp?content=security.htm</url> + <reason>Response Status '404' - Not Found</reason> + </item> + <item> + <url>https://demo.testfire.net/inside_points_of_interest.htm</url> + <reason>Response Status '404' - Not Found</reason> + </item> + <item> + <url>https://demo.testfire.net/default.jsp?content=security.htm</url> + <reason>Response Status '404' - Not Found</reason> + </item> + <item> + <url>https://demo.testfire.net/Privacypolicy.jsp?sec=Careers&template=US</url> + <reason>Response Status '404' - Not Found</reason> + </item> + <item> + <url>https://demo.testfire.net/default.jsp?content=security.htm</url> + <reason>Response Status '404' - Not Found</reason> + </item> + <item> + <url>https://demo.testfire.net/default.jsp?content=security.htm</url> + <reason>Response Status '404' - Not Found</reason> + </item> + </broken-link-group> + <filtered-link-group> + <total>242</total> + <item> + <url>https://demo.testfire.net/style.css</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/logo.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/header_pic.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/pf_lock.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/cgi.exe</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/home1.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/home2.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/home3.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://github.com/AppSecDev/AltoroJ/</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>http://www-142.ibm.com/software/products/us/en/subcategory/SWI10</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/images/inside6.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_main.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/pr/communityannualreport.pdf</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/inside1.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_deposit.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_checking.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_loans.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_investments.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>http://demo-analytics.testfire.net/urchin.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/admin/clients.xls</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/p_other.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/b_lending.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/b_cards.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/b_retirement.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>http://www.newspapersyndications.tv/</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/images/inside5.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/inside7.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/inside4.jpg</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>http://www.cert.org/</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/images/icon_top.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/swagger-ui.css</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/favicon-32x32.png</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/favicon-16x16.png</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://online.swagger.io/validator?url=https://demo.testfire.net/swagger/properties.json</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_savings.htm</url> + <reason>FilteredUrl.BodySimilar</reason> + </item> + <item> + <url>https://demo.testfire.net/images/ok.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>https://demo.testfire.net/images/cancel.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>http://www.netscape.com/</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://www.aol.com/</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/benji/benji-1.0.83.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-dl-1.6.2.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/wafer-core.d8a2bbe83acf7922.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/polyfills.e0be59dc1da96626.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/vendor-glide.a8bd1773c27f716d.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/utils.783372195eb15b3c.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-rapid-1.10.7.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-scrollview-2.21.0.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-tabs-1.12.6.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-toggle-1.15.4.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-video-2.22.15.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/video_player_wafer.08e7f13466871cff.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/dispatcher.e1ad6900814fab04.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/gam.ded987fb43ca4cac.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-autocomplete-1.31.7.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/readmo.8c9dae6c4d72bf7e.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-module-2.0.0.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-text-1.2.0.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-beacon-1.3.4.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-fetch-1.19.1.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-bind-1.1.3.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/notification_banner.021ba5ca8466c0b7.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/ad_blocker.66ca66172460f2e8.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/wf/wf-image-1.4.0.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/dl.3f04b2accc977d6a.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/notification_bell.c68f40de3779e9a4.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/weather.35ca22e5bc4d12c5.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/ss/rapid3.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/aol_header.da6597b18c191447.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/os/yaft/yaft-0.3.29.min.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/oa/consent.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/news.ec578b81c96c3c35.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/choose_news.db3547969a1b837c.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://consent.cmp.oath.com/cmp.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/caas-assets-production/assets/v1/y_finance_markets.c976d9537fe5aaf8.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-12/27ab1e70-68e8-11ec-9f8f-130668cce848&client=76f99bdb8f78cd44cc0b&signature=12d46bf50c61cc738244b48afd58278f22fa2d41</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-06/77d38700-d9ed-11eb-be27-f7edbce29062&client=76f99bdb8f78cd44cc0b&signature=f681a4e420fd5eb2c85085401f6fad97b8f5c7d1</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2023-06/1504f900-095d-11ee-af59-036f8ef2680e&client=76f99bdb8f78cd44cc0b&signature=f96c8983d15c2cd551b47caf27cd710ec77e61ad</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/cx/vzm/cs.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-12/575bc790-355f-11eb-ad7b-2304a1f8730f&client=76f99bdb8f78cd44cc0b&signature=9ff3de001884e92d939ae40d08e9b7109e31ec24</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2023-04/761cfe70-deb2-11ed-8fff-6672c0d730ce&client=76f99bdb8f78cd44cc0b&signature=3e88644a0b664a16743aee5bc603aabc2307f5c2</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-11/24ea2060-2fbd-11eb-b6fd-a6e16217c6e6&client=76f99bdb8f78cd44cc0b&signature=2a26e46583bfd12678b081b69fb7cca425c39052</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2022-04/024bb600-bc29-11ec-be3f-c8aa85a55bda&client=76f99bdb8f78cd44cc0b&signature=b9513e72c8af6f42b1e2f462026b9e7c280d5a3a</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.yimg.com/aaq/pv/perf-vitals_2.1.1.js</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2023-07/b1f2c370-2fe4-11ee-af3f-3bc97f9dc4f0&client=76f99bdb8f78cd44cc0b&signature=307667e96789b86d53a0f4bbdb5707cd1bea98a9</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-12/515ef980-3432-11eb-b5ef-2a7f8e085664&client=76f99bdb8f78cd44cc0b&signature=2219f359ed98a4e53a5fcf45b7e15fd870daf112</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-12/d50a9120-3411-11eb-97bb-1084c5a79300&client=76f99bdb8f78cd44cc0b&signature=2e380cbe938a1f4b6b57c6cdf936e0516050112f</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-09/7bc91ad0-1009-11ec-bfea-2182b7e056ce&client=76f99bdb8f78cd44cc0b&signature=0ce860f1e66ab33504feea849bdc56f9987a9c41</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2022-08/16659720-22f2-11ed-bbf8-7ef4b7911c60&client=76f99bdb8f78cd44cc0b&signature=38d2911d75273d418cf1c35d0c430a84d5a2ca66</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-07/3c019bd0-ee43-11eb-bced-b4b62d80677d&client=76f99bdb8f78cd44cc0b&signature=3aa198e79469e4081181851b7817f9aefe8b4866</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2022-07/b6b52f10-0dc1-11ed-9af1-3e6ae68289be&client=76f99bdb8f78cd44cc0b&signature=a707ab932a73b8a9fb47d3fc3b9ee0c75e5ebc25</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-12/64340b00-6982-11ec-a6ee-d01e5d0b5861&client=76f99bdb8f78cd44cc0b&signature=ac1c86f1c864869accf8544da530e03be9b801e8</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-11/aacb3290-4bb5-11ec-9dff-c91b8179f931&client=76f99bdb8f78cd44cc0b&signature=177ac960ba64a8abb0f463dbe9e209b3d20d649d</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-12/e8f349d0-6993-11ec-beb7-1653c87f6a88&client=76f99bdb8f78cd44cc0b&signature=7675a6e9b61e2052c273db9b79d7c1cb5cc4496c</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_savings.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-07/443d5c40-dfec-11eb-bbff-7da4a64d072d&client=76f99bdb8f78cd44cc0b&signature=2bbcf94c8cff5820cd47b0b2766b30c5416c86c9</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-11/a2258160-2b7f-11eb-bbe3-c5a6dfd56406&client=76f99bdb8f78cd44cc0b&signature=ae507cb078909cbed31627771fd05c3f42bd428b</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-08/1f7aca00-0ab2-11ec-9ef8-03b4eef83866&client=76f99bdb8f78cd44cc0b&signature=c2f031ad3ac41d2282251c921aa9e4634e674019</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=a</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-09/291fe6d0-1246-11ec-9eb7-5392da65195b&client=76f99bdb8f78cd44cc0b&signature=a55197107cb3e922d2624bc588f9c497bb452282</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-11/ee6a7240-244c-11eb-bd1f-e1f6ad08dba9&client=76f99bdb8f78cd44cc0b&signature=c95b1e7a4d9513cf73f9897cf1beea2ef60ef716</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=b</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2021-12/e9cc2d60-6982-11ec-b3df-9bd0426ec2ec&client=76f99bdb8f78cd44cc0b&signature=2e98d8405d99584183fc278e449e64974d353e94</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2023-09/c1ee04e0-4dcd-11ee-97bf-83c5420da580&client=76f99bdb8f78cd44cc0b&signature=914d0608eb4f953292a2fc317324e981b551aa42</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-11/ad68a030-2ae3-11eb-b7df-2219b2546d62&client=76f99bdb8f78cd44cc0b&signature=50e22a394a6cf858e64b2613c09da8a9a4cdfc51</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2020-12/be863210-34b6-11eb-9fb7-2187cff1c470&client=76f99bdb8f78cd44cc0b&signature=cd7d9f6e5bc98fb19e3761f13bce648092a434ce</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2022-12/88a54880-7c98-11ed-bf53-d549d04eb5fa&client=76f99bdb8f78cd44cc0b&signature=02b60b757010b68fe7003f78bda5ac1c3a9988fa</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://s.aolcdn.com/images/dims?format=jpg&quality=80&thumbnail=32,32&image_uri=https://s.yimg.com/os/creatr-uploaded-images/2023-08/5696bdd0-3541-11ee-9d77-e98ff6d47746&client=76f99bdb8f78cd44cc0b&signature=aac44e401f7cb4c4a646ca784a3a43da1693a625</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=privacy.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_insurance.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_investor.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/bank/showAccount?listAccounts=800002</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20061005.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060928.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/bank/customize.jsp?content=customize.jsp&lang=english</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/bank/ccApply</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/images/spacer.gif</url> + <reason>FilteredUrl.FileExtension</reason> + </item> + <item> + <url>http://www.exampledomainnotinuse.org/mybeacon.gif</url> + <reason>FilteredUrl.Untrusted</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/feedback.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_checking.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_loans.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_investments.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_lending.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_insurance.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_retirement.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_about.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_investor.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_press.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_careers.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/subscribe.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=security.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/status_check.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/index.html</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/sendFeedback</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_community.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060921.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060817.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060720.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060518.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=pr/20060413.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_internships.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp?step=c</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=ExecutiveAssistant:Administration</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=Teller:ConsumaerBanking</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=CustomerServiceRepresentative:CustomerService</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=LoyaltyMarketingProgramManager:Marketing</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=MortgageLendingAccountExecutive:Sales</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/feedback.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_checking.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_loans.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_investments.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_lending.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_insurance.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_retirement.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_about.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_investor.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_press.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_careers.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/subscribe.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_savings.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=privacy.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=security.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/status_check.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/index.html</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_contact.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/feedback.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_checking.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_loans.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_investments.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_deposit.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_lending.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_cards.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_insurance.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_retirement.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=business_other.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_about.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_investor.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_press.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=inside_careers.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/subscribe.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=personal_savings.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=privacy.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/survey_questions.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/index.jsp?content=security.htm</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/status_check.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/swagger/index.html</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/search.jsp?query=1234</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/</url> + <reason>FilteredUrl.BodySimilar</reason> + </item> + <item> + <url>https://demo.testfire.net/doLogin</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + <reason>FilteredUrl.BodySimilar</reason> + </item> + <item> + <url>https://demo.testfire.net/bank/main.jsp</url> + <reason>FilteredUrl.BodySimilar</reason> + </item> + <item> + <url>https://demo.testfire.net/admin/admin.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/login.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + <item> + <url>https://demo.testfire.net/doLogin</url> + <reason>FilteredUrl.PredictableUrl</reason> + </item> + <item> + <url>https://demo.testfire.net/bank/main.jsp</url> + <reason>FilteredUrl.DomSimilarity</reason> + </item> + </filtered-link-group> +</xml-report> \ No newline at end of file diff --git a/unittests/scans/hcl_appscan/many_findings.xml b/unittests/scans/hcl_appscan/many_findings.xml new file mode 100644 index 00000000000..af823e290d1 --- /dev/null +++ b/unittests/scans/hcl_appscan/many_findings.xml @@ -0,0 +1,13153 @@ +<?xml version="1.0" encoding="utf-8" standalone="yes"?> +<xml-report name="AppScan Report" AsocXmlExportVersion="1.7" technology="Mixed"> + <dictionary> + <item id="added">added</item> + <item id="addedToRequestColon">added to request:</item> + <item id="additionalDataColon">Additional Data:</item> + <item id="advisories">Advisories</item> + <item id="affectedProductsColon">Affected Products:</item> + <item id="affectedURLs">Vulnerable URLs</item> + <item id="allowConcurrentLogins">Concurrent Logins:</item> + <item id="applicationData">Application Data</item> + <item id="applicationServerColon">Application Server:</item> + <item id="appScanSeverity">AppScan Severity</item> + <item id="benignLabel">Harmless</item> + <item id="BinaryDataNotIncluded">This request/response contains binary content, which is not included in generated reports.</item> + <item id="body">Body</item> + <item id="brokenLinks">Failed Requests</item> + <item id="cause">Cause</item> + <item id="causes">Causes</item> + <item id="causesColon">Causes:</item> + <item id="cipherSuiteId">Id</item> + <item id="cipherSuiteName">Name</item> + <item id="cipherSuitesTitle">The following weak cipher suites are supported by the server:</item> + <item id="code">Code</item> + <item id="comment">Comment</item> + <item id="comments">Comments</item> + <item id="cookie">Cookie</item> + <item id="cookies">Cookies</item> + <item id="cveColon">CVE:</item> + <item id="cweColon">CWE:</item> + <item id="detailedSummary">Detailed Summary</item> + <item id="detailedSummaryContent">A detailed listing of the scan results, including all issue types found, all recommended remediation tasks, all vulnerable URLs, etc. This section is intended to provide a more detailed understanding of the security status of the application, as well as assist in scoping and prioritizing the work required to remedy issues found.</item> + <item id="detectedCookies">Tracked or session ID cookies:</item> + <item id="detectedParameters">Tracked or session ID parameters:</item> + <item id="differenceColon">Difference:</item> + <item id="documentMap">Document Map</item> + <item id="documentMapContent">This report consists of the following sections:</item> + <item id="domain">Domain</item> + <item id="dotNet">.Net</item> + <item id="enableJsxInLoginReplay">JavaScript execution:</item> + <item id="entity">Entity</item> + <item id="entityColon">Entity:</item> + <item id="example">Example</item> + <item id="executiveSummary">Summary</item> + <item id="executiveSummaryContent">This section provides a high level view of the information gathered during the scan, using graphs or comparative numbers. It is intended to provide a general understanding of the security status of the application.</item> + <item id="expires">Expires</item> + <item id="filteredLinks">Filtered URLs</item> + <item id="firstSet">First Set</item> + <item id="fix">Fix</item> + <item id="fixColon">Fix:</item> + <item id="fixRecommendations">Fix Recommendations</item> + <item id="general">General</item> + <item id="generalInformation">General Information</item> + <item id="header">Header</item> + <item id="high">High</item> + <item id="highSeverityIssues">High severity issues:</item> + <item id="hostColon">Host:</item> + <item id="index">Index</item> + <item id="informational">Informational</item> + <item id="InformationalSeverityIssues">Informational severity issues:</item> + <item id="introduction">Introduction</item> + <item id="introductionAndObjectives">Introduction and Objectives</item> + <item id="introductionAndObjectivesContent">General information about the scan, including the project name, purpose of the scan, etc.</item> + <item id="issue">Issue</item> + <item id="issuesByIssueType">Issues Sorted by Issue Type</item> + <item id="issuesByURL">Issues Sorted by URL</item> + <item id="issuesDetectedAcross">Issues detected across</item> + <item id="issueType">Issue Type</item> + <item id="issueTypes">Issue Types</item> + <item id="issueTypesDiscovered">Issue Types</item> + <item id="j2ee">J2EE</item> + <item id="javaScripts">JavaScripts</item> + <item id="loginSettings">Login Settings</item> + <item id="low">Low</item> + <item id="lowSeverityIssues">Low severity issues:</item> + <item id="malwareLabel">Malicious</item> + <item id="manipulatedFromColon">manipulated from:</item> + <item id="medium">Medium</item> + <item id="mediumSeverityIssues">Medium severity issues:</item> + <item id="method">Method</item> + <item id="name">Name</item> + <item id="newUrls">New URLs</item> + <item id="nodePathColon">Report Produced on Tree node:</item> + <item id="numberOfAffectedIssues">this is now the same as the one below - should be removed</item> + <item id="numberOfIssues">Number of Issues</item> + <item id="objectives">Objectives</item> + <item id="objectivesContent">AppScan performs real-time security assessments on web applications. These assessments aim to uncover any security issues in the application, explain the impact and risks associated with these issues, and provide guidance in planning and prioritizing remediation. The objective of this assignment was to perform controlled attack and penetration activities to assess the overall level of security of the application.</item> + <item id="of">of</item> + <item id="operatingSystemColon">Operating system:</item> + <item id="originalRequestLabel">Original Request</item> + <item id="originalRequestsAndResponsesColon">Original Requests and Responses:</item> + <item id="originalResponseLabel">Original Response</item> + <item id="parameter">Parameter</item> + <item id="parameters">Parameters</item> + <item id="path">Path</item> + <item id="php">PHP</item> + <item id="query">Query</item> + <item id="rawTestResponseLabel">Raw Test Response:</item> + <item id="reason">Reason</item> + <item id="reasoningColon">Reasoning:</item> + <item id="recordedRequestSequence">Login sequence:</item> + <item id="referencesColon">References:</item> + <item id="regulations">Regulations</item> + <item id="remainingUrls">Remaining URLs</item> + <item id="remediationTask">Remediation Task</item> + <item id="removed">removed</item> + <item id="removedFromRequestColon">removed from request:</item> + <item id="removedUrls">Removed URLs</item> + <item id="reportName">Comprehensive Security Report</item> + <item id="reportTagLine">AppScan Web Application Security Report</item> + <item id="requestedURL">Requested URL</item> + <item id="requestLabel">Request</item> + <item id="responseLabel">Response</item> + <item id="risk">Risk</item> + <item id="riskColon">Risk:</item> + <item id="rulesColon">Rules:</item> + <item id="scanDateColon">Scan started: </item> + <item id="scanFileNameColon">Scan file name: </item> + <item id="sections">Sections</item> + <item id="sectionsOfTheRegulationColon">sections of the regulation:</item> + <item id="sectionViolation">Violated Section</item> + <item id="sectionViolationGdprArticles">GDPR Articles</item> + <item id="sectionViolationByIssue">Section Violation by Issue</item> + <item id="secure">Secure</item> + <item id="securityIssuesBySections">Detailed Security Issues by Sections</item> + <item id="securityRisks">Security Risks</item> + <item id="securityRisksColon">Security Risks:</item> + <item id="sessionManagementMode">Login method:</item> + <item id="sessionVerifierEnabled">In-session detection:</item> + <item id="sessionVerifierPattern">In-session pattern:</item> + <item id="severity">Severity</item> + <item id="severityColon">Severity:</item> + <item id="sniqueIssuesDetectedAcross">Unique issues detected across</item> + <item id="sslVersion">SSL Version</item> + <item id="tableOfContents">Table of Contents</item> + <item id="testDescriptionColon">Test Description:</item> + <item id="testLoginLabel">Test Login</item> + <item id="testPolicyColon">Test policy:</item> + <item id="testRequestLabel">Test Request:</item> + <item id="testRequestsResponsesColon">Test Requests and Responses:</item> + <item id="testResponseFirstLabel">Test Response (first)</item> + <item id="testResponseLabel">Test Response</item> + <item id="testResponseLastLabel">Test Response (last)</item> + <item id="testResponseNextToLastLabel">Test Response (next-to-last)</item> + <item id="testTechnicalDescriptionColon">Technical Description:</item> + <item id="testTypeColon">Test Type:</item> + <item id="threat">Threat</item> + <item id="threatClassification">WASC Threat Classification</item> + <item id="threatClassificationColon">Threat Classification:</item> + <item id="toc">TOC</item> + <item id="toColon">to:</item> + <item id="totalIssuesInReportColon">Total security issues included in the report:</item> + <item id="totalIssuesInScanColon">Total security issues:</item> + <item id="TotalSecurityIssues">total security issues</item> + <item id="type">Type</item> + <item id="unwantedLabel">Unwanted</item> + <item id="url">URL</item> + <item id="urlColon">URL:</item> + <item id="validLoginLabel">Valid Login</item> + <item id="value">Value</item> + <item id="variant">Variant</item> + <item id="visitedLinks">Visited URLs</item> + <item id="vulnerableURLs">Vulnerable URLs</item> + <item id="webServerColon">Web server:</item> + <item id="willFix">Issue Types that this task fixes</item> + <item id="xssBlurb">Simulation of the pop-up that appears when this page is opened in a browser</item> + <item id="location">Location</item> + <item id="intentActionColon">Intent Action:</item> + <item id="intentClassColon">Intent Class:</item> + <item id="intentDataColon">Intent Data:</item> + <item id="intentExtraColon">Intent Extra:</item> + <item id="intentPackageColon">Intent Package:</item> + <item id="payload">Payload</item> + <item id="issuesColon">Issues:</item> + <item id="methodSignatureColon">Method Signature:</item> + <item id="parametersColon">Issue Validation Parameters:</item> + <item id="threadColon">Thread:</item> + <item id="timestampColon">Timestamp:</item> + <item id="traceColon">Trace:</item> + <item id="issueInformation">Issue Information</item> + <item id="issueInformationTip">This issue was detected by AppScan's Mobile Analyzer.</item> + <item id="callStackColon">Call Stack:</item> + <item id="headerColon">Header:</item> + <item id="xmlColon">XML:</item> + <item id="filenameColon">File Name:</item> + <item id="filePermissionColon">File Permission:</item> + <item id="synopsisColon">Synopsis:</item> + <item id="dumpColon">Dump:</item> + <item id="manifestColon">Manifest:</item> + <item id="requestColon">Request:</item> + <item id="methodInformation">Method Information</item> + <item id="signatureColon">Signature:</item> + <item id="fileColon">File:</item> + <item id="nameColon">Name: </item> + <item id="permissionsColon">Permissions:</item> + <item id="classString">Class</item> + <item id="function">Function</item> + <item id="line">Line</item> + <item id="createdByColon">Created by:</item> + <item id="securityIssueSummary">Summary of security issues</item> + <item id="issues">Issues</item> + <item id="goToTableOfContents">Go to Table of Contents</item> + <item id="issueTypesColon">Issue Types:</item> + <item id="applicationVersionColon">Application Version:</item> + <item id="scanNameColon">Scan Name: </item> + <item id="firstVariantColon">First Variant:</item> + <item id="variantsFoundColon">Variants Found:</item> + <item id="owaspColon">OWASP:</item> + <item id="xForceColon">X-Force:</item> + <item id="variantComment">(Only the first one is displayed)</item> + <item id="noIssuesFound">No security issues discovered in the scan</item> + <item id="scanStatusColon">Scan status:</item> + <item id="scanStatusIncomplete">Note that the scan on which this report is based was not completed.</item> + <item id="scanStatusSuccess">Success</item> + <item id="scanStatusIncompleteComment">Refer to the site for more details.</item> + <item id="sink">Sink</item> + <item id="source">Source</item> + <item id="owasp">OWASP Top 10</item> + <item id="filePathColon">File Path:</item> + <item id="referenceColon">Reference:</item> + <item id="trialVersionWatermark">Free Plan</item> + <item id="trialVersionHeader">Please Note:</item> + <item id="trialVersionMessage">This summary report was created with the Application Security Analyzer Free Plan. Once you purchase the full service you will have access to a complete report with detailed descriptions of the issues found and how to remediate them.</item> + <item id="activitiesColon">Activities:</item> + <item id="coverage">Coverage</item> + <item id="activities">Activities</item> + <item id="introductionContent">This report includes important security information about your mobile application.</item> + <item id="fixRecommendationsColon">Fix Recommendations:</item> + <item id="component">Component</item> + <item id="glossary">Glossary</item> + <item id="privacyColon">Privacy:</item> + <item id="symbolsFoundColon">Symbols Found:</item> + <item id="reportType">Mobile Application Report</item> + <item id="classSignitureColon">Class Signature:</item> + <item id="definingClass">Defining Class</item> + <item id="fieldsColon">Controllable Object Fields:</item> + <item id="receiversColon">Receivers:</item> + <item id="servicesColon">Services:</item> + <item id="receivers">Receivers</item> + <item id="services">Services</item> + <item id="methodSignitureColon">Method Signature:</item> + <item id="issueInformationColon">Issue Information:</item> + <item id="settingsForTargetColon">Settings For Target: </item> + <item id="providerColon">Provider:</item> + <item id="sampleReportWatermark">Sample Report</item> + <item id="loginModeColon">Login Mode:</item> + <item id="viewTitlesColon">Views:</item> + <item id="viewTitles">Views</item> + <item id="none">None</item> + <item id="automatic">Automatic</item> + <item id="manual">Manual</item> + <item id="callingLine">Calling Line</item> + <item id="callingMethod">Calling Method</item> + <item id="class">Class</item> + <item id="classification">Classification</item> + <item id="critical">Critical</item> + <item id="dateCreated">Date Created</item> + <item id="discoveryMethod">Discovery Method</item> + <item id="lastUpdated">Last Updated</item> + <item id="package">Package</item> + <item id="scansColon">Scans:</item> + <item id="severityValue">Severity Value</item> + <item id="status">Status</item> + <item id="api">API</item> + <item id="element">Element</item> + <item id="scheme">Scheme</item> + <item id="sinkColon">Sink:</item> + <item id="sourceColon">Source:</item> + <item id="trace">Trace</item> + <item id="sourceFile">Source File</item> + <item id="accessComplexity">Access Complexity</item> + <item id="accessVector">Access Vector</item> + <item id="authentication">Authentication</item> + <item id="availabilityImpact">Availability Impact</item> + <item id="confidentialityImpact">Confidentiality Impact</item> + <item id="cve">CVE</item> + <item id="cvss">CVSS</item> + <item id="description">Description</item> + <item id="exploitability">Exploitability</item> + <item id="integrityImpact">Integrity Impact</item> + <item id="summary">Summary</item> + <item id="coverageActivitiesDescription">Activities that were tested for security vulnerabilities, as defined in the app's manifest.</item> + <item id="coverageIssueTypesDescription">Issue Types that ASoC has tested your application for.</item> + <item id="coverageReceiversDescription">Receivers that were tested for security vulnerabilities, as defined in the app's manifest.</item> + <item id="coverageServicesDescription">Services that were tested for security vulnerabilities, as defined in the app's manifest.</item> + <item id="coverageViewsDescription">Titles of Views encountered when crawling the app.</item> + <item id="leakedInformationColon">Leaked Information:</item> + <item id="passwordColon">Password:</item> + <item id="userNameColon">User Name:</item> + <item id="mitigationColon">Mitigation:</item> + <item id="alternates">Alternate Fix Suggestions</item> + <item id="textFixRecImpl">This method is a part of the application code and appears in each of the grouped issue's traces. You should begin investigating a possible fix in the implementation of the method.</item> + <item id="textFixRecUse">This method is a third-party API, with a common caller in each of the grouped issue's traces. You should begin investigating a possible fix at the caller:</item> + <item id="vulnerableOpenSource">Replace/Repair Vulnerable OpenSource:</item> + <item id="UniqueAllIssue">Please refer to the details of this issue for fix recommendations.</item> + <item id="businessImpactColon">Business Impact: </item> + <item id="createdOnColon">Created: </item> + <item id="securityReportForColon">Security Report for: </item> + <item id="regulationReportForColon">Regulation Report for: </item> + <item id="notesColon">Notes: </item> + <item id="hyphenDetails"> - Details</item> + <item id="hyphenDiscussion"> - Discussion</item> + <item id="containsColon">Contains: </item> + <item id="issuesCount">{0} issues </item> + <item id="issuesOutOfInBraces"> (out of {0})</item> + <item id="hyphenHistory">- Audit Trail</item> + <item id="causeColon">Cause:</item> + <item id="createdByAppScan">HCL Application Security on Cloud, Version</item> + <item id="directoryColon">Directory:</item> + <item id="constantValueColon">Constant Value:</item> + <item id="foundInColon">Found in:</item> + <item id="severity_0">Informational</item> + <item id="severity_1">Low</item> + <item id="severity_2">Medium</item> + <item id="severity_3">High</item> + <item id="severity_4">Critical</item> + <item id="usiCardColon">User Supplied Credit Card Number:</item> + <item id="usiIdColon">User Supplied Id:</item> + <item id="usiInputColon">User Supplied Input:</item> + <item id="usiPasswordColon">User Supplied Password:</item> + <item id="usiPhoneColon">User Supplied Phone Number:</item> + <item id="usiUsernameColon">User Supplied User Name:</item> + <item id="hyphenFix">- Fix Recommendation</item> + <item id="fixPerIssueComment">Included for each issue separately.</item> + <item id="portColon">Port:</item> + <item id="applicationNameColon">Application Name: </item> + <item id="copyleftColon">Copyleft:</item> + <item id="copyrightRiskScoreColon">Copyright Risk:</item> + <item id="dateColon">Date:</item> + <item id="libraryNameColon">Library Name:</item> + <item id="licenseNameColon">License Name:</item> + <item id="licenseReportTitle">Open Source Report</item> + <item id="licenses">Licenses</item> + <item id="linkingColon">Linking:</item> + <item id="patentRiskScoreColon">Patent Risk:</item> + <item id="referenceTypeColon">Reference Type:</item> + <item id="referenceUrlColon">Reference URL:</item> + <item id="riskLevelColon">Risk Level:</item> + <item id="riskLevelHighLibrariesColon">Libraries with high risk level:</item> + <item id="riskLevelLowLibrariesColon">Libraries with low risk level:</item> + <item id="riskLevelMediumLibrariesColon">Libraries with medium risk level:</item> + <item id="riskLevelUnknownLibrariesColon">Libraries with unknown risk level:</item> + <item id="royaltyFreeColon">Royalty Free:</item> + <item id="totalLibrariesColon">Total Open Source Libraries: </item> + <item id="BrandNameTitle">AppScan on Cloud</item> + <item id="copyrightRiskScoreFive">Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification, subject to an exception for software that dynamically links to the original code. (example: LGPL).</item> + <item id="copyrightRiskScoreFour">Anyone who distributes a modification of the code may be required to make the source code for the modification publicly available at no charge.</item> + <item id="copyrightRiskScoreOne">Licensee may use the code without restriction.</item> + <item id="copyrightRiskScoreSeven">Anyone who develops a product that is based on or contains part of the code, or who modifies the code, may be required to make publicly available the source code for that product or modification if s/he (a) distributes the software or (b) enables others to use the software via hosted or web services. (example: Affero)</item> + <item id="copyrightRiskScoreSix">Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification. (example: GPL).</item> + <item id="copyrightRiskScoreThree">Anyone who distributes the code must provide certain notices, attributions and/or license terms in documentation with the software.</item> + <item id="copyrightRiskScoreTwo">Anyone who distributes the code must retain any attributions included in the original distribution.</item> + <item id="patentRiskScoreFour">Specific identified patent risks</item> + <item id="patentRiskScoreOne">Royalty free and no identified patent risks</item> + <item id="patentRiskScoreThree">No patents granted</item> + <item id="patentRiskScoreTwo">Royalty free unless litigated</item> + <item id="reportCreationDateColon">Report created at: </item> + <item id="reportForScanColon">Report for scan:</item> + <item id="openSourceLibraryName">Open source library name</item> + <item id="riskLevel">Risk level</item> + <item id="securityReportTitle">Security Report</item> + <item id="openSourceLibraries">Open Source Libraries</item> + <item id="unknown">Unknown</item> + <item id="reference">Reference</item> + <item id="openSourceReferenceText">In this section you’ll find more details about the fields and their values.</item> + <item id="dictionaryDisabled">Disabled</item> + <item id="dictionaryEnabled">Enabled</item> + <item id="dictionaryNone">None</item> + <item id="dictionarySessionManagementModeAutomatic">Automatic</item> + <item id="dictionarySessionManagementModePrompt">Prompt</item> + <item id="dictionarySessionManagementModeRecorded">Recorded login</item> + <item id="dictionarySessionManagementModeUnknown">Unknown</item> + <item id="dictionaryTestPolicyModified">(Modified)</item> + <item id="GeneralInformation.Any">Any</item> + <item id="GeneralInformation.Unknown">Unknown</item> + <item id="sampleTraceReferenceText">Sample Trace</item> + <item id="licensType">License Type</item> + <item id="scanSecurityReportTitle">Scan Security Report</item> + <item id="licenseReportSubtitleA">This report lists all the open source libraries found in your scan, and their associated open source Risk Levels. +</item> + <item id="licenseReportSubtitleB">Open Source Risk Levels are not the same as the Risk Levels in Security Reports, and not related to the vulnerabilities of specific issues.</item> + <item id="licenseReportSubtitleC">You can see if any of the libraries have known vulnerabilities in Issue Management view.</item> + <item id="numberOfLibraries">Number Of Libraries</item> + <item id="reportDateColon">Report Date:</item> + <item id="reportForApplicationColon">Scanned under Application:</item> + <item id="scanStartDateColon">Scan Start Date:</item> + <item id="totalOpenSourceLicenseTypesColon">Total Open Source License Types:</item> + <item id="details">Details</item> + <item id="threatClassColon">Threat Classification:</item> + <item id="fixGroupsColon">Fix Groups:</item> + <item id="textFixDescImpl">Implementation of {0}</item> + <item id="textFixDescUse">Usage of {0} via {1}</item> + <item id="textFixGrp">Fix Group #{0}: {1}</item> + <item id="textFixIntro1a">This section groups {0} issues of type {1} with significant commonality in the their traces.</item> + <item id="textFixIntro1b">This section groups {0} issues with significant commonality in their traces. The following issue types are included:</item> + <item id="textFixIntro1c">This section groups {0} issues of type {1} with a common opensource file.</item> + <item id="textFixIntro1d">This section groups {0} issues with a common opensource file. The following issue types are included:</item> + <item id="textFixIntro2">These issues are grouped together to try to help you find a common fix that resolves them all.</item> + <item id="textFixSigAlt">These method calls are also common to the traces of the issues in this group. They represent other possible These method calls are also common to the traces of the issues in this group. They represent other possible locations to investigate a fix.</item> + <item id="textFixUngrp1a">All {0} issues in this report appear to be independent, lacking the commonality required in their traces to be grouped together. They all appear in this section.</item> + <item id="textFixUngrp1b">This section lists the remaining {0} issues that could not be included in any other fix groups.</item> + <item id="textFixUngrp2">The following issue types are included:</item> + <item id="ungrouped">Ungrouped</item> + <item id="signature">Fix Recommendation</item> + <item id="libraryVersionColon">Library Version:</item> + <item id="apiColon">API:</item> + <item id="atLine">at line</item> + <item id="call">Call</item> + <item id="callerColon">Caller:</item> + <item id="descriptionColon">Description:</item> + <item id="displayNameColon">Name:</item> + <item id="exampleTraceColon">Example Trace:</item> + <item id="file">File</item> + <item id="lostSink">Lost Sink</item> + <item id="notAValidator">Not a Validator</item> + <item id="preface">Sample Trace</item> + <item id="publishDateColon">Publish date:</item> + <item id="resolutionColon">Resolution:</item> + <item id="sourceAndSink">Source and Sink</item> + <item id="taint">Tainted Arg</item> + <item id="taintPropagator">Taint Propagator</item> + <item id="via">via</item> + <item id="virtualLostSink">Virtual Lost Sink</item> + <item id="testOptimizationColon">Test Optimization:</item> + <item id="dictionaryNormal">Normal</item> + <item id="dictionaryOptimized">Optimized</item> + <item id="issueIdColon">Issue ID:</item> + <item id="complianceReportTitle">Compliance Security Report</item> + <item id="copyrightRiskScoreUndefined">Undefined</item> + <item id="patentRiskScoreUndefined">Undefined</item> + <item id="titleColon">Title:</item> + <item id="reportDateUtcColon">Report Date UTC:</item> + <item id="fixGroupIdColon">Fix Group ID:</item> + <item id="methodColon">Method:</item> + <item id="queryStringColon">Query String:</item> + <item id="uriColon">URI:</item> + <item id="argumentsColon">Arguments:</item> + <item id="callTraceColon">Call Trace:</item> + <item id="objectColon">Object:</item> + <item id="returnColon">Return:</item> + <item id="stackColon">Stack:</item> + <item id="typeColon">Type:</item> + <item id="byFixGroupsColon">By Fix Groups:</item> + <item id="byIssueTypesColon">By Issue Types:</item> + <item id="fixGroups">Fix-Groups</item> + <item id="libraryColon">Library:</item> + <item id="locationColon">Location:</item> + <item id="statusColon">Status:</item> + <item id="fixGroupTypeAPI">Common API Call: </item> + <item id="fixGroupTypeImplementationOf">Common Fix Point: </item> + <item id="fixGroupTypeOpenSource">Common Open Source: </item> + <item id="fixGroupTypeUsageOf">Common Fix Point:</item> + <item id="openSource">OpenSource</item> + <item id="fixGroupLocationAPI">API:</item> + <item id="fixGroupLocationImplementationOf">Location of fix:</item> + <item id="fixGroupLocationOpenSource">Library name:</item> + <item id="fixGroupLocationUsageOf">Location of fix:</item> + <item id="advisoryColon">Advisory:</item> + <item id="customAdvisoryColon">Custom Advisory:</item> + <item id="hosts">Hosts</item> + <item id="dictionaryFast">Fast</item> + <item id="dictionaryFaster">Faster</item> + <item id="dictionaryFastest">Fastest</item> + <item id="dictionaryNoOptimization">No Optimization</item> + <item id="howToFixColon">How to Fix:</item> + <item id="reportNameColon">Report Name: </item> + <item id="technologyColon">Technology: </item> + <item id="scanInformation">Scan Information</item> + <item id="generalAdvisoryColon">General Advisory:</item> + <item id="findingSpecificAdvisoryColon">Finding specific advisory:</item> + <item id="exampleColon">Example:</item> + <item id="exploitExampleColon">Exploit Example:</item> + <item id="noneParentheses">(none)</item> + <item id="notApplicableForThisIssue">Not applicable for this issue.</item> + <item id="httpOnly">HTTP Only</item> + <item id="jsStackTrace">JS Stack Trace</item> + <item id="sameSite">Same Site</item> + <item id="dictionaryFalse">False</item> + <item id="dictionaryTrue">True</item> + <item id="mixedParenthesis">(Mixed)</item> + <item id="articles">Articles</item> + <item id="cwe">CWE</item> + <item id="exploitExample">Exploit example</item> + <item id="externalReferences">External references</item> + <item id="recommendations">Recommendations</item> + <item id="languageColon">Language: </item> + <item id="howToFix">How to Fix</item> + <item id="openSourceResolutionNote"> See also issue-details 'Resolution' section below.</item> + <item id="mitigation">Mitigation</item> + <item id="importantColon"> Important:</item> + <item id="issuesLimitExceededMessage"> Note: The number of issues found exceeded the maximum that can be shown in a single set of results. +The scan results show {0} representitive issues.</item> + <item id="personalScan">Personal Scan</item> + <item id="personalScanMessage">Personal Scans are deleted after {0} days, unless promoted to the application within that time. </item> + <item id="additionalInformationColon">Additional Information:</item> + <item id="dictionaryFixed">Fixed</item> + <item id="dictionaryInProgress">In Progress</item> + <item id="dictionaryNew">New</item> + <item id="dictionaryNoise">Noise</item> + <item id="dictionaryOpen">Open</item> + <item id="dictionaryPassed">Passed</item> + <item id="dictionaryReopened">Reopened</item> + <item id="dictionaryDefinitive">Definitive</item> + <item id="dictionaryScanCoverageFindings">Scan Coverage Findings</item> + <item id="dictionarySuspect">Suspect</item> + <item id="cipherSuitesColon">Cipher Suites:</item> + <item id="id">ID</item> + <item id="fixRecommendation">Fix recommendation</item> + <item id="defaultProduction">Default (Production)</item> + <item id="defaultStaging">Default (Staging)</item> + <item id="default">Default</item> + <item id="dictionaryBody">Body</item> + <item id="dictionaryCookie">Cookie</item> + <item id="dictionaryGlobal">Global</item> + <item id="dictionaryHeader">Header</item> + <item id="dictionaryHeaderName">Header Name</item> + <item id="dictionaryLink">Link</item> + <item id="dictionaryOther">Other</item> + <item id="dictionaryPage">Page</item> + <item id="dictionaryParameter">Parameter</item> + <item id="dictionaryParameterName">Parameter Name</item> + <item id="dictionaryQuery">Query</item> + <item id="dictionaryRole">Role</item> + <item id="dictionarySourceLine">Source Line</item> + <item id="unspecified">Unspecified</item> + <item id="dictionaryCritical">Critical</item> + <item id="dictionaryHigh">High</item> + <item id="dictionaryLow">Low</item> + <item id="dictionaryMedium">Medium</item> + <item id="dictionaryUnspecified">Unspecified</item> + <item id="reportForApplicationScopeColon">Report for application:</item> + <item id="licenseReportAppScopeSubtitleA">This report lists all the open source libraries found in your application, and their associated open source Risk Levels.</item> + <item id="licenseDetails">License Details</item> + <item id="libraryName">Library Name</item> + <item id="version">Version</item> + <item id="severity_undefined">Undefined</item> + <item id="criticalSeverityIssuesColon">Critical severity issues:</item> + <item id="copyLeftFull">Full</item> + <item id="copyLeftNo">No</item> + <item id="copyLeftPartial">Partial</item> + <item id="copyLeftUndefined">Undefined</item> + <item id="linkingDynamic">Dynamic</item> + <item id="linkingNonViral">Non Viral</item> + <item id="linkingUndefined">Undefined</item> + <item id="linkingViral">Viral</item> + <item id="referenceTypeAlpine">Alpine</item> + <item id="referenceTypeArchLinux">Arch Linux</item> + <item id="referenceTypeBower">Bower</item> + <item id="referenceTypeBuildConfigurationFile">Build Configuration File</item> + <item id="referenceTypeCdnjs">Details available in CDNJS</item> + <item id="referenceTypeDebian">Debian</item> + <item id="referenceTypeDotNet">.NET</item> + <item id="referenceTypeEclipseOsgiBundle">Eclipse OSGI Bundle</item> + <item id="referenceTypeGitHub">Details available in GitHub repository</item> + <item id="referenceTypeHostFile">License information in host site</item> + <item id="referenceTypeLicenseFile">License File</item> + <item id="referenceTypeNpm">Node package manager</item> + <item id="referenceTypeNugetPackage">NuGet Package</item> + <item id="referenceTypeOther">Other</item> + <item id="referenceTypePomFile">POM file</item> + <item id="referenceTypeProjectHomePage">Project Home Page</item> + <item id="referenceTypePyPI">Python Package Index</item> + <item id="referenceTypeReadmeFile">Readme File</item> + <item id="referenceTypeRpm">RPM</item> + <item id="referenceTypeRubyGems">RubyGems</item> + <item id="referenceTypeStatedByUser">License assigned manually by a user in the organization</item> + <item id="referenceTypeUndefined">Undefined</item> + <item id="riskLevelHigh">High</item> + <item id="riskLevelLow">Low</item> + <item id="riskLevelMedium">Medium</item> + <item id="riskLevelUndefined">Undefined</item> + <item id="riskLevelUnknown">Unknown</item> + <item id="royaltyFreeConditional">Conditional</item> + <item id="royaltyFreeNo">No</item> + <item id="royaltyFreeYes">Yes</item> + <item id="undefinedSeverityIssues">Undefined severity issues:</item> + <item id="lastFound">Last Found</item> + <item id="cvssVersion">CVSS Version</item> + <item id="totalItemsColon">Total Items:</item> + </dictionary> + <layout> + <title>demo_1 + Generated by Python script + HCL + Application Security on Cloud + AltoroSAST + Medium + Tuesday, October 3, 2023 + FullReport + 60 + False + 30 + 20000 + False + ASoC + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + 0 + 0 + 1 + + + + Unencrypted Login Request + + + Autocomplete HTML Attribute Not Disabled for Password Field + + + Body Parameters Accepted in Query + + + Cookie with Insecure or Improper or Missing SameSite attribute + + + Database Error Pattern Found + + + Hidden Directory Detected + + + Insecure "OPTIONS" HTTP Method Enabled + + + Missing "Content-Security-Policy" header + + + Missing or insecure "X-Content-Type-Options" header + + + Temporary Directory Found + + + Java Stack Trace + + + HTML Comments Sensitive Information Disclosure + + + Missing "Referrer policy" Security Header + + + + + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + -9130171565661200384 + + + 997983916 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 66 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +name=&login=&email=753+Main+Street&password=&--begin_highlight_tag--passwordConfirmation--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 7344 +Date: Tue, 03 Oct 2023 12:44:56 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + <div + class="alert alert-danger actionError" > + <p>Name is required</p> + <p>Login is required</p> + <p>Password is required</p> + <p>Password confirmation is required</p> + </div> + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/><span class="glyphicon glyphicon-remove form-control-feedback"></span> +<span class="help-block alert-danger">Name is required</span></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_login" class="form-control" placeholder="Enter login"/><span class="glyphicon glyphicon-remove form-control-feedbac +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + passwordConfirmation + Parameter + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + b0479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + 820255084 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 16 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +login=&--begin_highlight_tag--password--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:45:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 9f479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + -257318246 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 16 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +login=&--begin_highlight_tag--password--end_highlight_tag--= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:45:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + a4479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + High + 3 + 8.2 + + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 523 + + attLoginNotOverSSL + + + fix_52720 + + + attLoginNotOverSSL + + + catInsufficientTransLayerProtection + + + 7521140967381157376 + + + 997983916 + + + loginNotOverSSL + + + sensitiveDataNotSSL + + + + + + AppScan identified a password parameter that was not sent over SSL. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Content-Length: 66 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive + +name=&login=&email=753+Main+Street&--begin_highlight_tag--password--end_highlight_tag--=&passwordConfirmation= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 7344 +Date: Tue, 03 Oct 2023 12:44:56 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + <div + class="alert alert-danger actionError" > + <p>Name is required</p> + <p>Login is required</p> + <p>Password is required</p> + <p>Password confirmation is required</p> + </div> + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/><span class="glyphicon glyphicon-remove form-control-feedback"></span> +<span class="help-block alert-danger">Name is required</span></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group has-error has-feedback"><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_login" class="form-control" placeholder="Enter login"/><span class="glyphicon glyphicon-remove form-control-feedbac +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Unencrypted Login Request + 8.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + password + Parameter + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + a9479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Unencrypted Login Request + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → High + Cvss: → 8.2 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -2487856038611490048 + + + -225797446 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5372 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive +Set-Cookie: JSESSIONID=EAF388C6E55705FAE840F20CF6D76517; Path=/dvja-1.0-SNAPSHOT; HttpOnly + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action;jsessionid=EAF388C6E55705FAE840F20CF6D76517'>Forgot password</a> + </div> + +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action + mani-virtual-machine + Login.action + Page + /dvja-1.0-SNAPSHOT/Login.action + http + mani-virtual-machine + 9000 + 83479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -8208387888525026816 + + + 997983916 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 6358 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_login" >Login </label> < +... +... +... + + + +<div class="form-group "><label class=" control-label" for="register_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="register_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> +... +... +... + + +<div class="form-group "><label class=" control-label" for="register_passwordConfirmation" >Password Confirmation </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="passwordConfirmation" id="register_passwordConfirmation" class="form-control" placeholder="Confirm password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="register_0" class="btn btn-primary"/> +... +... +... + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + mani-virtual-machine + register.action + Page + /dvja-1.0-SNAPSHOT/register.action + http + mani-virtual-machine + 9000 + 89479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -9063651257022791936 + + + 1343776693 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password</a> + </div> + </div> + </div> + + + </div></div></div> + <script src='/assets/showdown.min.js'></script> +<script type='text/javascript'> + var converter = new showdown.Converter(); + + $.each($('.markdown' +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 99479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -1708031360927527168 + + + -257318246 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 16 + +login=&password= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + login.action + Page + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + 6d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + 689984030739107840 + + + 820255084 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 16 + +login=&password= + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5196 +Date: Tue, 03 Oct 2023 12:59:01 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action'>Forgot password +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 70479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 522 + + GD_autocompleteInForm + + + fix_61640 + + + GD_autocompleteInForm + + + catInformationLeakage + + + -7639142632969945088 + + + 1555163623 + + + authBypass + + + insecureWebAppConfiguration + + + + + + AppScan has found that a password field does not enforce the disabling of the autocomplete feature. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 6358 +Date: Tue, 03 Oct 2023 12:46:00 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Register</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="register" name="register" action="/dvja-1.0-SNAPSHOT/register.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_name" >Name </label> <div class=" controls"> + +<input type="text" name="name" value="" id="register_name" class="form-control" placeholder="Enter full name"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="register_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="register_l +... +... +... + + + +<div class="form-group "><label class=" control-label" for="register_password" >Password </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="password" id="register_password" class="form-control" placeholder="Enter password"/>--end_highlight_tag--</div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> +... +... +... + + +<div class="form-group "><label class=" control-label" for="register_passwordConfirmation" >Password Confirmation </label> <div class=" controls"> + +--begin_highlight_tag--<input type="password" name="passwordConfirmation" id="register_passwordConfirmation" class="form-control" placeholder="Confirm password"/>--end_highlight_tag--</div> +</div> + + + <input type="submit" value="Submit" id="register_0" class="btn btn-primary"/> +... +... +... + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Autocomplete HTML Attribute Not Disabled for Password Field + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Page + /dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 77479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Autocomplete HTML Attribute Not Disabled for Password Field + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/register.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + bodyParamsInQuery + + + fix_61757 + + + bodyParamsInQuery + + + catInformationLeakage + + + 8978610419071638272 + + + 2014603372 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that the application processed body parameters that were submitted in the query + + + + + + + + + --begin_mark_tag--GET--end_mark_tag-- http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action?--begin_mark_tag--login--end_mark_tag--= HTTP/1.1 +Content-Type: application/x-www-form-urlencoded +Accept-Language: en-US +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 4711 +Date: Tue, 03 Oct 2023 12:46:17 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> +<div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Reset Password</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="resetPasswordStart" name="resetPasswordStart" action="/dvja-1.0-SNAPSHOT/resetPasswordStart.action" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="resetPasswordStart_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="resetPasswordStart_login" class="form-control" placeholder="Enter login name"/></div> +</div> + + <input type="submit" value="Submit" id="resetPasswordStart_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action'>Register and create new account</a> + </div> + </div> + </div> + + +</div></div></div> +<script src='/assets/showdown.min.js'></script> +<script type='text/javascript'> + var converter = new showdown.Converter(); + + $.each($('.markdown'), function(idx, val) { + txt = $(val).html(); + $(val).html(converter.makeHtml(txt)); + $(val).removeClass('markdown'); + }); +</script> + +<footer> + <div class='container'> + <div class='row'> + <hr/> + <div class='col-md-4'> + <!-- Logo --> + </div> + <div class='col-md-5'></div> + <div class='col-md-3'> + <div class='row'> + <div class='col-md-12'> +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Body Parameters Accepted in Query + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action + mani-virtual-machine + resetPasswordStart.action + Page + /dvja-1.0-SNAPSHOT/resetPasswordStart.action + http + mani-virtual-machine + 9000 + 5d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Body Parameters Accepted in Query + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/resetPasswordStart.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 4.7 + + AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 1275 + + attSameSiteCookie + + + fix_61797 + + + attSameSiteCookie + + + catServerMisconfiguration + + + 7372740714070585856 + + + 1005910087 + + + risk_attSameSiteCookie + + + cause_attSameSiteCookie + + + + + + The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead to Cookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additional protections in place. + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=UTF-8 +Content-Length: 5372 +Date: Tue, 03 Oct 2023 12:46:14 GMT +Keep-Alive: timeout=20 +Connection: keep-alive +--begin_highlight_tag--Set-Cookie: JSESSIONID=BFBF9769CB319FD10806E99FF49C01D9; Path=/dvja-1.0-SNAPSHOT; HttpOnly--end_highlight_tag-- + + + + +<!DOCTYPE html> +<html lang="en"> +<head> + + + +<title>Damn Vulnerable Java Application</title> +<!-- Le HTML5 shim, for IE6-8 support of HTML elements --> +<!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> +<![endif]--> + +<script src='/assets/jquery-3.2.1.min.js'></script> + + +<script type="text/javascript" src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/bootstrap.min.js?s2b=2.5.1"></script> +<script type="text/javascript" + src="/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1"></script> +<link id="bootstrap_styles" rel="stylesheet" + href="/dvja-1.0-SNAPSHOT/struts/bootstrap/css/bootstrap.min.css?s2b=2.5.1" type="text/css"/> + + +<link rel="stylesheet" href="/assets/fa/css/font-awesome.min.css"> +<style> + body { + position: relative; /* For scrollyspy */ + padding-top: 60px; /* Account for fixed navbar */ + } +</style> + + +</head> +<body> + + +<nav class="navbar navbar-inverse navbar-fixed-top"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><i class='fa fa-bug'></i> Damn Vulnerable Java Application</a> + </div> + <div id="navbar" class="navbar-collapse collapse"> + <ul class='nav navbar-nav'> + + </ul> + <ul class='nav navbar-nav navbar-right'> + <li> + <a href="/dvja-1.0-SNAPSHOT/assessmentHome.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9"> + <i class="fa fa-exchange"></i> Assessment Mode + </a> + </li> + <li> + <a href="/home.action"> + <i class="fa fa-exchange"></i> Learning Mode + </a> + </li> + + </ul> + </div><!--/.navbar-collapse --> + </div> +</nav> + <div class='container' style='min-height: 450px'><div class='row'><div class='col-md-12'> + + <div class='row'> + <div class='col-md-6 col-md-offset-3'> + <div class='page-header'> + <h2>Login</h2> + </div> + + + + + + <div class='page-body'> + + + + +<form id="login" name="login" action="/dvja-1.0-SNAPSHOT/login.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9" method="post"> +<fieldset> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_login" >Login </label> <div class=" controls"> + +<input type="text" name="login" value="" id="login_login" class="form-control" placeholder="Enter login"/></div> +</div> + + <!-- s2b_form_element_class: --> +<!-- s2b_form_element_class: --> + + + + +<div class="form-group "><label class=" control-label" for="login_password" >Password </label> <div class=" controls"> + +<input type="password" name="password" id="login_password" class="form-control" placeholder="Enter password"/></div> +</div> + + + <input type="submit" value="Submit" id="login_0" class="btn btn-primary"/> + + </fieldset></form> + + +<script type="text/javascript"> + if (typeof jQuery != 'undefined') { + if (typeof jQuery.fn.tooltip == 'function') { + jQuery('i.s2b_tooltip').tooltip(); + } + } +</script> + + + <br/> + <a href='/dvja-1.0-SNAPSHOT/register.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9'>Register a new account</a> <br/> + <a href='/dvja-1.0-SNAPSHOT/resetPasswordStart.action;jsessionid=BFBF9769CB319FD10806E99FF49C01D9'>Forgot password</a> + </div> + +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Cookie with Insecure or Improper or Missing SameSite attribute + 4.7 + http://mani-virtual-machine:9000/ + mani-virtual-machine + JSESSIONID + Cookie + / + http + mani-virtual-machine + 9000 + 7d479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Cookie with Insecure or Improper or Missing SameSite attribute + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 4.7 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + GV_SQLErr + + + fix_52000 + + + GV_SQLErr + + + catSQLInjection + + + -2863411595602384640 + + + 820255084 + + + databaseManipulations + + + hazardousCharactersNotSanitized + + + + + + The test result seems to indicate a vulnerability because the response contains SQL Server errors. This suggests that the test managed to penetrate the application and reach the SQL query itself, by injecting hazardous characters. + + + + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=CBF45D8584CC2E65C3C6AA7391CC40FA HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 118 + +--begin_mark_tag--login=%3E%22%27%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E--end_mark_tag--&--begin_mark_tag--password=%3E%22%27%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E--end_mark_tag-- + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Tue, 03 Oct 2023 12:46:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <ol> + <li>mysql</li> + <li>Communications link failure + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</li> + <li>Cannot open connection</li> + <li>org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + <li>Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + </ol> + </td> + </tr> + <tr> + <td><strong>File</strong>:</td> + <td>java/net/InetAddress.java</td> + </tr> + <tr> + <td><strong>Line number</strong>:</td> + <td>801</td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:382) + org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:371) + org.springfram +... +... +... + +<div class="stacktrace" style="padding-left: 4em"> + <strong>org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.hibernate.exception.--begin_highlight_tag--SQLState--end_highlight_tag--Converter.convert(--begin_highlight_tag--SQLState--end_highlight_tag--Converter.java:97) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52) + org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449) + org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167) +... +... +... + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</strong> + <div> + <pre> + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) + java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) + java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) + java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) + com.mysql.jdbc.Util.handleNewInstance(Util.java:425) + com.mysql.jdbc.--begin_highlight_tag--SQLError--end_highlight_tag--.createCommunicationsException(--begin_highlight_tag--SQLError--end_highlight_tag--.java:989) + com.mysql.jdbc.MysqlIO.&lt;init&gt;(MysqlIO.java:341) + com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2192) + com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2225) + com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2024) +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Database Error Pattern Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + mani-virtual-machine + login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Global + /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + http + mani-virtual-machine + 9000 + 93479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Database Error Pattern Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + GV_SQLErr + + + fix_52000 + + + GV_SQLErr + + + catSQLInjection + + + -4791768227014509568 + + + -257318246 + + + databaseManipulations + + + hazardousCharactersNotSanitized + + + + + + The test result seems to indicate a vulnerability because the response contains SQL Server errors. This suggests that the test managed to penetrate the application and reach the SQL query itself, by injecting hazardous characters. + + + + + + + + POST http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action HTTP/1.1 +Host: mani-virtual-machine:9000 +Cache-Control: max-age=0 +Upgrade-Insecure-Requests: 1 +Origin: http://mani-virtual-machine:9000 +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 120 + +--begin_mark_tag--login=%3E%22%27%3E%3Cscript%3Ealert%2883%29%3C%2Fscript%3E--end_mark_tag--&--begin_mark_tag--password=%3E%22%27%3E%3Cscript%3Ealert%2883%29%3C%2Fscript%3E--end_mark_tag-- + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Transfer-Encoding: chunked +Date: Tue, 03 Oct 2023 12:46:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <ol> + <li>mysql</li> + <li>Communications link failure + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</li> + <li>Cannot open connection</li> + <li>org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + <li>Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</li> + </ol> + </td> + </tr> + <tr> + <td><strong>File</strong>:</td> + <td>java/net/InetAddress.java</td> + </tr> + <tr> + <td><strong>Line number</strong>:</td> + <td>801</td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>org.springframework.transaction.CannotCreateTransactionException: Could not open JPA EntityManager for transaction; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:382) + org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:371) + org.springfr +... +... +... + +<div class="stacktrace" style="padding-left: 4em"> + <strong>org.hibernate.exception.JDBCConnectionException: Cannot open connection</strong> + <div> + <pre> + org.hibernate.exception.--begin_highlight_tag--SQLState--end_highlight_tag--Converter.convert(--begin_highlight_tag--SQLState--end_highlight_tag--Converter.java:97) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) + org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52) + org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449) + org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167) +... +... +... + +The last packet sent successfully to the --begin_highlight_tag--server was 0 milliseconds ago. The driver--end_highlight_tag-- has not received any packets from the server.</strong> + <div> + <pre> + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) + java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) + java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) + java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) + java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) + com.mysql.jdbc.Util.handleNewInstance(Util.java:425) + com.mysql.jdbc.--begin_highlight_tag--SQLError--end_highlight_tag--.createCommunicationsException(--begin_highlight_tag--SQLError--end_highlight_tag--.java:989) + com.mysql.jdbc.MysqlIO.&lt;init&gt;(MysqlIO.java:341) + com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2192) + com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2225) + com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2024) +... +... +... + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Database Error Pattern Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + mani-virtual-machine + login.action + Global + /dvja-1.0-SNAPSHOT/login.action + http + mani-virtual-machine + 9000 + 64479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Database Error Pattern Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7938625221554437632 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder%20(3)/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + db479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2503205382155987968 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~webstats/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3756 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~webstats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~webstats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~webstats/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e5479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 7485985118471464192 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder%20(2)/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + cc479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3434462320700037632 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/lost%2bfound/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:51:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + lost%2bfound/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + d2479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 8443493442435834624 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~wsdocs/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3752 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~wsdocs/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~wsdocs/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~wsdocs/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + f5479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2355932850067925760 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:49:30 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + new%20folder/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + d8479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -4233639177803978496 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~home/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:51:23 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~home/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~home/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~home/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + fb479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2190433128594904576 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~mnt/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:23 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~mnt/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~mnt/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~mnt/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + ff479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 3286633012251401472 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~ftp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~ftp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~ftp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~ftp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 43489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 998175493071363328 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~admin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~admin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~admin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~admin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 24489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7573424090173923072 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:57:55 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~root/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 66489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3755575570301313280 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~bin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~bin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~bin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~bin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 2d489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 7691753758981230080 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~usr/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~usr/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~usr/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~usr/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 7b489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2039800852663005440 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/lost+found/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3758 +Date: Tue, 03 Oct 2023 12:51:15 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [lost+found/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + lost+found/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 33489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 3959908500064694272 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3752 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~nobody/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 51489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2525055911627552000 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~guest/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~guest/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~guest/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~guest/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 7f489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -1817977704953128960 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~dev/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:25 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~dev/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~dev/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~dev/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 36489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3835415066125797120 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~var/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:21 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~var/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~var/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~var/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e370a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -7610265077269035520 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~etc/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:27 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~etc/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~etc/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~etc/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 3b489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -2516155524754319360 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:58:13 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~sbin/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 59489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -5570124136943292416 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~stats/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3750 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~stats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~stats/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~stats/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 5c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2286053589636699392 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~uucp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~uucp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~uucp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~uucp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e870a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + -3031704811669553664 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~tmp/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:20 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~tmp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~tmp/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~tmp/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 61489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attDirectoryFound + + + fix_50330 + + + attDirectoryFound + + + catInformationLeakage + + + 2079657952024832512 + + + 981149721 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + AppScan requested a file which is probably not a legitimate part of the application. The response status was 200 OK. This indicates that the test succeeded in retrieving the content of the requested file. + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~log/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3746 +Date: Tue, 03 Oct 2023 12:51:32 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~log/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~log/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Hidden Directory Detected + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + ~log/ + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + 91489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Hidden Directory Detected + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 74 + + attDirOptions + + + fix_52760 + + + attDirOptions + + + catContentSpoofing + + + 9074251274741643008 + + + 981149721 + + + siteDefacement + + + insecureWebServerConfiguration + + + + + + The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server. + + + + + + + + --begin_mark_tag--OPTIONS--end_mark_tag-- --begin_mark_tag--*--end_mark_tag-- HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Allow: GET, HEAD, POST, PUT, --begin_highlight_tag--DELETE--end_highlight_tag--, OPTIONS +Content-Length: 0 +Date: Tue, 03 Oct 2023 12:49:35 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Insecure "OPTIONS" HTTP Method Enabled + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + mani-virtual-machine + validation.min.js + Page + /dvja-1.0-SNAPSHOT/ + http + mani-virtual-machine + 9000 + e2479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Insecure "OPTIONS" HTTP Method Enabled + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 74 + + attDirOptions + + + fix_52760 + + + attDirOptions + + + catContentSpoofing + + + -56590223318905856 + + + 1005910087 + + + siteDefacement + + + insecureWebServerConfiguration + + + + + + The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server. + + + + + + + + --begin_mark_tag--OPTIONS--end_mark_tag-- --begin_mark_tag--*--end_mark_tag-- HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Allow: GET, HEAD, POST, PUT, --begin_highlight_tag--DELETE--end_highlight_tag--, OPTIONS +Content-Length: 0 +Date: Tue, 03 Oct 2023 12:49:35 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Insecure "OPTIONS" HTTP Method Enabled + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + jquery-3.2.1.min.js + Page + / + http + mani-virtual-machine + 9000 + c6479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Insecure "OPTIONS" HTTP Method Enabled + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 1032 + + attContentSecurityPolicy + + + fix_61770 + + + attContentSecurityPolicy + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the Content-Security-Policy response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Date: Tue, 03 Oct 2023 12:48:33 GMT +Expires: Wed, 04 Oct 2023 12:48:33 GMT +Retry-After: Wed, 04 Oct 2023 12:48:33 GMT +Cache-Control: public +Last-Modified: Tue, 03 Oct 2023 10:18:42 GMT +Content-Type: text/javascript +Transfer-Encoding: chunked +Keep-Alive: timeout=20 +Connection: keep-alive + +/*! + * validation.js + * + * Client Validation for Bootstrap Forms + * + * Requires use of jQuery. + * Tested with jQuery 1.7 + * + * Copyright (c) 2012 Johannes Geppert http://www.jgeppert.com + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + */ +;function bootstrapValidation(a,c){a.find("div.has-error").removeClass("has-error");a.find("div.has-feedback").removeClass("has-feedback");a.find("span.s2_help_inline").remove();a.find("span.s2_feedback").remove();a.find("div.s2_validation_errors").remove();if(c.errors&&c.errors.length>0){var b=$("<div class='alert alert-danger s2_validation_errors'></div>");a.prepend(b);$.each(c.errors,function(d,e){b.append("<p>"+e+"</p>\n")})}if(c.fieldErrors){$.each(c.fieldErrors,function(e,g){var f=a.find(':input[name="'+e+'"]'),h,d;if(f&&f.length>0){f=$(f[0]);h=f.closest("div.form-group");h.addClass("has-error");h.addClass("has-feedback");d=h.find("div.controls");if(d){if(!(f.is(":radio")||f.is(":checkbox"))){d.append("<span class='glyphicon glyphicon-remove form-control-feedback s2_feedback'></span>")}d.append("<span class='help-block s2_help_inline'>"+g[0]+"</span>")}}})}}; + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing "Content-Security-Policy" header + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + ed479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Missing "Content-Security-Policy" header + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + ContentTypeOptions + + + fix_61767 + + + ContentTypeOptions + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the "X-Content-Type-Options" response header is missing or has an insecure value, which increases exposure to drive-by download attacks + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/struts/bootstrap/js/validation.min.js?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Date: Tue, 03 Oct 2023 12:48:33 GMT +Expires: Wed, 04 Oct 2023 12:48:33 GMT +Retry-After: Wed, 04 Oct 2023 12:48:33 GMT +Cache-Control: public +Last-Modified: Tue, 03 Oct 2023 10:18:42 GMT +Content-Type: text/javascript +Transfer-Encoding: chunked +Keep-Alive: timeout=20 +Connection: keep-alive + +/*! + * validation.js + * + * Client Validation for Bootstrap Forms + * + * Requires use of jQuery. + * Tested with jQuery 1.7 + * + * Copyright (c) 2012 Johannes Geppert http://www.jgeppert.com + * + * Dual licensed under the MIT and GPL licenses: + * http://www.opensource.org/licenses/mit-license.php + * http://www.gnu.org/licenses/gpl.html + * + */ +;function bootstrapValidation(a,c){a.find("div.has-error").removeClass("has-error");a.find("div.has-feedback").removeClass("has-feedback");a.find("span.s2_help_inline").remove();a.find("span.s2_feedback").remove();a.find("div.s2_validation_errors").remove();if(c.errors&&c.errors.length>0){var b=$("<div class='alert alert-danger s2_validation_errors'></div>");a.prepend(b);$.each(c.errors,function(d,e){b.append("<p>"+e+"</p>\n")})}if(c.fieldErrors){$.each(c.fieldErrors,function(e,g){var f=a.find(':input[name="'+e+'"]'),h,d;if(f&&f.length>0){f=$(f[0]);h=f.closest("div.form-group");h.addClass("has-error");h.addClass("has-feedback");d=h.find("div.controls");if(d){if(!(f.is(":radio")||f.is(":checkbox"))){d.append("<span class='glyphicon glyphicon-remove form-control-feedback s2_feedback'></span>")}d.append("<span class='help-block s2_help_inline'>"+g[0]+"</span>")}}})}}; + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing or insecure "X-Content-Type-Options" header + 5.3 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + 55479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Missing or insecure "X-Content-Type-Options" header + Location: → http://mani-virtual-machine:9000/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 534570368990755328 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + ~root%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + 49489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 1208790937916346624 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + new%20folder%20(2)%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + 9c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 1017469257814618112 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + ~sbin%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 54489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 2851462593435024384 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + ~nobody%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + 83489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 3584877058063555840 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin/../Copy%20of%20~sbin/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3764 +Date: Tue, 03 Oct 2023 12:58:44 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~sbin/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + Copy%20of%20~sbin/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 89489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -6926783730889400320 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3766 +Date: Tue, 03 Oct 2023 12:58:40 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~nobody (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~nobody (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + ~nobody%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + e570a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 6825048083280689408 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (2) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (2) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + new%20folder%20(2)%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + 40489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 3961926838018766848 + + + 1601399525 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~sbin%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:39 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~sbin - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~sbin - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + mani-virtual-machine + ~sbin%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/~sbin/ + http + mani-virtual-machine + 9000 + 8c489dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~sbin/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -8895992851280892928 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)/../Copy%20of%20new%20folder%20(3)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3782 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of new folder (3)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + Copy%20of%20new%20folder%20(3)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + f470a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -4746773886821821696 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)%20-%20Copy/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3) - Copy/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + new%20folder%20(3)%20-%20Copy/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + eb70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 2557566263309309184 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root/../Copy%20of%20~root/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3764 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + Copy%20of%20~root/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + f770a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 7915072867472056576 + + + -1567672044 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(3)%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3780 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [new folder (3) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [new folder (3) (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + mani-virtual-machine + new%20folder%20(3)%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + http + mani-virtual-machine + 9000 + ee70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(3)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -8059817063024404480 + + + 554318100 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/new%20folder%20(2)/../Copy%20of%20new%20folder%20(2)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3782 +Date: Tue, 03 Oct 2023 12:58:45 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of new folder (2)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + mani-virtual-machine + Copy%20of%20new%20folder%20(2)/ + Page + /dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + http + mani-virtual-machine + 9000 + fa70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/new%20folder%20(2)/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + -7221649384859903232 + + + -487312762 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~root%20(copy)/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3762 +Date: Tue, 03 Oct 2023 12:58:41 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root (copy)/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + ~root%20(copy)/ + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + f170a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Medium + 2 + 5.3 + + AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attTempDirectoryFound + + + fix_50330 + + + attTempDirectoryFound + + + catInformationLeakage + + + 5702841732333411328 + + + 529050066 + + + siteStructureRevealed + + + insecureWebServerConfiguration + + + + + + The test result seems to indicate a vulnerability because the Test Response is similar to the Original Response, indicating that a somewhat different version of the resource was received using an alternate name + + + + + + + GET http://mani-virtual-machine:9000--begin_mark_tag--/dvja-1.0-SNAPSHOT/~nobody/../Copy%20of%20~nobody/--end_mark_tag--?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 --begin_highlight_tag--200--end_highlight_tag-- +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3768 +Date: Tue, 03 Oct 2023 12:58:46 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [Copy of ~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [Copy of ~nobody/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre> + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) + java.base/java.lang.Thread.run(Thread.java:833) + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Temporary Directory Found + 5.3 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + mani-virtual-machine + Copy%20of%20~nobody/ + Page + /dvja-1.0-SNAPSHOT/~nobody/ + http + mani-virtual-machine + 9000 + fd70a1c7-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Temporary Directory Found + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~nobody/ + Severity: → Medium + Cvss: → 5.3 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Low + 1 + 2.2 + + AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 209 + + JavaStackTraceIssue + + + fix_JavaStackTrace + + + JavaStackTraceIssue + + + catInformationLeakage + + + 1733046179033861888 + + + -487312762 + + + sensitiveInformation + + + WB_InformationLeakage + + + + + + The response contains Java stack trace payload + + + + + GET http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/?s2b=2.5.1 HTTP/1.1 +Host: mani-virtual-machine:9000 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: */* +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/Login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Cookie: JSESSIONID=AD12F9CF7835CC92885A381859462BAC +Content-Length: 0 + + +HTTP/1.1 200 +Content-Type: text/html;charset=ISO-8859-1 +Content-Length: 3748 +Date: Tue, 03 Oct 2023 12:57:55 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<html> +<head> + <title>Struts Problem Report</title> + <style> + pre { + margin: 0; + padding: 0; + } + </style> +</head> +<body> + <h2>Struts Problem Report</h2> + <p> + Struts has detected an unhandled exception: + </p> + + +<div id="exception-info"> +<table> + <tr> + <td><strong>Messages</strong>:</td> + <td> + <li>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]!</li> + </td> + </tr> + +</table> +</div> + + +<div id="stacktraces"> +<hr /> +<h3>Stacktraces</h3> +<div class="stacktrace" style="padding-left: 0em"> + <strong>Action [~root/] does not match allowed action names pattern [[a-zA-Z0-9._!/\-]*]! - [unknown location]</strong> + <div> + <pre>--begin_highlight_tag-- + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.cleanupActionName(DefaultActionMapper.java:388) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.parseNameAndNamespace(DefaultActionMapper.java:375) + org.apache.struts2.dispatcher.mapper.DefaultActionMapper.getMapping(DefaultActionMapper.java:265) + org.apache.struts2.dispatcher.ng.PrepareOperations.findActionMapping(PrepareOperations.java:166) + org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:92) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) + org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) + org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) + org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) + org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) + org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) + org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) + org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) + org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) + org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) + org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) + org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) + org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) + org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)--end_highlight_tag-- + org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) + org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)--begin_highlight_tag-- + org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) + org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)--end_highlight_tag-- + org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) + org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)--begin_highlight_tag-- + java.base/java.lang.Thread.run(Thread.java:833)--end_highlight_tag-- + </pre> + </div> +</div> +</div> + +<div class="footer"> +<hr /> +<p> +You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra +debugging behaviors and reports to assist developers. To disable this mode, set: +<pre> + struts.devMode=false +</pre> +in your <code>WEB-INF/classes/struts.properties</code> file. +</p> +</div> +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Java Stack Trace + 2.2 + http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + mani-virtual-machine + Page + /dvja-1.0-SNAPSHOT/~root/ + http + mani-virtual-machine + 9000 + e8479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Java Stack Trace + Location: → http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/~root/ + Severity: → Low + Cvss: → 2.2 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Informational + 0 + 0.0 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 615 + + attSensitiveInHtmlComments + + + fix_50750 + + + attSensitiveInHtmlComments + + + catInformationLeakage + + + -1930113050999901184 + + + 1005910087 + + + sensitiveInformation + + + debugInfoInHtmlSource + + + + + + AppScan discovered HTML comments containing what appears to be sensitive information. + + + + + GET http://mani-virtual-machine:9000/ HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 200 +Accept-Ranges: bytes +ETag: W/"1895-1693306356621" +Last-Modified: Tue, 29 Aug 2023 10:52:36 GMT +Content-Type: text/html +Content-Length: 1895 +Date: Tue, 03 Oct 2023 12:51:05 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <title>Apache Tomcat</title> +</head> + +<body> +<h1>It works !</h1> + +<p>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p> + +<p>This is the default Tomcat home page. It can be found on the local filesystem at: <code>/var/lib/tomcat9/webapps/ROOT/index.html</code></p> + +<p>Tomcat veterans might be pleased to learn that this system instance of Tomcat is installed with <code>CATALINA_HOME</code> in <code>/usr/share/tomcat9</code> and <code>CATALINA_BASE</code> in <code>/var/lib/tomcat9</code>, following the rules from <code>/usr/share/doc/tomcat9-common/RUNNING.txt.gz</code>.</p> + +<p>You might consider installing the following packages, if you haven't already done so:</p> + +<p><b>tomcat9-docs</b>: This package installs a web application that allows to browse the Tomcat 9 documentation locally. Once installed, you can access it by clicking <a href="docs/">here</a>.</p> + +<p><b>tomcat9-examples</b>: This package installs a web application that allows to access the Tomcat 9 Servlet and JSP examples. Once installed, you can access it by clicking <a href="examples/">here</a>.</p> + +<p><b>tomcat9-admin</b>: This package installs two web applications that can help managing this Tomcat instance. Once installed, you can access the <a href="manager/html">manager webapp</a> and the <a href="host-manager/html">host-manager webapp</a>.</p> + +<p>NOTE: For security reasons, using the manager webapp is restricted to users with role "manager-gui". The host-manager webapp is restricted to users with role "admin-gui". Users are defined in <code>/etc/tomcat9/tomcat-users.xml</code>.</p> + +</body> +</html> + + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + HTML Comments Sensitive Information Disclosure + 0.0 + http://mani-virtual-machine:9000/ + mani-virtual-machine + <?xml version="1.0" encoding="ISO-8859-1"?> + Page + / + http + mani-virtual-machine + 9000 + bf479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → HTML Comments Sensitive Information Disclosure + Location: → http://mani-virtual-machine:9000/ + Severity: → Informational + Cvss: → 0.0 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     + + Informational + 0 + 0.0 + + AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:X/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X + + 200 + + attReferrerPolicyHeaderExist + + + fix_61771 + + + attReferrerPolicyHeaderExist + + + catInformationLeakage + + + 3482120947625889792 + + + 1005910087 + + + sensitiveInformation + phishing + + + insecureWebAppConfiguration + + + + + + AppScan detected that the Referrer Policy Response header is missing or with an insecure policy, which increases exposure to various cross-site injection attacks + + + + + GET http://mani-virtual-machine:9000/docs/ HTTP/1.1 +Host: mani-virtual-machine:9000 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Language: en-US +Referer: http://mani-virtual-machine:9000/ +Connection: keep-alive +Proxy-Connection: Keep-Alive +Content-Length: 0 + + +HTTP/1.1 404 +Content-Type: text/html;charset=utf-8 +Content-Language: en +Content-Length: 769 +Date: Tue, 03 Oct 2023 12:43:54 GMT +Keep-Alive: timeout=20 +Connection: keep-alive + +<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;docs&#47;] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.58 (Ubuntu)</h3></body></html> + + + DAST + Open + Tuesday, October 3, 2023 + Tuesday, October 3, 2023 + Missing "Referrer policy" Security Header + 0.0 + http://mani-virtual-machine:9000/ + mani-virtual-machine + mani-virtual-machine + Page + / + http + mani-virtual-machine + 9000 + b9479dc1-ec61-ee11-8457-14cb65725114 + + + 10/03/2023 13:00:06 +
    + IssueTypeName: → Missing "Referrer policy" Security Header + Location: → http://mani-virtual-machine:9000/ + Severity: → Informational + Cvss: → 0.0 + Scanner: → AppScan Dynamic Analyzer +
    +     +     +     +     + + + + Authentication.Credentials.Unprotected.Transport + Unencrypted Login Request + + SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents. Login pages should always employ SSL to protect the user name and password while they are in transit from the client to the server. Lack of SSL use exposes the user credentials as clear text during transmission to the server and thus makes the credentials susceptible to eavesdropping. + + + Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier. + + + + GDautocompleteInForm + Autocomplete HTML Attribute Not Disabled for Password Field + 522 + + N/A + + + Insecure web application programming or configuration + + + It may be possible to bypass the web application's authentication mechanism + The "autocomplete" attribute has been standardized in the HTML5 standard. W3C's site states that the attribute has two states, "on" and "off", and that omitting it altogether is equivalent to setting it to "on". + + This page is vulnerable since it does not set the "autocomplete" attribute to "off" for the "password" field in the "input" element. + This may enable an unauthorized user (with local access to an authorized client) to autofill the username and password fields, and thus log in to the site. + + + If the "autocomplete" attribute is missing in the "password" field of the "input" element, add it and set it to "off". + If the "autocomplete" attribute is set to "on", change it to "off". + + For example: + + Vulnerable site: + <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" /> + <input type="submit" value="Submit" /> + <form> + + + Non-vulnerable site: + <form action="AppScan.html" method="get"> + Username: <input type="text" name="firstname" /><br /> + Password: <input type="password" name="lastname" autocomplete="off"/> + <input type="submit" value="Submit" /> + <form> + + + + + bodyParamsInQuery + Body Parameters Accepted in Query + 200 + + This issue may affect different types of products. + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + GET requests are designed to query the server, while POST requests are for submitting data. + However, aside from the technical purpose, attacking query parameters is easier than body parameters, because sending a link to the original site, or posting it in a blog or comment, is easier and has better results than the alternative - in order to attack a request with body parameters, an attacker would need to create a page containing a form that will be submitted when visited by the victim. + It is a lot harder to convince the victim to visit a page that he doesn't know, than letting him visit the original site. It it therefore not recommended to support body parameters that arrive in the query string. + + + Re-program the application to disallow handling of POST parameters that were listed in the Query + + + + GET + http://tools.ietf.org/html/rfc7231#section-4.3.1 + external + + + POST + http://tools.ietf.org/html/rfc7231#section-4.3.3 + external + + + + + attSameSiteCookie + Cookie with Insecure or Improper or Missing SameSite attribute + 1275 + + This issue may affect different types of products. + + + Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute + + + Prevent Cookie information leakage by restricting cookies to first-party or same-site context + Attacks can extend to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). + The SameSite attribute controls how cookies are sent for cross-domain requests. + + The attribute may have three values: 'Lax', 'Strict', or 'None'. If 'None' is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. + + This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). + + Modes and their uses: + 'Lax' mode: the cookie will only be sent with a top-level get request. + 'Strict' mode; the cookie will not be sent with any cross-site usage even if the user follows a link to another website. + 'None' mode: the cookie will be sent with the cross-site requests. + + The attribute having: 'Lax' or 'None' must have 'Secure' Flag set and must be transferred over https. + Example - Set-Cookie: key=value; SameSite=Lax;Secure + + Setting attribute to 'Strict' is the recommended option. + Example - Set-Cookie: key=value; SameSite=Strict + + + [1] Review possible solutions for configuring SameSite Cookie attribute to recommended values. + [2] Restrict Cookies to a first-party or same-site context. + [3] Verify and set the SameSite attribute of your cookie to Strict, to ensure that the cookie will only be sent in a first-party context. + [4] Or, if you want to relax the restrictions of first-party context, then verify and set the SameSite attribute of the cookie to Lax with Secure Flag enabled and transferred over HTTPS. + + + + WASC Threat Classification: Information Leakage + http://www.webappsec.org/projects/threat/classes/information_leakage.shtml + external + + + SameSite Cookies + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + external + + + + + GVSQLErr + Database Error Pattern Found + 209 + + This issue may affect different types of products. + + + Sanitation of hazardous characters was not performed correctly on user input + + + It is possible to view, modify or delete database entries and tables + AppScan discovered Database Errors in the test response, that may have been triggered by an attack other than SQL Injection. + It is possible, though not certain, that this error indicates a possible SQL Injection vulnerability in the application. + If it does, please read the following SQL Injection advisory carefully. + + The software constructs all or part of an SQL command using externally-influenced input, but it incorrectly neutralizes special elements that could modify the intended SQL command when sent to the database. + + Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, and possibly including execution of system commands. + + For example, let's say we have an HTML page with a login form, which eventually runs the following SQL query on the database using the user input: + SELECT * FROM accounts WHERE username='$user' AND password='$pass' + + The two variables, $user and $pass, contain the user credentials entered by the user in the login form. + Therefore, if the user has input "jsmith" as the username, and "Demo1234" as the password, the SQL query will look like this: + SELECT * FROM accounts WHERE username='jsmith' AND password='Demo1234' + + But if the user input "'" (a single apostrophe) as the username, and "'" (a single apostrophe) as the password, the SQL query will look like this: + SELECT * FROM accounts WHERE username=''' AND password=''' + + This, of course, is a malformed SQL query, and will invoke an error message, which may be returned in the HTTP response. + An error such as this informs the attacker that an SQL Injection has succeeded, which will lead the attacker to attempt further attack vectors. + + Sample Exploit: + The following C# code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user. + ... + string userName = ctx.getAuthenticatedUserName(); + string query = "SELECT * FROM items WHERE owner = "'" + + userName + "' AND itemname = '" + + ItemName.Text + "'"; + sda = new SqlDataAdapter(query, conn); + DataTable dt = new DataTable(); + sda.Fill(dt); + ... + + The query that this code intends to execute follows: + SELECT * FROM items WHERE owner = AND itemname = ; + + However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string "name' OR 'a'='a" for itemName, then the query becomes the following: + SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name' OR 'a'='a'; + + The addition of the OR 'a'='a' condition causes the where clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query: + SELECT * FROM items; + + + + There are several mitigation techniques: + [1] Strategy: Libraries or Frameworks + Use a vetted library or framework that does not allow this weakness to occur, or provides constructs that make it easier to avoid. + + [2] Strategy: Parameterization + If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated. + + [3] Strategy: Environment Hardening + Run your code using the lowest privileges that are required to accomplish the necessary tasks. + + [4] Strategy: Output Encoding + If you need to use dynamically-generated query strings or commands in spite of the risk, properly quote arguments and escape any special characters within those arguments. + + [5] Strategy: Input Validation + Assume all input is malicious. Use an "accept known good" input validation strategy: a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on blacklisting malicious or malformed inputs. However, blacklists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. + Here are two possible ways to protect your web application against SQL injection attacks: + + [1] Use a stored procedure rather than dynamically built SQL query string. The way parameters are passed to SQL Server stored procedures, prevents the use of apostrophes and hyphens. + + Here is a simple example of how to use stored procedures in ASP.NET: + + ' Visual Basic example + Dim DS As DataSet + Dim MyConnection As SqlConnection + Dim MyCommand As SqlDataAdapter + + Dim SelectCommand As String = "select * from users where username = @username" + ... + MyCommand.SelectCommand.Parameters.Add(New SqlParameter("@username", SqlDbType.NVarChar, 20)) + MyCommand.SelectCommand.Parameters("@username").Value = UserNameField.Value + + + // C# example + String selectCmd = "select * from Authors where state = @username"; + SqlConnection myConnection = new SqlConnection("server=..."); + SqlDataAdapter myCommand = new SqlDataAdapter(selectCmd, myConnection); + + myCommand.SelectCommand.Parameters.Add(new SqlParameter("@username", SqlDbType.NVarChar, 20)); + myCommand.SelectCommand.Parameters["@username"].Value = UserNameField.Value; + + + [2] You can add input validation to Web Forms pages by using validation controls. Validation controls provide an easy-to-use mechanism for all common types of standard validation - for example, testing for valid dates or values within a range - plus ways to provide custom-written validation. In addition, validation controls allow you to completely customize how error information is displayed to the user. Validation controls can be used with any controls that are processed in a Web Forms page's class file, including both HTML and Web server controls. + + In order to make sure user input contains only valid values, you can use one of the following validation controls: + + a. "RangeValidator": checks that a user's entry (value) is between specified lower and upper boundaries. You can check ranges within pairs of numbers, alphabetic characters, and dates. + + b. "RegularExpressionValidator": checks that the entry matches a pattern defined by a regular expression. This type of validation allows you to check for predictable sequences of characters, such as those in social security numbers, e-mail addresses, telephone numbers, postal codes, and so on. + + Important note: validation controls do not block user input or change the flow of page processing; they only set an error state, and produce error messages. It is the programmer's responsibility to test the state of the controls in the code before performing further application-specific actions. + + There are two ways to check for user input validity: + + 1. Testing for a general error state: + + In your code, test the page's IsValid property. This property rolls up the values of the IsValid properties of all the validation controls on the page (using a logical AND). If one of the validation controls is set to invalid, the page's property will return false. + + 2. Testing for the error state of individual controls: + + Loop through the page's Validators collection, which contains references to all the validation controls. You can then examine the IsValid property of each validation control. + ** Prepared Statements: + + There are 3 possible ways to protect your application against SQL injection, i.e. malicious tampering of SQL parameters. Instead of dynamically building SQL statements, use: + + [1] PreparedStatement, which is precompiled and stored in a pool of PreparedStatement objects. PreparedStatement defines setters to register input parameters that are compatible with the supported JDBC SQL data types. For example, setString should be used for input parameters of type VARCHAR or LONGVARCHAR (refer to the Java API for further details). This way of setting input parameters prevents an attacker from manipulating the SQL statement through injection of bad characters, such as apostrophe. + + Example of how to use a PreparedStatement in J2EE: + + // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareStatement("select * from users where username = ?"); + myStatement.setString(1, userNameField); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } + + + [2] CallableStatement, which extends PreparedStatement to execute database SQL stored procedures. This class inherits input setters from PreparedStatement (see [1] above). + + The following example assumes that this database stored procedure has been created: + + CREATE PROCEDURE select_user (@username varchar(20)) + AS SELECT * FROM USERS WHERE USERNAME = @username; + + Example of how to use a CallableStatement in J2EE to execute the above stored procedure: + + // J2EE PreparedStatemenet Example + // Get a connection to the database + Connection myConnection; + if (isDataSourceEnabled()) { + // using the DataSource to get a managed connection + Context ctx = new InitialContext(); + myConnection = ((DataSource)ctx.lookup(datasourceName)).getConnection(dbUserName, dbPassword); + } else { + try { + // using the DriverManager to get a JDBC connection + Class.forName(jdbcDriverClassPath); + myConnection = DriverManager.getConnection(jdbcURL, dbUserName, dbPassword); + } catch (ClassNotFoundException e) { + ... + } + } + ... + try { + PreparedStatement myStatement = myConnection.prepareCall("{?= call select_user ?,?}"); + myStatement.setString(1, userNameField); + myStatement.registerOutParameter(1, Types.VARCHAR); + ResultSet rs = myStatement.executeQuery(); + ... + rs.close(); + } catch (SQLException sqlException) { + ... + } finally { + myStatement.close(); + myConnection.close(); + } + + + [3] Entity Bean, which represents an EJB business object in a persistent storage mechanism. There are two types of entity beans: bean-managed and container-managed. With bean-managed persistence, the developer is responsible of writing the SQL code to access the database (refer to sections [1] and [2] above). With container-managed persistence, the EJB container automatically generates the SQL code. As a result, the container is responsible of preventing malicious attempts to tamper with the generated SQL code. + + Example of how to use an Entity Bean in J2EE: + + // J2EE EJB Example + try { + // lookup the User home interface + UserHome userHome = (UserHome)context.lookup(User.class); + // find the User remote interface + User = userHome.findByPrimaryKey(new UserKey(userNameField)); + ... + } catch (Exception e) { + ... + } + + + RECOMMENDED JAVA TOOLS + N/A + + REFERENCES + + https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html + https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html + external + + + https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html + https://docs.oracle.com/javase/7/docs/api/java/sql/CallableStatement.html + external + + + + ** Input Data Validation: + + While data validations may be provided as a user convenience on the client-tier, data validation must be performed on the server-tier using Servlets. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript. + + A good design usually requires the web application framework to provide server-side utility routines to validate the following: + [1] Required field + [2] Field data type (all HTTP request parameters are Strings by default) + [3] Field length + [4] Field range + [5] Field options + [6] Field pattern + [7] Cookie values + [8] HTTP Response + + A good practice is to implement the above routine as static methods in a "Validator" utility class. The following sections describe an example validator class. + + [1] Required field + Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. + + Example of how to validate required fields: + + // Java example to validate required fields + public Class Validator { + ... + public static boolean validateRequired(String value) { + boolean isFieldValid = false; + if (value != null && value.trim().length() > 0) { + isFieldValid = true; + } + return isFieldValid; + } + ... + } + ... + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateRequired(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } + + + [2] Field data type + In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. Use the Java primitive wrapper classes to check if the field value can be safely converted to the desired primitive data type. + + Example of how to validate a numeric field (type int): + + // Java example to validate that a field is an int number + public Class Validator { + ... + public static boolean validateInt(String value) { + boolean isFieldValid = false; + try { + Integer.parseInt(value); + isFieldValid = true; + } catch (Exception e) { + isFieldValid = false; + } + return isFieldValid; + } + ... + } + ... + // check if the HTTP request parameter is of type int + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // fieldValue is valid, continue processing request + ... + } + + + A good practice is to convert all HTTP request parameters to their respective data types. For example, the developer should store the "integerValue" of a request parameter in a request attribute and use it as shown in the following example: + + // Example to convert the HTTP request parameter to a primitive wrapper data type + // and store this value in a request attribute for further processing + String fieldValue = request.getParameter("fieldName"); + if (Validator.validateInt(fieldValue)) { + // convert fieldValue to an Integer + Integer integerValue = Integer.getInteger(fieldValue); + // store integerValue in a request attribute + request.setAttribute("fieldName", integerValue); + } + ... + // Use the request attribute for further processing + Integer integerValue = (Integer)request.getAttribute("fieldName"); + ... + + + The primary Java data types that the application should handle: + - Byte + - Short + - Integer + - Long + - Float + - Double + - Date + + [3] Field length + Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length. + + Example to validate that the length of the userName field is between 8 and 20 characters: + + // Example to validate the field length + public Class Validator { + ... + public static boolean validateLength(String value, int minLength, int maxLength) { + String validatedValue = value; + if (!validateRequired(value)) { + validatedValue = ""; + } + return (validatedValue.length() >= minLength && + validatedValue.length() <= maxLength); + } + ... + } + ... + String userName = request.getParameter("userName"); + if (Validator.validateRequired(userName)) { + if (Validator.validateLength(userName, 8, 20)) { + // userName is valid, continue further processing + ... + } + } + + + [4] Field range + Always ensure that the input parameter is within a range as defined by the functional requirements. + + Example to validate that the input numberOfChoices is between 10 and 20: + + // Example to validate the field range + public Class Validator { + ... + public static boolean validateRange(int value, int min, int max) { + return (value >= min && value <= max); + } + ... + } + ... + String fieldValue = request.getParameter("numberOfChoices"); + if (Validator.validateRequired(fieldValue)) { + if (Validator.validateInt(fieldValue)) { + int numberOfChoices = Integer.parseInt(fieldValue); + if (Validator.validateRange(numberOfChoices, 10, 20)) { + // numberOfChoices is valid, continue processing request + ... + } + } + } + + + [5] Field options + Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements. + + Example to validate the user selection against a list of allowed options: + + // Example to validate user selection against a list of options + public Class Validator { + ... + public static boolean validateOption(Object[] options, Object value) { + boolean isValidValue = false; + try { + List list = Arrays.asList(options); + if (list != null) { + isValidValue = list.contains(value); + } + } catch (Exception e) { + } + return isValidValue; + } + ... + } + ... + // Allowed options + String[] options = {"option1", "option2", "option3"); + // Verify that the user selection is one of the allowed options + String userSelection = request.getParameter("userSelection"); + if (Validator.validateOption(options, userSelection)) { + // valid user selection, continue processing request + ... + } + + + [6] Field pattern + Always check that the user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression: + ^[a-zA-Z0-9]*$ + + Java 1.3 or earlier versions do not include any regular expression packages. Apache Regular Expression Package (see Resources below) is recommended for use with Java 1.3 to resolve this lack of support. Example to perform regular expression validation: + + // Example to validate that a given value matches a specified pattern + // using the Apache regular expression package + import org.apache.regexp.RE; + import org.apache.regexp.RESyntaxException; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + RE r = new RE(expression); + match = r.match(value); + } + return match; + } + ... + } + ... + // Verify that the userName request parameter is alpha-numeric + String userName = request.getParameter("userName"); + if (Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + // userName is valid, continue processing request + ... + } + + + Java 1.4 introduced a new regular expression package (java.util.regex). Here is a modified version of Validator.matchPattern using the new Java 1.4 regular expression package: + + // Example to validate that a given value matches a specified pattern + // using the Java 1.4 regular expression package + import java.util.regex.Pattern; + import java.util.regexe.Matcher; + public Class Validator { + ... + public static boolean matchPattern(String value, String expression) { + boolean match = false; + if (validateRequired(expression)) { + match = Pattern.matches(expression, value); + } + return match; + } + ... + } + + + [7] Cookie value + Use the javax.servlet.http.Cookie object to validate the cookie value. The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc. + + Example to validate a required cookie value: + + // Example to validate a required cookie value + // First retrieve all available cookies submitted in the HTTP request + Cookie[] cookies = request.getCookies(); + if (cookies != null) { + // find the "user" cookie + for (int i=0; i<cookies.length; ++i) { + if (cookies[i].getName().equals("user")) { + // validate the cookie value + if (Validator.validateRequired(cookies[i].getValue()) { + // valid cookie value, continue processing request + ... + } + } + } + } + + + [8] HTTP Response + [8-1] Filter user input + To guard the application against cross-site scripting, sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters: + < > " ' % ; ) ( & + + + Example to filter a specified string by converting sensitive characters to their corresponding character entities: + + // Example to filter sensitive data to prevent cross-site scripting + public Class Validator { + ... + public static String filter(String value) { + if (value == null) { + return null; + } + StringBuffer result = new StringBuffer(value.length()); + for (int i=0; i<value.length(); ++i) { + switch (value.charAt(i)) { + case '<': + result.append("<"); + break; + case '>': + result.append(">"); + break; + case '"': + result.append("""); + break; + case '\'': + result.append("'"); + break; + case '%': + result.append("%"); + break; + case ';': + result.append(";"); + break; + case '(': + result.append("("); + break; + case ')': + result.append(")"); + break; + case '&': + result.append("&"); + break; + case '+': + result.append("+"); + break; + default: + result.append(value.charAt(i)); + break; + } + return result; + } + ... + } + ... + // Filter the HTTP response using Validator.filter + PrintWriter out = response.getWriter(); + // set output response + out.write(Validator.filter(response)); + out.close(); + + + The Java Servlet API 2.3 introduced Filters, which supports the interception and transformation of HTTP requests or responses. + + Example of using a Servlet Filter to sanitize the response using Validator.filter: + + // Example to filter all sensitive characters in the HTTP response using a Java Filter. + // This example is for illustration purposes since it will filter all content in the response, including HTML tags! + public class SensitiveCharsFilter implements Filter { + ... + public void doFilter(ServletRequest request, + ServletResponse response, + FilterChain chain) + throws IOException, ServletException { + + PrintWriter out = response.getWriter(); + ResponseWrapper wrapper = new ResponseWrapper((HttpServletResponse)response); + chain.doFilter(request, wrapper); + + CharArrayWriter caw = new CharArrayWriter(); + caw.write(Validator.filter(wrapper.toString())); + + response.setContentType("text/html"); + response.setContentLength(caw.toString().length()); + out.write(caw.toString()); + out.close(); + } + ... + public class CharResponseWrapper extends HttpServletResponseWrapper { + private CharArrayWriter output; + + public String toString() { + return output.toString(); + } + + public CharResponseWrapper(HttpServletResponse response){ + super(response); + output = new CharArrayWriter(); + } + + public PrintWriter getWriter(){ + return new PrintWriter(output); + } + } + } + + } + + + [8-2] Secure the cookie + When storing sensitive data in a cookie, make sure to set the secure flag of the cookie in the HTTP response, using Cookie.setSecure(boolean flag) to instruct the browser to send the cookie using a secure protocol, such as HTTPS or SSL. + + Example to secure the "user" cookie: + + // Example to secure a cookie, i.e. instruct the browser to + // send the cookie using a secure protocol + Cookie cookie = new Cookie("user", "sensitive"); + cookie.setSecure(true); + response.addCookie(cookie); + + + RECOMMENDED JAVA TOOLS + The two main Java frameworks for server-side validation are: + [1] Jakarta Commons Validator (integrated with Struts 1.1) + The Jakarta Commons Validator is a powerful framework that implements all the above data validation requirements. These rules are configured in an XML file that defines input validation rules for form fields. Struts supports output filtering of dangerous characters in the [8] HTTP Response by default on all data written using the Struts 'bean:write' tag. This filtering may be disabled by setting the 'filter=false' flag. + + Struts defines the following basic input validators, but custom validators may also be defined: + required: succeeds if the field contains any characters other than white space. + mask: succeeds if the value matches the regular expression given by the mask attribute. + range: succeeds if the value is within the values given by the min and max attributes ((value >= min) & (value <= max)). + maxLength: succeeds if the field is length is less than or equal to the max attribute. + minLength: succeeds if the field is length is greater than or equal to the min attribute. + byte, short, integer, long, float, double: succeeds if the value can be converted to the corresponding primitive. + date: succeeds if the value represents a valid date. A date pattern may be provided. + creditCard: succeeds if the value could be a valid credit card number. + e-mail: succeeds if the value could be a valid e-mail address. + + Example to validate the userName field of a loginForm using Struts Validator: + <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> + + + [2] JavaServer Faces Technology + JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events and input validation. + + The JavaServer Faces API implements the following basic validators, but custom validators may be defined: + validate_doublerange: registers a DoubleRangeValidator on a component + validate_length: registers a LengthValidator on a component + validate_longrange: registers a LongRangeValidator on a component + validate_required: registers a RequiredValidator on a component + validate_stringrange: registers a StringRangeValidator on a component + validator: registers a custom Validator on a component + + The JavaServer Faces API defines the following UIInput and UIOutput Renderers (Tags): + input_date: accepts a java.util.Date formatted with a java.text.Date instance + output_date: displays a java.util.Date formatted with a java.text.Date instance + input_datetime: accepts a java.util.Date formatted with a java.text.DateTime instance + output_datetime: displays a java.util.Date formatted with a java.text.DateTime instance + input_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat + output_number: displays a numeric data type (java.lang.Number or primitive), formatted with a java.text.NumberFormat + input_text: accepts a text string of one line. + output_text: displays a text string of one line. + input_time: accepts a java.util.Date, formatted with a java.text.DateFormat time instance + output_time: displays a java.util.Date, formatted with a java.text.DateFormat time instance + input_hidden: allows a page author to include a hidden variable in a page + input_secret: accepts one line of text with no spaces and displays it as a set of asterisks as it is typed + input_textarea: accepts multiple lines of text + output_errors: displays error messages for an entire page or error messages associated with a specified client identifier + output_label: displays a nested component as a label for a specified input field + output_message: displays a localized message + + Example to validate the userName field of a loginForm using JavaServer Faces: + <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> + + + + REFERENCES + Java API 1.3 - + + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + external + + Java API 1.4 - + + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + external + + Java Servlet API 2.3 - + + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + external + + Java Regular Expression Package - + + http://jakarta.apache.org/regexp/ + http://jakarta.apache.org/regexp/ + external + + Jakarta Validator - + + http://jakarta.apache.org/commons/validator/ + http://jakarta.apache.org/commons/validator/ + external + + JavaServer Faces Technology - + + http://www.javaserverfaces.org/ + http://www.javaserverfaces.org/ + external + + + ** Error Handling: + + Many J2EE web application architectures follow the Model View Controller (MVC) pattern. In this pattern a Servlet acts as a Controller. A Servlet delegates the application processing to a JavaBean such as an EJB Session Bean (the Model). The Servlet then forwards the request to a JSP (View) to render the processing results. Servlets should check all input, output, return codes, error codes and known exceptions to ensure that the expected processing actually occurred. + + While data validation protects applications against malicious data tampering, a sound error handling strategy is necessary to prevent the application from inadvertently disclosing internal error messages such as exception stack traces. A good error handling strategy addresses the following items: + + [1] Defining Errors + [2] Reporting Errors + [3] Rendering Errors + [4] Error Mapping + + [1] Defining Errors + Hard-coded error messages in the application layer (e.g. Servlets) should be avoided. Instead, the application should use error keys that map to known application failures. A good practice is to define error keys that map to validation rules for HTML form fields or other bean properties. For example, if the "user_name" field is required, is alphanumeric, and must be unique in the database, then the following error keys should be defined: + + (a) ERROR_USERNAME_REQUIRED: this error key is used to display a message notifying the user that the "user_name" field is required; + (b) ERROR_USERNAME_ALPHANUMERIC: this error key is used to display a message notifying the user that the "user_name" field should be alphanumeric; + (c) ERROR_USERNAME_DUPLICATE: this error key is used to display a message notifying the user that the "user_name" value is a duplicate in the database; + (d) ERROR_USERNAME_INVALID: this error key is used to display a generic message notifying the user that the "user_name" value is invalid; + + A good practice is to define the following framework Java classes which are used to store and report application errors: + + - ErrorKeys: defines all error keys + + // Example: ErrorKeys defining the following error keys: + // - ERROR_USERNAME_REQUIRED + // - ERROR_USERNAME_ALPHANUMERIC + // - ERROR_USERNAME_DUPLICATE + // - ERROR_USERNAME_INVALID + // ... + public Class ErrorKeys { + public static final String ERROR_USERNAME_REQUIRED = "error.username.required"; + public static final String ERROR_USERNAME_ALPHANUMERIC = "error.username.alphanumeric"; + public static final String ERROR_USERNAME_DUPLICATE = "error.username.duplicate"; + public static final String ERROR_USERNAME_INVALID = "error.username.invalid"; + ... + } + + - Error: encapsulates an individual error + + // Example: Error encapsulates an error key. + // Error is serializable to support code executing in multiple JVMs. + public Class Error implements Serializable { + + // Constructor given a specified error key + public Error(String key) { + this(key, null); + } + + // Constructor given a specified error key and array of placeholder objects + public Error(String key, Object[] values) { + this.key = key; + this.values = values; + } + + // Returns the error key + public String getKey() { + return this.key; + } + + // Returns the placeholder values + public Object[] getValues() { + return this.values; + } + + private String key = null; + private Object[] values = null; + } + + + - Errors: encapsulates a Collection of errors + + // Example: Errors encapsulates the Error objects being reported to the presentation layer. + // Errors are stored in a HashMap where the key is the bean property name and value is an + // ArrayList of Error objects. + public Class Errors implements Serializable { + + // Adds an Error object to the Collection of errors for the specified bean property. + public void addError(String property, Error error) { + ArrayList propertyErrors = (ArrayList)errors.get(property); + if (propertyErrors == null) { + propertyErrors = new ArrayList(); + errors.put(property, propertyErrors); + } + propertyErrors.put(error); + } + + // Returns true if there are any errors + public boolean hasErrors() { + return (errors.size > 0); + } + + // Returns the Errors for the specified property + public ArrayList getErrors(String property) { + return (ArrayList)errors.get(property); + } + + private HashMap errors = new HashMap(); + } + + + Using the above framework classes, here is an example to process validation errors of the "user_name" field: + + // Example to process validation errors of the "user_name" field. + Errors errors = new Errors(); + String userName = request.getParameter("user_name"); + // (a) Required validation rule + if (!Validator.validateRequired(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_REQUIRED)); + } // (b) Alpha-numeric validation rule + else if (!Validator.matchPattern(userName, "^[a-zA-Z0-9]*$")) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_ALPHANUMERIC)); + } + else + { + // (c) Duplicate check validation rule + // We assume that there is an existing UserValidationEJB session bean that implements + // a checkIfDuplicate() method to verify if the user already exists in the database. + try { + ... + if (UserValidationEJB.checkIfDuplicate(userName)) { + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE)); + } + } catch (RemoteException e) { + // log the error + logger.error("Could not validate user for specified userName: " + userName); + errors.addError("user_name", new Error(ErrorKeys.ERROR_USERNAME_DUPLICATE); + } + } + // set the errors object in a request attribute called "errors" + request.setAttribute("errors", errors); + ... + + + [2] Reporting Errors + There are two ways to report web-tier application errors: + (a) Servlet Error Mechanism + (b) JSP Error Mechanism + + [2-a] Servlet Error Mechanism + A Servlet may report errors by: + - forwarding to the input JSP (having already stored the errors in a request attribute), OR + - calling response.sendError with an HTTP error code argument, OR + - throwing an exception + + It is good practice to process all known application errors (as described in section [1]), store them in a request attribute, and forward to the input JSP. The input JSP should display the error messages and prompt the user to re-enter the data. The following example illustrates how to forward to an input JSP (userInput.jsp): + + // Example to forward to the userInput.jsp following user validation errors + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd != null) { + rd.forward(request, response); + } + + + If the Servlet cannot forward to a known JSP page, the second option is to report an error using the response.sendError method with HttpServletResponse.SC_INTERNAL_SERVER_ERROR (status code 500) as argument. Refer to the javadoc of javax.servlet.http.HttpServletResponse for more details on the various HTTP status codes. Example to return a HTTP error: + + // Example to return a HTTP error code + RequestDispatcher rd = getServletContext().getRequestDispatcher("/user/userInput.jsp"); + if (rd == null) { + // messages is a resource bundle with all message keys and values + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + messages.getMessage(ErrorKeys.ERROR_USERNAME_INVALID)); + } + + + As a last resort, Servlets can throw an exception, which must be a subclass of one of the following classes: + - RuntimeException + - ServletException + - IOException + + [2-b] JSP Error Mechanism + JSP pages provide a mechanism to handle runtime exceptions by defining an errorPage directive as shown in the following example: + + <%@ page errorPage="/errors/userValidation.jsp" %> + + + Uncaught JSP exceptions are forwarded to the specified errorPage, and the original exception is set in a request parameter called javax.servlet.jsp.jspException. The error page must include a isErrorPage directive as shown below: + + <%@ page isErrorPage="true" %> + + + The isErrorPage directive causes the "exception" variable to be initialized to the exception object being thrown. + + [3] Rendering Errors + The J2SE Internationalization APIs provide utility classes for externalizing application resources and formatting messages including: + + (a) Resource Bundles + (b) Message Formatting + + [3-a] Resource Bundles + Resource bundles support internationalization by separating localized data from the source code that uses it. Each resource bundle stores a map of key/value pairs for a specific locale. + + It is common to use or extend java.util.PropertyResourceBundle, which stores the content in an external properties file as shown in the following example: + + ################################################ + # ErrorMessages.properties + ################################################ + # required user name error message + error.username.required=User name field is required + + # invalid user name format + error.username.alphanumeric=User name must be alphanumeric + + # duplicate user name error message + error.username.duplicate=User name {0} already exists, please choose another one + + ... + + + Multiple resources can be defined to support different locales (hence the name resource bundle). For example, ErrorMessages_fr.properties can be defined to support the French member of the bundle family. If the resource member of the requested locale does not exist, the default member is used. In the above example, the default resource is ErrorMessages.properties. Depending on the user's locale, the application (JSP or Servlet) retrieves content from the appropriate resource. + + [3-b] Message Formatting + The J2SE standard class java.util.MessageFormat provides a generic way to create messages with replacement placeholders. A MessageFormat object contains a pattern string with embedded format specifiers as shown below: + + // Example to show how to format a message using placeholder parameters + String pattern = "User name {0} already exists, please choose another one"; + String userName = request.getParameter("user_name"); + Object[] args = new Object[1]; + args[0] = userName; + String message = MessageFormat.format(pattern, args); + + + Here is a more comprehensive example to render error messages using ResourceBundle and MessageFormat: + + // Example to render an error message from a localized ErrorMessages resource (properties file) + // Utility class to retrieve locale-specific error messages + public Class ErrorMessageResource { + + // Returns the error message for the specified error key in the environment locale + public String getErrorMessage(String errorKey) { + return getErrorMessage(errorKey, defaultLocale); + } + + // Returns the error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Locale locale) { + return getErrorMessage(errorKey, null, locale); + } + + // Returns a formatted error message for the specified error key in the specified locale + public String getErrorMessage(String errorKey, Object[] args, Locale locale) { + // Get localized ErrorMessageResource + ResourceBundle errorMessageResource = ResourceBundle.getBundle("ErrorMessages", locale); + // Get localized error message + String errorMessage = errorMessageResource.getString(errorKey); + if (args != null) { + // Format the message using the specified placeholders args + return MessageFormat.format(errorMessage, args); + } else { + return errorMessage; + } + } + + // default environment locale + private Locale defaultLocale = Locale.getDefaultLocale(); + } + ... + // Get the user's locale + Locale userLocale = request.getLocale(); + // Check if there were any validation errors + Errors errors = (Errors)request.getAttribute("errors"); + if (errors != null && errors.hasErrors()) { + // iterate through errors and output error messages corresponding to the "user_name" property + ArrayList userNameErrors = errors.getErrors("user_name"); + ListIterator iterator = userNameErrors.iterator(); + while (iterator.hasNext()) { + // Get the next error object + Error error = (Error)iterator.next(); + String errorMessage = ErrorMessageResource.getErrorMessage(error.getKey(), userLocale); + output.write(errorMessage + "\r\n"); + } + } + + + It is recommended to define a custom JSP tag, e.g. displayErrors, to iterate through and render error messages as shown in the above example. + + [4] Error Mapping + Normally, the Servlet Container will return a default error page corresponding to either the response status code or the exception. A mapping between the status code or the exception and a web resource may be specified using custom error pages. It is a good practice to develop static error pages that do not disclose internal error states (by default, most Servlet containers will report internal error messages). This mapping is configured in the Web Deployment Descriptor (web.xml) as specified in the following example: + + <!-- Mapping of HTTP error codes and application exceptions to error pages --> + <error-page> + <exception-type>UserValidationException</exception-type> + <location>/errors/validationError.html</error-page> + </error-page> + <error-page> + <error-code>500</exception-type> + <location>/errors/internalError.html</error-page> + </error-page> + <error-page> + ... + </error-page> + ... + + + + RECOMMENDED JAVA TOOLS + The two main Java frameworks for server-side validation are: + [1] Jakarta Commons Validator (integrated with Struts 1.1) + The Jakarta Commons Validator is a Java framework that defines the error handling mechanism as described above. Validation rules are configured in an XML file that defines input validation rules for form fields and the corresponding validation error keys. Struts provides internationalization support to build localized applications using resource bundles and message formatting. + + Example to validate the userName field of a loginForm using Struts Validator: + <form-validation> + <global> + ... + <validator name="required" + classname="org.apache.struts.validator.FieldChecks" + method="validateRequired" + msg="errors.required"> + </validator> + <validator name="mask" + classname="org.apache.struts.validator.FieldChecks" + method="validateMask" + msg="errors.invalid"> + </validator> + ... + </global> + <formset> + <form name="loginForm"> + <!-- userName is required and is alpha-numeric case insensitive --> + <field property="userName" depends="required,mask"> + <!-- message resource key to display if validation fails --> + <msg name="mask" key="login.userName.maskmsg"/> + <arg0 key="login.userName.displayname"/> + <var> + <var-name>mask</var-name> + <var-value>^[a-zA-Z0-9]*$</var-value> + </var> + </field> + ... + </form> + ... + </formset> + </form-validation> + + + The Struts JSP tag library defines the "errors" tag that conditionally displays a set of accumulated error messages as shown in the following example: + + <%@ page language="java" %> + <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> + <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> + <html:html> + <head> + <body> + <html:form action="/logon.do"> + <table border="0" width="100%"> + <tr> + <th align="right"> + <html:errors property="username"/> + <bean:message key="prompt.username"/> + </th> + <td align="left"> + <html:text property="username" size="16"/> + </td> + </tr> + <tr> + <td align="right"> + <html:submit><bean:message key="button.submit"/></html:submit> + </td> + <td align="right"> + <html:reset><bean:message key="button.reset"/></html:reset> + </td> + </tr> + </table> + </html:form> + </body> + </html:html> + + + [2] JavaServer Faces Technology + JavaServer Faces Technology is a set of Java APIs (JSR 127) to represent UI components, manage their state, handle events, validate input, and support internationalization. + + The JavaServer Faces API defines the "output_errors" UIOutput Renderer, which displays error messages for an entire page or error messages associated with a specified client identifier. + + Example to validate the userName field of a loginForm using JavaServer Faces: + <%@ taglib uri="https://docs.oracle.com/javaee/6/tutorial/doc/glxce.html" prefix="h" %> + <%@ taglib uri="http://mrbool.com/how-to-create-a-login-validation-with-jsf-java-server-faces/27046" prefix="f" %> + ... + <jsp:useBean id="UserBean" + class="myApplication.UserBean" scope="session" /> + <f:use_faces> + <h:form formName="loginForm" > + <h:input_text id="userName" size="20" modelReference="UserBean.userName"> + <f:validate_required/> + <f:validate_length minimum="8" maximum="20"/> + </h:input_text> + <!-- display errors if present --> + <h:output_errors id="loginErrors" clientId="userName"/> + <h:command_button id="submit" label="Submit" commandName="submit" /><p> + </h:form> + </f:use_faces> + + + REFERENCES + Java API 1.3 - + + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-13docs-downloads.html + external + + Java API 1.4 - + + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + https://www.oracle.com/java/technologies/java-archive-142docs-downloads.html + external + + Java Servlet API 2.3 - + + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api + external + + Java Regular Expression Package - + + http://jakarta.apache.org/regexp/ + http://jakarta.apache.org/regexp/ + external + + Jakarta Validator - + + http://jakarta.apache.org/commons/validator/ + http://jakarta.apache.org/commons/validator/ + external + + JavaServer Faces Technology - + + http://www.javaserverfaces.org/ + http://www.javaserverfaces.org/ + external + + ** Filter User Input + + Before passing any data to a SQL query, it should always be properly filtered with whitelisting techniques. This cannot be over-emphasized. Filtering user input will correct many injection flaws before they arrive at the database. + + ** Quote User Input + + Regardless of data type, it is always a good idea to place single quotes around all user data if this is permitted by the database. MySQL allows this formatting technique. + + ** Escape the Data Values + + If you're using MySQL 4.3.0 or newer, you should escape all strings with mysql_real_escape_string(). If you are using an older version of MySQL, you should use the mysql_escape_string() function. If you are not using MySQL, you might choose to use the specific escaping function for your particular database. If you are not aware of an escaping function, you might choose to utilize a more generic escaping function such as addslashes(). + + If you're using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder. + + REFERENCES + + http://ca3.php.net/mysql_real_escape_string + http://ca3.php.net/mysql_real_escape_string + external + + + http://ca.php.net/mysql_escape_string + http://ca.php.net/mysql_escape_string + external + + + http://ca.php.net/addslashes + http://ca.php.net/addslashes + external + + + http://pear.php.net/package-info.php?package=DB + http://pear.php.net/package-info.php?package=DB + external + + + + ** Input Data Validation: + + While data validations may be provided as a user convenience on the client-tier, data validation must always be performed on the server-tier. Client-side validations are inherently insecure because they can be easily bypassed, e.g. by disabling Javascript. + + A good design usually requires the web application framework to provide server-side utility routines to validate the following: + [1] Required field + [2] Field data type (all HTTP request parameters are Strings by default) + [3] Field length + [4] Field range + [5] Field options + [6] Field pattern + [7] Cookie values + [8] HTTP Response + + A good practice is to implement a function or functions that validates each application parameter. The following sections describe some example checking. + + [1] Required field + Always check that the field is not null and its length is greater than zero, excluding leading and trailing white spaces. + + Example of how to validate required fields: + + // PHP example to validate required fields + function validateRequired($input) { + ... + $pass = false; + if (strlen(trim($input))>0){ + $pass = true; + } + return $pass; + ... + } + ... + if (validateRequired($fieldName)) { + // fieldName is valid, continue processing request + ... + } + + + + [2] Field data type + In web applications, input parameters are poorly typed. For example, all HTTP request parameters or cookie values are of type String. The developer is responsible for verifying the input is of the correct data type. + + [3] Field length + Always ensure that the input parameter (whether HTTP request parameter or cookie value) is bounded by a minimum length and/or a maximum length. + + [4] Field range + Always ensure that the input parameter is within a range as defined by the functional requirements. + + [5] Field options + Often, the web application presents the user with a set of options to choose from, e.g. using the SELECT HTML tag, but fails to perform server-side validation to ensure that the selected value is one of the allowed options. Remember that a malicious user can easily modify any option value. Always validate the selected user value against the allowed options as defined by the functional requirements. + + [6] Field pattern + Always check that user input matches a pattern as defined by the functionality requirements. For example, if the userName field should only allow alpha-numeric characters, case insensitive, then use the following regular expression: + ^[a-zA-Z0-9]+$ + + [7] Cookie value + The same validation rules (described above) apply to cookie values depending on the application requirements, e.g. validate a required value, validate length, etc. + + [8] HTTP Response + + [8-1] Filter user input + To guard the application against cross-site scripting, the developer should sanitize HTML by converting sensitive characters to their corresponding character entities. These are the HTML sensitive characters: + < > " ' % ; ) ( & + + + PHP includes some automatic sanitization utility functions, such as htmlentities(): + + $input = htmlentities($input, ENT_QUOTES, 'UTF-8'); + + + In addition, in order to avoid UTF-7 variants of Cross-site Scripting, you should explicitly define the Content-Type header of the response, for example: + + <?php + + header('Content-Type: text/html; charset=UTF-8'); + + ?> + + + [8-2] Secure the cookie + + When storing sensitive data in a cookie and transporting it over SSL, make sure that you first set the secure flag of the cookie in the HTTP response. This will instruct the browser to only use that cookie over SSL connections. + + You can use the following code example, for securing the cookie: + + <$php + + $value = "some_value"; + $time = time()+3600; + $path = "/application/"; + $domain = ".example.com"; + $secure = 1; + + setcookie("CookieName", $value, $time, $path, $domain, $secure, TRUE); + ?> + + + + In addition, we recommend that you use the HttpOnly flag. When the HttpOnly flag is set to TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers). + + The HttpOnly flag was Added in PHP 5.2.0. + + REFERENCES + + [1] Mitigating Cross-site Scripting With HTTP-only Cookies: + + http://msdn2.microsoft.com/en-us/library/ms533046.aspx + http://msdn2.microsoft.com/en-us/library/ms533046.aspx + external + + [2] PHP Security Consortium: + + http://phpsec.org/ + http://phpsec.org/ + external + + [3] PHP & Web Application Security Blog (Chris Shiflett): + + http://shiflett.org/ + http://shiflett.org/ + external + + + + + "Web Application Disassembly with ODBC Error Messages" (By David Litchfield) + http://www.cgisecurity.com/lib/webappdis.doc + external + + + + + attDirectoryFound + Hidden Directory Detected + 200 + + This issue may affect different types of products. + + + The web server or application server are configured in an insecure way + + + It is possible to retrieve information about the site's file system structure, which may help the attacker to map the web site + The web application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site. For example, by knowing the directory name, an attacker can guess its content type and possibly file names that reside in it, or sub directories under it, and try to access them. + The more sensitive the content is, the more severe this issue may be. + + + If the forbidden resource is not required, remove it from the site. + If possible, issue a "404 - Not Found" response status code instead of "403 - Forbidden". This change will obfuscate the presence of the directory in the site, and will prevent the site structure from being exposed. + + + + attDirOptions + Insecure "OPTIONS" HTTP Method Enabled + 74 + + This issue may affect different types of products + + + The web server or application server are configured in an insecure way + + + It is possible to upload, modify or delete web pages, scripts and files on the web server + It seems that the web server is configured to allow one (or more) of the following HTTP methods (verbs): + - DELETE + - SEARCH + - COPY + - MOVE + - PROPFIND + - PROPPATCH + - MKCOL + - LOCK + - UNLOCK + - PUT + + These methods may indicate that WebDAV is enabled on the server, and may allow unauthorized users to exploit it. + + + If you do not need WebDAV enabled on your server, make sure that you either disable it, or disallow HTTP methods (verbs) that are unneeded. + + + + WASC Threat Classification: Content Spoofing + http://www.webappsec.org/projects/threat/classes/content_spoofing.shtml + external + + + + + attContentSecurityPolicy + Missing "Content-Security-Policy" header + 1032 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The absence or improper values of CSP can cause the web application being vulnerable to XSS, clickjacking, etc. + The "Content-Security-Policy" header is designed to modify the way browsers render pages, and thus to protect from various cross-site injections, including Cross-Site Scripting. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. For example, if the header is set to prevent execution of inline JavaScript, the web site must not use inline JavaScript in its pages. + To protect against Cross-Site Scripting, Cross-Frame Scripting and clickjacking, it is important to set the following policies with proper values: + Both of 'default-src' and 'frame-ancestors' policies, *OR* all of 'script-src', 'object-src' and 'frame-ancestors’ policies. + For 'default-src', 'script-src' and 'object-src', insecure values such as '*', 'data:', 'unsafe-inline' or 'unsafe-eval' should be avoided. + For 'frame-ancestors', insecure values such as '*' or 'data:' should be avoided. + Additionally for 'script-src', and 'default-src' (fallback directive for 'script-src') 'self' is considered insecure and should be avoided. + Please refer the following links for more information. + Please note that “Content-Security-Policy” includes four different tests. A general test that verifies if the "Content-Security-Policy" header is being used and three additional tests that check if "Frame-Ancestors", "Object-Src" and "Script-Src" were configured correctly. + + + Configure your server to send the "Content-Security-Policy" header. + It is recommended to configure Content-Security-Policy header with secure values for its directives as below: + For 'default-src', and 'script-src' secure values such as 'none', or https://any.example.com. + For 'frame-ancestors', and 'object-src' secure values such as 'self', 'none' or https://any.example.com are expected. + "unsafe-inline" and "unsafe-eval" must not be used in any circumstance. Using nonce / hash would be only considered for short-term workaround. + For Apache, see: + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + For IIS, see: + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + For nginx, see: + http://nginx.org/en/docs/http/ngx_http_headers_module.html + + + + List of some secure Headers + https://owasp.org/www-project-secure-headers/ + external + + + An Introduction to Content Security Policy + http://www.html5rocks.com/en/tutorials/security/content-security-policy/ + external + + + MDN web docs - Content-Security-Policy + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + external + + + + + ContentTypeOptions + Missing or insecure "X-Content-Type-Options" header + 200 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The "X-Content-Type-Options" header (with "nosniff" value) prevents IE and Chrome from ignoring the content-type of a response. + This action may prevent untrusted content (e.g. user uploaded content) from being executed on the user browser (after a malicious naming, for example). + + + Configure your server to send the "X-Content-Type-Options" header with value "nosniff" on all outgoing requests. + + For Apache, see: + + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + http://httpd.apache.org/docs/2.2/mod/mod_headers.html + external + + For IIS, see: + + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + https://technet.microsoft.com/pl-pl/library/cc753133%28v=ws.10%29.aspx + external + + For nginx, see: + + http://nginx.org/en/docs/http/ngx_http_headers_module.html + http://nginx.org/en/docs/http/ngx_http_headers_module.html + external + + + + + List of useful HTTP headers + https://www.owasp.org/index.php/List_of_useful_HTTP_headers + external + + + Reducing MIME type security risks + https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx + external + + + + + attTempDirectoryFound + Temporary Directory Found + 200 + + This issue may affect different types of products. + + + The web server or application server are configured in an insecure way + + + It is possible to retrieve information about the site's file system structure, which may help the attacker to map the web site + The web application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site. For example, by knowing the directory name, an attacker can guess its content type and possibly file names that reside in it, or sub directories under it, and try to access them. + The more sensitive the content is, the more severe this issue may be. + + + If the forbidden resource is not required, remove it from the site. + If possible, issue a "404 - Not Found" response status code instead of "403 - Forbidden". This change will obfuscate the presence of the directory in the site, and will prevent the site structure from being exposed. + + + + JavaStackTrace + Java Stack Trace + + There is a Java stack trace payload in the response + + + Sensitive data is exposed to all clients + + + Display a generic error message + + + + Quality.Comments + HTML Comments Sensitive Information Disclosure + 615 + + Many web application programmers use HTML comments to help debug the application when needed. While adding general comments is very useful, some programmers tend to leave important data in client-side comments, such as filenames related to the web application, links which were not meant to be browsed by users, old code fragments including passwords, etc. + Comments such as BUG, FIXME, and TODO may be an indication of missing security functionality and checking. Others indicate code problems that you should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues. Comments in HTML and JavaScript are usually easily viewable by end users. + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations. + An attacker who finds these comments can map the application's structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site. + + + Remove client-side comments that could reveal internal information for development time. Consider processing files before deployment to automatically remove all comments. This allows comments to be visible to internal developers but not to external users. + Do not leave any sensitive information, such as filenames, file paths, passwords, or SQL queries, in HTML or JavaScript comments. + Remove traces of previous (or future) site links in the production site comments. + + + Java + .NET + + + + attReferrerPolicyHeaderExist + Missing "Referrer policy" Security Header + 200 + + This issue may affect different types of products + + + Insecure web application programming or configuration + + + It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations + It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. + The absence or improper values of Referrer Policy can cause URL leak itself, and even sensitive information contained in the URL will be leaked to the cross-site. + This is a part of ruleset to check if Referrer Policy is present and if so to test its configuration. The "Referer Policy" header defines what data is made available in the Referer header, and for navigation and iframes in the destination's (document.referrer). This header is designed to modify the way browsers render pages, and thus to prevent cross-domain Referer leakage. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. + Referer header is a request header that indicates the site which the traffic originated from. If there is no adequate prevention in place, the URL itself, and even sensitive information contained in the URL will be leaked to the cross-site. + + "no-referrer-when-downgrade" and "unsafe-url" are the policies which leaks the Full Url for the ThirdParty Sites. The remaining policies are"no-referrer", "origin", "origin-when-cross-origin","same-origin", "strict-origin", "strict-origin-when-cross-origin. + + Please refer the following links for more information. + + + Configure your server to send the "Referrer Policy" header. + It is recommended to configure Referrer Policy header with secure values for its directives as below: + "strict-origin-when-cross-origin" offers more privacy. With this policy, only the origin is sent in the Referer header of cross-origin requests. + + For Google Chrome, see: + + https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default + https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default + external + + For Firefox , see: + + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy. + external + + + + + MDN web docs - Referrer-Policy + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy + external + + + + +     \ No newline at end of file diff --git a/unittests/scans/hcl_appscan/no_findings.xml b/unittests/scans/hcl_appscan/no_findings.xml new file mode 100644 index 00000000000..f7a42674d5c --- /dev/null +++ b/unittests/scans/hcl_appscan/no_findings.xml @@ -0,0 +1,695 @@ + + + + added + added to request: + Additional Data: + Advisories + Affected Products: + Vulnerable URLs + Concurrent Logins: + Application Data + Application Server: + AppScan Severity + Harmless + This request/response contains binary content, which is not included in generated reports. + Body + Failed Requests + Cause + Causes + Causes: + Id + Name + The following weak cipher suites are supported by the server: + Code + Comment + Comments + Cookie + Cookies + CVE: + CWE: + Detailed Summary + A detailed listing of the scan results, including all issue types found, all recommended remediation tasks, all vulnerable URLs, etc. This section is intended to provide a more detailed understanding of the security status of the application, as well as assist in scoping and prioritizing the work required to remedy issues found. + Tracked or session ID cookies: + Tracked or session ID parameters: + Difference: + Document Map + This report consists of the following sections: + Domain + .Net + JavaScript execution: + Entity + Entity: + Example + Summary + This section provides a high level view of the information gathered during the scan, using graphs or comparative numbers. It is intended to provide a general understanding of the security status of the application. + Expires + Filtered URLs + First Set + Fix + Fix: + Fix Recommendations + General + General Information + Header + High + High severity issues: + Host: + Index + Informational + Informational severity issues: + Introduction + Introduction and Objectives + General information about the scan, including the project name, purpose of the scan, etc. + Issue + Issues Sorted by Issue Type + Issues Sorted by URL + Issues detected across + Issue Type + Issue Types + Issue Types + J2EE + JavaScripts + Login Settings + Low + Low severity issues: + Malicious + manipulated from: + Medium + Medium severity issues: + Method + Name + New URLs + Report Produced on Tree node: + this is now the same as the one below - should be removed + Number of Issues + Objectives + AppScan performs real-time security assessments on web applications. These assessments aim to uncover any security issues in the application, explain the impact and risks associated with these issues, and provide guidance in planning and prioritizing remediation. The objective of this assignment was to perform controlled attack and penetration activities to assess the overall level of security of the application. + of + Operating system: + Original Request + Original Requests and Responses: + Original Response + Parameter + Parameters + Path + PHP + Query + Raw Test Response: + Reason + Reasoning: + Login sequence: + References: + Regulations + Remaining URLs + Remediation Task + removed + removed from request: + Removed URLs + Comprehensive Security Report + AppScan Web Application Security Report + Requested URL + Request + Response + Risk + Risk: + Rules: + Scan started: + Scan file name: + Sections + sections of the regulation: + Violated Section + GDPR Articles + Section Violation by Issue + Secure + Detailed Security Issues by Sections + Security Risks + Security Risks: + Login method: + In-session detection: + In-session pattern: + Severity + Severity: + Unique issues detected across + SSL Version + Table of Contents + Test Description: + Test Login + Test policy: + Test Request: + Test Requests and Responses: + Test Response (first) + Test Response + Test Response (last) + Test Response (next-to-last) + Technical Description: + Test Type: + Threat + WASC Threat Classification + Threat Classification: + TOC + to: + Total security issues included in the report: + Total security issues: + total security issues + Type + Unwanted + URL + URL: + Valid Login + Value + Variant + Visited URLs + Vulnerable URLs + Web server: + Issue Types that this task fixes + Simulation of the pop-up that appears when this page is opened in a browser + Location + Intent Action: + Intent Class: + Intent Data: + Intent Extra: + Intent Package: + Payload + Issues: + Method Signature: + Issue Validation Parameters: + Thread: + Timestamp: + Trace: + Issue Information + This issue was detected by AppScan's Mobile Analyzer. + Call Stack: + Header: + XML: + File Name: + File Permission: + Synopsis: + Dump: + Manifest: + Request: + Method Information + Signature: + File: + Name: + Permissions: + Class + Function + Line + Created by: + Summary of security issues + Issues + Go to Table of Contents + Issue Types: + Application Version: + Scan Name: + First Variant: + Variants Found: + OWASP: + X-Force: + (Only the first one is displayed) + No security issues discovered in the scan + Scan status: + Note that the scan on which this report is based was not completed. + Success + Refer to the site for more details. + Sink + Source + OWASP Top 10 + File Path: + Reference: + Free Plan + Please Note: + This summary report was created with the Application Security Analyzer Free Plan. Once you purchase the full service you will have access to a complete report with detailed descriptions of the issues found and how to remediate them. + Activities: + Coverage + Activities + This report includes important security information about your mobile application. + Fix Recommendations: + Component + Glossary + Privacy: + Symbols Found: + Mobile Application Report + Class Signature: + Defining Class + Controllable Object Fields: + Receivers: + Services: + Receivers + Services + Method Signature: + Issue Information: + Settings For Target: + Provider: + Sample Report + Login Mode: + Views: + Views + None + Automatic + Manual + Calling Line + Calling Method + Class + Classification + Critical + Date Created + Discovery Method + Last Updated + Package + Scans: + Severity Value + Status + API + Element + Scheme + Sink: + Source: + Trace + Source File + Access Complexity + Access Vector + Authentication + Availability Impact + Confidentiality Impact + CVE + CVSS + Description + Exploitability + Integrity Impact + Summary + Activities that were tested for security vulnerabilities, as defined in the app's manifest. + Issue Types that ASoC has tested your application for. + Receivers that were tested for security vulnerabilities, as defined in the app's manifest. + Services that were tested for security vulnerabilities, as defined in the app's manifest. + Titles of Views encountered when crawling the app. + Leaked Information: + Password: + User Name: + Mitigation: + Alternate Fix Suggestions + This method is a part of the application code and appears in each of the grouped issue's traces. You should begin investigating a possible fix in the implementation of the method. + This method is a third-party API, with a common caller in each of the grouped issue's traces. You should begin investigating a possible fix at the caller: + Replace/Repair Vulnerable OpenSource: + Please refer to the details of this issue for fix recommendations. + Business Impact: + Created: + Security Report for: + Regulation Report for: + Notes: + - Details + - Discussion + Contains: + {0} issues + (out of {0}) + - Audit Trail + Cause: + HCL Application Security on Cloud, Version + Directory: + Constant Value: + Found in: + Informational + Low + Medium + High + Critical + User Supplied Credit Card Number: + User Supplied Id: + User Supplied Input: + User Supplied Password: + User Supplied Phone Number: + User Supplied User Name: + - Fix Recommendation + Included for each issue separately. + Port: + Application Name: + Copyleft: + Copyright Risk: + Date: + Library Name: + License Name: + Open Source Report + Licenses + Linking: + Patent Risk: + Reference Type: + Reference URL: + Risk Level: + Libraries with high risk level: + Libraries with low risk level: + Libraries with medium risk level: + Libraries with unknown risk level: + Royalty Free: + Total Open Source Libraries: + AppScan on Cloud + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification, subject to an exception for software that dynamically links to the original code. (example: LGPL). + Anyone who distributes a modification of the code may be required to make the source code for the modification publicly available at no charge. + Licensee may use the code without restriction. + Anyone who develops a product that is based on or contains part of the code, or who modifies the code, may be required to make publicly available the source code for that product or modification if s/he (a) distributes the software or (b) enables others to use the software via hosted or web services. (example: Affero) + Anyone who distributes a modification of the code or a product that is based on or contains part of the code may be required to make publicly available the source code for the product or modification. (example: GPL). + Anyone who distributes the code must provide certain notices, attributions and/or license terms in documentation with the software. + Anyone who distributes the code must retain any attributions included in the original distribution. + Specific identified patent risks + Royalty free and no identified patent risks + No patents granted + Royalty free unless litigated + Report created at: + Report for scan: + Open source library name + Risk level + Security Report + Open Source Libraries + Unknown + Reference + In this section you’ll find more details about the fields and their values. + Disabled + Enabled + None + Automatic + Prompt + Recorded login + Unknown + (Modified) + Any + Unknown + Sample Trace + License Type + Scan Security Report + This report lists all the open source libraries found in your scan, and their associated open source Risk Levels. + + Open Source Risk Levels are not the same as the Risk Levels in Security Reports, and not related to the vulnerabilities of specific issues. + You can see if any of the libraries have known vulnerabilities in Issue Management view. + Number Of Libraries + Report Date: + Scanned under Application: + Scan Start Date: + Total Open Source License Types: + Details + Threat Classification: + Fix Groups: + Implementation of {0} + Usage of {0} via {1} + Fix Group #{0}: {1} + This section groups {0} issues of type {1} with significant commonality in the their traces. + This section groups {0} issues with significant commonality in their traces. The following issue types are included: + This section groups {0} issues of type {1} with a common opensource file. + This section groups {0} issues with a common opensource file. The following issue types are included: + These issues are grouped together to try to help you find a common fix that resolves them all. + These method calls are also common to the traces of the issues in this group. They represent other possible These method calls are also common to the traces of the issues in this group. They represent other possible locations to investigate a fix. + All {0} issues in this report appear to be independent, lacking the commonality required in their traces to be grouped together. They all appear in this section. + This section lists the remaining {0} issues that could not be included in any other fix groups. + The following issue types are included: + Ungrouped + Fix Recommendation + Library Version: + API: + at line + Call + Caller: + Description: + Name: + Example Trace: + File + Lost Sink + Not a Validator + Sample Trace + Publish date: + Resolution: + Source and Sink + Tainted Arg + Taint Propagator + via + Virtual Lost Sink + Test Optimization: + Normal + Optimized + Issue ID: + Compliance Security Report + Undefined + Undefined + Title: + Report Date UTC: + Fix Group ID: + Method: + Query String: + URI: + Arguments: + Call Trace: + Object: + Return: + Stack: + Type: + By Fix Groups: + By Issue Types: + Fix-Groups + Library: + Location: + Status: + Common API Call: + Common Fix Point: + Common Open Source: + Common Fix Point: + OpenSource + API: + Location of fix: + Library name: + Location of fix: + Advisory: + Custom Advisory: + Hosts + Fast + Faster + Fastest + No Optimization + How to Fix: + Report Name: + Technology: + Scan Information + General Advisory: + Finding specific advisory: + Example: + Exploit Example: + (none) + Not applicable for this issue. + HTTP Only + JS Stack Trace + Same Site + False + True + (Mixed) + Articles + CWE + Exploit example + External references + Recommendations + Language: + How to Fix + See also issue-details 'Resolution' section below. + Mitigation + Important: + Note: The number of issues found exceeded the maximum that can be shown in a single set of results. +The scan results show {0} representitive issues. + Personal Scan + Personal Scans are deleted after {0} days, unless promoted to the application within that time. + Additional Information: + Fixed + In Progress + New + Noise + Open + Passed + Reopened + Definitive + Scan Coverage Findings + Suspect + Cipher Suites: + ID + Fix recommendation + Default (Production) + Default (Staging) + Default + Body + Cookie + Global + Header + Header Name + Link + Other + Page + Parameter + Parameter Name + Query + Role + Source Line + Unspecified + Critical + High + Low + Medium + Unspecified + Report for application: + This report lists all the open source libraries found in your application, and their associated open source Risk Levels. + License Details + Library Name + Version + Undefined + Critical severity issues: + Full + No + Partial + Undefined + Dynamic + Non Viral + Undefined + Viral + Alpine + Arch Linux + Bower + Build Configuration File + Details available in CDNJS + Debian + .NET + Eclipse OSGI Bundle + Details available in GitHub repository + License information in host site + License File + Node package manager + NuGet Package + Other + POM file + Project Home Page + Python Package Index + Readme File + RPM + RubyGems + License assigned manually by a user in the organization + Undefined + High + Low + Medium + Undefined + Unknown + Conditional + No + Yes + Undefined severity issues: + Last Found + CVSS Version + Total Items: + + + Report_DAST_2023-10-19 + HCL + Application Security on Cloud + ABC + Medium + Thursday, October 19, 2023 + FullReport + 7 + False + 30 + 20000 + False + Fast + ASoC + DAST + + + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + + + Cookie with Insecure or Improper or Missing SameSite attribute + + + Insecure "OPTIONS" HTTP Method Enabled + + + Missing "Content-Security-Policy" header + + + Missing Encryption + + + Missing or insecure "X-Content-Type-Options" header + + + Missing "Referrer policy" Security Header + + + + + 1 + + JSESSIONID + B5177BE267E2BB455ACF3CD4E35EDE27 + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + ec2-13-235-80-114.ap-south-1.compute.amazonaws.com + + dictionaryFalse + dictionaryTrue + + + + + + 0 + + + 1 + + <!DOCTYPE html> + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + + 1 + + user + + ApplicationData.HttpParamType.Text + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 0 + + + 2 + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 5 + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/ + + + http://ec2-13-235-80-114.ap-south-1.compute.amazonaws.com:9000/servlet-example-1.0-SNAPSHOT/userCheck?user= + + + + 0 + + + 0 + + \ No newline at end of file diff --git a/unittests/scans/horusec/horres3.json b/unittests/scans/horusec/horres3.json index fc13b940fce..2e33335fd36 100644 --- a/unittests/scans/horusec/horres3.json +++ b/unittests/scans/horusec/horres3.json @@ -1531,7 +1531,7 @@ "line": "104", "column": "24", "confidence": "LOW", - "file": "dojo/tools/whitesource/parser.py", + "file": "dojo/tools/mend/parser.py", "code": " dupe_key = hashlib.md5(vuln.get('description').encode('utf-8') + vuln.get('title').encod", "details": "Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.", "securityTool": "Semgrep", @@ -4987,7 +4987,7 @@ "line": "104", "column": "0", "confidence": "HIGH", - "file": "dojo/tools/whitesource/parser.py", + "file": "dojo/tools/mend/parser.py", "code": "103 def _dedup_and_create_finding(dupes, vuln):\n104 dupe_key = hashlib.md5(vuln.", "details": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", "securityTool": "Bandit", diff --git a/unittests/scans/horusec/issue_6258.json b/unittests/scans/horusec/issue_6258.json new file mode 100644 index 00000000000..1ff5e526044 --- /dev/null +++ b/unittests/scans/horusec/issue_6258.json @@ -0,0 +1,350 @@ +{ + "version": "v2.7.1", + "id": "069b99dd-b629-422a-ab84-c3e604db16dd", + "repositoryID": "00000000-0000-0000-0000-000000000000", + "repositoryName": "", + "workspaceID": "00000000-0000-0000-0000-000000000000", + "workspaceName": "", + "status": "error", + "errors": "Error while running tool YarnAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a yarn.lock file. If you use Yarn to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities; Error while running tool NpmAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a package-lock.json file. If you use NPM to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities", + "createdAt": "2022-05-06T10:20:51.708730164-03:00", + "finishedAt": "2022-05-06T10:20:56.195480404-03:00", + "analysisVulnerabilities": [ + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195484682-03:00", + "vulnerabilities": { + "vulnerabilityID": "975c9a7e-38c3-44ab-a9ec-810c35a7ba06", + "line": "0", + "column": "0", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-ui-1.9.1.custom.min.js", + "code": "", + "details": "No use eval\nThe eval function is extremely dangerous. Because if any user input is not handled correctly and passed to it, it will be possible to execute code remotely in the context of your application (RCE - Remote Code Executuion). For more information checkout the CWE-94 (https://cwe.mitre.org/data/definitions/94.html) advisory.", + "securityTool": "HorusecEngine", + "language": "JavaScript", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "8de87f081b762ff58ab73fd5056d22ffc330a9e59a90d31cce2bfc9319e1dfcd" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195486104-03:00", + "vulnerabilities": { + "vulnerabilityID": "a3a5ec03-d94c-496f-b994-3c02fbc98a2e", + "line": "35", + "column": "3", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-limit-1.2.js", + "code": "eval(substringFunction);", + "details": "No use eval\nThe eval function is extremely dangerous. Because if any user input is not handled correctly and passed to it, it will be possible to execute code remotely in the context of your application (RCE - Remote Code Executuion). For more information checkout the CWE-94 (https://cwe.mitre.org/data/definitions/94.html) advisory.", + "securityTool": "HorusecEngine", + "language": "JavaScript", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "f66f21b91a63ec0d202120234638a11a11f6013a29267df1e4beb29250686980" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195495231-03:00", + "vulnerabilities": { + "vulnerabilityID": "b066e64a-2195-492e-83fd-d846512a7c0e", + "line": "26", + "column": "55", + "confidence": "MEDIUM", + "file": "resources-external/GetGestaoInternet/security/env.xml", + "code": "\u003cenv key=\"authn.cas.fixed.initial.url\" value=\"http://10.65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "37a7b568e8d412123e2252e891c6cdf0cb74d2d8f1565404a37e84c15f1227ed" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195496504-03:00", + "vulnerabilities": { + "vulnerabilityID": "039f2a4e-ac8c-4fad-bbb2-744ac901739c", + "line": "27", + "column": "45", + "confidence": "MEDIUM", + "file": "resources-external/GetGestaoInternet/security/env.xml", + "code": "\u003cenv key=\"authn.cas.service\" value=\"http://10.65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "7e072c58edc6e16f829380fffb8a37c685e4f0c7ced73889a076ecdee1f38ca5" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195497836-03:00", + "vulnerabilities": { + "vulnerabilityID": "68c1c9f5-e8ca-4e4b-bee9-4e63935b1e1b", + "line": "35", + "column": "95", + "confidence": "MEDIUM", + "file": "resources-external/GetGestaoInternet/security/env.xml", + "code": ".65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "cf47b012e90c5df40df45cf5a786dd928a050a62acb1fa4fbd6a894807206b77" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195502956-03:00", + "vulnerabilities": { + "vulnerabilityID": "b6195166-8b9c-458d-b06d-1557aeaf2996", + "line": "46", + "column": "63", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/resources/config/security/env.xml", + "code": "value=\"https://hgeridinss.dataprev.gov.br/cas/logout?http://10.65.10.122:7001/gestaotarefas/\" /\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "f027016b3e370c00fac4541f079d3ac3a2ee72360a0fc61e3bccd2d6b5e5a9f2" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195504298-03:00", + "vulnerabilities": { + "vulnerabilityID": "347886aa-8bab-4e3e-9ef1-926405369ed1", + "line": "53", + "column": "17", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/resources/config/security/env.xml", + "code": "value=\"http://10.65.10.122:7001/gestaotarefas/\" /\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "7aed2bc6c33ce82ca4f257c09ae575421b54b59994dd47dd55dc92a1a98fb05b" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195505571-03:00", + "vulnerabilities": { + "vulnerabilityID": "28d4bd3a-95dd-4cf6-92c7-659d317bf6a1", + "line": "55", + "column": "17", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/resources/config/security/env.xml", + "code": "value=\"http://10.65.10.122:7001/gestaotarefas/\" /\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "1d7b3fbc9d913f49fa3653468c8a272e248755aa7f387611c68e413cae6c2185" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195506863-03:00", + "vulnerabilities": { + "vulnerabilityID": "04613eb5-dcc6-4ed5-aaad-bce242953ade", + "line": "26", + "column": "55", + "confidence": "MEDIUM", + "file": "resources-external/GetGestao/security/env.xml", + "code": "\u003cenv key=\"authn.cas.fixed.initial.url\" value=\"http://10.65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "02ae35db2145f20ce3211b7922da10888fabf95728ad9e40b4c474cfc6caee27" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195508196-03:00", + "vulnerabilities": { + "vulnerabilityID": "7eef0369-0b1e-4edf-b71d-d6725ebdffd3", + "line": "27", + "column": "45", + "confidence": "MEDIUM", + "file": "resources-external/GetGestao/security/env.xml", + "code": "\u003cenv key=\"authn.cas.service\" value=\"http://10.65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "0da647dea51664cc7ea8cf44b5736551cce1c79c97d45e5fbaf56f5f0207ab70" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195509458-03:00", + "vulnerabilities": { + "vulnerabilityID": "fe5f782f-50b3-4623-879b-bb071bc2634b", + "line": "35", + "column": "95", + "confidence": "MEDIUM", + "file": "resources-external/GetGestao/security/env.xml", + "code": ".65.10.137:7001/gestaotarefas\"/\u003e", + "details": "Remote code injection Apache Log4j\nLog4j versions prior to 2.17.1 are subject to a remote code execution vulnerability via the ldap JNDI parser, uncontrolled recursion from self-referential lookups and some other vulnerabilities. For more information checkout the CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228), CVE-2021-45046 (https://nvd.nist.gov/vuln/detail/CVE-2021-45046), CVE-2021-45105 (https://nvd.nist.gov/vuln/detail/CVE-2021-45105) and CVE-2021-44832 (https://nvd.nist.gov/vuln/detail/CVE-2021-44832) advisories.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "ac5e0ae2a9b400655f8c0d0e81cb5eaed329e17e2de7d1f36792c195531ac4ce" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195513085-03:00", + "vulnerabilities": { + "vulnerabilityID": "04908034-7730-48d7-b3cc-371569d72869", + "line": "37", + "column": "52", + "confidence": "MEDIUM", + "file": "scripts/sibeVars.conf", + "code": "[ \"${MW_PASSW}a\" == \"a\" ] \u0026\u0026 export MW_PASSW=\"weblogic00\"", + "details": "Hard-coded password\nThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + "securityTool": "HorusecEngine", + "language": "Leaks", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "135912fe0ecacafaf374d3ae1d8c2bdbbcc0d8db186238064bf8dda1b4803a53" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195480664-03:00", + "vulnerabilities": { + "vulnerabilityID": "f2754733-28ab-4789-9b0b-78bd7fbf52d7", + "line": "0", + "column": "0", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-validate.min.js", + "code": "", + "details": "Origins should be verified during cross-origin communications\nBrowsers allow message exchanges between Window objects of different origins. Because any window can send / receive messages from other window it is important to verify the sender's / receiver's identity: When sending message with postMessage method, the identity's receiver should be defined (the wildcard keyword (*) should not be used).\nWhen receiving message with message event, the sender's identity should be verified using the origin and possibly source properties. For more information checkout the OWASP A2:2017 (https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication) and (https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) advisory.", + "securityTool": "HorusecEngine", + "language": "JavaScript", + "severity": "HIGH", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "234b1d2c99e3bb26a1b7c405366e297a44a0c81752017620547f4cd697cb3bff" + } + }, + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195501693-03:00", + "vulnerabilities": { + "vulnerabilityID": "19f9f287-a5d3-4a4c-9a5b-63fdc43c0507", + "line": "146", + "column": "33", + "confidence": "LOW", + "file": "GetGestaoVisaoWeb/src/main/java/br/gov/dataprev/get/web/util/ErrorHandlingUtils.java", + "code": "String errorCode = Base64.encodeBase64String(input);", + "details": "Base64 Encode\nBasic authentication's only means of obfuscation is Base64 encoding. Since Base64 encoding is easily recognized and reversed, it offers only the thinnest veil of protection to your users, and should not be used.", + "securityTool": "HorusecEngine", + "language": "Java", + "severity": "MEDIUM", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "7b46dd376eb1dee966320f834e3ab0e060ece64b17f67b233f43cdabfea86a5b" + } + } + ] + } \ No newline at end of file diff --git a/unittests/scans/horusec/pr_6563.json b/unittests/scans/horusec/pr_6563.json new file mode 100644 index 00000000000..f352db39361 --- /dev/null +++ b/unittests/scans/horusec/pr_6563.json @@ -0,0 +1,38 @@ +{ + "version": "v2.7.1", + "id": "069b99dd-b629-422a-ab84-c3e604db16dd", + "repositoryID": "00000000-0000-0000-0000-000000000000", + "repositoryName": "", + "workspaceID": "00000000-0000-0000-0000-000000000000", + "workspaceName": "", + "status": "error", + "errors": "Error while running tool YarnAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a yarn.lock file. If you use Yarn to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities; Error while running tool NpmAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a package-lock.json file. If you use NPM to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities", + "createdAt": "2022-05-06T10:20:51.708730164-03:00", + "finishedAt": "2022-05-06T10:20:56.195480404-03:00", + "analysisVulnerabilities": [ + { + "vulnerabilityID": "00000000-0000-0000-0000-000000000000", + "analysisID": "069b99dd-b629-422a-ab84-c3e604db16dd", + "createdAt": "2022-05-06T10:20:56.195484682-03:00", + "vulnerabilities": { + "vulnerabilityID": "975c9a7e-38c3-44ab-a9ec-810c35a7ba06", + "line": "", + "column": "0", + "confidence": "MEDIUM", + "file": "GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-ui-1.9.1.custom.min.js", + "code": "", + "details": "No use eval\nThe eval function is extremely dangerous. Because if any user input is not handled correctly and passed to it, it will be possible to execute code remotely in the context of your application (RCE - Remote Code Executuion). For more information checkout the CWE-94 (https://cwe.mitre.org/data/definitions/94.html) advisory.", + "securityTool": "HorusecEngine", + "language": "JavaScript", + "severity": "CRITICAL", + "type": "Vulnerability", + "commitAuthor": "-", + "commitEmail": "-", + "commitHash": "-", + "commitMessage": "-", + "commitDate": "-", + "vulnHash": "8de87f081b762ff58ab73fd5056d22ffc330a9e59a90d31cce2bfc9319e1dfcd" + } + } + ] + } \ No newline at end of file diff --git a/unittests/scans/horusec/version_2.6.3.json b/unittests/scans/horusec/version_2.6.3.json index 6d3b5163f36..3256646587d 100644 --- a/unittests/scans/horusec/version_2.6.3.json +++ b/unittests/scans/horusec/version_2.6.3.json @@ -1555,7 +1555,7 @@ "line": "104", "column": "24", "confidence": "LOW", - "file": "dojo/tools/whitesource/parser.py", + "file": "dojo/tools/mend/parser.py", "code": " dupe_key = hashlib.md5(vuln.get('description').encode('utf-8') + vuln.get('title').encod", "details": "Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.", "securityTool": "Semgrep", @@ -5011,7 +5011,7 @@ "line": "104", "column": "0", "confidence": "HIGH", - "file": "dojo/tools/whitesource/parser.py", + "file": "dojo/tools/mend/parser.py", "code": "103 def _dedup_and_create_finding(dupes, vuln):\n104 dupe_key = hashlib.md5(vuln.", "details": "Use of insecure MD2, MD4, MD5, or SHA1 hash function.", "securityTool": "Bandit", diff --git a/unittests/scans/humble/many_findings.json b/unittests/scans/humble/many_findings.json new file mode 100644 index 00000000000..82a81611939 --- /dev/null +++ b/unittests/scans/humble/many_findings.json @@ -0,0 +1,54 @@ +{ + "[0. Info]": { + "Date": "2023/11/13 - 09:20:17", + "URL": "https://asdf.asf.hs" + }, + "[HTTP Response Headers]": { + "Cache-Control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", + "Connection": "Keep-Alive", + "Content-Security-Policy": "script-src 'self';", + "Content-Type": "text/html; charset=utf-8", + "Date": "Mon, 13 Nov 2023 08:20:19 GMT", + "Expires": "Wed, 17 Aug 2005 00:00:00 GMT", + "Keep-Alive": "timeout=5, max=100", + "Last-Modified": "Mon, 13 Nov 2023 08:20:19 GMT", + "Permissions-Policy": "interest-cohort=()", + "Pragma": "no-cache", + "Referrer-Policy": "strict-origin", + "Strict-Transport-Security": "max-age=31536000; includeSubDomain$", + "Transfer-Encoding": "chunked", + "Vary": "Accept-Encoding", + "X-Content-Type-Options": "nosniff", + "X-Frame-Options": "sameorigin", + "X-XSS-Protection": "1; mode=block" + }, + "[1. Missing HTTP Security Headers]": [ + "Clear-Site-Data", + "Cross-Origin-Embedder-Policy", + "Cross-Origin-Opener-Policy", + "Cross-Origin-Resource-Policy", + "NEL", + "X-Permitted-Cross-Domain-Policies" + ], + "[2. Fingerprint HTTP Response Headers]": [ + "Nothing to report, all seems OK!" + ], + "[3. Deprecated HTTP Response Headers/Protocols and Insecure Values]": [ + "Pragma (Deprecated Header)", + "Strict-Transport-Security (Recommended Values)", + "X-XSS-Protection (Unsafe Value)" + ], + "[4. Empty HTTP Response Headers Values]": [ + "Nothing to report, all seems OK!" + ], + "[5. Browser Compatibility for Enabled HTTP Security Headers]": { + "Cache-Control": "https://caniuse.com/?search=Cache-Control", + "Content-Type": "https://caniuse.com/?search=Content-Type", + "Content-Security-Policy": "https://caniuse.com/?search=contentsecuritypolicy2", + "Permissions-Policy": "https://caniuse.com/?search=Permissions-Policy", + "Referrer-Policy": "https://caniuse.com/?search=Referrer-Policy", + "Strict-Transport-Security": "https://caniuse.com/?search=Strict-Transport-Security", + "X-Content-Type-Options": "https://caniuse.com/?search=X-Content-Type-Options", + "X-Frame-Options": "https://caniuse.com/?search=X-Frame-Options" + } +} \ No newline at end of file diff --git a/unittests/scans/humble/many_findings2.json b/unittests/scans/humble/many_findings2.json new file mode 100644 index 00000000000..68f60db55a9 --- /dev/null +++ b/unittests/scans/humble/many_findings2.json @@ -0,0 +1,49 @@ +{ + "[0. Info]": { + "Date": "2023/11/15 - 08:42:38", + "URL": "http://testestset.com" + }, + "[HTTP Response Headers]": { + "CF-Cache-Status": "DYNAMIC", + "CF-RAY": "8265dbd49d362bde-FRA", + "Cache-Control": "no-store, private", + "Connection": "keep-alive", + "Content-Encoding": "gzip", + "Content-Type": "text/html; charset=UTF-8", + "Date": "Wed, 15 Nov 2023 07:42:39 GMT", + "Transfer-Encoding": "chunked", + "Vary": "Accept-Encoding", + "X-Content-Type-Options": "nosniff", + "X-UA-Compatible": "IE=edge" + }, + "[1. Missing HTTP Security Headers]": [ + "Clear-Site-Data", + "Cross-Origin-Embedder-Policy", + "Cross-Origin-Opener-Policy", + "Cross-Origin-Resource-Policy", + "Content-Security-Policy", + "NEL", + "Permissions-Policy", + "Referrer-Policy", + "Strict-Transport-Security", + "X-Permitted-Cross-Domain-Policies", + "X-Frame-Options" + ], + "[2. Fingerprint HTTP Response Headers]": [ + "Cf-Cache-Status", + "Cf-Ray", + "Server" + ], + "[3. Deprecated HTTP Response Headers/Protocols and Insecure Values]": [ + "Cache-Control (Recommended Values)", + "X-UA-compatible (Deprecated Header)" + ], + "[4. Empty HTTP Response Headers Values]": [ + "Nothing to report, all seems OK!" + ], + "[5. Browser Compatibility for Enabled HTTP Security Headers]": { + "Cache-Control": "https://caniuse.com/?search=Cache-Control", + "Content-Type": "https://caniuse.com/?search=Content-Type", + "X-Content-Type-Options": "https://caniuse.com/?search=X-Content-Type-Options" + } +} \ No newline at end of file diff --git a/unittests/scans/hydra/hydra_report_many_finding.json b/unittests/scans/hydra/hydra_report_many_finding.json new file mode 100644 index 00000000000..1861422930a --- /dev/null +++ b/unittests/scans/hydra/hydra_report_many_finding.json @@ -0,0 +1,41 @@ +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2019-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 3, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "192.168.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 1234, + "service": "rdp" + }, + { + "host": "something.bad.com", + "login": "jimmy@bad.com", + "password": "somesimplepassword", + "port": 4321, + "service": "ftp" + } + ], + "success": false +} \ No newline at end of file diff --git a/unittests/scans/hydra/hydra_report_no_finding.json b/unittests/scans/hydra/hydra_report_no_finding.json new file mode 100644 index 00000000000..7713df6118f --- /dev/null +++ b/unittests/scans/hydra/hydra_report_no_finding.json @@ -0,0 +1,19 @@ +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2019-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 0, + "results": [], + "success": false +} \ No newline at end of file diff --git a/unittests/scans/hydra/hydra_report_one_finding.json b/unittests/scans/hydra/hydra_report_one_finding.json new file mode 100644 index 00000000000..e2d2652a3ba --- /dev/null +++ b/unittests/scans/hydra/hydra_report_one_finding.json @@ -0,0 +1,27 @@ +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2019-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 1, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} \ No newline at end of file diff --git a/unittests/scans/hydra/hydra_report_one_finding_missing_date.json b/unittests/scans/hydra/hydra_report_one_finding_missing_date.json new file mode 100644 index 00000000000..fc181565595 --- /dev/null +++ b/unittests/scans/hydra/hydra_report_one_finding_missing_date.json @@ -0,0 +1,26 @@ +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 1, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} \ No newline at end of file diff --git a/unittests/scans/hydra/hydra_report_two_findings_with_one_incomplete.json b/unittests/scans/hydra/hydra_report_two_findings_with_one_incomplete.json new file mode 100644 index 00000000000..02e48e8a62f --- /dev/null +++ b/unittests/scans/hydra/hydra_report_two_findings_with_one_incomplete.json @@ -0,0 +1,33 @@ +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2019-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 1, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "login": "broken_bill@example.com", + "password": "bill_is_broken", + "port": 1234, + "service": "http-post-form" + } + ], + "success": false +} \ No newline at end of file diff --git a/unittests/scans/hydra/invalid.json b/unittests/scans/hydra/invalid.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/unittests/scans/hydra/invalid.json @@ -0,0 +1 @@ +{} diff --git a/unittests/scans/hydra/oddly_familiar_json_that_isnt_us.json b/unittests/scans/hydra/oddly_familiar_json_that_isnt_us.json new file mode 100644 index 00000000000..d21844b5e4e --- /dev/null +++ b/unittests/scans/hydra/oddly_familiar_json_that_isnt_us.json @@ -0,0 +1,4 @@ +{ + "service": "Not Hydra", + "generator": {} +} diff --git a/unittests/scans/ibm_app/testfire.xml b/unittests/scans/ibm_app/testfire.xml index 04f3ecb9764..eb02c788dc8 100755 --- a/unittests/scans/ibm_app/testfire.xml +++ b/unittests/scans/ibm_app/testfire.xml @@ -1,4 +1,4 @@ - + @@ -122,7 +122,7 @@ Cross-Site Scripting - + CVE-2022-00001 79 6784 @@ -5105,10 +5105,10 @@ Content-Type: text/html;charset=ISO-8859-1 <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> <li><a id="MenuHyperLink14" href="index.jsp?content=inside_contact.htm">Contact Us</a></li> - -... -... -... + +... +... +... @@ -5158,7 +5158,7 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that the e-mail address is a valid one. ... - + <li><a id="MenuHyperLink19" href="subscribe.jsp">Subscribe</a></li> </ul> </td> @@ -5177,7 +5177,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN FOOTER --> - + + ... @@ -5288,11 +5289,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> - <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Service -... -... -... - + <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Service +... +... +... + <td valign="top" colspan="3" class="bb"> @@ -5302,8 +5303,8 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </div> -... -... +... +... ... @@ -5620,10 +5621,10 @@ Content-Type: text/html;charset=ISO-8859-1 <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> <li><a id="MenuHyperLink14" href="index.jsp?content=inside_contact.htm">Contact Us</a></li> - -... -... -... + +... +... +... @@ -5699,7 +5700,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -5811,10 +5813,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> - <li><a id="MenuHyperLink14" href="index.jsp?content -... -... -... + <li><a id="MenuHyperLink14" href="index.jsp?content +... +... +... @@ -5979,10 +5981,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> - <li><a id="MenuHyperLink14" href -... -... -... + <li><a id="MenuHyperLink14" href +... +... +... @@ -6173,10 +6175,10 @@ Content-Type: text/html;charset=ISO-8859-1 var month = parseInt((splitStrings[1].charAt(0)==0 && splitStrings[1].length == 2)?splitStrings[1].charAt(1):splitStrings[1]); var day = parseInt((splitStrings[2].charAt(0)==0 && splitStrings[2].length == 2)?splitStrings[2].charAt(1):splitStrings[2]); - var validNums = !(isNaN(year) || isNaN(month) -... -... -... + var validNums = !(isNaN(year) || isNaN(month) +... +... +... @@ -6252,7 +6254,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -6364,10 +6367,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> - <li><a id="MenuHyperLink14" href="index.jsp?content -... -... -... + <li><a id="MenuHyperLink14" href="index.jsp?content +... +... +... @@ -6443,7 +6446,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -6555,10 +6559,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> - <li><a id="MenuHyperLink14" href="index.jsp?content -... -... -... + <li><a id="MenuHyperLink14" href="index.jsp?content +... +... +... @@ -6738,10 +6742,10 @@ Content-Type: text/html;charset=ISO-8859-1 <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> <li><a id="MenuHyperLink14" href="index.jsp?content=inside_contact.htm">Contact Us</a></li> - -... -... -... + +... +... +... @@ -6956,10 +6960,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; <a id="HyperLink6" href="/index.jsp?content=security.htm">Security Statement</a> - -... -... -... + +... +... +... @@ -7009,7 +7013,7 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that absolute paths to files on the server appear in the response. ... - + <p>Our Frequently Asked Questions area will help you with many of your inquiries.<br /> If you can't find your question, return to this page and use the e-mail form below.</p> @@ -7028,7 +7032,8 @@ Content-Type: text/html;charset=ISO-8859-1 <td valign=top><b>Online Banking</b> </td> </tr> <tr> - <td align=right>Your Name:</td> + <td align=right>Your Name:</td> + ... @@ -7130,11 +7135,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> - <li>< -... -... -... - + <li>< +... +... +... + <form name="cmt" method="post" action="sendFeedback"> @@ -7144,9 +7149,9 @@ Content-Type: text/html;charset=ISO-8859-1 <table border=0> <tr> -... -... -... +... +... +... @@ -7197,7 +7202,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-Frame-Options header is missing or with insecure value ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -7216,7 +7221,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... @@ -7363,10 +7369,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </table> <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> - &nbsp;&nbsp;|&nbsp -... -... -... + &nbsp;&nbsp;|&nbsp +... +... +... @@ -7417,7 +7423,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Open the test response, and verify that the Content-Security-Policy header is missing or has an insecure policy ... - + Referer: https://demo.testfire.net/bank/queryxpath.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -7442,7 +7448,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -7590,10 +7597,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; - <a id="HyperLink6" href="/index.jsp?cont -... -... -... + <a id="HyperLink6" href="/index.jsp?cont +... +... +... @@ -7790,10 +7797,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Pol -... -... -... + <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Pol +... +... +... @@ -7844,7 +7851,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/bank/queryxpath.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -7869,7 +7876,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -8017,10 +8025,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; - <a id="HyperLink6" href="/index.jsp?cont -... -... -... + <a id="HyperLink6" href="/index.jsp?cont +... +... +... @@ -8071,7 +8079,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-XSS-Protection header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/bank/queryxpath.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -8096,7 +8104,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -8244,10 +8253,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; - <a id="HyperLink6" href="/index.jsp?cont -... -... -... + <a id="HyperLink6" href="/index.jsp?cont +... +... +... @@ -8463,10 +8472,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; <a id="HyperLink6" href="/index.jsp?content=security.htm">Security Statement</a> - -... -... -... + +... +... +... @@ -8640,10 +8649,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" href="index.jsp?conten -... -... -... + <li><a id="MenuHyperLink13" href="index.jsp?conten +... +... +... @@ -8693,7 +8702,7 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that the password field of the form either is missing the autocomplete attribute or that the autocomplete attribute is set to "on". ... - + </td> <td> </td> @@ -8712,7 +8721,8 @@ Content-Type: text/html;charset=ISO-8859-1 <input type="submit" name="btnSubmit" value="Login"> </td> </tr> - </table> + </table> + ... @@ -8818,11 +8828,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink12" href="index.jsp?content=business_other.htm">Other Services</a></li> </ul> - <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE A -... -... -... - + <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE A +... +... +... + <td> Password: </td> @@ -8832,9 +8842,9 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> <tr> <td></td> -... -... -... +... +... +... @@ -8885,7 +8895,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the Content-Security-Policy header is missing or has an insecure policy ... - + Referer: https://demo.testfire.net/bank/main.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -8910,7 +8920,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -9018,10 +9029,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a -... -... -... + <li><a +... +... +... @@ -9199,10 +9210,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="Me -... -... -... + <li><a id="Me +... +... +... @@ -9253,7 +9264,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/bank/main.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -9278,7 +9289,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -9386,10 +9398,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a -... -... -... + <li><a +... +... +... @@ -9440,7 +9452,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the Content-Security-Policy header is missing or has an insecure policy ... - + Referer: https://demo.testfire.net/search.jsp?query=1234 Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -9465,7 +9477,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -9576,10 +9589,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - <ul -... -... -... + <ul +... +... +... @@ -9630,7 +9643,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/search.jsp?query=1234 Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -9655,7 +9668,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -9766,10 +9780,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - <ul -... -... -... + <ul +... +... +... @@ -9820,7 +9834,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-XSS-Protection header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/search.jsp?query=1234 Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -9845,7 +9859,8 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... @@ -9956,10 +9971,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - <ul -... -... -... + <ul +... +... +... @@ -10010,7 +10025,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-XSS-Protection header is indeed missing or has an insecure value ... - + Referer: https://demo.testfire.net/bank/main.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -10035,7 +10050,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -10143,10 +10159,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a -... -... -... + <li><a +... +... +... @@ -10325,10 +10341,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="Me -... -... -... + <li><a id="Me +... +... +... @@ -10503,10 +10519,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" href="index.jsp?conten -... -... -... + <li><a id="MenuHyperLink13" href="index.jsp?conten +... +... +... @@ -10713,10 +10729,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr><tr><td>You have been pre-approved for an A -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr><tr><td>You have been pre-approved for an A +... +... +... @@ -10767,7 +10783,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the Content-Security-Policy header is missing or has an insecure policy ... - + Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive Host: demo.testfire.net @@ -10792,7 +10808,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -10933,10 +10950,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr +... +... +... @@ -11129,10 +11146,10 @@ Content-Type: text/html;charset=ISO-8859-1 </table> <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> - -... -... -... + +... +... +... @@ -11326,10 +11343,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Cong -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Cong +... +... +... @@ -11380,7 +11397,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the "X-Content-Type-Options" header is indeed missing or has an insecure value ... - + Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive Host: demo.testfire.net @@ -11405,7 +11422,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -11546,10 +11564,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr +... +... +... @@ -11760,10 +11778,10 @@ Content-Type: text/html;charset=ISO-8859-1 <h1>Transfer Funds</h1> - <table cellSpacing="0" cellPaddi -... -... -... + <table cellSpacing="0" cellPaddi +... +... +... @@ -11813,7 +11831,7 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that the password field of the form either is missing the autocomplete attribute or that the autocomplete attribute is set to "on". ... - + </td> <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> @@ -11832,7 +11850,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN FOOTER --> -</tr> +</tr> + ... @@ -11964,10 +11983,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="H -... -... -... + <a id="H +... +... +... @@ -12018,7 +12037,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-XSS-Protection header is indeed missing or has an insecure value ... - + Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive Host: demo.testfire.net @@ -12043,7 +12062,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN HEADER --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - + + ... @@ -12184,10 +12204,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr +... +... +... @@ -12395,10 +12415,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr><tr><td>You have been pre-approved for an A -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr><tr><td>You have been pre-approved for an A +... +... +... @@ -12573,9 +12593,9 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> <li><a id="MenuHyperLink13" href="index.jsp?content=inside_about.htm">About Us</a></li> - <li><a id="MenuHyperLink14" href="index.jsp?content=inside_contact.htm">Contact Us</a></li> -... -... + <li><a id="MenuHyperLink14" href="index.jsp?content=inside_contact.htm">Contact Us</a></li> +... +... ... @@ -12773,10 +12793,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="HyperLink5" href="/index.jsp?content=privacy. -... -... -... + <a id="HyperLink5" href="/index.jsp?content=privacy. +... +... +... @@ -12950,10 +12970,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" h -... -... -... + <li><a id="MenuHyperLink13" h +... +... +... @@ -13160,10 +13180,10 @@ Content-Type: text/html;charset=ISO-8859-1 var validNums = !(isNaN(year) || isNaN(month) || isNaN(day)); if (validNums) - valid = validateD -... -... -... + valid = validateD +... +... +... @@ -13370,10 +13390,10 @@ Content-Type: text/html;charset=ISO-8859-1 <form id="Form1" method="get" action="showAccount"> <select size="1" name="listAccounts" id="listAccounts"> <option value="800001">800001 Checking</option> -<option value="800000">800000 -... -... -... +<option value="800000">800000 +... +... +... @@ -13580,10 +13600,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; - <a id="HyperLink6" href="/index.jsp?c -... -... -... + <a id="HyperLink6" href="/index.jsp?c +... +... +... @@ -13846,7 +13866,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-Frame-Options header is missing or with insecure value ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -13865,7 +13885,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... @@ -14005,10 +14026,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <th align="left" width="80%" height="26"> <form id="Form1" method="get" action="showAccount"> <select size="1" name="listAccounts" id="listAccounts"> - <option value="800001">800001 Chec -... -... -... + <option value="800001">800001 Chec +... +... +... @@ -14191,11 +14212,11 @@ Content-Type: text/html;charset=ISO-8859-1 function confirminput(myform) { var dbt=document.getElementById("fromAccount").value; var cdt=document.getElementById("toAccount").value; - var amt=document.getElementById("transferAm -... -... -... - + var amt=document.getElementById("transferAm +... +... +... + </td> <td><input type="text" id="transferAmount" name="transferAmount"></td> </tr> @@ -14205,9 +14226,9 @@ Content-Type: text/html;charset=ISO-8859-1 <tr> <td colspan="2">&nbsp;</td> </tr> -... -... -... +... +... +... @@ -14412,10 +14433,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div id="footer" style="width: 99%;"> <a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy Policy</a> &nbsp;&nbsp;|&nbsp;&nbsp; - <a id="HyperLink6" href="/index.jsp?content -... -... -... + <a id="HyperLink6" href="/index.jsp?content +... +... +... @@ -14613,10 +14634,10 @@ Content-Type: text/html;charset=ISO-8859-1 <form id="Form1" method="get" action="showAccount"> <select size="1" name="listAccounts" id="listAccounts"> <option value="800001">800001 Checking</option> -<option value="800000">800000 Corpor -... -... -... +<option value="800000">800000 Corpor +... +... +... @@ -14790,10 +14811,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13 -... -... -... + <li><a id="MenuHyperLink13 +... +... +... @@ -14967,10 +14988,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" href= -... -... -... + <li><a id="MenuHyperLink13" href= +... +... +... @@ -15020,13 +15041,13 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that the e-mail address is a valid one. ... -...on(t){ -/*! - * The buffer module from node.js, for the browser. - * - * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> - * @license MIT - */ +...on(t){ +/*! + * The buffer module from node.js, for the browser. + * + * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> + * @license MIT + */ var r=n(325),i=n(326),o=n(167);function u(){return s.TYPE... ... @@ -15063,25 +15084,25 @@ ETag: W/"305717-1539016968000" Date: Mon, 03 Jun 2019 18:40:58 GMT Content-Type: application/javascript -!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.SwaggerUIStandalonePreset=e():t.SwaggerUIStandalonePreset=e()}(this,function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="/dist",n(n.s=206)}([function(t,e,n){"use strict";var r=n(52),i=["kind","resolve","construct","instanceOf","predicate","represent","defaultStyle","styleAliases"],o=["scalar","sequence","mapping"];t.exports=function(t,e){var n,u;if(e=e||{},Object.keys(e).forEach(function(e){if(-1===i.indexOf(e))throw new r('Unknown option "'+e+'" is met in definition of "'+t+'" YAML type.')}),this.tag=t,this.kind=e.kind||null,this.resolve=e.resolve||function(){return!0},this.construct=e.construct||function(t){return t},this.instanceOf=e.instanceOf||null,this.predicate=e.predicate||null,this.represent=e.represent||null,this.defaultStyle=e.defaultStyle||null,this.styleAliases=(n=e.styleAliases||null,u={},null!==n&&Object.keys(n).forEach(function(t){n[t -... -... -... -lse=r(!1),i.thatReturnsTrue=r(!0),i.thatReturnsNull=r(null),i.thatReturnsThis=function(){return this},i.thatReturnsArgument=function(t){return t},t.exports=i},function(t,e,n){"use strict";(function(t){ -/*! - * The buffer module from node.js, for the browser. - * - * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> - * @license MIT - */ -var r=n(325),i=n(326),o=n(167);function u(){return s.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function a(t,e){if(u()<e)throw new RangeError("Invalid typed array length");return s.TYPED_ARRAY_SUPPORT?(t=new Uint8Array(e)).__proto__=s.prototype:(null===t&&(t=new s(e)),t.length=e),t}function s(t,e,n){if(!(s.TYPED_ARRAY_SUPPORT||this instanceof s))return new s(t,e,n);if("number"==typeof t){if("string" -... -... -... -on(t,e){return t&&r(t,e,i)}},function(t,e,n){var r=n(446)();t.exports=r},function(t,e){t.exports=function(t){return function(e,n,r){for(var i=-1,o=Object(e),u=r(e),a=u.length;a--;){var s=u[t?a:++i];if(!1===n(o[s],s,o))break}return e}}},function(t,e,n){var r=n(77);t.exports=function(t,e){return function(n,i){if(null==n)return n;if(!r(n))return t(n,i);for(var o=n.length,u=e?o:-1,a=Object(n);(e?u--:++u<o)&&!1!==i(a[u],u,a););return n}}},function(t,e,n){var r=n(74),i=n(77),o=n(112),u=n(50);t.exports=function(t,e,n){if(!u(n))return!1;var a=typeof e;return!!("number"==a?i(n)&&o(e,n.length):"string"==a&&e in n)&&r(n[e],t)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e.memoizedSampleFromSchema=e.memoizedCreateXMLExample=e.sampleXmlFromSchema=e.inferSchema=e.sampleFromSchema=void 0,e.createXMLExample=l;var r=n(166),i=u(n(450)),o=u(n(463));function u(t){return t&&t.__esModule?t:{default:t}}var a={string:function(){return"string"},string_email:function(){return"--begin_highlight_tag--user@example.com--end_highlight_tag--"},"string_date-time":function(){return(new Date).toISOString()},number:function(){return 0},number_float:function(){return 0},integer:function(){return 0},boolean:function(t){return"boolean"!=typeof t.default||t.default}},s=function(t){var e=t=(0,r.objectify)(t),n=e.type,i=e.format,o=a[n+"_"+i]||a[n];return(0,r.isFunc)(o)?o(t):"Unknown Type: "+t.type},c=e.sampleFromSchema=function t(e){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=(0,r.objectify)(e),o=i.type,u=i.example,a=i.properties,c=i.additionalProperties,f=i.items,l=n.includeReadOnly,p=n.includeWriteOnly;if(void 0!==u)return(0,r.deeplyStripKey)(u,"$$ref",function(t){return"string"==typeof t&&t.indexOf("#")>-1});if(!o)if(a)o="object";else{if(!f)return;o="array"}if("object"===o){var h=(0,r.objectify)(a),d={};for(var v in h)h[v]&&h[v].deprecated||h[v]&&h[v].readOnly&&!l||h[v]&&h[v].writeOnly&&!p||(d[v]=t(h[v],n));if(!0===c)d.additionalProp1={};else if(c) -... -... -... +!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.SwaggerUIStandalonePreset=e():t.SwaggerUIStandalonePreset=e()}(this,function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="/dist",n(n.s=206)}([function(t,e,n){"use strict";var r=n(52),i=["kind","resolve","construct","instanceOf","predicate","represent","defaultStyle","styleAliases"],o=["scalar","sequence","mapping"];t.exports=function(t,e){var n,u;if(e=e||{},Object.keys(e).forEach(function(e){if(-1===i.indexOf(e))throw new r('Unknown option "'+e+'" is met in definition of "'+t+'" YAML type.')}),this.tag=t,this.kind=e.kind||null,this.resolve=e.resolve||function(){return!0},this.construct=e.construct||function(t){return t},this.instanceOf=e.instanceOf||null,this.predicate=e.predicate||null,this.represent=e.represent||null,this.defaultStyle=e.defaultStyle||null,this.styleAliases=(n=e.styleAliases||null,u={},null!==n&&Object.keys(n).forEach(function(t){n[t +... +... +... +lse=r(!1),i.thatReturnsTrue=r(!0),i.thatReturnsNull=r(null),i.thatReturnsThis=function(){return this},i.thatReturnsArgument=function(t){return t},t.exports=i},function(t,e,n){"use strict";(function(t){ +/*! + * The buffer module from node.js, for the browser. + * + * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> + * @license MIT + */ +var r=n(325),i=n(326),o=n(167);function u(){return s.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function a(t,e){if(u()<e)throw new RangeError("Invalid typed array length");return s.TYPED_ARRAY_SUPPORT?(t=new Uint8Array(e)).__proto__=s.prototype:(null===t&&(t=new s(e)),t.length=e),t}function s(t,e,n){if(!(s.TYPED_ARRAY_SUPPORT||this instanceof s))return new s(t,e,n);if("number"==typeof t){if("string" +... +... +... +on(t,e){return t&&r(t,e,i)}},function(t,e,n){var r=n(446)();t.exports=r},function(t,e){t.exports=function(t){return function(e,n,r){for(var i=-1,o=Object(e),u=r(e),a=u.length;a--;){var s=u[t?a:++i];if(!1===n(o[s],s,o))break}return e}}},function(t,e,n){var r=n(77);t.exports=function(t,e){return function(n,i){if(null==n)return n;if(!r(n))return t(n,i);for(var o=n.length,u=e?o:-1,a=Object(n);(e?u--:++u<o)&&!1!==i(a[u],u,a););return n}}},function(t,e,n){var r=n(74),i=n(77),o=n(112),u=n(50);t.exports=function(t,e,n){if(!u(n))return!1;var a=typeof e;return!!("number"==a?i(n)&&o(e,n.length):"string"==a&&e in n)&&r(n[e],t)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e.memoizedSampleFromSchema=e.memoizedCreateXMLExample=e.sampleXmlFromSchema=e.inferSchema=e.sampleFromSchema=void 0,e.createXMLExample=l;var r=n(166),i=u(n(450)),o=u(n(463));function u(t){return t&&t.__esModule?t:{default:t}}var a={string:function(){return"string"},string_email:function(){return"--begin_highlight_tag--user@example.com--end_highlight_tag--"},"string_date-time":function(){return(new Date).toISOString()},number:function(){return 0},number_float:function(){return 0},integer:function(){return 0},boolean:function(t){return"boolean"!=typeof t.default||t.default}},s=function(t){var e=t=(0,r.objectify)(t),n=e.type,i=e.format,o=a[n+"_"+i]||a[n];return(0,r.isFunc)(o)?o(t):"Unknown Type: "+t.type},c=e.sampleFromSchema=function t(e){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=(0,r.objectify)(e),o=i.type,u=i.example,a=i.properties,c=i.additionalProperties,f=i.items,l=n.includeReadOnly,p=n.includeWriteOnly;if(void 0!==u)return(0,r.deeplyStripKey)(u,"$$ref",function(t){return"string"==typeof t&&t.indexOf("#")>-1});if(!o)if(a)o="object";else{if(!f)return;o="array"}if("object"===o){var h=(0,r.objectify)(a),d={};for(var v in h)h[v]&&h[v].deprecated||h[v]&&h[v].readOnly&&!l||h[v]&&h[v].writeOnly&&!p||(d[v]=t(h[v],n));if(!0===c)d.additionalProp1={};else if(c) +... +... +... @@ -15138,7 +15159,7 @@ Otherwise, to verify this vulnerability: 1776 ... - + Content-Type: application/x-www-form-urlencoded cfile=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E&name=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E&email_addr=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E&subject=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E&comments=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E&submit=%3E%22%27%3E%3Cscript%3Ealert%281776%29%3C%2Fscript%3E @@ -15156,11 +15177,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... ... - + <td valign="top" colspan="3" class="bb"> @@ -15179,7 +15201,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </div> </td> </div> - + + ... @@ -15289,11 +15312,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <li><a id="MenuHyperLink2" href="index.jsp?content=personal_checking.htm">Checking</a></li> <li><a id="MenuHyperLink3" href="index.jsp?content=personal_loans.htm">Loan Products</a></li> <li><a id="MenuHyperLink4" href="index.jsp?content=personal_cards.htm">Cards</a></li> - <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Inves -... -... -... - + <li><a id="MenuHyperLink5" href="index.jsp?content=personal_investments.htm">Inves +... +... +... + <div class="fl" style="width: 99%;"> <h1>Thank You</h1> @@ -15303,9 +15326,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- However, the email you gave is incorrect () and you will not receive a response. </p> -... -... -... +... +... +... @@ -15355,7 +15378,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Verify that the e-mail address is a valid one. ... - + <h1>Subscribe</h1> <p>We recognize that things are always evolving and changing here at Altoro Mutual. @@ -15374,7 +15397,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </td> <td> <input type="text" id="txtEmail" name="txtEmail" value="" style="width: 150px;"> - </td> + </td> + ... @@ -15479,11 +15503,11 @@ Content-Type: text/html;charset=ISO-8859-1 <ul class="sidebar"> <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> - <li><a id= -... -... -... - + <li><a id= +... +... +... + <form action="doSubscribe" method="post" name="subscribe" id="subscribe" onsubmit="return confirmEmail(txtEmail.value);"> <table> <tr> @@ -15493,9 +15517,9 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> <tr> <td> -... -... -... +... +... +... @@ -15581,21 +15605,21 @@ Host: demo.testfire.net Accept: */* Accept-Language: en-US,en;q=0.9 - -... -... -...h),He(this,n)},keySeq:function(){return mt(0,this.size)},last:function(){return this.get(-1)},skipWhile:function(t,e){return He(this,Ye(this,t,e,!1))},zip:function(){return He(this,$e(this,Dn,[this].concat(E(arguments))))},zipWith:function(t){var e=E(arguments);return e[0]=this,He(this,$e(this,t,e))}}),i.prototype[h]=!0,i.prototype[d]=!0,In(o,{get:function(t,e){return this.has(t)?t:e},includes:function(t){return this.has(t)},keySeq:function(){return this.valueSeq()}}),o.prototype.has=Mn.includes,o.prototype.contains=o.prototype.includes,In(G,r.prototype),In($,i.prototype),In(H,o.prototype),In(bt,r.prototype),In(wt,i.prototype),In(xt,o.prototype),{Iterable:n,Seq:K,Collection:_t,Map:zt,OrderedMap:Ie,List:pe,Stack:xn,Set:sn,OrderedSet:yn,Record:rn,Range:mt,Repeat:yt,is:dt,fromJS:lt}},t.exports=r()},function(t,e,n){(function(e){var n="object"==typeof e&&e&&e.Object===Object&&e;t.exports=n}).call(e,n(11))},function(t,e,n){var r=n(347)("toUpperCase");t.exports=r},function(t,e){var n=RegExp("--begin_highlight_tag--[\\u200d--end_highlight_tag--\\ud800--begin_highlight_tag---\\udfff--end_highlight_tag--\\u0300--begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--\\ufe0e\\ufe0f]");t.exports=function(t){return n.test(t)}},function(t,e,n){var r=n(109),i="Expected a function";function o(t,e){if("function"!=typeof t||null!=e&&"function"!=typeof e)throw new TypeError(i);var n=function(){var r=arguments,i=e?e.apply(this,r):r[0],o=n.cache;if(o.has(i))return o.get(i);var u=t.apply(this,r);return n.cache=o.set(i,u)||o,u};return n.cache=new(o.Cache||r),n}o.Cache=r,t.exports=o},function(t,e,n){var r=n(48),i=n(50),o="[object AsyncFunction]",u="[object Function]",a="[object GeneratorFunction]",s="[object Proxy]";t.exports=function(t){if(!i(t))return!1;var e=r(t);return e==u||e==a||e==o||e==s}},function(t,e){var n=Function.prototype.toString;t.exports=function(t){if(null!=t){try{return n.call(t)}catch(t){}try{return t+""}catch(t){}}return""}},function(t,e,n){var r=n(72),i=n(387),o=n(388),u=n(389),a=n(390),s=n(391);function c(t){var e=this.__data__=new r(t);this.size=e.size}c.prototype.clear=i,c.prototype.de -... -... -... -n,t);return i}},function(t,e,n){var r=n(69),i=Object.prototype,o=i.hasOwnProperty,u=i.toString,a=r?r.toStringTag:void 0;t.exports=function(t){var e=o.call(t,a),n=t[a];try{t[a]=void 0;var r=!0}catch(t){}var i=u.call(t);return r&&(e?t[a]=n:delete t[a]),i}},function(t,e){var n=Object.prototype.toString;t.exports=function(t){return n.call(t)}},function(t,e,n){var r=n(348),i=n(171),o=n(350),u=n(47);t.exports=function(t){return function(e){e=u(e);var n=i(e)?o(e):void 0,a=n?n[0]:e.charAt(0),s=n?r(n,1).join(""):e.slice(1);return a[t]()+s}}},function(t,e,n){var r=n(349);t.exports=function(t,e,n){var i=t.length;return n=void 0===n?i:n,!e&&n>=i?t:r(t,e,n)}},function(t,e){t.exports=function(t,e,n){var r=-1,i=t.length;e<0&&(e=-e>i?0:i+e),(n=n>i?i:n)<0&&(n+=i),i=e>n?0:n-e>>>0,e>>>=0;for(var o=Array(i);++r<i;)o[r]=t[r+e];return o}},function(t,e,n){var r=n(351),i=n(171),o=n(352);t.exports=function(t){return i(t)?o(t):r(t)}},function(t,e){t.exports=function(t){return t.split("")}},function(t,e){var n="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",r="--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]",i=--begin_highlight_tag--"\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",o="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",u="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",a="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s="(?:"+r+"|"+i+")"+"?",c="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+[o,u,a].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+")*"),f="(?:"+[o+r+"?",r,u,a,n].join("|")+")",l=RegExp(i+"(?="+i+")|"+f+c,"g");t.exports=function(t){return t.match(l)||[]}},function(t,e,n){var r=n(354),i=n(355),o=n(358),u=RegExp("['’]","g");t.exports=function(t){return function(e){return r(o(i(e).replace(u,"")),t,"")}}},function(t,e){t.exports=function(t,e,n,r){var i=-1,o=null==t?0:t.length;for(r&&o&&(n=t[++i]);++i<o;)n=e(n,t[i],i,t);return n}},function(t,e,n){var r=n(356),i=n(47),o=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,u=RegExp("--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]","g");t.exports=function(t){return(t=i(t))&&t.replace(o,r).replace(u,"")}},function(t,e,n){var r=n(357)({"À":"A","Á":"A","Â":"A","Ã":"A","Ä":"A","Å":"A","à":"a","á":"a","â":"a","ã":"a","ä":"a","å":"a","Ç":"C","ç":"c","Ð":"D","ð":"d","È":"E","É":"E","Ê":"E","Ë":"E","è":"e","é":"e","ê":"e","ë":"e","Ì":"I","Í":"I","Î":"I","Ï":"I","ì":"i","í":"i","î":"i","ï":"i","Ñ":"N","ñ":"n","Ò":"O","Ó":"O","Ô":"O","Õ":"O","Ö":"O","Ø":"O","ò":"o","ó":"o","ô":"o","õ":"o","ö":"o","ø":"o","Ù":"U","Ú":"U","Û":"U","Ü":"U","ù":"u","ú":"u","û":"u","ü":"u","Ý":"Y","ý":"y","ÿ":"y","Æ":"Ae","æ":"ae","Þ":"Th","þ":"th","ß":"ss","Ā":"A","Ă":"A","Ą":"A","ā":"a","ă":"a","ą":"a","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","ć":"c","ĉ":"c","ċ":"c","č":"c","Ď":"D","Đ":"D","ď":"d","đ":"d","Ē":"E","Ĕ":"E","Ė":"E","Ę":"E","Ě":"E","ē":"e","ĕ":"e","ė":"e","ę":"e","ě":"e","Ĝ":"G","Ğ":"G","Ġ":"G","Ģ":"G","ĝ":"g","ğ":"g","ġ":"g","ģ":"g","Ĥ":"H","Ħ":"H","ĥ":"h","ħ":"h","Ĩ":"I","Ī":"I","Ĭ": -... -... -... -N","Ŋ":"N","ń":"n","ņ":"n","ň":"n","ŋ":"n","Ō":"O","Ŏ":"O","Ő":"O","ō":"o","ŏ":"o","ő":"o","Ŕ":"R","Ŗ":"R","Ř":"R","ŕ":"r","ŗ":"r","ř":"r","Ś":"S","Ŝ":"S","Ş":"S","Š":"S","ś":"s","ŝ":"s","ş":"s","š":"s","Ţ":"T","Ť":"T","Ŧ":"T","ţ":"t","ť":"t","ŧ":"t","Ũ":"U","Ū":"U","Ŭ":"U","Ů":"U","Ű":"U","Ų":"U","ũ":"u","ū":"u","ŭ":"u","ů":"u","ű":"u","ų":"u","Ŵ":"W","ŵ":"w","Ŷ":"Y","ŷ":"y","Ÿ":"Y","Ź":"Z","Ż":"Z","Ž":"Z","ź":"z","ż":"z","ž":"z","IJ":"IJ","ij":"ij","Œ":"Oe","œ":"oe","ʼn":"'n","ſ":"s"});t.exports=r},function(t,e){t.exports=function(t){return function(e){return null==t?void 0:t[e]}}},function(t,e,n){var r=n(359),i=n(360),o=n(47),u=n(361);t.exports=function(t,e,n){return t=o(t),void 0===(e=n?void 0:e)?i(t)?u(t):r(t):t.match(e)||[]}},function(t,e){var n=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;t.exports=function(t){return t.match(n)||[]}},function(t,e){var n=/[a-z][A-Z]|[A-Z]{2,}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;t.exports=function(t){return n.test(t)}},function(t,e){var n=--begin_highlight_tag--"\\xac--end_highlight_tag--\\xb1\\xd7\\xf7\\x00--begin_highlight_tag---\\x2f--end_highlight_tag--\\x3a--begin_highlight_tag---\\x40--end_highlight_tag--\\x5b--begin_highlight_tag---\\x60--end_highlight_tag--\\x7b--begin_highlight_tag---\\xbf--end_highlight_tag--\\u2000--begin_highlight_tag---\\u206f--end_highlight_tag-- \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",r="["+n+"]",i="\\d+",o="--begin_highlight_tag--[\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bf--end_highlight_tag--]",u="[a-z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xff--end_highlight_tag--]",a="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--"+n+i+--begin_highlight_tag--"\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bfa--end_highlight_tag---z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xffA--end_highlight_tag---Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",s="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",c="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",f="[A-Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",l="(?:"+u+"|"+a+")",p="(?:"+f+"|"+a+")",h="(?:--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]--begin_highlight_tag--|\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--])?",d="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+h+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+["[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s,c].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+h+")*"),v="(?:"+[o,s,c].join("|")+")"+d,y=RegExp([f+"?"+u+"+(?:['’](?:d|ll|m|re|s|t|ve))?(?="+[r,f,"$"].join("|")+")",p+"+(?:['’](?:D|LL|M|RE|S|T|VE))?(?="+[r,f+l,"$"].join("|")+")",f+"?"+l+"+(?:['’](?:d|ll|m|re|s|t|ve))?",f+"+(?:['’](?:D|LL|M|RE|S|T|VE))?","\\d*(?:1ST|2ND|3RD|(?![123]--begin_highlight_tag--)\\dTH--end_highlight_tag--)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123]--begin_highlight_tag--)\\dth--end_highlight_tag--)(?=\\b|[A-Z_])",i,v].join("|"),"g");t.exports=function(t){return t.match(y)||[]}},function(t,e,n){var r=n(363),i=n(72),o=n(110);t.exports=function(){this.size=0,this.__data__={hash:new r,map:new(o||i),string:new r}}},function(t,e,n){var r=n(364),i=n(369),o=n(370),u=n(371),a=n(372);function s(t){var e=-1,n=null==t?0:t.length;for(this.clear();++e<n;){var r=t[e];this.set(r[0],r[1])}}s.prototype.clear=r,s.prototype.delete=i,s.prototype.get=o,s.prototype.has=u,s.prototype.set=a,t.exports=s},function(t,e,n){var r=n(71);t.exports=function(){this.__data__=r?r(null):{},this.size=0}},function(t,e,n){var r=n(173),i=n(366),o=n(50),u=n(174),a=/^\[object .+?Constructor\]$/,s=Function.prototype,c=Object.prototype,f=s.toString,l=c.hasOwnProperty,p=RegExp("^"+f.call(l).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");t.exports=function(t){return!(!o(t)||i(t))&&(r(t)?p:a).test(u(t))}},f -... -... -... + +... +... +...h),He(this,n)},keySeq:function(){return mt(0,this.size)},last:function(){return this.get(-1)},skipWhile:function(t,e){return He(this,Ye(this,t,e,!1))},zip:function(){return He(this,$e(this,Dn,[this].concat(E(arguments))))},zipWith:function(t){var e=E(arguments);return e[0]=this,He(this,$e(this,t,e))}}),i.prototype[h]=!0,i.prototype[d]=!0,In(o,{get:function(t,e){return this.has(t)?t:e},includes:function(t){return this.has(t)},keySeq:function(){return this.valueSeq()}}),o.prototype.has=Mn.includes,o.prototype.contains=o.prototype.includes,In(G,r.prototype),In($,i.prototype),In(H,o.prototype),In(bt,r.prototype),In(wt,i.prototype),In(xt,o.prototype),{Iterable:n,Seq:K,Collection:_t,Map:zt,OrderedMap:Ie,List:pe,Stack:xn,Set:sn,OrderedSet:yn,Record:rn,Range:mt,Repeat:yt,is:dt,fromJS:lt}},t.exports=r()},function(t,e,n){(function(e){var n="object"==typeof e&&e&&e.Object===Object&&e;t.exports=n}).call(e,n(11))},function(t,e,n){var r=n(347)("toUpperCase");t.exports=r},function(t,e){var n=RegExp("--begin_highlight_tag--[\\u200d--end_highlight_tag--\\ud800--begin_highlight_tag---\\udfff--end_highlight_tag--\\u0300--begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--\\ufe0e\\ufe0f]");t.exports=function(t){return n.test(t)}},function(t,e,n){var r=n(109),i="Expected a function";function o(t,e){if("function"!=typeof t||null!=e&&"function"!=typeof e)throw new TypeError(i);var n=function(){var r=arguments,i=e?e.apply(this,r):r[0],o=n.cache;if(o.has(i))return o.get(i);var u=t.apply(this,r);return n.cache=o.set(i,u)||o,u};return n.cache=new(o.Cache||r),n}o.Cache=r,t.exports=o},function(t,e,n){var r=n(48),i=n(50),o="[object AsyncFunction]",u="[object Function]",a="[object GeneratorFunction]",s="[object Proxy]";t.exports=function(t){if(!i(t))return!1;var e=r(t);return e==u||e==a||e==o||e==s}},function(t,e){var n=Function.prototype.toString;t.exports=function(t){if(null!=t){try{return n.call(t)}catch(t){}try{return t+""}catch(t){}}return""}},function(t,e,n){var r=n(72),i=n(387),o=n(388),u=n(389),a=n(390),s=n(391);function c(t){var e=this.__data__=new r(t);this.size=e.size}c.prototype.clear=i,c.prototype.de +... +... +... +n,t);return i}},function(t,e,n){var r=n(69),i=Object.prototype,o=i.hasOwnProperty,u=i.toString,a=r?r.toStringTag:void 0;t.exports=function(t){var e=o.call(t,a),n=t[a];try{t[a]=void 0;var r=!0}catch(t){}var i=u.call(t);return r&&(e?t[a]=n:delete t[a]),i}},function(t,e){var n=Object.prototype.toString;t.exports=function(t){return n.call(t)}},function(t,e,n){var r=n(348),i=n(171),o=n(350),u=n(47);t.exports=function(t){return function(e){e=u(e);var n=i(e)?o(e):void 0,a=n?n[0]:e.charAt(0),s=n?r(n,1).join(""):e.slice(1);return a[t]()+s}}},function(t,e,n){var r=n(349);t.exports=function(t,e,n){var i=t.length;return n=void 0===n?i:n,!e&&n>=i?t:r(t,e,n)}},function(t,e){t.exports=function(t,e,n){var r=-1,i=t.length;e<0&&(e=-e>i?0:i+e),(n=n>i?i:n)<0&&(n+=i),i=e>n?0:n-e>>>0,e>>>=0;for(var o=Array(i);++r<i;)o[r]=t[r+e];return o}},function(t,e,n){var r=n(351),i=n(171),o=n(352);t.exports=function(t){return i(t)?o(t):r(t)}},function(t,e){t.exports=function(t){return t.split("")}},function(t,e){var n="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",r="--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]",i=--begin_highlight_tag--"\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",o="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",u="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",a="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s="(?:"+r+"|"+i+")"+"?",c="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+[o,u,a].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+")*"),f="(?:"+[o+r+"?",r,u,a,n].join("|")+")",l=RegExp(i+"(?="+i+")|"+f+c,"g");t.exports=function(t){return t.match(l)||[]}},function(t,e,n){var r=n(354),i=n(355),o=n(358),u=RegExp("['’]","g");t.exports=function(t){return function(e){return r(o(i(e).replace(u,"")),t,"")}}},function(t,e){t.exports=function(t,e,n,r){var i=-1,o=null==t?0:t.length;for(r&&o&&(n=t[++i]);++i<o;)n=e(n,t[i],i,t);return n}},function(t,e,n){var r=n(356),i=n(47),o=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,u=RegExp("--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]","g");t.exports=function(t){return(t=i(t))&&t.replace(o,r).replace(u,"")}},function(t,e,n){var r=n(357)({"À":"A","Á":"A","Â":"A","Ã":"A","Ä":"A","Å":"A","à":"a","á":"a","â":"a","ã":"a","ä":"a","å":"a","Ç":"C","ç":"c","Ð":"D","ð":"d","È":"E","É":"E","Ê":"E","Ë":"E","è":"e","é":"e","ê":"e","ë":"e","Ì":"I","Í":"I","Î":"I","Ï":"I","ì":"i","í":"i","î":"i","ï":"i","Ñ":"N","ñ":"n","Ò":"O","Ó":"O","Ô":"O","Õ":"O","Ö":"O","Ø":"O","ò":"o","ó":"o","ô":"o","õ":"o","ö":"o","ø":"o","Ù":"U","Ú":"U","Û":"U","Ü":"U","ù":"u","ú":"u","û":"u","ü":"u","Ý":"Y","ý":"y","ÿ":"y","Æ":"Ae","æ":"ae","Þ":"Th","þ":"th","ß":"ss","Ā":"A","Ă":"A","Ą":"A","ā":"a","ă":"a","ą":"a","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","ć":"c","ĉ":"c","ċ":"c","č":"c","Ď":"D","Đ":"D","ď":"d","đ":"d","Ē":"E","Ĕ":"E","Ė":"E","Ę":"E","Ě":"E","ē":"e","ĕ":"e","ė":"e","ę":"e","ě":"e","Ĝ":"G","Ğ":"G","Ġ":"G","Ģ":"G","ĝ":"g","ğ":"g","ġ":"g","ģ":"g","Ĥ":"H","Ħ":"H","ĥ":"h","ħ":"h","Ĩ":"I","Ī":"I","Ĭ": +... +... +... +N","Ŋ":"N","ń":"n","ņ":"n","ň":"n","ŋ":"n","Ō":"O","Ŏ":"O","Ő":"O","ō":"o","ŏ":"o","ő":"o","Ŕ":"R","Ŗ":"R","Ř":"R","ŕ":"r","ŗ":"r","ř":"r","Ś":"S","Ŝ":"S","Ş":"S","Š":"S","ś":"s","ŝ":"s","ş":"s","š":"s","Ţ":"T","Ť":"T","Ŧ":"T","ţ":"t","ť":"t","ŧ":"t","Ũ":"U","Ū":"U","Ŭ":"U","Ů":"U","Ű":"U","Ų":"U","ũ":"u","ū":"u","ŭ":"u","ů":"u","ű":"u","ų":"u","Ŵ":"W","ŵ":"w","Ŷ":"Y","ŷ":"y","Ÿ":"Y","Ź":"Z","Ż":"Z","Ž":"Z","ź":"z","ż":"z","ž":"z","IJ":"IJ","ij":"ij","Œ":"Oe","œ":"oe","ʼn":"'n","ſ":"s"});t.exports=r},function(t,e){t.exports=function(t){return function(e){return null==t?void 0:t[e]}}},function(t,e,n){var r=n(359),i=n(360),o=n(47),u=n(361);t.exports=function(t,e,n){return t=o(t),void 0===(e=n?void 0:e)?i(t)?u(t):r(t):t.match(e)||[]}},function(t,e){var n=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;t.exports=function(t){return t.match(n)||[]}},function(t,e){var n=/[a-z][A-Z]|[A-Z]{2,}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;t.exports=function(t){return n.test(t)}},function(t,e){var n=--begin_highlight_tag--"\\xac--end_highlight_tag--\\xb1\\xd7\\xf7\\x00--begin_highlight_tag---\\x2f--end_highlight_tag--\\x3a--begin_highlight_tag---\\x40--end_highlight_tag--\\x5b--begin_highlight_tag---\\x60--end_highlight_tag--\\x7b--begin_highlight_tag---\\xbf--end_highlight_tag--\\u2000--begin_highlight_tag---\\u206f--end_highlight_tag-- \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",r="["+n+"]",i="\\d+",o="--begin_highlight_tag--[\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bf--end_highlight_tag--]",u="[a-z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xff--end_highlight_tag--]",a="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--"+n+i+--begin_highlight_tag--"\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bfa--end_highlight_tag---z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xffA--end_highlight_tag---Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",s="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",c="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",f="[A-Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",l="(?:"+u+"|"+a+")",p="(?:"+f+"|"+a+")",h="(?:--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]--begin_highlight_tag--|\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--])?",d="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+h+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+["[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s,c].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+h+")*"),v="(?:"+[o,s,c].join("|")+")"+d,y=RegExp([f+"?"+u+"+(?:['’](?:d|ll|m|re|s|t|ve))?(?="+[r,f,"$"].join("|")+")",p+"+(?:['’](?:D|LL|M|RE|S|T|VE))?(?="+[r,f+l,"$"].join("|")+")",f+"?"+l+"+(?:['’](?:d|ll|m|re|s|t|ve))?",f+"+(?:['’](?:D|LL|M|RE|S|T|VE))?","\\d*(?:1ST|2ND|3RD|(?![123]--begin_highlight_tag--)\\dTH--end_highlight_tag--)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123]--begin_highlight_tag--)\\dth--end_highlight_tag--)(?=\\b|[A-Z_])",i,v].join("|"),"g");t.exports=function(t){return t.match(y)||[]}},function(t,e,n){var r=n(363),i=n(72),o=n(110);t.exports=function(){this.size=0,this.__data__={hash:new r,map:new(o||i),string:new r}}},function(t,e,n){var r=n(364),i=n(369),o=n(370),u=n(371),a=n(372);function s(t){var e=-1,n=null==t?0:t.length;for(this.clear();++e<n;){var r=t[e];this.set(r[0],r[1])}}s.prototype.clear=r,s.prototype.delete=i,s.prototype.get=o,s.prototype.has=u,s.prototype.set=a,t.exports=s},function(t,e,n){var r=n(71);t.exports=function(){this.__data__=r?r(null):{},this.size=0}},function(t,e,n){var r=n(173),i=n(366),o=n(50),u=n(174),a=/^\[object .+?Constructor\]$/,s=Function.prototype,c=Object.prototype,f=s.toString,l=c.hasOwnProperty,p=RegExp("^"+f.call(l).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");t.exports=function(t){return!(!o(t)||i(t))&&(r(t)?p:a).test(u(t))}},f +... +... +... @@ -15879,10 +15903,10 @@ Content-Type: text/html;charset=ISO-8859-1 </script> <!-- Be careful what you change. All changes are made directly to AltoroJ database. --> - <div class="fl" style="width: 99 -... -... -... + <div class="fl" style="width: 99 +... +... +... @@ -15932,7 +15956,7 @@ Content-Type: text/html;charset=ISO-8859-1 Verify that the e-mail address is a valid one. ... - + ], "properties": { "name": { @@ -15951,7 +15975,8 @@ Content-Type: text/html;charset=ISO-8859-1 "message": { "type": "string", "example": "I like the new look of your applicaiton" - } + } + ... @@ -16149,11 +16174,11 @@ Content-Type: application/json ], "responses": { "200": { - "description": "Successful ope -... -... -... - + "description": "Successful ope +... +... +... + }, "email": { "type": "string", @@ -16163,9 +16188,9 @@ Content-Type: application/json "subject": { "type": "string", "example": "Amazing web design" -... -... -... +... +... +... @@ -16251,25 +16276,25 @@ Host: demo.testfire.net Accept: */* Accept-Language: en-US,en;q=0.9 - -... -... -...24,HAS_OVERLOADED_BOOLEAN_VALUE:32,injectDOMPropertyConfig:function(e){var t=i,n=e.Properties||{},a=e.DOMAttributeNamespaces||{},s=e.DOMAttributeNames||{},l=e.DOMPropertyNames||{},c=e.DOMMutationMethods||{};for(var f in e.isCustomAttribute&&u._isCustomAttributeFunctions.push(e.isCustomAttribute),n){u.properties.hasOwnProperty(f)&&r("48",f);var p=f.toLowerCase(),d=n[f],h={attributeName:p,attributeNamespace:null,propertyName:f,mutationMethod:null,mustUseProperty:o(d,t.MUST_USE_PROPERTY),hasBooleanValue:o(d,t.HAS_BOOLEAN_VALUE),hasNumericValue:o(d,t.HAS_NUMERIC_VALUE),hasPositiveNumericValue:o(d,t.HAS_POSITIVE_NUMERIC_VALUE),hasOverloadedBooleanValue:o(d,t.HAS_OVERLOADED_BOOLEAN_VALUE)};if(h.hasBooleanValue+h.hasNumericValue+h.hasOverloadedBooleanValue<=1||r("50",f),s.hasOwnProperty(f)){var v=s[f];h.attributeName=v}a.hasOwnProperty(f)&&(h.attributeNamespace=a[f]),l.hasOwnProperty(f)&&(h.propertyName=l[f]),c.hasOwnProperty(f)&&(h.mutationMethod=c[f]),u.properties[f]=h}}},a=":A-Z_a-z\\u00C0--begin_highlight_tag---\\u00D6--end_highlight_tag--\\u00D8--begin_highlight_tag---\\u00F6--end_highlight_tag--\\u00F8--begin_highlight_tag---\\u02FF--end_highlight_tag--\\u0370--begin_highlight_tag---\\u037D--end_highlight_tag--\\u037F--begin_highlight_tag---\\u1FFF--end_highlight_tag--\\u200C--begin_highlight_tag---\\u200D--end_highlight_tag--\\u2070--begin_highlight_tag---\\u218F--end_highlight_tag--\\u2C00--begin_highlight_tag---\\u2FEF--end_highlight_tag--\\u3001--begin_highlight_tag---\\uD7FF--end_highlight_tag--\\uF900--begin_highlight_tag---\\uFDCF--end_highlight_tag--\\uFDF0--begin_highlight_tag---\\uFFFD--end_highlight_tag--",u={ID_ATTRIBUTE_NAME:"data-reactid",ROOT_ATTRIBUTE_NAME:"data-reactroot",ATTRIBUTE_NAME_START_CHAR:a,ATTRIBUTE_NAME_CHAR:a+"\\-.0-9\\u00B7\\u0300--begin_highlight_tag---\\u036F--end_highlight_tag--\\u203F--begin_highlight_tag---\\u2040--end_highlight_tag--",properties:{},getPossibleStandardName:null,_isCustomAttributeFunctions:[],isCustomAttribute:function(e){for(var t=0;t<u._isCustomAttributeFunctions.length;t++){if((0,u._isCustomAttributeFunctions[t])(e))return!0}return!1},injection:i};e.exports=u},function(e,t,n){"use strict";var r=n(784);n(39),n(10);function o(){r.attachRefs(this,this._currentElement)}var i={mountComponent:function(e,t,n,r,i,a){var u=e.mountComponent(t,n,r,i,a);return e._currentElement&&null!=e._currentElement.ref&&t.getReactMountReady().enqueue(o,e),u},getHostNode:function(e){return e.getHostNode()},unmountComponent:function(e,t){r.detachRefs(e,e._currentElement),e.unmountComponent(t)},receiveComponent:function(e,t,n,i){var a=e._currentElement;if(t!==a||i!==e._context){0;var u=r.shouldUpdateRefs(a,t);u&&r.detachRefs(e,a),e.receiveComponent(t,n,i),u&&e._currentElement&&null!=e._currentElement.ref&&n.getReactMountReady().enqueue(o,e)}},performUpdateIfNecessary:funct -... -... -... -ar t=arguments.length,n=Array(t>1?t-1:0),r=1;r<t;r++)n[r-1]=arguments[r];return s(e,n)},e.exports.noMutate=function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return s({},t)},e.exports.withOptions=function(e,t,n){return s(e,t,n)}},function(e,t,n){var r=n(77),o=n(280),i=n(24),a=n(128),u=1/0,s=r?r.prototype:void 0,l=s?s.toString:void 0;e.exports=function e(t){if("string"==typeof t)return t;if(i(t))return o(t,e)+"";if(a(t))return l?l.call(t):"";var n=t+"";return"0"==n&&1/t==-u?"-0":n}},function(e,t,n){(function(t){var n="object"==typeof t&&t&&t.Object===Object&&t;e.exports=n}).call(t,n(31))},function(e,t){e.exports=function(e,t){for(var n=-1,r=null==e?0:e.length,o=Array(r);++n<r;)o[n]=t(e[n],n,e);return o}},function(e,t,n){var r=n(577)("toUpperCase");e.exports=r},function(e,t){e.exports=function(e,t,n){var r=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(n=n>o?o:n)<0&&(n+=o),o=t>n?0:n-t>>>0,t>>>=0;for(var i=Array(o);++r<o;)i[r]=e[r+t];return i}},function(e,t){var n=RegExp("--begin_highlight_tag--[\\u200d--end_highlight_tag--\\ud800--begin_highlight_tag---\\udfff--end_highlight_tag--\\u0300--begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--\\ufe0e\\ufe0f]");e.exports=function(e){return n.test(e)}},function(e,t){e.exports=function(e,t,n,r){var o=-1,i=null==e?0:e.length;for(r&&i&&(n=e[++o]);++o<i;)n=t(n,e[o],o,e);return n}},function(e,t,n){var r=n(180),o="Expected a function";function i(e,t){if("function"!=typeof e||null!=t&&"function"!=typeof t)throw new TypeError(o);var n=function(){var r=arguments,o=t?t.apply(this,r):r[0],i=n.cache;if(i.has(o))return i.get(o);var a=e.apply(this,r);return n.cache=i.set(o,a)||i,a};return n.cache=new(i.Cache||r),n}i.Cache=r,e.exports=i},function(e,t,n){var r=n(62),o=n(38),i="[object AsyncFunction]",a="[object Function]",u="[object GeneratorFunction]",s="[object Proxy]";e.exports=function(e){if(!o(e))return!1;var t=r(e);return t==a||t==u||t==i||t==s}},function(e,t){var n=Function.prototype.toString;e.exports=function(e){if(null!=e){try{return n.call(e)}catch(e){}try{return e+""}catch(e){}}return""}},function(e,t,n){var r=n(611)(n(648));e.e -... -... -... -n(e,t,n){var r=n(574),o=n(582)(function(e,t,n){return t=t.toLowerCase(),e+(n?r(t):t)});e.exports=o},function(e,t,n){var r=n(61),o=n(281);e.exports=function(e){return o(r(e).toLowerCase())}},function(e,t,n){var r=n(77),o=Object.prototype,i=o.hasOwnProperty,a=o.toString,u=r?r.toStringTag:void 0;e.exports=function(e){var t=i.call(e,u),n=e[u];try{e[u]=void 0;var r=!0}catch(e){}var o=a.call(e);return r&&(t?e[u]=n:delete e[u]),o}},function(e,t){var n=Object.prototype.toString;e.exports=function(e){return n.call(e)}},function(e,t,n){var r=n(578),o=n(283),i=n(579),a=n(61);e.exports=function(e){return function(t){t=a(t);var n=o(t)?i(t):void 0,u=n?n[0]:t.charAt(0),s=n?r(n,1).join(""):t.slice(1);return u[e]()+s}}},function(e,t,n){var r=n(282);e.exports=function(e,t,n){var o=e.length;return n=void 0===n?o:n,!t&&n>=o?e:r(e,t,n)}},function(e,t,n){var r=n(580),o=n(283),i=n(581);e.exports=function(e){return o(e)?i(e):r(e)}},function(e,t){e.exports=function(e){return e.split("")}},function(e,t){var n="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",r="--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]",o=--begin_highlight_tag--"\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",i="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",a="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",u="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s="(?:"+r+"|"+o+")"+"?",l="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+[i,a,u].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+")*"),c="(?:"+[i+r+"?",r,a,u,n].join("|")+")",f=RegExp(o+"(?="+o+")|"+c+l,"g");e.exports=function(e){return e.match(f)||[]}},function(e,t,n){var r=n(284),o=n(583),i=n(586),a=RegExp("['’]","g");e.exports=function(e){return function(t){return r(i(o(t).replace(a,"")),e,"")}}},function(e,t,n){var r=n(584),o=n(61),i=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,a=RegExp("--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]","g");e.exports=function(e){return(e=o(e))&&e.replace(i,r).replace(a,"")}},function(e,t,n){var r=n(585)({"À":"A","Á":"A","Â":"A","Ã":"A","Ä":"A","Å":"A","à":"a","á":"a","â":"a","ã":"a","ä":"a","å":"a","Ç":"C","ç":"c","Ð":"D","ð":"d","È":"E","É":"E","Ê":"E","Ë":"E","è":"e","é":"e","ê":"e","ë":"e","Ì":"I","Í":"I","Î":"I","Ï":"I","ì":"i","í":"i","î":"i","ï":"i","Ñ":"N","ñ":"n","Ò":"O","Ó":"O","Ô":"O","Õ":"O","Ö":"O","Ø":"O","ò":"o","ó":"o","ô":"o","õ":"o","ö":"o","ø":"o","Ù":"U","Ú":"U","Û":"U","Ü":"U","ù":"u","ú":"u","û":"u","ü":"u","Ý":"Y","ý":"y","ÿ":"y","Æ":"Ae","æ":"ae","Þ":"Th","þ":"th","ß":"ss","Ā":"A","Ă":"A","Ą":"A","ā":"a","ă":"a","ą":"a","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","ć":"c","ĉ":"c","ċ":"c","č":"c","Ď":"D","Đ":"D","ď":"d","đ":"d","Ē":"E","Ĕ":"E","Ė":"E","Ę":"E","Ě":"E","ē":"e","ĕ":"e","ė":"e","ę":"e","ě":"e","Ĝ":"G","Ğ":"G","Ġ":"G","Ģ":"G","ĝ":"g","ğ":"g","ġ":"g","ģ":"g","Ĥ":"H","Ħ":"H","ĥ":"h","ħ":"h","Ĩ":"I","Ī":"I","Ĭ": -... -... -... -N","Ŋ":"N","ń":"n","ņ":"n","ň":"n","ŋ":"n","Ō":"O","Ŏ":"O","Ő":"O","ō":"o","ŏ":"o","ő":"o","Ŕ":"R","Ŗ":"R","Ř":"R","ŕ":"r","ŗ":"r","ř":"r","Ś":"S","Ŝ":"S","Ş":"S","Š":"S","ś":"s","ŝ":"s","ş":"s","š":"s","Ţ":"T","Ť":"T","Ŧ":"T","ţ":"t","ť":"t","ŧ":"t","Ũ":"U","Ū":"U","Ŭ":"U","Ů":"U","Ű":"U","Ų":"U","ũ":"u","ū":"u","ŭ":"u","ů":"u","ű":"u","ų":"u","Ŵ":"W","ŵ":"w","Ŷ":"Y","ŷ":"y","Ÿ":"Y","Ź":"Z","Ż":"Z","Ž":"Z","ź":"z","ż":"z","ž":"z","IJ":"IJ","ij":"ij","Œ":"Oe","œ":"oe","ʼn":"'n","ſ":"s"});e.exports=r},function(e,t){e.exports=function(e){return function(t){return null==e?void 0:e[t]}}},function(e,t,n){var r=n(587),o=n(588),i=n(61),a=n(589);e.exports=function(e,t,n){return e=i(e),void 0===(t=n?void 0:t)?o(e)?a(e):r(e):e.match(t)||[]}},function(e,t){var n=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;e.exports=function(e){return e.match(n)||[]}},function(e,t){var n=/[a-z][A-Z]|[A-Z]{2,}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;e.exports=function(e){return n.test(e)}},function(e,t){var n=--begin_highlight_tag--"\\xac--end_highlight_tag--\\xb1\\xd7\\xf7\\x00--begin_highlight_tag---\\x2f--end_highlight_tag--\\x3a--begin_highlight_tag---\\x40--end_highlight_tag--\\x5b--begin_highlight_tag---\\x60--end_highlight_tag--\\x7b--begin_highlight_tag---\\xbf--end_highlight_tag--\\u2000--begin_highlight_tag---\\u206f--end_highlight_tag-- \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",r="["+n+"]",o="\\d+",i="--begin_highlight_tag--[\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bf--end_highlight_tag--]",a="[a-z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xff--end_highlight_tag--]",u="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--"+n+o+--begin_highlight_tag--"\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bfa--end_highlight_tag---z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xffA--end_highlight_tag---Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",s="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",l="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",c="[A-Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",f="(?:"+a+"|"+u+")",p="(?:"+c+"|"+u+")",d="(?:--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]--begin_highlight_tag--|\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--])?",h="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+d+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+["[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s,l].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+d+")*"),v="(?:"+[i,s,l].join("|")+")"+h,m=RegExp([c+"?"+a+"+(?:['’](?:d|ll|m|re|s|t|ve))?(?="+[r,c,"$"].join("|")+")",p+"+(?:['’](?:D|LL|M|RE|S|T|VE))?(?="+[r,c+f,"$"].join("|")+")",c+"?"+f+"+(?:['’](?:d|ll|m|re|s|t|ve))?",c+"+(?:['’](?:D|LL|M|RE|S|T|VE))?","\\d*(?:1ST|2ND|3RD|(?![123]--begin_highlight_tag--)\\dTH--end_highlight_tag--)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123]--begin_highlight_tag--)\\dth--end_highlight_tag--)(?=\\b|[A-Z_])",o,v].join("|"),"g");e.exports=function(e){return e.match(m)||[]}},function(e,t,n){var r=n(591),o=n(130),i=n(181);e.exports=function(){this.size=0,this.__data__={hash:new r,map:new(i||o),string:new r}}},function(e,t,n){var r=n(592),o=n(597),i=n(598),a=n(599),u=n(600);function s(e){var t=-1,n=null==e?0:e.length;for(this.clear();++t<n;){var r=e[t];this.set(r[0],r[1])}}s.prototype.clear=r,s.prototype.delete=o,s.prototype.get=i,s.prototype.has=a,s.prototype.set=u,e.exports=s},function(e,t,n){var r=n(129);e.exports=function(){this.__data__=r?r(null):{},this.size=0}},function(e,t,n){var r=n(286),o=n(594),i=n(38),a=n(287),u=/^\[object .+?Constructor\]$/,s=Function.prototype,l=Object.prototype,c=s.toString,f=l.hasOwnProperty,p=RegExp("^"+c.call(f).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");e.exports=function(e){return!(!i(e)||o(e))&&(r(e)?p:u).test(a(e))}} -... -... -... + +... +... +...24,HAS_OVERLOADED_BOOLEAN_VALUE:32,injectDOMPropertyConfig:function(e){var t=i,n=e.Properties||{},a=e.DOMAttributeNamespaces||{},s=e.DOMAttributeNames||{},l=e.DOMPropertyNames||{},c=e.DOMMutationMethods||{};for(var f in e.isCustomAttribute&&u._isCustomAttributeFunctions.push(e.isCustomAttribute),n){u.properties.hasOwnProperty(f)&&r("48",f);var p=f.toLowerCase(),d=n[f],h={attributeName:p,attributeNamespace:null,propertyName:f,mutationMethod:null,mustUseProperty:o(d,t.MUST_USE_PROPERTY),hasBooleanValue:o(d,t.HAS_BOOLEAN_VALUE),hasNumericValue:o(d,t.HAS_NUMERIC_VALUE),hasPositiveNumericValue:o(d,t.HAS_POSITIVE_NUMERIC_VALUE),hasOverloadedBooleanValue:o(d,t.HAS_OVERLOADED_BOOLEAN_VALUE)};if(h.hasBooleanValue+h.hasNumericValue+h.hasOverloadedBooleanValue<=1||r("50",f),s.hasOwnProperty(f)){var v=s[f];h.attributeName=v}a.hasOwnProperty(f)&&(h.attributeNamespace=a[f]),l.hasOwnProperty(f)&&(h.propertyName=l[f]),c.hasOwnProperty(f)&&(h.mutationMethod=c[f]),u.properties[f]=h}}},a=":A-Z_a-z\\u00C0--begin_highlight_tag---\\u00D6--end_highlight_tag--\\u00D8--begin_highlight_tag---\\u00F6--end_highlight_tag--\\u00F8--begin_highlight_tag---\\u02FF--end_highlight_tag--\\u0370--begin_highlight_tag---\\u037D--end_highlight_tag--\\u037F--begin_highlight_tag---\\u1FFF--end_highlight_tag--\\u200C--begin_highlight_tag---\\u200D--end_highlight_tag--\\u2070--begin_highlight_tag---\\u218F--end_highlight_tag--\\u2C00--begin_highlight_tag---\\u2FEF--end_highlight_tag--\\u3001--begin_highlight_tag---\\uD7FF--end_highlight_tag--\\uF900--begin_highlight_tag---\\uFDCF--end_highlight_tag--\\uFDF0--begin_highlight_tag---\\uFFFD--end_highlight_tag--",u={ID_ATTRIBUTE_NAME:"data-reactid",ROOT_ATTRIBUTE_NAME:"data-reactroot",ATTRIBUTE_NAME_START_CHAR:a,ATTRIBUTE_NAME_CHAR:a+"\\-.0-9\\u00B7\\u0300--begin_highlight_tag---\\u036F--end_highlight_tag--\\u203F--begin_highlight_tag---\\u2040--end_highlight_tag--",properties:{},getPossibleStandardName:null,_isCustomAttributeFunctions:[],isCustomAttribute:function(e){for(var t=0;t<u._isCustomAttributeFunctions.length;t++){if((0,u._isCustomAttributeFunctions[t])(e))return!0}return!1},injection:i};e.exports=u},function(e,t,n){"use strict";var r=n(784);n(39),n(10);function o(){r.attachRefs(this,this._currentElement)}var i={mountComponent:function(e,t,n,r,i,a){var u=e.mountComponent(t,n,r,i,a);return e._currentElement&&null!=e._currentElement.ref&&t.getReactMountReady().enqueue(o,e),u},getHostNode:function(e){return e.getHostNode()},unmountComponent:function(e,t){r.detachRefs(e,e._currentElement),e.unmountComponent(t)},receiveComponent:function(e,t,n,i){var a=e._currentElement;if(t!==a||i!==e._context){0;var u=r.shouldUpdateRefs(a,t);u&&r.detachRefs(e,a),e.receiveComponent(t,n,i),u&&e._currentElement&&null!=e._currentElement.ref&&n.getReactMountReady().enqueue(o,e)}},performUpdateIfNecessary:funct +... +... +... +ar t=arguments.length,n=Array(t>1?t-1:0),r=1;r<t;r++)n[r-1]=arguments[r];return s(e,n)},e.exports.noMutate=function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return s({},t)},e.exports.withOptions=function(e,t,n){return s(e,t,n)}},function(e,t,n){var r=n(77),o=n(280),i=n(24),a=n(128),u=1/0,s=r?r.prototype:void 0,l=s?s.toString:void 0;e.exports=function e(t){if("string"==typeof t)return t;if(i(t))return o(t,e)+"";if(a(t))return l?l.call(t):"";var n=t+"";return"0"==n&&1/t==-u?"-0":n}},function(e,t,n){(function(t){var n="object"==typeof t&&t&&t.Object===Object&&t;e.exports=n}).call(t,n(31))},function(e,t){e.exports=function(e,t){for(var n=-1,r=null==e?0:e.length,o=Array(r);++n<r;)o[n]=t(e[n],n,e);return o}},function(e,t,n){var r=n(577)("toUpperCase");e.exports=r},function(e,t){e.exports=function(e,t,n){var r=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(n=n>o?o:n)<0&&(n+=o),o=t>n?0:n-t>>>0,t>>>=0;for(var i=Array(o);++r<o;)i[r]=e[r+t];return i}},function(e,t){var n=RegExp("--begin_highlight_tag--[\\u200d--end_highlight_tag--\\ud800--begin_highlight_tag---\\udfff--end_highlight_tag--\\u0300--begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--\\ufe0e\\ufe0f]");e.exports=function(e){return n.test(e)}},function(e,t){e.exports=function(e,t,n,r){var o=-1,i=null==e?0:e.length;for(r&&i&&(n=e[++o]);++o<i;)n=t(n,e[o],o,e);return n}},function(e,t,n){var r=n(180),o="Expected a function";function i(e,t){if("function"!=typeof e||null!=t&&"function"!=typeof t)throw new TypeError(o);var n=function(){var r=arguments,o=t?t.apply(this,r):r[0],i=n.cache;if(i.has(o))return i.get(o);var a=e.apply(this,r);return n.cache=i.set(o,a)||i,a};return n.cache=new(i.Cache||r),n}i.Cache=r,e.exports=i},function(e,t,n){var r=n(62),o=n(38),i="[object AsyncFunction]",a="[object Function]",u="[object GeneratorFunction]",s="[object Proxy]";e.exports=function(e){if(!o(e))return!1;var t=r(e);return t==a||t==u||t==i||t==s}},function(e,t){var n=Function.prototype.toString;e.exports=function(e){if(null!=e){try{return n.call(e)}catch(e){}try{return e+""}catch(e){}}return""}},function(e,t,n){var r=n(611)(n(648));e.e +... +... +... +n(e,t,n){var r=n(574),o=n(582)(function(e,t,n){return t=t.toLowerCase(),e+(n?r(t):t)});e.exports=o},function(e,t,n){var r=n(61),o=n(281);e.exports=function(e){return o(r(e).toLowerCase())}},function(e,t,n){var r=n(77),o=Object.prototype,i=o.hasOwnProperty,a=o.toString,u=r?r.toStringTag:void 0;e.exports=function(e){var t=i.call(e,u),n=e[u];try{e[u]=void 0;var r=!0}catch(e){}var o=a.call(e);return r&&(t?e[u]=n:delete e[u]),o}},function(e,t){var n=Object.prototype.toString;e.exports=function(e){return n.call(e)}},function(e,t,n){var r=n(578),o=n(283),i=n(579),a=n(61);e.exports=function(e){return function(t){t=a(t);var n=o(t)?i(t):void 0,u=n?n[0]:t.charAt(0),s=n?r(n,1).join(""):t.slice(1);return u[e]()+s}}},function(e,t,n){var r=n(282);e.exports=function(e,t,n){var o=e.length;return n=void 0===n?o:n,!t&&n>=o?e:r(e,t,n)}},function(e,t,n){var r=n(580),o=n(283),i=n(581);e.exports=function(e){return o(e)?i(e):r(e)}},function(e,t){e.exports=function(e){return e.split("")}},function(e,t){var n="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",r="--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]",o=--begin_highlight_tag--"\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",i="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",a="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",u="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s="(?:"+r+"|"+o+")"+"?",l="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+[i,a,u].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+s+")*"),c="(?:"+[i+r+"?",r,a,u,n].join("|")+")",f=RegExp(o+"(?="+o+")|"+c+l,"g");e.exports=function(e){return e.match(f)||[]}},function(e,t,n){var r=n(284),o=n(583),i=n(586),a=RegExp("['’]","g");e.exports=function(e){return function(t){return r(i(o(t).replace(a,"")),e,"")}}},function(e,t,n){var r=n(584),o=n(61),i=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,a=RegExp("--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]","g");e.exports=function(e){return(e=o(e))&&e.replace(i,r).replace(a,"")}},function(e,t,n){var r=n(585)({"À":"A","Á":"A","Â":"A","Ã":"A","Ä":"A","Å":"A","à":"a","á":"a","â":"a","ã":"a","ä":"a","å":"a","Ç":"C","ç":"c","Ð":"D","ð":"d","È":"E","É":"E","Ê":"E","Ë":"E","è":"e","é":"e","ê":"e","ë":"e","Ì":"I","Í":"I","Î":"I","Ï":"I","ì":"i","í":"i","î":"i","ï":"i","Ñ":"N","ñ":"n","Ò":"O","Ó":"O","Ô":"O","Õ":"O","Ö":"O","Ø":"O","ò":"o","ó":"o","ô":"o","õ":"o","ö":"o","ø":"o","Ù":"U","Ú":"U","Û":"U","Ü":"U","ù":"u","ú":"u","û":"u","ü":"u","Ý":"Y","ý":"y","ÿ":"y","Æ":"Ae","æ":"ae","Þ":"Th","þ":"th","ß":"ss","Ā":"A","Ă":"A","Ą":"A","ā":"a","ă":"a","ą":"a","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","ć":"c","ĉ":"c","ċ":"c","č":"c","Ď":"D","Đ":"D","ď":"d","đ":"d","Ē":"E","Ĕ":"E","Ė":"E","Ę":"E","Ě":"E","ē":"e","ĕ":"e","ė":"e","ę":"e","ě":"e","Ĝ":"G","Ğ":"G","Ġ":"G","Ģ":"G","ĝ":"g","ğ":"g","ġ":"g","ģ":"g","Ĥ":"H","Ħ":"H","ĥ":"h","ħ":"h","Ĩ":"I","Ī":"I","Ĭ": +... +... +... +N","Ŋ":"N","ń":"n","ņ":"n","ň":"n","ŋ":"n","Ō":"O","Ŏ":"O","Ő":"O","ō":"o","ŏ":"o","ő":"o","Ŕ":"R","Ŗ":"R","Ř":"R","ŕ":"r","ŗ":"r","ř":"r","Ś":"S","Ŝ":"S","Ş":"S","Š":"S","ś":"s","ŝ":"s","ş":"s","š":"s","Ţ":"T","Ť":"T","Ŧ":"T","ţ":"t","ť":"t","ŧ":"t","Ũ":"U","Ū":"U","Ŭ":"U","Ů":"U","Ű":"U","Ų":"U","ũ":"u","ū":"u","ŭ":"u","ů":"u","ű":"u","ų":"u","Ŵ":"W","ŵ":"w","Ŷ":"Y","ŷ":"y","Ÿ":"Y","Ź":"Z","Ż":"Z","Ž":"Z","ź":"z","ż":"z","ž":"z","IJ":"IJ","ij":"ij","Œ":"Oe","œ":"oe","ʼn":"'n","ſ":"s"});e.exports=r},function(e,t){e.exports=function(e){return function(t){return null==e?void 0:e[t]}}},function(e,t,n){var r=n(587),o=n(588),i=n(61),a=n(589);e.exports=function(e,t,n){return e=i(e),void 0===(t=n?void 0:t)?o(e)?a(e):r(e):e.match(t)||[]}},function(e,t){var n=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;e.exports=function(e){return e.match(n)||[]}},function(e,t){var n=/[a-z][A-Z]|[A-Z]{2,}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;e.exports=function(e){return n.test(e)}},function(e,t){var n=--begin_highlight_tag--"\\xac--end_highlight_tag--\\xb1\\xd7\\xf7\\x00--begin_highlight_tag---\\x2f--end_highlight_tag--\\x3a--begin_highlight_tag---\\x40--end_highlight_tag--\\x5b--begin_highlight_tag---\\x60--end_highlight_tag--\\x7b--begin_highlight_tag---\\xbf--end_highlight_tag--\\u2000--begin_highlight_tag---\\u206f--end_highlight_tag-- \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",r="["+n+"]",o="\\d+",i="--begin_highlight_tag--[\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bf--end_highlight_tag--]",a="[a-z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xff--end_highlight_tag--]",u="[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--"+n+o+--begin_highlight_tag--"\\u2700--end_highlight_tag----begin_highlight_tag---\\u27bfa--end_highlight_tag---z\\xdf--begin_highlight_tag---\\xf6--end_highlight_tag--\\xf8--begin_highlight_tag---\\xffA--end_highlight_tag---Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",s="(?--begin_highlight_tag--:\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udde6--end_highlight_tag----begin_highlight_tag---\\uddff--end_highlight_tag--]){2}",l="--begin_highlight_tag--[\\ud800--end_highlight_tag----begin_highlight_tag---\\udbff--end_highlight_tag--]--begin_highlight_tag--[\\udc00--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",c="[A-Z\\xc0--begin_highlight_tag---\\xd6--end_highlight_tag--\\xd8--begin_highlight_tag---\\xde--end_highlight_tag--]",f="(?:"+a+"|"+u+")",p="(?:"+c+"|"+u+")",d="(?:--begin_highlight_tag--[\\u0300--end_highlight_tag----begin_highlight_tag---\\u036f--end_highlight_tag--\\ufe20--begin_highlight_tag---\\ufe2f--end_highlight_tag--\\u20d0--begin_highlight_tag---\\u20ff--end_highlight_tag--]--begin_highlight_tag--|\\ud83c--end_highlight_tag----begin_highlight_tag--[\\udffb--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--])?",h="--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+d+("(?--begin_highlight_tag--:\\u200d--end_highlight_tag--(?:"+["[--begin_highlight_tag--^\\ud800--end_highlight_tag----begin_highlight_tag---\\udfff--end_highlight_tag--]",s,l].join("|")+")--begin_highlight_tag--[\\ufe0e--end_highlight_tag--\\ufe0f]?"+d+")*"),v="(?:"+[i,s,l].join("|")+")"+h,m=RegExp([c+"?"+a+"+(?:['’](?:d|ll|m|re|s|t|ve))?(?="+[r,c,"$"].join("|")+")",p+"+(?:['’](?:D|LL|M|RE|S|T|VE))?(?="+[r,c+f,"$"].join("|")+")",c+"?"+f+"+(?:['’](?:d|ll|m|re|s|t|ve))?",c+"+(?:['’](?:D|LL|M|RE|S|T|VE))?","\\d*(?:1ST|2ND|3RD|(?![123]--begin_highlight_tag--)\\dTH--end_highlight_tag--)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123]--begin_highlight_tag--)\\dth--end_highlight_tag--)(?=\\b|[A-Z_])",o,v].join("|"),"g");e.exports=function(e){return e.match(m)||[]}},function(e,t,n){var r=n(591),o=n(130),i=n(181);e.exports=function(){this.size=0,this.__data__={hash:new r,map:new(i||o),string:new r}}},function(e,t,n){var r=n(592),o=n(597),i=n(598),a=n(599),u=n(600);function s(e){var t=-1,n=null==e?0:e.length;for(this.clear();++t<n;){var r=e[t];this.set(r[0],r[1])}}s.prototype.clear=r,s.prototype.delete=o,s.prototype.get=i,s.prototype.has=a,s.prototype.set=u,e.exports=s},function(e,t,n){var r=n(129);e.exports=function(){this.__data__=r?r(null):{},this.size=0}},function(e,t,n){var r=n(286),o=n(594),i=n(38),a=n(287),u=/^\[object .+?Constructor\]$/,s=Function.prototype,l=Object.prototype,c=s.toString,f=l.hasOwnProperty,p=RegExp("^"+c.call(f).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");e.exports=function(e){return!(!i(e)||o(e))&&(r(e)?p:u).test(a(e))}} +... +... +... @@ -16547,10 +16572,10 @@ Content-Type: application/json "tags": [ "2. Account" ], - "description": "Re -... -... -... + "description": "Re +... +... +... @@ -16600,30 +16625,30 @@ Content-Type: application/json Verify that the e-mail address is a valid one. ... -...on(e){ -/*! - * The buffer module from node.js, for the browser. - * - * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> - * @license MIT - */ +...on(e){ +/*! + * The buffer module from node.js, for the browser. + * + * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> + * @license MIT + */ var r=n(529),o=n(530),i=n(261);function a(){return s.TYPE... ... ... -&&"function"==typeof t.callee?"Arguments":a}},function(e,t){var n=0,r=Math.random();e.exports=function(e){return"Symbol(".concat(void 0===e?"":e,")_",(++n+r).toString(36))}},function(e,t,n){var r=n(74),o=n(33).document,i=r(o)&&r(o.createElement);e.exports=function(e){return i?o.createElement(e):{}}},function(e,t,n){var r=n(242)("keys"),o=n(167);e.exports=function(e){return r[e]||(r[e]=o(e))}},function(e,t,n){var r=n(117).f,o=n(118),i=n(17)("toStringTag");e.exports=function(e,t,n){e&&!o(e=n?e:e.prototype,i)&&r(e,i,{configurable:!0,value:t})}},function(e,t,n){"use strict";var r=n(121);e.exports.f=function(e){return new function(e){var t,n;this.promise=new e(function(e,r){if(void 0!==t||void 0!==n)throw TypeError("Bad Promise constructor");t=e,n=r}),this.resolve=r(t),this.reject=r(n)}(e)}},function(e,t,n){var r=n(256),o=n(53);e.exports=function(e,t,n){if(r(t))throw TypeError("String#"+n+" doesn't accept regex!");return String(o(e))}},function(e,t,n){var r=n(17)("match");e.exports=function(e){var t=/./;try{"/./"[e](t)}catch(n){try{return t[r]=!1,!"/./"[e](t)}catch(e){}}return!0}},function(e,t,n){t.f=n(19)},function(e,t,n){var r=n(21),o=n(15),i=n(114),a=n(174),u=n(40).f;e.exports=function(e){var t=o.Symbol||(o.Symbol=i?{}:r.Symbol||{});"_"==e.charAt(0)||e in t||u(t,e,{value:a.f(e)})}},function(e,t){t.f=Object.getOwnPropertySymbols},function(e,t){},function(e,t,n){"use strict";(function(t){ -/*! - * @description Recursive object extending - * @author Viacheslav Lotsmanov <--begin_highlight_tag--lotsmanov89@gmail.com--end_highlight_tag--> - * @license MIT - * - * The MIT License (MIT) - * - * Copyright (c) 2013-2018 Viacheslav Lotsmanov - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in +&&"function"==typeof t.callee?"Arguments":a}},function(e,t){var n=0,r=Math.random();e.exports=function(e){return"Symbol(".concat(void 0===e?"":e,")_",(++n+r).toString(36))}},function(e,t,n){var r=n(74),o=n(33).document,i=r(o)&&r(o.createElement);e.exports=function(e){return i?o.createElement(e):{}}},function(e,t,n){var r=n(242)("keys"),o=n(167);e.exports=function(e){return r[e]||(r[e]=o(e))}},function(e,t,n){var r=n(117).f,o=n(118),i=n(17)("toStringTag");e.exports=function(e,t,n){e&&!o(e=n?e:e.prototype,i)&&r(e,i,{configurable:!0,value:t})}},function(e,t,n){"use strict";var r=n(121);e.exports.f=function(e){return new function(e){var t,n;this.promise=new e(function(e,r){if(void 0!==t||void 0!==n)throw TypeError("Bad Promise constructor");t=e,n=r}),this.resolve=r(t),this.reject=r(n)}(e)}},function(e,t,n){var r=n(256),o=n(53);e.exports=function(e,t,n){if(r(t))throw TypeError("String#"+n+" doesn't accept regex!");return String(o(e))}},function(e,t,n){var r=n(17)("match");e.exports=function(e){var t=/./;try{"/./"[e](t)}catch(n){try{return t[r]=!1,!"/./"[e](t)}catch(e){}}return!0}},function(e,t,n){t.f=n(19)},function(e,t,n){var r=n(21),o=n(15),i=n(114),a=n(174),u=n(40).f;e.exports=function(e){var t=o.Symbol||(o.Symbol=i?{}:r.Symbol||{});"_"==e.charAt(0)||e in t||u(t,e,{value:a.f(e)})}},function(e,t){t.f=Object.getOwnPropertySymbols},function(e,t){},function(e,t,n){"use strict";(function(t){ +/*! + * @description Recursive object extending + * @author Viacheslav Lotsmanov <--begin_highlight_tag--lotsmanov89@gmail.com--end_highlight_tag--> + * @license MIT + * + * The MIT License (MIT) + * + * Copyright (c) 2013-2018 Viacheslav Lotsmanov + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in * the Software without restriction, including without limitation the rights to ... @@ -16633,14 +16658,14 @@ var r=n(529),o=n(530),i=n(261);function a(){return s.TYPE... ... ... -...r r,o,i;o=this,i=function(){ -/*! - * Autolinker.js - * 0.15.3 - * - * Copyright(c) 2015 Gregory Jacobs <--begin_highlight_tag--greg@greg-jacobs.com--end_highlight_tag--> - * MIT Licensed. http://www.opensource.org/licenses/mit-license.php - * +...r r,o,i;o=this,i=function(){ +/*! + * Autolinker.js + * 0.15.3 + * + * Copyright(c) 2015 Gregory Jacobs <--begin_highlight_tag--greg@greg-jacobs.com--end_highlight_tag--> + * MIT Licensed. http://www.opensource.org/licenses/mit-license.php + * * https://github.com/gregj... ... @@ -16672,49 +16697,49 @@ ETag: W/"939110-1539016968000" Date: Mon, 03 Jun 2019 18:41:06 GMT Content-Type: application/javascript -!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.SwaggerUIBundle=t():e.SwaggerUIBundle=t()}(this,function(){return function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:r})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t, -... -... -... -nProperty;e.exports=function(e,t){return n.call(e,t)}},function(e,t){e.exports=function(e){if(void 0==e)throw TypeError("Can't call method on "+e);return e}},function(e,t,n){"use strict";(function(e){ -/*! - * The buffer module from node.js, for the browser. - * - * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> - * @license MIT - */ -var r=n(529),o=n(530),i=n(261);function a(){return s.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function u(e,t){if(a()<t)throw new RangeError("Invalid typed array length");return s.TYPED_ARRAY_SUPPORT?(e=new Uint8Array(t)).__proto__=s.prototype:(null===e&&(e=new s(t)),e.length=t),e}function s(e,t,n){if(!(s.TYPED_ARRAY_SUPPORT||this instanceof s))return new s(e,t,n);if("number"==typeof e){if("string" -... -... -... -ar t=/./;try{"/./"[e](t)}catch(n){try{return t[r]=!1,!"/./"[e](t)}catch(e){}}return!0}},function(e,t,n){t.f=n(19)},function(e,t,n){var r=n(21),o=n(15),i=n(114),a=n(174),u=n(40).f;e.exports=function(e){var t=o.Symbol||(o.Symbol=i?{}:r.Symbol||{});"_"==e.charAt(0)||e in t||u(t,e,{value:a.f(e)})}},function(e,t){t.f=Object.getOwnPropertySymbols},function(e,t){},function(e,t,n){"use strict";(function(t){ -/*! - * @description Recursive object extending - * @author Viacheslav Lotsmanov <--begin_highlight_tag--lotsmanov89@gmail.com--end_highlight_tag--> - * @license MIT - * - * The MIT License (MIT) - * -... -... -... -)}}},function(e,t,n){(function(e){var r=n(279),o="object"==typeof t&&t&&!t.nodeType&&t,i=o&&"object"==typeof e&&e&&!e.nodeType&&e,a=i&&i.exports===o&&r.process,u=function(){try{var e=i&&i.require&&i.require("util").types;return e||a&&a.binding&&a.binding("util")}catch(e){}}();e.exports=u}).call(t,n(134)(e))},function(e,t,n){var r=n(24),o=n(128),i=/\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,a=/^\w*$/;e.exports=function(e,t){if(r(e))return!1;var n=typeof e;return!("number"!=n&&"symbol"!=n&&"boolean"!=n&&null!=e&&!o(e))||a.test(e)||!i.test(e)||null!=t&&e in Object(t)}},function(e,t){e.exports=function(e){return e}},function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.memoizedSampleFromSchema=t.memoizedCreateXMLExample=t.sampleXmlFromSchema=t.inferSchema=t.sampleFromSchema=void 0,t.createXMLExample=f;var r=n(9),o=a(n(657)),i=a(n(670));function a(e){return e&&e.__esModule?e:{default:e}}var u={string:function(){return"string"},string_email:function(){return"--begin_highlight_tag--user@example.com--end_highlight_tag--"},"string_date-time":function(){return(new Date).toISOString()},number:function(){return 0},number_float:function(){return 0},integer:function(){return 0},boolean:function(e){return"boolean"!=typeof e.default||e.default}},s=function(e){var t=e=(0,r.objectify)(e),n=t.type,o=t.format,i=u[n+"_"+o]||u[n];return(0,r.isFunc)(i)?i(e):"Unknown Type: "+e.type},l=t.sampleFromSchema=function e(t){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},o=(0,r.objectify)(t),i=o.type,a=o.example,u=o.properties,l=o.additionalProperties,c=o.items,f=n.includeReadOnly,p=n.includeWriteOnly;if(void 0!==a)return(0,r.deeplyStripKey)(a,"$$ref",function(e){return"string"==typeof e&&e.indexOf("#")>-1});if(!i)if(u)i="object";else{if(!c)return;i="array"}if("object"===i){var d=(0,r.objectify)(u),h={};for(var v in d)d[v]&&d[v].deprecated||d[v]&&d[v].readOnly&&!f||d[v]&&d[v].writeOnly&&!p||(h[v]=e(d[v],n));if(!0===l)h.additionalProp1={};else if(l) -... -... -... - -/*! - * Autolinker.js - * 0.15.3 - * - * Copyright(c) 2015 Gregory Jacobs <--begin_highlight_tag--greg@greg-jacobs.com--end_highlight_tag--> - * MIT Licensed. http://www.opensource.org/licenses/mit-license.php - * - * https://github.com/gregjacobs/Autolinker.js - */ -... -... -... +!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.SwaggerUIBundle=t():e.SwaggerUIBundle=t()}(this,function(){return function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:r})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t, +... +... +... +nProperty;e.exports=function(e,t){return n.call(e,t)}},function(e,t){e.exports=function(e){if(void 0==e)throw TypeError("Can't call method on "+e);return e}},function(e,t,n){"use strict";(function(e){ +/*! + * The buffer module from node.js, for the browser. + * + * @author Feross Aboukhadijeh <--begin_highlight_tag--feross@feross.org--end_highlight_tag--> <http://feross.org> + * @license MIT + */ +var r=n(529),o=n(530),i=n(261);function a(){return s.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function u(e,t){if(a()<t)throw new RangeError("Invalid typed array length");return s.TYPED_ARRAY_SUPPORT?(e=new Uint8Array(t)).__proto__=s.prototype:(null===e&&(e=new s(t)),e.length=t),e}function s(e,t,n){if(!(s.TYPED_ARRAY_SUPPORT||this instanceof s))return new s(e,t,n);if("number"==typeof e){if("string" +... +... +... +ar t=/./;try{"/./"[e](t)}catch(n){try{return t[r]=!1,!"/./"[e](t)}catch(e){}}return!0}},function(e,t,n){t.f=n(19)},function(e,t,n){var r=n(21),o=n(15),i=n(114),a=n(174),u=n(40).f;e.exports=function(e){var t=o.Symbol||(o.Symbol=i?{}:r.Symbol||{});"_"==e.charAt(0)||e in t||u(t,e,{value:a.f(e)})}},function(e,t){t.f=Object.getOwnPropertySymbols},function(e,t){},function(e,t,n){"use strict";(function(t){ +/*! + * @description Recursive object extending + * @author Viacheslav Lotsmanov <--begin_highlight_tag--lotsmanov89@gmail.com--end_highlight_tag--> + * @license MIT + * + * The MIT License (MIT) + * +... +... +... +)}}},function(e,t,n){(function(e){var r=n(279),o="object"==typeof t&&t&&!t.nodeType&&t,i=o&&"object"==typeof e&&e&&!e.nodeType&&e,a=i&&i.exports===o&&r.process,u=function(){try{var e=i&&i.require&&i.require("util").types;return e||a&&a.binding&&a.binding("util")}catch(e){}}();e.exports=u}).call(t,n(134)(e))},function(e,t,n){var r=n(24),o=n(128),i=/\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,a=/^\w*$/;e.exports=function(e,t){if(r(e))return!1;var n=typeof e;return!("number"!=n&&"symbol"!=n&&"boolean"!=n&&null!=e&&!o(e))||a.test(e)||!i.test(e)||null!=t&&e in Object(t)}},function(e,t){e.exports=function(e){return e}},function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.memoizedSampleFromSchema=t.memoizedCreateXMLExample=t.sampleXmlFromSchema=t.inferSchema=t.sampleFromSchema=void 0,t.createXMLExample=f;var r=n(9),o=a(n(657)),i=a(n(670));function a(e){return e&&e.__esModule?e:{default:e}}var u={string:function(){return"string"},string_email:function(){return"--begin_highlight_tag--user@example.com--end_highlight_tag--"},"string_date-time":function(){return(new Date).toISOString()},number:function(){return 0},number_float:function(){return 0},integer:function(){return 0},boolean:function(e){return"boolean"!=typeof e.default||e.default}},s=function(e){var t=e=(0,r.objectify)(e),n=t.type,o=t.format,i=u[n+"_"+o]||u[n];return(0,r.isFunc)(i)?i(e):"Unknown Type: "+e.type},l=t.sampleFromSchema=function e(t){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},o=(0,r.objectify)(t),i=o.type,a=o.example,u=o.properties,l=o.additionalProperties,c=o.items,f=n.includeReadOnly,p=n.includeWriteOnly;if(void 0!==a)return(0,r.deeplyStripKey)(a,"$$ref",function(e){return"string"==typeof e&&e.indexOf("#")>-1});if(!i)if(u)i="object";else{if(!c)return;i="array"}if("object"===i){var d=(0,r.objectify)(u),h={};for(var v in d)d[v]&&d[v].deprecated||d[v]&&d[v].readOnly&&!f||d[v]&&d[v].writeOnly&&!p||(h[v]=e(d[v],n));if(!0===l)h.additionalProp1={};else if(l) +... +... +... + +/*! + * Autolinker.js + * 0.15.3 + * + * Copyright(c) 2015 Gregory Jacobs <--begin_highlight_tag--greg@greg-jacobs.com--end_highlight_tag--> + * MIT Licensed. http://www.opensource.org/licenses/mit-license.php + * + * https://github.com/gregjacobs/Autolinker.js + */ +... +... +... @@ -16765,7 +16790,7 @@ ar t=/./;try{"/./"[e](t)}catch(n){try{return t[r]=!1,!"/./"[e](t)}catch(e){}}ret Open the test response, and verify that the X-Frame-Options header is missing or with insecure value ... - + Accept-Language: en-US Content-Type: application/x-www-form-urlencoded @@ -16784,7 +16809,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... @@ -16927,10 +16953,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <div class="fl" style="width: 99%;"> - <form id="tForm" name="tForm" method="post" act -... -... -... + <form id="tForm" name="tForm" method="post" act +... +... +... @@ -17130,10 +17156,10 @@ Content-Type: text/html;charset=ISO-8859-1 <div class="fl" style="width: 99%;"> - <form id="tForm" name="tForm" method="post" action="doTransfer" onsubmit -... -... -... + <form id="tForm" name="tForm" method="post" action="doTransfer" onsubmit +... +... +... @@ -17345,10 +17371,10 @@ Content-Type: text/html;charset=ISO-8859-1 <table width="100%" border="0"> <!-- action="addAccount" --> - <form id="addAccount" name="addAccount -... -... -... + <form id="addAccount" name="addAccount +... +... +... @@ -17400,7 +17426,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, go to the "Request/Response" tab and click "Show in Browser". If the page WF_XSRF.html was injected in the context of IMG SRC, verify that the browser attempts to access it. If the page was injected in the context of A HREF, click the link and only then verify that the browser attempts to access it. ... - + </ul> </td> <!-- TOC END --> @@ -17419,7 +17445,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN FOOTER --> - + + ... @@ -17527,11 +17554,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> - <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Reti -... -... -... - + <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Reti +... +... +... + @@ -17541,8 +17568,8 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </div> -... -... +... +... ... @@ -17593,7 +17620,7 @@ Content-Type: text/html;charset=ISO-8859-1 Open the test response, and verify that the X-Frame-Options header is missing or with insecure value ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -17612,7 +17639,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... @@ -17752,10 +17780,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </tr> </table> <div id="footer" style="width: 99%;"> - <a id="Hype -... -... -... + <a id="Hype +... +... +... @@ -17812,7 +17840,7 @@ Otherwise, to verify this vulnerability: 2236 ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -17831,11 +17859,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... ... - + <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> @@ -17854,7 +17883,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </form> </div> </td> -</div> +</div> + ... @@ -17973,11 +18003,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <td valign="top" colspan="3" class="bb"> <div class="fl" style="width: 99%;"> - <h1>Searc -... -... -... - + <h1>Searc +... +... +... + <form id="QueryXpath" method="get" action="https://demo.testfire.net/bank/queryxpath.jsp"> Search our news articles database <br /><br /> @@ -17987,9 +18017,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <br /><br /> News title not found, try again -... -... -... +... +... +... @@ -18046,7 +18076,7 @@ Otherwise, to verify this vulnerability: 2254 ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -18065,11 +18095,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... ... - + <td valign="top" colspan="3" class="bb"> <div class="fl" style="width: 99%;"> @@ -18088,7 +18119,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <p> <a id="HyperLink1" href="./customize.jsp?content=customize.jsp&lang=international">International</a> <a id="HyperLink2" href="./customize.jsp?content=customize.jsp&lang=english">English</a> - </p> + </p> + ... @@ -18226,10 +18258,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </form> </div> - -... -... -... + +... +... +... @@ -18281,7 +18313,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- To verify that the test was successful, go to the "Request/Response" tab and click "Show in Browser". If the page WF_XSRF.html was injected in the context of IMG SRC, verify that the browser attempts to access it. If the page was injected in the context of A HREF, click the link and only then verify that the browser attempts to access it. ... - + @@ -18300,7 +18332,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <!-- BEGIN FOOTER --> - + + ... @@ -18405,11 +18438,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> - <li><a id="MenuHyperLin -... -... -... - + <li><a id="MenuHyperLin +... +... +... + <h1>Search Results</h1> <p>No results were found for the query:<br /><br /> @@ -18419,8 +18452,8 @@ Content-Type: text/html;charset=ISO-8859-1 </div> </td> </div> -... -... +... +... ... @@ -18479,7 +18512,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -18587,10 +18621,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a -... -... -... + <li><a +... +... +... @@ -18649,7 +18683,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -18760,10 +18795,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - -... -... -... + +... +... +... @@ -18945,10 +18980,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" href -... -... -... + <li><a id="MenuHyperLink13" href +... +... +... @@ -19152,10 +19187,10 @@ Content-Type: text/html;charset=ISO-8859-1 </span></p> - <h1>Edit User Information -... -... -... + <h1>Edit User Information +... +... +... @@ -19205,7 +19240,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, check that the Test Reponse screenshot includes the text "Phishing Sample". If it does not, it may be due to browser specific rendering of HTML syntaxes. To check this, go to the "Request/Response" tab, search the test response for a link to "http://demo.testfire.net/phishing.html" and verify that the browser requests this file. ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -19224,11 +19259,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... ... - + @@ -19247,7 +19283,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <!-- BEGIN FOOTER --> - + + ... @@ -19351,11 +19388,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> - <li><a id="MenuHy -... -... -... - + <li><a id="MenuHy +... +... +... + <h1>Search Results</h1> <p>No results were found for the query:<br /><br /> @@ -19365,8 +19402,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </div> </td> </div> -... -... +... +... ... @@ -19417,7 +19454,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Inspect the response, particularly the error message, to see if it exposes sensitive information. ... - + Referer: https://demo.testfire.net/bank/main.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -19478,42 +19515,42 @@ Content-Type: text/html;charset=utf-8 77: %&gt; -Stacktrace: - org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:613) - org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:510) - org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) - org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) - com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) - javax.servlet.http.HttpServlet.service(HttpServlet.java:624) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) -</pre></p><p><b>Root Cause</b> <pre>java.lang.NumberFormatException: For input string: &quot;99999999999999999999&quot; - java.lang.NumberFormatException.forInputString(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - com.ibm.security.appscan.altoromutual.model.Account.getAccount(Account.java:41) - org.apache.jsp.bank.balance_jsp._jspService(balance_jsp.java:170) - org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:472) - org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) - org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) - com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) - javax.servlet.http.HttpServlet.service(HttpServlet.java:624) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) -</pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p> -... -... -... +Stacktrace: + org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:613) + org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:510) + org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) + org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) + com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) + javax.servlet.http.HttpServlet.service(HttpServlet.java:624) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +</pre></p><p><b>Root Cause</b> <pre>java.lang.NumberFormatException: For input string: &quot;99999999999999999999&quot; + java.lang.NumberFormatException.forInputString(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + com.ibm.security.appscan.altoromutual.model.Account.getAccount(Account.java:41) + org.apache.jsp.bank.balance_jsp._jspService(balance_jsp.java:170) + org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:472) + org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) + org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) + com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) + javax.servlet.http.HttpServlet.service(HttpServlet.java:624) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +</pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p> +... +... +... @@ -19565,7 +19602,7 @@ Stacktrace: Images/1072_1.jpg 73 ... - + @@ -19584,7 +19621,8 @@ Stacktrace: <!-- BEGIN FOOTER --> - + + ... @@ -19689,11 +19727,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> - <li><a id="MenuHyperLink12" hre -... -... -... - + <li><a id="MenuHyperLink12" hre +... +... +... + <h1>Search Results</h1> <p>No results were found for the query:<br /><br /> @@ -19703,8 +19741,8 @@ Content-Type: text/html;charset=ISO-8859-1 </div> </td> </div> -... -... +... +... ... @@ -19756,7 +19794,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, go to the "Request/Response" tab and click "Show in Browser". If the page WF_XSRF.html was injected in the context of IMG SRC, verify that the browser attempts to access it. If the page was injected in the context of A HREF, click the link and only then verify that the browser attempts to access it. ... - + <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> @@ -19775,7 +19813,8 @@ Content-Type: text/html;charset=ISO-8859-1 </form> </div> </td> -</div> +</div> + ... @@ -19915,9 +19954,9 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> -</table> -... -... +</table> +... +... ... @@ -19968,7 +20007,7 @@ Content-Type: text/html;charset=ISO-8859-1 Inspect the response, particularly the error message, to see if it exposes sensitive information. ... - + Connection: Keep-Alive Host: demo.testfire.net Content-Length: 93 @@ -20020,15 +20059,15 @@ Content-Language: en Date: Mon, 03 Jun 2019 18:44:02 GMT Content-Type: text/html;charset=utf-8 -<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;99999999999999999999&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;99999999999999999999&quot; - java.lang.NumberFormatException.forInputString(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:59) - javax.servlet.http.HttpServlet.service(HttpServlet.java:650) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;99999999999999999999&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;99999999999999999999&quot; + java.lang.NumberFormatException.forInputString(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:59) + javax.servlet.http.HttpServlet.service(HttpServlet.java:650) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.92</h3></body></html> @@ -20078,7 +20117,7 @@ Content-Type: text/html;charset=utf-8 To verify that the test was successful, check that the Test Reponse screenshot includes the text "Phishing Sample". If it does not, it may be due to browser specific rendering of HTML syntaxes. To check this, go to the "Request/Response" tab, search the test response for a link to "http://demo.testfire.net/phishing.html" and verify that the browser requests this file. ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -20097,11 +20136,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... ... - + </ul> </td> <!-- TOC END --> @@ -20120,7 +20160,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <!-- BEGIN FOOTER --> - + + ... @@ -20227,11 +20268,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> - <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Ins -... -... -... - + <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Ins +... +... +... + @@ -20241,8 +20282,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </td> </div> -... -... +... +... ... @@ -20293,7 +20334,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Inspect the response, particularly the error message, to see if it exposes sensitive information. ... - + Connection: Keep-Alive Host: demo.testfire.net Content-Length: 82 @@ -20345,16 +20386,16 @@ Content-Language: en Date: Mon, 03 Jun 2019 18:44:12 GMT Content-Type: text/html;charset=utf-8 -<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;1234XYZ&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;1234XYZ&quot; - sun.misc.FloatingDecimal.readJavaFormatString(Unknown Source) - sun.misc.FloatingDecimal.parseDouble(Unknown Source) - java.lang.Double.parseDouble(Unknown Source) - java.lang.Double.valueOf(Unknown Source) - com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:60) - javax.servlet.http.HttpServlet.service(HttpServlet.java:650) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;1234XYZ&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;1234XYZ&quot; + sun.misc.FloatingDecimal.readJavaFormatString(Unknown Source) + sun.misc.FloatingDecimal.parseDouble(Unknown Source) + java.lang.Double.parseDouble(Unknown Source) + java.lang.Double.valueOf(Unknown Source) + com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:60) + javax.servlet.http.HttpServlet.service(HttpServlet.java:650) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.92</h3></body></html> @@ -20404,7 +20445,7 @@ Content-Type: text/html;charset=utf-8 To verify that the test was successful, check that the Test Reponse screenshot includes the text "Phishing Sample". If it does not, it may be due to browser specific rendering of HTML syntaxes. To check this, go to the "Request/Response" tab, search the test response for a link to "http://demo.testfire.net/phishing.html" and verify that the browser requests this file. ... - + Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded @@ -20423,11 +20464,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... ... - + @@ -20446,7 +20488,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </div> - + + ... @@ -20557,11 +20600,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> <ul class="sidebar"> - <li><a id="MenuHyperLink7" href -... -... -... - + <li><a id="MenuHyperLink7" href +... +... +... + <h1>Thank You</h1> <p>Thank you for your comments, Admin User. They will be reviewed by our Customer Service staff and given the full attention that they deserve. @@ -20571,9 +20614,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </p> </div> -... -... -... +... +... +... @@ -20624,7 +20667,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Inspect the response, particularly the error message, to see if it exposes sensitive information. ... - + Referer: https://demo.testfire.net/bank/main.jsp Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -20674,20 +20717,20 @@ Content-Language: en Date: Mon, 03 Jun 2019 18:43:07 GMT Content-Type: text/html;charset=utf-8 -<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> java.lang.NullPointerException</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>org.apache.jasper.JasperException: java.lang.NullPointerException - org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:594) - org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:510) - org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) - org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) - com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) - javax.servlet.http.HttpServlet.service(HttpServlet.java:624) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) -</pre></p><p><b>Root Cause</b> <pre>java.lang.NullPointerException +<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> java.lang.NullPointerException</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>org.apache.jasper.JasperException: java.lang.NullPointerException + org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:594) + org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:510) + org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) + org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) + com.ibm.security.appscan.altoromutual.servlet.AccountViewServlet.doGet(AccountViewServlet.java:58) + javax.servlet.http.HttpServlet.service(HttpServlet.java:624) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +</pre></p><p><b>Root Cause</b> <pre>java.lang.NullPointerException </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.92</h3></body></html> @@ -20746,7 +20789,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -20886,10 +20930,10 @@ Content-Type: text/html;charset=ISO-8859-1 <th align="left" width="80%" height="26"> <form id="Form1" method="get" action="showAccount"> <select size="1" name="listAccounts" id="listAccounts"> - <option value="800001">800001 Checking< -... -... -... + <option value="800001">800001 Checking< +... +... +... @@ -20948,7 +20992,8 @@ Host: demo.testfire.net Content-Length: 0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US -Content-Type: application/x-www-form-urlencoded +Content-Type: application/x-www-form-urlencoded + ... @@ -21095,10 +21140,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="HyperLink5" href="/index.jsp?content=privac -... -... -... + <a id="HyperLink5" href="/index.jsp?content=privac +... +... +... @@ -21150,7 +21195,7 @@ Content-Type: text/html;charset=ISO-8859-1 Images/1096_1.jpg 111 ... - + </ul> </td> <!-- TOC END --> @@ -21160,7 +21205,7 @@ Content-Type: text/html;charset=ISO-8859-1 - <p>Failed due to The requested resource (/static/business_lending.htm--begin_highlight_tag--<script + <p>Failed due to The requested resource (/static/business_lending.htm--begin_highlight_tag--<script >eval('ale'+'rt'+'('111')')</script>--end_highlight_tag--) is not available</p> </td> @@ -21170,7 +21215,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- BEGIN FOOTER --> - + + ... @@ -21278,23 +21324,23 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> - <li><a id="MenuHyperLink11" href="index.j -... -... -... - + <li><a id="MenuHyperLink11" href="index.j +... +... +... + - <p>Failed due to The requested resource (/static/business_lending.htm--begin_highlight_tag--<script + <p>Failed due to The requested resource (/static/business_lending.htm--begin_highlight_tag--<script >eval('ale'+'rt'+'('111')')</script>--end_highlight_tag--) is not available</p> </td> -... -... -... +... +... +... @@ -21346,7 +21392,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, go to the "Request/Response" tab and click "Show in Browser". If the page WF_XSRF.html was injected in the context of IMG SRC, verify that the browser attempts to access it. If the page was injected in the context of A HREF, click the link and only then verify that the browser attempts to access it. ... - + <td valign="top" colspan="3" class="bb"> @@ -21365,7 +21411,8 @@ Content-Type: text/html;charset=ISO-8859-1 </div> </td> </div> - + + ... @@ -21477,11 +21524,11 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> <ul class="sidebar"> <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> - <li><a id="MenuHy -... -... -... - + <li><a id="MenuHy +... +... +... + <div class="fl" style="width: 99%;"> <h1>Thank You</h1> @@ -21491,9 +21538,9 @@ Content-Type: text/html;charset=ISO-8859-1 However, the email you gave is incorrect (753 main street) and you will not receive a response. </p> -... -... -... +... +... +... @@ -21552,7 +21599,8 @@ Host: demo.testfire.net Accept: */* Accept-Language: en-US,en;q=0.9 - + + ... @@ -21633,7 +21681,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, check that the Test Reponse screenshot includes the text "Phishing Sample". If it does not, it may be due to browser specific rendering of HTML syntaxes. To check this, go to the "Request/Response" tab, search the test response for a link to "http://demo.testfire.net/phishing.html" and verify that the browser requests this file. ... - + Host: demo.testfire.net Accept: */* Accept-Language: en-US,en;q=0.9 @@ -21741,7 +21789,7 @@ Otherwise, to verify this vulnerability: Images/1105_1.jpg 2999 ... - + Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded @@ -21760,11 +21808,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... ... - + <td valign="top" colspan="3" class="bb"> @@ -21783,7 +21832,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </div> </td> </div> - + + ... @@ -21895,11 +21945,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> <ul class="sidebar"> <li><a id="MenuHyperLink7" href="index.jsp?content=business_deposit.htm">Deposit Products</a></li> - -... -... -... - + +... +... +... + <div class="fl" style="width: 99%;"> <h1>Thank You</h1> @@ -21909,9 +21959,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- However, the email you gave is incorrect (753 main street) and you will not receive a response. </p> -... -... -... +... +... +... @@ -21963,7 +22013,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- To verify that the test was successful, go to the "Request/Response" tab and click "Show in Browser". If the page WF_XSRF.html was injected in the context of IMG SRC, verify that the browser attempts to access it. If the page was injected in the context of A HREF, click the link and only then verify that the browser attempts to access it. ... - + HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Length: 79 @@ -22058,7 +22108,7 @@ Content-Type: text/html;charset=ISO-8859-1 To verify that the test was successful, check that the Test Reponse screenshot includes the text "Phishing Sample". If it does not, it may be due to browser specific rendering of HTML syntaxes. To check this, go to the "Request/Response" tab, search the test response for a link to "http://demo.testfire.net/phishing.html" and verify that the browser requests this file. ... - + Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded @@ -22077,11 +22127,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- - + + ... ... - + <td valign="top" colspan="3" class="bb"> @@ -22100,7 +22151,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </div> </td> </div> - + + ... @@ -22211,11 +22263,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <a id="CatLink2" class="subheader" href="index.jsp?content=business.htm">SMALL BUSINESS</a> <ul class="sidebar"> - <li><a id -... -... -... - + <li><a id +... +... +... + <div class="fl" style="width: 99%;"> <h1>Thank You</h1> @@ -22224,9 +22276,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- However, the email you gave is incorrect (753 main street) and you will not receive a response. -... -... -... +... +... +... @@ -22278,7 +22330,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- Images/1214_1.jpg 362 ... - + HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Length: 86 @@ -22382,7 +22434,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -22497,10 +22550,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - <ul class= -... -... -... + <ul class= +... +... +... @@ -22664,11 +22717,11 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> - <div -... -... -... - + <div +... +... +... + <form id="QueryXpath" method="get" action="https://demo.testfire.net/bank/queryxpath.jsp"> Search our news articles database <br /><br /> @@ -22678,9 +22731,9 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- <br /><br /> News title not found, try again -... -... -... +... +... +... @@ -22739,7 +22792,8 @@ Host: demo.testfire.net Content-Length: 0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US -Content-Type: application/x-www-form-urlencoded +Content-Type: application/x-www-form-urlencoded + ... @@ -22886,10 +22940,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="HyperLink5" href="/index.jsp?content=privac -... -... -... + <a id="HyperLink5" href="/index.jsp?content=privac +... +... +... @@ -22940,7 +22994,7 @@ Content-Type: text/html;charset=ISO-8859-1 405 ... - + <td valign="top" colspan="3" class="bb"> <div class="fl" style="width: 99%;"> @@ -22959,7 +23013,8 @@ Content-Type: text/html;charset=ISO-8859-1 <p> <a id="HyperLink1" href="./customize.jsp?content=customize.jsp&lang=international">International</a> <a id="HyperLink2" href="./customize.jsp?content=customize.jsp&lang=english">English</a> - </p> + </p> + ... @@ -23106,10 +23161,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> -< -... -... -... +< +... +... +... @@ -23160,7 +23215,7 @@ Content-Type: text/html;charset=ISO-8859-1 Inspect the response, particularly the error message, to see if it exposes sensitive information. ... - + Connection: Keep-Alive Host: demo.testfire.net Content-Length: 82 @@ -23212,15 +23267,15 @@ Content-Language: en Date: Mon, 03 Jun 2019 18:44:16 GMT Content-Type: text/html;charset=utf-8 -<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;800001XYZ&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;800001XYZ&quot; - java.lang.NumberFormatException.forInputString(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - java.lang.Long.parseLong(Unknown Source) - com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:59) - javax.servlet.http.HttpServlet.service(HttpServlet.java:650) - javax.servlet.http.HttpServlet.service(HttpServlet.java:731) - org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) - com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) +<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> For input string: &quot;800001XYZ&quot;</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>java.lang.NumberFormatException: For input string: &quot;800001XYZ&quot; + java.lang.NumberFormatException.forInputString(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + java.lang.Long.parseLong(Unknown Source) + com.ibm.security.appscan.altoromutual.servlet.TransferServlet.doPost(TransferServlet.java:59) + javax.servlet.http.HttpServlet.service(HttpServlet.java:650) + javax.servlet.http.HttpServlet.service(HttpServlet.java:731) + org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) + com.ibm.security.appscan.altoromutual.filter.AuthFilter.doFilter(AuthFilter.java:67) </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.92</h3></body></html> @@ -23279,7 +23334,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -23419,10 +23475,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="Hype -... -... -... + <a id="Hype +... +... +... @@ -23481,7 +23537,8 @@ Host: demo.testfire.net Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 - + + ... @@ -23621,10 +23678,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="Hype -... -... -... + <a id="Hype +... +... +... @@ -23675,7 +23732,7 @@ Content-Type: text/html;charset=ISO-8859-1 3269 ... - + Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language: en-US,en;q=0.9 @@ -23694,11 +23751,12 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- -<!-- BEGIN HEADER --> +<!-- BEGIN HEADER --> + ... ... - + <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> @@ -23717,7 +23775,8 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </form> </div> </td> -</div> +</div> + ... @@ -23846,10 +23905,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- News title not found, try again - </fo -... -... -... + </fo +... +... +... @@ -23899,7 +23958,7 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- To verify that the test was successful, check that the redirection attack succeeded and that the response indeed originated from demo.testfire.net. ... - + Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: Keep-Alive Host: demo.testfire.net @@ -24144,10 +24203,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> -<di -... -... -... +<di +... +... +... @@ -24199,7 +24258,7 @@ If the response is not a customized error page or a legitimate part of the appli If the response is not a customized error page or a legitimate part of the application, verify that the response contains the content of the file that the test attempted to access. ... - + User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 Referer: https://demo.testfire.net/index.jsp?content=personal_other.htm Cookie: AltoroAccounts="ODAwMDAwfkNvcnBvcmF0ZX4xLjgxOTIxODkyMzY4NzgzNUUxOXw4MDAwMDF+Q2hlY2tpbmd+MS4wMDI1NDU1NDg0OTc4MDEyRTIwfA=="; JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A @@ -24218,11 +24277,12 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... ... - + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> @@ -24241,11 +24301,12 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> - + + ... ... - + } </script> @@ -24271,11 +24332,12 @@ Content-Type: text/html;charset=ISO-8859-1 </th> <th> Account Types: - </th> + </th> + ... ... - + </select> </td> <td> @@ -24301,11 +24363,12 @@ Content-Type: text/html;charset=ISO-8859-1 <th> Password: </th> - <th> + <th> + ... ... - + </select> </td> <td> @@ -24331,11 +24394,12 @@ Content-Type: text/html;charset=ISO-8859-1 Last Name: </th> <th> - Username: + Username: + ... ... - + <td> <input type="text" name="username"> </td> @@ -24354,7 +24418,8 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> </form> - + + ... @@ -24434,11 +24499,11 @@ Content-Type: text/html;charset=ISO-8859-1 <table cellspacing="0" width="100%"> <tr> - <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbs -... -... -... - + <td width="25%" class="bt br bb"><div id="Header1"><img id="Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-align: bottom;" alt="Secure Login"/> &nbs +... +... +... + <span id="_ctl0__ctl0_Content_Administration"> <br style="line-height: 10px;"/> <b>ADMINISTRATION</b> @@ -24448,10 +24513,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> </span> -... -... -... - +... +... +... + <p><span style="color:#FF0066;font-size:12pt;font-weight:bold;"> </span></p> @@ -24468,10 +24533,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> <tr> <th> -... -... -... - +... +... +... + <option Value="Savings" Selected>Savings</option> <option Value="IRA">IRA</option> </Select></td> @@ -24488,10 +24553,10 @@ Content-Type: text/html;charset=ISO-8859-1 <tr> <th> Users: -... -... -... - +... +... +... + <td> <input type="password" name="password2"> </td> @@ -24508,10 +24573,10 @@ Content-Type: text/html;charset=ISO-8859-1 <tr> <th> First Name: -... -... -... - +... +... +... + <br> <input type="password" name="password2"> </td> @@ -24521,9 +24586,9 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> <tr> <td colspan="4">It is highly recommended that you leave the username as first -... -... -... +... +... +... @@ -24703,10 +24768,10 @@ Content-Type: --begin_highlight_tag--text/html--end_highlight_tag--;charset=ISO- </p> <p> <a id="HyperLink1" href="./customize.jsp?content=customize.jsp&lang=international">International</a> - <a id="HyperLink2" href="./customize.jsp?content=customize.jsp&la -... -... -... + <a id="HyperLink2" href="./customize.jsp?content=customize.jsp&la +... +... +... @@ -24840,7 +24905,7 @@ If the response is not a customized error page or a legitimate part of the appli If the response is not a customized error page or a legitimate part of the application, verify that the response contains the content of the file that the test attempted to access. ... - + Referer: https://demo.testfire.net/ Cookie: JSESSIONID=AC9C994BA33DA48E86E93DC3779CDD8A Connection: keep-alive @@ -24859,11 +24924,12 @@ Content-Type: text/html;charset=ISO-8859-1 - + + ... ... - + <li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp">Search News Articles</a></li> <li><a id="MenuHyperLink5" href="/bank/customize.jsp">Customize Site Language</a></li> @@ -24882,7 +24948,8 @@ Content-Type: text/html;charset=ISO-8859-1 <!-- MEMBER TOC END --> <td valign="top" colspan="3" class="bb"> <h1>Administration Login</h1> - + + ... @@ -25040,10 +25107,10 @@ Content-Type: text/html;charset=ISO-8859-1 </tr> </table> <div id="footer" style="width: 99%;"> - <a id="HyperLink5" h -... -... -... + <a id="HyperLink5" h +... +... +... @@ -25102,7 +25169,8 @@ Host: demo.testfire.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US - + + ... @@ -25212,10 +25280,10 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> - <ul class= -... -... -... + <ul class= +... +... +... @@ -25409,9 +25477,9 @@ Content-Type: text/html;charset=ISO-8859-1 <div class="fl" style="width: 99%;"> - <form id="tForm" name="tForm" method="post" action="doTransfer" onsubmit="return (confirminput(tForm));"> -... -... + <form id="tForm" name="tForm" method="post" action="doTransfer" onsubmit="return (confirminput(tForm));"> +... +... ... @@ -25461,7 +25529,7 @@ Content-Type: text/html;charset=ISO-8859-1 Examine the HTML comments for sensitive information. ... - + </ul> </td> <!-- TOC END --> @@ -25480,7 +25548,8 @@ Content-Type: text/html;charset=ISO-8859-1 <table> <tr> <td> - Username: + Username: + ... @@ -25583,11 +25652,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> <li><a id="MenuHyperLink11" href="index.jsp?content=business_retirement.htm">Retirement</a></li> - <li><a id="Men -... -... -... - + <li><a id="Men +... +... +... + <div class="fl" style="width: 99%;"> <h1>Online Banking Login</h1> @@ -25597,9 +25666,9 @@ Content-Type: text/html;charset=ISO-8859-1 Login Failed: We're sorry, but this username or password was not found in our system. Please try again. </span></p> -... -... -... +... +... +... @@ -25649,7 +25718,7 @@ Content-Type: text/html;charset=ISO-8859-1 Examine the HTML comments for sensitive information. ... - + myform.password2.value=""; myform.password1.focus(); alert ("Passwords do not match"); @@ -25668,7 +25737,8 @@ Content-Type: text/html;charset=ISO-8859-1 <h1>Edit User Information</h1> <table width="100%" border="0"> - <!-- action="addAccount" --> + <!-- action="addAccount" --> + ... @@ -25813,10 +25883,10 @@ Content-Type: text/html;charset=ISO-8859-1 <h1>Edit User Information</h1> <table width="100%" border="0"> - <!-- action="addAccount" - -... -... -... + <!-- action="addAccount" - +... +... +... @@ -25866,7 +25936,7 @@ Content-Type: text/html;charset=ISO-8859-1 Examine the HTML comments for sensitive information. ... - + <td valign="top" class="cc br bb"> @@ -25885,7 +25955,8 @@ Content-Type: text/html;charset=ISO-8859-1 <span id="_ctl0__ctl0_Content_Administration"> <br style="line-height: 10px;"/> <b>ADMINISTRATION</b> - <ul class="sidebar"> + <ul class="sidebar"> + ... @@ -26026,10 +26097,10 @@ Content-Type: text/html;charset=ISO-8859-1 </td> </tr> <tr> - <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr -... -... -... + <td colspan="2"><span id="_ctl0__ctl0_Content_Main_promo"><table width=590 border=0><tr><td><h2>Congratulations! </h2></td></tr +... +... +... @@ -26079,7 +26150,7 @@ Content-Type: text/html;charset=ISO-8859-1 Examine the HTML comments for sensitive information. ... - + <td valign="top" colspan="3" class="bb"> @@ -26099,7 +26170,8 @@ Content-Type: text/html;charset=ISO-8859-1 <td colspan=2> <table cellSpacing="0" cellPadding="1" width="100%" border="1"> <tr> - <th colSpan="2"> + <th colSpan="2"> + ... @@ -26238,9 +26310,9 @@ Content-Type: text/html;charset=ISO-8859-1 <tr> <th align="left" width="80%" height="26"> <form id="Form1" method="get" action="showAccount"> - <select size="1" name="listAccounts" id="listAccounts" -... -... + <select size="1" name="listAccounts" id="listAccounts" +... +... ... @@ -26290,7 +26362,7 @@ Content-Type: text/html;charset=ISO-8859-1 Examine the HTML comments for sensitive information. ... - + <option Value="Checking">Checking</option> <option Value="Savings" Selected>Savings</option> <option Value="IRA">IRA</option> @@ -26309,7 +26381,8 @@ Content-Type: text/html;charset=ISO-8859-1 <th> Users: </th> - <th> + <th> + ... @@ -26445,11 +26518,11 @@ Content-Type: text/html;charset=ISO-8859-1 } </script> - <!-- -... -... -... - + <!-- +... +... +... + <td><input type="submit" value="Add Account"></td> </tr> </form> @@ -26459,9 +26532,9 @@ Content-Type: text/html;charset=ISO-8859-1 <tr> <td colspan="4"><h2><br><br>Change user's password</h2></td> </tr> -... -... -... +... +... +... @@ -26511,7 +26584,7 @@ Content-Type: text/html;charset=ISO-8859-1 Manually check the problematic domain, and verify that it is indeed a non-exsistent domain ... - + <div class="fl" style="width: 99%;"> <h1>Benefits</h1> @@ -26530,7 +26603,8 @@ Content-Type: text/html;charset=ISO-8859-1 </ul> </li> - <li><b>Health Plans: </b> + <li><b>Health Plans: </b> + ... @@ -26635,11 +26709,11 @@ Content-Type: text/html;charset=ISO-8859-1 <li><a id="MenuHyperLink8" href="index.jsp?content=business_lending.htm">Lending Services</a></li> <li><a id="MenuHyperLink9" href="index.jsp?content=business_cards.htm">Cards</a></li> <li><a id="MenuHyperLink10" href="index.jsp?content=business_insurance.htm">Insurance</a></li> - <li>< -... -... -... - + <li>< +... +... +... + <ul> <li><b>Work/Life:</b> @@ -26649,9 +26723,9 @@ Content-Type: text/html;charset=ISO-8859-1 <li>Health Club Membership Discounts</li> <li>Company Discount Program</li> <li>Paid Vacations</li> -... -... -... +... +... +... @@ -26816,10 +26890,10 @@ Content-Type: text/html;charset=ISO-8859-1 <a id="CatLink3" class="subheader" href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a> <ul class="sidebar"> - <li><a id="MenuHyperLink13" href="index.jsp?content=inside -... -... -... + <li><a id="MenuHyperLink13" href="index.jsp?content=inside +... +... +... @@ -28190,30 +28264,30 @@ Content-Type: text/html;charset=ISO-8859-1 24 - - function setfocus() { - if (document.login.uid.value=="") { - document.login.uid.focus(); - } else { - document.login.passw.focus(); - } - } - - function confirminput(myform) { - if (myform.uid.value.length && myform.passw.value.length) { - return (true); - } else if (!(myform.uid.value.length)) { - myform.reset(); - myform.uid.focus(); - alert ("You must enter a valid username"); - return (false); - } else { - myform.passw.focus(); - alert ("You must enter a valid password"); - return (false); - } - } - window.onload = setfocus; + + function setfocus() { + if (document.login.uid.value=="") { + document.login.uid.focus(); + } else { + document.login.passw.focus(); + } + } + + function confirminput(myform) { + if (myform.uid.value.length && myform.passw.value.length) { + return (true); + } else if (!(myform.uid.value.length)) { + myform.reset(); + myform.uid.focus(); + alert ("You must enter a valid username"); + return (false); + } else { + myform.passw.focus(); + alert ("You must enter a valid password"); + return (false); + } + } + window.onload = setfocus; https://demo.testfire.net/login.jsp @@ -28230,36 +28304,36 @@ Content-Type: text/html;charset=ISO-8859-1 https://demo.testfire.net/index.jsp - - _uacct = "1234abc"; - urchinTracker(); + + _uacct = "1234abc"; + urchinTracker(); https://demo.testfire.net/index.jsp - - function confirmEmail(sEmail) { - var msg = null; - if (sEmail != "") { - var emailFilter=/^[\w\d\.\%-]+@[\w\d\.\%-]+\.\w{2,4}$/; - if (!(emailFilter.test(sEmail))) { - var illegalChars= /[^\w\d\.\%\-@]/; - if (sEmail.match(illegalChars)) { - msg = "Your email can only contain alphanumeric\ncharacters and the following: @.%-\n\n"; - } else { - msg = "Your email address does not appear to be valid. Please try again.\n\n"; - } - } - } else { - msg = "Please enter an email address.\n\n"; - } - if (msg != null) { - alert(msg); - return false; - } else { - return true; - } - } + + function confirmEmail(sEmail) { + var msg = null; + if (sEmail != "") { + var emailFilter=/^[\w\d\.\%-]+@[\w\d\.\%-]+\.\w{2,4}$/; + if (!(emailFilter.test(sEmail))) { + var illegalChars= /[^\w\d\.\%\-@]/; + if (sEmail.match(illegalChars)) { + msg = "Your email can only contain alphanumeric\ncharacters and the following: @.%-\n\n"; + } else { + msg = "Your email address does not appear to be valid. Please try again.\n\n"; + } + } + } else { + msg = "Please enter an email address.\n\n"; + } + if (msg != null) { + alert(msg); + return false; + } else { + return true; + } + } https://demo.testfire.net/subscribe.jsp @@ -28268,107 +28342,107 @@ Content-Type: text/html;charset=ISO-8859-1 https://demo.testfire.net/subscribe.jsp - -var xmlHttp = false; - - //http://www.ibm.com/developerworks/web/library/wa-ajaxintro1/index.html - /* Create a new XMLHttpRequest object to talk to the Web server */ - xmlHttp = false; - /*@cc_on @*/ - /*@if (@_jscript_version >= 5) - try { - xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); - } catch (e) { - try { - xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); - } catch (e2) { - xmlHttp = false; - } - } - @end @*/ - - - if (!xmlHttp && typeof XMLHttpRequest != 'undefined') { - xmlHttp = new XMLHttpRequest(); - } - -var sLastHostName=''; -function checkSiteStatus(sHostName) -{ - sLastHostName = sHostName; - //Make JSON request - xmlHttp.open("GET","util/serverStatusCheckService.jsp?HostName=" + sHostName); - xmlHttp.onreadystatechange = StateChangeForJSON; - xmlHttp.send(null); -} -function StateChangeForJSON() -{ - if(xmlHttp.readyState == 4 && xmlHttp.status == 200) - { - var jsonObj = eval('('+ xmlHttp.responseText + ')'); - var jsonFetchHostStatus = jsonObj["HostStatus"]; - var jsonFetchHostName=jsonObj["HostName"]; - //get JSON values and output - x=document.getElementById('FetchHostName'); - x.innerHTML=jsonFetchHostName; - x=document.getElementById('FetchHostStatus'); - x.innerHTML=jsonFetchHostStatus; - } - else if(xmlHttp.readyState == 4 && xmlHttp.status == 500) - { - x=document.getElementById('FetchHostName'); - x.innerHTML=sLastHostName; - x=document.getElementById('FetchHostStatus'); - x.innerHTML='The service returned an error. Please be patient while our administrators fix the issue.'; - } - else if(xmlHttp.readyState == 4 && xmlHttp.status == 404) - { - x=document.getElementById('FetchHostName'); - x.innerHTML=sLastHostName; - x=document.getElementById('FetchHostStatus'); - x.innerHTML='The service returned an error. The status service appears to not be available'; - } - else if(xmlHttp.readyState == 4 && xmlHttp.status == 401) - { - x=document.getElementById('FetchHostName'); - x.innerHTML=sLastHostName; - x=document.getElementById('FetchHostStatus'); - x.innerHTML='The service returned a 401 unauthorized error, indicating it was implemented incorrectly'; - } - else if(xmlHttp.readyState == 4 && xmlHttp.status == 302) - { - x=document.getElementById('FetchHostName'); - x.innerHTML=sLastHostName; - x=document.getElementById('FetchHostStatus'); - x.innerHTML='The service returned a 302 redirect, indicating it was implemented incorrectly'; - } -} - - + +var xmlHttp = false; + + //http://www.ibm.com/developerworks/web/library/wa-ajaxintro1/index.html + /* Create a new XMLHttpRequest object to talk to the Web server */ + xmlHttp = false; + /*@cc_on @*/ + /*@if (@_jscript_version >= 5) + try { + xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); + } catch (e) { + try { + xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); + } catch (e2) { + xmlHttp = false; + } + } + @end @*/ + + + if (!xmlHttp && typeof XMLHttpRequest != 'undefined') { + xmlHttp = new XMLHttpRequest(); + } + +var sLastHostName=''; +function checkSiteStatus(sHostName) +{ + sLastHostName = sHostName; + //Make JSON request + xmlHttp.open("GET","util/serverStatusCheckService.jsp?HostName=" + sHostName); + xmlHttp.onreadystatechange = StateChangeForJSON; + xmlHttp.send(null); +} +function StateChangeForJSON() +{ + if(xmlHttp.readyState == 4 && xmlHttp.status == 200) + { + var jsonObj = eval('('+ xmlHttp.responseText + ')'); + var jsonFetchHostStatus = jsonObj["HostStatus"]; + var jsonFetchHostName=jsonObj["HostName"]; + //get JSON values and output + x=document.getElementById('FetchHostName'); + x.innerHTML=jsonFetchHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML=jsonFetchHostStatus; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 500) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned an error. Please be patient while our administrators fix the issue.'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 404) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned an error. The status service appears to not be available'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 401) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned a 401 unauthorized error, indicating it was implemented incorrectly'; + } + else if(xmlHttp.readyState == 4 && xmlHttp.status == 302) + { + x=document.getElementById('FetchHostName'); + x.innerHTML=sLastHostName; + x=document.getElementById('FetchHostStatus'); + x.innerHTML='The service returned a 302 redirect, indicating it was implemented incorrectly'; + } +} + + https://demo.testfire.net/status_check.jsp - - window.onload = function() { - - // Build a system - const ui = SwaggerUIBundle({ - url: window.location.href.substr(0, window.location.href.lastIndexOf("\/") + 1) + "properties.json", - dom_id: '#swagger-ui', - deepLinking: true, - presets: [ - SwaggerUIBundle.presets.apis, - SwaggerUIStandalonePreset - ], - plugins: [ - SwaggerUIBundle.plugins.DownloadUrl - ], - layout: "StandaloneLayout" - }) - - window.ui = ui - } + + window.onload = function() { + + // Build a system + const ui = SwaggerUIBundle({ + url: window.location.href.substr(0, window.location.href.lastIndexOf("\/") + 1) + "properties.json", + dom_id: '#swagger-ui', + deepLinking: true, + presets: [ + SwaggerUIBundle.presets.apis, + SwaggerUIStandalonePreset + ], + plugins: [ + SwaggerUIBundle.plugins.DownloadUrl + ], + layout: "StandaloneLayout" + }) + + window.ui = ui + } https://demo.testfire.net/swagger/index.html @@ -28381,72 +28455,72 @@ function StateChangeForJSON() https://demo.testfire.net/swagger/swagger-ui-bundle.js - - function confirminput(myform) { - - if (myform.startDate.value != ""){ - var valid = false; - var splitStrings = myform.startDate.value.split("-"); - if (splitStrings.length == 3) { - var year = parseInt(splitStrings[0]); - var month = parseInt((splitStrings[1].charAt(0)==0 && splitStrings[1].length == 2)?splitStrings[1].charAt(1):splitStrings[1]); - var day = parseInt((splitStrings[2].charAt(0)==0 && splitStrings[2].length == 2)?splitStrings[2].charAt(1):splitStrings[2]); - - var validNums = !(isNaN(year) || isNaN(month) || isNaN(day)); - - if (validNums) - valid = validateDate(month, day, year); - } - - if (!valid){ - alert ("'After' date of " + myform.startDate.value + " is not valid."); - return false; - } - } - - if (myform.endDate.value != ""){ - var valid2 = false; - var splitStrings2 = myform.endDate.value.split("-"); - if (splitStrings2.length == 3) { - var year2 = parseInt(splitStrings2[0]); - var month2 = parseInt((splitStrings2[1].charAt(0)==0 && splitStrings2[1].length == 2)?splitStrings2[1].charAt(1):splitStrings2[1]); - var day2 = parseInt((splitStrings2[2].charAt(0)==0 && splitStrings2[2].length == 2)?splitStrings2[2].charAt(1):splitStrings2[2]); - - var validNums2 = !(isNaN(year2) || isNaN(month2) || isNaN(day2)); - - if (validNums2) - valid2 = validateDate(month2, day2, year2); - } - - if (!valid2){ - alert ("'Before' date of " + myform.endDate.value + " is not valid."); - return false; - } - } - return true; - } - - function validateDate(month, day, year){ - try { - var thisDate = new Date(); - var wrongMonth = month<1 || month>12; - var wrongDay = (day<1) || (day>31) || (day>30 && ((month==4)||(month==6)||(month==9)||(month==11))) || (day>29 && month==2 && (year%4==0) && (year%100!=0 || year%400==0)) || (day>28 && month==2 && ((year%4!=0) || (year%100==0 && year%400!=0))); - var wrongYear = year < 1990 || year > parseInt(thisDate.getFullYear()); - - var thisYear = parseInt(thisDate.getFullYear()); - var thisMonth = parseInt(thisDate.getMonth())+1; - var thisDay = parseInt(thisDate.getDate()); - var wrongDate = year==thisYear && ((thisMonth<month) || (thisMonth==month && thisDay<(day-1))); - - if (wrongMonth ||wrongDay || wrongYear || wrongDate) - return false; - - } catch (error){ - return false; - } - - return true; - } + + function confirminput(myform) { + + if (myform.startDate.value != ""){ + var valid = false; + var splitStrings = myform.startDate.value.split("-"); + if (splitStrings.length == 3) { + var year = parseInt(splitStrings[0]); + var month = parseInt((splitStrings[1].charAt(0)==0 && splitStrings[1].length == 2)?splitStrings[1].charAt(1):splitStrings[1]); + var day = parseInt((splitStrings[2].charAt(0)==0 && splitStrings[2].length == 2)?splitStrings[2].charAt(1):splitStrings[2]); + + var validNums = !(isNaN(year) || isNaN(month) || isNaN(day)); + + if (validNums) + valid = validateDate(month, day, year); + } + + if (!valid){ + alert ("'After' date of " + myform.startDate.value + " is not valid."); + return false; + } + } + + if (myform.endDate.value != ""){ + var valid2 = false; + var splitStrings2 = myform.endDate.value.split("-"); + if (splitStrings2.length == 3) { + var year2 = parseInt(splitStrings2[0]); + var month2 = parseInt((splitStrings2[1].charAt(0)==0 && splitStrings2[1].length == 2)?splitStrings2[1].charAt(1):splitStrings2[1]); + var day2 = parseInt((splitStrings2[2].charAt(0)==0 && splitStrings2[2].length == 2)?splitStrings2[2].charAt(1):splitStrings2[2]); + + var validNums2 = !(isNaN(year2) || isNaN(month2) || isNaN(day2)); + + if (validNums2) + valid2 = validateDate(month2, day2, year2); + } + + if (!valid2){ + alert ("'Before' date of " + myform.endDate.value + " is not valid."); + return false; + } + } + return true; + } + + function validateDate(month, day, year){ + try { + var thisDate = new Date(); + var wrongMonth = month<1 || month>12; + var wrongDay = (day<1) || (day>31) || (day>30 && ((month==4)||(month==6)||(month==9)||(month==11))) || (day>29 && month==2 && (year%4==0) && (year%100!=0 || year%400==0)) || (day>28 && month==2 && ((year%4!=0) || (year%100==0 && year%400!=0))); + var wrongYear = year < 1990 || year > parseInt(thisDate.getFullYear()); + + var thisYear = parseInt(thisDate.getFullYear()); + var thisMonth = parseInt(thisDate.getMonth())+1; + var thisDay = parseInt(thisDate.getDate()); + var wrongDate = year==thisYear && ((thisMonth<month) || (thisMonth==month && thisDay<(day-1))); + + if (wrongMonth ||wrongDay || wrongYear || wrongDate) + return false; + + } catch (error){ + return false; + } + + return true; + } https://demo.testfire.net/bank/transaction.jsp @@ -28455,25 +28529,25 @@ function StateChangeForJSON() https://demo.testfire.net/bank/transaction.jsp - - - function confirminput(myform) { - var dbt=document.getElementById("fromAccount").value; - var cdt=document.getElementById("toAccount").value; - var amt=document.getElementById("transferAmount").value; - - if (dbt == cdt) { - alert("From Account and To Account fields cannot be the same."); - return false; - } - else if (!(amt > 0)){ - alert("Transfer Amount must be a number greater than 0."); - return false; - } - - return true; - } - + + + function confirminput(myform) { + var dbt=document.getElementById("fromAccount").value; + var cdt=document.getElementById("toAccount").value; + var amt=document.getElementById("transferAmount").value; + + if (dbt == cdt) { + alert("From Account and To Account fields cannot be the same."); + return false; + } + else if (!(amt > 0)){ + alert("Transfer Amount must be a number greater than 0."); + return false; + } + + return true; + } + https://demo.testfire.net/bank/transfer.jsp @@ -28482,24 +28556,24 @@ function StateChangeForJSON() https://demo.testfire.net/bank/transfer.jsp - - - function confirmpass(myform) - { - if (myform.password1.value.length && (myform.password1.value==myform.password2.value)) - { - return true; - } - else - { - myform.password1.value=""; - myform.password2.value=""; - myform.password1.focus(); - alert ("Passwords do not match"); - return false; - } - - } + + + function confirmpass(myform) + { + if (myform.password1.value.length && (myform.password1.value==myform.password2.value)) + { + return true; + } + else + { + myform.password1.value=""; + myform.password2.value=""; + myform.password1.focus(); + alert ("Passwords do not match"); + return false; + } + + } https://demo.testfire.net/admin/admin.jsp @@ -28508,35 +28582,35 @@ function StateChangeForJSON() https://demo.testfire.net/admin/admin.jsp - - - function go() { - var iPos = document.URL.indexOf("url=")+4; - var sDst = document.URL.substring(iPos,document.URL.length); - if (window.opener) { - window.opener.location.href = sDst; - cl(); - } else { - window.location.href = sDst; - } - } - - function cl() { - window.close(); - } - - var iPos = document.URL.indexOf("url=")+4; - var sDst = document.URL.substring(iPos,document.URL.length); - // if redirection is in the application's domain, don't ask for authorization - if ( sDst.indexOf("http") == 0 && sDst.indexOf(document.location.hostname) != -1 ) { - if (window.opener) { - window.opener.location.href = "http" + sDst.substring(4); - cl(); - } else { - window.location.href = "http" + sDst.substring(4); - } - } - + + + function go() { + var iPos = document.URL.indexOf("url=")+4; + var sDst = document.URL.substring(iPos,document.URL.length); + if (window.opener) { + window.opener.location.href = sDst; + cl(); + } else { + window.location.href = sDst; + } + } + + function cl() { + window.close(); + } + + var iPos = document.URL.indexOf("url=")+4; + var sDst = document.URL.substring(iPos,document.URL.length); + // if redirection is in the application's domain, don't ask for authorization + if ( sDst.indexOf("http") == 0 && sDst.indexOf(document.location.hostname) != -1 ) { + if (window.opener) { + window.opener.location.href = "http" + sDst.substring(4); + cl(); + } else { + window.location.href = "http" + sDst.substring(4); + } + } + https://demo.testfire.net/disclaimer.htm @@ -28553,61 +28627,61 @@ function StateChangeForJSON() https://demo.testfire.net/disclaimer.htm - - -var jobs = { - "Administration":{"ExecutiveAssistant":"jobs/20061023.htm"}, - "ConsumaerBanking":{"Teller":"jobs/20061019.htm"}, - "CustomerService":{"CustomerServiceRepresentative":"jobs/20061026.htm"}, - "Marketing":{"LoyaltyMarketingProgramManager":"jobs/20061025.htm"}, - "RiskManagement":{"OperationalRiskManager":"jobs/20061027.htm"}, - "Sales":{"MortgageLendingAccountExecutive":"jobs/20061024.htm"} -}; - -function loadPage() { - if (document.location.hash == "#alljobs") { - document.location.hash = ""; - return; - } - /* check if job parameter exists */ - var job = getParameter("job"); - if (job && job.length > 0) { - var sp = job.split(':'); - if (sp.length == 2 && jobs[sp[1]] && jobs[sp[1]] != "") { - /* check if job exists */ - if (jobs[sp[1]][sp[0]] && jobs[sp[1]][sp[0]] != "") { - document.location.href = "index.jsp?content="+jobs[sp[1]][sp[0]]; - } else { - /* tell the user the job isn't open anymore */ - document.write("<h2 style='color:#ff0000'>We're sorry, but it appears the position for " + sp[0] + " in group " + sp[1] + " is not open anymore</h2>"); - } - } - } -} - -function getParameter(name) { - var searchStr = document.location.search.substring(1); - var params = searchStr.split('&'); - for (var i=0; i < params.length; i++) { - nv = params[i].split('='); - if (nv.length == 2 && nv[0] == name) { - return nv[1]; - } - } - return ""; -} - -function sethash() { - document.location.hash = "alljobs"; -} - -/* set IE to go back to orig page when pressing the back command in teh next page */ -if (navigator.appName == 'Microsoft Internet Explorer') { - window.onbeforeunload=sethash; -} - -window.onload = loadPage; - + + +var jobs = { + "Administration":{"ExecutiveAssistant":"jobs/20061023.htm"}, + "ConsumaerBanking":{"Teller":"jobs/20061019.htm"}, + "CustomerService":{"CustomerServiceRepresentative":"jobs/20061026.htm"}, + "Marketing":{"LoyaltyMarketingProgramManager":"jobs/20061025.htm"}, + "RiskManagement":{"OperationalRiskManager":"jobs/20061027.htm"}, + "Sales":{"MortgageLendingAccountExecutive":"jobs/20061024.htm"} +}; + +function loadPage() { + if (document.location.hash == "#alljobs") { + document.location.hash = ""; + return; + } + /* check if job parameter exists */ + var job = getParameter("job"); + if (job && job.length > 0) { + var sp = job.split(':'); + if (sp.length == 2 && jobs[sp[1]] && jobs[sp[1]] != "") { + /* check if job exists */ + if (jobs[sp[1]][sp[0]] && jobs[sp[1]][sp[0]] != "") { + document.location.href = "index.jsp?content="+jobs[sp[1]][sp[0]]; + } else { + /* tell the user the job isn't open anymore */ + document.write("<h2 style='color:#ff0000'>We're sorry, but it appears the position for " + sp[0] + " in group " + sp[1] + " is not open anymore</h2>"); + } + } + } +} + +function getParameter(name) { + var searchStr = document.location.search.substring(1); + var params = searchStr.split('&'); + for (var i=0; i < params.length; i++) { + nv = params[i].split('='); + if (nv.length == 2 && nv[0] == name) { + return nv[1]; + } + } + return ""; +} + +function sethash() { + document.location.hash = "alljobs"; +} + +/* set IE to go back to orig page when pressing the back command in teh next page */ +if (navigator.appName == 'Microsoft Internet Explorer') { + window.onbeforeunload=sethash; +} + +window.onload = loadPage; + https://demo.testfire.net/index.jsp diff --git a/unittests/scans/intsights/intsights_zero_vul.json b/unittests/scans/intsights/intsights_zero_vuln.json similarity index 100% rename from unittests/scans/intsights/intsights_zero_vul.json rename to unittests/scans/intsights/intsights_zero_vuln.json diff --git a/unittests/scans/jfrog_xray_api_summary_artifact/malformed_cvssv3.json b/unittests/scans/jfrog_xray_api_summary_artifact/malformed_cvssv3.json new file mode 100644 index 00000000000..d7544233e58 --- /dev/null +++ b/unittests/scans/jfrog_xray_api_summary_artifact/malformed_cvssv3.json @@ -0,0 +1,47 @@ +{ + "artifacts": [ + { + "general": { + "name": "artifact1:1.0", + "component_id": "artifact1:1.0", + "pkg_type": "Docker", + "path": "artifact_path/artifact1/1.0/", + "sha256": "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468" + }, + "issues": [ + { + "issue_id": "XRAY-523195", + "summary": "Okio GzipSource unhandled exception Denial of Service", + "description": "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.", + "issue_type": "security", + "severity": "Medium", + "provider": "JFrog", + "cves": [ + { "cve": "CVE-2023-3635", "cwe": ["CWE-195"], "cvss_v3": "5.9" } + ], + "created": "2023-06-12T00:00:00.585Z", + "impact_path": [ + "default/local/com.evel.corp/snoop/2023.2.1-build00008-j8uwlfh3728dj2h16dk9f1f93/deployments/main.jar/BOOT-INF/lib/okio-jvm-2.8.0.jar" + ] + } + ], + "licenses": [ + { + "name": "OpenSSL", + "full_name": "OpenSSL LICENSE", + "more_info_url": [ + "https://spdx.org/licenses/OpenSSL.html", + "http://www.openssl.org/source/license.html", + "https://www.openssl.org/source/license.html", + "https://spdx.org/licenses/OpenSSL" + ], + "components": [ + "alpine://3.12:libcrypto1.1:1.1.1k-r0", + "alpine://3.12:libssl1.1:1.1.1k-r0", + "alpine://3.12:openssl:1.1.1k-r0" + ] + } + ] + } + ] +} diff --git a/unittests/scans/jfrog_xray_api_summary_artifact/many_vulns.json b/unittests/scans/jfrog_xray_api_summary_artifact/many_vulns.json new file mode 100644 index 00000000000..429f55cb38a --- /dev/null +++ b/unittests/scans/jfrog_xray_api_summary_artifact/many_vulns.json @@ -0,0 +1,325 @@ +{ + "artifacts": [{ + "general": { + "name": "artifact1:1.0", + "component_id": "artifact1:1.0", + "pkg_type": "Docker", + "path": "artifact_path/artifact1/1.0/", + "sha256": "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468" + }, + "issues": [{ + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42385", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.412Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20"] + }, { + "summary": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", + "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", + "issue_type": "security", + "severity": "Critical", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-3711", + "cwe": ["CWE-120"], + "cvss_v2": "7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "cvss_v3": "9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-08-25T00:00:00.649Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:libcrypto1.1:1.1.1k-r0", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:libssl1.1:1.1.1k-r0", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:openssl:1.1.1k-r0"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42381", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.439Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42380", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.907Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.", + "description": "A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.", + "issue_type": "security", + "severity": "Medium", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42376", + "cwe": ["CWE-476"], + "cvss_v2": "1.9/CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P", + "cvss_v3": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "created": "2021-11-18T00:00:00.346Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that", + "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that", + "issue_type": "security", + "severity": "Medium", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42374", + "cwe": ["CWE-125"], + "cvss_v2": "3.3/CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:P", + "cvss_v3": "5.3/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" + } + ], + "created": "2021-11-18T00:00:00.781Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", + "description": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-39537", + "cwe": ["CWE-787"], + "cvss_v2": "6.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "cvss_v3": "8.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-10-11T00:00:00.115Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:ncurses-terminfo-base:6.2_p20200523-r0", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:ncurses-libs:6.2_p20200523-r0"] + }, { + "summary": "OpenSSL crypto/evp/e_aes.c aes_xts_cipher() Function Improper Key Handling Chosen Ciphertext Content Manipulation Weakness", + "description": "OpenSSL contains a flaw in the aes_xts_cipher() function in crypto/evp/e_aes.c that is triggered as the function did not enforce usage of two identical keys. This may allow a context-dependent attacker to conduct a chosen ciphertext attack and potentially manipulate ciphertext that results in plaintext blocks containing arbitrary, attacker-controlled values.", + "issue_type": "security", + "severity": "Low", + "provider": "JFrog", + "cves": [{ + "cvss_v2": "2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N" + } + ], + "created": "2020-09-09T00:00:00.121Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:openssl:1.1.1k-r0"] + }, { + "summary": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such", + "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-3712", + "cwe": ["CWE-125"], + "cvss_v2": "5.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P", + "cvss_v3": "7.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" + } + ], + "created": "2021-08-25T00:00:00.038Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:openssl:1.1.1k-r0", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:libcrypto1.1:1.1.1k-r0", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:libssl1.1:1.1.1k-r0"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42384", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.033Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42379", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.381Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42386", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.937Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42378", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.850Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "summary": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function", + "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function", + "issue_type": "security", + "severity": "High", + "provider": "JFrog", + "cves": [{ + "cve": "CVE-2021-42382", + "cwe": ["CWE-416"], + "cvss_v2": "6.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3": "7.2/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2021-11-18T00:00:00.970Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:busybox:1.31.1-r20", "default/component/open-liberty/21.0.0.3-1-full-alpine-java8-openj9/sha256__339de151aab4bc06eed8409daae147c408478cb538dacb90cc63f19ad4eba80b.tar.gz/3.12:ssl_client:1.31.1-r20"] + }, { + "issue_id": "XRAY-124116", + "summary": "OpenSSL crypto/rc5/rc5_skey.c RC5_32_set_key() Function Key Initialization Stack Buffer Overflow", + "description": "OpenSSL contains an overflow condition in the RC5_32_set_key() function in crypto/rc5/rc5_skey.c that is triggered as certain input is not properly validated when initializing encryption or decryption keys. This may allow a context-dependent attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.", + "issue_type": "security", + "severity": "Critical", + "provider": "JFrog", + "cves": [{ + "cvss_v2": "9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C", + "cvss_v3": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2020-09-09T00:00:00.937Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:openssl:1.1.1k-r0"] + } + ], + "licenses": [{ + "name": "https://javaee.github.io/javamail/LICENSE", + "components": ["gav://dev:com.ibm.ws.com.sun.mail.javax.mail.1.5:1.5.50.cl210320210309-1101", "gav://dev:com.ibm.ws.com.sun.mail.javax.mail.1.6:1.6.50.cl210320210309-1101"] + }, { + "name": "Unknown", + "full_name": "Unknown license", + "more_info_url": ["Unknown link"], + "components": ["generic://sha256:3666f307a676edf9b0f9a6d0c5c672edc99f731ea3494c0b43dc87ca48bd4702/com.ibm.ws.ejbcontainer.async_1.0.50.jar", "generic://sha256:bb18478bdfccfa0346e8c5cce05b6b4879c8974ee0368ca953b1885f1f943223/com.ibm.ws.cdi.client_1.0.50.jar", "generic://sha256:dacec86f04e8a4d16f4cac7514550b060d3528303c01c0f9dcc8e04fbccb6c6c/io.openliberty.microprofile.metrics.internal.private_1.0.50.jar", "generic://sha256:e34d86b487693d14d1ffd405887c76ac56e375151a19611993a8914eca73fcf3/com.ibm.ws.artifact.bundle_1.0.50.jar", "generic://sha256:d0aa16854798da47f20732af0f774f1b64195a8ea7517a67032b86ef1cf3380c/com.ibm.ws.jsfContainer.classloading.2.2_1.0.50.jar", "generic://sha256:429d605988556807e33dfa83dc2c01cb7e9068341d4bacd3ce4f702ea5ce0023/com.ibm.ws.request.probes_1.0.50.jar", "generic://sha256:c7c2e99b9c234030f7553a523d3349004c2cd95e7b52a95d9edbff7d96870e7f/com.ibm.ws.jaxws.web_1.0.50.jar", "generic://sha256:75b91c420f4f26b618d39027978fe42f7670f0ae00113595186a810336cfde85/com.ibm.ws.jaxws.tools.2.2.10_1.0.50.jar", "generic://sha256:6a5e1a9cf59ad6537fc052c766ebabf996b3c948a068967870c54b53f23042c7/com.ibm.ws.security.openidconnect.common_1.0.50.jar", "generic://sha256:83b53aa142d1683fea6fa8b5cec825c586b2915514062281e7eca14dcc802975/com.ibm.ws.app.manager.war_1.0.50.jar", "generic://sha256:0c50752a18a2b220fce2c030242a3041caeba3d60d86c1ecd1bc8b03d1df20ff/com.ibm.websphere.javaee.validation.2.0_1.0.50.jar", "generic://sha256:c9949cd9105f6fe6c3c10d64d157702287115777f9751a3ff2e8c4d2758a997f/com.ibm.ws.microprofile.reactive.messaging.kafka_1.0.50.jar", "generic://sha256:ab4f9d7aaa26b5f0c9e491c826c8ef46052411b9cab3d1b9fcdda814cb6a41b2/com.ibm.ws.org.apache.cxf.cxf.rt.rs.sse.3.2_1.0.50.jar", "generic://sha256:20ef8d5cea33a04e352b7532a86d28dcf2a5c70ce91532f7fadf69b9bc027b1f/com.ibm.ws.artifact.zip_1.0.50.jar", "generic://sha256:666a74e54db38daffd513c25af3567a1b6cf3ad0081d0f86e181b12d618ef841/com.ibm.ws.security.authorization.jacc.web_1.0.50.jar", "generic://sha256:25185e77f0f20edd5bb90b345cde2cad992e9b43613d9908dd972995223c7477/com.ibm.websphere.javaee.persistence.2.2_1.0.50.jar", "generic://sha256:0dbd7b52bf18c00d37828dfdaa2b3b949f400ebcd03f074411ebe1ec2c2f35aa/com.ibm.ws.security.authorization.util_1.0.50.jar", "generic://sha256:e96026820636b4e1d68737fb9e1ec3c57de4bc219489e9ed03c1537a7b59212c/com.ibm.ws.io.smallrye.graphql_1.0.50.jar", "generic://sha256:1dbb2d3ae3a3c313e386908d81dd2ed58b159cdf6566c56dab8b3a1650bab23a/com.ibm.ws.org.apache.cxf.cxf.rt.rs.client.3.2_1.0.50.jar", "generic://sha256:13b13a3598ef5fa3959a257caaba0f95e6dac09dc4b487c59110a8facc8f0015/com.ibm.ws.jaxrs.2.0.security_1.0.50.jar", "generic://sha256:626bc6ffd1962a069d580bf0008788caed43fcc71395480c2997b0f865ee5526/com.ibm.ws.jbatch.rest_1.0.50.jar", "generic://sha256:23eb4e51ba6c7f7b7420206e998241d2dc16fa17b31321a6b4228885848fd651/com.ibm.ws.security.token.ltpa_1.0.50.jar", "generic://sha256:de7a41ab34d9ccee80fa38afa99fac03860ca89fc81c419682f20bee16c71db1/com.ibm.ws.jpa.container.v22_1.0.50.jar", "generic://sha256:667ecd2462b7850a440ee7e5c5b53cf1e16173b139637eb7cf7f789bdcdb45c3/com.ibm.ws.cloudant_1.0.50.jar", "generic://sha256:729dcb6f3cd18ea28e133804e772b3c183aebced010efc1991bda929d0fc0a32/com.ibm.websphere.org.eclipse.microprofile.metrics.1.0_1.0.50.jar", "generic://sha256:5ca75aa7a763961547ac6e563c2a44068bf11ac0372ffb7d8ae6093e4a0af076/com.ibm.ws.jaxrs.2.1.common_1.0.50.jar", "generic://sha256:8c8134bffb0ad3f9d7584cc67e5335df4c6c77e887705ae229498f3691a592be/com.ibm.ws.opentracing.1.2_1.0.50.jar", "generic://sha256:93b21eff1684bccd63726e5439e7ca4363725401b678bc7583c4c5b70fc28523/com.ibm.ws.timer_1.0.50.jar", "generic://sha256:dcddf4e7c82b680758a16805d7f43ca9375f152a4a6d2e242ce922641b3503a3/com.ibm.ws.wsoc_1.0.50.jar", "generic://sha256:d16aea2779c80c18a2babeb24c67498e065deb22a25c0e2db47c807bc416eb9b/com.ibm.ws.concurrent.persistent_1.0.50.jar", "generic://sha256:f698d876bc21c96e3c12f820fa8f1a2e15f53786617370146d16baf957d078aa/com.ibm.ws.org.jboss.jandex_1.0.50.jar", "generic://sha256:b00e5f878c46de5d3deefdeb5dedd8b60e9c5af03a43541b68290b65b6b40b12/com.ibm.ws.org.apache.commons.discovery.0.2_1.0.50.jar", "generic://sha256:0f14354c102e638033c8d63e6ed3f435e005721604404d17a580eb2dc0574bf1/com.ibm.ws.security.wim.adapter.ldap_1.0.50.jar", "generic://sha256:1f62f381f668ebfc300f079bbacd3f3e1393121b1e461aedabdb563bccf6d98e/com.ibm.websphere.javaee.jaxrs.2.0_1.0.50.jar", "generic://sha256:d500a9774d73067977ed845a3a587495235417420084e2b4a9ce400059cb0cf7/com.ibm.ws.webcontainer.cors_1.0.50.jar", "generic://sha256:cf367cf30ef9929c224fc2b86fd8c8069f6c720d737c53ed1723aba2caf32533/com.ibm.ws.request.interrupt_1.0.50.jar", "generic://sha256:1dd00c4b1acb93a9fbb209bca266ad52deb3f6988594742210d2d55b86ed749a/com.ibm.websphere.javaee.security.1.0_1.0.50.jar", "generic://sha256:cdf0ed733ab30ac4aa5056258e6b1878ef63b8cee0b9119b1322607b8ad4effd/com.ibm.ws.microprofile.openapi.ui_1.0.50.jar", "generic://sha256:c77727310e8dd2da8c4b14b2f2bd744df21ed71cb56dbb2479f9fb5bdbc5d863/com.ibm.ws.wssecurity.saml_1.0.50.jar", "generic://sha256:1800adc5f17125c941ecdaeefcf40d27ed5e7863dc005c4d0c9f3e71ed8efe16/com.ibm.ws.security.auth.data_1.0.50.jar", "generic://sha256:faac0d8004c47b3dec7f92c5db33391a7eb03c9f3e3df414dc1f7d816299506e/ws-xjc.jar", "generic://sha256:9fad5234c27869c472fcc49b46cb5391a6f7f937d720979fef4288ed47ad8a2e/com.ibm.ws.sipcontainer.security_1.0.50.jar", "generic://sha256:0faec57b2d0d6a5a7eca51491a06c74ab3cfaf8b82793c5296b56ed89fae08c6/ws-schemagen.jar", "gav://dev:com.ibm.ws.org.apache.cxf.ws.security.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:79000ae3a0d4580e6afd585efbe70a347a570a09ec36e3fc91a22a540611e75f/com.ibm.ws.security.mp.jwt.propagation_1.0.50.jar", "generic://sha256:da1b29d3dd431f290d78f6870bddcaafbea895d406b3c204676217f883b3ea3c/com.ibm.ws.security.openidconnect.server_1.0.50.jar", "generic://sha256:c9110213168f133416019e4947fbdd19469a8e8bc51d94558303405b4e3b1a04/com.ibm.ws.messaging.jms.2.0_2.0.50.jar", "generic://sha256:5c53b1008904cefe52c036a64cada980ba45b6bac92620ea65beb5432d2bf437/com.ibm.ws.microprofile.metrics.cdi.2.0_1.0.50.jar", "generic://sha256:ff3ae5ab7c87cd0e51fde7fea5f80fb0f7eb54d06e57afa83b5c1f01385c2b82/com.ibm.ws.beanvalidation.v20_1.0.50.jar", "generic://sha256:5c872250228e3d0332e057cc7062c65655e9b389a3dda549d3f37ce7016681a1/com.ibm.ws.openapi.3.1_1.0.50.jar", "generic://sha256:fa159753281a7b762f482f81dd00789d4dfc2f8ccdb77b12d2b085cc23b85c7c/com.ibm.ws.opentracing.1.2.cdi_1.2.50.jar", "generic://sha256:3328e9c47325fe6fe1cc030ea7bf52ac5fa832b5424330cd85a224185b5f743a/com.ibm.ws.ejbcontainer.management.j2ee_1.0.50.jar", "generic://sha256:835a09ec881c7ed66f807d0d23a92f830b40aac884ca5528545591a5769ea116/com.ibm.ws.sipcontainer.servlet.3.1_1.0.50.jar", "generic://sha256:325898e0f4726a0addaa96f9c2205fd297dd3d83f9038fb2f094d68b1915307e/com.ibm.tx.util_1.0.50.jar", "generic://sha256:e84c7097c6f5a1160da91dd6769c8e31f41ed3b5c4eeee1eb61787c5e1782254/com.ibm.ws.config.ext_1.0.50.jar", "generic://sha256:41da3d866a5b9d3cfc27fe1f44f8e1107e8b1216579fca8d82f60bdb3bedefe1/com.ibm.ws.jbatch.cdi_1.0.50.jar", "generic://sha256:07ca54fc0a20444efa211e4fbb1360588f1116ba8c7daebd53d856c4574a9c7e/com.ibm.ws.wsat.webclient_1.0.50.jar", "generic://sha256:0ddc54274ca262ea63e71183ffc0f2c9744c6e5cb601119e230db421990a4682/com.ibm.ws.concurrent_1.0.50.jar", "generic://sha256:13d643afd3ccfd56c258ffe42c6d84ab2b5006776236f58f927b8bd69a8aeff8/com.ibm.ws.webcontainer_1.1.50.jar", "generic://sha256:db567315be9d213f3e792a9661e956e87219353b787187d167c868a108bcda43/com.ibm.ws.security.spnego_1.0.50.jar", "generic://sha256:7ff4f74e714786862367c69f658393fda321a3cb3dc615703823c9fb540408e9/io.openliberty.io.grpc.1.0_1.0.50.jar", "generic://sha256:e642eb6030b35b6ec3cda2f0a41fe134d17d949c155d9ac759506d7ebb5ce080/com.ibm.ws.ejbcontainer.v32_1.0.50.jar", "generic://sha256:b812f5ae8184f2b6a280661765839595da9c630ebc52a8b96b03e2aa852c64ea/com.ibm.ws.security.openidconnect.client_1.0.50.jar", "generic://sha256:ab919d6fe1b035f6572d066eb585d676dabb36377b10cb2eab35dc3daed704d5/com.ibm.websphere.org.eclipse.microprofile.metrics.2.0_1.0.50.jar", "generic://sha256:2984b01970e1168eb7fc1c0d914d5acc8bdd0d8c8c00e0e6f109156327f0eff3/io.openliberty.microprofile.opentracing.2.0.internal_1.0.50.jar", "generic://sha256:092a65581b72ec8caacd63c1f9c1929e3bec9c657babb051a7af4dbee871b043/com.ibm.ws.security.authentication.builtin_1.0.50.jar", "generic://sha256:71b1a077bc48edd98edce656a5ac9bcb17bd62418605aec2c3df3346d3a267c6/com.ibm.ws.javamail_1.5.50.jar", "generic://sha256:adb8fea611c93423663eb3b4660ade0db715365fdded0ad2326da70fbd20f091/io.openliberty.io.smallrye.openapi.core_1.0.50.jar", "generic://sha256:e2e15c6ad25083ff354bb2681e0de3eb6164fd7d6b841109b0a851a8ce29c5a0/io.openliberty.io.opentracing.opentracing-util.0.33.0_1.0.50.jar", "generic://sha256:952b75662412a596c51ab131a6892babb32d9870ae15ada389d2ec3890f30e64/com.ibm.ws.jmx_1.0.50.jar", "generic://sha256:6c7dab743a17fbc419e27c9b400cb4c0036eb54c8c2ed28a0909661d751a6d64/com.ibm.ws.webservices.handler_1.0.50.jar", "generic://sha256:4e033059348ee616ac57ebc390fcb1627d5b3c10db5f8a4c3958e4522cf615a1/com.ibm.tx.jta_1.0.50.jar", "generic://sha256:4f0f3edda08cfb661f946dafc994e07302c21cb9956584841aa75633bf25ea04/com.ibm.ws.jca.utils_1.0.50.jar", "generic://sha256:4f51c56c7d34707180d81a3d20e3d7b2c3b9e4f67cc782560065e63fe7db1e14/com.ibm.ws.security.wim.registry_1.0.50.jar", "generic://sha256:f8359483892796e44c57b39cbe03bc4b551a72ec8d5d958e1798c9b522479bfd/com.ibm.ws.javaee.ddmodel.wsbnd_1.0.50.jar", "generic://sha256:6ef80136e07e7fce69a174b491e8472e9fe949d637b8557cfe9e37a20104ddc9/com.ibm.ws.security.token_1.0.50.jar", "generic://sha256:f38adc8d9f74c2894145ad0721d1704d4f095c1447263bfc681bee4be5212be2/io.openliberty.grpc.1.0.internal.monitor_1.0.50.jar", "generic://sha256:53c2bc23f37b97a2e58970630ab56109de49852e03f593057f4faff7223a3717/com.ibm.ws.jdbc.4.0.feature_1.0.50.jar", "generic://sha256:74abdc59fd07d568e880da1ce86a2a6e74fd06247f5248259eeef8c01425279a/com.ibm.ws.security.audit.source_1.0.50.jar", "generic://sha256:bb748c770cb49124007b5a3755f6abc20e89167cb6d7be382b826dbe19338809/com.ibm.ws.microprofile.config.1.1_2.0.50.jar", "generic://sha256:f64b17568e5cac6594080450ea31334c10b7b56e22b0351e2a62588e213cd2f5/com.ibm.ws.microprofile.metrics.1.0_1.0.50.jar", "generic://sha256:a17f53d05513bf39bc347ffb1e40325532451e39a60d44c6b86e204e42d0e31f/com.ibm.ws.webcontainer.security.feature_1.0.50.jar", "generic://sha256:58c78da3bc2c4a22395cd479f28d3f5705ac1d1bc7a70be83091bdc9b001cd27/com.ibm.ws.jpa.container.eclipselink_1.0.50.jar", "generic://sha256:9fd6cd651d91c6eecda8fa3777c6076d2e572585f08512e0af1d2e0466d62593/com.ibm.ws.microprofile.opentracing_1.0.50.jar", "generic://sha256:460bcb488d7cb921885fc1ff86a2d6064a64727e2f31634d85d66ccd24900bc9/com.ibm.ws.microprofile.config.1.4_1.0.50.jar", "generic://sha256:385a761a7332ac35874090194465cdbc7f62a4df95d566e9dc868034c68211d1/local_policy.jar", "generic://sha256:b53ae4486ae5c82ff29e2669773a9c744c2cc7de047ecc95be95d54fc37c59a6/com.ibm.websphere.javaee.connector.1.7_1.0.50.jar", "generic://sha256:ea777c89dbaf556c4bba9eb912906a44f094ecbd5237c062eadb872acff89922/com.ibm.websphere.javaee.batch.1.0_1.0.50.jar", "generic://sha256:461fc1545a01221c9d5af09e332e4f50f9cc4cf25bc65c8d400eca8c80a31830/com.ibm.ws.jpa.container.beanvalidation.1.1_1.0.50.jar", "generic://sha256:a7592b34e6c191c27b8f645d5f42ec1383894b7ce51f6e8a65f8f4e6fb433dc3/com.ibm.ws.cdi.jndi_1.0.50.jar", "generic://sha256:e24f96a99163b62a9f708c2a4c3d8027844fa890a95ffd423077ff4a89d2968f/com.ibm.ws.security.social_1.0.50.jar", "generic://sha256:36bab6e8431ed1457a7aa0b48f85bbea8ec317e0f4d2c79a8cc8518b2d015ec6/resources.jar", "generic://sha256:f8b6488b74679c4ea7c7fb00830adeacec35a39d8aa68ac9b46a513103b6e9ef/traceformat.jar", "generic://sha256:5dbccba6cb5ae201d33f7fa10fa8ab29e7c511c8d2fecf50a90506b85711ee3f/com.ibm.ws.security.mp.jwt.proxy_1.0.50.jar", "generic://sha256:9adcdd653f6ce081708663a8cdbf0dcb8f0201b341c1d2974d16cbd224ec5799/com.ibm.ws.jmx.connector.local_1.0.50.jar", "generic://sha256:d221286bf9233efe106ce36d026f48dacc6612d986d683f88e7c2b65e89d3b49/com.ibm.ws.wssecurity_1.0.50.jar", "generic://sha256:24cba04a06853d92442ed789a95de3c92756fc8a141263be3a8ad4a518dc72a9/com.ibm.ws.opentracing.cdi_1.0.50.jar", "generic://sha256:553245a68af5c1526001410d60112cf3a196fc71bfbfb4eca324f33fbbcae181/com.ibm.ws.ejbcontainer_1.0.50.jar", "generic://sha256:d9759d8b6044ca9251c068caf4a9bbaeb5436d809a61ff129c9bcc4c8d0338a5/com.ibm.ws.transaction.management_1.0.50.jar", "generic://sha256:2d9315f945ba21441bccc26c8b595adc97f25e3ba6e14072a1eb18c15f03a874/com.ibm.ws.org.objectweb.asm_1.0.50.jar", "generic://sha256:e163bcad826ceb399f57ab7ed1db5e6986fda31f759dc9432584a634a515579e/com.ibm.ws.wsat.common_1.0.50.jar", "generic://sha256:27d191d4b33a22b974248e3abbc7efb4cc97eaa070ff5ab2020bf5e12e58084b/com.ibm.ws.microprofile.metrics.monitor_1.0.50.jar", "generic://sha256:f932fac06396fb338db069a94c9b1310dac4017b44c6ace236ae38655c655827/com.ibm.ws.jsonb.service_1.0.50.jar", "generic://sha256:adc90a9768635514277f2f01081ef752c0f87b8d17740d7027287d8024d37fab/com.ibm.websphere.filetransfer_1.0.50.jar", "generic://sha256:d48487fcbd0aa4e3498ac9bc59ee7bd7b4923c72f9440a8dbfd8084891c46bd5/com.ibm.ws.javaee.dd.ejb_1.1.50.jar", "generic://sha256:5e1fc5bda688f49717355cb3cbbdc4c06a0a65492f2698103cd68b6819aa506d/com.ibm.ws.app.manager_1.1.50.jar", "generic://sha256:5c22cc501edfe1f5b0a55ba8fc6d46953dc5cc0ddc1627aeb8a266ecf881fdca/com.ibm.ws.security.jca_1.0.50.jar", "generic://sha256:82942535931edc0d70940cb2e58dd0806b5cb5177c5c48544f3f5821276478af/com.ibm.ws.messaging.jms.defaultresource_1.0.50.jar", "generic://sha256:ebad9d3c445a850db549bb40fd7581bb1e8508b832eaed041bcab30f39703bdf/com.ibm.ws.javaee.dd.common_1.1.50.jar", "generic://sha256:bce1c0c34bfdd918de2559c32009d930d923ed6a67fe43c207769ca89604c3d2/com.ibm.ws.jca.resourcedefinition.jms.2.0_1.0.50.jar", "generic://sha256:d461d1e6c51a921d89c73bdf8ba3ba248ab6d551c95b90f628f4756a9c17fcc3/com.ibm.ws.cdi.transaction_1.0.50.jar", "generic://sha256:a18270ac2e3b5d7e7f050b5f464a2be20e2957a43f52e151004781af3c1e3a0c/com.ibm.ws.net.oauth.jsontoken.1.1-r42_1.0.50.jar", "generic://sha256:ae320774bf5ae8f9b112ecde33f860d851e1e07cf64c7e0fb0d0d2066e7777c5/com.ibm.ws.microprofile.config.1.4.cdi_1.0.50.jar", "generic://sha256:8485eb3a7f432203ccd19de50b9bce5a605da5dcf25cfaacd63257283f3d4f62/com.ibm.ws.javaee.persistence.2.2_1.0.50.jar", "generic://sha256:d314bba603d906eade3d89fc5435d376d03547551afdc6a2a65ef9c97b8167a8/com.ibm.ws.microprofile.metrics.1.1_1.0.50.jar", "generic://sha256:ebf0f6f0a92eb07e8e38645752ced8ea181cf97e1c53c80e71ab81c3583aa01c/com.ibm.ws.messaging.jms.common_1.0.50.jar", "generic://sha256:6a6849dcb28815532462ef48c651ef12ba9e6b187361af204c0ea1102870671b/com.ibm.ws.security.mp.jwt.cdi_1.0.50.jar", "generic://sha256:4e3440245b39d1450fd61361f7a2a117ea018544d8907fd03313e0571af532b0/com.ibm.websphere.javaee.jaxb.2.2_1.0.50.jar", "generic://sha256:f174b915b34befa192560a1787e24defc51caf9207b20c6a52aa5f3200f2689b/io.openliberty.security.mp.jwt.1.2.config_1.0.50.jar", "generic://sha256:74795b3fd3714c52c9a79c6508a9edf7c9309314380b09f2a25d4c6fd0c6c7be/com.ibm.ws.session.cache_1.0.50.jar", "generic://sha256:90bb4e80f14a3fd624514e94733959ae60199d5ce3036e623a4be137dd3f0aaa/com.ibm.ws.security.authorization_1.0.50.jar", "generic://sha256:0d7007bd96bcc192b6f9a4e0cfe73990331fcf319f8681bc1089e5e27f2d96a3/com.ibm.ws.security.authentication_1.0.50.jar", "generic://sha256:496f9210eb2f710d26fbd22ca55c2ec819cfb95f344049055c1223fa4f293f7e/com.ibm.websphere.javaee.mail.1.6_1.0.50.jar", "generic://sha256:7bdf45fc4b1e7dbfdf6e19b4eb374d05f722356842b9d6be2b67e3f9631dd630/com.ibm.ws.runtime.update_1.0.50.jar", "generic://sha256:3a269a3429c0158abb5521697cd41208d7950789b554b9b588a4aa40fb606449/com.ibm.ws.org.hibernate.validator_1.0.50.jar", "generic://sha256:58db27984608787dd26c9acf1b219e3f4625863915e57b30f7ff2c422eea2d4c/com.ibm.ws.request.timing.jdbc_1.0.50.jar", "generic://sha256:0d00e4a7305a1595bf26cb3155ecaf3af84c5c274146f0fdc36156e8413540dc/com.ibm.ws.kernel.filemonitor_1.0.50.jar", "generic://sha256:eff46a68f253bb80965e12061cb376f398d685b3ebf46a63a4ce7635da02ff5f/com.ibm.ws.dynamic.bundle_1.0.50.jar", "generic://sha256:67b047e4baddaba74d321fcdcaf0b1f3826f060f74c663d4b86b85679e0b33b3/com.ibm.ws.jaxws.ejb_1.0.50.jar", "generic://sha256:e439a60832a788a9b455ff934e64b7bce13fdbf133a97850e7ae54dd31563b62/com.ibm.ws.jaxws.wsat_1.0.50.jar", "generic://sha256:847bbf5549bdd67af424b3258b8fb180bed50a3751b32770829c71bb2f41edc8/com.ibm.ws.org.apache.cxf.cxf.rt.rs.service.description.3.2_1.0.50.jar", "generic://sha256:6dcecc07c02de59a747ceb0d1dbed3410718d81b2b4317f9d2c3421dcbdf5f24/com.ibm.ws.jmx.request_1.0.50.jar", "generic://sha256:dd40969a37fbf0ef3eb2b90accb638b6ecaf6910457ce4ef10190b92d2771d03/com.ibm.websphere.javaee.management.j2ee.1.1_1.0.50.jar", "generic://sha256:430b2511edf60f9023573d1ead0a161f2c1bd5fb30e69147ff4e6f25d5837193/com.ibm.ws.microprofile.config.1.3.services_1.0.50.jar", "generic://sha256:e3fa7b16b4b78ff86cbbea5aaeaa79d5cee5e5cfbe88caebfdf88a1d6cfede88/com.ibm.ws.crypto.ltpakeyutil_1.0.50.jar", "generic://sha256:f7af30d3a7549305c04258c05d6852ee517168b278a7c474a066c100474cb8bb/com.ibm.ws.microprofile.metrics.cdi_1.0.50.jar", "generic://sha256:ceb787296a161f2f2361d686731ebb48a547313cbb1b16b4f13738e52585beb3/io.openliberty.org.eclipse.microprofile.openapi.2.0_1.0.50.jar", "generic://sha256:85ce8b524a43d5d52a7493ed6e5bac89661b1be0ec34fb5608944782da547e57/com.ibm.ws.ssl_1.4.50.jar", "generic://sha256:2cf0e20a3f15870ca31540401cfc2d35def5812696d49455ea72a13d8e3bf65c/com.ibm.ws.org.apache.yoko.core.1.5_1.0.50.jar", "generic://sha256:b4fca3c158658b3c13f543889ba92197774de2529f8f8233baffed29a87ae85b/com.ibm.ws.artifact.loose_1.0.50.jar", "generic://sha256:d63e74f3d0d3c8381a257ccc4f69133a028b1a246b6135c92e21ce6a580b4894/com.ibm.websphere.javaee.activity.1.0_1.0.50.jar", "generic://sha256:0eeced17658c96a4f52ff037605943891bfdeaea79a3c3869776d08e41b38922/com.ibm.ws.security.context_1.0.50.jar", "generic://sha256:178bbbaef55bf26ae9736f462e9ba26fe99c4bad5551570126e8674c2d5c7fbf/com.ibm.ws.security.openid.2.0_1.0.50.jar", "generic://sha256:61aac9bcdb5167011cc5f7df4826f83ed5173b949c88e7d1fb00c7cea66020e8/com.ibm.ws.tx.jta.extensions_1.0.50.jar", "generic://sha256:be367b9e14142707e87483f97b42a36f44944867e92463d93d9f8140ead4b951/com.ibm.ws.app.manager.client_1.0.50.jar", "generic://sha256:f2e12c64f44ae1353e409dbbaf6226a4a51ff05852d5e0d13aa390c3feaa1079/com.ibm.ws.persistence.utility_1.0.50.jar", "generic://sha256:b91a8a0d8c73fad77f0f92af388fc8045749e0ed058b562ff6b7169b2028b5aa/com.ibm.ws.jaxws.clientcontainer.security_1.0.50.jar", "generic://sha256:1a4a00791c86eb792d563a2a663fe47f0fa279ae3f533aea3dcd5537e618775d/com.ibm.ws.microprofile.opentracing.1.2_1.0.50.jar", "generic://sha256:548ea01506e8144be186b89295f338eb7cbf6b9eb4ddbbc90bacf799c7a3dbf4/com.ibm.ws.app.manager.ejb_1.0.50.jar", "generic://sha256:f242e17c671252641847e5a5ebb74a3005291b0ef2a83b1ff6e5a570153876ad/com.ibm.ws.security.registry_1.0.50.jar", "generic://sha256:7a2c6f3899a35833471823e1022c4f5aca9bc85ec2548e3ce4148c6f599224f4/com.ibm.ws.security.audit.reader_1.0.50.jar", "generic://sha256:da072a6dd559f996af261342b4a9c2331f525137210c8c0e9b4d43db644feffb/com.ibm.ws.cdi.1.2.weld_1.0.50.jar", "generic://sha256:59aae112837507fd010270ecce020e180ecb1cd34e4c3c8c4256be2df878ddb5/com.ibm.ws.app.manager.sar_1.0.50.jar", "generic://sha256:70b8bc0ba09a583d00d30064211d24b5377debc289673ff589c5cc944850135c/com.ibm.ws.org.apache.yoko.rmi.impl.1.5_1.0.50.jar", "generic://sha256:2ec61a4e929676f44fd7cdd0420d5556c1398e13523f2991dfa26d36a2117eb5/com.ibm.ws.jca.inbound.security_1.0.50.jar", "generic://sha256:26f5886ea8c4e6cf5bae6ec52ee1b474807839d425e657f8366ab0133f0b54e2/com.ibm.websphere.org.eclipse.microprofile.metrics.2.2_1.0.50.jar", "generic://sha256:4c214754e50a4d75d1e699abafeee1147c7ffae550a4a58fcf7a08aaeb6247fb/com.ibm.ws.javaee.platform.v7_1.0.50.jar", "generic://sha256:838a81e0045cfec650281cd85f5028c39146758d3e1baffc66caf7468b0298b1/com.ibm.ws.security.jwtsso_1.0.50.jar", "generic://sha256:b2dfa3492d94d0e2ec36a456322298c603cc41bb16921748d3d12b2185d05fb7/sunec.jar", "generic://sha256:be7c82066d7736485c96d905eb0607a7af9721b90634cb51b85f0e192cb7eaa2/com.ibm.ws.microprofile.faulttolerance_1.0.50.jar", "generic://sha256:197804e2a8fff75d99e170d46eb74de0e8d0d6251eb21552f292a0be2d8d8c98/com.ibm.json4j_1.0.50.jar", "generic://sha256:34ecb0535933c2dd1735e5e249947c86a69751851442082719debf5c6e7cbe47/com.ibm.websphere.javaee.activation.1.1_1.0.50.jar", "generic://sha256:76224517813b8942789af03a88b59228e44b282ef72f0100ac415a08c10dfa8d/com.ibm.ws.messaging.common_1.0.50.jar", "generic://sha256:ac4deec680b703649ff2afac8f6bd6071a96031e44ab6e5b0b8741530f8aab6b/com.ibm.ws.opentracing_1.0.50.jar", "generic://sha256:d57e444f4b53b23b347d2fc04a5e865f75037b478911673f28af07993ca97e56/com.ibm.ws.microprofile.rest.client.cdi_1.0.50.jar", "generic://sha256:234577927de6c831f7819234148488b5461f9687abc13b0933551544fb8ceaed/com.ibm.ws.microprofile.reactive.streams.operators_1.0.50.jar", "generic://sha256:b3d5b626aa580d5e092e33a1c0322b0d218cc3a0fd8f2e4cc47ec18b8c5e9829/com.ibm.ws.filetransfer.routing.archiveExpander_1.0.50.jar", "generic://sha256:b2235044e098d6c9ed99df4ab6864991790fd94197f270939b5bac656e75ce69/com.ibm.ws.microprofile.metrics.cdi.2.3_1.0.50.jar", "generic://sha256:2924c31610b6ff3ad1505aac5dde39841a1ae198eb805c6672ea7bdfc74a9e62/standard.jar", "generic://sha256:a2dcab9a7e01d4e34ba4c6525074f6c8af7b85a6c22fde57c859c91252fdce77/com.ibm.rls.jdbc_1.0.50.jar", "generic://sha256:9f246db7e0e30a4b73c4a0cb5c9de7d5b37582be93ea2a416bb914d7024cf1c8/com.ibm.ws.ejbcontainer.mdb_1.0.50.jar", "alpine://3.12:glibc-bin:2.31-r0", "generic://sha256:153e22e4afd676b074cb712c9b5b5779c00790013681ad73ea715e042582fd46/com.ibm.ws.config_1.0.50.jar", "generic://sha256:523f8ba51946fb0e304a720490354429a7ee43c1f3ee23a5ce3d936e2662d8f4/com.ibm.ws.webcontainer.servlet.3.1_1.0.50.jar", "generic://sha256:4a0bef652ba7a58c7e32ea427bb3f67f5dded748aab4e83d93f7cd2aa4e972bb/com.ibm.websphere.org.eclipse.microprofile.openapi.1.0_1.0.50.jar", "generic://sha256:864b99e75b93ea8c8a12c044ca7633b416d9667e7819ee4b84757bef9fb49fd3/com.ibm.ws.jaxrs.2.x.config_1.0.50.jar", "generic://sha256:534ba72aa435467ebc7f7f1bd8f0571b15be1ec9e2b9b664b4894288f306a8b4/io.openliberty.microprofile.metrics.internal.3.0_1.0.50.jar", "generic://sha256:f725466ed31b4b3b9da1690b6840320631563bf30ad77dc885fcededa73e929a/com.ibm.websphere.appserver.thirdparty.opentracing.0.31.0_1.0.50.jar", "generic://sha256:faddda7a1216c2ee23c35bc2bf0cfe5e047da79f070e00732ca8da36d57bb6dc/io.openliberty.io.smallrye.openapi.jaxrs_1.0.50.jar", "generic://sha256:d143575cc382b68a5d4bad4035cb2b08f3d052d1c6be59cb1d88b8555990c5b5/com.ibm.ws.kernel.feature_1.0.50.jar", "generic://sha256:47491cfcecacb83eccbbb8e6e398769a53019ca697e1ea5168cfcfa409173226/com.ibm.ws.microprofile.config.1.2.cdi.services_1.0.50.jar", "generic://sha256:40fac5e68df67d0e773e7dd4d81f93d56cf24ecd879fd469817ee102608a605b/com.ibm.ws.ejbcontainer.remote.client_1.0.50.jar", "generic://sha256:ef9b168e1db5eb1badf9b455513ad64e4d3d3387a5ddc314a358c2910fb399e3/com.ibm.websphere.javaee.cdi.2.0_1.0.50.jar", "generic://sha256:76ebc6e24acb3a1c34d0710c4b11583f98a97c01ce5129e84d8fde1253453139/com.ibm.websphere.security_1.1.50.jar", "generic://sha256:7badc7ca818dc47dcf765d0e0b934402c3a824584094e633cb1035ed2699edcf/com.ibm.ws.net.jodah.failsafe.1.0.4_1.0.50.jar", "generic://sha256:7096d3b8577edca3a3b3e75d9b05c8157602f55ef410cbdfd6032d679a8c54a4/com.ibm.ws.microprofile.config.1.1.cdi_1.0.50.jar", "generic://sha256:8d3f4dfaa0f2ad36c05be53b39ed9d56344d1d0b1c6bacda3169c4e19a1c5459/com.ibm.ws.javaee.persistence.2.1_1.0.50.jar", "generic://sha256:313da17fa78c6cb728e8e83c168a1772c796637911ab0819e8ad7f006248bc3f/com.ibm.ws.microprofile.metrics.2.0_1.0.50.jar", "generic://sha256:cd97f1480aa1f096a75613fa53c22a7cc461b371d2ccfa15e2f60f1437b73be4/com.ibm.ws.jndi.iiop_1.0.50.jar", "generic://sha256:d0d7344134e932ba4b9f288b956c7f0fef52eae3710b80d3820f5484d386efc6/com.ibm.ws.webcontainer.management.j2ee_1.0.50.jar", "generic://sha256:7c0e5a36e6cd6a72f4191f82126b20c0608cbce71575004d33809fa3307e9bef/com.ibm.ws.microprofile.config.1.1.services_1.0.50.jar", "generic://sha256:6aa13de981d4fea7cf5bdf74bee5d7152afa53eba4491794be9c80cc48410c92/com.ibm.ws.com.sun.mail.javax.mail.1.6_1.6.50.jar", "generic://sha256:fe51737debd2c794395bf80744ff7e075d77394f697983dba3bed43c990fc6fc/com.ibm.ws.jndi.remote.client_1.0.50.jar", "generic://sha256:6ffa391d219c408b6d1e8b24d43f4310aef4d42420434c1a929c04ba26412dc6/com.ibm.ws.transaction.context_1.0.50.jar", "generic://sha256:041dd9420fa7dc335d7412d2ee1cacee4eb57c86e1bd479aafcdd03ceac9144d/io.openliberty.microprofile.openapi.internal.common_1.0.50.jar", "generic://sha256:94f722ded3d104abe5faaec68d4ba292017fb5c4001f3c8d0cd0d1648346fd37/com.ibm.ws.microprofile.openapi_1.0.50.jar", "generic://sha256:c12192613c83e4380b06be7c6c29041df9274cb3a52a3b8a008c9b0c12e568f7/com.ibm.ws.org.apache.cxf.cxf.core.3.2_1.0.50.jar", "generic://sha256:167f4e5fce63785c149efa1e3e3691fb53965fb90264425b85f4b762a565ebd5/com.ibm.ws.microprofile.metrics.private_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.ws.mex.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:b358f452b1b3d1517e4a73784c90234d3c42130074c61d38788940efb2d63a79/com.ibm.tx.ltc_1.0.50.jar", "generic://sha256:9feda3f1f8d26df5a8da2c73d01eda2dea53ea6fe1648c5bd92e39aaed298ce7/com.ibm.ws.org.apache.commons.weaver.1.1_1.0.50.jar", "generic://sha256:c5adc0d2c11492dde43ddb4be0c93fe72fe20ddb28ab34efc4f883bd4b0aa6f3/com.ibm.jbatch.container_1.0.50.jar", "generic://sha256:7df734f1a2c943d2a5722fab305bd93cf7e44691513fbe3609d2a308c5f04bfd/com.ibm.ws.security.oauth.2.0.jwt_1.0.50.jar", "generic://sha256:f87fb0c52b4703b8346cfed9af8775b25a432d0b38922fdee52b1846747883ac/jaccess.jar", "generic://sha256:c29351c9cd1a59610f965e4240dc561bc807246f500a14e92834ad971bdc7d2d/com.ibm.ws.jsfContainer_1.0.50.jar", "generic://sha256:c569cab526a7731d90e017f99a19466e6dfea196c5e0d47802d10eef28121165/com.ibm.ws.javaee.version_1.0.50.jar", "generic://sha256:de02e4ceadb1f3aafc3f9aa127d9b76c95e360d4b9425318932d1c06ebc28bc1/com.ibm.ws.config.schemagen_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.ws.security.wss4j.1.6.7:1.0.50.cl210320210309-1101", "generic://sha256:7e02462743ed415beb512ea980be73dcb3635e4a686b58ef50a535ccdafce66b/com.ibm.ws.org.apache.yoko.osgi.1.5_1.0.50.jar", "generic://sha256:a76b3fcbc3985cbd7326c47ea57058837c39bb5de377fd11db3b28f884658a8a/com.ibm.ws.openapi.ui_1.0.50.jar", "generic://sha256:7895546bc32dfd20853d29c619439e0a1326654826cafe4e494a0e2d15920e95/com.ibm.ws.tx.embeddable_1.0.50.jar", "generic://sha256:31f23c810d7269b4abc339a8b7a983deddb74fd101829386ee37967db94c5c61/com.ibm.ws.microprofile.opentracing.jaeger.adapter_1.0.50.jar", "generic://sha256:03ce7d4959bb13192b36a116d821322292dc6f2ac6d7c83c2983824a7e3780b1/com.ibm.ws.messaging.jms.2.0.cdi_1.0.50.jar", "generic://sha256:4dba2b17d68e4b335e19e91582cc579a9b371a19047b076df1e3e6772bc385ea/com.ibm.ws.jpa.container.thirdparty_1.0.50.jar", "generic://sha256:192bb37fe273681a236f448e027533cfcbdb657dfbd15fbde88a3821891b6b34/com.ibm.ws.transport.http_1.0.50.jar", "generic://sha256:6bda16200136a66fb0ca77cca02f7ecd201f4bcb280d00eb93ff0f84f77e72de/com.ibm.ws.security.sso.common_1.0.50.jar", "generic://sha256:ed75d45e2c6bbb4ad2a19132925d25868560425c0fe479e1a167c570f0e766a2/com.ibm.websphere.security.wim.base_1.1.50.jar", "generic://sha256:f0b9a801f3d03c6dcca8a52c69251f61af932e433c95622562ef0ef78e3e9aad/com.ibm.ws.security.jwtsso.token_1.0.50.jar", "generic://sha256:03112bb7eacb5423c40fdde6f6a8eeb09028fe4a0a70700708fb52c63200d201/com.ibm.ws.jdbc.management.j2ee_1.0.50.jar", "generic://sha256:ce58488bd129dea3e846da281b664ae54900930aae7c43b80eb0df85fce382db/com.ibm.ws.jpa.container.v21.cdi_1.0.50.jar", "generic://sha256:91c0c129ac696cc9d7b8945fc71cee11e45e86aaec0e2da40ad412e29169e980/com.ibm.ws.jpa.container.v21_1.0.50.jar", "generic://sha256:f4c6c479bfce11059b9ce9e2abd3d7bf79dcc8af2b78ec1b25847e5a84842f08/ws-binarylogviewer.jar", "generic://sha256:d41a9762b7834ef416642b3b8b9cdea830b4689a1ab2ce6e7ca43fb12d72c15b/com.ibm.ws.jca.1.7_1.0.50.jar", "generic://sha256:2b477f6385349ec8e54f9bafb17babdddb941ac7546c6eecf4f3c51f567a61b6/com.ibm.websphere.javaee.jsp.tld.2.2_1.2.50.jar", "generic://sha256:622c7265a5af9a99cf641ca61a54ba6036d11954ed136eb23b93c7b61dd8131a/com.ibm.websphere.security.impl_1.0.50.jar", "generic://sha256:a49a9b6be723cb41fa6da2e54635580d0ca141f454511bc11be1fd1bb65a9272/com.ibm.ws.org.apache.commons.io_1.0.50.jar", "generic://sha256:f9de1791a0ed96904b0c03f94fe5bb9faec110a40586d7b0b0c304a4fa0d9432/com.ibm.websphere.javaee.jsonp.1.1_1.0.50.jar", "generic://sha256:0b27baccccec743f51887d9d7c1f4026e6cc8a7357a30dd9fabd54d14d37204b/com.ibm.ws.org.jboss.classfilewriter.1.1.2_1.0.50.jar", "generic://sha256:897f3dbebdc0e474c358e20c6ef00c34c87c2128bee21abb370f43407fde1bb1/com.ibm.ws.security.sso_1.0.50.jar", "generic://sha256:787b6e030418b5fbc47810653ce1dd74d3c8015a89575ab7b518164a688101f1/com.ibm.ws.classloader.context_1.0.50.jar", "generic://sha256:4eede348d6eacbf6956ac222aeeceb9ae841a119212811e71e11d6374f468a1d/ws-featureUtility.jar", "generic://sha256:443829e6662f32fec487607ac0a60de6f4630c19aaac05226e22dd462b8a606d/com.ibm.ws.messaging.comms.server_1.0.50.jar", "generic://sha256:83df7d10e38116670fd1950eac33c4b9a39022b63454ca8569271a931a1a4779/com.ibm.ws.jsp.2.3_1.0.50.jar", "generic://sha256:6f8c0e92333513ea3291d81ed8f081e36d0cf1ef69cafffba65a19f8ea79a770/com.ibm.ws.io.opentracing.opentracing-util.0.31.0_1.0.50.jar", "generic://sha256:af345e8bfd73aa7d8f37b4b8bbd6238fb90678813ca5b28c34ac675508db85aa/com.ibm.ws.microprofile.faulttolerance.spi_1.0.50.jar", "generic://sha256:da0d0fa620dc6ae90fd1ef313984b4dfb540086fbd49d9fa4f063d6b0ed8e92b/com.ibm.websphere.javaee.servlet.3.1_1.0.50.jar", "generic://sha256:ed2c79313eb44f0bc70c7cb3999edd7f5018505e252ae152b0502ae35cc80613/com.ibm.ws.microprofile.opentracing.jaeger_1.0.50.jar", "generic://sha256:4336e82369d89baffc87bc5b9781ac831d4ff56dfd7fd8f2f1e88833eb096b2d/ws-wsimport.jar", "generic://sha256:433f29534460eb0189f0abbb64f53d0adcedc0d959b37faea023bc3e525733e2/com.ibm.ws.app.manager.rar_1.0.50.jar", "generic://sha256:8935807f4d71f5922f85fc0704c0a3c9bebe0bbe0a41892e9106a228c6178a52/com.ibm.ws.org.eclipse.equinox.metatype_1.0.50.jar", "generic://sha256:feea2abe3987233ebb0679353f7ad6de50f66f5f7f00cdca28229e421eb786c7/localedata.jar", "generic://sha256:c0876f55ff7f8734d299fe982184e0e497b8a2c6b40c4bc835adac0acdd9d0c8/com.ibm.websphere.javaee.cdi.1.2_1.2.50.jar", "generic://sha256:0f765d384b0e15b022fcb1499a45f2f96212acf11c8285fdc1b2bc3bd71d1266/com.ibm.ws.webservices.javaee.common_1.0.50.jar", "generic://sha256:751c259b9e7dece0a30e1904ce20770eae22f2c06020d57b367f88cedde67875/com.ibm.ws.recoverylog_1.0.50.jar", "generic://sha256:22089e0ba0f79130f3727b7eff20ea61f9bedc5fe3556f7a9a6f155d853763f0/com.ibm.ws.jaxws.security_1.0.50.jar", "generic://sha256:41387d94f43d2ffe89b79311225f6f0a98b71b2e5fb1b6e300378bb564245f94/com.ibm.ws.microprofile.faulttolerance.metrics.2.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.json.simple.1.1.1:1.0.50.cl210320210309-1101", "generic://sha256:02fe2fdb46c23ef9bbe92a04948da92b0061b5b27633e2e774ad2a9ee6b1413e/com.ibm.ws.classloading.bells_1.0.50.jar", "generic://sha256:ac8a7f64ad2d16d565fe7f8f66c94afc407b12fd1bb5726fb46cc7993ee4fb44/com.ibm.ws.microprofile.config.1.1.cdi.services_1.0.50.jar", "generic://sha256:a15b457a143c04eda75f70b169f9236bc21a8cbddf7772c2fd1432e08926b07b/com.ibm.ws.javamail.management.j2ee_1.0.50.jar", "generic://sha256:d7b3fe7391ead5ce613f75c50f259e5eee14d8f3993924d33f94b2f9d40223d4/com.ibm.ws.threading_1.1.50.jar", "generic://sha256:40e24f1615e41a7e5da84f4f8fcdcf448dd610fe3a9645173cf566318da9a43e/com.ibm.ws.microprofile.faulttolerance.2.1.cdi_1.0.50.jar", "generic://sha256:6f9ca73ebc02f59b8cad8fd025559b036b92e46d484b8009d9d6931b7eb50667/com.ibm.ws.jdbc.metatype_1.0.50.jar", "generic://sha256:a00fe9ae5ee650b60cbd64ece66ee5f8352fc136691060d1b8306f79d7a58f9b/com.ibm.ws.javaee.platform.defaultresource_1.0.50.jar", "generic://sha256:f73d387463a259a591ff08969c0fe6356b4906d48368b73d9ab9f1ce43caa586/com.ibm.ws.security.authorization.builtin_1.0.50.jar", "generic://sha256:18d834b0a0d658a427ccfd8b645352ac75313c4edd4a750d0d5a0596ed968259/com.ibm.ws.kernel.service_1.3.50.jar", "generic://sha256:d0e0ef4f63db76b3621006c24a3a2ee563e56b100d29db9121a5d5cc7b57f8f1/com.ibm.ws.repository.resolver_1.0.50.jar", "generic://sha256:81425ae90183db82322f3d2c5027b8cccd8fe15515d376be2b94efcbb82776a7/ejbRemotePortable.jar", "generic://sha256:3644678f42c9c80928facf25cc9e92e22cc99e4ac4008aec38d05cbc941a79d4/com.ibm.ws.webcontainer.servlet.4.0.factories_1.0.50.jar", "generic://sha256:69e8cca9806a08bfeb84fa8e5b64743d75266b280414f407d28ba810b295be81/ws-securityutil.jar", "generic://sha256:7c4879440b93a17461f96786735c0e43703d39bcb59ab210eff958b9661440a2/com.ibm.websphere.javaee.connector.1.6_1.0.50.jar", "generic://sha256:b1172c8d6ab5a5612e9bcdfda16179c0352c198938127f61612e6ccdf2f6adc0/com.ibm.ws.security.oauth.2.0_1.1.50.jar", "generic://sha256:0f0c2979b4758537125903b553d27fd3b63689a139b6652c8e68bdbf7d031fe3/com.ibm.ws.javaee.ddmodel_1.0.50.jar", "generic://sha256:9e36f6b5f7bcb54abc88cb0c5550edf5c6debbb89abadf7dc300cf59677932a8/com.ibm.ws.ejbcontainer.security_1.0.50.jar", "generic://sha256:47b7cfcea2eb7d4f31ef0b92467bc04f97e9ebfec7ee689caede6e45e24a866f/com.ibm.websphere.javaee.jsonb.1.0_1.0.50.jar", "generic://sha256:43b4e56a6f3a6f99da63dfdeff40dea6cb627908105b0abad7f1e4d968b34f81/com.ibm.ws.sipcontainer_1.0.50.jar", "generic://sha256:8e6584bcaca993054a411826730741da6fb885511462edac22da4ab233c48c47/com.ibm.ws.install.map_1.0.50.jar", "generic://sha256:ee8822ca61dc59966a57f0b8fbb8d39d2cfa0b1fa5a2e3362d382a74f2237573/com.ibm.ws.security.saml.wab.2.0_1.0.50.jar", "generic://sha256:e8803225cd0f1c36716ba5536293916b19e7b235781f23ca22e74a145857184c/com.ibm.ws.classloading.configuration_1.0.50.jar", "generic://sha256:7dd3439dcf16f9a020ac63f3a294929c58f1321e8a1ca65a2c118773f3e126e9/com.ibm.ws.com.sun.xml.messaging.saaj_1.0.50.jar", "generic://sha256:94aae1083ad5ad3b2bfc51d978981670603e68b64168b59be3e59920d41166be/com.ibm.ws.jndi.ejb_1.0.50.jar", "generic://sha256:78c76a370a5293c3de9a3be66562d62e8d3c9afb9d5b709e7b3c8afcf18fbf21/com.ibm.ws.cdi.ejb.common_1.0.50.jar", "generic://sha256:8162101850255cd1658c880f731dae425517f9664988fdd5b2a1842846278d45/com.ibm.ws.artifact_1.0.50.jar", "generic://sha256:df9981f41ad910bea8f55974e74f8261d61578101209fd8caccde50fc8629913/com.ibm.ws.security.common_1.0.50.jar", "generic://sha256:80cea486c58ca96ba801c4e131eddbbcb9b82aa7a4b237868dc81ff1f5189eae/com.ibm.ws.artifact.equinox.module_1.0.50.jar", "generic://sha256:3b05d153e1e4f7f5fe814dd9710df41e668941c91261cc0a6b5886fa4cdd2bf9/io.openliberty.opentracing.2.0.thirdparty_1.0.50.jar", "generic://sha256:73f94986458a40af8659ea77eeae2e01a3b5f41ba242698f676a302e343a12eb/com.ibm.ws.dynacache.monitor_1.0.50.jar", "generic://sha256:425b43dd2057fd62b5e93c4e67ed7f2653a46efc391e201aaf0f4dd1c4a0da63/com.ibm.ws.config.server.schemagen_1.0.50.jar", "generic://sha256:d673478e0bd1a844e44335dee8c6d25ca466218b7617e31b30a5f7fe9109c701/io.openliberty.grpc.1.0.internal.common_1.0.50.jar", "generic://sha256:86f9b72953dc57f1ebaa4aac302f0c8121ff79474c6cea40233036d563a47a0c/com.ibm.ws.app.manager.ready_1.0.50.jar", "generic://sha256:1f49f287ebcdd32fcf2f7ed2d20356bcfbbbe6ee7a329c1b01a7d47953b28dac/io.openliberty.io.smallrye.common_1.0.50.jar", "generic://sha256:e037526b0dc7fde5b91e77c3911c3ece065faf51fba3eb044b75ff0ca4736d00/com.ibm.ws.security.wim.core_1.0.50.jar", "generic://sha256:5fa1a4e667c6b4ff113668d8eda26bd68db638d38892a0311364c49b40f7ccce/com.ibm.ws.beanvalidation.v20.cdi_1.0.50.jar", "generic://sha256:66a5d87cbab3ea491566075e98b251a1255d911297c405c1e549abeff7eb6185/com.ibm.ws.kernel.boot.archive_1.0.50.jar", "generic://sha256:373a2cdafc181f66b379c80ead588dfcf4ce92d3029b5e48978e2a82c87d4d03/com.ibm.ws.org.apache.jasper.el.3.0_3.0.50.jar", "generic://sha256:159021654b8b7ae5f9c95ae7de31f32b7c467c6cf5cc15fdb1fc3616ee3b37c9/com.ibm.ws.jsf.beanvalidation_1.0.50.jar", "generic://sha256:065201c86bcab6e2fcdb9d0ee67c9fac9f2b96bca2132bd092c0b80cc746ec65/com.ibm.websphere.javaee.mail.1.5_1.0.50.jar", "generic://sha256:0642f4bc062ca4371d76f2da38bd34fcf13245b796e8382141a9c8d9b271b4d3/io.openliberty.grpc.1.0.internal_1.0.50.jar", "generic://sha256:0cecc9beeb96a8fbe6554c95b36d999518b89d3e90c6baff17ca9fc78b8aaa4a/com.ibm.ws.io.smallrye.reactive.messaging-provider_1.0.50.jar", "generic://sha256:936678a1358bf1ca854b2a33d013f6bd1c83d89348db32fcb349ba93a48ea4d5/com.ibm.ws.opentracing.1.3_1.0.50.jar", "generic://sha256:b1ea14452bad738d44fb04cdd310f856c46fad4de6ba357c4f74e65ea3b69aaa/com.ibm.ws.repository_1.0.50.jar", "generic://sha256:4572ed21c016a8fad9cfcfab26a08d16be1789968f29eb634339184a2724085e/dnsns.jar", "generic://sha256:0626539b00727729ed3786ee7158a42cb7af9825b59b86a040e36f060b43f664/com.ibm.websphere.javaee.jaxws.2.2_1.0.50.jar", "generic://sha256:73d75bbc052acd60d8192a6465f62b4316c48c2b483a988e843ec817bfd66a6d/ws-webserverPluginutil.jar", "generic://sha256:cb4ea4ca011ed04a91b71e30825b86b1ad15e368d4e5c1e9555f386852d7b519/com.ibm.ws.kernel.cmdline_1.0.50.jar", "generic://sha256:be2091c002e9cf7a447ef71269f3077319cfee90ccc4f869ea5c727a70441040/com.ibm.ws.javaee.dd_1.0.50.jar", "generic://sha256:5093da4a00f469ef78714cf4f145e4c9b619523a2bf08353bb8488dea6223b05/com.ibm.ws.crypto.certificate.creator.selfsigned_1.0.50.jar", "generic://sha256:70a3011dc0818fd18693da6a84a964801318b327b280ad15097f3b3d84bcad71/com.ibm.websphere.javaee.el.3.0_1.0.50.jar", "generic://sha256:4806f7fa7ba5746176862b63ff347f8db96f77fdb65fab58ed35ee133efc76b5/com.ibm.websphere.javaee.annotation.1.2_1.0.50.jar", "generic://sha256:63fdb2737113babfbb1949f03d00fabca3e0b450ffe6e43d0c7bfdc282eec3c1/com.ibm.websphere.javaee.jws.1.0_1.0.50.jar", "generic://sha256:36ceec33735fb104cb64c657d1762b9e523191dd36a571234236b333a55df263/com.ibm.ws.cdi.2.0.web_1.0.50.jar", "generic://sha256:884a5da5406e0fc108bd0f34d6d7710d9ec01ed6198f037eaa4488392357a8ac/com.ibm.ws.javaee.persistence.api.2.2_1.0.50.jar", "generic://sha256:d4db4ef845f6a6ad464874f70cd8ca3ee88625dcf36ef1c43cbe5af0ea9f4292/com.ibm.ws.messaging.msgstore_1.0.50.jar", "generic://sha256:771b4f5405a847246af3d9bc7825a542871e2757491f9714c5812da1cc3aa736/com.ibm.ws.microprofile.faulttolerance.1.0_1.0.50.jar", "generic://sha256:4fbd7d55e085247ac0fde3205b0cbff3404adaf08ab48359d7feb7e585d702b6/com.ibm.websphere.javaee.jsp.2.2_1.0.50.jar", "generic://sha256:bbfa7ce6ea1c79fea4c7422e62c822748eb3b8403a9b44ef5dba17fc72eabb91/com.ibm.ws.anno_1.1.50.jar", "generic://sha256:10c6285cf9d0575f2e940f6ab1c33903af41682dcfe516550d094b34658c602b/com.ibm.ws.security.jaspic.1.1_1.0.50.jar", "generic://sha256:2e98b48381a5b21f6d3bf92a34c7a073d093f0af1bd305a30c991c555c43c4af/com.ibm.ws.event_1.0.50.jar", "generic://sha256:ee836fb0250e7bb31e1d2e4360b481a5b4f38eedc6512708618deeec5c13120b/com.ibm.websphere.org.eclipse.microprofile.jwt.1.0_1.0.50.jar", "generic://sha256:4a50d7cc6b0ad35ff48ed9bc1309edccd18c50bc0e9cbb680038acdf0dcd4364/com.ibm.ws.logging.hpel_1.0.50.jar", "generic://sha256:2e287b892174ef378c790e9491ea7c886b3f76a2b9c38e9c65a239e278ce2b48/com.ibm.websphere.javaee.ejb.3.1_1.0.50.jar", "generic://sha256:0e44ce9a5dd3d0946400896f68f1a92ecacd28b1a3a9b27f459711a841f76fa5/com.ibm.websphere.appserver.thirdparty.mail_1.0.50.jar", "generic://sha256:e511a51f1e6091be778e3acf29eed3aeb055003d631dc42ce0aa3cc4a3d37b04/com.ibm.ws.security.openidconnect.clients.common_1.0.50.jar", "generic://sha256:a32b487f4bfd19ac64cb5b92cd7e07946d08a82b9a333ccb94677a5f0cbb351b/com.ibm.ws.ejbcontainer.war_1.0.50.jar", "generic://sha256:1d20722db88d7f925bf487151460362c2929c6e1061b60976cf899935e01d567/com.ibm.ws.com.google.guava_1.0.50.jar", "generic://sha256:f6efb99d612297e5a8c6fd33ed6a5be68053e545dc9d480ae4e7af1a6e6c6b16/com.ibm.ws.sipcontainer.monitor_1.0.50.jar", "generic://sha256:1400842be865a38f897a502204e5290666687398d0f0f7efcc9f3be5df81fa2e/com.ibm.ws.springboot.support.web.server.version20_1.0.50.jar", "generic://sha256:8b49a47dcbd5e901536a7c229f7ca65443f4888565d09072d7d4eb14e613b11f/com.ibm.ws.com.fasterxml.classmate_1.0.50.jar", "generic://sha256:70caa41a50cce2cf98392d58e490f5c1a0516b8c20dcf5ce39267962ba10f42a/com.ibm.ws.clientcontainer_1.0.50.jar", "generic://sha256:84d68658f829af73f84915e5214c43d86c6c87357f3b808bb98544c8ad16de15/com.ibm.ws.clientcontainer.remote.common_1.0.50.jar", "generic://sha256:a8a8492704b5d6d0053ad4fc635d50a7295a35f004f5ee81afd2ca821a4aa212/com.ibm.ws.jdbc.4.2_1.0.50.jar", "generic://sha256:8c275b8f943f717395c2a1c4ecb2ba434fd5ae90ab252e6955f75d033118bcfa/com.ibm.ws.org.apache.jasper.el.2.2_1.0.50.jar", "generic://sha256:ac17ba41eb9b1d8ef1a0f8cec268a75f7c8aa20a0c08e28e5df90bfab0a44577/com.ibm.wsspi.thirdparty.equinox_1.2.50.jar", "generic://sha256:d4ea786cba9064b313f0af85a4c792f1530e9480f5ae556ee8cebcbe47955cf0/com.ibm.ws.jca.cm_1.1.50.jar", "generic://sha256:ee44606dba4721f53a11a7f749c8a5bf7842484d3328009f9dc5a26a8b6d94ab/com.ibm.ws.beanvalidation_1.0.50.jar", "generic://sha256:6f34051130178863ca807d2a451d8916ab81be947d36562db7f3437e8513db9c/com.ibm.ws.jaxrs.2.x.concurrent_1.0.50.jar", "generic://sha256:eb8a466f63c2bf56b62af9bb634d4f02c4a1fa34eabf3c5afeb07095d6ce3692/com.ibm.websphere.org.eclipse.microprofile.rest.client.1.2_1.0.50.jar", "generic://sha256:9a9355b332560a6a12fc1664815f3be46c8c4ffddce17b4db7729f580b1fb2e4/com.ibm.ws.beanvalidation.v11_1.0.50.jar", "generic://sha256:06b2a79dac22043eb44e7d5cbb078db915d3a864f4901b1939e1f77d6d8a3e35/com.ibm.websphere.javaee.jsonp.1.0_1.0.50.jar", "generic://sha256:3e67e9729633811c4890524227b71b2058518944e0896f4a888fad2f23b904ae/com.ibm.ws.cdi.mp.context_1.0.50.jar", "generic://sha256:a8a2f18f040bfb3879085770971ae7a50fb99221d82c221a5fa0292b127763ba/com.ibm.ws.springboot.utility_1.0.50.jar", "docker://component/open-liberty:21.0.0.3-1-full-alpine-java8-openj9", "generic://sha256:e7d8c8d5a0e704207f7a42f928a778531591a61e5196dcbd9e0497ff963deeed/com.ibm.ws.jdbc.4.1.feature_1.0.50.jar", "generic://sha256:f6bfd5354f0da802cf16edf47de6027ad196acca557eeef4384eb82c062ce157/com.ibm.ws.request.timing_1.0.50.jar", "generic://sha256:50a490f35fc415cbd9f47b2280b93f63b1b4294569766e99370521e3b1d8a49c/com.ibm.ws.jaxrs.defaultexceptionmapper_1.0.50.jar", "generic://sha256:d59f12ed2d67ae41364244cb076dee9732a3b23d95f9dd09ada8ee5f6dae1775/com.ibm.ws.channel.ssl_1.0.50.jar", "generic://sha256:2561a2948aaf31097b736e0c03c973ddae61c26127788f80956240fff3f37b2b/io.openliberty.microprofile.faulttolerance.3.0.internal.metrics_1.0.50.jar", "generic://sha256:a4f5159bd6760751c08065380ebe9d1f0adf76a9e6f3dfe31f45a021db326309/com.ibm.ws.org.openid4java.0.9.7_1.0.50.jar", "generic://sha256:56d0b38ba3b513c345e743ef4dd4737273d708e13b4001c6f22728cd4dff2e22/ws-javaagent.jar", "generic://sha256:b1565466abf5d26759f254534acd34937f95058e4125d38efdb91d4826371d8f/com.ibm.ws.cxf.client_1.0.50.jar", "generic://sha256:7c78235bf0f8bb8639dfa94bcb6830ef5eb543c8679e9325eda8e66faeb7e57a/com.ibm.ws.clientcontainer.remote.server_1.0.50.jar", "generic://sha256:93eb761ea6fa1c72f400aa11dcf44bfc92d3fb0a1ada3d5baedd828e17b4d89b/com.ibm.ws.security.credentials.ssotoken_1.0.50.jar", "generic://sha256:4cfb34a605a015a6a4b0eecd7fdd6b6f2ca3b55528c290c184e93b340831b3d9/charsets.jar", "generic://sha256:61fa5a4bd11622f07b603874365c1215a4772959426ec202be619240ef2bde22/com.ibm.ws.rest.handler.validator.jdbc_1.0.50.jar", "generic://sha256:f59fa6bdd3deeafdab38e5ffea1dbf04958a0cb8f9b24cdb2fa1851297668b50/com.ibm.ws.mongo_1.0.50.jar", "generic://sha256:e20b9e6d939c436dfbe3121d990bc56fc44e1c1c7f5a01d51f86e7f8f1a7e677/dtfjview.jar", "generic://sha256:9fa498ec83b61d9c0ad98a7b1e55153a6da41e339afd4f66f8eef05995d39714/com.ibm.ws.diagnostics_1.0.50.jar", "generic://sha256:aa747456be657004be60e8882bd40f1b41d03bc43eaff0b7f9a50252ed1fdb57/com.ibm.websphere.javaee.jacc.1.5_1.0.50.jar", "generic://sha256:741262da539088e406f02bde7f9f6390177617f42d23f99b8048c61663a82ce4/com.ibm.ws.security.csiv2.client_1.0.50.jar", "generic://sha256:2102918b0e6e54ca09ddefdb52a33f5fcb297b8393df80a800d728dde67276bc/com.ibm.ws.microprofile.metrics_1.0.50.jar", "generic://sha256:309ad128cb5b28b8d5b07b9d3f7ff3e63d05b127094624b8a07db30cbe4b4be9/com.ibm.ws.microprofile.opentracing.1.3_1.0.50.jar", "generic://sha256:b4f4057c8addc33e0320aa5ace296534f8a73b33ec24cf8ec0f35737f343f180/com.ibm.ws.serialization_1.0.50.jar", "generic://sha256:404c372170969b5fb8aa6f28b06f2568bfe8e0b82adaeebe45ba1ab8b868c4e7/com.ibm.ws.request.probe.servlet_1.0.50.jar", "generic://sha256:90a96e7f3253351eaee40ad787357d3ccfd9f7a3eead09bd8108b5deafc2228c/io.openliberty.grpc.1.0_1.0.50.jar", "generic://sha256:ec3d110314e9a0d756defdfa97e4cc9dea8b8ea996c29aa2a84c62add68e5844/com.ibm.ws.microprofile.openapi.1.1.model_1.0.50.jar", "generic://sha256:f74e91d325169069ce3c3d29ab91791d0d49694056f9b87bd4556233ba87f3a0/com.ibm.websphere.openapi.3.1_1.0.50.jar", "generic://sha256:248132d2bd9c7f6c84d12b9386b843fcd76757b62ad04be02913dc58317fc332/com.ibm.ws.app.manager.module_1.0.50.jar", "generic://sha256:546970e5fc5218b65c17979ef9b145f390e057a727b756efb0bb945b37cbbf7d/com.ibm.ws.security.authorization.jacc_1.0.50.jar", "generic://sha256:b1b2165f8e4f75acbe5e7e2b614cd0dca3326edfd2a22958912d7e760c7b83f6/com.ibm.ws.adaptable.module_1.0.50.jar", "generic://sha256:93c32c8f4e201003c78b7756a19074c74f911eed5de037d56a8392dff79a39c5/com.ibm.ws.microprofile.contextpropagation.1.0_1.0.50.jar", "generic://sha256:b6128ff85b6e2b4a3f85f61c5924573d58da4ae508bcbf4e4bb43bb12c297bed/com.ibm.ws.microprofile.openapi.model_1.0.50.jar", "generic://sha256:e76ea7e6a393b586399b18dbbbd8320576d26522aac955accbcece1f2eb028d1/com.ibm.ws.org.eclipse.yasson.1.0_1.0.50.jar", "generic://sha256:50d995202fc05e2b6c7febe0ab7b5b63ef03f963ad38848bd60e3dae71a387a9/com.ibm.ws.wsoc.cdi.weld_1.0.50.jar", "generic://sha256:a9e7d2f9f353287bd467acba3f954d778a0cf5aa1f59b16e16b13a9099977945/io.openliberty.org.eclipse.microprofile.jwt.1.2_1.0.50.jar", "generic://sha256:1a45bbe68304b4a99e8faef0b675bc9b1c4f8d7950264a759f769cc725f4dad1/com.ibm.ws.org.apache.yoko.util.1.5_1.0.50.jar", "generic://sha256:3100a5dd9080ab232fe562b777a65bc70797199c0ac2a388617363619db251ec/com.ibm.ws.microprofile.reactive.streams.operators.cdi_1.0.50.jar", "generic://sha256:685da8225cfd61900cdaed2e225452f99a6e9bba3f89ac29915cacf710b29bbe/com.ibm.ws.messaging.jms.j2ee.mbeans_1.0.50.jar", "alpine://3.12:glibc:2.31-r0", "generic://sha256:2b5e09f3b7d1439a3f7990823de78f6648b97fc32f744ba59680e743d237909b/com.ibm.ws.security.quickstart_1.0.50.jar", "generic://sha256:bbc67b6fff5a12f6224e467bf070d71e0aa9d9527b7330931bb86b9a6b0e221e/com.ibm.ws.security.ready.service_1.0.50.jar", "generic://sha256:4bdef910dc5f5012a9f49c1981e02d6b3e4ca3052224d6320e4469f3d67eea28/com.ibm.ws.artifact.url_1.0.50.jar", "generic://sha256:2c2e0aa12f82cb3a48782edf97539505d1dfd2dd1d5fad9e95923aca17c910f0/com.ibm.ws.messaging.runtime_1.0.50.jar", "generic://sha256:6d040ea4600e264c74f42efa4f36580dc586df0cb78fd0149fd04d1fed7bda93/com.ibm.ws.org.apache.taglibs.standard_1.0.50.jar", "generic://sha256:644bf07e029fd846cf0b6451411d79978b71b79be087d031b1c8de4909f8fbeb/com.ibm.ws.wsoc.1.1_1.0.50.jar", "generic://sha256:d8f89cc56e7dd9ff5e0550e3f89819be7b45283f23d26404f934e61b6f00ed72/com.ibm.ws.security.kerberos.auth_1.0.50.jar", "generic://sha256:db7335f79f80126b115300fa7791496cfa01f473d7c4f5dd173c9ce310379015/com.ibm.ws.jbatch.jms_1.0.50.jar", "generic://sha256:e7d97d5f755e8dee64c4a00305dde07f5ccdc5acde3fc2aec1c3da93df3b6ea4/jce.jar", "generic://sha256:14531d3805e0b6d85e9eb3b8183c19316a4bf5b6ddbac47616de30b05567c076/com.ibm.ws.security.registry.basic_1.0.50.jar", "generic://sha256:d61dbb17eef403757f67d0c219e5f8e883e6cbfb01bdad3791d50eddc37d294f/com.ibm.ws.jdbc.4.1_1.0.50.jar", "generic://sha256:e6b4c6c4462508395ad1bdeee8b9179cd2953eb5679421c9daf8b37fba42569f/io.openliberty.microprofile.config.internal.common_1.0.50.jar", "generic://sha256:686206a4d8966a5504823666491af4ccee146576d77a7b8df67bdf9f3f8b576b/com.ibm.ws.microprofile.opentracing.1.1_1.0.50.jar", "generic://sha256:51e548ccc84dd6e75560f48c2d39978672d3edbdcd0e61337a3c9d04b11953b6/com.ibm.ws.org.apache.commons.fileupload_1.0.50.jar", "generic://sha256:4b34ba48f950f3ddc62b4b9f42825b0de9da5fabeb9aa4765541e3a6e07e1dd5/com.ibm.ws.rest.handler.validator.jca_1.0.50.jar", "generic://sha256:8739e919db87a6ecee608bcc542483cd8b46a80cfeaac9e60492378a004b9383/com.ibm.ws.webcontainer.security_1.0.50.jar", "generic://sha256:be2c1e3f917f88fb4a42c26f6df4ef514cfaac1faa303e9b101aadcabb14886c/com.ibm.websphere.org.eclipse.microprofile.reactive.streams.operators.1.0_1.0.50.jar", "generic://sha256:df14708598c4439970a71b538c0a7d4c75fdb536297e247e938b07329b4fe9ea/com.ibm.websphere.javaee.websocket.1.1_1.0.50.jar", "generic://sha256:84ba5bab732c548edc1d45f57d11fe5dde7f37134018f0f88b6d5131dad6b0e9/com.ibm.ws.webcontainer.security.app_1.0.50.jar", "generic://sha256:26c859d594646403b0ebee51e832afbf80d76b6ef5a75dd18df87fe45a9b4030/com.ibm.ws.microprofile.reactive.messaging.kafka.adapter.impl_1.0.50.jar", "generic://sha256:aabe54eb462fb5b30261d8146f757ad9c23ff71381ee7b63aaebb5c23d70573e/com.ibm.ws.org.json.simple.1.1.1_1.0.50.jar", "generic://sha256:742de98eeec4bee3e81a5f6faae84d472eea3b2e83651faea6c065a7c22321a1/nashorn.jar", "generic://sha256:41f98c1fa43c5bd4512c7c8e6d911b8819b6a32e73daffe5c5d3a99433908d1b/com.ibm.ws.javaee.metadata.context.ejb_1.0.50.jar", "generic://sha256:738194690ddaa2ae4ea9ce28c8d5c93372f184a854a4fbe6cbb40ce247feafeb/com.ibm.ws.ejbcontainer.ejb2x_1.0.50.jar", "generic://sha256:c60d517c1bd3dc5d47a451434a5de0b01c2a5031a6b642bc1c4ee1ab3d7deb23/com.ibm.ws.managedobject_1.0.50.jar", "generic://sha256:f5a5c1daf47202aa1229a31d1779a489371218b159cde3cf142b70d5d60017fe/com.ibm.ws.dynacache.web_1.0.50.jar", "generic://sha256:2b8d7ddb1f961e351a181c07b42be9f2a5c78aab996d9e486d23d8cd181de17e/com.ibm.websphere.appserver.thirdparty.opentracing_1.0.50.jar", "generic://sha256:7222f1408f42d2869902ce78df1541ac10b226281679a8432e0a47641d38a23f/com.ibm.ws.org.glassfish.json.1.0_1.0.50.jar", "generic://sha256:5f396b2b2a47d32c28e225da798c9cb3c7b3886a6fedf826b60af8090ee3f7db/com.ibm.websphere.javaee.cdi.1.0_1.0.50.jar", "generic://sha256:e22fc83ff6678ddcd86d5aa9cdd13753a25032ba56efb9fcdb945bdba67c3628/com.ibm.ws.persistence_1.0.50.jar", "generic://sha256:56c1727fb42b6bcba26f7645ee227787af783db595e8a19b5e499a029cecc1bd/com.ibm.ws.org.opensaml.xmltooling.1.4.4_1.0.50.jar", "generic://sha256:64cd426ade25e2ccea0d9d94e4cdc0bcec9cabec5d78958ca9369b3d669c7564/com.ibm.ws.microprofile.config.1.3_1.0.50.jar", "generic://sha256:ac356a1432a4c30017fb86384b7463cc8e9b0c530b09cd64536f204fb9dcb018/com.ibm.websphere.org.eclipse.microprofile.contextpropagation.1.0_1.0.50.jar", "generic://sha256:7661f5fea57d92491cd08c0ca29168653b8e8a4f9f2840c1c22ad0f2802a380f/com.ibm.ws.webserver.plugin.runtime.interfaces_1.0.50.jar", "generic://sha256:69492279c609dadcb4ba54a868d9622ba474211e4ded22514eea5c9a8dd4e157/com.ibm.ws.jpa.container_1.0.50.jar", "generic://sha256:330f894015af5cb152ff56bbdb61905c51f156b698341da9cb4f05a844d47b6c/com.ibm.websphere.javaee.jcache.1.1_1.0.50.jar", "generic://sha256:1839eac6b97cdc31b0f61bd4342cb813cb8d55d9c7b7429c532457effadf689f/com.ibm.ws.microprofile.metrics.2.0.monitor_1.0.50.jar", "generic://sha256:926dacd9cf2ef17874694cef44361b1bf7bd6e52bf464019a767434e90689c42/com.ibm.websphere.org.eclipse.microprofile.reactive.messaging.1.0_1.0.50.jar", "generic://sha256:4a4a2c11062a27937ab8c22fc78bcbcc6b5329e5a225ea5fe0ba60f6d9e0929f/com.ibm.websphere.javaee.annotation.1.3_1.0.50.jar", "generic://sha256:c2e164361f38325f2bb96f48ba115900626251e1c15a08bd9bdfa82b46a33f4f/com.ibm.ws.transport.iiop.management.j2ee_1.0.50.jar", "generic://sha256:e6b12d0d26ab4bd6ff6291a70b77d0e9188d9e44e0bdb860eda36712727df8d8/com.ibm.ws.org.apache.commons.digester.1.8_1.0.50.jar", "generic://sha256:aad7631bb7c098a413e325e579c6242282b441ee86429d526d8aabd49156fb0f/com.ibm.ws.ejbcontainer.timer.persistent_1.0.50.jar", "generic://sha256:465575c9302d490f28e1a22764d6e55f884f2549815835c3e7462b8569f28fab/com.ibm.ws.security.authorization.jacc.ejb_1.0.50.jar", "generic://sha256:690ef5ab0d20879660851dafe2b214267d22defa0fbf0115db75dfb22456c032/ws-auditreader.jar", "generic://sha256:3e8010bb71d05ee6ecbee0606d202af477b69bcf19e48602822be01d31294e80/com.ibm.ws.transport.iiop_1.0.50.jar", "generic://sha256:be9d03ac4baa21928720b1b68d4a348d7f7455cd8dcb590d3430c060cccc3244/com.ibm.ws.appclient.boot_1.0.50.jar", "generic://sha256:2b79a22139cf48b92b8da21416df2ccf5524be852fc9513c0918883a1e9562fe/com.ibm.ws.concurrency.policy_1.0.50.jar", "generic://sha256:2f36711ef4ed15a98ee47b472053ecdb22092782ea0fe16c3ccf6852c9e426eb/com.ibm.ws.openapi.3.1.private_1.0.50.jar", "generic://sha256:fb28f6ea26a9aea0ef7efd5e680e4b646a51360a35bc5c13a0be73080624e6cd/com.ibm.ws.rest.handler.validator.openapi_1.0.50.jar", "generic://sha256:e32845fc875dd02457ce88b70bdb5791de80eb54b5a8c888a801f42aef9a650d/com.ibm.ws.org.hibernate.validator.cdi_1.0.50.jar", "generic://sha256:1c4460e567bba9efc148d8e41e78c2097ba313f5d3cf0bb2ebbbcba0f62e0436/com.ibm.ws.session.db_1.0.50.jar", "generic://sha256:b6317844cd68c0ed56668aeddaa5d7ac7039cf49d713173196a47898afd2ad2a/com.ibm.ws.logging.osgi_1.0.50.jar", "generic://sha256:e1b08af18aa5836c4addafd82fa897e2997e79e1ae54cbd0b03065953ab01471/com.ibm.ws.opentracing.1.1.cdi_1.1.50.jar", "generic://sha256:2acd923970f873751c0755d58aa08eb0d5f44a412d7c9745ea97564458b0a1af/com.ibm.websphere.org.reactivestreams.reactive-streams.1.0_1.0.50.jar", "generic://sha256:b8db2cdb2a73271fbdb3005c670fa29676647eb04d9c23f9a25a020e0cfe05dc/com.ibm.ws.cdi.2.0.ejb_1.0.50.jar", "generic://sha256:034226b6764770f4cad0f2cd17ea0a990bded29f4e95548b3b919716e246413d/com.ibm.websphere.javaee.transaction.1.2_1.0.50.jar", "generic://sha256:fc0770b4ac6f7745e8726011e0868a96c39eba66559efaff17c5c4a00bd92d33/com.ibm.ws.app.management.j2ee_1.0.50.jar", "generic://sha256:6928d53030c1590429353440750f1acf64708b68a810c887255447949419564e/com.ibm.ws.jdbc_1.0.50.jar", "generic://sha256:f352c7f608a5514bb6f5a39c87dc526a46446c62d82be0dfc8ce24ce20a06ad6/com.ibm.ws.monitor_1.0.50.jar", "generic://sha256:0be8464b64b52be47443cc8d1e69a197cbf12bc6c197a58c72c8c6ef44953700/com.ibm.ws.security.audit.utils_1.0.50.jar", "generic://sha256:c165af04acbab52017e64bc3f5f305c1d8ad316252119e8f795531a04a12b138/com.ibm.ws.jndi_1.0.50.jar", "generic://sha256:3c9f7bec6d6201e46c4e9082a274facb0861f1e4d534e76175e3304c171677df/com.ibm.ws.jsp_1.0.50.jar", "generic://sha256:a74e597804d3cb5c6a4e4242c66d9309e8bed13d79447b769fc8a4cbf4b9d8ea/com.ibm.websphere.javaee.transaction.1.1_1.0.50.jar", "generic://sha256:21d5ecf153bf45aa85d7b3564b28d516376e5b2c130133816ba783d8fcef515a/com.ibm.ws.event.logging_1.0.50.jar", "generic://sha256:0b5fbd75653ab2091826523a35988f7046adc3abf0b875f8f0c7bec67a530e03/local_policy.jar", "generic://sha256:f69f7f685efcc78a893c508ef51d4e203bcc10e68eee8fdf5054f907fc0e0089/com.ibm.ws.javaee.ddmodel.ws_1.0.50.jar", "generic://sha256:c4bffc9cbd6c38b8cda1d8b81353a3e9046e4779e263f5a9cbfe5f2961dfc1db/com.ibm.ws.microprofile.reactive.messaging.kafka.adapter_1.0.50.jar", "generic://sha256:25333eef979f867c7aca53ca960a8378e4385127c0c1be55675c962755dbbfb1/ws-springbootutil.jar", "generic://sha256:3f3f2fae537cd5ff76ac3acec4bc183769a97158bc83e8e4bcc068c8124c0517/com.ibm.ws.jdbc.4.3.feature_1.0.50.jar", "generic://sha256:983b637d3ed31fd5078bdfb2bc3151602673a0a05c1312ab7d44a12d1abcde82/com.ibm.ws.microprofile.faulttolerance.metrics.1.1_1.0.50.jar", "generic://sha256:229295da16331fe0ff661f5680b82d48447f90a001c3e33c6bf770d6c2bcfe0b/com.ibm.ws.jaxws.cdi_1.0.50.jar", "generic://sha256:0627abd0684034922f2ee0361410ac07d0c61d084dee018a5a4952c96ed9a921/com.ibm.websphere.javaee.persistence.2.1_1.0.50.jar", "generic://sha256:308e4dd6286af52eb764b80f451dfc4b0af5636e5575fc834b71228b17c96017/com.ibm.websphere.javaee.concurrent.1.0_1.0.50.jar", "generic://sha256:0c154c4a326f59212458091c4c5707fa5a460854f56af2210ceccf65fb462271/com.ibm.ws.couchdb_1.0.50.jar", "generic://sha256:ac18a6fac88576535ee8313fc3d64bba885ead511ce7fff4991f47afb52f4e90/com.ibm.websphere.javaee.servlet.sip.1.1_1.1.50.jar", "generic://sha256:d2950e0584d72d15375320c6d5196758c1709fdd547f36d2b9a0f0be1017f12e/com.ibm.ws.org.apache.commons.beanutils.1.9.4_1.0.50.jar", "generic://sha256:d49d9713c63908b26cd1787ea04b28d1b7f8e0d9a2f37f0a7583a24970f2ea45/sunpkcs11.jar", "generic://sha256:f8563f003ebe17b55ad26f124c8a968be6766a37bec20259909c2287be670515/com.ibm.ws.jms20.feature_1.0.50.jar", "generic://sha256:3f406593f8357733c8b9d41c42bba935cf61014dcb8d69c2ee36f62cdcd12f02/com.ibm.ws.jmx.connector.server.rest_1.1.50.jar", "generic://sha256:f4f56475fcecf0b38efa0e77521b7b4ccfd026bd4bd34dedd56cf7a1d78c2acd/com.ibm.ws.org.apache.cxf.cxf.tools.wadlto.jaxrs.3.2_1.0.50.jar", "generic://sha256:608ab49aa554cb8e73474cef314b18477bf617cfa8142461f5a967688c0f4591/com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.3.2_1.0.50.jar", "generic://sha256:040466428fd5eab096f461b5732311f23c933d590a2d210b3be1a09747491f1a/com.ibm.ws.microprofile.opentracing.rest.client.1.3_1.0.50.jar", "generic://sha256:81a3dce601caad5fb470e64b9c8feac2a5f8e17f986f6240b3e4fe4cd383e7c1/com.ibm.ws.microprofile.faulttolerance.2.0.cdi_1.0.50.jar", "generic://sha256:990d23c672651849cccf1c34ce4ef1a2fc7bdbda7332cf770b4cd6c955868f30/com.ibm.ws.transaction.cdi_1.0.50.jar", "generic://sha256:37e76bc35636ca0e1e5525ae3154e515c453dd61b522a775222f80ee2003cff9/com.ibm.ws.io.smallrye.reactive.streams-operators_1.0.50.jar", "generic://sha256:a8113c907c3029aff77b4231276e30ef5c14bfb130ca36dc1f17356a0e04068d/com.ibm.ws.microprofile.config.1.2.services_1.0.50.jar", "generic://sha256:9b6ad0a71973750630aed30f40198b20b5d48e00eee491697362e5bd2c49c6a5/com.ibm.ws.jca.feature_1.0.50.jar", "generic://sha256:33f643e40670e5dc8608f8219fda0a728b97e3fa7e2f95ba8948c7383e905d5a/com.ibm.ws.beanvalidation.v11.cdi_1.0.50.jar", "generic://sha256:1ea3a260bad1a8a07a2437429cf19125c9fcf4fcc616c9a3d54dd54ed9678192/com.ibm.ws.transaction_1.0.50.jar", "generic://sha256:31de554882a1f1f395669adaf44e01a8f9c802d2cda4574d9ddc9cb96a01ad84/com.ibm.ws.cdi.web_1.0.50.jar", "generic://sha256:c0acbfa422307ccd10ef87cdd635ea1f1d4f241c5f037dcbe9dc91323978b677/ws-schemagen.jar", "generic://sha256:7c4f4c6683206d90e48130d47f8cd0e4205671a3ee852e27fa924036a986f548/com.ibm.ws.security.jwt_1.0.50.jar", "generic://sha256:11d0d2dda1da4859534d123598d1594ea9f59a1dc41e12ec16b0e3d08bb8ee99/ws-jbatchutil.jar", "generic://sha256:67736eef18e87c8a7eebcf99e019d4c87432e2afa9fa422076df71fe98afc05d/com.ibm.ws.jbatch.joblog_1.0.50.jar", "generic://sha256:57658f955257d4a0e431fd5a1bdd0c08f1ba41175b251dd04a206a65bffa9be3/com.ibm.ws.org.apache.santuario.xmlsec.1.5.2_1.0.50.jar", "generic://sha256:4c652ba04af34ab9501de2271d8bf2f00109953180d52b55977a8bcf3215846e/com.ibm.ws.artifact.file_1.0.50.jar", "generic://sha256:7af563194bca97667aa8771cdcc6aff26044c9b9cb6a7fdb34c56fcb734acebf/com.ibm.websphere.org.eclipse.microprofile.metrics.2.3_1.0.50.jar", "generic://sha256:22316b3d9d59eb9d2aa3304deb2105614a805b76150f9dbe6b45e76ac73026cf/com.ibm.ws.security.saml.sso.2.0_1.0.50.jar", "generic://sha256:197df273c6914cb00fc50f9b9d504a6ff9e14e7aff5c4b215c26301680d1f02e/com.ibm.ws.jaxrs.2.0.cdi_1.0.50.jar", "generic://sha256:9d78e414fb7a2855ed1ab7dfcc04088b16f0c89c5a0d796d5e260c387efa3253/com.ibm.ws.org.opensaml.openws.1.5.6_1.0.50.jar", "generic://sha256:acfef1e821862b1a91a0c60eed97a3cca6079234e39a9328ff388d6a6f9f301f/com.ibm.websphere.interrupt_1.0.50.jar", "generic://sha256:9753d1c40eaa6a26230b66399a3966ab66bba5b0edc3b3134325c209101ccfd2/com.ibm.ws.microprofile.config.1.4.services_1.0.50.jar", "generic://sha256:feeb021598fccbbd7884b874a763d4c4942f4bc6883c60ec3167b7e791032cfd/com.ibm.ws.cdi.2.0.weld_1.0.50.jar", "generic://sha256:97621b46a527c29495301691af395598b641fa944bdf385b229c3a5b1455163e/com.ibm.jbatch.spi_1.0.50.jar", "generic://sha256:adf7548b872d60a1cf960436af251a9e6a3d8bf92881727864922d23b1848de7/com.ibm.ws.persistence.mbean_1.0.50.jar", "generic://sha256:612d9ab6393e0f9f487e0388afe5c2d9307c36bd5930350acdf32641b1ca45b6/cldrdata.jar", "generic://sha256:73b7ad4258f4262054165e2d0b1d3e6ea3e9e4778ea238e50410cea980fae802/com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.hc.3.2_1.0.50.jar", "generic://sha256:b9052fe9a803983bc9126a9b57391773d68e276491f5da86bad59287d61bc91d/com.ibm.ws.logging_1.0.50.jar", "generic://sha256:bddbe4d2cf79ef5f2af47ae7614ac6791bd0dd15052e558bce9ba9b84befdeb7/ard.jar", "generic://sha256:85f882e44f57e95466cc8b1d9af7dc4f7496bd2d09923f52b023a4dd08571d2f/com.ibm.ws.microprofile.config.1.2_1.0.50.jar", "generic://sha256:e25da14a30bea7cb29ca8bd59515ecd6921f61777bc167287791a48344acf451/com.ibm.ws.org.jboss.jdeparser.1.0.0_1.0.50.jar", "generic://sha256:9b7f6461a093cc2ca222e24160a40d95c81bdd8c863835d8b958b5defe7c8392/jsse.jar", "generic://sha256:5c272dc73670805f35bacf4547ed432fd428699716a4bad590610c38a6a46383/com.ibm.websphere.javaee.jsp.2.3_1.0.50.jar", "generic://sha256:bf9383b15792f356b07f6fb9c8fb8b1a95c850dbb74d98673fa80b6f5a7cfc60/com.ibm.ws.microprofile.health_1.0.50.jar", "generic://sha256:5afe8b2646d37d3d0690b543944782e2cbadc22be913d43f30727ba172a77250/com.ibm.ws.management.j2ee_1.0.50.jar", "generic://sha256:38ea48d23baeee8956b30553ef0e1c018b7fa859c86aa15ddfd1958d1a22a950/com.ibm.ws.jndi.url.contexts_1.0.50.jar", "generic://sha256:9b3589a2cf7ac2b4f202d18f8c40e866e1ef384c9fe3021b39536d64aca22ce9/com.ibm.ws.session.store_1.0.50.jar", "generic://sha256:ed18fa5375efa1f280d9841d314dd16b606a4be955edee70b304863df05344d6/com.ibm.ws.http.plugin.merge_1.0.50.jar", "generic://sha256:f6b15e9cf1168c22767f29e4d05a740cda8e099f7f868eb8262def5d564901bd/com.ibm.ws.microprofile.metrics.2.3_1.0.50.jar", "generic://sha256:2547b92b3a5b8792bfc27497b9fc33f76b650083c60e7972ab4bd7f135b1ab9d/com.ibm.ws.messaging.comms.client_1.0.50.jar", "generic://sha256:317e8e7ce7313d6a4a1c69d10ea817c7b11653c0b35fb6c44995fe3e94f4e399/com.ibm.ws.org.apache.xml.resolver.1.2_1.0.50.jar", "generic://sha256:2689911b2d161b5bd1d037bef0554253c7e68de5c305c10a3bdd0777616b37e6/com.ibm.ws.security.acme_1.0.50.jar", "generic://sha256:0ec86acd429d8a40dcf666e80a05717b0ad85f4ba2ce6c9f0608ebd54aa475ec/com.ibm.ws.security.csiv2_1.0.50.jar", "generic://sha256:11c1c037a29d9add3c13746bba148668aa4dc095775627ef5227ad8f54090350/com.ibm.ws.microprofile.metrics.common_1.0.50.jar", "generic://sha256:af78bad7179cb4552e9954748552a169267922bbb84ba595c77323d3f6ba12af/com.ibm.ws.jsfContainer.classloading.2.3_1.0.50.jar", "generic://sha256:b499b5c46dec1ca4103680cd0ce851618b27d10185958b295586a2ff4fe144f9/com.ibm.ws.javaee.platform.v8_1.0.50.jar", "generic://sha256:f8ae7b6eca7f41b7e2528900be66b2352d884b0ad6c8ebd716d31070b6798716/com.ibm.ws.webserver.plugin.utility_1.0.50.jar", "generic://sha256:126e7d5d6e004951cf340a6355bc4df343d013087bfd07df5d03d64a597db914/io.openliberty.microprofile.openapi.2.0.internal_1.0.50.jar", "generic://sha256:87e206a3a195b80df6c6bc7f80aa867b7ab4af19a3e691c3da2cd696fa33eb7e/com.ibm.ws.microprofile.faulttolerance.2.0.cdi.services_1.0.50.jar", "generic://sha256:a1e43bfecb19506d786c5929d225a07d690f0511a2f7fa87e75a8cbce27df498/com.ibm.websphere.org.eclipse.microprofile.metrics.1.1.1_1.0.50.jar", "generic://sha256:7d8e7a519bd15bfd2c3af9c15cfe67cca48bb2216b3c28f78e6a3ec5be03b294/com.ibm.ws.jaxws.common_1.0.50.jar", "generic://sha256:d045a9f27c9f1e67a5a348afacb1d0a80b272b6810224aaf69ee9678ed99f4d3/com.ibm.ws.security.kerberos.java8_1.0.50.jar", "generic://sha256:77d38b086d5f7b509428524179fef989108900031c0d7877998119c7008f152b/management-agent.jar", "generic://sha256:68583afaac4b027b2844a675cbe247d34393d39d63381789a35891bb28a1b9d5/com.ibm.ws.security.credentials.wscred_1.0.50.jar", "generic://sha256:a2b6f0c26cd7ba03620101179f9b6f44506d82307c16b43b1f55d4d36ae02351/com.ibm.websphere.javaee.validation.1.1_1.0.50.jar", "generic://sha256:a9b7e8786c4d55237a142a2330bdf48ea4dd896af84dc624feb501cc299d0db3/com.ibm.websphere.org.eclipse.microprofile.rest.client.1.4_1.0.50.jar", "generic://sha256:d35ad2d5c10de9d95527beb6eeb61db3418c885826c2e3fb70215676d7562d7e/com.ibm.websphere.javaee.jaxrs.2.1_1.0.50.jar", "generic://sha256:e7b8dafd558a6bf8e1f6fac42ba12efcd875478d32e26ebf4c477781db0de7c0/com.ibm.websphere.rest.handler_1.0.50.jar", "generic://sha256:92fa383338a0f96d23bef2360da24eb6407decde754ebb126b0154ce7ed6a8b4/com.ibm.ws.microprofile.opentracing.jaeger.adapter.impl_1.0.50.jar", "generic://sha256:f7eb14efaf32167d833cc44785fa510ba88c5830cbd18499f50f11ce9f16bf2a/com.ibm.ws.com.google.gson.2.2.4_1.0.50.jar", "generic://sha256:d71619a65d40228007d60acfcdeb5f78ccdfc8c9098afb32e03c4beb102b1ebf/com.ibm.ws.security.java2sec_1.0.50.jar", "generic://sha256:15109ef64371653be937cd62ba3459807187a4a6e65d009c4de6e949b64e2bbd/com.ibm.websphere.javaee.interceptor.1.1_1.0.50.jar", "generic://sha256:959d624633454cae06df36625bb41981d34a26c98e0379c96f3c1f79e73d8cfa/com.ibm.ws.org.slf4j.jdk14.1.7.7_1.0.50.jar", "generic://sha256:459a8a084fab05d53204e44ef40d06f26545d927de45f6b5741f977e5038a879/com.ibm.ws.security.utility_1.0.50.jar", "generic://sha256:6ac0215b092ec873cebc8b7eeefc4f64f300df8c8f98d6109652e0e26df08e18/com.ibm.ws.logging.hpel.osgi_1.0.50.jar", "generic://sha256:756b22d9e6b7c36826c15d8e14fe3184181561c0e8c56de7ab23cfc3d16d546a/zipfs.jar", "generic://sha256:9ae0995db85b0ca7b0373c59f92465b1b521259e2b944cf420a8d2d1d2699d61/sunjce_provider.jar", "generic://sha256:385316410def1c01a12ab450e51c733bdbf0b37b6285fb4aca842483fed3805f/com.ibm.ws.security.common.jsonwebkey_1.0.50.jar", "generic://sha256:6bec7af3731a1bce8f375adc526020841333777d0fccecc16343b3b65f114994/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxrs.3.2_1.0.50.jar", "generic://sha256:f8c3038c027309cc47feb1ff37713fa6d2a7a17118b8fa2303a85b9bf31e6550/com.ibm.websphere.appserver.thirdparty.cdi_1.0.50.jar", "generic://sha256:11ea22b012c83ab406b8068e0f48d188a430d918aae60076b75be09e7dec6807/com.ibm.websphere.org.eclipse.microprofile.rest.client.1.0_1.0.50.jar", "generic://sha256:27a3fed7793a641041af98d2f40fddc319a17fd5f933957b8d9c719644bfcf37/com.ibm.ws.microprofile.metrics.public_1.0.50.jar", "generic://sha256:60c15b8fcb50efb74a6595f3b429b10bef6204c1c4f195c7c64d26898667ab6c/com.ibm.websphere.javaee.wsdl4j.1.2_1.0.50.jar", "generic://sha256:2ca571ac9f3ae8aacf29ac41c032137b06c009ff6deae5b58d97be4e58085746/com.ibm.ws.org.jvnet.mimepull_1.0.50.jar", "generic://sha256:16b97d7eca6e393345e7dc40d3116ee8e129694c60f40fab8fc7ea5d8d72b558/com.ibm.websphere.security.authentication_1.0.50.jar", "generic://sha256:f3d2d33d4607c58d47a2e171b89d3645539fe93c9725612f1dadb3dc0778cfba/com.ibm.ws.security.javaeesec.cdi_1.0.50.jar", "generic://sha256:68efbe2870a79aab9318d40361ddfb453c96d466ed08c395cc842367a7a5a481/com.ibm.ws.jaxrs.2.0.ejb_1.0.50.jar", "generic://sha256:6839f3651593612c72d97b711f64fdfab11fec93a8048509cdf0d7747540abbb/com.ibm.ws.kernel.metatype.helper_1.0.50.jar", "generic://sha256:ee932868e3d7c8129ca1bc90b630881ff260d12e29195146c5e92fa561292d1a/com.ibm.ws.org.slf4j.api.1.7.7_1.0.50.jar", "generic://sha256:b1a5087e42e0ae6e5107816b4114f6ddc69853382b5d833ebfc964f46035f386/com.ibm.ws.messaging.security.common_1.0.50.jar", "generic://sha256:18bd14d3580a3ea6d85b2fda8b49e07ba611a40dc4b7433cdbdbd4a414fd3927/com.ibm.ws.jca.management.j2ee_1.0.50.jar", "generic://sha256:b287ffaa22a3cdeb76b5360f6bb6658f0ee6b0c83caa59ae2f52405b96a3db8e/com.ibm.ws.management.j2ee.mejb_1.0.50.jar", "generic://sha256:7c8acb773795023b43238628f6bd3399e7285a6ee59b079142575d6adaee275e/com.ibm.ws.app.manager.wab_1.0.50.jar", "generic://sha256:953aa3a8b7ac0c7fbba446028f4d368c1f02a516100966dc5f85d7f0a5f2ae54/io.openliberty.opentracing.2.0.spi_1.0.50.jar", "generic://sha256:33355f0fda150610c3d0771ece24a1f7436d99bfd4c904cc29f1c091544f9673/com.ibm.ws.security.authentication.tai_1.0.50.jar", "generic://sha256:2efaee218a72c92dc70b572bf25c4d4f10d351728b03132c3990c9de7dea7322/com.ibm.ws.microprofile.graphql.metrics.1.0_1.0.50.jar", "generic://sha256:ee0f3388b2a77484d7a52879bf8591d5d5e48140a1c825d3367ecdd7b4d022e6/com.ibm.ws.security.token.s4u2_1.0.50.jar", "generic://sha256:e04076b4f0d5bcfff72608ee97765ff51e86b271970aed40e2f5b1c865607ef6/com.ibm.ws.webcontainer.servlet.3.1.factories_1.0.50.jar", "generic://sha256:e168ca1f3ccb531c6f1a6d9e3d0ff4ffbdfa963af87fe7c42b6a3d4b05bfc19a/com.ibm.ws.cdi.2.0.jsf_1.0.50.jar", "generic://sha256:95856e4a6c8e7c3ec99cefb343fb1a5a89911f6502acfaca509241281d0a63a8/com.ibm.ws.session.monitor_1.0.50.jar", "generic://sha256:5a0622e51060f3fcf538f475ffb319667804d525fb6d7baed00f1360961c74fc/US_export_policy.jar", "generic://sha256:f298640d929baa436408da07290a8574bb4bf9742d7bf56c152d201385f07c95/com.ibm.ws.jsf.shared_1.0.50.jar", "generic://sha256:17cd257b94dfd6beb160ba37ae979dfe6a5db8fd2db2f5dc1f04192ce5e5004c/com.ibm.ws.crypto.certificate.creator.acme_1.0.50.jar", "generic://sha256:675d97379009b302195cf9df609d9f8810a0db6e0bcaaa2610335e5761820d3a/com.ibm.ws.jsp.jasper_1.0.50.jar", "generic://sha256:bf51c280801621ec5a0dec8c3da35b104a1563c81a50b0126f4d2d500b578fd1/io.openliberty.rest.handler.config.openapi.2.0_1.0.50.jar", "generic://sha256:093b5cd49a3f8dc4fab92803fa01b80b00d466a7d6c5b6d7b20f006b00470b97/com.ibm.ws.opentracing.1.3.cdi_1.3.50.jar", "generic://sha256:dee8dab1841dca734363ab8cf8af56ce4333263230a45cdd28eb1a3a588df2c2/com.ibm.ws.security.client_1.0.50.jar", "generic://sha256:0c4aac6b13d4c1cee9c63d58aed95e954b49a9cb3d9e3e14cd22d8bde41cb751/io.openliberty.grpc.1.0.internal.client_1.0.50.jar", "generic://sha256:0bf2dfc2b0c58a761085d13b40b786134a45c31efbab4da5a2dd4691487c8748/com.ibm.ws.ejbcontainer.remote_1.0.50.jar", "generic://sha256:454e47e4fc10dc62e41ece5af8f0a81bf10673807dc720dd5e6456d63ad92f45/dtfj.jar", "generic://sha256:076e8e357609fa6fbf5dec96a24c64d575977be8320abbc4230638d937dafaad/com.ibm.ws.rest.handler.validator_1.0.50.jar", "generic://sha256:bc2c4db8b541904cf9b67bffac9a8adec04458b3286a9ca13a644e722221409a/com.ibm.ws.eba.wab.integrator_1.0.50.jar", "generic://sha256:a35db7dc1684c0a3d1791e302b60df20567f2e4c593fae14f8aedbf0da94131b/com.ibm.ws.microprofile.config.1.4.cdi.services_1.0.50.jar", "generic://sha256:d6ac958b8e8abfd2271ca3e24463af0c9e31d3eab1563ca3665693492a4d9c70/com.ibm.ws.org.apache.yoko.rmi.spec.1.5_1.0.50.jar", "generic://sha256:dc755af9af79ebad56ff18d7a891f69445b4df1430f4f468dfcdaba257000e81/com.ibm.ws.rest.handler.validator.cloudant_1.0.50.jar", "generic://sha256:91e44018257daf23f09ec32278d4a78dbad1b2586f076f6c3fff8ec317d42335/com.ibm.ws.collector.manager_1.0.50.jar", "generic://sha256:8ca5bb7ababb905ca62fb5f1d587e43e2fd525a0af739444c75fd3d570fe22a8/com.ibm.ws.managedbeans_1.0.50.jar", "generic://sha256:6e7f13ff9745be2b31b46ad27bfc4cbcccb5b988e27c7b618b5ec25b2172f0ca/com.ibm.ws.jaxrs.2.0.client_1.0.50.jar", "generic://sha256:f7c833671bd66583f28a433ab6f6c27b91e8107c7a4b8821085adbdcc71d2ecc/com.ibm.ws.jsp.factories_1.0.50.jar", "generic://sha256:6c797753fcaef1b6bd35413f9b2228f8535bed52026ac2d7f2a8e52c957a54bf/com.ibm.ws.cdi.1.2.web_1.0.50.jar", "generic://sha256:6ab09fee1c52ca496d1af51efbc803eec5876c6aefab2f758ca6bad4e154dc91/com.ibm.ws.jaxrs.2.0.server_1.0.50.jar", "generic://sha256:9fc7fb8fa6ac001047122c49691ddcbfe4240d19db2d246e85552734736ceb8c/com.ibm.websphere.org.eclipse.microprofile.rest.client.1.3_1.0.50.jar", "generic://sha256:8ae369224fd69aaf65b604cd32a0e641e520440a251ab7ae7cf6f9b684f14773/com.ibm.websphere.jsonsupport_1.0.50.jar", "generic://sha256:bd8274ce62be49d2a747b1e3590f3f756b031e646f5bafb67cfe97e5d0829f9b/io.openliberty.microprofile.metrics.internal.public_1.0.50.jar", "generic://sha256:951e578ee47440c8b26ec06891c9668378e111c07c2fa5b52f654db3ae9397ea/com.ibm.ws.transport.iiop.server_1.0.50.jar", "generic://sha256:379c236d78e9fa17f110fb9084089ef5ef955b7af74e0cbce357c458ab7c624e/com.ibm.ws.org.jose4j_1.0.50.jar", "generic://sha256:a98c4794f25bb8a9a7c0cfef1360565f74ce4be932a89aaf403228efb5a76a6f/com.ibm.ws.microprofile.faulttolerance.1.0.cdi.services_1.0.50.jar", "generic://sha256:91cda2d8f35c251f208ef0f695fe124794a33fbadcc0d6d95a799ac1a61db3dc/com.ibm.ws.javaee.metadata.context_1.0.50.jar", "generic://sha256:485758ec87fe830a4a14556f68768dcad3d6ef56f76cc9aead5179e9fb9b68b9/com.ibm.ws.cdi.weld_1.0.50.jar", "generic://sha256:17afc29ef81810cf252093f4835b8808f3601689fdad9004c2c153e9fddac062/com.ibm.ws.request.probe.audit.servlet_1.0.50.jar", "generic://sha256:122e3c9c2c9c2d136eec009ea0675a61427954e9042856ad8642e5372981a38e/com.ibm.ws.jdbc.4.3_1.0.50.jar", "generic://sha256:a764d6597fb9c07f782379716c42c4eb015e57fa81529b7b0fa1a73ed10df2b7/com.ibm.ws.webcontainer.monitor_1.0.50.jar", "generic://sha256:67f64f895d179d47351e8b847887c1c46b6c1eedf87e521da17627c92aa2766a/com.ibm.ws.repository.parsers_1.0.50.jar", "generic://sha256:ee916d47eb97b4aa1e4ea22b3c04827f2d05d698c88411b1deafd41d0e65f05c/com.ibm.ws.jbatch.utility_1.0.50.jar", "generic://sha256:7976884cc2123ebdfc99ee1fc6dd897e1fa69b0cd9351c7b95a1ed4d2322ca93/com.ibm.ws.net.sf.ehcache.core.2.5.2_1.0.50.jar", "generic://sha256:3cde734858da24d4750c413bb7688e576e95a544a4e4e15bb2367373fc2dd64a/com.ibm.ws.org.glassfish.json.1.1_1.0.50.jar", "generic://sha256:ec41eafadf006d4c70b1faaf8a6b7d8d02287a04118a420c28aeac7ec82c2389/com.ibm.ws.jaxrs.2.0.web_1.0.50.jar", "generic://sha256:c9ce2d7e318d5789cf14d9b434a71d6f2c81abde744b1c019edb910d0cec5b78/com.ibm.websphere.javaee.annotation.1.1_1.0.50.jar", "generic://sha256:8f4db433ec70fe71bfd8c88b5ec517abc3b66b2c0041274dc26e8b8d3ccddf66/com.ibm.ws.jaxws.webcontainer_1.0.50.jar", "generic://sha256:bc15d247215ddf476fe36d6850bbb7a811a154dc75363ed735000d08bb8aa152/com.ibm.ws.javaee.platform.v7.jndi_1.0.50.jar", "generic://sha256:85a324825e8ee93b045c2c0810b4a4f4f471dbff9679bb9f050d4caa0a890234/com.ibm.ws.request.probe.jdbc_1.0.50.jar", "generic://sha256:ae692ef92c7bf62d56d33f4a3a0d53c162d30f237a959f12e19573b8646d8497/com.ibm.ws.org.eclipse.equinox.region_1.0.50.jar", "generic://sha256:d1881c2043b79ac5d4be7681385031c608d7e52748e6b075bb873ece3fd23163/io.openliberty.microprofile.metrics.internal.cdi.3.0_1.0.50.jar", "generic://sha256:c2ab96a875a7ae8ac6df32f00c465846dee28017103801046c21ab04f63e74c8/com.ibm.ws.context_1.0.50.jar", "generic://sha256:bfd35451d0495866dbdc3bad275f23689ee36a009cc110153c2646a60bfeb275/com.ibm.ws.collector_1.0.50.jar", "generic://sha256:16edd897e303bea6832a7355d2938e8abedd58b829e57ef965d5795ab4c37db9/com.ibm.ws.webserver.plugin.runtime_1.0.50.jar", "generic://sha256:2223be1e839ba7beab7898f93febf8c79d8fff1401123a1efc2f9cff39502758/com.ibm.ws.security.auth.data.common_1.0.50.jar", "generic://sha256:247d3c18dee300d0869e1064b0c4c5755c7e022dd85c535b3589e29864ed1a05/com.ibm.ws.ejbcontainer.session_1.0.50.jar", "generic://sha256:c822ce9db3de8f31a01da35f3a99e92dcca1ab3fa6fbfcb13adc138e9624daa8/com.ibm.ws.opentracing.1.1_1.0.50.jar", "generic://sha256:bd2119cac126581d6d878b2c2766b1bb3904c5a8412a6c07cf52d6d7db103236/com.ibm.ws.microprofile.faulttolerance.1.1.cdi.services_1.0.50.jar", "generic://sha256:c6e29d5ba752620e33cd5666bab7293de3ad10916ad1d74eaffff3dcf78ecdcc/com.ibm.ws.security_1.0.50.jar", "generic://sha256:0221078b801affbf151e6e83e4f00e8b81d2e57ba9797399e23650bf146d6a4a/com.ibm.ws.microprofile.metrics.2.2.monitor_1.0.50.jar", "generic://sha256:ded2ff348e8c30bc281d4da21a5181997a964c67a27da84120d25b16f8dde1d6/com.ibm.websphere.javaee.interceptor.1.2_1.0.50.jar", "generic://sha256:9867efa2957225d8cd80a390b3f9bd99fc1ca08b307b79f8c4ce49e062aa89c4/com.ibm.ws.security.authentication.filter_1.0.50.jar", "generic://sha256:04aed362f79a4f514ac53adb2a57c7858a1f2704a311dd8ac4c392e7e26afeaf/com.ibm.ws.kernel.boot_1.0.50.jar", "generic://sha256:937da6c86a9e3f65b4568af90fa2366fd5ccdafc93ff0dcd52b106695953c479/com.ibm.ws.transport.iiop.client_1.0.50.jar", "generic://sha256:acf33c271552f11610cade5200e5bd834320b1adabb56af10edcdd29b910d258/com.ibm.ws.webcontainer.servlet.4.0_1.0.50.jar", "generic://sha256:59aad647dfc74fff7b0c0d669de7faa546040f3ffdc4aff1f95598e1a9726d65/com.ibm.ws.org.apache.yoko.corba.spec.1.5_1.0.50.jar", "generic://sha256:91b7c760ca701087aecf280396a54d2f65359ab0a184b7d87503cebbad1e7108/com.ibm.ws.crypto.passwordutil_1.0.50.jar", "generic://sha256:dbfe0d8fae3a9001ff0d3cf260569496d28a8efa4fc47a2dfbfb9100353d538c/com.ibm.ws.microprofile.faulttolerance.2.0_1.0.50.jar", "generic://sha256:5fff0ffa7c6efaa98b3945f58229baf793a1613d0f46593f5a86a908a0911c19/com.ibm.ws.wsat.webservice_1.0.50.jar", "generic://sha256:bc0cb8c93e34cb9e49effba255129fd5ed3fb6b59a64fad6bc94b368b70264f0/com.ibm.ws.messaging.jmsspec.common_1.0.50.jar", "generic://sha256:667c513a1b303b5147461c62721853bef1c8046ed93f1a0d2c4edb6a78d9c3e7/com.ibm.ws.channelfw_1.0.50.jar", "generic://sha256:d86ea2cc3b2f6509349ad6ed33b1d2f42d6ccbcee6a0db29d0b12fa1a8de5780/com.ibm.ws.product.utility_1.0.50.jar", "generic://sha256:0a451d8161735574b769e12e5d5d5368c613064253ccbeded194cccaa7ea83f0/com.ibm.websphere.javaee.ejb.3.2_1.0.50.jar", "generic://sha256:4024098b2dca0ee9ecea7f8154a00b606643ea8f24d3e9d95c164700fa881809/com.ibm.ws.transport.iiop.transaction_1.0.50.jar", "generic://sha256:f14655807ceaeb2339eb8d777e314888a6b902c22112199ce630d2b700cf5a7c/com.ibm.ws.prereq.wsdl4j.1.6.2_1.0.50.jar", "generic://sha256:5a0415cdd2978b4a7335b0f3467aa0bff03298c180c84f917b40c4dfea3c9ef6/rt.jar", "generic://sha256:a2d2a8aee555ec20a5ce055be88cc2ae4aff588da74aebb7d16f12fb2c51c336/com.ibm.ws.security.appbnd_1.0.50.jar", "generic://sha256:a52a7bad10b3600cd7fc6aa92604018969d63f02bead1a3dd912bbe082b5349b/com.ibm.ws.container.service_1.0.50.jar", "generic://sha256:8d5119e1d971802cd65731e40a00fd914a948d7d9f2487fd765a410ee6c85dd1/com.ibm.ws.security.csiv2.common_1.0.50.jar", "generic://sha256:9717809a360a765f23ac7611f8b6ffdaf1f27f9409fdc5f8deb522ec7a4be799/com.ibm.ws.openapi.ui.private_1.0.50.jar", "generic://sha256:25be8595317c8cf3028f4ba1581701b4f8c3c0346e3656b24a8a1c2cddd467c9/io.openliberty.microprofile.metrics.internal.3.0.monitor_1.0.50.jar", "generic://sha256:a753df7f6c81d20eee75be6ff7133e96b03a61a677f99fa8fede8cbb2c80f705/com.ibm.ws.kernel.equinox.module_1.0.50.jar", "generic://sha256:241dacf8f3e37d69e5cf64fa12b3642c3a345684e34f8417609dacf848b52ff1/com.ibm.ws.messaging.utils_1.0.50.jar", "generic://sha256:cd31cfa99638e69c3785ef0ee3372ffa67e9c1925eaf697e8b4da46ee25390bb/com.ibm.ws.management.security_1.0.50.jar", "generic://sha256:77c43b801549a849eee95eb92da92298bff791450dccfa2ad6194417b0379d31/com.ibm.ws.messaging.security_1.0.50.jar", "generic://sha256:ac3aa7583a4ae23ce5efdad0b63faa9cd5ad2d666df2d1f128d8a0fbef67b08d/com.ibm.ws.app.manager.lifecycle_1.0.50.jar", "generic://sha256:ec72cae8c36dceb7dd1a188b29275e359d2ae260d87c6e0af27a6da24e844bd7/com.ibm.ws.rest.handler.config_1.0.50.jar", "generic://sha256:888622b2deb1d13d204331b7df775391be5745ad174d93c1925b5789c0a7d63b/com.ibm.websphere.org.eclipse.microprofile.graphql.1.0_1.0.50.jar", "generic://sha256:e4343f68733dc63d51ca71bc3e47483ff6aaf53207ecde380d0fc954e2098397/com.ibm.ws.cdi.internal_1.0.50.jar", "generic://sha256:b58381473015e75ed0649795e55004b836c0b868e8bcae112240670996969126/com.ibm.websphere.javaee.jstl.1.2_1.0.50.jar", "generic://sha256:f2474a6ef4db7227426534c084e848d879b24392ef2bcbefb66987d2d0a7bc0d/com.ibm.ws.dynacache_1.0.50.jar", "generic://sha256:8f7c9ae0fbc218b14ab660007e3c2e24332b5a1b13ccab1994c568195603b532/com.ibm.ws.microprofile.faulttolerance.2.1.cdi.services_1.0.50.jar", "generic://sha256:6a734789e2f1a28148e8027524b8edac8c5115a0a75b59f0d9fc6cdf036940c2/ws-wsgen.jar", "generic://sha256:e5810feb1fd9e570375c23f5fa5aead32e84cc251254144c51fea619ebe952ca/com.ibm.ws.jaxrs.2.0.tools_1.0.50.jar", "generic://sha256:92f2734043206dd72c4f8b8c03bc2e13cb65a112e4cf53c531f77bd3f2be15ea/io.openliberty.io.smallrye.config_1.0.50.jar", "generic://sha256:2023977a2e5269674e355f04cef9e5a5f1ce9883d270b3cd8f1ef737f1465296/com.ibm.ws.org.opensaml.opensaml.2.6.1_1.0.50.jar", "generic://sha256:7820ecfb759fd31bc934554a75513b513d71da65c9d5931b40bbafdcabd23d5f/com.ibm.websphere.org.eclipse.microprofile.openapi.1.1.1_1.0.50.jar", "generic://sha256:39154fd013136fd72c41016be8155b52d5361649b55ea147136b9d3ae1df40a3/com.ibm.ws.filetransfer_1.0.50.jar", "generic://sha256:9d84b623cdd99b25dd3a5acec411c5284134a10e80cc09533d464acc2ea8a16a/io.openliberty.opentracing.2.0.internal_1.0.50.jar", "generic://sha256:297f58280ba1884c29110365acd28a5650ff7f0d794d5973961d89b7045303b4/com.ibm.websphere.org.eclipse.microprofile.rest.client.1.1_1.0.50.jar", "generic://sha256:bf5bce3e6a92e657878e9ef4602a78f675d6b10f2c5eb0e245f61049b1a4490f/com.ibm.ws.microprofile.rest.client.ssl_1.0.50.jar", "generic://sha256:430cd5994960152ed388b3c59fe808372344f92d892ce0443c69e48f759eabde/com.ibm.websphere.javaee.servlet.4.0_1.0.50.jar", "generic://sha256:5447ea627da5e6c3fd406a85199b9cc292220cbee0790d5955fd4add405b1bd4/com.ibm.ws.javamail.1.6_1.6.50.jar", "generic://sha256:9d245c6eb1eb8fd2a39696d5fd7444ec745a620f0d6f95f2d568046c6f949749/com.ibm.ws.artifact.overlay_1.0.50.jar", "generic://sha256:71af82ec15a1b7a500a29a97cb53a92662022650780f7012b104f5b9a9b5f361/com.ibm.ws.mongo.ssl_1.0.50.jar", "generic://sha256:9adc5151d823824e7625fcd4007ec555d0742fcb3a209348560c157ea31991e8/com.ibm.ws.jca_1.0.50.jar", "generic://sha256:82f9bb1968cf905abee951244ff4feae99a4e6797123b739a70adc8fdecdf0eb/com.ibm.ws.cdi.1.2.ejb_1.0.50.jar", "generic://sha256:592324c216d2dc7f62a1737998015f467a9a9f2320dd796c55a4890e14c685f7/com.ibm.ws.security.mp.jwt.1.1.config_1.0.50.jar", "generic://sha256:ca4b1910641e9b82ef969df401acf2d042339173d931fcc4cabb1748500976d8/com.ibm.ws.microprofile.graphql.authorization_1.0.50.jar", "generic://sha256:156e43209607e2636c7724ae8187ebceb128e00198e80ac932a64d7fbc18faf5/com.ibm.ws.app.manager.springboot_1.0.50.jar", "generic://sha256:382b5ebe5a745088ac2be25de242e3e9cb1760d97ef89d347a2e275fc69621b3/com.ibm.ws.jaxrs.2.x.monitor_1.0.50.jar", "generic://sha256:a3fb1ce5b66bd3978a7995aba2e4f5aa4020aa7cc46c5c0d668396b00de52186/com.ibm.ws.microprofile.metrics.2.3.monitor_1.0.50.jar", "generic://sha256:03aa4f020268b90dce5fbeee44529390f2514ff4297c2fb995edca1cf648c9c5/com.ibm.ws.ejbcontainer.remote.client.server_1.0.50.jar", "generic://sha256:6bb5869b556928562c957874cc1fdc7a373ce1afd1a26ce9377dc46f6980323b/com.ibm.ws.jaxws.clientcontainer_1.0.50.jar", "generic://sha256:52fb1fe425361a4b37742678d7f3157e6de2f89b549a6d4db577d3fafd26e65e/com.ibm.ws.install_1.0.50.jar", "generic://sha256:81ca2e134032cef4fedb4583191163a80f8b84ef41227f1bdf96b47900f24593/com.ibm.ws.jaxrpc.stub_1.1.50.jar", "generic://sha256:cabc7ba4eb72a2ac1164815b7b9e267106c2f480222a04fd2a5d6aeee951b74b/com.ibm.ws.springboot.support.shutdown_1.0.50.jar", "generic://sha256:18bddb159fdd153346a0abe879fb756f85e60dc9294980f615d66abba46e0804/com.ibm.ws.session_1.0.50.jar", "generic://sha256:92ae2d414f443fdfe5de89bd609f607c484d76e07e7c575b56398e4f43f7a768/com.ibm.ws.microprofile.faulttolerance.metrics_1.0.50.jar", "generic://sha256:82ef00393991706faf5dd60098572eeafd8ffc403e22fb830d4c575dcd73e3c4/com.ibm.ws.org.apache.httpcomponents_1.0.50.jar", "generic://sha256:65f9cd41c31745ac293b71544360ede4aaca86574f17e999d781069bf7bcec02/io.openliberty.microprofile.opentracing.2.0.internal.rest.client_1.0.50.jar", "generic://sha256:24529c98cb8c8f199f3a82e5261362dde7359b91e4f3aa376dd9c43370363219/com.ibm.ws.javamail.config_1.5.50.jar", "generic://sha256:af7be7242aad0a0f6837381ad29116b5cc0404cf4af1078b7bba9850c1fe08be/com.ibm.ws.logstash.collector_1.0.50.jar", "generic://sha256:890a2b3d17dcbbee3c2b8b36c25e30e350321d192ad10e4767ee00bbee971c23/com.ibm.ws.resource_1.0.50.jar", "generic://sha256:86dd830024e0809bf6a630852bf7204dedbeaec08ca97b550435ff3b4fc57612/com.ibm.ws.management.j2ee.mbeans_1.0.50.jar", "generic://sha256:057d4346859d0a770f097b592bd88a4187857d0b0416e636bce234ae595be8e3/com.ibm.ws.org.eclipse.equinox.console_1.0.50.jar", "generic://sha256:5c2bae7bf290eb049f898708ed3b367d90b91c5e93e16e03d51622d6a2e7ce0d/com.ibm.ws.request.timing.servlet_1.0.50.jar", "generic://sha256:238bb6b7f13da51c9c66f59e708457c3951dd922087b90cc01c49060e6a0c33f/com.ibm.websphere.javaee.jaspic.1.1_1.0.50.jar", "generic://sha256:2997eb5447c2630ddf3b381daa1ab890e05d70bd36828b0b099bdf43abb34b06/io.openliberty.microprofile.config.internal.serverxml_1.0.50.jar", "generic://sha256:828c217baf27003d0b5651b06cfdf33317edfa71c2379ef20873e3576cae62a3/com.ibm.ws.jaxrs.2.0.beanvalidation_1.0.50.jar", "generic://sha256:096e57d447dd8bff347902460f343ca707de6ec1ce519588124d276436374f99/com.ibm.ws.com.sun.mail.javax.mail.1.5_1.5.50.jar", "generic://sha256:b0654281fc81c5a68eb94a9d30b758d0151b9d61b99bfe722b66930409bd7dfe/com.ibm.ws.jdbc.4.2.feature_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.santuario.xmlsec.1.5.2:1.0.50.cl210320210309-1101", "generic://sha256:5095016b32e13a2b9bbaa579b78f1dfb0410b3f8f06a3e105a453c9423e9b805/com.ibm.ws.springboot.support.web.server.version15_1.0.50.jar", "generic://sha256:57403822c02cc38c9d532f205893ccbaa58fd5cb55ca966993293ebd9a19fa76/com.ibm.ws.rest.handler.config.openapi_1.0.50.jar", "generic://sha256:7873ba4434e4e5f47d9cbb7f4b80770112a0a0fe294eff948aa76c6141e18c6b/com.ibm.ws.security.audit.file_1.0.50.jar", "generic://sha256:6acaf6e2f47532e71dd4cad231ce1fb28dbeb1faa3f19244b2928855ca9d4db9/com.ibm.ws.connectionpool.monitor_1.1.50.jar", "generic://sha256:36bf7595cab5198230ceb35f7cd215638b423e74a60f4786af01fd2291b97451/com.ibm.ws.springboot.support.web.server_1.0.50.jar", "generic://sha256:bdae018e33e4d07d19d9e492d4d035b610fdcbbafe7afdcb55802d1fe3100e9f/com.ibm.ws.jpa.container.beanvalidation.2.0_1.0.50.jar", "generic://sha256:086e8a2eaf80787944daf96d8bc516480e44d32de5af8dfd0f3d1c779fe9be99/com.ibm.ws.security.jaas.common_1.0.50.jar", "generic://sha256:a24274cf0b5b77fe742a8fb5e790895e892280a93826d670940bd61b2529e728/io.openliberty.microprofile.health.3.0.internal_1.0.50.jar", "generic://sha256:31163a106938288d2ba19395acd60f5ffd07e2c3df58f587704bb96a9f1e3343/com.ibm.ws.microprofile.faulttolerance.cdi_1.0.50.jar", "generic://sha256:c1111abad6facb1df1be9ceca376195f1aba61e44658223eacb6104a708f29e7/io.openliberty.opentracing.2.0.internal.cdi_1.0.50.jar", "generic://sha256:e99303ab03d33619f7112f0cadb3d8ac4d80dd6a8372a40f0cefdff3686cb21a/com.ibm.ws.security.credentials_1.0.50.jar", "generic://sha256:c57711991bac96fae2c1e0d8dcb095aa23879e09cf40440776422a63acebc0ce/com.ibm.ws.jaxrs.2.0.managedbeans_1.0.50.jar", "generic://sha256:be35f6c7893145b32759cf566f9c70d03d48fdffc170eb25c176e1edd91908b8/ws-productutil.jar", "generic://sha256:552341b7a8a4a4a80de29a52edec0b84b0e900671b800c35fc585540192ee162/com.ibm.ws.ejbcontainer.jpa_1.0.50.jar", "generic://sha256:47d1654ede7ef1d2038323b3da0068bdf4aa940284d1c8c7b6a7bf16233df295/com.ibm.ws.crypto.certificateutil_1.0.50.jar", "generic://sha256:5739f08bccea57559377aecaa3afe2554df03f3b58b4818187cb996db580dce8/com.ibm.ws.webcontainer.security.admin_1.0.50.jar", "generic://sha256:b4b261bf56f52d657582ea93c907ec490a3758b758f03d2bbbdd9f3c55aa9da3/io.openliberty.rest.handler.config.openapi.common_1.0.50.jar", "generic://sha256:0286d0fb907f750a3bd58bec39be30787dddd8f8e07f440d2d557164854546f3/com.ibm.ws.jmx.connector.client.rest_1.0.50.jar", "generic://sha256:8209e97baefafac79cc001fe24c2ccc5178adb7b318c3c0961d9b0729356c604/com.ibm.ws.logstash.collector.1.0_1.0.50.jar", "generic://sha256:713b1dcf9da80a78845774f2f3f09ea599e0e5458d4a9bbe2dc515bc89335a1a/com.ibm.ws.classloading_1.1.50.jar", "generic://sha256:bc3967569714bdad847f23d3296e0492fca9db2e1bebaf729734f184f4fbe71e/io.openliberty.handlelist.context.internal_1.0.50.jar", "generic://sha256:905a684b8cdb6df54500bd7bef71e364b3183ad58ac0c91581b38d969f7f93ac/com.ibm.ws.io.smallrye.reactive.converter-api_1.0.50.jar", "generic://sha256:a3808464ca4a1690577f128d8014cc513581bf3e355cbf63e9e0972c13bf6128/com.ibm.websphere.javaee.websocket.1.0_1.0.50.jar", "generic://sha256:c01f8c0c0e7e6a70794a96582756d19906ee31e26e6b6f0b42abb19408d07a13/io.openliberty.grpc.1.0.internal.client.security_1.0.50.jar", "generic://sha256:50e71fbbb6571a5cfb2086a3e180f3e386672aee9dba9314291ae3d16da6eb6b/com.ibm.ws.microprofile.config.1.2.cdi_1.0.50.jar", "generic://sha256:814858056870f3c74f6d8453ca6f3117dde41d237559f214b6577c5a15aae842/com.ibm.ws.security.mp.jwt_1.0.50.jar", "generic://sha256:263f6e712fd72c0dab8fa854eac9bae63019b427b1fd76836f3f7467b4305822/io.openliberty.rest.handler.validator.openapi.2.0_1.0.50.jar", "generic://sha256:43a8f92979560d8660f09d011b942bf81a5aca3d844d9c52a679308c223a6d64/com.ibm.ws.microprofile.metrics.1.1.cdi_1.0.50.jar", "generic://sha256:c0510b9a3b943081911a01aae155946b30d919ca0074c7883941d194baf58b3a/io.openliberty.grpc.client.1.0.thirdparty_1.0.50.jar", "generic://sha256:53053e6072cc0b2f5801df405d0f95df3cd9c55240dfca3b586413226a0b84ad/com.ibm.ws.org.apache.commons.httpclient_1.0.50.jar", "generic://sha256:f5b393dcd2d5a2dcf2b8201691c42b2a5fc7cc6be2ae6cd0b132835415276793/com.ibm.ws.install.featureUtility_1.0.50.jar", "generic://sha256:f6bbb11570290d14674a47331783efffd8fb8336f0f9861e94a782c1eab95ae1/com.ibm.ws.microprofile.health.2.0_1.0.50.jar", "generic://sha256:fb6517538feaca7b62b373df1adb123b415714b4375fb89a485315f9fecb6360/com.ibm.websphere.javaee.jms.2.0_1.0.50.jar", "generic://sha256:71c746280558df60daaeb497981c3e93dd53712a6dc3bd1243a615f4a8ae6ebf/com.ibm.ws.repository.liberty_1.0.50.jar", "generic://sha256:e8259e1d91eacd0afd6fb8a1586089ce34a68e4e45dfcfdc4e505c1bb413cb62/ws-generateddlutil.jar", "generic://sha256:4501eaca857738700ba47e79c201c00cce8b2332301fde98d833c75031fce435/ws-featurelist.jar", "generic://sha256:d8fa875b80efc0219a54510763c8560dd044db7458c488381806dd4ef7b590b1/com.ibm.ws.cdi.security_1.0.50.jar", "generic://sha256:a5ef10e71e8755c7dff9cac3b7cf986d9864ccca73329ce295cf7c36b7848d45/ws-serverSchemagen.jar", "generic://sha256:93eccc4c4921b87beb039890748ceea1cb8860cb3a986336da2586c90877e9a4/com.ibm.ws.io.reactivex.rxjava.2.2_1.0.50.jar", "generic://sha256:45ab090317b67a97175f274216fd4f3aed9223892c5d247fff9b72b843e1d399/com.ibm.ws.jndi.management.j2ee_1.0.50.jar", "generic://sha256:054c14b099fa1e688564937b9f6d0040b0e3fee238daac8217c61c17713659b7/com.ibm.websphere.prereq.wsdl4j.api_1.0.50.jar", "generic://sha256:6109291afd3aa280537a3550bb97fe97155a0f8acc0136e6b8fa62def3e81ce1/com.ibm.ws.org.jboss.classfilewriter.1.2_1.0.50.jar", "generic://sha256:69ddbf04bc2109b7315f9dba2774ab52ab1bba86ac46f876bf1ede71b3f96df2/com.ibm.ws.cdi.1.2.jsf_1.0.50.jar", "generic://sha256:b648e39c5e7fe7db77bde1db0cef5d2d02d6819cd2b553525e8c004cffec843a/com.ibm.ws.injection_1.0.50.jar", "generic://sha256:e7b0c04295352283e37dcb237767211c5337d0ff630312a144ac62342cf7c3ed/io.openliberty.microprofile.faulttolerance.3.0.internal.cdi_1.0.50.jar", "generic://sha256:d9a555380bab06f83225bad888cc539122db8808dd8f5886286a40dd19a4f08f/com.ibm.ws.rest.handler_1.0.50.jar", "generic://sha256:d82cd94f87212ad24445a510de57c801f1a0f5d2d54a6543a2300f59acb23af3/com.ibm.ws.jbatch.security_1.0.50.jar", "generic://sha256:3e5ac7c85f2cba77fb10770b76fcd4431f36f87ac1a227d57a0a077bfb181a59/com.ibm.ws.javaee.persistence.api.2.1_1.0.50.jar", "generic://sha256:ff8e79083f0b0701e0338e42cc59a0b93f8ef8a39c3003bdf9c4c62b6f011752/com.ibm.ws.jsp.jstl.facade_1.0.50.jar", "generic://sha256:9c49c4230c7c20be6f6416c31dd50bcfc124b61e1b5ccc0b74f2037efc868912/com.ibm.ws.org.apache.cxf.cxf.tools.common.3.2_1.0.50.jar", "generic://sha256:72a6cd30925330646caa74002bc5ff901c831c511a1ac5b625d07c4fea714755/com.ibm.websphere.javaee.el.2.2_1.0.50.jar", "generic://sha256:e94c3f69de459de6ac23d26c2b43b43c0a0d3408100230d3f76bb1609ae82cbd/com.ibm.ws.security.javaeesec.1.0_1.0.50.jar", "generic://sha256:417eefc285661fa593287dc0d4771f1a445b94dd6e32a6946569ad016a1d213d/com.ibm.ws.openapi.3.1.public_1.0.50.jar", "generic://sha256:b96db29facc578cf193c174351ca3f5a2991e8e54a61b6459a8b0f1257363645/com.ibm.ws.cdi.interfaces_1.0.50.jar", "generic://sha256:19459cd9b8dd5db39c16af1485afac9aaea73fcb8bd0e870549ff50a98038f59/com.ibm.ws.ejbcontainer.timer_1.0.50.jar"] + }, { + "name": "MIT", + "full_name": "The MIT License", + "more_info_url": ["http://www.opensource.org/licenses/MIT", "http://www.opensource.org/licenses/mit-license.php", "https://spdx.org/licenses/MIT", "https://spdx.org/licenses/MIT.html"], + "components": ["generic://sha256:a68b1137165c5562c262c5cc9bcd28b49e58b69e24bdf838cdc0482ce3bc7755/com.ibm.ws.jaxb.tools.2.2.10_1.0.50.jar", "alpine://3.12:alpine-keys:2.2-r0", "alpine://3.12:musl:1.1.24-r10", "alpine://3.12:musl-utils:1.1.24-r10", "alpine://3.12:ncurses-libs:6.2_p20200523-r0", "alpine://3.12:ncurses-terminfo-base:6.2_p20200523-r0", "generic://sha256:3a7ce0d36ee44134c0f04265ad116ab5b0399eb0c7ecdb4f98ace56310c89d9f/com.ibm.ws.com.graphql.java_1.0.50.jar"] + }, { + "name": "GPL-3.0", + "full_name": "GNU General Public License version 3", + "more_info_url": ["https://spdx.org/licenses/GPL-3.0.html", "http://www.gnu.org/licenses/gpl-3.0-standalone.html", "http://www.opensource.org/licenses/GPL-3.0", "http://www.opensource.org/licenses/gpl-3.0.html", "https://spdx.org/licenses/GPL-3.0"], + "components": ["alpine://3.12:bash:5.0.17-r0"] + }, { + "name": "GPL-2.0-only", + "full_name": "GNU General Public License v2.0 only", + "more_info_url": ["https://spdx.org/licenses/GPL-2.0-only", "https://spdx.org/licenses/GPL-2.0-only.html", "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", "http://www.opensource.org/licenses/GPL-2.0"], + "components": ["alpine://3.12:ca-certificates-bundle:20191127-r4"] + }, { + "name": "MPL-2.0", + "full_name": "Mozilla Public License 2.0 (MPL 2.0)", + "more_info_url": ["http://www.opensource.org/licenses/mozilla2.0.php", "https://spdx.org/licenses/MPL-2.0", "https://spdx.org/licenses/MPL-2.0.html", "http://www.mozilla.org/MPL/2.0/", "http://opensource.org/licenses/MPL-2.0"], + "components": ["alpine://3.12:ca-certificates-bundle:20191127-r4"] + }, { + "name": "LGPL-3.0", + "full_name": "GNU Lesser General Public License, Version 3", + "more_info_url": ["http://www.opensource.org/licenses/lgpl-3.0.html", "https://spdx.org/licenses/LGPL-3.0", "https://spdx.org/licenses/LGPL-3.0.html", "http://www.gnu.org/licenses/lgpl-3.0-standalone.html", "http://www.opensource.org/licenses/LGPL-3.0"], + "components": ["alpine://3.12:libgcc:9.3.0-r2"] + }, { + "name": "ZLIB", + "full_name": "The zlib/libpng License", + "more_info_url": ["http://www.zlib.net/zlib_license.html", "http://www.opensource.org/licenses/Zlib", "http://www.opensource.org/licenses/zlib-license.php", "https://spdx.org/licenses/Zlib", "https://spdx.org/licenses/Zlib.html"], + "components": ["alpine://3.12:zlib:1.2.11-r3"] + }, { + "name": "GPL-2.0", + "full_name": "The GNU General Public License Version 2", + "more_info_url": ["http://www.opensource.org/licenses/GPL-2.0", "http://www.opensource.org/licenses/gpl-2.0.php", "https://spdx.org/licenses/GPL-2.0", "https://spdx.org/licenses/GPL-2.0.html", "http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html"], + "components": ["alpine://3.12:apk-tools:2.10.6-r0", "alpine://3.12:busybox:1.31.1-r20", "alpine://3.12:libgcc:9.3.0-r2", "alpine://3.12:musl-utils:1.1.24-r10", "alpine://3.12:readline:8.0.4-r0", "alpine://3.12:scanelf:1.2.6-r0", "alpine://3.12:ssl_client:1.31.1-r20", "alpine://3.12:alpine-baselayout:3.2.0-r7"] + }, { + "name": "Apache-2.0", + "full_name": "The Apache Software License, Version 2.0", + "more_info_url": ["http://www.opensource.org/licenses/Apache-2.0", "http://www.opensource.org/licenses/apache2.0.php", "https://spdx.org/licenses/Apache-2.0", "https://spdx.org/licenses/Apache-2.0.html", "http://www.apache.org/licenses/LICENSE-2.0", "https://licenses.nuget.org/Apache-2.0", "http://licenses.nuget.org/Apache-2.0", "https://raw.githubusercontent.com/aspnet/AspNetCore/2.0.0/LICENSE.txt", "http://raw.githubusercontent.com/aspnet/AspNetCore/2.0.0/LICENSE.txt"], + "components": ["generic://sha256:181ae102456a0ecaeecf3486a7e3ee7c5ee51d7f56c3d7891bae6be2db738bf3/com.ibm.ws.org.apache.aries.util_1.0.50.jar", "generic://sha256:8baba61f9266511b5e6077f3b6801cc3490ab1768e84cf0dcb89e9da968dc251/com.ibm.wsspi.org.osgi.namespace.service_1.0.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.service.coordinator:1.0.50.cl210320210309-1101", "generic://sha256:1feff31e7cb6ab04bbcd66c1bc8270ab7f7f9053ae0422e5e6242c4c1fff8068/com.ibm.websphere.org.eclipse.microprofile.config.1.1_1.2.50.jar", "gav://dev:com.ibm.ws.org.apache.bval.1.1.0:1.0.50.cl210320210309-1101", "generic://sha256:2a6c9bc2fdaf65ca8072dc6e210295fabc30ec4c8e7cab778db720261c3b7480/com.ibm.websphere.org.eclipse.microprofile.faulttolerance.2.1_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.ws.addr.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:39d0c23885097c50abb757b12891a22a20f73ece4a01f02f1cb66238edab15b8/io.openliberty.org.eclipse.microprofile.opentracing.2.0_1.0.50.jar", "generic://sha256:95f03c174f15663c627e532276389ebb97676a4e8b070445b73016df7986fba7/com.ibm.ws.org.apache.cxf.ws.security.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.aries.jmx.api:1.0.50.cl210320210309-1101", "generic://sha256:4f5bd1a5ba85d57d3eb56e7d2123980443b71765817831caed512f763617880b/com.ibm.ws.org.jboss.weld3_1.0.50.jar", "generic://sha256:a6f95ad740fb81e1c0e9fd71cb7a21ab29960babf307346420179f10023425a0/org.eclipse.osgi_3.15.0.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.rs.mp.client.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.yoko.core.1.5:1.0.50.cl210320210309-1101", "generic://sha256:60aefadf510d7fd240683b21e43caa1cfe5c117c809e2aac3fad275516fd70e9/com.ibm.ws.org.apache.cxf.cxf.rt.management.2.6.2_1.0.50.jar", "generic://sha256:f4f0438440da6b5812ced4bf0132b75756a54522ffaf1d8af84affbbffc0060a/com.ibm.websphere.org.osgi.service.http_1.0.50.jar", "generic://sha256:087efd9b70b0def2e6629a7950ca0d124b08a19913dfc81818730d58ced829bf/com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.yoko.rmi.impl.1.5:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.rs.client.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.jboss.classfilewriter.1.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.core.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.frontend.simple.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.bindings.xml.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.osgi.service.http:1.0.50.cl210320210309-1101", "generic://sha256:bbb7ca876dd0def18cb417f53c379d5c944bb84fabe9d0c4ab0316a741d1059b/com.ibm.ws.org.apache.bval.1.1.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.lang3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.bindings.soap.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.hc.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.management.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:97667562514544f1fba98fce4975cdb2ab190266d5705af98e159268b7b96e3f/com.ibm.ws.org.apache.aries.jndi.api_1.1.50.jar", "gav://dev:com.ibm.ws.org.jboss.weld3:1.0.50.cl210320210309-1101", "generic://sha256:a06c8907e3f7fd0998b71cebea2f330142180273c41145698ddb4f175d230632/com.ibm.websphere.org.eclipse.microprofile.health.1.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.jose4j:1.0.50.cl210320210309-1101", "generic://sha256:2fd3f04705cf27265bee09a0b74011f9757f611ecfc44fef7602192d10d2db40/com.ibm.wsspi.org.osgi.service.metatype_1.1.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.service.component.annotations:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.wsspi.org.osgi.service.metatype:1.1.50.cl210320210309-1101", "generic://sha256:4e578c4680752c2f76e83edc43dbf8ef45abc8a8ec948d9dca6c45e680acbacc/com.ibm.ws.org.apache.felix.gogo.command_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.felix.scr:1.0.50.cl210320210309-1101", "generic://sha256:6ffb5b09dc50361e78b92e7096234f06cfb1920f9ddbc7e6cca2c94a14d589e0/com.ibm.websphere.org.eclipse.microprofile.opentracing.1.1_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.aries.jmx.core.whiteboard:1.0.50.cl210320210309-1101", "generic://sha256:4d0953c6802beb84962b9c0e9a89ce839df8c8c8f7bf646a652213a343b52f2a/com.ibm.websphere.org.eclipse.microprofile.faulttolerance.1.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.yoko.util.1.5:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.wsspi.org.osgi.service.event:1.0.50.cl210320210309-1101", "generic://sha256:777b8c7bb694434282fa77cf5e33d7c5f119d2fb020d19202c7e7c65446c0609/com.ibm.ws.org.apache.neethi.3.0.2_1.0.50.jar", "generic://sha256:458e03918b4f2826c96bbc4dc873f9c0832b6a04ec56976643c6d273bff4b0d6/com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.2.6.2_1.0.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.service.component:1.1.50.cl210320210309-1101", "generic://sha256:b367bcbdb2af9cf8e8d8503340869e53f6dadb9002b2bbe6e1128f2d2b609cc8/io.openliberty.org.eclipse.microprofile.health.3.0_1.0.50.jar", "generic://sha256:8e2c18bcf045e19b5c4d9d5807e0ebb089de7511897b24ba9b3f58a7dcfb1600/com.ibm.ws.org.apache.cxf.cxf.api.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.aries.util:1.0.50.cl210320210309-1101", "generic://sha256:382c923f93a51b6379cbe38a404bb5d7bc4d66d3cf0a0f11040b640d9b68d219/com.ibm.websphere.org.eclipse.microprofile.health.2.1_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.weaver.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.wsspi.org.osgi.service.log:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.servicemix.bundles.bcel.5.2:1.0.50.cl210320210309-1101", "generic://sha256:f3c45715ef1258e690ce754403a76a7385c8446bfedf14290016788f155e7453/com.ibm.ws.org.apache.myfaces.2.3_1.0.50.jar", "generic://sha256:f3a24019c4374eb51ef0d6a34d85a2bef686beb177c87c0fd94355b4f71cdc68/com.ibm.wsspi.org.osgi.service.log_1.1.50.jar", "gav://dev:com.ibm.ws.org.jboss.jandex:1.0.50.cl210320210309-1101", "generic://sha256:9f5e2593dcd4f092343cc92b3f68cc96ccb66e567698e2c609e8447c3df13920/com.ibm.wsspi.org.osgi.service.event_1.0.50.jar", "generic://sha256:e4d8c81f93620ab2238f9be22f9380d7654d56f4e4a09788cb2a50e52c8d78b6/com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.fileupload:1.0.50.cl210320210309-1101", "generic://sha256:b91cac9ddb33a9d6b6bee475c200d7845672d8c1e84438d216228422920d0bc7/com.ibm.ws.org.apache.commons.codec.1.3_1.0.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.core:1.1.50.cl210320210309-1101", "generic://sha256:d3f19e42829a6e0eebac6e702bab5f5216721edc98bec25d3408017a5e20ab16/com.ibm.ws.org.apache.aries.jndi.core_1.1.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.rs.mp.client.3.3:1.0.50.cl210320210309-1101", "generic://sha256:54868bf97f4f0bac3f6a6d7df4506bca257eada27954527fbe0d10421c60bdc5/com.ibm.ws.jsf.2.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxrs.3.2:1.0.50.cl210320210309-1101", "generic://sha256:01c2dd03c2ece74117115df3e5d97508aa6422047156d5dc213acb836e24abba/com.ibm.wsspi.org.osgi.service.component.annotations_1.0.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.service.cm:1.1.50.cl210320210309-1101", "generic://sha256:e9a280677cdbb31a1a17da9b788eca4e1d7fcf2c8693dc3f247f0e3c6672ea9a/com.ibm.websphere.org.eclipse.microprofile.health.2.0_1.0.50.jar", "generic://sha256:10e04dd5a03f258ede22032d5eaa50e9f084a6b4c46e0094252ccaf6f6dd2e8b/com.ibm.ws.org.apache.cxf.cxf.rt.core.2.6.2_1.0.50.jar", "generic://sha256:12d129f064330d6a25bc9dc3e119afe87035a12a855e28547dbb001c73f978ed/com.ibm.wsspi.org.osgi.service.metatype.annotations_1.0.50.jar", "generic://sha256:4fe97b49e31c569d8e86b991ce1612523028db3dad107b6d49db201a7a0cef8d/com.ibm.websphere.org.eclipse.microprofile.opentracing.1.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.felix.gogo.runtime:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.api.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:6fa4ef2c9d3da27c14f6c85b386062c76545cd57d183ac6a64ec27a870adf828/com.ibm.ws.org.apache.commons.collections_1.0.50.jar", "gav://dev:com.ibm.ws.org.jboss.weld.2.4.8:1.0.50.cl210320210309-1101", "generic://sha256:78b03de8ab0eb0ae7694cd378a27b01c5301a8df79d2e2716e8aadfddd2b046c/com.ibm.ws.org.apache.cxf.cxf.rt.ws.addr.2.6.2_1.0.50.jar", "gav://net.sf.ehcache:sizeof-agent:1.0.1", "generic://sha256:53dc4bb8d681abcf49a7d2933155b8158c14a62e7662f8cf4c48dd94eb0a68c1/com.ibm.ws.org.eclipse.equinox.coordinator_1.0.50.jar", "generic://sha256:29d221a9a3b2d546061d81eb20539eb3aff19e4f0672164245b8938587ef458f/io.openliberty.org.eclipse.microprofile.config.2.0_1.0.50.jar", "generic://sha256:2a932cfc576bf36c39aef35eb42f4b97e3697d8e3c370bd36216ec42b2608ee9/com.ibm.websphere.javaee.jsf.2.2_1.0.50.jar", "generic://sha256:ce267b7e0256e3b7be8fb13a126747d7752243e75e3bbf089df9048a10549c40/com.ibm.websphere.org.eclipse.microprofile.faulttolerance.1.1_1.0.50.jar", "generic://sha256:4f2dc1d60411d0fc20d719d6d09087774fdd48aca0e0b63b3e7d998e56014177/com.ibm.ws.org.apache.aries.jmx.api_1.0.50.jar", "generic://sha256:872c4acfefa84daa774ce61ee738289742ba28438d4ec50e8a7d9d19207387ac/com.ibm.ws.org.apache.commons.codec_1.0.50.jar", "generic://sha256:8c331c927363c0a200ab1c5b1328ed82f2ab2715f99c49e65af2262e51dafa94/io.openliberty.org.eclipse.microprofile.rest.client.2.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.io:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.yoko.osgi.1.5:1.0.50.cl210320210309-1101", "generic://sha256:4a8a95a1b2dd96b31b0663455c98f11d6fd00544f1bd50523b00d623fa7f1010/com.ibm.ws.org.apache.geronimo.osgi.registry.1.1_1.0.50.jar", "generic://sha256:5def36d7bc767285a798a71d06bb9837c1ca840308bc4a0f0dd8243c396addfc/com.ibm.websphere.org.eclipse.microprofile.config.1.4_1.0.50.jar", "generic://sha256:047726d6199ba102f36d3f0932c8378689bc2d8c6f9f7f3600a48c81ff502c50/io.openliberty.org.eclipse.microprofile.metrics.3.0_1.0.50.jar", "gav://dev:com.ibm.ws.net.jodah.failsafe.1.0.4:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.joda.time.1.6.2:1.0.50.cl210320210309-1101", "generic://sha256:847066da0b5073ce594d8e9944fcbbd0c59c3e2bc7c49ad194ada7f835e3ac48/com.ibm.websphere.javaee.servlet.3.0_1.0.50.jar", "generic://sha256:6d91d87fb33f2750068bd85e0ef5dd781269685af791384a07918921e4fb2eba/com.ibm.websphere.org.eclipse.microprofile.faulttolerance.2.0_1.0.50.jar", "generic://sha256:c0e2d3e1fda852f1e95f456f3001c44c725206126aa9883cbc02cf1ff772e300/com.ibm.ws.org.joda.time.1.6.2_1.0.50.jar", "generic://sha256:0dc251045f9473981a1a0ed5ca2cb5e46d1fe045c3494687187b58654157658e/com.ibm.wsspi.org.osgi.service.coordinator_1.0.50.jar", "generic://sha256:051b87629b8cd32f7003430d5038fedf110e66d1d6a38b793bb37c7e0063ae83/com.ibm.ws.org.apache.felix.scr_1.0.50.jar", "generic://sha256:13c8c084f226a6ef53489535115bcc65449d32fec5e72b2ad95b3791e4fd14cd/io.openliberty.org.eclipse.microprofile.faulttolerance.3.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.felix.gogo.command:1.0.50.cl210320210309-1101", "generic://sha256:41cb005b675afec2a8eb79b16e966946c8b60aebe66259cb054e8137caab8b7e/com.ibm.ws.org.jboss.weld.2.4.8_1.0.50.jar", "generic://sha256:8a7dd3ec2f1789e2fcb38065182895d70e712546146c3c6b80b303c451f46fd3/com.ibm.wsspi.org.osgi.service.component_1.1.50.jar", "generic://sha256:1b761ff04d9c87e0c0519934ea243fa8ba6e1f4ee2501e95a4a2dbdf0ff41a09/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.jaxws.2.6.2_1.0.50.jar", "generic://sha256:9d765f5a37753d3a2c247c16ac67fe950b4d2e1b72253bf5c86bc07ca3aef610/com.ibm.ws.org.apache.cxf-rt-ws-mex.2.6.2_1.0.50.jar", "generic://sha256:92a4f91d41f9f2add61a6ef31ccd5695370460b9bf37b995e770e071d7c7cf64/com.ibm.websphere.org.eclipse.microprofile.health.2.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.neethi.3.0.2:1.0.50.cl210320210309-1101", "generic://sha256:196c41a805ae0f342cc3eaa971715883800f5904806169f1010217f8c5608b5c/com.ibm.ws.org.apache.felix.gogo.runtime_1.0.50.jar", "generic://sha256:322d0f7eb909614871f2e8c3d2f7d058e9180db5e246db79697223708332984c/com.ibm.ws.jaxrs.2.0.common_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.databinding.jaxb.2.6.2:1.0.50.cl210320210309-1101", "generic://sha256:a367b902c102445fa6cbb3cb111aeb5949e5f0fffee287cb8a5266bb9e31b4a4/com.ibm.ws.org.apache.cxf.cxf.rt.bindings.xml.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.rs.service.description.3.2:1.0.50.cl210320210309-1101", "generic://sha256:d3527a471f0516a5153681e950fdd56529bab4e61dedf9d9d2f6be7dc0eb1936/com.ibm.ws.org.apache.cxf.cxf.rt.rs.mp.client.3.3_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.beanutils.1.9.4:1.0.50.cl210320210309-1101", "generic://sha256:a94c319b43827f0a765450bf8cbe76d24b28547da3252d878f5d147795f90e21/io.openliberty.com.fasterxml.jackson_2.11.50.jar", "gav://dev:com.ibm.ws.com.fasterxml.classmate:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.geronimo.osgi.registry.1.1:1.0.50.cl210320210309-1101", "generic://sha256:a22216ec53c2d0cc1d32a757a16262b59e5633b56dc1823bb3c0d07323195b81/com.ibm.ws.org.apache.servicemix.bundles.bcel.5.2_1.0.50.jar", "generic://sha256:673b3d580dc052ac928e6fa3a2f772ba46eb901d55e5a74335dcb709fca20e6e/com.ibm.ws.org.apache.cxf.cxf.rt.databinding.jaxb.2.6.2_1.0.50.jar", "generic://sha256:699eb26e252a612e7cde230d5960fba63342fd0b9a0e5b14581ae4f5080df4a1/com.ibm.websphere.org.eclipse.microprofile.opentracing.1.3_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.aries.jndi.core:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.jboss.classfilewriter.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.felix.gogo.shell:1.0.50.cl210320210309-1101", "generic://sha256:507152db5173dbc86b0c4b4b0d864058ae95fc9995fdc13bb58f7260ce8f2eff/com.ibm.ws.org.jboss.logging_1.0.50.jar", "gav://dev:com.ibm.ws.com.google.guice.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.yoko.corba.spec.1.5:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.rs.sse.3.2:1.0.50.cl210320210309-1101", "generic://sha256:bfd579dec6ee57789ab46a7cfddf777ba6e4a7875afe686d96610dcb17247f18/com.ibm.wsspi.org.osgi.service.cm_1.1.50.jar", "gav://dev:com.ibm.ws.org.apache.ws.xmlschema.core.2.0.3:1.0.50.cl210320210309-1101", "generic://sha256:bf6b989eea8e7c23380e907d532cab042abaff9b450af88578fc1e2962762d08/com.ibm.ws.org.apache.ws.xmlschema.core.2.0.3_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.transports.http.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.wsspi.org.osgi.service.metatype.annotations:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.com.google.guava:1.0.50.cl210320210309-1101", "generic://sha256:abc445ac2ef39bb0015915e89df9e1607c1e39ec40aa58184238044d453a21b4/com.ibm.ws.org.apache.aries.jmx.core.whiteboard_1.0.50.jar", "generic://sha256:b8d081461172656d7255e567fd37a04a2427dc298b810963c8a519013dccbe10/com.ibm.ws.org.cyberneko.html.1.9.18_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.aries.jndi.api:1.1.50.cl210320210309-1101", "generic://sha256:8ca6011cd1d632f5d3b2eadaa3f9a1262ad5fb2982dd9ab07e7d9c2126f5724e/com.ibm.ws.org.apache.felix.gogo.shell_1.0.50.jar", "generic://sha256:4ac5d9b0a1c6c5e3a0884d148564987e274cc8685d90d28e2c20e6d45a61cbfe/com.ibm.websphere.org.eclipse.microprofile.config.1.3_1.0.50.jar", "generic://sha256:1ad79667281ef986e74a080e232bd3ef2dd801693c2003cca2b7a1766cd81aaa/com.ibm.wsspi.org.osgi.core_1.1.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.tools.wadlto.jaxrs.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.hibernate.validator:1.0.50.cl210320210309-1101", "generic://sha256:7bbba37ffd67882607d88e72360b9f740dfef8a22677a9a17e07756b802fbf07/com.ibm.websphere.org.eclipse.microprofile.config.1.2.1_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.collections:1.0.50.cl210320210309-1101", "generic://sha256:ab521a69bf3d3ed3f6462a5d0130455520e68cb6fc5dd1df98066b3578758c5c/com.ibm.ws.org.apache.cxf.cxf.rt.bindings.soap.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.yoko.rmi.spec.1.5:1.0.50.cl210320210309-1101", "generic://sha256:b8c44cbe55cbe15d8627c123cefc9590ffab91300a05f05b7d91ffd39a336fc4/com.ibm.ws.org.apache.cxf.cxf.rt.rs.mp.client.3.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.core.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.rt.ws.policy.2.6.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.jboss.logging:1.0.50.cl210320210309-1101", "generic://sha256:56a7170538434274985e0fe82835c5ba7b9cfb19e62578ee6a32bd7277e0b46d/com.ibm.ws.com.google.guice.2.0_1.0.50.jar", "generic://sha256:2cc580d790f74f87959628e0cf8b6eeb03056ce534284a5805b7cfe608496683/com.ibm.websphere.javaee.jsf.2.3_1.0.50.jar", "gav://dev:com.ibm.wsspi.org.osgi.namespace.service:1.0.50.cl210320210309-1101", "generic://sha256:d6b3fae197cad4e50043dc13809501e035c335b0c16f9a21fa0c2b6c44df7366/com.ibm.ws.org.apache.cxf.cxf.rt.frontend.simple.2.6.2_1.0.50.jar", "gav://dev:com.ibm.ws.org.apache.commons.codec:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.cxf.cxf.tools.common.3.2:1.0.50.cl210320210309-1101", "generic://sha256:cf7669a588068f0491ba4f471d7a800af4cc6c5285bf535bdd554f985c2cacf9/com.ibm.ws.org.apache.commons.lang3_1.0.50.jar", "generic://sha256:9de57896aaf5d0d3c54d78be0ac0f779a874de768d0f7b67d672d61f356bd05b/com.ibm.websphere.org.eclipse.microprofile.opentracing.1.0_1.0.50.jar", "gav://dev:com.ibm.ws.org.hibernate.validator.cdi:1.0.50.cl210320210309-1101"] + }, { + "name": "OpenSSL", + "full_name": "OpenSSL LICENSE", + "more_info_url": ["https://spdx.org/licenses/OpenSSL.html", "http://www.openssl.org/source/license.html", "https://www.openssl.org/source/license.html", "https://spdx.org/licenses/OpenSSL"], + "components": ["alpine://3.12:libcrypto1.1:1.1.1k-r0", "alpine://3.12:libssl1.1:1.1.1k-r0", "alpine://3.12:openssl:1.1.1k-r0"] + }, { + "name": "BSD", + "full_name": "Berkeley Software Distribution (BSD)", + "more_info_url": ["http://directory.fsf.org/wiki/License:BSD_4Clause", "http://www.opensource.org/licenses/bsd-license.php", "https://spdx.org/licenses/BSD-4-Clause", "https://spdx.org/licenses/BSD-4-Clause.html"], + "components": ["alpine://3.12:libc-utils:0.7.2-r3", "alpine://3.12:musl-utils:1.1.24-r10", "gav://dev:com.ibm.ws.org.objectweb.asm:1.0.50.cl210320210309-1101"] + }, { + "name": "BSD 2-Clause", + "full_name": "Berkeley Software Distribution Simplified (BSD Simplified)", + "more_info_url": ["https://spdx.org/licenses/BSD-2-Clause", "https://spdx.org/licenses/BSD-2-Clause.html", "http://www.opensource.org/licenses/BSD-2-Clause", "http://opensource.org/licenses/BSD-2-Clause"], + "components": ["alpine://3.12:libc-utils:0.7.2-r3"] + }, { + "name": "EPL-1.0", + "full_name": "Eclipse Public License 1.0", + "more_info_url": ["http://www.opensource.org/licenses/eclipse-1.0.php", "https://spdx.org/licenses/EPL-1.0", "https://spdx.org/licenses/EPL-1.0.html", "http://www.eclipse.org/legal/epl-v10.html", "http://www.opensource.org/licenses/EPL-1.0"], + "components": ["gav://dev:com.ibm.ws.rest.handler.validator.cloudant:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.servlet.3.1.factories:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.injection:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.dd:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.jsp:1.0.50", "gav://dev:com.ibm.websphere.appserver.api.basics:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.iiop.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.ready.service:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.commons.logging.1.0.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.cors:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.sipServletSecurity.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.jboss.jdeparser.1.0.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.jndi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.war:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.jsonsupport:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.artifact:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.jdt.core.3.10.2.v20160712-0000:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.config.server.schemagen.serverschemagen:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.health.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.repository.parsers:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cxf.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.utility:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0.internal.client.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.wab.configure:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.jaxrs20:1.0.50", "gav://dev:com.ibm.ws.microprofile.opentracing.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.client:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.faulttolerance.3.0.internal.metrics:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.cm:1.1.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.metrics.internal.3.0.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jwt:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.support.web.server.version15:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx.connector.local:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.spi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.mp.jwt:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.2.1.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jca:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.persistence.2.2:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.passwordUtil:1.0.50", "gav://dev:com.ibm.ws.jsfContainer.classloading.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.security.feature:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.openapi.model:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.cdi.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.sipcontainer.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact.bundle:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.saml20:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.product.utility.productutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.1.1.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.1.7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.support.web.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.rest:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.config.1.1:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.oauth:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.commons.discovery.0.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.graphql.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.2.0.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.session.db:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.async:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jaas.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.1.2.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.registry:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.config:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.social:1.0.50", "gav://dev:com.ibm.websphere.javaee.jaspic.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.csiv2.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.lifecycle:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.4.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.crypto.ltpakeyutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.health.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.jaspic:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.security.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.saml20:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.persistence.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.openidconnect.clients.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.management.j2ee.mbeans:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logging.hpel.binarylogviewer:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.security.spnego:1.1.50", "gav://dev:com.ibm.ws.microprofile.opentracing.jaeger.adapter:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsonp.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.audit.source:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.utility:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi.management.j2ee:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.javaeedd:1.4.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.classloading:1.4.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.opentracing:1.0.50", "gav://dev:com.ibm.ws.threading:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.ssl:1.5.50.cl210320210309-1101", "gav://dev:com.ibm.ws.runtime.update:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.faulttolerance.2.0:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.io.opentracing.opentracing-util.0.33.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.oidc:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.security:1.3.50", "gav://dev:com.ibm.ws.jpa.container:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.remote.client:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0.internal.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.channel.ssl:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.config.server.schemagen:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.social:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.openapi.internal.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.slf4j.jdk14.1.7.7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jms.j2ee.mbeans:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.wab.configure:1.0.50", "gav://dev:com.ibm.ws.repository.liberty:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.crypto.passwordutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi.iiop:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.2.0.jsf:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.metadata.context.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.eclipselink:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.credentials:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.kernel.metatype:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.v21:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.passwordUtil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jaxrs.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.reactive.streams.operators:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logging.osgi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing.1.3.cdi:1.3.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.v21.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.application:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.authData:1.0.50", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.messaging:1.0.50", "gav://dev:com.ibm.ws.jsp.jasper:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.utility.securityutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.threading:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.1.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.javaeedd:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.metatype:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.persistence:1.0.50", "gav://dev:com.ibm.ws.security.acme:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.persistence:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.security.spnego:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.servlet:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jms.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.support.shutdown:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.opentracing.2.0.internal:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.jacc:1.0.50", "gav://dev:com.ibm.ws.jaxws.common:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.connectionpool:1.1.50", "gav://dev:com.ibm.ws.event.logging:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.eclipselink.2.7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.connectionmanager:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.2.0:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.servlet:2.7.50", "gav://dev:io.openliberty.org.eclipse.microprofile.metrics.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrpc.stub:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.webCache:1.0.50", "gav://dev:com.ibm.ws.jaxws.webcontainer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.audit.file:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.beanvalidation.v11:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.1.feature:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.com.fasterxml.jackson:2.11.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jaxrs.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.crypto.certificate.creator.selfsigned:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.servlet.sip.1.1:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.validator:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.sso.common:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.anno:1.1.50", "gav://dev:com.ibm.ws.jpa.container.beanvalidation.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.activity.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.interceptor.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.resourcedefinition.jms.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.0.feature:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.ejb.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.servlet:2.7.50.cl210320210309-1101", "gav://dev:com.ibm.ws.persistence:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.cdi.1.2:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.prereq.wsdl4j.1.6.2:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.distributedMap:2.0.50", "gav://dev:com.ibm.websphere.javaee.el.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.token.ltpa:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0.internal.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.1.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.social:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsf.shared:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx.connector.client.rest:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.io.smallrye.reactive.streams-operators:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.cdi.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact.zip:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.java2sec:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.remote:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.metrics:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.filemonitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.1.2.jsf:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.war:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.messaging:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.servlet.4.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsf.beanvalidation:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.security.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.mail.1.5:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.classloading:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.classloading.configuration:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.crypto.certificate.creator.acme:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.iiop:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.opentracing.rest.client.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.wsoc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsp.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.wim.registry:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.rest.client.ssl:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.opentracing.2.0.thirdparty:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transaction.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact.overlay:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.openidconnect.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.probe.servlet:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.sso:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.probe.audit.servlet:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.2.feature:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.config:1.2.50", "gav://dev:com.ibm.websphere.javaee.websocket.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.mp.jwt.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.ssl:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.jpa:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.opentracing.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.persistence.api.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.annotation.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.auth.data.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.kerberos.auth:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.health:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.restConnector:1.3.50", "gav://dev:com.ibm.websphere.appserver.api.security:1.3.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.openapi.1.0:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.saml20:1.0.50", "gav://dev:com.ibm.ws.beanvalidation.v20.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsonb.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.health.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.interfaces:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.rest.handler.config.openapi.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.batch.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wsat.webservice:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.collector.manager:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.oidc:1.0.50", "gav://dev:com.ibm.websphere.appserver.spi.kernel.service:1.6.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.metrics.internal.cdi.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.opensaml.xmltooling.1.4.4:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.annotation.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsfContainer:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.sipServlet.1.1:1.0.50", "gav://dev:com.ibm.ws.wsat.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.metrics.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.runtime:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jms.2.0:2.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.serialization:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.install.featureUtility:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.net.oauth.jsontoken.1.1-r42:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.config:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.http:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.dynacache.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.config.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsf.2.2:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.sipServletSecurity.1.0:1.0.50", "gav://dev:io.openliberty.opentracing.2.0.internal:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.boot.archive:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.kernel.metatype:1.0.50", "gav://dev:com.ibm.ws.org.apache.myfaces.2.3:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.hpel:2.0.50", "gav://dev:com.ibm.ws.jaxrs.2.0.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.platform.defaultresource:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact.file:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.metadata.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.contextpropagation.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authentication.tai:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.tx.jta:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.internal:1.0.50.cl210320210309-1101", "gav://dev:org.eclipse.osgi:3.15.0.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.public:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.inbound.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jms.defaultresource:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.csiv2.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.service:1.3.50.cl210320210309-1101", "gav://dev:com.ibm.ws.concurrent.persistent:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.cyberneko.html.1.9.18:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.opentracing.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.beanvalidation:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.jwt:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.session.store:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wssecurity:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.tools.wsgen:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.instrument.check:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.io.smallrye.openapi.jaxrs:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.1.2.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.container.service:1.0.50.cl210320210309-1101", "gav://dev:springBoot20Server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.reactive.messaging.kafka:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.opentracing.1.2:1.0.50", "gav://dev:com.ibm.ws.io.reactivex.rxjava.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.2.0.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.transaction:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.4.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.weld:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.credentials.ssotoken:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.1:2.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jacc.1.5:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.kernel.service:1.0.50", "gav://dev:com.ibm.ws.logstash.collector.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.kernel.service:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jaspic.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.transaction.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.springboot:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.jms:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.metrics.internal.private:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.2.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.opentracing.jaeger:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi.url.contexts:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transaction.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization.jacc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.beanvalidation.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.reactive.messaging.kafka.adapter:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsonp.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.persistence.2.2:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.j2eemanagement:1.1.50", "gav://dev:com.ibm.ws.ssl:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.v22:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.filetransfer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javamail:1.5.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.security:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.io.grpc.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.net.sf.ehcache.core.2.5.2:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.httptransport:4.1.50", "gav://dev:com.ibm.ws.microprofile.opentracing.jaeger.adapter.impl:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.persistence.utility:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authentication.builtin:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.boot.ws-launch:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.metrics.1.1:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.globalhandler:1.0.50", "gav://dev:com.ibm.ws.transaction.management:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.reactive.streams.operators.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.jasper.el.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javamail.config:1.5.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.servlet.4.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.2.0.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.boot.ws-server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.tx.util:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authentication.filter:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.spnego:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.joblog:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jcache.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jstl.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.mdb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.validation.2.0:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.containerServices:4.0.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.kernel.service:1.6.50", "gav://dev:com.ibm.ws.webserver.plugin.runtime.interfaces:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.managedbeans:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jwtsso.token:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.management.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsonb.service:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.io.opentracing.opentracing-util.0.31.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing.1.1.cdi:1.1.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.opentracing.2.0.internal.rest.client:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.faulttolerance.3.0.internal.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.dynamic.bundle:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.iiop.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.jasper.el.3.0:3.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.rest.client.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.restConnector:1.3.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.utility.jbatchutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization.builtin:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.io.smallrye.reactive.messaging-provider:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.1.2.weld:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.private:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.graphql.metrics.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.jsf-2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsp.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.2.1.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.session:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.timer.persistent:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.mp.jwt.proxy:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.beanvalidation.v20:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.x.concurrent:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.config.schemagen:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.servlet.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.registry.basic:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi.remote.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.jwtsso:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.tools:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.opensaml.opensaml.2.6.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.dd.ejb:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.anno:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.application:1.1.50", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.metrics.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.openapi.3.1.public:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.ssl:1.4.50", "gav://dev:com.ibm.ws.request.timing.jdbc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.managedbeans:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.opentracing.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.mongo.ssl:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.2.0.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.appclient.boot.ws-client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.openapi.1.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxb.tools.2.2.10:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsp.jstl.facade:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.2.0:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.opentracing.1.1:1.0.50", "gav://dev:com.ibm.ws.ejbcontainer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.diagnostics:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.constrainedDelegation:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.metatype.helper:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.client.1.0.thirdparty:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.yasson.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.authData:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.webcontainer.security.app:1.4.50", "gav://dev:com.ibm.ws.sipcontainer.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.utility:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.metrics.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.v32:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.validator.jdbc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.iiop.transaction:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.sar:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.clientcontainer:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.oauth:1.4.50", "gav://dev:com.ibm.ws.jaxrs.2.0.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.1.0.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.classloader.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wsat.webclient:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.common.jsonwebkey:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.servlet.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.probes:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.concurrent:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.connectionpool:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.websocket.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.security.app:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.config.openapi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.config.1.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.timer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.cdi.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.httptransport:4.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.webcontainer.security.app:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.repository.resolver:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.platform.v7.jndi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.commons.digester.1.8:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsfContainer.classloading.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.dd.common:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.logging:1.1.50", "gav://dev:com.ibm.ws.install:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.wab:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0.internal.common:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.config.internal.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.adaptable.module:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.token.s4u2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.tools.wadl2java:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.remote.client.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.interceptor.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.1:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.kernel.embeddable:1.1.50", "gav://dev:com.ibm.websphere.appserver.spi.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.ddmodel:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.opentracing:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.filetransfer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.mail:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.j2eemanagement:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.clientcontainer.security:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.json:1.0.50", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.metrics.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.concurrency.policy:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.openapi.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.httpcomponents:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.2.0.weld:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.2.3.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.platform.v8:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.sessionstats:1.0.50", "gav://dev:com.ibm.ws.microprofile.metrics.2.2.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.crypto.certificateutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.metrics.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.classloading:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.ejb.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.jsp:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.restHandler:2.0.50", "gav://dev:com.ibm.ws.microprofile.metrics.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization.jacc.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.auth.data:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.management.j2ee.mejb:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.ejbcontainer:1.0.50", "gav://dev:com.ibm.ws.artifact.equinox.module:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.classloading.bells:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.quickstart:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.ejb:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.connectionmanager:1.2.50", "gav://dev:com.ibm.ws.microprofile.config.1.2.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.eclipselink:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.opentracing.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.com.graphql.java:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.xml.resolver.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.com.google.gson.2.2.4:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.jbatch.spi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.jbatch.container:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.security.admin:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.feature:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javamail.1.6:1.6.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxb.tools.xjc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.reactive.streams.operators.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jbatch.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jpa.container.thirdparty:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.management.j2ee.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.timing.servlet:1.0.50.cl210320210309-1101", "generic://sha256:2b77efd64cb073950c706464074b9ae211cc82be84345175bc232c095c32e62a/com.ibm.websphere.appserver.thirdparty.eclipselink_1.0.50.jar", "gav://dev:com.ibm.ws.microprofile.openapi.1.1.model:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jmsspec.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.tools.wsimport:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.beanvalidation:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.filetransfer.routing.archiveExpander:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.sipcontainer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.faulttolerance.2.1:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.servlet:1.1.50", "gav://dev:com.ibm.websphere.openapi.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.mp.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.2.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.install.map:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.saml.wab.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.session.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.comms.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.module:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.cdi.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.rest.handler:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.constrainedDelegation:1.0.50", "gav://dev:com.ibm.ws.microprofile.config.1.3.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logging.hpel:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.openapi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.security.impl:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.opentracing.1.3:1.0.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.cdi:1.0.50", "gav://dev:com.ibm.ws.webserver.plugin.runtime:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transaction:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.transaction.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.feature:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.opentracing.2.0.spi:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.saml20:1.1.50", "gav://dev:com.ibm.ws.opentracing.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.annotation.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.reactive.messaging.kafka.adapter.impl:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.el.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.opentracing.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.connectionpool.monitor:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wsoc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.recoverylog:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.rest.client.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.health.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.rls.jdbc:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.metrics.internal.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.tx.embeddable:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.1.1.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webserver.plugin.utility:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.health.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.beanvalidation.v11.cdi:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.faulttolerance.3.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.wim.adapter.ldap:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.0.web:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.rest.handler.validator.openapi.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.appbnd:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.wsat:1.0.50", "gav://dev:io.openliberty.microprofile.config.internal.serverxml:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.kernel.filemonitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.opensaml.openws.1.5.6:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx.request:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.config:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.persistence.api.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.kerberos.java8:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.validator.jca:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.securityClient:1.1.50", "gav://dev:com.ibm.ws.artifact.url:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.tx.jta.extensions:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.reactivestreams.reactive-streams.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.rest.client.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.config.ext:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.opentracing:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.monitor:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.threading:1.1.50", "gav://dev:io.openliberty.io.smallrye.openapi.core:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.activation.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.credentials.wscred:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.dynacache.monitor:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.metrics.internal.public:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.ejbcontainer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.openapi.ui:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.ddmodel.ws:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.timer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.transport.iiop.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.wsdl4j.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.context:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.endpoint:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.opentracing.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.2.0.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.mp.jwt.1.1.config:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.javaeesec.cdi:1.0.50.cl210320210309-1101", "gav://dev:springBootCloser:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.tools.2.2.10:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.tx.ltc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.appclient.boot:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.javaeesec.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.com.sun.xml.messaging.saaj:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.rest.client.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logging:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.hpel:2.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.rest.client.1.4:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.ssl:1.5.50", "gav://dev:com.ibm.websphere.appserver.spi.opentracing.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.saml.sso.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsf.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.connector.1.6:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsf.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.oauth.2.0:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.jwt:1.1.50", "gav://dev:com.ibm.ws.jms20.feature:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.version:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.basics:1.4.50", "gav://dev:com.ibm.ws.org.apache.commons.codec.1.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.utils:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.security:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.opentracing.2.0.internal.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.security:1.1.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.openapi.3.1:1.0.50", "gav://dev:com.ibm.ws.kernel.cmdline:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.opentracing.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.rest.handler.validator.openapi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.opentracing.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.prereq.wsdl4j.api:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.managedobject:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.sipServlet.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javamail.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.faulttolerance.1.0:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.artifact:1.2.50", "gav://dev:com.ibm.ws.config.schemagen.schemagen:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.install.featureUtility.featureutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.interrupt:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.openid.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.securityClient:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.openid4java.0.9.7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.ready:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.management.j2ee:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.transaction:1.1.50", "gav://dev:com.ibm.ws.jaxws.security:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.1.0:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.io.smallrye.config:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.jwt.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsp.tld.2.2:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webservices.handler:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.openapi.3.1:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.oauth:1.2.50", "gav://dev:com.ibm.ws.opentracing.1.2.cdi:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.transaction:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.opentracing.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.interrupt:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.csiv2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.faulttolerance.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.webCache:1.1.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.defaultexceptionmapper:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.wsspi.thirdparty.equinox:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.openidconnect.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.equinox.module:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.comms.client:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.audit.utils:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.probe.jdbc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.metrics.1.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.transaction:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.health.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.openapi.ui:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.federatedRepository:1.2.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.platform.v7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.io.smallrye.graphql:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.couchdb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.audit.reader:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logstash.collector:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.oauth:1.4.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.openidconnect.common:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.io.smallrye.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.rest.client.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx.connector.client.restConnector:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.servlet.4.0.factories:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.remote.portable:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.opentracing.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.slf4j.api.1.7.7:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.equinox.console:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.clientcontainer:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.opentracing:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.session:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.clientcontainer.remote.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.jsf-2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wsoc.1.1:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.endpoint:1.0.50", "gav://dev:com.ibm.websphere.javaee.jaxb.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.clientcontainer.remote.server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxb.tools.schemagen:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.jwt.1.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.logging:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.equinox.region:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.persistence.2.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.boot:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsp.factories:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.javaee.ddmodel.wsbnd:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.security.mp.jwt.1.2.config:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.ejb.3.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.equinox.coordinator:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jsp.2.3:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.anno:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authentication:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization.util:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.token:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.persistence.mbean:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.connector.1.7:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.jaspic:1.1.50", "gav://dev:com.ibm.ws.cloudant:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webservices.javaee.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.metrics.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.restHandler:2.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jsp:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.event:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.rest.handler.config.openapi.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.contextpropagation.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager.rar:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.org.eclipse.microprofile.config.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.mail-1.6:1.6.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.management.j2ee:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.mp.jwt.propagation:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.4.cdi.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.openapi.3.1.private:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.monitor:1.1.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.federatedRepository:1.2.50", "gav://dev:com.ibm.ws.collector:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.cdi.web:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.validation.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.commons.httpclient:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.1.services:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.reactive.messaging.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.openapi.ui.private:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.kernel.embeddable:1.1.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.openapi.2.0.internal:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.jacc:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.sipcontainer.servlet.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxws.wsat:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.ejbcontainer.ejb2x:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wsoc.cdi.weld:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.sessionstats:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.jms.2.0.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.wssecurity.saml:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.messaging.msgstore:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.security.authentication:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.kernel.feature.featurelist:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.support.web.server.version20:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.jaxrs20:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.cdi-2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.channelfw:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jaxws.2.2:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.app.manager:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.json:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.x.config:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.repository:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jaxrs.2.x.monitor:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webserver.plugin.utility.webserverPluginutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.apache.taglibs.standard:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.logging.hpel.osgi:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.grpc.1.0.internal:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jca.utils:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.authorization.jacc.ejb:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.springboot.utility.springbootutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.concurrent.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.4:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.json4j:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.eclipse.equinox.metatype:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.kernel.filemonitor:1.0.50", "gav://dev:com.ibm.ws.microprofile.metrics.common:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.globalhandler:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.config.1.1.cdi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jndi:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.security.wim.base:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.ws.mongo:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.request.timing:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.webCache:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.config.1.4:1.0.50.cl210320210309-1101", "gav://dev:springBoot15Server:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.webcontainer.servlet.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.wim.core:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.webCache:1.1.50", "gav://dev:com.ibm.ws.eba.wab.integrator:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.http.plugin.merge:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.oauth.2.0.jwt:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.rest.client.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jms.2.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.openapi.3.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.mail.1.6:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.thirdparty.opentracing.0.31.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.artifact.loose:1.0.50.cl210320210309-1101", "gav://com.ibm.websphere.appserver.api:com.ibm.websphere.appserver.api.wsoc:1.0.50", "gav://com.ibm.websphere.appserver.spi:com.ibm.websphere.appserver.spi.transaction:1.1.50", "gav://dev:io.openliberty.handlelist.context.internal:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.session.cache:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.dynacache:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.io.smallrye.reactive.converter-api:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.containerServices:4.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.spi.wsat:1.0.50.cl210320210309-1101", "gav://dev:io.openliberty.microprofile.health.3.0.internal:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jmx.connector.server.rest:1.1.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.appserver.api.distributedMap:2.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.product.utility:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.security.audit.reader.auditreader:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.org.eclipse.microprofile.faulttolerance.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.resource:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.jdbc.4.3.feature:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.websphere.javaee.jws.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.persistence.utility.generateddlutil:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.microprofile.graphql.authorization:1.0.50.cl210320210309-1101"] + }, { + "name": "CDDL-1.0", + "full_name": "Common Development and Distribution License (CDDL)\n 1.0", + "more_info_url": ["http://www.opensource.org/licenses/cddl1.php", "https://spdx.org/licenses/CDDL-1.0", "https://spdx.org/licenses/CDDL-1.0.html", "http://www.opensource.org/licenses/cddl1"], + "components": ["gav://dev:com.ibm.ws.org.glassfish.json.1.0:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.glassfish.json.1.1:1.0.50.cl210320210309-1101", "gav://dev:com.ibm.ws.org.jvnet.mimepull:1.0.50.cl210320210309-1101"] + }, { + "name": "BSD-3-Clause", + "full_name": "BSD 3-Clause \"New\" or \"Revised\" License", + "more_info_url": ["http://opensource.org/licenses/BSD-3-Clause", "https://spdx.org/licenses/BSD-3-Clause", "https://spdx.org/licenses/BSD-3-Clause.html", "http://www.opensource.org/licenses/BSD-3-Clause"], + "components": ["generic://sha256:2b77efd64cb073950c706464074b9ae211cc82be84345175bc232c095c32e62a/com.ibm.websphere.appserver.thirdparty.eclipselink_1.0.50.jar", "generic://sha256:f76a8b6b7605f54fdca26a9349e659829d5acdb40b217439c17249b05643f4cf/com.ibm.websphere.appserver.thirdparty.eclipselink.2.7_1.0.50.jar"] + }, { + "name": "ISC", + "full_name": "ISC License (ISCL)", + "more_info_url": ["http://www.opensource.org/licenses/isc-license.txt", "https://spdx.org/licenses/ISC", "https://spdx.org/licenses/ISC.html", "https://www.isc.org/downloads/software-support-policy/isc-license/", "http://www.opensource.org/licenses/ISC"], + "components": ["alpine://3.12:libtls-standalone:2.9.1-r1"] + }, { + "name": "Apache-1.1", + "full_name": "The Apache Software License, Version 1.1", + "more_info_url": ["http://apache.org/licenses/LICENSE-1.1", "https://spdx.org/licenses/Apache-1.1", "https://spdx.org/licenses/Apache-1.1.html", "http://opensource.org/licenses/Apache-1.1"], + "components": ["generic://sha256:73023617749a95967062503b8da1fc515d53fd148b7acac86be31a13c8934b41/com.ibm.ws.org.apache.commons.logging.1.0.3_1.0.50.jar"] + } + ] + } + ] +} diff --git a/unittests/scans/jfrog_xray_api_summary_artifact/no_vuln.json b/unittests/scans/jfrog_xray_api_summary_artifact/no_vuln.json new file mode 100644 index 00000000000..46866193e82 --- /dev/null +++ b/unittests/scans/jfrog_xray_api_summary_artifact/no_vuln.json @@ -0,0 +1,14 @@ +{ + "artifacts": [{ + "general": { + "name": "artifact1:1.0", + "component_id": "artifact1:1.0", + "pkg_type": "Docker", + "path": "artifact_path/artifact1/1.0/", + "sha256": "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468" + }, + "issues": [], + "licenses": [] + } + ] +} diff --git a/unittests/scans/jfrog_xray_api_summary_artifact/one_vuln.json b/unittests/scans/jfrog_xray_api_summary_artifact/one_vuln.json new file mode 100644 index 00000000000..65d6756cbf0 --- /dev/null +++ b/unittests/scans/jfrog_xray_api_summary_artifact/one_vuln.json @@ -0,0 +1,35 @@ +{ + "artifacts": [{ + "general": { + "name": "artifact1:1.0", + "component_id": "artifact1:1.0", + "pkg_type": "Docker", + "path": "artifact_path/artifact1/1.0/", + "sha256": "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468" + }, + "issues": [{ + "issue_id": "XRAY-124116", + "summary": "OpenSSL crypto/rc5/rc5_skey.c RC5_32_set_key() Function Key Initialization Stack Buffer Overflow", + "description": "OpenSSL contains an overflow condition in the RC5_32_set_key() function in crypto/rc5/rc5_skey.c that is triggered as certain input is not properly validated when initializing encryption or decryption keys. This may allow a context-dependent attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.", + "issue_type": "security", + "severity": "Critical", + "provider": "JFrog", + "cves": [{ + "cvss_v2": "9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C", + "cvss_v3": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "created": "2020-09-09T00:00:00.937Z", + "impact_path": ["artifact_path/artifact1/1.0/sha256__cbc330c4d62cdcdac9408f3fc679b06fc8a22b08638c8f25720f3cd621f52fb6.tar.gz/3.12:openssl:1.1.1k-r0"] + } + ], + "licenses": [{ + "name": "OpenSSL", + "full_name": "OpenSSL LICENSE", + "more_info_url": ["https://spdx.org/licenses/OpenSSL.html", "http://www.openssl.org/source/license.html", "https://www.openssl.org/source/license.html", "https://spdx.org/licenses/OpenSSL"], + "components": ["alpine://3.12:libcrypto1.1:1.1.1k-r0", "alpine://3.12:libssl1.1:1.1.1k-r0", "alpine://3.12:openssl:1.1.1k-r0"] + } + ] + } + ] +} diff --git a/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns.json b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns.json new file mode 100644 index 00000000000..be534784f7f --- /dev/null +++ b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns.json @@ -0,0 +1,111 @@ +[ + { + "scan_id": "dd8f-4927-5db6-fb188ae8d984", + "vulnerabilities": [ + { + "cves": [ + { + "cve": "CVE-2017-8923", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Summary of test", + "severity": "High", + "components": { + "gav://org.yaml:snakeyaml:1.16": { + "fixed_versions": [ + "[1.26]" + ], + "impact_paths": [ + [ + { + "component_id": "gav://co.com.test.com" + }, + { + "component_id": "gav://co.com.test.com", + "full_path": "lib/snakeyaml-1.16.jar" + } + ] + ] + } + }, + "issue_id": "XRAY-92904", + "references": [ + "https://test.com.co" + ] + }, + { + "cves": [ + { + "cve": "CVE-2014-0114", + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ], + "summary": "Summary test", + "severity": "High", + "components": { + "gav://test": { + "fixed_versions": [ + "[1.9.4]" + ], + "impact_paths": [ + [ + { + "component_id": "gav://co.com.test.test:core:1.0.0-test" + }, + { + "component_id": "gav://test", + "full_path": "lib/commons-beanutils-1.9.2.jar" + } + ] + ] + } + }, + "issue_id": "XRAY-55616", + "references": [ + "https://test.com.co" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ], + "summary": "Summary test", + "severity": "High", + "components": { + "test_item": { + "fixed_versions": [ + "[1.2.8.RELEASE]", + "[1.3.1.RELEASE]" + ], + "impact_paths": [ + [ + { + "component_id": "gav://co.com.test.test:core:1.0.0-test" + }, + { + "component_id": "gav://test.com.co", + "full_path": "lib/test/libtest" + } + ] + ] + } + }, + "issue_id": "XRAY-79870", + "references": [ + "https://test.com.co" + ] + } + ], + "component_id": "gav://co.com.test.test:core:1.0.0-test", + "package_type": "Maven", + "status": "completed" + } + ] diff --git a/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_docker.json b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_docker.json new file mode 100644 index 00000000000..4af60fa95db --- /dev/null +++ b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_docker.json @@ -0,0 +1,129 @@ +[ + { + "scan_id": "2c4c3ae7-d57d-4bf0-5afa-f191b309a2e2", + "vulnerabilities": [ + { + "cves": [ + { + "cve": "CVE-2023-3446" + } + ], + "summary": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "severity": "Unknown", + "components": { + "alpine://3.18:libcrypto3:3.1.1-r1": { + "fixed_versions": [ + "[3.1.1-r3]" + ], + "impact_paths": [ + [ + { + "component_id": "docker://alpine:latest" + }, + { + "component_id": "generic://sha256:78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar", + "full_path": "sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar" + }, + { + "component_id": "alpine://3.18:libcrypto3:3.1.1-r1", + "full_path": "3.18:libcrypto3:3.1.1-r1" + } + ] + ] + }, + "alpine://3.18:libssl3:3.1.1-r1": { + "fixed_versions": [ + "[3.1.1-r3]" + ], + "impact_paths": [ + [ + { + "component_id": "docker://alpine:latest" + }, + { + "component_id": "generic://sha256:78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar", + "full_path": "sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar" + }, + { + "component_id": "alpine://3.18:libssl3:3.1.1-r1", + "full_path": "3.18:libssl3:3.1.1-r1" + } + ] + ] + } + }, + "issue_id": "XRAY-526273", + "references": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://www.openssl.org/news/secadv/20230719.txt" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-2975" + } + ], + "summary": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be mislead by removing\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", + "severity": "Unknown", + "components": { + "alpine://3.18:libcrypto3:3.1.1-r1": { + "fixed_versions": [ + "[3.1.1-r2]" + ], + "impact_paths": [ + [ + { + "component_id": "docker://alpine:latest" + }, + { + "component_id": "generic://sha256:78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar", + "full_path": "sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar" + }, + { + "component_id": "alpine://3.18:libcrypto3:3.1.1-r1", + "full_path": "3.18:libcrypto3:3.1.1-r1" + } + ] + ] + }, + "alpine://3.18:libssl3:3.1.1-r1": { + "fixed_versions": [ + "[3.1.1-r2]" + ], + "impact_paths": [ + [ + { + "component_id": "docker://alpine:latest" + }, + { + "component_id": "generic://sha256:78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar", + "full_path": "sha256__78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c.tar" + }, + { + "component_id": "alpine://3.18:libssl3:3.1.1-r1", + "full_path": "3.18:libssl3:3.1.1-r1" + } + ] + ] + } + }, + "issue_id": "XRAY-523321", + "references": [ + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", + "https://www.openssl.org/news/secadv/20230714.txt" + ] + } + ], + "component_id": "docker://alpine:latest", + "package_type": "Docker", + "status": "completed" + } +] diff --git a/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_pypi.json b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_pypi.json new file mode 100644 index 00000000000..12a51deb52a --- /dev/null +++ b/unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_pypi.json @@ -0,0 +1,9130 @@ +[ + { + "scan_id": "b89a2883-51d6-4276-6aeb-e16307acddd6", + "vulnerabilities": [ + { + "cves": [ + { + "cve": "CVE-2023-30608", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n", + "severity": "High", + "components": { + "pypi://sqlparse:0.4.3": { + "fixed_versions": [ + "[0.4.4]" + ], + "impact_paths": [ + [ + { + "component_id": "pypi://" + }, + { + "component_id": "pypi://django:4.1.4" + }, + { + "component_id": "pypi://sqlparse:0.4.3" + } + ] + ] + } + }, + "issue_id": "XRAY-515353", + "references": [ + "https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb", + "https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a", + "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2", + "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-24580", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.", + "severity": "High", + "components": { + "pypi://django:4.1.4": { + "fixed_versions": [ + "[3.2.19]", + "[4.1.9]", + "[4.2.1]" + ], + "impact_paths": [ + [ + { + "component_id": "pypi://" + }, + { + "component_id": "pypi://django:4.1.4" + } + ] + ] + } + }, + "issue_id": "XRAY-418183", + "references": [ + "http://www.openwall.com/lists/oss-security/2023/02/14/1", + "https://docs.djangoproject.com/en/4.1/releases/security/", + "https://groups.google.com/forum/#!forum/django-announce", + "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html" + ], + "extended_information": { + "short_description": "A design problem in Django may lead to denial of service when processing multipart forms.", + "full_description": "[Django](https://www.djangoproject.com/) is a popular Python web framework that provides functions, components, and tools for fast web development.\r\n\r\nA vulnerability has been discovered in the Multipart Request Parser in Django. By passing certain inputs (such as an excessive number of parts) to multipart forms, an attacker can trigger too many open files or memory exhaustion, which may lead to a denial-of-service attack. \r\n\r\nThe issue is only exploitable when the `MultiPartParser` class is used by the Django app/", + "jfrog_research_severity": "High", + "jfrog_research_severity_reasons": [ + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "An attacker must find a multipart form that receives files in order to trigger this issue, although this does not require intimate per-target research and can be automated.", + "is_positive": true + }, + { + "name": "The issue is trivial to exploit and does not require a published writeup or PoC", + "description": "Exploitation only requires sending a large amount of files to a multipart form" + }, + { + "name": "The issue results in a severe impact (such as remote code execution)", + "description": "The impact of the vulnerability is a remote denial of service that requires no user interaction or per-target specific research" + }, + { + "name": "The issue can be exploited by attackers over the network", + "description": "The vulnerability is exploitable via remote multipart form requests that contain a maliciously excessive amount of files." + } + ], + "remediation": "##### Development mitigations\n\nUse AJAX to submit the form data asynchronously and use the FormData API to create a multipart/form-data request. This method allows to handle file uploads without using `MultiPartParser` explicitly. The FormData API also provides a convenient way to append form data to the request, including file uploads.\r\n```\r\n// HTML form\r\n\u003cform id=\"myForm\"\u003e\r\n \u003cinput type=\"text\" name=\"title\"\u003e\r\n \u003cinput type=\"file\" name=\"file\"\u003e\r\n \u003cbutton type=\"submit\"\u003eSubmit\u003c/button\u003e\r\n\u003c/form\u003e\r\n\r\n// JavaScript\r\n\u003cscript\u003e\r\n const form = document.getElementById('myForm');\r\n form.addEventListener('submit', async (event) =\u003e {\r\n event.preventDefault();\r\n\r\n const formData = new FormData(form);\r\n\r\n try {\r\n const response = await fetch('/upload/', {\r\n method: 'POST',\r\n body: formData\r\n });\r\n const result = await response.json();\r\n console.log(result);\r\n } catch (error) {\r\n console.error(error);\r\n }\r\n });\r\n\u003c/script\u003e\r\n\r\n// Django view\r\nfrom django.http import JsonResponse\r\n\r\ndef upload_view(request):\r\n if request.method == 'POST':\r\n title = request.POST.get('title')\r\n file = request.FILES.get('file')\r\n # process the title and file data\r\n return JsonResponse({'success': True})\r\n else:\r\n # return a response for other HTTP methods\r\n```" + } + }, + { + "cves": [ + { + "cve": "CVE-2023-23969", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.", + "severity": "High", + "components": { + "pypi://django:4.1.4": { + "fixed_versions": [ + "[3.2.19]", + "[4.1.9]", + "[4.2.1]" + ], + "impact_paths": [ + [ + { + "component_id": "pypi://" + }, + { + "component_id": "pypi://django:4.1.4" + } + ] + ] + } + }, + "issue_id": "XRAY-416423", + "references": [ + "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/", + "https://docs.djangoproject.com/en/4.1/releases/security/", + "https://groups.google.com/forum/#!forum/django-announce", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html" + ], + "extended_information": { + "short_description": "An inefficient regular expression in Django may allow remote attackers to cause denial of service when using the LocaleMiddleware middleware.", + "full_description": "[Django](https://www.djangoproject.com/) is a popular Python web framework that provides functions, components, and tools for fast web development. \r\n\r\nIn Django, it is possible to localize and translate web pages via the `LocaleMiddleware` middleware. When using said middleware, the content of the `Accept-Language` header is parsed via a regex. In order to improve performance, a caching mechanism was implemented which would cache the 1000 most recent parse results of `Accept-Language` headers.\r\n\r\nIn the vulnerable versions of Django, it was discovered that while the regex used for parsing the `Accept-Language` header is not prone to ReDoS on its own (as the regex is mostly straight forward, with little to no nesting), when combined with the caching mechanism, very long input for regex, Django is prone to excessive memory usage. This excessive memory usage results in memory exhaustion which could lead to denial of service.\r\n\r\nThe vulnerability is not exploitable under Django's default configuration since -\r\n\r\n1. The `LocaleMiddleware` is not used by default\r\n\r\n2. The vulnerability is only exploitable if the Django server is deployed via an Apache HTTP Server configured with `LimitRequestFieldSize` set to 64KB. By default, Apache's request field size limit is 8KB. The vulnerability is not exploitable when deploying Django using Nginx with either Gunicorn or uWSGI in any configuration.", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "The issue results in a severe impact (such as remote code execution)", + "description": "The impact of the vulnerability is a remote denial of service that requires no user interaction or per-target specific research" + }, + { + "name": "The issue can be exploited by attackers over the network", + "description": "The vulnerability is exploitable via remote requests that contain a maliciously crafted `Accept-Language` header." + }, + { + "name": "The issue has an exploit published", + "description": "Test code contains a PoC for invalid `Accept-Language` header." + }, + { + "name": "The prerequisites for exploiting the issue are extremely unlikely", + "description": "It is very unlikely for attackers to be able to access Django servers that are not deployed using Apache or Nginx. And when Django is deployed using Apache, it is unlikely for the request field size limit to be higher than the default amount.", + "is_positive": true + } + ] + } + }, + { + "cves": [ + { + "cve": "CVE-2023-31047", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's \"Uploading multiple files\" documentation suggested otherwise.", + "severity": "Critical", + "components": { + "pypi://django:4.1.4": { + "fixed_versions": [ + "[3.2.19]", + "[4.1.9]", + "[4.2.1]" + ], + "impact_paths": [ + [ + { + "component_id": "pypi://" + }, + { + "component_id": "pypi://django:4.1.4" + } + ] + ] + } + }, + "issue_id": "XRAY-519232", + "references": [ + "https://www.djangoproject.com/weblog/2023/may/03/security-releases/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/", + "https://docs.djangoproject.com/en/4.2/releases/security/", + "https://groups.google.com/forum/#!forum/django-announce" + ] + } + ], + "component_id": "root", + "package_type": "Generic", + "status": "completed" + }, + { + "scan_id": "5971d1ef-b6ba-4d7d-6ba0-65d595208ee3", + "vulnerabilities": [ + { + "cves": [ + { + "cve": "CVE-2022-21803", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } + ], + "summary": "This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.", + "severity": "High", + "components": { + "npm://nconf:0.6.9": { + "fixed_versions": [ + "[0.11.4]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + } + ] + ] + } + }, + "issue_id": "XRAY-208869", + "references": [ + "https://github.com/indexzero/nconf/pull/397", + "https://github.com/indexzero/nconf/releases/tag/v0.11.4", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450", + "https://snyk.io/vuln/SNYK-JS-NCONF-2395478" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-16776", + "cvss_v2_score": "5.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N", + "cvss_v3_score": "8.1", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "summary": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", + "severity": "High", + "components": { + "npm://npm:3.10.10": { + "fixed_versions": [ + "[6.14.6]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + } + ] + ] + } + }, + "issue_id": "XRAY-92764", + "references": [ + "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/", + "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://access.redhat.com/errata/RHEA-2020:0330", + "https://access.redhat.com/errata/RHSA-2020:0573", + "https://access.redhat.com/errata/RHSA-2020:0579", + "https://access.redhat.com/errata/RHSA-2020:0597", + "https://access.redhat.com/errata/RHSA-2020:0602", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-16777", + "cvss_v2_score": "5.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P", + "cvss_v3_score": "6.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "summary": "Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", + "severity": "Medium", + "components": { + "npm://npm:3.10.10": { + "fixed_versions": [ + "[6.14.6]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + } + ] + ] + } + }, + "issue_id": "XRAY-92763", + "references": [ + "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/", + "https://security.gentoo.org/glsa/202003-48", + "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://access.redhat.com/errata/RHEA-2020:0330", + "https://access.redhat.com/errata/RHSA-2020:0573", + "https://access.redhat.com/errata/RHSA-2020:0579", + "https://access.redhat.com/errata/RHSA-2020:0597", + "https://access.redhat.com/errata/RHSA-2020:0602", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-7408", + "cvss_v2_score": "4.6", + "cvss_v2_vector": "CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "7.8", + "cvss_v3_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as \"next: 5.7.0\" and therefore automatically installed by an \"npm upgrade -g npm\" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a \"correctMkdir\" issue.", + "severity": "High", + "components": { + "npm://npm:3.10.10": { + "fixed_versions": [ + "[6.14.6]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + } + ] + ] + } + }, + "issue_id": "XRAY-73410", + "references": [ + "http://blog.npmjs.org/post/171169301000/v571", + "https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0", + "https://github.com/npm/npm/issues/19883" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-16775", + "cvss_v2_score": "4.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N", + "cvss_v3_score": "6.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "summary": "Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.", + "severity": "Medium", + "components": { + "npm://npm:3.10.10": { + "fixed_versions": [ + "[6.14.6]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + } + ] + ] + } + }, + "issue_id": "XRAY-92765", + "references": [ + "https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/", + "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://access.redhat.com/errata/RHEA-2020:0330", + "https://access.redhat.com/errata/RHSA-2020:0573", + "https://access.redhat.com/errata/RHSA-2020:0579", + "https://access.redhat.com/errata/RHSA-2020:0597", + "https://access.redhat.com/errata/RHSA-2020:0602", + "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + ] + }, + { + "cves": [ + { + "cve": "CVE-2020-15095", + "cvss_v2_score": "1.9", + "cvss_v2_vector": "CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N", + "cvss_v3_score": "4.4", + "cvss_v3_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" + } + ], + "summary": "Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like \"\u003cprotocol\u003e://[\u003cuser\u003e[:\u003cpassword\u003e]@]\u003chostname\u003e[:\u003cport\u003e][:][/]\u003cpath\u003e\". The password value is not redacted and is printed to stdout and also to any generated log files.", + "severity": "Medium", + "components": { + "npm://npm:3.10.10": { + "fixed_versions": [ + "[6.14.6]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + } + ] + ] + } + }, + "issue_id": "XRAY-105289", + "references": [ + "https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/", + "https://security.gentoo.org/glsa/202101-07", + "https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07", + "https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc", + "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "2.6", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N", + "cvss_v3_score": "5.9", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "summary": "JavaScript Big Number (jsbn) index.js Multiple Functions Timing Side-channel Information Disclosure", + "severity": "Medium", + "components": { + "npm://jsbn:0.1.1": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://http-signature:1.1.1" + }, + { + "component_id": "npm://jsprim:1.4.2" + }, + { + "component_id": "npm://extsprintf:1.3.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://http-signature:1.1.1" + }, + { + "component_id": "npm://jsprim:1.4.2" + }, + { + "component_id": "npm://extsprintf:1.3.0" + }, + { + "component_id": "npm://extsprintf:1.3.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://http-signature:1.1.1" + }, + { + "component_id": "npm://sshpk:1.17.0" + }, + { + "component_id": "npm://ecc-jsbn:0.1.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://http-signature:1.1.1" + }, + { + "component_id": "npm://sshpk:1.17.0" + }, + { + "component_id": "npm://ecc-jsbn:0.1.2" + }, + { + "component_id": "npm://jsbn:0.1.1" + } + ] + ] + } + }, + "issue_id": "XRAY-228919", + "references": [ + "https://github.com/andyperlitch/jsbn/issues/43", + "https://twitter.com/SoatokDhole/status/1536765180645974016", + "https://soatok.blog/2022/06/14/when-soatok-used-bugcrowd/" + ] + }, + { + "cves": [ + { + "cve": "CVE-2020-28469" + } + ], + "summary": "Regular expression denial of service", + "severity": "Medium", + "components": { + "npm://glob-parent:2.0.0": { + "fixed_versions": [ + "[5.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://glob-parent:2.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://anymatch:1.3.2" + }, + { + "component_id": "npm://micromatch:2.3.11" + }, + { + "component_id": "npm://parse-glob:3.0.4" + }, + { + "component_id": "npm://glob-base:0.3.0" + }, + { + "component_id": "npm://glob-parent:2.0.0" + } + ] + ] + }, + "npm://glob-parent:3.1.0": { + "fixed_versions": [ + "[5.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://glob-parent:3.1.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N14", + "references": [ + "https://npmjs.com/advisories/1751", + "- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2020-28469)\n- [GitHub Advisory](https://github.com/advisories/GHSA-ww39-953v-wcq6)\n" + ] + }, + { + "cves": [ + { + "cve": "CVE-2020-28469", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.", + "severity": "High", + "components": { + "npm://glob-parent:2.0.0": { + "fixed_versions": [ + "[5.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://glob-parent:2.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://anymatch:1.3.2" + }, + { + "component_id": "npm://micromatch:2.3.11" + }, + { + "component_id": "npm://parse-glob:3.0.4" + }, + { + "component_id": "npm://glob-base:0.3.0" + }, + { + "component_id": "npm://glob-parent:2.0.0" + } + ] + ] + }, + "npm://glob-parent:3.1.0": { + "fixed_versions": [ + "[5.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://glob-parent:3.1.0" + } + ] + ] + } + }, + "issue_id": "XRAY-177872", + "references": [ + "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9", + "https://github.com/gulpjs/glob-parent/pull/36", + "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092", + "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905", + "https://www.oracle.com/security-alerts/cpujan2022.html" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "0.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:N", + "cvss_v3_score": "0.0", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" + } + ], + "summary": "Commander.js Package for Node.js index.js parse() Function Argument Parsing Arbitrary Code Execution Weakness", + "severity": "Unknown", + "components": { + "npm://commander:0.6.1": { + "fixed_versions": [ + "[3.0.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://jade:0.26.3" + }, + { + "component_id": "npm://commander:0.6.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://jade:0.26.3" + }, + { + "component_id": "npm://mkdirp:0.3.0" + } + ] + ] + }, + "npm://commander:2.3.0": { + "fixed_versions": [ + "[3.0.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://jade:0.26.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://commander:2.3.0" + } + ] + ] + }, + "npm://commander:2.5.1": { + "fixed_versions": [ + "[3.0.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ] + ] + } + }, + "issue_id": "XRAY-199126", + "references": [ + "https://advisory.checkmarx.net/advisory/CX-2019-4298", + "https://github.com/tj/commander.js/pull/1056", + "https://github.com/tj/commander.js/commit/2544df81b478a4afe15560f27b3575aa3a1581c4" + ] + }, + { + "cves": [ + { + "cve": "CVE-2020-7610", + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.", + "severity": "Critical", + "components": { + "npm://bson:1.0.9": { + "fixed_versions": [ + "[1.1.4]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mongodb:2.2.36" + }, + { + "component_id": "npm://mongodb-core:2.1.20" + }, + { + "component_id": "npm://bson:1.0.9" + } + ] + ] + } + }, + "issue_id": "XRAY-95944", + "references": [ + "https://snyk.io/vuln/SNYK-JS-BSON-561052" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-2391", + "cvss_v2_score": "5.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N", + "cvss_v3_score": "5.4", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "summary": "Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.", + "severity": "Medium", + "components": { + "npm://bson:1.0.9": { + "fixed_versions": [ + "[1.1.4]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mongodb:2.2.36" + }, + { + "component_id": "npm://mongodb-core:2.1.20" + }, + { + "component_id": "npm://bson:1.0.9" + } + ] + ] + } + }, + "issue_id": "XRAY-95979", + "references": [ + "https://github.com/mongodb/js-bson/releases/tag/v1.1.4" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "4.3", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Mocha Package for Node.js lib/utils.js clean() Function Improper Regular Expression DoS", + "severity": "High", + "components": { + "npm://mocha:2.5.3": { + "fixed_versions": [ + "[10.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + } + ] + ] + } + }, + "issue_id": "XRAY-228815", + "references": [ + "https://github.com/mochajs/mocha/pull/4770", + "https://www.huntr.dev/bounties/1d8a3d95-d199-4129-a6ad-8eafe5e77b9e/" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-28155", + "cvss_v3_score": "6.1", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "summary": "** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", + "severity": "Medium", + "components": { + "npm://request:2.36.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + } + ] + ] + }, + "npm://request:2.67.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + } + ] + ] + } + }, + "issue_id": "XRAY-428016", + "references": [ + "https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf", + "https://github.com/request/request/issues/3442", + "https://github.com/request/request/pull/3444" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-16026", + "cvss_v2_score": "7.1", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:N/A:N", + "cvss_v3_score": "5.9", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "summary": "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request \u003e=2.2.6 \u003c2.47.0 || \u003e2.51.0 \u003c=2.67.0.", + "severity": "Medium", + "components": { + "npm://request:2.36.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + } + ] + ] + }, + "npm://request:2.67.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + } + ] + ] + } + }, + "issue_id": "XRAY-72544", + "references": [ + "https://github.com/request/request/issues/1904", + "https://github.com/request/request/pull/2018", + "https://nodesecurity.io/advisories/309" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-28155" + } + ], + "summary": "Server-Side Request Forgery in Request", + "severity": "Medium", + "components": { + "npm://request:2.36.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + } + ] + ] + }, + "npm://request:2.67.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N133", + "references": [ + "https://github.com/advisories/GHSA-p8p7-x288-28g6", + "- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/advisories/GHSA-p8p7-x288-28g6" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-28155" + } + ], + "summary": "Server-Side Request Forgery in Request", + "severity": "Medium", + "components": { + "npm://request:2.36.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + } + ] + ] + }, + "npm://request:2.67.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N134", + "references": [ + "https://github.com/advisories/GHSA-p8p7-x288-28g6", + "- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/advisories/GHSA-p8p7-x288-28g6" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-28155" + } + ], + "summary": "Server-Side Request Forgery in Request", + "severity": "Medium", + "components": { + "npm://request:2.36.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + } + ] + ] + }, + "npm://request:2.67.0": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N135", + "references": [ + "https://github.com/advisories/GHSA-p8p7-x288-28g6", + "- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/advisories/GHSA-p8p7-x288-28g6" + ] + }, + { + "cves": [ + { + "cve": "CVE-2015-8858", + "cvss_v2_score": "7.8", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a \"regular expression denial of service (ReDoS).\"", + "severity": "High", + "components": { + "npm://uglify-js:2.4.24": { + "fixed_versions": [ + "[2.6.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + }, + { + "component_id": "npm://uglify-js:2.4.24" + } + ] + ] + } + }, + "issue_id": "XRAY-72508", + "references": [ + "http://www.securityfocus.com/bid/96409", + "https://nodesecurity.io/advisories/48", + "http://www.openwall.com/lists/oss-security/2016/04/20/11" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-23358", + "cvss_v2_score": "6.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3_score": "7.2", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.", + "severity": "High", + "components": { + "npm://underscore:1.8.3": { + "fixed_versions": [ + "[1.12.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://commander:2.5.1" + } + ] + ] + } + }, + "issue_id": "XRAY-159876", + "references": [ + "https://www.tenable.com/security/tns-2021-14", + "https://www.debian.org/security/2021/dsa-4883", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/", + "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503", + "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984", + "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E", + "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E", + "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E", + "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E", + "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "4.3", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P" + } + ], + "summary": "utile Package for Node.js lib/base64.js base64.encode() Function Buffer Allocation Handling Memory Consumption DoS", + "severity": "Medium", + "components": { + "npm://utile:0.2.1": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://utile:0.2.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://utile:0.2.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://utile:0.2.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://prompt:0.2.14" + }, + { + "component_id": "npm://utile:0.2.1" + } + ] + ] + }, + "npm://utile:0.3.0": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + } + ] + ] + } + }, + "issue_id": "XRAY-78627", + "references": [ + "https://hackerone.com/reports/321701", + "https://www.npmjs.com/package/utile" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-3728", + "cvss_v2_score": "6.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3_score": "8.8", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.", + "severity": "High", + "components": { + "npm://hoek:0.9.1": { + "fixed_versions": [ + "[4.2.1]", + "[5.0.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://boom:0.4.2" + }, + { + "component_id": "npm://hoek:0.9.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://hoek:0.9.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://sntp:0.2.4" + }, + { + "component_id": "npm://hoek:0.9.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://cryptiles:0.2.2" + }, + { + "component_id": "npm://boom:0.4.2" + }, + { + "component_id": "npm://hoek:0.9.1" + } + ] + ] + }, + "npm://hoek:2.16.3": { + "fixed_versions": [ + "[4.2.1]", + "[5.0.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://sntp:1.0.9" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://sntp:1.0.9" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + }, + { + "component_id": "npm://boom:2.10.1" + }, + { + "component_id": "npm://hoek:2.16.3" + } + ] + ] + } + }, + "issue_id": "XRAY-73062", + "references": [ + "http://www.securityfocus.com/bid/103108", + "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee", + "https://nodesecurity.io/advisories/566", + "https://hackerone.com/reports/310439", + "https://snyk.io/vuln/npm:hoek:20180212", + "https://access.redhat.com/errata/RHSA-2018:1263", + "https://access.redhat.com/errata/RHSA-2018:1264" + ] + }, + { + "cves": [ + { + "cve": "CVE-2016-10540", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.", + "severity": "High", + "components": { + "npm://minimatch:0.3.0": { + "fixed_versions": [ + "[3.0.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ] + ] + } + }, + "issue_id": "XRAY-72610", + "references": [ + "https://nodesecurity.io/advisories/118" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-3517" + } + ], + "summary": "minimatch ReDoS vulnerability", + "severity": "High", + "components": { + "npm://minimatch:0.3.0": { + "fixed_versions": [ + "[3.0.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N91", + "references": [ + "https://github.com/advisories/GHSA-f8q6-p94x-37v3", + "- https://nvd.nist.gov/vuln/detail/CVE-2022-3517\n- https://github.com/grafana/grafana-image-renderer/issues/329\n- https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6\n- https://github.com/nodejs/node/issues/42510\n- https://github.com/advisories/GHSA-f8q6-p94x-37v3" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-3517", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", + "severity": "High", + "components": { + "npm://minimatch:0.3.0": { + "fixed_versions": [ + "[3.0.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://glob:3.2.11" + }, + { + "component_id": "npm://minimatch:0.3.0" + } + ] + ] + } + }, + "issue_id": "XRAY-257996", + "references": [ + "https://github.com/grafana/grafana-image-renderer/issues/329", + "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-20162", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.", + "severity": "Medium", + "components": { + "npm://ms:0.7.1": { + "fixed_versions": [ + "[2.0.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + }, + { + "component_id": "npm://ms:0.7.1" + } + ] + ] + } + }, + "issue_id": "XRAY-413139", + "references": [ + "https://github.com/vercel/ms/commit/caae2988ba2a37765d055c4eee63d383320ee662", + "https://github.com/vercel/ms/pull/89", + "https://github.com/vercel/ms/releases/tag/2.0.0", + "https://vuldb.com/?ctiid.217451", + "https://vuldb.com/?id.217451" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P" + } + ], + "summary": "Platform.js HTTP User-Agent Header Parsing Regular Expression Handling Remote DoS", + "severity": "Medium", + "components": { + "npm://platform:1.3.1": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://helmet-csp:1.2.2" + }, + { + "component_id": "npm://lodash.reduce:4.5.0" + } + ] + ] + } + }, + "issue_id": "XRAY-78635", + "references": [ + "https://github.com/bestiejs/platform.js", + "https://github.com/bestiejs/platform.js/issues/139" + ] + }, + { + "cves": [ + { + "cve": "CVE-2014-10064", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.", + "severity": "High", + "components": { + "npm://qs:0.6.6": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + } + }, + "issue_id": "XRAY-72519", + "references": [ + "https://nodesecurity.io/advisories/28" + ] + }, + { + "cves": [ + { + "cve": "CVE-2014-7191", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P" + } + ], + "summary": "The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.", + "severity": "Medium", + "components": { + "npm://qs:0.6.6": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + } + }, + "issue_id": "XRAY-73097", + "references": [ + "http://www-01.ibm.com/support/docview.wss?uid=swg21685987", + "http://www-01.ibm.com/support/docview.wss?uid=swg21687263", + "http://www-01.ibm.com/support/docview.wss?uid=swg21687928", + "https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8", + "https://github.com/visionmedia/node-querystring/issues/104", + "https://nodesecurity.io/advisories/qs_dos_memory_exhaustion", + "https://access.redhat.com/errata/RHSA-2016:1380", + "http://secunia.com/advisories/60026", + "http://secunia.com/advisories/62170", + "https://exchange.xforce.ibmcloud.com/vulnerabilities/96729" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-1000048", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.", + "severity": "High", + "components": { + "npm://qs:0.6.6": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + }, + "npm://qs:5.2.1": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://qs:5.2.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-94949", + "references": [ + "https://github.com/ljharb/qs/issues/200", + "https://access.redhat.com/errata/RHSA-2017:2672" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-24999", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b\u0026a[__proto__]\u0026a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable).", + "severity": "High", + "components": { + "npm://qs:0.6.6": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + }, + "npm://qs:5.2.1": { + "fixed_versions": [ + "[6.10.3]", + "[6.2.4]", + "[6.3.3]", + "[6.4.1]", + "[6.5.3]", + "[6.6.1]", + "[6.7.3]", + "[6.8.3]", + "[6.9.7]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://qs:5.2.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-262099", + "references": [ + "https://github.com/expressjs/express/releases/tag/4.17.3", + "https://github.com/ljharb/qs/pull/428", + "https://github.com/n8tz/CVE-2022-24999" + ], + "extended_information": { + "short_description": "Insufficient input validation in qs leads to prototype pollution when parsing attacker-controlled query strings.", + "full_description": "[qs](https://npmjs.org/package/qs) is an npm library that provides query string parsing to objects and stringifying.\r\n\r\n[Express.js](https://www.npmjs.com/package/express) is a trending web framework for Node.js and uses `qs` as one of its dependencies.\r\n\r\nIt was discovered that the `parseObject` function in `qs` did not guard against prototype pollution when parsing query strings, by allowing the use of `__proto__` keys instead of ignoring them. Therefore, any calls with untrusted user input would cause the injection of arbitrary values into the Object prototype and could lead to denial-of-service.\r\n\r\nBy default, the `qs` library doesn't allow prototypes when parsing, so only non-default parsing configurations are affected. An example: `qs.parse(payload, { allowPrototypes: true });`\r\n\r\nThe issue also affects `Express.js` web framework, which uses the `qs` package to parse user-supplied query strings (from `HTTP GET` requests). That is due to `Express.js` parsing the queries with the `qs` `allowPrototypes=true` option enabled by default.\r\nThe vulnerable function is called when processing a request and does not have to be invoked by the developer directly.\r\n\r\nWhen treating the resulting query object that is inside `req.query` as a string or as an array, it causes Node.js to hang. An example would be code that processes a string addition: `const newVar = req.query.testString + \"0\";`\r\nAnother example would be code that searches an element in an array: `req.query.testArray.indexOf(\"123\")`\r\n\r\nThe vulnerability doesn't affect the use of `qs` with default configuration (without the enabling of `allowPrototypes`).\r\n\r\nExample malicious query string payload -\r\n```\r\na[__proto__]\u0026a[__proto__]\u0026a[length]=100000000\r\n```", + "jfrog_research_severity": "High", + "jfrog_research_severity_reasons": [ + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "description": "A prototype pollution attack allows the attacker to inject new properties to all JavaScript objects (but not set existing properties).\r\nTherefore, the impact of a prototype pollution attack depends on the way the JavaScript code uses any object properties after the attack is triggered.\r\nUsually, a DoS attack is possible since invalid properties quickly lead to an exception being thrown. In more severe cases, RCE may be achievable.", + "is_positive": true + }, + { + "name": "The issue can be exploited by attackers over the network", + "description": "`express` is a Node.js web framework and is very likely to parse user-supplied query strings." + }, + { + "name": "The issue is trivial to exploit and does not require a published writeup or PoC", + "description": "Prototype pollution is well documented and the vulnerability is very trivial to exploit." + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "In `qs`, only applicable to `qs.parse` calls that have the `allowPrototypes=true` option, which is not enabled by default.\r\nIn `express`, the vulnerability is exploitable by default, but mostly for denial-of-service impact", + "is_positive": true + }, + { + "name": "The issue has a detailed technical explanation published, that can aid in exploit development", + "description": "Multiple public Proof-of-Concepts demonstrating exploitation of this issue are available, including a detailed writeup." + } + ], + "remediation": "##### Development mitigations\n\nAdd the `Object.freeze(Object.prototype);` directive once at the beginning of your main JS source code file (ex. `index.js`), preferably after all your `require` directives. This will prevent any changes to the prototype object, thus completely negating prototype pollution attacks.\n\n##### Development mitigations\n\nIn `qs`, don't use the `{ allowPrototypes: true}` parsing option.\r\nIn `express`, add the following line to switch from using the vulnerable `qs` to `query-string` npm library:\r\n```\r\napp.set('query parser', 'simple');\r\n```" + } + }, + { + "cves": [ + { + "cvss_v2_score": "7.1", + "cvss_v2_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "mongodb Package for Node.js (node-mongodb-native) lib/operations/db_ops.js createCollection() Function Collection Name Validation Improper Exception Handling DoS", + "severity": "High", + "components": { + "npm://mongodb:2.2.36": { + "fixed_versions": [ + "[3.1.13]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mongodb:2.2.36" + } + ] + ] + } + }, + "issue_id": "XRAY-90643", + "references": [ + "https://www.npmjs.com/advisories/1203", + "https://jira.mongodb.org/browse/NODE-1839", + "https://github.com/mongodb/node-mongodb-native/commit/210c71dccd8d8fdeadd9b4d1571e5fdb93e0f02f" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-0842", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "summary": "xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.", + "severity": "Medium", + "components": { + "npm://xml2js:0.4.4": { + "fixed_versions": [ + "[0.5.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://selenium-webdriver:2.53.3" + }, + { + "component_id": "npm://xml2js:0.4.4" + } + ] + ] + } + }, + "issue_id": "XRAY-513455", + "references": [ + "https://fluidattacks.com/advisories/myers/", + "https://github.com/Leonidas-from-XIV/node-xml2js/" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-29167", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.", + "severity": "High", + "components": { + "npm://hawk:1.0.0": { + "fixed_versions": [ + "[3.1.3]", + "[4.1.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + }, + "npm://hawk:3.1.3": { + "fixed_versions": [ + "[9.0.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-209780", + "references": [ + "https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq", + "https://github.com/mozilla/hawk/pull/286" + ] + }, + { + "cves": [ + { + "cve": "CVE-2016-1000232", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.", + "severity": "Medium", + "components": { + "npm://tough-cookie:2.2.2": { + "fixed_versions": [ + "[2.3.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://tough-cookie:2.2.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-73084", + "references": [ + "https://access.redhat.com/security/cve/cve-2016-1000232", + "https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae", + "https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534", + "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/", + "https://www.npmjs.com/advisories/130", + "https://access.redhat.com/errata/RHSA-2016:2101", + "https://access.redhat.com/errata/RHSA-2017:2912" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-15010", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.", + "severity": "High", + "components": { + "npm://tough-cookie:2.2.2": { + "fixed_versions": [ + "[2.3.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://tough-cookie:2.2.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-72482", + "references": [ + "http://www.securityfocus.com/bid/101185", + "https://github.com/salesforce/tough-cookie/issues/92", + "https://nodesecurity.io/advisories/525", + "https://snyk.io/vuln/npm:tough-cookie:20170905", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/", + "https://access.redhat.com/errata/RHSA-2017:2912", + "https://access.redhat.com/errata/RHSA-2017:2913", + "https://access.redhat.com/errata/RHSA-2018:1263", + "https://access.redhat.com/errata/RHSA-2018:1264" + ] + }, + { + "summary": "Memory Exposure in tunnel-agent", + "severity": "Medium", + "components": { + "npm://tunnel-agent:0.4.3": { + "fixed_versions": [ + "[0.6.0,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://tunnel-agent:0.4.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-N78", + "references": [ + "https://github.com/advisories/GHSA-xc7v-wxcw-j472", + "- https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0\n- https://www.npmjs.com/advisories/598\n- https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4\n- https://github.com/advisories/GHSA-xc7v-wxcw-j472" + ] + }, + { + "summary": "Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)", + "severity": "Medium", + "components": { + "npm://minimist:0.0.10": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ] + ] + }, + "npm://minimist:0.0.8": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ] + ] + } + }, + "issue_id": "XRAY-N39", + "references": [ + "https://github.com/advisories/GHSA-7fhm-mqm4-2wp7", + "- https://github.com/advisories/GHSA-6chw-6frg-f759\n- https://github.com/advisories/GHSA-7fhm-mqm4-2wp7" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "10.0", + "cvss_v2_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "minimist Package for Node.js --__proto__.y=Polluted Argument Handling Prototype Pollution Remote Property Manipulation", + "severity": "Critical", + "components": { + "npm://minimist:0.0.10": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ] + ] + }, + "npm://minimist:0.0.8": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ] + ] + } + }, + "issue_id": "XRAY-95632", + "references": [ + "https://bdu.fstec.ru/vul/2020-01147", + "https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95", + "https://www.npmjs.com/advisories/1179", + "https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-44906", + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", + "severity": "Critical", + "components": { + "npm://minimist:0.0.10": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ] + ] + }, + "npm://minimist:0.0.8": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ] + ] + } + }, + "issue_id": "XRAY-200203", + "references": [ + "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip", + "https://github.com/substack/minimist/blob/master/index.js#L69", + "https://github.com/substack/minimist/issues/164", + "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", + "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" + ], + "extended_information": { + "short_description": "Insufficient input validation in Minimist npm package leads to prototype pollution of constructor functions which allows remote attacker with unspecified impact.", + "full_description": "[Minimist](https://github.com/substack/minimist) is a simple and very popular argument parser. It is used by more than 14 million by Mar 2022. This package developers stopped developing it since April 2020 and its community released a [newer version](https://github.com/meszaros-lajos-gyorgy/minimist-lite) supported by the community.\r\n\r\n\r\nAn incomplete fix for [CVE-2020-7598](https://nvd.nist.gov/vuln/detail/CVE-2020-7598) partially blocked prototype pollution attacks. Researchers discovered that it does not check for constructor functions which means they can be overridden. This behavior can be triggered easily when using it insecurely (which is the common usage). For example:\r\n```\r\nvar argv = parse(['--_.concat.constructor.prototype.y', '123']);\r\nt.equal((function(){}).foo, undefined);\r\nt.equal(argv.y, undefined);\r\n```\r\nIn this example, `prototype.y` is assigned with `123` which will be derived to every newly created object. \r\n\r\nThis vulnerability can be triggered when the attacker-controlled input is parsed using Minimist without any validation. As always with prototype pollution, the impact depends on the code that follows the attack, but denial of service is almost always guaranteed.", + "jfrog_research_severity": "High", + "jfrog_research_severity_reasons": [ + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "description": "A prototype pollution attack allows the attacker to inject new properties to all JavaScript objects (but not set existing properties).\r\nTherefore, the impact of a prototype pollution attack depends on the way the JavaScript code uses any object properties after the attack is triggered.\r\nUsually, a DoS attack is possible since invalid properties quickly lead to an exception being thrown. In more severe cases, RCE may be achievable.", + "is_positive": true + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "An attacker must be able to control a command-line parameter that is passed to a Node.js program that uses Minimist to parse the arguments", + "is_positive": true + }, + { + "name": "The issue has an exploit published", + "description": "A public PoC demonstrated exploitation of this attack, with an unspecified impact" + } + ], + "remediation": "##### Development mitigations\n\nAdd the `Object.freeze(Object.prototype);` directive once at the beginning of your main JS source code file (ex. `index.js`), preferably after all your `require` directives. This will prevent any changes to the prototype object, thus completely negating prototype pollution attacks." + } + }, + { + "cves": [ + { + "cve": "CVE-2020-7598", + "cvss_v2_score": "6.8", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "5.6", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "summary": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload.", + "severity": "Medium", + "components": { + "npm://minimist:0.0.10": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://broadway:0.3.6" + }, + { + "component_id": "npm://nconf:0.6.9" + }, + { + "component_id": "npm://async:0.2.9" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://flatiron:0.4.3" + }, + { + "component_id": "npm://optimist:0.6.0" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + }, + { + "component_id": "npm://optimist:0.6.1" + }, + { + "component_id": "npm://minimist:0.0.10" + } + ] + ] + }, + "npm://minimist:0.0.8": { + "fixed_versions": [ + "[0.2.1]", + "[1.2.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-npm-install:0.3.1" + }, + { + "component_id": "npm://npm:3.10.10" + }, + { + "component_id": "npm://mkdirp:0.5.1" + }, + { + "component_id": "npm://minimist:0.0.8" + } + ] + ] + } + }, + "issue_id": "XRAY-95385", + "references": [ + "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", + "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html" + ], + "extended_information": { + "short_description": "Missing sanitization in minimist can lead to prototype pollution when parsing command line arguments.", + "full_description": "Node-js based applications (command line tools) that use the [minimist]() package to parse command line arguments can be vulnerable to prototype pollution if an attacker can fully control the arguments provided to the command line tools. The security impact depends on the specific application, since this is a prototype pollution issue, and can range from no impact at all, to authentication bypass, DoS or even RCE.\r\n\r\nAs an demonstration of an application vulnerable to authentication bypass, the following application reads a configuration file and makes a decision based on it. However, it also uses `minimist` and is thus vulnerable to this vulnerability -\r\n\r\n```js\r\nconst minimist = require('minimist');\r\nconst fs = require('fs');\r\n\r\nconst argv = minimist(process.argv.slice(2));\r\n\r\nlet confdata = fs.readFileSync('conf.json');\r\nlet conf = JSON.parse(confdata);\r\n\r\nif (conf.role == 'admin') {\r\n // grant access\r\n} else {\r\n // deny access\r\n}\r\n```\r\n\r\nThis assumes the attacker is able to execute the vulnerable application and control the command line arguments (this usually would only be possible if the attacker has local privileges and shell access that will allow the execution of the application with arbitrary command line arguments). \r\n\r\nIn the example, the attacker would want to modify the value of the `role` property to `admin`, which can be achieved by executing the vulnerable application in this way -\r\n\r\n```bash\r\n./vulnerable_node_app --__proto__.role admin\r\n```\r\n\r\nThe vulnerable application is using the `role` property to decide whether to allow or deny application-specific actions. However, exploitation would require specific tailoring to the vulnerable application, as other applications might not have a similar property. The specific exploitation method would need to be researched by the attacker, which would also require the attacker having some access to the vulnerable application code).\r\n\r\nWhile an exploit was [published](https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a), it is not generic and would need to be modified to the specific application under attack. Moreover, from the attacker perspective the crux of being able to even use this exploit is being able to control the command line arguments in the first place.", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "The prerequisites for exploiting the issue are extremely unlikely", + "description": "It is highly uncommon for applications to receive arguments directly from network input or unprivileged local users", + "is_positive": true + }, + { + "name": "The reported CVSS was either wrongly calculated, downgraded by other vendors, or does not reflect the vulnerability's impact", + "description": "Attacker vector, AV, was set to network even though this vulnerability cannot be necessarily triggered from the network, only in very specific environments that take network input and provide it as an argument to applications that use minimist", + "is_positive": true + } + ] + } + }, + { + "cves": [ + { + "cvss_v2_score": "9.3", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "unset-value Package for Node.js index.js unset() Function Prototype Pollution Arbitrary Code Execution", + "severity": "Critical", + "components": { + "npm://unset-value:1.0.0": { + "fixed_versions": [ + "[2.0.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://cache-base:1.0.1" + }, + { + "component_id": "npm://unset-value:1.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ] + ] + } + }, + "issue_id": "XRAY-198324", + "references": [ + "https://github.com/jonschlinkert/unset-value/issues/11", + "https://github.com/jonschlinkert/unset-value/pull/12", + "https://github.com/jonschlinkert/unset-value/commit/56fe0f2374c73f281a5b44909dcec3a4f9d6f9f4" + ], + "extended_information": { + "short_description": "Insufficient input validation in unset-value unset() leads to prototype pollution", + "full_description": "[unset-value](https://www.npmjs.com/package/unset-value) is small JavaScript utility package that provides an API to delete nested properties from an object using dot notation\n\nThe function `unset` was found to be vulnerable to prototype pollution, when accepting arbitrary properties from untrusted input\n\nExample of code vulnerable to this issue - \n```js\nconst unset = require('unset-value'); \nconst evilprop = '__proto__.toString';\nunset({}, evilprop);\n```\n\nSince this prototype pollution only allows to remove properties from the prototype (and not set them to arbitrary values), the pollution leads to denial of service only and won't lead to remote code execution in feasible scenarios.", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "Context-dependent exploitation", + "description": "An attacker must find remote input that propagates into the `unset` method (2nd arg)", + "is_positive": true + }, + { + "name": "Context-dependent impact", + "description": "A prototype pollution attack allows the attacker to inject new properties to all JavaScript objects (but not set existing properties).\nTherefore, the impact of a prototype pollution attack depends on the way the JavaScript code uses any object properties after the attack is triggered.\nIn this specific case, properties can only be deleted from the prototype. Therefore, the only feasible impact is a denial of service attack.", + "is_positive": true + }, + { + "name": "Has published exploit", + "description": "The package's test code contains a PoC that triggers the vulnerability " + } + ], + "remediation": "##### Development mitigation\n\nAdd the `Object.freeze(Object.prototype);` directive once at the beginning of your main JS source code file (ex. `index.js`), preferably after all your `require` directives. This will prevent any changes to the prototype object, thus completely negating prototype pollution attacks." + } + }, + { + "summary": "Remote Memory Exposure", + "severity": "High", + "components": { + "npm://bl:1.0.3": { + "fixed_versions": [ + "[1.2.3]", + "[2.2.1]", + "[3.0.1]", + "[4.0.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://bl:1.0.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-N17", + "references": [ + "https://npmjs.com/advisories/1555", + "- https://github.com/advisories/GHSA-pp7h-53gx-mx7r\n- https://nvd.nist.gov/vuln/detail/CVE-2020-8244\n- https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e\n- https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190\n- https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466\n- https://hackerone.com/reports/966347" + ] + }, + { + "cves": [ + { + "cve": "CVE-2020-8244", + "cvss_v2_score": "6.4", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P", + "cvss_v3_score": "6.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" + } + ], + "summary": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.", + "severity": "Medium", + "components": { + "npm://bl:1.0.3": { + "fixed_versions": [ + "[1.2.3]", + "[2.2.1]", + "[3.0.1]", + "[4.0.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://bl:1.0.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://isstream:0.1.2" + } + ] + ] + } + }, + "issue_id": "XRAY-122434", + "references": [ + "https://hackerone.com/reports/966347", + "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-1109", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.", + "severity": "Medium", + "components": { + "npm://braces:1.8.5": { + "fixed_versions": [ + "[2.3.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://anymatch:1.3.2" + }, + { + "component_id": "npm://micromatch:2.3.11" + }, + { + "component_id": "npm://array-unique:0.2.1" + } + ] + ] + } + }, + "issue_id": "XRAY-160030", + "references": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1547272", + "https://snyk.io/vuln/npm:braces:20180219" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-1000620" + } + ], + "summary": "Insufficient Entropy", + "severity": "High", + "components": { + "npm://cryptiles:0.2.2": { + "fixed_versions": [ + "[4.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://cryptiles:0.2.2" + } + ] + ] + }, + "npm://cryptiles:2.0.5": { + "fixed_versions": [ + "[4.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ] + ] + } + }, + "issue_id": "XRAY-N10", + "references": [ + "https://npmjs.com/advisories/1464", + "- [GitHub PR](https://github.com/hapijs/cryptiles/issues/34)" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-1000620", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.", + "severity": "Critical", + "components": { + "npm://cryptiles:0.2.2": { + "fixed_versions": [ + "[4.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + }, + { + "component_id": "npm://cryptiles:0.2.2" + } + ] + ] + }, + "npm://cryptiles:2.0.5": { + "fixed_versions": [ + "[4.1.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://retire:1.1.6" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-retire:0.3.12" + }, + { + "component_id": "npm://request:2.67.0" + }, + { + "component_id": "npm://hawk:3.1.3" + }, + { + "component_id": "npm://cryptiles:2.0.5" + } + ] + ] + } + }, + "issue_id": "XRAY-84448", + "references": [ + "https://github.com/hapijs/cryptiles/issues/34" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-20165" + } + ], + "summary": "debug Inefficient Regular Expression Complexity vulnerability", + "severity": "Low", + "components": { + "npm://debug:2.2.0": { + "fixed_versions": [ + "[2.6.9]", + "[3.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ] + ] + }, + "npm://debug:2.6.9": { + "fixed_versions": [ + "[3.1.0,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://express-session:1.17.3" + }, + { + "component_id": "npm://debug:2.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://express:4.18.2" + }, + { + "component_id": "npm://body-parser:1.20.1" + }, + { + "component_id": "npm://debug:2.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://body-parser:1.20.2" + }, + { + "component_id": "npm://debug:2.6.9" + } + ] + ] + } + }, + "issue_id": "XRAY-N115", + "references": [ + "https://github.com/advisories/GHSA-9vvw-cc9w-f27h", + "- https://nvd.nist.gov/vuln/detail/CVE-2017-20165\n- https://github.com/debug-js/debug/pull/504\n- https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685\n- https://github.com/debug-js/debug/releases/tag/3.1.0\n- https://vuldb.com/?ctiid.217665\n- https://vuldb.com/?id.217665\n- https://github.com/advisories/GHSA-9vvw-cc9w-f27h" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-20165" + } + ], + "summary": "debug Inefficient Regular Expression Complexity vulnerability", + "severity": "Low", + "components": { + "npm://debug:2.2.0": { + "fixed_versions": [ + "[2.6.9]", + "[3.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ] + ] + }, + "npm://debug:2.6.9": { + "fixed_versions": [ + "[3.1.0,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://express-session:1.17.3" + }, + { + "component_id": "npm://debug:2.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://express:4.18.2" + }, + { + "component_id": "npm://body-parser:1.20.1" + }, + { + "component_id": "npm://debug:2.6.9" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://body-parser:1.20.2" + }, + { + "component_id": "npm://debug:2.6.9" + } + ] + ] + } + }, + "issue_id": "XRAY-N116", + "references": [ + "https://github.com/advisories/GHSA-9vvw-cc9w-f27h", + "- https://nvd.nist.gov/vuln/detail/CVE-2017-20165\n- https://github.com/debug-js/debug/pull/504\n- https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685\n- https://github.com/debug-js/debug/releases/tag/3.1.0\n- https://vuldb.com/?ctiid.217665\n- https://vuldb.com/?id.217665\n- https://github.com/advisories/GHSA-9vvw-cc9w-f27h" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-41720" + } + ], + "summary": "Arbitrary code execution in lodash", + "severity": "Critical", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + }, + "npm://lodash:4.17.21": { + "fixed_versions": [ + "(,0.0.0)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-watch:1.1.0" + }, + { + "component_id": "npm://async:2.6.4" + }, + { + "component_id": "npm://lodash:4.17.21" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-watch:1.1.0" + }, + { + "component_id": "npm://gaze:1.1.3" + }, + { + "component_id": "npm://globule:1.3.4" + }, + { + "component_id": "npm://lodash:4.17.21" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-jsbeautifier:0.2.13" + }, + { + "component_id": "npm://async:2.6.4" + }, + { + "component_id": "npm://lodash:4.17.21" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://async:2.6.4" + }, + { + "component_id": "npm://lodash:4.17.21" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-jshint:1.1.0" + }, + { + "component_id": "npm://jshint:2.9.7" + }, + { + "component_id": "npm://cli:1.0.1" + } + ] + ] + } + }, + "issue_id": "XRAY-N51", + "references": [ + "https://github.com/advisories/GHSA-8p5q-j9m2-g8wr", + "- https://nvd.nist.gov/vuln/detail/CVE-2021-23337\n- https://nvd.nist.gov/vuln/detail/CVE-2021-41720\n- https://github.com/advisories/GHSA-8p5q-j9m2-g8wr" + ] + }, + { + "summary": "Regular Expression Denial of Service", + "severity": "High", + "components": { + "npm://diff:1.4.0": { + "fixed_versions": [ + "[3.5.0,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://jade:0.26.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://diff:1.4.0" + } + ] + ] + } + }, + "issue_id": "XRAY-N21", + "references": [ + "https://npmjs.com/advisories/1631", + "- [WhiteSource Advisory](https://www.whitesourcesoftware.com/vulnerability-database/WS-2018-0590)\n- [Snyk Advisory](https://snyk.io/vuln/npm:diff:20180305)\n- [GitHub Advisory](https://github.com/advisories/GHSA-h6ch-v84p-w6p9)" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-16115", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.", + "severity": "High", + "components": { + "npm://timespan:2.3.0": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://timespan:2.3.0" + } + ] + ] + } + }, + "issue_id": "XRAY-73065", + "references": [ + "https://github.com/indexzero/TimeSpan.js/issues/10", + "https://nodesecurity.io/advisories/533" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "4.3", + "cvss_v2_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "cvss_v3_score": "6.1", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "summary": "helmet-csp Package for Node.js lib/transform-directives-for-browser.ts transformDirectivesForBrowser() Function Default Directive Handling Content Security Policy Bypass", + "severity": "Medium", + "components": { + "npm://helmet-csp:1.2.2": { + "fixed_versions": [ + "[2.9.2]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://helmet-csp:1.2.2" + } + ] + ] + } + }, + "issue_id": "XRAY-89144", + "references": [ + "https://www.npmjs.com/advisories/1176", + "https://www.npmjs.com/package/helmet-csp", + "https://github.com/helmetjs/csp/commit/67a69baafa8198a154f0505a0cf0875f76f6186a", + "https://github.com/helmetjs/csp/blob/v2.9.2/CHANGELOG.md" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-16137", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.", + "severity": "Medium", + "components": { + "npm://debug:2.2.0": { + "fixed_versions": [ + "[2.6.9]", + "[3.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ] + ] + } + }, + "issue_id": "XRAY-72687", + "references": [ + "https://github.com/visionmedia/debug/issues/501", + "https://github.com/visionmedia/debug/pull/504", + "https://nodesecurity.io/advisories/534", + "https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E", + "https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-20165", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.", + "severity": "High", + "components": { + "npm://debug:2.2.0": { + "fixed_versions": [ + "[2.6.9]", + "[3.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://finalhandler:0.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://helmet:2.3.0" + }, + { + "component_id": "npm://connect:3.4.1" + }, + { + "component_id": "npm://debug:2.2.0" + } + ] + ] + } + }, + "issue_id": "XRAY-413253", + "references": [ + "https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685", + "https://github.com/debug-js/debug/pull/504", + "https://github.com/debug-js/debug/releases/tag/3.1.0", + "https://vuldb.com/?ctiid.217665", + "https://vuldb.com/?id.217665" + ], + "extended_information": { + "short_description": "Unbounded resource consumption in debug-js package could lead to denial of service when an attacker-controlled object is pretty-printed.", + "full_description": "[debug-js](https://npmjs.com/package/debug) is a tiny JavaScript debugging utility modeled after Node.js core's debugging technique. `debug-js` targets both Node.js and web browsers, and uses printf-style formatting.\r\n\r\nCode that uses debug-js is prone to denial of service when trying to pretty-print an attacker-controlled object, for example - `debug('Object: %o', obj);`\r\n\r\nIt was discovered that the `o` formatter, used to pretty-print an `Object` in a single line, had an unbounded memory footprint, which may lead to denial-of-service.\r\n\r\nTo pretty-print an object, the `o` formatter joins all the formatted object text to a single line and sends it to the built-in Node.js function `util.inspect()`. After that, it trims any whitespace. The issue was using an inefficient regular expression for this trimming operation.\r\n\r\nThe issue only occurs when the formatted JS object has a malicious `toStringTag`.\r\n\r\nThe issue has been resolved in versions 3.0.0 and 2.6.9, but was re-introduced by regression refactor from version 3.2.0.", + "jfrog_research_severity": "Low", + "jfrog_research_severity_reasons": [ + { + "name": "No high-impact exploit or technical writeup were published, and exploitation of the issue with high impact is either non-trivial or completely unproven", + "description": "Although Regular Expression Denial-of-Service is thoroughly researched, exploiting this particular issue is quite complex and no PoC was published.", + "is_positive": true + }, + { + "name": "The reported CVSS was either wrongly calculated, downgraded by other vendors, or does not reflect the vulnerability's impact", + "description": "The CVSS does not reflect the contextual prerequisites required to exploit the vulnerability properly.", + "is_positive": true + }, + { + "name": "The prerequisites for exploiting the issue are extremely unlikely", + "description": "To exploit this issue:\r\n1. The attacker must find a way to pass input to 'debug-js' logger.\r\n2. The log message must have a specific vulnerable formatter `%o`\r\n3. The attacker input must propagate into a JS Object that has a `toStringTag`, as normal objects with a simple key and value aren't vulnerable.", + "is_positive": true + } + ] + } + }, + { + "cves": [ + { + "cve": "CVE-2020-28500", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.", + "severity": "Medium", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-140562", + "references": [ + "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8", + "https://github.com/lodash/lodash/pull/5065", + "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893", + "https://snyk.io/vuln/SNYK-JS-LODASH-1018905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://security.netapp.com/advisory/ntap-20210312-0006/", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "extended_information": { + "short_description": "ReDoS in lodash could lead to a denial of service when handling untrusted strings.", + "full_description": "JavaScript-based applications that use [lodash](https://github.com/lodash/lodash) and specifically the [_.toNumber](https://lodash.com/docs/4.17.15#toNumber), [_.trim](https://lodash.com/docs/4.17.15#trim) and [_.trimEnd](https://lodash.com/docs/4.17.15#trimEnd) functions, could be vulnerable to DoS (Denial of Service) through a faulty regular expression that introduces a ReDoS (Regular Expression DoS) vulnerability. This vulnerability is only triggered if untrusted user input flows into these vulnerable functions and the attacker can supply arbitrary long strings (over 50kB) that contain whitespaces. \r\n\r\nOn a modern Core i7-based system, calling the vulnerable functions with a 50kB string could take between 2 to 3 seconds to execute and 4.5 minutes for a longer 500kB string. The fix improved the regular expression performance so it took only a few milliseconds on the same Core i7-based system. This vulnerability is easily exploitable as all is required is to build a string that triggers it as can be seen in this PoC reproducing code - \r\n\r\n```js\r\nvar untrusted_user_input_50k = \"a\" + ' '.repeat(50000) + \"z\"; // assume this is provided over the network\r\nlo.trimEnd(untrusted_user_input_50k); // should take a few seconds to run\r\nvar untrusted_user_input_500k = \"a\" + ' '.repeat(500000) + \"z\"; // assume this is provided over the network\r\nlo.trimEnd(untrusted_user_input_500k); // should take a few minutes to run\r\n```", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "The issue has an exploit published", + "description": "Public exploit demonstrated ReDoS" + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "Exploitation depends on parsing user input by the `.toNumber`, `.trim` or `.trimEnd` `lodash` functions, and requires the input to contain whitespaces and be very long (over 50KB)", + "is_positive": true + } + ], + "remediation": "##### Deployment mitigations\n\nTrim untrusted strings based on size before providing it to the vulnerable functions by using the `substring` function to with a fixed maximum size like so - ```js untrusted_user_input.substring(0, max_string_size_less_than_50kB); ```" + } + }, + { + "cves": [ + { + "cve": "CVE-2018-3721", + "cvss_v2_score": "4.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N", + "cvss_v3_score": "6.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" + } + ], + "summary": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.", + "severity": "Medium", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-72918", + "references": [ + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a", + "https://hackerone.com/reports/310443" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-1010266", + "cvss_v2_score": "4.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P", + "cvss_v3_score": "6.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.", + "severity": "Medium", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-85049", + "references": [ + "https://github.com/lodash/lodash/wiki/Changelog", + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://github.com/lodash/lodash/issues/3359", + "https://snyk.io/vuln/SNYK-JS-LODASH-73639" + ] + }, + { + "cves": [ + { + "cve": "CVE-2019-10744", + "cvss_v2_score": "6.4", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P", + "cvss_v3_score": "9.1", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" + } + ], + "summary": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.", + "severity": "Critical", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-85679", + "references": [ + "https://security.netapp.com/advisory/ntap-20191004-0005/", + "https://snyk.io/vuln/SNYK-JS-LODASH-450202", + "https://support.f5.com/csp/article/K47105354?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/security-alerts/cpuoct2020.html", + "https://access.redhat.com/errata/RHSA-2019:3024" + ], + "extended_information": { + "short_description": "Insufficient input validation in lodash defaultsDeep() leads to prototype pollution.", + "full_description": "[lodash](https://www.npmjs.com/package/lodash) is a modern JavaScript utility library delivering modularity, performance, \u0026 extras.\r\n\r\nThe function `defaultsDeep` was found to be vulnerable to prototype pollution, when accepting arbitrary source objects from untrusted input\r\n\r\nExample of code vulnerable to this issue - \r\n```js\r\nconst lodash = require('lodash'); \r\nconst evilsrc = {constructor: {prototype: {evilkey: \"evilvalue\"}}};\r\nlodash.defaultsDeep({}, evilsrc)\r\n```", + "jfrog_research_severity": "High", + "jfrog_research_severity_reasons": [ + { + "name": "The issue has an exploit published", + "description": "A public PoC demonstrates exploitation of this issue" + }, + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "description": "A prototype pollution attack allows the attacker to inject new properties to all JavaScript objects (but not set existing properties).\r\nTherefore, the impact of a prototype pollution attack depends on the way the JavaScript code uses any object properties after the attack is triggered.\r\nUsually, a DoS attack is possible since invalid properties quickly lead to an exception being thrown. In more severe cases, RCE may be achievable.", + "is_positive": true + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "An attacker must find remote input that propagates into the `defaultsDeep` method (2nd arg)", + "is_positive": true + } + ], + "remediation": "##### Development mitigations\n\nAdd the `Object.freeze(Object.prototype);` directive once at the beginning of your main JS source code file (ex. `index.js`), preferably after all your `require` directives. This will prevent any changes to the prototype object, thus completely negating prototype pollution attacks." + } + }, + { + "cves": [ + { + "cve": "CVE-2018-16487", + "cvss_v2_score": "6.8", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "5.6", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ], + "summary": "A prototype pollution vulnerability was found in lodash \u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.", + "severity": "Medium", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-75300", + "references": [ + "https://security.netapp.com/advisory/ntap-20190919-0004/", + "https://hackerone.com/reports/380873" + ], + "extended_information": { + "short_description": "Insufficient input validation in the Lodash library leads to prototype pollution.", + "full_description": "The [Lodash](https://lodash.com/) library is an open-source JavaScript project that simplifies operations on string, arrays, numbers, and other objects. It is widely used in connected devices. \r\n\r\nThe `merge`, `mergeWith`, and `defaultsDeep` methods in Lodash are vulnerable to [prototype pollution](https://shieldfy.io/security-wiki/prototype-pollution/introduction-to-prototype-pollution/). Attackers can exploit this vulnerability by specifying a crafted `sources` parameter to any of these methods, which can modify the prototype properties of the `Object`, `Function`, `Array`, `String`, `Number`, and `Boolean` objects. A public [exploit](https://hackerone.com/reports/380873) exists which performs the prototype pollution with an arbitrary key and value.\r\n\r\nThe library implementation has a bug in the `safeGet()` function in the `lodash.js` module that allows for adding or modifying `prototype` properties of various objects. The official [solution](https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad) fixes the bug by explicitly forbidding the addition or modification of `prototype` properties.\r\n\r\nA related CVE (CVE-2018-3721) covers the same issue prior to Lodash version 4.17.5, but the fix for that was incomplete.", + "jfrog_research_severity": "High", + "jfrog_research_severity_reasons": [ + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "An attacker must find remote input that propagates into one of the following methods - \r\n* `merge` - 2nd argument\r\n* `mergeWith` - 2nd argument\r\n* `defaultsDeep` - 2nd argument", + "is_positive": true + }, + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "description": "A prototype pollution attack allows the attacker to inject new properties to all JavaScript objects (but not set existing properties).\r\nTherefore, the impact of a prototype pollution attack depends on the way the JavaScript code uses any object properties after the attack is triggered.\r\nUsually, a DoS attack is possible since invalid properties quickly lead to an exception being thrown. In more severe cases, RCE may be achievable.", + "is_positive": true + }, + { + "name": "The issue has an exploit published", + "description": "A public PoC demonstrated exploitation by injecting an attacker controlled key and value into the prototype" + } + ], + "remediation": "##### Development mitigations\n\nAdd the `Object.freeze(Object.prototype);` directive once at the beginning of your main JS source code file (ex. `index.js`), preferably after all your `require` directives. This will prevent any changes to the prototype object, thus completely negating prototype pollution attacks." + } + }, + { + "cves": [ + { + "cve": "CVE-2020-8203", + "cvss_v2_score": "5.8", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P", + "cvss_v3_score": "7.4", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" + } + ], + "summary": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.", + "severity": "High", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-114089", + "references": [ + "https://security.netapp.com/advisory/ntap-20200724-0006/", + "https://github.com/lodash/lodash/issues/4874", + "https://hackerone.com/reports/712065", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.oracle.com//security-alerts/cpujul2021.html" + ], + "extended_information": { + "short_description": "Prototype pollution in lodash object merging and zipping functions leads to code injection.", + "full_description": "[lodash](https://lodash.com/) is a JavaScript library which provides utility functions for common programming tasks.\r\n\r\nJavaScript frontend and Node.js-based backend applications that merge or zip objects using the lodash functions `mergeWith`, `merge` and `zipObjectDeep` are vulnerable to [prototype pollution](https://medium.com/node-modules/what-is-prototype-pollution-and-why-is-it-such-a-big-deal-2dd8d89a93c) if one or more of the objects it receives as arguments are obtained from user input. \r\nAn attacker controlling this input given to the vulnerable functions can inject properties to JavaScript special objects such as [Object.prototype](https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/Object_prototypes) from which all JavaScript objects inherit properties and methods. Any change on `Object.prototype` properties will then propagate through the prototype chain inheritance to all of the objects in a JavaScript application. This in turn would allow an attacker to add new properties or modify existing properties which will have application specific implications that could lead to DoS (denial of service), authentication bypass, privilege escalation and even RCE (remote code execution) in [some cases](https://youtu.be/LUsiFV3dsK8?t=1152). \r\nAs an example for privilege escalation, consider a JavaScript application that has a `user` object which has a Boolean property of `user.isAdmin` which is used to decide which actions the user may take. If an attacker can modify or add the `isAdmin` property through prototype pollution, it can escalate the privileges of its own user to those of an admin. \r\nAs exploitation is usually application specific, successful exploitation is much more likely if an attacker have access to the JavaScript application code. As such, frontend applications are more vulnerable to this vulnerability than Node.js backend applications.", + "jfrog_research_severity": "Critical", + "jfrog_research_severity_reasons": [ + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "is_positive": true + }, + { + "name": "The issue can be exploited by attackers over the network" + }, + { + "name": "The issue is trivial to exploit and does not require a published writeup or PoC" + } + ], + "remediation": "##### Deployment mitigations\n\nAs general guidelines against prototype pollution, first consider not merging objects originating from user input or using a Map structure instead of an object. If merging objects is needed, look into creating objects without a prototype with `Object.create(null)` or into freezing `Object.prototype` with `Object.freeze()`. Finally, it is always best to perform input validation with a a [JSON schema validator](https://github.com/ajv-validator/ajv), which could mitigate this issue entirely in many cases." + } + }, + { + "cves": [ + { + "cve": "CVE-2021-23337", + "cvss_v2_score": "6.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P", + "cvss_v3_score": "7.2", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.", + "severity": "High", + "components": { + "npm://lodash:2.4.2": { + "fixed_versions": [ + "[4.17.21]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://lodash:2.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-140575", + "references": [ + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://security.netapp.com/advisory/ntap-20210312-0006/", + "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851", + "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931", + "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929", + "https://snyk.io/vuln/SNYK-JS-LODASH-1040724", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "extended_information": { + "short_description": "Improper sanitization in the lodash template function leads to JavaScript code injection through the options argument.", + "full_description": "JavaScript-based applications (both frontend and backend) that use the [template function](https://lodash.com/docs/4.17.15#template) -`_.template([string=''], [options={}])` from the [lodash](https://lodash.com/) utility library and provide the `options` argument (specifically the `variable` option) from untrusted user input, are vulnerable to JavaScript code injection. This issue can be easily exploited, and an exploitation example is [publicly available](https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c#diff-a561630bb56b82342bc66697aee2ad96efddcbc9d150665abd6fb7ecb7c0ab2fR22303) in the fix tests that was introduced in version 4.17.21 - \r\n```js\r\nlodash.template('', { variable: '){console.log(process.env)}; with(obj' })()\r\n```", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "The prerequisites for exploiting the issue are extremely unlikely", + "description": "It is highly unlikely that a JS program will accept arbitrary remote input into the template's `options` argument", + "is_positive": true + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "The attacker must find remote input that propagates into the `options` argument of a `template` call", + "is_positive": true + }, + { + "name": "The issue results in a severe impact (such as remote code execution)", + "description": "Leads to remote code execution through JS code injection" + }, + { + "name": "The issue has an exploit published", + "description": "Published exploit demonstrates arbitrary JS code execution" + } + ] + } + }, + { + "cves": [ + { + "cve": "CVE-2022-33987", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "summary": "The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.", + "severity": "Medium", + "components": { + "npm://got:6.7.1": { + "fixed_versions": [ + "[11.8.5]", + "[12.1.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://update-notifier:2.5.0" + }, + { + "component_id": "npm://latest-version:3.1.0" + }, + { + "component_id": "npm://package-json:4.0.1" + }, + { + "component_id": "npm://got:6.7.1" + } + ] + ] + } + }, + "issue_id": "XRAY-229041", + "references": [ + "https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0", + "https://github.com/sindresorhus/got/pull/2047", + "https://github.com/sindresorhus/got/releases/tag/v11.8.5" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-16042", + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "cvss_v3_score": "9.8", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "summary": "Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.", + "severity": "Critical", + "components": { + "npm://growl:1.9.2": { + "fixed_versions": [ + "[1.10.0]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-mocha-test:0.12.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://jade:0.26.3" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://mocha:2.5.3" + }, + { + "component_id": "npm://growl:1.9.2" + } + ] + ] + } + }, + "issue_id": "XRAY-72713", + "references": [ + "https://github.com/tj/node-growl/issues/60", + "https://github.com/tj/node-growl/pull/61", + "https://nodesecurity.io/advisories/146" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-33623", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.", + "severity": "High", + "components": { + "npm://trim-newlines:1.0.0": { + "fixed_versions": [ + "[3.0.1]", + "[4.0.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-concurrent:2.3.1" + }, + { + "component_id": "npm://pad-stream:1.2.0" + }, + { + "component_id": "npm://meow:3.7.0" + }, + { + "component_id": "npm://trim-newlines:1.0.0" + } + ] + ] + } + }, + "issue_id": "XRAY-176887", + "references": [ + "https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1", + "https://security.netapp.com/advisory/ntap-20210702-0007/", + "https://www.npmjs.com/package/trim-newlines", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html" + ] + }, + { + "cves": [ + { + "cve": "CVE-2023-25345", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "summary": "Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.", + "severity": "High", + "components": { + "npm://swig:1.4.2": { + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://swig:1.4.2" + } + ] + ] + } + }, + "issue_id": "XRAY-427909", + "references": [ + "https://github.com/node-swig/swig-templates/issues/88" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-21681" + } + ], + "summary": "Inefficient Regular Expression Complexity in marked", + "severity": "High", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-N57", + "references": [ + "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", + "- https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21681\n- https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\n- https://github.com/advisories/GHSA-5v2h-r2cx-5xgj" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "4.3", + "cvss_v2_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "5.3", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "summary": "marked Package for Node.js lib/marked.js heading Regular Expression Handling CPU Consumption DoS", + "severity": "Medium", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-84782", + "references": [ + "https://github.com/markedjs/marked/commit/09afabf69c6d0c919c03443f47bdfe476566105d", + "https://github.com/markedjs/marked/pull/1224" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-21680", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.", + "severity": "High", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-194626", + "references": [ + "https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/", + "https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0", + "https://github.com/markedjs/marked/releases/tag/v4.0.10" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-21680" + } + ], + "summary": "Inefficient Regular Expression Complexity in marked", + "severity": "High", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-N58", + "references": [ + "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", + "- https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21680\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/markedjs/marked/releases/tag/v4.0.10\n- https://github.com/advisories/GHSA-rrrm-qjm4-v8hf" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-21681", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.", + "severity": "High", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-194711", + "references": [ + "https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/", + "https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5" + ] + }, + { + "cves": [ + { + "cvss_v2_score": "7.1", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C" + } + ], + "summary": "marked lib/marked.js inline() Function Regular Expresssion Handling DoS", + "severity": "High", + "components": { + "npm://marked:0.3.9": { + "fixed_versions": [ + "[0.3.18]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://marked:0.3.9" + } + ] + ] + } + }, + "issue_id": "XRAY-78213", + "references": [ + "https://github.com/markedjs/marked/issues/1058", + "https://github.com/markedjs/marked/files/1735164/example.txt", + "https://github.com/Feder1co5oave/marktex/commit/d30c6cef0ae7645390bccb00a01a428693073b60", + "https://github.com/markedjs/marked/pull/1083", + "https://github.com/markedjs/marked/issues/1070", + "https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485", + "https://github.com/markedjs/marked/releases/tag/v0.3.17", + "https://snyk.io/vuln/npm:marked:20180225" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-23440" + } + ], + "summary": "Prototype Pollution in set-value", + "severity": "High", + "components": { + "npm://set-value:2.0.1": { + "fixed_versions": [ + "[4.0.1,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://forever:0.15.3" + }, + { + "component_id": "npm://forever-monitor:1.7.2" + }, + { + "component_id": "npm://chokidar:1.7.0" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://anymatch:2.0.0" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://cache-base:1.0.1" + }, + { + "component_id": "npm://union-value:1.0.1" + }, + { + "component_id": "npm://get-value:2.0.6" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://cache-base:1.0.1" + }, + { + "component_id": "npm://set-value:2.0.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://extglob:2.0.4" + }, + { + "component_id": "npm://expand-brackets:2.1.4" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://source-map-resolve:0.5.3" + }, + { + "component_id": "npm://atob:2.1.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + }, + { + "component_id": "npm://split-string:3.1.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://chokidar:2.1.8" + }, + { + "component_id": "npm://readdirp:2.2.1" + }, + { + "component_id": "npm://micromatch:3.1.10" + }, + { + "component_id": "npm://braces:2.3.2" + }, + { + "component_id": "npm://snapdragon:0.8.2" + }, + { + "component_id": "npm://base:0.11.2" + }, + { + "component_id": "npm://mixin-deep:1.3.2" + }, + { + "component_id": "npm://for-in:1.0.2" + } + ] + ] + } + }, + "issue_id": "XRAY-N36", + "references": [ + "https://github.com/advisories/GHSA-4jqc-8m5r-9rpr", + "- https://nvd.nist.gov/vuln/detail/CVE-2021-23440\n- https://github.com/advisories/GHSA-4jqc-8m5r-9rpr" + ] + }, + { + "cves": [ + { + "cve": "CVE-2016-2515", + "cvss_v2_score": "7.8", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.", + "severity": "High", + "components": { + "npm://hawk:1.0.0": { + "fixed_versions": [ + "[3.1.3]", + "[4.1.1]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ] + ] + } + }, + "issue_id": "XRAY-73076", + "references": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1309721", + "https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa", + "https://github.com/hueniverse/hawk/issues/168", + "https://nodesecurity.io/advisories/77", + "http://www.openwall.com/lists/oss-security/2016/02/20/1", + "http://www.openwall.com/lists/oss-security/2016/02/20/2" + ] + }, + { + "cves": [ + { + "cve": "CVE-2017-16138", + "cvss_v2_score": "5.0", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss_v3_score": "7.5", + "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "summary": "The mime module \u003c 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.", + "severity": "High", + "components": { + "npm://mime:1.2.11": { + "fixed_versions": [ + "[1.4.1]", + "[2.0.3]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://hawk:1.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://zaproxy:0.2.0" + }, + { + "component_id": "npm://request:2.36.0" + }, + { + "component_id": "npm://form-data:0.1.4" + }, + { + "component_id": "npm://mime:1.2.11" + } + ] + ] + } + }, + "issue_id": "XRAY-72686", + "references": [ + "https://github.com/broofa/node-mime/issues/167", + "https://nodesecurity.io/advisories/535" + ] + }, + { + "cves": [ + { + "cve": "CVE-2021-3807" + } + ], + "summary": " Inefficient Regular Expression Complexity in chalk/ansi-regex", + "severity": "Medium", + "components": { + "npm://ansi-regex:3.0.1": { + "fixed_versions": [ + "[5.0.1,)" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://update-notifier:2.5.0" + }, + { + "component_id": "npm://boxen:1.3.0" + }, + { + "component_id": "npm://ansi-align:2.0.0" + }, + { + "component_id": "npm://string-width:2.1.1" + }, + { + "component_id": "npm://strip-ansi:4.0.0" + }, + { + "component_id": "npm://ansi-regex:3.0.1" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://update-notifier:2.5.0" + }, + { + "component_id": "npm://boxen:1.3.0" + }, + { + "component_id": "npm://cli-boxes:1.0.0" + }, + { + "component_id": "npm://execa:0.7.0" + }, + { + "component_id": "npm://get-stream:3.0.0" + } + ], + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-nodemon:0.4.2" + }, + { + "component_id": "npm://nodemon:1.19.4" + }, + { + "component_id": "npm://update-notifier:2.5.0" + }, + { + "component_id": "npm://boxen:1.3.0" + }, + { + "component_id": "npm://widest-line:2.0.1" + }, + { + "component_id": "npm://string-width:2.1.1" + }, + { + "component_id": "npm://strip-ansi:4.0.0" + }, + { + "component_id": "npm://ansi-regex:3.0.1" + } + ] + ] + } + }, + "issue_id": "XRAY-N33", + "references": [ + "https://github.com/advisories/GHSA-93q8-gq69-wqmw", + "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw" + ] + }, + { + "cves": [ + { + "cve": "CVE-2018-1002204", + "cvss_v2_score": "4.3", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N", + "cvss_v3_score": "5.5", + "cvss_v3_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } + ], + "summary": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.", + "severity": "Medium", + "components": { + "npm://adm-zip:0.4.4": { + "fixed_versions": [ + "[0.4.11]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://selenium-webdriver:2.53.3" + }, + { + "component_id": "npm://adm-zip:0.4.4" + } + ] + ] + } + }, + "issue_id": "XRAY-73112", + "references": [ + "http://www.securityfocus.com/bid/107001", + "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25", + "https://github.com/cthackers/adm-zip/pull/212", + "https://github.com/snyk/zip-slip-vulnerability", + "https://snyk.io/research/zip-slip-vulnerability", + "https://snyk.io/vuln/npm:adm-zip:20180415" + ] + }, + { + "summary": "Improper Privilege Management in shelljs", + "severity": "Medium", + "components": { + "npm://shelljs:0.3.0": { + "fixed_versions": [ + "[0.8.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-jshint:1.1.0" + }, + { + "component_id": "npm://jshint:2.9.7" + }, + { + "component_id": "npm://cli:1.0.1" + } + ] + ] + } + }, + "issue_id": "XRAY-N59", + "references": [ + "https://github.com/advisories/GHSA-64g7-mvw6-v9qj", + "- https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n- https://github.com/advisories/GHSA-64g7-mvw6-v9qj" + ] + }, + { + "summary": "Improper Privilege Management in shelljs", + "severity": "Medium", + "components": { + "npm://shelljs:0.3.0": { + "fixed_versions": [ + "[0.8.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-jshint:1.1.0" + }, + { + "component_id": "npm://jshint:2.9.7" + }, + { + "component_id": "npm://cli:1.0.1" + } + ] + ] + } + }, + "issue_id": "XRAY-N60", + "references": [ + "https://github.com/advisories/GHSA-64g7-mvw6-v9qj", + "- https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n- https://github.com/advisories/GHSA-64g7-mvw6-v9qj" + ] + }, + { + "cves": [ + { + "cve": "CVE-2022-0144", + "cvss_v2_score": "3.6", + "cvss_v2_vector": "CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P", + "cvss_v3_score": "7.1", + "cvss_v3_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + } + ], + "summary": "shelljs is vulnerable to Improper Privilege Management", + "severity": "High", + "components": { + "npm://shelljs:0.3.0": { + "fixed_versions": [ + "[0.8.5]" + ], + "impact_paths": [ + [ + { + "component_id": "npm://desopmo:1.33.7" + }, + { + "component_id": "npm://grunt-contrib-jshint:1.1.0" + }, + { + "component_id": "npm://jshint:2.9.7" + }, + { + "component_id": "npm://cli:1.0.1" + } + ] + ] + } + }, + "issue_id": "XRAY-194227", + "references": [ + "https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c", + "https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c" + ], + "extended_information": { + "short_description": "Permissive file permissions in shelljs may lead to sensitive data leakage by local attackers.", + "full_description": "[ShellJS](https://www.npmjs.com/package/shelljs) is a portable (Windows/Linux/OS X) implementation of Unix shell commands on top of the Node.js API.\r\n\r\nArbitrary shell commands can be run with ShellJS's `shell.exec` API.\r\nShellJS creates temporary files for the executed command's outputs (stdout and stderr).\r\nSince the permissions for the generated stdout and stderr files is **world-readable**, local attackers may be able to read the outputs of commands run by other users, and leak sensitive data.\r\n\r\nFor example, if a user uses `shell.exec` to generate a secret key -\r\n```js\r\nvar shell = require('shelljs');\r\nvar secret = shell.exec(\"openssl rand -base64 32\").stdout;\r\n```\r\nA local attacker could read the temporary stdout file to get the user's secret key -\r\n```js\r\nwhile true; do cat /tmp/*; done\r\n```", + "jfrog_research_severity": "Medium", + "jfrog_research_severity_reasons": [ + { + "name": "The issue is trivial to exploit and does not require a published writeup or PoC", + "description": "The vulnerability simply requires attackers to read the `/tmp` directory" + }, + { + "name": "The issue can only be exploited by an attacker that can execute code on the vulnerable machine (excluding exceedingly rare circumstances)", + "description": "The attacker must be running code on the system, to read the `/tmp` directory", + "is_positive": true + }, + { + "name": "The impact of exploiting the issue depends on the context of surrounding software. A severe impact such as RCE is not guaranteed.", + "description": "The security impact of this issue depends on what kind of data gets leaked by the local attacker. In the worst case, the leaked data would allow privilege escalation or remote code execution on other machines.", + "is_positive": true + }, + { + "name": "Exploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector", + "description": "One of the system's user must run a command with a sensitive data output, for example - `var secret = shell.exec(\"openssl rand -base64 32\");`", + "is_positive": true + }, + { + "name": "The prerequisites for exploiting the issue are either extremely common or nonexistent (always exploitable)", + "description": "`shell.exec` is highly likely to be called when the `ShellJS` package is in use" + } + ] + } + } + ], + "component_id": "root", + "package_type": "Generic", + "status": "completed" + } +] diff --git a/unittests/scans/jfrog_xray_on_demand_binary_scan/one_vuln.json b/unittests/scans/jfrog_xray_on_demand_binary_scan/one_vuln.json new file mode 100644 index 00000000000..b99746759fd --- /dev/null +++ b/unittests/scans/jfrog_xray_on_demand_binary_scan/one_vuln.json @@ -0,0 +1,44 @@ +[ + { + "scan_id": "dd8f-4927-5db6-fb188ae8d984", + "vulnerabilities": [ + { + "cves": [ + { + "cve": "CVE-2014-0114", + "cvss_v2_score": "7.5", + "cvss_v2_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ], + "summary": "Summary test", + "severity": "High", + "components": { + "gav://test": { + "fixed_versions": [ + "[1.9.4]" + ], + "impact_paths": [ + [ + { + "component_id": "gav://co.com.test.test:core:1.0.0-test" + }, + { + "component_id": "gav://test", + "full_path": "lib/commons-beanutils-1.9.2.jar" + } + ] + ] + } + }, + "issue_id": "XRAY-55616", + "references": [ + "https://test.com.co" + ] + } + ], + "component_id": "gav://co.com.test.test:core:1.0.0-test", + "package_type": "Maven", + "status": "completed" + } + ] + diff --git a/unittests/scans/kiuwan/issue_9308.csv b/unittests/scans/kiuwan/issue_9308.csv new file mode 100644 index 00000000000..6ff8c197e18 --- /dev/null +++ b/unittests/scans/kiuwan/issue_9308.csv @@ -0,0 +1,3 @@ +Rule code,Rule,Priority,CWE,Software characteristic,Vulnerability type,Language,Effort,File,Line number,Line text,Source file,Source line number,Source line text,Muted,Normative,Status,CWE Scope,Framework +OPT.JAVASCRIPT.ERRORCOMUN.UnusedLocalVar,Avoid unused local variable,High,101,Maintainability,Other,Typescript,03m,file.js,12,self = this,,,,No,"Agile Alliance:Concise-CDED,CWE:563",none,, +OPT.JAVASCRIPT.ERRORCOMUN.UnusedLocalVar,Avoid unused local variable,High,101,Maintainability,Other,Typescript,03m,another-file.js,12,self = this,,,,No,"Agile Alliance:Concise-CDED,CWE:563",none,, diff --git a/unittests/scans/kiuwan/kiuwan_defects.csv b/unittests/scans/kiuwan/kiuwan_defects.csv new file mode 100644 index 00000000000..87c6de3873c --- /dev/null +++ b/unittests/scans/kiuwan/kiuwan_defects.csv @@ -0,0 +1,2 @@ +Rule code,Rule,Priority,Software characteristic,Language,Effort,File,Line number,Line text,Source file,Source line number,Source line text,Muted,Normative,Status,CWE Scope,Framework +OPT.PLSQL.GEN_PLSQL.VAR2,"Define variables as VARCHAR2, nor as VARCHAR",Very High,Efficiency,PL-SQL,03m,file.sql,3," userid varchar(250),",,,,No,,none,, diff --git a/unittests/scans/kiuwan_sample/kiuwan_many_vuln.csv b/unittests/scans/kiuwan/kiuwan_many_vuln.csv similarity index 100% rename from unittests/scans/kiuwan_sample/kiuwan_many_vuln.csv rename to unittests/scans/kiuwan/kiuwan_many_vuln.csv diff --git a/unittests/scans/kiuwan_sample/kiuwan_no_vuln.csv b/unittests/scans/kiuwan/kiuwan_no_vuln.csv similarity index 100% rename from unittests/scans/kiuwan_sample/kiuwan_no_vuln.csv rename to unittests/scans/kiuwan/kiuwan_no_vuln.csv diff --git a/unittests/scans/kiuwan_sample/kiuwan_two_vuln.csv b/unittests/scans/kiuwan/kiuwan_two_vuln.csv similarity index 100% rename from unittests/scans/kiuwan_sample/kiuwan_two_vuln.csv rename to unittests/scans/kiuwan/kiuwan_two_vuln.csv diff --git a/unittests/scans/kubeaudit/kubeaudit.json b/unittests/scans/kubeaudit/kubeaudit.json new file mode 100644 index 00000000000..d285f4c6b93 --- /dev/null +++ b/unittests/scans/kubeaudit/kubeaudit.json @@ -0,0 +1,70 @@ +{"AuditResultName":"DeprecatedAPIUsed","DeprecatedMajor":"1","DeprecatedMinor":"19","IntroducedMajor":"1","IntroducedMinor":"0","ResourceApiVersion":"v1","ResourceKind":"ComponentStatus","ResourceName":"controller-manager","level":"warning","msg":"v1 ComponentStatus is deprecated in v1.19+, introduced in v1.0+","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"DeprecatedAPIUsed","DeprecatedMajor":"1","DeprecatedMinor":"19","IntroducedMajor":"1","IntroducedMinor":"0","ResourceApiVersion":"v1","ResourceKind":"ComponentStatus","ResourceName":"scheduler","level":"warning","msg":"v1 ComponentStatus is deprecated in v1.19+, introduced in v1.0+","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"DeprecatedAPIUsed","DeprecatedMajor":"1","DeprecatedMinor":"19","IntroducedMajor":"1","IntroducedMinor":"0","ResourceApiVersion":"v1","ResourceKind":"ComponentStatus","ResourceName":"etcd-0","level":"warning","msg":"v1 ComponentStatus is deprecated in v1.19+, introduced in v1.0+","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"storage-provisioner","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/storage-provisioner' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"NamespaceHostNetworkTrue","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"hostNetwork is set to 'true' in PodSpec. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"RunAsNonRootPSCNilCSCNil","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"runAsNonRoot should be set to true or runAsUser should be set to a value \u003e 0 either in the container SecurityContext or PodSecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AllowPrivilegeEscalationNil","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"allowPrivilegeEscalation not set which allows privilege escalation. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"storage-provisioner","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"v1","ResourceKind":"Pod","ResourceName":"storage-provisioner","ResourceNamespace":"kube-system","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"MissingDefaultDenyIngressAndEgressNetworkPolicy","Namespace":"default","ResourceApiVersion":"v1","ResourceKind":"Namespace","ResourceName":"default","level":"error","msg":"Namespace is missing a default deny ingress and egress NetworkPolicy.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"MissingDefaultDenyIngressAndEgressNetworkPolicy","Namespace":"ingress-nginx","ResourceApiVersion":"v1","ResourceKind":"Namespace","ResourceName":"ingress-nginx","level":"error","msg":"Namespace is missing a default deny ingress and egress NetworkPolicy.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"MissingDefaultDenyIngressAndEgressNetworkPolicy","Namespace":"kube-node-lease","ResourceApiVersion":"v1","ResourceKind":"Namespace","ResourceName":"kube-node-lease","level":"error","msg":"Namespace is missing a default deny ingress and egress NetworkPolicy.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"MissingDefaultDenyIngressAndEgressNetworkPolicy","Namespace":"kube-public","ResourceApiVersion":"v1","ResourceKind":"Namespace","ResourceName":"kube-public","level":"error","msg":"Namespace is missing a default deny ingress and egress NetworkPolicy.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"MissingDefaultDenyIngressAndEgressNetworkPolicy","Namespace":"kube-system","ResourceApiVersion":"v1","ResourceKind":"Namespace","ResourceName":"kube-system","level":"error","msg":"Namespace is missing a default deny ingress and egress NetworkPolicy.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"httpbin","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/httpbin' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ImageTagMissing","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"warning","msg":"Image tag is missing.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"RunAsNonRootPSCNilCSCNil","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"runAsNonRoot should be set to true or runAsUser should be set to a value \u003e 0 either in the container SecurityContext or PodSecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AllowPrivilegeEscalationNil","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"allowPrivilegeEscalation not set which allows privilege escalation. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"httpbin","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"httpbin","ResourceNamespace":"default","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"sidecar-injector","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/sidecar-injector","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"vault-agent-injector","ResourceNamespace":"default","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/sidecar-injector' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"sidecar-injector","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"vault-agent-injector","ResourceNamespace":"default","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"sidecar-injector","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"vault-agent-injector","ResourceNamespace":"default","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"sidecar-injector","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"vault-agent-injector","ResourceNamespace":"default","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"vault-agent-injector","ResourceNamespace":"default","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"controller","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/controller","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/controller' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityAdded","Container":"controller","Metadata":"NET_BIND_SERVICE","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"error","msg":"Capability \"NET_BIND_SERVICE\" added. It should be removed from the capability add list. If you need this capability, add an override label such as 'container.kubeaudit.io/controller.allow-capability-net-bind-service: SomeReason'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"controller","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AllowPrivilegeEscalationTrue","Container":"controller","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"error","msg":"allowPrivilegeEscalation set to 'true'. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"controller","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"controller","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"ingress-nginx-controller","ResourceNamespace":"ingress-nginx","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"coredns","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/coredns","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/coredns' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityAdded","Container":"coredns","Metadata":"NET_BIND_SERVICE","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"error","msg":"Capability \"NET_BIND_SERVICE\" added. It should be removed from the capability add list. If you need this capability, add an override label such as 'container.kubeaudit.io/coredns.allow-capability-net-bind-service: SomeReason'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsCPUNotSet","Container":"coredns","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"warning","msg":"Resource CPU limit not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"RunAsNonRootPSCNilCSCNil","Container":"coredns","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"error","msg":"runAsNonRoot should be set to true or runAsUser should be set to a value \u003e 0 either in the container SecurityContext or PodSecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"coredns","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"Deployment","ResourceName":"coredns","ResourceNamespace":"kube-system","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"vault","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/vault","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/vault' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"vault","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"vault","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"vault","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"vault","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"StatefulSet","ResourceName":"vault","ResourceNamespace":"default","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"kube-proxy","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/kube-proxy' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"NamespaceHostNetworkTrue","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"hostNetwork is set to 'true' in PodSpec. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"RunAsNonRootPSCNilCSCNil","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"runAsNonRoot should be set to true or runAsUser should be set to a value \u003e 0 either in the container SecurityContext or PodSecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AllowPrivilegeEscalationNil","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"allowPrivilegeEscalation not set which allows privilege escalation. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedTrue","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"privileged is set to 'true' in container SecurityContext. It should be set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"kube-proxy","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"apps/v1","ResourceKind":"DaemonSet","ResourceName":"kube-proxy","ResourceNamespace":"kube-system","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"create","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/create","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/create' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"create","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"create","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"create","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"create","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-create","ResourceNamespace":"ingress-nginx","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"AppArmorAnnotationMissing","Container":"patch","MissingAnnotation":"container.apparmor.security.beta.kubernetes.io/patch","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"error","msg":"AppArmor annotation missing. The annotation 'container.apparmor.security.beta.kubernetes.io/patch' should be added.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"CapabilityOrSecurityContextMissing","Container":"patch","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"error","msg":"Security Context not set. The Security Context should be specified and all Capabilities should be dropped by setting the Drop list to ALL.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"LimitsNotSet","Container":"patch","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"warning","msg":"Resource limits not set.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"PrivilegedNil","Container":"patch","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"warning","msg":"privileged is not set in container SecurityContext. Privileged defaults to 'false' but it should be explicitly set to 'false'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"ReadOnlyRootFilesystemNil","Container":"patch","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"error","msg":"readOnlyRootFilesystem is not set in container SecurityContext. It should be set to 'true'.","time":"2023-11-23T18:43:58+01:00"} +{"AuditResultName":"SeccompProfileMissing","ResourceApiVersion":"batch/v1","ResourceKind":"Job","ResourceName":"ingress-nginx-admission-patch","ResourceNamespace":"ingress-nginx","level":"error","msg":"Pod Seccomp profile is missing. Seccomp profile should be added to the pod SecurityContext.","time":"2023-11-23T18:43:58+01:00"} \ No newline at end of file diff --git a/unittests/scans/kubehunter/dupe.json b/unittests/scans/kubehunter/dupe.json new file mode 100644 index 00000000000..7d260938a00 --- /dev/null +++ b/unittests/scans/kubehunter/dupe.json @@ -0,0 +1 @@ +{"nodes": [{"type": "Node/Master", "location": "10.1.1.1"}, {"type": "Node/Master", "location": "10.2.2.0"}], "services": [{"service": "Kubelet API (readonly)", "location": "10.0.1.1:10255"}, {"service": "Kubelet API", "location": "10.0.1.1:10250"}, {"service": "API Server", "location": "10.0.0.1:443"}], "vulnerabilities": [{"location": "10.0.1.1:10255", "vid": "KHV044", "category": "Privilege Escalation // Privileged container", "severity": "high", "vulnerability": "Privileged Container", "description": "A Privileged container exist on a node\n could expose the node/cluster to unwanted root operations", "evidence": "pod: kube-proxy, container: kube-proxy, count: 1", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv044/", "hunter": "Kubelet Readonly Ports Hunter"},{"location": "10.0.1.1:10255", "vid": "KHV044", "category": "Privilege Escalation // Privileged container", "severity": "high", "vulnerability": "Privileged Container", "description": "A Privileged container exist on a node\n could expose the node/cluster to unwanted root operations", "evidence": "pod: kube-proxy, container: kube-proxy, count: 1", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv044/", "hunter": "Kubelet Readonly Ports Hunter"}]} \ No newline at end of file diff --git a/unittests/scans/kubehunter/empty.json b/unittests/scans/kubehunter/empty.json new file mode 100644 index 00000000000..e69de29bb2d diff --git a/unittests/scans/kubehunter/kubehunter_many_vul.json b/unittests/scans/kubehunter/kubehunter_many_vul.json new file mode 100644 index 00000000000..4df395aa7ac --- /dev/null +++ b/unittests/scans/kubehunter/kubehunter_many_vul.json @@ -0,0 +1 @@ +{"nodes": [{"type": "Node/Master", "location": "10.1.1.1"}, {"type": "Node/Master", "location": "10.2.2.0"}], "services": [{"service": "Kubelet API (readonly)", "location": "10.0.1.1:10255"}, {"service": "Kubelet API", "location": "10.0.1.1:10250"}, {"service": "API Server", "location": "10.0.0.1:443"}], "vulnerabilities": [{"location": "Local to Pod (kube-hunter-5pmjs)", "vid": "KHV050", "category": "Credential Access // Access container service account", "severity": "low", "vulnerability": "Read access to pod's service account token", "description": "Accessing the pod service account token gives an attacker the option to use the server API", "evidence": "TOKEN", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv050/", "hunter": "Access Secrets"}, {"location": "Local to Pod (kube-hunter-5pmjs)", "vid": "None", "category": "Lateral Movement // ARP poisoning and IP spoofing", "severity": "medium", "vulnerability": "CAP_NET_RAW Enabled", "description": "CAP_NET_RAW is enabled by default for pods.\n If an attacker manages to compromise a pod,\n they could potentially take advantage of this capability to perform network\n attacks on other pods running on the same node", "evidence": "", "avd_reference": "https://avd.aquasec.com/kube-hunter/none/", "hunter": "Pod Capabilities Hunter"}, {"location": "Local to Pod (kube-hunter-5pmjs)", "vid": "None", "category": "Credential Access // Access container service account", "severity": "low", "vulnerability": "Access to pod's secrets", "description": "Accessing the pod's secrets within a compromised pod might disclose valuable data to a potential attacker", "evidence": "['/var/run/secrets/kubernetes.io/serviceaccount/namespace', '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt']", "avd_reference": "https://avd.aquasec.com/kube-hunter/none/", "hunter": "Access Secrets"}, {"location": "10.0.1.1:10255", "vid": "KHV044", "category": "Privilege Escalation // Privileged container", "severity": "high", "vulnerability": "Privileged Container", "description": "A Privileged container exist on a node\n could expose the node/cluster to unwanted root operations", "evidence": "pod: kube-proxy, container: kube-proxy, count: 1", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv044/", "hunter": "Kubelet Readonly Ports Hunter"}, {"location": "10.0.1.1:10255", "vid": "KHV043", "category": "Initial Access // General Sensitive Information", "severity": "low", "vulnerability": "Cluster Health Disclosure", "description": "By accessing the open /healthz handler,\n an attacker could get the cluster health state without authenticating", "evidence": "status: ok", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv043/", "hunter": "Kubelet Readonly Ports Hunter"}, {"location": "10.0.1.1:10255", "vid": "KHV052", "category": "Discovery // Access Kubelet API", "severity": "medium", "vulnerability": "Exposed Pods", "description": "An attacker could view sensitive information about pods that are\n bound to a Node using the /pods endpoint", "evidence": "count: 7", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv052/", "hunter": "Kubelet Readonly Ports Hunter"}, {"location": "10.0.0.1:443", "vid": "KHV002", "category": "Initial Access // Exposed sensitive interfaces", "severity": "high", "vulnerability": "K8s Version Disclosure", "description": "The kubernetes version could be obtained from the /version endpoint", "evidence": "v1", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv002/", "hunter": "Api Version Hunter"}, {"location": "10.16.0.1:443", "vid": "KHV005", "category": "Discovery // Access the K8S API Server", "severity": "medium", "vulnerability": "Access to API using service account token", "description": "The API Server port is accessible.\n Depending on your RBAC settings this could expose access to or control of your cluster.", "evidence": "b'{\"kind\":\"APIVersions\",\"versions\":[\"v1\"],\"serverAddressByClientCIDRs\":[{\"clientCIDR\":\"0.0.0.0/0\",\"serverAddress\":\"10.1.1.1:443\"}]}\\n'", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv005/", "hunter": "API Server Hunter"}]} diff --git a/unittests/scans/kubehunter/kubehunter_one_vul.json b/unittests/scans/kubehunter/kubehunter_one_vul.json new file mode 100644 index 00000000000..8c57a532883 --- /dev/null +++ b/unittests/scans/kubehunter/kubehunter_one_vul.json @@ -0,0 +1 @@ +{"nodes": [{"type": "Node/Master", "location": "10.1.1.1"}, {"type": "Node/Master", "location": "10.2.2.0"}], "services": [{"service": "Kubelet API (readonly)", "location": "10.0.1.1:10255"}, {"service": "Kubelet API", "location": "10.0.1.1:10250"}, {"service": "API Server", "location": "10.0.0.1:443"}], "vulnerabilities": [{"location": "10.0.1.1:10255", "vid": "KHV044", "category": "Privilege Escalation // Privileged container", "severity": "high", "vulnerability": "Privileged Container", "description": "A Privileged container exist on a node\n could expose the node/cluster to unwanted root operations", "evidence": "pod: kube-proxy, container: kube-proxy, count: 1", "avd_reference": "https://avd.aquasec.com/kube-hunter/khv044/", "hunter": "Kubelet Readonly Ports Hunter"}]} \ No newline at end of file diff --git a/unittests/scans/kubehunter/kubehunter_zero_vul.json b/unittests/scans/kubehunter/kubehunter_zero_vul.json new file mode 100644 index 00000000000..4837a706a0e --- /dev/null +++ b/unittests/scans/kubehunter/kubehunter_zero_vul.json @@ -0,0 +1 @@ +{"nodes": [{"type": "Node/Master", "location": "10.1.1.1"}, {"type": "Node/Master", "location": "10.2.2.0"}], "services": [{"service": "Kubelet API (readonly)", "location": "10.0.1.1:10255"}, {"service": "Kubelet API", "location": "10.0.1.1:10250"}, {"service": "API Server", "location": "10.0.0.1:443"}], "vulnerabilities": []} \ No newline at end of file diff --git a/unittests/scans/kubescape/many_findings.json b/unittests/scans/kubescape/many_findings.json new file mode 100644 index 00000000000..9e14172b497 --- /dev/null +++ b/unittests/scans/kubescape/many_findings.json @@ -0,0 +1,34566 @@ +{ + "generationTime": "2022-11-02T07:55:55.697021698Z", + "metadata": { + "targetMetadata": {}, + "clusterMetadata": {}, + "scanMetadata": {} + }, + "clusterAPIServerInfo": null, + "customerGUID": "", + "clusterName": "", + "clusterCloudProvider": "", + "reportGUID": "", + "jobID": "", + "resources": [ + { + "resourceID": "path=1881121400/api=apps/v1//Deployment/paymentservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "paymentservice" + }, + "sourcePath": "examples/online-boutique/paymentservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "paymentservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "paymentservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "paymentservice", + "ports": [ + { + "containerPort": 50051 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:50051" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:50051" + ] + } + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/paymentservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=2686782197/api=apps/v1//Deployment/recommendationservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "recommendationservice" + }, + "sourcePath": "examples/online-boutique/recommendationservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "recommendationservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "recommendationservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "recommendationservice", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + }, + { + "name": "PRODUCT_CATALOG_SERVICE_ADDR", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "450Mi" + }, + "requests": { + "cpu": "100m", + "memory": "220Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:8080" + ] + }, + "periodSeconds": 5 + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:8080" + ] + }, + "periodSeconds": 5 + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/recommendationservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "name": "kubescape-discovery-role-binding" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "kubescape-discovery-clusterroles" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "name": "kubescape-discovery-clusterroles" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml" + } + ] + } + }, + { + "resourceID": "//ServiceAccount/kubescape-discovery/path=2738873395/api=rbac.authorization.k8s.io/v1//RoleBinding/-kubescape/path=3787836522/api=rbac.authorization.k8s.io/v1//ClusterRole/-kubescape", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "RoleBinding", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "-kubescape" + }, + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/rolebinding.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/clusterrole.yaml" + } + ] + } + }, + { + "resourceID": "path=1161725811/api=apps/v1//Deployment/adservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "adservice" + }, + "sourcePath": "examples/online-boutique/adservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "adservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "adservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "adservice", + "ports": [ + { + "containerPort": 9555 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "300m", + "memory": "300Mi" + }, + "requests": { + "cpu": "200m", + "memory": "180Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:9555" + ] + }, + "initialDelaySeconds": 20, + "periodSeconds": 15 + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:9555" + ] + }, + "initialDelaySeconds": 20, + "periodSeconds": 15 + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/adservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=3591976602/api=apps/v1/kubescape/Deployment/kubescape", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "kubescape" + } + }, + "template": { + "metadata": { + "labels": { + "app": "kubescape" + } + }, + "spec": { + "containers": [ + { + "name": "kubescape", + "image": "quay.io/kubescape/kubescape:latest", + "command": [ + "ksserver" + ], + "ports": [ + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KS_DEFAULT_CONFIGMAP_NAMESPACE", + "value": "XXXXXX", + "valueFrom": { + "fieldRef": { + "apiVersion": "v1", + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "KS_SKIP_UPDATE_CHECK", + "value": "XXXXXX" + }, + { + "name": "KS_ENABLE_HOST_SCANNER", + "value": "XXXXXX" + }, + { + "name": "KS_DOWNLOAD_ARTIFACTS", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "500m", + "memory": "500Mi" + }, + "requests": { + "cpu": "10m", + "memory": "100Mi" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/livez", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3 + }, + "readinessProbe": { + "httpGet": { + "path": "/readyz", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3 + }, + "imagePullPolicy": "Always" + } + ], + "serviceAccountName": "kubescape-discovery" + } + } + } + }, + "source": { + "relativePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=2924266659/api=apps/v1//Deployment/frontend", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "frontend" + }, + "sourcePath": "examples/online-boutique/frontend.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "frontend" + } + }, + "template": { + "metadata": { + "annotations": { + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + }, + "labels": { + "app": "frontend" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "frontend", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + }, + { + "name": "PRODUCT_CATALOG_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "CURRENCY_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "CART_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "RECOMMENDATION_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "SHIPPING_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "CHECKOUT_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "AD_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "ENV_PLATFORM", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/_healthz", + "port": 8080, + "httpHeaders": [ + { + "name": "Cookie", + "value": "shop_session-id=x-liveness-probe" + } + ] + }, + "initialDelaySeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/_healthz", + "port": 8080, + "httpHeaders": [ + { + "name": "Cookie", + "value": "shop_session-id=x-readiness-probe" + } + ] + }, + "initialDelaySeconds": 10 + } + } + ], + "serviceAccountName": "default" + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/frontend.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=1644445903/api=apps/v1/kubescape/Deployment/kubescape", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml", + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "kubescape" + } + }, + "template": { + "metadata": { + "labels": { + "app": "kubescape" + } + }, + "spec": { + "containers": [ + { + "name": "kubescape", + "image": "quay.io/kubescape/kubescape:latest", + "command": [ + "ksserver" + ], + "ports": [ + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KS_DEFAULT_CONFIGMAP_NAMESPACE", + "value": "XXXXXX", + "valueFrom": { + "fieldRef": { + "apiVersion": "v1", + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "KS_SKIP_UPDATE_CHECK", + "value": "XXXXXX" + }, + { + "name": "KS_ENABLE_HOST_SCANNER", + "value": "XXXXXX" + }, + { + "name": "KS_DOWNLOAD_ARTIFACTS", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "500m", + "memory": "500Mi" + }, + "requests": { + "cpu": "10m", + "memory": "100Mi" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/livez", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3 + }, + "readinessProbe": { + "httpGet": { + "path": "/readyz", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3 + }, + "imagePullPolicy": "Always" + } + ], + "serviceAccountName": "kubescape-discovery" + } + } + } + }, + "source": { + "relativePath": "httphandler/examples/microservice/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=3591976602/api=/v1/kubescape/ServiceAccount/kubescape-discovery", + "object": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape-discovery", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml" + }, + "source": { + "relativePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=3919891740/api=/v1//ServiceAccount/kubescape-discovery", + "object": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "kubescape-discovery" + }, + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/serviceaccount.yaml" + }, + "source": { + "relativePath": "examples/helm_chart/templates/serviceaccount.yaml", + "fileType": "Helm Chart", + "helmChartName": "kubescape", + "lastCommit": { + "hash": "57160c4d0498c93bdba6e25b3f8cae8158cb5674", + "date": "2021-11-07T21:17:45+02:00", + "committerName": "Yonah Dissen", + "committerEmail": "ydissen@vmware.com", + "message": "add helm chart to deploy kubescape in cluster\n" + } + } + }, + { + "resourceID": "path=423865324/api=/v1//Service/productcatalogservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "productcatalogservice" + }, + "sourcePath": "examples/online-boutique/productcatalogservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 3550, + "targetPort": 3550 + } + ], + "selector": { + "app": "productcatalogservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/productcatalogservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=4115069426/api=/v1//Service/emailservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "emailservice" + }, + "sourcePath": "examples/online-boutique/emailservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 5000, + "targetPort": 8080 + } + ], + "selector": { + "app": "emailservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/emailservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=2738873395/api=rbac.authorization.k8s.io/v1//RoleBinding/-kubescape", + "object": { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "RoleBinding", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "-kubescape" + }, + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/rolebinding.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "" + } + ] + }, + "source": { + "relativePath": "examples/helm_chart/templates/rolebinding.yaml", + "fileType": "Helm Chart", + "helmChartName": "kubescape", + "lastCommit": { + "hash": "57160c4d0498c93bdba6e25b3f8cae8158cb5674", + "date": "2021-11-07T21:17:45+02:00", + "committerName": "Yonah Dissen", + "committerEmail": "ydissen@vmware.com", + "message": "add helm chart to deploy kubescape in cluster\n" + } + } + }, + { + "resourceID": "path=4285981016/api=/v1//Service/cartservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "cartservice" + }, + "sourcePath": "examples/online-boutique/cartservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 7070, + "targetPort": 7070 + } + ], + "selector": { + "app": "cartservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/cartservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=1966984206/api=apps/v1//Deployment/redis-cart", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis-cart" + }, + "sourcePath": "examples/online-boutique/redis.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "redis-cart" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis-cart" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": "redis:alpine", + "ports": [ + { + "containerPort": 6379 + } + ], + "resources": { + "limits": { + "cpu": "125m", + "memory": "256Mi" + }, + "requests": { + "cpu": "70m", + "memory": "200Mi" + } + }, + "volumeMounts": [ + { + "name": "redis-data", + "mountPath": "/data" + } + ], + "livenessProbe": { + "tcpSocket": { + "port": 6379 + }, + "periodSeconds": 5 + }, + "readinessProbe": { + "tcpSocket": { + "port": 6379 + }, + "periodSeconds": 5 + } + } + ], + "volumes": [ + { + "emptyDir": {}, + "name": "redis-data" + } + ] + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/redis.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=4285981016/api=apps/v1//Deployment/cartservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "cartservice" + }, + "sourcePath": "examples/online-boutique/cartservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "cartservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "cartservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "cartservice", + "ports": [ + { + "containerPort": 7070 + } + ], + "env": [ + { + "name": "REDIS_ADDR", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "300m", + "memory": "128Mi" + }, + "requests": { + "cpu": "200m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:7070", + "-rpc-timeout=5s" + ] + }, + "initialDelaySeconds": 15, + "periodSeconds": 10 + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:7070", + "-rpc-timeout=5s" + ] + }, + "initialDelaySeconds": 15 + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/cartservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=4203826079/api=apps/v1/kubescape-host-scanner/DaemonSet/host-scanner", + "object": { + "apiVersion": "apps/v1", + "kind": "DaemonSet", + "metadata": { + "labels": { + "app": "host-scanner", + "k8s-app": "kubescape-host-scanner" + }, + "name": "host-scanner", + "namespace": "kubescape-host-scanner" + }, + "sourcePath": "core/pkg/hostsensorutils/hostsensor.yaml", + "spec": { + "selector": { + "matchLabels": { + "name": "host-scanner" + } + }, + "template": { + "metadata": { + "labels": { + "name": "host-scanner" + } + }, + "spec": { + "automountServiceAccountToken": false, + "containers": [ + { + "name": "host-sensor", + "image": "quay.io/kubescape/host-scanner:v1.0.32", + "ports": [ + { + "name": "scanner", + "hostPort": 7888, + "containerPort": 7888, + "protocol": "TCP" + } + ], + "resources": { + "limits": { + "cpu": "100u", + "memory": "200Mi" + }, + "requests": { + "cpu": "1m", + "memory": "200Mi" + } + }, + "volumeMounts": [ + { + "name": "host-filesystem", + "mountPath": "/host_fs" + } + ], + "readinessProbe": { + "httpGet": { + "path": "/kernelVersion", + "port": 7888 + } + }, + "securityContext": { + "privileged": true, + "readOnlyRootFilesystem": true, + "procMount": "Unmasked" + } + } + ], + "dnsPolicy": "ClusterFirstWithHostNet", + "hostIPC": true, + "hostNetwork": true, + "hostPID": true, + "terminationGracePeriodSeconds": 120, + "tolerations": [ + { + "effect": "NoSchedule", + "key": "node-role.kubernetes.io/control-plane", + "operator": "Exists" + }, + { + "effect": "NoSchedule", + "key": "node-role.kubernetes.io/master", + "operator": "Exists" + } + ], + "volumes": [ + { + "hostPath": { + "path": "/", + "type": "Directory" + }, + "name": "host-filesystem" + } + ] + } + } + } + }, + "source": { + "relativePath": "core/pkg/hostsensorutils/hostsensor.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "dc2c6f8a215e297bf65501000243cb172e1a5563", + "date": "2022-10-26T11:40:28+03:00", + "committerName": "YiscahLevySilas1", + "committerEmail": "80635572+YiscahLevySilas1@users.noreply.github.com", + "message": "update hostsensor version" + } + } + }, + { + "resourceID": "//ServiceAccount/kubescape-discovery/path=3787836522/api=rbac.authorization.k8s.io/v1//ClusterRole/-kubescape/path=4235171603/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/-kubescape", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "-kubescape" + }, + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/clusterrolebinding.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/clusterrole.yaml" + } + ] + } + }, + { + "resourceID": "path=2451423745/api=/v1//Service/currencyservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "currencyservice" + }, + "sourcePath": "examples/online-boutique/currencyservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 7000, + "targetPort": 7000 + } + ], + "selector": { + "app": "currencyservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/currencyservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "/kubescape/Deployment/kubescape", + "object": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape", + "relatedObjects": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "app": "kubescape" + }, + "type": "ClusterIP" + } + } + } + }, + { + "resourceID": "path=3591976602/api=/v1/kubescape/Service/kubescape", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "app": "kubescape" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=3015304832/api=/v1//Service/shippingservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "shippingservice" + }, + "sourcePath": "examples/online-boutique/shippingservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 50051, + "targetPort": 50051 + } + ], + "selector": { + "app": "shippingservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/shippingservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=1161725811/api=/v1//Service/adservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "adservice" + }, + "sourcePath": "examples/online-boutique/adservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 9555, + "targetPort": 9555 + } + ], + "selector": { + "app": "adservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/adservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=3015304832/api=apps/v1//Deployment/shippingservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "shippingservice" + }, + "sourcePath": "examples/online-boutique/shippingservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "shippingservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "shippingservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "shippingservice", + "ports": [ + { + "containerPort": 50051 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:50051" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:50051" + ] + }, + "periodSeconds": 5 + } + } + ], + "serviceAccountName": "default" + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/shippingservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=1644445903/api=/v1/kubescape/Service/kubescape", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "app": "kubescape" + }, + "type": "NodePort" + } + }, + "source": { + "relativePath": "httphandler/examples/microservice/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=1881121400/api=/v1//Service/paymentservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "paymentservice" + }, + "sourcePath": "examples/online-boutique/paymentservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 50051, + "targetPort": 50051 + } + ], + "selector": { + "app": "paymentservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/paymentservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=343424394/api=rbac.authorization.k8s.io/v1//Role/-kubescape", + "object": { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "Role", + "metadata": { + "labels": { + "app.kubernetes.io/instance": null, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "kubescape", + "app.kubernetes.io/version": "v1.0.128", + "helm.sh/chart": "kubescape-1.0.0" + }, + "name": "-kubescape" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "/tmp/3387783067/examples/helm_chart/templates/role.yaml" + }, + "source": { + "relativePath": "examples/helm_chart/templates/role.yaml", + "fileType": "Helm Chart", + "helmChartName": "kubescape", + "lastCommit": { + "hash": "57160c4d0498c93bdba6e25b3f8cae8158cb5674", + "date": "2021-11-07T21:17:45+02:00", + "committerName": "Yonah Dissen", + "committerEmail": "ydissen@vmware.com", + "message": "add helm chart to deploy kubescape in cluster\n" + } + } + }, + { + "resourceID": "path=4115069426/api=apps/v1//Deployment/emailservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "emailservice" + }, + "sourcePath": "examples/online-boutique/emailservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "emailservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "emailservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "emailservice", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + }, + { + "name": "DISABLE_PROFILER", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:8080" + ] + }, + "periodSeconds": 5 + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:8080" + ] + }, + "periodSeconds": 5 + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/emailservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=423865324/api=apps/v1//Deployment/productcatalogservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "productcatalogservice" + }, + "sourcePath": "examples/online-boutique/productcatalogservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "productcatalogservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "productcatalogservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "productcatalogservice", + "ports": [ + { + "containerPort": 3550 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:3550" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:3550" + ] + } + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/productcatalogservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "name": "kubescape-discovery-role-binding" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "kubescape-discovery-clusterroles" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "name": "kubescape-discovery-clusterroles" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml" + } + ] + } + }, + { + "resourceID": "path=3591976602/api=/v1//Namespace/kubescape", + "object": { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml" + }, + "source": { + "relativePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=4038904612/api=apps/v1//Deployment/loadgenerator", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "loadgenerator" + }, + "sourcePath": "examples/online-boutique/loadgenerator.yaml", + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "loadgenerator" + } + }, + "template": { + "metadata": { + "annotations": { + "sidecar.istio.io/rewriteAppHTTPProbers": "true" + }, + "labels": { + "app": "loadgenerator" + } + }, + "spec": { + "containers": [ + { + "name": "main", + "image": "loadgenerator", + "env": [ + { + "name": "FRONTEND_ADDR", + "value": "XXXXXX" + }, + { + "name": "USERS", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "500m", + "memory": "512Mi" + }, + "requests": { + "cpu": "300m", + "memory": "256Mi" + } + } + } + ], + "restartPolicy": "Always", + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/loadgenerator.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=645840794/api=apps/v1//Deployment/checkoutservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "checkoutservice" + }, + "sourcePath": "examples/online-boutique/checkoutservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "checkoutservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "checkoutservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "checkoutservice", + "ports": [ + { + "containerPort": 5050 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + }, + { + "name": "PRODUCT_CATALOG_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "SHIPPING_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "PAYMENT_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "EMAIL_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "CURRENCY_SERVICE_ADDR", + "value": "XXXXXX" + }, + { + "name": "CART_SERVICE_ADDR", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:5050" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:5050" + ] + } + } + } + ], + "serviceAccountName": "default" + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/checkoutservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=4203826079/api=/v1//Namespace/kubescape-host-scanner", + "object": { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "labels": { + "app": "kubescape-host-scanner", + "k8s-app": "kubescape-host-scanner", + "kubernetes.io/metadata.name": "kubescape-host-scanner", + "tier": "kubescape-host-scanner-control-plane" + }, + "name": "kubescape-host-scanner" + }, + "sourcePath": "core/pkg/hostsensorutils/hostsensor.yaml" + }, + "source": { + "relativePath": "core/pkg/hostsensorutils/hostsensor.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "dc2c6f8a215e297bf65501000243cb172e1a5563", + "date": "2022-10-26T11:40:28+03:00", + "committerName": "YiscahLevySilas1", + "committerEmail": "80635572+YiscahLevySilas1@users.noreply.github.com", + "message": "update hostsensor version" + } + } + }, + { + "resourceID": "path=645840794/api=/v1//Service/checkoutservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "checkoutservice" + }, + "sourcePath": "examples/online-boutique/checkoutservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 5050, + "targetPort": 5050 + } + ], + "selector": { + "app": "checkoutservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/checkoutservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=2924266659/api=/v1//Service/frontend-external", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "frontend-external" + }, + "sourcePath": "examples/online-boutique/frontend.yaml", + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": 8080 + } + ], + "selector": { + "app": "frontend" + }, + "type": "LoadBalancer" + } + }, + "source": { + "relativePath": "examples/online-boutique/frontend.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=2924266659/api=/v1//Service/frontend", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "frontend" + }, + "sourcePath": "examples/online-boutique/frontend.yaml", + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": 8080 + } + ], + "selector": { + "app": "frontend" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/frontend.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=2451423745/api=apps/v1//Deployment/currencyservice", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "currencyservice" + }, + "sourcePath": "examples/online-boutique/currencyservice.yaml", + "spec": { + "selector": { + "matchLabels": { + "app": "currencyservice" + } + }, + "template": { + "metadata": { + "labels": { + "app": "currencyservice" + } + }, + "spec": { + "containers": [ + { + "name": "server", + "image": "currencyservice", + "ports": [ + { + "name": "grpc", + "containerPort": 7000 + } + ], + "env": [ + { + "name": "PORT", + "value": "XXXXXX" + } + ], + "resources": { + "limits": { + "cpu": "200m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:7000" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/grpc_health_probe", + "-addr=:7000" + ] + } + } + } + ], + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 5 + } + } + } + }, + "source": { + "relativePath": "examples/online-boutique/currencyservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "name": "kubescape-discovery-role-binding" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "kubescape-discovery-clusterroles" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "name": "kubescape-discovery-clusterroles" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml" + } + ] + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "object": { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape", + "relatedObjects": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "name": "kubescape-discovery-role-binding" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "kubescape-discovery-clusterroles" + }, + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml", + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kubescape-discovery", + "namespace": "kubescape" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "name": "kubescape-discovery-clusterroles" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "describe" + ] + } + ], + "sourcePath": "httphandler/examples/prometheus/ks-deployment.yaml" + } + ] + } + }, + { + "resourceID": "path=1966984206/api=/v1//Service/redis-cart", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "redis-cart" + }, + "sourcePath": "examples/online-boutique/redis.yaml", + "spec": { + "ports": [ + { + "name": "redis", + "port": 6379, + "targetPort": 6379 + } + ], + "selector": { + "app": "redis-cart" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/redis.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + }, + { + "resourceID": "path=1644445903/api=/v1//Namespace/kubescape", + "object": { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml" + }, + "source": { + "relativePath": "httphandler/examples/microservice/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=1644445903/api=/v1/kubescape/ServiceAccount/kubescape-discovery", + "object": { + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "labels": { + "app": "kubescape" + }, + "name": "kubescape-discovery", + "namespace": "kubescape" + }, + "sourcePath": "httphandler/examples/microservice/ks-deployment.yaml" + }, + "source": { + "relativePath": "httphandler/examples/microservice/ks-deployment.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "cbd4fc1a80362c57bc0bec78bfbf9422f646a8fb", + "date": "2022-08-23T12:33:48+03:00", + "committerName": "David Wertenteil", + "committerEmail": "dwertent@armosec.io", + "message": "replace armo by kubescape mentioned in urls\n" + } + } + }, + { + "resourceID": "path=2686782197/api=/v1//Service/recommendationservice", + "object": { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "recommendationservice" + }, + "sourcePath": "examples/online-boutique/recommendationservice.yaml", + "spec": { + "ports": [ + { + "name": "grpc", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "app": "recommendationservice" + }, + "type": "ClusterIP" + } + }, + "source": { + "relativePath": "examples/online-boutique/recommendationservice.yaml", + "fileType": "YAML", + "lastCommit": { + "hash": "96148ac6fd37d8d03572ad8c9bb5e60a4663c52a", + "date": "2021-08-26T17:41:11+03:00", + "committerName": "dwertent", + "committerEmail": "dwertent@cyberarmor.io", + "message": "support yaml input\n" + } + } + } + ], + "attributes": null, + "results": [ + { + "resourceID": "path=1881121400/api=apps/v1//Deployment/paymentservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=1881121400/api=apps/v1//Deployment/paymentservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=2686782197/api=apps/v1//Deployment/recommendationservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=2686782197/api=apps/v1//Deployment/recommendationservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0053", + "name": "Access container service account", + "rules": [ + { + "name": "access-container-service-account-v1", + "status": "failed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "rules": [ + { + "name": "cluster-admin-role", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "//ServiceAccount/kubescape-discovery/path=2738873395/api=rbac.authorization.k8s.io/v1//RoleBinding/-kubescape/path=3787836522/api=rbac.authorization.k8s.io/v1//ClusterRole/-kubescape", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=1161725811/api=apps/v1//Deployment/adservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=1161725811/api=apps/v1//Deployment/adservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=3591976602/api=apps/v1/kubescape/Deployment/kubescape", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "passed", + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.automountServiceAccountToken", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.automountServiceAccountToken", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=2924266659/api=apps/v1//Deployment/frontend", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=2924266659/api=apps/v1//Deployment/frontend", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=1644445903/api=apps/v1/kubescape/Deployment/kubescape", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "passed", + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.automountServiceAccountToken", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.automountServiceAccountToken", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ], + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-5", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Deployment", + "name": "kubescape", + "namespace": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=3591976602/api=/v1/kubescape/ServiceAccount/kubescape-discovery", + "controls": [ + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "automountServiceAccountToken", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "automountServiceAccountToken", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=3919891740/api=/v1//ServiceAccount/kubescape-discovery", + "controls": [ + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=423865324/api=/v1//Service/productcatalogservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=4115069426/api=/v1//Service/emailservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=2738873395/api=rbac.authorization.k8s.io/v1//RoleBinding/-kubescape", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=4285981016/api=/v1//Service/cartservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=1966984206/api=apps/v1//Deployment/redis-cart", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=1966984206/api=apps/v1//Deployment/redis-cart", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=4285981016/api=apps/v1//Deployment/cartservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=4285981016/api=apps/v1//Deployment/cartservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=4203826079/api=apps/v1/kubescape-host-scanner/DaemonSet/host-scanner", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[0].readOnly", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.hostIPC", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.template.spec.hostPID", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].livenessProbe", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + }, + { + "name": "immutable-container-filesystem", + "status": "passed" + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.hostNetwork", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "passed" + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].ports[0].hostPort", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "passed" + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[0].readOnly", + "value": "true" + } + } + ] + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=4203826079/api=apps/v1/kubescape-host-scanner/DaemonSet/host-scanner", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 231.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0057", + "category": "Privilege escalation", + "tags": [ + "security" + ] + } + ], + "score": 308, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0038", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 269.5, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 154, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 231.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 132, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0057", + "category": "Privilege escalation", + "tags": [ + "security" + ] + } + ], + "score": 176, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0038", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 154, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 88, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 132, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0057", + "category": "Privilege escalation", + "tags": [ + "security" + ] + } + ], + "score": 220.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0038", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 192.50000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Discovery", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 269.5, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Discovery", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 154, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Discovery", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 192.50000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Lateral movement", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 269.5, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Lateral movement", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 154, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0041", + "category": "Lateral movement", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 192.50000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0006", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 231.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 308, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0006", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 132, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 176, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0006", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Impact - Data access in container", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 220.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0001", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Persistence", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 308, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0044", + "category": "Initial access", + "tags": [ + "security", + "compliance", + "devops" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Persistence", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 176, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0045", + "category": "Persistence", + "tags": [ + "security", + "compliance", + "devops", + "security-impact" + ] + } + ], + "score": 220.00000000000003, + "severity": 3 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0041", + "category": "Impact - service access", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 7.700000000000001, + "severity": 3 + } + ], + "score": 5903.7, + "severity": 3 + } + }, + { + "resourceID": "//ServiceAccount/kubescape-discovery/path=3787836522/api=rbac.authorization.k8s.io/v1//ClusterRole/-kubescape/path=4235171603/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/-kubescape", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "rules": [ + { + "name": "cluster-admin-role", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=2451423745/api=/v1//Service/currencyservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "/kubescape/Deployment/kubescape", + "controls": [ + { + "controlID": "C-0042", + "name": "SSH server running inside container", + "rules": [ + { + "name": "rule-can-ssh-to-pod-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=3591976602/api=/v1/kubescape/Service/kubescape", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=3015304832/api=/v1//Service/shippingservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=1161725811/api=/v1//Service/adservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=3015304832/api=apps/v1//Deployment/shippingservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=3015304832/api=apps/v1//Deployment/shippingservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=1644445903/api=/v1/kubescape/Service/kubescape", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=1881121400/api=/v1//Service/paymentservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=343424394/api=rbac.authorization.k8s.io/v1//Role/-kubescape", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=4115069426/api=apps/v1//Deployment/emailservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=4115069426/api=apps/v1//Deployment/emailservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=423865324/api=apps/v1//Deployment/productcatalogservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=423865324/api=apps/v1//Deployment/productcatalogservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0053", + "name": "Access container service account", + "rules": [ + { + "name": "access-container-service-account-v1", + "status": "failed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "rules": [ + { + "name": "cluster-admin-role", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=3591976602/api=/v1//Namespace/kubescape", + "controls": [ + { + "controlID": "CIS-5.2.12", + "name": "Minimize the admission of HostPath volumes", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0060", + "name": "Namespace without service accounts", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.2.5", + "name": "Minimize the admission of containers wishing to share the host network namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.2", + "name": "Minimize the admission of privileged containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.13", + "name": "Minimize the admission of containers which use HostPorts", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.7", + "name": "Minimize the admission of root containers", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.11", + "name": "Minimize the admission of Windows HostProcess Containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.3.2", + "name": "Ensure that all Namespaces have Network Policies defined", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.5", + "name": "Ensure that default service accounts are not actively used", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.2.9", + "name": "Minimize the admission of containers with added capabilities", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.10", + "name": "Minimize the admission of containers with capabilities assigned", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.6", + "name": "Minimize the admission of containers with allowPrivilegeEscalation", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.1", + "name": "Create administrative boundaries between resources using namespaces", + "rules": [ + { + "name": "list-all-namespaces", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.8", + "name": "Minimize the admission of containers with the NET_RAW capability", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.4", + "name": "Minimize the admission of containers wishing to share the host IPC namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0049", + "name": "Network mapping", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.3", + "name": "Minimize the admission of containers wishing to share the host process ID namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.1", + "name": "Ensure that the cluster has at least one active policy control mechanism in place", + "rules": [ + { + "name": "pod-security-admission-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=4038904612/api=apps/v1//Deployment/loadgenerator", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].livenessProbe", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].readinessProbe", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=4038904612/api=apps/v1//Deployment/loadgenerator", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=645840794/api=apps/v1//Deployment/checkoutservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=645840794/api=apps/v1//Deployment/checkoutservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "path=4203826079/api=/v1//Namespace/kubescape-host-scanner", + "controls": [ + { + "controlID": "CIS-5.2.12", + "name": "Minimize the admission of HostPath volumes", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "C-0060", + "name": "Namespace without service accounts", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.5", + "name": "Minimize the admission of containers wishing to share the host network namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "rules": [ + { + "name": "internal-networking", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.2", + "name": "Minimize the admission of privileged containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.13", + "name": "Minimize the admission of containers which use HostPorts", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.7", + "name": "Minimize the admission of root containers", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.11", + "name": "Minimize the admission of Windows HostProcess Containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.3.2", + "name": "Ensure that all Namespaces have Network Policies defined", + "rules": [ + { + "name": "internal-networking", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.1.5", + "name": "Ensure that default service accounts are not actively used", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.9", + "name": "Minimize the admission of containers with added capabilities", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.10", + "name": "Minimize the admission of containers with capabilities assigned", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.6", + "name": "Minimize the admission of containers with allowPrivilegeEscalation", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.7.1", + "name": "Create administrative boundaries between resources using namespaces", + "rules": [ + { + "name": "list-all-namespaces", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.8", + "name": "Minimize the admission of containers with the NET_RAW capability", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.4", + "name": "Minimize the admission of containers wishing to share the host IPC namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "C-0049", + "name": "Network mapping", + "rules": [ + { + "name": "internal-networking", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.3", + "name": "Minimize the admission of containers wishing to share the host process ID namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed" + } + ] + }, + { + "controlID": "CIS-5.2.1", + "name": "Ensure that the cluster has at least one active policy control mechanism in place", + "rules": [ + { + "name": "pod-security-admission-applied", + "status": "failed" + } + ] + } + ] + }, + { + "resourceID": "path=645840794/api=/v1//Service/checkoutservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=2924266659/api=/v1//Service/frontend-external", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=2924266659/api=/v1//Service/frontend", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=2451423745/api=apps/v1//Deployment/currencyservice", + "controls": [ + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "rules": [ + { + "name": "set-seccomp-profile-RuntimeDefault", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile.type", + "value": "RuntimeDefault" + } + } + ] + } + ] + }, + { + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "rules": [ + { + "name": "resources-cpu-limit-and-request", + "status": "passed", + "controlConfigurations": { + "cpu_limit_max": [], + "cpu_limit_min": [], + "cpu_request_max": [], + "cpu_request_min": [] + } + } + ] + }, + { + "controlID": "C-0006", + "name": "Allowed hostPath", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0078", + "name": "Images from allowed registry", + "rules": [ + { + "name": "container-image-repository", + "status": "failed", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].image", + "fixPath": { + "path": "", + "value": "" + } + } + ], + "controlConfigurations": { + "imageRepositoryAllowList": [ + "ecr.*amazonaws.com", + ".*.gcr.io", + ".*azurecr.io" + ] + } + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed" + } + ] + }, + { + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "rules": [ + { + "name": "rule-identify-blocklisted-image-registries", + "status": "passed", + "controlConfigurations": { + "publicRegistries": [ + "quay.io", + "registry.hub.docker.com" + ], + "untrustedRegistries": [] + } + } + ] + }, + { + "controlID": "C-0004", + "name": "Resources memory limit and request", + "rules": [ + { + "name": "resources-memory-limit-and-request", + "status": "passed", + "controlConfigurations": { + "memory_limit_max": [], + "memory_limit_min": [], + "memory_request_max": [], + "memory_request_min": [] + } + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0076", + "name": "Label usage for resources", + "rules": [ + { + "name": "label-usage-for-resources", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "recommendedLabels": [ + "app", + "tier", + "phase", + "version", + "owner", + "env" + ] + } + } + ] + }, + { + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "rules": [ + { + "name": "rule-secrets-in-env-var", + "status": "passed" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "rules": [ + { + "name": "insecure-capabilities", + "status": "passed", + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + } + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "rules": [ + { + "name": "rule-credentials-in-env-var", + "status": "passed", + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + } + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed" + } + ] + }, + { + "controlID": "C-0056", + "name": "Configured liveness probe", + "rules": [ + { + "name": "configured-liveness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + } + ] + }, + { + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "rules": [ + { + "name": "image-pull-policy-is-not-set-to-always", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed" + }, + { + "name": "immutable-container-filesystem", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem", + "value": "true" + } + } + ] + }, + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + }, + { + "name": "drop-capability-netraw", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop", + "value": "NET_RAW" + } + } + ] + }, + { + "name": "set-seLinuxOptions", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + } + ] + }, + { + "name": "set-seccomp-profile", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0077", + "name": "K8s common labels usage", + "rules": [ + { + "name": "K8s common labels usage", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.labels", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.metadata.labels", + "value": "YOUR_VALUE" + } + } + ], + "controlConfigurations": { + "k8sRecommendedLabels": [ + "app.kubernetes.io/name", + "app.kubernetes.io/instance", + "app.kubernetes.io/version", + "app.kubernetes.io/component", + "app.kubernetes.io/part-of", + "app.kubernetes.io/managed-by", + "app.kubernetes.io/created-by" + ] + } + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "rules": [ + { + "name": "host-network-access", + "status": "passed" + } + ] + }, + { + "controlID": "C-0018", + "name": "Configured readiness probe", + "rules": [ + { + "name": "configured-readiness-probe", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "rules": [ + { + "name": "non-root-containers", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "rules": [ + { + "name": "sudo-in-container-entrypoint", + "status": "passed" + } + ] + }, + { + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "rules": [ + { + "name": "containers-mounting-docker-socket", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0061", + "name": "Pods in default namespace", + "rules": [ + { + "name": "pods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "rules": [ + { + "name": "container-hostPort", + "status": "passed" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].capabilities.drop", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "rules": [ + { + "name": "CVE-2022-0492", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.securityContext.runAsNonRoot", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.securityContext.allowPrivilegeEscalation", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "rules": [ + { + "name": "resource-policies", + "status": "passed" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed" + } + ] + } + ], + "prioritizedResource": { + "resourceID": "path=2451423745/api=apps/v1//Deployment/currencyservice", + "priorityVector": [ + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 165, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 110.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0055", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0016", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0013", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 99.00000000000001, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0086", + "category": "Privilege escalation", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 66, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0078", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 82.5, + "severity": 2 + }, + { + "attackTrackName": "container", + "type": "control", + "vector": [ + { + "controlID": "C-0078", + "category": "Initial access", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Execution", + "tags": [ + "security", + "compliance" + ] + }, + { + "controlID": "C-0017", + "category": "Persistence", + "tags": [ + "security", + "compliance" + ] + } + ], + "score": 49.50000000000001, + "severity": 2 + } + ], + "score": 1012, + "severity": 2 + } + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=1644445903/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0053", + "name": "Access container service account", + "rules": [ + { + "name": "access-container-service-account-v1", + "status": "failed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "rules": [ + { + "name": "cluster-admin-role", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "/kubescape/ServiceAccount/kubescape-discovery/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRole/kubescape-discovery-clusterroles/path=3591976602/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/kubescape-discovery-role-binding", + "controls": [ + { + "controlID": "C-0002", + "name": "Exec into container", + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0063", + "name": "Portforwarding privileges", + "rules": [ + { + "name": "rule-can-portforward-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "rules": [ + { + "name": "rule-can-bind-escalate", + "status": "passed" + }, + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "failed", + "paths": [ + { + "failedPath": "relatedObjects[1].rules[0].resources[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].verbs[1]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[1].rules[0].apiGroups[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].subjects[0]", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "relatedObjects[0].roleRef.name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "rules": [ + { + "name": "rule-can-create-pod", + "status": "passed" + } + ] + }, + { + "controlID": "C-0065", + "name": "No impersonation", + "rules": [ + { + "name": "rule-can-impersonate-users-groups-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0007", + "name": "Data Destruction", + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed" + } + ] + }, + { + "controlID": "C-0053", + "name": "Access container service account", + "rules": [ + { + "name": "access-container-service-account-v1", + "status": "failed" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "rules": [ + { + "name": "cluster-admin-role", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=1966984206/api=/v1//Service/redis-cart", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=1644445903/api=/v1//Namespace/kubescape", + "controls": [ + { + "controlID": "CIS-5.2.12", + "name": "Minimize the admission of HostPath volumes", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0060", + "name": "Namespace without service accounts", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.2.5", + "name": "Minimize the admission of containers wishing to share the host network namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.2", + "name": "Minimize the admission of privileged containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.13", + "name": "Minimize the admission of containers which use HostPorts", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.7", + "name": "Minimize the admission of root containers", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.11", + "name": "Minimize the admission of Windows HostProcess Containers", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.3.2", + "name": "Ensure that all Namespaces have Network Policies defined", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.5", + "name": "Ensure that default service accounts are not actively used", + "rules": [ + { + "name": "namespace-without-service-account", + "status": "passed" + } + ] + }, + { + "controlID": "CIS-5.2.9", + "name": "Minimize the admission of containers with added capabilities", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.10", + "name": "Minimize the admission of containers with capabilities assigned", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.6", + "name": "Minimize the admission of containers with allowPrivilegeEscalation", + "rules": [ + { + "name": "pod-security-admission-restricted-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.1", + "name": "Create administrative boundaries between resources using namespaces", + "rules": [ + { + "name": "list-all-namespaces", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.8", + "name": "Minimize the admission of containers with the NET_RAW capability", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.4", + "name": "Minimize the admission of containers wishing to share the host IPC namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "C-0049", + "name": "Network mapping", + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.3", + "name": "Minimize the admission of containers wishing to share the host process ID namespace", + "rules": [ + { + "name": "pod-security-admission-baseline-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + }, + { + "controlID": "CIS-5.2.1", + "name": "Ensure that the cluster has at least one active policy control mechanism in place", + "rules": [ + { + "name": "pod-security-admission-applied", + "status": "failed", + "exception": [ + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + }, + { + "guid": "", + "name": "exclude-kubescape-resources-0", + "attributes": { + "systemException": true + }, + "policyType": "postureExceptionPolicy", + "creationTime": "", + "actions": [ + "alertOnly" + ], + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kind": "Namespace", + "name": "kubescape" + } + } + ], + "posturePolicies": [ + { + "frameworkName": "" + } + ] + } + ] + } + ] + } + ] + }, + { + "resourceID": "path=1644445903/api=/v1/kubescape/ServiceAccount/kubescape-discovery", + "controls": [ + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "automountServiceAccountToken", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "rules": [ + { + "name": "automount-service-account", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "automountServiceAccountToken", + "value": "false" + } + } + ] + } + ] + }, + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "passed" + } + ] + } + ] + }, + { + "resourceID": "path=2686782197/api=/v1//Service/recommendationservice", + "controls": [ + { + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "rules": [ + { + "name": "resources-notpods-in-default-namespace", + "status": "failed", + "paths": [ + { + "fixPath": { + "path": "metadata.namespace", + "value": "YOUR_NAMESPACE" + } + } + ] + } + ] + } + ] + } + ], + "summaryDetails": { + "controls": { + "C-0001": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 12, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0004": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0004", + "name": "Resources memory limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0005": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0005", + "name": "Control plane hardening", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0006": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0006", + "name": "Allowed hostPath", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 6 + }, + "C-0007": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0013": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 21, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 6, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 7 + }, + "C-0016": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0017": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0018": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0018", + "name": "Configured readiness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 3 + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0031": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0034": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 6 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0038": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0039": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0041": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0042": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0044": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 4 + }, + "C-0045": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0047": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0047", + "name": "Exposed dashboard", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0049": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0049", + "name": "Network mapping", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 3 + }, + "C-0050": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0053": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 4, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "C-0056": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0056", + "name": "Configured liveness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 13, + "failedResources": 2, + "excludedResources": 0 + }, + "score": 13.333333, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0060": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0060", + "name": "Namespace without service accounts", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0061": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0061", + "name": "Pods in default namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 3, + "failedResources": 12, + "excludedResources": 0 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0062": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0063": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0065": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0065", + "name": "No impersonation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0066": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0073": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0073", + "name": "Naked PODs", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0074": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0075": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0076": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0076", + "name": "Label usage for resources", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 13, + "excludedResources": 0 + }, + "score": 86.666664, + "scoreFactor": 2 + }, + "C-0077": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0077", + "name": "K8s common labels usage", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 2 + }, + "C-0078": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0078", + "name": "Images from allowed registry", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 5 + }, + "C-0079": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0079", + "name": "CVE-2022-0185-linux-kernel-container-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0081": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0081", + "name": "CVE-2022-24348-argocddirtraversal", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0083": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0083", + "name": "Workloads with Critical vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0084": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0084", + "name": "Workloads with RCE vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0085": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0085", + "name": "Workloads with excessive amount of vulnerabilities", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0086": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 4 + }, + "C-0087": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0087", + "name": "CVE-2022-23648-containerd-fs-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0088": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0088", + "name": "RBAC enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0089": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0089", + "name": "CVE-2022-3172-aggregated-API-server-redirect", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.1.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.1", + "name": "Ensure that the API server pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.10", + "name": "Ensure that the Container Network Interface file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.11", + "name": "Ensure that the etcd data directory permissions are set to 700 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.12", + "name": "Ensure that the etcd data directory ownership is set to etcd:etcd", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.13", + "name": "Ensure that the admin.conf file permissions are set to 600", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.14": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.14", + "name": "Ensure that the admin.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.15": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.15", + "name": "Ensure that the scheduler.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.16": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.16", + "name": "Ensure that the scheduler.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.17": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.17", + "name": "Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.18": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.18", + "name": "Ensure that the controller-manager.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.19": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.19", + "name": "Ensure that the Kubernetes PKI directory and file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.2", + "name": "Ensure that the API server pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.20": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.20", + "name": "Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.21": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.21", + "name": "Ensure that the Kubernetes PKI key file permissions are set to 600", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.3", + "name": "Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.4", + "name": "Ensure that the controller manager pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.5", + "name": "Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.6", + "name": "Ensure that the scheduler pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.7", + "name": "Ensure that the etcd pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.8", + "name": "Ensure that the etcd pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.9", + "name": "Ensure that the Container Network Interface file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.1", + "name": "Ensure that the API Server --anonymous-auth argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.10", + "name": "Ensure that the admission control plugin AlwaysAdmit is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.11", + "name": "Ensure that the admission control plugin AlwaysPullImages is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.12", + "name": "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.13", + "name": "Ensure that the admission control plugin ServiceAccount is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.14": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.14", + "name": "Ensure that the admission control plugin NamespaceLifecycle is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.15": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.15", + "name": "Ensure that the admission control plugin NodeRestriction is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.16": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.16", + "name": "Ensure that the API Server --secure-port argument is not set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.17": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.17", + "name": "Ensure that the API Server --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.18": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.18", + "name": "Ensure that the API Server --audit-log-path argument is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.19": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.19", + "name": "Ensure that the API Server --audit-log-maxage argument is set to 30 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.2", + "name": "Ensure that the API Server --token-auth-file parameter is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.20": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.20", + "name": "Ensure that the API Server --audit-log-maxbackup argument is set to 10 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.21": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.21", + "name": "Ensure that the API Server --audit-log-maxsize argument is set to 100 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.22": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.22", + "name": "Ensure that the API Server --request-timeout argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.23": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.23", + "name": "Ensure that the API Server --service-account-lookup argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.2.24": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.24", + "name": "Ensure that the API Server --service-account-key-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.25": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.25", + "name": "Ensure that the API Server --etcd-certfile and --etcd-keyfile arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.26": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.26", + "name": "Ensure that the API Server --tls-cert-file and --tls-private-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.27": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.27", + "name": "Ensure that the API Server --client-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.28": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.28", + "name": "Ensure that the API Server --etcd-cafile argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.29": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.29", + "name": "Ensure that the API Server --encryption-provider-config argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.3", + "name": "Ensure that the API Server --DenyServiceExternalIPs is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.30": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.30", + "name": "Ensure that encryption providers are appropriately configured", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.31": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.31", + "name": "Ensure that the API Server only makes use of Strong Cryptographic Ciphers", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.4", + "name": "Ensure that the API Server --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.5", + "name": "Ensure that the API Server --kubelet-certificate-authority argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.6", + "name": "Ensure that the API Server --authorization-mode argument is not set to AlwaysAllow", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.7", + "name": "Ensure that the API Server --authorization-mode argument includes Node", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.8", + "name": "Ensure that the API Server --authorization-mode argument includes RBAC", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.9", + "name": "Ensure that the admission control plugin EventRateLimit is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.1", + "name": "Ensure that the Controller Manager --terminated-pod-gc-threshold argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.2", + "name": "Ensure that the Controller Manager --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.3.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.3", + "name": "Ensure that the Controller Manager --use-service-account-credentials argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.4", + "name": "Ensure that the Controller Manager --service-account-private-key-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.3.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.5", + "name": "Ensure that the Controller Manager --root-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.3.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.6", + "name": "Ensure that the Controller Manager RotateKubeletServerCertificate argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.3.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.7", + "name": "Ensure that the Controller Manager --bind-address argument is set to 127.0.0.1", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.4.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.4.1", + "name": "Ensure that the Scheduler --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.4.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.4.2", + "name": "Ensure that the Scheduler --bind-address argument is set to 127.0.0.1", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.1", + "name": "Ensure that the --cert-file and --key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.2", + "name": "Ensure that the --client-cert-auth argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.3", + "name": "Ensure that the --auto-tls argument is not set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.4", + "name": "Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.5", + "name": "Ensure that the --peer-client-cert-auth argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.6", + "name": "Ensure that the --peer-auto-tls argument is not set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.7", + "name": "Ensure that a unique Certificate Authority is used for etcd", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-4.1.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.1", + "name": "Ensure that the kubelet service file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.10", + "name": "If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.2", + "name": "Ensure that the kubelet service file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.3", + "name": "If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.4", + "name": "If proxy kubeconfig file exists ensure ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.5", + "name": "Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.6", + "name": "Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.7", + "name": "Ensure that the certificate authorities file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.8", + "name": "Ensure that the client certificate authorities file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.9", + "name": "If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.1", + "name": "Ensure that the --anonymous-auth argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.10", + "name": "Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.11", + "name": "Ensure that the --rotate-certificates argument is not set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.12", + "name": "Verify that the RotateKubeletServerCertificate argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.13", + "name": "Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-4.2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.2", + "name": "Ensure that the --authorization-mode argument is not set to AlwaysAllow", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.3", + "name": "Ensure that the --client-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.4", + "name": "Verify that the --read-only-port argument is set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-4.2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.5", + "name": "Ensure that the --streaming-connection-idle-timeout argument is not set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.6", + "name": "Ensure that the --protect-kernel-defaults argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "CIS-4.2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.7", + "name": "Ensure that the --make-iptables-util-chains argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.8", + "name": "Ensure that the --hostname-override argument is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.9", + "name": "Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "CIS-5.1.1": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 5, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-5.1.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 6, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 6 + }, + "CIS-5.1.3": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-5.1.4": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-5.1.5": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.5", + "name": "Ensure that default service accounts are not actively used", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.1.6": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 5 + }, + "CIS-5.1.8": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-5.2.1": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.1", + "name": "Ensure that the cluster has at least one active policy control mechanism in place", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.2.10": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.10", + "name": "Minimize the admission of containers with capabilities assigned", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.11": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.11", + "name": "Minimize the admission of Windows HostProcess Containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 7 + }, + "CIS-5.2.12": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.12", + "name": "Minimize the admission of HostPath volumes", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.13": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.13", + "name": "Minimize the admission of containers which use HostPorts", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.2.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.2", + "name": "Minimize the admission of privileged containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 8 + }, + "CIS-5.2.3": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.3", + "name": "Minimize the admission of containers wishing to share the host process ID namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.4": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.4", + "name": "Minimize the admission of containers wishing to share the host IPC namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.5": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.5", + "name": "Minimize the admission of containers wishing to share the host network namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.6": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.6", + "name": "Minimize the admission of containers with allowPrivilegeEscalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.7": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.7", + "name": "Minimize the admission of root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.8": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.8", + "name": "Minimize the admission of containers with the NET_RAW capability", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.9": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.9", + "name": "Minimize the admission of containers with added capabilities", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.3.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.3.2", + "name": "Ensure that all Namespaces have Network Policies defined", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.4.1": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-5.7.1": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.1", + "name": "Create administrative boundaries between resources using namespaces", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.7.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "CIS-5.7.3": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 8 + }, + "CIS-5.7.4": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 7, + "failedResources": 27, + "excludedResources": 0 + }, + "score": 79.411766, + "scoreFactor": 4 + } + }, + "status": "failed", + "frameworks": [ + { + "controls": { + "C-0004": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0004", + "name": "Resources memory limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0018": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0018", + "name": "Configured readiness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 3 + }, + "C-0044": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 4 + }, + "C-0050": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0056": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0056", + "name": "Configured liveness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 13, + "failedResources": 2, + "excludedResources": 0 + }, + "score": 13.333333, + "scoreFactor": 4 + }, + "C-0061": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0061", + "name": "Pods in default namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 3, + "failedResources": 12, + "excludedResources": 0 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0073": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0073", + "name": "Naked PODs", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0074": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0075": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0076": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0076", + "name": "Label usage for resources", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 13, + "excludedResources": 0 + }, + "score": 86.666664, + "scoreFactor": 2 + }, + "C-0077": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0077", + "name": "K8s common labels usage", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 2 + } + }, + "name": "DevOpsBest", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 16.747967 + }, + { + "controls": { + "C-0001": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 12, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0005": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0005", + "name": "Control plane hardening", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0006": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0006", + "name": "Allowed hostPath", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 6 + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0013": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0016": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0017": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0034": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 6 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0038": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0041": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0044": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 4 + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0047": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0047", + "name": "Exposed dashboard", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0049": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0049", + "name": "Network mapping", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 3 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0060": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0060", + "name": "Namespace without service accounts", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0061": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0061", + "name": "Pods in default namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 3, + "failedResources": 12, + "excludedResources": 0 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0062": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0063": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0065": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0065", + "name": "No impersonation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0066": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0078": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0078", + "name": "Images from allowed registry", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 5 + }, + "C-0079": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0079", + "name": "CVE-2022-0185-linux-kernel-container-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0081": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0081", + "name": "CVE-2022-24348-argocddirtraversal", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0083": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0083", + "name": "Workloads with Critical vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0084": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0084", + "name": "Workloads with RCE vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0085": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0085", + "name": "Workloads with excessive amount of vulnerabilities", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0086": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 4 + }, + "C-0087": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0087", + "name": "CVE-2022-23648-containerd-fs-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0089": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0089", + "name": "CVE-2022-3172-aggregated-API-server-redirect", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + } + }, + "name": "ArmoBest", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 7, + "failedResources": 16, + "excludedResources": 4 + }, + "score": 29.317932 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0007": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 21, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 6, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 7 + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0031": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0039": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0042": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0045": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0047": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0047", + "name": "Exposed dashboard", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0053": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 4, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "name": "MITRE", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 15, + "failedResources": 8, + "excludedResources": 2 + }, + "score": 10.858586 + }, + { + "controls": { + "CIS-1.1.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.1", + "name": "Ensure that the API server pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.10", + "name": "Ensure that the Container Network Interface file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.11", + "name": "Ensure that the etcd data directory permissions are set to 700 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.12", + "name": "Ensure that the etcd data directory ownership is set to etcd:etcd", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.13", + "name": "Ensure that the admin.conf file permissions are set to 600", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.14": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.14", + "name": "Ensure that the admin.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.1.15": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.15", + "name": "Ensure that the scheduler.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.16": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.16", + "name": "Ensure that the scheduler.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.17": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.17", + "name": "Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.18": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.18", + "name": "Ensure that the controller-manager.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.19": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.19", + "name": "Ensure that the Kubernetes PKI directory and file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.2", + "name": "Ensure that the API server pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.20": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.20", + "name": "Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.21": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.21", + "name": "Ensure that the Kubernetes PKI key file permissions are set to 600", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.1.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.3", + "name": "Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.4", + "name": "Ensure that the controller manager pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.5", + "name": "Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.6", + "name": "Ensure that the scheduler pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.7", + "name": "Ensure that the etcd pod specification file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.8", + "name": "Ensure that the etcd pod specification file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.1.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.1.9", + "name": "Ensure that the Container Network Interface file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.1", + "name": "Ensure that the API Server --anonymous-auth argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.10", + "name": "Ensure that the admission control plugin AlwaysAdmit is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.11", + "name": "Ensure that the admission control plugin AlwaysPullImages is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.12", + "name": "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.13", + "name": "Ensure that the admission control plugin ServiceAccount is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.14": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.14", + "name": "Ensure that the admission control plugin NamespaceLifecycle is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.15": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.15", + "name": "Ensure that the admission control plugin NodeRestriction is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.16": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.16", + "name": "Ensure that the API Server --secure-port argument is not set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.17": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.17", + "name": "Ensure that the API Server --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.2.18": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.18", + "name": "Ensure that the API Server --audit-log-path argument is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.19": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.19", + "name": "Ensure that the API Server --audit-log-maxage argument is set to 30 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.2", + "name": "Ensure that the API Server --token-auth-file parameter is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.20": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.20", + "name": "Ensure that the API Server --audit-log-maxbackup argument is set to 10 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.21": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.21", + "name": "Ensure that the API Server --audit-log-maxsize argument is set to 100 or as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.22": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.22", + "name": "Ensure that the API Server --request-timeout argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.23": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.23", + "name": "Ensure that the API Server --service-account-lookup argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.2.24": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.24", + "name": "Ensure that the API Server --service-account-key-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.25": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.25", + "name": "Ensure that the API Server --etcd-certfile and --etcd-keyfile arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.26": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.26", + "name": "Ensure that the API Server --tls-cert-file and --tls-private-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.27": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.27", + "name": "Ensure that the API Server --client-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.28": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.28", + "name": "Ensure that the API Server --etcd-cafile argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.29": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.29", + "name": "Ensure that the API Server --encryption-provider-config argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.3", + "name": "Ensure that the API Server --DenyServiceExternalIPs is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.2.30": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.30", + "name": "Ensure that encryption providers are appropriately configured", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.31": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.31", + "name": "Ensure that the API Server only makes use of Strong Cryptographic Ciphers", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.4", + "name": "Ensure that the API Server --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.5", + "name": "Ensure that the API Server --kubelet-certificate-authority argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.6", + "name": "Ensure that the API Server --authorization-mode argument is not set to AlwaysAllow", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.7", + "name": "Ensure that the API Server --authorization-mode argument includes Node", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.2.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.8", + "name": "Ensure that the API Server --authorization-mode argument includes RBAC", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-1.2.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.2.9", + "name": "Ensure that the admission control plugin EventRateLimit is set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.1", + "name": "Ensure that the Controller Manager --terminated-pod-gc-threshold argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.2", + "name": "Ensure that the Controller Manager --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.3.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.3", + "name": "Ensure that the Controller Manager --use-service-account-credentials argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-1.3.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.4", + "name": "Ensure that the Controller Manager --service-account-private-key-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.3.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.5", + "name": "Ensure that the Controller Manager --root-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-1.3.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.6", + "name": "Ensure that the Controller Manager RotateKubeletServerCertificate argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-1.3.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.3.7", + "name": "Ensure that the Controller Manager --bind-address argument is set to 127.0.0.1", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-1.4.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.4.1", + "name": "Ensure that the Scheduler --profiling argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-1.4.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-1.4.2", + "name": "Ensure that the Scheduler --bind-address argument is set to 127.0.0.1", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.1", + "name": "Ensure that the --cert-file and --key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.2", + "name": "Ensure that the --client-cert-auth argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.3", + "name": "Ensure that the --auto-tls argument is not set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.4", + "name": "Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.5", + "name": "Ensure that the --peer-client-cert-auth argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.6", + "name": "Ensure that the --peer-auto-tls argument is not set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-2.7", + "name": "Ensure that a unique Certificate Authority is used for etcd", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-4.1.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.1", + "name": "Ensure that the kubelet service file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.10", + "name": "If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.2", + "name": "Ensure that the kubelet service file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.3", + "name": "If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.4", + "name": "If proxy kubeconfig file exists ensure ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.5", + "name": "Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.6", + "name": "Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.1.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.7", + "name": "Ensure that the certificate authorities file permissions are set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.8", + "name": "Ensure that the client certificate authorities file ownership is set to root:root", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.1.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.1.9", + "name": "If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.1": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.1", + "name": "Ensure that the --anonymous-auth argument is set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.10": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.10", + "name": "Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-4.2.11": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.11", + "name": "Ensure that the --rotate-certificates argument is not set to false", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.12": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.12", + "name": "Verify that the RotateKubeletServerCertificate argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.13": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.13", + "name": "Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-4.2.2": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.2", + "name": "Ensure that the --authorization-mode argument is not set to AlwaysAllow", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.3": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.3", + "name": "Ensure that the --client-ca-file argument is set as appropriate", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-4.2.4": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.4", + "name": "Verify that the --read-only-port argument is set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-4.2.5": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.5", + "name": "Ensure that the --streaming-connection-idle-timeout argument is not set to 0", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.6": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.6", + "name": "Ensure that the --protect-kernel-defaults argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "CIS-4.2.7": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.7", + "name": "Ensure that the --make-iptables-util-chains argument is set to true", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.8": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.8", + "name": "Ensure that the --hostname-override argument is not set", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "CIS-4.2.9": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "CIS-4.2.9", + "name": "Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "CIS-5.1.1": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.1", + "name": "Ensure that the cluster-admin role is only used where required", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 5, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "CIS-5.1.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.2", + "name": "Minimize access to secrets", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 6, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 6 + }, + "CIS-5.1.3": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.3", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "CIS-5.1.4": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.4", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "CIS-5.1.5": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.5", + "name": "Ensure that default service accounts are not actively used", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.1.6": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.1.6", + "name": "Ensure that Service Account Tokens are only mounted where necessary", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 5 + }, + "CIS-5.1.8": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.1.8", + "name": "Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "CIS-5.2.1": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.1", + "name": "Ensure that the cluster has at least one active policy control mechanism in place", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.2.10": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.10", + "name": "Minimize the admission of containers with capabilities assigned", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.11": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.11", + "name": "Minimize the admission of Windows HostProcess Containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 7 + }, + "CIS-5.2.12": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.12", + "name": "Minimize the admission of HostPath volumes", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.13": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.13", + "name": "Minimize the admission of containers which use HostPorts", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.2.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.2", + "name": "Minimize the admission of privileged containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 8 + }, + "CIS-5.2.3": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.3", + "name": "Minimize the admission of containers wishing to share the host process ID namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.4": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.4", + "name": "Minimize the admission of containers wishing to share the host IPC namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.5": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.5", + "name": "Minimize the admission of containers wishing to share the host network namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.2.6": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.6", + "name": "Minimize the admission of containers with allowPrivilegeEscalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.7": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.7", + "name": "Minimize the admission of root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.8": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.8", + "name": "Minimize the admission of containers with the NET_RAW capability", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 6 + }, + "CIS-5.2.9": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.2.9", + "name": "Minimize the admission of containers with added capabilities", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.3.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.3.2", + "name": "Ensure that all Namespaces have Network Policies defined", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "CIS-5.4.1": { + "statusInfo": { + "status": "passed" + }, + "controlID": "CIS-5.4.1", + "name": "Prefer using secrets as files over secrets as environment variables", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "CIS-5.7.1": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.1", + "name": "Create administrative boundaries between resources using namespaces", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 5 + }, + "CIS-5.7.2": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.2", + "name": "Ensure that the seccomp profile is set to docker/default in your pod definitions", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "CIS-5.7.3": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.3", + "name": "Apply Security Context to Your Pods and Containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 8 + }, + "CIS-5.7.4": { + "statusInfo": { + "status": "failed" + }, + "controlID": "CIS-5.7.4", + "name": "The default namespace should not be used", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 7, + "failedResources": 27, + "excludedResources": 0 + }, + "score": 79.411766, + "scoreFactor": 4 + } + }, + "name": "CIS", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 2, + "failedResources": 37, + "excludedResources": 4 + }, + "score": 43.612335 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0005": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0005", + "name": "Control plane hardening", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0006": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0006", + "name": "Allowed hostPath", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 6 + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0013": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0016": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0017": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0034": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 6 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0038": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0041": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0044": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 4 + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0047": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0047", + "name": "Exposed dashboard", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "name": "NSA", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 7, + "failedResources": 16, + "excludedResources": 4 + }, + "score": 26.9876 + }, + { + "controls": { + "C-0001": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0001", + "name": "Forbidden Container Registries", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 12, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0004": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0004", + "name": "Resources memory limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0005": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0005", + "name": "Control plane hardening", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0006": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0006", + "name": "Allowed hostPath", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 6 + }, + "C-0007": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0013": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 21, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 6, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 7 + }, + "C-0016": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0017": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0018": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0018", + "name": "Configured readiness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 3 + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 6 + }, + "C-0031": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0034": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 2, + "excludedResources": 2 + }, + "score": 11.111111, + "scoreFactor": 6 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0038": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0039": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0041": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 7 + }, + "C-0042": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0044": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 4 + }, + "C-0045": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0047": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0047", + "name": "Exposed dashboard", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0049": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0049", + "name": "Network mapping", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 3 + }, + "C-0050": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0050", + "name": "Resources CPU limit and request", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0053": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 4, + "excludedResources": 0 + }, + "score": 100, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "excludedResources": 2 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 4 + }, + "C-0056": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0056", + "name": "Configured liveness probe", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 13, + "failedResources": 2, + "excludedResources": 0 + }, + "score": 13.333333, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 14, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 6.6666665, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0060": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0060", + "name": "Namespace without service accounts", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 1, + "excludedResources": 0 + }, + "score": 33.333332, + "scoreFactor": 4 + }, + "C-0061": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0061", + "name": "Pods in default namespace", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 3, + "failedResources": 12, + "excludedResources": 0 + }, + "score": 80, + "scoreFactor": 3 + }, + "C-0062": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0062", + "name": "Sudo in container entrypoint", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0063": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0065": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0065", + "name": "No impersonation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 6, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0066": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 9 + }, + "C-0073": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0073", + "name": "Naked PODs", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0074": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0074", + "name": "Containers mounting Docker socket", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0075": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0075", + "name": "Image pull policy on latest tag", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 15, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0076": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0076", + "name": "Label usage for resources", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 13, + "excludedResources": 0 + }, + "score": 86.666664, + "scoreFactor": 2 + }, + "C-0077": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0077", + "name": "K8s common labels usage", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 2 + }, + "C-0078": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0078", + "name": "Images from allowed registry", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 13, + "excludedResources": 2 + }, + "score": 86.666664, + "scoreFactor": 5 + }, + "C-0079": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0079", + "name": "CVE-2022-0185-linux-kernel-container-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0081": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0081", + "name": "CVE-2022-24348-argocddirtraversal", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0083": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0083", + "name": "Workloads with Critical vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0084": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0084", + "name": "Workloads with RCE vulnerabilities exposed to external traffic", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0085": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0085", + "name": "Workloads with excessive amount of vulnerabilities", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0086": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0086", + "name": "CVE-2022-0492-cgroups-container-escape", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 12, + "excludedResources": 2 + }, + "score": 80, + "scoreFactor": 4 + }, + "C-0087": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0087", + "name": "CVE-2022-23648-containerd-fs-escape", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0088": { + "statusInfo": { + "status": "irrelevant" + }, + "controlID": "C-0088", + "name": "RBAC enabled", + "status": "irrelevant", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "scoreFactor": 7 + } + }, + "name": "AllControls", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 2, + "failedResources": 22, + "excludedResources": 4 + }, + "score": 23.911491 + } + ], + "severityCounters": { + "criticalSeverity": 0, + "highSeverity": 26, + "mediumSeverity": 151, + "lowSeverity": 52 + }, + "ResourceCounters": { + "passedResources": 3, + "failedResources": 37, + "excludedResources": 4 + }, + "score": 28.733154 + }, + "paginationInfo": { + "chunkNumber": 0, + "isLastChunk": false + } +} \ No newline at end of file diff --git a/unittests/scans/kubescape/results.json b/unittests/scans/kubescape/results.json new file mode 100644 index 00000000000..8831ec2f8be --- /dev/null +++ b/unittests/scans/kubescape/results.json @@ -0,0 +1,2838 @@ +{ + "generationTime": "0001-01-01T00:00:00Z", + "clusterAPIServerInfo": null, + "clusterCloudProvider": "", + "customerGUID": "", + "clusterName": "", + "reportGUID": "", + "jobID": "", + "summaryDetails": { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 2, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0016": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0017": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0030": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0031": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0034": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0037": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0042": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0044": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0045": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0053": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0055": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0063": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + }, + "C-0187": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0187", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0188": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0188", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0260": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0260", + "name": "Missing network policy", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0262": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0262", + "name": "Anonymous access enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Control plane", + "id": "Cat-1", + "subCategory": { + "name": "Supply chain", + "id": "Cat-6" + } + } + } + }, + "status": "passed", + "frameworks": [ + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0063": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0187": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0187", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0188": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0188", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0260": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0260", + "name": "Missing network policy", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0262": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0262", + "name": "Anonymous access enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Control plane", + "id": "Cat-1", + "subCategory": { + "name": "Supply chain", + "id": "Cat-6" + } + } + } + }, + "name": "ClusterScan", + "status": "passed", + "version": "", + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "complianceScore": 100 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 2, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0031": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0037": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0042": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0045": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0053": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + } + }, + "name": "MITRE", + "status": "passed", + "version": "", + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "complianceScore": 100 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0016": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0017": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0030": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0034": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0044": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0055": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + } + }, + "name": "NSA", + "status": "passed", + "version": "", + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "complianceScore": 100 + } + ], + "resourcesSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 0, + "lowSeverity": 0 + }, + "controlsSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 0, + "lowSeverity": 0 + }, + "ResourceCounters": { + "passedResources": 2, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "complianceScore": 100 + }, + "resources": [ + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "nginx" + }, + "name": "nginx-deployment" + }, + "sourcePath": "nginx.yaml:0", + "spec": { + "replicas": 3, + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "template": { + "metadata": { + "annotations": { + "container.apparmor.security.beta.kubernetes.io/nginx": "runtime/default", + "seccomp.security.alpha.kubernetes.io/pod": "runtime/default" + }, + "labels": { + "app": "nginx" + } + }, + "spec": { + "containers": [ + { + "name": "nginx", + "image": "nginx:alpine", + "ports": [ + { + "containerPort": 80 + } + ], + "resources": { + "limits": { + "cpu": "500m", + "memory": "128Mi" + }, + "requests": { + "cpu": "250m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 80 + }, + "initialDelaySeconds": 30, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 80 + }, + "initialDelaySeconds": 30, + "periodSeconds": 10 + }, + "securityContext": { + "capabilities": { + "drop": [ + "ALL" + ] + }, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false + } + } + ], + "securityContext": { + "runAsGroup": 1000, + "runAsNonRoot": true, + "runAsUser": 1000, + "seLinuxOptions": { + "level": "s0:c123,c456" + } + } + } + } + } + }, + "source": { + "path": "/home/administrator/k8s-kubescape-test", + "relativePath": "nginx.yaml", + "fileType": "YAML", + "lastCommit": { + "date": "0001-01-01T00:00:00Z" + } + } + }, + { + "resourceID": "path=983602065/api=networking.k8s.io/v1/default/NetworkPolicy/nginx-network-policy", + "object": { + "apiVersion": "networking.k8s.io/v1", + "kind": "NetworkPolicy", + "metadata": { + "name": "nginx-network-policy", + "namespace": "default" + }, + "sourcePath": "nginx.yaml:1", + "spec": { + "egress": [ + { + "to": [ + { + "podSelector": {} + } + ] + } + ], + "ingress": [ + { + "from": [ + { + "podSelector": {} + } + ], + "ports": [ + { + "port": 80, + "protocol": "TCP" + } + ] + } + ], + "podSelector": { + "matchLabels": { + "app": "nginx" + } + }, + "policyTypes": [ + "Ingress", + "Egress" + ] + } + }, + "source": { + "path": "/home/administrator/k8s-kubescape-test", + "relativePath": "nginx.yaml", + "fileType": "YAML", + "lastCommit": { + "date": "0001-01-01T00:00:00Z" + } + } + } + ], + "attributes": null, + "results": [ + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "controls": [ + { + "controlID": "C-0044", + "name": "Container hostPort", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "container-hostPort", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "non-root-containers", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "resource-policies", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0260", + "name": "Missing network policy", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "ensure_network_policy_configured_in_labels", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "host-network-access", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "automount-service-account", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "passed" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValues": [ + "BEGIN \\w+ PRIVATE KEY", + "PRIVATE KEY", + "eyJhbGciO", + "JWT", + "Bearer", + "_key_", + "_secret_" + ] + }, + "name": "rule-credentials-in-env-var", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": { + "status": "passed" + }, + "rules": [ + { + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + }, + "name": "insecure-capabilities", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "linux-hardening", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + } + ] + }, + { + "resourceID": "path=983602065/api=networking.k8s.io/v1/default/NetworkPolicy/nginx-network-policy", + "controls": [ + { + "controlID": "C-0260", + "name": "Missing network policy", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "ensure_network_policy_configured_in_labels", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "passed", + "subStatus": "" + } + ] + } + ] + } + ], + "metadata": { + "targetMetadata": { + "gitRepoContextMetadata": { + "provider": "none", + "repo": "file@/home/administrator/k8s-kubescape-test/nginx.yaml", + "owner": "ubu", + "branch": "none", + "defaultBranch": "none", + "lastCommit": { + "date": "0001-01-01T00:00:00Z" + }, + "localRootPath": "/home/administrator/k8s-kubescape-test/nginx.yaml" + }, + "fileContextMetadata": { + "filePath": "/home/administrator/k8s-kubescape-test/nginx.yaml", + "hostName": "ubu" + } + }, + "clusterMetadata": {}, + "scanMetadata": { + "targetType": "Framework", + "kubescapeVersion": "v3.0.3", + "formatVersion": "v2", + "formats": [ + "json" + ], + "targetNames": [ + "clusterscan", + "mitre", + "nsa" + ], + "failThreshold": 100, + "scanningTarget": 1 + } + }, + "paginationInfo": { + "chunkNumber": 0, + "isLastChunk": false + }, + "customerGUIDGenerated": false +} \ No newline at end of file diff --git a/unittests/scans/kubescape/with_a_failure.json b/unittests/scans/kubescape/with_a_failure.json new file mode 100644 index 00000000000..979d65352ad --- /dev/null +++ b/unittests/scans/kubescape/with_a_failure.json @@ -0,0 +1,2782 @@ +{ + "generationTime": "0001-01-01T00:00:00Z", + "clusterAPIServerInfo": null, + "clusterCloudProvider": "", + "customerGUID": "", + "clusterName": "", + "reportGUID": "", + "jobID": "", + "summaryDetails": { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 2, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0016": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0017": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 6, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0031": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0034": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0037": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0042": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0044": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0045": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0053": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0063": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + }, + "C-0187": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0187", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0188": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0188", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0260": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0260", + "name": "Missing network policy", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 5, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0262": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0262", + "name": "Anonymous access enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Control plane", + "id": "Cat-1", + "subCategory": { + "name": "Supply chain", + "id": "Cat-6" + } + } + } + }, + "status": "failed", + "frameworks": [ + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0063": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0063", + "name": "Portforwarding privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0187": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0187", + "name": "Minimize wildcard use in Roles and ClusterRoles", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0188": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0188", + "name": "Minimize access to create pods", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0260": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0260", + "name": "Missing network policy", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 5, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0262": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0262", + "name": "Anonymous access enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Control plane", + "id": "Cat-1", + "subCategory": { + "name": "Supply chain", + "id": "Cat-6" + } + } + } + }, + "name": "ClusterScan", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 10.416666, + "complianceScore": 93.333336 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0007": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 2, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0015": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0031": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0037": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0042": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0045": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0048": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Storage", + "id": "Cat-8" + } + } + }, + "C-0053": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0053", + "name": "Access container service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + } + }, + "name": "MITRE", + "status": "passed", + "version": "", + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0, + "complianceScore": 100 + }, + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 5, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0009": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0009", + "name": "Resource limits", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0012": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0013": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0013", + "name": "Non-root containers", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0016": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0017": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 3, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0030": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 6, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0034": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Secrets", + "id": "Cat-3" + } + }, + "C-0035": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 6, + "category": { + "name": "Access control", + "id": "Cat-2" + } + }, + "C-0038": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0041": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0041", + "name": "HostNetwork access", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Network", + "id": "Cat-4" + } + } + }, + "C-0044": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0044", + "name": "Container hostPort", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0046": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 7, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0054": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 4, + "category": { + "name": "Network", + "id": "Cat-4" + } + }, + "C-0055": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0055", + "name": "Linux hardening", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 100, + "complianceScore": 0, + "scoreFactor": 4, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0057": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 1, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5", + "subCategory": { + "name": "Node escape", + "id": "Cat-9" + } + } + }, + "C-0059": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 8, + "category": { + "name": "Workload", + "id": "Cat-5" + } + }, + "C-0068": { + "statusInfo": { + "status": "passed", + "subStatus": "irrelevant" + }, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "complianceScore": 100, + "scoreFactor": 1, + "category": { + "name": "Control plane", + "id": "Cat-1" + } + } + }, + "name": "NSA", + "status": "failed", + "version": "", + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 12.658227, + "complianceScore": 88.888885 + } + ], + "resourcesSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 3, + "lowSeverity": 0 + }, + "controlsSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 3, + "lowSeverity": 0 + }, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 1, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 14.285713, + "complianceScore": 90.90909 + }, + "resources": [ + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "object": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "nginx" + }, + "name": "nginx-deployment" + }, + "sourcePath": "nginx.yaml:0", + "spec": { + "replicas": 3, + "selector": { + "matchLabels": { + "app": "nginx" + } + }, + "template": { + "metadata": { + "labels": { + "app": "nginx" + } + }, + "spec": { + "containers": [ + { + "name": "nginx", + "image": "nginx:latest", + "ports": [ + { + "containerPort": 80 + } + ], + "resources": { + "limits": { + "cpu": "500m", + "memory": "128Mi" + }, + "requests": { + "cpu": "250m", + "memory": "64Mi" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 80 + }, + "initialDelaySeconds": 30, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 80 + }, + "initialDelaySeconds": 30, + "periodSeconds": 10 + }, + "securityContext": { + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false + } + } + ], + "securityContext": { + "runAsNonRoot": true, + "runAsUser": 1000 + } + } + } + } + }, + "source": { + "path": "/home/administrator/k8s-kubescape-test", + "relativePath": "nginx.yaml", + "fileType": "YAML", + "lastCommit": { + "date": "0001-01-01T00:00:00Z" + } + } + } + ], + "attributes": null, + "results": [ + { + "prioritizedResource": { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "priorityVector": [ + { + "attackTrackName": "workload-external-track", + "type": "control", + "vector": [ + { + "controlID": "C-0260", + "category": "Lateral Movement (Network)", + "tags": [ + "security" + ] + } + ], + "score": 6.5, + "severity": 2 + } + ], + "score": 6.5, + "severity": 2 + }, + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "controls": [ + { + "controlID": "C-0038", + "name": "Host PID/IPC privileges", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "host-pid-ipc-privileges", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0017", + "name": "Immutable container filesystem", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "immutable-container-filesystem", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0030", + "name": "Ingress and Egress blocked", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "ingress-and-egress-blocked", + "status": "failed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0055", + "name": "Linux hardening", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "linux-hardening", + "status": "failed", + "subStatus": "", + "paths": [ + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seccompProfile", + "value": "YOUR_VALUE" + } + }, + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.seLinuxOptions", + "value": "YOUR_VALUE" + } + }, + { + "resourceID": "path=966824446/api=apps/v1//Deployment/nginx-deployment", + "fixPath": { + "path": "spec.template.spec.containers[0].securityContext.capabilities.drop[0]", + "value": "YOUR_VALUE" + } + } + ] + } + ] + }, + { + "controlID": "C-0013", + "name": "Non-root containers", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "non-root-containers", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0046", + "name": "Insecure capabilities", + "status": { + "status": "passed" + }, + "rules": [ + { + "controlConfigurations": { + "insecureCapabilities": [ + "SETPCAP", + "NET_ADMIN", + "NET_RAW", + "SYS_MODULE", + "SYS_RAWIO", + "SYS_PTRACE", + "SYS_ADMIN", + "SYS_BOOT", + "MAC_OVERRIDE", + "MAC_ADMIN", + "PERFMON", + "ALL", + "BPF" + ] + }, + "name": "insecure-capabilities", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0041", + "name": "HostNetwork access", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "host-network-access", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0009", + "name": "Resource limits", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "resource-policies", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0034", + "name": "Automatic mapping of service account", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "automount-service-account", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "passed" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValues": [ + "BEGIN \\w+ PRIVATE KEY", + "PRIVATE KEY", + "eyJhbGciO", + "JWT", + "Bearer", + "_key_", + "_secret_" + ] + }, + "name": "rule-credentials-in-env-var", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0260", + "name": "Missing network policy", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "ensure_network_policy_configured_in_labels", + "status": "failed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0044", + "name": "Container hostPort", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "container-hostPort", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0016", + "name": "Allow privilege escalation", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-allow-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + } + ] + } + ], + "metadata": { + "targetMetadata": { + "gitRepoContextMetadata": { + "provider": "none", + "repo": "file@/home/administrator/k8s-kubescape-test/nginx.yaml", + "owner": "ubu", + "branch": "none", + "defaultBranch": "none", + "lastCommit": { + "date": "0001-01-01T00:00:00Z" + }, + "localRootPath": "/home/administrator/k8s-kubescape-test/nginx.yaml" + }, + "fileContextMetadata": { + "filePath": "/home/administrator/k8s-kubescape-test/nginx.yaml", + "hostName": "ubu" + } + }, + "clusterMetadata": {}, + "scanMetadata": { + "targetType": "Framework", + "kubescapeVersion": "v3.0.3", + "formatVersion": "v2", + "formats": [ + "json" + ], + "targetNames": [ + "clusterscan", + "mitre", + "nsa" + ], + "failThreshold": 100, + "scanningTarget": 1 + } + }, + "paginationInfo": { + "chunkNumber": 0, + "isLastChunk": false + }, + "customerGUIDGenerated": false +} \ No newline at end of file diff --git a/unittests/scans/whitesource_sample/cli_generated_many_vulns.json b/unittests/scans/mend/cli_generated_many_vulns.json similarity index 100% rename from unittests/scans/whitesource_sample/cli_generated_many_vulns.json rename to unittests/scans/mend/cli_generated_many_vulns.json diff --git a/unittests/scans/whitesource_sample/okhttp_many_vuln.json b/unittests/scans/mend/okhttp_many_vuln.json similarity index 100% rename from unittests/scans/whitesource_sample/okhttp_many_vuln.json rename to unittests/scans/mend/okhttp_many_vuln.json diff --git a/unittests/scans/whitesource_sample/okhttp_no_vuln.json b/unittests/scans/mend/okhttp_no_vuln.json similarity index 100% rename from unittests/scans/whitesource_sample/okhttp_no_vuln.json rename to unittests/scans/mend/okhttp_no_vuln.json diff --git a/unittests/scans/mend/okhttp_one_vuln.json b/unittests/scans/mend/okhttp_one_vuln.json new file mode 100644 index 00000000000..f251547dbf0 --- /dev/null +++ b/unittests/scans/mend/okhttp_one_vuln.json @@ -0,0 +1,72 @@ +{ + "vulnerabilities":[ +{ + "name":"CVE-2019-9658", + "type":"CVE", + "severity":"medium", + "score":"5.0", + "cvss3_severity":"MEDIUM", + "cvss3_score":"5.3", + "publishDate":"2019-03-11", + "lastUpdatedDate":"2019-05-21", + "scoreMetadataVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name\u003dCVE-2019-9658", + "description":"Checkstyle before 8.18 loads external DTDs by default.", + "project":"slack", + "product":"okhttp", + "cvss3Attributes":{ + "attackVector":"NETWORK", + "attackComplexity":"LOW", + "userInteraction":"NONE", + "privilegesRequired":"NONE", + "scope":"UNCHANGED", + "confidentialityImpact":"LOW", + "integrityImpact":"NONE", + "availabilityImpact":"NONE" + }, + "library":{ + "keyUuid":"31e26373-8f25-4c7c-9ada-63a688494afb", + "filename":"checkstyle-8.15.jar", + "name":"checkstyle", + "groupId":"com.puppycrawl.tools", + "artifactId":"checkstyle", + "version":"8.15", + "sha1":"8584d88c6aefcfb079adb8d102928b3eeb4de6ad", + "type":"MAVEN_ARTIFACT", + "description":"Checkstyle is a development tool to help programmers write Java code\n that adheres to a coding standard", + "architecture":"", + "languageVersion":"" + }, + "topFix":{ + "vulnerability":"CVE-2019-9658", + "type":"UPGRADE_VERSION", + "origin":"WHITESOURCE_EXPERT", + "url":"https://github.com/checkstyle/checkstyle/issues/6474", + "fixResolution":"Upgrade To Version checkstyle-8.18", + "date":"2019-03-11 05:29:01", + "message":"Upgrade To Version" + }, + "allFixes":[ + { + "vulnerability":"CVE-2019-9658", + "type":"UPGRADE_VERSION", + "origin":"WHITESOURCE_EXPERT", + "url":"https://github.com/checkstyle/checkstyle/issues/6474", + "fixResolution":"Upgrade To Version checkstyle-8.18", + "date":"2019-03-11 05:29:01", + "message":"Upgrade To Version" + }, + { + "vulnerability":"CVE-2019-9658", + "type":"CHANGE_FILES", + "origin":"GITHUB_COMMIT", + "url":"https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6", + "fixResolution":"Replace or update the following files: XmlLoader.java, ConfigurationLoaderTest.java, config_reporting.xml, pmd.xml, pom.xml, XmlLoaderTest.java", + "date":"2019-02-25 00:00:00", + "message":"Issue #6474: disable external dtd load by default", + "extraData":"key\u003d180b4fe\u0026committerName\u003dromani\u0026committerUrl\u003dhttps://github.com/romani\u0026committerAvatar\u003dhttps://avatars3.githubusercontent.com/u/812984?v\u003d4" + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/microfocus_webinspect/issue_7690.xml b/unittests/scans/microfocus_webinspect/issue_7690.xml new file mode 100644 index 00000000000..fc64093c0c9 --- /dev/null +++ b/unittests/scans/microfocus_webinspect/issue_7690.xml @@ -0,0 +1,38859 @@ +http://zero.webappsecurity.com:80/httpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
    Autocomplete Security]]>    Vulnerability11551113091Web Server Misconfiguration: Insecure Content-Type SettingCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-116: Improper Encoding or Escaping of OutputEnvironmentWeb Server Misconfiguration: Insecure Content-Type SettingSummaryContent-Type specified by the application in specific cases or ignoring the content when no mime type is specified. Inconsistencies introduced by the mime sniffing techniques could allow attackers to conduct Cross-Site Scripting attacks or steal sensitive user data. WebInspect has determined that the application fails to instruct the browser to strictly enforce the Content-Type specification supplied in the response.

    +Web server misconfiguration can cause an application to send HTTP responses with the missing Content-Type header or specify a mime type that does not match up accurately with the response content. When a browser receives such a response, it attempts to programmatically determine the mime type based on the content returned in the response. The mime type derived by the browser, however, might not accurately match the one intended by the application developer. Such inconsistencies have historically allowed attackers to conduct Cross-Site Scripting or data theft using Cascading Style Sheets (CSS) by letting them bypass server-side filters using mime type checking and yet have the malicious payload with misleading mime type specification executed on the client-side due to the browser mime sniffing policies.

    +Microsoft Internet Explorer (IE) introduced the X-Content-Type-Options: nosniff specification that application developers can include in all responses to ensure that mime sniffing does not occur on the client-side. This protection mechanism is limited to Microsoft Internet Explorer versions 9 and above.]]>    ImplicationExecution
      1. Build a test page that includes a reference to an external JavaScript or CSS resource
      2. Configure the server to return the external resource with an incorrect mime type specification
      3. Visit the test page using an old version of Microsoft’s Internet Explorer (version IE 8) browser
      4. Interpretation of the external content as JavaScript or CSS by the browser despite the misleading mime type specification indicates a potential for compromise.
    ]]>    FixX-Content-Type-Options: nosniff specification in the response headers. In addition, ensure that following safety precautions are also put in place: +
        1. Verify that the web server configuration will send the accurate mime type information in the Content-Type header of each HTTP response
        2. Configure the server to send a default Content-Type of text-plain or application/octet-stream to tackle failure scenarios
        3. Ensure that appropriate Character Set is specified in the Content-Type header
        4. Configure the server to send Content-Disposition: attachment; filename=name; for content without an explicit content type specification.
    ]]>    Reference InfoMicrosoft Internet Explorer:
    MIME-Handling Change: X-Content-Type-Options: nosniff
    MIME-Handling Changes in Internet Explorer

    OWASP:
    OWASP Testing Guide Appendix D: Encoded Injection
    List of Useful HTTP Headers

    CSS Data Theft:
    CVE-2010-0654]]>    Info11674116760HLI: Detected LibrariesSummary Hacker Level Insights provides developers and security professionals with more context relating to the overall security posture of their application. The version was detected to be in use by during this scan. While these findings do not necessarily represent a security vulnerability, it is important to note that attackers commonly perform reconnaissance of their target in an attempt to identify known weaknesses or patterns. Knowing what the hacker can see provides context which can help teams better secure their applications.
    ]]>    ImplicationExecutionFixReference Info    Best PracticesCUSTOM55460Compliance Failure: Missing Privacy PolicySecurity FeaturesCompliance Failure: Missing Privacy PolicySummaryA privacy policy was not supplied by the web application within the scope of this audit. Many legislative initiatives require that organizations place a publicly accessible document within their web application that defines their website’s privacy policy. As a general rule, these privacy policies must detail what information an organization collects, the purpose for collecting it, potential avenues of disclosure, and methods for addressing potential grievances.

    Various laws governing privacy policies include the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), the California Online Privacy Protection Act of 2003, European Union's Data Protection Directive and others.

    ]]>    ImplicationExecutionAll of the web pages accessible within the scope of the scan are sampled for textual content that often constitutes a privacy policy statement. A violation is reported upon completion of the web application crawl without a successful match against any of the web pages.

    Note that the privacy policy of your application could be located on another host or within a section of the site that was not configured as part of the scan. To validate, please try to access the privacy policy of your website and check to see if it was part of the scan.


    ]]>    Fix
    Descriptions:
    +Any standard web application privacy policy should include the following components: +
    • A description of the intended purpose for collecting the data.
    • A description of the use of the data.
    • Methods for limiting the use and disclosure of the information.
    • A list of the types of third parties to whom the information might be disclosed.
    • Contact information for inquires and complaints.
    ]]>    Reference InfoCalifornia Online Privacy Protection Act
    http://oag.ca.gov/privacy/COPPA

    National Conference of State Legislation
    http://www.ncsl.org/issues-research/telecom/state-laws-related-to-internet-privacy.aspx

    Gramm-Leach-Bliley Act
    http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf

    Health Insurance Portability and Accountability Act of 1996
    https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/downloads/HIPAALaw.pdf

    Health Insurance Portability and Accountability Act of 1996
    http://ec.europa.eu/justice/policies/privacy/docs/guide/guide-ukingdom_en.pdf

    ]]>     + + + + Zero - Personal Banking - Loans - Credit Cards + + + + + + + + + + + + + + + +
    +
    +
    +
    + Zero Bank + +
    +
      +
    • + +
      +
      • +
    • + +
      • +
    +
    +
    +
    +
    + + + +
    +
    +
    +
    + +
    + + +
    + +
    +
    + +
    +
    + +
    + +
    +
    +

    Online Banking

    +

    Click the button below to view online banking features.

    + More Services +
    +
    +
    +

    Checking Account Activity

    +

    Use Zero to view the most up-to-date listings of your deposits, withdrawals, interest payments, and a number of other useful transactions. +

    +
    +
    +
    +
    +

    Transfer Funds

    +

    Use Zero to safely and securely transfer funds between accounts. There is no hold placed on online money transfers, so your funds are available when you need them. +

    +
    +
    +
    +
    +

    My Money Map

    +

    Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently. With Money Map, you can create a budget, sort your finances into spending and savings categories, check the interest your accounts are earning, and gain new understanding of your patterns with the help of Zero’s clear charts and graphs. +

    +
    +
    +
    + + +
    +
    + +
    +
    + +
    +
    +
    +
    +
    +
      +
    • Download WebInspect
      • +
    +
    + +
    +
      +
    • Terms of Use
      • +
    +
    + +
    +
      +
    • Contact Micro Focus
      • +
    • Privacy Statement
      • + +
    +
    +
    + +
    +
    + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

    + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
    +
    +
    +
    +
    + + + + +]]>    GET/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
    Accept*/*
    Accept-Encodinggzip, deflate
    Pragmano-cache
    User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
    Hostzero.webappsecurity.com
    ConnectionKeep-Alive
    X-WIPPAscVersion=22.2.0.253
    X-Scan-MemoCategory="Crawl";SID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="ExternalAddedToCrawl";CrawlType="None";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="31";
    X-RequestManager-Memostid="11";stmi="0";sc="1";rid="d00ce063";
    X-Request-Memorid="e76fec68";sc="1";thid="24";
    CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0    HTTP/1.1200OK + + + + Zero - Personal Banking - Loans - Credit Cards + + + + + + + + + + + + + + + +
    +
    +
    +
    + Zero Bank + +
    +
      +
    • + +
      +
      • +
    • + +
      • +
    +
    +
    +
    +
    + + + +
    +
    +
    +
    + +
    + + +
    + +
    +
    + +
    +
    + +
    + +
    +
    +

    Online Banking

    +

    Click the button below to view online banking features.

    + More Services +
    +
    +
    +

    Checking Account Activity

    +

    Use Zero to view the most up-to-date listings of your deposits, withdrawals, interest payments, and a number of other useful transactions. +

    +
    +
    +
    +
    +

    Transfer Funds

    +

    Use Zero to safely and securely transfer funds between accounts. There is no hold placed on online money transfers, so your funds are available when you need them. +

    +
    +
    +
    +
    +

    My Money Map

    +

    Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently. With Money Map, you can create a budget, sort your finances into spending and savings categories, check the interest your accounts are earning, and gain new understanding of your patterns with the help of Zero’s clear charts and graphs. +

    +
    +
    +
    + + +
    +
    + +
    +
    + +
    +
    +
    +
    +
    +
      +
    • Download WebInspect
      • +
    +
    + +
    +
      +
    • Terms of Use
      • +
    +
    + +
    +
      +
    • Contact Micro Focus
      • +
    • Privacy Statement
      • + +
    +
    +
    + +
    +
    + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

    + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
    +
    +
    +
    +
    + + + + +]]>
    DateFri, 24 Feb 2023 14:01:38 GMT
    ServerApache-Coyote/1.1
    Access-Control-Allow-Origin*
    Cache-Controlno-cache, max-age=0, must-revalidate, no-store
    Content-Typetext/html;charset=UTF-8
    Content-Languageen-US
    Keep-Alivetimeout=5, max=100
    ConnectionKeep-Alive
    Content-Length12471
    /search.htmlsearchTermtextsearch-query
    http://zero.webappsecurity.com:80/resources/css/font-awesome.csshttpzero.webappsecurity.com80 .active > a > [class^="icon-"], +.nav-pills > .active > a > [class*=" icon-"], +.nav-list > .active > a > [class^="icon-"], +.nav-list > .active > a > [class*=" icon-"], +.navbar-inverse .nav > .active > a > [class^="icon-"], +.navbar-inverse .nav > .active > a > [class*=" icon-"], +.dropdown-menu > li > a:hover > [class^="icon-"], +.dropdown-menu > li > a:hover > [class*=" icon-"], +.dropdown-menu > .active > a > [class^="icon-"], +.dropdown-menu > .active > a > [class*=" icon-"], +.dropdown-submenu:hover > a > [class^="icon-"], +.dropdown-submenu:hover > a > [class*=" icon-"] { + background-image: none; +} +[class^="icon-"]:before, +[class*=" icon-"]:before { + text-decoration: inherit; + display: inline-block; + speak: none; +} +/* makes sure icons active on rollover in links */ +a [class^="icon-"], +a [class*=" icon-"] { + display: inline-block; +} +/* makes the font 33% larger relative to the icon container */ +.icon-large:before { + vertical-align: -10%; + font-size: 1.3333333333333333em; +} +.btn [class^="icon-"], +.nav [class^="icon-"], +.btn [class*=" icon-"], +.nav [class*=" icon-"] { + display: inline; + /* keeps button heights with and without icons the same */ + +} +.btn [class^="icon-"].icon-large, +.nav [class^="icon-"].icon-large, +.btn [class*=" icon-"].icon-large, +.nav [class*=" icon-"].icon-large { + line-height: .9em; +} +.btn [class^="icon-"].icon-spin, +.nav [class^="icon-"].icon-spin, +.btn [class*=" icon-"].icon-spin, +.nav [class*=" icon-"].icon-spin { + display: inline-block; +} +.nav-tabs [class^="icon-"], +.nav-pills [class^="icon-"], +.nav-tabs [class*=" icon-"], +.nav-pills [class*=" icon-"] { + /* keeps button heights with and without icons the same */ + +} +.nav-tabs [class^="icon-"], +.nav-pills [class^="icon-"], +.nav-tabs [class*=" icon-"], +.nav-pills [class*=" icon-"], +.nav-tabs [class^="icon-"].icon-large, +.nav-pills [class^="icon-"].icon-large, +.nav-tabs [class*=" icon-"].icon-large, +.nav-pills [class*=" icon-"].icon-large { + line-height: .9em; +} +li [class^="icon-"], +.nav li [class^="icon-"], +li [class*=" icon-"], +.nav li [class*=" icon-"] { + display: inline-block; + width: 1.25em; + text-align: center; +} +li [class^="icon-"].icon-large, +.nav li [class^="icon-"].icon-large, +li [class*=" icon-"].icon-large, +.nav li [class*=" icon-"].icon-large { + /* increased font size for icon-large */ + + width: 1.5625em; +} +ul.icons { + list-style-type: none; + text-indent: -0.75em; +} +ul.icons li [class^="icon-"], +ul.icons li [class*=" icon-"] { + width: .75em; +} +.icon-muted { + color: #eeeeee; +} +.icon-border { + border: solid 1px #eeeeee; + padding: .2em .25em .15em; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} +.icon-2x { + font-size: 2em; +} +.icon-2x.icon-border { + border-width: 2px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} +.icon-3x { + font-size: 3em; +} +.icon-3x.icon-border { + border-width: 3px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} +.icon-4x { + font-size: 4em; +} +.icon-4x.icon-border { + border-width: 4px; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; +} +.pull-right { + float: right; +} +.pull-left { + float: left; +} +[class^="icon-"].pull-left, +[class*=" icon-"].pull-left { + margin-right: .3em; +} +[class^="icon-"].pull-right, +[class*=" icon-"].pull-right { + margin-left: .3em; +} +.btn [class^="icon-"].pull-left.icon-2x, +.btn [class*=" icon-"].pull-left.icon-2x, +.btn [class^="icon-"].pull-right.icon-2x, +.btn [class*=" icon-"].pull-right.icon-2x { + margin-top: .18em; +} +.btn [class^="icon-"].icon-spin.icon-large, +.btn [class*=" icon-"].icon-spin.icon-large { + line-height: .8em; +} +.btn.btn-small [class^="icon-"].pull-left.icon-2x, +.btn.btn-small [class*=" icon-"].pull-left.icon-2x, +.btn.btn-small [class^="icon-"].pull-right.icon-2x, +.btn.btn-small [class*=" icon-"].pull-right.icon-2x { + margin-top: .25em; +} +.btn.btn-large [class^="icon-"], +.btn.btn-large [class*=" icon-"] { + margin-top: 0; +} +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x, +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-top: .05em; +} +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x { + margin-right: .2em; +} +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-left: .2em; +} +.icon-spin { + display: inline-block; + -moz-animation: spin 2s infinite linear; + -o-animation: spin 2s infinite linear; + -webkit-animation: spin 2s infinite linear; + animation: spin 2s infinite linear; +} +@-moz-keyframes spin { + 0% { -moz-transform: rotate(0deg); } + 100% { -moz-transform: rotate(359deg); } +} +@-webkit-keyframes spin { + 0% { -webkit-transform: rotate(0deg); } + 100% { -webkit-transform: rotate(359deg); } +} +@-o-keyframes spin { + 0% { -o-transform: rotate(0deg); } + 100% { -o-transform: rotate(359deg); } +} +@-ms-keyframes spin { + 0% { -ms-transform: rotate(0deg); } + 100% { -ms-transform: rotate(359deg); } +} +@keyframes spin { + 0% { transform: rotate(0deg); } + 100% { transform: rotate(359deg); } +} +@-moz-document url-prefix() { + .icon-spin { + height: .9em; + } + .btn .icon-spin { + height: auto; + } + .icon-spin.icon-large { + height: 1.25em; + } + .btn .icon-spin.icon-large { + height: .75em; + } +} +/* Font Awesome uses the Unicode Private Use Area (PUA) to ensure screen + readers do not read off random characters that represent icons */ +.icon-glass:before { content: "\f000"; } +.icon-music:before { content: "\f001"; } +.icon-search:before { content: "\f002"; } +.icon-envelope:before { content: "\f003"; } +.icon-heart:before { content: "\f004"; } +.icon-star:before { content: "\f005"; } +.icon-star-empty:before { content: "\f006"; } +.icon-user:before { content: "\f007"; } +.icon-film:before { content: "\f008"; } +.icon-th-large:before { content: "\f009"; } +.icon-th:before { content: "\f00a"; } +.icon-th-list:before { content: "\f00b"; } +.icon-ok:before { content: "\f00c"; } +.icon-remove:before { content: "\f00d"; } +.icon-zoom-in:before { content: "\f00e"; } + +.icon-zoom-out:before { content: "\f010"; } +.icon-off:before { content: "\f011"; } +.icon-signal:before { content: "\f012"; } +.icon-cog:before { content: "\f013"; } +.icon-trash:before { content: "\f014"; } +.icon-home:before { content: "\f015"; } +.icon-file:before { content: "\f016"; } +.icon-time:before { content: "\f017"; } +.icon-road:before { content: "\f018"; } +.icon-download-alt:before { content: "\f019"; } +.icon-download:before { content: "\f01a"; } +.icon-upload:before { content: "\f01b"; } +.icon-inbox:before { content: "\f01c"; } +.icon-play-circle:before { content: "\f01d"; } +.icon-repeat:before { content: "\f01e"; } + +/* \f020 doesn't work in Safari. all shifted one down */ +.icon-refresh:before { content: "\f021"; } +.icon-list-alt:before { content: "\f022"; } +.icon-lock:before { content: "\f023"; } +.icon-flag:before { content: "\f024"; } +.icon-headphones:before { content: "\f025"; } +.icon-volume-off:before { content: "\f026"; } +.icon-volume-down:before { content: "\f027"; } +.icon-volume-up:before { content: "\f028"; } +.icon-qrcode:before { content: "\f029"; } +.icon-barcode:before { content: "\f02a"; } +.icon-tag:before { content: "\f02b"; } +.icon-tags:before { content: "\f02c"; } +.icon-book:before { content: "\f02d"; } +.icon-bookmark:before { content: "\f02e"; } +.icon-print:before { content: "\f02f"; } + +.icon-camera:before { content: "\f030"; } +.icon-font:before { content: "\f031"; } +.icon-bold:before { content: "\f032"; } +.icon-italic:before { content: "\f033"; } +.icon-text-height:before { content: "\f034"; } +.icon-text-width:before { content: "\f035"; } +.icon-align-left:before { content: "\f036"; } +.icon-align-center:before { content: "\f037"; } +.icon-align-right:before { content: "\f038"; } +.icon-align-justify:before { content: "\f039"; } +.icon-list:before { content: "\f03a"; } +.icon-indent-left:before { content: "\f03b"; } +.icon-indent-right:before { content: "\f03c"; } +.icon-facetime-video:before { content: "\f03d"; } +.icon-picture:before { content: "\f03e"; } + +.icon-pencil:before { content: "\f040"; } +.icon-map-marker:before { content: "\f041"; } +.icon-adjust:before { content: "\f042"; } +.icon-tint:before { content: "\f043"; } +.icon-edit:before { content: "\f044"; } +.icon-share:before { content: "\f045"; } +.icon-check:before { content: "\f046"; } +.icon-move:before { content: "\f047"; } +.icon-step-backward:before { content: "\f048"; } +.icon-fast-backward:before { content: "\f049"; } +.icon-backward:before { content: "\f04a"; } +.icon-play:before { content: "\f04b"; } +.icon-pause:before { content: "\f04c"; } +.icon-stop:before { content: "\f04d"; } +.icon-forward:before { content: "\f04e"; } + +.icon-fast-forward:before { content: "\f050"; } +.icon-step-forward:before { content: "\f051"; } +.icon-eject:before { content: "\f052"; } +.icon-chevron-left:before { content: "\f053"; } +.icon-chevron-right:before { content: "\f054"; } +.icon-plus-sign:before { content: "\f055"; } +.icon-minus-sign:before { content: "\f056"; } +.icon-remove-sign:before { content: "\f057"; } +.icon-ok-sign:before { content: "\f058"; } +.icon-question-sign:before { content: "\f059"; } +.icon-info-sign:before { content: "\f05a"; } +.icon-screenshot:before { content: "\f05b"; } +.icon-remove-circle:before { content: "\f05c"; } +.icon-ok-circle:before { content: "\f05d"; } +.icon-ban-circle:before { content: "\f05e"; } + +.icon-arrow-left:before { content: "\f060"; } +.icon-arrow-right:before { content: "\f061"; } +.icon-arrow-up:before { content: "\f062"; } +.icon-arrow-down:before { content: "\f063"; } +.icon-share-alt:before { content: "\f064"; } +.icon-resize-full:before { content: "\f065"; } +.icon-resize-small:before { content: "\f066"; } +.icon-plus:before { content: "\f067"; } +.icon-minus:before { content: "\f068"; } +.icon-asterisk:before { content: "\f069"; } +.icon-exclamation-sign:before { content: "\f06a"; } +.icon-gift:before { content: "\f06b"; } +.icon-leaf:before { content: "\f06c"; } +.icon-fire:before { content: "\f06d"; } +.icon-eye-open:before { content: "\f06e"; } + +.icon-eye-close:before { content: "\f070"; } +.icon-warning-sign:before { content: "\f071"; } +.icon-plane:before { content: "\f072"; } +.icon-calendar:before { content: "\f073"; } +.icon-random:before { content: "\f074"; } +.icon-comment:before { content: "\f075"; } +.icon-magnet:before { content: "\f076"; } +.icon-chevron-up:before { content: "\f077"; } +.icon-chevron-down:before { content: "\f078"; } +.icon-retweet:before { content: "\f079"; } +.icon-shopping-cart:before { content: "\f07a"; } +.icon-folder-close:before { content: "\f07b"; } +.icon-folder-open:before { content: "\f07c"; } +.icon-resize-vertical:before { content: "\f07d"; } +.icon-resize-horizontal:before { content: "\f07e"; } + +.icon-bar-chart:before { content: "\f080"; } +.icon-twitter-sign:before { content: "\f081"; } +.icon-facebook-sign:before { content: "\f082"; } +.icon-camera-retro:before { content: "\f083"; } +.icon-key:before { content: "\f084"; } +.icon-cogs:before { content: "\f085"; } +.icon-comments:before { content: "\f086"; } +.icon-thumbs-up:before { content: "\f087"; } +.icon-thumbs-down:before { content: "\f088"; } +.icon-star-half:before { content: "\f089"; } +.icon-heart-empty:before { content: "\f08a"; } +.icon-signout:before { content: "\f08b"; } +.icon-linkedin-sign:before { content: "\f08c"; } +.icon-pushpin:before { content: "\f08d"; } +.icon-external-link:before { content: "\f08e"; } + +.icon-signin:before { content: "\f090"; } +.icon-trophy:before { content: "\f091"; } +.icon-github-sign:before { content: "\f092"; } +.icon-upload-alt:before { content: "\f093"; } +.icon-lemon:before { content: "\f094"; } +.icon-phone:before { content: "\f095"; } +.icon-check-empty:before { content: "\f096"; } +.icon-bookmark-empty:before { content: "\f097"; } +.icon-phone-sign:before { content: "\f098"; } +.icon-twitter:before { content: "\f099"; } +.icon-facebook:before { content: "\f09a"; } +.icon-github:before { content: "\f09b"; } +.icon-unlock:before { content: "\f09c"; } +.icon-credit-card:before { content: "\f09d"; } +.icon-rss:before { content: "\f09e"; } + +.icon-hdd:before { content: "\f0a0"; } +.icon-bullhorn:before { content: "\f0a1"; } +.icon-bell:before { content: "\f0a2"; } +.icon-certificate:before { content: "\f0a3"; } +.icon-hand-right:before { content: "\f0a4"; } +.icon-hand-left:before { content: "\f0a5"; } +.icon-hand-up:before { content: "\f0a6"; } +.icon-hand-down:before { content: "\f0a7"; } +.icon-circle-arrow-left:before { content: "\f0a8"; } +.icon-circle-arrow-right:before { content: "\f0a9"; } +.icon-circle-arrow-up:before { content: "\f0aa"; } +.icon-circle-arrow-down:before { content: "\f0ab"; } +.icon-globe:before { content: "\f0ac"; } +.icon-wrench:before { content: "\f0ad"; } +.icon-tasks:before { content: "\f0ae"; } + +.icon-filter:before { content: "\f0b0"; } +.icon-briefcase:before { content: "\f0b1"; } +.icon-fullscreen:before { content: "\f0b2"; } + +.icon-group:before { content: "\f0c0"; } +.icon-link:before { content: "\f0c1"; } +.icon-cloud:before { content: "\f0c2"; } +.icon-beaker:before { content: "\f0c3"; } +.icon-cut:before { content: "\f0c4"; } +.icon-copy:before { content: "\f0c5"; } +.icon-paper-clip:before { content: "\f0c6"; } +.icon-save:before { content: "\f0c7"; } +.icon-sign-blank:before { content: "\f0c8"; } +.icon-reorder:before { content: "\f0c9"; } +.icon-list-ul:before { content: "\f0ca"; } +.icon-list-ol:before { content: "\f0cb"; } +.icon-strikethrough:before { content: "\f0cc"; } +.icon-underline:before { content: "\f0cd"; } +.icon-table:before { content: "\f0ce"; } + +.icon-magic:before { content: "\f0d0"; } +.icon-truck:before { content: "\f0d1"; } +.icon-pinterest:before { content: "\f0d2"; } +.icon-pinterest-sign:before { content: "\f0d3"; } +.icon-google-plus-sign:before { content: "\f0d4"; } +.icon-google-plus:before { content: "\f0d5"; } +.icon-money:before { content: "\f0d6"; } +.icon-caret-down:before { content: "\f0d7"; } +.icon-caret-up:before { content: "\f0d8"; } +.icon-caret-left:before { content: "\f0d9"; } +.icon-caret-right:before { content: "\f0da"; } +.icon-columns:before { content: "\f0db"; } +.icon-sort:before { content: "\f0dc"; } +.icon-sort-down:before { content: "\f0dd"; } +.icon-sort-up:before { content: "\f0de"; } + +.icon-envelope-alt:before { content: "\f0e0"; } +.icon-linkedin:before { content: "\f0e1"; } +.icon-undo:before { content: "\f0e2"; } +.icon-legal:before { content: "\f0e3"; } +.icon-dashboard:before { content: "\f0e4"; } +.icon-comment-alt:before { content: "\f0e5"; } +.icon-comments-alt:before { content: "\f0e6"; } +.icon-bolt:before { content: "\f0e7"; } +.icon-sitemap:before { content: "\f0e8"; } +.icon-umbrella:before { content: "\f0e9"; } +.icon-paste:before { content: "\f0ea"; } +.icon-lightbulb:before { content: "\f0eb"; } +.icon-exchange:before { content: "\f0ec"; } +.icon-cloud-download:before { content: "\f0ed"; } +.icon-cloud-upload:before { content: "\f0ee"; } + +.icon-user-md:before { content: "\f0f0"; } +.icon-stethoscope:before { content: "\f0f1"; } +.icon-suitcase:before { content: "\f0f2"; } +.icon-bell-alt:before { content: "\f0f3"; } +.icon-coffee:before { content: "\f0f4"; } +.icon-food:before { content: "\f0f5"; } +.icon-file-alt:before { content: "\f0f6"; } +.icon-building:before { content: "\f0f7"; } +.icon-hospital:before { content: "\f0f8"; } +.icon-ambulance:before { content: "\f0f9"; } +.icon-medkit:before { content: "\f0fa"; } +.icon-fighter-jet:before { content: "\f0fb"; } +.icon-beer:before { content: "\f0fc"; } +.icon-h-sign:before { content: "\f0fd"; } +.icon-plus-sign-alt:before { content: "\f0fe"; } + +.icon-double-angle-left:before { content: "\f100"; } +.icon-double-angle-right:before { content: "\f101"; } +.icon-double-angle-up:before { content: "\f102"; } +.icon-double-angle-down:before { content: "\f103"; } +.icon-angle-left:before { content: "\f104"; } +.icon-angle-right:before { content: "\f105"; } +.icon-angle-up:before { content: "\f106"; } +.icon-angle-down:before { content: "\f107"; } +.icon-desktop:before { content: "\f108"; } +.icon-laptop:before { content: "\f109"; } +.icon-tablet:before { content: "\f10a"; } +.icon-mobile-phone:before { content: "\f10b"; } +.icon-circle-blank:before { content: "\f10c"; } +.icon-quote-left:before { content: "\f10d"; } +.icon-quote-right:before { content: "\f10e"; } + +.icon-spinner:before { content: "\f110"; } +.icon-circle:before { content: "\f111"; } +.icon-reply:before { content: "\f112"; } +.icon-github-alt:before { content: "\f113"; } +.icon-folder-close-alt:before { content: "\f114"; } +.icon-folder-open-alt:before { content: "\f115"; } +]]>GET/resources/css/font-awesomecssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
    Refererhttp://zero.webappsecurity.com/
    Hostzero.webappsecurity.com
    Accept*/*
    Accept-Languageen-US,en;q=0.5
    Accept-Encodinggzip, deflate
    Pragmano-cache
    User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
    ConnectionKeep-Alive
    X-WIPPAscVersion=22.2.0.253
    X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="C7E90FA2BCD774CB5B3F685F1C421321";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
    X-RequestManager-Memostid="11";stmi="0";sc="1";rid="b84d381c";
    X-Request-Memorid="fa8ab90e";sc="1";thid="45";
    CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0    HTTP/1.1200OK .active > a > [class^="icon-"], +.nav-pills > .active > a > [class*=" icon-"], +.nav-list > .active > a > [class^="icon-"], +.nav-list > .active > a > [class*=" icon-"], +.navbar-inverse .nav > .active > a > [class^="icon-"], +.navbar-inverse .nav > .active > a > [class*=" icon-"], +.dropdown-menu > li > a:hover > [class^="icon-"], +.dropdown-menu > li > a:hover > [class*=" icon-"], +.dropdown-menu > .active > a > [class^="icon-"], +.dropdown-menu > .active > a > [class*=" icon-"], +.dropdown-submenu:hover > a > [class^="icon-"], +.dropdown-submenu:hover > a > [class*=" icon-"] { + background-image: none; +} +[class^="icon-"]:before, +[class*=" icon-"]:before { + text-decoration: inherit; + display: inline-block; + speak: none; +} +/* makes sure icons active on rollover in links */ +a [class^="icon-"], +a [class*=" icon-"] { + display: inline-block; +} +/* makes the font 33% larger relative to the icon container */ +.icon-large:before { + vertical-align: -10%; + font-size: 1.3333333333333333em; +} +.btn [class^="icon-"], +.nav [class^="icon-"], +.btn [class*=" icon-"], +.nav [class*=" icon-"] { + display: inline; + /* keeps button heights with and without icons the same */ + +} +.btn [class^="icon-"].icon-large, +.nav [class^="icon-"].icon-large, +.btn [class*=" icon-"].icon-large, +.nav [class*=" icon-"].icon-large { + line-height: .9em; +} +.btn [class^="icon-"].icon-spin, +.nav [class^="icon-"].icon-spin, +.btn [class*=" icon-"].icon-spin, +.nav [class*=" icon-"].icon-spin { + display: inline-block; +} +.nav-tabs [class^="icon-"], +.nav-pills [class^="icon-"], +.nav-tabs [class*=" icon-"], +.nav-pills [class*=" icon-"] { + /* keeps button heights with and without icons the same */ + +} +.nav-tabs [class^="icon-"], +.nav-pills [class^="icon-"], +.nav-tabs [class*=" icon-"], +.nav-pills [class*=" icon-"], +.nav-tabs [class^="icon-"].icon-large, +.nav-pills [class^="icon-"].icon-large, +.nav-tabs [class*=" icon-"].icon-large, +.nav-pills [class*=" icon-"].icon-large { + line-height: .9em; +} +li [class^="icon-"], +.nav li [class^="icon-"], +li [class*=" icon-"], +.nav li [class*=" icon-"] { + display: inline-block; + width: 1.25em; + text-align: center; +} +li [class^="icon-"].icon-large, +.nav li [class^="icon-"].icon-large, +li [class*=" icon-"].icon-large, +.nav li [class*=" icon-"].icon-large { + /* increased font size for icon-large */ + + width: 1.5625em; +} +ul.icons { + list-style-type: none; + text-indent: -0.75em; +} +ul.icons li [class^="icon-"], +ul.icons li [class*=" icon-"] { + width: .75em; +} +.icon-muted { + color: #eeeeee; +} +.icon-border { + border: solid 1px #eeeeee; + padding: .2em .25em .15em; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} +.icon-2x { + font-size: 2em; +} +.icon-2x.icon-border { + border-width: 2px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} +.icon-3x { + font-size: 3em; +} +.icon-3x.icon-border { + border-width: 3px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} +.icon-4x { + font-size: 4em; +} +.icon-4x.icon-border { + border-width: 4px; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; +} +.pull-right { + float: right; +} +.pull-left { + float: left; +} +[class^="icon-"].pull-left, +[class*=" icon-"].pull-left { + margin-right: .3em; +} +[class^="icon-"].pull-right, +[class*=" icon-"].pull-right { + margin-left: .3em; +} +.btn [class^="icon-"].pull-left.icon-2x, +.btn [class*=" icon-"].pull-left.icon-2x, +.btn [class^="icon-"].pull-right.icon-2x, +.btn [class*=" icon-"].pull-right.icon-2x { + margin-top: .18em; +} +.btn [class^="icon-"].icon-spin.icon-large, +.btn [class*=" icon-"].icon-spin.icon-large { + line-height: .8em; +} +.btn.btn-small [class^="icon-"].pull-left.icon-2x, +.btn.btn-small [class*=" icon-"].pull-left.icon-2x, +.btn.btn-small [class^="icon-"].pull-right.icon-2x, +.btn.btn-small [class*=" icon-"].pull-right.icon-2x { + margin-top: .25em; +} +.btn.btn-large [class^="icon-"], +.btn.btn-large [class*=" icon-"] { + margin-top: 0; +} +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x, +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-top: .05em; +} +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x { + margin-right: .2em; +} +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-left: .2em; +} +.icon-spin { + display: inline-block; + -moz-animation: spin 2s infinite linear; + -o-animation: spin 2s infinite linear; + -webkit-animation: spin 2s infinite linear; + animation: spin 2s infinite linear; +} +@-moz-keyframes spin { + 0% { -moz-transform: rotate(0deg); } + 100% { -moz-transform: rotate(359deg); } +} +@-webkit-keyframes spin { + 0% { -webkit-transform: rotate(0deg); } + 100% { -webkit-transform: rotate(359deg); } +} +@-o-keyframes spin { + 0% { -o-transform: rotate(0deg); } + 100% { -o-transform: rotate(359deg); } +} +@-ms-keyframes spin { + 0% { -ms-transform: rotate(0deg); } + 100% { -ms-transform: rotate(359deg); } +} +@keyframes spin { + 0% { transform: rotate(0deg); } + 100% { transform: rotate(359deg); } +} +@-moz-document url-prefix() { + .icon-spin { + height: .9em; + } + .btn .icon-spin { + height: auto; + } + .icon-spin.icon-large { + height: 1.25em; + } + .btn .icon-spin.icon-large { + height: .75em; + } +} +/* Font Awesome uses the Unicode Private Use Area (PUA) to ensure screen + readers do not read off random characters that represent icons */ +.icon-glass:before { content: "\f000"; } +.icon-music:before { content: "\f001"; } +.icon-search:before { content: "\f002"; } +.icon-envelope:before { content: "\f003"; } +.icon-heart:before { content: "\f004"; } +.icon-star:before { content: "\f005"; } +.icon-star-empty:before { content: "\f006"; } +.icon-user:before { content: "\f007"; } +.icon-film:before { content: "\f008"; } +.icon-th-large:before { content: "\f009"; } +.icon-th:before { content: "\f00a"; } +.icon-th-list:before { content: "\f00b"; } +.icon-ok:before { content: "\f00c"; } +.icon-remove:before { content: "\f00d"; } +.icon-zoom-in:before { content: "\f00e"; } + +.icon-zoom-out:before { content: "\f010"; } +.icon-off:before { content: "\f011"; } +.icon-signal:before { content: "\f012"; } +.icon-cog:before { content: "\f013"; } +.icon-trash:before { content: "\f014"; } +.icon-home:before { content: "\f015"; } +.icon-file:before { content: "\f016"; } +.icon-time:before { content: "\f017"; } +.icon-road:before { content: "\f018"; } +.icon-download-alt:before { content: "\f019"; } +.icon-download:before { content: "\f01a"; } +.icon-upload:before { content: "\f01b"; } +.icon-inbox:before { content: "\f01c"; } +.icon-play-circle:before { content: "\f01d"; } +.icon-repeat:before { content: "\f01e"; } + +/* \f020 doesn't work in Safari. all shifted one down */ +.icon-refresh:before { content: "\f021"; } +.icon-list-alt:before { content: "\f022"; } +.icon-lock:before { content: "\f023"; } +.icon-flag:before { content: "\f024"; } +.icon-headphones:before { content: "\f025"; } +.icon-volume-off:before { content: "\f026"; } +.icon-volume-down:before { content: "\f027"; } +.icon-volume-up:before { content: "\f028"; } +.icon-qrcode:before { content: "\f029"; } +.icon-barcode:before { content: "\f02a"; } +.icon-tag:before { content: "\f02b"; } +.icon-tags:before { content: "\f02c"; } +.icon-book:before { content: "\f02d"; } +.icon-bookmark:before { content: "\f02e"; } +.icon-print:before { content: "\f02f"; } + +.icon-camera:before { content: "\f030"; } +.icon-font:before { content: "\f031"; } +.icon-bold:before { content: "\f032"; } +.icon-italic:before { content: "\f033"; } +.icon-text-height:before { content: "\f034"; } +.icon-text-width:before { content: "\f035"; } +.icon-align-left:before { content: "\f036"; } +.icon-align-center:before { content: "\f037"; } +.icon-align-right:before { content: "\f038"; } +.icon-align-justify:before { content: "\f039"; } +.icon-list:before { content: "\f03a"; } +.icon-indent-left:before { content: "\f03b"; } +.icon-indent-right:before { content: "\f03c"; } +.icon-facetime-video:before { content: "\f03d"; } +.icon-picture:before { content: "\f03e"; } + +.icon-pencil:before { content: "\f040"; } +.icon-map-marker:before { content: "\f041"; } +.icon-adjust:before { content: "\f042"; } +.icon-tint:before { content: "\f043"; } +.icon-edit:before { content: "\f044"; } +.icon-share:before { content: "\f045"; } +.icon-check:before { content: "\f046"; } +.icon-move:before { content: "\f047"; } +.icon-step-backward:before { content: "\f048"; } +.icon-fast-backward:before { content: "\f049"; } +.icon-backward:before { content: "\f04a"; } +.icon-play:before { content: "\f04b"; } +.icon-pause:before { content: "\f04c"; } +.icon-stop:before { content: "\f04d"; } +.icon-forward:before { content: "\f04e"; } + +.icon-fast-forward:before { content: "\f050"; } +.icon-step-forward:before { content: "\f051"; } +.icon-eject:before { content: "\f052"; } +.icon-chevron-left:before { content: "\f053"; } +.icon-chevron-right:before { content: "\f054"; } +.icon-plus-sign:before { content: "\f055"; } +.icon-minus-sign:before { content: "\f056"; } +.icon-remove-sign:before { content: "\f057"; } +.icon-ok-sign:before { content: "\f058"; } +.icon-question-sign:before { content: "\f059"; } +.icon-info-sign:before { content: "\f05a"; } +.icon-screenshot:before { content: "\f05b"; } +.icon-remove-circle:before { content: "\f05c"; } +.icon-ok-circle:before { content: "\f05d"; } +.icon-ban-circle:before { content: "\f05e"; } + +.icon-arrow-left:before { content: "\f060"; } +.icon-arrow-right:before { content: "\f061"; } +.icon-arrow-up:before { content: "\f062"; } +.icon-arrow-down:before { content: "\f063"; } +.icon-share-alt:before { content: "\f064"; } +.icon-resize-full:before { content: "\f065"; } +.icon-resize-small:before { content: "\f066"; } +.icon-plus:before { content: "\f067"; } +.icon-minus:before { content: "\f068"; } +.icon-asterisk:before { content: "\f069"; } +.icon-exclamation-sign:before { content: "\f06a"; } +.icon-gift:before { content: "\f06b"; } +.icon-leaf:before { content: "\f06c"; } +.icon-fire:before { content: "\f06d"; } +.icon-eye-open:before { content: "\f06e"; } + +.icon-eye-close:before { content: "\f070"; } +.icon-warning-sign:before { content: "\f071"; } +.icon-plane:before { content: "\f072"; } +.icon-calendar:before { content: "\f073"; } +.icon-random:before { content: "\f074"; } +.icon-comment:before { content: "\f075"; } +.icon-magnet:before { content: "\f076"; } +.icon-chevron-up:before { content: "\f077"; } +.icon-chevron-down:before { content: "\f078"; } +.icon-retweet:before { content: "\f079"; } +.icon-shopping-cart:before { content: "\f07a"; } +.icon-folder-close:before { content: "\f07b"; } +.icon-folder-open:before { content: "\f07c"; } +.icon-resize-vertical:before { content: "\f07d"; } +.icon-resize-horizontal:before { content: "\f07e"; } + +.icon-bar-chart:before { content: "\f080"; } +.icon-twitter-sign:before { content: "\f081"; } +.icon-facebook-sign:before { content: "\f082"; } +.icon-camera-retro:before { content: "\f083"; } +.icon-key:before { content: "\f084"; } +.icon-cogs:before { content: "\f085"; } +.icon-comments:before { content: "\f086"; } +.icon-thumbs-up:before { content: "\f087"; } +.icon-thumbs-down:before { content: "\f088"; } +.icon-star-half:before { content: "\f089"; } +.icon-heart-empty:before { content: "\f08a"; } +.icon-signout:before { content: "\f08b"; } +.icon-linkedin-sign:before { content: "\f08c"; } +.icon-pushpin:before { content: "\f08d"; } +.icon-external-link:before { content: "\f08e"; } + +.icon-signin:before { content: "\f090"; } +.icon-trophy:before { content: "\f091"; } +.icon-github-sign:before { content: "\f092"; } +.icon-upload-alt:before { content: "\f093"; } +.icon-lemon:before { content: "\f094"; } +.icon-phone:before { content: "\f095"; } +.icon-check-empty:before { content: "\f096"; } +.icon-bookmark-empty:before { content: "\f097"; } +.icon-phone-sign:before { content: "\f098"; } +.icon-twitter:before { content: "\f099"; } +.icon-facebook:before { content: "\f09a"; } +.icon-github:before { content: "\f09b"; } +.icon-unlock:before { content: "\f09c"; } +.icon-credit-card:before { content: "\f09d"; } +.icon-rss:before { content: "\f09e"; } + +.icon-hdd:before { content: "\f0a0"; } +.icon-bullhorn:before { content: "\f0a1"; } +.icon-bell:before { content: "\f0a2"; } +.icon-certificate:before { content: "\f0a3"; } +.icon-hand-right:before { content: "\f0a4"; } +.icon-hand-left:before { content: "\f0a5"; } +.icon-hand-up:before { content: "\f0a6"; } +.icon-hand-down:before { content: "\f0a7"; } +.icon-circle-arrow-left:before { content: "\f0a8"; } +.icon-circle-arrow-right:before { content: "\f0a9"; } +.icon-circle-arrow-up:before { content: "\f0aa"; } +.icon-circle-arrow-down:before { content: "\f0ab"; } +.icon-globe:before { content: "\f0ac"; } +.icon-wrench:before { content: "\f0ad"; } +.icon-tasks:before { content: "\f0ae"; } + +.icon-filter:before { content: "\f0b0"; } +.icon-briefcase:before { content: "\f0b1"; } +.icon-fullscreen:before { content: "\f0b2"; } + +.icon-group:before { content: "\f0c0"; } +.icon-link:before { content: "\f0c1"; } +.icon-cloud:before { content: "\f0c2"; } +.icon-beaker:before { content: "\f0c3"; } +.icon-cut:before { content: "\f0c4"; } +.icon-copy:before { content: "\f0c5"; } +.icon-paper-clip:before { content: "\f0c6"; } +.icon-save:before { content: "\f0c7"; } +.icon-sign-blank:before { content: "\f0c8"; } +.icon-reorder:before { content: "\f0c9"; } +.icon-list-ul:before { content: "\f0ca"; } +.icon-list-ol:before { content: "\f0cb"; } +.icon-strikethrough:before { content: "\f0cc"; } +.icon-underline:before { content: "\f0cd"; } +.icon-table:before { content: "\f0ce"; } + +.icon-magic:before { content: "\f0d0"; } +.icon-truck:before { content: "\f0d1"; } +.icon-pinterest:before { content: "\f0d2"; } +.icon-pinterest-sign:before { content: "\f0d3"; } +.icon-google-plus-sign:before { content: "\f0d4"; } +.icon-google-plus:before { content: "\f0d5"; } +.icon-money:before { content: "\f0d6"; } +.icon-caret-down:before { content: "\f0d7"; } +.icon-caret-up:before { content: "\f0d8"; } +.icon-caret-left:before { content: "\f0d9"; } +.icon-caret-right:before { content: "\f0da"; } +.icon-columns:before { content: "\f0db"; } +.icon-sort:before { content: "\f0dc"; } +.icon-sort-down:before { content: "\f0dd"; } +.icon-sort-up:before { content: "\f0de"; } + +.icon-envelope-alt:before { content: "\f0e0"; } +.icon-linkedin:before { content: "\f0e1"; } +.icon-undo:before { content: "\f0e2"; } +.icon-legal:before { content: "\f0e3"; } +.icon-dashboard:before { content: "\f0e4"; } +.icon-comment-alt:before { content: "\f0e5"; } +.icon-comments-alt:before { content: "\f0e6"; } +.icon-bolt:before { content: "\f0e7"; } +.icon-sitemap:before { content: "\f0e8"; } +.icon-umbrella:before { content: "\f0e9"; } +.icon-paste:before { content: "\f0ea"; } +.icon-lightbulb:before { content: "\f0eb"; } +.icon-exchange:before { content: "\f0ec"; } +.icon-cloud-download:before { content: "\f0ed"; } +.icon-cloud-upload:before { content: "\f0ee"; } + +.icon-user-md:before { content: "\f0f0"; } +.icon-stethoscope:before { content: "\f0f1"; } +.icon-suitcase:before { content: "\f0f2"; } +.icon-bell-alt:before { content: "\f0f3"; } +.icon-coffee:before { content: "\f0f4"; } +.icon-food:before { content: "\f0f5"; } +.icon-file-alt:before { content: "\f0f6"; } +.icon-building:before { content: "\f0f7"; } +.icon-hospital:before { content: "\f0f8"; } +.icon-ambulance:before { content: "\f0f9"; } +.icon-medkit:before { content: "\f0fa"; } +.icon-fighter-jet:before { content: "\f0fb"; } +.icon-beer:before { content: "\f0fc"; } +.icon-h-sign:before { content: "\f0fd"; } +.icon-plus-sign-alt:before { content: "\f0fe"; } + +.icon-double-angle-left:before { content: "\f100"; } +.icon-double-angle-right:before { content: "\f101"; } +.icon-double-angle-up:before { content: "\f102"; } +.icon-double-angle-down:before { content: "\f103"; } +.icon-angle-left:before { content: "\f104"; } +.icon-angle-right:before { content: "\f105"; } +.icon-angle-up:before { content: "\f106"; } +.icon-angle-down:before { content: "\f107"; } +.icon-desktop:before { content: "\f108"; } +.icon-laptop:before { content: "\f109"; } +.icon-tablet:before { content: "\f10a"; } +.icon-mobile-phone:before { content: "\f10b"; } +.icon-circle-blank:before { content: "\f10c"; } +.icon-quote-left:before { content: "\f10d"; } +.icon-quote-right:before { content: "\f10e"; } + +.icon-spinner:before { content: "\f110"; } +.icon-circle:before { content: "\f111"; } +.icon-reply:before { content: "\f112"; } +.icon-github-alt:before { content: "\f113"; } +.icon-folder-close-alt:before { content: "\f114"; } +.icon-folder-open-alt:before { content: "\f115"; } +]]>
    DateFri, 24 Feb 2023 14:01:44 GMT
    ServerApache-Coyote/1.1
    Access-Control-Allow-Origin*
    Accept-Rangesbytes
    ETagW/"21752-1360580252000"
    Last-ModifiedMon, 11 Feb 2013 10:57:32 GMT
    Cache-Controlmax-age=2419200
    ExpiresFri, 24 Mar 2023 14:01:44 GMT
    Content-Typetext/css;charset=UTF-8
    Content-Length21752
    Keep-Alivetimeout=5, max=100
    ConnectionKeep-Alive
    http://zero.webappsecurity.com:80/resources/js/bootstrap.min.jshttpzero.webappsecurity.com80').appendTo(document.body),this.$backdrop.click(this.options.backdrop=="static"?a.proxy(this.$element[0].focus,this.$element[0]):a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(this.removeBackdrop,this)):this.removeBackdrop()):b&&b()}};var c=a.fn.modal;a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=a.extend({},a.fn.modal.defaults,d.data(),typeof c=="object"&&c);e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():f.show&&e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f).one("hide",function(){c.focus()})})}(window.jQuery),!function(a){function d(){a(b).each(function(){e(a(this)).removeClass("open")})}function e(b){var c=b.attr("data-target"),d;return c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,"")),d=a(c),d.length||(d=b.parent()),d}var b="[data-toggle=dropdown]",c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),f,g;if(c.is(".disabled, :disabled"))return;return f=e(c),g=f.hasClass("open"),d(),g||f.toggleClass("open"),c.focus(),!1},keydown:function(b){var c,d,f,g,h,i;if(!/(38|40|27)/.test(b.keyCode))return;c=a(this),b.preventDefault(),b.stopPropagation();if(c.is(".disabled, :disabled"))return;g=e(c),h=g.hasClass("open");if(!h||h&&b.keyCode==27)return c.click();d=a("[role=menu] li:not(.divider):visible a",g);if(!d.length)return;i=d.index(d.filter(":focus")),b.keyCode==38&&i>0&&i--,b.keyCode==40&&i a",this.$body=a("body"),this.refresh(),this.process()}b.prototype={constructor:b,refresh:function(){var b=this,c;this.offsets=a([]),this.targets=a([]),c=this.$body.find(this.selector).map(function(){var c=a(this),d=c.data("target")||c.attr("href"),e=/^#\w/.test(d)&&a(d);return e&&e.length&&[[e.position().top+b.$scrollElement.scrollTop(),d]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,c=b-this.$scrollElement.height(),d=this.offsets,e=this.targets,f=this.activeTarget,g;if(a>=c)return f!=(g=e.last()[0])&&this.activate(g);for(g=d.length;g--;)f!=e[g]&&a>=d[g]&&(!d[g+1]||a<=d[g+1])&&this.activate(e[g])},activate:function(b){var c,d;this.activeTarget=b,a(this.selector).parent(".active").removeClass("active"),d=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',c=a(d).parent("li").addClass("active"),c.parent(".dropdown-menu").length&&(c=c.closest("li.dropdown").addClass("active")),c.trigger("activate")}};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f,g;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active:last a")[0],g=a.Event("show",{relatedTarget:e}),b.trigger(g);if(g.isDefaultPrevented())return;f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),!function(a){var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger=="click"?this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this)):this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f+"."+this.type,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);if(!c.options.delay||!c.options.delay.show)return c.show();clearTimeout(this.timeout),c.hoverState="in",this.timeout=setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show)},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!c.options.delay||!c.options.delay.hide)return c.hide();c.hoverState="out",this.timeout=setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide)},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.detach().css({top:0,left:0,display:"block"}).insertAfter(this.$element),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.offset(g).addClass(f).addClass("in")}},setContent:function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).detach()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.detach()})}var b=this,c=this.tip();return c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.detach(),this},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);c[c.tip().hasClass("in")?"hide":"show"]()},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'
    ',trigger:"hover",title:"",delay:0,html:!1},a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),!function(a){var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}});var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",trigger:"click",content:"",template:'

    '}),a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),!function(a){var b=function(b,c){this.options=a.extend({},a.fn.affix.defaults,c),this.$window=a(window).on("scroll.affix.data-api",a.proxy(this.checkPosition,this)).on("click.affix.data-api",a.proxy(function(){setTimeout(a.proxy(this.checkPosition,this),1)},this)),this.$element=a(b),this.checkPosition()};b.prototype.checkPosition=function(){if(!this.$element.is(":visible"))return;var b=a(document).height(),c=this.$window.scrollTop(),d=this.$element.offset(),e=this.options.offset,f=e.bottom,g=e.top,h="affix affix-top affix-bottom",i;typeof e!="object"&&(f=g=e),typeof g=="function"&&(g=e.top()),typeof f=="function"&&(f=e.bottom()),i=this.unpin!=null&&c+this.unpin<=d.top?!1:f!=null&&d.top+this.$element.height()>=b-f?"bottom":g!=null&&c<=g?"top":!1;if(this.affixed===i)return;this.affixed=i,this.unpin=i=="bottom"?d.top-c:null,this.$element.removeClass(h).addClass("affix"+(i?"-"+i:""))};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("affix"),f=typeof c=="object"&&c;e||d.data("affix",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.defaults={offset:0},a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery),!function(a){var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed").remove()}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.alert.data-api",b,c.prototype.close)}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle")})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b,c,d,e;if(this.transitioning)return;b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find("> .accordion-group > .in");if(d&&d.length){e=d.data("collapse");if(e&&e.transitioning)return;d.collapse("hide"),e||d.data("collapse",null)}this.$element[b](0),this.transition("addClass",a.Event("show"),"shown"),a.support.transition&&this.$element[b](this.$element[0][c])},hide:function(){var b;if(this.transitioning)return;b=this.dimension(),this.reset(this.$element[b]()),this.transition("removeClass",a.Event("hide"),"hidden"),this.$element[b](0)},reset:function(a){var b=this.dimension();return this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element[a!==null?"addClass":"removeClass"]("collapse"),this},transition:function(b,c,d){var e=this,f=function(){c.type=="show"&&e.reset(),e.transitioning=0,e.$element.trigger(d)};this.$element.trigger(c);if(c.isDefaultPrevented())return;this.transitioning=1,this.$element[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();c[a(e).hasClass("in")?"addClass":"removeClass"]("collapsed"),a(e).collapse(f)})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=c,this.options.pause=="hover"&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.prototype={cycle:function(b){return b||(this.paused=!1),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},to:function(b){var c=this.$element.find(".item.active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle()),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this,j;this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h](),j=a.Event("slide",{relatedTarget:e[0]});if(e.hasClass("active"))return;if(a.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(j);if(j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})}else{this.$element.trigger(j);if(j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=a.extend({},a.fn.carousel.defaults,typeof c=="object"&&c),g=typeof c=="string"?c:f.slide;e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):g?e[g]():f.interval&&e.cycle()})},a.fn.carousel.defaults={interval:5e3,pause:"hover"},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.source=this.options.source,this.$menu=a(this.options.menu),this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(a)).change(),this.hide()},updater:function(a){return a},show:function(){var b=a.extend({},this.$element.position(),{height:this.$element[0].offsetHeight});return this.$menu.insertAfter(this.$element).css({top:b.top+b.height,left:b.left}).show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c;return this.query=this.$element.val(),!this.query||this.query.length"+b+""})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),this.eventSupported("keydown")&&this.$element.on("keydown",a.proxy(this.keydown,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},eventSupported:function(a){var b=a in this.$element;return b||(this.$element.setAttribute(a,"return;"),b=typeof this.$element[a]=="function"),b},move:function(a){if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:a.preventDefault(),this.prev();break;case 40:a.preventDefault(),this.next()}a.stopPropagation()},keydown:function(b){this.suppressKeyPressRepeat=~a.inArray(b.keyCode,[40,38,9,13,27]),this.move(b)},keypress:function(a){if(this.suppressKeyPressRepeat)return;this.move(a)},keyup:function(a){switch(a.keyCode){case 40:case 38:case 16:case 17:case 18:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}a.stopPropagation(),a.preventDefault()},blur:function(a){var b=this;setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}};var c=a.fn.typeahead;a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'
      ',item:'
      • ',minLength:1},a.fn.typeahead.Constructor=b,a.fn.typeahead.noConflict=function(){return a.fn.typeahead=c,this},a(document).on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})}(window.jQuery)]]>      GET/resources/js/bootstrap.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
      Refererhttp://zero.webappsecurity.com/
      Hostzero.webappsecurity.com
      Accept*/*
      Accept-Languageen-US,en;q=0.5
      Accept-Encodinggzip, deflate
      Pragmano-cache
      User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
      ConnectionKeep-Alive
      X-WIPPAscVersion=22.2.0.253
      X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="C2E3EA7620F4A29F11DBAC2B877DD850";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
      X-RequestManager-Memostid="11";stmi="0";sc="1";rid="4d8737cf";
      X-Request-Memorid="7a8d099c";sc="1";thid="42";
      CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0      HTTP/1.1200OK').appendTo(document.body),this.$backdrop.click(this.options.backdrop=="static"?a.proxy(this.$element[0].focus,this.$element[0]):a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(this.removeBackdrop,this)):this.removeBackdrop()):b&&b()}};var c=a.fn.modal;a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=a.extend({},a.fn.modal.defaults,d.data(),typeof c=="object"&&c);e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():f.show&&e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f).one("hide",function(){c.focus()})})}(window.jQuery),!function(a){function d(){a(b).each(function(){e(a(this)).removeClass("open")})}function e(b){var c=b.attr("data-target"),d;return c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,"")),d=a(c),d.length||(d=b.parent()),d}var b="[data-toggle=dropdown]",c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),f,g;if(c.is(".disabled, :disabled"))return;return f=e(c),g=f.hasClass("open"),d(),g||f.toggleClass("open"),c.focus(),!1},keydown:function(b){var c,d,f,g,h,i;if(!/(38|40|27)/.test(b.keyCode))return;c=a(this),b.preventDefault(),b.stopPropagation();if(c.is(".disabled, :disabled"))return;g=e(c),h=g.hasClass("open");if(!h||h&&b.keyCode==27)return c.click();d=a("[role=menu] li:not(.divider):visible a",g);if(!d.length)return;i=d.index(d.filter(":focus")),b.keyCode==38&&i>0&&i--,b.keyCode==40&&i a",this.$body=a("body"),this.refresh(),this.process()}b.prototype={constructor:b,refresh:function(){var b=this,c;this.offsets=a([]),this.targets=a([]),c=this.$body.find(this.selector).map(function(){var c=a(this),d=c.data("target")||c.attr("href"),e=/^#\w/.test(d)&&a(d);return e&&e.length&&[[e.position().top+b.$scrollElement.scrollTop(),d]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,c=b-this.$scrollElement.height(),d=this.offsets,e=this.targets,f=this.activeTarget,g;if(a>=c)return f!=(g=e.last()[0])&&this.activate(g);for(g=d.length;g--;)f!=e[g]&&a>=d[g]&&(!d[g+1]||a<=d[g+1])&&this.activate(e[g])},activate:function(b){var c,d;this.activeTarget=b,a(this.selector).parent(".active").removeClass("active"),d=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',c=a(d).parent("li").addClass("active"),c.parent(".dropdown-menu").length&&(c=c.closest("li.dropdown").addClass("active")),c.trigger("activate")}};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f,g;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active:last a")[0],g=a.Event("show",{relatedTarget:e}),b.trigger(g);if(g.isDefaultPrevented())return;f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),!function(a){var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger=="click"?this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this)):this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f+"."+this.type,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);if(!c.options.delay||!c.options.delay.show)return c.show();clearTimeout(this.timeout),c.hoverState="in",this.timeout=setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show)},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!c.options.delay||!c.options.delay.hide)return c.hide();c.hoverState="out",this.timeout=setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide)},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.detach().css({top:0,left:0,display:"block"}).insertAfter(this.$element),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.offset(g).addClass(f).addClass("in")}},setContent:function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).detach()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.detach()})}var b=this,c=this.tip();return c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.detach(),this},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);c[c.tip().hasClass("in")?"hide":"show"]()},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'
      ',trigger:"hover",title:"",delay:0,html:!1},a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),!function(a){var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}});var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",trigger:"click",content:"",template:'

      '}),a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),!function(a){var b=function(b,c){this.options=a.extend({},a.fn.affix.defaults,c),this.$window=a(window).on("scroll.affix.data-api",a.proxy(this.checkPosition,this)).on("click.affix.data-api",a.proxy(function(){setTimeout(a.proxy(this.checkPosition,this),1)},this)),this.$element=a(b),this.checkPosition()};b.prototype.checkPosition=function(){if(!this.$element.is(":visible"))return;var b=a(document).height(),c=this.$window.scrollTop(),d=this.$element.offset(),e=this.options.offset,f=e.bottom,g=e.top,h="affix affix-top affix-bottom",i;typeof e!="object"&&(f=g=e),typeof g=="function"&&(g=e.top()),typeof f=="function"&&(f=e.bottom()),i=this.unpin!=null&&c+this.unpin<=d.top?!1:f!=null&&d.top+this.$element.height()>=b-f?"bottom":g!=null&&c<=g?"top":!1;if(this.affixed===i)return;this.affixed=i,this.unpin=i=="bottom"?d.top-c:null,this.$element.removeClass(h).addClass("affix"+(i?"-"+i:""))};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("affix"),f=typeof c=="object"&&c;e||d.data("affix",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.defaults={offset:0},a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery),!function(a){var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed").remove()}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.alert.data-api",b,c.prototype.close)}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle")})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b,c,d,e;if(this.transitioning)return;b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find("> .accordion-group > .in");if(d&&d.length){e=d.data("collapse");if(e&&e.transitioning)return;d.collapse("hide"),e||d.data("collapse",null)}this.$element[b](0),this.transition("addClass",a.Event("show"),"shown"),a.support.transition&&this.$element[b](this.$element[0][c])},hide:function(){var b;if(this.transitioning)return;b=this.dimension(),this.reset(this.$element[b]()),this.transition("removeClass",a.Event("hide"),"hidden"),this.$element[b](0)},reset:function(a){var b=this.dimension();return this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element[a!==null?"addClass":"removeClass"]("collapse"),this},transition:function(b,c,d){var e=this,f=function(){c.type=="show"&&e.reset(),e.transitioning=0,e.$element.trigger(d)};this.$element.trigger(c);if(c.isDefaultPrevented())return;this.transitioning=1,this.$element[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();c[a(e).hasClass("in")?"addClass":"removeClass"]("collapsed"),a(e).collapse(f)})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=c,this.options.pause=="hover"&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.prototype={cycle:function(b){return b||(this.paused=!1),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},to:function(b){var c=this.$element.find(".item.active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle()),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this,j;this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h](),j=a.Event("slide",{relatedTarget:e[0]});if(e.hasClass("active"))return;if(a.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(j);if(j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})}else{this.$element.trigger(j);if(j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=a.extend({},a.fn.carousel.defaults,typeof c=="object"&&c),g=typeof c=="string"?c:f.slide;e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):g?e[g]():f.interval&&e.cycle()})},a.fn.carousel.defaults={interval:5e3,pause:"hover"},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.source=this.options.source,this.$menu=a(this.options.menu),this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(a)).change(),this.hide()},updater:function(a){return a},show:function(){var b=a.extend({},this.$element.position(),{height:this.$element[0].offsetHeight});return this.$menu.insertAfter(this.$element).css({top:b.top+b.height,left:b.left}).show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c;return this.query=this.$element.val(),!this.query||this.query.length"+b+""})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),this.eventSupported("keydown")&&this.$element.on("keydown",a.proxy(this.keydown,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},eventSupported:function(a){var b=a in this.$element;return b||(this.$element.setAttribute(a,"return;"),b=typeof this.$element[a]=="function"),b},move:function(a){if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:a.preventDefault(),this.prev();break;case 40:a.preventDefault(),this.next()}a.stopPropagation()},keydown:function(b){this.suppressKeyPressRepeat=~a.inArray(b.keyCode,[40,38,9,13,27]),this.move(b)},keypress:function(a){if(this.suppressKeyPressRepeat)return;this.move(a)},keyup:function(a){switch(a.keyCode){case 40:case 38:case 16:case 17:case 18:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}a.stopPropagation(),a.preventDefault()},blur:function(a){var b=this;setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}};var c=a.fn.typeahead;a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'
        ',item:'
        • ',minLength:1},a.fn.typeahead.Constructor=b,a.fn.typeahead.noConflict=function(){return a.fn.typeahead=c,this},a(document).on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})}(window.jQuery)]]>
        DateFri, 24 Feb 2023 14:01:44 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"26898-1358437290000"
        Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:44 GMT
        Content-Typeapplication/javascript;charset=UTF-8
        Content-Length26898
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/resources/js/placeholders.min.jshttpzero.webappsecurity.com80 +-1)}function keyupHandler(){var type;if(this.value!==valueKeyDown){this.className=this.className.replace(classNameRegExp,"");this.value=this.value.replace(this.getAttribute("placeholder"),"");type=this.getAttribute("data-placeholdertype");if(type)this.type=type}if(this.value===""){blurHandler.call(this);cursorToStart(this)}}function addEventListener(element,event,fn){if(element.addEventListener)return element.addEventListener(event,fn.bind(element),false);if(element.attachEvent)return element.attachEvent("on"+ +event,fn.bind(element))}function addEventListeners(element){if(!settings.hideOnFocus){addEventListener(element,"keydown",keydownHandler);addEventListener(element,"keyup",keyupHandler)}addEventListener(element,"focus",focusHandler);addEventListener(element,"blur",blurHandler)}function updatePlaceholders(){var inputs=document.getElementsByTagName("input"),textareas=document.getElementsByTagName("textarea"),numInputs=inputs.length,num=numInputs+textareas.length,i,form,element,oldPlaceholder,newPlaceholder; +for(i=0;i-1)if(newPlaceholder){oldPlaceholder=element.getAttribute("data-currentplaceholder");if(newPlaceholder!==oldPlaceholder){if(element.value===oldPlaceholder||element.value===newPlaceholder||!element.value){element.value=newPlaceholder;element.className=element.className+" "+settings.className}if(!oldPlaceholder){if(element.form){form=element.form; +if(!form.getAttribute("data-placeholdersubmit")){addEventListener(form,"submit",submitHandler);form.setAttribute("data-placeholdersubmit","true")}}addEventListeners(element)}element.setAttribute("data-currentplaceholder",newPlaceholder)}}}}function createPlaceholders(){var inputs=document.getElementsByTagName("input"),textareas=document.getElementsByTagName("textarea"),numInputs=inputs.length,num=numInputs+textareas.length,i,element,form,placeholder;for(i=0;i-1)if(placeholder){if(element.type==="password")try{element.type="text";element.setAttribute("data-placeholdertype","password")}catch(e){}element.setAttribute("data-currentplaceholder",placeholder);if(element.value===""||element.value===placeholder){element.className=element.className+" "+settings.className;element.value=placeholder}if(element.form){form=element.form;if(!form.getAttribute("data-placeholdersubmit")){addEventListener(form, +"submit",submitHandler);form.setAttribute("data-placeholdersubmit","true")}}addEventListeners(element)}}}function init(opts){var test=document.createElement("input"),opt,styleElem,styleRules,i,j;if(typeof test.placeholder==="undefined"){for(opt in opts)if(opts.hasOwnProperty(opt))settings[opt]=opts[opt];styleElem=document.createElement("style");styleElem.type="text/css";var importantValue=settings.styleImportant?"!important":"";styleRules=document.createTextNode("."+settings.className+" { color:"+ +settings.textColor+importantValue+"; }");if(styleElem.styleSheet)styleElem.styleSheet.cssText=styleRules.nodeValue;else styleElem.appendChild(styleRules);document.getElementsByTagName("head")[0].appendChild(styleElem);if(!Array.prototype.indexOf)Array.prototype.indexOf=function(obj,start){for(i=start||0,j=this.length;iGET/resources/js/placeholders.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="511D6DB521E43A071D015EA7E62869D3";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="8eaa0f87";
        X-Request-Memorid="a69beee8";sc="1";thid="47";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK +-1)}function keyupHandler(){var type;if(this.value!==valueKeyDown){this.className=this.className.replace(classNameRegExp,"");this.value=this.value.replace(this.getAttribute("placeholder"),"");type=this.getAttribute("data-placeholdertype");if(type)this.type=type}if(this.value===""){blurHandler.call(this);cursorToStart(this)}}function addEventListener(element,event,fn){if(element.addEventListener)return element.addEventListener(event,fn.bind(element),false);if(element.attachEvent)return element.attachEvent("on"+ +event,fn.bind(element))}function addEventListeners(element){if(!settings.hideOnFocus){addEventListener(element,"keydown",keydownHandler);addEventListener(element,"keyup",keyupHandler)}addEventListener(element,"focus",focusHandler);addEventListener(element,"blur",blurHandler)}function updatePlaceholders(){var inputs=document.getElementsByTagName("input"),textareas=document.getElementsByTagName("textarea"),numInputs=inputs.length,num=numInputs+textareas.length,i,form,element,oldPlaceholder,newPlaceholder; +for(i=0;i-1)if(newPlaceholder){oldPlaceholder=element.getAttribute("data-currentplaceholder");if(newPlaceholder!==oldPlaceholder){if(element.value===oldPlaceholder||element.value===newPlaceholder||!element.value){element.value=newPlaceholder;element.className=element.className+" "+settings.className}if(!oldPlaceholder){if(element.form){form=element.form; +if(!form.getAttribute("data-placeholdersubmit")){addEventListener(form,"submit",submitHandler);form.setAttribute("data-placeholdersubmit","true")}}addEventListeners(element)}element.setAttribute("data-currentplaceholder",newPlaceholder)}}}}function createPlaceholders(){var inputs=document.getElementsByTagName("input"),textareas=document.getElementsByTagName("textarea"),numInputs=inputs.length,num=numInputs+textareas.length,i,element,form,placeholder;for(i=0;i-1)if(placeholder){if(element.type==="password")try{element.type="text";element.setAttribute("data-placeholdertype","password")}catch(e){}element.setAttribute("data-currentplaceholder",placeholder);if(element.value===""||element.value===placeholder){element.className=element.className+" "+settings.className;element.value=placeholder}if(element.form){form=element.form;if(!form.getAttribute("data-placeholdersubmit")){addEventListener(form, +"submit",submitHandler);form.setAttribute("data-placeholdersubmit","true")}}addEventListeners(element)}}}function init(opts){var test=document.createElement("input"),opt,styleElem,styleRules,i,j;if(typeof test.placeholder==="undefined"){for(opt in opts)if(opts.hasOwnProperty(opt))settings[opt]=opts[opt];styleElem=document.createElement("style");styleElem.type="text/css";var importantValue=settings.styleImportant?"!important":"";styleRules=document.createTextNode("."+settings.className+" { color:"+ +settings.textColor+importantValue+"; }");if(styleElem.styleSheet)styleElem.styleSheet.cssText=styleRules.nodeValue;else styleElem.appendChild(styleRules);document.getElementsByTagName("head")[0].appendChild(styleElem);if(!Array.prototype.indexOf)Array.prototype.indexOf=function(obj,start){for(i=start||0,j=this.length;i
        DateFri, 24 Feb 2023 14:01:44 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"5615-1360116138000"
        Last-ModifiedWed, 06 Feb 2013 02:02:18 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:44 GMT
        Content-Typeapplication/javascript;charset=UTF-8
        Content-Length5615
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/resources/css/main.csshttpzero.webappsecurity.com80 li > a { + padding: 18px 10px; +} +.dropdown a.btn { + color: #ffffff; +} +.dropdown .modal-footer { + padding: 7px 15px; +} +.dropdown-menu .modal-body a { + padding: 3px 0px; + float: left; + clear: none; +} +.dropdown-menu a.link-modal { + padding: 3px 23px 3px 0; + float: left; + color: #4572a7; +} +.dropdown-menu a.link-modal:hover { + color: #4572a7; + text-decoration: none; +} +.navbar .bar-root { + margin-top: 10px; +} +.navbar .bar-root .dropdown-menu a { + color: #999; +} +.navbar .bar-root .dropdown-menu a:hover { + background: #222; +} +.navbar .bar-root .dropdown-menu img { + border: 1px solid #888; + margin-right: 4px; +} +.navbar .bar-root .label { + position: relative; + top: -9px; +} + +/*#####################################################################*/ + +body, html { + height: 100%; +} + +.wrapper { + min-height: 100%; + height: auto !important; + margin: 0 auto -121px; +} + +.push { + height: 147px; +} + +/*#####################################################################*/ + +div.item img { + width: 940px; + height: 401px; +} + +/*#####################################################################*/ +.content { + padding: 40px 60px 40px 60px; + min-height: 100%; +} +/*#####################################################################*/ + +.row.divider:last-child { + margin-bottom: 40px; + + border: none; +} + +.row-divider { + border: none; + margin: 10px 0 21px; + border-bottom: 1px dotted #0098D8; +} + +.content-divider { + margin-bottom : 10px; + margin-top : 10px; + + border: none; + border-bottom: 1px solid #0098D8; + + -webkit-box-shadow: inset 0 16px 8px -20px rgba(0, 0, 0, 0.4); + -moz-box-shadow: inset 0 15px 8px -20px rgba(0, 0, 0, 0.4); + -webkit-mask-image: -webkit-linear-gradient(left, rgba(0, 0, 0, 0), black 20%, black 80%, rgba(0, 0, 0, 0) 100%); + -moz-mask-image: -moz-linear-gradient(left, rgba(0, 0, 0, 0), black 20%, black 80%, rgba(0, 0, 0, 0) 100%); + +} + +/*#####################################################################*/ + +#nav { + margin-bottom: .5em; +} + +#nav > #pages-nav { + padding: 0; + margin: 0; + + border-top: 1px solid #A1A1A1; +} + +#nav > #pages-nav > li { + position: relative; + top: -1px; + + float: left; + + padding: 0 40px 0 0; + margin: 0; + + list-style: none; + + border-top: 1px solid #A1A1A1; +} + +#nav > #pages-nav > li:last-child { + padding-right: 0; +} + +#nav > #pages-nav > li > a { + position: relative; + top: -1px; + display: block; + padding: 15px 5px 5px; + color: #888; + text-transform: uppercase; + border-top: 1px solid transparent; + cursor: pointer; +} + +#nav > #pages-nav > li > a:hover, +#nav > #pages-nav > li.dropdown.open > a { + color: #0098D8; + + text-decoration: none; + + border-top-color: #0098D8; + border-top-width: 1px; +} + +#nav > #pages-nav > li.active a { + padding-top: 12px; + top: -2px; + + color: #0098D8; + + border-top-color: #0098D8; + border-top-width: 4px; +} + +#nav > #pages-nav > li > a > .caret { + position: relative; + top: -2px; + + margin-left: .5em; +} + +#nav .dropdown-menu a:hover { + background-color: #0098D8; +} + +#nav .dropdown-menu > li > a { + padding: 6px 12px; +} + +#nav .dropdown-menu i { + margin-right: .5em; + + font-size: 14px; +} + +#nav .dropdown-menu::before { + content: ''; + display: inline-block; + border-left: 7px solid transparent; + border-right: 7px solid transparent; + border-bottom: 7px solid #CCC; + border-bottom-color: rgba(0, 0, 0, 0.2); + position: absolute; + top: -7px; + left: 9px; +} + +#nav .dropdown-menu::after { + content: ''; + display: inline-block; + border-left: 6px solid transparent; + border-right: 6px solid transparent; + border-bottom: 6px solid white; + position: absolute; + top: -6px; + left: 10px; +} + +/*#####################################################################*/ + +#welcome { + padding-left: 90px; + text-align: center; +} + +/*#####################################################################*/ + +i.icon, .slash, i.icon-middle { + margin-right: 5px; + color: #0098D8; + font-size: 18px; + line-height: 18px; +} + +i.icon-middle { + font-size: 20px; + margin-right: 10px; + line-height: 30px; +} + +/**************************************** + Footer +***************************************/ + +.footer { + margin-top: 0; + line-height: 12px; + border-top: 1px solid #292929; +} + +.footer-inner { + padding: 15px 0; + + font-size: 12px; + background: #111; + color: #999; +} + +.footer a { + color: #999; +} + +.footer a:hover { + color: #FFF; + text-decoration: none; +} + +.extra { + border-top: 1px solid #E5E5E5; + background-color: whiteSmoke; +} + +.extra-inner { + padding: 20px 0; + font-size: 11px; +} + +.extra span { + color: #666; + cursor: pointer; +} + +.extra h4 { + margin-bottom: 1em; + + font-weight: 400; +} + +.extra ul { + padding: 0; + margin: 0; +} + +.extra li { + margin-bottom: .6em; + list-style: none; +} + +/***********************************************************/ + +.hero-home { + background: url('../img/online_banking_hero.jpg') no-repeat; + color: #0082D8; + position: relative; +} + +.hero-home p { + color: #0082D8; +} + +.large-btn:hover, +.large-btn:active, +.large-btn.active { + background-color: #5BB900; +} + +.large-btn { + font-size: 24px; + padding: 12px 32px; + font-weight: bold; + margin-top: 15px; + + background: #65C31F; + color: white; + border-color: #57AF17; + font-weight: bold; +} + +.text-shadow { + text-shadow: 1px 2px 5px black; +} + +.btn.text-shadow { + text-shadow: 2px 1px 1px black; +} + +.feature-description { + border-radius: 15px; + padding: 15px; + position: relative; + + background: #383838; +} + + +.margin15 { + margin-bottom: 15px +} + +.margin7top { + margin-top: 7px +} + +.margin20top { + margin-top: 20px +} + +a.actions { + padding: 4px 9px!important; + + border: 2px solid #A1A1A1; + border-radius: 4px; + font-size: 11px; + line-height: 1; + margin-left: 20px; + text-transform: uppercase; + margin-top: 10px +} + +.accordion-heading { + background-color: whiteSmoke; +} + +.footer.fixed { + position: fixed; + bottom: 0; + right: 0; + left: 0; +} + +.carousel-caption.custom { + top: 0; + width: 200px; + + background-color: rgba(0, 0, 0, 0.8) +} + +.item > img { + margin-left: 230px; +} + +.carousel-control.custom.left,.carousel-control.custom.right { + font-family: 'Helvetica Neue', Helvetica,Arial, sans-serif; + background: white; + border: none; + color: #2F96B4; + top: 50%; +} + +.carousel-control.custom.left { + left: -50px; +} + +.carousel-control.custom.right { + right: -50px; +} + +.button-large { + font-size: 20px; + padding: 20px 50px 20px 50px; +} + +.carousel-btn,.hero-btn { + position: absolute; + border-radius: 15px +} + +.carousel-btn { + bottom: 80px; + left: 27px; +} + +.hero-btn { + right: 130px; + top:35%; +} + +.signin-controls input { + padding: 8px 15px 8px 50px; + background-color: #FDFDFD; + width: 255px; + display: block; + margin: 0; + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8) +} + +input.login { + background: url(../img/user_login.png) no-repeat; +} + +input.password { + background: url(../img/password_login.png) no-repeat; +} + +.account_summary th { + color: #AFAFAF; +} + +.account_summary tbody tr:last-of-type{ + background-color: rgba(3, 152, 252, 0.1); +} + +.account_summary .activities { + text-decoration: underline; +} + +span.headers, span.link { + cursor: pointer; + color: #333; +} + +span.link { + color: #08C; + text-decoration: underline; +} + + +#account_summary .accordion-toggle { + text-decoration: none; +} + +.top_offset { + padding-top: 70px; + padding-bottom: 20px; +} + + +div.pictured { + position: relative; +} + +div.pictured i { + position: absolute; + top: 1px; + left: 1px; + font-size: 18px; + background-color: #E5F2FE; + padding-left: 13px; + padding-right: 13px; + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8); + border-top-left-radius: 2px; + border-bottom-left-radius: 2px; + padding-bottom: 7px; + padding-top: 7px; + color: #2F96FC; + width: 16px; + height: 22px; +} + +div.pictured textarea { + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8); +} + +hr.wide { + margin-bottom: 30px; + margin-top: 30px; +} + + +/* Sidenav for Docs +-------------------------------------------------- */ + +.bs-docs-sidenav { + width: 228px; + margin: 30px 0 0; + padding: 0; + background-color: #fff; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; + -webkit-box-shadow: 0 1px 4px rgba(0,0,0,.065); + -moz-box-shadow: 0 1px 4px rgba(0,0,0,.065); + box-shadow: 0 1px 4px rgba(0,0,0,.065); +} +.bs-docs-sidenav > li > a { + display: block; + *width: 190px; + margin: 0 0 -1px; + padding: 8px 14px; + border: 1px solid #e5e5e5; +} +.bs-docs-sidenav > li:first-child > a { + -webkit-border-radius: 6px 6px 0 0; + -moz-border-radius: 6px 6px 0 0; + border-radius: 6px 6px 0 0; +} +.bs-docs-sidenav > li:last-child > a { + -webkit-border-radius: 0 0 6px 6px; + -moz-border-radius: 0 0 6px 6px; + border-radius: 0 0 6px 6px; +} +.bs-docs-sidenav > .active > a { + position: relative; + z-index: 2; + padding: 9px 15px; + border: 0; + text-shadow: 0 1px 0 rgba(0,0,0,.15); + -webkit-box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); + -moz-box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); + box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); +} +/* Chevrons */ +.bs-docs-sidenav .icon-chevron-right { + float: right; + margin-top: 2px; + margin-right: -6px; + opacity: .25; +} +.bs-docs-sidenav > li > a:hover { + background-color: #f5f5f5; +} +.bs-docs-sidenav.affix { + top: 90px; +} +.bs-docs-sidenav.affix-bottom { + position: absolute; + top: auto; + bottom: 270px; +} + +/* Responsive +-------------------------------------------------- */ + +/* Desktop large +------------------------- */ +@media (min-width: 1200px) { + .bs-docs-container { + max-width: 970px; + } + .bs-docs-sidenav { + width: 258px; + } +} + + +hr.gray-dotted { + border-bottom: 1px dotted #D9D9D9; +} + +.blog { + padding-right: 30px; +} + +.blog > div { + padding-left: 10px; +} + +.blog p.date { + text-align: right; + padding-right: 10px; +} + +button.signin { + margin-right: 5px; + border-radius: 20px +} + +button.signin > i { + padding-right: 10px; +} + +.accordion-inner form { + margin-bottom: 0px; +} + + + +.board { + background: white; + padding: 3px; + box-shadow: rgba(0, 0, 0, 0.3) 0 1px 3px; + margin-bottom: 25px; + -webkit-border-top-right-radius: 4px; + -webkit-border-bottom-right-radius: 4px; + -webkit-border-bottom-left-radius: 4px; + -webkit-border-top-left-radius: 4px; + moz-border-radius-topright: 4px; + -moz-border-radius-bottomright: 4px; + -moz-border-radius-bottomleft: 4px; + -moz-border-radius-topleft: 4px; + border-radius: 4px 4px 4px 4px; + -moz-background-clip: padding; + -webkit-background-clip: padding-box; + background-clip: padding-box; +} + +.board-content { + display: block; + height: 100%; + -webkit-border-top-right-radius: 3px; + -webkit-border-bottom-right-radius: 3px; + -webkit-border-bottom-left-radius: 3px; + -webkit-border-top-left-radius: 3px; + moz-border-radius-topright: 3px; + -moz-border-radius-bottomright: 3px; + -moz-border-radius-bottomleft: 3px; + -moz-border-radius-topleft: 3px; + border-radius: 3px 3px 3px 3px; + -moz-background-clip: padding; + -webkit-background-clip: padding-box; + background-clip: padding-box; + background: #F3F3F3; + background: #F3F3F3; + background: -webkit-gradient(linear, left top, left bottom, from(#FBFBFB), to(#F3F3F3)); + background: -moz-linear-gradient(top, #FBFBFB, #F3F3F3); +} + +h2.board-header { + font-weight: normal; + letter-spacing: -1px; + padding: 5px 10px; + margin: 0; + text-shadow: 0px 1px 1px rgba(0, 0, 0, 0.2); + + font-size: 24px; + line-height: 36px; +} + + +.board .table { + margin-bottom: 0; + border-collapse: collapse; + border-spacing: 0; +} + +.board .table th, +.board .table td { + font-size: 12px; + padding: 5px 20px; + font-weight: bold; + border-bottom: 1px solid #DEDEDE; +} + +.board .table thead th { + vertical-align: bottom; +} + +.board .table td { + border-bottom: 1px solid #DEDEDE; + border-top: 1px solid white; + padding: 5px 20px; + text-shadow: 0px 1px 1px white; +} + +.board-content .control-group { + margin: 0px; + padding-top: 10px; + padding-bottom: 10px; +} + +.board-content hr { + margin: 0; +} + +article form { + margin-bottom: 0 +} + +#nav > #pages-nav > li.active div { + padding-top: 12px; + top: -2px; + color: #0098D8; + border-top-color: #0098D8; + border-top-width: 4px; + text-decoration: none; +} + +#nav > #pages-nav > li > div { + position: relative; + top: -1px; + display: block; + padding: 15px 5px 5px; + color: #888; + text-transform: uppercase; + border-top: 1px solid transparent; + cursor: pointer; + text-decoration: none; +} + + +.number { + margin-top: 6px; + width: 40px; + height: 40px; + font-size: 28px; + font-weight: 600; + text-align: center; + line-height: 40px; + color: white; + background: #08C; + border: 3px solid white; + box-shadow: 1px 1px 3px rgba(0, 0, 0, .4); + border-radius: 40px; + text-shadow: 1px 1px 2px rgba(0, 0, 0, .4); +} + +ol.questions > li { + padding-bottom: 12px; + font-size: 15px +} + +div.disclaimer { + border: 1px dashed #0098D8; + margin-top: 10px; + padding: 10px; +} + +@media (max-width:979px) { + button.signin { + margin-left: 15px; + border-radius: 20px!important; + } +} + +@media (max-width: 260px) { + .nav.float-right { + float: left!important; + } +} + +@media (min-width: 261px) { + .nav.float-right { + float: right!important; + } +} +]]>GET/resources/css/maincssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="F66484E8ADA3B55E6CCA195D5EFD384D";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="174495b2";
        X-Request-Memorid="c680ab99";sc="1";thid="48";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK li > a { + padding: 18px 10px; +} +.dropdown a.btn { + color: #ffffff; +} +.dropdown .modal-footer { + padding: 7px 15px; +} +.dropdown-menu .modal-body a { + padding: 3px 0px; + float: left; + clear: none; +} +.dropdown-menu a.link-modal { + padding: 3px 23px 3px 0; + float: left; + color: #4572a7; +} +.dropdown-menu a.link-modal:hover { + color: #4572a7; + text-decoration: none; +} +.navbar .bar-root { + margin-top: 10px; +} +.navbar .bar-root .dropdown-menu a { + color: #999; +} +.navbar .bar-root .dropdown-menu a:hover { + background: #222; +} +.navbar .bar-root .dropdown-menu img { + border: 1px solid #888; + margin-right: 4px; +} +.navbar .bar-root .label { + position: relative; + top: -9px; +} + +/*#####################################################################*/ + +body, html { + height: 100%; +} + +.wrapper { + min-height: 100%; + height: auto !important; + margin: 0 auto -121px; +} + +.push { + height: 147px; +} + +/*#####################################################################*/ + +div.item img { + width: 940px; + height: 401px; +} + +/*#####################################################################*/ +.content { + padding: 40px 60px 40px 60px; + min-height: 100%; +} +/*#####################################################################*/ + +.row.divider:last-child { + margin-bottom: 40px; + + border: none; +} + +.row-divider { + border: none; + margin: 10px 0 21px; + border-bottom: 1px dotted #0098D8; +} + +.content-divider { + margin-bottom : 10px; + margin-top : 10px; + + border: none; + border-bottom: 1px solid #0098D8; + + -webkit-box-shadow: inset 0 16px 8px -20px rgba(0, 0, 0, 0.4); + -moz-box-shadow: inset 0 15px 8px -20px rgba(0, 0, 0, 0.4); + -webkit-mask-image: -webkit-linear-gradient(left, rgba(0, 0, 0, 0), black 20%, black 80%, rgba(0, 0, 0, 0) 100%); + -moz-mask-image: -moz-linear-gradient(left, rgba(0, 0, 0, 0), black 20%, black 80%, rgba(0, 0, 0, 0) 100%); + +} + +/*#####################################################################*/ + +#nav { + margin-bottom: .5em; +} + +#nav > #pages-nav { + padding: 0; + margin: 0; + + border-top: 1px solid #A1A1A1; +} + +#nav > #pages-nav > li { + position: relative; + top: -1px; + + float: left; + + padding: 0 40px 0 0; + margin: 0; + + list-style: none; + + border-top: 1px solid #A1A1A1; +} + +#nav > #pages-nav > li:last-child { + padding-right: 0; +} + +#nav > #pages-nav > li > a { + position: relative; + top: -1px; + display: block; + padding: 15px 5px 5px; + color: #888; + text-transform: uppercase; + border-top: 1px solid transparent; + cursor: pointer; +} + +#nav > #pages-nav > li > a:hover, +#nav > #pages-nav > li.dropdown.open > a { + color: #0098D8; + + text-decoration: none; + + border-top-color: #0098D8; + border-top-width: 1px; +} + +#nav > #pages-nav > li.active a { + padding-top: 12px; + top: -2px; + + color: #0098D8; + + border-top-color: #0098D8; + border-top-width: 4px; +} + +#nav > #pages-nav > li > a > .caret { + position: relative; + top: -2px; + + margin-left: .5em; +} + +#nav .dropdown-menu a:hover { + background-color: #0098D8; +} + +#nav .dropdown-menu > li > a { + padding: 6px 12px; +} + +#nav .dropdown-menu i { + margin-right: .5em; + + font-size: 14px; +} + +#nav .dropdown-menu::before { + content: ''; + display: inline-block; + border-left: 7px solid transparent; + border-right: 7px solid transparent; + border-bottom: 7px solid #CCC; + border-bottom-color: rgba(0, 0, 0, 0.2); + position: absolute; + top: -7px; + left: 9px; +} + +#nav .dropdown-menu::after { + content: ''; + display: inline-block; + border-left: 6px solid transparent; + border-right: 6px solid transparent; + border-bottom: 6px solid white; + position: absolute; + top: -6px; + left: 10px; +} + +/*#####################################################################*/ + +#welcome { + padding-left: 90px; + text-align: center; +} + +/*#####################################################################*/ + +i.icon, .slash, i.icon-middle { + margin-right: 5px; + color: #0098D8; + font-size: 18px; + line-height: 18px; +} + +i.icon-middle { + font-size: 20px; + margin-right: 10px; + line-height: 30px; +} + +/**************************************** + Footer +***************************************/ + +.footer { + margin-top: 0; + line-height: 12px; + border-top: 1px solid #292929; +} + +.footer-inner { + padding: 15px 0; + + font-size: 12px; + background: #111; + color: #999; +} + +.footer a { + color: #999; +} + +.footer a:hover { + color: #FFF; + text-decoration: none; +} + +.extra { + border-top: 1px solid #E5E5E5; + background-color: whiteSmoke; +} + +.extra-inner { + padding: 20px 0; + font-size: 11px; +} + +.extra span { + color: #666; + cursor: pointer; +} + +.extra h4 { + margin-bottom: 1em; + + font-weight: 400; +} + +.extra ul { + padding: 0; + margin: 0; +} + +.extra li { + margin-bottom: .6em; + list-style: none; +} + +/***********************************************************/ + +.hero-home { + background: url('../img/online_banking_hero.jpg') no-repeat; + color: #0082D8; + position: relative; +} + +.hero-home p { + color: #0082D8; +} + +.large-btn:hover, +.large-btn:active, +.large-btn.active { + background-color: #5BB900; +} + +.large-btn { + font-size: 24px; + padding: 12px 32px; + font-weight: bold; + margin-top: 15px; + + background: #65C31F; + color: white; + border-color: #57AF17; + font-weight: bold; +} + +.text-shadow { + text-shadow: 1px 2px 5px black; +} + +.btn.text-shadow { + text-shadow: 2px 1px 1px black; +} + +.feature-description { + border-radius: 15px; + padding: 15px; + position: relative; + + background: #383838; +} + + +.margin15 { + margin-bottom: 15px +} + +.margin7top { + margin-top: 7px +} + +.margin20top { + margin-top: 20px +} + +a.actions { + padding: 4px 9px!important; + + border: 2px solid #A1A1A1; + border-radius: 4px; + font-size: 11px; + line-height: 1; + margin-left: 20px; + text-transform: uppercase; + margin-top: 10px +} + +.accordion-heading { + background-color: whiteSmoke; +} + +.footer.fixed { + position: fixed; + bottom: 0; + right: 0; + left: 0; +} + +.carousel-caption.custom { + top: 0; + width: 200px; + + background-color: rgba(0, 0, 0, 0.8) +} + +.item > img { + margin-left: 230px; +} + +.carousel-control.custom.left,.carousel-control.custom.right { + font-family: 'Helvetica Neue', Helvetica,Arial, sans-serif; + background: white; + border: none; + color: #2F96B4; + top: 50%; +} + +.carousel-control.custom.left { + left: -50px; +} + +.carousel-control.custom.right { + right: -50px; +} + +.button-large { + font-size: 20px; + padding: 20px 50px 20px 50px; +} + +.carousel-btn,.hero-btn { + position: absolute; + border-radius: 15px +} + +.carousel-btn { + bottom: 80px; + left: 27px; +} + +.hero-btn { + right: 130px; + top:35%; +} + +.signin-controls input { + padding: 8px 15px 8px 50px; + background-color: #FDFDFD; + width: 255px; + display: block; + margin: 0; + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8) +} + +input.login { + background: url(../img/user_login.png) no-repeat; +} + +input.password { + background: url(../img/password_login.png) no-repeat; +} + +.account_summary th { + color: #AFAFAF; +} + +.account_summary tbody tr:last-of-type{ + background-color: rgba(3, 152, 252, 0.1); +} + +.account_summary .activities { + text-decoration: underline; +} + +span.headers, span.link { + cursor: pointer; + color: #333; +} + +span.link { + color: #08C; + text-decoration: underline; +} + + +#account_summary .accordion-toggle { + text-decoration: none; +} + +.top_offset { + padding-top: 70px; + padding-bottom: 20px; +} + + +div.pictured { + position: relative; +} + +div.pictured i { + position: absolute; + top: 1px; + left: 1px; + font-size: 18px; + background-color: #E5F2FE; + padding-left: 13px; + padding-right: 13px; + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8); + border-top-left-radius: 2px; + border-bottom-left-radius: 2px; + padding-bottom: 7px; + padding-top: 7px; + color: #2F96FC; + width: 16px; + height: 22px; +} + +div.pictured textarea { + box-shadow: inset 0 0 2px rgba(47, 150, 252, 0.8); +} + +hr.wide { + margin-bottom: 30px; + margin-top: 30px; +} + + +/* Sidenav for Docs +-------------------------------------------------- */ + +.bs-docs-sidenav { + width: 228px; + margin: 30px 0 0; + padding: 0; + background-color: #fff; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; + -webkit-box-shadow: 0 1px 4px rgba(0,0,0,.065); + -moz-box-shadow: 0 1px 4px rgba(0,0,0,.065); + box-shadow: 0 1px 4px rgba(0,0,0,.065); +} +.bs-docs-sidenav > li > a { + display: block; + *width: 190px; + margin: 0 0 -1px; + padding: 8px 14px; + border: 1px solid #e5e5e5; +} +.bs-docs-sidenav > li:first-child > a { + -webkit-border-radius: 6px 6px 0 0; + -moz-border-radius: 6px 6px 0 0; + border-radius: 6px 6px 0 0; +} +.bs-docs-sidenav > li:last-child > a { + -webkit-border-radius: 0 0 6px 6px; + -moz-border-radius: 0 0 6px 6px; + border-radius: 0 0 6px 6px; +} +.bs-docs-sidenav > .active > a { + position: relative; + z-index: 2; + padding: 9px 15px; + border: 0; + text-shadow: 0 1px 0 rgba(0,0,0,.15); + -webkit-box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); + -moz-box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); + box-shadow: inset 1px 0 0 rgba(0,0,0,.1), inset -1px 0 0 rgba(0,0,0,.1); +} +/* Chevrons */ +.bs-docs-sidenav .icon-chevron-right { + float: right; + margin-top: 2px; + margin-right: -6px; + opacity: .25; +} +.bs-docs-sidenav > li > a:hover { + background-color: #f5f5f5; +} +.bs-docs-sidenav.affix { + top: 90px; +} +.bs-docs-sidenav.affix-bottom { + position: absolute; + top: auto; + bottom: 270px; +} + +/* Responsive +-------------------------------------------------- */ + +/* Desktop large +------------------------- */ +@media (min-width: 1200px) { + .bs-docs-container { + max-width: 970px; + } + .bs-docs-sidenav { + width: 258px; + } +} + + +hr.gray-dotted { + border-bottom: 1px dotted #D9D9D9; +} + +.blog { + padding-right: 30px; +} + +.blog > div { + padding-left: 10px; +} + +.blog p.date { + text-align: right; + padding-right: 10px; +} + +button.signin { + margin-right: 5px; + border-radius: 20px +} + +button.signin > i { + padding-right: 10px; +} + +.accordion-inner form { + margin-bottom: 0px; +} + + + +.board { + background: white; + padding: 3px; + box-shadow: rgba(0, 0, 0, 0.3) 0 1px 3px; + margin-bottom: 25px; + -webkit-border-top-right-radius: 4px; + -webkit-border-bottom-right-radius: 4px; + -webkit-border-bottom-left-radius: 4px; + -webkit-border-top-left-radius: 4px; + moz-border-radius-topright: 4px; + -moz-border-radius-bottomright: 4px; + -moz-border-radius-bottomleft: 4px; + -moz-border-radius-topleft: 4px; + border-radius: 4px 4px 4px 4px; + -moz-background-clip: padding; + -webkit-background-clip: padding-box; + background-clip: padding-box; +} + +.board-content { + display: block; + height: 100%; + -webkit-border-top-right-radius: 3px; + -webkit-border-bottom-right-radius: 3px; + -webkit-border-bottom-left-radius: 3px; + -webkit-border-top-left-radius: 3px; + moz-border-radius-topright: 3px; + -moz-border-radius-bottomright: 3px; + -moz-border-radius-bottomleft: 3px; + -moz-border-radius-topleft: 3px; + border-radius: 3px 3px 3px 3px; + -moz-background-clip: padding; + -webkit-background-clip: padding-box; + background-clip: padding-box; + background: #F3F3F3; + background: #F3F3F3; + background: -webkit-gradient(linear, left top, left bottom, from(#FBFBFB), to(#F3F3F3)); + background: -moz-linear-gradient(top, #FBFBFB, #F3F3F3); +} + +h2.board-header { + font-weight: normal; + letter-spacing: -1px; + padding: 5px 10px; + margin: 0; + text-shadow: 0px 1px 1px rgba(0, 0, 0, 0.2); + + font-size: 24px; + line-height: 36px; +} + + +.board .table { + margin-bottom: 0; + border-collapse: collapse; + border-spacing: 0; +} + +.board .table th, +.board .table td { + font-size: 12px; + padding: 5px 20px; + font-weight: bold; + border-bottom: 1px solid #DEDEDE; +} + +.board .table thead th { + vertical-align: bottom; +} + +.board .table td { + border-bottom: 1px solid #DEDEDE; + border-top: 1px solid white; + padding: 5px 20px; + text-shadow: 0px 1px 1px white; +} + +.board-content .control-group { + margin: 0px; + padding-top: 10px; + padding-bottom: 10px; +} + +.board-content hr { + margin: 0; +} + +article form { + margin-bottom: 0 +} + +#nav > #pages-nav > li.active div { + padding-top: 12px; + top: -2px; + color: #0098D8; + border-top-color: #0098D8; + border-top-width: 4px; + text-decoration: none; +} + +#nav > #pages-nav > li > div { + position: relative; + top: -1px; + display: block; + padding: 15px 5px 5px; + color: #888; + text-transform: uppercase; + border-top: 1px solid transparent; + cursor: pointer; + text-decoration: none; +} + + +.number { + margin-top: 6px; + width: 40px; + height: 40px; + font-size: 28px; + font-weight: 600; + text-align: center; + line-height: 40px; + color: white; + background: #08C; + border: 3px solid white; + box-shadow: 1px 1px 3px rgba(0, 0, 0, .4); + border-radius: 40px; + text-shadow: 1px 1px 2px rgba(0, 0, 0, .4); +} + +ol.questions > li { + padding-bottom: 12px; + font-size: 15px +} + +div.disclaimer { + border: 1px dashed #0098D8; + margin-top: 10px; + padding: 10px; +} + +@media (max-width:979px) { + button.signin { + margin-left: 15px; + border-radius: 20px!important; + } +} + +@media (max-width: 260px) { + .nav.float-right { + float: left!important; + } +} + +@media (min-width: 261px) { + .nav.float-right { + float: right!important; + } +} +]]>
        DateFri, 24 Feb 2023 14:01:44 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"15037-1360116138000"
        Last-ModifiedWed, 06 Feb 2013 02:02:18 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:44 GMT
        Content-Typetext/css;charset=UTF-8
        Content-Length15037
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/resources/css/bootstrap.min.csshttpzero.webappsecurity.com80li,ol.inline >li{display:inline-block;padding-left:5px;padding-right:5px;} +dl{margin-bottom:20px;} +dt,dd{line-height:20px;} +dt{font-weight:bold;} +dd{margin-left:10px;} +.dl-horizontal{*zoom:1;}.dl-horizontal:before,.dl-horizontal:after{display:table;content:"";line-height:0;} +.dl-horizontal:after{clear:both;} +.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;} +.dl-horizontal dd{margin-left:180px;} +hr{margin:20px 0;border:0;border-top:1px solid #eeeeee;border-bottom:1px solid #ffffff;} +abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999999;} +abbr.initialism{font-size:90%;text-transform:uppercase;} +blockquote{padding:0 0 0 15px;margin:0 0 20px;border-left:5px solid #eeeeee;}blockquote p{margin-bottom:0;font-size:16px;font-weight:300;line-height:25px;} +blockquote small{display:block;line-height:20px;color:#999999;}blockquote small:before{content:'\2014 \00A0';} +blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eeeeee;border-left:0;}blockquote.pull-right p,blockquote.pull-right small{text-align:right;} +blockquote.pull-right small:before{content:'';} +blockquote.pull-right small:after{content:'\00A0 \2014';} +q:before,q:after,blockquote:before,blockquote:after{content:"";} +address{display:block;margin-bottom:20px;font-style:normal;line-height:20px;} +code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:12px;color:#333333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +code{padding:2px 4px;color:#d14;background-color:#f7f7f9;border:1px solid #e1e1e8;white-space:nowrap;} +pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:20px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}pre.prettyprint{margin-bottom:20px;} +pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0;} +.pre-scrollable{max-height:340px;overflow-y:scroll;} +.label,.badge{display:inline-block;padding:2px 4px;font-size:11.844px;font-weight:bold;line-height:14px;color:#ffffff;vertical-align:baseline;white-space:nowrap;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#999999;} +.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.badge{padding-left:9px;padding-right:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px;} +.label:empty,.badge:empty{display:none;} +a.label:hover,a.badge:hover{color:#ffffff;text-decoration:none;cursor:pointer;} +.label-important,.badge-important{background-color:#b94a48;} +.label-important[href],.badge-important[href]{background-color:#953b39;} +.label-warning,.badge-warning{background-color:#f89406;} +.label-warning[href],.badge-warning[href]{background-color:#c67605;} +.label-success,.badge-success{background-color:#468847;} +.label-success[href],.badge-success[href]{background-color:#356635;} +.label-info,.badge-info{background-color:#3a87ad;} +.label-info[href],.badge-info[href]{background-color:#2d6987;} +.label-inverse,.badge-inverse{background-color:#333333;} +.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a;} +.btn .label,.btn .badge{position:relative;top:-1px;} +.btn-mini .label,.btn-mini .badge{top:0;} +table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0;} +.table{width:100%;margin-bottom:20px;}.table th,.table td{padding:8px;line-height:20px;text-align:left;vertical-align:top;border-top:1px solid #dddddd;} +.table th{font-weight:bold;} +.table thead th{vertical-align:bottom;} +.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0;} +.table tbody+tbody{border-top:2px solid #dddddd;} +.table .table{background-color:#ffffff;} +.table-condensed th,.table-condensed td{padding:4px 5px;} +.table-bordered{border:1px solid #dddddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.table-bordered th,.table-bordered td{border-left:1px solid #dddddd;} +.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0;} +.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child{-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;} +.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child{-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child{-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;-moz-border-radius-bottomleft:0;border-bottom-left-radius:0;} +.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;-moz-border-radius-bottomright:0;border-bottom-right-radius:0;} +.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;} +.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9;} +.table-hover tbody tr:hover td,.table-hover tbody tr:hover th{background-color:#f5f5f5;} +table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0;} +.table td.span1,.table th.span1{float:none;width:44px;margin-left:0;} +.table td.span2,.table th.span2{float:none;width:124px;margin-left:0;} +.table td.span3,.table th.span3{float:none;width:204px;margin-left:0;} +.table td.span4,.table th.span4{float:none;width:284px;margin-left:0;} +.table td.span5,.table th.span5{float:none;width:364px;margin-left:0;} +.table td.span6,.table th.span6{float:none;width:444px;margin-left:0;} +.table td.span7,.table th.span7{float:none;width:524px;margin-left:0;} +.table td.span8,.table th.span8{float:none;width:604px;margin-left:0;} +.table td.span9,.table th.span9{float:none;width:684px;margin-left:0;} +.table td.span10,.table th.span10{float:none;width:764px;margin-left:0;} +.table td.span11,.table th.span11{float:none;width:844px;margin-left:0;} +.table td.span12,.table th.span12{float:none;width:924px;margin-left:0;} +.table tbody tr.success td{background-color:#dff0d8;} +.table tbody tr.error td{background-color:#f2dede;} +.table tbody tr.warning td{background-color:#fcf8e3;} +.table tbody tr.info td{background-color:#d9edf7;} +.table-hover tbody tr.success:hover td{background-color:#d0e9c6;} +.table-hover tbody tr.error:hover td{background-color:#ebcccc;} +.table-hover tbody tr.warning:hover td{background-color:#faf2cc;} +.table-hover tbody tr.info:hover td{background-color:#c4e3f3;} +form{margin:0 0 20px;} +fieldset{padding:0;margin:0;border:0;} +legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:40px;color:#333333;border:0;border-bottom:1px solid #e5e5e5;}legend small{font-size:15px;color:#999999;} +label,input,button,select,textarea{font-size:14px;font-weight:normal;line-height:20px;} +input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;} +label{display:block;margin-bottom:5px;} +select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:20px;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;color:#555555;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;vertical-align:middle;} +input,textarea,.uneditable-input{width:206px;} +textarea{height:auto;} +textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#ffffff;border:1px solid #cccccc;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-webkit-transition:border linear .2s, box-shadow linear .2s;-moz-transition:border linear .2s, box-shadow linear .2s;-o-transition:border linear .2s, box-shadow linear .2s;transition:border linear .2s, box-shadow linear .2s;}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82, 168, 236, 0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);} +input[type="radio"],input[type="checkbox"]{margin:4px 0 0;*margin-top:0;margin-top:1px \9;line-height:normal;} +input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto;} +select,input[type="file"]{height:30px;*margin-top:4px;line-height:30px;} +select{width:220px;border:1px solid #cccccc;background-color:#ffffff;} +select[multiple],select[size]{height:auto;} +select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;} +.uneditable-input,.uneditable-textarea{color:#999999;background-color:#fcfcfc;border-color:#cccccc;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);cursor:not-allowed;} +.uneditable-input{overflow:hidden;white-space:nowrap;} +.uneditable-textarea{width:auto;height:auto;} +input:-moz-placeholder,textarea:-moz-placeholder{color:#999999;} +input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999999;} +input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999999;} +.radio,.checkbox{min-height:20px;padding-left:20px;} +.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px;} +.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px;} +.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle;} +.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px;} +.input-mini{width:60px;} +.input-small{width:90px;} +.input-medium{width:150px;} +.input-large{width:210px;} +.input-xlarge{width:270px;} +.input-xxlarge{width:530px;} +input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0;} +.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block;} +input,textarea,.uneditable-input{margin-left:0;} +.controls-row [class*="span"]+[class*="span"]{margin-left:20px;} +input.span12, textarea.span12, .uneditable-input.span12{width:926px;} +input.span11, textarea.span11, .uneditable-input.span11{width:846px;} +input.span10, textarea.span10, .uneditable-input.span10{width:766px;} +input.span9, textarea.span9, .uneditable-input.span9{width:686px;} +input.span8, textarea.span8, .uneditable-input.span8{width:606px;} +input.span7, textarea.span7, .uneditable-input.span7{width:526px;} +input.span6, textarea.span6, .uneditable-input.span6{width:446px;} +input.span5, textarea.span5, .uneditable-input.span5{width:366px;} +input.span4, textarea.span4, .uneditable-input.span4{width:286px;} +input.span3, textarea.span3, .uneditable-input.span3{width:206px;} +input.span2, textarea.span2, .uneditable-input.span2{width:126px;} +input.span1, textarea.span1, .uneditable-input.span1{width:46px;} +.controls-row{*zoom:1;}.controls-row:before,.controls-row:after{display:table;content:"";line-height:0;} +.controls-row:after{clear:both;} +.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left;} +.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px;} +input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eeeeee;} +input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent;} +.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853;} +.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853;} +.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;} +.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853;} +.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48;} +.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48;} +.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;} +.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48;} +.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847;} +.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847;} +.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;} +.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847;} +.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad;} +.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad;} +.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;} +.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad;} +input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b;}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7;} +.form-actions{padding:19px 20px 20px;margin-top:20px;margin-bottom:20px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1;}.form-actions:before,.form-actions:after{display:table;content:"";line-height:0;} +.form-actions:after{clear:both;} +.help-block,.help-inline{color:#595959;} +.help-block{display:block;margin-bottom:10px;} +.help-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle;padding-left:5px;} +.input-append,.input-prepend{margin-bottom:5px;font-size:0;white-space:nowrap;}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu{font-size:14px;} +.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2;} +.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:20px;min-width:16px;padding:4px 5px;font-size:14px;font-weight:normal;line-height:20px;text-align:center;text-shadow:0 1px 0 #ffffff;background-color:#eeeeee;border:1px solid #ccc;} +.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546;} +.input-prepend .add-on,.input-prepend .btn{margin-right:-1px;} +.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px;} +.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append .btn-group:first-child{margin-left:0;} +input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px;} +.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0;} +.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0;} +.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px;} +.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;*zoom:1;margin-bottom:0;vertical-align:middle;} +.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none;} +.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block;} +.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0;} +.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle;} +.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0;} +.control-group{margin-bottom:10px;} +legend+.control-group{margin-top:20px;-webkit-margin-top-collapse:separate;} +.form-horizontal .control-group{margin-bottom:20px;*zoom:1;}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;content:"";line-height:0;} +.form-horizontal .control-group:after{clear:both;} +.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right;} +.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0;}.form-horizontal .controls:first-child{*padding-left:180px;} +.form-horizontal .help-block{margin-bottom:0;} +.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:10px;} +.form-horizontal .form-actions{padding-left:180px;} +.btn{display:inline-block;*display:inline;*zoom:1;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;text-align:center;vertical-align:middle;cursor:pointer;color:#333333;text-shadow:0 1px 1px rgba(255, 255, 255, 0.75);background-color:#f5f5f5;background-image:-moz-linear-gradient(top, #ffffff, #e6e6e6);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6));background-image:-webkit-linear-gradient(top, #ffffff, #e6e6e6);background-image:-o-linear-gradient(top, #ffffff, #e6e6e6);background-image:linear-gradient(to bottom, #ffffff, #e6e6e6);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0);border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#e6e6e6;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border:1px solid #bbbbbb;*border:0;border-bottom-color:#a2a2a2;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*margin-left:.3em;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);}.btn:hover,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333333;background-color:#e6e6e6;*background-color:#d9d9d9;} +.btn:active,.btn.active{background-color:#cccccc \9;} +.btn:first-child{*margin-left:0;} +.btn:hover{color:#333333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position 0.1s linear;-moz-transition:background-position 0.1s linear;-o-transition:background-position 0.1s linear;transition:background-position 0.1s linear;} +.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;} +.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);} +.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} +.btn-large{padding:11px 19px;font-size:17.5px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px;} +.btn-small{padding:2px 10px;font-size:11.9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0;} +.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px;} +.btn-mini{padding:0 6px;font-size:10.5px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.btn-block{display:block;width:100%;padding-left:0;padding-right:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} +.btn-block+.btn-block{margin-top:5px;} +input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%;} +.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255, 255, 255, 0.75);} +.btn{border-color:#c5c5c5;border-color:rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.25);} +.btn-primary{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#006dcc;background-image:-moz-linear-gradient(top, #0088cc, #0044cc);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc));background-image:-webkit-linear-gradient(top, #0088cc, #0044cc);background-image:-o-linear-gradient(top, #0088cc, #0044cc);background-image:linear-gradient(to bottom, #0088cc, #0044cc);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0044cc', GradientType=0);border-color:#0044cc #0044cc #002a80;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#0044cc;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-primary:hover,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#ffffff;background-color:#0044cc;*background-color:#003bb3;} +.btn-primary:active,.btn-primary.active{background-color:#003399 \9;} +.btn-warning{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#faa732;background-image:-moz-linear-gradient(top, #fbb450, #f89406);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406));background-image:-webkit-linear-gradient(top, #fbb450, #f89406);background-image:-o-linear-gradient(top, #fbb450, #f89406);background-image:linear-gradient(to bottom, #fbb450, #f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0);border-color:#f89406 #f89406 #ad6704;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#f89406;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-warning:hover,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#ffffff;background-color:#f89406;*background-color:#df8505;} +.btn-warning:active,.btn-warning.active{background-color:#c67605 \9;} +.btn-danger{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#da4f49;background-image:-moz-linear-gradient(top, #ee5f5b, #bd362f);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f));background-image:-webkit-linear-gradient(top, #ee5f5b, #bd362f);background-image:-o-linear-gradient(top, #ee5f5b, #bd362f);background-image:linear-gradient(to bottom, #ee5f5b, #bd362f);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffbd362f', GradientType=0);border-color:#bd362f #bd362f #802420;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#bd362f;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-danger:hover,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#ffffff;background-color:#bd362f;*background-color:#a9302a;} +.btn-danger:active,.btn-danger.active{background-color:#942a25 \9;} +.btn-success{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#5bb75b;background-image:-moz-linear-gradient(top, #62c462, #51a351);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351));background-image:-webkit-linear-gradient(top, #62c462, #51a351);background-image:-o-linear-gradient(top, #62c462, #51a351);background-image:linear-gradient(to bottom, #62c462, #51a351);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff51a351', GradientType=0);border-color:#51a351 #51a351 #387038;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#51a351;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-success:hover,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#ffffff;background-color:#51a351;*background-color:#499249;} +.btn-success:active,.btn-success.active{background-color:#408140 \9;} +.btn-info{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#49afcd;background-image:-moz-linear-gradient(top, #5bc0de, #2f96b4);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4));background-image:-webkit-linear-gradient(top, #5bc0de, #2f96b4);background-image:-o-linear-gradient(top, #5bc0de, #2f96b4);background-image:linear-gradient(to bottom, #5bc0de, #2f96b4);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2f96b4', GradientType=0);border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#2f96b4;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-info:hover,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#ffffff;background-color:#2f96b4;*background-color:#2a85a0;} +.btn-info:active,.btn-info.active{background-color:#24748c \9;} +.btn-inverse{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#363636;background-image:-moz-linear-gradient(top, #444444, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222));background-image:-webkit-linear-gradient(top, #444444, #222222);background-image:-o-linear-gradient(top, #444444, #222222);background-image:linear-gradient(to bottom, #444444, #222222);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0);border-color:#222222 #222222 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#222222;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-inverse:hover,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#ffffff;background-color:#222222;*background-color:#151515;} +.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9;} +button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px;}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0;} +button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px;} +button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px;} +button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px;} +.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} +.btn-link{border-color:transparent;cursor:pointer;color:#0088cc;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-link:hover{color:#005580;text-decoration:underline;background-color:transparent;} +.btn-link[disabled]:hover{color:#333333;text-decoration:none;} +.btn-group{position:relative;display:inline-block;*display:inline;*zoom:1;font-size:0;vertical-align:middle;white-space:nowrap;*margin-left:.3em;}.btn-group:first-child{*margin-left:0;} +.btn-group+.btn-group{margin-left:5px;} +.btn-toolbar{font-size:0;margin-top:10px;margin-bottom:10px;}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px;} +.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-group>.btn+.btn{margin-left:-1px;} +.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:14px;} +.btn-group>.btn-mini{font-size:10.5px;} +.btn-group>.btn-small{font-size:11.9px;} +.btn-group>.btn-large{font-size:17.5px;} +.btn-group>.btn:first-child{margin-left:0;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-top-left-radius:6px;-moz-border-radius-topleft:6px;border-top-left-radius:6px;-webkit-border-bottom-left-radius:6px;-moz-border-radius-bottomleft:6px;border-bottom-left-radius:6px;} +.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;-moz-border-radius-topright:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;-moz-border-radius-bottomright:6px;border-bottom-right-radius:6px;} +.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2;} +.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0;} +.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);*padding-top:5px;*padding-bottom:5px;} +.btn-group>.btn-mini+.dropdown-toggle{padding-left:5px;padding-right:5px;*padding-top:2px;*padding-bottom:2px;} +.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px;} +.btn-group>.btn-large+.dropdown-toggle{padding-left:12px;padding-right:12px;*padding-top:7px;*padding-bottom:7px;} +.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);} +.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6;} +.btn-group.open .btn-primary.dropdown-toggle{background-color:#0044cc;} +.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406;} +.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f;} +.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351;} +.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4;} +.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222222;} +.btn .caret{margin-top:8px;margin-left:0;} +.btn-mini .caret,.btn-small .caret,.btn-large .caret{margin-top:6px;} +.btn-large .caret{border-left-width:5px;border-right-width:5px;border-top-width:5px;} +.dropup .btn-large .caret{border-bottom-width:5px;} +.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.btn-group-vertical{display:inline-block;*display:inline;*zoom:1;} +.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-group-vertical>.btn+.btn{margin-left:0;margin-top:-1px;} +.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;} +.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;} +.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0;} +.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;} +.nav{margin-left:0;margin-bottom:20px;list-style:none;} +.nav>li>a{display:block;} +.nav>li>a:hover{text-decoration:none;background-color:#eeeeee;} +.nav>li>a>img{max-width:none;} +.nav>.pull-right{float:right;} +.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:20px;color:#999999;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);text-transform:uppercase;} +.nav li+.nav-header{margin-top:9px;} +.nav-list{padding-left:15px;padding-right:15px;margin-bottom:0;} +.nav-list>li>a,.nav-list .nav-header{margin-left:-15px;margin-right:-15px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);} +.nav-list>li>a{padding:3px 15px;} +.nav-list>.active>a,.nav-list>.active>a:hover{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.2);background-color:#0088cc;} +.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px;} +.nav-list .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #ffffff;} +.nav-tabs,.nav-pills{*zoom:1;}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;content:"";line-height:0;} +.nav-tabs:after,.nav-pills:after{clear:both;} +.nav-tabs>li,.nav-pills>li{float:left;} +.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px;} +.nav-tabs{border-bottom:1px solid #ddd;} +.nav-tabs>li{margin-bottom:-1px;} +.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:20px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #dddddd;} +.nav-tabs>.active>a,.nav-tabs>.active>a:hover{color:#555555;background-color:#ffffff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default;} +.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;} +.nav-pills>.active>a,.nav-pills>.active>a:hover{color:#ffffff;background-color:#0088cc;} +.nav-stacked>li{float:none;} +.nav-stacked>li>a{margin-right:0;} +.nav-tabs.nav-stacked{border-bottom:0;} +.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.nav-tabs.nav-stacked>li>a:hover{border-color:#ddd;z-index:2;} +.nav-pills.nav-stacked>li>a{margin-bottom:3px;} +.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px;} +.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;} +.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.nav .dropdown-toggle .caret{border-top-color:#0088cc;border-bottom-color:#0088cc;margin-top:6px;} +.nav .dropdown-toggle:hover .caret{border-top-color:#005580;border-bottom-color:#005580;} +.nav-tabs .dropdown-toggle .caret{margin-top:8px;} +.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff;} +.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555555;border-bottom-color:#555555;} +.nav>.dropdown.active>a:hover{cursor:pointer;} +.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover{color:#ffffff;background-color:#999999;border-color:#999999;} +.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;opacity:1;filter:alpha(opacity=100);} +.tabs-stacked .open>a:hover{border-color:#999999;} +.tabbable{*zoom:1;}.tabbable:before,.tabbable:after{display:table;content:"";line-height:0;} +.tabbable:after{clear:both;} +.tab-content{overflow:auto;} +.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0;} +.tab-content>.tab-pane,.pill-content>.pill-pane{display:none;} +.tab-content>.active,.pill-content>.active{display:block;} +.tabs-below>.nav-tabs{border-top:1px solid #ddd;} +.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0;} +.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;}.tabs-below>.nav-tabs>li>a:hover{border-bottom-color:transparent;border-top-color:#ddd;} +.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover{border-color:transparent #ddd #ddd #ddd;} +.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none;} +.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px;} +.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd;} +.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.tabs-left>.nav-tabs>li>a:hover{border-color:#eeeeee #dddddd #eeeeee #eeeeee;} +.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover{border-color:#ddd transparent #ddd #ddd;*border-right-color:#ffffff;} +.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd;} +.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.tabs-right>.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #eeeeee #dddddd;} +.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover{border-color:#ddd #ddd #ddd transparent;*border-left-color:#ffffff;} +.nav>.disabled>a{color:#999999;} +.nav>.disabled>a:hover{text-decoration:none;background-color:transparent;cursor:default;} +.navbar{overflow:visible;margin-bottom:20px;*position:relative;*z-index:2;} +.navbar-inner{min-height:50px;padding-left:20px;padding-right:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top, #ffffff, #f2f2f2);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f2f2f2));background-image:-webkit-linear-gradient(top, #ffffff, #f2f2f2);background-image:-o-linear-gradient(top, #ffffff, #f2f2f2);background-image:linear-gradient(to bottom, #ffffff, #f2f2f2);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff2f2f2', GradientType=0);border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);-moz-box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);*zoom:1;}.navbar-inner:before,.navbar-inner:after{display:table;content:"";line-height:0;} +.navbar-inner:after{clear:both;} +.navbar .container{width:auto;} +.nav-collapse.collapse{height:auto;overflow:visible;} +.navbar .brand{float:left;display:block;padding:15px 20px 15px;margin-left:-20px;font-size:20px;font-weight:200;color:#777777;text-shadow:0 1px 0 #ffffff;}.navbar .brand:hover{text-decoration:none;} +.navbar-text{margin-bottom:0;line-height:50px;color:#777777;} +.navbar-link{color:#777777;}.navbar-link:hover{color:#333333;} +.navbar .divider-vertical{height:50px;margin:0 9px;border-left:1px solid #f2f2f2;border-right:1px solid #ffffff;} +.navbar .btn,.navbar .btn-group{margin-top:10px;} +.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn{margin-top:0;} +.navbar-form{margin-bottom:0;*zoom:1;}.navbar-form:before,.navbar-form:after{display:table;content:"";line-height:0;} +.navbar-form:after{clear:both;} +.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:10px;} +.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0;} +.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px;} +.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap;}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0;} +.navbar-search{position:relative;float:left;margin-top:10px;margin-bottom:0;}.navbar-search .search-query{margin-bottom:0;padding:4px 14px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.navbar-static-top{position:static;margin-bottom:0;}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0;} +.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px;} +.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0;} +.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-left:0;padding-right:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px;} +.navbar-fixed-top{top:0;} +.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,.1);box-shadow:0 1px 10px rgba(0,0,0,.1);} +.navbar-fixed-bottom{bottom:0;}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,.1);box-shadow:0 -1px 10px rgba(0,0,0,.1);} +.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0;} +.navbar .nav.pull-right{float:right;margin-right:0;} +.navbar .nav>li{float:left;} +.navbar .nav>li>a{float:none;padding:15px 15px 15px;color:#777777;text-decoration:none;text-shadow:0 1px 0 #ffffff;} +.navbar .nav .dropdown-toggle .caret{margin-top:8px;} +.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{background-color:transparent;color:#333333;text-decoration:none;} +.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);-moz-box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);} +.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-left:5px;margin-right:5px;color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#ededed;background-image:-moz-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5));background-image:-webkit-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:-o-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:linear-gradient(to bottom, #f2f2f2, #e5e5e5);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0);border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#e5e5e5;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);}.navbar .btn-navbar:hover,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#ffffff;background-color:#e5e5e5;*background-color:#d9d9d9;} +.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#cccccc \9;} +.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);-moz-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);} +.btn-navbar .icon-bar+.icon-bar{margin-top:3px;} +.navbar .nav>li>.dropdown-menu:before{content:'';display:inline-block;border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-bottom-color:rgba(0, 0, 0, 0.2);position:absolute;top:-7px;left:9px;} +.navbar .nav>li>.dropdown-menu:after{content:'';display:inline-block;border-left:6px solid transparent;border-right:6px solid transparent;border-bottom:6px solid #ffffff;position:absolute;top:-6px;left:10px;} +.navbar-fixed-bottom .nav>li>.dropdown-menu:before{border-top:7px solid #ccc;border-top-color:rgba(0, 0, 0, 0.2);border-bottom:0;bottom:-7px;top:auto;} +.navbar-fixed-bottom .nav>li>.dropdown-menu:after{border-top:6px solid #ffffff;border-bottom:0;bottom:-6px;top:auto;} +.navbar .nav li.dropdown>a:hover .caret{border-top-color:#555555;border-bottom-color:#555555;} +.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{background-color:#e5e5e5;color:#555555;} +.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777777;border-bottom-color:#777777;} +.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555555;border-bottom-color:#555555;} +.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{left:auto;right:0;}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{left:auto;right:12px;} +.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{left:auto;right:13px;} +.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{left:auto;right:100%;margin-left:0;margin-right:-1px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px;} +.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top, #222222, #111111);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#222222), to(#111111));background-image:-webkit-linear-gradient(top, #222222, #111111);background-image:-o-linear-gradient(top, #222222, #111111);background-image:linear-gradient(to bottom, #222222, #111111);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff111111', GradientType=0);border-color:#252525;} +.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999999;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover{color:#ffffff;} +.navbar-inverse .brand{color:#999999;} +.navbar-inverse .navbar-text{color:#999999;} +.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{background-color:transparent;color:#ffffff;} +.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#ffffff;background-color:#111111;} +.navbar-inverse .navbar-link{color:#999999;}.navbar-inverse .navbar-link:hover{color:#ffffff;} +.navbar-inverse .divider-vertical{border-left-color:#111111;border-right-color:#222222;} +.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{background-color:#111111;color:#ffffff;} +.navbar-inverse .nav li.dropdown>a:hover .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999999;border-bottom-color:#999999;} +.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.navbar-inverse .navbar-search .search-query{color:#ffffff;background-color:#515151;border-color:#111111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none;}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333333;text-shadow:0 1px 0 #ffffff;background-color:#ffffff;border:0;-webkit-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);-moz-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);box-shadow:0 0 3px rgba(0, 0, 0, 0.15);outline:0;} +.navbar-inverse .btn-navbar{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#0e0e0e;background-image:-moz-linear-gradient(top, #151515, #040404);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#151515), to(#040404));background-image:-webkit-linear-gradient(top, #151515, #040404);background-image:-o-linear-gradient(top, #151515, #040404);background-image:linear-gradient(to bottom, #151515, #040404);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515', endColorstr='#ff040404', GradientType=0);border-color:#040404 #040404 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#040404;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#ffffff;background-color:#040404;*background-color:#000000;} +.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000000 \9;} +.breadcrumb{padding:8px 15px;margin:0 0 20px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.breadcrumb>li{display:inline-block;*display:inline;*zoom:1;text-shadow:0 1px 0 #ffffff;}.breadcrumb>li>.divider{padding:0 5px;color:#ccc;} +.breadcrumb>.active{color:#999999;} +.pagination{margin:20px 0;} +.pagination ul{display:inline-block;*display:inline;*zoom:1;margin-left:0;margin-bottom:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);} +.pagination ul>li{display:inline;} +.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:20px;text-decoration:none;background-color:#ffffff;border:1px solid #dddddd;border-left-width:0;} +.pagination ul>li>a:hover,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5;} +.pagination ul>.active>a,.pagination ul>.active>span{color:#999999;cursor:default;} +.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover{color:#999999;background-color:transparent;cursor:default;} +.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.pagination-centered{text-align:center;} +.pagination-right{text-align:right;} +.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:17.5px;} +.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-top-left-radius:6px;-moz-border-radius-topleft:6px;border-top-left-radius:6px;-webkit-border-bottom-left-radius:6px;-moz-border-radius-bottomleft:6px;border-bottom-left-radius:6px;} +.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;-moz-border-radius-topright:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;-moz-border-radius-bottomright:6px;border-bottom-right-radius:6px;} +.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-top-left-radius:3px;-moz-border-radius-topleft:3px;border-top-left-radius:3px;-webkit-border-bottom-left-radius:3px;-moz-border-radius-bottomleft:3px;border-bottom-left-radius:3px;} +.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;-moz-border-radius-topright:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;-moz-border-radius-bottomright:3px;border-bottom-right-radius:3px;} +.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.9px;} +.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:10.5px;} +.pager{margin:20px 0;list-style:none;text-align:center;*zoom:1;}.pager:before,.pager:after{display:table;content:"";line-height:0;} +.pager:after{clear:both;} +.pager li{display:inline;} +.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.pager li>a:hover{text-decoration:none;background-color:#f5f5f5;} +.pager .next>a,.pager .next>span{float:right;} +.pager .previous>a,.pager .previous>span{float:left;} +.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>span{color:#999999;background-color:#fff;cursor:default;} +.thumbnails{margin-left:-20px;list-style:none;*zoom:1;}.thumbnails:before,.thumbnails:after{display:table;content:"";line-height:0;} +.thumbnails:after{clear:both;} +.row-fluid .thumbnails{margin-left:0;} +.thumbnails>li{float:left;margin-bottom:20px;margin-left:20px;} +.thumbnail{display:block;padding:4px;line-height:20px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);-moz-box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);-webkit-transition:all 0.2s ease-in-out;-moz-transition:all 0.2s ease-in-out;-o-transition:all 0.2s ease-in-out;transition:all 0.2s ease-in-out;} +a.thumbnail:hover{border-color:#0088cc;-webkit-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);-moz-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);} +.thumbnail>img{display:block;max-width:100%;margin-left:auto;margin-right:auto;} +.thumbnail .caption{padding:9px;color:#555555;} +.alert{padding:8px 35px 8px 14px;margin-bottom:20px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.alert,.alert h4{color:#c09853;} +.alert h4{margin:0;} +.alert .close{position:relative;top:-2px;right:-21px;line-height:20px;} +.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#468847;} +.alert-success h4{color:#468847;} +.alert-danger,.alert-error{background-color:#f2dede;border-color:#eed3d7;color:#b94a48;} +.alert-danger h4,.alert-error h4{color:#b94a48;} +.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#3a87ad;} +.alert-info h4{color:#3a87ad;} +.alert-block{padding-top:14px;padding-bottom:14px;} +.alert-block>p,.alert-block>ul{margin-bottom:0;} +.alert-block p+p{margin-top:5px;} +@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-o-keyframes progress-bar-stripes{from{background-position:0 0;} to{background-position:40px 0;}}@keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f7f7f7;background-image:-moz-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9));background-image:-webkit-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-o-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:linear-gradient(to bottom, #f5f5f5, #f9f9f9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#fff9f9f9', GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.progress .bar{width:0%;height:100%;color:#ffffff;float:left;font-size:12px;text-align:center;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top, #149bdf, #0480be);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be));background-image:-webkit-linear-gradient(top, #149bdf, #0480be);background-image:-o-linear-gradient(top, #149bdf, #0480be);background-image:linear-gradient(to bottom, #149bdf, #0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf', endColorstr='#ff0480be', GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width 0.6s ease;-moz-transition:width 0.6s ease;-o-transition:width 0.6s ease;transition:width 0.6s ease;} +.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);} +.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px;} +.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite;} +.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top, #ee5f5b, #c43c35);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35));background-image:-webkit-linear-gradient(top, #ee5f5b, #c43c35);background-image:-o-linear-gradient(top, #ee5f5b, #c43c35);background-image:linear-gradient(to bottom, #ee5f5b, #c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffc43c35', GradientType=0);} +.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top, #62c462, #57a957);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957));background-image:-webkit-linear-gradient(top, #62c462, #57a957);background-image:-o-linear-gradient(top, #62c462, #57a957);background-image:linear-gradient(to bottom, #62c462, #57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff57a957', GradientType=0);} +.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top, #5bc0de, #339bb9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9));background-image:-webkit-linear-gradient(top, #5bc0de, #339bb9);background-image:-o-linear-gradient(top, #5bc0de, #339bb9);background-image:linear-gradient(to bottom, #5bc0de, #339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff339bb9', GradientType=0);} +.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top, #fbb450, #f89406);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406));background-image:-webkit-linear-gradient(top, #fbb450, #f89406);background-image:-o-linear-gradient(top, #fbb450, #f89406);background-image:linear-gradient(to bottom, #fbb450, #f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0);} +.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:30px;color:inherit;background-color:#eeeeee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;color:inherit;letter-spacing:-1px;} +.hero-unit li{line-height:30px;} +.media,.media-body{overflow:hidden;*overflow:visible;zoom:1;} +.media,.media .media{margin-top:15px;} +.media:first-child{margin-top:0;} +.media-object{display:block;} +.media-heading{margin:0 0 5px;} +.media .pull-left{margin-right:10px;} +.media .pull-right{margin-left:10px;} +.media-list{margin-left:0;list-style:none;} +.tooltip{position:absolute;z-index:1030;display:block;visibility:visible;padding:5px;font-size:11px;opacity:0;filter:alpha(opacity=0);}.tooltip.in{opacity:0.8;filter:alpha(opacity=80);} +.tooltip.top{margin-top:-3px;} +.tooltip.right{margin-left:3px;} +.tooltip.bottom{margin-top:3px;} +.tooltip.left{margin-left:-3px;} +.tooltip-inner{max-width:200px;padding:3px 8px;color:#ffffff;text-align:center;text-decoration:none;background-color:#000000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid;} +.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000000;} +.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000000;} +.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000000;} +.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000000;} +.popover{position:absolute;top:0;left:0;z-index:1010;display:none;width:236px;padding:1px;text-align:left;background-color:#ffffff;-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-moz-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);white-space:normal;}.popover.top{margin-top:-10px;} +.popover.right{margin-left:10px;} +.popover.bottom{margin-top:10px;} +.popover.left{margin-left:-10px;} +.popover-title{margin:0;padding:8px 14px;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0;} +.popover-content{padding:9px 14px;} +.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid;} +.popover .arrow{border-width:11px;} +.popover .arrow:after{border-width:10px;content:"";} +.popover.top .arrow{left:50%;margin-left:-11px;border-bottom-width:0;border-top-color:#999;border-top-color:rgba(0, 0, 0, 0.25);bottom:-11px;}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-bottom-width:0;border-top-color:#ffffff;} +.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-left-width:0;border-right-color:#999;border-right-color:rgba(0, 0, 0, 0.25);}.popover.right .arrow:after{left:1px;bottom:-10px;border-left-width:0;border-right-color:#ffffff;} +.popover.bottom .arrow{left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0, 0, 0, 0.25);top:-11px;}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-top-width:0;border-bottom-color:#ffffff;} +.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0, 0, 0, 0.25);}.popover.left .arrow:after{right:1px;border-right-width:0;border-left-color:#ffffff;bottom:-10px;} +.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000000;}.modal-backdrop.fade{opacity:0;} +.modal-backdrop,.modal-backdrop.fade.in{opacity:0.8;filter:alpha(opacity=80);} +.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#ffffff;border:1px solid #999;border:1px solid rgba(0, 0, 0, 0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-moz-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box;outline:none;}.modal.fade{-webkit-transition:opacity .3s linear, top .3s ease-out;-moz-transition:opacity .3s linear, top .3s ease-out;-o-transition:opacity .3s linear, top .3s ease-out;transition:opacity .3s linear, top .3s ease-out;top:-25%;} +.modal.fade.in{top:10%;} +.modal-header{padding:9px 15px;border-bottom:1px solid #eee;}.modal-header .close{margin-top:2px;} +.modal-header h3{margin:0;line-height:30px;} +.modal-body{position:relative;overflow-y:auto;max-height:400px;padding:15px;} +.modal-form{margin-bottom:0;} +.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;-webkit-box-shadow:inset 0 1px 0 #ffffff;-moz-box-shadow:inset 0 1px 0 #ffffff;box-shadow:inset 0 1px 0 #ffffff;*zoom:1;}.modal-footer:before,.modal-footer:after{display:table;content:"";line-height:0;} +.modal-footer:after{clear:both;} +.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0;} +.modal-footer .btn-group .btn+.btn{margin-left:-1px;} +.modal-footer .btn-block+.btn-block{margin-left:0;} +.dropup,.dropdown{position:relative;} +.dropdown-toggle{*margin-bottom:-3px;} +.dropdown-toggle:active,.open .dropdown-toggle{outline:0;} +.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000000;border-right:4px solid transparent;border-left:4px solid transparent;content:"";} +.dropdown .caret{margin-top:8px;margin-left:2px;} +.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#ffffff;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-moz-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;}.dropdown-menu.pull-right{right:0;left:auto;} +.dropdown-menu .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #ffffff;} +.dropdown-menu li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:20px;color:#333333;white-space:nowrap;} +.dropdown-menu li>a:hover,.dropdown-menu li>a:focus,.dropdown-submenu:hover>a{text-decoration:none;color:#ffffff;background-color:#0081c2;background-image:-moz-linear-gradient(top, #0088cc, #0077b3);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3));background-image:-webkit-linear-gradient(top, #0088cc, #0077b3);background-image:-o-linear-gradient(top, #0088cc, #0077b3);background-image:linear-gradient(to bottom, #0088cc, #0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0);} +.dropdown-menu .active>a,.dropdown-menu .active>a:hover{color:#ffffff;text-decoration:none;outline:0;background-color:#0081c2;background-image:-moz-linear-gradient(top, #0088cc, #0077b3);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3));background-image:-webkit-linear-gradient(top, #0088cc, #0077b3);background-image:-o-linear-gradient(top, #0088cc, #0077b3);background-image:linear-gradient(to bottom, #0088cc, #0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0);} +.dropdown-menu .disabled>a,.dropdown-menu .disabled>a:hover{color:#999999;} +.dropdown-menu .disabled>a:hover{text-decoration:none;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);cursor:default;} +.open{*z-index:1000;}.open >.dropdown-menu{display:block;} +.pull-right>.dropdown-menu{right:0;left:auto;} +.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000000;content:"";} +.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px;} +.dropdown-submenu{position:relative;} +.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px;} +.dropdown-submenu:hover>.dropdown-menu{display:block;} +.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0;} +.dropdown-submenu>a:after{display:block;content:" ";float:right;width:0;height:0;border-color:transparent;border-style:solid;border-width:5px 0 5px 5px;border-left-color:#cccccc;margin-top:5px;margin-right:-10px;} +.dropdown-submenu:hover>a:after{border-left-color:#ffffff;} +.dropdown-submenu.pull-left{float:none;}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px;} +.dropdown .dropdown-menu .nav-header{padding-left:20px;padding-right:20px;} +.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.accordion{margin-bottom:20px;} +.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.accordion-heading{border-bottom:0;} +.accordion-heading .accordion-toggle{display:block;padding:8px 15px;} +.accordion-toggle{cursor:pointer;} +.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5;} +.carousel{position:relative;margin-bottom:20px;line-height:1;} +.carousel-inner{overflow:hidden;width:100%;position:relative;} +.carousel-inner>.item{display:none;position:relative;-webkit-transition:0.6s ease-in-out left;-moz-transition:0.6s ease-in-out left;-o-transition:0.6s ease-in-out left;transition:0.6s ease-in-out left;} +.carousel-inner>.item>img{display:block;line-height:1;} +.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block;} +.carousel-inner>.active{left:0;} +.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%;} +.carousel-inner>.next{left:100%;} +.carousel-inner>.prev{left:-100%;} +.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0;} +.carousel-inner>.active.left{left:-100%;} +.carousel-inner>.active.right{left:100%;} +.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#ffffff;text-align:center;background:#222222;border:3px solid #ffffff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:0.5;filter:alpha(opacity=50);}.carousel-control.right{left:auto;right:15px;} +.carousel-control:hover{color:#ffffff;text-decoration:none;opacity:0.9;filter:alpha(opacity=90);} +.carousel-caption{position:absolute;left:0;right:0;bottom:0;padding:15px;background:#333333;background:rgba(0, 0, 0, 0.75);} +.carousel-caption h4,.carousel-caption p{color:#ffffff;line-height:20px;} +.carousel-caption h4{margin:0 0 5px;} +.carousel-caption p{margin-bottom:0;} +.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);}.well blockquote{border-color:#ddd;border-color:rgba(0, 0, 0, 0.15);} +.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.close{float:right;font-size:20px;font-weight:bold;line-height:20px;color:#000000;text-shadow:0 1px 0 #ffffff;opacity:0.2;filter:alpha(opacity=20);}.close:hover{color:#000000;text-decoration:none;cursor:pointer;opacity:0.4;filter:alpha(opacity=40);} +button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;} +.pull-right{float:right;} +.pull-left{float:left;} +.hide{display:none;} +.show{display:block;} +.invisible{visibility:hidden;} +.affix{position:fixed;} +.fade{opacity:0;-webkit-transition:opacity 0.15s linear;-moz-transition:opacity 0.15s linear;-o-transition:opacity 0.15s linear;transition:opacity 0.15s linear;}.fade.in{opacity:1;} +.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height 0.35s ease;-moz-transition:height 0.35s ease;-o-transition:height 0.35s ease;transition:height 0.35s ease;}.collapse.in{height:auto;} +.hidden{display:none;visibility:hidden;} +.visible-phone{display:none !important;} +.visible-tablet{display:none !important;} +.hidden-desktop{display:none !important;} +.visible-desktop{display:inherit !important;} +@media (min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit !important;} .visible-desktop{display:none !important ;} .visible-tablet{display:inherit !important;} .hidden-tablet{display:none !important;}}@media (max-width:767px){.hidden-desktop{display:inherit !important;} .visible-desktop{display:none !important;} .visible-phone{display:inherit !important;} .hidden-phone{display:none !important;}}@media (max-width:767px){body{padding-left:20px;padding-right:20px;} .navbar-fixed-top,.navbar-fixed-bottom,.navbar-static-top{margin-left:-20px;margin-right:-20px;} .container-fluid{padding:0;} .dl-horizontal dt{float:none;clear:none;width:auto;text-align:left;} .dl-horizontal dd{margin-left:0;} .container{width:auto;} .row-fluid{width:100%;} .row,.thumbnails{margin-left:0;} .thumbnails>li{float:none;margin-left:0;} [class*="span"],.uneditable-input[class*="span"],.row-fluid [class*="span"]{float:none;display:block;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .span12,.row-fluid .span12{width:100%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .row-fluid [class*="offset"]:first-child{margin-left:0;} .input-large,.input-xlarge,.input-xxlarge,input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .input-prepend input,.input-append input,.input-prepend input[class*="span"],.input-append input[class*="span"]{display:inline-block;width:auto;} .controls-row [class*="span"]+[class*="span"]{margin-left:0;} .modal{position:fixed;top:20px;left:20px;right:20px;width:auto;margin:0;}.modal.fade{top:-100px;} .modal.fade.in{top:20px;}}@media (max-width:480px){.nav-collapse{-webkit-transform:translate3d(0, 0, 0);} .page-header h1 small{display:block;line-height:20px;} input[type="checkbox"],input[type="radio"]{border:1px solid #ccc;} .form-horizontal .control-label{float:none;width:auto;padding-top:0;text-align:left;} .form-horizontal .controls{margin-left:0;} .form-horizontal .control-list{padding-top:0;} .form-horizontal .form-actions{padding-left:10px;padding-right:10px;} .media .pull-left,.media .pull-right{float:none;display:block;margin-bottom:10px;} .media-object{margin-right:0;margin-left:0;} .modal{top:10px;left:10px;right:10px;} .modal-header .close{padding:10px;margin:-10px;} .carousel-caption{position:static;}}@media (min-width:768px) and (max-width:979px){.row{margin-left:-20px;*zoom:1;}.row:before,.row:after{display:table;content:"";line-height:0;} .row:after{clear:both;} [class*="span"]{float:left;min-height:1px;margin-left:20px;} .container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:724px;} .span12{width:724px;} .span11{width:662px;} .span10{width:600px;} .span9{width:538px;} .span8{width:476px;} .span7{width:414px;} .span6{width:352px;} .span5{width:290px;} .span4{width:228px;} .span3{width:166px;} .span2{width:104px;} .span1{width:42px;} .offset12{margin-left:764px;} .offset11{margin-left:702px;} .offset10{margin-left:640px;} .offset9{margin-left:578px;} .offset8{margin-left:516px;} .offset7{margin-left:454px;} .offset6{margin-left:392px;} .offset5{margin-left:330px;} .offset4{margin-left:268px;} .offset3{margin-left:206px;} .offset2{margin-left:144px;} .offset1{margin-left:82px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";line-height:0;} .row-fluid:after{clear:both;} .row-fluid [class*="span"]{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;float:left;margin-left:2.7624309392265194%;*margin-left:2.709239449864817%;} .row-fluid [class*="span"]:first-child{margin-left:0;} .row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.7624309392265194%;} .row-fluid .span12{width:100%;*width:99.94680851063829%;} .row-fluid .span11{width:91.43646408839778%;*width:91.38327259903608%;} .row-fluid .span10{width:82.87292817679558%;*width:82.81973668743387%;} .row-fluid .span9{width:74.30939226519337%;*width:74.25620077583166%;} .row-fluid .span8{width:65.74585635359117%;*width:65.69266486422946%;} .row-fluid .span7{width:57.18232044198895%;*width:57.12912895262725%;} .row-fluid .span6{width:48.61878453038674%;*width:48.56559304102504%;} .row-fluid .span5{width:40.05524861878453%;*width:40.00205712942283%;} .row-fluid .span4{width:31.491712707182323%;*width:31.43852121782062%;} .row-fluid .span3{width:22.92817679558011%;*width:22.87498530621841%;} .row-fluid .span2{width:14.3646408839779%;*width:14.311449394616199%;} .row-fluid .span1{width:5.801104972375691%;*width:5.747913483013988%;} .row-fluid .offset12{margin-left:105.52486187845304%;*margin-left:105.41847889972962%;} .row-fluid .offset12:first-child{margin-left:102.76243093922652%;*margin-left:102.6560479605031%;} .row-fluid .offset11{margin-left:96.96132596685082%;*margin-left:96.8549429881274%;} .row-fluid .offset11:first-child{margin-left:94.1988950276243%;*margin-left:94.09251204890089%;} .row-fluid .offset10{margin-left:88.39779005524862%;*margin-left:88.2914070765252%;} .row-fluid .offset10:first-child{margin-left:85.6353591160221%;*margin-left:85.52897613729868%;} .row-fluid .offset9{margin-left:79.8342541436464%;*margin-left:79.72787116492299%;} .row-fluid .offset9:first-child{margin-left:77.07182320441989%;*margin-left:76.96544022569647%;} .row-fluid .offset8{margin-left:71.2707182320442%;*margin-left:71.16433525332079%;} .row-fluid .offset8:first-child{margin-left:68.50828729281768%;*margin-left:68.40190431409427%;} .row-fluid .offset7{margin-left:62.70718232044199%;*margin-left:62.600799341718584%;} .row-fluid .offset7:first-child{margin-left:59.94475138121547%;*margin-left:59.838368402492065%;} .row-fluid .offset6{margin-left:54.14364640883978%;*margin-left:54.037263430116376%;} .row-fluid .offset6:first-child{margin-left:51.38121546961326%;*margin-left:51.27483249088986%;} .row-fluid .offset5{margin-left:45.58011049723757%;*margin-left:45.47372751851417%;} .row-fluid .offset5:first-child{margin-left:42.81767955801105%;*margin-left:42.71129657928765%;} .row-fluid .offset4{margin-left:37.01657458563536%;*margin-left:36.91019160691196%;} .row-fluid .offset4:first-child{margin-left:34.25414364640884%;*margin-left:34.14776066768544%;} .row-fluid .offset3{margin-left:28.45303867403315%;*margin-left:28.346655695309746%;} .row-fluid .offset3:first-child{margin-left:25.69060773480663%;*margin-left:25.584224756083227%;} .row-fluid .offset2{margin-left:19.88950276243094%;*margin-left:19.783119783707537%;} .row-fluid .offset2:first-child{margin-left:17.12707182320442%;*margin-left:17.02068884448102%;} .row-fluid .offset1{margin-left:11.32596685082873%;*margin-left:11.219583872105325%;} .row-fluid .offset1:first-child{margin-left:8.56353591160221%;*margin-left:8.457152932878806%;} input,textarea,.uneditable-input{margin-left:0;} .controls-row [class*="span"]+[class*="span"]{margin-left:20px;} input.span12, textarea.span12, .uneditable-input.span12{width:710px;} input.span11, textarea.span11, .uneditable-input.span11{width:648px;} input.span10, textarea.span10, .uneditable-input.span10{width:586px;} input.span9, textarea.span9, .uneditable-input.span9{width:524px;} input.span8, textarea.span8, .uneditable-input.span8{width:462px;} input.span7, textarea.span7, .uneditable-input.span7{width:400px;} input.span6, textarea.span6, .uneditable-input.span6{width:338px;} input.span5, textarea.span5, .uneditable-input.span5{width:276px;} input.span4, textarea.span4, .uneditable-input.span4{width:214px;} input.span3, textarea.span3, .uneditable-input.span3{width:152px;} input.span2, textarea.span2, .uneditable-input.span2{width:90px;} input.span1, textarea.span1, .uneditable-input.span1{width:28px;}}@media (min-width:1200px){.row{margin-left:-30px;*zoom:1;}.row:before,.row:after{display:table;content:"";line-height:0;} .row:after{clear:both;} [class*="span"]{float:left;min-height:1px;margin-left:30px;} .container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:1170px;} .span12{width:1170px;} .span11{width:1070px;} .span10{width:970px;} .span9{width:870px;} .span8{width:770px;} .span7{width:670px;} .span6{width:570px;} .span5{width:470px;} .span4{width:370px;} .span3{width:270px;} .span2{width:170px;} .span1{width:70px;} .offset12{margin-left:1230px;} .offset11{margin-left:1130px;} .offset10{margin-left:1030px;} .offset9{margin-left:930px;} .offset8{margin-left:830px;} .offset7{margin-left:730px;} .offset6{margin-left:630px;} .offset5{margin-left:530px;} .offset4{margin-left:430px;} .offset3{margin-left:330px;} .offset2{margin-left:230px;} .offset1{margin-left:130px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";line-height:0;} .row-fluid:after{clear:both;} .row-fluid [class*="span"]{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;float:left;margin-left:2.564102564102564%;*margin-left:2.5109110747408616%;} .row-fluid [class*="span"]:first-child{margin-left:0;} .row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.564102564102564%;} .row-fluid .span12{width:100%;*width:99.94680851063829%;} .row-fluid .span11{width:91.45299145299145%;*width:91.39979996362975%;} .row-fluid .span10{width:82.90598290598291%;*width:82.8527914166212%;} .row-fluid .span9{width:74.35897435897436%;*width:74.30578286961266%;} .row-fluid .span8{width:65.81196581196582%;*width:65.75877432260411%;} .row-fluid .span7{width:57.26495726495726%;*width:57.21176577559556%;} .row-fluid .span6{width:48.717948717948715%;*width:48.664757228587014%;} .row-fluid .span5{width:40.17094017094017%;*width:40.11774868157847%;} .row-fluid .span4{width:31.623931623931625%;*width:31.570740134569924%;} .row-fluid .span3{width:23.076923076923077%;*width:23.023731587561375%;} .row-fluid .span2{width:14.52991452991453%;*width:14.476723040552828%;} .row-fluid .span1{width:5.982905982905983%;*width:5.929714493544281%;} .row-fluid .offset12{margin-left:105.12820512820512%;*margin-left:105.02182214948171%;} .row-fluid .offset12:first-child{margin-left:102.56410256410257%;*margin-left:102.45771958537915%;} .row-fluid .offset11{margin-left:96.58119658119658%;*margin-left:96.47481360247316%;} .row-fluid .offset11:first-child{margin-left:94.01709401709402%;*margin-left:93.91071103837061%;} .row-fluid .offset10{margin-left:88.03418803418803%;*margin-left:87.92780505546462%;} .row-fluid .offset10:first-child{margin-left:85.47008547008548%;*margin-left:85.36370249136206%;} .row-fluid .offset9{margin-left:79.48717948717949%;*margin-left:79.38079650845607%;} .row-fluid .offset9:first-child{margin-left:76.92307692307693%;*margin-left:76.81669394435352%;} .row-fluid .offset8{margin-left:70.94017094017094%;*margin-left:70.83378796144753%;} .row-fluid .offset8:first-child{margin-left:68.37606837606839%;*margin-left:68.26968539734497%;} .row-fluid .offset7{margin-left:62.393162393162385%;*margin-left:62.28677941443899%;} .row-fluid .offset7:first-child{margin-left:59.82905982905982%;*margin-left:59.72267685033642%;} .row-fluid .offset6{margin-left:53.84615384615384%;*margin-left:53.739770867430444%;} .row-fluid .offset6:first-child{margin-left:51.28205128205128%;*margin-left:51.175668303327875%;} .row-fluid .offset5{margin-left:45.299145299145295%;*margin-left:45.1927623204219%;} .row-fluid .offset5:first-child{margin-left:42.73504273504273%;*margin-left:42.62865975631933%;} .row-fluid .offset4{margin-left:36.75213675213675%;*margin-left:36.645753773413354%;} .row-fluid .offset4:first-child{margin-left:34.18803418803419%;*margin-left:34.081651209310785%;} .row-fluid .offset3{margin-left:28.205128205128204%;*margin-left:28.0987452264048%;} .row-fluid .offset3:first-child{margin-left:25.641025641025642%;*margin-left:25.53464266230224%;} .row-fluid .offset2{margin-left:19.65811965811966%;*margin-left:19.551736679396257%;} .row-fluid .offset2:first-child{margin-left:17.094017094017094%;*margin-left:16.98763411529369%;} .row-fluid .offset1{margin-left:11.11111111111111%;*margin-left:11.004728132387708%;} .row-fluid .offset1:first-child{margin-left:8.547008547008547%;*margin-left:8.440625568285142%;} input,textarea,.uneditable-input{margin-left:0;} .controls-row [class*="span"]+[class*="span"]{margin-left:30px;} input.span12, textarea.span12, .uneditable-input.span12{width:1156px;} input.span11, textarea.span11, .uneditable-input.span11{width:1056px;} input.span10, textarea.span10, .uneditable-input.span10{width:956px;} input.span9, textarea.span9, .uneditable-input.span9{width:856px;} input.span8, textarea.span8, .uneditable-input.span8{width:756px;} input.span7, textarea.span7, .uneditable-input.span7{width:656px;} input.span6, textarea.span6, .uneditable-input.span6{width:556px;} input.span5, textarea.span5, .uneditable-input.span5{width:456px;} input.span4, textarea.span4, .uneditable-input.span4{width:356px;} input.span3, textarea.span3, .uneditable-input.span3{width:256px;} input.span2, textarea.span2, .uneditable-input.span2{width:156px;} input.span1, textarea.span1, .uneditable-input.span1{width:56px;} .thumbnails{margin-left:-30px;} .thumbnails>li{margin-left:30px;} .row-fluid .thumbnails{margin-left:0;}}@media (max-width:979px){body{padding-top:0;} .navbar-fixed-top,.navbar-fixed-bottom{position:static;} .navbar-fixed-top{margin-bottom:20px;} .navbar-fixed-bottom{margin-top:20px;} .navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding:5px;} .navbar .container{width:auto;padding:0;} .navbar .brand{padding-left:10px;padding-right:10px;margin:0 0 0 -5px;} .nav-collapse{clear:both;} .nav-collapse .nav{float:none;margin:0 0 10px;} .nav-collapse .nav>li{float:none;} .nav-collapse .nav>li>a{margin-bottom:2px;} .nav-collapse .nav>.divider-vertical{display:none;} .nav-collapse .nav .nav-header{color:#777777;text-shadow:none;} .nav-collapse .nav>li>a,.nav-collapse .dropdown-menu a{padding:9px 15px;font-weight:bold;color:#777777;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} .nav-collapse .btn{padding:4px 10px 4px;font-weight:normal;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} .nav-collapse .dropdown-menu li+li a{margin-bottom:2px;} .nav-collapse .nav>li>a:hover,.nav-collapse .dropdown-menu a:hover{background-color:#f2f2f2;} .navbar-inverse .nav-collapse .nav>li>a,.navbar-inverse .nav-collapse .dropdown-menu a{color:#999999;} .navbar-inverse .nav-collapse .nav>li>a:hover,.navbar-inverse .nav-collapse .dropdown-menu a:hover{background-color:#111111;} .nav-collapse.in .btn-group{margin-top:5px;padding:0;} .nav-collapse .dropdown-menu{position:static;top:auto;left:auto;float:none;display:none;max-width:none;margin:0 15px;padding:0;background-color:transparent;border:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} .nav-collapse .open>.dropdown-menu{display:block;} .nav-collapse .dropdown-menu:before,.nav-collapse .dropdown-menu:after{display:none;} .nav-collapse .dropdown-menu .divider{display:none;} .nav-collapse .nav>li>.dropdown-menu:before,.nav-collapse .nav>li>.dropdown-menu:after{display:none;} .nav-collapse .navbar-form,.nav-collapse .navbar-search{float:none;padding:10px 15px;margin:10px 0;border-top:1px solid #f2f2f2;border-bottom:1px solid #f2f2f2;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);} .navbar-inverse .nav-collapse .navbar-form,.navbar-inverse .nav-collapse .navbar-search{border-top-color:#111111;border-bottom-color:#111111;} .navbar .nav-collapse .nav.pull-right{float:none;margin-left:0;} .nav-collapse,.nav-collapse.collapse{overflow:hidden;height:0;} .navbar .btn-navbar{display:block;} .navbar-static .navbar-inner{padding-left:10px;padding-right:10px;}}@media (min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important;}} +]]>GET/resources/css/bootstrap.mincssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="44E3412C3C3696A59B5B64AC4DBE596D";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="637f858a";
        X-Request-Memorid="115df203";sc="1";thid="49";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OKli,ol.inline >li{display:inline-block;padding-left:5px;padding-right:5px;} +dl{margin-bottom:20px;} +dt,dd{line-height:20px;} +dt{font-weight:bold;} +dd{margin-left:10px;} +.dl-horizontal{*zoom:1;}.dl-horizontal:before,.dl-horizontal:after{display:table;content:"";line-height:0;} +.dl-horizontal:after{clear:both;} +.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;} +.dl-horizontal dd{margin-left:180px;} +hr{margin:20px 0;border:0;border-top:1px solid #eeeeee;border-bottom:1px solid #ffffff;} +abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999999;} +abbr.initialism{font-size:90%;text-transform:uppercase;} +blockquote{padding:0 0 0 15px;margin:0 0 20px;border-left:5px solid #eeeeee;}blockquote p{margin-bottom:0;font-size:16px;font-weight:300;line-height:25px;} +blockquote small{display:block;line-height:20px;color:#999999;}blockquote small:before{content:'\2014 \00A0';} +blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eeeeee;border-left:0;}blockquote.pull-right p,blockquote.pull-right small{text-align:right;} +blockquote.pull-right small:before{content:'';} +blockquote.pull-right small:after{content:'\00A0 \2014';} +q:before,q:after,blockquote:before,blockquote:after{content:"";} +address{display:block;margin-bottom:20px;font-style:normal;line-height:20px;} +code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:12px;color:#333333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +code{padding:2px 4px;color:#d14;background-color:#f7f7f9;border:1px solid #e1e1e8;white-space:nowrap;} +pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:20px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}pre.prettyprint{margin-bottom:20px;} +pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0;} +.pre-scrollable{max-height:340px;overflow-y:scroll;} +.label,.badge{display:inline-block;padding:2px 4px;font-size:11.844px;font-weight:bold;line-height:14px;color:#ffffff;vertical-align:baseline;white-space:nowrap;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#999999;} +.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.badge{padding-left:9px;padding-right:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px;} +.label:empty,.badge:empty{display:none;} +a.label:hover,a.badge:hover{color:#ffffff;text-decoration:none;cursor:pointer;} +.label-important,.badge-important{background-color:#b94a48;} +.label-important[href],.badge-important[href]{background-color:#953b39;} +.label-warning,.badge-warning{background-color:#f89406;} +.label-warning[href],.badge-warning[href]{background-color:#c67605;} +.label-success,.badge-success{background-color:#468847;} +.label-success[href],.badge-success[href]{background-color:#356635;} +.label-info,.badge-info{background-color:#3a87ad;} +.label-info[href],.badge-info[href]{background-color:#2d6987;} +.label-inverse,.badge-inverse{background-color:#333333;} +.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a;} +.btn .label,.btn .badge{position:relative;top:-1px;} +.btn-mini .label,.btn-mini .badge{top:0;} +table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0;} +.table{width:100%;margin-bottom:20px;}.table th,.table td{padding:8px;line-height:20px;text-align:left;vertical-align:top;border-top:1px solid #dddddd;} +.table th{font-weight:bold;} +.table thead th{vertical-align:bottom;} +.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0;} +.table tbody+tbody{border-top:2px solid #dddddd;} +.table .table{background-color:#ffffff;} +.table-condensed th,.table-condensed td{padding:4px 5px;} +.table-bordered{border:1px solid #dddddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.table-bordered th,.table-bordered td{border-left:1px solid #dddddd;} +.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0;} +.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child{-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;} +.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child{-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child{-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;-moz-border-radius-bottomleft:0;border-bottom-left-radius:0;} +.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;-moz-border-radius-bottomright:0;border-bottom-right-radius:0;} +.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;} +.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9;} +.table-hover tbody tr:hover td,.table-hover tbody tr:hover th{background-color:#f5f5f5;} +table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0;} +.table td.span1,.table th.span1{float:none;width:44px;margin-left:0;} +.table td.span2,.table th.span2{float:none;width:124px;margin-left:0;} +.table td.span3,.table th.span3{float:none;width:204px;margin-left:0;} +.table td.span4,.table th.span4{float:none;width:284px;margin-left:0;} +.table td.span5,.table th.span5{float:none;width:364px;margin-left:0;} +.table td.span6,.table th.span6{float:none;width:444px;margin-left:0;} +.table td.span7,.table th.span7{float:none;width:524px;margin-left:0;} +.table td.span8,.table th.span8{float:none;width:604px;margin-left:0;} +.table td.span9,.table th.span9{float:none;width:684px;margin-left:0;} +.table td.span10,.table th.span10{float:none;width:764px;margin-left:0;} +.table td.span11,.table th.span11{float:none;width:844px;margin-left:0;} +.table td.span12,.table th.span12{float:none;width:924px;margin-left:0;} +.table tbody tr.success td{background-color:#dff0d8;} +.table tbody tr.error td{background-color:#f2dede;} +.table tbody tr.warning td{background-color:#fcf8e3;} +.table tbody tr.info td{background-color:#d9edf7;} +.table-hover tbody tr.success:hover td{background-color:#d0e9c6;} +.table-hover tbody tr.error:hover td{background-color:#ebcccc;} +.table-hover tbody tr.warning:hover td{background-color:#faf2cc;} +.table-hover tbody tr.info:hover td{background-color:#c4e3f3;} +form{margin:0 0 20px;} +fieldset{padding:0;margin:0;border:0;} +legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:40px;color:#333333;border:0;border-bottom:1px solid #e5e5e5;}legend small{font-size:15px;color:#999999;} +label,input,button,select,textarea{font-size:14px;font-weight:normal;line-height:20px;} +input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;} +label{display:block;margin-bottom:5px;} +select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:20px;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;color:#555555;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;vertical-align:middle;} +input,textarea,.uneditable-input{width:206px;} +textarea{height:auto;} +textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#ffffff;border:1px solid #cccccc;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-webkit-transition:border linear .2s, box-shadow linear .2s;-moz-transition:border linear .2s, box-shadow linear .2s;-o-transition:border linear .2s, box-shadow linear .2s;transition:border linear .2s, box-shadow linear .2s;}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82, 168, 236, 0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6);} +input[type="radio"],input[type="checkbox"]{margin:4px 0 0;*margin-top:0;margin-top:1px \9;line-height:normal;} +input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto;} +select,input[type="file"]{height:30px;*margin-top:4px;line-height:30px;} +select{width:220px;border:1px solid #cccccc;background-color:#ffffff;} +select[multiple],select[size]{height:auto;} +select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;} +.uneditable-input,.uneditable-textarea{color:#999999;background-color:#fcfcfc;border-color:#cccccc;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);cursor:not-allowed;} +.uneditable-input{overflow:hidden;white-space:nowrap;} +.uneditable-textarea{width:auto;height:auto;} +input:-moz-placeholder,textarea:-moz-placeholder{color:#999999;} +input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999999;} +input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999999;} +.radio,.checkbox{min-height:20px;padding-left:20px;} +.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px;} +.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px;} +.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle;} +.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px;} +.input-mini{width:60px;} +.input-small{width:90px;} +.input-medium{width:150px;} +.input-large{width:210px;} +.input-xlarge{width:270px;} +.input-xxlarge{width:530px;} +input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0;} +.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block;} +input,textarea,.uneditable-input{margin-left:0;} +.controls-row [class*="span"]+[class*="span"]{margin-left:20px;} +input.span12, textarea.span12, .uneditable-input.span12{width:926px;} +input.span11, textarea.span11, .uneditable-input.span11{width:846px;} +input.span10, textarea.span10, .uneditable-input.span10{width:766px;} +input.span9, textarea.span9, .uneditable-input.span9{width:686px;} +input.span8, textarea.span8, .uneditable-input.span8{width:606px;} +input.span7, textarea.span7, .uneditable-input.span7{width:526px;} +input.span6, textarea.span6, .uneditable-input.span6{width:446px;} +input.span5, textarea.span5, .uneditable-input.span5{width:366px;} +input.span4, textarea.span4, .uneditable-input.span4{width:286px;} +input.span3, textarea.span3, .uneditable-input.span3{width:206px;} +input.span2, textarea.span2, .uneditable-input.span2{width:126px;} +input.span1, textarea.span1, .uneditable-input.span1{width:46px;} +.controls-row{*zoom:1;}.controls-row:before,.controls-row:after{display:table;content:"";line-height:0;} +.controls-row:after{clear:both;} +.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left;} +.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px;} +input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eeeeee;} +input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent;} +.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853;} +.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853;} +.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #dbc59e;} +.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853;} +.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48;} +.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48;} +.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #d59392;} +.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48;} +.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847;} +.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847;} +.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7aba7b;} +.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847;} +.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad;} +.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad;} +.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 6px #7ab5d3;} +.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad;} +input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b;}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7;} +.form-actions{padding:19px 20px 20px;margin-top:20px;margin-bottom:20px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1;}.form-actions:before,.form-actions:after{display:table;content:"";line-height:0;} +.form-actions:after{clear:both;} +.help-block,.help-inline{color:#595959;} +.help-block{display:block;margin-bottom:10px;} +.help-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle;padding-left:5px;} +.input-append,.input-prepend{margin-bottom:5px;font-size:0;white-space:nowrap;}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu{font-size:14px;} +.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2;} +.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:20px;min-width:16px;padding:4px 5px;font-size:14px;font-weight:normal;line-height:20px;text-align:center;text-shadow:0 1px 0 #ffffff;background-color:#eeeeee;border:1px solid #ccc;} +.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546;} +.input-prepend .add-on,.input-prepend .btn{margin-right:-1px;} +.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px;} +.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.input-prepend.input-append .btn-group:first-child{margin-left:0;} +input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px;} +.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0;} +.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0;} +.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px;} +.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;*zoom:1;margin-bottom:0;vertical-align:middle;} +.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none;} +.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block;} +.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0;} +.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle;} +.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0;} +.control-group{margin-bottom:10px;} +legend+.control-group{margin-top:20px;-webkit-margin-top-collapse:separate;} +.form-horizontal .control-group{margin-bottom:20px;*zoom:1;}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;content:"";line-height:0;} +.form-horizontal .control-group:after{clear:both;} +.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right;} +.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0;}.form-horizontal .controls:first-child{*padding-left:180px;} +.form-horizontal .help-block{margin-bottom:0;} +.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:10px;} +.form-horizontal .form-actions{padding-left:180px;} +.btn{display:inline-block;*display:inline;*zoom:1;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;text-align:center;vertical-align:middle;cursor:pointer;color:#333333;text-shadow:0 1px 1px rgba(255, 255, 255, 0.75);background-color:#f5f5f5;background-image:-moz-linear-gradient(top, #ffffff, #e6e6e6);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6));background-image:-webkit-linear-gradient(top, #ffffff, #e6e6e6);background-image:-o-linear-gradient(top, #ffffff, #e6e6e6);background-image:linear-gradient(to bottom, #ffffff, #e6e6e6);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0);border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#e6e6e6;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border:1px solid #bbbbbb;*border:0;border-bottom-color:#a2a2a2;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*margin-left:.3em;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);}.btn:hover,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333333;background-color:#e6e6e6;*background-color:#d9d9d9;} +.btn:active,.btn.active{background-color:#cccccc \9;} +.btn:first-child{*margin-left:0;} +.btn:hover{color:#333333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position 0.1s linear;-moz-transition:background-position 0.1s linear;-o-transition:background-position 0.1s linear;transition:background-position 0.1s linear;} +.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;} +.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);} +.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} +.btn-large{padding:11px 19px;font-size:17.5px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px;} +.btn-small{padding:2px 10px;font-size:11.9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0;} +.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px;} +.btn-mini{padding:0 6px;font-size:10.5px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.btn-block{display:block;width:100%;padding-left:0;padding-right:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} +.btn-block+.btn-block{margin-top:5px;} +input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%;} +.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255, 255, 255, 0.75);} +.btn{border-color:#c5c5c5;border-color:rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.15) rgba(0, 0, 0, 0.25);} +.btn-primary{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#006dcc;background-image:-moz-linear-gradient(top, #0088cc, #0044cc);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc));background-image:-webkit-linear-gradient(top, #0088cc, #0044cc);background-image:-o-linear-gradient(top, #0088cc, #0044cc);background-image:linear-gradient(to bottom, #0088cc, #0044cc);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0044cc', GradientType=0);border-color:#0044cc #0044cc #002a80;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#0044cc;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-primary:hover,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#ffffff;background-color:#0044cc;*background-color:#003bb3;} +.btn-primary:active,.btn-primary.active{background-color:#003399 \9;} +.btn-warning{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#faa732;background-image:-moz-linear-gradient(top, #fbb450, #f89406);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406));background-image:-webkit-linear-gradient(top, #fbb450, #f89406);background-image:-o-linear-gradient(top, #fbb450, #f89406);background-image:linear-gradient(to bottom, #fbb450, #f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0);border-color:#f89406 #f89406 #ad6704;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#f89406;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-warning:hover,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#ffffff;background-color:#f89406;*background-color:#df8505;} +.btn-warning:active,.btn-warning.active{background-color:#c67605 \9;} +.btn-danger{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#da4f49;background-image:-moz-linear-gradient(top, #ee5f5b, #bd362f);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f));background-image:-webkit-linear-gradient(top, #ee5f5b, #bd362f);background-image:-o-linear-gradient(top, #ee5f5b, #bd362f);background-image:linear-gradient(to bottom, #ee5f5b, #bd362f);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffbd362f', GradientType=0);border-color:#bd362f #bd362f #802420;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#bd362f;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-danger:hover,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#ffffff;background-color:#bd362f;*background-color:#a9302a;} +.btn-danger:active,.btn-danger.active{background-color:#942a25 \9;} +.btn-success{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#5bb75b;background-image:-moz-linear-gradient(top, #62c462, #51a351);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351));background-image:-webkit-linear-gradient(top, #62c462, #51a351);background-image:-o-linear-gradient(top, #62c462, #51a351);background-image:linear-gradient(to bottom, #62c462, #51a351);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff51a351', GradientType=0);border-color:#51a351 #51a351 #387038;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#51a351;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-success:hover,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#ffffff;background-color:#51a351;*background-color:#499249;} +.btn-success:active,.btn-success.active{background-color:#408140 \9;} +.btn-info{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#49afcd;background-image:-moz-linear-gradient(top, #5bc0de, #2f96b4);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4));background-image:-webkit-linear-gradient(top, #5bc0de, #2f96b4);background-image:-o-linear-gradient(top, #5bc0de, #2f96b4);background-image:linear-gradient(to bottom, #5bc0de, #2f96b4);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2f96b4', GradientType=0);border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#2f96b4;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-info:hover,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#ffffff;background-color:#2f96b4;*background-color:#2a85a0;} +.btn-info:active,.btn-info.active{background-color:#24748c \9;} +.btn-inverse{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#363636;background-image:-moz-linear-gradient(top, #444444, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222));background-image:-webkit-linear-gradient(top, #444444, #222222);background-image:-o-linear-gradient(top, #444444, #222222);background-image:linear-gradient(to bottom, #444444, #222222);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0);border-color:#222222 #222222 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#222222;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-inverse:hover,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#ffffff;background-color:#222222;*background-color:#151515;} +.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9;} +button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px;}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0;} +button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px;} +button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px;} +button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px;} +.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} +.btn-link{border-color:transparent;cursor:pointer;color:#0088cc;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-link:hover{color:#005580;text-decoration:underline;background-color:transparent;} +.btn-link[disabled]:hover{color:#333333;text-decoration:none;} +.btn-group{position:relative;display:inline-block;*display:inline;*zoom:1;font-size:0;vertical-align:middle;white-space:nowrap;*margin-left:.3em;}.btn-group:first-child{*margin-left:0;} +.btn-group+.btn-group{margin-left:5px;} +.btn-toolbar{font-size:0;margin-top:10px;margin-bottom:10px;}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px;} +.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-group>.btn+.btn{margin-left:-1px;} +.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:14px;} +.btn-group>.btn-mini{font-size:10.5px;} +.btn-group>.btn-small{font-size:11.9px;} +.btn-group>.btn-large{font-size:17.5px;} +.btn-group>.btn:first-child{margin-left:0;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-top-left-radius:6px;-moz-border-radius-topleft:6px;border-top-left-radius:6px;-webkit-border-bottom-left-radius:6px;-moz-border-radius-bottomleft:6px;border-bottom-left-radius:6px;} +.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;-moz-border-radius-topright:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;-moz-border-radius-bottomright:6px;border-bottom-right-radius:6px;} +.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2;} +.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0;} +.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05);*padding-top:5px;*padding-bottom:5px;} +.btn-group>.btn-mini+.dropdown-toggle{padding-left:5px;padding-right:5px;*padding-top:2px;*padding-bottom:2px;} +.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px;} +.btn-group>.btn-large+.dropdown-toggle{padding-left:12px;padding-right:12px;*padding-top:7px;*padding-bottom:7px;} +.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05);} +.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6;} +.btn-group.open .btn-primary.dropdown-toggle{background-color:#0044cc;} +.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406;} +.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f;} +.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351;} +.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4;} +.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222222;} +.btn .caret{margin-top:8px;margin-left:0;} +.btn-mini .caret,.btn-small .caret,.btn-large .caret{margin-top:6px;} +.btn-large .caret{border-left-width:5px;border-right-width:5px;border-top-width:5px;} +.dropup .btn-large .caret{border-bottom-width:5px;} +.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.btn-group-vertical{display:inline-block;*display:inline;*zoom:1;} +.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.btn-group-vertical>.btn+.btn{margin-left:0;margin-top:-1px;} +.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;} +.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;} +.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0;} +.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;} +.nav{margin-left:0;margin-bottom:20px;list-style:none;} +.nav>li>a{display:block;} +.nav>li>a:hover{text-decoration:none;background-color:#eeeeee;} +.nav>li>a>img{max-width:none;} +.nav>.pull-right{float:right;} +.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:20px;color:#999999;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);text-transform:uppercase;} +.nav li+.nav-header{margin-top:9px;} +.nav-list{padding-left:15px;padding-right:15px;margin-bottom:0;} +.nav-list>li>a,.nav-list .nav-header{margin-left:-15px;margin-right:-15px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);} +.nav-list>li>a{padding:3px 15px;} +.nav-list>.active>a,.nav-list>.active>a:hover{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.2);background-color:#0088cc;} +.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px;} +.nav-list .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #ffffff;} +.nav-tabs,.nav-pills{*zoom:1;}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;content:"";line-height:0;} +.nav-tabs:after,.nav-pills:after{clear:both;} +.nav-tabs>li,.nav-pills>li{float:left;} +.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px;} +.nav-tabs{border-bottom:1px solid #ddd;} +.nav-tabs>li{margin-bottom:-1px;} +.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:20px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #dddddd;} +.nav-tabs>.active>a,.nav-tabs>.active>a:hover{color:#555555;background-color:#ffffff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default;} +.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;} +.nav-pills>.active>a,.nav-pills>.active>a:hover{color:#ffffff;background-color:#0088cc;} +.nav-stacked>li{float:none;} +.nav-stacked>li>a{margin-right:0;} +.nav-tabs.nav-stacked{border-bottom:0;} +.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;} +.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.nav-tabs.nav-stacked>li>a:hover{border-color:#ddd;z-index:2;} +.nav-pills.nav-stacked>li>a{margin-bottom:3px;} +.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px;} +.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;} +.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.nav .dropdown-toggle .caret{border-top-color:#0088cc;border-bottom-color:#0088cc;margin-top:6px;} +.nav .dropdown-toggle:hover .caret{border-top-color:#005580;border-bottom-color:#005580;} +.nav-tabs .dropdown-toggle .caret{margin-top:8px;} +.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff;} +.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555555;border-bottom-color:#555555;} +.nav>.dropdown.active>a:hover{cursor:pointer;} +.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover{color:#ffffff;background-color:#999999;border-color:#999999;} +.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;opacity:1;filter:alpha(opacity=100);} +.tabs-stacked .open>a:hover{border-color:#999999;} +.tabbable{*zoom:1;}.tabbable:before,.tabbable:after{display:table;content:"";line-height:0;} +.tabbable:after{clear:both;} +.tab-content{overflow:auto;} +.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0;} +.tab-content>.tab-pane,.pill-content>.pill-pane{display:none;} +.tab-content>.active,.pill-content>.active{display:block;} +.tabs-below>.nav-tabs{border-top:1px solid #ddd;} +.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0;} +.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;}.tabs-below>.nav-tabs>li>a:hover{border-bottom-color:transparent;border-top-color:#ddd;} +.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover{border-color:transparent #ddd #ddd #ddd;} +.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none;} +.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px;} +.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd;} +.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;} +.tabs-left>.nav-tabs>li>a:hover{border-color:#eeeeee #dddddd #eeeeee #eeeeee;} +.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover{border-color:#ddd transparent #ddd #ddd;*border-right-color:#ffffff;} +.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd;} +.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;} +.tabs-right>.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #eeeeee #dddddd;} +.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover{border-color:#ddd #ddd #ddd transparent;*border-left-color:#ffffff;} +.nav>.disabled>a{color:#999999;} +.nav>.disabled>a:hover{text-decoration:none;background-color:transparent;cursor:default;} +.navbar{overflow:visible;margin-bottom:20px;*position:relative;*z-index:2;} +.navbar-inner{min-height:50px;padding-left:20px;padding-right:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top, #ffffff, #f2f2f2);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f2f2f2));background-image:-webkit-linear-gradient(top, #ffffff, #f2f2f2);background-image:-o-linear-gradient(top, #ffffff, #f2f2f2);background-image:linear-gradient(to bottom, #ffffff, #f2f2f2);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff2f2f2', GradientType=0);border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);-moz-box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);box-shadow:0 1px 4px rgba(0, 0, 0, 0.065);*zoom:1;}.navbar-inner:before,.navbar-inner:after{display:table;content:"";line-height:0;} +.navbar-inner:after{clear:both;} +.navbar .container{width:auto;} +.nav-collapse.collapse{height:auto;overflow:visible;} +.navbar .brand{float:left;display:block;padding:15px 20px 15px;margin-left:-20px;font-size:20px;font-weight:200;color:#777777;text-shadow:0 1px 0 #ffffff;}.navbar .brand:hover{text-decoration:none;} +.navbar-text{margin-bottom:0;line-height:50px;color:#777777;} +.navbar-link{color:#777777;}.navbar-link:hover{color:#333333;} +.navbar .divider-vertical{height:50px;margin:0 9px;border-left:1px solid #f2f2f2;border-right:1px solid #ffffff;} +.navbar .btn,.navbar .btn-group{margin-top:10px;} +.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn{margin-top:0;} +.navbar-form{margin-bottom:0;*zoom:1;}.navbar-form:before,.navbar-form:after{display:table;content:"";line-height:0;} +.navbar-form:after{clear:both;} +.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:10px;} +.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0;} +.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px;} +.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap;}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0;} +.navbar-search{position:relative;float:left;margin-top:10px;margin-bottom:0;}.navbar-search .search-query{margin-bottom:0;padding:4px 14px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.navbar-static-top{position:static;margin-bottom:0;}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0;} +.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px;} +.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0;} +.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-left:0;padding-right:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;} +.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px;} +.navbar-fixed-top{top:0;} +.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,.1);box-shadow:0 1px 10px rgba(0,0,0,.1);} +.navbar-fixed-bottom{bottom:0;}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,.1);box-shadow:0 -1px 10px rgba(0,0,0,.1);} +.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0;} +.navbar .nav.pull-right{float:right;margin-right:0;} +.navbar .nav>li{float:left;} +.navbar .nav>li>a{float:none;padding:15px 15px 15px;color:#777777;text-decoration:none;text-shadow:0 1px 0 #ffffff;} +.navbar .nav .dropdown-toggle .caret{margin-top:8px;} +.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{background-color:transparent;color:#333333;text-decoration:none;} +.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);-moz-box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);box-shadow:inset 0 3px 8px rgba(0, 0, 0, 0.125);} +.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-left:5px;margin-right:5px;color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#ededed;background-image:-moz-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5));background-image:-webkit-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:-o-linear-gradient(top, #f2f2f2, #e5e5e5);background-image:linear-gradient(to bottom, #f2f2f2, #e5e5e5);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0);border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#e5e5e5;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075);}.navbar .btn-navbar:hover,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#ffffff;background-color:#e5e5e5;*background-color:#d9d9d9;} +.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#cccccc \9;} +.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);-moz-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);} +.btn-navbar .icon-bar+.icon-bar{margin-top:3px;} +.navbar .nav>li>.dropdown-menu:before{content:'';display:inline-block;border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-bottom-color:rgba(0, 0, 0, 0.2);position:absolute;top:-7px;left:9px;} +.navbar .nav>li>.dropdown-menu:after{content:'';display:inline-block;border-left:6px solid transparent;border-right:6px solid transparent;border-bottom:6px solid #ffffff;position:absolute;top:-6px;left:10px;} +.navbar-fixed-bottom .nav>li>.dropdown-menu:before{border-top:7px solid #ccc;border-top-color:rgba(0, 0, 0, 0.2);border-bottom:0;bottom:-7px;top:auto;} +.navbar-fixed-bottom .nav>li>.dropdown-menu:after{border-top:6px solid #ffffff;border-bottom:0;bottom:-6px;top:auto;} +.navbar .nav li.dropdown>a:hover .caret{border-top-color:#555555;border-bottom-color:#555555;} +.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{background-color:#e5e5e5;color:#555555;} +.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777777;border-bottom-color:#777777;} +.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555555;border-bottom-color:#555555;} +.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{left:auto;right:0;}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{left:auto;right:12px;} +.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{left:auto;right:13px;} +.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{left:auto;right:100%;margin-left:0;margin-right:-1px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px;} +.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top, #222222, #111111);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#222222), to(#111111));background-image:-webkit-linear-gradient(top, #222222, #111111);background-image:-o-linear-gradient(top, #222222, #111111);background-image:linear-gradient(to bottom, #222222, #111111);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff111111', GradientType=0);border-color:#252525;} +.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999999;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover{color:#ffffff;} +.navbar-inverse .brand{color:#999999;} +.navbar-inverse .navbar-text{color:#999999;} +.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{background-color:transparent;color:#ffffff;} +.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#ffffff;background-color:#111111;} +.navbar-inverse .navbar-link{color:#999999;}.navbar-inverse .navbar-link:hover{color:#ffffff;} +.navbar-inverse .divider-vertical{border-left-color:#111111;border-right-color:#222222;} +.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{background-color:#111111;color:#ffffff;} +.navbar-inverse .nav li.dropdown>a:hover .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999999;border-bottom-color:#999999;} +.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#ffffff;border-bottom-color:#ffffff;} +.navbar-inverse .navbar-search .search-query{color:#ffffff;background-color:#515151;border-color:#111111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);box-shadow:inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none;}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#cccccc;} +.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333333;text-shadow:0 1px 0 #ffffff;background-color:#ffffff;border:0;-webkit-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);-moz-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);box-shadow:0 0 3px rgba(0, 0, 0, 0.15);outline:0;} +.navbar-inverse .btn-navbar{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#0e0e0e;background-image:-moz-linear-gradient(top, #151515, #040404);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#151515), to(#040404));background-image:-webkit-linear-gradient(top, #151515, #040404);background-image:-o-linear-gradient(top, #151515, #040404);background-image:linear-gradient(to bottom, #151515, #040404);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515', endColorstr='#ff040404', GradientType=0);border-color:#040404 #040404 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);*background-color:#040404;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#ffffff;background-color:#040404;*background-color:#000000;} +.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000000 \9;} +.breadcrumb{padding:8px 15px;margin:0 0 20px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.breadcrumb>li{display:inline-block;*display:inline;*zoom:1;text-shadow:0 1px 0 #ffffff;}.breadcrumb>li>.divider{padding:0 5px;color:#ccc;} +.breadcrumb>.active{color:#999999;} +.pagination{margin:20px 0;} +.pagination ul{display:inline-block;*display:inline;*zoom:1;margin-left:0;margin-bottom:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);} +.pagination ul>li{display:inline;} +.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:20px;text-decoration:none;background-color:#ffffff;border:1px solid #dddddd;border-left-width:0;} +.pagination ul>li>a:hover,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5;} +.pagination ul>.active>a,.pagination ul>.active>span{color:#999999;cursor:default;} +.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover{color:#999999;background-color:transparent;cursor:default;} +.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;} +.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;} +.pagination-centered{text-align:center;} +.pagination-right{text-align:right;} +.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:17.5px;} +.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-top-left-radius:6px;-moz-border-radius-topleft:6px;border-top-left-radius:6px;-webkit-border-bottom-left-radius:6px;-moz-border-radius-bottomleft:6px;border-bottom-left-radius:6px;} +.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;-moz-border-radius-topright:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;-moz-border-radius-bottomright:6px;border-bottom-right-radius:6px;} +.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-top-left-radius:3px;-moz-border-radius-topleft:3px;border-top-left-radius:3px;-webkit-border-bottom-left-radius:3px;-moz-border-radius-bottomleft:3px;border-bottom-left-radius:3px;} +.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;-moz-border-radius-topright:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;-moz-border-radius-bottomright:3px;border-bottom-right-radius:3px;} +.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.9px;} +.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:10.5px;} +.pager{margin:20px 0;list-style:none;text-align:center;*zoom:1;}.pager:before,.pager:after{display:table;content:"";line-height:0;} +.pager:after{clear:both;} +.pager li{display:inline;} +.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;} +.pager li>a:hover{text-decoration:none;background-color:#f5f5f5;} +.pager .next>a,.pager .next>span{float:right;} +.pager .previous>a,.pager .previous>span{float:left;} +.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>span{color:#999999;background-color:#fff;cursor:default;} +.thumbnails{margin-left:-20px;list-style:none;*zoom:1;}.thumbnails:before,.thumbnails:after{display:table;content:"";line-height:0;} +.thumbnails:after{clear:both;} +.row-fluid .thumbnails{margin-left:0;} +.thumbnails>li{float:left;margin-bottom:20px;margin-left:20px;} +.thumbnail{display:block;padding:4px;line-height:20px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);-moz-box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);box-shadow:0 1px 3px rgba(0, 0, 0, 0.055);-webkit-transition:all 0.2s ease-in-out;-moz-transition:all 0.2s ease-in-out;-o-transition:all 0.2s ease-in-out;transition:all 0.2s ease-in-out;} +a.thumbnail:hover{border-color:#0088cc;-webkit-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);-moz-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);} +.thumbnail>img{display:block;max-width:100%;margin-left:auto;margin-right:auto;} +.thumbnail .caption{padding:9px;color:#555555;} +.alert{padding:8px 35px 8px 14px;margin-bottom:20px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.alert,.alert h4{color:#c09853;} +.alert h4{margin:0;} +.alert .close{position:relative;top:-2px;right:-21px;line-height:20px;} +.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#468847;} +.alert-success h4{color:#468847;} +.alert-danger,.alert-error{background-color:#f2dede;border-color:#eed3d7;color:#b94a48;} +.alert-danger h4,.alert-error h4{color:#b94a48;} +.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#3a87ad;} +.alert-info h4{color:#3a87ad;} +.alert-block{padding-top:14px;padding-bottom:14px;} +.alert-block>p,.alert-block>ul{margin-bottom:0;} +.alert-block p+p{margin-top:5px;} +@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}@-o-keyframes progress-bar-stripes{from{background-position:0 0;} to{background-position:40px 0;}}@keyframes progress-bar-stripes{from{background-position:40px 0;} to{background-position:0 0;}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f7f7f7;background-image:-moz-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9));background-image:-webkit-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-o-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:linear-gradient(to bottom, #f5f5f5, #f9f9f9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#fff9f9f9', GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.progress .bar{width:0%;height:100%;color:#ffffff;float:left;font-size:12px;text-align:center;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top, #149bdf, #0480be);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be));background-image:-webkit-linear-gradient(top, #149bdf, #0480be);background-image:-o-linear-gradient(top, #149bdf, #0480be);background-image:linear-gradient(to bottom, #149bdf, #0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf', endColorstr='#ff0480be', GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width 0.6s ease;-moz-transition:width 0.6s ease;-o-transition:width 0.6s ease;transition:width 0.6s ease;} +.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15);} +.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px;} +.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite;} +.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top, #ee5f5b, #c43c35);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35));background-image:-webkit-linear-gradient(top, #ee5f5b, #c43c35);background-image:-o-linear-gradient(top, #ee5f5b, #c43c35);background-image:linear-gradient(to bottom, #ee5f5b, #c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffc43c35', GradientType=0);} +.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top, #62c462, #57a957);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957));background-image:-webkit-linear-gradient(top, #62c462, #57a957);background-image:-o-linear-gradient(top, #62c462, #57a957);background-image:linear-gradient(to bottom, #62c462, #57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff57a957', GradientType=0);} +.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top, #5bc0de, #339bb9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9));background-image:-webkit-linear-gradient(top, #5bc0de, #339bb9);background-image:-o-linear-gradient(top, #5bc0de, #339bb9);background-image:linear-gradient(to bottom, #5bc0de, #339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff339bb9', GradientType=0);} +.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top, #fbb450, #f89406);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406));background-image:-webkit-linear-gradient(top, #fbb450, #f89406);background-image:-o-linear-gradient(top, #fbb450, #f89406);background-image:linear-gradient(to bottom, #fbb450, #f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0);} +.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);} +.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:30px;color:inherit;background-color:#eeeeee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;color:inherit;letter-spacing:-1px;} +.hero-unit li{line-height:30px;} +.media,.media-body{overflow:hidden;*overflow:visible;zoom:1;} +.media,.media .media{margin-top:15px;} +.media:first-child{margin-top:0;} +.media-object{display:block;} +.media-heading{margin:0 0 5px;} +.media .pull-left{margin-right:10px;} +.media .pull-right{margin-left:10px;} +.media-list{margin-left:0;list-style:none;} +.tooltip{position:absolute;z-index:1030;display:block;visibility:visible;padding:5px;font-size:11px;opacity:0;filter:alpha(opacity=0);}.tooltip.in{opacity:0.8;filter:alpha(opacity=80);} +.tooltip.top{margin-top:-3px;} +.tooltip.right{margin-left:3px;} +.tooltip.bottom{margin-top:3px;} +.tooltip.left{margin-left:-3px;} +.tooltip-inner{max-width:200px;padding:3px 8px;color:#ffffff;text-align:center;text-decoration:none;background-color:#000000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid;} +.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000000;} +.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000000;} +.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000000;} +.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000000;} +.popover{position:absolute;top:0;left:0;z-index:1010;display:none;width:236px;padding:1px;text-align:left;background-color:#ffffff;-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-moz-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);white-space:normal;}.popover.top{margin-top:-10px;} +.popover.right{margin-left:10px;} +.popover.bottom{margin-top:10px;} +.popover.left{margin-left:-10px;} +.popover-title{margin:0;padding:8px 14px;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0;} +.popover-content{padding:9px 14px;} +.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid;} +.popover .arrow{border-width:11px;} +.popover .arrow:after{border-width:10px;content:"";} +.popover.top .arrow{left:50%;margin-left:-11px;border-bottom-width:0;border-top-color:#999;border-top-color:rgba(0, 0, 0, 0.25);bottom:-11px;}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-bottom-width:0;border-top-color:#ffffff;} +.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-left-width:0;border-right-color:#999;border-right-color:rgba(0, 0, 0, 0.25);}.popover.right .arrow:after{left:1px;bottom:-10px;border-left-width:0;border-right-color:#ffffff;} +.popover.bottom .arrow{left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0, 0, 0, 0.25);top:-11px;}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-top-width:0;border-bottom-color:#ffffff;} +.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0, 0, 0, 0.25);}.popover.left .arrow:after{right:1px;border-right-width:0;border-left-color:#ffffff;bottom:-10px;} +.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000000;}.modal-backdrop.fade{opacity:0;} +.modal-backdrop,.modal-backdrop.fade.in{opacity:0.8;filter:alpha(opacity=80);} +.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#ffffff;border:1px solid #999;border:1px solid rgba(0, 0, 0, 0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-moz-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box;outline:none;}.modal.fade{-webkit-transition:opacity .3s linear, top .3s ease-out;-moz-transition:opacity .3s linear, top .3s ease-out;-o-transition:opacity .3s linear, top .3s ease-out;transition:opacity .3s linear, top .3s ease-out;top:-25%;} +.modal.fade.in{top:10%;} +.modal-header{padding:9px 15px;border-bottom:1px solid #eee;}.modal-header .close{margin-top:2px;} +.modal-header h3{margin:0;line-height:30px;} +.modal-body{position:relative;overflow-y:auto;max-height:400px;padding:15px;} +.modal-form{margin-bottom:0;} +.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;-webkit-box-shadow:inset 0 1px 0 #ffffff;-moz-box-shadow:inset 0 1px 0 #ffffff;box-shadow:inset 0 1px 0 #ffffff;*zoom:1;}.modal-footer:before,.modal-footer:after{display:table;content:"";line-height:0;} +.modal-footer:after{clear:both;} +.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0;} +.modal-footer .btn-group .btn+.btn{margin-left:-1px;} +.modal-footer .btn-block+.btn-block{margin-left:0;} +.dropup,.dropdown{position:relative;} +.dropdown-toggle{*margin-bottom:-3px;} +.dropdown-toggle:active,.open .dropdown-toggle{outline:0;} +.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000000;border-right:4px solid transparent;border-left:4px solid transparent;content:"";} +.dropdown .caret{margin-top:8px;margin-left:2px;} +.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#ffffff;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-moz-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;}.dropdown-menu.pull-right{right:0;left:auto;} +.dropdown-menu .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #ffffff;} +.dropdown-menu li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:20px;color:#333333;white-space:nowrap;} +.dropdown-menu li>a:hover,.dropdown-menu li>a:focus,.dropdown-submenu:hover>a{text-decoration:none;color:#ffffff;background-color:#0081c2;background-image:-moz-linear-gradient(top, #0088cc, #0077b3);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3));background-image:-webkit-linear-gradient(top, #0088cc, #0077b3);background-image:-o-linear-gradient(top, #0088cc, #0077b3);background-image:linear-gradient(to bottom, #0088cc, #0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0);} +.dropdown-menu .active>a,.dropdown-menu .active>a:hover{color:#ffffff;text-decoration:none;outline:0;background-color:#0081c2;background-image:-moz-linear-gradient(top, #0088cc, #0077b3);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3));background-image:-webkit-linear-gradient(top, #0088cc, #0077b3);background-image:-o-linear-gradient(top, #0088cc, #0077b3);background-image:linear-gradient(to bottom, #0088cc, #0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0);} +.dropdown-menu .disabled>a,.dropdown-menu .disabled>a:hover{color:#999999;} +.dropdown-menu .disabled>a:hover{text-decoration:none;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);cursor:default;} +.open{*z-index:1000;}.open >.dropdown-menu{display:block;} +.pull-right>.dropdown-menu{right:0;left:auto;} +.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000000;content:"";} +.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px;} +.dropdown-submenu{position:relative;} +.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px;} +.dropdown-submenu:hover>.dropdown-menu{display:block;} +.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0;} +.dropdown-submenu>a:after{display:block;content:" ";float:right;width:0;height:0;border-color:transparent;border-style:solid;border-width:5px 0 5px 5px;border-left-color:#cccccc;margin-top:5px;margin-right:-10px;} +.dropdown-submenu:hover>a:after{border-left-color:#ffffff;} +.dropdown-submenu.pull-left{float:none;}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px;} +.dropdown .dropdown-menu .nav-header{padding-left:20px;padding-right:20px;} +.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.accordion{margin-bottom:20px;} +.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} +.accordion-heading{border-bottom:0;} +.accordion-heading .accordion-toggle{display:block;padding:8px 15px;} +.accordion-toggle{cursor:pointer;} +.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5;} +.carousel{position:relative;margin-bottom:20px;line-height:1;} +.carousel-inner{overflow:hidden;width:100%;position:relative;} +.carousel-inner>.item{display:none;position:relative;-webkit-transition:0.6s ease-in-out left;-moz-transition:0.6s ease-in-out left;-o-transition:0.6s ease-in-out left;transition:0.6s ease-in-out left;} +.carousel-inner>.item>img{display:block;line-height:1;} +.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block;} +.carousel-inner>.active{left:0;} +.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%;} +.carousel-inner>.next{left:100%;} +.carousel-inner>.prev{left:-100%;} +.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0;} +.carousel-inner>.active.left{left:-100%;} +.carousel-inner>.active.right{left:100%;} +.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#ffffff;text-align:center;background:#222222;border:3px solid #ffffff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:0.5;filter:alpha(opacity=50);}.carousel-control.right{left:auto;right:15px;} +.carousel-control:hover{color:#ffffff;text-decoration:none;opacity:0.9;filter:alpha(opacity=90);} +.carousel-caption{position:absolute;left:0;right:0;bottom:0;padding:15px;background:#333333;background:rgba(0, 0, 0, 0.75);} +.carousel-caption h4,.carousel-caption p{color:#ffffff;line-height:20px;} +.carousel-caption h4{margin:0 0 5px;} +.carousel-caption p{margin-bottom:0;} +.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);}.well blockquote{border-color:#ddd;border-color:rgba(0, 0, 0, 0.15);} +.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;} +.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} +.close{float:right;font-size:20px;font-weight:bold;line-height:20px;color:#000000;text-shadow:0 1px 0 #ffffff;opacity:0.2;filter:alpha(opacity=20);}.close:hover{color:#000000;text-decoration:none;cursor:pointer;opacity:0.4;filter:alpha(opacity=40);} +button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;} +.pull-right{float:right;} +.pull-left{float:left;} +.hide{display:none;} +.show{display:block;} +.invisible{visibility:hidden;} +.affix{position:fixed;} +.fade{opacity:0;-webkit-transition:opacity 0.15s linear;-moz-transition:opacity 0.15s linear;-o-transition:opacity 0.15s linear;transition:opacity 0.15s linear;}.fade.in{opacity:1;} +.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height 0.35s ease;-moz-transition:height 0.35s ease;-o-transition:height 0.35s ease;transition:height 0.35s ease;}.collapse.in{height:auto;} +.hidden{display:none;visibility:hidden;} +.visible-phone{display:none !important;} +.visible-tablet{display:none !important;} +.hidden-desktop{display:none !important;} +.visible-desktop{display:inherit !important;} +@media (min-width:768px) and (max-width:979px){.hidden-desktop{display:inherit !important;} .visible-desktop{display:none !important ;} .visible-tablet{display:inherit !important;} .hidden-tablet{display:none !important;}}@media (max-width:767px){.hidden-desktop{display:inherit !important;} .visible-desktop{display:none !important;} .visible-phone{display:inherit !important;} .hidden-phone{display:none !important;}}@media (max-width:767px){body{padding-left:20px;padding-right:20px;} .navbar-fixed-top,.navbar-fixed-bottom,.navbar-static-top{margin-left:-20px;margin-right:-20px;} .container-fluid{padding:0;} .dl-horizontal dt{float:none;clear:none;width:auto;text-align:left;} .dl-horizontal dd{margin-left:0;} .container{width:auto;} .row-fluid{width:100%;} .row,.thumbnails{margin-left:0;} .thumbnails>li{float:none;margin-left:0;} [class*="span"],.uneditable-input[class*="span"],.row-fluid [class*="span"]{float:none;display:block;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .span12,.row-fluid .span12{width:100%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .row-fluid [class*="offset"]:first-child{margin-left:0;} .input-large,.input-xlarge,.input-xxlarge,input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;} .input-prepend input,.input-append input,.input-prepend input[class*="span"],.input-append input[class*="span"]{display:inline-block;width:auto;} .controls-row [class*="span"]+[class*="span"]{margin-left:0;} .modal{position:fixed;top:20px;left:20px;right:20px;width:auto;margin:0;}.modal.fade{top:-100px;} .modal.fade.in{top:20px;}}@media (max-width:480px){.nav-collapse{-webkit-transform:translate3d(0, 0, 0);} .page-header h1 small{display:block;line-height:20px;} input[type="checkbox"],input[type="radio"]{border:1px solid #ccc;} .form-horizontal .control-label{float:none;width:auto;padding-top:0;text-align:left;} .form-horizontal .controls{margin-left:0;} .form-horizontal .control-list{padding-top:0;} .form-horizontal .form-actions{padding-left:10px;padding-right:10px;} .media .pull-left,.media .pull-right{float:none;display:block;margin-bottom:10px;} .media-object{margin-right:0;margin-left:0;} .modal{top:10px;left:10px;right:10px;} .modal-header .close{padding:10px;margin:-10px;} .carousel-caption{position:static;}}@media (min-width:768px) and (max-width:979px){.row{margin-left:-20px;*zoom:1;}.row:before,.row:after{display:table;content:"";line-height:0;} .row:after{clear:both;} [class*="span"]{float:left;min-height:1px;margin-left:20px;} .container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:724px;} .span12{width:724px;} .span11{width:662px;} .span10{width:600px;} .span9{width:538px;} .span8{width:476px;} .span7{width:414px;} .span6{width:352px;} .span5{width:290px;} .span4{width:228px;} .span3{width:166px;} .span2{width:104px;} .span1{width:42px;} .offset12{margin-left:764px;} .offset11{margin-left:702px;} .offset10{margin-left:640px;} .offset9{margin-left:578px;} .offset8{margin-left:516px;} .offset7{margin-left:454px;} .offset6{margin-left:392px;} .offset5{margin-left:330px;} .offset4{margin-left:268px;} .offset3{margin-left:206px;} .offset2{margin-left:144px;} .offset1{margin-left:82px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";line-height:0;} .row-fluid:after{clear:both;} .row-fluid [class*="span"]{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;float:left;margin-left:2.7624309392265194%;*margin-left:2.709239449864817%;} .row-fluid [class*="span"]:first-child{margin-left:0;} .row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.7624309392265194%;} .row-fluid .span12{width:100%;*width:99.94680851063829%;} .row-fluid .span11{width:91.43646408839778%;*width:91.38327259903608%;} .row-fluid .span10{width:82.87292817679558%;*width:82.81973668743387%;} .row-fluid .span9{width:74.30939226519337%;*width:74.25620077583166%;} .row-fluid .span8{width:65.74585635359117%;*width:65.69266486422946%;} .row-fluid .span7{width:57.18232044198895%;*width:57.12912895262725%;} .row-fluid .span6{width:48.61878453038674%;*width:48.56559304102504%;} .row-fluid .span5{width:40.05524861878453%;*width:40.00205712942283%;} .row-fluid .span4{width:31.491712707182323%;*width:31.43852121782062%;} .row-fluid .span3{width:22.92817679558011%;*width:22.87498530621841%;} .row-fluid .span2{width:14.3646408839779%;*width:14.311449394616199%;} .row-fluid .span1{width:5.801104972375691%;*width:5.747913483013988%;} .row-fluid .offset12{margin-left:105.52486187845304%;*margin-left:105.41847889972962%;} .row-fluid .offset12:first-child{margin-left:102.76243093922652%;*margin-left:102.6560479605031%;} .row-fluid .offset11{margin-left:96.96132596685082%;*margin-left:96.8549429881274%;} .row-fluid .offset11:first-child{margin-left:94.1988950276243%;*margin-left:94.09251204890089%;} .row-fluid .offset10{margin-left:88.39779005524862%;*margin-left:88.2914070765252%;} .row-fluid .offset10:first-child{margin-left:85.6353591160221%;*margin-left:85.52897613729868%;} .row-fluid .offset9{margin-left:79.8342541436464%;*margin-left:79.72787116492299%;} .row-fluid .offset9:first-child{margin-left:77.07182320441989%;*margin-left:76.96544022569647%;} .row-fluid .offset8{margin-left:71.2707182320442%;*margin-left:71.16433525332079%;} .row-fluid .offset8:first-child{margin-left:68.50828729281768%;*margin-left:68.40190431409427%;} .row-fluid .offset7{margin-left:62.70718232044199%;*margin-left:62.600799341718584%;} .row-fluid .offset7:first-child{margin-left:59.94475138121547%;*margin-left:59.838368402492065%;} .row-fluid .offset6{margin-left:54.14364640883978%;*margin-left:54.037263430116376%;} .row-fluid .offset6:first-child{margin-left:51.38121546961326%;*margin-left:51.27483249088986%;} .row-fluid .offset5{margin-left:45.58011049723757%;*margin-left:45.47372751851417%;} .row-fluid .offset5:first-child{margin-left:42.81767955801105%;*margin-left:42.71129657928765%;} .row-fluid .offset4{margin-left:37.01657458563536%;*margin-left:36.91019160691196%;} .row-fluid .offset4:first-child{margin-left:34.25414364640884%;*margin-left:34.14776066768544%;} .row-fluid .offset3{margin-left:28.45303867403315%;*margin-left:28.346655695309746%;} .row-fluid .offset3:first-child{margin-left:25.69060773480663%;*margin-left:25.584224756083227%;} .row-fluid .offset2{margin-left:19.88950276243094%;*margin-left:19.783119783707537%;} .row-fluid .offset2:first-child{margin-left:17.12707182320442%;*margin-left:17.02068884448102%;} .row-fluid .offset1{margin-left:11.32596685082873%;*margin-left:11.219583872105325%;} .row-fluid .offset1:first-child{margin-left:8.56353591160221%;*margin-left:8.457152932878806%;} input,textarea,.uneditable-input{margin-left:0;} .controls-row [class*="span"]+[class*="span"]{margin-left:20px;} input.span12, textarea.span12, .uneditable-input.span12{width:710px;} input.span11, textarea.span11, .uneditable-input.span11{width:648px;} input.span10, textarea.span10, .uneditable-input.span10{width:586px;} input.span9, textarea.span9, .uneditable-input.span9{width:524px;} input.span8, textarea.span8, .uneditable-input.span8{width:462px;} input.span7, textarea.span7, .uneditable-input.span7{width:400px;} input.span6, textarea.span6, .uneditable-input.span6{width:338px;} input.span5, textarea.span5, .uneditable-input.span5{width:276px;} input.span4, textarea.span4, .uneditable-input.span4{width:214px;} input.span3, textarea.span3, .uneditable-input.span3{width:152px;} input.span2, textarea.span2, .uneditable-input.span2{width:90px;} input.span1, textarea.span1, .uneditable-input.span1{width:28px;}}@media (min-width:1200px){.row{margin-left:-30px;*zoom:1;}.row:before,.row:after{display:table;content:"";line-height:0;} .row:after{clear:both;} [class*="span"]{float:left;min-height:1px;margin-left:30px;} .container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:1170px;} .span12{width:1170px;} .span11{width:1070px;} .span10{width:970px;} .span9{width:870px;} .span8{width:770px;} .span7{width:670px;} .span6{width:570px;} .span5{width:470px;} .span4{width:370px;} .span3{width:270px;} .span2{width:170px;} .span1{width:70px;} .offset12{margin-left:1230px;} .offset11{margin-left:1130px;} .offset10{margin-left:1030px;} .offset9{margin-left:930px;} .offset8{margin-left:830px;} .offset7{margin-left:730px;} .offset6{margin-left:630px;} .offset5{margin-left:530px;} .offset4{margin-left:430px;} .offset3{margin-left:330px;} .offset2{margin-left:230px;} .offset1{margin-left:130px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";line-height:0;} .row-fluid:after{clear:both;} .row-fluid [class*="span"]{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;float:left;margin-left:2.564102564102564%;*margin-left:2.5109110747408616%;} .row-fluid [class*="span"]:first-child{margin-left:0;} .row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.564102564102564%;} .row-fluid .span12{width:100%;*width:99.94680851063829%;} .row-fluid .span11{width:91.45299145299145%;*width:91.39979996362975%;} .row-fluid .span10{width:82.90598290598291%;*width:82.8527914166212%;} .row-fluid .span9{width:74.35897435897436%;*width:74.30578286961266%;} .row-fluid .span8{width:65.81196581196582%;*width:65.75877432260411%;} .row-fluid .span7{width:57.26495726495726%;*width:57.21176577559556%;} .row-fluid .span6{width:48.717948717948715%;*width:48.664757228587014%;} .row-fluid .span5{width:40.17094017094017%;*width:40.11774868157847%;} .row-fluid .span4{width:31.623931623931625%;*width:31.570740134569924%;} .row-fluid .span3{width:23.076923076923077%;*width:23.023731587561375%;} .row-fluid .span2{width:14.52991452991453%;*width:14.476723040552828%;} .row-fluid .span1{width:5.982905982905983%;*width:5.929714493544281%;} .row-fluid .offset12{margin-left:105.12820512820512%;*margin-left:105.02182214948171%;} .row-fluid .offset12:first-child{margin-left:102.56410256410257%;*margin-left:102.45771958537915%;} .row-fluid .offset11{margin-left:96.58119658119658%;*margin-left:96.47481360247316%;} .row-fluid .offset11:first-child{margin-left:94.01709401709402%;*margin-left:93.91071103837061%;} .row-fluid .offset10{margin-left:88.03418803418803%;*margin-left:87.92780505546462%;} .row-fluid .offset10:first-child{margin-left:85.47008547008548%;*margin-left:85.36370249136206%;} .row-fluid .offset9{margin-left:79.48717948717949%;*margin-left:79.38079650845607%;} .row-fluid .offset9:first-child{margin-left:76.92307692307693%;*margin-left:76.81669394435352%;} .row-fluid .offset8{margin-left:70.94017094017094%;*margin-left:70.83378796144753%;} .row-fluid .offset8:first-child{margin-left:68.37606837606839%;*margin-left:68.26968539734497%;} .row-fluid .offset7{margin-left:62.393162393162385%;*margin-left:62.28677941443899%;} .row-fluid .offset7:first-child{margin-left:59.82905982905982%;*margin-left:59.72267685033642%;} .row-fluid .offset6{margin-left:53.84615384615384%;*margin-left:53.739770867430444%;} .row-fluid .offset6:first-child{margin-left:51.28205128205128%;*margin-left:51.175668303327875%;} .row-fluid .offset5{margin-left:45.299145299145295%;*margin-left:45.1927623204219%;} .row-fluid .offset5:first-child{margin-left:42.73504273504273%;*margin-left:42.62865975631933%;} .row-fluid .offset4{margin-left:36.75213675213675%;*margin-left:36.645753773413354%;} .row-fluid .offset4:first-child{margin-left:34.18803418803419%;*margin-left:34.081651209310785%;} .row-fluid .offset3{margin-left:28.205128205128204%;*margin-left:28.0987452264048%;} .row-fluid .offset3:first-child{margin-left:25.641025641025642%;*margin-left:25.53464266230224%;} .row-fluid .offset2{margin-left:19.65811965811966%;*margin-left:19.551736679396257%;} .row-fluid .offset2:first-child{margin-left:17.094017094017094%;*margin-left:16.98763411529369%;} .row-fluid .offset1{margin-left:11.11111111111111%;*margin-left:11.004728132387708%;} .row-fluid .offset1:first-child{margin-left:8.547008547008547%;*margin-left:8.440625568285142%;} input,textarea,.uneditable-input{margin-left:0;} .controls-row [class*="span"]+[class*="span"]{margin-left:30px;} input.span12, textarea.span12, .uneditable-input.span12{width:1156px;} input.span11, textarea.span11, .uneditable-input.span11{width:1056px;} input.span10, textarea.span10, .uneditable-input.span10{width:956px;} input.span9, textarea.span9, .uneditable-input.span9{width:856px;} input.span8, textarea.span8, .uneditable-input.span8{width:756px;} input.span7, textarea.span7, .uneditable-input.span7{width:656px;} input.span6, textarea.span6, .uneditable-input.span6{width:556px;} input.span5, textarea.span5, .uneditable-input.span5{width:456px;} input.span4, textarea.span4, .uneditable-input.span4{width:356px;} input.span3, textarea.span3, .uneditable-input.span3{width:256px;} input.span2, textarea.span2, .uneditable-input.span2{width:156px;} input.span1, textarea.span1, .uneditable-input.span1{width:56px;} .thumbnails{margin-left:-30px;} .thumbnails>li{margin-left:30px;} .row-fluid .thumbnails{margin-left:0;}}@media (max-width:979px){body{padding-top:0;} .navbar-fixed-top,.navbar-fixed-bottom{position:static;} .navbar-fixed-top{margin-bottom:20px;} .navbar-fixed-bottom{margin-top:20px;} .navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding:5px;} .navbar .container{width:auto;padding:0;} .navbar .brand{padding-left:10px;padding-right:10px;margin:0 0 0 -5px;} .nav-collapse{clear:both;} .nav-collapse .nav{float:none;margin:0 0 10px;} .nav-collapse .nav>li{float:none;} .nav-collapse .nav>li>a{margin-bottom:2px;} .nav-collapse .nav>.divider-vertical{display:none;} .nav-collapse .nav .nav-header{color:#777777;text-shadow:none;} .nav-collapse .nav>li>a,.nav-collapse .dropdown-menu a{padding:9px 15px;font-weight:bold;color:#777777;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} .nav-collapse .btn{padding:4px 10px 4px;font-weight:normal;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;} .nav-collapse .dropdown-menu li+li a{margin-bottom:2px;} .nav-collapse .nav>li>a:hover,.nav-collapse .dropdown-menu a:hover{background-color:#f2f2f2;} .navbar-inverse .nav-collapse .nav>li>a,.navbar-inverse .nav-collapse .dropdown-menu a{color:#999999;} .navbar-inverse .nav-collapse .nav>li>a:hover,.navbar-inverse .nav-collapse .dropdown-menu a:hover{background-color:#111111;} .nav-collapse.in .btn-group{margin-top:5px;padding:0;} .nav-collapse .dropdown-menu{position:static;top:auto;left:auto;float:none;display:none;max-width:none;margin:0 15px;padding:0;background-color:transparent;border:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} .nav-collapse .open>.dropdown-menu{display:block;} .nav-collapse .dropdown-menu:before,.nav-collapse .dropdown-menu:after{display:none;} .nav-collapse .dropdown-menu .divider{display:none;} .nav-collapse .nav>li>.dropdown-menu:before,.nav-collapse .nav>li>.dropdown-menu:after{display:none;} .nav-collapse .navbar-form,.nav-collapse .navbar-search{float:none;padding:10px 15px;margin:10px 0;border-top:1px solid #f2f2f2;border-bottom:1px solid #f2f2f2;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.1);} .navbar-inverse .nav-collapse .navbar-form,.navbar-inverse .nav-collapse .navbar-search{border-top-color:#111111;border-bottom-color:#111111;} .navbar .nav-collapse .nav.pull-right{float:none;margin-left:0;} .nav-collapse,.nav-collapse.collapse{overflow:hidden;height:0;} .navbar .btn-navbar{display:block;} .navbar-static .navbar-inner{padding-left:10px;padding-right:10px;}}@media (min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important;}} +]]>
        DateFri, 24 Feb 2023 14:01:44 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"115795-1358437290000"
        Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:44 GMT
        Content-Typetext/css;charset=UTF-8
        Content-Length115795
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/resources/js/jquery-1.8.2.min.jshttpzero.webappsecurity.com80=0===c})}function bk(a){var b=bl.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function bC(a,b){return a.getElementsByTagName(b)[0]||a.appendChild(a.ownerDocument.createElement(b))}function bD(a,b){if(b.nodeType!==1||!p.hasData(a))return;var c,d,e,f=p._data(a),g=p._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;d").appendTo(e.body),c=b.css("display");b.remove();if(c==="none"||c===""){bI=e.body.appendChild(bI||p.extend(e.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!bJ||!bI.createElement)bJ=(bI.contentWindow||bI.contentDocument).document,bJ.write(""),bJ.close();b=bJ.body.appendChild(bJ.createElement(a)),c=bH(b,"display"),e.body.removeChild(bI)}return bS[a]=c,c}function ci(a,b,c,d){var e;if(p.isArray(b))p.each(b,function(b,e){c||ce.test(a)?d(a,e):ci(a+"["+(typeof e=="object"?b:"")+"]",e,c,d)});else if(!c&&p.type(b)==="object")for(e in b)ci(a+"["+e+"]",b[e],c,d);else d(a,b)}function cz(a){return function(b,c){typeof b!="string"&&(c=b,b="*");var d,e,f,g=b.toLowerCase().split(s),h=0,i=g.length;if(p.isFunction(c))for(;h)[^>]*$|#([\w\-]*)$)/,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,y=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,z=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,A=/^-ms-/,B=/-([\da-z])/gi,C=function(a,b){return(b+"").toUpperCase()},D=function(){e.addEventListener?(e.removeEventListener("DOMContentLoaded",D,!1),p.ready()):e.readyState==="complete"&&(e.detachEvent("onreadystatechange",D),p.ready())},E={};p.fn=p.prototype={constructor:p,init:function(a,c,d){var f,g,h,i;if(!a)return this;if(a.nodeType)return this.context=this[0]=a,this.length=1,this;if(typeof a=="string"){a.charAt(0)==="<"&&a.charAt(a.length-1)===">"&&a.length>=3?f=[null,a,null]:f=u.exec(a);if(f&&(f[1]||!c)){if(f[1])return c=c instanceof p?c[0]:c,i=c&&c.nodeType?c.ownerDocument||c:e,a=p.parseHTML(f[1],i,!0),v.test(f[1])&&p.isPlainObject(c)&&this.attr.call(a,c,!0),p.merge(this,a);g=e.getElementById(f[2]);if(g&&g.parentNode){if(g.id!==f[2])return d.find(a);this.length=1,this[0]=g}return this.context=e,this.selector=a,this}return!c||c.jquery?(c||d).find(a):this.constructor(c).find(a)}return p.isFunction(a)?d.ready(a):(a.selector!==b&&(this.selector=a.selector,this.context=a.context),p.makeArray(a,this))},selector:"",jquery:"1.8.2",length:0,size:function(){return this.length},toArray:function(){return k.call(this)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=p.merge(this.constructor(),a);return d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")"),d},each:function(a,b){return p.each(this,a,b)},ready:function(a){return p.ready.promise().done(a),this},eq:function(a){return a=+a,a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(k.apply(this,arguments),"slice",k.call(arguments).join(","))},map:function(a){return this.pushStack(p.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:j,sort:[].sort,splice:[].splice},p.fn.init.prototype=p.fn,p.extend=p.fn.extend=function(){var a,c,d,e,f,g,h=arguments[0]||{},i=1,j=arguments.length,k=!1;typeof h=="boolean"&&(k=h,h=arguments[1]||{},i=2),typeof h!="object"&&!p.isFunction(h)&&(h={}),j===i&&(h=this,--i);for(;i0)return;d.resolveWith(e,[p]),p.fn.trigger&&p(e).trigger("ready").off("ready")},isFunction:function(a){return p.type(a)==="function"},isArray:Array.isArray||function(a){return p.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):E[m.call(a)]||"object"},isPlainObject:function(a){if(!a||p.type(a)!=="object"||a.nodeType||p.isWindow(a))return!1;try{if(a.constructor&&!n.call(a,"constructor")&&!n.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||n.call(a,d)},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},error:function(a){throw new Error(a)},parseHTML:function(a,b,c){var d;return!a||typeof a!="string"?null:(typeof b=="boolean"&&(c=b,b=0),b=b||e,(d=v.exec(a))?[b.createElement(d[1])]:(d=p.buildFragment([a],b,c?null:[]),p.merge([],(d.cacheable?p.clone(d.fragment):d.fragment).childNodes)))},parseJSON:function(b){if(!b||typeof b!="string")return null;b=p.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(w.test(b.replace(y,"@").replace(z,"]").replace(x,"")))return(new Function("return "+b))();p.error("Invalid JSON: "+b)},parseXML:function(c){var d,e;if(!c||typeof c!="string")return null;try{a.DOMParser?(e=new DOMParser,d=e.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(f){d=b}return(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&p.error("Invalid XML: "+c),d},noop:function(){},globalEval:function(b){b&&r.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(A,"ms-").replace(B,C)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,c,d){var e,f=0,g=a.length,h=g===b||p.isFunction(a);if(d){if(h){for(e in a)if(c.apply(a[e],d)===!1)break}else for(;f0&&a[0]&&a[i-1]||i===0||p.isArray(a));if(j)for(;h-1)i.splice(c,1),e&&(c<=g&&g--,c<=h&&h--)}),this},has:function(a){return p.inArray(a,i)>-1},empty:function(){return i=[],this},disable:function(){return i=j=c=b,this},disabled:function(){return!i},lock:function(){return j=b,c||l.disable(),this},locked:function(){return!j},fireWith:function(a,b){return b=b||[],b=[a,b.slice?b.slice():b],i&&(!d||j)&&(e?j.push(b):k(b)),this},fire:function(){return l.fireWith(this,arguments),this},fired:function(){return!!d}};return l},p.extend({Deferred:function(a){var b=[["resolve","done",p.Callbacks("once memory"),"resolved"],["reject","fail",p.Callbacks("once memory"),"rejected"],["notify","progress",p.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return p.Deferred(function(c){p.each(b,function(b,d){var f=d[0],g=a[b];e[d[1]](p.isFunction(g)?function(){var a=g.apply(this,arguments);a&&p.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f+"With"](this===e?c:this,[a])}:c[f])}),a=null}).promise()},promise:function(a){return a!=null?p.extend(a,d):d}},e={};return d.pipe=d.then,p.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[a^1][2].disable,b[2][2].lock),e[f[0]]=g.fire,e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=k.call(arguments),d=c.length,e=d!==1||a&&p.isFunction(a.promise)?d:0,f=e===1?a:p.Deferred(),g=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?k.call(arguments):d,c===h?f.notifyWith(b,c):--e||f.resolveWith(b,c)}},h,i,j;if(d>1){h=new Array(d),i=new Array(d),j=new Array(d);for(;b
        a",c=n.getElementsByTagName("*"),d=n.getElementsByTagName("a")[0],d.style.cssText="top:1px;float:left;opacity:.5";if(!c||!c.length)return{};f=e.createElement("select"),g=f.appendChild(e.createElement("option")),h=n.getElementsByTagName("input")[0],b={leadingWhitespace:n.firstChild.nodeType===3,tbody:!n.getElementsByTagName("tbody").length,htmlSerialize:!!n.getElementsByTagName("link").length,style:/top/.test(d.getAttribute("style")),hrefNormalized:d.getAttribute("href")==="/a",opacity:/^0.5/.test(d.style.opacity),cssFloat:!!d.style.cssFloat,checkOn:h.value==="on",optSelected:g.selected,getSetAttribute:n.className!=="t",enctype:!!e.createElement("form").enctype,html5Clone:e.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",boxModel:e.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},h.checked=!0,b.noCloneChecked=h.cloneNode(!0).checked,f.disabled=!0,b.optDisabled=!g.disabled;try{delete n.test}catch(o){b.deleteExpando=!1}!n.addEventListener&&n.attachEvent&&n.fireEvent&&(n.attachEvent("onclick",m=function(){b.noCloneEvent=!1}),n.cloneNode(!0).fireEvent("onclick"),n.detachEvent("onclick",m)),h=e.createElement("input"),h.value="t",h.setAttribute("type","radio"),b.radioValue=h.value==="t",h.setAttribute("checked","checked"),h.setAttribute("name","t"),n.appendChild(h),i=e.createDocumentFragment(),i.appendChild(n.lastChild),b.checkClone=i.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=h.checked,i.removeChild(h),i.appendChild(n);if(n.attachEvent)for(k in{submit:!0,change:!0,focusin:!0})j="on"+k,l=j in n,l||(n.setAttribute(j,"return;"),l=typeof n[j]=="function"),b[k+"Bubbles"]=l;return p(function(){var c,d,f,g,h="padding:0;margin:0;border:0;display:block;overflow:hidden;",i=e.getElementsByTagName("body")[0];if(!i)return;c=e.createElement("div"),c.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",i.insertBefore(c,i.firstChild),d=e.createElement("div"),c.appendChild(d),d.innerHTML="
        t
        ",f=d.getElementsByTagName("td"),f[0].style.cssText="padding:0;margin:0;border:0;display:none",l=f[0].offsetHeight===0,f[0].style.display="",f[1].style.display="none",b.reliableHiddenOffsets=l&&f[0].offsetHeight===0,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",b.boxSizing=d.offsetWidth===4,b.doesNotIncludeMarginInBodyOffset=i.offsetTop!==1,a.getComputedStyle&&(b.pixelPosition=(a.getComputedStyle(d,null)||{}).top!=="1%",b.boxSizingReliable=(a.getComputedStyle(d,null)||{width:"4px"}).width==="4px",g=e.createElement("div"),g.style.cssText=d.style.cssText=h,g.style.marginRight=g.style.width="0",d.style.width="1px",d.appendChild(g),b.reliableMarginRight=!parseFloat((a.getComputedStyle(g,null)||{}).marginRight)),typeof d.style.zoom!="undefined"&&(d.innerHTML="",d.style.cssText=h+"width:1px;padding:1px;display:inline;zoom:1",b.inlineBlockNeedsLayout=d.offsetWidth===3,d.style.display="block",d.style.overflow="visible",d.innerHTML="
        ",d.firstChild.style.width="5px",b.shrinkWrapBlocks=d.offsetWidth!==3,c.style.zoom=1),i.removeChild(c),c=d=f=g=null}),i.removeChild(n),c=d=f=g=h=i=n=null,b}();var H=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,I=/([A-Z])/g;p.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(p.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){return a=a.nodeType?p.cache[a[p.expando]]:a[p.expando],!!a&&!K(a)},data:function(a,c,d,e){if(!p.acceptData(a))return;var f,g,h=p.expando,i=typeof c=="string",j=a.nodeType,k=j?p.cache:a,l=j?a[h]:a[h]&&h;if((!l||!k[l]||!e&&!k[l].data)&&i&&d===b)return;l||(j?a[h]=l=p.deletedIds.pop()||p.guid++:l=h),k[l]||(k[l]={},j||(k[l].toJSON=p.noop));if(typeof c=="object"||typeof c=="function")e?k[l]=p.extend(k[l],c):k[l].data=p.extend(k[l].data,c);return f=k[l],e||(f.data||(f.data={}),f=f.data),d!==b&&(f[p.camelCase(c)]=d),i?(g=f[c],g==null&&(g=f[p.camelCase(c)])):g=f,g},removeData:function(a,b,c){if(!p.acceptData(a))return;var d,e,f,g=a.nodeType,h=g?p.cache:a,i=g?a[p.expando]:p.expando;if(!h[i])return;if(b){d=c?h[i]:h[i].data;if(d){p.isArray(b)||(b in d?b=[b]:(b=p.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,f=b.length;e1,null,!1))},removeData:function(a){return this.each(function(){p.removeData(this,a)})}}),p.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=p._data(a,b),c&&(!d||p.isArray(c)?d=p._data(a,b,p.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=p.queue(a,b),d=c.length,e=c.shift(),f=p._queueHooks(a,b),g=function(){p.dequeue(a,b)};e==="inprogress"&&(e=c.shift(),d--),e&&(b==="fx"&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return p._data(a,c)||p._data(a,c,{empty:p.Callbacks("once memory").add(function(){p.removeData(a,b+"queue",!0),p.removeData(a,c,!0)})})}}),p.fn.extend({queue:function(a,c){var d=2;return typeof a!="string"&&(c=a,a="fx",d--),arguments.length1)},removeAttr:function(a){return this.each(function(){p.removeAttr(this,a)})},prop:function(a,b){return p.access(this,p.prop,a,b,arguments.length>1)},removeProp:function(a){return a=p.propFix[a]||a,this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,f,g,h;if(p.isFunction(a))return this.each(function(b){p(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(s);for(c=0,d=this.length;c=0)d=d.replace(" "+c[f]+" "," ");e.className=a?p.trim(d):""}}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";return p.isFunction(a)?this.each(function(c){p(this).toggleClass(a.call(this,c,this.className,b),b)}):this.each(function(){if(c==="string"){var e,f=0,g=p(this),h=b,i=a.split(s);while(e=i[f++])h=d?h:!g.hasClass(e),g[h?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&p._data(this,"__className__",this.className),this.className=this.className||a===!1?"":p._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ",c=0,d=this.length;for(;c=0)return!0;return!1},val:function(a){var c,d,e,f=this[0];if(!arguments.length){if(f)return c=p.valHooks[f.type]||p.valHooks[f.nodeName.toLowerCase()],c&&"get"in c&&(d=c.get(f,"value"))!==b?d:(d=f.value,typeof d=="string"?d.replace(P,""):d==null?"":d);return}return e=p.isFunction(a),this.each(function(d){var f,g=p(this);if(this.nodeType!==1)return;e?f=a.call(this,d,g.val()):f=a,f==null?f="":typeof f=="number"?f+="":p.isArray(f)&&(f=p.map(f,function(a){return a==null?"":a+""})),c=p.valHooks[this.type]||p.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,f,"value")===b)this.value=f})}}),p.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,f=a.selectedIndex,g=[],h=a.options,i=a.type==="select-one";if(f<0)return null;c=i?f:0,d=i?f+1:h.length;for(;c=0}),c.length||(a.selectedIndex=-1),c}}},attrFn:{},attr:function(a,c,d,e){var f,g,h,i=a.nodeType;if(!a||i===3||i===8||i===2)return;if(e&&p.isFunction(p.fn[c]))return p(a)[c](d);if(typeof a.getAttribute=="undefined")return p.prop(a,c,d);h=i!==1||!p.isXMLDoc(a),h&&(c=c.toLowerCase(),g=p.attrHooks[c]||(T.test(c)?M:L));if(d!==b){if(d===null){p.removeAttr(a,c);return}return g&&"set"in g&&h&&(f=g.set(a,d,c))!==b?f:(a.setAttribute(c,d+""),d)}return g&&"get"in g&&h&&(f=g.get(a,c))!==null?f:(f=a.getAttribute(c),f===null?b:f)},removeAttr:function(a,b){var c,d,e,f,g=0;if(b&&a.nodeType===1){d=b.split(s);for(;g=0}})});var V=/^(?:textarea|input|select)$/i,W=/^([^\.]*|)(?:\.(.+)|)$/,X=/(?:^|\s)hover(\.\S+|)\b/,Y=/^key/,Z=/^(?:mouse|contextmenu)|click/,$=/^(?:focusinfocus|focusoutblur)$/,_=function(a){return p.event.special.hover?a:a.replace(X,"mouseenter$1 mouseleave$1")};p.event={add:function(a,c,d,e,f){var g,h,i,j,k,l,m,n,o,q,r;if(a.nodeType===3||a.nodeType===8||!c||!d||!(g=p._data(a)))return;d.handler&&(o=d,d=o.handler,f=o.selector),d.guid||(d.guid=p.guid++),i=g.events,i||(g.events=i={}),h=g.handle,h||(g.handle=h=function(a){return typeof p!="undefined"&&(!a||p.event.triggered!==a.type)?p.event.dispatch.apply(h.elem,arguments):b},h.elem=a),c=p.trim(_(c)).split(" ");for(j=0;j=0&&(s=s.slice(0,-1),i=!0),s.indexOf(".")>=0&&(t=s.split("."),s=t.shift(),t.sort());if((!f||p.event.customEvent[s])&&!p.event.global[s])return;c=typeof c=="object"?c[p.expando]?c:new p.Event(s,c):new p.Event(s),c.type=s,c.isTrigger=!0,c.exclusive=i,c.namespace=t.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+t.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,m=s.indexOf(":")<0?"on"+s:"";if(!f){h=p.cache;for(j in h)h[j].events&&h[j].events[s]&&p.event.trigger(c,d,h[j].handle.elem,!0);return}c.result=b,c.target||(c.target=f),d=d!=null?p.makeArray(d):[],d.unshift(c),n=p.event.special[s]||{};if(n.trigger&&n.trigger.apply(f,d)===!1)return;q=[[f,n.bindType||s]];if(!g&&!n.noBubble&&!p.isWindow(f)){r=n.delegateType||s,k=$.test(r+s)?f:f.parentNode;for(l=f;k;k=k.parentNode)q.push([k,r]),l=k;l===(f.ownerDocument||e)&&q.push([l.defaultView||l.parentWindow||a,r])}for(j=0;j=0:p.find(m,this,null,[f]).length),h[m]&&j.push(l);j.length&&u.push({elem:f,matches:j})}o.length>q&&u.push({elem:this,matches:o.slice(q)});for(d=0;d0?this.on(b,null,a,c):this.trigger(b)},Y.test(b)&&(p.event.fixHooks[b]=p.event.keyHooks),Z.test(b)&&(p.event.fixHooks[b]=p.event.mouseHooks)}),function(a,b){function bc(a,b,c,d){c=c||[],b=b||r;var e,f,i,j,k=b.nodeType;if(!a||typeof a!="string")return c;if(k!==1&&k!==9)return[];i=g(b);if(!i&&!d)if(e=P.exec(a))if(j=e[1]){if(k===9){f=b.getElementById(j);if(!f||!f.parentNode)return c;if(f.id===j)return c.push(f),c}else if(b.ownerDocument&&(f=b.ownerDocument.getElementById(j))&&h(b,f)&&f.id===j)return c.push(f),c}else{if(e[2])return w.apply(c,x.call(b.getElementsByTagName(a),0)),c;if((j=e[3])&&_&&b.getElementsByClassName)return w.apply(c,x.call(b.getElementsByClassName(j),0)),c}return bp(a.replace(L,"$1"),b,c,d,i)}function bd(a){return function(b){var c=b.nodeName.toLowerCase();return c==="input"&&b.type===a}}function be(a){return function(b){var c=b.nodeName.toLowerCase();return(c==="input"||c==="button")&&b.type===a}}function bf(a){return z(function(b){return b=+b,z(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function bg(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}function bh(a,b){var c,d,f,g,h,i,j,k=C[o][a];if(k)return b?0:k.slice(0);h=a,i=[],j=e.preFilter;while(h){if(!c||(d=M.exec(h)))d&&(h=h.slice(d[0].length)),i.push(f=[]);c=!1;if(d=N.exec(h))f.push(c=new q(d.shift())),h=h.slice(c.length),c.type=d[0].replace(L," ");for(g in e.filter)(d=W[g].exec(h))&&(!j[g]||(d=j[g](d,r,!0)))&&(f.push(c=new q(d.shift())),h=h.slice(c.length),c.type=g,c.matches=d);if(!c)break}return b?h.length:h?bc.error(a):C(a,i).slice(0)}function bi(a,b,d){var e=b.dir,f=d&&b.dir==="parentNode",g=u++;return b.first?function(b,c,d){while(b=b[e])if(f||b.nodeType===1)return a(b,c,d)}:function(b,d,h){if(!h){var i,j=t+" "+g+" ",k=j+c;while(b=b[e])if(f||b.nodeType===1){if((i=b[o])===k)return b.sizset;if(typeof i=="string"&&i.indexOf(j)===0){if(b.sizset)return b}else{b[o]=k;if(a(b,d,h))return b.sizset=!0,b;b.sizset=!1}}}else while(b=b[e])if(f||b.nodeType===1)if(a(b,d,h))return b}}function bj(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function bk(a,b,c,d,e){var f,g=[],h=0,i=a.length,j=b!=null;for(;h-1},h,!0),m=[function(a,c,d){return!g&&(d||c!==l)||((b=c).nodeType?j(a,c,d):k(a,c,d))}];for(;i1&&bj(m),i>1&&a.slice(0,i-1).join("").replace(L,"$1"),c,i0,f=a.length>0,g=function(h,i,j,k,m){var n,o,p,q=[],s=0,u="0",x=h&&[],y=m!=null,z=l,A=h||f&&e.find.TAG("*",m&&i.parentNode||i),B=t+=z==null?1:Math.E;y&&(l=i!==r&&i,c=g.el);for(;(n=A[u])!=null;u++){if(f&&n){for(o=0;p=a[o];o++)if(p(n,i,j)){k.push(n);break}y&&(t=B,c=++g.el)}d&&((n=!p&&n)&&s--,h&&x.push(n))}s+=u;if(d&&u!==s){for(o=0;p=b[o];o++)p(x,q,i,j);if(h){if(s>0)while(u--)!x[u]&&!q[u]&&(q[u]=v.call(k));q=bk(q)}w.apply(k,q),y&&!h&&q.length>0&&s+b.length>1&&bc.uniqueSort(k)}return y&&(t=B,l=z),x};return g.el=0,d?z(g):g}function bo(a,b,c,d){var e=0,f=b.length;for(;e2&&(j=h[0]).type==="ID"&&b.nodeType===9&&!f&&e.relative[h[1].type]){b=e.find.ID(j.matches[0].replace(V,""),b,f)[0];if(!b)return c;a=a.slice(h.shift().length)}for(g=W.POS.test(a)?-1:h.length-1;g>=0;g--){j=h[g];if(e.relative[k=j.type])break;if(l=e.find[k])if(d=l(j.matches[0].replace(V,""),R.test(h[0].type)&&b.parentNode||b,f)){h.splice(g,1),a=d.length&&h.join("");if(!a)return w.apply(c,x.call(d,0)),c;break}}}return i(a,m)(d,b,f,c,R.test(a)),c}function bq(){}var c,d,e,f,g,h,i,j,k,l,m=!0,n="undefined",o=("sizcache"+Math.random()).replace(".",""),q=String,r=a.document,s=r.documentElement,t=0,u=0,v=[].pop,w=[].push,x=[].slice,y=[].indexOf||function(a){var b=0,c=this.length;for(;be.cacheLength&&delete a[b.shift()],a[c]=d},a)},B=A(),C=A(),D=A(),E="[\\x20\\t\\r\\n\\f]",F="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",G=F.replace("w","w#"),H="([*^$|!~]?=)",I="\\["+E+"*("+F+")"+E+"*(?:"+H+E+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+G+")|)|)"+E+"*\\]",J=":("+F+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|([^()[\\]]*|(?:(?:"+I+")|[^:]|\\\\.)*|.*))\\)|)",K=":(even|odd|eq|gt|lt|nth|first|last)(?:\\("+E+"*((?:-\\d)?\\d*)"+E+"*\\)|)(?=[^-]|$)",L=new RegExp("^"+E+"+|((?:^|[^\\\\])(?:\\\\.)*)"+E+"+$","g"),M=new RegExp("^"+E+"*,"+E+"*"),N=new RegExp("^"+E+"*([\\x20\\t\\r\\n\\f>+~])"+E+"*"),O=new RegExp(J),P=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,Q=/^:not/,R=/[\x20\t\r\n\f]*[+~]/,S=/:not\($/,T=/h\d/i,U=/input|select|textarea|button/i,V=/\\(?!\\)/g,W={ID:new RegExp("^#("+F+")"),CLASS:new RegExp("^\\.("+F+")"),NAME:new RegExp("^\\[name=['\"]?("+F+")['\"]?\\]"),TAG:new RegExp("^("+F.replace("w","w*")+")"),ATTR:new RegExp("^"+I),PSEUDO:new RegExp("^"+J),POS:new RegExp(K,"i"),CHILD:new RegExp("^:(only|nth|first|last)-child(?:\\("+E+"*(even|odd|(([+-]|)(\\d*)n|)"+E+"*(?:([+-]|)"+E+"*(\\d+)|))"+E+"*\\)|)","i"),needsContext:new RegExp("^"+E+"*[>+~]|"+K,"i")},X=function(a){var b=r.createElement("div");try{return a(b)}catch(c){return!1}finally{b=null}},Y=X(function(a){return a.appendChild(r.createComment("")),!a.getElementsByTagName("*").length}),Z=X(function(a){return a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!==n&&a.firstChild.getAttribute("href")==="#"}),$=X(function(a){a.innerHTML="";var b=typeof a.lastChild.getAttribute("multiple");return b!=="boolean"&&b!=="string"}),_=X(function(a){return a.innerHTML="",!a.getElementsByClassName||!a.getElementsByClassName("e").length?!1:(a.lastChild.className="e",a.getElementsByClassName("e").length===2)}),ba=X(function(a){a.id=o+0,a.innerHTML="
        ",s.insertBefore(a,s.firstChild);var b=r.getElementsByName&&r.getElementsByName(o).length===2+r.getElementsByName(o+0).length;return d=!r.getElementById(o),s.removeChild(a),b});try{x.call(s.childNodes,0)[0].nodeType}catch(bb){x=function(a){var b,c=[];for(;b=this[a];a++)c.push(b);return c}}bc.matches=function(a,b){return bc(a,null,null,b)},bc.matchesSelector=function(a,b){return bc(b,null,null,[a]).length>0},f=bc.getText=function(a){var b,c="",d=0,e=a.nodeType;if(e){if(e===1||e===9||e===11){if(typeof a.textContent=="string")return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=f(a)}else if(e===3||e===4)return a.nodeValue}else for(;b=a[d];d++)c+=f(b);return c},g=bc.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?b.nodeName!=="HTML":!1},h=bc.contains=s.contains?function(a,b){var c=a.nodeType===9?a.documentElement:a,d=b&&b.parentNode;return a===d||!!(d&&d.nodeType===1&&c.contains&&c.contains(d))}:s.compareDocumentPosition?function(a,b){return b&&!!(a.compareDocumentPosition(b)&16)}:function(a,b){while(b=b.parentNode)if(b===a)return!0;return!1},bc.attr=function(a,b){var c,d=g(a);return d||(b=b.toLowerCase()),(c=e.attrHandle[b])?c(a):d||$?a.getAttribute(b):(c=a.getAttributeNode(b),c?typeof a[b]=="boolean"?a[b]?b:null:c.specified?c.value:null:null)},e=bc.selectors={cacheLength:50,createPseudo:z,match:W,attrHandle:Z?{}:{href:function(a){return a.getAttribute("href",2)},type:function(a){return a.getAttribute("type")}},find:{ID:d?function(a,b,c){if(typeof b.getElementById!==n&&!c){var d=b.getElementById(a);return d&&d.parentNode?[d]:[]}}:function(a,c,d){if(typeof c.getElementById!==n&&!d){var e=c.getElementById(a);return e?e.id===a||typeof e.getAttributeNode!==n&&e.getAttributeNode("id").value===a?[e]:b:[]}},TAG:Y?function(a,b){if(typeof b.getElementsByTagName!==n)return b.getElementsByTagName(a)}:function(a,b){var c=b.getElementsByTagName(a);if(a==="*"){var d,e=[],f=0;for(;d=c[f];f++)d.nodeType===1&&e.push(d);return e}return c},NAME:ba&&function(a,b){if(typeof b.getElementsByName!==n)return b.getElementsByName(name)},CLASS:_&&function(a,b,c){if(typeof b.getElementsByClassName!==n&&!c)return b.getElementsByClassName(a)}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(V,""),a[3]=(a[4]||a[5]||"").replace(V,""),a[2]==="~="&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),a[1]==="nth"?(a[2]||bc.error(a[0]),a[3]=+(a[3]?a[4]+(a[5]||1):2*(a[2]==="even"||a[2]==="odd")),a[4]=+(a[6]+a[7]||a[2]==="odd")):a[2]&&bc.error(a[0]),a},PSEUDO:function(a){var b,c;if(W.CHILD.test(a[0]))return null;if(a[3])a[2]=a[3];else if(b=a[4])O.test(b)&&(c=bh(b,!0))&&(c=b.indexOf(")",b.length-c)-b.length)&&(b=b.slice(0,c),a[0]=a[0].slice(0,c)),a[2]=b;return a.slice(0,3)}},filter:{ID:d?function(a){return a=a.replace(V,""),function(b){return b.getAttribute("id")===a}}:function(a){return a=a.replace(V,""),function(b){var c=typeof b.getAttributeNode!==n&&b.getAttributeNode("id");return c&&c.value===a}},TAG:function(a){return a==="*"?function(){return!0}:(a=a.replace(V,"").toLowerCase(),function(b){return b.nodeName&&b.nodeName.toLowerCase()===a})},CLASS:function(a){var b=B[o][a];return b||(b=B(a,new RegExp("(^|"+E+")"+a+"("+E+"|$)"))),function(a){return b.test(a.className||typeof a.getAttribute!==n&&a.getAttribute("class")||"")}},ATTR:function(a,b,c){return function(d,e){var f=bc.attr(d,a);return f==null?b==="!=":b?(f+="",b==="="?f===c:b==="!="?f!==c:b==="^="?c&&f.indexOf(c)===0:b==="*="?c&&f.indexOf(c)>-1:b==="$="?c&&f.substr(f.length-c.length)===c:b==="~="?(" "+f+" ").indexOf(c)>-1:b==="|="?f===c||f.substr(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d){return a==="nth"?function(a){var b,e,f=a.parentNode;if(c===1&&d===0)return!0;if(f){e=0;for(b=f.firstChild;b;b=b.nextSibling)if(b.nodeType===1){e++;if(a===b)break}}return e-=d,e===c||e%c===0&&e/c>=0}:function(b){var c=b;switch(a){case"only":case"first":while(c=c.previousSibling)if(c.nodeType===1)return!1;if(a==="first")return!0;c=b;case"last":while(c=c.nextSibling)if(c.nodeType===1)return!1;return!0}}},PSEUDO:function(a,b){var c,d=e.pseudos[a]||e.setFilters[a.toLowerCase()]||bc.error("unsupported pseudo: "+a);return d[o]?d(b):d.length>1?(c=[a,a,"",b],e.setFilters.hasOwnProperty(a.toLowerCase())?z(function(a,c){var e,f=d(a,b),g=f.length;while(g--)e=y.call(a,f[g]),a[e]=!(c[e]=f[g])}):function(a){return d(a,0,c)}):d}},pseudos:{not:z(function(a){var b=[],c=[],d=i(a.replace(L,"$1"));return d[o]?z(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)if(f=g[h])a[h]=!(b[h]=f)}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:z(function(a){return function(b){return bc(a,b).length>0}}),contains:z(function(a){return function(b){return(b.textContent||b.innerText||f(b)).indexOf(a)>-1}}),enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&!!a.checked||b==="option"&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},parent:function(a){return!e.pseudos.empty(a)},empty:function(a){var b;a=a.firstChild;while(a){if(a.nodeName>"@"||(b=a.nodeType)===3||b===4)return!1;a=a.nextSibling}return!0},header:function(a){return T.test(a.nodeName)},text:function(a){var b,c;return a.nodeName.toLowerCase()==="input"&&(b=a.type)==="text"&&((c=a.getAttribute("type"))==null||c.toLowerCase()===b)},radio:bd("radio"),checkbox:bd("checkbox"),file:bd("file"),password:bd("password"),image:bd("image"),submit:be("submit"),reset:be("reset"),button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&a.type==="button"||b==="button"},input:function(a){return U.test(a.nodeName)},focus:function(a){var b=a.ownerDocument;return a===b.activeElement&&(!b.hasFocus||b.hasFocus())&&(!!a.type||!!a.href)},active:function(a){return a===a.ownerDocument.activeElement},first:bf(function(a,b,c){return[0]}),last:bf(function(a,b,c){return[b-1]}),eq:bf(function(a,b,c){return[c<0?c+b:c]}),even:bf(function(a,b,c){for(var d=0;d=0;)a.push(d);return a}),gt:bf(function(a,b,c){for(var d=c<0?c+b:c;++d",a.querySelectorAll("[selected]").length||e.push("\\["+E+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),a.querySelectorAll(":checked").length||e.push(":checked")}),X(function(a){a.innerHTML="

        ",a.querySelectorAll("[test^='']").length&&e.push("[*^$]="+E+"*(?:\"\"|'')"),a.innerHTML="",a.querySelectorAll(":enabled").length||e.push(":enabled",":disabled")}),e=new RegExp(e.join("|")),bp=function(a,d,f,g,h){if(!g&&!h&&(!e||!e.test(a))){var i,j,k=!0,l=o,m=d,n=d.nodeType===9&&a;if(d.nodeType===1&&d.nodeName.toLowerCase()!=="object"){i=bh(a),(k=d.getAttribute("id"))?l=k.replace(c,"\\$&"):d.setAttribute("id",l),l="[id='"+l+"'] ",j=i.length;while(j--)i[j]=l+i[j].join("");m=R.test(a)&&d.parentNode||d,n=i.join(",")}if(n)try{return w.apply(f,x.call(m.querySelectorAll(n),0)),f}catch(p){}finally{k||d.removeAttribute("id")}}return b(a,d,f,g,h)},h&&(X(function(b){a=h.call(b,"div");try{h.call(b,"[test!='']:sizzle"),f.push("!=",J)}catch(c){}}),f=new RegExp(f.join("|")),bc.matchesSelector=function(b,c){c=c.replace(d,"='$1']");if(!g(b)&&!f.test(c)&&(!e||!e.test(c)))try{var i=h.call(b,c);if(i||a||b.document&&b.document.nodeType!==11)return i}catch(j){}return bc(c,null,null,[b]).length>0})}(),e.pseudos.nth=e.pseudos.eq,e.filters=bq.prototype=e.pseudos,e.setFilters=new bq,bc.attr=p.attr,p.find=bc,p.expr=bc.selectors,p.expr[":"]=p.expr.pseudos,p.unique=bc.uniqueSort,p.text=bc.getText,p.isXMLDoc=bc.isXML,p.contains=bc.contains}(a);var bc=/Until$/,bd=/^(?:parents|prev(?:Until|All))/,be=/^.[^:#\[\.,]*$/,bf=p.expr.match.needsContext,bg={children:!0,contents:!0,next:!0,prev:!0};p.fn.extend({find:function(a){var b,c,d,e,f,g,h=this;if(typeof a!="string")return p(a).filter(function(){for(b=0,c=h.length;b0)for(e=d;e=0:p.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c,d=0,e=this.length,f=[],g=bf.test(a)||typeof a!="string"?p(a,b||this.context):0;for(;d-1:p.find.matchesSelector(c,a)){f.push(c);break}c=c.parentNode}}return f=f.length>1?p.unique(f):f,this.pushStack(f,"closest",a)},index:function(a){return a?typeof a=="string"?p.inArray(this[0],p(a)):p.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(a,b){var c=typeof a=="string"?p(a,b):p.makeArray(a&&a.nodeType?[a]:a),d=p.merge(this.get(),c);return this.pushStack(bh(c[0])||bh(d[0])?d:p.unique(d))},addBack:function(a){return this.add(a==null?this.prevObject:this.prevObject.filter(a))}}),p.fn.andSelf=p.fn.addBack,p.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return p.dir(a,"parentNode")},parentsUntil:function(a,b,c){return p.dir(a,"parentNode",c)},next:function(a){return bi(a,"nextSibling")},prev:function(a){return bi(a,"previousSibling")},nextAll:function(a){return p.dir(a,"nextSibling")},prevAll:function(a){return p.dir(a,"previousSibling")},nextUntil:function(a,b,c){return p.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return p.dir(a,"previousSibling",c)},siblings:function(a){return p.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return p.sibling(a.firstChild)},contents:function(a){return p.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:p.merge([],a.childNodes)}},function(a,b){p.fn[a]=function(c,d){var e=p.map(this,b,c);return bc.test(a)||(d=c),d&&typeof d=="string"&&(e=p.filter(d,e)),e=this.length>1&&!bg[a]?p.unique(e):e,this.length>1&&bd.test(a)&&(e=e.reverse()),this.pushStack(e,a,k.call(arguments).join(","))}}),p.extend({filter:function(a,b,c){return c&&(a=":not("+a+")"),b.length===1?p.find.matchesSelector(b[0],a)?[b[0]]:[]:p.find.matches(a,b)},dir:function(a,c,d){var e=[],f=a[c];while(f&&f.nodeType!==9&&(d===b||f.nodeType!==1||!p(f).is(d)))f.nodeType===1&&e.push(f),f=f[c];return e},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var bl="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",bm=/ jQuery\d+="(?:null|\d+)"/g,bn=/^\s+/,bo=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bp=/<([\w:]+)/,bq=/]","i"),bv=/^(?:checkbox|radio)$/,bw=/checked\s*(?:[^=]|=\s*.checked.)/i,bx=/\/(java|ecma)script/i,by=/^\s*\s*$/g,bz={option:[1,""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bA=bk(e),bB=bA.appendChild(e.createElement("div"));bz.optgroup=bz.option,bz.tbody=bz.tfoot=bz.colgroup=bz.caption=bz.thead,bz.th=bz.td,p.support.htmlSerialize||(bz._default=[1,"X
        ","
        "]),p.fn.extend({text:function(a){return p.access(this,function(a){return a===b?p.text(this):this.empty().append((this[0]&&this[0].ownerDocument||e).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(p.isFunction(a))return this.each(function(b){p(this).wrapAll(a.call(this,b))});if(this[0]){var b=p(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return p.isFunction(a)?this.each(function(b){p(this).wrapInner(a.call(this,b))}):this.each(function(){var b=p(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=p.isFunction(a);return this.each(function(c){p(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){p.nodeName(this,"body")||p(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(a,this.firstChild)})},before:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(a,this),"before",this.selector)}},after:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(this,a),"after",this.selector)}},remove:function(a,b){var c,d=0;for(;(c=this[d])!=null;d++)if(!a||p.filter(a,[c]).length)!b&&c.nodeType===1&&(p.cleanData(c.getElementsByTagName("*")),p.cleanData([c])),c.parentNode&&c.parentNode.removeChild(c);return this},empty:function(){var a,b=0;for(;(a=this[b])!=null;b++){a.nodeType===1&&p.cleanData(a.getElementsByTagName("*"));while(a.firstChild)a.removeChild(a.firstChild)}return this},clone:function(a,b){return a=a==null?!1:a,b=b==null?a:b,this.map(function(){return p.clone(this,a,b)})},html:function(a){return p.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(bm,""):b;if(typeof a=="string"&&!bs.test(a)&&(p.support.htmlSerialize||!bu.test(a))&&(p.support.leadingWhitespace||!bn.test(a))&&!bz[(bp.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(bo,"<$1>");try{for(;d1&&typeof j=="string"&&bw.test(j))return this.each(function(){p(this).domManip(a,c,d)});if(p.isFunction(j))return this.each(function(e){var f=p(this);a[0]=j.call(this,e,c?f.html():b),f.domManip(a,c,d)});if(this[0]){e=p.buildFragment(a,this,k),g=e.fragment,f=g.firstChild,g.childNodes.length===1&&(g=f);if(f){c=c&&p.nodeName(f,"tr");for(h=e.cacheable||l-1;i0?this.clone(!0):this).get(),p(g[e])[b](d),f=f.concat(d);return this.pushStack(f,a,g.selector)}}),p.extend({clone:function(a,b,c){var d,e,f,g;p.support.html5Clone||p.isXMLDoc(a)||!bu.test("<"+a.nodeName+">")?g=a.cloneNode(!0):(bB.innerHTML=a.outerHTML,bB.removeChild(g=bB.firstChild));if((!p.support.noCloneEvent||!p.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!p.isXMLDoc(a)){bE(a,g),d=bF(a),e=bF(g);for(f=0;d[f];++f)e[f]&&bE(d[f],e[f])}if(b){bD(a,g);if(c){d=bF(a),e=bF(g);for(f=0;d[f];++f)bD(d[f],e[f])}}return d=e=null,g},clean:function(a,b,c,d){var f,g,h,i,j,k,l,m,n,o,q,r,s=b===e&&bA,t=[];if(!b||typeof b.createDocumentFragment=="undefined")b=e;for(f=0;(h=a[f])!=null;f++){typeof h=="number"&&(h+="");if(!h)continue;if(typeof h=="string")if(!br.test(h))h=b.createTextNode(h);else{s=s||bk(b),l=b.createElement("div"),s.appendChild(l),h=h.replace(bo,"<$1>"),i=(bp.exec(h)||["",""])[1].toLowerCase(),j=bz[i]||bz._default,k=j[0],l.innerHTML=j[1]+h+j[2];while(k--)l=l.lastChild;if(!p.support.tbody){m=bq.test(h),n=i==="table"&&!m?l.firstChild&&l.firstChild.childNodes:j[1]===""&&!m?l.childNodes:[];for(g=n.length-1;g>=0;--g)p.nodeName(n[g],"tbody")&&!n[g].childNodes.length&&n[g].parentNode.removeChild(n[g])}!p.support.leadingWhitespace&&bn.test(h)&&l.insertBefore(b.createTextNode(bn.exec(h)[0]),l.firstChild),h=l.childNodes,l.parentNode.removeChild(l)}h.nodeType?t.push(h):p.merge(t,h)}l&&(h=l=s=null);if(!p.support.appendChecked)for(f=0;(h=t[f])!=null;f++)p.nodeName(h,"input")?bG(h):typeof h.getElementsByTagName!="undefined"&&p.grep(h.getElementsByTagName("input"),bG);if(c){q=function(a){if(!a.type||bx.test(a.type))return d?d.push(a.parentNode?a.parentNode.removeChild(a):a):c.appendChild(a)};for(f=0;(h=t[f])!=null;f++)if(!p.nodeName(h,"script")||!q(h))c.appendChild(h),typeof h.getElementsByTagName!="undefined"&&(r=p.grep(p.merge([],h.getElementsByTagName("script")),q),t.splice.apply(t,[f+1,0].concat(r)),f+=r.length)}return t},cleanData:function(a,b){var c,d,e,f,g=0,h=p.expando,i=p.cache,j=p.support.deleteExpando,k=p.event.special;for(;(e=a[g])!=null;g++)if(b||p.acceptData(e)){d=e[h],c=d&&i[d];if(c){if(c.events)for(f in c.events)k[f]?p.event.remove(e,f):p.removeEvent(e,f,c.handle);i[d]&&(delete i[d],j?delete e[h]:e.removeAttribute?e.removeAttribute(h):e[h]=null,p.deletedIds.push(d))}}}}),function(){var a,b;p.uaMatch=function(a){a=a.toLowerCase();var b=/(chrome)[ \/]([\w.]+)/.exec(a)||/(webkit)[ \/]([\w.]+)/.exec(a)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(a)||/(msie) ([\w.]+)/.exec(a)||a.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},a=p.uaMatch(g.userAgent),b={},a.browser&&(b[a.browser]=!0,b.version=a.version),b.chrome?b.webkit=!0:b.webkit&&(b.safari=!0),p.browser=b,p.sub=function(){function a(b,c){return new a.fn.init(b,c)}p.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function c(c,d){return d&&d instanceof p&&!(d instanceof a)&&(d=a(d)),p.fn.init.call(this,c,d,b)},a.fn.init.prototype=a.fn;var b=a(e);return a}}();var bH,bI,bJ,bK=/alpha\([^)]*\)/i,bL=/opacity=([^)]*)/,bM=/^(top|right|bottom|left)$/,bN=/^(none|table(?!-c[ea]).+)/,bO=/^margin/,bP=new RegExp("^("+q+")(.*)$","i"),bQ=new RegExp("^("+q+")(?!px)[a-z%]+$","i"),bR=new RegExp("^([-+])=("+q+")","i"),bS={},bT={position:"absolute",visibility:"hidden",display:"block"},bU={letterSpacing:0,fontWeight:400},bV=["Top","Right","Bottom","Left"],bW=["Webkit","O","Moz","ms"],bX=p.fn.toggle;p.fn.extend({css:function(a,c){return p.access(this,function(a,c,d){return d!==b?p.style(a,c,d):p.css(a,c)},a,c,arguments.length>1)},show:function(){return b$(this,!0)},hide:function(){return b$(this)},toggle:function(a,b){var c=typeof a=="boolean";return p.isFunction(a)&&p.isFunction(b)?bX.apply(this,arguments):this.each(function(){(c?a:bZ(this))?p(this).show():p(this).hide()})}}),p.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bH(a,"opacity");return c===""?"1":c}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":p.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!a||a.nodeType===3||a.nodeType===8||!a.style)return;var f,g,h,i=p.camelCase(c),j=a.style;c=p.cssProps[i]||(p.cssProps[i]=bY(j,i)),h=p.cssHooks[c]||p.cssHooks[i];if(d===b)return h&&"get"in h&&(f=h.get(a,!1,e))!==b?f:j[c];g=typeof d,g==="string"&&(f=bR.exec(d))&&(d=(f[1]+1)*f[2]+parseFloat(p.css(a,c)),g="number");if(d==null||g==="number"&&isNaN(d))return;g==="number"&&!p.cssNumber[i]&&(d+="px");if(!h||!("set"in h)||(d=h.set(a,d,e))!==b)try{j[c]=d}catch(k){}},css:function(a,c,d,e){var f,g,h,i=p.camelCase(c);return c=p.cssProps[i]||(p.cssProps[i]=bY(a.style,i)),h=p.cssHooks[c]||p.cssHooks[i],h&&"get"in h&&(f=h.get(a,!0,e)),f===b&&(f=bH(a,c)),f==="normal"&&c in bU&&(f=bU[c]),d||e!==b?(g=parseFloat(f),d||p.isNumeric(g)?g||0:f):f},swap:function(a,b,c){var d,e,f={};for(e in b)f[e]=a.style[e],a.style[e]=b[e];d=c.call(a);for(e in b)a.style[e]=f[e];return d}}),a.getComputedStyle?bH=function(b,c){var d,e,f,g,h=a.getComputedStyle(b,null),i=b.style;return h&&(d=h[c],d===""&&!p.contains(b.ownerDocument,b)&&(d=p.style(b,c)),bQ.test(d)&&bO.test(c)&&(e=i.width,f=i.minWidth,g=i.maxWidth,i.minWidth=i.maxWidth=i.width=d,d=h.width,i.width=e,i.minWidth=f,i.maxWidth=g)),d}:e.documentElement.currentStyle&&(bH=function(a,b){var c,d,e=a.currentStyle&&a.currentStyle[b],f=a.style;return e==null&&f&&f[b]&&(e=f[b]),bQ.test(e)&&!bM.test(b)&&(c=f.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":e,e=f.pixelLeft+"px",f.left=c,d&&(a.runtimeStyle.left=d)),e===""?"auto":e}),p.each(["height","width"],function(a,b){p.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth===0&&bN.test(bH(a,"display"))?p.swap(a,bT,function(){return cb(a,b,d)}):cb(a,b,d)},set:function(a,c,d){return b_(a,c,d?ca(a,b,d,p.support.boxSizing&&p.css(a,"boxSizing")==="border-box"):0)}}}),p.support.opacity||(p.cssHooks.opacity={get:function(a,b){return bL.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=p.isNumeric(b)?"alpha(opacity="+b*100+")":"",f=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&p.trim(f.replace(bK,""))===""&&c.removeAttribute){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bK.test(f)?f.replace(bK,e):f+" "+e}}),p(function(){p.support.reliableMarginRight||(p.cssHooks.marginRight={get:function(a,b){return p.swap(a,{display:"inline-block"},function(){if(b)return bH(a,"marginRight")})}}),!p.support.pixelPosition&&p.fn.position&&p.each(["top","left"],function(a,b){p.cssHooks[b]={get:function(a,c){if(c){var d=bH(a,b);return bQ.test(d)?p(a).position()[b]+"px":d}}}})}),p.expr&&p.expr.filters&&(p.expr.filters.hidden=function(a){return a.offsetWidth===0&&a.offsetHeight===0||!p.support.reliableHiddenOffsets&&(a.style&&a.style.display||bH(a,"display"))==="none"},p.expr.filters.visible=function(a){return!p.expr.filters.hidden(a)}),p.each({margin:"",padding:"",border:"Width"},function(a,b){p.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bV[d]+b]=e[d]||e[d-2]||e[0];return f}},bO.test(a)||(p.cssHooks[a+b].set=b_)});var cd=/%20/g,ce=/\[\]$/,cf=/\r?\n/g,cg=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,ch=/^(?:select|textarea)/i;p.fn.extend({serialize:function(){return p.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?p.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||ch.test(this.nodeName)||cg.test(this.type))}).map(function(a,b){var c=p(this).val();return c==null?null:p.isArray(c)?p.map(c,function(a,c){return{name:b.name,value:a.replace(cf,"\r\n")}}):{name:b.name,value:c.replace(cf,"\r\n")}}).get()}}),p.param=function(a,c){var d,e=[],f=function(a,b){b=p.isFunction(b)?b():b==null?"":b,e[e.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=p.ajaxSettings&&p.ajaxSettings.traditional);if(p.isArray(a)||a.jquery&&!p.isPlainObject(a))p.each(a,function(){f(this.name,this.value)});else for(d in a)ci(d,a[d],c,f);return e.join("&").replace(cd,"+")};var cj,ck,cl=/#.*$/,cm=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,cn=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,co=/^(?:GET|HEAD)$/,cp=/^\/\//,cq=/\?/,cr=/)<[^<]*)*<\/script>/gi,cs=/([?&])_=[^&]*/,ct=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,cu=p.fn.load,cv={},cw={},cx=["*/"]+["*"];try{ck=f.href}catch(cy){ck=e.createElement("a"),ck.href="",ck=ck.href}cj=ct.exec(ck.toLowerCase())||[],p.fn.load=function(a,c,d){if(typeof a!="string"&&cu)return cu.apply(this,arguments);if(!this.length)return this;var e,f,g,h=this,i=a.indexOf(" ");return i>=0&&(e=a.slice(i,a.length),a=a.slice(0,i)),p.isFunction(c)?(d=c,c=b):c&&typeof c=="object"&&(f="POST"),p.ajax({url:a,type:f,dataType:"html",data:c,complete:function(a,b){d&&h.each(d,g||[a.responseText,b,a])}}).done(function(a){g=arguments,h.html(e?p("
        ").append(a.replace(cr,"")).find(e):a)}),this},p.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){p.fn[b]=function(a){return this.on(b,a)}}),p.each(["get","post"],function(a,c){p[c]=function(a,d,e,f){return p.isFunction(d)&&(f=f||e,e=d,d=b),p.ajax({type:c,url:a,data:d,success:e,dataType:f})}}),p.extend({getScript:function(a,c){return p.get(a,b,c,"script")},getJSON:function(a,b,c){return p.get(a,b,c,"json")},ajaxSetup:function(a,b){return b?cB(a,p.ajaxSettings):(b=a,a=p.ajaxSettings),cB(a,b),a},ajaxSettings:{url:ck,isLocal:cn.test(cj[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":cx},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":p.parseJSON,"text xml":p.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:cz(cv),ajaxTransport:cz(cw),ajax:function(a,c){function y(a,c,f,i){var k,s,t,u,w,y=c;if(v===2)return;v=2,h&&clearTimeout(h),g=b,e=i||"",x.readyState=a>0?4:0,f&&(u=cC(l,x,f));if(a>=200&&a<300||a===304)l.ifModified&&(w=x.getResponseHeader("Last-Modified"),w&&(p.lastModified[d]=w),w=x.getResponseHeader("Etag"),w&&(p.etag[d]=w)),a===304?(y="notmodified",k=!0):(k=cD(l,u),y=k.state,s=k.data,t=k.error,k=!t);else{t=y;if(!y||a)y="error",a<0&&(a=0)}x.status=a,x.statusText=(c||y)+"",k?o.resolveWith(m,[s,y,x]):o.rejectWith(m,[x,y,t]),x.statusCode(r),r=b,j&&n.trigger("ajax"+(k?"Success":"Error"),[x,l,k?s:t]),q.fireWith(m,[x,y]),j&&(n.trigger("ajaxComplete",[x,l]),--p.active||p.event.trigger("ajaxStop"))}typeof a=="object"&&(c=a,a=b),c=c||{};var d,e,f,g,h,i,j,k,l=p.ajaxSetup({},c),m=l.context||l,n=m!==l&&(m.nodeType||m instanceof p)?p(m):p.event,o=p.Deferred(),q=p.Callbacks("once memory"),r=l.statusCode||{},t={},u={},v=0,w="canceled",x={readyState:0,setRequestHeader:function(a,b){if(!v){var c=a.toLowerCase();a=u[c]=u[c]||a,t[a]=b}return this},getAllResponseHeaders:function(){return v===2?e:null},getResponseHeader:function(a){var c;if(v===2){if(!f){f={};while(c=cm.exec(e))f[c[1].toLowerCase()]=c[2]}c=f[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){return v||(l.mimeType=a),this},abort:function(a){return a=a||w,g&&g.abort(a),y(0,a),this}};o.promise(x),x.success=x.done,x.error=x.fail,x.complete=q.add,x.statusCode=function(a){if(a){var b;if(v<2)for(b in a)r[b]=[r[b],a[b]];else b=a[x.status],x.always(b)}return this},l.url=((a||l.url)+"").replace(cl,"").replace(cp,cj[1]+"//"),l.dataTypes=p.trim(l.dataType||"*").toLowerCase().split(s),l.crossDomain==null&&(i=ct.exec(l.url.toLowerCase())||!1,l.crossDomain=i&&i.join(":")+(i[3]?"":i[1]==="http:"?80:443)!==cj.join(":")+(cj[3]?"":cj[1]==="http:"?80:443)),l.data&&l.processData&&typeof l.data!="string"&&(l.data=p.param(l.data,l.traditional)),cA(cv,l,c,x);if(v===2)return x;j=l.global,l.type=l.type.toUpperCase(),l.hasContent=!co.test(l.type),j&&p.active++===0&&p.event.trigger("ajaxStart");if(!l.hasContent){l.data&&(l.url+=(cq.test(l.url)?"&":"?")+l.data,delete l.data),d=l.url;if(l.cache===!1){var z=p.now(),A=l.url.replace(cs,"$1_="+z);l.url=A+(A===l.url?(cq.test(l.url)?"&":"?")+"_="+z:"")}}(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&x.setRequestHeader("Content-Type",l.contentType),l.ifModified&&(d=d||l.url,p.lastModified[d]&&x.setRequestHeader("If-Modified-Since",p.lastModified[d]),p.etag[d]&&x.setRequestHeader("If-None-Match",p.etag[d])),x.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+(l.dataTypes[0]!=="*"?", "+cx+"; q=0.01":""):l.accepts["*"]);for(k in l.headers)x.setRequestHeader(k,l.headers[k]);if(!l.beforeSend||l.beforeSend.call(m,x,l)!==!1&&v!==2){w="abort";for(k in{success:1,error:1,complete:1})x[k](l[k]);g=cA(cw,l,c,x);if(!g)y(-1,"No Transport");else{x.readyState=1,j&&n.trigger("ajaxSend",[x,l]),l.async&&l.timeout>0&&(h=setTimeout(function(){x.abort("timeout")},l.timeout));try{v=1,g.send(t,y)}catch(B){if(v<2)y(-1,B);else throw B}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var cE=[],cF=/\?/,cG=/(=)\?(?=&|$)|\?\?/,cH=p.now();p.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=cE.pop()||p.expando+"_"+cH++;return this[a]=!0,a}}),p.ajaxPrefilter("json jsonp",function(c,d,e){var f,g,h,i=c.data,j=c.url,k=c.jsonp!==!1,l=k&&cG.test(j),m=k&&!l&&typeof i=="string"&&!(c.contentType||"").indexOf("application/x-www-form-urlencoded")&&cG.test(i);if(c.dataTypes[0]==="jsonp"||l||m)return f=c.jsonpCallback=p.isFunction(c.jsonpCallback)?c.jsonpCallback():c.jsonpCallback,g=a[f],l?c.url=j.replace(cG,"$1"+f):m?c.data=i.replace(cG,"$1"+f):k&&(c.url+=(cF.test(j)?"&":"?")+c.jsonp+"="+f),c.converters["script json"]=function(){return h||p.error(f+" was not called"),h[0]},c.dataTypes[0]="json",a[f]=function(){h=arguments},e.always(function(){a[f]=g,c[f]&&(c.jsonpCallback=d.jsonpCallback,cE.push(f)),h&&p.isFunction(g)&&g(h[0]),h=g=b}),"script"}),p.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){return p.globalEval(a),a}}}),p.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),p.ajaxTransport("script",function(a){if(a.crossDomain){var c,d=e.head||e.getElementsByTagName("head")[0]||e.documentElement;return{send:function(f,g){c=e.createElement("script"),c.async="async",a.scriptCharset&&(c.charset=a.scriptCharset),c.src=a.url,c.onload=c.onreadystatechange=function(a,e){if(e||!c.readyState||/loaded|complete/.test(c.readyState))c.onload=c.onreadystatechange=null,d&&c.parentNode&&d.removeChild(c),c=b,e||g(200,"success")},d.insertBefore(c,d.firstChild)},abort:function(){c&&c.onload(0,1)}}}});var cI,cJ=a.ActiveXObject?function(){for(var a in cI)cI[a](0,1)}:!1,cK=0;p.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&cL()||cM()}:cL,function(a){p.extend(p.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(p.ajaxSettings.xhr()),p.support.ajax&&p.ajaxTransport(function(c){if(!c.crossDomain||p.support.cors){var d;return{send:function(e,f){var g,h,i=c.xhr();c.username?i.open(c.type,c.url,c.async,c.username,c.password):i.open(c.type,c.url,c.async);if(c.xhrFields)for(h in c.xhrFields)i[h]=c.xhrFields[h];c.mimeType&&i.overrideMimeType&&i.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(h in e)i.setRequestHeader(h,e[h])}catch(j){}i.send(c.hasContent&&c.data||null),d=function(a,e){var h,j,k,l,m;try{if(d&&(e||i.readyState===4)){d=b,g&&(i.onreadystatechange=p.noop,cJ&&delete cI[g]);if(e)i.readyState!==4&&i.abort();else{h=i.status,k=i.getAllResponseHeaders(),l={},m=i.responseXML,m&&m.documentElement&&(l.xml=m);try{l.text=i.responseText}catch(a){}try{j=i.statusText}catch(n){j=""}!h&&c.isLocal&&!c.crossDomain?h=l.text?200:404:h===1223&&(h=204)}}}catch(o){e||f(-1,o)}l&&f(h,j,l,k)},c.async?i.readyState===4?setTimeout(d,0):(g=++cK,cJ&&(cI||(cI={},p(a).unload(cJ)),cI[g]=d),i.onreadystatechange=d):d()},abort:function(){d&&d(0,1)}}}});var cN,cO,cP=/^(?:toggle|show|hide)$/,cQ=new RegExp("^(?:([-+])=|)("+q+")([a-z%]*)$","i"),cR=/queueHooks$/,cS=[cY],cT={"*":[function(a,b){var c,d,e=this.createTween(a,b),f=cQ.exec(b),g=e.cur(),h=+g||0,i=1,j=20;if(f){c=+f[2],d=f[3]||(p.cssNumber[a]?"":"px");if(d!=="px"&&h){h=p.css(e.elem,a,!0)||c||1;do i=i||".5",h=h/i,p.style(e.elem,a,h+d);while(i!==(i=e.cur()/g)&&i!==1&&--j)}e.unit=d,e.start=h,e.end=f[1]?h+(f[1]+1)*c:c}return e}]};p.Animation=p.extend(cW,{tweener:function(a,b){p.isFunction(a)?(b=a,a=["*"]):a=a.split(" ");var c,d=0,e=a.length;for(;d-1,j={},k={},l,m;i?(k=e.position(),l=k.top,m=k.left):(l=parseFloat(g)||0,m=parseFloat(h)||0),p.isFunction(b)&&(b=b.call(a,c,f)),b.top!=null&&(j.top=b.top-f.top+l),b.left!=null&&(j.left=b.left-f.left+m),"using"in b?b.using.call(a,j):e.css(j)}},p.fn.extend({position:function(){if(!this[0])return;var a=this[0],b=this.offsetParent(),c=this.offset(),d=c_.test(b[0].nodeName)?{top:0,left:0}:b.offset();return c.top-=parseFloat(p.css(a,"marginTop"))||0,c.left-=parseFloat(p.css(a,"marginLeft"))||0,d.top+=parseFloat(p.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(p.css(b[0],"borderLeftWidth"))||0,{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||e.body;while(a&&!c_.test(a.nodeName)&&p.css(a,"position")==="static")a=a.offsetParent;return a||e.body})}}),p.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);p.fn[a]=function(e){return p.access(this,function(a,e,f){var g=da(a);if(f===b)return g?c in g?g[c]:g.document.documentElement[e]:a[e];g?g.scrollTo(d?p(g).scrollLeft():f,d?f:p(g).scrollTop()):a[e]=f},a,e,arguments.length,null)}}),p.each({Height:"height",Width:"width"},function(a,c){p.each({padding:"inner"+a,content:c,"":"outer"+a},function(d,e){p.fn[e]=function(e,f){var g=arguments.length&&(d||typeof e!="boolean"),h=d||(e===!0||f===!0?"margin":"border");return p.access(this,function(c,d,e){var f;return p.isWindow(c)?c.document.documentElement["client"+a]:c.nodeType===9?(f=c.documentElement,Math.max(c.body["scroll"+a],f["scroll"+a],c.body["offset"+a],f["offset"+a],f["client"+a])):e===b?p.css(c,d,e,h):p.style(c,d,e,h)},c,g?e:b,g,null)}})}),a.jQuery=a.$=p,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return p})})(window);]]>GET/resources/js/jquery-1.8.2.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="7D050DCF24C1B6465D35B8F6C68E1288";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2d436af1";
        X-Request-Memorid="eb6cfcc0";sc="1";thid="44";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK=0===c})}function bk(a){var b=bl.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function bC(a,b){return a.getElementsByTagName(b)[0]||a.appendChild(a.ownerDocument.createElement(b))}function bD(a,b){if(b.nodeType!==1||!p.hasData(a))return;var c,d,e,f=p._data(a),g=p._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;d").appendTo(e.body),c=b.css("display");b.remove();if(c==="none"||c===""){bI=e.body.appendChild(bI||p.extend(e.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!bJ||!bI.createElement)bJ=(bI.contentWindow||bI.contentDocument).document,bJ.write(""),bJ.close();b=bJ.body.appendChild(bJ.createElement(a)),c=bH(b,"display"),e.body.removeChild(bI)}return bS[a]=c,c}function ci(a,b,c,d){var e;if(p.isArray(b))p.each(b,function(b,e){c||ce.test(a)?d(a,e):ci(a+"["+(typeof e=="object"?b:"")+"]",e,c,d)});else if(!c&&p.type(b)==="object")for(e in b)ci(a+"["+e+"]",b[e],c,d);else d(a,b)}function cz(a){return function(b,c){typeof b!="string"&&(c=b,b="*");var d,e,f,g=b.toLowerCase().split(s),h=0,i=g.length;if(p.isFunction(c))for(;h)[^>]*$|#([\w\-]*)$)/,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,y=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,z=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,A=/^-ms-/,B=/-([\da-z])/gi,C=function(a,b){return(b+"").toUpperCase()},D=function(){e.addEventListener?(e.removeEventListener("DOMContentLoaded",D,!1),p.ready()):e.readyState==="complete"&&(e.detachEvent("onreadystatechange",D),p.ready())},E={};p.fn=p.prototype={constructor:p,init:function(a,c,d){var f,g,h,i;if(!a)return this;if(a.nodeType)return this.context=this[0]=a,this.length=1,this;if(typeof a=="string"){a.charAt(0)==="<"&&a.charAt(a.length-1)===">"&&a.length>=3?f=[null,a,null]:f=u.exec(a);if(f&&(f[1]||!c)){if(f[1])return c=c instanceof p?c[0]:c,i=c&&c.nodeType?c.ownerDocument||c:e,a=p.parseHTML(f[1],i,!0),v.test(f[1])&&p.isPlainObject(c)&&this.attr.call(a,c,!0),p.merge(this,a);g=e.getElementById(f[2]);if(g&&g.parentNode){if(g.id!==f[2])return d.find(a);this.length=1,this[0]=g}return this.context=e,this.selector=a,this}return!c||c.jquery?(c||d).find(a):this.constructor(c).find(a)}return p.isFunction(a)?d.ready(a):(a.selector!==b&&(this.selector=a.selector,this.context=a.context),p.makeArray(a,this))},selector:"",jquery:"1.8.2",length:0,size:function(){return this.length},toArray:function(){return k.call(this)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=p.merge(this.constructor(),a);return d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")"),d},each:function(a,b){return p.each(this,a,b)},ready:function(a){return p.ready.promise().done(a),this},eq:function(a){return a=+a,a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(k.apply(this,arguments),"slice",k.call(arguments).join(","))},map:function(a){return this.pushStack(p.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:j,sort:[].sort,splice:[].splice},p.fn.init.prototype=p.fn,p.extend=p.fn.extend=function(){var a,c,d,e,f,g,h=arguments[0]||{},i=1,j=arguments.length,k=!1;typeof h=="boolean"&&(k=h,h=arguments[1]||{},i=2),typeof h!="object"&&!p.isFunction(h)&&(h={}),j===i&&(h=this,--i);for(;i0)return;d.resolveWith(e,[p]),p.fn.trigger&&p(e).trigger("ready").off("ready")},isFunction:function(a){return p.type(a)==="function"},isArray:Array.isArray||function(a){return p.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):E[m.call(a)]||"object"},isPlainObject:function(a){if(!a||p.type(a)!=="object"||a.nodeType||p.isWindow(a))return!1;try{if(a.constructor&&!n.call(a,"constructor")&&!n.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||n.call(a,d)},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},error:function(a){throw new Error(a)},parseHTML:function(a,b,c){var d;return!a||typeof a!="string"?null:(typeof b=="boolean"&&(c=b,b=0),b=b||e,(d=v.exec(a))?[b.createElement(d[1])]:(d=p.buildFragment([a],b,c?null:[]),p.merge([],(d.cacheable?p.clone(d.fragment):d.fragment).childNodes)))},parseJSON:function(b){if(!b||typeof b!="string")return null;b=p.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(w.test(b.replace(y,"@").replace(z,"]").replace(x,"")))return(new Function("return "+b))();p.error("Invalid JSON: "+b)},parseXML:function(c){var d,e;if(!c||typeof c!="string")return null;try{a.DOMParser?(e=new DOMParser,d=e.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(f){d=b}return(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&p.error("Invalid XML: "+c),d},noop:function(){},globalEval:function(b){b&&r.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(A,"ms-").replace(B,C)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,c,d){var e,f=0,g=a.length,h=g===b||p.isFunction(a);if(d){if(h){for(e in a)if(c.apply(a[e],d)===!1)break}else for(;f0&&a[0]&&a[i-1]||i===0||p.isArray(a));if(j)for(;h-1)i.splice(c,1),e&&(c<=g&&g--,c<=h&&h--)}),this},has:function(a){return p.inArray(a,i)>-1},empty:function(){return i=[],this},disable:function(){return i=j=c=b,this},disabled:function(){return!i},lock:function(){return j=b,c||l.disable(),this},locked:function(){return!j},fireWith:function(a,b){return b=b||[],b=[a,b.slice?b.slice():b],i&&(!d||j)&&(e?j.push(b):k(b)),this},fire:function(){return l.fireWith(this,arguments),this},fired:function(){return!!d}};return l},p.extend({Deferred:function(a){var b=[["resolve","done",p.Callbacks("once memory"),"resolved"],["reject","fail",p.Callbacks("once memory"),"rejected"],["notify","progress",p.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return p.Deferred(function(c){p.each(b,function(b,d){var f=d[0],g=a[b];e[d[1]](p.isFunction(g)?function(){var a=g.apply(this,arguments);a&&p.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f+"With"](this===e?c:this,[a])}:c[f])}),a=null}).promise()},promise:function(a){return a!=null?p.extend(a,d):d}},e={};return d.pipe=d.then,p.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[a^1][2].disable,b[2][2].lock),e[f[0]]=g.fire,e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=k.call(arguments),d=c.length,e=d!==1||a&&p.isFunction(a.promise)?d:0,f=e===1?a:p.Deferred(),g=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?k.call(arguments):d,c===h?f.notifyWith(b,c):--e||f.resolveWith(b,c)}},h,i,j;if(d>1){h=new Array(d),i=new Array(d),j=new Array(d);for(;b
        a",c=n.getElementsByTagName("*"),d=n.getElementsByTagName("a")[0],d.style.cssText="top:1px;float:left;opacity:.5";if(!c||!c.length)return{};f=e.createElement("select"),g=f.appendChild(e.createElement("option")),h=n.getElementsByTagName("input")[0],b={leadingWhitespace:n.firstChild.nodeType===3,tbody:!n.getElementsByTagName("tbody").length,htmlSerialize:!!n.getElementsByTagName("link").length,style:/top/.test(d.getAttribute("style")),hrefNormalized:d.getAttribute("href")==="/a",opacity:/^0.5/.test(d.style.opacity),cssFloat:!!d.style.cssFloat,checkOn:h.value==="on",optSelected:g.selected,getSetAttribute:n.className!=="t",enctype:!!e.createElement("form").enctype,html5Clone:e.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",boxModel:e.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},h.checked=!0,b.noCloneChecked=h.cloneNode(!0).checked,f.disabled=!0,b.optDisabled=!g.disabled;try{delete n.test}catch(o){b.deleteExpando=!1}!n.addEventListener&&n.attachEvent&&n.fireEvent&&(n.attachEvent("onclick",m=function(){b.noCloneEvent=!1}),n.cloneNode(!0).fireEvent("onclick"),n.detachEvent("onclick",m)),h=e.createElement("input"),h.value="t",h.setAttribute("type","radio"),b.radioValue=h.value==="t",h.setAttribute("checked","checked"),h.setAttribute("name","t"),n.appendChild(h),i=e.createDocumentFragment(),i.appendChild(n.lastChild),b.checkClone=i.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=h.checked,i.removeChild(h),i.appendChild(n);if(n.attachEvent)for(k in{submit:!0,change:!0,focusin:!0})j="on"+k,l=j in n,l||(n.setAttribute(j,"return;"),l=typeof n[j]=="function"),b[k+"Bubbles"]=l;return p(function(){var c,d,f,g,h="padding:0;margin:0;border:0;display:block;overflow:hidden;",i=e.getElementsByTagName("body")[0];if(!i)return;c=e.createElement("div"),c.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",i.insertBefore(c,i.firstChild),d=e.createElement("div"),c.appendChild(d),d.innerHTML="
        t
        ",f=d.getElementsByTagName("td"),f[0].style.cssText="padding:0;margin:0;border:0;display:none",l=f[0].offsetHeight===0,f[0].style.display="",f[1].style.display="none",b.reliableHiddenOffsets=l&&f[0].offsetHeight===0,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",b.boxSizing=d.offsetWidth===4,b.doesNotIncludeMarginInBodyOffset=i.offsetTop!==1,a.getComputedStyle&&(b.pixelPosition=(a.getComputedStyle(d,null)||{}).top!=="1%",b.boxSizingReliable=(a.getComputedStyle(d,null)||{width:"4px"}).width==="4px",g=e.createElement("div"),g.style.cssText=d.style.cssText=h,g.style.marginRight=g.style.width="0",d.style.width="1px",d.appendChild(g),b.reliableMarginRight=!parseFloat((a.getComputedStyle(g,null)||{}).marginRight)),typeof d.style.zoom!="undefined"&&(d.innerHTML="",d.style.cssText=h+"width:1px;padding:1px;display:inline;zoom:1",b.inlineBlockNeedsLayout=d.offsetWidth===3,d.style.display="block",d.style.overflow="visible",d.innerHTML="
        ",d.firstChild.style.width="5px",b.shrinkWrapBlocks=d.offsetWidth!==3,c.style.zoom=1),i.removeChild(c),c=d=f=g=null}),i.removeChild(n),c=d=f=g=h=i=n=null,b}();var H=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,I=/([A-Z])/g;p.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(p.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){return a=a.nodeType?p.cache[a[p.expando]]:a[p.expando],!!a&&!K(a)},data:function(a,c,d,e){if(!p.acceptData(a))return;var f,g,h=p.expando,i=typeof c=="string",j=a.nodeType,k=j?p.cache:a,l=j?a[h]:a[h]&&h;if((!l||!k[l]||!e&&!k[l].data)&&i&&d===b)return;l||(j?a[h]=l=p.deletedIds.pop()||p.guid++:l=h),k[l]||(k[l]={},j||(k[l].toJSON=p.noop));if(typeof c=="object"||typeof c=="function")e?k[l]=p.extend(k[l],c):k[l].data=p.extend(k[l].data,c);return f=k[l],e||(f.data||(f.data={}),f=f.data),d!==b&&(f[p.camelCase(c)]=d),i?(g=f[c],g==null&&(g=f[p.camelCase(c)])):g=f,g},removeData:function(a,b,c){if(!p.acceptData(a))return;var d,e,f,g=a.nodeType,h=g?p.cache:a,i=g?a[p.expando]:p.expando;if(!h[i])return;if(b){d=c?h[i]:h[i].data;if(d){p.isArray(b)||(b in d?b=[b]:(b=p.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,f=b.length;e1,null,!1))},removeData:function(a){return this.each(function(){p.removeData(this,a)})}}),p.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=p._data(a,b),c&&(!d||p.isArray(c)?d=p._data(a,b,p.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=p.queue(a,b),d=c.length,e=c.shift(),f=p._queueHooks(a,b),g=function(){p.dequeue(a,b)};e==="inprogress"&&(e=c.shift(),d--),e&&(b==="fx"&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return p._data(a,c)||p._data(a,c,{empty:p.Callbacks("once memory").add(function(){p.removeData(a,b+"queue",!0),p.removeData(a,c,!0)})})}}),p.fn.extend({queue:function(a,c){var d=2;return typeof a!="string"&&(c=a,a="fx",d--),arguments.length1)},removeAttr:function(a){return this.each(function(){p.removeAttr(this,a)})},prop:function(a,b){return p.access(this,p.prop,a,b,arguments.length>1)},removeProp:function(a){return a=p.propFix[a]||a,this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,f,g,h;if(p.isFunction(a))return this.each(function(b){p(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(s);for(c=0,d=this.length;c=0)d=d.replace(" "+c[f]+" "," ");e.className=a?p.trim(d):""}}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";return p.isFunction(a)?this.each(function(c){p(this).toggleClass(a.call(this,c,this.className,b),b)}):this.each(function(){if(c==="string"){var e,f=0,g=p(this),h=b,i=a.split(s);while(e=i[f++])h=d?h:!g.hasClass(e),g[h?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&p._data(this,"__className__",this.className),this.className=this.className||a===!1?"":p._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ",c=0,d=this.length;for(;c=0)return!0;return!1},val:function(a){var c,d,e,f=this[0];if(!arguments.length){if(f)return c=p.valHooks[f.type]||p.valHooks[f.nodeName.toLowerCase()],c&&"get"in c&&(d=c.get(f,"value"))!==b?d:(d=f.value,typeof d=="string"?d.replace(P,""):d==null?"":d);return}return e=p.isFunction(a),this.each(function(d){var f,g=p(this);if(this.nodeType!==1)return;e?f=a.call(this,d,g.val()):f=a,f==null?f="":typeof f=="number"?f+="":p.isArray(f)&&(f=p.map(f,function(a){return a==null?"":a+""})),c=p.valHooks[this.type]||p.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,f,"value")===b)this.value=f})}}),p.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,f=a.selectedIndex,g=[],h=a.options,i=a.type==="select-one";if(f<0)return null;c=i?f:0,d=i?f+1:h.length;for(;c=0}),c.length||(a.selectedIndex=-1),c}}},attrFn:{},attr:function(a,c,d,e){var f,g,h,i=a.nodeType;if(!a||i===3||i===8||i===2)return;if(e&&p.isFunction(p.fn[c]))return p(a)[c](d);if(typeof a.getAttribute=="undefined")return p.prop(a,c,d);h=i!==1||!p.isXMLDoc(a),h&&(c=c.toLowerCase(),g=p.attrHooks[c]||(T.test(c)?M:L));if(d!==b){if(d===null){p.removeAttr(a,c);return}return g&&"set"in g&&h&&(f=g.set(a,d,c))!==b?f:(a.setAttribute(c,d+""),d)}return g&&"get"in g&&h&&(f=g.get(a,c))!==null?f:(f=a.getAttribute(c),f===null?b:f)},removeAttr:function(a,b){var c,d,e,f,g=0;if(b&&a.nodeType===1){d=b.split(s);for(;g=0}})});var V=/^(?:textarea|input|select)$/i,W=/^([^\.]*|)(?:\.(.+)|)$/,X=/(?:^|\s)hover(\.\S+|)\b/,Y=/^key/,Z=/^(?:mouse|contextmenu)|click/,$=/^(?:focusinfocus|focusoutblur)$/,_=function(a){return p.event.special.hover?a:a.replace(X,"mouseenter$1 mouseleave$1")};p.event={add:function(a,c,d,e,f){var g,h,i,j,k,l,m,n,o,q,r;if(a.nodeType===3||a.nodeType===8||!c||!d||!(g=p._data(a)))return;d.handler&&(o=d,d=o.handler,f=o.selector),d.guid||(d.guid=p.guid++),i=g.events,i||(g.events=i={}),h=g.handle,h||(g.handle=h=function(a){return typeof p!="undefined"&&(!a||p.event.triggered!==a.type)?p.event.dispatch.apply(h.elem,arguments):b},h.elem=a),c=p.trim(_(c)).split(" ");for(j=0;j=0&&(s=s.slice(0,-1),i=!0),s.indexOf(".")>=0&&(t=s.split("."),s=t.shift(),t.sort());if((!f||p.event.customEvent[s])&&!p.event.global[s])return;c=typeof c=="object"?c[p.expando]?c:new p.Event(s,c):new p.Event(s),c.type=s,c.isTrigger=!0,c.exclusive=i,c.namespace=t.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+t.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,m=s.indexOf(":")<0?"on"+s:"";if(!f){h=p.cache;for(j in h)h[j].events&&h[j].events[s]&&p.event.trigger(c,d,h[j].handle.elem,!0);return}c.result=b,c.target||(c.target=f),d=d!=null?p.makeArray(d):[],d.unshift(c),n=p.event.special[s]||{};if(n.trigger&&n.trigger.apply(f,d)===!1)return;q=[[f,n.bindType||s]];if(!g&&!n.noBubble&&!p.isWindow(f)){r=n.delegateType||s,k=$.test(r+s)?f:f.parentNode;for(l=f;k;k=k.parentNode)q.push([k,r]),l=k;l===(f.ownerDocument||e)&&q.push([l.defaultView||l.parentWindow||a,r])}for(j=0;j=0:p.find(m,this,null,[f]).length),h[m]&&j.push(l);j.length&&u.push({elem:f,matches:j})}o.length>q&&u.push({elem:this,matches:o.slice(q)});for(d=0;d0?this.on(b,null,a,c):this.trigger(b)},Y.test(b)&&(p.event.fixHooks[b]=p.event.keyHooks),Z.test(b)&&(p.event.fixHooks[b]=p.event.mouseHooks)}),function(a,b){function bc(a,b,c,d){c=c||[],b=b||r;var e,f,i,j,k=b.nodeType;if(!a||typeof a!="string")return c;if(k!==1&&k!==9)return[];i=g(b);if(!i&&!d)if(e=P.exec(a))if(j=e[1]){if(k===9){f=b.getElementById(j);if(!f||!f.parentNode)return c;if(f.id===j)return c.push(f),c}else if(b.ownerDocument&&(f=b.ownerDocument.getElementById(j))&&h(b,f)&&f.id===j)return c.push(f),c}else{if(e[2])return w.apply(c,x.call(b.getElementsByTagName(a),0)),c;if((j=e[3])&&_&&b.getElementsByClassName)return w.apply(c,x.call(b.getElementsByClassName(j),0)),c}return bp(a.replace(L,"$1"),b,c,d,i)}function bd(a){return function(b){var c=b.nodeName.toLowerCase();return c==="input"&&b.type===a}}function be(a){return function(b){var c=b.nodeName.toLowerCase();return(c==="input"||c==="button")&&b.type===a}}function bf(a){return z(function(b){return b=+b,z(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function bg(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}function bh(a,b){var c,d,f,g,h,i,j,k=C[o][a];if(k)return b?0:k.slice(0);h=a,i=[],j=e.preFilter;while(h){if(!c||(d=M.exec(h)))d&&(h=h.slice(d[0].length)),i.push(f=[]);c=!1;if(d=N.exec(h))f.push(c=new q(d.shift())),h=h.slice(c.length),c.type=d[0].replace(L," ");for(g in e.filter)(d=W[g].exec(h))&&(!j[g]||(d=j[g](d,r,!0)))&&(f.push(c=new q(d.shift())),h=h.slice(c.length),c.type=g,c.matches=d);if(!c)break}return b?h.length:h?bc.error(a):C(a,i).slice(0)}function bi(a,b,d){var e=b.dir,f=d&&b.dir==="parentNode",g=u++;return b.first?function(b,c,d){while(b=b[e])if(f||b.nodeType===1)return a(b,c,d)}:function(b,d,h){if(!h){var i,j=t+" "+g+" ",k=j+c;while(b=b[e])if(f||b.nodeType===1){if((i=b[o])===k)return b.sizset;if(typeof i=="string"&&i.indexOf(j)===0){if(b.sizset)return b}else{b[o]=k;if(a(b,d,h))return b.sizset=!0,b;b.sizset=!1}}}else while(b=b[e])if(f||b.nodeType===1)if(a(b,d,h))return b}}function bj(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function bk(a,b,c,d,e){var f,g=[],h=0,i=a.length,j=b!=null;for(;h-1},h,!0),m=[function(a,c,d){return!g&&(d||c!==l)||((b=c).nodeType?j(a,c,d):k(a,c,d))}];for(;i1&&bj(m),i>1&&a.slice(0,i-1).join("").replace(L,"$1"),c,i0,f=a.length>0,g=function(h,i,j,k,m){var n,o,p,q=[],s=0,u="0",x=h&&[],y=m!=null,z=l,A=h||f&&e.find.TAG("*",m&&i.parentNode||i),B=t+=z==null?1:Math.E;y&&(l=i!==r&&i,c=g.el);for(;(n=A[u])!=null;u++){if(f&&n){for(o=0;p=a[o];o++)if(p(n,i,j)){k.push(n);break}y&&(t=B,c=++g.el)}d&&((n=!p&&n)&&s--,h&&x.push(n))}s+=u;if(d&&u!==s){for(o=0;p=b[o];o++)p(x,q,i,j);if(h){if(s>0)while(u--)!x[u]&&!q[u]&&(q[u]=v.call(k));q=bk(q)}w.apply(k,q),y&&!h&&q.length>0&&s+b.length>1&&bc.uniqueSort(k)}return y&&(t=B,l=z),x};return g.el=0,d?z(g):g}function bo(a,b,c,d){var e=0,f=b.length;for(;e2&&(j=h[0]).type==="ID"&&b.nodeType===9&&!f&&e.relative[h[1].type]){b=e.find.ID(j.matches[0].replace(V,""),b,f)[0];if(!b)return c;a=a.slice(h.shift().length)}for(g=W.POS.test(a)?-1:h.length-1;g>=0;g--){j=h[g];if(e.relative[k=j.type])break;if(l=e.find[k])if(d=l(j.matches[0].replace(V,""),R.test(h[0].type)&&b.parentNode||b,f)){h.splice(g,1),a=d.length&&h.join("");if(!a)return w.apply(c,x.call(d,0)),c;break}}}return i(a,m)(d,b,f,c,R.test(a)),c}function bq(){}var c,d,e,f,g,h,i,j,k,l,m=!0,n="undefined",o=("sizcache"+Math.random()).replace(".",""),q=String,r=a.document,s=r.documentElement,t=0,u=0,v=[].pop,w=[].push,x=[].slice,y=[].indexOf||function(a){var b=0,c=this.length;for(;be.cacheLength&&delete a[b.shift()],a[c]=d},a)},B=A(),C=A(),D=A(),E="[\\x20\\t\\r\\n\\f]",F="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",G=F.replace("w","w#"),H="([*^$|!~]?=)",I="\\["+E+"*("+F+")"+E+"*(?:"+H+E+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+G+")|)|)"+E+"*\\]",J=":("+F+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|([^()[\\]]*|(?:(?:"+I+")|[^:]|\\\\.)*|.*))\\)|)",K=":(even|odd|eq|gt|lt|nth|first|last)(?:\\("+E+"*((?:-\\d)?\\d*)"+E+"*\\)|)(?=[^-]|$)",L=new RegExp("^"+E+"+|((?:^|[^\\\\])(?:\\\\.)*)"+E+"+$","g"),M=new RegExp("^"+E+"*,"+E+"*"),N=new RegExp("^"+E+"*([\\x20\\t\\r\\n\\f>+~])"+E+"*"),O=new RegExp(J),P=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,Q=/^:not/,R=/[\x20\t\r\n\f]*[+~]/,S=/:not\($/,T=/h\d/i,U=/input|select|textarea|button/i,V=/\\(?!\\)/g,W={ID:new RegExp("^#("+F+")"),CLASS:new RegExp("^\\.("+F+")"),NAME:new RegExp("^\\[name=['\"]?("+F+")['\"]?\\]"),TAG:new RegExp("^("+F.replace("w","w*")+")"),ATTR:new RegExp("^"+I),PSEUDO:new RegExp("^"+J),POS:new RegExp(K,"i"),CHILD:new RegExp("^:(only|nth|first|last)-child(?:\\("+E+"*(even|odd|(([+-]|)(\\d*)n|)"+E+"*(?:([+-]|)"+E+"*(\\d+)|))"+E+"*\\)|)","i"),needsContext:new RegExp("^"+E+"*[>+~]|"+K,"i")},X=function(a){var b=r.createElement("div");try{return a(b)}catch(c){return!1}finally{b=null}},Y=X(function(a){return a.appendChild(r.createComment("")),!a.getElementsByTagName("*").length}),Z=X(function(a){return a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!==n&&a.firstChild.getAttribute("href")==="#"}),$=X(function(a){a.innerHTML="";var b=typeof a.lastChild.getAttribute("multiple");return b!=="boolean"&&b!=="string"}),_=X(function(a){return a.innerHTML="",!a.getElementsByClassName||!a.getElementsByClassName("e").length?!1:(a.lastChild.className="e",a.getElementsByClassName("e").length===2)}),ba=X(function(a){a.id=o+0,a.innerHTML="
        ",s.insertBefore(a,s.firstChild);var b=r.getElementsByName&&r.getElementsByName(o).length===2+r.getElementsByName(o+0).length;return d=!r.getElementById(o),s.removeChild(a),b});try{x.call(s.childNodes,0)[0].nodeType}catch(bb){x=function(a){var b,c=[];for(;b=this[a];a++)c.push(b);return c}}bc.matches=function(a,b){return bc(a,null,null,b)},bc.matchesSelector=function(a,b){return bc(b,null,null,[a]).length>0},f=bc.getText=function(a){var b,c="",d=0,e=a.nodeType;if(e){if(e===1||e===9||e===11){if(typeof a.textContent=="string")return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=f(a)}else if(e===3||e===4)return a.nodeValue}else for(;b=a[d];d++)c+=f(b);return c},g=bc.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?b.nodeName!=="HTML":!1},h=bc.contains=s.contains?function(a,b){var c=a.nodeType===9?a.documentElement:a,d=b&&b.parentNode;return a===d||!!(d&&d.nodeType===1&&c.contains&&c.contains(d))}:s.compareDocumentPosition?function(a,b){return b&&!!(a.compareDocumentPosition(b)&16)}:function(a,b){while(b=b.parentNode)if(b===a)return!0;return!1},bc.attr=function(a,b){var c,d=g(a);return d||(b=b.toLowerCase()),(c=e.attrHandle[b])?c(a):d||$?a.getAttribute(b):(c=a.getAttributeNode(b),c?typeof a[b]=="boolean"?a[b]?b:null:c.specified?c.value:null:null)},e=bc.selectors={cacheLength:50,createPseudo:z,match:W,attrHandle:Z?{}:{href:function(a){return a.getAttribute("href",2)},type:function(a){return a.getAttribute("type")}},find:{ID:d?function(a,b,c){if(typeof b.getElementById!==n&&!c){var d=b.getElementById(a);return d&&d.parentNode?[d]:[]}}:function(a,c,d){if(typeof c.getElementById!==n&&!d){var e=c.getElementById(a);return e?e.id===a||typeof e.getAttributeNode!==n&&e.getAttributeNode("id").value===a?[e]:b:[]}},TAG:Y?function(a,b){if(typeof b.getElementsByTagName!==n)return b.getElementsByTagName(a)}:function(a,b){var c=b.getElementsByTagName(a);if(a==="*"){var d,e=[],f=0;for(;d=c[f];f++)d.nodeType===1&&e.push(d);return e}return c},NAME:ba&&function(a,b){if(typeof b.getElementsByName!==n)return b.getElementsByName(name)},CLASS:_&&function(a,b,c){if(typeof b.getElementsByClassName!==n&&!c)return b.getElementsByClassName(a)}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(V,""),a[3]=(a[4]||a[5]||"").replace(V,""),a[2]==="~="&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),a[1]==="nth"?(a[2]||bc.error(a[0]),a[3]=+(a[3]?a[4]+(a[5]||1):2*(a[2]==="even"||a[2]==="odd")),a[4]=+(a[6]+a[7]||a[2]==="odd")):a[2]&&bc.error(a[0]),a},PSEUDO:function(a){var b,c;if(W.CHILD.test(a[0]))return null;if(a[3])a[2]=a[3];else if(b=a[4])O.test(b)&&(c=bh(b,!0))&&(c=b.indexOf(")",b.length-c)-b.length)&&(b=b.slice(0,c),a[0]=a[0].slice(0,c)),a[2]=b;return a.slice(0,3)}},filter:{ID:d?function(a){return a=a.replace(V,""),function(b){return b.getAttribute("id")===a}}:function(a){return a=a.replace(V,""),function(b){var c=typeof b.getAttributeNode!==n&&b.getAttributeNode("id");return c&&c.value===a}},TAG:function(a){return a==="*"?function(){return!0}:(a=a.replace(V,"").toLowerCase(),function(b){return b.nodeName&&b.nodeName.toLowerCase()===a})},CLASS:function(a){var b=B[o][a];return b||(b=B(a,new RegExp("(^|"+E+")"+a+"("+E+"|$)"))),function(a){return b.test(a.className||typeof a.getAttribute!==n&&a.getAttribute("class")||"")}},ATTR:function(a,b,c){return function(d,e){var f=bc.attr(d,a);return f==null?b==="!=":b?(f+="",b==="="?f===c:b==="!="?f!==c:b==="^="?c&&f.indexOf(c)===0:b==="*="?c&&f.indexOf(c)>-1:b==="$="?c&&f.substr(f.length-c.length)===c:b==="~="?(" "+f+" ").indexOf(c)>-1:b==="|="?f===c||f.substr(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d){return a==="nth"?function(a){var b,e,f=a.parentNode;if(c===1&&d===0)return!0;if(f){e=0;for(b=f.firstChild;b;b=b.nextSibling)if(b.nodeType===1){e++;if(a===b)break}}return e-=d,e===c||e%c===0&&e/c>=0}:function(b){var c=b;switch(a){case"only":case"first":while(c=c.previousSibling)if(c.nodeType===1)return!1;if(a==="first")return!0;c=b;case"last":while(c=c.nextSibling)if(c.nodeType===1)return!1;return!0}}},PSEUDO:function(a,b){var c,d=e.pseudos[a]||e.setFilters[a.toLowerCase()]||bc.error("unsupported pseudo: "+a);return d[o]?d(b):d.length>1?(c=[a,a,"",b],e.setFilters.hasOwnProperty(a.toLowerCase())?z(function(a,c){var e,f=d(a,b),g=f.length;while(g--)e=y.call(a,f[g]),a[e]=!(c[e]=f[g])}):function(a){return d(a,0,c)}):d}},pseudos:{not:z(function(a){var b=[],c=[],d=i(a.replace(L,"$1"));return d[o]?z(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)if(f=g[h])a[h]=!(b[h]=f)}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:z(function(a){return function(b){return bc(a,b).length>0}}),contains:z(function(a){return function(b){return(b.textContent||b.innerText||f(b)).indexOf(a)>-1}}),enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&!!a.checked||b==="option"&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},parent:function(a){return!e.pseudos.empty(a)},empty:function(a){var b;a=a.firstChild;while(a){if(a.nodeName>"@"||(b=a.nodeType)===3||b===4)return!1;a=a.nextSibling}return!0},header:function(a){return T.test(a.nodeName)},text:function(a){var b,c;return a.nodeName.toLowerCase()==="input"&&(b=a.type)==="text"&&((c=a.getAttribute("type"))==null||c.toLowerCase()===b)},radio:bd("radio"),checkbox:bd("checkbox"),file:bd("file"),password:bd("password"),image:bd("image"),submit:be("submit"),reset:be("reset"),button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&a.type==="button"||b==="button"},input:function(a){return U.test(a.nodeName)},focus:function(a){var b=a.ownerDocument;return a===b.activeElement&&(!b.hasFocus||b.hasFocus())&&(!!a.type||!!a.href)},active:function(a){return a===a.ownerDocument.activeElement},first:bf(function(a,b,c){return[0]}),last:bf(function(a,b,c){return[b-1]}),eq:bf(function(a,b,c){return[c<0?c+b:c]}),even:bf(function(a,b,c){for(var d=0;d=0;)a.push(d);return a}),gt:bf(function(a,b,c){for(var d=c<0?c+b:c;++d",a.querySelectorAll("[selected]").length||e.push("\\["+E+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),a.querySelectorAll(":checked").length||e.push(":checked")}),X(function(a){a.innerHTML="

        ",a.querySelectorAll("[test^='']").length&&e.push("[*^$]="+E+"*(?:\"\"|'')"),a.innerHTML="",a.querySelectorAll(":enabled").length||e.push(":enabled",":disabled")}),e=new RegExp(e.join("|")),bp=function(a,d,f,g,h){if(!g&&!h&&(!e||!e.test(a))){var i,j,k=!0,l=o,m=d,n=d.nodeType===9&&a;if(d.nodeType===1&&d.nodeName.toLowerCase()!=="object"){i=bh(a),(k=d.getAttribute("id"))?l=k.replace(c,"\\$&"):d.setAttribute("id",l),l="[id='"+l+"'] ",j=i.length;while(j--)i[j]=l+i[j].join("");m=R.test(a)&&d.parentNode||d,n=i.join(",")}if(n)try{return w.apply(f,x.call(m.querySelectorAll(n),0)),f}catch(p){}finally{k||d.removeAttribute("id")}}return b(a,d,f,g,h)},h&&(X(function(b){a=h.call(b,"div");try{h.call(b,"[test!='']:sizzle"),f.push("!=",J)}catch(c){}}),f=new RegExp(f.join("|")),bc.matchesSelector=function(b,c){c=c.replace(d,"='$1']");if(!g(b)&&!f.test(c)&&(!e||!e.test(c)))try{var i=h.call(b,c);if(i||a||b.document&&b.document.nodeType!==11)return i}catch(j){}return bc(c,null,null,[b]).length>0})}(),e.pseudos.nth=e.pseudos.eq,e.filters=bq.prototype=e.pseudos,e.setFilters=new bq,bc.attr=p.attr,p.find=bc,p.expr=bc.selectors,p.expr[":"]=p.expr.pseudos,p.unique=bc.uniqueSort,p.text=bc.getText,p.isXMLDoc=bc.isXML,p.contains=bc.contains}(a);var bc=/Until$/,bd=/^(?:parents|prev(?:Until|All))/,be=/^.[^:#\[\.,]*$/,bf=p.expr.match.needsContext,bg={children:!0,contents:!0,next:!0,prev:!0};p.fn.extend({find:function(a){var b,c,d,e,f,g,h=this;if(typeof a!="string")return p(a).filter(function(){for(b=0,c=h.length;b0)for(e=d;e=0:p.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c,d=0,e=this.length,f=[],g=bf.test(a)||typeof a!="string"?p(a,b||this.context):0;for(;d-1:p.find.matchesSelector(c,a)){f.push(c);break}c=c.parentNode}}return f=f.length>1?p.unique(f):f,this.pushStack(f,"closest",a)},index:function(a){return a?typeof a=="string"?p.inArray(this[0],p(a)):p.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(a,b){var c=typeof a=="string"?p(a,b):p.makeArray(a&&a.nodeType?[a]:a),d=p.merge(this.get(),c);return this.pushStack(bh(c[0])||bh(d[0])?d:p.unique(d))},addBack:function(a){return this.add(a==null?this.prevObject:this.prevObject.filter(a))}}),p.fn.andSelf=p.fn.addBack,p.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return p.dir(a,"parentNode")},parentsUntil:function(a,b,c){return p.dir(a,"parentNode",c)},next:function(a){return bi(a,"nextSibling")},prev:function(a){return bi(a,"previousSibling")},nextAll:function(a){return p.dir(a,"nextSibling")},prevAll:function(a){return p.dir(a,"previousSibling")},nextUntil:function(a,b,c){return p.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return p.dir(a,"previousSibling",c)},siblings:function(a){return p.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return p.sibling(a.firstChild)},contents:function(a){return p.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:p.merge([],a.childNodes)}},function(a,b){p.fn[a]=function(c,d){var e=p.map(this,b,c);return bc.test(a)||(d=c),d&&typeof d=="string"&&(e=p.filter(d,e)),e=this.length>1&&!bg[a]?p.unique(e):e,this.length>1&&bd.test(a)&&(e=e.reverse()),this.pushStack(e,a,k.call(arguments).join(","))}}),p.extend({filter:function(a,b,c){return c&&(a=":not("+a+")"),b.length===1?p.find.matchesSelector(b[0],a)?[b[0]]:[]:p.find.matches(a,b)},dir:function(a,c,d){var e=[],f=a[c];while(f&&f.nodeType!==9&&(d===b||f.nodeType!==1||!p(f).is(d)))f.nodeType===1&&e.push(f),f=f[c];return e},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var bl="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",bm=/ jQuery\d+="(?:null|\d+)"/g,bn=/^\s+/,bo=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bp=/<([\w:]+)/,bq=/]","i"),bv=/^(?:checkbox|radio)$/,bw=/checked\s*(?:[^=]|=\s*.checked.)/i,bx=/\/(java|ecma)script/i,by=/^\s*\s*$/g,bz={option:[1,""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bA=bk(e),bB=bA.appendChild(e.createElement("div"));bz.optgroup=bz.option,bz.tbody=bz.tfoot=bz.colgroup=bz.caption=bz.thead,bz.th=bz.td,p.support.htmlSerialize||(bz._default=[1,"X
        ","
        "]),p.fn.extend({text:function(a){return p.access(this,function(a){return a===b?p.text(this):this.empty().append((this[0]&&this[0].ownerDocument||e).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(p.isFunction(a))return this.each(function(b){p(this).wrapAll(a.call(this,b))});if(this[0]){var b=p(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return p.isFunction(a)?this.each(function(b){p(this).wrapInner(a.call(this,b))}):this.each(function(){var b=p(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=p.isFunction(a);return this.each(function(c){p(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){p.nodeName(this,"body")||p(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(a,this.firstChild)})},before:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(a,this),"before",this.selector)}},after:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(this,a),"after",this.selector)}},remove:function(a,b){var c,d=0;for(;(c=this[d])!=null;d++)if(!a||p.filter(a,[c]).length)!b&&c.nodeType===1&&(p.cleanData(c.getElementsByTagName("*")),p.cleanData([c])),c.parentNode&&c.parentNode.removeChild(c);return this},empty:function(){var a,b=0;for(;(a=this[b])!=null;b++){a.nodeType===1&&p.cleanData(a.getElementsByTagName("*"));while(a.firstChild)a.removeChild(a.firstChild)}return this},clone:function(a,b){return a=a==null?!1:a,b=b==null?a:b,this.map(function(){return p.clone(this,a,b)})},html:function(a){return p.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(bm,""):b;if(typeof a=="string"&&!bs.test(a)&&(p.support.htmlSerialize||!bu.test(a))&&(p.support.leadingWhitespace||!bn.test(a))&&!bz[(bp.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(bo,"<$1>");try{for(;d1&&typeof j=="string"&&bw.test(j))return this.each(function(){p(this).domManip(a,c,d)});if(p.isFunction(j))return this.each(function(e){var f=p(this);a[0]=j.call(this,e,c?f.html():b),f.domManip(a,c,d)});if(this[0]){e=p.buildFragment(a,this,k),g=e.fragment,f=g.firstChild,g.childNodes.length===1&&(g=f);if(f){c=c&&p.nodeName(f,"tr");for(h=e.cacheable||l-1;i0?this.clone(!0):this).get(),p(g[e])[b](d),f=f.concat(d);return this.pushStack(f,a,g.selector)}}),p.extend({clone:function(a,b,c){var d,e,f,g;p.support.html5Clone||p.isXMLDoc(a)||!bu.test("<"+a.nodeName+">")?g=a.cloneNode(!0):(bB.innerHTML=a.outerHTML,bB.removeChild(g=bB.firstChild));if((!p.support.noCloneEvent||!p.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!p.isXMLDoc(a)){bE(a,g),d=bF(a),e=bF(g);for(f=0;d[f];++f)e[f]&&bE(d[f],e[f])}if(b){bD(a,g);if(c){d=bF(a),e=bF(g);for(f=0;d[f];++f)bD(d[f],e[f])}}return d=e=null,g},clean:function(a,b,c,d){var f,g,h,i,j,k,l,m,n,o,q,r,s=b===e&&bA,t=[];if(!b||typeof b.createDocumentFragment=="undefined")b=e;for(f=0;(h=a[f])!=null;f++){typeof h=="number"&&(h+="");if(!h)continue;if(typeof h=="string")if(!br.test(h))h=b.createTextNode(h);else{s=s||bk(b),l=b.createElement("div"),s.appendChild(l),h=h.replace(bo,"<$1>"),i=(bp.exec(h)||["",""])[1].toLowerCase(),j=bz[i]||bz._default,k=j[0],l.innerHTML=j[1]+h+j[2];while(k--)l=l.lastChild;if(!p.support.tbody){m=bq.test(h),n=i==="table"&&!m?l.firstChild&&l.firstChild.childNodes:j[1]===""&&!m?l.childNodes:[];for(g=n.length-1;g>=0;--g)p.nodeName(n[g],"tbody")&&!n[g].childNodes.length&&n[g].parentNode.removeChild(n[g])}!p.support.leadingWhitespace&&bn.test(h)&&l.insertBefore(b.createTextNode(bn.exec(h)[0]),l.firstChild),h=l.childNodes,l.parentNode.removeChild(l)}h.nodeType?t.push(h):p.merge(t,h)}l&&(h=l=s=null);if(!p.support.appendChecked)for(f=0;(h=t[f])!=null;f++)p.nodeName(h,"input")?bG(h):typeof h.getElementsByTagName!="undefined"&&p.grep(h.getElementsByTagName("input"),bG);if(c){q=function(a){if(!a.type||bx.test(a.type))return d?d.push(a.parentNode?a.parentNode.removeChild(a):a):c.appendChild(a)};for(f=0;(h=t[f])!=null;f++)if(!p.nodeName(h,"script")||!q(h))c.appendChild(h),typeof h.getElementsByTagName!="undefined"&&(r=p.grep(p.merge([],h.getElementsByTagName("script")),q),t.splice.apply(t,[f+1,0].concat(r)),f+=r.length)}return t},cleanData:function(a,b){var c,d,e,f,g=0,h=p.expando,i=p.cache,j=p.support.deleteExpando,k=p.event.special;for(;(e=a[g])!=null;g++)if(b||p.acceptData(e)){d=e[h],c=d&&i[d];if(c){if(c.events)for(f in c.events)k[f]?p.event.remove(e,f):p.removeEvent(e,f,c.handle);i[d]&&(delete i[d],j?delete e[h]:e.removeAttribute?e.removeAttribute(h):e[h]=null,p.deletedIds.push(d))}}}}),function(){var a,b;p.uaMatch=function(a){a=a.toLowerCase();var b=/(chrome)[ \/]([\w.]+)/.exec(a)||/(webkit)[ \/]([\w.]+)/.exec(a)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(a)||/(msie) ([\w.]+)/.exec(a)||a.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},a=p.uaMatch(g.userAgent),b={},a.browser&&(b[a.browser]=!0,b.version=a.version),b.chrome?b.webkit=!0:b.webkit&&(b.safari=!0),p.browser=b,p.sub=function(){function a(b,c){return new a.fn.init(b,c)}p.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function c(c,d){return d&&d instanceof p&&!(d instanceof a)&&(d=a(d)),p.fn.init.call(this,c,d,b)},a.fn.init.prototype=a.fn;var b=a(e);return a}}();var bH,bI,bJ,bK=/alpha\([^)]*\)/i,bL=/opacity=([^)]*)/,bM=/^(top|right|bottom|left)$/,bN=/^(none|table(?!-c[ea]).+)/,bO=/^margin/,bP=new RegExp("^("+q+")(.*)$","i"),bQ=new RegExp("^("+q+")(?!px)[a-z%]+$","i"),bR=new RegExp("^([-+])=("+q+")","i"),bS={},bT={position:"absolute",visibility:"hidden",display:"block"},bU={letterSpacing:0,fontWeight:400},bV=["Top","Right","Bottom","Left"],bW=["Webkit","O","Moz","ms"],bX=p.fn.toggle;p.fn.extend({css:function(a,c){return p.access(this,function(a,c,d){return d!==b?p.style(a,c,d):p.css(a,c)},a,c,arguments.length>1)},show:function(){return b$(this,!0)},hide:function(){return b$(this)},toggle:function(a,b){var c=typeof a=="boolean";return p.isFunction(a)&&p.isFunction(b)?bX.apply(this,arguments):this.each(function(){(c?a:bZ(this))?p(this).show():p(this).hide()})}}),p.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bH(a,"opacity");return c===""?"1":c}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":p.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!a||a.nodeType===3||a.nodeType===8||!a.style)return;var f,g,h,i=p.camelCase(c),j=a.style;c=p.cssProps[i]||(p.cssProps[i]=bY(j,i)),h=p.cssHooks[c]||p.cssHooks[i];if(d===b)return h&&"get"in h&&(f=h.get(a,!1,e))!==b?f:j[c];g=typeof d,g==="string"&&(f=bR.exec(d))&&(d=(f[1]+1)*f[2]+parseFloat(p.css(a,c)),g="number");if(d==null||g==="number"&&isNaN(d))return;g==="number"&&!p.cssNumber[i]&&(d+="px");if(!h||!("set"in h)||(d=h.set(a,d,e))!==b)try{j[c]=d}catch(k){}},css:function(a,c,d,e){var f,g,h,i=p.camelCase(c);return c=p.cssProps[i]||(p.cssProps[i]=bY(a.style,i)),h=p.cssHooks[c]||p.cssHooks[i],h&&"get"in h&&(f=h.get(a,!0,e)),f===b&&(f=bH(a,c)),f==="normal"&&c in bU&&(f=bU[c]),d||e!==b?(g=parseFloat(f),d||p.isNumeric(g)?g||0:f):f},swap:function(a,b,c){var d,e,f={};for(e in b)f[e]=a.style[e],a.style[e]=b[e];d=c.call(a);for(e in b)a.style[e]=f[e];return d}}),a.getComputedStyle?bH=function(b,c){var d,e,f,g,h=a.getComputedStyle(b,null),i=b.style;return h&&(d=h[c],d===""&&!p.contains(b.ownerDocument,b)&&(d=p.style(b,c)),bQ.test(d)&&bO.test(c)&&(e=i.width,f=i.minWidth,g=i.maxWidth,i.minWidth=i.maxWidth=i.width=d,d=h.width,i.width=e,i.minWidth=f,i.maxWidth=g)),d}:e.documentElement.currentStyle&&(bH=function(a,b){var c,d,e=a.currentStyle&&a.currentStyle[b],f=a.style;return e==null&&f&&f[b]&&(e=f[b]),bQ.test(e)&&!bM.test(b)&&(c=f.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":e,e=f.pixelLeft+"px",f.left=c,d&&(a.runtimeStyle.left=d)),e===""?"auto":e}),p.each(["height","width"],function(a,b){p.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth===0&&bN.test(bH(a,"display"))?p.swap(a,bT,function(){return cb(a,b,d)}):cb(a,b,d)},set:function(a,c,d){return b_(a,c,d?ca(a,b,d,p.support.boxSizing&&p.css(a,"boxSizing")==="border-box"):0)}}}),p.support.opacity||(p.cssHooks.opacity={get:function(a,b){return bL.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=p.isNumeric(b)?"alpha(opacity="+b*100+")":"",f=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&p.trim(f.replace(bK,""))===""&&c.removeAttribute){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bK.test(f)?f.replace(bK,e):f+" "+e}}),p(function(){p.support.reliableMarginRight||(p.cssHooks.marginRight={get:function(a,b){return p.swap(a,{display:"inline-block"},function(){if(b)return bH(a,"marginRight")})}}),!p.support.pixelPosition&&p.fn.position&&p.each(["top","left"],function(a,b){p.cssHooks[b]={get:function(a,c){if(c){var d=bH(a,b);return bQ.test(d)?p(a).position()[b]+"px":d}}}})}),p.expr&&p.expr.filters&&(p.expr.filters.hidden=function(a){return a.offsetWidth===0&&a.offsetHeight===0||!p.support.reliableHiddenOffsets&&(a.style&&a.style.display||bH(a,"display"))==="none"},p.expr.filters.visible=function(a){return!p.expr.filters.hidden(a)}),p.each({margin:"",padding:"",border:"Width"},function(a,b){p.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bV[d]+b]=e[d]||e[d-2]||e[0];return f}},bO.test(a)||(p.cssHooks[a+b].set=b_)});var cd=/%20/g,ce=/\[\]$/,cf=/\r?\n/g,cg=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,ch=/^(?:select|textarea)/i;p.fn.extend({serialize:function(){return p.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?p.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||ch.test(this.nodeName)||cg.test(this.type))}).map(function(a,b){var c=p(this).val();return c==null?null:p.isArray(c)?p.map(c,function(a,c){return{name:b.name,value:a.replace(cf,"\r\n")}}):{name:b.name,value:c.replace(cf,"\r\n")}}).get()}}),p.param=function(a,c){var d,e=[],f=function(a,b){b=p.isFunction(b)?b():b==null?"":b,e[e.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=p.ajaxSettings&&p.ajaxSettings.traditional);if(p.isArray(a)||a.jquery&&!p.isPlainObject(a))p.each(a,function(){f(this.name,this.value)});else for(d in a)ci(d,a[d],c,f);return e.join("&").replace(cd,"+")};var cj,ck,cl=/#.*$/,cm=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,cn=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,co=/^(?:GET|HEAD)$/,cp=/^\/\//,cq=/\?/,cr=/)<[^<]*)*<\/script>/gi,cs=/([?&])_=[^&]*/,ct=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,cu=p.fn.load,cv={},cw={},cx=["*/"]+["*"];try{ck=f.href}catch(cy){ck=e.createElement("a"),ck.href="",ck=ck.href}cj=ct.exec(ck.toLowerCase())||[],p.fn.load=function(a,c,d){if(typeof a!="string"&&cu)return cu.apply(this,arguments);if(!this.length)return this;var e,f,g,h=this,i=a.indexOf(" ");return i>=0&&(e=a.slice(i,a.length),a=a.slice(0,i)),p.isFunction(c)?(d=c,c=b):c&&typeof c=="object"&&(f="POST"),p.ajax({url:a,type:f,dataType:"html",data:c,complete:function(a,b){d&&h.each(d,g||[a.responseText,b,a])}}).done(function(a){g=arguments,h.html(e?p("
        ").append(a.replace(cr,"")).find(e):a)}),this},p.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){p.fn[b]=function(a){return this.on(b,a)}}),p.each(["get","post"],function(a,c){p[c]=function(a,d,e,f){return p.isFunction(d)&&(f=f||e,e=d,d=b),p.ajax({type:c,url:a,data:d,success:e,dataType:f})}}),p.extend({getScript:function(a,c){return p.get(a,b,c,"script")},getJSON:function(a,b,c){return p.get(a,b,c,"json")},ajaxSetup:function(a,b){return b?cB(a,p.ajaxSettings):(b=a,a=p.ajaxSettings),cB(a,b),a},ajaxSettings:{url:ck,isLocal:cn.test(cj[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":cx},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":p.parseJSON,"text xml":p.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:cz(cv),ajaxTransport:cz(cw),ajax:function(a,c){function y(a,c,f,i){var k,s,t,u,w,y=c;if(v===2)return;v=2,h&&clearTimeout(h),g=b,e=i||"",x.readyState=a>0?4:0,f&&(u=cC(l,x,f));if(a>=200&&a<300||a===304)l.ifModified&&(w=x.getResponseHeader("Last-Modified"),w&&(p.lastModified[d]=w),w=x.getResponseHeader("Etag"),w&&(p.etag[d]=w)),a===304?(y="notmodified",k=!0):(k=cD(l,u),y=k.state,s=k.data,t=k.error,k=!t);else{t=y;if(!y||a)y="error",a<0&&(a=0)}x.status=a,x.statusText=(c||y)+"",k?o.resolveWith(m,[s,y,x]):o.rejectWith(m,[x,y,t]),x.statusCode(r),r=b,j&&n.trigger("ajax"+(k?"Success":"Error"),[x,l,k?s:t]),q.fireWith(m,[x,y]),j&&(n.trigger("ajaxComplete",[x,l]),--p.active||p.event.trigger("ajaxStop"))}typeof a=="object"&&(c=a,a=b),c=c||{};var d,e,f,g,h,i,j,k,l=p.ajaxSetup({},c),m=l.context||l,n=m!==l&&(m.nodeType||m instanceof p)?p(m):p.event,o=p.Deferred(),q=p.Callbacks("once memory"),r=l.statusCode||{},t={},u={},v=0,w="canceled",x={readyState:0,setRequestHeader:function(a,b){if(!v){var c=a.toLowerCase();a=u[c]=u[c]||a,t[a]=b}return this},getAllResponseHeaders:function(){return v===2?e:null},getResponseHeader:function(a){var c;if(v===2){if(!f){f={};while(c=cm.exec(e))f[c[1].toLowerCase()]=c[2]}c=f[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){return v||(l.mimeType=a),this},abort:function(a){return a=a||w,g&&g.abort(a),y(0,a),this}};o.promise(x),x.success=x.done,x.error=x.fail,x.complete=q.add,x.statusCode=function(a){if(a){var b;if(v<2)for(b in a)r[b]=[r[b],a[b]];else b=a[x.status],x.always(b)}return this},l.url=((a||l.url)+"").replace(cl,"").replace(cp,cj[1]+"//"),l.dataTypes=p.trim(l.dataType||"*").toLowerCase().split(s),l.crossDomain==null&&(i=ct.exec(l.url.toLowerCase())||!1,l.crossDomain=i&&i.join(":")+(i[3]?"":i[1]==="http:"?80:443)!==cj.join(":")+(cj[3]?"":cj[1]==="http:"?80:443)),l.data&&l.processData&&typeof l.data!="string"&&(l.data=p.param(l.data,l.traditional)),cA(cv,l,c,x);if(v===2)return x;j=l.global,l.type=l.type.toUpperCase(),l.hasContent=!co.test(l.type),j&&p.active++===0&&p.event.trigger("ajaxStart");if(!l.hasContent){l.data&&(l.url+=(cq.test(l.url)?"&":"?")+l.data,delete l.data),d=l.url;if(l.cache===!1){var z=p.now(),A=l.url.replace(cs,"$1_="+z);l.url=A+(A===l.url?(cq.test(l.url)?"&":"?")+"_="+z:"")}}(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&x.setRequestHeader("Content-Type",l.contentType),l.ifModified&&(d=d||l.url,p.lastModified[d]&&x.setRequestHeader("If-Modified-Since",p.lastModified[d]),p.etag[d]&&x.setRequestHeader("If-None-Match",p.etag[d])),x.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+(l.dataTypes[0]!=="*"?", "+cx+"; q=0.01":""):l.accepts["*"]);for(k in l.headers)x.setRequestHeader(k,l.headers[k]);if(!l.beforeSend||l.beforeSend.call(m,x,l)!==!1&&v!==2){w="abort";for(k in{success:1,error:1,complete:1})x[k](l[k]);g=cA(cw,l,c,x);if(!g)y(-1,"No Transport");else{x.readyState=1,j&&n.trigger("ajaxSend",[x,l]),l.async&&l.timeout>0&&(h=setTimeout(function(){x.abort("timeout")},l.timeout));try{v=1,g.send(t,y)}catch(B){if(v<2)y(-1,B);else throw B}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var cE=[],cF=/\?/,cG=/(=)\?(?=&|$)|\?\?/,cH=p.now();p.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=cE.pop()||p.expando+"_"+cH++;return this[a]=!0,a}}),p.ajaxPrefilter("json jsonp",function(c,d,e){var f,g,h,i=c.data,j=c.url,k=c.jsonp!==!1,l=k&&cG.test(j),m=k&&!l&&typeof i=="string"&&!(c.contentType||"").indexOf("application/x-www-form-urlencoded")&&cG.test(i);if(c.dataTypes[0]==="jsonp"||l||m)return f=c.jsonpCallback=p.isFunction(c.jsonpCallback)?c.jsonpCallback():c.jsonpCallback,g=a[f],l?c.url=j.replace(cG,"$1"+f):m?c.data=i.replace(cG,"$1"+f):k&&(c.url+=(cF.test(j)?"&":"?")+c.jsonp+"="+f),c.converters["script json"]=function(){return h||p.error(f+" was not called"),h[0]},c.dataTypes[0]="json",a[f]=function(){h=arguments},e.always(function(){a[f]=g,c[f]&&(c.jsonpCallback=d.jsonpCallback,cE.push(f)),h&&p.isFunction(g)&&g(h[0]),h=g=b}),"script"}),p.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){return p.globalEval(a),a}}}),p.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),p.ajaxTransport("script",function(a){if(a.crossDomain){var c,d=e.head||e.getElementsByTagName("head")[0]||e.documentElement;return{send:function(f,g){c=e.createElement("script"),c.async="async",a.scriptCharset&&(c.charset=a.scriptCharset),c.src=a.url,c.onload=c.onreadystatechange=function(a,e){if(e||!c.readyState||/loaded|complete/.test(c.readyState))c.onload=c.onreadystatechange=null,d&&c.parentNode&&d.removeChild(c),c=b,e||g(200,"success")},d.insertBefore(c,d.firstChild)},abort:function(){c&&c.onload(0,1)}}}});var cI,cJ=a.ActiveXObject?function(){for(var a in cI)cI[a](0,1)}:!1,cK=0;p.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&cL()||cM()}:cL,function(a){p.extend(p.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(p.ajaxSettings.xhr()),p.support.ajax&&p.ajaxTransport(function(c){if(!c.crossDomain||p.support.cors){var d;return{send:function(e,f){var g,h,i=c.xhr();c.username?i.open(c.type,c.url,c.async,c.username,c.password):i.open(c.type,c.url,c.async);if(c.xhrFields)for(h in c.xhrFields)i[h]=c.xhrFields[h];c.mimeType&&i.overrideMimeType&&i.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(h in e)i.setRequestHeader(h,e[h])}catch(j){}i.send(c.hasContent&&c.data||null),d=function(a,e){var h,j,k,l,m;try{if(d&&(e||i.readyState===4)){d=b,g&&(i.onreadystatechange=p.noop,cJ&&delete cI[g]);if(e)i.readyState!==4&&i.abort();else{h=i.status,k=i.getAllResponseHeaders(),l={},m=i.responseXML,m&&m.documentElement&&(l.xml=m);try{l.text=i.responseText}catch(a){}try{j=i.statusText}catch(n){j=""}!h&&c.isLocal&&!c.crossDomain?h=l.text?200:404:h===1223&&(h=204)}}}catch(o){e||f(-1,o)}l&&f(h,j,l,k)},c.async?i.readyState===4?setTimeout(d,0):(g=++cK,cJ&&(cI||(cI={},p(a).unload(cJ)),cI[g]=d),i.onreadystatechange=d):d()},abort:function(){d&&d(0,1)}}}});var cN,cO,cP=/^(?:toggle|show|hide)$/,cQ=new RegExp("^(?:([-+])=|)("+q+")([a-z%]*)$","i"),cR=/queueHooks$/,cS=[cY],cT={"*":[function(a,b){var c,d,e=this.createTween(a,b),f=cQ.exec(b),g=e.cur(),h=+g||0,i=1,j=20;if(f){c=+f[2],d=f[3]||(p.cssNumber[a]?"":"px");if(d!=="px"&&h){h=p.css(e.elem,a,!0)||c||1;do i=i||".5",h=h/i,p.style(e.elem,a,h+d);while(i!==(i=e.cur()/g)&&i!==1&&--j)}e.unit=d,e.start=h,e.end=f[1]?h+(f[1]+1)*c:c}return e}]};p.Animation=p.extend(cW,{tweener:function(a,b){p.isFunction(a)?(b=a,a=["*"]):a=a.split(" ");var c,d=0,e=a.length;for(;d-1,j={},k={},l,m;i?(k=e.position(),l=k.top,m=k.left):(l=parseFloat(g)||0,m=parseFloat(h)||0),p.isFunction(b)&&(b=b.call(a,c,f)),b.top!=null&&(j.top=b.top-f.top+l),b.left!=null&&(j.left=b.left-f.left+m),"using"in b?b.using.call(a,j):e.css(j)}},p.fn.extend({position:function(){if(!this[0])return;var a=this[0],b=this.offsetParent(),c=this.offset(),d=c_.test(b[0].nodeName)?{top:0,left:0}:b.offset();return c.top-=parseFloat(p.css(a,"marginTop"))||0,c.left-=parseFloat(p.css(a,"marginLeft"))||0,d.top+=parseFloat(p.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(p.css(b[0],"borderLeftWidth"))||0,{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||e.body;while(a&&!c_.test(a.nodeName)&&p.css(a,"position")==="static")a=a.offsetParent;return a||e.body})}}),p.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);p.fn[a]=function(e){return p.access(this,function(a,e,f){var g=da(a);if(f===b)return g?c in g?g[c]:g.document.documentElement[e]:a[e];g?g.scrollTo(d?p(g).scrollLeft():f,d?f:p(g).scrollTop()):a[e]=f},a,e,arguments.length,null)}}),p.each({Height:"height",Width:"width"},function(a,c){p.each({padding:"inner"+a,content:c,"":"outer"+a},function(d,e){p.fn[e]=function(e,f){var g=arguments.length&&(d||typeof e!="boolean"),h=d||(e===!0||f===!0?"margin":"border");return p.access(this,function(c,d,e){var f;return p.isWindow(c)?c.document.documentElement["client"+a]:c.nodeType===9?(f=c.documentElement,Math.max(c.body["scroll"+a],f["scroll"+a],c.body["offset"+a],f["offset"+a],f["client"+a])):e===b?p.css(c,d,e,h):p.style(c,d,e,h)},c,g?e:b,g,null)}})}),a.jQuery=a.$=p,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return p})})(window);]]>
        DateFri, 24 Feb 2023 14:01:44 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"93436-1358437290000"
        Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:44 GMT
        Content-Typeapplication/javascript;charset=UTF-8
        Content-Length93436
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/index.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>        Info11608116060HTML5: Missing Content Security PolicyEncapsulationHTML5: Missing Content Security PolicyCWE-1173: Improper Use of Validation FrameworkSummaryImplicationExecution
        +Perform the following steps to flag all instances of this issue:
        • Create a new policy with the selection of checks that you want to include in a rescan. We recommend using the Blank or Passive policy as a base.
        • Select this check and uncheck the “FlagAtHost” check input from standard description.
        • Save the policy.
        • Rescan with this new custom policy.
        ]]>        Fix
        +For example:
        Content-Security-Policy: default-src https://example.net; child-src 'none';
        +Or
        <meta http-equiv="Content-Security-Policy" content="default-src https://cdn.example.net; child-src 'none'; object-src 'none'">

        +Content-Security-Policy 2 is the recommended standard. Content-Security-Policy 3 is in draft. The following is a snapshot of modern browser support for the CSP header:
        • Edge: Versions 15-18; supported with a nonce bug. Version 75 and later; fully supported.
        • Chrome: Versions 36-38; missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives. Version 39; missing the plugin-types, child-src, base-uri, and form-action directives. Version 40 and later; fully supported.
        • Firefox: Versions 31-34; missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives. Version 35; missing the plugin-types, child-src, frame-ancestors, and form-action directives. Versions 36-44; missing the plugin-types and child-src directives. Version 45 and later; missing the plugin-types directive.
        +Furthermore, the report-uri directive can be configured to receive reports of attempts to violate the policy. These reports can be used as an early indication of security issues in the site as well as to optimize the policy.]]>        Reference InfoContent Security Policy Level 3
        OWASP Content Security Policy
        MDN web docs
        Content Security Policy (CSP) Quick Reference Guide
        ]]>        Info11674116760HLI: Detected LibrariesSummary Hacker Level Insights provides developers and security professionals with more context relating to the overall security posture of their application. The version was detected to be in use by during this scan. While these findings do not necessarily represent a security vulnerability, it is important to note that attackers commonly perform reconnaissance of their target in an attempt to identify known weaknesses or patterns. Knowing what the hacker can see provides context which can help teams better secure their applications.
        ]]>        ImplicationExecutionFixReference Info        Vulnerability11548112942Cross-Frame ScriptingSecurity FeaturesCross-Frame ScriptingCWE-1021: Improper Restriction of Rendered UI Layers or FramesSummaryA Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. +

        Clickjacking
        +The goal of a Clickjacking attack is to deceive the victim (user) into interacting with UI elements of the attacker’s choice on the target web site without their knowledge and then executing privileged functionality on the victim’s behalf. To achieve this goal, the attacker must exploit the XFS vulnerability to load the attack target inside an iframe tag, hide it using Cascading Style Sheets (CSS) and overlay the phishing content on the malicious page. By placing the UI elements on the phishing page so they overlap with those on the page targeted in the attack, the attacker can ensure that the victim must interact with the UI elements on the target page not visible to the victim.

        +WebInspect has detected a response containing one or more forms that accept user input but is missing XFS protection.
        ]]>        Implicationiframe. Exploitation of this weakness could result in:
        1. Hijacking of user events such as keystrokes
        2. Theft of sensitive information
        3. Execution of privileged functionality through combination with Cross-Site Request Forgery attacks
        ]]>        ExecutionCreate a test page containing an HTML iframe tag whose src attribute is set to ~FullURL~. Successful framing of the target page indicates that the application is susceptibile to XFS.

        Note that WebInspect will report only one instance of this check across each host within the scope of the scan. The other visible pages on the site may, however, be vulnerable to XFS as well and therefore should be protected against it with an appropriate fix.]]>        FixThe Content Security Policy (CSP) frame-ancestors directive obsoletes the X-Frame-Options header. Both provide for a policy-based mitigation technique against cross-frame scripting vulnerabilities. The difference is that while the X-Frame-Options technique only checks against the top-level document’s location, the CSP frame-ancestors header checks for conformity from all ancestors.

        +If both CSP frame-ancestors and X-Frame-Options headers are present and supported, the CSP directive will prevail. WebInspect recommends using both CSP frame-ancestors and X-Frame-Options headers as CSP is not supported by Internet Explorer and many older versions of other browsers.

        +In addition, developers must also use client-side frame busting JavaScript as a protection against XFS. This will enable users of older browsers that do not support the X-Frame-Options header to also be protected from Clickjacking attacks.

        X-Frame-Options
        Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe. +Developers must set the X-Frame-Options header to one of the following permitted values: +
        • DENY
          +Deny all attempts to frame the page
        • SAMEORIGIN
          +The page can be framed by another page only if it belongs to the same origin as the page being framed
        • ALLOW-FROM origin
          +Developers can specify a list of trusted origins in the origin attribute. Only pages on origin are permitted to load this page inside an iframe

        Content-Security-Policy: frame-ancestors
        Developers can use the CSP header with the frame-ancestors directive, which replaces the X-Frame-Options header, to instruct the browser about appropriate actions to perform if their site is included inside an iframe. Developers can set the frame-ancestors attribute to one of the following permitted values: +
        • +‘none’
          Equivalent to “DENY” - deny all attempts to frame the page
        • ‘self’
          Equivalent to “SAMEORIGIN” - the page can be framed by another page only if it belongs to the same origin as the page being framed
        • <host-source>
          Equivalent to “ALLOW-FROM” - developers can specify a list of trusted origins which maybe host name or IP address or URL scheme. Only pages on this list of trusted origin are permitted to load this page inside an iframe
        • <scheme-source>
          Developers can also specify a schema such as http: or https: that can frame the page.
        ]]>        Reference InfoFrame Busting:
        Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites
        OWASP: Busting Frame Busting

        OWASP:
        Clickjacking

        Content-Security-Policy (CSP)
        CSP: frame-ancestors

        Specification:
        Content Security Policy Level 2
        X-Frame-Options IETF Draft

        Server Configuration:
        IIS
        Apache, nginx

        HP 2012 Cyber Security Report
        The X-Frame-Options header - a failure to launch]]>         + + + + Zero - Personal Banking - Loans - Credit Cards + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        +
        + +
        +
        + +
        + +
        +
        +

        Online Banking

        +

        Click the button below to view online banking features.

        + More Services +
        +
        +
        +

        Checking Account Activity

        +

        Use Zero to view the most up-to-date listings of your deposits, withdrawals, interest payments, and a number of other useful transactions. +

        +
        +
        +
        +
        +

        Transfer Funds

        +

        Use Zero to safely and securely transfer funds between accounts. There is no hold placed on online money transfers, so your funds are available when you need them. +

        +
        +
        +
        +
        +

        My Money Map

        +

        Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently. With Money Map, you can create a budget, sort your finances into spending and savings categories, check the interest your accounts are earning, and gain new understanding of your patterns with the help of Zero’s clear charts and graphs. +

        +
        +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="8E73B3A63EFE2AADE20745A947151EB3";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="0b20a9b8";
        X-Request-Memorid="36c736fb";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Personal Banking - Loans - Credit Cards + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        +
        + +
        +
        + +
        + +
        +
        +

        Online Banking

        +

        Click the button below to view online banking features.

        + More Services +
        +
        +
        +

        Checking Account Activity

        +

        Use Zero to view the most up-to-date listings of your deposits, withdrawals, interest payments, and a number of other useful transactions. +

        +
        +
        +
        +
        +

        Transfer Funds

        +

        Use Zero to safely and securely transfer funds between accounts. There is no hold placed on online money transfers, so your funds are available when you need them. +

        +
        +
        +
        +
        +

        My Money Map

        +

        Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently. With Money Map, you can create a budget, sort your finances into spending and savings categories, check the interest your accounts are earning, and gain new understanding of your patterns with the help of Zero’s clear charts and graphs. +

        +
        +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:47 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Length12471
        /search.htmlsearchTermtextsearch-query        http://zero.webappsecurity.com:80/search.html?searchTerm=httpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Search Tips + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        + +

        Search Results:

        + The following pages were found for the query: + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/searchhtmlHTTP/1.1searchTerm=Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +searchTerm
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="DB032FFFCF5DEA9F74F4C783FBF606D7";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="Form";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="f6741530";
        X-Request-Memorid="8c587b23";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Search Tips + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        + +

        Search Results:

        + The following pages were found for the query: + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:47 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Length8714
        /search.htmlsearchTermtextsearch-query        http://zero.webappsecurity.com:80/login.htmlhttpzero.webappsecurity.com80Vulnerability11542105953Often Misused: LoginAPI AbuseOften Misused: LoginCWE-311: Missing Encryption of Sensitive DataSummaryImplicationAn attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the application developers.]]>ExecutionFixEnsure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted.]]>Reference InfoAdvisory:http://www.kb.cert.org/vuls/id/466433
        ]]>        Vulnerability1154247223Insecure TransportCWE-319: Cleartext Transmission of Sensitive InformationSecurity FeaturesInsecure TransportSummaryImplicationAn attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the application developers.]]>ExecutionFixFor Security Operations:
        Ensure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted. +

        For Development:
        Ensure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted. +

        For QA:
        Test the application not only from the perspective of a normal user, but also from the perspective of a malicious one.]]>        Reference Info        Vulnerability11548112933Cross-Frame ScriptingSecurity FeaturesCross-Frame ScriptingCWE-1021: Improper Restriction of Rendered UI Layers or FramesSummaryA Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. +

        Clickjacking
        +The goal of a Clickjacking attack is to deceive the victim (user) into interacting with UI elements of the attacker’s choice on the target web site without their knowledge and then executing privileged functionality on the victim’s behalf. To achieve this goal, the attacker must exploit the XFS vulnerability to load the attack target inside an iframe tag, hide it using Cascading Style Sheets (CSS) and overlay the phishing content on the malicious page. By placing the UI elements on the phishing page so they overlap with those on the page targeted in the attack, the attacker can ensure that the victim must interact with the UI elements on the target page not visible to the victim.

        +WebInspect has detected a page which potentially handles sensitive information using an HTML form with a password input field and is missing XFS protection.
        ]]>        ImplicationA Cross-Frame Scripting weakness could allow an attacker to embed the vulnerable application inside an iframe. Exploitation of this weakness could result in:
        1. Hijacking of user events such as keystrokes
        2. Theft of sensitive information
        3. Execution of privileged functionality through combination with Cross-Site Request Forgery attacks
        ]]>        ExecutionCreate a test page containing an HTML iframe tag whose src attribute is set to ~FullURL~. Successful framing of the target page indicates that the application is susceptibile to XFS.

        Note that WebInspect will report only one instance of this check across each host within the scope of the scan. The other visible pages on the site may, however, be vulnerable to XFS as well and therefore should be protected against it with an appropriate fix.]]>        FixThe Content Security Policy (CSP) frame-ancestors directive obsoletes the X-Frame-Options header. Both provide for a policy-based mitigation technique against cross-frame scripting vulnerabilities. The difference is that while the X-Frame-Options technique only checks against the top-level document’s location, the CSP frame-ancestors header checks for conformity from all ancestors.

        +If both CSP frame-ancestors and X-Frame-Options headers are present and supported, the CSP directive will prevail. WebInspect recommends using both CSP frame-ancestors and X-Frame-Options headers as CSP is not supported by Internet Explorer and many older versions of other browsers.

        +In addition, developers must also use client-side frame busting JavaScript as a protection against XFS. This will enable users of older browsers that do not support the X-Frame-Options header to also be protected from Clickjacking attacks.

        X-Frame-Options
        Developers can use this header to instruct the browser about appropriate actions to perform if their site is included inside an iframe. +Developers must set the X-Frame-Options header to one of the following permitted values: +
        • DENY
          +Deny all attempts to frame the page
        • SAMEORIGIN
          +The page can be framed by another page only if it belongs to the same origin as the page being framed
        • ALLOW-FROM origin
          +Developers can specify a list of trusted origins in the origin attribute. Only pages on origin are permitted to load this page inside an iframe

        Content-Security-Policy: frame-ancestors
        Developers can use the CSP header with the frame-ancestors directive, which replaces the X-Frame-Options header, to instruct the browser about appropriate actions to perform if their site is included inside an iframe. Developers can set the frame-ancestors attribute to one of the following permitted values: +
        • +‘none’
          Equivalent to “DENY” - deny all attempts to frame the page
        • ‘self’
          Equivalent to “SAMEORIGIN” - the page can be framed by another page only if it belongs to the same origin as the page being framed
        • <host-source>
          Equivalent to “ALLOW-FROM” - developers can specify a list of trusted origins which maybe host name or IP address or URL scheme. Only pages on this list of trusted origin are permitted to load this page inside an iframe
        • <scheme-source>
          Developers can also specify a schema such as http: or https: that can frame the page.
        ]]>        Reference InfoFrame Busting:
        Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites
        OWASP: Busting Frame Busting

        OWASP:
        Clickjacking

        Content-Security-Policy (CSP)
        CSP: frame-ancestors

        Specification:
        Content Security Policy Level 2
        X-Frame-Options IETF Draft

        Server Configuration:
        IIS
        Apache, nginx

        HP 2012 Cyber Security Report
        The X-Frame-Options header - a failure to launch]]>         + + + + Zero - Log in + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + + +
        +
        +
        +

        Log in to ZeroBank

        +
        + +
        + +
        +
        + +
        + + +
        +
        + +
        + +
        + +
        +
        + +
        + +
        + +
        +
        +
        + +
        + +
        + + + Forgot your password ? +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/loginhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="37A656705626B4D1D64F6BFA191C2A08";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="a81fe73f";
        X-Request-Memorid="fe20221c";sc="2";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Log in + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + + +
        +
        +
        +

        Log in to ZeroBank

        +
        + +
        + +
        +
        + +
        + + +
        +
        + +
        + +
        + +
        +
        + +
        + +
        + +
        +
        +
        + +
        + +
        + + + Forgot your password ? +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:47 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Length7318
        /signin.htmlpostuser_logintextuser_passwordpassworduser_remember_mecheckboxsubmitSign insubmitbtn btn-primary        http://zero.webappsecurity.com:80/online-banking.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>        Info11674116760HLI: Detected LibrariesSummary Hacker Level Insights provides developers and security professionals with more context relating to the overall security posture of their application. The version was detected to be in use by during this scan. While these findings do not necessarily represent a security vulnerability, it is important to note that attackers commonly perform reconnaissance of their target in an attempt to identify known weaknesses or patterns. Knowing what the hacker can see provides context which can help teams better secure their applications.
        ]]>        ImplicationExecutionFixReference Info         + + + + Zero - Free Access to Online Banking + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +

        Online Banking

        +

        + Pay bills easily +

        +
        +
        +
        +
        +
        +
        + +
        +
        +

        Our Bank is trusted by over 1,000,000 customers world wide. + Sign in now! +

        +
        +
        + +
        +
        +
        +

        + + Account Summary +

        +
        +

        See all of your account balances at a glance.

        +
        + +
        +

        + + Account Activity +

        +
        +

        View the most up-to-date listings of your deposits, withdrawals, interest payments, and other transactions.

        +
        + +
        +

        Transfer Funds

        +
        +

        Safely and securely transfer funds between accounts.

        +
        +
        + +
        +
        +

        Pay Bills

        +
        +

        Pay your bills quickly and securely online.

        +
        + +
        +

        My Money Map

        +
        +

        Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently.

        +
        + +
        +

        Online Statements

        +
        +

        View the statement history of all your accounts.

        +
        +
        +
        + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/online-bankinghtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="0961B4C9AB7ECE8F80F1EFC03677941C";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="23674a92";
        X-Request-Memorid="7727a077";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Free Access to Online Banking + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +

        Online Banking

        +

        + Pay bills easily +

        +
        +
        +
        +
        +
        +
        + +
        +
        +

        Our Bank is trusted by over 1,000,000 customers world wide. + Sign in now! +

        +
        +
        + +
        +
        +
        +

        + + Account Summary +

        +
        +

        See all of your account balances at a glance.

        +
        + +
        +

        + + Account Activity +

        +
        +

        View the most up-to-date listings of your deposits, withdrawals, interest payments, and other transactions.

        +
        + +
        +

        Transfer Funds

        +
        +

        Safely and securely transfer funds between accounts.

        +
        +
        + +
        +
        +

        Pay Bills

        +
        +

        Pay your bills quickly and securely online.

        +
        + +
        +

        My Money Map

        +
        +

        Use Zero to set up and monitor your personalized money map. A money map is an easy-to-use online tool that helps you manage your finances efficiently.

        +
        + +
        +

        Online Statements

        +
        +

        View the statement history of all your accounts.

        +
        +
        +
        + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:48 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=99
        ConnectionKeep-Alive
        Content-Length11353
        /search.htmlsearchTermtextsearch-query        http://zero.webappsecurity.com:80/feedback.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>        Info11674116760HLI: Detected LibrariesSummary Hacker Level Insights provides developers and security professionals with more context relating to the overall security posture of their application. The version was detected to be in use by during this scan. While these findings do not necessarily represent a security vulnerability, it is important to note that attackers commonly perform reconnaissance of their target in an attempt to identify known weaknesses or patterns. Knowing what the hacker can see provides context which can help teams better secure their applications.
        ]]>        ImplicationExecutionFixReference Info         + + + + Zero - Contact Us + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +
        +

        Feedback

        +
        + +
        +

        + Our Frequently Asked Questions area will help you with many + of your inquiries. +
        + If you can't find your question, return to this page and use the e-mail form below. +

        +
        +

        + IMPORTANT! This feedback facility is not secure. Please do not send any +
        + account information in a message sent from here. +

        + +
        + +
        + + + +
        + + +
        + +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/feedbackhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="EA0F5B4A7B2D5822D3AE6FEB6AC0B160";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="ad789882";
        X-Request-Memorid="2dba37e9";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Contact Us + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +
        +

        Feedback

        +
        + +
        +

        + Our Frequently Asked Questions area will help you with many + of your inquiries. +
        + If you can't find your question, return to this page and use the e-mail form below. +

        +
        +

        + IMPORTANT! This feedback facility is not secure. Please do not send any +
        + account information in a message sent from here. +

        + +
        + +
        + + + +
        + + +
        + +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:50 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=98
        ConnectionKeep-Alive
        Content-Length9258
        /search.htmlsearchTermtextsearch-query
        /sendFeedback.htmlpostnametextemailtextsubjecttextsubmitSend Messagesubmitbtn-signin btn btn-primary        http://zero.webappsecurity.com:80/bank/account-activity.htmlhttpzero.webappsecurity.com80GET/bank/account-activityhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="572440DF9821707E127D137806557948";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="a58bc509";
        X-Request-Memorid="8a80acdd";sc="2";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1302FoundSet-Cookie: JSESSIONID=266ED445; Path=/; HttpOnly +
        DateFri, 24 Feb 2023 14:01:52 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Set-CookieJSESSIONID=266ED445; Path=/; HttpOnly
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Typetext/html
        JSESSIONID266ED445/False        http://zero.webappsecurity.com:80/bank/transfer-funds.htmlhttpzero.webappsecurity.com80GET/bank/transfer-fundshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="2B209BFC89996A2F0AE9ED7C1F450D6E";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="5644aa4a";
        X-Request-Memorid="e375e2ad";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:53 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Keep-Alivetimeout=5, max=96
        ConnectionKeep-Alive
        Content-Typetext/html
        http://zero.webappsecurity.com:80/bank/money-map.htmlhttpzero.webappsecurity.com80GET/bank/money-maphtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="90912931396CA6B973BE587C0ECB68E3";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="d5059993";
        X-Request-Memorid="37a9ecc6";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:53 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Keep-Alivetimeout=5, max=93
        ConnectionKeep-Alive
        Content-Typetext/html
        http://zero.webappsecurity.com:80/search.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 400 - Required String parameter 'searchTerm' is not present

        type Status report

        message Required String parameter 'searchTerm' is not present

        description The request sent by the client was syntactically incorrect.

        Apache Tomcat/7.0.70

        ]]>        GET/searchhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="E44F892A7930F4A1406A96562981B338";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="FormAction";Locations="HtmlNode";NodeName="form";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="b0fb7c49";
        X-Request-Memorid="1015b67e";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1400Bad RequestApache Tomcat/7.0.70 - Error report

        HTTP Status 400 - Required String parameter 'searchTerm' is not present

        type Status report

        message Required String parameter 'searchTerm' is not present

        description The request sent by the client was syntactically incorrect.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:01:53 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1074
        Connectionclose
        http://zero.webappsecurity.com:80/resources/js/jquery-1.7.2.min.jshttpzero.webappsecurity.com80").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"":"")+""),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;e=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?+d:j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.2",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){if(typeof c!="string"||!c)return null;var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
        a",d=p.getElementsByTagName("*"),e=p.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=p.getElementsByTagName("input")[0],b={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:p.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,pixelMargin:!0},f.boxModel=b.boxModel=c.compatMode==="CSS1Compat",i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete p.test}catch(r){b.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",function(){b.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),i.setAttribute("name","t"),p.appendChild(i),j=c.createDocumentFragment(),j.appendChild(p.lastChild),b.checkClone=j.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,j.removeChild(i),j.appendChild(p);if(p.attachEvent)for(n in{submit:1,change:1,focusin:1})m="on"+n,o=m in p,o||(p.setAttribute(m,"return;"),o=typeof p[m]=="function"),b[n+"Bubbles"]=o;j.removeChild(p),j=g=h=p=i=null,f(function(){var d,e,g,h,i,j,l,m,n,q,r,s,t,u=c.getElementsByTagName("body")[0];!u||(m=1,t="padding:0;margin:0;border:",r="position:absolute;top:0;left:0;width:1px;height:1px;",s=t+"0;visibility:hidden;",n="style='"+r+t+"5px solid #000;",q="
        "+""+"
        ",d=c.createElement("div"),d.style.cssText=s+"width:0;height:0;position:static;top:0;margin-top:"+m+"px",u.insertBefore(d,u.firstChild),p=c.createElement("div"),d.appendChild(p),p.innerHTML="
        t
        ",k=p.getElementsByTagName("td"),o=k[0].offsetHeight===0,k[0].style.display="",k[1].style.display="none",b.reliableHiddenOffsets=o&&k[0].offsetHeight===0,a.getComputedStyle&&(p.innerHTML="",l=c.createElement("div"),l.style.width="0",l.style.marginRight="0",p.style.width="2px",p.appendChild(l),b.reliableMarginRight=(parseInt((a.getComputedStyle(l,null)||{marginRight:0}).marginRight,10)||0)===0),typeof p.style.zoom!="undefined"&&(p.innerHTML="",p.style.width=p.style.padding="1px",p.style.border=0,p.style.overflow="hidden",p.style.display="inline",p.style.zoom=1,b.inlineBlockNeedsLayout=p.offsetWidth===3,p.style.display="block",p.style.overflow="visible",p.innerHTML="
        ",b.shrinkWrapBlocks=p.offsetWidth!==3),p.style.cssText=r+s,p.innerHTML=q,e=p.firstChild,g=e.firstChild,i=e.nextSibling.firstChild.firstChild,j={doesNotAddBorder:g.offsetTop!==5,doesAddBorderForTableAndCells:i.offsetTop===5},g.style.position="fixed",g.style.top="20px",j.fixedPosition=g.offsetTop===20||g.offsetTop===15,g.style.position=g.style.top="",e.style.overflow="hidden",e.style.position="relative",j.subtractsBorderForOverflowNotVisible=g.offsetTop===-5,j.doesNotIncludeMarginInBodyOffset=u.offsetTop!==m,a.getComputedStyle&&(p.style.marginTop="1%",b.pixelMargin=(a.getComputedStyle(p,null)||{marginTop:0}).marginTop!=="1%"),typeof d.style.zoom!="undefined"&&(d.style.zoom=1),u.removeChild(d),l=p=d=null,f.extend(b,j))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e1,null,!1)},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,b){a&&(b=(b||"fx")+"mark",f._data(a,b,(f._data(a,b)||0)+1))},_unmark:function(a,b,c){a!==!0&&(c=b,b=a,a=!1);if(b){c=c||"fx";var d=c+"mark",e=a?0:(f._data(b,d)||1)-1;e?f._data(b,d,e):(f.removeData(b,d,!0),n(b,c,"mark"))}},queue:function(a,b,c){var d;if(a){b=(b||"fx")+"queue",d=f._data(a,b),c&&(!d||f.isArray(c)?d=f._data(a,b,f.makeArray(c)):d.push(c));return d||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e={};d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),f._data(a,b+".run",e),d.call(a,function(){f.dequeue(a,b)},e)),c.length||(f.removeData(a,b+"queue "+b+".run",!0),n(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){var d=2;typeof a!="string"&&(c=a,a="fx",d--);if(arguments.length1)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,f.prop,a,b,arguments.length>1)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(p);for(c=0,d=this.length;c-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.type]||f.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.type]||f.valHooks[g.nodeName.toLowerCase()];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h,i=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;i=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/(?:^|\s)hover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function( + a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")};f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler,g=p.selector),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&j.push({elem:this,matches:d.slice(e)});for(k=0;k0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));o.match.globalPOS=p;var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/]","i"),bd=/checked\s*(?:[^=]|=\s*.checked.)/i,be=/\/(java|ecma)script/i,bf=/^\s*",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){return f.access(this,function(a){return a===b?f.text(this):this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f + .clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){return f.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(;d1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||f.isXMLDoc(a)||!bc.test("<"+a.nodeName+">")?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g,h,i,j=[];b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);for(var k=0,l;(l=a[k])!=null;k++){typeof l=="number"&&(l+="");if(!l)continue;if(typeof l=="string")if(!_.test(l))l=b.createTextNode(l);else{l=l.replace(Y,"<$1>");var m=(Z.exec(l)||["",""])[1].toLowerCase(),n=bg[m]||bg._default,o=n[0],p=b.createElement("div"),q=bh.childNodes,r;b===c?bh.appendChild(p):U(b).appendChild(p),p.innerHTML=n[1]+l+n[2];while(o--)p=p.lastChild;if(!f.support.tbody){var s=$.test(l),t=m==="table"&&!s?p.firstChild&&p.firstChild.childNodes:n[1]===""&&!s?p.childNodes:[];for(i=t.length-1;i>=0;--i)f.nodeName(t[i],"tbody")&&!t[i].childNodes.length&&t[i].parentNode.removeChild(t[i])}!f.support.leadingWhitespace&&X.test(l)&&p.insertBefore(b.createTextNode(X.exec(l)[0]),p.firstChild),l=p.childNodes,p&&(p.parentNode.removeChild(p),q.length>0&&(r=q[q.length-1],r&&r.parentNode&&r.parentNode.removeChild(r)))}var u;if(!f.support.appendChecked)if(l[0]&&typeof (u=l.length)=="number")for(i=0;i1)},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=by(a,"opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h==="string"&&(g=bu.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h="number");if(d==null||h==="number"&&isNaN(d))return;h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(by)return by(a,c)},swap:function(a,b,c){var d={},e,f;for(f in b)d[f]=a.style[f],a.style[f]=b[f];e=c.call(a);for(f in b)a.style[f]=d[f];return e}}),f.curCSS=f.css,c.defaultView&&c.defaultView.getComputedStyle&&(bz=function(a,b){var c,d,e,g,h=a.style;b=b.replace(br,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b))),!f.support.pixelMargin&&e&&bv.test(b)&&bt.test(c)&&(g=h.width,h.width=c,c=e.width,h.width=g);return c}),c.documentElement.currentStyle&&(bA=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f==null&&g&&(e=g[b])&&(f=e),bt.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),by=bz||bA,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth!==0?bB(a,b,d):f.swap(a,bw,function(){return bB(a,b,d)})},set:function(a,b){return bs.test(b)?b+"px":b}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bq.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bp,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bp.test(g)?g.replace(bp,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){return f.swap(a,{display:"inline-block"},function(){return b?by(a,"margin-right"):a.style.marginRight})}})}),f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)}),f.each({margin:"",padding:"",border:"Width"},function(a,b){f.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bx[d]+b]=e[d]||e[d-2]||e[0];return f}}});var bC=/%20/g,bD=/\[\]$/,bE=/\r?\n/g,bF=/#.*$/,bG=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bH=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bI=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bJ=/^(?:GET|HEAD)$/,bK=/^\/\//,bL=/\?/,bM=/)<[^<]*)*<\/script>/gi,bN=/^(?:select|textarea)/i,bO=/\s+/,bP=/([?&])_=[^&]*/,bQ=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bR=f.fn.load,bS={},bT={},bU,bV,bW=["*/"]+["*"];try{bU=e.href}catch(bX){bU=c.createElement("a"),bU.href="",bU=bU.href}bV=bQ.exec(bU.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bR)return bR.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bM,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bN.test(this.nodeName)||bH.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bE,"\r\n")}}):{name:b.name,value:c.replace(bE,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b$(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b$(a,b);return a},ajaxSettings:{url:bU,isLocal:bI.test(bV[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bW},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bY(bS),ajaxTransport:bY(bT),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?ca(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cb(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bG.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bO),d.crossDomain==null&&(r=bQ.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bV[1]&&r[2]==bV[2]&&(r[3]||(r[1]==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bZ(bS,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bJ.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bL.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bP,"$1_="+x);d.url=y+(y===d.url?(bL.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bW+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bZ(bT,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)b_(g,a[g],c,e);return d.join("&").replace(bC,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cc=f.now(),cd=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cc++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=typeof b.data=="string"&&/^application\/x\-www\-form\-urlencoded/.test(b.contentType);if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(cd.test(b.url)||e&&cd.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(cd,l),b.url===j&&(e&&(k=k.replace(cd,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var ce=a.ActiveXObject?function(){for(var a in cg)cg[a](0,1)}:!1,cf=0,cg;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ch()||ci()}:ch,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,ce&&delete cg[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n);try{m.text=h.responseText}catch(a){}try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cf,ce&&(cg||(cg={},f(a).unload(ce)),cg[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cj={},ck,cl,cm=/^(?:toggle|show|hide)$/,cn=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,co,cp=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cq;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(ct("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);f.fn[a]=function(e){return f.access(this,function(a,e,g){var h=cy(a);if(g===b)return h?c in h?h[c]:f.support.boxModel&&h.document.documentElement[e]||h.document.body[e]:a[e];h?h.scrollTo(d?f(h).scrollLeft():g,d?g:f(h).scrollTop()):a[e]=g},a,e,arguments.length,null)}}),f.each({Height:"height",Width:"width"},function(a,c){var d="client"+a,e="scroll"+a,g="offset"+a;f.fn["inner"+a]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,c,"padding")):this[c]():null},f.fn["outer"+a]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,c,a?"margin":"border")):this[c]():null},f.fn[c]=function(a){return f.access(this,function(a,c,h){var i,j,k,l;if(f.isWindow(a)){i=a.document,j=i.documentElement[d];return f.support.boxModel&&j||i.body&&i.body[d]||j}if(a.nodeType===9){i=a.documentElement;if(i[d]>=i[e])return i[d];return Math.max(a.body[e],i[e],a.body[g],i[g])}if(h===b){k=f.css(a,c),l=parseFloat(k);return f.isNumeric(l)?l:k}f(a).css(c,h)},c,a,arguments.length,null)}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window);]]>GET/resources/js/jquery-1.7.2.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/online-banking.html
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="C7508402E98C2D8E08BE651045D1B755";PSID="0961B4C9AB7ECE8F80F1EFC03677941C";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="23960f9d";
        X-Request-Memorid="4c768a9e";sc="1";thid="44";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"":"")+""),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;e=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?+d:j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.2",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){if(typeof c!="string"||!c)return null;var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
        a",d=p.getElementsByTagName("*"),e=p.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=p.getElementsByTagName("input")[0],b={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:p.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,pixelMargin:!0},f.boxModel=b.boxModel=c.compatMode==="CSS1Compat",i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete p.test}catch(r){b.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",function(){b.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),i.setAttribute("name","t"),p.appendChild(i),j=c.createDocumentFragment(),j.appendChild(p.lastChild),b.checkClone=j.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,j.removeChild(i),j.appendChild(p);if(p.attachEvent)for(n in{submit:1,change:1,focusin:1})m="on"+n,o=m in p,o||(p.setAttribute(m,"return;"),o=typeof p[m]=="function"),b[n+"Bubbles"]=o;j.removeChild(p),j=g=h=p=i=null,f(function(){var d,e,g,h,i,j,l,m,n,q,r,s,t,u=c.getElementsByTagName("body")[0];!u||(m=1,t="padding:0;margin:0;border:",r="position:absolute;top:0;left:0;width:1px;height:1px;",s=t+"0;visibility:hidden;",n="style='"+r+t+"5px solid #000;",q="
        "+""+"
        ",d=c.createElement("div"),d.style.cssText=s+"width:0;height:0;position:static;top:0;margin-top:"+m+"px",u.insertBefore(d,u.firstChild),p=c.createElement("div"),d.appendChild(p),p.innerHTML="
        t
        ",k=p.getElementsByTagName("td"),o=k[0].offsetHeight===0,k[0].style.display="",k[1].style.display="none",b.reliableHiddenOffsets=o&&k[0].offsetHeight===0,a.getComputedStyle&&(p.innerHTML="",l=c.createElement("div"),l.style.width="0",l.style.marginRight="0",p.style.width="2px",p.appendChild(l),b.reliableMarginRight=(parseInt((a.getComputedStyle(l,null)||{marginRight:0}).marginRight,10)||0)===0),typeof p.style.zoom!="undefined"&&(p.innerHTML="",p.style.width=p.style.padding="1px",p.style.border=0,p.style.overflow="hidden",p.style.display="inline",p.style.zoom=1,b.inlineBlockNeedsLayout=p.offsetWidth===3,p.style.display="block",p.style.overflow="visible",p.innerHTML="
        ",b.shrinkWrapBlocks=p.offsetWidth!==3),p.style.cssText=r+s,p.innerHTML=q,e=p.firstChild,g=e.firstChild,i=e.nextSibling.firstChild.firstChild,j={doesNotAddBorder:g.offsetTop!==5,doesAddBorderForTableAndCells:i.offsetTop===5},g.style.position="fixed",g.style.top="20px",j.fixedPosition=g.offsetTop===20||g.offsetTop===15,g.style.position=g.style.top="",e.style.overflow="hidden",e.style.position="relative",j.subtractsBorderForOverflowNotVisible=g.offsetTop===-5,j.doesNotIncludeMarginInBodyOffset=u.offsetTop!==m,a.getComputedStyle&&(p.style.marginTop="1%",b.pixelMargin=(a.getComputedStyle(p,null)||{marginTop:0}).marginTop!=="1%"),typeof d.style.zoom!="undefined"&&(d.style.zoom=1),u.removeChild(d),l=p=d=null,f.extend(b,j))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e1,null,!1)},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,b){a&&(b=(b||"fx")+"mark",f._data(a,b,(f._data(a,b)||0)+1))},_unmark:function(a,b,c){a!==!0&&(c=b,b=a,a=!1);if(b){c=c||"fx";var d=c+"mark",e=a?0:(f._data(b,d)||1)-1;e?f._data(b,d,e):(f.removeData(b,d,!0),n(b,c,"mark"))}},queue:function(a,b,c){var d;if(a){b=(b||"fx")+"queue",d=f._data(a,b),c&&(!d||f.isArray(c)?d=f._data(a,b,f.makeArray(c)):d.push(c));return d||[]}},dequeue:function(a,b){b=b||"fx";var c=f.queue(a,b),d=c.shift(),e={};d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),f._data(a,b+".run",e),d.call(a,function(){f.dequeue(a,b)},e)),c.length||(f.removeData(a,b+"queue "+b+".run",!0),n(a,b,"queue"))}}),f.fn.extend({queue:function(a,c){var d=2;typeof a!="string"&&(c=a,a="fx",d--);if(arguments.length1)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,f.prop,a,b,arguments.length>1)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(p);for(c=0,d=this.length;c-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.type]||f.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.type]||f.valHooks[g.nodeName.toLowerCase()];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h,i=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;i=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/(?:^|\s)hover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function( + a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")};f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler,g=p.selector),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&j.push({elem:this,matches:d.slice(e)});for(k=0;k0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));o.match.globalPOS=p;var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/]","i"),bd=/checked\s*(?:[^=]|=\s*.checked.)/i,be=/\/(java|ecma)script/i,bf=/^\s*",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){return f.access(this,function(a){return a===b?f.text(this):this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f + .clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){return f.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(;d1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||f.isXMLDoc(a)||!bc.test("<"+a.nodeName+">")?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g,h,i,j=[];b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);for(var k=0,l;(l=a[k])!=null;k++){typeof l=="number"&&(l+="");if(!l)continue;if(typeof l=="string")if(!_.test(l))l=b.createTextNode(l);else{l=l.replace(Y,"<$1>");var m=(Z.exec(l)||["",""])[1].toLowerCase(),n=bg[m]||bg._default,o=n[0],p=b.createElement("div"),q=bh.childNodes,r;b===c?bh.appendChild(p):U(b).appendChild(p),p.innerHTML=n[1]+l+n[2];while(o--)p=p.lastChild;if(!f.support.tbody){var s=$.test(l),t=m==="table"&&!s?p.firstChild&&p.firstChild.childNodes:n[1]===""&&!s?p.childNodes:[];for(i=t.length-1;i>=0;--i)f.nodeName(t[i],"tbody")&&!t[i].childNodes.length&&t[i].parentNode.removeChild(t[i])}!f.support.leadingWhitespace&&X.test(l)&&p.insertBefore(b.createTextNode(X.exec(l)[0]),p.firstChild),l=p.childNodes,p&&(p.parentNode.removeChild(p),q.length>0&&(r=q[q.length-1],r&&r.parentNode&&r.parentNode.removeChild(r)))}var u;if(!f.support.appendChecked)if(l[0]&&typeof (u=l.length)=="number")for(i=0;i1)},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=by(a,"opacity");return c===""?"1":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":f.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&"get"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h==="string"&&(g=bu.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h="number");if(d==null||h==="number"&&isNaN(d))return;h==="number"&&!f.cssNumber[i]&&(d+="px");if(!k||!("set"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c==="cssFloat"&&(c="float");if(g&&"get"in g&&(e=g.get(a,!0,d))!==b)return e;if(by)return by(a,c)},swap:function(a,b,c){var d={},e,f;for(f in b)d[f]=a.style[f],a.style[f]=b[f];e=c.call(a);for(f in b)a.style[f]=d[f];return e}}),f.curCSS=f.css,c.defaultView&&c.defaultView.getComputedStyle&&(bz=function(a,b){var c,d,e,g,h=a.style;b=b.replace(br,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b))),!f.support.pixelMargin&&e&&bv.test(b)&&bt.test(c)&&(g=h.width,h.width=c,c=e.width,h.width=g);return c}),c.documentElement.currentStyle&&(bA=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f==null&&g&&(e=g[b])&&(f=e),bt.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),by=bz||bA,f.each(["height","width"],function(a,b){f.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth!==0?bB(a,b,d):f.swap(a,bw,function(){return bB(a,b,d)})},set:function(a,b){return bs.test(b)?b+"px":b}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bq.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bp,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bp.test(g)?g.replace(bp,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){return f.swap(a,{display:"inline-block"},function(){return b?by(a,"margin-right"):a.style.marginRight})}})}),f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)}),f.each({margin:"",padding:"",border:"Width"},function(a,b){f.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bx[d]+b]=e[d]||e[d-2]||e[0];return f}}});var bC=/%20/g,bD=/\[\]$/,bE=/\r?\n/g,bF=/#.*$/,bG=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bH=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bI=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bJ=/^(?:GET|HEAD)$/,bK=/^\/\//,bL=/\?/,bM=/)<[^<]*)*<\/script>/gi,bN=/^(?:select|textarea)/i,bO=/\s+/,bP=/([?&])_=[^&]*/,bQ=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bR=f.fn.load,bS={},bT={},bU,bV,bW=["*/"]+["*"];try{bU=e.href}catch(bX){bU=c.createElement("a"),bU.href="",bU=bU.href}bV=bQ.exec(bU.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bR)return bR.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bM,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bN.test(this.nodeName)||bH.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bE,"\r\n")}}):{name:b.name,value:c.replace(bE,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b$(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b$(a,b);return a},ajaxSettings:{url:bU,isLocal:bI.test(bV[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bW},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bY(bS),ajaxTransport:bY(bT),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?ca(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cb(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bG.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bO),d.crossDomain==null&&(r=bQ.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bV[1]&&r[2]==bV[2]&&(r[3]||(r[1]==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bZ(bS,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bJ.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bL.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bP,"$1_="+x);d.url=y+(y===d.url?(bL.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bW+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bZ(bT,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)b_(g,a[g],c,e);return d.join("&").replace(bC,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cc=f.now(),cd=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cc++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=typeof b.data=="string"&&/^application\/x\-www\-form\-urlencoded/.test(b.contentType);if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(cd.test(b.url)||e&&cd.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(cd,l),b.url===j&&(e&&(k=k.replace(cd,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var ce=a.ActiveXObject?function(){for(var a in cg)cg[a](0,1)}:!1,cf=0,cg;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ch()||ci()}:ch,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,ce&&delete cg[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n);try{m.text=h.responseText}catch(a){}try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cf,ce&&(cg||(cg={},f(a).unload(ce)),cg[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cj={},ck,cl,cm=/^(?:toggle|show|hide)$/,cn=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,co,cp=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cq;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(ct("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);f.fn[a]=function(e){return f.access(this,function(a,e,g){var h=cy(a);if(g===b)return h?c in h?h[c]:f.support.boxModel&&h.document.documentElement[e]||h.document.body[e]:a[e];h?h.scrollTo(d?f(h).scrollLeft():g,d?g:f(h).scrollTop()):a[e]=g},a,e,arguments.length,null)}}),f.each({Height:"height",Width:"width"},function(a,c){var d="client"+a,e="scroll"+a,g="offset"+a;f.fn["inner"+a]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,c,"padding")):this[c]():null},f.fn["outer"+a]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,c,a?"margin":"border")):this[c]():null},f.fn[c]=function(a){return f.access(this,function(a,c,h){var i,j,k,l;if(f.isWindow(a)){i=a.document,j=i.documentElement[d];return f.support.boxModel&&j||i.body&&i.body[d]||j}if(a.nodeType===9){i=a.documentElement;if(i[d]>=i[e])return i[d];return Math.max(a.body[e],i[e],a.body[g],i[g])}if(h===b){k=f.css(a,c),l=parseFloat(k);return f.isNumeric(l)?l:k}f(a).css(c,h)},c,a,arguments.length,null)}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window);]]>
        DateFri, 24 Feb 2023 14:01:48 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"94850-1358437290000"
        Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:01:48 GMT
        Content-Typeapplication/javascript;charset=UTF-8
        Content-Length94850
        Keep-Alivetimeout=5, max=99
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/bank/account-summary.htmlhttpzero.webappsecurity.com80GET/bank/account-summaryhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/online-banking.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="835758F4A1B2E12FED05E9F2630D0B7C";PSID="0961B4C9AB7ECE8F80F1EFC03677941C";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="f339a723";
        X-Request-Memorid="c7a829a3";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:54 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Typetext/html
        http://zero.webappsecurity.com:80/bank/pay-bills.htmlhttpzero.webappsecurity.com80GET/bank/pay-billshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/online-banking.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="6F2723FE7C386DE06B46E4BC6F7523CF";PSID="0961B4C9AB7ECE8F80F1EFC03677941C";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9e8c36a9";
        X-Request-Memorid="d8a8d6c7";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:54 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Keep-Alivetimeout=5, max=99
        ConnectionKeep-Alive
        Content-Typetext/html
        http://zero.webappsecurity.com:80/manager/httpzero.webappsecurity.com80Vulnerability10102101Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplication +The primary danger from an attacker finding a publicly available directory on your web application server depends on what type of directory it is, and what files it contains. Administrative directories typically contain applications capable of changing the configuration of the running software; an attacker who gains access to an administrative application can drastically affect the operation of the web site.]]>ExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        GET/manager/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="FA6292457839E465B06937048753C425";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10210";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="b246b425";
        X-Request-Memorid="2a86bd30";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:02:29 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Location/manager/html
        Content-Typetext/html
        Content-Length0
        Keep-Alivetimeout=5, max=93
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/bank/online-statements.htmlhttpzero.webappsecurity.com80GET/bank/online-statementshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/online-banking.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="DBDBD518961D133D424A0981EF7DC2AB";PSID="0961B4C9AB7ECE8F80F1EFC03677941C";SessionType="Crawl";CrawlType="ScriptWindowInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="89c327b2";
        X-Request-Memorid="44acc83a";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:54 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Locationhttp://zero.webappsecurity.com/login.html
        Content-Length0
        Keep-Alivetimeout=5, max=98
        ConnectionKeep-Alive
        Content-Typetext/html
        http://zero.webappsecurity.com:80/manager/httpzero.webappsecurity.com80GET/manager/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1302Found
        DateFri, 24 Feb 2023 14:01:49 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Location/manager/html
        Content-Typetext/html
        Content-Length0
        Keep-Alivetimeout=5, max=57
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/admin/httpzero.webappsecurity.com80Vulnerability10028116031HTML5: Cross-Site Scripting ProtectionEncapsulationCWE-554: ASP.NET Misconfiguration: Not Using Input Validation FrameworkHTML5: Cross-Site Scripting ProtectionCWE-1173: Improper Use of Validation FrameworkSummary
        +This header can be set to one of three possible values: 0, 1, or 1; mode=block . A value of 0 disables the protection. A value of 1 is the default behaviour in modern browsers that enables the protection in filter or replacement mode. For example, IE replaces JavaScript keywords such as <script> with <scr#pt> to render injected string ineffective. The value of 1; mode=block instructs browsers to block the response from rendering in the browser. Reports of multiple exploits that leverage false positives from default behaviour that filters or replaces JavaScript injection string within the response r eturned from server. Therefore, the current recommendation is to set the header in block mode.]]>        ImplicationExecution1.

        +By default, WebInspect flags only one instance of this vulnerability per host because it is typical to set this header at the host level in a server configuration.

        +Perform the following steps to flag all instances of this issue:
        • Create a new policy with the selection of checks that you want to include in a rescan. We recommend using the Blank or Passive policy as a base.

        • Select this check and unselect the check input, “FlagAtHost”,from standard description window.

        • Save the policy.

        • Rescan with this new custom policy.

        ]]>        Fix tag to set X-XSS-Protection with the value ‘1; mode=block’]]>Reference InfoFortify Taxonomy: Software Security Errors
        OWASP Secure Headers Project
        CWE ID 554
        Chromium Bugs]]>        Vulnerability10102101Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplication +The primary danger from an attacker finding a publicly available directory on your web application server depends on what type of directory it is, and what files it contains. Administrative directories typically contain applications capable of changing the configuration of the running software; an attacker who gains access to an administrative application can drastically affect the operation of the web site.]]>ExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Admin Home

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/admin/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="34A0263BDAF1097FE98AABBF96C88CB2";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10210";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="9969c433";
        X-Request-Memorid="ee7b7c1b";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Admin Home

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:30 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=90
        ConnectionKeep-Alive
        Content-Length6617
        /search.htmlsearchTermtextsearch-query        http://zero.webappsecurity.com:80/manager/htmlhttpzero.webappsecurity.com80GET/manager/htmlHTTP/1.1
        Refererhttp://zero.webappsecurity.com/manager/
        http://zero.webappsecurity.com:80/backup/httpzero.webappsecurity.com80Vulnerability10102111Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplication +The primary danger from an attacker finding a publicly available directory on your web application server depends on what type of directory it is, and what files it contains.]]>ExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/backup/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="B778AC58BA8FBDC0AF6F47CFA7980E12";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10211";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="87707ee9";
        X-Request-Memorid="a9f9ca6e";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:30 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=92
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/admin/index.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Admin Home

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/admin/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/admin/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="0CF01A02A1917FDBDF9FF1C597F1495C";PSID="34A0263BDAF1097FE98AABBF96C88CB2";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="f0df732f";
        X-Request-Memorid="6a50c266";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Admin Home

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:55 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=97
        ConnectionKeep-Alive
        Content-Length6617
        /search.htmlsearchTermtextsearch-query        http://zero.webappsecurity.com:80/admin/users.htmlhttpzero.webappsecurity.com80VulnerabilityCUSTOM108344Privacy Violation: Social Security NumberCWE-359: Privacy ViolationSecurity FeaturesPrivacy Violation: Social Security NumberSummary]]>ImplicationSocial Security Numbers are a highly sought out prize for attackers, and an item to which a large percentage of time would be dedicated in an effort to find. At a minimum, this can lead to theft of the victim's identity.
        ]]>        ExecutionFix
        • When sensitive data needs to be available on your web application, mask part of the data so this information is not fully disclosed.

          +Here are a few examples: +

          Social Security Numbers:
          +***-**-1234
          +123-**-**** +

        • +If presence of social security number is being reported in a JWT, please note that unless encrypted JWT tokens do not provide privacy protection. Please do include private information in JWT unless it is securely encrypted.
        ]]>        Reference Info        Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Admin - Users + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + + +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Users

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        NamePasswordSSN
        + Leeroy Jenkins + + VIZ10AWT8VL + + 536-48-3769 +
        + Stephen Bowen + + OTZ07BXM0BE + + 607-58-7435 +
        + Linus Moran + + FKO04SXA7TI + + 247-54-1719 +
        + Nero Chan + + TXJ77CQO5EI + + 578-13-3713 +
        + Kadeem Higgins + + MFC50OQE7VO + + 449-20-3206 +
        + Quinn Burks + + HWZ97ZUM3NK + + 008-70-6738 +
        + Davis Thompson + + RGD78SHB0TG + + 574-56-1932 +
        + Lester Keller + + EIJ79NLT0TP + + 330-58-4012 +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>GET/admin/usershtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/admin/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="810BCB46E8C09C737ECDC561083681F4";PSID="34A0263BDAF1097FE98AABBF96C88CB2";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2c3b90f8";
        X-Request-Memorid="21c4776b";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Admin - Users + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Users

        +
        +
        + +
        +
        + +
        + +
        +
        +
        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        NamePasswordSSN
        + Leeroy Jenkins + + VIZ10AWT8VL + + 536-48-3769 +
        + Stephen Bowen + + OTZ07BXM0BE + + 607-58-7435 +
        + Linus Moran + + FKO04SXA7TI + + 247-54-1719 +
        + Nero Chan + + TXJ77CQO5EI + + 578-13-3713 +
        + Kadeem Higgins + + MFC50OQE7VO + + 449-20-3206 +
        + Quinn Burks + + HWZ97ZUM3NK + + 008-70-6738 +
        + Davis Thompson + + RGD78SHB0TG + + 574-56-1932 +
        + Lester Keller + + EIJ79NLT0TP + + 330-58-4012 +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:56 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=95
        ConnectionKeep-Alive
        Content-Length10808
        /search.htmlsearchTermtextsearch-query
        http://zero.webappsecurity.com:80/cgi-bin/httpzero.webappsecurity.com80Vulnerability10102121Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/cgi-bin/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="9022211B0954D86BB053476EED51C521";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10212";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="e32af630";
        X-Request-Memorid="6101a75b";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:31 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=85
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/admin/currencies.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Currencies

        +
        +
        + +
        +
        + +
        + +
        +
        +
        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        IDCountryName
        AUDAustraliadollar
        CADCanadadollar
        CHFSwitzerlandfranc
        CNYChinayuan
        DKKDenmarkkrone
        EUREurozoneeuro
        GBPGreat Britainpound
        HKDHong Kongdollar
        JPYJapanyen
        MXNMexicopeso
        NOKNorwaykrone
        NZDNew Zealanddollar
        SEKSwedenkrona
        SGDSingaporedollar
        THBThailandbaht
        +
        +
        +
        + Add Currency +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/admin/currencieshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/admin/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="0CE5ABD84AD968C95357799ACE262859";PSID="34A0263BDAF1097FE98AABBF96C88CB2";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="7cfbe8f3";
        X-Request-Memorid="951479e9";sc="2";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Currencies

        +
        +
        + +
        +
        + +
        + +
        +
        +
        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        IDCountryName
        AUDAustraliadollar
        CADCanadadollar
        CHFSwitzerlandfranc
        CNYChinayuan
        DKKDenmarkkrone
        EUREurozoneeuro
        GBPGreat Britainpound
        HKDHong Kongdollar
        JPYJapanyen
        MXNMexicopeso
        NOKNorwaykrone
        NZDNew Zealanddollar
        SEKSwedenkrona
        SGDSingaporedollar
        THBThailandbaht
        +
        +
        +
        + Add Currency +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:56 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Length10584
        /search.htmlsearchTermtextsearch-query
        http://zero.webappsecurity.com:80/faq.htmlhttpzero.webappsecurity.com80 + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/faqhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/search.html?searchTerm=
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="4CAE3BF452C6150F60166D67DC3B7477";PSID="DB032FFFCF5DEA9F74F4C783FBF606D7";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="31c0d73f";
        X-Request-Memorid="5f5141aa";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:58 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=94
        ConnectionKeep-Alive
        Content-Length7794
        http://zero.webappsecurity.com:80/help.htmlhttpzero.webappsecurity.com80 + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I log into my account?

        + +
          +
        1. From the top of the home page, click the Signin button.
          2. +
        2. Then login using your username and password.
          3. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/helphtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/search.html?searchTerm=
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F748FC285B59794DBA86EDC6EE6DD62F";PSID="DB032FFFCF5DEA9F74F4C783FBF606D7";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="6fbad671";
        X-Request-Memorid="a5b5f4d4";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I log into my account?

        + +
          +
        1. From the top of the home page, click the Signin button.
          2. +
        2. Then login using your username and password.
          3. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:01:58 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=99
        ConnectionKeep-Alive
        Content-Length6225
        http://zero.webappsecurity.com:80/htbin/httpzero.webappsecurity.com80Vulnerability10102121Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/htbin/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="1323F88C4BC93247184F67ACD7643184";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10212";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="8903eb68";
        X-Request-Memorid="39560009";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:31 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=68
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/scripts/httpzero.webappsecurity.com80Vulnerability10102121Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/scripts/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="33854513922D307E0FCE829804E7ADBD";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10212";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="f2348ac8";
        X-Request-Memorid="9a29ca48";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:32 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=62
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/errors/httpzero.webappsecurity.com80Vulnerability100267462Web Server Misconfiguration: Directory ListingCWE-548: Information Leak Through Directory ListingEnvironmentWeb Server Misconfiguration: Directory ListingSummaryImplicationRisks associated with an attacker discovering a Directory Listing on your application server depend upon what type of directory is discovered, and what types of files are contained within it. The primary threat from an accessible Directory Listing is that hidden files such as data files, source code, or applications under development will then be visible to a potential attacker. In addition to accessing files containing sensitive information, other risks include an attacker utilizing the information discovered in that directory to perform other types of attacks.]]>Execution~FullURL~]]>FixFor Development:

        + +Unless you are actively involved with implementing the web application server, there is not a wide range of available solutions to prevent problems that can occur from an attacker finding a Directory Listing. Primarily, this problem will be resolved by the web application server administrator. However, there are certain actions you can take that will help to secure your web application. + +

        • Restrict access to important files or directories only to those who actually need it.
        • Ensure that files containing sensitive information are not left publicly accessible, or that comments left inside files do not reveal the locations of directories best left confidential.
        For Security Operations:

        + +One of the most important aspects of web application security is to restrict access to important files or directories only to those individuals who actually need to access them. Ensure that the private architectural structure of your web application is not exposed to anyone who wishes to view it as even seemingly innocuous directories can provide important information to a potential attacker. + +

        + +The following recommendations can help to ensure that you are not unintentionally allowing access to either information that could be utilized in conducting an attack or propriety data stored in publicly accessible directories. + +

        • Turn off the Automatic Directory Listing feature in whatever application server package that you utilize.
        • Restrict access to important files or directories only to those who actually need it.
        • Ensure that files containing sensitive information are not left publicly accessible.
        • Don't follow standard naming procedures for hidden directories. For example, don't create a hidden directory called "cgi" that contains cgi scripts. Obvious directory names are just that...readily guessed by an attacker.
        + + +Remember, the harder you make it for an attacker to access information about your web application, the more likely it is that he will simply find an easier target. + +

        For QA:

        + +For reasons of security, it is important to test the web application not only from the perspective of a normal user, but also from that of a malicious one. Whenever possible, adopt the mindset of an attacker when testing your web application for security defects. Access your web application from outside your firewall or IDS. Utilize Google or another search engine to ensure that searches for vulnerable files do not return information from regarding your web application. For example, an attacker will utilize a search engine, and search for directory listings such as the following: "index of / cgi-bin". Make sure that your directory structure is not obvious, and that only files that are necessary are capable of being accessed.]]>        Reference InfoApache:
        Security Tips for Server Configuration
        Protecting Confidential Documents at Your Site
        Securing Apache - Access Control

        IIS:
        Implementing NTFS Standard Permissions on Your Web Site

        Netscape:
        Controlling Access to Your Server

        General:
        Password-protecting web pages
        Web Security]]>        Vulnerability10102141Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>         + +Directory Listing For /errors/ + +

        Directory Listing For /errors/ - Up To /

        + + + + + + + + + +
        FilenameSizeLast Modified
           +errors.log21.1 kbSun, 19 May 2013 02:05:02 GMT
        +

        Apache Tomcat/7.0.70

        + +]]>        GET/errors/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="A5B558851726B7ABEA68BDD94B7C3FFC";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10214";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="51b7a1af";
        X-Request-Memorid="e4b8639f";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OK + +Directory Listing For /errors/ + +

        Directory Listing For /errors/ - Up To /

        + + + + + + + + + +
        FilenameSizeLast Modified
           +errors.log21.1 kbSun, 19 May 2013 02:05:02 GMT
        +

        Apache Tomcat/7.0.70

        + +]]>
        DateFri, 24 Feb 2023 14:02:33 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=UTF-8
        Content-Length1384
        Keep-Alivetimeout=5, max=53
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/errors/errors.loghttpzero.webappsecurity.com80VulnerabilityCUSTOM35081System Information Leak: Internal IPEncapsulationSystem Information Leak: Internal IPCWE-212: Improper Cross-boundary Removal of Sensitive DataSummary10.x.x.x
        172.16.x.x through 172.31.x.x
        192.168.x.x
        fd00::x
        If not a part of techical documentation, recommendations include removing the string from the production server.]]>        ImplicationExecutionFix +This issue can appear for several reasons. The most common is that the application or webserver error message discloses the IP address. This can be solved by determining where to turn off detailed error messages in the application or webserver. Another common reason is due to a comment located in the source of the webpage. This can easily be removed from the source of the page.]]>Reference Info        GET/errors/errorslogHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/errors/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="C32128A8498A56E4E6435B6994687E3A";PSID="A5B558851726B7ABEA68BDD94B7C3FFC";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="aa52f10f";
        X-Request-Memorid="cc0bba75";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK
        DateFri, 24 Feb 2023 14:02:00 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"21684-1368929102000"
        Last-ModifiedSun, 19 May 2013 02:05:02 GMT
        Content-Typetext/plain;charset=UTF-8
        Content-Length21684
        Keep-Alivetimeout=5, max=93
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/include/httpzero.webappsecurity.com80Vulnerability10102141Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/include/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="21A7FC29C31A2750DA2159C014F50A10";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10214";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="4ea8bf85";
        X-Request-Memorid="2c669cfb";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:33 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=48
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/forgot-password.htmlhttpzero.webappsecurity.com80Vulnerability11542105953Often Misused: LoginAPI AbuseOften Misused: LoginCWE-311: Missing Encryption of Sensitive DataSummaryImplicationAn attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the application developers.]]>ExecutionFixEnsure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted.]]>Reference InfoAdvisory:http://www.kb.cert.org/vuls/id/466433
        ]]>        Vulnerability1154247223Insecure TransportCWE-319: Cleartext Transmission of Sensitive InformationSecurity FeaturesInsecure TransportSummaryImplicationAn attacker who exploited this design vulnerability would be able to utilize the information to escalate their method of attack, possibly leading to impersonation of a legitimate user, the theft of proprietary data, or execution of actions not intended by the application developers.]]>ExecutionFixFor Security Operations:
        Ensure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted. +

        For Development:
        Ensure that sensitive areas of your web application have proper encryption protocols in place to prevent login information and other data that could be helpful to an attacker from being intercepted. +

        For QA:
        Test the application not only from the perspective of a normal user, but also from the perspective of a malicious one.]]>        Reference Info         + + + + Zero - Forgotten Password + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Forgotten Password

        +
        + +

        + So you forgot your password? Give us your email address and we will email it to you. +

        + +
        + +
        +
        +
        + +
        + +
        +
        +
        + +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/forgot-passwordhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/login.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="35CF74765A8B6CFE70D16739EA0E6BFF";PSID="37A656705626B4D1D64F6BFA191C2A08";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2d7b4f75";
        X-Request-Memorid="c3f6d990";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Forgotten Password + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Forgotten Password

        +
        + +

        + So you forgot your password? Give us your email address and we will email it to you. +

        + +
        + +
        +
        +
        + +
        + +
        +
        +
        + +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:00 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=98
        ConnectionKeep-Alive
        Content-Length6261
        /forgotten-password-send.htmlpostemailtextsubmitSend Passwordsubmitbtn btn-primary
        http://zero.webappsecurity.com:80/admin/currencies-add.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Add Currency

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        +
        +
        +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/admin/currencies-addhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/admin/currencies.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1196B0700885BAA2AD346331C45F4326";PSID="0CE5ABD84AD968C95357799ACE262859";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="dbff149d";
        X-Request-Memorid="757d93f5";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Add Currency

        +
        +
        + +
        +
        + +
        + +
        +
        +
        +
        +
        +
        +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:00 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=91
        ConnectionKeep-Alive
        Content-Length8576
        /search.htmlsearchTermtextsearch-query
        /admin/currencies-add.htmlpostidtextspan1countrytextspan3nametextspan3buttonelementbtn btn-primary
        http://zero.webappsecurity.com:80/faq.html?question=1httpzero.webappsecurity.com80 + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/faqhtmlHTTP/1.1question=1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question1
        Refererhttp://zero.webappsecurity.com/faq.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="BA7F9A211020B77EBF4F706FEDC87676";PSID="4CAE3BF452C6150F60166D67DC3B7477";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="f9ca5043";
        X-Request-Memorid="fa25dfb5";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:01 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=97
        ConnectionKeep-Alive
        Content-Length7794
        http://zero.webappsecurity.com:80/help.html?topic=/help/topic1.htmlhttpzero.webappsecurity.com80 + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I log into my account?

        + +
          +
        1. From the top of the home page, click the Signin button.
          2. +
        2. Then login using your username and password.
          3. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/helphtmlHTTP/1.1topic=/help/topic1.htmlCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +topic/help/topic1.html
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1CAC743626D86577D2B520A57E5A2DEB";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="643f5601";
        X-Request-Memorid="71c5fdca";sc="2";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I log into my account?

        + +
          +
        1. From the top of the home page, click the Signin button.
          2. +
        2. Then login using your username and password.
          3. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:01 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        Content-Length6225
        http://zero.webappsecurity.com:80/faq.html?question=2httpzero.webappsecurity.com80 + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/faqhtmlHTTP/1.1question=2Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question2
        Refererhttp://zero.webappsecurity.com/faq.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="DF88FB1BEECE3A4EC82F90F30D77694B";PSID="4CAE3BF452C6150F60166D67DC3B7477";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="34bf5118";
        X-Request-Memorid="7fbfcf10";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Frequently Asked Questions

        +
        +
        + +
        +
          +
        1. How can I edit my profile?
          2. +
        2. How can I review my transaction history?
          3. +
        + +
        +
        + +
        +
        +
        1
        +
        +
        +

        How can I edit my profile?

        +
        +
        +
        +
        +

        +

          +
        1. From any page, click your user name which appears at the top right corner of the site.
          2. +
        2. From the dropdown menu that displays, click My Profile.
          3. +
        3. Edit your profile.
          4. +
        +

        +
        +
        + +
        +
        +
        2
        +
        +
        +

        How can I review my transaction history?

        +
        +
        +
        +
        +

        +

          +
        1. Click Account Activity.
          2. +
        2. Click the Show Transactions tab to view your most recent transactions.
          3. +
        3. Click the Find Transactions tab to show transactions by a date range.
          4. +
        +

        +
        +
        +
        +
        + + + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:01 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=90
        ConnectionKeep-Alive
        Content-Length7794
        http://zero.webappsecurity.com:80/help.html?topic=/help/topic2.htmlhttpzero.webappsecurity.com80 + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I transfer funds?

        + +
          +
        1. From the bank home page, click Transfer Funds.
          2. +
        2. Select the account from which you want to transfer money.
          3. +
        3. Select the account to which you want transfer money.
          4. +
        4. Enter the amount and an optional description of the transaction.
          5. +
        5. Click Continue.
          6. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/helphtmlHTTP/1.1topic=/help/topic2.htmlCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +topic/help/topic2.html
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="C40B25C609070F52ADA7D215EC5634E2";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="15e90b4f";
        X-Request-Memorid="b4f4499d";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I transfer funds?

        + +
          +
        1. From the bank home page, click Transfer Funds.
          2. +
        2. Select the account from which you want to transfer money.
          3. +
        3. Select the account to which you want transfer money.
          4. +
        4. Enter the amount and an optional description of the transaction.
          5. +
        5. Click Continue.
          6. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:03 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=96
        ConnectionKeep-Alive
        Content-Length6400
        http://zero.webappsecurity.com:80/db/httpzero.webappsecurity.com80Vulnerability10102161Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/db/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="614F6FD2A3C7CDDAB64245DD5637367D";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10216";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="ffbff9d0";
        X-Request-Memorid="0826164d";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:36 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=7
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/help.html?topic=/help/topic3.htmlhttpzero.webappsecurity.com80 + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I pay bills?

        + +
          +
        1. From the bank home page, click Pay Bills.
          2. +
        2. Select an existing payee from the first dropdown menu.
          3. +
        3. Select the account from which you want to pull funds.
          4. +
        4. Enter the amount and click the Pay button.
          5. +
        5. Add a new payee to pay the bill.
          6. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/helphtmlHTTP/1.1topic=/help/topic3.htmlCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +topic/help/topic3.html
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="30D83AD431798BFB2FC60F60280D4E62";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="ebdebe46";
        X-Request-Memorid="c9b14494";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +

        Help Topics

        +
        +
        + +
        +
        +
          +
        1. + How do I log into my account? +
          2. +
        2. + How do I transfer funds? +
          3. +
        3. + How do I pay bills? +
          4. +
        +
        +
        +

        How do I pay bills?

        + +
          +
        1. From the bank home page, click Pay Bills.
          2. +
        2. Select an existing payee from the first dropdown menu.
          3. +
        3. Select the account from which you want to pull funds.
          4. +
        4. Enter the amount and click the Pay button.
          5. +
        5. Add a new payee to pay the bill.
          6. +
        +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:03 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=89
        ConnectionKeep-Alive
        Content-Length6383
        http://zero.webappsecurity.com:80/help/topic1.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/help/topic1htmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="76C05FF2850163DF8A030C8FCA407955";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="Url";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="bef5ad01";
        X-Request-Memorid="df9675e1";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:03 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length949
        Keep-Alivetimeout=5, max=99
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/help/topic2.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/help/topic2htmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="4A37D1425DEC8479045AEA68D05A0151";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="Url";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="eee62afb";
        X-Request-Memorid="10cffff9";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:03 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length949
        Keep-Alivetimeout=5, max=98
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/help/topic3.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/help/topic3htmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/help.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="74261380C63EF9725705B45CF66DBCBE";PSID="F748FC285B59794DBA86EDC6EE6DD62F";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="Url";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="4071de18";
        X-Request-Memorid="d550321d";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:04 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length949
        Keep-Alivetimeout=5, max=97
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/resources/js/jquery-1.6.4.min.jshttpzero.webappsecurity.com80").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
        a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="
        ",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="
        t
        ",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g0)for(h=g;h0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b
        ";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window);]]>        GET/resources/js/jquery-1.6.4.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/feedback.html
        Hostzero.webappsecurity.com
        Accept*/*
        Accept-Languageen-US,en;q=0.5
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoScriptEngine="Gecko";Category="Crawl";SID="991B71BDF13A5A3607070F31401F18FA";PSID="EA0F5B4A7B2D5822D3AE6FEB6AC0B160";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";tht="21";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="8e3a7a08";
        X-Request-Memorid="97178094";sc="1";thid="116";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
        a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="
        ",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="
        t
        ",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g0)for(h=g;h0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b
        ";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window);]]>
        DateFri, 24 Feb 2023 14:02:00 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"91678-1358437290000"
        Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
        Cache-Controlmax-age=2419200
        ExpiresFri, 24 Mar 2023 14:02:00 GMT
        Content-Typeapplication/javascript;charset=UTF-8
        Content-Length91678
        Keep-Alivetimeout=5, max=100
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/forgotten-password-send.htmlhttpzero.webappsecurity.com80 + + + + Zero - Forgotten Password + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Forgotten Password

        +
        + + Your password will be sent to the following email: +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        POST/forgotten-password-sendhtmlHTTP/1.1email=&submit=Send%20PasswordCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/forgot-password.html
        Content-Typeapplication/x-www-form-urlencoded
        Content-Length29
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="4C2520861538E5DDAD96B772C11C64CE";PSID="35CF74765A8B6CFE70D16739EA0E6BFF";SessionType="Crawl";CrawlType="Form";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="ebae2288";
        X-Request-Memorid="9da53718";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Forgotten Password + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Forgotten Password

        +
        + + Your password will be sent to the following email: +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:04 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=95
        ConnectionKeep-Alive
        Content-Length5383
        http://zero.webappsecurity.com:80/sendFeedback.htmlhttpzero.webappsecurity.com80Best Practices1154655970Privacy Violation: AutocompleteCWE-525: Information Exposure Through Browser CachingSecurity FeaturesPrivacy Violation: AutocompleteSummaryImplicationExecutionFixReference InfoMicrosoft:
        Autocomplete Security]]>         + + + + Zero - Contact Us + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +
        +

        Feedback

        +
        + + Thank you for your comments, . + They will be reviewed by our Customer Service staff and given the full attention that they deserve. +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        POST/sendFeedbackhtmlHTTP/1.1name=&email=&subject=&comment=&submit=Send%20MessageCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/feedback.html
        Content-Typeapplication/x-www-form-urlencoded
        Content-Length52
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1E1A427DDBB6C302DBD4E0669437E99B";PSID="EA0F5B4A7B2D5822D3AE6FEB6AC0B160";SessionType="Crawl";CrawlType="Form";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="38092aaf";
        X-Request-Memorid="58849a2a";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Contact Us + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +
        +

        Feedback

        +
        + + Thank you for your comments, . + They will be reviewed by our Customer Service staff and given the full attention that they deserve. +
        +
        + + +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:04 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=88
        ConnectionKeep-Alive
        Content-Length6657
        /search.htmlsearchTermtextsearch-query
        http://zero.webappsecurity.com:80/forgotten-password-send.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 405 - Request method 'GET' not supported

        type Status report

        message Request method 'GET' not supported

        description The specified HTTP method is not allowed for the requested resource.

        Apache Tomcat/7.0.70

        ]]>        GET/forgotten-password-sendhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/forgot-password.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="5AA2C0D465CC907233DF3DDA52702BC9";PSID="35CF74765A8B6CFE70D16739EA0E6BFF";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="FormAction";Locations="HtmlNode";NodeName="form";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="675fd42e";
        X-Request-Memorid="af5987ad";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1405Method Not AllowedApache Tomcat/7.0.70 - Error report

        HTTP Status 405 - Request method 'GET' not supported

        type Status report

        message Request method 'GET' not supported

        description The specified HTTP method is not allowed for the requested resource.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:04 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        AllowPOST
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1045
        Keep-Alivetimeout=5, max=96
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/sendFeedback.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 405 - Request method 'GET' not supported

        type Status report

        message Request method 'GET' not supported

        description The specified HTTP method is not allowed for the requested resource.

        Apache Tomcat/7.0.70

        ]]>        GET/sendFeedbackhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/feedback.html
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="231CCF294707A09E1F5A412FDBE92672";PSID="EA0F5B4A7B2D5822D3AE6FEB6AC0B160";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="FormAction";Locations="HtmlNode";NodeName="form";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="12261179";
        X-Request-Memorid="87cca573";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1405Method Not AllowedApache Tomcat/7.0.70 - Error report

        HTTP Status 405 - Request method 'GET' not supported

        type Status report

        message Request method 'GET' not supported

        description The specified HTTP method is not allowed for the requested resource.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:05 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        AllowPOST
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1045
        Keep-Alivetimeout=5, max=95
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/admin/currencies-add.htmlhttpzero.webappsecurity.com80 + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Add Currency

        +
        +
        + +
        +
        + +
        + +
        +
        + + The new currency was successfully created. +
        +
        +
        +
        +
        +
        +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        POST/admin/currencies-addhtmlHTTP/1.1id=&country=&name=Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/admin/currencies-add.html
        Content-Typeapplication/x-www-form-urlencoded
        Content-Length18
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="D8EBBC93BA90F2118C90A54C0B7E00F7";PSID="1196B0700885BAA2AD346331C45F4326";SessionType="Crawl";CrawlType="Form";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="action";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="c75abea3";
        X-Request-Memorid="3a080554";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OK + + + + Zero - Admin - Currencies + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank + +
        +
          +
        • + +
          +
          • +
        • + +
          • +
        +
        +
        +
        +
        + + + +
        +
        + +
        +
        +

        Add Currency

        +
        +
        + +
        +
        + +
        + +
        +
        + + The new currency was successfully created. +
        +
        +
        +
        +
        +
        +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        + +
        + + +
        + +
        +
        +
        +
        +
        +
        +
        + +
        +
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:05 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Keep-Alivetimeout=5, max=94
        ConnectionKeep-Alive
        Content-Length8815
        /search.htmlsearchTermtextsearch-query
        /admin/currencies-add.htmlpostidtextspan1countrytextspan3nametextspan3buttonelementbtn btn-primary
        http://zero.webappsecurity.com:80/testing/httpzero.webappsecurity.com80Vulnerability10102171Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplication +An attacker may use the internal information obtained from the source code files to craft a precise attack against the web application. Such attacks can include, but are not limited to, SQL injection, remote file system access, malware injection and database manipulation.]]>ExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, remove all source code repositories and files from the production server and do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoIIS Authentication
        IIS Authentication

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro

        SVN
        Serving websites from SVN checkout considered harmful

        Subversion or CVS metadata exposure
        Subversion or CVS metadata exposure

        ]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/testing/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="FADBAC60EC4B63B1EAA304E5A6A46681";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10217";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="17";stmi="0";sc="1";rid="4b91e5e1";
        X-Request-Memorid="7023aac0";sc="1";thid="28";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:38 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=76
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/httpzero.webappsecurity.com80Vulnerability10102181Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>        GET/docs/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="E6C8F4B19B0B19458326A26516DB27A6";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10218";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="46303d0c";
        X-Request-Memorid="a20f9c7f";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1200OKApache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>
        DateFri, 24 Feb 2023 14:02:39 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"19368-1466008846000"
        Last-ModifiedWed, 15 Jun 2016 16:40:46 GMT
        Content-Typetext/html
        Content-Length19368
        Keep-Alivetimeout=5, max=74
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/index.htmlhttpzero.webappsecurity.com80Apache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>        GET/docs/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="573735B2D53FA55711F88310A54DF608";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="3d34b293";
        X-Request-Memorid="27ba8c86";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OKApache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"19368-1466008846000"
        Last-ModifiedWed, 15 Jun 2016 16:40:46 GMT
        Content-Typetext/html
        Content-Length19368
        Keep-Alivetimeout=5, max=94
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/httpzero.webappsecurity.com80Apache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>        GET/docs/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F123B9A3291354F97AC6F79540B0A325";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Qualified";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="1ab3fefc";
        X-Request-Memorid="e137c28e";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1200OKApache Tomcat 7 (7.0.70) - Documentation Index
        + The Apache Tomcat Servlet/JSP Container +

        Apache Tomcat 7

        Version 7.0.70, Jun 15 2016        		Apache Logo

        Links

        User Guide

        Reference

        Apache Tomcat Development

        Documentation Index

        Introduction
        + +

        This is the top-level entry point of the documentation bundle for the +Apache Tomcat Servlet/JSP container. Apache Tomcat version 7.0 +implements the Servlet 3.0 and JavaServer Pages 2.2 +specifications from the +Java Community Process, and includes many +additional features that make it a useful platform for developing and deploying +web applications and web services.

        + +

        Select one of the links from the navigation menu (to the left) to drill +down to the more detailed documentation that is available. Each available +manual is described in more detail below.

        + +
        Apache Tomcat User Guide
        + +

        The following documents will assist you in downloading, installing +Apache Tomcat 7, and using many of the Apache Tomcat features.

        + +
          +
        1. Introduction - A + brief, high level, overview of Apache Tomcat.
          2. +
        2. Setup - How to install and run + Apache Tomcat on a variety of platforms.
          3. +
        3. First web application + - An introduction to the concepts of a web application as defined + in the Servlet Specification. Covers basic organization of your web application + source tree, the structure of a web application archive, and an + introduction to the web application deployment descriptor + (/WEB-INF/web.xml).
          4. +
        4. Deployer - + Operating the Apache Tomcat Deployer to deploy, precompile, and validate web + applications.
          5. +
        5. Manager - + Operating the Manager web app to deploy, undeploy, and + redeploy applications while Apache Tomcat is running.
          6. +
        6. Realms and Access Control + - Description of how to configure Realms (databases of users, + passwords, and their associated roles) for use in web applications that + utilize Container Managed Security.
          7. +
        7. Security Manager + - Configuring and using a Java Security Manager to + support fine-grained control over the behavior of your web applications. +
          8. +
        8. JNDI Resources + - Configuring standard and custom resources in the JNDI naming context + that is provided to each web application.
          9. +
        9. + JDBC DataSource + - Configuring a JNDI DataSource with a DB connection pool. + Examples for many popular databases.
          10. +
        10. Classloading + - Information about class loading in Apache Tomcat, including where to place + your application classes so that they are visible.
          11. +
        11. JSPs + - Information about Jasper configuration, as well as the JSP compiler + usage.
          12. +
        12. SSL/TLS - + Installing and configuring SSL/TLS support so that your Apache Tomcat will + serve requests using the https protocol.
          13. +
        13. SSI - + Using Server Side Includes in Apache Tomcat.
          14. +
        14. CGI - + Using CGIs with Apache Tomcat.
          15. +
        15. Proxy Support - + Configuring Apache Tomcat to run behind a proxy server (or a web server + functioning as a proxy server).
          16. +
        16. MBean Descriptor - + Configuring MBean descriptors files for custom components.
          17. +
        17. Default Servlet - + Configuring the default servlet and customizing directory listings.
          18. +
        18. Apache Tomcat Clustering - + Enable session replication in a Apache Tomcat environment.
          19. +
        19. Balancer - + Configuring, using, and extending the load balancer application.
          20. +
        20. Connectors - + Connectors available in Apache Tomcat, and native web server integration.
          21. +
        21. Monitoring and Management - + Enabling JMX Remote support, and using tools to monitor and manage Apache Tomcat.
          22. +
        22. Logging - + Configuring logging in Apache Tomcat.
          23. +
        23. Apache Portable Runtime - + Using APR to provide superior performance, scalability and better + integration with native server technologies.
          24. +
        24. Virtual Hosting - + Configuring virtual hosting in Apache Tomcat.
          25. +
        25. Advanced IO - + Extensions available over regular, blocking IO.
          26. +
        26. Additional Components - + Obtaining additional, optional components.
          27. +
        27. Using Tomcat libraries with Maven - + Obtaining Tomcat jars through Maven.
          28. +
        28. Security Considerations - + Options to consider when securing an Apache Tomcat installation.
          29. +
        29. Windows Service - + Running Tomcat as a service on Microsoft Windows.
          30. +
        30. Windows Authentication - + Configuring Tomcat to use integrated Windows authentication.
          31. +
        31. High Concurrency JDBC Pool - + Configuring Tomcat to use an alternative JDBC pool.
          32. +
        32. WebSocket support - + Developing WebSocket applications for Apache Tomcat.
          33. + +
        + +
        Reference
        + +

        The following documents are aimed at System Administrators who +are responsible for installing, configuring, and operating an Apache Tomcat server. +

        + + +
        Apache Tomcat Developers
        + +

        The following documents are for Java developers who wish to contribute to +the development of the Apache Tomcat project.

        +
          +
        • Building from Source - + Details the steps necessary to download Apache Tomcat source code (and the + other packages that it depends on), and build a binary distribution from + those sources. +
          • +
        • Changelog - Details the + changes made to Apache Tomcat. +
          • +
        • Status - + Apache Tomcat development status. +
          • +
        • Developers - List of active + Apache Tomcat contributors. +
          • +
        • Functional Specifications + - Requirements specifications for features of the Catalina servlet + container portion of Apache Tomcat.
          • +
        • Javadocs + - Javadoc API documentation for Apache Tomcat's internals.
          • +
        • Apache Tomcat Architecture + - Documentation of the Apache Tomcat Server Architecture.
          • +
        + +
        Comments

        Notice: This comments section collects your suggestions + on improving documentation for Apache Tomcat.

        + If you have trouble and need help, read + Find Help page + and ask your question on the tomcat-users + mailing list. + Do not ask such questions here. This is not a Q&A section.

        + The Apache Comments System is explained here. + Comments may be removed by our moderators if they are either + implemented or considered invalid/off-topic.

        + Copyright © 1999-2016, Apache Software Foundation +
        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Accept-Rangesbytes
        ETagW/"19368-1466008846000"
        Last-ModifiedWed, 15 Jun 2016 16:40:46 GMT
        Content-Typetext/html
        Content-Length19368
        Keep-Alivetimeout=5, max=92
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/introduction.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/introduction.html

        type Status report

        message /docs/introduction.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/introductionhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="6D01280B916C9837C579F275B8EC4032";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="c7f5b02f";
        X-Request-Memorid="269eeac5";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/introduction.html

        type Status report

        message /docs/introduction.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=87
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/setup.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/setup.html

        type Status report

        message /docs/setup.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/setuphtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="78FB38A8ACEF0C9A4046CDBADE8ACEE3";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="ec3d2ea8";
        X-Request-Memorid="a5c172a9";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/setup.html

        type Status report

        message /docs/setup.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length981
        Keep-Alivetimeout=5, max=86
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/appdev/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/appdev/index.html

        type Status report

        message /docs/appdev/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/appdev/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="16A0FCA95F27748B361F869AE08E40BF";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="725c5732";
        X-Request-Memorid="815cbb6d";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/appdev/index.html

        type Status report

        message /docs/appdev/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=85
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/deployer-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/deployer-howto.html

        type Status report

        message /docs/deployer-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/deployer-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="48C82F48DD82EF6E5105744BCCACB14E";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="16fe8d94";
        X-Request-Memorid="4716e75e";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/deployer-howto.html

        type Status report

        message /docs/deployer-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:07 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length999
        Keep-Alivetimeout=5, max=84
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/manager-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/manager-howto.html

        type Status report

        message /docs/manager-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/manager-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="112FD5EEB1B0EC04177727EFB7E63F42";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="dbcecbbb";
        X-Request-Memorid="155eb6c6";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/manager-howto.html

        type Status report

        message /docs/manager-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:08 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length997
        Keep-Alivetimeout=5, max=83
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/realm-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/realm-howto.html

        type Status report

        message /docs/realm-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/realm-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1ECABF8131D9FB74C4F25E6F3BB95533";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="a62e6fbf";
        X-Request-Memorid="ed6b6ceb";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/realm-howto.html

        type Status report

        message /docs/realm-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:08 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length993
        Keep-Alivetimeout=5, max=82
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/security-manager-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/security-manager-howto.html

        type Status report

        message /docs/security-manager-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/security-manager-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="7E424F7BB5A58C5B289CFF0AA76BF8D9";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="b1e516da";
        X-Request-Memorid="ba57bf36";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/security-manager-howto.html

        type Status report

        message /docs/security-manager-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:08 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1015
        Keep-Alivetimeout=5, max=81
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/jndi-resources-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jndi-resources-howto.html

        type Status report

        message /docs/jndi-resources-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/jndi-resources-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="EF663CAB9167C2DE0B4DFF2BE490C612";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="a2b06176";
        X-Request-Memorid="a3fa2bb4";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jndi-resources-howto.html

        type Status report

        message /docs/jndi-resources-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:08 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1011
        Keep-Alivetimeout=5, max=80
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/jndi-datasource-examples-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jndi-datasource-examples-howto.html

        type Status report

        message /docs/jndi-datasource-examples-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/jndi-datasource-examples-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="4005A3D0BF6D3E8BFED6DB64AB0C2F8D";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="ec20e1d2";
        X-Request-Memorid="756d857e";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jndi-datasource-examples-howto.html

        type Status report

        message /docs/jndi-datasource-examples-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:08 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1031
        Keep-Alivetimeout=5, max=79
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/class-loader-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/class-loader-howto.html

        type Status report

        message /docs/class-loader-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/class-loader-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="3F9DBBAE2124F08F05A08341DB70E15C";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2b5dcc98";
        X-Request-Memorid="3836c5b1";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/class-loader-howto.html

        type Status report

        message /docs/class-loader-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1007
        Keep-Alivetimeout=5, max=90
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/jasper-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jasper-howto.html

        type Status report

        message /docs/jasper-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/jasper-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="C33DFBBAD4C4088E60F854AC44EDE617";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="b7bdae8e";
        X-Request-Memorid="9720bf26";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jasper-howto.html

        type Status report

        message /docs/jasper-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=92
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/ssl-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/ssl-howto.html

        type Status report

        message /docs/ssl-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/ssl-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="6C5A14E2FD330A1E50DE39A279EC7702";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="0495ff2d";
        X-Request-Memorid="7ae95118";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/ssl-howto.html

        type Status report

        message /docs/ssl-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=78
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/ssi-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/ssi-howto.html

        type Status report

        message /docs/ssi-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/ssi-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="CB04B081478DF74AFDD0F66123F0F73B";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="1d797945";
        X-Request-Memorid="4fe2ffd9";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/ssi-howto.html

        type Status report

        message /docs/ssi-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=91
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/proxy-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/proxy-howto.html

        type Status report

        message /docs/proxy-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/proxy-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="CAC7E3C5E42D4EED80EA957FD760A860";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="8ee0f669";
        X-Request-Memorid="53e2d6c3";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/proxy-howto.html

        type Status report

        message /docs/proxy-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length993
        Keep-Alivetimeout=5, max=89
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/mbeans-descriptor-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/mbeans-descriptor-howto.html

        type Status report

        message /docs/mbeans-descriptor-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/mbeans-descriptor-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="883533A1AF3CC43BF686559EF38ED559";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="316819b0";
        X-Request-Memorid="542cb33a";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/mbeans-descriptor-howto.html

        type Status report

        message /docs/mbeans-descriptor-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1017
        Keep-Alivetimeout=5, max=77
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/default-servlet.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/default-servlet.html

        type Status report

        message /docs/default-servlet.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/default-servlethtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="196E583DD828BFA743BE2FFD9D82BAF9";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="0c439790";
        X-Request-Memorid="e1bf364a";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/default-servlet.html

        type Status report

        message /docs/default-servlet.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1001
        Keep-Alivetimeout=5, max=90
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/cluster-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/cluster-howto.html

        type Status report

        message /docs/cluster-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/cluster-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="9099B5738BA56B5A5A2C4CBE80AD5F64";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="aaa8bb16";
        X-Request-Memorid="f2a0fe37";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/cluster-howto.html

        type Status report

        message /docs/cluster-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length997
        Keep-Alivetimeout=5, max=88
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/balancer-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/balancer-howto.html

        type Status report

        message /docs/balancer-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/balancer-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="5A3F9778F9B4AA2EA73C801D70ED9312";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="f4b5d168";
        X-Request-Memorid="1f4f212e";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/balancer-howto.html

        type Status report

        message /docs/balancer-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length999
        Keep-Alivetimeout=5, max=76
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/connectors.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/connectors.html

        type Status report

        message /docs/connectors.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/connectorshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F645970E5D94370DB55FF4BF58FBF8ED";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="35d2818e";
        X-Request-Memorid="3a7ecd10";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/connectors.html

        type Status report

        message /docs/connectors.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length991
        Keep-Alivetimeout=5, max=89
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/monitoring.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/monitoring.html

        type Status report

        message /docs/monitoring.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/monitoringhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="9F4C1B8B0854C98B23B22FEFF5F16E61";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="aee734ed";
        X-Request-Memorid="75e9e558";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/monitoring.html

        type Status report

        message /docs/monitoring.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length991
        Keep-Alivetimeout=5, max=87
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/logging.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/logging.html

        type Status report

        message /docs/logging.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/logginghtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="B03E0419F5D635D0EAC6624B1D254B23";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="3173147f";
        X-Request-Memorid="98b1c43d";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/logging.html

        type Status report

        message /docs/logging.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length985
        Keep-Alivetimeout=5, max=75
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/apr.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/apr.html

        type Status report

        message /docs/apr.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/aprhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F078E0032F5F3268159A88B62D6B9D04";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="6c9e9639";
        X-Request-Memorid="87653b7c";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/apr.html

        type Status report

        message /docs/apr.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length977
        Keep-Alivetimeout=5, max=88
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/virtual-hosting-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/virtual-hosting-howto.html

        type Status report

        message /docs/virtual-hosting-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/virtual-hosting-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="3789B0DC3DE1119CE46D7BC7A2B69DBC";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="71488d9a";
        X-Request-Memorid="5df7f02f";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/virtual-hosting-howto.html

        type Status report

        message /docs/virtual-hosting-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1013
        Keep-Alivetimeout=5, max=86
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/aio.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/aio.html

        type Status report

        message /docs/aio.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/aiohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="6F131EFFACB7568CD46EEBF5D7A36259";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="66b12bf5";
        X-Request-Memorid="b9b4b30a";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/aio.html

        type Status report

        message /docs/aio.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length977
        Keep-Alivetimeout=5, max=74
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/extras.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/extras.html

        type Status report

        message /docs/extras.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/extrashtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1B9B32B12B84477923B5AB9212A429C9";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="e7e44896";
        X-Request-Memorid="8c59af4d";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/extras.html

        type Status report

        message /docs/extras.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length983
        Keep-Alivetimeout=5, max=87
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/cgi-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/cgi-howto.html

        type Status report

        message /docs/cgi-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/cgi-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="E01DF8FF8FF9692D55E8768F41AC3F14";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="bd3f1b5a";
        X-Request-Memorid="b305bd0c";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/cgi-howto.html

        type Status report

        message /docs/cgi-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=85
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/security-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/security-howto.html

        type Status report

        message /docs/security-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/security-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1F194499C7D4146D9EC2FB6CA4EFA71D";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="74cc00e8";
        X-Request-Memorid="a3ea7e52";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/security-howto.html

        type Status report

        message /docs/security-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length999
        Keep-Alivetimeout=5, max=73
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/maven-jars.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/maven-jars.html

        type Status report

        message /docs/maven-jars.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/maven-jarshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F1CFEAE3757BB658B51C6113CCDB4AB2";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2c3c9e7b";
        X-Request-Memorid="969c32b7";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/maven-jars.html

        type Status report

        message /docs/maven-jars.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length991
        Keep-Alivetimeout=5, max=84
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/windows-service-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/windows-service-howto.html

        type Status report

        message /docs/windows-service-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/windows-service-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="9BD235AA424324B5BDC5899093604D45";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="340f31b6";
        X-Request-Memorid="6a2d6912";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/windows-service-howto.html

        type Status report

        message /docs/windows-service-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1013
        Keep-Alivetimeout=5, max=86
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/windows-auth-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/windows-auth-howto.html

        type Status report

        message /docs/windows-auth-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/windows-auth-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="FF70A74D422C22B72591B6C68DE7DBA3";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="88bb70f6";
        X-Request-Memorid="901ff834";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/windows-auth-howto.html

        type Status report

        message /docs/windows-auth-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1007
        Keep-Alivetimeout=5, max=72
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/account/httpzero.webappsecurity.com80Vulnerability10028109321Web Server Misconfiguration: Server Error MessageEnvironmentWeb Server Misconfiguration: Server Error MessageCWE-550: Information Exposure Through Server Error MessageSummaryImplicationThe server has issued a 500 error response. While the body content of the error page may not expose any information about the technical error, the fact that an error occurred is confirmed by the 500 status code. Knowing whether certain inputs trigger a server error can aid or inform an attacker of potential vulnerabilities.]]>ExecutionFixFor Security Operations:

        + Server error messages, such as "File Protected Against Access", often reveal more information than intended. For instance, an attacker who receives this message can be relatively certain that file exists, which might give him the information he needs to pursue other leads, or to perform an actual exploit. The following recommendations will help to ensure that a potential attacker is not deriving valuable information from any server error message that is presented.
        • Uniform Error Codes: Ensure that you are not inadvertently supplying information to an attacker via the use of inconsistent or "conflicting" error messages. For instance, don't reveal unintended information by utilizing error messages such as Access Denied, which will also let an attacker know that the file he seeks actually exists. Have consistent terminology for files and folders that do exist, do not exist, and which have read access denied.
        • Informational Error Messages: Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, row and column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information as possible, and then add pieces of seemingly innocuous information together to craft a method of attack.
        • Proper Error Handling: Utilize generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be utilized by an attacker when orchestrating an attack.

        Removing Detailed Error Messages

        + +Find instructions for turning off detailed error messaging in IIS at this link:

        http://support.microsoft.com/kb/294807

        For Development:

        + From a development perspective, the best method of preventing problems from arising from server error messages is to adopt secure programming techniques that prevent problems that might arise from an attacker discovering too much information about the architecture and design of your web application. The following recommendations can be used as a basis for that.
        • Stringently define the data type (for instance, a string, an alphanumeric character, etc) that the application will accept.
        • Use what is good instead of what is bad. Validate input for improper characters.
        • Do not display error messages to the end user that provide information (such as table names) that could be utilized in orchestrating an attack.
        • Define the allowed set of characters. For instance, if a field is to receive a number, only let that field accept numbers.
        • Define the maximum and minimum data lengths for what the application will accept.
        • Specify acceptable numeric ranges for input.



        For QA:
        + +The best course of action for QA associates to take is to ensure that the error handling scheme is consistent. Do you receive a different type of error for a file that does not exist as opposed to a file that does? Are phrases like "Permission Denied" utilized which could reveal the existence of a file to an attacker? Inconsistent methods of dealing with errors gives an attacker a very powerful way of gathering information about your web application.]]>        Reference InfoApache:
        Security Tips for Server Configuration
        Protecting Confidential Documents at Your Site
        Securing Apache - Access Control

        Microsoft:
        How to set required NTFS permissions and user rights for an IIS 5.0 Web server
        Default permissions and user rights for IIS 6.0
        Description of Microsoft Internet Information Services (IIS) 5.0 and 6.0 status codes]]>        Vulnerability100267424Poor Error Handling: Unhandled ExceptionCWE-209: Information Exposure Through an Error MessageErrorsPoor Error Handling: Unhandled ExceptionSummary
        Description

        + + +The most common cause of an unhandled exception is a failure to properly sanitize client-supplied data that is used in SQL statements. They can also be caused by a bug in the web application's database communication code, a misconfiguration of database connection settings, an unavailable database, or any other reason that would cause the application's database driver to be unable to establish a working session with the server. The problem is not that web applications generate errors. All web applications in their normal course of operation will at some point receive an unhandled exception. The problem lies not in that these errors were received, but rather in how they are handled. Any error handling solution needs to be well-designed, and uniform in how it handles errors. For instance, assume an attacker is attempting to access a specific file. If the request returns an error File not Found, the attacker can be relatively sure the file does not exist. However, if the error returns "Permission Denied," the attacker has a fairly good idea that the specific file does exist. This can be helpful to an attacker in many ways, from determining the operating system to discovering the underlying architecture and design of the application. + +

        + +The error message may also contain the location of the file that contains the offending function. This may disclose the webroot's absolute path as well as give the attacker the location of application "include" files or database configuration information. A fundamental necessity for a successful attack upon your web application is reconnaissance. Database server error messages can provide information that can then be utilized when the attacker is formulating his next method of attack. It may even disclose the portion of code that failed. + +

        + +Be aware that this check is part of unknown application testing which seeks to uncover new vulnerabilities in both custom and commercial software. Because of this, there are no specific patches or remediation information for this issue. Please note that this vulnerability may be a false positive if the page it is flagged on is technical documentation relating to a database server. + +]]>        ImplicationThe severity of this vulnerability depends on the reason that the error message was generated. In most cases, it will be the result of the web application + +attempting to use an invalid client-supplied argument in a SQL statement, which means that SQL injection will be possible. If so, an attacker will at least be able to read the contents of the entire database arbitrarily. Depending on the database server and the SQL statement, deleting, updating and adding records and executing arbitrary commands may also be possible. If a software bug or bug is responsible for triggering the error, the potential impact will vary, depending on the + +circumstances. + +The location of the application that caused the error can be useful in facilitating other kinds of attacks. If the file is a hidden or include file, the attacker may be able to gain more information about the mechanics of the web application, possibly even the source code. Application source code is likely to contain usernames, passwords, database connection strings and aids the attacker greatly in discovering new vulnerabilities.]]>Execution +The information gleaned from database server error messages allows an attacker to conduct a successful attack after he combines his various findings. You can verify the database error response is highlighted in response tab. The ways in which an attacker can exploit the conditions that caused the error depend on its cause. In the case of SQL injection, the techniques that are used will vary from database server to database server, and even query to query. An overview SQL Injection attacks is available in the SQL Injection vulnerability information, accessible via the Policy Manager.]]>FixFor Development:

        +From a development perspective, the best method of preventing problems from arising from database error messages is to adopt secure programming techniques that prevent problems that might arise from an attacker discovering too much information about the architecture and design of your web application. The following recommendations can be used as a basis for that. + + +
        • +Stringently define the data type (for instance, a string, an alphanumeric character, etc) that the application will accept.
        • Use what is good instead of what is bad. Validate input for improper characters.
        • Do not display error messages to the end user that provide information (such as table names) that could be utilized in orchestrating an attack.
        • Define the allowed set of characters. For instance, if a field is to receive a number, only let that field accept numbers.
        • Define the maximum and minimum data lengths for what the application will accept.
        • Specify acceptable numeric ranges for input.
        For Security Operations:

        +The following recommendations will help in implementing a secure database protocol for your web application. Be advised each database has its own method of +secure lock down.

        • ODBC Error Messaging: Turn off ODBC error messaging in your database server. Never display raw ODBC or other errors to the end user. See Removing Detailed Error Messages below, or consult your database server's documentation, for more information. + + +

        • Uniform Error Codes: Ensure that you are not inadvertently supplying information to an attacker via the use of inconsistent or "conflicting" error +messages. For instance, don't reveal unintended information by utilizing error messages such as Access Denied, which will also let an attacker know that the file +he seeks actually exists. Have consistent terminology for files and folders that do exist, do not exist, and which have read access denied.

        • Informational Error Messages: Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, +row and column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information +as possible, and then add pieces of seemingly innocuous information together to craft a method of attack.

        • Proper Error Handling: Utilize generic error pages and error handling logic to inform end users of potential problems. Do not provide system +information or other data that could be utilized by an attacker when orchestrating an attack.

        • Stored Procedures: Consider using stored procedures. They require a very specific parameter format, which makes them less susceptible to SQL Injection +attacks.

        • Database Privileges: Utilize a least-privileges scheme for the database application. Ensure that user accounts only have the limited functionality +that is actually required. All database mechanisms should deny access until it has been granted, not grant access until it has been denied.



        For QA:

        + +In reality, simple testing can usually determine how your web application will react to different input errors. More expansive testing must be conducted to cause internal errors to gauge the reaction of the site. If the unhandled exception occurs in a piece of in-house developed software, consult the developer. If it is in a commercial package, contact technical support.

        + + +The best course of action for QA associates to take is to ensure that the error handling scheme is consistent. Do you receive a different type of error for a file that does not exist as opposed to a file that does? Are phrases like "Permission Denied" utilized which could reveal the existence of a file to an attacker?]]>        Reference InfoApache:
        Apache HTTP Server Version 1.3 Custom Error Responses
        Apache HTTP Server Version 2.0 Custom Error Responses

        Microsoft:
        Description of Microsoft Internet Information Services (IIS) 5.0 and 6.0 status codes
        SQL Injection]]>         + + + + Zero - Error + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Error

        +
        + + Exception: + 
        +                org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [SELECT * FROM accounts WHERE id = index]; nested exception is java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: INDEX
+	at org.springframework.jdbc.support.SQLExceptionSubclassTranslator.doTranslate(SQLExceptionSubclassTranslator.java:95)
+	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72)
+	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
+	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:407)
+	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:456)
+	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:464)
+	at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:472)
+	at com.hp.webinspect.zero.dao.impl.AccountDaoImpl.get(AccountDaoImpl.java:36)
+	at com.hp.webinspect.zero.service.impl.AccountServiceImpl.get(AccountServiceImpl.java:38)
+	at com.hp.webinspect.zero.web.controller.MobileApiController.findAccountById(MobileApiController.java:55)
+	at sun.reflect.GeneratedMethodAccessor152.invoke(Unknown Source)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
+	at java.lang.reflect.Method.invoke(Unknown Source)
+	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
+	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
+	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
+	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
+	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
+	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
+	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
+	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
+	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
+	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
+	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
+	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at com.hp.webinspect.zero.web.NoCacheFilter.doFilter(NoCacheFilter.java:26)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at com.hp.webinspect.zero.web.FakeCommonFoldersEmulator.doFilter(FakeCommonFoldersEmulator.java:39)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:399)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
+	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
+	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
+	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
+	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
+	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
+	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
+	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
+	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
+	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
+	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
+	at java.lang.Thread.run(Unknown Source)
+Caused by: java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: INDEX
+	at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
+	at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
+	at org.hsqldb.jdbc.JDBCStatement.fetchResult(Unknown Source)
+	at org.hsqldb.jdbc.JDBCStatement.executeQuery(Unknown Source)
+	at com.jolbox.bonecp.StatementHandle.executeQuery(StatementHandle.java:503)
+	at org.springframework.jdbc.core.JdbcTemplate$1QueryStatementCallback.doInStatement(JdbcTemplate.java:441)
+	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:396)
+	... 79 more
+Caused by: org.hsqldb.HsqlException: user lacks privilege or object not found: INDEX
+	at org.hsqldb.error.Error.error(Unknown Source)
+	at org.hsqldb.error.Error.error(Unknown Source)
+	at org.hsqldb.ExpressionColumn.checkColumnsResolved(Unknown Source)
+	at org.hsqldb.QueryExpression.resolve(Unknown Source)
+	at org.hsqldb.ParserDQL.compileCursorSpecification(Unknown Source)
+	at org.hsqldb.ParserCommand.compilePart(Unknown Source)
+	at org.hsqldb.ParserCommand.compileStatements(Unknown Source)
+	at org.hsqldb.Session.executeDirectStatement(Unknown Source)
+	at org.hsqldb.Session.execute(Unknown Source)
+	... 84 more
+
+
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>        GET/account/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="AF6243F39D8130C35BA56E1EF0D92171";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10220";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="7dfff476";
        X-Request-Memorid="2f862788";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1500Internal Server Error + + + + Zero - Error + + + + + + + + + + + + + + + +
        +
        +
        +
        + Zero Bank +
        +
        +
        + +
        +
        + +
        +
        +
        +

        Error

        +
        + + Exception: + 
        +                org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [SELECT * FROM accounts WHERE id = index]; nested exception is java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: INDEX
+	at org.springframework.jdbc.support.SQLExceptionSubclassTranslator.doTranslate(SQLExceptionSubclassTranslator.java:95)
+	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72)
+	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
+	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:407)
+	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:456)
+	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:464)
+	at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:472)
+	at com.hp.webinspect.zero.dao.impl.AccountDaoImpl.get(AccountDaoImpl.java:36)
+	at com.hp.webinspect.zero.service.impl.AccountServiceImpl.get(AccountServiceImpl.java:38)
+	at com.hp.webinspect.zero.web.controller.MobileApiController.findAccountById(MobileApiController.java:55)
+	at sun.reflect.GeneratedMethodAccessor152.invoke(Unknown Source)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
+	at java.lang.reflect.Method.invoke(Unknown Source)
+	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
+	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
+	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
+	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
+	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
+	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
+	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
+	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
+	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
+	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
+	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
+	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
+	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at com.hp.webinspect.zero.web.NoCacheFilter.doFilter(NoCacheFilter.java:26)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at com.hp.webinspect.zero.web.FakeCommonFoldersEmulator.doFilter(FakeCommonFoldersEmulator.java:39)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:399)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
+	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
+	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
+	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
+	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
+	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
+	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
+	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
+	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
+	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
+	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
+	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
+	at java.lang.Thread.run(Unknown Source)
+Caused by: java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: INDEX
+	at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
+	at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
+	at org.hsqldb.jdbc.JDBCStatement.fetchResult(Unknown Source)
+	at org.hsqldb.jdbc.JDBCStatement.executeQuery(Unknown Source)
+	at com.jolbox.bonecp.StatementHandle.executeQuery(StatementHandle.java:503)
+	at org.springframework.jdbc.core.JdbcTemplate$1QueryStatementCallback.doInStatement(JdbcTemplate.java:441)
+	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:396)
+	... 79 more
+Caused by: org.hsqldb.HsqlException: user lacks privilege or object not found: INDEX
+	at org.hsqldb.error.Error.error(Unknown Source)
+	at org.hsqldb.error.Error.error(Unknown Source)
+	at org.hsqldb.ExpressionColumn.checkColumnsResolved(Unknown Source)
+	at org.hsqldb.QueryExpression.resolve(Unknown Source)
+	at org.hsqldb.ParserDQL.compileCursorSpecification(Unknown Source)
+	at org.hsqldb.ParserCommand.compilePart(Unknown Source)
+	at org.hsqldb.ParserCommand.compileStatements(Unknown Source)
+	at org.hsqldb.Session.executeDirectStatement(Unknown Source)
+	at org.hsqldb.Session.execute(Unknown Source)
+	... 84 more
+
+
        +
        +
        +
        +
        + +
        +
        + +
        +
        +
        +
        +
        +
          +
        • Download WebInspect
          • +
        +
        + +
        +
          +
        • Terms of Use
          • +
        +
        + +
        +
          +
        • Contact Micro Focus
          • +
        • Privacy Statement
          • + +
        +
        +
        + +
        +
        + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

        + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
        +
        +
        +
        +
        + + + + +]]>
        DateFri, 24 Feb 2023 14:02:06 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Cache-Controlno-cache, max-age=0, must-revalidate, no-store
        Content-Typetext/html;charset=UTF-8
        Content-Languageen-US
        Connectionclose
        Content-Length15205
        http://zero.webappsecurity.com:80/docs/jdbc-pool.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jdbc-pool.html

        type Status report

        message /docs/jdbc-pool.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/jdbc-poolhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="B7C608376C8C177B18E312A69B9A902D";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="a55d9e3e";
        X-Request-Memorid="10fbdd65";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jdbc-pool.html

        type Status report

        message /docs/jdbc-pool.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=83
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/web-socket-howto.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/web-socket-howto.html

        type Status report

        message /docs/web-socket-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/web-socket-howtohtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="5A98767C08BA6936D21681BA4745B24F";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="068ec142";
        X-Request-Memorid="9a7e344e";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/web-socket-howto.html

        type Status report

        message /docs/web-socket-howto.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:09 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1003
        Keep-Alivetimeout=5, max=85
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/RELEASE-NOTES.txthttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/RELEASE-NOTES.txt

        type Status report

        message /docs/RELEASE-NOTES.txt

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/RELEASE-NOTEStxtHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="EC10F5A5F43AF973F01DA76A23D1DF1C";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="53ad78fa";
        X-Request-Memorid="5c5eb7c3";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/RELEASE-NOTES.txt

        type Status report

        message /docs/RELEASE-NOTES.txt

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=71
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/config/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/config/index.html

        type Status report

        message /docs/config/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/config/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="7E09004C87348100F227487435CD3213";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="8b6220af";
        X-Request-Memorid="ab5bede8";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/config/index.html

        type Status report

        message /docs/config/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=82
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/api/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/api/index.html

        type Status report

        message /docs/api/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/api/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="1B53504FE25C2CF2D3F3EE454E68D7B2";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="da8fcc43";
        X-Request-Memorid="939cf29f";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/api/index.html

        type Status report

        message /docs/api/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=84
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/servletapi/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/servletapi/index.html

        type Status report

        message /docs/servletapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/servletapi/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="9A374CF6133C82D2A83C2624AADBEB16";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2ae47506";
        X-Request-Memorid="f9ec02bc";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/servletapi/index.html

        type Status report

        message /docs/servletapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1003
        Keep-Alivetimeout=5, max=70
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/jspapi/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jspapi/index.html

        type Status report

        message /docs/jspapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/jspapi/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="2972AA34C8A6AF245A423BC19C9CD9CE";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="b72120ba";
        X-Request-Memorid="ac6a8990";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/jspapi/index.html

        type Status report

        message /docs/jspapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length995
        Keep-Alivetimeout=5, max=81
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/elapi/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/elapi/index.html

        type Status report

        message /docs/elapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/elapi/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="82703ED3FF1FE7EB55F9833C68BD9964";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="c7fa5490";
        X-Request-Memorid="e12f23b6";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/elapi/index.html

        type Status report

        message /docs/elapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length993
        Keep-Alivetimeout=5, max=83
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/websocketapi/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/websocketapi/index.html

        type Status report

        message /docs/websocketapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/websocketapi/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="5BE22692ADEF2CF19E101E8F2AE21ECC";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9f6701e5";
        X-Request-Memorid="43b3ad39";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/websocketapi/index.html

        type Status report

        message /docs/websocketapi/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1007
        Keep-Alivetimeout=5, max=69
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/building.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/building.html

        type Status report

        message /docs/building.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/buildinghtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="92BF4760E2D0FDCA4ABB18FC0B743B5E";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9a9255b0";
        X-Request-Memorid="73f2839d";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/building.html

        type Status report

        message /docs/building.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length987
        Keep-Alivetimeout=5, max=80
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/changelog.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/changelog.html

        type Status report

        message /docs/changelog.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/changeloghtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="F3D4D3DB0835679411A7D304D23D3F25";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="7a6ab3f1";
        X-Request-Memorid="2dccaa14";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/changelog.html

        type Status report

        message /docs/changelog.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length989
        Keep-Alivetimeout=5, max=82
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/developers.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/developers.html

        type Status report

        message /docs/developers.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/developershtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="A9172DFB7BAE07E94F02CEB658411C99";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9936d982";
        X-Request-Memorid="7010311b";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/developers.html

        type Status report

        message /docs/developers.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length991
        Keep-Alivetimeout=5, max=68
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/docs/architecture/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/architecture/index.html

        type Status report

        message /docs/architecture/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/architecture/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="629E4A1BA8397C370A60A994699A4485";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="094969db";
        X-Request-Memorid="40bb1de5";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/architecture/index.html

        type Status report

        message /docs/architecture/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1007
        Keep-Alivetimeout=5, max=79
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/funcspecs/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/funcspecs/index.html

        type Status report

        message /docs/funcspecs/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/funcspecs/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="9ED4F10AC6184B9298A6A51C297C202A";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="3caad35d";
        X-Request-Memorid="b8e205c3";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/funcspecs/index.html

        type Status report

        message /docs/funcspecs/index.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1001
        Keep-Alivetimeout=5, max=81
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/tribes/introduction.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/tribes/introduction.html

        type Status report

        message /docs/tribes/introduction.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/tribes/introductionhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="CD5E19BE8CC24688BC7308F171997466";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="NonRooted";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="e4d82fa4";
        X-Request-Memorid="0ffed06a";sc="1";thid="25";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/tribes/introduction.html

        type Status report

        message /docs/tribes/introduction.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length1009
        Keep-Alivetimeout=5, max=67
        ConnectionKeep-Alive
        http://zero.webappsecurity.com:80/docs/comments.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/comments.html

        type Status report

        message /docs/comments.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/docs/commentshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="DCC23128C8FA6A6E59DDBCB085171AB4";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";Source="ScriptExecution";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9f8554c7";
        X-Request-Memorid="20f171cd";sc="1";thid="24";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 - /docs/comments.html

        type Status report

        message /docs/comments.html

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length987
        Keep-Alivetimeout=5, max=78
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/WEB-INF/web.xmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>        GET/WEB-INF/webxmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
        Refererhttp://zero.webappsecurity.com/docs/
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Crawl";SID="EEF86296A9D0EEB61B67BFBD84892FD2";PSID="E6C8F4B19B0B19458326A26516DB27A6";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="li";Source="StaticParser";tht="31";
        X-RequestManager-Memostid="11";stmi="0";sc="1";rid="9e46b51e";
        X-Request-Memorid="d523e17b";sc="1";thid="26";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445        HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

        HTTP Status 404 -

        type Status report

        message

        description The requested resource is not available.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:10 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length949
        Keep-Alivetimeout=5, max=80
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/error_log/httpzero.webappsecurity.com80Vulnerability10102291Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/error_log/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="53F0466A1821B9F49B63E982EC853A6A";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10229";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="b44b5bae";
        X-Request-Memorid="271414e9";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:50 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=30
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/stats/httpzero.webappsecurity.com80Vulnerability10102291Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/stats/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="D8BED92C1A2769DC42F6C481D02C9536";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10229";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="8222ed20";
        X-Request-Memorid="c64cd30b";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:02:51 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=15
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http://zero.webappsecurity.com:80/user/httpzero.webappsecurity.com80Vulnerability10102331Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
        +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

        For Development:
        +This problem will be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

        For QA:
        +This problem will be resolved by the web application server administrator.]]>        Reference InfoImplementing Basic Authentication in IIS
        http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

        Implementing Basic Authentication in Apache
        http://httpd.apache.org/docs/howto/auth.html#intro]]>        Apache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>        GET/user/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
        Refererhttp://zero.webappsecurity.com/resources/js/bootstrap.min.js
        Accept*/*
        Accept-Encodinggzip, deflate
        Pragmano-cache
        User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
        Hostzero.webappsecurity.com
        ConnectionKeep-Alive
        X-WIPPAscVersion=22.2.0.253
        X-Scan-MemoCategory="Audit.Attack";SID="706A0A37A7BAC70974BCF84004DFAB30";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10233";Engine="Directory+Enumeration";SmartMode="4";tht="11";
        X-RequestManager-Memostid="15";stmi="0";sc="1";rid="1b36e37b";
        X-Request-Memorid="d65f739b";sc="1";thid="27";
        CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0        HTTP/1.1403ForbiddenApache Tomcat/7.0.70 - Error report

        HTTP Status 403 -

        type Status report

        message

        description Access to the specified resource has been forbidden.

        Apache Tomcat/7.0.70

        ]]>
        DateFri, 24 Feb 2023 14:03:00 GMT
        ServerApache-Coyote/1.1
        Access-Control-Allow-Origin*
        Content-Typetext/html;charset=utf-8
        Content-Languageen
        Content-Length961
        Keep-Alivetimeout=5, max=53
        ConnectionKeep-Alive
        X-Padavoid browser bug
        http%3a%2f%2fzero.webappsecurity.com%3a80%2fresources%2fjs%2fbootstrap.min.js%08HTTP%2f1.1%2f..%2f..%2fbootstrap.min.jshttpzero.webappsecurity.com80ControCharsVulnerabilityCUSTOM116992Path Manipulation: Special CharactersCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Input Validation and RepresentationPath Manipulation: Special CharactersSummaryImplicationExecution/secret is not allowed.
        When an attacker sends the following request http://example.com/secret0x09HTTP/1.1/../../public
        , the proxy normalizes the URL to http://example.com/public, which is allowed access. The proxy then forwards the original request to the backend Gunicorn application. The backend application considers the 0x09 character as a separator between the URL path and HTTP protocol version. The application therefore believes that the user is trying to access http://example.com/secret and returns the content of the endpoint /secret to the attacker.
        In the current scan, user can request the URL HTTP/1.1/../../ to check if could be allowed to be inserted in the URL path. If the remote server respond with same page as requesting the original URL, then the control character is allowed to be inserted in the URL path. This example shows that an attacker can bypass authentication or achieve other successful attacks by manipulating the control characters in the URL path.]]>        FixFor example, the following configuration could be added into nginx.conf file to forbid control character 0x09.
        if ($request_uri ~* .*[\x09]+.*) {return 435;}
        It is also accepted if add similar access control policy in the firewall which is deployed before the backend application server.]]>        Reference InfoDisabled control characters in URIs.
        CHYbeta/OddProxyDemo]]>        R0VUIC9yZXNvdXJjZXMvanMvYm9vdHN0cmFwLm1pbi5qcwhIVFRQLzEuMS8uLi8uLi9ib290c3RyYXAubWluLmpzIEhUVFAvMS4xDQpSZWZlcmVyOiBodHRwOi8vemVyby53ZWJhcHBzZWN1cml0eS5jb20vDQpIb3N0OiB6ZXJvLndlYmFwcHNlY3VyaXR5LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6OTguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85OC4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpYLVdJUFA6IEFzY1ZlcnNpb249MjIuMi4wLjI1Mw0KWC1TY2FuLU1lbW86IENhdGVnb3J5PSJBdWRpdC5BdHRhY2siO1NJRD0iQTZFRjM1MDJCOTVEREYyQzI0RENBNTgwMTVBNTYxRTkiO1BTSUQ9IkMyRTNFQTc2MjBGNEEyOUYxMURCQUMyQjg3N0REODUwIjtTZXNzaW9uVHlwZT0iQXVkaXRBdHRhY2siO0NyYXdsVHlwZT0iTm9uZSI7QXR0YWNrVHlwZT0iSGVhZGVyUGFyYW1NYW5pcHVsYXRpb24iO09yaWdpbmF0aW5nRW5naW5lSUQ9IjhlNzM5ZTg2LTU0MjUtNDcxMS1iNzhmLTA3ZDExMzcwMjU3MyI7QXR0YWNrU2VxdWVuY2U9IjAiO0F0dGFja1BhcmFtRGVzYz0iQ29udHJvQ2hhcnMiO0F0dGFja1BhcmFtSW5kZXg9IjAiO0F0dGFja1BhcmFtU3ViSW5kZXg9IjAiO0NoZWNrSWQ9IjExNjk5IjtFbmdpbmU9IkNvbnRyb2wrQ2hhcnMrRGV0ZWN0aW9uIjtTbWFydE1vZGU9IjQiO3RodD0iNDAiOw0KWC1SZXF1ZXN0TWFuYWdlci1NZW1vOiBzdGlkPSIxNSI7c3RtaT0iMCI7c2M9IjEiO3JpZD0iODYwNmQ2OTkiOw0KWC1SZXF1ZXN0LU1lbW86IHJpZD0iOTQ0MWYyNWUiO3NjPSIxIjt0aGlkPSIyNyI7DQpDb29raWU6IEN1c3RvbUNvb2tpZT1XZWJJbnNwZWN0MTgxMzM4WlhCOTg0RDA0NjJFQjM0M0FFODU5OEE0RkZCMTE2RkE5M1lGRkYwDQoNCg==').appendTo(document.body),this.$backdrop.click(this.options.backdrop=="static"?a.proxy(this.$element[0].focus,this.$element[0]):a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(this.removeBackdrop,this)):this.removeBackdrop()):b&&b()}};var c=a.fn.modal;a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=a.extend({},a.fn.modal.defaults,d.data(),typeof c=="object"&&c);e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():f.show&&e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f).one("hide",function(){c.focus()})})}(window.jQuery),!function(a){function d(){a(b).each(function(){e(a(this)).removeClass("open")})}function e(b){var c=b.attr("data-target"),d;return c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,"")),d=a(c),d.length||(d=b.parent()),d}var b="[data-toggle=dropdown]",c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),f,g;if(c.is(".disabled, :disabled"))return;return f=e(c),g=f.hasClass("open"),d(),g||f.toggleClass("open"),c.focus(),!1},keydown:function(b){var c,d,f,g,h,i;if(!/(38|40|27)/.test(b.keyCode))return;c=a(this),b.preventDefault(),b.stopPropagation();if(c.is(".disabled, :disabled"))return;g=e(c),h=g.hasClass("open");if(!h||h&&b.keyCode==27)return c.click();d=a("[role=menu] li:not(.divider):visible a",g);if(!d.length)return;i=d.index(d.filter(":focus")),b.keyCode==38&&i>0&&i--,b.keyCode==40&&i a",this.$body=a("body"),this.refresh(),this.process()}b.prototype={constructor:b,refresh:function(){var b=this,c;this.offsets=a([]),this.targets=a([]),c=this.$body.find(this.selector).map(function(){var c=a(this),d=c.data("target")||c.attr("href"),e=/^#\w/.test(d)&&a(d);return e&&e.length&&[[e.position().top+b.$scrollElement.scrollTop(),d]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,c=b-this.$scrollElement.height(),d=this.offsets,e=this.targets,f=this.activeTarget,g;if(a>=c)return f!=(g=e.last()[0])&&this.activate(g);for(g=d.length;g--;)f!=e[g]&&a>=d[g]&&(!d[g+1]||a<=d[g+1])&&this.activate(e[g])},activate:function(b){var c,d;this.activeTarget=b,a(this.selector).parent(".active").removeClass("active"),d=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',c=a(d).parent("li").addClass("active"),c.parent(".dropdown-menu").length&&(c=c.closest("li.dropdown").addClass("active")),c.trigger("activate")}};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f,g;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active:last a")[0],g=a.Event("show",{relatedTarget:e}),b.trigger(g);if(g.isDefaultPrevented())return;f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),!function(a){var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger=="click"?this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this)):this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f+"."+this.type,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);if(!c.options.delay||!c.options.delay.show)return c.show();clearTimeout(this.timeout),c.hoverState="in",this.timeout=setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show)},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!c.options.delay||!c.options.delay.hide)return c.hide();c.hoverState="out",this.timeout=setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide)},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.detach().css({top:0,left:0,display:"block"}).insertAfter(this.$element),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.offset(g).addClass(f).addClass("in")}},setContent:function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).detach()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.detach()})}var b=this,c=this.tip();return c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.detach(),this},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);c[c.tip().hasClass("in")?"hide":"show"]()},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'
        ',trigger:"hover",title:"",delay:0,html:!1},a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),!function(a){var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}});var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",trigger:"click",content:"",template:'

        '}),a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),!function(a){var b=function(b,c){this.options=a.extend({},a.fn.affix.defaults,c),this.$window=a(window).on("scroll.affix.data-api",a.proxy(this.checkPosition,this)).on("click.affix.data-api",a.proxy(function(){setTimeout(a.proxy(this.checkPosition,this),1)},this)),this.$element=a(b),this.checkPosition()};b.prototype.checkPosition=function(){if(!this.$element.is(":visible"))return;var b=a(document).height(),c=this.$window.scrollTop(),d=this.$element.offset(),e=this.options.offset,f=e.bottom,g=e.top,h="affix affix-top affix-bottom",i;typeof e!="object"&&(f=g=e),typeof g=="function"&&(g=e.top()),typeof f=="function"&&(f=e.bottom()),i=this.unpin!=null&&c+this.unpin<=d.top?!1:f!=null&&d.top+this.$element.height()>=b-f?"bottom":g!=null&&c<=g?"top":!1;if(this.affixed===i)return;this.affixed=i,this.unpin=i=="bottom"?d.top-c:null,this.$element.removeClass(h).addClass("affix"+(i?"-"+i:""))};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("affix"),f=typeof c=="object"&&c;e||d.data("affix",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.defaults={offset:0},a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery),!function(a){var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed").remove()}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.alert.data-api",b,c.prototype.close)}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle")})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b,c,d,e;if(this.transitioning)return;b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find("> .accordion-group > .in");if(d&&d.length){e=d.data("collapse");if(e&&e.transitioning)return;d.collapse("hide"),e||d.data("collapse",null)}this.$element[b](0),this.transition("addClass",a.Event("show"),"shown"),a.support.transition&&this.$element[b](this.$element[0][c])},hide:function(){var b;if(this.transitioning)return;b=this.dimension(),this.reset(this.$element[b]()),this.transition("removeClass",a.Event("hide"),"hidden"),this.$element[b](0)},reset:function(a){var b=this.dimension();return this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element[a!==null?"addClass":"removeClass"]("collapse"),this},transition:function(b,c,d){var e=this,f=function(){c.type=="show"&&e.reset(),e.transitioning=0,e.$element.trigger(d)};this.$element.trigger(c);if(c.isDefaultPrevented())return;this.transitioning=1,this.$element[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();c[a(e).hasClass("in")?"addClass":"removeClass"]("collapsed"),a(e).collapse(f)})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=c,this.options.pause=="hover"&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.prototype={cycle:function(b){return b||(this.paused=!1),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},to:function(b){var c=this.$element.find(".item.active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle()),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this,j;this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h](),j=a.Event("slide",{relatedTarget:e[0]});if(e.hasClass("active"))return;if(a.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(j);if(j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})}else{this.$element.trigger(j);if(j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=a.extend({},a.fn.carousel.defaults,typeof c=="object"&&c),g=typeof c=="string"?c:f.slide;e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):g?e[g]():f.interval&&e.cycle()})},a.fn.carousel.defaults={interval:5e3,pause:"hover"},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.source=this.options.source,this.$menu=a(this.options.menu),this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(a)).change(),this.hide()},updater:function(a){return a},show:function(){var b=a.extend({},this.$element.position(),{height:this.$element[0].offsetHeight});return this.$menu.insertAfter(this.$element).css({top:b.top+b.height,left:b.left}).show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c;return this.query=this.$element.val(),!this.query||this.query.length"+b+""})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),this.eventSupported("keydown")&&this.$element.on("keydown",a.proxy(this.keydown,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},eventSupported:function(a){var b=a in this.$element;return b||(this.$element.setAttribute(a,"return;"),b=typeof this.$element[a]=="function"),b},move:function(a){if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:a.preventDefault(),this.prev();break;case 40:a.preventDefault(),this.next()}a.stopPropagation()},keydown:function(b){this.suppressKeyPressRepeat=~a.inArray(b.keyCode,[40,38,9,13,27]),this.move(b)},keypress:function(a){if(this.suppressKeyPressRepeat)return;this.move(a)},keyup:function(a){switch(a.keyCode){case 40:case 38:case 16:case 17:case 18:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}a.stopPropagation(),a.preventDefault()},blur:function(a){var b=this;setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}};var c=a.fn.typeahead;a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'
          ',item:'
          • ',minLength:1},a.fn.typeahead.Constructor=b,a.fn.typeahead.noConflict=function(){return a.fn.typeahead=c,this},a(document).on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})}(window.jQuery)]]>          GET%2fresources%2fjs%2fbootstrap.min.js%08HTTP%2f1.1%2f..%2f..%2fbootstrap.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
          Refererhttp://zero.webappsecurity.com/
          Hostzero.webappsecurity.com
          Accept*/*
          Accept-Languageen-US,en;q=0.5
          Accept-Encodinggzip, deflate
          Pragmano-cache
          User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
          ConnectionKeep-Alive
          X-WIPPAscVersion=22.2.0.253
          X-Scan-MemoCategory="Audit.Attack";SID="A6EF3502B95DDF2C24DCA58015A561E9";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="HeaderParamManipulation";OriginatingEngineID="8e739e86-5425-4711-b78f-07d113702573";AttackSequence="0";AttackParamDesc="ControChars";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11699";Engine="Control+Chars+Detection";SmartMode="4";tht="40";
          X-RequestManager-Memostid="15";stmi="0";sc="1";rid="8606d699";
          X-Request-Memorid="9441f25e";sc="1";thid="27";
          CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0          HTTP/1.1200OK').appendTo(document.body),this.$backdrop.click(this.options.backdrop=="static"?a.proxy(this.$element[0].focus,this.$element[0]):a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(this.removeBackdrop,this)):this.removeBackdrop()):b&&b()}};var c=a.fn.modal;a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=a.extend({},a.fn.modal.defaults,d.data(),typeof c=="object"&&c);e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():f.show&&e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0,show:!0},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f).one("hide",function(){c.focus()})})}(window.jQuery),!function(a){function d(){a(b).each(function(){e(a(this)).removeClass("open")})}function e(b){var c=b.attr("data-target"),d;return c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,"")),d=a(c),d.length||(d=b.parent()),d}var b="[data-toggle=dropdown]",c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),f,g;if(c.is(".disabled, :disabled"))return;return f=e(c),g=f.hasClass("open"),d(),g||f.toggleClass("open"),c.focus(),!1},keydown:function(b){var c,d,f,g,h,i;if(!/(38|40|27)/.test(b.keyCode))return;c=a(this),b.preventDefault(),b.stopPropagation();if(c.is(".disabled, :disabled"))return;g=e(c),h=g.hasClass("open");if(!h||h&&b.keyCode==27)return c.click();d=a("[role=menu] li:not(.divider):visible a",g);if(!d.length)return;i=d.index(d.filter(":focus")),b.keyCode==38&&i>0&&i--,b.keyCode==40&&i a",this.$body=a("body"),this.refresh(),this.process()}b.prototype={constructor:b,refresh:function(){var b=this,c;this.offsets=a([]),this.targets=a([]),c=this.$body.find(this.selector).map(function(){var c=a(this),d=c.data("target")||c.attr("href"),e=/^#\w/.test(d)&&a(d);return e&&e.length&&[[e.position().top+b.$scrollElement.scrollTop(),d]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,c=b-this.$scrollElement.height(),d=this.offsets,e=this.targets,f=this.activeTarget,g;if(a>=c)return f!=(g=e.last()[0])&&this.activate(g);for(g=d.length;g--;)f!=e[g]&&a>=d[g]&&(!d[g+1]||a<=d[g+1])&&this.activate(e[g])},activate:function(b){var c,d;this.activeTarget=b,a(this.selector).parent(".active").removeClass("active"),d=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',c=a(d).parent("li").addClass("active"),c.parent(".dropdown-menu").length&&(c=c.closest("li.dropdown").addClass("active")),c.trigger("activate")}};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f,g;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active:last a")[0],g=a.Event("show",{relatedTarget:e}),b.trigger(g);if(g.isDefaultPrevented())return;f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),!function(a){var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger=="click"?this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this)):this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f+"."+this.type,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);if(!c.options.delay||!c.options.delay.show)return c.show();clearTimeout(this.timeout),c.hoverState="in",this.timeout=setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show)},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);this.timeout&&clearTimeout(this.timeout);if(!c.options.delay||!c.options.delay.hide)return c.hide();c.hoverState="out",this.timeout=setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide)},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.detach().css({top:0,left:0,display:"block"}).insertAfter(this.$element),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.offset(g).addClass(f).addClass("in")}},setContent:function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).detach()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.detach()})}var b=this,c=this.tip();return c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.detach(),this},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);c[c.tip().hasClass("in")?"hide":"show"]()},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,placement:"top",selector:!1,template:'
          ',trigger:"hover",title:"",delay:0,html:!1},a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),!function(a){var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip},destroy:function(){this.hide().$element.off("."+this.type).removeData(this.type)}});var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",trigger:"click",content:"",template:'

          '}),a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),!function(a){var b=function(b,c){this.options=a.extend({},a.fn.affix.defaults,c),this.$window=a(window).on("scroll.affix.data-api",a.proxy(this.checkPosition,this)).on("click.affix.data-api",a.proxy(function(){setTimeout(a.proxy(this.checkPosition,this),1)},this)),this.$element=a(b),this.checkPosition()};b.prototype.checkPosition=function(){if(!this.$element.is(":visible"))return;var b=a(document).height(),c=this.$window.scrollTop(),d=this.$element.offset(),e=this.options.offset,f=e.bottom,g=e.top,h="affix affix-top affix-bottom",i;typeof e!="object"&&(f=g=e),typeof g=="function"&&(g=e.top()),typeof f=="function"&&(f=e.bottom()),i=this.unpin!=null&&c+this.unpin<=d.top?!1:f!=null&&d.top+this.$element.height()>=b-f?"bottom":g!=null&&c<=g?"top":!1;if(this.affixed===i)return;this.affixed=i,this.unpin=i=="bottom"?d.top-c:null,this.$element.removeClass(h).addClass("affix"+(i?"-"+i:""))};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("affix"),f=typeof c=="object"&&c;e||d.data("affix",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.defaults={offset:0},a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery),!function(a){var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function f(){e.trigger("closed").remove()}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.trigger(b=a.Event("close"));if(b.isDefaultPrevented())return;e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.alert.data-api",b,c.prototype.close)}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle")})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b,c,d,e;if(this.transitioning)return;b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find("> .accordion-group > .in");if(d&&d.length){e=d.data("collapse");if(e&&e.transitioning)return;d.collapse("hide"),e||d.data("collapse",null)}this.$element[b](0),this.transition("addClass",a.Event("show"),"shown"),a.support.transition&&this.$element[b](this.$element[0][c])},hide:function(){var b;if(this.transitioning)return;b=this.dimension(),this.reset(this.$element[b]()),this.transition("removeClass",a.Event("hide"),"hidden"),this.$element[b](0)},reset:function(a){var b=this.dimension();return this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element[a!==null?"addClass":"removeClass"]("collapse"),this},transition:function(b,c,d){var e=this,f=function(){c.type=="show"&&e.reset(),e.transitioning=0,e.$element.trigger(d)};this.$element.trigger(c);if(c.isDefaultPrevented())return;this.transitioning=1,this.$element[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();c[a(e).hasClass("in")?"addClass":"removeClass"]("collapsed"),a(e).collapse(f)})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=c,this.options.pause=="hover"&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.prototype={cycle:function(b){return b||(this.paused=!1),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},to:function(b){var c=this.$element.find(".item.active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle()),clearInterval(this.interval),this.interval=null,this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this,j;this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h](),j=a.Event("slide",{relatedTarget:e[0]});if(e.hasClass("active"))return;if(a.support.transition&&this.$element.hasClass("slide")){this.$element.trigger(j);if(j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})}else{this.$element.trigger(j);if(j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=a.extend({},a.fn.carousel.defaults,typeof c=="object"&&c),g=typeof c=="string"?c:f.slide;e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):g?e[g]():f.interval&&e.cycle()})},a.fn.carousel.defaults={interval:5e3,pause:"hover"},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})}(window.jQuery),!function(a){var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.updater=this.options.updater||this.updater,this.source=this.options.source,this.$menu=a(this.options.menu),this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(this.updater(a)).change(),this.hide()},updater:function(a){return a},show:function(){var b=a.extend({},this.$element.position(),{height:this.$element[0].offsetHeight});return this.$menu.insertAfter(this.$element).css({top:b.top+b.height,left:b.left}).show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c;return this.query=this.$element.val(),!this.query||this.query.length"+b+""})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),this.eventSupported("keydown")&&this.$element.on("keydown",a.proxy(this.keydown,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},eventSupported:function(a){var b=a in this.$element;return b||(this.$element.setAttribute(a,"return;"),b=typeof this.$element[a]=="function"),b},move:function(a){if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:a.preventDefault(),this.prev();break;case 40:a.preventDefault(),this.next()}a.stopPropagation()},keydown:function(b){this.suppressKeyPressRepeat=~a.inArray(b.keyCode,[40,38,9,13,27]),this.move(b)},keypress:function(a){if(this.suppressKeyPressRepeat)return;this.move(a)},keyup:function(a){switch(a.keyCode){case 40:case 38:case 16:case 17:case 18:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:if(!this.shown)return;this.hide();break;default:this.lookup()}a.stopPropagation(),a.preventDefault()},blur:function(a){var b=this;setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}};var c=a.fn.typeahead;a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'
            ',item:'
            • ',minLength:1},a.fn.typeahead.Constructor=b,a.fn.typeahead.noConflict=function(){return a.fn.typeahead=c,this},a(document).on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})}(window.jQuery)]]>
            DateFri, 24 Feb 2023 14:03:17 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Accept-Rangesbytes
            ETagW/"26898-1358437290000"
            Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
            Cache-Controlmax-age=2419200
            ExpiresFri, 24 Mar 2023 14:03:17 GMT
            Content-Typeapplication/javascript;charset=UTF-8
            Content-Length26898
            Keep-Alivetimeout=5, max=100
            ConnectionKeep-Alive
            http://zero.webappsecurity.com:80/httpzero.webappsecurity.com80Info10028102820Web Server Misconfiguration: OPTIONS HTTP MethodCWE-200: Information ExposureEnvironmentWeb Server Misconfiguration: OPTIONS HTTP MethodSummaryImplicationExecutionFixReference InfoRFC 2616 Section 9: HTTP Methods:
            http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html


            Apache:
            Apache HTTP Server Version 2.0
            Apache HTTP Server Version 1.3

            Microsoft:
            UrlScan Security Tool
            How to configure the URLScan Tool
            Setting Application Mappings in IIS 6.0
            ]]>            OPTIONS/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Audit.Attack";SID="019E0BC6606F7C718056D826444AD32A";PSID="C2E3EA7620F4A29F11DBAC2B877DD850";SessionType="AuditAttack";CrawlType="None";AttackType="None";OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10282";Engine="Request+Modify";SmartMode="4";tht="11";
            X-RequestManager-Memostid="15";stmi="0";sc="1";rid="894e01b7";
            X-Request-Memorid="7679c114";sc="1";thid="27";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0            HTTP/1.1200OK
            DateFri, 24 Feb 2023 14:03:19 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Cache-Controlno-cache, max-age=0, must-revalidate, no-store
            AllowGET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
            Content-Length0
            Keep-Alivetimeout=5, max=77
            ConnectionKeep-Alive
            Content-Typetext/plain
            http://zero.webappsecurity.com:80/httpzero.webappsecurity.com80objectIds]]>POST/HTTP/1.1<?xml version="1.0"?><methodCall><methodName>objectIds</methodName><params /></methodCall>objectIds]]>objectIds]]>Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
            Refererhttp://zero.webappsecurity.com/
            Hostzero.webappsecurity.com
            Accept*/*
            Accept-Languageen-US,en;q=0.5
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Content-Typetext/xml
            Content-Length90
            ConnectionKeep-Alive
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC            HTTP/1.1302Found
            DateFri, 24 Feb 2023 14:03:25 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Cache-Controlno-cache, max-age=0, must-revalidate, no-store
            Locationindex.html
            Content-Languageen-US
            Content-Length0
            Keep-Alivetimeout=5, max=32
            ConnectionKeep-Alive
            Content-Typetext/plain
            http://zero.webappsecurity.com:80/<script>alert('TRACK');</script>httpzero.webappsecurity.com80Vulnerability10028109321Web Server Misconfiguration: Server Error MessageEnvironmentWeb Server Misconfiguration: Server Error MessageCWE-550: Information Exposure Through Server Error MessageSummaryImplicationThe server has issued a 500 error response. While the body content of the error page may not expose any information about the technical error, the fact that an error occurred is confirmed by the 500 status code. Knowing whether certain inputs trigger a server error can aid or inform an attacker of potential vulnerabilities.]]>ExecutionFixFor Security Operations:

            + Server error messages, such as "File Protected Against Access", often reveal more information than intended. For instance, an attacker who receives this message can be relatively certain that file exists, which might give him the information he needs to pursue other leads, or to perform an actual exploit. The following recommendations will help to ensure that a potential attacker is not deriving valuable information from any server error message that is presented.
            • Uniform Error Codes: Ensure that you are not inadvertently supplying information to an attacker via the use of inconsistent or "conflicting" error messages. For instance, don't reveal unintended information by utilizing error messages such as Access Denied, which will also let an attacker know that the file he seeks actually exists. Have consistent terminology for files and folders that do exist, do not exist, and which have read access denied.
            • Informational Error Messages: Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, row and column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information as possible, and then add pieces of seemingly innocuous information together to craft a method of attack.
            • Proper Error Handling: Utilize generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be utilized by an attacker when orchestrating an attack.

            Removing Detailed Error Messages

            + +Find instructions for turning off detailed error messaging in IIS at this link:

            http://support.microsoft.com/kb/294807

            For Development:

            + From a development perspective, the best method of preventing problems from arising from server error messages is to adopt secure programming techniques that prevent problems that might arise from an attacker discovering too much information about the architecture and design of your web application. The following recommendations can be used as a basis for that.
            • Stringently define the data type (for instance, a string, an alphanumeric character, etc) that the application will accept.
            • Use what is good instead of what is bad. Validate input for improper characters.
            • Do not display error messages to the end user that provide information (such as table names) that could be utilized in orchestrating an attack.
            • Define the allowed set of characters. For instance, if a field is to receive a number, only let that field accept numbers.
            • Define the maximum and minimum data lengths for what the application will accept.
            • Specify acceptable numeric ranges for input.



            For QA:
            + +The best course of action for QA associates to take is to ensure that the error handling scheme is consistent. Do you receive a different type of error for a file that does not exist as opposed to a file that does? Are phrases like "Permission Denied" utilized which could reveal the existence of a file to an attacker? Inconsistent methods of dealing with errors gives an attacker a very powerful way of gathering information about your web application.]]>            Reference InfoApache:
            Security Tips for Server Configuration
            Protecting Confidential Documents at Your Site
            Securing Apache - Access Control

            Microsoft:
            How to set required NTFS permissions and user rights for an IIS 5.0 Web server
            Default permissions and user rights for IIS 6.0
            Description of Microsoft Internet Information Services (IIS) 5.0 and 6.0 status codes]]>            alert('TRACK'); HTTP/1.1 +Referer: http://zero.webappsecurity.com/resources/js/placeholders.min.js +Accept: */* +Accept-Encoding: gzip, deflate +Pragma: no-cache +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0 +Host: zero.webappsecurity.com +Connection: Keep-Alive +X-WIPP: AscVersion=22.2.0.253 +X-Scan-Memo: Category="Audit.Attack";SID="DCCB29AC8B65BDE04A6ED9BAB6F6D5C2";PSID="511D6DB521E43A071D015EA7E62869D3";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="5152";Engine="Request+Modify";SmartMode="4";tht="11"; +X-RequestManager-Memo: stid="15";stmi="0";sc="1";rid="b6290ceb"; +X-Request-Memo: rid="2a7e0aa7";sc="1";thid="27"; +Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 + +]]>Apache Tomcat/7.0.70 - Error report

            HTTP Status 501 - Method TRACK is not implemented by this servlet for this URI

            type Status report

            message Method TRACK is not implemented by this servlet for this URI

            description The server does not support the functionality needed to fulfill this request.

            Apache Tomcat/7.0.70

            ]]>            TRACK/<script>alert('TRACK');<*_escaped_end_tag_*>script>HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
            Refererhttp://zero.webappsecurity.com/resources/js/placeholders.min.js
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Audit.Attack";SID="DCCB29AC8B65BDE04A6ED9BAB6F6D5C2";PSID="511D6DB521E43A071D015EA7E62869D3";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="5152";Engine="Request+Modify";SmartMode="4";tht="11";
            X-RequestManager-Memostid="15";stmi="0";sc="1";rid="b6290ceb";
            X-Request-Memorid="2a7e0aa7";sc="1";thid="27";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0            HTTP/1.1501Not ImplementedApache Tomcat/7.0.70 - Error report

            HTTP Status 501 - Method TRACK is not implemented by this servlet for this URI

            type Status report

            message Method TRACK is not implemented by this servlet for this URI

            description The server does not support the functionality needed to fulfill this request.

            Apache Tomcat/7.0.70

            ]]>
            DateFri, 24 Feb 2023 14:03:25 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Content-Typetext/html;charset=utf-8
            Content-Languageen
            Content-Length1106
            Connectionclose
            http://zero.webappsecurity.com:80/index.html.oldhttpzero.webappsecurity.com80Vulnerability67093Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-538: File and Directory Information ExposureSummary]]>ImplicationAn attacker can use the information obtained from the backup file of a sensitive document to craft a precise targeted attack against the web application. Such attacks can include, but are not limited to, SQL injection, remote file system access to overwrite or inject malware, and database manipulation.]]>ExecutionFix
            • Webroot Security Policy: Implement a security policy that prohibits storage of backup files in webroot.
            • Temporary Files: Many tools and editors automatically create temporary files or backup files in the webroot. Be careful when editing files on a production server to avoid inadvertently leaving a backup or temporary copy of the file(s) in the webroot.
            • Default Installations: Often, a lot of unnecessary files and folders are installed by default. For instance, IIS installations include demo applications. Be sure to remove any files or folders that are not required for application to work properly.
            • Development Backup: Source code back up should not be stored and left available on the webroot.
            + +Further QA can include test cases to look for the presence of backup files in the webroot to ensure none are left in publicly accessible folders of the web application.]]>            Reference InfoOWASP - Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004)
            CWE - 200 Information Exposure ]]>             + + + + Free Bank Online + + + + + + + + + + + + + + + + +
            +
            + +
            +
            + +]]>            GET/index.htmloldHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
            Refererhttp://zero.webappsecurity.com/index.html
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Audit.Attack";SID="E008A8CA4FA265733B7FA2EF6BB2C691";PSID="8E73B3A63EFE2AADE20745A947151EB3";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="aabf09b7-996e-479e-9ecc-9f0508d42d72";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="709";Engine="File+Extension+Addition";SmartMode="4";tht="40";
            X-RequestManager-Memostid="15";stmi="0";sc="1";rid="45db6eca";
            X-Request-Memorid="7f073839";sc="1";thid="27";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0            HTTP/1.1200OK + + + + Free Bank Online + + + + + + + + + + + + + + + + +
            +
            + +
            +
            + +]]>
            DateFri, 24 Feb 2023 14:03:40 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Accept-Rangesbytes
            ETagW/"3691-1368929102000"
            Last-ModifiedSun, 19 May 2013 02:05:02 GMT
            Content-Typeapplication/octet-stream;charset=UTF-8
            Content-Length3691
            Keep-Alivetimeout=5, max=71
            ConnectionKeep-Alive
            http://zero.webappsecurity.com:80/resources/css/jquery-ui-1.8.16.custom.csshttpzero.webappsecurity.com80GET/resources/css/jquery-ui-1.8.16.customcssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
            Refererhttp://zero.webappsecurity.com/index.html.old
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Crawl";SID="61AE3ACD35A2CCD41CE8E5CBE48C4EB1";PSID="E008A8CA4FA265733B7FA2EF6BB2C691";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="meta";Source="StaticParser";tht="31";
            X-RequestManager-Memostid="11";stmi="0";sc="1";rid="1df6f8c6";
            X-Request-Memorid="ef24ea4b";sc="2";thid="24";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445            HTTP/1.1200OK
            DateFri, 24 Feb 2023 14:03:41 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Accept-Rangesbytes
            ETagW/"53483-1358437290000"
            Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
            Cache-Controlmax-age=2419200
            ExpiresFri, 24 Mar 2023 14:03:41 GMT
            Content-Typetext/css;charset=UTF-8
            Content-Length53483
            Keep-Alivetimeout=5, max=100
            ConnectionKeep-Alive
            http://zero.webappsecurity.com:80/resources/css/bootstrap.csshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

            HTTP Status 404 - /resources/css/bootstrap.css

            type Status report

            message /resources/css/bootstrap.css

            description The requested resource is not available.

            Apache Tomcat/7.0.70

            ]]>            GET/resources/css/bootstrapcssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
            Refererhttp://zero.webappsecurity.com/index.html.old
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Crawl";SID="2D8B7DEBECF7ADD2D904F979A625DE42";PSID="E008A8CA4FA265733B7FA2EF6BB2C691";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="meta";Source="StaticParser";tht="31";
            X-RequestManager-Memostid="11";stmi="0";sc="1";rid="4dd34eaa";
            X-Request-Memorid="1dc9e26f";sc="2";thid="26";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445            HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

            HTTP Status 404 - /resources/css/bootstrap.css

            type Status report

            message /resources/css/bootstrap.css

            description The requested resource is not available.

            Apache Tomcat/7.0.70

            ]]>
            DateFri, 24 Feb 2023 14:03:41 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Content-Typetext/html;charset=utf-8
            Content-Languageen
            Content-Length1005
            Keep-Alivetimeout=5, max=100
            ConnectionKeep-Alive
            http://zero.webappsecurity.com:80/resources/js/bootstrap.jshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

            HTTP Status 404 - /resources/js/bootstrap.js

            type Status report

            message /resources/js/bootstrap.js

            description The requested resource is not available.

            Apache Tomcat/7.0.70

            ]]>            GET/resources/js/bootstrapjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
            Refererhttp://zero.webappsecurity.com/index.html.old
            Accept*/*
            Accept-Encodinggzip, deflate
            Pragmano-cache
            User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
            Hostzero.webappsecurity.com
            ConnectionKeep-Alive
            X-WIPPAscVersion=22.2.0.253
            X-Scan-MemoCategory="Crawl";SID="999CF76BB0BE6A8E764A55176D959678";PSID="E008A8CA4FA265733B7FA2EF6BB2C691";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="meta";Source="StaticParser";tht="31";
            X-RequestManager-Memostid="11";stmi="0";sc="1";rid="5bb5a4cd";
            X-Request-Memorid="c7c0b9d0";sc="2";thid="25";
            CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445            HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

            HTTP Status 404 - /resources/js/bootstrap.js

            type Status report

            message /resources/js/bootstrap.js

            description The requested resource is not available.

            Apache Tomcat/7.0.70

            ]]>
            DateFri, 24 Feb 2023 14:03:41 GMT
            ServerApache-Coyote/1.1
            Access-Control-Allow-Origin*
            Content-Typetext/html;charset=utf-8
            Content-Languageen
            Content-Length1001
            Keep-Alivetimeout=5, max=100
            ConnectionKeep-Alive
            http://zero.webappsecurity.com:80/resources/js/jquery-ui.min.jshttpzero.webappsecurity.com80").outerWidth(1).jquery||a.each(["Width","Height"],function(c,d){function h(b,c,d,f){return a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.curCSS(b,"margin"+this,!0))||0)}),c}var e=d==="Width"?["Left","Right"]:["Top","Bottom"],f=d.toLowerCase(),g={innerWidth:a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHeight:a.fn.outerHeight};a.fn["inner"+d]=function(c){return c===b?g["inner"+d].call(this):this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b,c){return typeof b!="number"?g["outer"+d].call(this,b):this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.expr[":"],{data:a.expr.createPseudo?a.expr.createPseudo(function(b){return function(c){return!!a.data(c,b)}}):function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){return c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var d=a.attr(b,"tabindex"),e=isNaN(d);return(e||d>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstart"in c,b.removeChild(c).style.display="none"}),a.curCSS||(a.curCSS=a.css),a.extend(a.ui,{plugin:{add:function(b,c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c){var d=a.plugins[b];if(!d||!a.element[0].parentNode)return;for(var e=0;e0?!0:(b[d]=1,e=b[d]>0,b[d]=0,e)},isOverAxis:function(a,b,c){return a>b&&a=9||!!b.button?this._mouseStarted?(this._mouseDrag(b),b.preventDefault()):(this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&(this._mouseStarted=this._mouseStart(this._mouseDownEvent,b)!==!1,this._mouseStarted?this._mouseDrag(b):this._mouseUp(b)),!this._mouseStarted):this._mouseUp(b)},_mouseUp:function(b){return a(document).unbind("mousemove."+this.widgetName,this._mouseMoveDelegate).unbind("mouseup."+this.widgetName,this._mouseUpDelegate),this._mouseStarted&&(this._mouseStarted=!1,b.target==this._mouseDownEvent.target&&a.data(b.target,this.widgetName+".preventClickEvent",!0),this._mouseStop(b)),!1},_mouseDistanceMet:function(a){return Math.max(Math.abs(this._mouseDownEvent.pageX-a.pageX),Math.abs(this._mouseDownEvent.pageY-a.pageY))>=this.options.distance},_mouseDelayMet:function(a){return this.mouseDelayMet},_mouseStart:function(a){},_mouseDrag:function(a){},_mouseStop:function(a){},_mouseCapture:function(a){return!0}})}(jQuery),function(a,b){a.widget("ui.draggable",a.ui.mouse,{widgetEventPrefix:"drag",options:{addClasses:!0,appendTo:"parent",axis:!1,connectToSortable:!1,containment:!1,cursor:"auto",cursorAt:!1,grid:!1,handle:!1,helper:"original",iframeFix:!1,opacity:!1,refreshPositions:!1,revert:!1,revertDuration:500,scope:"default",scroll:!0,scrollSensitivity:20,scrollSpeed:20,snap:!1,snapMode:"both",snapTolerance:20,stack:!1,zIndex:!1},_create:function(){this.options.helper=="original"&&!/^(?:r|a|f)/.test(this.element.css("position"))&&(this.element[0].style.position="relative"),this.options.addClasses&&this.element.addClass("ui-draggable"),this.options.disabled&&this.element.addClass("ui-draggable-disabled"),this._mouseInit()},destroy:function(){if(!this.element.data("draggable"))return;return this.element.removeData("draggable").unbind(".draggable").removeClass("ui-draggable ui-draggable-dragging ui-draggable-disabled"),this._mouseDestroy(),this},_mouseCapture:function(b){var c=this.options;return this.helper||c.disabled||a(b.target).is(".ui-resizable-handle")?!1:(this.handle=this._getHandle(b),this.handle?(c.iframeFix&&a(c.iframeFix===!0?"iframe":c.iframeFix).each(function(){a('
            ').css({width:this.offsetWidth+"px",height:this.offsetHeight+"px",position:"absolute",opacity:"0.001",zIndex:1e3}).css(a(this).offset()).appendTo("body")}),!0):!1)},_mouseStart:function(b){var c=this.options;return this.helper=this._createHelper(b),this.helper.addClass("ui-draggable-dragging"),this._cacheHelperProportions(),a.ui.ddmanager&&(a.ui.ddmanager.current=this),this._cacheMargins(),this.cssPosition=this.helper.css("position"),this.scrollParent=this.helper.scrollParent(),this.offset=this.positionAbs=this.element.offset(),this.offset={top:this.offset.top-this.margins.top,left:this.offset.left-this.margins.left},a.extend(this.offset,{click:{left:b.pageX-this.offset.left,top:b.pageY-this.offset.top},parent:this._getParentOffset(),relative:this._getRelativeOffset()}),this.originalPosition=this.position=this._generatePosition(b),this.originalPageX=b.pageX,this.originalPageY=b.pageY,c.cursorAt&&this._adjustOffsetFromHelper(c.cursorAt),c.containment&&this._setContainment(),this._trigger("start",b)===!1?(this._clear(),!1):(this._cacheHelperProportions(),a.ui.ddmanager&&!c.dropBehaviour&&a.ui.ddmanager.prepareOffsets(this,b),this._mouseDrag(b,!0),a.ui.ddmanager&&a.ui.ddmanager.dragStart(this,b),!0)},_mouseDrag:function(b,c){this.position=this._generatePosition(b),this.positionAbs=this._convertPositionTo("absolute");if(!c){var d=this._uiHash();if(this._trigger("drag",b,d)===!1)return this._mouseUp({}),!1;this.position=d.position}if(!this.options.axis||this.options.axis!="y")this.helper[0].style.left=this.position.left+"px";if(!this.options.axis||this.options.axis!="x")this.helper[0].style.top=this.position.top+"px";return a.ui.ddmanager&&a.ui.ddmanager.drag(this,b),!1},_mouseStop:function(b){var c=!1;a.ui.ddmanager&&!this.options.dropBehaviour&&(c=a.ui.ddmanager.drop(this,b)),this.dropped&&(c=this.dropped,this.dropped=!1);var d=this.element[0],e=!1;while(d&&(d=d.parentNode))d==document&&(e=!0);if(!e&&this.options.helper==="original")return!1;if(this.options.revert=="invalid"&&!c||this.options.revert=="valid"&&c||this.options.revert===!0||a.isFunction(this.options.revert)&&this.options.revert.call(this.element,c)){var f=this;a(this.helper).animate(this.originalPosition,parseInt(this.options.revertDuration,10),function(){f._trigger("stop",b)!==!1&&f._clear()})}else this._trigger("stop",b)!==!1&&this._clear();return!1},_mouseUp:function(b){return this.options.iframeFix===!0&&a("div.ui-draggable-iframeFix").each(function(){this.parentNode.removeChild(this)}),a.ui.ddmanager&&a.ui.ddmanager.dragStop(this,b),a.ui.mouse.prototype._mouseUp.call(this,b)},cancel:function(){return this.helper.is(".ui-draggable-dragging")?this._mouseUp({}):this._clear(),this},_getHandle:function(b){var c=!this.options.handle||!a(this.options.handle,this.element).length?!0:!1;return a(this.options.handle,this.element).find("*").andSelf().each(function(){this==b.target&&(c=!0)}),c},_createHelper:function(b){var c=this.options,d=a.isFunction(c.helper)?a(c.helper.apply(this.element[0],[b])):c.helper=="clone"?this.element.clone().removeAttr("id"):this.element;return d.parents("body").length||d.appendTo(c.appendTo=="parent"?this.element[0].parentNode:c.appendTo),d[0]!=this.element[0]&&!/(fixed|absolute)/.test(d.css("position"))&&d.css("position","absolute"),d},_adjustOffsetFromHelper:function(b){typeof b=="string"&&(b=b.split(" ")),a.isArray(b)&&(b={left:+b[0],top:+b[1]||0}),"left"in b&&(this.offset.click.left=b.left+this.margins.left),"right"in b&&(this.offset.click.left=this.helperProportions.width-b.right+this.margins.left),"top"in b&&(this.offset.click.top=b.top+this.margins.top),"bottom"in b&&(this.offset.click.top=this.helperProportions.height-b.bottom+this.margins.top)},_getParentOffset:function(){this.offsetParent=this.helper.offsetParent();var b=this.offsetParent.offset();this.cssPosition=="absolute"&&this.scrollParent[0]!=document&&a.ui.contains(this.scrollParent[0],this.offsetParent[0])&&(b.left+=this.scrollParent.scrollLeft(),b.top+=this.scrollParent.scrollTop());if(this.offsetParent[0]==document.body||this.offsetParent[0].tagName&&this.offsetParent[0].tagName.toLowerCase()=="html"&&a.browser.msie)b={top:0,left:0};return{top:b.top+(parseInt(this.offsetParent.css("borderTopWidth"),10)||0),left:b.left+(parseInt(this.offsetParent.css("borderLeftWidth"),10)||0)}},_getRelativeOffset:function(){if(this.cssPosition=="relative"){var a=this.element.position();return{top:a.top-(parseInt(this.helper.css("top"),10)||0)+this.scrollParent.scrollTop(),left:a.left-(parseInt(this.helper.css("left"),10)||0)+this.scrollParent.scrollLeft()}}return{top:0,left:0}},_cacheMargins:function(){this.margins={left:parseInt(this.element.css("marginLeft"),10)||0,top:parseInt(this.element.css("marginTop"),10)||0,right:parseInt(this.element.css("marginRight"),10)||0,bottom:parseInt(this.element.css("marginBottom"),10)||0}},_cacheHelperProportions:function(){this.helperProportions={width:this.helper.outerWidth(),height:this.helper.outerHeight()}},_setContainment:function(){var b=this.options;b.containment=="parent"&&(b.containment=this.helper[0].parentNode);if(b.containment=="document"||b.containment=="window")this.containment=[b.containment=="document"?0:a(window).scrollLeft()-this.offset.relative.left-this.offset.parent.left,b.containment=="document"?0:a(window).scrollTop()-this.offset.relative.top-this.offset.parent.top,(b.containment=="document"?0:a(window).scrollLeft())+a(b.containment=="document"?document:window).width()-this.helperProportions.width-this.margins.left,(b.containment=="document"?0:a(window).scrollTop())+(a(b.containment=="document"?document:window).height()||document.body.parentNode.scrollHeight)-this.helperProportions.height-this.margins.top];if(!/^(document|window|parent)$/.test(b.containment)&&b.containment.constructor!=Array){var c=a(b.containment),d=c[0];if(!d)return;var e=c.offset(),f=a(d).css("overflow")!="hidden";this.containment=[(parseInt(a(d).css("borderLeftWidth"),10)||0)+(parseInt(a(d).css("paddingLeft"),10)||0),(parseInt(a(d).css("borderTopWidth"),10)||0)+(parseInt(a(d).css("paddingTop"),10)||0),(f?Math.max(d.scrollWidth,d.offsetWidth):d.offsetWidth)-(parseInt(a(d).css("borderLeftWidth"),10)||0)-(parseInt(a(d).css("paddingRight"),10)||0)-this.helperProportions.width-this.margins.left-this.margins.right,(f?Math.max(d.scrollHeight,d.offsetHeight):d.offsetHeight)-(parseInt(a(d).css("borderTopWidth"),10)||0)-(parseInt(a(d).css("paddingBottom"),10)||0)-this.helperProportions.height-this.margins.top-this.margins.bottom],this.relative_container=c}else b.containment.constructor==Array&&(this.containment=b.containment)},_convertPositionTo:function(b,c){c||(c=this.position);var d=b=="absolute"?1:-1,e=this.options,f=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,g=/(html|body)/i.test(f[0].tagName);return{top:c.top+this.offset.relative.top*d+this.offset.parent.top*d-(a.browser.safari&&a.browser.version<526&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollTop():g?0:f.scrollTop())*d),left:c.left+this.offset.relative.left*d+this.offset.parent.left*d-(a.browser.safari&&a.browser.version<526&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollLeft():g?0:f.scrollLeft())*d)}},_generatePosition:function(b){var c=this.options,d=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,e=/(html|body)/i.test(d[0].tagName),f=b.pageX,g=b.pageY;if(this.originalPosition){var h;if(this.containment){if(this.relative_container){var i=this.relative_container.offset();h=[this.containment[0]+i.left,this.containment[1]+i.top,this.containment[2]+i.left,this.containment[3]+i.top]}else h=this.containment;b.pageX-this.offset.click.lefth[2]&&(f=h[2]+this.offset.click.left),b.pageY-this.offset.click.top>h[3]&&(g=h[3]+this.offset.click.top)}if(c.grid){var j=c.grid[1]?this.originalPageY+Math.round((g-this.originalPageY)/c.grid[1])*c.grid[1]:this.originalPageY;g=h?j-this.offset.click.toph[3]?j-this.offset.click.toph[2]?k-this.offset.click.left=0;k--){var l=d.snapElements[k].left,m=l+d.snapElements[k].width,n=d.snapElements[k].top,o=n+d.snapElements[k].height;if(!(l-f=k&&g<=l||h>=k&&h<=l||gl)&&(e>=i&&e<=j||f>=i&&f<=j||ej);default:return!1}},a.ui.ddmanager={current:null,droppables:{"default":[]},prepareOffsets:function(b,c){var d=a.ui.ddmanager.droppables[b.options.scope]||[],e=c?c.type:null,f=(b.currentItem||b.element).find(":data(droppable)").andSelf();g:for(var h=0;h
            ').css({position:this.element.css("position"),width:this.element.outerWidth(),height:this.element.outerHeight(),top:this.element.css("top"),left:this.element.css("left")})),this.element=this.element.parent().data("resizable",this.element.data("resizable")),this.elementIsWrapper=!0,this.element.css({marginLeft:this.originalElement.css("marginLeft"),marginTop:this.originalElement.css("marginTop"),marginRight:this.originalElement.css("marginRight"),marginBottom:this.originalElement.css("marginBottom")}),this.originalElement.css({marginLeft:0,marginTop:0,marginRight:0,marginBottom:0}),this.originalResizeStyle=this.originalElement.css("resize"),this.originalElement.css("resize","none"),this._proportionallyResizeElements.push(this.originalElement.css({position:"static",zoom:1,display:"block"})),this.originalElement.css({margin:this.originalElement.css("margin")}),this._proportionallyResize()),this.handles=c.handles||(a(".ui-resizable-handle",this.element).length?{n:".ui-resizable-n",e:".ui-resizable-e",s:".ui-resizable-s",w:".ui-resizable-w",se:".ui-resizable-se",sw:".ui-resizable-sw",ne:".ui-resizable-ne",nw:".ui-resizable-nw"}:"e,s,se");if(this.handles.constructor==String){this.handles=="all"&&(this.handles="n,e,s,w,se,sw,ne,nw");var d=this.handles.split(",");this.handles={};for(var e=0;e

            ');h.css({zIndex:c.zIndex}),"se"==f&&h.addClass("ui-icon ui-icon-gripsmall-diagonal-se"),this.handles[f]=".ui-resizable-"+f,this.element.append(h)}}this._renderAxis=function(b){b=b||this.element;for(var c in this.handles){this.handles[c].constructor==String&&(this.handles[c]=a(this.handles[c],this.element).show());if(this.elementIsWrapper&&this.originalElement[0].nodeName.match(/textarea|input|select|button/i)){var d=a(this.handles[c],this.element),e=0;e=/sw|ne|nw|se|n|s/.test(c)?d.outerHeight():d.outerWidth();var f=["padding",/ne|nw|n/.test(c)?"Top":/se|sw|s/.test(c)?"Bottom":/^e$/.test(c)?"Right":"Left"].join("");b.css(f,e),this._proportionallyResize()}if(!a(this.handles[c]).length)continue}},this._renderAxis(this.element),this._handles=a(".ui-resizable-handle",this.element).disableSelection(),this._handles.mouseover(function(){if(!b.resizing){if(this.className)var a=this.className.match(/ui-resizable-(se|sw|ne|nw|n|e|s|w)/i);b.axis=a&&a[1]?a[1]:"se"}}),c.autoHide&&(this._handles.hide(),a(this.element).addClass("ui-resizable-autohide").hover(function(){if(c.disabled)return;a(this).removeClass("ui-resizable-autohide"),b._handles.show()},function(){if(c.disabled)return;b.resizing||(a(this).addClass("ui-resizable-autohide"),b._handles.hide())})),this._mouseInit()},destroy:function(){this._mouseDestroy();var b=function(b){a(b).removeClass("ui-resizable ui-resizable-disabled ui-resizable-resizing").removeData("resizable").unbind(".resizable").find(".ui-resizable-handle").remove()};if(this.elementIsWrapper){b(this.element);var c=this.element;c.after(this.originalElement.css({position:c.css("position"),width:c.outerWidth(),height:c.outerHeight(),top:c.css("top"),left:c.css("left")})).remove()}return this.originalElement.css("resize",this.originalResizeStyle),b(this.originalElement),this},_mouseCapture:function(b){var c=!1;for(var d in this.handles)a(this.handles[d])[0]==b.target&&(c=!0);return!this.options.disabled&&c},_mouseStart:function(b){var d=this.options,e=this.element.position(),f=this.element;this.resizing=!0,this.documentScroll={top:a(document).scrollTop(),left:a(document).scrollLeft()},(f.is(".ui-draggable")||/absolute/.test(f.css("position")))&&f.css({position:"absolute",top:e.top,left:e.left}),this._renderProxy();var g=c(this.helper.css("left")),h=c(this.helper.css("top"));d.containment&&(g+=a(d.containment).scrollLeft()||0,h+=a(d.containment).scrollTop()||0),this.offset=this.helper.offset(),this.position={left:g,top:h},this.size=this._helper?{width:f.outerWidth(),height:f.outerHeight()}:{width:f.width(),height:f.height()},this.originalSize=this._helper?{width:f.outerWidth(),height:f.outerHeight()}:{width:f.width(),height:f.height()},this.originalPosition={left:g,top:h},this.sizeDiff={width:f.outerWidth()-f.width(),height:f.outerHeight()-f.height()},this.originalMousePosition={left:b.pageX,top:b.pageY},this.aspectRatio=typeof d.aspectRatio=="number"?d.aspectRatio:this.originalSize.width/this.originalSize.height||1;var i=a(".ui-resizable-"+this.axis).css("cursor");return a("body").css("cursor",i=="auto"?this.axis+"-resize":i),f.addClass("ui-resizable-resizing"),this._propagate("start",b),!0},_mouseDrag:function(b){var c=this.helper,d=this.options,e={},f=this,g=this.originalMousePosition,h=this.axis,i=b.pageX-g.left||0,j=b.pageY-g.top||0,k=this._change[h];if(!k)return!1;var l=k.apply(this,[b,i,j]),m=a.browser.msie&&a.browser.version<7,n=this.sizeDiff;this._updateVirtualBoundaries(b.shiftKey);if(this._aspectRatio||b.shiftKey)l=this._updateRatio(l,b);return l=this._respectSize(l,b),this._propagate("resize",b),c.css({top:this.position.top+"px",left:this.position.left+"px",width:this.size.width+"px",height:this.size.height+"px"}),!this._helper&&this._proportionallyResizeElements.length&&this._proportionallyResize(),this._updateCache(l),this._trigger("resize",b,this.ui()),!1},_mouseStop:function(b){this.resizing=!1;var c=this.options,d=this;if(this._helper){var e=this._proportionallyResizeElements,f=e.length&&/textarea/i.test(e[0].nodeName),g=f&&a.ui.hasScroll(e[0],"left")?0:d.sizeDiff.height,h=f?0:d.sizeDiff.width,i={width:d.helper.width()-h,height:d.helper.height()-g},j=parseInt(d.element.css("left"),10)+(d.position.left-d.originalPosition.left)||null,k=parseInt(d.element.css("top"),10)+(d.position.top-d.originalPosition.top)||null;c.animate||this.element.css(a.extend(i,{top:k,left:j})),d.helper.height(d.size.height),d.helper.width(d.size.width),this._helper&&!c.animate&&this._proportionallyResize()}return a("body").css("cursor","auto"),this.element.removeClass("ui-resizable-resizing"),this._propagate("stop",b),this._helper&&this.helper.remove(),!1},_updateVirtualBoundaries:function(a){var b=this.options,c,e,f,g,h;h={minWidth:d(b.minWidth)?b.minWidth:0,maxWidth:d(b.maxWidth)?b.maxWidth:Infinity,minHeight:d(b.minHeight)?b.minHeight:0,maxHeight:d(b.maxHeight)?b.maxHeight:Infinity};if(this._aspectRatio||a)c=h.minHeight*this.aspectRatio,f=h.minWidth/this.aspectRatio,e=h.maxHeight*this.aspectRatio,g=h.maxWidth/this.aspectRatio,c>h.minWidth&&(h.minWidth=c),f>h.minHeight&&(h.minHeight=f),ea.width,k=d(a.height)&&e.minHeight&&e.minHeight>a.height;j&&(a.width=e.minWidth),k&&(a.height=e.minHeight),h&&(a.width=e.maxWidth),i&&(a.height=e.maxHeight);var l=this.originalPosition.left+this.originalSize.width,m=this.position.top+this.size.height,n=/sw|nw|w/.test(g),o=/nw|ne|n/.test(g);j&&n&&(a.left=l-e.minWidth),h&&n&&(a.left=l-e.maxWidth),k&&o&&(a.top=m-e.minHeight),i&&o&&(a.top=m-e.maxHeight);var p=!a.width&&!a.height;return p&&!a.left&&a.top?a.top=null:p&&!a.top&&a.left&&(a.left=null),a},_proportionallyResize:function(){var b=this.options;if(!this._proportionallyResizeElements.length)return;var c=this.helper||this.element;for(var d=0;d
            ');var d=a.browser.msie&&a.browser.version<7,e=d?1:0,f=d?2:-1;this.helper.addClass(this._helper).css({width:this.element.outerWidth()+f,height:this.element.outerHeight()+f,position:"absolute",left:this.elementOffset.left-e+"px",top:this.elementOffset.top-e+"px",zIndex:++c.zIndex}),this.helper.appendTo("body").disableSelection()}else this.helper=this.element},_change:{e:function(a,b,c){return{width:this.originalSize.width+b}},w:function(a,b,c){var d=this.options,e=this.originalSize,f=this.originalPosition;return{left:f.left+b,width:e.width-b}},n:function(a,b,c){var d=this.options,e=this.originalSize,f=this.originalPosition;return{top:f.top+c,height:e.height-c}},s:function(a,b,c){return{height:this.originalSize.height+c}},se:function(b,c,d){return a.extend(this._change.s.apply(this,arguments),this._change.e.apply(this,[b,c,d]))},sw:function(b,c,d){return a.extend(this._change.s.apply(this,arguments),this._change.w.apply(this,[b,c,d]))},ne:function(b,c,d){return a.extend(this._change.n.apply(this,arguments),this._change.e.apply(this,[b,c,d]))},nw:function(b,c,d){return a.extend(this._change.n.apply(this,arguments),this._change.w.apply(this,[b,c,d]))}},_propagate:function(b,c){a.ui.plugin.call(this,b,[c,this.ui()]),b!="resize"&&this._trigger(b,c,this.ui())},plugins:{},ui:function(){return{originalElement:this.originalElement,element:this.element,helper:this.helper,position:this.position,size:this.size,originalSize:this.originalSize,originalPosition:this.originalPosition}}}),a.extend(a.ui.resizable,{version:"1.8.23"}),a.ui.plugin.add("resizable","alsoResize",{start:function(b,c){var d=a(this).data("resizable"),e=d.options,f=function(b){a(b).each(function(){var b=a(this);b.data("resizable-alsoresize",{width:parseInt(b.width(),10),height:parseInt(b.height(),10),left:parseInt(b.css("left"),10),top:parseInt(b.css("top"),10)})})};typeof e.alsoResize=="object"&&!e.alsoResize.parentNode?e.alsoResize.length?(e.alsoResize=e.alsoResize[0],f(e.alsoResize)):a.each(e.alsoResize,function(a){f(a)}):f(e.alsoResize)},resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.originalSize,g=d.originalPosition,h={height:d.size.height-f.height||0,width:d.size.width-f.width||0,top:d.position.top-g.top||0,left:d.position.left-g.left||0},i=function(b,d){a(b).each(function(){var b=a(this),e=a(this).data("resizable-alsoresize"),f={},g=d&&d.length?d:b.parents(c.originalElement[0]).length?["width","height"]:["width","height","top","left"];a.each(g,function(a,b){var c=(e[b]||0)+(h[b]||0);c&&c>=0&&(f[b]=c||null)}),b.css(f)})};typeof e.alsoResize=="object"&&!e.alsoResize.nodeType?a.each(e.alsoResize,function(a,b){i(a,b)}):i(e.alsoResize)},stop:function(b,c){a(this).removeData("resizable-alsoresize")}}),a.ui.plugin.add("resizable","animate",{stop:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d._proportionallyResizeElements,g=f.length&&/textarea/i.test(f[0].nodeName),h=g&&a.ui.hasScroll(f[0],"left")?0:d.sizeDiff.height,i=g?0:d.sizeDiff.width,j={width:d.size.width-i,height:d.size.height-h},k=parseInt(d.element.css("left"),10)+(d.position.left-d.originalPosition.left)||null,l=parseInt(d.element.css("top"),10)+(d.position.top-d.originalPosition.top)||null;d.element.animate(a.extend(j,l&&k?{top:l,left:k}:{}),{duration:e.animateDuration,easing:e.animateEasing,step:function(){var c={width:parseInt(d.element.css("width"),10),height:parseInt(d.element.css("height"),10),top:parseInt(d.element.css("top"),10),left:parseInt(d.element.css("left"),10)};f&&f.length&&a(f[0]).css({width:c.width,height:c.height}),d._updateCache(c),d._propagate("resize",b)}})}}),a.ui.plugin.add("resizable","containment",{start:function(b,d){var e=a(this).data("resizable"),f=e.options,g=e.element,h=f.containment,i=h instanceof a?h.get(0):/parent/.test(h)?g.parent().get(0):h;if(!i)return;e.containerElement=a(i);if(/document/.test(h)||h==document)e.containerOffset={left:0,top:0},e.containerPosition={left:0,top:0},e.parentData={element:a(document),left:0,top:0,width:a(document).width(),height:a(document).height()||document.body.parentNode.scrollHeight};else{var j=a(i),k=[];a(["Top","Right","Left","Bottom"]).each(function(a,b){k[a]=c(j.css("padding"+b))}),e.containerOffset=j.offset(),e.containerPosition=j.position(),e.containerSize={height:j.innerHeight()-k[3],width:j.innerWidth()-k[1]};var l=e.containerOffset,m=e.containerSize.height,n=e.containerSize.width,o=a.ui.hasScroll(i,"left")?i.scrollWidth:n,p=a.ui.hasScroll(i)?i.scrollHeight:m;e.parentData={element:i,left:l.left,top:l.top,width:o,height:p}}},resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.containerSize,g=d.containerOffset,h=d.size,i=d.position,j=d._aspectRatio||b.shiftKey,k={top:0,left:0},l=d.containerElement;l[0]!=document&&/static/.test(l.css("position"))&&(k=g),i.left<(d._helper?g.left:0)&&(d.size.width=d.size.width+(d._helper?d.position.left-g.left:d.position.left-k.left),j&&(d.size.height=d.size.width/d.aspectRatio),d.position.left=e.helper?g.left:0),i.top<(d._helper?g.top:0)&&(d.size.height=d.size.height+(d._helper?d.position.top-g.top:d.position.top),j&&(d.size.width=d.size.height*d.aspectRatio),d.position.top=d._helper?g.top:0),d.offset.left=d.parentData.left+d.position.left,d.offset.top=d.parentData.top+d.position.top;var m=Math.abs((d._helper?d.offset.left-k.left:d.offset.left-k.left)+d.sizeDiff.width),n=Math.abs((d._helper?d.offset.top-k.top:d.offset.top-g.top)+d.sizeDiff.height),o=d.containerElement.get(0)==d.element.parent().get(0),p=/relative|absolute/.test(d.containerElement.css("position"));o&&p&&(m-=d.parentData.left),m+d.size.width>=d.parentData.width&&(d.size.width=d.parentData.width-m,j&&(d.size.height=d.size.width/d.aspectRatio)),n+d.size.height>=d.parentData.height&&(d.size.height=d.parentData.height-n,j&&(d.size.width=d.size.height*d.aspectRatio))},stop:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.position,g=d.containerOffset,h=d.containerPosition,i=d.containerElement,j=a(d.helper),k=j.offset(),l=j.outerWidth()-d.sizeDiff.width,m=j.outerHeight()-d.sizeDiff.height;d._helper&&!e.animate&&/relative/.test(i.css("position"))&&a(this).css({left:k.left-h.left-g.left,width:l,height:m}),d._helper&&!e.animate&&/static/.test(i.css("position"))&&a(this).css({left:k.left-h.left-g.left,width:l,height:m})}}),a.ui.plugin.add("resizable","ghost",{start:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.size;d.ghost=d.originalElement.clone(),d.ghost.css({opacity:.25,display:"block",position:"relative",height:f.height,width:f.width,margin:0,left:0,top:0}).addClass("ui-resizable-ghost").addClass(typeof e.ghost=="string"?e.ghost:""),d.ghost.appendTo(d.helper)},resize:function(b,c){var d=a(this).data("resizable"),e=d.options;d.ghost&&d.ghost.css({position:"relative",height:d.size.height,width:d.size.width})},stop:function(b,c){var d=a(this).data("resizable"),e=d.options;d.ghost&&d.helper&&d.helper.get(0).removeChild(d.ghost.get(0))}}),a.ui.plugin.add("resizable","grid",{resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.size,g=d.originalSize,h=d.originalPosition,i=d.axis,j=e._aspectRatio||b.shiftKey;e.grid=typeof e.grid=="number"?[e.grid,e.grid]:e.grid;var k=Math.round((f.width-g.width)/(e.grid[0]||1))*(e.grid[0]||1),l=Math.round((f.height-g.height)/(e.grid[1]||1))*(e.grid[1]||1);/^(se|s|e)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l):/^(ne)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l,d.position.top=h.top-l):/^(sw)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l,d.position.left=h.left-k):(d.size.width=g.width+k,d.size.height=g.height+l,d.position.top=h.top-l,d.position.left=h.left-k)}});var c=function(a){return parseInt(a,10)||0},d=function(a){return!isNaN(parseInt(a,10))}}(jQuery),function(a,b){a.widget("ui.selectable",a.ui.mouse,{options:{appendTo:"body",autoRefresh:!0,distance:0,filter:"*",tolerance:"touch"},_create:function(){var b=this;this.element.addClass("ui-selectable"),this.dragged=!1;var c;this.refresh=function(){c=a(b.options.filter,b.element[0]),c.addClass("ui-selectee"),c.each(function(){var b=a(this),c=b.offset();a.data(this,"selectable-item",{element:this,$element:b,left:c.left,top:c.top,right:c.left+b.outerWidth(),bottom:c.top+b.outerHeight(),startselected:!1,selected:b.hasClass("ui-selected"),selecting:b.hasClass("ui-selecting"),unselecting:b.hasClass("ui-unselecting")})})},this.refresh(),this.selectees=c.addClass("ui-selectee"),this._mouseInit(),this.helper=a("
            ")},destroy:function(){return this.selectees.removeClass("ui-selectee").removeData("selectable-item"),this.element.removeClass("ui-selectable ui-selectable-disabled").removeData("selectable").unbind(".selectable"),this._mouseDestroy(),this},_mouseStart:function(b){var c=this;this.opos=[b.pageX,b.pageY];if(this.options.disabled)return;var d=this.options;this.selectees=a(d.filter,this.element[0]),this._trigger("start",b),a(d.appendTo).append(this.helper),this.helper.css({left:b.clientX,top:b.clientY,width:0,height:0}),d.autoRefresh&&this.refresh(),this.selectees.filter(".ui-selected").each(function(){var d=a.data(this,"selectable-item");d.startselected=!0,!b.metaKey&&!b.ctrlKey&&(d.$element.removeClass("ui-selected"),d.selected=!1,d.$element.addClass("ui-unselecting"),d.unselecting=!0,c._trigger("unselecting",b,{unselecting:d.element}))}),a(b.target).parents().andSelf().each(function(){var d=a.data(this,"selectable-item");if(d){var e=!b.metaKey&&!b.ctrlKey||!d.$element.hasClass("ui-selected");return d.$element.removeClass(e?"ui-unselecting":"ui-selected").addClass(e?"ui-selecting":"ui-unselecting"),d.unselecting=!e,d.selecting=e,d.selected=e,e?c._trigger("selecting",b,{selecting:d.element}):c._trigger("unselecting",b,{unselecting:d.element}),!1}})},_mouseDrag:function(b){var c=this;this.dragged=!0;if(this.options.disabled)return;var d=this.options,e=this.opos[0],f=this.opos[1],g=b.pageX,h=b.pageY;if(e>g){var i=g;g=e,e=i}if(f>h){var i=h;h=f,f=i}return this.helper.css({left:e,top:f,width:g-e,height:h-f}),this.selectees.each(function(){var i=a.data(this,"selectable-item");if(!i||i.element==c.element[0])return;var j=!1;d.tolerance=="touch"?j=!(i.left>g||i.righth||i.bottome&&i.rightf&&i.bottom *",opacity:!1,placeholder:!1,revert:!1,scroll:!0,scrollSensitivity:20,scrollSpeed:20,scope:"default",tolerance:"intersect",zIndex:1e3},_create:function(){var a=this.options;this.containerCache={},this.element.addClass("ui-sortable"),this.refresh(),this.floating=this.items.length?a.axis==="x"||/left|right/.test(this.items[0].item.css("float"))||/inline|table-cell/.test(this.items[0].item.css("display")):!1,this.offset=this.element.offset(),this._mouseInit(),this.ready=!0},destroy:function(){a.Widget.prototype.destroy.call(this),this.element.removeClass("ui-sortable ui-sortable-disabled"),this._mouseDestroy();for(var b=this.items.length-1;b>=0;b--)this.items[b].item.removeData(this.widgetName+"-item");return this},_setOption:function(b,c){b==="disabled"?(this.options[b]=c,this.widget()[c?"addClass":"removeClass"]("ui-sortable-disabled")):a.Widget.prototype._setOption.apply(this,arguments)},_mouseCapture:function(b,c){var d=this;if(this.reverting)return!1;if(this.options.disabled||this.options.type=="static")return!1;this._refreshItems(b);var e=null,f=this,g=a(b.target).parents().each(function(){if(a.data(this,d.widgetName+"-item")==f)return e=a(this),!1});a.data(b.target,d.widgetName+"-item")==f&&(e=a(b.target));if(!e)return!1;if(this.options.handle&&!c){var h=!1;a(this.options.handle,e).find("*").andSelf().each(function(){this==b.target&&(h=!0)});if(!h)return!1}return this.currentItem=e,this._removeCurrentsFromItems(),!0},_mouseStart:function(b,c,d){var e=this.options,f=this;this.currentContainer=this,this.refreshPositions(),this.helper=this._createHelper(b),this._cacheHelperProportions(),this._cacheMargins(),this.scrollParent=this.helper.scrollParent(),this.offset=this.currentItem.offset(),this.offset={top:this.offset.top-this.margins.top,left:this.offset.left-this.margins.left},a.extend(this.offset,{click:{left:b.pageX-this.offset.left,top:b.pageY-this.offset.top},parent:this._getParentOffset(),relative:this._getRelativeOffset()}),this.helper.css("position","absolute"),this.cssPosition=this.helper.css("position"),this.originalPosition=this._generatePosition(b),this.originalPageX=b.pageX,this.originalPageY=b.pageY,e.cursorAt&&this._adjustOffsetFromHelper(e.cursorAt),this.domPosition={prev:this.currentItem.prev()[0],parent:this.currentItem.parent()[0]},this.helper[0]!=this.currentItem[0]&&this.currentItem.hide(),this._createPlaceholder(),e.containment&&this._setContainment(),e.cursor&&(a("body").css("cursor")&&(this._storedCursor=a("body").css("cursor")),a("body").css("cursor",e.cursor)),e.opacity&&(this.helper.css("opacity")&&(this._storedOpacity=this.helper.css("opacity")),this.helper.css("opacity",e.opacity)),e.zIndex&&(this.helper.css("zIndex")&&(this._storedZIndex=this.helper.css("zIndex")),this.helper.css("zIndex",e.zIndex)),this.scrollParent[0]!=document&&this.scrollParent[0].tagName!="HTML"&&(this.overflowOffset=this.scrollParent.offset()),this._trigger("start",b,this._uiHash()),this._preserveHelperProportions||this._cacheHelperProportions();if(!d)for(var g=this.containers.length-1;g>=0;g--)this.containers[g]._trigger("activate",b,f._uiHash(this));return a.ui.ddmanager&&(a.ui.ddmanager.current=this),a.ui.ddmanager&&!e.dropBehaviour&&a.ui.ddmanager.prepareOffsets(this,b),this.dragging=!0,this.helper.addClass("ui-sortable-helper"),this._mouseDrag(b),!0},_mouseDrag:function(b){this.position=this._generatePosition(b),this.positionAbs=this._convertPositionTo("absolute"),this.lastPositionAbs||(this.lastPositionAbs=this.positionAbs);if(this.options.scroll){var c=this.options,d=!1;this.scrollParent[0]!=document&&this.scrollParent[0].tagName!="HTML"?(this.overflowOffset.top+this.scrollParent[0].offsetHeight-b.pageY=0;e--){var f=this.items[e],g=f.item[0],h=this._intersectsWithPointer(f);if(!h)continue;if(g!=this.currentItem[0]&&this.placeholder[h==1?"next":"prev"]()[0]!=g&&!a.ui.contains(this.placeholder[0],g)&&(this.options.type=="semi-dynamic"?!a.ui.contains(this.element[0],g):!0)){this.direction=h==1?"down":"up";if(this.options.tolerance=="pointer"||this._intersectsWithSides(f))this._rearrange(b,f);else break;this._trigger("change",b,this._uiHash());break}}return this._contactContainers(b),a.ui.ddmanager&&a.ui.ddmanager.drag(this,b),this._trigger("sort",b,this._uiHash()),this.lastPositionAbs=this.positionAbs,!1},_mouseStop:function(b,c){if(!b)return;a.ui.ddmanager&&!this.options.dropBehaviour&&a.ui.ddmanager.drop(this,b);if(this.options.revert){var d=this,e=d.placeholder.offset();d.reverting=!0,a(this.helper).animate({left:e.left-this.offset.parent.left-d.margins.left+(this.offsetParent[0]==document.body?0:this.offsetParent[0].scrollLeft),top:e.top-this.offset.parent.top-d.margins.top+(this.offsetParent[0]==document.body?0:this.offsetParent[0].scrollTop)},parseInt(this.options.revert,10)||500,function(){d._clear(b)})}else this._clear(b,c);return!1},cancel:function(){var b=this;if(this.dragging){this._mouseUp({target:null}),this.options.helper=="original"?this.currentItem.css(this._storedCSS).removeClass("ui-sortable-helper"):this.currentItem.show();for(var c=this.containers.length-1;c>=0;c--)this.containers[c]._trigger("deactivate",null,b._uiHash(this)),this.containers[c].containerCache.over&&(this.containers[c]._trigger("out",null,b._uiHash(this)),this.containers[c].containerCache.over=0)}return this.placeholder&&(this.placeholder[0].parentNode&&this.placeholder[0].parentNode.removeChild(this.placeholder[0]),this.options.helper!="original"&&this.helper&&this.helper[0].parentNode&&this.helper.remove(),a.extend(this,{helper:null,dragging:!1,reverting:!1,_noFinalSort:null}),this.domPosition.prev?a(this.domPosition.prev).after(this.currentItem):a(this.domPosition.parent).prepend(this.currentItem)),this},serialize:function(b){var c=this._getItemsAsjQuery(b&&b.connected),d=[];return b=b||{},a(c).each(function(){var c=(a(b.item||this).attr(b.attribute||"id")||"").match(b.expression||/(.+)[-=_](.+)/);c&&d.push((b.key||c[1]+"[]")+"="+(b.key&&b.expression?c[1]:c[2]))}),!d.length&&b.key&&d.push(b.key+"="),d.join("&")},toArray:function(b){var c=this._getItemsAsjQuery(b&&b.connected),d=[];return b=b||{},c.each(function(){d.push(a(b.item||this).attr(b.attribute||"id")||"")}),d},_intersectsWith:function(a){var b=this.positionAbs.left,c=b+this.helperProportions.width,d=this.positionAbs.top,e=d+this.helperProportions.height,f=a.left,g=f+a.width,h=a.top,i=h+a.height,j=this.offset.click.top,k=this.offset.click.left,l=d+j>h&&d+jf&&b+ka[this.floating?"width":"height"]?l:f0?"down":"up")},_getDragHorizontalDirection:function(){var a=this.positionAbs.left-this.lastPositionAbs.left;return a!=0&&(a>0?"right":"left")},refresh:function(a){return this._refreshItems(a),this.refreshPositions(),this},_connectWith:function(){var a=this.options;return a.connectWith.constructor==String?[a.connectWith]:a.connectWith},_getItemsAsjQuery:function(b){var c=this,d=[],e=[],f=this._connectWith();if(f&&b)for(var g=f.length-1;g>=0;g--){var h=a(f[g]);for(var i=h.length-1;i>=0;i--){var j=a.data(h[i],this.widgetName);j&&j!=this&&!j.options.disabled&&e.push([a.isFunction(j.options.items)?j.options.items.call(j.element):a(j.options.items,j.element).not(".ui-sortable-helper").not(".ui-sortable-placeholder"),j])}}e.push([a.isFunction(this.options.items)?this.options.items.call(this.element,null,{options:this.options,item:this.currentItem}):a(this.options.items,this.element).not(".ui-sortable-helper").not(".ui-sortable-placeholder"),this]);for(var g=e.length-1;g>=0;g--)e[g][0].each(function(){d.push(this)});return a(d)},_removeCurrentsFromItems:function(){var a=this.currentItem.find(":data("+this.widgetName+"-item)");for(var b=0;b=0;g--){var h=a(f[g]);for(var i=h.length-1;i>=0;i--){var j=a.data(h[i],this.widgetName);j&&j!=this&&!j.options.disabled&&(e.push([a.isFunction(j.options.items)?j.options.items.call(j.element[0],b,{item:this.currentItem}):a(j.options.items,j.element),j]),this.containers.push(j))}}for(var g=e.length-1;g>=0;g--){var k=e[g][1],l=e[g][0];for(var i=0,m=l.length;i=0;c--){var d=this.items[c];if(d.instance!=this.currentContainer&&this.currentContainer&&d.item[0]!=this.currentItem[0])continue;var e=this.options.toleranceElement?a(this.options.toleranceElement,d.item):d.item;b||(d.width=e.outerWidth(),d.height=e.outerHeight());var f=e.offset();d.left=f.left,d.top=f.top}if(this.options.custom&&this.options.custom.refreshContainers)this.options.custom.refreshContainers.call(this);else for(var c=this.containers.length-1;c>=0;c--){var f=this.containers[c].element.offset();this.containers[c].containerCache.left=f.left,this.containers[c].containerCache.top=f.top,this.containers[c].containerCache.width=this.containers[c].element.outerWidth(),this.containers[c].containerCache.height=this.containers[c].element.outerHeight()}return this},_createPlaceholder:function(b){var c=b||this,d=c.options;if(!d.placeholder||d.placeholder.constructor==String){var e=d.placeholder;d.placeholder={element:function(){var b=a(document.createElement(c.currentItem[0].nodeName)).addClass(e||c.currentItem[0].className+" ui-sortable-placeholder").removeClass("ui-sortable-helper")[0];return e||(b.style.visibility="hidden"),b},update:function(a,b){if(e&&!d.forcePlaceholderSize)return;b.height()||b.height(c.currentItem.innerHeight()-parseInt(c.currentItem.css("paddingTop")||0,10)-parseInt(c.currentItem.css("paddingBottom")||0,10)),b.width()||b.width(c.currentItem.innerWidth()-parseInt(c.currentItem.css("paddingLeft")||0,10)-parseInt(c.currentItem.css("paddingRight")||0,10))}}}c.placeholder=a(d.placeholder.element.call(c.element,c.currentItem)),c.currentItem.after(c.placeholder),d.placeholder.update(c,c.placeholder)},_contactContainers:function(b){var c=null,d=null;for(var e=this.containers.length-1;e>=0;e--){if(a.ui.contains(this.currentItem[0],this.containers[e].element[0]))continue;if(this._intersectsWith(this.containers[e].containerCache)){if(c&&a.ui.contains(this.containers[e].element[0],c.element[0]))continue;c=this.containers[e],d=e}else this.containers[e].containerCache.over&&(this.containers[e]._trigger("out",b,this._uiHash(this)),this.containers[e].containerCache.over=0)}if(!c)return;if(this.containers.length===1)this.containers[d]._trigger("over",b,this._uiHash(this)),this.containers[d].containerCache.over=1;else if(this.currentContainer!=this.containers[d]){var f=1e4,g=null,h=this.positionAbs[this.containers[d].floating?"left":"top"];for(var i=this.items.length-1;i>=0;i--){if(!a.ui.contains(this.containers[d].element[0],this.items[i].item[0]))continue;var j=this.containers[d].floating?this.items[i].item.offset().left:this.items[i].item.offset().top;Math.abs(j-h)0?"down":"up")}if(!g&&!this.options.dropOnEmpty)return;this.currentContainer=this.containers[d],g?this._rearrange(b,g,null,!0):this._rearrange(b,null,this.containers[d].element,!0),this._trigger("change",b,this._uiHash()),this.containers[d]._trigger("change",b,this._uiHash(this)),this.options.placeholder.update(this.currentContainer,this.placeholder),this.containers[d]._trigger("over",b,this._uiHash(this)),this.containers[d].containerCache.over=1}},_createHelper:function(b){var c=this.options,d=a.isFunction(c.helper)?a(c.helper.apply(this.element[0],[b,this.currentItem])):c.helper=="clone"?this.currentItem.clone():this.currentItem;return d.parents("body").length||a(c.appendTo!="parent"?c.appendTo:this.currentItem[0].parentNode)[0].appendChild(d[0]),d[0]==this.currentItem[0]&&(this._storedCSS={width:this.currentItem[0].style.width,height:this.currentItem[0].style.height,position:this.currentItem.css("position"),top:this.currentItem.css("top"),left:this.currentItem.css("left")}),(d[0].style.width==""||c.forceHelperSize)&&d.width(this.currentItem.width()),(d[0].style.height==""||c.forceHelperSize)&&d.height(this.currentItem.height()),d},_adjustOffsetFromHelper:function(b){typeof b=="string"&&(b=b.split(" ")),a.isArray(b)&&(b={left:+b[0],top:+b[1]||0}),"left"in b&&(this.offset.click.left=b.left+this.margins.left),"right"in b&&(this.offset.click.left=this.helperProportions.width-b.right+this.margins.left),"top"in b&&(this.offset.click.top=b.top+this.margins.top),"bottom"in b&&(this.offset.click.top=this.helperProportions.height-b.bottom+this.margins.top)},_getParentOffset:function(){this.offsetParent=this.helper.offsetParent();var b=this.offsetParent.offset();this.cssPosition=="absolute"&&this.scrollParent[0]!=document&&a.ui.contains(this.scrollParent[0],this.offsetParent[0])&&(b.left+=this.scrollParent.scrollLeft(),b.top+=this.scrollParent.scrollTop());if(this.offsetParent[0]==document.body||this.offsetParent[0].tagName&&this.offsetParent[0].tagName.toLowerCase()=="html"&&a.browser.msie)b={top:0,left:0};return{top:b.top+(parseInt(this.offsetParent.css("borderTopWidth"),10)||0),left:b.left+(parseInt(this.offsetParent.css("borderLeftWidth"),10)||0)}},_getRelativeOffset:function(){if(this.cssPosition=="relative"){var a=this.currentItem.position();return{top:a.top-(parseInt(this.helper.css("top"),10)||0)+this.scrollParent.scrollTop(),left:a.left-(parseInt(this.helper.css("left"),10)||0)+this.scrollParent.scrollLeft()}}return{top:0,left:0}},_cacheMargins:function(){this.margins={left:parseInt(this.currentItem.css("marginLeft"),10)||0,top:parseInt(this.currentItem.css("marginTop"),10)||0}},_cacheHelperProportions:function(){this.helperProportions={width:this.helper.outerWidth(),height:this.helper.outerHeight()}},_setContainment:function(){var b=this.options;b.containment=="parent"&&(b.containment=this.helper[0].parentNode);if(b.containment=="document"||b.containment=="window")this.containment=[0-this.offset.relative.left-this.offset.parent.left,0-this.offset.relative.top-this.offset.parent.top,a(b.containment=="document"?document:window).width()-this.helperProportions.width-this.margins.left,(a(b.containment=="document"?document:window).height()||document.body.parentNode.scrollHeight)-this.helperProportions.height-this.margins.top];if(!/^(document|window|parent)$/.test(b.containment)){var c=a(b.containment)[0],d=a(b.containment).offset(),e=a(c).css("overflow")!="hidden";this.containment=[d.left+(parseInt(a(c).css("borderLeftWidth"),10)||0)+(parseInt(a(c).css("paddingLeft"),10)||0)-this.margins.left,d.top+(parseInt(a(c).css("borderTopWidth"),10)||0)+(parseInt(a(c).css("paddingTop"),10)||0)-this.margins.top,d.left+(e?Math.max(c.scrollWidth,c.offsetWidth):c.offsetWidth)-(parseInt(a(c).css("borderLeftWidth"),10)||0)-(parseInt(a(c).css("paddingRight"),10)||0)-this.helperProportions.width-this.margins.left,d.top+(e?Math.max(c.scrollHeight,c.offsetHeight):c.offsetHeight)-(parseInt(a(c).css("borderTopWidth"),10)||0)-(parseInt(a(c).css("paddingBottom"),10)||0)-this.helperProportions.height-this.margins.top]}},_convertPositionTo:function(b,c){c||(c=this.position);var d=b=="absolute"?1:-1,e=this.options,f=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,g=/(html|body)/i.test(f[0].tagName);return{top:c.top+this.offset.relative.top*d+this.offset.parent.top*d-(a.browser.safari&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollTop():g?0:f.scrollTop())*d),left:c.left+this.offset.relative.left*d+this.offset.parent.left*d-(a.browser.safari&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollLeft():g?0:f.scrollLeft())*d)}},_generatePosition:function(b){var c=this.options,d=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,e=/(html|body)/i.test(d[0].tagName);this.cssPosition=="relative"&&(this.scrollParent[0]==document||this.scrollParent[0]==this.offsetParent[0])&&(this.offset.relative=this._getRelativeOffset());var f=b.pageX,g=b.pageY;if(this.originalPosition){this.containment&&(b.pageX-this.offset.click.leftthis.containment[2]&&(f=this.containment[2]+this.offset.click.left),b.pageY-this.offset.click.top>this.containment[3]&&(g=this.containment[3]+this.offset.click.top));if(c.grid){var h=this.originalPageY+Math.round((g-this.originalPageY)/c.grid[1])*c.grid[1];g=this.containment?h-this.offset.click.topthis.containment[3]?h-this.offset.click.topthis.containment[2]?i-this.offset.click.left=0;f--)a.ui.contains(this.containers[f].element[0],this.currentItem[0])&&!c&&(d.push(function(a){return function(b){a._trigger("receive",b,this._uiHash(this))}}.call(this,this.containers[f])),d.push(function(a){return function(b){a._trigger("update",b,this._uiHash(this))}}.call(this,this.containers[f])))}for(var f=this.containers.length-1;f>=0;f--)c||d.push(function(a){return function(b){a._trigger("deactivate",b,this._uiHash(this))}}.call(this,this.containers[f])),this.containers[f].containerCache.over&&(d.push(function(a){return function(b){a._trigger("out",b,this._uiHash(this))}}.call(this,this.containers[f])),this.containers[f].containerCache.over=0);this._storedCursor&&a("body").css("cursor",this._storedCursor),this._storedOpacity&&this.helper.css("opacity",this._storedOpacity),this._storedZIndex&&this.helper.css("zIndex",this._storedZIndex=="auto"?"":this._storedZIndex),this.dragging=!1;if(this.cancelHelperRemoval){if(!c){this._trigger("beforeStop",b,this._uiHash());for(var f=0;f
            ").addClass("ui-effects-wrapper").css({fontSize:"100%",background:"transparent",border:"none",margin:0,padding:0}),e=document.activeElement;try{e.id}catch(f){e=document.body}return b.wrap(d),(b[0]===e||a.contains(b[0],e))&&a(e).focus(),d=b.parent(),b.css("position")=="static"?(d.css({position:"relative"}),b.css({position:"relative"})):(a.extend(c,{position:b.css("position"),zIndex:b.css("z-index")}),a.each(["top","left","bottom","right"],function(a,d){c[d]=b.css(d),isNaN(parseInt(c[d],10))&&(c[d]="auto")}),b.css({position:"relative",top:0,left:0,right:"auto",bottom:"auto"})),d.css(c).show()},removeWrapper:function(b){var c,d=document.activeElement;return b.parent().is(".ui-effects-wrapper")?(c=b.parent().replaceWith(b),(b[0]===d||a.contains(b[0],d))&&a(d).focus(),c):b},setTransition:function(b,c,d,e){return e=e||{},a.each(c,function(a,c){var f=b.cssUnit(c);f[0]>0&&(e[c]=f[0]*d+f[1])}),e}}),a.fn.extend({effect:function(b,c,d,e){var f=k.apply(this,arguments),g={options:f[1],duration:f[2],callback:f[3]},h=g.options.mode,i=a.effects[b];return a.fx.off||!i?h?this[h](g.duration,g.callback):this.each(function(){g.callback&&g.callback.call(this)}):i.call(this,g)},_show:a.fn.show,show:function(a){if(l(a))return this._show.apply(this,arguments);var b=k.apply(this,arguments);return b[1].mode="show",this.effect.apply(this,b)},_hide:a.fn.hide,hide:function(a){if(l(a))return this._hide.apply(this,arguments);var b=k.apply(this,arguments);return b[1].mode="hide",this.effect.apply(this,b)},__toggle:a.fn.toggle,toggle:function(b){if(l(b)||typeof b=="boolean"||a.isFunction(b))return this.__toggle.apply(this,arguments);var c=k.apply(this,arguments);return c[1].mode="toggle",this.effect.apply(this,c)},cssUnit:function(b){var c=this.css(b),d=[];return a.each(["em","px","%","pt"],function(a,b){c.indexOf(b)>0&&(d=[parseFloat(c),b])}),d}});var m={};a.each(["Quad","Cubic","Quart","Quint","Expo"],function(a,b){m[b]=function(b){return Math.pow(b,a+2)}}),a.extend(m,{Sine:function(a){return 1-Math.cos(a*Math.PI/2)},Circ:function(a){return 1-Math.sqrt(1-a*a)},Elastic:function(a){return a===0||a===1?a:-Math.pow(2,8*(a-1))*Math.sin(((a-1)*80-7.5)*Math.PI/15)},Back:function(a){return a*a*(3*a-2)},Bounce:function(a){var b,c=4;while(a<((b=Math.pow(2,--c))-1)/11);return 1/Math.pow(4,3-c)-7.5625*Math.pow((b*3-2)/22-a,2)}}),a.each(m,function(b,c){a.easing["easeIn"+b]=c,a.easing["easeOut"+b]=function(a){return 1-c(1-a)},a.easing["easeInOut"+b]=function(a){return a<.5?c(a*2)/2:c(a*-2+2)/-2+1}})}(jQuery),function(a,b){a.effects.blind=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"hide"),f=b.options.direction||"vertical";a.effects.save(c,d),c.show();var g=a.effects.createWrapper(c).css({overflow:"hidden"}),h=f=="vertical"?"height":"width",i=f=="vertical"?g.height():g.width();e=="show"&&g.css(h,0);var j={};j[h]=e=="show"?i:0,g.animate(j,b.duration,b.options.easing,function(){e=="hide"&&c.hide(),a.effects.restore(c,d),a.effects.removeWrapper(c),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.effects.bounce=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"effect"),f=b.options.direction||"up",g=b.options.distance||20,h=b.options.times||5,i=b.duration||250;/show|hide/.test(e)&&d.push("opacity"),a.effects.save(c,d),c.show(),a.effects.createWrapper(c);var j=f=="up"||f=="down"?"top":"left",k=f=="up"||f=="left"?"pos":"neg",g=b.options.distance||(j=="top"?c.outerHeight(!0)/3:c.outerWidth(!0)/3);e=="show"&&c.css("opacity",0).css(j,k=="pos"?-g:g),e=="hide"&&(g=g/(h*2)),e!="hide"&&h--;if(e=="show"){var l={opacity:1};l[j]=(k=="pos"?"+=":"-=")+g,c.animate(l,i/2,b.options.easing),g=g/2,h--}for(var m=0;m
            ").css({position:"absolute",visibility:"visible",left:-j*(g/d),top:-i*(h/c)}).parent().addClass("ui-effects-explode").css({position:"absolute",overflow:"hidden",width:g/d,height:h/c,left:f.left+j*(g/d)+(b.options.mode=="show"?(j-Math.floor(d/2))*(g/d):0),top:f.top+i*(h/c)+(b.options.mode=="show"?(i-Math.floor(c/2))*(h/c):0),opacity:b.options.mode=="show"?0:1}).animate({left:f.left+j*(g/d)+(b.options.mode=="show"?0:(j-Math.floor(d/2))*(g/d)),top:f.top+i*(h/c)+(b.options.mode=="show"?0:(i-Math.floor(c/2))*(h/c)),opacity:b.options.mode=="show"?1:0},b.duration||500);setTimeout(function(){b.options.mode=="show"?e.css({visibility:"visible"}):e.css({visibility:"visible"}).hide(),b.callback&&b.callback.apply(e[0]),e.dequeue(),a("div.ui-effects-explode").remove()},b.duration||500)})}}(jQuery),function(a,b){a.effects.fade=function(b){return this.queue(function(){var c=a(this),d=a.effects.setMode(c,b.options.mode||"hide");c.animate({opacity:d},{queue:!1,duration:b.duration,easing:b.options.easing,complete:function(){b.callback&&b.callback.apply(this,arguments),c.dequeue()}})})}}(jQuery),function(a,b){a.effects.fold=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"hide"),f=b.options.size||15,g=!!b.options.horizFirst,h=b.duration?b.duration/2:a.fx.speeds._default/2;a.effects.save(c,d),c.show();var i=a.effects.createWrapper(c).css({overflow:"hidden"}),j=e=="show"!=g,k=j?["width","height"]:["height","width"],l=j?[i.width(),i.height()]:[i.height(),i.width()],m=/([0-9]+)%/.exec(f);m&&(f=parseInt(m[1],10)/100*l[e=="hide"?0:1]),e=="show"&&i.css(g?{height:0,width:f}:{height:f,width:0});var n={},p={};n[k[0]]=e=="show"?l[0]:f,p[k[1]]=e=="show"?l[1]:0,i.animate(n,h,b.options.easing).animate(p,h,b.options.easing,function(){e=="hide"&&c.hide(),a.effects.restore(c,d),a.effects.removeWrapper(c),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.effects.highlight=function(b){return this.queue(function(){var c=a(this),d=["backgroundImage","backgroundColor","opacity"],e=a.effects.setMode(c,b.options.mode||"show"),f={backgroundColor:c.css("backgroundColor")};e=="hide"&&(f.opacity=0),a.effects.save(c,d),c.show().css({backgroundImage:"none",backgroundColor:b.options.color||"#ffff99"}).animate(f,{queue:!1,duration:b.duration,easing:b.options.easing,complete:function(){e=="hide"&&c.hide(),a.effects.restore(c,d),e=="show"&&!a.support.opacity&&this.style.removeAttribute("filter"),b.callback&&b.callback.apply(this,arguments),c.dequeue()}})})}}(jQuery),function(a,b){a.effects.pulsate=function(b){return this.queue(function(){var c=a(this),d=a.effects.setMode(c,b.options.mode||"show"),e=(b.options.times||5)*2-1,f=b.duration?b.duration/2:a.fx.speeds._default/2,g=c.is(":visible"),h=0;g||(c.css("opacity",0).show(),h=1),(d=="hide"&&g||d=="show"&&!g)&&e--;for(var i=0;i
            ').appendTo(document.body).addClass(b.options.className).css({top:g.top,left:g.left,height:c.innerHeight(),width:c.innerWidth(),position:"absolute"}).animate(f,b.duration,b.options.easing,function(){h.remove(),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.widget("ui.accordion",{options:{active:0,animated:"slide",autoHeight:!0,clearStyle:!1,collapsible:!1,event:"click",fillSpace:!1,header:"> li > :first-child,> :not(li):even",icons:{header:"ui-icon-triangle-1-e",headerSelected:"ui-icon-triangle-1-s"},navigation:!1,navigationFilter:function(){return this.href.toLowerCase()===location.href.toLowerCase()}},_create:function(){var b=this,c=b.options;b.running=0,b.element.addClass("ui-accordion ui-widget ui-helper-reset").children("li").addClass("ui-accordion-li-fix"),b.headers=b.element.find(c.header).addClass("ui-accordion-header ui-helper-reset ui-state-default ui-corner-all").bind("mouseenter.accordion",function(){if(c.disabled)return;a(this).addClass("ui-state-hover")}).bind("mouseleave.accordion",function(){if(c.disabled)return;a(this).removeClass("ui-state-hover")}).bind("focus.accordion",function(){if(c.disabled)return;a(this).addClass("ui-state-focus")}).bind("blur.accordion",function(){if(c.disabled)return;a(this).removeClass("ui-state-focus")}),b.headers.next().addClass("ui-accordion-content ui-helper-reset ui-widget-content ui-corner-bottom");if(c.navigation){var d=b.element.find("a").filter(c.navigationFilter).eq(0);if(d.length){var e=d.closest(".ui-accordion-header");e.length?b.active=e:b.active=d.closest(".ui-accordion-content").prev()}}b.active=b._findActive(b.active||c.active).addClass("ui-state-default ui-state-active").toggleClass("ui-corner-all").toggleClass("ui-corner-top"),b.active.next().addClass("ui-accordion-content-active"),b._createIcons(),b.resize(),b.element.attr("role","tablist"),b.headers.attr("role","tab").bind("keydown.accordion",function(a){return b._keydown(a)}).next().attr("role","tabpanel"),b.headers.not(b.active||"").attr({"aria-expanded":"false","aria-selected":"false",tabIndex:-1}).next().hide(),b.active.length?b.active.attr({"aria-expanded":"true","aria-selected":"true",tabIndex:0}):b.headers.eq(0).attr("tabIndex",0),a.browser.safari||b.headers.find("a").attr("tabIndex",-1),c.event&&b.headers.bind(c.event.split(" ").join(".accordion ")+".accordion",function(a){b._clickHandler.call(b,a,this),a.preventDefault()})},_createIcons:function(){var b=this.options;b.icons&&(a("").addClass("ui-icon "+b.icons.header).prependTo(this.headers),this.active.children(".ui-icon").toggleClass(b.icons.header).toggleClass(b.icons.headerSelected),this.element.addClass("ui-accordion-icons"))},_destroyIcons:function(){this.headers.children(".ui-icon").remove(),this.element.removeClass("ui-accordion-icons")},destroy:function(){var b=this.options;this.element.removeClass("ui-accordion ui-widget ui-helper-reset").removeAttr("role"),this.headers.unbind(".accordion").removeClass("ui-accordion-header ui-accordion-disabled ui-helper-reset ui-state-default ui-corner-all ui-state-active ui-state-disabled ui-corner-top").removeAttr("role").removeAttr("aria-expanded").removeAttr("aria-selected").removeAttr("tabIndex"),this.headers.find("a").removeAttr("tabIndex"),this._destroyIcons();var c=this.headers.next().css("display","").removeAttr("role").removeClass("ui-helper-reset ui-widget-content ui-corner-bottom ui-accordion-content ui-accordion-content-active ui-accordion-disabled ui-state-disabled");return(b.autoHeight||b.fillHeight)&&c.css("height",""),a.Widget.prototype.destroy.call(this)},_setOption:function(b,c){a.Widget.prototype._setOption.apply(this,arguments),b=="active"&&this.activate(c),b=="icons"&&(this._destroyIcons(),c&&this._createIcons()),b=="disabled"&&this.headers.add(this.headers.next())[c?"addClass":"removeClass"]("ui-accordion-disabled ui-state-disabled")},_keydown:function(b){if(this.options.disabled||b.altKey||b.ctrlKey)return;var c=a.ui.keyCode,d=this.headers.length,e=this.headers.index(b.target),f=!1;switch(b.keyCode){case c.RIGHT:case c.DOWN:f=this.headers[(e+1)%d];break;case c.LEFT:case c.UP:f=this.headers[(e-1+d)%d];break;case c.SPACE:case c.ENTER:this._clickHandler({target:b.target},b.target),b.preventDefault()}return f?(a(b.target).attr("tabIndex",-1),a(f).attr("tabIndex",0),f.focus(),!1):!0},resize:function(){var b=this.options,c;if(b.fillSpace){if(a.browser.msie){var d=this.element.parent().css("overflow");this.element.parent().css("overflow","hidden")}c=this.element.parent().height(),a.browser.msie&&this.element.parent().css("overflow",d),this.headers.each(function(){c-=a(this).outerHeight(!0)}),this.headers.next().each(function(){a(this).height(Math.max(0,c-a(this).innerHeight()+a(this).height()))}).css("overflow","auto")}else b.autoHeight&&(c=0,this.headers.next().each(function(){c=Math.max(c,a(this).height("").height())}).height(c));return this},activate:function(a){this.options.active=a;var b=this._findActive(a)[0];return this._clickHandler({target:b},b),this},_findActive:function(b){return b?typeof b=="number"?this.headers.filter(":eq("+b+")"):this.headers.not(this.headers.not(b)):b===!1?a([]):this.headers.filter(":eq(0)")},_clickHandler:function(b,c){var d=this.options;if(d.disabled)return;if(!b.target){if(!d.collapsible)return;this.active.removeClass("ui-state-active ui-corner-top").addClass("ui-state-default ui-corner-all").children(".ui-icon").removeClass(d.icons.headerSelected).addClass(d.icons.header),this.active.next().addClass("ui-accordion-content-active");var e=this.active.next(),f={options:d,newHeader:a([]),oldHeader:d.active,newContent:a([]),oldContent:e},g=this.active=a([]);this._toggle(g,e,f);return}var h=a(b.currentTarget||c),i=h[0]===this.active[0];d.active=d.collapsible&&i?!1:this.headers.index(h);if(this.running||!d.collapsible&&i)return;var j=this.active,g=h.next(),e=this.active.next(),f={options:d,newHeader:i&&d.collapsible?a([]):h,oldHeader:this.active,newContent:i&&d.collapsible?a([]):g,oldContent:e},k=this.headers.index(this.active[0])>this.headers.index(h[0]);this.active=i?a([]):h,this._toggle(g,e,f,i,k),j.removeClass("ui-state-active ui-corner-top").addClass("ui-state-default ui-corner-all").children(".ui-icon").removeClass(d.icons.headerSelected).addClass(d.icons.header),i||(h.removeClass("ui-state-default ui-corner-all").addClass("ui-state-active ui-corner-top").children(".ui-icon").removeClass(d.icons.header).addClass(d.icons.headerSelected),h.next().addClass("ui-accordion-content-active"));return},_toggle:function(b,c,d,e,f){var g=this,h=g.options;g.toShow=b,g.toHide=c,g.data=d;var i=function(){if(!g)return;return g._completed.apply(g,arguments)};g._trigger("changestart",null,g.data),g.running=c.size()===0?b.size():c.size();if(h.animated){var j={};h.collapsible&&e?j={toShow:a([]),toHide:c,complete:i,down:f,autoHeight:h.autoHeight||h.fillSpace}:j={toShow:b,toHide:c,complete:i,down:f,autoHeight:h.autoHeight||h.fillSpace},h.proxied||(h.proxied=h.animated),h.proxiedDuration||(h.proxiedDuration=h.duration),h.animated=a.isFunction(h.proxied)?h.proxied(j):h.proxied,h.duration=a.isFunction(h.proxiedDuration)?h.proxiedDuration(j):h.proxiedDuration;var k=a.ui.accordion.animations,l=h.duration,m=h.animated;m&&!k[m]&&!a.easing[m]&&(m="slide"),k[m]||(k[m]=function(a){this.slide(a,{easing:m,duration:l||700})}),k[m](j)}else h.collapsible&&e?b.toggle():(c.hide(),b.show()),i(!0);c.prev().attr({"aria-expanded":"false","aria-selected":"false",tabIndex:-1}).blur(),b.prev().attr({"aria-expanded":"true","aria-selected":"true",tabIndex:0}).focus()},_completed:function(a){this.running=a?0:--this.running;if(this.running)return;this.options.clearStyle&&this.toShow.add(this.toHide).css({height:"",overflow:""}),this.toHide.removeClass("ui-accordion-content-active"),this.toHide.length&&(this.toHide.parent()[0].className=this.toHide.parent()[0].className),this._trigger("change",null,this.data)}}),a.extend(a.ui.accordion,{version:"1.8.23",animations:{slide:function(b,c){b=a.extend({easing:"swing",duration:300},b,c);if(!b.toHide.size()){b.toShow.animate({height:"show",paddingTop:"show",paddingBottom:"show"},b);return}if(!b.toShow.size()){b.toHide.animate({height:"hide",paddingTop:"hide",paddingBottom:"hide"},b);return}var d=b.toShow.css("overflow"),e=0,f={},g={},h=["height","paddingTop","paddingBottom"],i,j=b.toShow;i=j[0].style.width,j.width(j.parent().width()-parseFloat(j.css("paddingLeft"))-parseFloat(j.css("paddingRight"))-(parseFloat(j.css("borderLeftWidth"))||0)-(parseFloat(j.css("borderRightWidth"))||0)),a.each(h,function(c,d){g[d]="hide";var e=(""+a.css(b.toShow[0],d)).match(/^([\d+-.]+)(.*)$/);f[d]={value:e[1],unit:e[2]||"px"}}),b.toShow.css({height:0,overflow:"hidden"}).show(),b.toHide.filter(":hidden").each(b.complete).end().filter(":visible").animate(g,{step:function(a,c){c.prop=="height"&&(e=c.end-c.start===0?0:(c.now-c.start)/(c.end-c.start)),b.toShow[0].style[c.prop]=e*f[c.prop].value+f[c.prop].unit},duration:b.duration,easing:b.easing,complete:function(){b.autoHeight||b.toShow.css("height",""),b.toShow.css({width:i,overflow:d}),b.complete()}})},bounceslide:function(a){this.slide(a,{easing:a.down?"easeOutBounce":"swing",duration:a.down?1e3:200})}}})}(jQuery),function(a,b){var c=0;a.widget("ui.autocomplete",{options:{appendTo:"body",autoFocus:!1,delay:300,minLength:1,position:{my:"left top",at:"left bottom",collision:"none"},source:null},pending:0,_create:function(){var b=this,c=this.element[0].ownerDocument,d;this.isMultiLine=this.element.is("textarea"),this.element.addClass("ui-autocomplete-input").attr("autocomplete","off").attr({role:"textbox","aria-autocomplete":"list","aria-haspopup":"true"}).bind("keydown.autocomplete",function(c){if(b.options.disabled||b.element.propAttr("readOnly"))return;d=!1;var e=a.ui.keyCode;switch(c.keyCode){case e.PAGE_UP:b._move("previousPage",c);break;case e.PAGE_DOWN:b._move("nextPage",c);break;case e.UP:b._keyEvent("previous",c);break;case e.DOWN:b._keyEvent("next",c);break;case e.ENTER:case e.NUMPAD_ENTER:b.menu.active&&(d=!0,c.preventDefault());case e.TAB:if(!b.menu.active)return;b.menu.select(c);break;case e.ESCAPE:b.element.val(b.term),b.close(c);break;default:clearTimeout(b.searching),b.searching=setTimeout(function(){b.term!=b.element.val()&&(b.selectedItem=null,b.search(null,c))},b.options.delay)}}).bind("keypress.autocomplete",function(a){d&&(d=!1,a.preventDefault())}).bind("focus.autocomplete",function(){if(b.options.disabled)return;b.selectedItem=null,b.previous=b.element.val()}).bind("blur.autocomplete",function(a){if(b.options.disabled)return;clearTimeout(b.searching),b.closing=setTimeout(function(){b.close(a),b._change(a)},150)}),this._initSource(),this.menu=a("
              ").addClass("ui-autocomplete").appendTo(a(this.options.appendTo||"body",c)[0]).mousedown(function(c){var d=b.menu.element[0];a(c.target).closest(".ui-menu-item").length||setTimeout(function(){a(document).one("mousedown",function(c){c.target!==b.element[0]&&c.target!==d&&!a.ui.contains(d,c.target)&&b.close()})},1),setTimeout(function(){clearTimeout(b.closing)},13)}).menu({focus:function(a,c){var d=c.item.data("item.autocomplete");!1!==b._trigger("focus",a,{item:d})&&/^key/.test(a.originalEvent.type)&&b.element.val(d.value)},selected:function(a,d){var e=d.item.data("item.autocomplete"),f=b.previous;b.element[0]!==c.activeElement&&(b.element.focus(),b.previous=f,setTimeout(function(){b.previous=f,b.selectedItem=e},1)),!1!==b._trigger("select",a,{item:e})&&b.element.val(e.value),b.term=b.element.val(),b.close(a),b.selectedItem=e},blur:function(a,c){b.menu.element.is(":visible")&&b.element.val()!==b.term&&b.element.val(b.term)}}).zIndex(this.element.zIndex()+1).css({top:0,left:0}).hide().data("menu"),a.fn.bgiframe&&this.menu.element.bgiframe(),b.beforeunloadHandler=function(){b.element.removeAttr("autocomplete")},a(window).bind("beforeunload",b.beforeunloadHandler)},destroy:function(){this.element.removeClass("ui-autocomplete-input").removeAttr("autocomplete").removeAttr("role").removeAttr("aria-autocomplete").removeAttr("aria-haspopup"),this.menu.element.remove(),a(window).unbind("beforeunload",this.beforeunloadHandler),a.Widget.prototype.destroy.call(this)},_setOption:function(b,c){a.Widget.prototype._setOption.apply(this,arguments),b==="source"&&this._initSource(),b==="appendTo"&&this.menu.element.appendTo(a(c||"body",this.element[0].ownerDocument)[0]),b==="disabled"&&c&&this.xhr&&this.xhr.abort()},_initSource:function(){var b=this,c,d;a.isArray(this.options.source)?(c=this.options.source,this.source=function(b,d){d(a.ui.autocomplete.filter(c,b.term))}):typeof this.options.source=="string"?(d=this.options.source,this.source=function(c,e){b.xhr&&b.xhr.abort(),b.xhr=a.ajax({url:d,data:c,dataType:"json",success:function(a,b){e(a)},error:function(){e([])}})}):this.source=this.options.source},search:function(a,b){a=a!=null?a:this.element.val(),this.term=this.element.val();if(a.length").data("item.autocomplete",c).append(a("").text(c.label)).appendTo(b)},_move:function(a,b){if(!this.menu.element.is(":visible")){this.search(null,b);return}if(this.menu.first()&&/^previous/.test(a)||this.menu.last()&&/^next/.test(a)){this.element.val(this.term),this.menu.deactivate();return}this.menu[a](b)},widget:function(){return this.menu.element},_keyEvent:function(a,b){if(!this.isMultiLine||this.menu.element.is(":visible"))this._move(a,b),b.preventDefault()}}),a.extend(a.ui.autocomplete,{escapeRegex:function(a){return a.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")},filter:function(b,c){var d=new RegExp(a.ui.autocomplete.escapeRegex(c),"i");return a.grep(b,function(a){return d.test(a.label||a.value||a)})}})}(jQuery),function(a){a.widget("ui.menu",{_create:function(){var b=this;this.element.addClass("ui-menu ui-widget ui-widget-content ui-corner-all").attr({role:"listbox","aria-activedescendant":"ui-active-menuitem"}).click(function(c){if(!a(c.target).closest(".ui-menu-item a").length)return;c.preventDefault(),b.select(c)}),this.refresh()},refresh:function(){var b=this,c=this.element.children("li:not(.ui-menu-item):has(a)").addClass("ui-menu-item").attr("role","menuitem");c.children("a").addClass("ui-corner-all").attr("tabindex",-1).mouseenter(function(c){b.activate(c,a(this).parent())}).mouseleave(function(){b.deactivate()})},activate:function(a,b){this.deactivate();if(this.hasScroll()){var c=b.offset().top-this.element.offset().top,d=this.element.scrollTop(),e=this.element.height();c<0?this.element.scrollTop(d+c):c>=e&&this.element.scrollTop(d+c-e+b.height())}this.active=b.eq(0).children("a").addClass("ui-state-hover").attr("id","ui-active-menuitem").end(),this._trigger("focus",a,{item:b})},deactivate:function(){if(!this.active)return;this.active.children("a").removeClass("ui-state-hover").removeAttr("id"),this._trigger("blur"),this.active=null},next:function(a){this.move("next",".ui-menu-item:first",a)},previous:function(a){this.move("prev",".ui-menu-item:last",a)},first:function(){return this.active&&!this.active.prevAll(".ui-menu-item").length},last:function(){return this.active&&!this.active.nextAll(".ui-menu-item").length},move:function(a,b,c){if(!this.active){this.activate(c,this.element.children(b));return}var d=this.active[a+"All"](".ui-menu-item").eq(0);d.length?this.activate(c,d):this.activate(c,this.element.children(b))},nextPage:function(b){if(this.hasScroll()){if(!this.active||this.last()){this.activate(b,this.element.children(".ui-menu-item:first"));return}var c=this.active.offset().top,d=this.element.height(),e=this.element.children(".ui-menu-item").filter(function(){var b=a(this).offset().top-c-d+a(this).height();return b<10&&b>-10});e.length||(e=this.element.children(".ui-menu-item:last")),this.activate(b,e)}else this.activate(b,this.element.children(".ui-menu-item").filter(!this.active||this.last()?":first":":last"))},previousPage:function(b){if(this.hasScroll()){if(!this.active||this.first()){this.activate(b,this.element.children(".ui-menu-item:last"));return}var c=this.active.offset().top,d=this.element.height(),e=this.element.children(".ui-menu-item").filter(function(){var b=a(this).offset().top-c+d-a(this).height();return b<10&&b>-10});e.length||(e=this.element.children(".ui-menu-item:first")),this.activate(b,e)}else this.activate(b,this.element.children(".ui-menu-item").filter(!this.active||this.first()?":last":":first"))},hasScroll:function(){return this.element.height()",this.element[0].ownerDocument).addClass("ui-button-text").html(this.options.label).appendTo(b.empty()).text(),d=this.options.icons,e=d.primary&&d.secondary,f=[];d.primary||d.secondary?(this.options.text&&f.push("ui-button-text-icon"+(e?"s":d.primary?"-primary":"-secondary")),d.primary&&b.prepend(""),d.secondary&&b.append(""),this.options.text||(f.push(e?"ui-button-icons-only":"ui-button-icon-only"),this.hasTitle||b.attr("title",c))):f.push("ui-button-text-only"),b.addClass(f.join(" "))}}),a.widget("ui.buttonset",{options:{items:":button, :submit, :reset, :checkbox, :radio, a, :data(button)"},_create:function(){this.element.addClass("ui-buttonset")},_init:function(){this.refresh()},_setOption:function(b,c){b==="disabled"&&this.buttons.button("option",b,c),a.Widget.prototype._setOption.apply(this,arguments)},refresh:function(){var b=this.element.css("direction")==="rtl";this.buttons=this.element.find(this.options.items).filter(":ui-button").button("refresh").end().not(":ui-button").button().end().map(function(){return a(this).button("widget")[0]}).removeClass("ui-corner-all ui-corner-left ui-corner-right").filter(":first").addClass(b?"ui-corner-right":"ui-corner-left").end().filter(":last").addClass(b?"ui-corner-left":"ui-corner-right").end().end()},destroy:function(){this.element.removeClass("ui-buttonset"),this.buttons.map(function(){return a(this).button("widget")[0]}).removeClass("ui-corner-left ui-corner-right").end().button("destroy"),a.Widget.prototype.destroy.call(this)}})}(jQuery),function($,undefined){function Datepicker(){this.debug=!1,this._curInst=null,this._keyEvent=!1,this._disabledInputs=[],this._datepickerShowing=!1,this._inDialog=!1,this._mainDivId="ui-datepicker-div",this._inlineClass="ui-datepicker-inline",this._appendClass="ui-datepicker-append",this._triggerClass="ui-datepicker-trigger",this._dialogClass="ui-datepicker-dialog",this._disableClass="ui-datepicker-disabled",this._unselectableClass="ui-datepicker-unselectable",this._currentClass="ui-datepicker-current-day",this._dayOverClass="ui-datepicker-days-cell-over",this.regional=[],this.regional[""]={closeText:"Done",prevText:"Prev",nextText:"Next",currentText:"Today",monthNames:["January","February","March","April","May","June","July","August","September","October","November","December"],monthNamesShort:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],dayNames:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],dayNamesShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],dayNamesMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"mm/dd/yy",firstDay:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""},this._defaults={showOn:"focus",showAnim:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,hideIfNoPrevNext:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,changeYear:!1,yearRange:"c-10:c+10",showOtherMonths:!1,selectOtherMonths:!1,showWeek:!1,calculateWeek:this.iso8601Week,shortYearCutoff:"+10",minDate:null,maxDate:null,duration:"fast",beforeShowDay:null,beforeShow:null,onSelect:null,onChangeMonthYear:null,onClose:null,numberOfMonths:1,showCurrentAtPos:0,stepMonths:1,stepBigMonths:12,altField:"",altFormat:"",constrainInput:!0,showButtonPanel:!1,autoSize:!1,disabled:!1},$.extend(this._defaults,this.regional[""]),this.dpDiv=bindHover($('
              '))}function bindHover(a){var b="button, .ui-datepicker-prev, .ui-datepicker-next, .ui-datepicker-calendar td a";return a.bind("mouseout",function(a){var c=$(a.target).closest(b);if(!c.length)return;c.removeClass("ui-state-hover ui-datepicker-prev-hover ui-datepicker-next-hover")}).bind("mouseover",function(c){var d=$(c.target).closest(b);if($.datepicker._isDisabledDatepicker(instActive.inline?a.parent()[0]:instActive.input[0])||!d.length)return;d.parents(".ui-datepicker-calendar").find("a").removeClass("ui-state-hover"),d.addClass("ui-state-hover"),d.hasClass("ui-datepicker-prev")&&d.addClass("ui-datepicker-prev-hover"),d.hasClass("ui-datepicker-next")&&d.addClass("ui-datepicker-next-hover")})}function extendRemove(a,b){$.extend(a,b);for(var c in b)if(b[c]==null||b[c]==undefined)a[c]=b[c];return a}function isArray(a){return a&&($.browser.safari&&typeof a=="object"&&a.length||a.constructor&&a.constructor.toString().match(/\Array\(\)/))}$.extend($.ui,{datepicker:{version:"1.8.23"}});var PROP_NAME="datepicker",dpuuid=(new Date).getTime(),instActive;$.extend(Datepicker.prototype,{markerClassName:"hasDatepicker",maxRows:4,log:function(){this.debug&&console.log.apply("",arguments)},_widgetDatepicker:function(){return this.dpDiv},setDefaults:function(a){return extendRemove(this._defaults,a||{}),this},_attachDatepicker:function(target,settings){var inlineSettings=null;for(var attrName in this._defaults){var attrValue=target.getAttribute("date:"+attrName);if(attrValue){inlineSettings=inlineSettings||{};try{inlineSettings[attrName]=eval(attrValue)}catch(err){inlineSettings[attrName]=attrValue}}}var nodeName=target.nodeName.toLowerCase(),inline=nodeName=="div"||nodeName=="span";target.id||(this.uuid+=1,target.id="dp"+this.uuid);var inst=this._newInst($(target),inline);inst.settings=$.extend({},settings||{},inlineSettings||{}),nodeName=="input"?this._connectDatepicker(target,inst):inline&&this._inlineDatepicker(target,inst)},_newInst:function(a,b){var c=a[0].id.replace(/([^A-Za-z0-9_-])/g,"\\\\$1");return{id:c,input:a,selectedDay:0,selectedMonth:0,selectedYear:0,drawMonth:0,drawYear:0,inline:b,dpDiv:b?bindHover($('
              ')):this.dpDiv}},_connectDatepicker:function(a,b){var c=$(a);b.append=$([]),b.trigger=$([]);if(c.hasClass(this.markerClassName))return;this._attachments(c,b),c.addClass(this.markerClassName).keydown(this._doKeyDown).keypress(this._doKeyPress).keyup(this._doKeyUp).bind("setData.datepicker",function(a,c,d){b.settings[c]=d}).bind("getData.datepicker",function(a,c){return this._get(b,c)}),this._autoSize(b),$.data(a,PROP_NAME,b),b.settings.disabled&&this._disableDatepicker(a)},_attachments:function(a,b){var c=this._get(b,"appendText"),d=this._get(b,"isRTL");b.append&&b.append.remove(),c&&(b.append=$(''+c+""),a[d?"before":"after"](b.append)),a.unbind("focus",this._showDatepicker),b.trigger&&b.trigger.remove();var e=this._get(b,"showOn");(e=="focus"||e=="both")&&a.focus(this._showDatepicker);if(e=="button"||e=="both"){var f=this._get(b,"buttonText"),g=this._get(b,"buttonImage");b.trigger=$(this._get(b,"buttonImageOnly")?$("").addClass(this._triggerClass).attr({src:g,alt:f,title:f}):$('').addClass(this._triggerClass).html(g==""?f:$("").attr({src:g,alt:f,title:f}))),a[d?"before":"after"](b.trigger),b.trigger.click(function(){return $.datepicker._datepickerShowing&&$.datepicker._lastInput==a[0]?$.datepicker._hideDatepicker():$.datepicker._datepickerShowing&&$.datepicker._lastInput!=a[0]?($.datepicker._hideDatepicker(),$.datepicker._showDatepicker(a[0])):$.datepicker._showDatepicker(a[0]),!1})}},_autoSize:function(a){if(this._get(a,"autoSize")&&!a.inline){var b=new Date(2009,11,20),c=this._get(a,"dateFormat");if(c.match(/[DM]/)){var d=function(a){var b=0,c=0;for(var d=0;db&&(b=a[d].length,c=d);return c};b.setMonth(d(this._get(a,c.match(/MM/)?"monthNames":"monthNamesShort"))),b.setDate(d(this._get(a,c.match(/DD/)?"dayNames":"dayNamesShort"))+20-b.getDay())}a.input.attr("size",this._formatDate(a,b).length)}},_inlineDatepicker:function(a,b){var c=$(a);if(c.hasClass(this.markerClassName))return;c.addClass(this.markerClassName).append(b.dpDiv).bind("setData.datepicker",function(a,c,d){b.settings[c]=d}).bind("getData.datepicker",function(a,c){return this._get(b,c)}),$.data(a,PROP_NAME,b),this._setDate(b,this._getDefaultDate(b),!0),this._updateDatepicker(b),this._updateAlternate(b),b.settings.disabled&&this._disableDatepicker(a),b.dpDiv.css("display","block")},_dialogDatepicker:function(a,b,c,d,e){var f=this._dialogInst;if(!f){this.uuid+=1;var g="dp"+this.uuid;this._dialogInput=$(''),this._dialogInput.keydown(this._doKeyDown),$("body").append(this._dialogInput),f=this._dialogInst=this._newInst(this._dialogInput,!1),f.settings={},$.data(this._dialogInput[0],PROP_NAME,f)}extendRemove(f.settings,d||{}),b=b&&b.constructor==Date?this._formatDate(f,b):b,this._dialogInput.val(b),this._pos=e?e.length?e:[e.pageX,e.pageY]:null;if(!this._pos){var h=document.documentElement.clientWidth,i=document.documentElement.clientHeight,j=document.documentElement.scrollLeft||document.body.scrollLeft,k=document.documentElement.scrollTop||document.body.scrollTop;this._pos=[h/2-100+j,i/2-150+k]}return this._dialogInput.css("left",this._pos[0]+20+"px").css("top",this._pos[1]+"px"),f.settings.onSelect=c,this._inDialog=!0,this.dpDiv.addClass(this._dialogClass),this._showDatepicker(this._dialogInput[0]),$.blockUI&&$.blockUI(this.dpDiv),$.data(this._dialogInput[0],PROP_NAME,f),this},_destroyDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();$.removeData(a,PROP_NAME),d=="input"?(c.append.remove(),c.trigger.remove(),b.removeClass(this.markerClassName).unbind("focus",this._showDatepicker).unbind("keydown",this._doKeyDown).unbind("keypress",this._doKeyPress).unbind("keyup",this._doKeyUp)):(d=="div"||d=="span")&&b.removeClass(this.markerClassName).empty()},_enableDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();if(d=="input")a.disabled=!1,c.trigger.filter("button").each(function(){this.disabled=!1}).end().filter("img").css({opacity:"1.0",cursor:""});else if(d=="div"||d=="span"){var e=b.children("."+this._inlineClass);e.children().removeClass("ui-state-disabled"),e.find("select.ui-datepicker-month, select.ui-datepicker-year").removeAttr("disabled")}this._disabledInputs=$.map(this._disabledInputs,function(b){return b==a?null:b})},_disableDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();if(d=="input")a.disabled=!0,c.trigger.filter("button").each(function(){this.disabled=!0}).end().filter("img").css({opacity:"0.5",cursor:"default"});else if(d=="div"||d=="span"){var e=b.children("."+this._inlineClass);e.children().addClass("ui-state-disabled"),e.find("select.ui-datepicker-month, select.ui-datepicker-year").attr("disabled","disabled")}this._disabledInputs=$.map(this._disabledInputs,function(b){return b==a?null:b}),this._disabledInputs[this._disabledInputs.length]=a},_isDisabledDatepicker:function(a){if(!a)return!1;for(var b=0;b-1}},_doKeyUp:function(a){var b=$.datepicker._getInst(a.target);if(b.input.val()!=b.lastVal)try{var c=$.datepicker.parseDate($.datepicker._get(b,"dateFormat"),b.input?b.input.val():null,$.datepicker._getFormatConfig(b));c&&($.datepicker._setDateFromField(b),$.datepicker._updateAlternate(b),$.datepicker._updateDatepicker(b))}catch(d){$.datepicker.log(d)}return!0},_showDatepicker:function(a){a=a.target||a,a.nodeName.toLowerCase()!="input"&&(a=$("input",a.parentNode)[0]);if($.datepicker._isDisabledDatepicker(a)||$.datepicker._lastInput==a)return;var b=$.datepicker._getInst(a);$.datepicker._curInst&&$.datepicker._curInst!=b&&($.datepicker._curInst.dpDiv.stop(!0,!0),b&&$.datepicker._datepickerShowing&&$.datepicker._hideDatepicker($.datepicker._curInst.input[0]));var c=$.datepicker._get(b,"beforeShow"),d=c?c.apply(a,[a,b]):{};if(d===!1)return;extendRemove(b.settings,d),b.lastVal=null,$.datepicker._lastInput=a,$.datepicker._setDateFromField(b),$.datepicker._inDialog&&(a.value=""),$.datepicker._pos||($.datepicker._pos=$.datepicker._findPos(a),$.datepicker._pos[1]+=a.offsetHeight);var e=!1;$(a).parents().each(function(){return e|=$(this).css("position")=="fixed",!e}),e&&$.browser.opera&&($.datepicker._pos[0]-=document.documentElement.scrollLeft,$.datepicker._pos[1]-=document.documentElement.scrollTop);var f={left:$.datepicker._pos[0],top:$.datepicker._pos[1]};$.datepicker._pos=null,b.dpDiv.empty(),b.dpDiv.css({position:"absolute",display:"block",top:"-1000px"}),$.datepicker._updateDatepicker(b),f=$.datepicker._checkOffset(b,f,e),b.dpDiv.css({position:$.datepicker._inDialog&&$.blockUI?"static":e?"fixed":"absolute",display:"none",left:f.left+"px",top:f.top+"px"});if(!b.inline){var g=$.datepicker._get(b,"showAnim"),h=$.datepicker._get(b,"duration"),i=function(){var a=b.dpDiv.find("iframe.ui-datepicker-cover");if(!!a.length){var c=$.datepicker._getBorders(b.dpDiv);a.css({left:-c[0],top:-c[1],width:b.dpDiv.outerWidth(),height:b.dpDiv.outerHeight()})}};b.dpDiv.zIndex($(a).zIndex()+1),$.datepicker._datepickerShowing=!0,$.effects&&$.effects[g]?b.dpDiv.show(g,$.datepicker._get(b,"showOptions"),h,i):b.dpDiv[g||"show"](g?h:null,i),(!g||!h)&&i(),b.input.is(":visible")&&!b.input.is(":disabled")&&b.input.focus(),$.datepicker._curInst=b}},_updateDatepicker:function(a){var b=this;b.maxRows=4;var c=$.datepicker._getBorders(a.dpDiv);instActive=a,a.dpDiv.empty().append(this._generateHTML(a)),this._attachHandlers(a);var d=a.dpDiv.find("iframe.ui-datepicker-cover");!d.length||d.css({left:-c[0],top:-c[1],width:a.dpDiv.outerWidth(),height:a.dpDiv.outerHeight()}),a.dpDiv.find("."+this._dayOverClass+" a").mouseover();var e=this._getNumberOfMonths(a),f=e[1],g=17;a.dpDiv.removeClass("ui-datepicker-multi-2 ui-datepicker-multi-3 ui-datepicker-multi-4").width(""),f>1&&a.dpDiv.addClass("ui-datepicker-multi-"+f).css("width",g*f+"em"),a.dpDiv[(e[0]!=1||e[1]!=1?"add":"remove")+"Class"]("ui-datepicker-multi"),a.dpDiv[(this._get(a,"isRTL")?"add":"remove")+"Class"]("ui-datepicker-rtl"),a==$.datepicker._curInst&&$.datepicker._datepickerShowing&&a.input&&a.input.is(":visible")&&!a.input.is(":disabled")&&a.input[0]!=document.activeElement&&a.input.focus();if(a.yearshtml){var h=a.yearshtml;setTimeout(function(){h===a.yearshtml&&a.yearshtml&&a.dpDiv.find("select.ui-datepicker-year:first").replaceWith(a.yearshtml),h=a.yearshtml=null},0)}},_getBorders:function(a){var b=function(a){return{thin:1,medium:2,thick:3}[a]||a};return[parseFloat(b(a.css("border-left-width"))),parseFloat(b(a.css("border-top-width")))]},_checkOffset:function(a,b,c){var d=a.dpDiv.outerWidth(),e=a.dpDiv.outerHeight(),f=a.input?a.input.outerWidth():0,g=a.input?a.input.outerHeight():0,h=document.documentElement.clientWidth+(c?0:$(document).scrollLeft()),i=document.documentElement.clientHeight+(c?0:$(document).scrollTop());return b.left-=this._get(a,"isRTL")?d-f:0,b.left-=c&&b.left==a.input.offset().left?$(document).scrollLeft():0,b.top-=c&&b.top==a.input.offset().top+g?$(document).scrollTop():0,b.left-=Math.min(b.left,b.left+d>h&&h>d?Math.abs(b.left+d-h):0),b.top-=Math.min(b.top,b.top+e>i&&i>e?Math.abs(e+g):0),b},_findPos:function(a){var b=this._getInst(a),c=this._get(b,"isRTL");while(a&&(a.type=="hidden"||a.nodeType!=1||$.expr.filters.hidden(a)))a=a[c?"previousSibling":"nextSibling"];var d=$(a).offset();return[d.left,d.top]},_hideDatepicker:function(a){var b=this._curInst;if(!b||a&&b!=$.data(a,PROP_NAME))return;if(this._datepickerShowing){var c=this._get(b,"showAnim"),d=this._get(b,"duration"),e=function(){$.datepicker._tidyDialog(b)};$.effects&&$.effects[c]?b.dpDiv.hide(c,$.datepicker._get(b,"showOptions"),d,e):b.dpDiv[c=="slideDown"?"slideUp":c=="fadeIn"?"fadeOut":"hide"](c?d:null,e),c||e(),this._datepickerShowing=!1;var f=this._get(b,"onClose");f&&f.apply(b.input?b.input[0]:null,[b.input?b.input.val():"",b]),this._lastInput=null,this._inDialog&&(this._dialogInput.css({position:"absolute",left:"0",top:"-100px"}),$.blockUI&&($.unblockUI(),$("body").append(this.dpDiv))),this._inDialog=!1}},_tidyDialog:function(a){a.dpDiv.removeClass(this._dialogClass).unbind(".ui-datepicker-calendar")},_checkExternalClick:function(a){if(!$.datepicker._curInst)return;var b=$(a.target),c=$.datepicker._getInst(b[0]);(b[0].id!=$.datepicker._mainDivId&&b.parents("#"+$.datepicker._mainDivId).length==0&&!b.hasClass($.datepicker.markerClassName)&&!b.closest("."+$.datepicker._triggerClass).length&&$.datepicker._datepickerShowing&&(!$.datepicker._inDialog||!$.blockUI)||b.hasClass($.datepicker.markerClassName)&&$.datepicker._curInst!=c)&&$.datepicker._hideDatepicker()},_adjustDate:function(a,b,c){var d=$(a),e=this._getInst(d[0]);if(this._isDisabledDatepicker(d[0]))return;this._adjustInstDate(e,b+(c=="M"?this._get(e,"showCurrentAtPos"):0),c),this._updateDatepicker(e)},_gotoToday:function(a){var b=$(a),c=this._getInst(b[0]);if(this._get(c,"gotoCurrent")&&c.currentDay)c.selectedDay=c.currentDay,c.drawMonth=c.selectedMonth=c.currentMonth,c.drawYear=c.selectedYear=c.currentYear;else{var d=new Date;c.selectedDay=d.getDate(),c.drawMonth=c.selectedMonth=d.getMonth(),c.drawYear=c.selectedYear=d.getFullYear()}this._notifyChange(c),this._adjustDate(b)},_selectMonthYear:function(a,b,c){var d=$(a),e=this._getInst(d[0]);e["selected"+(c=="M"?"Month":"Year")]=e["draw"+(c=="M"?"Month":"Year")]=parseInt(b.options[b.selectedIndex].value,10),this._notifyChange(e),this._adjustDate(d)},_selectDay:function(a,b,c,d){var e=$(a);if($(d).hasClass(this._unselectableClass)||this._isDisabledDatepicker(e[0]))return;var f=this._getInst(e[0]);f.selectedDay=f.currentDay=$("a",d).html(),f.selectedMonth=f.currentMonth=b,f.selectedYear=f.currentYear=c,this._selectDate(a,this._formatDate(f,f.currentDay,f.currentMonth,f.currentYear))},_clearDate:function(a){var b=$(a),c=this._getInst(b[0]);this._selectDate(b,"")},_selectDate:function(a,b){var c=$(a),d=this._getInst(c[0]);b=b!=null?b:this._formatDate(d),d.input&&d.input.val(b),this._updateAlternate(d);var e=this._get(d,"onSelect");e?e.apply(d.input?d.input[0]:null,[b,d]):d.input&&d.input.trigger("change"),d.inline?this._updateDatepicker(d):(this._hideDatepicker(),this._lastInput=d.input[0],typeof d.input[0]!="object"&&d.input.focus(),this._lastInput=null)},_updateAlternate:function(a){var b=this._get(a,"altField");if(b){var c=this._get(a,"altFormat")||this._get(a,"dateFormat"),d=this._getDate(a),e=this.formatDate(c,d,this._getFormatConfig(a));$(b).each(function(){$(this).val(e)})}},noWeekends:function(a){var b=a.getDay();return[b>0&&b<6,""]},iso8601Week:function(a){var b=new Date(a.getTime());b.setDate(b.getDate()+4-(b.getDay()||7));var c=b.getTime();return b.setMonth(0),b.setDate(1),Math.floor(Math.round((c-b)/864e5)/7)+1},parseDate:function(a,b,c){if(a==null||b==null)throw"Invalid arguments";b=typeof b=="object"?b.toString():b+"";if(b=="")return null;var d=(c?c.shortYearCutoff:null)||this._defaults.shortYearCutoff;d=typeof d!="string"?d:(new Date).getFullYear()%100+parseInt(d,10);var e=(c?c.dayNamesShort:null)||this._defaults.dayNamesShort,f=(c?c.dayNames:null)||this._defaults.dayNames,g=(c?c.monthNamesShort:null)||this._defaults.monthNamesShort,h=(c?c.monthNames:null)||this._defaults.monthNames,i=-1,j=-1,k=-1,l=-1,m=!1,n=function(b){var c=s+1-1){j=1,k=l;do{var u=this._getDaysInMonth(i,j-1);if(k<=u)break;j++,k-=u}while(!0)}var t=this._daylightSavingAdjust(new Date(i,j-1,k));if(t.getFullYear()!=i||t.getMonth()+1!=j||t.getDate()!=k)throw"Invalid date";return t},ATOM:"yy-mm-dd",COOKIE:"D, dd M yy",ISO_8601:"yy-mm-dd",RFC_822:"D, d M y",RFC_850:"DD, dd-M-y",RFC_1036:"D, d M y",RFC_1123:"D, d M yy",RFC_2822:"D, d M yy",RSS:"D, d M y",TICKS:"!",TIMESTAMP:"@",W3C:"yy-mm-dd",_ticksTo1970:(718685+Math.floor(492.5)-Math.floor(19.7)+Math.floor(4.925))*24*60*60*1e7,formatDate:function(a,b,c){if(!b)return"";var d=(c?c.dayNamesShort:null)||this._defaults.dayNamesShort,e=(c?c.dayNames:null)||this._defaults.dayNames,f=(c?c.monthNamesShort:null)||this._defaults.monthNamesShort,g=(c?c.monthNames:null)||this._defaults.monthNames,h=function(b){var c=m+112?a.getHours()+2:0),a):null},_setDate:function(a,b,c){var d=!b,e=a.selectedMonth,f=a.selectedYear,g=this._restrictMinMax(a,this._determineDate(a,b,new Date));a.selectedDay=a.currentDay=g.getDate(),a.drawMonth=a.selectedMonth=a.currentMonth=g.getMonth(),a.drawYear=a.selectedYear=a.currentYear=g.getFullYear(),(e!=a.selectedMonth||f!=a.selectedYear)&&!c&&this._notifyChange(a),this._adjustInstDate(a),a.input&&a.input.val(d?"":this._formatDate(a))},_getDate:function(a){var b=!a.currentYear||a.input&&a.input.val()==""?null:this._daylightSavingAdjust(new Date(a.currentYear,a.currentMonth,a.currentDay));return b},_attachHandlers:function(a){var b=this._get(a,"stepMonths"),c="#"+a.id.replace(/\\\\/g,"\\");a.dpDiv.find("[data-handler]").map(function(){var a={prev:function(){window["DP_jQuery_"+dpuuid].datepicker._adjustDate(c,-b,"M")},next:function(){window["DP_jQuery_"+dpuuid].datepicker._adjustDate(c,+b,"M")},hide:function(){window["DP_jQuery_"+dpuuid].datepicker._hideDatepicker()},today:function(){window["DP_jQuery_"+dpuuid].datepicker._gotoToday(c)},selectDay:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectDay(c,+this.getAttribute("data-month"),+this.getAttribute("data-year"),this),!1},selectMonth:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectMonthYear(c,this,"M"),!1},selectYear:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectMonthYear(c,this,"Y"),!1}};$(this).bind(this.getAttribute("data-event"),a[this.getAttribute("data-handler")])})},_generateHTML:function(a){var b=new Date;b=this._daylightSavingAdjust(new Date(b.getFullYear(),b.getMonth(),b.getDate()));var c=this._get(a,"isRTL"),d=this._get(a,"showButtonPanel"),e=this._get(a,"hideIfNoPrevNext"),f=this._get(a,"navigationAsDateFormat"),g=this._getNumberOfMonths(a),h=this._get(a,"showCurrentAtPos"),i=this._get(a,"stepMonths"),j=g[0]!=1||g[1]!=1,k=this._daylightSavingAdjust(a.currentDay?new Date(a.currentYear,a.currentMonth,a.currentDay):new Date(9999,9,9)),l=this._getMinMaxDate(a,"min"),m=this._getMinMaxDate(a,"max"),n=a.drawMonth-h,o=a.drawYear;n<0&&(n+=12,o--);if(m){var p=this._daylightSavingAdjust(new Date(m.getFullYear(),m.getMonth()-g[0]*g[1]+1,m.getDate()));p=l&&pp)n--,n<0&&(n=11,o--)}a.drawMonth=n,a.drawYear=o;var q=this._get(a,"prevText");q=f?this.formatDate(q,this._daylightSavingAdjust(new Date(o,n-i,1)),this._getFormatConfig(a)):q;var r=this._canAdjustMonth(a,-1,o,n)?''+q+"":e?"":''+q+"",s=this._get(a,"nextText");s=f?this.formatDate(s,this._daylightSavingAdjust(new Date(o,n+i,1)),this._getFormatConfig(a)):s;var t=this._canAdjustMonth(a,1,o,n)?''+s+"":e?"":''+s+"",u=this._get(a,"currentText"),v=this._get(a,"gotoCurrent")&&a.currentDay?k:b;u=f?this.formatDate(u,v,this._getFormatConfig(a)):u;var w=a.inline?"":'",x=d?'
              '+(c?w:"")+(this._isInRange(a,v)?'":"")+(c?"":w)+"
              ":"",y=parseInt(this._get(a,"firstDay"),10);y=isNaN(y)?0:y;var z=this._get(a,"showWeek"),A=this._get(a,"dayNames"),B=this._get(a,"dayNamesShort"),C=this._get(a,"dayNamesMin"),D=this._get(a,"monthNames"),E=this._get(a,"monthNamesShort"),F=this._get(a,"beforeShowDay"),G=this._get(a,"showOtherMonths"),H=this._get(a,"selectOtherMonths"),I=this._get(a,"calculateWeek")||this.iso8601Week,J=this._getDefaultDate(a),K="";for(var L=0;L1)switch(N){case 0:Q+=" ui-datepicker-group-first",P=" ui-corner-"+(c?"right":"left");break;case g[1]-1:Q+=" ui-datepicker-group-last",P=" ui-corner-"+(c?"left":"right");break;default:Q+=" ui-datepicker-group-middle",P=""}Q+='">'}Q+='
              '+(/all|left/.test(P)&&L==0?c?t:r:"")+(/all|right/.test(P)&&L==0?c?r:t:"")+this._generateMonthYearHeader(a,n,o,l,m,L>0||N>0,D,E)+'
              '+"";var R=z?'":"";for(var S=0;S<7;S++){var T=(S+y)%7;R+="=5?' class="ui-datepicker-week-end"':"")+">"+''+C[T]+""}Q+=R+"";var U=this._getDaysInMonth(o,n);o==a.selectedYear&&n==a.selectedMonth&&(a.selectedDay=Math.min(a.selectedDay,U));var V=(this._getFirstDayOfMonth(o,n)-y+7)%7,W=Math.ceil((V+U)/7),X=j?this.maxRows>W?this.maxRows:W:W;this.maxRows=X;var Y=this._daylightSavingAdjust(new Date(o,n,1-V));for(var Z=0;Z";var _=z?'":"";for(var S=0;S<7;S++){var ba=F?F.apply(a.input?a.input[0]:null,[Y]):[!0,""],bb=Y.getMonth()!=n,bc=bb&&!H||!ba[0]||l&&Ym;_+='",Y.setDate(Y.getDate()+1),Y=this._daylightSavingAdjust(Y)}Q+=_+""}n++,n>11&&(n=0,o++),Q+="
              '+this._get(a,"weekHeader")+"
              '+this._get(a,"calculateWeek")(Y)+""+(bb&&!G?" ":bc?''+Y.getDate()+"":''+Y.getDate()+"")+"
              "+(j?"
              "+(g[0]>0&&N==g[1]-1?'
              ':""):""),M+=Q}K+=M}return K+=x+($.browser.msie&&parseInt($.browser.version,10)<7&&!a.inline?'':""),a._keyEvent=!1,K},_generateMonthYearHeader:function(a,b,c,d,e,f,g,h){var i=this._get(a,"changeMonth"),j=this._get(a,"changeYear"),k=this._get(a,"showMonthAfterYear"),l='
              ',m="";if(f||!i)m+=''+g[b]+"";else{var n=d&&d.getFullYear()==c,o=e&&e.getFullYear()==c;m+='"}k||(l+=m+(f||!i||!j?" ":""));if(!a.yearshtml){a.yearshtml="";if(f||!j)l+=''+c+"";else{var q=this._get(a,"yearRange").split(":"),r=(new Date).getFullYear(),s=function(a){var b=a.match(/c[+-].*/)?c+parseInt(a.substring(1),10):a.match(/[+-].*/)?r+parseInt(a,10):parseInt(a,10);return isNaN(b)?r:b},t=s(q[0]),u=Math.max(t,s(q[1]||""));t=d?Math.max(t,d.getFullYear()):t,u=e?Math.min(u,e.getFullYear()):u,a.yearshtml+='",l+=a.yearshtml,a.yearshtml=null}}return l+=this._get(a,"yearSuffix"),k&&(l+=(f||!i||!j?" ":"")+m),l+="
              ",l},_adjustInstDate:function(a,b,c){var d=a.drawYear+(c=="Y"?b:0),e=a.drawMonth+(c=="M"?b:0),f=Math.min(a.selectedDay,this._getDaysInMonth(d,e))+(c=="D"?b:0),g=this._restrictMinMax(a,this._daylightSavingAdjust(new Date(d,e,f)));a.selectedDay=g.getDate(),a.drawMonth=a.selectedMonth=g.getMonth(),a.drawYear=a.selectedYear=g.getFullYear(),(c=="M"||c=="Y")&&this._notifyChange(a)},_restrictMinMax:function(a,b){var c=this._getMinMaxDate(a,"min"),d=this._getMinMaxDate(a,"max"),e=c&&bd?d:e,e},_notifyChange:function(a){var b=this._get(a,"onChangeMonthYear");b&&b.apply(a.input?a.input[0]:null,[a.selectedYear,a.selectedMonth+1,a])},_getNumberOfMonths:function(a){var b=this._get(a,"numberOfMonths");return b==null?[1,1]:typeof b=="number"?[1,b]:b},_getMinMaxDate:function(a,b){return this._determineDate(a,this._get(a,b+"Date"),null)},_getDaysInMonth:function(a,b){return 32-this._daylightSavingAdjust(new Date(a,b,32)).getDate()},_getFirstDayOfMonth:function(a,b){return(new Date(a,b,1)).getDay()},_canAdjustMonth:function(a,b,c,d){var e=this._getNumberOfMonths(a),f=this._daylightSavingAdjust(new Date(c,d+(b<0?b:e[0]*e[1]),1));return b<0&&f.setDate(this._getDaysInMonth(f.getFullYear(),f.getMonth())),this._isInRange(a,f)},_isInRange:function(a,b){var c=this._getMinMaxDate(a,"min"),d=this._getMinMaxDate(a,"max");return(!c||b.getTime()>=c.getTime())&&(!d||b.getTime()<=d.getTime())},_getFormatConfig:function(a){var b=this._get(a,"shortYearCutoff");return b=typeof b!="string"?b:(new Date).getFullYear()%100+parseInt(b,10),{shortYearCutoff:b,dayNamesShort:this._get(a,"dayNamesShort"),dayNames:this._get(a,"dayNames"),monthNamesShort:this._get(a,"monthNamesShort"),monthNames:this._get(a,"monthNames")}},_formatDate:function(a,b,c,d){b||(a.currentDay=a.selectedDay,a.currentMonth=a.selectedMonth,a.currentYear=a.selectedYear);var e=b?typeof b=="object"?b:this._daylightSavingAdjust(new Date(d,c,b)):this._daylightSavingAdjust(new Date(a.currentYear,a.currentMonth,a.currentDay));return this.formatDate(this._get(a,"dateFormat"),e,this._getFormatConfig(a))}}),$.fn.datepicker=function(a){if(!this.length)return this;$.datepicker.initialized||($(document).mousedown($.datepicker._checkExternalClick).find("body").append($.datepicker.dpDiv),$.datepicker.initialized=!0);var b=Array.prototype.slice.call(arguments,1);return typeof a!="string"||a!="isDisabled"&&a!="getDate"&&a!="widget"?a=="option"&&arguments.length==2&&typeof arguments[1]=="string"?$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this[0]].concat(b)):this.each(function(){typeof a=="string"?$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this].concat(b)):$.datepicker._attachDatepicker(this,a)}):$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this[0]].concat(b))},$.datepicker=new Datepicker,$.datepicker.initialized=!1,$.datepicker.uuid=(new Date).getTime(),$.datepicker.version="1.8.23",window["DP_jQuery_"+dpuuid]=$}(jQuery),function(a,b){var c="ui-dialog ui-widget ui-widget-content ui-corner-all ",d={buttons:!0,height:!0,maxHeight:!0,maxWidth:!0,minHeight:!0,minWidth:!0,width:!0},e={maxHeight:!0,maxWidth:!0,minHeight:!0,minWidth:!0};a.widget("ui.dialog",{options:{autoOpen:!0,buttons:{},closeOnEscape:!0,closeText:"close",dialogClass:"",draggable:!0,hide:null,height:"auto",maxHeight:!1,maxWidth:!1,minHeight:150,minWidth:150,modal:!1,position:{my:"center",at:"center",collision:"fit",using:function(b){var c=a(this).css(b).offset().top;c<0&&a(this).css("top",b.top-c)}},resizable:!0,show:null,stack:!0,title:"",width:300,zIndex:1e3},_create:function(){this.originalTitle=this.element.attr("title"),typeof this.originalTitle!="string"&&(this.originalTitle=""),this.options.title=this.options.title||this.originalTitle;var b=this,d=b.options,e=d.title||" ",f=a.ui.dialog.getTitleId(b.element),g=(b.uiDialog=a("
              ")).appendTo(document.body).hide().addClass(c+d.dialogClass).css({zIndex:d.zIndex}).attr("tabIndex",-1).css("outline",0).keydown(function(c){d.closeOnEscape&&!c.isDefaultPrevented()&&c.keyCode&&c.keyCode===a.ui.keyCode.ESCAPE&&(b.close(c),c.preventDefault())}).attr({role:"dialog","aria-labelledby":f}).mousedown(function(a){b.moveToTop(!1,a)}),h=b.element.show().removeAttr("title").addClass("ui-dialog-content ui-widget-content").appendTo(g),i=(b.uiDialogTitlebar=a("
              ")).addClass("ui-dialog-titlebar ui-widget-header ui-corner-all ui-helper-clearfix").prependTo(g),j=a('').addClass("ui-dialog-titlebar-close ui-corner-all").attr("role","button").hover(function(){j.addClass("ui-state-hover")},function(){j.removeClass("ui-state-hover")}).focus(function(){j.addClass("ui-state-focus")}).blur(function(){j.removeClass("ui-state-focus")}).click(function(a){return b.close(a),!1}).appendTo(i),k=(b.uiDialogTitlebarCloseText=a("")).addClass("ui-icon ui-icon-closethick").text(d.closeText).appendTo(j),l=a("").addClass("ui-dialog-title").attr("id",f).html(e).prependTo(i);a.isFunction(d.beforeclose)&&!a.isFunction(d.beforeClose)&&(d.beforeClose=d.beforeclose),i.find("*").add(i).disableSelection(),d.draggable&&a.fn.draggable&&b._makeDraggable(),d.resizable&&a.fn.resizable&&b._makeResizable(),b._createButtons(d.buttons),b._isOpen=!1,a.fn.bgiframe&&g.bgiframe()},_init:function(){this.options.autoOpen&&this.open()},destroy:function(){var a=this;return a.overlay&&a.overlay.destroy(),a.uiDialog.hide(),a.element.unbind(".dialog").removeData("dialog").removeClass("ui-dialog-content ui-widget-content").hide().appendTo("body"),a.uiDialog.remove(),a.originalTitle&&a.element.attr("title",a.originalTitle),a},widget:function(){return this.uiDialog},close:function(b){var c=this,d,e;if(!1===c._trigger("beforeClose",b))return;return c.overlay&&c.overlay.destroy(),c.uiDialog.unbind("keypress.ui-dialog"),c._isOpen=!1,c.options.hide?c.uiDialog.hide(c.options.hide,function(){c._trigger("close",b)}):(c.uiDialog.hide(),c._trigger("close",b)),a.ui.dialog.overlay.resize(),c.options.modal&&(d=0,a(".ui-dialog").each(function(){this!==c.uiDialog[0]&&(e=a(this).css("z-index"),isNaN(e)||(d=Math.max(d,e)))}),a.ui.dialog.maxZ=d),c},isOpen:function(){return this._isOpen},moveToTop:function(b,c){var d=this,e=d.options,f;return e.modal&&!b||!e.stack&&!e.modal?d._trigger("focus",c):(e.zIndex>a.ui.dialog.maxZ&&(a.ui.dialog.maxZ=e.zIndex),d.overlay&&(a.ui.dialog.maxZ+=1,d.overlay.$el.css("z-index",a.ui.dialog.overlay.maxZ=a.ui.dialog.maxZ)),f={scrollTop:d.element.scrollTop(),scrollLeft:d.element.scrollLeft()},a.ui.dialog.maxZ+=1,d.uiDialog.css("z-index",a.ui.dialog.maxZ),d.element.attr(f),d._trigger("focus",c),d)},open:function(){if(this._isOpen)return;var b=this,c=b.options,d=b.uiDialog;return b.overlay=c.modal?new a.ui.dialog.overlay(b):null,b._size(),b._position(c.position),d.show(c.show),b.moveToTop(!0),c.modal&&d.bind("keydown.ui-dialog",function(b){if(b.keyCode!==a.ui.keyCode.TAB)return;var c=a(":tabbable",this),d=c.filter(":first"),e=c.filter(":last");if(b.target===e[0]&&!b.shiftKey)return d.focus(1),!1;if(b.target===d[0]&&b.shiftKey)return e.focus(1),!1}),a(b.element.find(":tabbable").get().concat(d.find(".ui-dialog-buttonpane :tabbable").get().concat(d.get()))).eq(0).focus(),b._isOpen=!0,b._trigger("open"),b},_createButtons:function(b){var c=this,d=!1,e=a("
              ").addClass("ui-dialog-buttonpane ui-widget-content ui-helper-clearfix"),f=a("
              ").addClass("ui-dialog-buttonset").appendTo(e);c.uiDialog.find(".ui-dialog-buttonpane").remove(),typeof b=="object"&&b!==null&&a.each(b,function(){return!(d=!0)}),d&&(a.each(b,function(b,d){d=a.isFunction(d)?{click:d,text:b}:d;var e=a('').click(function(){d.click.apply(c.element[0],arguments)}).appendTo(f);a.each(d,function(a,b){if(a==="click")return;a in e?e[a](b):e.attr(a,b)}),a.fn.button&&e.button()}),e.appendTo(c.uiDialog))},_makeDraggable:function(){function f(a){return{position:a.position,offset:a.offset}}var b=this,c=b.options,d=a(document),e;b.uiDialog.draggable({cancel:".ui-dialog-content, .ui-dialog-titlebar-close",handle:".ui-dialog-titlebar",containment:"document",start:function(d,g){e=c.height==="auto"?"auto":a(this).height(),a(this).height(a(this).height()).addClass("ui-dialog-dragging"),b._trigger("dragStart",d,f(g))},drag:function(a,c){b._trigger("drag",a,f(c))},stop:function(g,h){c.position=[h.position.left-d.scrollLeft(),h.position.top-d.scrollTop()],a(this).removeClass("ui-dialog-dragging").height(e),b._trigger("dragStop",g,f(h)),a.ui.dialog.overlay.resize()}})},_makeResizable:function(c){function h(a){return{originalPosition:a.originalPosition,originalSize:a.originalSize,position:a.position,size:a.size}}c=c===b?this.options.resizable:c;var d=this,e=d.options,f=d.uiDialog.css("position"),g=typeof c=="string"?c:"n,e,s,w,se,sw,ne,nw";d.uiDialog.resizable({cancel:".ui-dialog-content",containment:"document",alsoResize:d.element,maxWidth:e.maxWidth,maxHeight:e.maxHeight,minWidth:e.minWidth,minHeight:d._minHeight(),handles:g,start:function(b,c){a(this).addClass("ui-dialog-resizing"),d._trigger("resizeStart",b,h(c))},resize:function(a,b){d._trigger("resize",a,h(b))},stop:function(b,c){a(this).removeClass("ui-dialog-resizing"),e.height=a(this).height(),e.width=a(this).width(),d._trigger("resizeStop",b,h(c)),a.ui.dialog.overlay.resize()}}).css("position",f).find(".ui-resizable-se").addClass("ui-icon ui-icon-grip-diagonal-se")},_minHeight:function(){var a=this.options;return a.height==="auto"?a.minHeight:Math.min(a.minHeight,a.height)},_position:function(b){var c=[],d=[0,0],e;if(b){if(typeof b=="string"||typeof b=="object"&&"0"in b)c=b.split?b.split(" "):[b[0],b[1]],c.length===1&&(c[1]=c[0]),a.each(["left","top"],function(a,b){+c[a]===c[a]&&(d[a]=c[a],c[a]=b)}),b={my:c.join(" "),at:c.join(" "),offset:d.join(" ")};b=a.extend({},a.ui.dialog.prototype.options.position,b)}else b=a.ui.dialog.prototype.options.position;e=this.uiDialog.is(":visible"),e||this.uiDialog.show(),this.uiDialog.css({top:0,left:0}).position(a.extend({of:window},b)),e||this.uiDialog.hide()},_setOptions:function(b){var c=this,f={},g=!1;a.each(b,function(a,b){c._setOption(a,b),a in d&&(g=!0),a in e&&(f[a]=b)}),g&&this._size(),this.uiDialog.is(":data(resizable)")&&this.uiDialog.resizable("option",f)},_setOption:function(b,d){var e=this,f=e.uiDialog;switch(b){case"beforeclose":b="beforeClose";break;case"buttons":e._createButtons(d);break;case"closeText":e.uiDialogTitlebarCloseText.text(""+d);break;case"dialogClass":f.removeClass(e.options.dialogClass).addClass(c+d);break;case"disabled":d?f.addClass("ui-dialog-disabled"):f.removeClass("ui-dialog-disabled");break;case"draggable":var g=f.is(":data(draggable)");g&&!d&&f.draggable("destroy"),!g&&d&&e._makeDraggable();break;case"position":e._position(d);break;case"resizable":var h=f.is(":data(resizable)");h&&!d&&f.resizable("destroy"),h&&typeof d=="string"&&f.resizable("option","handles",d),!h&&d!==!1&&e._makeResizable(d);break;case"title":a(".ui-dialog-title",e.uiDialogTitlebar).html(""+(d||" "))}a.Widget.prototype._setOption.apply(e,arguments)},_size:function(){var b=this.options,c,d,e=this.uiDialog.is(":visible");this.element.show().css({width:"auto",minHeight:0,height:0}),b.minWidth>b.width&&(b.width=b.minWidth),c=this.uiDialog.css({height:"auto",width:b.width}).height(),d=Math.max(0,b.minHeight-c);if(b.height==="auto")if(a.support.minHeight)this.element.css({minHeight:d,height:"auto"});else{this.uiDialog.show();var f=this.element.css("height","auto").height();e||this.uiDialog.hide(),this.element.height(Math.max(f,d))}else this.element.height(Math.max(b.height-c,0));this.uiDialog.is(":data(resizable)")&&this.uiDialog.resizable("option","minHeight",this._minHeight())}}),a.extend(a.ui.dialog,{version:"1.8.23",uuid:0,maxZ:0,getTitleId:function(a){var b=a.attr("id");return b||(this.uuid+=1,b=this.uuid),"ui-dialog-title-"+b},overlay:function(b){this.$el=a.ui.dialog.overlay.create(b)}}),a.extend(a.ui.dialog.overlay,{instances:[],oldInstances:[],maxZ:0,events:a.map("focus,mousedown,mouseup,keydown,keypress,click".split(","),function(a){return a+".dialog-overlay"}).join(" "),create:function(b){this.instances.length===0&&(setTimeout(function(){a.ui.dialog.overlay.instances.length&&a(document).bind(a.ui.dialog.overlay.events,function(b){if(a(b.target).zIndex()
              ").addClass("ui-widget-overlay")).appendTo(document.body).css({width:this.width(),height:this.height()});return a.fn.bgiframe&&c.bgiframe(),this.instances.push(c),c},destroy:function(b){var c=a.inArray(b,this.instances);c!=-1&&this.oldInstances.push(this.instances.splice(c,1)[0]),this.instances.length===0&&a([document,window]).unbind(".dialog-overlay"),b.remove();var d=0;a.each(this.instances,function(){d=Math.max(d,this.css("z-index"))}),this.maxZ=d},height:function(){var b,c;return a.browser.msie&&a.browser.version<7?(b=Math.max(document.documentElement.scrollHeight,document.body.scrollHeight),c=Math.max(document.documentElement.offsetHeight,document.body.offsetHeight),b0?b.left-e:Math.max(b.left-c.collisionPosition.left,b.left)},top:function(b,c){var d=a(window),e=c.collisionPosition.top+c.collisionHeight-d.height()-d.scrollTop();b.top=e>0?b.top-e:Math.max(b.top-c.collisionPosition.top,b.top)}},flip:{left:function(b,c){if(c.at[0]===e)return;var d=a(window),f=c.collisionPosition.left+c.collisionWidth-d.width()-d.scrollLeft(),g=c.my[0]==="left"?-c.elemWidth:c.my[0]==="right"?c.elemWidth:0,h=c.at[0]==="left"?c.targetWidth:-c.targetWidth,i=-2*c.offset[0];b.left+=c.collisionPosition.left<0?g+h+i:f>0?g+h+i:0},top:function(b,c){if(c.at[1]===e)return;var d=a(window),f=c.collisionPosition.top+c.collisionHeight-d.height()-d.scrollTop(),g=c.my[1]==="top"?-c.elemHeight:c.my[1]==="bottom"?c.elemHeight:0,h=c.at[1]==="top"?c.targetHeight:-c.targetHeight,i=-2*c.offset[1];b.top+=c.collisionPosition.top<0?g+h+i:f>0?g+h+i:0}}},a.offset.setOffset||(a.offset.setOffset=function(b,c){/static/.test(a.curCSS(b,"position"))&&(b.style.position="relative");var d=a(b),e=d.offset(),f=parseInt(a.curCSS(b,"top",!0),10)||0,g=parseInt(a.curCSS(b,"left",!0),10)||0,h={top:c.top-e.top+f,left:c.left-e.left+g};"using"in c?c.using.call(b,h):d.css(h)},a.fn.offset=function(b){var c=this[0];return!c||!c.ownerDocument?null:b?a.isFunction(b)?this.each(function(c){a(this).offset(b.call(this,c,a(this).offset()))}):this.each(function(){a.offset.setOffset(this,b)}):h.call(this)}),a.curCSS||(a.curCSS=a.css),function(){var b=document.getElementsByTagName("body")[0],c=document.createElement("div"),d,e,g,h,i;d=document.createElement(b?"div":"body"),g={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},b&&a.extend(g,{position:"absolute",left:"-1000px",top:"-1000px"});for(var j in g)d.style[j]=g[j];d.appendChild(c),e=b||document.documentElement,e.insertBefore(d,e.firstChild),c.style.cssText="position: absolute; left: 10.7432222px; top: 10.432325px; height: 30px; width: 201px;",h=a(c).offset(function(a,b){return b}).offset(),d.innerHTML="",e.removeChild(d),i=h.top+h.left+(b?2e3:0),f.fractions=i>21&&i<22}()}(jQuery),function(a,b){a.widget("ui.progressbar",{options:{value:0,max:100},min:0,_create:function(){this.element.addClass("ui-progressbar ui-widget ui-widget-content ui-corner-all").attr({role:"progressbar","aria-valuemin":this.min,"aria-valuemax":this.options.max,"aria-valuenow":this._value()}),this.valueDiv=a("
              ").appendTo(this.element),this.oldValue=this._value(),this._refreshValue()},destroy:function(){this.element.removeClass("ui-progressbar ui-widget ui-widget-content ui-corner-all").removeAttr("role").removeAttr("aria-valuemin").removeAttr("aria-valuemax").removeAttr("aria-valuenow"),this.valueDiv.remove(),a.Widget.prototype.destroy.apply(this,arguments)},value:function(a){return a===b?this._value():(this._setOption("value",a),this)},_setOption:function(b,c){b==="value"&&(this.options.value=c,this._refreshValue(),this._value()===this.options.max&&this._trigger("complete")),a.Widget.prototype._setOption.apply(this,arguments)},_value:function(){var a=this.options.value;return typeof a!="number"&&(a=0),Math.min(this.options.max,Math.max(this.min,a))},_percentage:function(){return 100*this._value()/this.options.max},_refreshValue:function(){var a=this.value(),b=this._percentage();this.oldValue!==a&&(this.oldValue=a,this._trigger("change")),this.valueDiv.toggle(a>this.min).toggleClass("ui-corner-right",a===this.options.max).width(b.toFixed(0)+"%"),this.element.attr("aria-valuenow",a)}}),a.extend(a.ui.progressbar,{version:"1.8.23"})}(jQuery),function(a,b){var c=5;a.widget("ui.slider",a.ui.mouse,{widgetEventPrefix:"slide",options:{animate:!1,distance:0,max:100,min:0,orientation:"horizontal",range:!1,step:1,value:0,values:null},_create:function(){var b=this,d=this.options,e=this.element.find(".ui-slider-handle").addClass("ui-state-default ui-corner-all"),f="",g=d.values&&d.values.length||1,h=[];this._keySliding=!1,this._mouseSliding=!1,this._animateOff=!0,this._handleIndex=null,this._detectOrientation(),this._mouseInit(),this.element.addClass("ui-slider ui-slider-"+this.orientation+" ui-widget"+" ui-widget-content"+" ui-corner-all"+(d.disabled?" ui-slider-disabled ui-disabled":"")),this.range=a([]),d.range&&(d.range===!0&&(d.values||(d.values=[this._valueMin(),this._valueMin()]),d.values.length&&d.values.length!==2&&(d.values=[d.values[0],d.values[0]])),this.range=a("
              ").appendTo(this.element).addClass("ui-slider-range ui-widget-header"+(d.range==="min"||d.range==="max"?" ui-slider-range-"+d.range:"")));for(var i=e.length;ic&&(f=c,g=a(this),i=b)}),c.range===!0&&this.values(1)===c.min&&(i+=1,g=a(this.handles[i])),j=this._start(b,i),j===!1?!1:(this._mouseSliding=!0,h._handleIndex=i,g.addClass("ui-state-active").focus(),k=g.offset(),l=!a(b.target).parents().andSelf().is(".ui-slider-handle"),this._clickOffset=l?{left:0,top:0}:{left:b.pageX-k.left-g.width()/2,top:b.pageY-k.top-g.height()/2-(parseInt(g.css("borderTopWidth"),10)||0)-(parseInt(g.css("borderBottomWidth"),10)||0)+(parseInt(g.css("marginTop"),10)||0)},this.handles.hasClass("ui-state-hover")||this._slide(b,i,e),this._animateOff=!0,!0))},_mouseStart:function(a){return!0},_mouseDrag:function(a){var b={x:a.pageX,y:a.pageY},c=this._normValueFromMouse(b);return this._slide(a,this._handleIndex,c),!1},_mouseStop:function(a){return this.handles.removeClass("ui-state-active"),this._mouseSliding=!1,this._stop(a,this._handleIndex),this._change(a,this._handleIndex),this._handleIndex=null,this._clickOffset=null,this._animateOff=!1,!1},_detectOrientation:function(){this.orientation=this.options.orientation==="vertical"?"vertical":"horizontal"},_normValueFromMouse:function(a){var b,c,d,e,f;return this.orientation==="horizontal"?(b=this.elementSize.width,c=a.x-this.elementOffset.left-(this._clickOffset?this._clickOffset.left:0)):(b=this.elementSize.height,c=a.y-this.elementOffset.top-(this._clickOffset?this._clickOffset.top:0)),d=c/b,d>1&&(d=1),d<0&&(d=0),this.orientation==="vertical"&&(d=1-d),e=this._valueMax()-this._valueMin(),f=this._valueMin()+d*e,this._trimAlignValue(f)},_start:function(a,b){var c={handle:this.handles[b],value:this.value()};return this.options.values&&this.options.values.length&&(c.value=this.values(b),c.values=this.values()),this._trigger("start",a,c)},_slide:function(a,b,c){var d,e,f;this.options.values&&this.options.values.length?(d=this.values(b?0:1),this.options.values.length===2&&this.options.range===!0&&(b===0&&c>d||b===1&&c1){this.options.values[b]=this._trimAlignValue(c),this._refreshValue(),this._change(null,b);return}if(!arguments.length)return this._values();if(!a.isArray(arguments[0]))return this.options.values&&this.options.values.length?this._values(b):this.value();d=this.options.values,e=arguments[0];for(f=0;f=this._valueMax())return this._valueMax();var b=this.options.step>0?this.options.step:1,c=(a-this._valueMin())%b,d=a-c;return Math.abs(c)*2>=b&&(d+=c>0?b:-b),parseFloat(d.toFixed(5))},_valueMin:function(){return this.options.min},_valueMax:function(){return this.options.max},_refreshValue:function(){var b=this.options.range,c=this.options,d=this,e=this._animateOff?!1:c.animate,f,g={},h,i,j,k;this.options.values&&this.options.values.length?this.handles.each(function(b,i){f=(d.values(b)-d._valueMin())/(d._valueMax()-d._valueMin())*100,g[d.orientation==="horizontal"?"left":"bottom"]=f+"%",a(this).stop(1,1)[e?"animate":"css"](g,c.animate),d.options.range===!0&&(d.orientation==="horizontal"?(b===0&&d.range.stop(1,1)[e?"animate":"css"]({left:f+"%"},c.animate),b===1&&d.range[e?"animate":"css"]({width:f-h+"%"},{queue:!1,duration:c.animate})):(b===0&&d.range.stop(1,1)[e?"animate":"css"]({bottom:f+"%"},c.animate),b===1&&d.range[e?"animate":"css"]({height:f-h+"%"},{queue:!1,duration:c.animate}))),h=f}):(i=this.value(),j=this._valueMin(),k=this._valueMax(),f=k!==j?(i-j)/(k-j)*100:0,g[d.orientation==="horizontal"?"left":"bottom"]=f+"%",this.handle.stop(1,1)[e?"animate":"css"](g,c.animate),b==="min"&&this.orientation==="horizontal"&&this.range.stop(1,1)[e?"animate":"css"]({width:f+"%"},c.animate),b==="max"&&this.orientation==="horizontal"&&this.range[e?"animate":"css"]({width:100-f+"%"},{queue:!1,duration:c.animate}),b==="min"&&this.orientation==="vertical"&&this.range.stop(1,1)[e?"animate":"css"]({height:f+"%"},c.animate),b==="max"&&this.orientation==="vertical"&&this.range[e?"animate":"css"]({height:100-f+"%"},{queue:!1,duration:c.animate}))}}),a.extend(a.ui.slider,{version:"1.8.23"})}(jQuery),function(a,b){function e(){return++c}function f(){return++d}var c=0,d=0;a.widget("ui.tabs",{options:{add:null,ajaxOptions:null,cache:!1,cookie:null,collapsible:!1,disable:null,disabled:[],enable:null,event:"click",fx:null,idPrefix:"ui-tabs-",load:null,panelTemplate:"
              ",remove:null,select:null,show:null,spinner:"Loading…",tabTemplate:"
            • #{label}
              • "},_create:function(){this._tabify(!0)},_setOption:function(a,b){if(a=="selected"){if(this.options.collapsible&&b==this.options.selected)return;this.select(b)}else this.options[a]=b,this._tabify()},_tabId:function(a){return a.title&&a.title.replace(/\s/g,"_").replace(/[^\w\u00c0-\uFFFF-]/g,"")||this.options.idPrefix+e()},_sanitizeSelector:function(a){return a.replace(/:/g,"\\:")},_cookie:function(){var b=this.cookie||(this.cookie=this.options.cookie.name||"ui-tabs-"+f());return a.cookie.apply(null,[b].concat(a.makeArray(arguments)))},_ui:function(a,b){return{tab:a,panel:b,index:this.anchors.index(a)}},_cleanup:function(){this.lis.filter(".ui-state-processing").removeClass("ui-state-processing").find("span:data(label.tabs)").each(function(){var b=a(this);b.html(b.data("label.tabs")).removeData("label.tabs")})},_tabify:function(c){function m(b,c){b.css("display",""),!a.support.opacity&&c.opacity&&b[0].style.removeAttribute("filter")}var d=this,e=this.options,f=/^#.+/;this.list=this.element.find("ol,ul").eq(0),this.lis=a(" > li:has(a[href])",this.list),this.anchors=this.lis.map(function(){return a("a",this)[0]}),this.panels=a([]),this.anchors.each(function(b,c){var g=a(c).attr("href"),h=g.split("#")[0],i;h&&(h===location.toString().split("#")[0]||(i=a("base")[0])&&h===i.href)&&(g=c.hash,c.href=g);if(f.test(g))d.panels=d.panels.add(d.element.find(d._sanitizeSelector(g)));else if(g&&g!=="#"){a.data(c,"href.tabs",g),a.data(c,"load.tabs",g.replace(/#.*$/,""));var j=d._tabId(c);c.href="#"+j;var k=d.element.find("#"+j);k.length||(k=a(e.panelTemplate).attr("id",j).addClass("ui-tabs-panel ui-widget-content ui-corner-bottom").insertAfter(d.panels[b-1]||d.list),k.data("destroy.tabs",!0)),d.panels=d.panels.add(k)}else e.disabled.push(b)}),c?(this.element.addClass("ui-tabs ui-widget ui-widget-content ui-corner-all"),this.list.addClass("ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all"),this.lis.addClass("ui-state-default ui-corner-top"),this.panels.addClass("ui-tabs-panel ui-widget-content ui-corner-bottom"),e.selected===b?(location.hash&&this.anchors.each(function(a,b){if(b.hash==location.hash)return e.selected=a,!1}),typeof e.selected!="number"&&e.cookie&&(e.selected=parseInt(d._cookie(),10)),typeof e.selected!="number"&&this.lis.filter(".ui-tabs-selected").length&&(e.selected=this.lis.index(this.lis.filter(".ui-tabs-selected"))),e.selected=e.selected||(this.lis.length?0:-1)):e.selected===null&&(e.selected=-1),e.selected=e.selected>=0&&this.anchors[e.selected]||e.selected<0?e.selected:0,e.disabled=a.unique(e.disabled.concat(a.map(this.lis.filter(".ui-state-disabled"),function(a,b){return d.lis.index(a)}))).sort(),a.inArray(e.selected,e.disabled)!=-1&&e.disabled.splice(a.inArray(e.selected,e.disabled),1),this.panels.addClass("ui-tabs-hide"),this.lis.removeClass("ui-tabs-selected ui-state-active"),e.selected>=0&&this.anchors.length&&(d.element.find(d._sanitizeSelector(d.anchors[e.selected].hash)).removeClass("ui-tabs-hide"),this.lis.eq(e.selected).addClass("ui-tabs-selected ui-state-active"),d.element.queue("tabs",function(){d._trigger("show",null,d._ui(d.anchors[e.selected],d.element.find(d._sanitizeSelector(d.anchors[e.selected].hash))[0]))}),this.load(e.selected)),a(window).bind("unload",function(){d.lis.add(d.anchors).unbind(".tabs"),d.lis=d.anchors=d.panels=null})):e.selected=this.lis.index(this.lis.filter(".ui-tabs-selected")),this.element[e.collapsible?"addClass":"removeClass"]("ui-tabs-collapsible"),e.cookie&&this._cookie(e.selected,e.cookie);for(var g=0,h;h=this.lis[g];g++)a(h)[a.inArray(g,e.disabled)!=-1&&!a(h).hasClass("ui-tabs-selected")?"addClass":"removeClass"]("ui-state-disabled");e.cache===!1&&this.anchors.removeData("cache.tabs"),this.lis.add(this.anchors).unbind(".tabs");if(e.event!=="mouseover"){var i=function(a,b){b.is(":not(.ui-state-disabled)")&&b.addClass("ui-state-"+a)},j=function(a,b){b.removeClass("ui-state-"+a)};this.lis.bind("mouseover.tabs",function(){i("hover",a(this))}),this.lis.bind("mouseout.tabs",function(){j("hover",a(this))}),this.anchors.bind("focus.tabs",function(){i("focus",a(this).closest("li"))}),this.anchors.bind("blur.tabs",function(){j("focus",a(this).closest("li"))})}var k,l;e.fx&&(a.isArray(e.fx)?(k=e.fx[0],l=e.fx[1]):k=l=e.fx);var n=l?function(b,c){a(b).closest("li").addClass("ui-tabs-selected ui-state-active"),c.hide().removeClass("ui-tabs-hide").animate(l,l.duration||"normal",function(){m(c,l),d._trigger("show",null,d._ui(b,c[0]))})}:function(b,c){a(b).closest("li").addClass("ui-tabs-selected ui-state-active"),c.removeClass("ui-tabs-hide"),d._trigger("show",null,d._ui(b,c[0]))},o=k?function(a,b){b.animate(k,k.duration||"normal",function(){d.lis.removeClass("ui-tabs-selected ui-state-active"),b.addClass("ui-tabs-hide"),m(b,k),d.element.dequeue("tabs")})}:function(a,b,c){d.lis.removeClass("ui-tabs-selected ui-state-active"),b.addClass("ui-tabs-hide"),d.element.dequeue("tabs")};this.anchors.bind(e.event+".tabs",function(){var b=this,c=a(b).closest("li"),f=d.panels.filter(":not(.ui-tabs-hide)"),g=d.element.find(d._sanitizeSelector(b.hash));if(c.hasClass("ui-tabs-selected")&&!e.collapsible||c.hasClass("ui-state-disabled")||c.hasClass("ui-state-processing")||d.panels.filter(":animated").length||d._trigger("select",null,d._ui(this,g[0]))===!1)return this.blur(),!1;e.selected=d.anchors.index(this),d.abort();if(e.collapsible){if(c.hasClass("ui-tabs-selected"))return e.selected=-1,e.cookie&&d._cookie(e.selected,e.cookie),d.element.queue("tabs",function(){o(b,f)}).dequeue("tabs"),this.blur(),!1;if(!f.length)return e.cookie&&d._cookie(e.selected,e.cookie),d.element.queue("tabs",function(){n(b,g)}),d.load(d.anchors.index(this)),this.blur(),!1}e.cookie&&d._cookie(e.selected,e.cookie);if(g.length)f.length&&d.element.queue("tabs",function(){o(b,f)}),d.element.queue("tabs",function(){n(b,g)}),d.load(d.anchors.index(this));else throw"jQuery UI Tabs: Mismatching fragment identifier.";a.browser.msie&&this.blur()}),this.anchors.bind("click.tabs",function(){return!1})},_getIndex:function(a){return typeof a=="string"&&(a=this.anchors.index(this.anchors.filter("[href$='"+a+"']"))),a},destroy:function(){var b=this.options;return this.abort(),this.element.unbind(".tabs").removeClass("ui-tabs ui-widget ui-widget-content ui-corner-all ui-tabs-collapsible").removeData("tabs"),this.list.removeClass("ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all"),this.anchors.each(function(){var b=a.data(this,"href.tabs");b&&(this.href=b);var c=a(this).unbind(".tabs");a.each(["href","load","cache"],function(a,b){c.removeData(b+".tabs")})}),this.lis.unbind(".tabs").add(this.panels).each(function(){a.data(this,"destroy.tabs")?a(this).remove():a(this).removeClass(["ui-state-default","ui-corner-top","ui-tabs-selected","ui-state-active","ui-state-hover","ui-state-focus","ui-state-disabled","ui-tabs-panel","ui-widget-content","ui-corner-bottom","ui-tabs-hide"].join(" "))}),b.cookie&&this._cookie(null,b.cookie),this},add:function(c,d,e){e===b&&(e=this.anchors.length);var f=this,g=this.options,h=a(g.tabTemplate.replace(/#\{href\}/g,c).replace(/#\{label\}/g,d)),i=c.indexOf("#")?this._tabId(a("a",h)[0]):c.replace("#","");h.addClass("ui-state-default ui-corner-top").data("destroy.tabs",!0);var j=f.element.find("#"+i);return j.length||(j=a(g.panelTemplate).attr("id",i).data("destroy.tabs",!0)),j.addClass("ui-tabs-panel ui-widget-content ui-corner-bottom ui-tabs-hide"),e>=this.lis.length?(h.appendTo(this.list),j.appendTo(this.list[0].parentNode)):(h.insertBefore(this.lis[e]),j.insertBefore(this.panels[e])),g.disabled=a.map(g.disabled,function(a,b){return a>=e?++a:a}),this._tabify(),this.anchors.length==1&&(g.selected=0,h.addClass("ui-tabs-selected ui-state-active"),j.removeClass("ui-tabs-hide"),this.element.queue("tabs",function(){f._trigger("show",null,f._ui(f.anchors[0],f.panels[0]))}),this.load(0)),this._trigger("add",null,this._ui(this.anchors[e],this.panels[e])),this},remove:function(b){b=this._getIndex(b);var c=this.options,d=this.lis.eq(b).remove(),e=this.panels.eq(b).remove();return d.hasClass("ui-tabs-selected")&&this.anchors.length>1&&this.select(b+(b+1=b?--a:a}),this._tabify(),this._trigger("remove",null,this._ui(d.find("a")[0],e[0])),this},enable:function(b){b=this._getIndex(b);var c=this.options;if(a.inArray(b,c.disabled)==-1)return;return this.lis.eq(b).removeClass("ui-state-disabled"),c.disabled=a.grep(c.disabled,function(a,c){return a!=b}),this._trigger("enable",null,this._ui(this.anchors[b],this.panels[b])),this},disable:function(a){a=this._getIndex(a);var b=this,c=this.options;return a!=c.selected&&(this.lis.eq(a).addClass("ui-state-disabled"),c.disabled.push(a),c.disabled.sort(),this._trigger("disable",null,this._ui(this.anchors[a],this.panels[a]))),this},select:function(a){a=this._getIndex(a);if(a==-1)if(this.options.collapsible&&this.options.selected!=-1)a=this.options.selected;else return this;return this.anchors.eq(a).trigger(this.options.event+".tabs"),this},load:function(b){b=this._getIndex(b);var c=this,d=this.options,e=this.anchors.eq(b)[0],f=a.data(e,"load.tabs");this.abort();if(!f||this.element.queue("tabs").length!==0&&a.data(e,"cache.tabs")){this.element.dequeue("tabs");return}this.lis.eq(b).addClass("ui-state-processing");if(d.spinner){var g=a("span",e);g.data("label.tabs",g.html()).html(d.spinner)}return this.xhr=a.ajax(a.extend({},d.ajaxOptions,{url:f,success:function(f,g){c.element.find(c._sanitizeSelector(e.hash)).html(f),c._cleanup(),d.cache&&a.data(e,"cache.tabs",!0),c._trigger("load",null,c._ui(c.anchors[b],c.panels[b]));try{d.ajaxOptions.success(f,g)}catch(h){}},error:function(a,f,g){c._cleanup(),c._trigger("load",null,c._ui(c.anchors[b],c.panels[b]));try{d.ajaxOptions.error(a,f,b,e)}catch(g){}}})),c.element.dequeue("tabs"),this},abort:function(){return this.element.queue([]),this.panels.stop(!1,!0),this.element.queue("tabs",this.element.queue("tabs").splice(-2,2)),this.xhr&&(this.xhr.abort(),delete this.xhr),this._cleanup(),this},url:function(a,b){return this.anchors.eq(a).removeData("cache.tabs").data("load.tabs",b),this},length:function(){return this.anchors.length}}),a.extend(a.ui.tabs,{version:"1.8.23"}),a.extend(a.ui.tabs.prototype,{rotation:null,rotate:function(a,b){var c=this,d=this.options,e=c._rotate||(c._rotate=function(b){clearTimeout(c.rotation),c.rotation=setTimeout(function(){var a=d.selected;c.select(++aGET/resources/js/jquery-ui.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
              Refererhttp://zero.webappsecurity.com/index.html.old
              Accept*/*
              Accept-Encodinggzip, deflate
              Pragmano-cache
              User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
              Hostzero.webappsecurity.com
              ConnectionKeep-Alive
              X-WIPPAscVersion=22.2.0.253
              X-Scan-MemoCategory="Crawl";SID="7CFB1C60E0E413EFCCB63FE59920EAE4";PSID="E008A8CA4FA265733B7FA2EF6BB2C691";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="meta";Source="StaticParser";tht="31";
              X-RequestManager-Memostid="11";stmi="0";sc="1";rid="74918e40";
              X-Request-Memorid="22a58b3f";sc="1";thid="26";
              CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445              HTTP/1.1200OK").outerWidth(1).jquery||a.each(["Width","Height"],function(c,d){function h(b,c,d,f){return a.each(e,function(){c-=parseFloat(a.curCSS(b,"padding"+this,!0))||0,d&&(c-=parseFloat(a.curCSS(b,"border"+this+"Width",!0))||0),f&&(c-=parseFloat(a.curCSS(b,"margin"+this,!0))||0)}),c}var e=d==="Width"?["Left","Right"]:["Top","Bottom"],f=d.toLowerCase(),g={innerWidth:a.fn.innerWidth,innerHeight:a.fn.innerHeight,outerWidth:a.fn.outerWidth,outerHeight:a.fn.outerHeight};a.fn["inner"+d]=function(c){return c===b?g["inner"+d].call(this):this.each(function(){a(this).css(f,h(this,c)+"px")})},a.fn["outer"+d]=function(b,c){return typeof b!="number"?g["outer"+d].call(this,b):this.each(function(){a(this).css(f,h(this,b,!0,c)+"px")})}}),a.extend(a.expr[":"],{data:a.expr.createPseudo?a.expr.createPseudo(function(b){return function(c){return!!a.data(c,b)}}):function(b,c,d){return!!a.data(b,d[3])},focusable:function(b){return c(b,!isNaN(a.attr(b,"tabindex")))},tabbable:function(b){var d=a.attr(b,"tabindex"),e=isNaN(d);return(e||d>=0)&&c(b,!e)}}),a(function(){var b=document.body,c=b.appendChild(c=document.createElement("div"));c.offsetHeight,a.extend(c.style,{minHeight:"100px",height:"auto",padding:0,borderWidth:0}),a.support.minHeight=c.offsetHeight===100,a.support.selectstart="onselectstart"in c,b.removeChild(c).style.display="none"}),a.curCSS||(a.curCSS=a.css),a.extend(a.ui,{plugin:{add:function(b,c,d){var e=a.ui[b].prototype;for(var f in d)e.plugins[f]=e.plugins[f]||[],e.plugins[f].push([c,d[f]])},call:function(a,b,c){var d=a.plugins[b];if(!d||!a.element[0].parentNode)return;for(var e=0;e0?!0:(b[d]=1,e=b[d]>0,b[d]=0,e)},isOverAxis:function(a,b,c){return a>b&&a=9||!!b.button?this._mouseStarted?(this._mouseDrag(b),b.preventDefault()):(this._mouseDistanceMet(b)&&this._mouseDelayMet(b)&&(this._mouseStarted=this._mouseStart(this._mouseDownEvent,b)!==!1,this._mouseStarted?this._mouseDrag(b):this._mouseUp(b)),!this._mouseStarted):this._mouseUp(b)},_mouseUp:function(b){return a(document).unbind("mousemove."+this.widgetName,this._mouseMoveDelegate).unbind("mouseup."+this.widgetName,this._mouseUpDelegate),this._mouseStarted&&(this._mouseStarted=!1,b.target==this._mouseDownEvent.target&&a.data(b.target,this.widgetName+".preventClickEvent",!0),this._mouseStop(b)),!1},_mouseDistanceMet:function(a){return Math.max(Math.abs(this._mouseDownEvent.pageX-a.pageX),Math.abs(this._mouseDownEvent.pageY-a.pageY))>=this.options.distance},_mouseDelayMet:function(a){return this.mouseDelayMet},_mouseStart:function(a){},_mouseDrag:function(a){},_mouseStop:function(a){},_mouseCapture:function(a){return!0}})}(jQuery),function(a,b){a.widget("ui.draggable",a.ui.mouse,{widgetEventPrefix:"drag",options:{addClasses:!0,appendTo:"parent",axis:!1,connectToSortable:!1,containment:!1,cursor:"auto",cursorAt:!1,grid:!1,handle:!1,helper:"original",iframeFix:!1,opacity:!1,refreshPositions:!1,revert:!1,revertDuration:500,scope:"default",scroll:!0,scrollSensitivity:20,scrollSpeed:20,snap:!1,snapMode:"both",snapTolerance:20,stack:!1,zIndex:!1},_create:function(){this.options.helper=="original"&&!/^(?:r|a|f)/.test(this.element.css("position"))&&(this.element[0].style.position="relative"),this.options.addClasses&&this.element.addClass("ui-draggable"),this.options.disabled&&this.element.addClass("ui-draggable-disabled"),this._mouseInit()},destroy:function(){if(!this.element.data("draggable"))return;return this.element.removeData("draggable").unbind(".draggable").removeClass("ui-draggable ui-draggable-dragging ui-draggable-disabled"),this._mouseDestroy(),this},_mouseCapture:function(b){var c=this.options;return this.helper||c.disabled||a(b.target).is(".ui-resizable-handle")?!1:(this.handle=this._getHandle(b),this.handle?(c.iframeFix&&a(c.iframeFix===!0?"iframe":c.iframeFix).each(function(){a('
              ').css({width:this.offsetWidth+"px",height:this.offsetHeight+"px",position:"absolute",opacity:"0.001",zIndex:1e3}).css(a(this).offset()).appendTo("body")}),!0):!1)},_mouseStart:function(b){var c=this.options;return this.helper=this._createHelper(b),this.helper.addClass("ui-draggable-dragging"),this._cacheHelperProportions(),a.ui.ddmanager&&(a.ui.ddmanager.current=this),this._cacheMargins(),this.cssPosition=this.helper.css("position"),this.scrollParent=this.helper.scrollParent(),this.offset=this.positionAbs=this.element.offset(),this.offset={top:this.offset.top-this.margins.top,left:this.offset.left-this.margins.left},a.extend(this.offset,{click:{left:b.pageX-this.offset.left,top:b.pageY-this.offset.top},parent:this._getParentOffset(),relative:this._getRelativeOffset()}),this.originalPosition=this.position=this._generatePosition(b),this.originalPageX=b.pageX,this.originalPageY=b.pageY,c.cursorAt&&this._adjustOffsetFromHelper(c.cursorAt),c.containment&&this._setContainment(),this._trigger("start",b)===!1?(this._clear(),!1):(this._cacheHelperProportions(),a.ui.ddmanager&&!c.dropBehaviour&&a.ui.ddmanager.prepareOffsets(this,b),this._mouseDrag(b,!0),a.ui.ddmanager&&a.ui.ddmanager.dragStart(this,b),!0)},_mouseDrag:function(b,c){this.position=this._generatePosition(b),this.positionAbs=this._convertPositionTo("absolute");if(!c){var d=this._uiHash();if(this._trigger("drag",b,d)===!1)return this._mouseUp({}),!1;this.position=d.position}if(!this.options.axis||this.options.axis!="y")this.helper[0].style.left=this.position.left+"px";if(!this.options.axis||this.options.axis!="x")this.helper[0].style.top=this.position.top+"px";return a.ui.ddmanager&&a.ui.ddmanager.drag(this,b),!1},_mouseStop:function(b){var c=!1;a.ui.ddmanager&&!this.options.dropBehaviour&&(c=a.ui.ddmanager.drop(this,b)),this.dropped&&(c=this.dropped,this.dropped=!1);var d=this.element[0],e=!1;while(d&&(d=d.parentNode))d==document&&(e=!0);if(!e&&this.options.helper==="original")return!1;if(this.options.revert=="invalid"&&!c||this.options.revert=="valid"&&c||this.options.revert===!0||a.isFunction(this.options.revert)&&this.options.revert.call(this.element,c)){var f=this;a(this.helper).animate(this.originalPosition,parseInt(this.options.revertDuration,10),function(){f._trigger("stop",b)!==!1&&f._clear()})}else this._trigger("stop",b)!==!1&&this._clear();return!1},_mouseUp:function(b){return this.options.iframeFix===!0&&a("div.ui-draggable-iframeFix").each(function(){this.parentNode.removeChild(this)}),a.ui.ddmanager&&a.ui.ddmanager.dragStop(this,b),a.ui.mouse.prototype._mouseUp.call(this,b)},cancel:function(){return this.helper.is(".ui-draggable-dragging")?this._mouseUp({}):this._clear(),this},_getHandle:function(b){var c=!this.options.handle||!a(this.options.handle,this.element).length?!0:!1;return a(this.options.handle,this.element).find("*").andSelf().each(function(){this==b.target&&(c=!0)}),c},_createHelper:function(b){var c=this.options,d=a.isFunction(c.helper)?a(c.helper.apply(this.element[0],[b])):c.helper=="clone"?this.element.clone().removeAttr("id"):this.element;return d.parents("body").length||d.appendTo(c.appendTo=="parent"?this.element[0].parentNode:c.appendTo),d[0]!=this.element[0]&&!/(fixed|absolute)/.test(d.css("position"))&&d.css("position","absolute"),d},_adjustOffsetFromHelper:function(b){typeof b=="string"&&(b=b.split(" ")),a.isArray(b)&&(b={left:+b[0],top:+b[1]||0}),"left"in b&&(this.offset.click.left=b.left+this.margins.left),"right"in b&&(this.offset.click.left=this.helperProportions.width-b.right+this.margins.left),"top"in b&&(this.offset.click.top=b.top+this.margins.top),"bottom"in b&&(this.offset.click.top=this.helperProportions.height-b.bottom+this.margins.top)},_getParentOffset:function(){this.offsetParent=this.helper.offsetParent();var b=this.offsetParent.offset();this.cssPosition=="absolute"&&this.scrollParent[0]!=document&&a.ui.contains(this.scrollParent[0],this.offsetParent[0])&&(b.left+=this.scrollParent.scrollLeft(),b.top+=this.scrollParent.scrollTop());if(this.offsetParent[0]==document.body||this.offsetParent[0].tagName&&this.offsetParent[0].tagName.toLowerCase()=="html"&&a.browser.msie)b={top:0,left:0};return{top:b.top+(parseInt(this.offsetParent.css("borderTopWidth"),10)||0),left:b.left+(parseInt(this.offsetParent.css("borderLeftWidth"),10)||0)}},_getRelativeOffset:function(){if(this.cssPosition=="relative"){var a=this.element.position();return{top:a.top-(parseInt(this.helper.css("top"),10)||0)+this.scrollParent.scrollTop(),left:a.left-(parseInt(this.helper.css("left"),10)||0)+this.scrollParent.scrollLeft()}}return{top:0,left:0}},_cacheMargins:function(){this.margins={left:parseInt(this.element.css("marginLeft"),10)||0,top:parseInt(this.element.css("marginTop"),10)||0,right:parseInt(this.element.css("marginRight"),10)||0,bottom:parseInt(this.element.css("marginBottom"),10)||0}},_cacheHelperProportions:function(){this.helperProportions={width:this.helper.outerWidth(),height:this.helper.outerHeight()}},_setContainment:function(){var b=this.options;b.containment=="parent"&&(b.containment=this.helper[0].parentNode);if(b.containment=="document"||b.containment=="window")this.containment=[b.containment=="document"?0:a(window).scrollLeft()-this.offset.relative.left-this.offset.parent.left,b.containment=="document"?0:a(window).scrollTop()-this.offset.relative.top-this.offset.parent.top,(b.containment=="document"?0:a(window).scrollLeft())+a(b.containment=="document"?document:window).width()-this.helperProportions.width-this.margins.left,(b.containment=="document"?0:a(window).scrollTop())+(a(b.containment=="document"?document:window).height()||document.body.parentNode.scrollHeight)-this.helperProportions.height-this.margins.top];if(!/^(document|window|parent)$/.test(b.containment)&&b.containment.constructor!=Array){var c=a(b.containment),d=c[0];if(!d)return;var e=c.offset(),f=a(d).css("overflow")!="hidden";this.containment=[(parseInt(a(d).css("borderLeftWidth"),10)||0)+(parseInt(a(d).css("paddingLeft"),10)||0),(parseInt(a(d).css("borderTopWidth"),10)||0)+(parseInt(a(d).css("paddingTop"),10)||0),(f?Math.max(d.scrollWidth,d.offsetWidth):d.offsetWidth)-(parseInt(a(d).css("borderLeftWidth"),10)||0)-(parseInt(a(d).css("paddingRight"),10)||0)-this.helperProportions.width-this.margins.left-this.margins.right,(f?Math.max(d.scrollHeight,d.offsetHeight):d.offsetHeight)-(parseInt(a(d).css("borderTopWidth"),10)||0)-(parseInt(a(d).css("paddingBottom"),10)||0)-this.helperProportions.height-this.margins.top-this.margins.bottom],this.relative_container=c}else b.containment.constructor==Array&&(this.containment=b.containment)},_convertPositionTo:function(b,c){c||(c=this.position);var d=b=="absolute"?1:-1,e=this.options,f=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,g=/(html|body)/i.test(f[0].tagName);return{top:c.top+this.offset.relative.top*d+this.offset.parent.top*d-(a.browser.safari&&a.browser.version<526&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollTop():g?0:f.scrollTop())*d),left:c.left+this.offset.relative.left*d+this.offset.parent.left*d-(a.browser.safari&&a.browser.version<526&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollLeft():g?0:f.scrollLeft())*d)}},_generatePosition:function(b){var c=this.options,d=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,e=/(html|body)/i.test(d[0].tagName),f=b.pageX,g=b.pageY;if(this.originalPosition){var h;if(this.containment){if(this.relative_container){var i=this.relative_container.offset();h=[this.containment[0]+i.left,this.containment[1]+i.top,this.containment[2]+i.left,this.containment[3]+i.top]}else h=this.containment;b.pageX-this.offset.click.lefth[2]&&(f=h[2]+this.offset.click.left),b.pageY-this.offset.click.top>h[3]&&(g=h[3]+this.offset.click.top)}if(c.grid){var j=c.grid[1]?this.originalPageY+Math.round((g-this.originalPageY)/c.grid[1])*c.grid[1]:this.originalPageY;g=h?j-this.offset.click.toph[3]?j-this.offset.click.toph[2]?k-this.offset.click.left=0;k--){var l=d.snapElements[k].left,m=l+d.snapElements[k].width,n=d.snapElements[k].top,o=n+d.snapElements[k].height;if(!(l-f=k&&g<=l||h>=k&&h<=l||gl)&&(e>=i&&e<=j||f>=i&&f<=j||ej);default:return!1}},a.ui.ddmanager={current:null,droppables:{"default":[]},prepareOffsets:function(b,c){var d=a.ui.ddmanager.droppables[b.options.scope]||[],e=c?c.type:null,f=(b.currentItem||b.element).find(":data(droppable)").andSelf();g:for(var h=0;h
              ').css({position:this.element.css("position"),width:this.element.outerWidth(),height:this.element.outerHeight(),top:this.element.css("top"),left:this.element.css("left")})),this.element=this.element.parent().data("resizable",this.element.data("resizable")),this.elementIsWrapper=!0,this.element.css({marginLeft:this.originalElement.css("marginLeft"),marginTop:this.originalElement.css("marginTop"),marginRight:this.originalElement.css("marginRight"),marginBottom:this.originalElement.css("marginBottom")}),this.originalElement.css({marginLeft:0,marginTop:0,marginRight:0,marginBottom:0}),this.originalResizeStyle=this.originalElement.css("resize"),this.originalElement.css("resize","none"),this._proportionallyResizeElements.push(this.originalElement.css({position:"static",zoom:1,display:"block"})),this.originalElement.css({margin:this.originalElement.css("margin")}),this._proportionallyResize()),this.handles=c.handles||(a(".ui-resizable-handle",this.element).length?{n:".ui-resizable-n",e:".ui-resizable-e",s:".ui-resizable-s",w:".ui-resizable-w",se:".ui-resizable-se",sw:".ui-resizable-sw",ne:".ui-resizable-ne",nw:".ui-resizable-nw"}:"e,s,se");if(this.handles.constructor==String){this.handles=="all"&&(this.handles="n,e,s,w,se,sw,ne,nw");var d=this.handles.split(",");this.handles={};for(var e=0;e
              ');h.css({zIndex:c.zIndex}),"se"==f&&h.addClass("ui-icon ui-icon-gripsmall-diagonal-se"),this.handles[f]=".ui-resizable-"+f,this.element.append(h)}}this._renderAxis=function(b){b=b||this.element;for(var c in this.handles){this.handles[c].constructor==String&&(this.handles[c]=a(this.handles[c],this.element).show());if(this.elementIsWrapper&&this.originalElement[0].nodeName.match(/textarea|input|select|button/i)){var d=a(this.handles[c],this.element),e=0;e=/sw|ne|nw|se|n|s/.test(c)?d.outerHeight():d.outerWidth();var f=["padding",/ne|nw|n/.test(c)?"Top":/se|sw|s/.test(c)?"Bottom":/^e$/.test(c)?"Right":"Left"].join("");b.css(f,e),this._proportionallyResize()}if(!a(this.handles[c]).length)continue}},this._renderAxis(this.element),this._handles=a(".ui-resizable-handle",this.element).disableSelection(),this._handles.mouseover(function(){if(!b.resizing){if(this.className)var a=this.className.match(/ui-resizable-(se|sw|ne|nw|n|e|s|w)/i);b.axis=a&&a[1]?a[1]:"se"}}),c.autoHide&&(this._handles.hide(),a(this.element).addClass("ui-resizable-autohide").hover(function(){if(c.disabled)return;a(this).removeClass("ui-resizable-autohide"),b._handles.show()},function(){if(c.disabled)return;b.resizing||(a(this).addClass("ui-resizable-autohide"),b._handles.hide())})),this._mouseInit()},destroy:function(){this._mouseDestroy();var b=function(b){a(b).removeClass("ui-resizable ui-resizable-disabled ui-resizable-resizing").removeData("resizable").unbind(".resizable").find(".ui-resizable-handle").remove()};if(this.elementIsWrapper){b(this.element);var c=this.element;c.after(this.originalElement.css({position:c.css("position"),width:c.outerWidth(),height:c.outerHeight(),top:c.css("top"),left:c.css("left")})).remove()}return this.originalElement.css("resize",this.originalResizeStyle),b(this.originalElement),this},_mouseCapture:function(b){var c=!1;for(var d in this.handles)a(this.handles[d])[0]==b.target&&(c=!0);return!this.options.disabled&&c},_mouseStart:function(b){var d=this.options,e=this.element.position(),f=this.element;this.resizing=!0,this.documentScroll={top:a(document).scrollTop(),left:a(document).scrollLeft()},(f.is(".ui-draggable")||/absolute/.test(f.css("position")))&&f.css({position:"absolute",top:e.top,left:e.left}),this._renderProxy();var g=c(this.helper.css("left")),h=c(this.helper.css("top"));d.containment&&(g+=a(d.containment).scrollLeft()||0,h+=a(d.containment).scrollTop()||0),this.offset=this.helper.offset(),this.position={left:g,top:h},this.size=this._helper?{width:f.outerWidth(),height:f.outerHeight()}:{width:f.width(),height:f.height()},this.originalSize=this._helper?{width:f.outerWidth(),height:f.outerHeight()}:{width:f.width(),height:f.height()},this.originalPosition={left:g,top:h},this.sizeDiff={width:f.outerWidth()-f.width(),height:f.outerHeight()-f.height()},this.originalMousePosition={left:b.pageX,top:b.pageY},this.aspectRatio=typeof d.aspectRatio=="number"?d.aspectRatio:this.originalSize.width/this.originalSize.height||1;var i=a(".ui-resizable-"+this.axis).css("cursor");return a("body").css("cursor",i=="auto"?this.axis+"-resize":i),f.addClass("ui-resizable-resizing"),this._propagate("start",b),!0},_mouseDrag:function(b){var c=this.helper,d=this.options,e={},f=this,g=this.originalMousePosition,h=this.axis,i=b.pageX-g.left||0,j=b.pageY-g.top||0,k=this._change[h];if(!k)return!1;var l=k.apply(this,[b,i,j]),m=a.browser.msie&&a.browser.version<7,n=this.sizeDiff;this._updateVirtualBoundaries(b.shiftKey);if(this._aspectRatio||b.shiftKey)l=this._updateRatio(l,b);return l=this._respectSize(l,b),this._propagate("resize",b),c.css({top:this.position.top+"px",left:this.position.left+"px",width:this.size.width+"px",height:this.size.height+"px"}),!this._helper&&this._proportionallyResizeElements.length&&this._proportionallyResize(),this._updateCache(l),this._trigger("resize",b,this.ui()),!1},_mouseStop:function(b){this.resizing=!1;var c=this.options,d=this;if(this._helper){var e=this._proportionallyResizeElements,f=e.length&&/textarea/i.test(e[0].nodeName),g=f&&a.ui.hasScroll(e[0],"left")?0:d.sizeDiff.height,h=f?0:d.sizeDiff.width,i={width:d.helper.width()-h,height:d.helper.height()-g},j=parseInt(d.element.css("left"),10)+(d.position.left-d.originalPosition.left)||null,k=parseInt(d.element.css("top"),10)+(d.position.top-d.originalPosition.top)||null;c.animate||this.element.css(a.extend(i,{top:k,left:j})),d.helper.height(d.size.height),d.helper.width(d.size.width),this._helper&&!c.animate&&this._proportionallyResize()}return a("body").css("cursor","auto"),this.element.removeClass("ui-resizable-resizing"),this._propagate("stop",b),this._helper&&this.helper.remove(),!1},_updateVirtualBoundaries:function(a){var b=this.options,c,e,f,g,h;h={minWidth:d(b.minWidth)?b.minWidth:0,maxWidth:d(b.maxWidth)?b.maxWidth:Infinity,minHeight:d(b.minHeight)?b.minHeight:0,maxHeight:d(b.maxHeight)?b.maxHeight:Infinity};if(this._aspectRatio||a)c=h.minHeight*this.aspectRatio,f=h.minWidth/this.aspectRatio,e=h.maxHeight*this.aspectRatio,g=h.maxWidth/this.aspectRatio,c>h.minWidth&&(h.minWidth=c),f>h.minHeight&&(h.minHeight=f),ea.width,k=d(a.height)&&e.minHeight&&e.minHeight>a.height;j&&(a.width=e.minWidth),k&&(a.height=e.minHeight),h&&(a.width=e.maxWidth),i&&(a.height=e.maxHeight);var l=this.originalPosition.left+this.originalSize.width,m=this.position.top+this.size.height,n=/sw|nw|w/.test(g),o=/nw|ne|n/.test(g);j&&n&&(a.left=l-e.minWidth),h&&n&&(a.left=l-e.maxWidth),k&&o&&(a.top=m-e.minHeight),i&&o&&(a.top=m-e.maxHeight);var p=!a.width&&!a.height;return p&&!a.left&&a.top?a.top=null:p&&!a.top&&a.left&&(a.left=null),a},_proportionallyResize:function(){var b=this.options;if(!this._proportionallyResizeElements.length)return;var c=this.helper||this.element;for(var d=0;d
              ');var d=a.browser.msie&&a.browser.version<7,e=d?1:0,f=d?2:-1;this.helper.addClass(this._helper).css({width:this.element.outerWidth()+f,height:this.element.outerHeight()+f,position:"absolute",left:this.elementOffset.left-e+"px",top:this.elementOffset.top-e+"px",zIndex:++c.zIndex}),this.helper.appendTo("body").disableSelection()}else this.helper=this.element},_change:{e:function(a,b,c){return{width:this.originalSize.width+b}},w:function(a,b,c){var d=this.options,e=this.originalSize,f=this.originalPosition;return{left:f.left+b,width:e.width-b}},n:function(a,b,c){var d=this.options,e=this.originalSize,f=this.originalPosition;return{top:f.top+c,height:e.height-c}},s:function(a,b,c){return{height:this.originalSize.height+c}},se:function(b,c,d){return a.extend(this._change.s.apply(this,arguments),this._change.e.apply(this,[b,c,d]))},sw:function(b,c,d){return a.extend(this._change.s.apply(this,arguments),this._change.w.apply(this,[b,c,d]))},ne:function(b,c,d){return a.extend(this._change.n.apply(this,arguments),this._change.e.apply(this,[b,c,d]))},nw:function(b,c,d){return a.extend(this._change.n.apply(this,arguments),this._change.w.apply(this,[b,c,d]))}},_propagate:function(b,c){a.ui.plugin.call(this,b,[c,this.ui()]),b!="resize"&&this._trigger(b,c,this.ui())},plugins:{},ui:function(){return{originalElement:this.originalElement,element:this.element,helper:this.helper,position:this.position,size:this.size,originalSize:this.originalSize,originalPosition:this.originalPosition}}}),a.extend(a.ui.resizable,{version:"1.8.23"}),a.ui.plugin.add("resizable","alsoResize",{start:function(b,c){var d=a(this).data("resizable"),e=d.options,f=function(b){a(b).each(function(){var b=a(this);b.data("resizable-alsoresize",{width:parseInt(b.width(),10),height:parseInt(b.height(),10),left:parseInt(b.css("left"),10),top:parseInt(b.css("top"),10)})})};typeof e.alsoResize=="object"&&!e.alsoResize.parentNode?e.alsoResize.length?(e.alsoResize=e.alsoResize[0],f(e.alsoResize)):a.each(e.alsoResize,function(a){f(a)}):f(e.alsoResize)},resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.originalSize,g=d.originalPosition,h={height:d.size.height-f.height||0,width:d.size.width-f.width||0,top:d.position.top-g.top||0,left:d.position.left-g.left||0},i=function(b,d){a(b).each(function(){var b=a(this),e=a(this).data("resizable-alsoresize"),f={},g=d&&d.length?d:b.parents(c.originalElement[0]).length?["width","height"]:["width","height","top","left"];a.each(g,function(a,b){var c=(e[b]||0)+(h[b]||0);c&&c>=0&&(f[b]=c||null)}),b.css(f)})};typeof e.alsoResize=="object"&&!e.alsoResize.nodeType?a.each(e.alsoResize,function(a,b){i(a,b)}):i(e.alsoResize)},stop:function(b,c){a(this).removeData("resizable-alsoresize")}}),a.ui.plugin.add("resizable","animate",{stop:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d._proportionallyResizeElements,g=f.length&&/textarea/i.test(f[0].nodeName),h=g&&a.ui.hasScroll(f[0],"left")?0:d.sizeDiff.height,i=g?0:d.sizeDiff.width,j={width:d.size.width-i,height:d.size.height-h},k=parseInt(d.element.css("left"),10)+(d.position.left-d.originalPosition.left)||null,l=parseInt(d.element.css("top"),10)+(d.position.top-d.originalPosition.top)||null;d.element.animate(a.extend(j,l&&k?{top:l,left:k}:{}),{duration:e.animateDuration,easing:e.animateEasing,step:function(){var c={width:parseInt(d.element.css("width"),10),height:parseInt(d.element.css("height"),10),top:parseInt(d.element.css("top"),10),left:parseInt(d.element.css("left"),10)};f&&f.length&&a(f[0]).css({width:c.width,height:c.height}),d._updateCache(c),d._propagate("resize",b)}})}}),a.ui.plugin.add("resizable","containment",{start:function(b,d){var e=a(this).data("resizable"),f=e.options,g=e.element,h=f.containment,i=h instanceof a?h.get(0):/parent/.test(h)?g.parent().get(0):h;if(!i)return;e.containerElement=a(i);if(/document/.test(h)||h==document)e.containerOffset={left:0,top:0},e.containerPosition={left:0,top:0},e.parentData={element:a(document),left:0,top:0,width:a(document).width(),height:a(document).height()||document.body.parentNode.scrollHeight};else{var j=a(i),k=[];a(["Top","Right","Left","Bottom"]).each(function(a,b){k[a]=c(j.css("padding"+b))}),e.containerOffset=j.offset(),e.containerPosition=j.position(),e.containerSize={height:j.innerHeight()-k[3],width:j.innerWidth()-k[1]};var l=e.containerOffset,m=e.containerSize.height,n=e.containerSize.width,o=a.ui.hasScroll(i,"left")?i.scrollWidth:n,p=a.ui.hasScroll(i)?i.scrollHeight:m;e.parentData={element:i,left:l.left,top:l.top,width:o,height:p}}},resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.containerSize,g=d.containerOffset,h=d.size,i=d.position,j=d._aspectRatio||b.shiftKey,k={top:0,left:0},l=d.containerElement;l[0]!=document&&/static/.test(l.css("position"))&&(k=g),i.left<(d._helper?g.left:0)&&(d.size.width=d.size.width+(d._helper?d.position.left-g.left:d.position.left-k.left),j&&(d.size.height=d.size.width/d.aspectRatio),d.position.left=e.helper?g.left:0),i.top<(d._helper?g.top:0)&&(d.size.height=d.size.height+(d._helper?d.position.top-g.top:d.position.top),j&&(d.size.width=d.size.height*d.aspectRatio),d.position.top=d._helper?g.top:0),d.offset.left=d.parentData.left+d.position.left,d.offset.top=d.parentData.top+d.position.top;var m=Math.abs((d._helper?d.offset.left-k.left:d.offset.left-k.left)+d.sizeDiff.width),n=Math.abs((d._helper?d.offset.top-k.top:d.offset.top-g.top)+d.sizeDiff.height),o=d.containerElement.get(0)==d.element.parent().get(0),p=/relative|absolute/.test(d.containerElement.css("position"));o&&p&&(m-=d.parentData.left),m+d.size.width>=d.parentData.width&&(d.size.width=d.parentData.width-m,j&&(d.size.height=d.size.width/d.aspectRatio)),n+d.size.height>=d.parentData.height&&(d.size.height=d.parentData.height-n,j&&(d.size.width=d.size.height*d.aspectRatio))},stop:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.position,g=d.containerOffset,h=d.containerPosition,i=d.containerElement,j=a(d.helper),k=j.offset(),l=j.outerWidth()-d.sizeDiff.width,m=j.outerHeight()-d.sizeDiff.height;d._helper&&!e.animate&&/relative/.test(i.css("position"))&&a(this).css({left:k.left-h.left-g.left,width:l,height:m}),d._helper&&!e.animate&&/static/.test(i.css("position"))&&a(this).css({left:k.left-h.left-g.left,width:l,height:m})}}),a.ui.plugin.add("resizable","ghost",{start:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.size;d.ghost=d.originalElement.clone(),d.ghost.css({opacity:.25,display:"block",position:"relative",height:f.height,width:f.width,margin:0,left:0,top:0}).addClass("ui-resizable-ghost").addClass(typeof e.ghost=="string"?e.ghost:""),d.ghost.appendTo(d.helper)},resize:function(b,c){var d=a(this).data("resizable"),e=d.options;d.ghost&&d.ghost.css({position:"relative",height:d.size.height,width:d.size.width})},stop:function(b,c){var d=a(this).data("resizable"),e=d.options;d.ghost&&d.helper&&d.helper.get(0).removeChild(d.ghost.get(0))}}),a.ui.plugin.add("resizable","grid",{resize:function(b,c){var d=a(this).data("resizable"),e=d.options,f=d.size,g=d.originalSize,h=d.originalPosition,i=d.axis,j=e._aspectRatio||b.shiftKey;e.grid=typeof e.grid=="number"?[e.grid,e.grid]:e.grid;var k=Math.round((f.width-g.width)/(e.grid[0]||1))*(e.grid[0]||1),l=Math.round((f.height-g.height)/(e.grid[1]||1))*(e.grid[1]||1);/^(se|s|e)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l):/^(ne)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l,d.position.top=h.top-l):/^(sw)$/.test(i)?(d.size.width=g.width+k,d.size.height=g.height+l,d.position.left=h.left-k):(d.size.width=g.width+k,d.size.height=g.height+l,d.position.top=h.top-l,d.position.left=h.left-k)}});var c=function(a){return parseInt(a,10)||0},d=function(a){return!isNaN(parseInt(a,10))}}(jQuery),function(a,b){a.widget("ui.selectable",a.ui.mouse,{options:{appendTo:"body",autoRefresh:!0,distance:0,filter:"*",tolerance:"touch"},_create:function(){var b=this;this.element.addClass("ui-selectable"),this.dragged=!1;var c;this.refresh=function(){c=a(b.options.filter,b.element[0]),c.addClass("ui-selectee"),c.each(function(){var b=a(this),c=b.offset();a.data(this,"selectable-item",{element:this,$element:b,left:c.left,top:c.top,right:c.left+b.outerWidth(),bottom:c.top+b.outerHeight(),startselected:!1,selected:b.hasClass("ui-selected"),selecting:b.hasClass("ui-selecting"),unselecting:b.hasClass("ui-unselecting")})})},this.refresh(),this.selectees=c.addClass("ui-selectee"),this._mouseInit(),this.helper=a("
              ")},destroy:function(){return this.selectees.removeClass("ui-selectee").removeData("selectable-item"),this.element.removeClass("ui-selectable ui-selectable-disabled").removeData("selectable").unbind(".selectable"),this._mouseDestroy(),this},_mouseStart:function(b){var c=this;this.opos=[b.pageX,b.pageY];if(this.options.disabled)return;var d=this.options;this.selectees=a(d.filter,this.element[0]),this._trigger("start",b),a(d.appendTo).append(this.helper),this.helper.css({left:b.clientX,top:b.clientY,width:0,height:0}),d.autoRefresh&&this.refresh(),this.selectees.filter(".ui-selected").each(function(){var d=a.data(this,"selectable-item");d.startselected=!0,!b.metaKey&&!b.ctrlKey&&(d.$element.removeClass("ui-selected"),d.selected=!1,d.$element.addClass("ui-unselecting"),d.unselecting=!0,c._trigger("unselecting",b,{unselecting:d.element}))}),a(b.target).parents().andSelf().each(function(){var d=a.data(this,"selectable-item");if(d){var e=!b.metaKey&&!b.ctrlKey||!d.$element.hasClass("ui-selected");return d.$element.removeClass(e?"ui-unselecting":"ui-selected").addClass(e?"ui-selecting":"ui-unselecting"),d.unselecting=!e,d.selecting=e,d.selected=e,e?c._trigger("selecting",b,{selecting:d.element}):c._trigger("unselecting",b,{unselecting:d.element}),!1}})},_mouseDrag:function(b){var c=this;this.dragged=!0;if(this.options.disabled)return;var d=this.options,e=this.opos[0],f=this.opos[1],g=b.pageX,h=b.pageY;if(e>g){var i=g;g=e,e=i}if(f>h){var i=h;h=f,f=i}return this.helper.css({left:e,top:f,width:g-e,height:h-f}),this.selectees.each(function(){var i=a.data(this,"selectable-item");if(!i||i.element==c.element[0])return;var j=!1;d.tolerance=="touch"?j=!(i.left>g||i.righth||i.bottome&&i.rightf&&i.bottom *",opacity:!1,placeholder:!1,revert:!1,scroll:!0,scrollSensitivity:20,scrollSpeed:20,scope:"default",tolerance:"intersect",zIndex:1e3},_create:function(){var a=this.options;this.containerCache={},this.element.addClass("ui-sortable"),this.refresh(),this.floating=this.items.length?a.axis==="x"||/left|right/.test(this.items[0].item.css("float"))||/inline|table-cell/.test(this.items[0].item.css("display")):!1,this.offset=this.element.offset(),this._mouseInit(),this.ready=!0},destroy:function(){a.Widget.prototype.destroy.call(this),this.element.removeClass("ui-sortable ui-sortable-disabled"),this._mouseDestroy();for(var b=this.items.length-1;b>=0;b--)this.items[b].item.removeData(this.widgetName+"-item");return this},_setOption:function(b,c){b==="disabled"?(this.options[b]=c,this.widget()[c?"addClass":"removeClass"]("ui-sortable-disabled")):a.Widget.prototype._setOption.apply(this,arguments)},_mouseCapture:function(b,c){var d=this;if(this.reverting)return!1;if(this.options.disabled||this.options.type=="static")return!1;this._refreshItems(b);var e=null,f=this,g=a(b.target).parents().each(function(){if(a.data(this,d.widgetName+"-item")==f)return e=a(this),!1});a.data(b.target,d.widgetName+"-item")==f&&(e=a(b.target));if(!e)return!1;if(this.options.handle&&!c){var h=!1;a(this.options.handle,e).find("*").andSelf().each(function(){this==b.target&&(h=!0)});if(!h)return!1}return this.currentItem=e,this._removeCurrentsFromItems(),!0},_mouseStart:function(b,c,d){var e=this.options,f=this;this.currentContainer=this,this.refreshPositions(),this.helper=this._createHelper(b),this._cacheHelperProportions(),this._cacheMargins(),this.scrollParent=this.helper.scrollParent(),this.offset=this.currentItem.offset(),this.offset={top:this.offset.top-this.margins.top,left:this.offset.left-this.margins.left},a.extend(this.offset,{click:{left:b.pageX-this.offset.left,top:b.pageY-this.offset.top},parent:this._getParentOffset(),relative:this._getRelativeOffset()}),this.helper.css("position","absolute"),this.cssPosition=this.helper.css("position"),this.originalPosition=this._generatePosition(b),this.originalPageX=b.pageX,this.originalPageY=b.pageY,e.cursorAt&&this._adjustOffsetFromHelper(e.cursorAt),this.domPosition={prev:this.currentItem.prev()[0],parent:this.currentItem.parent()[0]},this.helper[0]!=this.currentItem[0]&&this.currentItem.hide(),this._createPlaceholder(),e.containment&&this._setContainment(),e.cursor&&(a("body").css("cursor")&&(this._storedCursor=a("body").css("cursor")),a("body").css("cursor",e.cursor)),e.opacity&&(this.helper.css("opacity")&&(this._storedOpacity=this.helper.css("opacity")),this.helper.css("opacity",e.opacity)),e.zIndex&&(this.helper.css("zIndex")&&(this._storedZIndex=this.helper.css("zIndex")),this.helper.css("zIndex",e.zIndex)),this.scrollParent[0]!=document&&this.scrollParent[0].tagName!="HTML"&&(this.overflowOffset=this.scrollParent.offset()),this._trigger("start",b,this._uiHash()),this._preserveHelperProportions||this._cacheHelperProportions();if(!d)for(var g=this.containers.length-1;g>=0;g--)this.containers[g]._trigger("activate",b,f._uiHash(this));return a.ui.ddmanager&&(a.ui.ddmanager.current=this),a.ui.ddmanager&&!e.dropBehaviour&&a.ui.ddmanager.prepareOffsets(this,b),this.dragging=!0,this.helper.addClass("ui-sortable-helper"),this._mouseDrag(b),!0},_mouseDrag:function(b){this.position=this._generatePosition(b),this.positionAbs=this._convertPositionTo("absolute"),this.lastPositionAbs||(this.lastPositionAbs=this.positionAbs);if(this.options.scroll){var c=this.options,d=!1;this.scrollParent[0]!=document&&this.scrollParent[0].tagName!="HTML"?(this.overflowOffset.top+this.scrollParent[0].offsetHeight-b.pageY=0;e--){var f=this.items[e],g=f.item[0],h=this._intersectsWithPointer(f);if(!h)continue;if(g!=this.currentItem[0]&&this.placeholder[h==1?"next":"prev"]()[0]!=g&&!a.ui.contains(this.placeholder[0],g)&&(this.options.type=="semi-dynamic"?!a.ui.contains(this.element[0],g):!0)){this.direction=h==1?"down":"up";if(this.options.tolerance=="pointer"||this._intersectsWithSides(f))this._rearrange(b,f);else break;this._trigger("change",b,this._uiHash());break}}return this._contactContainers(b),a.ui.ddmanager&&a.ui.ddmanager.drag(this,b),this._trigger("sort",b,this._uiHash()),this.lastPositionAbs=this.positionAbs,!1},_mouseStop:function(b,c){if(!b)return;a.ui.ddmanager&&!this.options.dropBehaviour&&a.ui.ddmanager.drop(this,b);if(this.options.revert){var d=this,e=d.placeholder.offset();d.reverting=!0,a(this.helper).animate({left:e.left-this.offset.parent.left-d.margins.left+(this.offsetParent[0]==document.body?0:this.offsetParent[0].scrollLeft),top:e.top-this.offset.parent.top-d.margins.top+(this.offsetParent[0]==document.body?0:this.offsetParent[0].scrollTop)},parseInt(this.options.revert,10)||500,function(){d._clear(b)})}else this._clear(b,c);return!1},cancel:function(){var b=this;if(this.dragging){this._mouseUp({target:null}),this.options.helper=="original"?this.currentItem.css(this._storedCSS).removeClass("ui-sortable-helper"):this.currentItem.show();for(var c=this.containers.length-1;c>=0;c--)this.containers[c]._trigger("deactivate",null,b._uiHash(this)),this.containers[c].containerCache.over&&(this.containers[c]._trigger("out",null,b._uiHash(this)),this.containers[c].containerCache.over=0)}return this.placeholder&&(this.placeholder[0].parentNode&&this.placeholder[0].parentNode.removeChild(this.placeholder[0]),this.options.helper!="original"&&this.helper&&this.helper[0].parentNode&&this.helper.remove(),a.extend(this,{helper:null,dragging:!1,reverting:!1,_noFinalSort:null}),this.domPosition.prev?a(this.domPosition.prev).after(this.currentItem):a(this.domPosition.parent).prepend(this.currentItem)),this},serialize:function(b){var c=this._getItemsAsjQuery(b&&b.connected),d=[];return b=b||{},a(c).each(function(){var c=(a(b.item||this).attr(b.attribute||"id")||"").match(b.expression||/(.+)[-=_](.+)/);c&&d.push((b.key||c[1]+"[]")+"="+(b.key&&b.expression?c[1]:c[2]))}),!d.length&&b.key&&d.push(b.key+"="),d.join("&")},toArray:function(b){var c=this._getItemsAsjQuery(b&&b.connected),d=[];return b=b||{},c.each(function(){d.push(a(b.item||this).attr(b.attribute||"id")||"")}),d},_intersectsWith:function(a){var b=this.positionAbs.left,c=b+this.helperProportions.width,d=this.positionAbs.top,e=d+this.helperProportions.height,f=a.left,g=f+a.width,h=a.top,i=h+a.height,j=this.offset.click.top,k=this.offset.click.left,l=d+j>h&&d+jf&&b+ka[this.floating?"width":"height"]?l:f0?"down":"up")},_getDragHorizontalDirection:function(){var a=this.positionAbs.left-this.lastPositionAbs.left;return a!=0&&(a>0?"right":"left")},refresh:function(a){return this._refreshItems(a),this.refreshPositions(),this},_connectWith:function(){var a=this.options;return a.connectWith.constructor==String?[a.connectWith]:a.connectWith},_getItemsAsjQuery:function(b){var c=this,d=[],e=[],f=this._connectWith();if(f&&b)for(var g=f.length-1;g>=0;g--){var h=a(f[g]);for(var i=h.length-1;i>=0;i--){var j=a.data(h[i],this.widgetName);j&&j!=this&&!j.options.disabled&&e.push([a.isFunction(j.options.items)?j.options.items.call(j.element):a(j.options.items,j.element).not(".ui-sortable-helper").not(".ui-sortable-placeholder"),j])}}e.push([a.isFunction(this.options.items)?this.options.items.call(this.element,null,{options:this.options,item:this.currentItem}):a(this.options.items,this.element).not(".ui-sortable-helper").not(".ui-sortable-placeholder"),this]);for(var g=e.length-1;g>=0;g--)e[g][0].each(function(){d.push(this)});return a(d)},_removeCurrentsFromItems:function(){var a=this.currentItem.find(":data("+this.widgetName+"-item)");for(var b=0;b=0;g--){var h=a(f[g]);for(var i=h.length-1;i>=0;i--){var j=a.data(h[i],this.widgetName);j&&j!=this&&!j.options.disabled&&(e.push([a.isFunction(j.options.items)?j.options.items.call(j.element[0],b,{item:this.currentItem}):a(j.options.items,j.element),j]),this.containers.push(j))}}for(var g=e.length-1;g>=0;g--){var k=e[g][1],l=e[g][0];for(var i=0,m=l.length;i=0;c--){var d=this.items[c];if(d.instance!=this.currentContainer&&this.currentContainer&&d.item[0]!=this.currentItem[0])continue;var e=this.options.toleranceElement?a(this.options.toleranceElement,d.item):d.item;b||(d.width=e.outerWidth(),d.height=e.outerHeight());var f=e.offset();d.left=f.left,d.top=f.top}if(this.options.custom&&this.options.custom.refreshContainers)this.options.custom.refreshContainers.call(this);else for(var c=this.containers.length-1;c>=0;c--){var f=this.containers[c].element.offset();this.containers[c].containerCache.left=f.left,this.containers[c].containerCache.top=f.top,this.containers[c].containerCache.width=this.containers[c].element.outerWidth(),this.containers[c].containerCache.height=this.containers[c].element.outerHeight()}return this},_createPlaceholder:function(b){var c=b||this,d=c.options;if(!d.placeholder||d.placeholder.constructor==String){var e=d.placeholder;d.placeholder={element:function(){var b=a(document.createElement(c.currentItem[0].nodeName)).addClass(e||c.currentItem[0].className+" ui-sortable-placeholder").removeClass("ui-sortable-helper")[0];return e||(b.style.visibility="hidden"),b},update:function(a,b){if(e&&!d.forcePlaceholderSize)return;b.height()||b.height(c.currentItem.innerHeight()-parseInt(c.currentItem.css("paddingTop")||0,10)-parseInt(c.currentItem.css("paddingBottom")||0,10)),b.width()||b.width(c.currentItem.innerWidth()-parseInt(c.currentItem.css("paddingLeft")||0,10)-parseInt(c.currentItem.css("paddingRight")||0,10))}}}c.placeholder=a(d.placeholder.element.call(c.element,c.currentItem)),c.currentItem.after(c.placeholder),d.placeholder.update(c,c.placeholder)},_contactContainers:function(b){var c=null,d=null;for(var e=this.containers.length-1;e>=0;e--){if(a.ui.contains(this.currentItem[0],this.containers[e].element[0]))continue;if(this._intersectsWith(this.containers[e].containerCache)){if(c&&a.ui.contains(this.containers[e].element[0],c.element[0]))continue;c=this.containers[e],d=e}else this.containers[e].containerCache.over&&(this.containers[e]._trigger("out",b,this._uiHash(this)),this.containers[e].containerCache.over=0)}if(!c)return;if(this.containers.length===1)this.containers[d]._trigger("over",b,this._uiHash(this)),this.containers[d].containerCache.over=1;else if(this.currentContainer!=this.containers[d]){var f=1e4,g=null,h=this.positionAbs[this.containers[d].floating?"left":"top"];for(var i=this.items.length-1;i>=0;i--){if(!a.ui.contains(this.containers[d].element[0],this.items[i].item[0]))continue;var j=this.containers[d].floating?this.items[i].item.offset().left:this.items[i].item.offset().top;Math.abs(j-h)0?"down":"up")}if(!g&&!this.options.dropOnEmpty)return;this.currentContainer=this.containers[d],g?this._rearrange(b,g,null,!0):this._rearrange(b,null,this.containers[d].element,!0),this._trigger("change",b,this._uiHash()),this.containers[d]._trigger("change",b,this._uiHash(this)),this.options.placeholder.update(this.currentContainer,this.placeholder),this.containers[d]._trigger("over",b,this._uiHash(this)),this.containers[d].containerCache.over=1}},_createHelper:function(b){var c=this.options,d=a.isFunction(c.helper)?a(c.helper.apply(this.element[0],[b,this.currentItem])):c.helper=="clone"?this.currentItem.clone():this.currentItem;return d.parents("body").length||a(c.appendTo!="parent"?c.appendTo:this.currentItem[0].parentNode)[0].appendChild(d[0]),d[0]==this.currentItem[0]&&(this._storedCSS={width:this.currentItem[0].style.width,height:this.currentItem[0].style.height,position:this.currentItem.css("position"),top:this.currentItem.css("top"),left:this.currentItem.css("left")}),(d[0].style.width==""||c.forceHelperSize)&&d.width(this.currentItem.width()),(d[0].style.height==""||c.forceHelperSize)&&d.height(this.currentItem.height()),d},_adjustOffsetFromHelper:function(b){typeof b=="string"&&(b=b.split(" ")),a.isArray(b)&&(b={left:+b[0],top:+b[1]||0}),"left"in b&&(this.offset.click.left=b.left+this.margins.left),"right"in b&&(this.offset.click.left=this.helperProportions.width-b.right+this.margins.left),"top"in b&&(this.offset.click.top=b.top+this.margins.top),"bottom"in b&&(this.offset.click.top=this.helperProportions.height-b.bottom+this.margins.top)},_getParentOffset:function(){this.offsetParent=this.helper.offsetParent();var b=this.offsetParent.offset();this.cssPosition=="absolute"&&this.scrollParent[0]!=document&&a.ui.contains(this.scrollParent[0],this.offsetParent[0])&&(b.left+=this.scrollParent.scrollLeft(),b.top+=this.scrollParent.scrollTop());if(this.offsetParent[0]==document.body||this.offsetParent[0].tagName&&this.offsetParent[0].tagName.toLowerCase()=="html"&&a.browser.msie)b={top:0,left:0};return{top:b.top+(parseInt(this.offsetParent.css("borderTopWidth"),10)||0),left:b.left+(parseInt(this.offsetParent.css("borderLeftWidth"),10)||0)}},_getRelativeOffset:function(){if(this.cssPosition=="relative"){var a=this.currentItem.position();return{top:a.top-(parseInt(this.helper.css("top"),10)||0)+this.scrollParent.scrollTop(),left:a.left-(parseInt(this.helper.css("left"),10)||0)+this.scrollParent.scrollLeft()}}return{top:0,left:0}},_cacheMargins:function(){this.margins={left:parseInt(this.currentItem.css("marginLeft"),10)||0,top:parseInt(this.currentItem.css("marginTop"),10)||0}},_cacheHelperProportions:function(){this.helperProportions={width:this.helper.outerWidth(),height:this.helper.outerHeight()}},_setContainment:function(){var b=this.options;b.containment=="parent"&&(b.containment=this.helper[0].parentNode);if(b.containment=="document"||b.containment=="window")this.containment=[0-this.offset.relative.left-this.offset.parent.left,0-this.offset.relative.top-this.offset.parent.top,a(b.containment=="document"?document:window).width()-this.helperProportions.width-this.margins.left,(a(b.containment=="document"?document:window).height()||document.body.parentNode.scrollHeight)-this.helperProportions.height-this.margins.top];if(!/^(document|window|parent)$/.test(b.containment)){var c=a(b.containment)[0],d=a(b.containment).offset(),e=a(c).css("overflow")!="hidden";this.containment=[d.left+(parseInt(a(c).css("borderLeftWidth"),10)||0)+(parseInt(a(c).css("paddingLeft"),10)||0)-this.margins.left,d.top+(parseInt(a(c).css("borderTopWidth"),10)||0)+(parseInt(a(c).css("paddingTop"),10)||0)-this.margins.top,d.left+(e?Math.max(c.scrollWidth,c.offsetWidth):c.offsetWidth)-(parseInt(a(c).css("borderLeftWidth"),10)||0)-(parseInt(a(c).css("paddingRight"),10)||0)-this.helperProportions.width-this.margins.left,d.top+(e?Math.max(c.scrollHeight,c.offsetHeight):c.offsetHeight)-(parseInt(a(c).css("borderTopWidth"),10)||0)-(parseInt(a(c).css("paddingBottom"),10)||0)-this.helperProportions.height-this.margins.top]}},_convertPositionTo:function(b,c){c||(c=this.position);var d=b=="absolute"?1:-1,e=this.options,f=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,g=/(html|body)/i.test(f[0].tagName);return{top:c.top+this.offset.relative.top*d+this.offset.parent.top*d-(a.browser.safari&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollTop():g?0:f.scrollTop())*d),left:c.left+this.offset.relative.left*d+this.offset.parent.left*d-(a.browser.safari&&this.cssPosition=="fixed"?0:(this.cssPosition=="fixed"?-this.scrollParent.scrollLeft():g?0:f.scrollLeft())*d)}},_generatePosition:function(b){var c=this.options,d=this.cssPosition=="absolute"&&(this.scrollParent[0]==document||!a.ui.contains(this.scrollParent[0],this.offsetParent[0]))?this.offsetParent:this.scrollParent,e=/(html|body)/i.test(d[0].tagName);this.cssPosition=="relative"&&(this.scrollParent[0]==document||this.scrollParent[0]==this.offsetParent[0])&&(this.offset.relative=this._getRelativeOffset());var f=b.pageX,g=b.pageY;if(this.originalPosition){this.containment&&(b.pageX-this.offset.click.leftthis.containment[2]&&(f=this.containment[2]+this.offset.click.left),b.pageY-this.offset.click.top>this.containment[3]&&(g=this.containment[3]+this.offset.click.top));if(c.grid){var h=this.originalPageY+Math.round((g-this.originalPageY)/c.grid[1])*c.grid[1];g=this.containment?h-this.offset.click.topthis.containment[3]?h-this.offset.click.topthis.containment[2]?i-this.offset.click.left=0;f--)a.ui.contains(this.containers[f].element[0],this.currentItem[0])&&!c&&(d.push(function(a){return function(b){a._trigger("receive",b,this._uiHash(this))}}.call(this,this.containers[f])),d.push(function(a){return function(b){a._trigger("update",b,this._uiHash(this))}}.call(this,this.containers[f])))}for(var f=this.containers.length-1;f>=0;f--)c||d.push(function(a){return function(b){a._trigger("deactivate",b,this._uiHash(this))}}.call(this,this.containers[f])),this.containers[f].containerCache.over&&(d.push(function(a){return function(b){a._trigger("out",b,this._uiHash(this))}}.call(this,this.containers[f])),this.containers[f].containerCache.over=0);this._storedCursor&&a("body").css("cursor",this._storedCursor),this._storedOpacity&&this.helper.css("opacity",this._storedOpacity),this._storedZIndex&&this.helper.css("zIndex",this._storedZIndex=="auto"?"":this._storedZIndex),this.dragging=!1;if(this.cancelHelperRemoval){if(!c){this._trigger("beforeStop",b,this._uiHash());for(var f=0;f
              ").addClass("ui-effects-wrapper").css({fontSize:"100%",background:"transparent",border:"none",margin:0,padding:0}),e=document.activeElement;try{e.id}catch(f){e=document.body}return b.wrap(d),(b[0]===e||a.contains(b[0],e))&&a(e).focus(),d=b.parent(),b.css("position")=="static"?(d.css({position:"relative"}),b.css({position:"relative"})):(a.extend(c,{position:b.css("position"),zIndex:b.css("z-index")}),a.each(["top","left","bottom","right"],function(a,d){c[d]=b.css(d),isNaN(parseInt(c[d],10))&&(c[d]="auto")}),b.css({position:"relative",top:0,left:0,right:"auto",bottom:"auto"})),d.css(c).show()},removeWrapper:function(b){var c,d=document.activeElement;return b.parent().is(".ui-effects-wrapper")?(c=b.parent().replaceWith(b),(b[0]===d||a.contains(b[0],d))&&a(d).focus(),c):b},setTransition:function(b,c,d,e){return e=e||{},a.each(c,function(a,c){var f=b.cssUnit(c);f[0]>0&&(e[c]=f[0]*d+f[1])}),e}}),a.fn.extend({effect:function(b,c,d,e){var f=k.apply(this,arguments),g={options:f[1],duration:f[2],callback:f[3]},h=g.options.mode,i=a.effects[b];return a.fx.off||!i?h?this[h](g.duration,g.callback):this.each(function(){g.callback&&g.callback.call(this)}):i.call(this,g)},_show:a.fn.show,show:function(a){if(l(a))return this._show.apply(this,arguments);var b=k.apply(this,arguments);return b[1].mode="show",this.effect.apply(this,b)},_hide:a.fn.hide,hide:function(a){if(l(a))return this._hide.apply(this,arguments);var b=k.apply(this,arguments);return b[1].mode="hide",this.effect.apply(this,b)},__toggle:a.fn.toggle,toggle:function(b){if(l(b)||typeof b=="boolean"||a.isFunction(b))return this.__toggle.apply(this,arguments);var c=k.apply(this,arguments);return c[1].mode="toggle",this.effect.apply(this,c)},cssUnit:function(b){var c=this.css(b),d=[];return a.each(["em","px","%","pt"],function(a,b){c.indexOf(b)>0&&(d=[parseFloat(c),b])}),d}});var m={};a.each(["Quad","Cubic","Quart","Quint","Expo"],function(a,b){m[b]=function(b){return Math.pow(b,a+2)}}),a.extend(m,{Sine:function(a){return 1-Math.cos(a*Math.PI/2)},Circ:function(a){return 1-Math.sqrt(1-a*a)},Elastic:function(a){return a===0||a===1?a:-Math.pow(2,8*(a-1))*Math.sin(((a-1)*80-7.5)*Math.PI/15)},Back:function(a){return a*a*(3*a-2)},Bounce:function(a){var b,c=4;while(a<((b=Math.pow(2,--c))-1)/11);return 1/Math.pow(4,3-c)-7.5625*Math.pow((b*3-2)/22-a,2)}}),a.each(m,function(b,c){a.easing["easeIn"+b]=c,a.easing["easeOut"+b]=function(a){return 1-c(1-a)},a.easing["easeInOut"+b]=function(a){return a<.5?c(a*2)/2:c(a*-2+2)/-2+1}})}(jQuery),function(a,b){a.effects.blind=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"hide"),f=b.options.direction||"vertical";a.effects.save(c,d),c.show();var g=a.effects.createWrapper(c).css({overflow:"hidden"}),h=f=="vertical"?"height":"width",i=f=="vertical"?g.height():g.width();e=="show"&&g.css(h,0);var j={};j[h]=e=="show"?i:0,g.animate(j,b.duration,b.options.easing,function(){e=="hide"&&c.hide(),a.effects.restore(c,d),a.effects.removeWrapper(c),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.effects.bounce=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"effect"),f=b.options.direction||"up",g=b.options.distance||20,h=b.options.times||5,i=b.duration||250;/show|hide/.test(e)&&d.push("opacity"),a.effects.save(c,d),c.show(),a.effects.createWrapper(c);var j=f=="up"||f=="down"?"top":"left",k=f=="up"||f=="left"?"pos":"neg",g=b.options.distance||(j=="top"?c.outerHeight(!0)/3:c.outerWidth(!0)/3);e=="show"&&c.css("opacity",0).css(j,k=="pos"?-g:g),e=="hide"&&(g=g/(h*2)),e!="hide"&&h--;if(e=="show"){var l={opacity:1};l[j]=(k=="pos"?"+=":"-=")+g,c.animate(l,i/2,b.options.easing),g=g/2,h--}for(var m=0;m
              ").css({position:"absolute",visibility:"visible",left:-j*(g/d),top:-i*(h/c)}).parent().addClass("ui-effects-explode").css({position:"absolute",overflow:"hidden",width:g/d,height:h/c,left:f.left+j*(g/d)+(b.options.mode=="show"?(j-Math.floor(d/2))*(g/d):0),top:f.top+i*(h/c)+(b.options.mode=="show"?(i-Math.floor(c/2))*(h/c):0),opacity:b.options.mode=="show"?0:1}).animate({left:f.left+j*(g/d)+(b.options.mode=="show"?0:(j-Math.floor(d/2))*(g/d)),top:f.top+i*(h/c)+(b.options.mode=="show"?0:(i-Math.floor(c/2))*(h/c)),opacity:b.options.mode=="show"?1:0},b.duration||500);setTimeout(function(){b.options.mode=="show"?e.css({visibility:"visible"}):e.css({visibility:"visible"}).hide(),b.callback&&b.callback.apply(e[0]),e.dequeue(),a("div.ui-effects-explode").remove()},b.duration||500)})}}(jQuery),function(a,b){a.effects.fade=function(b){return this.queue(function(){var c=a(this),d=a.effects.setMode(c,b.options.mode||"hide");c.animate({opacity:d},{queue:!1,duration:b.duration,easing:b.options.easing,complete:function(){b.callback&&b.callback.apply(this,arguments),c.dequeue()}})})}}(jQuery),function(a,b){a.effects.fold=function(b){return this.queue(function(){var c=a(this),d=["position","top","bottom","left","right"],e=a.effects.setMode(c,b.options.mode||"hide"),f=b.options.size||15,g=!!b.options.horizFirst,h=b.duration?b.duration/2:a.fx.speeds._default/2;a.effects.save(c,d),c.show();var i=a.effects.createWrapper(c).css({overflow:"hidden"}),j=e=="show"!=g,k=j?["width","height"]:["height","width"],l=j?[i.width(),i.height()]:[i.height(),i.width()],m=/([0-9]+)%/.exec(f);m&&(f=parseInt(m[1],10)/100*l[e=="hide"?0:1]),e=="show"&&i.css(g?{height:0,width:f}:{height:f,width:0});var n={},p={};n[k[0]]=e=="show"?l[0]:f,p[k[1]]=e=="show"?l[1]:0,i.animate(n,h,b.options.easing).animate(p,h,b.options.easing,function(){e=="hide"&&c.hide(),a.effects.restore(c,d),a.effects.removeWrapper(c),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.effects.highlight=function(b){return this.queue(function(){var c=a(this),d=["backgroundImage","backgroundColor","opacity"],e=a.effects.setMode(c,b.options.mode||"show"),f={backgroundColor:c.css("backgroundColor")};e=="hide"&&(f.opacity=0),a.effects.save(c,d),c.show().css({backgroundImage:"none",backgroundColor:b.options.color||"#ffff99"}).animate(f,{queue:!1,duration:b.duration,easing:b.options.easing,complete:function(){e=="hide"&&c.hide(),a.effects.restore(c,d),e=="show"&&!a.support.opacity&&this.style.removeAttribute("filter"),b.callback&&b.callback.apply(this,arguments),c.dequeue()}})})}}(jQuery),function(a,b){a.effects.pulsate=function(b){return this.queue(function(){var c=a(this),d=a.effects.setMode(c,b.options.mode||"show"),e=(b.options.times||5)*2-1,f=b.duration?b.duration/2:a.fx.speeds._default/2,g=c.is(":visible"),h=0;g||(c.css("opacity",0).show(),h=1),(d=="hide"&&g||d=="show"&&!g)&&e--;for(var i=0;i
              ').appendTo(document.body).addClass(b.options.className).css({top:g.top,left:g.left,height:c.innerHeight(),width:c.innerWidth(),position:"absolute"}).animate(f,b.duration,b.options.easing,function(){h.remove(),b.callback&&b.callback.apply(c[0],arguments),c.dequeue()})})}}(jQuery),function(a,b){a.widget("ui.accordion",{options:{active:0,animated:"slide",autoHeight:!0,clearStyle:!1,collapsible:!1,event:"click",fillSpace:!1,header:"> li > :first-child,> :not(li):even",icons:{header:"ui-icon-triangle-1-e",headerSelected:"ui-icon-triangle-1-s"},navigation:!1,navigationFilter:function(){return this.href.toLowerCase()===location.href.toLowerCase()}},_create:function(){var b=this,c=b.options;b.running=0,b.element.addClass("ui-accordion ui-widget ui-helper-reset").children("li").addClass("ui-accordion-li-fix"),b.headers=b.element.find(c.header).addClass("ui-accordion-header ui-helper-reset ui-state-default ui-corner-all").bind("mouseenter.accordion",function(){if(c.disabled)return;a(this).addClass("ui-state-hover")}).bind("mouseleave.accordion",function(){if(c.disabled)return;a(this).removeClass("ui-state-hover")}).bind("focus.accordion",function(){if(c.disabled)return;a(this).addClass("ui-state-focus")}).bind("blur.accordion",function(){if(c.disabled)return;a(this).removeClass("ui-state-focus")}),b.headers.next().addClass("ui-accordion-content ui-helper-reset ui-widget-content ui-corner-bottom");if(c.navigation){var d=b.element.find("a").filter(c.navigationFilter).eq(0);if(d.length){var e=d.closest(".ui-accordion-header");e.length?b.active=e:b.active=d.closest(".ui-accordion-content").prev()}}b.active=b._findActive(b.active||c.active).addClass("ui-state-default ui-state-active").toggleClass("ui-corner-all").toggleClass("ui-corner-top"),b.active.next().addClass("ui-accordion-content-active"),b._createIcons(),b.resize(),b.element.attr("role","tablist"),b.headers.attr("role","tab").bind("keydown.accordion",function(a){return b._keydown(a)}).next().attr("role","tabpanel"),b.headers.not(b.active||"").attr({"aria-expanded":"false","aria-selected":"false",tabIndex:-1}).next().hide(),b.active.length?b.active.attr({"aria-expanded":"true","aria-selected":"true",tabIndex:0}):b.headers.eq(0).attr("tabIndex",0),a.browser.safari||b.headers.find("a").attr("tabIndex",-1),c.event&&b.headers.bind(c.event.split(" ").join(".accordion ")+".accordion",function(a){b._clickHandler.call(b,a,this),a.preventDefault()})},_createIcons:function(){var b=this.options;b.icons&&(a("").addClass("ui-icon "+b.icons.header).prependTo(this.headers),this.active.children(".ui-icon").toggleClass(b.icons.header).toggleClass(b.icons.headerSelected),this.element.addClass("ui-accordion-icons"))},_destroyIcons:function(){this.headers.children(".ui-icon").remove(),this.element.removeClass("ui-accordion-icons")},destroy:function(){var b=this.options;this.element.removeClass("ui-accordion ui-widget ui-helper-reset").removeAttr("role"),this.headers.unbind(".accordion").removeClass("ui-accordion-header ui-accordion-disabled ui-helper-reset ui-state-default ui-corner-all ui-state-active ui-state-disabled ui-corner-top").removeAttr("role").removeAttr("aria-expanded").removeAttr("aria-selected").removeAttr("tabIndex"),this.headers.find("a").removeAttr("tabIndex"),this._destroyIcons();var c=this.headers.next().css("display","").removeAttr("role").removeClass("ui-helper-reset ui-widget-content ui-corner-bottom ui-accordion-content ui-accordion-content-active ui-accordion-disabled ui-state-disabled");return(b.autoHeight||b.fillHeight)&&c.css("height",""),a.Widget.prototype.destroy.call(this)},_setOption:function(b,c){a.Widget.prototype._setOption.apply(this,arguments),b=="active"&&this.activate(c),b=="icons"&&(this._destroyIcons(),c&&this._createIcons()),b=="disabled"&&this.headers.add(this.headers.next())[c?"addClass":"removeClass"]("ui-accordion-disabled ui-state-disabled")},_keydown:function(b){if(this.options.disabled||b.altKey||b.ctrlKey)return;var c=a.ui.keyCode,d=this.headers.length,e=this.headers.index(b.target),f=!1;switch(b.keyCode){case c.RIGHT:case c.DOWN:f=this.headers[(e+1)%d];break;case c.LEFT:case c.UP:f=this.headers[(e-1+d)%d];break;case c.SPACE:case c.ENTER:this._clickHandler({target:b.target},b.target),b.preventDefault()}return f?(a(b.target).attr("tabIndex",-1),a(f).attr("tabIndex",0),f.focus(),!1):!0},resize:function(){var b=this.options,c;if(b.fillSpace){if(a.browser.msie){var d=this.element.parent().css("overflow");this.element.parent().css("overflow","hidden")}c=this.element.parent().height(),a.browser.msie&&this.element.parent().css("overflow",d),this.headers.each(function(){c-=a(this).outerHeight(!0)}),this.headers.next().each(function(){a(this).height(Math.max(0,c-a(this).innerHeight()+a(this).height()))}).css("overflow","auto")}else b.autoHeight&&(c=0,this.headers.next().each(function(){c=Math.max(c,a(this).height("").height())}).height(c));return this},activate:function(a){this.options.active=a;var b=this._findActive(a)[0];return this._clickHandler({target:b},b),this},_findActive:function(b){return b?typeof b=="number"?this.headers.filter(":eq("+b+")"):this.headers.not(this.headers.not(b)):b===!1?a([]):this.headers.filter(":eq(0)")},_clickHandler:function(b,c){var d=this.options;if(d.disabled)return;if(!b.target){if(!d.collapsible)return;this.active.removeClass("ui-state-active ui-corner-top").addClass("ui-state-default ui-corner-all").children(".ui-icon").removeClass(d.icons.headerSelected).addClass(d.icons.header),this.active.next().addClass("ui-accordion-content-active");var e=this.active.next(),f={options:d,newHeader:a([]),oldHeader:d.active,newContent:a([]),oldContent:e},g=this.active=a([]);this._toggle(g,e,f);return}var h=a(b.currentTarget||c),i=h[0]===this.active[0];d.active=d.collapsible&&i?!1:this.headers.index(h);if(this.running||!d.collapsible&&i)return;var j=this.active,g=h.next(),e=this.active.next(),f={options:d,newHeader:i&&d.collapsible?a([]):h,oldHeader:this.active,newContent:i&&d.collapsible?a([]):g,oldContent:e},k=this.headers.index(this.active[0])>this.headers.index(h[0]);this.active=i?a([]):h,this._toggle(g,e,f,i,k),j.removeClass("ui-state-active ui-corner-top").addClass("ui-state-default ui-corner-all").children(".ui-icon").removeClass(d.icons.headerSelected).addClass(d.icons.header),i||(h.removeClass("ui-state-default ui-corner-all").addClass("ui-state-active ui-corner-top").children(".ui-icon").removeClass(d.icons.header).addClass(d.icons.headerSelected),h.next().addClass("ui-accordion-content-active"));return},_toggle:function(b,c,d,e,f){var g=this,h=g.options;g.toShow=b,g.toHide=c,g.data=d;var i=function(){if(!g)return;return g._completed.apply(g,arguments)};g._trigger("changestart",null,g.data),g.running=c.size()===0?b.size():c.size();if(h.animated){var j={};h.collapsible&&e?j={toShow:a([]),toHide:c,complete:i,down:f,autoHeight:h.autoHeight||h.fillSpace}:j={toShow:b,toHide:c,complete:i,down:f,autoHeight:h.autoHeight||h.fillSpace},h.proxied||(h.proxied=h.animated),h.proxiedDuration||(h.proxiedDuration=h.duration),h.animated=a.isFunction(h.proxied)?h.proxied(j):h.proxied,h.duration=a.isFunction(h.proxiedDuration)?h.proxiedDuration(j):h.proxiedDuration;var k=a.ui.accordion.animations,l=h.duration,m=h.animated;m&&!k[m]&&!a.easing[m]&&(m="slide"),k[m]||(k[m]=function(a){this.slide(a,{easing:m,duration:l||700})}),k[m](j)}else h.collapsible&&e?b.toggle():(c.hide(),b.show()),i(!0);c.prev().attr({"aria-expanded":"false","aria-selected":"false",tabIndex:-1}).blur(),b.prev().attr({"aria-expanded":"true","aria-selected":"true",tabIndex:0}).focus()},_completed:function(a){this.running=a?0:--this.running;if(this.running)return;this.options.clearStyle&&this.toShow.add(this.toHide).css({height:"",overflow:""}),this.toHide.removeClass("ui-accordion-content-active"),this.toHide.length&&(this.toHide.parent()[0].className=this.toHide.parent()[0].className),this._trigger("change",null,this.data)}}),a.extend(a.ui.accordion,{version:"1.8.23",animations:{slide:function(b,c){b=a.extend({easing:"swing",duration:300},b,c);if(!b.toHide.size()){b.toShow.animate({height:"show",paddingTop:"show",paddingBottom:"show"},b);return}if(!b.toShow.size()){b.toHide.animate({height:"hide",paddingTop:"hide",paddingBottom:"hide"},b);return}var d=b.toShow.css("overflow"),e=0,f={},g={},h=["height","paddingTop","paddingBottom"],i,j=b.toShow;i=j[0].style.width,j.width(j.parent().width()-parseFloat(j.css("paddingLeft"))-parseFloat(j.css("paddingRight"))-(parseFloat(j.css("borderLeftWidth"))||0)-(parseFloat(j.css("borderRightWidth"))||0)),a.each(h,function(c,d){g[d]="hide";var e=(""+a.css(b.toShow[0],d)).match(/^([\d+-.]+)(.*)$/);f[d]={value:e[1],unit:e[2]||"px"}}),b.toShow.css({height:0,overflow:"hidden"}).show(),b.toHide.filter(":hidden").each(b.complete).end().filter(":visible").animate(g,{step:function(a,c){c.prop=="height"&&(e=c.end-c.start===0?0:(c.now-c.start)/(c.end-c.start)),b.toShow[0].style[c.prop]=e*f[c.prop].value+f[c.prop].unit},duration:b.duration,easing:b.easing,complete:function(){b.autoHeight||b.toShow.css("height",""),b.toShow.css({width:i,overflow:d}),b.complete()}})},bounceslide:function(a){this.slide(a,{easing:a.down?"easeOutBounce":"swing",duration:a.down?1e3:200})}}})}(jQuery),function(a,b){var c=0;a.widget("ui.autocomplete",{options:{appendTo:"body",autoFocus:!1,delay:300,minLength:1,position:{my:"left top",at:"left bottom",collision:"none"},source:null},pending:0,_create:function(){var b=this,c=this.element[0].ownerDocument,d;this.isMultiLine=this.element.is("textarea"),this.element.addClass("ui-autocomplete-input").attr("autocomplete","off").attr({role:"textbox","aria-autocomplete":"list","aria-haspopup":"true"}).bind("keydown.autocomplete",function(c){if(b.options.disabled||b.element.propAttr("readOnly"))return;d=!1;var e=a.ui.keyCode;switch(c.keyCode){case e.PAGE_UP:b._move("previousPage",c);break;case e.PAGE_DOWN:b._move("nextPage",c);break;case e.UP:b._keyEvent("previous",c);break;case e.DOWN:b._keyEvent("next",c);break;case e.ENTER:case e.NUMPAD_ENTER:b.menu.active&&(d=!0,c.preventDefault());case e.TAB:if(!b.menu.active)return;b.menu.select(c);break;case e.ESCAPE:b.element.val(b.term),b.close(c);break;default:clearTimeout(b.searching),b.searching=setTimeout(function(){b.term!=b.element.val()&&(b.selectedItem=null,b.search(null,c))},b.options.delay)}}).bind("keypress.autocomplete",function(a){d&&(d=!1,a.preventDefault())}).bind("focus.autocomplete",function(){if(b.options.disabled)return;b.selectedItem=null,b.previous=b.element.val()}).bind("blur.autocomplete",function(a){if(b.options.disabled)return;clearTimeout(b.searching),b.closing=setTimeout(function(){b.close(a),b._change(a)},150)}),this._initSource(),this.menu=a("
                ").addClass("ui-autocomplete").appendTo(a(this.options.appendTo||"body",c)[0]).mousedown(function(c){var d=b.menu.element[0];a(c.target).closest(".ui-menu-item").length||setTimeout(function(){a(document).one("mousedown",function(c){c.target!==b.element[0]&&c.target!==d&&!a.ui.contains(d,c.target)&&b.close()})},1),setTimeout(function(){clearTimeout(b.closing)},13)}).menu({focus:function(a,c){var d=c.item.data("item.autocomplete");!1!==b._trigger("focus",a,{item:d})&&/^key/.test(a.originalEvent.type)&&b.element.val(d.value)},selected:function(a,d){var e=d.item.data("item.autocomplete"),f=b.previous;b.element[0]!==c.activeElement&&(b.element.focus(),b.previous=f,setTimeout(function(){b.previous=f,b.selectedItem=e},1)),!1!==b._trigger("select",a,{item:e})&&b.element.val(e.value),b.term=b.element.val(),b.close(a),b.selectedItem=e},blur:function(a,c){b.menu.element.is(":visible")&&b.element.val()!==b.term&&b.element.val(b.term)}}).zIndex(this.element.zIndex()+1).css({top:0,left:0}).hide().data("menu"),a.fn.bgiframe&&this.menu.element.bgiframe(),b.beforeunloadHandler=function(){b.element.removeAttr("autocomplete")},a(window).bind("beforeunload",b.beforeunloadHandler)},destroy:function(){this.element.removeClass("ui-autocomplete-input").removeAttr("autocomplete").removeAttr("role").removeAttr("aria-autocomplete").removeAttr("aria-haspopup"),this.menu.element.remove(),a(window).unbind("beforeunload",this.beforeunloadHandler),a.Widget.prototype.destroy.call(this)},_setOption:function(b,c){a.Widget.prototype._setOption.apply(this,arguments),b==="source"&&this._initSource(),b==="appendTo"&&this.menu.element.appendTo(a(c||"body",this.element[0].ownerDocument)[0]),b==="disabled"&&c&&this.xhr&&this.xhr.abort()},_initSource:function(){var b=this,c,d;a.isArray(this.options.source)?(c=this.options.source,this.source=function(b,d){d(a.ui.autocomplete.filter(c,b.term))}):typeof this.options.source=="string"?(d=this.options.source,this.source=function(c,e){b.xhr&&b.xhr.abort(),b.xhr=a.ajax({url:d,data:c,dataType:"json",success:function(a,b){e(a)},error:function(){e([])}})}):this.source=this.options.source},search:function(a,b){a=a!=null?a:this.element.val(),this.term=this.element.val();if(a.length").data("item.autocomplete",c).append(a("").text(c.label)).appendTo(b)},_move:function(a,b){if(!this.menu.element.is(":visible")){this.search(null,b);return}if(this.menu.first()&&/^previous/.test(a)||this.menu.last()&&/^next/.test(a)){this.element.val(this.term),this.menu.deactivate();return}this.menu[a](b)},widget:function(){return this.menu.element},_keyEvent:function(a,b){if(!this.isMultiLine||this.menu.element.is(":visible"))this._move(a,b),b.preventDefault()}}),a.extend(a.ui.autocomplete,{escapeRegex:function(a){return a.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")},filter:function(b,c){var d=new RegExp(a.ui.autocomplete.escapeRegex(c),"i");return a.grep(b,function(a){return d.test(a.label||a.value||a)})}})}(jQuery),function(a){a.widget("ui.menu",{_create:function(){var b=this;this.element.addClass("ui-menu ui-widget ui-widget-content ui-corner-all").attr({role:"listbox","aria-activedescendant":"ui-active-menuitem"}).click(function(c){if(!a(c.target).closest(".ui-menu-item a").length)return;c.preventDefault(),b.select(c)}),this.refresh()},refresh:function(){var b=this,c=this.element.children("li:not(.ui-menu-item):has(a)").addClass("ui-menu-item").attr("role","menuitem");c.children("a").addClass("ui-corner-all").attr("tabindex",-1).mouseenter(function(c){b.activate(c,a(this).parent())}).mouseleave(function(){b.deactivate()})},activate:function(a,b){this.deactivate();if(this.hasScroll()){var c=b.offset().top-this.element.offset().top,d=this.element.scrollTop(),e=this.element.height();c<0?this.element.scrollTop(d+c):c>=e&&this.element.scrollTop(d+c-e+b.height())}this.active=b.eq(0).children("a").addClass("ui-state-hover").attr("id","ui-active-menuitem").end(),this._trigger("focus",a,{item:b})},deactivate:function(){if(!this.active)return;this.active.children("a").removeClass("ui-state-hover").removeAttr("id"),this._trigger("blur"),this.active=null},next:function(a){this.move("next",".ui-menu-item:first",a)},previous:function(a){this.move("prev",".ui-menu-item:last",a)},first:function(){return this.active&&!this.active.prevAll(".ui-menu-item").length},last:function(){return this.active&&!this.active.nextAll(".ui-menu-item").length},move:function(a,b,c){if(!this.active){this.activate(c,this.element.children(b));return}var d=this.active[a+"All"](".ui-menu-item").eq(0);d.length?this.activate(c,d):this.activate(c,this.element.children(b))},nextPage:function(b){if(this.hasScroll()){if(!this.active||this.last()){this.activate(b,this.element.children(".ui-menu-item:first"));return}var c=this.active.offset().top,d=this.element.height(),e=this.element.children(".ui-menu-item").filter(function(){var b=a(this).offset().top-c-d+a(this).height();return b<10&&b>-10});e.length||(e=this.element.children(".ui-menu-item:last")),this.activate(b,e)}else this.activate(b,this.element.children(".ui-menu-item").filter(!this.active||this.last()?":first":":last"))},previousPage:function(b){if(this.hasScroll()){if(!this.active||this.first()){this.activate(b,this.element.children(".ui-menu-item:last"));return}var c=this.active.offset().top,d=this.element.height(),e=this.element.children(".ui-menu-item").filter(function(){var b=a(this).offset().top-c+d-a(this).height();return b<10&&b>-10});e.length||(e=this.element.children(".ui-menu-item:first")),this.activate(b,e)}else this.activate(b,this.element.children(".ui-menu-item").filter(!this.active||this.first()?":last":":first"))},hasScroll:function(){return this.element.height()",this.element[0].ownerDocument).addClass("ui-button-text").html(this.options.label).appendTo(b.empty()).text(),d=this.options.icons,e=d.primary&&d.secondary,f=[];d.primary||d.secondary?(this.options.text&&f.push("ui-button-text-icon"+(e?"s":d.primary?"-primary":"-secondary")),d.primary&&b.prepend(""),d.secondary&&b.append(""),this.options.text||(f.push(e?"ui-button-icons-only":"ui-button-icon-only"),this.hasTitle||b.attr("title",c))):f.push("ui-button-text-only"),b.addClass(f.join(" "))}}),a.widget("ui.buttonset",{options:{items:":button, :submit, :reset, :checkbox, :radio, a, :data(button)"},_create:function(){this.element.addClass("ui-buttonset")},_init:function(){this.refresh()},_setOption:function(b,c){b==="disabled"&&this.buttons.button("option",b,c),a.Widget.prototype._setOption.apply(this,arguments)},refresh:function(){var b=this.element.css("direction")==="rtl";this.buttons=this.element.find(this.options.items).filter(":ui-button").button("refresh").end().not(":ui-button").button().end().map(function(){return a(this).button("widget")[0]}).removeClass("ui-corner-all ui-corner-left ui-corner-right").filter(":first").addClass(b?"ui-corner-right":"ui-corner-left").end().filter(":last").addClass(b?"ui-corner-left":"ui-corner-right").end().end()},destroy:function(){this.element.removeClass("ui-buttonset"),this.buttons.map(function(){return a(this).button("widget")[0]}).removeClass("ui-corner-left ui-corner-right").end().button("destroy"),a.Widget.prototype.destroy.call(this)}})}(jQuery),function($,undefined){function Datepicker(){this.debug=!1,this._curInst=null,this._keyEvent=!1,this._disabledInputs=[],this._datepickerShowing=!1,this._inDialog=!1,this._mainDivId="ui-datepicker-div",this._inlineClass="ui-datepicker-inline",this._appendClass="ui-datepicker-append",this._triggerClass="ui-datepicker-trigger",this._dialogClass="ui-datepicker-dialog",this._disableClass="ui-datepicker-disabled",this._unselectableClass="ui-datepicker-unselectable",this._currentClass="ui-datepicker-current-day",this._dayOverClass="ui-datepicker-days-cell-over",this.regional=[],this.regional[""]={closeText:"Done",prevText:"Prev",nextText:"Next",currentText:"Today",monthNames:["January","February","March","April","May","June","July","August","September","October","November","December"],monthNamesShort:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],dayNames:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],dayNamesShort:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],dayNamesMin:["Su","Mo","Tu","We","Th","Fr","Sa"],weekHeader:"Wk",dateFormat:"mm/dd/yy",firstDay:0,isRTL:!1,showMonthAfterYear:!1,yearSuffix:""},this._defaults={showOn:"focus",showAnim:"fadeIn",showOptions:{},defaultDate:null,appendText:"",buttonText:"...",buttonImage:"",buttonImageOnly:!1,hideIfNoPrevNext:!1,navigationAsDateFormat:!1,gotoCurrent:!1,changeMonth:!1,changeYear:!1,yearRange:"c-10:c+10",showOtherMonths:!1,selectOtherMonths:!1,showWeek:!1,calculateWeek:this.iso8601Week,shortYearCutoff:"+10",minDate:null,maxDate:null,duration:"fast",beforeShowDay:null,beforeShow:null,onSelect:null,onChangeMonthYear:null,onClose:null,numberOfMonths:1,showCurrentAtPos:0,stepMonths:1,stepBigMonths:12,altField:"",altFormat:"",constrainInput:!0,showButtonPanel:!1,autoSize:!1,disabled:!1},$.extend(this._defaults,this.regional[""]),this.dpDiv=bindHover($('
                '))}function bindHover(a){var b="button, .ui-datepicker-prev, .ui-datepicker-next, .ui-datepicker-calendar td a";return a.bind("mouseout",function(a){var c=$(a.target).closest(b);if(!c.length)return;c.removeClass("ui-state-hover ui-datepicker-prev-hover ui-datepicker-next-hover")}).bind("mouseover",function(c){var d=$(c.target).closest(b);if($.datepicker._isDisabledDatepicker(instActive.inline?a.parent()[0]:instActive.input[0])||!d.length)return;d.parents(".ui-datepicker-calendar").find("a").removeClass("ui-state-hover"),d.addClass("ui-state-hover"),d.hasClass("ui-datepicker-prev")&&d.addClass("ui-datepicker-prev-hover"),d.hasClass("ui-datepicker-next")&&d.addClass("ui-datepicker-next-hover")})}function extendRemove(a,b){$.extend(a,b);for(var c in b)if(b[c]==null||b[c]==undefined)a[c]=b[c];return a}function isArray(a){return a&&($.browser.safari&&typeof a=="object"&&a.length||a.constructor&&a.constructor.toString().match(/\Array\(\)/))}$.extend($.ui,{datepicker:{version:"1.8.23"}});var PROP_NAME="datepicker",dpuuid=(new Date).getTime(),instActive;$.extend(Datepicker.prototype,{markerClassName:"hasDatepicker",maxRows:4,log:function(){this.debug&&console.log.apply("",arguments)},_widgetDatepicker:function(){return this.dpDiv},setDefaults:function(a){return extendRemove(this._defaults,a||{}),this},_attachDatepicker:function(target,settings){var inlineSettings=null;for(var attrName in this._defaults){var attrValue=target.getAttribute("date:"+attrName);if(attrValue){inlineSettings=inlineSettings||{};try{inlineSettings[attrName]=eval(attrValue)}catch(err){inlineSettings[attrName]=attrValue}}}var nodeName=target.nodeName.toLowerCase(),inline=nodeName=="div"||nodeName=="span";target.id||(this.uuid+=1,target.id="dp"+this.uuid);var inst=this._newInst($(target),inline);inst.settings=$.extend({},settings||{},inlineSettings||{}),nodeName=="input"?this._connectDatepicker(target,inst):inline&&this._inlineDatepicker(target,inst)},_newInst:function(a,b){var c=a[0].id.replace(/([^A-Za-z0-9_-])/g,"\\\\$1");return{id:c,input:a,selectedDay:0,selectedMonth:0,selectedYear:0,drawMonth:0,drawYear:0,inline:b,dpDiv:b?bindHover($('
                ')):this.dpDiv}},_connectDatepicker:function(a,b){var c=$(a);b.append=$([]),b.trigger=$([]);if(c.hasClass(this.markerClassName))return;this._attachments(c,b),c.addClass(this.markerClassName).keydown(this._doKeyDown).keypress(this._doKeyPress).keyup(this._doKeyUp).bind("setData.datepicker",function(a,c,d){b.settings[c]=d}).bind("getData.datepicker",function(a,c){return this._get(b,c)}),this._autoSize(b),$.data(a,PROP_NAME,b),b.settings.disabled&&this._disableDatepicker(a)},_attachments:function(a,b){var c=this._get(b,"appendText"),d=this._get(b,"isRTL");b.append&&b.append.remove(),c&&(b.append=$(''+c+""),a[d?"before":"after"](b.append)),a.unbind("focus",this._showDatepicker),b.trigger&&b.trigger.remove();var e=this._get(b,"showOn");(e=="focus"||e=="both")&&a.focus(this._showDatepicker);if(e=="button"||e=="both"){var f=this._get(b,"buttonText"),g=this._get(b,"buttonImage");b.trigger=$(this._get(b,"buttonImageOnly")?$("").addClass(this._triggerClass).attr({src:g,alt:f,title:f}):$('').addClass(this._triggerClass).html(g==""?f:$("").attr({src:g,alt:f,title:f}))),a[d?"before":"after"](b.trigger),b.trigger.click(function(){return $.datepicker._datepickerShowing&&$.datepicker._lastInput==a[0]?$.datepicker._hideDatepicker():$.datepicker._datepickerShowing&&$.datepicker._lastInput!=a[0]?($.datepicker._hideDatepicker(),$.datepicker._showDatepicker(a[0])):$.datepicker._showDatepicker(a[0]),!1})}},_autoSize:function(a){if(this._get(a,"autoSize")&&!a.inline){var b=new Date(2009,11,20),c=this._get(a,"dateFormat");if(c.match(/[DM]/)){var d=function(a){var b=0,c=0;for(var d=0;db&&(b=a[d].length,c=d);return c};b.setMonth(d(this._get(a,c.match(/MM/)?"monthNames":"monthNamesShort"))),b.setDate(d(this._get(a,c.match(/DD/)?"dayNames":"dayNamesShort"))+20-b.getDay())}a.input.attr("size",this._formatDate(a,b).length)}},_inlineDatepicker:function(a,b){var c=$(a);if(c.hasClass(this.markerClassName))return;c.addClass(this.markerClassName).append(b.dpDiv).bind("setData.datepicker",function(a,c,d){b.settings[c]=d}).bind("getData.datepicker",function(a,c){return this._get(b,c)}),$.data(a,PROP_NAME,b),this._setDate(b,this._getDefaultDate(b),!0),this._updateDatepicker(b),this._updateAlternate(b),b.settings.disabled&&this._disableDatepicker(a),b.dpDiv.css("display","block")},_dialogDatepicker:function(a,b,c,d,e){var f=this._dialogInst;if(!f){this.uuid+=1;var g="dp"+this.uuid;this._dialogInput=$(''),this._dialogInput.keydown(this._doKeyDown),$("body").append(this._dialogInput),f=this._dialogInst=this._newInst(this._dialogInput,!1),f.settings={},$.data(this._dialogInput[0],PROP_NAME,f)}extendRemove(f.settings,d||{}),b=b&&b.constructor==Date?this._formatDate(f,b):b,this._dialogInput.val(b),this._pos=e?e.length?e:[e.pageX,e.pageY]:null;if(!this._pos){var h=document.documentElement.clientWidth,i=document.documentElement.clientHeight,j=document.documentElement.scrollLeft||document.body.scrollLeft,k=document.documentElement.scrollTop||document.body.scrollTop;this._pos=[h/2-100+j,i/2-150+k]}return this._dialogInput.css("left",this._pos[0]+20+"px").css("top",this._pos[1]+"px"),f.settings.onSelect=c,this._inDialog=!0,this.dpDiv.addClass(this._dialogClass),this._showDatepicker(this._dialogInput[0]),$.blockUI&&$.blockUI(this.dpDiv),$.data(this._dialogInput[0],PROP_NAME,f),this},_destroyDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();$.removeData(a,PROP_NAME),d=="input"?(c.append.remove(),c.trigger.remove(),b.removeClass(this.markerClassName).unbind("focus",this._showDatepicker).unbind("keydown",this._doKeyDown).unbind("keypress",this._doKeyPress).unbind("keyup",this._doKeyUp)):(d=="div"||d=="span")&&b.removeClass(this.markerClassName).empty()},_enableDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();if(d=="input")a.disabled=!1,c.trigger.filter("button").each(function(){this.disabled=!1}).end().filter("img").css({opacity:"1.0",cursor:""});else if(d=="div"||d=="span"){var e=b.children("."+this._inlineClass);e.children().removeClass("ui-state-disabled"),e.find("select.ui-datepicker-month, select.ui-datepicker-year").removeAttr("disabled")}this._disabledInputs=$.map(this._disabledInputs,function(b){return b==a?null:b})},_disableDatepicker:function(a){var b=$(a),c=$.data(a,PROP_NAME);if(!b.hasClass(this.markerClassName))return;var d=a.nodeName.toLowerCase();if(d=="input")a.disabled=!0,c.trigger.filter("button").each(function(){this.disabled=!0}).end().filter("img").css({opacity:"0.5",cursor:"default"});else if(d=="div"||d=="span"){var e=b.children("."+this._inlineClass);e.children().addClass("ui-state-disabled"),e.find("select.ui-datepicker-month, select.ui-datepicker-year").attr("disabled","disabled")}this._disabledInputs=$.map(this._disabledInputs,function(b){return b==a?null:b}),this._disabledInputs[this._disabledInputs.length]=a},_isDisabledDatepicker:function(a){if(!a)return!1;for(var b=0;b-1}},_doKeyUp:function(a){var b=$.datepicker._getInst(a.target);if(b.input.val()!=b.lastVal)try{var c=$.datepicker.parseDate($.datepicker._get(b,"dateFormat"),b.input?b.input.val():null,$.datepicker._getFormatConfig(b));c&&($.datepicker._setDateFromField(b),$.datepicker._updateAlternate(b),$.datepicker._updateDatepicker(b))}catch(d){$.datepicker.log(d)}return!0},_showDatepicker:function(a){a=a.target||a,a.nodeName.toLowerCase()!="input"&&(a=$("input",a.parentNode)[0]);if($.datepicker._isDisabledDatepicker(a)||$.datepicker._lastInput==a)return;var b=$.datepicker._getInst(a);$.datepicker._curInst&&$.datepicker._curInst!=b&&($.datepicker._curInst.dpDiv.stop(!0,!0),b&&$.datepicker._datepickerShowing&&$.datepicker._hideDatepicker($.datepicker._curInst.input[0]));var c=$.datepicker._get(b,"beforeShow"),d=c?c.apply(a,[a,b]):{};if(d===!1)return;extendRemove(b.settings,d),b.lastVal=null,$.datepicker._lastInput=a,$.datepicker._setDateFromField(b),$.datepicker._inDialog&&(a.value=""),$.datepicker._pos||($.datepicker._pos=$.datepicker._findPos(a),$.datepicker._pos[1]+=a.offsetHeight);var e=!1;$(a).parents().each(function(){return e|=$(this).css("position")=="fixed",!e}),e&&$.browser.opera&&($.datepicker._pos[0]-=document.documentElement.scrollLeft,$.datepicker._pos[1]-=document.documentElement.scrollTop);var f={left:$.datepicker._pos[0],top:$.datepicker._pos[1]};$.datepicker._pos=null,b.dpDiv.empty(),b.dpDiv.css({position:"absolute",display:"block",top:"-1000px"}),$.datepicker._updateDatepicker(b),f=$.datepicker._checkOffset(b,f,e),b.dpDiv.css({position:$.datepicker._inDialog&&$.blockUI?"static":e?"fixed":"absolute",display:"none",left:f.left+"px",top:f.top+"px"});if(!b.inline){var g=$.datepicker._get(b,"showAnim"),h=$.datepicker._get(b,"duration"),i=function(){var a=b.dpDiv.find("iframe.ui-datepicker-cover");if(!!a.length){var c=$.datepicker._getBorders(b.dpDiv);a.css({left:-c[0],top:-c[1],width:b.dpDiv.outerWidth(),height:b.dpDiv.outerHeight()})}};b.dpDiv.zIndex($(a).zIndex()+1),$.datepicker._datepickerShowing=!0,$.effects&&$.effects[g]?b.dpDiv.show(g,$.datepicker._get(b,"showOptions"),h,i):b.dpDiv[g||"show"](g?h:null,i),(!g||!h)&&i(),b.input.is(":visible")&&!b.input.is(":disabled")&&b.input.focus(),$.datepicker._curInst=b}},_updateDatepicker:function(a){var b=this;b.maxRows=4;var c=$.datepicker._getBorders(a.dpDiv);instActive=a,a.dpDiv.empty().append(this._generateHTML(a)),this._attachHandlers(a);var d=a.dpDiv.find("iframe.ui-datepicker-cover");!d.length||d.css({left:-c[0],top:-c[1],width:a.dpDiv.outerWidth(),height:a.dpDiv.outerHeight()}),a.dpDiv.find("."+this._dayOverClass+" a").mouseover();var e=this._getNumberOfMonths(a),f=e[1],g=17;a.dpDiv.removeClass("ui-datepicker-multi-2 ui-datepicker-multi-3 ui-datepicker-multi-4").width(""),f>1&&a.dpDiv.addClass("ui-datepicker-multi-"+f).css("width",g*f+"em"),a.dpDiv[(e[0]!=1||e[1]!=1?"add":"remove")+"Class"]("ui-datepicker-multi"),a.dpDiv[(this._get(a,"isRTL")?"add":"remove")+"Class"]("ui-datepicker-rtl"),a==$.datepicker._curInst&&$.datepicker._datepickerShowing&&a.input&&a.input.is(":visible")&&!a.input.is(":disabled")&&a.input[0]!=document.activeElement&&a.input.focus();if(a.yearshtml){var h=a.yearshtml;setTimeout(function(){h===a.yearshtml&&a.yearshtml&&a.dpDiv.find("select.ui-datepicker-year:first").replaceWith(a.yearshtml),h=a.yearshtml=null},0)}},_getBorders:function(a){var b=function(a){return{thin:1,medium:2,thick:3}[a]||a};return[parseFloat(b(a.css("border-left-width"))),parseFloat(b(a.css("border-top-width")))]},_checkOffset:function(a,b,c){var d=a.dpDiv.outerWidth(),e=a.dpDiv.outerHeight(),f=a.input?a.input.outerWidth():0,g=a.input?a.input.outerHeight():0,h=document.documentElement.clientWidth+(c?0:$(document).scrollLeft()),i=document.documentElement.clientHeight+(c?0:$(document).scrollTop());return b.left-=this._get(a,"isRTL")?d-f:0,b.left-=c&&b.left==a.input.offset().left?$(document).scrollLeft():0,b.top-=c&&b.top==a.input.offset().top+g?$(document).scrollTop():0,b.left-=Math.min(b.left,b.left+d>h&&h>d?Math.abs(b.left+d-h):0),b.top-=Math.min(b.top,b.top+e>i&&i>e?Math.abs(e+g):0),b},_findPos:function(a){var b=this._getInst(a),c=this._get(b,"isRTL");while(a&&(a.type=="hidden"||a.nodeType!=1||$.expr.filters.hidden(a)))a=a[c?"previousSibling":"nextSibling"];var d=$(a).offset();return[d.left,d.top]},_hideDatepicker:function(a){var b=this._curInst;if(!b||a&&b!=$.data(a,PROP_NAME))return;if(this._datepickerShowing){var c=this._get(b,"showAnim"),d=this._get(b,"duration"),e=function(){$.datepicker._tidyDialog(b)};$.effects&&$.effects[c]?b.dpDiv.hide(c,$.datepicker._get(b,"showOptions"),d,e):b.dpDiv[c=="slideDown"?"slideUp":c=="fadeIn"?"fadeOut":"hide"](c?d:null,e),c||e(),this._datepickerShowing=!1;var f=this._get(b,"onClose");f&&f.apply(b.input?b.input[0]:null,[b.input?b.input.val():"",b]),this._lastInput=null,this._inDialog&&(this._dialogInput.css({position:"absolute",left:"0",top:"-100px"}),$.blockUI&&($.unblockUI(),$("body").append(this.dpDiv))),this._inDialog=!1}},_tidyDialog:function(a){a.dpDiv.removeClass(this._dialogClass).unbind(".ui-datepicker-calendar")},_checkExternalClick:function(a){if(!$.datepicker._curInst)return;var b=$(a.target),c=$.datepicker._getInst(b[0]);(b[0].id!=$.datepicker._mainDivId&&b.parents("#"+$.datepicker._mainDivId).length==0&&!b.hasClass($.datepicker.markerClassName)&&!b.closest("."+$.datepicker._triggerClass).length&&$.datepicker._datepickerShowing&&(!$.datepicker._inDialog||!$.blockUI)||b.hasClass($.datepicker.markerClassName)&&$.datepicker._curInst!=c)&&$.datepicker._hideDatepicker()},_adjustDate:function(a,b,c){var d=$(a),e=this._getInst(d[0]);if(this._isDisabledDatepicker(d[0]))return;this._adjustInstDate(e,b+(c=="M"?this._get(e,"showCurrentAtPos"):0),c),this._updateDatepicker(e)},_gotoToday:function(a){var b=$(a),c=this._getInst(b[0]);if(this._get(c,"gotoCurrent")&&c.currentDay)c.selectedDay=c.currentDay,c.drawMonth=c.selectedMonth=c.currentMonth,c.drawYear=c.selectedYear=c.currentYear;else{var d=new Date;c.selectedDay=d.getDate(),c.drawMonth=c.selectedMonth=d.getMonth(),c.drawYear=c.selectedYear=d.getFullYear()}this._notifyChange(c),this._adjustDate(b)},_selectMonthYear:function(a,b,c){var d=$(a),e=this._getInst(d[0]);e["selected"+(c=="M"?"Month":"Year")]=e["draw"+(c=="M"?"Month":"Year")]=parseInt(b.options[b.selectedIndex].value,10),this._notifyChange(e),this._adjustDate(d)},_selectDay:function(a,b,c,d){var e=$(a);if($(d).hasClass(this._unselectableClass)||this._isDisabledDatepicker(e[0]))return;var f=this._getInst(e[0]);f.selectedDay=f.currentDay=$("a",d).html(),f.selectedMonth=f.currentMonth=b,f.selectedYear=f.currentYear=c,this._selectDate(a,this._formatDate(f,f.currentDay,f.currentMonth,f.currentYear))},_clearDate:function(a){var b=$(a),c=this._getInst(b[0]);this._selectDate(b,"")},_selectDate:function(a,b){var c=$(a),d=this._getInst(c[0]);b=b!=null?b:this._formatDate(d),d.input&&d.input.val(b),this._updateAlternate(d);var e=this._get(d,"onSelect");e?e.apply(d.input?d.input[0]:null,[b,d]):d.input&&d.input.trigger("change"),d.inline?this._updateDatepicker(d):(this._hideDatepicker(),this._lastInput=d.input[0],typeof d.input[0]!="object"&&d.input.focus(),this._lastInput=null)},_updateAlternate:function(a){var b=this._get(a,"altField");if(b){var c=this._get(a,"altFormat")||this._get(a,"dateFormat"),d=this._getDate(a),e=this.formatDate(c,d,this._getFormatConfig(a));$(b).each(function(){$(this).val(e)})}},noWeekends:function(a){var b=a.getDay();return[b>0&&b<6,""]},iso8601Week:function(a){var b=new Date(a.getTime());b.setDate(b.getDate()+4-(b.getDay()||7));var c=b.getTime();return b.setMonth(0),b.setDate(1),Math.floor(Math.round((c-b)/864e5)/7)+1},parseDate:function(a,b,c){if(a==null||b==null)throw"Invalid arguments";b=typeof b=="object"?b.toString():b+"";if(b=="")return null;var d=(c?c.shortYearCutoff:null)||this._defaults.shortYearCutoff;d=typeof d!="string"?d:(new Date).getFullYear()%100+parseInt(d,10);var e=(c?c.dayNamesShort:null)||this._defaults.dayNamesShort,f=(c?c.dayNames:null)||this._defaults.dayNames,g=(c?c.monthNamesShort:null)||this._defaults.monthNamesShort,h=(c?c.monthNames:null)||this._defaults.monthNames,i=-1,j=-1,k=-1,l=-1,m=!1,n=function(b){var c=s+1-1){j=1,k=l;do{var u=this._getDaysInMonth(i,j-1);if(k<=u)break;j++,k-=u}while(!0)}var t=this._daylightSavingAdjust(new Date(i,j-1,k));if(t.getFullYear()!=i||t.getMonth()+1!=j||t.getDate()!=k)throw"Invalid date";return t},ATOM:"yy-mm-dd",COOKIE:"D, dd M yy",ISO_8601:"yy-mm-dd",RFC_822:"D, d M y",RFC_850:"DD, dd-M-y",RFC_1036:"D, d M y",RFC_1123:"D, d M yy",RFC_2822:"D, d M yy",RSS:"D, d M y",TICKS:"!",TIMESTAMP:"@",W3C:"yy-mm-dd",_ticksTo1970:(718685+Math.floor(492.5)-Math.floor(19.7)+Math.floor(4.925))*24*60*60*1e7,formatDate:function(a,b,c){if(!b)return"";var d=(c?c.dayNamesShort:null)||this._defaults.dayNamesShort,e=(c?c.dayNames:null)||this._defaults.dayNames,f=(c?c.monthNamesShort:null)||this._defaults.monthNamesShort,g=(c?c.monthNames:null)||this._defaults.monthNames,h=function(b){var c=m+112?a.getHours()+2:0),a):null},_setDate:function(a,b,c){var d=!b,e=a.selectedMonth,f=a.selectedYear,g=this._restrictMinMax(a,this._determineDate(a,b,new Date));a.selectedDay=a.currentDay=g.getDate(),a.drawMonth=a.selectedMonth=a.currentMonth=g.getMonth(),a.drawYear=a.selectedYear=a.currentYear=g.getFullYear(),(e!=a.selectedMonth||f!=a.selectedYear)&&!c&&this._notifyChange(a),this._adjustInstDate(a),a.input&&a.input.val(d?"":this._formatDate(a))},_getDate:function(a){var b=!a.currentYear||a.input&&a.input.val()==""?null:this._daylightSavingAdjust(new Date(a.currentYear,a.currentMonth,a.currentDay));return b},_attachHandlers:function(a){var b=this._get(a,"stepMonths"),c="#"+a.id.replace(/\\\\/g,"\\");a.dpDiv.find("[data-handler]").map(function(){var a={prev:function(){window["DP_jQuery_"+dpuuid].datepicker._adjustDate(c,-b,"M")},next:function(){window["DP_jQuery_"+dpuuid].datepicker._adjustDate(c,+b,"M")},hide:function(){window["DP_jQuery_"+dpuuid].datepicker._hideDatepicker()},today:function(){window["DP_jQuery_"+dpuuid].datepicker._gotoToday(c)},selectDay:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectDay(c,+this.getAttribute("data-month"),+this.getAttribute("data-year"),this),!1},selectMonth:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectMonthYear(c,this,"M"),!1},selectYear:function(){return window["DP_jQuery_"+dpuuid].datepicker._selectMonthYear(c,this,"Y"),!1}};$(this).bind(this.getAttribute("data-event"),a[this.getAttribute("data-handler")])})},_generateHTML:function(a){var b=new Date;b=this._daylightSavingAdjust(new Date(b.getFullYear(),b.getMonth(),b.getDate()));var c=this._get(a,"isRTL"),d=this._get(a,"showButtonPanel"),e=this._get(a,"hideIfNoPrevNext"),f=this._get(a,"navigationAsDateFormat"),g=this._getNumberOfMonths(a),h=this._get(a,"showCurrentAtPos"),i=this._get(a,"stepMonths"),j=g[0]!=1||g[1]!=1,k=this._daylightSavingAdjust(a.currentDay?new Date(a.currentYear,a.currentMonth,a.currentDay):new Date(9999,9,9)),l=this._getMinMaxDate(a,"min"),m=this._getMinMaxDate(a,"max"),n=a.drawMonth-h,o=a.drawYear;n<0&&(n+=12,o--);if(m){var p=this._daylightSavingAdjust(new Date(m.getFullYear(),m.getMonth()-g[0]*g[1]+1,m.getDate()));p=l&&pp)n--,n<0&&(n=11,o--)}a.drawMonth=n,a.drawYear=o;var q=this._get(a,"prevText");q=f?this.formatDate(q,this._daylightSavingAdjust(new Date(o,n-i,1)),this._getFormatConfig(a)):q;var r=this._canAdjustMonth(a,-1,o,n)?''+q+"":e?"":''+q+"",s=this._get(a,"nextText");s=f?this.formatDate(s,this._daylightSavingAdjust(new Date(o,n+i,1)),this._getFormatConfig(a)):s;var t=this._canAdjustMonth(a,1,o,n)?''+s+"":e?"":''+s+"",u=this._get(a,"currentText"),v=this._get(a,"gotoCurrent")&&a.currentDay?k:b;u=f?this.formatDate(u,v,this._getFormatConfig(a)):u;var w=a.inline?"":'",x=d?'
                '+(c?w:"")+(this._isInRange(a,v)?'":"")+(c?"":w)+"
                ":"",y=parseInt(this._get(a,"firstDay"),10);y=isNaN(y)?0:y;var z=this._get(a,"showWeek"),A=this._get(a,"dayNames"),B=this._get(a,"dayNamesShort"),C=this._get(a,"dayNamesMin"),D=this._get(a,"monthNames"),E=this._get(a,"monthNamesShort"),F=this._get(a,"beforeShowDay"),G=this._get(a,"showOtherMonths"),H=this._get(a,"selectOtherMonths"),I=this._get(a,"calculateWeek")||this.iso8601Week,J=this._getDefaultDate(a),K="";for(var L=0;L1)switch(N){case 0:Q+=" ui-datepicker-group-first",P=" ui-corner-"+(c?"right":"left");break;case g[1]-1:Q+=" ui-datepicker-group-last",P=" ui-corner-"+(c?"left":"right");break;default:Q+=" ui-datepicker-group-middle",P=""}Q+='">'}Q+='
                '+(/all|left/.test(P)&&L==0?c?t:r:"")+(/all|right/.test(P)&&L==0?c?r:t:"")+this._generateMonthYearHeader(a,n,o,l,m,L>0||N>0,D,E)+'
                '+"";var R=z?'":"";for(var S=0;S<7;S++){var T=(S+y)%7;R+="=5?' class="ui-datepicker-week-end"':"")+">"+''+C[T]+""}Q+=R+"";var U=this._getDaysInMonth(o,n);o==a.selectedYear&&n==a.selectedMonth&&(a.selectedDay=Math.min(a.selectedDay,U));var V=(this._getFirstDayOfMonth(o,n)-y+7)%7,W=Math.ceil((V+U)/7),X=j?this.maxRows>W?this.maxRows:W:W;this.maxRows=X;var Y=this._daylightSavingAdjust(new Date(o,n,1-V));for(var Z=0;Z";var _=z?'":"";for(var S=0;S<7;S++){var ba=F?F.apply(a.input?a.input[0]:null,[Y]):[!0,""],bb=Y.getMonth()!=n,bc=bb&&!H||!ba[0]||l&&Ym;_+='",Y.setDate(Y.getDate()+1),Y=this._daylightSavingAdjust(Y)}Q+=_+""}n++,n>11&&(n=0,o++),Q+="
                '+this._get(a,"weekHeader")+"
                '+this._get(a,"calculateWeek")(Y)+""+(bb&&!G?" ":bc?''+Y.getDate()+"":''+Y.getDate()+"")+"
                "+(j?"
                "+(g[0]>0&&N==g[1]-1?'
                ':""):""),M+=Q}K+=M}return K+=x+($.browser.msie&&parseInt($.browser.version,10)<7&&!a.inline?'':""),a._keyEvent=!1,K},_generateMonthYearHeader:function(a,b,c,d,e,f,g,h){var i=this._get(a,"changeMonth"),j=this._get(a,"changeYear"),k=this._get(a,"showMonthAfterYear"),l='
                ',m="";if(f||!i)m+=''+g[b]+"";else{var n=d&&d.getFullYear()==c,o=e&&e.getFullYear()==c;m+='"}k||(l+=m+(f||!i||!j?" ":""));if(!a.yearshtml){a.yearshtml="";if(f||!j)l+=''+c+"";else{var q=this._get(a,"yearRange").split(":"),r=(new Date).getFullYear(),s=function(a){var b=a.match(/c[+-].*/)?c+parseInt(a.substring(1),10):a.match(/[+-].*/)?r+parseInt(a,10):parseInt(a,10);return isNaN(b)?r:b},t=s(q[0]),u=Math.max(t,s(q[1]||""));t=d?Math.max(t,d.getFullYear()):t,u=e?Math.min(u,e.getFullYear()):u,a.yearshtml+='",l+=a.yearshtml,a.yearshtml=null}}return l+=this._get(a,"yearSuffix"),k&&(l+=(f||!i||!j?" ":"")+m),l+="
                ",l},_adjustInstDate:function(a,b,c){var d=a.drawYear+(c=="Y"?b:0),e=a.drawMonth+(c=="M"?b:0),f=Math.min(a.selectedDay,this._getDaysInMonth(d,e))+(c=="D"?b:0),g=this._restrictMinMax(a,this._daylightSavingAdjust(new Date(d,e,f)));a.selectedDay=g.getDate(),a.drawMonth=a.selectedMonth=g.getMonth(),a.drawYear=a.selectedYear=g.getFullYear(),(c=="M"||c=="Y")&&this._notifyChange(a)},_restrictMinMax:function(a,b){var c=this._getMinMaxDate(a,"min"),d=this._getMinMaxDate(a,"max"),e=c&&bd?d:e,e},_notifyChange:function(a){var b=this._get(a,"onChangeMonthYear");b&&b.apply(a.input?a.input[0]:null,[a.selectedYear,a.selectedMonth+1,a])},_getNumberOfMonths:function(a){var b=this._get(a,"numberOfMonths");return b==null?[1,1]:typeof b=="number"?[1,b]:b},_getMinMaxDate:function(a,b){return this._determineDate(a,this._get(a,b+"Date"),null)},_getDaysInMonth:function(a,b){return 32-this._daylightSavingAdjust(new Date(a,b,32)).getDate()},_getFirstDayOfMonth:function(a,b){return(new Date(a,b,1)).getDay()},_canAdjustMonth:function(a,b,c,d){var e=this._getNumberOfMonths(a),f=this._daylightSavingAdjust(new Date(c,d+(b<0?b:e[0]*e[1]),1));return b<0&&f.setDate(this._getDaysInMonth(f.getFullYear(),f.getMonth())),this._isInRange(a,f)},_isInRange:function(a,b){var c=this._getMinMaxDate(a,"min"),d=this._getMinMaxDate(a,"max");return(!c||b.getTime()>=c.getTime())&&(!d||b.getTime()<=d.getTime())},_getFormatConfig:function(a){var b=this._get(a,"shortYearCutoff");return b=typeof b!="string"?b:(new Date).getFullYear()%100+parseInt(b,10),{shortYearCutoff:b,dayNamesShort:this._get(a,"dayNamesShort"),dayNames:this._get(a,"dayNames"),monthNamesShort:this._get(a,"monthNamesShort"),monthNames:this._get(a,"monthNames")}},_formatDate:function(a,b,c,d){b||(a.currentDay=a.selectedDay,a.currentMonth=a.selectedMonth,a.currentYear=a.selectedYear);var e=b?typeof b=="object"?b:this._daylightSavingAdjust(new Date(d,c,b)):this._daylightSavingAdjust(new Date(a.currentYear,a.currentMonth,a.currentDay));return this.formatDate(this._get(a,"dateFormat"),e,this._getFormatConfig(a))}}),$.fn.datepicker=function(a){if(!this.length)return this;$.datepicker.initialized||($(document).mousedown($.datepicker._checkExternalClick).find("body").append($.datepicker.dpDiv),$.datepicker.initialized=!0);var b=Array.prototype.slice.call(arguments,1);return typeof a!="string"||a!="isDisabled"&&a!="getDate"&&a!="widget"?a=="option"&&arguments.length==2&&typeof arguments[1]=="string"?$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this[0]].concat(b)):this.each(function(){typeof a=="string"?$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this].concat(b)):$.datepicker._attachDatepicker(this,a)}):$.datepicker["_"+a+"Datepicker"].apply($.datepicker,[this[0]].concat(b))},$.datepicker=new Datepicker,$.datepicker.initialized=!1,$.datepicker.uuid=(new Date).getTime(),$.datepicker.version="1.8.23",window["DP_jQuery_"+dpuuid]=$}(jQuery),function(a,b){var c="ui-dialog ui-widget ui-widget-content ui-corner-all ",d={buttons:!0,height:!0,maxHeight:!0,maxWidth:!0,minHeight:!0,minWidth:!0,width:!0},e={maxHeight:!0,maxWidth:!0,minHeight:!0,minWidth:!0};a.widget("ui.dialog",{options:{autoOpen:!0,buttons:{},closeOnEscape:!0,closeText:"close",dialogClass:"",draggable:!0,hide:null,height:"auto",maxHeight:!1,maxWidth:!1,minHeight:150,minWidth:150,modal:!1,position:{my:"center",at:"center",collision:"fit",using:function(b){var c=a(this).css(b).offset().top;c<0&&a(this).css("top",b.top-c)}},resizable:!0,show:null,stack:!0,title:"",width:300,zIndex:1e3},_create:function(){this.originalTitle=this.element.attr("title"),typeof this.originalTitle!="string"&&(this.originalTitle=""),this.options.title=this.options.title||this.originalTitle;var b=this,d=b.options,e=d.title||" ",f=a.ui.dialog.getTitleId(b.element),g=(b.uiDialog=a("
                ")).appendTo(document.body).hide().addClass(c+d.dialogClass).css({zIndex:d.zIndex}).attr("tabIndex",-1).css("outline",0).keydown(function(c){d.closeOnEscape&&!c.isDefaultPrevented()&&c.keyCode&&c.keyCode===a.ui.keyCode.ESCAPE&&(b.close(c),c.preventDefault())}).attr({role:"dialog","aria-labelledby":f}).mousedown(function(a){b.moveToTop(!1,a)}),h=b.element.show().removeAttr("title").addClass("ui-dialog-content ui-widget-content").appendTo(g),i=(b.uiDialogTitlebar=a("
                ")).addClass("ui-dialog-titlebar ui-widget-header ui-corner-all ui-helper-clearfix").prependTo(g),j=a('').addClass("ui-dialog-titlebar-close ui-corner-all").attr("role","button").hover(function(){j.addClass("ui-state-hover")},function(){j.removeClass("ui-state-hover")}).focus(function(){j.addClass("ui-state-focus")}).blur(function(){j.removeClass("ui-state-focus")}).click(function(a){return b.close(a),!1}).appendTo(i),k=(b.uiDialogTitlebarCloseText=a("")).addClass("ui-icon ui-icon-closethick").text(d.closeText).appendTo(j),l=a("").addClass("ui-dialog-title").attr("id",f).html(e).prependTo(i);a.isFunction(d.beforeclose)&&!a.isFunction(d.beforeClose)&&(d.beforeClose=d.beforeclose),i.find("*").add(i).disableSelection(),d.draggable&&a.fn.draggable&&b._makeDraggable(),d.resizable&&a.fn.resizable&&b._makeResizable(),b._createButtons(d.buttons),b._isOpen=!1,a.fn.bgiframe&&g.bgiframe()},_init:function(){this.options.autoOpen&&this.open()},destroy:function(){var a=this;return a.overlay&&a.overlay.destroy(),a.uiDialog.hide(),a.element.unbind(".dialog").removeData("dialog").removeClass("ui-dialog-content ui-widget-content").hide().appendTo("body"),a.uiDialog.remove(),a.originalTitle&&a.element.attr("title",a.originalTitle),a},widget:function(){return this.uiDialog},close:function(b){var c=this,d,e;if(!1===c._trigger("beforeClose",b))return;return c.overlay&&c.overlay.destroy(),c.uiDialog.unbind("keypress.ui-dialog"),c._isOpen=!1,c.options.hide?c.uiDialog.hide(c.options.hide,function(){c._trigger("close",b)}):(c.uiDialog.hide(),c._trigger("close",b)),a.ui.dialog.overlay.resize(),c.options.modal&&(d=0,a(".ui-dialog").each(function(){this!==c.uiDialog[0]&&(e=a(this).css("z-index"),isNaN(e)||(d=Math.max(d,e)))}),a.ui.dialog.maxZ=d),c},isOpen:function(){return this._isOpen},moveToTop:function(b,c){var d=this,e=d.options,f;return e.modal&&!b||!e.stack&&!e.modal?d._trigger("focus",c):(e.zIndex>a.ui.dialog.maxZ&&(a.ui.dialog.maxZ=e.zIndex),d.overlay&&(a.ui.dialog.maxZ+=1,d.overlay.$el.css("z-index",a.ui.dialog.overlay.maxZ=a.ui.dialog.maxZ)),f={scrollTop:d.element.scrollTop(),scrollLeft:d.element.scrollLeft()},a.ui.dialog.maxZ+=1,d.uiDialog.css("z-index",a.ui.dialog.maxZ),d.element.attr(f),d._trigger("focus",c),d)},open:function(){if(this._isOpen)return;var b=this,c=b.options,d=b.uiDialog;return b.overlay=c.modal?new a.ui.dialog.overlay(b):null,b._size(),b._position(c.position),d.show(c.show),b.moveToTop(!0),c.modal&&d.bind("keydown.ui-dialog",function(b){if(b.keyCode!==a.ui.keyCode.TAB)return;var c=a(":tabbable",this),d=c.filter(":first"),e=c.filter(":last");if(b.target===e[0]&&!b.shiftKey)return d.focus(1),!1;if(b.target===d[0]&&b.shiftKey)return e.focus(1),!1}),a(b.element.find(":tabbable").get().concat(d.find(".ui-dialog-buttonpane :tabbable").get().concat(d.get()))).eq(0).focus(),b._isOpen=!0,b._trigger("open"),b},_createButtons:function(b){var c=this,d=!1,e=a("
                ").addClass("ui-dialog-buttonpane ui-widget-content ui-helper-clearfix"),f=a("
                ").addClass("ui-dialog-buttonset").appendTo(e);c.uiDialog.find(".ui-dialog-buttonpane").remove(),typeof b=="object"&&b!==null&&a.each(b,function(){return!(d=!0)}),d&&(a.each(b,function(b,d){d=a.isFunction(d)?{click:d,text:b}:d;var e=a('').click(function(){d.click.apply(c.element[0],arguments)}).appendTo(f);a.each(d,function(a,b){if(a==="click")return;a in e?e[a](b):e.attr(a,b)}),a.fn.button&&e.button()}),e.appendTo(c.uiDialog))},_makeDraggable:function(){function f(a){return{position:a.position,offset:a.offset}}var b=this,c=b.options,d=a(document),e;b.uiDialog.draggable({cancel:".ui-dialog-content, .ui-dialog-titlebar-close",handle:".ui-dialog-titlebar",containment:"document",start:function(d,g){e=c.height==="auto"?"auto":a(this).height(),a(this).height(a(this).height()).addClass("ui-dialog-dragging"),b._trigger("dragStart",d,f(g))},drag:function(a,c){b._trigger("drag",a,f(c))},stop:function(g,h){c.position=[h.position.left-d.scrollLeft(),h.position.top-d.scrollTop()],a(this).removeClass("ui-dialog-dragging").height(e),b._trigger("dragStop",g,f(h)),a.ui.dialog.overlay.resize()}})},_makeResizable:function(c){function h(a){return{originalPosition:a.originalPosition,originalSize:a.originalSize,position:a.position,size:a.size}}c=c===b?this.options.resizable:c;var d=this,e=d.options,f=d.uiDialog.css("position"),g=typeof c=="string"?c:"n,e,s,w,se,sw,ne,nw";d.uiDialog.resizable({cancel:".ui-dialog-content",containment:"document",alsoResize:d.element,maxWidth:e.maxWidth,maxHeight:e.maxHeight,minWidth:e.minWidth,minHeight:d._minHeight(),handles:g,start:function(b,c){a(this).addClass("ui-dialog-resizing"),d._trigger("resizeStart",b,h(c))},resize:function(a,b){d._trigger("resize",a,h(b))},stop:function(b,c){a(this).removeClass("ui-dialog-resizing"),e.height=a(this).height(),e.width=a(this).width(),d._trigger("resizeStop",b,h(c)),a.ui.dialog.overlay.resize()}}).css("position",f).find(".ui-resizable-se").addClass("ui-icon ui-icon-grip-diagonal-se")},_minHeight:function(){var a=this.options;return a.height==="auto"?a.minHeight:Math.min(a.minHeight,a.height)},_position:function(b){var c=[],d=[0,0],e;if(b){if(typeof b=="string"||typeof b=="object"&&"0"in b)c=b.split?b.split(" "):[b[0],b[1]],c.length===1&&(c[1]=c[0]),a.each(["left","top"],function(a,b){+c[a]===c[a]&&(d[a]=c[a],c[a]=b)}),b={my:c.join(" "),at:c.join(" "),offset:d.join(" ")};b=a.extend({},a.ui.dialog.prototype.options.position,b)}else b=a.ui.dialog.prototype.options.position;e=this.uiDialog.is(":visible"),e||this.uiDialog.show(),this.uiDialog.css({top:0,left:0}).position(a.extend({of:window},b)),e||this.uiDialog.hide()},_setOptions:function(b){var c=this,f={},g=!1;a.each(b,function(a,b){c._setOption(a,b),a in d&&(g=!0),a in e&&(f[a]=b)}),g&&this._size(),this.uiDialog.is(":data(resizable)")&&this.uiDialog.resizable("option",f)},_setOption:function(b,d){var e=this,f=e.uiDialog;switch(b){case"beforeclose":b="beforeClose";break;case"buttons":e._createButtons(d);break;case"closeText":e.uiDialogTitlebarCloseText.text(""+d);break;case"dialogClass":f.removeClass(e.options.dialogClass).addClass(c+d);break;case"disabled":d?f.addClass("ui-dialog-disabled"):f.removeClass("ui-dialog-disabled");break;case"draggable":var g=f.is(":data(draggable)");g&&!d&&f.draggable("destroy"),!g&&d&&e._makeDraggable();break;case"position":e._position(d);break;case"resizable":var h=f.is(":data(resizable)");h&&!d&&f.resizable("destroy"),h&&typeof d=="string"&&f.resizable("option","handles",d),!h&&d!==!1&&e._makeResizable(d);break;case"title":a(".ui-dialog-title",e.uiDialogTitlebar).html(""+(d||" "))}a.Widget.prototype._setOption.apply(e,arguments)},_size:function(){var b=this.options,c,d,e=this.uiDialog.is(":visible");this.element.show().css({width:"auto",minHeight:0,height:0}),b.minWidth>b.width&&(b.width=b.minWidth),c=this.uiDialog.css({height:"auto",width:b.width}).height(),d=Math.max(0,b.minHeight-c);if(b.height==="auto")if(a.support.minHeight)this.element.css({minHeight:d,height:"auto"});else{this.uiDialog.show();var f=this.element.css("height","auto").height();e||this.uiDialog.hide(),this.element.height(Math.max(f,d))}else this.element.height(Math.max(b.height-c,0));this.uiDialog.is(":data(resizable)")&&this.uiDialog.resizable("option","minHeight",this._minHeight())}}),a.extend(a.ui.dialog,{version:"1.8.23",uuid:0,maxZ:0,getTitleId:function(a){var b=a.attr("id");return b||(this.uuid+=1,b=this.uuid),"ui-dialog-title-"+b},overlay:function(b){this.$el=a.ui.dialog.overlay.create(b)}}),a.extend(a.ui.dialog.overlay,{instances:[],oldInstances:[],maxZ:0,events:a.map("focus,mousedown,mouseup,keydown,keypress,click".split(","),function(a){return a+".dialog-overlay"}).join(" "),create:function(b){this.instances.length===0&&(setTimeout(function(){a.ui.dialog.overlay.instances.length&&a(document).bind(a.ui.dialog.overlay.events,function(b){if(a(b.target).zIndex()
                ").addClass("ui-widget-overlay")).appendTo(document.body).css({width:this.width(),height:this.height()});return a.fn.bgiframe&&c.bgiframe(),this.instances.push(c),c},destroy:function(b){var c=a.inArray(b,this.instances);c!=-1&&this.oldInstances.push(this.instances.splice(c,1)[0]),this.instances.length===0&&a([document,window]).unbind(".dialog-overlay"),b.remove();var d=0;a.each(this.instances,function(){d=Math.max(d,this.css("z-index"))}),this.maxZ=d},height:function(){var b,c;return a.browser.msie&&a.browser.version<7?(b=Math.max(document.documentElement.scrollHeight,document.body.scrollHeight),c=Math.max(document.documentElement.offsetHeight,document.body.offsetHeight),b0?b.left-e:Math.max(b.left-c.collisionPosition.left,b.left)},top:function(b,c){var d=a(window),e=c.collisionPosition.top+c.collisionHeight-d.height()-d.scrollTop();b.top=e>0?b.top-e:Math.max(b.top-c.collisionPosition.top,b.top)}},flip:{left:function(b,c){if(c.at[0]===e)return;var d=a(window),f=c.collisionPosition.left+c.collisionWidth-d.width()-d.scrollLeft(),g=c.my[0]==="left"?-c.elemWidth:c.my[0]==="right"?c.elemWidth:0,h=c.at[0]==="left"?c.targetWidth:-c.targetWidth,i=-2*c.offset[0];b.left+=c.collisionPosition.left<0?g+h+i:f>0?g+h+i:0},top:function(b,c){if(c.at[1]===e)return;var d=a(window),f=c.collisionPosition.top+c.collisionHeight-d.height()-d.scrollTop(),g=c.my[1]==="top"?-c.elemHeight:c.my[1]==="bottom"?c.elemHeight:0,h=c.at[1]==="top"?c.targetHeight:-c.targetHeight,i=-2*c.offset[1];b.top+=c.collisionPosition.top<0?g+h+i:f>0?g+h+i:0}}},a.offset.setOffset||(a.offset.setOffset=function(b,c){/static/.test(a.curCSS(b,"position"))&&(b.style.position="relative");var d=a(b),e=d.offset(),f=parseInt(a.curCSS(b,"top",!0),10)||0,g=parseInt(a.curCSS(b,"left",!0),10)||0,h={top:c.top-e.top+f,left:c.left-e.left+g};"using"in c?c.using.call(b,h):d.css(h)},a.fn.offset=function(b){var c=this[0];return!c||!c.ownerDocument?null:b?a.isFunction(b)?this.each(function(c){a(this).offset(b.call(this,c,a(this).offset()))}):this.each(function(){a.offset.setOffset(this,b)}):h.call(this)}),a.curCSS||(a.curCSS=a.css),function(){var b=document.getElementsByTagName("body")[0],c=document.createElement("div"),d,e,g,h,i;d=document.createElement(b?"div":"body"),g={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},b&&a.extend(g,{position:"absolute",left:"-1000px",top:"-1000px"});for(var j in g)d.style[j]=g[j];d.appendChild(c),e=b||document.documentElement,e.insertBefore(d,e.firstChild),c.style.cssText="position: absolute; left: 10.7432222px; top: 10.432325px; height: 30px; width: 201px;",h=a(c).offset(function(a,b){return b}).offset(),d.innerHTML="",e.removeChild(d),i=h.top+h.left+(b?2e3:0),f.fractions=i>21&&i<22}()}(jQuery),function(a,b){a.widget("ui.progressbar",{options:{value:0,max:100},min:0,_create:function(){this.element.addClass("ui-progressbar ui-widget ui-widget-content ui-corner-all").attr({role:"progressbar","aria-valuemin":this.min,"aria-valuemax":this.options.max,"aria-valuenow":this._value()}),this.valueDiv=a("
                ").appendTo(this.element),this.oldValue=this._value(),this._refreshValue()},destroy:function(){this.element.removeClass("ui-progressbar ui-widget ui-widget-content ui-corner-all").removeAttr("role").removeAttr("aria-valuemin").removeAttr("aria-valuemax").removeAttr("aria-valuenow"),this.valueDiv.remove(),a.Widget.prototype.destroy.apply(this,arguments)},value:function(a){return a===b?this._value():(this._setOption("value",a),this)},_setOption:function(b,c){b==="value"&&(this.options.value=c,this._refreshValue(),this._value()===this.options.max&&this._trigger("complete")),a.Widget.prototype._setOption.apply(this,arguments)},_value:function(){var a=this.options.value;return typeof a!="number"&&(a=0),Math.min(this.options.max,Math.max(this.min,a))},_percentage:function(){return 100*this._value()/this.options.max},_refreshValue:function(){var a=this.value(),b=this._percentage();this.oldValue!==a&&(this.oldValue=a,this._trigger("change")),this.valueDiv.toggle(a>this.min).toggleClass("ui-corner-right",a===this.options.max).width(b.toFixed(0)+"%"),this.element.attr("aria-valuenow",a)}}),a.extend(a.ui.progressbar,{version:"1.8.23"})}(jQuery),function(a,b){var c=5;a.widget("ui.slider",a.ui.mouse,{widgetEventPrefix:"slide",options:{animate:!1,distance:0,max:100,min:0,orientation:"horizontal",range:!1,step:1,value:0,values:null},_create:function(){var b=this,d=this.options,e=this.element.find(".ui-slider-handle").addClass("ui-state-default ui-corner-all"),f="",g=d.values&&d.values.length||1,h=[];this._keySliding=!1,this._mouseSliding=!1,this._animateOff=!0,this._handleIndex=null,this._detectOrientation(),this._mouseInit(),this.element.addClass("ui-slider ui-slider-"+this.orientation+" ui-widget"+" ui-widget-content"+" ui-corner-all"+(d.disabled?" ui-slider-disabled ui-disabled":"")),this.range=a([]),d.range&&(d.range===!0&&(d.values||(d.values=[this._valueMin(),this._valueMin()]),d.values.length&&d.values.length!==2&&(d.values=[d.values[0],d.values[0]])),this.range=a("
                ").appendTo(this.element).addClass("ui-slider-range ui-widget-header"+(d.range==="min"||d.range==="max"?" ui-slider-range-"+d.range:"")));for(var i=e.length;ic&&(f=c,g=a(this),i=b)}),c.range===!0&&this.values(1)===c.min&&(i+=1,g=a(this.handles[i])),j=this._start(b,i),j===!1?!1:(this._mouseSliding=!0,h._handleIndex=i,g.addClass("ui-state-active").focus(),k=g.offset(),l=!a(b.target).parents().andSelf().is(".ui-slider-handle"),this._clickOffset=l?{left:0,top:0}:{left:b.pageX-k.left-g.width()/2,top:b.pageY-k.top-g.height()/2-(parseInt(g.css("borderTopWidth"),10)||0)-(parseInt(g.css("borderBottomWidth"),10)||0)+(parseInt(g.css("marginTop"),10)||0)},this.handles.hasClass("ui-state-hover")||this._slide(b,i,e),this._animateOff=!0,!0))},_mouseStart:function(a){return!0},_mouseDrag:function(a){var b={x:a.pageX,y:a.pageY},c=this._normValueFromMouse(b);return this._slide(a,this._handleIndex,c),!1},_mouseStop:function(a){return this.handles.removeClass("ui-state-active"),this._mouseSliding=!1,this._stop(a,this._handleIndex),this._change(a,this._handleIndex),this._handleIndex=null,this._clickOffset=null,this._animateOff=!1,!1},_detectOrientation:function(){this.orientation=this.options.orientation==="vertical"?"vertical":"horizontal"},_normValueFromMouse:function(a){var b,c,d,e,f;return this.orientation==="horizontal"?(b=this.elementSize.width,c=a.x-this.elementOffset.left-(this._clickOffset?this._clickOffset.left:0)):(b=this.elementSize.height,c=a.y-this.elementOffset.top-(this._clickOffset?this._clickOffset.top:0)),d=c/b,d>1&&(d=1),d<0&&(d=0),this.orientation==="vertical"&&(d=1-d),e=this._valueMax()-this._valueMin(),f=this._valueMin()+d*e,this._trimAlignValue(f)},_start:function(a,b){var c={handle:this.handles[b],value:this.value()};return this.options.values&&this.options.values.length&&(c.value=this.values(b),c.values=this.values()),this._trigger("start",a,c)},_slide:function(a,b,c){var d,e,f;this.options.values&&this.options.values.length?(d=this.values(b?0:1),this.options.values.length===2&&this.options.range===!0&&(b===0&&c>d||b===1&&c1){this.options.values[b]=this._trimAlignValue(c),this._refreshValue(),this._change(null,b);return}if(!arguments.length)return this._values();if(!a.isArray(arguments[0]))return this.options.values&&this.options.values.length?this._values(b):this.value();d=this.options.values,e=arguments[0];for(f=0;f=this._valueMax())return this._valueMax();var b=this.options.step>0?this.options.step:1,c=(a-this._valueMin())%b,d=a-c;return Math.abs(c)*2>=b&&(d+=c>0?b:-b),parseFloat(d.toFixed(5))},_valueMin:function(){return this.options.min},_valueMax:function(){return this.options.max},_refreshValue:function(){var b=this.options.range,c=this.options,d=this,e=this._animateOff?!1:c.animate,f,g={},h,i,j,k;this.options.values&&this.options.values.length?this.handles.each(function(b,i){f=(d.values(b)-d._valueMin())/(d._valueMax()-d._valueMin())*100,g[d.orientation==="horizontal"?"left":"bottom"]=f+"%",a(this).stop(1,1)[e?"animate":"css"](g,c.animate),d.options.range===!0&&(d.orientation==="horizontal"?(b===0&&d.range.stop(1,1)[e?"animate":"css"]({left:f+"%"},c.animate),b===1&&d.range[e?"animate":"css"]({width:f-h+"%"},{queue:!1,duration:c.animate})):(b===0&&d.range.stop(1,1)[e?"animate":"css"]({bottom:f+"%"},c.animate),b===1&&d.range[e?"animate":"css"]({height:f-h+"%"},{queue:!1,duration:c.animate}))),h=f}):(i=this.value(),j=this._valueMin(),k=this._valueMax(),f=k!==j?(i-j)/(k-j)*100:0,g[d.orientation==="horizontal"?"left":"bottom"]=f+"%",this.handle.stop(1,1)[e?"animate":"css"](g,c.animate),b==="min"&&this.orientation==="horizontal"&&this.range.stop(1,1)[e?"animate":"css"]({width:f+"%"},c.animate),b==="max"&&this.orientation==="horizontal"&&this.range[e?"animate":"css"]({width:100-f+"%"},{queue:!1,duration:c.animate}),b==="min"&&this.orientation==="vertical"&&this.range.stop(1,1)[e?"animate":"css"]({height:f+"%"},c.animate),b==="max"&&this.orientation==="vertical"&&this.range[e?"animate":"css"]({height:100-f+"%"},{queue:!1,duration:c.animate}))}}),a.extend(a.ui.slider,{version:"1.8.23"})}(jQuery),function(a,b){function e(){return++c}function f(){return++d}var c=0,d=0;a.widget("ui.tabs",{options:{add:null,ajaxOptions:null,cache:!1,cookie:null,collapsible:!1,disable:null,disabled:[],enable:null,event:"click",fx:null,idPrefix:"ui-tabs-",load:null,panelTemplate:"
                ",remove:null,select:null,show:null,spinner:"Loading…",tabTemplate:"
              • #{label}
                • "},_create:function(){this._tabify(!0)},_setOption:function(a,b){if(a=="selected"){if(this.options.collapsible&&b==this.options.selected)return;this.select(b)}else this.options[a]=b,this._tabify()},_tabId:function(a){return a.title&&a.title.replace(/\s/g,"_").replace(/[^\w\u00c0-\uFFFF-]/g,"")||this.options.idPrefix+e()},_sanitizeSelector:function(a){return a.replace(/:/g,"\\:")},_cookie:function(){var b=this.cookie||(this.cookie=this.options.cookie.name||"ui-tabs-"+f());return a.cookie.apply(null,[b].concat(a.makeArray(arguments)))},_ui:function(a,b){return{tab:a,panel:b,index:this.anchors.index(a)}},_cleanup:function(){this.lis.filter(".ui-state-processing").removeClass("ui-state-processing").find("span:data(label.tabs)").each(function(){var b=a(this);b.html(b.data("label.tabs")).removeData("label.tabs")})},_tabify:function(c){function m(b,c){b.css("display",""),!a.support.opacity&&c.opacity&&b[0].style.removeAttribute("filter")}var d=this,e=this.options,f=/^#.+/;this.list=this.element.find("ol,ul").eq(0),this.lis=a(" > li:has(a[href])",this.list),this.anchors=this.lis.map(function(){return a("a",this)[0]}),this.panels=a([]),this.anchors.each(function(b,c){var g=a(c).attr("href"),h=g.split("#")[0],i;h&&(h===location.toString().split("#")[0]||(i=a("base")[0])&&h===i.href)&&(g=c.hash,c.href=g);if(f.test(g))d.panels=d.panels.add(d.element.find(d._sanitizeSelector(g)));else if(g&&g!=="#"){a.data(c,"href.tabs",g),a.data(c,"load.tabs",g.replace(/#.*$/,""));var j=d._tabId(c);c.href="#"+j;var k=d.element.find("#"+j);k.length||(k=a(e.panelTemplate).attr("id",j).addClass("ui-tabs-panel ui-widget-content ui-corner-bottom").insertAfter(d.panels[b-1]||d.list),k.data("destroy.tabs",!0)),d.panels=d.panels.add(k)}else e.disabled.push(b)}),c?(this.element.addClass("ui-tabs ui-widget ui-widget-content ui-corner-all"),this.list.addClass("ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all"),this.lis.addClass("ui-state-default ui-corner-top"),this.panels.addClass("ui-tabs-panel ui-widget-content ui-corner-bottom"),e.selected===b?(location.hash&&this.anchors.each(function(a,b){if(b.hash==location.hash)return e.selected=a,!1}),typeof e.selected!="number"&&e.cookie&&(e.selected=parseInt(d._cookie(),10)),typeof e.selected!="number"&&this.lis.filter(".ui-tabs-selected").length&&(e.selected=this.lis.index(this.lis.filter(".ui-tabs-selected"))),e.selected=e.selected||(this.lis.length?0:-1)):e.selected===null&&(e.selected=-1),e.selected=e.selected>=0&&this.anchors[e.selected]||e.selected<0?e.selected:0,e.disabled=a.unique(e.disabled.concat(a.map(this.lis.filter(".ui-state-disabled"),function(a,b){return d.lis.index(a)}))).sort(),a.inArray(e.selected,e.disabled)!=-1&&e.disabled.splice(a.inArray(e.selected,e.disabled),1),this.panels.addClass("ui-tabs-hide"),this.lis.removeClass("ui-tabs-selected ui-state-active"),e.selected>=0&&this.anchors.length&&(d.element.find(d._sanitizeSelector(d.anchors[e.selected].hash)).removeClass("ui-tabs-hide"),this.lis.eq(e.selected).addClass("ui-tabs-selected ui-state-active"),d.element.queue("tabs",function(){d._trigger("show",null,d._ui(d.anchors[e.selected],d.element.find(d._sanitizeSelector(d.anchors[e.selected].hash))[0]))}),this.load(e.selected)),a(window).bind("unload",function(){d.lis.add(d.anchors).unbind(".tabs"),d.lis=d.anchors=d.panels=null})):e.selected=this.lis.index(this.lis.filter(".ui-tabs-selected")),this.element[e.collapsible?"addClass":"removeClass"]("ui-tabs-collapsible"),e.cookie&&this._cookie(e.selected,e.cookie);for(var g=0,h;h=this.lis[g];g++)a(h)[a.inArray(g,e.disabled)!=-1&&!a(h).hasClass("ui-tabs-selected")?"addClass":"removeClass"]("ui-state-disabled");e.cache===!1&&this.anchors.removeData("cache.tabs"),this.lis.add(this.anchors).unbind(".tabs");if(e.event!=="mouseover"){var i=function(a,b){b.is(":not(.ui-state-disabled)")&&b.addClass("ui-state-"+a)},j=function(a,b){b.removeClass("ui-state-"+a)};this.lis.bind("mouseover.tabs",function(){i("hover",a(this))}),this.lis.bind("mouseout.tabs",function(){j("hover",a(this))}),this.anchors.bind("focus.tabs",function(){i("focus",a(this).closest("li"))}),this.anchors.bind("blur.tabs",function(){j("focus",a(this).closest("li"))})}var k,l;e.fx&&(a.isArray(e.fx)?(k=e.fx[0],l=e.fx[1]):k=l=e.fx);var n=l?function(b,c){a(b).closest("li").addClass("ui-tabs-selected ui-state-active"),c.hide().removeClass("ui-tabs-hide").animate(l,l.duration||"normal",function(){m(c,l),d._trigger("show",null,d._ui(b,c[0]))})}:function(b,c){a(b).closest("li").addClass("ui-tabs-selected ui-state-active"),c.removeClass("ui-tabs-hide"),d._trigger("show",null,d._ui(b,c[0]))},o=k?function(a,b){b.animate(k,k.duration||"normal",function(){d.lis.removeClass("ui-tabs-selected ui-state-active"),b.addClass("ui-tabs-hide"),m(b,k),d.element.dequeue("tabs")})}:function(a,b,c){d.lis.removeClass("ui-tabs-selected ui-state-active"),b.addClass("ui-tabs-hide"),d.element.dequeue("tabs")};this.anchors.bind(e.event+".tabs",function(){var b=this,c=a(b).closest("li"),f=d.panels.filter(":not(.ui-tabs-hide)"),g=d.element.find(d._sanitizeSelector(b.hash));if(c.hasClass("ui-tabs-selected")&&!e.collapsible||c.hasClass("ui-state-disabled")||c.hasClass("ui-state-processing")||d.panels.filter(":animated").length||d._trigger("select",null,d._ui(this,g[0]))===!1)return this.blur(),!1;e.selected=d.anchors.index(this),d.abort();if(e.collapsible){if(c.hasClass("ui-tabs-selected"))return e.selected=-1,e.cookie&&d._cookie(e.selected,e.cookie),d.element.queue("tabs",function(){o(b,f)}).dequeue("tabs"),this.blur(),!1;if(!f.length)return e.cookie&&d._cookie(e.selected,e.cookie),d.element.queue("tabs",function(){n(b,g)}),d.load(d.anchors.index(this)),this.blur(),!1}e.cookie&&d._cookie(e.selected,e.cookie);if(g.length)f.length&&d.element.queue("tabs",function(){o(b,f)}),d.element.queue("tabs",function(){n(b,g)}),d.load(d.anchors.index(this));else throw"jQuery UI Tabs: Mismatching fragment identifier.";a.browser.msie&&this.blur()}),this.anchors.bind("click.tabs",function(){return!1})},_getIndex:function(a){return typeof a=="string"&&(a=this.anchors.index(this.anchors.filter("[href$='"+a+"']"))),a},destroy:function(){var b=this.options;return this.abort(),this.element.unbind(".tabs").removeClass("ui-tabs ui-widget ui-widget-content ui-corner-all ui-tabs-collapsible").removeData("tabs"),this.list.removeClass("ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all"),this.anchors.each(function(){var b=a.data(this,"href.tabs");b&&(this.href=b);var c=a(this).unbind(".tabs");a.each(["href","load","cache"],function(a,b){c.removeData(b+".tabs")})}),this.lis.unbind(".tabs").add(this.panels).each(function(){a.data(this,"destroy.tabs")?a(this).remove():a(this).removeClass(["ui-state-default","ui-corner-top","ui-tabs-selected","ui-state-active","ui-state-hover","ui-state-focus","ui-state-disabled","ui-tabs-panel","ui-widget-content","ui-corner-bottom","ui-tabs-hide"].join(" "))}),b.cookie&&this._cookie(null,b.cookie),this},add:function(c,d,e){e===b&&(e=this.anchors.length);var f=this,g=this.options,h=a(g.tabTemplate.replace(/#\{href\}/g,c).replace(/#\{label\}/g,d)),i=c.indexOf("#")?this._tabId(a("a",h)[0]):c.replace("#","");h.addClass("ui-state-default ui-corner-top").data("destroy.tabs",!0);var j=f.element.find("#"+i);return j.length||(j=a(g.panelTemplate).attr("id",i).data("destroy.tabs",!0)),j.addClass("ui-tabs-panel ui-widget-content ui-corner-bottom ui-tabs-hide"),e>=this.lis.length?(h.appendTo(this.list),j.appendTo(this.list[0].parentNode)):(h.insertBefore(this.lis[e]),j.insertBefore(this.panels[e])),g.disabled=a.map(g.disabled,function(a,b){return a>=e?++a:a}),this._tabify(),this.anchors.length==1&&(g.selected=0,h.addClass("ui-tabs-selected ui-state-active"),j.removeClass("ui-tabs-hide"),this.element.queue("tabs",function(){f._trigger("show",null,f._ui(f.anchors[0],f.panels[0]))}),this.load(0)),this._trigger("add",null,this._ui(this.anchors[e],this.panels[e])),this},remove:function(b){b=this._getIndex(b);var c=this.options,d=this.lis.eq(b).remove(),e=this.panels.eq(b).remove();return d.hasClass("ui-tabs-selected")&&this.anchors.length>1&&this.select(b+(b+1=b?--a:a}),this._tabify(),this._trigger("remove",null,this._ui(d.find("a")[0],e[0])),this},enable:function(b){b=this._getIndex(b);var c=this.options;if(a.inArray(b,c.disabled)==-1)return;return this.lis.eq(b).removeClass("ui-state-disabled"),c.disabled=a.grep(c.disabled,function(a,c){return a!=b}),this._trigger("enable",null,this._ui(this.anchors[b],this.panels[b])),this},disable:function(a){a=this._getIndex(a);var b=this,c=this.options;return a!=c.selected&&(this.lis.eq(a).addClass("ui-state-disabled"),c.disabled.push(a),c.disabled.sort(),this._trigger("disable",null,this._ui(this.anchors[a],this.panels[a]))),this},select:function(a){a=this._getIndex(a);if(a==-1)if(this.options.collapsible&&this.options.selected!=-1)a=this.options.selected;else return this;return this.anchors.eq(a).trigger(this.options.event+".tabs"),this},load:function(b){b=this._getIndex(b);var c=this,d=this.options,e=this.anchors.eq(b)[0],f=a.data(e,"load.tabs");this.abort();if(!f||this.element.queue("tabs").length!==0&&a.data(e,"cache.tabs")){this.element.dequeue("tabs");return}this.lis.eq(b).addClass("ui-state-processing");if(d.spinner){var g=a("span",e);g.data("label.tabs",g.html()).html(d.spinner)}return this.xhr=a.ajax(a.extend({},d.ajaxOptions,{url:f,success:function(f,g){c.element.find(c._sanitizeSelector(e.hash)).html(f),c._cleanup(),d.cache&&a.data(e,"cache.tabs",!0),c._trigger("load",null,c._ui(c.anchors[b],c.panels[b]));try{d.ajaxOptions.success(f,g)}catch(h){}},error:function(a,f,g){c._cleanup(),c._trigger("load",null,c._ui(c.anchors[b],c.panels[b]));try{d.ajaxOptions.error(a,f,b,e)}catch(g){}}})),c.element.dequeue("tabs"),this},abort:function(){return this.element.queue([]),this.panels.stop(!1,!0),this.element.queue("tabs",this.element.queue("tabs").splice(-2,2)),this.xhr&&(this.xhr.abort(),delete this.xhr),this._cleanup(),this},url:function(a,b){return this.anchors.eq(a).removeData("cache.tabs").data("load.tabs",b),this},length:function(){return this.anchors.length}}),a.extend(a.ui.tabs,{version:"1.8.23"}),a.extend(a.ui.tabs.prototype,{rotation:null,rotate:function(a,b){var c=this,d=this.options,e=c._rotate||(c._rotate=function(b){clearTimeout(c.rotation),c.rotation=setTimeout(function(){var a=d.selected;c.select(++a
                DateFri, 24 Feb 2023 14:03:41 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Accept-Rangesbytes
                ETagW/"200748-1358437290000"
                Last-ModifiedThu, 17 Jan 2013 15:41:30 GMT
                Cache-Controlmax-age=2419200
                ExpiresFri, 24 Mar 2023 14:03:42 GMT
                Content-Typeapplication/javascript;charset=UTF-8
                Content-Length200748
                Keep-Alivetimeout=5, max=99
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/faq.html.bakhttpzero.webappsecurity.com80Vulnerability67083Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-538: File and Directory Information ExposureSummary]]>ImplicationAn attacker can use the information obtained from the backup file of a sensitive document to craft a precise targeted attack against the web application. Such attacks can include, but are not limited to, SQL injection, remote file system access to overwrite or inject malware, and database manipulation.]]>ExecutionFix
                • Webroot Security Policy: Implement a security policy that prohibits storage of backup files in webroot.
                • Temporary Files: Many tools and editors automatically create temporary files or backup files in the webroot. Be careful when editing files on a production server to avoid inadvertently leaving a backup or temporary copy of the file(s) in the webroot.
                • Default Installations: Often, a lot of unnecessary files and folders are installed by default. For instance, IIS installations include demo applications. Be sure to remove any files or folders that are not required for application to work properly.
                • Development Backup: Source code back up should not be stored and left available on the webroot.
                + +Further QA can include test cases to look for the presence of backup files in the webroot to ensure none are left in publicly accessible folders of the web application.]]>                Reference InfoOWASP - Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004)
                CWE - 200 Information Exposure ]]>                 + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Frequently Asked Questions

                +
                +
                + +
                +
                  +
                1. Question1 ut enim ad minim veniam?
                  2. +
                2. Question2 ut enim ad minim veniam?
                  3. +
                3. Question3 ut enim ad minim veniam?
                  4. +
                4. Question4 ut enim ad minim veniam?
                  5. +
                5. Question5 ut enim ad minim veniam?
                  6. +
                6. Question6 ut enim ad minim veniam?
                  7. +
                7. Question7 ut enim ad minim veniam?
                  8. +
                + +
                +
                + +
                +
                +
                1
                +
                +
                +

                Question1 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                2
                +
                +
                +

                Question2 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                3
                +
                +
                +

                Question3 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                4
                +
                +
                +

                Question4 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                5
                +
                +
                +

                Question5 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                6
                +
                +
                +

                Question6 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                7
                +
                +
                +

                Question7 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                +
                +
                + + + + +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Contact Us
                  • +
                • Blog
                  • +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Ask a Question
                  • +
                • Video Tutorial
                  • +
                • Feedback
                  • +
                +
                + +
                +
                  +
                • License
                  • +
                • Privacy Statement
                  • +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • How to use WebInspect
                  • +
                • WebInspect scan settings files
                  • +
                • How to scan the site
                  • +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/ + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2018, Micro Focus. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/faq.htmlbakHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
                Refererhttp://zero.webappsecurity.com/faq.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="55E4604B462749386115F42180F4D471";PSID="4CAE3BF452C6150F60166D67DC3B7477";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="aabf09b7-996e-479e-9ecc-9f0508d42d72";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="708";Engine="File+Extension+Addition";SmartMode="4";tht="40";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="ea8bdf71";
                X-Request-Memorid="5229a1e3";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Frequently Asked Questions

                +
                +
                + +
                +
                  +
                1. Question1 ut enim ad minim veniam?
                  2. +
                2. Question2 ut enim ad minim veniam?
                  3. +
                3. Question3 ut enim ad minim veniam?
                  4. +
                4. Question4 ut enim ad minim veniam?
                  5. +
                5. Question5 ut enim ad minim veniam?
                  6. +
                6. Question6 ut enim ad minim veniam?
                  7. +
                7. Question7 ut enim ad minim veniam?
                  8. +
                + +
                +
                + +
                +
                +
                1
                +
                +
                +

                Question1 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                2
                +
                +
                +

                Question2 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                3
                +
                +
                +

                Question3 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                4
                +
                +
                +

                Question4 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                5
                +
                +
                +

                Question5 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                6
                +
                +
                +

                Question6 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                + +
                +
                +
                7
                +
                +
                +

                Question7 ut enim ad minim veniam?

                +
                +
                +
                +
                +

                + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. + Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo + consequat. Duis aute irure dolor in reprehenderit. +

                +
                +
                +
                +
                + + + + +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Contact Us
                  • +
                • Blog
                  • +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Ask a Question
                  • +
                • Video Tutorial
                  • +
                • Feedback
                  • +
                +
                + +
                +
                  +
                • License
                  • +
                • Privacy Statement
                  • +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • How to use WebInspect
                  • +
                • WebInspect scan settings files
                  • +
                • How to scan the site
                  • +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/ + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2018, Micro Focus. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:03:52 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Accept-Rangesbytes
                ETagW/"12557-1535343306000"
                Last-ModifiedMon, 27 Aug 2018 04:15:06 GMT
                Content-Typeapplication/octet-stream;charset=UTF-8
                Content-Length12557
                Keep-Alivetimeout=5, max=63
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/resources/css/bootstrap.csshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/bootstrap.css

                type Status report

                message /zero/resources/css/bootstrap.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/resources/css/bootstrapcssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="DBEFF6BCDC6C27BC9ABC56A2E276B4B8";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="StyleInclude";Locations="HtmlNode";NodeName="link";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="4237bcb5";
                X-Request-Memorid="c22211ef";sc="2";thid="26";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/bootstrap.css

                type Status report

                message /zero/resources/css/bootstrap.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length1015
                Keep-Alivetimeout=5, max=100
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/resources/css/main.csshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/main.css

                type Status report

                message /zero/resources/css/main.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/resources/css/maincssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="2FB18E4D93FA66D5B87CDFDC95E79B20";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="StyleInclude";Locations="HtmlNode";NodeName="link";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="77188e9e";
                X-Request-Memorid="c1cd4281";sc="2";thid="25";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/main.css

                type Status report

                message /zero/resources/css/main.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length1005
                Keep-Alivetimeout=5, max=100
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/resources/css/font-awesome.csshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/font-awesome.css

                type Status report

                message /zero/resources/css/font-awesome.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/resources/css/font-awesomecssHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="7CAEDF7886607BB09DA7C04D4C2AB93B";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="StyleInclude";Locations="HtmlNode";NodeName="link";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="3ab481c8";
                X-Request-Memorid="60070364";sc="2";thid="24";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/css/font-awesome.css

                type Status report

                message /zero/resources/css/font-awesome.css

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length1021
                Keep-Alivetimeout=5, max=100
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/resources/js/jquery-1.8.2.min.jshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/js/jquery-1.8.2.min.js

                type Status report

                message /zero/resources/js/jquery-1.8.2.min.js

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/resources/js/jquery-1.8.2.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="2AF91F5768017443B41DF199F7676D5A";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="src";Format="Relative";LinkKind="ScriptInclude";Locations="HtmlNode";NodeName="script";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="64985796";
                X-Request-Memorid="33b8584c";sc="1";thid="26";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/js/jquery-1.8.2.min.js

                type Status report

                message /zero/resources/js/jquery-1.8.2.min.js

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length1025
                Keep-Alivetimeout=5, max=99
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/resources/js/bootstrap.min.jshttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/js/bootstrap.min.js

                type Status report

                message /zero/resources/js/bootstrap.min.js

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/resources/js/bootstrap.minjsHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="5750BBEB589422DF0A935E7168FB4AE5";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="ScriptInclude";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="src";Format="Relative";LinkKind="ScriptInclude";Locations="HtmlNode";NodeName="script";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="78a7860b";
                X-Request-Memorid="f2b57dbb";sc="1";thid="25";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 - /zero/resources/js/bootstrap.min.js

                type Status report

                message /zero/resources/js/bootstrap.min.js

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length1019
                Keep-Alivetimeout=5, max=99
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/index.htmlhttpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="CF4C56DCBDC6F80B2728A091F0CCB477";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="71077d23";
                X-Request-Memorid="ed9417ff";sc="1";thid="24";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=99
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/faq.html?question=1httpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/faqhtmlHTTP/1.1question=1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question1
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="3112FD3638E458D7DDBBE4A79C3F2E9E";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="e1dda5d6";
                X-Request-Memorid="53232c5f";sc="1";thid="26";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=98
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/faq.html?question=2httpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/faqhtmlHTTP/1.1question=2Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question2
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="F8823EE90305BB7AB73A7E36868D02F5";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="5e23a9bf";
                X-Request-Memorid="b08874c8";sc="1";thid="25";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=98
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/faq.html?question=3httpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/faqhtmlHTTP/1.1question=3Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question3
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="FEAE8B9A05898BEEA0C995BFC7E46316";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="2d2eade9";
                X-Request-Memorid="7d4b2496";sc="1";thid="24";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=98
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/faq.html?question=4httpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/faqhtmlHTTP/1.1question=4Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question4
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="00B191E6514FBA72DB6A5360CDB3FFCB";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="d5cf93fd";
                X-Request-Memorid="34ee861e";sc="1";thid="24";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=97
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/zero/faq.html?question=5httpzero.webappsecurity.com80Apache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>                GET/zero/faqhtmlHTTP/1.1question=5Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +question5
                Refererhttp://zero.webappsecurity.com/faq.html.bak
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="064F618653F2ADEF1DE1ADE79FBE0C54";PSID="55E4604B462749386115F42180F4D471";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";AttributeName="href";Format="Relative";LinkKind="HyperLink";Locations="HtmlNode";NodeName="a";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="029ad565";
                X-Request-Memorid="9c6fd1fe";sc="1";thid="25";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1404Not FoundApache Tomcat/7.0.70 - Error report

                HTTP Status 404 -

                type Status report

                message

                description The requested resource is not available.

                Apache Tomcat/7.0.70

                ]]>
                DateFri, 24 Feb 2023 14:03:53 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=utf-8
                Content-Languageen
                Content-Length949
                Keep-Alivetimeout=5, max=97
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/bank/transfer-funds.htmlhttpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/bank/transfer-fundshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="F87984C063D446C0B5B5B83EEC702D2C";PSID="2B209BFC89996A2F0AE9ED7C1F450D6E";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="05c04c17";
                X-Request-Memorid="0871e4c7";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1302Found
                DateFri, 24 Feb 2023 14:04:18 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Locationhttp://zero.webappsecurity.com/login.html
                Content-Length0
                Keep-Alivetimeout=5, max=39
                ConnectionKeep-Alive
                Content-Typetext/html
                http://zero.webappsecurity.com:80/bank/transfer-funds.htmlhttpzero.webappsecurity.com80OPTIONS/bank/transfer-fundshtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1302Found
                DateFri, 24 Feb 2023 14:04:18 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Locationhttp://zero.webappsecurity.com/login.html
                Content-Length0
                Keep-Alivetimeout=5, max=39
                ConnectionKeep-Alive
                Content-Typetext/html
                http://zero.webappsecurity.com:80/httpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                Refererhttp://zero.webappsecurity.com/
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="56FEBBD9F465D6E022529D0A7D59B126";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="7600b554";
                X-Request-Memorid="bc8a5d23";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:04:18 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                AllowGET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
                Content-Length0
                Keep-Alivetimeout=5, max=35
                ConnectionKeep-Alive
                Content-Typetext/plain
                http://zero.webappsecurity.com:80/index.htmlhttpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0 +
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="69431DB0A3F9E23422BAB17C92BCFA1B";PSID="8E73B3A63EFE2AADE20745A947151EB3";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="5fb1c5ab";
                X-Request-Memorid="32fd0185";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:04:20 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                AllowGET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
                Content-Length0
                Keep-Alivetimeout=5, max=31
                ConnectionKeep-Alive
                Content-Typetext/html
                http://zero.webappsecurity.com:80/admin/httpzero.webappsecurity.com80 + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                + +
                +
                +

                Admin Home

                +
                +
                + +
                +
                + +
                + +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/admin/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Refererhttp://zero.webappsecurity.com/admin/index.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="B09C4D5CC22F10C01D9D84418780B93D";PSID="0CF01A02A1917FDBDF9FF1C597F1495C";SessionType="PathTruncation";CrawlType="None";AttackType="None";OriginatingEngineID="398bfe9e-1b77-4458-9691-603eea06e341";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="0";Engine="Path+Truncation";SmartMode="4";tht="11";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="2a3ed406";
                X-Request-Memorid="197a18ca";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                + +
                +
                +

                Admin Home

                +
                +
                + +
                +
                + +
                + +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:04:42 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=56
                ConnectionKeep-Alive
                Content-Length6617
                /search.htmlsearchTermtextsearch-query
                http://zero.webappsecurity.com:80/debug.txthttpzero.webappsecurity.com80Vulnerability385013683Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-552: Files or Directories Accessible to External PartiesSummaryImplicationExecutionFixFor Security Operations:
                Remove the application from the server. Inform developers and administrators to remove test applications from servers when they are no longer needed. While they are in use, be sure to protect them using HTTP basic authentication. + +

                For Development:

                Contact your security or network operations team and request they investigate the issue.

                For QA:
                Contact your security or network operations team and request they investigate the issue.]]>                Reference Info                GET/debugtxtHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="B1F9571EEE15898EBB34B8BED205026D";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="60b8f839-2e70-4177-8e47-f305852be435";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="1368";Engine="Site+Search";SmartMode="4";tht="11";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="0a6e1b98";
                X-Request-Memorid="38f489ef";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:04:50 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Accept-Rangesbytes
                ETagW/"27144-1368929102000"
                Last-ModifiedSun, 19 May 2013 02:05:02 GMT
                Content-Typetext/plain;charset=UTF-8
                Content-Length27144
                Keep-Alivetimeout=5, max=43
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/admin/index.htmlhttpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/admin/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/admin/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="8BB778B24C36451BEF2BD1B34699A822";PSID="0CF01A02A1917FDBDF9FF1C597F1495C";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="a5e270d4";
                X-Request-Memorid="46e06623";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:04:52 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                AllowGET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
                Content-Length0
                Keep-Alivetimeout=5, max=31
                ConnectionKeep-Alive
                Content-Typetext/html
                http://zero.webappsecurity.com:80/admin/WS_FTP.LOGhttpzero.webappsecurity.com80Vulnerability10028107351Poor Error Handling: Unhandled ExceptionCWE-209: Information Exposure Through an Error MessageCWE-248: Uncaught ExceptionErrorsPoor Error Handling: Unhandled ExceptionSummaryImplicationExecutionFixFor Development:

                + + + +Don't display fully qualified pathnames as part of error or informational messages. At the least, fully qualified pathnames can provide an attacker with important information about the architecture of web application. + +

                For Security Operations:

                + +The following recommendations will help to ensure that a potential attacker is not deriving valuable information from any error message that is presented. + +
                • + +Uniform Error Codes: Ensure that you are not inadvertently supplying information to an attacker via the use of inconsistent or "conflicting" error messages. For +instance, don't reveal unintended information by utilizing error messages such as Access Denied, which will also let an attacker know that the file he seeks +actually exists. Have consistent terminology for files and folders that do exist, do not exist, and which have read access denied.
                • Informational Error Messages: Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, row and +column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information as +possible, and then add pieces of seemingly innocuous information together to craft a method of attack.
                • Proper Error Handling: Utilize generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or +other data that could be utilized by an attacker when orchestrating an attack.
                For QA:

                + +In reality, simple testing can usually determine how your web application will react to different input errors. More expansive testing must be conducted to +cause internal errors to gauge the reaction of the site.

                + +The best course of action for QA associates to take is to ensure that the error handling scheme is consistent. Do you receive a different type of error for a file +that does not exist as opposed to a file that does? Are phrases like "Permission Denied" utilized which could reveal the existence of a file to an attacker? It is +often a seemingly innocuous piece of information that provides an attacker with the means to discover something else which he can then utilize when +conducting an attack.]]>                Reference Info                Vulnerability38507642Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-538: File and Directory Information ExposureSummaryImplication +When WS_FTP is used to transfer files, a log file called 'ws_ftp.log' is created on the server. This log file contains records of every file that is accessed by WS_FTP, which could possibly contain very valuable information to an attacker because it may list files that are otherwise "hidden." This often includes administrative or maintenance applications, web application configuration files, applications-in-development, backed-up application source code and possible application data files. + +

                + + +Primarily, WS_FTP log files are valuable to attackers because they display all files in a directory, not just ones that are intended to be used. How easy is it for an attacker to take advantage of an insecure web application via the discovery of a WS_FTP log file on your web application server? Often, this is as simple as typing in the name of the file garnered directly from the WS_FTP log files. In essence, gaining access to a WS_TP log file greatly reduces the amount of effort a potential attacker must employ to gain knowledge of your web application. + +

                + + +A fundamental necessity for a successful attack upon your web application is reconnaissance. An attacker will employ a variety of methods, including malicious scanning agents and Google searches, to find out as much information about your web application as possible. That information can then be utilized when the attacker is formulating his next method of attack. An attacker who finds a WS_FTP log files has had a large portion of his reconnaissance conducted for him.]]>                Execution +Click the following link to examine the contents of the WS_FTP log file discovered on your web application server.


                ~FullURL~]]>                FixFor Development:
                + + +Unless you are actively involved with implementing the web application server, there is not a wide range of available solutions to prevent problems that can occur from an attacker finding a WS_FTP log file. Primarily, this problem will be resolved by the web application server administrator. However, there are certain actions you can take that will help to secure your web application. + + +
                • Restrict access to important files or directories only to those who actually need it.
                • Ensure that files containing sensitive information are not left publicly accessible, or that comments left inside files do not + +reveal the locations of directories best left confidential.
                For Security Operations:
                +There are two primary actions to take to eliminate the risk of a WS_FTP log file vulnerability.
                • Manually remove the WS_FTP log file from the application server.
                • Configure WS_FTP so that it does not create log files on servers.
                One of the most important aspects of web application security is to restrict access to important files or directories only to those individuals who actually need to access them. Ensure that the private architectural structure of your web application is not exposed to anyone who wishes to view it as even seemingly innocuous directories can provide important information to a potential attacker. + +

                + +The following recommendations can help to ensure that you are not unintentionally allowing access to either information that could be utilized in conducting an attack or propriety data stored in publicly accessible directories. +
                • Ensure that files containing sensitive information are not left publicly accessible, or that comments left inside files do not reveal the locations of directories best left confidential.
                • Restrict access to important files or directories only to those who actually need it.
                • Don't follow standard naming procedures for hidden directories. For example, don't create a hidden directory called "cgi" that contains cgi scripts. Obvious directory names are just that...readily guessed by an attacker.
                + +Remember, the harder you make it for an attacker to access information about your web application, the more likely it is that he will simply find an easier target. + +

                For QA:
                +For reasons of security, it is important to test the web application not only from the perspective of a normal user, but also from that of a malicious one. Whenever possible, adopt the mindset of an attacker when testing your web application for security defects. Access your web application from outside your firewall or IDS. Utilize Google or another search engine to ensure that searches for vulnerable files do not return information from regarding your web application. For example, an attacker will utilize a search engine, and search for directory listings such as the following: "index of / cgi-bin". Make sure that your directory structure is not obvious, and that only files that are necessary are capable of being accessed.]]>                Reference InfoIIS:
                Microsoft IIS FTP Information

                General:
                Password-protecting web + +pages
                Web + +Security
                FTP Clients]]>                VulnerabilityCUSTOM35081System Information Leak: Internal IPEncapsulationSystem Information Leak: Internal IPCWE-212: Improper Cross-boundary Removal of Sensitive DataSummary10.x.x.x
                172.16.x.x through 172.31.x.x
                192.168.x.x
                fd00::x
                If not a part of techical documentation, recommendations include removing the string from the production server.]]>                ImplicationExecutionFix +This issue can appear for several reasons. The most common is that the application or webserver error message discloses the IP address. This can be solved by determining where to turn off detailed error messages in the application or webserver. Another common reason is due to a comment located in the source of the webpage. This can easily be removed from the source of the page.]]>Reference Info                 sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +]]>GET/admin/WS_FTPLOGHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Refererhttp://zero.webappsecurity.com/admin/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="94A1EDE0480773EBF41420A1285DCDB3";PSID="34A0263BDAF1097FE98AABBF96C88CB2";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="60b8f839-2e70-4177-8e47-f305852be435";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="764";Engine="Site+Search";SmartMode="4";tht="11";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="92744822";
                X-Request-Memorid="b27ca641";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg + +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.html +10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston blondbkgB.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston boston.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston choices.html +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston concbkg.jpeg +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston index.htm +10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn C:\old_repo\root\oad\incoming\lorenzo\boston water5.jpg +10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC C:\old_repo\root\oad\boston ws_ftp.log +10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg +10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn C:\old_repo\root\oad\boston WS_FTP.LOG +10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn C:\old_repo\root\oad\boston bball.gif +10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn C:\old_repo\root\oad\boston blondbkgB.jpeg +10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn C:\old_repo\root\oad\boston boston.htm +10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn C:\old_repo\root\oad\boston boston.html +10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn C:\old_repo\root\oad\boston choices.html +10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn C:\old_repo\root\oad\boston concbkg.jpeg + +10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn C:\old_repo\root\oad\boston gtrhedsm.gif +10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn C:\old_repo\root\oad\boston index.html +10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn C:\old_repo\root\oad\boston mars7.jpg +10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn C:\old_repo\root\oad\boston oadal1p2.gif +10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p1.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p2.jpg +10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn C:\old_repo\root\oad\boston oadal3p3.jpg +10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn C:\old_repo\root\oad\boston palmtreeicon.jpg +10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn C:\old_repo\root\oad\boston peoplenew.JPG +10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn C:\old_repo\root\oad\boston rsd2.gif +10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn C:\old_repo\root\oad\boston sidewavy.gif +10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn C:\old_repo\root\oad\boston smallogo.gif +10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn C:\old_repo\root\oad\boston teapotglow.jpg +10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn C:\old_repo\root\oad\boston water5.jpg +]]>
                DateFri, 24 Feb 2023 14:04:54 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Accept-Rangesbytes
                ETagW/"504686-1368929102000"
                Last-ModifiedSun, 19 May 2013 02:05:02 GMT
                Content-Length504686
                Keep-Alivetimeout=5, max=11
                ConnectionKeep-Alive
                Content-Typetext/plain
                http://zero.webappsecurity.com:80/admin/httpzero.webappsecurity.com80Vulnerability3850108101Web Server Misconfiguration: Unprotected DirectoryEnvironmentWeb Server Misconfiguration: Unprotected DirectoryCWE-552: Files or Directories Accessible to External PartiesSummaryImplication Administrative directories typically contain applications capable of changing the configuration of the running software; an attacker who gains access to an administrative application can drastically affect the operation of the web site.]]>ExecutionFixFor Security Operations:
                +You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable. + +

                For Development:
                +This problem will need to be resolved by the web application server administrator. In general, do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls. + +

                For QA:
                +This problem will be resolved by the web application server administrator.]]>                Reference InfoImplementing Basic Authentication in IIS
                http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a + +bbca505-6f63-4267-aac1-1ea89d861eb4.mspx

                Authentication, Authorization and Access Control
                http://httpd.apache.org/docs/2.0/howto/auth.html]]>                 + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                + +
                +
                +

                Admin Home

                +
                +
                + +
                +
                + +
                + +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/admin/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="C016C291C37C011F249B079F7ECCF41F";PSID="306E42D0F653E7CFA6720D7F15AE506B";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="60b8f839-2e70-4177-8e47-f305852be435";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10810";Engine="Site+Search";SmartMode="4";tht="11";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="75f3d78f";
                X-Request-Memorid="a1d76602";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK + + + + Zero - Admin - Home + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                + +
                +
                +

                Admin Home

                +
                +
                + +
                +
                + +
                + +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:04:59 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=66
                ConnectionKeep-Alive
                Content-Length6617
                /search.htmlsearchTermtextsearch-query
                http://zero.webappsecurity.com:80/README.txthttpzero.webappsecurity.com80Vulnerability10028103421Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-538: File and Directory Information ExposureSummaryImplicationThe disclosed documentation may aid an attacker in attacking the server and application.]]>ExecutionOpen a web browser and navigate to ~FullURL~.]]>FixFor Security Operations:
                Remove documentation files from all web accessible locations, or restrict access to the files via access control mechanisms. + +


                For Development:
                Have Security Operations remove this file from the production server.


                For QA:
                Have Security Operations remove this file from the production server. +]]>                Reference Info                GET/READMEtxtHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
                Refererhttp://zero.webappsecurity.com/login.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="2CD08610F2D3978F19D8D6D4E6A5089B";PSID="37A656705626B4D1D64F6BFA191C2A08";SessionType="AuditAttack";CrawlType="None";AttackType="None";OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb";AttackSequence="12";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10342";Engine="Request+Modify";SmartMode="4";tht="11";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="5378ced7";
                X-Request-Memorid="91ef5bbe";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:05:00 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Dispositionattachment; filename="README.txt"
                Content-Typetext/plain;charset=UTF-8
                Content-Length1225
                Keep-Alivetimeout=5, max=50
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/readme.txthttpzero.webappsecurity.com80GET/readmetxtHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +
                Refererhttp://zero.webappsecurity.com/login.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="9F6C30B14023E2AF3965E08C78D2E75B";PSID="37A656705626B4D1D64F6BFA191C2A08";SessionType="AuditAttack";CrawlType="None";AttackType="None";OriginatingEngineID="65cee7d3-561f-40dc-b5eb-c0b8c2383fcb";AttackSequence="13";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10342";Engine="Request+Modify";SmartMode="4";tht="11";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="15a0dbde";
                X-Request-Memorid="39f528e2";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:05:00 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Dispositionattachment; filename="readme.txt"
                Content-Typetext/plain;charset=UTF-8
                Content-Length1225
                Keep-Alivetimeout=5, max=43
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/manager/httpzero.webappsecurity.com80]]>PROPFIND/manager/HTTP/1.1<?xml version="1.0"?><D:propfind xmlns:D="DAV:"><D:prop><D:displayname /></D:prop></D:propfind>]]>]]>Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Content-Typetext/xml
                Refererhttp://zero.webappsecurity.com/manager/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                Content-Length95
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1302Found
                DateFri, 24 Feb 2023 14:05:03 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Location/manager/html
                Content-Typetext/html
                Content-Length0
                Keep-Alivetimeout=5, max=84
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/errors/httpzero.webappsecurity.com80 + +Directory Listing For /errors/ + +

                Directory Listing For /errors/ - Up To /

                + + + + + + + + + +
                FilenameSizeLast Modified
                   +errors.log21.1 kbSun, 19 May 2013 02:05:02 GMT
                +

                Apache Tomcat/7.0.70

                + +]]>                GET/errors/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Refererhttp://zero.webappsecurity.com/errors/errors.log
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="BB23AC8A7B9C89C3DE9576C0FEACCA3F";PSID="C32128A8498A56E4E6435B6994687E3A";SessionType="PathTruncation";CrawlType="None";AttackType="None";OriginatingEngineID="398bfe9e-1b77-4458-9691-603eea06e341";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="0";Engine="Path+Truncation";SmartMode="4";tht="11";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="ae0519b0";
                X-Request-Memorid="592bd07d";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK + +Directory Listing For /errors/ + +

                Directory Listing For /errors/ - Up To /

                + + + + + + + + + +
                FilenameSizeLast Modified
                   +errors.log21.1 kbSun, 19 May 2013 02:05:02 GMT
                +

                Apache Tomcat/7.0.70

                + +]]>
                DateFri, 24 Feb 2023 14:05:40 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Typetext/html;charset=UTF-8
                Content-Length1384
                Keep-Alivetimeout=5, max=76
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/errors/errors.loghttpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/errors/errorslogHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/errors/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="4C9205CDCDFD6AC68DDF0894FB5B1718";PSID="C32128A8498A56E4E6435B6994687E3A";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="b665f74c";
                X-Request-Memorid="9a3d3f13";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:05:42 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                AllowGET, HEAD, POST, PUT, DELETE, OPTIONS
                Content-Length0
                Keep-Alivetimeout=5, max=45
                ConnectionKeep-Alive
                Content-Typetext/plain
                http://zero.webappsecurity.com:80/search.html?searchTerm=%3c%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3e%61%6c%65%72%74%28%31%32%37%36%36%29%3c%2f%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3ehttpzero.webappsecurity.com80searchTermVulnerability510556494Cross-Site Scripting: ReflectedCWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)Input Validation and RepresentationCross-Site Scripting: ReflectedSummary
                A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. In this instance, the web application was vulnerable to an automatic payload, meaning the user simply has to visit a page to make the malicious scripts execute. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Recommendations include implementing secure programming techniques that ensure proper filtration of user-supplied data, and encoding all user supplied data to prevent inserted scripts being sent to end users in a format that can be executed.]]>                Implication +Cross-Site Scripting(XSS) happens when user input from a web client is immediately included via server-side scripts in a dynamically generated web page. Reflected XSS is specifically considered critical when malicious payload can be embedded in a URL (e.g. in query strings of GET requests). An attacker can trick a victim, via phishing attack, to click on a link with vulnerable input which has been altered to include attack code and then sent to the legitimate server. The injected code is then reflected back to the user's browser which executes it.

                + +The implications of successful Cross-Site Scripting attacks are: + +
                • Account hijacking - An attacker can hijack the user's session before the session cookie expires and take actions with the privileges of the user who accessed the URL, such as issuing database queries and viewing the results.
                • Malicious script execution - Users can unknowingly execute JavaScript, VBScript, ActiveX, HTML, or even Flash content that has been inserted into a dynamically generated page by an attacker. + +
                • Worm propagation - With Ajax applications, XSS can propagate somewhat like a virus. The XSS payload can autonomously inject itself into pages, and easily re-inject the same host with more XSS, all of which can be done with no hard refresh. Thus, XSS can send multiple requests using complex HTTP methods to propagate itself invisibly to the user. +
                • Information theft - Via redirection and fake sites, attackers can connect users to a malicious server of the attacker's choice and capture any information entered by the user.
                • Denial of Service - Often by utilizing malformed display requests on sites that contain a Cross-Site Scripting vulnerability, attackers can cause a denial of service condition to occur by causing the host site to query itself repeatedly .
                • Browser Redirection - On certain types of sites that use frames, a user can be made to think that he is in fact on the original site when he has been redirected to a malicious one, since the URL in the browser's address bar will remains the same. This is because the entire page isn't being redirected, just the frame in which the JavaScript is being executed is redirected.
                • Manipulation of user settings - Attackers can change user settings for nefarious purposes.
                • Bypass Content-Security-Policy protection - Attackers can inject a malformed tag formation, known as dangling tag injection, which in some cases allows injected script to reuse valid nonce on the page and bypass script source restriction. Additionally dangling tag injection can be used to steal sensitive information embedded in HTML response if browser is able to make a request to the injected link.
                • Base tag injection: Attacker can cause relative links on a page to load from a different domain by modifying the base URL for the page via base tag injection.
                • Link prefetch injection: While unable to execute script, attackers can use link tag with rel=prefetch that will make browsers pre-fetch the specified link even though it is never rendered and rejected subsequently due to web application enforced cross-site policy (e.g. CSP protections).
                • Edge side includes (ESI) Injection - ESI is a markup language used in various HTTP devices, such as reverse proxies and load balancers, that are positioned between client and server. An attacker can inject ESI markup to perform critical attacks such as cross-site scripting and HTTPOnly cookie protection bypass.
                ]]>                Execution + +View the attack string included with the request to check what to search for in the response. For instance, if "(javascript:alert('XSS')"  is submitted as an attack (or another scripting language), it will also appear as part of the response. This indicates that the web application is taking values from the HTTP request parameters and using them in the HTTP response without first removing potentially malicious data. + + +The response can be viewed in “Web Browser” view in the Vulnerability pane to see the injected popup events in action. Events requiring user interaction (e.g. onmouseover or onclick events) can be triggered by performing the corresponding action (e.g. clicking the injected link). + + + +Injection with numeric string in src, or href, attributes indicates that the site is vulnerable to script include or content exfiltration. These can be verified by repeating the request in a browser and intercepting originating network traffic in a web proxy.]]>FixFor Development:

                +Cross-Site Scripting attacks can be avoided by carefully validating all input, and properly encoding all output. When validating user input, + +verify that it matches the strictest definition of valid input possible. For example, if a certain parameter is supposed to be a number, attempt + +to convert it to a numeric data type in your programming language.

                PHP: intval("0".$_GET['q']);

                ASP.NET: + +int.TryParse(Request.QueryString["q"], out val);

                + +The same applies to date and time values, or anything that can be converted to a stricter type before being used. When accepting other types of + +text input, make sure the value matches either a list of acceptable values (white-listing), or a strict regular expression. If at any point the + +value appears invalid, do not accept it. Also, do not attempt to return the value to the user in an error message.

                + +Most server side scripting languages provide built in methods to convert the value of the input variable into correct, non-interpretable HTML. + +These should be used to sanitize all input before it is displayed to the client.

                PHP: string htmlspecialchars (string string + +[, int quote_style])

                ASP.NET: Server.HTMLEncode (strHTML String) + + + +

                + +When reflecting values into JavaScript or another format, make sure to use a type of encoding that is appropriate. Encoding data for HTML is not + +sufficient when it is reflected inside of a script or style sheet. For example, when reflecting data in a JavaScript string, make sure to encode + +all non-alphanumeric characters using hex (\xHH) encoding.

                + +If you have JavaScript on your page that accesses unsafe information (like location.href) and writes it to the page (either with document.write, + +or by modifying a DOM element), make sure you encode data for HTML before writing it to the page. JavaScript does not have a built-in function to + +do this, but many frameworks do. If you are lacking an available function, something like the following will handle most cases:

                + +s = s.replace(/&/g,'&amp;').replace(/"/i,'&quot;').replace(/</i,'&lt;').replace(/>/i,'&gt;').replace(/'/i,'&apos;') + + +

                + +Ensure that you are always using the right approach at the right time. Validating user input should be done as soon as it is received. Encoding + +data for display should be done immediately before displaying it. + +

                + + +For Security Operations:

                + +Server-side encoding, where all dynamic content is first sent through an encoding function where Scripting tags will be replaced with codes in the + +selected character set, can help to prevent Cross-Site Scripting attacks.

                + +Many web application platforms and frameworks have some built-in support for preventing Cross-Site Scripting. Make sure that any built-in + +protection is enabled for your platform. In some cases, a misconfiguration could allow Cross-Site Scripting. In ASP.NET, if a page's + +EnableViewStateMac property is set to False, the ASP.NET view state can be used as a vector for Cross-Site Scripting.

                + +An IDS or IPS can also be used to detect or filter out XSS attacks. Below are a few regular expressions that will help detect Cross-Site + +Scripting.

                Regex for a simple XSS attack:
                +/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix

                + +The above regular expression would be added into a new Snort rule as follows:

                + +alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"NII Cross-Site Scripting attempt"; flow:to_server,established; + +pcre:"/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/i"; classtype:Web-application-attack; sid:9000; rev:5;)

                Paranoid regex for + +XSS attacks:
                +/((\%3C)|<)[^\n]+((\%3E)|>)/I

                + +This signature simply looks for the opening HTML tag, and its hex equivalent, followed by one or more characters other than the new line, and then + +followed by the closing tag or its hex equivalent. This may end up giving a few false positives depending upon how your web application and web + +server are structured, but it is guaranteed to catch anything that even remotely resembles a Cross-Site Scripting attack. + +

                For QA:

                + + +Fixes for Cross-Site Scripting defects will ultimately require code based fixes. Read the the following links for more information + +about manually testing your application for Cross-Site Scripting.]]>                Reference Info
                OWASP Cross-Site Scripting Information
                https://www.owasp.org/index.php/XSS

                CERT
                http://www.cert.org/advisories/CA-2000-02.html

                Apache
                http://httpd.apache.org/info/css-security/apache_specific.html

                SecurityFocus.com
                http://www.securityfocus.com/infocus/1768 ]]>                 + + + + Zero - Search Tips + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                +
                +
                + +
                + + +
                + +
                + +

                Search Results:

                + No results were found for the query: +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/searchhtmlHTTP/1.1searchTerm=%3c%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3e%61%6c%65%72%74%28%31%32%37%36%36%29%3c%2f%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3eCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +searchTerm%3c%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3e%61%6c%65%72%74%28%31%32%37%36%36%29%3c%2f%73%43%72%3c%53%63%52%69%50%74%3e%49%70%54%3e
                Refererhttp://zero.webappsecurity.com/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="C43FDF21DD93C017A5C4DC7962AC7794";PSID="DB032FFFCF5DEA9F74F4C783FBF606D7";SessionType="AuditAttack";CrawlType="None";AttackType="QueryParamManipulation";OriginatingEngineID="1354e211-9d7d-4cc1-80e6-4de3fd128002";AttackSequence="18";AttackParamDesc="searchTerm";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="5105";Engine="Cross+Site+Scripting";SmartMode="4";AttackString="%253c%2573%2543%2572%253c%2553%2563%2552%2569%2550%2574%253e%2549%2570%2554%253e%2561%256c%2565%2572%2574%2528%2531%2532%2537%2536%2536%2529%253c%252f%2573%2543%2572%253c%2553%2563%2552%2569%2550%2574%253e%2549%2570%2554%253e";AttackStringProps="Attack";tht="40";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="379b9465";
                X-Request-Memorid="ad1ba067";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK + + + + Zero - Search Tips + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank + +
                +
                  +
                • + +
                  +
                  • +
                • + +
                  • +
                +
                +
                +
                +
                + + + +
                +
                +
                +
                + +
                + + +
                + +
                + +

                Search Results:

                + No results were found for the query: +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:06:32 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=63
                ConnectionKeep-Alive
                Content-Length7749
                /search.htmlsearchTermtextsearch-query
                http://zero.webappsecurity.com:80/help.html?topic=https%3a%2f%2f7d4d8953-bcd1-4ed7-a73e-56bb90d08401.fortify-oast.net%2ffoohttpzero.webappsecurity.com80topicVulnerabilityCUSTOM117173Server-Side Request ForgeryInput Validation and RepresentationServer-Side Request ForgeryCWE-918: Server-Side Request Forgery (SSRF)Summary that was submitted in the parameter. +
                +Server-Side Request Forgery (SSRF) is when an attacker tricks a server into making a request to an unintended arbitrary location. A vulnerable server fails to properly validate the malicious input and forwards the request to another service. These can be internal systems, external third-party systems, attacker-controlled servers or services on the loopback interface (127.0.0.1) of the vulnerable server. Because there is a trust boundary between the vulnerable server and internal server, the internal server might lack some security controls. SSRF attacks can damage or disrupt the affected systems and might even result in the attacker gaining control over the downstream server.]]>                ImplicationExecution
              • In the session request from the scan results, change the vulnerable parameter by replacing the DNS server name https://.fortify-oast.net to one where you can log DNS requests.
              • Send the modified request using the HTTP Editor from WebInspect Tools, or any another proxy tool, to the vulnerable server.
              • Check the logs on the DNS server. If there are new DNS requests from the target server, it is vulnerable to SSRF.
                • ]]>                Fix
              • Review whether the application needs to trigger an arbitrary out-of-band resource. Implement an allow list of permitted URLs and block requests to URLs that are not in this list.
              • Validate user-supplied input and reject any request that contain potentially malicious data.
              • Restrict access to internal network resources by using firewalls and other network security controls that restrict access to internal network resources from untrusted sources.
              • Implement security technologies such as web application firewalls (WAFs) and intrusion detection and prevention systems (IDPSs) to monitor and reduce risk of SSRF attacks.
                • ]]>                Reference InfoA10 Server-Side Request Forgery (SSRF) OWASP Top 10:2021
                Alexander Polyakov SSRF vs. Business critical applications BlackHat 2012
                SSRF bible. Cheatsheet]]>                 + + + + Zero - Help + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Help Topics

                +
                +
                + +
                +
                +
                  +
                1. + How do I log into my account? +
                  2. +
                2. + How do I transfer funds? +
                  3. +
                3. + How do I pay bills? +
                  4. +
                +
                +
                +
                +
                +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/helphtmlHTTP/1.1topic=https%3a%2f%2f7d4d8953-bcd1-4ed7-a73e-56bb90d08401.fortify-oast.net%2ffooCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +topichttps%3a%2f%2f7d4d8953-bcd1-4ed7-a73e-56bb90d08401.fortify-oast.net%2ffoo
                Refererhttp://zero.webappsecurity.com/help.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="07273856F05F202F53C15FFAD3384FB8";PSID="C40B25C609070F52ADA7D215EC5634E2";SessionType="AuditAttack";CrawlType="None";AttackType="QueryParamManipulation";OriginatingEngineID="a43ccdd5-ccb7-4a98-984b-b3b5be6c7d92";AttackSequence="0";AttackParamDesc="topic";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11717";Engine="Server+Side+Request+Forgery";SmartMode="4";AttackString="https%253a%252f%252f7d4d8953-bcd1-4ed7-a73e-56bb90d08401.fortify-oast.net%252ffoo";AttackStringProps="Attack";tht="11";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="4e6b7ac6";
                X-Request-Memorid="eebfba9d";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Help Topics

                +
                +
                + +
                +
                +
                  +
                1. + How do I log into my account? +
                  2. +
                2. + How do I transfer funds? +
                  3. +
                3. + How do I pay bills? +
                  4. +
                +
                +
                +
                +
                +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:06:47 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=58
                ConnectionKeep-Alive
                Content-Length6021
                http://zero.webappsecurity.com:80/help.html?topic=WEB-INF%2fweb.xmlhttpzero.webappsecurity.com80topicVulnerability10287102713Dangerous File Inclusion: LocalCWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page TargetedInput Validation and RepresentationDangerous File Inclusion: LocalCWE-494: Download of Code Without Integrity CheckSummarySevere vulnerabilities have been identified that would allow an attacker to remotely view the contents of files due to improper validation of input. The specific risks from exploitation depend upon the contents of the file being requested. Recommendations include adopting secure programming techniques to ensure that only expected data is accepted by an application.]]>Implication +An attacker can view the contents of various (possibly arbitrary) files on the system, which could potentially allow the attacker to recover application source code, system configuration information, or private data.]]>ExecutionFixFor Development:

                + +This problem arises from improper validation of characters accepted by the application. Any time a parameter is passed into a dynamically generated web page, it must be assumed that the data could be incorrectly formatted. The application should contain sufficient logic to handle the situation of a parameter not being passed in or being passed incorrectly. Keep in mind how the data is being submitted, as a result of a GET or a POST. Cookies should be treated the same as parameters when developing secure and stable code. The following recommendations will help to ensure you are delivering secure web applications. + +
                • Parameter not being passed: If a parameter is expected to be passed to a dynamic web page and is omitted, the application should provide an acceptable error message to the user. Also, NEVER assume that a parameter is being passed before using it in an application.
                • Parameter of incorrect format: A parameter should never be assumed to be of a valid format. This is especially true if the parameter is being passed to a SQL database. Any string that is passed directly to a database without first being checked for proper format can be a major security risk. Also, just because a parameter is normally provided by a combo box or hidden field, DO NOT assume the format is correct. A hacker will try altering these parameters first if trying to break into your site.
                • Allowing file names to be passed in via a file name: If a parameter is being used to determine which file to process in any way, NEVER allow the file name to be used before it is verified as valid. Specifically, you should test for the existence of characters that indicate directory traversal such as .../, c:\ and /.
                • Storing of critical data in hidden parameters: Many programmers make the mistake of storing critical data in a hidden parameter or cookie. They assume that since the user doesn't see it, it's a good place to store data such as price, order number, etc. Both hidden parameters and cookies can be manipulated and returned to the server, so never assume the client returned what you set via a hidden parameter or cookie.


                For Security Operations:

                +The specific fix for this vulnerability will need to be implemented in the actual script code. However, there are certain measures that can be initiated that will help in implementing a secure database protocol for your web application. Be advised each database has its own method of secure lock down. + +

                • Informational Error Messages: Ensure that error messages do not reveal too much information. Complete or partial paths, variable and file names, row and column names in tables, and specific database errors should never be revealed to the end user. Remember, an attacker will gather as much information as possible, and then add pieces of seemingly innocuous information together to craft a method of attack.
                • Proper Error Handling: Utilize generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be utilized by an attacker when orchestrating an attack.

                For QA:

                + +Ultimately, this problem will need to be rectified in the vulnerable script. If developed in-house, provide the developer with this report. If the script was downloaded from the Internet, or owned by a third party, please contact that vendor regarding the potential vulnerability and its proper mitigation.]]>                Reference InfoInput Validation Issues
                http://www.owasp.org/asac/input_validation/meta.shtml]]>                 + + + + Zero - Help + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Help Topics

                +
                +
                + +
                +
                +
                  +
                1. + How do I log into my account? +
                  2. +
                2. + How do I transfer funds? +
                  3. +
                3. + How do I pay bills? +
                  4. +
                +
                +
                + + + + ZeroSite + + + + + + contextConfigLocation + classpath:spring/spring-master.xml + + + + + + + com.hp.webinspect.zero.web.HSqlDbShutdownEnforcer + + + + + org.springframework.web.context.ContextLoaderListener + + + + + + + spring-dispatcher + org.springframework.web.servlet.DispatcherServlet + + + contextConfigLocation + classpath:spring/spring-web.xml + + 1 + + + + spring-dispatcher + *.html + /api/* + + + + + default + org.apache.catalina.servlets.DefaultServlet + + debug + 0 + + + listings + true + + 1 + + + + default + / + /errors/* + + + + cxf + org.apache.cxf.transport.servlet.CXFServlet + 1 + + + + cxf + /web-services/* + + + + + + readme-txt-emulator + com.hp.webinspect.zero.web.ReadmeTxtEmulator + + + + readme-txt-emulator + /readme.txt + /README.txt + /ReadMe.txt + /Readme.txt + + + + + server-status-emulator + com.hp.webinspect.zero.web.ServerStatusEmulator + + + + server-status-emulator + /server-status + + + + + + + urlRewriteFilter + org.tuckey.web.filters.urlrewrite.UrlRewriteFilter + + + + urlRewriteFilter + /* + REQUEST + FORWARD + + + + + encodingFilter + org.springframework.web.filter.CharacterEncodingFilter + + forceEncoding + true + + + encoding + UTF-8 + + + + + encodingFilter + /* + + + + + fake-common-folders-emulator + com.hp.webinspect.zero.web.FakeCommonFoldersEmulator + + folders + + /backup/, + /cgi-bin/, + /db/, + /error_log/, + + /htbin/, + /include/, + /scripts/, + /stats/, + + /testing/, + /user/ + + + + + + fake-common-folders-emulator + /* + + + + + gzipFilter + org.tuckey.web.filters.urlrewrite.gzip.GzipFilter + + + + gzipFilter + *.css + *.js + + + + + expiresFilter + org.apache.catalina.filters.ExpiresFilter + + ExpiresDefault + access plus 1 month + + + + + expiresFilter + *.css + *.js + *.jpg + *.png + *.gif + *.ico + + + + + no-cache-filer + com.hp.webinspect.zero.web.NoCacheFilter + + + + no-cache-filer + *.html + + + + + springSecurityFilterChain + org.springframework.web.filter.DelegatingFilterProxy + + + + springSecurityFilterChain + *.html + + + + + + 20 + + + + + + + index.html + + + + + + bak + application/octet-stream + + + + dat + application/octet-stream + + + + old + application/octet-stream + + + + + + + + +
                +
                +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/helphtmlHTTP/1.1topic=WEB-INF%2fweb.xmlCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +topicWEB-INF%2fweb.xml
                Refererhttp://zero.webappsecurity.com/help.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="DB4086449E3B3F146071905343AB56EE";PSID="30D83AD431798BFB2FC60F60280D4E62";SessionType="AuditAttack";CrawlType="None";AttackType="QueryParamManipulation";OriginatingEngineID="e33e6007-8935-4d72-b11b-6199480d6c88";AttackSequence="1";AttackParamDesc="topic";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="10287";Engine="LFI+Agent";SmartMode="4";AttackString="WEB-INF%252fweb.xml";AttackStringProps="Attack";tht="11";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="99284e9c";
                X-Request-Memorid="095a4c56";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK + + + + Zero - Help + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Help Topics

                +
                +
                + +
                +
                +
                  +
                1. + How do I log into my account? +
                  2. +
                2. + How do I transfer funds? +
                  3. +
                3. + How do I pay bills? +
                  4. +
                +
                +
                + + + + ZeroSite + + + + + + contextConfigLocation + classpath:spring/spring-master.xml + + + + + + + com.hp.webinspect.zero.web.HSqlDbShutdownEnforcer + + + + + org.springframework.web.context.ContextLoaderListener + + + + + + + spring-dispatcher + org.springframework.web.servlet.DispatcherServlet + + + contextConfigLocation + classpath:spring/spring-web.xml + + 1 + + + + spring-dispatcher + *.html + /api/* + + + + + default + org.apache.catalina.servlets.DefaultServlet + + debug + 0 + + + listings + true + + 1 + + + + default + / + /errors/* + + + + cxf + org.apache.cxf.transport.servlet.CXFServlet + 1 + + + + cxf + /web-services/* + + + + + + readme-txt-emulator + com.hp.webinspect.zero.web.ReadmeTxtEmulator + + + + readme-txt-emulator + /readme.txt + /README.txt + /ReadMe.txt + /Readme.txt + + + + + server-status-emulator + com.hp.webinspect.zero.web.ServerStatusEmulator + + + + server-status-emulator + /server-status + + + + + + + urlRewriteFilter + org.tuckey.web.filters.urlrewrite.UrlRewriteFilter + + + + urlRewriteFilter + /* + REQUEST + FORWARD + + + + + encodingFilter + org.springframework.web.filter.CharacterEncodingFilter + + forceEncoding + true + + + encoding + UTF-8 + + + + + encodingFilter + /* + + + + + fake-common-folders-emulator + com.hp.webinspect.zero.web.FakeCommonFoldersEmulator + + folders + + /backup/, + /cgi-bin/, + /db/, + /error_log/, + + /htbin/, + /include/, + /scripts/, + /stats/, + + /testing/, + /user/ + + + + + + fake-common-folders-emulator + /* + + + + + gzipFilter + org.tuckey.web.filters.urlrewrite.gzip.GzipFilter + + + + gzipFilter + *.css + *.js + + + + + expiresFilter + org.apache.catalina.filters.ExpiresFilter + + ExpiresDefault + access plus 1 month + + + + + expiresFilter + *.css + *.js + *.jpg + *.png + *.gif + *.ico + + + + + no-cache-filer + com.hp.webinspect.zero.web.NoCacheFilter + + + + no-cache-filer + *.html + + + + + springSecurityFilterChain + org.springframework.web.filter.DelegatingFilterProxy + + + + springSecurityFilterChain + *.html + + + + + + 20 + + + + + + + index.html + + + + + + bak + application/octet-stream + + + + dat + application/octet-stream + + + + old + application/octet-stream + + + + + + + + +
                +
                +
                +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:06:59 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=63
                ConnectionKeep-Alive
                Content-Length14989
                http://zero.webappsecurity.com:80/readme.txthttpzero.webappsecurity.com80GET/readmetxtHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/help.html?topic=WEB-INF%2fweb.xml
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Crawl";SID="D8B1B23B5B409E7F9337500747E310CD";PSID="DB4086449E3B3F146071905343AB56EE";SessionType="Crawl";CrawlType="HTML";AttackType="None";OriginatingEngineID="00000000-0000-0000-0000-000000000000";Format="Relative";LinkKind="HyperLink";Locations="PlainText";NodeName="%23text";Source="StaticParser";tht="31";
                X-RequestManager-Memostid="11";stmi="0";sc="1";rid="390f98f8";
                X-Request-Memorid="cee6ae5f";sc="2";thid="24";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:07:00 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Content-Dispositionattachment; filename="readme.txt"
                Content-Typetext/plain;charset=UTF-8
                Content-Length1225
                Keep-Alivetimeout=5, max=100
                ConnectionKeep-Alive
                http://zero.webappsecurity.com:80/docs/httpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/docs/HTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/docs/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="4160FEF088C06EF293B266DC2C09C5BC";PSID="F123B9A3291354F97AC6F79540B0A325";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="44";
                X-RequestManager-Memosc="1";rid="7dd60aab";
                X-Request-Memorid="b7b933ad";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:07:33 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                AllowGET, HEAD, POST, PUT, DELETE, OPTIONS
                Content-Length0
                Keep-Alivetimeout=5, max=95
                ConnectionKeep-Alive
                Content-Typetext/plain
                http://zero.webappsecurity.com:80/docs/index.htmlhttpzero.webappsecurity.com80Vulnerability11281112791HTML5: Overly Permissive CORS PolicyEncapsulationHTML5: Overly Permissive CORS PolicyCWE-942: Overly Permissive Cross-domain WhitelistSummary
                +Cross-Origin Resource Sharing, commonly referred to as CORS, is a technology that allows a domain to define a policy for its resources to be accessed by a web page hosted on a different domain using cross domain XML HTTP Requests (XHR). Historically, the browser restricts cross domain XHR requests to abide by the same origin policy. At its basic form, the same origin policy sets the script execution scope to the resources available on the current domain and prohibits any communication to domains outside this scope. While CORS is supported on all major browsers, it also requires that the domain correctly defines the CORS policy in order to have its resources shared with another domain. These restrictions are managed by access policies typically included in specialized response headers, such as: +
                • Access-Control-Allow-Origin
                • Access-Control-Allow-Headers
                • Access-Control-Allow-Methods
                +A domain includes a list of domains that are allowed to make cross domain requests to shared resources in Access-Control-Allow-Origin header. This header can have either list of domains or a wildcard character (“*”) to allow all access. Having a wildcard is considered overly permissive policy.]]>                ImplicationExecutionFix

                Example 1:
                An example of IIS server configuration for listing domains the application is allowed to communicate with.
                + +    <configuration>
                +        <system.webServer>
                +            <httpProtocol>
                +                <customHeaders>
                +                    <add name="Access-Control-Allow-Origin" value="www.trusted.com" />
                +                </customHeaders>
                +            </httpProtocol>
                +        </system.webServer>
                +    </configuration>

                + +Example 1 shows how to configure CORS headers at the server level; however, the preferred method is to make use of the API of the language used to develop the application and set access permissions at the resource level.
                + +Here are some programmatic samples by language:

                • .NET:
                  +Append Header:
                  +Response.AppendHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +Check for cross domain XHR request:
                  +if((Request.Headers["X-Requested-With"] == "XMLHttpRequest") && Request.Headers[“Origin”] != null))

                • Java:
                  +response.addHeader("Access-Control-Allow-Origin", "www.trusted.com");

                  + +check for cross domain XHR request:
                  +if((request.getHeader("X-Requested-With") == "XMLHttpRequest") && request.getHeader("Origin")!= null))

                • PHP:
                  + + header('Access-Control-Allow-Origin: www.trusted.com');
                  +?>

                  + +Check for cross domain XHR request:
                  +If( isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') && isset($_SERVER[‘Origin’]))

                ]]>                Reference InfoOWASP HTML 5 Security Cheat Sheet
                https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

                Cross-Origin Resource Sharing
                http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
                http://www.w3.org/TR/cors/

                +Same Origin Policy
                http://en.wikipedia.org/wiki/Same_origin_policy

                ]]>                OPTIONS/docs/indexhtmlHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=266ED445 +
                Refererhttp://zero.webappsecurity.com/docs/
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                Access-Control-Request-MethodPOST
                Access-Control-Request-HeadersX-Pingsession
                Originhttp://webinspect.microfocus.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="5CB0210BD5F504EE4765159489E50BBE";PSID="573735B2D53FA55711F88310A54DF608";SessionType="AuditAttack";CrawlType="None";AttackType="Other";OriginatingEngineID="822a8e1c-b895-4666-a9d2-026b0a4716c9";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11281";Engine="Html5+Cross+Origin+Options+Request";SmartMode="4";tht="11";
                X-RequestManager-Memosc="1";rid="9e6e6adc";
                X-Request-Memorid="a7f64d10";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID266ED445                HTTP/1.1200OK
                DateFri, 24 Feb 2023 14:07:35 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                AllowGET, HEAD, POST, PUT, DELETE, OPTIONS
                Content-Length0
                Keep-Alivetimeout=5, max=72
                ConnectionKeep-Alive
                Content-Typetext/html
                http://zero.webappsecurity.com:80/faq.html?question=1%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%37%33%38%34%32%29%3c%2f%73%43%72%49%70%54%3ehttpzero.webappsecurity.com80questionVulnerability510556494Cross-Site Scripting: ReflectedCWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)Input Validation and RepresentationCross-Site Scripting: ReflectedSummary
                A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. In this instance, the web application was vulnerable to an automatic payload, meaning the user simply has to visit a page to make the malicious scripts execute. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. Recommendations include implementing secure programming techniques that ensure proper filtration of user-supplied data, and encoding all user supplied data to prevent inserted scripts being sent to end users in a format that can be executed.]]>                Implication +Cross-Site Scripting(XSS) happens when user input from a web client is immediately included via server-side scripts in a dynamically generated web page. Reflected XSS is specifically considered critical when malicious payload can be embedded in a URL (e.g. in query strings of GET requests). An attacker can trick a victim, via phishing attack, to click on a link with vulnerable input which has been altered to include attack code and then sent to the legitimate server. The injected code is then reflected back to the user's browser which executes it.

                + +The implications of successful Cross-Site Scripting attacks are: + +
                • Account hijacking - An attacker can hijack the user's session before the session cookie expires and take actions with the privileges of the user who accessed the URL, such as issuing database queries and viewing the results.
                • Malicious script execution - Users can unknowingly execute JavaScript, VBScript, ActiveX, HTML, or even Flash content that has been inserted into a dynamically generated page by an attacker. + +
                • Worm propagation - With Ajax applications, XSS can propagate somewhat like a virus. The XSS payload can autonomously inject itself into pages, and easily re-inject the same host with more XSS, all of which can be done with no hard refresh. Thus, XSS can send multiple requests using complex HTTP methods to propagate itself invisibly to the user. +
                • Information theft - Via redirection and fake sites, attackers can connect users to a malicious server of the attacker's choice and capture any information entered by the user.
                • Denial of Service - Often by utilizing malformed display requests on sites that contain a Cross-Site Scripting vulnerability, attackers can cause a denial of service condition to occur by causing the host site to query itself repeatedly .
                • Browser Redirection - On certain types of sites that use frames, a user can be made to think that he is in fact on the original site when he has been redirected to a malicious one, since the URL in the browser's address bar will remains the same. This is because the entire page isn't being redirected, just the frame in which the JavaScript is being executed is redirected.
                • Manipulation of user settings - Attackers can change user settings for nefarious purposes.
                • Bypass Content-Security-Policy protection - Attackers can inject a malformed tag formation, known as dangling tag injection, which in some cases allows injected script to reuse valid nonce on the page and bypass script source restriction. Additionally dangling tag injection can be used to steal sensitive information embedded in HTML response if browser is able to make a request to the injected link.
                • Base tag injection: Attacker can cause relative links on a page to load from a different domain by modifying the base URL for the page via base tag injection.
                • Link prefetch injection: While unable to execute script, attackers can use link tag with rel=prefetch that will make browsers pre-fetch the specified link even though it is never rendered and rejected subsequently due to web application enforced cross-site policy (e.g. CSP protections).
                • Edge side includes (ESI) Injection - ESI is a markup language used in various HTTP devices, such as reverse proxies and load balancers, that are positioned between client and server. An attacker can inject ESI markup to perform critical attacks such as cross-site scripting and HTTPOnly cookie protection bypass.
                ]]>                Execution + +View the attack string included with the request to check what to search for in the response. For instance, if "(javascript:alert('XSS')"  is submitted as an attack (or another scripting language), it will also appear as part of the response. This indicates that the web application is taking values from the HTTP request parameters and using them in the HTTP response without first removing potentially malicious data. + + +The response can be viewed in “Web Browser” view in the Vulnerability pane to see the injected popup events in action. Events requiring user interaction (e.g. onmouseover or onclick events) can be triggered by performing the corresponding action (e.g. clicking the injected link). + + + +Injection with numeric string in src, or href, attributes indicates that the site is vulnerable to script include or content exfiltration. These can be verified by repeating the request in a browser and intercepting originating network traffic in a web proxy.]]>FixFor Development:

                +Cross-Site Scripting attacks can be avoided by carefully validating all input, and properly encoding all output. When validating user input, + +verify that it matches the strictest definition of valid input possible. For example, if a certain parameter is supposed to be a number, attempt + +to convert it to a numeric data type in your programming language.

                PHP: intval("0".$_GET['q']);

                ASP.NET: + +int.TryParse(Request.QueryString["q"], out val);

                + +The same applies to date and time values, or anything that can be converted to a stricter type before being used. When accepting other types of + +text input, make sure the value matches either a list of acceptable values (white-listing), or a strict regular expression. If at any point the + +value appears invalid, do not accept it. Also, do not attempt to return the value to the user in an error message.

                + +Most server side scripting languages provide built in methods to convert the value of the input variable into correct, non-interpretable HTML. + +These should be used to sanitize all input before it is displayed to the client.

                PHP: string htmlspecialchars (string string + +[, int quote_style])

                ASP.NET: Server.HTMLEncode (strHTML String) + + + +

                + +When reflecting values into JavaScript or another format, make sure to use a type of encoding that is appropriate. Encoding data for HTML is not + +sufficient when it is reflected inside of a script or style sheet. For example, when reflecting data in a JavaScript string, make sure to encode + +all non-alphanumeric characters using hex (\xHH) encoding.

                + +If you have JavaScript on your page that accesses unsafe information (like location.href) and writes it to the page (either with document.write, + +or by modifying a DOM element), make sure you encode data for HTML before writing it to the page. JavaScript does not have a built-in function to + +do this, but many frameworks do. If you are lacking an available function, something like the following will handle most cases:

                + +s = s.replace(/&/g,'&amp;').replace(/"/i,'&quot;').replace(/</i,'&lt;').replace(/>/i,'&gt;').replace(/'/i,'&apos;') + + +

                + +Ensure that you are always using the right approach at the right time. Validating user input should be done as soon as it is received. Encoding + +data for display should be done immediately before displaying it. + +

                + + +For Security Operations:

                + +Server-side encoding, where all dynamic content is first sent through an encoding function where Scripting tags will be replaced with codes in the + +selected character set, can help to prevent Cross-Site Scripting attacks.

                + +Many web application platforms and frameworks have some built-in support for preventing Cross-Site Scripting. Make sure that any built-in + +protection is enabled for your platform. In some cases, a misconfiguration could allow Cross-Site Scripting. In ASP.NET, if a page's + +EnableViewStateMac property is set to False, the ASP.NET view state can be used as a vector for Cross-Site Scripting.

                + +An IDS or IPS can also be used to detect or filter out XSS attacks. Below are a few regular expressions that will help detect Cross-Site + +Scripting.

                Regex for a simple XSS attack:
                +/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix

                + +The above regular expression would be added into a new Snort rule as follows:

                + +alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"NII Cross-Site Scripting attempt"; flow:to_server,established; + +pcre:"/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/i"; classtype:Web-application-attack; sid:9000; rev:5;)

                Paranoid regex for + +XSS attacks:
                +/((\%3C)|<)[^\n]+((\%3E)|>)/I

                + +This signature simply looks for the opening HTML tag, and its hex equivalent, followed by one or more characters other than the new line, and then + +followed by the closing tag or its hex equivalent. This may end up giving a few false positives depending upon how your web application and web + +server are structured, but it is guaranteed to catch anything that even remotely resembles a Cross-Site Scripting attack. + +

                For QA:

                + + +Fixes for Cross-Site Scripting defects will ultimately require code based fixes. Read the the following links for more information + +about manually testing your application for Cross-Site Scripting.]]>                Reference Info
                OWASP Cross-Site Scripting Information
                https://www.owasp.org/index.php/XSS

                CERT
                http://www.cert.org/advisories/CA-2000-02.html

                Apache
                http://httpd.apache.org/info/css-security/apache_specific.html

                SecurityFocus.com
                http://www.securityfocus.com/infocus/1768 ]]>                 + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Frequently Asked Questions

                +
                +
                + +
                +
                  +
                1. How can I edit my profile?
                  2. +
                2. How can I review my transaction history?
                  3. +
                + +
                +
                + +
                +
                +
                1
                +
                +
                +

                How can I edit my profile?

                +
                +
                +
                +
                +

                +

                  +
                1. From any page, click your user name which appears at the top right corner of the site.
                  2. +
                2. From the dropdown menu that displays, click My Profile.
                  3. +
                3. Edit your profile.
                  4. +
                +

                +
                +
                + +
                +
                +
                2
                +
                +
                +

                How can I review my transaction history?

                +
                +
                +
                +
                +

                +

                  +
                1. Click Account Activity.
                  2. +
                2. Click the Show Transactions tab to view your most recent transactions.
                  3. +
                3. Click the Find Transactions tab to show transactions by a date range.
                  4. +
                +

                +
                +
                +
                +
                + + + + +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>                GET/faqhtmlHTTP/1.1question=1%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%37%33%38%34%32%29%3c%2f%73%43%72%49%70%54%3eCookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=A9EF43AC +question1%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%37%33%38%34%32%29%3c%2f%73%43%72%49%70%54%3e
                Refererhttp://zero.webappsecurity.com/faq.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="93A129ADBB5E0A4B29DE8F8A51D81E15";PSID="BA7F9A211020B77EBF4F706FEDC87676";SessionType="AuditAttack";CrawlType="None";AttackType="QueryParamManipulation";OriginatingEngineID="1354e211-9d7d-4cc1-80e6-4de3fd128002";AttackSequence="2";AttackParamDesc="question";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="5105";Engine="Cross+Site+Scripting";SmartMode="4";AttackString="1%253c%2573%2543%2572%2549%2570%2554%253e%2561%256c%2565%2572%2574%2528%2537%2533%2538%2534%2532%2529%253c%252f%2573%2543%2572%2549%2570%2554%253e";AttackStringProps="Attack";tht="40";
                X-RequestManager-Memostid="17";stmi="0";sc="1";rid="d749f8ae";
                X-Request-Memorid="fd3865e9";sc="1";thid="28";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONIDA9EF43AC                HTTP/1.1200OK + + + + Zero - FAQ - Frequently Asked Questions + + + + + + + + + + + + + + + +
                +
                +
                +
                + Zero Bank +
                +
                +
                + +
                +
                + +
                +
                +
                +
                +

                Frequently Asked Questions

                +
                +
                + +
                +
                  +
                1. How can I edit my profile?
                  2. +
                2. How can I review my transaction history?
                  3. +
                + +
                +
                + +
                +
                +
                1
                +
                +
                +

                How can I edit my profile?

                +
                +
                +
                +
                +

                +

                  +
                1. From any page, click your user name which appears at the top right corner of the site.
                  2. +
                2. From the dropdown menu that displays, click My Profile.
                  3. +
                3. Edit your profile.
                  4. +
                +

                +
                +
                + +
                +
                +
                2
                +
                +
                +

                How can I review my transaction history?

                +
                +
                +
                +
                +

                +

                  +
                1. Click Account Activity.
                  2. +
                2. Click the Show Transactions tab to view your most recent transactions.
                  3. +
                3. Click the Find Transactions tab to show transactions by a date range.
                  4. +
                +

                +
                +
                +
                +
                + + + + +
                +
                + +
                +
                + +
                +
                +
                +
                +
                +
                  +
                • Download WebInspect
                  • +
                +
                + +
                +
                  +
                • Terms of Use
                  • +
                +
                + +
                +
                  +
                • Contact Micro Focus
                  • +
                • Privacy Statement
                  • + +
                +
                +
                + +
                +
                + The Free Online Bank Web site is published by Micro Focus Fortify for the sole purpose of demonstrating + the functionality and effectiveness of Micro Focus Fortify’s WebInspect products in detecting and reporting + Web application vulnerabilities. This site is not a real banking site and any similarities to third party products + and/or Web sites are purely coincidental. This site is provided "as is" without warranty of any kind, + either express or implied. Micro Focus Fortify does not assume any risk in relation to your use of this Web site. + Use of this Web site indicates that you have read and agree to Micro Focus Fortify’s Terms of Use found at + https://www.microfocus.com/about/legal/#privacy + and Micro Focus Fortify’s Online Privacy Statement found at + https://www.microfocus.com/about/legal/#privacy. + +

                + + Copyright © 2012-2018, Micro Focus Development Company. All rights reserved. +
                +
                +
                +
                +
                + + + + +]]>
                DateFri, 24 Feb 2023 14:08:25 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Cache-Controlno-cache, max-age=0, must-revalidate, no-store
                Content-Typetext/html;charset=UTF-8
                Content-Languageen-US
                Keep-Alivetimeout=5, max=81
                ConnectionKeep-Alive
                Content-Length7794
                http://zero.webappsecurity.com:80/include/common.inchttpzero.webappsecurity.com80Vulnerability10028103652Web Server Misconfiguration: Unprotected FileEnvironmentWeb Server Misconfiguration: Unprotected FileCWE-530: Exposure of Backup File to an Unauthorized Control SphereSummaryImplicationAn attacker could view web application source code. Web application source code often contains database usernames, passwords and connection strings and locations of sensitive files. It also reveals the detailed mechanics and design of the web application's logic, which can be used to develop other attacks.]]>ExecutionOpen a web browser and navigate to ~FullURL~.]]>Fix +For Development:
                Keep include files outside of the web root. Scripts can still be used to access and include them by using either relative or absolute paths. This will prevent potential attackers from having direct access to include files from the web. + +

                For Security Operations:
                Take measures to prevent unauthorized access to important files or directories. + + + +

                For QA:
                From a security perspective, it is important to test the web application not only as a normal user, but also as a malicious one. Make sure that the webroot is free from files that could be used to gather information about the application that could be utilized in conducting more damaging attacks. ]]>                Reference Info                0){AccordionAccessibility._addListAccessibility(acc,triggerLink,links[0],links[links.length-1]);}},addKeyPressHandler:function(acc,triggerLink,index){triggerLink.addEvent("keypress",function(event){if(event.key=='enter'){acc.display(index);} +return true;});},_addListAccessibility:function(acc,triggerLink,firstLink,lastLink){if(firstLink){AccordionAccessibility._addFirstLinkEvents(acc,triggerLink,firstLink);} +if(lastLink){AccordionAccessibility._addLastLinkEvents(acc,triggerLink,lastLink);}},_addFirstLinkEvents:function(acc,triggerLink,firstLink){firstLink.addEvent('keypress',function(event){if(event.key=='tab'&&event.shift){acc.display(-1);triggerLink.focus();}});},_addLastLinkEvents:function(acc,triggerLink,lastLink){lastLink.addEvent('keypress',function(event){if(event.key=='tab'&&!event.shift){acc.display(-1);triggerLink.focus();}});}};var PopupAccessibility=new Class({addSimpleAccessibility:function(){var links=this.targetEl.getElements("a");if(links&&links.length>0){this.addAccessibility(links[0],links[links.length-1]);}},addAccessibility:function(firstLink,lastLink){if(firstLink){this._addFirstLinkEvents(firstLink);} +if(lastLink){this._addLastLinkEvents(lastLink);}},addKeyPressHandler:function(){this._triggerLink().addEvent("keypress",function(event){if(event.key!='enter'||this.inTransition){return true;} +if(this.isOpen){this.hide();}else{this.show();} +return true;}.bind(this));},_addFirstLinkEvents:function(firstLink){this.addEvent('onshow',function(){});firstLink.addEvent('keypress',function(event){if(event.key=='tab'&&event.shift){this.hide();this._triggerLink().focus();}}.bind(this));},_addLastLinkEvents:function(lastLink){lastLink.addEvent('keypress',function(event){if(event.key=='tab'&&!event.shift){this.hide();this._triggerLink().focus();}}.bind(this));},_triggerLink:function(){return this.triggerEl.nodeName=="A"?this.triggerEl:this.triggerEl.getElement("a");}});var FooterPopup=new Class({Extends:CHKCustomPopUp,Implements:[PopupAccessibility],initialize:function(trigger,target){this.parent(trigger,target,{showEvent:'click',hideEvent:'',enableTriggerToggle:true,hideDelay:1000});this.initTarget();$('footer').getElement('.js_cselector_trigger').addEvent('click',function(){target.hide();}.bind(this));this.positionTarget();if(this.targetEl.getElements('.lastitemMenu').length>0){this.targetEl.getElements('.lastitemMenu')[0].addEvent('click',function(event){target.hide();}.bind(this));} +this.addSimpleAccessibility();this.addKeyPressHandler();},initTarget:function(){this.targetEl.addEvents({mouseenter:function(){if(this.isOpen){this.show();}}.bind(this),mouseleave:function(){if(this.isOpen){this.hide();this.triggerEl.blur();}}.bind(this)});},positionTarget:function(){var IE_OFFSET=isIE?150:0;this.triggerEl.addEvent('click',function(){var bodyCoordinates=$('body').getCoordinates();var coordinates=(isIE?this.targetEl.getParent():this.targetEl).getCoordinates();if(rtl&&coordinates.left<(bodyCoordinates.left+IE_OFFSET)||coordinates.right>(bodyCoordinates.right-IE_OFFSET)){this.targetEl.addClass('ftr_edge');}}.bind(this));}});function autoPositionHeaderWidget(target){var pos=0;var padding=(rtl)?target.getParent('#widget_menu').getStyle('padding-left').toInt():target.getParent('#widget_menu').getStyle('padding-right').toInt();var coordinates=$('body').getCoordinates();var parentCoordinates=target.getParent().getCoordinates();var CNN_OFFSET=0;var IE_OFFSET=0;if(target.hasClass('cnn_win')){CNN_OFFSET=5;} +if(isIE7){IE_OFFSET=10;} +else if(isIE6){if(rtl){IE_OFFSET=-1;if(target.hasClass('cmm_win')){IE_OFFSET=-8;}} +else{IE_OFFSET=7;}} +if(rtl){pos=coordinates.left-parentCoordinates.left+padding+IE_OFFSET-CNN_OFFSET;target.setStyle('left',pos+5+'px');if(target.getElement(".hf_carat_up")){var targetPos=target.measure(function(){var myPos=this.getPosition();myPos.width=this.getWidth();return myPos;});var caratPos=targetPos.width-(parentCoordinates.left-targetPos.x)-20;target.getElement(".hf_carat_up").setStyle("right",caratPos+"px");}}else{pos=-coordinates.right+parentCoordinates.right+padding+IE_OFFSET;target.setStyle('right',pos+3+'px');if(target.getElement(".hf_carat_up")){var targetPos=target.measure(function(){return this.getPosition();});var caratPos=parentCoordinates.left-targetPos.x+8;target.getElement(".hf_carat_up").setStyle("left",caratPos+"px");}}} +var CommunityWidget=new Class({Extends:CHKCustomPopUp,Implements:[PopupAccessibility,HeaderFooterPopup],contentLoaded:false,initialize:function(root){this.root=root;var trigger=root.getElement(".js_community_trigger");var target=root.getElement(".js_community_target");autoPositionHeaderWidget(target);this.parent(trigger,target,{showEvent:['mouseenter','click'],hideEvent:'',hideDelay:1000});this.preventFastClosing();trigger.addEvents({mouseleave:this.hideWithDelay.bind(this),mouseenter:this._loadContent.bind(this),click:this._loadContent.bind(this)});this.addEvent('onhide',function(){trigger.removeClass('community_over');});},_loadContent:function(){this.triggerEl.addClass('community_over');if(this.contentLoaded){return;} +this._loadHtml(this.root);},_loadHtml:function(root){var contentEl=root.getElement('.js_community_content');contentEl.addClass('loading');contentEl.setStyle('height','60px');var me=this;function handleFailure(){contentEl.removeClass('loading');var messageEl=contentEl.getFirst('span');messageEl.addClass('error');messageEl.set('html',$('cmm_error_msg').get('html'));} +function handleSuccess(responseTree,responseElements,responseHTML){var startHeight=contentEl.getCoordinates().height;contentEl.setStyle('visibility','hidden');contentEl.set('html',responseHTML);me._createDiscussionsAccordion(contentEl);var endHeight=contentEl.getCoordinates().height;contentEl.setStyle('height',startHeight+'px');contentEl.setStyle('visibility','visible');contentEl.setStyle('overflow','hidden');me._slideDown(contentEl,startHeight,endHeight);contentEl.removeClass('loading');me.contentLoaded=true;} +function handleSuccessJSON(response){var startHeight=contentEl.getCoordinates().height;contentEl.setStyle('visibility','hidden');contentEl.set('html',response.communitydropdown);me._createDiscussionsAccordion(contentEl);var endHeight=contentEl.getCoordinates().height;contentEl.setStyle('height',startHeight+'px');contentEl.setStyle('visibility','visible');contentEl.setStyle('overflow','hidden');me._slideDown(contentEl,startHeight,endHeight);contentEl.removeClass('loading');me.contentLoaded=true;} +if(typeof hfws==='undefined'){var req=new Request.HTML({method:'get',url:(window.community_jsp)?window.community_jsp:'_community-widget-ajax-content.html',onFailure:function(){handleFailure()},onException:function(){handleFailure()},onSuccess:function(responseTree,responseElements,responseHTML){handleSuccess(responseTree,responseElements,responseHTML);}});} +else{var req=new Request.JSONP({url:community_jsp,callbackKey:'jsoncallback',onRequest:function(url){},onFailure:function(){handleFailure()},onException:function(){handleFailure()},onSuccess:function(response){handleSuccessJSON(response);}});} +req.send();},_createDiscussionsAccordion:function(contentEl){var triggers=contentEl.getElements('.js_discussions_trigger');var targets=contentEl.getElements('.js_discussions_target');var acc=new Accordion(triggers,targets,{opacity:(isIE6)?true:false,display:-1,duration:500,alwaysHide:true,onActive:function(toggler,element){toggler.addClass("hf_arr_grn_dwn");toggler.removeClass("hf_arr_wht");toggler.getParent().getParent().removeClass('collapsed');element.addClass('expanded');},onBackground:function(toggler,element){toggler.addClass("hf_arr_wht");toggler.removeClass("hf_arr_grn_dwn");toggler.getParent().getParent().addClass('collapsed');element.removeClass('expanded');}});AccordionAccessibility.addSimpleAccessibility(acc);},_slideDown:function(contentEl,startHeight,endHeight){new Fx.Morph(contentEl,{duration:500,transition:Fx.Transitions.Sine.easeInOut,onComplete:function(){contentEl.setStyle('height',null);contentEl.setStyle('overflow',null);initHFMetrics('.js_community_target .link_metrics');}}).start({height:[startHeight,endHeight],opacity:[0.7,1]});}});var ConnectWidget=new Class({Extends:CHKCustomPopUp,Implements:[PopupAccessibility,HeaderFooterPopup],initialize:function(root){var trigger=root.getElement(".js_connect_trigger");var target=root.getElement(".js_connect_target");autoPositionHeaderWidget(target);this.parent(trigger,target,{showEvent:'mouseenter',hideEvent:'',hideDelay:100});this.preventFastClosing();trigger.addEvents({mouseleave:this.hideWithDelay.bind(this),mouseenter:function(){trigger.addClass('connect_over');}});this.addEvent('onhide',function(){trigger.removeClass('connect_over');});var triggers=$$('.js_acc_trigger');var targets=$$('.js_acc_target');new Accordion(triggers,targets,{display:-1,alwaysHide:true,opacity:false,onActive:function(toggler,element){toggler.getParent().getFirst('span').addClass('cnn_expanded');toggler.getParent().getFirst('span').removeClass('cnn_collapsed');},onBackground:function(toggler,element){toggler.getParent().getFirst('span').addClass('cnn_collapsed');toggler.getParent().getFirst('span').removeClass('cnn_expanded');}});this.addSimpleAccessibility();}});var SubMenuWidget=new Class({Extends:CHKCustomPopUp,Implements:[PopupAccessibility,HeaderFooterPopup,Options],options:{autoDropdown:false,autoDropdownTimer:5000},initialize:function(trigger,target,openSeg,options){this.setOptions(options||{});this.parent(trigger,target,{showEvent:['mouseenter','click'],hideEvent:'',hideDelay:1000,showTriggerClass:'over',hideTriggerClass:''});target.getParent().addEvents({mouseleave:this.hideWithDelay.bind(this),mouseenter:this.openIfClosed.bind(this),"click":function(){this.getChildren("a")[0].blur();}});this.initAccordion(target,openSeg);this.setSegCK(target);if(this.options.autoDropdown){this.showSubmenu();}},hideSubmenu:function(){this.clearTimer();this.hide();},showSubmenu:function(timer){timer=this.options.autoDropdownTimer;this.show();(function(){this.hide()}).bind(this).delay(timer);},initAccordion:function(accordion,openSeg){accordion.getElements('.js_nav_target').setStyle('display','none');this.accordion=new Accordion(accordion,accordion.getElements('.js_nav_toggler'),accordion.getElements('.js_nav_target'),{opacity:false,display:0,duration:500,alwaysHide:true,onActive:function(toggler,element){toggler.removeClass('green_arrow');toggler.removeClass('hf_wht');toggler.addClass('opened');if($chk(toggler.getProperty('tabindex'))){element.getElements('a').setProperty('tabindex',toggler.getProperty('tabindex'));} +element.setStyle('display','block');},onBackground:function(toggler,element){toggler.addClass('green_arrow');toggler.addClass('hf_wht');toggler.removeClass('opened');element.getElements('a').setProperty('tabindex',"-1");(function(){element.setStyle('display','none');}).delay(600);},show:openSeg});},setSegCK:function(accordion){var segment;accordion.getElements('.js_nav_target a').each(function(seg_link){seg_link.addEvent('click',function(){segment=seg_link.getProperty('class').replace(/link_metrics/g,"");segment=segment.replace(" ","").toUpperCase();setSegmentCK(segment);});});}});function setSegmentCK(segment){var hp_cookie_path='/';var hp_cookie_expiration=90;var hp_cookie_domain='.hp.com';Cookie.write('hp_cust_seg_sel',segment,{duration:hp_cookie_expiration,domain:hp_cookie_domain,path:hp_cookie_path});} +function initMainNav(root,autodrop,autodroptimer){var pm=new PopupManager();root.getElements(".sub_menu_wrapper").each(function(el,index){var open_acc=0;var segment=(Cookie.read('hp_cust_seg_sel')!=null)?Cookie.read('hp_cust_seg_sel').toUpperCase():window.defaultSegment||'HHO';var myURI=new URI(window.location.href.toUpperCase());var uri_seg=(myURI.getData("SEG")!=null)?myURI.getData("SEG"):segment;if(el.getElements('.hho').length>0||el.getElements('.smb').length>0){switch(uri_seg){case'HHO':case'SMB':case'LEB':case'GHE':case'GA':segment=uri_seg;break;} +switch(segment){case'HHO':default:open_acc=(getSegmentIndex('HHO',index)!=-1)?getSegmentIndex('HHO',index):0;break;case'SMB':open_acc=(getSegmentIndex('SMB',index)!=-1)?getSegmentIndex('SMB',index):0;break;case'LEB':open_acc=(getSegmentIndex('LEB',index)!=-1)?getSegmentIndex('LEB',index):0;break;case'GHE':open_acc=(getSegmentIndex('GHE',index)!=-1)?getSegmentIndex('GHE',index):0;break;case'GA':open_acc=(getSegmentIndex('GA',index)!=-1)?getSegmentIndex('GA',index):0;break;} +if(autodrop==true){pm.add(new SubMenuWidget(el.parentNode,el,open_acc,{autoDropdown:true,autoDropdownTimer:autodroptimer?autodroptimer:5000}));} +else{pm.add(new SubMenuWidget(el.parentNode,el,open_acc));}}});} +function getSegmentIndex(segment,index){var seg_array=new Array();$$('.sub_menu_wrapper')[index].getElements('.hnl_l3_link').each(function(links,seg_index){var seg_string=links.getElements('a')[0].getProperty('class').replace(/link_metrics/g,"");seg_string=seg_string.replace(" ","").toUpperCase();seg_array.push(seg_string);});var default_seg="SMB";if(seg_array.indexOf(segment)!=-1){return seg_array.indexOf(segment);} +else +return seg_array.indexOf(default_seg);} +var AjaxCountrySelector=new Class({worldmapCreated:false,Implements:Options,options:{worldmapURL:(window.cselector_jsp)?window.cselector_jsp:'worldmap.html'},initialize:function(options){this.setOptions(options||{});$$('.js_cselector .js_cselector_trigger')[0].addEvent('click',function(){if(!this.worldmapCreated){this.preloder=this.createSplashContainer();$$('.js_cselector .js_popup_box')[0].adopt(this.preloder);this.requestCountrySelector();}}.bind(this));},createSplashContainer:function(){return new Element('div').set({'class':'preloader hidden hf_abs'});},initCountrySelector:function(openOnComplete){var backgroundColor='transparent';var tempCSPopup=new CHKCustomPopUp($$('.js_cselector .js_cselector_trigger')[0],$$('.js_cselector .js_cselector_target')[0],{showEvent:['click','keypress(enter)'],hideEvent:null,enableTriggerToggle:true,useFx:true,fxOpenStylePre:{opacity:0,display:'block',visibility:'visible',left:(!rtl?3:0),right:(rtl?1:0)},fxOpenStyle:{opacity:1},fxCloseStyle:{opacity:0},fxCloseStylePost:{opacity:0,display:'none',visibility:'hidden'},fxDuration:300,fxTransition:Fx.Transitions.Sine.easeInOut,showTriggerClass:{'background-color':backgroundColor},hideTriggerClass:{'background-color':''},enableKeypress:false,options:{stopPropagation:false}});$$('a.cselector')[0].addEvent('keyup',function(e){if(e.key=='esc'){tempCSPopup.hide();}});$$('a.cselector')[0].addEvent('keydown',function(e){if(e.shift&&e.key=="tab"){tempCSPopup.hide();}});$$('a.cselectorbtn')[0].addEvent('keydown',function(y){if(y.key=='tab'&&y.shift){} +else if(y.key=='tab'){tempCSPopup.hide();}});$$('.worldmap .link_metrics').each(function(el){el.addEvent('click',function(){trackHFMetrics(el);});});tempCSPopup.addHideElement($$('.js_cselector .cselectorbtn')[0]);var body=$(document.body);if($defined(body)){body.addEvent('click',function(event){if(tempCSPopup.isOpen){event.stopPropagation();event.preventDefault();tempCSPopup.hide();}});} +$$('.js_ftr_popup_trigger').addEvent('click',function(event){if(tempCSPopup.isOpen){event.stopPropagation();event.preventDefault();tempCSPopup.hide();}});if($defined($('header'))) +$('header').addEvent('mouseenter',function(event){if(tempCSPopup.isOpen){event.stopPropagation();event.preventDefault();tempCSPopup.hide();}});if($defined($$('.community')[0])){$$('.community')[0].addEvent('mouseenter',function(event){if(tempCSPopup.isOpen){event.stopPropagation();event.preventDefault();tempCSPopup.hide();}});} +if($defined($$('.connect')[0])){$$('.connect')[0].addEvent('mouseenter',function(event){if(tempCSPopup.isOpen){event.stopPropagation();event.preventDefault();tempCSPopup.hide();}});} +if(openOnComplete){tempCSPopup.show();}else{tempCSPopup.hide();} +hf_core.addFooterPopup(tempCSPopup);this.tempCSPopup=tempCSPopup;var tempTab=new CHKTabControl($$('.js_cselector')[0],{tabClass:'.js_cstab_trigger',tabTarget:'child',tabTargetSelector:'.js_cstab_target',tabSettings:{showEvent:['mouseenter','click'],hideEvent:'mouseleave',showDelay:300,hideDelay:00,useFx:true,fxOpenStyle:{opacity:1},fxCloseStyle:{opacity:1},fxDuration:300,fxTransition:Fx.Transitions.Sine.easeInOut}});$$('div.worldmap div.worldwide ul li a')[0].addEvent('keydown',function(e){if(e.shift) +tempTab.hideAllTabs();});tempTab.hideAllTabs();hf_core.addFooterTabControls(tempTab);},showLoadingSplash:function(){this.preloder.removeClass('hidden');this.preloder.set('tween',{duration:300}).tween('opacity',0,1);},hideLoadingSplash:function(func){var me=this;var onCompleteFunc=function(){if($defined(func)){func();} +me.preloder.addClass('hidden');};this.preloder.set('tween',{onComplete:onCompleteFunc}).tween('opacity',1,0);},requestCountrySelector:function(){var me=this;if(typeof hfws==='undefined'){var req=new Request.HTML({method:'get',url:this.options.worldmapURL,onRequest:function(){me.showLoadingSplash();},onFailure:function(){me.hideLoadingSplash();},onException:function(){me.hideLoadingSplash();},onSuccess:function(responseTree,responseElements,responseHTML){$$('.js_worldmap_wrapper')[0].set('html',responseHTML);me.worldmapCreated=true;var func=function(){me.initCountrySelector(true);};me.hideLoadingSplash(func);}});} +else{var req=new Request.JSONP({url:cselector_jsp,callbackKey:'jsoncallback',onRequest:function(url){me.showLoadingSplash();},onFailure:function(){me.hideLoadingSplash();},onException:function(){me.hideLoadingSplash();},onComplete:function(response){$$('.js_worldmap_wrapper')[0].set('html',response.country_selector);me.worldmapCreated=true;var func=function(){me.initCountrySelector(true);};me.hideLoadingSplash(func);}});} +if($defined($('worldmap_url_info'))&&$('worldmap_url_info').getElements('input').length>0){var form_data="";$('worldmap_url_info').getElements('input').each(function(input,index){form_data+=input.getProperty('name')+'='+escape(input.getProperty('value')) +if(index==0){form_data+='&'}});req.send({method:$('worldmap_url_info').getProperty('method'),data:form_data});} +else +req.send();}});function initAjaxCountrySelector(){return new AjaxCountrySelector();} +function initConnectWidgets(popupManager){$$(".js_connect_widget").each(function(el){popupManager.add(new ConnectWidget(el));});if(rtl===true){if($$('html')[0].getProperty('lang')==='he-il'){$$('.icn_location').getParent().getFirst('a').addClass('cnn_fst_a');}}} +function initCommunityWidgets(popupManager){$$(".js_community_widget").each(function(el){popupManager.add(new CommunityWidget(el));});} +function initFooter(manager){var popupManager=manager||new PopupManager();$('footer').getElements(".js_ftr_popup_trigger").each(function(trigger){var target=$(trigger.getParent().getElement(".js_ftr_popup_target"));if(!target){return;} +popupManager.add(new FooterPopup(trigger,target));});} +function initHFSearchBox(){if($defined($('search_hp'))){var defTxt=$('search_hp').getElement('.defaultTxt').get('html');var queryTxt="";if(window.location.href.indexOf("nores=true")>0){var invalidQt=decodeURIComponent(window.location.href.split("=")[window.location.href.split("=").length-1]);$('search_hp').getElementById('searchBox').setProperty('value',invalidQt);}else{$('search_hp').getElementById('searchBox').setProperty('value',defTxt);} +$('searchBox').addEvent('focus',function(){if($('searchBox').getProperty('value').toUpperCase()!=defTxt.toUpperCase()){queryTxt=$('search_hp').getElementById('searchBox').value;} +if($('searchBox').getProperty('value')!=queryTxt)$('searchBox').setProperty('value',queryTxt);$('searchBox').setStyle("color","#000000");});$('searchBox').addEvent('blur',function(){if($('searchBox').getProperty('value').toUpperCase()!=defTxt.toUpperCase()){queryTxt=$('searchBox').value;} +if(queryTxt.length>0){$('searchBox').setProperty('value',queryTxt);}else{$('searchBox').setProperty('value',defTxt);} +$('searchBox').setStyle("color","#767676");});$('searchHP').addEvent('submit',function(){if($('searchBox').getProperty('value').toUpperCase()==defTxt.toUpperCase()){$('searchBox').value="";}});}else{return;}} +function initIE6Widgets(){if(isIE6&&rtl&&$defined($$('ul.nav_buttons')[0])){var hack_width=0;$$('ul.nav_buttons .nav_button').each(function(el){hack_width+=el.getCoordinates().width;});$$('ul.nav_buttons')[0].getParent().setStyle('width',hack_width+9+'px');} +else{return;}} +function trackHFMetrics(link_metrics){if(!link_metrics.getAttribute('name')){return;} +try{trackMetrics('linkClick',{type:'link',id:link_metrics.getAttribute('name'),url:link_metrics.getAttribute('href')});} +catch(err){}} +function initHFMetrics(metrics_class){$$(metrics_class).each(function(el){el.addEvent('click',function(){trackHFMetrics(el);});});} +function setPrintLogo(){if($$('.hplogo')[0].getElements('img')<=1){var printlogo=new Element('img',{'class':'printable logo png'});$$('.hplogo')[0].adopt(printlogo);var src=$$('.hplogo img.logo')[0].getStyle('background-image');if((navigator.userAgent.toLowerCase().indexOf('chrome')>-1)||(navigator.userAgent.toLowerCase().indexOf('safari')>-1)){src=src.replace(new RegExp("url\\(",'gi'),'');src=src.replace(new RegExp("\\)",'gi'),'');}else{src=src.replace('url("','').replace('")','');} +$$('.hplogo img.logo')[0].setProperty('src',src);}else{return;}} +function loadPrintLogo(){if(isIE){window.onbeforeprint=function(){setPrintLogo();}} +else{$$('.everything')[0].addEvent('mouseleave',function(){setPrintLogo();});window.addEvent('keydown',function(event){if((event.control&&event.key=='p')||(event.control&&event.key=='P')||event.alt){setPrintLogo();}});}} +window.addEvent('domready',function(){hf_core=new CHKCoreEngine_Base();initIE6Widgets();var popupManager=new PopupManager();initCommunityWidgets(popupManager);initConnectWidgets(popupManager);initFooter();initHFMetrics('.link_metrics');if(!$defined($('carousel'))&&!$defined($('promo_area'))){initMainNav($('js_main_nav'),false,0);} +if($defined($$('.js_cselector_trigger')[0])){initAjaxCountrySelector();} +if(!$defined($$('div.seo_birdseed')[0])){addEmptyBirdSeed();} +loadPrintLogo();var cats=[["PRODUCTS_AND_SERVICES","Products & Services"],["SUPPORT_AND_DRIVERS","Support & Drivers"],["LEARN_USE_AND_CREATE","Learn, Use & Create"],["COMMUNITY","Community"],["ABOUT_HP","About HP"],["ALL_RESULTS","All Results"]];var acWidth=getSearchContainerWidth("searchBox");initSearchBoxSliding("searchBox",acWidth,"search_container_active");autocomplete_start(cats,"http://iapproautocm.austin.hp.com/hp-iap-autocomplete/search",{width:acWidth});initHFSearchBox();});function loadScript(url,callback){var script=document.createElement("script");script.type="text/javascript";if(script.readyState){script.onreadystatechange=function(){if(script.readyState=="loaded"||script.readyState=="complete"){script.onreadystatechange=null;callback();}};}else{script.onload=function(){callback();};} +script.src=url;document.getElementsByTagName("head")[0].appendChild(script);} +function addEmptyBirdSeed(){var emptyBirdSeed=new Element('div',{'class':'seo_birdseed'});emptyBirdSeed.inject($('content'),'after');} +var SearchHttpRequest={get:function(url,params,callback){var process=true,sid='sid'+parseInt(Math.random()*1000000),cb='cb=SearchHttpRequest.callback.'+sid,script=document.createElement('script');script.type='text/javascript';if(params){var sep='';url+="?";for(var name in params){url+=sep+name+'='+params[name];sep='&';}} +if(url.indexOf('?')==-1)script.src=url+'?'+cb;else if(url.match(/\?[\w\d]+/))script.src=url+'&'+cb;else script.src=url+cb;SearchHttpRequest.callback[sid]=function(response){process=false;callback(response);};script.onerror=script.onload=script.onreadystatechange=function(e){if(!this.loaded&&(!this.readyState||this.readyState=='loaded'||this.readyState=='complete')){this.loaded=1;this.onerror=this.onload=this.onreadystatechange=null;if(process){callback(false);}else{} +this.parentNode.removeChild(this);delete script;delete SearchHttpRequest.callback[sid];}};if(document.getElementsByTagName('head').length){document.getElementsByTagName('head')[0].appendChild(script);}else{document.appendChild(script);}},callback:{}};AC=function(input,options){this.input=input;this.active=-1;this.ackeydown=function(e){lastKeyPressCode=e.key;switch(lastKeyPressCode){case'backspace':var str=e.target.id;var patt=/i/;if(str.match(patt)){$(options.searchBox).focus();} +this.updateList();break;case'up':e.preventDefault();this.moveSelect(-1);break;case'down':e.preventDefault();this.moveSelect(1);break;case'tab':case'enter':if(this.selectCurrent(true)){$input.value=prev;$input.blur();hasFocus=false;e.preventDefault();} +break;case'esc':{if(e.target.id===options.searchBox){$input.value=prev;$input.blur();} +else{this.selectItem(e.target.parentNode,false);} +hasFocus=false;this.hideResultsNow();e.preventDefault();} +break;default:this.updateList();break;}};this.updateList=function(){this.active=-1;if(timeout)clearTimeout(timeout);timeout=setTimeout(function(){this.onChange();}.bind(this),options.delay);};this.onChange=function(){if('delete'==lastKeyPressCode||'shift'==lastKeyPressCode) +return $results.hide();var v=$input.value;if(v==prev)return;prev=v;if(v.length>=options.minChars){if(options.loadingClass) +$input.addClass(options.loadingClass);this.requestData(v);}else{if(options.loadingClass) +$input.removeClass(options.loadingClass);$results.hide();}};this.moveSelect=function(step){var lis=$$('.'+options.resultsClass+' li');if(!lis||lis.length==0)return;var lastActive=this.active;this.active+=step;if(this.active==-1&&lastActive!=0){this.active=lis.length;$input.value=prev;$input.focus();}else if(this.active==-1&&lastActive==0){this.active=-1;$input.value=prev;$input.focus();}else if(this.active==-2&&lastActive==-1){this.active=lis.length-1;$input.value=lis[this.active].selectValue;lis[this.active].firstChild.focus();} +else if(this.active==lis.length){this.active=-1;$input.value=prev;$input.focus();} +else{$input.value=lis[this.active].selectValue;lis[this.active].firstChild.focus();}};this.selectCurrent=function(fSubmit){var li=$$('ul li.ac_over')[0];if(!li){var $li=$$('ul li');if(options.selectOnly){if($li.length==1)li=$li[0];}else if(options.selectFirst){li=$li[0];}} +if(li){this.selectItem(li,fSubmit);return true;}else{return false;}};this.selectItem=function(li,fSubmit){if(!li){li=document.createElement("li");li.extra=[];li.selectValue="";} +var v=(li.selectValue?li.selectValue:li.get("text")).trim();input.lastSelected=v;prev=v;$results.innerHTML="";$input.value=v;$input.focus();this.hideResultsNow();var searchForm=$('searchHP');searchForm.fireEvent('submitSearchForm',{initiator:"autocomplete",target:this.input});searchForm.getElement(".searchSubmit").click();try{if(typeof console!="undefined"){console.log("searchFeature",{"search_attr":"AUTOCOMPLETE||yes"});} +trackMetrics("searchFeature",{"search_attr":"AUTOCOMPLETE||yes"});}catch(error){}};this.createSelection=function(start,end){var field=$input;if(field.createTextRange){var selRange=field.createTextRange();selRange.collapse(true);selRange.moveStart("character",start);selRange.moveEnd("character",end);selRange.select();}else if(field.setSelectionRange){field.setSelectionRange(start,end);}else{if(field.selectionStart){field.selectionStart=start;field.selectionEnd=end;}} +field.focus();};this.autoFill=function(sValue){if(lastKeyPressCode!='backspace'){$input.value=($input.value+sValue.substring(prev.length));this.createSelection(prev.length,sValue.length);}};this.showResults=function(){var pos=this.findPos(input);$results.setStyle('width',(options.width||parseInt(input.offsetWidth.toInt()-2))+"px");$results.setStyle("top",(pos.y+input.offsetHeight)+"px");var parentBorderWidth=input.getParent().getStyle("border-width").toInt();if(window.isIE8){pos.x=pos.x-parentBorderWidth;} +if(window.rtl){$results.setStyle("right",($results.getParent().clientWidth-(pos.x+input.offsetWidth.toInt())-parentBorderWidth*2)+"px");}else{$results.setStyle("left",(pos.x)+"px");} +$results.show();};this.hideResults=function(){if(timeout)clearTimeout(timeout);timeout=setTimeout(this.hideResultsNow,200);};this.hideResultsNow=function(){if(timeout)clearTimeout(timeout);if(options.loadingClass) +$input.removeClass(options.loadingClass);if(document.activeElement!=$input&&document.activeElement!=$submitBtn){$input.fireEvent('inactive');} +$results.hide();if(options.mustMatch){var v=$input.value;if(v!=input.lastSelected){this.selectItem(null,false);}}};this.receiveData=function(q,data){if(data){if(options.loadingClass) +$input.removeClass(options.loadingClass);results.innerHTML="";if(!hasFocus||data.length==0)return this.hideResultsNow();results.appendChild(this.dataToDom(data));if(options.autoFill&&($input.value.toLowerCase()==q.toLowerCase()))this.autoFill(data[0][0]);this.showResults();}else{this.hideResultsNow();}};this.dataToDom=function(data){var ul=document.createElement("ul");var num=data.length;if((options.maxItemsToShow>0)&&(options.maxItemsToShow1){extra=[];for(var j=1;j0)){function blockListCreater(json){if(!json) +return;var term=json.data.QueryTerm;var data=[];for(var i=0;i<10;i++){if(json.data.SuggestionItems[i]) +data[data.length]=[json.data.SuggestionItems[i].Suggestion];} +if(data){this.addToCache(q,data);if(data.length!=0&&data.length=options.minChars;i--){var qs=q.substr(0,i);var c=cache.data[qs];if(c){var csub=[];for(var j=0;joptions.cacheLength){this.flushCache();cache.length++;}else if(!cache[q]){cache.length++;} +cache.data[q]=data;};this.findPos=function(obj){var curleft=obj.offsetLeft||0;var curtop=obj.offsetTop||0;while(obj=obj.offsetParent){curleft+=obj.offsetLeft;curtop+=obj.offsetTop;} +return{x:curleft,y:curtop};} +this.formatItem=function(row,i,num,inputvalue,categories){for(var c=0;c'+inw+categories[c][1]+'';row[1]=categories[c][0];row[2]=woInFirstPart.trim();row[3]=firstPart+categories[c][1];break;}} +var title=row[0];if(!$defined(row[3])){row[3]=row[0];} +var index=title.toLowerCase().indexOf(inputvalue.toLowerCase());var len=inputvalue.length;var html=""+title.substr(0,index)+''+title.substr(index,len)+''+title.substr(index+len)+'';return{selectValue:row[3],innerHTML:html};};var me=this;var actype;var okflag=false;var err='';var $input=$(input).setProperty("autocomplete","off");var $submitBtn=$input.getNext("input[type=submit]");if(options.inputClass)$input.addClass(options.inputClass);var results=document.createElement("div");var $results=$(results);$results.hide().addClass(options.resultsClass).addClass(options.resultsStyleClass).setStyle('position','absolute');$results.setStyle('width',$input.getStyle('width'));$(document.body).grab(results);input.autocompleter=me;var timeout=null;var prev="";var cache={};var keyb=false;var hasFocus=false;var lastKeyPressCode=null;var fMatchCache=false;var ourIsFocused=false;var timeoutDropdown;this.flushCache();if(options.data!=null){var sFirstChar="",stMatchSets={},row=[];if(typeof options.url!="string")options.cacheLength=1;for(var i=0;i0){sFirstChar=row[0].substring(0,1).toLowerCase();if(!stMatchSets[sFirstChar])stMatchSets[sFirstChar]=[];stMatchSets[sFirstChar].push(row);}} +for(var k in stMatchSets){options.cacheLength++;this.addToCache(k,stMatchSets[k]);}} +$input.addEvent('keydown',function(e){this.ackeydown.call(this,e);}.bind(this));$input.addEvent('keydown',function(event){if(event.key=='enter') +this.hideResultsNow();}.bind(this));$input.addEvent('focus',function(){hasFocus=true;ourIsFocused=true;this.fireEvent('active');});$input.addEvent('blur',function(e){ourIsFocused=false;if(timeoutDropdown)clearTimeout(timeoutDropdown);timeoutDropdown=setTimeout(function(){if(!ourIsFocused){hasFocus=false;this.hideResults();} +if(!$results.isDisplayed()&&document.activeElement!=$input&&document.activeElement!=$submitBtn){$input.fireEvent('inactive');}}.bind(this),150);}.bind(this));if($submitBtn){$submitBtn.addEvents({'blur':function(e){setTimeout(function(){if(!$results.isDisplayed()&&document.activeElement!=$input){$input.fireEvent('inactive');}},1);}.bind(this)});} +if(options.focusOnMouseEnter){$input.addEvent('mouseenter',function(e){$(input).focus();e.preventDefault();});} +this.hideResultsNow();};function autocomplete_start(cats,fastendpoint,opt){var langInput=$$('input[name="lang"]');var options={matchSubset:0,matchSubsetIfLessThen:10,matchContains:1,cacheLength:1,minChars:2,delay:100,categories:cats,url:fastendpoint,data:null,searchBox:opt.searchBox||"searchBox",inputClass:opt.inputClass||"ac_input",resultsClass:opt.resultsClass||"js_ac_results",resultsStyleClass:opt.resultsStyleClass||"ac_results",lineSeparator:opt.lineSeparator||"\n",cellSeparator:opt.cellSeparator||"|",matchCase:opt.matchCase||0,mustMatch:opt.mustMatch||0,extraParams:opt.extraParams||{},selectFirst:opt.selectFirst||false,selectOnly:opt.selectOnly||false,focusOnMouseEnter:opt.focusOnMouseEnter||false,maxItemsToShow:opt.maxItemsToShow||-1,autoFill:opt.autoFill||false,width:opt.width||0,language:opt.language||langInput.length?langInput[0].value:''||'en'};return new AC($(options.searchBox),options);} +function getSearchContainerWidth(searchBox){var searchBox=$(searchBox);if(searchBox){var widgetMenu=searchBox.getParent('#widget_menu');var widgetMenuWidth=0;widgetMenu.getElements("div.col").each(function(el){widgetMenuWidth+=el.getWidth();});widgetMenu.setStyle("width",widgetMenuWidth+'px');var searchContainer=searchBox.getParent();var searchContainerWidth=widgetMenuWidth-searchContainer.getStyle("border-left").toInt()*2;return searchContainerWidth;} +return 0;} +function initSearchBoxSliding(searchBox,searchContainerWidth,parentActiveClass){var searchBox=$(searchBox);var submitBtn=searchBox.getNext("input[type=submit]");if(searchBox){var searchContainer=searchBox.getParent();var searchBoxWidth=searchContainerWidth-submitBtn.getWidth()-(rtl?searchBox.getStyle("padding-right").toInt():searchBox.getStyle("padding-left").toInt());var shoppingCardCount=$$('.item_count');searchBox.addEvents({active:function(){searchContainer.addClass(parentActiveClass);searchContainer.removeClass("search_container");searchContainer.setStyle("width",searchContainerWidth+'px');searchBox.setStyle("width",searchBoxWidth+'px');if(shoppingCardCount)shoppingCardCount.hide();},inactive:function(){searchContainer.removeClass(parentActiveClass);searchContainer.addClass("search_container");searchContainer.setStyle("width","");searchBox.setStyle("width","");if(shoppingCardCount)shoppingCardCount.show();}});}} +var product_timer=null;function alignIE6BannersRTL(){if(rtl){$$('.link_list').each(function(el){el.getParent().addClass('ie6_align');});}} +function promo_click(){$$('.content.basic a').addEvent('click',function(){trackMetrics('promoClick',{type:'link',id:this.getAttribute('name'),url:this.getAttribute('href')});});$$('.segment_one_banner a').addEvent('click',function(){trackMetrics('promoClick',{type:'link',id:this.getAttribute('name'),url:this.getAttribute('href')});});$$('.segment_one_banner area').addEvent('click',function(){trackMetrics('promoClick',{type:'link',id:this.getAttribute('name'),url:this.getAttribute('href')});});} +function basic_store(cont_parent){if(cont_parent.getElement('.content')!=null){var input=cont_parent.getElement('.content').getElements('input');if(input.length==2){cont_parent=input[0].getParent();cont_parent.getElements('input')[0].dispose();if(cont_parent.getElements('.image').length==2) +cont_parent.getElements('.image')[0].dispose();if(cont_parent.getElements('.default_content').length==2) +cont_parent.getElements('.default_content')[0].dispose();else +cont_parent.getElements('.default_content')[0].inject(cont_parent.getElements('.image')[0],'after');if(cont_parent.getElements('.over_content').length==2){if(cont_parent.getElements('.over_content .shop_title').length==1) +cont_parent.getElements('.over_content .shop_title')[0].inject(cont_parent.getElements('.over_content')[1].getElements('.link_list')[0],'before');if(cont_parent.getElements('.over_content .cta').length==1){var name=cont_parent.getElements('.over_content .cta a')[0].getProperty('name');var pattern="_";var seg_str=name.split(pattern);if(seg_str[6]!=""){name=name.replace(seg_str[6],seg_str[6]+"_shopnow");} +else if(seg_str[5]!=""){name=name.replace(seg_str[5],seg_str[5]+"__shopnow");name=name.replace("shopnow__","shopnow_");} +else{name=name.replace(seg_str[4],seg_str[4]+"___shopnow");name=name.replace("shopnow___","shopnow_");} +if(isIE6||isIE7||isIE8){var elementToReplace=cont_parent.getElements('.over_content .cta a')[0];var elementHref=elementToReplace.getProperty('href');var elementTabindex=elementToReplace.getProperty('tabindex');var elementClass=elementToReplace.getProperty('class');var newElement=new Element("a",{name:name,html:elementToReplace.get("html")});newElement.setProperty('href',elementHref);newElement.setProperty('class',elementClass);newElement.setProperty('tabindex',elementTabindex);newElement.replaces(elementToReplace);} +else{cont_parent.getElements('.over_content .cta a')[0].setProperty('name',name);} +cont_parent.getElements('.over_content .cta')[0].inject(cont_parent.getElements('.over_content')[1].getElements('.link_list')[0],'after');$$('.over_content .link_list a').each(function(element){var lname=element.getProperty('name')+"";var pattern="_";var seg_str=lname.split(pattern);if(seg_str[6]!=""){lname=lname.replace(seg_str[6],seg_str[6]+"_shopnow");} +else if(seg_str[5]!=""){lname=lname.replace(seg_str[5],seg_str[5]+"__shopnow");lname=lname.replace("shopnow__","shopnow_");} +else{lname=lname.replace(seg_str[4],seg_str[4]+"___shopnow");lname=lname.replace("shopnow___","shopnow_");} +if(isIE6||isIE7||isIE8){var elementHref=element.getProperty('href');var elementClass=element.getProperty('class');var elementTabindex=element.getProperty('tabindex');var newElement=new Element("a",{name:lname,html:element.get("html")});newElement.setProperty('href',elementHref);newElement.setProperty('class',elementClass);newElement.setProperty('tabindex',elementTabindex);newElement.replaces(element);} +else{element.setProperty('name',lname);}});} +else if(cont_parent.getElements('.over_content .cta').length>1){var name=cont_parent.getElements('.over_content .cta a')[1].getProperty('name');var pattern="_";var seg_str=name.split(pattern);if(seg_str[6]!=""){name=name.replace(seg_str[6],seg_str[6]+"_shopnow");} +else if(seg_str[5]!=""){name=name.replace(seg_str[5],seg_str[5]+"__shopnow");name=name.replace("shopnow__","shopnow_");} +else{name=name.replace(seg_str[4],seg_str[4]+"___shopnow");name=name.replace("shopnow___","shopnow_");} +if(isIE6||isIE7||isIE8){var elementToReplace=cont_parent.getElements('.over_content .cta a')[1];var elementHref=elementToReplace.getProperty('href');var elementTabindex=elementToReplace.getProperty('tabindex');var elementClass=elementToReplace.getProperty('class');var newElement=new Element("a",{name:name,html:elementToReplace.get("html")});newElement.setProperty('href',elementHref);newElement.setProperty('class',elementClass);newElement.setProperty('tabindex',elementTabindex);newElement.replaces(elementToReplace);} +else{cont_parent.getElements('.over_content .cta a')[1].setProperty('name',name);} +$$('.over_content .link_list a').each(function(element){var lname=element.getProperty('name')+"";var pattern="_";var seg_str=lname.split(pattern);if(seg_str[6]!=""){lname=lname.replace(seg_str[6],seg_str[6]+"_shopnow");} +else if(seg_str[5]!=""){lname=lname.replace(seg_str[5],seg_str[5]+"__shopnow");lname=lname.replace("shopnow__","shopnow_");} +else{lname=lname.replace(seg_str[4],seg_str[4]+"___shopnow");lname=lname.replace("shopnow___","shopnow_");} +if(isIE6||isIE7||isIE8){var elementHref=element.getProperty('href');var elementClass=element.getProperty('class');var elementTabindex=element.getProperty('tabindex');var newElement=new Element("a",{name:lname,html:element.get("html")});newElement.setProperty('href',elementHref);newElement.setProperty('class',elementClass);newElement.setProperty('tabindex',elementTabindex);newElement.replaces(element);} +else{element.setProperty('name',lname);}});} +if(cont_parent.getElements('.over_content .segment').length==1) +cont_parent.getElements('.segment')[0].inject(cont_parent.getElements('.over_content')[1]);cont_parent.getElements('.over_content')[0].dispose();} +cont_parent.getElements('.over_content').setStyles({'position':'absolute','top':'26px'});if(cont_parent.getElements('.over_content .cta')[0]) +cont_parent.getElements('.over_content .cta')[0].setStyle('display','none');(0);}}} +function parseMetricsContent(){$$('.group').each(function(group,gindex){if(group.getElements('.content').length>0){switch(gindex){case 0:assignMultiBannerMetricsIndexes(group,0);break;case 1:assignMultiBannerMetricsIndexes(group,3);break;case 2:assignMultiBannerMetricsIndexes(group,6);break;}} +else if(group.getElements('.segment_one_banner').length>0){switch(gindex){case 0:if(group.getElements('.segment_one_banner .shop_url').length>0){assignSingleBannerMetricsIndexes(group,1);} +else{assignSingleBannerMetricsIndexes(group,"123");} +break;case 1:if(group.getElements('.segment_one_banner .shop_url').length>0){assignSingleBannerMetricsIndexes(group,4);} +else{assignSingleBannerMetricsIndexes(group,"456");} +break;case 2:if(group.getElements('.segment_one_banner .shop_url').length>0){assignSingleBannerMetricsIndexes(group,7);} +else{assignSingleBannerMetricsIndexes(group,"789");} +break;}}});} +function assignSingleBannerMetricsIndexes(banner_group,position){banner_group.getElements('.segment_one_banner .over_content .link_list a').each(function(link_list){var re=new RegExp("_l\\d+");var m=re.exec(link_list.getAttribute('name'));if(m!=null){link_list.setAttribute('name',link_list.getAttribute('name').replace(m,'_l'+position));}});banner_group.getElements('.segment_one_banner .cta .button a').each(function(cta){var re=new RegExp("_l\\d+");var m=re.exec(cta.getAttribute('name'));if(m!=null){cta.setAttribute('name',cta.getAttribute('name').replace(m,'_l'+position));}});banner_group.getElements('.segment_one_banner .tagline_cta a').each(function(tagline){var re=new RegExp("_l\\d+");var m=re.exec(tagline.getAttribute('name'));if(m!=null){if(banner_group.getElements('.segment_one_banner .shop_url').length>0){tagline.setAttribute('name',tagline.getAttribute('name').replace(m,'_l'+(position+1)+''+(position+2)));} +else{tagline.setAttribute('name',tagline.getAttribute('name').replace(m,'_l'+position));}}});banner_group.getElements('.segment_one_banner .image_url').each(function(img_url){var re=new RegExp("_l\\d+");var m=re.exec(img_url.getAttribute('name'));if(m!=null){if(banner_group.getElements('.segment_one_banner .shop_url').length>0) +{img_url.setAttribute('name',img_url.getAttribute('name').replace(m,'_l'+(position+1)+''+(position+2)));} +else{img_url.setAttribute('name',img_url.getAttribute('name').replace(m,'_l'+position));}}});banner_group.getElements('.segment_one_banner .shop_url').each(function(img_url){var re=new RegExp("_l\\d+");var m=re.exec(img_url.getAttribute('name'));if(m!=null){img_url.setAttribute('name',img_url.getAttribute('name').replace(m,'_l'+position));}});banner_group.getElements('.segment_one_banner area').each(function(area,index){var re=new RegExp("_l\\d+");var m=re.exec(area.getAttribute('name'));if(m!=null){if(index==0){area.setAttribute('name',area.getAttribute('name').replace(m,'_l'+position));} +else{area.setAttribute('name',area.getAttribute('name').replace(m,'_l'+(position+1)+''+(position+2)));}}});} +function assignMultiBannerMetricsIndexes(banner_group,pointer){banner_group.getElements('.content').each(function(banner,index){banner.getElements('.over_content').each(function(o_content){o_content.getElements('.link_list a').each(function(link_list){var re=new RegExp("_l\\d+");var m=re.exec(link_list.getAttribute('name'));if(m!=null){link_list.setAttribute('name',link_list.getAttribute('name').replace(m,'_l'+(pointer+index+1)));}});o_content.getElements('.cta .button a').each(function(cta){var re=new RegExp("_l\\d+");var m=re.exec(cta.getAttribute('name'));if(m!=null){cta.setAttribute('name',cta.getAttribute('name').replace(m,'_l'+(pointer+index+1)));}});});});} +function addHomeCarousel(){initHomeCarousel(rtl,'promo_area','.banner');var els=$$('#promo_area .banner .content');els.each(function(el){el.addEvent('click',function(event){if(event.target&&event.target.nodeName.toLowerCase()=='a')return;var element=el.getElement('.over_content .cta a');new Event(event).stop();if(document.createEventObject){element.click();}else{var event=element.ownerDocument.createEvent('MouseEvents');event.initMouseEvent('click',true,true,element.ownerDocument.defaultView,1,0,0,0,0,false,false,false,false,0,null);element.dispatchEvent(event);} +location.href=element.href;});});(function(){if($$('.banner')[rtl?2:0].getElements('.banner .segment_one_banner').length<=0){var group=rtl?2:0;$$('.banner')[group].getElements('.content .image img').each(function(image){var title=image.get('title');if(title){image.set('src',title);image.removeProperties('title');image.setProperty('alt','');}});}}).delay(100);var eventHandler;eventHandler=function(){var group=1;var groupLimit=1;if($('promo_area').getElements('.banner .segment_one_banner').length>0){var takeoverBanners=$$('#promo_area .banner .segment_one_banner');takeoverBanners.each(function(takeover){takeover.addEvent('mouseenter',function(event){if(!$defined(takeover.getElement('.image_url'))&&!$defined(takeover.getElement('.over_content .cta a'))){takeover.getElement('.to_container').removeClass('hand');}});var element;if($defined(takeover.getElement('.image area'))&&$defined(takeover.getElement('.image_url'))){takeover.getElement('.over_content').addEvent('mouseenter',function(){element=takeover.getElement('.image area');});takeover.getElement('.over_content').addEvent('mouseleave',function(){element=takeover.getElement('.image_url');});takeover.getElements('.image area')[1].addEvent('mouseenter',function(){element=takeover.getElement('.image_url');});} +takeover.addEvent('click',function(event){var target=event.target?event.target:event.srcElement;if(target.nodeType==3){target=target.parentNode;} +if(target&&target.nodeName.toLowerCase()=='a'){return;} +else if(target&&target.nodeName.toLowerCase()=="area"){return;} +else if(target&&target.nodeName.toLowerCase()=='span'){try{if(target.getParent('div.button')){return;}} +catch(e){return;}} +if($defined(takeover.getElement('.image area'))&&$defined(takeover.getElement('.image_url'))){} +else if($defined(takeover.getElement('.image_url'))&&!$defined(takeover.getElement('.image area'))){element=takeover.getElement('.image_url');} +else if($defined(takeover.getElement('.over_content .cta a'))){element=takeover.getElement('.over_content .cta a');} +else{element=takeover.getElement('.js_banner_sobanner_tabindex');} +new Event(event).stop();if(document.createEventObject){element.click();}else{var event=element.ownerDocument.createEvent('MouseEvents');event.initMouseEvent('click',true,true,element.ownerDocument.defaultView,1,0,0,0,0,false,false,false,false,0,null);element.dispatchEvent(event);} +location.href=element.href;});});group=(rtl)?2:0;groupLimit=2;} +for(var i=0;i<=groupLimit;i++){$$('.banner')[group].getElements('.content .image img').each(function(image){var title=image.get('title');if(title){image.set('src',title);image.removeProperties('title');image.setProperty('alt','');}});$$('.banner')[group].getElements('.segment_one_banner .image img').each(function(image){var title=image.get('title');if(title){image.set('src',title);image.removeProperties('title');image.setProperty('alt','');}});if(rtl){group--;}else{group++;}} +this.removeEvent('mouseover',eventHandler);this.removeEvent('focus',eventHandler);};$('everything').addEvents({'mouseover':eventHandler});try{$$('.js_banner_tabindex')[0].addEvents({'focus':eventHandler});}catch(e){} +var carouselGroup=$$('.carousel_group');if(rtl){carouselGroup=carouselGroup.reverse();} +carouselGroup[0].getElements('.carousel_box')[0].setProperty('title',$(segmentOrder[0].toLowerCase()+'_msg').getProperty('title'));carouselGroup[1].getElements('.carousel_box')[0].setProperty('title',$(segmentOrder[1].toLowerCase()+'_msg').getProperty('title'));carouselGroup[2].getElements('.carousel_box')[0].setProperty('title',$(segmentOrder[2].toLowerCase()+'_msg').getProperty('title'));} +var NewsRoomTicker={rss:newsroom_rss,pause:5000,chg_speed:0,news_items:[],curr_item:0,chg_timer:null,moofx:null,mouseover:false,ticker_div:null,ticker_content_div:null,ticker_size_test_div:null,init:function(rss_url){this.ticker_div=$('newsroom_ticker');if(this.ticker_div==null)return false;this.ticker_content_div=$('newsroom_ticker_content');if(this.ticker_content_div==null){this.hide();return false;} +this.rss=rss_url;var _this=this;var req=new Request({method:'get',url:_this.rss,onFailure:function(err){_this.hide();},onException:function(err){_this.hide();},onComplete:function(response,responseXML){_this.loadFeed(responseXML);}}).send();},init_oldpressroom_feeds:function(){this.ticker_div=$('newsroom_ticker');if(this.ticker_div==null)return false;this.ticker_content_div=$('newsroom_ticker_content');if(this.ticker_content_div==null){this.hide();return false;} +if(typeof(window["sFeed_news"])!="undefined"){if(window.DOMParser){xmlDoc=(new DOMParser()).parseFromString(sFeed_news,"text/xml");} +else if(window.ActiveXObject){try{xmlDoc=new ActiveXObject("Msxml2.DOMDocument");xmlDoc.loadXML(sFeed_news);}catch(e){try{xmlDoc=new ActiveXObject("Microsoft.XMLDOM");xmlDoc.loadXML(sFeed_news);}catch(E){xmlDoc=null;}}} +if(xmlDoc) +tickerItems=xmlDoc.getElementsByTagName("item");else return;for(var i=0;i";tmp_html+=this.news_items[0].title+"";$('newsroom_ticker_content').innerHTML=tmp_html;if(this.news_items.legth==1)return;this.moofx=new Fx.Morph(this.ticker_content_div,{duration:500});this.chg_timer=setTimeout('NewsRoomTicker.changeItem()',this.pause);return true;},changeItem:function(){if(!this.mouseover){this.curr_item++;if(this.curr_item==this.news_items.length)this.curr_item=0;var _this=this;if(isIE6||isIE7){var tmp_html="";tmp_html+=_this.news_items[_this.curr_item].title+"";$('newsroom_ticker_content').innerHTML=tmp_html;}else{this.moofx.start({}).chain(function(){this.start.delay(_this.chg_speed,this,{'opacity':0});}).chain(function(){var tmp_html="";tmp_html+=_this.news_items[_this.curr_item].title+"";$('newsroom_ticker_content').innerHTML=tmp_html;this.start.delay(0001,this,{'opacity':1});});}} +this.chg_timer=setTimeout('NewsRoomTicker.changeItem()',this.pause);},hide:function(){this.ticker_div=$('newsroom_ticker');if(this.ticker_div!=null){}},show:function(){this.ticker_div=$('newsroom_ticker');if(this.ticker_div!=null){this.ticker_div.setStyles({display:'block'});}},fix_item_size:function(test_text){var NEWS_OFFSET=0;if(navigator.userAgent.toLowerCase().indexOf('firefox')>-1){NEWS_OFFSET=-70;} +else if(isIE9){NEWS_OFFSET=20;} +if(($('newsroom_ticker')!=null)&&($('newsroom_ticker_left')!=null)&&($('newsroom_ticker_right')!=null)&&($('newsroom_ticker_header')!=null)){var max_size=($('newsroom_ticker').clientWidth)-(($('newsroom_ticker_header').getElements('a')[0].clientWidth))-327-NEWS_OFFSET;this.ticker_size_test_div=$('newsroom_ticker_size_test');if(this.ticker_size_test_div!=null){this.ticker_size_test_div.innerHTML=test_text;if(this.ticker_size_test_div.clientWidth>max_size){test_text=test_text.substring(0,test_text.length-1)+"...";this.ticker_size_test_div.innerHTML=test_text;if(this.ticker_size_test_div.clientWidth>max_size){var i=test_text.length;while(i>0){test_text=test_text.substring(0,test_text.length-4)+"...";this.ticker_size_test_div.innerHTML=test_text;if(this.ticker_size_test_div.clientWidth<=max_size){break;};i--;}}}}} +else{test_text=test_text.substr(0,76)} +return test_text;}};var hp_cookie_path='/';var hp_cookie_expiration=90;var hp_cookie_domain='.hp.com';var hmpg_segments=new Array();var customerSegment;var hmpg_expacc=new Array();var default_expacc=0;var homeReady=false;$('carousel').addClass('hidden');var _Ck_=new _CK_(hp_cookie_expiration,hp_cookie_path,hp_cookie_domain);function setCk(_name,_value,_duration,_path,_domain){_Ck_.set(_name,_value,_duration,hp_cookie_path,hp_cookie_domain);} +function getCk(_name){_Ck_.get(_name);} +function _CK_(_duration,_path,_domain){this.domain=_domain;this.duration=_duration;this.path=_path;this.exist=function(_n){var sM=document.cookie.match(new RegExp("("+_n+"=[^;]*)(;|$)"));return sM?unescape(sM[1]):null;} +this.get=function(_n){var sR=document.cookie.match(_n+'=(.*?)(;|$)');return sR?unescape(sR[1]):null;} +this.set=function(_name,_value,_duration,_path,_domain,_secure){var duration=(_duration)?_duration:this.duration;var path=(_path)?_path:this.path;var domain=(_domain)?_domain:this.domain;if(duration){var date=new Date();date.setTime(date.getTime()+(duration*24*60*60*1000));var dExpires=date.toGMTString();} +document.cookie=_name+"="+escape(_value)+";expires="+dExpires+((domain)?"; domain="+domain:"")+((path)?"; path="+path:"")};this.del=function(_name,_domain){var domain=(_domain)?_domain:this.domain;var date=new Date();date.setFullYear(date.getYear()-1);document.cookie=_name+"=; expires="+date.toGMTString()+((domain)?"; domain="+domain:"")+((this.path)?"; path="+this.path:"/");}} +function cValidDate(cdate){var camp_date=cdate.split('-');var myDate=new Date();myDate.setFullYear(parseInt(camp_date[0]),parseInt(camp_date[1]-1),parseInt(camp_date[2]));var today=new Date();var diff=myDate-today;diff=Math.round(diff/(1000*60*60*24));if(diff>60)diff=60;if(myDate>today)return diff;else return 0;} +function getCampCk(){var cmpName=_Ck_.get('hp_campaign');if(cmpName)return cmpName;else return 0;} +function geturlparam(name){name=name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");var regex=new RegExp("[\\?&]"+name+"=([^&#]*)");var results=regex.exec(window.location.href);return results?results[1]:"";} +function reverseBannerOrder(groups){for(var i=0;i<=2;i++){if($defined(groups[i].getElements('.first')[0])){var tempHTML=groups[i].getElements('.first')[0].get('html');groups[i].getElements('.first')[0].set('html',groups[i].getElements('.last')[0].get('html'));groups[i].getElements('.last')[0].set('html',tempHTML);}}} +function copyContent(groups){var hope_msg=false;if($defined($('hope_msg'))){hope_msg=true;} +switch(window.customerSegment.toUpperCase()){case"HHO":basic_store($('hho_msg'));groups[0].set('html',$$('#hho_msg').get('html'));groups[1].set('html',$$('#smb_msg').get('html'));groups[2].set('html',$$('#leb_msg').get('html'));segmentOrder=['HHO','SMB','LEB'];if($('hho_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;case"SMB":basic_store($('smb_msg'));groups[0].set('html',$$('#smb_msg').get('html'));groups[1].set('html',$$('#hho_msg').get('html'));groups[2].set('html',$$('#leb_msg').get('html'));segmentOrder=['SMB','HHO','LEB'];if($('smb_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;case"LEB":basic_store($('leb_msg'));groups[0].set('html',$$('#leb_msg').get('html'));groups[1].set('html',$$('#hho_msg').get('html'));groups[2].set('html',$$('#smb_msg').get('html'));segmentOrder=['LEB','HHO','SMB'];if($('leb_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;case"GA":basic_store($('ga_msg'));groups[0].set('html',$$('#ga_msg').get('html'));groups[1].set('html',$$('#hho_msg').get('html'));groups[2].set('html',$$('#smb_msg').get('html'));segmentOrder=['GA','HHO','SMB'];if($('ga_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;case"GHE":basic_store($('ghe_msg'));groups[0].set('html',$$('#ghe_msg').get('html'));groups[1].set('html',$$('#hho_msg').get('html'));groups[2].set('html',$$('#smb_msg').get('html'));segmentOrder=['GHE','HHO','SMB'];if($('ghe_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;default:basic_store($('hho_msg'));groups[0].set('html',$$('#hho_msg').get('html'));groups[1].set('html',$$('#smb_msg').get('html'));groups[2].set('html',$$('#leb_msg').get('html'));segmentOrder=['HHO','SMB','LEB'];if($('hho_msg').getElements('.segment_one_banner').length>0&&!hope_msg){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');} +break;}} +window.addEvent('domready',function(){if(typeof(window["sFeed_news"])!="undefined"){NewsRoomTicker.init_oldpressroom_feeds();}else if(typeof(window["newsroom_rss"])!="undefined"){NewsRoomTicker.init(window.newsroom_rss);}else{NewsRoomTicker.hide();} +var hp_cust_seg_sel=Cookie.read("hp_cust_seg_sel");var myURI=new URI(window.location.href.toUpperCase());var uri_seg=(myURI.getData("SEG")!=null)?myURI.getData("SEG"):hp_cust_seg_sel;switch(uri_seg){case'HHO':case'SMB':case'LEB':case'GHE':case'GA':hp_cust_seg_sel=uri_seg;break;} +if(hp_cust_seg_sel==null){customerSegment=($defined(window.defaultSegment))?window.defaultSegment:"HHO";}else{if(hp_cust_seg_sel==undefined){customerSegment=($defined(window.defaultSegment))?window.defaultSegment:"HHO";}else{customerSegment=hp_cust_seg_sel;}} +homeReady=true;segmentOrder=[];var groups=$$('.group');var hope_msg=document.getElementById('hope_msg');if(rtl){groups=groups.reverse();} +if($defined(window.customerSegment)){copyContent(groups);}else{basic_store($('hho_msg'));groups[0].set('html',$$('#hho_msg').get('html'));groups[1].set('html',$$('#smb_msg').get('html'));groups[2].set('html',$$('#leb_msg').get('html'));segmentOrder=['HHO','SMB','LEB'];if($('hho_msg').getElements('.segment_one_banner').length>0&&hope_msg==null){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');}} +if(hope_msg!=null){basic_store($('hope_msg'));groups[2].set('html',groups[1].get('html'));groups[1].set('html',groups[0].get('html'));groups[0].set('html',$$('#hope_msg').get('html'));segmentOrder=['HOPE',segmentOrder[0],segmentOrder[1]];if($('hope_msg').getElements('.segment_one_banner').length>0){groups[0].getElements('.content').destroy();groups[0].getElements('.segment_one_banner').getElement('img').setProperty('src',groups[0].getElements('.segment_one_banner').getElement('img').getProperty('title'));groups[0].getElements('.segment_one_banner').getElement('img').removeProperty('title');}} +if(rtl){reverseBannerOrder(groups);} +setBannerTitle();createSOBMaps();parseMetricsContent();if(isIE6&&rtl){alignIE6BannersRTL();} +addHomeCarousel();promo_click();});function trackLoadMetrics(msg1,msg2,msg3,index){try{var pattern=/_l\d+_/;if(!rtl){trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+(index*3+1)+"_"),msg2.replace(pattern,"_l"+(index*3+2)+"_"),msg3.replace(pattern,"_l"+(index*3+3)+"_")]});}else{trackMetrics("promoClosedImpression",{messages:[msg3.replace(pattern,"_l"+(index*3+3)+"_"),msg2.replace(pattern,"_l"+(index*3+2)+"_"),msg1.replace(pattern,"_l"+(index*3+1)+"_")]});}}catch(err){}} +function trackLoadMetricsSOB(msg1,index){try{var pattern=/_l\d+_/;switch(index){case 0:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"123"+"_")]});break;case 1:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"456"+"_")]});break;case 2:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"789"+"_")]});break;}}catch(err){}} +function trackMapLoadMetricsSOB(msg1,msg2,index){try{var pattern=/_l\d+_/;switch(index){case 0:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"1"+"_"),msg2.replace(pattern,"_l"+"23"+"_")]});break;case 1:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"4"+"_"),msg2.replace(pattern,"_l"+"56"+"_")]});break;case 2:trackMetrics("promoClosedImpression",{messages:[msg1.replace(pattern,"_l"+"7"+"_"),msg2.replace(pattern,"_l"+"89"+"_")]});break;}}catch(err){}} +function newJSElement(tagName,attributes){var element=document.createElement(tagName);if(attributes){var attr="";for(var k in attributes){if(attributes.hasOwnProperty(k)) +if(k=="html") +element.innerHTML=attributes[k];else if(k=="class") +element.className=attributes[k];else +element.setAttribute(k,attributes[k]);}} +return element;} +function createSOBMaps(){if($$('.segment_one_banner').length>0&&$$('.shop_url').length>0){$$('.segment_one_banner').each(function(banner,index){if(banner.getElements('.shop_url').length>0){banner.getElements('.image img').set('usemap','#map_id'+index);var map=newJSElement('map',{'id':'map_id'+index,'name':'map_id'+index});banner.getElements('.image')[0].adopt(map);var area1=new Element('area');var area2=new Element('area');if(!rtl){area1.setProperties({'shape':'rect','coords':'0,0,275,394','alt':banner.getElements('.shop_url')[0].getProperty('title'),'href':banner.getElements('.shop_url')[0].getProperty('href'),'name':banner.getElements('.shop_url')[0].getProperty('name')});area2.setProperties({'shape':'rect','coords':'276,0,964,394','alt':banner.getElements('.image_url')[0].getProperty('title'),'href':banner.getElements('.image_url')[0].getProperty('href'),'name':banner.getElements('.image_url')[0].getProperty('name')});} +else{area1.setProperties({'shape':'rect','coords':'689,0,964,394','alt':banner.getElements('.shop_url')[0].getProperty('title'),'href':banner.getElements('.shop_url')[0].getProperty('href'),'name':banner.getElements('.shop_url')[0].getProperty('name')});area2.setProperties({'shape':'rect','coords':'0,0,688,394','alt':banner.getElements('.image_url')[0].getProperty('title'),'href':banner.getElements('.image_url')[0].getProperty('href'),'name':banner.getElements('.image_url')[0].getProperty('name')});} +$('map_id'+index).adopt(area1);$('map_id'+index).adopt(area2);}});} +else +return;} +window.addEvent('domready',function(){var segment=getSegmentCK();if((navigator.appVersion.indexOf("MSIE")>0)){(function(){var elements=$$('#'+segment+' .content');try{if($$('#'+segment+' .segment_one_banner').length>0){elements=$$('#'+segment+' .segment_one_banner');if(elements[0].getElements('.image_url').length>0){if(elements[0].getElements('.shop_url').length>0){trackMapLoadMetricsSOB(elements[0].getElement('.shop_url').getAttribute('name'),elements[0].getElement('.image_url').getAttribute('name'),rtl?2:0);} +else{trackLoadMetricsSOB(elements[0].getElement('.image_url').getAttribute('name'),rtl?2:0);}} +else{trackLoadMetricsSOB(elements[0].getElement('.over_content .cta .button a').getAttribute('name'),rtl?2:0);}} +else{trackLoadMetrics(elements[rtl?2:0].getElement('.over_content .cta .button a').getAttribute('name'),elements[1].getElement('.over_content .cta .button a').getAttribute('name'),elements[rtl?0:2].getElement('.over_content .cta .button a').getAttribute('name'),rtl?2:0);}} +catch(e){}}).delay(1);}});function getSegmentCK(){var mapping={"HHO":'hho_msg',"SMB":'smb_msg',"LEB":'leb_msg',"GA":'ga_msg',"GHE":'ghe_msg'};var hp_cust_seg_sel=Cookie.read("hp_cust_seg_sel");var myURI=new URI(window.location.href.toUpperCase());var uri_seg=(myURI.getData("SEG")!=null)?myURI.getData("SEG"):hp_cust_seg_sel;switch(uri_seg){case'HHO':case'SMB':case'LEB':case'GHE':case'GA':hp_cust_seg_sel=uri_seg;break;} +if($defined($('hope_msg'))){return'hope_msg';} +else{return mapping[(hp_cust_seg_sel||"HHO").toUpperCase()]||'hho_msg';}} +window.addEvent('load',function(){var segment=getSegmentCK();if($(segment).getElement('.first')!=null){var input=$(segment).getElement('.first').getElements('input');if(input.length==1&&input[0].value.toUpperCase()!="store".toUpperCase()&&$(segment).getElements('.segment_one_banner').length<=0){initMainNav($('js_main_nav'),true,5000);}else{initMainNav($('js_main_nav'),false,0);}} +else{initMainNav($('js_main_nav'),false,0);} +if(!(navigator.appVersion.indexOf("MSIE")>0)){var elements=$$('#'+segment+' .content');if($$('#'+segment+' .content')[0]!=null){trackLoadMetrics(elements[rtl?2:0].getElement('.over_content .cta .button a').getAttribute('name'),elements[1].getElement('.over_content .cta .button a').getAttribute('name'),elements[rtl?0:2].getElement('.over_content .cta .button a').getAttribute('name'),rtl?2:0);} +else if($$('#'+segment+' .segment_one_banner').length>0){elements=$$('#'+segment+' .segment_one_banner');if(elements[0].getElements('.image_url').length>0){if(elements[0].getElements('.shop_url').length>0){trackMapLoadMetricsSOB(elements[0].getElement('.shop_url').getAttribute('name'),elements[0].getElement('.image_url').getAttribute('name'),rtl?2:0);} +else{trackLoadMetricsSOB(elements[0].getElement('.image_url').getAttribute('name'),rtl?2:0);}} +else{trackLoadMetricsSOB(elements[0].getElement('.over_content .cta .button a').getAttribute('name'),rtl?2:0);}}}});function filter(array,func){var filtered=[],rest=[];for(var i=array.length-1;i>=0;i--){if(func(array[i],i,array)){filtered.push(array[i])}else{rest.push(array[i])}} +return{filtered:filtered,rest:rest};} +var BannerTabIndexHelper={controlLinksClass:"js_banner_tabindex",initialize:function(options){this.setOptions(options);},cleanUpTabIndexes:function(links){this.filterControlLinks(links).rest.each(this.hideTabIndexes);},hideTabIndexes:function(a){a.set("tabindex",-1);},condition:function(el){return $(el).hasClass(this.controlLinksClass)},filterControlLinks:function(links){return filter(links,this.condition.bind(this))}};var ImageMenu=new Class({openedItem:null,initialized:false,defaultOptions:{OnOpen:$lambda(false),OnClose:$lambda(false),openWidth:600,width:(isIE7||isIE6)?964:948,transition:Fx.Transitions.Quad.easeOut,duration:400,open:null,closeOnMouseOut:true,useDarking:false,filterOpacity:0.2,shadowWidth:0},initialize:function(targetEls,options){if(!targetEls){return;} +if(isIE9){try{targetEls.getLast().getElement('.image img').setStyles({position:'relative',top:'1px'});} +catch(e){}} +this.setOptions(this.defaultOptions,options);this.elements=targetEls;this.itemCount=this.elements.length;this.widths=this.calculateWidths();this.fx=this.createFxElement();var z_order=1000;this.elements.each(function(el,i){el.width=this.widths.closed;el.setStyle('z-index',z_order--);if(i!=0){el.setStyle('margin-left',-this.options.shadowWidth);} +el.addEvents({mouseover:function(e){this.itemMouseOver(el,i,e)}.bind(this),mouseleave:function(e){this.itemMouseLeave(el,i,e)}.bind(this)});this.updateMapArea(el);}.bind(this));this.open(this.options.open);this.initAccessibility();},createFxElement:function(){var fx=new Fx.Elements(this.elements,{wait:false,duration:this.options.duration,transition:this.options.transition});fx.addEvents({complete:function(){if($type(this.openedItem)=='number'){this.showOverContent(this.openedItem);}else{this.showDefaultContent();}}.bind(this),start:function(){if(this.options.useDarking){this.elements.each(this.itemCreateDarkingElement.bind(this));} +this.hideContent();}.bind(this)});return fx;},calculateWidths:function(){var widthType=$type(this.options.openWidth);if(widthType=='string'){var width=parseInt(this.options.openWidth,10);if(isNaN(width)){this.options.openWidth=this.defaultOptions.openWidth;}else{this.options.openWidth=(this.options.openWidth.indexOf('%')!=-1)?(this.options.width*width/100):width;}} +var halfShadow=Math.round(this.options.shadowWidth/2);var itemWidth=Math.round(this.options.width/this.itemCount);var lastOpenSelected=this.options.openWidth;return{closed:itemWidth+this.options.shadowWidth,firstLastClosed:itemWidth+halfShadow,openSelected:this.options.openWidth,lastOpenSelected:lastOpenSelected,openOthers:Math.floor((this.options.width-(lastOpenSelected))/(this.itemCount-1))+this.options.shadowWidth};},itemCreateDarkingElement:function(el,index){var opacity=this.options.filterOpacity;var isShow=this.openedItem==null||this.openedItem==index;if(isIE&&!isIE9){var element=el.getElement('polyline');if(element){element=element.getNext();} +if(!element){element=el.getElement('.image img');element.style.filter=isShow?'':'progid:DXImageTransform.Microsoft.Alpha(opacity='+opacity*100+')';}else{element.style.visibility=isShow?'hidden':'visible';}}else{element=el.getElement('g');if(element){element=element.getLast();} +if(!element){element=el.getElement('.image img').getParent();element.style.opacity=isShow?'':opacity;}else{element.style.visibility=isShow?'hidden':'visible';}}},itemMouseOver:function(item,index,e){if(this.timerId){window.clearTimeout(this.timerId);} +this.timerId=undefined;new Event(e).stop();if(this.openedItem!=index){this.reset(index);if(this.options.OnOpen){this.options.OnOpen(item,index);}}},itemMouseLeave:function(item,index,e){new Event(e).stop();if(this.options.closeOnMouseOut){this.timerId=window.setTimeout(function(){this.reset();this.showDefaultContent();if(this.options.OnClose){this.options.OnClose(item,index);}}.bind(this),100);}},open:function(open){if(open!=null){if($type(open)=='number'){this.reset(open);}else{this.elements.each(function(el,i){if(el.id==open){this.reset(i);}},this);}}else{this.reset();}},initAccessibility:function(){var imageMenu=this;this.elements.each(function(item,index){var controlLink=item.getElement(".js_banner_tabindex");controlLink.addEvent("focus",function(event){imageMenu.itemFocus(item,index,this.get("tabindex")+1);event.stop();return false;});controlLink.addEvent("customblur",function(event){imageMenu.reset();return false;});if(index==0){controlLink.addEvent('keypress',function(event){if(event.key=='tab'&&event.shift){imageMenu.reset();}});}});},itemFocus:function(item,index,subLinksTabIndex){this.reset(index);this.elements.each(function(item){BannerTabIndexHelper.cleanUpTabIndexes(item.getElementsByTagName("a"))});var links=BannerTabIndexHelper.filterControlLinks(item.getElementsByTagName("a")).rest;links.each(function(link){link.set("tabindex",subLinksTabIndex);if(isIE){link.innerHTML+="";}});},updateMapArea:function(el){var map=el.getElement('area');if(map){map.addEvents({mouseover:function(e){var nextEl=map.getParent(".content").getNext();nextEl.fireEvent("mouseover",e);},click:function(e){new Event(e).stop();var nextEl=map.getParent(".content").getNext();nextEl.fireEvent("click",e);}});} +return this;},hideContent:function(){this.hideOverContent();this.hideDefaultContent();},showOverContent:function(num){if($type(num)=='number'){var el=this.elements[num];el.getElement('.over_content').removeClass('hidden');if(el.getElements('input')[0].value=='store'){if(el.getElements('.over_content .cta')[0]) +el.getElements('.over_content .cta')[0].setStyle('display','inline-block');if(el.getElements('.over_content .links_2')[0]) +el.getElements('.over_content .links_2')[0].show();}}},hideOverContent:function(){this.elements.getElements('.over_content').each(function(el,index){if(el.getParent().getElements('input')[0].getProperty('value')=='store'){if(el.getElements('.cta')[0]) +el.getElements('.cta')[0].setStyle('display','none');if(el.getElements('.links_2')[0]) +el.getElements('.links_2')[0].hide();} +el.addClass('hidden');});},hideDefaultContent:function(){this.elements.getElements('.default_content').each(function(el,index){el.addClass('hidden');});this.elements.getElements('.over_content').each(function(el,index){if(el.getParent().getElements('input')[0].getProperty('value')=='store'){el.addClass('hidden');}});},showDefaultContent:function(){this.elements.getElements('.default_content').each(function(el,index){el.removeClass('hidden');});this.elements.getElements('.over_content').each(function(el,index){if(el.getParent().getElements('input')[0].getProperty('value')=='store'){el.removeClass('hidden');el.getParent().getElements('.default_content')[0].addClass('hidden');}});},reset:function(num){this.fx.cancel();var width;var isNumber=$type(num)=='number';if(isNumber){this.openedItem=num;width=this.widths.openOthers;}else{width=this.widths.closed;this.openedItem=null;} +var obj={};this.elements.each(function(el,i){var w=width;if(isNumber){}else{if(i==0||i==this.itemCount-1){w=this.widths.firstLastClosed;}} +obj[i]={'width':w};}.bind(this));if(isNumber){if(num==this.itemCount-1){obj[num]={'width':this.widths.lastOpenSelected};}else{obj[num]={'width':this.widths.openSelected};}} +if(isNumber||(!isNumber&&this.options.closeOnMouseOut)||!this.initialized){this.fx.start(obj);this.initialized=true;}}});ImageMenu.implement(new Options);ImageMenu.implement(new Events);Fx.Carousel=new Class({Extends:Fx,options:{mode:'horizontal',childSelector:'',loopOnScrollEnd:true,showAtStart:0},initialize:function(el,options){this.element=document.id(el);this.parent(options);var parentPos=this.element.getStyle('position');if(parentPos!='absolute'||parentPos!='relative'){el.setStyle('position','relative');} +if(this.options.childSelector){this.elements=el.getElements(this.options.childSelector);}else{this.elements=el.getChildren();} +this.isHorizontal=this.options.mode=='horizontal';this.currentIndex=this.options.showAtStart;var offset=0;if(this.currentIndex<0){this.currentIndex=this.elements.length+this.currentIndex;} +if(this.currentIndex>0){for(var i=0;i0){trackLoadMetrics(groups[this.currentIndex].getElements('.content')[0].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[1].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[2].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);} +else if(groups[this.currentIndex].getElements('.segment_one_banner').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.image_url').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.shop_url').length>0){trackMapLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.shop_url').getAttribute('name'),groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);}} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);}} +return this;},toPrevious:function(){if(this.timer)return this;this.start.call(this,this.getPreviousIndex());this.fireEvent('previous');var groups=$$('.group');if(groups[this.currentIndex].getElements('.content').length>0){trackLoadMetrics(groups[this.currentIndex].getElements('.content')[0].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[1].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[2].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);} +else if(groups[this.currentIndex].getElements('.segment_one_banner').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.image_url').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.shop_url').length>0){trackMapLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.shop_url').getAttribute('name'),groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);}} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);}} +return this;},toIndex:function(index){if(this.timer)return this;if(index<0){index=0;}else if(index>=this.elements.length){index=this.elements.length-1;} +if(index==this.currentIndex)return this;this.start.call(this,index);this.fireEvent('index');var groups=$$('.group');if(groups[this.currentIndex].getElements('.content').length>0){trackLoadMetrics(groups[this.currentIndex].getElements('.content')[0].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[1].getElement('.over_content .cta .button a').getAttribute('name'),groups[this.currentIndex].getElements('.content')[2].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);} +else if(groups[this.currentIndex].getElements('.segment_one_banner').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.image_url').length>0){if(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElements('.shop_url').length>0){trackMapLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.shop_url').getAttribute('name'),groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.image_url').getAttribute('name'),this.currentIndex);}} +else{trackLoadMetricsSOB(groups[this.currentIndex].getElements('.segment_one_banner')[0].getElement('.over_content .cta .button a').getAttribute('name'),this.currentIndex);}}},getNextIndex:function(){if(this.currentIndex0){return--this.currentIndex;}else if(this.options.loopOnScrollEnd){this.fireEvent('loop');this.fireEvent('previousLoop');return this.elements.length-1;}else{return this.currentIndex;}},getCurrentIndex:function(){return this.currentIndex;},getItemsCount:function(){return this.elements.length;}});HomeCarousel=new Class({Implements:Options,options:{loopOnScrollEnd:false,tabindex:101},initialize:function(targetEl,leftEl,rightEl,scrollerEl,options){if(!targetEl){return;} +this.setOptions(options);var carousel,scrollerEls;var updateScrollers=function(){scrollerEls.each(function(el,index){if(carousel.getCurrentIndex()==index){el.addClass('enabled');}else{el.removeClass('enabled');}});};var carouselOptions={mode:'horizontal',onStart:updateScrollers};carousel=new Fx.Carousel(targetEl,$extend(carouselOptions,this.options));scrollerEls=this.createScrollers(scrollerEl,leftEl,rightEl,carousel);updateScrollers();this.updateTabIndexes.call(carousel);carousel.addEvents({index:this.updateTabIndexes,next:this.updateTabIndexes,previous:this.updateTabIndexes})},createScrollers:function(scrollerEl,leftEl,rightEl,carousel){var scrollerEls=this.cloneScrollerElements(scrollerEl,carousel.getItemsCount());if(leftEl){this.addEventsToArrow(carousel,leftEl,carousel.toPrevious.bind(carousel),"left_arrow_hover");} +if(rightEl){this.addEventsToArrow(carousel,rightEl,carousel.toNext.bind(carousel),"right_arrow_hover");} +if(scrollerEls){scrollerEls.each(function(el,index){var toIndex=function(e){if(index!=carousel.getCurrentIndex()){if($$('.group')[carousel.getCurrentIndex()].getElements('.segment_one_banner').length<=0){$$('.group')[carousel.getCurrentIndex()].getElements((rtl?'.last':'.first')+' .js_banner_tabindex')[0].fireEvent('customblur');}} +carousel.toIndex(index);if(e.key=="enter"){if(rtl){if($defined($$('.group')[index].getElements('.last .js_banner_tabindex')[0])){$$('.group')[index].getElements('.last .js_banner_tabindex')[0].focus();} +else{$$('.group')[index].getElements('.segment_one_banner .js_banner_sobanner_tabindex')[0].focus();}}else{if($defined($$('.group')[index].getElements('.first .js_banner_tabindex')[0])){$$('.group')[index].getElements('.first .js_banner_tabindex')[0].focus();} +else{$$('.group')[index].getElements('.segment_one_banner .js_banner_sobanner_tabindex')[0].focus();}}}};el.addEvent("click",toIndex);el.getElement("a").addEvents({focus:function(){this.getParent(".carousel_group").addClass("carousel_group_hover");},blur:function(){this.getParent(".carousel_group").removeClass("carousel_group_hover");},keypress:function(e){if(e.key=="enter"){toIndex(e);}}});});} +var tabIndex=this.options.tabindex+10;var links=$$("#controls #carousel a");if(rtl){links.reverse();} +for(var i=0;i0){images=this.elements[index].getElements(".segment_one_banner");} +else{BannerTabIndexHelper.cleanUpTabIndexes(banner.getElementsByTagName("a"));} +if(rtl){images=images.reverse();} +var length=images.length-1;if(length>0){for(var i=0;i<=length;i++){var image=images[i];var a=image.getElements(".js_banner_tabindex")[0];a.set("tabindex",this.options.tabindex+2*i);}} +else{var links=images.getElements("a");var l_tabi=this.options.tabindex;links.each(function(link){link.set("tabindex",l_tabi+1);});var a=images.getElements(".js_banner_sobanner_tabindex")[0];a.set("tabindex",this.options.tabindex);}}else{banner.getElements("a").each(BannerTabIndexHelper.hideTabIndexes);}}.bind(this));},addEventsToArrow:function(carousel,arrow,pressEnterHandler,focusClass){arrow.addEvent("click",pressEnterHandler);arrow.getElement("a").addEvents({focus:function(){this.getParent("div").addClass(focusClass);},blur:function(){this.getParent("div").removeClass(focusClass);},keypress:function(e){if(e.key=="enter"){pressEnterHandler();}}});},cloneScrollerElements:function(el,count){if(!el)return[];var elements=[];for(var i=0;i");el.set('html',title);});} + + + + +
                +
                + +
                +
                + +]]>                GET/indexoldHTTP/1.1Cookie: CustomCookie=WebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0;JSESSIONID=756DA386 +
                Refererhttp://zero.webappsecurity.com/index.html
                Accept*/*
                Accept-Encodinggzip, deflate
                Pragmano-cache
                User-AgentMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
                Hostzero.webappsecurity.com
                ConnectionKeep-Alive
                X-WIPPAscVersion=22.2.0.253
                X-Scan-MemoCategory="Audit.Attack";SID="2F29D5026D30A2B2C27ABC7CA79AA86D";PSID="8E73B3A63EFE2AADE20745A947151EB3";SessionType="AuditAttack";CrawlType="None";AttackType="Search";OriginatingEngineID="9d2b8591-9dbe-4085-bc79-15aeab89cc57";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="2083";Engine="File+Extension+Replacement";SmartMode="2";tht="40";
                X-RequestManager-Memostid="15";stmi="0";sc="1";rid="077a9caf";
                X-Request-Memorid="e9a70ad3";sc="1";thid="27";
                CustomCookieWebInspect181338ZXB984D0462EB343AE8598A4FFB116FA93YFFF0JSESSIONID756DA386                HTTP/1.1200OK + + + + Free Bank Online + + + + + + + + + + + + + + + + +
                +
                + +
                +
                + +]]>
                DateFri, 24 Feb 2023 14:10:03 GMT
                ServerApache-Coyote/1.1
                Access-Control-Allow-Origin*
                Accept-Rangesbytes
                ETagW/"3691-1368929102000"
                Last-ModifiedSun, 19 May 2013 02:05:02 GMT
                Content-Typeapplication/octet-stream;charset=UTF-8
                Content-Length3691
                Keep-Alivetimeout=5, max=95
                ConnectionKeep-Alive
                 \ No newline at end of file diff --git a/unittests/scans/mobsf/allsafe.json b/unittests/scans/mobsf/allsafe.json new file mode 100644 index 00000000000..e234cf151ca --- /dev/null +++ b/unittests/scans/mobsf/allsafe.json @@ -0,0 +1 @@ +{"version": "v3.6.7 Beta", "title": "Static Analysis", "file_name": "allsafe.apk", "app_name": "Allsafe", "app_type": "apk", "size": "7.54MB", "md5": "ce0fb160ee2319389ca636d18cddc569", "sha1": "a71d040ea97b200f44a0ed4a810c9363c5eca77e", "sha256": "73fab11c3d736e9d416e6f0cdd55139d0f55763242ddfe8c4c6c54aa51a080cd", "package_name": "infosecadventures.allsafe", "main_activity": "infosecadventures.allsafe.MainActivity", "exported_activities": "['infosecadventures.allsafe.ProxyActivity', 'infosecadventures.allsafe.challenges.DeepLinkTask']", "browsable_activities": {"infosecadventures.allsafe.challenges.DeepLinkTask": {"schemes": ["allsafe://", "https://"], "mime_types": [], "hosts": ["infosecadventures"], "ports": [], "paths": [], "path_prefixs": ["/congrats"], "path_patterns": [], "browsable": true}}, "activities": ["infosecadventures.allsafe.ProxyActivity", "infosecadventures.allsafe.challenges.DeepLinkTask", "infosecadventures.allsafe.MainActivity", "com.google.android.gms.common.api.GoogleApiActivity"], "receivers": ["infosecadventures.allsafe.challenges.NoteReceiver"], "providers": ["infosecadventures.allsafe.challenges.DataProvider", "androidx.core.content.FileProvider", "com.google.firebase.provider.FirebaseInitProvider"], "services": ["infosecadventures.allsafe.challenges.RecorderService", "com.google.firebase.components.ComponentDiscoveryService"], "libraries": [], "target_sdk": "30", "max_sdk": "", "min_sdk": "23", "version_name": "1.4", "version_code": "4", "icon_hidden": false, "icon_found": true, "permissions": {"android.permission.INTERNET": {"status": "normal", "info": "full Internet access", "description": "Allows an application to create network sockets."}, "android.permission.ACCESS_NETWORK_STATE": {"status": "normal", "info": "view network status", "description": "Allows an application to view the status of all networks."}, "android.permission.RECORD_AUDIO": {"status": "dangerous", "info": "record audio", "description": "Allows application to access the audio record path."}, "android.permission.READ_EXTERNAL_STORAGE": {"status": "dangerous", "info": "read external storage contents", "description": "Allows an application to read from external storage."}, "android.permission.WRITE_EXTERNAL_STORAGE": {"status": "dangerous", "info": "read/modify/delete external storage contents", "description": "Allows an application to write to external storage."}, "android.permission.QUERY_ALL_PACKAGES": {"status": "normal", "info": "", "description": "Allows query of any normal app on the device, regardless of manifest declarations."}}, "certificate_analysis": {"certificate_info": "APK is signed\nv1 signature: True\nv2 signature: True\nv3 signature: False\nFound 1 unique certificates\nSubject: CN=Android Debug, O=Android, C=US\nSignature Algorithm: rsassa_pkcs1v15\nValid From: 2020-09-28 19:11:04+00:00\nValid To: 2050-09-21 19:11:04+00:00\nIssuer: CN=Android Debug, O=Android, C=US\nSerial Number: 0x1\nHash Algorithm: sha1\nmd5: 11031a648c4a722dac659762386a7a5c\nsha1: dc21ede0661a43b7d3f513dae852860f7cf5bd92\nsha256: 9e31896caeffb7c54d5c60f8752402671b67ac376d996404206868beb87fe636\nsha512: 7d3560293ccac12188eed2a96436d8a6ea3882f05761bd617251e93d47f0d0566aa48965f2595965c73adff5ebb63833a72a3a56af3c10c8dc2d10da84c15e51\nPublicKey Algorithm: rsa\nBit Size: 2048\nFingerprint: e51efc601f22b201e4ac733d568613804a1e3e002ebc4d6798568c4b1ef95200", "certificate_findings": [["info", "Application is signed with a code signing certificate", "Signed Application"], ["warning", "Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also vulnerable.", "Application vulnerable to Janus Vulnerability"], ["high", "Application signed with a debug certificate. Production application must not be shipped with a debug certificate.", "Application signed with debug certificate"], ["warning", "Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues. The manifest file indicates SHA256withRSA is in use.", "Certificate algorithm might be vulnerable to hash collision"]], "certificate_summary": {"high": 1, "warning": 2, "info": 1}}, "manifest_analysis": {"manifest_findings": [{"rule": "vulnerable_os_version", "title": "App can be installed on a vulnerable Android version
                [minSdk=23]", "severity": "warning", "description": "This application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", "name": "App can be installed on a vulnerable Android version[minSdk=23]", "component": ["23"]}, {"rule": "has_network_security", "title": "App has a Network Security Configuration
                [android:networkSecurityConfig=@xml/network_security_config]", "severity": "info", "description": "The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. ", "name": "App has a Network Security Configuration [android:networkSecurityConfig=@xml/network_security_config]", "component": ["@xml/network_security_config"]}, {"rule": "app_is_debuggable", "title": "Debug Enabled For App
                [android:debuggable=true]", "severity": "high", "description": "Debugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.", "name": "Debug Enabled For App [android:debuggable=true]", "component": []}, {"rule": "app_allowbackup", "title": "Application Data can be Backed up
                [android:allowBackup=true]", "severity": "warning", "description": "This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", "name": "Application Data can be Backed up [android:allowBackup=true]", "component": []}, {"rule": "exported_intent_filter_exists", "title": "Activity (infosecadventures.allsafe.challenges.DeepLinkTask) is not Protected.
                An intent-filter exists.", "severity": "warning", "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "Activity infosecadventures.allsafe.challenges.DeepLinkTask is not Protected.An intent-filter exists.", "component": ["Activity", "infosecadventures.allsafe.challenges.DeepLinkTask"]}], "manifest_summary": {"high": 1, "warning": 3, "info": 0, "suppressed": 0}}, "network_security": {"network_findings": [{"scope": ["infosecadventures.io"], "description": "Domain config is insecurely configured to permit clear text traffic to these domains in scope.", "severity": "high"}], "network_summary": {"high": 1, "warning": 0, "info": 0, "secure": 0}}, "binary_analysis": [{"name": "lib/x86/libnative_library.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": true, "severity": "info", "description": "The shared object has the following fortified functions: ['__memcpy_chk']"}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86_64/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": false, "severity": "high", "description": "This shared object does not have a stack canary value added to the stack. Stack canaries are used to detect and prevent exploits from overwriting return address. Use the option -fstack-protector-all to enable stack canaries."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86_64/libnative_library.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": true, "severity": "info", "description": "The shared object has the following fortified functions: ['__memcpy_chk', '__memmove_chk', '__strlen_chk', '__vsnprintf_chk']"}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/arm64-v8a/libnative_library.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": true, "severity": "info", "description": "The shared object has the following fortified functions: ['__vsnprintf_chk', '__strlen_chk', '__memcpy_chk', '__memmove_chk']"}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/arm64-v8a/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": false, "severity": "high", "description": "This shared object does not have a stack canary value added to the stack. Stack canaries are used to detect and prevent exploits from overwriting return address. Use the option -fstack-protector-all to enable stack canaries."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/armeabi-v7a/libnative_library.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": true, "severity": "info", "description": "The shared object has the following fortified functions: ['__memcpy_chk']"}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/armeabi-v7a/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}], "file_analysis": [], "android_api": {"api_webview_get": {"files": {"infosecadventures/allsafe/challenges/VulnerableWebView.java": "11,12,19,24,24,25,25,34,34,40,40,8,9,10,11,12,51"}, "metadata": {"description": "WebView GET Request", "severity": "info"}}, "api_local_file_io": {"files": {"infosecadventures/allsafe/ArbitraryCodeExecution.java": "47", "infosecadventures/allsafe/challenges/InsecureSharedPreferences.java": "38,37", "infosecadventures/allsafe/challenges/SQLInjection.java": "87"}, "metadata": {"description": "Local File I/O Operations", "severity": "info"}}, "api_native_code": {"files": {"com/scottyab/rootbeer/RootBeerNative.java": "15", "infosecadventures/allsafe/challenges/NativeLibrary.java": "37"}, "metadata": {"description": "Loading Native Code (Shared Library)", "severity": "info"}}, "api_crypto": {"files": {"infosecadventures/allsafe/challenges/WeakCryptography.java": "19,20,21,22,23", "okio/Buffer.java": "14,15", "okio/ByteString.java": "16,17", "okio/HashingSink.java": "6,7", "okio/HashingSource.java": "6,7", "okio/SegmentedByteString.java": "9,10"}, "metadata": {"description": "Crypto", "severity": "info"}}, "api_message_digest": {"files": {"infosecadventures/allsafe/challenges/SQLInjection.java": "16,16", "infosecadventures/allsafe/challenges/WeakCryptography.java": "16,16", "okio/Buffer.java": "12,12", "okio/ByteString.java": "14,14", "okio/HashingSink.java": "5,5", "okio/HashingSource.java": "5,5", "okio/SegmentedByteString.java": "8,8"}, "metadata": {"description": "Message Digest", "severity": "info"}}, "api_start_activity": {"files": {"infosecadventures/allsafe/ProxyActivity.java": "12", "infosecadventures/allsafe/about/About.java": "33,39,45"}, "metadata": {"description": "Starting Activity", "severity": "info"}}, "api_ipc": {"files": {"infosecadventures/allsafe/ProxyActivity.java": "3,12,12", "infosecadventures/allsafe/about/About.java": "3,33,39,45", "infosecadventures/allsafe/challenges/DeepLinkTask.java": "3,17,17", "infosecadventures/allsafe/challenges/InsecureBroadcastReceiver.java": "4,35,35", "infosecadventures/allsafe/challenges/InsecureService.java": "3,29", "infosecadventures/allsafe/challenges/NoteReceiver.java": "8,24", "infosecadventures/allsafe/challenges/RecorderService.java": "7,31,4,24,31"}, "metadata": {"description": "Inter Process Communication", "severity": "info"}}, "api_tcp": {"files": {"okio/DeprecatedOkio.java": "6,17,64,89,6", "okio/Okio.java": "8,47,63,8", "okio/Okio__JvmOkioKt.java": "10,20,39,41,41,47,49,49,10", "okio/SocketAsyncTimeout.java": "4,5,12,12,12,14,15,17,17,24,24,4,5"}, "metadata": {"description": "TCP Socket", "severity": "info"}}, "api_java_reflection": {"files": {"com/scottyab/rootbeer/util/Utils.java": "12,3", "okio/ByteString.java": "10"}, "metadata": {"description": "Java Reflection", "severity": "info"}}, "api_os_command": {"files": {"com/scottyab/rootbeer/RootBeer.java": "116,130,236,116,130,236"}, "metadata": {"description": "Execute OS Command", "severity": "info"}}, "api_send_broadcast": {"files": {"infosecadventures/allsafe/challenges/InsecureBroadcastReceiver.java": "45"}, "metadata": {"description": "Sending Broadcast", "severity": "info"}}, "api_dexloading": {"files": {"infosecadventures/allsafe/ArbitraryCodeExecution.java": "10"}, "metadata": {"description": "Dynamic Class and Dexloading", "severity": "info"}}, "api_installed": {"files": {"infosecadventures/allsafe/ArbitraryCodeExecution.java": "28,28"}, "metadata": {"description": "Get Installed Applications", "severity": "info"}}, "api_start_service": {"files": {"infosecadventures/allsafe/challenges/InsecureService.java": "29"}, "metadata": {"description": "Starting Service", "severity": "info"}}, "api_content_provider": {"files": {"infosecadventures/allsafe/challenges/DataProvider.java": "3"}, "metadata": {"description": "Content Provider", "severity": "info"}}, "api_base64_decode": {"files": {"infosecadventures/allsafe/challenges/PinBypass.java": "55,4,56"}, "metadata": {"description": "Base64 Decode", "severity": "info"}}, "api_get_system_service": {"files": {"infosecadventures/allsafe/challenges/NoteReceiver.java": "52", "infosecadventures/allsafe/utils/ClipUtil.java": "20"}, "metadata": {"description": "Get System Service", "severity": "info"}}, "api_notifications": {"files": {"infosecadventures/allsafe/challenges/NoteReceiver.java": "5,55"}, "metadata": {"description": "Android Notifications", "severity": "info"}}, "api_clipboard": {"files": {"infosecadventures/allsafe/utils/ClipUtil.java": "4,4,22"}, "metadata": {"description": "Set or Read Clipboard data", "severity": "info"}}}, "code_analysis": {"findings": {"android_logging": {"files": {"com/scottyab/rootbeer/RootBeer.java": "123,137,148,193,267,102,170,215", "com/scottyab/rootbeer/RootBeerNative.java": "18", "com/scottyab/rootbeer/util/QLog.java": "64,20,21,22,23,29,30,58,70,42,43,44,45,51,52", "infosecadventures/allsafe/challenges/CertificatePinning.java": "50,67,84", "infosecadventures/allsafe/challenges/DeepLinkTask.java": "20,30", "infosecadventures/allsafe/challenges/InsecureLogging.java": "37", "infosecadventures/allsafe/challenges/NoteReceiver.java": "30,35,42", "infosecadventures/allsafe/challenges/ObjectSerialization.java": "64,90", "infosecadventures/allsafe/challenges/RecorderService.java": "51,66", "infosecadventures/allsafe/challenges/WeakCryptography.java": "49"}, "metadata": {"cvss": 7.5, "cwe": "CWE-532: Insertion of Sensitive Information into Log File", "owasp-mobile": "", "masvs": "MSTG-STORAGE-3", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", "description": "The App logs information. Sensitive information should never be logged.", "severity": "info"}}, "android_read_write_external": {"files": {"infosecadventures/allsafe/challenges/ObjectSerialization.java": "32", "infosecadventures/allsafe/challenges/RecorderService.java": "73"}, "metadata": {"cvss": 5.5, "cwe": "CWE-276: Incorrect Default Permissions", "owasp-mobile": "M2: Insecure Data Storage", "masvs": "MSTG-STORAGE-2", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", "description": "App can read/write to External Storage. Any App can read data written to External Storage.", "severity": "warning"}}, "android_hardcoded": {"files": {"infosecadventures/allsafe/challenges/ObjectSerialization.java": "112", "infosecadventures/allsafe/challenges/WeakCryptography.java": "26"}, "metadata": {"cvss": 7.4, "cwe": "CWE-312: Cleartext Storage of Sensitive Information", "masvs": "MSTG-STORAGE-14", "owasp-mobile": "M9: Reverse Engineering", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10", "description": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.", "severity": "warning"}}, "android_insecure_random": {"files": {"infosecadventures/allsafe/challenges/WeakCryptography.java": "18"}, "metadata": {"cvss": 7.5, "cwe": "CWE-330: Use of Insufficiently Random Values", "owasp-mobile": "M5: Insufficient Cryptography", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators", "masvs": "MSTG-CRYPTO-6", "description": "The App uses an insecure Random Number Generator.", "severity": "warning"}}, "android_aes_ecb": {"files": {"infosecadventures/allsafe/challenges/WeakCryptography.java": "31"}, "metadata": {"cvss": 5.9, "cwe": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "owasp-mobile": "M5: Insufficient Cryptography", "masvs": "MSTG-CRYPTO-2", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode", "description": "The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.", "severity": "high"}}, "android_md5": {"files": {"infosecadventures/allsafe/challenges/SQLInjection.java": "74", "infosecadventures/allsafe/challenges/WeakCryptography.java": "44"}, "metadata": {"cvss": 7.4, "cwe": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "masvs": "MSTG-CRYPTO-4", "owasp-mobile": "M5: Insufficient Cryptography", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4", "description": "MD5 is a weak hash known to have hash collisions.", "severity": "warning"}}, "android_ssl_pinning": {"files": {"infosecadventures/allsafe/challenges/CertificatePinning.java": "51,46,102"}, "metadata": {"cvss": 0, "cwe": "", "owasp-mobile": "", "masvs": "MSTG-NETWORK-4", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4", "description": "This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.", "severity": "good"}}, "android_detect_root": {"files": {"com/scottyab/rootbeer/RootBeer.java": "42"}, "metadata": {"cvss": 0, "cwe": "", "masvs": "MSTG-RESILIENCE-1", "owasp-mobile": "", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "description": "This App may have root detection capabilities.", "severity": "good"}}, "android_sql_raw_query": {"files": {"infosecadventures/allsafe/challenges/NoteDatabaseHelper.java": "4,5,14", "infosecadventures/allsafe/challenges/SQLInjection.java": "4,52"}, "metadata": {"cvss": 5.9, "cwe": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "owasp-mobile": "M7: Client Code Quality", "masvs": "", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2", "description": "App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.", "severity": "warning"}}, "android_su_detect": {"files": {"com/scottyab/rootbeer/Const.java": "9,9,9,11,9,11,9,9"}, "metadata": {"cvss": 0, "cwe": "CWE-250: Execution with Unnecessary Privileges", "owasp-mobile": "", "masvs": "MSTG-RESILIENCE-1", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "description": "This App may request root (Super User) privileges.", "severity": "warning"}}, "android_clipboard_copy": {"files": {"infosecadventures/allsafe/utils/ClipUtil.java": "4,22,27"}, "metadata": {"cvss": 0, "cwe": "", "owasp-mobile": "", "masvs": "MSTG-STORAGE-10", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard", "description": "This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.", "severity": "info"}}}, "summary": {"high": 1, "warning": 6, "info": 2, "secure": 2, "suppressed": 0}}, "niap_analysis": {"FCS_RBG_EXT.1.1": {"choice": "The application invoke platform-provided DRBG functionality for its cryptographic operations.", "description": "Random Bit Generation Services", "class": "Security Functional Requirements"}, "FCS_STO_EXT.1.1": {"choice": "The application does not store any credentials to non-volatile memory.", "description": "Storage of Credentials", "class": "Security Functional Requirements"}, "FCS_CKM_EXT.1.1": {"choice": "The application implement asymmetric key generation.", "description": "Cryptographic Key Generation Services", "class": "Security Functional Requirements"}, "FDP_DEC_EXT.1.1": {"choice": "The application has access to ['network connectivity', 'microphone'].", "description": "Access to Platform Resources", "class": "Security Functional Requirements"}, "FDP_DEC_EXT.1.2": {"choice": "The application has access to no sensitive information repositories.", "description": "Access to Platform Resources", "class": "Security Functional Requirements"}, "FDP_NET_EXT.1.1": {"choice": "The application has user/application initiated network communications.", "description": "Network Communications", "class": "Security Functional Requirements"}, "FDP_DAR_EXT.1.1": {"choice": "The application implement functionality to encrypt sensitive data in non-volatile memory.", "description": "Encryption Of Sensitive Application Data", "class": "Security Functional Requirements"}, "FMT_MEC_EXT.1.1": {"choice": "The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.", "description": "Supported Configuration Mechanism", "class": "Security Functional Requirements"}, "FTP_DIT_EXT.1.1": {"choice": "The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.", "description": "Protection of Data in Transit", "class": "Security Functional Requirements"}, "FCS_RBG_EXT.2.1,FCS_RBG_EXT.2.2": {"choice": "The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.", "description": "Random Bit Generation from Application", "class": "Selection-Based Security Functional Requirements"}, "FCS_CKM.1.1(1)": {"choice": "The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.", "description": "Cryptographic Asymmetric Key Generation", "class": "Selection-Based Security Functional Requirements"}, "FCS_COP.1.1(1)": {"choice": "The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.", "description": "Cryptographic Operation - Encryption/Decryption", "class": "Selection-Based Security Functional Requirements"}, "FCS_COP.1.1(2)": {"choice": "The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.", "description": "Cryptographic Operation - Hashing", "class": "Selection-Based Security Functional Requirements"}, "FCS_COP.1.1(3)": {"choice": "The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.", "description": "Cryptographic Operation - Signing", "class": "Selection-Based Security Functional Requirements"}, "FCS_HTTPS_EXT.1.1": {"choice": "The application implement the HTTPS protocol that complies with RFC 2818.", "description": "HTTPS Protocol", "class": "Selection-Based Security Functional Requirements"}, "FCS_HTTPS_EXT.1.2": {"choice": "The application implement HTTPS using TLS.", "description": "HTTPS Protocol", "class": "Selection-Based Security Functional Requirements"}, "FCS_HTTPS_EXT.1.3": {"choice": "The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.", "description": "HTTPS Protocol", "class": "Selection-Based Security Functional Requirements"}, "FIA_X509_EXT.2.1": {"choice": "The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.", "description": "X.509 Certificate Authentication", "class": "Selection-Based Security Functional Requirements"}, "FPT_TUD_EXT.2.1": {"choice": "The application shall be distributed using the format of the platform-supported package manager.", "description": "Integrity for Installation and Update", "class": "Selection-Based Security Functional Requirements"}, "FCS_CKM.1.1(2)": {"choice": "The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.", "description": "Cryptographic Symmetric Key Generation", "class": "Optional Security Functional Requirements"}}, "urls": [{"urls": ["https://www.github.com/t0thkr1s", "https://medium.com/infosec-adventures", "https://www.twitter.com/t0thkr1s"], "path": "infosecadventures/allsafe/Constants.java"}, {"urls": ["http://schemas.xmlsoap.org/soap/envelope/", "http://siebel.com/webservices"], "path": "infosecadventures/allsafe/challenges/HardcodedCredentials.java"}, {"urls": ["https://httpbin.org/json"], "path": "infosecadventures/allsafe/challenges/CertificatePinning.java"}, {"urls": ["https://admin:password123@dev.infosecadventures.com", "https://allsafe-8cef0.firebaseio.com"], "path": "Android String Resource"}], "domains": {"siebel.com": {"bad": "no", "geolocation": {"ip": "23.48.203.75", "country_short": "AU", "country_long": "Australia", "region": "New South Wales", "city": "Sydney", "latitude": "-33.867851", "longitude": "151.207321"}}, "httpbin.org": {"bad": "no", "geolocation": {"ip": "75.101.131.185", "country_short": "US", "country_long": "United States of America", "region": "Virginia", "city": "Ashburn", "latitude": "39.043720", "longitude": "-77.487488"}}, "dev.infosecadventures.com": {"bad": "no", "geolocation": null}, "medium.com": {"bad": "no", "geolocation": {"ip": "162.159.152.4", "country_short": "US", "country_long": "United States of America", "region": "California", "city": "San Francisco", "latitude": "37.775700", "longitude": "-122.395203"}}, "www.twitter.com": {"bad": "no", "geolocation": {"ip": "104.244.42.129", "country_short": "US", "country_long": "United States of America", "region": "California", "city": "San Francisco", "latitude": "37.773968", "longitude": "-122.410446"}}, "schemas.xmlsoap.org": {"bad": "no", "geolocation": {"ip": "13.107.213.40", "country_short": "US", "country_long": "United States of America", "region": "Washington", "city": "Redmond", "latitude": "47.682899", "longitude": "-122.120903"}}, "allsafe-8cef0.firebaseio.com": {"bad": "no", "geolocation": {"ip": "34.120.160.131", "country_short": "US", "country_long": "United States of America", "region": "Missouri", "city": "Kansas City", "latitude": "39.099731", "longitude": "-94.578568"}}, "www.github.com": {"bad": "no", "geolocation": {"ip": "140.82.113.3", "country_short": "US", "country_long": "United States of America", "region": "California", "city": "San Francisco", "latitude": "37.775700", "longitude": "-122.395203"}}}, "emails": [{"emails": ["password123@dev.infosecadv"], "path": "Android String Resource"}], "strings": ["\"abc_action_menu_overflow_description\" : \"Higit pang opsyon\"", "\"mtrl_picker_day_of_week_column_header\" : \"Column of days: %1$s\"", "\"abc_searchview_description_voice\" : \"Glasovno pretra\u017eivanje\"", "\"abc_capital_off\" : \"\u0418\u0421\u041a\u041b\u0423\u0427\u0415\u041d\u041e\"", "\"material_timepicker_pm\" : \"e.h.\"", "\"abc_shareactionprovider_share_with\" : \"Udost\u0119pnij przez:\"", "\"mtrl_picker_invalid_range\" : \"Ung\u00fcltiger Bereich.\"", "\"mtrl_picker_a11y_next_month\" : \"\u1794\u17d2\u178a\u17bc\u179a\u200b\u1791\u17c5\u200b\u1781\u17c2\u1794\u1793\u17d2\u1791\u17b6\u1794\u17cb\"", "St12length_error", "\"material_timepicker_clock_mode_description\" : \"Canvia al mode de rellotge per introduir l'hora.\"", "\"clear_text_end_icon_content_description\" : \"Borra texto\"", "\"material_clock_toggle_content_description\" : \"Khetha u-AM noma u-PM\"", "\"common_google_play_services_enable_button\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data de \u00eencepere \u2013 %1$s\"", "\"character_counter_overflowed_content_description\" : \"\u12e8\u1241\u121d\u134a \u1308\u12f0\u1265 %1$d \u12a8%2$d \u12a0\u120d\u134f\u120d\"", "\"abc_toolbar_collapse_description\" : \"\u1230\u1265\u1235\u1265\"", "\"abc_capital_on\" : \"\u0985\u09a8\"", "\"common_signin_button_text\" : \"Logg p\u00e5\"", "typeinfo name for ", "\"abc_shareactionprovider_share_with_application\" : \"\u041f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e %s\"", "\"material_hour_suffix\" : \"klokken %1$s\"", "\"mtrl_picker_text_input_year_abbr\" : \"J\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u062e\u062a\u064a\u0627\u0631 \u062a\u0637\u0628\u064a\u0642\"", "\"mtrl_picker_date_header_unselected\" : \"Data selectat\u0103\"", "\"mtrl_picker_date_header_title\" : \"Ch\u1ecdn ng\u00e0y\"", "\"common_google_play_services_enable_text\" : \"%1$s tidak akan berfungsi jika layanan Google Play tidak diaktifkan.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u00a0\u2013 \u0434\u0430\u0442\u0430 \u043e\u043a\u043e\u043d\u0447\u0430\u043d\u0438\u044f\"", "\"mtrl_picker_a11y_next_month\" : \"\u0391\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03bf\u03bd \u03b5\u03c0\u03cc\u03bc\u03b5\u03bd\u03bf \u03bc\u03ae\u03bd\u03b1\"", "\"common_google_play_services_update_text\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12ab\u120b\u12d8\u1218\u1291 \u1260\u1235\u1270\u1240\u122d \u12f5\u1228\u1235 %1$s \u12a0\u12ed\u1230\u122b\u121d\u1362\"", "\"abc_capital_on\" : \"KVEIKT\"", "\"common_google_play_services_wear_update_text\" : \"\u10e1\u10d0\u10ed\u10d8\u10e0\u10dd\u10d0 Google Play Services-\u10d8\u10e1 \u10d0\u10ee\u10d0\u10da\u10d8 \u10d5\u10d4\u10e0\u10e1\u10d8\u10d0. \u10d8\u10e1 \u10db\u10d0\u10da\u10d4 \u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d3\u10d4\u10d1\u10d0.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Strg\u00a0+\"", "\"abc_menu_space_shortcut_label\" : \"\u0431\u043e\u0441 \u043e\u0440\u044b\u043d\"", "\"abc_action_bar_home_description\" : \"Zulazulela ekhaya\"", "\"abc_searchview_description_clear\" : \"\u067e\u0627\u06a9 \u06a9\u0631\u062f\u0646 \u067e\u064f\u0631\u0633\u0645\u0627\u0646\"", "\"abc_menu_space_shortcut_label\" : \"\u0562\u0561\u0581\u0561\u057f\"", "\"bottomsheet_action_expand_halfway\" : \"\u0a85\u0aa1\u0aa7\u0ac7 \u0ab8\u0ac1\u0aa7\u0ac0 \u0aae\u0acb\u0a9f\u0ac1\u0a82 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_invalid_format\" : \"Format je neva\u017eec\u0301i.\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0431\u0435\u0440\u0438 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0430\"", "\"material_hour_suffix\" : \"%1$s\u00a0heures\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Metin giri\u015f moduna ge\u00e7\"", "\"common_google_play_services_enable_button\" : \"Dayakan\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa +\"", "std::basic_iostream >", "\"material_timepicker_pm\" : \"G\u018f\"", "\"mtrl_picker_text_input_date_hint\" : \"\u041a\u04af\u043d\"", "\"material_clock_toggle_content_description\" : \"\u0538\u0576\u057f\u0580\u0565\u056c AM \u056f\u0561\u0574 PM\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0561\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navegar al a\u00f1o %1$s\"", "\"abc_action_menu_overflow_description\" : \"Flere valgmuligheder\"", "\"common_google_play_services_updating_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui sont en cours de mise \u00e0 jour.\"", "\"abc_searchview_description_search\" : \"H\u013eada\u0165\"", "\"mtrl_picker_date_header_unselected\" : \"\u0422\u0430\u043d\u0434\u0430\u043b\u0433\u0430\u043d \u043a\u04af\u043d\"", "\"abc_menu_meta_shortcut_label\" : \"Meta-Taste\u00a0+\"", "\"common_google_play_services_update_text\" : \"%1$s kan niet worden uitgevoerd, tenzij je Google Play-services updatet.\"", "\"nav_app_bar_open_drawer_description\" : \"Otvaranje ladice za navigaciju\"", "\"mtrl_picker_range_header_title\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e8a\u0ec8\u0ea7\u0e87\"", "\"character_counter_content_description\" : \"\u1241\u121d\u134a\u12ce\u127d %1$d \u12a8%2$d \u1308\u1265\u1270\u12cb\u120d\"", "\"abc_menu_space_shortcut_label\" : \"espace\"", "\"common_google_play_services_updating_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u06a9\u0647 \u062f\u0631\u062d\u0627\u0644 \u062d\u0627\u0636\u0631 \u062f\u0631\u062d\u0627\u0644 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0647\u0633\u062a\u0646\u062f\u060c \u06a9\u0627\u0631 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f.\"", "\"mtrl_picker_invalid_format_use\" : \"\u4f7f\u7528: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u0430\u0440\u043b\u044b\u0493\u044b\u043d \u043a\u04e9\u0440\u0443\"", "\"material_timepicker_select_time\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u0632\u0645\u0627\u0646\"", "St14overflow_error", "\"material_timepicker_select_time\" : \"Hautatu ordua\"", "\"material_timepicker_select_time\" : \"\u0ba8\u0bc7\u0bb0\u0ba4\u0bcd\u0ba4\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u3067 Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306b\u554f\u984c\u304c\u767a\u751f\u3057\u3066\u3044\u307e\u3059\u3002\u3082\u3046\u4e00\u5ea6\u304a\u8a66\u3057\u304f\u3060\u3055\u3044\u3002\"", "terminating with %s exception of type %s: %s", "\"material_timepicker_hour\" : \"\u0d2e\u0d23\u0d3f\u0d15\u0d4d\u0d15\u0d42\u0d30\u0d4d\u200d\"", "\"abc_action_menu_overflow_description\" : \"Aukera gehiago\"", "\"character_counter_overflowed_content_description\" : \"\u0905\u092d\u0940 %1$d \u0935\u0930\u094d\u0923 \u0939\u0948\u0902 \u091c\u092c\u0915\u093f %2$d \u0938\u0947 \u091c\u093c\u094d\u092f\u093e\u0926\u093e \u0928\u0939\u0940\u0902 \u0939\u094b\u0928\u0947 \u091a\u093e\u0939\u093f\u090f\"", "\"error_icon_content_description\" : \"B\u0142\u0105d\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0414\u043e\u043f\u0440\u0435\u0442\u0435 \u0437\u0430 \u0434\u0430 \u0441\u0435 \u043f\u0440\u0435\u0444\u0440\u043b\u0438\u0442\u0435 \u043d\u0430 \u0438\u0437\u0431\u0438\u0440\u0430\u045a\u0435 \u0434\u0435\u043d\"", "\"fallback_menu_item_copy_link\" : \"\u0eaa\u0eb3\u0ec0\u0e99\u0ebb\u0eb2\u0ea5\u0eb4\u0ec9\u0e87\"", "\"abc_menu_delete_shortcut_label\" : \"Suprimir\"", "\"common_google_play_services_notification_channel_name\" : \"Ketersediaan layanan Google Play\"", "\"common_google_play_services_install_button\" : \"\u0e15\u0e34\u0e14\u0e15\u0e31\u0e49\u0e07\"", "\"nav_app_bar_navigate_up_description\" : \"\u0d2e\u0d41\u0d15\u0d33\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d28\u0d3e\u0d35\u0d3f\u0d17\u0d47\u0d31\u0d4d\u0d31\u0d4d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u8f6c\u5230 %1$s \u5e74\"", "\"copy_toast_msg\" : \"Link copiado para a \u00e1rea de transfer\u00eancia.\"", "\"copy_toast_msg\" : \"\u10d2\u10d0\u10ea\u10d5\u10da\u10d8\u10e1 \u10d1\u10e3\u10e4\u10d4\u10e0\u10e8\u10d8 \u10d9\u10dd\u10de\u10d8\u10e0\u10d4\u10d1\u10e3\u10da\u10d8 \u10d1\u10db\u10e3\u10da\u10d8\"", "\"common_google_play_services_install_text\" : \"%1$s ishlashi uchun qurilmangizda Google Play xizmatlarini o\u2018rnatish lozim.\"", "\"mtrl_picker_range_header_title\" : \"Select Range\"", "\"abc_action_menu_overflow_description\" : \"\u10e1\u10ee\u10d5\u10d0 \u10d5\u10d0\u10e0\u10d8\u10d0\u10dc\u10e2\u10d4\u10d1\u10d8\"", "\"icon_content_description\" : \"Icono del cuadro de di\u00e1logo\"", "\"copy_toast_msg\" : \"\u05d4\u05e7\u05d9\u05e9\u05d5\u05e8 \u05d4\u05d5\u05e2\u05ea\u05e7 \u05dc\u05dc\u05d5\u05d7\"", "\"mtrl_picker_date_header_title\" : \"Vyberte datum\"", "\"mtrl_picker_navigate_to_year_description\" : \"Ir para o ano %1$s\"", "\"abc_action_mode_done\" : \"\u054a\u0561\u057f\u0580\u0561\u057d\u057f \u0567\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ilovasi Google Play xizmatlarisiz ishlamaydi, biroq qurilmangiz ularni qo\u2018llab-quvvatlamaydi.\"", "\"abc_activity_chooser_view_see_all\" : \"\u1798\u17be\u179b\u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u1295 \u12ed\u1320\u1240\u1219\"", "\"abc_menu_space_shortcut_label\" : \"atstarpes tausti\u0146\u0161\"", "\"common_google_play_services_update_text\" : \"%1$s non funzioner\u00e0 se non aggiorni Google Play Services.\"", "N12_GLOBAL__N_116itanium_demangle12InitListExprE", "\"mtrl_chip_close_icon_content_description\" : \"Hiq %1$s\"", "\"material_timepicker_hour\" : \"\u038f\u03c1\u03b1\"", "\"password_toggle_content_description\" : \"Parol ochiq tursin\"", "\"nav_app_bar_navigate_up_description\" : \"\u5411\u4e0a\u700f\u89bd\"", "\"copy_toast_msg\" : \"Nakopya sa clipboard ang link\"", "\"common_google_play_services_install_button\" : \"Instalatu\"", "\"mtrl_picker_text_input_date_hint\" : \"Dat\u0103\"", "\"common_google_play_services_update_button\" : \"Updaten\"", "\"abc_action_menu_overflow_description\" : \"\u305d\u306e\u4ed6\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\"", "\"material_timepicker_hour\" : \"\u0924\u093e\u0938\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Cambiar ao modo de entrada de calendario\"", "\"abc_capital_off\" : \"\u0412\u042b\u041a\u041b\"", "\"material_minute_suffix\" : \"%1$s\u00a0\u043c\u0438\u043d\u0443\u0442\u0438\"", "\"common_google_play_services_update_text\" : \"%1$s non se executar\u00e1 a menos que actualices os servizos de Google Play.\"", "\"fallback_menu_item_share_link\" : \"\u0e41\u0e0a\u0e23\u0e4c\u0e25\u0e34\u0e07\u0e01\u0e4c\"", "\"abc_toolbar_collapse_description\" : \"Palos\"", "\"error_icon_content_description\" : \"Fout\"", "\"common_google_play_services_install_button\" : \"\u0907\u0902\u0938\u094d\u091f\u0949\u0932 \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_invalid_format_example\" : \"Primjer: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"\u10d2\u10d0\u10d6\u10d8\u10d0\u10e0\u10d4\u10d1\u10d0:\"", "\"common_google_play_services_update_text\" : \"\u0427\u0442\u043e\u0431\u044b \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \"%1$s\", \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Koppintson az \u00e9v kiv\u00e1laszt\u00e1s\u00e1hoz\"", "\"material_hour_suffix\" : \"%1$s\u0dba\u0dd2\"", "\"nav_app_bar_navigate_up_description\" : \"\u0cae\u0cc7\u0cb2\u0c95\u0ccd\u0c95\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_action_bar_home_description\" : \"Ir a inicio\"", "\"abc_shareactionprovider_share_with_application\" : \"Share with %s\"", "\"character_counter_content_description\" : \"Du har brugt %1$d ud af %2$d tegn\"", "\"error_icon_content_description\" : \"\u0917\u095c\u092c\u095c\u0940\"", "\"mtrl_picker_text_input_date_hint\" : \"Petsa\"", "\"material_minute_suffix\" : \"%1$s menit\"", "\"character_counter_content_description\" : \"Beg\u00e9pelt karaktersz\u00e1m: %2$d/%1$d\"", "\"abc_action_mode_done\" : \"Udf\u00f8r\"", "\"exposed_dropdown_menu_content_description\" : \"\u0414\u043e\u043e\u0448 \u0443\u043d\u0430\u0434\u0430\u0433 \u0446\u044d\u0441\u0438\u0439\u0433 \u0445\u0430\u0440\u0443\u0443\u043b\u0430\u0445\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data d'inici\"", "\"mtrl_picker_date_header_unselected\" : \"Valgt dato\"", "\"common_google_play_services_install_title\" : \"Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10db\u10dd\u10e2\u10d5\u10d8\u10e0\u10d7\u10d5\u10d0\"", "operator<=", "\"mtrl_picker_text_input_day_abbr\" : \"j\"", "\"mtrl_picker_save\" : \"\u0b9a\u0bc7\u0bae\u0bbf\"", "\"mtrl_picker_range_header_title\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u043e\u043f\u0441\u0435\u0433\"", "\"abc_searchview_description_query\" : \"Arama sorgusu\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u1260Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u120b\u12ed \u127d\u130d\u122e\u127d \u12a5\u12eb\u130b\u1320\u1219\u1275 \u1290\u12cd\u1362 \u12a5\u1263\u12ad\u12ce \u12a5\u1295\u12f0\u1308\u1293 \u12ed\u121e\u12ad\u1229\u1362\"", "\"common_google_play_services_update_text\" : \"%1$s no funcionar\u00e1 hasta que no actualices Servicios de Google Play.\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u101b\u1000\u103a\u1000\u1031\u102c\u103a\u101c\u1036- %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u10ec\u10d4\u10da\u10d6\u10d4 \u10dc\u10d0\u10d5\u10d8\u10d2\u10d0\u10ea\u10d8\u10d0\"", "\"abc_action_bar_home_description\" : \"Eiti \u012f pagrindin\u012f puslap\u012f\"", "\"common_google_play_services_update_text\" : \"%1$s no s'executar\u00e0 si no actualitzes Serveis de Google Play.\"", "\"icon_content_description\" : \"\u00cdcone de caixa de di\u00e1logo\"", "\"material_timepicker_hour\" : \"\u0918\u0902\u091f\u093e\"", "\"material_timepicker_minute\" : \"\u0a2e\u0a3f\u0a70\u0a1f\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u1218\u1300\u1218\u122a\u12eb \u1240\u1295 \u2013 %1$s\"", "\"common_signin_button_text_long\" : \"\u041f\u0440\u0438\u0458\u0430\u0432\u0438 \u043c\u0435 \u043d\u0430 Google\"", "\"common_google_play_services_install_button\" : \"Instalo\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0938\u0941\u0930\u0941 \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f\"", "istream", "\"material_timepicker_text_input_mode_description\" : \"Zaman\u0131 daxil etm\u0259k \u00fc\u00e7\u00fcn m\u0259tnl\u0259 daxiletm\u0259 rejimin\u0259 ke\u00e7in\"", "\"icon_content_description\" : \"\u0418\u043a\u043e\u043d\u0430 \u0437\u0430 \u0434\u0438\u0430\u043b\u043e\u0433\u043e\u0432 \u043f\u0440\u043e\u0437\u043e\u0440\u0435\u0446\"", "\"common_google_play_services_updating_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 d\u1ecbch v\u1ee5 c\u1ee7a Google Play. D\u1ecbch v\u1ee5 n\u00e0y hi\u1ec7n \u0111ang c\u1eadp nh\u1eadt.\"", "\"abc_capital_on\" : \"\u1794\u17be\u1780\"", "N12_GLOBAL__N_116itanium_demangle20DynamicExceptionSpecE", "\"exposed_dropdown_menu_content_description\" : \"A\u00e7\u0131lan menyunu g\u00f6st\u0259rin\"", "\"exposed_dropdown_menu_content_description\" : \"\u0b95\u0bc0\u0bb4\u0bcd \u0ba4\u0bcb\u0ba9\u0bcd\u0bb1\u0bb2\u0bcd \u0bae\u0bc6\u0ba9\u0bc1\u0bb5\u0bc8\u0b95\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bcd \u0baa\u0b9f\u0bcd\u0b9f\u0ba9\u0bcd\"", "\"common_signin_button_text_long\" : \"Prihl\u00e1si\u0165 sa do \u00fa\u010dtu Google\"", "\"material_timepicker_clock_mode_description\" : \"\u0427\u0442\u043e\u0431\u044b \u0432\u0432\u0435\u0441\u0442\u0438 \u0432\u0440\u0435\u043c\u044f, \u043f\u0435\u0440\u0435\u0439\u0434\u0438\u0442\u0435 \u0432 \u0440\u0435\u0436\u0438\u043c \u0447\u0430\u0441\u043e\u0432.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0932\u093e\u0908 Google Play services \u0938\u0901\u0917 \u0938\u0939\u0915\u093e\u0930\u094d\u092f \u0917\u0930\u094d\u0928 \u0938\u092e\u0938\u094d\u092f\u093e \u092d\u0907\u0930\u0939\u0947\u0915\u094b \u091b\u0964 \u0915\u0943\u092a\u092f\u093e \u092b\u0947\u0930\u093f \u092a\u094d\u0930\u092f\u093e\u0938 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u0964\"", "\"mtrl_picker_text_input_date_hint\" : \"Tarix\"", "throw ", "\"error_icon_content_description\" : \"Fehler\"", "\"abc_action_menu_overflow_description\" : \"\u0985\u09a7\u09bf\u0995 \u09ac\u09bf\u0995\u09b2\u09cd\u09aa\"", "\"mtrl_picker_announce_current_selection\" : \"Pa\u0161reiz\u0113j\u0101 atlase: %1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"Dijeli putem aplikacije %s\"", "\"mtrl_picker_out_of_range\" : \"Hors de la plage\u00a0: %1$s\"", "\"search_menu_title\" : \"\u062c\u0633\u062a\u062c\u0648\"", "\"common_google_play_services_enable_button\" : \"\u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_signin_button_text_long\" : \"Conecta\u021bi-v\u0103 cu Google\"", "\"material_timepicker_text_input_mode_description\" : \"\u0935\u0947\u0933 \u0907\u0928\u092a\u0941\u091f\u0938\u093e\u0920\u0940 \u092e\u091c\u0915\u0942\u0930 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u0935\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e.\"", "N12_GLOBAL__N_116itanium_demangle13NodeArrayNodeE", "\"fallback_menu_item_copy_link\" : \"\u0c32\u0c3f\u0c02\u0c15\u0c4d\u200c\u0c28\u0c41 \u0c15\u0c3e\u0c2a\u0c40 \u0c1a\u0c47\u0c2f\u0c3f\"", "\"mtrl_picker_announce_current_selection\" : \"\u041f\u043e\u0442\u043e\u0447\u043d\u0438\u0439 \u0432\u0438\u0431\u0456\u0440: %1$s\"", "\"abc_searchview_description_submit\" : \"\u1218\u1320\u12ed\u1245 \u12a0\u1235\u1308\u1263\"", "\"copy_toast_msg\" : \"Saite ir kop\u0113ta starpliktuv\u0113.\"", "\"material_timepicker_clock_mode_description\" : \"Zaman\u0131 daxil etm\u0259k \u00fc\u00e7\u00fcn saat rejimin\u0259 ke\u00e7in\"", "\"common_google_play_services_enable_button\" : \"Aktivizo\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Amaiera-data\"", "\"abc_toolbar_collapse_description\" : \"Contraer\"", "\"password_toggle_content_description\" : \"Shfaq fjal\u00ebkalimin\"", "\"common_open_on_phone\" : \"\u0a2b\u0a3c\u0a4b\u0a28 '\u0a24\u0a47 \u0a16\u0a4b\u0a32\u0a4d\u0a39\u0a4b\"", "\"mtrl_picker_date_header_unselected\" : \"\u9078\u629e\u3057\u305f\u65e5\u4ed8\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolonne med dage: %1$s\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Unwind-EHABI.cpp", "\"error_icon_content_description\" : \"\u0baa\u0bbf\u0bb4\u0bc8\"", "\"common_google_play_services_install_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a2a\u0a4d\u0a30\u0a3e\u0a2a\u0a24 \u0a15\u0a30\u0a4b\"", "\"material_timepicker_text_input_mode_description\" : \"Alterne para o modo de entrada de texto para informar o hor\u00e1rio.\"", "\"item_view_role_description\" : \"Fane\"", "Pure virtual function called!", "\"mtrl_picker_text_input_date_range_end_hint\" : \"P\u00e4\u00e4ttymisp\u00e4iv\u00e4\"", "\"common_google_play_services_wear_update_text\" : \"Du m\u00e5 installere en ny versjon av Google Play-tjenester. Appen oppdateres automatisk om en kort stund.\"", "\"common_google_play_services_enable_button\" : \"Sl\u00e5 p\u00e5\"", "\"abc_menu_shift_shortcut_label\" : \"\u200eShift+\u200e\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"M\u00e9s de %1$d\u00a0notificacions noves\"", "\"mtrl_picker_text_input_date_hint\" : \"\u09a4\u09be\u09b0\u09bf\u0996\"", "N12_GLOBAL__N_116itanium_demangle8QualTypeE", "\"material_hour_selection\" : \"\u0395\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03ce\u03c1\u03b1\u03c2\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0eaa\u0eb4\u0ec9\u0e99\u0eaa\u0eb8\u0e94\"", "\"abc_activity_chooser_view_see_all\" : \"Shfaq \u00e7do gj\u00eb\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Yli %1$d uutta ilmoitusta\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0443\"", "\"abc_menu_shift_shortcut_label\" : \"May\u00fas\u00a0+\"", "\"abc_action_bar_up_description\" : \"\u0b09\u0b2a\u0b30\u0b15\u0b41 \u0b28\u0b47\u0b2d\u0b3f\u0b17\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_search_hint\" : \"Bilatu\u2026\"", "\"abc_menu_meta_shortcut_label\" : \"Meta+\"", "\"abc_searchview_description_submit\" : \"So\u2018rov yaratish\"", "\"abc_prepend_shortcut_label\" : \"MENU +\"", "\"material_timepicker_clock_mode_description\" : \"Laiko \u012fvest\u012f pateikti perjungus \u012f laikrod\u017eio re\u017eim\u0105.\"", "\"common_google_play_services_update_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0916\u0924\u094d\u092e \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041a\u04af\u043d\u0442\u0456\u0437\u0431\u0435\u043d\u0456\u04a3 \u0435\u043d\u0433\u0456\u0437\u0443 \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0435 \u0430\u0443\u044b\u0441\u0443\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0d1f\u0d46\u0d15\u0d4d\u200c\u0d38\u0d4d\u200c\u0d31\u0d4d\u0d31\u0d4d \u0d07\u0d7b\u0d2a\u0d41\u0d1f\u0d4d\u0d1f\u0d4d \u0d2e\u0d4b\u0d21\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d41\u0d15\"", "\"abc_capital_on\" : \"AKTIV\"", "\"abc_searchview_description_search\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"nav_app_bar_navigate_up_description\" : \"\u0627\u0644\u062a\u0646\u0642\u0644 \u0625\u0644\u0649 \u0623\u0639\u0644\u0649\"", "\"abc_menu_space_shortcut_label\" : \"\u0641\u0627\u0635\u0644\u0647\"", "\"common_google_play_services_update_button\" : \"Update\"", "\"abc_searchview_description_voice\" : \"\u0413\u043e\u043b\u043e\u0441\u043e\u0432\u0438\u0439 \u043f\u043e\u0448\u0443\u043a\"", "\"material_timepicker_pm\" : \"PM\"", "\"clear_text_end_icon_content_description\" : \"\u0db4\u0dd9\u0dc5 \u0dc4\u0dd2\u0dc3\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_invalid_format\" : \"\u0d85\u0dc0\u0dbd\u0d82\u0d9c\u0dd4 \u0d86\u0d9a\u0dd8\u0dad\u0dd2\u0dba\u0d9a\u0dd2.\"", "\"character_counter_overflowed_content_description\" : \"\u062d\u0631\u0648\u0641 \u06a9\u06cc \u062a\u0639\u062f\u0627\u062f \u06a9\u06cc \u062d\u062f %2$d \u0633\u06d2 %1$d \u067e\u06c1\u0646\u0686 \u06af\u0626\u06cc\"", "\"abc_capital_off\" : \"WY\u0141.\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u88dd\u7f6e\u4e26\u672a\u5b89\u88dd Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_google_play_services_unsupported_text\" : \"%1$s won't run without Google Play services, which are not supported by your device.\"", "\"common_google_play_services_install_button\" : \"Install\"", "\"mtrl_picker_out_of_range\" : \"\u0b8e\u0bb2\u0bcd\u0bb2\u0bc8\u0b95\u0bcd\u0b95\u0bc1 \u0bb5\u0bc6\u0bb3\u0bbf\u0baf\u0bc7 \u0b89\u0bb3\u0bcd\u0bb3\u0ba4\u0bc1: %1$s\"", "\"abc_menu_enter_shortcut_label\" : \"Retorn\"", "\"fallback_menu_item_copy_link\" : \"Kopiuj link\"", "\"mtrl_picker_range_header_unselected\" : \"\u0544\u0565\u056f\u0576\u0561\u0580\u056f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568 \u2013 \u0531\u057e\u0561\u0580\u057f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"copy_toast_msg\" : \"\u9023\u7d50\u5df2\u8907\u88fd\u5230\u526a\u8cbc\u7c3f\"", "\"mtrl_badge_numberless_content_description\" : \"\u65b0\u3057\u3044\u901a\u77e5\"", "\"abc_action_bar_home_description\" : \"\u10db\u10d7\u10d0\u10d5\u10d0\u10e0\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"material_timepicker_clock_mode_description\" : \"Mude para o modo de rel\u00f3gio para a introdu\u00e7\u00e3o da hora.\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u1794\u17d2\u178a\u17bc\u179a\u1791\u17c5\u200b\u1786\u17d2\u1793\u17b6\u17c6 %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Yukar\u0131 git\"", "decimal64", "\"abc_menu_ctrl_shortcut_label\" : \"Ktrl +\"", "\"material_timepicker_pm\" : \"P. M.\"", "\"common_google_play_services_install_title\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b2\u09be\u09ad \u0995\u09f0\u0995\"", "\"item_view_role_description\" : \"Separador\"", "\"search_menu_title\" : \"Buscar\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Toca para seleccionar un a\u00f1o\"", "\"mtrl_picker_invalid_range\" : \"El periodo no es v\u00e1lido.\"", "\"mtrl_picker_date_header_title\" : \"\u092e\u093f\u0924\u093f \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"clear_text_end_icon_content_description\" : \"\u0418\u0437\u0447\u0438\u0441\u0442\u0432\u0430\u043d\u0435 \u043d\u0430 \u0442\u0435\u043a\u0441\u0442\u0430\"", "\"abc_searchview_description_submit\" : \"Po\u0161aljite upit\"", "\"abc_menu_shift_shortcut_label\" : \"Shift+\u200e\"", "\"material_minute_suffix\" : \"%1$s \u0e19\u0e32\u0e17\u0e35\"", "\"material_clock_display_divider\" : \":\"", "\"common_google_play_services_wear_update_text\" : \"New version of Google Play services needed. It will update itself shortly.\"", "\"abc_capital_off\" : \"\u0418\u0417\u041a\u041b.\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b\"", "\"character_counter_content_description\" : \"\u5df2\u8f38\u5165 %1$d \u500b\u5b57\u5143 (\u5171 %2$d \u500b)\"", "\"mtrl_picker_save\" : \"\u0421\u0430\u0447\u0443\u0432\u0430\u0458\"", "\"common_google_play_services_notification_ticker\" : \"\u12e8Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1235\u1205\u1270\u1275\"", "\"abc_searchview_description_voice\" : \"Glasovna pretraga\"", "\"common_google_play_services_wear_update_text\" : \"\u5fc5\u9808\u4f7f\u7528\u65b0\u7248 Google Play \u670d\u52d9\u3002\u8a72\u670d\u52d9\u7a0d\u5f8c\u5c31\u6703\u81ea\u52d5\u66f4\u65b0\u3002\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u2013beigu datums\"", "\"mtrl_picker_range_header_title\" : \"\u0926\u093e\u092f\u0930\u093e \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"material_minute_selection\" : \"Seleccionar minutos\"", "\"material_timepicker_text_input_mode_description\" : \"Zaman giri\u015fi i\u00e7in metin giri\u015fi moduna ge\u00e7in.\"", "\"abc_activitychooserview_choose_application\" : \"\u12a0\u1295\u12f5 \u1218\u1270\u130d\u1260\u122a\u12eb \u12ed\u121d\u1228\u1321\"", "\"mtrl_picker_a11y_next_month\" : \"\u7fcc\u6708\u306b\u5909\u66f4\"", "\"common_google_play_services_updating_text\" : \"Na spustenie aplik\u00e1cie %1$s sa vy\u017eaduj\u00fa slu\u017eby Google Play, ktor\u00e9 sa moment\u00e1lne aktualizuj\u00fa.\"", "\"fallback_menu_item_open_in_browser\" : \"Ireki arakatzailean\"", "\"abc_capital_off\" : \"\u10d2\u10d0\u10db\u10dd\u10e0\u10d7\u10d5\u10d0\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u092e\"", "\"material_timepicker_minute\" : \"\u041c\u0438\u043d\u0443\u0442\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0926\u093f\u0935\u0938\u093e\u0902\u091a\u093e \u0938\u094d\u0924\u0902\u092d: %1$s\"", "\"abc_search_hint\" : \"Szukaj\u2026\"", "\"copy_toast_msg\" : \"Enlace copiado en el portapapeles\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0938\u0941\u0930\u0941 \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f \u2013 %1$s\"", "\"mtrl_picker_out_of_range\" : \"\u062e\u0627\u0631\u062c \u0627\u0644\u0646\u0637\u0627\u0642: %1$s\"", "\"fallback_menu_item_share_link\" : \"Link teilen\"", "\"mtrl_badge_numberless_content_description\" : \"Th\u00f4ng b\u00e1o m\u1edbi\"", "\"abc_search_hint\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\u2026\"", "\"search_menu_title\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\"", "\"material_minute_suffix\" : \"Dakika %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Skakel oor na teksinvoermodus\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0585\"", "N12_GLOBAL__N_116itanium_demangle9ThrowExprE", "\"mtrl_picker_invalid_format_example\" : \"Esimerkki: %1$s\"", "\"common_google_play_services_install_text\" : \"%1$s ne\u0107e funkcionirati bez usluga Google Playa koje nisu instalirane na va\u0161em ure\u0111aju.\"", "\"abc_searchview_description_search\" : \"\u691c\u7d22\"", "\"mtrl_picker_announce_current_selection\" : \"\u0caa\u0ccd\u0cb0\u0cb8\u0ccd\u0ca4\u0cc1\u0ca4 \u0c86\u0caf\u0ccd\u0c95\u0cc6: %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u0c1a\u0c46\u0c32\u0c4d\u0c32\u0c28\u0c3f \u0c2a\u0c30\u0c3f\u0c27\u0c3f.\"", "\"abc_capital_on\" : \"AAN\"", "\"abc_search_hint\" : \"\u12ed\u1348\u120d\u1309\u2026\"", "\"common_google_play_services_enable_title\" : \"Attiva Google Play Services\"", "\"common_google_play_services_wear_update_text\" : \"Er is een nieuwe versie van Google Play-services vereist. De update wordt binnenkort automatisch uitgevoerd.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Palieskite, kad perjungtum\u0117te \u012f dienos pasirinkim\u0105\"", "\"fallback_menu_item_copy_link\" : \"Kopeeri link\"", "\"material_clock_toggle_content_description\" : \"V\u00e6lg AM eller PM\"", "\"password_toggle_content_description\" : \"Rodyti slapta\u017eod\u012f\"", "\"character_counter_overflowed_content_description\" : \"\u041f\u0440\u0435\u0432\u044b\u0448\u0435\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 (%1$d \u0438\u0437 %2$d)\"", "\"common_google_play_services_enable_button\" : \"Aktifkan\"", "\"abc_action_bar_up_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0438\u0440\u0430\u043d\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"fallback_menu_item_share_link\" : \"Kop\u012bgot saiti\"", "\"common_google_play_services_install_button\" : \"\u0a87\u0aa8\u0acd\u0ab8\u0acd\u0a9f\u0ac9\u0ab2 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u00a0\u2013 Enddatum\"", "\"abc_searchview_description_submit\" : \"\u63d0\u4ea4\u67e5\u8a62\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Canvia al mode d'introducci\u00f3 de text\"", "\"material_timepicker_minute\" : \"\u0425\u0432\u0438\u043b\u0438\u043d\u0430\"", "\"abc_shareactionprovider_share_with_application\" : \"Partilhar com a aplica\u00e7\u00e3o %s\"", "\"abc_searchview_description_query\" : \"Truy v\u1ea5n t\u00ecm ki\u1ebfm\"", "\"common_google_play_services_update_text\" : \"%1$s \u0924\u092c \u0924\u0915 \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u092c \u0924\u0915 \u0906\u092a Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u094b \u0905\u092a\u0921\u0947\u091f \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0947.\"", "\"mtrl_picker_date_header_unselected\" : \"Se\u00e7ilen tarih\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 lokadagur\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d-\u0d32\u0d27\u0d3f\u0d15\u0d02 \u0d2a\u0d41\u0d24\u0d3f\u0d2f \u0d05\u0d31\u0d3f\u0d2f\u0d3f\u0d2a\u0d4d\u0d2a\u0d41\u0d15\u0d7e\"", "\"abc_searchview_description_search\" : \"Hledat\"", "\"material_hour_selection\" : \"\u6642\u523b\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\"", "\"common_google_play_services_update_title\" : \"A\u017euriranje usluga Google Playa\"", "\"fallback_menu_item_open_in_browser\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u0443 \u043f\u0440\u0435\u0433\u043b\u0435\u0434\u0430\u0447\u0443\"", "\"common_google_play_services_wear_update_text\" : \"Se necesita una nueva versi\u00f3n de Servicios de Google Play. Se actualizar\u00e1 en breve.\"", "\"common_google_play_services_install_title\" : \"\u200f\u05e7\u05d1\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"abc_search_hint\" : \"Qidirish\u2026\"", "\"clear_text_end_icon_content_description\" : \"\u0d1f\u0d46\u0d15\u0d4d\u200c\u0d38\u0d4d\u200c\u0d31\u0d4d\u0d31\u0d4d \u0d2e\u0d3e\u0d2f\u0d4d\u200c\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Matn kiritish rejimiga o\u02bbtish\"", "\"abc_searchview_description_query\" : \"\u0ba4\u0bc7\u0b9f\u0bb2\u0bcd \u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bcd\"", "\"material_timepicker_hour\" : \"Oras\"", "\"material_hour_selection\" : \"\u0ab8\u0aae\u0aaf \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_date_header_title\" : \"Zgjidh dat\u00ebn\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d\u0aa5\u0ac0 \u0ab5\u0aa7\u0ac1 \u0aa8\u0ab5\u0abe \u0aa8\u0acb\u0a9f\u0abf\u0aab\u0abf\u0a95\u0ac7\u0ab6\u0aa8\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u09ab\u09b0\u09cd\u09ae\u09cd\u09af\u09be\u099f\u09c7 \u09b2\u09bf\u0996\u09c1\u09a8\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Prijelaz na na\u010din unosa u Kalendaru\"", "\"material_hour_suffix\" : \"%1$s en punto\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0435\u0433\u043b\u0435\u0434 \u043d\u0430 \u0432\u0441\u0438\u0447\u043a\u0438\"", "\"search_menu_title\" : \"\u691c\u7d22\"", "\"common_google_play_services_enable_button\" : \"\u0641\u0639\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7 %1$s \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0bbe\u0b9f\u0bc1 \u0b87\u0baf\u0b99\u0bcd\u0b95\u0bc1\u0bae\u0bcd. \u0b86\u0ba9\u0bbe\u0bb2\u0bcd, \u0b89\u0b99\u0bcd\u0b95\u0bb3\u0bcd \u0b9a\u0bbe\u0ba4\u0ba9\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b85\u0bb5\u0bc8 \u0b86\u0ba4\u0bb0\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bb5\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"fallback_menu_item_open_in_browser\" : \"M\u1edf trong tr\u00ecnh duy\u1ec7t\"", "\"icon_content_description\" : \"\ub300\ud654\uc0c1\uc790 \uc544\uc774\ucf58\"", "\"mtrl_picker_range_header_title\" : \"Izaberite period\"", "St13bad_exception", "\"abc_shareactionprovider_share_with\" : \"Jaga:\"", "\"mtrl_picker_a11y_next_month\" : \"Cambiar al mes siguiente\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Plus de %1$d\u00a0nouvelles notifications\"", "\"mtrl_badge_numberless_content_description\" : \"Novo obave\u0161tenje\"", "\"copy_toast_msg\" : \"\u0932\u093f\u0902\u0915 \u0915\u094d\u0932\u093f\u092a\u092c\u094b\u0930\u094d\u0921\u0935\u0930 \u0915\u0949\u092a\u0940 \u0915\u0947\u0932\u0940\"", "\"abc_action_bar_up_description\" : \"Navega cap amunt\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Kezd\u00e9s d\u00e1tuma \u2013 %1$s\"", "\"common_google_play_services_wear_update_text\" : \"N\u00fdja \u00fatg\u00e1fu af \u00fej\u00f3nustu Google Play vantar. H\u00fan uppf\u00e6rir sig sj\u00e1lf innan skamms.\"", "\"material_minute_suffix\" : \"%1$s minuter\"", "\"mtrl_picker_announce_current_selection\" : \"Huidige selectie: %1$s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Idethi yokuphela\"", "\"item_view_role_description\" : \"\u05de\u05e7\u05e9 Tab\"", "\"common_google_play_services_install_button\" : \"\u0646\u0635\u0628\"", "N10__cxxabiv120__function_type_infoE", "\"mtrl_picker_announce_current_selection\" : \"\u0dc0\u0dad\u0dca\u0db8\u0db1\u0dca \u0dad\u0dda\u0dbb\u0dd3\u0db8: %1$s\"", "\"abc_action_bar_up_description\" : \"\u0e01\u0e25\u0e31\u0e1a\"", "\"common_google_play_services_update_title\" : \"\u66f4\u65b0 Google Play \u670d\u52d9\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u2013pabaigos data\"", "\"abc_action_bar_home_description\" : \"\u1019\u1030\u101c\u1014\u1031\u101b\u102c\u1000\u102d\u102f \u1015\u103c\u1014\u103a\u101e\u103d\u102c\u1038\u101b\u1014\u103a\"", "\"item_view_role_description\" : \"\u0a9f\u0ac5\u0aac\"", "\"common_signin_button_text_long\" : \"Se connecter avec Google\"", "\"common_google_play_services_wear_update_text\" : \"\u12a0\u12f2\u1235 \u12e8Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1235\u122a\u1275 \u12eb\u1235\u1348\u120d\u130b\u120d\u1362 \u1260\u1245\u122d\u1261 \u12a5\u122b\u1231\u1295 \u12eb\u12d8\u121d\u1293\u120d\u1362\"", "\"common_open_on_phone\" : \"Openen op telefoon\"", "\"fallback_menu_item_open_in_browser\" : \"Ava brauseris\"", "\"abc_prepend_shortcut_label\" : \"Menu \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0a2a\u0a3f\u0a1b\u0a32\u0a47 \u0a2e\u0a39\u0a40\u0a28\u0a47 '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "unsigned long", "\"abc_action_bar_home_description\" : \"\u0cb9\u0ccb\u0cae\u0ccd\u200c\u0c97\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"mtrl_picker_date_header_title\" : \"Wybierz dat\u0119\"", "\"common_google_play_services_install_title\" : \"\u200f\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"abc_searchview_description_search\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\"", "\"abc_action_bar_up_description\" : \"Idite nagore\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0aa6\u0abf\u0ab5\u0ab8\u0aa8\u0ac0 \u0aaa\u0ab8\u0a82\u0aa6\u0a97\u0ac0 \u0aaa\u0ab0 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0ab5\u0abe \u0aae\u0abe\u0a9f\u0ac7 \u0a9f\u0ac5\u0aaa \u0a95\u0ab0\u0acb\"", "\"abc_prepend_shortcut_label\" : \"\u201eMenu\u201c +\"", "\"abc_searchview_description_voice\" : \"\u09ad\u09af\u09bc\u09c7\u09b8 \u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"material_timepicker_text_input_mode_description\" : \"Cambia al modo de entrada de texto para ingresar la hora.\"", "\"nav_app_bar_navigate_up_description\" : \"\u0a09\u0a71\u0a2a\u0a30 \u0a35\u0a71\u0a32 \u0a28\u0a48\u0a35\u0a40\u0a17\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"abc_shareactionprovider_share_with\" : \"Kop\u012bgot ar:\"", "N12_GLOBAL__N_116itanium_demangle14IntegerLiteralE", "\"common_google_play_services_notification_channel_name\" : \"Google Play xidm\u0259tl\u0259rinin \u0259l\u00e7atanl\u0131\u011f\u0131\"", "\"mtrl_picker_invalid_format_example\" : \"P\u0159\u00edklad: %1$s\"", "\"fallback_menu_item_copy_link\" : \"\u041a\u043e\u043f\u0438\u0440\u0430\u0458 \u043b\u0438\u043d\u043a\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play Palveluiden saatavuus\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Canvia al mode d'introducci\u00f3 de dades del calendari\"", "\"abc_searchview_description_search\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"mtrl_picker_a11y_prev_month\" : \"\u04e8\u043c\u043d\u04e9\u0445 \u0441\u0430\u0440 \u043b\u0443\u0443 \u04e9\u04e9\u0440\u0447\u043b\u04e9\u0445\"", "\"common_google_play_services_install_title\" : \"Merr sh\u00ebrbimet e \"Luaj me Google\"\"", "\"common_google_play_services_install_title\" : \"A Google Play-szolg\u00e1ltat\u00e1sok beszerz\u00e9se\"", "\"mtrl_picker_date_header_unselected\" : \"Vybran\u00e9 datum\"", "\"common_google_play_services_updating_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0648 \u0641\u06cc \u0627\u0644\u062d\u0627\u0644 \u0627\u067e \u0688\u06cc\u0679 \u06c1\u0648 \u0631\u06c1\u06cc \u06c1\u06cc\u06ba\u06d4\"", "\"mtrl_picker_date_header_unselected\" : \"Izbrani datum\"", "\"nav_app_bar_open_drawer_description\" : \"\u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u06a9\u0634\u0648\u06cc \u067e\u06cc\u0645\u0627\u06cc\u0634\"", "\"common_google_play_services_update_button\" : \"\u0905\u092a\u0921\u0947\u091f \u0915\u0930\u093e\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Tanggal akhir\"", "\"abc_menu_enter_shortcut_label\" : \"Eingabetaste\"", "\"common_signin_button_text_long\" : \"Logi sisse Google'i kontoga\"", "\"abc_menu_enter_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200eenter\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_install_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care lipsesc de pe dispozitivul dvs.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Appuyer pour s\u00e9lectionner une ann\u00e9e\"", "\"mtrl_chip_close_icon_content_description\" : \"\u041c\u0430\u0437\u043c\u0443\u043d\u0434\u0443 \u0430\u043b\u044b\u043f \u0441\u0430\u043b\u0443\u0443 (%1$s)\"", "\"mtrl_picker_a11y_next_month\" : \"\u8b8a\u66f4\u81f3\u4e0b\u500b\u6708\"", "\"common_google_play_services_update_text\" : \"\u0986\u09aa\u09c1\u09a8\u09bf Google Play \u09b8\u09c7\u09f1\u09be\u09ac\u09cb\u09f0 \u0986\u09aa\u09a1\u09c7\u099f \u09a8\u0995\u09f0\u09be\u09b2\u09c8\u0995\u09c7 %1$s \u09a8\u099a\u09b2\u09bf\u09ac\u0964\"", "\"common_google_play_services_install_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 v\u00a0za\u0159\u00edzen\u00ed nem\u00e1te.\"", "\"nav_app_bar_navigate_up_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05de\u05e2\u05dc\u05d4\"", "\"common_google_play_services_enable_button\" : \"\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c\"", "\"mtrl_picker_invalid_format\" : \"Formato no v\u00e1lido\"", "\"mtrl_picker_navigate_to_year_description\" : \"Pomik na leto %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"Brauzerd\u0259 a\u00e7\u0131n\"", "\"mtrl_picker_announce_current_selection\" : \"Current selection: %1$s\"", "\"material_hour_selection\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0447\u0430\u0441\"", "\"material_hour_suffix\" : \"%1$s\u00a0en punto\"", "\"item_view_role_description\" : \"Kartica\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u8f15\u6309\u4ee5\u5207\u63db\u81f3\u9078\u64c7\u65e5\u671f\"", "\"common_google_play_services_updating_text\" : \"%1$s ne fonctionnera pas sans les services Google Play, qui sont actuellement mis \u00e0 jour.\"", "\"mtrl_picker_range_header_title\" : \"Khetha Ibanga\"", "\"mtrl_badge_numberless_content_description\" : \"\u12a0\u12f2\u1235 \u121b\u1233\u12c8\u1242\u12eb\"", "\"dev_env\" : \"https://admin:password123@dev.infosecadventures.com\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - fecha de finalizaci\u00f3n\"", "\"material_minute_suffix\" : \"%1$s\u00a0minutos\"", "\"mtrl_picker_range_header_title\" : \"\u12ad\u120d\u120d \u12ed\u121d\u1228\u1321\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0a28\u0a42\u0a70 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a3e\u0a32 \u0a38\u0a2e\u0a71\u0a38\u0a3f\u0a06 \u0a06 \u0a30\u0a39\u0a40 \u0a39\u0a48\u0964 \u0a15\u0a3f\u0a30\u0a2a\u0a3e \u0a15\u0a30\u0a15\u0a47 \u0a26\u0a41\u0a2c\u0a3e\u0a30\u0a3e \u0a15\u0a4b\u0a38\u0a3c\u0a3f\u0a38\u0a3c \u0a15\u0a30\u0a4b\u0964\"", "\"nav_app_bar_navigate_up_description\" : \"Desprazarse cara arriba\"", "\"abc_toolbar_collapse_description\" : \"\u0411\u0443\u0443\u043b\u0433\u0430\u0445\"", "\"common_google_play_services_enable_title\" : \"\u542f\u7528 Google Play \u670d\u52a1\"", "\"common_google_play_services_notification_ticker\" : \"Erreur li\u00e9e aux services Google\u00a0Play\"", "\"common_google_play_services_enable_button\" : \"\u0418\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0b89\u0bb0\u0bc8 \u0b89\u0bb3\u0bcd\u0bb3\u0bc0\u0b9f\u0bcd\u0b9f\u0bc1 \u0bae\u0bc1\u0bb1\u0bc8\u0b95\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s\u0995 \u0986\u0981\u09a4\u09f0\u09be\u0993\u0995\"", "\"abc_menu_delete_shortcut_label\" : \"kustuta\"", "\"mtrl_picker_invalid_range\" : \"\u65e5\u671f\u7bc4\u570d\u7121\u6548\u3002\"", "\"material_timepicker_hour\" : \"\u0e8a\u0ebb\u0ec8\u0ea7\u0ec2\u0ea1\u0e87\"", "\"material_minute_selection\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u062f\u0642\u06cc\u0642\u0647\"", "\"abc_searchview_description_clear\" : \"\u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40 \u0b16\u0b3e\u0b32\u0b3f \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"error_icon_content_description\" : \"\u1235\u1205\u1270\u1275\"", "\"mtrl_picker_text_input_date_hint\" : \"\u101b\u1000\u103a\u1005\u103d\u1032\"", "\"abc_action_bar_home_description\" : \"\u8f6c\u5230\u9996\u9875\"", "\"abc_activity_chooser_view_see_all\" : \"Tout afficher\"", "\"abc_activitychooserview_choose_application\" : \"\u0d06\u0d2a\u0d4d\u0d2a\u0d4d \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services-fout\"", "\"abc_search_hint\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\u2026\"", "\"abc_action_menu_overflow_description\" : \"\u0ab5\u0aa7\u0ac1 \u0ab5\u0abf\u0a95\u0ab2\u0acd\u0aaa\u0acb\"", "\"abc_action_menu_overflow_description\" : \"Tov\u00e1bbi lehet\u0151s\u00e9gek\"", "\"material_timepicker_select_time\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ec0\u0ea7\u200b\u0ea5\u0eb2\"", "\"abc_capital_on\" : \"SEES\"", "\"mtrl_picker_announce_current_selection\" : \"Cari se\u00e7im: %1$s\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ngeke isebenze ngaphandle kwamasevisi e-Google Play, angasekelwa idivayisi yakho.\"", "\"abc_search_hint\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\u2026\"", "\"common_google_play_services_notification_ticker\" : \"Fel p\u00e5 Google Play-tj\u00e4nster\"", "\"common_google_play_services_install_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10d4\u10da\u10d8\u10ea \u10d0\u10d9\u10da\u10d8\u10d0 \u10d7\u10e5\u10d5\u10d4\u10dc\u10e1 \u10db\u10dd\u10ec\u10e7\u10dd\u10d1\u10d8\u10da\u10dd\u10d1\u10d0\u10e1.\"", "\"icon_content_description\" : \"\u5c0d\u8a71\u65b9\u584a\u5716\u793a\"", "reinterpret_cast", "\"common_google_play_services_notification_channel_name\" : \"Disp. de los Servicios de Google\u200c\u200c\u200c\u00a0Play\"", "\"character_counter_content_description\" : \"\u0423\u0432\u0435\u0434\u0437\u0435\u043d\u0430 \u0441\u0456\u043c\u0432\u0430\u043b\u0430\u045e: %1$d \u0437 %2$d\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Mahigit %1$d (na) bagong notification\"", "\"abc_searchview_description_clear\" : \"Ta bort fr\u00e5gan\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0544\u0565\u056f\u0576\u0561\u0580\u056f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568 \u2013 %1$s\"", "\"fallback_menu_item_share_link\" : \"\u10d1\u10db\u10e3\u10da\u10d8\u10e1 \u10d2\u10d0\u10d6\u10d8\u10d0\u10e0\u10d4\u10d1\u10d0\"", "\"fallback_menu_item_open_in_browser\" : \"\u041e\u0442\u0432\u0430\u0440\u044f\u043d\u0435 \u0432 \u0431\u0440\u0430\u0443\u0437\u044a\u0440\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d+ \u0baa\u0bc1\u0ba4\u0bbf\u0baf \u0b85\u0bb1\u0bbf\u0bb5\u0bbf\u0baa\u0bcd\u0baa\u0bc1\u0b95\u0bb3\u0bcd\"", "\"fallback_menu_item_copy_link\" : \"\u0425\u043e\u043b\u0431\u043e\u043e\u0441\u044b\u0433 \u0445\u0443\u0443\u043b\u0430\u0445\"", "\"mtrl_chip_close_icon_content_description\" : \"Fjarl\u00e6gja %1$s\"", "\"mtrl_picker_range_header_title\" : \"\u0930\u0947\u0902\u091c \u0928\u093f\u0935\u0921\u093e\"", "\"mtrl_picker_date_header_title\" : \"S\u00e9lectionnez la date\"", "\"abc_activity_chooser_view_see_all\" : \"Prika\u017ei sve\"", "\"mtrl_picker_save\" : \"\u0938\u0947\u0935\u094d\u0939 \u0915\u0930\u093e\"", "\"common_google_play_services_notification_ticker\" : \"Hitilafu kwenye huduma za Google Play\"", "\"abc_capital_on\" : \"\u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"material_hour_suffix\" : \"%1$s \u0433\u043e\u0434\"", "\"nav_app_bar_navigate_up_description\" : \"\u4e0a\u3078\u79fb\u52d5\"", "\"mtrl_picker_out_of_range\" : \"Chegaradan tashqari: %1$s\"", "\"common_open_on_phone\" : \"\u0d2b\u0d4b\u0d23\u0d3f\u0d7d \u0d24\u0d41\u0d31\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"copy_toast_msg\" : \"Veza je kopirana u me\u0111uspremnik\"", "\"bottomsheet_action_expand_halfway\" : \"Desplegar hasta la mitad\"", "\"mtrl_picker_invalid_format\" : \"\u041d\u0435\u0434\u0456\u0439\u0441\u043d\u0438\u0439 \u0444\u043e\u0440\u043c\u0430\u0442.\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0938\u0915\u094d\u0937\u092e \u092a\u093e\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"character_counter_overflowed_content_description\" : \"Karaktere-muga gainditu da: %1$d/%2$d\"", "\"mtrl_badge_numberless_content_description\" : \"\u0416\u0430\u04a3\u044b \u0431\u0438\u043b\u0434\u0438\u0440\u043c\u0435\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\ud14d\uc2a4\ud2b8 \uc785\ub825 \ubaa8\ub4dc\ub85c \uc804\ud658\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u045e\u0432\u0435\u0440\u0445\"", "\"fallback_menu_item_open_in_browser\" : \"\u09ac\u09cd\u09f0\u09be\u0989\u099c\u09be\u09f0\u09a4 \u0996\u09cb\u09b2\u0995\"", "\"abc_activitychooserview_choose_application\" : \"Scelta di un'app\"", "\"mtrl_badge_numberless_content_description\" : \"Uus m\u00e4rguanne\"", "\"abc_action_bar_up_description\" : \"Zulazulela phezulu\"", "\"mtrl_picker_invalid_range\" : \"\u1787\u17bd\u179a\u200b\u1798\u17b7\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17d2\u179a\u17bc\u179c\u1791\u17c1\u17d4\"", "\"icon_content_description\" : \"Ikon Dialog\"", "N12_GLOBAL__N_116itanium_demangle16FloatLiteralImplIfEE", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl\u00a0+\u00a0\"", "\"abc_searchview_description_clear\" : \"\u0645\u062d\u0648 \u0637\u0644\u0628 \u0627\u0644\u0628\u062d\u062b\"", "\"mtrl_picker_invalid_format_use\" : \"\u0ec3\u0e8a\u0ec9: %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"\u0cac\u0ccd\u0cb0\u0ccc\u0cb8\u0cb0\u0ccd\u200c\u0ca8\u0cb2\u0ccd\u0cb2\u0cbf \u0ca4\u0cc6\u0cb0\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"password_toggle_content_description\" : \"Parooli kuvamine\"", "\"mtrl_picker_date_header_title\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u062a\u0627\u0631\u06cc\u062e\"", "\"material_hour_selection\" : \"Vybra\u0165 hodinu\"", "\"mtrl_picker_navigate_to_year_description\" : \"Gaan na jaar %1$s\"", "\"material_minute_suffix\" : \"%1$s\u5206\"", "\"password_toggle_content_description\" : \"Afi\u0219a\u021bi parola\"", "\"material_hour_selection\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10e1\u10d0\u10d0\u10d7\u10d8\"", "\"abc_menu_delete_shortcut_label\" : \"\u0939\u091f\u0935\u093e\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0938\u0941\u0930\u0942 \u0939\u094b\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916 \u2013 %1$s\"", "\"abc_capital_off\" : \"DESACTIVADO\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u30c6\u30ad\u30b9\u30c8\u5165\u529b\u30e2\u30fc\u30c9\u306b\u5207\u308a\u66ff\u3048\"", "\"clear_text_end_icon_content_description\" : \"\u099f\u09c7\u0995\u09cd\u09b8\u099f \u09ae\u09c1\u099b\u09c1\u09a8\"", "\"abc_menu_enter_shortcut_label\" : \"retur\"", "\"abc_searchview_description_clear\" : \"\u0421\u04b1\u0440\u0430\u0443\u0434\u044b \u04e9\u0448\u0456\u0440\u0443\"", "\"abc_searchview_description_search\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_unknown_issue\" : \"Aplikacija %1$s ima problema s Google Play uslugama. Poku\u0161ajte ponovo.\"", "\"abc_action_menu_overflow_description\" : \"Jo\u0161 opcija\"", "\"mtrl_picker_date_header_title\" : \"\u09a4\u09be\u09b0\u09bf\u0996 \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"clear_text_end_icon_content_description\" : \"\u0645\u062d\u0648 \u0627\u0644\u0646\u0635\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0436\u044b\u043b\u044b\u043d\u0430 \u0436\u044b\u043b\u0436\u0443\"", "\"mtrl_picker_range_header_title\" : \"\u041c\u0443\u0436 \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"abc_shareactionprovider_share_with_application\" : \"\u1208%s \u12a0\u130b\u122b\"", "\"abc_shareactionprovider_share_with\" : \"\u041f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s\u1295 \u12a0\u1235\u12c8\u130d\u12f5\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e0 di Google Play Services\"", "abort_message", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0395\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03b7 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03af\u03b1 \u03b5\u03b9\u03c3\u03b1\u03b3\u03c9\u03b3\u03ae\u03c2 \u03ba\u03b5\u03b9\u03bc\u03ad\u03bd\u03bf\u03c5\"", "\"mtrl_picker_toggle_to_year_selection\" : \"'\u0c38\u0c02\u0c35\u0c24\u0c4d\u0c38\u0c30\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c0e\u0c02\u0c2a\u0c3f\u0c15 \u0c1a\u0c47\u0c38\u0c41\u0c15\u0c4b\u0c35\u0c21\u0c02'\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c21\u0c3e\u0c28\u0c3f\u0c15\u0c3f \u0c28\u0c4a\u0c15\u0c4d\u0c15\u0c02\u0c21\u0c3f\"", "\"mtrl_picker_range_header_title\" : \"\u05d9\u05e9 \u05dc\u05d1\u05d7\u05d5\u05e8 \u05d8\u05d5\u05d5\u05d7\"", "\"password_toggle_content_description\" : \"\u0eaa\u0eb0\u0ec1\u0e94\u0e87\u0ea5\u0eb0\u0eab\u0eb1\u0e94\u0e9c\u0ec8\u0eb2\u0e99\"", "\"status_bar_notification_info_overflow\" : \">999\"", "\"copy_toast_msg\" : \"Imenakili kiungo kwenye ubao wa kunakili\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 End date\"", "\"copy_toast_msg\" : \"Link copied to clipboard\"", "std::nullptr_t", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u0438 \u0441\u043f\u0430\u0434\u043d\u0435 \u043c\u0435\u043d\u044e\"", "\"mtrl_picker_invalid_format\" : \"Yanl\u0131\u015f format.\"", "\"fallback_menu_item_share_link\" : \"Condividi link\"", "\"common_google_play_services_enable_button\" : \"Inschakelen\"", "\"common_google_play_services_enable_text\" : \"%1$s non funzioner\u00e0 se non attivi Google Play Services.\"", "\"common_open_on_phone\" : \"Telefonda a\u00e7\u0131n\"", "\"mtrl_picker_date_header_title\" : \"\u0418\u0437\u0431\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"mtrl_picker_invalid_range\" : \"Intervalo inv\u00e1lido.\"", "\"common_google_play_services_enable_button\" : \"Povoli\u0165\"", "\"common_google_play_services_enable_button\" : \"\u0544\u056b\u0561\u0581\u0576\u0565\u056c\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Kliknij, by wybra\u0107 dzie\u0144\"", "\"mtrl_picker_invalid_format_use\" : \"Haszn\u00e1lja ezt: %1$s\"", "\"abc_action_bar_home_description\" : \"\u200b\u1791\u17c5\u1791\u17c6\u1796\u17d0\u179a\u178a\u17be\u1798\"", "\"abc_searchview_description_clear\" : \"Izbri\u0161i upit\"", "\"clear_text_end_icon_content_description\" : \"\u05de\u05d7\u05d9\u05e7\u05ea \u05d4\u05d8\u05e7\u05e1\u05d8\"", "\"common_open_on_phone\" : \"\u5728\u624b\u6a5f\u958b\u555f\"", "\"common_google_play_services_enable_button\" : \"Omogo\u010di\"", "\"mtrl_picker_day_of_week_column_header\" : \"Sloupec dn\u016f: %1$s\"", "\"abc_menu_shift_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200eShift+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_invalid_range\" : \"\u00c9rv\u00e9nytelen tartom\u00e1ny.\"", "\"material_hour_suffix\" : \"%1$s em ponto\"", "\"nav_app_bar_navigate_up_description\" : \"Omhoog navigeren\"", "\"material_minute_suffix\" : \"%1$s minutes\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Toque para alternar para a sele\u00e7\u00e3o de um ano\"", "\"common_google_play_services_enable_button\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0e99\u0eb3\u0ec3\u0e8a\u0ec9\"", "\"mtrl_picker_navigate_to_year_description\" : \"Naar jaar %1$s navigeren\"", "\"abc_searchview_description_submit\" : \"\u0627\u0633\u062a\u0641\u0633\u0627\u0631 \u062c\u0645\u0639 \u06a9\u0631\u0627\u0626\u06cc\u06ba\"", "\"fallback_menu_item_open_in_browser\" : \"\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435\"", "\"material_timepicker_clock_mode_description\" : \"Kalo te modaliteti i or\u00ebs p\u00ebr hyrjen e koh\u00ebs.\"", "\"copy_toast_msg\" : \"Lidhja u kopjua n\u00eb kujtes\u00ebn e fragmenteve\"", "\"common_google_play_services_enable_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas activ\u00e9 les services Google Play.\"", "\"nav_app_bar_navigate_up_description\" : \"Nar\u0161yti auk\u0161tyn\"", "\"character_counter_overflowed_content_description\" : \"Se excedi\u00f3 en %1$d el l\u00edmite de caracteres de %2$d\"", "\"material_minute_selection\" : \"\u5206\u3092\u9078\u629e\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1794\u1789\u17d2\u1785\u1794\u17cb\"", "\"mtrl_picker_range_header_unselected\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e40\u0e23\u0e34\u0e48\u0e21\u0e15\u0e49\u0e19 \u2013 \u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e2a\u0e34\u0e49\u0e19\u0e2a\u0e38\u0e14\"", "\"material_minute_suffix\" : \"%1$s (na) minuto\"", "\"character_counter_overflowed_content_description\" : \"\u0e40\u0e01\u0e34\u0e19\u0e08\u0e33\u0e19\u0e27\u0e19\u0e2d\u0e31\u0e01\u0e02\u0e23\u0e30\u0e2a\u0e39\u0e07\u0e2a\u0e38\u0e14 %1$d \u0e08\u0e32\u0e01 %2$d\"", "\"common_google_play_services_updating_text\" : \"%1$s sal nie sonder Google Play-dienste werk nie, wat tans opdateer.\"", "\"common_google_play_services_install_button\" : \"\u012ediegti\"", "\"search_menu_title\" : \"Ie\u0161koti\"", "\"abc_search_hint\" : \"\u0936\u094b\u0927\u093e\u2026\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Peste %1$d notific\u0103ri noi\"", "\"common_google_play_services_enable_title\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\u062f\u06cc\u062f\u0646 \u0647\u0645\u0647\"", "\"fallback_menu_item_open_in_browser\" : \"Atidaryti nar\u0161ykl\u0117je\"", "\"common_google_play_services_notification_ticker\" : \"Erro nos servizos de Google Play\"", "\"abc_action_bar_home_description\" : \"P\u0159ej\u00edt na plochu\"", "\"common_google_play_services_update_title\" : \"Aggiorna Google Play Services\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03bb\u03ae\u03be\u03b7\u03c2\"", "\"abc_searchview_description_submit\" : \"P\u00e4ringu esitamine\"", "\"material_timepicker_minute\" : \"\u5206\u949f\"", "\"common_open_on_phone\" : \"Otvori na telefonu\"", "\"material_hour_selection\" : \"\u0538\u0576\u057f\u0580\u0565\u056c \u056a\u0561\u0574\u0568\"", "\"material_timepicker_minute\" : \"\ubd84\"", "\"common_google_play_services_updating_text\" : \"%1$s \u12eb\u1208 Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1230\u122b\u121d\u1363 \u12a5\u1290\u1231 \u12f0\u130d\u121e \u1260\u12a0\u1201\u1291 \u130a\u12dc \u1260\u1218\u12d8\u1218\u1295 \u120b\u12ed \u1293\u1278\u12cd\u1362\"", "\"abc_action_mode_done\" : \"\u092a\u0942\u0930\u094d\u0923 \u091d\u093e\u0932\u0947\"", "\"mtrl_picker_date_header_unselected\" : \"Date s\u00e9lectionn\u00e9e\"", "\"mtrl_picker_save\" : \"\u101e\u102d\u1019\u103a\u1038\u101b\u1014\u103a\"", "\"common_google_play_services_install_title\" : \"Preuzimanje usluga Google Playa\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d46 \u0d2a\u0d3f\u0d36\u0d15\u0d4d\"", "\"mtrl_picker_invalid_format\" : \"\u0a05\u0a35\u0a48\u0a27 \u0a2b\u0a3e\u0a30\u0a2e\u0a48\u0a1f\u0964\"", "\"common_google_play_services_update_button\" : \"\u062a\u062d\u062f\u064a\u062b\"", "\"common_google_play_services_enable_text\" : \"%1$s fungerer ikke med mindre du sl\u00e5r p\u00e5 Google Play-tjenester.\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u05e2\u05de\u05d5\u05d3\u05d4 \u05e9\u05dc \u05d9\u05de\u05d9\u05dd: %1$s\"", "\"nav_app_bar_open_drawer_description\" : \"\u041e\u0442\u0432\u0430\u0440\u044f\u043d\u0435 \u043d\u0430 \u0441\u043b\u043e\u044f \u0437\u0430 \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u044f\"", "\"mtrl_picker_invalid_format\" : \"\u0e23\u0e39\u0e1b\u0e41\u0e1a\u0e1a\u0e44\u0e21\u0e48\u0e16\u0e39\u0e01\u0e15\u0e49\u0e2d\u0e07\"", "\"common_google_play_services_enable_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u179b\u17bb\u17c7\u178f\u17d2\u179a\u17b6\u178f\u17c2\u17a2\u17d2\u1793\u1780\u1794\u17be\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4\"", "\"material_timepicker_select_time\" : \"Seleccionar hora\"", "\"common_open_on_phone\" : \"\u0cab\u0ccb\u0ca8\u0ccd\u200c\u0ca8\u0cb2\u0ccd\u0cb2\u0cbf \u0ca4\u0cc6\u0cb0\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"common_google_play_services_update_button\" : \"Aktualisieren\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u0441\u0432\u0435\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \uc11c\ube44\uc2a4 \uc0ac\uc6a9 \uac00\ub2a5 \uc5ec\ubd80\"", "construction vtable for ", "\"mtrl_picker_date_header_title\" : \"\u0ba4\u0bc7\u0ba4\u0bbf\u0baf\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"material_hour_selection\" : \"Khetha ihora\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0570\u0561\u057d\u0561\u0576\u0565\u056c\u056b\u0578\u0582\u0569\u0575\u0578\u0582\u0576\"", "\"material_timepicker_clock_mode_description\" : \"\u1021\u1001\u103b\u102d\u1014\u103a\u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u1019\u103e\u102f\u1021\u1010\u103d\u1000\u103a \u1014\u102c\u101b\u102e\u1019\u102f\u1012\u103a\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u1015\u102b\u104b\"", "\"bottomsheet_action_expand_halfway\" : \"Zur H\u00e4lfte maximieren\"", "\"mtrl_picker_out_of_range\" : \"Nje ya kipindi: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"\uacf5\uc720 \ub300\uc0c1:\"", "\"abc_search_hint\" : \"Ara\u2026\"", "N12_GLOBAL__N_116itanium_demangle19PointerToMemberTypeE", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Kalo te modaliteti i \"Hyrjes s\u00eb tekstit\"\"", "\"search_menu_title\" : \"Telusuri\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c, \u043f\u0430\u043a\u0443\u043b\u044c \u0432\u044b \u043d\u0435 \u0430\u0431\u043d\u043e\u0432\u0456\u0446\u0435 \u0441\u043b\u0443\u0436\u0431\u044b Google Play.\"", "\"material_minute_suffix\" : \"%1$s \u092e\u093f\u0928\u093f\u091f\u0947\"", "\"abc_toolbar_collapse_description\" : \"Skjul\"", "\"material_hour_suffix\" : \"%1$s \u0447.\"", "\"material_timepicker_hour\" : \"Saa\"", "\"material_timepicker_pm\" : \"\u039c\u039c\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d\u099f\u09bf\u09b0 \u09ac\u09c7\u09b6\u09bf \u09a8\u09a4\u09c1\u09a8 \u09ac\u09bf\u099c\u09cd\u099e\u09aa\u09cd\u09a4\u09bf\"", "\"common_google_play_services_enable_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u0641\u0639\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"exposed_dropdown_menu_content_description\" : \"Leg\u00f6rd\u00fcl\u0151 men\u00fc megjelen\u00edt\u00e9se\"", "\"search_menu_title\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1019\u103e\u102f\"", "\"item_view_role_description\" : \"\u6807\u7b7e\u9875\"", "\"mtrl_picker_range_header_selected\" : \"%1$s - %2$s\"", "const_cast", "\"common_google_play_services_update_button\" : \"\u1021\u1015\u103a\u1012\u102d\u1010\u103a\"", "\"material_hour_selection\" : \"Vyberte hodinu\"", "\"material_clock_toggle_content_description\" : \"Pilih AM atau PM\"", "\"common_google_play_services_install_title\" : \"Thola amasevisi we-Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"Mostra-ho tot\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Aldatu testua idazteko modura\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Skakel oor na kalenderinvoermodus\"", "\"material_timepicker_pm\" : \"pm\"", "\"abc_capital_on\" : \"\u0ec0\u0e9b\u0eb5\u0e94\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0d9a\u0dbd\u0dd2\u0db1\u0dca \u0db8\u0dcf\u0dc3\u0dba\u0da7 \u0dc0\u0dd9\u0db1\u0dc3\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_search_hint\" : \"Maghanap\u2026\"", "\"mtrl_picker_navigate_to_year_description\" : \"Joan %1$s. urtera\"", "\"abc_menu_space_shortcut_label\" : \"\uc2a4\ud398\uc774\uc2a4\ubc14\"", "\"mtrl_picker_announce_current_selection\" : \"Ge\u00e7erli se\u00e7im: %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s entfernen\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Passer au mode de saisie Texte\"", "\"mtrl_picker_invalid_range\" : \"Plage non valide.\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0430\u0440\u043a\u044b\u043b\u0443\u0443 \u0431\u04e9\u043b\u04af\u0448\u04af\u04af\"", "\"abc_toolbar_collapse_description\" : \"\u0b9a\u0bc1\u0bb0\u0bc1\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"abc_searchview_description_search\" : \"\uac80\uc0c9\"", "\"character_counter_content_description\" : \"%1$d caratteri inserirti su %2$d\"", "\"material_timepicker_pm\" : \"\u4e0b\u5348\"", "\"common_google_play_services_notification_ticker\" : \"Iphutha lamasevisi we-Google Play\"", "\"abc_searchview_description_clear\" : \"X\u00f3a truy v\u1ea5n\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u0436\u0430\u04a3\u044b \u0432\u0435\u0440\u0441\u0438\u044f\u0441\u044b \u0442\u0430\u043b\u0430\u043f \u043a\u044b\u043b\u044b\u043d\u0430\u0442. \u0411\u0438\u0440 \u0430\u0437\u0434\u0430\u043d \u043a\u0438\u0439\u0438\u043d \u0430\u043b \u04e9\u0437\u04af \u044d\u043b\u0435 \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u0430\u0442.\"", "\"abc_shareactionprovider_share_with\" : \"Trimite\u021bi la\"", "\"material_timepicker_select_time\" : \"Vaqtni tanlang\"", "\"mtrl_picker_announce_current_selection\" : \"\u0411\u044f\u0433\u0443\u0447\u0430\u0435 \u0432\u044b\u043b\u0443\u0447\u044d\u043d\u043d\u0435: %1$s\"", "\"abc_prepend_shortcut_label\" : \"Kieslys+\"", "\"abc_searchview_description_search\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"abc_searchview_description_voice\" : \"Penelusuran suara\"", "\"material_timepicker_minute\" : \"\u0645\u0646\u0679\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Ng\u00e0y b\u1eaft \u0111\u1ea7u \u2013 %1$s\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u9808\u66f4\u65b0\u300cGoogle Play \u670d\u52d9\u300d\uff0c\u624d\u80fd\u57f7\u884c %1$s\u3002\"", "\"mtrl_picker_out_of_range\" : \"Fuera del periodo v\u00e1lido: %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Skipta yfir \u00ed innf\u00e6rslua\u00f0fer\u00f0 fyrir texta\"", "\"material_timepicker_clock_mode_description\" : \"\u0938\u092e\u092f \u0907\u0928\u092a\u0941\u091f \u0915\u0947 \u0932\u093f\u090f \u0918\u0921\u093c\u0940 \u092e\u094b\u0921 \u092a\u0930 \u091c\u093e\u090f\u0902.\"", "\"character_counter_content_description\" : \"Eingegebene Zeichen: %1$d von %2$d\"", "\"abc_capital_on\" : \"BE\"", "\"exposed_dropdown_menu_content_description\" : \"\u0551\u0578\u0582\u0575\u0581 \u057f\u0561\u056c \u056b\u057b\u0576\u0578\u0572 \u0568\u0576\u057f\u0580\u0561\u0581\u0561\u0576\u056f\u0568\"", "\"mtrl_picker_a11y_prev_month\" : \"\u8b8a\u66f4\u81f3\u4e0a\u500b\u6708\"", "N12_GLOBAL__N_116itanium_demangle20PostfixQualifiedTypeE", "sizeof...(", "\"common_google_play_services_update_title\" : \"P\u00ebrdit\u00ebso sh\u00ebrbimet e \"Luaj me Google\"\"", "\"mtrl_picker_range_header_title\" : \"\u0930\u0947\u0902\u091c \u091a\u0941\u0928\u0947\u0902\"", "\"abc_searchview_description_search\" : \"Tafuta\"", "\"abc_menu_shift_shortcut_label\" : \"Shift+\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s\u0c38\u0c02\u0c35\u0c24\u0c4d\u0c38\u0c30\u0c3e\u0c28\u0c3f\u0c15\u0c3f \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0d89\u0dc0\u0dad\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_unsupported_text\" : \"O app %1$s n\u00e3o funciona sem o Google Play Services, o qual n\u00e3o \u00e9 compat\u00edvel com seu dispositivo.\"", "\"icon_content_description\" : \"\u0ca1\u0cc8\u0cb2\u0cbe\u0c97\u0ccd \u0c90\u0c95\u0cbe\u0ca8\u0ccd\"", "\"material_timepicker_select_time\" : \"\u0423\u0431\u0430\u043a\u044b\u0442 \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Du (date de d\u00e9but) au %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0645\u062a\u0646\u06cc \u0627\u0646 \u067e\u0679 \u0648\u0636\u0639 \u067e\u0631 \u0633\u0648\u0626\u0686 \u06a9\u0631\u06cc\u06ba\"", "\"abc_capital_off\" : \"DESACTIVA\"", "\"abc_action_mode_done\" : \"Conclu\u00eddo\"", "\"mtrl_picker_date_header_unselected\" : \"\u0395\u03c0\u03b9\u03bb\u03b5\u03b3\u03bc\u03ad\u03bd\u03b7 \u03b7\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0a9f\u0ac7\u0a95\u0acd\u0ab8\u0acd\u0a9f \u0a87\u0aa8\u0aaa\u0ac1\u0a9f \u0aae\u0acb\u0aa1 \u0aaa\u0ab0 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_date_header_title\" : \"\u041e\u0433\u043d\u043e\u043e \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"mtrl_chip_close_icon_content_description\" : \"Elt\u00e1vol\u00edt\u00e1s (%1$s)\"", ") ? (", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Valitse sy\u00f6tt\u00f6tavaksi teksti\"", "\"item_view_role_description\" : \"Scheda\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041d\u043e\u0432\u044b\u0445 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0439 \u0431\u043e\u043b\u044c\u0448\u0435 %1$d\"", "\"common_google_play_services_enable_text\" : \"%1$s virkar ekki nema \u00fe\u00fa gerir \u00fej\u00f3nustu Google Play virka.\"", "\"abc_menu_sym_shortcut_label\" : \"Sym\u00a0+\"", "\"common_google_play_services_install_button\" : \"Instalovat\"", "decimal128", "\"mtrl_picker_text_input_day_abbr\" : \"e\"", "\"common_google_play_services_enable_button\" : \"\u091a\u093e\u0932\u0942 \u0915\u0930\u0947\u0902\"", "\"abc_capital_on\" : \"\u091a\u093e\u0932\u0942\"", "\"mtrl_picker_range_header_title\" : \"\u0cb6\u0ccd\u0cb0\u0cc7\u0ca3\u0cbf\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"material_minute_selection\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e99\u0eb2\u200b\u0e97\u0eb5\"", "\"abc_menu_delete_shortcut_label\" : \"slet\"", "\"mtrl_picker_range_header_unselected\" : \"\u0a38\u0a3c\u0a41\u0a30\u0a42\u0a06\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16 \u2013 \u0a38\u0a2e\u0a3e\u0a2a\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16\"", "\"abc_searchview_description_clear\" : \"\u1218\u1320\u12ed\u1245 \u12a0\u133d\u12f3\"", "\"fallback_menu_item_share_link\" : \"Shiriki kiungo\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Beralih kepada mod input teks\"", "N12_GLOBAL__N_116itanium_demangle22ElaboratedTypeSpefTypeE", "\"abc_searchview_description_voice\" : \"Paie\u0161ka balsu\"", "\"common_google_play_services_update_text\" : \"Hindi gagana ang %1$s maliban kung i-a-update mo ang mga serbisyo ng Google Play.\"", "\"common_google_play_services_install_title\" : \"Kry Google Play-dienste\"", "u8__uuidofz", "\"item_view_role_description\" : \"\u091f\u0948\u092c\"", "\"exposed_dropdown_menu_content_description\" : \"\u09a1\u09cd\u09b0\u09aa-\u09a1\u09be\u0989\u09a8 \u09ae\u09c7\u09a8\u09c1 \u09a6\u09c7\u0996\u09c1\u09a8\"", "\"search_menu_title\" : \"Pesquisar\"", "\"error_icon_content_description\" : \"Errorea\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621\"", "\"common_google_play_services_enable_title\" : \"Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"material_minute_suffix\" : \"%1$s minit\"", "\"nav_app_bar_navigate_up_description\" : \"\u041f\u0440\u0438\u0434\u0432\u0438\u0436\u0432\u0430\u043d\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"material_timepicker_clock_mode_description\" : \"Cambiar ao modo de reloxo para introducir a hora.\"", "\"mtrl_picker_range_header_title\" : \"\u0631\u06cc\u0646\u062c \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"abc_toolbar_collapse_description\" : \"Ahendamine\"", "\"material_minute_selection\" : \"\u041c\u0438\u043d\u0443\u0442 \u0441\u043e\u043d\u0433\u043e\u043d\u043e \u0443\u0443\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0c38\u0c02\"", "\"common_google_play_services_install_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, kojih na va\u0161em ure\u0111aju nema.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Datum zah\u00e1jen\u00ed\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u1005\u1010\u1004\u103a\u101b\u1000\u103a\"", "\"common_google_play_services_update_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data de \u00eencheiere\"", "\"character_counter_content_description\" : \"\u0395\u03b9\u03c3\u03ae\u03c7\u03b8\u03b7\u03c3\u03b1\u03bd %1$d \u03b1\u03c0\u03cc %2$d \u03c7\u03b1\u03c1\u03b1\u03ba\u03c4\u03ae\u03c1\u03b5\u03c2\"", "\"mtrl_picker_date_header_title\" : \"Odaberite datum\"", "\"abc_action_bar_up_description\" : \"Joan gora\"", "\"abc_searchview_description_search\" : \"S\u00f6k\"", "\"material_timepicker_pm\" : \"\u0645\u0633\u0627\u0621\u064b\"", "\"abc_action_bar_home_description\" : \"Krmarjenje na za\u010detek\"", "\"common_google_play_services_unknown_issue\" : \"\u200f\u0644\u062f\u0649 %1$s \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u062e\u062f\u0645\u0627\u062a Google Play. \u064a\u064f\u0631\u062c\u0649 \u0625\u0639\u0627\u062f\u0629 \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629.\"", "\"clear_text_end_icon_content_description\" : \"Vymaza\u0165 text\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041c\u0443\u0440\u0443\u043d\u043a\u0443 \u0430\u0439\u0433\u0430 \u04e9\u0437\u0433\u04e9\u0440\u0442\u04af\u04af\"", "\"common_google_play_services_wear_update_text\" : \"Kudingeka inguqulo entsha yamasevisi we-Google Play. Izozibuyekeza ngokwayo maduze.\"", "\"character_counter_content_description\" : \"\u062a\u0645\u0651 \u0625\u062f\u062e\u0627\u0644 %1$d \u062d\u0631\u0641 \u0645\u0646 \u0625\u062c\u0645\u0627\u0644\u064a %2$d.\"", "\"abc_searchview_description_clear\" : \"Hreinsa fyrirspurn\"", "\"bottomsheet_action_expand_halfway\" : \"\u5c55\u5f00\u5230\u4e00\u534a\u9ad8\u5ea6\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u524d\u5f80 %1$s \u5e74\"", "\"search_menu_title\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"abc_shareactionprovider_share_with\" : \"Deila me\u00f0\"", "\"material_clock_toggle_content_description\" : \"\u0422\u0430\u043d\u0434\u043e\u043e: AM \u0436\u0435 PM\"", "\"mtrl_picker_a11y_next_month\" : \"Promijeni na sljede\u0107i mjesec\"", "\"common_google_play_services_install_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u130d\u1299\"", "\"common_google_play_services_update_button\" : \"Kemas kini\"", "\"mtrl_picker_invalid_format_use\" : \"Anv\u00e4nd %1$s\"", "\"mtrl_picker_range_header_title\" : \"\u9078\u53d6\u7bc4\u570d\"", "\"path_password_eye_mask_visible\" : \"M2,4.27 L2,4.27 L4.54,1.73 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15\u0b30 \u0b09\u0b2a\u0b32\u0b2c\u0b4d\u0b27\u0b24\u0b3e\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0430\u043a\u043e \u043d\u0435 \u0433\u0438 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play.\"", "\"common_google_play_services_enable_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_wear_update_text\" : \"Perlu versi baru layanan Google Play. Akan segera memperbarui sendiri.\"", "\"copy_toast_msg\" : \"Se copi\u00f3 el v\u00ednculo al portapapeles\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0c95\u0ccd\u0caf\u0cbe\u0cb2\u0cc6\u0c82\u0ca1\u0cb0\u0ccd \u0c87\u0ca8\u0ccd\u200c\u0caa\u0cc1\u0c9f\u0ccd \u0cae\u0ccb\u0ca1\u0ccd\u200c\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"material_hour_suffix\" : \"%1$s \u10e1\u10d0\u10d0\u10d7\u10d8\"", "\"abc_action_bar_home_description\" : \"Navegar a la p\u00e1gina principal\"", "\"search_menu_title\" : \"\u134d\u1208\u130b\"", "\"common_google_play_services_install_button\" : \"Installer\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041d\u043e\u0432\u0438\u0445 \u043e\u0431\u0430\u0432\u0435\u0448\u0442\u0435\u045a\u0430: \u0432\u0438\u0448\u0435 \u043e\u0434 %1$d\"", "\"abc_activitychooserview_choose_application\" : \"Odaberite aplikaciju\"", "\"abc_shareactionprovider_share_with\" : \"Skupna raba z:\"", "\"material_timepicker_clock_mode_description\" : \"Pre\u0111ite u re\u017eim sata radi unosa vremena.\"", "\"common_google_play_services_install_text\" : \"%1$s sal nie sonder Google Play Dienste werk nie, wat nie op jou toestel is nie.\"", "\"nav_app_bar_navigate_up_description\" : \"\u0935\u0930 \u0928\u0947\u0935\u094d\u200d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"mtrl_picker_save\" : \"\u0938\u0941\u0930\u0915\u094d\u0937\u093f\u0924 \u0917\u0930\u094d\u0928\u0941\"", "\"common_google_play_services_notification_channel_name\" : \"Ph\u1ea1m vi cung c\u1ea5p c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"abc_searchview_description_search\" : \"Bilatu\"", "\"abc_prepend_shortcut_label\" : \"Meny\u00a0+\u00a0\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u05ea\u05d0\u05e8\u05d9\u05da \u05d4\u05ea\u05d7\u05dc\u05d4\"", "\"mtrl_picker_save\" : \"Saqlash\"", "\"icon_content_description\" : \"Dialoq ikonas\u0131\"", "\"nav_app_bar_navigate_up_description\" : \"Torna indietro\"", "\"fallback_menu_item_open_in_browser\" : \"\u00c5pne i nettleseren\"", "\"fallback_menu_item_copy_link\" : \"Copia\u021bi linkul\"", "\"mtrl_picker_range_header_unselected\" : \"\u0414\u0430\u0442\u0430 \u043d\u0430\u0447\u0430\u043b\u0430\u00a0\u2013 \u0434\u0430\u0442\u0430 \u043e\u043a\u043e\u043d\u0447\u0430\u043d\u0438\u044f\"", "\"material_timepicker_clock_mode_description\" : \"Chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 \u0111\u1ed3ng h\u1ed3 \u0111\u1ec3 nh\u1eadp th\u1eddi gian.\"", "\"copy_toast_msg\" : \"\u041b\u0438\u043d\u043a\u043e\u0442 \u0435 \u043a\u043e\u043f\u0438\u0440\u0430\u043d \u0432\u043e \u043f\u0440\u0438\u0432\u0440\u0435\u043c\u0435\u043d\u0430 \u043c\u0435\u043c\u043e\u0440\u0438\u0458\u0430\"", "\"material_minute_selection\" : \"\u092e\u093f\u0928\u091f \u091a\u0941\u0928\u0947\u0902\"", "\"mtrl_picker_announce_current_selection\" : \"\u092b\u093c\u093f\u0932\u0939\u093e\u0932, \u092f\u0939 \u091a\u0941\u0928\u093e \u0917\u092f\u093e \u0939\u0948: %1$s\"", "\"abc_searchview_description_submit\" : \"Trimite\u021bi interogarea\"", "\"abc_menu_function_shortcut_label\" : \"Funkcijas tausti\u0146\u0161\u00a0+\"", "\"abc_menu_space_shortcut_label\" : \"\u0641\u0636\u0627\u0621\"", "\"common_google_play_services_wear_update_text\" : \"Kailangan ang bagong bersyon ng mga serbisyo ng Google Play. Mag-a-update itong mag-isa sa ilang sandali.\"", "\"character_counter_overflowed_content_description\" : \"Prema\u0161eno je ograni\u010denje broja znakova: %1$d od %2$d\"", "\"common_google_play_services_update_button\" : \"Aktualizova\u0165\"", "\"material_timepicker_select_time\" : \"\u0cb8\u0cae\u0caf\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"material_clock_toggle_content_description\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 AM (\u0434\u043e \u043f\u043e\u043b\u0443\u0434\u043d\u044f) \u0438\u043b\u0438 PM (\u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0434\u043d\u044f)\"", "\"mtrl_picker_navigate_to_year_description\" : \"Fara \u00ed \u00e1ri\u00f0 %1$s\"", "\"abc_action_bar_up_description\" : \"G\u00e5 opp\"", "\"copy_toast_msg\" : \"\u5df2\u5c07\u9023\u7d50\u8907\u88fd\u5230\u526a\u8cbc\u7c3f\"", "\"mtrl_picker_save\" : \"\u0421\u0430\u049b\u0442\u0430\u0443\"", "\"mtrl_picker_invalid_format_example\" : \"\u00d6rnek: %1$s\"", "\"copy_toast_msg\" : \"\u0540\u0572\u0578\u0582\u0574\u0568 \u057a\u0561\u057f\u0573\u0565\u0576\u057e\u0565\u0581 \u057d\u0565\u0572\u0574\u0561\u057f\u0561\u056d\u057f\u0561\u056f\u056b\u0576\"", "\"abc_shareactionprovider_share_with_application\" : \"Deel met %s\"", "\"nav_app_bar_navigate_up_description\" : \"\u0627\u0648\u067e\u0631 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"character_counter_overflowed_content_description\" : \"Ograni\u010denje broja znakova prema\u0161uje %1$d od %2$d\"", "\"common_google_play_services_enable_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bbf\u0ba9\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"common_google_play_services_install_text\" : \"Na spustenie aplik\u00e1cie %1$s sa vy\u017eaduj\u00fa slu\u017eby Google Play, ktor\u00e9 na zariaden\u00ed nem\u00e1te.\"", "\"mtrl_picker_a11y_prev_month\" : \"Pomicanje na prethodni mjesec\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0935\u0930\u094d\u0937\u093e\u0935\u0930 \u0928\u0947\u0935\u094d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"status_bar_notification_info_overflow\" : \"+999\"", "\"mtrl_badge_numberless_content_description\" : \"\u05d4\u05ea\u05e8\u05d0\u05d4 \u05d7\u05d3\u05e9\u05d4\"", "\"mtrl_picker_invalid_format_use\" : \"Bruk: %1$s\"", "\"common_google_play_services_notification_ticker\" : \"Erro dos Servi\u00e7os do Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u09a4\u09cd\u09b0\u09c1\u099f\u09bf\"", "\"character_counter_overflowed_content_description\" : \"Tegngrensen er overskredet \u2013 %1$d av %2$d\"", "\"abc_toolbar_collapse_description\" : \"Vou in\"", "\"abc_menu_space_shortcut_label\" : \"ruang\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u09b6\u09c1\u09b0\u09c1\u09b0 \u09a4\u09be\u09b0\u09bf\u0996\"", "operator\"\" ", "\"abc_searchview_description_query\" : \"\u641c\u7d22\u67e5\u8be2\"", "\"search_menu_title\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"common_google_play_services_install_button\" : \"\u178a\u17c6\u17a1\u17be\u1784\"", "\"abc_action_menu_overflow_description\" : \"More options\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"V\u00e1lt\u00e1s napt\u00e1rbeviteli m\u00f3dra\"", "\"abc_menu_space_shortcut_label\" : \"Space\"", "\"abc_action_menu_overflow_description\" : \"\u0c2e\u0c30\u0c3f\u0c28\u0c4d\u0c28\u0c3f \u0c0e\u0c02\u0c2a\u0c3f\u0c15\u0c32\u0c41\"", "\"abc_menu_delete_shortcut_label\" : \"Delete \u952e\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u10d3\u10e6\u10d4\u10d4\u10d1\u10d8\u10e1 \u10e1\u10d5\u10d4\u10e2\u10d8: %1$s\"", "\"common_google_play_services_enable_button\" : \"\u555f\u7528\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Meer dan %1$d nieuwe meldingen\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0411\u0430\u0448\u0442\u043e\u043e \u043a\u04af\u043d\u04af\"", "\"mtrl_picker_announce_current_selection\" : \"Trenutna izbira: %1$s\"", "\"mtrl_picker_invalid_range\" : \"Plage incorrecte.\"", "\"material_timepicker_pm\" : \"CH\"", "\"mtrl_picker_announce_current_selection\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u06a9\u0646\u0648\u0646\u06cc: %1$s\"", "\"abc_action_menu_overflow_description\" : \"Lagi pilihan\"", "\"common_google_play_services_update_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u12d8\u121d\u1291\"", "\"material_timepicker_select_time\" : \"Seleziona l'ora\"", "\"common_signin_button_text\" : \"Zaloguj si\u0119\"", "\"material_clock_toggle_content_description\" : \"AM (\u101e\u102d\u102f\u1037) PM \u101b\u103d\u1031\u1038\u101b\u1014\u103a\"", "\"abc_searchview_description_search\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200eSearch\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"material_timepicker_text_input_mode_description\" : \"\u0628\u0631\u0627\u06cc \u0648\u0627\u0631\u062f \u06a9\u0631\u062f\u0646 \u0632\u0645\u0627\u0646\u060c \u0628\u0647 \u062d\u0627\u0644\u062a \u0648\u0631\u0648\u062f\u06cc \u0646\u0648\u0634\u062a\u0627\u0631\u06cc \u062a\u063a\u06cc\u06cc\u0631 \u0648\u0636\u0639\u06cc\u062a \u062f\u0647\u06cc\u062f.\"", "\"nav_app_bar_open_drawer_description\" : \"\u0928\u0947\u0935\u093f\u0917\u0947\u0936\u0928 \u092a\u0948\u0928\u0932 \u0916\u094b\u0932\u0947\u0902\"", "\"material_timepicker_hour\" : \"\uc2dc\uac04\"", "\"password_toggle_content_description\" : \"Parolu g\u00f6st\u0259rin\"", "\"abc_searchview_description_search\" : \"Cerca\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data de conclus\u00e3o\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u041a\u043e\u043b\u043e\u043d\u0430 \u0437\u0430 \u0434\u043d\u0438: %1$s\"", "\"common_google_play_services_update_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s je t\u0159eba aktualizovat slu\u017eby Google Play.\"", "\"mtrl_picker_save\" : \"L\u01b0u\"", "\"mtrl_chip_close_icon_content_description\" : \"Menghapus %1$s\"", "\"common_google_play_services_install_button\" : \"\u0938\u094d\u0925\u093e\u092a\u0928\u093e \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"nav_app_bar_navigate_up_description\" : \"P\u0159ej\u00edt nahoru\"", "\"character_counter_overflowed_content_description\" : \"\u8d85\u51fa\u5b57\u7b26\u6570\u9650\u5236\uff08\u5171 %1$d \u4e2a\uff0c\u4e0a\u9650\u4e3a %2$d \u4e2a\uff09\"", "\"common_open_on_phone\" : \"Megnyit\u00e1s a telefonon\"", "\"common_google_play_services_update_title\" : \"Google \u0caa\u0ccd\u0cb2\u0cc7 \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd\u200c \u0cae\u0cbe\u0ca1\u0cbf\"", "\"mtrl_picker_invalid_format\" : \"\u0424\u043e\u0440\u043c\u0430\u0442 \u0436\u0430\u0440\u0430\u043c\u0441\u044b\u0437.\"", "\"abc_shareactionprovider_share_with\" : \"Payla\u015f\u0131n\"", "\"mtrl_picker_invalid_format_example\" : \"\u0e15\u0e31\u0e27\u0e2d\u0e22\u0e48\u0e32\u0e07: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0c15\u0c41\u0c26\u0c3f\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_enable_button\" : \"Aktiv edin\"", "\"mtrl_picker_range_header_title\" : \"Velg periode\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Passer au mode d'entr\u00e9e Agenda\"", "\"mtrl_picker_invalid_format_use\" : \"\u0642\u0627\u0644\u0628: %1$s\"", "\"material_hour_selection\" : \"\u0bae\u0ba3\u0bbf\u0ba8\u0bc7\u0bb0\u0ba4\u0bcd\u0ba4\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95 \u0b89\u0ba4\u0bb5\u0bc1\u0bae\u0bcd\"", "\"mtrl_picker_text_input_day_abbr\" : \"g\"", "\"mtrl_picker_range_header_unselected\" : \"Prad\u017eios data\u2013pabaigos data\"", "\"search_menu_title\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "\"mtrl_picker_range_header_unselected\" : \"Startdato \u2013 slutdato\"", "\"bottomsheet_action_expand_halfway\" : \"\u0d2e\u0d41\u0d34\u0d41\u0d35\u0d28\u0d3e\u0d2f\u0d3f \u0d35\u0d3f\u0d15\u0d38\u0d3f\u0d2a\u0d4d\u0d2a\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_picker_text_input_date_hint\" : \"Fecha\"", "\"abc_action_bar_up_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200eNavigate up\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_menu_shift_shortcut_label\" : \"\u00dcst Karakter+\"", "\"icon_content_description\" : \"\u0938\u0902\u0935\u093e\u0926\u0915\u094b \u0906\u0907\u0915\u0928\"", "\"common_google_play_services_enable_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u049b\u043e\u0441\u0443\"", "\"abc_menu_meta_shortcut_label\" : \"\u200eMeta+\u200e\"", "\"mtrl_picker_a11y_next_month\" : \"Endre til neste m\u00e5ned\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Boshlanish sanasi \u2013 %1$s\"", "\"exposed_dropdown_menu_content_description\" : \"Wys aftrekkieslys\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \uc0ac\uc6a9\"", "\"abc_menu_space_shortcut_label\" : \"medzern\u00edk\"", "\"material_timepicker_select_time\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e40\u0e27\u0e25\u0e32\"", "\"mtrl_picker_invalid_format_use\" : \"Izmantojiet: %1$s\"", "\"abc_searchview_description_query\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u101b\u1014\u103a \u1019\u1031\u1038\u1001\u103d\u1014\u103a\u1038\"", "\"error_icon_content_description\" : \"\u041f\u0430\u043c\u044b\u043b\u043a\u0430\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u041a\u04af\u043d\u0434\u0456 \u0442\u0430\u04a3\u0434\u0430\u0443\u0493\u0430 \u0430\u0443\u044b\u0441\u0443 \u04af\u0448\u0456\u043d \u0442\u04af\u0440\u0442\u0456\u04a3\u0456\u0437.\"", "\"mtrl_picker_invalid_format_example\" : \"\u793a\u4f8b\uff1a%1$s\"", "\"material_clock_toggle_content_description\" : \"Select a.m. or p.m.\"", "guard variable for ", "\"mtrl_chip_close_icon_content_description\" : \"\u0540\u0565\u057c\u0561\u0581\u0576\u0565\u056c (%1$s)\"", "\"material_minute_suffix\" : \"%1$s\u00a0\u0445\u0432\"", "\"abc_search_hint\" : \"Zoeken\u2026\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Viac ne\u017e %1$d\u00a0nov\u00fdch upozornen\u00ed\"", "N12_GLOBAL__N_116itanium_demangle15UnnamedTypeNameE", "\"abc_searchview_description_voice\" : \"\u97f3\u58f0\u691c\u7d22\"", "\"abc_capital_off\" : \"DEZACTIVAT\"", "\"fallback_menu_item_share_link\" : \"Link megoszt\u00e1sa\"", "\"abc_searchview_description_search\" : \"Pretra\u017eite\"", "\"mtrl_picker_invalid_format_use\" : \"Pou\u017eijte: %1$s\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u092a\u0947\u0938 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"material_minute_selection\" : \"\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u062f\u0642\u0627\u0626\u0642\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u12e8\u1240\u1296\u127d \u12d3\u121d\u12f5\u1366 %1$s\"", "\"common_google_play_services_unsupported_text\" : \"\u0422\u0430\u043d\u044b \u0442\u04e9\u0445\u04e9\u04e9\u0440\u04e9\u043c\u0436 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0434\u044d\u043c\u0436\u0434\u044d\u0433\u0433\u04af\u0439 \u0443\u0447\u0438\u0440 %1$s \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_searchview_description_search\" : \"Leit\"", "\"abc_shareactionprovider_share_with_application\" : \"Bendrinti naudojant program\u0105 \u201e%s\u201c\"", "\"fallback_menu_item_share_link\" : \"Deli povezavo\"", "\"mtrl_picker_toggle_to_day_selection\" : \"'\u0926\u093f\u0928 \u091a\u0941\u0928\u0928\u093e' \u092a\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u0928\u0947 \u0915\u0947 \u0932\u093f\u090f \u091f\u0948\u092a \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_toggle_to_day_selection\" : \"G\u00fcn se\u00e7imin\u0259 ke\u00e7m\u0259k \u00fc\u00e7\u00fcn toxunun\"", "\"common_google_play_services_update_button\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458\"", "\"fallback_menu_item_share_link\" : \"\u0932\u093f\u0902\u0915 \u0936\u0947\u0905\u0930 \u0915\u0930\u093e\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data de inicio\"", "\"common_google_play_services_enable_title\" : \"Google Play hizmetlerini etkinle\u015ftirin\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0db4\u0dd9\u0dc5 \u0d86\u0daf\u0dcf\u0db1 \u0db4\u0dca\u200d\u0dbb\u0d9a\u0dcf\u0dbb\u0dba\u0da7 \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0db1\u0dca\u0db1\"", "\"material_hour_selection\" : \"\u00d3ra kiv\u00e1laszt\u00e1sa\"", "\"mtrl_picker_date_header_title\" : \"\u041a\u04af\u043d \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"common_open_on_phone\" : \"\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0435\"", "\"common_google_play_services_install_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4a\u0c02\u0c26\u0c02\u0c21\u0c3f\"", "\"common_google_play_services_update_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"material_timepicker_clock_mode_description\" : \"\u5207\u6362\u5230\u65f6\u949f\u6a21\u5f0f\u6765\u8f93\u5165\u65f6\u95f4\u3002\"", "\"fallback_menu_item_open_in_browser\" : \"Otev\u0159\u00edt v\u00a0prohl\u00ed\u017ee\u010di\"", "\"mtrl_picker_date_header_unselected\" : \"\u12e8\u1270\u1218\u1228\u1320\u12cd \u1240\u1295\"", "\"material_timepicker_am\" : \"\u0642\u0628\u0644 \u0627\u0632 \u062f\u0648\u067e\u06c1\u0631\"", "\"abc_search_hint\" : \"\u0412\u0432\u0435\u0434\u0456\u0442\u044c \u043f\u043e\u0448\u0443\u043a\u043e\u0432\u0438\u0439 \u0437\u0430\u043f\u0438\u0442\u2026\"", "\"abc_shareactionprovider_share_with_application\" : \"Comparteix amb %s\"", "\"common_google_play_services_updating_text\" : \"%1$s no se ejecutar\u00e1 hasta que finalice la actualizaci\u00f3n en curso de Servicios de Google Play.\"", "\"common_google_play_services_update_button\" : \"Sasisha\"", "\"material_hour_selection\" : \"\u0cb8\u0cae\u0caf\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"character_counter_content_description\" : \"Mga character na nailagay %1$d sa %2$d\"", "\"mtrl_picker_range_header_title\" : \"\u0410\u0440\u0430\u043b\u044b\u049b\u0442\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"material_timepicker_minute\" : \"Minuutti\"", "\"abc_searchview_description_clear\" : \"I-clear ang query\"", "\"copy_toast_msg\" : \"\u0eaa\u0eb3\u0ec0\u0e99\u0ebb\u0eb2\u0ea5\u0eb4\u0ec9\u0e87\u0ec3\u0eaa\u0ec8\u0e84\u0ea5\u0eb4\u0e9a\u0e9a\u0ead\u0e94\u0ec1\u0ea5\u0ec9\u0ea7\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Bitm\u0259 tarixi\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u958b\u59cb\u65e5\u671f \u2013 %1$s\"", "\"common_signin_button_text_long\" : \"Logga in med Google\"", "\"mtrl_picker_invalid_format_use\" : \"Koristi format: %1$s\"", "\"common_google_play_services_unsupported_text\" : \"%1$s non se executar\u00e1 sen os servizos de Google Play, que non son compatibles co teu dispositivo.\"", "\"material_hour_selection\" : \"S\u00e9lectionnez une heure\"", "\"common_google_play_services_install_title\" : \"Instalar o Google Play Services\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u0430\u0435 \u0430\u043f\u0430\u0432\u044f\u0448\u0447\u044d\u043d\u043d\u0435\"", "\"mtrl_picker_date_header_title\" : \"\u05d9\u05e9 \u05dc\u05d1\u05d7\u05d5\u05e8 \u05ea\u05d0\u05e8\u05d9\u05da\"", "\"common_google_play_services_update_button\" : \"\u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\"", "\"mtrl_picker_a11y_next_month\" : \"\u0d05\u0d1f\u0d41\u0d24\u0d4d\u0d24 \u0d2e\u0d3e\u0d38\u0d24\u0d4d\u0d24\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d4d\u0d31\u0d41\u0d15\"", "\"mtrl_picker_announce_current_selection\" : \"Aktuelt valg: %1$s\"", "\"fallback_menu_item_share_link\" : \"Udost\u0119pnij link\"", "\"character_counter_overflowed_content_description\" : \"Melebihi had aksara %1$d daripada %2$d\"", "\"abc_shareactionprovider_share_with_application\" : \"Megoszt\u00e1s a k\u00f6vetkez\u0151 alkalmaz\u00e1ssal: %s\"", "\"mtrl_picker_invalid_range\" : \"\u120d\u12ad \u12eb\u120d\u12be\u1290 \u12ad\u120d\u120d\u1362\"", "\"abc_action_menu_overflow_description\" : \"V\u00edce mo\u017enost\u00ed\"", "\"material_timepicker_minute\" : \"\u0e19\u0e32\u0e17\u0e35\"", "\"mtrl_picker_invalid_range\" : \"\u0c85\u0cae\u0cbe\u0ca8\u0ccd\u0caf \u0cb6\u0ccd\u0cb0\u0cc7\u0ca3\u0cbf.\"", "\"abc_action_mode_done\" : \"\u0d9a\u0dc5\u0dcf\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0411\u0430\u0448\u0442\u043e\u043e \u043a\u04af\u043d\u04af \u2013 %1$s\"", "\"material_clock_toggle_content_description\" : \"Seleccionar a.m. ou p.m.\"", "\"abc_activitychooserview_choose_application\" : \"Izaberite aplikaciju\"", "\"common_signin_button_text\" : \"\u130d\u1263\"", "\"abc_search_hint\" : \"Vyhledat\u2026\"", "\"nav_app_bar_open_drawer_description\" : \"Ouvrir le panneau de navigation\"", "\"clear_text_end_icon_content_description\" : \"\u0418\u0437\u0431\u0440\u0438\u0448\u0438 \u0433\u043e \u0442\u0435\u043a\u0441\u0442\u043e\u0442\"", "\"common_google_play_services_update_title\" : \"Eguneratu Google Play zerbitzuak\"", "\"abc_action_menu_overflow_description\" : \"\u05e2\u05d5\u05d3 \u05d0\u05e4\u05e9\u05e8\u05d5\u05d9\u05d5\u05ea\"", "\"mtrl_picker_invalid_format_use\" : \"K\u00e4yt\u00e4 muotoa %1$s\"", "\"common_google_play_services_install_button\" : \"C\u00e0i \u0111\u1eb7t\"", "\"material_minute_suffix\" : \"%1$s\u00a0Minuten\"", "\"material_timepicker_select_time\" : \"Pasirinkite laik\u0105\"", "\"common_google_play_services_update_button\" : \"G\u00fcncelle\"", "\"common_google_play_services_install_text\" : \"%1$s ei toimi ilman Google Play Palveluita, jotka puuttuvat laitteeltasi.\"", "\"fallback_menu_item_copy_link\" : \"\u041a\u043e\u043f\u0456\u044e\u0432\u0430\u0442\u0438 \u043f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f\"", "\"abc_capital_off\" : \"JOAKTIV\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e1 a menos que habilites los servicios de Google Play.\"", "\"mtrl_picker_a11y_next_month\" : \"Cambiar ao mes seguinte\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u0e01\u0e32\u0e23\u0e41\u0e08\u0e49\u0e07\u0e40\u0e15\u0e37\u0e2d\u0e19\u0e43\u0e2b\u0e21\u0e48\u0e21\u0e32\u0e01\u0e01\u0e27\u0e48\u0e32 %1$d \u0e23\u0e32\u0e22\u0e01\u0e32\u0e23\"", "\"common_google_play_services_install_text\" : \"\u0d94\u0db6\u0d9c\u0dda \u0da7\u0dd0\u0db6\u0dca\u0dbd\u0da7\u0dca \u0db4\u0dbb\u0dd2\u0d9c\u0dab\u0d9a\u0dba\u0dda \u0db1\u0dd0\u0dad\u0dd2 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"mtrl_picker_a11y_next_month\" : \"Passa al mese successivo\"", "\"abc_toolbar_collapse_description\" : \"Replega\"", "\"abc_menu_enter_shortcut_label\" : \"Intro\"", "\"mtrl_picker_date_header_title\" : \"Khetha Idethi\"", "\"fallback_menu_item_open_in_browser\" : \"\u1018\u101b\u1031\u102c\u1004\u103a\u1007\u102c\u1010\u103d\u1004\u103a \u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"abc_capital_on\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200eON\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Prad\u017eios data\"", "\"common_signin_button_text\" : \"\u0423\u0432\u0430\u0439\u0441\u0446i\"", "\"mtrl_picker_out_of_range\" : \"Fuera de rango: %1$s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0648\u0636\u0639 \"\u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0641\u064a \u0627\u0644\u062a\u0642\u0648\u064a\u0645\"\"", "\"material_minute_selection\" : \"\u041c\u04af\u043d\u04e9\u0442\u0442\u04e9\u0440\u0434\u04af \u0442\u0430\u043d\u0434\u0430\u04a3\u044b\u0437\"", "\"common_signin_button_text\" : \"\u0423\u0432\u0456\u0439\u0442\u0438\"", "\"common_google_play_services_install_button\" : \"\u5b89\u88c5\"", "\"abc_searchview_description_clear\" : \"Hapus kueri\"", "\"common_signin_button_text_long\" : \"Google \u0d09\u0d2a\u0d2f\u0d4b\u0d17\u0d3f\u0d1a\u0d4d\u0d1a\u0d4d \u0d38\u0d48\u0d7b \u0d07\u0d7b \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"abc_capital_off\" : \"T\u1eaeT\"", "\"nav_app_bar_open_drawer_description\" : \"\u958b\u555f\u5c0e\u89bd\u5217\"", "operator++", "St8bad_cast", "operator&", "\"mtrl_picker_day_of_week_column_header\" : \"\u66dc\u65e5\u306e\u5217: %1$s\"", "\"common_google_play_services_install_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0438\u0445 \u043d\u0435\u043c\u0430\u0454 \u043d\u0430 \u0432\u0430\u0448\u043e\u043c\u0443 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u0457.\"", "\"material_clock_toggle_content_description\" : \"\u04ae\u04e8 \u044d\u0441\u0432\u044d\u043b \u04ae\u0425 \u0441\u043e\u043d\u0433\u043e\u043d\u043e \u0443\u0443\"", "\"material_minute_suffix\" : \"%1$s \u062f\u0642\u064a\u0642\u0629\"", "\"material_timepicker_minute\" : \"Minit\"", "\"mtrl_picker_range_header_unselected\" : \"Data e fillimit - data e p\u00ebrfundimit\"", "\"mtrl_picker_date_header_title\" : \"Kies datum\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n +\"", "\"mtrl_picker_invalid_format_example\" : \"Pavyzdys: %1$s\"", "\"mtrl_picker_out_of_range\" : \"\u0538\u0576\u0564\u0563\u0580\u056f\u0578\u0582\u0575\u0569\u056b\u0581 \u0564\u0578\u0582\u0580\u057d \u0567\u055d %1$s\"", "\"material_timepicker_hour\" : \"\u0627\u0644\u0633\u0627\u0639\u0629\"", "\"abc_shareactionprovider_share_with_application\" : \"Yabelana ne-%s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0db1\u0dd2\u0db8\u0dcf \u0dc0\u0db1 \u0daf\u0dd2\u0db1\u0dba\"", "\"mtrl_picker_date_header_title\" : \"V\u00e6lg dato\"", "\"abc_menu_meta_shortcut_label\" : \"Meta\u00a0+\u00a0\"", "\"material_timepicker_minute\" : \"\u092e\u093f\u0928\u0947\u091f\"", "\"nav_app_bar_navigate_up_description\" : \"\u0e19\u0e33\u0e17\u0e32\u0e07\u0e02\u0e36\u0e49\u0e19\"", "\"common_open_on_phone\" : \"Otev\u0159\u00edt v\u00a0telefonu\"", "N12_GLOBAL__N_116itanium_demangle22ParameterPackExpansionE", "\"mtrl_picker_out_of_range\" : \"Utanf\u00f6r intervallet: %1$s\"", "\"abc_search_hint\" : \"\u0406\u0437\u0434\u0435\u0443\u2026\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u043c\u0430\u0437\u043c\u04b1\u043d\u044b\u043d \u04e9\u0448\u0456\u0440\u0443\"", "\"mtrl_picker_invalid_format_use\" : \"\u0db7\u0dcf\u0dc0\u0dd2\u0dad\u0dba: %1$s\"", "\"material_timepicker_clock_mode_description\" : \"\u039a\u03ac\u03bd\u03c4\u03b5 \u03b5\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03b7 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03af\u03b1 \u03c1\u03bf\u03bb\u03bf\u03b3\u03b9\u03bf\u03cd, \u03b3\u03b9\u03b1 \u03c4\u03b7\u03bd \u03b5\u03b9\u03c3\u03b1\u03b3\u03c9\u03b3\u03ae \u03c4\u03b7\u03c2 \u03ce\u03c1\u03b1\u03c2.\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s verwijderen\"", "\"abc_searchview_description_voice\" : \"\u0935\u094d\u0939\u0949\u0907\u0938 \u0936\u094b\u0927\"", "\"material_timepicker_pm\" : \"\u100a\u1014\u1031\"", "\"common_google_play_services_update_button\" : \"V\u00e4rskenda\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Koppintson a nap kiv\u00e1laszt\u00e1s\u00e1hoz\"", "\"mtrl_picker_out_of_range\" : \"Utan svi\u00f0s: %1$s\"", "\"password_toggle_content_description\" : \"\u0db8\u0dd4\u0dbb\u0db4\u0daf\u0dba \u0db4\u0dd9\u0db1\u0dca\u0dc0\u0db1\u0dca\u0db1\"", "\"abc_search_hint\" : \"\u641c\u5c0b\u2026\"", "\"common_google_play_services_unsupported_text\" : \"Zur Nutzung von %1$s sind Google Play-Dienste erforderlich, die auf deinem Ger\u00e4t nicht unterst\u00fctzt werden.\"", "\"abc_searchview_description_query\" : \"Suchanfrage\"", "\"abc_search_hint\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\u2026\"", "\"mtrl_picker_invalid_format_example\" : \"Masalan: %1$s\"", "\"abc_capital_on\" : \"\u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dcf\u0dad\u0dca\u0db8\u0d9a\u0dba\u0dd2\"", "\"material_timepicker_minute\" : \"Minuut\"", "\"abc_searchview_description_voice\" : \"\u0413\u043e\u043b\u043e\u0441\u043e\u0432\u043e\u0439 \u043f\u043e\u0438\u0441\u043a\"", "\"abc_searchview_description_search\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_picker_invalid_format\" : \"\u00d3gilt sni\u00f0.\"", "\"mtrl_picker_invalid_format_example\" : \"\uc608: %1$s\"", "\"mtrl_picker_invalid_range\" : \"Ugyldigt interval.\"", "\"material_hour_selection\" : \"\u0426\u0430\u0433 \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"abc_action_bar_up_description\" : \"Prejs\u0165 nahor\"", "\"password_toggle_content_description\" : \"Zobrazit heslo\"", "\"common_google_play_services_install_text\" : \"%1$s \u0b0f\u0b39\u0b3f Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e \u0b1a\u0b3e\u0b32\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b0f\u0b2c\u0b02 \u0b38\u0b47\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b06\u0b2a\u0b23\u0b19\u0b4d\u0b15 \u0b21\u0b3f\u0b2d\u0b3e\u0b07\u0b38\u0b4d\u200c\u0b30\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_unsupported_text\" : \"\u300c%1$s\u300d\u306e\u5b9f\u884c\u306b\u306f Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u304a\u4f7f\u3044\u306e\u7aef\u672b\u3067\u306f\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\"", "\"common_google_play_services_notification_channel_name\" : \"Dispo\u00f1ibilidade dos servizos de Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u1015\u103c\u1000\u1039\u1001\u1012\u102d\u1014\u103a \u1011\u100a\u103a\u1037\u101e\u103d\u1004\u103a\u1038\u1019\u103e\u102f\u1019\u102f\u1012\u103a\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a\"", "\"material_timepicker_am\" : \"f.m.\"", "\"mtrl_picker_a11y_prev_month\" : \"\u018fvv\u0259lki aya d\u0259yi\u015fin\"", "\"common_google_play_services_install_title\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"mtrl_picker_invalid_format_example\" : \"Piem\u0113rs: %1$s\"", "\"abc_searchview_description_search\" : \"\u101b\u103e\u102c\u101b\u1014\u103a\"", "\"abc_activity_chooser_view_see_all\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200eSee all\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fallback_menu_item_open_in_browser\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e99\u0ec2\u0e9b\u0ea3\u0ec1\u0e81\u0ea3\u0ea1\u0e97\u0ec8\u0ead\u0e87\u0ec0\u0ea7\u0eb1\u0e9a\"", "\"abc_capital_on\" : \"\u0b86\u0ba9\u0bcd\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0441\u0430\u043d\u044b\u043d\u0430\u043d \u043a\u04e9\u043f \u0436\u0430\u04a3\u0430 \u0445\u0430\u0431\u0430\u0440\u043b\u0430\u043d\u0434\u044b\u0440\u0443\"", "\"mtrl_picker_range_header_unselected\" : \"\u0caa\u0ccd\u0cb0\u0cbe\u0cb0\u0c82\u0cad \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95 \u2013 \u0cae\u0cc1\u0c95\u0ccd\u0ca4\u0cbe\u0caf \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\"", "\"mtrl_picker_announce_current_selection\" : \"\u1780\u17b6\u179a\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u200b\u1794\u1785\u17d2\u1785\u17bb\u1794\u17d2\u1794\u1793\u17d2\u1793\u17d6 %1$s\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa+\"", "\"material_clock_toggle_content_description\" : \"Izberite dopoldanski ali popoldanski \u010das.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl +\"", "\"mtrl_picker_save\" : \"Hifadhi\"", "\"common_google_play_services_notification_ticker\" : \"Fehler bei Zugriff auf Google Play-Dienste\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u06cc\u06a9 \u0627\u06cc\u067e \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"abc_shareactionprovider_share_with_application\" : \"Zdie\u013ea\u0165 s\u00a0aplik\u00e1ciou %s\"", "\"mtrl_picker_invalid_format_use\" : \"\u03a7\u03c1\u03b7\u03c3\u03b9\u03bc\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03c4\u03b5: %1$s\"", "\"abc_menu_delete_shortcut_label\" : \"slett\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 datum ukon\u010den\u00ed\"", "\"mtrl_picker_out_of_range\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e44\u0e21\u0e48\u0e2d\u0e22\u0e39\u0e48\u0e43\u0e19\u0e0a\u0e48\u0e27\u0e07\u0e17\u0e35\u0e48\u0e2d\u0e19\u0e38\u0e0d\u0e32\u0e15: %1$s\"", "\"exposed_dropdown_menu_content_description\" : \"Prika\u017ei padaju\u0107i izbornik\"", "\"common_open_on_phone\" : \"Abrir no telem\u00f3vel\"", "\"copy_toast_msg\" : \"\u101c\u1004\u1037\u103a\u1001\u103a\u1000\u102d\u102f \u1000\u101c\u1005\u103a\u1018\u102f\u1010\u103a\u101e\u102d\u102f\u1037 \u1000\u1030\u1038\u1015\u103c\u102e\u1038\u1015\u102b\u1015\u103c\u102e\"", "\"fallback_menu_item_share_link\" : \"\u0414\u0435\u043b\u0438 \u043b\u0438\u043d\u043a\"", "\"clear_text_end_icon_content_description\" : \"Metni temizle\"", "\"material_minute_selection\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u0445\u0432\u0456\u043b\u0456\u043d\u044b\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u042d\u0445\u043b\u044d\u0445 \u043e\u0433\u043d\u043e\u043e\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data di fine\"", "\"mtrl_picker_date_header_unselected\" : \"\u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c41\u0c28\u0c4d\u0c28 \u0c24\u0c47\u0c26\u0c3f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ondervind probleme met Google Play Dienste. Probeer asseblief weer.\"", "noexcept(", "\"mtrl_badge_numberless_content_description\" : \"\u0c15\u0c4a\u0c24\u0c4d\u0c24 \u0c28\u0c4b\u0c1f\u0c3f\u0c2b\u0c3f\u0c15\u0c47\u0c37\u0c28\u0c4d\"", "\"exposed_dropdown_menu_content_description\" : \"Tunjukkan menu lungsur\"", "\"abc_searchview_description_submit\" : \"\u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0 \u0ab8\u0aac\u0aae\u0abf\u0a9f \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_announce_current_selection\" : \"\u0412\u044b\u0431\u0440\u0430\u043d\u043d\u044b\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442: %1$s\"", "\"mtrl_badge_numberless_content_description\" : \"\u0928\u092f\u093e\u0901 \u0938\u0942\u091a\u0928\u093e\"", "\"material_timepicker_minute\" : \"Daqiqa\"", "\"common_google_play_services_unknown_issue\" : \"\u0423 \u0434\u043e\u0434\u0430\u0442\u043a\u0443 %1$s \u0432\u0438\u043d\u0438\u043a\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0456\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0430\u043c\u0438 Google Play. \u041f\u043e\u0432\u0442\u043e\u0440\u0456\u0442\u044c \u0441\u043f\u0440\u043e\u0431\u0443.\"", "\"material_timepicker_am\" : \"A.M.\"", "\"mtrl_picker_invalid_range\" : \"L'interval no \u00e9s v\u00e0lid.\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u0642\u0627\u0628\u0644\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"fallback_menu_item_share_link\" : \"Deila tengli\"", "\"material_timepicker_hour\" : \"Tunnit\"", "\"mtrl_picker_navigate_to_year_description\" : \"Sogeza kwenye mwaka wa %1$s\"", "\"material_hour_selection\" : \"\u0c17\u0c02\u0c1f\u0c28\u0c41 \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"abc_activity_chooser_view_see_all\" : \"\u0395\u03bc\u03c6\u03ac\u03bd\u03b9\u03c3\u03b7 \u03cc\u03bb\u03c9\u03bd\"", "\"abc_search_hint\" : \"Search\u2026\"", "\"abc_searchview_description_query\" : \"Consulta de b\u00fasqueda\"", "\"fallback_menu_item_share_link\" : \"\ub9c1\ud06c \uacf5\uc720\"", "\"common_google_play_services_enable_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05d0\u05dd \u05dc\u05d0 \u05ea\u05e4\u05e2\u05d9\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play.\"", "\"item_view_role_description\" : \"Skirtukas\"", "\"material_minute_selection\" : \"Angi minutter\"", "\"nav_app_bar_open_drawer_description\" : \"\u00c5pne uttrekksmenyen\"", "\"common_google_play_services_unknown_issue\" : \"Lietotn\u0113 %1$s ir radusies probl\u0113ma ar Google Play pakalpojumu darb\u012bbu. L\u016bdzu, m\u0113\u0123iniet v\u0113lreiz.\"", "\"abc_search_hint\" : \"Pesquisar\u2026\"", "\"mtrl_picker_day_of_week_column_header\" : \"Stupac s danima: %1$s\"", "\"abc_prepend_shortcut_label\" : \"Menu+\u200e\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0938\u0947 \u091c\u093c\u094d\u092f\u093e\u0926\u093e \u0928\u0908 \u0938\u0942\u091a\u0928\u093e\u090f\u0902\"", "\"common_google_play_services_wear_update_text\" : \"\u00c9 necess\u00e1ria uma nova vers\u00e3o dos servi\u00e7os do Google Play. Esta ser\u00e1 atualizada automaticamente em breve.\"", "\"mtrl_picker_out_of_range\" : \"\u101b\u1000\u103a\u1021\u1015\u102d\u102f\u1004\u103a\u1038\u1021\u1001\u103c\u102c\u1038 \u1015\u103c\u1004\u103a\u1015\u2212 %1$s\"", "\"bottomsheet_action_expand_halfway\" : \"Extinde pe ecran complet\"", "\"common_google_play_services_install_text\" : \"%1$s cihaz\u0131n\u0131zda m\u00f6vcud olmayan Google Play xidm\u0259tl\u0259ri olmadan \u00e7al\u0131\u015fmayacaq.\"", "\"abc_action_bar_up_description\" : \"\u0d89\u0dc4\u0dc5\u0da7 \u0dc3\u0d82\u0da0\u0dcf\u0dbd\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"V\u00e1lt\u00e1s sz\u00f6vegbeviteli m\u00f3dra\"", "\"abc_capital_off\" : \"AV\"", "\"material_timepicker_text_input_mode_description\" : \"\u6642\u523b\u3092\u30c6\u30ad\u30b9\u30c8\u3067\u5165\u529b\u3059\u308b\u30e2\u30fc\u30c9\u306b\u5207\u308a\u66ff\u3048\u307e\u3059\u3002\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b.\"", "\"character_counter_content_description\" : \"Caractere introduse: %1$d din %2$d\"", "\"material_timepicker_minute\" : \"Dakika\"", "\"search_menu_title\" : \"Bilatu\"", "\"abc_searchview_description_clear\" : \"\u041e\u0447\u0438\u0441\u0442\u0438\u0442\u0438 \u0437\u0430\u043f\u0438\u0442\"", "\"fallback_menu_item_copy_link\" : \"\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0441\u044b\u043b\u043a\u0443\"", "\"mtrl_picker_invalid_format_example\" : \"Halimbawa: %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u039c\u03b7 \u03ad\u03b3\u03ba\u03c5\u03c1\u03bf \u03b5\u03cd\u03c1\u03bf\u03c2.\"", "\"abc_searchview_description_clear\" : \"\u0421\u0443\u0440\u0430\u043c\u0434\u044b \u04e9\u0447\u04af\u0440\u04af\u04af\"", "\"common_open_on_phone\" : \"\u05e4\u05ea\u05d7 \u05d1\u05d8\u05dc\u05e4\u05d5\u05df\"", "\"common_google_play_services_notification_ticker\" : \"Gre\u0161ka Google Play usluga\"", "\"character_counter_content_description\" : \"\u0412\u044a\u0432\u0435\u0434\u0435\u043d\u0438 \u0437\u043d\u0430\u0446\u0438: %1$d \u043e\u0442 %2$d\"", "\"material_timepicker_text_input_mode_description\" : \"Kalo te modaliteti i hyrjes s\u00eb tekstit p\u00ebr hyrjen e koh\u00ebs.\"", "\"abc_action_bar_home_description\" : \"Gaan na tuisskerm\"", "\"abc_searchview_description_query\" : \"\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"material_timepicker_clock_mode_description\" : \"Byt till klockl\u00e4get och ange tid.\"", "\"material_minute_suffix\" : \"%1$s\ubd84\"", "\"mtrl_picker_a11y_prev_month\" : \"Endre til forrige m\u00e5ned\"", "\"fallback_menu_item_share_link\" : \"\u0dc3\u0db6\u0dd0\u0db3\u0dd2\u0dba \u0db6\u0dd9\u0daf\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"mtrl_picker_date_header_unselected\" : \"Tarikh dipilih\"", "\"abc_action_bar_up_description\" : \"\u0935\u0930 \u0928\u0947\u0935\u094d\u200d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"mtrl_picker_invalid_format_use\" : \"Koristite: %1$s\"", "\"abc_capital_off\" : \"\u0928\u093f\u0937\u094d\u0915\u094d\u0930\u093f\u092f\"", "\"common_google_play_services_updating_text\" : \"%1$s ilovasining ishlashi uchun zarur Google Play xizmatlari hozirda yangilanmoqda.\"", "\"common_google_play_services_updating_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kwamasevisi we-Google Play, okwamanje abuyekezwayo.\"", "\"material_timepicker_hour\" : \"Klukkustund\"", "\"nav_app_bar_open_drawer_description\" : \"\u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0cb6\u0ca8\u0ccd \u0ca1\u0ccd\u0cb0\u0cbe\u0cb5\u0cb0\u0ccd \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca4\u0cc6\u0cb0\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0915\u0945\u0932\u0947\u0902\u0921\u0930 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u0935\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e\"", "\"mtrl_picker_save\" : \"Saglab\u0101t\"", "\"mtrl_picker_invalid_format\" : \"\u063a\u0644\u0637 \u0641\u0627\u0631\u0645\u06cc\u0679\u06d4\"", "\"mtrl_picker_date_header_unselected\" : \"Khetha idethi\"", "false", "\"fallback_menu_item_copy_link\" : \"\u0dc3\u0db6\u0dd0\u0db3\u0dd2\u0dba \u0db4\u0dd2\u0da7\u0db4\u0dad\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0414\u0430\u0442\u0430 \u043d\u0430\u0447\u0430\u043b\u0430\u00a0\u2013 %1$s\"", "St12out_of_range", "\"common_google_play_services_update_button\" : \"Yangilash\"", "\"common_open_on_phone\" : \"Abrir en el tel\u00e9fono\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 sluttdato\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0bae\u0bc1\u0ba8\u0bcd\u0ba4\u0bc8\u0baf \u0bae\u0bbe\u0ba4\u0ba4\u0bcd\u0ba4\u0bc8\u0b95\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\"", "\"abc_menu_delete_shortcut_label\" : \"silin\"", "\"mtrl_picker_a11y_next_month\" : \"\u0dbd\u0db6\u0db1 \u0db8\u0dcf\u0dc3\u0dba\u0da7 \u0dc0\u0dd9\u0db1\u0dc3\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Alkamisp\u00e4iv\u00e4\"", "\"common_google_play_services_install_title\" : \"Obter servi\u00e7os do Google Play\"", "\"abc_searchview_description_submit\" : \"\u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40 \u0b26\u0b3e\u0b16\u0b32 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u30bf\u30c3\u30d7\u3059\u308b\u3068\u3001\u65e5\u306e\u9078\u629e\u306b\u5207\u308a\u66ff\u308f\u308a\u307e\u3059\"", "\"common_google_play_services_install_button\" : \"\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\"", "\"abc_action_bar_home_description\" : \"Vratite se na po\u010detnu stranicu\"", "\"error_icon_content_description\" : \"Hata\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0434\"", "\"search_menu_title\" : \"K\u00ebrko\"", "\"mtrl_picker_announce_current_selection\" : \"\u0e81\u0eb2\u0e99\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e9b\u0eb1\u0e94\u0e88\u0eb8\u0e9a\u0eb1\u0e99: %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0b15\u0b3e\u0b5d\u0b3f\u0b26\u0b3f\u0b05\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_enable_button\" : \"\u542f\u7528\"", "\"mtrl_picker_navigate_to_year_description\" : \"Siirry vuoteen %1$s\"", "\"mtrl_picker_invalid_format_example\" : \"\u0a89\u0aa6\u0abe\u0ab9\u0ab0\u0aa3: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u661f\u671f\u5e7e\u8cc7\u6599\u6b04\uff1a%1$s\"", "\"common_signin_button_text\" : \"\u062a\u0633\u062c\u0644 \u0627\u0644\u062f\u062e\u0648\u0644\"", "\"common_google_play_services_updating_text\" : \"Google Play \u670d\u52a1\u5f53\u524d\u6b63\u5728\u66f4\u65b0\uff0c\u56e0\u6b64\u60a8\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0ea7\"", "\"material_timepicker_minute\" : \"\u092e\u093f\u0928\u091f\"", "\"password_toggle_content_description\" : \"Vis passordet\"", "\"abc_shareactionprovider_share_with\" : \"Partilhar com\"", "\"abc_toolbar_collapse_description\" : \"Contrae\"", "\"mtrl_picker_invalid_format\" : \"Ugyldig format.\"", "\"abc_activitychooserview_choose_application\" : \"Zgjidh nj\u00eb aplikacion\"", "\"common_google_play_services_update_button\" : \"Uppf\u00e6ra\"", "\"fallback_menu_item_open_in_browser\" : \"Im Browser \u00f6ffnen\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Prijelaz na na\u010din unosa teksta\"", "\"mtrl_chip_close_icon_content_description\" : \"\u79fb\u9664 %1$s\"", "\"abc_activitychooserview_choose_application\" : \"Aukeratu aplikazio bat\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\"", "\"mtrl_picker_out_of_range\" : \"\u0410\u0443\u049b\u044b\u043c\u043d\u0430\u043d \u0442\u044bc: %1$s\"", "\"bottomsheet_action_expand_halfway\" : \"Nweba phakathi\"", "\"icon_content_description\" : \"ikona dijalo\u0161kog okvira\"", "\"abc_toolbar_collapse_description\" : \"\u0417\u0433\u0430\u0440\u043d\u0443\u0446\u044c\"", "\"fallback_menu_item_share_link\" : \"Jaga linki\"", "\"abc_toolbar_collapse_description\" : \"\u0c95\u0cc1\u0c97\u0ccd\u0c97\u0cbf\u0cb8\u0cbf\"", "\"abc_searchview_description_submit\" : \"Invia query\"", "\"material_hour_suffix\" : \"%1$s \u0c97\u0c82\u0c9f\u0cc6\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Toca per canviar a la selecci\u00f3 del dia\"", "\"nav_app_bar_open_drawer_description\" : \"Deschide\u021bi panoul de navigare\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0438\u0440\u0430\u043d\u0435 \u0434\u043e %1$s \u0433.\"", "\"fallback_menu_item_open_in_browser\" : \"Buka di browser\"", "\"character_counter_content_description\" : \"\u178f\u17bd\u200b\u17a2\u1780\u17d2\u179f\u179a\u200b\u1794\u17b6\u1793\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b %1$d \u1793\u17c3 %2$d\"", "\"abc_prepend_shortcut_label\" : \"Meni +\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u057f\u0565\u0584\u057d\u057f\u056b \u0574\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u0574\u0561\u0576 \u057c\u0565\u056a\u056b\u0574\u056b\u0576\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u041d\u0430\u0442\u0438\u0441\u043d\u0456\u0442\u044c, \u0449\u043e\u0431 \u0432\u0438\u0431\u0440\u0430\u0442\u0438 \u0434\u0435\u043d\u044c\"", "\"common_signin_button_text\" : \"Prijava\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 datum zavr\u0161etka\"", "\"common_google_play_services_updating_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini sedang dikemaskinikan.\"", "\"item_view_role_description\" : \"\u5206\u9801\"", "\"abc_shareactionprovider_share_with_application\" : \"%s il\u0259 payla\u015f\u0131n\"", "\"mtrl_picker_save\" : \"I-save\"", "\"abc_menu_enter_shortcut_label\" : \"daxil olun\"", "\"abc_shareactionprovider_share_with\" : \"\u0410\u0431\u0430\u0433\u0443\u043b\u0456\u0446\u044c \u043f\u0440\u0430\u0437\"", "\"character_counter_content_description\" : \"\u0d85\u0db1\u0dd4\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 %2$d\u0db1\u0dca %1$d\u0d9a\u0dca \u0d87\u0dad\u0dd4\u0dc5\u0dd4 \u0d9a\u0dd9\u0dbb\u0dd2\u0dab\u0dd2\"", "\"nav_app_bar_open_drawer_description\" : \"\u0641\u062a\u062d \u0644\u0627\u0626\u062d\u0629 \u0627\u0644\u062a\u0646\u0642\u0644\"", "\"common_google_play_services_enable_button\" : \"\u062a\u0641\u0639\u064a\u0644\"", "\"mtrl_picker_navigate_to_year_description\" : \"G\u00e5 til \u00e5r %1$s\"", "\"abc_action_bar_up_description\" : \"\u0993\u09aa\u09f0\u09b2\u09c8 \u09af\u09be\u0993\u0995\"", "\"error_icon_content_description\" : \"\u0daf\u0ddd\u0dc2\u0dba\"", "operator/", "St15underflow_error", "\"material_timepicker_pm\" : \"\u0905\u092a\u0930\u093e\u0939\u094d\u0928\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Za\u010detni datum\u2013%1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"Partekatu %s aplikazioarekin\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0ec0\u0ea5\u0eb7\u0ec8\u0ead\u0e99\u0ec4\u0e9b\u0e9b\u0eb5 %1$s\"", "\"mtrl_picker_range_header_unselected\" : \"Startdatum\u00a0\u2013 Enddatum\"", "\"common_google_play_services_enable_text\" : \"Du skal aktivere Google Play-tjenester, for at %1$s kan fungere.\"", "\"common_google_play_services_updating_text\" : \"\u0d28\u0d3f\u0d32\u0d35\u0d3f\u0d7d \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d28\u0d4d\u0d28 Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d07\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"fallback_menu_item_share_link\" : \"Deel skakel\"", "\"exposed_dropdown_menu_content_description\" : \"Rodyti i\u0161skleid\u017eiam\u0105j\u012f meniu\"", "\"abc_searchview_description_voice\" : \"Raddleit\"", "\"abc_menu_space_shortcut_label\" : \"preslednica\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0ec1\u0e9a\u0ec8\u0e87\u0e9b\u0eb1\u0e99\u0e94\u0ec9\u0ea7\u0e8d %s\"", "\"abc_action_bar_home_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c3\u03c4\u03b7\u03bd \u03b1\u03c1\u03c7\u03b9\u03ba\u03ae \u03c3\u03b5\u03bb\u03af\u03b4\u03b1\"", "\"material_timepicker_text_input_mode_description\" : \"\u5207\u63db\u81f3\u6587\u5b57\u8f38\u5165\u6a21\u5f0f\u4f86\u8f38\u5165\u6642\u9593\u3002\"", "\"abc_action_mode_done\" : \"\u179a\u17bd\u1785\u179a\u17b6\u179b\u17cb\"", "\"exposed_dropdown_menu_content_description\" : \"R\u0101d\u012bt nolai\u017eamo izv\u0113lni\"", "\"nav_app_bar_navigate_up_description\" : \"\u179a\u17c6\u1780\u17b7\u179b\u17a1\u17be\u1784\u179b\u17be\"", "\"abc_action_mode_done\" : \"\u0c2a\u0c42\u0c30\u0c4d\u0c24\u0c2f\u0c3f\u0c02\u0c26\u0c3f\"", "\"fallback_menu_item_open_in_browser\" : \"\u0412\u0456\u0434\u043a\u0440\u0438\u0442\u0438 \u0443 \u0432\u0435\u0431-\u043f\u0435\u0440\u0435\u0433\u043b\u044f\u0434\u0430\u0447\u0456\"", "\"mtrl_badge_numberless_content_description\" : \"\u0928\u0935\u0940\u0928 \u0938\u0942\u091a\u0928\u093e\"", "\"common_google_play_services_updating_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u0441\u044b\u0437 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442, \u0430\u043b\u0430\u0440 \u0443\u0447\u0443\u0440\u0434\u0430 \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u0443\u0443\u0434\u0430.\"", "\"mtrl_picker_invalid_format_use\" : \"Nota: %1$s\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u043d\u0438\u0441\u0443 \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0440\u0435\u0452\u0430\u0458\u0443.\"", "\"abc_searchview_description_query\" : \"Paie\u0161kos u\u017eklausa\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0d38\u0d47\u0d35\u0d28 \u0d32\u0d2d\u0d4d\u0d2f\u0d24\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u043d\u0435 \u043f\u0430\u0434\u0442\u0440\u044b\u043c\u043b\u0456\u0432\u0430\u044e\u0446\u0446\u0430 \u0432\u0430\u0448\u0430\u0439 \u043f\u0440\u044b\u043b\u0430\u0434\u0430\u0439.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u0438 \u0441\u043e %s\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija Google Play usluga. Ubrzo \u0107e se samo a\u017eurirati.\"", "\"abc_capital_off\" : \"\u0aac\u0a82\u0aa7\"", "\"common_google_play_services_install_title\" : \"Installer Google Play-tjenester\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u10e8\u10d4\u10d4\u10ee\u10d4\u10d7 \u10d3\u10e6\u10d8\u10e1 \u10d0\u10e0\u10e9\u10d4\u10d5\u10d0\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d0\u10e0\u10d7\u10d0\u10d5\u10d0\u10d3\"", "\"material_timepicker_minute\" : \"\u062f\u0642\u064a\u0642\u0629\"", "\"material_hour_selection\" : \"Pumili ng oras\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0926\u093f\"", "\"material_minute_suffix\" : \"%1$s \u0aae\u0abf\u0aa8\u0abf\u0a9f\"", "\"mtrl_picker_invalid_format_example\" : \"D\u00e6mi: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200eCollapse\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"material_timepicker_am\" : \"\u0434\u043f\"", "\"fallback_menu_item_copy_link\" : \"Kopieer skakel\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Kunni tanlash uchun bosing\"", "\"abc_capital_on\" : \"ON\"", "\"character_counter_overflowed_content_description\" : \"\u0422\u044d\u043c\u0434\u044d\u0433\u0442\u0438\u0439\u043d \u0445\u044f\u0437\u0433\u0430\u0430\u0440 %2$d-\u043d %1$d-\u0441 \u0445\u044d\u0442\u044d\u0440\u0441\u044d\u043d\"", "\"abc_activity_chooser_view_see_all\" : \"Ver todo\"", "\"common_google_play_services_update_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306fGoogle Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u3067\u3059\u3002\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u09b8\u09ae\u09be\u09aa\u09cd\u09a4\u09bf\u09b0 \u09a4\u09be\u09b0\u09bf\u0996\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u1021\u1019\u103e\u102c\u1038\"", "\"abc_searchview_description_clear\" : \"\u0412\u044b\u0434\u0430\u043b\u0456\u0446\u044c \u0437\u0430\u043f\u044b\u0442\"", "\"mtrl_picker_invalid_range\" : \"El rango no es v\u00e1lido.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Atinge\u021bi pentru a comuta la selectarea unei zile\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"abc_menu_function_shortcut_label\" : \"\u200eFunction+\u200e\"", "\"fallback_menu_item_copy_link\" : \"\u0e04\u0e31\u0e14\u0e25\u0e2d\u0e01\u0e25\u0e34\u0e07\u0e01\u0e4c\"", "\"character_counter_overflowed_content_description\" : \"Yfir h\u00e1marksstafafj\u00f6lda, %1$d af %2$d\"", "\"abc_menu_shift_shortcut_label\" : \"P\u0101rsl\u0113g\u0161anas tausti\u0146\u0161\u00a0+\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data de inicio - %1$s\"", "\"material_timepicker_minute\" : \"Menit\"", "\"common_signin_button_text\" : \"\u041f\u0440\u0438\u0458\u0430\u0432\u0438 \u043c\u0435\"", " imaginary", "\"material_hour_suffix\" : \"%1$s \u70b9\"", "_Unwind_VRS_Get_Internal", "\"mtrl_picker_toggle_to_year_selection\" : \"Dodirnite da biste pre\u0161li na izbor godine\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0414\u0430\u0442\u0443\u043c \u0437\u0430\u0432\u0440\u0448\u0435\u0442\u043a\u0430\"", "\"common_google_play_services_update_text\" : \"%1$s no se ejecutar\u00e1 a menos que actualices los servicios de Google Play.\"", "\"abc_searchview_description_search\" : \"\u0ab6\u0acb\u0aa7\u0acb\"", "\"abc_action_bar_home_description\" : \"Boshiga o\u2018tish\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0e40\u0e1b\u0e25\u0e35\u0e48\u0e22\u0e19\u0e44\u0e1b\u0e17\u0e35\u0e48\u0e40\u0e14\u0e37\u0e2d\u0e19\u0e01\u0e48\u0e2d\u0e19\u0e2b\u0e19\u0e49\u0e32\"", "throw(", "\"bottomsheet_action_expand_halfway\" : \"Vis halve feltet nederst\"", "\"material_clock_toggle_content_description\" : \"Pasirinkite \u201eiki piet\u0173\u201c arba \u201epo piet\u0173\u201c\"", "\"mtrl_picker_out_of_range\" : \"\u7bc4\u56f2\u5916: %1$s\"", "\"search_menu_title\" : \"C\u0103uta\u021bi\"", "\"common_google_play_services_install_text\" : \"%1$s kan inte k\u00f6ras utan Google Play-tj\u00e4nsterna, som saknas p\u00e5 enheten.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Cambiar al modo de introducci\u00f3n Texto\"", "\"common_open_on_phone\" : \"\u10e2\u10d4\u10da\u10d4\u10e4\u10dd\u10dc\u10e8\u10d8 \u10d2\u10d0\u10ee\u10e1\u10dc\u10d0\"", "\"abc_activitychooserview_choose_application\" : \"Wybierz aplikacj\u0119\"", "\"abc_action_menu_overflow_description\" : \"\u0e95\u0ebb\u0ea7\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ec0\u0e9e\u0eb5\u0ec8\u0ea1\u0ec0\u0e95\u0eb5\u0ea1\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data de finalizaci\u00f3n\"", "\"key\" : \"ebfb7ff0-b2f6-41c8-bef3-4fba17be410c\"", "\"material_hour_selection\" : \"Seleccionar hora\"", "\"common_google_play_services_enable_title\" : \"Activar servizos de Google Play\"", "\"mtrl_picker_announce_current_selection\" : \"Nykyinen valinta: %1$s\"", "\"abc_capital_off\" : \"ISKLJU\u010cENO\"", "\"common_google_play_services_install_text\" : \"%1$s no s'executar\u00e0 si Serveis de Google Play no est\u00e0 instal\u00b7lat al dispositiu.\"", "\"mtrl_picker_date_header_title\" : \"Pasirinkite dat\u0105\"", "\"abc_shareactionprovider_share_with\" : \"\u0dc3\u0db8\u0d9c \u0db6\u0dd9\u0daf\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"common_google_play_services_install_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die je nog niet op je apparaat hebt.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0628\u062f\u0621\"", "\"icon_content_description\" : \"Dialogo lango piktograma\"", "\"bottomsheet_action_expand_halfway\" : \"\u0c38\u0c17\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c35\u0c3f\u0c38\u0c4d\u0c24\u0c30\u0c3f\u0c02\u0c2a\u0c1c\u0c47\u0c2f\u0c02\u0c21\u0c3f\"", "\"fallback_menu_item_share_link\" : \"\u12a0\u1308\u1293\u129d \u12a0\u130b\u122b\"", "\"material_timepicker_clock_mode_description\" : \"\u0423\u0431\u0430\u043a\u044b\u0442\u0442\u044b \u0434\u0443\u0431\u0430\u043b \u0441\u0430\u0430\u0442\u044b\u043d\u044b\u043d \u0440\u0435\u0436\u0438\u043c\u0438\u043d\u0434\u0435 \u043a\u0438\u0440\u0433\u0438\u0437\u0438\u04a3\u0438\u0437.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data rozpocz\u0119cia\"", "\"abc_activity_chooser_view_see_all\" : \"\u017dr. visk\u0105\"", "\"abc_prepend_shortcut_label\" : \"Poga Izv\u0113lne\u00a0+\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u03b7\"", "\"common_google_play_services_update_text\" : \"%1$s haitafanya kazi hadi usasishe huduma za Google Play.\"", "\"abc_capital_on\" : \"\u0544\u053b\u0531\u0551\u0546\u0535\u053c\"", "\"bottomsheet_action_expand_halfway\" : \"Zabaldu erdiraino\"", "\"character_counter_overflowed_content_description\" : \"Du har brugt %1$d tegn og dermed overskredet tegnbegr\u00e6nsningen p\u00e5 %2$d.\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u0432\u0438\u0432\u0430\u043d\u0435\"", "\"abc_prepend_shortcut_label\" : \"Menyja+\"", "\"abc_action_bar_up_description\" : \"Yukar\u0131 git\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\"", "\"mtrl_picker_date_header_title\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0434\u0430\u0442\u0443\u043c\"", "\"character_counter_content_description\" : \"Karakter yang dimasukkan %1$d dari %2$d\"", "\"abc_capital_off\" : \"\u062e\u0627\u0645\u0648\u0634\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u03a0\u03ac\u03bd\u03c9 \u03b1\u03c0\u03cc %1$d \u03bd\u03ad\u03b5\u03c2 \u03b5\u03b9\u03b4\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03b5\u03b9\u03c2\"", "\"mtrl_picker_save\" : \"Kaydet\"", "\"character_counter_content_description\" : \"Sisestatud t\u00e4hem\u00e4rgid: %1$d/%2$d\"", "\"common_google_play_services_wear_update_text\" : \"\u00c8 richiesta una nuova versione di Google Play Services. L'aggiornamento automatico verr\u00e0 eseguito a breve.\"", "\"path_password_eye_mask_strike_through\" : \"M2,4.27 L19.73,22 L22.27,19.46 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", "\"common_open_on_phone\" : \"\u0386\u03bd\u03bf\u03b9\u03b3\u03bc\u03b1 \u03c3\u03b5 \u03c4\u03b7\u03bb\u03ad\u03c6\u03c9\u03bd\u03bf\"", "\"fallback_menu_item_copy_link\" : \"\u09b2\u09bf\u0999\u09cd\u0995 \u0995\u09aa\u09bf \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u0531\u057e\u0565\u056c\u056b \u0584\u0561\u0576 %1$d \u0576\u0578\u0580 \u056e\u0561\u0576\u0578\u0582\u0581\u0578\u0582\u0574\"", "\"abc_searchview_description_voice\" : \"\u0414\u0443\u0443\u0442 \u0445\u0430\u0439\u043b\u0442\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u1218\u1300\u1218\u122a\u12eb \u1240\u1295\"", "\"fallback_menu_item_copy_link\" : \"\u0644\u0646\u06a9 \u06a9\u0627\u067e\u06cc \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_updating_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e \"Luaj me Google\", t\u00eb cilat po p\u00ebrdit\u00ebsohen aktualisht.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e43\u0e0a\u0e49\u0e42\u0e2b\u0e21\u0e14\u0e1b\u0e49\u0e2d\u0e19\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e02\u0e49\u0e2d\u0e04\u0e27\u0e32\u0e21\"", "\"character_counter_overflowed_content_description\" : \"\u0d05\u0d15\u0d4d\u0d37\u0d30 \u0d2a\u0d30\u0d3f\u0d27\u0d3f, %2$d-\u0d7d %1$d \u0d15\u0d35\u0d3f\u0d1e\u0d4d\u0d1e\u0d41\"", "decltype(", "\"common_google_play_services_enable_text\" : \"%1$s tidak akan berfungsi melainkan anda mendayakan perkhidmatan Google Play.\"", "\"common_google_play_services_update_title\" : \"Google Play xidm\u0259tl\u0259rini g\u00fcnc\u0259ll\u0259\u015fdirin\"", "\"abc_shareactionprovider_share_with\" : \"\u0414\u0435\u043b\u0438\u0442\u0435 \u043f\u043e\u043c\u043e\u045b\u0443\"", "\"abc_searchview_description_submit\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10d2\u10d0\u10d3\u10d0\u10d2\u10d6\u10d0\u10d5\u10dc\u10d0\"", "\"common_google_play_services_update_title\" : \"Sasisha huduma za Google Play\"", "\"item_view_role_description\" : \"\u041a\u0430\u0440\u0442\u0438\u0446\u0430\"", "\"common_google_play_services_update_button\" : \"\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\"", "\"character_counter_overflowed_content_description\" : \"\u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0646\u0648\u06cc\u0633\u0647 \u0627\u0632 \u062d\u062f \u0645\u062c\u0627\u0632 %1$d \u0627\u0632 %2$d \u0628\u06cc\u0634\u062a\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a\"", "\"clear_text_end_icon_content_description\" : \"\u0caa\u0ca0\u0ccd\u0caf \u0ca4\u0cc6\u0cb0\u0cb5\u0cc1\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"mtrl_picker_out_of_range\" : \"Uden for interval: %1$s\"", "\"common_google_play_services_enable_button\" : \"B\u1eadt\"", "\"material_minute_selection\" : \"Selecta\u021bi minutele\"", "\"mtrl_picker_a11y_next_month\" : \"\u0a86\u0a97\u0ab2\u0abe \u0aae\u0ab9\u0abf\u0aa8\u0abe \u0aaa\u0ab0 \u0aac\u0aa6\u0ab2\u0acb\"", "\"exposed_dropdown_menu_content_description\" : \"\u0a21\u0a4d\u0a30\u0a4c\u0a2a-\u0a21\u0a3e\u0a0a\u0a28 \u0a2e\u0a40\u0a28\u0a42 \u0a26\u0a3f\u0a16\u0a3e\u0a13\"", "\"material_timepicker_text_input_mode_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u0438\u0439 \u0440\u0435\u0436\u0438\u043c, \u0449\u043e\u0431 \u0432\u0432\u0435\u0441\u0442\u0438 \u0447\u0430\u0441.\"", "\"abc_menu_delete_shortcut_label\" : \"\u09ae\u09c1\u099b\u09c1\u09a8\"", "\"material_clock_toggle_content_description\" : \"Chagua AM au PM\"", "\"mtrl_picker_range_header_unselected\" : \"\u041d\u0430\u0447\u0430\u043b\u043d\u0430 \u0434\u0430\u0442\u0430 \u2013 \u043a\u0440\u0430\u0439\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"common_signin_button_text_long\" : \"Google orqali kirish\"", "\"common_google_play_services_update_title\" : \"Google Play hizmetlerini g\u00fcncelleyin\"", "\"character_counter_content_description\" : \"%1$d/%2$d karaktere idatzi dira\"", "\"material_clock_toggle_content_description\" : \"Zgjidh paradite ose pasdite\"", "\"mtrl_picker_text_input_month_abbr\" : \"H\"", "\"material_timepicker_hour\" : \"\u0c17\u0c02\u0c1f\"", "\"abc_searchview_description_clear\" : \"Borra a consulta\"", "\"abc_capital_on\" : \"\u049a\u041e\u0421\u0423\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0c15\u0c4d\u0c2f\u0c3e\u0c32\u0c46\u0c02\u0c21\u0c30\u0c4d \u0c07\u0c28\u0c4d\u200c\u0c2a\u0c41\u0c1f\u0c4d \u0c2e\u0c4b\u0c21\u0c4d\u200c\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c41\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"material_clock_toggle_content_description\" : \"Odaberite prijepodne ili poslijepodne\"", "\"mtrl_badge_numberless_content_description\" : \"Nova notifica\u00e7\u00e3o\"", "\"mtrl_picker_a11y_prev_month\" : \"Aldatu aurreko hilabetera\"", "\"copy_toast_msg\" : \"\u067e\u06cc\u0648\u0646\u062f \u062f\u0631 \u0628\u0631\u06cc\u062f\u0647\u200c\u062f\u0627\u0646 \u06a9\u067e\u06cc \u0634\u062f\"", "\"abc_menu_sym_shortcut_label\" : \"Sym+\u200e\"", "\"icon_content_description\" : \"Ikona e dialogut\"", "\"common_google_play_services_install_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u094b \u0906\u092a\u0915\u0947 \u0921\u093f\u0935\u093e\u0907\u0938 \u092e\u0947\u0902 \u0909\u092a\u0932\u092c\u094d\u0927 \u0928\u0939\u0940\u0902 \u0939\u0948\u0902.\"", "\"abc_searchview_description_query\" : \"\u0637\u0644\u0628 \u0628\u062d\u062b\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0ec0\u0ea5\u0eb5\u0ec8\u0ea1\u0e95\u0ebb\u0ec9\u0e99 \u2013 %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"P\u0101rvietoties aug\u0161up\"", "\"common_google_play_services_install_button\" : \"Instal\"", "\"mtrl_picker_out_of_range\" : \"\u041f\u0430-\u0437\u0430 \u043c\u0435\u0436\u0430\u043c\u0456 \u0434\u044b\u044f\u043f\u0430\u0437\u043e\u043d\u0443: %1$s\"", "\"mtrl_picker_out_of_range\" : \"\u0412\u043d\u0435 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430: %1$s\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0634\"", "\"material_timepicker_pm\" : \"P.M.\"", "\"common_google_play_services_install_title\" : \"Google Play-Dienste installieren\"", "\"common_google_play_services_enable_button\" : \"Kveikja\"", "\"password_toggle_content_description\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0926\u0947\u0916\u093e\u0909\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"material_timepicker_pm\" : \"p. m.\"", "\"mtrl_picker_invalid_format\" : \"Virheellinen muoto\"", "\"abc_menu_delete_shortcut_label\" : \"CANC\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u041a\u0440\u0430\u0439\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0434\u043e \u043f\u043e\u043f\u0435\u0440\u0435\u0434\u043d\u044c\u043e\u0433\u043e \u043c\u0456\u0441\u044f\u0446\u044f\"", "\"character_counter_overflowed_content_description\" : \"\u178a\u17c2\u1793\u1780\u17c6\u178e\u178f\u17cb\u178f\u17bd\u17a2\u1780\u17d2\u179f\u179a\u1794\u17b6\u1793\u179b\u17be\u179f %1$d \u1793\u17c3 %2$d\"", "\"material_timepicker_select_time\" : \"\u0c38\u0c2e\u0c2f\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043c\u0435\u043d \u0431\u04e9\u043b\u0456\u0441\u0443\"", "\"character_counter_overflowed_content_description\" : \"Harflar soni (%1$d) cheklovdan (%2$d) oshib ketdi\"", "\"mtrl_picker_save\" : \"\u0421\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c\"", "\"common_google_play_services_install_button\" : \"Asenna\"", "\"common_google_play_services_install_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google Play.\"", "\"bottomsheet_action_expand_halfway\" : \"\u092a\u0942\u0930\u094d\u0923\u092a\u0923\u0947 \u0935\u093f\u0938\u094d\u0924\u0943\u0924 \u0915\u0930\u093e\"", "\"common_google_play_services_enable_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u049b\u043e\u0441\u043f\u0430\u0441\u0430\u04a3\u044b\u0437, %1$s \u0436\u04b1\u043c\u044b\u0441 \u0456\u0441\u0442\u0435\u043c\u0435\u0439\u0434\u0456.\"", "\"mtrl_picker_invalid_format_use\" : \"Utilitza: %1$s\"", "\"common_google_play_services_unknown_issue\" : \"%1$s sta riscontrando problemi con Google Play Services. Riprova.\"", "\"common_google_play_services_install_text\" : \"\uae30\uae30\uc5d0 Google Play \uc11c\ube44\uc2a4\uac00 \uc124\uce58\ub418\uc5b4 \uc788\uc5b4\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"copy_toast_msg\" : \"\ud074\ub9bd\ubcf4\ub4dc\uc5d0 \ub9c1\ud06c \ubcf5\uc0ac\ub428\"", "\"material_timepicker_text_input_mode_description\" : \"In den Texteingabemodus wechseln, um die Uhrzeit einzugeben.\"", "\"abc_menu_delete_shortcut_label\" : \"\u0a2e\u0a3f\u0a1f\u0a3e\u0a13\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0905\u0918\u093f\u0932\u094d\u0932\u094b \u092e\u0939\u093f\u0928\u093e\u092e\u093e \u0938\u093e\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0915\u094b Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u0938\u093e\u0925 \u0938\u092e\u0938\u094d\u092f\u093e \u0906 \u0930\u0939\u0940 \u0939\u0948. \u0915\u0943\u092a\u092f\u093e \u092b\u093f\u0930 \u0938\u0947 \u0915\u094b\u0936\u093f\u0936 \u0915\u0930\u0947\u0902.\"", "\"abc_capital_off\" : \"\u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dcf\u0dc0\u0dd2\u0dbb\u0dc4\u0dd2\u0dad\u0dba\u0dd2\"", "\"mtrl_picker_a11y_next_month\" : \"Lumipat sa susunod na buwan\"", "\"common_google_play_services_enable_button\" : \"\u041e\u043c\u043e\u0433\u0443\u045b\u0438\"", "\"abc_searchview_description_query\" : \"\u0406\u0437\u0434\u0435\u0443 \u0441\u04b1\u0440\u0430\u0443\u044b\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Lumipat sa pamamaraan ng pag-input ng text\"", "\"common_open_on_phone\" : \"Buka di ponsel\"", "\"common_google_play_services_updating_text\" : \"%1$s no s'executar\u00e0 sense Serveis de Google Play, que s'est\u00e0 actualitzant en aquest moment.\"", "\"common_google_play_services_install_button\" : \"\u10d8\u10dc\u10e1\u10e2\u10d0\u10da\u10d0\u10ea\u10d8\u10d0\"", "\"common_signin_button_text\" : \"\u0e25\u0e07\u0e0a\u0e37\u0e48\u0e2d\u0e40\u0e02\u0e49\u0e32\u0e43\u0e0a\u0e49\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Mehr als %1$d\u00a0neue Benachrichtigungen\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Alternar para o modo de entrada da agenda\"", "\"common_google_play_services_update_button\" : \"I-update\"", "\"common_google_play_services_install_button\" : \"Installieren\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u043d\u0430 \u0441\u043b\u0435\u0434\u0435\u045b\u0438 \u043c\u0435\u0441\u0435\u0446\"", "\"abc_prepend_shortcut_label\" : \"\u0426\u044d\u0441+\"", "\"character_counter_content_description\" : \"Umeweka herufi %1$d kati ya %2$d\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u5207\u6362\u5230\u6587\u672c\u5b57\u6bb5\u8f93\u5165\u6a21\u5f0f\"", "\"common_google_play_services_update_button\" : \"C\u1eadp nh\u1eadt\"", "\"character_counter_content_description\" : \"\u8f93\u5165\u4e86 %1$d \u4e2a\u5b57\u7b26\uff08\u4e0a\u9650\u4e3a %2$d \u4e2a\uff09\"", "\"material_timepicker_text_input_mode_description\" : \"\u09b8\u09ae\u09df \u0987\u09a8\u09aa\u09c1\u099f \u09a6\u09c7\u0993\u09df\u09be\u09b0 \u099c\u09a8\u09cd\u09af \u09aa\u09be\u09a0\u09cd\u09af \u0987\u09a8\u09aa\u09c1\u099f \u09ae\u09cb\u09a1\u09c7 \u09af\u09be\u09a8\u0964\"", "\"abc_toolbar_collapse_description\" : \"\u09b8\u0982\u0995\u09cb\u099a\u09a8 \u0995\u09f0\u0995\"", "\"mtrl_picker_invalid_format\" : \"Formato no v\u00e1lido.\"", "\"mtrl_picker_range_header_title\" : \"Selecciona un per\u00edodo\"", "\"clear_text_end_icon_content_description\" : \"I-clear ang text\"", "char16_t", "\"material_timepicker_select_time\" : \"Zgjidh or\u00ebn\"", "\"abc_searchview_description_clear\" : \"Kosongkan pertanyaan\"", "\"fallback_menu_item_copy_link\" : \"\u0646\u0633\u062e \u0627\u0644\u0631\u0627\u0628\u0637\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Tanggal mulai\"", "\"common_signin_button_text_long\" : \"\u0ea5\u0ebb\u0e87\u0e8a\u0eb7\u0ec8\u0ec0\u0e82\u0ebb\u0ec9\u0eb2\u0ec3\u0e8a\u0ec9\u0e94\u0ec9\u0ea7\u0e8d Google\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 nh\u1eadp v\u0103n b\u1ea3n\"", "\"abc_activity_chooser_view_see_all\" : \"\u09b8\u0995\u09b2\u09cb \u099a\u09be\u0993\u0995\"", "\"common_open_on_phone\" : \"\u092b\u094b\u0928\u0935\u0930 \u0909\u0918\u0921\u093e\"", "\"common_google_play_services_wear_update_text\" : \"Cal una nova versi\u00f3 de Serveis de Google Play. S'actualitzar\u00e0 autom\u00e0ticament aviat.\"", "\"abc_toolbar_collapse_description\" : \"Komprimera\"", "\"common_google_play_services_install_text\" : \"\u0422\u0430\u043d\u044b \u0442\u04e9\u0445\u04e9\u04e9\u0440\u04e9\u043c\u0436\u0438\u0434 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d \u0431\u0430\u0439\u0445\u0433\u04af\u0439 \u0442\u0443\u043b %1$s \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Befejez\u00e9s d\u00e1tuma\"", "\"mtrl_picker_navigate_to_year_description\" : \"Ir ao ano %1$s\"", "\"material_minute_selection\" : \"\u0ca8\u0cbf\u0cae\u0cbf\u0cb7\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"bottomsheet_action_expand_halfway\" : \"Rozbalit nap\u016fl\"", "\"mtrl_picker_a11y_prev_month\" : \"V\u00e1lt\u00e1s az el\u0151z\u0151 h\u00f3napra\"", "\"common_google_play_services_install_button\" : \"\u041e\u0440\u043d\u0430\u0442\u0443\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u09b8\u09aa\u09cd\u09a4\u09be\u09b9\u09c7\u09b0 \u09a6\u09bf\u09a8\u0997\u09c1\u09b2\u09bf\u09b0 \u0995\u09b2\u09be\u09ae: %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Gaan op\"", "\"common_google_play_services_update_title\" : \"Mettre \u00e0 jour les services Google Play\"", "\"mtrl_picker_date_header_title\" : \"Seleccionar fecha\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u062a\u0627\u0631\u06cc\u062e \u067e\u0627\u06cc\u0627\u0646\"", "\"material_timepicker_hour\" : \"\u0633\u0627\u0639\u062a\"", "\"common_google_play_services_notification_channel_name\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u0989\u09aa\u09b2\u09ac\u09cd\u09a7\u09a4\u09be\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0938\u093e\u0932 %1$s \u092a\u0930 \u091c\u093e\u090f\u0902\"", "\"mtrl_picker_invalid_range\" : \"Invalid na hanay.\"", "\"common_google_play_services_update_button\" : \"P\u00e4ivit\u00e4\"", "\"abc_search_hint\" : \"Pretra\u017eite...\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Byt till text som inmatningsl\u00e4ge\"", "\"material_timepicker_minute\" : \"\u0550\u0578\u057a\u0565\"", "\"common_signin_button_text_long\" : \"Sign in with Google\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u7d50\u675f\u65e5\u671f\"", "\"password_toggle_content_description\" : \"\u0646\u0645\u0627\u06cc\u0634 \u06af\u0630\u0631\u0648\u0627\u0698\u0647\"", "\"material_timepicker_minute\" : \"\u0ba8\u0bbf\u0bae\u0bbf\u0b9f\u0bae\u0bcd\"", "\"abc_activitychooserview_choose_application\" : \"\u0395\u03c0\u03b9\u03bb\u03ad\u03be\u03c4\u03b5 \u03bc\u03b9\u03b1 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\"", "\"abc_searchview_description_query\" : \"\u0418\u0437\u0434\u0435\u043b\u0433\u0435\u043d \u0441\u0443\u0440\u0430\u043c\"", "\"material_minute_selection\" : \"\u0b2e\u0b3f\u0b28\u0b3f\u0b1f\u0b4d\u200d \u0b1a\u0b5f\u0b28 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"icon_content_description\" : \"\u0ec4\u0ead\u0e84\u0ead\u0e99\u0e81\u0ec8\u0ead\u0e87\u0ec2\u0e95\u0ec9\u0e95\u0ead\u0e9a\"", "\"abc_searchview_description_query\" : \"\u0936\u094b\u0927 \u0915\u094d\u0935\u0947\u0930\u0940\"", "\"common_google_play_services_updating_text\" : \"\u0daf\u0dd0\u0db1\u0da7 \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db8\u0dd2\u0db1\u0dca \u0d87\u0dad\u0dd2, Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"material_timepicker_text_input_mode_description\" : \"\u0c38\u0c2e\u0c2f\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c28\u0c2e\u0c4b\u0c26\u0c41 \u0c1a\u0c47\u0c2f\u0c21\u0c02 \u0c15\u0c4b\u0c38\u0c02 \u0c35\u0c1a\u0c28 \u0c28\u0c2e\u0c4b\u0c26\u0c41 \u0c2e\u0c4b\u0c21\u0c4d\u200c\u0c15\u0c3f \u0c2e\u0c3e\u0c30\u0c02\u0c21\u0c3f.\"", "\"material_timepicker_clock_mode_description\" : \"Aktiveerige kellaaja sisestamiseks kellare\u017eiim.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u099f\u09c7\u0995\u09cd\u09b8\u099f \u0987\u09a8\u09aa\u09c1\u099f \u09ae\u09cb\u09a1\u09c7 \u09ac\u09a6\u09b2 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be, \u09af\u09c7\u099f\u09bf \u0986\u09aa\u09a8\u09be\u09b0 \u09a1\u09bf\u09ad\u09be\u0987\u09b8\u09c7 \u09b8\u09ae\u09b0\u09cd\u09a5\u09bf\u09a4 \u09a8\u09af\u09bc\u09f7\"", "\"abc_search_hint\" : \"\u0425\u0430\u0439\u0445\u2026\"", "\"mtrl_picker_text_input_day_abbr\" : \"z\"", "\"common_google_play_services_enable_button\" : \"\u0410\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u043d\u0435\"", "\"common_google_play_services_unknown_issue\" : \"%1$s, Google Play hizmetleriyle ilgili sorun ya\u015f\u0131yor. L\u00fctfen tekrar deneyin.\"", "\"fallback_menu_item_open_in_browser\" : \"\u5728\u6d4f\u89c8\u5668\u4e2d\u6253\u5f00\"", "\"abc_capital_on\" : \"AN\"", "\"search_menu_title\" : \"S\u00f8k\"", "\"mtrl_picker_a11y_next_month\" : \"Trece\u021bi la luna urm\u0103toare\"", "\"abc_searchview_description_clear\" : \"\u054b\u0576\u057b\u0565\u056c \u0570\u0561\u0580\u0581\u0578\u0582\u0574\u0568\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u00ddttu til a\u00f0 skipta yfir \u00ed a\u00f0 velja dag\"", "\"material_hour_suffix\" : \"%1$s\u00a0h\"", "\"mtrl_picker_range_header_title\" : \"Selecciona un interval\"", "\"abc_menu_delete_shortcut_label\" : \"\u1230\u122d\u12dd\"", "\"common_google_play_services_update_text\" : \"\u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d7e Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u200c\u0d24\u0d3f\u0d32\u0d4d\u0d32\u0d46\u0d19\u0d4d\u0d15\u0d3f\u0d7d %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"nav_app_bar_navigate_up_description\" : \"Naviga\u021bi \u00een sus\"", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0435\u0435\u0441\u044f \u043c\u0435\u043d\u044e\"", "\"mtrl_chip_close_icon_content_description\" : \"Quita %1$s\"", "\"abc_searchview_description_search\" : \"S\u00f8k\"", "\"abc_capital_off\" : \"OFF\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0905\u0928\u094d\u0924\u094d\u092f \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f\"", "\"character_counter_content_description\" : \"%1$d/%2$d \u0442\u0430\u04a3\u0431\u0430 \u0435\u043d\u0433\u0456\u0437\u0456\u043b\u0434\u0456\"", "\"abc_activity_chooser_view_see_all\" : \"Xem t\u1ea5t c\u1ea3\"", "\"abc_searchview_description_voice\" : \"\u0d38\u0d02\u0d38\u0d3e\u0d30\u0d24\u0d4d\u0d24\u0d3f\u0d32\u0d42\u0d1f\u0d46 \u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u958b\u59cb\u65e5\"", "\"nav_app_bar_open_drawer_description\" : \"\u00d6ppna navigeringspanelen\"", "\"material_timepicker_minute\" : \"\u0d2e\u0d3f\u0d28\u0d3f\u0d31\u0d4d\u0d31\u0d4d\"", "\"common_signin_button_text\" : \"\u0b89\u0bb3\u0bcd\u0ba8\u0bc1\u0bb4\u0bc8\u0b95\"", "\"nav_app_bar_open_drawer_description\" : \"\u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u09b6\u09a8 \u09a1\u09cd\u09b0\u09af\u09bc\u09be\u09b0 \u0996\u09c1\u09b2\u09c1\u09a8\"", "\"nav_app_bar_open_drawer_description\" : \"Abrir panel lateral de navegaci\u00f3n\"", "\"search_menu_title\" : \"\u641c\u5c0b\"", "\"common_google_play_services_unsupported_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, koje va\u0161 ure\u0111aj ne podr\u017eava.\"", "\"material_timepicker_text_input_mode_description\" : \"Vaqtni kiritish uchun matn kiritish rejimiga o\u2018ting.\"", "\"abc_toolbar_collapse_description\" : \"Runtuhkan\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0c24\u0c47\u0c26\u0c40\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u06a9\u0647 \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0645\u0627 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0646\u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u062c\u0631\u0627 \u0646\u062e\u0648\u0627\u0647\u062f \u0634\u062f.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s-\u10e1 Google Play Services-\u10d7\u10d0\u10dc \u10de\u10e0\u10dd\u10d1\u10da\u10d4\u10db\u10d0 \u10e8\u10d4\u10d4\u10e5\u10db\u10dc\u10d0. \u10d2\u10d7\u10ee\u10dd\u10d5\u10d7, \u10ea\u10d0\u10d3\u10dd\u10d7 \u10ee\u10d4\u10da\u10d0\u10ee\u10da\u10d0.\"", "\"common_google_play_services_update_button\" : \"Atualizar\"", "\"common_google_play_services_install_button\" : \"Telep\u00edt\u00e9s\"", "\"nav_app_bar_open_drawer_description\" : \"Open navigation drawer\"", "\"mtrl_picker_date_header_title\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0434\u0430\u0442\u0443\"", "\"fallback_menu_item_open_in_browser\" : \"\u1794\u17be\u1780\u200b\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u200b\u1780\u1798\u17d2\u1798\u179c\u17b7\u1792\u17b8\u200b\u179a\u17bb\u1780\u179a\u1780\u178f\u17b6\u1798\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\"", "\"common_google_play_services_enable_button\" : \"Habilitar\"", "\"exposed_dropdown_menu_content_description\" : \"Shfaq menyn\u00eb me l\u00ebshim posht\u00eb\"", "\"common_google_play_services_unsupported_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, ki jih va\u0161a naprava ne podpira.\"", "\"password_toggle_content_description\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0926\u093f\u0916\u093e\u090f\u0902\"", "\"icon_content_description\" : \"\u0130leti\u015fim kutusu simgesi\"", "\"bottomsheet_action_expand_halfway\" : \"Pro\u0161irivanje dopola\"", "\"mtrl_picker_announce_current_selection\" : \"L\u1ef1a ch\u1ecdn hi\u1ec7n t\u1ea1i: %1$s\"", "\"nav_app_bar_open_drawer_description\" : \"\u0dc3\u0d82\u0da0\u0dbd\u0db1 \u0d87\u0daf\u0dd3\u0db8 \u0dc0\u0dd2\u0dc0\u0dd8\u0dad \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"fallback_menu_item_copy_link\" : \"\u30ea\u30f3\u30af\u3092\u30b3\u30d4\u30fc\"", "\"fallback_menu_item_share_link\" : \"Yabelana ngesixhumanisi\"", "\"search_menu_title\" : \"\u0627\u0644\u0628\u062d\u062b\"", "\"mtrl_picker_text_input_day_abbr\" : \"T\"", "\"common_signin_button_text_long\" : \"\u1260Google \u12ed\u130d\u1261\"", "_Unwind_VRS_Pop", "\"search_menu_title\" : \"Sesha\"", "\"common_google_play_services_enable_button\" : \"Activar\"", "\"common_google_play_services_install_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida teie seadmes pole.\"", "\"material_hour_suffix\" : \"%1$s soat\"", "\"abc_menu_space_shortcut_label\" : \"spacja\"", "\"abc_action_bar_up_description\" : \"\u1021\u1015\u1031\u102b\u103a\u101e\u102d\u102f\u1037 \u101b\u103d\u103e\u1031\u1037\u101b\u1014\u103a\"", "\"common_google_play_services_unsupported_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi hazitumiki kwenye kifaa chako.\"", "\"item_view_role_description\" : \"\u0639\u0644\u0627\u0645\u0629 \u062a\u0628\u0648\u064a\u0628\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0414\u043e\u0434\u0438\u0440\u043d\u0438\u0442\u0435 \u0434\u0430 \u0431\u0438\u0441\u0442\u0435 \u043f\u0440\u0435\u0448\u043b\u0438 \u043d\u0430 \u0438\u0437\u0431\u043e\u0440 \u0433\u043e\u0434\u0438\u043d\u0435\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0935\u0930\u094d\u0937 %1$s \u092e\u093e \u091c\u093e\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_prepend_shortcut_label\" : \"Menu +\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Ba\u015flang\u0131\u00e7 tarihi\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Preklop na na\u010din vnosa besedila\"", "\"common_google_play_services_update_text\" : \"\u0ca8\u0cc0\u0cb5\u0cc1 Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cb5\u0cc0\u0c95\u0cb0\u0cbf\u0cb8\u0ca6 \u0cb9\u0cca\u0cb0\u0ca4\u0cc1 %1$s \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Petsa ng pagsisimula \u2013 %1$s\"", "\"material_clock_toggle_content_description\" : \"Vormittags oder Nachmittags ausw\u00e4hlen\"", "\"common_google_play_services_updating_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi zinasasishwa sasa.\"", "\"abc_shareactionprovider_share_with_application\" : \"Mit %s teilen\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0ec1\u0e95\u0eb0\u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0e81\u0eb2\u0e99\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e9b\u0eb5\"", "\"common_signin_button_text_long\" : \"Prijavi se pomo\u0107u Googlea\"", "\"material_clock_toggle_content_description\" : \"Velja f.h. e\u00f0a e.h.\"", "\"mtrl_picker_a11y_prev_month\" : \"Mudar para o m\u00eas anterior\"", "unsupported arm register", "\"abc_searchview_description_submit\" : \"\u0eaa\u0ebb\u0ec8\u0e87\u0e82\u0ecd\u0ec9\u0ea1\u0eb9\u0e99\"", "\"abc_shareactionprovider_share_with_application\" : \"Comparte contido coa aplicaci\u00f3n %s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u041a\u043e\u043b\u043e\u043d\u0430 \u0441\u043e \u0434\u0435\u043d\u043e\u0432\u0438: %1$s\"", "\"abc_menu_ctrl_shortcut_label\" : \"Vad\u012b\u0161anas tausti\u0146\u0161\u00a0+\"", "\"common_google_play_services_notification_channel_name\" : \"Google\u00a0Play pakalpojumu pieejam\u012bba\"", "\"material_clock_toggle_content_description\" : \"\u064a\u064f\u0631\u062c\u0649 \u0627\u062e\u062a\u064a\u0627\u0631 \u0635\u0628\u0627\u062d\u064b\u0627 \u0623\u0648 \u0645\u0633\u0627\u0621\u064b.\"", "\"common_signin_button_text\" : \"\u101c\u1000\u103a\u1019\u103e\u1010\u103a\u1011\u102d\u102f\u1038 \u101d\u1004\u103a\u101b\u1014\u103a\"", "\"abc_activitychooserview_choose_application\" : \"\u0c86\u0ccd\u0caf\u0caa\u0ccd\u200c\u0cb5\u0cca\u0c82\u0ca6\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"mtrl_picker_save\" : \"Ulo\u017ei\u0165\"", "\"abc_action_menu_overflow_description\" : \"\u0e15\u0e31\u0e27\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e2d\u0e37\u0e48\u0e19\"", "\"mtrl_picker_range_header_unselected\" : \"\u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d \u0c24\u0c47\u0c26\u0c3f - \u0c2e\u0c41\u0c17\u0c3f\u0c02\u0c2a\u0c41 \u0c24\u0c47\u0c26\u0c3f\"", "\"copy_toast_msg\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200eLink copied to clipboard\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u8868\u793a\u5468\u51e0\u7684\u5217\uff1a%1$s\"", "\"item_view_role_description\" : \"\u30bf\u30d6\"", "\"fallback_menu_item_open_in_browser\" : \"\u0aac\u0acd\u0ab0\u0abe\u0a89\u0a9d\u0ab0\u0aae\u0abe\u0a82 \u0a96\u0acb\u0ab2\u0acb\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Touchez pour passer \u00e0 la s\u00e9lection d'ann\u00e9e\"", "\"fallback_menu_item_share_link\" : \"Share link\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"V\u00edce ne\u017e %1$d nov\u00fdch ozn\u00e1men\u00ed\"", "std::allocator", "\"nav_app_bar_navigate_up_description\" : \"\u0a89\u0aaa\u0ab0 \u0aa8\u0ac5\u0ab5\u0abf\u0a97\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_range_header_unselected\" : \"Alkamisp\u00e4iv\u00e4 \u2013 p\u00e4\u00e4ttymisp\u00e4iv\u00e4\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u0907\u0902\u0938\u094d\u091f\u0949\u0932 \u0915\u0930\u0947\u0902\"", "\"material_timepicker_select_time\" : \"Pilih masa\"", "\"mtrl_picker_invalid_format_use\" : \"Tarih bi\u00e7imi: %1$s\"", "\"material_minute_selection\" : \"\u0c28\u0c3f\u0c2e\u0c3f\u0c37\u0c3e\u0c32\u0c28\u0c41 \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"mtrl_picker_save\" : \"Ment\u00e9s\"", "\"password_toggle_content_description\" : \"\u0e41\u0e2a\u0e14\u0e07\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\"", "\"character_counter_content_description\" : \"%2$d\u0aae\u0abe\u0a82\u0aa5\u0ac0 %1$d \u0a85\u0a95\u0acd\u0ab7\u0ab0\u0acb \u0aa6\u0abe\u0a96\u0ab2 \u0a95\u0ab0\u0acd\u0aaf\u0abe\"", "\"mtrl_picker_date_header_title\" : \"Selecciona una data\"", "\"material_minute_selection\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u043c\u0438\u043d\u0443\u0442\u044b\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u057d\u056d\u0561\u056c \u056f\u0561\"", "\"abc_prepend_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200eMenu+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_search_hint\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0443\u0432\u0430\u045a\u0435\u2026\"", "\"mtrl_picker_announce_current_selection\" : \"\u0423\u0447\u0443\u0440\u0434\u0430\u0433\u044b \u0442\u0430\u043d\u0434\u043e\u043e: %1$s\"", "\"material_minute_selection\" : \"\u05d1\u05d7\u05e8 \u05d3\u05e7\u05d5\u05ea\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\"", "\"abc_shareactionprovider_share_with\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u0438 \u0441\u043e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ei toimi ilman Google Play Palveluita, joita laitteesi ei tue.\"", "\"icon_content_description\" : \"\u0ab8\u0a82\u0ab5\u0abe\u0aa6\u0aa8\u0ac1\u0a82 \u0a86\u0a87\u0a95\u0aa8\"", "\"material_hour_suffix\" : \"%1$s \u0bae\u0ba3\u0bbf\"", "\"material_hour_suffix\" : \"%1$s uur\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ka probleme me sh\u00ebrbimet e Google Play. Provo s\u00ebrish.\"", "\"fallback_menu_item_share_link\" : \"\u0ab2\u0abf\u0a82\u0a95 \u0ab6\u0ac7\u0ab0 \u0a95\u0ab0\u0acb\"", "\"error_icon_content_description\" : \"Erreur\"", "\"abc_menu_alt_shortcut_label\" : \"Alt +\"", "\"abc_searchview_description_voice\" : \"\u12e8\u12f5\u121d\u133d \u134d\u1208\u130b\"", "\"common_google_play_services_enable_button\" : \"Aktiveer\"", "\"mtrl_picker_invalid_range\" : \"\u0d85\u0dc0\u0dbd\u0d82\u0d9c\u0dd4 \u0db4\u0dbb\u0dcf\u0dc3\u0dba\u0d9a\u0dd2.\"", "\"character_counter_content_description\" : \"%1$d z %2$d\u00a0znak\u00f3w\"", "decimal16", "\"abc_search_hint\" : \"\u0916\u094b\u091c\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u2026\"", "\"mtrl_picker_invalid_range\" : \"Ge\u00e7ersiz aral\u0131k.\"", "\"abc_toolbar_collapse_description\" : \"\uc811\uae30\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Tjenester-feil\"", "operator%=", "\"common_google_play_services_wear_update_text\" : \"Eine neue Version der Google Play-Dienste wird ben\u00f6tigt. Diese wird in K\u00fcrze automatisch aktualisiert.\"", "\"common_google_play_services_notification_channel_name\" : \"\u179b\u1791\u17d2\u1792\u1797\u17b6\u1796\u200b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"icon_content_description\" : \"Dialogue Icon\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0d35\u0d7c\u0d37\u0d24\u0d4d\u0d24\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d28\u0d3e\u0d35\u0d3f\u0d17\u0d47\u0d31\u0d4d\u0d31\u0d4d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidad Servicios de Google Play\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u044c \u043e\u0434\u043e\u043e\u0433\u043e\u043e\u0440 \u0448\u0438\u043d\u044d\u0447\u0438\u043b\u0436 \u0431\u0443\u0439 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0414\u0435\u043b\u0438\u0442\u0435 \u043f\u043e\u043c\u043e\u045b\u0443 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0435 %s\"", "\"abc_shareactionprovider_share_with_application\" : \"Compartir con %s\"", "\"common_google_play_services_update_text\" : \"%1$s ez da exekutatuko Google Play zerbitzuak eguneratzen ez badituzu.\"", "\"fallback_menu_item_open_in_browser\" : \"Hape n\u00eb shfletues\"", "\"clear_text_end_icon_content_description\" : \"Fjern teksten\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"nav_app_bar_open_drawer_description\" : \"Avaa navigoinnin vetopaneeli\"", "\"password_toggle_content_description\" : \"\u0b95\u0b9f\u0bb5\u0bc1\u0b9a\u0bcd\u0b9a\u0bca\u0bb2\u0bcd\u0bb2\u0bc8\u0b95\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\"", "\"mtrl_picker_a11y_next_month\" : \"\u12c8\u12f0 \u12e8\u121a\u1240\u1325\u1208\u12cd \u12c8\u122d \u1240\u12ed\u122d\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0938\u092c\u092e\u093f\u091f \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_invalid_range\" : \"Rentang tidak valid.\"", "\"mtrl_picker_save\" : \"Shrani\"", "\"common_google_play_services_install_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0a9a\u0abe\u0ab2\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0aa4\u0aae\u0abe\u0ab0\u0abe \u0a89\u0aaa\u0a95\u0ab0\u0aa3\u0aae\u0abe\u0a82\u0aa5\u0ac0 \u0a96\u0ac2\u0a9f\u0ac7 \u0a9b\u0ac7.\"", "\"character_counter_content_description\" : \"Carateres introduzidos: %1$d de %2$d\"", "\"material_hour_suffix\" : \"%1$s \u0935\u093e\u091c\u0924\u093e\"", "\"character_counter_content_description\" : \"Uneti znakovi: %1$d od %2$d\"", "\"material_timepicker_select_time\" : \"\uc2dc\uac04 \uc120\ud0dd\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Petsa ng pagtatapos\"", "\"nav_app_bar_open_drawer_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u044f \u0442\u0430\u0440\u0442\u043f\u0430\u0441\u044b\u043d \u0430\u0448\u0443\"", "St10bad_typeid", "\"mtrl_chip_close_icon_content_description\" : \"Fjern %1$s\"", "\"clear_text_end_icon_content_description\" : \"\u041c\u04d9\u0442\u0456\u043d\u0434\u0456 \u04e9\u0448\u0456\u0440\u0443\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u045e \u0446\u044f\u043f\u0435\u0440\u0430\u0448\u043d\u0456 \u0447\u0430\u0441 \u0430\u0431\u043d\u0430\u045e\u043b\u044f\u044e\u0446\u0446\u0430.\"", "\"abc_menu_enter_shortcut_label\" : \"\u0b0f\u0b23\u0b4d\u0b1f\u0b30\u0b4d\"", "operator&=", "\"common_google_play_services_wear_update_text\" : \"\u9700\u8981\u4f7f\u7528\u65b0\u7248\u672c\u7684 Google Play \u670d\u52d9\u3002\u66f4\u65b0\u6703\u5373\u5c07\u81ea\u52d5\u958b\u59cb\u3002\"", "\"common_google_play_services_install_title\" : \"Installer les services Google\u00a0Play\"", "\"abc_searchview_description_query\" : \"\u05e9\u05d0\u05d9\u05dc\u05ea\u05ea \u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"material_minute_selection\" : \"Dakikay\u0131 se\u00e7in\"", "\"abc_capital_off\" : \"AF\"", "\"abc_activity_chooser_view_see_all\" : \"\u3059\u3079\u3066\u8868\u793a\"", "\"mtrl_picker_range_header_unselected\" : \"\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0628\u062f\u0621 - \u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621\"", "\"mtrl_picker_invalid_format\" : \"Ogiltigt format.\"", "\"mtrl_picker_a11y_next_month\" : \"Zmie\u0144 na nast\u0119pny miesi\u0105c\"", "\"common_open_on_phone\" : \"\u1016\u102f\u1014\u103a\u1038\u1015\u1031\u102b\u103a\u1019\u103e\u102c \u1016\u103d\u1004\u1037\u103a\u1015\u102b\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u092c\u0948 \u0939\u0947\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_capital_off\" : \"DESAKTIBATU\"", "\"material_hour_selection\" : \"\u05d1\u05d7\u05e8 \u05e9\u05e2\u05d4\"", "operator>>", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u10d9\u10d0\u10da\u10d4\u10dc\u10d3\u10d0\u10e0\u10e8\u10d8 \u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10e1 \u10e0\u10d4\u10df\u10d8\u10db\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"common_google_play_services_enable_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult siis, kui lubate Google Play teenused.\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u043a\"", "\"mtrl_picker_save\" : \"Salva\u021bi\"", "\"material_hour_selection\" : \"Kies uur\"", "\"character_counter_content_description\" : \"Karakters ingevoer: %1$d van %2$d\"", "\"material_hour_selection\" : \"Wybierz godzin\u0119\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fctaste\u00a0+\"", "\"abc_menu_space_shortcut_label\" : \"Probel\"", "\"material_hour_suffix\" : \"%1$s \u0447\u0430\u0441\u043e\u0442\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - \u043a\u0440\u0430\u0435\u043d \u0434\u0430\u0442\u0443\u043c\"", "\"mtrl_picker_invalid_range\" : \"\u041d\u0435\u0432\u0430\u043b\u0438\u0434\u0435\u043d \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d.\"", "\"common_open_on_phone\" : \"\u0b2b\u0b4b\u0b28\u0b4d\u200c\u0b30\u0b47 \u0b16\u0b4b\u0b32\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0daf\u0dd2\u0db1 \u0daf\u0dbb\u0dca\u0dc1\u0db1 \u0d86\u0daf\u0dcf\u0db1 \u0db4\u0dca\u200d\u0dbb\u0d9a\u0dcf\u0dbb\u0dba\u0da7 \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0db1\u0dca\u0db1\"", "\"mtrl_picker_invalid_range\" : \"\u101b\u1000\u103a\u1021\u1015\u102d\u102f\u1004\u103a\u1038\u1021\u1001\u103c\u102c\u1038 \u1019\u1019\u103e\u1014\u103a\u1015\u102b\u104b\"", "\"character_counter_content_description\" : \"\u0e95\u0ebb\u0ea7\u0ead\u0eb1\u0e81\u0eaa\u0ead\u0e99\u0e97\u0eb5\u0ec8\u0e9b\u0ec9\u0ead\u0e99\u0ec0\u0e82\u0ebb\u0ec9\u0eb2 %1$d \u0e95\u0ebb\u0ea7\u0e88\u0eb2\u0e81\u0e97\u0eb1\u0e87\u0edd\u0ebb\u0e94 %2$d \u0e95\u0ebb\u0ea7\"", "\"abc_action_menu_overflow_description\" : \"Fler alternativ\"", "St11logic_error", "\"mtrl_picker_invalid_format_example\" : \"Przyk\u0142ad: %1$s\"", "\"material_timepicker_pm\" : \"pop.\"", "\"mtrl_picker_date_header_unselected\" : \"\u0627\u0644\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0645\u062d\u062f\u0651\u064e\u062f\"", "\"abc_activitychooserview_choose_application\" : \"\u049a\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u043d\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"common_google_play_services_unknown_issue\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b1\u03bd\u03c4\u03b9\u03bc\u03b5\u03c4\u03c9\u03c0\u03af\u03b6\u03b5\u03b9 \u03ba\u03ac\u03c0\u03bf\u03b9\u03bf \u03c0\u03c1\u03cc\u03b2\u03bb\u03b7\u03bc\u03b1 \u03bc\u03b5 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play. \u03a0\u03c1\u03bf\u03c3\u03c0\u03b1\u03b8\u03ae\u03c3\u03c4\u03b5 \u03be\u03b1\u03bd\u03ac.\"", "\"fallback_menu_item_open_in_browser\" : \"\u30d6\u30e9\u30a6\u30b6\u3067\u958b\u304f\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Start date \u2013 %1$s\"", "\"material_timepicker_select_time\" : \"V\u00e6lg tidspunkt\"", "\"common_google_play_services_install_text\" : \"\u101e\u1004\u1037\u103a\u1010\u1000\u103a\u1018\u101c\u1000\u103a\u1010\u103d\u1004\u103a Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1019\u101b\u103e\u102d\u101e\u1031\u102c\u1000\u103c\u1031\u102c\u1004\u1037\u103a %1$s \u1000\u102d\u102f\u1016\u103d\u1004\u1037\u103a\u104d\u1019\u101b\u1015\u102b\u104b\"", "\"material_timepicker_pm\" : \"EM\"", "\"material_timepicker_clock_mode_description\" : \"Aby wprowadzi\u0107 czas, w\u0142\u0105cz tryb zegara.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Ba\u015flang\u0131\u00e7 tarihi \u2013 %1$s\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e \u0909\u092a\u0932\u092c\u094d\u0927\u0924\u093e\"", "\"common_google_play_services_update_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bbf\u0ba9\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"mtrl_picker_invalid_format\" : \"\u0541\u0587\u0561\u0579\u0561\u0583\u0568 \u057d\u056d\u0561\u056c \u0567\u0589\"", "\"fallback_menu_item_open_in_browser\" : \"Buksan sa browser\"", "\"common_google_play_services_install_title\" : \"Dapatkan layanan Google Play\"", "\"mtrl_picker_range_header_title\" : \"\u1787\u17d2\u179a\u17be\u179f\u200b\u179a\u17be\u179f\u200b\u1785\u1793\u17d2\u179b\u17c4\u17c7\"", "\"common_google_play_services_enable_button\" : \"Activer\"", "std::bad_alloc", "\"common_google_play_services_install_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32, \u0d08 \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3e\u0d15\u0d1f\u0d4d\u0d1f\u0d46 \u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d09\u0d2a\u0d15\u0d30\u0d23\u0d24\u0d4d\u0d24\u0d3f\u0d7d \u0d07\u0d32\u0d4d\u0d32.\"", "\"mtrl_picker_text_input_date_hint\" : \"\u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"common_google_play_services_install_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u06a9\u0647 \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0645\u0627 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u0627\u062c\u0631\u0627 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"common_google_play_services_notification_ticker\" : \"Gre\u0161ka Google Play usluge\"", "\"abc_menu_function_shortcut_label\" : \"Funksjon+\"", "\"mtrl_picker_range_header_unselected\" : \"Tarehe ya kuanza \u2013 Tarehe ya mwisho\"", "\"fallback_menu_item_open_in_browser\" : \"Avaa selaimessa\"", "\"abc_search_hint\" : \"Busca\u2026\"", "\"abc_capital_off\" : \"\u05db\u05d1\u05d5\u05d9\"", "\"clear_text_end_icon_content_description\" : \"\u10e2\u10d4\u10e5\u10e1\u10e2\u10d8\u10e1 \u10d2\u10d0\u10e1\u10e3\u10e4\u10d7\u10d0\u10d5\u10d4\u10d1\u10d0\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435 \u0441\u044a\u0441: %s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Enddatum\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u0631\u0641\u062a\u0646 \u0628\u0647 \u062d\u0627\u0644\u062a \u0627\u0646\u062a\u062e\u0627\u0628 \u0631\u0648\u0632 \u0636\u0631\u0628\u0647 \u0628\u0632\u0646\u06cc\u062f\"", "\"mtrl_picker_invalid_format_use\" : \"Kasutage: %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"\u041d\u0435\u0430\u0431\u0445\u043e\u0434\u043d\u044b \u0444\u0430\u0440\u043c\u0430\u0442: %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"\u041e\u0442\u0441\u0442\u0440\u0430\u043d\u0438 %1$s\"", "\"common_google_play_services_install_title\" : \"S\u00e6kja \u00fej\u00f3nustu Google Play\"", "\"common_google_play_services_notification_channel_name\" : \"Tillg\u00e4nglighet f\u00f6r Google Plays tj\u00e4nster\"", "\"common_signin_button_text_long\" : \"Google-\u10d8\u10d7 \u10e8\u10d4\u10e1\u10d5\u10da\u10d0\"", "index inlined table detected but pr function requires extra words", "\"error_icon_content_description\" : \"\u090f\u0930\u0930\"", "\"fallback_menu_item_copy_link\" : \"Copiar link\"", "\"material_timepicker_hour\" : \"\u1014\u102c\u101b\u102e\"", "\"abc_action_bar_home_description\" : \"Ugr\u00e1s a f\u0151oldalra\"", "\"abc_action_bar_up_description\" : \"\u8f6c\u5230\u4e0a\u4e00\u5c42\u7ea7\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u043e\u0431\u0435\u0440\u0438\"", "\"material_clock_toggle_content_description\" : \"\uc624\uc804 \ub610\ub294 \uc624\ud6c4\ub97c \uc120\ud0dd\ud558\uc138\uc694.\"", "\"icon_content_description\" : \"Dialoogikoon\"", "\"copy_toast_msg\" : \"\u0d15\u0d4d\u0d32\u0d3f\u0d2a\u0d4d\u0d2a\u0d4d\u200c\u0d2c\u0d4b\u0d7c\u0d21\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d32\u0d3f\u0d19\u0d4d\u0d15\u0d4d \u0d2a\u0d15\u0d7c\u0d24\u0d4d\u0d24\u0d3f\"", "\"exposed_dropdown_menu_content_description\" : \"\u0921\u094d\u0930\u0949\u092a\u0921\u093e\u0909\u0928 \u092e\u0947\u0928\u0942 \u0926\u093e\u0916\u0935\u093e\"", "\"common_google_play_services_install_button\" : \"\u0e95\u0eb4\u0e94\u0e95\u0eb1\u0ec9\u0e87\"", "\"mtrl_picker_invalid_format_example\" : \"\u0416\u0438\u0448\u044d\u044d \u043d\u044c: %1$s\"", "\"abc_action_bar_up_description\" : \"Nach oben\"", "\"password_toggle_content_description\" : \"Mostra o contrasinal\"", "\"material_hour_suffix\" : \"%1$s \u0e19\u0e32\u0e2c\u0e34\u0e01\u0e32\"", "\"common_google_play_services_wear_update_text\" : \"\u00c9 necess\u00e1ria uma nova vers\u00e3o do Google Play Services. Ele ser\u00e1 atualizado em breve.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u8207\u300c%s\u300d\u5206\u4eab\"", "\"abc_action_menu_overflow_description\" : \"\u0bae\u0bc7\u0bb2\u0bc1\u0bae\u0bcd \u0bb5\u0bbf\u0bb0\u0bc1\u0baa\u0bcd\u0baa\u0b99\u0bcd\u0b95\u0bb3\u0bcd\"", "\"common_google_play_services_wear_update_text\" : \"Nuwe weergawe van Google Play-dienste is nodig. Dit sal binnekort self opdateer.\"", "\"mtrl_picker_save\" : \"Simpan\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Presiona para seleccionar un d\u00eda\"", "\"mtrl_picker_save\" : \"\u10e8\u10d4\u10dc\u10d0\u10ee\u10d5\u10d0\"", "\"mtrl_picker_save\" : \"\u0417\u0430\u0445\u0430\u0432\u0430\u0446\u044c\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0ba4\u0bc7\u0ba4\u0bbf\"", "\"item_view_role_description\" : \"Zavihek\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Dodirnite da prebacite na odabir dana\"", "\"mtrl_picker_announce_current_selection\" : \"\u5f53\u524d\u7684\u9009\u62e9\u662f\uff1a%1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tryk for at g\u00e5 til valg af dag\"", "\"bottomsheet_action_expand_halfway\" : \"\u10dc\u10d0\u10ee\u10d4\u10d5\u10e0\u10d0\u10db\u10d3\u10d4 \u10d2\u10d0\u10e4\u10d0\u10e0\u10d7\u10dd\u10d4\u10d1\u10d0\"", "\"mtrl_picker_range_header_unselected\" : \"S\u0101kuma datums\u2013beigu datums\"", "\"icon_content_description\" : \"\u0535\u0580\u056f\u056d\u0578\u057d\u0578\u0582\u0569\u0575\u0561\u0576 \u057a\u0561\u057f\u0578\u0582\u0570\u0561\u0576\u056b \u057a\u0561\u057f\u056f\u0565\u0580\u0561\u056f\"", "\"common_google_play_services_update_button\" : \"\u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"bottomsheet_action_expand_halfway\" : \"\u0e82\u0eb0\u0eab\u0e8d\u0eb2\u0e8d\u0ead\u0ead\u0e81\u0ec0\u0e84\u0eb4\u0ec8\u0e87\u0edc\u0eb6\u0ec8\u0e87\"", "\"common_signin_button_text\" : \"Prihl\u00e1si\u0165 sa\"", "\"material_slider_range_start\" : \"Range start,\"", "\"abc_searchview_description_voice\" : \"Hangalap\u00fa keres\u00e9s\"", "\"common_google_play_services_enable_title\" : \"\u1794\u17be\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play hizmetlerinin kullan\u0131labilirli\u011fi\"", "\"abc_activity_chooser_view_see_all\" : \"Alles weergeven\"", "\"abc_searchview_description_clear\" : \"Obri\u0161ite upit\"", "\"mtrl_picker_a11y_prev_month\" : \"Trece\u021bi la luna anterioar\u0103\"", "\"abc_searchview_description_search\" : \"Buscar\"", "N12_GLOBAL__N_116itanium_demangle12NoexceptSpecE", "\"abc_capital_off\" : \"AUS\"", "\"common_google_play_services_install_title\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0caa\u0ca1\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"common_google_play_services_update_button\" : \"\u0410\u0431\u043d\u0430\u0432\u0456\u0446\u044c\"", "\"common_signin_button_text_long\" : \"Google \u0dc3\u0db8\u0d9c\u0dd2\u0db1\u0dca \u0db4\u0dd4\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_action_mode_done\" : \"\u0414\u0430\u0439\u044b\u043d\"", "\"abc_action_bar_up_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c0\u03c1\u03bf\u03c2 \u03c4\u03b1 \u03b5\u03c0\u03ac\u03bd\u03c9\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0ac0 \u0a89\u0aaa\u0ab2\u0aac\u0acd\u0aa7\u0aa4\u0abe\"", "\"common_google_play_services_enable_title\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"common_google_play_services_update_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc5c5\ub370\uc774\ud2b8\"", "\"common_google_play_services_install_title\" : \"Google Play hizmetlerini edinin\"", "\"nav_app_bar_navigate_up_description\" : \"Navig\u00e1l\u00e1s felfel\u00e9\"", "\"common_google_play_services_notification_channel_name\" : \"\u201eGoogle Play\u201c paslaug\u0173 pasiekiamumas\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0414\u0430\u0442\u0430 \u043f\u0430\u0447\u0430\u0442\u043a\u0443\"", "\"material_timepicker_text_input_mode_description\" : \"\u0b89\u0bb0\u0bc8 \u0b89\u0bb3\u0bcd\u0bb3\u0bc0\u0b9f\u0bcd\u0b9f\u0bbf\u0bb1\u0bcd\u0b95\u0bbe\u0b95, \u0b95\u0b9f\u0bbf\u0b95\u0bbe\u0bb0\u0baa\u0bcd \u0baa\u0baf\u0ba9\u0bcd\u0bae\u0bc1\u0bb1\u0bc8\u0b95\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd.\"", "\"icon_content_description\" : \"\u0414\u0438\u0430\u043b\u043e\u0433 \u0431\u0435\u043b\u0433\u0456\u0448\u0435\u0441\u0456\"", "\"password_toggle_content_description\" : \"\u0639\u0631\u0636 \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"D\u00e1tum ukon\u010denia\"", "\"mtrl_picker_range_header_title\" : \"\u0538\u0576\u057f\u0580\u0565\u0584 \u0568\u0576\u0564\u0563\u0580\u056f\u0578\u0582\u0575\u0569\u0568\"", "\"material_hour_suffix\" : \"%1$s \u0c05\u0c35\u0c41\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_picker_text_input_date_hint\" : \"Dagsetning\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tocar para cambiar a selecci\u00f3n de d\u00eda\"", "\"mtrl_picker_date_header_unselected\" : \"Data selezionata\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Lebih dari %1$d notifikasi baru\"", "\"common_google_play_services_enable_button\" : \"\u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_wear_update_text\" : \"Reikia naujos versijos \u201eGoogle Play\u201c paslaug\u0173. Jos netrukus bus atnaujintos.\"", "\"abc_action_bar_up_description\" : \"Yopish\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u041f\u043e\u0447\u0435\u0442\u0435\u043d \u0434\u0430\u0442\u0443\u043c - %1$s\"", "\"mtrl_picker_range_header_title\" : \"Atlasiet diapazonu\"", "\"mtrl_picker_date_header_unselected\" : \"\u0538\u0576\u057f\u0580\u057e\u0561\u056e \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"mtrl_picker_toggle_to_day_selection\" : \"G\u00fcn se\u00e7meye ge\u00e7mek i\u00e7in dokunun\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u0928\u090f \u0935\u0930\u094d\u0936\u0928 \u0915\u0940 \u091c\u093c\u0930\u0942\u0930\u0924 \u0939\u0948. \u092f\u0939 \u091c\u0932\u094d\u0926 \u0939\u0940 \u0905\u092a\u0928\u0947 \u0906\u092a \u0905\u092a\u0921\u0947\u091f \u0939\u094b \u091c\u093e\u090f\u0917\u093e.\"", "\"search_menu_title\" : \"\u641c\u7d22\"", "\"mtrl_picker_text_input_date_hint\" : \"Dato\"", "\"abc_action_menu_overflow_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200eMore options\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_enable_title\" : \"Google Play teenuste lubamine\"", "\"mtrl_picker_day_of_week_column_header\" : \"P\u00e4evade veerg: %1$s\"", "\"error_icon_content_description\" : \"\u0e9c\u0eb4\u0e94\u0e9e\u0eb2\u0e94\"", "\"abc_activity_chooser_view_see_all\" : \"Angalia zote\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u092a\u094d\u0930\u092f\u094b\u0917 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"material_hour_selection\" : \"Soatni tanlang\"", "\"abc_action_mode_done\" : \"\u0ec1\u0ea5\u0ec9\u0ea7\u0ec6\"", "\"common_google_play_services_update_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u179b\u17bb\u17c7\u178f\u17d2\u179a\u17b6\u178f\u17c2\u17a2\u17d2\u1793\u1780\u1792\u17d2\u179c\u17be\u1794\u1785\u17d2\u1785\u17bb\u1794\u17d2\u1794\u1793\u17d2\u1793\u1797\u17b6\u1796\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4\"", "\"mtrl_picker_announce_current_selection\" : \"\u09ac\u09b0\u09cd\u09a4\u09ae\u09be\u09a8 \u09ac\u09be\u099b\u09be\u0987: %1$s\"", "\"material_timepicker_am\" : \"ap\"", "\"error_icon_content_description\" : \"Chyba\"", "\"nav_app_bar_navigate_up_description\" : \"\u0989\u09aa\u09b0\u09c7 \u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"search_menu_title\" : \"Pretra\u017eite\"", "\"mtrl_badge_numberless_content_description\" : \"\uc0c8 \uc54c\ub9bc\"", "\"mtrl_picker_a11y_prev_month\" : \"\u8f6c\u5230\u4e0a\u4e2a\u6708\"", "\"common_google_play_services_install_button\" : \"\u0987\u09a8\u09b8\u09cd\u099f\u09b2 \u0995\u09b0\u09c1\u09a8\"", "\"abc_action_menu_overflow_description\" : \"Lis\u00e4asetukset\"", "\"material_timepicker_text_input_mode_description\" : \"\u0648\u0642\u062a \u0627\u0646 \u067e\u0679 \u06a9\u06d2 \u0644\u06cc\u06d2 \u0679\u06cc\u06a9\u0633\u0679 \u0627\u0646 \u067e\u0679 \u0648\u0636\u0639 \u067e\u0631 \u0633\u0648\u0626\u0686 \u06a9\u0631\u06cc\u06ba\u06d4\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0c15\u0c02\u0c1f\u0c47 \u0c0e\u0c15\u0c4d\u0c15\u0c41\u0c35 \u0c15\u0c4a\u0c24\u0c4d\u0c24 \u0c28\u0c4b\u0c1f\u0c3f\u0c2b\u0c3f\u0c15\u0c47\u0c37\u0c28\u0c4d\u200c\u0c32\u0c41\"", "\"character_counter_content_description\" : \"\u0160tevilo vnesenih znakov je %1$d od %2$d\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u0438\u0435\"", "\"mtrl_badge_numberless_content_description\" : \"\u65b0\u901a\u77e5\"", "\"abc_searchview_description_submit\" : \"\u0418\u0437\u043f\u0440\u0430\u0449\u0430\u043d\u0435 \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0430\u0442\u0430\"", "\"copy_toast_msg\" : \"Pautan disalin ke papan keratan\"", "\"mtrl_picker_range_header_title\" : \"\u0414\u0430\u0442\u0430\u043b\u0430\u0440 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0443\u043d \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s inenkinga ngamasevisi e-Google Play. Sicela uzame futhi.\"", "\"abc_activitychooserview_choose_application\" : \"\u0b86\u0baa\u0bcd\u0bb8\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0bb5\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0b95\"", "\"abc_action_menu_overflow_description\" : \"\u010eal\u0161ie mo\u017enosti\"", "\"common_signin_button_text\" : \"\u041d\u044d\u0432\u0442\u0440\u044d\u0445\"", "\"nav_app_bar_navigate_up_description\" : \"Revenir en arri\u00e8re\"", "\"abc_shareactionprovider_share_with\" : \"\u0647\u0645\u200c\u0631\u0633\u0627\u0646\u06cc \u0628\u0627\"", "\"material_timepicker_clock_mode_description\" : \"\u0ab8\u0aae\u0aaf \u0aa6\u0abe\u0a96\u0ab2 \u0a95\u0ab0\u0ab5\u0abe \u0aae\u0abe\u0a9f\u0ac7 \u0a98\u0aa1\u0abf\u0aaf\u0abe\u0ab3 \u0aae\u0acb\u0aa1\u0aae\u0abe\u0a82 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0acb.\"", "\"common_google_play_services_install_button\" : \"Instal\u00b7la\"", "\"mtrl_picker_a11y_next_month\" : \"Alterar para o pr\u00f3ximo m\u00eas\"", "\"fallback_menu_item_open_in_browser\" : \"Deschide\u021bi \u00een browser\"", "\"common_google_play_services_enable_button\" : \"Ota k\u00e4ytt\u00f6\u00f6n\"", "\"mtrl_picker_invalid_range\" : \"\u0538\u0576\u0564\u0563\u0580\u056f\u0578\u0582\u0575\u0569\u0576 \u0561\u0576\u057e\u0561\u057e\u0565\u0580 \u0567:\"", "\"mtrl_picker_range_header_title\" : \"Vyberte rozsah\"", "\"abc_searchview_description_voice\" : \"Busca por voz\"", "\"abc_action_bar_up_description\" : \"Naviga\u021bi \u00een sus\"", "\"material_timepicker_text_input_mode_description\" : \"Skakel oor na teksmodus vir die tydinvoer.\"", "\"abc_action_bar_up_description\" : \"\u0a09\u0a71\u0a2a\u0a30 \u0a1c\u0a3e\u0a13\"", "\"mtrl_picker_invalid_range\" : \"Ibanga elingavumelekile.\"", "\"abc_search_hint\" : \"\u691c\u7d22\u2026\"", "\"mtrl_picker_invalid_format\" : \"Formatuak ez du balio.\"", "\"abc_capital_off\" : \"DESATIVADO\"", "\"abc_searchview_description_voice\" : \"Paghahanap gamit ang boses\"", "\"abc_menu_delete_shortcut_label\" : \"Supr\"", "\"common_google_play_services_updating_text\" : \"\u09ac\u09f0\u09cd\u09a4\u09ae\u09be\u09a8 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u09c8 \u09a5\u0995\u09be Google Play \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 %1$s \u09a8\u099a\u09b2\u09bf\u09ac\u09f7\"", "\"material_timepicker_text_input_mode_description\" : \"Pre\u0111ite u re\u017eim unosa teksta radi unosa vremena.\"", "\"abc_shareactionprovider_share_with_application\" : \"Del med %s\"", "\"abc_action_bar_home_description\" : \"Idite na po\u010detnu\"", "\"mtrl_picker_invalid_format_use\" : \"\u4f7f\u7528\uff1a%1$s\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Tarehe ya kuanza \u2013 %1$s\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0628\u062f\u0621 \u2013 %1$s\"", "\"common_google_play_services_unknown_issue\" : \"%1$s-\u0433 Google Play-\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u0430\u0434 \u0430\u0441\u0443\u0443\u0434\u0430\u043b \u0433\u0430\u0440\u043b\u0430\u0430. \u0414\u0430\u0445\u0438\u043d \u043e\u0440\u043e\u043b\u0434\u043e\u043d\u043e \u0443\u0443.\"", "\"mtrl_picker_invalid_format_use\" : \"Naudoti: %1$s\"", "\"mtrl_picker_a11y_next_month\" : \"Shintshela kunyanga elandelayo\"", "\"material_clock_toggle_content_description\" : \"Atlasiet \u201cAM\u201d (priek\u0161pusdien\u0101) vai \u201cPM\u201d (p\u0113cpusdien\u0101).\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Byt till kalender som inmatningsl\u00e4ge\"", "\"mtrl_picker_announce_current_selection\" : \"\u0645\u0648\u062c\u0648\u062f\u06c1 \u0627\u0646\u062a\u062e\u0627\u0628: %1$s\"", "\"mtrl_picker_invalid_range\" : \"O intervalo de datas non \u00e9 v\u00e1lido.\"", "\"clear_text_end_icon_content_description\" : \"\u1005\u102c\u101e\u102c\u1038 \u1016\u101a\u103a\u101b\u103e\u102c\u1038\u101b\u1014\u103a\"", "\"abc_capital_on\" : \"P\u00c5\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e2a\u0e34\u0e49\u0e19\u0e2a\u0e38\u0e14\"", "\"material_hour_suffix\" : \"%1$s gi\u1edd\"", "\"mtrl_picker_text_input_year_abbr\" : \"g\"", "\"mtrl_picker_a11y_next_month\" : \"\u0a05\u0a17\u0a32\u0a47 \u0a2e\u0a39\u0a40\u0a28\u0a47 '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "\"abc_activitychooserview_choose_application\" : \"Vybrat aplikaci\"", "\"abc_searchview_description_voice\" : \"\u0635\u0648\u062a\u06cc \u062a\u0644\u0627\u0634\"", "\"common_google_play_services_update_title\" : \"Buyekeza amasevisi we-Google Play\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u0438, \u043e\u0441\u0432\u0435\u043d \u0430\u043a\u043e \u043d\u0435 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play.\"", "\"character_counter_content_description\" : \"\u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10da\u10d8\u10d0 %2$d-\u10d3\u10d0\u10dc %1$d \u10e1\u10d8\u10db\u10d1\u10dd\u10da\u10dd\"", "zzzzzzzzz/T", "\"common_google_play_services_notification_ticker\" : \"Error de Google Play Services\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0d06\u0d30\u0d02\u0d2d\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f \u2013 %1$s\"", "\"item_view_role_description\" : \"Sekme\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0ec2\u0edd\u0e94\u0e9b\u0ec9\u0ead\u0e99\u0e82\u0ecd\u0ec9\u0ea1\u0eb9\u0e99\u0e9b\u0eb0\u0e95\u0eb4\u0e97\u0eb4\u0e99\"", "\"material_timepicker_minute\" : \"M\u00edn\u00fata\"", "\"abc_action_bar_home_description\" : \"Navegar para casa\"", "\"abc_capital_off\" : \"\u12a0\u1325\u134b\"", "\"common_google_play_services_enable_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0438\u0448\u0442\u0435\u0442\u04af\u04af\"", "\"abc_menu_space_shortcut_label\" : \"\u041f\u0440\u0430\u0431\u0435\u043b\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u5207\u6362\u5230\u65e5\u5386\u8f93\u5165\u6a21\u5f0f\"", "\"material_timepicker_minute\" : \"Iminithi\"", "\"abc_shareactionprovider_share_with\" : \"Comparteix amb\"", "\"mtrl_picker_text_input_year_abbr\" : \"y\"", "\"mtrl_badge_numberless_content_description\" : \"\u0416\u0430\u04a3\u0430 \u0445\u0430\u0431\u0430\u0440\u043b\u0430\u043d\u0434\u044b\u0440\u0443\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u0436\u0430\u04a3\u0430 \u043d\u04b1\u0441\u049b\u0430\u0441\u044b \u049b\u0430\u0436\u0435\u0442. \u041e\u043b \u049b\u044b\u0441\u049b\u0430 \u0443\u0430\u049b\u044b\u0442\u0442\u0430\u043d \u043a\u0435\u0439\u0456\u043d \u04e9\u0437\u0456 \u0436\u0430\u04a3\u0430\u0440\u0430\u0434\u044b.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u091f\u0947\u0915\u094d\u0938\u094d\u091f \u0915\u0947 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921 \u092a\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u0947\u0902\"", "\"material_timepicker_text_input_mode_description\" : \"\u0ab8\u0aae\u0aaf \u0aa6\u0abe\u0a96\u0ab2 \u0a95\u0ab0\u0ab5\u0abe \u0aae\u0abe\u0a9f\u0ac7 \u0a9f\u0ac7\u0a95\u0acd\u0ab8\u0acd\u0a9f \u0a87\u0aa8\u0aaa\u0ac1\u0a9f \u0aae\u0acb\u0aa1\u0aae\u0abe\u0a82 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0acb.\"", "\"mtrl_picker_out_of_range\" : \"Wala sa sakop: %1$s\"", "\"mtrl_picker_invalid_format_example\" : \"\u0555\u0580\u056b\u0576\u0561\u056f\u055d %1$s\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u200d\u0935\u0947\u0930\u0940 \u0938\u093e\u092b \u0915\u0930\u093e\"", "\"material_timepicker_am\" : \"\u092a\u0942\u0930\u094d\u0935\u093e\u0939\u094d\u0928\"", "\"character_counter_content_description\" : \"\u5165\u529b\u6e08\u307f\u6587\u5b57\u6570: %1$d/%2$d\"", "\"mtrl_picker_a11y_prev_month\" : \"\u06af\u0632\u0634\u062a\u06c1 \u0645\u0627\u06c1 \u0645\u06cc\u06ba \u0645\u0646\u062a\u0642\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_a11y_next_month\" : \"Zum n\u00e4chsten Monat wechseln\"", "\"mtrl_picker_out_of_range\" : \"Katvealueella: %1$s\"", "\"copy_toast_msg\" : \"Odkaz zkop\u00edrov\u00e1n do schr\u00e1nky\"", "\"abc_searchview_description_voice\" : \"\u0dc4\u0dac \u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"abc_action_mode_done\" : \"\u1015\u103c\u102e\u1038\u1015\u103c\u102e\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u5f00\u59cb\u65e5\u671f\"", "\"common_google_play_services_notification_ticker\" : \"Pogre\u0161ka Usluga za Google Play\"", "\"nav_app_bar_navigate_up_description\" : \"\u0b09\u0b2a\u0b30\u0b15\u0b41 \u0b28\u0b3e\u0b2d\u0b3f\u0b17\u0b47\u0b1f\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"material_hour_selection\" : \"Izaberite sat\"", "\"clear_text_end_icon_content_description\" : \"Kustuta tekst\"", "operator^=", "\"common_google_play_services_update_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u101b\u1014\u103a\"", "\"common_google_play_services_update_title\" : \"Update Google Play services\"", "\"mtrl_picker_range_header_unselected\" : \"Datum zah\u00e1jen\u00ed \u2013 datum ukon\u010den\u00ed\"", "\"common_signin_button_text_long\" : \"\u00dcber Google anmelden\"", "\"common_google_play_services_enable_title\" : \"\u012egalinkite \u201eGoogle Play\u201c paslaugas\"", "\"mtrl_picker_out_of_range\" : \"\u041d\u0430\u0434\u0432\u043e\u0440 \u043e\u0434 \u043e\u043f\u0441\u0435\u0433: %1$s\"", "\"abc_menu_sym_shortcut_label\" : \"Sym \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"character_counter_content_description\" : \"Aksara dimasukkan %1$d daripada %2$d\"", "\"common_google_play_services_install_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9\u0eab\u0eb2\u0e81\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e81\u0eb2\u0e99\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u0ec1\u0e97\u0eb1\u0e9a\u0ec0\u0ea5\u0eb1\u0e94\u0e82\u0ead\u0e87\u0e97\u0ec8\u0eb2\u0e99\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5.\"", "\"character_counter_content_description\" : \"\u0412\u043d\u0435\u0441\u0435\u043d\u0438 \u0441\u0435 %1$d \u043e\u0434 %2$d \u0437\u043d\u0430\u0446\u0438\"", "\"mtrl_picker_a11y_next_month\" : \"N\u00f6vb\u0259ti aya d\u0259yi\u015fin\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost slu\u017eeb Google Play\"", "\"mtrl_picker_out_of_range\" : \"Utenfor rekkevidde: %1$s\"", "\"common_google_play_services_update_title\" : \"Google Play-services updaten\"", "wchar_t", "\"common_google_play_services_install_text\" : \"\u300c%1$s\u300d\u306e\u5b9f\u884c\u306b\u306f Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u304a\u4f7f\u3044\u306e\u7aef\u672b\u306b\u306f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\"", "\"password_toggle_content_description\" : \"\u0aaa\u0abe\u0ab8\u0ab5\u0ab0\u0acd\u0aa1 \u0aac\u0aa4\u0abe\u0ab5\u0acb\"", "N12_GLOBAL__N_116itanium_demangle12TemplateArgsE", "\"abc_action_mode_done\" : \"Bitti\"", "\"abc_menu_alt_shortcut_label\" : \"Alt\u00a0+\"", "\"fallback_menu_item_copy_link\" : \"Copia link\"", "\"abc_activitychooserview_choose_application\" : \"\u0538\u0576\u057f\u0580\u0565\u056c \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\"", "\"abc_searchview_description_voice\" : \"Ahozko bilaketa\"", "\"abc_menu_space_shortcut_label\" : \"taster za razmak\"", "__float128", "\"mtrl_picker_invalid_format\" : \"Ung\u00fcltiges Format.\"", "\"nav_app_bar_navigate_up_description\" : \"Pomik navzgor\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u05ea\u05d0\u05e8\u05d9\u05da \u05e1\u05d9\u05d5\u05dd\"", "\"nav_app_bar_open_drawer_description\" : \"Hap sirtarin e navigimit\"", "\"abc_activitychooserview_choose_application\" : \"\u0a8d\u0aaa\u0acd\u0ab2\u0abf\u0a95\u0ac7\u0ab6\u0aa8 \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u0430\u0434\u0441\u0443\u0442\u043d\u0456\u0447\u0430\u044e\u0446\u044c \u043d\u0430 \u0432\u0430\u0448\u0430\u0439 \u043f\u0440\u044b\u043b\u0430\u0434\u0437\u0435.\"", "\"common_google_play_services_notification_channel_name\" : \"\u0e04\u0e27\u0e32\u0e21\u0e1e\u0e23\u0e49\u0e2d\u0e21\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19\u0e02\u0e2d\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"common_google_play_services_unsupported_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 v\u00a0tomto za\u0159\u00edzen\u00ed nejsou podporov\u00e1ny.\"", "\"common_google_play_services_updating_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c06 \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c2a\u0c4d\u0c30\u0c38\u0c4d\u0c24\u0c41\u0c24\u0c02 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c02\u0c1a\u0c2c\u0c21\u0c41\u0c24\u0c41\u0c28\u0c4d\u0c28\u0c3e\u0c2f\u0c3f.\"", "\"abc_toolbar_collapse_description\" : \"\u0416\u0438\u044e\"", "\"mtrl_picker_out_of_range\" : \"\u0417\u0430 \u043c\u0435\u0436\u0430\u043c\u0438 \u0434\u0456\u0430\u043f\u0430\u0437\u043e\u043d\u0443: %1$s\"", "\"abc_menu_enter_shortcut_label\" : \"sisestusklahv\"", "8>;.98.(9.?", "\"nav_app_bar_open_drawer_description\" : \"Navigeerimissahtli avamine\"", "\"exposed_dropdown_menu_content_description\" : \"\u0db4\u0dad\u0db1 \u0db8\u0dd9\u0db1\u0dd4\u0dc0 \u0db4\u0dd9\u0db1\u0dca\u0dc0\u0db1\u0dca\u0db1\"", "\"material_minute_suffix\" : \"%1$s \u0d2e\u0d3f\u0d28\u0d3f\u0d31\u0d4d\u0d31\u0d4d\"", "\"common_google_play_services_enable_button\" : \"Enged\u00e9lyez\u00e9s\"", "\"character_counter_overflowed_content_description\" : \"S'ha superat el l\u00edmit de car\u00e0cters (%1$d de %2$d)\"", "\"material_minute_selection\" : \"Atlasiet min\u016btes.\"", "\"material_timepicker_clock_mode_description\" : \"Skift til urtilstand for at angive klokkesl\u00e6t.\"", "\"material_clock_toggle_content_description\" : \"Kies vm. of nm.\"", "\"mtrl_picker_out_of_range\" : \"Mimo rozsah: %1$s\"", "\"material_timepicker_select_time\" : \"Tijd selecteren\"", "N12_GLOBAL__N_116itanium_demangle16FunctionEncodingE", "\"material_minute_suffix\" : \"%1$s minuta\"", "\"mtrl_picker_date_header_title\" : \"\u0395\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03b7\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1\u03c2\"", "\"abc_shareactionprovider_share_with\" : \"\u1014\u103e\u1004\u1037\u103a \u1019\u103b\u103e\u101d\u1031\u101b\u1014\u103a\"", "\"common_google_play_services_update_title\" : \"Actualizar os servizos de Google Play\"", "\"abc_action_bar_up_description\" : \"Navigasi ke atas\"", "\"common_google_play_services_update_title\" : \"Atualizar o Google Play Services\"", "\"common_google_play_services_enable_button\" : \"Luba\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0d35\u0d7c\u0d37\u0d02 \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d3e\u0d7b \u0d1f\u0d3e\u0d2a\u0d4d\u0d2a\u0d4d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"mtrl_picker_invalid_format\" : \"\u039c\u03b7 \u03ad\u03b3\u03ba\u03c5\u03c1\u03b7 \u03bc\u03bf\u03c1\u03c6\u03ae.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\u0b30 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b39 \u0b0f\u0b15 \u0b38\u0b2e\u0b38\u0b4d\u0b5f\u0b3e \u0b30\u0b39\u0b3f\u0b1b\u0b3f\u0964 \u0b26\u0b5f\u0b3e\u0b15\u0b30\u0b3f \u0b2a\u0b41\u0b23\u0b3f \u0b1a\u0b47\u0b37\u0b4d\u0b1f\u0b3e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\u0964\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0938\u0939 \u0936\u0947\u0905\u0930 \u0915\u0930\u093e\"", "\"mtrl_picker_invalid_format\" : \"\u05e4\u05d5\u05e8\u05de\u05d8 \u05dc\u05d0 \u05d7\u05d5\u05e7\u05d9.\"", "\"mtrl_picker_invalid_format_example\" : \"N\u00e4ide: %1$s\"", "Unknown ARM float register", "\"material_clock_toggle_content_description\" : \"V\u00e4lj mellan FM och EM\"", "N10__cxxabiv129__pointer_to_member_type_infoE", "\"common_google_play_services_notification_channel_name\" : \"Beskikbaarheid van Google Play-dienste\"", "\"fallback_menu_item_share_link\" : \"\u0421\u0456\u043b\u0442\u0435\u043c\u0435\u043d\u0456 \u0431\u04e9\u043b\u0456\u0441\u0443\"", "\"item_view_role_description\" : \"Fitxa\"", "\"material_minute_selection\" : \"\u0412\u0438\u0431\u0435\u0440\u0456\u0442\u044c \u0445\u0432\u0438\u043b\u0438\u043d\u0438\"", "\"fallback_menu_item_open_in_browser\" : \"Opna \u00ed vafra\"", "\"abc_menu_enter_shortcut_label\" : \"Enter \u9375\"", "\"material_timepicker_select_time\" : \"\u09b8\u09ae\u09af\u09bc \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"abc_searchview_description_voice\" : \"\u0ab5\u0ac9\u0a87\u0ab8 \u0ab6\u0acb\u0aa7\"", "\"material_hour_suffix\" : \"%1$s \u0d2e\u0d23\u0d3f\"", "\"clear_text_end_icon_content_description\" : \"Sz\u00f6veg t\u00f6rl\u00e9se\"", "\"abc_activitychooserview_choose_application\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ec1\u0ead\u0eb1\u0e9a\"", "\"clear_text_end_icon_content_description\" : \"Menghapus teks\"", "\"copy_toast_msg\" : \"\u0428\u0438\u043b\u0442\u0435\u043c\u0435 \u0431\u0443\u0444\u0435\u0440\u0433\u0435 \u043a\u04e9\u0447\u04af\u0440\u04af\u043b\u0434\u04af\"", "\"common_google_play_services_enable_text\" : \"\u0986\u09aa\u09a8\u09bf Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09b8\u0995\u09cd\u09b7\u09ae \u09a8\u09be \u0995\u09b0\u09be \u09aa\u09b0\u09cd\u09af\u09a8\u09cd\u09a4 %1$s \u0995\u09be\u099c \u0995\u09b0\u09ac\u09c7 \u09a8\u09be\u0964\"", "\"abc_menu_delete_shortcut_label\" : \"ey\u00f0a\"", "\"abc_shareactionprovider_share_with_application\" : \"Kop\u012bgot ar lietojumprogrammu %s\"", "\"material_timepicker_minute\" : \"\u0425\u0432\u0456\u043b\u0456\u043d\u0430\"", "\"abc_activity_chooser_view_see_all\" : \"\u0c8e\u0cb2\u0ccd\u0cb2\u0cb5\u0ca8\u0ccd\u0ca8\u0cc2 \u0ca8\u0ccb\u0ca1\u0cbf\"", "\"mtrl_picker_invalid_format_use\" : \"P\u00ebrdor: %1$s\"", "\"common_google_play_services_updating_text\" : \"%1$s won't run without Google Play services, which are currently updating.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s fungerer ikke uden Google Play-tjenester, som ikke underst\u00f8ttes p\u00e5 din enhed.\"", "\"common_google_play_services_update_title\" : \"\u200f\u05e2\u05d3\u05db\u05d5\u05df \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"abc_action_bar_home_description\" : \"\u018fsas s\u0259hif\u0259y\u0259 ke\u00e7in\"", "\"character_counter_content_description\" : \"\u0646\u0648\u06cc\u0633\u0647\u200c\u0647\u0627\u06cc \u0648\u0627\u0631\u062f\u0634\u062f\u0647 %1$d \u0627\u0632 %2$d\"", "\"mtrl_picker_announce_current_selection\" : \"\u0939\u093e\u0932\u0915\u094b \u091a\u092f\u0928: %1$s\"", "\"material_hour_suffix\" : \"\u053a\u0561\u0574\u0568 %1$s \u0567\"", "\"mtrl_picker_date_header_title\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"material_minute_suffix\" : \"amaminithi angu-%1$s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s~\uc885\ub8cc\uc77c\"", "\"abc_capital_off\" : \"\u0e9b\u0eb4\u0e94\"", "\"abc_searchview_description_voice\" : \"Ricerca vocale\"", "\"common_google_play_services_install_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje nisu instalirane na ure\u0111aju.\"", "\"common_signin_button_text\" : \"\u0db4\u0dd4\u0dbb\u0db1\u0dca\u0db1\"", "\"icon_content_description\" : \"Ikona dijaloga\"", "\"common_google_play_services_notification_channel_name\" : \"Dostopnost storitev Google Play\"", "\"mtrl_picker_range_header_title\" : \"\u09b0\u09c7\u099e\u09cd\u099c \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"copy_toast_msg\" : \"Link bufer\u0259 kopyaland\u0131\"", "\"abc_menu_meta_shortcut_label\" : \"\u041c\u0435\u0442\u0430+\"", "\"character_counter_overflowed_content_description\" : \"Umkhawulo wezinhlamvu udlule u-%1$d kokungu-%2$d\"", "\"common_google_play_services_install_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u5165\u624b\"", "\"material_timepicker_select_time\" : \"Ch\u1ecdn th\u1eddi gian\"", "\"abc_searchview_description_query\" : \"\u12e8\u134d\u1208\u130b \u1218\u1320\u12ed\u1245\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Upphafsdagur\"", "\"item_view_role_description\" : \"Oortjie\"", "\"mtrl_picker_range_header_unselected\" : \"\u0411\u0430\u0448\u0442\u043e\u043e \u043a\u04af\u043d\u04af \u2013 \u0410\u044f\u043a\u0442\u043e\u043e \u043a\u04af\u043d\u04af\"", "\"abc_searchview_description_search\" : \"Soek\"", "\"common_google_play_services_enable_text\" : \"Google Play \uc11c\ube44\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub3c4\ub85d \uc124\uc815\ud574\uc57c %1$s\uc774(\uac00) \uc791\ub3d9\ud569\ub2c8\ub2e4.\"", "\"mtrl_picker_range_header_title\" : \"\u0395\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03b5\u03cd\u03c1\u03bf\u03c5\u03c2\"", "\"character_counter_content_description\" : \"%2$d \u0b87\u0bb2\u0bcd %1$d \u0b8e\u0bb4\u0bc1\u0ba4\u0bcd\u0ba4\u0bc1\u0b95\u0bb3\u0bcd \u0b89\u0bb3\u0bcd\u0bb3\u0bbf\u0b9f\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0bc1\u0bb3\u0bcd\u0bb3\u0ba9\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0b86\u0ba3\u0bcd\u0b9f\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0bb5\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0bb5\u0ba4\u0bb1\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1 \u0ba4\u0b9f\u0bcd\u0b9f\u0bb5\u0bc1\u0bae\u0bcd\"", "\"abc_searchview_description_clear\" : \"Futa hoja\"", "\"common_google_play_services_update_text\" : \"\u0986\u09aa\u09a8\u09bf Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u0986\u09aa\u09a1\u09c7\u099f \u09a8\u09be \u0995\u09b0\u09be \u09aa\u09b0\u09cd\u09af\u09a8\u09cd\u09a4 %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be\u0964\"", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0432\u0430\u043d\u0435 \u043d\u0430 \u043f\u0430\u0434\u0430\u0449\u043e\u0442\u043e \u043c\u0435\u043d\u044e\"", "\"abc_searchview_description_clear\" : \"\u6e05\u9664\u67e5\u8be2\"", "\"common_signin_button_text_long\" : \"Google-\u0440 \u043d\u044d\u0432\u0442\u0440\u044d\u0445:\"", "\"mtrl_picker_range_header_title\" : \"\u0a30\u0a47\u0a02\u0a1c \u0a1a\u0a41\u0a23\u0a4b\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0b86\"", "\"mtrl_chip_close_icon_content_description\" : \"X\u00f3a %1$s\"", "\"abc_action_menu_overflow_description\" : \"Weitere Optionen\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data d'inici - %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Thepha ukuze ushintshe ekukhetheni usuku\"", "\"common_google_play_services_updating_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05de\u05ea\u05e2\u05d3\u05db\u05e0\u05d9\u05dd \u05db\u05e8\u05d2\u05e2.\"", "\"material_timepicker_minute\" : \"\u5206\u9418\"", "\"abc_menu_alt_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200eAlt+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_title\" : \"\u66f4\u65b0 Google Play \u670d\u52a1\"", "\"character_counter_overflowed_content_description\" : \"Introduc\u00edronse %1$d caracteres, pero o l\u00edmite \u00e9 de %2$d\"", "\"mtrl_picker_save\" : \"Zapisz\"", "\"mtrl_chip_close_icon_content_description\" : \"No\u0146emt: %1$s\"", "\"material_timepicker_am\" : \"PD\"", "\"abc_searchview_description_clear\" : \"Izbris poizvedbe\"", "\"nav_app_bar_open_drawer_description\" : \"Otvori\u0165 naviga\u010dn\u00fd vys\u00favac\u00ed panel\"", "\"mtrl_picker_navigate_to_year_description\" : \"Canvia a l'any %1$s\"", "\"abc_searchview_description_search\" : \"Zoeken\"", "\"mtrl_picker_save\" : \"\u05e9\u05de\u05d9\u05e8\u05d4\"", "\"mtrl_picker_invalid_format_use\" : \"U\u017cyj formatu: %1$s\"", "\"mtrl_picker_save\" : \"Salvesta\"", "\"material_clock_toggle_content_description\" : \"AM \u06cc\u0627 PM \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"abc_searchview_description_clear\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca4\u0cc6\u0cb0\u0cb5\u0cc1\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"abc_action_mode_done\" : \"Tapos na\"", "\"common_google_play_services_update_text\" : \"A(z) %1$s alkalmaz\u00e1s csak akkor fog m\u0171k\u00f6dni, ha friss\u00edti a Google Play-szolg\u00e1ltat\u00e1sokat.\"", "\"common_signin_button_text\" : \"Connexion\"", "\"abc_action_mode_done\" : \"Fet\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tryk for at g\u00e5 til valg af \u00e5r\"", "\"abc_action_mode_done\" : \"\u1270\u12a8\u1293\u12cd\u1297\u120d\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\uc2dc\uc791\uc77c~%1$s\"", "\"material_minute_suffix\" : \"%1$s \u0c28\u0c3f\u0c2e\u0c3f\u0c37\u0c3e\u0c32\u0c41\"", "\"mtrl_picker_date_header_title\" : \"Selecciona unha data\"", "St9bad_alloc", "\"common_google_play_services_install_title\" : \"Nabavite Google Play usluge\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c7 %1$s \u09b8\u09be\u09b2\u09c7 \u09af\u09be\u09a8\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u0438\u0439 \u0448\u0438\u043d\u044d \u0445\u0443\u0432\u0438\u043b\u0431\u0430\u0440 \u0445\u044d\u0440\u044d\u0433\u0442\u044d\u0439. \u042d\u043d\u044d \u043d\u044c \u0443\u0434\u0430\u0445\u0433\u04af\u0439 \u04e9\u04e9\u0440\u04e9\u04e9 \u04e9\u04e9\u0440\u0438\u0439\u0433\u04e9\u04e9 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445 \u0431\u043e\u043b\u043d\u043e.\"", "\"abc_prepend_shortcut_label\" : \"Menyu+\"", "cannot create thread specific key for __cxa_get_globals()", "\"common_google_play_services_install_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, vendar teh ni v napravi.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f \u0442\u0435\u043a\u0441\u0442\u0443\"", "\"mtrl_picker_invalid_range\" : \"Intervallo non valido.\"", "\"material_timepicker_select_time\" : \"Selecionar hor\u00e1rio\"", "\"mtrl_picker_invalid_format_example\" : \"Pr\u00edklad: %1$s\"", "\"material_minute_selection\" : \"Wybierz minuty\"", "\"abc_action_bar_home_description\" : \"Tunjukkan jalan ke rumah\"", "\"abc_shareactionprovider_share_with_application\" : \"\u05e9\u05d9\u05ea\u05d5\u05e3 \u05e2\u05dd %s\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0391\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03bf\u03bd \u03c0\u03c1\u03bf\u03b7\u03b3\u03bf\u03cd\u03bc\u03b5\u03bd\u03bf \u03bc\u03ae\u03bd\u03b1\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0ac0 \u0aad\u0ac2\u0ab2\"", "\"character_counter_overflowed_content_description\" : \"Nombre maximal de caract\u00e8res d\u00e9pass\u00e9\u00a0: %1$d sur\u00a0%2$d\"", "\"common_google_play_services_update_button\" : \"\u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d4\u10d1\u10d0\"", "\"material_timepicker_hour\" : \"\u0c97\u0c82\u0c9f\u0cc6\"", "\"nav_app_bar_navigate_up_description\" : \"\u0993\u09aa\u09f0\u09b2\u09c8 \u09af\u09be\u0993\u0995\"", "\"search_menu_title\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"error_icon_content_description\" : \"Erro\"", "\"mtrl_picker_date_header_unselected\" : \"Gekose datum\"", "\"common_open_on_phone\" : \"Apri sul telefono\"", "\"abc_toolbar_collapse_description\" : \"Ciutkan\"", "\"clear_text_end_icon_content_description\" : \"Hreinsa texta\"", "\"abc_searchview_description_search\" : \"T\u00ecm ki\u1ebfm\"", "\"mtrl_picker_date_header_title\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\"", "\"nav_app_bar_open_drawer_description\" : \"\u1794\u17be\u1780\u1790\u178f\u179a\u17bb\u1780\u179a\u1780\"", "\"abc_capital_off\" : \"I-OFF\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u5f00\u59cb\u65e5\u671f \u2013 %1$s\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0434\u043e \u043d\u0430\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u043c\u0456\u0441\u044f\u0446\u044f\"", "\"common_google_play_services_wear_update_text\" : \"Versi baharu perkhidmatan Google Play diperlukan. Kemas kini automatik akan dijalankan sebentar lagi.\"", "\"common_open_on_phone\" : \"\u0532\u0561\u0581\u0565\u056c \u0570\u0565\u057c\u0561\u056d\u0578\u057d\u0578\u057e\"", "\"mtrl_picker_invalid_format_example\" : \"\u7bc4\u4f8b\uff1a%1$s\"", "\"nav_app_bar_open_drawer_description\" : \"Odpri predal za krmarjenje\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u062d\u0627\u0644\u062a \u0648\u0631\u0648\u062f\u06cc \u0646\u0648\u0634\u062a\u0627\u0631\u06cc\"", "\"abc_shareactionprovider_share_with\" : \"\u12a0\u130b\u122b \u1260\"", "\"common_open_on_phone\" : \"\u0c2b\u0c4b\u0c28\u0c4d\u200c\u0c32\u0c4b \u0c24\u0c46\u0c30\u0c41\u0c35\u0c41\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolom met dagen: %1$s\"", "\"abc_searchview_description_clear\" : \"\u0418\u0437\u0447\u0438\u0441\u0442\u0432\u0430\u043d\u0435 \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0430\u0442\u0430\"", "\"mtrl_picker_invalid_format_use\" : \"\u0410\u0448\u0438\u0433\u043b\u0430\u0445 \u0444\u043e\u0440\u043c\u0430\u0442: %1$s\"", "\"material_timepicker_text_input_mode_description\" : \"\u041f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u043d\u0430 \u0440\u044d\u0436\u044b\u043c \u0442\u044d\u043a\u0441\u0442\u0443 \u043f\u0440\u044b \u045e\u0432\u043e\u0434\u0437\u0435 \u0447\u0430\u0441\u0443.\"", "\"abc_searchview_description_search\" : \"\u0c36\u0c4b\u0c27\u0c28\"", "\"password_toggle_content_description\" : \"Jelsz\u00f3 megjelen\u00edt\u00e9se\"", "\"mtrl_picker_announce_current_selection\" : \"\u76ee\u524d\u9078\u53d6\uff1a%1$s\"", "operator>=", "\"abc_activity_chooser_view_see_all\" : \"Poka\u017c wszystko\"", "\"mtrl_picker_save\" : \"\u0c38\u0c47\u0c35\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"character_counter_content_description\" : \"Characters entered %1$d of %2$d\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52d9\u53ef\u7528\u6027\"", "\"bottomsheet_action_expand_halfway\" : \"Luaskan setengah\"", "\"common_google_play_services_updating_text\" : \"\u6b63\u5728\u66f4\u65b0 Google Play \u670d\u52d9\uff0c\u66f4\u65b0\u5b8c\u6210\u5f8c\u65b9\u53ef\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_signin_button_text_long\" : \"Google \u098f\u09b0 \u09ae\u09be\u09a7\u09cd\u09af\u09ae\u09c7 \u09b8\u09be\u0987\u09a8-\u0987\u09a8 \u0995\u09b0\u09c1\u09a8\"", "\"abc_capital_on\" : \"YONIQ\"", "\"common_google_play_services_unsupported_text\" : \"%1$s no se ejecutar\u00e1 sin los servicios de Google Play, que no son compatibles con tu dispositivo.\"", "\"search_menu_title\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\"", "\"common_google_play_services_enable_button\" : \"\u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cc1\"", "\"mtrl_picker_range_header_title\" : \"Wybierz zakres\"", "\"abc_capital_on\" : \"P\u00c4\u00c4LL\u00c4\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0438 \u0441\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play. \u041e\u0431\u0438\u0434\u0435\u0442\u0435 \u0441\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e.\"", "\"material_timepicker_clock_mode_description\" : \"Preklopite na na\u010din ure, da vnesete \u010das.\"", "\"common_google_play_services_install_button\" : \"Y\u00fckle\"", "\"abc_menu_delete_shortcut_label\" : \"supprimer\"", "\"mtrl_picker_navigate_to_year_description\" : \"Przejd\u017a do roku\u00a0%1$s\"", "\"common_google_play_services_install_title\" : \"\u5b89\u88dd Google Play \u670d\u52d9\"", "\"abc_shareactionprovider_share_with_application\" : \"Skupna raba z drugimi prek aplikacije %s\"", "\"abc_capital_off\" : \"FRA\"", "\"material_clock_toggle_content_description\" : \"AM \u0985\u09a5\u09ac\u09be PM \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"abc_menu_alt_shortcut_label\" : \"ALT +\"", "\"mtrl_picker_date_header_title\" : \"Selecione a data\"", "\"clear_text_end_icon_content_description\" : \"\u092a\u093e\u0920 \u0916\u093e\u0932\u0940 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Cambiar ao modo de introduci\u00f3n de texto\"", "\"material_minute_selection\" : \"Perc kiv\u00e1laszt\u00e1sa\"", "\"mtrl_badge_numberless_content_description\" : \"Novo obavje\u0161tenje\"", "\"material_minute_selection\" : \"S\u00e9lectionner des minutes\"", "\"abc_action_bar_home_description\" : \"\u0a39\u0a4b\u0a2e '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "\"common_google_play_services_notification_ticker\" : \"\u1780\u17c6\u17a0\u17bb\u179f\u200b\u200b\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u200b Google \u1780\u1798\u17d2\u179f\u17b6\u1793\u17d2\u178f\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Klepnut\u00edm prepnete na v\u00fdber roka\"", "\"mtrl_picker_announce_current_selection\" : \"Sele\u00e7\u00e3o atual: %1$s\"", "\"mtrl_picker_invalid_format_example\" : \"Esempio: %1$s\"", "unsigned long long", "unsigned __int128", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u12c8\u12f0 \u133d\u1211\u134d \u130d\u1264\u1275 \u1201\u1290\u1273 \u1240\u12ed\u122d\"", "\"common_google_play_services_update_text\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\u0dda \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0dda.\"", "\"abc_searchview_description_submit\" : \"Kirim kueri\"", "std::exception", "\"mtrl_picker_date_header_title\" : \"Tarih Se\u00e7in\"", "\"common_google_play_services_update_title\" : \"Perbarui layanan Google Play\"", "\"abc_capital_off\" : \"\u0d13\u0d2b\u0d4d\"", "\"mtrl_chip_close_icon_content_description\" : \"Usu\u0144: (%1$s)\"", "\"abc_search_hint\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\u2026\"", "\"mtrl_picker_a11y_next_month\" : \"Nenda kwenye mwezi unaofuata\"", "\"material_timepicker_pm\" : \"ip\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 data zako\u0144czenia\"", "\"character_counter_overflowed_content_description\" : \"Przekroczono limit znak\u00f3w (%1$d\u00a0z\u00a0%2$d)\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u7ed3\u675f\u65e5\u671f\"", "\"common_google_play_services_install_button\" : \"\u0b07\u0b28\u0b4d\u200d\u0b37\u0b4d\u0b1f\u0b32\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_signin_button_text\" : \"Identifikohu\"", "\"common_google_play_services_update_title\" : \"Google\u00a0Play pakalpojumu atjaunin\u0101\u0161ana\"", "\"common_google_play_services_unknown_issue\" : \"%1$s t\u0259tbiqi il\u0259 Google Play xidm\u0259tl\u0259ri aras\u0131nda problem var. Daha sonra yenid\u0259n c\u0259hd edin.\"", "\"search_menu_title\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"abc_searchview_description_clear\" : \"\u0e25\u0e49\u0e32\u0e07\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \uc0ad\uc81c\"", "\"bottomsheet_action_expand_halfway\" : \"\u0985\u09b0\u09cd\u09a7\u09c7\u0995 \u09aa\u09cd\u09b0\u09b8\u09be\u09b0\u09bf\u09a4 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_unknown_issue\" : \"%1$s inakumbwa na hitilafu ya huduma za Google Play. Tafadhali jaribu tena.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Cambiar al modo de entrada de calendario\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u0930\u094d\u0935 \u092a\u093e\u0939\u093e\"", "long long", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0627\u0646\u0642\u0631 \u0644\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0627\u062e\u062a\u064a\u0627\u0631 \u0639\u0627\u0645\"", "\"abc_searchview_description_clear\" : \"Wyczy\u015b\u0107 zapytanie\"", "\"copy_toast_msg\" : \"Skakel is na knipbord gekopieer\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u093e\"", "\"common_google_play_services_update_title\" : \"Aktualizace slu\u017eeb Google Play\"", "\"mtrl_picker_day_of_week_column_header\" : \"Lajur hari: %1$s\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u04af\u04af\u0434\u0438\u0439\u043d \u0431\u043e\u043b\u043e\u043c\u0436\u0438\u0442 \u0431\u0430\u0439\u0434\u0430\u043b\"", "\"common_google_play_services_install_button\" : \"Installeer\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u05ea\u05d0\u05e8\u05d9\u05da \u05e1\u05d9\u05d5\u05dd\"", "\"error_icon_content_description\" : \"\u0a17\u0a5c\u0a2c\u0a5c\"", "\"common_google_play_services_install_title\" : \"Google Play xizmatlarini o\u2018rnatish\"", "\"abc_menu_delete_shortcut_label\" : \"Delete \u9375\"", "\"common_google_play_services_unsupported_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem er ekki studd af t\u00e6kinu \u00fe\u00ednu.\"", "\"abc_action_menu_overflow_description\" : \"Opsi lain\"", "\"material_minute_selection\" : \"\u9078\u53d6\u5206\u9418\"", "\"item_view_role_description\" : \"Pestana\"", "\"common_google_play_services_update_button\" : \"Eguneratu\"", "\"mtrl_picker_a11y_prev_month\" : \"\u062a\u063a\u06cc\u06cc\u0631 \u0628\u0647 \u0645\u0627\u0647 \u0642\u0628\u0644\u06cc\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0433\"", "operator!", "\"mtrl_picker_save\" : \"\u4fdd\u5b58\"", "\"abc_capital_off\" : \"VYP.\"", "\"mtrl_picker_date_header_title\" : \"Chagua Tarehe\"", "\"material_hour_suffix\" : \"%1$s ezimpondweni\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\uc5d0\uc11c Google Play \uc11c\ube44\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub294 \ub370 \ubb38\uc81c\uac00 \uc788\uc2b5\ub2c8\ub2e4. \ub2e4\uc2dc \uc2dc\ub3c4\ud558\uc138\uc694.\"", "\"mtrl_picker_invalid_format_use\" : \"\u041a\u043e\u0440\u0438\u0441\u0442\u0438\u0442\u0435: %1$s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u12e8\u121b\u1265\u1242\u12eb \u1240\u1295\"", "\"material_clock_toggle_content_description\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01 AM \u0e2b\u0e23\u0e37\u0e2d PM\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0935\u0930\u094d\u0937 \u0928\u093f\u0935\u0921\u0923\u094d\u092f\u093e\u0938\u093e\u0920\u0940 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e \u0935\u0930 \u091f\u0945\u092a \u0915\u0930\u093e\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa\u00a0+\"", "\"mtrl_picker_a11y_prev_month\" : \"Predch\u00e1dzaj\u00faci mesiac\"", "\"common_google_play_services_notification_ticker\" : \"Viga Google Play teenustes\"", "\"mtrl_picker_invalid_format_use\" : \"Usar %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0421\u043b\u0443\u043f\u043e\u043a \u0434\u0437\u0451\u043d: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"\u09b8\u09ac\u0997\u09c1\u09b2\u09bf \u09a6\u09c7\u0996\u09c1\u09a8\"", "\"abc_searchview_description_clear\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10d2\u10d0\u10e1\u10e3\u10e4\u10d7\u10d0\u10d5\u10d4\u10d1\u10d0\"", "\"abc_activitychooserview_choose_application\" : \"S\u00e9lectionner une application\"", "\"abc_searchview_description_search\" : \"K\u00ebrko\"", "\"fallback_menu_item_copy_link\" : \"\u05dc\u05d4\u05e2\u05ea\u05e7\u05ea \u05d4\u05e7\u05d9\u05e9\u05d5\u05e8\"", "\"material_minute_selection\" : \"S\u00e9lectionnez les minutes\"", "operator-", "\"mtrl_chip_close_icon_content_description\" : \"Remove %1$s\"", "\"material_hour_suffix\" : \"Saa %1$s kamili\"", "\"abc_shareactionprovider_share_with_application\" : \"Jaa: %s\"", "\"abc_action_mode_done\" : \"\u0939\u094b \u0917\u092f\u093e\"", "\"nav_app_bar_navigate_up_description\" : \"Ngjitu lart\"", "\"common_google_play_services_notification_channel_name\" : \"Disponueshm\u00ebria e sh\u00ebrbimeve t\u00eb Google Play\"", "\"common_google_play_services_update_button\" : \"Aggiorna\"", "\"common_signin_button_text_long\" : \"\u0544\u0578\u0582\u057f\u0584 \u0563\u0578\u0580\u056e\u0565\u056c Google-\u0578\u057e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10da\u10d4\u10d1\u10d8\u10ea \u10db\u10ee\u10d0\u10e0\u10d3\u10d0\u10e3\u10ed\u10d4\u10e0\u10d4\u10da\u10d8\u10d0 \u10d7\u10e5\u10d5\u10d4\u10dc\u10d8 \u10db\u10dd\u10ec\u10e7\u10dd\u10d1\u10d8\u10da\u10dd\u10d1\u10d8\u10e1 \u10db\u10d8\u10d4\u10e0.\"", "\"fallback_menu_item_share_link\" : \"Ba\u011flant\u0131y\u0131 payla\u015f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u101e\u100a\u103a Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1014\u103e\u1004\u1037\u103a \u1015\u103c\u103f\u1014\u102c\u1021\u1014\u100a\u103a\u1038\u1004\u101a\u103a \u101b\u103e\u102d\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1011\u1015\u103a\u101c\u102f\u1015\u103a\u1000\u103c\u100a\u1037\u103a\u1015\u102b\u104b\"", "\"abc_action_bar_up_description\" : \"Kembali ke atas\"", "\"abc_toolbar_collapse_description\" : \"\u062a\u0635\u063a\u064a\u0631\"", "\"material_timepicker_minute\" : \"\u062f\u0642\u06cc\u0642\u0647\"", "\"abc_search_hint\" : \"Pretra\u017eite\u2026\"", "\"mtrl_picker_range_header_unselected\" : \"\u0938\u0941\u0930\u0942 \u0939\u094b\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916 \u2013 \u0938\u0902\u092a\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"item_view_role_description\" : \"Vaheleht\"", "\"common_google_play_services_update_title\" : \"Uppf\u00e6ra \u00fej\u00f3nustu Google Play\"", "\"material_hour_selection\" : \"Zgjidh or\u00ebn\"", "\"common_signin_button_text_long\" : \"Google \u0938\u0939 \u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u093e\"", "\"abc_toolbar_collapse_description\" : \"Comprimi\"", "\"abc_searchview_description_query\" : \"Consulta de cerca\"", "\"common_google_play_services_install_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u101b\u101a\u1030\u101b\u1014\u103a\"", "\"abc_toolbar_collapse_description\" : \"\u00d6sszecsuk\u00e1s\"", "\"abc_searchview_description_submit\" : \"\u0421\u04b1\u0440\u0430\u0443\u0434\u044b \u0436\u0456\u0431\u0435\u0440\u0443\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u9808\u66f4\u65b0 Google Play \u670d\u52d9\uff0c\u624d\u80fd\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"clear_text_end_icon_content_description\" : \"\u0422\u0435\u043a\u0441\u0442\u0438\u0439\u0433 \u0430\u0440\u0438\u043b\u0433\u0430\u0445\"", "\"abc_menu_meta_shortcut_label\" : \"Meta tausti\u0146\u0161\u00a0+\"", "\"common_google_play_services_unsupported_text\" : \"L'application %1$s ne fonctionnera pas sans les services Google Play, qui ne sont pas pris en charge par votre appareil.\"", "string", "\"common_google_play_services_enable_text\" : \"%1$s funktioniert erst nach der Aktivierung der Google Play-Dienste.\"", "std::basic_string, std::allocator >", "\"material_minute_suffix\" : \"\u0db8\u0dd2\u0db1\u0dd2\u0dad\u0dca\u0dad\u0dd4 %1$s\u0dba\u0dd2\"", "\"abc_toolbar_collapse_description\" : \"Zwi\u0144\"", "\"common_google_play_services_updating_text\" : \"%1$s ez da exekutatuko Google Play zerbitzurik gabe; une honetan eguneratzen ari dira zerbitzuok.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u05d4\u05d7\u05dc\u05e4\u05d4 \u05dc\u05e9\u05d9\u05d8\u05ea \u05e7\u05dc\u05d8 \u05e9\u05dc \u05d8\u05e7\u05e1\u05d8\"", "\"abc_search_hint\" : \"Buscar\u2026\"", "\"mtrl_picker_invalid_format\" : \"Neveljavna oblika.\"", "\"abc_action_menu_overflow_description\" : \"Altre opzioni\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u064a\"", "\"mtrl_picker_announce_current_selection\" : \"Selec\u021bia actual\u0103: %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"Kendu %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Alternar para o modo de entrada de texto\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0422\u0435\u043a\u0441\u0442 \u043a\u0438\u0440\u0433\u0438\u0437\u04af\u04af \u0440\u0435\u0436\u0438\u043c\u0438\u043d\u0435 \u043a\u043e\u0442\u043e\u0440\u0443\u043b\u0443\u0443\"", "\"fallback_menu_item_copy_link\" : \"\u041a\u043e\u043f\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0432\u0440\u044a\u0437\u043a\u0430\u0442\u0430\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Tanggal akhir\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fc\u00fc +\"", "\"mtrl_picker_a11y_next_month\" : \"Ndrysho te muaji i ardhsh\u00ebm\"", "\"mtrl_picker_a11y_next_month\" : \"P\u0101riet uz n\u0101kamo m\u0113nesi\"", "\"character_counter_overflowed_content_description\" : \"Karakterlimiet oorskry %1$d van %2$d\"", "\"mtrl_picker_date_header_unselected\" : \"Pasirinkta data\"", "\"nav_app_bar_navigate_up_description\" : \"Nach oben\"", "\"mtrl_picker_out_of_range\" : \"\u0395\u03ba\u03c4\u03cc\u03c2 \u03b5\u03cd\u03c1\u03bf\u03c5\u03c2: %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"Rimuovi %1$s\"", "\"error_icon_content_description\" : \"\u0413\u0440\u0435\u0448\u043a\u0430\"", "\"abc_searchview_description_search\" : \"Telusuri\"", "\"abc_menu_delete_shortcut_label\" : \"\u0443\u0441\u0442\u0433\u0430\u0445\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Kezd\u00e9s d\u00e1tuma\"", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u043f\u0430\u0434\u0430\u0458\u0443\u045b\u0438 \u043c\u0435\u043d\u0438\"", "\"abc_toolbar_collapse_description\" : \"R\u00e9duire\"", "\"fallback_menu_item_share_link\" : \"\u0428\u0438\u043b\u0442\u0435\u043c\u0435\u043d\u0438 \u0431\u04e9\u043b\u04af\u0448\u04af\u04af\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Alguskuup\u00e4ev \u2013 %1$s\"", "\"common_google_play_services_wear_update_text\" : \"Google Play xizmatlarining yangi versiyasi zarur. U o\u2018zini qisqa vaqt ichida yangilaydi.\"", "\"fallback_menu_item_open_in_browser\" : \"Buka dalam penyemak imbas\"", "\"abc_capital_on\" : \"\u0418\u0414\u042d\u0412\u0425\u0422\u042d\u0419\"", "\"abc_activitychooserview_choose_application\" : \"\u0b17\u0b4b\u0b1f\u0b3f\u0b0f \u0b06\u0b2a\u0b4d\u200d \u0b2c\u0b3e\u0b1b\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0aaa\u0abe\u0a9b\u0ab2\u0abe \u0aae\u0ab9\u0abf\u0aa8\u0abe \u0aaa\u0ab0 \u0aac\u0aa6\u0ab2\u0acb\"", "\"mtrl_picker_out_of_range\" : \"\u05de\u05d7\u05d5\u05e5 \u05dc\u05d8\u05d5\u05d5\u05d7: %1$s\"", "\"abc_action_mode_done\" : \"Gereed\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0531\u057e\u0561\u0580\u057f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"material_timepicker_text_input_mode_description\" : \"Lai ievad\u012btu laiku, iesl\u0113dziet teksta ievades re\u017e\u012bmu.\"", "operator^", "\"common_signin_button_text_long\" : \"Google \u0aae\u0abe\u0a82 \u0ab8\u0abe\u0a87\u0aa8 \u0a87\u0aa8 \u0a95\u0ab0\u0acb\"", "\"abc_search_hint\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\u2026\"", "\"mtrl_picker_out_of_range\" : \"\u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u062d\u062f\u0648\u062f\u0647: %1$s\"", "\"search_menu_title\" : \"\u0406\u0437\u0434\u0435\u0443\"", "\"mtrl_picker_out_of_range\" : \"\u09a8\u09bf\u09b0\u09cd\u09a6\u09bf\u09b7\u09cd\u099f \u09a4\u09be\u09b0\u09bf\u0996\u09c7\u09b0 \u09ac\u09be\u0987\u09b0\u09c7: %1$s\"", "\"material_minute_selection\" : \"P\u00ebrzgjidh minutat\"", "\"mtrl_picker_range_header_title\" : \"S\u00e9lectionnez la plage\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data de \u00eencepere\"", "\"common_google_play_services_updating_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play na kasalukuyang ina-update.\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Tarehe ya mwisho\"", "\"abc_searchview_description_search\" : \"Ara\"", "\"nav_app_bar_navigate_up_description\" : \"Idi gore\"", "\"common_google_play_services_update_title\" : \"\u0539\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"abc_action_bar_home_description\" : \"Prejs\u0165 na plochu\"", "\"mtrl_badge_numberless_content_description\" : \"\u00daj \u00e9rtes\u00edt\u00e9s\"", "\"abc_searchview_description_submit\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1005\u101b\u102c \u1021\u1001\u103b\u1000\u103a\u1021\u101c\u1000\u103a\u1000\u102d\u102f \u1015\u1031\u1038\u1015\u102d\u102f\u1037\u101b\u1014\u103a\"", "\"common_google_play_services_update_title\" : \"Actualiza\u021bi serviciile Google Play\"", "\"material_timepicker_am\" : \"de.\"", "\"abc_shareactionprovider_share_with\" : \"Dijeli sa\"", "\"mtrl_picker_text_input_month_abbr\" : \"m\"", "\"search_menu_title\" : \"Ara\"", "\"material_hour_suffix\" : \"%1$s \u9ede\"", "\"abc_menu_delete_shortcut_label\" : \"\u062d\u0630\u0641\"", "\"mtrl_picker_a11y_next_month\" : \"Vaihda seuraavaan kuukauteen\"", "\"search_menu_title\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "N12_GLOBAL__N_116itanium_demangle20NameWithTemplateArgsE", "\"nav_app_bar_navigate_up_description\" : \"\u0d89\u0dc4\u0dc5\u0da7 \u0dc3\u0d82\u0da0\u0dbd\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"copy_toast_msg\" : \"S'ha copiat l'enlla\u00e7 al porta-retalls\"", "\"material_minute_suffix\" : \"%1$s \u0645\u0646\u0679\"", "\"abc_activitychooserview_choose_application\" : \"\u098f\u0995\u099f\u09bf \u0985\u09cd\u09af\u09be\u09aa \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"abc_activitychooserview_choose_application\" : \"\u05d1\u05d7\u05d9\u05e8\u05ea \u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4\"", "\"abc_menu_delete_shortcut_label\" : \"\u0b21\u0b3f\u0b32\u0b3f\u0b1f\u0b4d\u200d\"", "\"item_view_role_description\" : \"\u0412\u043a\u043b\u0430\u0434\u043a\u0430\"", "\"fallback_menu_item_copy_link\" : \"\u0932\u093f\u0902\u0915 \u0915\u0949\u092a\u0940 \u0915\u0930\u093e\"", "\"abc_action_mode_done\" : \"Gotovo\"", "\"abc_action_mode_done\" : \"\u062a\u0645\"", "\"common_google_play_services_unknown_issue\" : \"%1$s tiene problemas con los servicios de Google Play. Vuelve a intentarlo.\"", "\"mtrl_picker_range_header_unselected\" : \"\u0ab6\u0ab0\u0ac2 \u0a95\u0ab0\u0ab5\u0abe\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96 \u2013 \u0ab8\u0aae\u0abe\u0aaa\u0acd\u0aa4\u0abf\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"common_signin_button_text_long\" : \"Kirjaudu Google-tilille\"", "\"common_open_on_phone\" : \"Abrir no tel\u00e9fono\"", "\"item_view_role_description\" : \"\u10e9\u10d0\u10dc\u10d0\u10e0\u10d7\u10d8\"", "\"common_open_on_phone\" : \"Maak oop op foon\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Idethi yokuphela\"", "unwind_phase2", "\"mtrl_picker_day_of_week_column_header\" : \"\u0e96\u0eb1\u0e99\u0ea1\u0eb7\u0ec9: %1$s\"", "\"common_google_play_services_enable_title\" : \"\u0544\u056b\u0561\u0581\u0576\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"nav_app_bar_open_drawer_description\" : \"Gezinme \u00e7ekmecesini a\u00e7\"", "long double", "\"abc_activitychooserview_choose_application\" : \"\u090f\u0909\u091f\u093e \u0905\u0928\u0941\u092a\u094d\u0930\u092f\u094b\u0917 \u091b\u093e\u0928\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_capital_off\" : \"\u5173\u95ed\"", "\"common_google_play_services_update_button\" : \"\u05e2\u05d3\u05db\u05df\"", "\"character_counter_overflowed_content_description\" : \"\u6587\u5b57\u6570\u5236\u9650\u3092\u8d85\u3048\u3066\u3044\u307e\u3059\uff08%1$d/%2$d \u6587\u5b57\uff09\"", "\"mtrl_picker_out_of_range\" : \"Hors de port\u00e9e\u00a0: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u041a\u043e\u043b\u043e\u043d\u0430 \u0441\u0430 \u0434\u0430\u043d\u0438\u043c\u0430: %1$s\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u0576\u0561\u056d\u0578\u0580\u0564 \u0561\u0574\u056b\u057d\"", "operator<<", "\"error_icon_content_description\" : \"\u062e\u0637\u0627\"", "non-virtual thunk to ", "\"common_google_play_services_unknown_issue\" : \"O app %1$s est\u00e1 com problemas com o Google Play Services. Tente novamente.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Cambiar al modo de entrada de texto\"", "\"abc_search_hint\" : \"\uac80\uc0c9...\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0441\"", "\"clear_text_end_icon_content_description\" : \"Effacer le texte\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0c38\u0c47\u0c35\u0c32 \u0c0e\u0c30\u0c4d\u0c30\u0c30\u0c4d\"", "\"mtrl_picker_range_header_title\" : \"Zeitraum ausw\u00e4hlen\"", "\"clear_text_end_icon_content_description\" : \"Tyhjenn\u00e4 teksti\"", "\"abc_searchview_description_voice\" : \"K\u00ebrkim me z\u00eb\"", "\"abc_searchview_description_search\" : \"Qidiruv\"", "\"copy_toast_msg\" : \"Odkaz bol skop\u00edrovan\u00fd do schr\u00e1nky\"", "\"material_hour_suffix\" : \"%1$s \u0441\"", "\"abc_search_hint\" : \"Otsige \u2026\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0555\u0580\u0565\u0580\u056b \u057d\u0575\u0578\u0582\u0576\u0561\u056f\u055d %1$s\"", "\"mtrl_picker_text_input_date_hint\" : \"\u092e\u093f\u0924\u093f\"", "\"common_google_play_services_enable_title\" : \"Google Play-services inschakelen\"", "\"abc_activitychooserview_choose_application\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200eChoose an app\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"icon_content_description\" : \"Ikona okna\"", "N12_GLOBAL__N_116itanium_demangle13ParameterPackE", "\"character_counter_overflowed_content_description\" : \"\u1005\u102c\u101c\u102f\u1036\u1038\u101b\u1031\u1021\u1000\u1014\u1037\u103a\u1021\u101e\u1010\u103a %2$d \u101c\u102f\u1036\u1038\u1010\u103d\u1004\u103a %1$d \u101c\u102f\u1036\u1038\u1000\u103b\u1031\u102c\u103a\u1014\u1031\u101e\u100a\u103a\"", "\"common_google_play_services_updating_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u00a0%1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03ce\u03bd\u03bf\u03bd\u03c4\u03b1\u03b9 \u03b1\u03c5\u03c4\u03ae\u03bd \u03c4\u03b7 \u03c3\u03c4\u03b9\u03b3\u03bc\u03ae.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u1218\u1328\u1228\u123b \u1240\u1295\"", "\"material_timepicker_minute\" : \"\u0e99\u0eb2\u0e97\u0eb5\"", "\"abc_searchview_description_query\" : \"Consulta de pesquisa\"", "\"material_timepicker_text_input_mode_description\" : \"Preklopite na na\u010din za vna\u0161anje besedila, da vnesete \u010das.\"", "\"mtrl_picker_invalid_format\" : \"Invalid na format.\"", "\"common_google_play_services_install_title\" : \"\u0418\u0437\u0442\u0435\u0433\u043b\u044f\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"material_minute_selection\" : \"Odaberite minute\"", "\"abc_searchview_description_query\" : \"\u0ab6\u0acb\u0aa7 \u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0\"", "\"mtrl_picker_text_input_day_abbr\" : \"h\"", "\"abc_search_hint\" : \"Mekl\u0113jiet\u2026\"", "\"mtrl_picker_navigate_to_year_description\" : \"Mag-navigate patungo sa taong %1$s\"", "\"material_hour_suffix\" : \"%1$s val.\"", "\"mtrl_picker_announce_current_selection\" : \"Aktuelni izbor: %1$s\"", "\"mtrl_picker_range_header_title\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u0645\u062d\u062f\u0648\u062f\u0647\"", "\"common_google_play_services_wear_update_text\" : \"Uusi Google Play Palveluiden versio tarvitaan. Se p\u00e4ivittyy pian.\"", "N12_GLOBAL__N_116itanium_demangle10MemberExprE", "\"fallback_menu_item_share_link\" : \"\u0425\u043e\u043b\u0431\u043e\u043e\u0441\u044b\u0433 \u0445\u0443\u0432\u0430\u0430\u043b\u0446\u0430\u0445\"", "\"abc_action_menu_overflow_description\" : \"\u0531\u0575\u056c \u0568\u0576\u057f\u0580\u0561\u0576\u0584\u0576\u0565\u0580\"", "\"fallback_menu_item_open_in_browser\" : \"\u0421\u0435\u0440\u0435\u043f\u0447\u0438\u0434\u0435\u043d \u0430\u0447\u0443\u0443\"", "\"abc_searchview_description_submit\" : \"\u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\u0c28\u0c3f \u0c38\u0c2e\u0c30\u0c4d\u0c2a\u0c3f\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_install_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini tiada pada peranti anda.\"", "\"mtrl_picker_out_of_range\" : \"Out of range: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kunlar ustuni: %1$s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0c2e\u0c41\u0c17\u0c3f\u0c02\u0c2a\u0c41 \u0c24\u0c47\u0c26\u0c40\"", "\"abc_action_bar_home_description\" : \"\ud648\uc73c\ub85c \uc774\ub3d9\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u8bbe\u5907\u6ca1\u6709\u5b89\u88c5 Google Play \u670d\u52a1\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"mtrl_picker_a11y_prev_month\" : \"Verander na vorige maand\"", "unknown register", "\"common_google_play_services_wear_update_text\" : \"\uc0c8 \ubc84\uc804\uc758 Google Play \uc11c\ube44\uc2a4\uac00 \ud544\uc694\ud569\ub2c8\ub2e4. \uace7 \uc790\ub3d9\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8\ub429\ub2c8\ub2e4.\"", "\"mtrl_picker_date_header_title\" : \"Vyberte d\u00e1tum\"", "\"abc_prepend_shortcut_label\" : \"\u05ea\u05e4\u05e8\u05d9\u05d8+\"", "\"exposed_dropdown_menu_content_description\" : \"Onyesha menyu kunjuzi\"", "\"nav_app_bar_navigate_up_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c0\u03c1\u03bf\u03c2 \u03c4\u03b1 \u03b5\u03c0\u03ac\u03bd\u03c9\"", "\"mtrl_chip_close_icon_content_description\" : \"\u179b\u17bb\u1794 %1$s\"", "\"common_google_play_services_unsupported_text\" : \"No es posible ejecutar la aplicaci\u00f3n %1$s sin los Servicios de Google Play, que no son compatibles con tu dispositivo.\"", "\"clear_text_end_icon_content_description\" : \"Wyczy\u015b\u0107 tekst\"", "\"common_google_play_services_update_title\" : \"Aktualiz\u00e1cia slu\u017eieb Google Play\"", "\"material_timepicker_select_time\" : \"Odabir vremena\"", "\"mtrl_badge_numberless_content_description\" : \"Bagong notification\"", "\"abc_capital_off\" : \"IZSL\u0112GT\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e4lj en app\"", "\"abc_searchview_description_query\" : \"Dotaz pro vyhled\u00e1v\u00e1n\u00ed\"", "\"material_minute_suffix\" : \"%1$s \u0580\u0578\u057a\u0565\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03ad\u03bd\u03b1\u03c1\u03be\u03b7\u03c2\"", "\"mtrl_picker_save\" : \"\u0645\u062d\u0641\u0648\u0638 \u06a9\u0631\u06cc\u06ba\"", "\"abc_shareactionprovider_share_with\" : \"Condividi con\"", "\"material_timepicker_clock_mode_description\" : \"\u0423\u0430\u049b\u044b\u0442\u0442\u044b \u0435\u043d\u0433\u0456\u0437\u0443 \u04af\u0448\u0456\u043d \u0441\u0430\u0493\u0430\u0442 \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0435 \u04e9\u0442\u0456\u04a3\u0456\u0437.\"", "\"mtrl_picker_out_of_range\" : \"S\u00f3 se admiten datas do intervalo: %1$s\"", "\"abc_action_bar_home_description\" : \"Navegar para a p\u00e1gina inicial\"", "\"abc_action_bar_up_description\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u0628\u0627\u0644\u0627\"", "\"common_google_play_services_update_text\" : \"Aplik\u00e1ciu %1$s bude mo\u017en\u00e9 spusti\u0165 a\u017e po aktualiz\u00e1cii slu\u017eieb Google Play.\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0440\u0435\u043c\u0438\u043d\u0430\u0432\u0430\u043d\u0435 \u043a\u044a\u043c \u043f\u0440\u0435\u0434\u0438\u0448\u043d\u0438\u044f \u043c\u0435\u0441\u0435\u0446\"", "\"abc_menu_function_shortcut_label\" : \"Function \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a05\u0a38\u0a3c\u0a41\u0a71\u0a27\u0a40\"", "\"material_timepicker_hour\" : \"\u6642\u9593\"", "\"abc_capital_off\" : \"\u0c86\u0cab\u0ccd\"", "\"material_timepicker_minute\" : \"\u1019\u102d\u1014\u1005\u103a\"", "\"common_google_play_services_enable_text\" : \"Aplikacija %1$s ne\u0107e raditi ako ne omogu\u0107ite Google Play usluge.\"", "\"mtrl_picker_invalid_format_use\" : \"Erabili: %1$s\"", "\"abc_action_bar_home_description\" : \"Mag-navigate sa home\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u062a\u0627\u0631\u06cc\u062e \u067e\u0627\u06cc\u0627\u0646\"", "\"abc_shareactionprovider_share_with_application\" : \"Bagikan dengan %s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0414\u0430\u043a\u0440\u0430\u043d\u0456\u0446\u0435\u0441\u044f, \u043a\u0430\u0431 \u043f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u043d\u0430 \u0432\u044b\u0431\u0430\u0440 \u0434\u043d\u044f\"", "\"password_toggle_content_description\" : \"\u0551\u0578\u0582\u0581\u0561\u0564\u0580\u0565\u056c \u0563\u0561\u0572\u057f\u0576\u0561\u0562\u0561\u057c\u0568\"", "\"common_google_play_services_notification_ticker\" : \"B\u0142\u0105d Us\u0142ug Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0647\u0645\u200c\u0631\u0633\u0627\u0646\u06cc \u0628\u0627 %s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Passa alla modalit\u00e0 di immissione Calendario\"", "unsigned char", "\"material_timepicker_clock_mode_description\" : \"Skipta yfir \u00ed klukkustillingu til a\u00f0 f\u00e6ra inn t\u00edma.\"", "\"material_minute_suffix\" : \"%1$s \u0445\u0432\"", "\"abc_search_hint\" : \"\u0c35\u0c46\u0c24\u0c15\u0c02\u0c21\u0c3f\u2026\"", "\"common_google_play_services_update_title\" : \"Oppdater Google Play-tjenester\"", "\"common_google_play_services_install_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8\u0baa\u0bcd \u0baa\u0bc6\u0bb1\u0bb5\u0bc1\u0bae\u0bcd\"", "\"abc_action_bar_home_description\" : \"\u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0\u0da7 \u0dc3\u0d82\u0da0\u0dcf\u0dbd\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"copy_toast_msg\" : \"Nuoroda nukopijuota \u012f i\u0161karpin\u0119\"", "\"item_view_role_description\" : \"Tabul\u00e1tor\"", "\"mtrl_picker_range_header_title\" : \"Oraliqni tanlang\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u0435 \u0441\u043f\u043e\u0432\u0456\u0449\u0435\u043d\u043d\u044f\"", "\"common_google_play_services_update_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1021\u102c\u1038 \u1021\u1015\u103a\u1012\u102d\u1010\u103a\u1019\u101c\u102f\u1015\u103a\u1015\u102b\u1000 %1$s \u1021\u101c\u102f\u1015\u103a\u101c\u102f\u1015\u103a\u1019\u100a\u103a \u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Switch to calendar input mode\"", "\"mtrl_picker_invalid_format\" : \"\u120d\u12ad \u12eb\u120d\u1206\u1290 \u1245\u122d\u1338\u1275\"", "\"common_google_play_services_notification_channel_name\" : \"Beschikbaarheid van Google Play-services\"", "\"material_timepicker_minute\" : \"M\u0438\u043d\u0443\u0442\"", "\"material_hour_selection\" : \"\u0412\u0438\u0431\u0440\u0430\u0442\u0438 \u0433\u043e\u0434\u0438\u043d\u0443\"", "\"nav_app_bar_navigate_up_description\" : \"\u0416\u043e\u0493\u0430\u0440\u044b \u049b\u0430\u0440\u0430\u0439 \u0436\u044b\u043b\u0436\u0443\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u65e5\"", "\"mtrl_picker_navigate_to_year_description\" : \"Prejs\u0165 na rok %1$s\"", "\"mtrl_picker_out_of_range\" : \"\u0418\u0437\u0432\u044a\u043d \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430: %1$s\"", "\"material_timepicker_select_time\" : \"\u1787\u17d2\u179a\u17be\u179f\u200b\u1798\u17c9\u17c4\u1784\"", "\"material_timepicker_clock_mode_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u0433\u043e\u0434\u0438\u043d\u043d\u0438\u043a\u0430, \u0449\u043e\u0431 \u0432\u0432\u0435\u0441\u0442\u0438 \u0447\u0430\u0441.\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043d\u043e \u043f\u0440\u0435\u0431\u0430\u0440\u0443\u0432\u0430\u045a\u0435\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data e p\u00ebrfundimit\"", "\"fallback_menu_item_copy_link\" : \"Kop\u00edrova\u0165 odkaz\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u09a6\u09bf\u09a8 \u09ac\u09c7\u099b\u09c7 \u09a8\u09c7\u0993\u09df\u09be\u09b0 \u09ae\u09cb\u09a1\u09c7 \u09ac\u09a6\u09b2 \u0995\u09b0\u09a4\u09c7 \u099f\u09cd\u09af\u09be\u09aa \u0995\u09b0\u09c1\u09a8\"", "\"abc_menu_space_shortcut_label\" : \"\u03b4\u03b9\u03ac\u03c3\u03c4\u03b7\u03bc\u03b1\"", "\"mtrl_picker_day_of_week_column_header\" : \"Dienu sleja: %1$s\"", "\"abc_menu_enter_shortcut_label\" : \"\u201eenter\u201c\"", "\"character_counter_overflowed_content_description\" : \"%2$d \u092e\u0927\u094d\u092f\u0947 %1$d \u0935\u0930\u094d\u0923 \u0938\u0940\u092e\u093e \u0928\u093e\u0918\u094d\u092f\u094b\"", "\"common_google_play_services_unknown_issue\" : \"La aplicaci\u00f3n %1$s tiene problemas con los Servicios de Google Play. Vuelve a intentarlo.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0e41\u0e15\u0e30\u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e43\u0e0a\u0e49\u0e01\u0e32\u0e23\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e27\u0e31\u0e19\"", "\"abc_action_bar_up_description\" : \"Liigu \u00fcles\"", "\"common_google_play_services_unknown_issue\" : \"Sovelluksella %1$s on ongelmia Google Play Palveluiden kanssa. Yrit\u00e4 uudelleen.\"", "\"abc_searchview_description_query\" : \"Requ\u00eate de recherche\"", "\"common_google_play_services_enable_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"mtrl_picker_out_of_range\" : \"\u018fhat\u0259 dair\u0259sind\u0259n k\u0259nar: %1$s\"", "N12_GLOBAL__N_116itanium_demangle20TemplateArgumentPackE", "\"mtrl_picker_text_input_year_abbr\" : \"t\"", "\"mtrl_picker_day_of_week_column_header\" : \"Columna de d\u00edas: %1$s\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Datum zah\u00e1jen\u00ed \u2013 %1$s\"", "\"material_hour_selection\" : \"Selecionar hor\u00e1rio\"", "\"material_hour_selection\" : \"\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0633\u0627\u0639\u0629\"", "\"character_counter_content_description\" : \"Ievad\u012bt\u0101s rakstz\u012bmes: %1$d\u00a0no\u00a0%2$d\"", "\"material_timepicker_minute\" : \"Perc\"", "\"abc_search_hint\" : \"\u0dc3\u0ddc\u0dba\u0db1\u0dca\u0db1...\"", "\"material_timepicker_text_input_mode_description\" : \"Prebacite u na\u010din unosa teksta za unos vremena.\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0e44\u0e1b\u0e17\u0e35\u0e48\u0e1b\u0e35 %1$s\"", "\"abc_action_bar_up_description\" : \"Omhoog navigeren\"", "\"abc_menu_space_shortcut_label\" : \"blanksteg\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Date de fin\"", "\"mtrl_picker_date_header_title\" : \"\ub0a0\uc9dc \uc120\ud0dd\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u2013kon\u010dni datum\"", "\"bottomsheet_action_expand_halfway\" : \"Despregar ata a metade\"", "\"material_hour_selection\" : \"Seleziona l'ora\"", "\"abc_searchview_description_search\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0627\u0646\u0642\u0631 \u0644\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0627\u062e\u062a\u064a\u0627\u0631 \u064a\u0648\u0645\"", "\"common_google_play_services_enable_text\" : \"\u200f\u062c\u0628 \u062a\u06a9 \u0622\u067e Google Play \u0633\u0631\u0648\u0633\u0632 \u0641\u0639\u0627\u0644 \u0646\u06c1\u06cc\u06ba \u06a9\u0631 \u0644\u06cc\u062a\u06d2\u060c %1$s \u06a9\u0627\u0645 \u0646\u06c1\u06cc\u06ba \u06a9\u0631\u06d2 \u06af\u06cc\u06d4\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0435\u0431\u043d\u0430 \u0458\u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0437\u0438\u0458\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430. \u0423\u0441\u043a\u043e\u0440\u043e \u045b\u0435 \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0438.\"", "\"chip_text\" : \"Chip text\"", "\"error_icon_content_description\" : \"\u0410\u043b\u0434\u0430\u0430\"", "\"mtrl_picker_range_header_title\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u043f\u0435\u0440\u0438\u043e\u0434\"", "\"mtrl_picker_invalid_format\" : \"Yaroqsiz format.\"", "\"common_google_play_services_enable_title\" : \"Habilita Servicios de Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u0585\u0580\u0561\u0581\u0578\u0582\u0575\u0581\u056b \u0574\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u0574\u0561\u0576 \u057c\u0565\u056a\u056b\u0574\"", "\"mtrl_chip_close_icon_content_description\" : \"Ondoa %1$s\"", "\"material_minute_suffix\" : \"%1$s\u00a0minut\"", "\"abc_action_bar_up_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje ure\u0111aj ne podr\u017eava.\"", "\"common_google_play_services_wear_update_text\" : \"Nevojitet nj\u00eb version i ri i sh\u00ebrbimeve t\u00eb \"Luaj me Google\". Ai do t\u00eb p\u00ebrdit\u00ebsohet automatikisht s\u00eb shpejti.\"", "\"common_google_play_services_update_text\" : \"\u0c2e\u0c40\u0c30\u0c41 Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c38\u0c4d\u0c24\u0c47 \u0c2e\u0c3f\u0c28\u0c39\u0c3e %1$s \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41.\"", "\"abc_action_mode_done\" : \"Gatavs\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u6708\"", "\"abc_shareactionprovider_share_with\" : \"\u0907\u0938\u0938\u0947 \u0936\u0947\u092f\u0930 \u0915\u0930\u0947\u0902:\"", "\"exposed_dropdown_menu_content_description\" : \"\u0d21\u0d4d\u0d30\u0d4b\u0d2a\u0d4d\u0d2a\u0d4d\u200c \u0d21\u0d57\u0d7a \u0d2e\u0d46\u0d28\u0d41 \u0d15\u0d3e\u0d23\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0cb9\u0cbf\u0c82\u0ca6\u0cbf\u0ca8 \u0ca4\u0cbf\u0c82\u0c97\u0cb3\u0cbf\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"character_counter_overflowed_content_description\" : \"\u041b\u0456\u043c\u0456\u0442 \u0441\u0456\u043c\u0432\u0430\u043b\u0430\u045e \u043f\u0435\u0440\u0430\u0432\u044b\u0448\u0430\u043d\u044b: %1$d \u0437 %2$d\"", "\"common_google_play_services_install_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dbd\u0db6\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"abc_search_hint\" : \"C\u0103uta\u021bi\u2026\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u670d\u52a1\u51fa\u9519\"", "\"abc_menu_delete_shortcut_label\" : \"\u0ea5\u0eb6\u0e9a\"", "\"material_timepicker_select_time\" : \"Selecionar hora\"", "operator<=>", "\"common_google_play_services_install_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u1794\u17d2\u179a\u179f\u17b7\u1793\u1794\u17be\u1798\u17b7\u1793\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u1793\u17b6\u1793\u17b6\u179a\u1794\u179f\u17cb Google Play \u178a\u17c2\u179b\u1794\u17b6\u1793\u1794\u17b6\u178f\u17cb\u1796\u17b8\u17a7\u1794\u1780\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u17d4\"", "\"abc_searchview_description_submit\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u9001\u4fe1\"", "\"material_hour_selection\" : \"Selecta\u021bi ora\"", "\"common_google_play_services_install_text\" : \"%1$s, \u015fu anda cihaz\u0131n\u0131zda bulunmayan Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f \u0432 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u0456\"", "\"abc_searchview_description_search\" : \"\u641c\u5c0b\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d jakinarazpen berri baino gehiago\"", "\"common_signin_button_text_long\" : \"\u0110\u0103ng nh\u1eadp b\u1eb1ng Google\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Mudar para o modo de introdu\u00e7\u00e3o de calend\u00e1rio\"", "\"password_toggle_content_description\" : \"R\u0101d\u012bt paroli\"", "\"mtrl_picker_out_of_range\" : \"\u0c2a\u0c30\u0c3f\u0c27\u0c3f \u0c35\u0c46\u0c32\u0c41\u0c2a\u0c32 \u0c09\u0c02\u0c26\u0c3f: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0dc4\u0d9a\u0dd4\u0dc5\u0db1\u0dca\u0db1\"", "\"nav_app_bar_open_drawer_description\" : \"Vula idrowa lakho lokuzula\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0939\u091f\u093e\u0909\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_update_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"clear_text_end_icon_content_description\" : \"Borrar texto\"", "\"material_timepicker_clock_mode_description\" : \"\u0ba8\u0bc7\u0bb0 \u0b89\u0bb3\u0bcd\u0bb3\u0bc0\u0b9f\u0bcd\u0b9f\u0bbf\u0bb1\u0bcd\u0b95\u0bbe\u0b95, \u0b95\u0b9f\u0bbf\u0b95\u0bbe\u0bb0\u0baa\u0bcd \u0baa\u0baf\u0ba9\u0bcd\u0bae\u0bc1\u0bb1\u0bc8\u0b95\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Minimum %1$d yeni bildiri\u015f\"", "\"error_icon_content_description\" : \"\u1021\u1019\u103e\u102c\u1038\"", "\"exposed_dropdown_menu_content_description\" : \"Show drop-down menu\"", "\"material_hour_suffix\" : \"%1$s \u00f3ra\"", "\"common_google_play_services_notification_ticker\" : \"\u041f\u043e\u043c\u0438\u043b\u043a\u0430 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play\"", "\"mtrl_picker_invalid_format_use\" : \"\u041a\u043e\u0440\u0438\u0441\u0442\u0435\u0442\u0435: %1$s\"", "\"abc_searchview_description_query\" : \"Termen de c\u0103utare\"", "\"fallback_menu_item_open_in_browser\" : \"\u0386\u03bd\u03bf\u03b9\u03b3\u03bc\u03b1 \u03c3\u03b5 \u03c0\u03c1\u03cc\u03b3\u03c1\u03b1\u03bc\u03bc\u03b1 \u03c0\u03b5\u03c1\u03b9\u03ae\u03b3\u03b7\u03c3\u03b7\u03c2\"", "\"mtrl_picker_save\" : \"Ruaj\"", "\"mtrl_picker_text_input_day_abbr\" : \"N\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Petsa ng pagtatapos\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Klepnut\u00edm p\u0159epnete na v\u00fdb\u011br roku\"", "\"mtrl_picker_invalid_format_example\" : \"\u05d3\u05d5\u05d2\u05de\u05d4: %1$s\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0935\"", "\"common_google_play_services_enable_title\" : \"Aktiv\u00e9r Google Play-tjenester\"", "\"bottomsheet_action_expand_halfway\" : \"\u0416\u0430\u0440\u044b\u043c\u044b\u043d \u0436\u0430\u0439\u044b\u043f \u043a\u04e9\u0440\u0441\u04e9\u0442\u04af\u04af\"", "\"mtrl_badge_numberless_content_description\" : \"\u1021\u1000\u103c\u1031\u102c\u1004\u103a\u1038\u1000\u103c\u102c\u1038\u1001\u103b\u1000\u103a\u1021\u101e\u1005\u103a\"", "\"common_google_play_services_enable_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb n\u00ebse nuk aktivizon sh\u00ebrbimet e \"Luaj me Google\".\"", "\"common_google_play_services_install_text\" : \"O app %1$s n\u00e3o funciona sem o Google Play Services, o qual n\u00e3o est\u00e1 instalado no seu dispositivo.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u101b\u1000\u103a\u101b\u103d\u1031\u1038\u1001\u103b\u101a\u103a\u1001\u103c\u1004\u103a\u1038\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a \u1010\u102d\u102f\u1037\u1015\u102b\"", "\"abc_action_bar_home_description\" : \"\u0b39\u0b4b\u0b2e\u0b4d \u0b2a\u0b47\u0b1c\u0b4d\u200c\u0b15\u0b41 \u0b28\u0b47\u0b2d\u0b3f\u0b17\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"exposed_dropdown_menu_content_description\" : \"\u0ca1\u0ccd\u0cb0\u0cbe\u0caa\u0ccd\u200c\u0ca1\u0ccc\u0ca8\u0ccd \u0cae\u0cc6\u0ca8\u0cc1 \u0ca4\u0ccb\u0cb0\u0cbf\u0cb8\u0cbf\"", "\"mtrl_picker_announce_current_selection\" : \"\u0ab9\u0abe\u0ab2\u0aa8\u0ac0 \u0aaa\u0ab8\u0a82\u0aa6\u0a97\u0ac0: %1$s\"", "\"common_google_play_services_update_button\" : \"\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\"", "\"abc_action_mode_done\" : \"\u062a\u0645\u0627\u0645\"", "\"abc_searchview_description_submit\" : \"Zoekopdracht verzenden\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilitat de serveis de Google Play\"", "libc++abi", "\"exposed_dropdown_menu_content_description\" : \"Vis rullegardinmenyen\"", "\"character_counter_content_description\" : \"%1$d van %2$d tekens opgegeven\"", "\"abc_action_bar_up_description\" : \"\u10d6\u10d4\u10db\u10dd\u10d7 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"fallback_menu_item_copy_link\" : \"\u0b87\u0ba3\u0bc8\u0baa\u0bcd\u0baa\u0bc8 \u0ba8\u0b95\u0bb2\u0bc6\u0b9f\u0bc1\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0986\u0997\u09c7\u09b0 \u09ae\u09be\u09b8\u09c7 \u09af\u09be\u09a8\"", "\"material_timepicker_am\" : \"\u4e0a\u5348\"", "\"nav_app_bar_open_drawer_description\" : \"Otw\u00f3rz panel nawigacji\"", "\"abc_searchview_description_voice\" : \"\u0413\u0430\u043b\u0430\u0441\u0430\u0432\u044b \u043f\u043e\u0448\u0443\u043a\"", "\"common_google_play_services_enable_button\" : \"\u049a\u043e\u0441\u0443\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play, \u0448\u0442\u043e \u043d\u0435 \u0441\u0435 \u043f\u043e\u0434\u0440\u0436\u0430\u043d\u0438 \u043e\u0434 \u0443\u0440\u0435\u0434\u043e\u0432.\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0440\u043e\u043c\u0435\u043d\u0438 \u043d\u0430 \u0441\u043b\u0435\u0434\u043d\u0438\u043e\u0442 \u043c\u0435\u0441\u0435\u0446\"", "\"abc_prepend_shortcut_label\" : \"Valikko+\"", "\"bottomsheet_action_expand_halfway\" : \"\u0baa\u0bbe\u0ba4\u0bbf\u0baf\u0bb3\u0bb5\u0bc1 \u0bb5\u0bbf\u0bb0\u0bbf\u0bb5\u0bbe\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"abc_activity_chooser_view_see_all\" : \"Sj\u00e1 allt\"", "\"nav_app_bar_navigate_up_description\" : \"\u041e\u0434\u0438 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"abc_toolbar_collapse_description\" : \"\u06a9\u0648\u0686\u06a9 \u06a9\u0631\u062f\u0646\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0dc4\u0da7 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db8\u0d9c\u0dd2\u0db1\u0dca \u0d9c\u0dd0\u0da7\u0dbd\u0dd4 \u0d87\u0dad. \u0d9a\u0dbb\u0dd4\u0dab\u0dcf\u0d9a\u0dbb \u0db1\u0dd0\u0dc0\u0dad \u0d8b\u0dad\u0dca\u0dc3\u0dcf\u0dc4 \u0d9a\u0dbb\u0db1\u0dca\u0db1.\"", "\"abc_searchview_description_query\" : \"S\u00f8geforesp\u00f8rgsel\"", "\"mtrl_picker_invalid_range\" : \"Ogiltigt intervall.\"", "\"item_view_role_description\" : \"Cilne\"", "\"mtrl_picker_day_of_week_column_header\" : \"Columna de dies: %1$s\"", "\"common_google_play_services_notification_ticker\" : \"Erro do Google Play Services\"", "\"bottomsheet_action_expand_halfway\" : \"Rozwi\u0144 do po\u0142owy\"", "\"common_signin_button_text\" : \"\u0cb8\u0cc8\u0ca8\u0ccd \u0c87\u0ca8\u0ccd\"", "\"abc_search_hint\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\u2026\"", "\"material_minute_suffix\" : \"%1$s minutter\"", "\"bottomsheet_action_expand_halfway\" : \"Tam geni\u015fl\u0259ndirin\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043e \u0442\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"nav_app_bar_open_drawer_description\" : \"\u6253\u5f00\u62bd\u5c49\u5f0f\u5bfc\u822a\u680f\"", "\"mtrl_picker_invalid_format_use\" : \"\u0412\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438: %1$s\"", "\"mtrl_picker_invalid_range\" : \"Ugyldig omr\u00e5de.\"", "\"firebase_database_url\" : \"https://allsafe-8cef0.firebaseio.com\"", "\"material_timepicker_clock_mode_description\" : \"Vaihda ajan sy\u00f6tt\u00e4miseen kellotilassa.\"", "\"fallback_menu_item_copy_link\" : \"\u09b2\u09bf\u0982\u0995 \u09aa\u09cd\u09f0\u09a4\u09bf\u09b2\u09bf\u09aa\u09bf \u0995\u09f0\u0995\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3+\"", "\"item_view_role_description\" : \"\ud0ed\"", "basic_istream", "\"character_counter_overflowed_content_description\" : \"\u041f\u0440\u0435\u043a\u043e\u0440\u0430\u0447\u0435\u043d\u043e \u0458\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u045a\u0435 \u0431\u0440\u043e\u0458\u0430 \u0437\u043d\u0430\u043a\u043e\u0432\u0430: %1$d \u043e\u0434 %2$d\"", "\"abc_capital_off\" : \"MATI\"", "\"abc_menu_function_shortcut_label\" : \"\u0d2b\u0d02\u0d17\u0d4d\u0d37\u0d28\u0d4d\u200d+\"", "\"abc_action_bar_home_description\" : \"Navigate home\"", "\"fallback_menu_item_copy_link\" : \"Kopyahin ang link\"", "\"mtrl_picker_out_of_range\" : \"F\u0103r\u0103 acoperire: %1$s\"", "\"abc_capital_off\" : \"SL\u00d6KKT\"", "\"search_menu_title\" : \"Rechercher\"", "\"abc_searchview_description_submit\" : \"\u0625\u0631\u0633\u0627\u0644 \u0637\u0644\u0628 \u0627\u0644\u0628\u062d\u062b\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u0443\"", "\"common_google_play_services_enable_title\" : \"Virkja \u00fej\u00f3nustu Google Play\"", "\"material_hour_selection\" : \"Velg time\"", "\"material_timepicker_text_input_mode_description\" : \"\u0eaa\u0eb0\u0eab\u0ebc\u0eb1\u0e9a\u0ec4\u0e9b\u0ec3\u0e8a\u0ec9\u0ec2\u0edd\u0e94\u0e9b\u0ec9\u0ead\u0e99\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\u0eaa\u0eb3\u0ea5\u0eb1\u0e9a\u0e81\u0eb2\u0e99\u0e9b\u0ec9\u0ead\u0e99\u0ec0\u0ea7\u0ea5\u0eb2.\"", "\"abc_searchview_description_voice\" : \"B\u00fasqueda por voz\"", "\"mtrl_picker_announce_current_selection\" : \"Uneko hautapena: %1$s\"", "\"search_menu_title\" : \"Maghanap\"", "\"common_google_play_services_unsupported_text\" : \"%1$s non funzioner\u00e0 senza Google Play Services, non supportati dal tuo dispositivo.\"", "\"password_toggle_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0443\u0432\u0430\u0442\u0438 \u043f\u0430\u0440\u043e\u043b\u044c\"", "\"common_google_play_services_update_text\" : \"%1$s tidak akan berjalan jika layanan Google Play tidak diperbarui.\"", "\"material_timepicker_am\" : \"\u1796\u17d2\u179a\u17b9\u1780\"", "\"abc_menu_sym_shortcut_label\" : \"\u200eSym+\u200e\"", "\"mtrl_picker_date_header_unselected\" : \"Ausgew\u00e4hltes Datum\"", "\"common_signin_button_text\" : \"\u0b38\u0b3e\u0b07\u0b28\u0b4d\u200c-\u0b07\u0b28\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"P\u0159epnout na re\u017eim zad\u00e1v\u00e1n\u00ed do kalend\u00e1\u0159e\"", "\"mtrl_chip_close_icon_content_description\" : \"Uklonite %1$s\"", "\"mtrl_picker_invalid_range\" : \"Neplatn\u00fd rozsah.\"", "\"abc_search_hint\" : \"Cerca\u2026\"", "\"clear_text_end_icon_content_description\" : \"\u041e\u0447\u0438\u0441\u0442\u0438\u0442\u044c \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0435 \u043f\u043e\u043b\u0435\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u12eb\u1208Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1204\u12f5\u121d\u1363 \u12a5\u1290\u12da\u1205\u121d \u1260\u1218\u1223\u122a\u12eb\u12ce \u12a0\u12ed\u12f0\u1308\u1349\u121d\u1362\"", "\"mtrl_picker_a11y_prev_month\" : \"Pre\u0111ite na prethodni mesec\"", "\"fallback_menu_item_share_link\" : \"\u178f\u17c6\u178e\u1785\u17c2\u1780\u179a\u17c6\u179b\u17c2\u1780\"", "\"abc_capital_on\" : \"ACTIVADO\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"M\u00e1s de %1$d notificaciones nuevas\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Idethi yokuqala \u2013 %1$s\"", "\"exposed_dropdown_menu_content_description\" : \"Mostrar men\u00fa desplegable\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u092e\u093e\u0930\u094d\u092b\u0924 \u0906\u0926\u093e\u0928 \u092a\u094d\u0930\u0926\u093e\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_update_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u043c\u0430\u0439\u044b\u043d\u0447\u0430 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"character_counter_overflowed_content_description\" : \"Limite de carateres excedido: %1$d de %2$d\"", "\"abc_action_bar_up_description\" : \"Navigate up\"", "\"mtrl_chip_close_icon_content_description\" : \"Elimina\u021bi %1$s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u7ed3\u675f\u65e5\u671f\"", "\"abc_activitychooserview_choose_application\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e41\u0e2d\u0e1b\"", "\"mtrl_picker_a11y_prev_month\" : \"\u092a\u093f\u091b\u0932\u0947 \u092e\u0939\u0940\u0928\u0947 \u092a\u0930 \u091c\u093e\u090f\u0902\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u0645\u062f\u0649 \u062a\u0648\u0641\u0651\u0631 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"mtrl_picker_invalid_format_example\" : \"Beispiel: %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"\u092c\u094d\u0930\u093e\u0909\u091d\u0930\u092e\u0927\u094d\u092f\u0947 \u0909\u0918\u0921\u093e\"", "\"abc_menu_shift_shortcut_label\" : \"Skift\u00a0+\u00a0\"", "\"abc_action_bar_home_description\" : \"\u06af\u06be\u0631 \u06a9\u06cc \u0637\u0631\u0641 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_unknown_issue\" : \"%1$s menghadapi masalah berhubung perkhidmatan Google Play. Sila cuba lagi.\"", "\"material_minute_selection\" : \"Seleziona i minuti\"", "\"character_counter_overflowed_content_description\" : \"\u8d85\u51fa\u5b57\u5143\u9650\u5236 %1$d \u500b\u5b57\u5143 (\u4e0a\u9650 %2$d \u500b\u5b57\u5143)\"", "setFloatRegister", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0dc0\u0dc3\u0dbb\u0d9a\u0dca \u0dad\u0dda\u0dbb\u0dd3\u0db8\u0da7 \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0dd3\u0db8\u0da7 \u0dad\u0da7\u0dca\u0da7\u0dd4 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_range_header_title\" : \"Selecciona un periodo\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0410\u043b\u0434\u044b\u04a3\u0493\u044b \u0430\u0439\u0493\u0430 \u04e9\u0442\u0443\"", "\"common_google_play_services_update_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u0986\u09aa\u09a1\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_notification_channel_name\" : \"\u0eaa\u0eb0\u0e96\u0eb2\u0e99\u0eb0\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play\"", "\"material_timepicker_clock_mode_description\" : \"\u1794\u17d2\u178f\u17bc\u179a\u200b\u1791\u17c5\u200b\u1798\u17bb\u1781\u1784\u17b6\u179a\u200b\u1793\u17b6\u17a1\u17b7\u1780\u17b6\u200b\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb\u200b\u1780\u17b6\u179a\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u1798\u17c9\u17c4\u1784\u17d4\"", "\"common_signin_button_text_long\" : \"Iniciar sesi\u00f3n con Google\"", "\"common_google_play_services_update_title\" : \"\u10d2\u10d0\u10dc\u10d0\u10d0\u10ee\u10da\u10d4\u10d7 Google Play Services\"", "\"search_menu_title\" : \"Mekl\u0113t\"", "\"mtrl_picker_a11y_next_month\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u0570\u0561\u057b\u0578\u0580\u0564 \u0561\u0574\u056b\u057d\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u1014\u103e\u1005\u103a\u101b\u103d\u1031\u1038\u1001\u103b\u101a\u103a\u1001\u103c\u1004\u103a\u1038\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a \u1010\u102d\u102f\u1037\u1015\u102b\"", "N12_GLOBAL__N_116itanium_demangle10DeleteExprE", "\"abc_menu_space_shortcut_label\" : \"mezern\u00edk\"", "\"mtrl_picker_a11y_next_month\" : \"\ub2e4\uc74c \ub2ec\ub85c \ubcc0\uacbd\"", "\"common_google_play_services_install_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b4\u03b5\u03bd \u03bc\u03c0\u03bf\u03c1\u03b5\u03af \u03bd\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03bb\u03b5\u03af\u03c0\u03bf\u03c5\u03bd \u03b1\u03c0\u03cc \u03c4\u03b7 \u03c3\u03c5\u03c3\u03ba\u03b5\u03c5\u03ae \u03c3\u03b1\u03c2.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Byt till att v\u00e4lja en dag genom att trycka\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0d2e\u0d41\u0d2e\u0d4d\u0d2a\u0d24\u0d4d\u0d24\u0d46 \u0d2e\u0d3e\u0d38\u0d24\u0d4d\u0d24\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d4d\u0d31\u0d41\u0d15\"", "\"bottomsheet_action_expand_halfway\" : \"Yarmiga kengaytirish\"", "\"material_minute_selection\" : \"D\u0259qiq\u0259 se\u00e7in\"", "\"mtrl_picker_date_header_unselected\" : \"\u0418\u0437\u0431\u0440\u0430\u043d \u0434\u0430\u0442\u0443\u043c\"", "\"material_timepicker_minute\" : \"\u0ca8\u0cbf\u0cae\u0cbf\u0cb7\"", "\"abc_menu_meta_shortcut_label\" : \"Meta+\u200e\"", "\"mtrl_picker_save\" : \"Sa\u010duvaj\"", "\"material_timepicker_text_input_mode_description\" : \"\u5207\u6362\u5230\u6587\u5b57\u8f93\u5165\u6a21\u5f0f\u6765\u8f93\u5165\u65f6\u95f4\u3002\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Beigu datums\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u093e\"", "\"mtrl_picker_save\" : \"Londoloza\"", "\"fallback_menu_item_open_in_browser\" : \"\u0628\u0627\u0632\u06a9\u0631\u062f\u0646 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0916\u093e\u0932\u0940 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u0433\u0438 \u0441\u0438\u0442\u0435\"", "\"common_google_play_services_unknown_issue\" : \"Aplik\u00e1cia %1$s m\u00e1 probl\u00e9my so slu\u017ebami Google Play. Sk\u00faste to znova.\"", "\"material_clock_toggle_content_description\" : \"Vyberte AM alebo PM\"", "\"fallback_menu_item_open_in_browser\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e19\u0e40\u0e1a\u0e23\u0e32\u0e27\u0e4c\u0e40\u0e0b\u0e2d\u0e23\u0e4c\"", "\"mtrl_picker_announce_current_selection\" : \"Trenutni izbor: %1$s\"", "\"common_google_play_services_enable_text\" : \"%1$s Google Play xidm\u0259tl\u0259rini aktiv ed\u0259n\u0259 kimi i\u015fl\u0259m\u0259y\u0259c\u0259k.\"", "\"common_signin_button_text_long\" : \"Google\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u099b\u09be\u0987\u09a8 \u0987\u09a8 \u0995\u09f0\u0995\"", "\"mtrl_picker_a11y_next_month\" : \"Canvia al mes seg\u00fcent\"", "\"hide_bottom_view_on_scroll_behavior\" : \"com.google.android.material.behavior.HideBottomViewOnScrollBehavior\"", "\"character_counter_content_description\" : \"Zadan\u00e9 znaky: %1$d z\u00a0%2$d\"", "\"copy_toast_msg\" : \"Link in Zwischenablage kopiert\"", "\"mtrl_badge_numberless_content_description\" : \"N\u00fd tilkynning\"", "\"common_google_play_services_unsupported_text\" : \"\u0924\u0941\u092e\u091a\u0947 \u0921\u093f\u0935\u094d\u0939\u093e\u0907\u0938 \u0938\u092a\u094b\u0930\u094d\u091f \u0915\u0930\u0924 \u0928\u0938\u0932\u0947\u0932\u094d\u092f\u093e, Google Play \u0938\u0947\u0935\u093e\u0902\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"item_view_role_description\" : \"\u0c9f\u0ccd\u0caf\u0cbe\u0cac\u0ccd\"", "\"common_google_play_services_update_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas mis \u00e0 jour les services Google Play.\"", "\"abc_searchview_description_voice\" : \"\u03a6\u03c9\u03bd\u03b7\u03c4\u03b9\u03ba\u03ae \u03b1\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "\"common_google_play_services_enable_button\" : \"Nika amandla\"", "\"common_google_play_services_unknown_issue\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09a4 %1$s \u09a4 \u09b8\u09ae\u09b8\u09cd\u09af\u09be \u09b9\u09c8 \u0986\u099b\u09c7\u0964 \u0986\u0995\u09cc \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09f0\u0995\u0964\"", "\"mtrl_picker_range_header_title\" : \"Pilih Rentang\"", "\"common_signin_button_text\" : \"Hasi saioa\"", "\"mtrl_picker_announce_current_selection\" : \"Trenuta\u010dan odabir: %1$s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Beralih ke mode masukan kalender\"", "\"mtrl_picker_range_header_title\" : \"Valitse jakso\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Idethi yokuqala\"", "\"mtrl_picker_invalid_format\" : \"\u091a\u0941\u0915\u0940\u091a\u093e \u092b\u0949\u0930\u092e\u0945\u091f.\"", "\"material_minute_selection\" : \"Daqiqalarni tanlash\"", "\"mtrl_picker_date_header_title\" : \"V\u00e1lasszon d\u00e1tumot\"", "\"abc_search_hint\" : \"\u0ab6\u0acb\u0aa7\u0acb\u2026\"", "\"icon_content_description\" : \"Ikon for dialogboks\"", "\"mtrl_picker_range_header_unselected\" : \"Ng\u00e0y b\u1eaft \u0111\u1ea7u \u2013 Ng\u00e0y k\u1ebft th\u00fac\"", "\"material_minute_suffix\" : \"%1$s \u03bb\u03b5\u03c0\u03c4\u03ac\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e9 des services Google Play\"", "\"fallback_menu_item_share_link\" : \"Podijeli vezu\"", "\"abc_searchview_description_search\" : \"\u0425\u0430\u0439\u0445\"", "\"material_timepicker_minute\" : \"\u041c\u04af\u043d\u04e9\u0442\"", "\"password_toggle_content_description\" : \"Hi\u1ec3n th\u1ecb m\u1eadt kh\u1ea9u\"", "\"character_counter_pattern\" : \"%1$d/%2$d\"", "\"abc_shareactionprovider_share_with_application\" : \"Compartilhar com %s\"", "\"mtrl_picker_date_header_unselected\" : \"Ng\u00e0y \u0111\u00e3 ch\u1ecdn\"", "\"abc_search_hint\" : \"Suchen\u2026\"", "\"item_view_role_description\" : \"\u0546\u0565\u0580\u0564\u056b\u0580\"", "\"mtrl_picker_range_header_unselected\" : \"\u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03ad\u03bd\u03b1\u03c1\u03be\u03b7\u03c2 \u2013 \u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03bb\u03ae\u03be\u03b7\u03c2\"", "\"common_google_play_services_install_button\" : \"Qura\u015fd\u0131r\u0131n\"", "thread-local initialization routine for ", "N12_GLOBAL__N_116itanium_demangle8NameTypeE", "unsigned int", "\"common_google_play_services_update_title\" : \"Mettre \u00e0 jour les services Google\u00a0Play\"", "\"mtrl_picker_text_input_date_hint\" : \"Tarih\"", "\"common_google_play_services_install_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play\u060c \u0648\u0627\u0644\u062a\u064a \u0644\u0627 \u062a\u062a\u0648\u0641\u0631 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643.\"", "N12_GLOBAL__N_116itanium_demangle14ConversionExprE", "\"material_clock_toggle_content_description\" : \"AM \u092f\u093e PM \u091a\u0941\u0928\u0947\u0902\"", "\"character_counter_content_description\" : \"Caracteres inseridos: %1$d de %2$d\"", "\"icon_content_description\" : \"\u0417\u043d\u0430\u0447\u043e\u043a \u0434\u0438\u0430\u043b\u043e\u0433\u043e\u0432\u043e\u0433\u043e \u043e\u043a\u043d\u0430\"", "\"abc_capital_off\" : \"\u0391\u03a0\u0395\u039d\u0395\u03a1\u0393\u039f\u03a0\u039f\u0399\u0397\u03a3\u0397\"", "\"abc_toolbar_collapse_description\" : \"\u03a3\u03cd\u03bc\u03c0\u03c4\u03c5\u03be\u03b7\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u041a\u04af\u043d\u0434\u04e9\u0440 \u0442\u0438\u043b\u043a\u0435\u0441\u0438: %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"Megnyit\u00e1s b\u00f6ng\u00e9sz\u0151ben\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nie b\u0119dzie dzia\u0142a\u0107 bez Us\u0142ug Google Play, kt\u00f3re nie s\u0105 obecnie obs\u0142ugiwane przez urz\u0105dzenie.\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play \u0448\u0442\u043e \u0433\u0438 \u043d\u0435\u043c\u0430 \u043d\u0430 \u0443\u0440\u0435\u0434\u043e\u0442.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Trykk for \u00e5 bytte til \u00e5 velge \u00e5r\"", "\"mtrl_picker_invalid_format\" : \"\u0110\u1ecbnh d\u1ea1ng kh\u00f4ng h\u1ee3p l\u1ec7.\"", "\"material_clock_toggle_content_description\" : \"AM \u0b85\u0bb2\u0bcd\u0bb2\u0ba4\u0bc1 PM\u0bae\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95 \u0b89\u0ba4\u0bb5\u0bc1\u0bae\u0bcd\"", "\"abc_action_menu_overflow_description\" : \"\u0414\u0430\u0434\u0430\u0442\u043a\u043e\u0432\u044b\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b\"", "\"mtrl_picker_invalid_format\" : \"\u041d\u044f\u043f\u0440\u0430\u0432\u0456\u043b\u044c\u043d\u044b \u0444\u0430\u0440\u043c\u0430\u0442.\"", "\"common_google_play_services_enable_title\" : \"Dayakan perkhidmatan Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u0631\u0648\u0634 \u0648\u0631\u0648\u062f\u06cc \u062a\u0642\u0648\u06cc\u0645\"", "\"common_google_play_services_notification_channel_name\" : \"\u0394\u03b9\u03b1\u03b8\u03b5\u03c3\u03b9\u03bc\u03cc\u03c4\u03b7\u03c4\u03b1 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"abc_searchview_description_query\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200eSearch query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_activitychooserview_choose_application\" : \"Bir uygulama se\u00e7in\"", "\"material_timepicker_select_time\" : \"Select time\"", "\"mtrl_picker_navigate_to_year_description\" : \"Ugr\u00e1s ehhez az \u00e9vhez: %1$s\"", "\"mtrl_picker_range_header_unselected\" : \"Du (date de d\u00e9but) au (date de fin)\"", "\"abc_activity_chooser_view_see_all\" : \"\u0639\u0631\u0636 \u0627\u0644\u0643\u0644\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s: \u0935\u093e\u092a\u0930\u093e\"", "\"nav_app_bar_navigate_up_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u045e\u0432\u0435\u0440\u0445\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a40, \u0a1c\u0a4b \u0a24\u0a41\u0a39\u0a3e\u0a21\u0a47 \u0a21\u0a40\u0a35\u0a3e\u0a08\u0a38 \u0a24\u0a4b\u0a02 \u0a17\u0a41\u0a70\u0a2e \u0a39\u0a28\u0964\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Datum ukon\u010den\u00ed\"", "\"common_google_play_services_enable_text\" : \"%1$s aplikazioak ez du funtzionatuko Google Play zerbitzuak gaitzen ez badituzu.\"", "\"material_timepicker_hour\" : \"Saat\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0e21\u0e35\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e40\u0e01\u0e35\u0e48\u0e22\u0e27\u0e01\u0e31\u0e1a\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23\u0e02\u0e2d\u0e07 Google Play \u0e42\u0e1b\u0e23\u0e14\u0e25\u0e2d\u0e07\u0e2d\u0e35\u0e01\u0e04\u0e23\u0e31\u0e49\u0e07\"", "____Z", "\"common_signin_button_text\" : \"Accedi\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u12c8\u12f0 \u12d3\u1218\u1275 \u1218\u121d\u1228\u1325 \u1208\u1218\u1240\u12e8\u122d \u1218\u1273 \u12eb\u12f5\u122d\u1309\"", "\"fallback_menu_item_open_in_browser\" : \"\u0410\u0434\u043a\u0440\u044b\u0446\u044c \u0443 \u0431\u0440\u0430\u045e\u0437\u0435\u0440\u044b\"", "\"abc_searchview_description_query\" : \"B\u00fasqueda\"", "\"item_view_role_description\" : \"\u0c1f\u0c4d\u0c2f\u0c3e\u0c2c\u0c4d\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navegue para o ano %1$s\"", "\"mtrl_picker_invalid_range\" : \"Gam\u00eb e pavlefshme.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9\u0eab\u0eb2\u0e81\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u0ead\u0eb8\u0e9b\u0eb0\u0e81\u0ead\u0e99\u0e82\u0ead\u0e87\u0e97\u0ec8\u0eb2\u0e99\u0e9a\u0ecd\u0ec8\u0eae\u0ead\u0e87\u0eae\u0eb1\u0e9a.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Pieskarties, lai p\u0101rsl\u0113gtos uz dienas atlas\u012b\u0161anu\"", "\"search_menu_title\" : \"S\u00f6k\"", "\"mtrl_picker_save\" : \"\u0417\u0431\u0435\u0440\u0435\u0433\u0442\u0438\"", "\"abc_searchview_description_search\" : \"Rechercher\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"W\u0142\u0105cz kalendarzowy tryb wprowadzania\"", "\"common_google_play_services_enable_button\" : \"\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09b0\u09c1\u09a8\"", "\"abc_prepend_shortcut_label\" : \"Imenyu+\"", "\"common_google_play_services_unsupported_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini tidak disokong oleh peranti anda.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"D\u00e1tum za\u010datia \u2013 %1$s\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0ca6\u0cbf\"", "\"common_signin_button_text\" : \"\u0ea5\u0ebb\u0e87\u0e8a\u0eb7\u0ec8\u0ec0\u0e82\u0ebb\u0ec9\u0eb2\u0ec3\u0e8a\u0ec9\"", "\"abc_capital_on\" : \"\u0a1a\u0a3e\u0a32\u0a42\"", "\"abc_menu_delete_shortcut_label\" : \"odstr\u00e1ni\u0165\"", "\"exposed_dropdown_menu_content_description\" : \"S\u00fdna fellivalmynd\"", "\"bottomsheet_action_expand_halfway\" : \"\u0425\u0430\u0433\u0430\u0441 \u0434\u044d\u043b\u0433\u044d\u043d\u044d \u04af\u04af\"", "\"common_google_play_services_update_button\" : \"\u0416\u0430\u04a3\u044b\u0440\u0442\u0443\u0443\"", "\"mtrl_picker_invalid_range\" : \"\ub0a0\uc9dc \ubc94\uc704\uac00 \uc798\ubabb\ub418\uc5c8\uc2b5\ub2c8\ub2e4.\"", "\"abc_menu_function_shortcut_label\" : \"Funktsiooniklahv +\"", "\"common_google_play_services_updating_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0ab6\u0ab0\u0ac2 \u0aa5\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0ab5\u0ab0\u0acd\u0aa4\u0aae\u0abe\u0aa8\u0aae\u0abe\u0a82 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0aa5\u0a88 \u0ab0\u0ab9\u0ac0 \u0a9b\u0ac7.\"", "\"abc_action_menu_overflow_description\" : \"\u1270\u1328\u121b\u122a \u12a0\u121b\u122b\u132e\u127d\"", "\"mtrl_picker_invalid_format_example\" : \"\u0c89\u0ca6\u0cbe\u0cb9\u0cb0\u0ca3\u0cc6: %1$s\"", "\"mtrl_picker_range_header_title\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e0a\u0e48\u0e27\u0e07\"", "\"common_google_play_services_notification_ticker\" : \"\u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google\u00a0Play\"", "\"character_counter_overflowed_content_description\" : \"%2$d \u092a\u0948\u0915\u0940 %1$d \u0935\u0930\u094d\u0923\u092e\u0930\u094d\u092f\u093e\u0926\u093e \u0913\u0932\u093e\u0902\u0921\u0932\u0940 \u0906\u0939\u0947\"", "\"mtrl_picker_out_of_range\" : \"\u0425\u044f\u0437\u0433\u0430\u0430\u0440\u0430\u0430\u0441 \u0445\u044d\u0442\u044d\u0440\u0441\u044d\u043d: %1$s\"", "\"common_google_play_services_install_button\" : \"\u05d4\u05ea\u05e7\u05df\"", "\"common_open_on_phone\" : \"Vula kufoni\"", "\"bottomsheet_action_expand_halfway\" : \"\ubc18\ub9cc \ud3bc\uce58\uae30\"", "\"abc_searchview_description_voice\" : \"Gesproken zoekopdracht\"", "\"common_google_play_services_update_button\" : \"\u0416\u0430\u04a3\u0430\u0440\u0442\u0443\"", "\"mtrl_picker_date_header_unselected\" : \"Odabrani datum\"", "\"common_google_play_services_enable_title\" : \"\u0410\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"common_google_play_services_updating_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyek friss\u00edt\u00e9se folyamatban van.\"", "\"mtrl_picker_announce_current_selection\" : \"N\u00faverandi val: %1$s\"", "\"material_timepicker_hour\" : \"Timme\"", "\"common_open_on_phone\" : \"\u09ab\u09cb\u09a8\u09c7 \u0996\u09c1\u09b2\u09c1\u09a8\"", "\"mtrl_picker_a11y_prev_month\" : \"Lumipat sa nakaraang buwan\"", "\"nav_app_bar_open_drawer_description\" : \"Buka laci navigasi\"", "\"item_view_role_description\" : \"\u0420\u0430\u0437\u0434\u0435\u043b\"", "\"abc_action_bar_up_description\" : \"Revenir en arri\u00e8re\"", "\"abc_action_bar_home_description\" : \"\u041d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441 \u0443\u0440\u0443\u0443 \u0448\u0438\u043b\u0436\u0438\u0445\"", "\"material_hour_suffix\" : \"%1$s \u0446\u0430\u0433\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u041e\u043d \u0441\u043e\u043d\u0433\u043e\u0445 \u0440\u0443\u0443 \u0441\u044d\u043b\u0433\u044d\u0445\u0438\u0439\u043d \u0442\u0443\u043b\u0434 \u0442\u043e\u0432\u0448\u0438\u043d\u043e \u0443\u0443\"", "\"mtrl_badge_numberless_content_description\" : \"Nuova notifica\"", "\"fallback_menu_item_share_link\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435 \u043d\u0430 \u0432\u0440\u044a\u0437\u043a\u0430\u0442\u0430\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Kalo te modaliteti i \"Hyrjes s\u00eb kalendarit\"\"", "\"mtrl_picker_toggle_to_day_selection\" : \"I-tap para lumipat sa pagpili ng araw\"", "\"common_google_play_services_unsupported_text\" : \"%1$s fungerar inte utan Google Play-tj\u00e4nsterna, som inte st\u00f6ds p\u00e5 enheten.\"", "\"nav_app_bar_navigate_up_description\" : \"\u0bae\u0bc7\u0bb2\u0bc7 \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"abc_capital_on\" : \"\u0d13\u0d7a\"", "\"common_google_play_services_wear_update_text\" : \"La nouvelle version des services Google\u00a0Play est n\u00e9cessaire. Elle sera bient\u00f4t install\u00e9e automatiquement.\"", "\"abc_menu_shift_shortcut_label\" : \"Maius +\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Pi\u00f9 di %1$d nuove notifiche\"", "\"fallback_menu_item_copy_link\" : \"Nakili kiungo\"", "\"common_open_on_phone\" : \"\u0422\u0435\u043b\u0435\u0444\u043e\u043d\u0434\u043e \u0430\u0447\u044b\u043a\"", "N10__cxxabiv123__fundamental_type_infoE", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Amaiera-data\"", "\"mtrl_picker_date_header_unselected\" : \"Valittu p\u00e4iv\u00e4m\u00e4\u00e4r\u00e4\"", "\"exposed_dropdown_menu_content_description\" : \"\ub4dc\ub86d\ub2e4\uc6b4 \uba54\ub274 \ud45c\uc2dc\"", "\"abc_activity_chooser_view_see_all\" : \"Az \u00f6sszes megtekint\u00e9se\"", "\"mtrl_picker_a11y_prev_month\" : \"Vaheta eelmisele kuule\"", "\"mtrl_picker_announce_current_selection\" : \"Gjeldende valg: %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s istifad\u0259 edin\"", "\"material_timepicker_hour\" : \"\u1230\u12d3\u1275\"", "\"abc_searchview_description_submit\" : \"Submit query\"", "\"common_google_play_services_enable_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306f\u3001Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u6709\u52b9\u5316\u304c\u5fc5\u8981\u3067\u3059\u3002\"", "\"fallback_menu_item_open_in_browser\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200eOpen in browser\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_prepend_shortcut_label\" : \"\u0645\u0646\u0648+\"", "\"copy_toast_msg\" : \"\u041b\u0438\u043d\u043a \u0458\u0435 \u043a\u043e\u043f\u0438\u0440\u0430\u043d \u0443 \u043f\u0440\u0438\u0432\u0440\u0435\u043c\u0435\u043d\u0443 \u043c\u0435\u043c\u043e\u0440\u0438\u0458\u0443\"", "\"abc_searchview_description_search\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"fallback_menu_item_share_link\" : \"\u0932\u093f\u0902\u0915 \u0938\u0947\u092f\u0930 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_invalid_range\" : \"Neva\u017eec\u0301i period.\"", "\"abc_activitychooserview_choose_application\" : \"Ch\u1ecdn m\u1ed9t \u1ee9ng d\u1ee5ng\"", "\"material_timepicker_select_time\" : \"\u0ab8\u0aae\u0aaf \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_date_header_unselected\" : \"Geselecteerde datum\"", "\"common_google_play_services_update_text\" : \"Google Play xizmatlari yangilanmaguncha, %1$s ishga tushmaydi.\"", "\"abc_searchview_description_voice\" : \"Pesquisa por voz\"", "\"material_timepicker_pm\" : \"\u0db4\u0dc0\"", "\"common_google_play_services_update_text\" : \"\u0924\u0941\u092e\u094d\u0939\u0940 Google Play \u0938\u0947\u0935\u093e \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u092a\u0930\u094d\u092f\u0902\u0924 %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"common_google_play_services_install_button\" : \"Installera\"", "\"common_google_play_services_wear_update_text\" : \"Google Play zerbitzuen bertsio berria behar da. Berehala eguneratuko da automatikoki.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0ab8\u0aae\u0abe\u0aaa\u0acd\u0aa4\u0abf\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"icon_content_description\" : \"\u5c0d\u8a71\u6846\u5716\u793a\"", "\"common_open_on_phone\" : \"\u00c5bn p\u00e5 telefonen\"", "\"common_google_play_services_enable_button\" : \"\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09f0\u0995\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data di inizio - %1$s\"", "\"mtrl_picker_date_header_title\" : \"\u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"mtrl_chip_close_icon_content_description\" : \"Ukloni %1$s\"", "\"material_clock_toggle_content_description\" : \"AM \u12c8\u12ed\u121d PM \u12ed\u121d\u1228\u1321\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolonne for dager: %1$s\"", "\"common_google_play_services_updating_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0456 \u0437\u0430\u0440\u0430\u0437 \u043e\u043d\u043e\u0432\u043b\u044e\u044e\u0442\u044c\u0441\u044f.\"", "\"mtrl_picker_out_of_range\" : \"\u1793\u17c5\u1780\u17d2\u179a\u17c5\u200b\u1787\u17bd\u179a\u17d6 %1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0939\u091f\u093e\u090f\u0902\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0caa\u0ccd\u0cb0\u0cbe\u0cb0\u0c82\u0cad \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95 \u2013 %1$s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u062a\u0627\u0631\u064a\u062e \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621\"", "\"abc_toolbar_collapse_description\" : \"\u6536\u8d77\"", "\"error_icon_content_description\" : \"Virhe\"", "\"material_timepicker_minute\" : \"Minuto\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Toque para mudar para a sele\u00e7\u00e3o do dia\"", "\"abc_searchview_description_submit\" : \"L\u00e4het\u00e4 kysely\"", "\"mtrl_badge_numberless_content_description\" : \"Pemberitahuan baharu\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bbf\u0ba9\u0bcd \u0baa\u0bc1\u0ba4\u0bbf\u0baf \u0baa\u0ba4\u0bbf\u0baa\u0bcd\u0baa\u0bc1 \u0ba4\u0bc7\u0bb5\u0bc8. \u0b85\u0ba4\u0bc1 \u0bb5\u0bbf\u0bb0\u0bc8\u0bb5\u0bbf\u0bb2\u0bcd \u0ba4\u0bbe\u0ba9\u0bbe\u0b95\u0bb5\u0bc7 \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"material_timepicker_clock_mode_description\" : \"Chcete-li zadat \u010das, p\u0159epn\u011bte na re\u017eim hodin.\"", "\"mtrl_picker_out_of_range\" : \"\u0ea2\u0eb9\u0ec8\u0e99\u0ead\u0e81\u0e8a\u0ec8\u0ea7\u0e87\u0ea7\u0eb1\u0e99\u0e97\u0eb5: %1$s\"", "\"abc_capital_off\" : \"POIS P\u00c4\u00c4LT\u00c4\"", "\"material_timepicker_minute\" : \"\u12f0\u1242\u1243\"", "\"common_google_play_services_update_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"fallback_menu_item_copy_link\" : \"\u590d\u5236\u94fe\u63a5\"", "\"mtrl_picker_range_header_selected\" : \"%1$s\uff5e%2$s\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 %1$s \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u200d\u091a\u093e\u0932\u0928 \u0939\u0941\u0901\u0926\u0948\u0928, \u091c\u0941\u0928 \u0939\u093e\u0932 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u092d\u0907\u0930\u0939\u0947\u0915\u093e \u091b\u0928\u094d\u0964\"", "\"abc_search_hint\" : \"Cari\u2026\"", "\"fallback_menu_item_share_link\" : \"\u0d32\u0d3f\u0d19\u0d4d\u0d15\u0d4d \u0d2a\u0d19\u0d4d\u0d15\u0d3f\u0d1f\u0d41\u0d15\"", "\"abc_action_bar_home_description\" : \"\u700f\u89bd\u9996\u9801\"", "\"fallback_menu_item_share_link\" : \"Kongsi pautan\"", "\"abc_action_mode_done\" : \"Gata\"", "\"mtrl_picker_invalid_range\" : \"Raspon nije va\u017ee\u0107i.\"", "\"material_minute_selection\" : \"Pasirinkite minutes\"", "\"material_hour_suffix\" : \"\u0421\u0430\u0430\u0442 %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"\uc704\ub85c \uc774\ub3d9\"", "\"abc_searchview_description_query\" : \"Otsingup\u00e4ring\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u062e\u0637\u0627 \u062f\u0631 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0414\u0443\u0443\u0441\u0430\u0445 \u043e\u0433\u043d\u043e\u043e\"", "\"search_menu_title\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200eSearch\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"material_hour_selection\" : \"\u0918\u0902\u091f\u093e \u091a\u0941\u0928\u0947\u0902\"", "\"mtrl_picker_day_of_week_column_header\" : \"Column ng mga araw: %1$s\"", "\"abc_capital_off\" : \"\u092c\u0902\u0926\"", "\"common_signin_button_text\" : \"Inloggen\"", "\"abc_shareactionprovider_share_with\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200eShare with\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_searchview_description_voice\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\u0e14\u0e49\u0e27\u0e22\u0e40\u0e2a\u0e35\u0e22\u0e07\"", "\"common_google_play_services_install_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 d\u1ecbch v\u1ee5 c\u1ee7a Google Play. Thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n b\u1ecb thi\u1ebfu d\u1ecbch v\u1ee5 n\u00e0y.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0416\u044b\u043b \u0442\u0430\u043d\u0434\u043e\u043e \u04af\u0447\u04af\u043d \u0442\u0430\u043f\u0442\u0430\u043f \u043a\u043e\u044e\u04a3\u0443\u0437\"", "/Volumes/Android/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Unwind-EHABI.cpp", "\"material_timepicker_minute\" : \"\u0aae\u0abf\u0aa8\u0abf\u0a9f\"", "\"mtrl_picker_invalid_range\" : \"Virheellinen alue\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tocar para cambiar a selecci\u00f3n de ano\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043a\u043e\u043b\u0434\u043e\u043d\u043c\u043e\u0441\u0443 \u0441\u0438\u0437\u0434\u0438\u043d \u0442\u04af\u0437\u043c\u04e9\u0433\u04af\u04a3\u04af\u0437\u0434\u04e9 \u043a\u043e\u043b\u0434\u043e\u043e\u0433\u043e \u0430\u043b\u044b\u043d\u0431\u0430\u0433\u0430\u043d Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u0431\u043e\u043b\u0431\u043e\u0441\u043e \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Datum zavr\u0161etka\"", "\"common_google_play_services_install_button\" : \"\u0627\u0646\u0633\u0679\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"abc_searchview_description_clear\" : \"Garbitu kontsulta\"", "\"mtrl_badge_numberless_content_description\" : \"Nova obavijest\"", "\"mtrl_picker_range_header_title\" : \"\u0c2a\u0c30\u0c3f\u0c27\u0c3f\u0c28\u0c3f \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u9808\u555f\u7528 Google Play \u670d\u52d9\uff0c\u624d\u80fd\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"mtrl_picker_range_header_title\" : \"\u0418\u0437\u0431\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u043f\u0435\u0440\u0438\u043e\u0434 \u043e\u0442 \u0432\u0440\u0435\u043c\u0435\"", "\"abc_activity_chooser_view_see_all\" : \"\u0d0e\u0d32\u0d4d\u0d32\u0d3e\u0d02 \u0d15\u0d3e\u0d23\u0d41\u0d15\"", "\"mtrl_picker_day_of_week_column_header\" : \"Stolpec dni: %1$s\"", "\"common_google_play_services_install_text\" : \"%1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie zainstalujesz na urz\u0105dzeniu Us\u0142ug Google Play.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u039a\u03bf\u03b9\u03bd\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c3\u03c4\u03b7\u03bd \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %s\"", "\"abc_action_bar_up_description\" : \"Mag-navigate pataas\"", "\"abc_menu_space_shortcut_label\" : \"\u041f\u0440\u043e\u0431\u0435\u043b\"", "\"abc_capital_on\" : \"ACTIVAR\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435\u045b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0441\u0430\u0442\u0438 \u0430\u043a\u043e \u043d\u0435 \u043e\u043c\u043e\u0433\u0443\u045b\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435.\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0ba8\u0bbe\"", "\"abc_searchview_description_voice\" : \"H\u00e4\u00e4lotsing\"", "\"material_timepicker_text_input_mode_description\" : \"\u0938\u092e\u092f \u0907\u0928\u092a\u0941\u091f \u0917\u0930\u094d\u0928 \u092a\u093e\u0920 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u092e\u093e \u0938\u094d\u0935\u093f\u091a \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u0964\"", "\"material_clock_toggle_content_description\" : \"G\u00fcnd\u00fcz v\u0259 ya ax\u015fam se\u00e7in\"", "\"common_google_play_services_enable_title\" : \"Activer les services Google Play\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u0628\u0631\u0646\u0627\u0645\u0647\"", "\"material_timepicker_select_time\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u0447\u0430\u0441\"", "\"app_name\" : \"Allsafe\"", "dynamic_cast", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Overschakelen naar tekstinvoermodus\"", "\"error_icon_content_description\" : \"Iphutha\"", "\"material_timepicker_clock_mode_description\" : \"Zaman giri\u015fi i\u00e7in saat moduna ge\u00e7in.\"", "N12_GLOBAL__N_116itanium_demangle19SizeofParamPackExprE", "\"clear_text_end_icon_content_description\" : \"Brisanje teksta\"", "signed char", "\"material_hour_suffix\" : \"%1$s \u0a35\u0a1c\u0a47\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0a26\u0a3f\u0a28\u0a3e\u0a02 \u0a26\u0a3e \u0a15\u0a3e\u0a32\u0a2e: %1$s\"", "\"mtrl_badge_numberless_content_description\" : \"\u0627\u0639\u0644\u0627\u0646 \u062c\u062f\u06cc\u062f\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0423\u0434\u0430\u043b\u0438\u0442\u044c\u00a0\"%1$s\"\"", "\"fallback_menu_item_open_in_browser\" : \"Otvori u pregleda\u010du\"", "\"abc_searchview_description_submit\" : \"Po\u0161iljanje poizvedbe\"", "\"mtrl_badge_numberless_content_description\" : \"Notificaci\u00f3 nova\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Hasiera-data \u2013 %1$s\"", "\"common_signin_button_text_long\" : \"\u4f7f\u7528 Google \u5e33\u6236\u767b\u5165\"", "\"error_icon_content_description\" : \"\u0924\u094d\u0930\u0941\u091f\u093f\"", "\"common_open_on_phone\" : \"Telefonda ochish\"", "\"bottomsheet_action_expand_halfway\" : \"Espandi a met\u00e0\"", "\"mtrl_picker_day_of_week_column_header\" : \"D\u00e1lkur me\u00f0 d\u00f6gum: %1$s\"", "\"icon_content_description\" : \"Ikona dial\u00f3gov\u00e9ho okna\"", "\"mtrl_picker_save\" : \"\u0630\u062e\u06cc\u0631\u0647\"", "\"material_minute_selection\" : \"Valitse minuutit\"", "\"character_counter_content_description\" : \"Caract\u00e8res saisis %1$d sur\u00a0%2$d\"", "\"bottomsheet_action_expand_halfway\" : \"\u130d\u121b\u123d \u1218\u1295\u1308\u12f5 \u12d8\u122d\u130b\"", "\"abc_action_menu_overflow_description\" : \"\u0b05\u0b27\u0b3f\u0b15 \u0b2c\u0b3f\u0b15\u0b33\u0b4d\u0b2a\"", "\"abc_action_bar_home_description\" : \"Idi na po\u010detnu\"", "\"fallback_menu_item_share_link\" : \"\u0645\u0634\u0627\u0631\u0643\u0629 \u0627\u0644\u0631\u0627\u0628\u0637\"", "\"exposed_dropdown_menu_content_description\" : \"Pastga ochiluvchi menyuni ochish\"", "\"mtrl_picker_out_of_range\" : \"\u0418\u0437\u0432\u0430\u043d \u043f\u0435\u0440\u0438\u043e\u0434\u0430: %1$s\"", "\"common_google_play_services_enable_button\" : \"\u0423\u043a\u043b\u044e\u0447\u044b\u0446\u044c\"", "\"common_google_play_services_enable_text\" : \"Aplikacija %1$s ne bo delovala, \u010de ne omogo\u010dite storitev Google Play.\"", "\"mtrl_picker_invalid_format\" : \"Invalid format.\"", "\"abc_searchview_description_query\" : \"Vyh\u013ead\u00e1vac\u00ed dopyt\"", "\"abc_menu_enter_shortcut_label\" : \"intro\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Perjungti \u012f teksto \u012fvesties re\u017eim\u0105\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Switch to text input mode\"", "\"material_minute_selection\" : \"Selecione os minutos\"", "\"password_toggle_content_description\" : \"\u09aa\u09be\u09b8\u0993\u09df\u09be\u09b0\u09cd\u09a1 \u09a6\u09c7\u0996\u09be\u09a8\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a26\u0a47 \u0a28\u0a35\u0a3e\u0a02 \u0a38\u0a70\u0a38\u0a15\u0a30\u0a28 \u0a26\u0a40 \u0a32\u0a4b\u0a5c \u0a39\u0a48\u0964 \u0a07\u0a39 \u0a1b\u0a47\u0a24\u0a40 \u0a39\u0a40 \u0a38\u0a35\u0a48\u0a1a\u0a32\u0a3f\u0a24 \u0a24\u0a4c\u0a30 '\u0a24\u0a47 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a47\u0a17\u0a3e\u0964\"", "\"mtrl_picker_range_header_title\" : \"Seleziona intervallo\"", "\"common_google_play_services_wear_update_text\" : \"\u0391\u03c0\u03b1\u03b9\u03c4\u03b5\u03af\u03c4\u03b1\u03b9 \u03bd\u03ad\u03b1 \u03ad\u03ba\u03b4\u03bf\u03c3\u03b7 \u03c4\u03c9\u03bd \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play. \u0398\u03b1 \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03c9\u03b8\u03b5\u03af \u03c3\u03cd\u03bd\u03c4\u03bf\u03bc\u03b1.\"", "\"fallback_menu_item_open_in_browser\" : \"\u00c5bn i browser\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0410\u044f\u049b\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456\"", "\"bottomsheet_action_expand_halfway\" : \"\u0d85\u0da9\u0d9a\u0dca \u0daf\u0dd2\u0d9c \u0dc4\u0dbb\u0dd2\u0db1\u0dca\u0db1\"", "\"mtrl_picker_save\" : \"\u0938\u0947\u0935 \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0540\u057a\u0565\u0584\u055d \u0585\u0580\u057e\u0561 \u0568\u0576\u057f\u0578\u0582\u0569\u0575\u0561\u0576\u0576 \u0561\u0576\u0581\u0576\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580\"", " complex", "\"mtrl_picker_invalid_format_use\" : \"Utilize: %1$s\"", "\"mtrl_picker_announce_current_selection\" : \"Joriy tanlov: %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"Apri nel browser\"", "\"abc_searchview_description_voice\" : \"Ovozli qidiruv\"", "\"material_minute_selection\" : \"Selecionar minutos\"", "\"material_timepicker_select_time\" : \"Zaman\u0131 se\u00e7in\"", "\"common_google_play_services_wear_update_text\" : \"Neces\u00edtase a nova versi\u00f3n dos servizos de Google Play. Actualizarase en breve.\"", "\"material_timepicker_clock_mode_description\" : \"\u6642\u523b\u3092\u6642\u8a08\u3067\u5165\u529b\u3059\u308b\u30e2\u30fc\u30c9\u306b\u5207\u308a\u66ff\u3048\u307e\u3059\u3002\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u062a\u0627\u0631\u06cc\u062e \u0634\u0631\u0648\u0639 \u2013 %1$s\"", "\"abc_searchview_description_voice\" : \"\u8bed\u97f3\u641c\u7d22\"", "\"icon_content_description\" : \"\u0646\u0645\u0627\u062f \u06a9\u0627\u062f\u0631 \u06af\u0641\u062a\u06af\u0648\"", "\"abc_searchview_description_clear\" : \"\u041e\u0431\u0440\u0438\u0448\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"abc_toolbar_collapse_description\" : \"Skupi\"", "\"icon_content_description\" : \"Muloqot ikonkasi\"", "\"common_google_play_services_wear_update_text\" : \"\u178f\u1798\u17d2\u179a\u17bc\u179c\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8\u1793\u17c3\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4 \u179c\u17b6\u1793\u17b9\u1784\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u178a\u17c4\u1799\u1781\u17d2\u179b\u17bd\u1793\u179c\u17b6\u1793\u17c5\u1796\u17c1\u179b\u1794\u1793\u17d2\u178f\u17b7\u1785\u1791\u17c0\u178f\u1793\u17c1\u17c7\u17d4\"", "\"abc_action_menu_overflow_description\" : \"\u66f4\u591a\u9009\u9879\"", "\"material_minute_selection\" : \"\u0395\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03bb\u03b5\u03c0\u03c4\u03ce\u03bd\"", "operator ", "\"mtrl_picker_invalid_range\" : \"\u05d8\u05d5\u05d5\u05d7 \u05dc\u05d0 \u05d7\u05d5\u05e7\u05d9.\"", "\"abc_action_bar_up_description\" : \"\u0d2e\u0d41\u0d15\u0d33\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2a\u0d4b\u0d35\u0d41\u0d15\"", "St12domain_error", "\"mtrl_picker_announce_current_selection\" : \"Kasalukuyang seleksyon: %1$s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Slutdatum\"", "\"mtrl_picker_invalid_format_use\" : \"Folosi\u021bi: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0421\u0442\u043e\u043b\u0431\u0435\u0446 \u0441\u043e \u0434\u043d\u044f\u043c\u0438 \u043d\u0435\u0434\u0435\u043b\u0438: %1$s\"", "\"clear_text_end_icon_content_description\" : \"\u041e\u0431\u0440\u0438\u0448\u0438 \u0442\u0435\u043a\u0441\u0442\"", "\"mtrl_picker_date_header_title\" : \"Izaberite datum\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\uc2dc\uc791\uc77c\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u65e5\u671f\u6b04\uff1a%1$s\"", "\"common_google_play_services_notification_channel_name\" : \"\u0b95\u0bbf\u0b9f\u0bc8\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd\"", "\"abc_searchview_description_query\" : \"Zapytanie\"", "\"abc_menu_delete_shortcut_label\" : \"borrar\"", "\"common_google_play_services_install_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyek hi\u00e1nyoznak az eszk\u00f6zr\u0151l.\"", "\"nav_app_bar_open_drawer_description\" : \"\u30ca\u30d3\u30b2\u30fc\u30b7\u30e7\u30f3 \u30c9\u30ed\u30ef\u30fc\u3092\u958b\u304f\"", "\"mtrl_picker_save\" : \"\u0425\u0430\u0434\u0433\u0430\u043b\u0430\u0445\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 p\u00e4\u00e4ttymisp\u00e4iv\u00e4\"", "\"item_view_role_description\" : \"\u091f\u094d\u092f\u093e\u092c\"", "\"abc_shareactionprovider_share_with\" : \"\u015eununla payla\u015f:\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0c30\u0c4b\u0c1c\u0c41\u0c32 \u0c28\u0c3f\u0c32\u0c41\u0c35\u0c41 \u0c35\u0c30\u0c41\u0c38: %1$s\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ima pote\u0161ko\u0107a s uslugama Google Playa. Poku\u0161ajte ponovo.\"", "\"exposed_dropdown_menu_content_description\" : \"\u0410\u0448\u044b\u043b\u043c\u0430\u043b\u044b \u043c\u04d9\u0437\u0456\u0440\u0434\u0456 \u043a\u04e9\u0440\u0441\u0435\u0442\u0443\"", "\"common_google_play_services_enable_button\" : \"Washa\"", "\"abc_search_hint\" : \"K\u00ebrko\u2026\"", "\"material_timepicker_clock_mode_description\" : \"\u041f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u043d\u0430 \u0440\u044d\u0436\u044b\u043c \u0433\u0430\u0434\u0437\u0456\u043d\u043d\u0456\u043a\u0430 \u043f\u0440\u044b \u045e\u0432\u043e\u0434\u0437\u0435 \u0447\u0430\u0441\u0443.\"", "\"common_signin_button_text_long\" : \"Fazer login com o Google\"", "\"mtrl_picker_range_header_title\" : \"Pilih Julat\"", "\"common_google_play_services_wear_update_text\" : \"Toleo jipya la huduma za Google Play linahitajika. Litajisasisha baada ya muda mfupi.\"", "N10__cxxabiv116__shim_type_infoE", "\"mtrl_picker_toggle_to_year_selection\" : \"\u00ddttu til a\u00f0 skipta yfir \u00ed a\u00f0 velja \u00e1r\"", "\"fallback_menu_item_share_link\" : \"\u0932\u093f\u0902\u0915 \u0936\u0947\u092f\u0930 \u0915\u0930\u0947\u0902\"", "\"character_counter_content_description\" : \"%2$d\u099f\u09bf\u09b0 \u09ae\u09a7\u09cd\u09af\u09c7 %1$d\u099f\u09bf \u0985\u0995\u09cd\u09b7\u09b0 \u09b2\u09c7\u0996\u09be \u09b9\u09df\u09c7\u099b\u09c7\"", "\"abc_menu_space_shortcut_label\" : \"mellomrom\"", "N12_GLOBAL__N_116itanium_demangle16StdQualifiedNameE", "\"abc_searchview_description_submit\" : \"Dien navraag in\"", "\"mtrl_picker_range_header_selected\" : \"%1$s~%2$s\"", "\"common_google_play_services_notification_ticker\" : \"Eroare a serviciilor Google Play\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0531\u057e\u0561\u0580\u057f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u12c8\u12f0 \u12e8\u1240\u1295 \u1218\u1241\u1320\u122a\u12eb \u130d\u1264\u1275 \u1201\u1290\u1273 \u1240\u12ed\u122d\"", "\"common_google_play_services_install_title\" : \"Pobierz Us\u0142ugi Google Play\"", "\"material_timepicker_select_time\" : \"Veldu t\u00edma\"", "\"material_timepicker_text_input_mode_description\" : \"\u041f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0435\u0442\u0435 \u043a\u044a\u043c \u0440\u0435\u0436\u0438\u043c\u0430 \u0437\u0430 \u0432\u044a\u0432\u0435\u0436\u0434\u0430\u043d\u0435 \u043d\u0430 \u0442\u0435\u043a\u0441\u0442, \u0437\u0430 \u0434\u0430 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0447\u0430\u0441\u0430.\"", "\"mtrl_picker_text_input_date_hint\" : \"Tanggal\"", "\"common_google_play_services_update_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas mis \u00e0 jour les services Google\u00a0Play.\"", "\"material_timepicker_clock_mode_description\" : \"Beralih ke mode jam untuk masukan waktu.\"", "\"material_timepicker_select_time\" : \"\u05d1\u05d7\u05e8 \u05e9\u05e2\u05d4\"", "\"abc_action_mode_done\" : \"Haz\u0131rd\u0131r\"", "operator-=", "\"material_timepicker_text_input_mode_description\" : \"\uc2dc\uac04 \uc785\ub825\uc744 \uc704\ud574 \ud14d\uc2a4\ud2b8 \uc785\ub825 \ubaa8\ub4dc\ub85c \uc804\ud658\ud569\ub2c8\ub2e4.\"", "\"abc_search_hint\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200eSearch\u2026\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"material_minute_selection\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e19\u0e32\u0e17\u0e35\"", "\"common_google_play_services_install_title\" : \"Obt\u00e9n Serveis de Google Play\"", "\"abc_searchview_description_query\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u179f\u17c6\u178e\u17bd\u179a\u200b\"", "\"abc_action_mode_done\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200eDone\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_navigate_to_year_description\" : \"Naviger til \u00e5r %1$s\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u200d\u0935\u0947\u0930\u0940 \u0939\u091f\u093e\u090f\u0902\"", "\"abc_shareactionprovider_share_with\" : \"Kongsi dengan\"", "\"abc_action_menu_overflow_description\" : \"Flere alternativer\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u043a\u0440\u0430\u0439\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"abc_searchview_description_clear\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u09be \u09aa\u09cd\u09f0\u09b6\u09cd\u09a8 \u09ae\u099a\u0995\"", "\"path_password_eye\" : \"M12,4.5C7,4.5 2.73,7.61 1,12c1.73,4.39 6,7.5 11,7.5s9.27,-3.11 11,-7.5c-1.73,-4.39 -6,-7.5 -11,-7.5zM12,17c-2.76,0 -5,-2.24 -5,-5s2.24,-5 5,-5 5,2.24 5,5 -2.24,5 -5,5zM12,9c-1.66,0 -3,1.34 -3,3s1.34,3 3,3 3,-1.34 3,-3 -1.34,-3 -3,-3z\"", "\"mtrl_picker_invalid_format\" : \"\u5f62\u5f0f\u304c\u7121\u52b9\u3067\u3059\u3002\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Passer au mode d'entr\u00e9e Texte\"", "\"abc_action_menu_overflow_description\" : \"Dig\u0259r se\u00e7iml\u0259r\"", "\"fallback_menu_item_share_link\" : \"Partekatu esteka\"", "\"common_google_play_services_install_text\" : \"%1$s non se executar\u00e1 se o teu dispositivo non ten instalados os servizos de Google Play.\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0456\u0431\u043d\u0430 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0441\u0456\u044f \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play. \u0412\u043e\u043d\u0438 \u043d\u0435\u0432\u0434\u043e\u0432\u0437\u0456 \u043e\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.\"", "\"common_signin_button_text_long\" : \"Mag-sign in sa Google\"", "\"mtrl_picker_day_of_week_column_header\" : \"G\u00fcn s\u00fctunu: %1$s\"", "\"common_google_play_services_notification_channel_name\" : \"Upatikanaji wa huduma za Google Play\"", "\"abc_menu_delete_shortcut_label\" : \"L\u00f6schen\"", "\"common_google_play_services_unknown_issue\" : \"%1$s har problemer med Google Play-tjenester. Pr\u00f8v p\u00e5 nytt.\"", "\"mtrl_picker_range_header_title\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d \u0434\u0430\u0442\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\uff5e\u7d42\u4e86\u65e5\"", "\"common_google_play_services_install_button\" : \"\u0987\u09a8\u09b7\u09cd\u099f\u09b2 \u0995\u09f0\u0995\"", "\"mtrl_picker_invalid_format\" : \"Ongeldige indeling.\"", "\"fallback_menu_item_copy_link\" : \"\u0391\u03bd\u03c4\u03b9\u03b3\u03c1\u03b1\u03c6\u03ae \u03c3\u03c5\u03bd\u03b4\u03ad\u03c3\u03bc\u03bf\u03c5\"", "\"common_signin_button_text\" : \"Meld aan\"", "\"mtrl_badge_numberless_content_description\" : \"\u0aa8\u0ab5\u0ac1\u0a82 \u0aa8\u0acb\u0a9f\u0abf\u0aab\u0abf\u0a95\u0ac7\u0ab6\u0aa8\"", "\"material_timepicker_pm\" : \"\u043f\u043f\"", "\"mtrl_picker_range_header_unselected\" : \"\u042d\u0445\u043b\u044d\u0445 \u043e\u0433\u043d\u043e\u043e \u2013 \u0414\u0443\u0443\u0441\u0430\u0445 \u043e\u0433\u043d\u043e\u043e\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0414\u043e\u0434\u0438\u0440\u043d\u0438\u0442\u0435 \u0434\u0430 \u0431\u0438\u0441\u0442\u0435 \u043f\u0440\u0435\u0448\u043b\u0438 \u043d\u0430 \u0438\u0437\u0431\u043e\u0440 \u0434\u0430\u043d\u0430\"", "\"abc_capital_on\" : \"ZAP.\"", "\"mtrl_picker_date_header_unselected\" : \"Valt datum\"", "\"mtrl_picker_out_of_range\" : \"Di luar rentang: %1$s\"", "\"abc_searchview_description_submit\" : \"Wy\u015blij zapytanie\"", "\"material_timepicker_hour\" : \"\u0413\u0430\u0434\u0437\u0456\u043d\u0430\"", "\"copy_toast_msg\" : \"\u039f \u03c3\u03cd\u03bd\u03b4\u03b5\u03c3\u03bc\u03bf\u03c2 \u03b1\u03bd\u03c4\u03b9\u03b3\u03c1\u03ac\u03c6\u03b7\u03ba\u03b5 \u03c3\u03c4\u03bf \u03c0\u03c1\u03cc\u03c7\u03b5\u03b9\u03c1\u03bf\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tik om oor te skakel na die kies van 'n jaar\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u1780\u17b6\u179a\u1787\u17bc\u1793\u178a\u17c6\u178e\u17b9\u1784\u200b\u1790\u17d2\u1798\u17b8\u17d7\u200b\u179b\u17be\u179f %1$d \u17a0\u17be\u1799\"", "\"common_google_play_services_enable_button\" : \"Etkinle\u015ftir\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tik om naar jaarselectie te schakelen\"", "\"mtrl_picker_invalid_range\" : \"\u0905\u092e\u093e\u0928\u094d\u092f \u0926\u093e\u092f\u0930\u093e\u0964\"", "\"common_signin_button_text\" : \"\u041a\u0438\u0440\u04af\u04af\"", "\"abc_searchview_description_voice\" : \"Tales\u00f8gning\"", "St13runtime_error", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - data de finalitzaci\u00f3\"", "\"clear_text_end_icon_content_description\" : \"Text l\u00f6schen\"", "\"fallback_menu_item_copy_link\" : \"\u0421\u0456\u043b\u0442\u0435\u043c\u0435\u043d\u0456 \u043a\u04e9\u0448\u0456\u0440\u0443\"", "\"mtrl_picker_date_header_unselected\" : \"\u101b\u103d\u1031\u1038\u1011\u102c\u1038\u101e\u100a\u1037\u103a \u101b\u1000\u103a\u1005\u103d\u1032\"", "\"exposed_dropdown_menu_content_description\" : \"\u0688\u0631\u0627\u067e \u0688\u0627\u0624\u0646 \u0645\u06cc\u0646\u0648 \u062f\u06a9\u06be\u0627\u0626\u06cc\u06ba\"", "\"abc_capital_on\" : \"\u958b\u555f\"", "\"abc_searchview_description_search\" : \"Ie\u0161koti\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e9 des services Google\u00a0Play\"", "\"mtrl_picker_a11y_next_month\" : \"\u05de\u05e2\u05d1\u05e8 \u05dc\u05d7\u05d5\u05d3\u05e9 \u05d4\u05d1\u05d0\"", "\"material_hour_selection\" : \"\u0421\u0430\u0493\u0430\u0442\u0442\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"fallback_menu_item_copy_link\" : \"Ba\u011flant\u0131y\u0131 kopyala\"", "\"mtrl_picker_announce_current_selection\" : \"\u0d28\u0d3f\u0d32\u0d35\u0d3f\u0d7d \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d24\u0d4d\u0d24\u0d24\u0d4d: %1$s\"", "\"material_timepicker_hour\" : \"\u0e0a\u0e31\u0e48\u0e27\u0e42\u0e21\u0e07\"", "\"nav_app_bar_navigate_up_description\" : \"Navigera upp\u00e5t\"", "\"mtrl_picker_date_header_unselected\" : \"\u05d4\u05ea\u05d0\u05e8\u05d9\u05da \u05d4\u05e0\u05d1\u05d7\u05e8\"", "\"abc_shareactionprovider_share_with\" : \"\u0987\u09af\u09bc\u09be\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u09b6\u09cd\u09ac\u09c7\u09af\u09bc\u09be\u09f0 \u0995\u09f0\u0995\"", "\"bottomsheet_action_expand_halfway\" : \"Raz\u0161irjanje na pol vi\u0161ine\"", "\"character_counter_content_description\" : \"\u1005\u102c\u101c\u102f\u1036\u1038\u101b\u1031 %2$d \u1010\u103d\u1004\u103a %1$d \u1011\u100a\u103a\u1037\u101e\u103d\u1004\u103a\u1038\u1011\u102c\u1038\u101e\u100a\u103a\"", "operator,", "\"mtrl_picker_date_header_title\" : \"\u8acb\u9078\u64c7\u65e5\u671f\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0b95\u0bc7\u0bb2\u0bc6\u0ba3\u0bcd\u0b9f\u0bb0\u0bcd \u0b89\u0bb3\u0bcd\u0bb3\u0bc0\u0b9f\u0bcd\u0b9f\u0bc1 \u0bae\u0bc1\u0bb1\u0bc8\u0b95\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"material_minute_suffix\" : \"%1$s min\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0412\u044b\u0434\u0430\u043b\u0456\u0446\u044c %1$s\"", "\"mtrl_badge_numberless_content_description\" : \"\u0546\u0578\u0580 \u056e\u0561\u0576\u0578\u0582\u0581\u0578\u0582\u0574\"", "\"fallback_menu_item_copy_link\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200eCopy link\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 nh\u1eadp l\u1ecbch\"", "\"common_google_play_services_enable_title\" : \"Google Play xizmatlarini yoqish\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+\"", "\"abc_menu_function_shortcut_label\" : \"Funtzioa +\"", "\"abc_searchview_description_submit\" : \"Wasilisha hoja\"", "\"abc_searchview_description_submit\" : \"\u0410\u0434\u043f\u0440\u0430\u0432\u0456\u0446\u044c \u0437\u0430\u043f\u044b\u0442\"", "\"abc_searchview_description_search\" : \"Cari\"", "\"material_hour_suffix\" : \"\u0627\u0644\u0633\u0627\u0639\u0629 %1$s\"", "\"mtrl_picker_text_input_date_hint\" : \"Date\"", "\"mtrl_picker_announce_current_selection\" : \"Uteuzi wa sasa: %1$s\"", "\"abc_searchview_description_search\" : \"\u0a16\u0a4b\u0a1c\"", "\"fallback_menu_item_open_in_browser\" : \"\u092c\u094d\u0930\u093e\u0909\u091c\u0930\u092e\u093e \u0916\u094b\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"nav_app_bar_open_drawer_description\" : \"\u0646\u06cc\u0648\u06cc\u06af\u06cc\u0634\u0646 \u062f\u0631\u0627\u0632 \u06a9\u06be\u0648\u0644\u06cc\u06ba\"", "\"common_google_play_services_update_text\" : \"Rakenduse %1$s t\u00f6\u00f6tamiseks peate v\u00e4rskendama Google Play teenuseid.\"", "\"material_minute_selection\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u043c\u0438\u043d\u0443\u0442\u0435\"", "\"mtrl_picker_date_header_title\" : \"Pilih Tanggal\"", "\"abc_searchview_description_search\" : \"\u0916\u094b\u091c\u0947\u0902\"", "\"common_google_play_services_updating_text\" : \"%1$s kan ikke k\u00f8re uden Google Play-tjenester, som i \u00f8jeblikket opdateres.\"", "\"abc_searchview_description_submit\" : \"\u0410\u0441\u0443\u0443\u043b\u0433\u0430 \u0438\u043b\u0433\u044d\u044d\u0445\"", "\"abc_action_mode_done\" : \"Xong\"", "\"mtrl_picker_text_input_date_hint\" : \"Kuup\u00e4ev\"", "\"common_google_play_services_update_button\" : \"\u12eb\u12d8\u121d\u1291\"", "\"clear_text_end_icon_content_description\" : \"I\u0161valyti tekst\u0105\"", "\"mtrl_picker_a11y_next_month\" : \"\u0905\u0930\u094d\u0915\u094b \u092e\u0939\u093f\u0928\u093e\u092e\u093e \u0938\u093e\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"icon_content_description\" : \"\u00cdcono de di\u00e1logo\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Novih obave\u0161tenja: vi\u0161e od %1$d\"", "\"common_signin_button_text\" : \"\u041d\u0430\u0458\u0430\u0432\u0438 \u0441\u0435\"", "\"mtrl_picker_text_input_year_abbr\" : \"j\"", "\"common_google_play_services_install_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be, \u09af\u09be \u0986\u09aa\u09a8\u09be\u09b0 \u09a1\u09bf\u09ad\u09be\u0987\u09b8\u09c7 \u0985\u09a8\u09c1\u09aa\u09b8\u09cd\u09a5\u09bf\u09a4\u0964\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolom hari: %1$s\"", "\"mtrl_picker_text_input_month_abbr\" : \"o\"", "\"mtrl_picker_a11y_next_month\" : \"Prijelaz na sljede\u0107i mjesec\"", "\"mtrl_picker_text_input_month_abbr\" : \"ay\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u04af\u0433\u0434\u0438\u0439\u0433 \u0445\u0430\u0440\u0430\u0445\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Hizmetleri hatas\u0131\"", "\"abc_capital_on\" : \"B\u1eacT\"", "\"abc_menu_space_shortcut_label\" : \"bo\u015fluk\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Einddatum\"", "operator delete[]", "\"mtrl_picker_a11y_next_month\" : \"\u0414\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0441\u0430\u0440 \u043b\u0443\u0443 \u04e9\u04e9\u0440\u0447\u043b\u04e9\u0445\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0440\u043e\u043c\u0435\u043d\u0438 \u043d\u0430 \u043f\u0440\u0435\u0442\u0445\u043e\u0434\u043d\u0438\u043e\u0442 \u043c\u0435\u0441\u0435\u0446\"", "\"abc_capital_off\" : \"\u0625\u064a\u0642\u0627\u0641\"", "\"error_icon_content_description\" : \"\u30a8\u30e9\u30fc\"", "\"abc_capital_on\" : \"\u0c06\u0c28\u0c4d\"", "\"material_timepicker_text_input_mode_description\" : \"Chcete-li zadat \u010das, p\u0159epn\u011bte na re\u017eim textu.\"", "\"material_minute_suffix\" : \"%1$s \u0ca8\u0cbf\u0cae\u0cbf\u0cb7\u0c97\u0cb3\u0cc1\"", "\"common_google_play_services_enable_button\" : \"\u05d4\u05e4\u05e2\u05dc\"", "\"common_open_on_phone\" : \"\uc2a4\ub9c8\ud2b8\ud3f0\uc5d0\uc11c \uc5f4\uae30\"", "std::string", "\"abc_searchview_description_voice\" : \"Ukusesha ngezwi\"", "\"character_counter_content_description\" : \"%2$d-\u043d %1$d \u0442\u044d\u043c\u0434\u044d\u0433\u0442\u0438\u0439\u0433 \u043e\u0440\u0443\u0443\u043b\u0441\u0430\u043d\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0ea7\u0eb1\u0e99\u0e97\u0eb5\"", "\"abc_activitychooserview_choose_application\" : \"\u041a\u043e\u043b\u0434\u043e\u043d\u043c\u043e \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"character_counter_overflowed_content_description\" : \"T\u00e4hem\u00e4rgipiirang on \u00fcletatud: %1$d/%2$d\"", "\"common_google_play_services_wear_update_text\" : \"\u5fc5\u987b\u4f7f\u7528\u65b0\u7248 Google Play \u670d\u52a1\u3002\u8be5\u670d\u52a1\u5f88\u5feb\u5c31\u4f1a\u81ea\u884c\u66f4\u65b0\u3002\"", "\"mtrl_picker_range_header_unselected\" : \"Data di inizio - Data di fine\"", "\"common_google_play_services_wear_update_text\" : \"Vajalik on Google Play teenuste uus versioon. See v\u00e4rskendab end peagi.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Yana %1$d dan ortiq bildirishnoma\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Taqvim kiritish rejimiga o\u02bbtish\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0e04\u0e2d\u0e25\u0e31\u0e21\u0e19\u0e4c\u0e02\u0e2d\u0e07\u0e27\u0e31\u0e19: %1$s\"", "\"abc_action_mode_done\" : \"\u06c1\u0648 \u06af\u06cc\u0627\"", "\"password_toggle_content_description\" : \"\u041f\u0430\u043a\u0430\u0437\u0430\u0446\u044c \u043f\u0430\u0440\u043e\u043b\u044c\"", "\"abc_action_bar_up_description\" : \"\u0989\u09aa\u09b0\u09c7 \u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0436\"", "\"material_timepicker_text_input_mode_description\" : \"Byt till textinmatningsl\u00e4get och ange tid.\"", "\"common_google_play_services_notification_ticker\" : \"Error sa Mga Serbisyo ng Google Play\"", "\"common_google_play_services_enable_text\" : \"\u0924\u0941\u092e\u094d\u0939\u0940 Google Play \u0938\u0947\u0935\u093e \u0938\u0915\u094d\u0937\u092e \u0915\u0947\u0932\u094d\u092f\u093e\u0936\u093f\u0935\u093e\u092f %1$s \u0939\u093e \u0905\u0945\u092a \u0915\u093e\u0930\u094d\u092f \u0915\u0930\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"mtrl_picker_range_header_unselected\" : \"\u0ba4\u0bca\u0b9f\u0b95\u0bcd\u0b95\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf - \u0bae\u0bc1\u0b9f\u0bbf\u0bb5\u0bc1\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf\"", "\"mtrl_picker_range_header_title\" : \"Valige vahemik\"", "\"character_counter_overflowed_content_description\" : \"\u0422\u0430\u04a3\u0431\u0430 \u0441\u0430\u043d\u044b \u0448\u0435\u0433\u0456\u043d\u0435\u043d \u0430\u0441\u0442\u044b: %1$d/%2$d\"", "\"abc_searchview_description_submit\" : \"Bidali kontsulta\"", "\"nav_app_bar_open_drawer_description\" : \"Zijmenu openen\"", "\"abc_searchview_description_clear\" : \"Obri\u0161i upit\"", "\"bottomsheet_action_expand_halfway\" : \"Yar\u0131m geni\u015flet\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"H\u01a1n %1$d th\u00f4ng b\u00e1o m\u1edbi\"", "\"clear_text_end_icon_content_description\" : \"Sula umbhalo\"", "\"abc_activity_chooser_view_see_all\" : \"Alle anzeigen\"", "\"mtrl_picker_text_input_day_abbr\" : \"k\"", "\"nav_app_bar_navigate_up_description\" : \"Joan gora\"", "\"material_timepicker_text_input_mode_description\" : \"Cambia ao modo de introduci\u00f3n de texto para introducir a hora.\"", "\"common_google_play_services_install_text\" : \"O %1$s n\u00e3o \u00e9 executado sem os Servi\u00e7os do Google Play, os quais est\u00e3o em falta no seu dispositivo.\"", "\"material_timepicker_am\" : \"PG\"", "\"mtrl_picker_invalid_range\" : \"\u0d05\u0d38\u0d3e\u0d27\u0d41\u0d35\u0d3e\u0d2f \u0d36\u0d4d\u0d30\u0d47\u0d23\u0d3f.\"", "\"clear_text_end_icon_content_description\" : \"M\u0259tni silin\"", "\"mtrl_picker_text_input_month_abbr\" : \"a\"", "\"mtrl_picker_range_header_title\" : \"\u064a\u064f\u0631\u062c\u0649 \u0627\u062e\u062a\u064a\u0627\u0631 \u0646\u0637\u0627\u0642 \u0632\u0645\u0646\u064a.\"", "\"material_timepicker_select_time\" : \"\u9009\u62e9\u65f6\u95f4\"", "\"common_google_play_services_enable_button\" : \"I-enable\"", "\"common_google_play_services_update_title\" : \"Atualizar servi\u00e7os do Google Play\"", "\"mtrl_chip_close_icon_content_description\" : \"Supprimer %1$s\"", "\"common_google_play_services_install_button\" : \"Namesti\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0905\u0928\u094d\u0924\u094d\u092f \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f\"", "\"character_counter_overflowed_content_description\" : \"Karakter s\u0131n\u0131r\u0131 a\u015f\u0131ld\u0131 %1$d / %2$d\"", "\"fallback_menu_item_copy_link\" : \"\u0428\u0438\u043b\u0442\u0435\u043c\u0435\u043d\u0438 \u043a\u04e9\u0447\u04af\u0440\u04af\u04af\"", "\"abc_action_bar_up_description\" : \"\u524d\u306b\u623b\u308b\"", "\"common_google_play_services_enable_title\" : \"\u200f\u062a\u0641\u0639\u064a\u0644 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"fallback_menu_item_copy_link\" : \"\u054a\u0561\u057f\u0573\u0565\u0576\u0565\u056c \u0570\u0572\u0578\u0582\u0574\u0568\"", "\"abc_searchview_description_clear\" : \"\u0627\u0633\u062a\u0641\u0633\u0627\u0631 \u0635\u0627\u0641 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_text_input_day_abbr\" : \"d\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u10e8\u10d4\u10d4\u10ee\u10d4\u10d7 \u10ec\u10da\u10d8\u10e1 \u10d0\u10e0\u10e9\u10d4\u10d5\u10d0\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d0\u10e0\u10d7\u10d0\u10d5\u10d0\u10d3\"", "\"abc_searchview_description_voice\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\u0e94\u0ec9\u0ea7\u0e8d\u0eaa\u0ebd\u0e87\"", "\"common_google_play_services_update_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f\"", "\"mtrl_picker_invalid_format_use\" : \"Utiliser %1$s\"", "\"abc_menu_space_shortcut_label\" : \"t\u00fchik\"", "\"abc_action_bar_up_description\" : \"G\u00e5 op\"", "\"abc_searchview_description_clear\" : \"Suchanfrage l\u00f6schen\"", "\"material_minute_selection\" : \"\u9078\u53d6\u5206\u9418\u6578\"", "\"character_counter_overflowed_content_description\" : \"\u041f\u0435\u0440\u0435\u0432\u0438\u0449\u0435\u043d\u043e \u043b\u0456\u043c\u0456\u0442 \u0441\u0438\u043c\u0432\u043e\u043b\u0456\u0432: %1$d \u0437 %2$d\"", "\"common_google_play_services_enable_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cc0\u0cb5\u0cc1 \u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0ca6 \u0cb9\u0cca\u0cb0\u0ca4\u0cc1 %1$s \u0c95\u0cbe\u0cb0\u0ccd\u0caf\u0ca8\u0cbf\u0cb0\u0ccd\u0cb5\u0cb9\u0cbf\u0cb8\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "N12_GLOBAL__N_116itanium_demangle8DtorNameE", "\"search_menu_title\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"common_google_play_services_unknown_issue\" : \"Rakendusel %1$s on probleeme Google Play teenustega. Proovige uuesti.\"", "\"material_timepicker_select_time\" : \"Vyberte \u010das\"", "\"mtrl_picker_a11y_prev_month\" : \"Ubah ke bulan sebelumnya\"", "\"material_hour_selection\" : \"\u1014\u102c\u101b\u102e \u101b\u103d\u1031\u1038\u101b\u1014\u103a\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 l\u00f5ppkuup\u00e4ev\"", "\"exposed_dropdown_menu_content_description\" : \"Vis rullemenuen\"", "N12_GLOBAL__N_116itanium_demangle10PrefixExprE", "\"character_counter_overflowed_content_description\" : \"Melebihi batas karakter %1$d dari %2$d\"", "N12_GLOBAL__N_116itanium_demangle24ForwardTemplateReferenceE", "\"abc_searchview_description_clear\" : \"Cancella query\"", "\"material_minute_selection\" : \"Minuten selecteren\"", "\"abc_searchview_description_query\" : \"\u0417\u0430\u044f\u0432\u043a\u0430 \u0437\u0430 \u0442\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u2013Fecha de finalizaci\u00f3n\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Zaidi ya arifa %1$d mpya\"", "\"common_google_play_services_install_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d28\u0d47\u0d1f\u0d41\u0d15\"", "\"abc_menu_space_shortcut_label\" : \"Leertaste\"", "\"mtrl_picker_invalid_format_example\" : \"Eksempel: %1$s\"", "\"abc_action_bar_up_description\" : \"Navegar para cima\"", "\"fallback_menu_item_share_link\" : \"Dijeli link\"", "\"mtrl_picker_invalid_range\" : \"Ongeldige reeks.\"", "allocator", "\"search_menu_title\" : \"\u0936\u094b\u0927\"", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0438\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"End date\"", "\"abc_action_bar_home_description\" : \"Liigu avalehele\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s\u0b90 \u0b85\u0b95\u0bb1\u0bcd\u0bb1\u0bc1\"", "\"abc_action_mode_done\" : \"Klaar\"", "\"common_google_play_services_updating_text\" : \"\u049a\u0430\u0437\u0456\u0440\u0433\u0456 \u0443\u0430\u049b\u044b\u0442\u0442\u0430 \u0436\u0430\u04a3\u0430\u0440\u0442\u044b\u043b\u044b\u043f \u0436\u0430\u0442\u049b\u0430\u043d Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0441\u0456\u0437 %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Begindatum \u2013 %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0633\u06a9\u06cc\u0691\u06cc\u06ba\"", "\"material_minute_suffix\" : \"%1$s\u00a0minutu\"", "\"abc_activity_chooser_view_see_all\" : \"\u0ec0\u0e9a\u0eb4\u0ec8\u0e87\u0e97\u0eb1\u0e87\u0edd\u0ebb\u0e94\"", "\"common_google_play_services_unknown_issue\" : \"%1$s is having trouble with Google Play services. Please try again.\"", "\"error_icon_content_description\" : \"K\u013c\u016bda\"", "\"mtrl_picker_save\" : \"\u0dc3\u0dd4\u0dbb\u0d9a\u0dd2\u0db1\u0dca\u0db1\"", "\"mtrl_picker_invalid_format_example\" : \"\u121d\u1233\u120c\u1366 %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Trokit p\u00ebr t\u00eb kaluar te zgjedhja e nj\u00eb dite\"", "\"mtrl_picker_out_of_range\" : \"Non compresa nell'intervallo: %1$s\"", "\"copy_toast_msg\" : \"\u0421\u0441\u044b\u043b\u043a\u0430 \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0431\u0443\u0444\u0435\u0440 \u043e\u0431\u043c\u0435\u043d\u0430.\"", "\"mtrl_picker_navigate_to_year_description\" : \"Naviguer vers l'ann\u00e9e %1$s\"", "\"common_google_play_services_install_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kwamasevisi we-Google Play, angekho kusukela kudivayisi yakho.\"", "\"mtrl_picker_date_header_unselected\" : \"Selected date\"", "\"abc_capital_on\" : \"IESL\u0112GT\"", "\"mtrl_picker_a11y_prev_month\" : \"Spremeni na prej\u0161nji mesec\"", "\"common_google_play_services_enable_title\" : \"Ativar o Google Play Services\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200eCtrl+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Y\u0131l se\u00e7meye ge\u00e7mek i\u00e7in dokunun\"", "\"abc_action_mode_done\" : \"\u0a39\u0a4b \u0a17\u0a3f\u0a06\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u057f\"", "virtual thunk to ", "\"mtrl_picker_range_header_title\" : \"V\u00e6lg interval\"", "\"abc_action_bar_up_description\" : \"\u179a\u17c6\u1780\u17b7\u179b\u17a1\u17be\u1784\u179b\u17be\"", "\"nav_app_bar_navigate_up_description\" : \"Naviger opp\"", "\"material_timepicker_select_time\" : \"\u0938\u092e\u092f \u091a\u0941\u0928\u0947\u0902\"", "\"bottomsheet_action_expand_halfway\" : \"\u1796\u1784\u17d2\u179a\u17b8\u1780\u200b\u1796\u17b6\u1780\u17cb\u1780\u178e\u17d2\u178a\u17b6\u179b\"", "\"nav_app_bar_open_drawer_description\" : \"\u041e\u0442\u0432\u043e\u0440\u0435\u0442\u0435 \u0458\u0430 \u0444\u0438\u043e\u043a\u0430\u0442\u0430 \u0437\u0430 \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0458\u0430\"", "\"mtrl_picker_range_header_unselected\" : \"\u12e8\u1218\u1300\u1218\u122a\u12eb \u1240\u1295 \u2013 \u12e8\u1218\u1328\u1228\u123b \u1240\u1295\"", "\"abc_action_mode_done\" : \"Kwenziwe\"", "\"abc_searchview_description_voice\" : \"Cerca per veu\"", "\"mtrl_picker_save\" : \"\u12a0\u1235\u1240\u121d\u1325\"", "\"material_clock_toggle_content_description\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 AM \u10d0\u10dc PM\"", "\"abc_capital_on\" : \"IMEWASHWA\"", "\"material_timepicker_text_input_mode_description\" : \"Canvia al mode d'introducci\u00f3 de text per introduir l'hora.\"", "\"mtrl_picker_date_header_unselected\" : \"\u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0ac7\u0ab2\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"abc_action_bar_home_description\" : \"\u041d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u043a\u0435 \u04e9\u0442\u0443\"", "\"mtrl_picker_date_header_title\" : \"Valitse p\u00e4iv\u00e4m\u00e4\u00e4r\u00e4\"", "\"common_google_play_services_enable_button\" : \"\u0418\u0448\u0442\u0435\u0442\u04af\u04af\"", "N12_GLOBAL__N_116itanium_demangle15ClosureTypeNameE", "\"common_google_play_services_updating_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje se trenutno a\u017euriraju.\"", "\"common_google_play_services_notification_ticker\" : \"Ralat perkhidmatan Google Play\"", "\"abc_capital_on\" : \"\u0423\u0412\u0406\u041c\u041a.\"", "\"common_google_play_services_install_title\" : \"In\u0161talova\u0165 slu\u017eby Google Play\"", "\"abc_searchview_description_voice\" : \"Carian suara\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0daf\u0dd2\u0db1 \u0dad\u0dd3\u0dbb\u0dd4\u0dc0: %1$s\"", "\"material_timepicker_pm\" : \"\u179b\u17d2\u1784\u17b6\u1785\"", "\"mtrl_picker_range_header_selected\" : \"%1$s-%2$s\"", "\"common_google_play_services_enable_button\" : \"\u1794\u17be\u1780\"", "\"common_open_on_phone\" : \"\u0641\u062a\u062d \u0639\u0644\u0649 \u0627\u0644\u0647\u0627\u062a\u0641\"", "\"password_toggle_content_description\" : \"Poka\u017c has\u0142o\"", "\"password_toggle_content_description\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0926\u093e\u0916\u0935\u093e\"", "\"abc_activity_chooser_view_see_all\" : \"\u0c05\u0c28\u0c4d\u0c28\u0c40 \u0c1a\u0c42\u0c21\u0c02\u0c21\u0c3f\"", "(Ljava/lang/String;)[B", "\"common_google_play_services_install_button\" : \"I-install\"", "\"material_hour_suffix\" : \"%1$s \u1230\u12d3\u1275\"", "\"common_google_play_services_enable_text\" : \"\u0986\u09aa\u09c1\u09a8\u09bf Google Play \u09b8\u09c7\u09f1\u09be\u09ac\u09cb\u09f0 \u09b8\u0995\u09cd\u09b7\u09ae \u09a8\u0995\u09f0\u09be\u09b2\u09c8\u0995\u09c7 %1$s\u098f \u0995\u09be\u09ae \u09a8\u0995\u09f0\u09bf\u09ac\u0964\"", "\"password_toggle_content_description\" : \"Wachtwoord weergeven\"", "\"fallback_menu_item_share_link\" : \"\u05dc\u05e9\u05d9\u05ea\u05d5\u05e3 \u05d4\u05e7\u05d9\u05e9\u05d5\u05e8\"", "\"material_timepicker_select_time\" : \"\u0dc0\u0dda\u0dbd\u0dcf\u0dc0 \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"In den Kalendereingabemodus wechseln\"", "\"common_open_on_phone\" : \"\u200b\u0ec0\u0e9b\u0eb5\u0e94\u200b\u0ec3\u0e99\u200b\u0ec2\u0e97\u200b\u0ea5\u0eb0\u200b\u0eaa\u0eb1\u0e9a\"", "\"material_clock_toggle_content_description\" : \"Wybierz: przed po\u0142udniem czy po po\u0142udniu\"", "\"abc_shareactionprovider_share_with\" : \"Jaa\u2026\"", "\"common_google_play_services_updating_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b\u0647\u0627 \u062d\u0627\u0644\u064a\u064b\u0627.\"", "N12_GLOBAL__N_116itanium_demangle10UUIDOfExprE", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Skift til input-tilstand for tekst\"", "\"mtrl_picker_invalid_range\" : \"\u0e0a\u0e48\u0e27\u0e07\u0e44\u0e21\u0e48\u0e16\u0e39\u0e01\u0e15\u0e49\u0e2d\u0e07\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0ec2\u0edd\u0e94\u0e9b\u0ec9\u0ead\u0e99\u0e82\u0ecd\u0ec9\u0ea1\u0eb9\u0e99\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\"", " [enable_if:", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Aldatu egutegiaren idazketa-metodora\"", "\"abc_searchview_description_query\" : \"Upit za pretra\u017eivanje\"", "\"abc_menu_alt_shortcut_label\" : \"Alt+\u200e\"", "\"mtrl_picker_invalid_format_use\" : \"\u05d9\u05e9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1\u05e4\u05d5\u05e8\u05de\u05d8: %1$s\"", "\"character_counter_content_description\" : \"%2$d \u0cb0\u0cb2\u0ccd\u0cb2\u0cbf %1$d \u0c85\u0c95\u0ccd\u0cb7\u0cb0\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cae\u0cc2\u0ca6\u0cbf\u0cb8\u0cb2\u0cbe\u0c97\u0cbf\u0ca6\u0cc6\"", "\"nav_app_bar_open_drawer_description\" : \"\u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u09b6\u09cd\u09ac\u09a8 \u09a1\u09cd\u09f0\u09f1\u09be\u09f0 \u0996\u09cb\u09b2\u0995\"", "\"status_bar_notification_info_overflow\" : \"\u096f\u096f\u096f+\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u1780\u17c6\u1796\u17bb\u1784\u1798\u17b6\u1793\u1794\u1789\u17d2\u17a0\u17b6\u1787\u17b6\u1798\u17bd\u1799\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u179a\u1794\u179f\u17cb Google Play \u17d4 \u179f\u17bc\u1798\u1796\u17d2\u1799\u17b6\u1799\u17b6\u1798\u1798\u17d2\u178f\u1784\u1791\u17c0\u178f\u1793\u17c5\u1796\u17c1\u179b\u1780\u17d2\u179a\u17c4\u1799\u17d4\"", "\"common_google_play_services_updating_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida praegu v\u00e4rskendatakse.\"", "\"common_google_play_services_update_button\" : \"\u66f4\u65b0\"", "\"copy_toast_msg\" : \"\u09b2\u09bf\u0982\u0995 \u0995\u09cd\u09b2\u09bf\u09aa\u09ac\u2019\u09f0\u09cd\u09a1\u09a4 \u09aa\u09cd\u09f0\u09a4\u09bf\u09b2\u09bf\u09aa\u09bf \u0995\u09f0\u09be \u09b9\u2019\u09b2\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u683c\u952e\"", "\"abc_searchview_description_query\" : \"\uac80\uc0c9\uc5b4\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data e fillimit\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0432\u0435\u0440\u0445\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"M\u0259tn daxiletm\u0259 rejimin\u0259 ke\u00e7in\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"P\u0159epnout na re\u017eim zad\u00e1v\u00e1n\u00ed textu\"", "terminating", "\"mtrl_picker_invalid_format_use\" : \"Gamitin: %1$s\"", "\"search_menu_title\" : \"S\u00f8g\"", "\"material_timepicker_text_input_mode_description\" : \"Laiko \u012fvest\u012f pateikti perjungus \u012f teksto \u012fvesties re\u017eim\u0105.\"", "\"abc_shareactionprovider_share_with\" : \"Yabelana no\"", "\"common_google_play_services_enable_title\" : \"Omogu\u0107ite Google Play usluge\"", "\"common_google_play_services_notification_channel_name\" : \"Availability ng serbisyo ng Google Play\"", "\"mtrl_picker_text_input_month_abbr\" : \"h\"", "\"copy_toast_msg\" : \"\u0b32\u0b3f\u0b19\u0b4d\u0b15\u0b15\u0b41\u00a0\u0b15\u0b4d\u0b32\u0b3f\u0b2a\u0b4d\u200d\u200d\u0b2c\u0b4b\u0b30\u0b4d\u0b21\u0b30\u0b47 \u0b15\u0b2a\u0b3f \u0b15\u0b30\u0b3e\u0b2f\u0b3e\u0b07\u0b1b\u0b3f\"", "\"abc_menu_space_shortcut_label\" : \"\u12ad\u134d\u1270\u1275\"", "\"fallback_menu_item_share_link\" : \"Ibahagi ang link\"", "\"abc_shareactionprovider_share_with\" : \"Compartir con\"", "\"material_hour_selection\" : \"Valige tund\"", "\"password_toggle_content_description\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u0458\u0430 \u043b\u043e\u0437\u0438\u043d\u043a\u0430\u0442\u0430\"", "\"abc_action_menu_overflow_description\" : \"T\u00f9y ch\u1ecdn kh\u00e1c\"", "\"abc_searchview_description_submit\" : \"\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"common_signin_button_text\" : \"Iniciar sess\u00e3o\"", "\"mtrl_picker_text_input_date_hint\" : \"\u062a\u0627\u0631\u06cc\u062e\"", "\"item_view_role_description\" : \"\u04e8\u0442\u043c\u04e9\u043a\"", "\"mtrl_exceed_max_badge_number_suffix\" : \"%1$d%2$s\"", "\"abc_menu_delete_shortcut_label\" : \"sil\"", "\"abc_searchview_description_submit\" : \"Enviar consulta\"", "\"nav_app_bar_navigate_up_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u057e\u0565\u0580\u0587\"", "\"material_clock_toggle_content_description\" : \"Select AM or PM\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija Google Play usluga. Uskoro \u0107e se a\u017eurirati.\"", "N10__cxxabiv117__array_type_infoE", "\"material_slider_range_end\" : \"Range end,\"", "\"abc_shareactionprovider_share_with_application\" : \"\u4f7f\u7528\u300c%s\u300d\u5206\u4eab\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Klepnut\u00edm p\u0159epnete na v\u00fdb\u011br dne\"", "operator*=", "\"material_timepicker_pm\" : \"NM.\"", "\"common_google_play_services_updating_text\" : \"%1$s, \u015fu anda g\u00fcncellenmekte olan Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz.\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Befejez\u00e9s d\u00e1tuma\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Byt till att v\u00e4lja ett \u00e5r genom att trycka\"", "\"error_icon_content_description\" : \"Produciuse un erro\"", "\"abc_menu_alt_shortcut_label\" : \"Alt+\"", "\"material_minute_selection\" : \"\u0645\u0646\u0679 \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"exposed_dropdown_menu_content_description\" : \"\u0aa1\u0acd\u0ab0\u0ac9\u0aaa\u0aa1\u0abe\u0a89\u0aa8 \u0aae\u0ac7\u0aa8\u0ac2 \u0aac\u0aa4\u0abe\u0ab5\u0acb\"", "\"clear_text_end_icon_content_description\" : \"\u0ea5\u0eb6\u0e9a\u0ea5\u0ec9\u0eb2\u0e87\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0414\u0430\u0442\u0443\u043c \u0437\u0430\u0432\u0440\u0448\u0435\u0442\u043a\u0430\"", "\"abc_searchview_description_query\" : \"Zoekopdracht\"", "\"fallback_menu_item_copy_link\" : \"\u8907\u88fd\u9023\u7d50\"", "\"material_timepicker_text_input_mode_description\" : \"\u5207\u63db\u81f3\u6587\u5b57\u8f38\u5165\u6a21\u5f0f\u5373\u53ef\u8f38\u5165\u6642\u9593\u3002\"", "\"abc_action_mode_done\" : \"Selesai\"", "\"status_bar_notification_info_overflow\" : \"\u1049\u1049\u1049+\"", "\"material_hour_suffix\" : \"%1$s-uur\"", "\"abc_activity_chooser_view_see_all\" : \"Kuva k\u00f5ik\"", "\"password_toggle_content_description\" : \"\u0d2a\u0d3e\u0d38\u0d4d\u200c\u0d35\u0d47\u0d21\u0d4d \u0d15\u0d3e\u0d23\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u101e\u1004\u1037\u103a\u1005\u1000\u103a\u1015\u1005\u1039\u1005\u100a\u103a\u1038\u1010\u103d\u1004\u103a \u1015\u1036\u1037\u1015\u102d\u102f\u1038\u1019\u1011\u102c\u1038\u101e\u100a\u1037\u103a\u1021\u1010\u103d\u1000\u103a \u104e\u1004\u103a\u1038\u1019\u101b\u103e\u102d\u1018\u1032 %1$s \u1000\u102d\u102f \u1016\u103d\u1004\u1037\u103a\u104d\u1019\u101b\u1015\u102b\u104b\"", "\"common_google_play_services_enable_button\" : \"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438\"", "operator/=", "\"common_google_play_services_unsupported_text\" : \"%1$s no es pot executar sense Serveis de Google Play, que no \u00e9s compatible amb el teu dispositiu.\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u043a\u0443\u043f\u0438\"", "\"material_clock_toggle_content_description\" : \"Selecta\u021bi ora\"", "\"nav_app_bar_open_drawer_description\" : \"\u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c37\u0c28\u0c4d \u0c21\u0c4d\u0c30\u0c3e\u0c2f\u0c30\u0c4d\u200c\u0c28\u0c41 \u0c24\u0c46\u0c30\u0c35\u0c02\u0c21\u0c3f\"", "\"item_view_role_description\" : \"Lap\"", "\"mtrl_picker_text_input_day_abbr\" : \"\uc77c\"", "\"abc_searchview_description_submit\" : \"G\u1eedi truy v\u1ea5n\"", "\"mtrl_picker_out_of_range\" : \"Mimo rozsahu: %1$s\"", "\"mtrl_picker_a11y_prev_month\" : \"Cambiar ao mes anterior\"", "\"abc_activity_chooser_view_see_all\" : \"Zobrazit v\u0161e\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s-\u0436\u044b\u043b\u0433\u0430 \u04e9\u0442\u04af\u04af\"", "\"mtrl_picker_date_header_title\" : \"Veldu dagsetningu\"", "\"common_google_play_services_install_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem vantar \u00ed t\u00e6ki\u00f0 \u00feitt.\"", "\"common_open_on_phone\" : \"Abrir en tel\u00e9fono\"", "\"abc_shareactionprovider_share_with_application\" : \"Deila me\u00f0 %s\"", "\"mtrl_picker_date_header_unselected\" : \"Fecha seleccionada\"", "\"abc_activitychooserview_choose_application\" : \"Velg en app\"", "\"bottomsheet_action_expand_halfway\" : \"\u0906\u0927\u093e \u0920\u0941\u0932\u094b \u092a\u093e\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_out_of_range\" : \"Izvan raspona: %1$s\"", "\"abc_menu_function_shortcut_label\" : \"Funksiya+\"", "\"abc_action_bar_home_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0438\u0440\u0430\u043d\u0435 \u043a\u044a\u043c \u043d\u0430\u0447\u0430\u043b\u043d\u0438\u044f \u0435\u043a\u0440\u0430\u043d\"", "\"common_google_play_services_install_button\" : \"\u5b89\u88dd\"", "\"abc_searchview_description_clear\" : \"\u0218terge\u021bi interogarea\"", "\"clear_text_end_icon_content_description\" : \"Matnni tozalash\"", "\"nav_app_bar_open_drawer_description\" : \"Navig\u00e1ci\u00f3s fi\u00f3k kinyit\u00e1sa\"", "\"material_minute_selection\" : \"Zvolte minuty\"", "\"common_google_play_services_update_title\" : \"Google Play teenuste v\u00e4rskendamine\"", "\"character_counter_content_description\" : \"%2$d\u0c32\u0c4b %1$d \u0c05\u0c15\u0c4d\u0c37\u0c30\u0c3e\u0c32\u0c41 \u0c28\u0c2e\u0c4b\u0c26\u0c41 \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c4d\u0c21\u0c3e\u0c2f\u0c3f\"", "\"mtrl_picker_invalid_format\" : \"\u09ad\u09c1\u09b2 \u09ab\u09b0\u09cd\u09ae\u09cd\u09af\u09be\u099f\u0964\"", "\"material_timepicker_minute\" : \"\u5206\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Yfir %1$d n\u00fdjar tilkynningar\"", "\"mtrl_picker_navigate_to_year_description\" : \"Odlazak na %1$s. godinu\"", "\"common_google_play_services_notification_ticker\" : \"\u0e02\u0e49\u0e2d\u0e1c\u0e34\u0e14\u0e1e\u0e25\u0e32\u0e14\u0e02\u0e2d\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Google Play zerbitzuen errorea\"", "N12_GLOBAL__N_116itanium_demangle10AbiTagAttrE", "operator--", "\"abc_searchview_description_query\" : \"Busca a consulta\"", "\"nav_app_bar_navigate_up_description\" : \"\u067e\u06cc\u0645\u0627\u06cc\u0634 \u0628\u0647 \u0628\u0627\u0644\u0627\"", "\"mtrl_picker_date_header_unselected\" : \"Valitud kuup\u00e4ev\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0456\u043b\u044c\u0448\u0435 \u043e\u043f\u0446\u0456\u0439\"", "\"abc_action_bar_up_description\" : \"Przejd\u017a wy\u017cej\"", "\"character_counter_overflowed_content_description\" : \"\u0985\u0995\u09cd\u09b7\u09b0\u09c7\u09b0 \u09b8\u09c0\u09ae\u09be %1$d \u098f\u09b0 %2$d \u0985\u09a4\u09bf\u0995\u09cd\u09b0\u09ae \u0995\u09b0\u09c7\u099b\u09c7\"", "\"material_timepicker_text_input_mode_description\" : \"\u0426\u0430\u0433\u0438\u0439\u0433 \u043e\u0440\u0443\u0443\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0442\u0435\u043a\u0441\u0442 \u043e\u0440\u0443\u0443\u043b\u0430\u0445 \u0433\u043e\u0440\u0438\u043c\u0434 \u0448\u0438\u043b\u0436\u04af\u04af\u043b\u043d\u044d \u04af\u04af.\"", "\"exposed_dropdown_menu_content_description\" : \"Bonisa imenyu yokudonsela phansi\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u88dd\u7f6e\u5c1a\u672a\u5b89\u88dd Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"material_hour_suffix\" : \"%1$s\u099f\u09be \u09ac\u09be\u099c\u09c7\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u092a\u0947\u0915\u094d\u0937\u093e \u0905\u0927\u093f\u0915 \u0928\u0935\u0940\u0928 \u0938\u0942\u091a\u0928\u093e\"", "\"abc_searchview_description_query\" : \"\u0395\u03c1\u03ce\u03c4\u03b7\u03bc\u03b1 \u03b1\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\u03c2\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0daf\u0ddd\u0dc2\u0dba\"", "\"material_timepicker_text_input_mode_description\" : \"\u0b38\u0b2e\u0b5f \u0b07\u0b28\u0b2a\u0b41\u0b1f\u0b4d\u200d \u0b2a\u0b3e\u0b07\u0b01 \u0b1f\u0b47\u0b15\u0b4d\u0b38\u0b1f\u0b4d\u200d \u0b07\u0b28\u0b2a\u0b41\u0b1f\u0b4d\u200c\u0b15\u0b41 \u0b2c\u0b26\u0b33\u0b3e\u0b28\u0b4d\u0b24\u0b41\u0964\"", "\"mtrl_picker_out_of_range\" : \"\u0100rpus diapazona: %1$s\"", "\"material_timepicker_select_time\" : \"\u0648\u0642\u062a \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0938\u0902\u092a\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl\u00a0+\"", "\"abc_searchview_description_clear\" : \"\u0410\u0441\u0443\u0443\u043b\u0433\u0430 \u0430\u0440\u0438\u043b\u0433\u0430\u0445\"", "\"abc_action_bar_up_description\" : \"\u0414\u044d\u044d\u0448 \u0448\u0438\u043b\u0436\u0438\u0445\"", "\"error_icon_content_description\" : \"Xato\"", "\"search_menu_title\" : \"Szukaj\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e %1$s \u0b1a\u0b3e\u0b32\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b2f\u0b47\u0b09\u0b01\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b30\u0b4d\u0b24\u0b4d\u0b24\u0b2e\u0b3e\u0b28 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b39\u0b47\u0b09\u0b1b\u0b3f\u0964\"", "\"mtrl_picker_range_header_title\" : \"\u8acb\u9078\u64c7\u7bc4\u570d\"", "\"character_counter_overflowed_content_description\" : \"%2$d\u099f\u09be\u09f0 \u09ad\u09bf\u09a4\u09f0\u09a4 %1$d\u099f\u09be \u09ac\u09f0\u09cd\u09a3\u09f0 \u09b8\u09c0\u09ae\u09be \u0985\u09a4\u09bf\u0995\u09cd\u09f0\u09ae \u0995\u09f0\u09bf\u099b\u09c7\"", "\"common_google_play_services_unsupported_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida teie seadmes ei toetata.\"", "\"abc_searchview_description_voice\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9 \u05e7\u05d5\u05dc\u05d9\"", "\"abc_capital_off\" : \"V\u00c4LJAS\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u0443\u0432\u0430\u045a\u0435\"", "\"fallback_menu_item_open_in_browser\" : \"\u0628\u0631\u0627\u0624\u0632\u0631 \u0645\u06cc\u06ba \u06a9\u06be\u0648\u0644\u06cc\u06ba\"", "\"abc_shareactionprovider_share_with\" : \"Deel met\"", "\"common_google_play_services_notification_channel_name\" : \"Ketersediaan perkhidmatan Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\u0b85\u0ba9\u0bc8\u0ba4\u0bcd\u0ba4\u0bc8\u0baf\u0bc1\u0bae\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\"", "\"abc_capital_off\" : \"\u09ac\u09a8\u09cd\u09a7 \u0986\u099b\u09c7\"", "\"character_counter_content_description\" : \"%1$d/%2$d simvol daxil edilib\"", "\"item_view_role_description\" : \"\u0e41\u0e17\u0e47\u0e1a\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e36\u0e48\u0e07\u0e01\u0e33\u0e25\u0e31\u0e07\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e2d\u0e22\u0e39\u0e48\u0e43\u0e19\u0e02\u0e13\u0e30\u0e19\u0e35\u0e49\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u0aa8\u0ac0 \u0ab8\u0abe\u0aa5\u0ac7 \u0ab6\u0ac7\u0ab0 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_save\" : \"\u0391\u03c0\u03bf\u03b8\u03ae\u03ba\u03b5\u03c5\u03c3\u03b7\"", "\"mtrl_picker_invalid_format_use\" : \"Ishlatish: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"Bendrinti su\"", "\"mtrl_picker_date_header_unselected\" : \"\u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u062f\u06c1 \u062a\u0627\u0631\u06cc\u062e\"", "\"abc_capital_off\" : \"\u0985\u09ab\"", "\"abc_activitychooserview_choose_application\" : \"Een app selecteren\"", "\"mtrl_picker_a11y_prev_month\" : \"Shintshela kunyanga edlule\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e36\u0e48\u0e07\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c\u0e02\u0e2d\u0e07\u0e04\u0e38\u0e13\u0e44\u0e21\u0e48\u0e2a\u0e19\u0e31\u0e1a\u0e2a\u0e19\u0e38\u0e19\"", "\"abc_searchview_description_submit\" : \"Env\u00eda a consulta\"", "\"mtrl_picker_range_header_unselected\" : \"Data d'inici - data de finalitzaci\u00f3\"", "\"password_toggle_content_description\" : \"\u049a\u04b1\u043f\u0438\u044f \u0441\u04e9\u0437\u0434\u0456 \u043a\u04e9\u0440\u0441\u0435\u0442\u0443\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u043d\u0430 \u043f\u0440\u0435\u0442\u0445\u043e\u0434\u043d\u0438 \u043c\u0435\u0441\u0435\u0446\"", "\"mtrl_picker_announce_current_selection\" : \"Zgjedhja aktuale: %1$s\"", "\"common_google_play_services_enable_button\" : \"Omogu\u0107i\"", "\"abc_search_hint\" : \"Rechercher\u2026\"", "N10__cxxabiv119__pointer_type_infoE", "\"common_signin_button_text\" : \"\u0412\u043e\u0439\u0442\u0438\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0d05\u0d35\u0d38\u0d3e\u0d28\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"common_google_play_services_enable_button\" : \"\u0395\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7\"", "\"common_google_play_services_updating_text\" : \"%1$s ei toimi ilman Google Play Palveluita, joita p\u00e4ivitet\u00e4\u00e4n t\u00e4ll\u00e4 hetkell\u00e4.\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u09b6\u09cd\u09ac\u09c7\u09af\u09bc\u09be\u09f0 \u0995\u09f0\u0995\"", "\"common_open_on_phone\" : \"Obre al tel\u00e8fon\"", "\"abc_action_bar_home_description\" : \"Navigeren naar startpositie\"", "\"common_google_play_services_install_text\" : \"%1$s ez da exekutatuko Google Play zerbitzurik gabe, baina ez dituzu gailuan.\"", "\"common_google_play_services_install_button\" : \"\u0938\u094d\u200d\u0925\u093e\u092a\u093f\u0924 \u0915\u0930\u093e\"", "\"clear_text_end_icon_content_description\" : \"Vee teks uit\"", "N12_GLOBAL__N_116itanium_demangle8CallExprE", "\"mtrl_picker_a11y_next_month\" : \"Passer au mois suivant\"", "\"error_icon_content_description\" : \"\u062e\u0637\u0623\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0b38\u0b39 \u0b38\u0b47\u0b5f\u0b3e\u0b30\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"password_toggle_content_description\" : \"\u0caa\u0cbe\u0cb8\u0ccd\u200c\u0cb5\u0cb0\u0ccd\u0ca1\u0ccd \u0ca4\u0ccb\u0cb0\u0cbf\u0cb8\u0cbf\"", "\"item_view_role_description\" : \"\u1010\u1018\u103a\"", "\"common_google_play_services_unsupported_text\" : \"%1$s kan ikke kj\u00f8re uten Google Play-tjenester, som ikke st\u00f8ttes av enheten din.\"", "\"fallback_menu_item_open_in_browser\" : \"Odpri v brskalniku\"", "\"abc_searchview_description_voice\" : \"\u0b95\u0bc1\u0bb0\u0bb2\u0bcd \u0ba4\u0bc7\u0b9f\u0bb2\u0bcd\"", "\"fallback_menu_item_copy_link\" : \"Copier le lien\"", "\"mtrl_badge_numberless_content_description\" : \"Notificaci\u00f3n nova\"", "\"common_google_play_services_update_button\" : \"\u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"search_menu_title\" : \"\uac80\uc0c9\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0414\u0430\u0442\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u044d\u043d\u043d\u044f\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e Google Play, t\u00eb cilat nuk mb\u00ebshteten nga pajisja jote.\"", "\"common_google_play_services_install_title\" : \"Google Play-services ophalen\"", "\"abc_searchview_description_clear\" : \"Esborra la consulta\"", "\"abc_menu_space_shortcut_label\" : \"\u0e8d\u0eb0\u0eab\u0ea7\u0ec8\u0eb2\u0e87\"", "\"abc_searchview_description_voice\" : \"\u1021\u101e\u1036\u1016\u103c\u1004\u1037\u103a \u101b\u103e\u102c\u101b\u1014\u103a\"", "\"mtrl_picker_range_header_title\" : \"Aral\u0131k Se\u00e7in\"", "\"mtrl_picker_range_header_title\" : \"Zgjidh gam\u00ebn\"", "\"common_google_play_services_update_text\" : \"%1$s kan inte k\u00f6ras om du inte uppdaterar Google Play-tj\u00e4nsterna.\"", "short", "\"abc_shareactionprovider_share_with\" : \"Shiriki na\"", "\"abc_searchview_description_submit\" : \"Iesniegt vaic\u0101jumu\"", "\"exposed_dropdown_menu_content_description\" : \"Afi\u0219a\u021bi meniul drop-down\"", "\"common_google_play_services_enable_button\" : \"\u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\"", "\"abc_shareactionprovider_share_with\" : \"\u0a07\u0a38 \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a02\u0a1d\u0a3e \u0a15\u0a30\u0a4b\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Plus de %1$d nouvelles notifications\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u30bf\u30c3\u30d7\u3059\u308b\u3068\u3001\u5e74\u306e\u9078\u629e\u306b\u5207\u308a\u66ff\u308f\u308a\u307e\u3059\"", "\"mtrl_picker_out_of_range\" : \"\u10d3\u10d8\u10d0\u10de\u10d0\u10d6\u10dd\u10dc\u10e1 \u10db\u10d8\u10e6\u10db\u10d0: %1$s\"", "\"material_timepicker_select_time\" : \"S\u00e9lectionner l'heure\"", "\"common_google_play_services_enable_text\" : \"Google Play hizmetlerini etkinle\u015ftirmezseniz %1$s \u00e7al\u0131\u015fmaz.\"", "\"mtrl_picker_announce_current_selection\" : \"\u03a4\u03c1\u03ad\u03c7\u03bf\u03c5\u03c3\u03b1 \u03b5\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae: %1$s\"", "\"abc_action_bar_up_description\" : \"\u0cae\u0cc7\u0cb2\u0c95\u0ccd\u0c95\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_capital_off\" : \"DESACTIVAR\"", "\"abc_searchview_description_clear\" : \"Pastro pyetjen\"", "\"material_timepicker_am\" : \"a.m.\"", "\"material_timepicker_clock_mode_description\" : \"Prebacite u na\u010din rada kao sat za unos vremena.\"", "\"common_google_play_services_enable_button\" : \"Ativar\"", "\"mtrl_picker_a11y_next_month\" : \"Mudar para o m\u00eas seguinte\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0932\u0947 \u0924\u092a\u093e\u0908\u0901\u0932\u0947 Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0938\u0915\u094d\u0937\u092e \u0928\u0917\u0930\u0947\u0938\u092e\u094d\u092e \u0915\u093e\u092e \u0917\u0930\u094d\u0926\u0948\u0928\u0964\"", "\"password_toggle_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0432\u0430\u043d\u0435 \u043d\u0430 \u043f\u0430\u0440\u043e\u043b\u0430\u0442\u0430\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u1005\u102c\u101e\u102c\u1038 \u1011\u100a\u103a\u1037\u101e\u103d\u1004\u103a\u1038\u1019\u103e\u102f\u1019\u102f\u1012\u103a\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u05d3\u05e8\u05d5\u05e9\u05d4 \u05d2\u05e8\u05e1\u05d4 \u05d7\u05d3\u05e9\u05d4 \u05e9\u05dc \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play. \u05d4\u05d2\u05e8\u05e1\u05d4 \u05ea\u05ea\u05e2\u05d3\u05db\u05df \u05d1\u05e2\u05e6\u05de\u05d4 \u05ea\u05d5\u05da \u05d6\u05de\u05df \u05e7\u05e6\u05e8.\"", "\"common_google_play_services_install_title\" : \"Preuzmite Google Play usluge\"", "\"fallback_menu_item_copy_link\" : \"Copiar v\u00ednculo\"", "\"search_menu_title\" : \"Cari\"", "\"abc_searchview_description_voice\" : \"\u0414\u0430\u0443\u044b\u0441\u043f\u0435\u043d \u0456\u0437\u0434\u0435\u0443\"", "delete", "\"mtrl_picker_range_header_title\" : \"\u8bf7\u9009\u62e9\u8303\u56f4\"", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c\"", "\"mtrl_picker_range_header_unselected\" : \"Boshlanishi \u2013 Tugashi\"", "std::basic_istream >", "\"abc_searchview_description_search\" : \"\u041f\u043e\u0448\u0443\u043a\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u062a\u0627\u0631\u06cc\u062e \u0627\u062e\u062a\u062a\u0627\u0645\"", "\"mtrl_picker_range_header_title\" : \"Odaberite raspon\"", "\"common_google_play_services_install_button\" : \"\u041e\u0440\u043d\u043e\u0442\u0443\u0443\"", "\"fallback_menu_item_open_in_browser\" : \"Fungua katika kivinjari\"", "\"abc_searchview_description_clear\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1019\u103e\u102f\u1000\u102d\u102f \u1016\u101a\u103a\u101b\u103e\u102c\u1038\u101b\u1014\u103a\"", "\"material_timepicker_select_time\" : \"\u0938\u092e\u092f \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_badge_numberless_content_description\" : \"Nov\u00e9 ozn\u00e1men\u00ed\"", "\"abc_searchview_description_voice\" : \"Hlasov\u00e9 vyhled\u00e1v\u00e1n\u00ed\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u12f0\"", "\"abc_action_mode_done\" : \"OK\"", "\"abc_capital_on\" : \"\u0631\u0648\u0634\u0646\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0a24\u0a3e\u0a30\u0a40\u0a16\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0915\u093e\u0922\u0942\u0928 \u091f\u093e\u0915\u093e %1$s\"", "\"abc_searchview_description_clear\" : \"Zoekopdracht wissen\"", "\"mtrl_picker_range_header_title\" : \"\u0db4\u0dbb\u0dcf\u0dc3\u0dba \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_range_header_unselected\" : \"\u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0ec0\u0ea5\u0eb5\u0ec8\u0ea1\u0e95\u0ebb\u0ec9\u0e99 \u2013 \u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0eaa\u0eb4\u0ec9\u0e99\u0eaa\u0eb8\u0e94\"", "\"mtrl_picker_date_header_unselected\" : \"Valin dagsetning\"", "\"common_google_play_services_unsupported_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyeket eszk\u00f6ze nem t\u00e1mogat.\"", "\"material_minute_selection\" : \"\u0ba8\u0bbf\u0bae\u0bbf\u0b9f\u0ba4\u0bcd\u0ba4\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"material_hour_suffix\" : \"%1$s \u092c\u091c\u0947\"", "\"fallback_menu_item_copy_link\" : \"Kopiraj vezu\"", "\"abc_searchview_description_query\" : \"Axtar\u0131\u015f sor\u011fusu\"", "\"material_minute_selection\" : \"\u0db8\u0dd2\u0db1\u0dd2\u0dad\u0dca\u0dad\u0dd4 \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0561\u0575\u057d \u057a\u0561\u0570\u056b\u0576 \u0569\u0561\u0580\u0574\u0561\u0581\u057e\u0578\u0582\u0574 \u0565\u0576:\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0db1\u0dd2\u0db8\u0dcf \u0dc0\u0db1 \u0daf\u0dd2\u0db1\u0dba\"", " ... ", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d \u0c24\u0c47\u0c26\u0c40\"", "\"abc_searchview_description_query\" : \"Hakukysely\"", "(anonymous namespace)", "\"abc_toolbar_collapse_description\" : \"\u09b8\u0999\u09cd\u0995\u09c1\u099a\u09bf\u09a4 \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Mudar para o modo de introdu\u00e7\u00e3o de texto\"", "\"abc_activitychooserview_choose_application\" : \"Khetha insiza\"", "\"mtrl_picker_date_header_title\" : \"\u064a\u064f\u0631\u062c\u0649 \u0627\u062e\u062a\u064a\u0627\u0631 \u062a\u0627\u0631\u064a\u062e.\"", "operator+", "\"abc_capital_on\" : \"\u0423\u041a\u041b.\"", "\"abc_searchview_description_voice\" : \"\u0c35\u0c3e\u0c2f\u0c3f\u0c38\u0c4d \u0c36\u0c4b\u0c27\u0c28\"", "\"material_timepicker_hour\" : \"\u0998\u09a3\u09cd\u099f\u09be\"", "\"common_signin_button_text\" : \"\u30ed\u30b0\u30a4\u30f3\"", "\"common_google_play_services_install_button\" : \"Zainstaluj\"", "\"abc_searchview_description_clear\" : \"\u179f\u1798\u17d2\u17a2\u17b6\u178f\u200b\u179f\u17c6\u178e\u17bd\u179a\"", "\"mtrl_badge_numberless_content_description\" : \"New notification\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"D\u00e1tum za\u010datia\"", "\"mtrl_picker_date_header_unselected\" : \"\u091a\u092f\u0928 \u0917\u0930\u093f\u090f\u0915\u094b \u092e\u093f\u0924\u093f\"", "\"common_signin_button_text_long\" : \"Log masuk dengan Google\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 \u09a8\u099a\u09b2\u09c7, \u09af\u09bf\u09ac\u09cb\u09f0 \u0986\u09aa\u09cb\u09a8\u09be\u09f0 \u09a1\u09bf\u09ad\u09be\u0987\u099a\u09a4 \u099a\u09b2\u09bf\u09ac \u09a8\u09cb\u09f1\u09be\u09f0\u09c7\u0964\"", "\"abc_shareactionprovider_share_with_application\" : \"\u4e0e%s\u5206\u4eab\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0d86\u0dbb\u0db8\u0dca\u0db7\u0d9a \u0daf\u0dd2\u0db1\u0dba \u2013 %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041c\u04d9\u0442\u0456\u043d \u0435\u043d\u0433\u0456\u0437\u0443 \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0435 \u0430\u0443\u044b\u0441\u0443\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u041d\u0430\u0436\u043c\u0438\u0442\u0435, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0432\u044b\u0431\u043e\u0440\u0443 \u0433\u043e\u0434\u0430\"", "\"common_signin_button_text\" : \"Prijavi se\"", "\"common_google_play_services_unknown_issue\" : \"%1$s t\u00e9 problemes amb Serveis de Google Play. Torna-ho a provar.\"", "\"material_clock_toggle_content_description\" : \"Selecciona AM o PM\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0ea5\u0eb6\u0e9a %1$s \u0ead\u0ead\u0e81\"", "\"password_toggle_content_description\" : \"Passwort anzeigen\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0645\u0634\u0627\u0631\u0643\u0629 \u0645\u0639 %s\"", "\"nav_app_bar_open_drawer_description\" : \"\u0532\u0561\u0581\u0565\u056c \u0576\u0561\u057e\u0561\u0580\u056f\u0574\u0561\u0576 \u0564\u0561\u0580\u0561\u056f\u0568\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b \u049b\u04b1\u0440\u044b\u043b\u0493\u044b\u04a3\u044b\u0437\u0434\u0430 \u049b\u043e\u043b\u0434\u0430\u0443 \u043a\u04e9\u0440\u0441\u0435\u0442\u0456\u043b\u043c\u0435\u0439\u0442\u0456\u043d Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0456\u043d\u0441\u0456\u0437 \u0436\u04b1\u043c\u044b\u0441 \u0456\u0441\u0442\u0435\u043c\u0435\u0439\u0434\u0456.\"", "\"abc_searchview_description_voice\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u200b\u178f\u17b6\u1798\u200b\u179f\u17c6\u17a1\u17c1\u1784\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u092d\u0940 \u0926\u0947\u0916\u0947\u0902\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Lokadagur\"", "\"abc_searchview_description_search\" : \"\u0548\u0580\u0578\u0576\u0565\u056c\"", "\"common_google_play_services_install_button\" : \"\u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u1015\u102b\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0633\u0627\u0644 \u06a9\u0648 \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u0646\u06d2 \u06a9\u06d2 \u0644\u064a\u06d2 \u0633\u0648\u0626\u0686 \u067e\u0631 \u062a\u06be\u067e\u062a\u06be\u067e\u0627\u0626\u06cc\u06ba\"", "\"mtrl_picker_range_header_title\" : \"Hautatu barrutia\"", "\"material_timepicker_minute\" : \"\u041c\u0438\u043d\u0443\u0442\u0430\"", "\"material_timepicker_select_time\" : \"Uhrzeit ausw\u00e4hlen\"", "\"material_clock_toggle_content_description\" : \"Selecciona a.\u00a0m. o p.\u00a0m.\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u03bc\"", "\"mtrl_picker_navigate_to_year_description\" : \"Acc\u00e9der \u00e0 l'ann\u00e9e %1$s\"", "\"abc_action_menu_overflow_description\" : \"Yana\"", "\"material_timepicker_select_time\" : \"Valitse aika\"", "\"fallback_menu_item_share_link\" : \"Zdie\u013ea\u0165 odkaz\"", "\"character_counter_overflowed_content_description\" : \"\u03a5\u03c0\u03ad\u03c1\u03b2\u03b1\u03c3\u03b7 \u03bf\u03c1\u03af\u03bf\u03c5 \u03c7\u03b1\u03c1\u03b1\u03ba\u03c4\u03ae\u03c1\u03c9\u03bd %1$d \u03b1\u03c0\u03cc %2$d\"", "\"common_google_play_services_updating_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem veri\u00f0 er a\u00f0 uppf\u00e6ra.\"", "\"material_hour_suffix\" : \"%1$s in punto\"", "thread-local wrapper routine for ", "\"mtrl_picker_a11y_next_month\" : \"Skift til n\u00e6ste m\u00e5ned\"", "\"nav_app_bar_navigate_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0433\u043e\u0440\u0443\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u0438\u0448\u0442\u0435\u0448\u0438\"", "\"common_google_play_services_enable_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445\"", "\"material_timepicker_hour\" : \"Sat\"", "\"mtrl_badge_numberless_content_description\" : \"\u039d\u03ad\u03b1 \u03b5\u03b9\u03b4\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u0633\u0627\u0644 %1$s\"", "\"icon_content_description\" : \"Leihoko ikonoa\"", "\"common_google_play_services_unsupported_text\" : \"%1$s sal nie werk sonder Google Play Dienste nie, wat nie deur jou toestel gesteun word nie.\"", "\"common_google_play_services_update_button\" : \"\u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"abc_searchview_description_query\" : \"\u0c36\u0c4b\u0c27\u0c28 \u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\"", "\"mtrl_picker_out_of_range\" : \"\u4e0d\u5728\u5141\u8bb8\u7684\u8303\u56f4\u5185\uff1a%1$s\"", "\"common_google_play_services_update_text\" : \"Aplikacija %1$s ne\u0107e raditi ako ne a\u017eurirate Google Play usluge.\"", "\"copy_toast_msg\" : \"Ba\u011flant\u0131 panoya kopyaland\u0131\"", "\"mtrl_picker_invalid_format_example\" : \"\u0b89\u0ba4\u0bbe\u0bb0\u0ba3\u0bae\u0bcd: %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Di chuy\u1ec3n l\u00ean\"", "\"common_google_play_services_update_button\" : \"\u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_menu_space_shortcut_label\" : \"space\"", "\"abc_search_hint\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u0995\u2026\"", "\"mtrl_picker_text_input_date_hint\" : \"\u65e5\u671f\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n\u00a0+\"", "\"icon_content_description\" : \"\u0414\u0438\u0430\u043b\u043e\u0433 \u0441\u04af\u0440\u04e9\u0442\u0447\u04e9\u0441\u04af\"", "\"material_hour_selection\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e8a\u0ebb\u0ec8\u0ea7\u0ec2\u0ea1\u0e87\"", "\"copy_toast_msg\" : \"Linkki kopioitu leikep\u00f6yd\u00e4lle\"", "\"material_timepicker_text_input_mode_description\" : \"Beralih ke mod input teks untuk input masa.\"", "\"item_view_role_description\" : \"Tabulador\"", "\"nav_app_bar_navigate_up_description\" : \"Przejd\u017a wy\u017cej\"", "operator<", "\"abc_action_menu_overflow_description\" : \"\u0414\u0430\u0433\u044b \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440\"", "\"item_view_role_description\" : \"Fil\u0103\"", "\"common_google_play_services_update_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0436\u0430\u04a3\u0430\u0440\u0442\u043f\u0430\u0441\u0430\u04a3\u044b\u0437, %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"abc_searchview_description_clear\" : \"Smazat dotaz\"", "\"mtrl_picker_day_of_week_column_header\" : \"Dien\u0173 stulpelis: %1$s\"", "\"abc_searchview_description_query\" : \"Query sa paghahanap\"", "\"abc_action_bar_home_description\" : \"Przejd\u017a na stron\u0119 g\u0142\u00f3wn\u0105\"", "\"mtrl_picker_invalid_range\" : \"\u041d\u0435\u0432\u0430\u0436\u0435\u045b\u0438 \u043f\u0435\u0440\u0438\u043e\u0434.\"", "\"error_icon_content_description\" : \"\u0e02\u0e49\u0e2d\u0e1c\u0e34\u0e14\u0e1e\u0e25\u0e32\u0e14\"", "\"mtrl_picker_date_header_unselected\" : \"\u091a\u0941\u0928\u0940 \u0917\u0908 \u0924\u093e\u0930\u0940\u0916\"", "\"character_counter_overflowed_content_description\" : \"Sono presenti %2$d caratteri in pi\u00f9 rispetto al limite di %1$d\"", "\"nav_app_bar_navigate_up_description\" : \"\u092e\u093e\u0925\u093f \u0928\u0947\u092d\u093f\u0917\u0947\u091f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_wear_update_text\" : \"Wymagana jest nowa wersja Us\u0142ug Google Play. Wkr\u00f3tce nast\u0105pi automatyczna aktualizacja.\"", "\"abc_capital_on\" : \"\u0e40\u0e1b\u0e34\u0e14\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0c95\u0ccd\u0c95\u0cbf\u0c82\u0ca4 \u0cb9\u0cc6\u0c9a\u0ccd\u0c9a\u0cc1 \u0cb9\u0cca\u0cb8 \u0c85\u0ca7\u0cbf\u0cb8\u0cc2\u0c9a\u0ca8\u0cc6\u0c97\u0cb3\u0cc1\"", "\"common_signin_button_text_long\" : \"Prisijungti naudojant \u201eGoogle\u201c\"", "\"abc_menu_alt_shortcut_label\" : \"Alt \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Mais de %1$d notifica\u00e7\u00f5es novas\"", "N12_GLOBAL__N_116itanium_demangle13FunctionParamE", "\"abc_capital_off\" : \"\u0418\u0421\u041a\u0409\u0423\u0427\u0415\u041d\u041e\"", "\"common_google_play_services_enable_button\" : \"Activa\u021bi\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0daf\u0dd2\u0db1\u0dba\u0d9a\u0dca \u0dad\u0dda\u0dbb\u0dd3\u0db8\u0da7 \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0dd3\u0db8\u0da7 \u0dad\u0da7\u0dca\u0da7\u0dd4 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"material_minute_selection\" : \"Pilih minit\"", "\"abc_shareactionprovider_share_with\" : \"Ibahagi sa/kay\"", "\"abc_action_bar_up_description\" : \"\u092e\u093e\u0925\u093f \u0928\u0947\u092d\u093f\u0917\u0947\u091f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_action_bar_home_description\" : \"\u0918\u0930\u093e\u0915\u0921\u0947 \u0928\u0947\u0935\u094d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"abc_searchview_description_search\" : \"Otsing\"", "\"abc_toolbar_collapse_description\" : \"\u0417\u0433\u043e\u0440\u043d\u0443\u0442\u0438\"", "\"mtrl_picker_invalid_range\" : \"Neva\u017ee\u0107i opseg.\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u00e5\"", "\"mtrl_chip_close_icon_content_description\" : \"\u79fb\u9664%1$s\"", "\"abc_prepend_shortcut_label\" : \"\u092e\u0947\u0928\u0942+\"", "\"abc_action_mode_done\" : \"Listo\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data de in\u00edcio\"", "\"common_google_play_services_update_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0, \u10d7\u10e3 Google Play \u10e1\u10d4\u10e0\u10d5\u10d8\u10e1\u10d4\u10d1\u10e1 \u10d0\u10e0 \u10d2\u10d0\u10dc\u10d0\u10d0\u10ee\u10da\u10d4\u10d1\u10d7.\"", "\"error_icon_content_description\" : \"Ralat\"", "\"common_google_play_services_install_button\" : \"Instaliraj\"", "\"bottomsheet_action_expand_halfway\" : \"\u05d4\u05e8\u05d7\u05d1\u05d4 \u05e2\u05d3 \u05d4\u05d0\u05de\u05e6\u05e2\"", "\"abc_action_menu_overflow_description\" : \"\u0645\u0632\u06cc\u062f \u0627\u062e\u062a\u06cc\u0627\u0631\u0627\u062a\"", "\"mtrl_picker_day_of_week_column_header\" : \"Colonne du jour de la semaine\u00a0: %1$s\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"M\u00e1s de %1$d\u00a0notificaciones nuevas\"", "\"abc_activitychooserview_choose_application\" : \"Valige rakendus\"", "\"abc_menu_function_shortcut_label\" : \"Fungsi+\"", "\"abc_action_mode_done\" : \"Kon\u010dano\"", "\"material_timepicker_hour\" : \"\u0a18\u0a70\u0a1f\u0a3e\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Pre\u0111ite na re\u017eim unosa teksta\"", "\"abc_toolbar_collapse_description\" : \"Samenvouwen\"", "\"common_google_play_services_unknown_issue\" : \"\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \"%1$s\" \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c Google Play. \u041f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0443.\"", "\"character_counter_content_description\" : \"%2$d \u0a35\u0a3f\u0a71\u0a1a\u0a4b\u0a02 %1$d \u0a05\u0a71\u0a16\u0a30-\u0a1a\u0a3f\u0a70\u0a28\u0a4d\u0a39 \u0a26\u0a3e\u0a16\u0a32 \u0a15\u0a40\u0a24\u0a47 \u0a17\u0a0f\"", "\"material_timepicker_select_time\" : \"\u0627\u062e\u062a\u064a\u0627\u0631 \u0627\u0644\u0648\u0642\u062a\"", "\"common_open_on_phone\" : \"Avaa puhelimessa\"", "\"abc_action_mode_done\" : \"\u0e40\u0e2a\u0e23\u0e47\u0e08\"", "\"material_minute_selection\" : \"\u0418\u0437\u0431\u0435\u0440\u0438 \u043c\u0438\u043d\u0443\u0442\u0438\"", "\"mtrl_badge_numberless_content_description\" : \"Notificare nou\u0103\"", "\"character_counter_overflowed_content_description\" : \"\u0546\u056b\u0577\u0565\u0580\u056b \u0561\u057c\u0561\u057e\u0565\u056c\u0561\u0563\u0578\u0582\u0575\u0576 \u0584\u0561\u0576\u0561\u056f\u0568 \u0563\u0565\u0580\u0561\u0566\u0561\u0576\u0581\u057e\u0565\u056c \u0567 (%1$d/%2$d)\"", "\"material_timepicker_text_input_mode_description\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u0443 \u0440\u0435\u0436\u0438\u043c \u0443\u043d\u043e\u0441\u0430 \u0442\u0435\u043a\u0441\u0442\u0430 \u0440\u0430\u0434\u0438 \u0443\u043d\u043e\u0441\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u0430.\"", "\"common_signin_button_text_long\" : \"Google \uacc4\uc815\uc73c\ub85c \ub85c\uadf8\uc778\"", "\"copy_toast_msg\" : \"Arbelean kopiatu da esteka\"", "\"mtrl_picker_date_header_unselected\" : \"\u0422\u0430\u04a3\u0434\u0430\u043b\u0493\u0430\u043d \u043a\u04af\u043d\"", "\"search_menu_title\" : \"Tafuta\"", "\"common_signin_button_text_long\" : \"Acceder con Google\"", "\"mtrl_picker_date_header_title\" : \"\u0daf\u0dd2\u0db1\u0dba \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_chip_close_icon_content_description\" : \"\u05d4\u05e1\u05e8\u05d4 \u05e9\u05dc %1$s\"", "\"mtrl_picker_announce_current_selection\" : \"Aktu\u00e1lny v\u00fdber: %1$s\"", "\"material_hour_selection\" : \"\u8acb\u9078\u53d6\u6642\u6bb5\"", "\"bottomsheet_action_expand_halfway\" : \"Laiendamine poolenisti\"", "\"abc_searchview_description_query\" : \"Pretra\u017eite upit\"", "\"exposed_dropdown_menu_content_description\" : \"\u0e41\u0e2a\u0e14\u0e07\u0e40\u0e21\u0e19\u0e39\u0e41\u0e1a\u0e1a\u0e40\u0e25\u0e37\u0e48\u0e2d\u0e19\u0e25\u0e07\"", "\"abc_shareactionprovider_share_with_application\" : \"Delite pomo\u0107u aplikacije %s\"", "\"abc_action_mode_done\" : \"\u0bae\u0bc1\u0b9f\u0bbf\u0ba8\u0bcd\u0ba4\u0ba4\u0bc1\"", "\"icon_content_description\" : \"\u0418\u043a\u043e\u043d\u0430 \u0434\u0438\u0458\u0430\u043b\u043e\u0433\u0430\"", "\"character_counter_content_description\" : \"%2$d \u092a\u0948\u0915\u0940 %1$d \u0935\u0930\u094d\u0923 \u090f\u0902\u091f\u0930 \u0915\u0947\u0932\u0947 \u0906\u0939\u0947\"", "\"abc_menu_sym_shortcut_label\" : \"Sym+\"", "\"common_signin_button_text_long\" : \"Zaloguj si\u0119 przez Google\"", "\"icon_content_description\" : \"Isithonjana sebhokisi\"", "\"abc_capital_on\" : \"HIDUP\"", "\"copy_toast_msg\" : \"Lien copi\u00e9 dans le presse-papiers\"", "\"abc_searchview_description_clear\" : \"Not\u012br\u012bt vaic\u0101jumu\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b2e\u0b4d\u0b2a\u0b30\u0b4d\u0b15\u0b3f\u0b24 \u0b38\u0b2e\u0b38\u0b4d\u0b5f\u0b3e\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u0444\u043e\u0440\u043c\u0442\u044b\u043d \u043a\u043e\u043b\u0434\u043d\u0443\u04a3\u0443\u0437\"", "\"mtrl_picker_range_header_selected\" : \"%1$s\u2013%2$s\"", "\"material_clock_toggle_content_description\" : \"Velg AM eller PM\"", "\"abc_action_mode_done\" : \"Loki\u00f0\"", "\"abc_capital_on\" : \"VKLOP\"", "N12_GLOBAL__N_116itanium_demangle17VendorExtQualTypeE", "\"abc_shareactionprovider_share_with\" : \"\u0627\u0633 \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0627\u0634\u062a\u0631\u0627\u06a9 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_range_header_unselected\" : \"Data de \u00eencepere \u2013 data de \u00eencheiere\"", "\"mtrl_picker_save\" : \"\u09b8\u09c7\u09ad \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u043e\u0441\u0432\u0435\u043d \u0430\u043a\u043e \u043d\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play.\"", "\"mtrl_picker_invalid_format_use\" : \"Pou\u017eite: %1$s\"", "\"mtrl_picker_range_header_unselected\" : \"\u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1785\u17b6\u1794\u17cb\u1795\u17d2\u178a\u17be\u1798 \u2013 \u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1794\u1789\u17d2\u1785\u1794\u17cb\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidade do Google Play Services\"", "\"character_counter_content_description\" : \"Karakteret e futura: %1$d nga %2$d\"", "\"material_hour_selection\" : \"\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u1798\u17c9\u17c4\u1784\"", "\"common_signin_button_text\" : \"Acceder\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u098f\u09b0 \u09b8\u09be\u09a5\u09c7 \u09b6\u09c7\u09af\u09bc\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_badge_numberless_content_description\" : \"Nytt varsel\"", "\"bottomsheet_action_expand_halfway\" : \"\u092a\u0942\u0930\u0940 \u0924\u0930\u0939 \u092c\u0921\u093c\u093e \u0915\u0930\u0947\u0902\"", "\"abc_menu_meta_shortcut_label\" : \"Meta +\"", "terminating with %s exception of type %s", "\"mtrl_picker_day_of_week_column_header\" : \"\u0926\u093f\u0928\u094b\u0902 \u0915\u093e \u0915\u0949\u0932\u092e: %1$s\"", "\"fallback_menu_item_share_link\" : \"\u0a32\u0a3f\u0a70\u0a15 \u0a38\u0a3e\u0a02\u0a1d\u0a3e \u0a15\u0a30\u0a4b\"", "\"mtrl_chip_close_icon_content_description\" : \"\u79fb\u9664\u300c%1$s\u300d\"", "\"common_google_play_services_unsupported_text\" : \"\u0d94\u0db6\u0d9c\u0dda \u0d8b\u0db4\u0dcf\u0d82\u0d9c\u0dba \u0db8\u0d9c\u0dd2\u0db1\u0dca \u0dc3\u0dc4\u0dcf\u0dba \u0db1\u0ddc\u0daf\u0d9a\u0dca\u0dc0\u0db1, Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"abc_searchview_description_search\" : \"\u0936\u094b\u0927\"", "\"abc_search_hint\" : \"\u0628\u062d\u062b\u2026\"", "\"mtrl_picker_range_header_unselected\" : \"Tarikh mula \u2013 Tarikh tamat\"", "\"character_counter_overflowed_content_description\" : \"\u0e82\u0eb5\u0e94\u0e88\u0eb3\u0e81\u0eb1\u0e94\u0e95\u0ebb\u0ea7\u0ead\u0eb1\u0e81\u0eaa\u0ead\u0e99\u0ec0\u0e81\u0eb5\u0e99 %1$d \u0e88\u0eb2\u0e81\u0e97\u0eb1\u0e87\u0edd\u0ebb\u0e94 %2$d\"", "\"abc_prepend_shortcut_label\" : \"\u0e40\u0e21\u0e19\u0e39+\"", "\"abc_searchview_description_clear\" : \"Vee navraag uit\"", "\"common_google_play_services_wear_update_text\" : \"La nouvelle version des services Google Play est n\u00e9cessaire. Elle sera bient\u00f4t install\u00e9e automatiquement.\"", "\"mtrl_picker_out_of_range\" : \"Valt buiten bereik: %1$s\"", "\"mtrl_picker_announce_current_selection\" : \"\u0410\u043a\u0442\u0443\u0435\u043b\u043d\u0438 \u0438\u0437\u0431\u043e\u0440: %1$s\"", "\"abc_menu_space_shortcut_label\" : \"\u0d38\u0d4d\u200c\u0d2a\u0d46\u0d2f\u0d4d\u200c\u0d38\u0d4d\"", "\"material_hour_suffix\" : \"%1$s\"", "\"material_hour_suffix\" : \"%1$s \u03b1\u03ba\u03c1\u03b9\u03b2\u03ce\u03c2\"", "operator>>=", "\"mtrl_picker_range_header_title\" : \"Pumili ng Range\"", "operator||", "\"search_menu_title\" : \"\u0422\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"material_timepicker_clock_mode_description\" : \"Id\u0151bevitelhez v\u00e1ltson \u00f3ram\u00f3dba.\"", "\"material_timepicker_am\" : \"\u0642.\u0638\"", "\"abc_capital_off\" : \"\u0e1b\u0e34\u0e14\"", "\"common_signin_button_text_long\" : \"\u1785\u17bc\u179b\u178a\u17c4\u1799\u1794\u17d2\u179a\u17be Google\"", "\"abc_action_mode_done\" : \"Fertig\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0e41\u0e0a\u0e23\u0e4c\u0e17\u0e32\u0e07 %s\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0414\u0430\u0442\u0430 \u043d\u0430\u0447\u0430\u043b\u0430\"", "\"abc_activity_chooser_view_see_all\" : \"Ver tudo\"", "\"common_google_play_services_updating_text\" : \"%1$s ne\u0107e se pokrenuti bez usluga Google Playa koje se trenuta\u010dno a\u017euriraju.\"", "\"common_google_play_services_install_title\" : \"Obtener servicios de Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\u10e7\u10d5\u10d4\u10da\u10d0\u10e1 \u10dc\u10d0\u10ee\u10d5\u10d0\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tocca per passare alla selezione di un anno\"", "\"abc_capital_off\" : \"DEAKT\u0130V\"", "\"mtrl_picker_range_header_unselected\" : \"Data rozpocz\u0119cia \u2013 data zako\u0144czenia\"", "\"material_timepicker_clock_mode_description\" : \"\u05d4\u05e2\u05d1\u05e8 \u05dc\u05de\u05e6\u05d1 \u05e9\u05e2\u05d5\u05df \u05dc\u05e6\u05d5\u05e8\u05da \u05d4\u05d6\u05e0\u05ea \u05d4\u05e9\u05e2\u05d4\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0d28\u0d40\u0d15\u0d4d\u0d15\u0d02 \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"common_google_play_services_install_title\" : \"C\u00e0i \u0111\u1eb7t d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"common_google_play_services_update_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie zaktualizujesz Us\u0142ug Google Play.\"", "\"error_icon_content_description\" : \"Eroare\"", "\"material_minute_suffix\" : \"%1$s \u0ba8\u0bbf\u0bae\u0bbf\u0b9f\u0b99\u0bcd\u0b95\u0bb3\u0bcd\"", "\"common_google_play_services_unknown_issue\" : \"Nagkakaproblema ang %1$s sa mga serbisyo ng Google Play. Pakisubukang muli.\"", "\"common_google_play_services_update_button\" : \"\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\"", "\"abc_searchview_description_query\" : \"Pretra\u017ei upit\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u5207\u63db\u81f3\u6587\u5b57\u8f38\u5165\u6a21\u5f0f\"", "\"material_minute_suffix\" : \"%1$s minutit\"", "\"abc_menu_space_shortcut_label\" : \"\u043a\u043b\u0430\u0432\u0438\u0448\u0430 \u0437\u0430 \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\"", "\"abc_searchview_description_voice\" : \"\u092c\u094b\u0932\u0915\u0930 \u0916\u094b\u091c\u0947\u0902\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0625\u0632\u0627\u0644\u0629 %1$s\"", "\"material_hour_suffix\" : \"Kell %1$s\"", "\"mtrl_picker_a11y_prev_month\" : \"Naar vorige maand gaan\"", "\"mtrl_picker_invalid_format_example\" : \"\u0c09\u0c26\u0c3e\u0c39\u0c30\u0c23: %1$s\"", "\"mtrl_picker_range_header_unselected\" : \"\u0938\u0941\u0930\u0941 \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f \u2013 \u0905\u0928\u094d\u0924\u094d\u092f \u0939\u0941\u0928\u0947 \u092e\u093f\u0924\u093f\"", "\"mtrl_picker_toggle_to_day_selection\" : \"'\u0c30\u0c4b\u0c1c\u0c41\u0c28\u0c41 \u0c0e\u0c02\u0c2a\u0c3f\u0c15 \u0c1a\u0c47\u0c38\u0c41\u0c15\u0c4b\u0c35\u0c21\u0c02'\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c21\u0c3e\u0c28\u0c3f\u0c15\u0c3f \u0c28\u0c4a\u0c15\u0c4d\u0c15\u0c02\u0c21\u0c3f\"", "\"abc_action_bar_up_description\" : \"Navigera upp\u00e5t\"", "\"search_menu_title\" : \"\u0916\u094b\u091c\u0947\u0902\"", "\"mtrl_picker_range_header_title\" : \"S\u00e9lectionnez une p\u00e9riode\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Touchez pour passer \u00e0 la s\u00e9lection de jour\"", "\"mtrl_picker_invalid_format\" : \"\u1791\u1798\u17d2\u179a\u1784\u17cb\u1798\u17b7\u1793\u200b\u178f\u17d2\u179a\u17b9\u1798\u178f\u17d2\u179a\u17bc\u179c\u1791\u17c1\u17d4\"", "\"mtrl_picker_invalid_format_example\" : \"\u041c\u044b\u0441\u0430\u043b: %1$s.\"", "\"abc_menu_delete_shortcut_label\" : \"eliminar\"", "\"common_signin_button_text_long\" : \"\u200f\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0639\u0628\u0631 Google\"", "\"bottomsheet_action_expand_halfway\" : \"Expandir at\u00e9 metade\"", "\"mtrl_picker_out_of_range\" : \"\u0a30\u0a47\u0a02\u0a1c \u0a24\u0a4b\u0a02 \u0a2c\u0a3e\u0a39\u0a30: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"Afi\u0219a\u021bi tot\"", "\"common_google_play_services_update_text\" : \"Aplikacija %1$s ne bo delovala, \u010de ne posodobite storitev Google Play.\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolumna z\u00a0dniami: %1$s\"", "\"common_google_play_services_unknown_issue\" : \"L'application %1$s rencontre des probl\u00e8mes avec les services Google\u00a0Play. Veuillez r\u00e9essayer.\"", "\"abc_shareactionprovider_share_with\" : \"\u0c87\u0cb5\u0cb0\u0cca\u0c82\u0ca6\u0cbf\u0c97\u0cc6 \u0cb9\u0c82\u0c9a\u0cbf\u0c95\u0cca\u0cb3\u0ccd\u0cb3\u0cbf\"", "\"common_google_play_services_notification_ticker\" : \"Napaka storitev Google Play\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u062e\u0637\u0623 \u0641\u064a \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilitatea serviciilor Google Play\"", "\"abc_action_bar_up_description\" : \"Revenir en haut de la page\"", "\"mtrl_picker_date_header_title\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u0434\u0430\u0442\u0443\u043c\"", "\"common_google_play_services_update_text\" : \"Lai lietotne %1$s darbotos, jums ir j\u0101atjaunina Google\u00a0Play pakalpojumi.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u09b6\u09c1\u09b0\u09c1\u09b0 \u09a4\u09be\u09b0\u09bf\u0996 \u2013 %1$s\"", "\"common_google_play_services_notification_ticker\" : \"Error de Servicios de Google Play\"", "\"fallback_menu_item_open_in_browser\" : \"\u0b2c\u0b4d\u0b30\u0b3e\u0b09\u0b1c\u0b30\u0b4d\u200c\u0b30\u0b47 \u0b16\u0b4b\u0b32\u0b28\u0b4d\u0b24\u0b41\"", "_GLOBAL__N", "\"abc_capital_on\" : \"\u012eJUNGTI\"", "\"common_google_play_services_install_text\" : \"%1$s Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 \u09a8\u099a\u09b2\u09c7, \u09af\u09bf\u099f\u09cb \u0986\u09aa\u09cb\u09a8\u09be\u09f0 \u09a1\u09bf\u09ad\u09be\u0987\u099a\u09a4 \u09a8\u09be\u0987\u0964\"", "operator?", "\"abc_capital_off\" : \"\u04e8\u0427\u04ae\u041a\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u05d4\u05d7\u05dc\u05e4\u05d4 \u05dc\u05e9\u05d9\u05d8\u05ea \u05e7\u05dc\u05d8 \u05e9\u05dc \u05d9\u05d5\u05de\u05df\"", "\"item_view_role_description\" : \"\u099f\u09cd\u09af\u09be\u09ac\"", "\"abc_action_bar_home_description\" : \"\u700f\u89bd\u4e3b\u9801\"", "\"common_google_play_services_updating_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107 bez Us\u0142ug Google Play, kt\u00f3re s\u0105 obecnie aktualizowane.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Tumia programu ya kuingiza data ya maandishi\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Atinge\u021bi pentru a comuta la selectarea unui an\"", "\"abc_searchview_description_submit\" : \"\u041f\u043e\u0434\u043d\u0435\u0441\u0438 \u0431\u0430\u0440\u0430\u045a\u0435\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0ca6\u0ccb\u0cb7\"", "\"abc_searchview_description_clear\" : \"\uac80\uc0c9\uc5b4 \uc0ad\uc81c\"", "N12_GLOBAL__N_116itanium_demangle15ConditionalExprE", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0430\u043a\u043e \u043d\u0435 \u043e\u0432\u043e\u0437\u043c\u043e\u0436\u0438\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438 \u043d\u0430 Google Play.\"", "\"material_hour_suffix\" : \"%1$s en punt\"", "\"mtrl_picker_a11y_prev_month\" : \"\u05de\u05e2\u05d1\u05e8 \u05dc\u05d7\u05d5\u05d3\u05e9 \u05d4\u05e7\u05d5\u05d3\u05dd\"", "\"mtrl_picker_invalid_range\" : \"Yanl\u0131\u015f diapazon.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0e14\u0e39\u0e17\u0e31\u0e49\u0e07\u0e2b\u0e21\u0e14\"", "\"common_google_play_services_install_title\" : \"H\u00e4mta Google Play-tj\u00e4nster\"", "\"error_icon_content_description\" : \"Gabim\"", "\"character_counter_overflowed_content_description\" : \"Maxim\u00e1lis karaktersz\u00e1m t\u00fall\u00e9pve: %2$d/%1$d\"", "\"abc_activitychooserview_choose_application\" : \"Elegir una app\"", "\"abc_activity_chooser_view_see_all\" : \"\u0b38\u0b2c\u0b41 \u0b26\u0b47\u0b16\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_out_of_range\" : \"Nepatenka \u012f diapazon\u0105: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"Sien alles\"", "\"copy_toast_msg\" : \"\u12a0\u1308\u1293\u129d \u12c8\u12f0 \u1245\u1295\u1325\u1265 \u1230\u120c\u12f3 \u1270\u1240\u12f5\u1277\u120d\"", "\"mtrl_picker_invalid_format\" : \"Neva\u017ee\u0107i format.\"", "\"abc_action_mode_done\" : \"\u0d2a\u0d42\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d2f\u0d3e\u0d2f\u0d3f\"", "\"mtrl_picker_range_header_unselected\" : \"\u05ea\u05d0\u05e8\u05d9\u05da \u05d4\u05ea\u05d7\u05dc\u05d4 - \u05ea\u05d0\u05e8\u05d9\u05da \u05e1\u05d9\u05d5\u05dd\"", "\"common_google_play_services_install_title\" : \"Namestitev storitev Google Play\"", "\"abc_action_mode_done\" : \"Eginda\"", "\"mtrl_picker_invalid_range\" : \"\u091a\u0941\u0915\u0940\u091a\u0940 \u0936\u094d\u0930\u0947\u0923\u0940.\"", "\"character_counter_content_description\" : \"%1$d/%2$d\u00a0merkki\u00e4 kirjoitettu\"", "\"material_hour_selection\" : \"Chagua saa\"", "\"common_google_play_services_enable_text\" : \"O %1$s n\u00e3o funciona enquanto n\u00e3o ativar os servi\u00e7os do Google Play.\"", "\"google_app_id\" : \"1:983632160629:android:d1d9132ddd988e7127553c\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\uc0c8 \uc54c\ub9bc %1$d\uac1c \ucd08\uacfc\"", "\"abc_searchview_description_query\" : \"S\u00f6kfr\u00e5ga\"", "\"mtrl_picker_announce_current_selection\" : \"\u73fe\u5728\u306e\u9078\u629e: %1$s\"", "\"material_clock_toggle_content_description\" : \"\u0cac\u0cc6\u0cb3\u0cbf\u0c97\u0ccd\u0c97\u0cc6 \u0c85\u0ca5\u0cb5\u0cbe \u0cae\u0ca7\u0ccd\u0caf\u0cbe\u0cb9\u0ccd\u0ca8 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "N12_GLOBAL__N_116itanium_demangle13EnclosingExprE", "\"mtrl_picker_invalid_format\" : \"\u00c9rv\u00e9nytelen form\u00e1tum.\"", "\"abc_toolbar_collapse_description\" : \"Minimieren\"", "\"nav_app_bar_open_drawer_description\" : \"Abrir o panel de navegaci\u00f3n\"", "\"material_hour_selection\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u0433\u0430\u0434\u0437\u0456\u043d\u0443\"", "\"common_google_play_services_update_title\" : \"Actualiza Servicios de Google Play\"", "\"material_timepicker_hour\" : \"\u1798\u17c9\u17c4\u1784\"", "\"mtrl_picker_a11y_next_month\" : \"\u0905\u0917\u0932\u0947 \u092e\u0939\u0940\u0928\u0947 \u092a\u0930 \u091c\u093e\u090f\u0902\"", "\"abc_activity_chooser_view_see_all\" : \"Lihat semua\"", "\"common_signin_button_text_long\" : \"Google \u0cae\u0cc2\u0cb2\u0c95 \u0cb8\u0cc8\u0ca8\u0ccd \u0c87\u0ca8\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_searchview_description_clear\" : \"P\u00e4ringu t\u00fchistamine\"", "\"icon_content_description\" : \"Ic\u00f4ne de la bo\u00eete de dialogue\"", "\"icon_content_description\" : \"\u10d3\u10d8\u10d0\u10da\u10dd\u10d2\u10d8\u10e1 \u10ee\u10d0\u10e2\u10e3\u10da\u10d0\"", "operator>", "\"copy_toast_msg\" : \"Isixhumanisi sikopishelwe ku-clipboard\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0924\u093e\u0930\u0940\u0916\"", "\"common_open_on_phone\" : \"\u0aab\u0acb\u0aa8\u0aae\u0abe\u0a82 \u0a96\u0acb\u0ab2\u0acb\"", "\"character_counter_overflowed_content_description\" : \"\u062a\u062c\u0627\u0648\u0632 \u0639\u062f\u062f \u0627\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u0645\u0633\u0645\u0648\u062d \u0628\u0647 %1$d \u0645\u0646 %2$d.\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0440\u0435\u043c\u0438\u043d\u0430\u0432\u0430\u043d\u0435 \u043a\u044a\u043c \u0441\u043b\u0435\u0434\u0432\u0430\u0449\u0438\u044f \u043c\u0435\u0441\u0435\u0446\"", "\"material_minute_suffix\" : \"%1$s \u12f0\u1242\u1243\u12ce\u127d\"", "\"abc_menu_function_shortcut_label\" : \"Fun\u00e7\u00e3o +\"", "\"common_google_play_services_updating_text\" : \"\ud604\uc7ac \uc5c5\ub370\uc774\ud2b8 \uc911\uc778 Google Play \uc11c\ube44\uc2a4\uac00 \uc788\uc5b4\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"mtrl_picker_a11y_next_month\" : \"P\u0159ej\u00edt na dal\u0161\u00ed m\u011bs\u00edc\"", "\"copy_toast_msg\" : \"\u0421\u0456\u043b\u0442\u0435\u043c\u0435 \u0431\u0443\u0444\u0435\u0440\u0433\u0435 \u043a\u04e9\u0448\u0456\u0440\u0456\u043b\u0434\u0456.\"", "\"common_google_play_services_notification_ticker\" : \"L\u1ed7i d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"icon_content_description\" : \"\u0395\u03b9\u03ba\u03bf\u03bd\u03af\u03b4\u03b9\u03bf \u03c0\u03b1\u03c1\u03b1\u03b8\u03cd\u03c1\u03bf\u03c5 \u03b4\u03b9\u03b1\u03bb\u03cc\u03b3\u03bf\u03c5\"", "\"fallback_menu_item_share_link\" : \"\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u0441\u044b\u043b\u043a\u0443\"", "\"abc_searchview_description_clear\" : \"Slett s\u00f8ket\"", "\"common_google_play_services_install_text\" : \"Du skal installere Google Play-tjenester, f\u00f8r %1$s kan k\u00f8re p\u00e5 din enhed.\"", "\"material_timepicker_text_input_mode_description\" : \"Passer au mode Entr\u00e9e de texte pour entrer l'heure.\"", "\"abc_searchview_description_submit\" : \"\u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf \u099c\u09ae\u09be \u09a6\u09bf\u09a8\"", "\"nav_app_bar_navigate_up_description\" : \"\u0ec0\u0ea5\u0eb7\u0ec8\u0ead\u0e99\u0e82\u0eb6\u0ec9\u0e99\u0ec0\u0e97\u0eb4\u0e87\"", "\"material_clock_toggle_content_description\" : \"Seleziona AM o PM\"", "\"abc_activitychooserview_choose_application\" : \"Izv\u0113lieties lietotni\"", "\"exposed_dropdown_menu_content_description\" : \"\u0eaa\u0eb0\u0ec1\u0e94\u0e87\u0ec0\u0ea1\u0e99\u0eb9\u0ec0\u0ea5\u0eb7\u0ec8\u0ead\u0e99\u0ea5\u0ebb\u0e87\"", "\"mtrl_badge_numberless_content_description\" : \"Arifa mpya\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c06 \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c2e\u0c40 \u0c2a\u0c30\u0c3f\u0c15\u0c30\u0c02\u0c32\u0c4b \u0c32\u0c47\u0c35\u0c41.\"", "\"abc_action_menu_overflow_description\" : \"M\u00e1s opciones\"", "\"material_minute_selection\" : \"Minutite valimine\"", "objc_object", "\"material_minute_selection\" : \"Ch\u1ecdn ph\u00fat\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u9808\u555f\u7528 Google Play \u670d\u52d9\uff0c\u65b9\u53ef\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"material_clock_toggle_content_description\" : \"\u05d9\u05e9 \u05dc\u05d1\u05d7\u05d5\u05e8 \u05d1-AM \u05d0\u05d5 \u05d1-PM\"", "\"abc_searchview_description_submit\" : \"\u0421\u0443\u0440\u0430\u043c \u0442\u0430\u043f\u0448\u044b\u0440\u0443\u0443\"", "\"mtrl_picker_date_header_unselected\" : \"Hautatutako data\"", "\"nav_app_bar_open_drawer_description\" : \"Fungua droo ya kusogeza\"", "\"mtrl_badge_numberless_content_description\" : \"\u0baa\u0bc1\u0ba4\u0bbf\u0baf \u0b85\u0bb1\u0bbf\u0bb5\u0bbf\u0baa\u0bcd\u0baa\u0bc1\"", "\"abc_action_bar_up_description\" : \"\uc704\ub85c \uc774\ub3d9\"", "\"mtrl_picker_date_header_unselected\" : \"Se\u00e7ilmi\u015f tarix\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05e9\u05e0\u05ea %1$s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Yilni tanlash uchun bosing\"", "\"mtrl_picker_out_of_range\" : \"Fora do intervalo: %1$s\"", "\"common_signin_button_text_long\" : \"Google \u0b38\u0b39 \u0b38\u0b3e\u0b07\u0b28\u0b4d\u200c-\u0b07\u0b28\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"fallback_menu_item_open_in_browser\" : \"Abrir en el navegador\"", "\"mtrl_picker_save\" : \"Gorde\"", "\"nav_app_bar_navigate_up_description\" : \"\u1021\u1015\u1031\u102b\u103a\u101e\u102d\u102f\u1037 \u101b\u103d\u103e\u1031\u1037\u101b\u1014\u103a\"", "\"mtrl_picker_invalid_format_use\" : \"Koristi: %1$s\"", "\"clear_text_end_icon_content_description\" : \"\u0a9f\u0ac7\u0a95\u0acd\u0ab8\u0acd\u0a9f \u0ab8\u0abe\u0aab \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_range_header_unselected\" : \"Start date \u2013 End date\"", "\"nav_app_bar_navigate_up_description\" : \"Idite nagore\"", "\"abc_searchview_description_query\" : \"Sesha umbuzo\"", "\"mtrl_picker_a11y_next_month\" : \"Tukar kepada bulan seterusnya\"", "\"abc_activity_chooser_view_see_all\" : \"N\u00e4yt\u00e4 kaikki\"", "\"abc_menu_space_shortcut_label\" : \"mellemrum\"", "\"mtrl_picker_a11y_prev_month\" : \"\u00d6nceki aya de\u011fi\u015ftir\"", "\"mtrl_picker_a11y_prev_month\" : \"Passa al mese precedente\"", "\"abc_search_hint\" : \"Haku\u2026\"", "\"icon_content_description\" : \"Dialogboksikon\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-tjenesters tilg\u00e6ngelighed\"", "\"common_open_on_phone\" : \"Hape n\u00eb telefon\"", "\"material_timepicker_clock_mode_description\" : \"\u09b8\u09ae\u09df\u09f0 \u0987\u09a8\u09aa\u09c1\u099f\u09f0 \u09ac\u09be\u09ac\u09c7 \u0998\u09dc\u09c0 \u09ae'\u09a1\u09b2\u09c8 \u09af\u09be\u0993\u0995\u0964\"", "\"abc_searchview_description_submit\" : \"\u0548\u0582\u0572\u0561\u0580\u056f\u0565\u056c \u0570\u0561\u0580\u0581\u0578\u0582\u0574\u0568\"", "\"nav_app_bar_open_drawer_description\" : \"Atv\u0113rt navig\u0101cijas atvilktni\"", "\"abc_capital_off\" : \"\u0b86\u0b83\u0baa\u0bcd\"", "St9exception", "\"mtrl_picker_save\" : \"\u0417\u0430\u0447\u0443\u0432\u0430\u0458\"", "\"common_google_play_services_install_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang tidak ada di perangkat Anda.\"", "\"common_google_play_services_install_title\" : \"\u0e15\u0e34\u0e14\u0e15\u0e31\u0e49\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"clear_text_end_icon_content_description\" : \"\u0c30\u0c3e\u0c38\u0c3f\u0c28\u0c26\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c24\u0c40\u0c38\u0c3f\u0c35\u0c47\u0c2f\u0c3f\"", "\"common_google_play_services_enable_title\" : \"\u200f\u05d4\u05e4\u05e2\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "N12_GLOBAL__N_116itanium_demangle11SpecialNameE", "\"mtrl_picker_a11y_prev_month\" : \"\u12c8\u12f0 \u1240\u12f3\u121a\u12cd \u12c8\u122d \u1240\u12ed\u122d\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Pre\u0111ite na re\u017eim unosa u Kalendaru\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Ketik untuk beralih kepada pemilihan hari\"", "\"common_google_play_services_install_button\" : \"Installi\"", "\"abc_capital_on\" : \"\u5f00\u542f\"", "\"common_google_play_services_updating_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a3e, \u0a1c\u0a4b \u0a35\u0a30\u0a24\u0a2e\u0a3e\u0a28 \u0a35\u0a3f\u0a71\u0a1a \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a39\u0a4b \u0a30\u0a39\u0a40\u0a06\u0a02 \u0a39\u0a28\u0964\"", "cannot zero out thread value for __cxa_get_globals()", "\"abc_menu_sym_shortcut_label\" : \"Simbool+\"", "\"icon_content_description\" : \"Dialoogi ikoon\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care nu sunt acceptate de dispozitivul dvs.\"", "\"character_counter_content_description\" : \"%2$d \u0438\u0447\u0438\u043d\u0435\u043d %1$d \u0441\u0438\u043c\u0432\u043e\u043b \u043a\u0438\u0440\u0433\u0438\u0437\u0438\u043b\u0434\u0438\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Siirry vuoden valintaan napauttamalla\"", "\"mtrl_picker_navigate_to_year_description\" : \"Zum Jahr\u00a0%1$s wechseln\"", "\"mtrl_badge_numberless_content_description\" : \"Notificaci\u00f3n nueva\"", "\"abc_searchview_description_voice\" : \"Stemsoektog\"", "\"common_google_play_services_install_title\" : \"Google Play xidm\u0259tl\u0259rini \u0259ld\u0259 edin\"", "\"common_google_play_services_install_title\" : \"\u53d6\u5f97 Google Play \u670d\u52d9\"", "\"common_google_play_services_updating_text\" : \"Zur Nutzung von %1$s sind Google Play-Dienste erforderlich, die gerade aktualisiert werden.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Data de conclus\u00e3o\"", "\"icon_content_description\" : \"\u0921\u093e\u092f\u0932\u0949\u0917 \u0906\u092f\u0915\u0928\"", "\"mtrl_picker_date_header_unselected\" : \"Izabrani datum\"", "\"material_clock_toggle_content_description\" : \"AM \u0915\u093f\u0902\u0935\u093e PM \u0928\u093f\u0935\u0921\u093e\"", "\"abc_prepend_shortcut_label\" : \"Meniu+\"", "\"clear_text_end_icon_content_description\" : \"Ryd tekst\"", "\"common_google_play_services_enable_title\" : \"B\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"character_counter_content_description\" : \"Caract\u00e8res entr\u00e9s\u00a0: %1$d sur %2$d\"", "\"common_google_play_services_update_title\" : \"I-update ang mga serbisyo ng Google Play\"", "\"bottomsheet_action_expand_halfway\" : \"Expand halfway\"", "\"fallback_menu_item_copy_link\" : \"\u06a9\u067e\u06cc \u067e\u06cc\u0648\u0646\u062f\"", "\"mtrl_chip_close_icon_content_description\" : \"\u00dcksuse %1$s eemaldamine\"", "N10__cxxabiv120__si_class_type_infoE", "\"icon_content_description\" : \"Ikona dialogov\u00e9ho okna\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u7d42\u4e86\u65e5\"", "\"material_timepicker_select_time\" : \"\u0935\u0947\u0933 \u0928\u093f\u0935\u0921\u093e\"", "\"abc_action_bar_up_description\" : \"Fel\"", "\"mtrl_picker_a11y_prev_month\" : \"\u10ec\u10d8\u10dc\u10d0 \u10d7\u10d5\u10d4\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"common_google_play_services_install_title\" : \"\u200f\u062f\u0631\u06cc\u0627\u0641\u062a \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "N12_GLOBAL__N_116itanium_demangle16FloatLiteralImplIeEE", "\"abc_searchview_description_submit\" : \"Po\u0161alji upit\"", "\"mtrl_picker_range_header_unselected\" : \"Upphafsdagur \u2013 lokadagur\"", "\"mtrl_picker_date_header_title\" : \"Valige kuup\u00e4ev\"", "\"abc_shareactionprovider_share_with_application\" : \"Kongsi dengan %s\"", "\"mtrl_picker_invalid_format\" : \"Format i pavlefsh\u00ebm.\"", "\"abc_menu_alt_shortcut_label\" : \"\u201eAlt\u201c +\"", "\"abc_menu_enter_shortcut_label\" : \"INVIO\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u05d9\u05e9 \u05dc\u05d4\u05e7\u05d9\u05e9 \u05db\u05d3\u05d9 \u05dc\u05d4\u05d7\u05dc\u05d9\u05e3 \u05dc\u05d1\u05d7\u05d9\u05e8\u05ea \u05e9\u05e0\u05d4\"", "\"mtrl_picker_text_input_date_hint\" : \"Idethi\"", "\"error_icon_content_description\" : \"\u05e9\u05d2\u05d9\u05d0\u05d4\"", "\"nav_app_bar_open_drawer_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0439\u043d \u0448\u0443\u0440\u0433\u0443\u0443\u043b\u0433\u044b\u0433 \u043d\u044d\u044d\u0445\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u0441\u0435 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0458\u0443.\"", "\"mtrl_picker_date_header_title\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ea7\u0eb1\u0e99\u0e97\u0eb5\"", "\"mtrl_chip_close_icon_content_description\" : \"Olib tashlash: %1$s\"", "\"common_google_play_services_install_text\" : \"Google Play \u0938\u0947\u0935\u093e \u0906\u092a\u0932\u094d\u092f\u093e \u0921\u093f\u0935\u094d\u0939\u093e\u0907\u0938\u0935\u0930 \u0909\u092a\u0932\u092c\u094d\u0927 \u0928\u093e\u0939\u0940, \u0924\u094d\u092f\u093e\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u8d85\u904e %1$d \u5247\u65b0\u901a\u77e5\"", "\"icon_content_description\" : \"\u0b89\u0bb0\u0bc8\u0baf\u0bbe\u0b9f\u0bb2\u0bcd \u0b90\u0b95\u0bbe\u0ba9\u0bcd\"", "\"material_hour_selection\" : \"\uc2dc\uac04 \uc120\ud0dd\"", "\"abc_shareactionprovider_share_with\" : \"\u0b87\u0ba4\u0bbf\u0bb2\u0bcd \u0baa\u0b95\u0bbf\u0bb0\u0bcd\"", "\"mtrl_picker_a11y_next_month\" : \"Vaheta j\u00e4rgmisele kuule\"", "\"search_menu_title\" : \"\u0c36\u0c4b\u0c27\u0c28\"", "\"mtrl_picker_announce_current_selection\" : \"\u041e\u0434\u043e\u043e\u0433\u0438\u0439\u043d \u0441\u043e\u043d\u0433\u043e\u043b\u0442: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"Eiti \u012f %1$s metus\"", "\"mtrl_picker_a11y_prev_month\" : \"\uc774\uc804 \ub2ec\ub85c \ubcc0\uacbd\"", "\"fallback_menu_item_copy_link\" : \"Copy link\"", "\"material_clock_toggle_content_description\" : \"AM \u0a1c\u0a3e\u0a02 PM \u0a1a\u0a41\u0a23\u0a4b\"", "\"fallback_menu_item_share_link\" : \"Chia s\u1ebb li\u00ean k\u1ebft\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u09ac\u099b\u09b0 \u09ac\u09c7\u099b\u09c7 \u09a8\u09c7\u0993\u09df\u09be\u09b0 \u09ae\u09cb\u09a1\u09c7 \u09ac\u09a6\u09b2 \u0995\u09b0\u09a4\u09c7 \u099f\u09cd\u09af\u09be\u09aa \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_picker_range_header_unselected\" : \"\u0936\u0941\u0930\u0942 \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916 \u2013 \u0916\u0924\u094d\u092e \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"abc_action_menu_overflow_description\" : \"Vi\u0161e opcija\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 slutdato\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u064a\u062c\u0628 \u062a\u0648\u0641\u0631 \u0625\u0635\u062f\u0627\u0631 \u062c\u062f\u064a\u062f \u0645\u0646 \u062e\u062f\u0645\u0627\u062a Google Play. \u0633\u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b\u0647\u0627 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627 \u0642\u0631\u064a\u0628\u064b\u0627.\"", "\"mtrl_picker_date_header_title\" : \"Select date\"", "\"bottomsheet_action_expand_halfway\" : \"I-expand hanggang gitna\"", "RootBeer", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u6709 %1$d \u6761\u4ee5\u4e0a\u7684\u65b0\u901a\u77e5\"", "operator%", "\"common_google_play_services_enable_title\" : \"\u041e\u043c\u043e\u0433\u0443\u045b\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"mtrl_picker_text_input_date_hint\" : \"Data\"", "\"abc_searchview_description_voice\" : \"\u0a05\u0a35\u0a3e\u0a1c\u0a3c\u0a40 \u0a16\u0a4b\u0a1c\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s\ub144\uc73c\ub85c \uc774\ub3d9\"", "\"material_timepicker_text_input_mode_description\" : \"Switch to text input mode for the time input.\"", "\"common_google_play_services_update_title\" : \"Dateer Google Play-dienste op\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u0438\u0439\u043d \u043e\u0440\u043e\u0445 \u0433\u043e\u0440\u0438\u043c \u0440\u0443\u0443 \u0441\u044d\u043b\u0433\u044d\u0445\"", "\"common_google_play_services_update_text\" : \"%1$s kj\u00f8rer ikke med mindre du oppdaterer Google Play Tjenester.\"", "uncaught", "\"material_timepicker_clock_mode_description\" : \"\u064a\u064f\u0631\u062c\u0649 \u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0648\u0636\u0639 \u0627\u0644\u0633\u0627\u0639\u0629 \u0644\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0648\u0642\u062a.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0938\u0941\u0930\u0942 \u0939\u094b\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"abc_prepend_shortcut_label\" : \"Valmynd+\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u70b9\u6309\u5373\u53ef\u5207\u6362\u5230\u9009\u62e9\u67d0\u5e74\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fc+\"", "\"abc_capital_on\" : \"\u0c86\u0ca8\u0ccd\"", "\"password_toggle_content_description\" : \"S\u00fdna a\u00f0gangsor\u00f0\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0eaa\u0eb4\u0ec9\u0e99\u0eaa\u0eb8\u0e94\"", "\"item_view_role_description\" : \"Tab\"", "\"mtrl_picker_date_header_unselected\" : \"Wybrana data\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0627\u0634\u062a\u0631\u0627\u06a9 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - Data di fine\"", "\"common_google_play_services_update_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435, \u044f\u043a\u0449\u043e \u043d\u0435 \u043e\u043d\u043e\u0432\u0438\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play.\"", "\"error_icon_content_description\" : \"\u054d\u056d\u0561\u056c\"", "\"material_minute_suffix\" : \"%1$s \u05d3\u05e7\u05d5\u05ea\"", "\"mtrl_picker_invalid_format_example\" : \"Exemple\u00a0: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"P\u00e4iv\u00e4sarake: %1$s\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Biti\u015f tarihi\"", "\"mtrl_picker_range_header_unselected\" : \"\u0411\u0430\u0441\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456 \u2013 \u0430\u044f\u049b\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456\"", "\"material_timepicker_select_time\" : \"\u0426\u0430\u0433 \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u05ea\u05d0\u05e8\u05d9\u05da \u05d4\u05ea\u05d7\u05dc\u05d4 \u2013 %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"Naviga\u021bi la anul %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u09a4\u09be\u09b0\u09bf\u0996 \u09b8\u09a0\u09bf\u0995 \u09a8\u09df\u0964\"", "\"common_google_play_services_enable_text\" : \"Lai lietotne %1$s darbotos, ir j\u0101iesp\u0113jo Google\u00a0Play pakalpojumi.\"", "\"mtrl_picker_a11y_next_month\" : \"\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0ec0\u0e94\u0eb7\u0ead\u0e99\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost Google Play usluga\"", "\"mtrl_picker_announce_current_selection\" : \"\u0546\u0565\u0580\u056f\u0561\u0575\u056b\u057d \u0568\u0576\u057f\u0580\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0568\u055d %1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a02\u0a1d\u0a3e \u0a15\u0a30\u0a4b\"", "\"exposed_dropdown_menu_content_description\" : \"\u1270\u1246\u120d\u124b\u12ed \u121d\u1293\u120c\u1295 \u12a0\u1233\u12ed\"", "\"mtrl_badge_numberless_content_description\" : \"\u1780\u17b6\u179a\u1787\u17bc\u1793\u178a\u17c6\u178e\u17b9\u1784\u1790\u17d2\u1798\u17b8\"", "\"common_google_play_services_install_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456 \u049b\u04b1\u0440\u044b\u043b\u0493\u044b\u0434\u0430 \u0431\u043e\u043b\u043c\u0430\u0493\u0430\u043d\u0434\u044b\u049b\u0442\u0430\u043d, %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"exposed_dropdown_menu_content_description\" : \"N\u00e4yt\u00e4 avattava valikko\"", "\"abc_action_bar_home_description\" : \"Zur Startseite\"", "\"common_google_play_services_update_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e08\u0e19\u0e01\u0e27\u0e48\u0e32\u0e04\u0e38\u0e13\u0e08\u0e30\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"mtrl_picker_invalid_format_example\" : \"\u03a0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1: %1$s\"", "\"password_toggle_content_description\" : \"Prika\u017ei lozinku\"", "\"mtrl_picker_announce_current_selection\" : \"\u0c2a\u0c4d\u0c30\u0c38\u0c4d\u0c24\u0c41\u0c24 \u0c0e\u0c02\u0c2a\u0c3f\u0c15: %1$s\"", "\"mtrl_picker_save\" : \"Desa\"", "\"mtrl_picker_date_header_unselected\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ea7\u0eb1\u0e99\u0e97\u0eb5\"", "\"common_google_play_services_update_title\" : \"Actualitza Serveis de Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0a15\u0a48\u0a32\u0a70\u0a21\u0a30 \u0a07\u0a28\u0a2a\u0a41\u0a71\u0a1f \u0a2e\u0a4b\u0a21 '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "\"abc_action_menu_overflow_description\" : \"Autres options\"", "\"abc_activitychooserview_choose_application\" : \"Selecciona unha aplicaci\u00f3n\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e1 hasta que no habilites Servicios de Google Play.\"", "\"bottomsheet_action_expand_halfway\" : \"Izv\u0113rst l\u012bdz pusei\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0628\u0631\u062f\u0627\u0634\u062a\u0646 %1$s\"", "\"icon_content_description\" : \"\u30c0\u30a4\u30a2\u30ed\u30b0 \u30a2\u30a4\u30b3\u30f3\"", "\"abc_action_bar_up_description\" : \"Siirry yl\u00f6s\"", "\"exposed_dropdown_menu_content_description\" : \"Prika\u017ei padajuc\u0301i meni\"", "\"abc_search_hint\" : \"Keres\u00e9s\u2026\"", "\"abc_shareactionprovider_share_with\" : \"Share with\"", "covariant return thunk to ", "\"material_timepicker_hour\" : \"Hora\"", "EEEE';@", "\"abc_menu_delete_shortcut_label\" : \"\u0438\u0437\u0431\u0440\u0438\u0448\u0438\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0ca6\u0cbf\u0ca8\u0c97\u0cb3 \u0c95\u0cbe\u0cb2\u0cae\u0ccd: %1$s\"", "::operator ", "\"abc_toolbar_collapse_description\" : \"Zbali\u0165\"", "\"common_signin_button_text_long\" : \"Hasi saioa Google kontuarekin\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija usluga Google Playa. Uskoro \u0107e se a\u017eurirati.\"", "\"fallback_menu_item_open_in_browser\" : \"\u0411\u0440\u0430\u0443\u0437\u0435\u0440\u0434\u0435\u043d \u0430\u0448\u0443\"", "\"common_google_play_services_install_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05d0\u05d9\u05e0\u05dd \u05de\u05d5\u05ea\u05e7\u05e0\u05d9\u05dd \u05d1\u05de\u05db\u05e9\u05d9\u05e8.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0416\u044b\u043b\u043d\u0430\u0430\u043c\u0430\u0433\u0430 \u0438\u0448-\u0447\u0430\u0440\u0430 \u043a\u0438\u0440\u0433\u0438\u0437\u04af\u04af \u0440\u0435\u0436\u0438\u043c\u0438\u043d\u0435 \u043a\u043e\u0442\u043e\u0440\u0443\u043b\u0443\u0443\"", "\"common_google_play_services_install_button\" : \"\u0418\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0435\"", "\"search_menu_title\" : \"\u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0bae\u0bbe\"", "operator[]", "\"material_timepicker_hour\" : \"Stunda\"", "\"mtrl_picker_announce_current_selection\" : \"Ukukhetha kwamanje: %1$s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0938\u0902\u092a\u0923\u094d\u092f\u093e\u091a\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Hasiera-data\"", "\"material_clock_toggle_content_description\" : \"\u9078\u64c7\u4e0a\u5348\u6216\u4e0b\u5348\"", "\"fallback_menu_item_share_link\" : \"Dela l\u00e4nk\"", "\"mtrl_picker_announce_current_selection\" : \"Jelenleg kiv\u00e1lasztva: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u12c8\u12f0 \u12d3\u1218\u1275 %1$s \u12a0\u1230\u1235\"", "\"mtrl_picker_invalid_format_use\" : \"\u0627\u0633\u062a\u062e\u062f\u0627\u0645: %1$s\"", "\"material_timepicker_hour\" : \"\u0421\u0430\u0430\u0442\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Ng\u00e0y b\u1eaft \u0111\u1ea7u\"", "\"common_google_play_services_install_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e Google Play, t\u00eb cilat mungojn\u00eb n\u00eb pajisjen t\u00ebnde.\"", "\"abc_searchview_description_search\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_update_button\" : \"Posodobi\"", "\"abc_searchview_description_clear\" : \"So\u2018rovni o\u2018chirish\"", "N12_GLOBAL__N_116itanium_demangle15BracedRangeExprE", "\"mtrl_picker_day_of_week_column_header\" : \"\u062f\u0646\u0648\u06ba \u06a9\u0627 \u06a9\u0627\u0644\u0645: %1$s\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0531\u0574\u057d\u0561\u0569\u056b\u057e\"", "\"abc_capital_on\" : \"ACTIVER\"", "\"nav_app_bar_open_drawer_description\" : \"\u0a28\u0a48\u0a35\u0a40\u0a17\u0a47\u0a38\u0a3c\u0a28 \u0a21\u0a4d\u0a30\u0a3e\u0a05\u0a30 \u0a16\u0a4b\u0a32\u0a4d\u0a39\u0a4b\"", "\"common_signin_button_text_long\" : \"Google \u092e\u093e\u0930\u094d\u092b\u0924 \u0938\u093e\u0907\u0928\u200d \u0907\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_shareactionprovider_share_with_application\" : \"%s orqali ulashish\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e0 si no actives Serveis de Google Play.\"", "\"mtrl_picker_day_of_week_column_header\" : \"St\u013apec dn\u00ed: %1$s\"", "\"mtrl_picker_out_of_range\" : \"%1$s\uc740(\ub294) \ubc94\uc704\ub97c \ubc97\uc5b4\ub09c \ub0a0\uc9dc\uc785\ub2c8\ub2e4.\"", "\"common_signin_button_text\" : \"\u041a\u0456\u0440\u0443\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0438 \u0441 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u041c\u043e\u043b\u044f, \u043e\u043f\u0438\u0442\u0430\u0439\u0442\u0435 \u043e\u0442\u043d\u043e\u0432\u043e.\"", "\"common_signin_button_text_long\" : \"Inloggen met Google\"", "\"material_timepicker_hour\" : \"Godzina\"", "\"mtrl_picker_invalid_range\" : \"\u041d\u044f\u043f\u0440\u0430\u0432\u0456\u043b\u044c\u043d\u044b \u0434\u044b\u044f\u043f\u0430\u0437\u043e\u043d.\"", "\"abc_action_menu_overflow_description\" : \"M\u00e1is opci\u00f3ns\"", "\"mtrl_picker_announce_current_selection\" : \"Praegune valik: %1$s\"", "\"abc_menu_sym_shortcut_label\" : \"Symbol\u00a0+\u00a0\"", "\"common_google_play_services_enable_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u1019\u1016\u103d\u1004\u1037\u103a\u101e\u104d %1$s \u101e\u100a\u103a\u1021\u101c\u102f\u1015\u103a\u101c\u102f\u1015\u103a\u1019\u100a\u103a\u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"mtrl_picker_range_header_selected\" : \"%1$s\u00a0\u2013 %2$s\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e \u090f\u0930\u0930\"", "\"mtrl_picker_date_header_title\" : \"Hautatu data\"", "\"common_open_on_phone\" : \"\u0daf\u0dd4\u0dbb\u0d9a\u0dae\u0db1\u0dba \u0dad\u0dd4\u0dc5 \u0dc0\u0dd2\u0dc0\u0dd8\u0dad \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_menu_space_shortcut_label\" : \"\u0431\u043e\u0448\u0442\u0443\u043a\"", "\"mtrl_picker_range_header_unselected\" : \"Datum po\u010detka \u2013 datum zavr\u0161etka\"", "\"common_google_play_services_update_button\" : \"\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\"", "\"nav_app_bar_open_drawer_description\" : \"Obre el tauler de navegaci\u00f3\"", "\"abc_searchview_description_query\" : \"\u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u0633\u062a\u062c\u0648\"", "\"character_counter_overflowed_content_description\" : \"%2$d\u0aae\u0abe\u0a82\u0aa5\u0ac0 %1$d\u0aa8\u0ac0 \u0ab5\u0ab0\u0acd\u0aa3 \u0aae\u0ab0\u0acd\u0aaf\u0abe\u0aa6\u0abe \u0a93\u0ab3\u0a82\u0a97\u0abe\u0a88 \u0a97\u0a88 \u0a9b\u0ac7\"", "\"common_google_play_services_notification_ticker\" : \"\u03a3\u03c6\u03ac\u03bb\u03bc\u03b1 \u03a5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"common_google_play_services_update_title\" : \"\u041e\u043d\u043e\u0432\u0456\u0442\u044c \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"material_timepicker_minute\" : \"Min\u016bte\"", "\"exposed_dropdown_menu_content_description\" : \"Erakutsi goitibeherako menua\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s silin\"", "\"abc_toolbar_collapse_description\" : \"Yig\u2018ish\"", "\"material_clock_toggle_content_description\" : \"Hautatu AM edo PM\"", "\"character_counter_overflowed_content_description\" : \"L\u00edmite de caracteres superado (%1$d de %2$d)\"", "\"abc_shareactionprovider_share_with\" : \"\u09b6\u09c7\u09af\u09bc\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_enable_title\" : \"Google\u00a0Play pakalpojumu iesp\u0113jo\u0161ana\"", "\"common_google_play_services_install_button\" : \"\uc124\uce58\"", "\"common_google_play_services_enable_title\" : \"Google Play-szolg\u00e1ltat\u00e1sok enged\u00e9lyez\u00e9se\"", "\"mtrl_picker_invalid_format_use\" : \"Usa este formato: %1$s\"", "\"password_toggle_content_description\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u043b\u043e\u0437\u0438\u043d\u043a\u0443\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0bae\u0bc2\u0bb2\u0bae\u0bcd \u0baa\u0b95\u0bbf\u0bb0\u0bcd\"", "\"abc_menu_enter_shortcut_label\" : \"Enter\"", "\"abc_shareactionprovider_share_with_application\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200eShare with \u200e\u200f\u200e\u200e\u200f\u200f\u200e%s\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u66f4\u65b0\"", "\"mtrl_picker_invalid_format_example\" : \"\u0645\u062b\u0627\u0644: %1$s\u06d4\"", "\"common_signin_button_text\" : \"\u0412\u0445\u043e\u0434\"", "\"abc_action_bar_home_description\" : \"\u0a98\u0ab0\u0aa8\u0acb \u0ab0\u0ab8\u0acd\u0aa4\u0acb \u0aac\u0aa4\u0abe\u0ab5\u0acb\"", "\"fab_transformation_scrim_behavior\" : \"com.google.android.material.transformation.FabTransformationScrimBehavior\"", "\"copy_toast_msg\" : \"Link naar klembord gekopieerd\"", "\"search_menu_title\" : \"Keres\u00e9s\"", "\"common_google_play_services_update_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0645\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b \u062e\u062f\u0645\u0627\u062a Google Play.\"", "UTF-8", "\"mtrl_picker_text_input_year_abbr\" : \"\u10ec\"", "\"abc_activitychooserview_choose_application\" : \"T\u0259tbiq se\u00e7in\"", "\"fallback_menu_item_open_in_browser\" : \"Brauzerda ochish\"", "basic_ostream", "\"mtrl_picker_toggle_to_year_selection\" : \"\ud0ed\ud558\uc5ec \uc5f0\ub3c4 \uc120\ud0dd\uc73c\ub85c \uc804\ud658\"", "\"common_google_play_services_install_button\" : \"Setja upp\"", "\"material_minute_selection\" : \"\u09ae\u09bf\u09a8\u09bf\u099f \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tippen, um zur Tagesauswahl zu wechseln\"", "\"common_google_play_services_install_button\" : \"Instal\u0113t\"", "\"common_open_on_phone\" : \"Opna \u00ed s\u00edmanum\"", "\"mtrl_picker_invalid_range\" : \"\u041d\u0435\u0434\u0456\u0439\u0441\u043d\u0438\u0439 \u0434\u0456\u0430\u043f\u0430\u0437\u043e\u043d.\"", "\"abc_shareactionprovider_share_with\" : \"\u0645\u0634\u0627\u0631\u0643\u0629 \u0645\u0639\"", "\"abc_shareactionprovider_share_with\" : \"\u041f\u043e\u0434\u0456\u043b\u0438\u0442\u0438\u0441\u044f:\"", "\"fallback_menu_item_copy_link\" : \"Kopi\u00e9r linken\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u041d\u0430\u0442\u0438\u0441\u043d\u0456\u0442\u044c, \u0449\u043e\u0431 \u0432\u0438\u0431\u0440\u0430\u0442\u0438 \u0440\u0456\u043a\"", "std::bad_exception", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043b\u044f\u0432\u0430\u0446\u044c\"", "\"common_google_play_services_updating_text\" : \"\u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kurios \u0161iuo metu atnaujinamos.\"", "\"mtrl_picker_out_of_range\" : \"\u0930\u0947\u0902\u091c\u091a\u094d\u092f\u093e \u092c\u093e\u0939\u0947\u0930: %1$s\"", "\"common_signin_button_text\" : \"\u0a38\u0a3e\u0a08\u0a28-\u0a07\u0a28 \u0a15\u0a30\u0a4b\"", "\"exposed_dropdown_menu_content_description\" : \"A\u00e7\u0131l\u0131r men\u00fcy\u00fc g\u00f6ster\"", "\"abc_activity_chooser_view_see_all\" : \"Tingnan lahat\"", "/Volumes/Android/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Registers.hpp", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u092d\u0928\u094d\u0926\u093e \u092c\u0922\u0940 \u0928\u092f\u093e\u0901 \u0938\u0942\u091a\u0928\u093e\u0939\u0930\u0942\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u00eent\u00e2mpin\u0103 probleme privind serviciile Google Play. \u00cencerca\u021bi din nou.\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u05d7\"", "\"fallback_menu_item_open_in_browser\" : \"\u05e4\u05ea\u05d9\u05d7\u05d4 \u05d1\u05d3\u05e4\u05d3\u05e4\u05df\"", "\"common_google_play_services_enable_button\" : \"Aktivieren\"", "\"material_timepicker_am\" : \"AM\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Skipta yfir \u00ed innf\u00e6rslua\u00f0fer\u00f0 fyrir dagatal\"", "\"mtrl_picker_invalid_format\" : \"\u0c2b\u0c3e\u0c30\u0c4d\u0c2e\u0c3e\u0c1f\u0c4d \u0c1a\u0c46\u0c32\u0c4d\u0c32\u0c26\u0c41.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Fler \u00e4n %1$d nya aviseringar\"", "_block_invoke", "\"abc_menu_delete_shortcut_label\" : \"\u0e25\u0e1a\"", "\"abc_menu_meta_shortcut_label\" : \"\u201eMeta\u201c +\"", "\"mtrl_picker_invalid_format_example\" : \"Exemple: %1$s\"", "\"abc_searchview_description_submit\" : \"Odosla\u0165 dopyt\"", "\"material_minute_selection\" : \"\u1787\u17d2\u179a\u17be\u179f\u200b\u1793\u17b6\u1791\u17b8\"", "\"icon_content_description\" : \"\u0631\u0645\u0632 \u0645\u0631\u0628\u0639 \u0627\u0644\u062d\u0648\u0627\u0631\"", "\"common_open_on_phone\" : \"Ouvrir sur le t\u00e9l\u00e9phone\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0435\u0431\u043d\u0430 \u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0437\u0438\u0458\u0430 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play. \u0422\u0430\u0430 \u043d\u0430\u0441\u043a\u043e\u0440\u043e \u0441\u0430\u043c\u0430\u0442\u0430 \u045c\u0435 \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430.\"", "\"copy_toast_msg\" : \"\u0e04\u0e31\u0e14\u0e25\u0e2d\u0e01\u0e25\u0e34\u0e07\u0e01\u0e4c\u0e44\u0e1b\u0e22\u0e31\u0e07\u0e04\u0e25\u0e34\u0e1b\u0e1a\u0e2d\u0e23\u0e4c\u0e14\u0e41\u0e25\u0e49\u0e27\"", "\"material_minute_selection\" : \"\u0418\u0437\u0431\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u043c\u0438\u043d\u0443\u0442\u0438\"", "\"mtrl_picker_invalid_format_example\" : \"\u0d8b\u0daf\u0dcf\u0dc4\u0dbb\u0dab\u0dba: %1$s\"", "\"material_timepicker_pm\" : \"p.m.\"", "\"material_minute_selection\" : \"\u1019\u102d\u1014\u1005\u103a\u1019\u103b\u102c\u1038 \u101b\u103d\u1031\u1038\u1015\u102b\"", "\"icon_content_description\" : \"\u05e1\u05de\u05dc \u05dc\u05ea\u05d9\u05d1\u05ea \u05d3\u05d5-\u05e9\u05d9\u05d7\"", "\"bottomsheet_action_expand_halfway\" : \"Half uitvouwen\"", "\"fallback_menu_item_copy_link\" : \"Sao ch\u00e9p \u0111\u01b0\u1eddng li\u00ean k\u1ebft\"", "\"character_counter_content_description\" : \"Introduc\u00edronse %1$d caracteres de %2$d\"", "\"material_timepicker_clock_mode_description\" : \"\u0628\u0631\u0627\u06cc \u0648\u0627\u0631\u062f \u06a9\u0631\u062f\u0646 \u0632\u0645\u0627\u0646\u060c \u0628\u0647 \u062d\u0627\u0644\u062a \u0633\u0627\u0639\u062a \u062a\u063a\u06cc\u06cc\u0631 \u0648\u0636\u0639\u06cc\u062a \u062f\u0647\u06cc\u062f.\"", "\"mtrl_badge_numberless_content_description\" : \"Nouvelle notification\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u1785\u17bb\u1785\u200b\u178a\u17be\u1798\u17d2\u1794\u17b8\u1794\u17d2\u178a\u17bc\u179a\u1791\u17c5\u200b\u1780\u17b6\u179a\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u1786\u17d2\u1793\u17b6\u17c6\"", "\"abc_activitychooserview_choose_application\" : \"Seleccionar una aplicaci\u00f3n\"", "\"mtrl_picker_invalid_format\" : \"Formato inv\u00e1lido.\"", "\"material_timepicker_text_input_mode_description\" : \"Badilisha iwe katika hali ya maandishi wakati wa kuweka muda.\"", "\"mtrl_chip_close_icon_content_description\" : \"Verwyder %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Desplazarse hacia arriba\"", "\"fallback_menu_item_share_link\" : \"Linki payla\u015f\u0131n\"", "\"abc_menu_shift_shortcut_label\" : \"Shift\u00a0+\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0e41\u0e15\u0e30\u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e43\u0e0a\u0e49\u0e01\u0e32\u0e23\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e1b\u0e35\"", "\"abc_shareactionprovider_share_with\" : \"Zdie\u013ea\u0165 s\"", "\"abc_action_bar_up_description\" : \"P\u0159ej\u00edt nahoru\"", "\"abc_action_bar_up_description\" : \"\u0627\u0644\u062a\u0646\u0642\u0644 \u0625\u0644\u0649 \u0623\u0639\u0644\u0649\"", "\"material_hour_selection\" : \"Seleccione la hora.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play xizmatlarining mavjudligi\"", "\"material_minute_suffix\" : \"%1$s \u092e\u093f\u0928\u091f\"", "\"mtrl_picker_invalid_format\" : \"Formato non valido.\"", "\"exposed_dropdown_menu_content_description\" : \"\u986f\u793a\u4e0b\u62c9\u5f0f\u9078\u55ae\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u0441\u0435\"", "\"common_signin_button_text\" : \"Conecta\u021bi-v\u0103\"", "\"abc_menu_space_shortcut_label\" : \"espacio\"", "\"common_google_play_services_update_title\" : \"Kemaskinikan perkhidmatan Google Play\"", "\"abc_action_bar_home_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430 \u043f\u043e\u0447\u0435\u0442\u043d\u0443\"", "\"common_google_play_services_wear_update_text\" : \"Je vy\u017eadov\u00e1na nov\u00e1 verze slu\u017eeb Google Play. Nov\u00e1 verze se brzy sama nainstaluje.\"", "\"abc_menu_shift_shortcut_label\" : \"May\u00fascula+\"", "\"fallback_menu_item_open_in_browser\" : \"Vula kusiphequluli\"", "\"nav_app_bar_open_drawer_description\" : \"\u041e\u0442\u0432\u043e\u0440\u0438\u0442\u0435 \u0444\u0438\u043e\u043a\u0443 \u0437\u0430 \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0458\u0443\"", "\"abc_shareactionprovider_share_with_application\" : \"Delen met %s\"", "\"nav_app_bar_open_drawer_description\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e25\u0e34\u0e49\u0e19\u0e0a\u0e31\u0e01\u0e01\u0e32\u0e23\u0e19\u0e33\u0e17\u0e32\u0e07\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u1016\u103c\u1004\u1037\u103a \u1019\u103b\u103e\u101d\u1031\u101b\u1014\u103a\"", "St11range_error", "\"abc_shareactionprovider_share_with\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435 \u0441\u044a\u0441:\"", "\"nav_app_bar_navigate_up_description\" : \"Naviger op\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"L\u00fclitu kalendrisisestusre\u017eiimile\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Liczba nowych powiadomie\u0144 przekracza %1$d\"", "\"mtrl_badge_numberless_content_description\" : \"\u0e81\u0eb2\u0e99\u0ec1\u0e88\u0ec9\u0e87\u0ec0\u0e95\u0eb7\u0ead\u0e99\u0ec3\u0edd\u0ec8\"", "\"mtrl_badge_numberless_content_description\" : \"Yeni bildiri\u015f\"", "\"search_menu_title\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play Tjenester-tilgjengelighet\"", "\"material_timepicker_text_input_mode_description\" : \"\u0938\u092e\u092f \u0907\u0928\u092a\u0941\u091f \u0915\u0947 \u0932\u093f\u090f \u0932\u0947\u0916 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921 \u092a\u0930 \u091c\u093e\u090f\u0902.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u0442\u044a\u0439 \u043a\u0430\u0442\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play \u043d\u0435 \u0441\u0435 \u043f\u043e\u0434\u0434\u044a\u0440\u0436\u0430\u0442 \u043e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u0442\u043e \u0432\u0438.\"", "\"material_timepicker_select_time\" : \"Laika atlas\u012b\u0161ana\"", "\"common_google_play_services_update_button\" : \"Uppdatera\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u041d\u0430\u0447\u0430\u043b\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"abc_searchview_description_submit\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb8\u0cb2\u0ccd\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"abc_searchview_description_query\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"common_google_play_services_install_button\" : \"\u0ba8\u0bbf\u0bb1\u0bc1\u0bb5\u0bc1\"", "\"material_timepicker_clock_mode_description\" : \"Cambia al modo de reloj para ingresar la hora.\"", "\"abc_capital_on\" : \"OUI\"", "\"mtrl_picker_invalid_format\" : \"\u0424\u043e\u0440\u043c\u0430\u0442\u044a\u0442 \u0435 \u043d\u0435\u0432\u0430\u043b\u0438\u0434\u0435\u043d.\"", "\"fallback_menu_item_share_link\" : \"Link delen\"", "\"abc_capital_on\" : \"\u041a\u04ae\u0419\u04ae\u041a\"", "\"mtrl_picker_range_header_selected\" : \"%1$s \u2013 %2$s\"", "\"abc_capital_on\" : \"\u0622\u0646\"", "\"common_google_play_services_unsupported_text\" : \"%1$s\uc740(\ub294) Google Play \uc11c\ube44\uc2a4 \uc5c6\uc774\ub294 \uc2e4\ud589\ub418\uc9c0 \uc54a\uc73c\ub098, \uae30\uae30\uc5d0\uc11c Google Play \uc11c\ube44\uc2a4\ub97c \uc9c0\uc6d0\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.\"", "\"mtrl_picker_navigate_to_year_description\" : \"Zulela onyakeni %1$s\"", "std::iostream", "\"mtrl_picker_save\" : \"Salvar\"", "\"exposed_dropdown_menu_content_description\" : \"Prikaz spustnega menija\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0d06\u0d30\u0d02\u0d2d\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"material_clock_toggle_content_description\" : \"S\u00e9lectionner le format AM ou PM\"", "\"fallback_menu_item_copy_link\" : \"Kop\u00edrovat odkaz\"", "\"fallback_menu_item_share_link\" : \"Bendrinti nuorod\u0105\"", "\"fallback_menu_item_open_in_browser\" : \"\u0c2c\u0c4d\u0c30\u0c4c\u0c1c\u0c30\u0c4d\u200c\u0c32\u0c4b \u0c24\u0c46\u0c30\u0c41\u0c35\u0c41\"", "\"mtrl_picker_a11y_prev_month\" : \"Cambiar al mes anterior\"", "\"copy_toast_msg\" : \"\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30d7\u30dc\u30fc\u30c9\u306b\u30b3\u30d4\u30fc\u3057\u307e\u3057\u305f\"", "\"common_google_play_services_wear_update_text\" : \"A Google Play-szolg\u00e1ltat\u00e1sok \u00faj verzi\u00f3j\u00e1ra van sz\u00fcks\u00e9g. A szolg\u00e1ltat\u00e1s hamarosan friss\u00edti \u00f6nmag\u00e1t.\"", "\"mtrl_picker_day_of_week_column_header\" : \"Coluna de dias: %1$s\"", "\"common_signin_button_text\" : \"Iniciar sesi\u00f3n\"", "\"clear_text_end_icon_content_description\" : \"Izbris besedila\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u12d3\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolom van dae: %1$s\"", "\"material_minute_selection\" : \"Kies minute\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b\u0423\u0427\u0415\u041d\u041e\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0633\u06d2 \u0632\u06cc\u0627\u062f\u06c1 \u0646\u0626\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\"", "\"material_minute_suffix\" : \"%1$s \u043c\u0438\u043d\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 data e p\u00ebrfundimit\"", "\"mtrl_picker_invalid_format\" : \"Netinkamas formatas.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0571\u0565\u0580 \u057d\u0561\u0580\u0584\u0578\u0582\u0574 \u0579\u0565\u0576 \u0561\u057b\u0561\u056f\u0581\u057e\u0578\u0582\u0574:\"", "\"common_google_play_services_enable_text\" : \"\u0b06\u0b2a\u0b23 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b28 \u0b15\u0b30\u0b3f\u0b2c\u0b3e \u0b2a\u0b30\u0b4d\u0b2f\u0b4d\u0b5f\u0b28\u0b4d\u0b24 %1$s \u0b15\u0b3e\u0b2e \u0b15\u0b30\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "N10__cxxabiv121__vmi_class_type_infoE", "\"mtrl_picker_text_input_year_abbr\" : \"\u1786\"", "\"common_google_play_services_updating_text\" : \"%1$s kj\u00f8rer ikke uten Google Play-tjenester, som oppdateres akkurat n\u00e5.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d2a\u0d41\u0d24\u0d3f\u0d2f \u0d2a\u0d24\u0d3f\u0d2a\u0d4d\u0d2a\u0d4d \u0d06\u0d35\u0d36\u0d4d\u0d2f\u0d2e\u0d3e\u0d23\u0d4d. \u0d24\u0d3e\u0d2e\u0d38\u0d3f\u0d2f\u0d3e\u0d24\u0d46 \u0d07\u0d24\u0d4d \u0d38\u0d4d\u0d35\u0d2f\u0d02 \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d02.\"", "\"mtrl_picker_out_of_range\" : \"Jasht\u00eb gam\u00ebs: %1$s\"", "\"common_google_play_services_updating_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, ki se trenutno posodabljajo.\"", "\"copy_toast_msg\" : \"\u1794\u17b6\u1793\u200b\u1785\u1798\u17d2\u179b\u1784\u200b\u178f\u17c6\u178e\u200b\u1791\u17c5\u1783\u17d2\u179b\u17b8\u1794\u1794\u178f\"", "\"nav_app_bar_navigate_up_description\" : \"Navegar para cima\"", "\"material_minute_suffix\" : \"%1$s d\u0259qiq\u0259\"", "\"common_google_play_services_notification_ticker\" : \"Google Play services error\"", "\"clear_text_end_icon_content_description\" : \"\u0410\u0447\u044b\u0441\u0446\u0456\u0446\u044c \u0442\u044d\u043a\u0441\u0442\"", "\"abc_shareactionprovider_share_with\" : \"\u0422\u04e9\u043c\u04e9\u043d\u043a\u04af \u043c\u0435\u043d\u0435\u043d \u0431\u04e9\u043b\u04af\u0448\u04af\u04af\"", "\"abc_action_mode_done\" : \"\u0cae\u0cc1\u0c97\u0cbf\u0ca6\u0cbf\u0ca6\u0cc6\"", "\"fallback_menu_item_open_in_browser\" : \"\u5728\u700f\u89bd\u5668\u4e2d\u958b\u555f\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u0ec4\u0e94\u0ec9\u0e88\u0ebb\u0e99\u0e81\u0ea7\u0ec8\u0eb2\u0e97\u0ec8\u0eb2\u0e99\u0e88\u0eb0\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u200b\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Startdatum\u2013%1$s\"", "\"fallback_menu_item_share_link\" : \"\u5206\u4eab\u9023\u7d50\"", "\"common_signin_button_text_long\" : \"\u03a3\u03c5\u03bd\u03b4\u03b5\u03b8\u03b5\u03af\u03c4\u03b5 \u03bc\u03b5 \u03c4\u03bf Google\"", "\"common_signin_button_text\" : \"Kirish\"", "\"mtrl_picker_save\" : \"\u0417\u0430\u043f\u0430\u0437\u0432\u0430\u043d\u0435\"", "\"mtrl_badge_numberless_content_description\" : \"\u0d2a\u0d41\u0d24\u0d3f\u0d2f \u0d05\u0d31\u0d3f\u0d2f\u0d3f\u0d2a\u0d4d\u0d2a\u0d4d\"", "\"common_open_on_phone\" : \"M\u1edf tr\u00ean \u0111i\u1ec7n tho\u1ea1i\"", "\"copy_toast_msg\" : \"Copiouse a ligaz\u00f3n no portapapeis\"", "operator->", "\"material_minute_selection\" : \"\u0538\u0576\u057f\u0580\u0565\u0584 \u0580\u0578\u057a\u0565\u0576\"", "\"abc_toolbar_collapse_description\" : \"Suzi\"", "\"common_signin_button_text\" : \"P\u0159ihl\u00e1sit se\"", "\"material_minute_suffix\" : \"%1$s\u00a0minuts\"", "\"abc_action_menu_overflow_description\" : \"\u1787\u1798\u17d2\u179a\u17be\u179f\u1785\u17d2\u179a\u17be\u1793\u1791\u17c0\u178f\"", "\"common_google_play_services_wear_update_text\" : \"Du skal bruge en ny version af Google Play-tjenester. Opdateringen gennemf\u00f8res automatisk om et \u00f8jeblik.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tap to switch to selecting a day\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u0989\u09aa\u09b2\u09ad\u09cd\u09af\u09a4\u09be\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Tarikh mula\"", "during phase1 personality function said it would stop here, but now in phase2 it did not stop here", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Start date\"", "\"common_google_play_services_update_text\" : \"\u0aa4\u0aae\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0ab6\u0acb \u0aa8\u0ab9\u0ac0\u0a82 \u0aa4\u0acd\u0aaf\u0abe\u0a82 \u0ab8\u0ac1\u0aa7\u0ac0 %1$s \u0ab6\u0ab0\u0ac2 \u0aa5\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82.\"", "\"abc_searchview_description_query\" : \"Search query\"", "\"nav_app_bar_open_drawer_description\" : \"\u0410\u0434\u043a\u0440\u044b\u0446\u044c \u0432\u044b\u0441\u043e\u045e\u043d\u0430\u0435 \u043c\u0435\u043d\u044e \u043d\u0430\u0432\u0456\u0433\u0430\u0446\u044b\u0456\"", "\"material_timepicker_text_input_mode_description\" : \"\u0a38\u0a2e\u0a3e\u0a02 \u0a07\u0a28\u0a2a\u0a41\u0a71\u0a1f \u0a15\u0a30\u0a28 \u0a32\u0a08 \u0a32\u0a3f\u0a16\u0a24 \u0a07\u0a28\u0a2a\u0a41\u0a71\u0a1f \u0a2e\u0a4b\u0a21 '\u0a24\u0a47 \u0a38\u0a35\u0a3f\u0a71\u0a1a \u0a15\u0a30\u0a4b\u0964\"", "\"common_google_play_services_install_title\" : \"Google Play teenuste hankimine\"", "\"abc_searchview_description_clear\" : \"Limpar consulta\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0ec0\u0e94\u0eb7\u0ead\u0e99\u0e9c\u0ec8\u0eb2\u0e99\u0ea1\u0eb2\"", "\"common_google_play_services_notification_ticker\" : \"\u201eGoogle Play\u201c paslaug\u0173 klaida\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u10d3\u10d0\u10ec\u10e7\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"common_signin_button_text\" : \"Log ind\"", "\"mtrl_picker_invalid_format_use\" : \"Use: %1$s\"", "\"abc_menu_space_shortcut_label\" : \"v\u00e4lily\u00f6nti\"", "\"material_timepicker_select_time\" : \"\u0395\u03c0\u03b9\u03bb\u03ad\u03be\u03c4\u03b5 \u03ce\u03c1\u03b1\"", "\"character_counter_content_description\" : \"Car\u00e0cters introdu\u00efts: %1$d de %2$d\"", "\"common_google_play_services_enable_title\" : \"Activer les services Google\u00a0Play\"", "\"abc_searchview_description_submit\" : \"\u041f\u043e\u0448\u0430\u0459\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"abc_action_mode_done\" : \"\u03a4\u03ad\u03bb\u03bf\u03c2\"", "\"abc_shareactionprovider_share_with_application\" : \"Ibahagi gamit ang %s\"", "\"fallback_menu_item_share_link\" : \"\u0b87\u0ba3\u0bc8\u0baa\u0bcd\u0baa\u0bc8\u0baa\u0bcd \u0baa\u0b95\u0bbf\u0bb0\u0bcd\"", "\"material_timepicker_text_input_mode_description\" : \"\u0423\u0430\u049b\u044b\u0442\u0442\u044b \u0435\u043d\u0433\u0456\u0437\u0443 \u04af\u0448\u0456\u043d \u043c\u04d9\u0442\u0456\u043d \u0435\u043d\u0433\u0456\u0437\u0443 \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0435 \u04e9\u0442\u0456\u04a3\u0456\u0437.\"", "\"character_counter_content_description\" : \"\u0423\u043d\u0435\u0442\u0438 \u0437\u043d\u0430\u043a\u043e\u0432\u0438: %1$d \u043e\u0434 %2$d\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0abe \u0aa8\u0ab5\u0abe \u0ab8\u0a82\u0ab8\u0acd\u0a95\u0ab0\u0aa3\u0aa8\u0ac0 \u0a9c\u0ab0\u0ac2\u0ab0 \u0a9b\u0ac7. \u0aa4\u0ac7 \u0a9f\u0ac2\u0a82\u0a95 \u0ab8\u0aae\u0aaf\u0aae\u0abe\u0a82 \u0aaa\u0acb\u0aa4\u0abe\u0aa8\u0ac7 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0ab6\u0ac7.\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u0434\u0430 \u043d\u0430\u0441\u0442\u0443\u043f\u043d\u0430\u0433\u0430 \u043c\u0435\u0441\u044f\u0446\u0430\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0e81\u0eb3\u0ea5\u0eb1\u0e87\u0ea1\u0eb5\u0e9a\u0eb1\u0e99\u0eab\u0eb2\u0e81\u0eb1\u0e9a\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play. \u0e81\u0eb0\u0ea5\u0eb8\u0e99\u0eb2\u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8\u0ead\u0eb5\u0e81\u0e84\u0eb1\u0ec9\u0e87.\"", "\"search_menu_title\" : \"\u0418\u0437\u0434\u04e9\u04e9\"", "\"item_view_role_description\" : \"\u0422\u0430\u0431\"", "\"abc_action_menu_overflow_description\" : \"Nog opsies\"", "\"abc_action_menu_overflow_description\" : \"Opsione t\u00eb tjera\"", "\"fallback_menu_item_copy_link\" : \"Copia l'enlla\u00e7\"", "\"fallback_menu_item_copy_link\" : \"Kopioi linkki\"", "\"mtrl_picker_a11y_next_month\" : \"\u010eal\u0161\u00ed mesiac\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"M\u00e1is de %1$d notificaci\u00f3ns novas\"", "\"common_google_play_services_install_text\" : \"%1$s kan ikke kj\u00f8re uten Google Play-tjenester, som ikke er installert p\u00e5 enheten din.\"", "\"copy_toast_msg\" : \"\u062a\u0645 \u0646\u0633\u062e \u0627\u0644\u0631\u0627\u0628\u0637 \u0625\u0644\u0649 \u0627\u0644\u062d\u0627\u0641\u0638\u0629.\"", "\"abc_shareactionprovider_share_with\" : \"Ulashish\"", "\"mtrl_picker_a11y_prev_month\" : \"Avvalgi oyga o\u02bbzgartirish\"", "\"item_view_role_description\" : \"Th\u1ebb\"", "\"common_google_play_services_update_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec0\u0eae\u0eb1\u0e94\u0ea7\u0ebd\u0e81\u0ec4\u0e94\u0ec9\u0e88\u0ebb\u0e99\u0e81\u0ea7\u0ec8\u0eb2\u0e97\u0ec8\u0eb2\u0e99\u0e88\u0eb0\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"exposed_dropdown_menu_content_description\" : \"Show dropdown menu\"", "\"common_google_play_services_enable_button\" : \"\u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0acb\"", "\"status_bar_notification_info_overflow\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e999+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0a32\u0a3f\u0a16\u0a24 \u0a07\u0a28\u0a2a\u0a41\u0a71\u0a1f \u0a2e\u0a4b\u0a21 '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "\"mtrl_picker_save\" : \"Gardar\"", "\"mtrl_picker_date_header_title\" : \"Velg dato\"", "reference temporary for ", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u958b\u59cb\u65e5\u671f\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u043a\u0430\u0442\u0430\u0441\u044b\"", "\"mtrl_picker_day_of_week_column_header\" : \"Spalte \"Wochentag\": %1$s\"", "\"mtrl_picker_text_input_year_abbr\" : \"il\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Puudutage, et l\u00fclituda p\u00e4eva valimisele\"", "\"material_timepicker_minute\" : \"\u0db8\u0dd2\u0db1\u0dd2\u0dad\u0dca\u0dad\u0dd4\"", "\"mtrl_picker_text_input_date_hint\" : \"\u041a\u04af\u043d\u0456\"", "\"abc_searchview_description_clear\" : \"\u0423\u0434\u0430\u043b\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"common_signin_button_text\" : \"Logga in\"", "\"abc_activitychooserview_choose_application\" : \"Chagua programu\"", "\"abc_capital_off\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200eOFF\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_searchview_description_clear\" : \"\u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0 \u0ab8\u0abe\u0aab \u0a95\u0ab0\u0acb\"", "\"abc_toolbar_collapse_description\" : \"\u0938\u0902\u0915\u094d\u0937\u093f\u092a\u094d\u0924 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_update_text\" : \"%1$s won't run unless you update Google Play services.\"", "\"fallback_menu_item_copy_link\" : \"\u1785\u1798\u17d2\u179b\u1784\u200b\u178f\u17c6\u178e\"", "\"material_minute_selection\" : \"Hautatu minutuak\"", "\"material_hour_selection\" : \"\u1230\u12d3\u1275\u1295 \u12ed\u121d\u1228\u1321\"", "\"exposed_dropdown_menu_content_description\" : \"Mostra o men\u00fa despregable\"", "\"common_open_on_phone\" : \"Deschide\u021bi pe telefon\"", "\"abc_menu_function_shortcut_label\" : \"\u0424\u0443\u043d\u043a\u0446+\"", "\"material_minute_suffix\" : \"%1$s \u5206\"", "\"material_timepicker_select_time\" : \"Velg tidspunkt\"", "\"common_google_play_services_update_text\" : \"\u200f\u062a\u0627\u0632 \u0645\u0627\u0646\u06cc \u06a9\u0647 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0631\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0646\u06a9\u0646\u06cc\u062f\u060c %1$s \u0627\u062c\u0631\u0627 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"common_open_on_phone\" : \"Telefonda a\u00e7\"", "\"common_signin_button_text_long\" : \"Google \u0bae\u0bc2\u0bb2\u0bae\u0bcd \u0b89\u0bb3\u0bcd\u0ba8\u0bc1\u0bb4\u0bc8\u0b95\"", "\"character_counter_content_description\" : \"Uneseno znakova: %1$d od %2$d\"", "\"mtrl_picker_day_of_week_column_header\" : \"\uc694\uc77c \uc5f4: %1$s\"", "\"character_counter_content_description\" : \"%1$d av %2$d tegn er skrevet inn\"", "\"material_timepicker_select_time\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10d3\u10e0\u10dd\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u5b58\u53d6 Google Play \u670d\u52d9\u6642\u767c\u751f\u554f\u984c\u3002\u8acb\u7a0d\u5f8c\u518d\u8a66\u4e00\u6b21\u3002\"", "\"mtrl_picker_day_of_week_column_header\" : \"Coloana cu zile: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u101c\u103b\u103e\u1031\u102c\u1037\u1015\u103c\u101b\u1014\u103a\"", "\"common_signin_button_text_long\" : \"Prijava putem Googlea\"", "N12_GLOBAL__N_116itanium_demangle11PointerTypeE", "\"mtrl_picker_range_header_title\" : \"Izberite obseg\"", "\"abc_searchview_description_query\" : \"S\u00f8keord\"", "\"abc_action_bar_home_description\" : \"\u0c39\u0c4b\u0c2e\u0c4d\u200c\u0c15\u0c41 \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0430\u0448\u0443\u0443\u043d \u0436\u0430\u04a3\u044b \u0431\u0438\u043b\u0434\u0438\u0440\u043c\u0435\"", "N12_GLOBAL__N_116itanium_demangle18ArraySubscriptExprE", "\"material_hour_selection\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0447\u0430\u0441\"", "\"common_google_play_services_update_text\" : \"%1$s ne\u0107e funkcionirati ako ne a\u017eurirate Google Play usluge.\"", "\"abc_action_bar_up_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05de\u05e2\u05dc\u05d4\"", "\"mtrl_picker_invalid_format_example\" : \"\u0e95\u0ebb\u0ea7\u0ea2\u0ec8\u0eb2\u0e87: %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Bytt til tekstinndatamodus\"", "\"material_timepicker_pm\" : \"PD\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0432\u0430\u043d\u0435 \u043a\u044a\u043c \u0440\u0435\u0436\u0438\u043c \u043d\u0430 \u0432\u044a\u0432\u0435\u0436\u0434\u0430\u043d\u0435 \u0432 \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\"", "\"mtrl_picker_text_input_date_hint\" : \"\u1240\u1295\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u101b\u101b\u103e\u102d\u1014\u102d\u102f\u1004\u103a\u101e\u100a\u103a\"", "\"common_google_play_services_install_button\" : \"Instalar\"", "\"mtrl_chip_close_icon_content_description\" : \"Ta bort (%1$s)\"", "\"mtrl_picker_invalid_range\" : \"\u0410\u0443\u049b\u044b\u043c \u0436\u0430\u0440\u0430\u043c\u0441\u044b\u0437.\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u044c Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445 \u0445\u04af\u0440\u0442\u044d\u043b \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_searchview_description_submit\" : \"Envia la consulta\"", "\"abc_searchview_description_submit\" : \"\u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bc8\u0b9a\u0bcd \u0b9a\u0bae\u0bb0\u0bcd\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"abc_action_bar_home_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200eNavigate home\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fallback_menu_item_copy_link\" : \"\u0421\u043a\u0430\u043f\u0456\u0440\u0430\u0432\u0430\u0446\u044c \u0441\u043f\u0430\u0441\u044b\u043b\u043a\u0443\"", "\"abc_toolbar_collapse_description\" : \"Thu g\u1ecdn\"", "\"abc_searchview_description_submit\" : \"\u05e9\u05dc\u05d9\u05d7\u05ea \u05e9\u05d0\u05d9\u05dc\u05ea\u05d4\"", "\"common_google_play_services_update_title\" : \"\u200f\u062a\u062d\u062f\u064a\u062b \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Datum po\u010detka \u2013 %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u0627\u0644\u0646\u0637\u0627\u0642 \u063a\u064a\u0631 \u0635\u0627\u0644\u062d\"", "\"clear_text_end_icon_content_description\" : \"Limpar texto\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u09a8\u09a4\u09c1\u09a8 \u09ad\u09be\u09b0\u09cd\u09b8\u09a8 \u09aa\u09cd\u09b0\u09af\u09bc\u09cb\u099c\u09a8\u09f7 \u0996\u09c1\u09ac \u09b6\u09c0\u0998\u09cd\u09b0\u0987 \u098f\u099f\u09be \u09a8\u09bf\u099c\u09c7\u0987 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u09ac\u09c7\u09f7\"", "\"abc_searchview_description_voice\" : \"\u0b2d\u0b0f\u0b38\u0b4d\u200c \u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u3068\u5171\u6709\"", "\"mtrl_picker_day_of_week_column_header\" : \"C\u1ed9t ng\u00e0y: %1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u0c24\u0c4b \u0c37\u0c47\u0c30\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"bottomsheet_action_expand_halfway\" : \"\u06af\u0633\u062a\u0631\u062f\u0647 \u06a9\u0631\u062f\u0646 \u062a\u0627 \u0646\u06cc\u0645\u0647\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Ng\u00e0y k\u1ebft th\u00fac\"", "\"common_google_play_services_install_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0430\u043b\u0443\"", "\"mtrl_picker_invalid_format\" : \"Format incorrect\"", "\"abc_menu_alt_shortcut_label\" : \"Alt\u00a0+\u00a0\"", "\"material_timepicker_select_time\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0432\u0440\u0435\u043c\u0435\"", "\"material_hour_selection\" : \"\u0421\u0430\u0430\u0442 \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"mtrl_picker_invalid_range\" : \"Kipindi si sahihi.\"", "\"material_timepicker_clock_mode_description\" : \"\u1208\u130a\u12dc \u130d\u1264\u1271 \u12c8\u12f0 \u12e8\u1230\u12d3\u1275 \u1201\u1290\u1273 \u1240\u12ed\u122d\u1362\"", "\"abc_activity_chooser_view_see_all\" : \"Ver todas\"", "\"character_counter_overflowed_content_description\" : \"Character limit exceeded %1$d of %2$d\"", "\"common_google_play_services_unsupported_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die niet worden ondersteund op je apparaat.\"", "\"abc_capital_off\" : \"\u1015\u102d\u1010\u103a\u101b\u1014\u103a\"", "\"mtrl_picker_date_header_title\" : \"Pilih Tarikh\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0540\u057a\u0565\u0584\u055d \u057f\u0561\u0580\u0565\u0569\u057e\u056b \u0568\u0576\u057f\u0578\u0582\u0569\u0575\u0561\u0576\u0576 \u0561\u0576\u0581\u0576\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580\"", "'lambda", "\"mtrl_picker_out_of_range\" : \"\u0926\u093e\u092f\u0930\u093e\u092d\u0928\u094d\u0926\u093e \u092c\u093e\u0939\u093f\u0930 \u091b: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u1787\u17bd\u179a\u1788\u179a\u200b\u1793\u17c3\u200b\u1790\u17d2\u1784\u17c3\u17d6 %1$s\"", "\"common_signin_button_text\" : \"Prijavi me\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bbf\u0bb2\u0bcd \u0b9a\u0bbf\u0b95\u0bcd\u0b95\u0bb2\u0bcd \u0b8f\u0bb1\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bbe\u0bb2\u0bcd, %1$s \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0bbe\u0b9f\u0bcd\u0b9f\u0bc8 \u0b85\u0ba3\u0bc1\u0b95 \u0bae\u0bc1\u0b9f\u0bbf\u0baf\u0bb5\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8. \u0bae\u0bc0\u0ba3\u0bcd\u0b9f\u0bc1\u0bae\u0bcd \u0bae\u0bc1\u0baf\u0bb2\u0bb5\u0bc1\u0bae\u0bcd.\"", "\"abc_menu_space_shortcut_label\" : \"SPAZIO\"", "\"common_google_play_services_update_button\" : \"Friss\u00edt\u00e9s\"", "\"mtrl_picker_a11y_next_month\" : \"\u00c4ndra till n\u00e4sta m\u00e5nad\"", "\"fallback_menu_item_open_in_browser\" : \"\u092c\u094d\u0930\u093e\u0909\u091c\u093c\u0930 \u092e\u0947\u0902 \u0916\u094b\u0932\u0947\u0902\"", "noexcept", "\"common_signin_button_text_long\" : \"Identifikohu me Google\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0ba4\u0bca\u0b9f\u0b95\u0bcd\u0b95\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf\"", "\"material_timepicker_pm\" : \"\u043f\u043e.\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32, \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d46\u0d2f\u0d3e\u0d15\u0d1f\u0d4d\u0d1f\u0d46 \u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d09\u0d2a\u0d15\u0d30\u0d23\u0d02 \u0d2a\u0d3f\u0d28\u0d4d\u0d24\u0d41\u0d23\u0d2f\u0d4d\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d41\u0d2e\u0d3f\u0d32\u0d4d\u0d32.\"", "supersecret", "\"common_google_play_services_update_button\" : \"\u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd\u200c \u0cae\u0cbe\u0ca1\u0cc1\"", "\"mtrl_chip_close_icon_content_description\" : \"Odstranit polo\u017eku %1$s\"", "\"common_google_play_services_enable_title\" : \"Aktiveer Google Play-dienste\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0ba8\u0bbe\u0bb3\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0bb5\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0bb5\u0ba4\u0bb1\u0bcd\u0b95\u0bc1 \u0bae\u0bbe\u0bb1\u0bcd\u0bb1 \u0ba4\u0b9f\u0bcd\u0b9f\u0bb5\u0bc1\u0bae\u0bcd\"", "\"abc_action_menu_overflow_description\" : \"\u0986\u09b0\u0993 \u09ac\u09bf\u0995\u09b2\u09cd\u09aa\"", "\"fallback_menu_item_open_in_browser\" : \"\u00d6ppna i webbl\u00e4saren\"", "\"mtrl_picker_invalid_format\" : \"Neplatn\u00fd form\u00e1t.\"", "\"abc_shareactionprovider_share_with\" : \"Delite pomo\u0107u\"", "\"abc_action_bar_up_description\" : \"\u0414\u0432\u0438\u0436\u0438 \u0441\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"material_timepicker_minute\" : \"\u041c\u0438\u043d\u0443\u0442\u044b\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0430\u0441\u049b\u0430 \u043e\u043f\u0446\u0438\u044f\u043b\u0430\u0440\"", "\"nav_app_bar_open_drawer_description\" : \"Atidaryti nar\u0161ymo juost\u0105\"", "\"gcm_defaultSenderId\" : \"983632160629\"", "\"nav_app_bar_open_drawer_description\" : \"Opna yfirlitssk\u00faffu\"", "\"mtrl_picker_invalid_range\" : \"Yaroqsiz oraliq.\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u1240\"", "\"material_timepicker_text_input_mode_description\" : \"Mude para o modo de introdu\u00e7\u00e3o de texto para a introdu\u00e7\u00e3o da hora.\"", "\"abc_action_menu_overflow_description\" : \"\ucd94\uac00 \uc635\uc158\"", "\"clear_text_end_icon_content_description\" : \"Not\u012br\u012bt tekstu\"", "\"fallback_menu_item_share_link\" : \"Del link\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Bitm\u0259 tarixi\"", "\"common_google_play_services_install_title\" : \"Desc\u0103rca\u021bi serviciile Google Play\"", "\"material_timepicker_hour\" : \"\u0db4\u0dd0\u0dba\"", "\"common_google_play_services_notification_ticker\" : \"Chyba slu\u017eieb Google Play\"", "\"common_signin_button_text\" : \"Daxil olun\"", "\"common_signin_button_text\" : \"Log masuk\"", "\"mtrl_picker_range_header_unselected\" : \"Startdatum\u2013slutdatum\"", "\"abc_search_hint\" : \"Iskanje \u2026\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Tugash sanasi\"", "\"material_timepicker_text_input_mode_description\" : \"Bytt til tekstinndatamodus for tidsinndata.\"", "\"abc_search_hint\" : \"\u0422\u044a\u0440\u0441\u0435\u0442\u0435\u2026\"", "\"common_google_play_services_update_button\" : \"Actualitza\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0d05\u0d35\u0d38\u0d3e\u0d28\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"abc_shareactionprovider_share_with\" : \"\u0a86\u0aa8\u0ac0 \u0ab8\u0abe\u0aa5\u0ac7 \u0ab6\u0ac7\u0ab0 \u0a95\u0ab0\u0acb\"", "\"common_open_on_phone\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e1a\u0e19\u0e42\u0e17\u0e23\u0e28\u0e31\u0e1e\u0e17\u0e4c\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u0432\u043e\u0434\u0430 \u0442\u0435\u043a\u0441\u0442\u0430\"", "\"common_google_play_services_update_button\" : \"Isibuyekezo\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Begindatum\"", "\"abc_search_hint\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\u2026\"", "\"common_google_play_services_enable_button\" : \"\u12a0\u1295\u1243\"", "\"password_toggle_content_description\" : \"\u05d4\u05e6\u05d2\u05ea \u05e1\u05d9\u05e1\u05de\u05d4\"", "\"abc_capital_off\" : \"\u1794\u17b7\u1791\"", "operator->*", "objcproto", "operator|=", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u05d9\u05d5\u05ea\u05e8 \u05de-%1$d \u05d4\u05ea\u05e8\u05d0\u05d5\u05ea \u05d7\u05d3\u05e9\u05d5\u05ea\"", "\"abc_action_menu_overflow_description\" : \"\u0a39\u0a4b\u0a30 \u0a35\u0a3f\u0a15\u0a32\u0a2a\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 \u0432 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"mtrl_picker_range_header_unselected\" : \"Ba\u015flama tarixi - Bitm\u0259 tarixi\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u10e2\u10d4\u10e5\u10e1\u10e2\u10d8\u10e1 \u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10e1 \u10e0\u10d4\u10df\u10d8\u10db\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"common_google_play_services_enable_title\" : \"Google Play-Dienste aktivieren\"", "\"common_open_on_phone\" : \"\u0422\u0435\u043b\u0435\u0444\u043e\u043d\u0434\u0430 \u0430\u0448\u0443\"", "\"fallback_menu_item_share_link\" : \"Partilhar link\"", "\"common_signin_button_text_long\" : \"\u0e25\u0e07\u0e0a\u0e37\u0e48\u0e2d\u0e40\u0e02\u0e49\u0e32\u0e43\u0e0a\u0e49\u0e14\u0e49\u0e27\u0e22 Google\"", "\"abc_action_bar_up_description\" : \"\u0416\u043e\u0493\u0430\u0440\u044b \u049b\u0430\u0440\u0430\u0439 \u04e9\u0442\u0443\"", "\"material_timepicker_text_input_mode_description\" : \"\u039a\u03ac\u03bd\u03c4\u03b5 \u03b5\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03b7 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03af\u03b1 \u03b5\u03b9\u03c3\u03b1\u03b3\u03c9\u03b3\u03ae\u03c2 \u03ba\u03b5\u03b9\u03bc\u03ad\u03bd\u03bf\u03c5, \u03b3\u03b9\u03b1 \u03c4\u03b7\u03bd \u03b5\u03b9\u03c3\u03b1\u03b3\u03c9\u03b3\u03ae \u03c4\u03b7\u03c2 \u03ce\u03c1\u03b1\u03c2.\"", "\"mtrl_picker_invalid_format_example\" : \"Exemplo: %1$s\"", "\"icon_content_description\" : \"P\u00e1rbesz\u00e9dpanel ikonja\"", "\"character_counter_content_description\" : \"\u0412\u0432\u0435\u0434\u0435\u043d\u043e \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432: %1$d \u0438\u0437 %2$d\"", "\"exposed_dropdown_menu_content_description\" : \"Hi\u1ec3n th\u1ecb menu th\u1ea3 xu\u1ed1ng\"", "\"abc_searchview_description_query\" : \"Bilaketa-kontsulta\"", "\"common_google_play_services_enable_title\" : \"Omogu\u0107ivanje usluga Google Playa\"", "\"abc_capital_off\" : \"I\u0160JUNGTI\"", "\"bottomsheet_action_expand_halfway\" : \"\u041f\u0440\u043e\u0448\u0438\u0440\u0438 \u0434\u043e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430\"", "\"clear_text_end_icon_content_description\" : \"\u133d\u1211\u134d\u1295 \u12a0\u133d\u12f3\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0414\u043e\u043a\u043e\u0441\u043d\u0435\u0442\u0435, \u0437\u0430 \u0434\u0430 \u043f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u043a\u044a\u043c \u0438\u0437\u0431\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0434\u0435\u043d\"", "\"material_timepicker_text_input_mode_description\" : \"\u0423\u0431\u0430\u043a\u044b\u0442\u0442\u044b \u0442\u0435\u043a\u0441\u0442 \u043a\u0438\u0440\u0433\u0438\u0437\u04af\u04af \u0440\u0435\u0436\u0438\u043c\u0438\u043d\u0434\u0435 \u043a\u0438\u0440\u0433\u0438\u0437\u0438\u04a3\u0438\u0437.\"", "\"abc_capital_on\" : \"I-ON\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0dc0\u0dc3\u0dbb\u0da7 \u0dc3\u0d82\u0da0\u0dcf\u0dbd\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0414\u0430\u0442\u0443\u043c\"", "\"abc_action_mode_done\" : \"Nimemaliza\"", "\"material_minute_selection\" : \"Selecciona els minuts\"", "\"bottomsheet_action_expand_halfway\" : \"\u062a\u0648\u0633\u064a\u0639 \u0627\u0644\u0628\u0637\u0627\u0642\u0629 \u0627\u0644\u0633\u0641\u0644\u064a\u0629\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Flere end %1$d nye notifikationer\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u12a8%1$d \u1260\u120b\u12ed \u12a0\u12f2\u1235 \u121b\u1233\u12c8\u1242\u12eb\u12ce\u127d\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0628\u0631\u0627\u06cc \u0631\u0641\u062a\u0646 \u0628\u0647 \u062d\u0627\u0644\u062a \u0627\u0646\u062a\u062e\u0627\u0628 \u0633\u0627\u0644 \u0636\u0631\u0628\u0647 \u0628\u0632\u0646\u06cc\u062f\"", "\"abc_menu_space_shortcut_label\" : \"bilsl\u00e1\"", "\"common_signin_button_text\" : \"Prisijungti\"", "\"material_clock_toggle_content_description\" : \"\u9078\u53d6\u4e0a\u5348\u6216\u4e0b\u5348\"", "\"nav_app_bar_navigate_up_description\" : \"\u12c8\u12f0 \u120b\u12ed \u12eb\u1235\u1231\"", "\"exposed_dropdown_menu_content_description\" : \"\u1006\u103d\u1032\u1001\u103b\u1019\u102e\u1014\u1030\u1038\u1000\u102d\u102f \u1015\u103c\u101b\u1014\u103a\"", "\"mtrl_chip_close_icon_content_description\" : \"Quitar %1$s\"", "LOOKING FOR BINARY: %s PRESENT!!!", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u5e74\u306b\u79fb\u52d5\"", "\"icon_content_description\" : \"\u12e8\u1295\u130d\u130d\u122d \u12a0\u12f6\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Preklop na na\u010din vnosa v koledar\"", "\"mtrl_picker_invalid_format\" : \"Format nevalid.\"", "\"common_google_play_services_update_text\" : \"\u0b06\u0b2a\u0b23 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b28 \u0b15\u0b30\u0b3f\u0b2c\u0b3e \u0b2a\u0b30\u0b4d\u0b2f\u0b4d\u0b5f\u0b28\u0b4d\u0b24 %1$s \u0b1a\u0b3e\u0b32\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"mtrl_picker_date_header_unselected\" : \"\u5df2\u9078\u53d6\u65e5\u671f\"", "\"mtrl_picker_date_header_unselected\" : \"\u6240\u9078\u65e5\u671f\"", "\"clear_text_end_icon_content_description\" : \"\u091f\u0947\u0915\u094d\u0938\u094d\u091f \u092e\u093f\u091f\u093e\u090f\u0902\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0570\u0565\u057f \u056f\u0561\u057a\u057e\u0561\u056e \u056d\u0576\u0564\u056b\u0580 \u0578\u0582\u0576\u056b: \u0553\u0578\u0580\u0571\u0565\u0584 \u0576\u0578\u0580\u056b\u0581:\"", "basic_string", "\"abc_activitychooserview_choose_application\" : \"\u0c2f\u0c3e\u0c2a\u0c4d\u200c\u0c28\u0c41 \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0c2e\u0c41\u0c28\u0c41\u0c2a\u0c1f\u0c3f \u0c28\u0c46\u0c32\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u0c41\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_picker_date_header_unselected\" : \"\u0dad\u0dda\u0dbb\u0dd6 \u0daf\u0dd2\u0db1\u0dba\"", "\"abc_shareactionprovider_share_with_application\" : \"Ndaje me %s\"", "\"common_google_play_services_update_button\" : \"\u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0902\"", "\"abc_prepend_shortcut_label\" : \"\u0627\u0644\u0642\u0627\u0626\u0645\u0629+\"", "\"common_signin_button_text_long\" : \"\u4f7f\u7528 Google \u5e10\u53f7\u767b\u5f55\"", "\"fallback_menu_item_open_in_browser\" : \"Otw\u00f3rz w\u00a0przegl\u0105darce\"", "\"abc_activity_chooser_view_see_all\" : \"T\u00fcm\u00fcn\u00fc g\u00f6ster\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u8f15\u89f8\u5373\u53ef\u5207\u63db\u70ba\u9078\u53d6\u661f\u671f\u5e7e\"", "\"fallback_menu_item_copy_link\" : \"Link kopieren\"", "allocator::allocate(size_t n) 'n' exceeds maximum supported size", "\"abc_action_bar_up_description\" : \"\u041c\u0443\u0440\u0443\u043d\u043a\u0443 \u044d\u043a\u0440\u0430\u043d\u0433\u0430 \u04e9\u0442\u04af\u04af\"", "\"fallback_menu_item_share_link\" : \"\u039a\u03bf\u03b9\u03bd\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c3\u03c5\u03bd\u03b4\u03ad\u03c3\u03bc\u03bf\u03c5\"", "\"abc_search_hint\" : \"T\u00ecm ki\u1ebfm\u2026\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0a15\u0a70\u0a2e \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a47\u0a17\u0a3e \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a71\u0a15 \u0a24\u0a41\u0a38\u0a40\u0a02 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a26\u0a47 \u0a39\u0a4b\u0964\"", "\"mtrl_picker_a11y_prev_month\" : \"Pakeisti \u012f ankstesn\u012f m\u0117nes\u012f\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0ec1\u0e95\u0eb0\u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0e9b\u0ec8\u0ebd\u0e99\u0ec0\u0e9b\u0eb1\u0e99\u0e81\u0eb2\u0e99\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ea1\u0eb7\u0ec9\"", "\"abc_searchview_description_query\" : \"\u0938\u0930\u094d\u091a \u0915\u094d\u0935\u0947\u0930\u0940\"", "\"abc_searchview_description_clear\" : \"Lek\u00e9rdez\u00e9s t\u00f6rl\u00e9se\"", "\"abc_activitychooserview_choose_application\" : \"\u9009\u62e9\u5e94\u7528\"", "\"abc_menu_delete_shortcut_label\" : \"ezabatu\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u1014\u103e\u1005\u103a %1$s \u101e\u102d\u102f\u1037 \u101c\u1019\u103a\u1038\u100a\u103d\u103e\u1014\u103a\u101b\u1014\u103a\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play teenuste saadavalolek\"", "\"error_icon_content_description\" : \"X\u0259ta\"", "\"mtrl_picker_range_header_unselected\" : \"\u0414\u0430\u0442\u0430 \u043f\u0430\u0447\u0430\u0442\u043a\u0443\u00a0\u2013 \u0434\u0430\u0442\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u044d\u043d\u043d\u044f\"", "\"material_timepicker_text_input_mode_description\" : \"\u05d4\u05e2\u05d1\u05e8 \u05dc\u05de\u05e6\u05d1 \u05e7\u05dc\u05d8 \u05d8\u05e7\u05e1\u05d8 \u05dc\u05e6\u05d5\u05e8\u05da \u05d4\u05d6\u05e0\u05ea \u05d4\u05e9\u05e2\u05d4\"", "\"abc_menu_enter_shortcut_label\" : \"ievad\u012b\u0161anas tausti\u0146\u0161\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Presiona para seleccionar un a\u00f1o\"", "\"character_counter_content_description\" : \"\u5df2\u8f38\u5165 %1$d \u500b\u5b57\u5143 (\u4e0a\u9650\u70ba %2$d \u500b\u5b57\u5143)\"", "\"abc_searchview_description_voice\" : \"Glasovno iskanje\"", "\"character_counter_overflowed_content_description\" : \"Zeichenbeschr\u00e4nkung \u00fcberschritten: %1$d/%2$d\"", "\"fallback_menu_item_copy_link\" : \"\u0a32\u0a3f\u0a70\u0a15 \u0a15\u0a3e\u0a2a\u0a40 \u0a15\u0a30\u0a4b\"", "\"abc_action_bar_home_description\" : \"\u0997\u09c3\u09b9 \u09aa\u09c3\u09b7\u09cd\u09a0\u09be\u09b2\u09c8 \u09af\u09be\u0993\u0995\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_range_header_unselected\" : \"Kezd\u00e9s d\u00e1tuma \u2013 Befejez\u00e9s d\u00e1tuma\"", "terminate_handler unexpectedly returned", "\"abc_activitychooserview_choose_application\" : \"Choose an app\"", "\"mtrl_picker_a11y_next_month\" : \"Pre\u0111ite na sledec\u0301i mesec\"", "\"common_google_play_services_install_button\" : \"\u054f\u0565\u0572\u0561\u0564\u0580\u0565\u056c\"", "\"icon_content_description\" : \"\u0418\u043a\u043e\u043d\u0430 \u0437\u0430 \u0434\u0438\u0458\u0430\u043b\u043e\u0433\"", "\"mtrl_picker_date_header_unselected\" : \"Data seleccionada\"", "\"abc_action_bar_home_description\" : \"\u0939\u094b\u092e \u092a\u0947\u091c \u092a\u0930 \u091c\u093e\u090f\u0902\"", "\"abc_searchview_description_voice\" : \"\uc74c\uc131 \uac80\uc0c9\"", "\"abc_searchview_description_voice\" : \"C\u0103utare vocal\u0103\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Tanggal mulai \u2013 %1$s\"", "\"error_icon_content_description\" : \"Villa\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0430\u043a\u043e \u043d\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435.\"", "\"common_signin_button_text_long\" : \"\u200f\u05d4\u05d9\u05db\u05e0\u05e1 \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea Google\"", "\"material_timepicker_clock_mode_description\" : \"Badilisha umbo liwe la saa ya mishale wakati wa kuweka muda.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u30a8\u30e9\u30fc\"", "\"password_toggle_content_description\" : \"\ube44\ubc00\ubc88\ud638 \ud45c\uc2dc\"", "\"abc_searchview_description_voice\" : \"Recherche vocale\"", "\"common_open_on_phone\" : \"Atidaryti telefone\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e1lasszon alkalmaz\u00e1st\"", "\"mtrl_picker_range_header_selected\" : \"Du %1$s au %2$s\"", "\"item_view_role_description\" : \"Ithebhu\"", "\"common_google_play_services_install_title\" : \"Google\u00a0Play pakalpojumu ieg\u016b\u0161ana\"", "\"error_icon_content_description\" : \"Gre\u0161ka\"", "\"error_icon_content_description\" : \"\u03a3\u03c6\u03ac\u03bb\u03bc\u03b1\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ilovasini Google Play xizmatlariga ulab bo\u2018lmadi. Qaytadan urinib ko\u2018ring.\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0633\u062a\u0648\u0646 \u0631\u0648\u0632: %1$s\"", "\"common_google_play_services_updating_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die momenteel worden ge\u00fcpdatet.\"", "\"abc_action_bar_home_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0926\u093f\u0928\u0939\u0930\u0942\u0915\u094b \u0938\u094d\u0924\u092e\u094d\u092d: %1$s\"", "\"copy_toast_msg\" : \"Link disalin ke papan klip\"", "\"material_hour_selection\" : \"Atlasiet stundu\"", "\"abc_action_mode_done\" : \"\u0411\u04af\u0442\u0442\u04af\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0916\u0924\u094d\u092e \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d \u0c24\u0c47\u0c26\u0c40 \u2013 %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s y\u0131l\u0131na git\"", "operator!=", "\"abc_searchview_description_query\" : \"Hoja ya utafutaji\"", "\"common_signin_button_text\" : \"Fazer login\"", "\"mtrl_picker_invalid_format_use\" : \"\u0e43\u0e0a\u0e49: %1$s\"", "\"abc_action_bar_home_description\" : \"\u0d39\u0d4b\u0d2e\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2a\u0d4b\u0d35\u0d41\u0d15\"", "\"fallback_menu_item_share_link\" : \"Ndaj lidhjen\"", "\"material_timepicker_text_input_mode_description\" : \"Aby wprowadzi\u0107 czas, w\u0142\u0105cz tryb wprowadzania tekstu.\"", "\"mtrl_picker_range_header_unselected\" : \"Petsa ng pagsisimula \u2013 Petsa ng pagtatapos\"", "\"material_minute_selection\" : \"Pumili ng mga minuto\"", "\"common_signin_button_text\" : \"\u767b\u5165\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u0ec4\u0e94\u0ec9\u0ec2\u0e94\u0e8d\u0e97\u0eb5\u0ec8\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play, \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u200b\u0e81\u0eb3\u200b\u0ea5\u0eb1\u0e87\u200b\u0ead\u0eb1\u0e9a\u200b\u0ec0\u0e94\u0e94\u200b\u0ea2\u0eb9\u0ec8\u200b\u0ec3\u0e99\u200b\u0e9b\u0eb0\u200b\u0e88\u0eb8\u200b\u0e9a\u0eb1\u0e99.\"", "\"abc_menu_function_shortcut_label\" : \"A\u00f0ger\u00f0arlykill+\"", "\"common_google_play_services_install_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b87\u0baf\u0b99\u0bcd\u0b95\u0bc1\u0bae\u0bcd. \u0b85\u0bb5\u0bc8 \u0b89\u0b99\u0bcd\u0b95\u0bb3\u0bcd \u0b9a\u0bbe\u0ba4\u0ba9\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b87\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"abc_searchview_description_voice\" : \"\u0628\u062d\u062b \u0635\u0648\u062a\u064a\"", "\"mtrl_picker_announce_current_selection\" : \"\u101c\u1000\u103a\u101b\u103e\u102d \u101b\u103d\u1031\u1038\u1001\u103b\u101a\u103a\u1019\u103e\u102f- %1$s\"", "\"abc_menu_space_shortcut_label\" : \"svemir\"", "\"material_timepicker_clock_mode_description\" : \"Alterne para o modo de rel\u00f3gio para informar o hor\u00e1rio.\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"common_google_play_services_enable_text\" : \"Hindi gagana ang %1$s maliban kung ie-enable mo ang mga serbisyo ng Google Play.\"", "\"material_minute_suffix\" : \"%1$s minutos\"", "\"material_timepicker_select_time\" : \"\u9078\u53d6\u6642\u9593\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u0430\u0442\u0440\u0430\u0431\u0443\u0435\u0446\u0446\u0430 \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0456\u044f \u0441\u043b\u0443\u0436\u0431 Google Play. \u042f\u043d\u0430 \u0430\u0431\u043d\u043e\u0432\u0456\u0446\u0446\u0430 \u0430\u045e\u0442\u0430\u043c\u0430\u0442\u044b\u0447\u043d\u0430 \u045e \u0431\u043b\u0456\u0436\u044d\u0439\u0448\u044b \u0447\u0430\u0441.\"", "\"common_google_play_services_notification_ticker\" : \"\u041f\u0430\u043c\u044b\u043b\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play\"", "\"abc_menu_delete_shortcut_label\" : \"dz\u0113\u0161anas tausti\u0146\u0161\"", "\"common_signin_button_text\" : \"Ingia katika akaunti\"", "\"nav_app_bar_open_drawer_description\" : \"Navigatsiya panelini ochish\"", "\"nav_app_bar_navigate_up_description\" : \"\u8f6c\u5230\u4e0a\u4e00\u5c42\u7ea7\"", "\"icon_content_description\" : \"Gluggat\u00e1kn\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Shintshela kwimodi yokufaka yombhalo\"", "union", "\"common_google_play_services_update_button\" : \"\u041e\u043d\u043e\u0432\u0438\u0442\u0438\"", "\"icon_content_description\" : \"Icoon voor dialoogvenster\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u5229\u7528\"", "\"abc_searchview_description_clear\" : \"Tyhjenn\u00e4 kysely\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ten problemas cos servizos de Google Play. T\u00e9ntao de novo.\"", "\"common_google_play_services_update_button\" : \"\u0986\u09aa\u09a1\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"abc_shareactionprovider_share_with_application\" : \"Partager avec %s\"", "\"mtrl_picker_range_header_title\" : \"\uae30\uac04 \uc120\ud0dd\"", "\"mtrl_picker_invalid_format\" : \"Format tidak sah.\"", "\"error_icon_content_description\" : \"\u041f\u043e\u043c\u0438\u043b\u043a\u0430\"", "\"mtrl_chip_close_icon_content_description\" : \"Odstranite %1$s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Dodirnite za prijelaz na odabir godine\"", "\"abc_shareactionprovider_share_with\" : \"\u053f\u056b\u057d\u057e\u0565\u056c\u2026\"", "\"abc_shareactionprovider_share_with_application\" : \"Condividi tramite %s\"", "\"mtrl_picker_date_header_unselected\" : \"Data e zgjedhur\"", "\"material_clock_toggle_content_description\" : \"\u9009\u62e9\u4e0a\u5348\u6216\u4e0b\u5348\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\ud0ed\ud558\uc5ec \uc694\uc77c \uc120\ud0dd\uc73c\ub85c \uc804\ud658\"", "\"abc_capital_on\" : \"\u0938\u0941\u0930\u0942\"", "\"nav_app_bar_navigate_up_description\" : \"\u0416\u043e\u0433\u043e\u0440\u0443 \u0447\u0430\u0431\u044b\u0442\u0442\u043e\u043e\"", "\"exposed_dropdown_menu_content_description\" : \"Zobrazit rozbalovac\u00ed nab\u00eddku\"", "std::bad_cast", "\"common_google_play_services_updating_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306fGoogle Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u3053\u306e\u30b5\u30fc\u30d3\u30b9\u306f\u73fe\u5728\u66f4\u65b0\u4e2d\u3067\u3059\u3002\"", "VTT for ", "\"abc_capital_on\" : \"VULA\"", "\"mtrl_picker_save\" : \"\u0d38\u0d02\u0d30\u0d15\u0d4d\u0d37\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"fallback_menu_item_copy_link\" : \"\u10d1\u10db\u10e3\u10da\u10d8\u10e1 \u10d9\u10dd\u10de\u10d8\u10e0\u10d4\u10d1\u10d0\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d-\u0441 \u043e\u043b\u043e\u043d \u0448\u0438\u043d\u044d \u043c\u044d\u0434\u044d\u0433\u0434\u044d\u043b\"", "\"common_google_play_services_update_button\" : \"Aktualizovat\"", "\"common_google_play_services_update_title\" : \"\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"material_timepicker_hour\" : \"Tunnid\"", "\"common_google_play_services_enable_button\" : \"\u6709\u52b9\u306b\u3059\u308b\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0410\u044f\u043a\u0442\u043e\u043e \u043a\u04af\u043d\u04af\"", "\"mtrl_picker_date_header_title\" : \"Tarix se\u00e7in\"", "\"abc_capital_on\" : \"ZAP\"", "\"abc_searchview_description_search\" : \"\u0916\u094b\u091c\"", "\"fallback_menu_item_copy_link\" : \"Kop\u0113t saiti\"", "\"common_signin_button_text_long\" : \"Google il\u0259 daxil olun\"", "\"abc_shareactionprovider_share_with\" : \"\u0414\u0430\u0440\u0430\u0430\u0445\u0442\u0430\u0439 \u0445\u0443\u0432\u0430\u0430\u043b\u0446\u0430\u0445\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u2013slutdatum\"", "\"common_google_play_services_wear_update_text\" : \"\u0531\u0576\u0570\u0580\u0561\u056a\u0565\u0577\u057f \u0567 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0576\u0578\u0580 \u057f\u0561\u0580\u0562\u0565\u0580\u0561\u056f\u0568: \u0531\u0575\u0576 \u0577\u0578\u0582\u057f\u0578\u057e \u056f\u0569\u0561\u0580\u0574\u0561\u0581\u057e\u056b \u0561\u057e\u057f\u0578\u0574\u0561\u057f \u056f\u0565\u0580\u057a\u0578\u057e:\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Upphafsdagur \u2013 %1$s\"", "\"common_signin_button_text_long\" : \"Google \u0915\u0947 \u091c\u093c\u0930\u093f\u090f \u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Dotik za preklop na izbiro leta\"", "\"mtrl_picker_invalid_format\" : \"O formato non \u00e9 v\u00e1lido.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u062a\u0627\u0631\u06cc\u062e \u0634\u0631\u0648\u0639\"", "\"abc_search_hint\" : \"Axtar\u0131\u015f...\"", "\"mtrl_picker_announce_current_selection\" : \"Bie\u017c\u0105cy wyb\u00f3r: %1$s\"", "\"common_google_play_services_update_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb n\u00ebse nuk p\u00ebrdit\u00ebson sh\u00ebrbimet e \"Luaj me Google\".\"", "\"abc_shareactionprovider_share_with_application\" : \"\u041f\u043e\u0434\u0456\u043b\u0438\u0442\u0438\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u0434\u0430\u0442\u043e\u043a %s\"", "\"bottomsheet_action_expand_halfway\" : \"\u053e\u0561\u057e\u0561\u056c\u0565\u056c \u056f\u056b\u057d\u0578\u057e \u0579\u0561\u0583\"", "\"mtrl_badge_numberless_content_description\" : \"Neue Benachrichtigung\"", "\"material_hour_suffix\" : \"%1$s null-null\"", "\"common_google_play_services_enable_button\" : \"\u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c02\u0c1a\u0c41\"", "\"google_storage_bucket\" : \"allsafe-8cef0.appspot.com\"", "\"common_google_play_services_updating_text\" : \"\u0ba4\u0bb1\u0bcd\u0baa\u0bcb\u0ba4\u0bc1 \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd, Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"abc_action_bar_up_description\" : \"Ngjitu lart\"", "\"material_timepicker_select_time\" : \"Izaberite vreme\"", "\"abc_toolbar_collapse_description\" : \"\u6536\u5408\"", "\"material_hour_selection\" : \"Pasirinkite valand\u0105\"", "\"abc_searchview_description_query\" : \"\u0548\u0580\u0578\u0576\u0574\u0561\u0576 \u0570\u0561\u0580\u0581\u0578\u0582\u0574\"", "\"abc_menu_space_shortcut_label\" : \"spatie\"", "\"abc_searchview_description_submit\" : \"\u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8 \u0dba\u0ddc\u0db8\u0dd4 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"material_timepicker_hour\" : \"\u0426\u0430\u0433\"", "\"material_minute_suffix\" : \"%1$s minute\"", "\"common_google_play_services_install_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0579\u056f\u0561\u0576 \u0571\u0565\u0580 \u057d\u0561\u0580\u0584\u0578\u0582\u0574:\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0dc3\u0db8\u0d9f \u0db6\u0dd9\u0daf\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "N12_GLOBAL__N_116itanium_demangle10BinaryExprE", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0432\u0430\u043d\u0435 \u043a\u044a\u043c \u0440\u0435\u0436\u0438\u043c \u0437\u0430 \u0432\u044a\u0432\u0435\u0436\u0434\u0430\u043d\u0435 \u043d\u0430 \u0442\u0435\u043a\u0441\u0442\"", "\"mtrl_picker_text_input_year_abbr\" : \"l\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0443\"", "\"material_minute_selection\" : \"Vyberte min\u00faty\"", "\"common_google_play_services_update_button\" : \"Actualizar\"", "\"mtrl_picker_date_header_unselected\" : \"\u0418\u0437\u0431\u0440\u0430\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"material_timepicker_clock_mode_description\" : \"\u0b38\u0b2e\u0b5f \u0b07\u0b28\u0b2a\u0b41\u0b1f\u0b4d\u200d \u0b2a\u0b3e\u0b07\u0b01 \u0b18\u0b23\u0b4d\u0b1f\u0b3e \u0b2e\u0b4b\u0b21\u0b4d\u200c\u0b15\u0b41 \u0b2c\u0b26\u0b33\u0b3e\u0b28\u0b4d\u0b24\u0b41\u0964\"", "\"material_timepicker_clock_mode_description\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u0443 \u0440\u0435\u0436\u0438\u043c \u0441\u0430\u0442\u0430 \u0440\u0430\u0434\u0438 \u0443\u043d\u043e\u0441\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u0430.\"", "\"mtrl_picker_save\" : \"\u0421\u0430\u043a\u0442\u043e\u043e\"", "\"mtrl_picker_invalid_format\" : \"\u1016\u1031\u102c\u103a\u1019\u1000\u103a \u1019\u1019\u103e\u1014\u103a\u1000\u1014\u103a\u1015\u102b\u104b\"", "\"material_timepicker_select_time\" : \"Seleccionar la hora\"", "\"material_timepicker_clock_mode_description\" : \"Beralih ke mod jam untuk input masa.\"", "\"mtrl_picker_save\" : \"Salva\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0d26\u0d3f\u0d35\u0d38\u0d02 \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d3e\u0d7b \u0d1f\u0d3e\u0d2a\u0d4d\u0d2a\u0d4d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Beralih ke mode masukan teks\"", "\"mtrl_picker_invalid_range\" : \"Julat tidak sah.\"", "\"fallback_menu_item_open_in_browser\" : \"Abrir no navegador\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0db8\"", "\"abc_searchview_description_search\" : \"\u041f\u043e\u0438\u0441\u043a\"", "\"nav_app_bar_navigate_up_description\" : \"\u0414\u044d\u044d\u0448 \u0448\u0438\u043b\u0436\u0438\u0445\"", "getRegister", "\"search_menu_title\" : \"Zoeken\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043d\u0430 \u043f\u0440\u0435\u0442\u0440\u0430\u0433\u0430\"", "\"common_signin_button_text\" : \"Bejelentkez\u00e9s\"", "\"mtrl_picker_date_header_title\" : \"\u0924\u093e\u0930\u0940\u0916 \u0928\u093f\u0935\u0921\u093e\"", "\"password_toggle_content_description\" : \"\u10de\u10d0\u10e0\u10dd\u10da\u10d8\u10e1 \u10e9\u10d5\u10d4\u10dc\u10d4\u10d1\u10d0\"", "\"bottomsheet_action_expand_halfway\" : \"Panua nusu\"", "\"common_signin_button_text_long\" : \"Ngena ngemvume nge-Google\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d\u0434\u0430 Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0456\u043d\u0435 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u0442\u044b \u0431\u0435\u043b\u0433\u0456\u0441\u0456\u0437 \u049b\u0430\u0442\u0435 \u0448\u044b\u049b\u0442\u044b. \u04d8\u0440\u0435\u043a\u0435\u0442\u0442\u0456 \u049b\u0430\u0439\u0442\u0430\u043b\u0430\u04a3\u044b\u0437.\"", "\"common_open_on_phone\" : \"\u5728\u624b\u6a5f\u4e0a\u958b\u555f\"", "\"default_web_client_id\" : \"983632160629-4euaeuiqobk9pjufgq0nsl39kt1204pg.apps.googleusercontent.com\"", "\"mtrl_picker_date_header_unselected\" : \"\u0a1a\u0a41\u0a23\u0a40 \u0a17\u0a08 \u0a24\u0a3e\u0a30\u0a40\u0a16\"", "\"exposed_dropdown_menu_content_description\" : \"\u0639\u0631\u0636 \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0645\u0646\u0633\u062f\u0644\u0629\"", "\"fallback_menu_item_copy_link\" : \"Copiar ligaz\u00f3n\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Tarikh tamat\"", "\"common_google_play_services_enable_title\" : \"\u0423\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Beralih kepada mod input kalendar\"", "\"fallback_menu_item_share_link\" : \"\u0cb2\u0cbf\u0c82\u0c95\u0ccd \u0cb9\u0c82\u0c9a\u0cbf\u0cb0\u0cbf\"", "\"exposed_dropdown_menu_content_description\" : \"Drop-down-Men\u00fc anzeigen\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0936\u0941\u0930\u0942 \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"mtrl_picker_invalid_format\" : \"Format incorrect.\"", "\"mtrl_picker_announce_current_selection\" : \"Aktuelle Auswahl: %1$s\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c08 \u0c38\u0c47\u0c35\u0c32\u0c15\u0c41 \u0c2e\u0c40 \u0c2a\u0c30\u0c3f\u0c15\u0c30\u0c02\u0c32\u0c4b \u0c2e\u0c26\u0c4d\u0c26\u0c24\u0c41 \u0c32\u0c47\u0c26\u0c41.\"", "\"mtrl_badge_numberless_content_description\" : \"\u0646\u0626\u06cc \u0627\u0637\u0644\u0627\u0639\"", "\"material_timepicker_minute\" : \"Min\u00fata\"", "\"character_counter_overflowed_content_description\" : \"Vir\u0161ytas simboli\u0173 skai\u010dius: %1$d i\u0161 %2$d\"", "\"common_google_play_services_update_text\" : \"%1$s getur ekki keyrt nema \u00fe\u00fa uppf\u00e6rir \u00fej\u00f3nustu Google Play.\"", "\"material_timepicker_hour\" : \"Stunde\"", "\"abc_menu_space_shortcut_label\" : \"spasiebalk\"", "\"material_minute_selection\" : \"\u0aae\u0abf\u0aa8\u0abf\u0a9f \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_range_header_unselected\" : \"\u958b\u59cb\u65e5\u671f - \u7d50\u675f\u65e5\u671f\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c3\u03c4\u03bf \u03ad\u03c4\u03bf\u03c2 %1$s\"", "\"mtrl_picker_invalid_format_example\" : \"Adibidea: %1$s\"", "\"abc_action_bar_home_description\" : \"Nenda mwanzo\"", "\"abc_toolbar_collapse_description\" : \"Goqa\"", "\"mtrl_picker_a11y_prev_month\" : \"Zum vorherigen Monat wechseln\"", "\"abc_search_hint\" : \"S\u00f8g\u2026\"", "\"common_google_play_services_update_button\" : \"\u0c05\u0c2a\u0c4d\u200c\u0c21\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u1794\u17d2\u178a\u17bc\u179a\u1791\u17c5\u200b\u179a\u1794\u17c0\u1794\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u17a2\u1780\u17d2\u179f\u179a\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u04e9\"", "\"mtrl_picker_save\" : \"\u0ab8\u0abe\u0a9a\u0ab5\u0acb\"", "\"material_timepicker_select_time\" : \"Kies tyd\"", "\"common_google_play_services_install_button\" : \"\u0395\u03b3\u03ba\u03b1\u03c4\u03ac\u03c3\u03c4\u03b1\u03c3\u03b7\"", "\"abc_menu_space_shortcut_label\" : \"\u043f\u0440\u043e\u0431\u0456\u043b\"", "\"common_open_on_phone\" : \"Open on phone\"", "\"material_timepicker_select_time\" : \"Izberite uro\"", "\"copy_toast_msg\" : \"Link kopeeriti l\u00f5ikelauale\"", "\"material_timepicker_am\" : \"VM.\"", "\"mtrl_picker_save\" : \"Spremi\"", "\"mtrl_picker_invalid_format\" : \"Ugyldigt format.\"", "\"abc_searchview_description_submit\" : \"\u0627\u0631\u0633\u0627\u0644 \u067e\u064f\u0631\u0633\u0645\u0627\u0646\"", "\"abc_action_menu_overflow_description\" : \"Chaguo zaidi\"", "\"abc_activitychooserview_choose_application\" : \"\u0905\u200d\u0945\u092a \u0928\u093f\u0935\u0921\u093e\"", "\"material_timepicker_clock_mode_description\" : \"Prije\u0111ite na na\u010din rada sata da biste unijeli vrijeme.\"", "noexcept (", "\"search_menu_title\" : \"Suche\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2c\u0d28\u0d4d\u0d27\u0d2a\u0d4d\u0d2a\u0d46\u0d1f\u0d4d\u0d1f\u0d4d %1$s \u0d06\u0d2a\u0d4d\u0d2a\u0d3f\u0d28\u0d46\u0d28\u0d4d\u0d24\u0d4b \u0d2a\u0d4d\u0d30\u0d36\u0d4d\u0d28\u0d2e\u0d41\u0d23\u0d4d\u0d1f\u0d4d. \u0d35\u0d40\u0d23\u0d4d\u0d1f\u0d41\u0d02 \u0d36\u0d4d\u0d30\u0d2e\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15.\"", "\"search_menu_title\" : \"Otsing\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"More than %1$d new notifications\"", "\"abc_capital_on\" : \"\u0395\u039d\u0395\u03a1\u0393\u039f\u03a0\u039f\u0399\u0397\u03a3\u0397\"", "\"common_open_on_phone\" : \"Fungua kwenye simu\"", "\"abc_action_menu_overflow_description\" : \"Mais op\u00e7\u00f5es\"", "\"abc_searchview_description_voice\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200eVoice search\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"material_clock_toggle_content_description\" : \"Valitse AP tai IP\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Comuta\u021bi la modul introducere \u00een calendar\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041d\u043e\u0432\u0438\u0445 \u0441\u043f\u043e\u0432\u0456\u0449\u0435\u043d\u044c \u0431\u0456\u043b\u044c\u0448\u0435 \u043d\u0456\u0436 %1$d\"", "\"search_menu_title\" : \"\u0a16\u0a4b\u0a1c\"", "\"abc_searchview_description_voice\" : \"Kutafuta kwa kutamka\"", "\"mtrl_picker_confirm\" : \"\"", "\"abc_activitychooserview_choose_application\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10d0\u10de\u10d8\"", "\"common_google_play_services_unknown_issue\" : \"L'application %1$s \u00e9prouve un probl\u00e8me avec les services Google\u00a0Play. Veuillez r\u00e9essayer.\"", "\"mtrl_picker_announce_current_selection\" : \"S\u00e9lection actuelle\u00a0: %1$s\"", "\"abc_action_bar_home_description\" : \"\u30db\u30fc\u30e0\u306b\u623b\u308b\"", "N12_GLOBAL__N_116itanium_demangle9ArrayTypeE", "N10__cxxabiv117__pbase_type_infoE", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play services \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0928\u0947 \u091b\u0948\u0928 \u0930 \u0924\u092a\u093e\u0908\u0901\u0915\u094b \u092f\u0928\u094d\u0924\u094d\u0930\u0932\u0947 Google Play services \u0932\u093e\u0908 \u0938\u092e\u0930\u094d\u0925\u0928 \u0917\u0930\u094d\u0926\u0948\u0928\u0964\"", "\"abc_toolbar_collapse_description\" : \"\u1794\u1784\u17d2\u179a\u17bd\u1798\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Sakatu urtea hautatzeko modura aldatzeko\"", "\"abc_searchview_description_query\" : \"K\u00ebrko pyetjen\"", "\"abc_action_mode_done\" : \"\u0aa5\u0a88 \u0a97\u0aaf\u0ac1\u0a82\"", "\"material_clock_toggle_content_description\" : \"Selecciona a.m. o p.m.\"", "\"mtrl_picker_out_of_range\" : \"Poza zakresem: %1$s\"", "\"password_toggle_content_description\" : \"\u1794\u1784\u17d2\u17a0\u17b6\u1789\u1796\u17b6\u1780\u17d2\u1799\u179f\u1798\u17d2\u1784\u17b6\u178f\u17cb\"", "\"item_view_role_description\" : \"\u0ec1\u0e96\u0e9a\"", "N12_GLOBAL__N_116itanium_demangle12EnableIfAttrE", "\"common_google_play_services_install_button\" : \"In\u0161talova\u0165\"", "\"mtrl_picker_invalid_range\" : \"Ongeldig bereik.\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u04e8\u0434\u0440\u0438\u0439\u043d \u0431\u0430\u0433\u0430\u043d\u0430: %1$s\"", "\"abc_searchview_description_query\" : \"Iskalna poizvedba\"", "\"bottomsheet_action_expand_halfway\" : \"Expandir at\u00e9 a metade\"", "\"bottomsheet_action_expand_halfway\" : \"\u041f\u0440\u043e\u0448\u0438\u0440\u0438\u0442\u0435 \u0434\u043e \u043f\u043e\u043b\u0430\"", "\"character_counter_overflowed_content_description\" : \"%2$d \u0b87\u0bb2\u0bcd %1$d \u0b8e\u0bb4\u0bc1\u0ba4\u0bcd\u0ba4\u0bc1 \u0bb5\u0bb0\u0bae\u0bcd\u0baa\u0bc1 \u0bae\u0bc0\u0bb1\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bc1\"", "\"common_google_play_services_enable_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u1295\u1241\"", "\"common_signin_button_text\" : \"Login\"", "\"abc_action_menu_overflow_description\" : \"\u0925\u092a \u0935\u093f\u0915\u0932\u094d\u092a\u0939\u0930\u0942\"", "\"mtrl_picker_out_of_range\" : \"Vahemikust v\u00e4ljas: %1$s\"", "\"mtrl_picker_invalid_format\" : \"\u0905\u092e\u093e\u0928\u094d\u092f \u0922\u093e\u0901\u091a\u093e\u0964\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"In den Texteingabemodus wechseln\"", "\"common_google_play_services_update_title\" : \"Zaktualizuj Us\u0142ugi Google Play\"", "\"mtrl_picker_out_of_range\" : \"\u0a86 \u0ab6\u0acd\u0ab0\u0ac7\u0aa3\u0ac0\u0aa8\u0ac0 \u0aac\u0ab9\u0abe\u0ab0 \u0a9b\u0ac7: %1$s\"", "\"bottomsheet_action_expand_halfway\" : \"D\u00e9velopper \u00e0 moiti\u00e9\"", "\"material_timepicker_clock_mode_description\" : \"Vaqtni kiritish uchun soat rejimiga o\u2018ting.\"", "\"common_signin_button_text\" : \"Kirjaudu sis\u00e4\u00e4n\"", "\"common_google_play_services_install_title\" : \"\u83b7\u53d6 Google Play \u670d\u52a1\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0411\u0430\u0441\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456 \u2013 %1$s\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u041f\u043e\u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c \u0442\u0435 \u0441\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u0442.\"", "\"mtrl_picker_a11y_next_month\" : \"Change to next month\"", "\"abc_searchview_description_clear\" : \"Ryd foresp\u00f8rgsel\"", "\"material_timepicker_am\" : \"dop.\"", "\"common_signin_button_text\" : \"\u1785\u17bc\u179b\"", "operator delete", "\"exposed_dropdown_menu_content_description\" : \"Mostra il menu a discesa\"", "\"mtrl_picker_out_of_range\" : \"\u8d85\u51fa\u7bc4\u570d\uff1a%1$s\"", "\"abc_action_mode_done\" : \"\u0413\u043e\u0442\u043e\u0432\u043e\"", "\"material_timepicker_select_time\" : \"Khetha isikhathi\"", "\"common_google_play_services_updating_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang saat ini sedang diperbarui.\"", "\"common_google_play_services_install_title\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play\"", "\"abc_searchview_description_submit\" : \"Anfrage senden\"", "\"abc_searchview_description_clear\" : \"\u05de\u05d7\u05d9\u05e7\u05ea \u05d4\u05e9\u05d0\u05d9\u05dc\u05ea\u05d4\"", "\"abc_action_bar_home_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea\"", "\"material_timepicker_select_time\" : \"\u130a\u12dc \u121d\u1228\u1325\"", "\"material_minute_suffix\" : \"%1$s \u0a2e\u0a3f\u0a70\u0a1f\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0421\u0442\u043e\u0432\u043f\u0435\u0446\u044c \u0456\u0437 \u0434\u043d\u044f\u043c\u0438: %1$s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u06a9\u06cc\u0644\u0646\u0688\u0631 \u0627\u0646 \u067e\u0679 \u0648\u0636\u0639 \u067e\u0631 \u0633\u0648\u0626\u0686 \u06a9\u0631\u06cc\u06ba\"", "\"fallback_menu_item_open_in_browser\" : \"Atv\u0113rt p\u0101rl\u016bkprogramm\u0101\"", "\"common_google_play_services_enable_text\" : \"%1$s s\u1ebd kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng n\u1ebfu b\u1ea1n kh\u00f4ng b\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play.\"", "\"common_google_play_services_updating_text\" : \"%1$s hal-haz\u0131rda g\u00fcnc\u0259ll\u0259n\u0259n Google Play xidm\u0259tl\u0259ri olmadan \u00e7al\u0131\u015fmayacaq.\"", "\"fallback_menu_item_share_link\" : \"Compartir v\u00ednculo\"", "\"mtrl_picker_date_header_unselected\" : \"\u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f \u0ba4\u0bc7\u0ba4\u0bbf\"", "\"abc_menu_space_shortcut_label\" : \"Espacio\"", "\"common_google_play_services_enable_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u00a0%1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03ae\u03c3\u03b5\u03b9 \u03b5\u03ac\u03bd \u03b4\u03b5\u03bd \u03ad\u03c7\u03b5\u03c4\u03b5 \u03b5\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03b5\u03b9 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play.\"", "\"fallback_menu_item_copy_link\" : \"\ub9c1\ud06c \ubcf5\uc0ac\"", "\"abc_action_bar_home_description\" : \"Revenir \u00e0 l'accueil\"", "\"common_signin_button_text\" : \"\u0110\u0103ng nh\u1eadp\"", "\"abc_search_hint\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\u2026\"", "\"nav_app_bar_navigate_up_description\" : \"Navegar hacia arriba\"", "\"common_google_play_services_install_button\" : \"Faka\"", "\"mtrl_picker_out_of_range\" : \"\u8d85\u51fa\u65e5\u671f\u7bc4\u570d\uff1a%1$s\"", "\"material_timepicker_minute\" : \"D\u0259qiq\u0259\"", "\"password_toggle_content_description\" : \"Mostra la contrasenya\"", "\"material_hour_suffix\" : \"%1$s \u1014\u102c\u101b\u102e\"", "\"material_minute_suffix\" : \"%1$s \u043c\u0438\u043d\u0443\u0442\u0438\"", "\"common_google_play_services_enable_button\" : \"Attiva\"", "\"common_open_on_phone\" : \"Atv\u0113rt t\u0101lrun\u012b\"", "\"error_icon_content_description\" : \"\u041a\u0430\u0442\u0430\"", "\"common_google_play_services_unsupported_text\" : \"Aplik\u00e1ciu %1$s nebude mo\u017en\u00e9 spusti\u0165 bez slu\u017eieb Google Play, ktor\u00e9 va\u0161e zariadenie nepodporuje.\"", "\"material_hour_suffix\" : \"%1$s hora(s)\"", "\"abc_menu_space_shortcut_label\" : \"\u0c38\u0c4d\u0c2a\u0c47\u0c38\u0c4d\"", "\"abc_action_bar_home_description\" : \"\u0e81\u0eb1\u0e9a\u0ec4\u0e9b\u0edc\u0ec9\u0eb2\u0eab\u0ebc\u0eb1\u0e81\"", "\"common_google_play_services_enable_text\" : \"\u201e%1$s\u201c neveiks, jei ne\u012fgalinsite \u201eGoogle Play\u201c paslaug\u0173.\"", "\"abc_menu_meta_shortcut_label\" : \"\u0d2e\u0d46\u0d31\u0d4d\u0d31+\"", "\"common_signin_button_text\" : \"\u0544\u0578\u0582\u057f\u0584 \u0563\u0578\u0580\u056e\u0565\u056c\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+\u200e\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u1780\u17b6\u179b\u200b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1785\u17b6\u1794\u17cb\u1795\u17d2\u178a\u17be\u1798\"", "\"clear_text_end_icon_content_description\" : \"\u0e25\u0e49\u0e32\u0e07\u0e02\u0e49\u0e2d\u0e04\u0e27\u0e32\u0e21\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google Play\"", "\"material_timepicker_minute\" : \"\u1793\u17b6\u1791\u17b8\u200b\"", "\"common_google_play_services_enable_text\" : \"%1$s ne\u0107e funkcionirati ako ne omogu\u0107ite usluge Google Playa.\"", "\"abc_searchview_description_submit\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200eSubmit query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_shareactionprovider_share_with\" : \"\u0e41\u0e0a\u0e23\u0e4c\u0e01\u0e31\u0e1a\"", "\"common_google_play_services_notification_ticker\" : \"Villa \u00ed \u00fej\u00f3nustu Google Play\"", "\"common_google_play_services_update_text\" : \"\u200f\u062c\u0628 \u062a\u06a9 \u0622\u067e Google Play \u0633\u0631\u0648\u0633\u0632 \u0627\u067e \u0688\u06cc\u0679 \u0646\u06c1\u06cc\u06ba \u06a9\u0631 \u0644\u06cc\u062a\u06d2 \u06c1\u06cc\u06ba %1$s \u062a\u0628 \u062a\u06a9 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u06d4\"", "\"material_minute_selection\" : \"V\u00e6lg minutter\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u00e1\"", "\"abc_menu_space_shortcut_label\" : \"Sz\u00f3k\u00f6z\"", "\"common_google_play_services_update_title\" : \"P\u00e4ivit\u00e4 Google Play Palvelut\"", "\"abc_menu_shift_shortcut_label\" : \"Maj+\"", "\"material_timepicker_clock_mode_description\" : \"\u200c\u0d38\u0d2e\u0d2f\u0d02 \u0d28\u0d7d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d3f\u0d28\u0d4d \u0d15\u0d4d\u0d32\u0d4b\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d4b\u0d21\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u200c\u0d2e\u0d3e\u0d31\u0d41\u0d15.\"", "\"common_google_play_services_enable_text\" : \"%1$s fungerar inte om du inte aktiverar Google Play-tj\u00e4nster.\"", "\"common_google_play_services_update_title\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"password_toggle_content_description\" : \"Mostra password\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u044d\u043a\u0440\u0430\u043d\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"item_view_role_description\" : \"\u0a1f\u0a48\u0a2c\"", "\"material_timepicker_clock_mode_description\" : \"\u0cb8\u0cae\u0caf\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cae\u0cc2\u0ca6\u0cbf\u0cb8\u0cb2\u0cc1 \u0c97\u0ca1\u0cbf\u0caf\u0cbe\u0cb0\u0ca6 \u0ca8\u0cae\u0cc2\u0ca8\u0cc6\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf.\"", "\"abc_menu_function_shortcut_label\" : \"Fn\u00a0+\"", "\"common_google_play_services_enable_title\" : \"Povoli\u0165 slu\u017eby Google Play\"", "\"mtrl_picker_a11y_next_month\" : \"\u062a\u063a\u06cc\u06cc\u0631 \u0628\u0647 \u0645\u0627\u0647 \u0628\u0639\u062f\u06cc\"", "\"abc_search_hint\" : \"Soek \u2026\"", "\"bottomsheet_action_expand_halfway\" : \"Expandir hasta la mitad\"", "\"common_google_play_services_enable_title\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09f0\u0995\"", "\"error_icon_content_description\" : \"\u049a\u0430\u0442\u0435\"", "\"material_hour_suffix\" : \"%1$s\u00a0\u0447\u0430\u0441\u0430\"", "\"abc_shareactionprovider_share_with\" : \"\u1785\u17c2\u1780\u179a\u17c6\u179b\u17c2\u1780\u200b\u1787\u17b6\u200b\u1798\u17bd\u1799\"", "\"common_google_play_services_update_title\" : \"Google Play xizmatlarini yangilash\"", "\"abc_searchview_description_query\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40\"", "\"material_timepicker_minute\" : \"Minut\"", "\"mtrl_badge_numberless_content_description\" : \"Notifikasi baru\"", "\"abc_menu_sym_shortcut_label\" : \"Sym-Taste\u00a0+\"", "\"abc_activitychooserview_choose_application\" : \"\u0410\u043f\u043f\u044b\u0433 \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"abc_capital_on\" : \"\uc0ac\uc6a9\"", "\"common_google_play_services_install_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi hazipatikani kwenye kifaa chako.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Lumipat sa pamamaraan ng pag-input ng kalendaryo\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Gusa ili uende kwenye sehemu ya kuchagua siku\"", "\"mtrl_picker_text_input_date_hint\" : \"\u65e5\u4ed8\"", "\"mtrl_picker_range_header_only_start_selected\" : \"Du %1$s au (date de fin)\"", "\"item_view_role_description\" : \"\u0da7\u0dd0\u0db6\u0dba\"", "\"abc_searchview_description_clear\" : \"\u0ea5\u0eb6\u0e9a\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "operator*", "\"character_counter_overflowed_content_description\" : \"P\u0101rsniegts rakstz\u012bmju skaita ierobe\u017eojums (%1$d\u00a0no\u00a0%2$d)\"", "\"mtrl_picker_invalid_format\" : \"\u041d\u0435\u0432\u0430\u0436\u0435\u0447\u043a\u0438 \u0444\u043e\u0440\u043c\u0430\u0442.\"", "\"material_timepicker_select_time\" : \"\u1021\u1001\u103b\u102d\u1014\u103a\u101b\u103d\u1031\u1038\u1015\u102b\"", "\"abc_action_mode_done\" : \"K\u00e9sz\"", "\"material_clock_toggle_content_description\" : \"\u092a\u0942\u0930\u094d\u0935\u093e\u0939\u094d\u0928 \u0935\u093e \u0905\u092a\u0930\u093e\u0939\u094d\u0928 \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u03b5\"", "\"common_google_play_services_unsupported_text\" : \"Programa \u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kuri\u0173 j\u016bs\u0173 \u012frenginys nepalaiko.\"", "\"material_timepicker_clock_mode_description\" : \"\u09b8\u09ae\u09df \u0987\u09a8\u09aa\u09c1\u099f \u09a6\u09c7\u0993\u09df\u09be\u09b0 \u099c\u09a8\u09cd\u09af \u0998\u09dc\u09bf \u09ae\u09cb\u09a1\u09c7 \u09af\u09be\u09a8\u0964\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u043e\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0442\"", "\"mtrl_picker_invalid_format\" : \"\u0627\u0644\u062a\u0646\u0633\u064a\u0642 \u063a\u064a\u0631 \u0635\u0627\u0644\u062d\"", "\"abc_action_bar_up_description\" : \"Pomik navzgor\"", "\"material_timepicker_clock_mode_description\" : \"Lumipat sa mode ng orasan para sa input na oras.\"", "\"material_timepicker_clock_mode_description\" : \"\u0a38\u0a2e\u0a3e\u0a02 \u0a07\u0a28\u0a2a\u0a41\u0a71\u0a1f \u0a15\u0a30\u0a28 \u0a32\u0a08 \u0a18\u0a5c\u0a40 \u0a2e\u0a4b\u0a21 '\u0a24\u0a47 \u0a38\u0a35\u0a3f\u0a71\u0a1a \u0a15\u0a30\u0a4b\u0964\"", "\"abc_activitychooserview_choose_application\" : \"Pilih aplikasi\"", "\"error_icon_content_description\" : \"Hitilafu\"", "\"abc_searchview_description_submit\" : \"Sorguyu g\u00f6nder\"", "N10__cxxabiv117__class_type_infoE", "\"password_toggle_content_description\" : \"\u067e\u0627\u0633 \u0648\u0631\u0688 \u062f\u06a9\u06be\u0627\u0626\u06cc\u06ba\"", "\"common_google_play_services_install_button\" : \"\u0c87\u0ca8\u0ccd\u200c\u0cb8\u0ccd\u0c9f\u0cbe\u0cb2\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"material_timepicker_pm\" : \"P/M\"", "\"nav_app_bar_open_drawer_description\" : \"\u0928\u0947\u092d\u093f\u0917\u0947\u0938\u0928 \u0921\u094d\u0930\u0905\u0930 \u0916\u094b\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Ketuk untuk beralih ke memilih tahun\"", "\"common_google_play_services_enable_text\" : \"Google Play xizmatlari yoqilmaguncha, %1$s ishlamaydi.\"", "\"common_google_play_services_enable_button\" : \"\u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_toolbar_collapse_description\" : \"\u091b\u094b\u091f\u093e \u0915\u0930\u0947\u0902\"", "\"common_google_play_services_update_text\" : \"%1$s ne mo\u017ee da se pokrene ako ne a\u017eurirate Google Play usluge.\"", "\"common_google_play_services_enable_text\" : \"\u200f\u062a\u0627 \u0648\u0642\u062a\u06cc \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0631\u0627 \u0641\u0639\u0627\u0644 \u0646\u06a9\u0646\u06cc\u062f\u060c %1$s \u06a9\u0627\u0631 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f.\"", "\"mtrl_picker_date_header_title\" : \"\u8bf7\u9009\u62e9\u65e5\u671f\"", "\"clear_text_end_icon_content_description\" : \"Obri\u0161i tekst\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"S\u0101kuma datums\"", "\"mtrl_chip_close_icon_content_description\" : \"Alisin ang %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tik om oor te skakel na die kies van 'n dag\"", "\"material_clock_toggle_content_description\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 AM \u0438\u043b\u0438 PM\"", "\"mtrl_picker_date_header_title\" : \"\u101b\u1000\u103a\u1005\u103d\u1032 \u101b\u103d\u1031\u1038\u1015\u102b\"", "\"nav_app_bar_navigate_up_description\" : \"Navigate up\"", "\"mtrl_picker_date_header_title\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u0434\u0430\u0442\u0443\"", "\"common_google_play_services_install_text\" : \"%1$s \u12eb\u1208 Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1230\u122b\u121d\u1363 \u12a5\u1290\u1231 \u12f0\u130d\u121e \u1260\u1218\u1223\u122a\u12eb\u12ce \u120b\u12ed \u12e8\u1209\u121d\u1362\"", "\"abc_searchview_description_query\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"common_google_play_services_install_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u0441\u044b\u0437 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442. \u0410\u043b\u0430\u0440 \u0442\u04af\u0437\u043c\u04e9\u0433\u04af\u04a3\u04af\u0437\u0434\u04e9 \u0436\u043e\u043a \u0431\u043e\u043b\u0443\u043f \u0436\u0430\u0442\u0430\u0442.\"", "\"abc_action_bar_up_description\" : \"\u0ec0\u0ea5\u0eb7\u0ec8\u0ead\u0e99\u0e82\u0eb6\u0ec9\u0e99\u0ec0\u0e97\u0eb4\u0e87\"", "\"abc_menu_delete_shortcut_label\" : \"\u0db8\u0d9a\u0db1\u0dca\u0db1\"", "\"common_google_play_services_enable_text\" : \"%1$s ei toimi, ellet ota Google Play Palveluita k\u00e4ytt\u00f6\u00f6n.\"", "\"material_timepicker_pm\" : \"\u0631\u0627\u062a\"", "\"common_open_on_phone\" : \"Buksan sa telepono\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\u043c\u0430. \u041f\u0440\u043e\u0431\u0430\u0458\u0442\u0435 \u043f\u043e\u043d\u043e\u0432\u043e.\"", "\"common_signin_button_text_long\" : \"Iniciar sess\u00e3o com o Google\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u7121\u6cd5\u5b58\u53d6 Google Play \u670d\u52d9\uff0c\u8acb\u518d\u8a66\u4e00\u6b21\u3002\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0574\u056b\u0576\u0579\u0587 \u0579\u0574\u056b\u0561\u0581\u0576\u0565\u0584 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568:\"", "\"common_open_on_phone\" : \"\u0641\u0648\u0646 \u067e\u0631 \u06a9\u06be\u0648\u0644\u06cc\u06ba\"", "\"icon_content_description\" : \"Pictogram\u0103 de dialog\"", "\"mtrl_picker_invalid_format_use\" : \"\u0555\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u0584\u055d %1$s\"", "\"fallback_menu_item_copy_link\" : \"Kopiatu esteka\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52d9\u7684\u9069\u7528\u7bc4\u570d\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u1780\u17b6\u179b\u200b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1794\u1789\u17d2\u1785\u1794\u17cb\"", "\"bottomsheet_action_expand_halfway\" : \"\u5c55\u958b\u4e00\u534a\"", "\"material_timepicker_clock_mode_description\" : \"Aldatu erloju modura ordua zehazteko.\"", "\"bottomsheet_action_expand_halfway\" : \"D\u00e9velopper en entier\"", "\"material_timepicker_clock_mode_description\" : \"\u041f\u0440\u0435\u0444\u0440\u043b\u0435\u0442\u0435 \u0441\u0435 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c\u043e\u0442 \u0437\u0430 \u0447\u0430\u0441\u043e\u0432\u043d\u0438\u043a \u0437\u0430 \u0434\u0430 \u0432\u043d\u0435\u0441\u0435\u0442\u0435 \u0432\u0440\u0435\u043c\u0435.\"", "\"fallback_menu_item_share_link\" : \"Compartir ligaz\u00f3n\"", "\"abc_action_bar_home_description\" : \"Fara heim\"", "\"common_google_play_services_updating_text\" : \"\u0421\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\", \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f.\"", "\"abc_action_bar_up_description\" : \"Navegar hacia arriba\"", "\"mtrl_picker_range_header_unselected\" : \"Alguskuup\u00e4ev \u2013 l\u00f5ppkuup\u00e4ev\"", "\"common_google_play_services_update_text\" : \"%1$s sal nie werk nie tensy jy Google Play Dienste opdateer.\"", "\"common_signin_button_text\" : \"Oturum a\u00e7\"", "\"abc_shareactionprovider_share_with\" : \"\u5206\u4eab\u5bf9\u8c61\"", "\"abc_searchview_description_submit\" : \"Sor\u011funu g\u00f6nd\u0259rin\"", "\"fallback_menu_item_share_link\" : \"\u30ea\u30f3\u30af\u306e\u5171\u6709\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0ca6\u0cbf\u0ca8\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0c97\u0cbe\u0c97\u0cbf \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cb2\u0cc1 \u0c9f\u0ccd\u0caf\u0cbe\u0caa\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"mtrl_picker_text_input_date_hint\" : \"\u05ea\u05d0\u05e8\u05d9\u05da\"", "\"password_toggle_content_description\" : \"Erakutsi pasahitza\"", "\"common_google_play_services_install_text\" : \"%1$s no se ejecutar\u00e1 si los Servicios de Google Play no est\u00e1n instalados en tu dispositivo.\"", "\"mtrl_badge_numberless_content_description\" : \"Uusi ilmoitus\"", "\"character_counter_overflowed_content_description\" : \"Bol prekro\u010den\u00fd povolen\u00fd po\u010det znakov (%1$d z\u00a0%2$d)\"", "\"material_minute_selection\" : \"\u092e\u093f\u0928\u0947\u091f \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"search_menu_title\" : \"\u0916\u094b\u091c\"", "\"abc_activity_chooser_view_see_all\" : \"Mostra tutto\"", "\"common_google_play_services_updating_text\" : \"%1$s non se executar\u00e1 sen os servizos de Google Play, que se est\u00e1n actualizando neste momento.\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0daf\u0dd2\u0db1\u0dba\"", "\"character_counter_content_description\" : \"%2$d \u0935\u0930\u094d\u0923\u094b\u0902 \u092e\u0947\u0902 \u0938\u0947 %1$d \u0935\u0930\u094d\u0923 \u0926\u0930\u094d\u091c \u0915\u093f\u090f \u0917\u090f\"", "\"common_signin_button_text\" : \"\u03a3\u03cd\u03bd\u03b4\u03b5\u03c3\u03b7\"", "string literal", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e, \u091c\u094b \u0906\u092a\u0915\u0947 \u0921\u093f\u0935\u093e\u0907\u0938 \u092a\u0930 \u0915\u093e\u092e \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0940 \u0939\u0948\u0902.\"", "\"abc_searchview_description_search\" : \"Suche\"", "\"abc_menu_function_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200eFunction+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0111ang g\u1eb7p s\u1ef1 c\u1ed1 v\u1edbi c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play. H\u00e3y th\u1eed l\u1ea1i.\"", "\"material_timepicker_hour\" : \"Gi\u1edd\"", "\"mtrl_picker_a11y_prev_month\" : \"Skift til forrige m\u00e5ned\"", "\"search_menu_title\" : \"H\u013eada\u0165\"", "\"character_counter_overflowed_content_description\" : \"\u8d85\u904e\u5b57\u5143\u9650\u5236 (\u5171 %1$d \u5b57\u5143\uff0c\u4e0a\u9650 %2$d \u5b57\u5143)\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Palieskite, kad perjungtum\u0117te \u012f met\u0173 pasirinkim\u0105\"", "\"common_signin_button_text_long\" : \"Accedi con Google\"", "\"error_icon_content_description\" : \"\u09b8\u09ae\u09b8\u09cd\u09af\u09be\"", "\"common_google_play_services_updating_text\" : \"\u57f7\u884c\u300c%1$s\u300d\u6240\u9700\u7684 Google Play \u670d\u52d9\u6b63\u5728\u66f4\u65b0\u3002\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u10d3\u10d0\u10ec\u10e7\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8 - %1$s\"", "\"abc_action_mode_done\" : \"\u5b8c\u4e86\"", "\"search_menu_title\" : \"Haku\"", "\"abc_action_bar_up_description\" : \"Di chuy\u1ec3n l\u00ean\"", "\"clear_text_end_icon_content_description\" : \"\u0412\u0438\u0434\u0430\u043b\u0438\u0442\u0438 \u0442\u0435\u043a\u0441\u0442\"", "\"mtrl_chip_close_icon_content_description\" : \"Susa i-%1$s\"", "\"material_timepicker_text_input_mode_description\" : \"\u0d38\u0d2e\u0d2f\u0d02 \u0d28\u0d7d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d3f\u0d28\u0d4d \u0d1f\u0d46\u0d15\u0d4d\u0d38\u0d4d\u0d31\u0d4d\u0d31\u0d4d \u0d07\u0d7b\u0d2a\u0d41\u0d1f\u0d4d\u0d1f\u0d4d \u200c\u0d2e\u0d4b\u200c\u0d21\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u200c\u0d2e\u0d3e\u0d31\u0d41\u0d15.\"", "\"mtrl_picker_range_header_title\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10d3\u10d8\u10d0\u10de\u10d0\u10d6\u10dd\u10dc\u10d8\"", "\"item_view_role_description\" : \"\u0679\u06cc\u0628\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e08\u0e19\u0e01\u0e27\u0e48\u0e32\u0e04\u0e38\u0e13\u0e08\u0e30\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Pieskarties, lai p\u0101rsl\u0113gtos uz gada atlas\u012b\u0161anu\"", "\"mtrl_picker_invalid_format_example\" : \"\u041f\u0440\u044b\u043a\u043b\u0430\u0434: %1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"Trimite\u021bi folosind %s\"", "\"abc_shareactionprovider_share_with\" : \"Sd\u00edlet s\"", "\"material_hour_suffix\" : \"\u0633\u0627\u0639\u062a %1$s\"", "\"common_google_play_services_install_title\" : \"Get Google Play services\"", "\"material_timepicker_hour\" : \"\u10e1\u10d0\u10d0\u10d7\u10d8\"", "\"clear_text_end_icon_content_description\" : \"\u0b89\u0bb0\u0bc8\u0baf\u0bc8 \u0b85\u0bb4\u0bbf\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"mtrl_picker_invalid_format_example\" : \"Contoh: %1$s\"", "\"abc_searchview_description_submit\" : \"Envoyer la requ\u00eate\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u041d\u0430\u0436\u043c\u0438\u0442\u0435, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0432\u044b\u0431\u043e\u0440\u0443 \u0434\u043d\u044f\"", "\"material_timepicker_am\" : \"A. M.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Perjungti \u012f kalendoriaus \u012fvesties re\u017eim\u0105\"", "\"mtrl_picker_invalid_range\" : \"Tarteak ez du balio.\"", "\"abc_action_bar_home_description\" : \"Portami a casa\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0440\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u0430\u0430\u0440\u044b\u043d \u043a\u04e9\u0440\u04af\u04af\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0414\u0430\u0442\u0430\"", "\"common_google_play_services_update_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kokuthi ubuyekeze i-Google Play.\"", "\"mtrl_picker_invalid_format_example\" : \"\u0a09\u0a26\u0a3e\u0a39\u0a30\u0a28: %1$s\"", "\"common_google_play_services_update_text\" : \"%1$s wird nur ausgef\u00fchrt, wenn du die Google Play-Dienste aktualisierst.\"", "\"abc_prepend_shortcut_label\" : \"\u0d2e\u0d46\u0d28\u0d41+\"", "\"mtrl_picker_date_header_unselected\" : \"\uc120\ud0dd\ud55c \ub0a0\uc9dc\"", "\"clear_text_end_icon_content_description\" : \"Pastro tekstin\"", "\"abc_activitychooserview_choose_application\" : \"Vybra\u0165 aplik\u00e1ciu\"", "\"abc_capital_on\" : \"\u05de\u05d5\u05e4\u05e2\u05dc\"", "\"search_menu_title\" : \"Soek\"", "\"common_signin_button_text_long\" : \"Google \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a08\u0a28-\u0a07\u0a28 \u0a15\u0a30\u0a4b\"", "\"material_timepicker_clock_mode_description\" : \"Bytt til klokkemodus for tidsinndata.\"", "\"password_toggle_content_description\" : \"Vis adgangskode\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Sakatu eguna hautatzeko modura aldatzeko\"", "\"icon_content_description\" : \"Icona della finestra di dialogo\"", "\"mtrl_picker_navigate_to_year_description\" : \"Buka tahun %1$s\"", "\"common_signin_button_text\" : \"Sign in\"", "\"material_timepicker_pm\" : \"du.\"", "\"material_timepicker_pm\" : \"\u0ec2\u0ea1\u0e87\u0ec1\u0ea5\u0e87\"", "\"common_google_play_services_enable_title\" : \"W\u0142\u0105cz Us\u0142ugi Google Play\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Mais de %1$d novas notifica\u00e7\u00f5es\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0c30\u0c4b\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Fecha de inicio\"", "\"bottomsheet_action_expand_halfway\" : \"Kibont\u00e1s f\u00e9lig\"", "\"mtrl_picker_invalid_range\" : \"\u10d3\u10d8\u10d0\u10de\u10d0\u10d6\u10dd\u10dc\u10d8 \u10d0\u10e0\u10d0\u10e1\u10ec\u10dd\u10e0\u10d8\u10d0.\"", "\"abc_searchview_description_voice\" : \"\u0541\u0561\u0575\u0576\u0561\u0575\u056b\u0576 \u0578\u0580\u0578\u0576\u0578\u0582\u0574\"", "\"common_google_play_services_install_button\" : \"\u0418\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u0458\"", "\"character_counter_content_description\" : \"\u0412\u0432\u0435\u0434\u0435\u043d\u043e \u0441\u0438\u043c\u0432\u043e\u043b\u0456\u0432: %1$d \u0437 %2$d\"", "\"common_google_play_services_unknown_issue\" : \"\u0423 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u044b %1$s \u0443\u0437\u043d\u0456\u043a\u043b\u0456 \u043f\u0440\u0430\u0431\u043b\u0435\u043c\u044b \u0441\u0430 \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0456 Google Play. \u041f\u0430\u045e\u0442\u0430\u0440\u044b\u0446\u0435 \u0441\u043f\u0440\u043e\u0431\u0443.\"", "\"abc_shareactionprovider_share_with\" : \"Megoszt\u00e1s a k\u00f6vetkez\u0151vel:\"", "operator=", "\"common_google_play_services_install_title\" : \"\u0410\u0442\u0440\u044b\u043c\u0430\u0446\u044c \u0441\u043b\u0443\u0436\u0431\u044b Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u670d\u52d9\u932f\u8aa4\"", "\"item_view_role_description\" : \"Tabulation\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0995\u09cd\u09af\u09be\u09b2\u09c7\u09a8\u09cd\u09a1\u09be\u09b0 \u0987\u09a8\u09aa\u09c1\u099f \u09ae\u09cb\u09a1\u09c7 \u09ac\u09a6\u09b2 \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_chip_close_icon_content_description\" : \"Odstr\u00e1ni\u0165 polo\u017eku %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u1785\u17bb\u1785\u200b\u178a\u17be\u1798\u17d2\u1794\u17b8\u1794\u17d2\u178a\u17bc\u179a\u1791\u17c5\u200b\u1780\u17b6\u179a\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u1790\u17d2\u1784\u17c3\"", "\"abc_menu_sym_shortcut_label\" : \"Simbolu tausti\u0146\u0161\u00a0+\"", "\"abc_shareactionprovider_share_with\" : \"\u0ec1\u0e9a\u0ec8\u0e87\u0e9b\u0eb1\u0e99\u0e81\u0eb1\u0e9a\"", "\"common_google_play_services_update_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"material_timepicker_hour\" : \"\u053a\u0561\u0574\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0411\u0430\u0441\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456\"", "\"abc_activity_chooser_view_see_all\" : \"\u0dc3\u0dd2\u0dba\u0dbd\u0dca\u0dbd \u0db6\u0dbd\u0db1\u0dca\u0db1\"", "\"abc_action_bar_home_description\" : \"\u0627\u0644\u062a\u0648\u062c\u0647 \u0625\u0644\u0649 \u0627\u0644\u0645\u0646\u0632\u0644\"", "\"material_timepicker_select_time\" : \"\u0412\u044b\u0431\u043e\u0440 \u0432\u0440\u0435\u043c\u0435\u043d\u0438\"", "\"abc_menu_space_shortcut_label\" : \"\u0b38\u0b4d\u0b2a\u0b47\u0b38\u0b4d\u200d\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - data de finalizaci\u00f3n\"", "\"abc_searchview_description_search\" : \"\u0627\u0644\u0628\u062d\u062b\"", "\"common_google_play_services_install_title\" : \"Kunin ang mga serbisyo ng Google Play\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data de finalitzaci\u00f3\"", "\"mtrl_picker_a11y_next_month\" : \"\u0627\u06af\u0644\u06d2 \u0645\u06c1\u06cc\u0646\u06c1 \u0645\u06cc\u06ba \u0645\u0646\u062a\u0642\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"fallback_menu_item_open_in_browser\" : \"Taray\u0131c\u0131da a\u00e7\"", "\"abc_searchview_description_submit\" : \"Pateikti u\u017eklaus\u0105\"", "N12_GLOBAL__N_116itanium_demangle15PixelVectorTypeE", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s\u00a0\u2013 \u0434\u0430\u0442\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u044d\u043d\u043d\u044f\"", "\"fallback_menu_item_share_link\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200eShare link\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0e14\"", "\"abc_searchview_description_clear\" : \"\u0418\u0441\u0447\u0438\u0441\u0442\u0438 \u0431\u0430\u0440\u0430\u045a\u0435\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0130l se\u00e7imin\u0259 ke\u00e7m\u0259k \u00fc\u00e7\u00fcn toxunun\"", "\"mtrl_picker_announce_current_selection\" : \"\u0422\u0435\u043a\u0443\u0449 \u0438\u0437\u0431\u043e\u0440: %1$s\"", "\"clear_text_end_icon_content_description\" : \"Clear text\"", "\"bottomsheet_action_expand_halfway\" : \"M\u1edf r\u1ed9ng m\u1ed9t n\u1eeda\"", "\"password_toggle_content_description\" : \"\u12e8\u12ed\u1208\u134d \u1243\u120d \u12a0\u1233\u12ed\"", "\"mtrl_picker_text_input_date_hint\" : \"Tarehe\"", "\"mtrl_picker_invalid_format\" : \"\u0c85\u0cae\u0cbe\u0ca8\u0ccd\u0caf\u0cb5\u0cbe\u0ca6 \u0cab\u0cbe\u0cb0\u0ccd\u0cae\u0ccd\u0caf\u0cbe\u0c9f\u0ccd.\"", "\"mtrl_picker_a11y_next_month\" : \"Pakeisti \u012f kit\u0105 m\u0117nes\u012f\"", "\"common_google_play_services_wear_update_text\" : \"Vy\u017eaduje sa nov\u00e1 verzia slu\u017eieb Google Play. Aktualizuj\u00fa sa automaticky v\u00a0najbli\u017e\u0161om \u010dase.\"", "\"abc_capital_off\" : \"KAPAT\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0cb9\u0cca\u0cb8 \u0c86\u0cb5\u0cc3\u0ca4\u0ccd\u0ca4\u0cbf \u0c85\u0c97\u0ca4\u0ccd\u0caf\u0cb5\u0cbf\u0ca6\u0cc6. \u0cb8\u0ca6\u0ccd\u0caf\u0ca6\u0cb2\u0ccd\u0cb2\u0cc7 \u0c85\u0ca6\u0cc1 \u0ca4\u0cbe\u0ca8\u0cbe\u0c97\u0cbf\u0caf\u0cc7 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd \u0c86\u0c97\u0cc1\u0ca4\u0ccd\u0ca4\u0ca6\u0cc6.\"", "\"material_timepicker_clock_mode_description\" : \"Passer en mode horloge pour la saisie de l'heure.\"", "\"material_hour_suffix\" : \"plkst.\u00a0%1$s\"", "\"abc_toolbar_collapse_description\" : \"I-collapse\"", "\"material_hour_suffix\" : \"%1$s h\"", "\"mtrl_picker_a11y_prev_month\" : \"Vaihda edelliseen kuukauteen\"", "\"mtrl_chip_close_icon_content_description\" : \"(%1$s)\u0c28\u0c3f \u0c24\u0c40\u0c38\u0c3f\u0c35\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data de t\u00e9rmino\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0cb2\u0cad\u0ccd\u0caf\u0ca4\u0cc6\"", "\"abc_capital_off\" : \"\uc0ac\uc6a9 \uc911\uc9c0\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0414\u0430\u043a\u0440\u0430\u043d\u0456\u0446\u0435\u0441\u044f, \u043a\u0430\u0431 \u043f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u043d\u0430 \u0432\u044b\u0431\u0430\u0440 \u0433\u043e\u0434\u0430\"", "\"material_timepicker_am\" : \"\uc624\uc804\"", "\"abc_shareactionprovider_share_with_application\" : \"Sd\u00edlet s\u00a0aplikac\u00ed %s\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0430\u043f\u043d\u043e\u0441\u0442 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"common_signin_button_text_long\" : \"\u200fGoogle \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0633\u0627\u0626\u0646 \u0627\u0646 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_date_header_unselected\" : \"\u0412\u044b\u0431\u0440\u0430\u043d\u043d\u0430\u044f \u0434\u0430\u0442\u0430\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0a39\u0a1f\u0a3e\u0a13\"", "\"mtrl_picker_announce_current_selection\" : \"\u0627\u0644\u0627\u062e\u062a\u064a\u0627\u0631 \u0627\u0644\u062d\u0627\u0644\u064a: %1$s\"", "\"error_icon_content_description\" : \"L\u1ed7i\"", "\"character_counter_overflowed_content_description\" : \"\u0c85\u0c95\u0ccd\u0cb7\u0cb0 \u0cae\u0cbf\u0ca4\u0cbf\u0caf\u0cc1 %2$d \u0cb0\u0cb2\u0ccd\u0cb2\u0cbf %1$d \u0cae\u0cc0\u0cb0\u0cbf\u0ca6\u0cc6\"", "\"abc_action_bar_home_description\" : \"Navega fins a la p\u00e0gina d'inici\"", "\"abc_searchview_description_query\" : \"Soektognavraag\"", "\"error_icon_content_description\" : \"Fel\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Startdatum\u00a0\u2013 %1$s\"", "\"abc_searchview_description_search\" : \"\u0418\u0437\u0434\u04e9\u04e9\"", "\"abc_activitychooserview_choose_application\" : \"Escolher uma aplica\u00e7\u00e3o\"", "\"bottomsheet_action_expand_halfway\" : \"St\u00e6kka til h\u00e1lfs\"", "\"mtrl_picker_a11y_next_month\" : \"\u1014\u1031\u102c\u1000\u103a\u101c\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a\"", "\"abc_menu_function_shortcut_label\" : \"Funksioni+\"", "\"material_timepicker_clock_mode_description\" : \"Lai ievad\u012btu laiku, iesl\u0113dziet pulkste\u0146a re\u017e\u012bmu.\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0ca4\u0cbf\"", "\"common_google_play_services_unknown_issue\" : \"%1$s aplikazioak arazoak ditu Google Play zerbitzuekin. Saiatu berriro.\"", "\"common_google_play_services_enable_text\" : \"%1$s non funcionar\u00e1 a menos que actives os servizos de Google Play.\"", "\"icon_content_description\" : \"Ikona pogovornega okna\"", "\"abc_toolbar_collapse_description\" : \"Sutraukti\"", "\"abc_toolbar_collapse_description\" : \"Recolher\"", "\"mtrl_picker_text_input_date_hint\" : \"\u041e\u0433\u043d\u043e\u043e\"", "\"exposed_dropdown_menu_content_description\" : \"\u10e9\u10d0\u10db\u10dd\u10e1\u10d0\u10e8\u10da\u10d4\u10da\u10d8 \u10db\u10d4\u10dc\u10d8\u10e3\u10e1 \u10e9\u10d5\u10d4\u10dc\u10d4\u10d1\u10d0\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0414\u0430\u0442\u0443\u043c \u043f\u043e\u0447\u0435\u0442\u043a\u0430 \u2013 %1$s\"", "\"abc_action_bar_home_description\" : \"\u067e\u06cc\u0645\u0627\u06cc\u0634 \u0628\u0647 \u0635\u0641\u062d\u0647 \u0627\u0635\u0644\u06cc\"", "\"character_counter_content_description\" : \"%1$d/%2$d ta belgi kiritildi\"", "\"error_icon_content_description\" : \"Pogre\u0161ka\"", "N12_GLOBAL__N_116itanium_demangle12FunctionTypeE", "\"mtrl_picker_toggle_to_day_selection\" : \"Toque para alternar para a sele\u00e7\u00e3o de um dia\"", "\"abc_capital_off\" : \"UIT\"", "\"material_hour_suffix\" : \"%1$s \u0ab5\u0abe\u0a97\u0acd\u0aaf\u0abe \u0a9b\u0ac7\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0ba4\u0bca\u0b9f\u0b95\u0bcd\u0b95\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf \u2013 %1$s\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0440\u0435\u0444\u0440\u043b\u0438 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c \u0437\u0430 \u0432\u043d\u0435\u0441\u0443\u0432\u0430\u045a\u0435 \u0442\u0435\u043a\u0441\u0442\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0433\u043e\u0440\u0443\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Kon\u010dni datum\"", "\"fallback_menu_item_copy_link\" : \"\u0932\u093f\u0902\u0915 \u092a\u094d\u0930\u0924\u093f\u0932\u093f\u092a\u093f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"material_timepicker_am\" : \"\u043f\u0440.\"", "\"abc_capital_on\" : \"A\u00c7\"", "\"copy_toast_msg\" : \"\u041f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f \u0441\u043a\u043e\u043f\u0456\u0439\u043e\u0432\u0430\u043d\u043e \u0432 \u0431\u0443\u0444\u0435\u0440 \u043e\u0431\u043c\u0456\u043d\u0443\"", "\"mtrl_badge_numberless_content_description\" : \"\u09a8\u09a4\u09c1\u09a8 \u09ac\u09bf\u099c\u09cd\u099e\u09aa\u09cd\u09a4\u09bf\"", "\"mtrl_picker_date_header_unselected\" : \"\u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d24\u0d4d\u0d24 \u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"common_open_on_phone\" : \"\u0423\u0442\u0441\u0430\u0430\u0440 \u043d\u044d\u044d\u0445\"", "\"mtrl_picker_invalid_format_use\" : \"\u0416\u0430\u0440\u0430\u043c\u0434\u044b \u0444\u043e\u0440\u043c\u0430\u0442: %1$s.\"", "\"material_timepicker_clock_mode_description\" : \"\u041f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0435\u0442\u0435 \u043a\u044a\u043c \u0440\u0435\u0436\u0438\u043c\u0430 \u0437\u0430 \u0447\u0430\u0441\u043e\u0432\u043d\u0438\u043a, \u0437\u0430 \u0434\u0430 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0447\u0430\u0441\u0430.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play. Thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n kh\u00f4ng h\u1ed7 tr\u1ee3 c\u00e1c d\u1ecbch v\u1ee5 n\u00e0y.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Startdatum - %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"Uporabite: %1$s\"", "\"material_timepicker_select_time\" : \"Aja valimine\"", "\"abc_capital_off\" : \"IZKLOP\"", "\"mtrl_picker_save\" : \"Enregistrer\"", "\"mtrl_picker_invalid_format\" : \"Ongeldige formaat.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Startdato\"", "\"common_open_on_phone\" : \"\u00d6ppna p\u00e5 mobilen\"", "\"password_toggle_content_description\" : \"\u986f\u793a\u5bc6\u78bc\"", "\"common_google_play_services_enable_title\" : \"Aktivera Google Play-tj\u00e4nster\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Meer as %1$d nuwe kennisgewings\"", "\"common_signin_button_text\" : \"\ub85c\uadf8\uc778\"", "\"common_google_play_services_updating_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10d4\u10da\u10d7\u10d0 \u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d4\u10d1\u10d0\u10ea \u10d0\u10db\u10df\u10d0\u10db\u10d0\u10d3 \u10db\u10d8\u10db\u10d3\u10d8\u10dc\u10d0\u10e0\u10d4\u10dd\u10d1\u10e1.\"", "\"bottomsheet_action_expand_halfway\" : \"Pro\u0161irite do pola\"", "\"material_hour_suffix\" : \"\u0421\u0430\u0493\u0430\u0442: %1$s\"", "\"icon_content_description\" : \"Dialogfeldsymbol\"", "\"common_google_play_services_wear_update_text\" : \"Google Play xidm\u0259tl\u0259rinin yeni versiyas\u0131 laz\u0131md\u0131r. Q\u0131sa m\u00fcdd\u0259t\u0259 \u00f6z\u00fcn\u00fc yenil\u0259y\u0259c\u0259k.\"", "\"abc_activitychooserview_choose_application\" : \"Selecciona una aplicaci\u00f3\"", "\"abc_action_mode_done\" : \"\u09b9\u09af\u09bc\u09c7 \u0997\u09c7\u099b\u09c7\"", "\"abc_searchview_description_submit\" : \"D\u00ebrgo pyetjen\"", "\"material_timepicker_text_input_mode_description\" : \"\u041f\u0440\u0435\u0444\u0440\u043b\u0435\u0442\u0435 \u0441\u0435 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c\u043e\u0442 \u0437\u0430 \u0432\u043d\u0435\u0441\u0443\u0432\u0430\u045a\u0435 \u0442\u0435\u043a\u0441\u0442 \u0437\u0430 \u0434\u0430 \u0432\u043d\u0435\u0441\u0435\u0442\u0435 \u0432\u0440\u0435\u043c\u0435.\"", "\"common_google_play_services_install_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09aa\u09be\u09a8\"", "\"fallback_menu_item_open_in_browser\" : \"\u0db6\u0dca\u200d\u0dbb\u0dc0\u0dca\u0dc3\u0dbb\u0dba\u0dda \u0dc0\u0dd2\u0dc0\u0dd8\u0dad \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"character_counter_content_description\" : \"\u0110\u00e3 nh\u1eadp %1$d trong s\u1ed1 %2$d k\u00fd t\u1ef1\"", "\"mtrl_picker_date_header_unselected\" : \"\u0421\u043e\u043d\u0433\u043e\u0441\u043e\u043d \u043e\u0433\u043d\u043e\u043e\"", "\"material_timepicker_hour\" : \"Ordua\"", "\"mtrl_picker_date_header_unselected\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e17\u0e35\u0e48\u0e40\u0e25\u0e37\u0e2d\u0e01\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0daf\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e40\u0e23\u0e34\u0e48\u0e21\u0e15\u0e49\u0e19\"", "\"material_timepicker_select_time\" : \"Vaxt se\u00e7in\"", "\"mtrl_picker_invalid_format_use\" : \"Gebruik: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0416\u044b\u0439\u044b\u0448\u0442\u044b\u0440\u0443\u0443\"", "\"fallback_menu_item_share_link\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u0438 \u043b\u0438\u043d\u043a\"", "\"copy_toast_msg\" : \"\u0425\u043e\u043b\u0431\u043e\u043e\u0441\u044b\u0433 \u0442\u04af\u0440 \u0441\u0430\u043d\u0430\u0445 \u043e\u0439\u0434 \u0445\u0443\u0443\u043b\u0441\u0430\u043d\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Einddatum\"", "\"common_google_play_services_update_button\" : \"\u0395\u03bd\u03b7\u03bc\u03ad\u03c1\u03c9\u03c3\u03b7\"", "\"abc_searchview_description_query\" : \"\u0916\u094b\u091c \u092a\u094d\u0930\u0936\u094d\u0928\"", "\"mtrl_picker_range_header_title\" : \"Select range\"", "\"common_google_play_services_notification_channel_name\" : \"\u041d\u0430\u043b\u0438\u0447\u043d\u043e\u0441\u0442 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"common_google_play_services_update_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0436\u0430\u04a3\u044b\u0440\u0442\u0443\u0443\"", "\"abc_searchview_description_search\" : \"\u641c\u7d22\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u0e27\"", "\"common_signin_button_text\" : \"\u10e8\u10d4\u10e1\u10d5\u10da\u10d0\"", "\"password_toggle_content_description\" : \"Exibir senha\"", "\"mtrl_picker_invalid_format_example\" : \"Exemplu: %1$s\"", "\"fallback_menu_item_share_link\" : \"Bagikan link\"", "\"nav_app_bar_open_drawer_description\" : \"Otev\u0159\u00edt vysouvac\u00ed panel navigace\"", "\"mtrl_picker_invalid_format_example\" : \"\u041f\u0440\u0438\u043a\u043b\u0430\u0434: %1$s\"", "\"mtrl_picker_save\" : \"Save\"", "\"abc_action_mode_done\" : \"Hotovo\"", "\"material_timepicker_select_time\" : \"Selecta\u021bi ora\"", "\"mtrl_picker_out_of_range\" : \"\u0924\u093e\u0930\u0940\u0916 \u0915\u0940 \u092e\u093e\u0928\u094d\u092f \u0938\u0940\u092e\u093e \u0938\u0947 \u092c\u093e\u0939\u0930: %1$s\"", "\"item_view_role_description\" : \"Flipi\"", "\"clear_text_end_icon_content_description\" : \"\u6e05\u9664\u6587\u5b57\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u0947\u0902\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u0e81\u0eb2\u0e99\u0ec1\u0e88\u0ec9\u0e87\u0ec0\u0e95\u0eb7\u0ead\u0e99\u0ec3\u0edd\u0ec8\u0eab\u0ebc\u0eb2\u0e8d\u0e81\u0ea7\u0ec8\u0eb2 %1$d \u0ea5\u0eb2\u0e8d\u0e81\u0eb2\u0e99\"", "\"mtrl_picker_invalid_format_example\" : \"\u0d09\u0d26\u0d3e\u0d39\u0d30\u0d23\u0d02: %1$s\"", "\"fallback_menu_item_open_in_browser\" : \"\u0d2c\u0d4d\u0d30\u0d57\u0d38\u0d31\u0d3f\u0d7d \u0d24\u0d41\u0d31\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"material_timepicker_minute\" : \"\u039b\u03b5\u03c0\u03c4\u03cc\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Ketuk untuk beralih ke memilih hari\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Takvim giri\u015f moduna ge\u00e7\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u062f\u0646 \u06a9\u0648 \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u0646\u06d2 \u06a9\u06d2 \u0644\u064a\u06d2 \u0633\u0648\u0626\u0686 \u067e\u0631 \u062a\u06be\u067e\u062a\u06be\u067e\u0627\u0626\u06cc\u06ba\"", "\"material_hour_suffix\" : \"%1$s\u00a0Uhr\"", "\"abc_search_hint\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\u2026\"", "\"common_google_play_services_enable_text\" : \"I-%1$s ngeke isebenze ngaphandle kokuthi unike amandla amasevisi we-Google Play.\"", "\"common_open_on_phone\" : \"\u00c5pne p\u00e5 telefonen\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e \u0938\u0941\u0930\u0942 \u0915\u0930\u093e\"", "\"common_google_play_services_wear_update_text\" : \"Potrebujete novo razli\u010dico storitev Google Play. V kratkem se bodo posodobile.\"", "\"abc_action_bar_up_description\" : \"Desplazarse hacia arriba\"", "\"common_signin_button_text\" : \"Skr\u00e1 inn\"", "\"clear_text_end_icon_content_description\" : \"\u179f\u1798\u17d2\u17a2\u17b6\u178f\u17a2\u1780\u17d2\u179f\u179a\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Prepn\u00fa\u0165 na kalend\u00e1rov\u00fd re\u017eim vstupu\"", "\"abc_toolbar_collapse_description\" : \"\u05db\u05d9\u05d5\u05d5\u05e5\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"M\u00eb shum\u00eb se %1$d njoftime t\u00eb reja\"", "\"clear_text_end_icon_content_description\" : \"\u0679\u06cc\u06a9\u0633\u0679 \u0635\u0627\u0641 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_update_button\" : \"\u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0a38\u0a3e\u0a32 %1$s '\u0a24\u0a47 \u0a28\u0a48\u0a35\u0a40\u0a17\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u0442\u044a\u0439 \u043a\u0430\u0442\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play \u043d\u0435 \u0441\u0430 \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u0442\u043e \u0432\u0438.\"", "\"nav_app_bar_navigate_up_description\" : \"Mag-navigate pataas\"", "\"common_google_play_services_enable_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas activ\u00e9 les services Google\u00a0Play.\"", "\"bottomsheet_action_expand_halfway\" : \"Pro\u0161iri donju polovicu\"", "\"error_icon_content_description\" : \"Errore\"", "\"character_counter_content_description\" : \"\u012evesta simboli\u0173: %1$d i\u0161 %2$d\"", "\"mtrl_picker_invalid_format\" : \"Ge\u00e7ersiz bi\u00e7im.\"", "\"mtrl_picker_announce_current_selection\" : \"Huidige keuse: %1$s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Toca per canviar a la selecci\u00f3 de l'any\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u042d\u0445\u043b\u044d\u0445 \u043e\u0433\u043d\u043e\u043e \u2013 %1$s\"", "\"bottomsheet_action_expand_halfway\" : \"Vou halfpad uit\"", "\"abc_activity_chooser_view_see_all\" : \"\u0633\u0628\u06be\u06cc \u062f\u06cc\u06a9\u06be\u06cc\u06ba\"", "\"abc_searchview_description_voice\" : \"\u10ee\u10db\u10dd\u10d5\u10d0\u10dc\u10d8 \u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"mtrl_picker_range_header_title\" : \"V\u00e1lasszon d\u00e1tumtartom\u00e1nyt\"", "\"fallback_menu_item_open_in_browser\" : \"Otvori\u0165 v\u00a0prehliada\u010di\"", "\"mtrl_picker_text_input_month_abbr\" : \"b\"", "\"mtrl_picker_invalid_format\" : \"Format tidak valid.\"", "\"abc_searchview_description_search\" : \"Iskanje\"", "\"abc_action_bar_home_description\" : \"Navigera hem\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0915\u0941\u0928\u0948 \u0935\u0930\u094d\u0937 \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0947 \u0935\u093f\u0915\u0932\u094d\u092a \u092a\u094d\u0930\u092f\u094b\u0917 \u0917\u0930\u094d\u0928 \u091f\u094d\u092f\u093e\u092a \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navigo te viti %1$s\"", "\"material_minute_suffix\" : \"%1$s \u043c\u04af\u043d\u04e9\u0442\"", "\"mtrl_picker_date_header_title\" : \"Sanani tanlang\"", "\"mtrl_picker_out_of_range\" : \"\u062d\u062f \u0633\u06d2 \u0628\u0627\u06c1\u0631: %1$s\"", "\"common_signin_button_text_long\" : \"\u0412\u0445\u043e\u0434 \u0441 Google\"", "\"common_google_play_services_install_title\" : \"\u1791\u17b6\u1789\u1799\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"common_google_play_services_wear_update_text\" : \"Se necesita una nueva versi\u00f3n de los servicios de Google Play. Se actualizar\u00e1n autom\u00e1ticamente en breve.\"", "\"abc_action_bar_home_description\" : \"Find hjem\"", "\"character_counter_content_description\" : \"Girilen karakter: %1$d / %2$d\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0c35\u0c1a\u0c28 \u0c07\u0c28\u0c4d\u200c\u0c2a\u0c41\u0c1f\u0c4d \u0c2e\u0c4b\u0c21\u0c4d\u200c\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c41\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"mtrl_picker_save\" : \"Tallenna\"", "\"abc_searchview_description_search\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458\"", "\"mtrl_picker_date_header_unselected\" : \"\u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u178a\u17c2\u179b\u1794\u17b6\u1793\u200b\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\"", "\"error_icon_content_description\" : \"\u10e8\u10d4\u10ea\u10d3\u10dd\u10db\u10d0\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u00c9\"", "\"common_google_play_services_install_button\" : \"Sakinisha\"", "\"fallback_menu_item_open_in_browser\" : \"Ouvrir dans le navigateur\"", "\"mtrl_picker_date_header_unselected\" : \"Kiv\u00e1lasztott d\u00e1tum\"", "\"abc_action_bar_up_description\" : \"Idi gore\"", "\"common_google_play_services_update_text\" : \"%1$s \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a3e \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a71\u0a15 \u0a24\u0a41\u0a38\u0a40\u0a02 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a26\u0a47 \u0a39\u0a4b\u0964\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u958b\u59cb\u65e5\uff5e%1$s\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u06a9\u0648 \u06c1\u0679\u0627\u0626\u06cc\u06ba\"", "cannot allocate __cxa_eh_globals", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u043e\u043d \u0440\u0443\u0443 \u0448\u0438\u043b\u0436\u0438\u0445\"", "\"abc_activity_chooser_view_see_all\" : \"Poka\u017ei vse\"", "\"error_icon_content_description\" : \"Fejl\"", "\"password_toggle_content_description\" : \"Prika\u017ei zaporku\"", "\"item_view_role_description\" : \"Guia\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u09a8\u09a4\u09c1\u09a8 \u09b8\u0982\u09b8\u09cd\u0995\u09f0\u09a3\u09f0 \u09aa\u09cd\u09f0\u09af\u09bc\u09cb\u099c\u09a8\u09f7 \u098f\u0987\u099f\u09cb \u09b6\u09c0\u0998\u09cd\u09f0\u09c7\u0987 \u09a8\u09bf\u099c\u09c7-\u09a8\u09bf\u099c\u09c7 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u2019\u09ac\u09f7\"", "\"common_google_play_services_enable_title\" : \"\u200f\u202b\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "\"mtrl_badge_numberless_content_description\" : \"Jakinarazpen berria\"", "\"abc_menu_alt_shortcut_label\" : \"\u200eAlt+\u200e\"", "\"abc_searchview_description_search\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "\"mtrl_picker_out_of_range\" : \"N\u1eb1m ngo\u00e0i ph\u1ea1m vi: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u041e\u0434\u0438 \u043d\u0430 %1$s \u0433\u043e\u0434\u0438\u043d\u0430\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"T\u0259qvim daxiletm\u0259 rejimin\u0259 ke\u00e7in\"", "\"common_google_play_services_update_button\" : \"Atjaunin\u0101t\"", "\"nav_app_bar_open_drawer_description\" : \"Buksan ang navigation drawer\"", "\"mtrl_picker_range_header_unselected\" : \"Hasiera-data - Amaiera-data\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Prebacivanje na na\u010din unosa teksta\"", "\"abc_searchview_description_query\" : \"Leitarfyrirspurn\"", "\"material_clock_toggle_content_description\" : \"Tushdan oldin yoki keyinligini tanlang\"", "\"abc_action_bar_home_description\" : \"\u0e19\u0e33\u0e17\u0e32\u0e07\u0e44\u0e1b\u0e2b\u0e19\u0e49\u0e32\u0e41\u0e23\u0e01\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Passa alla modalit\u00e0 di immissione Testo\"", "\"abc_shareactionprovider_share_with_application\" : \"Chia s\u1ebb v\u1edbi %s\"", "\"abc_searchview_description_voice\" : \"\u0995\u09a3\u09cd\u09a0\u09a7\u09cd\u09ac\u09a8\u09bf\u09f0 \u09a6\u09cd\u09ac\u09be\u09f0\u09be \u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0410\u0431\u0430\u0433\u0443\u043b\u0456\u0446\u044c \u043f\u0440\u0430\u0437 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u0443 \"%s\"\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tik om naar dagselectie te schakelen\"", "\"mtrl_picker_save\" : \"\u054a\u0561\u0570\u0565\u056c\"", "\"common_google_play_services_unsupported_text\" : \"%1$s, Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz ve bu hizmetler cihaz\u0131n\u0131z taraf\u0131ndan desteklenmiyor.\"", "\"common_google_play_services_updating_text\" : \"%1$s non funzioner\u00e0 senza Google Play Services, attualmente in fase di aggiornamento.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play xizmatlari xatosi\"", "\"google_crash_reporting_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"", "\"common_google_play_services_update_title\" : \"Atnaujinkite \u201eGoogle Play\u201c paslaugas\"", "\"abc_searchview_description_submit\" : \"\u63d0\u4ea4\u67e5\u8be2\"", "\"mtrl_picker_range_header_unselected\" : \"Za\u010detni datum\u2013kon\u010dni datum\"", "\"common_google_play_services_update_button\" : \"Dateer op\"", "\"mtrl_badge_numberless_content_description\" : \"\u10d0\u10ee\u10d0\u10da\u10d8 \u10e8\u10d4\u10e2\u10e7\u10dd\u10d1\u10d8\u10dc\u10d4\u10d1\u10d0\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u0db1\u0dc0 \u0daf\u0dd0\u0db1\u0dd4\u0db8\u0dca\u0daf\u0dd3\u0db8\u0dca %1$d\u0d9a\u0da7 \u0dc0\u0da9\u0dcf\"", "\"mtrl_picker_range_header_title\" : \"V\u00e4lj intervall\"", "\"mtrl_picker_range_header_unselected\" : \"Fecha de inicio - fecha de finalizaci\u00f3n\"", "\"copy_toast_msg\" : \"Link v\u00e1g\u00f3lapra m\u00e1solva\"", "\"common_google_play_services_wear_update_text\" : \"Google Play hizmetlerinin yeni s\u00fcr\u00fcm\u00fc gerekiyor. Kendisini k\u0131sa s\u00fcre i\u00e7inde g\u00fcncelleyecektir.\"", "\"abc_action_bar_up_description\" : \"\u12c8\u12f0 \u120b\u12ed \u12eb\u1235\u1231\"", "\"abc_searchview_description_search\" : \"Mekl\u0113t\"", "\"fallback_menu_item_open_in_browser\" : \"Openen in browser\"", "\"exposed_dropdown_menu_content_description\" : \"\u0395\u03bc\u03c6\u03ac\u03bd\u03b9\u03c3\u03b7 \u03b1\u03bd\u03b1\u03c0\u03c4\u03c5\u03c3\u03c3\u03cc\u03bc\u03b5\u03bd\u03bf\u03c5 \u03bc\u03b5\u03bd\u03bf\u03cd\"", "\"error_icon_content_description\" : \"\u932f\u8aa4\"", "\"common_google_play_services_install_text\" : \"Zur Nutzung von %1$s sind die Google Play-Dienste erforderlich, die auf deinem Ger\u00e4t nicht installiert sind.\"", "Ua9enable_ifI", "\"common_google_play_services_update_title\" : \"\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play\"", "\"material_hour_suffix\" : \"\u1798\u17c9\u17c4\u1784 %1$s\"", "\"common_open_on_phone\" : \"Odpiranje v telefonu\"", "\"fallback_menu_item_copy_link\" : \"\u0b32\u0b3f\u0b19\u0b4d\u0b15\u0b4d \u0b15\u0b2a\u0b3f \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_action_menu_overflow_description\" : \"\u0906\u0923\u0916\u0940 \u092a\u0930\u094d\u092f\u093e\u092f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ma problem z dost\u0119pem do Us\u0142ug Google Play. Spr\u00f3buj jeszcze raz.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u70b9\u6309\u5373\u53ef\u5207\u6362\u5230\u9009\u62e9\u67d0\u5929\"", "\"abc_shareactionprovider_share_with\" : \"\u5206\u4eab\u5c0d\u8c61\"", "\"common_google_play_services_install_title\" : \"Installa Google Play Services\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0627\u0644\u062a\u0646\u0642\u0644 \u0625\u0644\u0649 \u0627\u0644\u0639\u0627\u0645 %1$s\"", "\"abc_capital_on\" : \"\u0938\u0915\u094d\u0930\u093f\u092f\"", "\"bottomsheet_action_expand_halfway\" : \"Udvid halvdelen\"", "\"material_hour_selection\" : \"Hautatu ordua\"", "\"mtrl_picker_date_header_title\" : \"\u0aa4\u0abe\u0ab0\u0ac0\u0a96 \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"icon_content_description\" : \"Dialogikon\"", "\"common_google_play_services_update_button\" : \"\uc5c5\ub370\uc774\ud2b8\"", "\"common_google_play_services_enable_title\" : \"Omogo\u010danje storitev Google Play\"", "\"material_timepicker_text_input_mode_description\" : \"\u064a\u064f\u0631\u062c\u0649 \u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0648\u0636\u0639 \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0646\u0635 \u0644\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0648\u0642\u062a.\"", "N12_GLOBAL__N_116itanium_demangle9LocalNameE", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidade Servi\u00e7os do Google Play\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ima problema sa Google Play uslugama. Probajte ponovo.\"", "\"material_timepicker_clock_mode_description\" : \"\u0935\u0947\u0933\u0947\u091a\u094d\u092f\u093e \u0907\u0928\u092a\u0941\u091f\u0938\u093e\u0920\u0940 \u0918\u0921\u094d\u092f\u093e\u0933 \u092e\u094b\u0921\u0935\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e.\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u05d9\"", "\"common_signin_button_text_long\" : \"Bejelentkez\u00e9s Google-fi\u00f3kkal\"", "\"abc_menu_meta_shortcut_label\" : \"M\u00e9ta+\"", "operator~", "\"material_timepicker_select_time\" : \"Pilih waktu\"", "\"mtrl_badge_numberless_content_description\" : \"Ny avisering\"", "\"copy_toast_msg\" : \"Link copiado para a \u00e1rea de transfer\u00eancia\"", "\"mtrl_picker_range_header_only_end_selected\" : \"S\u0101kuma datums\u2013%1$s\"", "\"mtrl_picker_invalid_range\" : \"Neveljaven razpon.\"", "\"material_minute_suffix\" : \"%1$s \u092e\u093f\u0928\u0947\u091f\"", "\"mtrl_picker_a11y_prev_month\" : \"\u00c4ndra till f\u00f6reg\u00e5ende m\u00e5nad\"", "\"mtrl_picker_announce_current_selection\" : \"\u05d4\u05d1\u05d7\u05d9\u05e8\u05d4 \u05d4\u05e0\u05d5\u05db\u05d7\u05d9\u05ea: %1$s\"", "\"common_google_play_services_wear_update_text\" : \"\u0412\u0435\u0440\u0441\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google\u00a0Play \u0443\u0441\u0442\u0430\u0440\u0435\u043b\u0430. \u041e\u043d\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\"", "\"mtrl_picker_a11y_next_month\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 \u043c\u0435\u0441\u044f\u0446\u0443\"", "\"mtrl_picker_out_of_range\" : \"\u0cb5\u0ccd\u0caf\u0cbe\u0caa\u0ccd\u0ca4\u0cbf\u0caf \u0cb9\u0cca\u0cb0\u0c97\u0cbf\u0ca6\u0cc6: %1$s\"", "\"abc_searchview_description_submit\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d38\u0d2e\u0d7c\u0d2a\u0d4d\u0d2a\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_capital_on\" : \"\u099a\u09be\u09b2\u09c1 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_install_title\" : \"\u041f\u0440\u0435\u0437\u0435\u043c\u0438 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"P\u0101rsl\u0113gties uz kalend\u0101ra ievades re\u017e\u012bmu\"", "\"bottomsheet_action_expand_halfway\" : \"\u0a05\u0a71\u0a27 \u0a24\u0a71\u0a15 \u0a35\u0a3f\u0a38\u0a24\u0a3e\u0a30 \u0a15\u0a30\u0a4b\"", "\"icon_content_description\" : \"Valintaikkunan kuvake\"", "\"common_google_play_services_install_button\" : \"O\u2018rnatish\"", "'block-literal'", "\"google_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"", "\"abc_shareactionprovider_share_with\" : \"Partekatu honekin\"", "\"common_open_on_phone\" : \"\u09ab'\u09a8\u09a4 \u0996\u09cb\u09b2\u0995\"", "\"common_google_play_services_enable_title\" : \"I-enable ang mga serbisyo ng Google Play\"", "\"copy_toast_msg\" : \"\u94fe\u63a5\u5df2\u590d\u5236\u5230\u526a\u8d34\u677f\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne\u0107e funkcionirati bez usluga Google Playa koje va\u0161 ure\u0111aj ne podr\u017eava.\"", "\"material_hour_selection\" : \"\u06af\u06be\u0646\u0679\u06c1 \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"material_timepicker_clock_mode_description\" : \"\u0426\u0430\u0433\u0438\u0439\u0433 \u043e\u0440\u0443\u0443\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0446\u0430\u0433\u0438\u0439\u043d \u0433\u043e\u0440\u0438\u043c\u0434 \u0448\u0438\u043b\u0436\u04af\u04af\u043b\u043d\u044d \u04af\u04af.\"", "\"item_view_role_description\" : \"\u041a\u0430\u0440\u0442\u0438\u0447\u043a\u0430\"", "\"abc_searchview_description_submit\" : \"Indsend foresp\u00f8rgsel\"", "\"mtrl_picker_range_header_title\" : \"Kies datumreeks\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0414\u0430\u0442\u0443\u043c \u043f\u043e\u0447\u0435\u0442\u043a\u0430\"", "\"mtrl_picker_date_header_unselected\" : \"\u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cb2\u0cbe\u0c97\u0cbf\u0ca6\u0cc6\"", "\"abc_action_mode_done\" : \"\u0b39\u0b4b\u0b07\u0b17\u0b32\u0b3e\"", "\"icon_content_description\" : \"\u0e44\u0e2d\u0e04\u0e2d\u0e19\u0e01\u0e25\u0e48\u0e2d\u0e07\u0e42\u0e15\u0e49\u0e15\u0e2d\u0e1a\"", "\"abc_searchview_description_query\" : \"Qidiruv so\u2018rovi\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s\u0b90\u0baa\u0bcd \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0b9f\u0bc1\u0ba4\u0bcd\u0ba4\u0bc1\u0b95\"", "\"fallback_menu_item_open_in_browser\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u0432\u043e \u043f\u0440\u0435\u043b\u0438\u0441\u0442\u0443\u0432\u0430\u0447\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u05e9\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u041a\u0440\u0430\u0435\u043d \u0434\u0430\u0442\u0443\u043c\"", "\"mtrl_picker_a11y_prev_month\" : \"\u0627\u0644\u062a\u063a\u064a\u064a\u0631 \u0625\u0644\u0649 \u0627\u0644\u0634\u0647\u0631 \u0627\u0644\u0633\u0627\u0628\u0642\"", "\"abc_shareactionprovider_share_with_application\" : \"\u053f\u056b\u057d\u057e\u0565\u056c %s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u056b \u0574\u056b\u057b\u0578\u0581\u0578\u057e\"", "\"fallback_menu_item_open_in_browser\" : \"\u0641\u062a\u062d \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d\"", "\"mtrl_picker_announce_current_selection\" : \"\u10d0\u10db\u10df\u10d0\u10db\u10d8\u10dc\u10d3\u10d4\u10da\u10d8 \u10d0\u10e0\u10e9\u10d4\u10d5\u10d0\u10dc\u10d8: %1$s\"", "\"material_minute_selection\" : \"Minuten ausw\u00e4hlen\"", "\"abc_menu_meta_shortcut_label\" : \"Meta \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"mtrl_picker_date_header_title\" : \"\u9078\u53d6\u65e5\u671f\"", "\"abc_prepend_shortcut_label\" : \"\u041c\u0435\u043d\u044e\u00a0+\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Datum zavr\u0161etka\"", "\"mtrl_picker_a11y_next_month\" : \"Breyta \u00ed n\u00e6sta m\u00e1nu\u00f0\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui ne sont pas compatibles avec votre appareil.\"", "\"abc_searchview_description_query\" : \"Pertanyaan carian\"", "\"item_view_role_description\" : \"Karta\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0410\u044f\u043a\u0442\u043e\u043e \u043a\u04af\u043d\u04af\"", "\"copy_toast_msg\" : \"Link je kopiran u me\u0111umemoriju\"", "\"common_google_play_services_install_text\" : \"Programa \u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kuri\u0173 n\u0117ra \u012frenginyje.\"", "\"abc_searchview_description_submit\" : \"\uac80\uc0c9\uc5b4 \ubcf4\ub0b4\uae30\"", "\"abc_menu_space_shortcut_label\" : \"Espai\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s-\u10d8\u10e1 \u10d0\u10db\u10dd\u10e8\u10da\u10d0\"", "\"abc_activity_chooser_view_see_all\" : \"Ham\u0131s\u0131na bax\u0131n\"", "\"abc_searchview_description_query\" : \"Telusuri kueri\"", "\"material_hour_selection\" : \"\u0db4\u0dd0\u0dba \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_enable_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u6709\u52b9\u5316\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0b0f\u0b39\u0b3f Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e \u0b1a\u0b3e\u0b32\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b0f\u0b2c\u0b02 \u0b38\u0b47\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b06\u0b2a\u0b23\u0b19\u0b4d\u0b15 \u0b21\u0b3f\u0b2d\u0b3e\u0b07\u0b38\u0b4d\u200c\u0b30\u0b47 \u0b15\u0b3e\u0b2e \u0b15\u0b30\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"mtrl_badge_numberless_content_description\" : \"Nov\u00e9 upozornenie\"", "\"mtrl_picker_date_header_title\" : \"\u0538\u0576\u057f\u0580\u0565\u0584 \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"exposed_dropdown_menu_content_description\" : \"\u0646\u0645\u0627\u06cc\u0634 \u0645\u0646\u0648\u06cc \u06a9\u0631\u06a9\u0631\u0647\u200c\u0627\u06cc\"", "\"abc_capital_on\" : \"TIL\"", "\"common_google_play_services_notification_ticker\" : \"Google Play xidm\u0259tl\u0259ri x\u0259tas\u0131\"", "N12_GLOBAL__N_116itanium_demangle13QualifiedNameE", "\"material_hour_suffix\" : \"%1$s(r)ak dira\"", "sizeof... (", "__uuidof(", "\"abc_searchview_description_voice\" : \"T\u00ecm ki\u1ebfm b\u1eb1ng gi\u1ecdng n\u00f3i\"", "\"abc_searchview_description_search\" : \"S\u00f8g\"", "\"common_google_play_services_updating_text\" : \"Lai lietotne %1$s darbotos, ir j\u0101instal\u0113 Google\u00a0Play pakalpojumi. Pa\u0161laik notiek to atjaunin\u0101\u0161ana.\"", "\"fallback_menu_item_copy_link\" : \"\u0932\u093f\u0902\u0915 \u0915\u0949\u092a\u0940 \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Pabaigos data\"", "\"nav_app_bar_open_drawer_description\" : \"M\u1edf ng\u0103n \u0111i\u1ec1u h\u01b0\u1edbng\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e\u0915\u094b \u0909\u092a\u0932\u092c\u094d\u0927\u0924\u093e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s mengalami masalah dengan layanan Google Play. Coba lagi.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s - \u10d3\u10d0\u10e1\u10e0\u10e3\u10da\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"common_signin_button_text\" : \"\u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\"", "\"common_signin_button_text_long\" : \"\u041d\u0430\u0458\u0430\u0432\u0438 \u0441\u0435 \u0441\u043e Google\"", "\"common_google_play_services_enable_button\" : \"Aktiv\u00e9r\"", "\"common_google_play_services_install_title\" : \"Descargar servizos de Google Play\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041a\u043e\u043b\u044c\u043a\u0430\u0441\u0446\u044c \u043d\u043e\u0432\u044b\u0445 \u0430\u043f\u0430\u0432\u044f\u0448\u0447\u044d\u043d\u043d\u044f\u045e \u043f\u0435\u0440\u0430\u0432\u044b\u0441\u0456\u043b\u0430 %1$d\"", "\"password_toggle_content_description\" : \"\u041d\u0443\u0443\u0446 \u04af\u0433\u0438\u0439\u0433 \u0445\u0430\u0440\u0443\u0443\u043b\u0430\u0445\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041d\u0430\u0434 %1$d \u043d\u043e\u0432\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u0443\u0432\u0430\u045a\u0430\"", "\"mtrl_picker_announce_current_selection\" : \"\u12e8\u12a0\u1201\u1291 \u121d\u122d\u132b\u1366 %1$s\"", "\"material_hour_selection\" : \"Odaberite sat\"", "\"mtrl_picker_save\" : \"Lagre\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Alkamisp\u00e4iv\u00e4 \u2013 %1$s\"", "\"character_counter_overflowed_content_description\" : \"\u0421\u0438\u043c\u0432\u043e\u043b\u0434\u043e\u0440\u0434\u0443\u043d \u0441\u0430\u043d\u044b \u043a\u043e\u044e\u043b\u0433\u0430\u043d %2$d \u0447\u0435\u0433\u0438\u043d\u0435\u043d %1$d \u0441\u0438\u043c\u0432\u043e\u043b\u0433\u043e \u0430\u0448\u044b\u043f \u043a\u0435\u0442\u0442\u0438\"", "\"mtrl_picker_range_header_title\" : \"Pasirinkite diapazon\u0105\"", "unexpected", "\"material_hour_suffix\" : \"Klockan %1$s\"", "\"common_google_play_services_update_text\" : \"%1$s kan ikke k\u00f8re, medmindre du opdaterer Google Play-tjenester.\"", "\"material_timepicker_select_time\" : \"V\u00e4lj tid\"", "\"material_clock_toggle_content_description\" : \"V\u00e1lassza ki, hogy d\u00e9lel\u0151tt vagy d\u00e9lut\u00e1n\"", "\"abc_searchview_description_submit\" : \"Lek\u00e9rdez\u00e9s k\u00fcld\u00e9se\"", "\"fallback_menu_item_open_in_browser\" : \"\u0532\u0561\u0581\u0565\u056c \u0564\u056b\u057f\u0561\u0580\u056f\u056b\u0579\u0578\u0582\u0574\"", "\"icon_content_description\" : \"\u5bf9\u8bdd\u6846\u56fe\u6807\"", "\"search_menu_title\" : \"\u0ba4\u0bc7\u0b9f\u0bb2\u0bcd\"", "\"abc_searchview_description_submit\" : \"Serah pertanyaan\"", "\"common_google_play_services_wear_update_text\" : \"\u0e88\u0eb3\u200b\u0ec0\u0e9b\u0eb1\u0e99\u200b\u0e95\u0ec9\u0ead\u0e87\u200b\u0ea1\u0eb5\u200b\u0e81\u0eb2\u200b\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0ea7\u0eb5\u200b\u0e8a\u0eb1\u0e99\u200b\u0ec3\u0edd\u0ec8. \u0ea1\u0eb1\u0e99\u200b\u0e88\u0eb0\u200b\u0ead\u0eb1\u0e9a\u200b\u0ec0\u0e94\u0e94\u200b\u0e95\u0ebb\u0ea7\u200b\u0ec0\u0ead\u0e87\u200b\u0ec4\u0ea7\u0ec6\u200b\u0e99\u0eb5\u0ec9.\"", "\"abc_activitychooserview_choose_application\" : \"App ausw\u00e4hlen\"", "\"common_google_play_services_enable_button\" : \"Activa\"", "\"password_toggle_content_description\" : \"\u0b2a\u0b3e\u0b38\u0b4d\u200d\u0b71\u0b3e\u0b30\u0b4d\u0b21 \u0b26\u0b47\u0b16\u0b3e\u0b28\u0b4d\u0b24\u0b41\"", "\"mtrl_picker_invalid_format_example\" : \"Isibonelo: %1$s\"", "\"copy_toast_msg\" : \"Link skopiowany do schowka\"", "\"material_timepicker_minute\" : \"Minutua\"", "\"abc_search_hint\" : \"\u641c\u7d22\u2026\"", "\"common_google_play_services_enable_title\" : \"Gaitu Google Play zerbitzuak\"", "\"search_menu_title\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458\"", "execute once failure in __cxa_get_globals_fast()", "\"mtrl_picker_a11y_next_month\" : \"Keyingi oyga o\u02bbzgartirish\"", "\"mtrl_picker_save\" : \"Spara\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnos\u0165 slu\u017eieb Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"%s ile payla\u015f\"", "\"mtrl_picker_a11y_prev_month\" : \"Canvia al mes anterior\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Fecha de inicio\u2013%1$s\"", "\"mtrl_picker_date_header_unselected\" : \"\u062a\u0627\u0631\u06cc\u062e \u0627\u0646\u062a\u062e\u0627\u0628\u06cc\"", "\"abc_menu_space_shortcut_label\" : \"\u05e8\u05d5\u05d5\u05d7\"", "\"material_clock_toggle_content_description\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u043f\u0440\u0435\u0442\u043f\u043b\u0430\u0434\u043d\u0435 \u0438\u043b\u0438 \u043f\u043e\u043f\u043b\u0430\u0434\u043d\u0435\"", "\"mtrl_picker_range_header_unselected\" : \"Startdatum - einddatum\"", "\"mtrl_picker_date_header_title\" : \"\u0924\u093e\u0930\u0940\u0916 \u091a\u0941\u0928\u0947\u0902\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0422\u0435\u043a\u0441\u0442\u0438\u0439\u043d \u043e\u0440\u043e\u0445 \u0433\u043e\u0440\u0438\u043c \u0440\u0443\u0443 \u0441\u044d\u043b\u0433\u044d\u0445\"", "\"mtrl_picker_out_of_range\" : \"Tartom\u00e1nyon k\u00edv\u00fcl: %1$s\"", "\"material_timepicker_select_time\" : \"Id\u0151pont kiv\u00e1laszt\u00e1sa\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u04e8\u0434\u04e9\u0440 \u0441\u043e\u043d\u0433\u043e\u0445 \u0440\u0443\u0443 \u0441\u044d\u043b\u0433\u044d\u0445\u0438\u0439\u043d \u0442\u0443\u043b\u0434 \u0442\u043e\u0432\u0448\u0438\u043d\u043e \u0443\u0443\"", "\"common_google_play_services_update_text\" : \"%1$s Google Play xidm\u0259tl\u0259ri yenil\u0259m\u0259 halda \u00e7al\u0131\u015fmaz.\"", "\"mtrl_picker_range_header_unselected\" : \"Datum po\u010detka \u2013 Datum zavr\u0161etka\"", "\"material_timepicker_hour\" : \"\u05e9\u05e2\u05d4\"", "\"material_timepicker_am\" : \"\u03a0\u039c\"", "\"abc_menu_delete_shortcut_label\" : \"\u0d07\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"fallback_menu_item_share_link\" : \"\u0ec1\u0e9a\u0ec8\u0e87\u0e9b\u0eb1\u0e99\u0ea5\u0eb4\u0ec9\u0e87\"", "\"abc_searchview_description_search\" : \"\u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"material_minute_suffix\" : \"%1$s min.\"", "\"nav_app_bar_open_drawer_description\" : \"Abrir gaveta de navega\u00e7\u00e3o\"", "\"password_toggle_content_description\" : \"\u663e\u793a\u5bc6\u7801\"", "\"abc_menu_enter_shortcut_label\" : \"entr\u00e9e\"", "\"common_signin_button_text_long\" : \"Pierakst\u012bties ar Google kontu\"", "\"password_toggle_content_description\" : \"Wys wagwoord\"", "/Volumes/Android/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libcxxabi/src/abort_message.cpp", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0baa\u0bbf\u0bb4\u0bc8\"", "\"nav_app_bar_navigate_up_description\" : \"Yuxar\u0131 ke\u00e7in\"", "\"material_timepicker_minute\" : \"\u0c28\u0c3f\u0c2e\u0c3f\u0c37\u0c02\"", "\"material_timepicker_clock_mode_description\" : \"Switch to clock mode for the time input.\"", "\"common_signin_button_text_long\" : \"Login dengan Google\"", "\"exposed_dropdown_menu_content_description\" : \"Mostra el men\u00fa desplegable\"", "\"material_timepicker_text_input_mode_description\" : \"Passer en mode saisie de texte pour la saisie de l'heure.\"", "\"common_google_play_services_unknown_issue\" : \"Aplikace %1$s m\u00e1 pot\u00ed\u017ee se slu\u017ebami Google Play. Zkuste to pros\u00edm znovu.\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a %1$s \u0433\u043e\u0434\u0443\"", "\"mtrl_picker_save\" : \"Gem\"", "\"password_toggle_content_description\" : \"Bonisa iphasiwedi\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0a38\u0a2e\u0a3e\u0a2a\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u03a3\u03c4\u03ae\u03bb\u03b7 \u03b7\u03bc\u03b5\u03c1\u03ce\u03bd: %1$s\"", "\"material_timepicker_am\" : \"\u0db4\u0dd9\u0dc0\"", "\"abc_menu_meta_shortcut_label\" : \"Meta\u00a0+\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0cb5\u0cb0\u0ccd\u0cb7\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0c97\u0cbe\u0c97\u0cbf \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cb2\u0cc1 \u0c9f\u0ccd\u0caf\u0cbe\u0caa\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_menu_sym_shortcut_label\" : \"SYM +\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d adetten fazla yeni bildirim\"", "\"mtrl_picker_announce_current_selection\" : \"\u0422\u0435\u043a\u043e\u0432\u0435\u043d \u0438\u0437\u0431\u043e\u0440: %1$s\"", "\"material_timepicker_text_input_mode_description\" : \"Shintshela kumodi yokufaka umbhalo ngokufaka isikhathi.\"", "\"search_menu_title\" : \"\u0548\u0580\u0578\u0576\u0565\u056c\"", "\"mtrl_picker_invalid_format_example\" : \"V\u00ed d\u1ee5: %1$s\"", "\"mtrl_picker_a11y_prev_month\" : \"Alterar para o m\u00eas anterior\"", "\"abc_action_menu_overflow_description\" : \"\u041e\u0449\u0435 \u043e\u043f\u0446\u0438\u0438\"", "\"material_hour_suffix\" : \"%1$s\uc2dc \uc815\uac01\"", "\"common_google_play_services_enable_text\" : \"\u200f\u0644\u0646 \u064a\u0639\u0645\u0644 %1$s \u0645\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0641\u0639\u064a\u0644 \u062e\u062f\u0645\u0627\u062a Google Play.\"", "\"mtrl_picker_a11y_next_month\" : \"Verander na volgende maand\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u044b\u0431\u043e\u0440\u0430 \u0434\u043d\u0435\u0439\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\uce98\ub9b0\ub354 \uc785\ub825 \ubaa8\ub4dc\ub85c \uc804\ud658\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0448\u0443\u043a\u043e\u0432\u0438\u0439 \u0437\u0430\u043f\u0438\u0442\"", "\"abc_action_mode_done\" : \"Gotowe\"", "\"mtrl_picker_navigate_to_year_description\" : \"Ir al a\u00f1o %1$s\"", "\"common_signin_button_text\" : \"\u0c38\u0c48\u0c28\u0c4d \u0c07\u0c28\u0c4d \u0c1a\u0c47\u0c2f\u0c02\u0c21\u0c3f\"", "\"abc_capital_on\" : \"ACTIVAT\"", "\"abc_searchview_description_clear\" : \"Effacer la requ\u00eate\"", "\"abc_shareactionprovider_share_with\" : \"\u092f\u0938\u092e\u093e\u0930\u094d\u092b\u0924 \u0906\u0926\u093e\u0928 \u092a\u094d\u0930\u0926\u093e\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0434\u0430\u0442\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u044f\"", "\"mtrl_picker_save\" : \"\uc800\uc7a5\"", "\"abc_toolbar_collapse_description\" : \"\u6298\u308a\u305f\u305f\u3080\"", "\"common_google_play_services_enable_title\" : \"Nika amandla amasevisi we-Google Play\"", "\"abc_action_bar_home_description\" : \"Ch\u1ec9 \u0111\u01b0\u1eddng v\u1ec1 nh\u00e0\"", "\"common_google_play_services_enable_text\" : \"%1$s won't work unless you enable Google Play services.\"", "\"bottomsheet_action_expand_halfway\" : \"Kembangkan helaian bawah\"", "\"common_google_play_services_install_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0430\u043b\u0443\u0443\"", "\"abc_action_bar_up_description\" : \"Natrag\"", "char32_t", "\"mtrl_picker_a11y_next_month\" : \"\u0627\u0644\u062a\u063a\u064a\u064a\u0631 \u0625\u0644\u0649 \u0627\u0644\u0634\u0647\u0631 \u0627\u0644\u062a\u0627\u0644\u064a\"", "\"common_google_play_services_install_title\" : \"\u054f\u0565\u0572\u0561\u0564\u0580\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"abc_searchview_description_clear\" : \"\u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b \u0a15\u0a32\u0a40\u0a05\u0a30 \u0a15\u0a30\u0a4b\"", "\"icon_content_description\" : \"Aikoni ya Kidirisha\"", "\"clear_text_end_icon_content_description\" : \"\u067e\u0627\u06a9 \u06a9\u0631\u062f\u0646 \u0646\u0648\u0634\u062a\u0627\u0631\"", "\"common_google_play_services_unsupported_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play, na hindi nasusuportahan ng iyong device.\"", "\"abc_action_menu_overflow_description\" : \"Citas opcijas\"", "\"abc_activity_chooser_view_see_all\" : \"Skat\u012bt visu\"", "\"fallback_menu_item_copy_link\" : \"Havoladan nusxa olish\"", "\"mtrl_picker_text_input_month_abbr\" : \"l\"", "\"material_timepicker_clock_mode_description\" : \"\u0c38\u0c2e\u0c2f\u0c3e\u0c28\u0c4d\u0c28\u0c3f \u0c28\u0c2e\u0c4b\u0c26\u0c41 \u0c1a\u0c47\u0c2f\u0c21\u0c02 \u0c15\u0c4b\u0c38\u0c02 \u0c17\u0c21\u0c3f\u0c2f\u0c3e\u0c30\u0c02 \u0c2e\u0c4b\u0c21\u0c4d\u200c\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c02\u0c21\u0c3f.\"", "\"abc_searchview_description_search\" : \"Axtar\u0131n\"", "\"material_timepicker_hour\" : \"Time\"", "\"abc_capital_on\" : \"ATIVADO\"", "\"abc_menu_space_shortcut_label\" : \"\u0442\u0430\u0441\u0442\u0435\u0440 \u0437\u0430 \u0440\u0430\u0437\u043c\u0430\u043a\"", "\"abc_capital_off\" : \"\u95dc\u9589\"", "St9type_info", "\"common_google_play_services_notification_ticker\" : \"Fout met Google Play-services\"", "\"nav_app_bar_open_drawer_description\" : \"\u0427\u0430\u0431\u044b\u0442\u0442\u043e\u043e \u0441\u0443\u0443\u0440\u043c\u0430\u0441\u044b\u043d \u0430\u0447\u0443\u0443\"", "\"common_google_play_services_unsupported_text\" : \"\u0ca8\u0cbf\u0cae\u0ccd\u0cae \u0cb8\u0cbe\u0ca7\u0ca8\u0ca6 \u0cae\u0cc2\u0cb2\u0c95 \u0cac\u0cc6\u0c82\u0cac\u0cb2\u0cbf\u0cb8\u0ca6\u0cbf\u0cb0\u0cc1\u0cb5 Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 %1$s \u0cb0\u0ca8\u0ccd\u200c \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"abc_action_bar_up_description\" : \"P\u0101rvietoties uz aug\u0161u\"", "\"common_signin_button_text\" : \"Mag-sign in\"", "\"abc_action_menu_overflow_description\" : \"Daugiau parink\u010di\u0173\"", "\"fallback_menu_item_open_in_browser\" : \"\ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c \uc5f4\uae30\"", "\"mtrl_picker_date_header_title\" : \"\u0d24\u0d40\u0d2f\u0d24\u0d3f \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-szolg\u00e1ltat\u00e1sok el\u00e9rhet\u0151s\u00e9ge\"", "\"character_counter_content_description\" : \"Caracteres ingresados: %1$d de %2$d\"", "\"copy_toast_msg\" : \"Linket er kopieret til udklipsholderen\"", "\"icon_content_description\" : \"\u0417\u043d\u0430\u0447\u043e\u043a \u0432\u0456\u043a\u043d\u0430\"", "\"error_icon_content_description\" : \"\u0c0e\u0c30\u0c4d\u0c30\u0c30\u0c4d\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u0432\u0435\u0440\u043d\u0443\u0442\u044c\"", "\"common_google_play_services_install_button\" : \"\u0c07\u0c28\u0c4d\u200c\u0c38\u0c4d\u0c1f\u0c3e\u0c32\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"fallback_menu_item_copy_link\" : \"Link kopi\u00ebren\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0627\u0644\u062a\u0627\u0631\u064a\u062e\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0938\u0947 \u091c\u0941\u0921\u093c\u0940 \u0917\u0921\u093c\u092c\u0921\u093c\u0940\"", "\"mtrl_picker_date_header_title\" : \"S\u00e9lectionnez une date\"", "\"abc_menu_delete_shortcut_label\" : \"\u201edelete\u201c\"", "\"copy_toast_msg\" : \"\u0412\u0440\u044a\u0437\u043a\u0430\u0442\u0430 \u0435 \u043a\u043e\u043f\u0438\u0440\u0430\u043d\u0430 \u0432 \u0431\u0443\u0444\u0435\u0440\u043d\u0430\u0442\u0430 \u043f\u0430\u043c\u0435\u0442\"", "\"mtrl_picker_a11y_next_month\" : \"Naar volgende maand gaan\"", "\"fallback_menu_item_share_link\" : \"Compartilhar link\"", "\"abc_toolbar_collapse_description\" : \"\u0a38\u0a2e\u0a47\u0a1f\u0a4b\"", "\"material_timepicker_hour\" : \"\u5c0f\u6642\"", "\"common_google_play_services_enable_title\" : \"Google Play xidm\u0259tl\u0259rini aktiv edin\"", "\"error_icon_content_description\" : \"\u062e\u0631\u0627\u0628\u06cc\"", "\"common_google_play_services_enable_title\" : \"\u0395\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e2a\u0e34\u0e49\u0e19\u0e2a\u0e38\u0e14\"", "\"nav_app_bar_open_drawer_description\" : \"Navigationsleiste \u00f6ffnen\"", "\"character_counter_content_description\" : \"Izinhlamvu ezifakiwe ezingu-%1$d zokungu-%2$d\"", "\"mtrl_picker_announce_current_selection\" : \"Dabartinis pasirinkimas: %1$s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Overschakelen naar agenda-invoermodus\"", "\"abc_shareactionprovider_share_with_application\" : \"Udost\u0119pnij przez: %s\"", "\"mtrl_picker_text_input_date_hint\" : \"\ub0a0\uc9dc\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0d0e\u0d28\u0d4d\u0d28\u0d24\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2a\u0d19\u0d4d\u0d15\u0d3f\u0d1f\u0d41\u0d15\"", "\"common_open_on_phone\" : \"Abrir no smartphone\"", "\"mtrl_picker_invalid_format\" : \"\u0d05\u0d38\u0d3e\u0d27\u0d41\u0d35\u0d3e\u0d2f \u0d2b\u0d47\u0d3e\u0d7c\u0d2e\u0d3e\u0d31\u0d4d\u0d31\u0d4d.\"", "\"abc_capital_off\" : \"D\u00c9SACTIVER\"", "\"material_clock_toggle_content_description\" : \"\u0db4\u0dd9\u0dbb\u0dc0\u0dbb\u0dd4 \u0dc4\u0ddd \u0db4\u0dc3\u0dca\u0dc0\u0dbb\u0dd4 \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u3092\u524a\u9664\u3057\u307e\u3059\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u041d\u0430\u0447\u0430\u043b\u043d\u0430 \u0434\u0430\u0442\u0430 \u2013 %1$s\"", "\"mtrl_picker_invalid_range\" : \"Netinkamas diapazonas.\"", "\"common_google_play_services_enable_button\" : \"Enable\"", " const", "\"mtrl_picker_invalid_range\" : \"\u0924\u093e\u0930\u0940\u0916\u094b\u0902 \u0915\u0940 \u0905\u092e\u093e\u0928\u094d\u092f \u0938\u0940\u092e\u093e.\"", "\"mtrl_picker_invalid_format_use\" : \"\u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0439\u0442\u0435: %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolumn med dagar: %1$s\"", "\"password_toggle_content_description\" : \"\u015eifreyi g\u00f6ster\"", "\"material_timepicker_hour\" : \"\u5c0f\u65f6\"", "\"mtrl_chip_close_icon_content_description\" : \"\u039a\u03b1\u03c4\u03ac\u03c1\u03b3\u03b7\u03c3\u03b7 %1$s\"", "\"mtrl_picker_a11y_next_month\" : \"\u0c35\u0c1a\u0c4d\u0c1a\u0c47 \u0c28\u0c46\u0c32\u0c15\u0c41 \u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u0c41\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"abc_menu_shift_shortcut_label\" : \"Vaihto+\"", "\"abc_menu_function_shortcut_label\" : \"Fonction+\"", "\"mtrl_chip_close_icon_content_description\" : \"Remover %1$s\"", "\"abc_action_menu_overflow_description\" : \"\u0408\u043e\u0448 \u043e\u043f\u0446\u0438\u0458\u0430\"", "\"common_google_play_services_enable_title\" : \"Sl\u00e5 p\u00e5 Google Play-tjenester\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Tarikh mula \u2013 %1$s\"", "\"search_menu_title\" : \"\u041f\u043e\u0438\u0441\u043a\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u1790\"", "\"abc_searchview_description_submit\" : \"\u09aa\u09cd\u09f0\u09b6\u09cd\u09a8 \u09a6\u09be\u0996\u09bf\u09b2 \u0995\u09f0\u0995\"", "\"mtrl_picker_invalid_format_example\" : \"P\u00e9lda: %1$s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Nh\u1ea5n \u0111\u1ec3 chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 ch\u1ecdn m\u1ed9t n\u0103m\"", "\"abc_action_bar_up_description\" : \"\u5411\u4e0a\u700f\u89bd\"", "\"abc_searchview_description_query\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0627 \u0627\u0633\u062a\u0641\u0633\u0627\u0631\"", "\"abc_searchview_description_clear\" : \"Sor\u011funu silin\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Tarehe ya kuanza\"", "\"search_menu_title\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"mtrl_picker_text_input_month_abbr\" : \"k\"", "\"mtrl_picker_navigate_to_year_description\" : \"Yilga nazar solish: %1$s\"", "\"mtrl_picker_out_of_range\" : \"Ikude kubanga: %1$s\"", "\"nav_app_bar_open_drawer_description\" : \"Ireki nabigazio-panel lerrakorra\"", "\"abc_action_bar_home_description\" : \"Naviger hjem\"", "\"mtrl_picker_invalid_format\" : \"\u0411\u0443\u0440\u0443\u0443 \u0444\u043e\u0440\u043c\u0430\u0442 \u0431\u0430\u0439\u043d\u0430.\"", "\"common_google_play_services_enable_text\" : \"%1$s s\u00f3 funciona com o Google Play Services ativado.\"", "\"abc_action_menu_overflow_description\" : \"Ve\u010d mo\u017enosti\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0423\u043a\u043b\u043e\u043d\u0438\u0442\u0435 %1$s\"", "\"common_signin_button_text\" : \"Pierakst\u012bties\"", "\"abc_toolbar_collapse_description\" : \"\u10e9\u10d0\u10d9\u10d4\u10ea\u10d5\u10d0\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navigate to year %1$s\"", "\"common_google_play_services_install_title\" : \"\u0e95\u0eb4\u0e94\u0e95\u0eb1\u0ec9\u0e87\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play\"", "\"character_counter_content_description\" : \"%2$d \u0645\u06cc\u06ba \u0633\u06d2 %1$d \u062d\u0631\u0648\u0641 \u062f\u0631\u062c \u06a9\u06cc\u06d2 \u06af\u0626\u06d2\"", "\"common_google_play_services_update_title\" : \"\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"common_google_play_services_install_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2a\u0b4d\u0b30\u0b3e\u0b2a\u0b4d\u0b24 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"icon_content_description\" : \"\u09a1\u09be\u09af\u09bc\u09be\u09b2\u0997 \u0986\u0987\u0995\u09a8\"", "\"abc_action_bar_home_description\" : \"Naviga\u021bi la ecranul de pornire\"", "\"abc_action_bar_up_description\" : \"Vai cara arriba\"", "\"mtrl_picker_a11y_prev_month\" : \"\u1794\u17d2\u178a\u17bc\u179a\u200b\u1791\u17c5\u200b\u1781\u17c2\u1798\u17bb\u1793\"", "\"copy_toast_msg\" : \"\u0110\u00e3 sao ch\u00e9p \u0111\u01b0\u1eddng li\u00ean k\u1ebft v\u00e0o khay nh\u1edb t\u1ea1m\"", "\"mtrl_picker_invalid_format_example\" : \"\u0989\u09a6\u09be\u09b9\u09b0\u09a3: %1$s\"", "\"material_hour_suffix\" : \"Ora %1$s\"", "operator+=", "\"common_google_play_services_install_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u062d\u0627\u0635\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u0442\u0430\u0439 \u0445\u0443\u0432\u0430\u0430\u043b\u0446\u0430\u0445\"", "\"mtrl_picker_save\" : \"\u0e1a\u0e31\u0e19\u0e17\u0e36\u0e01\"", "\"status_bar_notification_info_overflow\" : \"\u09ef\u09ef\u09ef+\"", "\"mtrl_picker_invalid_range\" : \"\u041f\u043e\u0433\u0440\u0435\u0448\u0435\u043d \u043e\u043f\u0441\u0435\u0433.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Calendar \u0915\u094b \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u092e\u093e \u092c\u0926\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_enable_button\" : \"Yoqish\"", "\"common_signin_button_text_long\" : \"\u200f\u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0627 Google\u200e\"", "\"common_google_play_services_enable_title\" : \"\u555f\u7528 Google Play \u670d\u52d9\"", "\"material_timepicker_am\" : \"a. m.\"", "\"common_google_play_services_update_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0436\u0430\u04a3\u0430\u0440\u0442\u0443\"", "\"common_google_play_services_updating_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care momentan se actualizeaz\u0103.\"", "\"mtrl_badge_numberless_content_description\" : \"Jauns pazi\u0146ojums\"", "\"character_counter_overflowed_content_description\" : \"\u05de\u05d2\u05d1\u05dc\u05ea \u05d4\u05ea\u05d5\u05d5\u05d9\u05dd \u05d7\u05d5\u05e8\u05d2\u05ea \u05d1-%1$d \u05de\u05ea\u05d5\u05da %2$d\"", "'unnamed", "\"abc_action_mode_done\" : \"Done\"", "\"mtrl_picker_invalid_range\" : \"\u0645\u062d\u062f\u0648\u062f\u0647 \u0646\u0627\u0645\u0639\u062a\u0628\u0631 \u0627\u0633\u062a.\"", "\"material_timepicker_clock_mode_description\" : \"\uc2dc\uac04 \uc785\ub825\uc744 \uc704\ud574 \uc2dc\uacc4 \ubaa8\ub4dc\ub85c \uc804\ud658\ud569\ub2c8\ub2e4.\"", "\"common_google_play_services_unsupported_text\" : \"\u60a8\u7684\u8bbe\u5907\u4e0d\u652f\u6301 Google Play \u670d\u52a1\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"material_timepicker_text_input_mode_description\" : \"Lumipat sa pamamaraan ng pag-input ng text para sa input na oras.\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u767d\u9375\"", "\"mtrl_picker_invalid_range\" : \"\u0416\u0430\u0440\u0430\u043a\u0441\u044b\u0437 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d.\"", "\"common_google_play_services_enable_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc0ac\uc6a9\"", "\"common_google_play_services_unknown_issue\" : \"%1$s est\u00e1 a ter problemas com os Servi\u00e7os do Google Play. Tente novamente.\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u987b\u5148\u66f4\u65b0 Google Play \u670d\u52a1\uff0c\u7136\u540e\u624d\u80fd\u8fd0\u884c%1$s\u3002\"", "\"nav_app_bar_open_drawer_description\" : \"Maak navigasielaai oop\"", "\"fallback_menu_item_open_in_browser\" : \"Obre al navegador\"", "\"icon_content_description\" : \"\u0dc3\u0d82\u0dc0\u0dcf\u0daf \u0db1\u0dd2\u0dbb\u0dd6\u0db4\u0d9a\u0dba\"", "\"fallback_menu_item_copy_link\" : \"Copiar enlace\"", "\"fallback_menu_item_open_in_browser\" : \"Open in browser\"", "\"mtrl_picker_range_header_unselected\" : \"\uc2dc\uc791\uc77c~\uc885\ub8cc\uc77c\"", "\"abc_menu_space_shortcut_label\" : \"\u10e8\u10dd\u10e0\u10d8\u10e1\u10d8\"", "\"character_counter_content_description\" : \"Innslegnir stafir %1$d af %2$d\"", "\"abc_menu_space_shortcut_label\" : \"espa\u00e7o\"", "\"mtrl_picker_range_header_unselected\" : \"D\u00e1tum za\u010datia \u2013 d\u00e1tum ukon\u010denia\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 d\u00e1tum ukon\u010denia\"", "\"item_view_role_description\" : \"\u0d1f\u0d3e\u0d2c\u0d4d\"", "\"mtrl_picker_range_header_selected\" : \"%1$s: %2$s\"", "\"abc_capital_off\" : \"NONAKTIF\"", "\"material_timepicker_am\" : \"FM\"", "\"mtrl_picker_invalid_format_example\" : \"\u041c\u0438\u0441\u0430\u043b\u044b: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"Zobrazi\u0165 v\u0161etky\"", "\"material_minute_selection\" : \"\u09ae\u09bf\u09a8\u09bf\u099f \u09ac\u09be\u099b\u09a8\u09bf \u0995\u09f0\u0995\"", "\"error_icon_content_description\" : \"Viga\"", "\"error_icon_content_description\" : \"Feil\"", "\"abc_shareactionprovider_share_with\" : \"Dijeli s\"", "\"abc_searchview_description_query\" : \"\u0425\u0430\u0439\u0445 \u0430\u0441\u0443\u0443\u043b\u0433\u0430\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u0997\u09c1\u09b2\u09bf\u09b0 \u09b8\u09be\u09a5\u09c7 %1$s \u098f\u09b0 \u09b8\u09ae\u09b8\u09cd\u09af\u09be \u09b9\u099a\u09cd\u099b\u09c7\u09f7 \u0985\u09a8\u09c1\u0997\u09cd\u09b0\u09b9 \u0995\u09b0\u09c7 \u0986\u09ac\u09be\u09b0 \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09b0\u09c1\u09a8\u09f7\"", "\"common_signin_button_text_long\" : \"Google\u306b\u30ed\u30b0\u30a4\u30f3\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Biti\u015f tarihi\"", "\"error_icon_content_description\" : \"\u0d2a\u0d3f\u0d36\u0d15\u0d4d\"", "\"common_google_play_services_enable_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0438\u0448\u0442\u0435\u0442\u043c\u0435\u0439\u0438\u04a3\u0438\u0437\u0447\u0435 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u043c\u0443 \u043c\u0435\u0441\u044f\u0446\u0443\"", "\"mtrl_picker_announce_current_selection\" : \"\u0ba4\u0bb1\u0bcd\u0baa\u0bcb\u0ba4\u0bc8\u0baf \u0ba4\u0bc7\u0bb0\u0bcd\u0bb5\u0bc1: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"Teilen mit\"", "\"mtrl_picker_invalid_format_use\" : \"\u0c07\u0c32\u0c3e \u0c09\u0c2a\u0c2f\u0c4b\u0c17\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f: %1$s\"", "\"material_timepicker_am\" : \"f.h.\"", "\"common_google_play_services_enable_title\" : \"Washa huduma za Google Play\"", "\"common_signin_button_text_long\" : \"Google \u0430\u0440\u049b\u044b\u043b\u044b \u043a\u0456\u0440\u0443\"", "\"mtrl_picker_text_input_date_hint\" : \"Datum\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \uc11c\ube44\uc2a4 \uc624\ub958\"", "\"mtrl_picker_a11y_prev_month\" : \"Tukar kepada bulan sebelumnya\"", "\"mtrl_picker_date_header_unselected\" : \"\u0418\u0437\u0430\u0431\u0440\u0430\u043d\u0438 \u0434\u0430\u0442\u0443\u043c\"", "\"character_counter_overflowed_content_description\" : \"Simvol limiti %1$d/%2$d d\u0259y\u0259rini ke\u00e7di\"", "\"mtrl_picker_a11y_next_month\" : \"Chuy\u1ec3n sang th\u00e1ng ti\u1ebfp theo\"", "\"abc_activitychooserview_choose_application\" : \"Selecionar um app\"", "\"mtrl_picker_range_header_unselected\" : \"\u958b\u59cb\u65e5\uff5e\u7d42\u4e86\u65e5\"", "\"mtrl_picker_a11y_prev_month\" : \"Zmie\u0144 na poprzedni miesi\u0105c\"", "\"material_minute_selection\" : \"Select minutes\"", "\"mtrl_picker_text_input_month_abbr\" : \"M\"", "\"abc_toolbar_collapse_description\" : \"Ocultar\"", "\"abc_search_hint\" : \"Tafuta\u2026\"", "\"material_minute_selection\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10ec\u10e3\u10d7\u10d4\u10d1\u10d8\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Vair\u0101k nek\u0101 %1$d\u00a0jauni pazi\u0146ojumi\"", "\"mtrl_chip_close_icon_content_description\" : \"Pa\u0161alinti %1$s\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u4ef6\u4ee5\u4e0a\u306e\u65b0\u3057\u3044\u901a\u77e5\"", "std::basic_string", "\"material_timepicker_text_input_mode_description\" : \"Ordua idazteko, aldatu testua idazteko metodora.\"", "\"bottomsheet_action_expand_halfway\" : \"Zgjeroje deri n\u00eb gjysm\u00eb\"", "\"fallback_menu_item_copy_link\" : \"Afrita tengil\"", "\"abc_searchview_description_submit\" : \"\u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b \u0a38\u0a2a\u0a41\u0a30\u0a26 \u0a15\u0a30\u0a4b\"", "\"abc_search_hint\" : \"\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"material_timepicker_hour\" : \"Ihora\"", "\"material_timepicker_hour\" : \"Ora\"", "\"fallback_menu_item_open_in_browser\" : \"\u10d1\u10e0\u10d0\u10e3\u10d6\u10d4\u10e0\u10e8\u10d8 \u10d2\u10d0\u10ee\u10e1\u10dc\u10d0\"", "\"item_view_role_description\" : \"Kichupo\"", "\"nav_app_bar_open_drawer_description\" : \"\u958b\u555f\u5c0e\u89bd\u5323\"", "\"bottomsheet_action_expand_halfway\" : \"\u0420\u0430\u0437\u0433\u044a\u0432\u0430\u043d\u0435 \u043d\u0430\u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430\"", "\"material_clock_toggle_content_description\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 .\u0642.\u0638. \u06cc\u0627 \u0628.\u0638.\"", "\"mtrl_picker_invalid_format_use\" : \"S\u1eed d\u1ee5ng: %1$s\"", "\"abc_prepend_shortcut_label\" : \"Menu+\"", "\"abc_capital_off\" : \"\u04e8\u0428\u0406\u0420\u0423\"", "\"character_counter_overflowed_content_description\" : \"Limite de caract\u00e8re d\u00e9pass\u00e9e\u00a0: %1$d sur %2$d\"", "\"abc_menu_shift_shortcut_label\" : \"\u201eShift\u201c +\"", "\"material_timepicker_pm\" : \"\u0628.\u0638\"", "\"character_counter_content_description\" : \"\u0544\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u057e\u0561\u056e \u0576\u056b\u0577\u0565\u0580\u055d %1$d/%2$d\"", "\"mtrl_picker_date_header_title\" : \"Pumili ng Petsa\"", "sizeof (", "\"abc_menu_shift_shortcut_label\" : \"T\u00f5stuklahv +\"", "\"search_menu_title\" : \"\u0ab6\u0acb\u0aa7\u0acb\"", "\"common_google_play_services_install_text\" : \"Lai lietotne %1$s darbotos, ier\u012bc\u0113 ir j\u0101instal\u0113 Google\u00a0Play pakalpojumi.\"", "\"copy_toast_msg\" : \"\u0b95\u0bbf\u0bb3\u0bbf\u0baa\u0bcd-\u0baa\u0bcb\u0bb0\u0bcd\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0bc1 \u0b87\u0ba3\u0bc8\u0baa\u0bcd\u0baa\u0bc1 \u0ba8\u0b95\u0bb2\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bc1\"", "\"common_google_play_services_unsupported_text\" : \"%1$s aplikazioa ezin da erabili Google Play zerbitzurik gabe, eta zure gailua ez da zerbitzuokin bateragarria.\"", "\"fallback_menu_item_open_in_browser\" : \"\u0425\u04e9\u0442\u0447\u0438\u0434 \u043d\u044d\u044d\u0445\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Tugash sanasi\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u8f15\u6309\u4ee5\u5207\u63db\u81f3\u9078\u64c7\u5e74\u4efd\"", "\"mtrl_picker_invalid_format_example\" : \"\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u17d6 %1$s\"", "\"common_google_play_services_enable_button\" : \"\u012egalinti\"", "\"mtrl_picker_announce_current_selection\" : \"Aktuellt val: %1$s\"", "\"mtrl_picker_date_header_unselected\" : \"Vybran\u00fd d\u00e1tum\"", "\"mtrl_badge_numberless_content_description\" : \"Nowe powiadomienie\"", "\"material_timepicker_minute\" : \"\u05d3\u05e7\u05d4\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0440\u0435\u0444\u0440\u043b\u0438 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c \u0437\u0430 \u0432\u043d\u0435\u0441\u0443\u0432\u0430\u045a\u0435 \u0432\u043e \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u043e\u0442\"", "\"abc_toolbar_collapse_description\" : \"Sa\u017emi\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u101e\u102f\u1036\u1038\u101b\u1014\u103a\"", "\"mtrl_picker_date_header_title\" : \"\u0c24\u0c47\u0c26\u0c40\u0c28\u0c3f \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"common_google_play_services_enable_title\" : \"Habilitar servicios de Google Play\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0e94\"", "\"abc_toolbar_collapse_description\" : \"Minnka\"", "\"nav_app_bar_open_drawer_description\" : \"\u0412\u0456\u0434\u043a\u0440\u0438\u0442\u0438 \u043f\u0430\u043d\u0435\u043b\u044c \u043d\u0430\u0432\u0456\u0433\u0430\u0446\u0456\u0457\"", "\"abc_activitychooserview_choose_application\" : \"Kies 'n program\"", "\"mtrl_picker_range_header_unselected\" : \"Startdato\u2013sluttdato\"", "\"character_counter_content_description\" : \"%2$d \u0b30 %1$d \u0b05\u0b15\u0b4d\u0b37\u0b30 \u0b32\u0b47\u0b16\u0b3f\u0b1b\u0b28\u0b4d\u0b24\u0b3f\"", "\"common_open_on_phone\" : \"Otw\u00f3rz na telefonie\"", "\"material_timepicker_text_input_mode_description\" : \"\u09b8\u09ae\u09df\u09f0 \u0987\u09a8\u09aa\u09c1\u099f\u09f0 \u09ac\u09be\u09ac\u09c7 \u09aa\u09be\u09a0\u09f0 \u0987\u09a8\u09aa\u09c1\u099f \u09ae'\u09a1\u09b2\u09c8 \u09af\u09be\u0993\u0995\u0964\"", "\"mtrl_picker_range_header_title\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u0434\u044b\u044f\u043f\u0430\u0437\u043e\u043d \u0434\u0430\u0442\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0412\u0438\u0434\u0430\u043b\u0438\u0442\u0438 %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"\u1794\u17d2\u179a\u17be\u17d6 %1$s\"", "\"material_hour_selection\" : \"Saat\u0131 se\u00e7in\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0a38\u0a3c\u0a41\u0a41\u0a30\u0a42\u0a06\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16 \u2013 %1$s\"", "\"mtrl_picker_range_header_title\" : \"Ch\u1ecdn d\u1ea3i \u00f4\"", "\"clear_text_end_icon_content_description\" : \"\u092e\u091c\u0915\u0942\u0930 \u0938\u093e\u092b \u0915\u0930\u093e\"", "\"abc_capital_off\" : \"\u0c06\u0c2b\u0c4d\"", "\"abc_searchview_description_search\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\"", "\"mtrl_picker_invalid_range\" : \"\u0a05\u0a35\u0a48\u0a27 \u0a30\u0a47\u0a02\u0a1c\u0964\"", "\"abc_searchview_description_clear\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u524a\u9664\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0938\u092c\u092e\u093f\u091f \u0915\u0930\u093e\"", "\"abc_action_mode_done\" : \"\u0411\u043e\u043b\u0441\u043e\u043d\"", "\"password_toggle_content_description\" : \"Afficher le mot de passe\"", "\"material_minute_suffix\" : \"%1$s \u1793\u17b6\u1791\u17b8\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Fecha de finalizaci\u00f3n\"", "\"material_hour_suffix\" : \"\u05d4\u05e9\u05e2\u05d4 %1$s\"", "\"common_google_play_services_update_button\" : \"Actualiza\u021bi\"", "\"abc_activitychooserview_choose_application\" : \"Ilovani tanlang\"", "\"character_counter_content_description\" : \"%1$d av %2$d tecken har angetts\"", "\"fallback_menu_item_share_link\" : \"\u053f\u056b\u057d\u057e\u0565\u056c \u0570\u0572\u0578\u0582\u0574\u0578\u057e\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0a38\u0a2e\u0a3e\u0a2a\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16\"", "\"material_hour_selection\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u0441\u0430\u0442\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u05e0\u05ea\u05e7\u05dc\u05d4 \u05d1\u05d1\u05e2\u05d9\u05d4 \u05d1\u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play. \u05e0\u05e1\u05d4 \u05e9\u05d5\u05d1.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d-\u10d6\u10d4 \u10db\u10d4\u10e2\u10d8 \u10d0\u10ee\u10d0\u10da\u10d8 \u10e8\u10d4\u10e2\u10e7\u10dd\u10d1\u10d8\u10dc\u10d4\u10d1\u10d0\"", "typeinfo for ", "\"abc_action_bar_home_description\" : \"\u1218\u1290\u123b \u12f3\u1235\u1235\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u0646\u0633\u062e\u0647 \u062c\u062f\u06cc\u062f \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a. \u0628\u0647\u200c\u0632\u0648\u062f\u06cc \u0628\u0647\u200c\u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang tidak didukung oleh perangkat Anda.\"", "N12_GLOBAL__N_116itanium_demangle19GlobalQualifiedNameE", "\"material_minute_selection\" : \"Izaberite minute\"", "\"password_toggle_content_description\" : \"\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8868\u793a\"", "\"fallback_menu_item_copy_link\" : \"Link m\u00e1sol\u00e1sa\"", "\"abc_action_bar_up_description\" : \"\u0c2a\u0c48\u0c15\u0c3f \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"copy_toast_msg\" : \"Linken er kopiert til utklippstavlen\"", "\"abc_searchview_description_voice\" : \"\u0ca7\u0ccd\u0cb5\u0ca8\u0cbf \u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbe\u0c9f\"", "\"abc_searchview_description_voice\" : \"Puhehaku\"", "pixel vector[", "\"common_google_play_services_notification_ticker\" : \"Virhe Google Play -palveluissa\"", "\"fallback_menu_item_share_link\" : \"\u0647\u0645\u200c\u0631\u0633\u0627\u0646\u06cc \u067e\u06cc\u0648\u0646\u062f\"", "\"mtrl_picker_announce_current_selection\" : \"Pilihan saat ini: %1$s\"", "\"material_clock_toggle_content_description\" : \"Ch\u1ecdn SA ho\u1eb7c CH\"", "\"mtrl_picker_invalid_format\" : \"\u10d0\u10e0\u10d0\u10e1\u10ec\u10dd\u10e0\u10d8 \u10e4\u10dd\u10e0\u10db\u10d0\u10e2\u10d8.\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0b86\u0bae\u0bcd \u0b86\u0ba3\u0bcd\u0b9f\u0bbf\u0bb1\u0bcd\u0b95\u0bc1\u0b9a\u0bcd \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_notification_ticker\" : \"Google \u041d\u0430\u0430\u0434\u0430\u0430\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u0438\u0439 \u0430\u043b\u0434\u0430\u0430\"", "\"material_timepicker_hour\" : \"Jam\"", "\"abc_activitychooserview_choose_application\" : \"\u0dba\u0dd9\u0daf\u0dd4\u0db8\u0d9a\u0dca \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_picker_range_header_unselected\" : \"\u5f00\u59cb\u65e5\u671f - \u7ed3\u675f\u65e5\u671f\"", "\"password_toggle_content_description\" : \"Tunjukkan kata laluan\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u12c8\u12f0 \u1240\u1295 \u1218\u121d\u1228\u1325 \u1208\u1218\u1240\u12e8\u122d \u1218\u1273 \u12eb\u12f5\u122d\u1309\"", "\"mtrl_picker_invalid_format_example\" : \"Mfano: %1$s\"", "\"abc_action_mode_done\" : \"\u0938\u092e\u094d\u092a\u0928\u094d\u0928 \u092d\u092f\u094b\"", "\"fallback_menu_item_share_link\" : \"\u041d\u0430\u0434\u0456\u0441\u043b\u0430\u0442\u0438 \u043f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f\"", "\"material_timepicker_clock_mode_description\" : \"Shintshela kumodi yewashi ngokufakwa kwesikhathi.\"", "\"abc_shareactionprovider_share_with_application\" : \"Dela med %s\"", "\"common_google_play_services_unsupported_text\" : \"Lai lietotne %1$s darbotos, ir nepiecie\u0161ami Google Play pakalpojumi, ta\u010du j\u016bsu ier\u012bce tos neatbalsta.\"", "\"common_google_play_services_update_button\" : \"Opdater\"", "\"common_google_play_services_unknown_issue\" : \"%1$s hat Probleme mit Google Play-Diensten. Bitte versuche es noch einmal.\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0ba8\u0bbe\u0b9f\u0bcd\u0b95\u0bb3\u0bbf\u0ba9\u0bcd \u0ba8\u0bc6\u0b9f\u0bc1\u0bb5\u0bb0\u0bbf\u0b9a\u0bc8: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"Vai all'anno %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0926\u093f\u0935\u0938 \u0928\u093f\u0935\u0921\u0923\u094d\u092f\u093e\u0938\u093e\u0920\u0940 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e \u0935\u0930 \u091f\u0945\u092a \u0915\u0930\u093e\"", "\"material_hour_selection\" : \"V\u00e6lg time\"", "\"abc_searchview_description_query\" : \"\u0e84\u0eb3\u0eaa\u0eb3\u0ea5\u0eb1\u0e9a\u0e84\u0ebb\u0ec9\u0e99\u0eab\u0eb2\"", "\"mtrl_picker_invalid_format_example\" : \"Ejemplo: %1$s\"", "\"common_open_on_phone\" : \"\u1235\u120d\u12ad \u120b\u12ed \u12ad\u1348\u1275\"", "\"common_google_play_services_update_button\" : \"Aktualizuj\"", "\"mtrl_badge_numberless_content_description\" : \"Njoftim i ri\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u0443\u0440\u0435\u0452\u0430\u0458 \u043d\u0435 \u043f\u043e\u0434\u0440\u0436\u0430\u0432\u0430.\"", "\"common_google_play_services_enable_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s je t\u0159eba aktivovat slu\u017eby Google Play.\"", "\"abc_action_mode_done\" : \"\u10db\u10d6\u10d0\u10d3\u10d0\u10d0\"", "\"common_signin_button_text\" : \"Ngena ngemvume\"", "\"mtrl_picker_range_header_unselected\" : \"Data de in\u00edcio \u2013 Data de t\u00e9rmino\"", "\"common_signin_button_text_long\" : \"\u0423\u0432\u0430\u0439\u0441\u0446\u0456 \u043f\u0440\u0430\u0437 Google\"", "\"common_google_play_services_notification_channel_name\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Tarikh tamat\"", "\"common_open_on_phone\" : \"Auf Smartphone \u00f6ffnen\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u1015\u103c\u102e\u1038\u1006\u102f\u1036\u1038\u101b\u1000\u103a\"", "\"common_google_play_services_wear_update_text\" : \"\u0c15\u0c4a\u0c24\u0c4d\u0c24 Google Play \u0c38\u0c47\u0c35\u0c32 \u0c35\u0c46\u0c30\u0c4d\u0c37\u0c28\u0c4d \u0c05\u0c35\u0c38\u0c30\u0c02. \u0c05\u0c26\u0c3f \u0c15\u0c4a\u0c26\u0c4d\u0c26\u0c3f \u0c38\u0c47\u0c2a\u0c1f\u0c4d\u0c32\u0c4b \u0c26\u0c3e\u0c28\u0c02\u0c24\u0c1f \u0c05\u0c26\u0c47 \u0c05\u0c2a\u0c4d\u200c\u0c21\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c41\u0c24\u0c41\u0c02\u0c26\u0c3f.\"", "\"search_menu_title\" : \"Iskanje\"", "\"character_counter_overflowed_content_description\" : \"Byl p\u0159ekro\u010den povolen\u00fd po\u010det znak\u016f (%1$d z\u00a0%2$d)\"", "\"abc_shareactionprovider_share_with\" : \"Delen met\"", "bad_array_new_length", "\"abc_action_menu_overflow_description\" : \"\u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627\u06cc \u0628\u06cc\u0634\u062a\u0631\"", "\"abc_capital_off\" : \"\u0531\u0546\u054b\u0531\u054f\u0535\u053c\"", "\"common_google_play_services_install_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui ne sont pas install\u00e9s sur votre appareil.\"", "\"abc_searchview_description_submit\" : \"\u03a5\u03c0\u03bf\u03b2\u03bf\u03bb\u03ae \u03b5\u03c1\u03c9\u03c4\u03ae\u03bc\u03b1\u03c4\u03bf\u03c2\"", "\"exposed_dropdown_menu_content_description\" : \"Afficher le menu d\u00e9roulant\"", "\"material_timepicker_clock_mode_description\" : \"Ak chcete zada\u0165 \u010das, prepnite na re\u017eim hod\u00edn.\"", "\"abc_capital_off\" : \"IMEZIMWA\"", "\"item_view_role_description\" : \"\u0423\u043a\u043b\u0430\u0434\u043a\u0430\"", "\"item_view_role_description\" : \"Pesta\u00f1a\"", "\"abc_menu_function_shortcut_label\" : \"Functie +\"", "\"mtrl_picker_invalid_format_use\" : \"Usa: %1$s\"", "\"mtrl_picker_save\" : \"Stoor\"", "\"abc_shareactionprovider_share_with\" : \"Ndaje me\"", "\"mtrl_picker_invalid_format\" : \"\u0eae\u0eb9\u0e9a\u0ec1\u0e9a\u0e9a\u0e9a\u0ecd\u0ec8\u0e96\u0eb7\u0e81\u0e95\u0ec9\u0ead\u0e87.\"", "\"item_view_role_description\" : \"Tab : Varaq\"", "\"common_google_play_services_notification_ticker\" : \"Google Play-szolg\u00e1ltat\u00e1sok \u2013 hiba\"", "\"copy_toast_msg\" : \"Link je kopiran u privremenu memoriju\"", "\"fallback_menu_item_open_in_browser\" : \"Ouvrir dans un navigateur\"", "\"material_timepicker_clock_mode_description\" : \"\u5207\u63db\u81f3\u6642\u9418\u6a21\u5f0f\u5373\u53ef\u8f38\u5165\u6642\u9593\u3002\"", "\"abc_action_menu_overflow_description\" : \"\u0dad\u0dc0\u0dad\u0dca \u0dc0\u0dd2\u0d9a\u0dbd\u0dca\u0db4\"", "\"material_timepicker_text_input_mode_description\" : \"\u1208\u130a\u12dc \u130d\u1264\u1271 \u12c8\u12f0 \u12e8\u133d\u1211\u134d \u130d\u1264\u1275 \u1201\u1290\u1273 \u1240\u12ed\u122d\u1362\"", "N12_GLOBAL__N_116itanium_demangle13ReferenceTypeE", "\"nav_app_bar_navigate_up_description\" : \"Zulazulela phezulu\"", "\"abc_search_hint\" : \"\u0548\u0580\u0578\u0576\u0578\u0582\u0574\u2026\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Dodirnite da biste pre\u0161li na izbor dana\"", "\"common_google_play_services_notification_ticker\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06cc \u062e\u0631\u0627\u0628\u06cc\"", "\"material_timepicker_text_input_mode_description\" : \"\u10d3\u10e0\u10dd\u10d8\u10e1 \u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10e1\u10d7\u10d5\u10d8\u10e1 \u10e2\u10d4\u10e5\u10e1\u10e2\u10d8\u10e1 \u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10e1 \u10e0\u10d4\u10df\u10d8\u10db\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e0\u10d7\u10d5\u10d0.\"", "\"character_counter_content_description\" : \"%2$d \u092e\u0927\u094d\u092f\u0947 %1$d \u0935\u0930\u094d\u0923 \u092a\u094d\u0930\u0935\u093f\u0937\u094d\u091f \u0917\u0930\u093f\u092f\u094b\"", "\"password_toggle_content_description\" : \"\u0a2a\u0a3e\u0a38\u0a35\u0a30\u0a21 \u0a26\u0a3f\u0a16\u0a3e\u0a13\"", "\"character_counter_overflowed_content_description\" : \"Tekenlimiet heeft %1$d van %2$d overschreden\"", "\"password_toggle_content_description\" : \"Onyesha nenosiri\"", "\"icon_content_description\" : \"Bi\u1ec3u t\u01b0\u1ee3ng h\u1ed9p tho\u1ea1i\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play zerbitzuen erabilgarritasuna\"", "\"mtrl_picker_announce_current_selection\" : \"Aktu\u00e1ln\u00ed v\u00fdb\u011br: %1$s\"", "\"fallback_menu_item_share_link\" : \"Havolani ulashish\"", "\"common_signin_button_text\" : \"\u05db\u05e0\u05d9\u05e1\u05d4\"", "\"search_menu_title\" : \"Hledat\"", "\"abc_searchview_description_search\" : \"Keres\u00e9s\"", "\"abc_action_bar_up_description\" : \"Gaan op\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u09b8\u09ae\u09be\u09aa\u09cd\u09a4\u09bf\u09b0 \u09a4\u09be\u09b0\u09bf\u0996\"", "\"common_google_play_services_install_button\" : \"Installa\"", "\"mtrl_picker_date_header_title\" : \"V\u00e4lj datum\"", "\"mtrl_picker_text_input_date_hint\" : \"P\u00e4iv\u00e4m\u00e4\u00e4r\u00e4\"", "\"abc_searchview_description_search\" : \"Szukaj\"", "\"common_open_on_phone\" : \"Ava telefonis\"", "\"abc_activitychooserview_choose_application\" : \"\uc571 \uc120\ud0dd\"", "\"abc_menu_function_shortcut_label\" : \"Funkcyjny+\"", "\"mtrl_picker_text_input_day_abbr\" : \"g\u00fcn\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03ad\u03bd\u03b1\u03c1\u03be\u03b7\u03c2 \u2013 %1$s\"", "\"material_clock_toggle_content_description\" : \"AM \u0d05\u0d32\u0d4d\u0d32\u0d46\u0d19\u0d4d\u0d15\u0d3f\u0d7d PM \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_prepend_shortcut_label\" : \"Menua +\"", "\"abc_shareactionprovider_share_with_application\" : \"Shiriki ukitumia %s\"", "\"common_google_play_services_update_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8\u0baa\u0bcd \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_install_button\" : \"Installeren\"", "\"common_google_play_services_install_text\" : \"L'app %1$s non funzioner\u00e0 senza Google Play Services, non presente sul tuo dispositivo.\"", "\"material_hour_suffix\" : \"%1$s \u0628\u062c\u06d2\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0430\"", "\"copy_toast_msg\" : \"Link copiato negli appunti\"", "\"common_google_play_services_update_text\" : \"\u200f%1$s \u05dc\u05d0 \u05d9\u05e4\u05e2\u05dc \u05d0\u05dd \u05dc\u05d0 \u05ea\u05e2\u05d3\u05db\u05df \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play.\"", "\"password_toggle_content_description\" : \"\u0395\u03bc\u03c6\u03ac\u03bd\u03b9\u03c3\u03b7 \u03ba\u03c9\u03b4\u03b9\u03ba\u03bf\u03cd \u03c0\u03c1\u03cc\u03c3\u03b2\u03b1\u03c3\u03b7\u03c2\"", "\"material_timepicker_clock_mode_description\" : \"In den Uhrzeitmodus wechseln, um die Uhrzeit einzugeben.\"", "\"copy_toast_msg\" : \"\u0932\u093f\u0902\u0915 \u0915\u094d\u0932\u093f\u092a\u092c\u094b\u0930\u094d\u0921 \u092a\u0930 \u0915\u0949\u092a\u0940 \u0915\u093f\u092f\u093e \u0917\u092f\u093e\"", "\"material_timepicker_text_input_mode_description\" : \"\u053a\u0561\u0574\u0568 \u0574\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u057f\u0565\u0584\u057d\u057f\u056b \u0574\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u0574\u0561\u0576 \u057c\u0565\u056a\u056b\u0574\u0568:\"", "\"mtrl_picker_out_of_range\" : \"\u0d36\u0d4d\u0d30\u0d47\u0d23\u0d3f\u0d15\u0d4d\u0d15\u0d4d \u0d2a\u0d41\u0d31\u0d24\u0d4d\u0d24\u0d3e\u0d23\u0d4d: %1$s\"", "\"common_google_play_services_notification_channel_name\" : \"Dost\u0119pno\u015b\u0107 Us\u0142ug Google Play\"", "\"abc_searchview_description_clear\" : \"\u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf \u09ae\u09c1\u099b\u09c7 \u09ab\u09c7\u09b2\u09c1\u09a8\"", "\"material_timepicker_hour\" : \"\u0427\u0430\u0441\"", "\"common_google_play_services_enable_button\" : \"Aktivera\"", "\"abc_searchview_description_submit\" : \"\u041d\u0430\u0456\u0441\u043b\u0430\u0442\u0438 \u0437\u0430\u043f\u0438\u0442\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u200eCtrl+\u200e\"", "\"fallback_menu_item_share_link\" : \"\u0644\u0646\u06a9 \u06a9\u0627 \u0627\u0634\u062a\u0631\u0627\u06a9 \u06a9\u0631\u06cc\u06ba\"", "\"exposed_dropdown_menu_content_description\" : \"Dropdownmenu weergeven\"", "N12_GLOBAL__N_116itanium_demangle21StructuredBindingNameE", "\"nav_app_bar_open_drawer_description\" : \"\u12e8\u12a0\u1230\u1233 \u1218\u1223\u1262\u12eb\u12cd\u1295 \u12ad\u1348\u1275\"", "\"exposed_dropdown_menu_content_description\" : \"Ipakita ang dropdown na menu\"", "\"abc_action_menu_overflow_description\" : \"\u091c\u093c\u094d\u092f\u093e\u0926\u093e \u0935\u093f\u0915\u0932\u094d\u092a\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0915\u0941\u0928\u0948 \u0926\u093f\u0928 \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0947 \u0935\u093f\u0915\u0932\u094d\u092a \u092a\u094d\u0930\u092f\u094b\u0917 \u0917\u0930\u094d\u0928 \u091f\u094d\u092f\u093e\u092a \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0414\u0430\u0442\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u044f\"", "\"character_counter_overflowed_content_description\" : \"Umepitisha idadi ya juu ya herufi %1$d kati ya %2$d\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Tarehe ya mwisho\"", "\"mtrl_picker_a11y_next_month\" : \"\u0e40\u0e1b\u0e25\u0e35\u0e48\u0e22\u0e19\u0e44\u0e1b\u0e17\u0e35\u0e48\u0e40\u0e14\u0e37\u0e2d\u0e19\u0e16\u0e31\u0e14\u0e44\u0e1b\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52a1\u7684\u9002\u7528\u8303\u56f4\"", "\"mtrl_picker_invalid_range\" : \"\u00d3gilt svi\u00f0.\"", "\"mtrl_picker_invalid_format_use\" : \"Tumia: %1$s\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Ba\u015flama tarixi \u2013 %1$s\"", "\"mtrl_picker_date_header_title\" : \"Selecciona una fecha\"", "\"abc_activitychooserview_choose_application\" : \"Alege\u021bi o aplica\u021bie\"", "\"common_open_on_phone\" : \"\u30b9\u30de\u30fc\u30c8\u30d5\u30a9\u30f3\u3067\u958b\u304f\"", "\"nav_app_bar_navigate_up_description\" : \"Remonter\"", "\"material_hour_selection\" : \"\u0918\u0928\u094d\u091f\u093e \u091a\u092f\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_open_on_phone\" : \"Buka pada telefon\"", "\"mtrl_picker_toggle_to_year_selection\" : \"I-tap para lumipat sa pagpili ng taon\"", "\"abc_action_bar_home_description\" : \"Joan orri nagusira\"", "\"abc_searchview_description_search\" : \"Haku\"", "\"abc_searchview_description_query\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u09be \u09aa\u09cd\u09f0\u09b6\u09cd\u09a8\"", "\"mtrl_picker_out_of_range\" : \"Di luar julat: %1$s\"", "\"abc_searchview_description_query\" : \"\u0a16\u0a4b\u0a1c \u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b\"", "\"abc_action_menu_overflow_description\" : \"Mai multe op\u021biuni\"", "\"mtrl_picker_out_of_range\" : \"\u0130zin verilen aral\u0131\u011f\u0131n d\u0131\u015f\u0131nda: %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u0915\u093e \u0907\u0938\u094d\u0924\u0947\u092e\u093e\u0932 \u0915\u0930\u0947\u0902\"", "\"material_minute_selection\" : \"V\u00e4lj minuter\"", "\"mtrl_picker_a11y_next_month\" : \"\u0b85\u0b9f\u0bc1\u0ba4\u0bcd\u0ba4 \u0bae\u0bbe\u0ba4\u0ba4\u0bcd\u0ba4\u0bc8\u0b95\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\"", "\"abc_searchview_description_voice\" : \"Hlasov\u00e9 vyh\u013ead\u00e1vanie\"", "\"clear_text_end_icon_content_description\" : \"\u0394\u03b9\u03b1\u03b3\u03c1\u03b1\u03c6\u03ae \u03ba\u03b5\u03b9\u03bc\u03ad\u03bd\u03bf\u03c5\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Siirry p\u00e4iv\u00e4n valintaan napauttamalla\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u092a\u094d\u0930\u093e\u092a\u094d\u0924 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_update_button\" : \"\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\"", "\"abc_activity_chooser_view_see_all\" : \"Ikusi guztiak\"", "\"abc_action_bar_home_description\" : \"\u0917\u0943\u0939 \u092a\u0943\u0937\u094d\u0920\u092e\u093e \u091c\u093e\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_capital_on\" : \"\u062a\u0641\u0639\u064a\u0644\"", "\"abc_toolbar_collapse_description\" : \"\u0ab8\u0a82\u0a95\u0ac1\u0a9a\u0abf\u0aa4 \u0a95\u0ab0\u0acb\"", "\"material_clock_toggle_content_description\" : \"Piliin ang AM o PM\"", "\"mtrl_picker_navigate_to_year_description\" : \"P\u0159ej\u00edt na rok %1$s\"", "unexpected_handler unexpectedly returned", "\"abc_capital_off\" : \"\u0417\u041d\u0418\u0416\u041a\u0410\"", "\"material_timepicker_select_time\" : \"Chagua wakati\"", "\"abc_shareactionprovider_share_with\" : \"\u0c35\u0c40\u0c30\u0c3f\u0c24\u0c4b \u0c37\u0c47\u0c30\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"material_timepicker_text_input_mode_description\" : \"Prije\u0111ite na na\u010din unosa teksta da biste unijeli vrijeme.\"", "\"abc_action_menu_overflow_description\" : \"Meer opties\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tap to switch to selecting a year\"", "\"material_timepicker_select_time\" : \"\u053a\u0561\u0574\u0561\u0576\u0561\u056f\u056b \u0568\u0576\u057f\u0580\u0578\u0582\u0569\u0575\u0578\u0582\u0576\"", "\"mtrl_picker_out_of_range\" : \"Izvan opsega: %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u0ba4\u0bb5\u0bb1\u0bbe\u0ba9 \u0bb5\u0bb0\u0bae\u0bcd\u0baa\u0bc1.\"", "\"material_timepicker_minute\" : \"Minutt\"", "\"character_counter_overflowed_content_description\" : \"\u0110\u00e3 v\u01b0\u1ee3t qu\u00e1 gi\u1edbi h\u1ea1n k\u00fd t\u1ef1 %1$d/%2$d\"", "\"mtrl_badge_numberless_content_description\" : \"\u0cb9\u0cca\u0cb8 \u0c85\u0ca7\u0cbf\u0cb8\u0cc2\u0c9a\u0ca8\u0cc6\"", "\"common_signin_button_text\" : \"\u0ab8\u0abe\u0a87\u0aa8 \u0a87\u0aa8 \u0a95\u0ab0\u0acb\"", "\"abc_searchview_description_search\" : \"Pesquisar\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Petsa ng pagsisimula\"", "\"material_timepicker_clock_mode_description\" : \"\u0eaa\u0eb0\u0eab\u0ebc\u0eb1\u0e9a\u0ec4\u0e9b\u0ec3\u0e8a\u0ec9\u0ec2\u0edd\u0e94\u0ec2\u0ea1\u0e87\u0eaa\u0eb3\u0ea5\u0eb1\u0e9a\u0e81\u0eb2\u0e99\u0e9b\u0ec9\u0ead\u0e99\u0ec0\u0ea7\u0ea5\u0eb2.\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0e1b\"", "\"abc_action_bar_up_description\" : \"Fara upp\"", "decimal32", "std::basic_ostream >", "\"nav_app_bar_open_drawer_description\" : \"Buka panel navigasi\"", "\"material_minute_selection\" : \"\u0a2e\u0a3f\u0a70\u0a1f \u0a1a\u0a41\u0a23\u0a4b\"", "\"character_counter_overflowed_content_description\" : \"\u0d85\u0db1\u0dd4\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0dc3\u0dd3\u0db8\u0dcf\u0dc0 %2$d\u0d9a\u0dd2\u0db1\u0dca %1$d \u0d89\u0d9a\u0dca\u0db8 \u0dc0\u0dd2\u0dba\"", "\"common_signin_button_text\" : \"\u09b8\u09be\u0987\u09a8-\u0987\u09a8 \u0995\u09b0\u09c1\u09a8\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Slutdato\"", "\"abc_menu_function_shortcut_label\" : \"Function+\u200e\"", "\"common_google_play_services_updating_text\" : \"%1$s no se ejecutar\u00e1 sin los servicios de Google Play. La plataforma se est\u00e1 actualizando en este momento.\"", "\"character_counter_overflowed_content_description\" : \"%2$d \u0b30 %1$d \u0b05\u0b15\u0b4d\u0b37\u0b30 \u0b32\u0b47\u0b16\u0b3f\u0b1b\u0b28\u0b4d\u0b24\u0b3f\"", "\"nav_app_bar_open_drawer_description\" : \"\u0aa8\u0ac5\u0ab5\u0abf\u0a97\u0ac7\u0ab6\u0aa8 \u0aa1\u0acd\u0ab0\u0ac9\u0a85\u0ab0 \u0a96\u0acb\u0ab2\u0acb\"", "\"search_menu_title\" : \"Axtar\u0131n\"", "\"bottomsheet_action_expand_halfway\" : \"Ut\u00f6ka till h\u00e4lften\"", "\"material_clock_toggle_content_description\" : \"Izaberite pre podne ili po podne\"", "\"mtrl_picker_out_of_range\" : \"Onartutako barrutitik kanpo: %1$s\"", "\"abc_prepend_shortcut_label\" : \"\u0b2e\u0b47\u0b28\u0b41\"", "\"abc_menu_shift_shortcut_label\" : \"MAIUSC +\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Vaihda sy\u00f6tt\u00f6tavaksi kalenteri\"", "\"mtrl_picker_invalid_format_example\" : \"Voorbeeld: %1$s\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0443\u044e \u0441\u0442\u0430\u0440\u043e\u043d\u043a\u0443\"", "\"material_hour_suffix\" : \"%1$s \u0ec2\u0ea1\u0e87\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0a95\u0abe\u0aa2\u0ac0 \u0aa8\u0abe\u0a96\u0acb\"", "N12_GLOBAL__N_116itanium_demangle13ObjCProtoNameE", "\"mtrl_picker_date_header_title\" : \"Select Date\"", "\"mtrl_picker_announce_current_selection\" : \"Pilihan semasa: %1$s\"", "\"copy_toast_msg\" : \"Povezava je kopirana v odlo\u017ei\u0161\u010de\"", "\"common_google_play_services_notification_ticker\" : \"Google\u00a0Play pakalpojumu k\u013c\u016bda\"", "\"abc_activitychooserview_choose_application\" : \"Pumili ng app\"", "\"abc_activity_chooser_view_see_all\" : \"\u1201\u1209\u1295\u121d \u12ed\u1218\u120d\u12a8\u1271\"", "\"mtrl_picker_text_input_month_abbr\" : \"\uc6d4\"", "\"common_google_play_services_install_text\" : \"\u0ca8\u0cbf\u0cae\u0ccd\u0cae \u0cb8\u0cbe\u0ca7\u0ca8\u0ca6\u0cbf\u0c82\u0ca6 \u0c95\u0cbe\u0ca3\u0cc6\u0caf\u0cbe\u0c97\u0cbf\u0cb0\u0cc1\u0cb5 %1$s, Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c, \u043f\u0430\u043a\u0443\u043b\u044c \u0432\u044b \u043d\u0435 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u043b\u0443\u0436\u0431\u044b Google Play.\"", "\"common_google_play_services_update_button\" : \"Mettre \u00e0 jour\"", "\"abc_menu_delete_shortcut_label\" : \"\u05de\u05d7\u05d9\u05e7\u05d4\"", "\"mtrl_picker_invalid_range\" : \"\u7bc4\u56f2\u304c\u7121\u52b9\u3067\u3059\u3002\"", "\"abc_menu_shift_shortcut_label\" : \"Shift \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_update_title\" : \"Opdater Google Play-tjenester\"", "\"mtrl_picker_announce_current_selection\" : \"Selecci\u00f3 actual: %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Fara upp\"", "N12_GLOBAL__N_116itanium_demangle22ConversionOperatorTypeE", "\"copy_toast_msg\" : \"\u0c15\u0c4d\u0c32\u0c3f\u0c2a\u0c4d\u200c\u0c2c\u0c4b\u0c30\u0c4d\u0c21\u0c4d\u200c\u0c15\u0c41 \u0c32\u0c3f\u0c02\u0c15\u0c4d \u0c15\u0c3e\u0c2a\u0c40 \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c3f\u0c02\u0c26\u0c3f\"", "\"material_minute_suffix\" : \"%1$s\u00a0min\"", "\"mtrl_picker_invalid_format\" : \"Muundo si sahihi\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0443\u0441\u0430\u0434 \u0441\u043e\u043d\u0433\u043e\u043b\u0442\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0ab6\u0ab0\u0ac2 \u0a95\u0ab0\u0ab5\u0abe\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96 \u2013 %1$s\"", "\"mtrl_picker_range_header_title\" : \"Selecta\u021bi intervalul\"", "N12_GLOBAL__N_116itanium_demangle4NodeE", "\"mtrl_picker_day_of_week_column_header\" : \"\u041a\u04af\u043d\u0434\u0435\u0440 \u0431\u0430\u0493\u0430\u043d\u044b: %1$s\"", "\"character_counter_content_description\" : \"Caracteres introducidos: %1$d de %2$d\"", "\"abc_searchview_description_voice\" : \"\u0410\u0439\u0442\u044b\u043f \u0438\u0437\u0434\u04e9\u04e9\"", "\"material_hour_selection\" : \"Pilih jam\"", "\"mtrl_picker_a11y_prev_month\" : \"Breyta \u00ed fyrri m\u00e1nu\u00f0\"", "\"abc_action_bar_up_description\" : \"Torna indietro\"", "\"abc_shareactionprovider_share_with\" : \"Del med\"", "\"material_clock_toggle_content_description\" : \"AM \u0c32\u0c47\u0c26\u0c3e PM\u0c28\u0c41 \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Fecha de inicio - %1$s\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Lebih daripada %1$d pemberitahuan baharu\"", "\"mtrl_picker_invalid_format\" : \"\u0642\u0627\u0644\u0628 \u0646\u0627\u0645\u0639\u062a\u0628\u0631 \u0627\u0633\u062a.\"", "\"common_google_play_services_install_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc124\uce58\"", "\"nav_app_bar_open_drawer_description\" : \"\u0928\u0947\u0935\u094d\u0939\u093f\u0917\u0947\u0936\u0928 \u0921\u094d\u0930\u0949\u0935\u0930 \u0909\u0918\u0921\u093e\"", "\"material_timepicker_clock_mode_description\" : \"\u053a\u0561\u0574\u0568 \u0574\u0578\u0582\u057f\u0584\u0561\u0563\u0580\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0575\u0581\u056b \u057c\u0565\u056a\u056b\u0574\u0568:\"", "\"abc_searchview_description_voice\" : \"Tales\u00f8k\"", "\"material_timepicker_hour\" : \"\u0421\u0430\u0442\"", "\"mtrl_picker_invalid_format_example\" : \"\u1025\u1015\u1019\u102c\u2212 %1$s\"", "\"abc_menu_function_shortcut_label\" : \"Function+\"", "\"mtrl_picker_invalid_format\" : \"Neder\u012bgs form\u0101ts.\"", "\"common_google_play_services_notification_ticker\" : \"Gabim n\u00eb sh\u00ebrbimet e \"Luaj me Google\"\"", "N12_GLOBAL__N_116itanium_demangle12CtorDtorNameE", "\"material_timepicker_text_input_mode_description\" : \"\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e42\u0e2b\u0e21\u0e14\u0e1b\u0e49\u0e2d\u0e19\u0e02\u0e49\u0e2d\u0e04\u0e27\u0e32\u0e21\u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e1b\u0e49\u0e2d\u0e19\u0e40\u0e27\u0e25\u0e32\"", "\"abc_activity_chooser_view_see_all\" : \"See all\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u1781\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32 \u0a38\u0a15\u0a47\u0a17\u0a40, \u0a1c\u0a4b \u0a24\u0a41\u0a39\u0a3e\u0a21\u0a47 \u0a21\u0a40\u0a35\u0a3e\u0a08\u0a38 '\u0a24\u0a47 \u0a38\u0a2e\u0a30\u0a25\u0a3f\u0a24 \u0a28\u0a39\u0a40\u0a02 \u0a39\u0a28\u0964\"", "\"mtrl_picker_date_header_unselected\" : \"\u10d0\u10e0\u10e9\u10d4\u10e3\u10da\u10d8 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"character_counter_overflowed_content_description\" : \"Limita de caractere a dep\u0103\u0219it %1$d din %2$d\"", "\"abc_capital_on\" : \"\u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Ketik untuk beralih kepada pemilihan tahun\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0430\u043a\u0430\u0437\u0430\u0446\u044c \u0443\u0441\u0435\"", "\"mtrl_picker_save\" : \"Speichern\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u041f\u043e\u0432\u0435\u0447\u0435 \u043e\u0442 %1$d\u00a0\u043d\u043e\u0432\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u0438\u044f\"", "\"mtrl_picker_a11y_prev_month\" : \"\u8b8a\u66f4\u70ba\u4e0a\u500b\u6708\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Prepn\u00fa\u0165 na textov\u00fd re\u017eim vstupu\"", "\"abc_searchview_description_clear\" : \"\u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8 \u0dc4\u0dd2\u0dc3\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_shareactionprovider_share_with\" : \"\u0b0f\u0b39\u0b3e\u0b19\u0b4d\u0b15 \u0b38\u0b39 \u0b38\u0b47\u0b5f\u0b3e\u0b30\u0b4d\u200c \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_searchview_description_submit\" : \"Skicka fr\u00e5ga\"", "\"abc_shareactionprovider_share_with\" : \"\u0411\u04e9\u043b\u0456\u0441\u0443\"", "\"mtrl_picker_date_header_title\" : \"Izberite datum\"", "\"nav_app_bar_navigate_up_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"abc_activity_chooser_view_see_all\" : \"\u05d4\u05e6\u05d2\u05ea \u05d4\u05db\u05d5\u05dc\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u0430\u0441\u0442\u0443\u043f\u043d\u0430\u0441\u0446\u044c \u0441\u044d\u0440\u0432\u0456\u0441\u0430\u045e Google Play\"", "\"common_google_play_services_enable_text\" : \"%1$s werkt niet, tenzij je Google Play-services inschakelt.\"", "\"exposed_dropdown_menu_content_description\" : \"Mostrar menu pendente\"", "\"mtrl_chip_close_icon_content_description\" : \"Retirar %1$s\"", "\"mtrl_picker_invalid_range\" : \"\u041e\u0433\u043d\u043e\u043e\u043d\u044b \u0445\u044f\u0437\u0433\u0430\u0430\u0440 \u0431\u0443\u0440\u0443\u0443 \u0431\u0430\u0439\u043d\u0430.\"", "\"common_google_play_services_unknown_issue\" : \"A(z) %1$s alkalmaz\u00e1s probl\u00e9m\u00e1ba \u00fctk\u00f6z\u00f6tt a Google Play-szolg\u00e1ltat\u00e1sok haszn\u00e1lata sor\u00e1n. Pr\u00f3b\u00e1lkozzon \u00fajra.\"", "\"exposed_dropdown_menu_content_description\" : \"Mostrar menu suspenso\"", "\"abc_capital_on\" : \"AKTIF\"", "\"abc_menu_enter_shortcut_label\" : \"\u043e\u0440\u0443\u0443\u043b\u0430\u0445\"", "\"abc_searchview_description_search\" : \"Realiza buscas\"", "\"character_counter_content_description\" : \"\uc785\ub825\ub41c \uae00\uc790 %1$d/%2$d\"", "\"mtrl_picker_invalid_range\" : \"\u7bc4\u570d\u7121\u6548\u3002\"", "\"project_id\" : \"allsafe-8cef0\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a26\u0a40 \u0a09\u0a2a\u0a32\u0a2c\u0a27\u0a24\u0a3e\"", "\"abc_searchview_description_query\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\"", "\"password_toggle_content_description\" : \"\u0421\u044b\u0440\u0441\u04e9\u0437\u0434\u04af \u043a\u04e9\u0440\u0441\u04e9\u0442\u04af\u04af\"", "\"material_clock_toggle_content_description\" : \"Selecionar AM ou PM\"", "\"abc_toolbar_collapse_description\" : \"Reduzir\"", "\"mtrl_picker_invalid_format_use\" : \"Gunakan: %1$s\"", "\"material_minute_selection\" : \"Izberite minute\"", "\"mtrl_picker_range_header_title\" : \"\u0ab6\u0acd\u0ab0\u0ac7\u0aa3\u0ac0 \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_invalid_format_use\" : \"Utiliser\u00a0: %1$s\"", "\"mtrl_picker_invalid_format_use\" : \"Usar: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0cb5\u0cb0\u0ccd\u0cb7\u0c95\u0ccd\u0c95\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"common_google_play_services_wear_update_text\" : \"En ny version av Google Play-tj\u00e4nster kr\u00e4vs. Den uppdateras automatiskt inom kort.\"", "\"common_google_play_services_update_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y tr\u1eeb khi b\u1ea1n c\u1eadp nh\u1eadt D\u1ecbch v\u1ee5 c\u1ee7a Google Play.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\u0e40\u0e23\u0e34\u0e48\u0e21\u0e15\u0e49\u0e19 \u2013 %1$s\"", "\"common_google_play_services_install_title\" : \"Pata huduma za Google Play\"", "\"abc_search_hint\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u2026\"", "\"mtrl_picker_date_header_unselected\" : \"\u0412\u044b\u0431\u0440\u0430\u043d\u0430\u044f \u0434\u0430\u0442\u0430\"", "\"mtrl_picker_invalid_range\" : \"Nieprawid\u0142owy zakres.\"", "\"mtrl_picker_invalid_range\" : \"Interval nevalid.\"", "\"material_minute_suffix\" : \"%1$s \u10ec\u10e3\u10d7\u10d8\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost usluga za Google Play\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data rozpocz\u0119cia \u2013 %1$s\"", "\"common_open_on_phone\" : \"\u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u062f\u0631 \u062a\u0644\u0641\u0646\"", "\"fab_transformation_sheet_behavior\" : \"com.google.android.material.transformation.FabTransformationSheetBehavior\"", "\"abc_action_menu_overflow_description\" : \"Rohkem valikuid\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1270\u1308\u129d\u1290\u1275\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1\"", "\"fallback_menu_item_open_in_browser\" : \"\u0a2c\u0a4d\u0a30\u0a3e\u0a0a\u0a1c\u0a3c\u0a30 \u0a35\u0a3f\u0a71\u0a1a \u0a16\u0a4b\u0a32\u0a4d\u0a39\u0a4b\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services \u200b\u0ec0\u0e81\u0eb5\u0e94\u200b\u0e84\u0ea7\u0eb2\u0ea1\u200b\u0e9c\u0eb4\u0e94\u200b\u0e9e\u0eb2\u0e94\"", "\"error_icon_content_description\" : \"\u0aad\u0ac2\u0ab2\"", "\"abc_searchview_description_search\" : \"Sesha\"", "\"material_timepicker_text_input_mode_description\" : \"Cambia al modo de introducci\u00f3n de texto para escribir la hora.\"", "\"material_clock_toggle_content_description\" : \"\u0412\u0438\u0431\u0435\u0440\u0456\u0442\u044c \u0414\u041f \u0447\u0438 \u041f\u041f\"", "\"mtrl_badge_numberless_content_description\" : \"\u0a28\u0a35\u0a40\u0a02 \u0a38\u0a42\u0a1a\u0a28\u0a3e\"", "\"abc_activitychooserview_choose_application\" : \"\u0a07\u0a71\u0a15 \u0a10\u0a2a \u0a1a\u0a41\u0a23\u0a4b\"", "\"abc_search_hint\" : \"\u0ba4\u0bc7\u0b9f\u0bc1\u0b95\u2026\"", "\"common_google_play_services_install_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e35\u0e48\u0e07\u0e44\u0e21\u0e48\u0e21\u0e35\u0e43\u0e19\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c\u0e02\u0e2d\u0e07\u0e04\u0e38\u0e13\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Dotik za preklop na izbiro dneva\"", "\"mtrl_picker_date_header_title\" : \"Atlasiet datumu\"", "\"abc_toolbar_collapse_description\" : \"Sak\u013caut\"", "\"mtrl_badge_numberless_content_description\" : \"Nieuwe melding\"", "\"common_signin_button_text\" : \"\u767b\u5f55\"", "N12_GLOBAL__N_116itanium_demangle11PostfixExprE", "\"exposed_dropdown_menu_content_description\" : \"Visa rullgardinsmenyn\"", "\"abc_action_menu_overflow_description\" : \"Di\u011fer se\u00e7enekler\"", "\"password_toggle_content_description\" : \"Show password\"", "\"item_view_role_description\" : \"\u1795\u17d2\u1791\u17b6\u17c6\u1784\"", "\"icon_content_description\" : \"Dialoglodzi\u0146a ikona\"", "\"abc_searchview_description_search\" : \"\u0422\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"mtrl_picker_range_header_unselected\" : \"\u10d3\u10d0\u10ec\u10e7\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8 - \u10d3\u10d0\u10e1\u10e0\u10e3\u10da\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"abc_capital_off\" : \"\u0b05\u0b2b\u0b4d\"", "\"common_google_play_services_unknown_issue\" : \"Naudojant program\u0105 \u201e%1$s\u201c kilo problem\u0173 d\u0117l \u201eGoogle Play\u201c paslaug\u0173. Bandykite dar kart\u0105.\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u30ab\u30ec\u30f3\u30c0\u30fc\u5165\u529b\u30e2\u30fc\u30c9\u306b\u5207\u308a\u66ff\u3048\"", "\"abc_searchview_description_clear\" : \"\u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bc8 \u0b85\u0bb4\u0bbf\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"mtrl_picker_invalid_range\" : \"Invalid range.\"", "\"material_timepicker_hour\" : \"\u0918\u0928\u094d\u091f\u093e:\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"T\u00f6bb mint %1$d \u00faj \u00e9rtes\u00edt\u00e9s\"", "\"abc_searchview_description_query\" : \"\u0dc3\u0dd9\u0dc0\u0dd4\u0db8\u0dca \u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8\"", "__int128", "\"mtrl_picker_range_header_title\" : \"\u671f\u9593\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\"", "\"common_signin_button_text_long\" : \"P\u0159ihl\u00e1sit se k\u00a0\u00fa\u010dtu Google\"", "\"abc_action_bar_home_description\" : \"Navigasi laman utama\"", "basic_iostream", "\"mtrl_picker_toggle_to_year_selection\" : \"\u03a0\u03b1\u03c4\u03ae\u03c3\u03c4\u03b5 \u03b3\u03b9\u03b1 \u03b5\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03b3\u03b9\u03b1 \u03c4\u03b7\u03bd \u03b5\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03ad\u03c4\u03bf\u03c5\u03c2\"", "\"icon_content_description\" : \"\u0425\u0430\u0440\u0438\u043b\u0446\u0430\u0445 \u0446\u043e\u043d\u0445\u043d\u044b \u0434\u04af\u0440\u0441 \u0442\u044d\u043c\u0434\u044d\u0433\"", "\"abc_searchview_description_clear\" : \"Clear query\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942\u0915\u093e \u0924\u094d\u0930\u0941\u091f\u093f\"", "\"material_timepicker_minute\" : \"Minut\u0117\"", "\"common_google_play_services_update_button\" : \"G\u00fcnc\u0259ll\u0259yin\"", "\"abc_action_menu_overflow_description\" : \"\u0415\u0449\u0451\"", "double", "\"bottomsheet_action_expand_halfway\" : \"\u0420\u043e\u0437\u0433\u043e\u0440\u043d\u0443\u0442\u0438 \u043d\u0438\u0436\u043d\u044e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443\"", "\"abc_menu_space_shortcut_label\" : \"razmak\"", "\"common_google_play_services_update_text\" : \"%1$s tidak akan berfungsi kecuali anda mengemas kini perkhidmatan Google Play.\"", "\"fallback_menu_item_share_link\" : \"\u101c\u1004\u1037\u103a\u1001\u103a\u1000\u102d\u102f \u1019\u103b\u103e\u101d\u1031\u101b\u1014\u103a\"", "\"common_google_play_services_install_button\" : \"Pasang\"", "\"common_google_play_services_update_title\" : \"A\u017euriranje Google Play usluga\"", "\"abc_searchview_description_voice\" : \"\u8a9e\u97f3\u641c\u5c0b\"", "\"mtrl_badge_numberless_content_description\" : \"\u0428\u0438\u043d\u044d \u043c\u044d\u0434\u044d\u0433\u0434\u044d\u043b\"", "\"mtrl_picker_range_header_unselected\" : \"\u062a\u0627\u0631\u06cc\u062e \u0622\u063a\u0627\u0632 - \u062a\u0627\u0631\u06cc\u062e \u0627\u062e\u062a\u062a\u0627\u0645\"", "\"character_counter_content_description\" : \"%2$d-\u0d7d %1$d \u0d2a\u0d4d\u0d30\u0d24\u0d40\u0d15\u0d19\u0d4d\u0d19\u0d7e \u0d28\u0d7d\u0d15\u0d3f\"", "\"mtrl_picker_date_header_unselected\" : \"Piniling petsa\"", "\"abc_menu_delete_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200edelete\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_signin_button_text_long\" : \"Inicia la sessi\u00f3 amb Google\"", "\"character_counter_overflowed_content_description\" : \"\u041c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u043d\u0438\u044f\u0442 \u0431\u0440\u043e\u0439 \u0437\u043d\u0430\u0446\u0438 \u0435 \u043d\u0430\u0434\u0445\u0432\u044a\u0440\u043b\u0435\u043d \u0441(\u044a\u0441) %1$d \u043e\u0442 %2$d\"", "\"mtrl_picker_invalid_range\" : \"Ph\u1ea1m vi kh\u00f4ng h\u1ee3p l\u1ec7.\"", "\"common_google_play_services_update_title\" : \"Uppdatera Google Play-tj\u00e4nster\"", "\"material_minute_suffix\" : \"%1$s minuuttia\"", "\"abc_searchview_description_voice\" : \"Sesli arama\"", "\"common_google_play_services_unsupported_text\" : \"\u60a8\u7684\u88dd\u7f6e\u4e0d\u652f\u63f4 Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"fallback_menu_item_open_in_browser\" : \"\u09ac\u09cd\u09b0\u09be\u0989\u099c\u09be\u09b0\u09c7 \u0996\u09c1\u09b2\u09c1\u09a8\"", "\"common_google_play_services_update_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tocca per passare alla selezione di un giorno\"", "\"abc_searchview_description_submit\" : \"Senda fyrirspurn\"", "\"material_timepicker_hour\" : \"Hodina\"", "\"search_menu_title\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\"", "\"common_google_play_services_enable_text\" : \"A(z) %1$s alkalmaz\u00e1s csak akkor m\u0171k\u00f6dik, ha enged\u00e9lyezi a Google Play-szolg\u00e1ltat\u00e1sokat.\"", "\"common_google_play_services_update_text\" : \"Google Play hizmetlerini g\u00fcncellemezseniz %1$s \u00e7al\u0131\u015fmayacak.\"", "\"nav_app_bar_navigate_up_description\" : \"\u5411\u4e0a\u5c0e\u89bd\"", "\"abc_menu_enter_shortcut_label\" : \"\u090f\u0902\u091f\u0930 \u0915\u0930\u093e\"", "\"mtrl_picker_out_of_range\" : \"Au\u00dferhalb des Bereichs: %1$s\"", "\"abc_menu_function_shortcut_label\" : \"Funksie+\"", "\"material_minute_selection\" : \"\u9009\u62e9\u5206\u949f\"", "\"material_hour_suffix\" : \"klukkan %1$s\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u0c28\u0c46\"", "\"common_google_play_services_install_title\" : \"Gaukite \u201eGoogle Play\u201c paslaugas\"", "\"abc_search_hint\" : \"Vyh\u013eada\u0165\u2026\"", "\"abc_toolbar_collapse_description\" : \"\u0e22\u0e38\u0e1a\"", "\"material_timepicker_minute\" : \"\u092e\u093f\u0928\u093f\u091f\"", "\"abc_searchview_description_search\" : \"Search\"", "\"character_counter_content_description\" : \"\u05d4\u05d5\u05d6\u05e0\u05d5 %1$d \u05ea\u05d5\u05d5\u05d9\u05dd \u05de\u05ea\u05d5\u05da %2$d\"", "\"exposed_dropdown_menu_content_description\" : \"Prika\u017ei padaju\u0107i meni\"", "\"fallback_menu_item_copy_link\" : \"Kopiraj povezavo\"", "\"mtrl_picker_out_of_range\" : \"Buite reeks: %1$s\"", "typeid (", "\"abc_toolbar_collapse_description\" : \"\u0eab\u0e8d\u0ecd\u0ec9\u0ea5\u0ebb\u0e87\"", "\"abc_search_hint\" : \"Sesha\u2026\"", "\"common_google_play_services_install_title\" : \"Dapatkan perkhidmatan Google Play\"", "\"common_google_play_services_updating_text\" : \"%1$s n\u00e3o funciona sem o Google Play Services, o qual est\u00e1 sendo atualizado no momento.\"", "\"mtrl_picker_text_input_year_abbr\" : \"r\"", "\"mtrl_picker_invalid_range\" : \"\u8303\u56f4\u65e0\u6548\u3002\"", "\"material_timepicker_text_input_mode_description\" : \"\u0427\u0442\u043e\u0431\u044b \u0432\u0432\u0435\u0441\u0442\u0438 \u0432\u0440\u0435\u043c\u044f, \u043f\u0435\u0440\u0435\u0439\u0434\u0438\u0442\u0435 \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u0432\u043e\u0434\u0430 \u0442\u0435\u043a\u0441\u0442\u0430.\"", "\"character_counter_overflowed_content_description\" : \"Omejitev \u0161tevila znakov je presegla %1$d od %2$d\"", "\"error_icon_content_description\" : \"Klaida\"", "\"material_minute_selection\" : \"Chagua dakika\"", "\"material_timepicker_text_input_mode_description\" : \"Ak chcete zada\u0165 \u010das, prepnite na textov\u00fd re\u017eim vstupu\"", "\"abc_activity_chooser_view_see_all\" : \"Visa alla\"", "\"material_clock_toggle_content_description\" : \"Selecteer a.m. of p.m.\"", "\"bottomsheet_action_expand_halfway\" : \"\u0e02\u0e22\u0e32\u0e22\u0e23\u0e32\u0e22\u0e01\u0e32\u0e23\u0e04\u0e23\u0e36\u0e48\u0e07\u0e2b\u0e19\u0e36\u0e48\u0e07\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u700f\u89bd\u81f3 %1$s \u5e74\"", "\"common_google_play_services_install_button\" : \"\u0421\u0443\u0443\u043b\u0433\u0430\u0445\"", "\"abc_toolbar_collapse_description\" : \"Y\u0131\u011fcamla\u015fd\u0131r\u0131n\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\u65e0\u6cd5\u8bbf\u95ee Google Play \u670d\u52a1\uff0c\u8bf7\u91cd\u8bd5\u3002\"", "\"material_clock_toggle_content_description\" : \"\u0395\u03c0\u03b9\u03bb\u03ad\u03be\u03c4\u03b5 \u03c0.\u03bc. \u03ae \u03bc.\u03bc.\"", "\"abc_activity_chooser_view_see_all\" : \"\u67e5\u770b\u5168\u90e8\"", "\"bottomsheet_action_expand_halfway\" : \"Desplega fins a la meitat\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\uc885\ub8cc\uc77c\"", "\"mtrl_badge_numberless_content_description\" : \"\u041d\u043e\u0432\u043e \u043e\u0431\u0430\u0432\u0435\u0448\u0442\u0435\u045a\u0435\"", "\"abc_capital_off\" : \"\u0a2c\u0a70\u0a26\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Thepha ukuze ushintshele ekukhetheni unyaka\"", "\"material_timepicker_clock_mode_description\" : \"Cambia al modo de reloj para escribir la hora.\"", "\"material_clock_toggle_content_description\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 AM (\u0434\u0430 \u043f\u0430\u045e\u0434\u043d\u044f) \u0430\u0431\u043e PM (\u043f\u0430\u0441\u043b\u044f \u043f\u0430\u045e\u0434\u043d\u044f)\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolona e dit\u00ebve: %1$s\"", "\"mtrl_picker_date_header_title\" : \"Selecionar data\"", "\"mtrl_picker_save\" : \"\u062d\u0641\u0638\"", "\"mtrl_picker_range_header_title\" : \"Aral\u0131q se\u00e7in\"", "\"mtrl_picker_save\" : \"\u0a30\u0a71\u0a16\u0a3f\u0a05\u0a24 \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_enable_text\" : \"\u091c\u092c \u0924\u0915 \u0906\u092a Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u091a\u093e\u0932\u0942 \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0947, %1$s \u0915\u093e\u092e \u0928\u0939\u0940\u0902 \u0915\u0930\u0947\u0917\u093e.\"", "\"common_google_play_services_install_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0aae\u0ac7\u0ab3\u0ab5\u0acb\"", "\"mtrl_picker_date_header_title\" : \"Selecteer een datum\"", "\"abc_searchview_description_query\" : \"\u641c\u5c0b\u67e5\u8a62\"", "\"common_google_play_services_enable_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie w\u0142\u0105czysz Us\u0142ug Google Play.\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0434\u043e %1$s \u0440\u043e\u043a\u0443\"", "\"mtrl_picker_date_header_title\" : \"\u0412\u0438\u0431\u0435\u0440\u0456\u0442\u044c \u0434\u0430\u0442\u0443\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\u200b\u1785\u17b6\u1794\u17cb\u1795\u17d2\u178a\u17be\u1798 \u2013 %1$s\"", "\"mtrl_picker_a11y_next_month\" : \"\u8f6c\u5230\u4e0b\u4e2a\u6708\"", "\"abc_menu_space_shortcut_label\" : \"\u0437\u0430\u0439\"", "\"nav_app_bar_open_drawer_description\" : \"\u101c\u1019\u103a\u1038\u1000\u103c\u1031\u102c\u1004\u103a\u1038\u1015\u103c \u1021\u1036\u1006\u103d\u1032\u1000\u102d\u102f \u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"mtrl_badge_numberless_content_description\" : \"Naujas prane\u0161imas\"", "\"icon_content_description\" : \"\u179a\u17bc\u1794\u200b\u1794\u17d2\u179a\u17a2\u1794\u17cb\u1794\u1789\u17d2\u1785\u17bc\u179b\"", "\"common_google_play_services_enable_button\" : \"\u0b87\u0baf\u0b95\u0bcd\u0b95\u0bc1\"", "\"abc_toolbar_collapse_description\" : \"\u0d1a\u0d41\u0d30\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"error_icon_content_description\" : \"\u1794\u1789\u17d2\u17a0\u17b6\"", "\"search_menu_title\" : \"Cerca\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0bae\u0bc1\u0b9f\u0bbf\u0bb5\u0bc1\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf\"", "Deleted virtual function called!", "\"fallback_menu_item_copy_link\" : \"Kopisha isixhumanisi\"", "setRegister", "\"copy_toast_msg\" : \"\u0a95\u0acd\u0ab2\u0abf\u0aaa\u0aac\u0acb\u0ab0\u0acd\u0aa1 \u0aaa\u0ab0 \u0ab2\u0abf\u0a82\u0a95 \u0a95\u0ac9\u0aaa\u0abf \u0a95\u0ab0\u0ac0\"", "\"nav_app_bar_navigate_up_description\" : \"\u0935\u093e\u092a\u0938 \u091c\u093e\u090f\u0902\"", "\"material_timepicker_hour\" : \"Uur\"", "\"material_hour_suffix\" : \"Pukul %1$s\"", "\"common_google_play_services_enable_text\" : \"\u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d7e Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d3f\u0d32\u0d4d\u0d32\u0d46\u0d19\u0d4d\u0d15\u0d3f\u0d7d %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0cb5\"", "iostream", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf\u0dc0\u0dbd \u0dbd\u0db6\u0dcf \u0d9c\u0dad \u0dc4\u0dd0\u0d9a\u0dd2 \u0db6\u0dc0\"", "\"abc_searchview_description_voice\" : \"R\u00f6sts\u00f6kning\"", "\"common_google_play_services_install_button\" : \"Instala\u021bi\"", "\"fallback_menu_item_share_link\" : \"Compartir enlace\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Kliknij, by wybra\u0107 rok\"", "\"material_timepicker_clock_mode_description\" : \"Passa alla modalit\u00e0 orologio per inserire l'ora.\"", "N12_GLOBAL__N_116itanium_demangle10VectorTypeE", "\"mtrl_picker_range_header_unselected\" : \"Tanggal mulai \u2013 Tanggal akhir\"", "\"material_minute_suffix\" : \"%1$s minuti\"", "\"bottomsheet_action_expand_halfway\" : \"\u0646\u0635\u0641 \u062a\u06a9 \u067e\u06be\u06cc\u0644\u0627\u0626\u06cc\u06ba\"", "\"common_signin_button_text_long\" : \"Google \u043c\u0435\u043d\u0435\u043d \u043a\u0438\u0440\u04af\u04af\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0639\u0645\u0648\u062f \u0627\u0644\u0623\u064a\u0627\u0645: %1$s\"", "\"fallback_menu_item_copy_link\" : \"Kopjo lidhjen\"", "\"nav_app_bar_open_drawer_description\" : \"Naviqasiya panelini a\u00e7\u0131n\"", "\"material_minute_suffix\" : \"%1$s \u1019\u102d\u1014\u1005\u103a\"", "\"clear_text_end_icon_content_description\" : \"Futa maandishi\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 einddatum\"", "\"common_google_play_services_enable_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play.\"", "\"abc_search_hint\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\u2026\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u8f15\u89f8\u5373\u53ef\u5207\u63db\u70ba\u9078\u53d6\u5e74\u4efd\"", "\"mtrl_picker_range_header_title\" : \"\u1021\u1015\u102d\u102f\u1004\u103a\u1038\u1021\u1001\u103c\u102c\u1038 \u101b\u103d\u1031\u1038\u1015\u102b\"", "\"mtrl_picker_a11y_next_month\" : \"\u0cae\u0cc1\u0c82\u0ca6\u0cbf\u0ca8 \u0ca4\u0cbf\u0c82\u0c97\u0cb3\u0cbf\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"mtrl_picker_text_input_date_hint\" : \"Ng\u00e0y\"", "\"copy_toast_msg\" : \"Tengill afrita\u00f0ur \u00e1 klippibor\u00f0\"", "\"character_counter_overflowed_content_description\" : \"Limite de %2$d caracteres excedido em %1$d\"", "N12_GLOBAL__N_116itanium_demangle8BoolExprE", "\"mtrl_picker_invalid_range\" : \"Neder\u012bgs diapazons.\"", "\"abc_menu_shift_shortcut_label\" : \"Mai\u00fas +\"", "\"fallback_menu_item_copy_link\" : \"Linki kopyalay\u0131n\"", "\"abc_searchview_description_clear\" : \"\u0394\u03b9\u03b1\u03b3\u03c1\u03b1\u03c6\u03ae \u03b5\u03c1\u03c9\u03c4\u03ae\u03bc\u03b1\u03c4\u03bf\u03c2\"", "\"abc_searchview_description_voice\" : \"Voice search\"", "\"abc_menu_space_shortcut_label\" : \"spasi\"", "\"common_google_play_services_enable_title\" : \"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"common_google_play_services_enable_title\" : \"\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google Play\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u044c \u0442\u0430\u043d\u044b\u0433 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u04af\u04af\u0434\u0438\u0439\u0433 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445\u044d\u044d\u0441 \u043d\u0430\u0430\u0448 \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"common_open_on_phone\" : \"Otvori\u0165 v telef\u00f3ne\"", "\"mtrl_picker_invalid_range\" : \"\u0ec4\u0ea5\u0e8d\u0eb0\u0e9a\u0ecd\u0ec8\u0e96\u0eb7\u0e81\u0e95\u0ec9\u0ead\u0e87.\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u05d6\u05de\u05d9\u05e0\u05d5\u05ea \u05e9\u05dc \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u05e9\u05d2\u05d9\u05d0\u05d4 \u05d1\u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "[abi:", "\"material_timepicker_clock_mode_description\" : \"\u5207\u63db\u81f3\u6642\u9418\u6a21\u5f0f\u4f86\u8f38\u5165\u6642\u9593\u3002\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u1005\u1010\u1004\u103a\u101b\u1000\u103a \u2013 %1$s\"", "\"abc_searchview_description_clear\" : \"\u6e05\u9664\u67e5\u8a62\"", "\"fallback_menu_item_share_link\" : \"\u09b2\u09bf\u0999\u09cd\u0995 \u09b6\u09c7\u09af\u09bc\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"abc_toolbar_collapse_description\" : \"Kunja\"", "\"mtrl_picker_date_header_unselected\" : \"Tarehe uliyochagua\"", "\"error_icon_content_description\" : \"\u0ca6\u0ccb\u0cb7\"", "\"common_google_play_services_install_title\" : \"\u041f\u0440\u0435\u0443\u0437\u043c\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"material_timepicker_text_input_mode_description\" : \"Skipta yfir \u00ed textastillingu til a\u00f0 f\u00e6ra inn t\u00edma.\"", "\"common_open_on_phone\" : \"\u0412\u0456\u0434\u043a\u0440\u0438\u0442\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0456\"", "St16invalid_argument", "\"password_toggle_content_description\" : \"Visa l\u00f6senord\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0ab6\u0ab0\u0ac2 \u0a95\u0ab0\u0ab5\u0abe\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u05d9\u05e9 \u05dc\u05d4\u05e7\u05d9\u05e9 \u05db\u05d3\u05d9 \u05dc\u05d4\u05d7\u05dc\u05d9\u05e3 \u05dc\u05d1\u05d7\u05d9\u05e8\u05ea \u05d9\u05d5\u05dd\"", "\"mtrl_picker_invalid_range\" : \"\u0a85\u0aae\u0abe\u0aa8\u0acd\u0aaf \u0ab6\u0acd\u0ab0\u0ac7\u0aa3\u0ac0.\"", "\"abc_action_mode_done\" : \"Fine\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u045e %1$s\u00a0\u0433\u043e\u0434\"", "\"icon_content_description\" : \"Icona del quadre de di\u00e0leg\"", "\"abc_activitychooserview_choose_application\" : \"\u0915\u094b\u0908 \u0910\u092a\u094d\u0932\u093f\u0915\u0947\u0936\u0928 \u091a\u0941\u0928\u0947\u0902\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Registers.hpp", "\"abc_menu_sym_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200eSym+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"error_icon_content_description\" : \"Hiba\"", "\"item_view_role_description\" : \"\u0628\u0631\u06af\u0647\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u045e \u0440\u044d\u0436\u044b\u043c \u0443\u0432\u043e\u0434\u0443 \"\u041a\u0430\u043b\u044f\u043d\u0434\u0430\u0440\"\"", "char8_t", "\"path_password_strike_through\" : \"M3.27,4.27 L19.74,20.74\"", "\"abc_capital_off\" : \"\u0418\u0414\u042d\u0412\u0425\u0413\u04ae\u0419\"", "\"abc_menu_function_shortcut_label\" : \"Fn +\"", "\"nav_app_bar_open_drawer_description\" : \"\u10dc\u10d0\u10d5\u10d8\u10d2\u10d0\u10ea\u10d8\u10d8\u10e1 \u10e3\u10ef\u10e0\u10d8\u10e1 \u10d2\u10d0\u10ee\u10e1\u10dc\u10d0\"", "std::ostream", "\"common_google_play_services_updating_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u101c\u1000\u103a\u101b\u103e\u102d\u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u1014\u1031\u101e\u1031\u102c\u1000\u103c\u1031\u102c\u1004\u1037\u103a %1$s \u1000\u102d\u102f\u1016\u103d\u1004\u1037\u103a\u104d\u101b\u1019\u100a\u103a\u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"material_minute_suffix\" : \"%1$s\u00a0minutes\"", "\"search_menu_title\" : \"\u0425\u0430\u0439\u0445\"", "\"mtrl_picker_text_input_date_hint\" : \"D\u00e1tum\"", "\"abc_searchview_description_search\" : \"\u062c\u0633\u062a\u062c\u0648\"", "\"password_toggle_content_description\" : \"\u09aa\u09be\u099b\u09f1\u09f0\u09cd\u09a1 \u09a6\u09c7\u0996\u09c1\u09f1\u09be\u0993\u0995\"", "\"mtrl_picker_date_header_title\" : \"\u041a\u04af\u043d\u0434\u0456 \u0442\u0430\u04a3\u0434\u0430\u0443\"", "N12_GLOBAL__N_116itanium_demangle10BracedExprE", "\"abc_capital_on\" : \"W\u0141.\"", "\"mtrl_picker_range_header_unselected\" : \"Date de d\u00e9but \u2013 Date de fin\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Data de t\u00e9rmino\"", "\"common_google_play_services_updating_text\" : \"O %1$s n\u00e3o \u00e9 executado sem os servi\u00e7os do Google Play, os quais est\u00e3o a ser atualizados.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Datum po\u010detka\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Nauj\u0173 prane\u0161im\u0173: daugiau nei %1$d\"", "\"abc_capital_off\" : \"\u0622\u0641\"", "\"abc_action_bar_home_description\" : \"Siirry etusivulle\"", "float", "\"mtrl_picker_save\" : \"\u0c89\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"abc_shareactionprovider_share_with_application\" : \"\u1785\u17c2\u1780\u200b\u179a\u17c6\u179b\u17c2\u1780\u200b\u1787\u17b6\u200b\u1798\u17bd\u1799 %s\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Skift til input-tilstand for kalender\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u0456\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play\"", "\"material_timepicker_select_time\" : \"Pumili ng oras\"", "\"fallback_menu_item_copy_link\" : \"\u0ab2\u0abf\u0a82\u0a95 \u0a95\u0ac9\u0aaa\u0abf \u0a95\u0ab0\u0acb\"", "\"material_hour_suffix\" : \"%1$s o'clock\"", "\"mtrl_picker_navigate_to_year_description\" : \"P\u0101riet uz \u0161o gadu: %1$s\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u06a9\u0648 Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0645\u0633\u0626\u0644\u06c1 \u067e\u06cc\u0634 \u0622 \u0631\u06c1\u0627 \u06c1\u06d2\u06d4 \u0628\u0631\u0627\u06c1 \u06a9\u0631\u0645 \u062f\u0648\u0628\u0627\u0631\u06c1 \u06a9\u0648\u0634\u0634 \u06a9\u0631\u06cc\u06ba\u06d4\"", "/Volumes/Android/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/UnwindCursor.hpp", "\"abc_capital_on\" : \"UKLJU\u010cENO\"", "\"material_hour_suffix\" : \"%1$s\u6642\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u0438\u0431\u0440\u0430\u0442\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0443\"", "\"mtrl_picker_invalid_format\" : \"\u0ba4\u0bb5\u0bb1\u0bbe\u0ba9 \u0bb5\u0b9f\u0bbf\u0bb5\u0bae\u0bcd.\"", "\"mtrl_picker_date_header_unselected\" : \"\u0928\u093f\u0935\u0921\u0932\u0947\u0932\u0940 \u0924\u093e\u0930\u0940\u0916\"", "\"abc_searchview_description_voice\" : \"Mekl\u0113t ar balsi\"", "terminating with %s foreign exception", "\"mtrl_picker_invalid_format_example\" : \"\u10db\u10d0\u10d2\u10d0\u10da\u10d8\u10d7\u10d8: %1$s\"", "\"abc_searchview_description_query\" : \"Keres\u00e9si lek\u00e9rdez\u00e9s\"", "\"mtrl_picker_text_input_date_hint\" : \"\u1780\u17b6\u179b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0646 \u06a9\u06cc \u0622\u067e \u06a9\u0627 \u0622\u0644\u06c1 \u0645\u0639\u0627\u0648\u0646\u062a \u0646\u06c1\u06cc\u06ba \u06a9\u0631\u062a\u0627\u06d4\"", "\"material_timepicker_text_input_mode_description\" : \"Chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 nh\u1eadp v\u0103n b\u1ea3n \u0111\u1ec3 nh\u1eadp th\u1eddi gian.\"", "\"material_timepicker_text_input_mode_description\" : \"Id\u0151bevitelhez v\u00e1ltson sz\u00f6vegbeviteli m\u00f3dba.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 data de \u00eencheiere\"", "\"common_google_play_services_notification_channel_name\" : \"Verf\u00fcgbarkeit von Google Play-Diensten\"", "\"nav_app_bar_open_drawer_description\" : \"\u0b28\u0b3e\u0b2d\u0b3f\u0b17\u0b47\u0b38\u0b28\u0b4d\u200d \u0b21\u0b4d\u0b30\u0b5f\u0b30\u0b4d\u200d \u0b16\u0b4b\u0b32\u0b28\u0b4d\u0b24\u0b41\"", "\"material_timepicker_hour\" : \"\u06af\u06be\u0646\u0679\u06c1\"", "\"mtrl_picker_save\" : \"Opslaan\"", "\"abc_toolbar_collapse_description\" : \"Daralt\"", "\"mtrl_picker_a11y_prev_month\" : \"Promijeni na prethodni mjesec\"", "\"material_timepicker_text_input_mode_description\" : \"\u0dc0\u0dda\u0dbd\u0dcf \u0d86\u0daf\u0dcf\u0db1\u0dba \u0dc3\u0db3\u0dc4\u0dcf \u0d86\u0daf\u0dcf\u0db1 \u0db4\u0dca\u200d\u0dbb\u0d9a\u0dcf\u0dbb\u0dba \u0dc0\u0dd9\u0dad \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0dd9\u0db1\u0dca\u0db1.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0ab5\u0ab0\u0acd\u0ab7\u0aa8\u0ac0 \u0aaa\u0ab8\u0a82\u0aa6\u0a97\u0ac0 \u0aaa\u0ab0 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0ab5\u0abe \u0aae\u0abe\u0a9f\u0ac7 \u0a9f\u0ac5\u0aaa \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_a11y_prev_month\" : \"Ndrysho te muaji i kaluar\"", "\"mtrl_picker_date_header_title\" : \"\u062a\u0627\u0631\u06cc\u062e \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0397\u03bc\u03b5\u03c1\u03bf\u03bc\u03b7\u03bd\u03af\u03b1 \u03bb\u03ae\u03be\u03b7\u03c2\"", "\"abc_action_mode_done\" : \"\u5b8c\u6210\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navigera till \u00e5r %1$s\"", "\"abc_action_menu_overflow_description\" : \"\u1014\u1031\u102c\u1000\u103a\u1011\u1015\u103a \u101b\u103d\u1031\u1038\u1005\u101b\u102c\u1019\u103b\u102c\u1038\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u062a\u0627\u0631\u06cc\u062e \u0627\u062e\u062a\u062a\u0627\u0645\"", "\"bottomsheet_action_expand_halfway\" : \"\u1010\u1005\u103a\u101d\u1000\u103a\u1001\u103b\u1032\u1037\u101b\u1014\u103a\"", "\"common_google_play_services_notification_channel_name\" : \"Sta\u00f0a \u00fej\u00f3nustu Google Play\"", "\"common_google_play_services_update_button\" : \"Oppdater\"", "\"abc_menu_space_shortcut_label\" : \"\u0432\u0441\u0435\u043b\u0435\u043d\u0430\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0414\u0430\u0442\u0430 \u043e\u043a\u043e\u043d\u0447\u0430\u043d\u0438\u044f\"", "\"material_timepicker_clock_mode_description\" : \"Passer au mode Horloge pour entrer l'heure.\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u0d09\u0d2a\u0d2f\u0d47\u0d3e\u0d17\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"nav_app_bar_navigate_up_description\" : \"\u0c2a\u0c48\u0c15\u0c3f \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Passer au mode de saisie Agenda\"", "\"mtrl_picker_announce_current_selection\" : \"\u0a2e\u0a4c\u0a1c\u0a42\u0a26\u0a3e \u0a1a\u0a4b\u0a23: %1$s\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u094b \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0902\"", "\"exposed_dropdown_menu_content_description\" : \"\u05d4\u05e6\u05d2\u05ea \u05d4\u05ea\u05e4\u05e8\u05d9\u05d8 \u05d4\u05e0\u05e4\u05ea\u05d7\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Prebacivanje na na\u010din unosa kalendara\"", "\"mtrl_picker_date_header_unselected\" : \"Atlas\u012btais datums\"", "\"common_google_play_services_update_title\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"abc_capital_off\" : \"\u0412\u042b\u041a\u041b.\"", "\"bottomsheet_action_expand_halfway\" : \"\u0416\u0430\u0440\u0442\u044b\u043b\u0430\u0439 \u043a\u0435\u04a3\u0435\u0439\u0442\u0443\"", "\"abc_search_hint\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u101b\u1014\u103a\u2026\"", "\"abc_shareactionprovider_share_with\" : \"\u5171\u6709\"", "\"password_toggle_content_description\" : \"Zobrazi\u0165 heslo\"", "\"material_timepicker_clock_mode_description\" : \"Skakel oor na horlosiemodus vir die tydinvoer.\"", "\"copy_toast_msg\" : \"\u0915\u094d\u0932\u093f\u092a\u092c\u094b\u0930\u094d\u0921\u092e\u093e \u0932\u093f\u0902\u0915 \u092a\u094d\u0930\u0924\u093f\u0932\u093f\u092a\u093f \u0917\u0930\u093f\u092f\u094b\"", "\"copy_toast_msg\" : \"Havoladan vaqtinchalik xotiraga nusxa olindi\"", "\"fallback_menu_item_open_in_browser\" : \"\u0b89\u0bb2\u0bbe\u0bb5\u0bbf\u0baf\u0bbf\u0bb2\u0bcd \u0ba4\u0bbf\u0bb1\"", "\"abc_shareactionprovider_share_with\" : \"\u05e9\u05d9\u05ea\u05d5\u05e3 \u05e2\u05dd\"", "\"material_clock_toggle_content_description\" : \"\u00d6\u00d6 veya \u00d6S'yi se\u00e7in\"", "N12_GLOBAL__N_116itanium_demangle16FloatLiteralImplIgEE", "\"nav_app_bar_navigate_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0432\u0435\u0440\u0445\"", "\"mtrl_picker_range_header_unselected\" : \"\u0414\u0430\u0442\u0430 \u043f\u043e\u0447\u0430\u0442\u043a\u0443 \u2013 \u0434\u0430\u0442\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u044f\"", "\"mtrl_picker_invalid_format_use\" : \"Sebenzisa: %1$s\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s \u0633\u0627\u0644 \u067e\u0631 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"fallback_menu_item_share_link\" : \"Trimite\u021bi linkul\"", "\"material_timepicker_text_input_mode_description\" : \"\u0cb8\u0cae\u0caf\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cae\u0cc2\u0ca6\u0cbf\u0cb8\u0cb2\u0cc1 \u0caa\u0ca0\u0ccd\u0caf\u0ca6 \u0ca8\u0cae\u0cc2\u0ca8\u0cc6\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf.\"", "\"common_google_play_services_wear_update_text\" : \"\u0e08\u0e33\u0e40\u0e1b\u0e47\u0e19\u0e15\u0e49\u0e2d\u0e07\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e40\u0e27\u0e2d\u0e23\u0e4c\u0e0a\u0e31\u0e19\u0e43\u0e2b\u0e21\u0e48 \u0e0b\u0e36\u0e48\u0e07\u0e08\u0e30\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e2d\u0e31\u0e15\u0e42\u0e19\u0e21\u0e31\u0e15\u0e34\u0e43\u0e19\u0e2d\u0e35\u0e01\u0e44\u0e21\u0e48\u0e0a\u0e49\u0e32\"", "\"common_google_play_services_enable_button\" : \"\uc0ac\uc6a9 \uc124\uc815\"", "\"abc_action_mode_done\" : \"\uc644\ub8cc\"", "\"common_open_on_phone\" : \"\u5728\u624b\u673a\u4e0a\u6253\u5f00\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Startdatum\"", "\"common_google_play_services_updating_text\" : \"%1$s kan inte k\u00f6ras utan Google Play-tj\u00e4nster, och dessa uppdateras f\u00f6r n\u00e4rvarande.\"", "\"mtrl_picker_text_input_day_abbr\" : \"\u10d3\"", "\"common_google_play_services_update_button\" : \"\u0410\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0435\"", "operator new", "\"material_clock_toggle_content_description\" : \"\u5348\u524d\u307e\u305f\u306f\u5348\u5f8c\u3092\u9078\u629e\"", "\"common_google_play_services_updating_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be \u09af\u09be \u09ac\u09b0\u09cd\u09a4\u09ae\u09be\u09a8\u09c7 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u099a\u09cd\u099b\u09c7\u0964\"", "\"icon_content_description\" : \"\u0688\u0627\u0626\u06cc\u0644\u0627\u06af \u06a9\u0627 \u0622\u0626\u06cc\u06a9\u0646\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play \u0448\u0442\u043e \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0430\u0442 \u0432\u043e \u043c\u043e\u043c\u0435\u043d\u0442\u043e\u0432.\"", "\"common_google_play_services_notification_ticker\" : \"Fejl i Google Play-tjenester\"", "\"item_view_role_description\" : \"V\u00e4lilehti\"", "\"abc_menu_shift_shortcut_label\" : \"Umschalttaste\u00a0+\"", "\"abc_searchview_description_search\" : \"Maghanap\"", "\"mtrl_picker_range_header_unselected\" : \"Ba\u015flang\u0131\u00e7 tarihi - Biti\u015f tarihi\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u1794\u17d2\u178a\u17bc\u179a\u1791\u17c5\u200b\u179a\u1794\u17c0\u1794\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u1794\u17d2\u179a\u178f\u17b7\u1791\u17b7\u1793\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0932\u093e Google Play \u0938\u0947\u0935\u093e\u0902\u092e\u0927\u094d\u092f\u0947 \u0938\u092e\u0938\u094d\u092f\u093e \u092f\u0947\u0924 \u0906\u0939\u0947. \u0915\u0943\u092a\u092f\u093e \u092a\u0941\u0928\u094d\u0939\u093e \u092a\u094d\u0930\u092f\u0924\u094d\u0928 \u0915\u0930\u093e.\"", "\"search_menu_title\" : \"Pretra\u017ei\"", "\"icon_content_description\" : \"\u0c21\u0c48\u0c32\u0c3e\u0c17\u0c4d \u0c1a\u0c3f\u0c39\u0c4d\u0c28\u0c02\"", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u043f\u0430\u0453\u0430\u0447\u043a\u043e \u043c\u0435\u043d\u0438\"", "\"abc_activitychooserview_choose_application\" : \"\u9078\u64c7\u61c9\u7528\u7a0b\u5f0f\"", "\"abc_menu_enter_shortcut_label\" : \"sartu\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062e\u062f\u0645\u0627\u062a Google Play \u0628\u0627 \u0645\u0634\u06a9\u0644 \u0631\u0648\u0628\u0631\u0648 \u0627\u0633\u062a. \u0644\u0637\u0641\u0627\u064b \u062f\u0648\u0628\u0627\u0631\u0647 \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0646\u06cc\u062f.\"", "operator==", "\"common_google_play_services_update_button\" : \"\u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_wear_update_text\" : \"Ir nepiecie\u0161ama jauna Google\u00a0Play pakalpojumu versija. Dr\u012bzum\u0101 t\u0101 tiks instal\u0113ta.\"", "\"abc_action_bar_home_description\" : \"\u0414\u0432\u0438\u0436\u0438 \u0441\u0435 \u043a\u043e\u043d \u0434\u043e\u043c\u0430\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0c2e\u0c41\u0c17\u0c3f\u0c02\u0c2a\u0c41 \u0c24\u0c47\u0c26\u0c3f\"", "\"abc_capital_on\" : \"\u0a9a\u0abe\u0ab2\u0ac1\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Sluttdato\"", "\"common_open_on_phone\" : \"\u092b\u094b\u0928\u092e\u093e \u0916\u094b\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"password_toggle_content_description\" : \"Mostrar palavra-passe\"", "\"common_signin_button_text_long\" : \"Skr\u00e1 inn me\u00f0 Google\"", "\"clear_text_end_icon_content_description\" : \"Rensa text\"", "\"abc_action_bar_up_description\" : \"\u0bae\u0bc7\u0bb2\u0bc7 \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_update_text\" : \"%1$s ei toimi, ellet p\u00e4ivit\u00e4 Google Play Palveluita.\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430 \u0433\u043e\u0434\u0438\u043d\u0443 %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0d26\u0d3f\u0d35\u0d38\u0d24\u0d4d\u0d24\u0d3f\u0d28\u0d4d\u0d31\u0d46 \u0d15\u0d47\u0d3e\u0d33\u0d02: %1$s\"", "\"common_google_play_services_enable_title\" : \"Ota Google Play Palvelut k\u00e4ytt\u00f6\u00f6n\"", "\"mtrl_picker_navigate_to_year_description\" : \"Chuy\u1ec3n t\u1edbi n\u0103m %1$s\"", "\"mtrl_picker_range_header_title\" : \"Selecteer een periode\"", "\"mtrl_picker_a11y_next_month\" : \"\u092a\u0941\u0922\u0940\u0932 \u092e\u0939\u093f\u0928\u094d\u092f\u093e\u0935\u0930 \u092c\u0926\u0932\u093e\"", "\"error_icon_content_description\" : \"Napaka\"", "\"material_hour_selection\" : \"Selecteer uur\"", "\"material_timepicker_select_time\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u0432\u0440\u0435\u043c\u0435\"", "\"abc_searchview_description_clear\" : \"Sorguyu temizle\"", "\"common_google_play_services_update_title\" : \"A Google Play-szolg\u00e1ltat\u00e1sok friss\u00edt\u00e9se\"", "\"fallback_menu_item_copy_link\" : \"Kopiera l\u00e4nk\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0902\u091a\u094d\u092f\u093e \u0928\u0935\u0940\u0928 \u0906\u0935\u0943\u0924\u094d\u0924\u0940\u091a\u0940 \u0906\u0935\u0936\u094d\u092f\u0915\u0924\u093e \u0906\u0939\u0947. \u0939\u0947 \u0938\u094d\u0935\u0924:\u0932\u093e \u0932\u0935\u0915\u0930\u091a \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0932.\"", "\"mtrl_picker_invalid_format_use\" : \"\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435: %1$s\"", "\"abc_menu_space_shortcut_label\" : \"hap\u00ebsir\u00eb\"", "\"search_menu_title\" : \"Qidiruv\"", "\"character_counter_overflowed_content_description\" : \"Teckengr\u00e4nsen har \u00f6verskridits: %1$d av %2$d\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tippen, um zur Jahresauswahl zu wechseln\"", "\"abc_searchview_description_search\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Date de d\u00e9but \u2013 %1$s\"", "\"common_google_play_services_update_button\" : \"A\u017euriraj\"", "\"material_hour_selection\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e0a\u0e31\u0e48\u0e27\u0e42\u0e21\u0e07\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0ea7\u0eb1\u0e99\u0e97\u0eb5\u0ec0\u0ea5\u0eb5\u0ec8\u0ea1\"", "\"mtrl_badge_numberless_content_description\" : \"Novo obvestilo\"", "\"material_timepicker_clock_mode_description\" : \"\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e42\u0e2b\u0e21\u0e14\u0e19\u0e32\u0e2c\u0e34\u0e01\u0e32\u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e1b\u0e49\u0e2d\u0e19\u0e40\u0e27\u0e25\u0e32\"", "\"common_google_play_services_unknown_issue\" : \"Aplikacija %1$s ima te\u017eave s storitvami Google Play. Poskusite znova.\"", "\"mtrl_picker_range_header_unselected\" : \"Begindatum \u2013 Einddatum\"", "\"common_google_play_services_update_text\" : \"%1$s nu va rula dec\u00e2t dac\u0103 actualiza\u021bi serviciile Google Play.\"", "\"copy_toast_msg\" : \"\u0c95\u0ccd\u0cb2\u0cbf\u0caa\u0ccd\u200c\u0cac\u0ccb\u0cb0\u0ccd\u0ca1\u0ccd\u200c\u0c97\u0cc6 \u0cb2\u0cbf\u0c82\u0c95\u0ccd \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0c95\u0cb2\u0cbf\u0cb8\u0cb2\u0cbe\u0c97\u0cbf\u0ca6\u0cc6\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Vi\u0161e od %1$d novih obavijesti\"", "\"mtrl_picker_announce_current_selection\" : \"Selezione attuale: %1$s\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Klepnut\u00edm prepnete na v\u00fdber d\u0148a\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Ba\u015flama tarixi\"", "\"abc_action_bar_up_description\" : \"\u0935\u093e\u092a\u0938 \u091c\u093e\u090f\u0902\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0414\u0430\u0442\u0430 \u043f\u043e\u0447\u0430\u0442\u043a\u0443\"", "\"mtrl_picker_invalid_format_example\" : \"Exempel: %1$s\"", "\"mtrl_picker_text_input_date_hint\" : \"Datums\"", "\"material_minute_selection\" : \"\u092e\u093f\u0928\u093f\u091f\u0947 \u0928\u093f\u0935\u0921\u093e\"", "\"common_google_play_services_install_button\" : \"\u0a38\u0a25\u0a3e\u0a2a\u0a24 \u0a15\u0a30\u0a4b\"", "\"mtrl_picker_date_header_title\" : \"\u1240\u1295 \u12ed\u121d\u1228\u1321\"", "\"abc_searchview_description_clear\" : \"I\u0161valyti u\u017eklaus\u0105\"", "N10__cxxabiv116__enum_type_infoE", "\"mtrl_badge_numberless_content_description\" : \"Isaziso esisha\"", "\"password_toggle_content_description\" : \"Ipakita ang password\"", "\"item_view_role_description\" : \"\u049a\u043e\u0439\u044b\u043d\u0434\u044b\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942\u0915\u094b \u0928\u092f\u093e\u0901 \u0938\u0902\u0938\u094d\u0915\u0930\u0923 \u0906\u0935\u0936\u094d\u092f\u0915 \u091b\u0964 \u092f\u094b \u0906\u092b\u0948 \u091b\u093f\u091f\u094d\u091f\u0948 \u0928\u0948 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0939\u0941\u0928\u0947\u091b\u0964\"", "N12_GLOBAL__N_116itanium_demangle8FoldExprE", "\"common_google_play_services_enable_button\" : \"\u0938\u0915\u094d\u0930\u093f\u092f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0e2a\u0e25\u0e31\u0e1a\u0e44\u0e1b\u0e43\u0e0a\u0e49\u0e42\u0e2b\u0e21\u0e14\u0e1b\u0e49\u0e2d\u0e19\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e1b\u0e0f\u0e34\u0e17\u0e34\u0e19\"", "\"abc_shareactionprovider_share_with\" : \"\u092f\u093e\u0902\u091a\u094d\u092f\u093e\u0938\u094b\u092c\u0924 \u0936\u0947\u0905\u0930 \u0915\u0930\u093e\"", "\"abc_action_bar_up_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u057e\u0565\u0580\u0587\"", "\"mtrl_picker_out_of_range\" : \"La data est\u00e0 fora de l'interval: %1$s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Dodirnite da prebacite na odabir godine\"", "N12_GLOBAL__N_116itanium_demangle16FloatLiteralImplIdEE", "\"material_hour_selection\" : \"Izberite uro\"", "\"common_google_play_services_update_button\" : \"Atnaujinti\"", "\"abc_search_hint\" : \"\u0a16\u0a4b\u0a1c\u2026\"", "\"material_minute_suffix\" : \"%1$s \u09ae\u09bf\u09a8\u09bf\u099f\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"P\u0101rsl\u0113gties uz teksta ievades re\u017e\u012bmu\"", "\"material_minute_suffix\" : \"%1$s \u0e99\u0eb2\u0e97\u0eb5\"", "\"mtrl_picker_save\" : \"Ulo\u017eit\"", "\"mtrl_picker_invalid_format_example\" : \"Shembull: %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0b38\u0b02\u0b15\u0b41\u0b1a\u0b3f\u0b24 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"nav_app_bar_open_drawer_description\" : \"\u0d28\u0d3e\u0d35\u0d3f\u0d17\u0d47\u0d37\u0d7b \u0d21\u0d4d\u0d30\u0d4b\u0d2f\u0d7c \u0d24\u0d41\u0d31\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"material_clock_toggle_content_description\" : \"S\u00e9lectionner AM ou PM\"", "\"mtrl_picker_a11y_prev_month\" : \"Chuy\u1ec3n v\u1ec1 th\u00e1ng tr\u01b0\u1edbc\"", "\"common_google_play_services_update_button\" : \"\u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_signin_button_text\" : \"\u099b\u09be\u0987\u09a8 \u0987\u09a8 \u0995\u09f0\u0995\"", "\"common_google_play_services_install_button\" : \"\u062a\u062b\u0628\u064a\u062a\"", "\"common_google_play_services_enable_button\" : \"\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646\"", "\"common_google_play_services_update_title\" : \"\u0410\u0431\u043d\u0430\u045e\u043b\u0435\u043d\u043d\u0435 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play\"", "\"fallback_menu_item_copy_link\" : \"Kopiraj link\"", "\"common_google_play_services_wear_update_text\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0646\u0626\u06d2 \u0648\u0631\u0698\u0646 \u06a9\u06cc \u0636\u0631\u0648\u0631\u062a \u06c1\u06d2\u06d4 \u06cc\u06c1 \u062a\u06be\u0648\u0691\u06cc \u062f\u06cc\u0631 \u0645\u06cc\u06ba \u062e\u0648\u062f \u06c1\u06cc \u0627\u067e\u0646\u06d2 \u0622\u067e \u06a9\u0648 \u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631 \u0644\u06d2 \u06af\u0627\u06d4\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Appuyer pour s\u00e9lectionner un jour\"", "\"nav_app_bar_open_drawer_description\" : \"Otvorite fioku za navigaciju\"", "\"material_hour_selection\" : \"Stunde ausw\u00e4hlen\"", "\"abc_searchview_description_voice\" : \"Sprachsuche\"", "\"material_timepicker_minute\" : \"\u09ae\u09bf\u09a8\u09bf\u099f\"", "St20bad_array_new_length", "\"abc_searchview_description_query\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0416\u044b\u043b\u0434\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\u0493\u0430 \u0430\u0443\u044b\u0441\u0443 \u04af\u0448\u0456\u043d \u0442\u04af\u0440\u0442\u0456\u04a3\u0456\u0437.\"", "\"abc_action_mode_done\" : \"\u05e1\u05d9\u05d5\u05dd\"", "\"common_open_on_phone\" : \"\u1794\u17be\u1780\u178f\u17b6\u1798\u1791\u17bc\u179a\u179f\u17d0\u1796\u17d2\u1791\"", "\"common_google_play_services_enable_text\" : \"\u0d94\u0db6 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\u0dda \u0db1\u0db8\u0dca \u0db8\u0dd2\u0dc3 %1$s \u0dc0\u0dd0\u0da9 \u0db1\u0ddc\u0d9a\u0dbb\u0db1\u0dd4 \u0d87\u0dad.\"", "\"abc_action_menu_overflow_description\" : \"Wi\u0119cej opcji\"", "\"abc_menu_alt_shortcut_label\" : \"Altern\u0113\u0161anas tausti\u0146\u0161\u00a0+\"", "unsigned short", "\"password_toggle_content_description\" : \"\u1005\u1000\u102c\u1038\u101d\u103e\u1000\u103a\u1000\u102d\u102f \u1015\u103c\u101b\u1014\u103a\"", "\"material_timepicker_pm\" : \"\u05d0\u05d7\u05d4\"\u05e6\"", "\"material_hour_selection\" : \"\u9009\u62e9\u5c0f\u65f6\"", "\"mtrl_picker_a11y_next_month\" : \"\u8b8a\u66f4\u70ba\u4e0b\u500b\u6708\"", "\"common_google_play_services_enable_text\" : \"%1$s nu va func\u021biona dec\u00e2t dac\u0103 activa\u021bi serviciile Google Play.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u062a\u0627\u0631\u06cc\u062e \u0622\u063a\u0627\u0632\"", "\"abc_searchview_description_search\" : \"Pretra\u017ei\"", "\"common_signin_button_text\" : \"Anmelden\"", "\"fallback_menu_item_copy_link\" : \"\u12a0\u1308\u1293\u129d \u1245\u12f3\"", "\"common_signin_button_text_long\" : \"Google'da oturum a\u00e7\"", "\"abc_menu_function_shortcut_label\" : \"Funktion\u00a0+\u00a0\"", "\"common_signin_button_text\" : \"Se connecter\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u683c\u9375\"", "\"abc_action_menu_overflow_description\" : \"\u0c87\u0ca8\u0ccd\u0ca8\u0cb7\u0ccd\u0c9f\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0c97\u0cb3\u0cc1\"", "\"nav_app_bar_navigate_up_description\" : \"Navega cap amunt\"", "\"common_google_play_services_enable_text\" : \"%1$s haitafanya kazi isipokuwa uwashe huduma za Google Play.\"", "\"clear_text_end_icon_content_description\" : \"Kosongkan teks\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0aa8\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aae\u0abe\u0a82 \u0aae\u0ac1\u0ab6\u0acd\u0a95\u0ac7\u0ab2\u0ac0 \u0a86\u0ab5\u0ac0 \u0ab0\u0ab9\u0ac0 \u0a9b\u0ac7. \u0a95\u0ac3\u0aaa\u0abe \u0a95\u0ab0\u0ac0\u0aa8\u0ac7 \u0aab\u0ab0\u0ac0 \u0aaa\u0acd\u0ab0\u0aaf\u0abe\u0ab8 \u0a95\u0ab0\u0acb.\"", "\"abc_menu_space_shortcut_label\" : \"espazo\"", "\"fallback_menu_item_copy_link\" : \"Kopi\u00e9r link\"", "\"material_hour_suffix\" : \"%1$s fiks\"", "\"mtrl_picker_text_input_date_hint\" : \"Sana\"", "\"mtrl_picker_a11y_next_month\" : \"\u041a\u0435\u043b\u0435\u0441\u0456 \u0430\u0439\u0493\u0430 \u04e9\u0442\u0443\"", "\"common_google_play_services_install_button\" : \"\u132b\u1295\"", "\"exposed_dropdown_menu_content_description\" : \"\u0921\u094d\u0930\u092a\u0921\u093e\u0909\u0928 \u092e\u0947\u0928\u0941 \u0926\u0947\u0916\u093e\u0909\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_signin_button_text\" : \"\u0d38\u0d48\u0d7b \u0d07\u0d7b \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"material_timepicker_hour\" : \"\u0bae\u0ba3\u0bbf\u0ba8\u0bc7\u0bb0\u0bae\u0bcd\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 \u0caa\u0ccd\u0cb0\u0cb8\u0ccd\u0ca4\u0cc1\u0ca4 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd \u0c86\u0c97\u0cc1\u0ca4\u0ccd\u0ca4\u0cbf\u0cb0\u0cc1\u0cb5 %1$s \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"common_google_play_services_update_button\" : \"P\u00ebrdit\u00ebso\"", "\"mtrl_picker_day_of_week_column_header\" : \"Colonne des jours\u00a0: %1$s\"", "\"clear_text_end_icon_content_description\" : \"Cancella testo\"", "\"abc_searchview_description_clear\" : \"Vymaza\u0165 dopyt\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u0909\u092a\u0932\u092c\u094d\u0927 \u0939\u0948\u0902\"", "\"material_hour_suffix\" : \"Saat %1$s\"", "\"fallback_menu_item_copy_link\" : \"Kopijuoti nuorod\u0105\"", "\"common_google_play_services_enable_text\" : \"%1$s sal nie werk nie tensy jy Google Play-dienste aktiveer.\"", "\"mtrl_badge_numberless_content_description\" : \"Ny notifikation\"", "\"common_google_play_services_install_title\" : \"Asenna Google Play Palvelut\"", "\"mtrl_picker_announce_current_selection\" : \"\u0410\u0493\u044b\u043c\u0434\u0430\u0493\u044b \u0442\u0430\u04a3\u0434\u0430\u0443: %1$s\"", "\"abc_capital_off\" : \"NON\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0915\u0948\u0932\u0947\u0902\u0921\u0930 \u0915\u0947 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921 \u092a\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u0947\u0902\"", "\"material_minute_suffix\" : \"%1$s \u043c\u0438\u043d.\"", "\"item_view_role_description\" : \"\u5206\u9801\u6a19\u7c64\"", "\"nav_app_bar_open_drawer_description\" : \"\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u0430\u043d\u0435\u043b\u044c \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0438\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0395\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03c3\u03c4\u03b7 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03af\u03b1 \u03b5\u03b9\u03c3\u03b1\u03b3\u03c9\u03b3\u03ae\u03c2 \u03b7\u03bc\u03b5\u03c1\u03bf\u03bb\u03bf\u03b3\u03af\u03bf\u03c5\"", "std::", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0414\u0430\u0442\u0430 \u043f\u043e\u0447\u0430\u0442\u043a\u0443 \u2013 %1$s\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"abc_activitychooserview_choose_application\" : \"\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u200b\u1780\u1798\u17d2\u1798\u179c\u17b7\u1792\u17b8\u200b\u200b\"", "\"fallback_menu_item_copy_link\" : \"\u101c\u1004\u1037\u103a\u1001\u103a\u1000\u102d\u102f \u1000\u1030\u1038\u101a\u1030\u101b\u1014\u103a\"", "\"copy_toast_msg\" : \"Linkul a fost copiat \u00een clipboard\"", "\"icon_content_description\" : \"Icon ng Dialog\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0448\u0443\u043a\u0430\u0432\u044b \u0437\u0430\u043f\u044b\u0442\"", "\"copy_toast_msg\" : \"\u0644\u0646\u06a9 \u06a9\u0644\u067e \u0628\u0648\u0631\u0688 \u067e\u0631 \u06a9\u0627\u067e\u06cc \u06c1\u0648 \u06af\u06cc\u0627\"", "\"common_google_play_services_updating_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 jsou pr\u00e1v\u011b aktualizov\u00e1ny.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u043a\u043e\u043b\u0434\u043e\u043d\u043c\u043e\u0441\u0443\u043d\u0443\u043d Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u043c\u0435\u043d\u0435\u043d \u0438\u0448\u0442\u04e9\u04e9\u0434\u04e9 \u043a\u04e9\u0439\u0433\u04e9\u0439 \u0447\u044b\u043a\u0442\u044b. \u041a\u0430\u0439\u0440\u0430 \u0430\u0440\u0430\u043a\u0435\u0442 \u043a\u044b\u043b\u044b\u04a3\u044b\u0437.\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u043c\"", "\"mtrl_picker_invalid_format\" : \"Nieprawid\u0142owy format.\"", "\"search_menu_title\" : \"\u041f\u043e\u0448\u0443\u043a\"", "\"mtrl_picker_invalid_format_use\" : \"\u0a35\u0a30\u0a24\u0a4b: %1$s\"", "\"bottomsheet_action_expand_halfway\" : \"I\u0161skleisti iki pus\u0117s\"", "\"abc_search_hint\" : \"Ie\u0161koti\u2026\"", "\"nav_app_bar_open_drawer_description\" : \"\u0bb5\u0bb4\u0bbf\u0b9a\u0bc6\u0bb2\u0bc1\u0ba4\u0bcd\u0ba4\u0bb2\u0bcd \u0b9f\u0bbf\u0bb0\u0bbe\u0baf\u0bb0\u0bc8\u0ba4\u0bcd \u0ba4\u0bbf\u0bb1\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "operator new[]", "\"material_clock_toggle_content_description\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0e95\u0ead\u0e99\u0ec0\u0e8a\u0ebb\u0ec9\u0eb2 \u0eab\u0ebc\u0eb7 \u0e95\u0ead\u0e99\u0ec1\u0ea5\u0e87\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u0438 \u0432\u0441\u0456\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data e fillimit \u2013 %1$s\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolona za dane: %1$s\"", "\"abc_searchview_description_query\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"material_timepicker_clock_mode_description\" : \"\u10d3\u10e0\u10dd\u10d8\u10e1 \u10e8\u10d4\u10e7\u10d5\u10d0\u10dc\u10d8\u10e1\u10d7\u10d5\u10d8\u10e1 \u10e1\u10d0\u10d0\u10d7\u10d8\u10e1 \u10e0\u10d4\u10df\u10d8\u10db\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e0\u10d7\u10d5\u10d0.\"", "\"abc_action_mode_done\" : \"Feito\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0cae\u0cc1\u0c95\u0ccd\u0ca4\u0cbe\u0caf \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\"", "\"material_timepicker_clock_mode_description\" : \"Schakel naar de klokmodus om de tijd in te voeren.\"", "\"common_google_play_services_install_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0430\u0432\u0430\u0445\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u1000\u102d\u102f \u1016\u101a\u103a\u101b\u103e\u102c\u1038\u101b\u1014\u103a\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_notification_ticker\" : \"Errore Google Play Services\"", "\"mtrl_chip_close_icon_content_description\" : \"Poista %1$s\"", "\"abc_menu_space_shortcut_label\" : \"\u201espace\u201c\"", "\"material_timepicker_clock_mode_description\" : \"\u0dc0\u0dda\u0dbd\u0dcf \u0d86\u0daf\u0dcf\u0db1\u0dba \u0dc3\u0db3\u0dc4\u0dcf \u0d94\u0dbb\u0dbd\u0ddd\u0dc3\u0dd4 \u0db4\u0dca\u200d\u0dbb\u0d9a\u0dcf\u0dbb\u0dba \u0dc0\u0dd9\u0dad \u0db8\u0dcf\u0dbb\u0dd4 \u0dc0\u0dd9\u0db1\u0dca\u0db1.\"", "\"material_hour_selection\" : \"\u0935\u0947\u0933 \u0928\u093f\u0935\u0921\u093e\"", "\"mtrl_picker_navigate_to_year_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c %1$s \u0569\u057e\u0561\u056f\u0561\u0576\"", "\"abc_action_menu_overflow_description\" : \"\u03a0\u03b5\u03c1\u03b9\u03c3\u03c3\u03cc\u03c4\u03b5\u03c1\u03b5\u03c2 \u03b5\u03c0\u03b9\u03bb\u03bf\u03b3\u03ad\u03c2\"", "\"material_timepicker_hour\" : \"Heure\"", "\"fallback_menu_item_share_link\" : \"Jaa linkki\"", "\"material_minute_selection\" : \"Khetha amaminithi\"", "\"abc_search_hint\" : \"Telusuri...\"", "\"abc_searchview_description_search\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "\"common_google_play_services_update_title\" : \"A\u017eurirajte Google Play usluge\"", "\"material_timepicker_clock_mode_description\" : \"\u0938\u092e\u092f \u0907\u0928\u092a\u0941\u091f \u0917\u0930\u094d\u0928 \u0918\u0921\u0940 \u092e\u094b\u0921\u092e\u093e \u0938\u094d\u0935\u093f\u091a \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u0964\"", "\"material_hour_suffix\" : \"%1$s s\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0e9b\"", "\"common_google_play_services_enable_text\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12ab\u120b\u1290\u1241 \u1260\u1235\u1270\u1240\u122d %1$s \u12a0\u12ed\u1230\u122b\u121d\u1362\"", "\"mtrl_picker_range_header_unselected\" : \"\u0d06\u0d30\u0d02\u0d2d\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f \u2013 \u0d05\u0d35\u0d38\u0d3e\u0d28\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28 \u0d24\u0d40\u0d2f\u0d24\u0d3f\"", "\"mtrl_picker_announce_current_selection\" : \"\u0e01\u0e32\u0e23\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e43\u0e19\u0e1b\u0e31\u0e08\u0e08\u0e38\u0e1a\u0e31\u0e19: %1$s\"", "\"abc_menu_space_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200espace\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c \u0443\u043d\u043e\u0441\u0430 \u0442\u0435\u043a\u0441\u0442\u0430\"", "\"abc_menu_space_shortcut_label\" : \"zuriunea\"", "\"material_hour_suffix\" : \"klo %1$s\"", "\"abc_searchview_description_voice\" : \"S\u0259sli axtar\u0131\u015f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u00e1 \u00ed vandr\u00e6\u00f0um me\u00f0 \u00fej\u00f3nustu Google Play. Reyndu aftur.\"", "\"fallback_menu_item_copy_link\" : \"\u0cb2\u0cbf\u0c82\u0c95\u0ccd \u0ca8\u0c95\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u062a\u0627\u0631\u06cc\u062e \u0622\u063a\u0627\u0632 \u2013 %1$s\"", "\"abc_menu_shift_shortcut_label\" : \"Shift +\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0414\u0430\u0442\u0430 \u043f\u0430\u0447\u0430\u0442\u043a\u0443\u00a0\u2013 %1$s\"", "\"abc_menu_sym_shortcut_label\" : \"Sym +\"", "\"abc_searchview_description_search\" : \"\u0ba4\u0bc7\u0b9f\u0bc1\u0bae\u0bcd\"", "\"abc_action_menu_overflow_description\" : \"M\u00e9s opcions\"", "\"search_menu_title\" : \"Search\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services-\u10d8\u10e1 \u10e8\u10d4\u10ea\u10d3\u10dd\u10db\u10d0\"", "\"mtrl_picker_range_header_title\" : \"Veldu t\u00edmabil\"", "\"common_google_play_services_update_title\" : \"Posodobitev storitev Google Play\"", "\"common_google_play_services_enable_button\" : \"\u0938\u0941\u0930\u0942 \u0915\u0930\u093e\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0dc0\"", "\"fallback_menu_item_share_link\" : \"Partager le lien\"", "\"common_google_play_services_unknown_issue\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c24\u0c4b \u0c38\u0c2e\u0c38\u0c4d\u0c2f \u0c15\u0c32\u0c3f\u0c17\u0c3f \u0c09\u0c02\u0c26\u0c3f. \u0c26\u0c2f\u0c1a\u0c47\u0c38\u0c3f \u0c2e\u0c33\u0c4d\u0c32\u0c40 \u0c2a\u0c4d\u0c30\u0c2f\u0c24\u0c4d\u0c28\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f.\"", "\"abc_menu_meta_shortcut_label\" : \"META +\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play services \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0928\u0947 \u091b\u0948\u0928 \u0930 \u0924\u092a\u093e\u0908\u0901\u0915\u094b \u092f\u0928\u094d\u0924\u094d\u0930\u092e\u093e Google Play services \u0909\u092a\u0932\u092c\u094d\u0927 \u091b\u0948\u0928\u0928\u094d\u0964\"", "\"material_hour_selection\" : \"\u0998\u09a3\u09cd\u099f\u09be \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"nav_app_bar_open_drawer_description\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0ec1\u0e96\u0e9a\u0e81\u0eb2\u0e99\u0e99\u0eb3\u0e97\u0eb2\u0e87\"", "\"abc_searchview_description_search\" : \"C\u0103uta\u021bi\"", "\"mtrl_chip_close_icon_content_description\" : \"\u0e19\u0e33 %1$s \u0e2d\u0e2d\u0e01\"", "\"status_bar_notification_info_overflow\" : \"999+\"", "\"abc_searchview_description_submit\" : \"Isumite ang query\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0625\u0644\u0649 \u0648\u0636\u0639 \"\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0646\u0635\"\"", "\"copy_toast_msg\" : \"\u0a32\u0a3f\u0a70\u0a15 \u0a15\u0a32\u0a3f\u0a71\u0a2a\u0a2c\u0a4b\u0a30\u0a21 '\u0a24\u0a47 \u0a15\u0a3e\u0a2a\u0a40 \u0a39\u0a4b \u0a17\u0a3f\u0a06\"", "\"abc_toolbar_collapse_description\" : \"Strnitev\"", "\"nav_app_bar_navigate_up_description\" : \"Tepaga\"", " restrict", "\"material_timepicker_pm\" : \"\uc624\ud6c4\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s-\u10d8\u10e1 \u10d2\u10d0\u10db\u10dd\u10e7\u10d4\u10dc\u10d4\u10d1\u10d0\"", "\"common_google_play_services_enable_text\" : \"\u0aa4\u0aae\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0ab6\u0acb \u0aa8\u0ab9\u0ac0\u0a82 \u0aa4\u0acd\u0aaf\u0abe\u0a82 \u0ab8\u0ac1\u0aa7\u0ac0 %1$s \u0a95\u0abe\u0ab0\u0acd\u0aaf \u0a95\u0ab0\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82.\"", "\"clear_text_end_icon_content_description\" : \"\u0218terge\u021bi textul\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u041f\u0435\u0440\u0430\u043a\u043b\u044e\u0447\u044b\u0446\u0446\u0430 \u045e \u0440\u044d\u0436\u044b\u043c \u0443\u0432\u043e\u0434\u0443 \"\u0422\u044d\u043a\u0441\u0442\"\"", "\"material_hour_selection\" : \"Selecionar hora\"", "\"common_signin_button_text_long\" : \"Prijava z Google Ra\u010dunom\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u091a\u093e\u0932\u0942 \u0915\u0930\u0947\u0902\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u092e\u093f\u0928\u0947\u091f\"", "\"fallback_menu_item_copy_link\" : \"\u0d32\u0d3f\u0d19\u0d4d\u0d15\u0d4d \u0d2a\u0d15\u0d7c\u0d24\u0d4d\u0d24\u0d41\u0d15\"", "\"fallback_menu_item_share_link\" : \"\u0410\u0431\u0430\u0433\u0443\u043b\u0456\u0446\u044c \u0441\u043f\u0430\u0441\u044b\u043b\u043a\u0443\"", "\"common_google_play_services_install_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0648 \u0622\u067e \u06a9\u06d2 \u0622\u0644\u06c1 \u0633\u06d2 \u063a\u0627\u0626\u0628 \u06c1\u06cc\u06ba\u06d4\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u0ab8\u0aae\u0abe\u0aaa\u0acd\u0aa4\u0abf\u0aa8\u0ac0 \u0aa4\u0abe\u0ab0\u0ac0\u0a96\"", "\"password_toggle_content_description\" : \"Prikaz gesla\"", "\"clear_text_end_icon_content_description\" : \"\ud14d\uc2a4\ud2b8 \uc0ad\uc81c\"", "\"abc_shareactionprovider_share_with\" : \"\u0d07\u0d28\u0d3f\u0d2a\u0d4d\u0d2a\u0d31\u0d2f\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2a\u0d19\u0d4d\u0d15\u0d3f\u0d1f\u0d41\u0d15\"", "\"mtrl_picker_date_header_unselected\" : \"Data selecionada\"", "\"mtrl_picker_range_header_title\" : \"\u0bb5\u0bb0\u0bae\u0bcd\u0baa\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0ba8\u0bcd\u0ba4\u0bc6\u0b9f\u0bc1\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"abc_menu_enter_shortcut_label\" : \"Enter \u952e\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u987b\u5148\u542f\u7528 Google Play \u670d\u52a1\uff0c\u7136\u540e\u624d\u80fd\u8fd0\u884c%1$s\u3002\"", "\"mtrl_picker_day_of_week_column_header\" : \"Safu wima ya siku: %1$s\"", "\"material_hour_selection\" : \"Select hour\"", "\"mtrl_picker_out_of_range\" : \"Zunaj razpona: %1$s\"", "\"fallback_menu_item_share_link\" : \"Sd\u00edlet odkaz\"", "\"material_clock_toggle_content_description\" : \"Vyberte AM nebo PM\"", "\"fallback_menu_item_share_link\" : \"\u5206\u4eab\u94fe\u63a5\"", "\"common_google_play_services_update_text\" : \"O %1$s n\u00e3o \u00e9 executado enquanto n\u00e3o atualizar os servi\u00e7os do Google Play.\"", "vtable for ", "\"mtrl_picker_range_header_unselected\" : \"Data de inicio - data de finalizaci\u00f3n\"", "\"exposed_dropdown_menu_content_description\" : \"\u0921\u094d\u0930\u0949\u092a\u0921\u093e\u0909\u0928 \u092e\u0947\u0928\u094d\u092f\u0942 \u0926\u093f\u0916\u093e\u090f\u0902\"", "\"abc_searchview_description_clear\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d2e\u0d3e\u0d2f\u0d4d\u200c\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_picker_range_header_only_end_selected\" : \"\u0936\u0941\u0930\u0942 \u0939\u094b\u0928\u0947 \u0915\u0940 \u0924\u093e\u0930\u0940\u0916 \u2013 %1$s\"", "\"abc_capital_off\" : \"YOQILMAGAN\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Cambiar al modo de introducci\u00f3n Calendario\"", "\"common_google_play_services_updating_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, koje se trenutno a\u017euriraju.\"", "_Unwind_Resume() can't return", "\"mtrl_picker_invalid_format\" : \"\u0a85\u0aae\u0abe\u0aa8\u0acd\u0aaf \u0aab\u0acb\u0ab0\u0acd\u0aae\u0ac7\u0a9f.\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u0430\u0440\u044f\u043d\u0435 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430\"", "\"material_timepicker_clock_mode_description\" : \"\u0648\u0642\u062a \u0627\u0646 \u067e\u0679 \u06a9\u06d2 \u0644\u06cc\u06d2 \u06af\u06be\u0691\u06cc \u0648\u200f\u0636\u0639 \u067e\u0631 \u0633\u0648\u0626\u0686 \u06a9\u0631\u06cc\u06ba\u06d4\"", "\"mtrl_picker_invalid_format\" : \"\u683c\u5f0f\u7121\u6548\u3002\"", "\"error_icon_content_description\" : \"Error\"", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s ilin\u0259 ke\u00e7in\"", "\"bottomsheet_action_expand_halfway\" : \"Laajenna puoliv\u00e4liin\"", "\"mtrl_picker_invalid_format\" : \"\ud615\uc2dd\uc774 \uc798\ubabb\ub418\uc5c8\uc2b5\ub2c8\ub2e4.\"", "\"abc_activitychooserview_choose_application\" : \"Izbira aplikacije\"", "\"mtrl_picker_text_input_year_abbr\" : \"a\"", "\"abc_menu_delete_shortcut_label\" : \"Delete\"", "\"mtrl_picker_a11y_next_month\" : \"Sonraki aya de\u011fi\u015ftir\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u049b\u043e\u043b\u0436\u0435\u0442\u0456\u043c\u0434\u0456\u043b\u0456\u0433\u0456\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e \u092e\u093f\u0933\u0935\u093e\"", "\"mtrl_picker_invalid_format_use\" : \"Brug: %1$s\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u041f\u043e\u0447\u0435\u0442\u0435\u043d \u0434\u0430\u0442\u0443\u043c\"", "\"mtrl_badge_numberless_content_description\" : \"Nuwe kennisgewing\"", "\"material_minute_selection\" : \"Veldu m\u00edn\u00fatur\"", "std::bad_typeid", "\"icon_content_description\" : \"Ic\u00f4ne de bo\u00eete de dialogue\"", "\"exposed_dropdown_menu_content_description\" : \"Tampilkan menu dropdown\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Shintshela kwimodi yokufaka yekhalenda\"", "\"bottom_sheet_behavior\" : \"com.google.android.material.bottomsheet.BottomSheetBehavior\"", "\"password_toggle_content_description\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c\"", "\"mtrl_picker_invalid_format_use\" : \"Format: %1$s\"", "N12_GLOBAL__N_116itanium_demangle7NewExprE", "N12_GLOBAL__N_116itanium_demangle9DotSuffixE", "\"mtrl_picker_navigate_to_year_description\" : \"Idite na godinu %1$s\"", "\"abc_action_bar_up_description\" : \"Yuxar\u0131 ke\u00e7in\"", "\"abc_shareactionprovider_share_with\" : \"Dela med\"", "\"nav_app_bar_open_drawer_description\" : \"\u00c5bn sidemenuen\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0caa\u0ccd\u0cb0\u0cbe\u0cb0\u0c82\u0cad \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u09f0 \u09b8\u09c7\u09f1\u09be \u09b8\u09ae\u09cd\u09aa\u09f0\u09cd\u0995\u09c0\u09af\u09bc \u0986\u09b8\u09cb\u0981\u09f1\u09be\u09b9\"", "\"common_google_play_services_enable_button\" : \"\u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"mtrl_picker_text_input_day_abbr\" : \"p\"", "\"abc_shareactionprovider_share_with\" : \"Comparte contido con\"", "\"mtrl_picker_range_header_unselected\" : \"\u0414\u0430\u0442\u0443\u043c \u043f\u043e\u0447\u0435\u0442\u043a\u0430 \u2013 \u0414\u0430\u0442\u0443\u043c \u0437\u0430\u0432\u0440\u0448\u0435\u0442\u043a\u0430\"", "\"abc_action_menu_overflow_description\" : \"\u66f4\u591a\u9078\u9805\"", "\"exposed_dropdown_menu_content_description\" : \"\u0422\u04af\u0440\u04af\u043b\u043c\u04e9 \u043c\u0435\u043d\u044e\u043d\u0443 \u043a\u04e9\u0440\u0441\u04e9\u0442\u04af\u04af\"", "\"abc_searchview_description_clear\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200eClear query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"mtrl_picker_day_of_week_column_header\" : \"Ikholomu yezinsuku: %1$s\"", "\"common_google_play_services_wear_update_text\" : \"\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0441\u0438\u044f \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u0421\u043a\u043e\u0440\u043e \u0442\u044f \u0449\u0435 \u0441\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u043d\u043e.\"", "\"exposed_dropdown_menu_content_description\" : \"Poka\u017c menu\"", "\"character_counter_content_description\" : \"\u0e1b\u0e49\u0e2d\u0e19\u0e2d\u0e31\u0e01\u0e02\u0e23\u0e30\u0e41\u0e25\u0e49\u0e27 %1$d \u0e08\u0e32\u0e01 %2$d \u0e15\u0e31\u0e27\"", "\"material_timepicker_text_input_mode_description\" : \"Passa alla modalit\u00e0 di immissione testo per inserire l'ora.\"", "\"mtrl_picker_range_header_title\" : \"\u0412\u0438\u0431\u0435\u0440\u0456\u0442\u044c \u0434\u0456\u0430\u043f\u0430\u0437\u043e\u043d \u0434\u0430\u0442\"", "\"material_minute_suffix\" : \"%1$s \u062f\u0642\u06cc\u0642\u0647\"", "\"abc_toolbar_collapse_description\" : \"Tiivist\u00e4\"", "\"mtrl_badge_numberless_content_description\" : \"\u0db1\u0dc0 \u0daf\u0dd0\u0db1\u0dd4\u0db8\u0dca\u0daf\u0dd3\u0db8\"", "\"abc_activity_chooser_view_see_all\" : \"Se alle\"", "\"character_counter_overflowed_content_description\" : \"\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0443\u0432\u0430\u045a\u0435\u0442\u043e \u043d\u0430 \u0437\u043d\u0430\u0446\u0438\u0442\u0435 \u043d\u0430\u0434\u043c\u0438\u043d\u0430 %1$d \u043e\u0434 %2$d\"", "\"mtrl_picker_range_header_unselected\" : \"\u062a\u0627\u0631\u06cc\u062e \u0634\u0631\u0648\u0639 \u2013 \u062a\u0627\u0631\u06cc\u062e \u067e\u0627\u06cc\u0627\u0646\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1017\u102c\u1038\u101b\u103e\u1004\u103a\u1038\u1021\u101e\u1005\u103a\u1019\u103b\u102c\u1038 \u101c\u102d\u102f\u1021\u1015\u103a\u1014\u1031\u101e\u100a\u103a\u104b \u1021\u1001\u103b\u102d\u1014\u103a\u1021\u1014\u100a\u103a\u1038\u1004\u101a\u103a\u1021\u1000\u103c\u102c\u1010\u103d\u1004\u103a \u104e\u1004\u103a\u1038\u1000\u102d\u102f\u101a\u103a\u1010\u102d\u102f\u1004\u103a\u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u1015\u102b \u101c\u102d\u1019\u1037\u103a\u1019\u100a\u103a\u104b\"", "operator&&", "\"mtrl_picker_navigate_to_year_description\" : \"Mine aastasse %1$s\"", "\"abc_search_hint\" : \"\u0916\u094b\u091c\u0947\u0902\u2026\"", "\"mtrl_picker_invalid_format_example\" : \"\u041f\u0440\u0438\u043c\u0435\u0440: %1$s\"", "\"material_hour_selection\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u0633\u0627\u0639\u062a\"", "\"common_google_play_services_notification_ticker\" : \"Kesalahan layanan Google Play\"", "\"abc_search_hint\" : \"S\u00f8k\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0430\u044f\u049b\u0442\u0430\u043b\u0443 \u043a\u04af\u043d\u0456\"", "\"common_google_play_services_install_button\" : \"\u0d07\u0d28\u0d4d\u200d\u0d38\u0d4d\u0d31\u0d4d\u0d31\u0d3e\u0d33\u0d4d\u200d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"material_timepicker_hour\" : \"\u0a95\u0ab2\u0abe\u0a95\"", "\"character_counter_overflowed_content_description\" : \"Merkkiraja ylitetty: %1$d/%2$d\"", "\"common_google_play_services_enable_text\" : \"%1$s ne\u0107e funkcionisati ako ne omogu\u0107ite Google Play usluge.\"", "\"mtrl_picker_save\" : \"I\u0161saugoti\"", "\"abc_action_bar_home_description\" : \"\u09b9\u09cb\u09ae\u09c7 \u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"common_signin_button_text_long\" : \"\u0412\u043e\u0439\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 Google\"", "\"exposed_dropdown_menu_content_description\" : \"\u0c21\u0c4d\u0c30\u0c3e\u0c2a\u0c4d\u200c\u0c21\u0c4c\u0c28\u0c4d \u0c2e\u0c46\u0c28\u0c42\u0c28\u0c41 \u0c1a\u0c42\u0c2a\u0c41\"", "\"material_hour_selection\" : \"Saat se\u00e7in\"", "\"mtrl_picker_text_input_year_abbr\" : \"v\"", "\"material_timepicker_select_time\" : \"Selecci\u00f3 de l'hora\"", "\"common_open_on_phone\" : \"\u0410\u0434\u043a\u0440\u044b\u0446\u044c \u043d\u0430 \u0442\u044d\u043b\u0435\u0444\u043e\u043d\u0435\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u094b \u0905\u092d\u0940 \u0905\u092a\u0921\u0947\u091f \u0939\u094b \u0930\u0939\u0940 \u0939\u0948\u0902.\"", "\"exposed_dropdown_menu_content_description\" : \"Zobrazi\u0165 rozba\u013eovaciu ponuku\"", "\"mtrl_picker_out_of_range\" : \"\u0414\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0434\u043e\u043d \u0442\u044b\u0448\u043a\u0430\u0440\u044b: %1$s\"", "\"nav_app_bar_open_drawer_description\" : \"\ud0d0\uc0c9 \ucc3d \uc5f4\uae30\"", "\"abc_searchview_description_submit\" : \"\u178a\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1787\u17bc\u1793\u200b\u179f\u17c6\u178e\u17bd\u179a\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Comuta\u021bi la modul de introducere a textului\"", "\"abc_action_bar_up_description\" : \"Nar\u0161yti auk\u0161tyn\"", "\"abc_search_hint\" : \"\u0418\u0437\u0434\u04e9\u04e9\u2026\"", "\"common_google_play_services_enable_text\" : \"\u0c2e\u0c40\u0c30\u0c41 Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c38\u0c4d\u0c24\u0c47 \u0c2e\u0c3f\u0c28\u0c39\u0c3e %1$s \u0c2a\u0c28\u0c3f \u0c1a\u0c47\u0c2f\u0c26\u0c41.\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Date de fin\"", "\"common_google_play_services_install_title\" : \"\u039b\u03ae\u03c8\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"abc_searchview_description_query\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf\"", "\"mtrl_picker_invalid_format\" : \"\u0416\u0430\u0440\u0430\u043a\u0441\u044b\u0437 \u0444\u043e\u0440\u043c\u0430\u0442.\"", "\"character_counter_overflowed_content_description\" : \"\u0a05\u0a71\u0a16\u0a30-\u0a1a\u0a3f\u0a70\u0a28\u0a4d\u0a39 \u0a38\u0a40\u0a2e\u0a3e %2$d \u0a24\u0a4b\u0a02 %1$d \u0a35\u0a27\u0a40\"", "N12_GLOBAL__N_116itanium_demangle19SpecialSubstitutionE", "\"material_timepicker_am\" : \"am\"", "\"common_google_play_services_enable_title\" : \"\u0423\u043a\u043b\u044e\u0447\u044b\u0446\u044c \u0441\u043b\u0443\u0436\u0431\u044b Google Play\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Trokit p\u00ebr t\u00eb kaluar te zgjedhja e nj\u00eb viti\"", "std::__libcpp_tls_set failure in __cxa_get_globals()", "\"common_google_play_services_enable_title\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"material_timepicker_am\" : \"\u0ec2\u0ea1\u0e87\u0ec0\u0e8a\u0ebb\u0ec9\u0eb2\"", "\"common_google_play_services_updating_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u1794\u17be\u1798\u17b7\u1793\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play \u178a\u17c4\u1799\u179f\u17b6\u179a\u178f\u17c2\u179c\u17b6\u1780\u17c6\u1796\u17bb\u1784\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u17d4\"", "\"character_counter_overflowed_content_description\" : \"\u0c05\u0c15\u0c4d\u0c37\u0c30 \u0c2a\u0c30\u0c3f\u0c27\u0c3f %2$d\u0c32\u0c4b %1$d\u0c28\u0c41 \u0c05\u0c27\u0c3f\u0c17\u0c2e\u0c3f\u0c02\u0c1a\u0c3f\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play services availability\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u03a0\u03b1\u03c4\u03ae\u03c3\u03c4\u03b5 \u03b3\u03b9\u03b1 \u03b5\u03bd\u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03b3\u03b9\u03b1 \u03c4\u03b7\u03bd \u03b5\u03c0\u03b9\u03bb\u03bf\u03b3\u03ae \u03b7\u03bc\u03ad\u03c1\u03b1\u03c2\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u041f\u0440\u0435\u0452\u0438\u0442\u0435 \u043d\u0430 \u0440\u0435\u0436\u0438\u043c \u0443\u043d\u043e\u0441\u0430 \u0443 \u041a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u0443\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Ve\u010d kot toliko novih obvestil: %1$d\"", "\"password_toggle_content_description\" : \"\u0c2a\u0c3e\u0c38\u0c4d\u200c\u0c35\u0c30\u0c4d\u0c21\u0c4d\u200c\u0c28\u0c41 \u0c1a\u0c42\u0c2a\u0c41\"", "\"abc_searchview_description_query\" : \"Query di ricerca\"", "\"nav_app_bar_open_drawer_description\" : \"Abrir panel de navegaci\u00f3n\"", "\"abc_menu_shift_shortcut_label\" : \"\u0428\u0438\u0444\u0442+\"", "\"exposed_dropdown_menu_content_description\" : \"\u663e\u793a\u4e0b\u62c9\u83dc\u5355\"", "\"item_view_role_description\" : \"\u039a\u03b1\u03c1\u03c4\u03ad\u03bb\u03b1\"", "\"abc_toolbar_collapse_description\" : \"Tolestu\"", "\"fallback_menu_item_share_link\" : \"\u09b2\u09bf\u0982\u0995 \u09b6\u09cd\u09ac\u09c7\u09af\u09bc\u09be\u09f0 \u0995\u09f0\u0995\"", "\"fallback_menu_item_open_in_browser\" : \"Otvori u pregledniku\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u0caa\u0ca0\u0ccd\u0caf \u0c87\u0ca8\u0ccd\u200c\u0caa\u0cc1\u0c9f\u0ccd \u0cae\u0ccb\u0ca1\u0ccd\u200c\u0c97\u0cc6 \u0cac\u0ca6\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"material_timepicker_hour\" : \"\u0421\u0430\u0493\u0430\u0442\"", "\"abc_menu_delete_shortcut_label\" : \"\u522a\u9664\"", "\"common_google_play_services_update_text\" : \"%1$s s\u00f3 funciona com uma vers\u00e3o atualizada do Google Play Services.\"", "\"material_timepicker_text_input_mode_description\" : \"Schakel naar de tekstinvoermodus om de tijd in te voeren.\"", "static_cast", "N12_GLOBAL__N_116itanium_demangle15LiteralOperatorE", "\"mtrl_picker_date_header_unselected\" : \"Tanlangan sana\"", "\"abc_action_bar_up_description\" : \"\u0627\u0648\u067e\u0631 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Flere enn %1$d nye varsler\"", "\"item_view_role_description\" : \"Onglet\"", "operator|", "\"abc_action_menu_overflow_description\" : \"\u0d15\u0d42\u0d1f\u0d41\u0d24\u0d7d \u0d13\u0d2a\u0d4d\u0d37\u0d28\u0d41\u0d15\u0d7e\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0d86\u0dbb\u0db8\u0dca\u0db7\u0d9a \u0daf\u0dd2\u0db1\u0dba\"", "\"mtrl_picker_a11y_next_month\" : \"\u10e8\u10d4\u10db\u10d3\u10d4\u10d2 \u10d7\u10d5\u10d4\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"abc_action_bar_home_description\" : \"\u0bae\u0bc1\u0b95\u0baa\u0bcd\u0baa\u0bbf\u0bb1\u0bcd\u0b95\u0bc1\u0b9a\u0bcd \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"common_signin_button_text_long\" : \"\u900f\u904e Google \u767b\u5165\"", "\"mtrl_picker_invalid_format_example\" : \"\u4f8b\u5982\uff1a%1$s\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_enable_title\" : \"Enable Google Play services\"", "\"common_google_play_services_unknown_issue\" : \"%1$s har problemer med Google Play-tjenester. Pr\u00f8v igen.\"", "\"abc_capital_off\" : \"KI\"", "\"mtrl_picker_range_header_unselected\" : \"\u1005\u1010\u1004\u103a\u101b\u1000\u103a \u2013 \u1015\u103c\u102e\u1038\u1006\u102f\u1036\u1038\u101b\u1000\u103a\"", "\"common_google_play_services_updating_text\" : \"\u0938\u0927\u094d\u200d\u092f\u093e \u0905\u092a\u0921\u0947\u091f \u0939\u094b\u0924 \u0905\u0938\u0932\u0947\u0932\u094d\u200d\u092f\u093e, Google Play \u0938\u0947\u0935\u093e\u0902\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"abc_search_hint\" : \"Leita\u2026\"", "\"mtrl_picker_save\" : \"\u5132\u5b58\"", "\"material_hour_selection\" : \"Ange timme\"", "\"abc_search_hint\" : \"\u062c\u0633\u062a\u062c\u0648\u2026\u200f\"", "\"material_timepicker_text_input_mode_description\" : \"Vaihda ajan sy\u00f6tt\u00e4miseen tekstitilassa.\"", "\"abc_activity_chooser_view_see_all\" : \"\u054f\u0565\u057d\u0576\u0565\u056c \u0562\u0578\u056c\u0578\u0580\u0568\"", "\"mtrl_picker_text_input_year_abbr\" : \"u\"", "\"material_hour_selection\" : \"Valitse tunti\"", "\"material_minute_suffix\" : \"%1$s ph\u00fat\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"W\u0142\u0105cz tekstowy tryb wprowadzania\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"Data zako\u0144czenia\"", "\"material_minute_suffix\" : \"%1$s \u043c\u0438\u043d\u0443\u0442\"", "\"abc_shareactionprovider_share_with\" : \"\u039a\u03bf\u03b9\u03bd\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c3\u03b5\"", "\"fallback_menu_item_copy_link\" : \"Salin link\"", "\"abc_searchview_description_submit\" : \"\u0e2a\u0e48\u0e07\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"mtrl_picker_day_of_week_column_header\" : \"Kolona sa danima: %1$s\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 Ng\u00e0y k\u1ebft th\u00fac\"", "\"common_signin_button_text_long\" : \"Prijavi me na Google\"", "\"mtrl_picker_date_header_title\" : \"Selecta\u021bi data\"", "\"material_timepicker_select_time\" : \"\u0418\u0437\u0431\u043e\u0440 \u043d\u0430 \u0447\u0430\u0441\"", "\"mtrl_picker_invalid_range\" : \"\u041d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0439 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d.\"", "\"common_signin_button_text\" : \"Sign In\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u10d3\u10d0\u10e1\u10e0\u10e3\u10da\u10d4\u10d1\u10d8\u10e1 \u10d7\u10d0\u10e0\u10d8\u10e6\u10d8\"", "\"clear_text_end_icon_content_description\" : \"Vymazat text\"", "\"search_menu_title\" : \"Leit\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0c38\u0c47\u0c35\u0c32 \u0c32\u0c2d\u0c4d\u0c2f\u0c24\"", "\"common_signin_button_text_long\" : \"Log ind med Google\"", "\"clear_text_end_icon_content_description\" : \"X\u00f3a v\u0103n b\u1ea3n\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0bae\u0bc1\u0b9f\u0bbf\u0bb5\u0bc1\u0ba4\u0bcd \u0ba4\u0bc7\u0ba4\u0bbf\"", "\"bottomsheet_action_expand_halfway\" : \"\u0420\u0430\u0437\u0433\u0430\u0440\u043d\u0443\u0446\u044c \u043d\u0430\u043f\u0430\u043b\u043e\u0432\u0443\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Broj novih obavje\u0161tenja: vi\u0161e od %1$d\"", "\"mtrl_picker_date_header_unselected\" : \"Tanggal yang dipilih\"", "\"material_timepicker_select_time\" : \"\u0423\u0430\u049b\u044b\u0442\u0442\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"abc_menu_function_shortcut_label\" : \"FUNZIONE +\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0a38\u0a3c\u0a41\u0a30\u0a42\u0a06\u0a24\u0a40 \u0a24\u0a3e\u0a30\u0a40\u0a16\"", "struct", "\"copy_toast_msg\" : \"\u0421\u043f\u0430\u0441\u044b\u043b\u043a\u0430 \u0441\u043a\u0430\u043f\u0456\u0440\u0430\u0432\u0430\u043d\u0430 \u045e \u0431\u0443\u0444\u0435\u0440 \u0430\u0431\u043c\u0435\u043d\u0443\"", "\"common_google_play_services_install_title\" : \"Hent Google Play-tjenester\"", "\"abc_activity_chooser_view_see_all\" : \"\u0aac\u0aa7\u0ac0 \u0a9c\u0ac1\u0a93\"", "\"nav_app_bar_navigate_up_description\" : \"Sogeza juu\"", "\"abc_activitychooserview_choose_application\" : \"\u1021\u1000\u103a\u1015\u103a\u1010\u1005\u103a\u1001\u102f\u1000\u102d\u102f \u101b\u103d\u1031\u1038\u101b\u1014\u103a\"", "\"mtrl_picker_cancel\" : \"\"", "\"common_open_on_phone\" : \"Ireki telefonoan\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15\u0b30 \u0b28\u0b42\u0b24\u0b28 \u0b2d\u0b30\u0b4d\u0b38\u0b28\u0b4d\u200c \u0b06\u0b2c\u0b36\u0b4d\u0b5f\u0b15\u0964 \u0b0f\u0b39\u0b3e \u0b28\u0b3f\u0b1c\u0b15\u0b41 \u0b15\u0b3f\u0b1b\u0b3f \u0b38\u0b2e\u0b5f \u0b2e\u0b27\u0b4d\u0b5f\u0b30\u0b47 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b15\u0b30\u0b3f\u0b2c\u0964\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u201eCtrl\u201c +\"", "\"item_view_role_description\" : \"Flik\"", "\"mtrl_picker_date_header_title\" : \"Seleziona data\"", "\"abc_action_bar_up_description\" : \"Sogeza juu\"", "\"material_timepicker_text_input_mode_description\" : \"\u1794\u17d2\u178f\u17bc\u179a\u200b\u1791\u17c5\u200b\u1798\u17bb\u1781\u1784\u17b6\u179a\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u17a2\u1780\u17d2\u179f\u179a\u200b\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb\u200b\u1780\u17b6\u179a\u200b\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u1798\u17c9\u17c4\u1784\u17d4\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u5e74\"", "\"material_hour_selection\" : \"Seleccioneu l'hora\"", "\"mtrl_picker_text_input_year_abbr\" : \"\ub144\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u092a\u093e\u0920\u0915\u094b \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u092e\u093e \u092c\u0926\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "std::istream", "\"character_counter_overflowed_content_description\" : \"Lumampas sa limitasyon sa bilang ng character %1$d sa %2$d\"", "\"material_hour_selection\" : \"Velja t\u00edma\"", "\"common_signin_button_text_long\" : \"Ingia katika akaunti ukitumia Google\"", "\"abc_activitychooserview_choose_application\" : \"Veldu forrit\"", "\"abc_activity_chooser_view_see_all\" : \"Buka konke\"", "\"exposed_dropdown_menu_content_description\" : \"Kuva rippmen\u00fc\u00fc\"", "\"mtrl_picker_invalid_format\" : \"\u041d\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u043e\u0440\u043c\u0430\u0442.\"", "\"common_google_play_services_unknown_issue\" : \"Det har uppst\u00e5tt ett fel mellan %1$s och Google Play-tj\u00e4nsterna. F\u00f6rs\u00f6k igen.\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Boshlanish sanasi\"", "\"item_view_role_description\" : \"Tabblad\"", "\"mtrl_picker_range_header_title\" : \"Selecionar intervalo\"", "\"abc_searchview_description_submit\" : \"Thumela umbuzo\"", "\"bottomsheet_action_expand_halfway\" : \"\u0c85\u0cb0\u0ccd\u0ca7\u0ca6\u0cb7\u0ccd\u0c9f\u0cc1 \u0cb5\u0cbf\u0cb8\u0ccd\u0ca4\u0cb0\u0cbf\u0cb8\u0cbf\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca4\u0cc6\u0c97\u0cc6\u0ca6\u0cc1\u0cb9\u0cbe\u0c95\u0cbf\"", "\"material_timepicker_text_input_mode_description\" : \"Pentru a introduce ora, comuta\u021bi la modul de introducere a textului.\"", "\"material_timepicker_hour\" : \"Soat\"", "\"abc_menu_function_shortcut_label\" : \"Funktionstaste\u00a0+\"", "\"material_hour_selection\" : \"\u9078\u53d6\u6642\u6bb5\"", "\"mtrl_picker_a11y_prev_month\" : \"\u524d\u6708\u306b\u5909\u66f4\"", "\"password_toggle_content_description\" : \"N\u00e4yt\u00e4 salasana\"", "\"fallback_menu_item_share_link\" : \"\u0c32\u0c3f\u0c02\u0c15\u0c4d\u200c\u0c28\u0c41 \u0c37\u0c47\u0c30\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"common_google_play_services_unsupported_text\" : \"N\u00e3o \u00e9 poss\u00edvel executar o %1$s sem os Servi\u00e7os do Google Play, os quais n\u00e3o s\u00e3o compat\u00edveis com o seu dispositivo.\"", "\"abc_shareactionprovider_share_with\" : \"Bagikan dengan\"", "\"material_timepicker_pm\" : \"\u12a8\u1230\u12d3\u1275\"", "\"nav_app_bar_navigate_up_description\" : \"Siirry yl\u00f6s\"", "\"mtrl_badge_numberless_content_description\" : \"Yeni bildirim\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"\u0544\u0565\u056f\u0576\u0561\u0580\u056f\u056b \u0561\u0574\u057d\u0561\u0569\u056b\u057e\u0568\"", "\"mtrl_picker_date_header_unselected\" : \"\u9009\u5b9a\u7684\u65e5\u671f\"", "\"mtrl_picker_range_header_unselected\" : \"Idethi yokuqala \u2013 Idethi yokuphela\"", "\"character_counter_overflowed_content_description\" : \"\uae00\uc790 \uc218 \uc81c\ud55c\uc774 \ucd08\uacfc\ub418\uc5c8\uc2b5\ub2c8\ub2e4(%1$d/%2$d).\"", "\"mtrl_picker_date_header_title\" : \"\u0a24\u0a3e\u0a30\u0a40\u0a16 \u0a1a\u0a41\u0a23\u0a4b\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0414\u0443\u0443\u0441\u0430\u0445 \u043e\u0433\u043d\u043e\u043e\"", "\"common_google_play_services_enable_button\" : \"Iesp\u0113jot\"", "\"mtrl_picker_invalid_format_example\" : \"\u0645\u062b\u0627\u0644: %1$s\"", "\"mtrl_picker_range_header_title\" : \"\u0d36\u0d4d\u0d30\u0d47\u0d23\u0d3f \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"nav_app_bar_navigate_up_description\" : \"\u10d6\u10d4\u10db\u10dd\u10d7 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"nav_app_bar_open_drawer_description\" : \"\u05e4\u05ea\u05d9\u05d7\u05ea \u05d7\u05dc\u05d5\u05e0\u05d9\u05ea \u05d4\u05d4\u05d6\u05d6\u05d4 \u05dc\u05e0\u05d9\u05d5\u05d5\u05d8\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u049b\u0430\u0442\u0435\u0441\u0456\"", "\"abc_action_mode_done\" : \"U krye\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Puudutage, et l\u00fclituda aasta valimisele\"", "\"abc_action_bar_home_description\" : \"Orientohu p\u00ebr n\u00eb sht\u00ebpi\"", "\"mtrl_picker_invalid_format\" : \"El format no \u00e9s v\u00e0lid.\"", "\"mtrl_picker_out_of_range\" : \"Izvan perioda: %1$s\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0ca8\u0cca\u0c82\u0ca6\u0cbf\u0c97\u0cc6 \u0cb9\u0c82\u0c9a\u0cbf\u0c95\u0cca\u0cb3\u0ccd\u0cb3\u0cbf\"", "\"mtrl_picker_range_header_unselected\" : \"\u09b6\u09c1\u09b0\u09c1\u09b0 \u09a4\u09be\u09b0\u09bf\u0996 - \u09b8\u09ae\u09be\u09aa\u09cd\u09a4\u09bf\u09b0 \u09a4\u09be\u09b0\u09bf\u0996\"", "\"abc_activitychooserview_choose_application\" : \"Valitse sovellus\"", "\"icon_content_description\" : \"\u0921\u093e\u092f\u0932\u0949\u0917 \u0915\u093e \u0906\u0907\u0915\u0949\u0928\"", "\"mtrl_picker_date_header_unselected\" : \"\u0412\u0438\u0431\u0440\u0430\u043d\u0430 \u0434\u0430\u0442\u0430\"", "\"mtrl_picker_range_header_unselected\" : \"Fecha de inicio\u2013Fecha de finalizaci\u00f3n\"", "\"common_google_play_services_enable_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d8\u10db\u10e3\u10e8\u10d0\u10d5\u10d4\u10d1\u10e1 Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\u10db\u10d3\u10d4.\"", "\"mtrl_picker_range_header_unselected\" : \"\u041f\u043e\u0447\u0435\u0442\u0435\u043d \u0434\u0430\u0442\u0443\u043c - \u043a\u0440\u0430\u0435\u043d \u0434\u0430\u0442\u0443\u043c\"", "\"mtrl_picker_date_header_unselected\" : \"\u09ac\u09c7\u099b\u09c7 \u09a8\u09c7\u0993\u09df\u09be \u09a4\u09be\u09b0\u09bf\u0996\"", "\"common_signin_button_text_long\" : \"Meld aan met Google\"", "\"mtrl_picker_a11y_prev_month\" : \"\u101a\u1001\u1004\u103a\u101c\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u101b\u1014\u103a\"", "N12_GLOBAL__N_116itanium_demangle8CastExprE", "\"abc_shareactionprovider_share_with_application\" : \"%s\uacfc(\uc640) \uacf5\uc720\"", "\"mtrl_picker_a11y_prev_month\" : \"\u092e\u093e\u0917\u0940\u0932 \u092e\u0939\u093f\u0928\u094d\u092f\u093e\u0935\u0930 \u092c\u0926\u0932\u093e\"", "\"abc_searchview_description_search\" : \"\u134d\u1208\u130b\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Dodirnite za prijelaz na odabir dana\"", "\"abc_searchview_description_clear\" : \"Sula inkinga\"", "\"abc_searchview_description_query\" : \"Mekl\u0113\u0161anas vaic\u0101jums\"", "\"common_signin_button_text_long\" : \"Google \u1016\u103c\u1004\u1037\u103a \u101c\u1000\u103a\u1019\u103e\u1010\u103a\u1011\u102d\u102f\u1038\u101d\u1004\u103a\u101b\u1031\"", "\"common_google_play_services_update_title\" : \"\u0410\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"icon_content_description\" : \"Icona de cadro de di\u00e1logo\"", "\"clear_text_end_icon_content_description\" : \"\u30c6\u30ad\u30b9\u30c8\u3092\u6d88\u53bb\"", "\"common_google_play_services_wear_update_text\" : \"C\u1ea7n phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a d\u1ecbch v\u1ee5 Google Play. D\u1ecbch v\u1ee5 s\u1ebd s\u1edbm t\u1ef1 \u0111\u1ed9ng c\u1eadp nh\u1eadt.\"", "\"abc_shareactionprovider_share_with_application\" : \"Jagamine rakendusega %s\"", "\"common_signin_button_text\" : \"Logi sisse\"", "\"mtrl_picker_date_header_title\" : \"\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u200b\u1780\u17b6\u179b\u200b\u1794\u179a\u17b7\u1785\u17d2\u1786\u17c1\u1791\"", "unknown personality routine", "\"material_timepicker_am\" : \"\u1325\u12cb\u1275\"", "\"material_timepicker_text_input_mode_description\" : \"Beralih ke mode masukan teks untuk masukan waktu.\"", "\"material_timepicker_hour\" : \"Hour\"", "invocation function for block in ", "\"mtrl_picker_navigate_to_year_description\" : \"%1$s\u0aa8\u0abe \u0ab5\u0ab0\u0acd\u0ab7 \u0aaa\u0ab0 \u0aa8\u0ac5\u0ab5\u0abf\u0a97\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_invalid_format_example\" : \"N\u00fcmun\u0259: %1$s\"", "\"clear_text_end_icon_content_description\" : \"\u0422\u0435\u043a\u0441\u0442\u0442\u0438 \u0442\u0430\u0437\u0430\u043b\u043e\u043e\"", "\"nav_app_bar_open_drawer_description\" : \"Apri riquadro di navigazione\"", "\"abc_action_mode_done\" : \"Valmis\"", "\"common_signin_button_text\" : \"\u0633\u0627\u0626\u0646 \u0627\u0646 \u06a9\u0631\u06cc\u06ba\"", "\"abc_activity_chooser_view_see_all\" : \"\u0a38\u0a2d \u0a26\u0a47\u0a16\u0a4b\"", "\"common_google_play_services_wear_update_text\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u5fc5\u8981\u3067\u3059\u3002\u307e\u3082\u306a\u304f\u81ea\u52d5\u66f4\u65b0\u3055\u308c\u307e\u3059\u3002\"", "\"abc_capital_off\" : \"VALA\"", "\"abc_action_bar_home_description\" : \"Vai ao inicio\"", "\"common_open_on_phone\" : \"\u0bae\u0bca\u0baa\u0bc8\u0bb2\u0bbf\u0bb2\u0bcd \u0ba4\u0bbf\u0bb1\"", "\"exposed_dropdown_menu_content_description\" : \"\u041f\u0430\u043a\u0430\u0437\u0430\u0446\u044c \u0432\u044b\u043f\u0430\u0434\u043d\u043e\u0435 \u043c\u0435\u043d\u044e\"", "\"common_google_play_services_unsupported_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u0627\u0644\u062a\u064a \u0644\u0627 \u064a\u0648\u0641\u0631\u0647\u0627 \u062c\u0647\u0627\u0632\u0643.\"", "\"material_minute_selection\" : \"\u12f0\u1242\u1243\u12ce\u127d\u1295 \u12ed\u121d\u1228\u1321\"", "\"mtrl_picker_invalid_range\" : \"\u063a\u0644\u0637 \u0631\u06cc\u0646\u062c\u06d4\"", "\"abc_searchview_description_voice\" : \"Wyszukiwanie g\u0142osowe\"", "\"common_google_play_services_unsupported_text\" : \"Cihaz\u0131n\u0131z t\u0259r\u0259find\u0259n d\u0259st\u0259kl\u0259nm\u0259y\u0259n Google Play xidm\u0259tl\u0259ri olmadan %1$s t\u0259tbiqi i\u015fl\u0259m\u0259y\u0259c\u0259k.\"", "\"material_timepicker_select_time\" : \"\u0a38\u0a2e\u0a3e\u0a02 \u0a1a\u0a41\u0a23\u0a4b\"", "\"mtrl_picker_save\" : \"Vista\"", "\"common_google_play_services_enable_title\" : \"Activa Serveis de Google Play\"", "\"abc_activitychooserview_choose_application\" : \"Pilih apl\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u670d\u52d9\u767c\u751f\u932f\u8aa4\"", "\"mtrl_picker_invalid_format\" : \"\u683c\u5f0f\u65e0\u6548\u3002\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u1021\u1000\u103c\u1031\u102c\u1004\u103a\u1038\u1000\u103c\u102c\u1038\u1001\u103b\u1000\u103a\u1021\u101e\u1005\u103a %1$d \u1001\u102f \u1021\u1011\u1000\u103a\"", "\"abc_capital_on\" : \"AKT\u0130V\"", "\"abc_searchview_description_search\" : \"\u0406\u0437\u0434\u0435\u0443\"", "\"common_signin_button_text_long\" : \"Logg p\u00e5 med Google\"", "\"mtrl_picker_a11y_prev_month\" : \"Rudi kwenye mwezi uliotangulia\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Trykk for \u00e5 bytte til \u00e5 velge dag\"", "\"abc_menu_delete_shortcut_label\" : \"delete\"", "\"abc_action_bar_up_description\" : \"\u0a89\u0aaa\u0ab0 \u0aa8\u0ac5\u0ab5\u0abf\u0a97\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Data de in\u00edcio \u2013 %1$s\"", "\"common_google_play_services_install_title\" : \"Lortu Google Play zerbitzuak\"", "\"mtrl_picker_invalid_format\" : \"\u0917\u0932\u0924 \u095e\u0949\u0930\u094d\u092e\u0948\u091f.\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cb2\u0ccd\u0cb2\u0cbf %1$s \u0cb8\u0cae\u0cb8\u0ccd\u0caf\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb9\u0cca\u0c82\u0ca6\u0cbf\u0ca6\u0cc6. \u0ca6\u0caf\u0cb5\u0cbf\u0c9f\u0ccd\u0c9f\u0cc1 \u0cae\u0ca4\u0ccd\u0ca4\u0cc6 \u0caa\u0ccd\u0cb0\u0caf\u0ca4\u0ccd\u0ca8\u0cbf\u0cb8\u0cbf.\"", "\"material_clock_toggle_content_description\" : \"Valige AM v\u00f5i PM\"", "\"error_icon_content_description\" : \"\u041e\u0448\u0438\u0431\u043a\u0430\"", "\"nav_app_bar_navigate_up_description\" : \"Navigeeri \u00fcles\"", "\"mtrl_picker_announce_current_selection\" : \"Selecci\u00f3n actual: %1$s\"", "\"common_google_play_services_update_button\" : \"\u0428\u0438\u043d\u044d\u0447\u043b\u044d\u0445\"", "\"mtrl_picker_a11y_prev_month\" : \"P\u0159ej\u00edt na p\u0159edchoz\u00ed m\u011bs\u00edc\"", "\"mtrl_picker_range_header_unselected\" : \"\u0d86\u0dbb\u0db8\u0dca\u0db7\u0d9a \u0daf\u0dd2\u0db1\u0dba \u2013 \u0db1\u0dd2\u0db8\u0dcf \u0dc0\u0db1 \u0daf\u0dd2\u0db1\u0dba\"", "\"fallback_menu_item_open_in_browser\" : \"\u1260\u12a0\u1233\u123d \u12cd\u1235\u1325 \u12ad\u1348\u1275\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"%1$d \u0a24\u0a4b\u0a02 \u0a35\u0a71\u0a27 \u0a28\u0a35\u0a40\u0a06\u0a02 \u0a38\u0a42\u0a1a\u0a28\u0a3e\u0a35\u0a3e\u0a02\"", "\"password_toggle_content_description\" : \"Mostrar contrase\u00f1a\"", "\"error_icon_content_description\" : \"\u9519\u8bef\"", "\"mtrl_picker_save\" : \"\u0e9a\u0eb1\u0e99\u0e97\u0eb6\u0e81\"", "\"mtrl_picker_invalid_format_example\" : \"Primer: %1$s\"", "\"icon_content_description\" : \"Dialog Icon\"", "\"material_timepicker_minute\" : \"Minute\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Toca para seleccionar un d\u00eda\"", "\"common_google_play_services_install_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play na wala sa iyong device.\"", "\"mtrl_badge_numberless_content_description\" : \"\u0928\u0908 \u0938\u0942\u091a\u0928\u093e\"", "\"abc_capital_on\" : \"ACTIVA\"", "\"abc_action_mode_done\" : \"Termin\u00e9\"", "\"common_google_play_services_update_button\" : \"\u0986\u09aa\u09a1\u09c7\u099f \u0995\u09f0\u0995\"", "operator<<=", "\"abc_action_bar_home_description\" : \"\u0411\u0430\u0448\u043a\u044b \u0431\u0435\u0442\u043a\u0435 \u0447\u0430\u0431\u044b\u0442\u0442\u043e\u043e\"", "\"copy_toast_msg\" : \"\u0dc3\u0db6\u0dd0\u0db3\u0dd2\u0dba \u0db4\u0dc3\u0dd4\u0dbb\u0dd4 \u0db4\u0dd4\u0dc0\u0dbb\u0dd4\u0dc0\u0da7 \u0db4\u0dd2\u0da7\u0db4\u0dad\u0dca \u0d9a\u0dd9\u0dbb\u0dd2\u0dab\u0dd2\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 \u0cae\u0cc1\u0c95\u0ccd\u0ca4\u0cbe\u0caf \u0ca6\u0cbf\u0ca8\u0cbe\u0c82\u0c95\"", "\"material_timepicker_hour\" : \"Ura\"", "\"password_toggle_content_description\" : \"Tampilkan sandi\"", "\"common_google_play_services_update_text\" : \"%1$s \u0924\u092a\u093e\u0908\u0902\u0932\u0947 Google \u092a\u094d\u0932\u0947 \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0928\u0917\u0930\u0947\u0938\u092e\u094d\u092e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0901\u0926\u0948\u0928\u0964\"", "\"abc_prepend_shortcut_label\" : \"Meny+\"", "\"mtrl_picker_save\" : \"Saxlay\u0131n\"", "\"abc_searchview_description_clear\" : \"\u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\u0c28\u0c41 \u0c24\u0c40\u0c38\u0c3f\u0c35\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"abc_action_menu_overflow_description\" : \"Ezinye izinketho\"", "\"abc_menu_enter_shortcut_label\" : \"\u0412\u0432\u043e\u0434\"", "\"mtrl_picker_invalid_format_use\" : \"\u0a86\u0aa8\u0acb \u0a89\u0aaa\u0aaf\u0acb\u0a97 \u0a95\u0ab0\u0acb: %1$s\"", "\"abc_searchview_description_query\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458 \u0431\u0430\u0440\u0430\u045a\u0435\"", " volatile", "\"mtrl_picker_a11y_next_month\" : \"\u041a\u0438\u0439\u0438\u043d\u043a\u0438 \u0430\u0439\u0433\u0430 \u04e9\u0437\u0433\u04e9\u0440\u0442\u04af\u04af\"", "\"common_google_play_services_enable_title\" : \"Aktivizo sh\u00ebrbimet e \"Luaj me Google\"\"", "\"mtrl_picker_save\" : \"Guardar\"", "\"mtrl_picker_invalid_format\" : \"Sobimatu vorming.\"", "\"common_google_play_services_update_title\" : \"\u200f\u202b\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "\"mtrl_picker_invalid_format\" : \"Ifomethi engavumelekile.\"", "\"abc_activitychooserview_choose_application\" : \"Pasirinkite program\u0105\"", "\"abc_action_mode_done\" : \"\u0413\u0430\u0442\u043e\u0432\u0430\"", "decltype(auto)", "\"common_google_play_services_enable_button\" : \"\u0423\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438\"", "\"material_timepicker_clock_mode_description\" : \"Pentru a introduce ora, comuta\u021bi la modul ceas.\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0414\u043e\u043f\u0440\u0435\u0442\u0435 \u0437\u0430 \u0434\u0430 \u0441\u0435 \u043f\u0440\u0435\u0444\u0440\u043b\u0438\u0442\u0435 \u043d\u0430 \u0438\u0437\u0431\u0438\u0440\u0430\u045a\u0435 \u0433\u043e\u0434\u0438\u043d\u0430\"", "\"abc_search_hint\" : \"S\u00f6k \u2026\"", "\"icon_content_description\" : \"\u0417\u043d\u0430\u0447\u043e\u043a \u0434\u044b\u044f\u043b\u043e\u0433\u0430\u0432\u0430\u0433\u0430 \u0430\u043a\u043d\u0430\"", "\"abc_action_bar_home_description\" : \"P\u0101rvietoties uz s\u0101kuma ekr\u0101nu\"", "N12_GLOBAL__N_116itanium_demangle10NestedNameE", "\"common_google_play_services_update_title\" : \"C\u1eadp nh\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"error_icon_content_description\" : \"\uc624\ub958\"", "\"common_google_play_services_update_button\" : \"\u0539\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u056c\"", "\"item_view_role_description\" : \"\u0ba4\u0bbe\u0bb5\u0bb2\u0bcd\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u178a\u17c4\u1799\u1782\u17d2\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u179a\u1794\u179f\u17cb Google Play \u178a\u17c2\u179b\u17a7\u1794\u1780\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u1798\u17b7\u1793\u1782\u17b6\u17c6\u1791\u17d2\u179a\u1793\u17c4\u17c7\u1791\u17c1\u17d4\"", "\"character_counter_overflowed_content_description\" : \"Prekora\u010deno je ograni\u010denje broja znakova: %1$d od %2$d\"", "\"common_google_play_services_update_text\" : \"\u201e%1$s\u201c nebus paleid\u017eiama, jei neatnaujinsite \u201eGoogle Play\u201c paslaug\u0173.\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Prad\u017eios data\u2013%1$s\"", "\"abc_menu_sym_shortcut_label\" : \"\u201eSym\u201c +\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf\u0dc0\u0dbd \u0db1\u0dc0 \u0d85\u0db1\u0dd4\u0dc0\u0dcf\u0daf\u0dba\u0d9a\u0dca \u0d85\u0dc0\u0dc1\u0dca\u200d\u0dba\u0dba\u0dd2. \u0d91\u0dba \u0db8\u0daf \u0dc0\u0dda\u0dbd\u0dcf\u0dc0\u0d9a\u0dd2\u0db1\u0dca \u0d91\u0dba \u0dc0\u0dd2\u0dc3\u0dd2\u0db1\u0dca\u0db8 \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"abc_toolbar_collapse_description\" : \"\u053e\u0561\u056c\u0565\u056c\"", "\"material_timepicker_minute\" : \"Minuta\"", "\"fallback_menu_item_open_in_browser\" : \"Maak in blaaier oop\"", "\"common_signin_button_text\" : \"Inicia sessi\u00f3\"", "\"abc_activity_chooser_view_see_all\" : \"\uc804\uccb4 \ubcf4\uae30\"", "\"mtrl_picker_range_header_unselected\" : \"Data de in\u00edcio \u2013 Data de conclus\u00e3o\"", "\"abc_menu_function_shortcut_label\" : \"Fn+\"", "\"material_clock_toggle_content_description\" : \"\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f AM \u17ac PM\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Gusa ili uende kwenye sehemu ya kuchagua mwaka\"", "\"abc_activity_chooser_view_see_all\" : \"\u1021\u102c\u1038\u101c\u102f\u1036\u1038 \u1000\u103c\u100a\u1037\u103a\u101b\u1014\u103a\"", "\"abc_menu_meta_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200eMeta+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_title\" : \"Google Play \u09b8\u09c7\u09f1\u09be \u0986\u09aa\u09a1\u09c7\u099f \u0995\u09f0\u0995\"", "\"bottomsheet_action_expand_halfway\" : \"Rozbali\u0165 napoly\"", "\"abc_searchview_description_voice\" : \"\u062c\u0633\u062a\u062c\u0648\u06cc \u06af\u0641\u062a\u0627\u0631\u06cc\"", "\"common_google_play_services_update_title\" : \"\u0395\u03bd\u03b7\u03bc\u03ad\u03c1\u03c9\u03c3\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"mtrl_badge_numberless_content_description\" : \"\u0625\u0634\u0639\u0627\u0631 \u062c\u062f\u064a\u062f\"", "\"clear_text_end_icon_content_description\" : \"Garbitu testua\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/UnwindCursor.hpp", "\"common_google_play_services_unsupported_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0a9a\u0abe\u0ab2\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0aa4\u0aae\u0abe\u0ab0\u0abe \u0a89\u0aaa\u0a95\u0ab0\u0aa3 \u0aa6\u0acd\u0ab5\u0abe\u0ab0\u0abe \u0ab8\u0aae\u0ab0\u0acd\u0aa5\u0abf\u0aa4 \u0aa8\u0aa5\u0ac0.\"", "\"common_google_play_services_notification_ticker\" : \"Error de Serveis de Google Play\"", "\"clear_text_end_icon_content_description\" : \"\u0a32\u0a3f\u0a16\u0a24 \u0a15\u0a32\u0a40\u0a05\u0a30 \u0a15\u0a30\u0a4b\"", "_Unwind_Resume", "\"common_google_play_services_enable_button\" : \"\u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u041a\u04af\u043d \u0442\u0430\u043d\u0434\u043e\u043e \u04af\u0447\u04af\u043d \u0442\u0430\u043f\u0442\u0430\u043f \u043a\u043e\u044e\u04a3\u0443\u0437\"", "\"mtrl_chip_close_icon_content_description\" : \"Suprimeix %1$s\"", "\"item_view_role_description\" : \"\u091f\u0945\u092c\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s \u09b8\u09b0\u09bf\u09df\u09c7 \u09a6\u09bf\u09a8\"", "\"clear_text_end_icon_content_description\" : \"Tekst wissen\"", "\"abc_menu_enter_shortcut_label\" : \"enter\"", "\"common_google_play_services_update_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0574\u056b\u0576\u0579\u0587 \u0579\u0569\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u0584 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568:\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0414\u043e\u043a\u043e\u0441\u043d\u0435\u0442\u0435, \u0437\u0430 \u0434\u0430 \u043f\u0440\u0435\u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u043a\u044a\u043c \u0438\u0437\u0431\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0433\u043e\u0434\u0438\u043d\u0430\"", "\"abc_activitychooserview_choose_application\" : \"\u30a2\u30d7\u30ea\u306e\u9078\u629e\"", "\"abc_action_mode_done\" : \"\u09b8\u09ae\u09cd\u09aa\u09a8\u09cd\u09a8 \u09b9\u2019\u09b2\"", "\"icon_content_description\" : \"\u0a35\u0a3f\u0a70\u0a21\u0a4b \u0a26\u0a3e \u0a2a\u0a4d\u0a30\u0a24\u0a40\u0a15\"", "N12_GLOBAL__N_116itanium_demangle21CtorVtableSpecialNameE", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0938\u0947 \u0936\u0947\u092f\u0930 \u0915\u0930\u0947\u0902\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_unsupported_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play. \u041e\u043d\u0438 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0432\u0430\u0448\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\"", "\"material_minute_selection\" : \"\u041c\u0438\u043d\u0443\u0442 \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"material_timepicker_text_input_mode_description\" : \"Aktiveerige kellaaja sisestamiseks tekstisisestusre\u017eiim.\"", "\"material_timepicker_text_input_mode_description\" : \"Skift til teksttilstand for at angive klokkesl\u00e6t.\"", "\"icon_content_description\" : \"\u0d21\u0d2f\u0d32\u0d4b\u0d17\u0d4d \u0d10\u0d15\u0d4d\u0d15\u0d7a\"", "\"material_hour_selection\" : \"Ch\u1ecdn gi\u1edd\"", "\"mtrl_badge_numberless_content_description\" : \"Yangi bildirishnoma\"", "\"abc_menu_function_shortcut_label\" : \"\u201eFunction\u201c +\"", "\"abc_toolbar_collapse_description\" : \"Sbalit\"", "\"abc_menu_ctrl_shortcut_label\" : \"CTRL +\"", "\"material_minute_suffix\" : \"%1$s dakika\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0433\u043e\u043b\u043e\u0432\u043d\u0443\"", "\"search_menu_title\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u10d8\u10d7 \u10d2\u10d0\u10d6\u10d8\u10d0\u10e0\u10d4\u10d1\u10d0\"", "\"common_google_play_services_update_title\" : \"\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"mtrl_picker_a11y_prev_month\" : \"Change to previous month\"", "_Unwind_VRS_Set", "\"mtrl_picker_toggle_to_text_input_mode\" : \"L\u00fclitu tekstisisestusre\u017eiimile\"", "terminate_handler unexpectedly threw an exception", "\"common_google_play_services_enable_button\" : \"W\u0142\u0105cz\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"Izaziso ezintsha ezingaphezu kokungu-%1$d\"", "\"nav_app_bar_navigate_up_description\" : \"Navigasi ke atas\"", "\"abc_action_bar_home_description\" : \"Eve gidi\u015f yolunu g\u00f6ster\"", "\"mtrl_picker_a11y_next_month\" : \"V\u00e1lt\u00e1s a k\u00f6vetkez\u0151 h\u00f3napra\"", "\"mtrl_picker_date_header_title\" : \"Datum ausw\u00e4hlen\"", "\"character_counter_overflowed_content_description\" : \"\u10d2\u10d0\u10d3\u10d0\u10ed\u10d0\u10e0\u10d1\u10d4\u10d1\u10e3\u10da\u10d8\u10d0 \u10e1\u10d8\u10db\u10d1\u10dd\u10da\u10dd\u10d7\u10d0 \u10da\u10d8\u10db\u10d8\u10e2\u10d8 (%2$d-\u10d3\u10d0\u10dc %1$d)\"", "\"common_google_play_services_install_title\" : \"Descargar Servicios de Google Play\"", "\"material_clock_toggle_content_description\" : \"AM \u0a85\u0aa5\u0ab5\u0abe PM \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_day_of_week_column_header\" : \"Colonna dei giorni: %1$s\"", "\"nav_app_bar_navigate_up_description\" : \"Prejs\u0165 hore\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0a95\u0ac5\u0ab2\u0ac7\u0aa8\u0acd\u0aa1\u0ab0 \u0a87\u0aa8\u0aaa\u0ac1\u0a9f \u0aae\u0acb\u0aa1 \u0aaa\u0ab0 \u0ab8\u0acd\u0ab5\u0abf\u0a9a \u0a95\u0ab0\u0acb\"", "\"mtrl_picker_invalid_format_example\" : \"Example: %1$s\"", "N12_GLOBAL__N_116itanium_demangle15IntegerCastExprE", "getInfoFromEHABISection", "getBytes", "\"fallback_menu_item_share_link\" : \"\u0b32\u0b3f\u0b19\u0b4d\u0b15\u0b4d \u0b38\u0b47\u0b5f\u0b3e\u0b30\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "ostream", "\"mtrl_picker_range_header_title\" : \"Chagua Kipindi cha Tarehe\"", "\"mtrl_picker_invalid_format_example\" : \"\u0909\u0926\u093e\u0939\u0930\u0923: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"Chia s\u1ebb v\u1edbi\"", "\"mtrl_picker_range_header_unselected\" : \"\u958b\u59cb\u65e5\u671f \u2013 \u7d50\u675f\u65e5\u671f\"", "\"abc_activitychooserview_choose_application\" : \"Odabir aplikacije\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Alguskuup\u00e4ev\"", "\"abc_action_menu_overflow_description\" : \"\u062e\u064a\u0627\u0631\u0627\u062a \u0623\u0643\u062b\u0631\"", "\"material_minute_selection\" : \"\u0d2e\u0d3f\u0d28\u0d3f\u0d31\u0d4d\u0d31\u0d4d \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_picker_invalid_format_use\" : \"\u0c87\u0ca6\u0ca8\u0ccd\u0ca8\u0cc1 \u0cac\u0cb3\u0cb8\u0cbf: %1$s\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ondervindt problemen met Google Play-services. Probeer het opnieuw.\"", "\"mtrl_picker_text_input_year_abbr\" : \"\u0633\"", "\"fallback_menu_item_share_link\" : \"Deli link\"", "\"abc_action_mode_done\" : \"Klar\"", "\"abc_capital_on\" : \"\u0b05\u0b28\u0b4d\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play services-\u10d8\u10e1 \u10ee\u10d4\u10da\u10db\u10d8\u10e1\u10d0\u10ec\u10d5\u10d3\u10dd\u10db\u10dd\u10d1\u10d0\"", "N12_GLOBAL__N_116itanium_demangle27ExpandedSpecialSubstitutionE", "\"icon_content_description\" : \"\u1012\u102d\u102f\u1004\u103a\u101a\u102c\u101c\u1031\u102c\u1037\u1001\u103a \u101e\u1004\u103a\u1039\u1000\u1031\u1010\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e6lg en app\"", "\"mtrl_picker_a11y_next_month\" : \"Aldatu hurrengo hilabetera\"", "\"abc_capital_on\" : \"\u0423\u041a\u0409\u0423\u0427\u0415\u041d\u041e\"", "\"common_google_play_services_enable_title\" : \"Aktifkan layanan Google Play\"", "\"material_clock_toggle_content_description\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u043f\u0440\u0435 \u043f\u043e\u0434\u043d\u0435 \u0438\u043b\u0438 \u043f\u043e \u043f\u043e\u0434\u043d\u0435\"", "\"material_timepicker_hour\" : \"Valanda\"", "\"bottomsheet_action_expand_halfway\" : \"\u4e0b\u534a\u5206\u3092\u5c55\u958b\"", "\"mtrl_picker_day_of_week_column_header\" : \"\u0aa6\u0abf\u0ab5\u0ab8\u0acb\u0aa8\u0ac0 \u0a95\u0ac9\u0ab2\u0aae: %1$s\"", "\"mtrl_picker_a11y_prev_month\" : \"P\u0101riet uz iepriek\u0161\u0113jo m\u0113nesi\"", "\"appbar_scrolling_view_behavior\" : \"com.google.android.material.appbar.AppBarLayout$ScrollingViewBehavior\"", "\"material_hour_suffix\" : \"%1$s\u00a0\u0433\u0430\u0434\u0437\"", "\"mtrl_picker_a11y_next_month\" : \"Ubah ke bulan berikutnya\"", "\"abc_toolbar_collapse_description\" : \"Restr\u00e2nge\u021bi\"", "\"abc_action_mode_done\" : \"Ferdig\"", "\"mtrl_picker_range_header_title\" : \"Selecione o intervalo\"", "\"mtrl_picker_text_input_month_abbr\" : \"\u10ec\u10d7\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05d0\u05d9\u05e0\u05dd \u05e0\u05ea\u05de\u05db\u05d9\u05dd \u05d1\u05de\u05db\u05e9\u05d9\u05e8 \u05e9\u05dc\u05da.\"", "\"material_hour_selection\" : \"\u0d2e\u0d23\u0d3f\u0d15\u0d4d\u0d15\u0d42\u0d7c \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_open_on_phone\" : \"\u092b\u093c\u094b\u0928 \u092a\u0930 \u0916\u094b\u0932\u0947\u0902\"", "alignof (", "\"abc_action_menu_overflow_description\" : \"\u041f\u043e\u0432\u0435\u045c\u0435 \u043e\u043f\u0446\u0438\u0438\"", "\"common_google_play_services_update_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03b1\u03c6\u03bf\u03cd \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03ce\u03c3\u03b5\u03c4\u03b5 \u03c4\u03b9\u03c2 \u03a5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play.\"", "\"mtrl_badge_numberless_content_description\" : \"\u0e01\u0e32\u0e23\u0e41\u0e08\u0e49\u0e07\u0e40\u0e15\u0e37\u0e2d\u0e19\u0e43\u0e2b\u0e21\u0e48\"", "\"mtrl_picker_a11y_prev_month\" : \"Passer au mois pr\u00e9c\u00e9dent\"", "\"fallback_menu_item_share_link\" : \"Comparteix l'enlla\u00e7\"", "\"mtrl_picker_toggle_to_day_selection\" : \"\u0a26\u0a3f\u0a28 \u0a26\u0a40 \u0a1a\u0a4b\u0a23 '\u0a24\u0a47 \u0a1c\u0a3e\u0a23 \u0a32\u0a08 \u0a1f\u0a48\u0a2a \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_unsupported_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03b4\u03b5\u03bd \u03c5\u03c0\u03bf\u03c3\u03c4\u03b7\u03c1\u03af\u03b6\u03bf\u03bd\u03c4\u03b1\u03b9 \u03b1\u03c0\u03cc \u03c4\u03b7 \u03c3\u03c5\u03c3\u03ba\u03b5\u03c5\u03ae \u03c3\u03b1\u03c2.\"", "\"common_google_play_services_install_title\" : \"Instalace slu\u017eeb Google Play\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u5207\u63db\u81f3\u65e5\u66c6\u8f38\u5165\u6a21\u5f0f\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s-\u0433 \u0443\u0441\u0442\u0433\u0430\u0445\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u1015\u103c\u102e\u1038\u1006\u102f\u1036\u1038\u101b\u1000\u103a\"", "\"common_google_play_services_notification_channel_name\" : \"Ukungatholakali kwamasevisi e-Google Play\"", "\"mtrl_picker_a11y_next_month\" : \"Spremeni na naslednji mesec\"", "getFloatRegister", "\"mtrl_exceed_max_badge_number_content_description\" : \"Rohkem kui %1$d uut m\u00e4rguannet\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n+\"", "\"material_minute_suffix\" : \"%1$s perc\"", "\"abc_searchview_description_submit\" : \"Utf\u00f8r s\u00f8ket\"", "\"abc_search_hint\" : \"\u041f\u043e\u0448\u0443\u043a\u2026\"", "\"abc_searchview_description_voice\" : \"\u0906\u0935\u093e\u091c\u092e\u093e \u0906\u0927\u093e\u0930\u093f\u0924 \u0916\u094b\u091c\u0940\"", "\"material_timepicker_am\" : \"\u1014\u1036\u1014\u1000\u103a\"", "\"mtrl_picker_date_header_title\" : \"\u65e5\u4ed8\u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\"", "\"common_google_play_services_update_text\" : \"Google Play \uc11c\ube44\uc2a4\ub97c \uc5c5\ub370\uc774\ud2b8\ud574\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u0628\u06cc\u0634 \u0627\u0632 %1$d \u0627\u0639\u0644\u0627\u0646 \u062c\u062f\u06cc\u062f\"", "\"material_timepicker_hour\" : \"\u0413\u043e\u0434\u0438\u043d\u0430\"", "\"common_google_play_services_enable_button\" : \"Povolit\"", "\"mtrl_picker_invalid_range\" : \"Sobimatu vahemik.\"", "\"material_timepicker_select_time\" : \"\u6642\u9593\u3092\u9078\u629e\"", "\"abc_capital_on\" : \"\u12a0\u1265\u122b\"", "\"mtrl_chip_close_icon_content_description\" : \"%1$s i\u00e7eri\u011fini kald\u0131r\"", "\"common_google_play_services_notification_ticker\" : \"Chyba slu\u017eeb Google Play\"", "\"material_timepicker_select_time\" : \"\u0412\u0438\u0431\u0435\u0440\u0456\u0442\u044c \u0447\u0430\u0441\"", "\"clear_text_end_icon_content_description\" : \"\u054b\u0576\u057b\u0565\u056c \u057f\u0565\u0584\u057d\u057f\u0568\"", "\"mtrl_picker_toggle_to_year_selection\" : \"\u0a38\u0a3e\u0a32 \u0a26\u0a40 \u0a1a\u0a4b\u0a23 '\u0a24\u0a47 \u0a1c\u0a3e\u0a23 \u0a32\u0a08 \u0a1f\u0a48\u0a2a \u0a15\u0a30\u0a4b\"", "\"material_hour_selection\" : \"\u0a38\u0a2e\u0a3e\u0a02 \u0a1a\u0a41\u0a23\u0a4b\"", "\"bottomsheet_action_expand_halfway\" : \"\u0391\u03bd\u03ac\u03c0\u03c4\u03c5\u03be\u03b7 \u03bc\u03ad\u03c7\u03c1\u03b9 \u03c4\u03b7 \u03bc\u03ad\u03c3\u03b7\"", "\"common_signin_button_text_long\" : \"\u0423\u0432\u0456\u0439\u0442\u0438 \u0432 \u043e\u0431\u043b\u0456\u043a. \u0437\u0430\u043f\u0438\u0441 Google\"", "\"mtrl_picker_invalid_format_example\" : \"\u4f8b: %1$s\"", "\"abc_shareactionprovider_share_with\" : \"Compartilhar com\"", "\"exposed_dropdown_menu_content_description\" : \"\u1794\u1784\u17d2\u17a0\u17b6\u1789\u200b\u1798\u17c9\u17ba\u1793\u17bb\u1799\u200b\u1792\u17d2\u179b\u17b6\u1780\u17cb\u1785\u17bb\u17c7\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Za\u010detni datum\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"\u7d50\u675f\u65e5\u671f\"", "\"mtrl_picker_toggle_to_year_selection\" : \"'\u0938\u093e\u0932 \u091a\u0941\u0928\u0928\u093e' \u092a\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u0928\u0947 \u0915\u0947 \u0932\u093f\u090f \u091f\u0948\u092a \u0915\u0930\u0947\u0902\"", "\"character_counter_content_description\" : \"%2$d\u099f\u09be\u09f0 \u09ad\u09bf\u09a4\u09f0\u09a4 %1$d\u099f\u09be \u09ac\u09f0\u09cd\u09a3 \u09b2\u09bf\u0996\u09be \u09b9\u09c8\u099b\u09c7\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"\u0d15\u0d32\u0d23\u0d4d\u0d1f\u0d7c \u0d07\u0d7b\u0d2a\u0d41\u0d1f\u0d4d\u0d1f\u0d4d \u0d2e\u0d4b\u0d21\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2e\u0d3e\u0d31\u0d41\u0d15\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Date de d\u00e9but\"", "\"material_timepicker_minute\" : \"\u10ec\u10e3\u10d7\u10d8\"", "LOOKING FOR BINARY: %s Absent :(", "\"mtrl_picker_date_header_selected\" : \"%1$s\"", "\"exposed_dropdown_menu_content_description\" : \"\u30d7\u30eb\u30c0\u30a6\u30f3 \u30e1\u30cb\u30e5\u30fc\u3092\u8868\u793a\"", "\"material_timepicker_select_time\" : \"\u0d38\u0d2e\u0d2f\u0d02 \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"mtrl_chip_close_icon_content_description\" : \"Alih keluar %1$s\"", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Data di inizio\"", "\"abc_menu_delete_shortcut_label\" : \"\u179b\u17bb\u1794\"", "\"mtrl_picker_out_of_range\" : \"\u0db4\u0dbb\u0dcf\u0dc3\u0dba\u0dd9\u0db1\u0dca \u0db4\u0dd2\u0da7\u0dad: %1$s\"", "\"item_view_role_description\" : \"\u1275\u122d\"", "\"common_google_play_services_enable_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435, \u044f\u043a\u0449\u043e \u043d\u0435 \u0432\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play.\"", "\"search_menu_title\" : \"T\u00ecm ki\u1ebfm\"", "\"material_timepicker_hour\" : \"\u00d3ra\"", "u8__uuidoft", "\"fallback_menu_item_copy_link\" : \"Salin pautan\"", "\"abc_shareactionprovider_share_with\" : \"Partager avec\"", "\"abc_searchview_description_submit\" : \"Odeslat dotaz\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f\"", "\"abc_toolbar_collapse_description\" : \"Collapse\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Tumia programu ya kuingiza data kwenye kalenda\"", "\"mtrl_picker_text_input_date_hint\" : \"\u0e27\u0e31\u0e19\u0e17\u0e35\u0e48\"", "\"abc_capital_on\" : \"AKTIBATU\"", "\"common_google_play_services_enable_title\" : \"Activa\u021bi serviciile Google Play\"", "unsupported register class", "\"mtrl_picker_day_of_week_column_header\" : \"Egunen zutabea:%1$s\"", "\"abc_action_mode_done\" : \"Atlikta\"", "\"common_google_play_services_wear_update_text\" : \"Este necesar\u0103 o nou\u0103 versiune a serviciilor Google Play. Se vor actualiza automat \u00een cur\u00e2nd.\"", "\"mtrl_picker_day_of_week_column_header\" : \"Napok oszlopa: %1$s\"", ") : (", "\"bottomsheet_action_expand_halfway\" : \"\u0420\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043d\u0430\u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Toque para mudar para a sele\u00e7\u00e3o do ano\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navigasi ke tahun %1$s\"", "\"material_minute_suffix\" : \"%1$s m\u00edn\u00fatur\"", "\"abc_activitychooserview_choose_application\" : \"\u0995\u09cb\u09a8\u09cb \u098f\u09aa\u09cd \u09ac\u09be\u099b\u09a8\u09bf \u0995\u09f0\u0995\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"L\u00f5ppkuup\u00e4ev\"", "\"copy_toast_msg\" : \"L\u00e4nk kopierad till Urklipp\"", "\"common_google_play_services_install_text\" : \"%1$s won't run without Google Play services, which are missing from your device.\"", "\"material_timepicker_am\" : \"\u05dc\u05e4\u05e0\u05d4\"\u05e6\"", "\"common_google_play_services_enable_title\" : \"Aktivace slu\u017eeb Google Play\"", "\"mtrl_picker_range_header_title\" : \"Selecciona un intervalo de datas\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Bytt til kalenderinndatamodus\"", "\"material_minute_suffix\" : \"%1$s daqiqa\"", "\"mtrl_chip_close_icon_content_description\" : \"\u041f\u0440\u0435\u043c\u0430\u0445\u0432\u0430\u043d\u0435 \u043d\u0430 %1$s\"", "\"material_hour_selection\" : \"S\u00e9lectionner l'heure\"", "operator()", "\"character_counter_overflowed_content_description\" : \"Kufiri i karaktereve \u00ebsht\u00eb kaluar: %1$d nga %2$d\"", "\"nav_app_bar_open_drawer_description\" : \"\u0386\u03bd\u03bf\u03b9\u03b3\u03bc\u03b1 \u03c3\u03c5\u03c1\u03c4\u03b1\u03c1\u03b9\u03bf\u03cd \u03c0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7\u03c2\"", "\"common_google_play_services_unsupported_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0456 \u043d\u0435 \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u0443\u044e\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u0430\u0448\u043e\u043c\u0443 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u0457.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Nh\u1ea5n \u0111\u1ec3 chuy\u1ec3n sang ch\u1ebf \u0111\u1ed9 ch\u1ecdn m\u1ed9t ng\u00e0y\"", "\"abc_searchview_description_clear\" : \"Borrar consulta\"", "\"mtrl_picker_a11y_prev_month\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u0434\u0430 \u043f\u0430\u043f\u044f\u0440\u044d\u0434\u043d\u044f\u0433\u0430 \u043c\u0435\u0441\u044f\u0446\u0430\"", "\"mtrl_picker_navigate_to_year_description\" : \"Prijelaz na godinu %1$s\"", "\"common_google_play_services_install_title\" : \"Installer les services Google Play\"", "\"material_timepicker_pm\" : \"e.m.\"", "\"nav_app_bar_navigate_up_description\" : \"Kembali ke atas\"", " vector[", "\"fallback_menu_item_copy_link\" : \"\u041a\u043e\u043f\u0438\u0440\u0430\u0458 \u0433\u043e \u043b\u0438\u043d\u043a\u043e\u0442\"", "throw", "\"mtrl_picker_out_of_range\" : \"\u12a8\u12ad\u120d\u120d \u12cd\u132a\u1366 %1$s\"", "\"abc_toolbar_collapse_description\" : \"\u0915\u094b\u0932\u0945\u092a\u094d\u0938 \u0915\u0930\u093e\"", "\"common_google_play_services_enable_title\" : \"Ativar servi\u00e7os do Google Play\"", "\"clear_text_end_icon_content_description\" : \"Esborra el text\"", "\"material_timepicker_minute\" : \"Ph\u00fat\"", "\"abc_action_menu_overflow_description\" : \"Fleiri valkostir\"", "\"mtrl_exceed_max_badge_number_content_description\" : \"\u064a\u0628\u0644\u063a \u0639\u062f\u062f \u0627\u0644\u0625\u0634\u0639\u0627\u0631\u0627\u062a \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0623\u0643\u062b\u0631 \u0645\u0646 %1$d.\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"\u092e\u091c\u0915\u0942\u0930 \u0907\u0928\u092a\u0941\u091f \u092e\u094b\u0921\u0935\u0930 \u0938\u094d\u0935\u093f\u091a \u0915\u0930\u093e\"", "\"mtrl_picker_announce_current_selection\" : \"\u0938\u0927\u094d\u092f\u093e\u091a\u0940 \u0928\u093f\u0935\u0921: %1$s\"", "\"abc_activity_chooser_view_see_all\" : \"Hammasi\"", "\"material_minute_selection\" : \"Pilih menit\"", "\"common_signin_button_text_long\" : \"Google\u0c24\u0c4b \u0c38\u0c48\u0c28\u0c4d \u0c07\u0c28\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"material_clock_toggle_content_description\" : \"\"AM\" \u043d\u0435\u043c\u0435\u0441\u0435 \"PM\" \u0444\u043e\u0440\u043c\u0430\u0442\u044b\u043d \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"material_minute_suffix\" : \"%1$s minuten\"", "\"common_google_play_services_enable_text\" : \"Aplik\u00e1cia %1$s bude fungova\u0165 a\u017e po povolen\u00ed slu\u017eieb Google Play.\"", "\"common_google_play_services_enable_button\" : \"Gaitu\"", "\"material_timepicker_select_time\" : \"Okre\u015bl czas\"", "\"mtrl_picker_a11y_next_month\" : \"\u0986\u0997\u09be\u09ae\u09c0 \u09ae\u09be\u09b8\u09c7 \u09af\u09be\u09a8\"", "\"mtrl_picker_text_input_date_hint\" : \"Tarikh\"", "\"mtrl_picker_save\" : \"\u179a\u1780\u17d2\u179f\u17b6\u1791\u17bb\u1780\"", "\"common_google_play_services_update_title\" : \"Actualizar servicios de Google Play\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Startdato \u2013 %1$s\"", "\"copy_toast_msg\" : \"\u09b2\u09bf\u0999\u09cd\u0995 \u0995\u09cd\u09b2\u09bf\u09aa\u09ac\u09cb\u09b0\u09cd\u09a1\u09c7 \u0995\u09aa\u09bf \u0995\u09b0\u09be \u09b9\u09af\u09bc\u09c7\u099b\u09c7\"", "\"material_timepicker_text_input_mode_description\" : \"\u1021\u1001\u103b\u102d\u1014\u103a\u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u101b\u1014\u103a \u1005\u102c\u101e\u102c\u1038\u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u1019\u103e\u102f\u1019\u102f\u1012\u103a\u101e\u102d\u102f\u1037 \u1015\u103c\u1031\u102c\u1004\u103a\u1038\u1015\u102b\u104b\"", "\"mtrl_picker_announce_current_selection\" : \"\ud604\uc7ac %1$s \uc120\ud0dd\ub428\"", "\"abc_capital_off\" : \"VYP\"", "\"mtrl_picker_invalid_format\" : \"\u0424\u043e\u0440\u043c\u0430\u0442 \u0458\u0435 \u043d\u0435\u0432\u0430\u0436\u0435\u045b\u0438.\"", "\"common_google_play_services_update_title\" : \"Google Play-Dienste aktualisieren\"", "\"material_timepicker_am\" : \"\u0635\u0628\u0627\u062d\u064b\u0627\"", "\"material_timepicker_am\" : \"SA\"", "\"common_google_play_services_install_button\" : \"\u0dc3\u0dca\u0dae\u0dcf\u0db4\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"material_minute_selection\" : \"\ubd84 \uc120\ud0dd\"", "\"mtrl_picker_invalid_format_use\" : \"%1$s \u0627\u0633\u062a\u0639\u0645\u0627\u0644 \u06a9\u0631\u06cc\u06ba\""], "firebase_urls": [{"url": "https://allsafe-8cef0.firebaseio.com/.json", "open": true}], "files": ["res/animator/linear_indeterminate_line1_head_interpolator.xml", "res/layout/test_toolbar.xml", "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_0.xml", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_16dp.png", "res/color/material_on_primary_disabled.xml", "res/drawable/common_google_signin_btn_icon_dark_normal.xml", "META-INF/androidx.navigation_navigation-fragment.version", "res/color-v23/abc_btn_colored_text_material.xml", "res/drawable/ic_version.xml", "res/drawable/notification_bg_low.xml", "res/drawable-xhdpi-v4/abc_ic_star_black_48dp.png", "res/animator/mtrl_extended_fab_hide_motion_spec.xml", "res/drawable/abc_list_selector_background_transition_holo_light.xml", "res/color/abc_primary_text_disable_only_material_dark.xml", "META-INF/androidx.customview_customview.version", "res/drawable-xxhdpi-v4/abc_ic_star_black_16dp.png", "res/drawable/ic_firebase.xml", "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/xml/network_security_config.xml", "res/drawable-hdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/layout/material_timepicker.xml", "res/drawable/abc_cab_background_top_material.xml", "res/drawable-xhdpi-v4/googleg_standard_color_18.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/color/abc_primary_text_material_light.xml", "res/color/mtrl_bottom_nav_item_tint.xml", "res/drawable-xxhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/layout/mtrl_calendar_day.xml", "res/color/abc_primary_text_disable_only_material_light.xml", "res/layout/app_bar_main.xml", "META-INF/okio.kotlin_module", "res/anim/abc_popup_exit.xml", "META-INF/androidx.browser_browser.version", "res/drawable-ldrtl-hdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "play-services-base.properties", "res/drawable/material_ic_menu_arrow_up_black_24dp.xml", "res/mipmap-xxxhdpi-v4/ic_launcher_foreground.png", "META-INF/androidx.legacy_legacy-support-core-ui.version", "res/drawable-mdpi-v4/abc_ic_star_half_black_16dp.png", "META-INF/com.google.android.material_material.version", "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/layout/content_main.xml", "res/drawable/ic_bitcoin.xml", "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/layout/mtrl_picker_text_input_date_range.xml", "res/color/material_on_primary_emphasis_medium.xml", "res/drawable/ic_serialization.xml", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-hdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/color/mtrl_outlined_icon_tint.xml", "res/drawable/abc_ic_voice_search_api_material.xml", "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_1.xml", "res/drawable/avd_hide_password.xml", "res/drawable/abc_ic_ab_back_material.xml", "res/color/mtrl_tabs_legacy_text_color_selector.xml", "res/drawable/common_google_signin_btn_icon_light.xml", "res/drawable/material_ic_keyboard_arrow_left_black_24dp.xml", "res/drawable/material_ic_keyboard_arrow_right_black_24dp.xml", "res/drawable-hdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/layout/design_layout_snackbar.xml", "res/drawable-hdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable/ic_flag.xml", "res/drawable-xhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "META-INF/androidx.activity_activity-ktx.version", "res/drawable-mdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/layout/text_view_without_line_height.xml", "res/layout/design_bottom_sheet_dialog.xml", "res/drawable-xxhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/anim/abc_popup_enter.xml", "res/color/abc_hint_foreground_material_light.xml", "res/layout/design_navigation_item_header.xml", "META-INF/CERT.SF", "res/drawable-xxhdpi-v4/googleg_disabled_color_18.png", "res/navigation/mobile_navigation.xml", "res/color/material_on_surface_emphasis_high_type.xml", "lib/x86/libnative_library.so", "res/color/mtrl_filled_background_color.xml", "res/drawable/tooltip_frame_light.xml", "META-INF/com.google.firebase-firebase-database-ktx.kotlin_module", "META-INF/androidx.slidingpanelayout_slidingpanelayout.version", "res/drawable/material_ic_menu_arrow_down_black_24dp.xml", "res/layout/material_clockface_textview.xml", "META-INF/kotlin-stdlib.kotlin_module", "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable/common_google_signin_btn_text_light_normal.xml", "META-INF/androidx.dynamicanimation_dynamicanimation.version", "res/color/material_on_background_emphasis_high_type.xml", "res/menu/drawer.xml", "res/layout/mtrl_alert_select_dialog_singlechoice.xml", "META-INF/androidx.exifinterface_exifinterface.version", "res/drawable-xhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-xxhdpi-v4/abc_list_focused_holo.9.png", "res/drawable-mdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable/ic_webview.xml", "res/color/common_google_signin_btn_text_dark.xml", "res/color/mtrl_tabs_ripple_color.xml", "res/layout/design_menu_item_action_area.xml", "res/anim/btn_radio_to_on_mtrl_ring_outer_path_animation.xml", "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-ldrtl-xxxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "firebase-common-ktx.properties", "res/drawable-mdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/layout/abc_popup_menu_item_layout.xml", "res/layout/design_bottom_navigation_item.xml", "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/layout/mtrl_picker_header_fullscreen.xml", "res/drawable/abc_ic_clear_material.xml", "res/drawable-xhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable/material_ic_clear_black_24dp.xml", "res/drawable-xhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/color/material_timepicker_modebutton_tint.xml", "res/layout/abc_alert_dialog_material.xml", "res/color/material_slider_active_track_color.xml", "res/layout/fragment_insecure_shared_preferences.xml", "res/layout-land/material_clock_period_toggle_land.xml", "res/color/material_on_background_disabled.xml", "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/animator/mtrl_fab_hide_motion_spec.xml", "res/layout-land/mtrl_picker_header_dialog.xml", "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/animator-v21/design_appbar_state_list_animator.xml", "res/layout/mtrl_alert_select_dialog_item.xml", "res/drawable-xhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/anim/btn_radio_to_on_mtrl_ring_outer_animation.xml", "res/drawable-mdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-xhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/layout/test_action_chip.xml", "assets/flag.jpg", "res/color/mtrl_btn_stroke_color_selector.xml", "res/interpolator-v21/mtrl_fast_out_linear_in.xml", "res/layout/fragment_secure_flag_bypass.xml", "res/layout/mtrl_alert_dialog_title.xml", "res/drawable-v21/notification_action_background.xml", "res/anim/abc_slide_out_bottom.xml", "META-INF/androidx.legacy_legacy-support-v4.version", "res/drawable-xxxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/animator/nav_default_enter_anim.xml", "res/layout/fragment_main.xml", "res/layout/mtrl_picker_text_input_date.xml", "res/drawable/abc_item_background_holo_light.xml", "META-INF/androidx.versionedparcelable_versionedparcelable.version", "lib/x86_64/libtool-checker.so", "res/color/mtrl_text_btn_text_color_selector.xml", "res/drawable-v21/abc_dialog_material_background.xml", "META-INF/activity-ktx_release.kotlin_module", "META-INF/navigation-runtime-ktx_release.kotlin_module", "res/drawable-ldrtl-xhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/color/material_on_surface_emphasis_medium.xml", "res/drawable-xhdpi-v4/abc_list_longpressed_holo.9.png", "META-INF/navigation-fragment-ktx_release.kotlin_module", "res/layout/fragment_firebase_database.xml", "res/drawable/abc_text_cursor_material.xml", "res/drawable/ic_broadcast.xml", "res/layout/test_toolbar_elevation.xml", "res/drawable/ic_encryption_key.xml", "res/drawable-mdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_star_black_16dp.png", "res/color/material_on_background_emphasis_medium.xml", "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/layout/test_design_radiobutton.xml", "res/drawable/notification_tile_bg.xml", "res/color/mtrl_chip_surface_color.xml", "res/layout/abc_list_menu_item_layout.xml", "res/drawable-hdpi-v4/abc_list_pressed_holo_light.9.png", "res/layout/text_view_with_line_height_from_layout.xml", "res/drawable-mdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/layout/abc_list_menu_item_radio.xml", "res/drawable/ic_creds.xml", "res/drawable-mdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/color/mtrl_chip_text_color.xml", "res/color/abc_hint_foreground_material_dark.xml", "res/xml/standalone_badge_gravity_bottom_end.xml", "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/anim/btn_checkbox_to_unchecked_box_inner_merged_animation.xml", "res/layout/abc_action_menu_layout.xml", "res/layout/abc_list_menu_item_icon.xml", "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-mdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/anim/btn_checkbox_to_unchecked_check_path_merged_animation.xml", "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-v21/abc_list_divider_material.xml", "res/anim/fragment_open_exit.xml", "res/drawable-ldrtl-xxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/layout/fragment_deep_link.xml", "res/animator/mtrl_fab_show_motion_spec.xml", "res/anim-v21/design_bottom_sheet_slide_in.xml", "res/drawable-mdpi-v4/notify_panel_notification_icon_bg.png", "res/drawable/common_google_signin_btn_text_dark_focused.xml", "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable/mtrl_ic_arrow_drop_down.xml", "res/drawable-xxxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/color/mtrl_card_view_ripple.xml", "res/layout/fragment_insecure_broadcast_receiver.xml", "res/layout/fragment_insecure_logging.xml", "res/anim/abc_slide_in_bottom.xml", "res/drawable-mdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable/mtrl_popupmenu_background.xml", "res/layout/notification_template_part_chronometer.xml", "res/drawable-hdpi-v4/abc_ic_star_black_48dp.png", "res/color/mtrl_tabs_icon_color_selector_colored.xml", "res/drawable-mdpi-v4/notification_bg_normal_pressed.9.png", "META-INF/androidx.navigation_navigation-ui.version", "res/drawable-xhdpi-v4/abc_list_pressed_holo_dark.9.png", "kotlin/coroutines/coroutines.kotlin_builtins", "AndroidManifest.xml", "META-INF/core-ktx_release.kotlin_module", "res/drawable/btn_radio_off_mtrl.xml", "res/drawable/ic_pin_bypass.xml", "res/drawable-xxhdpi-v4/abc_ic_star_black_36dp.png", "res/layout/material_textinput_timepicker.xml", "META-INF/androidx.lifecycle_lifecycle-runtime.version", "res/layout/abc_search_dropdown_item_icons_2line.xml", "firebase-database.properties", "res/layout-v26/mtrl_calendar_month.xml", "res/drawable-xxxhdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-xhdpi-v4/notification_bg_low_normal.9.png", "res/drawable-xhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable/mrrobot.jpg", "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/layout/custom_dialog.xml", "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/layout/notification_template_lines_media.xml", "res/layout-sw600dp-v13/design_layout_snackbar.xml", "res/drawable-hdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable/notification_bg.xml", "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/animator/design_fab_hide_motion_spec.xml", "META-INF/com.google.firebase-firebase-storage-ktx.kotlin_module", "res/drawable/abc_ic_arrow_drop_right_black_24dp.xml", "res/drawable/abc_list_selector_holo_light.xml", "res/color/material_timepicker_clockface.xml", "res/drawable-xhdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/anim/mtrl_card_lowers_interpolator.xml", "res/color/mtrl_filled_stroke_color.xml", "res/drawable-hdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-xhdpi-v4/abc_list_focused_holo.9.png", "res/mipmap-xhdpi-v4/ic_launcher_foreground.png", "res/drawable-xxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/interpolator/btn_radio_to_off_mtrl_animation_interpolator_0.xml", "res/color/material_slider_active_tick_marks_color.xml", "res/color/mtrl_choice_chip_text_color.xml", "res/drawable/test_custom_background.xml", "res/layout/fragment_arbitrary_code_execution.xml", "res/color/mtrl_btn_ripple_color.xml", "META-INF/fragment-ktx_release.kotlin_module", "res/drawable-hdpi-v4/googleg_disabled_color_18.png", "res/layout/mtrl_calendar_vertical.xml", "res/drawable/material_ic_edit_black_24dp.xml", "res/layout/select_dialog_multichoice_material.xml", "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-xhdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/layout/abc_action_mode_bar.xml", "res/layout/material_time_input.xml", "res/layout/notification_media_action.xml", "META-INF/androidx.appcompat_appcompat-resources.version", "res/drawable-xxhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-xxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/layout/abc_list_menu_item_checkbox.xml", "res/color/abc_secondary_text_material_dark.xml", "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/layout/abc_tooltip.xml", "res/drawable-mdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/drawable-mdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/mipmap-xxxhdpi-v4/ic_launcher.png", "res/drawable/common_google_signin_btn_text_light_focused.xml", "res/layout/notification_template_media.xml", "res/drawable-hdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/anim/nav_default_pop_enter_anim.xml", "res/drawable/ic_clock_black_24dp.xml", "res/layout-watch-v20/abc_alert_dialog_title_material.xml", "res/drawable-xxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/anim/abc_slide_in_top.xml", "res/drawable-hdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/color/mtrl_calendar_selected_range.xml", "res/layout/material_timepicker_textinput_display.xml", "res/drawable/abc_btn_radio_material_anim.xml", "META-INF/androidx.appcompat_appcompat.version", "res/layout/material_time_chip.xml", "res/color/abc_primary_text_material_dark.xml", "firebase-components.properties", "res/color-night-v8/material_timepicker_modebutton_tint.xml", "META-INF/MANIFEST.MF", "res/drawable/ic_injection.xml", "res/color/mtrl_navigation_item_background_color.xml", "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "META-INF/app_debug.kotlin_module", "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable/design_password_eye.xml", "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable/abc_textfield_search_material.xml", "kotlin/kotlin.kotlin_builtins", "res/drawable-v23/abc_control_background_material.xml", "res/drawable-v21/abc_btn_colored_material.xml", "res/drawable/ic_logging.xml", "META-INF/androidx.lifecycle_lifecycle-livedata.version", "res/layout/mtrl_alert_dialog.xml", "res/drawable-xxhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "lib/arm64-v8a/libnative_library.so", "res/drawable-mdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_36dp.png", "res/color-v23/abc_tint_default.xml", "META-INF/androidx.navigation_navigation-runtime.version", "res/layout/fragment_about.xml", "res/mipmap-hdpi-v4/ic_launcher_foreground.png", "res/drawable/btn_checkbox_checked_mtrl.xml", "res/anim/btn_radio_to_off_mtrl_dot_group_animation.xml", "res/drawable-mdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/animator/mtrl_btn_state_list_anim.xml", "lib/armeabi-v7a/libnative_library.so", "res/layout/abc_action_bar_up_container.xml", "META-INF/androidx.navigation_navigation-runtime-ktx.version", "res/layout/abc_cascading_menu_item_layout.xml", "res/color/mtrl_chip_close_icon_tint.xml", "res/layout/mtrl_alert_dialog_actions.xml", "res/drawable-ldrtl-mdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-hdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/color/test_mtrl_calendar_day_selected.xml", "res/drawable/abc_ic_search_api_material.xml", "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable/abc_ic_menu_overflow_material.xml", "res/drawable-hdpi-v4/common_full_open_on_phone.png", "res/mipmap-anydpi-v26/ic_launcher.xml", "res/drawable/tooltip_frame_dark.xml", "res/drawable-xxhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable/mtrl_ic_cancel.xml", "res/drawable-hdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/color/test_mtrl_calendar_day.xml", "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "META-INF/androidx.cursoradapter_cursoradapter.version", "res/interpolator/btn_radio_to_on_mtrl_animation_interpolator_0.xml", "META-INF/androidx.media_media.version", "res/color-night-v8/material_timepicker_button_stroke.xml", "res/drawable-xhdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/anim/fragment_fade_enter.xml", "res/anim/abc_grow_fade_in_from_bottom.xml", "res/layout/fragment_vulnerable_web_view.xml", "res/drawable-mdpi-v4/abc_list_pressed_holo_light.9.png", "res/layout/fragment_native_library.xml", "res/color/switch_thumb_material_dark.xml", "META-INF/androidx.savedstate_savedstate.version", "META-INF/androidx.fragment_fragment.version", "res/layout-v21/notification_action.xml", "res/color/mtrl_bottom_nav_colored_ripple_color.xml", "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/anim/abc_tooltip_enter.xml", "META-INF/kotlinx-coroutines-core.kotlin_module", "res/layout/notification_template_media_custom.xml", "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-hdpi-v4/notify_panel_notification_icon_bg.png", "firebase-database-ktx.properties", "res/drawable-hdpi-v4/abc_ic_star_half_black_16dp.png", "META-INF/androidx.vectordrawable_vectordrawable.version", "res/layout-land/material_timepicker.xml", "res/drawable/ic_root_detection.xml", "res/layout/abc_action_mode_close_item_material.xml", "META-INF/androidx.fragment_fragment-ktx.version", "res/drawable/design_snackbar_background.xml", "res/drawable-mdpi-v4/abc_list_focused_holo.9.png", "META-INF/lifecycle-livedata-core-ktx_release.kotlin_module", "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-xhdpi-v4/notification_bg_normal_pressed.9.png", "lib/arm64-v8a/libtool-checker.so", "res/anim/btn_checkbox_to_unchecked_icon_null_animation.xml", "META-INF/androidx.core_core.version", "res/layout/abc_activity_chooser_view.xml", "META-INF/androidx.vectordrawable_vectordrawable-animated.version", "res/drawable-mdpi-v4/abc_ic_star_half_black_48dp.png", "res/animator/mtrl_fab_transformation_sheet_expand_spec.xml", "META-INF/okhttp.kotlin_module", "res/color/mtrl_chip_background_color.xml", "res/drawable-mdpi-v4/abc_ic_star_black_48dp.png", "META-INF/collection-ktx.kotlin_module", "res/drawable-hdpi-v4/notification_bg_low_pressed.9.png", "res/layout/design_navigation_item.xml", "res/color/design_icon_tint.xml", "classes.dex", "res/color/material_on_surface_disabled.xml", "res/anim/design_snackbar_in.xml", "res/drawable-hdpi-v4/abc_list_longpressed_holo.9.png", "META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version", "res/color/mtrl_fab_bg_color_selector.xml", "META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version", "res/drawable-xhdpi-v4/notification_bg_low_pressed.9.png", "kotlin/reflect/reflect.kotlin_builtins", "res/drawable-mdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/color/mtrl_btn_text_btn_bg_color_selector.xml", "okhttp3/internal/publicsuffix/NOTICE", "res/animator/linear_indeterminate_line2_tail_interpolator.xml", "META-INF/com.google.firebase-firebase-common-ktx.kotlin_module", "res/color/mtrl_btn_bg_color_selector.xml", "res/drawable-xxhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/anim/btn_radio_to_off_mtrl_ring_outer_animation.xml", "res/drawable/ic_github.xml", "res/drawable-hdpi-v4/abc_ic_star_half_black_48dp.png", "META-INF/androidx.security_security-crypto.version", "META-INF/androidx.navigation_navigation-common-ktx.version", "res/layout/abc_alert_dialog_button_bar_material.xml", "res/drawable-mdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "resources.arsc", "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/color/mtrl_filled_icon_tint.xml", "res/drawable/ic_search.xml", "res/animator/nav_default_exit_anim.xml", "res/drawable-mdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-xxhdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable/abc_list_selector_background_transition_holo_dark.xml", "res/drawable-hdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/layout/material_clock_period_toggle.xml", "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/color/mtrl_fab_icon_text_color_selector.xml", "res/layout/abc_screen_simple_overlay_action_mode.xml", "res/drawable/material_ic_calendar_black_24dp.xml", "res/drawable-xhdpi-v4/notify_panel_notification_icon_bg.png", "res/drawable-xxhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_ic_star_black_48dp.png", "res/anim/abc_fade_in.xml", "res/layout/activity_main.xml", "res/drawable-xhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/layout/test_reflow_chipgroup.xml", "res/layout/test_chip_zero_corner_radius.xml", "res/color/abc_search_url_text.xml", "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable/notification_icon_background.xml", "res/drawable-xhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/mipmap-xxxhdpi-v4/ic_launcher_round.png", "META-INF/services/kotlinx.coroutines.CoroutineExceptionHandler", "res/layout/mtrl_alert_select_dialog_multichoice.xml", "play-services-tasks.properties", "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/mipmap-anydpi-v26/ic_launcher_round.xml", "META-INF/androidx.lifecycle_lifecycle-livedata-core.version", "res/drawable/abc_ratingbar_material.xml", "res/drawable/common_google_signin_btn_icon_dark_focused.xml", "META-INF/androidx.navigation_navigation-common.version", "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/layout/design_navigation_item_subheader.xml", "META-INF/services/kotlinx.coroutines.internal.MainDispatcherFactory", "res/drawable-mdpi-v4/notification_bg_low_normal.9.png", "res/drawable-hdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_1.xml", "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/color/mtrl_navigation_item_text_color.xml", "res/color/mtrl_tabs_colored_ripple_color.xml", "res/layout/fragment_insecure_service.xml", "res/drawable/ic_mtrl_chip_close_circle.xml", "res/layout/abc_dialog_title_material.xml", "kotlin/collections/collections.kotlin_builtins", "res/drawable/mtrl_ic_arrow_drop_up.xml", "res/layout/notification_template_part_time.xml", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-hdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/color-v23/abc_btn_colored_borderless_text_material.xml", "res/drawable-mdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/layout/browser_actions_context_menu_page.xml", "META-INF/androidx.legacy_legacy-support-core-utils.version", "res/drawable-xhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable-hdpi-v4/abc_list_focused_holo.9.png", "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-hdpi-v4/googleg_standard_color_18.png", "res/drawable/common_google_signin_btn_icon_dark.xml", "res/layout/fragment_smali_patch.xml", "res/anim/btn_radio_to_on_mtrl_dot_group_animation.xml", "res/xml/image_share_filepaths.xml", "res/color-v23/abc_tint_spinner.xml", "res/drawable-xxhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/color/abc_background_cache_hint_selector_material_dark.xml", "res/drawable/ic_smali.xml", "res/drawable-mdpi-v4/googleg_disabled_color_18.png", "res/drawable-mdpi-v4/abc_ic_star_black_36dp.png", "res/animator/mtrl_extended_fab_show_motion_spec.xml", "res/animator/mtrl_extended_fab_state_list_animator.xml", "res/layout/abc_search_view.xml", "res/layout/text_view_with_theme_line_height.xml", "res/animator/mtrl_extended_fab_change_size_expand_motion_spec.xml", "res/drawable-xxhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "META-INF/androidx.viewpager2_viewpager2.version", "META-INF/kotlin-stdlib-common.kotlin_module", "META-INF/CERT.RSA", "res/color/material_on_primary_emphasis_high_type.xml", "res/drawable-mdpi-v4/googleg_standard_color_18.png", "res/drawable-xhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/notification_bg_normal.9.png", "res/drawable/abc_ic_go_search_api_material.xml", "res/color/material_timepicker_clock_text_color.xml", "res/layout/mtrl_calendar_month_labeled.xml", "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "META-INF/androidx.transition_transition.version", "res/interpolator-v21/mtrl_fast_out_slow_in.xml", "res/animator/linear_indeterminate_line1_tail_interpolator.xml", "res/layout/mtrl_picker_header_toggle.xml", "res/drawable-xhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/drawable/$avd_show_password__2.xml", "res/drawable-mdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable/common_google_signin_btn_icon_disabled.xml", "res/drawable-xxxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "META-INF/androidx.print_print.version", "res/color/mtrl_bottom_nav_colored_item_tint.xml", "res/layout/design_layout_snackbar_include.xml", "res/drawable/ic_mtrl_checked_circle.xml", "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/layout/fragment_pin_bypass.xml", "res/layout/abc_expanded_menu_layout.xml", "res/drawable-hdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/interpolator-v21/mtrl_linear_out_slow_in.xml", "META-INF/androidx.documentfile_documentfile.version", "res/layout/browser_actions_context_menu_row.xml", "res/xml/provider_paths.xml", "res/layout/fragment_sql_injection.xml", "res/layout/abc_screen_toolbar.xml", "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable/abc_btn_borderless_material.xml", "res/color-v23/abc_color_highlight_material.xml", "res/color/mtrl_error.xml", "res/drawable-xxhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/layout/mtrl_layout_snackbar.xml", "res/color/material_timepicker_button_background.xml", "res/layout/fragment_hardcoded_credentials.xml", "firebase-annotations.properties", "META-INF/androidx.core_core-ktx.version", "res/drawable-xxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/anim/nav_default_pop_exit_anim.xml", "res/layout/mtrl_calendar_days_of_week.xml", "res/drawable/abc_tab_indicator_material.xml", "res/layout/mtrl_calendar_horizontal.xml", "res/drawable/navigation_empty_icon.xml", "META-INF/androidx.recyclerview_recyclerview.version", "META-INF/lifecycle-viewmodel-ktx_release.kotlin_module", "res/layout/mtrl_picker_header_title_text.xml", "res/drawable-xhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/anim-v21/fragment_fast_out_extra_slow_in.xml", "res/animator/mtrl_extended_fab_change_size_collapse_motion_spec.xml", "res/xml/standalone_badge_gravity_top_start.xml", "res/color/mtrl_popupmenu_overlay_color.xml", "res/drawable/design_ic_visibility.xml", "res/color/mtrl_tabs_icon_color_selector.xml", "res/layout/mtrl_picker_header_selection_text.xml", "res/layout-v21/notification_template_icon_group.xml", "res/drawable/ic_ethereum.xml", "res/layout/abc_activity_chooser_view_list_item.xml", "res/drawable/abc_vector_test.xml", "res/color/material_slider_inactive_tick_marks_color.xml", "res/drawable-mdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/layout/abc_action_bar_title_item.xml", "res/drawable/abc_btn_check_material.xml", "res/drawable/$avd_hide_password__0.xml", "res/color/mtrl_indicator_text_color.xml", "res/drawable-xxhdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable/abc_btn_radio_material.xml", "res/drawable/ic_blog.xml", "res/layout/notification_template_big_media.xml", "res/layout/fragment_weak_cryptography.xml", "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xxhdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/drawable/common_google_signin_btn_icon_light_focused.xml", "res/drawable/abc_cab_background_internal_bg.xml", "lib/x86/libtool-checker.so", "res/layout/material_clock_display.xml", "res/layout-v21/notification_action_tombstone.xml", "res/drawable-mdpi-v4/notification_bg_low_pressed.9.png", "META-INF/kotlinx-coroutines-android.kotlin_module", "res/anim/nav_default_enter_anim.xml", "res/drawable/common_google_signin_btn_text_dark_normal.xml", "res/drawable-v21/design_bottom_navigation_item_background.xml", "res/layout/mtrl_picker_header_dialog.xml", "META-INF/kotlin-stdlib-jdk7.kotlin_module", "res/drawable-mdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/layout/fragment_object_serialization.xml", "res/drawable/abc_seekbar_track_material.xml", "res/drawable-xxhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "META-INF/androidx.navigation_navigation-fragment-ktx.version", "res/drawable/$avd_show_password__1.xml", "META-INF/androidx.lifecycle_lifecycle-livedata-core-ktx.version", "res/drawable-hdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable/ic_search_white.xml", "res/drawable/mtrl_dialog_background.xml", "res/drawable-hdpi-v4/abc_ic_star_half_black_36dp.png", "res/layout/select_dialog_item_material.xml", "res/animator/nav_default_pop_enter_anim.xml", "res/drawable-xhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/color/mtrl_on_surface_ripple_color.xml", "kotlin/annotation/annotation.kotlin_builtins", "res/drawable-xxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/anim-v21/mtrl_bottom_sheet_slide_out.xml", "res/drawable-watch-v20/abc_dialog_material_background.xml", "res/layout/design_text_input_start_icon.xml", "res/layout/mtrl_picker_fullscreen.xml", "res/layout/material_chip_input_combo.xml", "res/layout/mtrl_calendar_year.xml", "res/layout/design_navigation_menu.xml", "META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version", "res/drawable-xhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/color/abc_secondary_text_material_light.xml", "res/color/switch_thumb_material_light.xml", "res/mipmap-mdpi-v4/ic_launcher_foreground.png", "lib/x86_64/libnative_library.so", "res/anim/abc_slide_out_top.xml", "res/anim/fragment_fade_exit.xml", "res/layout/text_view_with_line_height_from_appearance.xml", "META-INF/androidx.arch.core_core-runtime.version", "res/layout/abc_screen_simple.xml", "firebase-auth-interop.properties", "res/drawable/ic_mtrl_chip_checked_circle.xml", "res/drawable-mdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/color-v23/abc_tint_seek_thumb.xml", "META-INF/androidx.lifecycle_lifecycle-runtime-ktx.version", "META-INF/androidx.lifecycle_lifecycle-viewmodel-ktx.version", "res/drawable/$avd_hide_password__1.xml", "res/interpolator/fast_out_slow_in.xml", "res/color-v23/abc_tint_edittext.xml", "res/drawable/abc_switch_thumb_material.xml", "res/drawable/ic_provider.xml", "okhttp3/internal/publicsuffix/publicsuffixes.gz", "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable/btn_checkbox_unchecked_mtrl.xml", "res/drawable-mdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/layout-sw600dp-v13/mtrl_layout_snackbar.xml", "res/layout/material_clock_display_divider.xml", "res/drawable/btn_radio_on_to_off_mtrl_animation.xml", "res/layout/mtrl_calendar_month_navigation.xml", "res/color/design_error.xml", "res/layout/design_layout_tab_text.xml", "res/drawable-hdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/layout/material_radial_view_group.xml", "res/anim/btn_checkbox_to_checked_icon_null_animation.xml", "res/drawable/$avd_show_password__0.xml", "res/color/checkbox_themeable_attribute_color.xml", "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable/btn_radio_off_to_on_mtrl_animation.xml", "res/drawable-xhdpi-v4/abc_list_pressed_holo_light.9.png", "META-INF/androidx.activity_activity.version", "res/layout/activity_deep_link_task.xml", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_36dp.png", "res/layout/design_navigation_menu_item.xml", "res/layout/design_text_input_end_icon.xml", "res/layout/abc_action_menu_item_layout.xml", "res/drawable-hdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-v23/mtrl_popupmenu_background_dark.xml", "res/anim/fragment_open_enter.xml", "res/animator/design_fab_show_motion_spec.xml", "res/color/mtrl_choice_chip_ripple_color.xml", "res/drawable-xhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable/abc_btn_check_material_anim.xml", "res/drawable/$avd_hide_password__2.xml", "res/drawable-xhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_48dp.png", "META-INF/lifecycle-runtime-ktx_release.kotlin_module", "res/drawable/abc_seekbar_thumb_material.xml", "res/anim/abc_fade_out.xml", "res/color/abc_background_cache_hint_selector_material_light.xml", "res/drawable-xxxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable/mtrl_tabs_default_indicator.xml", "res/drawable-xxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/layout/material_timepicker_dialog.xml", "res/drawable/mtrl_ic_error.xml", "res/drawable-hdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-v21/abc_edit_text_material.xml", "res/layout/mtrl_layout_snackbar_include.xml", "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/anim/btn_radio_to_off_mtrl_ring_outer_path_animation.xml", "res/drawable-hdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/color/design_box_stroke_color.xml", "res/layout/mtrl_calendar_day_of_week.xml", "res/layout-watch-v20/abc_alert_dialog_button_bar_material.xml", "res/menu/search.xml", "res/drawable/ic_cert.xml", "res/drawable-mdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/anim/design_snackbar_out.xml", "res/layout/material_clockface_view.xml", "META-INF/androidx.drawerlayout_drawerlayout.version", "res/color/material_on_surface_stroke.xml", "res/drawable-hdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-hdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/anim/fragment_close_exit.xml", "res/drawable/ic_extension.xml", "res/drawable-hdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "META-INF/androidx.interpolator_interpolator.version", "res/color/mtrl_outlined_stroke_color.xml", "res/drawable-mdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-v21/abc_action_bar_item_background_material.xml", "res/drawable-xxhdpi-v4/googleg_standard_color_18.png", "res/anim/abc_shrink_fade_out_from_bottom.xml", "res/drawable-hdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/color-night-v8/material_timepicker_clockface.xml", "res/drawable-xhdpi-v4/googleg_disabled_color_18.png", "res/animator/nav_default_pop_exit_anim.xml", "res/drawable/btn_radio_on_mtrl.xml", "res/drawable-mdpi-v4/notification_bg_normal.9.png", "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-xxhdpi-v4/abc_list_pressed_holo_light.9.png", "res/drawable/abc_item_background_holo_dark.xml", "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable/ic_twitter.xml", "META-INF/androidx.lifecycle_lifecycle-viewmodel.version", "res/animator/mtrl_fab_transformation_sheet_collapse_spec.xml", "res/drawable-hdpi-v4/notification_bg_low_normal.9.png", "res/layout-v21/notification_template_custom_big.xml", "res/color/material_slider_halo_color.xml", "res/drawable/ic_deep_link.xml", "res/layout/abc_popup_menu_header_item_layout.xml", "res/color/material_cursor_color.xml", "firebase-common.properties", "res/color/common_google_signin_btn_text_light.xml", "res/font/monoton.ttf", "res/layout-ldrtl-v17/material_textinput_timepicker.xml", "res/drawable/avd_show_password.xml", "res/layout/mtrl_picker_actions.xml", "res/color/mtrl_navigation_item_icon_tint.xml", "res/drawable-mdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/layout/fragment_insecure_providers.xml", "res/drawable/btn_checkbox_unchecked_to_checked_mtrl_animation.xml", "res/color/mtrl_calendar_item_stroke_color.xml", "res/layout/fragment_root_detection.xml", "res/layout/mtrl_calendar_month.xml", "res/layout/support_simple_spinner_dropdown_item.xml", "res/drawable-xxxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable/common_google_signin_btn_icon_light_normal.xml", "res/layout/test_toolbar_surface.xml", "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/layout/abc_select_dialog_material.xml", "firebase-storage-ktx.properties", "res/drawable-hdpi-v4/abc_list_pressed_holo_dark.9.png", "res/anim/btn_checkbox_to_checked_box_outer_merged_animation.xml", "res/anim-v21/mtrl_bottom_sheet_slide_in.xml", "kotlin/internal/internal.kotlin_builtins", "META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version", "res/interpolator/mtrl_linear.xml", "res/color/mtrl_btn_text_btn_ripple_color.xml", "META-INF/navigation-ui-ktx_release.kotlin_module", "res/xml/standalone_badge.xml", "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "classes2.dex", "res/layout/test_design_checkbox.xml", "res/color/mtrl_bottom_nav_ripple_color.xml", "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/color/material_timepicker_button_stroke.xml", "res/layout/notification_template_big_media_narrow_custom.xml", "res/animator/mtrl_card_state_list_anim.xml", "res/color/mtrl_on_primary_text_btn_text_color_selector.xml", "res/color/radiobutton_themeable_attribute_color.xml", "res/drawable-mdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable/abc_ratingbar_indicator_material.xml", "res/drawable-xxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable/common_google_signin_btn_text_light.xml", "META-INF/androidx.loader_loader.version", "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable/design_ic_visibility_off.xml", "res/drawable/abc_list_selector_holo_dark.xml", "res/drawable/ic_native_library.xml", "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable/ic_keyboard_black_24dp.xml", "META-INF/androidx.viewpager_viewpager.version", "res/animator/mtrl_btn_unelevated_state_list_anim.xml", "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/layout-v26/abc_screen_toolbar.xml", "res/anim/abc_tooltip_exit.xml", "res/layout/notification_template_big_media_custom.xml", "META-INF/navigation-common-ktx_release.kotlin_module", "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_0.xml", "res/drawable/abc_ratingbar_small_material.xml", "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable/mtrl_dropdown_arrow.xml", "META-INF/androidx.cardview_cardview.version", "res/drawable/abc_spinner_textfield_background_material.xml", "META-INF/androidx.navigation_navigation-ui-ktx.version", "res/color/mtrl_btn_text_color_selector.xml", "res/mipmap-xxhdpi-v4/ic_launcher_foreground.png", "META-INF/androidx.coordinatorlayout_coordinatorlayout.version", "res/drawable/common_google_signin_btn_text_disabled.xml", "res/color/mtrl_fab_ripple_color.xml", "res/color/common_google_signin_btn_tint.xml", "res/color/material_slider_thumb_color.xml", "res/layout/notification_media_cancel_action.xml", "kotlin/ranges/ranges.kotlin_builtins", "lib/armeabi-v7a/libtool-checker.so", "res/drawable-hdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable-mdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable/ic_shared_preferences.xml", "res/anim/btn_checkbox_to_checked_box_inner_merged_animation.xml", "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-xxhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "META-INF/androidx.annotation_annotation-experimental.version", "res/drawable/btn_checkbox_checked_to_unchecked_mtrl_animation.xml", "res/drawable-v21/material_cursor_drawable.xml", "res/color/material_slider_inactive_track_color.xml", "res/drawable/design_fab_background.xml", "res/layout/mtrl_calendar_months.xml", "res/layout/design_layout_tab_icon.xml", "res/anim-v21/design_bottom_sheet_slide_out.xml", "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/layout/abc_screen_content_include.xml", "res/drawable/ic_mtrl_chip_checked_black.xml", "classes3.dex", "res/drawable-hdpi-v4/notification_bg_normal_pressed.9.png", "res/color/mtrl_card_view_foreground.xml", "res/layout/mtrl_picker_dialog.xml", "res/layout/abc_alert_dialog_title_material.xml", "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/layout/text_view_with_line_height_from_style.xml", "res/color-v23/abc_tint_switch_track.xml", "res/xml/standalone_badge_gravity_bottom_start.xml", "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable/common_google_signin_btn_text_dark.xml", "res/animator/mtrl_chip_state_list_anim.xml", "res/layout/select_dialog_singlechoice_material.xml", "res/layout/design_navigation_item_separator.xml", "res/drawable-xhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/layout/nav_header_main.xml", "res/drawable-xxhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable/ic_mic.xml", "res/drawable-xhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/anim/fragment_close_enter.xml", "res/color/mtrl_choice_chip_background_color.xml", "res/drawable-xxxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "build-data.properties", "res/layout/test_toolbar_custom_background.xml", "play-services-basement.properties", "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-xhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "firebase-storage.properties", "res/drawable/abc_btn_default_mtrl_shape.xml", "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/color-v23/abc_tint_btn_checkable.xml", "firebase-database-collection.properties", "res/drawable/ic_about.xml", "res/animator/linear_indeterminate_line2_head_interpolator.xml", "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/layout/fragment_certificate_pinning.xml", "res/anim/nav_default_exit_anim.xml", "res/drawable-hdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/common_full_open_on_phone.png", "res/layout/notification_template_big_media_narrow.xml", "res/xml/standalone_badge_offset.xml", "res/drawable/abc_seekbar_tick_mark_material.xml", "res/drawable-hdpi-v4/notification_bg_normal.9.png"], "exported_count": {"exported_activities": 2, "exported_services": 1, "exported_receivers": 1, "exported_providers": 1}, "apkid": {"classes.dex": {"anti_vm": ["Build.FINGERPRINT check", "Build.MODEL check", "Build.MANUFACTURER check", "Build.PRODUCT check", "Build.TAGS check", "possible ro.secure check"], "compiler": ["r8"]}, "classes2.dex": {"compiler": ["r8"]}, "classes3.dex": {"compiler": ["r8 without marker (suspicious)"]}}, "quark": [], "trackers": {"detected_trackers": 0, "total_trackers": 433, "trackers": []}, "playstore_details": {"error": true}, "secrets": ["\"firebase_database_url\" : \"https://allsafe-8cef0.firebaseio.com\"", "\"google_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"", "\"google_crash_reporting_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"", "\"key\" : \"ebfb7ff0-b2f6-41c8-bef3-4fba17be410c\""], "average_cvss": null, "appsec": {"high": [{"title": "Application signed with debug certificate", "description": "Application signed with a debug certificate. Production application must not be shipped with a debug certificate.", "section": "certificate"}, {"title": "Domain config is insecurely configured to permit clear text traffic to these domains in scope", "description": "Scope:\ninfosecadventures.io\n\n", "section": "network"}, {"title": "Debug Enabled For App", "description": "[android:debuggable=true]\nDebugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.", "section": "manifest"}, {"title": "The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.", "description": "The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode", "section": "code"}, {"title": "Firebase DB is exposed publicly.", "description": "The Firebase database at https://allsafe-8cef0.firebaseio.com/.json is exposed to internet without any authentication", "section": "firebase"}], "warning": [{"title": "Application vulnerable to Janus Vulnerability", "description": "Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also vulnerable.", "section": "certificate"}, {"title": "Certificate algorithm might be vulnerable to hash collision", "description": "Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues. The manifest file indicates SHA256withRSA is in use.", "section": "certificate"}, {"title": "App can be installed on a vulnerable Android version", "description": "[minSdk=23]\nThis application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", "section": "manifest"}, {"title": "Application Data can be Backed up", "description": "[android:allowBackup=true]\nThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", "section": "manifest"}, {"title": "Activity (infosecadventures.allsafe.challenges.DeepLinkTask) is not Protected.", "description": "An intent-filter exists.\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "section": "manifest"}, {"title": "App can read/write to External Storage. Any App can read data written to External Storage.", "description": "App can read/write to External Storage. Any App can read data written to External Storage.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", "section": "code"}, {"title": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.", "description": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10", "section": "code"}, {"title": "The App uses an insecure Random Number Generator.", "description": "The App uses an insecure Random Number Generator.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators", "section": "code"}, {"title": "MD5 is a weak hash known to have hash collisions.", "description": "MD5 is a weak hash known to have hash collisions.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4", "section": "code"}, {"title": "App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.", "description": "App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2", "section": "code"}, {"title": "This App may request root (Super User) privileges.", "description": "This App may request root (Super User) privileges.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "section": "code"}, {"title": "This app may contain hardcoded secrets", "description": "The following secrets were identified from the app. Ensure that these are not secrets or private information.\n\"firebase_database_url\" : \"https://allsafe-8cef0.firebaseio.com\"\n\"google_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"\n\"google_crash_reporting_api_key\" : \"AIzaSyDjteCQ0-ElkfBxVZIZmBfCSPNEYUYcK1g\"\n\"key\" : \"ebfb7ff0-b2f6-41c8-bef3-4fba17be410c\"", "section": "secrets"}], "info": [{"title": "The App logs information. Sensitive information should never be logged.", "description": "The App logs information. Sensitive information should never be logged.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", "section": "code"}, {"title": "This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.", "description": "This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard", "section": "code"}], "secure": [{"title": "This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.", "description": "This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4", "section": "code"}, {"title": "This App may have root detection capabilities.", "description": "This App may have root detection capabilities.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "section": "code"}, {"title": "This application has no privacy trackers", "description": "This application does not include any user or device trackers. Unable to find trackers during static analysis.", "section": "trackers"}], "hotspot": [{"title": "Found 3 critical permission(s)", "description": "Ensure that these permissions are required by the application.\n\nandroid.permission.RECORD_AUDIO (dangerous): record audio - Allows application to access the audio record path.\n\nandroid.permission.READ_EXTERNAL_STORAGE (dangerous): read external storage contents - Allows an application to read from external storage.\n\nandroid.permission.WRITE_EXTERNAL_STORAGE (dangerous): read/modify/delete external storage contents - Allows an application to write to external storage.", "section": "permissions"}], "total_trackers": 433, "trackers": 0, "security_score": 48, "app_name": "Allsafe", "file_name": "allsafe.apk", "hash": "ce0fb160ee2319389ca636d18cddc569", "version_name": "1.4"}, "virus_total": null, "base_url": "file:///home/mobsf/Mobile-Security-Framework-MobSF/mobsf", "dwd_dir": "file:///root/.MobSF/downloads/", "host_os": "nix", "timestamp": "2023-12-11T09:40:53.855Z"} \ No newline at end of file diff --git a/unittests/scans/mobsf/damnvulnrablebank.json b/unittests/scans/mobsf/damnvulnrablebank.json new file mode 100644 index 00000000000..93e5b4f835a --- /dev/null +++ b/unittests/scans/mobsf/damnvulnrablebank.json @@ -0,0 +1 @@ +{"version": "v3.6.7 Beta", "title": "Static Analysis", "file_name": "dvba_v1.1.0.apk", "app_name": "DamnVulnerableBank", "app_type": "apk", "size": "3.61MB", "md5": "5b40b49cd80dbe20ba611d32045b57c6", "sha1": "23dcd688fe4dd830cf92309755a5bbd603df8789", "sha256": "76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6", "package_name": "com.app.damnvulnerablebank", "main_activity": "com.app.damnvulnerablebank.SplashScreen", "exported_activities": "['com.app.damnvulnerablebank.CurrencyRates', 'com.app.damnvulnerablebank.SendMoney', 'com.app.damnvulnerablebank.ViewBalance', 'androidx.biometric.DeviceCredentialHandlerActivity', 'com.google.firebase.auth.internal.FederatedSignInActivity']", "browsable_activities": {"com.app.damnvulnerablebank.CurrencyRates": {"schemes": ["http://", "https://"], "mime_types": [], "hosts": ["xe.com"], "ports": [], "paths": [], "path_prefixs": [], "path_patterns": [], "browsable": true}}, "activities": ["com.app.damnvulnerablebank.Myprofile", "com.app.damnvulnerablebank.CurrencyRates", "com.app.damnvulnerablebank.ResetPassword", "com.app.damnvulnerablebank.ViewBeneficiary", "com.app.damnvulnerablebank.ApproveBeneficiary", "com.app.damnvulnerablebank.PendingBeneficiary", "com.app.damnvulnerablebank.AddBeneficiary", "com.app.damnvulnerablebank.SendMoney", "com.app.damnvulnerablebank.ViewBeneficiaryAdmin", "com.app.damnvulnerablebank.GetTransactions", "com.app.damnvulnerablebank.ViewBalance", "com.app.damnvulnerablebank.Dashboard", "com.app.damnvulnerablebank.RegisterBank", "com.app.damnvulnerablebank.BankLogin", "com.app.damnvulnerablebank.MainActivity", "com.app.damnvulnerablebank.SplashScreen", "androidx.biometric.DeviceCredentialHandlerActivity", "com.google.firebase.auth.internal.FederatedSignInActivity", "com.google.android.gms.common.api.GoogleApiActivity"], "receivers": [], "providers": ["com.google.firebase.provider.FirebaseInitProvider"], "services": ["com.google.firebase.components.ComponentDiscoveryService"], "libraries": [], "target_sdk": "29", "max_sdk": "", "min_sdk": "21", "version_name": "1.0", "version_code": "1", "icon_hidden": false, "icon_found": true, "permissions": {"android.permission.INTERNET": {"status": "normal", "info": "full Internet access", "description": "Allows an application to create network sockets."}, "android.permission.USE_BIOMETRIC": {"status": "normal", "info": "", "description": "Allows an app to use device supported biometric modalities."}, "android.permission.USE_FINGERPRINT": {"status": "normal", "info": "allow use of fingerprint", "description": "This constant was deprecated in API level 28. Applications should request USE_BIOMETRIC instead."}}, "certificate_analysis": {"certificate_info": "APK is signed\nv1 signature: False\nv2 signature: True\nv3 signature: False\nFound 1 unique certificates\nSubject: O=dvba, OU=dvba, CN=damncorp\nSignature Algorithm: rsassa_pkcs1v15\nValid From: 2020-10-29 07:43:13+00:00\nValid To: 2045-10-23 07:43:13+00:00\nIssuer: O=dvba, OU=dvba, CN=damncorp\nSerial Number: 0x1230704c\nHash Algorithm: sha256\nmd5: 41d413f665c0f789b190b96341e540c8\nsha1: e26ea75bdc6ab4769acedc4c78027aab8580a858\nsha256: 0d770dd2df7f63e949e8ca87b7e97ba6827762e289bd281679910609568acdde\nsha512: 0943f72dcc5c543af6bf2648ba2f928f5652987b713622d2f015709af490e1b33174e7f18e149cce039e1d0303ab7e80fe47977eceed4ae28e91c6b9a66a58a5\nPublicKey Algorithm: rsa\nBit Size: 2048\nFingerprint: e9637ca397b8c7197333f1b6da9ddb4ad5bb1fcef1f123f1415751e103fda196", "certificate_findings": [["info", "Application is signed with a code signing certificate", "Signed Application"]], "certificate_summary": {"high": 0, "warning": 0, "info": 1}}, "manifest_analysis": {"manifest_findings": [{"rule": "vulnerable_os_version", "title": "App can be installed on a vulnerable Android version
                [minSdk=21]", "severity": "warning", "description": "This application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", "name": "App can be installed on a vulnerable Android version[minSdk=21]", "component": ["21"]}, {"rule": "clear_text_traffic", "title": "Clear text traffic is Enabled For App
                [android:usesCleartextTraffic=true]", "severity": "high", "description": "The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is \"true\". Apps that target API level 28 or higher default to \"false\". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.", "name": "Clear text traffic is Enabled For App [android:usesCleartextTraffic=true]", "component": []}, {"rule": "has_network_security", "title": "App has a Network Security Configuration
                [android:networkSecurityConfig=@xml/network_security_config]", "severity": "info", "description": "The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. ", "name": "App has a Network Security Configuration [android:networkSecurityConfig=@xml/network_security_config]", "component": ["@xml/network_security_config"]}, {"rule": "app_allowbackup", "title": "Application Data can be Backed up
                [android:allowBackup=true]", "severity": "warning", "description": "This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", "name": "Application Data can be Backed up [android:allowBackup=true]", "component": []}, {"rule": "exported_intent_filter_exists", "title": "Activity (com.app.damnvulnerablebank.CurrencyRates) is not Protected.
                An intent-filter exists.", "severity": "warning", "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "name": "Activity com.app.damnvulnerablebank.CurrencyRates is not Protected.An intent-filter exists.", "component": ["Activity", "com.app.damnvulnerablebank.CurrencyRates"]}, {"rule": "exported_protected_permission_not_defined", "title": "Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is Protected by a permission, but the protection level of the permission should be checked.
                Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN
                [android:exported=true]", "severity": "warning", "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.", "name": "Activity com.google.firebase.auth.internal.FederatedSignInActivity is Protected by a permission, but the protection level of the permission should be checked. [Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN] [android:exported=true]", "component": ["Activity", "com.google.firebase.auth.internal.FederatedSignInActivity", "Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN"]}], "manifest_summary": {"high": 1, "warning": 4, "info": 0, "suppressed": 0}}, "network_security": {"network_findings": [{"scope": ["*"], "description": "Base config is insecurely configured to permit clear text traffic to all domains.", "severity": "high"}, {"scope": ["*"], "description": "Base config is configured to trust user installed certificates.", "severity": "high"}, {"scope": ["*"], "description": "Base config is configured to trust system certificates.", "severity": "warning"}], "network_summary": {"high": 2, "warning": 1, "info": 0, "secure": 0}}, "binary_analysis": [{"name": "lib/arm64-v8a/libfrida-check.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/arm64-v8a/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": false, "severity": "high", "description": "This shared object does not have a stack canary value added to the stack. Stack canaries are used to detect and prevent exploits from overwriting return address. Use the option -fstack-protector-all to enable stack canaries."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/armeabi-v7a/libfrida-check.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/armeabi-v7a/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86/libfrida-check.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86_64/libfrida-check.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": true, "severity": "info", "description": "This shared object has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}, {"name": "lib/x86_64/libtool-checker.so", "nx": {"is_nx": true, "severity": "info", "description": "The shared object has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."}, "stack_canary": {"has_canary": false, "severity": "high", "description": "This shared object does not have a stack canary value added to the stack. Stack canaries are used to detect and prevent exploits from overwriting return address. Use the option -fstack-protector-all to enable stack canaries."}, "rpath": {"rpath": null, "severity": "info", "description": "The shared object does not have run-time search path or RPATH set."}, "runpath": {"runpath": null, "severity": "info", "description": "The shared object does not have RUNPATH set."}, "fortify": {"is_fortified": false, "severity": "warning", "description": "The shared object does not have any fortified functions. Fortified functions provides buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions."}, "symbol": {"is_stripped": true, "severity": "info", "description": "Symbols are stripped."}}], "file_analysis": [], "android_api": {"api_ipc": {"files": {"a/a/a/a/a.java": "15,318,319,319,319,320,321,330,330,332,340,346,346,582,582,582,583,594,595", "a/a/a/b/a.java": "5,20,22,27,54,63", "b/b/k/h.java": "5,305,366,376,388,403,403,403,404", "b/b/k/k.java": "10,11,291,292,292,320,339,347,370,371,371", "b/b/o/i/a.java": "4,27,133,133,297,297", "b/b/o/i/g.java": "6,134,134,134,137,137,138,138,143,145,145,150,581", "b/b/o/i/i.java": "4,36,229,229,482,482", "b/b/o/i/j.java": "4,203,203,204,373,373,374", "b/b/o/i/o.java": "5,43,43,43,45,45,52", "b/i/d/b.java": "9,176,184,192,204", "b/i/d/e.java": "3,29,35,35,62,79,96,112", "b/i/d/g.java": "4,16", "b/i/d/i.java": "37,37,37,37", "b/i/d/j.java": "16", "b/i/d/m.java": "3,6", "b/i/e/a.java": "4,54", "b/i/n/d.java": "5,80,80,86,86,105,105,107", "b/l/a/e.java": "5,6,136,245,245,246,379,387,395,395,395,399,403,403,403,407", "b/p/a/a.java": "5,6,75,80,90,126", "c/b/a/i.java": "4,48,48", "c/b/a/n.java": "4,39", "c/c/a/a/c/a.java": "3,16,28,28,31,136,136,139", "c/c/a/a/c/d.java": "11,14,57,58,68,144,144,149,178,180,186", "c/c/a/a/c/e.java": "4,25", "c/c/a/a/c/k/k/d.java": "5,7,263,264,264,559,559,562,564,566,566,569,570", "c/c/a/a/c/k/m.java": "3,15,15,25,25,25,33", "c/c/a/a/c/l/b.java": "11,306,327,356,358,642,4,114,114,213,213", "c/c/a/a/c/l/c0.java": "5,15", "c/c/a/a/c/l/e.java": "5,13", "c/c/a/a/c/l/e0.java": "7,24,95,5,47", "c/c/a/a/c/l/f.java": "5,21,36,65", "c/c/a/a/c/l/f0.java": "3,12,13,13,24,26,26,31,32,32", "c/c/a/a/c/l/h.java": "4,38,39,39", "c/c/a/a/c/l/k.java": "4,16,29", "c/c/a/a/c/l/l.java": "4,30", "c/c/a/a/c/l/m.java": "3,9,11,16", "c/c/a/a/c/l/q.java": "19,211,217", "c/c/a/a/c/l/s.java": "3,15,20,47", "c/c/a/a/c/l/t.java": "3,8", "c/c/a/a/c/l/v.java": "4,9,15", "c/c/a/a/c/l/z.java": "3,11", "c/c/a/a/c/q.java": "3,12,12,23,23,23,31", "c/c/a/a/d/b.java": "3,20", "c/c/a/a/e/d.java": "3,7", "c/c/a/a/f/a/a.java": "4,16", "c/c/a/a/f/b/a.java": "3,10,15,21", "c/c/a/a/f/b/b.java": "4,14", "c/c/a/a/f/c/a.java": "4,14", "c/c/a/a/g/b/a.java": "6,96", "c/c/a/a/g/b/b.java": "3,13,25,25", "c/c/a/a/g/b/c.java": "3,17,25", "c/c/a/a/g/b/h.java": "3,10,15,20", "c/c/b/b.java": "8,9,137,361", "c/c/b/h/c0/a/k0.java": "5,43", "c/c/b/h/c0/a/q0.java": "3,11,16,38", "c/c/b/h/d0/t.java": "3,24,32", "com/app/damnvulnerablebank/AddBeneficiary.java": "3,33", "com/app/damnvulnerablebank/ApproveBeneficiary.java": "4,38,93", "com/app/damnvulnerablebank/BankLogin.java": "4,35,42,50,67,72", "com/app/damnvulnerablebank/CurrencyRates.java": "18,25", "com/app/damnvulnerablebank/Dashboard.java": "4,33,37,41,48,52,82,86,90,94,98", "com/app/damnvulnerablebank/MainActivity.java": "4,101,202,208", "com/app/damnvulnerablebank/RegisterBank.java": "4,34,50", "com/app/damnvulnerablebank/ResetPassword.java": "3,30", "com/app/damnvulnerablebank/SendMoney.java": "3,48,122", "com/app/damnvulnerablebank/SplashScreen.java": "3,25", "com/app/damnvulnerablebank/ViewBeneficiaryAdmin.java": "3,27,27"}, "metadata": {"description": "Inter Process Communication", "severity": "info"}}, "api_start_activity": {"files": {"a/a/a/a/a.java": "595", "b/b/o/i/g.java": "584", "b/l/a/e.java": "379,383,387,391", "c/b/a/i.java": "50", "c/b/a/n.java": "39", "c/c/a/a/c/l/e.java": "15", "com/app/damnvulnerablebank/AddBeneficiary.java": "33", "com/app/damnvulnerablebank/ApproveBeneficiary.java": "38", "com/app/damnvulnerablebank/BankLogin.java": "52,67,72", "com/app/damnvulnerablebank/Dashboard.java": "33,37,41,48,52,82,86,90,94,98", "com/app/damnvulnerablebank/MainActivity.java": "101,202,208", "com/app/damnvulnerablebank/RegisterBank.java": "34,50", "com/app/damnvulnerablebank/ResetPassword.java": "30", "com/app/damnvulnerablebank/SendMoney.java": "48", "com/app/damnvulnerablebank/SplashScreen.java": "25", "com/app/damnvulnerablebank/ViewBeneficiaryAdmin.java": "29"}, "metadata": {"description": "Starting Activity", "severity": "info"}}, "api_local_file_io": {"files": {"a/a/a/a/a.java": "376,872", "c/b/a/h.java": "20", "c/b/a/l.java": "20", "c/b/a/t.java": "20", "c/b/a/w.java": "20", "c/c/a/a/a/a/a/a/a.java": "29", "c/c/b/h/d0/j.java": "26", "c/c/b/h/d0/n.java": "19,27,40,19,27", "c/c/b/h/d0/p.java": "30", "c/c/b/k/d.java": "11", "com/app/damnvulnerablebank/AddBeneficiary.java": "69,71", "com/app/damnvulnerablebank/ApproveBeneficiary.java": "74,85", "com/app/damnvulnerablebank/BankLogin.java": "45,83", "com/app/damnvulnerablebank/Dashboard.java": "45,45", "com/app/damnvulnerablebank/GetTransactions.java": "29", "com/app/damnvulnerablebank/MainActivity.java": "82,82,88,201", "com/app/damnvulnerablebank/Myprofile.java": "115,117", "com/app/damnvulnerablebank/PendingBeneficiary.java": "31", "com/app/damnvulnerablebank/RegisterBank.java": "62", "com/app/damnvulnerablebank/ResetPassword.java": "29,53,73", "com/app/damnvulnerablebank/SendMoney.java": "38,39", "com/app/damnvulnerablebank/ViewBalance.java": "85,87", "com/app/damnvulnerablebank/ViewBeneficiary.java": "35", "com/app/damnvulnerablebank/ViewBeneficiaryAdmin.java": "39"}, "metadata": {"description": "Local File I/O Operations", "severity": "info"}}, "api_java_reflection": {"files": {"a/a/a/a/a.java": "3109,92,93", "b/b/k/h.java": "27", "b/b/k/k.java": "1330,66", "b/b/k/r.java": "108,15", "b/b/o/f.java": "135,26", "b/b/o/i/d.java": "27", "b/b/o/i/j.java": "16", "b/b/p/a0.java": "16,17", "b/b/p/d1.java": "7", "b/b/p/e0.java": "23", "b/b/p/f0.java": "14", "b/b/p/k0.java": "21", "b/b/p/m0.java": "15", "b/i/d/b.java": "154,12,13", "b/i/e/b/h.java": "3", "b/i/f/e.java": "51,19", "b/i/f/f.java": "38,16", "b/i/f/g.java": "39,17", "b/i/f/h.java": "6", "b/i/f/k/d.java": "15", "b/i/m/d.java": "11,13", "b/i/m/l.java": "25", "b/i/m/p.java": "9", "b/i/m/u.java": "10", "b/i/n/d.java": "66,15", "b/l/a/h.java": "22", "b/l/a/w.java": "43", "b/n/a.java": "5", "b/n/j.java": "62,9", "b/t/b0.java": "6,8", "b/v/a.java": "32,43,6", "b/v/b.java": "5", "c/c/a/a/d/b.java": "5", "c/c/b/b.java": "194", "c/c/b/h/c0/a/e.java": "28", "c/c/b/h/c0/a/j0.java": "6"}, "metadata": {"description": "Java Reflection", "severity": "info"}}, "api_get_system_service": {"files": {"a/a/a/a/a.java": "560,562,2089", "b/b/k/k.java": "287,622,706,742,1648,1768", "b/b/o/c.java": "74,81", "b/b/o/i/l.java": "55", "b/b/p/a1.java": "186,202", "b/b/p/b1.java": "44", "b/b/p/x.java": "22", "b/i/g/a/b.java": "61", "b/i/m/l.java": "212", "b/j/a/c.java": "19", "b/k/b/a.java": "101", "b/l/a/c.java": "100", "c/c/a/a/c/d.java": "160", "c/c/a/b/g0/h.java": "277", "c/c/b/b.java": "356", "com/app/damnvulnerablebank/SendMoney.java": "70"}, "metadata": {"description": "Get System Service", "severity": "info"}}, "api_installed": {"files": {"b/i/n/d.java": "62,86"}, "metadata": {"description": "Get Installed Applications", "severity": "info"}}, "api_base64_decode": {"files": {"a/a/a/a/a.java": "163,47", "c/b/a/e.java": "11,3", "c/c/b/h/d0/k.java": "54,4"}, "metadata": {"description": "Base64 Decode", "severity": "info"}}, "api_base64_encode": {"files": {"b/i/j/a.java": "47,3", "c/b/a/e.java": "15,3", "c/c/b/b.java": "335,18", "c/c/b/h/d0/n.java": "32,6"}, "metadata": {"description": "Base64 Encode", "severity": "info"}}, "api_start_service": {"files": {"c/c/a/a/c/l/d0.java": "90", "c/c/a/a/c/l/e0.java": "58,76"}, "metadata": {"description": "Starting Service", "severity": "info"}}, "api_gps": {"files": {"b/b/k/k.java": "19,20,402", "b/b/k/t.java": "4,5,38"}, "metadata": {"description": "GPS Location", "severity": "info"}}, "api_dex_manipulate": {"files": {"c/c/a/a/e/b.java": "3,11,18"}, "metadata": {"description": "Load and Manipulate Dex Files", "severity": "info"}}, "api_crypto": {"files": {"b/d/e.java": "21,22", "b/i/g/a/a.java": "14,15", "b/i/g/a/b.java": "7,8"}, "metadata": {"description": "Crypto", "severity": "info"}}, "api_tcp": {"files": {"c/a/b/w/b.java": "16,259,16"}, "metadata": {"description": "TCP Socket", "severity": "info"}}, "api_native_code": {"files": {"com/app/damnvulnerablebank/FridaCheckJNI.java": "5"}, "metadata": {"description": "Loading Native Code (Shared Library)", "severity": "info"}}, "api_notifications": {"files": {"c/c/a/a/c/d.java": "10,273"}, "metadata": {"description": "Android Notifications", "severity": "info"}}, "api_os_command": {"files": {"a/a/a/a/a.java": "522,522"}, "metadata": {"description": "Execute OS Command", "severity": "info"}}, "api_http_connection": {"files": {"c/a/b/w/f.java": "8,29,35,58,80,152,152,153,49,172,181,152"}, "metadata": {"description": "HTTP Connection", "severity": "info"}}, "api_https_connection": {"files": {"c/a/b/w/f.java": "14,14"}, "metadata": {"description": "HTTPS Connection", "severity": "info"}}, "api_certificate_handling": {"files": {"c/a/b/w/f.java": "15"}, "metadata": {"description": "Certificate Handling", "severity": "info"}}}, "code_analysis": {"findings": {"android_logging": {"files": {"a/a/a/a/a.java": "218,332,555,564,571,584,751,774,781,1938,1959,1978,2003,2223,2417,3111,3125,3137,144,153,178,187,2332,2342,2451,2460", "b/b/k/h.java": "395,216,224", "b/b/k/k.java": "1561,1418,1427,1437,1446,1461,1470,1483,1492,417,1134,1234,1237,1332,1773", "b/b/k/r.java": "145", "b/b/k/t.java": "42", "b/b/l/a/a.java": "80", "b/b/o/f.java": "139,173,185,195,353", "b/b/o/i/d.java": "536", "b/b/o/i/g.java": "586", "b/b/p/a0.java": "92,101,189,227", "b/b/p/a1.java": "91,155", "b/b/p/d1.java": "23,33,51,53,56", "b/b/p/k0.java": "362,165,170,177,267,345", "b/b/p/m0.java": "106", "b/b/p/n0.java": "139,47,63,92,344", "b/b/p/r0.java": "99,250,370,183,232,336,347,376,389,403", "b/b/p/s0.java": "31", "b/b/p/w.java": "93,147,152,180,575", "b/b/p/z0.java": "347,386", "b/d/a.java": "284", "b/d/c.java": "248,84", "b/d/e.java": "267", "b/g/c/c.java": "71", "b/g/c/d.java": "205,103,169", "b/g/c/e.java": "613,1413,634,646,1466", "b/i/d/b.java": "114", "b/i/d/c.java": "31", "b/i/d/e.java": "58,75,92", "b/i/f/c.java": "49,54", "b/i/f/d.java": "32", "b/i/f/e.java": "57", "b/i/f/f.java": "44", "b/i/f/g.java": "50,206", "b/i/f/k/d.java": "44,67", "b/i/g/a/a.java": "40", "b/i/i/b.java": "17", "b/i/l/a.java": "21", "b/i/m/a.java": "238", "b/i/m/b.java": "38", "b/i/m/f.java": "158,176,199", "b/i/m/l.java": "223", "b/i/m/p.java": "21,32", "b/i/m/u.java": "39,49,60,69", "b/j/a/b.java": "41", "b/k/b/e.java": "317", "b/l/a/e.java": "148,150,175,298,300", "b/l/a/k.java": "2854,2855,2865,1973", "b/p/a/a.java": "141,146,153,157,173,183", "b/t/b0.java": "35,59", "b/u/a/a/f.java": "852,1092", "c/a/b/j.java": "74", "c/a/b/v.java": "110,114,12,119", "c/a/b/w/h.java": "41", "c/b/a/j.java": "27", "c/b/a/n.java": "28", "c/c/a/a/c/d.java": "49,151", "c/c/a/a/c/g.java": "44,57,101,118,130,136,145", "c/c/a/a/c/h.java": "25", "c/c/a/a/c/k/k/b0.java": "45,55", "c/c/a/a/c/k/k/d.java": "654,778", "c/c/a/a/c/k/k/u.java": "43", "c/c/a/a/c/l/a.java": "16", "c/c/a/a/c/l/b.java": "387,696,711,243,262,403,618,622,627,635", "c/c/a/a/c/l/d.java": "82,85,114,117,120,137,146", "c/c/a/a/c/l/d0.java": "112", "c/c/a/a/c/l/e.java": "18", "c/c/a/a/c/l/e0.java": "60", "c/c/a/a/c/l/i.java": "28", "c/c/a/a/c/l/l.java": "25", "c/c/a/a/c/m/a.java": "39,53,58", "c/c/a/a/c/t.java": "61", "c/c/a/a/f/c/a1.java": "44,59", "c/c/a/a/g/b/a.java": "80,85", "c/c/a/b/a0/b.java": "116", "c/c/a/b/b0/a.java": "23", "c/c/a/b/l/g.java": "49", "c/c/b/b.java": "97,171,180,198,203,207,211,215,219,243", "c/c/b/h/c0/a/e.java": "36", "c/c/b/h/c0/a/j0.java": "104,55,93", "c/c/b/h/c0/a/k0.java": "116,98,109,143,147,88", "c/c/b/h/c0/a/x0.java": "18", "c/c/b/h/d0/i.java": "17", "c/c/b/h/d0/k.java": "97,49,60", "c/c/b/h/d0/p.java": "70", "c/c/b/h/d0/z.java": "65,88", "c/c/b/h/y.java": "51", "com/app/damnvulnerablebank/BankLogin.java": "46", "com/app/damnvulnerablebank/MainActivity.java": "92,195,198"}, "metadata": {"cvss": 7.5, "cwe": "CWE-532: Insertion of Sensitive Information into Log File", "owasp-mobile": "", "masvs": "MSTG-STORAGE-3", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", "description": "The App logs information. Sensitive information should never be logged.", "severity": "info"}}, "android_read_write_external": {"files": {"com/app/damnvulnerablebank/MainActivity.java": "172"}, "metadata": {"cvss": 5.5, "cwe": "CWE-276: Incorrect Default Permissions", "owasp-mobile": "M2: Insecure Data Storage", "masvs": "MSTG-STORAGE-2", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", "description": "App can read/write to External Storage. Any App can read data written to External Storage.", "severity": "warning"}}, "android_detect_root": {"files": {"a/a/a/a/a.java": "522,501,504,504,504,504,504,504"}, "metadata": {"cvss": 0, "cwe": "", "masvs": "MSTG-RESILIENCE-1", "owasp-mobile": "", "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "description": "This App may have root detection capabilities.", "severity": "good"}}}, "summary": {"high": 0, "warning": 1, "info": 1, "secure": 1, "suppressed": 0}}, "niap_analysis": {"FCS_RBG_EXT.1.1": {"choice": "The application use no DRBG functionality for its cryptographic operations.", "description": "Random Bit Generation Services", "class": "Security Functional Requirements"}, "FCS_STO_EXT.1.1": {"choice": "The application does not store any credentials to non-volatile memory.", "description": "Storage of Credentials", "class": "Security Functional Requirements"}, "FCS_CKM_EXT.1.1": {"choice": "The application generate no asymmetric cryptographic keys.", "description": "Cryptographic Key Generation Services", "class": "Security Functional Requirements"}, "FDP_DEC_EXT.1.1": {"choice": "The application has access to ['network connectivity'].", "description": "Access to Platform Resources", "class": "Security Functional Requirements"}, "FDP_DEC_EXT.1.2": {"choice": "The application has access to no sensitive information repositories.", "description": "Access to Platform Resources", "class": "Security Functional Requirements"}, "FDP_NET_EXT.1.1": {"choice": "The application has user/application initiated network communications.", "description": "Network Communications", "class": "Security Functional Requirements"}, "FDP_DAR_EXT.1.1": {"choice": "The application implement functionality to encrypt sensitive data in non-volatile memory.", "description": "Encryption Of Sensitive Application Data", "class": "Security Functional Requirements"}, "FMT_MEC_EXT.1.1": {"choice": "The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.", "description": "Supported Configuration Mechanism", "class": "Security Functional Requirements"}, "FTP_DIT_EXT.1.1": {"choice": "The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.", "description": "Protection of Data in Transit", "class": "Security Functional Requirements"}, "FCS_HTTPS_EXT.1.1": {"choice": "The application implement the HTTPS protocol that complies with RFC 2818.", "description": "HTTPS Protocol", "class": "Selection-Based Security Functional Requirements"}, "FCS_HTTPS_EXT.1.2": {"choice": "The application implement HTTPS using TLS.", "description": "HTTPS Protocol", "class": "Selection-Based Security Functional Requirements"}}, "urls": [{"urls": ["http://schemas.android.com/apk/res/android"], "path": "a/a/a/a/a.java"}, {"urls": ["https://plus.google.com/"], "path": "c/c/a/a/c/l/f0.java"}, {"urls": ["http://localhost"], "path": "c/c/a/a/f/c/n1.java"}, {"urls": ["https://www.xe.com/"], "path": "com/app/damnvulnerablebank/CurrencyRates.java"}, {"urls": ["https://damn-vulnerable-bank.firebaseio.com"], "path": "Android String Resource"}], "domains": {"damn-vulnerable-bank.firebaseio.com": {"bad": "no", "geolocation": {"ip": "35.201.97.85", "country_short": "US", "country_long": "United States of America", "region": "Missouri", "city": "Kansas City", "latitude": "39.099731", "longitude": "-94.578568"}}, "schemas.android.com": {"bad": "no", "geolocation": null}, "plus.google.com": {"bad": "no", "geolocation": {"ip": "142.251.16.100", "country_short": "US", "country_long": "United States of America", "region": "California", "city": "Mountain View", "latitude": "37.405991", "longitude": "-122.078514"}}, "www.xe.com": {"bad": "no", "geolocation": {"ip": "18.67.76.37", "country_short": "US", "country_long": "United States of America", "region": "Washington", "city": "Seattle", "latitude": "47.627499", "longitude": "-122.346199"}}}, "emails": [{"emails": ["u0013android@android.com0", "u0013android@android.com"], "path": "c/c/a/a/c/y.java"}], "strings": ["\"common_google_play_services_notification_channel_name\" : \"Dostupnos\u0165 slu\u017eieb Google Play\"", "\"abc_searchview_description_clear\" : \"Smazat dotaz\"", "\"common_google_play_services_update_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0436\u0430\u04a3\u0430\u0440\u0442\u043f\u0430\u0441\u0430\u04a3\u044b\u0437, %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"abc_shareactionprovider_share_with_application\" : \"%s ile payla\u015f\"", "\"abc_activitychooserview_choose_application\" : \"\u0b86\u0baa\u0bcd\u0bb8\u0bc8\u0ba4\u0bcd \u0ba4\u0bc7\u0bb0\u0bcd\u0bb5\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0b95\"", "\"abc_action_menu_overflow_description\" : \"\u010eal\u0161ie mo\u017enosti\"", "\"abc_action_bar_up_description\" : \"Revenir en arri\u00e8re\"", "\"abc_searchview_description_query\" : \"Query sa paghahanap\"", "\"abc_action_bar_home_description\" : \"Przejd\u017a na stron\u0119 g\u0142\u00f3wn\u0105\"", "\"abc_action_menu_overflow_description\" : \"Higit pang opsyon\"", "\"common_signin_button_text\" : \"\u041d\u044d\u0432\u0442\u0440\u044d\u0445\"", "\"mtrl_picker_day_of_week_column_header\" : \"Column of days: %1$s\"", "\"abc_searchview_description_voice\" : \"Glasovno pretra\u017eivanje\"", "\"abc_capital_off\" : \"\u0418\u0421\u041a\u041b\u0423\u0427\u0415\u041d\u041e\"", "\"abc_shareactionprovider_share_with\" : \"\u0647\u0645\u200c\u0631\u0633\u0627\u0646\u06cc \u0628\u0627\"", "\"common_google_play_services_install_button\" : \"Instal\u00b7la\"", "\"abc_menu_space_shortcut_label\" : \"\u05e8\u05d5\u05d5\u05d7\"", "\"common_google_play_services_wear_update_text\" : \"Wymagana jest nowa wersja Us\u0142ug Google Play. Wkr\u00f3tce nast\u0105pi automatyczna aktualizacja.\"", "\"abc_shareactionprovider_share_with\" : \"Udost\u0119pnij przez:\"", "\"fingerprint_error_lockout\" : \"Per daug bandym\u0173. V\u0117liau bandykite dar kart\u0105.\"", "\"abc_capital_on\" : \"\u0e40\u0e1b\u0e34\u0e14\"", "\"common_signin_button_text_long\" : \"Prisijungti naudojant \u201eGoogle\u201c\"", "\"fingerprint_error_hw_not_available\" : \"\u6307\u7d0b\u786c\u9ad4\u7121\u6cd5\u4f7f\u7528\u3002\"", "\"fingerprint_error_lockout\" : \"\u05e0\u05d9\u05e1\u05d9\u05ea \u05d9\u05d5\u05ea\u05e8 \u05de\u05d3\u05d9 \u05e4\u05e2\u05de\u05d9\u05dd. \u05d9\u05e9 \u05dc\u05e0\u05e1\u05d5\u05ea \u05e9\u05d5\u05d1 \u05de\u05d0\u05d5\u05d7\u05e8 \u05d9\u05d5\u05ea\u05e8.\"", "\"common_google_play_services_enable_button\" : \"Ota k\u00e4ytt\u00f6\u00f6n\"", "\"fingerprint_error_user_canceled\" : \"\u0425\u044d\u0440\u044d\u0433\u043b\u044d\u0433\u0447 \u0445\u0443\u0440\u0443\u0443\u043d\u044b \u0445\u044d\u044d\u043d\u0438\u0439 \u0431\u0430\u0442\u0430\u043b\u0433\u0430\u0430\u0436\u0443\u0443\u043b\u0430\u043b\u0442\u044b\u0433 \u0431\u043e\u043b\u0438\u0443\u043b\u0441\u0430\u043d \u0431\u0430\u0439\u043d\u0430.\"", "\"abc_menu_alt_shortcut_label\" : \"Alt \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_enable_button\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\"", "\"abc_searchview_description_voice\" : \"Busca por voz\"", "\"abc_action_bar_up_description\" : \"Naviga\u021bi \u00een sus\"", "\"fingerprint_error_no_fingerprints\" : \"\u0caf\u0cbe\u0cb5\u0cc1\u0ca6\u0cc7 \u0cab\u0cbf\u0c82\u0c97\u0cb0\u0ccd\u200c\u0caa\u0ccd\u0cb0\u0cbf\u0c82\u0c9f\u0ccd\u200c \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0ccb\u0c82\u0ca6\u0ca3\u0cbf \u0cae\u0cbe\u0ca1\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"abc_capital_off\" : \"\u0418\u0421\u041a\u0409\u0423\u0427\u0415\u041d\u041e\"", "\"abc_toolbar_collapse_description\" : \"\u1230\u1265\u1235\u1265\"", "\"abc_action_bar_up_description\" : \"\u0a09\u0a71\u0a2a\u0a30 \u0a1c\u0a3e\u0a13\"", "\"common_google_play_services_enable_button\" : \"Activa\u021bi\"", "\"abc_capital_on\" : \"\u0985\u09a8\"", "\"common_google_play_services_update_text\" : \"%1$s Google Play xidm\u0259tl\u0259ri yenil\u0259m\u0259 halda \u00e7al\u0131\u015fmaz.\"", "\"common_signin_button_text\" : \"Logg p\u00e5\"", "\"abc_shareactionprovider_share_with_application\" : \"\u041f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e %s\"", "\"fingerprint_error_lockout\" : \"Previ\u0161e poku\u0161aja. Probajte ponovo kasnije.\"", "\"abc_search_hint\" : \"\u691c\u7d22\u2026\"", "\"abc_capital_off\" : \"DESATIVADO\"", "\"abc_menu_delete_shortcut_label\" : \"\u0d07\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_searchview_description_voice\" : \"Paghahanap gamit ang boses\"", "\"abc_menu_delete_shortcut_label\" : \"Supr\"", "\"fingerprint_not_recognized\" : \"\u092a\u0939\u091a\u093e\u0928 \u0928\u0939\u0940\u0902 \u0939\u094b \u092a\u093e\u0908\"", "\"generic_error_user_canceled\" : \"\u0909\u092a\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e \u0928\u0947 \u092a\u0941\u0937\u094d\u091f\u093f \u0915\u0930\u0928\u0947 \u0915\u0940 \u092a\u094d\u0930\u0915\u094d\u0930\u093f\u092f\u093e \u0930\u0926\u094d\u0926 \u0915\u0940.\"", "\"abc_shareactionprovider_share_with\" : \"Ibahagi sa/kay\"", "\"abc_action_bar_up_description\" : \"\u092e\u093e\u0925\u093f \u0928\u0947\u092d\u093f\u0917\u0947\u091f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u062e\u062a\u064a\u0627\u0631 \u062a\u0637\u0628\u064a\u0642\"", "\"abc_shareactionprovider_share_with_application\" : \"Del med %s\"", "\"abc_searchview_description_search\" : \"\u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"abc_action_bar_home_description\" : \"\u0918\u0930\u093e\u0915\u0921\u0947 \u0928\u0947\u0935\u094d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"abc_action_bar_home_description\" : \"Idite na po\u010detnu\"", "\"abc_searchview_description_search\" : \"Otsing\"", "\"abc_toolbar_collapse_description\" : \"\u0417\u0433\u043e\u0440\u043d\u0443\u0442\u0438\"", "\"abc_menu_enter_shortcut_label\" : \"entr\u00e9e\"", "\"common_signin_button_text_long\" : \"Pierakst\u012bties ar Google kontu\"", "\"common_google_play_services_unknown_issue\" : \"%1$s-\u0433 Google Play-\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u0430\u0434 \u0430\u0441\u0443\u0443\u0434\u0430\u043b \u0433\u0430\u0440\u043b\u0430\u0430. \u0414\u0430\u0445\u0438\u043d \u043e\u0440\u043e\u043b\u0434\u043e\u043d\u043e \u0443\u0443.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0baa\u0bbf\u0bb4\u0bc8\"", "\"fingerprint_dialog_touch_sensor\" : \"Toca sensor d'empremtes digitals\"", "\"abc_prepend_shortcut_label\" : \"\u092e\u0947\u0928\u0942+\"", "\"default_error_msg\" : \"Nezn\u00e1m\u00e1 chyba\"", "\"abc_action_mode_done\" : \"Listo\"", "\"common_google_play_services_enable_text\" : \"%1$s tidak akan berfungsi jika layanan Google Play tidak diaktifkan.\"", "\"fingerprint_error_user_canceled\" : \"Operazione di autenticazione dell'impronta digitale annullata dall'utente.\"", "\"mtrl_picker_range_header_title\" : \"Select a Date Range\"", "\"confirm_device_credential_password\" : \"\u0412\u044b\u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u044c \u043f\u0430\u0440\u043e\u043b\u044c\"", "\"common_signin_button_text_long\" : \"Login dengan Google\"", "\"default_error_msg\" : \"Onbekende fout\"", "\"common_google_play_services_unknown_issue\" : \"Aplikace %1$s m\u00e1 pot\u00ed\u017ee se slu\u017ebami Google Play. Zkuste to pros\u00edm znovu.\"", "\"common_google_play_services_update_text\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12ab\u120b\u12d8\u1218\u1291 \u1260\u1235\u1270\u1240\u122d \u12f5\u1228\u1235 %1$s \u12a0\u12ed\u1230\u122b\u121d\u1362\"", "\"common_google_play_services_update_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0, \u10d7\u10e3 Google Play \u10e1\u10d4\u10e0\u10d5\u10d8\u10e1\u10d4\u10d1\u10e1 \u10d0\u10e0 \u10d2\u10d0\u10dc\u10d0\u10d0\u10ee\u10da\u10d4\u10d1\u10d7.\"", "\"abc_capital_on\" : \"KVEIKT\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u00c1rea de mensaje de ayuda\"", "\"fingerprint_error_lockout\" : \"Der var for mange fors\u00f8g Pr\u00f8v igen senere.\"", "\"common_google_play_services_wear_update_text\" : \"\u10e1\u10d0\u10ed\u10d8\u10e0\u10dd\u10d0 Google Play Services-\u10d8\u10e1 \u10d0\u10ee\u10d0\u10da\u10d8 \u10d5\u10d4\u10e0\u10e1\u10d8\u10d0. \u10d8\u10e1 \u10db\u10d0\u10da\u10d4 \u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d3\u10d4\u10d1\u10d0.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Strg\u00a0+\"", "\"abc_menu_space_shortcut_label\" : \"\u0431\u043e\u0441 \u043e\u0440\u044b\u043d\"", "\"abc_searchview_description_clear\" : \"\u067e\u0627\u06a9 \u06a9\u0631\u062f\u0646 \u067e\u064f\u0631\u0633\u0645\u0627\u0646\"", "\"fingerprint_error_user_canceled\" : \"\u09ac\u09cd\u09af\u09ac\u09b9\u09be\u09b0\u0995\u09be\u09b0\u09c0 \u0986\u0999\u09cd\u0997\u09c1\u09b2\u09c7\u09b0 \u099b\u09be\u09aa \u09a8\u09c7\u0993\u09af\u09bc\u09be\u09b0 \u0985\u09aa\u09be\u09b0\u09c7\u09b6\u09a8\u099f\u09bf \u09ac\u09be\u09a4\u09bf\u09b2 \u0995\u09b0\u09c7\u099b\u09c7\u09a8\u0964\"", "\"common_google_play_services_install_button\" : \"Instaliraj\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0421\u043f\u0440\u0430\u0432\u043e\u0447\u043d\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435\"", "\"abc_action_bar_home_description\" : \"Zulazulela ekhaya\"", "\"abc_menu_meta_shortcut_label\" : \"Meta\u00a0+\"", "\"abc_action_menu_overflow_description\" : \"\u0645\u0632\u06cc\u062f \u0627\u062e\u062a\u06cc\u0627\u0631\u0627\u062a\"", "\"abc_capital_on\" : \"P\u00c5\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0431\u0435\u0440\u0438 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0430\"", "\"common_google_play_services_enable_button\" : \"Dayakan\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0b38\u0b39\u0b3e\u0b5f\u0b24\u0b3e \u0b2e\u0b47\u0b38\u0b47\u0b1c\u0b4d \u0b15\u0b4d\u0b37\u0b47\u0b24\u0b4d\u0b30\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa +\"", "\"abc_menu_sym_shortcut_label\" : \"SYM +\"", "\"fingerprint_not_recognized\" : \"Nerozpozn\u00e1no\"", "\"fingerprint_error_no_fingerprints\" : \"\u0c35\u0c47\u0c32\u0c3f\u0c2e\u0c41\u0c26\u0c4d\u0c30\u0c32\u0c41 \u0c28\u0c2e\u0c4b\u0c26\u0c41 \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c32\u0c47\u0c26\u0c41.\"", "\"abc_menu_function_shortcut_label\" : \"Fungsi+\"", "\"abc_activitychooserview_choose_application\" : \"Valige rakendus\"", "\"abc_action_mode_done\" : \"Kon\u010dano\"", "\"abc_activitychooserview_choose_application\" : \"Vybrat aplikaci\"", "\"abc_searchview_description_voice\" : \"\u0635\u0648\u062a\u06cc \u062a\u0644\u0627\u0634\"", "\"search_menu_title\" : \"\u0548\u0580\u0578\u0576\u0565\u056c\"", "\"common_google_play_services_update_title\" : \"Buyekeza amasevisi we-Google Play\"", "\"abc_toolbar_collapse_description\" : \"Samenvouwen\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u0438, \u043e\u0441\u0432\u0435\u043d \u0430\u043a\u043e \u043d\u0435 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play.\"", "\"confirm_device_credential_password\" : \"Anv\u00e4nd l\u00f6senord\"", "\"abc_action_menu_overflow_description\" : \"Flere valgmuligheder\"", "\"abc_action_menu_overflow_description\" : \"\u041e\u0449\u0435 \u043e\u043f\u0446\u0438\u0438\"", "\"common_google_play_services_updating_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui sont en cours de mise \u00e0 jour.\"", "\"abc_searchview_description_search\" : \"H\u013eada\u0165\"", "\"common_google_play_services_unknown_issue\" : \"\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \"%1$s\" \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c Google Play. \u041f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0443.\"", "\"default_error_msg\" : \"\u0411\u0435\u043b\u0433\u0438\u0441\u0438\u0437 \u043a\u0430\u0442\u0430\"", "\"common_google_play_services_notification_ticker\" : \"Error de Google Play Services\"", "\"common_google_play_services_enable_text\" : \"\u200f\u0644\u0646 \u064a\u0639\u0645\u0644 %1$s \u0645\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0641\u0639\u064a\u0644 \u062e\u062f\u0645\u0627\u062a Google Play.\"", "\"abc_menu_meta_shortcut_label\" : \"Meta-Taste\u00a0+\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0410\u043d\u044b\u049b\u0442\u0430\u043c\u0430 \u0445\u0430\u0431\u0430\u0440\u044b \u0430\u0443\u043c\u0430\u0493\u044b\"", "\"common_google_play_services_update_text\" : \"%1$s kan niet worden uitgevoerd, tenzij je Google Play-services updatet.\"", "\"fingerprint_error_hw_not_available\" : \"El hardware de huella digital no est\u00e1 disponible.\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0448\u0443\u043a\u043e\u0432\u0438\u0439 \u0437\u0430\u043f\u0438\u0442\"", "\"abc_action_mode_done\" : \"Gotowe\"", "\"fingerprint_error_lockout\" : \"Muitas tentativas. Tente novamente mais tarde.\"", "\"abc_capital_off\" : \"\u12a0\u1325\u134b\"", "\"common_google_play_services_enable_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0438\u0448\u0442\u0435\u0442\u04af\u04af\"", "\"abc_action_bar_home_description\" : \"Navegar para casa\"", "\"abc_menu_space_shortcut_label\" : \"\u041f\u0440\u0430\u0431\u0435\u043b\"", "\"common_open_on_phone\" : \"Avaa puhelimessa\"", "\"confirm_device_credential_password\" : \"Guna kata laluan\"", "\"abc_menu_space_shortcut_label\" : \"espace\"", "\"common_signin_button_text\" : \"\u0c38\u0c48\u0c28\u0c4d \u0c07\u0c28\u0c4d \u0c1a\u0c47\u0c2f\u0c02\u0c21\u0c3f\"", "\"default_error_msg\" : \"\u0386\u03b3\u03bd\u03c9\u03c3\u03c4\u03bf \u03c3\u03c6\u03ac\u03bb\u03bc\u03b1\"", "\"common_google_play_services_updating_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u06a9\u0647 \u062f\u0631\u062d\u0627\u0644 \u062d\u0627\u0636\u0631 \u062f\u0631\u062d\u0627\u0644 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0647\u0633\u062a\u0646\u062f\u060c \u06a9\u0627\u0631 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f.\"", "\"fingerprint_error_no_fingerprints\" : \"Der er ikke registreret nogen fingeraftryk.\"", "\"abc_action_mode_done\" : \"\u0e40\u0e2a\u0e23\u0e47\u0e08\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u0430\u0440\u043b\u044b\u0493\u044b\u043d \u043a\u04e9\u0440\u0443\"", "\"fingerprint_dialog_touch_sensor\" : \"\u8acb\u8f15\u89f8\u6307\u7d0b\u611f\u61c9\u5668\"", "\"fingerprint_dialog_touch_sensor\" : \"\u8bf7\u8f7b\u89e6\u6307\u7eb9\u4f20\u611f\u5668\"", "\"fingerprint_dialog_touch_sensor\" : \"\u05d9\u05e9 \u05dc\u05d2\u05e2\u05ea \u05d1\u05d7\u05d9\u05d9\u05e9\u05df \u05d8\u05d1\u05d9\u05e2\u05d5\u05ea \u05d4\u05d0\u05e6\u05d1\u05e2\"", "\"abc_shareactionprovider_share_with\" : \"Comparteix amb\"", "\"fingerprint_error_hw_not_present\" : \"\u0391\u03c5\u03c4\u03ae \u03b7 \u03c3\u03c5\u03c3\u03ba\u03b5\u03c5\u03ae \u03b4\u03b5\u03bd \u03b4\u03b9\u03b1\u03b8\u03ad\u03c4\u03b5\u03b9 \u03b1\u03b9\u03c3\u03b8\u03b7\u03c4\u03ae\u03c1\u03b1 \u03b4\u03b1\u03ba\u03c4\u03c5\u03bb\u03b9\u03ba\u03ce\u03bd \u03b1\u03c0\u03bf\u03c4\u03c5\u03c0\u03c9\u03bc\u03ac\u03c4\u03c9\u03bd\"", "\"default_error_msg\" : \"Erro desconhecido\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u3067 Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306b\u554f\u984c\u304c\u767a\u751f\u3057\u3066\u3044\u307e\u3059\u3002\u3082\u3046\u4e00\u5ea6\u304a\u8a66\u3057\u304f\u3060\u3055\u3044\u3002\"", "\"abc_capital_on\" : \"ACTIVAT\"", "\"generic_error_user_canceled\" : \"\u0935\u093e\u092a\u0930\u0915\u0930\u094d\u0924\u094d\u092f\u093e\u0928\u0947 \u0911\u0925\u0947\u0902\u091f\u093f\u0915\u0947\u0936\u0928 \u0930\u0926\u094d\u0926 \u0915\u0947\u0932\u0947 \u0906\u0939\u0947.\"", "\"mtrl_picker_text_input_year_abbr\" : \"y\"", "\"common_signin_button_text_long\" : \"Google \uacc4\uc815\uc73c\ub85c \ub85c\uadf8\uc778\"", "\"abc_searchview_description_clear\" : \"Effacer la requ\u00eate\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u0436\u0430\u04a3\u0430 \u043d\u04b1\u0441\u049b\u0430\u0441\u044b \u049b\u0430\u0436\u0435\u0442. \u041e\u043b \u049b\u044b\u0441\u049b\u0430 \u0443\u0430\u049b\u044b\u0442\u0442\u0430\u043d \u043a\u0435\u0439\u0456\u043d \u04e9\u0437\u0456 \u0436\u0430\u04a3\u0430\u0440\u0430\u0434\u044b.\"", "\"abc_shareactionprovider_share_with\" : \"\u092f\u0938\u092e\u093e\u0930\u094d\u092b\u0924 \u0906\u0926\u093e\u0928 \u092a\u094d\u0930\u0926\u093e\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_toolbar_collapse_description\" : \"\u6298\u308a\u305f\u305f\u3080\"", "\"common_google_play_services_enable_title\" : \"Nika amandla amasevisi we-Google Play\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u200d\u0935\u0947\u0930\u0940 \u0938\u093e\u092b \u0915\u0930\u093e\"", "\"abc_action_bar_home_description\" : \"Ch\u1ec9 \u0111\u01b0\u1eddng v\u1ec1 nh\u00e0\"", "\"abc_action_menu_overflow_description\" : \"Aukera gehiago\"", "\"common_google_play_services_enable_text\" : \"%1$s won't work unless you enable Google Play services.\"", "\"abc_menu_delete_shortcut_label\" : \"Suprimir\"", "\"common_google_play_services_update_title\" : \"Dateer Google Play Dienste op\"", "\"search_menu_title\" : \"Tafuta\"", "\"common_google_play_services_notification_channel_name\" : \"Ketersediaan layanan Google Play\"", "\"common_google_play_services_install_button\" : \"\u0e15\u0e34\u0e14\u0e15\u0e31\u0e49\u0e07\"", "\"common_google_play_services_install_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0430\u043b\u0443\u0443\"", "\"common_signin_button_text_long\" : \"Acceder con Google\"", "\"fingerprint_dialog_touch_sensor\" : \"S\u00e6t finger p\u00e5 fingeraftryksl\u00e6ser\"", "\"abc_action_bar_up_description\" : \"Natrag\"", "\"abc_searchview_description_query\" : \"Pretra\u017eite upit\"", "\"common_google_play_services_install_title\" : \"\u054f\u0565\u0572\u0561\u0564\u0580\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"abc_searchview_description_clear\" : \"\u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b \u0a15\u0a32\u0a40\u0a05\u0a30 \u0a15\u0a30\u0a4b\"", "\"abc_shareactionprovider_share_with_application\" : \"Delite pomo\u0107u aplikacije %s\"", "\"abc_action_mode_done\" : \"\u0bae\u0bc1\u0b9f\u0bbf\u0ba8\u0bcd\u0ba4\u0ba4\u0bc1\"", "\"confirm_device_credential_password\" : \"\u0a2a\u0a3e\u0a38\u0a35\u0a30\u0a21 \u0a35\u0a30\u0a24\u0a4b\"", "\"abc_searchview_description_voice\" : \"\u0dc4\u0dac \u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"common_google_play_services_install_text\" : \"%1$s ishlashi uchun qurilmangizda Google Play xizmatlarini o\u2018rnatish lozim.\"", "\"abc_action_mode_done\" : \"\u1015\u103c\u102e\u1038\u1015\u103c\u102e\"", "\"fingerprint_error_user_canceled\" : \"\u0d2b\u0d3f\u0d02\u0d17\u0d7c\u0d2a\u0d4d\u0d30\u0d3f\u0d28\u0d4d\u0d31\u0d3f\u0d28\u0d4d\u0d31\u0d46 \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d02 \u0d09\u0d2a\u0d2f\u0d4b\u0d15\u0d4d\u0d24\u0d3e\u0d35\u0d4d \u0d31\u0d26\u0d4d\u0d26\u0d3e\u0d15\u0d4d\u0d15\u0d3f.\"", "\"abc_action_menu_overflow_description\" : \"\u10e1\u10ee\u10d5\u10d0 \u10d5\u10d0\u10e0\u10d8\u10d0\u10dc\u10e2\u10d4\u10d1\u10d8\"", "\"project_id\" : \"damn-vulnerable-bank\"", "\"common_google_play_services_notification_ticker\" : \"Pogre\u0161ka Usluga za Google Play\"", "\"confirm_device_credential_password\" : \"\u1794\u17d2\u179a\u17be\u1796\u17b6\u1780\u17d2\u1799\u179f\u1798\u17d2\u1784\u17b6\u178f\u17cb\"", "\"common_google_play_services_unsupported_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play, na hindi nasusuportahan ng iyong device.\"", "\"abc_action_menu_overflow_description\" : \"Citas opcijas\"", "\"abc_menu_sym_shortcut_label\" : \"Sym+\"", "\"common_google_play_services_update_title\" : \"Update Google Play services\"", "\"common_signin_button_text_long\" : \"Zaloguj si\u0119 przez Google\"", "\"abc_activity_chooser_view_see_all\" : \"Skat\u012bt visu\"", "\"abc_action_mode_done\" : \"\u054a\u0561\u057f\u0580\u0561\u057d\u057f \u0567\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u041f\u043e\u043b\u0435 \u0437\u0430 \u043f\u043e\u0440\u0430\u043a\u0438 \u0437\u0430 \u043f\u043e\u043c\u043e\u0448\"", "\"common_google_play_services_update_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u101b\u1014\u103a\"", "\"generic_error_user_canceled\" : \"Authentication cancelled by user.\"", "\"abc_searchview_description_search\" : \"Axtar\u0131n\"", "\"abc_capital_on\" : \"HIDUP\"", "\"abc_searchview_description_clear\" : \"Not\u012br\u012bt vaic\u0101jumu\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ilovasi Google Play xizmatlarisiz ishlamaydi, biroq qurilmangiz ularni qo\u2018llab-quvvatlamaydi.\"", "\"fingerprint_error_hw_not_present\" : \"Questo dispositivo non \u00e8 dotato di sensore di impronte digitali\"", "\"abc_activity_chooser_view_see_all\" : \"\u1798\u17be\u179b\u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b2e\u0b4d\u0b2a\u0b30\u0b4d\u0b15\u0b3f\u0b24 \u0b38\u0b2e\u0b38\u0b4d\u0b5f\u0b3e\"", "\"common_signin_button_text_long\" : \"\u00dcber Google anmelden\"", "\"abc_capital_on\" : \"ATIVADO\"", "\"common_google_play_services_enable_title\" : \"\u012egalinkite \u201eGoogle Play\u201c paslaugas\"", "\"fingerprint_dialog_touch_sensor\" : \"\u041c\u0430\u043d\u0436\u0430 \u0438\u0437\u0438\u043d\u0438\u043d \u0441\u0435\u043d\u0441\u043e\u0440\u0443\u043d \u0431\u0430\u0441\u044b\u04a3\u044b\u0437\"", "\"abc_menu_sym_shortcut_label\" : \"Sym \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"abc_menu_space_shortcut_label\" : \"atstarpes tausti\u0146\u0161\"", "\"common_google_play_services_update_text\" : \"%1$s non funzioner\u00e0 se non aggiorni Google Play Services.\"", "\"abc_menu_space_shortcut_label\" : \"\u0442\u0430\u0441\u0442\u0435\u0440 \u0437\u0430 \u0440\u0430\u0437\u043c\u0430\u043a\"", "\"abc_capital_on\" : \"VKLOP\"", "\"common_google_play_services_install_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9\u0eab\u0eb2\u0e81\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e81\u0eb2\u0e99\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u0ec1\u0e97\u0eb1\u0e9a\u0ec0\u0ea5\u0eb1\u0e94\u0e82\u0ead\u0e87\u0e97\u0ec8\u0eb2\u0e99\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5.\"", "\"abc_action_mode_done\" : \"Loki\u00f0\"", "\"fingerprint_error_no_fingerprints\" : \"\u05dc\u05d0 \u05e0\u05e8\u05e9\u05de\u05d5 \u05d8\u05d1\u05d9\u05e2\u05d5\u05ea \u05d0\u05e6\u05d1\u05e2.\"", "\"abc_capital_off\" : \"\u95dc\u9589\"", "\"common_google_play_services_notification_ticker\" : \"Fout met Google Play-services\"", "\"fingerprint_error_hw_not_available\" : \"Perkakasan cap jari tidak tersedia.\"", "\"abc_shareactionprovider_share_with\" : \"\u0627\u0633 \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0627\u0634\u062a\u0631\u0627\u06a9 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_unsupported_text\" : \"\u0ca8\u0cbf\u0cae\u0ccd\u0cae \u0cb8\u0cbe\u0ca7\u0ca8\u0ca6 \u0cae\u0cc2\u0cb2\u0c95 \u0cac\u0cc6\u0c82\u0cac\u0cb2\u0cbf\u0cb8\u0ca6\u0cbf\u0cb0\u0cc1\u0cb5 Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 %1$s \u0cb0\u0ca8\u0ccd\u200c \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"abc_action_bar_up_description\" : \"P\u0101rvietoties uz aug\u0161u\"", "\"common_signin_button_text\" : \"Mag-sign in\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost slu\u017eeb Google Play\"", "\"abc_action_menu_overflow_description\" : \"Daugiau parink\u010di\u0173\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u043e\u0441\u0432\u0435\u043d \u0430\u043a\u043e \u043d\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play.\"", "\"common_google_play_services_update_title\" : \"Google Play-services updaten\"", "\"fingerprint_error_lockout\" : \"Imizamo eminingi kakhulu. Sicela uzame futhi ngokuhamba kwesikhathi.\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidade do Google Play Services\"", "\"common_google_play_services_install_button\" : \"Instalatu\"", "\"fingerprint_error_hw_not_present\" : \"\u092f\u094b \u092f\u0928\u094d\u0924\u094d\u0930\u092e\u093e \u0915\u0941\u0928\u0948 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0928\u094d\u091f \u0938\u0947\u0928\u094d\u0938\u0930 \u091b\u0948\u0928\"", "\"fingerprint_error_hw_not_available\" : \"\u039f \u03b5\u03be\u03bf\u03c0\u03bb\u03b9\u03c3\u03bc\u03cc\u03c2 \u03b4\u03b1\u03ba\u03c4\u03c5\u03bb\u03b9\u03ba\u03bf\u03cd \u03b1\u03c0\u03bf\u03c4\u03c5\u03c0\u03ce\u03bc\u03b1\u03c4\u03bf\u03c2 \u03b4\u03b5\u03bd \u03b5\u03af\u03bd\u03b1\u03b9 \u03b4\u03b9\u03b1\u03b8\u03ad\u03c3\u03b9\u03bc\u03bf\u03c2.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-szolg\u00e1ltat\u00e1sok el\u00e9rhet\u0151s\u00e9ge\"", "\"common_google_play_services_update_button\" : \"Updaten\"", "\"fingerprint_error_user_canceled\" : \"\u06a9\u0627\u0631\u0628\u0631 \u0639\u0645\u0644\u06cc\u0627\u062a \u0627\u062b\u0631 \u0627\u0646\u06af\u0634\u062a \u0631\u0627 \u0644\u063a\u0648 \u06a9\u0631\u062f\"", "\"abc_action_menu_overflow_description\" : \"\u305d\u306e\u4ed6\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\"", "\"common_signin_button_text\" : \"Acceder\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u098f\u09b0 \u09b8\u09be\u09a5\u09c7 \u09b6\u09c7\u09af\u09bc\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"abc_capital_off\" : \"\u0412\u042b\u041a\u041b\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u0432\u0435\u0440\u043d\u0443\u0442\u044c\"", "\"common_google_play_services_install_button\" : \"\u0c07\u0c28\u0c4d\u200c\u0c38\u0c4d\u0c1f\u0c3e\u0c32\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"abc_action_mode_done\" : \"Bitti\"", "\"abc_menu_alt_shortcut_label\" : \"Alt\u00a0+\"", "\"common_google_play_services_update_text\" : \"%1$s non se executar\u00e1 a menos que actualices os servizos de Google Play.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0938\u0947 \u091c\u0941\u0921\u093c\u0940 \u0917\u0921\u093c\u092c\u0921\u093c\u0940\"", "\"abc_menu_meta_shortcut_label\" : \"Meta +\"", "\"abc_toolbar_collapse_description\" : \"Palos\"", "\"abc_menu_delete_shortcut_label\" : \"\u201edelete\u201c\"", "\"abc_activitychooserview_choose_application\" : \"\u0538\u0576\u057f\u0580\u0565\u056c \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\"", "\"abc_searchview_description_voice\" : \"Ahozko bilaketa\"", "\"abc_toolbar_collapse_description\" : \"\u0a38\u0a2e\u0a47\u0a1f\u0a4b\"", "\"abc_menu_space_shortcut_label\" : \"taster za razmak\"", "\"fingerprint_error_hw_not_available\" : \"Hardueri i gjurm\u00ebs s\u00eb gishtit nuk mund\u00ebsohet.\"", "\"common_google_play_services_enable_title\" : \"Google Play xidm\u0259tl\u0259rini aktiv edin\"", "\"default_error_msg\" : \"Error tidak diketahui\"", "\"common_google_play_services_install_button\" : \"\u0907\u0902\u0938\u094d\u091f\u0949\u0932 \u0915\u0930\u0947\u0902\"", "\"common_google_play_services_enable_title\" : \"\u0395\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"common_google_play_services_unsupported_text\" : \"\u0d94\u0db6\u0d9c\u0dda \u0d8b\u0db4\u0dcf\u0d82\u0d9c\u0dba \u0db8\u0d9c\u0dd2\u0db1\u0dca \u0dc3\u0dc4\u0dcf\u0dba \u0db1\u0ddc\u0daf\u0d9a\u0dca\u0dc0\u0db1, Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"abc_shareactionprovider_share_with\" : \"\u10d2\u10d0\u10d6\u10d8\u10d0\u10e0\u10d4\u10d1\u10d0:\"", "\"fingerprint_error_hw_not_present\" : \"\u10d0\u10db \u10db\u10dd\u10ec\u10e7\u10dd\u10d1\u10d8\u10da\u10dd\u10d1\u10d0\u10e1 \u10d0\u10e0 \u10d0\u10e5\u10d5\u10e1 \u10d7\u10d8\u10d7\u10d8\u10e1 \u10d0\u10dc\u10d0\u10d1\u10d4\u10ed\u10d3\u10d8\u10e1 \u10e1\u10d4\u10dc\u10e1\u10dd\u10e0\u10d8\"", "\"common_google_play_services_update_text\" : \"\u0427\u0442\u043e\u0431\u044b \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \"%1$s\", \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play.\"", "\"abc_searchview_description_search\" : \"\u0936\u094b\u0927\"", "\"confirm_device_credential_password\" : \"\u0db8\u0dd4\u0dbb\u0db4\u0daf\u0dba \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u0430\u0434\u0441\u0443\u0442\u043d\u0456\u0447\u0430\u044e\u0446\u044c \u043d\u0430 \u0432\u0430\u0448\u0430\u0439 \u043f\u0440\u044b\u043b\u0430\u0434\u0437\u0435.\"", "\"abc_search_hint\" : \"\u0628\u062d\u062b\u2026\"", "\"abc_activitychooserview_choose_application\" : \"\u0a8d\u0aaa\u0acd\u0ab2\u0abf\u0a95\u0ac7\u0ab6\u0aa8 \u0aaa\u0ab8\u0a82\u0aa6 \u0a95\u0ab0\u0acb\"", "\"abc_prepend_shortcut_label\" : \"\u0e40\u0e21\u0e19\u0e39+\"", "\"abc_searchview_description_clear\" : \"Vee navraag uit\"", "\"common_google_play_services_notification_channel_name\" : \"\u0e04\u0e27\u0e32\u0e21\u0e1e\u0e23\u0e49\u0e2d\u0e21\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19\u0e02\u0e2d\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"abc_action_bar_home_description\" : \"Ir a inicio\"", "\"common_google_play_services_wear_update_text\" : \"La nouvelle version des services Google Play est n\u00e9cessaire. Elle sera bient\u00f4t install\u00e9e automatiquement.\"", "\"abc_shareactionprovider_share_with_application\" : \"Share with %s\"", "\"abc_shareactionprovider_share_with_application\" : \"Udost\u0119pnij przez: %s\"", "\"common_google_play_services_unsupported_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 v\u00a0tomto za\u0159\u00edzen\u00ed nejsou podporov\u00e1ny.\"", "\"fingerprint_error_hw_not_present\" : \"Este dispositivo no tiene sensor de huellas digitales\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0d0e\u0d28\u0d4d\u0d28\u0d24\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2a\u0d19\u0d4d\u0d15\u0d3f\u0d1f\u0d41\u0d15\"", "\"common_google_play_services_updating_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c06 \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c2a\u0c4d\u0c30\u0c38\u0c4d\u0c24\u0c41\u0c24\u0c02 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c02\u0c1a\u0c2c\u0c21\u0c41\u0c24\u0c41\u0c28\u0c4d\u0c28\u0c3e\u0c2f\u0c3f.\"", "\"common_open_on_phone\" : \"Abrir no smartphone\"", "\"abc_menu_space_shortcut_label\" : \"\u0d38\u0d4d\u200c\u0d2a\u0d46\u0d2f\u0d4d\u200c\u0d38\u0d4d\"", "\"abc_toolbar_collapse_description\" : \"\u0416\u0438\u044e\"", "\"fingerprint_dialog_touch_sensor\" : \"\u6307\u7d0b\u8a8d\u8a3c\u30bb\u30f3\u30b5\u30fc\u3092\u30bf\u30c3\u30d7\"", "\"fingerprint_not_recognized\" : \"\u1019\u101e\u102d\"", "\"fingerprint_not_recognized\" : \"\u12a0\u120d\u1273\u12c8\u1240\u121d\"", "\"search_menu_title\" : \"\u0422\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"fingerprint_error_no_fingerprints\" : \"Neregistrovali ste \u017eiadne odtla\u010dky prstov.\"", "\"confirm_device_credential_password\" : \"\u0ec3\u0e8a\u0ec9\u0ea5\u0eb0\u0eab\u0eb1\u0e94\u0e9c\u0ec8\u0eb2\u0e99\"", "\"abc_menu_enter_shortcut_label\" : \"sisestusklahv\"", "\"abc_capital_off\" : \"D\u00c9SACTIVER\"", "\"fingerprint_error_hw_not_available\" : \"El maquinari per a empremtes digitals no est\u00e0 disponible.\"", "\"abc_action_mode_done\" : \"Udf\u00f8r\"", "\"common_google_play_services_enable_button\" : \"Enged\u00e9lyez\u00e9s\"", "\"common_google_play_services_enable_button\" : \"Enable\"", "\"abc_capital_off\" : \"\u0e1b\u0e34\u0e14\"", "\"common_signin_button_text_long\" : \"\u1785\u17bc\u179b\u178a\u17c4\u1799\u1794\u17d2\u179a\u17be Google\"", "\"fingerprint_error_no_fingerprints\" : \"Nuk ka asnj\u00eb gjurm\u00eb gishti t\u00eb regjistruar.\"", "\"abc_action_mode_done\" : \"Fertig\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0e41\u0e0a\u0e23\u0e4c\u0e17\u0e32\u0e07 %s\"", "\"abc_activity_chooser_view_see_all\" : \"Ver tudo\"", "\"common_google_play_services_install_title\" : \"Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10db\u10dd\u10e2\u10d5\u10d8\u10e0\u10d7\u10d5\u10d0\"", "\"common_google_play_services_updating_text\" : \"%1$s ne\u0107e se pokrenuti bez usluga Google Playa koje se trenuta\u010dno a\u017euriraju.\"", "\"common_google_play_services_install_title\" : \"Obtener servicios de Google Play\"", "\"fingerprint_not_recognized\" : \"No se reconoce\"", "\"abc_activity_chooser_view_see_all\" : \"\u10e7\u10d5\u10d4\u10da\u10d0\u10e1 \u10dc\u10d0\u10ee\u10d5\u10d0\"", "\"abc_shareactionprovider_share_with\" : \"\u1014\u103e\u1004\u1037\u103a \u1019\u103b\u103e\u101d\u1031\u101b\u1014\u103a\"", "\"abc_capital_off\" : \"DEAKT\u0130V\"", "\"common_google_play_services_update_title\" : \"Actualizar os servizos de Google Play\"", "\"abc_menu_shift_shortcut_label\" : \"Vaihto+\"", "\"fingerprint_error_lockout\" : \"Masyadong maraming pagsubok. Pakisubukan ulit sa ibang pagkakataon.\"", "\"abc_menu_function_shortcut_label\" : \"Fonction+\"", "\"abc_action_bar_up_description\" : \"Navigasi ke atas\"", "\"common_google_play_services_update_title\" : \"Atualizar o Google Play Services\"", "\"common_google_play_services_enable_button\" : \"Luba\"", "\"abc_action_menu_overflow_description\" : \"\u0408\u043e\u0448 \u043e\u043f\u0446\u0438\u0458\u0430\"", "\"common_google_play_services_install_title\" : \"C\u00e0i \u0111\u1eb7t d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"common_google_play_services_update_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie zaktualizujesz Us\u0142ug Google Play.\"", "\"fingerprint_not_recognized\" : \"\u0a2a\u0a1b\u0a3e\u0a23 \u0a28\u0a39\u0a40\u0a02 \u0a39\u0a4b\u0a08\"", "\"abc_searchview_description_query\" : \"Arama sorgusu\"", "\"common_google_play_services_enable_title\" : \"Sl\u00e5 p\u00e5 Google Play-tjenester\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u1260Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u120b\u12ed \u127d\u130d\u122e\u127d \u12a5\u12eb\u130b\u1320\u1219\u1275 \u1290\u12cd\u1362 \u12a5\u1263\u12ad\u12ce \u12a5\u1295\u12f0\u1308\u1293 \u12ed\u121e\u12ad\u1229\u1362\"", "\"fingerprint_error_hw_not_present\" : \"\u092f\u093e \u0921\u093f\u0935\u094d\u0939\u093e\u0907\u0938\u0935\u0930 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0938\u0947\u0928\u094d\u0938\u0930 \u0928\u093e\u0939\u0940\"", "\"common_google_play_services_update_text\" : \"%1$s no funcionar\u00e1 hasta que no actualices Servicios de Google Play.\"", "\"common_google_play_services_unknown_issue\" : \"Nagkakaproblema ang %1$s sa mga serbisyo ng Google Play. Pakisubukang muli.\"", "\"common_google_play_services_update_button\" : \"\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\u0b30 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b39 \u0b0f\u0b15 \u0b38\u0b2e\u0b38\u0b4d\u0b5f\u0b3e \u0b30\u0b39\u0b3f\u0b1b\u0b3f\u0964 \u0b26\u0b5f\u0b3e\u0b15\u0b30\u0b3f \u0b2a\u0b41\u0b23\u0b3f \u0b1a\u0b47\u0b37\u0b4d\u0b1f\u0b3e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\u0964\"", "\"abc_searchview_description_query\" : \"Pretra\u017ei upit\"", "\"search_menu_title\" : \"\u041f\u043e\u0438\u0441\u043a\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0938\u0939 \u0936\u0947\u0905\u0930 \u0915\u0930\u093e\"", "\"abc_searchview_description_submit\" : \"\u09aa\u09cd\u09f0\u09b6\u09cd\u09a8 \u09a6\u09be\u0996\u09bf\u09b2 \u0995\u09f0\u0995\"", "\"abc_action_bar_home_description\" : \"Eiti \u012f pagrindin\u012f puslap\u012f\"", "\"common_google_play_services_update_text\" : \"%1$s no s'executar\u00e0 si no actualitzes Serveis de Google Play.\"", "\"common_google_play_services_unsupported_text\" : \"\u300c%1$s\u300d\u306e\u5b9f\u884c\u306b\u306f Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u304a\u4f7f\u3044\u306e\u30c7\u30d0\u30a4\u30b9\u3067\u306f\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\"", "\"default_error_msg\" : \"Produciuse un erro desco\u00f1ecido\"", "Unknown ARM float register", "\"abc_menu_space_shortcut_label\" : \"\u043a\u043b\u0430\u0432\u0438\u0448\u0430 \u0437\u0430 \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\"", "\"abc_searchview_description_voice\" : \"\u092c\u094b\u0932\u0915\u0930 \u0916\u094b\u091c\u0947\u0902\"", "\"fingerprint_not_recognized\" : \"Nuk njihet\"", "\"abc_menu_enter_shortcut_label\" : \"Enter \u9375\"", "\"fingerprint_not_recognized\" : \"\u7121\u6cd5\u8fa8\u8b58\"", "\"common_signin_button_text_long\" : \"\u041f\u0440\u0438\u0458\u0430\u0432\u0438 \u043c\u0435 \u043d\u0430 Google\"", "\"generic_error_user_canceled\" : \"Erabiltzaileak bertan behera utzi du autentifikazioa\"", "\"abc_searchview_description_voice\" : \"\u0ab5\u0ac9\u0a87\u0ab8 \u0ab6\u0acb\u0aa7\"", "\"abc_action_bar_up_description\" : \"\u5411\u4e0a\u700f\u89bd\"", "\"abc_action_bar_up_description\" : \"Navigera upp\u00e5t\"", "\"abc_searchview_description_query\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0627 \u0627\u0633\u062a\u0641\u0633\u0627\u0631\"", "\"abc_searchview_description_clear\" : \"Sor\u011funu silin\"", "\"search_menu_title\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"search_menu_title\" : \"\u0916\u094b\u091c\u0947\u0902\"", "\"fingerprint_error_hw_not_available\" : \"Hardware-ul pentru amprenta digital\u0103 nu este disponibil.\"", "\"fingerprint_error_hw_not_available\" : \"Az ujjlenyomathoz sz\u00fcks\u00e9ges hardverhez nem lehet hozz\u00e1f\u00e9rni.\"", "\"common_google_play_services_install_button\" : \"Instalo\"", "\"fingerprint_error_hw_not_available\" : \"Fingerprint hardware not available.\"", "\"abc_activitychooserview_choose_application\" : \"\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ec1\u0ead\u0eb1\u0e9a\"", "\"abc_action_bar_home_description\" : \"Naviger hjem\"", "\"common_google_play_services_updating_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 d\u1ecbch v\u1ee5 c\u1ee7a Google Play. D\u1ecbch v\u1ee5 n\u00e0y hi\u1ec7n \u0111ang c\u1eadp nh\u1eadt.\"", "\"common_google_play_services_enable_text\" : \"%1$s s\u00f3 funciona com o Google Play Services ativado.\"", "\"common_google_play_services_enable_text\" : \"\u0986\u09aa\u09a8\u09bf Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09b8\u0995\u09cd\u09b7\u09ae \u09a8\u09be \u0995\u09b0\u09be \u09aa\u09b0\u09cd\u09af\u09a8\u09cd\u09a4 %1$s \u0995\u09be\u099c \u0995\u09b0\u09ac\u09c7 \u09a8\u09be\u0964\"", "\"abc_action_menu_overflow_description\" : \"Ve\u010d mo\u017enosti\"", "\"abc_menu_delete_shortcut_label\" : \"eliminar\"", "\"abc_capital_on\" : \"\u1794\u17be\u1780\"", "\"common_signin_button_text_long\" : \"\u200f\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0639\u0628\u0631 Google\"", "\"common_signin_button_text\" : \"Pierakst\u012bties\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Sehemu ya ujumbe wa usaidizi\"", "\"abc_activity_chooser_view_see_all\" : \"Afi\u0219a\u021bi tot\"", "\"abc_toolbar_collapse_description\" : \"\u10e9\u10d0\u10d9\u10d4\u10ea\u10d5\u10d0\"", "\"common_google_play_services_update_text\" : \"Aplikacija %1$s ne bo delovala, \u010de ne posodobite storitev Google Play.\"", "\"abc_menu_delete_shortcut_label\" : \"ey\u00f0a\"", "\"common_google_play_services_enable_text\" : \"%1$s sal nie werk nie tensy jy Google Play Dienste aktiveer.\"", "\"mtrl_picker_navigate_to_year_description\" : \"Navigate to year %1$s\"", "\"common_google_play_services_unknown_issue\" : \"L'application %1$s rencontre des probl\u00e8mes avec les services Google\u00a0Play. Veuillez r\u00e9essayer.\"", "\"common_google_play_services_install_title\" : \"\u0e95\u0eb4\u0e94\u0e95\u0eb1\u0ec9\u0e87\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0932\u093e\u0908 Google Play services \u0938\u0901\u0917 \u0938\u0939\u0915\u093e\u0930\u094d\u092f \u0917\u0930\u094d\u0928 \u0938\u092e\u0938\u094d\u092f\u093e \u092d\u0907\u0930\u0939\u0947\u0915\u094b \u091b\u0964 \u0915\u0943\u092a\u092f\u093e \u092b\u0947\u0930\u093f \u092a\u094d\u0930\u092f\u093e\u0938 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u0964\"", "\"abc_shareactionprovider_share_with\" : \"\u0c87\u0cb5\u0cb0\u0cca\u0c82\u0ca6\u0cbf\u0c97\u0cc6 \u0cb9\u0c82\u0c9a\u0cbf\u0c95\u0cca\u0cb3\u0ccd\u0cb3\u0cbf\"", "\"abc_shareactionprovider_share_with_application\" : \"Kop\u012bgot ar lietojumprogrammu %s\"", "\"common_google_play_services_notification_ticker\" : \"Napaka storitev Google Play\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u062e\u0637\u0623 \u0641\u064a \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"common_google_play_services_update_title\" : \"\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilitatea serviciilor Google Play\"", "\"abc_action_bar_up_description\" : \"Revenir en haut de la page\"", "\"common_google_play_services_install_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2a\u0b4d\u0b30\u0b3e\u0b2a\u0b4d\u0b24 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"fingerprint_error_hw_not_available\" : \"Maunzi ya kitambulisho hayapatikani.\"", "\"common_google_play_services_update_text\" : \"Lai lietotne %1$s darbotos, jums ir j\u0101atjaunina Google\u00a0Play pakalpojumi.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0416\u0430\u0440\u0434\u0430\u043c \u0431\u0438\u043b\u0434\u0438\u0440\u04af\u04af\u0441\u04af\"", "\"abc_action_menu_overflow_description\" : \"\u0985\u09a7\u09bf\u0995 \u09ac\u09bf\u0995\u09b2\u09cd\u09aa\"", "\"abc_activity_chooser_view_see_all\" : \"\u0c8e\u0cb2\u0ccd\u0cb2\u0cb5\u0ca8\u0ccd\u0ca8\u0cc2 \u0ca8\u0ccb\u0ca1\u0cbf\"", "\"common_google_play_services_updating_text\" : \"%1$s won't run without Google Play services, which are currently updating.\"", "\"abc_action_bar_home_description\" : \"Naviga\u021bi la ecranul de pornire\"", "\"abc_action_bar_up_description\" : \"Vai cara arriba\"", "\"common_google_play_services_notification_ticker\" : \"Error de Servicios de Google Play\"", "\"fingerprint_error_hw_not_present\" : \"Este dispositivo n\u00e3o tem um sensor de impress\u00e3o digital\"", "\"abc_shareactionprovider_share_with_application\" : \"Dijeli putem aplikacije %s\"", "\"search_menu_title\" : \"\u062c\u0633\u062a\u062c\u0648\"", "\"common_google_play_services_install_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u062d\u0627\u0635\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u0442\u0430\u0439 \u0445\u0443\u0432\u0430\u0430\u043b\u0446\u0430\u0445\"", "\"status_bar_notification_info_overflow\" : \"\u09ef\u09ef\u09ef+\"", "\"common_google_play_services_enable_button\" : \"\u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_signin_button_text_long\" : \"Conecta\u021bi-v\u0103 cu Google\"", "\"common_google_play_services_unsupported_text\" : \"%1$s fungerer ikke uden Google Play-tjenester, som ikke underst\u00f8ttes p\u00e5 din enhed.\"", "\"confirm_device_credential_password\" : \"Koristi lozinku\"", "\"abc_capital_on\" : \"\u012eJUNGTI\"", "\"common_google_play_services_enable_button\" : \"Yoqish\"", "\"common_google_play_services_install_text\" : \"%1$s Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 \u09a8\u099a\u09b2\u09c7, \u09af\u09bf\u099f\u09cb \u0986\u09aa\u09cb\u09a8\u09be\u09f0 \u09a1\u09bf\u09ad\u09be\u0987\u099a\u09a4 \u09a8\u09be\u0987\u0964\"", "\"common_signin_button_text_long\" : \"\u200f\u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0627 Google\u200e\"", "\"fingerprint_error_user_canceled\" : \"K\u00e4ytt\u00e4j\u00e4 peruutti sormenj\u00e4lkitoiminnon.\"", "\"common_google_play_services_update_title\" : \"\u200f\u05e2\u05d3\u05db\u05d5\u05df \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"common_google_play_services_enable_title\" : \"\u555f\u7528 Google Play \u670d\u52d9\"", "\"abc_capital_off\" : \"\u04e8\u0427\u04ae\u041a\"", "\"abc_action_bar_home_description\" : \"\u700f\u89bd\u4e3b\u9801\"", "\"common_google_play_services_updating_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107 bez Us\u0142ug Google Play, kt\u00f3re s\u0105 obecnie aktualizowane.\"", "\"confirm_device_credential_password\" : \"\u4f7f\u7528\u5bc6\u78bc\"", "\"abc_action_bar_home_description\" : \"\u018fsas s\u0259hif\u0259y\u0259 ke\u00e7in\"", "\"abc_searchview_description_submit\" : \"\u041f\u043e\u0434\u043d\u0435\u0441\u0438 \u0431\u0430\u0440\u0430\u045a\u0435\"", "\"fingerprint_error_user_canceled\" : \"Korisnik je otkazao radnju s otiskom prsta.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0ca6\u0ccb\u0cb7\"", "\"common_google_play_services_update_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0436\u0430\u04a3\u0430\u0440\u0442\u0443\"", "\"abc_searchview_description_clear\" : \"\uac80\uc0c9\uc5b4 \uc0ad\uc81c\"", "\"abc_searchview_description_submit\" : \"\u1218\u1320\u12ed\u1245 \u12a0\u1235\u1308\u1263\"", "\"common_google_play_services_updating_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care momentan se actualizeaz\u0103.\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0430\u043a\u043e \u043d\u0435 \u043e\u0432\u043e\u0437\u043c\u043e\u0436\u0438\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438 \u043d\u0430 Google Play.\"", "\"fingerprint_error_hw_not_available\" : \"\u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0939\u093e\u0930\u094d\u0921\u0935\u0947\u0905\u0930 \u0909\u092a\u0932\u092c\u094d\u200d\u0927 \u0928\u093e\u0939\u0940.\"", "\"abc_capital_off\" : \"\u0e9b\u0eb4\u0e94\"", "\"abc_searchview_description_voice\" : \"Ricerca vocale\"", "\"abc_action_mode_done\" : \"Done\"", "\"common_google_play_services_install_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje nisu instalirane na ure\u0111aju.\"", "\"common_google_play_services_unsupported_text\" : \"\u60a8\u7684\u8bbe\u5907\u4e0d\u652f\u6301 Google Play \u670d\u52a1\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"default_error_msg\" : \"\u0905\u0928\u091c\u093e\u0928 \u0917\u0921\u093c\u092c\u0921\u093c\u0940\"", "\"common_google_play_services_enable_button\" : \"Aktivizo\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u767d\u9375\"", "\"abc_toolbar_collapse_description\" : \"Contraer\"", "\"common_signin_button_text\" : \"\u0db4\u0dd4\u0dbb\u0db1\u0dca\u0db1\"", "\"confirm_device_credential_password\" : \"\u4f7f\u7528\u5bc6\u7801\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u09b8\u09b9\u09be\u09af\u09bc\u09a4\u09be\u09b0 \u09ae\u09c7\u09b8\u09c7\u099c \u09a6\u09c7\u0996\u09be\u09a8\u09cb\u09b0 \u099c\u09be\u09af\u09bc\u0997\u09be\"", "\"common_open_on_phone\" : \"\u0a2b\u0a3c\u0a4b\u0a28 '\u0a24\u0a47 \u0a16\u0a4b\u0a32\u0a4d\u0a39\u0a4b\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Unwind-EHABI.cpp", "\"fingerprint_error_no_fingerprints\" : \"Nenhuma impress\u00e3o digital registada.\"", "\"fingerprint_error_lockout\" : \"\u5617\u8a66\u6b21\u6578\u904e\u591a\u3002\u8acb\u7a0d\u5f8c\u518d\u8a66\u3002\"", "\"common_google_play_services_enable_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc0ac\uc6a9\"", "\"common_google_play_services_install_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a2a\u0a4d\u0a30\u0a3e\u0a2a\u0a24 \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_notification_channel_name\" : \"Dostopnost storitev Google Play\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u987b\u5148\u66f4\u65b0 Google Play \u670d\u52a1\uff0c\u7136\u540e\u624d\u80fd\u8fd0\u884c%1$s\u3002\"", "\"common_google_play_services_unknown_issue\" : \"%1$s est\u00e1 a ter problemas com os Servi\u00e7os do Google Play. Tente novamente.\"", "\"common_google_play_services_wear_update_text\" : \"Nuwe weergawe van Google Play Dienste is nodig. Dit sal binnekort self opdateer.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0e14\u0e39\u0e17\u0e31\u0e49\u0e07\u0e2b\u0e21\u0e14\"", "\"common_google_play_services_wear_update_text\" : \"Du m\u00e5 installere en ny versjon av Google Play-tjenester. Appen oppdateres automatisk om en kort stund.\"", "\"fingerprint_error_hw_not_available\" : \"\u0425\u0430\u0440\u0434\u0443\u0435\u0440\u044a\u0442 \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u044a\u0446\u0438 \u043d\u0435 \u0435 \u043d\u0430\u043b\u0438\u0446\u0435.\"", "\"common_google_play_services_enable_button\" : \"Sl\u00e5 p\u00e5\"", "\"common_google_play_services_install_title\" : \"H\u00e4mta Google Play-tj\u00e4nster\"", "\"abc_menu_meta_shortcut_label\" : \"\u041c\u0435\u0442\u0430+\"", "\"fingerprint_error_no_fingerprints\" : \"Ch\u01b0a \u0111\u0103ng k\u00fd v\u00e2n tay.\"", "\"common_google_play_services_install_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u5165\u624b\"", "\"abc_activitychooserview_choose_application\" : \"Elegir una app\"", "\"fingerprint_error_hw_not_available\" : \"\u0544\u0561\u057f\u0576\u0561\u0570\u0565\u057f\u0584\u0565\u0580\u056b \u057d\u0561\u0580\u0584\u0576 \u0561\u0576\u0570\u0561\u057d\u0561\u0576\u0565\u056c\u056b \u0567:\"", "\"abc_menu_shift_shortcut_label\" : \"\u200eShift+\u200e\"", "\"abc_searchview_description_query\" : \"\u12e8\u134d\u1208\u130b \u1218\u1320\u12ed\u1245\"", "\"abc_activity_chooser_view_see_all\" : \"\u0b38\u0b2c\u0b41 \u0b26\u0b47\u0b16\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_activity_chooser_view_see_all\" : \"Sien alles\"", "\"abc_menu_space_shortcut_label\" : \"\u10e8\u10dd\u10e0\u10d8\u10e1\u10d8\"", "\"fingerprint_error_no_fingerprints\" : \"Nejsou zaregistrov\u00e1ny \u017e\u00e1dn\u00e9 otisky prst\u016f.\"", "\"abc_searchview_description_search\" : \"Soek\"", "\"abc_action_mode_done\" : \"\u0d2a\u0d42\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d2f\u0d3e\u0d2f\u0d3f\"", "\"fingerprint_dialog_touch_sensor\" : \"Thinta inzwa yesigxivizo somunwe\"", "\"fingerprint_error_hw_not_present\" : \"Kifaa hiki hakina kitambua alama ya kidole\"", "\"abc_activity_chooser_view_see_all\" : \"Shfaq \u00e7do gj\u00eb\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0443\"", "\"abc_menu_shift_shortcut_label\" : \"May\u00fas\u00a0+\"", "\"common_google_play_services_enable_text\" : \"Google Play \uc11c\ube44\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub3c4\ub85d \uc124\uc815\ud574\uc57c %1$s\uc774(\uac00) \uc791\ub3d9\ud569\ub2c8\ub2e4.\"", "\"abc_action_bar_up_description\" : \"\u0b09\u0b2a\u0b30\u0b15\u0b41 \u0b28\u0b47\u0b2d\u0b3f\u0b17\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"fingerprint_error_user_canceled\" : \"El usuario ha cancelado la operaci\u00f3n de huella digital.\"", "\"fingerprint_error_no_fingerprints\" : \"\u1798\u17b7\u1793\u200b\u1798\u17b6\u1793\u200b\u1780\u17b6\u179a\u200b\u1790\u178f\u1794\u1789\u17d2\u1785\u17bc\u179b\u200b\u179f\u17d2\u1793\u17b6\u1798\u200b\u1798\u17d2\u179a\u17b6\u1798\u178a\u17c3\u1791\u17c1\u17d4\"", "\"abc_menu_space_shortcut_label\" : \"espa\u00e7o\"", "\"abc_search_hint\" : \"Bilatu\u2026\"", "\"fingerprint_error_hw_not_available\" : \"\u1798\u17b7\u1793\u200b\u17a2\u17b6\u1785\u200b\u1794\u17d2\u179a\u17be\u17a0\u17b6\u178f\u179c\u17c2\u179a\u200b\u179f\u17d2\u1793\u17b6\u1798\u1798\u17d2\u179a\u17b6\u1798\u178a\u17c3\u1794\u17b6\u1793\u200b\u1791\u17c1\u17d4\"", "\"abc_menu_meta_shortcut_label\" : \"Meta+\"", "\"google_crash_reporting_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\"", "\"fingerprint_error_user_canceled\" : \"\u0397 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03af\u03b1 \u03b4\u03b1\u03ba\u03c4\u03c5\u03bb\u03b9\u03ba\u03bf\u03cd \u03b1\u03c0\u03bf\u03c4\u03c5\u03c0\u03ce\u03bc\u03b1\u03c4\u03bf\u03c2 \u03b1\u03ba\u03c5\u03c1\u03ce\u03b8\u03b7\u03ba\u03b5 \u03b1\u03c0\u03cc \u03c4\u03bf\u03bd \u03c7\u03c1\u03ae\u03c3\u03c4\u03b7.\"", "\"abc_searchview_description_submit\" : \"So\u2018rov yaratish\"", "\"abc_prepend_shortcut_label\" : \"MENU +\"", "\"common_google_play_services_install_title\" : \"Namestitev storitev Google Play\"", "\"abc_action_mode_done\" : \"Eginda\"", "\"common_google_play_services_update_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"abc_capital_off\" : \"NONAKTIF\"", "\"abc_searchview_description_clear\" : \"Futa hoja\"", "\"common_google_play_services_update_text\" : \"\u0986\u09aa\u09a8\u09bf Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u0986\u09aa\u09a1\u09c7\u099f \u09a8\u09be \u0995\u09b0\u09be \u09aa\u09b0\u09cd\u09af\u09a8\u09cd\u09a4 %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be\u0964\"", "\"abc_searchview_description_clear\" : \"\u6e05\u9664\u67e5\u8be2\"", "\"abc_capital_on\" : \"AKTIV\"", "\"default_error_msg\" : \"\u0c24\u0c46\u0c32\u0c3f\u0c2f\u0c28\u0c3f \u0c0e\u0c30\u0c4d\u0c30\u0c30\u0c4d\"", "\"common_signin_button_text_long\" : \"Google-\u0440 \u043d\u044d\u0432\u0442\u0440\u044d\u0445:\"", "\"abc_activity_chooser_view_see_all\" : \"Zobrazi\u0165 v\u0161etky\"", "\"common_google_play_services_enable_text\" : \"O %1$s n\u00e3o funciona enquanto n\u00e3o ativar os servi\u00e7os do Google Play.\"", "\"fingerprint_not_recognized\" : \"Non se reco\u00f1eceu\"", "\"abc_searchview_description_search\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"abc_action_menu_overflow_description\" : \"Weitere Optionen\"", "\"abc_searchview_description_query\" : \"S\u00f6kfr\u00e5ga\"", "\"common_google_play_services_updating_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05de\u05ea\u05e2\u05d3\u05db\u05e0\u05d9\u05dd \u05db\u05e8\u05d2\u05e2.\"", "\"abc_menu_space_shortcut_label\" : \"\u0641\u0627\u0635\u0644\u0647\"", "\"generic_error_user_canceled\" : \"\u0ab5\u0aaa\u0ab0\u0abe\u0ab6\u0a95\u0ab0\u0acd\u0aa4\u0abe\u0a8f \u0aaa\u0acd\u0ab0\u0aae\u0abe\u0aa3\u0ac0\u0a95\u0ab0\u0aa3 \u0ab0\u0aa6 \u0a95\u0ab0\u0acd\u0aaf\u0ac1\u0a82.\"", "\"common_google_play_services_update_button\" : \"Update\"", "\"abc_searchview_description_voice\" : \"\u0413\u043e\u043b\u043e\u0441\u043e\u0432\u0438\u0439 \u043f\u043e\u0448\u0443\u043a\"", "\"fingerprint_error_hw_not_available\" : \"Hindi available ang hardware na ginagamitan ng fingerprint.\"", "\"abc_shareactionprovider_share_with\" : \"Dijeli s\"", "\"abc_menu_alt_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200eAlt+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_title\" : \"\u66f4\u65b0 Google Play \u670d\u52a1\"", "\"abc_searchview_description_query\" : \"\u0425\u0430\u0439\u0445 \u0430\u0441\u0443\u0443\u043b\u0433\u0430\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u0997\u09c1\u09b2\u09bf\u09b0 \u09b8\u09be\u09a5\u09c7 %1$s \u098f\u09b0 \u09b8\u09ae\u09b8\u09cd\u09af\u09be \u09b9\u099a\u09cd\u099b\u09c7\u09f7 \u0985\u09a8\u09c1\u0997\u09cd\u09b0\u09b9 \u0995\u09b0\u09c7 \u0986\u09ac\u09be\u09b0 \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09b0\u09c1\u09a8\u09f7\"", "\"common_signin_button_text_long\" : \"Google\u306b\u30ed\u30b0\u30a4\u30f3\"", "\"abc_toolbar_collapse_description\" : \"Minimieren\"", "\"abc_capital_off\" : \"WY\u0141.\"", "\"abc_searchview_description_clear\" : \"Izbris poizvedbe\"", "\"fingerprint_error_no_fingerprints\" : \"No se ha registrado ninguna huella digital.\"", "\"abc_searchview_description_search\" : \"Zoeken\"", "\"confirm_device_credential_password\" : \"Gamitin ang password\"", "\"fingerprint_not_recognized\" : \"Ei tuvastatud\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u88dd\u7f6e\u4e26\u672a\u5b89\u88dd Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_google_play_services_unsupported_text\" : \"%1$s won't run without Google Play services, which are not supported by your device.\"", "\"common_google_play_services_install_button\" : \"Install\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Obmo\u010dje sporo\u010dila pomo\u010di\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0425\u0443\u0440\u0443\u0443\u043d\u044b \u0445\u044d\u044d \u043c\u044d\u0434\u0440\u044d\u0433\u0447\u0438\u0434 \u0445\u04af\u0440\u043d\u044d \u04af\u04af\"", "\"fingerprint_not_recognized\" : \"Niet herkend\"", "\"common_google_play_services_update_title\" : \"Actualiza Servicios de Google Play\"", "\"common_google_play_services_enable_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0438\u0448\u0442\u0435\u0442\u043c\u0435\u0439\u0438\u04a3\u0438\u0437\u0447\u0435 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"abc_searchview_description_clear\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca4\u0cc6\u0cb0\u0cb5\u0cc1\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"abc_menu_enter_shortcut_label\" : \"Retorn\"", "\"fingerprint_error_hw_not_available\" : \"\u062c\u0647\u0627\u0632 \u0628\u0635\u0645\u0629 \u0627\u0644\u0625\u0635\u0628\u0639 \u063a\u064a\u0631 \u0645\u062a\u0627\u062d.\"", "\"abc_action_mode_done\" : \"Tapos na\"", "\"abc_shareactionprovider_share_with\" : \"Teilen mit\"", "\"common_google_play_services_update_text\" : \"A(z) %1$s alkalmaz\u00e1s csak akkor fog m\u0171k\u00f6dni, ha friss\u00edti a Google Play-szolg\u00e1ltat\u00e1sokat.\"", "\"common_signin_button_text\" : \"Connexion\"", "\"abc_action_mode_done\" : \"Fet\"", "\"fingerprint_error_user_canceled\" : \"\u041f\u0430\u0439\u0434\u0430\u043b\u0430\u043d\u0443\u0448\u044b \u0441\u0430\u0443\u0441\u0430\u049b \u0456\u0437\u0456 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u0441\u044b\u043d\u0430\u043d \u0431\u0430\u0441 \u0442\u0430\u0440\u0442\u0442\u044b.\"", "\"abc_action_mode_done\" : \"\u1270\u12a8\u1293\u12cd\u1297\u120d\"", "\"confirm_device_credential_password\" : \"\u0b95\u0b9f\u0bb5\u0bc1\u0b9a\u0bcd\u0b9a\u0bca\u0bb2\u0bcd\u0bb2\u0bc8\u0baa\u0bcd \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0b9f\u0bc1\u0ba4\u0bcd\u0ba4\u0bc1\"", "\"abc_activity_chooser_view_see_all\" : \"Lihat semua\"", "\"abc_action_bar_home_description\" : \"\u10db\u10d7\u10d0\u10d5\u10d0\u10e0\u10d6\u10d4 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"generic_error_user_canceled\" : \"\u039f \u03ad\u03bb\u03b5\u03b3\u03c7\u03bf\u03c2 \u03c4\u03b1\u03c5\u03c4\u03cc\u03c4\u03b7\u03c4\u03b1\u03c2 \u03b1\u03ba\u03c5\u03c1\u03ce\u03b8\u03b7\u03ba\u03b5 \u03b1\u03c0\u03cc \u03c4\u03bf\u03bd \u03c7\u03c1\u03ae\u03c3\u03c4\u03b7.\"", "\"common_google_play_services_enable_title\" : \"Washa huduma za Google Play\"", "\"common_signin_button_text_long\" : \"Google \u0430\u0440\u049b\u044b\u043b\u044b \u043a\u0456\u0440\u0443\"", "\"common_google_play_services_install_title\" : \"Nabavite Google Play usluge\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \uc11c\ube44\uc2a4 \uc624\ub958\"", "\"fingerprint_error_hw_not_present\" : \"\u0423\u0440\u0435\u0434\u043e\u0432 \u043d\u0435\u043c\u0430 \u0441\u0435\u043d\u0437\u043e\u0440 \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u0446\u0438\"", "\"fingerprint_error_no_fingerprints\" : \"\u0a95\u0acb\u0a88 \u0aab\u0abf\u0a82\u0a97\u0ab0\u0aaa\u0acd\u0ab0\u0abf\u0aa8\u0acd\u0a9f\u0aa8\u0ac0 \u0aa8\u0acb\u0a82\u0aa7\u0aa3\u0ac0 \u0a95\u0ab0\u0ab5\u0abe\u0aae\u0abe\u0a82 \u0a86\u0ab5\u0ac0 \u0aa8\u0aa5\u0ac0.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u0438\u0439 \u0448\u0438\u043d\u044d \u0445\u0443\u0432\u0438\u043b\u0431\u0430\u0440 \u0445\u044d\u0440\u044d\u0433\u0442\u044d\u0439. \u042d\u043d\u044d \u043d\u044c \u0443\u0434\u0430\u0445\u0433\u04af\u0439 \u04e9\u04e9\u0440\u04e9\u04e9 \u04e9\u04e9\u0440\u0438\u0439\u0433\u04e9\u04e9 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445 \u0431\u043e\u043b\u043d\u043e.\"", "\"abc_prepend_shortcut_label\" : \"Menyu+\"", "\"common_signin_button_text_long\" : \"Google \u0cae\u0cc2\u0cb2\u0c95 \u0cb8\u0cc8\u0ca8\u0ccd \u0c87\u0ca8\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_searchview_description_clear\" : \"P\u00e4ringu t\u00fchistamine\"", "\"default_error_msg\" : \"Nam\u0259lum x\u0259ta\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0cb8\u0cb9\u0cbe\u0caf \u0cb8\u0c82\u0ca6\u0cc7\u0cb6 \u0caa\u0ccd\u0cb0\u0ca6\u0cc7\u0cb6\"", "\"generic_error_user_canceled\" : \"El usuario cancel\u00f3 la autenticaci\u00f3n.\"", "\"common_google_play_services_install_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, vendar teh ni v napravi.\"", "\"common_open_on_phone\" : \"\u0aab\u0acb\u0aa8\u0aae\u0abe\u0a82 \u0a96\u0acb\u0ab2\u0acb\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ktrl +\"", "\"abc_activitychooserview_choose_application\" : \"Selecionar um app\"", "\"abc_action_bar_home_description\" : \"Tunjukkan jalan ke rumah\"", "\"abc_shareactionprovider_share_with_application\" : \"\u05e9\u05d9\u05ea\u05d5\u05e3 \u05e2\u05dd %s\"", "\"common_google_play_services_install_title\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b2\u09be\u09ad \u0995\u09f0\u0995\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0ac0 \u0aad\u0ac2\u0ab2\"", "\"abc_menu_function_shortcut_label\" : \"Fun\u00e7\u00e3o +\"", "\"fingerprint_error_hw_not_available\" : \"El hardware para detectar huellas digitales no est\u00e1 disponible.\"", "\"common_google_play_services_updating_text\" : \"\ud604\uc7ac \uc5c5\ub370\uc774\ud2b8 \uc911\uc778 Google Play \uc11c\ube44\uc2a4\uac00 \uc788\uc5b4\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"fingerprint_error_user_canceled\" : \"\u0e9c\u0eb9\u0ec9\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9\u0e8d\u0ebb\u0e81\u0ec0\u0ea5\u0eb5\u0e81\u0e84\u0eb3\u0eaa\u0eb1\u0ec8\u0e87\u0ea5\u0eb2\u0e8d\u0e99\u0eb4\u0ec9\u0ea7\u0ea1\u0eb7\u0ec1\u0ea5\u0ec9\u0ea7.\"", "\"abc_toolbar_collapse_description\" : \"Ocultar\"", "\"common_google_play_services_update_button\" : \"\u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d4\u10d1\u10d0\"", "\"abc_search_hint\" : \"Tafuta\u2026\"", "\"fingerprint_not_recognized\" : \"\u0dc4\u0db3\u0dd4\u0db1\u0dcf \u0db1\u0ddc\u0d9c\u0db1\u0dca\u0db1\u0dcf \u0dbd\u0daf\u0dd3\"", "\"search_menu_title\" : \"Buscar\"", "\"common_google_play_services_notification_ticker\" : \"L\u1ed7i d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"search_menu_title\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_open_on_phone\" : \"Apri sul telefono\"", "\"fingerprint_error_lockout\" : \"\u0d28\u0d3f\u0d30\u0d35\u0d27\u0d3f \u0d36\u0d4d\u0d30\u0d2e\u0d19\u0d4d\u0d19\u0d7e. \u0d2a\u0d3f\u0d28\u0d4d\u0d28\u0d40\u0d1f\u0d4d \u0d35\u0d40\u0d23\u0d4d\u0d1f\u0d41\u0d02 \u0d36\u0d4d\u0d30\u0d2e\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Oblas\u0165 spr\u00e1vy pomocn\u00edka\"", "\"abc_searchview_description_submit\" : \"Po\u0161aljite upit\"", "\"abc_toolbar_collapse_description\" : \"Ciutkan\"", "\"abc_searchview_description_clear\" : \"Slett s\u00f8ket\"", "\"common_google_play_services_install_text\" : \"Du skal installere Google Play-tjenester, f\u00f8r %1$s kan k\u00f8re p\u00e5 din enhed.\"", "\"abc_searchview_description_search\" : \"T\u00ecm ki\u1ebfm\"", "\"abc_searchview_description_submit\" : \"\u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf \u099c\u09ae\u09be \u09a6\u09bf\u09a8\"", "\"abc_menu_shift_shortcut_label\" : \"Shift+\u200e\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0540\u057a\u0565\u0584 \u0574\u0561\u057f\u0576\u0561\u0570\u0565\u057f\u0584\u056b \u057d\u056f\u0561\u0576\u0565\u0580\u056b\u0576\"", "\"abc_searchview_description_submit\" : \"\u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b \u0a38\u0a2a\u0a41\u0a30\u0a26 \u0a15\u0a30\u0a4b\"", "\"abc_search_hint\" : \"\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"abc_activitychooserview_choose_application\" : \"Izv\u0113lieties lietotni\"", "\"abc_capital_off\" : \"\u0418\u0417\u041a\u041b.\"", "\"common_google_play_services_wear_update_text\" : \"New version of Google Play services needed. It will update itself shortly.\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c06 \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c2e\u0c40 \u0c2a\u0c30\u0c3f\u0c15\u0c30\u0c02\u0c32\u0c4b \u0c32\u0c47\u0c35\u0c41.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u041e\u0431\u043b\u0430\u0441\u0442 \u0437\u0430 \u043f\u043e\u043c\u043e\u0449\u043d\u043e \u0441\u044a\u043e\u0431\u0449\u0435\u043d\u0438\u0435\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b\"", "\"fingerprint_error_user_canceled\" : \"\u0cac\u0cb3\u0c95\u0cc6\u0ca6\u0cbe\u0cb0\u0cb0\u0cbf\u0c82\u0ca6 \u0cab\u0cbf\u0c82\u0c97\u0cb0\u0ccd\u200c \u0cab\u0ccd\u0cb0\u0cbf\u0c82\u0c9f\u0ccd\u200c \u0c95\u0cbe\u0cb0\u0ccd\u0caf\u0cbe\u0c9a\u0cb0\u0ca3\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb0\u0ca6\u0ccd\u0ca6\u0cc1\u0caa\u0ca1\u0cbf\u0cb8\u0cb2\u0cbe\u0c97\u0cbf\u0ca6\u0cc6.\"", "\"default_error_msg\" : \"\uc54c \uc218 \uc5c6\ub294 \uc624\ub958\"", "\"common_google_play_services_notification_ticker\" : \"\u12e8Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1235\u1205\u1270\u1275\"", "\"abc_searchview_description_voice\" : \"Glasovna pretraga\"", "\"abc_action_menu_overflow_description\" : \"M\u00e1s opciones\"", "\"fingerprint_not_recognized\" : \"\u041d\u0435 \u0435 \u0440\u0430\u0437\u043f\u043e\u0437\u043d\u0430\u0442\u043e\"", "\"abc_capital_off\" : \"I-OFF\"", "\"common_google_play_services_wear_update_text\" : \"\u5fc5\u9808\u4f7f\u7528\u65b0\u7248 Google Play \u670d\u52d9\u3002\u8a72\u670d\u52d9\u7a0d\u5f8c\u5c31\u6703\u81ea\u52d5\u66f4\u65b0\u3002\"", "\"common_google_play_services_wear_update_text\" : \"Versi baharu perkhidmatan Google Play diperlukan. Kemas kini automatik akan dijalankan sebentar lagi.\"", "\"common_open_on_phone\" : \"\u0532\u0561\u0581\u0565\u056c \u0570\u0565\u057c\u0561\u056d\u0578\u057d\u0578\u057e\"", "\"fingerprint_error_hw_not_available\" : \"Hardv\u00e9r na sn\u00edmanie odtla\u010dku prsta nie je k\u00a0dispoz\u00edcii.\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u9808\u555f\u7528 Google Play \u670d\u52d9\uff0c\u65b9\u53ef\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"abc_prepend_shortcut_label\" : \"Menu+\"", "\"abc_capital_off\" : \"\u04e8\u0428\u0406\u0420\u0423\"", "\"abc_shareactionprovider_share_with\" : \"\u12a0\u130b\u122b \u1260\"", "\"abc_activitychooserview_choose_application\" : \"\u12a0\u1295\u12f5 \u1218\u1270\u130d\u1260\u122a\u12eb \u12ed\u121d\u1228\u1321\"", "\"common_open_on_phone\" : \"\u0c2b\u0c4b\u0c28\u0c4d\u200c\u0c32\u0c4b \u0c24\u0c46\u0c30\u0c41\u0c35\u0c41\"", "\"abc_searchview_description_submit\" : \"\u0421\u0443\u0440\u0430\u043c \u0442\u0430\u043f\u0448\u044b\u0440\u0443\u0443\"", "\"abc_searchview_description_clear\" : \"\u0418\u0437\u0447\u0438\u0441\u0442\u0432\u0430\u043d\u0435 \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0430\u0442\u0430\"", "\"common_google_play_services_updating_text\" : \"Na spustenie aplik\u00e1cie %1$s sa vy\u017eaduj\u00fa slu\u017eby Google Play, ktor\u00e9 sa moment\u00e1lne aktualizuj\u00fa.\"", "\"abc_menu_shift_shortcut_label\" : \"\u201eShift\u201c +\"", "\"confirm_device_credential_password\" : \"Passwort nutzen\"", "\"confirm_device_credential_password\" : \"\u09aa\u09be\u099b\u09f1\u09f0\u09cd\u09a1 \u09ac\u09cd\u09af\u09f1\u09b9\u09be\u09f0 \u0995\u09f0\u0995\"", "\"abc_searchview_description_clear\" : \"\u0421\u0443\u0440\u0430\u043c\u0434\u044b \u04e9\u0447\u04af\u0440\u04af\u04af\"", "\"abc_capital_off\" : \"\u10d2\u10d0\u10db\u10dd\u10e0\u10d7\u10d5\u10d0\"", "\"abc_action_bar_up_description\" : \"\uc704\ub85c \uc774\ub3d9\"", "\"abc_menu_shift_shortcut_label\" : \"T\u00f5stuklahv +\"", "\"search_menu_title\" : \"\u0ab6\u0acb\u0aa7\u0acb\"", "\"common_google_play_services_install_text\" : \"Lai lietotne %1$s darbotos, ier\u012bc\u0113 ir j\u0101instal\u0113 Google\u00a0Play pakalpojumi.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Area dei messaggi di assistenza\"", "\"default_error_msg\" : \"Ok\u00e4nt fel\"", "\"common_google_play_services_unsupported_text\" : \"%1$s aplikazioa ezin da erabili Google Play zerbitzurik gabe, eta zure gailua ez da zerbitzuokin bateragarria.\"", "\"confirm_device_credential_password\" : \"\u0d2a\u0d3e\u0d38\u0d4d\u200c\u0d35\u0d47\u0d21\u0d4d \u0d09\u0d2a\u0d2f\u0d4b\u0d17\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_search_hint\" : \"Szukaj\u2026\"", "\"abc_searchview_description_search\" : \"\u0c36\u0c4b\u0c27\u0c28\"", "\"common_signin_button_text_long\" : \"Google \u0b38\u0b39 \u0b38\u0b3e\u0b07\u0b28\u0b4d\u200c-\u0b07\u0b28\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"generic_error_user_canceled\" : \"L'usuari ha cancel\u00b7lat l'autenticaci\u00f3.\"", "\"confirm_device_credential_password\" : \"K\u00e4yt\u00e4 salasanaa\"", "\"generic_error_user_canceled\" : \"Ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 h\u1ee7y thao t\u00e1c x\u00e1c th\u1ef1c.\"", "\"common_google_play_services_enable_button\" : \"\u012egalinti\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Sv\u00e6\u00f0i hj\u00e1lparskilabo\u00f0a\"", "\"common_google_play_services_unknown_issue\" : \"%1$s inenkinga ngamasevisi e-Google Play. Sicela uzame futhi.\"", "\"mtrl_picker_range_header_unselected\" : \"Start date \u2013 End date\"", "\"abc_activity_chooser_view_see_all\" : \"Poka\u017c wszystko\"", "\"abc_toolbar_collapse_description\" : \"Sa\u017emi\"", "\"character_counter_content_description\" : \"Characters entered %1$d of %2$d\"", "\"abc_searchview_description_query\" : \"Sesha umbuzo\"", "\"abc_activity_chooser_view_see_all\" : \"N\u00e4yt\u00e4 kaikki\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52d9\u53ef\u7528\u6027\"", "\"fingerprint_dialog_touch_sensor\" : \"Dotaknite se tipala prst. odt.\"", "\"abc_menu_space_shortcut_label\" : \"mellemrum\"", "\"confirm_device_credential_password\" : \"Utilizar palavra-passe\"", "\"abc_search_hint\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\u2026\"", "\"common_google_play_services_enable_title\" : \"Habilitar servicios de Google Play\"", "\"generic_error_user_canceled\" : \"Korisnik je otkazao potvrdu identiteta.\"", "\"fingerprint_error_user_canceled\" : \"Barmoq izi amali foydalanuvchi tomonidan bekor qilindi\"", "\"search_menu_title\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\"", "\"abc_search_hint\" : \"Haku\u2026\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-tjenesters tilg\u00e6ngelighed\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Indawo yosizo lomlayezo\"", "\"common_signin_button_text_long\" : \"Google \u098f\u09b0 \u09ae\u09be\u09a7\u09cd\u09af\u09ae\u09c7 \u09b8\u09be\u0987\u09a8-\u0987\u09a8 \u0995\u09b0\u09c1\u09a8\"", "\"abc_capital_on\" : \"YONIQ\"", "\"abc_toolbar_collapse_description\" : \"Minnka\"", "\"common_google_play_services_updating_text\" : \"\u6b63\u5728\u66f4\u65b0 Google Play \u670d\u52d9\uff0c\u66f4\u65b0\u5b8c\u6210\u5f8c\u65b9\u53ef\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_google_play_services_unsupported_text\" : \"%1$s no se ejecutar\u00e1 sin los servicios de Google Play, que no son compatibles con tu dispositivo.\"", "\"search_menu_title\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\"", "\"common_open_on_phone\" : \"Hape n\u00eb telefon\"", "\"abc_searchview_description_submit\" : \"\u0548\u0582\u0572\u0561\u0580\u056f\u0565\u056c \u0570\u0561\u0580\u0581\u0578\u0582\u0574\u0568\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u8aaa\u660e\u8a0a\u606f\u5340\u57df\"", "\"abc_activitychooserview_choose_application\" : \"Kies 'n program\"", "\"common_google_play_services_enable_button\" : \"\u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cc1\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0b89\u0ba4\u0bb5\u0bbf\u0b9a\u0bcd \u0b9a\u0bc6\u0baf\u0bcd\u0ba4\u0bbf\u0b95\u0bcd\u0b95\u0bbe\u0ba9 \u0baa\u0b95\u0bc1\u0ba4\u0bbf\"", "\"common_open_on_phone\" : \"Otw\u00f3rz na telefonie\"", "\"common_google_play_services_install_text\" : \"%1$s ne\u0107e funkcionirati bez usluga Google Playa koje nisu instalirane na va\u0161em ure\u0111aju.\"", "\"abc_searchview_description_search\" : \"\u691c\u7d22\"", "\"abc_capital_off\" : \"\u0b86\u0b83\u0baa\u0bcd\"", "\"abc_capital_on\" : \"P\u00c4\u00c4LL\u00c4\"", "\"abc_capital_on\" : \"AAN\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0438 \u0441\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play. \u041e\u0431\u0438\u0434\u0435\u0442\u0435 \u0441\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e.\"", "\"common_google_play_services_install_button\" : \"Y\u00fckle\"", "\"abc_search_hint\" : \"\u12ed\u1348\u120d\u1309\u2026\"", "\"common_google_play_services_install_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang tidak ada di perangkat Anda.\"", "\"abc_menu_delete_shortcut_label\" : \"supprimer\"", "\"common_google_play_services_install_title\" : \"\u0e15\u0e34\u0e14\u0e15\u0e31\u0e49\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"fingerprint_error_hw_not_available\" : \"Fingerabdruckhardware nicht verf\u00fcgbar.\"", "\"common_google_play_services_install_title\" : \"\u5b89\u88dd Google Play \u670d\u52d9\"", "\"default_error_msg\" : \"Errore ezezaguna\"", "\"abc_capital_off\" : \"\u0c06\u0c2b\u0c4d\"", "\"common_google_play_services_enable_title\" : \"Attiva Google Play Services\"", "\"fingerprint_not_recognized\" : \"Kh\u00f4ng nh\u1eadn d\u1ea1ng \u0111\u01b0\u1ee3c\"", "\"common_google_play_services_wear_update_text\" : \"Er is een nieuwe versie van Google Play-services vereist. De update wordt binnenkort automatisch uitgevoerd.\"", "\"abc_searchview_description_search\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\"", "\"fingerprint_error_hw_not_present\" : \"To urz\u0105dzenie nie jest wyposa\u017cone w\u00a0czytnik linii papilarnych\"", "\"common_google_play_services_enable_title\" : \"\u200f\u05d4\u05e4\u05e2\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"abc_searchview_description_clear\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u524a\u9664\"", "\"abc_shareactionprovider_share_with_application\" : \"Skupna raba z drugimi prek aplikacije %s\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0938\u092c\u092e\u093f\u091f \u0915\u0930\u093e\"", "\"fingerprint_not_recognized\" : \"Hindi nakilala\"", "\"common_google_play_services_enable_button\" : \"Aktifkan\"", "\"fingerprint_error_hw_not_present\" : \"\u9019\u500b\u88dd\u7f6e\u6c92\u6709\u6307\u7d0b\u611f\u61c9\u5668\"", "\"fingerprint_dialog_touch_sensor\" : \"Dotknij czytnika linii papilarnych\"", "\"abc_action_mode_done\" : \"\u0411\u043e\u043b\u0441\u043e\u043d\"", "\"common_google_play_services_install_button\" : \"Installi\"", "\"abc_capital_off\" : \"FRA\"", "\"abc_action_bar_up_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0438\u0440\u0430\u043d\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"abc_capital_on\" : \"\u5f00\u542f\"", "\"fingerprint_error_hw_not_present\" : \"\u0db8\u0dd9\u0db8 \u0d8b\u0db4\u0dcf\u0d82\u0d9c\u0dba\u0dda \u0d87\u0d9f\u0dd2\u0dbd\u0dd2 \u0dc3\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0dc3\u0d82\u0dc0\u0dda\u0daf\u0d9a\u0dba\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\"", "\"common_google_play_services_install_button\" : \"\u0a87\u0aa8\u0acd\u0ab8\u0acd\u0a9f\u0ac9\u0ab2 \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_updating_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a3e, \u0a1c\u0a4b \u0a35\u0a30\u0a24\u0a2e\u0a3e\u0a28 \u0a35\u0a3f\u0a71\u0a1a \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a39\u0a4b \u0a30\u0a39\u0a40\u0a06\u0a02 \u0a39\u0a28\u0964\"", "\"abc_menu_alt_shortcut_label\" : \"ALT +\"", "\"common_google_play_services_update_button\" : \"Actualiza\u021bi\"", "\"abc_menu_sym_shortcut_label\" : \"Simbool+\"", "\"abc_activitychooserview_choose_application\" : \"Ilovani tanlang\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0d38\u0d39\u0d3e\u0d2f \u0d38\u0d28\u0d4d\u0d26\u0d47\u0d36 \u0d0f\u0d30\u0d3f\u0d2f\"", "\"confirm_device_credential_password\" : \"Nota a\u00f0gangsor\u00f0\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care nu sunt acceptate de dispozitivul dvs.\"", "\"generic_error_user_canceled\" : \"A hiteles\u00edt\u00e9st megszak\u00edtotta a felhaszn\u00e1l\u00f3.\"", "\"default_error_msg\" : \"Erro desconhecido.\"", "\"confirm_device_credential_password\" : \"\u0e43\u0e0a\u0e49\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\"", "\"abc_searchview_description_voice\" : \"Stemsoektog\"", "\"fingerprint_dialog_touch_sensor\" : \"Palieskite pir\u0161to antspaudo jutikl\u012f\"", "\"common_google_play_services_install_title\" : \"Google Play xidm\u0259tl\u0259rini \u0259ld\u0259 edin\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u05e0\u05ea\u05e7\u05dc\u05d4 \u05d1\u05d1\u05e2\u05d9\u05d4 \u05d1\u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play. \u05e0\u05e1\u05d4 \u05e9\u05d5\u05d1.\"", "\"abc_searchview_description_submit\" : \"\u63d0\u4ea4\u67e5\u8a62\"", "\"common_google_play_services_install_title\" : \"\u53d6\u5f97 Google Play \u670d\u52d9\"", "\"common_google_play_services_updating_text\" : \"Zur Nutzung von %1$s sind Google Play-Dienste erforderlich, die gerade aktualisiert werden.\"", "\"abc_shareactionprovider_share_with_application\" : \"Partilhar com a aplica\u00e7\u00e3o %s\"", "\"abc_action_bar_home_description\" : \"\u1218\u1290\u123b \u12f3\u1235\u1235\"", "\"abc_searchview_description_query\" : \"Truy v\u1ea5n t\u00ecm ki\u1ebfm\"", "\"common_google_play_services_update_text\" : \"%1$s \u0924\u092c \u0924\u0915 \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u092c \u0924\u0915 \u0906\u092a Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u094b \u0905\u092a\u0921\u0947\u091f \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0947.\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u0646\u0633\u062e\u0647 \u062c\u062f\u06cc\u062f \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a. \u0628\u0647\u200c\u0632\u0648\u062f\u06cc \u0628\u0647\u200c\u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"common_google_play_services_enable_title\" : \"B\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"abc_prepend_shortcut_label\" : \"Meniu+\"", "\"abc_action_bar_home_description\" : \"\u0a39\u0a4b\u0a2e '\u0a24\u0a47 \u0a1c\u0a3e\u0a13\"", "\"common_google_play_services_notification_ticker\" : \"\u1780\u17c6\u17a0\u17bb\u179f\u200b\u200b\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u200b Google \u1780\u1798\u17d2\u179f\u17b6\u1793\u17d2\u178f\"", "\"common_google_play_services_unsupported_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang tidak didukung oleh perangkat Anda.\"", "\"abc_searchview_description_search\" : \"Hledat\"", "\"common_google_play_services_update_title\" : \"I-update ang mga serbisyo ng Google Play\"", "\"fingerprint_error_hw_not_available\" : \"Barmoq izi skaneri ish holatida emas.\"", "\"fingerprint_error_hw_not_present\" : \"Toto zariadenie nem\u00e1 senzor odtla\u010dkov prstov\"", "\"common_google_play_services_update_title\" : \"A\u017euriranje usluga Google Playa\"", "\"abc_action_bar_up_description\" : \"Fel\"", "\"common_google_play_services_update_text\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\u0dda \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0dda.\"", "\"abc_searchview_description_submit\" : \"Kirim kueri\"", "\"generic_error_user_canceled\" : \"\uc0ac\uc6a9\uc790\uac00 \uc778\uc99d\uc744 \ucde8\uc18c\ud588\uc2b5\ub2c8\ub2e4.\"", "\"abc_action_bar_up_description\" : \"\u0c2a\u0c48\u0c15\u0c3f \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_wear_update_text\" : \"Se necesita una nueva versi\u00f3n de Servicios de Google Play. Se actualizar\u00e1 en breve.\"", "\"common_google_play_services_install_title\" : \"\u200f\u05e7\u05d1\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"abc_search_hint\" : \"Qidirish\u2026\"", "\"common_google_play_services_install_title\" : \"\u200f\u062f\u0631\u06cc\u0627\u0641\u062a \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "\"common_google_play_services_update_title\" : \"Perbarui layanan Google Play\"", "\"abc_searchview_description_voice\" : \"\u0ca7\u0ccd\u0cb5\u0ca8\u0cbf \u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbe\u0c9f\"", "\"abc_searchview_description_voice\" : \"Puhehaku\"", "\"abc_capital_off\" : \"\u0d13\u0d2b\u0d4d\"", "\"abc_searchview_description_query\" : \"\u0ba4\u0bc7\u0b9f\u0bb2\u0bcd \u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bcd\"", "\"abc_search_hint\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\u2026\"", "\"default_error_msg\" : \"\u0905\u091c\u094d\u091e\u093e\u0924 \u090f\u0930\u0930\"", "\"common_google_play_services_notification_ticker\" : \"Virhe Google Play -palveluissa\"", "\"abc_searchview_description_submit\" : \"Po\u0161alji upit\"", "\"fingerprint_not_recognized\" : \"\u0a93\u0ab3\u0a96\u0abe\u0aaf\u0ac7\u0ab2 \u0aa8\u0aa5\u0ac0\"", "\"fingerprint_error_no_fingerprints\" : \"\u0394\u03b5\u03bd \u03ad\u03c7\u03bf\u03c5\u03bd \u03ba\u03b1\u03c4\u03b1\u03c7\u03c9\u03c1\u03b9\u03c3\u03c4\u03b5\u03af \u03b4\u03b1\u03ba\u03c4\u03c5\u03bb\u03b9\u03ba\u03ac \u03b1\u03c0\u03bf\u03c4\u03c5\u03c0\u03ce\u03bc\u03b1\u03c4\u03b1.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Laguntza-mezuaren eremua\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Oblast pro zpr\u00e1vu n\u00e1pov\u011bdy\"", "\"abc_shareactionprovider_share_with_application\" : \"Kongsi dengan %s\"", "\"app_name\" : \"DamnVulnerableBank\"", "\"fingerprint_error_user_canceled\" : \"\u092a\u094d\u0930\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e\u0932\u0947 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0928\u094d\u091f\u0938\u092e\u094d\u092c\u0928\u094d\u0927\u0940 \u0915\u093e\u0930\u092c\u093e\u0939\u0940 \u0930\u0926\u094d\u0926 \u0917\u0930\u094d\u0928\u0941\u092d\u092f\u094b\u0964\"", "\"abc_menu_alt_shortcut_label\" : \"\u201eAlt\u201c +\"", "\"abc_menu_enter_shortcut_label\" : \"INVIO\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0435\u0433\u043b\u0435\u0434 \u043d\u0430 \u0432\u0441\u0438\u0447\u043a\u0438\"", "\"common_google_play_services_notification_ticker\" : \"Google \u041d\u0430\u0430\u0434\u0430\u0430\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u0438\u0439 \u0430\u043b\u0434\u0430\u0430\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0986\u0999\u09cd\u0997\u09c1\u09b2\u09c7\u09b0 \u099b\u09be\u09aa\u09c7\u09b0 \u09b8\u09c7\u09a8\u09cd\u09b8\u09b0 \u099f\u09be\u099a \u0995\u09b0\u09c1\u09a8\"", "\"search_menu_title\" : \"\u691c\u7d22\"", "\"common_signin_button_text\" : \"Identifikohu\"", "\"search_menu_title\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_install_button\" : \"\u0b07\u0b28\u0b4d\u200d\u0b37\u0b4d\u0b1f\u0b32\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_enable_button\" : \"\u0641\u0639\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_update_title\" : \"Google\u00a0Play pakalpojumu atjaunin\u0101\u0161ana\"", "\"abc_activitychooserview_choose_application\" : \"\u0dba\u0dd9\u0daf\u0dd4\u0db8\u0d9a\u0dca \u0dad\u0ddd\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_searchview_description_clear\" : \"\u0e25\u0e49\u0e32\u0e07\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"fingerprint_not_recognized\" : \"\u0c17\u0c41\u0c30\u0c4d\u0c24\u0c3f\u0c02\u0c1a\u0c2c\u0c21\u0c32\u0c47\u0c26\u0c41\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_action_mode_done\" : \"\u0938\u092e\u094d\u092a\u0928\u094d\u0928 \u092d\u092f\u094b\"", "\"abc_shareactionprovider_share_with\" : \"Jaga:\"", "\"common_google_play_services_unknown_issue\" : \"%1$s inakumbwa na hitilafu ya huduma za Google Play. Tafadhali jaribu tena.\"", "\"fingerprint_error_lockout\" : \"\u0425\u044d\u0442 \u043e\u043b\u043e\u043d \u0443\u0434\u0430\u0430 \u043e\u0440\u043e\u043b\u0434\u043b\u043e\u043e. \u0422\u0430 \u0434\u0430\u0440\u0430\u0430 \u0434\u0430\u0445\u0438\u043d \u043e\u0440\u043e\u043b\u0434\u043e\u043d\u043e \u0443\u0443.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u0930\u094d\u0935 \u092a\u093e\u0939\u093e\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u0441\u0435 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0458\u0443.\"", "\"abc_shareactionprovider_share_with_application\" : \"Dela med %s\"", "\"fingerprint_error_hw_not_present\" : \"\u0a07\u0a38 \u0a21\u0a40\u0a35\u0a3e\u0a08\u0a38 \u0a35\u0a3f\u0a71\u0a1a \u0a2b\u0a3f\u0a70\u0a17\u0a30\u0a2a\u0a4d\u0a30\u0a3f\u0a70\u0a1f \u0a38\u0a48\u0a02\u0a38\u0a30 \u0a28\u0a39\u0a40\u0a02 \u0a39\u0a48\"", "\"common_google_play_services_install_text\" : \"Google Play \u0938\u0947\u0935\u093e \u0906\u092a\u0932\u094d\u092f\u093e \u0921\u093f\u0935\u094d\u0939\u093e\u0907\u0938\u0935\u0930 \u0909\u092a\u0932\u092c\u094d\u0927 \u0928\u093e\u0939\u0940, \u0924\u094d\u092f\u093e\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"fingerprint_error_hw_not_present\" : \"\u0d08 \u0d09\u0d2a\u0d15\u0d30\u0d23\u0d24\u0d4d\u0d24\u0d3f\u0d7d \u0d35\u0d3f\u0d30\u0d32\u0d1f\u0d2f\u0d3e\u0d33 \u0d38\u0d46\u0d7b\u0d38\u0d7c \u0d07\u0d32\u0d4d\u0d32\"", "\"common_google_play_services_unsupported_text\" : \"Lai lietotne %1$s darbotos, ir nepiecie\u0161ami Google Play pakalpojumi, ta\u010du j\u016bsu ier\u012bce tos neatbalsta.\"", "\"fingerprint_error_no_fingerprints\" : \"Nincsenek regisztr\u00e1lt ujjlenyomatok.\"", "\"common_google_play_services_update_button\" : \"Opdater\"", "\"common_google_play_services_unknown_issue\" : \"%1$s hat Probleme mit Google Play-Diensten. Bitte versuche es noch einmal.\"", "\"abc_searchview_description_clear\" : \"Wyczy\u015b\u0107 zapytanie\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u093e\"", "\"abc_shareactionprovider_share_with\" : \"\u0b87\u0ba4\u0bbf\u0bb2\u0bcd \u0baa\u0b95\u0bbf\u0bb0\u0bcd\"", "\"abc_action_bar_up_description\" : \"Navega cap amunt\"", "\"common_google_play_services_update_title\" : \"Aktualizace slu\u017eeb Google Play\"", "\"default_error_msg\" : \"Neznana napaka\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play-\u043d \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u04af\u04af\u0434\u0438\u0439\u043d \u0431\u043e\u043b\u043e\u043c\u0436\u0438\u0442 \u0431\u0430\u0439\u0434\u0430\u043b\"", "\"search_menu_title\" : \"\u0c36\u0c4b\u0c27\u0c28\"", "\"common_google_play_services_wear_update_text\" : \"N\u00fdja \u00fatg\u00e1fu af \u00fej\u00f3nustu Google Play vantar. H\u00fan uppf\u00e6rir sig sj\u00e1lf innan skamms.\"", "\"abc_searchview_description_query\" : \"\u0e84\u0eb3\u0eaa\u0eb3\u0ea5\u0eb1\u0e9a\u0e84\u0ebb\u0ec9\u0e99\u0eab\u0eb2\"", "\"fingerprint_not_recognized\" : \"Tan\u0131nmad\u0131\"", "\"common_google_play_services_update_text\" : \"\u0986\u09aa\u09c1\u09a8\u09bf Google Play \u09b8\u09c7\u09f1\u09be\u09ac\u09cb\u09f0 \u0986\u09aa\u09a1\u09c7\u2019\u099f \u09a8\u0995\u09f0\u09be\u09b2\u09c8\u0995\u09c7 %1$s \u09a8\u099a\u09b2\u09bf\u09ac\u0964\"", "\"common_google_play_services_install_button\" : \"Installeer\"", "\"common_open_on_phone\" : \"\u1235\u120d\u12ad \u120b\u12ed \u12ad\u1348\u1275\"", "\"common_google_play_services_update_button\" : \"Aktualizuj\"", "\"common_google_play_services_install_title\" : \"Google Play xizmatlarini o\u2018rnatish\"", "\"abc_menu_delete_shortcut_label\" : \"Delete \u9375\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u0443\u0440\u0435\u0452\u0430\u0458 \u043d\u0435 \u043f\u043e\u0434\u0440\u0436\u0430\u0432\u0430.\"", "\"common_google_play_services_install_button\" : \"\u0646\u0635\u0628\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0421\u0430\u0443\u0441\u0430\u049b \u0456\u0437\u0456\u043d \u043e\u049b\u0443 \u0441\u043a\u0430\u043d\u0435\u0440\u0456\u043d \u0442\u04af\u0440\u0442\u0456\u04a3\u0456\u0437\"", "\"common_google_play_services_enable_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s je t\u0159eba aktivovat slu\u017eby Google Play.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem er ekki studd af t\u00e6kinu \u00fe\u00ednu.\"", "\"abc_action_bar_up_description\" : \"\u0e01\u0e25\u0e31\u0e1a\"", "\"abc_action_menu_overflow_description\" : \"Opsi lain\"", "\"abc_action_menu_overflow_description\" : \"Vi\u0161e opcija\"", "\"common_google_play_services_update_button\" : \"Eguneratu\"", "\"common_google_play_services_update_title\" : \"\u66f4\u65b0 Google Play \u670d\u52d9\"", "\"fingerprint_error_hw_not_present\" : \"Denne enhed har ingen fingeraftryksl\u00e6ser\"", "\"abc_action_mode_done\" : \"\u10db\u10d6\u10d0\u10d3\u10d0\u10d0\"", "\"fingerprint_error_hw_not_present\" : \"\u3053\u306e\u30c7\u30d0\u30a4\u30b9\u306b\u306f\u6307\u7d0b\u8a8d\u8a3c\u30bb\u30f3\u30b5\u30fc\u304c\u3042\u308a\u307e\u305b\u3093\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u064a\u062c\u0628 \u062a\u0648\u0641\u0631 \u0625\u0635\u062f\u0627\u0631 \u062c\u062f\u064a\u062f \u0645\u0646 \u062e\u062f\u0645\u0627\u062a Google Play. \u0633\u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b\u0647\u0627 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627 \u0642\u0631\u064a\u0628\u064b\u0627.\"", "\"common_signin_button_text\" : \"Ngena ngemvume\"", "\"abc_action_bar_home_description\" : \"\u1019\u1030\u101c\u1014\u1031\u101b\u102c\u1000\u102d\u102f \u1015\u103c\u1014\u103a\u101e\u103d\u102c\u1038\u101b\u1014\u103a\"", "\"common_signin_button_text_long\" : \"Se connecter avec Google\"", "\"generic_error_user_canceled\" : \"Verificatie geannuleerd door gebruiker.\"", "RootBeer", "\"fingerprint_error_hw_not_present\" : \"Este dispositivo n\u00e3o tem sensor de impress\u00f5es digitais.\"", "\"abc_capital_off\" : \"VYP.\"", "\"common_signin_button_text_long\" : \"\u0423\u0432\u0430\u0439\u0441\u0446\u0456 \u043f\u0440\u0430\u0437 Google\"", "\"fingerprint_error_lockout\" : \"\u03a5\u03c0\u03b5\u03c1\u03b2\u03bf\u03bb\u03b9\u03ba\u03ac \u03c0\u03bf\u03bb\u03bb\u03ad\u03c2 \u03c0\u03c1\u03bf\u03c3\u03c0\u03ac\u03b8\u03b5\u03b9\u03b5\u03c2. \u0394\u03bf\u03ba\u03b9\u03bc\u03ac\u03c3\u03c4\u03b5 \u03be\u03b1\u03bd\u03ac \u03b1\u03c1\u03b3\u03cc\u03c4\u03b5\u03c1\u03b1.\"", "\"common_google_play_services_wear_update_text\" : \"\u12a0\u12f2\u1235 \u12e8Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1235\u122a\u1275 \u12eb\u1235\u1348\u120d\u130b\u120d\u1362 \u1260\u1245\u122d\u1261 \u12a5\u122b\u1231\u1295 \u12eb\u12d8\u121d\u1293\u120d\u1362\"", "\"fingerprint_error_hw_not_present\" : \"\u042d\u043d\u044d \u0442\u04e9\u0445\u04e9\u04e9\u0440\u04e9\u043c\u0436\u0438\u0434 \u0445\u0443\u0440\u0443\u0443\u043d\u044b \u0445\u044d\u044d \u043c\u044d\u0434\u0440\u044d\u0433\u0447 \u0430\u043b\u0433\u0430 \u0431\u0430\u0439\u043d\u0430\"", "\"fingerprint_error_hw_not_available\" : \"Hardver za otiske prstiju nije dostupan.\"", "\"common_open_on_phone\" : \"Openen op telefoon\"", "\"common_google_play_services_enable_title\" : \"\u041e\u043c\u043e\u0433\u0443\u045b\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"common_open_on_phone\" : \"Auf Smartphone \u00f6ffnen\"", "\"common_google_play_services_notification_channel_name\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0e41\u0e15\u0e30\u0e40\u0e0b\u0e47\u0e19\u0e40\u0e0b\u0e2d\u0e23\u0e4c\u0e25\u0e32\u0e22\u0e19\u0e34\u0e49\u0e27\u0e21\u0e37\u0e2d\"", "\"abc_prepend_shortcut_label\" : \"Menu \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"fingerprint_error_hw_not_available\" : \"\u0c35\u0c47\u0c32\u0c3f\u0c2e\u0c41\u0c26\u0c4d\u0c30 \u0c39\u0c3e\u0c30\u0c4d\u0c21\u0c4d\u200c\u0c35\u0c47\u0c30\u0c4d \u0c05\u0c02\u0c26\u0c41\u0c2c\u0c3e\u0c1f\u0c41\u0c32\u0c4b \u0c32\u0c47\u0c26\u0c41.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\uc5d0\uc11c Google Play \uc11c\ube44\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub294 \ub370 \ubb38\uc81c\uac00 \uc788\uc2b5\ub2c8\ub2e4. \ub2e4\uc2dc \uc2dc\ub3c4\ud558\uc138\uc694.\"", "\"abc_searchview_description_voice\" : \"\u0a05\u0a35\u0a3e\u0a1c\u0a3c\u0a40 \u0a16\u0a4b\u0a1c\"", "\"fingerprint_error_lockout\" : \"Of margar tilraunir. Reyndu aftur s\u00ed\u00f0ar.\"", "\"common_google_play_services_wear_update_text\" : \"\u0c15\u0c4a\u0c24\u0c4d\u0c24 Google Play \u0c38\u0c47\u0c35\u0c32 \u0c35\u0c46\u0c30\u0c4d\u0c37\u0c28\u0c4d \u0c05\u0c35\u0c38\u0c30\u0c02. \u0c05\u0c26\u0c3f \u0c15\u0c4a\u0c26\u0c4d\u0c26\u0c3f \u0c38\u0c47\u0c2a\u0c1f\u0c4d\u0c32\u0c4b \u0c26\u0c3e\u0c28\u0c02\u0c24\u0c1f \u0c05\u0c26\u0c47 \u0c05\u0c2a\u0c4d\u200c\u0c21\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c41\u0c24\u0c41\u0c02\u0c26\u0c3f.\"", "\"abc_action_bar_home_description\" : \"\u0cb9\u0ccb\u0cae\u0ccd\u200c\u0c97\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"search_menu_title\" : \"Iskanje\"", "\"fingerprint_error_hw_not_available\" : \"\uc9c0\ubb38 \uc778\uc2dd \ud558\ub4dc\uc6e8\uc5b4\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.\"", "\"common_google_play_services_install_title\" : \"\u200f\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"abc_searchview_description_search\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\"", "\"abc_shareactionprovider_share_with\" : \"Delen met\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa\u00a0+\"", "\"common_google_play_services_update_text\" : \"%1$s kj\u00f8rer ikke med mindre du oppdaterer Google Play Tjenester.\"", "\"fingerprint_error_user_canceled\" : \"\u0c35\u0c47\u0c32\u0c3f\u0c2e\u0c41\u0c26\u0c4d\u0c30 \u0c1a\u0c30\u0c4d\u0c2f\u0c28\u0c3f \u0c35\u0c3f\u0c28\u0c3f\u0c2f\u0c4b\u0c17\u0c26\u0c3e\u0c30\u0c41 \u0c30\u0c26\u0c4d\u0c26\u0c41 \u0c1a\u0c47\u0c38\u0c3e\u0c30\u0c41.\"", "\"abc_action_menu_overflow_description\" : \"\u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627\u06cc \u0628\u06cc\u0634\u062a\u0631\"", "\"fingerprint_error_user_canceled\" : \"Korisnik je otkazao radnju sa otiskom prsta.\"", "\"common_google_play_services_notification_ticker\" : \"Viga Google Play teenustes\"", "\"abc_activity_chooser_view_see_all\" : \"\u09b8\u09ac\u0997\u09c1\u09b2\u09bf \u09a6\u09c7\u0996\u09c1\u09a8\"", "\"abc_action_bar_up_description\" : \"Idite nagore\"", "\"abc_prepend_shortcut_label\" : \"Valmynd+\"", "\"abc_capital_off\" : \"\u0531\u0546\u054b\u0531\u054f\u0535\u053c\"", "\"abc_prepend_shortcut_label\" : \"\u201eMenu\u201c +\"", "\"generic_error_user_canceled\" : \"Authentication canceled by user.\"", "\"common_google_play_services_install_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui ne sont pas install\u00e9s sur votre appareil.\"", "\"abc_searchview_description_voice\" : \"\u09ad\u09af\u09bc\u09c7\u09b8 \u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"abc_searchview_description_submit\" : \"\u03a5\u03c0\u03bf\u03b2\u03bf\u03bb\u03ae \u03b5\u03c1\u03c9\u03c4\u03ae\u03bc\u03b1\u03c4\u03bf\u03c2\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fc+\"", "\"abc_shareactionprovider_share_with\" : \"Kop\u012bgot ar:\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0c38\u0c39\u0c3e\u0c2f \u0c38\u0c02\u0c26\u0c47\u0c36 \u0c2a\u0c4d\u0c30\u0c3e\u0c02\u0c24\u0c02\"", "\"abc_searchview_description_clear\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10d2\u10d0\u10e1\u10e3\u10e4\u10d7\u10d0\u10d5\u10d4\u10d1\u10d0\"", "\"abc_capital_on\" : \"\u0c86\u0ca8\u0ccd\"", "\"fingerprint_not_recognized\" : \"Not recognized\"", "\"abc_activitychooserview_choose_application\" : \"S\u00e9lectionner une application\"", "\"abc_searchview_description_search\" : \"K\u00ebrko\"", "\"abc_capital_off\" : \"IMEZIMWA\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play xidm\u0259tl\u0259rinin \u0259l\u00e7atanl\u0131\u011f\u0131\"", "\"mtrl_chip_close_icon_content_description\" : \"Remove %1$s\"", "\"fingerprint_error_hw_not_available\" : \"Hardware per l'impronta digitale non disponibile.\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0627\u0634\u062a\u0631\u0627\u06a9 \u06a9\u0631\u06cc\u06ba\"", "\"fingerprint_error_user_canceled\" : \"\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e22\u0e01\u0e40\u0e25\u0e34\u0e01\u0e01\u0e32\u0e23\u0e17\u0e33\u0e07\u0e32\u0e19\u0e02\u0e2d\u0e07\u0e25\u0e32\u0e22\u0e19\u0e34\u0e49\u0e27\u0e21\u0e37\u0e2d\"", "\"common_google_play_services_update_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435, \u044f\u043a\u0449\u043e \u043d\u0435 \u043e\u043d\u043e\u0432\u0438\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play Palveluiden saatavuus\"", "\"fingerprint_not_recognized\" : \"Not recognised\"", "\"abc_menu_function_shortcut_label\" : \"Functie +\"", "127.0.0.1", "\"accessibility_fingerprint_dialog_help_area\" : \"Omr\u00e5de for hjelpemelding\"", "\"abc_shareactionprovider_share_with_application\" : \"Jaa: %s\"", "\"abc_action_mode_done\" : \"\u0939\u094b \u0917\u092f\u093e\"", "\"abc_shareactionprovider_share_with\" : \"Ndaje me\"", "\"abc_searchview_description_search\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"common_google_play_services_install_title\" : \"Merr sh\u00ebrbimet e \"Luaj me Google\"\"", "\"fingerprint_error_user_canceled\" : \"\u0935\u093e\u092a\u0930\u0915\u0930\u094d\u0924\u094d\u092f\u093e\u0928\u0947 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0911\u092a\u0930\u0947\u0936\u0928 \u0930\u0926\u094d\u0926 \u0915\u0947\u0932\u0947.\"", "\"fingerprint_error_no_fingerprints\" : \"\u121d\u1295\u121d \u12e8\u1323\u1275 \u12a0\u123b\u122b\u12ce\u127d \u12a0\u120d\u1270\u1218\u12d8\u1308\u1261\u121d\u1362\"", "\"common_google_play_services_notification_channel_name\" : \"Disponueshm\u00ebria e sh\u00ebrbimeve t\u00eb Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Google Play-szolg\u00e1ltat\u00e1sok \u2013 hiba\"", "\"common_google_play_services_install_title\" : \"A Google Play-szolg\u00e1ltat\u00e1sok beszerz\u00e9se\"", "\"common_google_play_services_update_button\" : \"Aggiorna\"", "\"common_google_play_services_updating_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0648 \u0641\u06cc \u0627\u0644\u062d\u0627\u0644 \u0627\u067e \u0688\u06cc\u0679 \u06c1\u0648 \u0631\u06c1\u06cc \u06c1\u06cc\u06ba\u06d4\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u00c1rea de mensaxes de axuda\"", "\"default_error_msg\" : \"\u0b85\u0bb1\u0bbf\u0baf\u0baa\u0bcd\u0baa\u0b9f\u0bbe\u0ba4 \u0baa\u0bbf\u0bb4\u0bc8\"", "\"common_signin_button_text_long\" : \"\u0544\u0578\u0582\u057f\u0584 \u0563\u0578\u0580\u056e\u0565\u056c Google-\u0578\u057e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10da\u10d4\u10d1\u10d8\u10ea \u10db\u10ee\u10d0\u10e0\u10d3\u10d0\u10e3\u10ed\u10d4\u10e0\u10d4\u10da\u10d8\u10d0 \u10d7\u10e5\u10d5\u10d4\u10dc\u10d8 \u10db\u10dd\u10ec\u10e7\u10dd\u10d1\u10d8\u10da\u10dd\u10d1\u10d8\u10e1 \u10db\u10d8\u10d4\u10e0.\"", "\"abc_action_menu_overflow_description\" : \"\u0dad\u0dc0\u0dad\u0dca \u0dc0\u0dd2\u0d9a\u0dbd\u0dca\u0db4\"", "\"generic_error_user_canceled\" : \"\u121b\u1228\u130b\u1308\u132b \u1260\u1270\u1320\u1243\u121a \u1270\u1230\u122d\u12df\u120d\u1362\"", "\"common_google_play_services_enable_text\" : \"Lai lietotne %1$s darbotos, ir j\u0101iesp\u0113jo Google\u00a0Play pakalpojumi.\"", "\"common_google_play_services_update_button\" : \"\u0905\u092a\u0921\u0947\u091f \u0915\u0930\u093e\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost Google Play usluga\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u101e\u100a\u103a Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1014\u103e\u1004\u1037\u103a \u1015\u103c\u103f\u1014\u102c\u1021\u1014\u100a\u103a\u1038\u1004\u101a\u103a \u101b\u103e\u102d\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1011\u1015\u103a\u101c\u102f\u1015\u103a\u1000\u103c\u100a\u1037\u103a\u1015\u102b\u104b\"", "\"abc_action_bar_up_description\" : \"Kembali ke atas\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a02\u0a1d\u0a3e \u0a15\u0a30\u0a4b\"", "\"abc_search_hint\" : \"\u0548\u0580\u0578\u0576\u0578\u0582\u0574\u2026\"", "\"abc_toolbar_collapse_description\" : \"\u062a\u0635\u063a\u064a\u0631\"", "\"fingerprint_dialog_touch_sensor\" : \"Trykk p\u00e5 fingeravtrykkssensoren\"", "\"abc_menu_enter_shortcut_label\" : \"Eingabetaste\"", "\"abc_search_hint\" : \"Pretra\u017eite\u2026\"", "\"common_google_play_services_install_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456 \u049b\u04b1\u0440\u044b\u043b\u0493\u044b\u0434\u0430 \u0431\u043e\u043b\u043c\u0430\u0493\u0430\u043d\u0434\u044b\u049b\u0442\u0430\u043d, %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"common_signin_button_text_long\" : \"Logi sisse Google'i kontoga\"", "\"abc_menu_enter_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200eenter\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_notification_ticker\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06cc \u062e\u0631\u0627\u0628\u06cc\"", "\"fingerprint_error_hw_not_present\" : \"Denne enheten har ikke fingeravtrykkssensor\"", "\"abc_action_bar_home_description\" : \"Zur Startseite\"", "\"common_google_play_services_update_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e08\u0e19\u0e01\u0e27\u0e48\u0e32\u0e04\u0e38\u0e13\u0e08\u0e30\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"confirm_device_credential_password\" : \"\u05e9\u05d9\u05de\u05d5\u05e9 \u05d1\u05e1\u05d9\u05e1\u05de\u05d4\"", "\"common_google_play_services_update_title\" : \"Uppf\u00e6ra \u00fej\u00f3nustu Google Play\"", "\"common_google_play_services_install_text\" : \"%1$s nu va rula f\u0103r\u0103 serviciile Google Play, care lipsesc de pe dispozitivul dvs.\"", "\"confirm_device_credential_password\" : \"Usar contrasinal\"", "\"common_signin_button_text_long\" : \"Google \u0938\u0939 \u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u093e\"", "\"abc_toolbar_collapse_description\" : \"Comprimi\"", "\"abc_searchview_description_query\" : \"Consulta de cerca\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play zerbitzuen erabilgarritasuna\"", "\"common_google_play_services_install_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u101b\u101a\u1030\u101b\u1014\u103a\"", "\"common_google_play_services_update_title\" : \"Actualitza Serveis de Google Play\"", "\"abc_toolbar_collapse_description\" : \"\u00d6sszecsuk\u00e1s\"", "\"abc_action_menu_overflow_description\" : \"Autres options\"", "\"generic_error_user_canceled\" : \"\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043e\u0442\u043c\u0435\u043d\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\"", "\"abc_searchview_description_submit\" : \"\u0421\u04b1\u0440\u0430\u0443\u0434\u044b \u0436\u0456\u0431\u0435\u0440\u0443\"", "\"abc_activitychooserview_choose_application\" : \"Selecciona unha aplicaci\u00f3n\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e1 hasta que no habilites Servicios de Google Play.\"", "\"abc_menu_meta_shortcut_label\" : \"Meta tausti\u0146\u0161\u00a0+\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u9808\u66f4\u65b0 Google Play \u670d\u52d9\uff0c\u624d\u80fd\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_signin_button_text\" : \"\u05db\u05e0\u05d9\u05e1\u05d4\"", "\"fingerprint_error_lockout\" : \"Du har gjort for mange fors\u00f8k. Pr\u00f8v p\u00e5 nytt senere.\"", "\"search_menu_title\" : \"Hledat\"", "\"common_google_play_services_unsupported_text\" : \"L'application %1$s ne fonctionnera pas sans les services Google Play, qui ne sont pas pris en charge par votre appareil.\"", "\"abc_action_bar_up_description\" : \"Siirry yl\u00f6s\"", "\"abc_searchview_description_search\" : \"Keres\u00e9s\"", "\"abc_search_hint\" : \"Keres\u00e9s\u2026\"", "\"abc_shareactionprovider_share_with\" : \"Share with\"", "\"common_google_play_services_enable_text\" : \"%1$s funktioniert erst nach der Aktivierung der Google Play-Dienste.\"", "\"common_google_play_services_install_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 v\u00a0za\u0159\u00edzen\u00ed nem\u00e1te.\"", "\"abc_action_bar_up_description\" : \"Gaan op\"", "\"common_google_play_services_install_button\" : \"Installa\"", "\"common_google_play_services_enable_button\" : \"\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c\"", "\"fingerprint_dialog_touch_sensor\" : \"Raak de vingerafdruksensor aan\"", "\"common_google_play_services_updating_text\" : \"%1$s ez da exekutatuko Google Play zerbitzurik gabe; une honetan eguneratzen ari dira zerbitzuok.\"", "\"abc_toolbar_collapse_description\" : \"Zwi\u0144\"", "\"fingerprint_error_lockout\" : \"\u0417\u0430\u0431\u0430\u0433\u0430\u0442\u043e \u0441\u043f\u0440\u043e\u0431. \u0417\u0430\u0447\u0435\u043a\u0430\u0439\u0442\u0435.\"", "\"abc_menu_delete_shortcut_label\" : \"\u0438\u0437\u0431\u0440\u0438\u0448\u0438\"", "\"abc_searchview_description_search\" : \"Szukaj\"", "\"abc_search_hint\" : \"Buscar\u2026\"", "\"fingerprint_error_no_fingerprints\" : \"\u0a15\u0a4b\u0a08 \u0a2b\u0a3f\u0a70\u0a17\u0a30\u0a2a\u0a4d\u0a30\u0a3f\u0a70\u0a1f \u0a26\u0a30\u0a1c \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a40\u0a24\u0a3e \u0a17\u0a3f\u0a06\u0964\"", "\"common_open_on_phone\" : \"Ava telefonis\"", "\"abc_toolbar_collapse_description\" : \"Zbali\u0165\"", "\"abc_menu_function_shortcut_label\" : \"Funkcyjny+\"", "\"abc_activitychooserview_choose_application\" : \"\uc571 \uc120\ud0dd\"", "\"default_error_msg\" : \"\u0985\u099c\u09be\u09a8\u09be \u09b8\u09ae\u09b8\u09cd\u09af\u09be\"", "\"common_signin_button_text_long\" : \"Hasi saioa Google kontuarekin\"", "\"mtrl_picker_announce_current_selection\" : \"Current selection: %1$s\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija usluga Google Playa. Uskoro \u0107e se a\u017eurirati.\"", "\"abc_action_menu_overflow_description\" : \"Altre opzioni\"", "\"common_google_play_services_install_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05d0\u05d9\u05e0\u05dd \u05de\u05d5\u05ea\u05e7\u05e0\u05d9\u05dd \u05d1\u05de\u05db\u05e9\u05d9\u05e8.\"", "\"generic_error_user_canceled\" : \"\u0cac\u0cb3\u0c95\u0cc6\u0ca6\u0cbe\u0cb0\u0cb0\u0cc1 \u0ca6\u0cc3\u0ca2\u0cc0\u0c95\u0cb0\u0ca3\u0cb5\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb0\u0ca6\u0ccd\u0ca6\u0cc1\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\u0ca6\u0ccd\u0ca6\u0cbe\u0cb0\u0cc6.\"", "\"common_google_play_services_updating_text\" : \"%1$s ne fonctionnera pas sans les services Google Play, qui sont actuellement mis \u00e0 jour.\"", "\"abc_prepend_shortcut_label\" : \"Menua +\"", "\"abc_shareactionprovider_share_with_application\" : \"Shiriki ukitumia %s\"", "\"common_google_play_services_install_button\" : \"\u0418\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0435\"", "\"search_menu_title\" : \"\u0dc3\u0dd9\u0dc0\u0dd3\u0db8\"", "\"common_google_play_services_update_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8\u0baa\u0bcd \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_install_button\" : \"Installeren\"", "\"common_google_play_services_install_text\" : \"L'app %1$s non funzioner\u00e0 senza Google Play Services, non presente sul tuo dispositivo.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0a28\u0a42\u0a70 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a3e\u0a32 \u0a38\u0a2e\u0a71\u0a38\u0a3f\u0a06 \u0a06 \u0a30\u0a39\u0a40 \u0a39\u0a48\u0964 \u0a15\u0a3f\u0a30\u0a2a\u0a3e \u0a15\u0a30\u0a15\u0a47 \u0a26\u0a41\u0a2c\u0a3e\u0a30\u0a3e \u0a15\u0a4b\u0a38\u0a3c\u0a3f\u0a38\u0a3c \u0a15\u0a30\u0a4b\u0964\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fc\u00fc +\"", "\"abc_toolbar_collapse_description\" : \"\u0411\u0443\u0443\u043b\u0433\u0430\u0445\"", "\"common_google_play_services_enable_title\" : \"\u542f\u7528 Google Play \u670d\u52a1\"", "\"common_google_play_services_update_text\" : \"\u200f%1$s \u05dc\u05d0 \u05d9\u05e4\u05e2\u05dc \u05d0\u05dd \u05dc\u05d0 \u05ea\u05e2\u05d3\u05db\u05df \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play.\"", "\"common_google_play_services_notification_ticker\" : \"Erreur li\u00e9e aux services Google\u00a0Play\"", "\"common_google_play_services_enable_button\" : \"\u0418\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445\"", "\"generic_error_user_canceled\" : \"\u8a8d\u8a3c\u306f\u30e6\u30fc\u30b6\u30fc\u306b\u3088\u308a\u30ad\u30e3\u30f3\u30bb\u30eb\u3055\u308c\u307e\u3057\u305f\u3002\"", "\"abc_searchview_description_search\" : \"Telusuri\"", "\"fingerprint_error_no_fingerprints\" : \"Geen vingerafdrukke is geregistreer nie.\"", "\"fingerprint_error_hw_not_available\" : \"\u0425\u0430\u0440\u0434\u0432\u0435\u0440 \u0437\u0430 \u043e\u0442\u0438\u0441\u043a\u0435 \u043f\u0440\u0441\u0442\u0438\u0458\u0443 \u043d\u0438\u0458\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430\u043d.\"", "\"common_google_play_services_notification_channel_name\" : \"Dost\u0119pno\u015b\u0107 Us\u0142ug Google Play\"", "\"abc_menu_delete_shortcut_label\" : \"\u0443\u0441\u0442\u0433\u0430\u0445\"", "\"fingerprint_dialog_touch_sensor\" : \"Barmoq izi skaneriga tegining\"", "\"abc_menu_delete_shortcut_label\" : \"kustuta\"", "\"fingerprint_not_recognized\" : \"Neatpa\u017einta\"", "\"abc_toolbar_collapse_description\" : \"R\u00e9duire\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0b1f\u0b3f\u0b2a\u0b1a\u0b3f\u0b39\u0b4d\u0b28 \u0b38\u0b47\u0b28\u0b38\u0b30\u0b4d\u200c\u0b15\u0b41 \u0b1b\u0b41\u0b05\u0b01\u0b28\u0b4d\u0b24\u0b41\"", "\"generic_error_user_canceled\" : \"Pengesahan dibatalkan oleh pengguna.\"", "\"abc_searchview_description_clear\" : \"\u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf \u09ae\u09c1\u099b\u09c7 \u09ab\u09c7\u09b2\u09c1\u09a8\"", "\"common_google_play_services_enable_button\" : \"Aktivera\"", "\"common_google_play_services_wear_update_text\" : \"Google Play xizmatlarining yangi versiyasi zarur. U o\u2018zini qisqa vaqt ichida yangilaydi.\"", "\"abc_searchview_description_clear\" : \"\u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40 \u0b16\u0b3e\u0b32\u0b3f \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_searchview_description_submit\" : \"\u041d\u0430\u0456\u0441\u043b\u0430\u0442\u0438 \u0437\u0430\u043f\u0438\u0442\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u200eCtrl+\u200e\"", "\"common_google_play_services_install_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e Google Play, t\u00eb cilat mungojn\u00eb n\u00eb pajisjen t\u00ebnde.\"", "\"abc_searchview_description_search\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_action_menu_overflow_description\" : \"\u091c\u093c\u094d\u092f\u093e\u0926\u093e \u0935\u093f\u0915\u0932\u094d\u092a\"", "\"common_google_play_services_update_button\" : \"Posodobi\"", "\"abc_capital_on\" : \"\u0418\u0414\u042d\u0412\u0425\u0422\u042d\u0419\"", "\"abc_searchview_description_clear\" : \"So\u2018rovni o\u2018chirish\"", "\"abc_action_bar_home_description\" : \"\u8f6c\u5230\u9996\u9875\"", "\"abc_activitychooserview_choose_application\" : \"\u0b17\u0b4b\u0b1f\u0b3f\u0b0f \u0b06\u0b2a\u0b4d\u200d \u0b2c\u0b3e\u0b1b\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_activity_chooser_view_see_all\" : \"Tout afficher\"", "\"abc_activitychooserview_choose_application\" : \"\u0d06\u0d2a\u0d4d\u0d2a\u0d4d \u0d24\u0d3f\u0d30\u0d1e\u0d4d\u0d1e\u0d46\u0d1f\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"default_error_msg\" : \"\u0985\u099c\u09cd\u099e\u09be\u09a4 \u0986\u09b8\u09cb\u0981\u09f1\u09be\u09b9\"", "\"abc_capital_on\" : \"ACTIVER\"", "\"common_signin_button_text_long\" : \"Google \u092e\u093e\u0930\u094d\u092b\u0924 \u0938\u093e\u0907\u0928\u200d \u0907\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services-fout\"", "\"fingerprint_error_hw_not_available\" : \"\u7121\u6cd5\u4f7f\u7528\u6307\u7d0b\u786c\u4ef6\u3002\"", "\"abc_search_hint\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\u2026\"", "\"abc_action_mode_done\" : \"Gereed\"", "\"abc_shareactionprovider_share_with_application\" : \"%s orqali ulashish\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e0 si no actives Serveis de Google Play.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52a1\u7684\u9002\u7528\u8303\u56f4\"", "\"abc_action_menu_overflow_description\" : \"\u0ab5\u0aa7\u0ac1 \u0ab5\u0abf\u0a95\u0ab2\u0acd\u0aaa\u0acb\"", "\"abc_action_menu_overflow_description\" : \"Tov\u00e1bbi lehet\u0151s\u00e9gek\"", "\"common_signin_button_text\" : \"\u041a\u0456\u0440\u0443\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0438 \u0441 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u041c\u043e\u043b\u044f, \u043e\u043f\u0438\u0442\u0430\u0439\u0442\u0435 \u043e\u0442\u043d\u043e\u0432\u043e.\"", "\"common_signin_button_text_long\" : \"Inloggen met Google\"", "\"fingerprint_not_recognized\" : \"\u041d\u0435 \u0440\u043e\u0437\u043f\u0456\u0437\u043d\u0430\u043d\u043e\"", "\"abc_action_menu_overflow_description\" : \"M\u00e1is opci\u00f3ns\"", "\"abc_menu_sym_shortcut_label\" : \"Symbol\u00a0+\u00a0\"", "\"abc_capital_on\" : \"SEES\"", "\"common_signin_button_text_long\" : \"Google \u0aae\u0abe\u0a82 \u0ab8\u0abe\u0a87\u0aa8 \u0a87\u0aa8 \u0a95\u0ab0\u0acb\"", "\"default_error_msg\" : \"\u05e9\u05d2\u05d9\u05d0\u05d4 \u05dc\u05d0 \u05d9\u05d3\u05d5\u05e2\u05d4\"", "\"fingerprint_error_hw_not_present\" : \"Aquest dispositiu no t\u00e9 sensor d'empremtes digitals\"", "\"search_menu_title\" : \"\u0406\u0437\u0434\u0435\u0443\"", "\"abc_search_hint\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\u2026\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ngeke isebenze ngaphandle kwamasevisi e-Google Play, angasekelwa idivayisi yakho.\"", "\"common_google_play_services_enable_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u1019\u1016\u103d\u1004\u1037\u103a\u101e\u104d %1$s \u101e\u100a\u103a\u1021\u101c\u102f\u1015\u103a\u101c\u102f\u1015\u103a\u1019\u100a\u103a\u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"abc_activitychooserview_choose_application\" : \"Alege\u021bi o aplica\u021bie\"", "\"common_open_on_phone\" : \"\u30b9\u30de\u30fc\u30c8\u30d5\u30a9\u30f3\u3067\u958b\u304f\"", "\"common_google_play_services_updating_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play na kasalukuyang ina-update.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e \u090f\u0930\u0930\"", "\"abc_searchview_description_search\" : \"Ara\"", "\"fingerprint_not_recognized\" : \"Ez da ezagutu\"", "\"common_open_on_phone\" : \"\u0daf\u0dd4\u0dbb\u0d9a\u0dae\u0db1\u0dba \u0dad\u0dd4\u0dc5 \u0dc0\u0dd2\u0dc0\u0dd8\u0dad \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_update_title\" : \"\u0539\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"abc_menu_space_shortcut_label\" : \"\u0431\u043e\u0448\u0442\u0443\u043a\"", "\"abc_search_hint\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\u2026\"", "\"abc_action_bar_home_description\" : \"Prejs\u0165 na plochu\"", "\"common_google_play_services_install_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10d4\u10da\u10d8\u10ea \u10d0\u10d9\u10da\u10d8\u10d0 \u10d7\u10e5\u10d5\u10d4\u10dc\u10e1 \u10db\u10dd\u10ec\u10e7\u10dd\u10d1\u10d8\u10da\u10dd\u10d1\u10d0\u10e1.\"", "\"fingerprint_error_hw_not_available\" : \"Hardware voor vingerafdruk niet beschikbaar.\"", "\"common_google_play_services_update_button\" : \"\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\"", "\"abc_searchview_description_query\" : \"\u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u0633\u062a\u062c\u0648\"", "\"common_open_on_phone\" : \"Buka pada telefon\"", "\"fingerprint_error_no_fingerprints\" : \"\u0410\u0434\u0431\u0456\u0442\u043a\u0456 \u043f\u0430\u043b\u044c\u0446\u0430\u045e \u043d\u0435 \u0437\u0430\u0440\u044d\u0433\u0456\u0441\u0442\u0440\u0430\u0432\u0430\u043d\u044b.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Podru\u010dje poruke za pomo\u0107\"", "\"common_google_play_services_notification_ticker\" : \"Fel p\u00e5 Google Play-tj\u00e4nster\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0627\u0644\u0645\u0633 \u0632\u0631 \u0627\u0633\u062a\u0634\u0639\u0627\u0631 \u0628\u0635\u0645\u0629 \u0627\u0644\u0625\u0635\u0628\u0639\"", "\"common_google_play_services_notification_channel_name\" : \"Disp. de los Servicios de Google\u200c\u200c\u200c\u00a0Play\"", "\"abc_searchview_description_submit\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1005\u101b\u102c \u1021\u1001\u103b\u1000\u103a\u1021\u101c\u1000\u103a\u1000\u102d\u102f \u1015\u1031\u1038\u1015\u102d\u102f\u1037\u101b\u1014\u103a\"", "\"common_google_play_services_update_title\" : \"Actualiza\u021bi serviciile Google Play\"", "\"abc_action_bar_home_description\" : \"Joan orri nagusira\"", "\"abc_searchview_description_search\" : \"Haku\"", "\"abc_searchview_description_query\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u09be \u09aa\u09cd\u09f0\u09b6\u09cd\u09a8\"", "\"abc_searchview_description_clear\" : \"Ta bort fr\u00e5gan\"", "\"fingerprint_error_hw_not_present\" : \"\u1024\u1005\u1000\u103a\u1015\u1005\u1039\u1005\u100a\u103a\u1038\u1010\u103d\u1004\u103a \u101c\u1000\u103a\u1017\u103d\u1031\u1021\u102c\u101b\u102f\u1036\u1001\u1036\u1000\u102d\u101b\u102d\u101a\u102c \u1019\u101b\u103e\u102d\u1015\u102b\"", "\"abc_searchview_description_query\" : \"\u0a16\u0a4b\u0a1c \u0a2a\u0a41\u0a71\u0a1b\u0a17\u0a3f\u0a71\u0a1b\"", "\"fingerprint_error_user_canceled\" : \"\u0aab\u0abf\u0a82\u0a97\u0ab0\u0aaa\u0acd\u0ab0\u0abf\u0aa8\u0acd\u0a9f \u0a9a\u0a95\u0abe\u0ab8\u0ab5\u0abe\u0aa8\u0ac0 \u0aaa\u0acd\u0ab0\u0a95\u0acd\u0ab0\u0abf\u0aaf\u0abe \u0ab5\u0aaa\u0ab0\u0abe\u0ab6\u0a95\u0ab0\u0acd\u0aa4\u0abe\u0a8f \u0ab0\u0aa6 \u0a95\u0ab0\u0ac0.\"", "\"common_google_play_services_notification_ticker\" : \"\u03a3\u03c6\u03ac\u03bb\u03bc\u03b1 \u03a5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"common_google_play_services_update_title\" : \"\u041e\u043d\u043e\u0432\u0456\u0442\u044c \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"abc_action_menu_overflow_description\" : \"Mai multe op\u021biuni\"", "\"abc_shareactionprovider_share_with\" : \"Dijeli sa\"", "\"fingerprint_dialog_touch_sensor\" : \"Raak die vingerafdruksensor\"", "\"abc_toolbar_collapse_description\" : \"Yig\u2018ish\"", "\"abc_searchview_description_voice\" : \"Hlasov\u00e9 vyh\u013ead\u00e1vanie\"", "\"mtrl_picker_text_input_month_abbr\" : \"m\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u092a\u094d\u0930\u093e\u092a\u094d\u0924 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_shareactionprovider_share_with\" : \"\u09b6\u09c7\u09af\u09bc\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_enable_title\" : \"Google\u00a0Play pakalpojumu iesp\u0113jo\u0161ana\"", "\"search_menu_title\" : \"Ara\"", "\"common_google_play_services_update_button\" : \"\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\"", "\"abc_menu_delete_shortcut_label\" : \"\u062d\u0630\u0641\"", "\"search_menu_title\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "\"fingerprint_not_recognized\" : \"\u041d\u0435\u043f\u043e\u0437\u043d\u0430\u0442\"", "\"abc_activity_chooser_view_see_all\" : \"Prika\u017ei sve\"", "\"abc_activity_chooser_view_see_all\" : \"Ikusi guztiak\"", "\"abc_action_bar_home_description\" : \"\u0917\u0943\u0939 \u092a\u0943\u0937\u094d\u0920\u092e\u093e \u091c\u093e\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_notification_ticker\" : \"Hitilafu kwenye huduma za Google Play\"", "\"abc_capital_on\" : \"\u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"abc_capital_on\" : \"\u062a\u0641\u0639\u064a\u0644\"", "\"fingerprint_error_user_canceled\" : \"Opera\u021biunea privind amprenta digital\u0103 a fost anulat\u0103 de utilizator.\"", "\"abc_toolbar_collapse_description\" : \"\u0ab8\u0a82\u0a95\u0ac1\u0a9a\u0abf\u0aa4 \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_install_button\" : \"\uc124\uce58\"", "\"abc_activitychooserview_choose_application\" : \"\u098f\u0995\u099f\u09bf \u0985\u09cd\u09af\u09be\u09aa \u09ac\u09c7\u099b\u09c7 \u09a8\u09bf\u09a8\"", "\"common_google_play_services_enable_title\" : \"Google Play-szolg\u00e1ltat\u00e1sok enged\u00e9lyez\u00e9se\"", "\"abc_capital_off\" : \"\u0417\u041d\u0418\u0416\u041a\u0410\"", "\"abc_activitychooserview_choose_application\" : \"\u05d1\u05d7\u05d9\u05e8\u05ea \u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4\"", "\"abc_menu_delete_shortcut_label\" : \"\u0b21\u0b3f\u0b32\u0b3f\u0b1f\u0b4d\u200d\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0bae\u0bc2\u0bb2\u0bae\u0bcd \u0baa\u0b95\u0bbf\u0bb0\u0bcd\"", "\"abc_menu_enter_shortcut_label\" : \"Enter\"", "\"abc_shareactionprovider_share_with_application\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200eShare with \u200e\u200f\u200e\u200e\u200f\u200f\u200e%s\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u66f4\u65b0\"", "\"generic_error_user_canceled\" : \"\u0555\u0563\u057f\u0561\u057f\u0565\u0580\u0568 \u0579\u0565\u0572\u0561\u0580\u056f\u0565\u056c \u0567 \u0576\u0578\u0582\u0575\u0576\u0561\u056f\u0561\u0576\u0561\u0581\u0578\u0582\u0574\u0568\u0589\"", "\"abc_action_mode_done\" : \"Gotovo\"", "\"common_open_on_phone\" : \"\u0d2b\u0d4b\u0d23\u0d3f\u0d7d \u0d24\u0d41\u0d31\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Zona mesajelor de ajutor\"", "\"abc_action_mode_done\" : \"\u062a\u0645\"", "\"abc_shareactionprovider_share_with\" : \"\u0c35\u0c40\u0c30\u0c3f\u0c24\u0c4b \u0c37\u0c47\u0c30\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"fingerprint_error_hw_not_available\" : \"Nen\u00ed k\u00a0dispozici hardware ke sn\u00edm\u00e1n\u00ed otisk\u016f prst\u016f.\"", "\"common_signin_button_text\" : \"\u0412\u0445\u043e\u0434\"", "\"fingerprint_error_no_fingerprints\" : \"Aucune empreinte digitale enregistr\u00e9e.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s tiene problemas con los servicios de Google Play. Vuelve a intentarlo.\"", "\"common_signin_button_text_long\" : \"Kirjaudu Google-tilille\"", "\"abc_action_bar_home_description\" : \"\u0a98\u0ab0\u0aa8\u0acb \u0ab0\u0ab8\u0acd\u0aa4\u0acb \u0aac\u0aa4\u0abe\u0ab5\u0acb\"", "\"abc_action_menu_overflow_description\" : \"Meer opties\"", "\"fab_transformation_scrim_behavior\" : \"com.google.android.material.transformation.FabTransformationScrimBehavior\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0938\u0915\u094d\u0937\u092e \u092a\u093e\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_open_on_phone\" : \"Abrir no tel\u00e9fono\"", "\"search_menu_title\" : \"Keres\u00e9s\"", "\"mtrl_picker_toggle_to_year_selection\" : \"Tap to switch to selecting a year\"", "\"common_google_play_services_update_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0645\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b \u062e\u062f\u0645\u0627\u062a Google Play.\"", "\"abc_activitychooserview_choose_application\" : \"T\u0259tbiq se\u00e7in\"", "\"common_open_on_phone\" : \"Maak oop op foon\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u045e\u0432\u0435\u0440\u0445\"", "unwind_phase2", "\"abc_activitychooserview_choose_application\" : \"Scelta di un'app\"", "\"common_google_play_services_install_button\" : \"Setja upp\"", "\"abc_action_bar_up_description\" : \"Zulazulela phezulu\"", "\"common_google_play_services_enable_title\" : \"\u0544\u056b\u0561\u0581\u0576\u0565\u056c Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568\"", "\"fingerprint_error_hw_not_present\" : \"\u0b87\u0ba8\u0bcd\u0ba4\u0b9a\u0bcd \u0b9a\u0bbe\u0ba4\u0ba9\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b95\u0bc8\u0bb0\u0bc7\u0b95\u0bc8 \u0b9a\u0bc6\u0ba9\u0bcd\u0b9a\u0bbe\u0bb0\u0bcd \u0b87\u0bb2\u0bcd\u0bb2\u0bc8\"", "\"fingerprint_not_recognized\" : \"\u00deekktist ekki\"", "\"default_error_msg\" : \"\u10e3\u10ea\u10dc\u10dd\u10d1\u10d8 \u10e8\u10d4\u10ea\u10d3\u10dd\u10db\u10d0\"", "\"abc_searchview_description_search\" : \"Pesquisar\"", "\"common_signin_button_text\" : \"\u0ab8\u0abe\u0a87\u0aa8 \u0a87\u0aa8 \u0a95\u0ab0\u0acb\"", "\"default_error_msg\" : \"\u672a\u77e5\u9519\u8bef\"", "\"abc_activitychooserview_choose_application\" : \"\u090f\u0909\u091f\u093e \u0905\u0928\u0941\u092a\u094d\u0930\u092f\u094b\u0917 \u091b\u093e\u0928\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0cab\u0cbf\u0c82\u0c97\u0cb0\u0ccd\u200c\u0caa\u0ccd\u0cb0\u0cbf\u0c82\u0c9f\u0ccd \u0cb8\u0cc6\u0ca8\u0ccd\u0cb8\u0cb0\u0ccd\u200c\u200c \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb8\u0ccd\u0caa\u0cb0\u0ccd\u0cb6\u0cbf\u0cb8\u0cbf\"", "\"fingerprint_error_no_fingerprints\" : \"\ub4f1\ub85d\ub41c \uc9c0\ubb38\uc774 \uc5c6\uc2b5\ub2c8\ub2e4.\"", "\"common_google_play_services_install_button\" : \"Instal\u0113t\"", "\"common_open_on_phone\" : \"Opna \u00ed s\u00edmanum\"", "\"abc_capital_off\" : \"\u5173\u95ed\"", "\"generic_error_user_canceled\" : \"\u10d0\u10d5\u10e2\u10dd\u10e0\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0 \u10d2\u10d0\u10d0\u10e3\u10e5\u10db\u10d0 \u10db\u10dd\u10db\u10ee\u10db\u10d0\u10e0\u10d4\u10d1\u10d4\u10da\u10db\u10d0.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl\u00a0+\u00a0\"", "\"abc_searchview_description_clear\" : \"\u0645\u062d\u0648 \u0637\u0644\u0628 \u0627\u0644\u0628\u062d\u062b\"", "\"abc_action_bar_up_description\" : \"Fara upp\"", "\"confirm_device_credential_password\" : \"Kasuta parooli\"", "\"common_google_play_services_updating_text\" : \"%1$s sal nie sonder Google Play Dienste werk nie, wat tans opdateer.\"", "\"abc_shareactionprovider_share_with\" : \"\u0645\u0634\u0627\u0631\u0643\u0629 \u0645\u0639\"", "\"common_google_play_services_update_button\" : \"\u05e2\u05d3\u05db\u05df\"", "\"abc_shareactionprovider_share_with\" : \"\u041f\u043e\u0434\u0456\u043b\u0438\u0442\u0438\u0441\u044f:\"", "\"default_error_msg\" : \"\u0b05\u0b1c\u0b23\u0b3e \u0b24\u0b4d\u0b30\u0b41\u0b1f\u0b3f\"", "\"confirm_device_credential_password\" : \"Bruk passord\"", "\"common_signin_button_text\" : \"\u09b8\u09be\u0987\u09a8-\u0987\u09a8 \u0995\u09b0\u09c1\u09a8\"", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043b\u044f\u0432\u0430\u0446\u044c\"", "\"abc_menu_function_shortcut_label\" : \"Function+\u200e\"", "\"common_google_play_services_updating_text\" : \"\u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kurios \u0161iuo metu atnaujinamos.\"", "\"common_google_play_services_updating_text\" : \"%1$s no se ejecutar\u00e1 sin los servicios de Google Play. La plataforma se est\u00e1 actualizando en este momento.\"", "\"search_menu_title\" : \"Axtar\u0131n\"", "\"fingerprint_error_no_fingerprints\" : \"\u0995\u09cb\u09a8\u0993 \u0986\u0999\u09cd\u0997\u09c1\u09b2\u09c7\u09b0 \u099b\u09be\u09aa \u09a8\u09a5\u09bf\u09ad\u09c1\u0995\u09cd\u09a4 \u09a8\u09c7\u0987\u0964\"", "\"fingerprint_error_user_canceled\" : \"Pir\u0161to antspaudo operacij\u0105 at\u0161auk\u0117 naudotojas.\"", "\"common_signin_button_text\" : \"\u0a38\u0a3e\u0a08\u0a28-\u0a07\u0a28 \u0a15\u0a30\u0a4b\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Zona e mesazhit t\u00eb ndihm\u00ebs\"", "\"abc_prepend_shortcut_label\" : \"\u0b2e\u0b47\u0b28\u0b41\"", "\"abc_activity_chooser_view_see_all\" : \"Tingnan lahat\"", "\"fingerprint_error_user_canceled\" : \"\u0b95\u0bc8\u0bb0\u0bc7\u0b95\u0bc8\u0b9a\u0bcd \u0b9a\u0bb0\u0bbf\u0baa\u0bbe\u0bb0\u0bcd\u0baa\u0bcd\u0baa\u0bc1 \u0baa\u0baf\u0ba9\u0bb0\u0bbe\u0bb2\u0bcd \u0bb0\u0ba4\u0bcd\u0ba4\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0baf\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bc1.\"", "\"abc_menu_shift_shortcut_label\" : \"MAIUSC +\"", "\"confirm_device_credential_password\" : \"\u03a7\u03c1\u03ae\u03c3\u03b7 \u03ba\u03c9\u03b4\u03b9\u03ba\u03bf\u03cd \u03c0\u03c1\u03cc\u03c3\u03b2\u03b1\u03c3\u03b7\u03c2\"", "\"abc_menu_delete_shortcut_label\" : \"\u0939\u091f\u0935\u093e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u00eent\u00e2mpin\u0103 probleme privind serviciile Google Play. \u00cencerca\u021bi din nou.\"", "\"common_google_play_services_unknown_issue\" : \"O app %1$s est\u00e1 com problemas com o Google Play Services. Tente novamente.\"", "\"abc_capital_off\" : \"DESACTIVADO\"", "\"common_google_play_services_enable_button\" : \"Aktivieren\"", "\"confirm_device_credential_password\" : \"\u10de\u10d0\u10e0\u10dd\u10da\u10d8\u10e1 \u10d2\u10d0\u10db\u10dd\u10e7\u10d4\u10dc\u10d4\u10d1\u10d0\"", "\"abc_search_hint\" : \"\uac80\uc0c9...\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0430\u0439\u0441\u0446\u0456 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0443\u044e \u0441\u0442\u0430\u0440\u043e\u043d\u043a\u0443\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u05d0\u05d6\u05d5\u05e8 \u05d4\u05d5\u05d3\u05e2\u05ea \u05e2\u05d6\u05e8\u05d4\"", "\"abc_menu_enter_shortcut_label\" : \"retur\"", "\"abc_searchview_description_clear\" : \"\u0421\u04b1\u0440\u0430\u0443\u0434\u044b \u04e9\u0448\u0456\u0440\u0443\"", "\"abc_menu_delete_shortcut_label\" : \"\u0e25\u0e1a\"", "\"abc_searchview_description_search\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\"", "\"default_error_msg\" : \"Nezn\u00e1ma chyba\"", "\"abc_menu_meta_shortcut_label\" : \"\u201eMeta\u201c +\"", "\"abc_searchview_description_submit\" : \"Odosla\u0165 dopyt\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0c38\u0c47\u0c35\u0c32 \u0c0e\u0c30\u0c4d\u0c30\u0c30\u0c4d\"", "\"common_google_play_services_unknown_issue\" : \"Aplikacija %1$s ima problema s Google Play uslugama. Poku\u0161ajte ponovo.\"", "\"common_open_on_phone\" : \"Ouvrir sur le t\u00e9l\u00e9phone\"", "\"fingerprint_error_no_fingerprints\" : \"Nie zarejestrowano odcisk\u00f3w palc\u00f3w.\"", "\"fingerprint_error_user_canceled\" : \"\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u043a\u043e\u0442 \u0458\u0430 \u043e\u0442\u043a\u0430\u0436\u0430 \u043f\u043e\u0442\u0432\u0440\u0434\u0430\u0442\u0430 \u0441\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u043a.\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0435\u0431\u043d\u0430 \u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0437\u0438\u0458\u0430 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play. \u0422\u0430\u0430 \u043d\u0430\u0441\u043a\u043e\u0440\u043e \u0441\u0430\u043c\u0430\u0442\u0430 \u045c\u0435 \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430.\"", "\"abc_action_menu_overflow_description\" : \"Jo\u0161 opcija\"", "\"common_google_play_services_notification_ticker\" : \"Google\u00a0Play pakalpojumu k\u013c\u016bda\"", "\"fingerprint_error_no_fingerprints\" : \"\u5c1a\u672a\u8a3b\u518a\u4efb\u4f55\u6307\u7d0b\u3002\"", "\"abc_activitychooserview_choose_application\" : \"Pumili ng app\"", "\"abc_activity_chooser_view_see_all\" : \"\u1201\u1209\u1295\u121d \u12ed\u1218\u120d\u12a8\u1271\"", "\"common_google_play_services_install_text\" : \"\u0ca8\u0cbf\u0cae\u0ccd\u0cae \u0cb8\u0cbe\u0ca7\u0ca8\u0ca6\u0cbf\u0c82\u0ca6 \u0c95\u0cbe\u0ca3\u0cc6\u0caf\u0cbe\u0c97\u0cbf\u0cb0\u0cc1\u0cb5 %1$s, Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"abc_searchview_description_voice\" : \"K\u00ebrkim me z\u00eb\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c, \u043f\u0430\u043a\u0443\u043b\u044c \u0432\u044b \u043d\u0435 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u043b\u0443\u0436\u0431\u044b Google Play.\"", "\"abc_searchview_description_search\" : \"Qidiruv\"", "\"common_google_play_services_update_button\" : \"Mettre \u00e0 jour\"", "\"confirm_device_credential_password\" : \"\u041d\u0443\u0443\u0446 \u04af\u0433 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\"", "\"abc_menu_delete_shortcut_label\" : \"\u05de\u05d7\u05d9\u05e7\u05d4\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Omr\u00e5de f\u00f6r hj\u00e4lpmeddelande\"", "\"abc_shareactionprovider_share_with_application\" : \"\u1208%s \u12a0\u130b\u122b\"", "\"abc_search_hint\" : \"Otsige \u2026\"", "\"abc_menu_shift_shortcut_label\" : \"Shift \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"generic_error_user_canceled\" : \"\u0425\u044d\u0440\u044d\u0433\u043b\u044d\u0433\u0447 \u043d\u043e\u0442\u043e\u043b\u0433\u043e\u043e\u0433 \u0446\u0443\u0446\u0430\u043b\u0441\u0430\u043d.\"", "\"confirm_device_credential_password\" : \"Utilizza password\"", "\"common_google_play_services_update_title\" : \"Opdater Google Play-tjenester\"", "\"common_google_play_services_enable_title\" : \"Google Play-services inschakelen\"", "\"abc_activitychooserview_choose_application\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200eChoose an app\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"confirm_device_credential_password\" : \"Jelsz\u00f3 haszn\u00e1lata\"", "\"abc_shareactionprovider_share_with\" : \"\u041f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e0 di Google Play Services\"", "\"abc_activitychooserview_choose_application\" : \"Seleccionar una aplicaci\u00f3n\"", "\"fingerprint_error_hw_not_present\" : \"Selles seadmes pole s\u00f5rmej\u00e4ljeandurit\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0414\u043e\u043a\u043e\u0441\u043d\u0435\u0442\u0435 \u0441\u0435\u043d\u0437\u043e\u0440\u0430 \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u044a\u0446\u0438\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0443\u0441\u0430\u0434 \u0441\u043e\u043d\u0433\u043e\u043b\u0442\"", "\"fingerprint_error_hw_not_present\" : \"This device does not have a fingerprint sensor\"", "\"common_google_play_services_updating_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u00a0%1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03ce\u03bd\u03bf\u03bd\u03c4\u03b1\u03b9 \u03b1\u03c5\u03c4\u03ae\u03bd \u03c4\u03b7 \u03c3\u03c4\u03b9\u03b3\u03bc\u03ae.\"", "\"abc_searchview_description_query\" : \"Consulta de pesquisa\"", "\"status_bar_notification_info_overflow\" : \">999\"", "\"fingerprint_error_hw_not_available\" : \"Pirksta nospieduma aparat\u016bra nav pieejama.\"", "\"generic_error_user_canceled\" : \"Autentifikatsiya foydalanuvchi tomonidan bekor qilindi\"", "\"confirm_device_credential_password\" : \"\u0aaa\u0abe\u0ab8\u0ab5\u0ab0\u0acd\u0aa1\u0aa8\u0acb \u0a89\u0aaa\u0aaf\u0acb\u0a97 \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_install_title\" : \"\u0418\u0437\u0442\u0435\u0433\u043b\u044f\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"abc_menu_shift_shortcut_label\" : \"Shift\u00a0+\"", "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s \u2013 End date\"", "\"abc_searchview_description_query\" : \"\u0ab6\u0acb\u0aa7 \u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0\"", "\"abc_searchview_description_voice\" : \"\u0410\u0439\u0442\u044b\u043f \u0438\u0437\u0434\u04e9\u04e9\"", "\"fingerprint_dialog_touch_sensor\" : \"Toque no sensor de impress\u00f5es digitais\"", "\"abc_shareactionprovider_share_with\" : \"Zdie\u013ea\u0165 s\"", "\"abc_action_bar_up_description\" : \"Torna indietro\"", "\"fingerprint_error_hw_not_present\" : \"Aucun lecteur d'empreinte digitale n'est install\u00e9 sur cet appareil\"", "\"abc_action_bar_up_description\" : \"P\u0159ej\u00edt nahoru\"", "\"abc_shareactionprovider_share_with\" : \"Del med\"", "\"common_google_play_services_enable_button\" : \"Inschakelen\"", "\"abc_action_bar_up_description\" : \"\u0627\u0644\u062a\u0646\u0642\u0644 \u0625\u0644\u0649 \u0623\u0639\u0644\u0649\"", "\"fingerprint_error_lockout\" : \"\u0a2c\u0a39\u0a41\u0a24 \u0a1c\u0a3c\u0a3f\u0a06\u0a26\u0a3e \u0a15\u0a4b\u0a38\u0a3c\u0a3f\u0a38\u0a3c\u0a3e\u0a02\u0964 \u0a15\u0a3f\u0a30\u0a2a\u0a3e \u0a15\u0a30\u0a15\u0a47 \u0a2c\u0a3e\u0a05\u0a26 \u0a35\u0a3f\u0a71\u0a1a \u0a26\u0a41\u0a2c\u0a3e\u0a30\u0a3e \u0a15\u0a4b\u0a38\u0a3c\u0a3f\u0a38\u0a3c \u0a15\u0a30\u0a4b\u0964\"", "\"common_google_play_services_enable_text\" : \"%1$s non funzioner\u00e0 se non attivi Google Play Services.\"", "\"abc_search_hint\" : \"Mekl\u0113jiet\u2026\"", "\"common_open_on_phone\" : \"Telefonda a\u00e7\u0131n\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play xizmatlarining mavjudligi\"", "\"fingerprint_dialog_touch_sensor\" : \"Kosketa sormenj\u00e4lkitunnistinta\"", "\"fingerprint_error_hw_not_available\" : \"\u6307\u7eb9\u786c\u4ef6\u65e0\u6cd5\u4f7f\u7528\u3002\"", "\"common_google_play_services_wear_update_text\" : \"Uusi Google Play Palveluiden versio tarvitaan. Se p\u00e4ivittyy pian.\"", "\"fingerprint_error_hw_not_present\" : \"\u054d\u0561\u0580\u0584\u0568 \u0579\u0578\u0582\u0576\u056b \u0574\u0561\u057f\u0576\u0561\u0570\u0565\u057f\u0584\u0565\u0580\u056b \u057d\u056f\u0561\u0576\u0565\u0580\"", "\"common_google_play_services_enable_button\" : \"Povoli\u0165\"", "\"common_google_play_services_enable_button\" : \"\u0544\u056b\u0561\u0581\u0576\u0565\u056c\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u0441\u0435\"", "\"common_signin_button_text\" : \"Conecta\u021bi-v\u0103\"", "\"abc_menu_space_shortcut_label\" : \"espacio\"", "\"common_google_play_services_install_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc124\uce58\"", "\"fingerprint_error_lockout\" : \"Prea multe \u00eencerc\u0103ri. \u00cencerca\u021bi din nou mai t\u00e2rziu.\"", "\"abc_action_bar_home_description\" : \"\u200b\u1791\u17c5\u1791\u17c6\u1796\u17d0\u179a\u178a\u17be\u1798\"", "\"common_google_play_services_update_title\" : \"Kemaskinikan perkhidmatan Google Play\"", "\"abc_searchview_description_clear\" : \"Izbri\u0161i upit\"", "\"abc_action_menu_overflow_description\" : \"\u0531\u0575\u056c \u0568\u0576\u057f\u0580\u0561\u0576\u0584\u0576\u0565\u0580\"", "\"abc_action_bar_home_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430 \u043f\u043e\u0447\u0435\u0442\u043d\u0443\"", "\"abc_searchview_description_submit\" : \"\u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\u0c28\u0c3f \u0c38\u0c2e\u0c30\u0c4d\u0c2a\u0c3f\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"abc_searchview_description_voice\" : \"Tales\u00f8k\"", "\"common_google_play_services_wear_update_text\" : \"Je vy\u017eadov\u00e1na nov\u00e1 verze slu\u017eeb Google Play. Nov\u00e1 verze se brzy sama nainstaluje.\"", "\"mtrl_picker_out_of_range\" : \"Out of range: %1$s\"", "\"common_google_play_services_install_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini tiada pada peranti anda.\"", "\"common_open_on_phone\" : \"\u5728\u624b\u6a5f\u958b\u555f\"", "\"abc_menu_function_shortcut_label\" : \"Function+\"", "\"abc_action_bar_home_description\" : \"\ud648\uc73c\ub85c \uc774\ub3d9\"", "\"common_google_play_services_notification_ticker\" : \"Gabim n\u00eb sh\u00ebrbimet e \"Luaj me Google\"\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u8bbe\u5907\u6ca1\u6709\u5b89\u88c5 Google Play \u670d\u52a1\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"fingerprint_error_no_fingerprints\" : \"\u672a\u767b\u9304\u4efb\u4f55\u6307\u7d0b\u3002\"", "\"common_google_play_services_enable_button\" : \"Omogo\u010di\"", "\"abc_menu_shift_shortcut_label\" : \"May\u00fascula+\"", "unknown register", "\"common_google_play_services_wear_update_text\" : \"\uc0c8 \ubc84\uc804\uc758 Google Play \uc11c\ube44\uc2a4\uac00 \ud544\uc694\ud569\ub2c8\ub2e4. \uace7 \uc790\ub3d9\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8\ub429\ub2c8\ub2e4.\"", "\"abc_menu_shift_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200eShift+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_shareactionprovider_share_with_application\" : \"Delen met %s\"", "\"abc_activity_chooser_view_see_all\" : \"See all\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32 \u0a38\u0a15\u0a47\u0a17\u0a40, \u0a1c\u0a4b \u0a24\u0a41\u0a39\u0a3e\u0a21\u0a47 \u0a21\u0a40\u0a35\u0a3e\u0a08\u0a38 '\u0a24\u0a47 \u0a38\u0a2e\u0a30\u0a25\u0a3f\u0a24 \u0a28\u0a39\u0a40\u0a02 \u0a39\u0a28\u0964\"", "\"abc_prepend_shortcut_label\" : \"\u05ea\u05e4\u05e8\u05d9\u05d8+\"", "\"common_google_play_services_enable_button\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0e99\u0eb3\u0ec3\u0e8a\u0ec9\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"default_error_msg\" : \"Nepoznata pogre\u0161ka\"", "\"common_google_play_services_unsupported_text\" : \"No es posible ejecutar la aplicaci\u00f3n %1$s sin los Servicios de Google Play, que no son compatibles con tu dispositivo.\"", "\"fingerprint_error_lockout\" : \"\u00c8 stato effettuato un numero eccessivo di tentativi. Riprova pi\u00f9 tardi.\"", "\"common_google_play_services_update_button\" : \"G\u00fcnc\u0259ll\u0259yin\"", "\"abc_capital_on\" : \"\u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u1016\u103c\u1004\u1037\u103a \u1019\u103b\u103e\u101d\u1031\u101b\u1014\u103a\"", "\"abc_searchview_description_submit\" : \"\u0627\u0633\u062a\u0641\u0633\u0627\u0631 \u062c\u0645\u0639 \u06a9\u0631\u0627\u0626\u06cc\u06ba\"", "\"common_google_play_services_enable_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas activ\u00e9 les services Google Play.\"", "\"common_google_play_services_update_title\" : \"Aktualiz\u00e1cia slu\u017eieb Google Play\"", "\"default_error_msg\" : \"\u0a85\u0a9c\u0abe\u0aa3\u0ac0 \u0aad\u0ac2\u0ab2\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0430\u043a\u0430\u0437\u0430\u0446\u044c \u0443\u0441\u0435\"", "\"fingerprint_error_hw_not_present\" : \"\u0411\u04b1\u043b \u049b\u04b1\u0440\u044b\u043b\u0493\u044b\u0434\u0430 \u0441\u0430\u0443\u0441\u0430\u049b \u0456\u0437\u0456\u043d \u043e\u049b\u0443 \u0441\u043a\u0430\u043d\u0435\u0440\u0456 \u0436\u043e\u049b\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0422\u043e\u0440\u043a\u043d\u0456\u0442\u044c\u0441\u044f \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u0432\u0456\u0434\u0431\u0438\u0442\u043a\u0456\u0432 \u043f\u0430\u043b\u044c\u0446\u0456\u0432\"", "\"search_menu_title\" : \"Ie\u0161koti\"", "\"abc_shareactionprovider_share_with\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435 \u0441\u044a\u0441:\"", "\"fingerprint_error_user_canceled\" : \"\u0a2b\u0a3f\u0a70\u0a17\u0a30\u0a2a\u0a4d\u0a30\u0a3f\u0a70\u0a1f \u0a26\u0a47 \u0a2a\u0a41\u0a38\u0a3c\u0a1f\u0a40\u0a15\u0a30\u0a28 \u0a26\u0a40 \u0a15\u0a3e\u0a30\u0a35\u0a3e\u0a08 \u0a35\u0a30\u0a24\u0a4b\u0a02\u0a15\u0a3e\u0a30 \u0a35\u0a71\u0a32\u0a4b\u0a02 \u0a30\u0a71\u0a26 \u0a15\u0a40\u0a24\u0a40 \u0a17\u0a08\u0964\"", "\"common_google_play_services_install_button\" : \"\u012ediegti\"", "\"default_error_msg\" : \"\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430\"", "\"abc_capital_off\" : \"IZSL\u0112GT\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e4lj en app\"", "\"abc_search_hint\" : \"\u0936\u094b\u0927\u093e\u2026\"", "\"abc_searchview_description_clear\" : \"\u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8 \u0dc4\u0dd2\u0dc3\u0dca \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_shareactionprovider_share_with\" : \"\u0b0f\u0b39\u0b3e\u0b19\u0b4d\u0b15 \u0b38\u0b39 \u0b38\u0b47\u0b5f\u0b3e\u0b30\u0b4d\u200c \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_searchview_description_query\" : \"Dotaz pro vyhled\u00e1v\u00e1n\u00ed\"", "\"common_google_play_services_enable_title\" : \"\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"abc_searchview_description_submit\" : \"Skicka fr\u00e5ga\"", "\"abc_activity_chooser_view_see_all\" : \"\u062f\u06cc\u062f\u0646 \u0647\u0645\u0647\"", "\"search_menu_title\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"confirm_device_credential_password\" : \"Utiliser un mot de passe\"", "\"abc_shareactionprovider_share_with\" : \"\u0411\u04e9\u043b\u0456\u0441\u0443\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play Tjenester-tilgjengelighet\"", "\"common_google_play_services_notification_ticker\" : \"Erro nos servizos de Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\u05d4\u05e6\u05d2\u05ea \u05d4\u05db\u05d5\u05dc\"", "\"fingerprint_error_user_canceled\" : \"Notandi h\u00e6tti vi\u00f0 a\u00f0 nota fingrafar.\"", "\"confirm_device_credential_password\" : \"Erabili pasahitza\"", "\"abc_action_bar_home_description\" : \"P\u0159ej\u00edt na plochu\"", "\"common_google_play_services_update_title\" : \"Aggiorna Google Play Services\"", "\"abc_shareactionprovider_share_with\" : \"Condividi con\"", "\"generic_error_user_canceled\" : \"Autentiseringen ble avbrutt av brukeren.\"", "\"generic_error_user_canceled\" : \"\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430\u0442\u0430 \u0435 \u043e\u0442\u043a\u0430\u0436\u0430\u043d\u0430 \u043e\u0434 \u043a\u043e\u0440\u0438\u0441\u043d\u0438\u043a\u043e\u0442.\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u0430\u0441\u0442\u0443\u043f\u043d\u0430\u0441\u0446\u044c \u0441\u044d\u0440\u0432\u0456\u0441\u0430\u045e Google Play\"", "\"common_google_play_services_enable_text\" : \"%1$s werkt niet, tenzij je Google Play-services inschakelt.\"", "\"abc_action_bar_home_description\" : \"Navegar para a p\u00e1gina inicial\"", "\"abc_searchview_description_submit\" : \"P\u00e4ringu esitamine\"", "\"abc_action_bar_up_description\" : \"\u0631\u0641\u062a\u0646 \u0628\u0647 \u0628\u0627\u0644\u0627\"", "\"common_open_on_phone\" : \"Otvori na telefonu\"", "\"common_google_play_services_update_text\" : \"Aplik\u00e1ciu %1$s bude mo\u017en\u00e9 spusti\u0165 a\u017e po aktualiz\u00e1cii slu\u017eieb Google Play.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u0442\u044a\u0439 \u043a\u0430\u0442\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play \u043d\u0435 \u0441\u0435 \u043f\u043e\u0434\u0434\u044a\u0440\u0436\u0430\u0442 \u043e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u0442\u043e \u0432\u0438.\"", "\"default_error_msg\" : \"Error desconegut\"", "\"abc_menu_function_shortcut_label\" : \"Function \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a05\u0a38\u0a3c\u0a41\u0a71\u0a27\u0a40\"", "\"abc_capital_off\" : \"\u0c86\u0cab\u0ccd\"", "\"common_google_play_services_enable_text\" : \"Aplikacija %1$s ne\u0107e raditi ako ne omogu\u0107ite Google Play usluge.\"", "\"common_google_play_services_unknown_issue\" : \"A(z) %1$s alkalmaz\u00e1s probl\u00e9m\u00e1ba \u00fctk\u00f6z\u00f6tt a Google Play-szolg\u00e1ltat\u00e1sok haszn\u00e1lata sor\u00e1n. Pr\u00f3b\u00e1lkozzon \u00fajra.\"", "\"common_google_play_services_update_button\" : \"Uppdatera\"", "\"abc_action_bar_home_description\" : \"Mag-navigate sa home\"", "\"abc_capital_on\" : \"AKTIF\"", "\"abc_menu_enter_shortcut_label\" : \"\u043e\u0440\u0443\u0443\u043b\u0430\u0445\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Pagalbos prane\u0161imo sritis\"", "\"abc_searchview_description_submit\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb8\u0cb2\u0ccd\u0cb2\u0cbf\u0cb8\u0cbf\"", "\"abc_shareactionprovider_share_with_application\" : \"Bagikan dengan %s\"", "\"abc_searchview_description_search\" : \"Realiza buscas\"", "\"common_google_play_services_updating_text\" : \"%1$s \u12eb\u1208 Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1230\u122b\u121d\u1363 \u12a5\u1290\u1231 \u12f0\u130d\u121e \u1260\u12a0\u1201\u1291 \u130a\u12dc \u1260\u1218\u12d8\u1218\u1295 \u120b\u12ed \u1293\u1278\u12cd\u1362\"", "\"abc_searchview_description_query\" : \"\u0caa\u0ccd\u0cb0\u0cb6\u0ccd\u0ca8\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"fingerprint_error_lockout\" : \"Juda ko\u02bbp urinish amalga oshirildi. Keyinroq qaytadan urining.\"", "\"common_google_play_services_notification_ticker\" : \"B\u0142\u0105d Us\u0142ug Google Play\"", "\"abc_action_mode_done\" : \"\u092a\u0942\u0930\u094d\u0923 \u091d\u093e\u0932\u0947\"", "\"common_google_play_services_install_button\" : \"\u0ba8\u0bbf\u0bb1\u0bc1\u0bb5\u0bc1\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0647\u0645\u200c\u0631\u0633\u0627\u0646\u06cc \u0628\u0627 %s\"", "\"generic_error_user_canceled\" : \"\u0423\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u044f\u0432\u0430\u043d\u0435\u0442\u043e \u0435 \u0430\u043d\u0443\u043b\u0438\u0440\u0430\u043d\u043e \u043e\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b\u044f.\"", "\"fingerprint_error_lockout\" : \"\u0cb9\u0cb2\u0cb5\u0cc1 \u0cac\u0cbe\u0cb0\u0cbf \u0caa\u0ccd\u0cb0\u0caf\u0ca4\u0ccd\u0ca8\u0cbf\u0cb8\u0cbf\u0cb0\u0cc1\u0cb5\u0cbf\u0cb0\u0cbf \u0ca8\u0c82\u0ca4\u0cb0 \u0cae\u0ca4\u0ccd\u0ca4\u0cc6 \u0caa\u0ccd\u0cb0\u0caf\u0ca4\u0ccd\u0ca8\u0cbf\u0cb8\u0cbf.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a26\u0a40 \u0a09\u0a2a\u0a32\u0a2c\u0a27\u0a24\u0a3e\"", "\"abc_searchview_description_query\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\"", "\"common_google_play_services_install_title\" : \"Preuzimanje usluga Google Playa\"", "\"abc_search_hint\" : \"\u0c35\u0c46\u0c24\u0c15\u0c02\u0c21\u0c3f\u2026\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d46 \u0d2a\u0d3f\u0d36\u0d15\u0d4d\"", "\"fingerprint_error_user_canceled\" : \"\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u044f \u0441 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u043c \u043f\u0430\u043b\u044c\u0446\u0430 \u043e\u0442\u043c\u0435\u043d\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\"", "\"common_google_play_services_update_title\" : \"Oppdater Google Play-tjenester\"", "\"abc_capital_on\" : \"OUI\"", "\"generic_error_user_canceled\" : \"Autentica\u00e7\u00e3o cancelada pelo usu\u00e1rio.\"", "\"abc_toolbar_collapse_description\" : \"Reduzir\"", "\"common_google_play_services_install_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8\u0baa\u0bcd \u0baa\u0bc6\u0bb1\u0bb5\u0bc1\u0bae\u0bcd\"", "\"generic_error_user_canceled\" : \"\u0b09\u0b2a\u0b2f\u0b4b\u0b17\u0b15\u0b30\u0b4d\u0b24\u0b4d\u0b24\u0b3e\u0b19\u0b4d\u0b15 \u0b26\u0b4d\u0b71\u0b3e\u0b30\u0b3e \u0b2a\u0b4d\u0b30\u0b3e\u0b2e\u0b3e\u0b23\u0b3f\u0b15\u0b24\u0b3e \u0b2c\u0b3e\u0b24\u0b3f\u0b32\u0b4d \u0b15\u0b30\u0b3e\u0b2f\u0b3e\u0b07\u0b1b\u0b3f\u0964\"", "\"abc_capital_on\" : \"\u041a\u04ae\u0419\u04ae\u041a\"", "\"fingerprint_error_hw_not_present\" : \"Bu cihazda barmaq izi sensoru yoxdur\"", "\"fingerprint_error_user_canceled\" : \"Barmaq izi \u0259m\u0259liyyat\u0131 istifad\u0259\u00e7i t\u0259r\u0259find\u0259n l\u0259\u011fv edildi.\"", "\"common_google_play_services_update_button\" : \"\u062a\u062d\u062f\u064a\u062b\"", "\"mtrl_picker_range_header_selected\" : \"%1$s \u2013 %2$s\"", "\"abc_action_bar_home_description\" : \"\u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0\u0da7 \u0dc3\u0d82\u0da0\u0dcf\u0dbd\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_enable_text\" : \"%1$s fungerer ikke med mindre du sl\u00e5r p\u00e5 Google Play-tjenester.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s\uc740(\ub294) Google Play \uc11c\ube44\uc2a4 \uc5c6\uc774\ub294 \uc2e4\ud589\ub418\uc9c0 \uc54a\uc73c\ub098, \uae30\uae30\uc5d0\uc11c Google Play \uc11c\ube44\uc2a4\ub97c \uc9c0\uc6d0\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.\"", "\"generic_error_user_canceled\" : \"Autentikasi dibatalkan oleh pengguna.\"", "\"abc_capital_on\" : \"\u0622\u0646\"", "\"fingerprint_not_recognized\" : \"\u0c97\u0cc1\u0cb0\u0cc1\u0ca4\u0cbf\u0cb8\u0cb2\u0cbe\u0c97\u0cbf\u0cb2\u0ccd\u0cb2\"", "\"default_error_msg\" : \"Nezin\u0101ma k\u013c\u016bda\"", "\"confirm_device_credential_password\" : \"\u0412\u0432\u0435\u0441\u0442\u0438 \u043f\u0430\u0440\u043e\u043b\u044c\"", "\"fingerprint_not_recognized\" : \"Haitambuliwi\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0d87\u0d9f\u0dd2\u0dbd\u0dd2 \u0dc3\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0dc3\u0d82\u0dc0\u0dda\u0daf\u0d9a\u0dba \u0dc3\u0dca\u0db4\u0dbb\u0dca\u0dc1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"confirm_device_credential_password\" : \"\u0421\u044b\u0440\u0441\u04e9\u0437 \u043a\u043e\u043b\u0434\u043e\u043d\u0443\u0443\"", "\"common_google_play_services_update_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1021\u102c\u1038 \u1021\u1015\u103a\u1012\u102d\u1010\u103a\u1019\u101c\u102f\u1015\u103a\u1015\u102b\u1000 %1$s \u1021\u101c\u102f\u1015\u103a\u101c\u102f\u1015\u103a\u1019\u100a\u103a \u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"fingerprint_error_no_fingerprints\" : \"\u0533\u0580\u0561\u0576\u0581\u057e\u0561\u056e \u0574\u0561\u057f\u0576\u0561\u0570\u0565\u057f\u0584\u0565\u0580 \u0579\u056f\u0561\u0576:\"", "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Switch to calendar input mode\"", "\"common_google_play_services_enable_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u179b\u17bb\u17c7\u178f\u17d2\u179a\u17b6\u178f\u17c2\u17a2\u17d2\u1793\u1780\u1794\u17be\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4\"", "\"common_google_play_services_wear_update_text\" : \"En ny version av Google Play-tj\u00e4nster kr\u00e4vs. Den uppdateras automatiskt inom kort.\"", "\"common_google_play_services_notification_channel_name\" : \"Beschikbaarheid van Google Play-services\"", "\"common_google_play_services_update_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y tr\u1eeb khi b\u1ea1n c\u1eadp nh\u1eadt D\u1ecbch v\u1ee5 c\u1ee7a Google Play.\"", "\"common_open_on_phone\" : \"\u0cab\u0ccb\u0ca8\u0ccd\u200c\u0ca8\u0cb2\u0ccd\u0cb2\u0cbf \u0ca4\u0cc6\u0cb0\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"common_google_play_services_update_button\" : \"Aktualisieren\"", "\"fingerprint_error_lockout\" : \"\u0c1a\u0c3e\u0c32\u0c3e \u0c0e\u0c15\u0c4d\u0c15\u0c41\u0c35 \u0c2a\u0c4d\u0c30\u0c2f\u0c24\u0c4d\u0c28\u0c3e\u0c32\u0c41 \u0c1a\u0c47\u0c38\u0c3e\u0c30\u0c41. \u0c26\u0c2f\u0c1a\u0c47\u0c38\u0c3f \u0c24\u0c30\u0c4d\u0c35\u0c3e\u0c24 \u0c2e\u0c33\u0c4d\u0c32\u0c40 \u0c2a\u0c4d\u0c30\u0c2f\u0c24\u0c4d\u0c28\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f.\"", "\"fingerprint_error_user_canceled\" : \"\u0db4\u0dbb\u0dd2\u0dc1\u0dd3\u0dbd\u0d9a \u0dc0\u0dd2\u0dc3\u0dd2\u0db1\u0dca \u0d87\u0d9f\u0dd2\u0dbd\u0dd2 \u0dc3\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0db8\u0dd9\u0dc4\u0dd9\u0dba\u0dd4\u0db8 \u0d85\u0dc0\u0dc3\u0db1\u0dca \u0d9a\u0dbb\u0db1 \u0dbd\u0daf\u0dd3.\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u0441\u0432\u0435\"", "\"character_counter_pattern\" : \"%1$d / %2$d\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \uc11c\ube44\uc2a4 \uc0ac\uc6a9 \uac00\ub2a5 \uc5ec\ubd80\"", "\"fingerprint_not_recognized\" : \"Nie rozpoznano\"", "\"fingerprint_error_hw_not_present\" : \"\u0907\u0938 \u0921\u093f\u0935\u093e\u0907\u0938 \u092e\u0947\u0902 \u092b\u093c\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0938\u0947\u0902\u0938\u0930 \u0928\u0939\u0940\u0902 \u0939\u0948\"", "\"fingerprint_not_recognized\" : \"\u1798\u17b7\u1793\u17a2\u17b6\u1785\u179f\u1798\u17d2\u1782\u17b6\u179b\u17cb\u1794\u17b6\u1793\u1791\u17c1\"", "\"common_google_play_services_install_title\" : \"Pata huduma za Google Play\"", "\"abc_search_hint\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u2026\"", "\"fingerprint_error_hw_not_present\" : \"Walang sensor para sa fingerprint ang device na ito\"", "\"fingerprint_error_no_fingerprints\" : \"\u0644\u064a\u0633\u062a \u0647\u0646\u0627\u0643 \u0628\u0635\u0645\u0627\u062a \u0625\u0635\u0628\u0639 \u0645\u0633\u062c\u064e\u0651\u0644\u0629.\"", "\"abc_searchview_description_voice\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200eVoice search\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"default_error_msg\" : \"\u1798\u17b6\u1793\u200b\u1794\u1789\u17d2\u17a0\u17b6\u200b\u178a\u17c2\u179b\u200b\u1798\u17b7\u1793\u200b\u179f\u17d2\u1782\u17b6\u179b\u17cb\"", "\"common_google_play_services_wear_update_text\" : \"A Google Play-szolg\u00e1ltat\u00e1sok \u00faj verzi\u00f3j\u00e1ra van sz\u00fcks\u00e9g. A szolg\u00e1ltat\u00e1s hamarosan friss\u00edti \u00f6nmag\u00e1t.\"", "\"fingerprint_dialog_touch_sensor\" : \"Sakatu hatz-marken sentsorea\"", "\"common_signin_button_text\" : \"Iniciar sesi\u00f3n\"", "\"fingerprint_error_lockout\" : \"Zbyt wiele pr\u00f3b. Spr\u00f3buj ponownie p\u00f3\u017aniej.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0570\u0561\u057d\u0561\u0576\u0565\u056c\u056b\u0578\u0582\u0569\u0575\u0578\u0582\u0576\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043d\u043e \u043f\u0440\u0435\u0431\u0430\u0440\u0443\u0432\u0430\u045a\u0435\"", "\"common_google_play_services_notification_channel_name\" : \"Dostupnost usluga za Google Play\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b\u0423\u0427\u0415\u041d\u041e\"", "\"abc_menu_space_shortcut_label\" : \"\u03b4\u03b9\u03ac\u03c3\u03c4\u03b7\u03bc\u03b1\"", "\"abc_shareactionprovider_share_with\" : \"\uacf5\uc720 \ub300\uc0c1:\"", "\"abc_search_hint\" : \"Ara\u2026\"", "\"fingerprint_error_no_fingerprints\" : \"\u041d\u0438\u0458\u0435 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u043e\u0432\u0430\u043d \u043d\u0438\u0458\u0435\u0434\u0430\u043d \u043e\u0442\u0438\u0441\u0430\u043a \u043f\u0440\u0441\u0442\u0430.\"", "\"common_open_on_phone\" : \"\u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u062f\u0631 \u062a\u0644\u0641\u0646\"", "\"fab_transformation_sheet_behavior\" : \"com.google.android.material.transformation.FabTransformationSheetBehavior\"", "\"search_menu_title\" : \"Telusuri\"", "\"abc_action_menu_overflow_description\" : \"Rohkem valikuid\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u1270\u1308\u129d\u1290\u1275\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c, \u043f\u0430\u043a\u0443\u043b\u044c \u0432\u044b \u043d\u0435 \u0430\u0431\u043d\u043e\u0432\u0456\u0446\u0435 \u0441\u043b\u0443\u0436\u0431\u044b Google Play.\"", "\"abc_menu_enter_shortcut_label\" : \"\u201eenter\u201c\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0571\u0565\u0580 \u057d\u0561\u0580\u0584\u0578\u0582\u0574 \u0579\u0565\u0576 \u0561\u057b\u0561\u056f\u0581\u057e\u0578\u0582\u0574:\"", "\"common_google_play_services_enable_text\" : \"\u0b06\u0b2a\u0b23 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b28 \u0b15\u0b30\u0b3f\u0b2c\u0b3e \u0b2a\u0b30\u0b4d\u0b2f\u0b4d\u0b5f\u0b28\u0b4d\u0b24 %1$s \u0b15\u0b3e\u0b2e \u0b15\u0b30\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_unknown_issue\" : \"La aplicaci\u00f3n %1$s tiene problemas con los Servicios de Google Play. Vuelve a intentarlo.\"", "\"common_google_play_services_updating_text\" : \"%1$s kj\u00f8rer ikke uten Google Play-tjenester, som oppdateres akkurat n\u00e5.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services \u200b\u0ec0\u0e81\u0eb5\u0e94\u200b\u0e84\u0ea7\u0eb2\u0ea1\u200b\u0e9c\u0eb4\u0e94\u200b\u0e9e\u0eb2\u0e94\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d2a\u0d41\u0d24\u0d3f\u0d2f \u0d2a\u0d24\u0d3f\u0d2a\u0d4d\u0d2a\u0d4d \u0d06\u0d35\u0d36\u0d4d\u0d2f\u0d2e\u0d3e\u0d23\u0d4d. \u0d24\u0d3e\u0d2e\u0d38\u0d3f\u0d2f\u0d3e\u0d24\u0d46 \u0d07\u0d24\u0d4d \u0d38\u0d4d\u0d35\u0d2f\u0d02 \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d02.\"", "\"abc_searchview_description_search\" : \"Sesha\"", "\"abc_action_bar_up_description\" : \"Liigu \u00fcles\"", "\"common_google_play_services_unknown_issue\" : \"Sovelluksella %1$s on ongelmia Google Play Palveluiden kanssa. Yrit\u00e4 uudelleen.\"", "\"common_google_play_services_updating_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, ki se trenutno posodabljajo.\"", "\"abc_searchview_description_query\" : \"Requ\u00eate de recherche\"", "\"abc_toolbar_collapse_description\" : \"Skjul\"", "\"generic_error_user_canceled\" : \"U\u017cytkownik anulowa\u0142 uwierzytelnianie.\"", "\"common_google_play_services_enable_title\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"abc_activitychooserview_choose_application\" : \"\u0a07\u0a71\u0a15 \u0a10\u0a2a \u0a1a\u0a41\u0a23\u0a4b\"", "\"abc_search_hint\" : \"\u0ba4\u0bc7\u0b9f\u0bc1\u0b95\u2026\"", "\"common_google_play_services_install_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e35\u0e48\u0e07\u0e44\u0e21\u0e48\u0e21\u0e35\u0e43\u0e19\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c\u0e02\u0e2d\u0e07\u0e04\u0e38\u0e13\"", "\"common_google_play_services_notification_ticker\" : \"Google Play services error\"", "\"abc_shareactionprovider_share_with\" : \"\u0422\u04e9\u043c\u04e9\u043d\u043a\u04af \u043c\u0435\u043d\u0435\u043d \u0431\u04e9\u043b\u04af\u0448\u04af\u04af\"", "\"fingerprint_dialog_touch_sensor\" : \"Sentuh sensor sidik jari\"", "\"abc_action_mode_done\" : \"\u0cae\u0cc1\u0c97\u0cbf\u0ca6\u0cbf\u0ca6\u0cc6\"", "\"abc_toolbar_collapse_description\" : \"Sak\u013caut\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u0ec4\u0e94\u0ec9\u0e88\u0ebb\u0e99\u0e81\u0ea7\u0ec8\u0eb2\u0e97\u0ec8\u0eb2\u0e99\u0e88\u0eb0\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u200b\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play.\"", "\"common_google_play_services_enable_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u0641\u0639\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"common_signin_button_text\" : \"\u767b\u5f55\"", "\"search_menu_title\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1019\u103e\u102f\"", "\"abc_action_menu_overflow_description\" : \"Di\u011fer se\u00e7enekler\"", "\"password_toggle_content_description\" : \"Show password\"", "\"common_signin_button_text_long\" : \"\u03a3\u03c5\u03bd\u03b4\u03b5\u03b8\u03b5\u03af\u03c4\u03b5 \u03bc\u03b5 \u03c4\u03bf Google\"", "\"common_google_play_services_update_button\" : \"\u1021\u1015\u103a\u1012\u102d\u1010\u103a\"", "\"common_signin_button_text\" : \"Kirish\"", "\"abc_search_hint\" : \"\u0dc3\u0ddc\u0dba\u0db1\u0dca\u0db1...\"", "\"fingerprint_error_hw_not_available\" : \"\u0d87\u0d9f\u0dd2\u0dbd\u0dd2 \u0dc3\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0daf\u0dd8\u0daa\u0dcf\u0d82\u0d9c\u0dba \u0dbd\u0daf \u0db1\u0ddc\u0dc4\u0dd0\u0d9a\u0dd2\u0dba.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u178f\u17c6\u1794\u1793\u17cb\u179f\u17b6\u179a\u200b\u1787\u17c6\u1793\u17bd\u1799\"", "\"common_open_on_phone\" : \"M\u1edf tr\u00ean \u0111i\u1ec7n tho\u1ea1i\"", "\"abc_action_bar_up_description\" : \"Omhoog navigeren\"", "\"abc_menu_space_shortcut_label\" : \"blanksteg\"", "\"fingerprint_error_user_canceled\" : \"Fingerprint operation canceled by user.\"", "\"generic_error_user_canceled\" : \"Authentifizierung vom Nutzer abgebrochen.\"", "\"fingerprint_error_lockout\" : \"\u0ea1\u0eb5\u0e84\u0ea7\u0eb2\u0ea1\u0e9e\u0eb0\u0e8d\u0eb2\u0e8d\u0eb2\u0ea1\u0eab\u0ebc\u0eb2\u0e8d\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0ec0\u0e81\u0eb5\u0e99\u0ec4\u0e9b. \u0e81\u0eb0\u0ea5\u0eb8\u0e99\u0eb2\u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8\u0ec3\u0e99\u0e9e\u0eb2\u0e8d\u0eab\u0ebc\u0eb1\u0e87.\"", "\"abc_searchview_description_search\" : \"\u0422\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"abc_toolbar_collapse_description\" : \"Suzi\"", "\"common_signin_button_text\" : \"P\u0159ihl\u00e1sit se\"", "\"common_google_play_services_install_title\" : \"Thola amasevisi we-Google Play\"", "\"fingerprint_error_no_fingerprints\" : \"Tidak ada sidik jari yang terdaftar.\"", "\"abc_action_menu_overflow_description\" : \"\u1787\u1798\u17d2\u179a\u17be\u179f\u1785\u17d2\u179a\u17be\u1793\u1791\u17c0\u178f\"", "\"abc_activity_chooser_view_see_all\" : \"Mostra-ho tot\"", "\"common_google_play_services_wear_update_text\" : \"Du skal bruge en ny version af Google Play-tjenester. Opdateringen gennemf\u00f8res automatisk om et \u00f8jeblik.\"", "\"mtrl_picker_toggle_to_day_selection\" : \"Tap to switch to selecting a day\"", "\"abc_capital_off\" : \"\u0b05\u0b2b\u0b4d\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u0989\u09aa\u09b2\u09ad\u09cd\u09af\u09a4\u09be\"", "\"abc_searchview_description_search\" : \"\u0cb9\u0cc1\u0ca1\u0cc1\u0c95\u0cbf\"", "\"common_google_play_services_unknown_issue\" : \"Naudojant program\u0105 \u201e%1$s\u201c kilo problem\u0173 d\u0117l \u201eGoogle Play\u201c paslaug\u0173. Bandykite dar kart\u0105.\"", "\"common_google_play_services_enable_text\" : \"\u200f\u062c\u0628 \u062a\u06a9 \u0622\u067e Google Play \u0633\u0631\u0648\u0633\u0632 \u0641\u0639\u0627\u0644 \u0646\u06c1\u06cc\u06ba \u06a9\u0631 \u0644\u06cc\u062a\u06d2\u060c %1$s \u06a9\u0627\u0645 \u0646\u06c1\u06cc\u06ba \u06a9\u0631\u06d2 \u06af\u06cc\u06d4\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0435\u0431\u043d\u0430 \u0458\u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0437\u0438\u0458\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430. \u0423\u0441\u043a\u043e\u0440\u043e \u045b\u0435 \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0438.\"", "\"chip_text\" : \"Chip text\"", "\"abc_capital_on\" : \"\u0ec0\u0e9b\u0eb5\u0e94\"", "during phase1 personality function said it would stop here, but now in phase2 it did not stop here", "\"mtrl_picker_text_input_date_range_start_hint\" : \"Start date\"", "\"abc_searchview_description_clear\" : \"\u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bc8 \u0b85\u0bb4\u0bbf\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"abc_search_hint\" : \"Maghanap\u2026\"", "\"abc_searchview_description_query\" : \"Search query\"", "\"fingerprint_not_recognized\" : \"\u0394\u03b5\u03bd \u03b1\u03bd\u03b1\u03b3\u03bd\u03c9\u03c1\u03af\u03c3\u03c4\u03b7\u03ba\u03b5\"", "\"fingerprint_error_hw_not_available\" : \"Czytnik linii papilarnych nie jest dost\u0119pny.\"", "\"abc_menu_space_shortcut_label\" : \"\uc2a4\ud398\uc774\uc2a4\ubc14\"", "\"common_google_play_services_update_text\" : \"\u0aa4\u0aae\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0ab6\u0acb \u0aa8\u0ab9\u0ac0\u0a82 \u0aa4\u0acd\u0aaf\u0abe\u0a82 \u0ab8\u0ac1\u0aa7\u0ac0 %1$s \u0ab6\u0ab0\u0ac2 \u0aa5\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82.\"", "\"fingerprint_error_hw_not_available\" : \"\u0d2b\u0d3f\u0d02\u0d17\u0d7c\u0d2a\u0d4d\u0d30\u0d3f\u0d28\u0d4d\u0d31\u0d4d \u0d39\u0d3e\u0d7c\u0d21\u0d4d\u200c\u0d35\u0d46\u0d2f\u0d7c \u0d32\u0d2d\u0d4d\u0d2f\u0d2e\u0d32\u0d4d\u0d32.\"", "\"mtrl_picker_invalid_range\" : \"Invalid range.\"", "\"common_google_play_services_install_title\" : \"Google Play teenuste hankimine\"", "\"abc_searchview_description_clear\" : \"Limpar consulta\"", "\"common_google_play_services_enable_title\" : \"Habilita Servicios de Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0430\u0440\u043a\u044b\u043b\u0443\u0443 \u0431\u04e9\u043b\u04af\u0448\u04af\u04af\"", "\"abc_toolbar_collapse_description\" : \"\u0b9a\u0bc1\u0bb0\u0bc1\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"fingerprint_error_hw_not_present\" : \"Ez az eszk\u00f6z nem rendelkezik ujjlenyomat-\u00e9rz\u00e9kel\u0151vel\"", "\"abc_searchview_description_search\" : \"\uac80\uc0c9\"", "\"abc_action_bar_up_description\" : \"\u0418\u0434\u0438\u0442\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"fingerprint_dialog_touch_sensor\" : \"Appuyez sur lecteur d'empreinte\"", "\"common_google_play_services_wear_update_text\" : \"Nevojitet nj\u00eb version i ri i sh\u00ebrbimeve t\u00eb \"Luaj me Google\". Ai do t\u00eb p\u00ebrdit\u00ebsohet automatikisht s\u00eb shpejti.\"", "\"common_google_play_services_update_text\" : \"\u0c2e\u0c40\u0c30\u0c41 Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c38\u0c4d\u0c24\u0c47 \u0c2e\u0c3f\u0c28\u0c39\u0c3e %1$s \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje ure\u0111aj ne podr\u017eava.\"", "\"abc_action_mode_done\" : \"Gatavs\"", "\"common_google_play_services_notification_ticker\" : \"\u201eGoogle Play\u201c paslaug\u0173 klaida\"", "\"abc_searchview_description_query\" : \"\u0dc3\u0dd9\u0dc0\u0dd4\u0db8\u0dca \u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8\"", "\"common_signin_button_text\" : \"Log ind\"", "\"abc_shareactionprovider_share_with\" : \"\u0907\u0938\u0938\u0947 \u0936\u0947\u092f\u0930 \u0915\u0930\u0947\u0902:\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Hulpboodskapgebied\"", "\"common_google_play_services_notification_ticker\" : \"Iphutha lamasevisi we-Google Play\"", "\"mtrl_picker_invalid_format_use\" : \"Use: %1$s\"", "\"abc_searchview_description_clear\" : \"X\u00f3a truy v\u1ea5n\"", "\"abc_menu_space_shortcut_label\" : \"v\u00e4lily\u00f6nti\"", "\"common_signin_button_text_long\" : \"P\u0159ihl\u00e1sit se k\u00a0\u00fa\u010dtu Google\"", "\"fingerprint_not_recognized\" : \"\u0e44\u0e21\u0e48\u0e23\u0e39\u0e49\u0e08\u0e31\u0e01\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u0436\u0430\u04a3\u044b \u0432\u0435\u0440\u0441\u0438\u044f\u0441\u044b \u0442\u0430\u043b\u0430\u043f \u043a\u044b\u043b\u044b\u043d\u0430\u0442. \u0411\u0438\u0440 \u0430\u0437\u0434\u0430\u043d \u043a\u0438\u0439\u0438\u043d \u0430\u043b \u04e9\u0437\u04af \u044d\u043b\u0435 \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u0430\u0442.\"", "\"abc_search_hint\" : \"C\u0103uta\u021bi\u2026\"", "\"common_google_play_services_install_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dbd\u0db6\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"abc_shareactionprovider_share_with\" : \"Trimite\u021bi la\"", "\"abc_action_bar_home_description\" : \"Navigasi laman utama\"", "\"fingerprint_error_user_canceled\" : \"Az ujjlenyomattal kapcsolatos m\u0171veletet a felhaszn\u00e1l\u00f3 megszak\u00edtotta.\"", "\"fingerprint_error_no_fingerprints\" : \"\u1019\u100a\u103a\u101e\u100a\u1037\u103a \u101c\u1000\u103a\u1017\u103d\u1031\u1000\u102d\u102f\u1019\u103b\u103e \u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u1019\u1011\u102c\u1038\u1015\u102b\u104b\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u670d\u52a1\u51fa\u9519\"", "\"abc_searchview_description_clear\" : \"Clear query\"", "\"common_google_play_services_enable_title\" : \"Activer les services Google\u00a0Play\"", "\"abc_menu_delete_shortcut_label\" : \"\u0ea5\u0eb6\u0e9a\"", "\"abc_action_mode_done\" : \"\u03a4\u03ad\u03bb\u03bf\u03c2\"", "\"abc_searchview_description_submit\" : \"\u041f\u043e\u0448\u0430\u0459\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942\u0915\u093e \u0924\u094d\u0930\u0941\u091f\u093f\"", "\"abc_prepend_shortcut_label\" : \"Kieslys+\"", "\"abc_searchview_description_search\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"abc_shareactionprovider_share_with_application\" : \"Ibahagi gamit ang %s\"", "\"common_google_play_services_install_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u1794\u17d2\u179a\u179f\u17b7\u1793\u1794\u17be\u1798\u17b7\u1793\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u1793\u17b6\u1793\u17b6\u179a\u1794\u179f\u17cb Google Play \u178a\u17c2\u179b\u1794\u17b6\u1793\u1794\u17b6\u178f\u17cb\u1796\u17b8\u17a7\u1794\u1780\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u17d4\"", "\"abc_searchview_description_voice\" : \"Penelusuran suara\"", "\"fingerprint_error_hw_not_available\" : \"\u0410\u043f\u0430\u0440\u0430\u0442\u043d\u0435 \u0437\u0430\u0431\u0435\u0437\u043f\u0435\u0447\u0435\u043d\u043d\u044f \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0443\u0432\u0430\u043d\u043d\u044f \u0432\u0456\u0434\u0431\u0438\u0442\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0435.\"", "\"fingerprint_error_hw_not_present\" : \"\u0160iame \u012frenginyje n\u0117ra pir\u0161to antspaudo jutiklio\"", "\"abc_searchview_description_submit\" : \"\u691c\u7d22\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u9001\u4fe1\"", "\"abc_action_menu_overflow_description\" : \"\u0415\u0449\u0451\"", "\"common_google_play_services_install_text\" : \"%1$s, \u015fu anda cihaz\u0131n\u0131zda bulunmayan Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz.\"", "\"common_google_play_services_update_text\" : \"\u60a8\u5fc5\u9808\u66f4\u65b0\u300cGoogle Play \u670d\u52d9\u300d\uff0c\u624d\u80fd\u57f7\u884c %1$s\u3002\"", "\"fingerprint_error_hw_not_present\" : \"\uae30\uae30\uc5d0 \uc9c0\ubb38 \uc13c\uc11c\uac00 \uc5c6\uc2b5\ub2c8\ub2e4.\"", "\"abc_menu_space_shortcut_label\" : \"razmak\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0abe \u0aa8\u0ab5\u0abe \u0ab8\u0a82\u0ab8\u0acd\u0a95\u0ab0\u0aa3\u0aa8\u0ac0 \u0a9c\u0ab0\u0ac2\u0ab0 \u0a9b\u0ac7. \u0aa4\u0ac7 \u0a9f\u0ac2\u0a82\u0a95 \u0ab8\u0aae\u0aaf\u0aae\u0abe\u0a82 \u0aaa\u0acb\u0aa4\u0abe\u0aa8\u0ac7 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0ab6\u0ac7.\"", "\"generic_error_user_canceled\" : \"O usuario cancelou a autenticaci\u00f3n.\"", "\"common_google_play_services_update_text\" : \"%1$s tidak akan berfungsi kecuali anda mengemas kini perkhidmatan Google Play.\"", "\"common_google_play_services_install_button\" : \"Pasang\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0e81\u0eb3\u0ea5\u0eb1\u0e87\u0ea1\u0eb5\u0e9a\u0eb1\u0e99\u0eab\u0eb2\u0e81\u0eb1\u0e9a\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play. \u0e81\u0eb0\u0ea5\u0eb8\u0e99\u0eb2\u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8\u0ead\u0eb5\u0e81\u0e84\u0eb1\u0ec9\u0e87.\"", "\"common_google_play_services_update_title\" : \"A\u017euriranje Google Play usluga\"", "\"abc_capital_on\" : \"BE\"", "\"search_menu_title\" : \"\u0418\u0437\u0434\u04e9\u04e9\"", "\"abc_searchview_description_search\" : \"\u641c\u5c0b\"", "\"abc_action_menu_overflow_description\" : \"Nog opsies\"", "\"abc_action_menu_overflow_description\" : \"Opsione t\u00eb tjera\"", "\"abc_searchview_description_voice\" : \"\u8a9e\u97f3\u641c\u5c0b\"", "\"common_signin_button_text_long\" : \"\u0110\u0103ng nh\u1eadp b\u1eb1ng Google\"", "\"abc_menu_delete_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200edelete\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_signin_button_text_long\" : \"Inicia la sessi\u00f3 amb Google\"", "\"default_error_msg\" : \"Errore sconosciuto\"", "\"common_google_play_services_update_title\" : \"Uppdatera Google Play-tj\u00e4nster\"", "\"common_google_play_services_install_text\" : \"%1$s kan ikke kj\u00f8re uten Google Play-tjenester, som ikke er installert p\u00e5 enheten din.\"", "\"fingerprint_error_hw_not_present\" : \"\u0411\u0443\u043b \u0442\u04af\u0437\u043c\u04e9\u043a\u0442\u04e9 \u043c\u0430\u043d\u0436\u0430 \u0438\u0437\u0438\u043d\u0438\u043d \u0441\u0435\u043d\u0441\u043e\u0440\u0443 \u0436\u043e\u043a\"", "\"common_google_play_services_update_title\" : \"P\u00ebrdit\u00ebso sh\u00ebrbimet e \"Luaj me Google\"\"", "\"abc_searchview_description_search\" : \"Tafuta\"", "\"abc_searchview_description_voice\" : \"Sesli arama\"", "\"abc_shareactionprovider_share_with\" : \"Ulashish\"", "\"abc_toolbar_collapse_description\" : \"\u0dc4\u0d9a\u0dd4\u0dc5\u0db1\u0dca\u0db1\"", "\"abc_menu_shift_shortcut_label\" : \"Shift+\"", "\"common_google_play_services_unsupported_text\" : \"\u60a8\u7684\u88dd\u7f6e\u4e0d\u652f\u63f4 Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"common_google_play_services_unsupported_text\" : \"O app %1$s n\u00e3o funciona sem o Google Play Services, o qual n\u00e3o \u00e9 compat\u00edvel com seu dispositivo.\"", "\"common_google_play_services_update_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec0\u0eae\u0eb1\u0e94\u0ea7\u0ebd\u0e81\u0ec4\u0e94\u0ec9\u0e88\u0ebb\u0e99\u0e81\u0ea7\u0ec8\u0eb2\u0e97\u0ec8\u0eb2\u0e99\u0e88\u0eb0\u0ead\u0eb1\u0e9a\u0ec0\u0e94\u0e94\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play\"", "\"exposed_dropdown_menu_content_description\" : \"Show dropdown menu\"", "\"fingerprint_error_user_canceled\" : \"Kasutaja t\u00fchistas s\u00f5rmej\u00e4lje kasutamise.\"", "\"common_google_play_services_enable_button\" : \"\u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_update_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_update_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"fingerprint_dialog_touch_sensor\" : \"Pieskarieties pirksta nospieduma sensoram\"", "\"abc_searchview_description_submit\" : \"Senda fyrirspurn\"", "\"status_bar_notification_info_overflow\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e999+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"search_menu_title\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435\"", "\"common_google_play_services_enable_text\" : \"A(z) %1$s alkalmaz\u00e1s csak akkor m\u0171k\u00f6dik, ha enged\u00e9lyezi a Google Play-szolg\u00e1ltat\u00e1sokat.\"", "\"abc_capital_off\" : \"DESACTIVA\"", "\"generic_error_user_canceled\" : \"Korisnik je otkazao autentifikaciju.\"", "\"common_google_play_services_update_text\" : \"Google Play hizmetlerini g\u00fcncellemezseniz %1$s \u00e7al\u0131\u015fmayacak.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u043a\u0430\u0442\u0430\u0441\u044b\"", "\"common_google_play_services_notification_ticker\" : \"\u041f\u043e\u043c\u0438\u043b\u043a\u0430 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play\"", "\"abc_action_mode_done\" : \"Conclu\u00eddo\"", "\"abc_searchview_description_clear\" : \"\u0423\u0434\u0430\u043b\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"common_signin_button_text\" : \"Logga in\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0645\u062f\u062f \u06a9\u06d2 \u067e\u06cc\u063a\u0627\u0645 \u06a9\u0627 \u0639\u0644\u0627\u0642\u06c1\"", "\"abc_searchview_description_query\" : \"Termen de c\u0103utare\"", "\"abc_activitychooserview_choose_application\" : \"Chagua programu\"", "\"fingerprint_error_hw_not_available\" : \"O hardware de impresi\u00f3n dixital non est\u00e1 dispo\u00f1ible.\"", "\"abc_menu_enter_shortcut_label\" : \"\u090f\u0902\u091f\u0930 \u0915\u0930\u093e\"", "\"abc_capital_off\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200eOFF\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0b95\u0bc8\u0bb0\u0bc7\u0b95\u0bc8 \u0b9a\u0bc6\u0ba9\u0bcd\u0b9a\u0bbe\u0bb0\u0bc8\u0ba4\u0bcd \u0ba4\u0bca\u0b9f\u0bc1\u0b95\"", "\"abc_menu_function_shortcut_label\" : \"Funksie+\"", "\"abc_searchview_description_clear\" : \"\u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0 \u0ab8\u0abe\u0aab \u0a95\u0ab0\u0acb\"", "\"abc_toolbar_collapse_description\" : \"\u0938\u0902\u0915\u094d\u0937\u093f\u092a\u094d\u0924 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0628\u062e\u0634 \u067e\u06cc\u0627\u0645 \u0631\u0627\u0647\u0646\u0645\u0627\"", "\"common_google_play_services_install_title\" : \"Gaukite \u201eGoogle Play\u201c paslaugas\"", "\"common_google_play_services_enable_title\" : \"Aktiv\u00e9r Google Play-tjenester\"", "\"common_google_play_services_update_text\" : \"%1$s won't run unless you update Google Play services.\"", "\"abc_search_hint\" : \"Vyh\u013eada\u0165\u2026\"", "\"google_storage_bucket\" : \"damn-vulnerable-bank.appspot.com\"", "\"abc_toolbar_collapse_description\" : \"\u0e22\u0e38\u0e1a\"", "\"abc_searchview_description_search\" : \"Search\"", "\"common_open_on_phone\" : \"Deschide\u021bi pe telefon\"", "\"common_google_play_services_enable_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb n\u00ebse nuk aktivizon sh\u00ebrbimet e \"Luaj me Google\".\"", "\"fingerprint_error_user_canceled\" : \"Parmak izi i\u015flemi kullan\u0131c\u0131 taraf\u0131ndan iptal edildi.\"", "\"fingerprint_error_hw_not_available\" : \"\u0986\u0999\u09cd\u0997\u09c1\u09b2\u09c7\u09b0 \u099b\u09be\u09aa \u09a8\u09c7\u0993\u09af\u09bc\u09be\u09b0 \u09b9\u09be\u09b0\u09cd\u09a1\u0993\u09af\u09bc\u09cd\u09af\u09be\u09b0 \u0989\u09aa\u09b2\u09ad\u09cd\u09af \u09a8\u09af\u09bc\u0964\"", "\"abc_menu_function_shortcut_label\" : \"\u0424\u0443\u043d\u043a\u0446+\"", "\"common_google_play_services_install_button\" : \"Installera\"", "\"common_google_play_services_install_text\" : \"O app %1$s n\u00e3o funciona sem o Google Play Services, o qual n\u00e3o est\u00e1 instalado no seu dispositivo.\"", "\"common_google_play_services_enable_text\" : \"%1$s virkar ekki nema \u00fe\u00fa gerir \u00fej\u00f3nustu Google Play virka.\"", "\"fingerprint_error_no_fingerprints\" : \"Nije registriran nijedan otisak prsta.\"", "\"common_google_play_services_update_text\" : \"\u200f\u062a\u0627\u0632 \u0645\u0627\u0646\u06cc \u06a9\u0647 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0631\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0646\u06a9\u0646\u06cc\u062f\u060c %1$s \u0627\u062c\u0631\u0627 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"abc_menu_sym_shortcut_label\" : \"Sym\u00a0+\"", "\"abc_action_bar_home_description\" : \"\u0b39\u0b4b\u0b2e\u0b4d \u0b2a\u0b47\u0b1c\u0b4d\u200c\u0b15\u0b41 \u0b28\u0b47\u0b2d\u0b3f\u0b17\u0b47\u0b1f\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_toolbar_collapse_description\" : \"\u0eab\u0e8d\u0ecd\u0ec9\u0ea5\u0ebb\u0e87\"", "\"common_open_on_phone\" : \"Telefonda a\u00e7\"", "\"common_signin_button_text_long\" : \"Google \u0bae\u0bc2\u0bb2\u0bae\u0bcd \u0b89\u0bb3\u0bcd\u0ba8\u0bc1\u0bb4\u0bc8\u0b95\"", "\"common_google_play_services_install_button\" : \"Instalovat\"", "\"abc_search_hint\" : \"Sesha\u2026\"", "\"common_google_play_services_enable_button\" : \"\u091a\u093e\u0932\u0942 \u0915\u0930\u0947\u0902\"", "\"common_google_play_services_update_button\" : \"\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\"", "\"abc_capital_on\" : \"\u091a\u093e\u0932\u0942\"", "\"fingerprint_error_hw_not_available\" : \"Hardware sidik jari tidak tersedia.\"", "\"common_google_play_services_install_title\" : \"Dapatkan perkhidmatan Google Play\"", "\"common_google_play_services_updating_text\" : \"%1$s n\u00e3o funciona sem o Google Play Services, o qual est\u00e1 sendo atualizado no momento.\"", "\"fingerprint_error_hw_not_present\" : \"Laitteessa ei ole sormenj\u00e4lkitunnistinta.\"", "\"abc_menu_delete_shortcut_label\" : \"slet\"", "\"abc_action_mode_done\" : \"\u062a\u0645\u0627\u0645\"", "\"abc_searchview_description_submit\" : \"Zoekopdracht verzenden\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilitat de serveis de Google Play\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u5b58\u53d6 Google Play \u670d\u52d9\u6642\u767c\u751f\u554f\u984c\u3002\u8acb\u7a0d\u5f8c\u518d\u8a66\u4e00\u6b21\u3002\"", "\"abc_searchview_description_clear\" : \"\u1218\u1320\u12ed\u1245 \u12a0\u133d\u12f3\"", "\"fingerprint_not_recognized\" : \"\u0422\u0430\u043d\u0438\u0430\u0433\u04af\u0439\"", "\"abc_toolbar_collapse_description\" : \"\u101c\u103b\u103e\u1031\u102c\u1037\u1015\u103c\u101b\u1014\u103a\"", "\"abc_action_bar_up_description\" : \"\u10d6\u10d4\u10db\u10dd\u10d7 \u10d2\u10d0\u10d3\u10d0\u10e1\u10d5\u10da\u10d0\"", "\"common_signin_button_text_long\" : \"Prijava putem Googlea\"", "\"abc_searchview_description_query\" : \"S\u00f8keord\"", "\"abc_action_bar_home_description\" : \"\u0c39\u0c4b\u0c2e\u0c4d\u200c\u0c15\u0c41 \u0c28\u0c3e\u0c35\u0c3f\u0c17\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"fingerprint_error_hw_not_present\" : \"Dit apparaat heeft geen vingerafdruksensor\"", "\"default_error_msg\" : \"Bilinmeyen hata\"", "\"abc_searchview_description_voice\" : \"Paie\u0161ka balsu\"", "\"common_google_play_services_update_text\" : \"Hindi gagana ang %1$s maliban kung i-a-update mo ang mga serbisyo ng Google Play.\"", "\"fingerprint_error_user_canceled\" : \"\u09ac\u09cd\u09af\u09f1\u09b9\u09be\u09f0\u0995\u09be\u09f0\u09c0\u09af\u09bc\u09c7 \u09ab\u09bf\u0982\u0997\u09be\u09f0\u09aa\u09cd\u09f0\u09bf\u09a3\u09cd\u099f\u09f0 \u09a6\u09cd\u09ac\u09be\u09f0\u09be \u09ac\u09bf\u09b6\u09cd\u09ac\u09be\u09b8\u09af\u09cb\u0997\u09cd\u09af\u09a4\u09be \u09aa\u09cd\u09f0\u09ae\u09be\u09a3\u09c0\u0995\u09f0\u09a3 \u0995\u09be\u09f0\u09cd\u09af \u09ac\u09be\u09a4\u09bf\u09b2 \u0995\u09f0\u09bf\u099b\u09c7\u0964\"", "\"abc_searchview_description_voice\" : \"\u0413\u0430\u043b\u0430\u0441\u0430\u0432\u044b \u043f\u043e\u0448\u0443\u043a\"", "\"abc_activity_chooser_view_see_all\" : \"Visa alla\"", "\"fingerprint_not_recognized\" : \"Tan\u0131nm\u0131r\"", "\"fingerprint_error_hw_not_present\" : \"Ovaj ure\u0111aj nema senzor za otisak prsta\"", "\"search_menu_title\" : \"Pesquisar\"", "\"common_google_play_services_install_button\" : \"\u0421\u0443\u0443\u043b\u0433\u0430\u0445\"", "\"common_google_play_services_update_text\" : \"%1$s ne\u0107e funkcionirati ako ne a\u017eurirate Google Play usluge.\"", "\"abc_action_bar_up_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05de\u05e2\u05dc\u05d4\"", "\"abc_toolbar_collapse_description\" : \"Y\u0131\u011fcamla\u015fd\u0131r\u0131n\"", "\"common_google_play_services_enable_button\" : \"\u049a\u043e\u0441\u0443\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play, \u0448\u0442\u043e \u043d\u0435 \u0441\u0435 \u043f\u043e\u0434\u0440\u0436\u0430\u043d\u0438 \u043e\u0434 \u0443\u0440\u0435\u0434\u043e\u0432.\"", "\"generic_error_user_canceled\" : \"Autentifikavim\u0105 at\u0161auk\u0117 naudotojas.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s\u65e0\u6cd5\u8bbf\u95ee Google Play \u670d\u52a1\uff0c\u8bf7\u91cd\u8bd5\u3002\"", "\"abc_activity_chooser_view_see_all\" : \"\u67e5\u770b\u5168\u90e8\"", "\"abc_prepend_shortcut_label\" : \"Valikko+\"", "\"abc_activity_chooser_view_see_all\" : \"Sj\u00e1 allt\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u101b\u101b\u103e\u102d\u1014\u102d\u102f\u1004\u103a\u101e\u100a\u103a\"", "\"abc_toolbar_collapse_description\" : \"\u06a9\u0648\u0686\u06a9 \u06a9\u0631\u062f\u0646\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0dc4\u0da7 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db8\u0d9c\u0dd2\u0db1\u0dca \u0d9c\u0dd0\u0da7\u0dbd\u0dd4 \u0d87\u0dad. \u0d9a\u0dbb\u0dd4\u0dab\u0dcf\u0d9a\u0dbb \u0db1\u0dd0\u0dc0\u0dad \u0d8b\u0dad\u0dca\u0dc3\u0dcf\u0dc4 \u0d9a\u0dbb\u0db1\u0dca\u0db1.\"", "\"common_google_play_services_enable_title\" : \"Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"common_google_play_services_install_button\" : \"Instalar\"", "\"abc_searchview_description_query\" : \"S\u00f8geforesp\u00f8rgsel\"", "\"abc_capital_off\" : \"\u0a2c\u0a70\u0a26\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u044c Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445 \u0445\u04af\u0440\u0442\u044d\u043b \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_searchview_description_submit\" : \"Envia la consulta\"", "\"abc_searchview_description_submit\" : \"\u0bb5\u0bbf\u0ba9\u0bb5\u0bb2\u0bc8\u0b9a\u0bcd \u0b9a\u0bae\u0bb0\u0bcd\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd\"", "\"fingerprint_dialog_touch_sensor\" : \"\u1794\u17c9\u17c7\u200b\u17a7\u1794\u1780\u179a\u178e\u17cd\u200b\u1785\u17b6\u1794\u17cb\u179f\u17d2\u1793\u17b6\u1798\u200b\u1798\u17d2\u179a\u17b6\u1798\u178a\u17c3\"", "\"common_google_play_services_notification_ticker\" : \"Erro do Google Play Services\"", "\"abc_toolbar_collapse_description\" : \"Ahendamine\"", "\"abc_action_bar_home_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200eNavigate home\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fingerprint_error_hw_not_available\" : \"Mat\u00e9riel de lecture d'empreinte digitale indisponible.\"", "\"common_signin_button_text\" : \"\u0cb8\u0cc8\u0ca8\u0ccd \u0c87\u0ca8\u0ccd\"", "\"fingerprint_not_recognized\" : \"Ni prepoznano\"", "\"abc_search_hint\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\u2026\"", "\"fingerprint_not_recognized\" : \"N\u00e3o reconhecido\"", "\"abc_searchview_description_submit\" : \"\u05e9\u05dc\u05d9\u05d7\u05ea \u05e9\u05d0\u05d9\u05dc\u05ea\u05d4\"", "\"abc_toolbar_collapse_description\" : \"Thu g\u1ecdn\"", "\"fingerprint_error_hw_not_available\" : \"\u0641\u0646\u06af\u0631 \u067e\u0631\u0646\u0679 \u06c1\u0627\u0631\u0688 \u0648\u06cc\u0626\u0631 \u062f\u0633\u062a\u06cc\u0627\u0628 \u0646\u06c1\u06cc\u06ba \u06c1\u06d2\u06d4\"", "\"common_google_play_services_update_title\" : \"\u200f\u062a\u062d\u062f\u064a\u062b \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"fingerprint_not_recognized\" : \"N\u00e3o reconhecida.\"", "\"generic_error_user_canceled\" : \"Kinansela ng user ang pag-authenticate.\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043e \u0442\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"common_google_play_services_install_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, kojih na va\u0161em ure\u0111aju nema.\"", "\"fingerprint_error_hw_not_available\" : \"\u0425\u0443\u0440\u0443\u0443\u043d\u044b \u0445\u044d\u044d\u043d\u0438\u0439 \u0442\u0435\u0445\u043d\u0438\u043a \u0445\u0430\u043d\u0433\u0430\u043c\u0436 \u0431\u043e\u043b\u043e\u043c\u0436\u0433\u04af\u0439 \u0431\u0430\u0439\u043d\u0430.\"", "\"fingerprint_error_user_canceled\" : \"\u10d7\u10d8\u10d7\u10d8\u10e1 \u10d0\u10dc\u10d0\u10d1\u10d4\u10ed\u10d3\u10d8\u10e1 \u10dd\u10de\u10d4\u10e0\u10d0\u10ea\u10d8\u10d0 \u10d2\u10d0\u10d0\u10e3\u10e5\u10db\u10d0 \u10db\u10dd\u10db\u10ee\u10db\u10d0\u10e0\u10d4\u10d1\u10d4\u10da\u10db\u10d0.\"", "\"common_google_play_services_update_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445\"", "\"fingerprint_dialog_touch_sensor\" : \"\u062d\u0633\u06af\u0631 \u0627\u062b\u0631 \u0627\u0646\u06af\u0634\u062a \u0631\u0627 \u0644\u0645\u0633 \u06a9\u0646\u06cc\u062f\"", "\"confirm_device_credential_password\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0935\u093e\u092a\u0930\u093e\"", "\"common_google_play_services_enable_text\" : \"\u091c\u092c \u0924\u0915 \u0906\u092a Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u091a\u093e\u0932\u0942 \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0947, %1$s \u0915\u093e\u092e \u0928\u0939\u0940\u0902 \u0915\u0930\u0947\u0917\u093e.\"", "\"common_google_play_services_install_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0aae\u0ac7\u0ab3\u0ab5\u0acb\"", "\"abc_action_bar_up_description\" : \"Joan gora\"", "\"abc_searchview_description_query\" : \"\u641c\u5c0b\u67e5\u8a62\"", "\"common_google_play_services_enable_text\" : \"Aplikacja %1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie w\u0142\u0105czysz Us\u0142ug Google Play.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u09a8\u09a4\u09c1\u09a8 \u09ad\u09be\u09b0\u09cd\u09b8\u09a8 \u09aa\u09cd\u09b0\u09af\u09bc\u09cb\u099c\u09a8\u09f7 \u0996\u09c1\u09ac \u09b6\u09c0\u0998\u09cd\u09b0\u0987 \u098f\u099f\u09be \u09a8\u09bf\u099c\u09c7\u0987 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u09ac\u09c7\u09f7\"", "\"fingerprint_error_user_canceled\" : \"Fingeravtrycks\u00e5tg\u00e4rden avbr\u00f6ts av anv\u00e4ndaren.\"", "\"abc_searchview_description_search\" : \"S\u00f6k\"", "\"generic_error_user_canceled\" : \"\u041f\u0430\u0439\u0434\u0430\u043b\u0430\u043d\u0443\u0448\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f\u0434\u0430\u043d \u0431\u0430\u0441 \u0442\u0430\u0440\u0442\u0442\u044b.\"", "\"abc_searchview_description_voice\" : \"\u0b2d\u0b0f\u0b38\u0b4d\u200c \u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a\"", "\"abc_menu_space_shortcut_label\" : \"\u0437\u0430\u0439\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u3068\u5171\u6709\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u0c24\u0c4b \u0c37\u0c47\u0c30\u0c4d \u0c1a\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_install_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u0430\u043b\u0443\"", "\"common_google_play_services_enable_button\" : \"\u0b87\u0baf\u0b95\u0bcd\u0b95\u0bc1\"", "\"abc_action_bar_home_description\" : \"Krmarjenje na za\u010detek\"", "\"abc_toolbar_collapse_description\" : \"\u0d1a\u0d41\u0d30\u0d41\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3+\"", "\"common_google_play_services_unknown_issue\" : \"\u200f\u0644\u062f\u0649 %1$s \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u062e\u062f\u0645\u0627\u062a Google Play. \u064a\u064f\u0631\u062c\u0649 \u0625\u0639\u0627\u062f\u0629 \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629.\"", "\"abc_menu_alt_shortcut_label\" : \"Alt\u00a0+\u00a0\"", "\"fingerprint_error_hw_not_present\" : \"Hierdie toetstel het nie 'n vingerafdruksensor nie\"", "\"common_google_play_services_wear_update_text\" : \"Kudingeka inguqulo entsha yamasevisi we-Google Play. Izozibuyekeza ngokwayo maduze.\"", "\"search_menu_title\" : \"Cerca\"", "\"abc_searchview_description_clear\" : \"Hreinsa fyrirspurn\"", "setRegister", "\"search_menu_title\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"abc_shareactionprovider_share_with\" : \"Deila me\u00f0\"", "\"fingerprint_error_hw_not_available\" : \"Kh\u00f4ng d\u00f9ng \u0111\u01b0\u1ee3c ph\u1ea7n c\u1ee9ng v\u00e2n tay.\"", "\"confirm_device_credential_password\" : \"Usar contrase\u00f1a\"", "\"abc_activity_chooser_view_see_all\" : \"Ver todas\"", "\"character_counter_overflowed_content_description\" : \"Character limit exceeded %1$d of %2$d\"", "\"abc_capital_off\" : \"MATI\"", "\"common_google_play_services_update_button\" : \"Kemas kini\"", "\"common_google_play_services_enable_text\" : \"\u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d7e Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d3f\u0d32\u0d4d\u0d32\u0d46\u0d19\u0d4d\u0d15\u0d3f\u0d7d %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"abc_menu_function_shortcut_label\" : \"\u0d2b\u0d02\u0d17\u0d4d\u0d37\u0d28\u0d4d\u200d+\"", "\"common_google_play_services_install_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u130d\u1299\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf\u0dc0\u0dbd \u0dbd\u0db6\u0dcf \u0d9c\u0dad \u0dc4\u0dd0\u0d9a\u0dd2 \u0db6\u0dc0\"", "\"common_google_play_services_unsupported_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die niet worden ondersteund op je apparaat.\"", "\"fingerprint_error_lockout\" : \"\u1795\u17d2\u1791\u17c0\u1784\u1795\u17d2\u1791\u17b6\u178f\u17cb\u200b\u1798\u17b7\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17d2\u179a\u17bc\u179c\u200b\u1785\u17d2\u179a\u17be\u1793\u178a\u1784\u1796\u17c1\u1780\u200b\u17d4 \u179f\u17bc\u1798\u200b\u1796\u17d2\u1799\u17b6\u1799\u17b6\u1798\u200b\u1798\u17d2\u178a\u1784\u200b\u1791\u17c0\u178f\u200b\u1793\u17c5\u200b\u1796\u17c1\u179b\u200b\u1780\u17d2\u179a\u17c4\u1799\u200b\u17d4\"", "\"common_google_play_services_install_button\" : \"Instala\u021bi\"", "\"abc_searchview_description_voice\" : \"R\u00f6sts\u00f6kning\"", "\"abc_capital_off\" : \"\u1015\u102d\u1010\u103a\u101b\u1014\u103a\"", "\"abc_action_bar_home_description\" : \"Navigate home\"", "\"path_password_eye_mask_visible\" : \"M2,4.27 L2,4.27 L4.54,1.73 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15\u0b30 \u0b09\u0b2a\u0b32\u0b2c\u0b4d\u0b27\u0b24\u0b3e\"", "\"fingerprint_error_user_canceled\" : \"\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u043a \u0458\u0435 \u043e\u0442\u043a\u0430\u0437\u0430\u043e \u0440\u0430\u0434\u045a\u0443 \u0441\u0430 \u043e\u0442\u0438\u0441\u043a\u043e\u043c \u043f\u0440\u0441\u0442\u0430.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u101c\u1000\u103a\u1017\u103d\u1031\u1021\u102c\u101b\u102f\u1036\u1001\u1036\u1000\u102d\u101b\u102d\u101a\u102c\u1000\u102d\u102f \u1010\u102d\u102f\u1037\u1015\u102b\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0430\u043a\u043e \u043d\u0435 \u0433\u0438 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0435 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play.\"", "\"fingerprint_error_lockout\" : \"F\u00f6r m\u00e5nga f\u00f6rs\u00f6k. F\u00f6rs\u00f6k igen senare.\"", "\"fingerprint_not_recognized\" : \"\u0549\u0570\u0561\u057b\u0578\u0572\u057e\u0565\u0581 \u0573\u0561\u0576\u0561\u0579\u0565\u056c\"", "\"common_google_play_services_enable_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09b0\u09c1\u09a8\"", "\"search_menu_title\" : \"Rechercher\"", "\"abc_capital_off\" : \"SL\u00d6KKT\"", "\"abc_searchview_description_submit\" : \"\u0625\u0631\u0633\u0627\u0644 \u0637\u0644\u0628 \u0627\u0644\u0628\u062d\u062b\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u044b\u0431\u0435\u0440\u044b\u0446\u0435 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u0443\"", "\"common_google_play_services_wear_update_text\" : \"Perlu versi baru layanan Google Play. Akan segera memperbarui sendiri.\"", "\"fingerprint_not_recognized\" : \"\u05dc\u05d0 \u05d6\u05d5\u05d4\u05ea\u05d4\"", "\"fingerprint_not_recognized\" : \"\u0baa\u0bca\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bb5\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8\"", "\"common_google_play_services_enable_title\" : \"Virkja \u00fej\u00f3nustu Google Play\"", "\"common_signin_button_text_long\" : \"Google \u043c\u0435\u043d\u0435\u043d \u043a\u0438\u0440\u04af\u04af\"", "\"fingerprint_error_hw_not_present\" : \"\u0c08 \u0c2a\u0c30\u0c3f\u0c15\u0c30\u0c02\u0c32\u0c4b \u0c35\u0c47\u0c32\u0c3f\u0c2e\u0c41\u0c26\u0c4d\u0c30 \u0c38\u0c46\u0c28\u0c4d\u0c38\u0c3e\u0c30\u0c4d \u0c32\u0c47\u0c26\u0c41\"", "\"abc_action_bar_home_description\" : \"Navegar a la p\u00e1gina principal\"", "\"common_signin_button_text\" : \"Prijavi me\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bbf\u0bb2\u0bcd \u0b9a\u0bbf\u0b95\u0bcd\u0b95\u0bb2\u0bcd \u0b8f\u0bb1\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bbe\u0bb2\u0bcd, %1$s \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0bbe\u0b9f\u0bcd\u0b9f\u0bc8 \u0b85\u0ba3\u0bc1\u0b95 \u0bae\u0bc1\u0b9f\u0bbf\u0baf\u0bb5\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8. \u0bae\u0bc0\u0ba3\u0bcd\u0b9f\u0bc1\u0bae\u0bcd \u0bae\u0bc1\u0baf\u0bb2\u0bb5\u0bc1\u0bae\u0bcd.\"", "\"abc_menu_space_shortcut_label\" : \"SPAZIO\"", "\"abc_searchview_description_voice\" : \"B\u00fasqueda por voz\"", "\"common_google_play_services_update_button\" : \"Friss\u00edt\u00e9s\"", "\"confirm_device_credential_password\" : \"Naudoti slapta\u017eod\u012f\"", "\"search_menu_title\" : \"\u134d\u1208\u130b\"", "\"fingerprint_error_no_fingerprints\" : \"\u0411\u04af\u0440\u0442\u0433\u04af\u04af\u043b\u0441\u044d\u043d \u0445\u0443\u0440\u0443\u0443\u043d\u044b \u0445\u044d\u044d \u0430\u043b\u0433\u0430 \u0431\u0430\u0439\u043d\u0430.\"", "\"common_signin_button_text_long\" : \"Identifikohu me Google\"", "\"common_google_play_services_install_button\" : \"Installer\"", "\"abc_activitychooserview_choose_application\" : \"Odaberite aplikaciju\"", "\"abc_shareactionprovider_share_with\" : \"Skupna raba z:\"", "\"search_menu_title\" : \"Maghanap\"", "\"common_google_play_services_unsupported_text\" : \"%1$s non funzioner\u00e0 senza Google Play Services, non supportati dal tuo dispositivo.\"", "\"fingerprint_error_user_canceled\" : \"Radnju s otiskom prsta otkazao je korisnik.\"", "\"default_error_msg\" : \"Unbekannter Fehler\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32, \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d46\u0d2f\u0d3e\u0d15\u0d1f\u0d4d\u0d1f\u0d46 \u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d09\u0d2a\u0d15\u0d30\u0d23\u0d02 \u0d2a\u0d3f\u0d28\u0d4d\u0d24\u0d41\u0d23\u0d2f\u0d4d\u0d15\u0d4d\u0d15\u0d41\u0d28\u0d4d\u0d28\u0d41\u0d2e\u0d3f\u0d32\u0d4d\u0d32.\"", "\"common_google_play_services_update_button\" : \"\u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd\u200c \u0cae\u0cbe\u0ca1\u0cc1\"", "\"common_google_play_services_install_text\" : \"%1$s sal nie sonder Google Play Dienste werk nie, wat nie op jou toestel is nie.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0641\u0646\u06af\u0631 \u067e\u0631\u0646\u0679 \u0633\u06cc\u0646\u0633\u0631 \u06a9\u0648 \u0679\u0686 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_enable_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play.\"", "\"abc_search_hint\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\u2026\"", "\"abc_action_menu_overflow_description\" : \"\u0986\u09b0\u0993 \u09ac\u09bf\u0995\u09b2\u09cd\u09aa\"", "\"common_google_play_services_notification_channel_name\" : \"Ph\u1ea1m vi cung c\u1ea5p c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"abc_searchview_description_search\" : \"Bilatu\"", "\"abc_prepend_shortcut_label\" : \"Meny\u00a0+\u00a0\"", "\"default_error_msg\" : \"\u00d3\u00feekkt villa\"", "\"common_google_play_services_update_text\" : \"%1$s tidak akan berjalan jika layanan Google Play tidak diperbarui.\"", "\"default_error_msg\" : \"\u0531\u0576\u0570\u0561\u0575\u057f \u057d\u056d\u0561\u056c\"", "\"abc_menu_sym_shortcut_label\" : \"\u200eSym+\u200e\"", "\"default_error_msg\" : \"\u041d\u0435\u0432\u0456\u0434\u043e\u043c\u0430 \u043f\u043e\u043c\u0438\u043b\u043a\u0430\"", "\"common_signin_button_text\" : \"\u0b38\u0b3e\u0b07\u0b28\u0b4d\u200c-\u0b07\u0b28\u0b4d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"fingerprint_error_hw_not_available\" : \"Fingrafarsv\u00e9lb\u00fana\u00f0ur ekki til sta\u00f0ar.\"", "\"abc_menu_function_shortcut_label\" : \"Funkcijas tausti\u0146\u0161\u00a0+\"", "\"abc_searchview_description_submit\" : \"Trimite\u021bi interogarea\"", "\"abc_search_hint\" : \"Cerca\u2026\"", "\"abc_menu_shift_shortcut_label\" : \"Mai\u00fas +\"", "\"abc_menu_space_shortcut_label\" : \"\u0641\u0636\u0627\u0621\"", "\"common_google_play_services_wear_update_text\" : \"Kailangan ang bagong bersyon ng mga serbisyo ng Google Play. Mag-a-update itong mag-isa sa ilang sandali.\"", "\"fingerprint_not_recognized\" : \"Akwaziwa\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u041e\u0431\u043b\u0430\u0441\u0442 \u043f\u043e\u0440\u0443\u043a\u0435 \u0437\u0430 \u043f\u043e\u043c\u043e\u045b\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u12eb\u1208Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1204\u12f5\u121d\u1363 \u12a5\u1290\u12da\u1205\u121d \u1260\u1218\u1223\u122a\u12eb\u12ce \u12a0\u12ed\u12f0\u1308\u1349\u121d\u1362\"", "\"abc_shareactionprovider_share_with\" : \"Delite pomo\u0107u\"", "\"abc_action_bar_up_description\" : \"\u0414\u0432\u0438\u0436\u0438 \u0441\u0435 \u043d\u0430\u0433\u043e\u0440\u0435\"", "\"common_google_play_services_update_button\" : \"Aktualizova\u0165\"", "\"abc_capital_on\" : \"ACTIVADO\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0430\u0441\u049b\u0430 \u043e\u043f\u0446\u0438\u044f\u043b\u0430\u0440\"", "\"confirm_device_credential_password\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0915\u093e \u0907\u0938\u094d\u0924\u0947\u092e\u093e\u0932 \u0915\u0930\u0947\u0902\"", "\"abc_searchview_description_clear\" : \"\u0394\u03b9\u03b1\u03b3\u03c1\u03b1\u03c6\u03ae \u03b5\u03c1\u03c9\u03c4\u03ae\u03bc\u03b1\u03c4\u03bf\u03c2\"", "\"abc_searchview_description_voice\" : \"Voice search\"", "\"abc_menu_space_shortcut_label\" : \"spasi\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0938\u0939\u093e\u092f\u0924\u093e \u0915\u093e \u092e\u0948\u0938\u0947\u091c \u0926\u093f\u0916\u093e\u0928\u0947 \u0915\u0940 \u091c\u0917\u0939\"", "\"fingerprint_error_hw_not_available\" : \"\u05d4\u05d7\u05d5\u05de\u05e8\u05d4 \u05d1\u05e9\u05d1\u05d9\u05dc \u05d8\u05d1\u05d9\u05e2\u05ea \u05d0\u05e6\u05d1\u05e2 \u05d0\u05d9\u05e0\u05d4 \u05d6\u05de\u05d9\u05e0\u05d4.\"", "\"abc_action_menu_overflow_description\" : \"\ucd94\uac00 \uc635\uc158\"", "\"confirm_device_credential_password\" : \"Koristite lozinku\"", "\"abc_action_bar_up_description\" : \"G\u00e5 opp\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u092e\u093e\u0930\u094d\u092b\u0924 \u0906\u0926\u093e\u0928 \u092a\u094d\u0930\u0926\u093e\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_update_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u043c\u0430\u0439\u044b\u043d\u0447\u0430 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"common_google_play_services_enable_title\" : \"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"fingerprint_dialog_touch_sensor\" : \"Dotknite sa senzora odtla\u010dkov prstov\"", "\"common_google_play_services_install_title\" : \"Desc\u0103rca\u021bi serviciile Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Chyba slu\u017eieb Google Play\"", "\"common_google_play_services_enable_title\" : \"\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google Play\"", "\"common_signin_button_text\" : \"Daxil olun\"", "\"common_signin_button_text\" : \"Log masuk\"", "\"fingerprint_error_no_fingerprints\" : \"Hech qanday barmoq izi qayd qilinmagan.\"", "\"fingerprint_error_lockout\" : \"Preve\u010d poskusov. Poskusite znova pozneje.\"", "\"abc_shareactionprovider_share_with_application\" : \"Deel met %s\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u044c \u0442\u0430\u043d\u044b\u0433 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u043d\u04af\u04af\u0434\u0438\u0439\u0433 \u0448\u0438\u043d\u044d\u0447\u043b\u044d\u0445\u044d\u044d\u0441 \u043d\u0430\u0430\u0448 \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"common_open_on_phone\" : \"Otvori\u0165 v telef\u00f3ne\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u05d6\u05de\u05d9\u05e0\u05d5\u05ea \u05e9\u05dc \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"abc_action_bar_up_description\" : \"Navigate up\"", "\"abc_search_hint\" : \"Iskanje \u2026\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u05e9\u05d2\u05d9\u05d0\u05d4 \u05d1\u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play\"", "\"generic_error_user_canceled\" : \"\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u043a \u0458\u0435 \u043e\u0442\u043a\u0430\u0437\u0430\u043e \u043f\u043e\u0442\u0432\u0440\u0434\u0443 \u0438\u0434\u0435\u043d\u0442\u0438\u0442\u0435\u0442\u0430.\"", "\"common_google_play_services_enable_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bbf\u0ba9\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"abc_activitychooserview_choose_application\" : \"\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e41\u0e2d\u0e1b\"", "\"common_google_play_services_install_text\" : \"Na spustenie aplik\u00e1cie %1$s sa vy\u017eaduj\u00fa slu\u017eby Google Play, ktor\u00e9 na zariaden\u00ed nem\u00e1te.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0645\u0646\u0637\u0642\u0629 \u0631\u0633\u0627\u0644\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u0645\u062f\u0649 \u062a\u0648\u0641\u0651\u0631 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"abc_search_hint\" : \"\u0422\u044a\u0440\u0441\u0435\u0442\u0435\u2026\"", "\"common_google_play_services_update_button\" : \"Actualitza\"", "\"status_bar_notification_info_overflow\" : \"+999\"", "\"abc_shareactionprovider_share_with\" : \"\u0a86\u0aa8\u0ac0 \u0ab8\u0abe\u0aa5\u0ac7 \u0ab6\u0ac7\u0ab0 \u0a95\u0ab0\u0acb\"", "\"common_open_on_phone\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e1a\u0e19\u0e42\u0e17\u0e23\u0e28\u0e31\u0e1e\u0e17\u0e4c\"", "\"abc_menu_shift_shortcut_label\" : \"Skift\u00a0+\u00a0\"", "\"abc_action_bar_home_description\" : \"\u06af\u06be\u0631 \u06a9\u06cc \u0637\u0631\u0641 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_unknown_issue\" : \"%1$s menghadapi masalah berhubung perkhidmatan Google Play. Sila cuba lagi.\"", "\"common_google_play_services_update_button\" : \"Isibuyekezo\"", "\"abc_searchview_description_clear\" : \"\u6e05\u9664\u67e5\u8a62\"", "\"fingerprint_error_hw_not_available\" : \"Hardware de impress\u00e3o digital n\u00e3o dispon\u00edvel.\"", "\"abc_search_hint\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\u2026\"", "\"common_google_play_services_enable_button\" : \"\u12a0\u1295\u1243\"", "\"fingerprint_not_recognized\" : \"\u0644\u0645 \u064a\u062a\u0645 \u0627\u0644\u062a\u0639\u0631\u0641 \u0639\u0644\u064a\u0647\u0627.\"", "setFloatRegister", "\"confirm_device_credential_password\" : \"\u0caa\u0cbe\u0cb8\u0ccd\u200c\u0cb5\u0cb0\u0ccd\u0ca1\u0ccd \u0cac\u0cb3\u0cb8\u0cbf\"", "\"abc_toolbar_collapse_description\" : \"Kunja\"", "\"abc_capital_off\" : \"\u1794\u17b7\u1791\"", "\"common_google_play_services_install_title\" : \"\u041f\u0440\u0435\u0443\u0437\u043c\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"generic_error_user_canceled\" : \"Autentificarea a fost anulat\u0103 de utilizator.\"", "\"common_google_play_services_update_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u0986\u09aa\u09a1\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"default_error_msg\" : \"Hindi alam na error\"", "\"common_google_play_services_notification_channel_name\" : \"\u0eaa\u0eb0\u0e96\u0eb2\u0e99\u0eb0\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play\"", "\"common_signin_button_text_long\" : \"Iniciar sesi\u00f3n con Google\"", "\"abc_action_menu_overflow_description\" : \"\u0a39\u0a4b\u0a30 \u0a35\u0a3f\u0a15\u0a32\u0a2a\"", "\"common_open_on_phone\" : \"\u0412\u0456\u0434\u043a\u0440\u0438\u0442\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0456\"", "\"common_google_play_services_update_title\" : \"\u10d2\u10d0\u10dc\u10d0\u10d0\u10ee\u10da\u10d4\u10d7 Google Play Services\"", "\"confirm_device_credential_password\" : \"Pou\u017e\u00edt heslo\"", "\"common_google_play_services_notification_ticker\" : \"Erro dos Servi\u00e7os do Google Play\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be\u09b0 \u09a4\u09cd\u09b0\u09c1\u099f\u09bf\"", "\"abc_toolbar_collapse_description\" : \"Vou in\"", "\"abc_menu_space_shortcut_label\" : \"ruang\"", "\"search_menu_title\" : \"Mekl\u0113t\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 \u0432 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"abc_action_mode_done\" : \"Fine\"", "\"common_google_play_services_enable_title\" : \"Google Play-Dienste aktivieren\"", "\"abc_searchview_description_query\" : \"\u641c\u7d22\u67e5\u8be2\"", "\"abc_activitychooserview_choose_application\" : \"\u0915\u094b\u0908 \u0910\u092a\u094d\u0932\u093f\u0915\u0947\u0936\u0928 \u091a\u0941\u0928\u0947\u0902\"", "\"common_open_on_phone\" : \"\u0422\u0435\u043b\u0435\u0444\u043e\u043d\u0434\u0430 \u0430\u0448\u0443\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/Registers.hpp", "\"fingerprint_not_recognized\" : \"Nerozpoznan\u00e9\"", "\"common_signin_button_text_long\" : \"\u0e25\u0e07\u0e0a\u0e37\u0e48\u0e2d\u0e40\u0e02\u0e49\u0e32\u0e43\u0e0a\u0e49\u0e14\u0e49\u0e27\u0e22 Google\"", "\"abc_action_bar_up_description\" : \"\u0416\u043e\u0493\u0430\u0440\u044b \u049b\u0430\u0440\u0430\u0439 \u04e9\u0442\u0443\"", "\"common_google_play_services_install_button\" : \"\u178a\u17c6\u17a1\u17be\u1784\"", "\"search_menu_title\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"abc_menu_space_shortcut_label\" : \"mezern\u00edk\"", "\"abc_action_menu_overflow_description\" : \"More options\"", "\"abc_menu_sym_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200eSym+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"path_password_strike_through\" : \"M3.27,4.27 L19.74,20.74\"", "\"abc_menu_space_shortcut_label\" : \"Space\"", "\"abc_action_menu_overflow_description\" : \"\u0c2e\u0c30\u0c3f\u0c28\u0c4d\u0c28\u0c3f \u0c0e\u0c02\u0c2a\u0c3f\u0c15\u0c32\u0c41\"", "\"abc_capital_off\" : \"\u0418\u0414\u042d\u0412\u0425\u0413\u04ae\u0419\"", "\"common_google_play_services_install_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b4\u03b5\u03bd \u03bc\u03c0\u03bf\u03c1\u03b5\u03af \u03bd\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03bb\u03b5\u03af\u03c0\u03bf\u03c5\u03bd \u03b1\u03c0\u03cc \u03c4\u03b7 \u03c3\u03c5\u03c3\u03ba\u03b5\u03c5\u03ae \u03c3\u03b1\u03c2.\"", "\"abc_menu_delete_shortcut_label\" : \"Delete \u952e\"", "\"abc_searchview_description_query\" : \"Bilaketa-kontsulta\"", "\"abc_menu_function_shortcut_label\" : \"Fn +\"", "\"common_google_play_services_enable_title\" : \"Omogu\u0107ivanje usluga Google Playa\"", "\"abc_capital_off\" : \"I\u0160JUNGTI\"", "\"fingerprint_not_recognized\" : \"\u041d\u0438\u0458\u0435 \u043f\u0440\u0435\u043f\u043e\u0437\u043d\u0430\u0442\"", "\"generic_error_user_canceled\" : \"Uthibitishaji umeghairiwa na mtumiaji.\"", "\"common_google_play_services_enable_button\" : \"\u555f\u7528\"", "\"fingerprint_error_no_fingerprints\" : \"Neu\u017eregistruota joki\u0173 kontrolini\u0173 kod\u0173.\"", "\"common_google_play_services_updating_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u101c\u1000\u103a\u101b\u103e\u102d\u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u1014\u1031\u101e\u1031\u102c\u1000\u103c\u1031\u102c\u1004\u1037\u103a %1$s \u1000\u102d\u102f\u1016\u103d\u1004\u1037\u103a\u104d\u101b\u1019\u100a\u103a\u1019\u101f\u102f\u1010\u103a\u1015\u102b\u104b\"", "\"search_menu_title\" : \"\u0425\u0430\u0439\u0445\"", "\"fingerprint_error_lockout\" : \"\u0a96\u0ac2\u0aac \u0ab5\u0aa7\u0abe\u0ab0\u0ac7 \u0aaa\u0acd\u0ab0\u0aaf\u0aa4\u0acd\u0aa8\u0acb \u0a95\u0ab0\u0acd\u0aaf\u0abe. \u0a95\u0ac3\u0aaa\u0abe \u0a95\u0ab0\u0ac0\u0aa8\u0ac7 \u0aaa\u0a9b\u0ac0\u0aa5\u0ac0 \u0aab\u0ab0\u0ac0 \u0aaa\u0acd\u0ab0\u0aaf\u0abe\u0ab8 \u0a95\u0ab0\u0acb.\"", "\"abc_searchview_description_search\" : \"\u062c\u0633\u062a\u062c\u0648\"", "\"abc_capital_on\" : \"I-ON\"", "_Unwind_VRS_Pop", "\"fingerprint_dialog_touch_sensor\" : \"\u0414\u043e\u0434\u0438\u0440\u043d. \u0441\u0435\u043d\u0437\u043e\u0440 \u0437\u0430 \u043e\u0442\u0438\u0441\u0430\u043a \u043f\u0440\u0441\u0442\u0430\"", "\"fingerprint_error_lockout\" : \"Te veel pogings. Probeer later weer.\"", "\"fingerprint_error_user_canceled\" : \"Overenie odtla\u010dku prsta zru\u0161il pou\u017e\u00edvate\u013e.\"", "\"fingerprint_not_recognized\" : \"Nicht erkannt\"", "\"abc_capital_on\" : \"W\u0141.\"", "\"abc_menu_meta_shortcut_label\" : \"Meta+\u200e\"", "\"abc_action_menu_overflow_description\" : \"Lagi pilihan\"", "\"common_google_play_services_update_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u12d8\u121d\u1291\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u093e\"", "\"fingerprint_error_lockout\" : \"\u0421\u043b\u0438\u0448\u043a\u043e\u043c \u043c\u043d\u043e\u0433\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0432\u0445\u043e\u0434\u0430. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0439\u0442\u0435 \u0435\u0449\u0451 \u0440\u0430\u0437 \u043f\u043e\u0437\u0436\u0435.\"", "\"fingerprint_error_lockout\" : \"\u0d8b\u0dad\u0dca\u0dc3\u0dcf\u0dc4 \u0d89\u0dad\u0dcf \u0dc0\u0dd0\u0da9\u0dd2\u0dba\u0dd2. \u0db4\u0dc3\u0dd4\u0dc0 \u0db1\u0dd0\u0dc0\u0dad \u0d8b\u0dad\u0dca\u0dc3\u0dcf\u0dc4 \u0d9a\u0dbb\u0db1\u0dca\u0db1.\"", "\"common_signin_button_text\" : \"Zaloguj si\u0119\"", "\"common_google_play_services_updating_text\" : \"O %1$s n\u00e3o \u00e9 executado sem os servi\u00e7os do Google Play, os quais est\u00e3o a ser atualizados.\"", "\"fingerprint_error_hw_not_present\" : \"\u0422\u043e\u0432\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043d\u044f\u043c\u0430 \u0441\u0435\u043d\u0437\u043e\u0440 \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u044a\u0446\u0438\"", "\"abc_searchview_description_search\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200eSearch\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"confirm_device_credential_password\" : \"D\u00f9ng m\u1eadt kh\u1ea9u\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0916\u093e\u0932\u0940 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"fingerprint_not_recognized\" : \"\u0913\u0933\u0916\u0932\u0947 \u0928\u093e\u0939\u0940\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u0440\u0438\u043a\u0430\u0436\u0438 \u0433\u0438 \u0441\u0438\u0442\u0435\"", "\"abc_action_mode_done\" : \"Nimemaliza\"", "\"common_google_play_services_unknown_issue\" : \"Aplik\u00e1cia %1$s m\u00e1 probl\u00e9my so slu\u017ebami Google Play. Sk\u00faste to znova.\"", "\"abc_capital_off\" : \"\u0622\u0641\"", "\"generic_error_user_canceled\" : \"Preverjanje pristnosti je preklical uporabnik.\"", "\"abc_action_bar_home_description\" : \"Siirry etusivulle\"", "\"common_google_play_services_enable_text\" : \"%1$s Google Play xidm\u0259tl\u0259rini aktiv ed\u0259n\u0259 kimi i\u015fl\u0259m\u0259y\u0259c\u0259k.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u1785\u17c2\u1780\u200b\u179a\u17c6\u179b\u17c2\u1780\u200b\u1787\u17b6\u200b\u1798\u17bd\u1799 %s\"", "\"common_signin_button_text_long\" : \"Google\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u099b\u09be\u0987\u09a8 \u0987\u09a8 \u0995\u09f0\u0995\"", "\"fingerprint_error_no_fingerprints\" : \"No se registraron huellas digitales.\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u0456\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play\"", "\"abc_searchview_description_search\" : \"Cerca\"", "\"abc_menu_space_shortcut_label\" : \"bilsl\u00e1\"", "\"common_signin_button_text\" : \"Prisijungti\"", "\"generic_error_user_canceled\" : \"\u0e9c\u0eb9\u0ec9\u0ec3\u0e8a\u0ec9\u0e8d\u0ebb\u0e81\u0ec0\u0ea5\u0eb5\u0e81\u0e81\u0eb2\u0e99\u0e9e\u0eb4\u0eaa\u0eb9\u0e94\u0ea2\u0eb7\u0e99\u0ea2\u0eb1\u0e99\u0ec1\u0ea5\u0ec9\u0ea7.\"", "\"hide_bottom_view_on_scroll_behavior\" : \"com.google.android.material.behavior.HideBottomViewOnScrollBehavior\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u06a9\u0648 Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0645\u0633\u0626\u0644\u06c1 \u067e\u06cc\u0634 \u0622 \u0631\u06c1\u0627 \u06c1\u06d2\u06d4 \u0628\u0631\u0627\u06c1 \u06a9\u0631\u0645 \u062f\u0648\u0628\u0627\u0631\u06c1 \u06a9\u0648\u0634\u0634 \u06a9\u0631\u06cc\u06ba\u06d4\"", "\"abc_capital_on\" : \"UKLJU\u010cENO\"", "\"common_google_play_services_unsupported_text\" : \"\u0924\u0941\u092e\u091a\u0947 \u0921\u093f\u0935\u094d\u0939\u093e\u0907\u0938 \u0938\u092a\u094b\u0930\u094d\u091f \u0915\u0930\u0924 \u0928\u0938\u0932\u0947\u0932\u094d\u092f\u093e, Google Play \u0938\u0947\u0935\u093e\u0902\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"common_google_play_services_update_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s je t\u0159eba aktualizovat slu\u017eby Google Play.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"S\u00fag\u00f3sz\u00f6veg ter\u00fclete\"", "\"common_google_play_services_install_button\" : \"\u0938\u094d\u0925\u093e\u092a\u0928\u093e \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u0438\u0431\u0440\u0430\u0442\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0443\"", "LOOKING FOR BINARY: %s PRESENT!!!", "\"common_google_play_services_update_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas mis \u00e0 jour les services Google Play.\"", "\"abc_searchview_description_voice\" : \"Mekl\u0113t ar balsi\"", "\"abc_searchview_description_voice\" : \"\u03a6\u03c9\u03bd\u03b7\u03c4\u03b9\u03ba\u03ae \u03b1\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "\"abc_searchview_description_query\" : \"Keres\u00e9si lek\u00e9rdez\u00e9s\"", "\"fingerprint_error_user_canceled\" : \"\u041a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447 \u0441\u043a\u0430\u0441\u0443\u0432\u0430\u0432 \u0434\u0456\u044e \u0437 \u0432\u0456\u0434\u0431\u0438\u0442\u043a\u043e\u043c \u043f\u0430\u043b\u044c\u0446\u044f.\"", "\"common_google_play_services_update_title\" : \"Google \u0caa\u0ccd\u0cb2\u0cc7 \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd\u200c \u0cae\u0cbe\u0ca1\u0cbf\"", "\"common_open_on_phone\" : \"Megnyit\u00e1s a telefonon\"", "\"common_google_play_services_enable_button\" : \"Nika amandla\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0646 \u06a9\u06cc \u0622\u067e \u06a9\u0627 \u0622\u0644\u06c1 \u0645\u0639\u0627\u0648\u0646\u062a \u0646\u06c1\u06cc\u06ba \u06a9\u0631\u062a\u0627\u06d4\"", "\"abc_shareactionprovider_share_with\" : \"Payla\u015f\u0131n\"", "\"common_google_play_services_unknown_issue\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09a4 %1$s \u09a4 \u09b8\u09ae\u09b8\u09cd\u09af\u09be \u09b9\u09c8 \u0986\u099b\u09c7\u0964 \u0986\u0995\u09cc \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09f0\u0995\u0964\"", "\"common_signin_button_text\" : \"Hasi saioa\"", "\"abc_toolbar_collapse_description\" : \"\u0c15\u0c41\u0c26\u0c3f\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_update_text\" : \"\u0b06\u0b2a\u0b23 Google Play \u0b38\u0b47\u0b2c\u0b3e \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b28 \u0b15\u0b30\u0b3f\u0b2c\u0b3e \u0b2a\u0b30\u0b4d\u0b2f\u0b4d\u0b5f\u0b28\u0b4d\u0b24 %1$s \u0b1a\u0b3e\u0b32\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_enable_button\" : \"Aktiv edin\"", "\"common_google_play_services_notification_channel_name\" : \"Verf\u00fcgbarkeit von Google Play-Diensten\"", "\"fingerprint_error_user_canceled\" : \"Mtumiaji ameghairi uthibitishaji wa alama ya kidole.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Ohjeviestialue\"", "\"default_error_msg\" : \"Notanish xato\"", "\"abc_toolbar_collapse_description\" : \"Daralt\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0570\u0565\u057f \u056f\u0561\u057a\u057e\u0561\u056e \u056d\u0576\u0564\u056b\u0580 \u0578\u0582\u0576\u056b: \u0553\u0578\u0580\u0571\u0565\u0584 \u0576\u0578\u0580\u056b\u0581:\"", "\"abc_activitychooserview_choose_application\" : \"\u0c2f\u0c3e\u0c2a\u0c4d\u200c\u0c28\u0c41 \u0c0e\u0c02\u0c1a\u0c41\u0c15\u0c4b\u0c02\u0c21\u0c3f\"", "\"fingerprint_error_hw_not_available\" : \"Maskinvare for fingeravtrykk er ikke tilgjengelig.\"", "\"fingerprint_error_hw_not_present\" : \"\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c\u0e19\u0e35\u0e49\u0e44\u0e21\u0e48\u0e21\u0e35\u0e40\u0e0b\u0e47\u0e19\u0e40\u0e0b\u0e2d\u0e23\u0e4c\u0e25\u0e32\u0e22\u0e19\u0e34\u0e49\u0e27\u0e21\u0e37\u0e2d\"", "\"abc_search_hint\" : \"\u0ab6\u0acb\u0aa7\u0acb\u2026\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e9 des services Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"Ndaje me %s\"", "\"search_menu_title\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "\"common_google_play_services_update_button\" : \"\u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0902\"", "\"fingerprint_error_user_canceled\" : \"\u12e8\u1323\u1275 \u12a0\u123b\u122b \u12ad\u12c8\u1293 \u1260\u1270\u1320\u1243\u121a \u1270\u1230\u122d\u12df\u120d\u1362\"", "\"abc_prepend_shortcut_label\" : \"\u0627\u0644\u0642\u0627\u0626\u0645\u0629+\"", "\"abc_searchview_description_search\" : \"\u0425\u0430\u0439\u0445\"", "\"common_signin_button_text_long\" : \"\u4f7f\u7528 Google \u5e10\u53f7\u767b\u5f55\"", "\"abc_activity_chooser_view_see_all\" : \"T\u00fcm\u00fcn\u00fc g\u00f6ster\"", "\"abc_shareactionprovider_share_with_application\" : \"Compartilhar com %s\"", "\"abc_action_bar_up_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200eNavigate up\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_menu_shift_shortcut_label\" : \"\u00dcst Karakter+\"", "\"abc_action_mode_done\" : \"\u5b8c\u6210\"", "\"abc_action_menu_overflow_description\" : \"\u1014\u1031\u102c\u1000\u103a\u1011\u1015\u103a \u101b\u103d\u1031\u1038\u1005\u101b\u102c\u1019\u103b\u102c\u1038\"", "\"fingerprint_error_hw_not_present\" : \"Ta naprava nima tipala prstnih odtisov\"", "\"common_google_play_services_notification_channel_name\" : \"Sta\u00f0a \u00fej\u00f3nustu Google Play\"", "\"abc_search_hint\" : \"Suchen\u2026\"", "\"common_google_play_services_update_button\" : \"Oppdater\"", "\"common_google_play_services_enable_title\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u049b\u043e\u0441\u0443\"", "\"fingerprint_error_user_canceled\" : \"\u0b5f\u0b41\u0b1c\u0b30\u0b4d\u200c\u0b19\u0b4d\u0b15 \u0b26\u0b4d\u0b35\u0b3e\u0b30\u0b3e \u0b06\u0b19\u0b4d\u0b17\u0b41\u0b20\u0b3f \u0b1a\u0b3f\u0b39\u0b4d\u0b28 \u0b28\u0b47\u0b2c\u0b3e \u0b15\u0b3e\u0b2e\u0b15\u0b41 \u0b15\u0b4d\u0b5f\u0b3e\u0b28\u0b4d\u0b38\u0b32\u0b4d \u0b15\u0b30\u0b3f\u0b26\u0b3f\u0b06\u0b2f\u0b3e\u0b07\u0b1b\u0b3f\u0964\"", "\"abc_action_bar_up_description\" : \"\u041c\u0443\u0440\u0443\u043d\u043a\u0443 \u044d\u043a\u0440\u0430\u043d\u0433\u0430 \u04e9\u0442\u04af\u04af\"", "\"abc_menu_meta_shortcut_label\" : \"\u200eMeta+\u200e\"", "\"abc_menu_space_shortcut_label\" : \"\u0432\u0441\u0435\u043b\u0435\u043d\u0430\"", "\"abc_search_hint\" : \"T\u00ecm ki\u1ebfm\u2026\"", "\"common_google_play_services_install_button\" : \"Qura\u015fd\u0131r\u0131n\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0a15\u0a70\u0a2e \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a47\u0a17\u0a3e \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a71\u0a15 \u0a24\u0a41\u0a38\u0a40\u0a02 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a26\u0a47 \u0a39\u0a4b\u0964\"", "\"fingerprint_error_user_canceled\" : \"Veprimi i gjurm\u00ebs s\u00eb gishtit u anulua nga p\u00ebrdoruesi.\"", "\"abc_searchview_description_query\" : \"\u0938\u0930\u094d\u091a \u0915\u094d\u0935\u0947\u0930\u0940\"", "\"abc_searchview_description_clear\" : \"Lek\u00e9rdez\u00e9s t\u00f6rl\u00e9se\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u5e2e\u52a9\u6d88\u606f\u533a\u57df\"", "\"common_google_play_services_update_title\" : \"Mettre \u00e0 jour les services Google\u00a0Play\"", "\"common_google_play_services_install_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play\u060c \u0648\u0627\u0644\u062a\u064a \u0644\u0627 \u062a\u062a\u0648\u0641\u0631 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643.\"", "\"abc_activitychooserview_choose_application\" : \"\u9009\u62e9\u5e94\u7528\"", "\"common_google_play_services_update_title\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u094b \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0902\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u041e\u0431\u043b\u0430\u0441\u0442\u044c \u0434\u043e\u0432\u0456\u0434\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u0432\u0456\u0434\u043e\u043c\u043b\u0435\u043d\u043d\u044f\"", "\"abc_menu_delete_shortcut_label\" : \"ezabatu\"", "\"fingerprint_error_hw_not_available\" : \"Vingerafdrukhardeware is nie beskikbaar nie.\"", "\"abc_menu_space_shortcut_label\" : \"medzern\u00edk\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play teenuste saadavalolek\"", "\"common_google_play_services_update_title\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"fingerprint_error_hw_not_present\" : \"Bu cihazda parmak izi sens\u00f6r\u00fc yok\"", "\"fingerprint_error_hw_not_present\" : \"\u17a7\u1794\u1780\u179a\u178e\u17cd\u1793\u17c1\u17c7\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u17a7\u1794\u1780\u179a\u178e\u17cd\u1785\u17b6\u1794\u17cb\u200b\u179f\u17d2\u1793\u17b6\u1798\u1798\u17d2\u179a\u17b6\u1798\u178a\u17c3\u1791\u17c1\"", "\"abc_menu_enter_shortcut_label\" : \"ievad\u012b\u0161anas tausti\u0146\u0161\"", "\"fingerprint_error_hw_not_present\" : \"\u6b64\u8bbe\u5907\u6ca1\u6709\u6307\u7eb9\u4f20\u611f\u5668\"", "\"abc_searchview_description_query\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u101b\u1014\u103a \u1019\u1031\u1038\u1001\u103d\u1014\u103a\u1038\"", "\"confirm_device_credential_password\" : \"\u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u043d\u0435 \u043d\u0430 \u043f\u0430\u0440\u043e\u043b\u0430\"", "\"abc_capital_off\" : \"\u0391\u03a0\u0395\u039d\u0395\u03a1\u0393\u039f\u03a0\u039f\u0399\u0397\u03a3\u0397\"", "\"confirm_device_credential_password\" : \"\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u7528\"", "\"confirm_device_credential_password\" : \"Gunakan sandi\"", "\"fingerprint_error_hw_not_present\" : \"\u0627\u0633 \u0622\u0644\u06c1 \u0645\u06cc\u06ba \u0641\u0646\u06af\u0631 \u067e\u0631\u0646\u0679 \u0633\u06cc\u0646\u0633\u0631 \u0646\u06c1\u06cc\u06ba \u06c1\u06d2\"", "\"abc_capital_off\" : \"\u0412\u042b\u041a\u041b.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0ec1\u0e95\u0eb0\u0ec0\u0e8a\u0eb1\u0e99\u0ec0\u0e8a\u0eb5\u0ea5\u0eb2\u0e8d\u0e99\u0eb4\u0ec9\u0ea7\u0ea1\u0eb7\"", "\"abc_toolbar_collapse_description\" : \"\u03a3\u03cd\u03bc\u03c0\u03c4\u03c5\u03be\u03b7\"", "\"abc_searchview_description_voice\" : \"Glasovno iskanje\"", "\"fingerprint_error_no_fingerprints\" : \"Barmaq izi qeyd\u0259 al\u0131nmay\u0131b.\"", "\"fingerprint_error_hw_not_present\" : \"\u098f\u0987 \u09a1\u09bf\u09ad\u09be\u0987\u09b8\u09c7 \u0986\u0999\u09cd\u0997\u09c1\u09b2\u09c7\u09b0 \u099b\u09be\u09aa \u09a8\u09c7\u0993\u09af\u09bc\u09be\u09b0 \u09b8\u09c7\u09a8\u09cd\u09b8\u09b0 \u09a8\u09c7\u0987\"", "\"abc_search_hint\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u101b\u1014\u103a\u2026\"", "\"abc_search_hint\" : \"Zoeken\u2026\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nie b\u0119dzie dzia\u0142a\u0107 bez Us\u0142ug Google Play, kt\u00f3re nie s\u0105 obecnie obs\u0142ugiwane przez urz\u0105dzenie.\"", "\"abc_action_bar_home_description\" : \"\u0997\u09c3\u09b9 \u09aa\u09c3\u09b7\u09cd\u09a0\u09be\u09b2\u09c8 \u09af\u09be\u0993\u0995\"", "\"abc_shareactionprovider_share_with\" : \"\u5171\u6709\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_searchview_description_voice\" : \"\u97f3\u58f0\u691c\u7d22\"", "\"abc_activitychooserview_choose_application\" : \"Choose an app\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play \u0448\u0442\u043e \u0433\u0438 \u043d\u0435\u043c\u0430 \u043d\u0430 \u0443\u0440\u0435\u0434\u043e\u0442.\"", "\"abc_capital_off\" : \"DEZACTIVAT\"", "\"abc_shareactionprovider_share_with\" : \"\u05e9\u05d9\u05ea\u05d5\u05e3 \u05e2\u05dd\"", "\"common_google_play_services_install_button\" : \"\u054f\u0565\u0572\u0561\u0564\u0580\u0565\u056c\"", "\"fingerprint_error_hw_not_available\" : \"\u12e8\u1323\u1275 \u12a0\u123b\u122b \u1203\u122d\u12f5\u12cc\u122d \u12e8\u1208\u121d\u1362\"", "\"abc_searchview_description_search\" : \"Pretra\u017eite\"", "\"confirm_device_credential_password\" : \"\u067e\u0627\u0633 \u0648\u0631\u0688 \u0627\u0633\u062a\u0639\u0645\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"fingerprint_error_no_fingerprints\" : \"\u0421\u0430\u0443\u0441\u0430\u049b \u0456\u0437\u0434\u0435\u0440\u0456 \u0442\u0456\u0440\u043a\u0435\u043b\u043c\u0435\u0433\u0435\u043d.\"", "\"confirm_device_credential_password\" : \"\u0423\u043f\u043e\u0442\u0440\u0435\u0431\u0435\u0442\u0435 \u0458\u0430 \u043b\u043e\u0437\u0438\u043d\u043a\u0430\u0442\u0430\"", "\"fingerprint_error_hw_not_present\" : \"\u0a86 \u0aa1\u0abf\u0ab5\u0abe\u0a87\u0ab8\u0aae\u0abe\u0a82 \u0a95\u0acb\u0a88 \u0aab\u0abf\u0a82\u0a97\u0ab0\u0aaa\u0acd\u0ab0\u0abf\u0aa8\u0acd\u0a9f \u0ab8\u0ac7\u0aa8\u0acd\u0ab8\u0ab0 \u0aa8\u0aa5\u0ac0\"", "\"abc_action_menu_overflow_description\" : \"\u0414\u0430\u0434\u0430\u0442\u043a\u043e\u0432\u044b\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b\"", "\"common_google_play_services_enable_title\" : \"Dayakan perkhidmatan Google Play\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u092a\u0947\u0938 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"fingerprint_dialog_touch_sensor\" : \"\u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0938\u0947\u0928\u094d\u0938\u0930\u0932\u093e \u0938\u094d\u092a\u0930\u094d\u0936 \u0915\u0930\u093e\"", "\"common_signin_button_text_long\" : \"Prihl\u00e1si\u0165 sa \u00fa\u010dtom Google\"", "\"abc_action_bar_home_description\" : \"\u0939\u094b\u092e \u092a\u0947\u091c \u092a\u0930 \u091c\u093e\u090f\u0902\"", "\"please_enter_passcode\" : \"Enter a passcode of 4-6 digits\"", "\"common_google_play_services_notification_channel_name\" : \"\u0394\u03b9\u03b1\u03b8\u03b5\u03c3\u03b9\u03bc\u03cc\u03c4\u03b7\u03c4\u03b1 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"common_google_play_services_unsupported_text\" : \"\u0422\u0430\u043d\u044b \u0442\u04e9\u0445\u04e9\u04e9\u0440\u04e9\u043c\u0436 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0434\u044d\u043c\u0436\u0434\u044d\u0433\u0433\u04af\u0439 \u0443\u0447\u0438\u0440 %1$s \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_searchview_description_query\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200eSearch query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fingerprint_dialog_touch_sensor\" : \"Pindutin ang fingerprint sensor\"", "\"abc_searchview_description_voice\" : \"\uc74c\uc131 \uac80\uc0c9\"", "\"abc_searchview_description_voice\" : \"C\u0103utare vocal\u0103\"", "\"abc_activitychooserview_choose_application\" : \"Bir uygulama se\u00e7in\"", "\"abc_searchview_description_search\" : \"Leit\"", "\"abc_shareactionprovider_share_with_application\" : \"Bendrinti naudojant program\u0105 \u201e%s\u201c\"", "\"generic_error_user_canceled\" : \"\u092a\u094d\u0930\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e\u0932\u0947 \u092a\u094d\u0930\u092e\u093e\u0923\u0940\u0915\u0930\u0923 \u0938\u0947\u0935\u093e \u0930\u0926\u094d\u0926 \u0917\u0930\u094d\u0928\u0941\u092d\u092f\u094b\u0964\"", "\"default_error_msg\" : \"\u4e0d\u660e\u7684\u932f\u8aa4\"", "\"abc_activity_chooser_view_see_all\" : \"\u0639\u0631\u0636 \u0627\u0644\u0643\u0644\"", "\"generic_error_user_canceled\" : \"Notandi h\u00e6tti vi\u00f0 au\u00f0kenningu.\"", "\"common_google_play_services_wear_update_text\" : \"\u0e08\u0e33\u0e40\u0e1b\u0e47\u0e19\u0e15\u0e49\u0e2d\u0e07\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e40\u0e27\u0e2d\u0e23\u0e4c\u0e0a\u0e31\u0e19\u0e43\u0e2b\u0e21\u0e48 \u0e0b\u0e36\u0e48\u0e07\u0e08\u0e30\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e2d\u0e31\u0e15\u0e42\u0e19\u0e21\u0e31\u0e15\u0e34\u0e43\u0e19\u0e2d\u0e35\u0e01\u0e44\u0e21\u0e48\u0e0a\u0e49\u0e32\"", "\"common_google_play_services_enable_button\" : \"\uc0ac\uc6a9 \uc124\uc815\"", "\"abc_action_mode_done\" : \"\uc644\ub8cc\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a24\u0a4b\u0a02 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a40, \u0a1c\u0a4b \u0a24\u0a41\u0a39\u0a3e\u0a21\u0a47 \u0a21\u0a40\u0a35\u0a3e\u0a08\u0a38 \u0a24\u0a4b\u0a02 \u0a17\u0a41\u0a70\u0a2e \u0a39\u0a28\u0964\"", "\"default_error_msg\" : \"Error desconocido\"", "\"common_google_play_services_update_button\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458\"", "\"common_google_play_services_enable_text\" : \"%1$s aplikazioak ez du funtzionatuko Google Play zerbitzuak gaitzen ez badituzu.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0e21\u0e35\u0e1b\u0e31\u0e0d\u0e2b\u0e32\u0e40\u0e01\u0e35\u0e48\u0e22\u0e27\u0e01\u0e31\u0e1a\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23\u0e02\u0e2d\u0e07 Google Play \u0e42\u0e1b\u0e23\u0e14\u0e25\u0e2d\u0e07\u0e2d\u0e35\u0e01\u0e04\u0e23\u0e31\u0e49\u0e07\"", "\"common_open_on_phone\" : \"\u5728\u624b\u673a\u4e0a\u6253\u5f00\"", "\"common_google_play_services_update_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0430\u043a\u043e \u043d\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435.\"", "\"common_google_play_services_updating_text\" : \"%1$s kan inte k\u00f6ras utan Google Play-tj\u00e4nster, och dessa uppdateras f\u00f6r n\u00e4rvarande.\"", "\"common_signin_button_text\" : \"Accedi\"", "\"common_google_play_services_enable_title\" : \"Google Play hizmetlerini etkinle\u015ftirin\"", "\"common_signin_button_text_long\" : \"\u200f\u05d4\u05d9\u05db\u05e0\u05e1 \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea Google\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u30a8\u30e9\u30fc\"", "\"common_google_play_services_update_button\" : \"\u0410\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0435\"", "\"fingerprint_not_recognized\" : \"Nem ismerhet\u0151 fel\"", "\"abc_searchview_description_voice\" : \"Recherche vocale\"", "\"common_open_on_phone\" : \"Atidaryti telefone\"", "\"common_google_play_services_updating_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be \u09af\u09be \u09ac\u09b0\u09cd\u09a4\u09ae\u09be\u09a8\u09c7 \u0986\u09aa\u09a1\u09c7\u099f \u09b9\u099a\u09cd\u099b\u09c7\u0964\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e1lasszon alkalmaz\u00e1st\"", "\"common_open_on_phone\" : \"\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0435\"", "\"abc_searchview_description_query\" : \"B\u00fasqueda\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0432\u0440\u0448\u0443\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play \u0448\u0442\u043e \u0441\u0435 \u0430\u0436\u0443\u0440\u0438\u0440\u0430\u0430\u0442 \u0432\u043e \u043c\u043e\u043c\u0435\u043d\u0442\u043e\u0432.\"", "\"common_google_play_services_notification_ticker\" : \"Fejl i Google Play-tjenester\"", "\"abc_menu_shift_shortcut_label\" : \"Umschalttaste\u00a0+\"", "\"common_google_play_services_install_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4a\u0c02\u0c26\u0c02\u0c21\u0c3f\"", "\"abc_searchview_description_search\" : \"Maghanap\"", "\"common_google_play_services_update_title\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9\u0eab\u0eb2\u0e81\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e9a\u0ecd\u0ea5\u0eb4\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u0ead\u0eb8\u0e9b\u0eb0\u0e81\u0ead\u0e99\u0e82\u0ead\u0e87\u0e97\u0ec8\u0eb2\u0e99\u0e9a\u0ecd\u0ec8\u0eae\u0ead\u0e87\u0eae\u0eb1\u0e9a.\"", "\"common_google_play_services_install_title\" : \"Google\u00a0Play pakalpojumu ieg\u016b\u0161ana\"", "\"fingerprint_not_recognized\" : \"\u0634\u0646\u0627\u062e\u062a \u0646\u06c1\u06cc\u06ba \u06c1\u0648 \u0633\u06a9\u06cc\"", "\"search_menu_title\" : \"S\u00f6k\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0932\u093e Google Play \u0938\u0947\u0935\u093e\u0902\u092e\u0927\u094d\u092f\u0947 \u0938\u092e\u0938\u094d\u092f\u093e \u092f\u0947\u0924 \u0906\u0939\u0947. \u0915\u0943\u092a\u092f\u093e \u092a\u0941\u0928\u094d\u0939\u093e \u092a\u094d\u0930\u092f\u0924\u094d\u0928 \u0915\u0930\u093e.\"", "\"fingerprint_error_hw_not_present\" : \"Kjo pajisje nuk ka nj\u00eb sensor t\u00eb gjurm\u00ebs s\u00eb gishtit\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ilovasini Google Play xizmatlariga ulab bo\u2018lmadi. Qaytadan urinib ko\u2018ring.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Oblast poruke za pomo\u0107\"", "\"abc_searchview_description_search\" : \"Rechercher\"", "\"abc_search_hint\" : \"\u0412\u0432\u0435\u0434\u0456\u0442\u044c \u043f\u043e\u0448\u0443\u043a\u043e\u0432\u0438\u0439 \u0437\u0430\u043f\u0438\u0442\u2026\"", "\"abc_shareactionprovider_share_with_application\" : \"Comparteix amb %s\"", "\"common_google_play_services_enable_button\" : \"\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09b0\u09c1\u09a8\"", "\"abc_prepend_shortcut_label\" : \"Imenyu+\"", "\"common_google_play_services_unsupported_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini tidak disokong oleh peranti anda.\"", "\"search_menu_title\" : \"Pretra\u017ei\"", "\"common_google_play_services_updating_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die momenteel worden ge\u00fcpdatet.\"", "\"common_google_play_services_updating_text\" : \"%1$s no se ejecutar\u00e1 hasta que finalice la actualizaci\u00f3n en curso de Servicios de Google Play.\"", "\"common_google_play_services_update_button\" : \"Sasisha\"", "\"default_error_msg\" : \"Ralat tidak diketahui\"", "\"abc_action_bar_home_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\"", "\"abc_action_mode_done\" : \"\u0411\u04af\u0442\u0442\u04af\"", "\"gcm_defaultSenderId\" : \"932398433474\"", "\"abc_menu_enter_shortcut_label\" : \"sartu\"", "\"common_google_play_services_unknown_issue\" : \"\u200f%1$s \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062e\u062f\u0645\u0627\u062a Google Play \u0628\u0627 \u0645\u0634\u06a9\u0644 \u0631\u0648\u0628\u0631\u0648 \u0627\u0633\u062a. \u0644\u0637\u0641\u0627\u064b \u062f\u0648\u0628\u0627\u0631\u0647 \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0646\u06cc\u062f.\"", "\"abc_activitychooserview_choose_application\" : \"\u9078\u64c7\u61c9\u7528\u7a0b\u5f0f\"", "\"fingerprint_not_recognized\" : \"Tidak dikenali\"", "\"fingerprint_error_user_canceled\" : \"Opera\u00e7\u00e3o de impress\u00e3o digital cancelada pelo utilizador.\"", "\"fingerprint_error_no_fingerprints\" : \"\u0995\u09cb\u09a8\u09cb \u09ab\u09bf\u0982\u0997\u09be\u09f0\u09aa\u09cd\u09f0\u09bf\u09a3\u09cd\u099f \u09af\u09cb\u0997 \u0995\u09f0\u09be \u09a8\u09b9'\u09b2\u0964\"", "\"common_google_play_services_update_button\" : \"\u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_signin_button_text\" : \"\u0ea5\u0ebb\u0e87\u0e8a\u0eb7\u0ec8\u0ec0\u0e82\u0ebb\u0ec9\u0eb2\u0ec3\u0e8a\u0ec9\"", "\"common_google_play_services_wear_update_text\" : \"Ir nepiecie\u0161ama jauna Google\u00a0Play pakalpojumu versija. Dr\u012bzum\u0101 t\u0101 tiks instal\u0113ta.\"", "\"abc_capital_on\" : \"\u0a1a\u0a3e\u0a32\u0a42\"", "\"abc_searchview_description_query\" : \"Hoja ya utafutaji\"", "\"common_signin_button_text\" : \"Fazer login\"", "\"abc_menu_delete_shortcut_label\" : \"odstr\u00e1ni\u0165\"", "\"abc_searchview_description_clear\" : \"I-clear ang query\"", "\"abc_action_bar_home_description\" : \"\u0414\u0432\u0438\u0436\u0438 \u0441\u0435 \u043a\u043e\u043d \u0434\u043e\u043c\u0430\"", "\"abc_action_bar_home_description\" : \"\u0d39\u0d4b\u0d2e\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2a\u0d4b\u0d35\u0d41\u0d15\"", "\"common_google_play_services_update_button\" : \"\u0416\u0430\u04a3\u044b\u0440\u0442\u0443\u0443\"", "\"abc_menu_function_shortcut_label\" : \"Funktsiooniklahv +\"", "\"common_google_play_services_updating_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0ab6\u0ab0\u0ac2 \u0aa5\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0ab5\u0ab0\u0acd\u0aa4\u0aae\u0abe\u0aa8\u0aae\u0abe\u0a82 \u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0aa5\u0a88 \u0ab0\u0ab9\u0ac0 \u0a9b\u0ac7.\"", "\"abc_capital_on\" : \"\u0a9a\u0abe\u0ab2\u0ac1\"", "\"common_signin_button_text_long\" : \"Logga in med Google\"", "\"fingerprint_error_hw_not_present\" : \"\u05d1\u05de\u05db\u05e9\u05d9\u05e8 \u05d6\u05d4 \u05d0\u05d9\u05df \u05d7\u05d9\u05d9\u05e9\u05df \u05d8\u05d1\u05d9\u05e2\u05d5\u05ea \u05d0\u05e6\u05d1\u05e2\"", "\"abc_action_menu_overflow_description\" : \"\u1270\u1328\u121b\u122a \u12a0\u121b\u122b\u132e\u127d\"", "\"common_google_play_services_unsupported_text\" : \"%1$s non se executar\u00e1 sen os servizos de Google Play, que non son compatibles co teu dispositivo.\"", "\"common_open_on_phone\" : \"\u092b\u094b\u0928\u092e\u093e \u0916\u094b\u0932\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_signin_button_text\" : \"\u767b\u5165\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0e88\u0eb0\u0e9a\u0ecd\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0e87\u0eb2\u0e99\u0ec4\u0e94\u0ec9\u0ec2\u0e94\u0e8d\u0e97\u0eb5\u0ec8\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e81\u0eb2\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play, \u0ec0\u0e8a\u0eb4\u0ec8\u0e87\u200b\u0e81\u0eb3\u200b\u0ea5\u0eb1\u0e87\u200b\u0ead\u0eb1\u0e9a\u200b\u0ec0\u0e94\u0e94\u200b\u0ea2\u0eb9\u0ec8\u200b\u0ec3\u0e99\u200b\u0e9b\u0eb0\u200b\u0e88\u0eb8\u200b\u0e9a\u0eb1\u0e99.\"", "\"fingerprint_error_user_canceled\" : \"L'op\u00e9ration d'authentification par empreinte digitale a \u00e9t\u00e9 annul\u00e9e par l'utilisateur.\"", "\"common_signin_button_text_long\" : \"Skr\u00e1 inn me\u00f0 Google\"", "\"common_google_play_services_install_title\" : \"Instalar o Google Play Services\"", "\"common_google_play_services_notification_ticker\" : \"\u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google\u00a0Play\"", "\"abc_menu_function_shortcut_label\" : \"A\u00f0ger\u00f0arlykill+\"", "\"common_google_play_services_install_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b87\u0baf\u0b99\u0bcd\u0b95\u0bc1\u0bae\u0bcd. \u0b85\u0bb5\u0bc8 \u0b89\u0b99\u0bcd\u0b95\u0bb3\u0bcd \u0b9a\u0bbe\u0ba4\u0ba9\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b87\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"common_google_play_services_update_button\" : \"\u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\"", "\"fingerprint_error_no_fingerprints\" : \"Inga fingeravtryck har registrerats.\"", "\"abc_action_bar_up_description\" : \"\u0bae\u0bc7\u0bb2\u0bc7 \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_install_button\" : \"\u05d4\u05ea\u05e7\u05df\"", "\"abc_searchview_description_voice\" : \"\u0628\u062d\u062b \u0635\u0648\u062a\u064a\"", "\"common_google_play_services_update_text\" : \"%1$s ei toimi, ellet p\u00e4ivit\u00e4 Google Play Palveluita.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u03a0\u03b5\u03c1\u03b9\u03bf\u03c7\u03ae \u03bc\u03b7\u03bd\u03c5\u03bc\u03ac\u03c4\u03c9\u03bd \u03b2\u03bf\u03ae\u03b8\u03b5\u03b9\u03b1\u03c2\"", "\"common_open_on_phone\" : \"Vula kufoni\"", "\"fingerprint_error_user_canceled\" : \"Erabiltzaileak bertan behera utzi du hatz-marka bidezko eragiketa.\"", "\"abc_searchview_description_voice\" : \"Gesproken zoekopdracht\"", "\"abc_menu_space_shortcut_label\" : \"svemir\"", "\"common_google_play_services_enable_title\" : \"Ota Google Play Palvelut k\u00e4ytt\u00f6\u00f6n\"", "\"fingerprint_error_lockout\" : \"\u00c7ok fazla deneme yap\u0131ld\u0131. L\u00fctfen daha sonra tekrar deneyin.\"", "\"common_google_play_services_update_button\" : \"\u0416\u0430\u04a3\u0430\u0440\u0442\u0443\"", "\"confirm_device_credential_password\" : \"Folosi\u021bi parola\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"fingerprint_error_no_fingerprints\" : \"Keine Fingerabdr\u00fccke erfasst.\"", "\"common_google_play_services_enable_text\" : \"Hindi gagana ang %1$s maliban kung ie-enable mo ang mga serbisyo ng Google Play.\"", "\"common_google_play_services_enable_title\" : \"\u0410\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"Megoszt\u00e1s a k\u00f6vetkez\u0151 alkalmaz\u00e1ssal: %s\"", "\"common_google_play_services_updating_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyek friss\u00edt\u00e9se folyamatban van.\"", "\"fingerprint_error_lockout\" : \"Jan\u00eb b\u00ebr\u00eb shum\u00eb p\u00ebrpjekje. Provo p\u00ebrs\u00ebri m\u00eb von\u00eb.\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u0430\u0442\u0440\u0430\u0431\u0443\u0435\u0446\u0446\u0430 \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0456\u044f \u0441\u043b\u0443\u0436\u0431 Google Play. \u042f\u043d\u0430 \u0430\u0431\u043d\u043e\u0432\u0456\u0446\u0446\u0430 \u0430\u045e\u0442\u0430\u043c\u0430\u0442\u044b\u0447\u043d\u0430 \u045e \u0431\u043b\u0456\u0436\u044d\u0439\u0448\u044b \u0447\u0430\u0441.\"", "\"common_google_play_services_notification_ticker\" : \"\u041f\u0430\u043c\u044b\u043b\u043a\u0430 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play\"", "\"abc_searchview_description_clear\" : \"Sorguyu temizle\"", "\"abc_menu_delete_shortcut_label\" : \"dz\u0113\u0161anas tausti\u0146\u0161\"", "\"abc_action_menu_overflow_description\" : \"V\u00edce mo\u017enost\u00ed\"", "\"common_signin_button_text\" : \"Ingia katika akaunti\"", "\"common_google_play_services_update_title\" : \"A Google Play-szolg\u00e1ltat\u00e1sok friss\u00edt\u00e9se\"", "\"common_open_on_phone\" : \"\u09ab\u09cb\u09a8\u09c7 \u0996\u09c1\u09b2\u09c1\u09a8\"", "\"abc_action_mode_done\" : \"\u0d9a\u0dc5\u0dcf\"", "\"fingerprint_error_hw_not_present\" : \"Dieses Ger\u00e4t hat keinen Fingerabdrucksensor\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0902\u091a\u094d\u092f\u093e \u0928\u0935\u0940\u0928 \u0906\u0935\u0943\u0924\u094d\u0924\u0940\u091a\u0940 \u0906\u0935\u0936\u094d\u092f\u0915\u0924\u093e \u0906\u0939\u0947. \u0939\u0947 \u0938\u094d\u0935\u0924:\u0932\u093e \u0932\u0935\u0915\u0930\u091a \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u0932.\"", "\"abc_activitychooserview_choose_application\" : \"Izaberite aplikaciju\"", "\"common_signin_button_text\" : \"\u130d\u1263\"", "\"abc_menu_space_shortcut_label\" : \"hap\u00ebsir\u00eb\"", "\"abc_search_hint\" : \"Vyhledat\u2026\"", "\"search_menu_title\" : \"Qidiruv\"", "\"common_google_play_services_update_button\" : \"\u041e\u043d\u043e\u0432\u0438\u0442\u0438\"", "\"abc_searchview_description_search\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"common_google_play_services_update_title\" : \"Eguneratu Google Play zerbitzuak\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u5229\u7528\"", "\"abc_searchview_description_clear\" : \"Tyhjenn\u00e4 kysely\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ten problemas cos servizos de Google Play. T\u00e9ntao de novo.\"", "\"confirm_device_credential_password\" : \"\u0c2a\u0c3e\u0c38\u0c4d\u200c\u0c35\u0c30\u0c4d\u0c21\u0c4d\u200c\u0c28\u0c41 \u0c09\u0c2a\u0c2f\u0c4b\u0c17\u0c3f\u0c02\u0c1a\u0c41\"", "\"common_google_play_services_install_button\" : \"C\u00e0i \u0111\u1eb7t\"", "\"common_google_play_services_update_button\" : \"\u0986\u09aa\u09a1\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"abc_action_bar_home_description\" : \"\u041d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441 \u0443\u0440\u0443\u0443 \u0448\u0438\u043b\u0436\u0438\u0445\"", "\"fingerprint_error_lockout\" : \"\u0b2c\u0b39\u0b41\u0b24 \u0b05\u0b27\u0b3f\u0b15 \u0b2a\u0b4d\u0b30\u0b1a\u0b47\u0b37\u0b4d\u0b1f\u0b3e\u0964 \u0b26\u0b5f\u0b3e\u0b15\u0b30\u0b3f \u0b2a\u0b30\u0b47 \u0b2a\u0b41\u0b23\u0b3f \u0b1a\u0b47\u0b37\u0b4d\u0b1f\u0b3e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\u0964\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0e9e\u0eb7\u0ec9\u0e99\u0e97\u0eb5\u0ec8\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\u0e8a\u0ec8\u0ea7\u0e8d\u0ec0\u0eab\u0ebc\u0eb7\u0ead\"", "\"common_google_play_services_update_button\" : \"G\u00fcncelle\"", "\"common_google_play_services_update_button\" : \"A\u017euriraj\"", "\"abc_shareactionprovider_share_with_application\" : \"Partager avec %s\"", "\"common_google_play_services_install_text\" : \"%1$s ei toimi ilman Google Play Palveluita, jotka puuttuvat laitteeltasi.\"", "\"abc_capital_off\" : \"JOAKTIV\"", "\"common_google_play_services_enable_text\" : \"%1$s no funcionar\u00e1 a menos que habilites los servicios de Google Play.\"", "\"confirm_device_credential_password\" : \"\u09aa\u09be\u09b8\u0993\u09af\u09bc\u09be\u09b0\u09cd\u09a1 \u09ac\u09cd\u09af\u09ac\u09b9\u09be\u09b0 \u0995\u09b0\u09c1\u09a8\"", "\"fingerprint_dialog_touch_sensor\" : \"Dodirnite senzor za otisak prsta\"", "\"generic_error_user_canceled\" : \"V\u00ebrtetimi u anulua nga p\u00ebrdoruesi.\"", "\"fingerprint_error_lockout\" : \"Liian monta ep\u00e4onnistunutta yrityst\u00e4. Yrit\u00e4 my\u00f6hemmin uudelleen.\"", "\"common_google_play_services_install_text\" : \"\u0d94\u0db6\u0d9c\u0dda \u0da7\u0dd0\u0db6\u0dca\u0dbd\u0da7\u0dca \u0db4\u0dbb\u0dd2\u0d9c\u0dab\u0d9a\u0dba\u0dda \u0db1\u0dd0\u0dad\u0dd2 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0422\u0443\u0441\u043b\u0430\u0445 \u043c\u0435\u0441\u0441\u0435\u0436\u043d\u0438\u0439 \u0445\u044d\u0441\u044d\u0433\"", "\"common_google_play_services_unknown_issue\" : \"Aplikacija %1$s ima te\u017eave s storitvami Google Play. Poskusite znova.\"", "\"abc_toolbar_collapse_description\" : \"Replega\"", "\"confirm_device_credential_password\" : \"\u1005\u1000\u102c\u1038\u101d\u103e\u1000\u103a\u101e\u102f\u1036\u1038\u101b\u1014\u103a\"", "\"abc_menu_enter_shortcut_label\" : \"Intro\"", "\"common_google_play_services_update_text\" : \"%1$s nu va rula dec\u00e2t dac\u0103 actualiza\u021bi serviciile Google Play.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s fungerar inte utan Google Play-tj\u00e4nsterna, som inte st\u00f6ds p\u00e5 enheten.\"", "\"abc_capital_on\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200eON\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_capital_on\" : \"\u0d13\u0d7a\"", "\"abc_shareactionprovider_share_with\" : \"\u053f\u056b\u057d\u057e\u0565\u056c\u2026\"", "\"common_google_play_services_wear_update_text\" : \"La nouvelle version des services Google\u00a0Play est n\u00e9cessaire. Elle sera bient\u00f4t install\u00e9e automatiquement.\"", "\"abc_shareactionprovider_share_with_application\" : \"Condividi tramite %s\"", "\"abc_menu_shift_shortcut_label\" : \"Maius +\"", "\"fingerprint_error_hw_not_available\" : \"\u092b\u093c\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0939\u093e\u0930\u094d\u0921\u0935\u0947\u092f\u0930 \u092e\u094c\u091c\u0942\u0926 \u0928\u0939\u0940\u0902 \u0939\u0948.\"", "\"common_signin_button_text\" : \"\u0423\u0432\u0430\u0439\u0441\u0446i\"", "\"abc_action_bar_up_description\" : \"\u0935\u093e\u092a\u0938 \u091c\u093e\u090f\u0902\"", "\"fingerprint_error_hw_not_available\" : \"\u0cab\u0cbf\u0c82\u0c97\u0cb0\u0ccd\u200c \u0cab\u0ccd\u0cb0\u0cbf\u0c82\u0c9f\u0ccd\u200c \u0cb9\u0cbe\u0cb0\u0ccd\u0ca1\u0ccd\u200c\u0cb5\u0cc7\u0cb0\u0ccd\u200c \u0cb2\u0cad\u0ccd\u0caf\u0cb5\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"abc_capital_on\" : \"\u0938\u0941\u0930\u0942\"", "\"common_google_play_services_updating_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306fGoogle Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u3053\u306e\u30b5\u30fc\u30d3\u30b9\u306f\u73fe\u5728\u66f4\u65b0\u4e2d\u3067\u3059\u3002\"", "\"common_open_on_phone\" : \"\u0422\u0435\u043b\u0435\u0444\u043e\u043d\u0434\u043e \u0430\u0447\u044b\u043a\"", "\"abc_capital_on\" : \"VULA\"", "\"common_signin_button_text\" : \"\u0423\u0432\u0456\u0439\u0442\u0438\"", "\"common_google_play_services_install_button\" : \"\u5b89\u88c5\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u092e\u0926\u094d\u0926\u0924\u0938\u092e\u094d\u092c\u0928\u094d\u0927\u0940 \u0938\u0928\u094d\u0926\u0947\u0936\u0915\u094b \u0915\u094d\u0937\u0947\u0924\u094d\u0930\"", "\"common_google_play_services_install_button\" : \"\u0a38\u0a25\u0a3e\u0a2a\u0a24 \u0a15\u0a30\u0a4b\"", "\"abc_searchview_description_clear\" : \"I\u0161valyti u\u017eklaus\u0105\"", "\"abc_searchview_description_clear\" : \"Hapus kueri\"", "\"common_signin_button_text_long\" : \"Google \u0d09\u0d2a\u0d2f\u0d4b\u0d17\u0d3f\u0d1a\u0d4d\u0d1a\u0d4d \u0d38\u0d48\u0d7b \u0d07\u0d7b \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Prostor za poruku za pomo\u0107\"", "\"common_google_play_services_update_button\" : \"Aktualizovat\"", "\"abc_activity_chooser_view_see_all\" : \"Az \u00f6sszes megtekint\u00e9se\"", "\"abc_capital_off\" : \"T\u1eaeT\"", "\"fingerprint_error_lockout\" : \"\u041f\u0440\u0435\u0432\u0438\u0448\u0435 \u043f\u043e\u043a\u0443\u0448\u0430\u0458\u0430. \u041f\u0440\u043e\u0431\u0430\u0458\u0442\u0435 \u043f\u043e\u043d\u043e\u0432\u043e \u043a\u0430\u0441\u043d\u0438\u0458\u0435.\"", "\"common_google_play_services_update_title\" : \"\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"common_google_play_services_enable_button\" : \"\u6709\u52b9\u306b\u3059\u308b\"", "\"common_google_play_services_install_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0438\u0445 \u043d\u0435\u043c\u0430\u0454 \u043d\u0430 \u0432\u0430\u0448\u043e\u043c\u0443 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u0457.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942\u0915\u094b \u0928\u092f\u093e\u0901 \u0938\u0902\u0938\u094d\u0915\u0930\u0923 \u0906\u0935\u0936\u094d\u092f\u0915 \u091b\u0964 \u092f\u094b \u0906\u092b\u0948 \u091b\u093f\u091f\u094d\u091f\u0948 \u0928\u0948 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0939\u0941\u0928\u0947\u091b\u0964\"", "\"abc_capital_on\" : \"ZAP\"", "\"common_google_play_services_enable_button\" : \"\u0938\u0915\u094d\u0930\u093f\u092f \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_searchview_description_search\" : \"\u0916\u094b\u091c\"", "\"abc_shareactionprovider_share_with\" : \"\u092f\u093e\u0902\u091a\u094d\u092f\u093e\u0938\u094b\u092c\u0924 \u0936\u0947\u0905\u0930 \u0915\u0930\u093e\"", "\"abc_searchview_description_submit\" : \"Submit query\"", "\"abc_action_bar_up_description\" : \"\u0531\u0576\u0581\u0576\u0565\u056c \u057e\u0565\u0580\u0587\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n +\"", "\"common_google_play_services_enable_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306f\u3001Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u6709\u52b9\u5316\u304c\u5fc5\u8981\u3067\u3059\u3002\"", "\"common_signin_button_text_long\" : \"Google il\u0259 daxil olun\"", "\"common_google_play_services_update_button\" : \"Atnaujinti\"", "\"abc_shareactionprovider_share_with_application\" : \"Yabelana ne-%s\"", "\"abc_search_hint\" : \"\u0a16\u0a4b\u0a1c\u2026\"", "\"fingerprint_not_recognized\" : \"\u65e0\u6cd5\u8bc6\u522b\"", "\"abc_prepend_shortcut_label\" : \"\u0645\u0646\u0648+\"", "\"abc_shareactionprovider_share_with\" : \"\u0414\u0430\u0440\u0430\u0430\u0445\u0442\u0430\u0439 \u0445\u0443\u0432\u0430\u0430\u043b\u0446\u0430\u0445\"", "\"abc_searchview_description_search\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"fingerprint_error_user_canceled\" : \"U\u017eivatel operaci s\u00a0otiskem prstu zru\u0161il.\"", "\"common_google_play_services_wear_update_text\" : \"\u0531\u0576\u0570\u0580\u0561\u056a\u0565\u0577\u057f \u0567 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u0576\u0578\u0580 \u057f\u0561\u0580\u0562\u0565\u0580\u0561\u056f\u0568: \u0531\u0575\u0576 \u0577\u0578\u0582\u057f\u0578\u057e \u056f\u0569\u0561\u0580\u0574\u0561\u0581\u057e\u056b \u0561\u057e\u057f\u0578\u0574\u0561\u057f \u056f\u0565\u0580\u057a\u0578\u057e:\"", "\"default_error_msg\" : \"Nepoznata gre\u0161ka\"", "\"abc_menu_meta_shortcut_label\" : \"Meta\u00a0+\u00a0\"", "\"abc_activitychooserview_choose_application\" : \"Ch\u1ecdn m\u1ed9t \u1ee9ng d\u1ee5ng\"", "\"fingerprint_error_lockout\" : \"\u5617\u8a66\u6b21\u6578\u904e\u591a\uff0c\u8acb\u7a0d\u5f8c\u518d\u8a66\u3002\"", "\"confirm_device_credential_password\" : \"Wachtwoord gebruiken\"", "\"fingerprint_error_no_fingerprints\" : \"Azikho izigxivizo zeminwe ezibhalisiwe.\"", "\"common_signin_button_text_long\" : \"Google \u0915\u0947 \u091c\u093c\u0930\u093f\u090f \u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u0947\u0902\"", "\"fingerprint_error_hw_not_present\" : \"Enheten har ingen fingeravtryckssensor\"", "\"common_open_on_phone\" : \"Otev\u0159\u00edt v\u00a0telefonu\"", "\"fingerprint_error_hw_not_present\" : \"\u0160aj\u0101 ier\u012bc\u0113 nav pirksta nospieduma sensora\"", "\"abc_search_hint\" : \"Axtar\u0131\u015f...\"", "\"common_google_play_services_update_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb n\u00ebse nuk p\u00ebrdit\u00ebson sh\u00ebrbimet e \"Luaj me Google\".\"", "\"abc_search_hint\" : \"\u0406\u0437\u0434\u0435\u0443\u2026\"", "\"abc_shareactionprovider_share_with_application\" : \"\u041f\u043e\u0434\u0456\u043b\u0438\u0442\u0438\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u0434\u0430\u0442\u043e\u043a %s\"", "\"fingerprint_not_recognized\" : \"\u0b1a\u0b3f\u0b39\u0b4d\u0b28\u0b1f \u0b39\u0b47\u0b32\u0b3e\u0b28\u0b3e\u0b39\u0b3f\u0b01\"", "\"abc_toolbar_collapse_description\" : \"\u0b38\u0b02\u0b15\u0b41\u0b1a\u0b3f\u0b24 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_update_text\" : \"Google Play xizmatlari yangilanmaguncha, %1$s ishga tushmaydi.\"", "\"abc_searchview_description_voice\" : \"Pesquisa por voz\"", "\"common_google_play_services_enable_button\" : \"\u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c02\u0c1a\u0c41\"", "\"default_web_client_id\" : \"932398433474-59j4a17sqbf1r9m1f2eqqlreo6a5qsmt.apps.googleusercontent.com\"", "\"abc_searchview_description_voice\" : \"\u0935\u094d\u0939\u0949\u0907\u0938 \u0936\u094b\u0927\"", "\"confirm_device_credential_password\" : \"\u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u092a\u094d\u0930\u092f\u094b\u0917 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"fingerprint_not_recognized\" : \"\uc778\uc2dd\ud560 \uc218 \uc5c6\uc74c\"", "\"common_google_play_services_updating_text\" : \"\u0ba4\u0bb1\u0bcd\u0baa\u0bcb\u0ba4\u0bc1 \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd, Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"common_google_play_services_update_text\" : \"\u0924\u0941\u092e\u094d\u0939\u0940 Google Play \u0938\u0947\u0935\u093e \u0905\u092a\u0921\u0947\u091f \u0915\u0930\u0947\u092a\u0930\u094d\u092f\u0902\u0924 %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"common_google_play_services_update_button\" : \"V\u00e4rskenda\"", "\"common_open_on_phone\" : \"\u00c5bn p\u00e5 telefonen\"", "\"common_google_play_services_update_button\" : \"\u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"common_google_play_services_enable_button\" : \"\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09f0\u0995\"", "\"common_google_play_services_wear_update_text\" : \"Google Play zerbitzuen bertsio berria behar da. Berehala eguneratuko da automatikoki.\"", "\"abc_action_bar_up_description\" : \"Ngjitu lart\"", "\"common_signin_button_text\" : \"\u099b\u09be\u0987\u09a8 \u0987\u09a8 \u0995\u09f0\u0995\"", "\"default_error_msg\" : \"\u0422\u043e\u0434\u043e\u0440\u0445\u043e\u0439\u0433\u04af\u0439 \u0430\u043b\u0434\u0430\u0430 \u0433\u0430\u0440\u043b\u0430\u0430\"", "\"fingerprint_error_user_canceled\" : \"\u0544\u0561\u057f\u0576\u0561\u0570\u0565\u057f\u0584\u0578\u057e \u0576\u0578\u0582\u0575\u0576\u0561\u056f\u0561\u0576\u0561\u0581\u0574\u0561\u0576 \u0563\u0578\u0580\u056e\u0578\u0572\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0568 \u0579\u0565\u0572\u0561\u0580\u056f\u057e\u0565\u056c \u0567 \u0585\u0563\u057f\u0561\u057f\u056b\u0580\u0578\u057b \u056f\u0578\u0572\u0574\u056b\u0581:\"", "\"common_google_play_services_install_button\" : \"\u062a\u062b\u0628\u064a\u062a\"", "\"common_google_play_services_enable_button\" : \"\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646\"", "\"abc_toolbar_collapse_description\" : \"\u6536\u5408\"", "\"common_google_play_services_update_title\" : \"\u0410\u0431\u043d\u0430\u045e\u043b\u0435\u043d\u043d\u0435 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play\"", "\"fingerprint_not_recognized\" : \"No s'ha reconegut\"", "\"common_google_play_services_updating_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0456 \u0437\u0430\u0440\u0430\u0437 \u043e\u043d\u043e\u0432\u043b\u044e\u044e\u0442\u044c\u0441\u044f.\"", "\"fingerprint_not_recognized\" : \"Nije prepoznato\"", "\"common_google_play_services_wear_update_text\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0646\u0626\u06d2 \u0648\u0631\u0698\u0646 \u06a9\u06cc \u0636\u0631\u0648\u0631\u062a \u06c1\u06d2\u06d4 \u06cc\u06c1 \u062a\u06be\u0648\u0691\u06cc \u062f\u06cc\u0631 \u0645\u06cc\u06ba \u062e\u0648\u062f \u06c1\u06cc \u0627\u067e\u0646\u06d2 \u0622\u067e \u06a9\u0648 \u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631 \u0644\u06d2 \u06af\u0627\u06d4\"", "\"abc_search_hint\" : \"\u641c\u5c0b\u2026\"", "\"abc_searchview_description_query\" : \"\u0548\u0580\u0578\u0576\u0574\u0561\u0576 \u0570\u0561\u0580\u0581\u0578\u0582\u0574\"", "\"common_google_play_services_unsupported_text\" : \"Zur Nutzung von %1$s sind Google Play-Dienste erforderlich, die auf deinem Ger\u00e4t nicht unterst\u00fctzt werden.\"", "\"abc_menu_space_shortcut_label\" : \"spatie\"", "\"abc_searchview_description_query\" : \"Suchanfrage\"", "\"abc_searchview_description_submit\" : \"\u0dc0\u0dd2\u0db8\u0dc3\u0dd4\u0db8 \u0dba\u0ddc\u0db8\u0dd4 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_searchview_description_voice\" : \"Sprachsuche\"", "\"abc_toolbar_collapse_description\" : \"\u6536\u8d77\"", "\"common_google_play_services_install_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0579\u056f\u0561\u0576 \u0571\u0565\u0580 \u057d\u0561\u0580\u0584\u0578\u0582\u0574:\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0dc3\u0db8\u0d9f \u0db6\u0dd9\u0daf\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"abc_search_hint\" : \"\u062a\u0644\u0627\u0634 \u06a9\u0631\u06cc\u06ba\u2026\"", "\"abc_searchview_description_submit\" : \"L\u00e4het\u00e4 kysely\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0555\u0563\u0576\u0578\u0582\u0569\u0575\u0561\u0576 \u0570\u0561\u0572\u0578\u0580\u0564\u0561\u0563\u0580\u0578\u0582\u0569\u0575\u0561\u0576 \u0564\u0561\u0577\u057f\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bbf\u0ba9\u0bcd \u0baa\u0bc1\u0ba4\u0bbf\u0baf \u0baa\u0ba4\u0bbf\u0baa\u0bcd\u0baa\u0bc1 \u0ba4\u0bc7\u0bb5\u0bc8. \u0b85\u0ba4\u0bc1 \u0bb5\u0bbf\u0bb0\u0bc8\u0bb5\u0bbf\u0bb2\u0bcd \u0ba4\u0bbe\u0ba9\u0bbe\u0b95\u0bb5\u0bc7 \u0baa\u0bc1\u0ba4\u0bc1\u0baa\u0bcd\u0baa\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"abc_capital_on\" : \"\u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dcf\u0dad\u0dca\u0db8\u0d9a\u0dba\u0dd2\"", "\"abc_searchview_description_query\" : \"\u041f\u0440\u0435\u0442\u0440\u0430\u0436\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"fingerprint_error_hw_not_available\" : \"\u09ab\u09bf\u0982\u0997\u09be\u09f0\u09aa\u09cd\u09f0\u09bf\u09a3\u09cd\u099f \u09b9\u09be\u09f0\u09cd\u09a1\u09f1\u09c7\u09f0 \u09a8\u09be\u0987\u0964\"", "\"fingerprint_dialog_touch_sensor\" : \"\uc9c0\ubb38 \uc13c\uc11c\ub97c \ud130\uce58\ud558\uc138\uc694.\"", "\"confirm_device_credential_password\" : \"Koristite zaporku\"", "\"abc_searchview_description_voice\" : \"\u0413\u043e\u043b\u043e\u0441\u043e\u0432\u043e\u0439 \u043f\u043e\u0438\u0441\u043a\"", "\"abc_action_mode_done\" : \"\u05e1\u05d9\u05d5\u05dd\"", "\"abc_searchview_description_search\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\"", "\"default_error_msg\" : \"Unknown error\"", "\"abc_capital_off\" : \"POIS P\u00c4\u00c4LT\u00c4\"", "\"common_open_on_phone\" : \"\u1794\u17be\u1780\u178f\u17b6\u1798\u1791\u17bc\u179a\u179f\u17d0\u1796\u17d2\u1791\"", "\"common_google_play_services_update_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0430\u0431\u0435\u0440\u0438\u0442\u0435 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0443\"", "\"common_google_play_services_enable_text\" : \"\u0d94\u0db6 Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0dc3\u0db6\u0dbd \u0d9a\u0dbb\u0db1\u0dca\u0db1\u0dda \u0db1\u0db8\u0dca \u0db8\u0dd2\u0dc3 %1$s \u0dc0\u0dd0\u0da9 \u0db1\u0ddc\u0d9a\u0dbb\u0db1\u0dd4 \u0d87\u0dad.\"", "\"abc_action_menu_overflow_description\" : \"Wi\u0119cej opcji\"", "\"abc_menu_alt_shortcut_label\" : \"Altern\u0113\u0161anas tausti\u0146\u0161\u00a0+\"", "\"fingerprint_error_hw_not_available\" : \"\u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0928\u094d\u091f \u0939\u093e\u0930\u094d\u0921\u0935\u0947\u092f\u0930 \u0909\u092a\u0932\u092c\u094d\u0927 \u091b\u0948\u0928\u0964\"", "\"abc_action_bar_up_description\" : \"Prejs\u0165 nahor\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 %1$s \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u200d\u091a\u093e\u0932\u0928 \u0939\u0941\u0901\u0926\u0948\u0928, \u091c\u0941\u0928 \u0939\u093e\u0932 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u092d\u0907\u0930\u0939\u0947\u0915\u093e \u091b\u0928\u094d\u0964\"", "\"common_google_play_services_update_button\" : \"Actualizar\"", "\"abc_search_hint\" : \"Cari\u2026\"", "\"fingerprint_dialog_touch_sensor\" : \"Puudutage s\u00f5rmej\u00e4ljeandurit\"", "\"abc_action_bar_home_description\" : \"\u700f\u89bd\u9996\u9801\"", "\"default_error_msg\" : \"\u4e0d\u660e\u306a\u30a8\u30e9\u30fc\u3067\u3059\"", "\"abc_action_mode_done\" : \"Gata\"", "\"common_google_play_services_enable_text\" : \"%1$s nu va func\u021biona dec\u00e2t dac\u0103 activa\u021bi serviciile Google Play.\"", "\"common_google_play_services_install_text\" : \"%1$s \u0b0f\u0b39\u0b3f Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e \u0b1a\u0b3e\u0b32\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b0f\u0b2c\u0b02 \u0b38\u0b47\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b06\u0b2a\u0b23\u0b19\u0b4d\u0b15 \u0b21\u0b3f\u0b2d\u0b3e\u0b07\u0b38\u0b4d\u200c\u0b30\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_notification_channel_name\" : \"Dispo\u00f1ibilidade dos servizos de Play\"", "\"abc_searchview_description_search\" : \"Pretra\u017ei\"", "\"abc_searchview_description_query\" : \"Otsingup\u00e4ring\"", "\"common_signin_button_text\" : \"Anmelden\"", "\"common_google_play_services_notification_ticker\" : \"\u200f\u062e\u0637\u0627 \u062f\u0631 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"common_signin_button_text_long\" : \"Google'da oturum a\u00e7\"", "\"abc_menu_function_shortcut_label\" : \"Funktion\u00a0+\u00a0\"", "\"common_google_play_services_install_title\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"abc_searchview_description_search\" : \"\u101b\u103e\u102c\u101b\u1014\u103a\"", "\"search_menu_title\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200eSearch\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fingerprint_error_hw_not_available\" : \"\u0421\u043a\u0430\u043d\u0435\u0440 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432 \u043f\u0430\u043b\u044c\u0446\u0435\u0432 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d.\"", "\"abc_activity_chooser_view_see_all\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200eSee all\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_signin_button_text\" : \"Se connecter\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u683c\u9375\"", "\"lock_input_again\" : \"Re-enter new passcode\"", "\"abc_action_menu_overflow_description\" : \"\u0c87\u0ca8\u0ccd\u0ca8\u0cb7\u0ccd\u0c9f\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0c97\u0cb3\u0cc1\"", "\"abc_capital_off\" : \"\u092c\u0902\u0926\"", "\"common_signin_button_text\" : \"Inloggen\"", "\"fingerprint_dialog_touch_sensor\" : \"Toca el sensor de huellas dig.\"", "\"abc_menu_space_shortcut_label\" : \"\u0562\u0561\u0581\u0561\u057f\"", "\"abc_capital_on\" : \"\u0b86\u0ba9\u0bcd\"", "\"common_google_play_services_enable_text\" : \"%1$s haitafanya kazi isipokuwa uwashe huduma za Google Play.\"", "\"fingerprint_error_hw_not_available\" : \"Strojna oprema za prstne odtise ni na voljo.\"", "\"abc_shareactionprovider_share_with\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200eShare with\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0aa8\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aae\u0abe\u0a82 \u0aae\u0ac1\u0ab6\u0acd\u0a95\u0ac7\u0ab2\u0ac0 \u0a86\u0ab5\u0ac0 \u0ab0\u0ab9\u0ac0 \u0a9b\u0ac7. \u0a95\u0ac3\u0aaa\u0abe \u0a95\u0ab0\u0ac0\u0aa8\u0ac7 \u0aab\u0ab0\u0ac0 \u0aaa\u0acd\u0ab0\u0aaf\u0abe\u0ab8 \u0a95\u0ab0\u0acb.\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fa+\"", "\"abc_searchview_description_voice\" : \"\u0e04\u0e49\u0e19\u0e2b\u0e32\u0e14\u0e49\u0e27\u0e22\u0e40\u0e2a\u0e35\u0e22\u0e07\"", "\"common_google_play_services_install_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 d\u1ecbch v\u1ee5 c\u1ee7a Google Play. Thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n b\u1ecb thi\u1ebfu d\u1ecbch v\u1ee5 n\u00e0y.\"", "\"abc_menu_space_shortcut_label\" : \"espazo\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl +\"", "\"common_google_play_services_notification_ticker\" : \"Fehler bei Zugriff auf Google Play-Dienste\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u06cc\u06a9 \u0627\u06cc\u067e \u0645\u0646\u062a\u062e\u0628 \u06a9\u0631\u06cc\u06ba\"", "\"default_error_msg\" : \"Iphutha elingaziwe\"", "\"abc_shareactionprovider_share_with_application\" : \"Zdie\u013ea\u0165 s\u00a0aplik\u00e1ciou %s\"", "\"abc_searchview_description_search\" : \"\u041f\u043e\u0438\u0441\u043a\"", "\"generic_error_user_canceled\" : \"\u4f7f\u7528\u8005\u5df2\u53d6\u6d88\u9a57\u8b49\u3002\"", "\"common_google_play_services_install_button\" : \"\u132b\u1295\"", "\"generic_error_user_canceled\" : \"\u0130stifad\u0259\u00e7i do\u011frulaman\u0131 l\u0259\u011fv edib.\"", "\"abc_menu_delete_shortcut_label\" : \"slett\"", "\"common_signin_button_text\" : \"\u0d38\u0d48\u0d7b \u0d07\u0d7b \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"fingerprint_error_no_fingerprints\" : \"\u0412\u0456\u0434\u0431\u0438\u0442\u043a\u0438 \u043f\u0430\u043b\u044c\u0446\u0456\u0432 \u043d\u0435 \u0437\u0430\u0440\u0435\u0454\u0441\u0442\u0440\u043e\u0432\u0430\u043d\u043e.\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cbf\u0cb2\u0ccd\u0cb2\u0ca6\u0cc6 \u0caa\u0ccd\u0cb0\u0cb8\u0ccd\u0ca4\u0cc1\u0ca4 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd \u0c86\u0c97\u0cc1\u0ca4\u0ccd\u0ca4\u0cbf\u0cb0\u0cc1\u0cb5 %1$s \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"common_google_play_services_update_button\" : \"P\u00ebrdit\u00ebso\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043a\u043e\u043b\u0434\u043e\u043d\u043c\u043e\u0441\u0443 \u0441\u0438\u0437\u0434\u0438\u043d \u0442\u04af\u0437\u043c\u04e9\u0433\u04af\u04a3\u04af\u0437\u0434\u04e9 \u043a\u043e\u043b\u0434\u043e\u043e\u0433\u043e \u0430\u043b\u044b\u043d\u0431\u0430\u0433\u0430\u043d Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u0431\u043e\u043b\u0431\u043e\u0441\u043e \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0414\u0430\u043a\u0440\u0430\u043d\u0456\u0446\u0435\u0441\u044f \u0434\u0430 \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u0430\u0434\u0431\u0456\u0442\u043a\u0430\u045e \u043f\u0430\u043b\u044c\u0446\u0430\u045e\"", "\"fingerprint_error_lockout\" : \"B\u1ea1n \u0111\u00e3 th\u1eed qu\u00e1 nhi\u1ec1u l\u1ea7n. Vui l\u00f2ng th\u1eed l\u1ea1i sau.\"", "\"common_google_play_services_install_button\" : \"\u0627\u0646\u0633\u0679\u0627\u0644 \u06a9\u0631\u06cc\u06ba\"", "\"abc_searchview_description_clear\" : \"Garbitu kontsulta\"", "\"search_menu_title\" : \"Zoeken\"", "\"abc_searchview_description_voice\" : \"\u0413\u043b\u0430\u0441\u043e\u0432\u043d\u0430 \u043f\u0440\u0435\u0442\u0440\u0430\u0433\u0430\"", "getRegister", "\"common_signin_button_text\" : \"Bejelentkez\u00e9s\"", "\"abc_searchview_description_clear\" : \"Vymaza\u0165 dopyt\"", "\"common_open_on_phone\" : \"Abrir no telem\u00f3vel\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u0909\u092a\u0932\u092c\u094d\u0927 \u0939\u0948\u0902\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u9808\u555f\u7528 Google Play \u670d\u52d9\uff0c\u624d\u80fd\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"fingerprint_error_hw_not_available\" : \"\u0b95\u0bc8\u0bb0\u0bc7\u0b95\u0bc8 \u0bb5\u0ba9\u0bcd\u0baa\u0bca\u0bb0\u0bc1\u0bb3\u0bcd \u0b87\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"common_signin_button_text_long\" : \"Ngena ngemvume nge-Google\"", "\"abc_activity_chooser_view_see_all\" : \"\u0d0e\u0d32\u0d4d\u0d32\u0d3e\u0d02 \u0d15\u0d3e\u0d23\u0d41\u0d15\"", "\"common_google_play_services_updating_text\" : \"\u09ac\u09f0\u09cd\u09a4\u09ae\u09be\u09a8 \u0986\u09aa\u09a1\u09c7\u2019\u099f \u09b9\u09c8 \u09a5\u0995\u09be Google Play \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 %1$s \u09a8\u099a\u09b2\u09bf\u09ac\u09f7\"", "\"common_google_play_services_install_text\" : \"%1$s nie b\u0119dzie dzia\u0142a\u0107, je\u015bli nie zainstalujesz na urz\u0105dzeniu Us\u0142ug Google Play.\"", "\"common_google_play_services_install_title\" : \"Asenna Google Play Palvelut\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d\u0434\u0430 Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0456\u043d\u0435 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u0442\u044b \u0431\u0435\u043b\u0433\u0456\u0441\u0456\u0437 \u049b\u0430\u0442\u0435 \u0448\u044b\u049b\u0442\u044b. \u04d8\u0440\u0435\u043a\u0435\u0442\u0442\u0456 \u049b\u0430\u0439\u0442\u0430\u043b\u0430\u04a3\u044b\u0437.\"", "\"abc_capital_off\" : \"NON\"", "\"abc_shareactionprovider_share_with_application\" : \"\u039a\u03bf\u03b9\u03bd\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c3\u03c4\u03b7\u03bd \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %s\"", "\"abc_action_bar_up_description\" : \"Mag-navigate pataas\"", "\"abc_menu_space_shortcut_label\" : \"\u041f\u0440\u043e\u0431\u0435\u043b\"", "\"fingerprint_error_hw_not_available\" : \"Le mat\u00e9riel de lecture d'empreintes digitales n'est pas accessible.\"", "\"abc_capital_on\" : \"ACTIVAR\"", "\"common_google_play_services_enable_text\" : \"%1$s \u043d\u0435\u045b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0441\u0430\u0442\u0438 \u0430\u043a\u043e \u043d\u0435 \u043e\u043c\u043e\u0433\u0443\u045b\u0438\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435.\"", "\"common_open_on_phone\" : \"\u5728\u624b\u6a5f\u4e0a\u958b\u555f\"", "\"abc_searchview_description_voice\" : \"H\u00e4\u00e4lotsing\"", "\"generic_error_user_canceled\" : \"\u06a9\u0627\u0631\u0628\u0631 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0631\u0627 \u0644\u063a\u0648 \u06a9\u0631\u062f.\"", "\"fingerprint_error_hw_not_present\" : \"\u041d\u0430 \u0446\u044c\u043e\u043c\u0443 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u0457 \u043d\u0435\u043c\u0430\u0454 \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u0432\u0456\u0434\u0431\u0438\u0442\u043a\u0456\u0432 \u043f\u0430\u043b\u044c\u0446\u0456\u0432\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Bahagian mesej bantuan\"", "\"common_google_play_services_enable_title\" : \"Activer les services Google Play\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ondervind probleme met Google Play Dienste. Probeer asseblief weer.\"", "\"abc_activitychooserview_choose_application\" : \"\u0627\u0646\u062a\u062e\u0627\u0628 \u0628\u0631\u0646\u0627\u0645\u0647\"", "\"common_google_play_services_enable_title\" : \"\u0423\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play\"", "\"fingerprint_error_user_canceled\" : \"L'usuari ha cancel\u00b7lat l'operaci\u00f3 d'empremta digital.\"", "\"fingerprint_error_user_canceled\" : \"\uc0ac\uc6a9\uc790\uac00 \uc9c0\ubb38 \uc778\uc2dd \uc791\uc5c5\uc744 \ucde8\uc18c\ud588\uc2b5\ub2c8\ub2e4.\"", "\"fingerprint_error_hw_not_available\" : \"\u0e2e\u0e32\u0e23\u0e4c\u0e14\u0e41\u0e27\u0e23\u0e4c\u0e25\u0e32\u0e22\u0e19\u0e34\u0e49\u0e27\u0e21\u0e37\u0e2d\u0e44\u0e21\u0e48\u0e1e\u0e23\u0e49\u0e2d\u0e21\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c41 \u0c32\u0c47\u0c15\u0c41\u0c02\u0c21\u0c3e \u0c05\u0c2e\u0c32\u0c41 \u0c15\u0c3e\u0c26\u0c41, \u0c08 \u0c38\u0c47\u0c35\u0c32\u0c15\u0c41 \u0c2e\u0c40 \u0c2a\u0c30\u0c3f\u0c15\u0c30\u0c02\u0c32\u0c4b \u0c2e\u0c26\u0c4d\u0c26\u0c24\u0c41 \u0c32\u0c47\u0c26\u0c41.\"", "\"abc_activitychooserview_choose_application\" : \"\u1787\u17d2\u179a\u17be\u179f\u179a\u17be\u179f\u200b\u1780\u1798\u17d2\u1798\u179c\u17b7\u1792\u17b8\u200b\u200b\"", "\"fingerprint_error_user_canceled\" : \"Vingerafdrukhandeling is deur gebruiker gekanselleer.\"", "\"fingerprint_error_lockout\" : \"\u0985\u09a4\u09bf \u09ac\u09c7\u099b\u09bf \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0985\u09a8\u09c1\u0997\u09cd\u09f0\u09b9 \u0995\u09f0\u09bf \u09aa\u09bf\u099b\u09a4 \u0986\u0995\u09cc \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09f0\u0995\u0964\"", "\"generic_error_user_canceled\" : \"\u0db4\u0dbb\u0dd2\u0dc1\u0dd3\u0dbd\u0d9a\u0dba\u0dcf \u0dc0\u0dd2\u0dc3\u0dd2\u0db1\u0dca \u0dc3\u0dad\u0dca\u200d\u0dba\u0dcf\u0db4\u0db1\u0dba \u0d85\u0dc0\u0dbd\u0d82\u0d9c\u0dd4 \u0d9a\u0dbb\u0db1 \u0dbd\u0daf\u0dd2.\"", "\"abc_searchview_description_submit\" : \"\u0a95\u0acd\u0ab5\u0ac7\u0ab0\u0ac0 \u0ab8\u0aac\u0aae\u0abf\u0a9f \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_update_text\" : \"%1$s getur ekki keyrt nema \u00fe\u00fa uppf\u00e6rir \u00fej\u00f3nustu Google Play.\"", "\"lock_input_not_match\" : \"Passcodes do not match.\"", "\"confirm_device_credential_password\" : \"P\u00ebrdor fjal\u00ebkalimin\"", "\"abc_menu_space_shortcut_label\" : \"spasiebalk\"", "\"abc_searchview_description_query\" : \"\u041f\u043e\u0448\u0443\u043a\u0430\u0432\u044b \u0437\u0430\u043f\u044b\u0442\"", "\"common_google_play_services_unknown_issue\" : \"\u0423 \u0434\u043e\u0434\u0430\u0442\u043a\u0443 %1$s \u0432\u0438\u043d\u0438\u043a\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0456\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0430\u043c\u0438 Google Play. \u041f\u043e\u0432\u0442\u043e\u0440\u0456\u0442\u044c \u0441\u043f\u0440\u043e\u0431\u0443.\"", "\"common_google_play_services_updating_text\" : \"Ke spu\u0161t\u011bn\u00ed aplikace %1$s jsou pot\u0159eba slu\u017eby Google Play, kter\u00e9 jsou pr\u00e1v\u011b aktualizov\u00e1ny.\"", "\"generic_error_user_canceled\" : \"\u0baa\u0baf\u0ba9\u0bb0\u0bbe\u0bb2\u0bcd \u0b85\u0b99\u0bcd\u0b95\u0bc0\u0b95\u0bb0\u0bbf\u0baa\u0bcd\u0baa\u0bc1 \u0bb0\u0ba4\u0bcd\u0ba4\u0bc1\u0b9a\u0bc6\u0baf\u0bcd\u0baf\u0baa\u0bcd\u0baa\u0b9f\u0bcd\u0b9f\u0ba4\u0bc1.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u043a\u043e\u043b\u0434\u043e\u043d\u043c\u043e\u0441\u0443\u043d\u0443\u043d Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b \u043c\u0435\u043d\u0435\u043d \u0438\u0448\u0442\u04e9\u04e9\u0434\u04e9 \u043a\u04e9\u0439\u0433\u04e9\u0439 \u0447\u044b\u043a\u0442\u044b. \u041a\u0430\u0439\u0440\u0430 \u0430\u0440\u0430\u043a\u0435\u0442 \u043a\u044b\u043b\u044b\u04a3\u044b\u0437.\"", "\"common_google_play_services_notification_channel_name\" : \"\u200f\u0642\u0627\u0628\u0644\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"confirm_device_credential_password\" : \"Brug adgangskode\"", "\"search_menu_title\" : \"\u041f\u043e\u0448\u0443\u043a\"", "\"abc_search_hint\" : \"Ie\u0161koti\u2026\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0391\u03b3\u03b3\u03af\u03be\u03c4\u03b5 \u03c4\u03bf\u03bd \u03b1\u03b9\u03c3\u03b8. \u03b4\u03b1\u03ba\u03c4. \u03b1\u03c0\u03bf\u03c4.\"", "\"common_google_play_services_install_text\" : \"\u300c%1$s\u300d\u306e\u5b9f\u884c\u306b\u306f Google Play \u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u304c\u5fc5\u8981\u3067\u3059\u304c\u3001\u304a\u4f7f\u3044\u306e\u30c7\u30d0\u30a4\u30b9\u306b\u306f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\"", "\"abc_action_bar_home_description\" : \"Nenda mwanzo\"", "\"generic_error_user_canceled\" : \"K\u00e4ytt\u00e4j\u00e4 peruutti todennuksen.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0395\u03bc\u03c6\u03ac\u03bd\u03b9\u03c3\u03b7 \u03cc\u03bb\u03c9\u03bd\"", "\"abc_search_hint\" : \"Search\u2026\"", "\"abc_toolbar_collapse_description\" : \"Goqa\"", "\"fingerprint_error_no_fingerprints\" : \"Tiada cap jari didaftarkan.\"", "\"abc_searchview_description_query\" : \"Consulta de b\u00fasqueda\"", "\"fingerprint_error_lockout\" : \"Umejaribu mara nyingi mno. Tafadhali jaribu tena baadaye.\"", "\"common_google_play_services_enable_text\" : \"\u200f\u05d4\u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 %1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05d0\u05dd \u05dc\u05d0 \u05ea\u05e4\u05e2\u05d9\u05dc \u05d0\u05ea \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play.\"", "\"abc_search_hint\" : \"S\u00f8g\u2026\"", "\"common_google_play_services_update_button\" : \"\u0c05\u0c2a\u0c4d\u200c\u0c21\u0c47\u0c1f\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"fingerprint_error_hw_not_present\" : \"Le divayisi ayinayo inzwa yezigxivizo zeminwe\"", "\"abc_activity_chooser_view_see_all\" : \"\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u0438 \u0432\u0441\u0456\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0a2e\u0a26\u0a26 \u0a38\u0a41\u0a28\u0a47\u0a39\u0a3e \u0a16\u0a47\u0a24\u0a30\"", "\"abc_searchview_description_submit\" : \"Po\u0161iljanje poizvedbe\"", "\"common_google_play_services_unknown_issue\" : \"Lietotn\u0113 %1$s ir radusies probl\u0113ma ar Google Play pakalpojumu darb\u012bbu. L\u016bdzu, m\u0113\u0123iniet v\u0113lreiz.\"", "\"fingerprint_not_recognized\" : \"\u0422\u0430\u043d\u044b\u043b\u043c\u0430\u0434\u044b\"", "\"abc_search_hint\" : \"Pesquisar\u2026\"", "\"abc_searchview_description_query\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"fingerprint_error_lockout\" : \"Tentatives trop nombreuses. Veuillez r\u00e9essayer plus tard.\"", "\"abc_action_mode_done\" : \"Feito\"", "\"fingerprint_error_lockout\" : \"Previ\u0161e poku\u0161aja. Poku\u0161ajte ponovo kasnije.\"", "\"common_signin_button_text_long\" : \"\u4f7f\u7528 Google \u5e33\u6236\u767b\u5165\"", "\"abc_prepend_shortcut_label\" : \"Menu+\u200e\"", "\"common_open_on_phone\" : \"Telefonda ochish\"", "\"common_google_play_services_install_button\" : \"\u0395\u03b3\u03ba\u03b1\u03c4\u03ac\u03c3\u03c4\u03b1\u03c3\u03b7\"", "\"common_google_play_services_install_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0430\u0432\u0430\u0445\"", "\"confirm_device_credential_password\" : \"\u041a\u043e\u0440\u0438\u0441\u0442\u0438\u0442\u0435 \u043b\u043e\u0437\u0438\u043d\u043a\u0443\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bb5\u0bc1\u0bae\u0bcd\"", "\"common_google_play_services_wear_update_text\" : \"\u00c9 necess\u00e1ria uma nova vers\u00e3o dos servi\u00e7os do Google Play. Esta ser\u00e1 atualizada automaticamente em breve.\"", "\"common_google_play_services_notification_ticker\" : \"Errore Google Play Services\"", "\"fingerprint_error_hw_not_present\" : \"\u0c88 \u0cb8\u0cbe\u0ca7\u0ca8\u0cb5\u0cc1 \u0cab\u0cbf\u0c82\u0c97\u0cb0\u0ccd\u200c\u0caa\u0ccd\u0cb0\u0cbf\u0c82\u0c9f\u0ccd\u200c \u0cb8\u0cc6\u0ca8\u0ccd\u0cb8\u0cbe\u0cb0\u0ccd \u0c85\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb9\u0cca\u0c82\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2\"", "\"abc_menu_space_shortcut_label\" : \"\u043f\u0440\u043e\u0431\u0456\u043b\"", "\"abc_menu_space_shortcut_label\" : \"\u201espace\u201c\"", "\"generic_error_user_canceled\" : \"\u0c35\u0c3f\u0c28\u0c3f\u0c2f\u0c4b\u0c17\u0c26\u0c3e\u0c30\u0c41 \u0c26\u0c4d\u0c35\u0c3e\u0c30\u0c3e \u0c2a\u0c4d\u0c30\u0c3e\u0c2e\u0c3e\u0c23\u0c40\u0c15\u0c30\u0c23 \u0c30\u0c26\u0c4d\u0c26\u0c41 \u0c1a\u0c47\u0c2f\u0c2c\u0c21\u0c3f\u0c02\u0c26\u0c3f\"", "\"common_google_play_services_install_text\" : \"%1$s cihaz\u0131n\u0131zda m\u00f6vcud olmayan Google Play xidm\u0259tl\u0259ri olmadan \u00e7al\u0131\u015fmayacaq.\"", "\"generic_error_user_canceled\" : \"\u09ac\u09bf\u09b6\u09cd\u09ac\u09be\u09b8\u09af\u09cb\u0997\u09cd\u09af\u09a4\u09be \u09aa\u09cd\u09f0\u09ae\u09be\u09a3\u09c0\u0995\u09f0\u09a3 \u09ac\u09cd\u09af\u09f1\u09b9\u09be\u09f0\u0995\u09be\u09f0\u09c0\u09af\u09bc\u09c7 \u09ac\u09be\u09a4\u09bf\u09b2 \u0995\u09f0\u09bf\u099b\u09c7\u0964\"", "\"abc_action_bar_up_description\" : \"\u0d89\u0dc4\u0dc5\u0da7 \u0dc3\u0d82\u0da0\u0dcf\u0dbd\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"common_open_on_phone\" : \"Open on phone\"", "\"abc_action_menu_overflow_description\" : \"\u03a0\u03b5\u03c1\u03b9\u03c3\u03c3\u03cc\u03c4\u03b5\u03c1\u03b5\u03c2 \u03b5\u03c0\u03b9\u03bb\u03bf\u03b3\u03ad\u03c2\"", "\"abc_capital_off\" : \"AV\"", "\"abc_searchview_description_submit\" : \"\u0627\u0631\u0633\u0627\u0644 \u067e\u064f\u0631\u0633\u0645\u0627\u0646\"", "\"abc_capital_on\" : \"\u0412\u041a\u041b.\"", "\"fingerprint_error_user_canceled\" : \"\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u0442\u0430 \u0437\u0430 \u0443\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u044f\u0432\u0430\u043d\u0435 \u0447\u0440\u0435\u0437 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u044a\u043a \u0431\u0435 \u0430\u043d\u0443\u043b\u0438\u0440\u0430\u043d\u0430 \u043e\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b\u044f.\"", "\"abc_action_bar_home_description\" : \"Idi na po\u010detnu\"", "\"abc_action_menu_overflow_description\" : \"\u0b05\u0b27\u0b3f\u0b15 \u0b2c\u0b3f\u0b15\u0b33\u0b4d\u0b2a\"", "\"fingerprint_error_no_fingerprints\" : \"Nije prijavljen nijedan otisak prsta.\"", "\"abc_activitychooserview_choose_application\" : \"\u0905\u200d\u0945\u092a \u0928\u093f\u0935\u0921\u093e\"", "\"abc_action_menu_overflow_description\" : \"Chaguo zaidi\"", "\"common_google_play_services_enable_button\" : \"\u0423\u043a\u043b\u044e\u0447\u044b\u0446\u044c\"", "\"common_google_play_services_enable_text\" : \"Aplikacija %1$s ne bo delovala, \u010de ne omogo\u010dite storitev Google Play.\"", "\"mtrl_picker_invalid_format\" : \"Invalid format.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Yard\u0131m mesaj\u0131 alan\u0131\"", "\"search_menu_title\" : \"Bilatu\"", "\"abc_searchview_description_clear\" : \"\u041e\u0447\u0438\u0441\u0442\u0438\u0442\u0438 \u0437\u0430\u043f\u0438\u0442\"", "\"fingerprint_error_lockout\" : \"\u04e8\u0442\u04e9 \u043a\u04e9\u043f \u0436\u043e\u043b\u0443 \u0430\u0440\u0430\u043a\u0435\u0442 \u043a\u044b\u043b\u0434\u044b\u04a3\u044b\u0437. \u041a\u0438\u0439\u0438\u043d\u0447\u0435\u0440\u044d\u044d\u043a \u043a\u0430\u0439\u0440\u0430 \u043a\u0430\u0439\u0442\u0430\u043b\u0430\u043f \u043a\u04e9\u0440\u04af\u04a3\u04af\u0437.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0a2b\u0a3f\u0a70\u0a17\u0a30\u0a2a\u0a4d\u0a30\u0a3f\u0a70\u0a1f \u0a38\u0a48\u0a02\u0a38\u0a30 \u0a28\u0a42\u0a70 \u0a38\u0a2a\u0a30\u0a38\u0a3c \u0a15\u0a30\u0a4b\"", "\"fingerprint_error_lockout\" : \"\u0baa\u0bb2\u0bae\u0bc1\u0bb1\u0bc8 \u0bae\u0bc1\u0baf\u0ba9\u0bcd\u0bb1\u0bc1\u0bb5\u0bbf\u0b9f\u0bcd\u0b9f\u0bc0\u0bb0\u0bcd\u0b95\u0bb3\u0bcd. \u0baa\u0bbf\u0bb1\u0b95\u0bc1 \u0bae\u0bc1\u0baf\u0bb2\u0bb5\u0bc1\u0bae\u0bcd.\"", "\"search_menu_title\" : \"Suche\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2c\u0d28\u0d4d\u0d27\u0d2a\u0d4d\u0d2a\u0d46\u0d1f\u0d4d\u0d1f\u0d4d %1$s \u0d06\u0d2a\u0d4d\u0d2a\u0d3f\u0d28\u0d46\u0d28\u0d4d\u0d24\u0d4b \u0d2a\u0d4d\u0d30\u0d36\u0d4d\u0d28\u0d2e\u0d41\u0d23\u0d4d\u0d1f\u0d4d. \u0d35\u0d40\u0d23\u0d4d\u0d1f\u0d41\u0d02 \u0d36\u0d4d\u0d30\u0d2e\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15.\"", "\"abc_search_hint\" : \"Telusuri...\"", "\"abc_searchview_description_search\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "\"search_menu_title\" : \"Otsing\"", "\"common_google_play_services_update_title\" : \"A\u017eurirajte Google Play usluge\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u10d3\u10d0\u10db\u10ee\u10db\u10d0\u10e0\u10d4 \u10e8\u10d4\u10e2\u10e7\u10dd\u10d1\u10d8\u10dc\u10d4\u10d1\u10d8\u10e1 \u10d0\u10e0\u10d4\"", "\"abc_searchview_description_query\" : \"Vyh\u013ead\u00e1vac\u00ed dopyt\"", "\"abc_capital_on\" : \"\u0395\u039d\u0395\u03a1\u0393\u039f\u03a0\u039f\u0399\u0397\u03a3\u0397\"", "\"abc_menu_enter_shortcut_label\" : \"intro\"", "\"abc_action_menu_overflow_description\" : \"Mais op\u00e7\u00f5es\"", "\"common_open_on_phone\" : \"\u05e4\u05ea\u05d7 \u05d1\u05d8\u05dc\u05e4\u05d5\u05df\"", "\"abc_searchview_description_voice\" : \"Kutafuta kwa kutamka\"", "\"fingerprint_error_lockout\" : \"\u062a\u0645 \u0625\u062c\u0631\u0627\u0621 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0643\u062b\u064a\u0631\u0629 \u062c\u062f\u064b\u0627. \u064a\u064f\u0631\u062c\u0649 \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629 \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0644\u0627\u062d\u0642\u064b\u0627.\"", "\"search_menu_title\" : \"\u0a16\u0a4b\u0a1c\"", "\"common_google_play_services_enable_text\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12ab\u120b\u1290\u1241 \u1260\u1235\u1270\u1240\u122d %1$s \u12a0\u12ed\u1230\u122b\u121d\u1362\"", "\"common_google_play_services_notification_ticker\" : \"Gre\u0161ka Google Play usluga\"", "\"common_open_on_phone\" : \"Fungua kwenye simu\"", "\"mtrl_picker_confirm\" : \"\"", "\"generic_error_user_canceled\" : \"\u7528\u6237\u5df2\u53d6\u6d88\u8eab\u4efd\u9a8c\u8bc1\u3002\"", "\"fingerprint_error_lockout\" : \"\u0549\u0561\u0583\u056b\u0581 \u0577\u0561\u057f \u0583\u0578\u0580\u0571\u0565\u0580 \u0565\u0584 \u056f\u0561\u057f\u0561\u0580\u0565\u056c: \u0553\u0578\u0580\u0571\u0565\u0584 \u0561\u057e\u0565\u056c\u056b \u0578\u0582\u0577:\"", "\"abc_action_bar_home_description\" : \"Gaan na tuisskerm\"", "\"mtrl_picker_toggle_to_text_input_mode\" : \"Switch to text input mode\"", "\"abc_activitychooserview_choose_application\" : \"\u10d0\u10d8\u10e0\u10e9\u10d8\u10d4\u10d7 \u10d0\u10de\u10d8\"", "\"common_google_play_services_unknown_issue\" : \"L'application %1$s \u00e9prouve un probl\u00e8me avec les services Google\u00a0Play. Veuillez r\u00e9essayer.\"", "\"abc_searchview_description_query\" : \"\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"confirm_device_credential_password\" : \"\u049a\u04b1\u043f\u0438\u044f \u0441\u04e9\u0437\u0434\u0456 \u043f\u0430\u0439\u0434\u0430\u043b\u0430\u043d\u0443\"", "\"fingerprint_dialog_touch_sensor\" : \"Barmaq izi sensoruna klikl\u0259yin\"", "\"abc_menu_space_shortcut_label\" : \"zuriunea\"", "\"abc_action_bar_home_description\" : \"\u30db\u30fc\u30e0\u306b\u623b\u308b\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a26\u0a47 \u0a28\u0a35\u0a3e\u0a02 \u0a38\u0a70\u0a38\u0a15\u0a30\u0a28 \u0a26\u0a40 \u0a32\u0a4b\u0a5c \u0a39\u0a48\u0964 \u0a07\u0a39 \u0a1b\u0a47\u0a24\u0a40 \u0a39\u0a40 \u0a38\u0a35\u0a48\u0a1a\u0a32\u0a3f\u0a24 \u0a24\u0a4c\u0a30 '\u0a24\u0a47 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a47\u0a17\u0a3e\u0964\"", "\"abc_menu_space_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200espace\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google Play services \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0928\u0947 \u091b\u0948\u0928 \u0930 \u0924\u092a\u093e\u0908\u0901\u0915\u094b \u092f\u0928\u094d\u0924\u094d\u0930\u0932\u0947 Google Play services \u0932\u093e\u0908 \u0938\u092e\u0930\u094d\u0925\u0928 \u0917\u0930\u094d\u0926\u0948\u0928\u0964\"", "\"common_google_play_services_wear_update_text\" : \"\u0391\u03c0\u03b1\u03b9\u03c4\u03b5\u03af\u03c4\u03b1\u03b9 \u03bd\u03ad\u03b1 \u03ad\u03ba\u03b4\u03bf\u03c3\u03b7 \u03c4\u03c9\u03bd \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play. \u0398\u03b1 \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03c9\u03b8\u03b5\u03af \u03c3\u03cd\u03bd\u03c4\u03bf\u03bc\u03b1.\"", "\"abc_toolbar_collapse_description\" : \"\u1794\u1784\u17d2\u179a\u17bd\u1798\"", "\"default_error_msg\" : \"\u0a05\u0a17\u0a3f\u0a06\u0a24 \u0a17\u0a5c\u0a2c\u0a5c\"", "\"abc_searchview_description_voice\" : \"S\u0259sli axtar\u0131\u015f\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u00e1 \u00ed vandr\u00e6\u00f0um me\u00f0 \u00fej\u00f3nustu Google Play. Reyndu aftur.\"", "\"fingerprint_error_user_canceled\" : \"Fingerprint operation cancelled by user.\"", "\"fingerprint_error_hw_not_available\" : \"\u0421\u0430\u0443\u0441\u0430\u049b \u0456\u0437\u0456 \u0436\u0430\u0431\u0434\u044b\u0493\u044b \u049b\u043e\u043b\u0436\u0435\u0442\u0456\u043c\u0434\u0456 \u0435\u043c\u0435\u0441.\"", "\"generic_error_user_canceled\" : \"Autenticazione annullata dall'utente.\"", "\"abc_searchview_description_query\" : \"K\u00ebrko pyetjen\"", "\"abc_menu_shift_shortcut_label\" : \"Shift +\"", "\"abc_action_mode_done\" : \"\u0aa5\u0a88 \u0a97\u0aaf\u0ac1\u0a82\"", "\"generic_error_user_canceled\" : \"\u0410\u045e\u0442\u044d\u043d\u0442\u044b\u0444\u0456\u043a\u0430\u0446\u044b\u044f \u0441\u043a\u0430\u0441\u0430\u0432\u0430\u043d\u0430 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u043b\u044c\u043d\u0456\u043a\u0430\u043c.\"", "\"fingerprint_not_recognized\" : \"Ikke gjenkjent\"", "\"fingerprint_not_recognized\" : \"\u09b6\u09a8\u09be\u0995\u09cd\u09a4 \u0995\u09b0\u09be \u09af\u09be\u09af\u09bc\u09a8\u09bf\"", "\"abc_action_bar_up_description\" : \"\u0935\u0930 \u0928\u0947\u0935\u094d\u200d\u0939\u093f\u0917\u0947\u091f \u0915\u0930\u093e\"", "\"confirm_device_credential_password\" : \"\u12e8\u12ed\u1208\u134d \u1243\u120d \u1270\u1320\u1240\u121d\"", "\"abc_capital_off\" : \"\u0928\u093f\u0937\u094d\u0915\u094d\u0930\u093f\u092f\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Pal\u012bdz\u012bbas zi\u0146ojuma apgabals\"", "\"common_google_play_services_updating_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kwamasevisi we-Google Play, okwamanje abuyekezwayo.\"", "\"abc_menu_sym_shortcut_label\" : \"Sym +\"", "\"common_google_play_services_updating_text\" : \"%1$s ilovasining ishlashi uchun zarur Google Play xizmatlari hozirda yangilanmoqda.\"", "\"fingerprint_error_lockout\" : \"Terlalu banyak percubaan. Sila cuba sebentar lagi.\"", "\"abc_searchview_description_search\" : \"\u0ba4\u0bc7\u0b9f\u0bc1\u0bae\u0bcd\"", "\"abc_action_menu_overflow_description\" : \"M\u00e9s opcions\"", "\"abc_searchview_description_voice\" : \"Ovozli qidiruv\"", "\"search_menu_title\" : \"Search\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Services-\u10d8\u10e1 \u10e8\u10d4\u10ea\u10d3\u10dd\u10db\u10d0\"", "\"common_google_play_services_install_button\" : \"In\u0161talova\u0165\"", "\"common_google_play_services_update_title\" : \"Posodobitev storitev Google Play\"", "\"common_google_play_services_wear_update_text\" : \"Neces\u00edtase a nova versi\u00f3n dos servizos de Google Play. Actualizarase en breve.\"", "\"common_google_play_services_enable_button\" : \"\u0938\u0941\u0930\u0942 \u0915\u0930\u093e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s Google Play \u0c38\u0c47\u0c35\u0c32\u0c24\u0c4b \u0c38\u0c2e\u0c38\u0c4d\u0c2f \u0c15\u0c32\u0c3f\u0c17\u0c3f \u0c09\u0c02\u0c26\u0c3f. \u0c26\u0c2f\u0c1a\u0c47\u0c38\u0c3f \u0c2e\u0c33\u0c4d\u0c32\u0c40 \u0c2a\u0c4d\u0c30\u0c2f\u0c24\u0c4d\u0c28\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f.\"", "\"abc_menu_meta_shortcut_label\" : \"META +\"", "\"common_google_play_services_install_text\" : \"%1$s Google Play services \u092c\u093f\u0928\u093e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0928\u0947 \u091b\u0948\u0928 \u0930 \u0924\u092a\u093e\u0908\u0901\u0915\u094b \u092f\u0928\u094d\u0924\u094d\u0930\u092e\u093e Google Play services \u0909\u092a\u0932\u092c\u094d\u0927 \u091b\u0948\u0928\u0928\u094d\u0964\"", "\"abc_searchview_description_search\" : \"C\u0103uta\u021bi\"", "\"common_google_play_services_update_button\" : \"Yangilash\"", "\"abc_searchview_description_voice\" : \"\u8bed\u97f3\u641c\u7d22\"", "\"fingerprint_error_user_canceled\" : \"Fingeraftrykshandlingen blev annulleret af brugeren.\"", "\"status_bar_notification_info_overflow\" : \"999+\"", "\"abc_searchview_description_submit\" : \"Isumite ang query\"", "\"abc_searchview_description_query\" : \"Iskalna poizvedba\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Gebied voor Help-berichten\"", "\"abc_searchview_description_clear\" : \"\u041e\u0431\u0440\u0438\u0448\u0438\u0442\u0435 \u0443\u043f\u0438\u0442\"", "\"abc_toolbar_collapse_description\" : \"Skupi\"", "\"abc_toolbar_collapse_description\" : \"Strnitev\"", "\"default_error_msg\" : \"\u0905\u091c\u094d\u091e\u093e\u0924 \u0924\u094d\u0930\u0941\u091f\u093f\"", "\"abc_action_menu_overflow_description\" : \"\u66f4\u591a\u9009\u9879\"", "\"common_google_play_services_enable_title\" : \"Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d\u1295 \u12eb\u1295\u1241\"", "\"common_google_play_services_wear_update_text\" : \"\u178f\u1798\u17d2\u179a\u17bc\u179c\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17c6\u178e\u17c2\u1790\u17d2\u1798\u17b8\u1793\u17c3\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4 \u179c\u17b6\u1793\u17b9\u1784\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u178a\u17c4\u1799\u1781\u17d2\u179b\u17bd\u1793\u179c\u17b6\u1793\u17c5\u1796\u17c1\u179b\u1794\u1793\u17d2\u178f\u17b7\u1785\u1791\u17c0\u178f\u1793\u17c1\u17c7\u17d4\"", "\"common_signin_button_text\" : \"Login\"", "\"common_open_on_phone\" : \"Abrir en el tel\u00e9fono\"", "\"fingerprint_error_lockout\" : \"\u1260\u1323\u121d \u1265\u12d9 \u1219\u12a8\u122b\u12ce\u127d\u1362 \u12a5\u1263\u12ad\u12ce \u1246\u12ed\u1270\u12cd \u12a5\u1295\u12f0\u1308\u1293 \u12ed\u121e\u12ad\u1229\u1362\"", "\"abc_action_menu_overflow_description\" : \"\u0925\u092a \u0935\u093f\u0915\u0932\u094d\u092a\u0939\u0930\u0942\"", "\"fingerprint_error_no_fingerprints\" : \"\u10d7\u10d8\u10d7\u10d8\u10e1 \u10d0\u10dc\u10d0\u10d1\u10d4\u10ed\u10d3\u10d4\u10d1\u10d8 \u10d0\u10e0 \u10d0\u10e0\u10d8\u10e1 \u10e0\u10d4\u10d2\u10d8\u10e1\u10e2\u10e0\u10d8\u10e0\u10d4\u10d1\u10e3\u10da\u10d8.\"", "\"fingerprint_error_lockout\" : \"Saiakera gehiegi egin dira. Saiatu berriro geroago.\"", "\"common_google_play_services_enable_text\" : \"\u0aa4\u0aae\u0ac7 Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0ab6\u0acb \u0aa8\u0ab9\u0ac0\u0a82 \u0aa4\u0acd\u0aaf\u0abe\u0a82 \u0ab8\u0ac1\u0aa7\u0ac0 %1$s \u0a95\u0abe\u0ab0\u0acd\u0aaf \u0a95\u0ab0\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82.\"", "\"common_google_play_services_update_title\" : \"Zaktualizuj Us\u0142ugi Google Play\"", "\"fingerprint_dialog_touch_sensor\" : \"Toca o sensor de impresi\u00f3n dixital\"", "\"abc_action_bar_up_description\" : \"\u0d2e\u0d41\u0d15\u0d33\u0d3f\u0d32\u0d47\u0d15\u0d4d\u0d15\u0d4d \u0d2a\u0d4b\u0d35\u0d41\u0d15\"", "\"abc_menu_delete_shortcut_label\" : \"silin\"", "\"common_signin_button_text\" : \"Kirjaudu sis\u00e4\u00e4n\"", "\"common_signin_button_text_long\" : \"Prijava z Google Ra\u010dunom\"", "\"fingerprint_error_user_canceled\" : \"\u6307\u7d0b\u8a8d\u8a3c\u64cd\u4f5c\u304c\u30e6\u30fc\u30b6\u30fc\u306b\u3088\u308a\u30ad\u30e3\u30f3\u30bb\u30eb\u3055\u308c\u307e\u3057\u305f\u3002\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u091a\u093e\u0932\u0942 \u0915\u0930\u0947\u0902\"", "\"fingerprint_error_no_fingerprints\" : \"\u041d\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0448\u0430\u043d\u0438 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u0446\u0438.\"", "\"default_error_msg\" : \"Erreur inconnue\"", "\"common_google_play_services_install_title\" : \"\u83b7\u53d6 Google Play \u670d\u52a1\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u00c1rea de mensajes de ayuda\"", "\"fingerprint_error_lockout\" : \"Pr\u00edli\u0161 ve\u013ea pokusov. Sk\u00faste to znova nesk\u00f4r.\"", "\"common_google_play_services_install_text\" : \"\u200f%1$s Google Play \u0633\u0631\u0648\u0633\u0632 \u06a9\u06d2 \u0628\u063a\u06cc\u0631 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u060c \u062c\u0648 \u0622\u067e \u06a9\u06d2 \u0622\u0644\u06c1 \u0633\u06d2 \u063a\u0627\u0626\u0628 \u06c1\u06cc\u06ba\u06d4\"", "\"common_google_play_services_install_title\" : \"Obter servi\u00e7os do Google Play\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430 \u0431\u0435\u0437 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u041f\u043e\u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c \u0442\u0435 \u0441\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u0442.\"", "\"abc_shareactionprovider_share_with\" : \"\u0d07\u0d28\u0d3f\u0d2a\u0d4d\u0d2a\u0d31\u0d2f\u0d41\u0d28\u0d4d\u0d28\u0d24\u0d41\u0d2e\u0d3e\u0d2f\u0d3f \u0d2a\u0d19\u0d4d\u0d15\u0d3f\u0d1f\u0d41\u0d15\"", "\"fingerprint_error_hw_not_available\" : \"\u041d\u0435\u043c\u0430 \u0434\u043e\u0441\u0442\u0430\u043f\u0435\u043d \u0445\u0430\u0440\u0434\u0432\u0435\u0440 \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u0446\u0438.\"", "\"abc_searchview_description_submit\" : \"\u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40 \u0b26\u0b3e\u0b16\u0b32 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_google_play_services_install_button\" : \"\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\"", "\"abc_action_bar_home_description\" : \"Vratite se na po\u010detnu stranicu\"", "\"mtrl_picker_a11y_next_month\" : \"Change to next month\"", "\"fingerprint_error_hw_not_present\" : \"Perangkat ini tidak memiliki sensor sidik jari\"", "\"search_menu_title\" : \"K\u00ebrko\"", "\"abc_menu_enter_shortcut_label\" : \"Enter \u952e\"", "\"abc_searchview_description_clear\" : \"Ryd foresp\u00f8rgsel\"", "\"common_signin_button_text\" : \"\u1785\u17bc\u179b\"", "\"common_google_play_services_enable_button\" : \"\u542f\u7528\"", "\"common_google_play_services_enable_text\" : \"\u60a8\u5fc5\u987b\u5148\u542f\u7528 Google Play \u670d\u52a1\uff0c\u7136\u540e\u624d\u80fd\u8fd0\u884c%1$s\u3002\"", "\"abc_action_mode_done\" : \"\u0413\u043e\u0442\u043e\u0432\u043e\"", "\"common_signin_button_text\" : \"\u062a\u0633\u062c\u0644 \u0627\u0644\u062f\u062e\u0648\u0644\"", "\"common_google_play_services_notification_channel_name\" : \"\u0b95\u0bbf\u0b9f\u0bc8\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd\"", "\"abc_searchview_description_query\" : \"Zapytanie\"", "\"fingerprint_error_hw_not_available\" : \"S\u00f5rmej\u00e4lje riistvara pole saadaval.\"", "\"fingerprint_error_user_canceled\" : \"Opera\u00e7\u00e3o de impress\u00e3o digital cancelada pelo usu\u00e1rio.\"", "\"common_google_play_services_updating_text\" : \"Google Play \u670d\u52a1\u5f53\u524d\u6b63\u5728\u66f4\u65b0\uff0c\u56e0\u6b64\u60a8\u65e0\u6cd5\u8fd0\u884c%1$s\u3002\"", "\"common_google_play_services_install_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyek hi\u00e1nyoznak az eszk\u00f6zr\u0151l.\"", "\"abc_menu_delete_shortcut_label\" : \"borrar\"", "\"common_google_play_services_updating_text\" : \"%1$s tidak akan berjalan tanpa layanan Google Play, yang saat ini sedang diperbarui.\"", "\"common_google_play_services_install_title\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play\"", "\"abc_shareactionprovider_share_with\" : \"Partilhar com\"", "\"abc_toolbar_collapse_description\" : \"Contrae\"", "\"common_google_play_services_update_text\" : \"O %1$s n\u00e3o \u00e9 executado enquanto n\u00e3o atualizar os servi\u00e7os do Google Play.\"", "\"abc_shareactionprovider_share_with\" : \"\u015eununla payla\u015f:\"", "\"abc_activitychooserview_choose_application\" : \"Zgjidh nj\u00eb aplikacion\"", "\"abc_searchview_description_submit\" : \"Anfrage senden\"", "\"fingerprint_error_hw_not_present\" : \"\u041e\u0432\u0430\u0458 \u0443\u0440\u0435\u0452\u0430\u0458 \u043d\u0435\u043c\u0430 \u0441\u0435\u043d\u0437\u043e\u0440 \u0437\u0430 \u043e\u0442\u0438\u0441\u0430\u043a \u043f\u0440\u0441\u0442\u0430\"", "\"common_google_play_services_update_button\" : \"Uppf\u00e6ra\"", "\"generic_error_user_canceled\" : \"\u0a35\u0a30\u0a24\u0a4b\u0a02\u0a15\u0a3e\u0a30 \u0a35\u0a71\u0a32\u0a4b\u0a02 \u0a2a\u0a4d\u0a30\u0a2e\u0a3e\u0a23\u0a40\u0a15\u0a30\u0a28 \u0a28\u0a42\u0a70 \u0a30\u0a71\u0a26 \u0a15\u0a40\u0a24\u0a3e \u0a17\u0a3f\u0a06\u0964\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ima pote\u0161ko\u0107a s uslugama Google Playa. Poku\u0161ajte ponovo.\"", "\"abc_searchview_description_clear\" : \"\u05de\u05d7\u05d9\u05e7\u05ea \u05d4\u05e9\u05d0\u05d9\u05dc\u05ea\u05d4\"", "\"abc_searchview_description_clear\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d2e\u0d3e\u0d2f\u0d4d\u200c\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_action_bar_home_description\" : \"\u05e0\u05d9\u05d5\u05d5\u05d8 \u05dc\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea\"", "\"fingerprint_not_recognized\" : \"Non reconnue\"", "\"abc_capital_off\" : \"YOQILMAGAN\"", "\"common_google_play_services_enable_button\" : \"Washa\"", "\"abc_search_hint\" : \"K\u00ebrko\u2026\"", "\"common_signin_button_text_long\" : \"Fazer login com o Google\"", "\"common_google_play_services_updating_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, koje se trenutno a\u017euriraju.\"", "\"fingerprint_error_lockout\" : \"\u0915\u0908 \u092c\u093e\u0930 \u0915\u094b\u0936\u093f\u0936 \u0915\u0940 \u091c\u093e \u091a\u0941\u0915\u0940 \u0939\u0948. \u0915\u0943\u092a\u092f\u093e \u092c\u093e\u0926 \u092e\u0947\u0902 \u092b\u093f\u0930 \u0938\u0947 \u0915\u094b\u0936\u093f\u0936 \u0915\u0930\u0947\u0902.\"", "\"abc_activitychooserview_choose_application\" : \"Aukeratu aplikazio bat\"", "_Unwind_Resume() can't return", "\"common_google_play_services_wear_update_text\" : \"Toleo jipya la huduma za Google Play linahitajika. Litajisasisha baada ya muda mfupi.\"", "\"abc_activitychooserview_choose_application\" : \"\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u0430\u0440\u044f\u043d\u0435 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430\"", "\"common_google_play_services_enable_text\" : \"%1$s s\u1ebd kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng n\u1ebfu b\u1ea1n kh\u00f4ng b\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play.\"", "\"abc_toolbar_collapse_description\" : \"\u0417\u0433\u0430\u0440\u043d\u0443\u0446\u044c\"", "\"fingerprint_error_hw_not_present\" : \"\u041d\u0430 \u044d\u0442\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u043d\u0435\u0442 \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432 \u043f\u0430\u043b\u044c\u0446\u0435\u0432.\"", "\"error_icon_content_description\" : \"Error\"", "\"abc_toolbar_collapse_description\" : \"\u0c95\u0cc1\u0c97\u0ccd\u0c97\u0cbf\u0cb8\u0cbf\"", "\"common_google_play_services_updating_text\" : \"%1$s hal-haz\u0131rda g\u00fcnc\u0259ll\u0259n\u0259n Google Play xidm\u0259tl\u0259ri olmadan \u00e7al\u0131\u015fmayacaq.\"", "\"abc_searchview_description_submit\" : \"Invia query\"", "\"abc_menu_space_shortcut_label\" : \"Espacio\"", "\"fingerprint_dialog_touch_sensor\" : \"Sentuh penderia cap jari\"", "\"common_google_play_services_enable_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u00a0%1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03bb\u03b5\u03b9\u03c4\u03bf\u03c5\u03c1\u03b3\u03ae\u03c3\u03b5\u03b9 \u03b5\u03ac\u03bd \u03b4\u03b5\u03bd \u03ad\u03c7\u03b5\u03c4\u03b5 \u03b5\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03b5\u03b9 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play.\"", "\"abc_menu_space_shortcut_label\" : \"mellomrom\"", "\"abc_searchview_description_submit\" : \"Dien navraag in\"", "\"abc_action_bar_home_description\" : \"Revenir \u00e0 l'accueil\"", "\"fingerprint_error_hw_not_available\" : \"Det finns ingen maskinvara f\u00f6r fingeravtryck.\"", "\"common_signin_button_text\" : \"\u0110\u0103ng nh\u1eadp\"", "\"common_google_play_services_notification_ticker\" : \"Eroare a serviciilor Google Play\"", "\"abc_activitychooserview_choose_application\" : \"Izbira aplikacije\"", "\"common_google_play_services_install_title\" : \"Pobierz Us\u0142ugi Google Play\"", "\"abc_search_hint\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09b0\u09c1\u09a8\u2026\"", "\"common_google_play_services_install_button\" : \"Faka\"", "\"abc_menu_delete_shortcut_label\" : \"Delete\"", "\"abc_prepend_shortcut_label\" : \"Meni +\"", "\"common_google_play_services_update_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas mis \u00e0 jour les services Google\u00a0Play.\"", "\"common_signin_button_text\" : \"Prijava\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bcd \u0b87\u0bb0\u0bc1\u0ba8\u0bcd\u0ba4\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7 %1$s \u0b86\u0baa\u0bcd\u0bb8\u0bcd \u0b87\u0baf\u0b99\u0bcd\u0b95\u0bc1\u0bae\u0bcd. \u0b86\u0ba9\u0bbe\u0bb2\u0bcd, \u0b89\u0b99\u0bcd\u0b95\u0bb3\u0bcd \u0b9a\u0bbe\u0ba4\u0ba9\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b85\u0bb5\u0bc8 \u0b86\u0ba4\u0bb0\u0bbf\u0b95\u0bcd\u0b95\u0baa\u0bcd\u0baa\u0b9f\u0bb5\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u049b\u043e\u043b\u0436\u0435\u0442\u0456\u043c\u0434\u0456\u043b\u0456\u0433\u0456\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e \u092e\u093f\u0933\u0935\u093e\"", "\"common_google_play_services_enable_button\" : \"Attiva\"", "\"common_open_on_phone\" : \"Atv\u0113rt t\u0101lrun\u012b\"", "\"abc_action_mode_done\" : \"Haz\u0131rd\u0131r\"", "\"fingerprint_error_hw_not_present\" : \"\u0ead\u0eb8\u0e9b\u0eb0\u0e81\u0ead\u0e99\u0e99\u0eb5\u0ec9\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0ec0\u0e8a\u0eb1\u0e99\u0ec0\u0e8a\u0eb5\u0ea5\u0eb2\u0e8d\u0e99\u0eb4\u0ec9\u0ea7\u0ea1\u0eb7\"", "\"common_google_play_services_unsupported_text\" : \"Aplik\u00e1ciu %1$s nebude mo\u017en\u00e9 spusti\u0165 bez slu\u017eieb Google Play, ktor\u00e9 va\u0161e zariadenie nepodporuje.\"", "\"default_error_msg\" : \"Nieznany b\u0142\u0105d\"", "\"common_google_play_services_updating_text\" : \"%1$s tidak akan berfungsi tanpa perkhidmatan Google Play dan perkhidmatan ini sedang dikemaskinikan.\"", "\"abc_shareactionprovider_share_with_application\" : \"%s il\u0259 payla\u015f\u0131n\"", "\"fingerprint_error_hw_not_present\" : \"\u041d\u0430 \u0433\u044d\u0442\u0430\u0439 \u043f\u0440\u044b\u043b\u0430\u0434\u0437\u0435 \u043d\u044f\u043c\u0430 \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u0430\u0434\u0431\u0456\u0442\u043a\u0430\u045e \u043f\u0430\u043b\u044c\u0446\u0430\u045e\"", "\"abc_menu_space_shortcut_label\" : \"\u0c38\u0c4d\u0c2a\u0c47\u0c38\u0c4d\"", "\"abc_search_hint\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200eSearch\u2026\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u09a8\u09a4\u09c1\u09a8 \u09b8\u0982\u09b8\u09cd\u0995\u09f0\u09a3\u09f0 \u09aa\u09cd\u09f0\u09af\u09bc\u09cb\u099c\u09a8\u09f7 \u098f\u0987\u099f\u09cb \u09b6\u09c0\u0998\u09cd\u09f0\u09c7\u0987 \u09a8\u09bf\u099c\u09c7-\u09a8\u09bf\u099c\u09c7 \u0986\u09aa\u09a1\u09c7\u2019\u099f \u09b9\u2019\u09ac\u09f7\"", "\"abc_menu_enter_shortcut_label\" : \"daxil olun\"", "\"default_error_msg\" : \"\u4e0d\u660e\u932f\u8aa4\"", "\"fingerprint_dialog_touch_sensor\" : \"Toque no sensor de digital\"", "\"abc_action_bar_home_description\" : \"\u0e81\u0eb1\u0e9a\u0ec4\u0e9b\u0edc\u0ec9\u0eb2\u0eab\u0ebc\u0eb1\u0e81\"", "\"common_google_play_services_enable_text\" : \"\u201e%1$s\u201c neveiks, jei ne\u012fgalinsite \u201eGoogle Play\u201c paslaug\u0173.\"", "\"common_google_play_services_install_title\" : \"Obt\u00e9n Serveis de Google Play\"", "\"abc_searchview_description_query\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u179f\u17c6\u178e\u17bd\u179a\u200b\"", "\"abc_menu_meta_shortcut_label\" : \"\u0d2e\u0d46\u0d31\u0d4d\u0d31+\"", "\"abc_shareactionprovider_share_with\" : \"\u0410\u0431\u0430\u0433\u0443\u043b\u0456\u0446\u044c \u043f\u0440\u0430\u0437\"", "\"abc_searchview_description_clear\" : \"\u0915\u094d\u200d\u0935\u0947\u0930\u0940 \u0939\u091f\u093e\u090f\u0902\"", "\"common_signin_button_text\" : \"\u0544\u0578\u0582\u057f\u0584 \u0563\u0578\u0580\u056e\u0565\u056c\"", "\"abc_action_mode_done\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200eDone\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"fingerprint_error_hw_not_present\" : \"\u0627\u06cc\u0646 \u062f\u0633\u062a\u06af\u0627\u0647 \u062d\u0633\u06af\u0631 \u0627\u062b\u0631 \u0627\u0646\u06af\u0634\u062a \u0646\u062f\u0627\u0631\u062f\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+\u200e\"", "\"abc_shareactionprovider_share_with\" : \"Kongsi dengan\"", "\"abc_action_menu_overflow_description\" : \"Flere alternativer\"", "\"common_google_play_services_enable_button\" : \"\u062a\u0641\u0639\u064a\u0644\"", "\"fingerprint_error_user_canceled\" : \"\u7528\u6237\u53d6\u6d88\u4e86\u6307\u7eb9\u64cd\u4f5c\u3002\"", "\"abc_searchview_description_clear\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u09be \u09aa\u09cd\u09f0\u09b6\u09cd\u09a8 \u09ae\u099a\u0995\"", "\"fingerprint_dialog_touch_sensor\" : \"\u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0928\u094d\u091f \u0938\u0947\u0928\u094d\u0938\u0930\u092e\u093e \u091b\u0941\u0928\u0941\u0939\u094b\u0938\u094d\u200c\"", "\"bottom_sheet_behavior\" : \"com.google.android.material.bottomsheet.BottomSheetBehavior\"", "\"path_password_eye\" : \"M12,4.5C7,4.5 2.73,7.61 1,12c1.73,4.39 6,7.5 11,7.5s9.27,-3.11 11,-7.5c-1.73,-4.39 -6,-7.5 -11,-7.5zM12,17c-2.76,0 -5,-2.24 -5,-5s2.24,-5 5,-5 5,2.24 5,5 -2.24,5 -5,5zM12,9c-1.66,0 -3,1.34 -3,3s1.34,3 3,3 3,-1.34 3,-3 -1.34,-3 -3,-3z\"", "\"default_error_msg\" : \"Ukjent feil\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google Play\"", "\"abc_action_menu_overflow_description\" : \"Dig\u0259r se\u00e7iml\u0259r\"", "\"confirm_device_credential_password\" : \"U\u017cyj has\u0142a\"", "\"common_google_play_services_install_text\" : \"%1$s non se executar\u00e1 se o teu dispositivo non ten instalados os servizos de Google Play.\"", "\"common_google_play_services_enable_text\" : \"%1$s ne\u0107e funkcionirati ako ne omogu\u0107ite usluge Google Playa.\"", "\"common_google_play_services_wear_update_text\" : \"\u041f\u043e\u0442\u0440\u0456\u0431\u043d\u0430 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0441\u0456\u044f \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play. \u0412\u043e\u043d\u0438 \u043d\u0435\u0432\u0434\u043e\u0432\u0437\u0456 \u043e\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.\"", "\"fingerprint_error_lockout\" : \"Too many attempts. Please try again later.\"", "\"abc_shareactionprovider_share_with\" : \"\u0e41\u0e0a\u0e23\u0e4c\u0e01\u0e31\u0e1a\"", "\"common_signin_button_text_long\" : \"Mag-sign in sa Google\"", "\"abc_action_bar_up_description\" : \"\u0993\u09aa\u09f0\u09b2\u09c8 \u09af\u09be\u0993\u0995\"", "\"fingerprint_error_hw_not_present\" : \"Acest dispozitiv nu are senzor de amprent\u0103\"", "\"common_google_play_services_notification_ticker\" : \"Villa \u00ed \u00fej\u00f3nustu Google Play\"", "\"abc_searchview_description_submit\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200eSubmit query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_update_text\" : \"\u200f\u062c\u0628 \u062a\u06a9 \u0622\u067e Google Play \u0633\u0631\u0648\u0633\u0632 \u0627\u067e \u0688\u06cc\u0679 \u0646\u06c1\u06cc\u06ba \u06a9\u0631 \u0644\u06cc\u062a\u06d2 \u06c1\u06cc\u06ba %1$s \u062a\u0628 \u062a\u06a9 \u0646\u06c1\u06cc\u06ba \u0686\u0644\u06d2 \u06af\u06cc\u06d4\"", "\"generic_error_user_canceled\" : \"Lietot\u0101js atc\u0113la autentific\u0113\u0161anu.\"", "\"abc_shareactionprovider_share_with_application\" : \"Partekatu %s aplikazioarekin\"", "\"abc_action_bar_up_description\" : \"Yuxar\u0131 ke\u00e7in\"", "\"abc_shareactionprovider_share_with\" : \"Dela med\"", "\"common_google_play_services_notification_channel_name\" : \"Upatikanaji wa huduma za Google Play\"", "\"abc_menu_delete_shortcut_label\" : \"L\u00f6schen\"", "\"common_google_play_services_enable_text\" : \"Du skal aktivere Google Play-tjenester, for at %1$s kan fungere.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s har problemer med Google Play-tjenester. Pr\u00f8v p\u00e5 nytt.\"", "\"common_google_play_services_notification_channel_name\" : \"Beskikbaarheid van Google Play Dienste\"", "\"common_google_play_services_updating_text\" : \"\u0d28\u0d3f\u0d32\u0d35\u0d3f\u0d7d \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d28\u0d4d\u0d28 Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d07\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play\u09f0 \u09b8\u09c7\u09f1\u09be \u09b8\u09ae\u09cd\u09aa\u09f0\u09cd\u0995\u09c0\u09af\u09bc \u0986\u09b8\u09cb\u0981\u09f1\u09be\u09b9\"", "\"common_google_play_services_enable_button\" : \"\u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\"", "\"abc_menu_space_shortcut_label\" : \"Sz\u00f3k\u00f6z\"", "\"abc_searchview_description_voice\" : \"Raddleit\"", "\"generic_error_user_canceled\" : \"\u0d2a\u0d30\u0d3f\u0d36\u0d4b\u0d27\u0d3f\u0d1a\u0d4d\u0d1a\u0d41\u0d31\u0d2a\u0d4d\u0d2a\u0d3f\u0d15\u0d4d\u0d15\u0d7d \u0d09\u0d2a\u0d2f\u0d4b\u0d15\u0d4d\u0d24\u0d3e\u0d35\u0d4d \u0d31\u0d26\u0d4d\u0d26\u0d3e\u0d15\u0d4d\u0d15\u0d3f.\"", "\"common_google_play_services_update_title\" : \"P\u00e4ivit\u00e4 Google Play Palvelut\"", "\"abc_menu_shift_shortcut_label\" : \"Maj+\"", "\"abc_menu_space_shortcut_label\" : \"preslednica\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0ec1\u0e9a\u0ec8\u0e87\u0e9b\u0eb1\u0e99\u0e94\u0ec9\u0ea7\u0e8d %s\"", "\"common_google_play_services_install_button\" : \"\u0987\u09a8\u09b7\u09cd\u099f\u09b2 \u0995\u09f0\u0995\"", "\"abc_shareactionprovider_share_with\" : \"Comparte contido con\"", "\"default_error_msg\" : \"Eroare necunoscut\u0103\"", "\"abc_action_bar_home_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c3\u03c4\u03b7\u03bd \u03b1\u03c1\u03c7\u03b9\u03ba\u03ae \u03c3\u03b5\u03bb\u03af\u03b4\u03b1\"", "\"common_google_play_services_update_title\" : \"\u0410\u0436\u0443\u0440\u0438\u0440\u0430\u0458\u0442\u0435 Google Play \u0443\u0441\u043b\u0443\u0433\u0435\"", "\"common_google_play_services_enable_text\" : \"%1$s fungerar inte om du inte aktiverar Google Play-tj\u00e4nster.\"", "\"common_signin_button_text\" : \"Meld aan\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u044d\u043a\u0440\u0430\u043d\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"abc_capital_on\" : \"ZAP.\"", "\"abc_action_mode_done\" : \"\u179a\u17bd\u1785\u179a\u17b6\u179b\u17cb\"", "\"abc_menu_function_shortcut_label\" : \"Fn\u00a0+\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Abis\u00f5numi ala\"", "\"abc_action_menu_overflow_description\" : \"\u66f4\u591a\u9078\u9805\"", "\"abc_searchview_description_clear\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200eClear query\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_searchview_description_submit\" : \"Wy\u015blij zapytanie\"", "\"google_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\"", "\"abc_action_mode_done\" : \"\u0c2a\u0c42\u0c30\u0c4d\u0c24\u0c2f\u0c3f\u0c02\u0c26\u0c3f\"", "\"abc_search_hint\" : \"Soek \u2026\"", "\"common_google_play_services_enable_title\" : \"Povoli\u0165 slu\u017eby Google Play\"", "\"common_google_play_services_updating_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u0441\u044b\u0437 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442, \u0430\u043b\u0430\u0440 \u0443\u0447\u0443\u0440\u0434\u0430 \u0436\u0430\u04a3\u044b\u0440\u0442\u044b\u043b\u0443\u0443\u0434\u0430.\"", "\"common_google_play_services_enable_title\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b8\u0995\u09cd\u09b7\u09ae \u0995\u09f0\u0995\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043a\u0440\u0435\u043d\u0435 \u0431\u0435\u0437 Google Play \u0443\u0441\u043b\u0443\u0433\u0430, \u043a\u043e\u0458\u0435 \u043d\u0438\u0441\u0443 \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0440\u0435\u0452\u0430\u0458\u0443.\"", "\"abc_searchview_description_query\" : \"Paie\u0161kos u\u017eklausa\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0d38\u0d47\u0d35\u0d28 \u0d32\u0d2d\u0d4d\u0d2f\u0d24\"", "\"fingerprint_error_user_canceled\" : \"\u041c\u0430\u043d\u0436\u0430 \u0438\u0437\u0438 \u043c\u0435\u043d\u0435\u043d \u0430\u043d\u044b\u043a\u0442\u044b\u0433\u044b\u043d \u0442\u0435\u043a\u0448\u0435\u0440\u04af\u04af\u043d\u04af \u043a\u043e\u043b\u0434\u043e\u043d\u0443\u0443\u0447\u0443 \u0436\u043e\u043a\u043a\u043e \u0447\u044b\u0433\u0430\u0440\u0434\u044b.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u043d\u0435 \u043f\u0430\u0434\u0442\u0440\u044b\u043c\u043b\u0456\u0432\u0430\u044e\u0446\u0446\u0430 \u0432\u0430\u0448\u0430\u0439 \u043f\u0440\u044b\u043b\u0430\u0434\u0430\u0439.\"", "\"common_google_play_services_wear_update_text\" : \"\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0435 \u043d\u043e\u0432\u0430 \u0432\u0435\u0440\u0441\u0438\u044f \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play. \u0421\u043a\u043e\u0440\u043e \u0442\u044f \u0449\u0435 \u0441\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u043d\u043e.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u0438 \u0441\u043e %s\"", "\"common_google_play_services_enable_button\" : \"Etkinle\u015ftir\"", "\"abc_shareactionprovider_share_with\" : \"\u1785\u17c2\u1780\u179a\u17c6\u179b\u17c2\u1780\u200b\u1787\u17b6\u200b\u1798\u17bd\u1799\"", "\"fingerprint_error_no_fingerprints\" : \"Nije registrovan nijedan otisak prsta.\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija Google Play usluga. Ubrzo \u0107e se samo a\u017eurirati.\"", "\"common_google_play_services_install_title\" : \"Installer Google Play-tjenester\"", "\"abc_capital_off\" : \"\u0aac\u0a82\u0aa7\"", "\"common_google_play_services_update_title\" : \"Google Play xizmatlarini yangilash\"", "\"common_signin_button_text\" : \"\u041a\u0438\u0440\u04af\u04af\"", "\"abc_searchview_description_voice\" : \"Tales\u00f8gning\"", "\"fingerprint_error_no_fingerprints\" : \"No fingerprints enrolled.\"", "\"abc_toolbar_collapse_description\" : \"Tiivist\u00e4\"", "\"abc_activity_chooser_view_see_all\" : \"Se alle\"", "\"abc_searchview_description_query\" : \"\u0b38\u0b30\u0b4d\u0b1a\u0b4d\u0b1a \u0b15\u0b4d\u0b71\u0b47\u0b30\u0b40\"", "\"fingerprint_error_lockout\" : \"Trop de tentatives. Veuillez r\u00e9essayer plus tard.\"", "\"confirm_device_credential_password\" : \"\u015eifre kullan\"", "\"abc_menu_sym_shortcut_label\" : \"Sym-Taste\u00a0+\"", "\"generic_error_user_canceled\" : \"L'authentification a \u00e9t\u00e9 annul\u00e9e par l'utilisateur.\"", "\"fingerprint_not_recognized\" : \"Ikke genkendt\"", "\"abc_activitychooserview_choose_application\" : \"\u0410\u043f\u043f\u044b\u0433 \u0441\u043e\u043d\u0433\u043e\u0445\"", "\"abc_capital_on\" : \"\uc0ac\uc6a9\"", "\"common_google_play_services_install_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi hazipatikani kwenye kifaa chako.\"", "\"abc_toolbar_collapse_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200eCollapse\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_capital_on\" : \"\u958b\u555f\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1017\u102c\u1038\u101b\u103e\u1004\u103a\u1038\u1021\u101e\u1005\u103a\u1019\u103b\u102c\u1038 \u101c\u102d\u102f\u1021\u1015\u103a\u1014\u1031\u101e\u100a\u103a\u104b \u1021\u1001\u103b\u102d\u1014\u103a\u1021\u1014\u100a\u103a\u1038\u1004\u101a\u103a\u1021\u1000\u103c\u102c\u1010\u103d\u1004\u103a \u104e\u1004\u103a\u1038\u1000\u102d\u102f\u101a\u103a\u1010\u102d\u102f\u1004\u103a\u1021\u1015\u103a\u1012\u102d\u1010\u103a\u101c\u102f\u1015\u103a\u1015\u102b \u101c\u102d\u1019\u1037\u103a\u1019\u100a\u103a\u104b\"", "\"abc_capital_on\" : \"ON\"", "\"fingerprint_not_recognized\" : \"\u8a8d\u8b58\u3055\u308c\u307e\u305b\u3093\u3067\u3057\u305f\"", "\"fingerprint_not_recognized\" : \"\u041d\u0435 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u043d\u043e\"", "\"abc_activity_chooser_view_see_all\" : \"Ver todo\"", "\"common_google_play_services_update_text\" : \"%1$s\u306e\u5b9f\u884c\u306b\u306fGoogle Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u3067\u3059\u3002\"", "\"abc_search_hint\" : \"\u0916\u094b\u091c\u0947\u0902\u2026\"", "\"common_google_play_services_notification_ticker\" : \"Kesalahan layanan Google Play\"", "\"abc_search_hint\" : \"S\u00f8k\"", "\"abc_searchview_description_clear\" : \"\u0ea5\u0eb6\u0e9a\u0e82\u0ecd\u0ec9\u0e84\u0ea7\u0eb2\u0ea1\u0e8a\u0ead\u0e81\u0eab\u0eb2\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilit\u00e9 des services Google\u00a0Play\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\"", "\"abc_searchview_description_search\" : \"Ie\u0161koti\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038 \u1021\u1019\u103e\u102c\u1038\"", "\"abc_searchview_description_clear\" : \"\u0412\u044b\u0434\u0430\u043b\u0456\u0446\u044c \u0437\u0430\u043f\u044b\u0442\"", "\"common_google_play_services_install_button\" : \"\u0d07\u0d28\u0d4d\u200d\u0d38\u0d4d\u0d31\u0d4d\u0d31\u0d3e\u0d33\u0d4d\u200d \u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"abc_action_mode_done\" : \"K\u00e9sz\"", "\"common_google_play_services_unsupported_text\" : \"Programa \u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kuri\u0173 j\u016bs\u0173 \u012frenginys nepalaiko.\"", "\"common_google_play_services_enable_text\" : \"%1$s ne\u0107e funkcionisati ako ne omogu\u0107ite Google Play usluge.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"abc_menu_function_shortcut_label\" : \"\u200eFunction+\u200e\"", "\"common_open_on_phone\" : \"\u041e\u0442\u0432\u043e\u0440\u0438 \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0442\"", "\"abc_action_bar_home_description\" : \"\u09b9\u09cb\u09ae\u09c7 \u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"abc_shareactionprovider_share_with\" : \"\u0987\u09af\u09bc\u09be\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u09b6\u09cd\u09ac\u09c7\u09af\u09bc\u09be\u09f0 \u0995\u09f0\u0995\"", "\"abc_action_bar_up_description\" : \"Pomik navzgor\"", "\"common_signin_button_text_long\" : \"\u0412\u043e\u0439\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 Google\"", "\"abc_menu_shift_shortcut_label\" : \"P\u0101rsl\u0113g\u0161anas tausti\u0146\u0161\u00a0+\"", "\"common_signin_button_text\" : \"\u041f\u0440\u0438\u0458\u0430\u0432\u0438 \u043c\u0435\"", "\"fingerprint_error_user_canceled\" : \"Odczyt odcisku palca zosta\u0142 anulowany przez u\u017cytkownika.\"", "\"abc_activitychooserview_choose_application\" : \"Pilih aplikasi\"", "_Unwind_VRS_Get_Internal", "\"abc_searchview_description_submit\" : \"Sorguyu g\u00f6nder\"", "\"common_open_on_phone\" : \"\u0410\u0434\u043a\u0440\u044b\u0446\u044c \u043d\u0430 \u0442\u044d\u043b\u0435\u0444\u043e\u043d\u0435\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u094b \u0905\u092d\u0940 \u0905\u092a\u0921\u0947\u091f \u0939\u094b \u0930\u0939\u0940 \u0939\u0948\u0902.\"", "\"common_google_play_services_enable_title\" : \"Google Play xizmatlarini yoqish\"", "\"generic_error_user_canceled\" : \"Autentica\u00e7\u00e3o cancelada pelo utilizador.\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+\"", "\"common_google_play_services_install_button\" : \"\u0c87\u0ca8\u0ccd\u200c\u0cb8\u0ccd\u0c9f\u0cbe\u0cb2\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_menu_function_shortcut_label\" : \"Funtzioa +\"", "\"common_google_play_services_update_text\" : \"%1$s no se ejecutar\u00e1 a menos que actualices los servicios de Google Play.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u041f\u043e\u043b\u0435 \u0434\u0430\u0432\u0435\u0434\u0430\u0447\u043d\u0430\u0433\u0430 \u043f\u0430\u0432\u0435\u0434\u0430\u043c\u043b\u0435\u043d\u043d\u044f\"", "\"abc_searchview_description_submit\" : \"Wasilisha hoja\"", "\"abc_searchview_description_search\" : \"\u0ab6\u0acb\u0aa7\u0acb\"", "\"abc_searchview_description_submit\" : \"\u0410\u0434\u043f\u0440\u0430\u0432\u0456\u0446\u044c \u0437\u0430\u043f\u044b\u0442\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0d8b\u0daf\u0dc0\u0dd4 \u0db4\u0dab\u0dd2\u0dc0\u0dd2\u0da9 \u0db4\u0dca\u200d\u0dbb\u0daf\u0dda\u0dc1\u0dba\"", "\"abc_searchview_description_search\" : \"Cari\"", "\"mtrl_picker_text_input_date_hint\" : \"Date\"", "\"confirm_device_credential_password\" : \"Use password\"", "\"abc_action_bar_home_description\" : \"Boshiga o\u2018tish\"", "\"common_google_play_services_enable_text\" : \"Google Play xizmatlari yoqilmaguncha, %1$s ishlamaydi.\"", "\"abc_searchview_description_submit\" : \"\u178a\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1787\u17bc\u1793\u200b\u179f\u17c6\u178e\u17bd\u179a\"", "\"abc_searchview_description_search\" : \"\u0a16\u0a4b\u0a1c\"", "\"common_google_play_services_enable_button\" : \"\u0b38\u0b15\u0b4d\u0b37\u0b2e \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"abc_action_bar_up_description\" : \"Nar\u0161yti auk\u0161tyn\"", "\"abc_search_hint\" : \"\u0418\u0437\u0434\u04e9\u04e9\u2026\"", "\"common_google_play_services_enable_text\" : \"\u0c2e\u0c40\u0c30\u0c41 Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c38\u0c4d\u0c24\u0c47 \u0c2e\u0c3f\u0c28\u0c39\u0c3e %1$s \u0c2a\u0c28\u0c3f \u0c1a\u0c47\u0c2f\u0c26\u0c41.\"", "\"search_menu_title\" : \"C\u0103uta\u021bi\"", "\"common_google_play_services_install_text\" : \"%1$s kan inte k\u00f6ras utan Google Play-tj\u00e4nsterna, som saknas p\u00e5 enheten.\"", "\"common_google_play_services_install_title\" : \"\u039b\u03ae\u03c8\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"abc_toolbar_collapse_description\" : \"\u091b\u094b\u091f\u093e \u0915\u0930\u0947\u0902\"", "\"abc_searchview_description_query\" : \"\u09b8\u09be\u09b0\u09cd\u099a \u0995\u09cb\u09af\u09bc\u09c7\u09b0\u09bf\"", "\"common_google_play_services_update_text\" : \"%1$s ne mo\u017ee da se pokrene ako ne a\u017eurirate Google Play usluge.\"", "\"common_open_on_phone\" : \"\u10e2\u10d4\u10da\u10d4\u10e4\u10dd\u10dc\u10e8\u10d8 \u10d2\u10d0\u10ee\u10e1\u10dc\u10d0\"", "\"common_google_play_services_enable_text\" : \"\u200f\u062a\u0627 \u0648\u0642\u062a\u06cc \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play \u0631\u0627 \u0641\u0639\u0627\u0644 \u0646\u06a9\u0646\u06cc\u062f\u060c %1$s \u06a9\u0627\u0631 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f.\"", "\"common_google_play_services_update_text\" : \"Rakenduse %1$s t\u00f6\u00f6tamiseks peate v\u00e4rskendama Google Play teenuseid.\"", "\"fingerprint_error_user_canceled\" : \"\u062a\u0645 \u0625\u0644\u063a\u0627\u0621 \u062a\u0634\u063a\u064a\u0644 \u0628\u0635\u0645\u0629 \u0627\u0644\u0625\u0635\u0628\u0639 \u0628\u0648\u0627\u0633\u0637\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\"", "\"fingerprint_error_no_fingerprints\" : \"\u672a\u6ce8\u518c\u4efb\u4f55\u6307\u7eb9\u3002\"", "\"common_google_play_services_enable_title\" : \"\u0423\u043a\u043b\u044e\u0447\u044b\u0446\u044c \u0441\u043b\u0443\u0436\u0431\u044b Google Play\"", "\"abc_activitychooserview_choose_application\" : \"Wybierz aplikacj\u0119\"", "\"abc_action_menu_overflow_description\" : \"\u0e95\u0ebb\u0ea7\u0ec0\u0ea5\u0eb7\u0ead\u0e81\u0ec0\u0e9e\u0eb5\u0ec8\u0ea1\u0ec0\u0e95\u0eb5\u0ea1\"", "\"confirm_device_credential_password\" : \"Izmantot paroli\"", "\"fingerprint_dialog_touch_sensor\" : \"Parmak izi sens\u00f6r\u00fcne dokunun\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Yordam xabari\"", "\"abc_searchview_description_search\" : \"\u0916\u094b\u091c\u0947\u0902\"", "\"confirm_device_credential_password\" : \"Pou\u017ei\u0165 heslo\"", "\"common_google_play_services_enable_title\" : \"Activar servizos de Google Play\"", "\"default_error_msg\" : \"\u1021\u1019\u103b\u102d\u102f\u1038\u1021\u1019\u100a\u103a\u1019\u101e\u102d \u1021\u1019\u103e\u102c\u1038\"", "\"common_google_play_services_updating_text\" : \"%1$s kan ikke k\u00f8re uden Google Play-tjenester, som i \u00f8jeblikket opdateres.\"", "\"abc_capital_off\" : \"ISKLJU\u010cENO\"", "\"abc_searchview_description_submit\" : \"\u0410\u0441\u0443\u0443\u043b\u0433\u0430 \u0438\u043b\u0433\u044d\u044d\u0445\"", "\"abc_action_mode_done\" : \"Xong\"", "\"fingerprint_error_hw_not_available\" : \"Barmaq izi avadanl\u0131\u011f\u0131 \u0259l\u00e7atan deyil.\"", "\"common_google_play_services_install_text\" : \"%1$s no s'executar\u00e0 si Serveis de Google Play no est\u00e0 instal\u00b7lat al dispositiu.\"", "\"common_google_play_services_install_text\" : \"%1$s \u12eb\u1208 Google Play \u12a0\u1308\u120d\u130d\u120e\u1276\u127d \u12a0\u12ed\u1230\u122b\u121d\u1363 \u12a5\u1290\u1231 \u12f0\u130d\u121e \u1260\u1218\u1223\u122a\u12eb\u12ce \u120b\u12ed \u12e8\u1209\u121d\u1362\"", "\"common_google_play_services_update_button\" : \"\u12eb\u12d8\u121d\u1291\"", "\"fingerprint_error_lockout\" : \"H\u0259dd\u0259n \u00e7ox c\u0259hd oldu. Sonra s\u0131nay\u0131n.\"", "\"fingerprint_error_hw_not_available\" : \"\u10d7\u10d8\u10d7\u10d8\u10e1 \u10d0\u10dc\u10d0\u10d1\u10d4\u10ed\u10d3\u10d8\u10e1 \u10d0\u10de\u10d0\u10e0\u10d0\u10e2\u10e3\u10e0\u10d0 \u10db\u10d8\u10e3\u10ec\u10d5\u10d3\u10dd\u10db\u10d4\u10da\u10d8\u10d0.\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0cbf\"", "\"fingerprint_dialog_touch_sensor\" : \"\u00c9rintse meg az ujjlenyomat-\u00e9rz\u00e9kel\u0151t\"", "\"abc_shareactionprovider_share_with\" : \"\u0dc3\u0db8\u0d9c \u0db6\u0dd9\u0daf\u0dcf \u0d9c\u0db1\u0dca\u0db1\"", "\"abc_searchview_description_query\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"common_google_play_services_install_text\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u0441\u044b\u0437 %1$s \u0438\u0448\u0442\u0435\u0431\u0435\u0439\u0442. \u0410\u043b\u0430\u0440 \u0442\u04af\u0437\u043c\u04e9\u0433\u04af\u04a3\u04af\u0437\u0434\u04e9 \u0436\u043e\u043a \u0431\u043e\u043b\u0443\u043f \u0436\u0430\u0442\u0430\u0442.\"", "\"common_google_play_services_install_text\" : \"%1$s kan niet worden uitgevoerd zonder Google Play-services, die je nog niet op je apparaat hebt.\"", "\"common_signin_button_text\" : \"\u041d\u0430\u0458\u0430\u0432\u0438 \u0441\u0435\"", "\"abc_action_bar_up_description\" : \"\u0ec0\u0ea5\u0eb7\u0ec8\u0ead\u0e99\u0e82\u0eb6\u0ec9\u0e99\u0ec0\u0e97\u0eb4\u0e87\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Zone de message d'aide\"", "\"common_google_play_services_updating_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u1794\u17be\u1798\u17b7\u1793\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play \u178a\u17c4\u1799\u179f\u17b6\u179a\u178f\u17c2\u179c\u17b6\u1780\u17c6\u1796\u17bb\u1784\u17a2\u17b6\u1794\u17cb\u178a\u17c1\u178f\u17d4\"", "\"common_google_play_services_install_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be, \u09af\u09be \u0986\u09aa\u09a8\u09be\u09b0 \u09a1\u09bf\u09ad\u09be\u0987\u09b8\u09c7 \u0985\u09a8\u09c1\u09aa\u09b8\u09cd\u09a5\u09bf\u09a4\u0964\"", "\"abc_menu_delete_shortcut_label\" : \"\u0db8\u0d9a\u0db1\u0dca\u0db1\"", "\"common_google_play_services_enable_text\" : \"%1$s ei toimi, ellet ota Google Play Palveluita k\u00e4ytt\u00f6\u00f6n.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play services availability\"", "\"fingerprint_error_no_fingerprints\" : \"\u0627\u062b\u0631 \u0627\u0646\u06af\u0634\u062a\u06cc \u062b\u0628\u062a \u0646\u0634\u062f\u0647 \u0627\u0633\u062a.\"", "\"fingerprint_error_user_canceled\" : \"\u0909\u092a\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e \u0928\u0947 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0915\u0940 \u092a\u0941\u0937\u094d\u091f\u093f \u0915\u0940 \u0915\u093e\u0930\u094d\u0930\u0935\u093e\u0908 \u0930\u0926\u094d\u0926 \u0915\u0930 \u0926\u0940 \u0939\u0948.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u092e\u0926\u0924 \u092e\u0947\u0938\u0947\u091c \u092a\u0930\u093f\u0938\u0930\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u04af\u0433\u0434\u0438\u0439\u0433 \u0445\u0430\u0440\u0430\u0445\"", "\"abc_searchview_description_query\" : \"Query di ricerca\"", "\"default_error_msg\" : \"\u041d\u0435\u0432\u044f\u0434\u043e\u043c\u0430\u044f \u043f\u0430\u043c\u044b\u043b\u043a\u0430\"", "\"fingerprint_error_hw_not_available\" : \"\u0410\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u044f \u0441\u0440\u043e\u0434\u043a\u0456 \u0434\u043b\u044f \u0437\u043d\u044f\u0446\u0446\u044f \u0430\u0434\u0431\u0456\u0442\u043a\u0430\u045e \u043f\u0430\u043b\u044c\u0446\u0430\u045e \u043d\u0435\u0434\u0430\u0441\u0442\u0443\u043f\u043d\u044b\u044f.\"", "\"common_open_on_phone\" : \"Buksan sa telepono\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0438\u043c\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\u043c\u0430. \u041f\u0440\u043e\u0431\u0430\u0458\u0442\u0435 \u043f\u043e\u043d\u043e\u0432\u043e.\"", "\"common_signin_button_text_long\" : \"Iniciar sess\u00e3o com o Google\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Hizmetleri hatas\u0131\"", "\"abc_activity_chooser_view_see_all\" : \"\u017dr. visk\u0105\"", "\"common_google_play_services_unknown_issue\" : \"\u300c%1$s\u300d\u7121\u6cd5\u5b58\u53d6 Google Play \u670d\u52d9\uff0c\u8acb\u518d\u8a66\u4e00\u6b21\u3002\"", "\"abc_capital_on\" : \"B\u1eacT\"", "\"abc_menu_space_shortcut_label\" : \"bo\u015fluk\"", "\"common_open_on_phone\" : \"\u0641\u0648\u0646 \u067e\u0631 \u06a9\u06be\u0648\u0644\u06cc\u06ba\"", "\"abc_prepend_shortcut_label\" : \"Poga Izv\u0113lne\u00a0+\"", "\"fingerprint_error_no_fingerprints\" : \"Geen vingerafdrukken geregistreerd.\"", "\"common_google_play_services_update_text\" : \"%1$s haitafanya kazi hadi usasishe huduma za Google Play.\"", "\"abc_menu_shift_shortcut_label\" : \"\u0428\u0438\u0444\u0442+\"", "\"abc_capital_on\" : \"\u0544\u053b\u0531\u0551\u0546\u0535\u053c\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0574\u056b\u0576\u0579\u0587 \u0579\u0574\u056b\u0561\u0581\u0576\u0565\u0584 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568:\"", "\"fingerprint_dialog_touch_sensor\" : \"Touch. capteur empr. digitales\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u0432\u0438\u0432\u0430\u043d\u0435\"", "\"abc_toolbar_collapse_description\" : \"Tolestu\"", "\"abc_capital_off\" : \"\u0625\u064a\u0642\u0627\u0641\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u670d\u52d9\u7684\u9069\u7528\u7bc4\u570d\"", "\"abc_prepend_shortcut_label\" : \"Menyja+\"", "\"abc_action_bar_up_description\" : \"Yukar\u0131 git\"", "\"abc_activitychooserview_choose_application\" : \"\u0412\u044b\u0431\u0435\u0440\u0438\u0442\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\"", "\"generic_error_user_canceled\" : \"\u4f7f\u7528\u8005\u5df2\u53d6\u6d88\u9a57\u8b49\u4f5c\u696d\u3002\"", "\"fingerprint_error_no_fingerprints\" : \"\u0915\u0941\u0928\u0948 \u092a\u0928\u093f \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0928\u094d\u091f \u0926\u0930\u094d\u0924\u093e \u0917\u0930\u093f\u090f\u0915\u094b \u091b\u0948\u0928\u0964\"", "\"abc_capital_off\" : \"\u062e\u0627\u0645\u0648\u0634\"", "\"abc_capital_on\" : \"\u0c06\u0c28\u0c4d\"", "\"abc_action_bar_home_description\" : \"Fara heim\"", "\"abc_menu_delete_shortcut_label\" : \"\u522a\u9664\"", "\"common_google_play_services_update_text\" : \"%1$s s\u00f3 funciona com uma vers\u00e3o atualizada do Google Play Services.\"", "\"fingerprint_error_user_canceled\" : \"El usuario cancel\u00f3 la operaci\u00f3n de huella digital.\"", "\"common_google_play_services_updating_text\" : \"\u0421\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\", \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f.\"", "\"abc_action_bar_up_description\" : \"Navegar hacia arriba\"", "\"fingerprint_not_recognized\" : \"Nije prepoznat\"", "\"common_google_play_services_update_text\" : \"%1$s sal nie werk nie tensy jy Google Play Dienste opdateer.\"", "\"common_signin_button_text\" : \"Oturum a\u00e7\"", "\"abc_shareactionprovider_share_with\" : \"\u5206\u4eab\u5bf9\u8c61\"", "\"abc_searchview_description_submit\" : \"Sor\u011funu g\u00f6nd\u0259rin\"", "\"fingerprint_error_lockout\" : \"\u0e25\u0e2d\u0e07\u0e2b\u0e25\u0e32\u0e22\u0e04\u0e23\u0e31\u0e49\u0e07\u0e40\u0e01\u0e34\u0e19\u0e44\u0e1b \u0e42\u0e1b\u0e23\u0e14\u0e25\u0e2d\u0e07\u0e2d\u0e35\u0e01\u0e04\u0e23\u0e31\u0e49\u0e07\u0e20\u0e32\u0e22\u0e2b\u0e25\u0e31\u0e07\"", "\"common_open_on_phone\" : \"\uc2a4\ub9c8\ud2b8\ud3f0\uc5d0\uc11c \uc5f4\uae30\"", "\"abc_action_bar_up_description\" : \"\u0627\u0648\u067e\u0631 \u0646\u06cc\u0648\u06cc\u06af\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_enable_button\" : \"\u05d4\u05e4\u05e2\u05dc\"", "\"abc_searchview_description_voice\" : \"Ukusesha ngezwi\"", "\"common_google_play_services_wear_update_text\" : \"\u00c8 richiesta una nuova versione di Google Play Services. L'aggiornamento automatico verr\u00e0 eseguito a breve.\"", "\"fingerprint_error_no_fingerprints\" : \"Nenhuma impress\u00e3o digital registrada.\"", "\"abc_activitychooserview_choose_application\" : \"\u041a\u043e\u043b\u0434\u043e\u043d\u043c\u043e \u0442\u0430\u043d\u0434\u043e\u043e\"", "\"common_google_play_services_install_text\" : \"%1$s no se ejecutar\u00e1 si los Servicios de Google Play no est\u00e1n instalados en tu dispositivo.\"", "\"common_google_play_services_wear_update_text\" : \"\u5fc5\u987b\u4f7f\u7528\u65b0\u7248 Google Play \u670d\u52a1\u3002\u8be5\u670d\u52a1\u5f88\u5feb\u5c31\u4f1a\u81ea\u884c\u66f4\u65b0\u3002\"", "\"path_password_eye_mask_strike_through\" : \"M2,4.27 L19.73,22 L22.27,19.46 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", "\"common_open_on_phone\" : \"\u0386\u03bd\u03bf\u03b9\u03b3\u03bc\u03b1 \u03c3\u03b5 \u03c4\u03b7\u03bb\u03ad\u03c6\u03c9\u03bd\u03bf\"", "\"common_google_play_services_wear_update_text\" : \"Vajalik on Google Play teenuste uus versioon. See v\u00e4rskendab end peagi.\"", "\"abc_searchview_description_voice\" : \"\u0414\u0443\u0443\u0442 \u0445\u0430\u0439\u043b\u0442\"", "\"search_menu_title\" : \"\u0916\u094b\u091c\"", "\"abc_action_menu_overflow_description\" : \"\u0d15\u0d42\u0d1f\u0d41\u0d24\u0d7d \u0d13\u0d2a\u0d4d\u0d37\u0d28\u0d41\u0d15\u0d7e\"", "\"abc_activity_chooser_view_see_all\" : \"Mostra tutto\"", "\"common_google_play_services_updating_text\" : \"%1$s non se executar\u00e1 sen os servizos de Google Play, que se est\u00e1n actualizando neste momento.\"", "\"default_error_msg\" : \"\u0411\u0435\u043b\u0433\u0456\u0441\u0456\u0437 \u049b\u0430\u0442\u0435\"", "\"fingerprint_dialog_touch_sensor\" : \"Touch the fingerprint sensor\"", "\"common_google_play_services_updating_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e \"Luaj me Google\", t\u00eb cilat po p\u00ebrdit\u00ebsohen aktualisht.\"", "\"common_signin_button_text\" : \"\u03a3\u03cd\u03bd\u03b4\u03b5\u03c3\u03b7\"", "\"fingerprint_error_no_fingerprints\" : \"Nu au fost \u00eenregistrate amprente digitale.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e, \u091c\u094b \u0906\u092a\u0915\u0947 \u0921\u093f\u0935\u093e\u0907\u0938 \u092a\u0930 \u0915\u093e\u092e \u0928\u0939\u0940\u0902 \u0915\u0930\u0924\u0940 \u0939\u0948\u0902.\"", "\"abc_action_mode_done\" : \"\u06c1\u0648 \u06af\u06cc\u0627\"", "\"abc_action_bar_home_description\" : \"\u0bae\u0bc1\u0b95\u0baa\u0bcd\u0baa\u0bbf\u0bb1\u0bcd\u0b95\u0bc1\u0b9a\u0bcd \u0b9a\u0bc6\u0bb2\u0bcd\u0bb2\u0bc1\u0bae\u0bcd\"", "\"abc_searchview_description_search\" : \"Suche\"", "\"fingerprint_error_user_canceled\" : \"Lietot\u0101js atc\u0113la pirksta nospieduma darb\u012bbu.\"", "\"fingerprint_dialog_touch_sensor\" : \"Snertu fingrafaralesarann\"", "\"abc_action_bar_up_description\" : \"\u0989\u09aa\u09b0\u09c7 \u09a8\u09c7\u09ad\u09bf\u0997\u09c7\u099f \u0995\u09b0\u09c1\u09a8\"", "\"abc_menu_function_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200f\u200f\u200eFunction+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0111ang g\u1eb7p s\u1ef1 c\u1ed1 v\u1edbi c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play. H\u00e3y th\u1eed l\u1ea1i.\"", "\"common_google_play_services_enable_text\" : \"%1$s tidak akan berfungsi melainkan anda mendayakan perkhidmatan Google Play.\"", "\"common_signin_button_text_long\" : \"\u900f\u904e Google \u767b\u5165\"", "\"common_google_play_services_update_title\" : \"Google Play xidm\u0259tl\u0259rini g\u00fcnc\u0259ll\u0259\u015fdirin\"", "\"abc_shareactionprovider_share_with\" : \"\u0414\u0435\u043b\u0438\u0442\u0435 \u043f\u043e\u043c\u043e\u045b\u0443\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_enable_title\" : \"Enable Google Play services\"", "\"abc_searchview_description_submit\" : \"\u10db\u10dd\u10d7\u10ee\u10dd\u10d5\u10dc\u10d8\u10e1 \u10d2\u10d0\u10d3\u10d0\u10d2\u10d6\u10d0\u10d5\u10dc\u10d0\"", "\"common_google_play_services_notification_ticker\" : \"Error sa Mga Serbisyo ng Google Play\"", "\"common_google_play_services_update_title\" : \"Sasisha huduma za Google Play\"", "\"search_menu_title\" : \"H\u013eada\u0165\"", "\"common_google_play_services_unknown_issue\" : \"%1$s har problemer med Google Play-tjenester. Pr\u00f8v igen.\"", "\"abc_capital_off\" : \"KI\"", "\"common_google_play_services_update_button\" : \"\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\"", "\"abc_searchview_description_submit\" : \"Bidali kontsulta\"", "\"generic_error_user_canceled\" : \"Authentification annul\u00e9e par l'utilisateur.\"", "\"common_google_play_services_updating_text\" : \"\u0938\u0927\u094d\u200d\u092f\u093e \u0905\u092a\u0921\u0947\u091f \u0939\u094b\u0924 \u0905\u0938\u0932\u0947\u0932\u094d\u200d\u092f\u093e, Google Play \u0938\u0947\u0935\u093e\u0902\u0936\u093f\u0935\u093e\u092f %1$s \u091a\u093e\u0932\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"abc_searchview_description_clear\" : \"Obri\u0161i upit\"", "\"fingerprint_error_lockout\" : \"Previ\u0161e poku\u0161aja. Poku\u0161ajte ponovno kasnije.\"", "\"abc_search_hint\" : \"Leita\u2026\"", "\"common_signin_button_text_long\" : \"Accedi con Google\"", "\"common_google_play_services_enable_button\" : \"B\u1eadt\"", "\"fingerprint_error_hw_not_available\" : \"\u0633\u062e\u062a\u200c\u0627\u0641\u0632\u0627\u0631 \u0627\u062b\u0631\u0627\u0646\u06af\u0634\u062a \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0646\u06cc\u0633\u062a.\"", "\"common_google_play_services_updating_text\" : \"\u57f7\u884c\u300c%1$s\u300d\u6240\u9700\u7684 Google Play \u670d\u52d9\u6b63\u5728\u66f4\u65b0\u3002\"", "\"abc_activity_chooser_view_see_all\" : \"Alle anzeigen\"", "\"abc_search_hint\" : \"\u062c\u0633\u062a\u062c\u0648\u2026\u200f\"", "\"abc_menu_delete_shortcut_label\" : \"\u09ae\u09c1\u099b\u09c1\u09a8\"", "\"abc_action_mode_done\" : \"\u5b8c\u4e86\"", "\"abc_activity_chooser_view_see_all\" : \"\u054f\u0565\u057d\u0576\u0565\u056c \u0562\u0578\u056c\u0578\u0580\u0568\"", "\"fingerprint_error_hw_not_available\" : \"Hatz-marken hardwarea ez dago erabilgarri.\"", "\"search_menu_title\" : \"Haku\"", "\"abc_action_bar_up_description\" : \"Di chuy\u1ec3n l\u00ean\"", "\"common_signin_button_text_long\" : \"Google orqali kirish\"", "\"common_google_play_services_update_title\" : \"Google Play hizmetlerini g\u00fcncelleyin\"", "\"default_error_msg\" : \"\u0db1\u0ddc\u0daf\u0db1\u0dca\u0db1\u0dcf \u0daf\u0ddd\u0dc2\u0dba\u0d9a\u0dd2\"", "\"common_google_play_services_install_text\" : \"O %1$s n\u00e3o \u00e9 executado sem os Servi\u00e7os do Google Play, os quais est\u00e3o em falta no seu dispositivo.\"", "\"common_google_play_services_update_title\" : \"Atualizar servi\u00e7os do Google Play\"", "\"common_google_play_services_enable_button\" : \"I-enable\"", "\"common_google_play_services_install_button\" : \"Namesti\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e08\u0e19\u0e01\u0e27\u0e48\u0e32\u0e04\u0e38\u0e13\u0e08\u0e30\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"abc_shareactionprovider_share_with\" : \"\u039a\u03bf\u03b9\u03bd\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7 \u03c3\u03b5\"", "\"abc_searchview_description_clear\" : \"Borra a consulta\"", "\"abc_shareactionprovider_share_with_application\" : \"Trimite\u021bi folosind %s\"", "\"abc_action_bar_up_description\" : \"\u524d\u306b\u623b\u308b\"", "\"abc_shareactionprovider_share_with\" : \"Sd\u00edlet s\"", "\"abc_searchview_description_submit\" : \"\u0e2a\u0e48\u0e07\u0e04\u0e33\u0e04\u0e49\u0e19\u0e2b\u0e32\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u00c1rea da mensagem de ajuda\"", "\"common_google_play_services_enable_title\" : \"\u200f\u062a\u0641\u0639\u064a\u0644 \u062e\u062f\u0645\u0627\u062a Google Play\"", "\"abc_capital_on\" : \"\u049a\u041e\u0421\u0423\"", "\"common_signin_button_text_long\" : \"Prijavi me na Google\"", "\"abc_searchview_description_clear\" : \"\u0627\u0633\u062a\u0641\u0633\u0627\u0631 \u0635\u0627\u0641 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_install_title\" : \"Get Google Play services\"", "\"mtrl_picker_text_input_day_abbr\" : \"d\"", "\"abc_searchview_description_voice\" : \"\u0e8a\u0ead\u0e81\u0eab\u0eb2\u0e94\u0ec9\u0ea7\u0e8d\u0eaa\u0ebd\u0e87\"", "\"abc_searchview_description_submit\" : \"Envoyer la requ\u00eate\"", "\"common_google_play_services_update_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c28\u0c35\u0c40\u0c15\u0c30\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f\"", "\"abc_menu_sym_shortcut_label\" : \"Sym+\u200e\"", "\"common_signin_button_text\" : \"Sign In\"", "\"fingerprint_error_hw_not_available\" : \"\u0e9a\u0ecd\u0ec8\u200b\u0ea1\u0eb5\u200b\u0eae\u0eb2\u0e94\u200b\u0ec1\u0ea7\u0ea5\u0eb2\u0e8d\u200b\u0e99\u0eb5\u0ec9\u0ea7\u200b\u0ea1\u0eb7\u200b\u0e97\u0eb5\u0ec8\u0eaa\u0eb2\u0ea1\u0eb2\u0e94\u0ec3\u0e8a\u0ec9\u0ec4\u0e94\u0ec9.\"", "\"common_google_play_services_install_text\" : \"%1$s \u0909\u0928 Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u092c\u093f\u0928\u093e \u0928\u0939\u0940\u0902 \u091a\u0932\u0947\u0917\u093e \u091c\u094b \u0906\u092a\u0915\u0947 \u0921\u093f\u0935\u093e\u0907\u0938 \u092e\u0947\u0902 \u0909\u092a\u0932\u092c\u094d\u0927 \u0928\u0939\u0940\u0902 \u0939\u0948\u0902.\"", "\"abc_searchview_description_query\" : \"\u0637\u0644\u0628 \u0628\u062d\u062b\"", "\"abc_menu_space_shortcut_label\" : \"t\u00fchik\"", "\"abc_action_bar_up_description\" : \"G\u00e5 op\"", "\"abc_action_bar_home_description\" : \"Portami a casa\"", "\"abc_searchview_description_clear\" : \"Suchanfrage l\u00f6schen\"", "\"abc_activity_chooser_view_see_all\" : \"\u0411\u0430\u0430\u0440\u044b\u043d \u043a\u04e9\u0440\u04af\u04af\"", "\"common_google_play_services_update_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kokuthi ubuyekeze i-Google Play.\"", "\"fingerprint_not_recognized\" : \"Ei tunnistettu\"", "\"common_google_play_services_update_text\" : \"%1$s wird nur ausgef\u00fchrt, wenn du die Google Play-Dienste aktualisierst.\"", "\"fingerprint_error_lockout\" : \"Tent\u00e1chelo demasiadas veces. Proba de novo m\u00e1is tarde.\"", "\"abc_prepend_shortcut_label\" : \"\u0d2e\u0d46\u0d28\u0d41+\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0c38\u0c47\u0c35\u0c32 \u0c32\u0c2d\u0c4d\u0c2f\u0c24\"", "\"fingerprint_error_hw_not_available\" : \"Sormenj\u00e4lkilaitteisto ei ole k\u00e4ytett\u00e4viss\u00e4.\"", "\"default_error_msg\" : \"\u041d\u0435\u043f\u043e\u0437\u043d\u0430\u0442\u0430 \u0433\u0440\u0435\u0448\u043a\u0430\"", "\"common_google_play_services_install_button\" : \"Instal\"", "\"common_google_play_services_enable_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cc0\u0cb5\u0cc1 \u0cb8\u0c95\u0ccd\u0cb0\u0cbf\u0caf\u0c97\u0cca\u0cb3\u0cbf\u0cb8\u0ca6 \u0cb9\u0cca\u0cb0\u0ca4\u0cc1 %1$s \u0c95\u0cbe\u0cb0\u0ccd\u0caf\u0ca8\u0cbf\u0cb0\u0ccd\u0cb5\u0cb9\u0cbf\u0cb8\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"search_menu_title\" : \"\u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"search_menu_title\" : \"Leit\"", "\"common_google_play_services_unknown_issue\" : \"Rakendusel %1$s on probleeme Google Play teenustega. Proovige uuesti.\"", "\"common_signin_button_text_long\" : \"Log ind med Google\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0414\u043e\u043f\u0440\u0435\u0442\u0435 \u0433\u043e \u0441\u0435\u043d\u0437. \u0437\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u0446\u0438\"", "\"common_google_play_services_install_title\" : \"Google Play-Dienste installieren\"", "\"abc_activitychooserview_choose_application\" : \"Vybra\u0165 aplik\u00e1ciu\"", "\"abc_menu_function_shortcut_label\" : \"FUNZIONE +\"", "\"abc_capital_on\" : \"\u05de\u05d5\u05e4\u05e2\u05dc\"", "\"fingerprint_error_no_fingerprints\" : \"\u06a9\u0648\u0626\u06cc \u0641\u0646\u06af\u0631 \u067e\u0631\u0646\u0679 \u0645\u0646\u062f\u0631\u062c \u0646\u06c1\u06cc\u06ba \u06c1\u06d2\u06d4\"", "\"search_menu_title\" : \"Soek\"", "\"common_google_play_services_enable_button\" : \"Kveikja\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Obszar komunikatu pomocy\"", "\"common_signin_button_text_long\" : \"Google \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a08\u0a28-\u0a07\u0a28 \u0a15\u0a30\u0a4b\"", "\"abc_activity_chooser_view_see_all\" : \"\u0aac\u0aa7\u0ac0 \u0a9c\u0ac1\u0a93\"", "\"common_google_play_services_install_title\" : \"Hent Google Play-tjenester\"", "\"abc_searchview_description_clear\" : \"Cancella query\"", "\"abc_activitychooserview_choose_application\" : \"\u1021\u1000\u103a\u1015\u103a\u1010\u1005\u103a\u1001\u102f\u1000\u102d\u102f \u101b\u103d\u1031\u1038\u101b\u1014\u103a\"", "\"fingerprint_error_hw_not_available\" : \"Hardver za otisak prsta nije dostupan.\"", "\"mtrl_picker_cancel\" : \"\"", "\"fingerprint_error_no_fingerprints\" : \"Non se rexistraron impresi\u00f3ns dixitais.\"", "\"abc_menu_delete_shortcut_label\" : \"CANC\"", "\"common_open_on_phone\" : \"Ireki telefonoan\"", "\"abc_searchview_description_query\" : \"\u0417\u0430\u044f\u0432\u043a\u0430 \u0437\u0430 \u0442\u044a\u0440\u0441\u0435\u043d\u0435\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15\u0b30 \u0b28\u0b42\u0b24\u0b28 \u0b2d\u0b30\u0b4d\u0b38\u0b28\u0b4d\u200c \u0b06\u0b2c\u0b36\u0b4d\u0b5f\u0b15\u0964 \u0b0f\u0b39\u0b3e \u0b28\u0b3f\u0b1c\u0b15\u0b41 \u0b15\u0b3f\u0b1b\u0b3f \u0b38\u0b2e\u0b5f \u0b2e\u0b27\u0b4d\u0b5f\u0b30\u0b47 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b15\u0b30\u0b3f\u0b2c\u0964\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u201eCtrl\u201c +\"", "\"abc_action_bar_up_description\" : \"Sogeza juu\"", "\"common_google_play_services_install_title\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d28\u0d47\u0d1f\u0d41\u0d15\"", "\"abc_menu_space_shortcut_label\" : \"Leertaste\"", "\"default_error_msg\" : \"Tundmatu viga\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043c\u0435\u043d \u0431\u04e9\u043b\u0456\u0441\u0443\"", "\"abc_action_bar_up_description\" : \"Navegar para cima\"", "\"mtrl_picker_date_header_title\" : \"Select a Date\"", "\"common_signin_button_text\" : \"Sign in\"", "\"common_google_play_services_install_button\" : \"Asenna\"", "\"common_google_play_services_install_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google Play.\"", "\"search_menu_title\" : \"\u0936\u094b\u0927\"", "\"common_google_play_services_enable_text\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d \u049b\u043e\u0441\u043f\u0430\u0441\u0430\u04a3\u044b\u0437, %1$s \u0436\u04b1\u043c\u044b\u0441 \u0456\u0441\u0442\u0435\u043c\u0435\u0439\u0434\u0456.\"", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0438\"", "\"mtrl_picker_text_input_date_range_end_hint\" : \"End date\"", "\"abc_action_bar_home_description\" : \"Liigu avalehele\"", "\"common_google_play_services_install_text\" : \"\uae30\uae30\uc5d0 Google Play \uc11c\ube44\uc2a4\uac00 \uc124\uce58\ub418\uc5b4 \uc788\uc5b4\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s sta riscontrando problemi con Google Play Services. Riprova.\"", "\"common_signin_button_text_long\" : \"Ingia katika akaunti ukitumia Google\"", "\"fingerprint_error_lockout\" : \"Demasiados intentos. Vuelve a intentarlo m\u00e1s tarde.\"", "\"abc_action_mode_done\" : \"Klaar\"", "\"common_google_play_services_enable_title\" : \"W\u0142\u0105cz Us\u0142ugi Google Play\"", "\"fingerprint_error_lockout\" : \"Liiga palju katseid. Proovige hiljem uuesti.\"", "\"common_google_play_services_updating_text\" : \"\u049a\u0430\u0437\u0456\u0440\u0433\u0456 \u0443\u0430\u049b\u044b\u0442\u0442\u0430 \u0436\u0430\u04a3\u0430\u0440\u0442\u044b\u043b\u044b\u043f \u0436\u0430\u0442\u049b\u0430\u043d Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0441\u0456\u0437 %1$s \u0456\u0441\u043a\u0435 \u049b\u043e\u0441\u044b\u043b\u043c\u0430\u0439\u0434\u044b.\"", "\"abc_activitychooserview_choose_application\" : \"Veldu forrit\"", "\"abc_menu_delete_shortcut_label\" : \"\u0a2e\u0a3f\u0a1f\u0a3e\u0a13\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u0915\u094b Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u0938\u093e\u0925 \u0938\u092e\u0938\u094d\u092f\u093e \u0906 \u0930\u0939\u0940 \u0939\u0948. \u0915\u0943\u092a\u092f\u093e \u092b\u093f\u0930 \u0938\u0947 \u0915\u094b\u0936\u093f\u0936 \u0915\u0930\u0947\u0902.\"", "\"abc_toolbar_collapse_description\" : \"\u0633\u06a9\u06cc\u0691\u06cc\u06ba\"", "\"abc_capital_off\" : \"\u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dcf\u0dc0\u0dd2\u0dbb\u0dc4\u0dd2\u0dad\u0dba\u0dd2\"", "\"abc_activity_chooser_view_see_all\" : \"Buka konke\"", "\"abc_searchview_description_voice\" : \"\u0541\u0561\u0575\u0576\u0561\u0575\u056b\u0576 \u0578\u0580\u0578\u0576\u0578\u0582\u0574\"", "\"fingerprint_error_user_canceled\" : \"\u0635\u0627\u0631\u0641 \u0646\u06d2 \u0641\u0646\u06af\u0631 \u067e\u0631\u0646\u0679 \u06a9\u06cc \u06a9\u0627\u0631\u0631\u0648\u0627\u0626\u06cc \u0645\u0646\u0633\u0648\u062e \u06a9\u0631 \u062f\u06cc\u06d4\"", "\"abc_activity_chooser_view_see_all\" : \"\u0ec0\u0e9a\u0eb4\u0ec8\u0e87\u0e97\u0eb1\u0e87\u0edd\u0ebb\u0e94\"", "\"common_google_play_services_install_button\" : \"\u0418\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u0458\"", "\"common_google_play_services_enable_button\" : \"\u041e\u043c\u043e\u0433\u0443\u045b\u0438\"", "\"abc_searchview_description_query\" : \"\u0406\u0437\u0434\u0435\u0443 \u0441\u04b1\u0440\u0430\u0443\u044b\"", "\"common_google_play_services_unknown_issue\" : \"%1$s is having trouble with Google Play services. Please try again.\"", "\"common_google_play_services_unknown_issue\" : \"\u0423 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u044b %1$s \u0443\u0437\u043d\u0456\u043a\u043b\u0456 \u043f\u0440\u0430\u0431\u043b\u0435\u043c\u044b \u0441\u0430 \u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0456 Google Play. \u041f\u0430\u045e\u0442\u0430\u0440\u044b\u0446\u0435 \u0441\u043f\u0440\u043e\u0431\u0443.\"", "\"common_google_play_services_unknown_issue\" : \"Det har uppst\u00e5tt ett fel mellan %1$s och Google Play-tj\u00e4nsterna. F\u00f6rs\u00f6k igen.\"", "\"abc_shareactionprovider_share_with\" : \"Megoszt\u00e1s a k\u00f6vetkez\u0151vel:\"", "\"fingerprint_not_recognized\" : \"Doigt non reconnu\"", "\"common_open_on_phone\" : \"Buka di ponsel\"", "\"common_google_play_services_updating_text\" : \"%1$s no s'executar\u00e0 sense Serveis de Google Play, que s'est\u00e0 actualitzant en aquest moment.\"", "\"common_google_play_services_install_title\" : \"\u0410\u0442\u0440\u044b\u043c\u0430\u0446\u044c \u0441\u043b\u0443\u0436\u0431\u044b Google Play\"", "\"confirm_device_credential_password\" : \"Paroldan foydalanish\"", "\"common_google_play_services_install_button\" : \"\u10d8\u10dc\u10e1\u10e2\u10d0\u10da\u10d0\u10ea\u10d8\u10d0\"", "\"common_signin_button_text\" : \"\u0e25\u0e07\u0e0a\u0e37\u0e48\u0e2d\u0e40\u0e02\u0e49\u0e32\u0e43\u0e0a\u0e49\"", "\"fingerprint_not_recognized\" : \"\u672a\u80fd\u8b58\u5225\"", "\"abc_searchview_description_submit\" : \"Thumela umbuzo\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u670d\u52d9\u932f\u8aa4\"", "\"common_google_play_services_update_button\" : \"I-update\"", "\"common_google_play_services_install_button\" : \"Installieren\"", "\"abc_prepend_shortcut_label\" : \"\u0426\u044d\u0441+\"", "\"common_google_play_services_install_text\" : \"I-%1$s ngeke ize iqalise ngaphandle kwamasevisi we-Google Play, angekho kusukela kudivayisi yakho.\"", "\"mtrl_picker_date_header_unselected\" : \"Selected date\"", "\"abc_capital_on\" : \"IESL\u0112GT\"", "\"abc_menu_sym_shortcut_label\" : \"Simbolu tausti\u0146\u0161\u00a0+\"", "\"common_google_play_services_update_button\" : \"C\u1eadp nh\u1eadt\"", "\"abc_menu_function_shortcut_label\" : \"Funktionstaste\u00a0+\"", "\"abc_shareactionprovider_share_with\" : \"\u0ec1\u0e9a\u0ec8\u0e87\u0e9b\u0eb1\u0e99\u0e81\u0eb1\u0e9a\"", "\"common_google_play_services_update_title\" : \"\u200fGoogle Play \u0633\u0631\u0648\u0633\u0632 \u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"abc_toolbar_collapse_description\" : \"\u09b8\u0982\u0995\u09cb\u099a\u09a8 \u0995\u09f0\u0995\"", "\"common_google_play_services_enable_title\" : \"Ativar o Google Play Services\"", "\"abc_menu_ctrl_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200eCtrl+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_action_mode_done\" : \"\u0a39\u0a4b \u0a17\u0a3f\u0a06\"", "\"fingerprint_dialog_touch_sensor\" : \"\u092b\u093c\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0938\u0947\u0902\u0938\u0930 \u0915\u094b \u091b\u0941\u090f\u0902\"", "\"abc_activity_chooser_view_see_all\" : \"\u0dc3\u0dd2\u0dba\u0dbd\u0dca\u0dbd \u0db6\u0dbd\u0db1\u0dca\u0db1\"", "\"common_google_play_services_unsupported_text\" : \"N\u00e3o \u00e9 poss\u00edvel executar o %1$s sem os Servi\u00e7os do Google Play, os quais n\u00e3o s\u00e3o compat\u00edveis com o seu dispositivo.\"", "\"abc_action_bar_home_description\" : \"\u0627\u0644\u062a\u0648\u062c\u0647 \u0625\u0644\u0649 \u0627\u0644\u0645\u0646\u0632\u0644\"", "\"fingerprint_not_recognized\" : \"\u0d24\u0d3f\u0d30\u0d3f\u0d1a\u0d4d\u0d1a\u0d31\u0d3f\u0d1e\u0d4d\u0d1e\u0d3f\u0d32\u0d4d\u0d32\"", "\"abc_shareactionprovider_share_with\" : \"Bagikan dengan\"", "\"abc_menu_space_shortcut_label\" : \"\u0b38\u0b4d\u0b2a\u0b47\u0b38\u0b4d\u200d\"", "\"abc_searchview_description_clear\" : \"Kosongkan pertanyaan\"", "\"abc_action_bar_up_description\" : \"\u179a\u17c6\u1780\u17b7\u179b\u17a1\u17be\u1784\u179b\u17be\"", "\"abc_searchview_description_search\" : \"\u0627\u0644\u0628\u062d\u062b\"", "\"confirm_device_credential_password\" : \"\u0b2a\u0b3e\u0b38\u0b4d\u200c\u0b71\u0b3e\u0b30\u0b4d\u0b21\u0b4d \u0b2c\u0b4d\u0b5f\u0b2c\u0b39\u0b3e\u0b30 \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_signin_button_text_long\" : \"\u0ea5\u0ebb\u0e87\u0e8a\u0eb7\u0ec8\u0ec0\u0e82\u0ebb\u0ec9\u0eb2\u0ec3\u0e8a\u0ec9\u0e94\u0ec9\u0ea7\u0e8d Google\"", "\"common_google_play_services_install_title\" : \"Kunin ang mga serbisyo ng Google Play\"", "\"fingerprint_error_lockout\" : \"P\u0101r\u0101k daudz m\u0113\u0123in\u0101jumu. L\u016bdzu, v\u0113l\u0101k m\u0113\u0123iniet v\u0113lreiz.\"", "\"default_error_msg\" : \"Gabim i panjohur\"", "\"common_google_play_services_enable_button\" : \"Iesp\u0113jot\"", "\"fingerprint_error_lockout\" : \"Terlalu banyak upaya yang gagal. Coba lagi nanti.\"", "\"abc_activity_chooser_view_see_all\" : \"\u09b8\u0995\u09b2\u09cb \u099a\u09be\u0993\u0995\"", "\"common_open_on_phone\" : \"\u092b\u094b\u0928\u0935\u0930 \u0909\u0918\u0921\u093e\"", "\"common_google_play_services_wear_update_text\" : \"Cal una nova versi\u00f3 de Serveis de Google Play. S'actualitzar\u00e0 autom\u00e0ticament aviat.\"", "\"abc_searchview_description_submit\" : \"Pateikti u\u017eklaus\u0105\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0442\u0435\u0440\u0456\u043d\u0456\u04a3 \u049b\u0430\u0442\u0435\u0441\u0456\"", "\"abc_toolbar_collapse_description\" : \"Komprimera\"", "\"common_google_play_services_install_text\" : \"\u0422\u0430\u043d\u044b \u0442\u04e9\u0445\u04e9\u04e9\u0440\u04e9\u043c\u0436\u0438\u0434 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d \u0431\u0430\u0439\u0445\u0433\u04af\u0439 \u0442\u0443\u043b %1$s \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"fingerprint_error_no_fingerprints\" : \"\u00dchtegi s\u00f5rmej\u00e4lge pole registreeritud.\"", "\"abc_searchview_description_clear\" : \"\u0418\u0441\u0447\u0438\u0441\u0442\u0438 \u0431\u0430\u0440\u0430\u045a\u0435\"", "\"fingerprint_error_user_canceled\" : \"Vorgang der Fingerabdruckauthentifizierung vom Nutzer abgebrochen.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u041a\u043e\u0441\u043d\u0438\u0442\u0435\u0441\u044c \u0441\u043a\u0430\u043d\u0435\u0440\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432.\"", "\"abc_action_mode_done\" : \"U krye\"", "\"fingerprint_error_hw_not_available\" : \"Parmak izi donan\u0131m\u0131 kullan\u0131lam\u0131yor.\"", "\"abc_action_mode_done\" : \"Kwenziwe\"", "\"abc_action_bar_home_description\" : \"Orientohu p\u00ebr n\u00eb sht\u00ebpi\"", "\"fingerprint_error_lockout\" : \"\u0422\u044b\u043c \u043a\u04e9\u043f \u04d9\u0440\u0435\u043a\u0435\u0442 \u0436\u0430\u0441\u0430\u043b\u0434\u044b. \u041a\u0435\u0439\u0456\u043d\u0456\u0440\u0435\u043a \u049b\u0430\u0439\u0442\u0430\u043b\u0430\u043f \u043a\u04e9\u0440\u0456\u04a3\u0456\u0437.\"", "\"abc_searchview_description_voice\" : \"Cerca per veu\"", "\"default_error_msg\" : \"Ukendt fejl\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0ca8\u0cca\u0c82\u0ca6\u0cbf\u0c97\u0cc6 \u0cb9\u0c82\u0c9a\u0cbf\u0c95\u0cca\u0cb3\u0ccd\u0cb3\u0cbf\"", "\"clear_text_end_icon_content_description\" : \"Clear text\"", "\"common_google_play_services_install_button\" : \"\u041e\u0440\u043d\u0430\u0442\u0443\"", "\"fingerprint_error_hw_not_present\" : \"\u0b0f\u0b39\u0b3f \u0b21\u0b3f\u0b2d\u0b3e\u0b07\u0b38\u0b4d\u200c\u0b30\u0b47 \u0b06\u0b19\u0b4d\u0b17\u0b41\u0b20\u0b3f \u0b1a\u0b3f\u0b39\u0b4d\u0b28 \u0b38\u0b47\u0b28\u0b38\u0b30\u0b4d\u200c \u0b28\u0b3e\u0b39\u0b3f\u0b01\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u00c0rea de missatge d'ajuda\"", "\"common_google_play_services_update_title\" : \"Mettre \u00e0 jour les services Google Play\"", "\"fingerprint_error_no_fingerprints\" : \"Ni prijavljenih prstnih odtisov.\"", "\"abc_capital_on\" : \"IMEWASHWA\"", "\"abc_activitychooserview_choose_application\" : \"Valitse sovellus\"", "\"fingerprint_error_no_fingerprints\" : \"Sormenj\u00e4lki\u00e4 ei ole lis\u00e4tty.\"", "\"common_google_play_services_wear_update_text\" : \"Vy\u017eaduje sa nov\u00e1 verzia slu\u017eieb Google Play. Aktualizuj\u00fa sa automaticky v\u00a0najbli\u017e\u0161om \u010dase.\"", "\"abc_capital_off\" : \"KAPAT\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0cb9\u0cca\u0cb8 \u0c86\u0cb5\u0cc3\u0ca4\u0ccd\u0ca4\u0cbf \u0c85\u0c97\u0ca4\u0ccd\u0caf\u0cb5\u0cbf\u0ca6\u0cc6. \u0cb8\u0ca6\u0ccd\u0caf\u0ca6\u0cb2\u0ccd\u0cb2\u0cc7 \u0c85\u0ca6\u0cc1 \u0ca4\u0cbe\u0ca8\u0cbe\u0c97\u0cbf\u0caf\u0cc7 \u0c85\u0caa\u0ccd\u200c\u0ca1\u0cc7\u0c9f\u0ccd \u0c86\u0c97\u0cc1\u0ca4\u0ccd\u0ca4\u0ca6\u0cc6.\"", "\"abc_toolbar_collapse_description\" : \"I-collapse\"", "\"generic_error_user_canceled\" : \"\u17a2\u17d2\u1793\u1780\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u200b\u1794\u17b6\u1793\u1794\u17c4\u17c7\u1794\u1784\u17cb\u200b\u1780\u17b6\u179a\u1795\u17d2\u1791\u17c0\u1784\u1795\u17d2\u1791\u17b6\u178f\u17cb\u17a0\u17be\u1799\u17d4\"", "\"common_google_play_services_install_title\" : \"Kry Google Play Dienste\"", "\"common_google_play_services_enable_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d8\u10db\u10e3\u10e8\u10d0\u10d5\u10d4\u10d1\u10e1 Google Play Services-\u10d8\u10e1 \u10e9\u10d0\u10e0\u10d7\u10d5\u10d0\u10db\u10d3\u10d4.\"", "\"abc_action_bar_home_description\" : \"\u041d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u043a\u0435 \u04e9\u0442\u0443\"", "\"common_google_play_services_enable_button\" : \"\u0418\u0448\u0442\u0435\u0442\u04af\u04af\"", "\"fingerprint_error_no_fingerprints\" : \"\u041d\u0435\u0442 \u043e\u0442\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u043e\u0432 \u043f\u0430\u043b\u044c\u0446\u0435\u0432.\"", "\"common_signin_button_text_long\" : \"Meld aan met Google\"", "\"common_google_play_services_updating_text\" : \"%1$s ne mo\u017ee da se pokrene bez Google Play usluga, koje se trenutno a\u017euriraju.\"", "\"common_google_play_services_notification_channel_name\" : \"Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09b8\u09ae\u09c2\u09b9\u09f0 \u0989\u09aa\u09b2\u09ac\u09cd\u09a7\u09a4\u09be\"", "\"common_google_play_services_update_button\" : \"P\u00e4ivit\u00e4\"", "\"abc_search_hint\" : \"Pretra\u017eite...\"", "\"common_google_play_services_notification_ticker\" : \"Ralat perkhidmatan Google Play\"", "\"generic_error_user_canceled\" : \"\u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101e\u1030\u1000 \u1021\u1011\u1031\u102c\u1000\u103a\u1021\u1011\u102c\u1038\u1005\u102d\u1005\u1005\u103a\u1001\u103c\u1004\u103a\u1038\u1000\u102d\u102f \u1015\u101a\u103a\u1016\u103b\u1000\u103a\u1011\u102c\u1038\u101e\u100a\u103a\u104b\"", "\"common_signin_button_text_long\" : \"Sign in with Google\"", "\"abc_capital_on\" : \"\u0423\u0412\u0406\u041c\u041a.\"", "\"confirm_device_credential_password\" : \"Utilitza la contrasenya\"", "\"default_error_msg\" : \"\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u0433\u0440\u0435\u0448\u043a\u0430\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0d35\u0d3f\u0d30\u0d32\u0d1f\u0d2f\u0d3e\u0d33 \u0d38\u0d46\u0d7b\u0d38\u0d7c \u0d38\u0d4d\u200c\u0d2a\u0d7c\u0d36\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3 \u0cb2\u0cad\u0ccd\u0caf\u0ca4\u0cc6\"", "\"abc_capital_off\" : \"\uc0ac\uc6a9 \uc911\uc9c0\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\uacfc(\uc640) \uacf5\uc720\"", "\"abc_shareactionprovider_share_with_application\" : \"Sd\u00edlet s\u00a0aplikac\u00ed %s\"", "\"common_google_play_services_install_title\" : \"In\u0161talova\u0165 slu\u017eby Google Play\"", "\"abc_searchview_description_voice\" : \"Carian suara\"", "\"common_google_play_services_notification_channel_name\" : \"\u0414\u043e\u0441\u0442\u0430\u043f\u043d\u043e\u0441\u0442 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\ub3c4\uc6c0\ub9d0 \uba54\uc2dc\uc9c0 \uc601\uc5ed\"", "\"common_signin_button_text_long\" : \"\u200fGoogle \u06a9\u06d2 \u0633\u0627\u062a\u06be \u0633\u0627\u0626\u0646 \u0627\u0646 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_enable_button\" : \"\u1794\u17be\u1780\"", "\"fingerprint_error_no_fingerprints\" : \"\u0411\u0438\u0440 \u0434\u0430 \u043c\u0430\u043d\u0436\u0430 \u0438\u0437\u0438 \u043a\u0430\u0442\u0442\u0430\u043b\u0433\u0430\u043d \u044d\u043c\u0435\u0441.\"", "\"common_open_on_phone\" : \"\u0641\u062a\u062d \u0639\u0644\u0649 \u0627\u0644\u0647\u0627\u062a\u0641\"", "\"fingerprint_error_lockout\" : \"\u041f\u0440\u0435\u043c\u043d\u043e\u0433\u0443 \u043e\u0431\u0438\u0434\u0438. \u041e\u0431\u0438\u0434\u0435\u0442\u0435 \u0441\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u043f\u043e\u0434\u043e\u0446\u043d\u0430.\"", "\"abc_activitychooserview_choose_application\" : \"\u0395\u03c0\u03b9\u03bb\u03ad\u03be\u03c4\u03b5 \u03bc\u03b9\u03b1 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\"", "\"fingerprint_error_user_canceled\" : \"Pengendalian cap jari dibatalkan oleh pengguna.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0c05\u0c28\u0c4d\u0c28\u0c40 \u0c1a\u0c42\u0c21\u0c02\u0c21\u0c3f\"", "\"abc_searchview_description_query\" : \"\u0418\u0437\u0434\u0435\u043b\u0433\u0435\u043d \u0441\u0443\u0440\u0430\u043c\"", "\"abc_searchview_description_search\" : \"\u134d\u1208\u130b\"", "\"abc_searchview_description_query\" : \"\u0936\u094b\u0927 \u0915\u094d\u0935\u0947\u0930\u0940\"", "\"common_google_play_services_install_button\" : \"I-install\"", "\"common_google_play_services_updating_text\" : \"\u0daf\u0dd0\u0db1\u0da7 \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db8\u0dd2\u0db1\u0dca \u0d87\u0dad\u0dd2, Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 %1$s \u0db0\u0dcf\u0dc0\u0db1\u0dba \u0db1\u0ddc\u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"fingerprint_error_no_fingerprints\" : \"Walang naka-enroll na fingerprint.\"", "\"abc_searchview_description_clear\" : \"Sula inkinga\"", "\"common_google_play_services_update_title\" : \"\u0410\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"common_google_play_services_enable_text\" : \"\u0986\u09aa\u09c1\u09a8\u09bf Google Play \u09b8\u09c7\u09f1\u09be\u09ac\u09cb\u09f0 \u09b8\u0995\u09cd\u09b7\u09ae \u09a8\u0995\u09f0\u09be\u09b2\u09c8\u0995\u09c7 %1$s\u098f \u0995\u09be\u09ae \u09a8\u0995\u09f0\u09bf\u09ac\u0964\"", "\"abc_searchview_description_query\" : \"Mekl\u0113\u0161anas vaic\u0101jums\"", "\"fingerprint_not_recognized\" : \"Identifierades inte\"", "\"common_signin_button_text_long\" : \"Google \u1016\u103c\u1004\u1037\u103a \u101c\u1000\u103a\u1019\u103e\u1010\u103a\u1011\u102d\u102f\u1038\u101d\u1004\u103a\u101b\u1031\"", "\"abc_action_bar_home_description\" : \"Navega fins a la p\u00e0gina d'inici\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u099b\u09be\u09a1\u09bc\u09be %1$s \u099a\u09b2\u09ac\u09c7 \u09a8\u09be, \u09af\u09c7\u099f\u09bf \u0986\u09aa\u09a8\u09be\u09b0 \u09a1\u09bf\u09ad\u09be\u0987\u09b8\u09c7 \u09b8\u09ae\u09b0\u09cd\u09a5\u09bf\u09a4 \u09a8\u09af\u09bc\u09f7\"", "\"abc_searchview_description_query\" : \"Soektognavraag\"", "\"abc_search_hint\" : \"\u0425\u0430\u0439\u0445\u2026\"", "\"fingerprint_error_user_canceled\" : \"Dejanje s prstnim odtisom je preklical uporabnik.\"", "\"common_open_on_phone\" : \"\u200b\u0ec0\u0e9b\u0eb5\u0e94\u200b\u0ec3\u0e99\u200b\u0ec2\u0e97\u200b\u0ea5\u0eb0\u200b\u0eaa\u0eb1\u0e9a\"", "\"default_error_msg\" : \"\u062e\u0637\u0623 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\"", "\"abc_searchview_description_search\" : \"\u0418\u0437\u0434\u04e9\u04e9\"", "\"common_google_play_services_wear_update_text\" : \"C\u1ea7n phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a d\u1ecbch v\u1ee5 Google Play. D\u1ecbch v\u1ee5 s\u1ebd s\u1edbm t\u1ef1 \u0111\u1ed9ng c\u1eadp nh\u1eadt.\"", "\"abc_shareactionprovider_share_with_application\" : \"Jagamine rakendusega %s\"", "\"common_google_play_services_enable_button\" : \"\u0410\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u043d\u0435\"", "\"common_google_play_services_unknown_issue\" : \"%1$s, Google Play hizmetleriyle ilgili sorun ya\u015f\u0131yor. L\u00fctfen tekrar deneyin.\"", "\"fingerprint_dialog_touch_sensor\" : \"Gusa kitambua alama ya kidole\"", "\"abc_activitychooserview_choose_application\" : \"Escolher uma aplica\u00e7\u00e3o\"", "\"abc_shareactionprovider_share_with\" : \"Jaa\u2026\"", "\"common_google_play_services_updating_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062b\u0647\u0627 \u062d\u0627\u0644\u064a\u064b\u0627.\"", "\"fingerprint_error_hw_not_present\" : \"\u098f\u0987 \u09a1\u09bf\u09ad\u09be\u0987\u099a\u099f\u09cb\u09a4 \u09ab\u09bf\u0982\u0997\u09be\u09f0\u09aa\u09cd\u09f0\u09bf\u09a3\u09cd\u099f \u099b\u09c7\u09a8\u09cd\u09b8\u09f0 \u09a8\u09be\u0987\"", "\"fingerprint_not_recognized\" : \"Nie herken nie\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0ab8\u0ab9\u0abe\u0aaf \u0ab8\u0a82\u0aa6\u0ac7\u0ab6\u0aa8\u0ac1\u0a82 \u0a95\u0acd\u0ab7\u0ac7\u0aa4\u0acd\u0ab0\"", "\"common_signin_button_text\" : \"Logi sisse\"", "\"abc_menu_function_shortcut_label\" : \"Funksioni+\"", "unknown personality routine", "\"abc_capital_on\" : \"AN\"", "\"search_menu_title\" : \"S\u00f8k\"", "\"fingerprint_error_lockout\" : \"\u0985\u09a8\u09c7\u0995\u09ac\u09be\u09b0 \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09b0\u09c7\u099b\u09c7\u09a8\u0964 \u09aa\u09b0\u09c7 \u0986\u09ac\u09be\u09b0 \u099a\u09c7\u09b7\u09cd\u099f\u09be \u0995\u09b0\u09c1\u09a8\u0964\"", "\"common_google_play_services_unknown_issue\" : \"%1$s aplikazioak arazoak ditu Google Play zerbitzuekin. Saiatu berriro.\"", "\"generic_error_user_canceled\" : \"Ov\u011b\u0159en\u00ed bylo zru\u0161eno u\u017eivatelem.\"", "\"fingerprint_error_hw_not_available\" : \"\u6307\u7d0b\u8a8d\u8a3c\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\u306f\u4f7f\u7528\u3067\u304d\u307e\u305b\u3093\u3002\"", "\"common_google_play_services_enable_text\" : \"%1$s non funcionar\u00e1 a menos que actives os servizos de Google Play.\"", "\"abc_toolbar_collapse_description\" : \"Sutraukti\"", "\"abc_searchview_description_clear\" : \"\u054b\u0576\u057b\u0565\u056c \u0570\u0561\u0580\u0581\u0578\u0582\u0574\u0568\"", "\"abc_toolbar_collapse_description\" : \"Recolher\"", "\"confirm_device_credential_password\" : \"Uporaba gesla\"", "\"abc_action_mode_done\" : \"Valmis\"", "\"abc_menu_delete_shortcut_label\" : \"\u1230\u122d\u12dd\"", "\"common_google_play_services_update_text\" : \"\u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d7e Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d7e \u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u200c\u0d24\u0d3f\u0d32\u0d4d\u0d32\u0d46\u0d19\u0d4d\u0d15\u0d3f\u0d7d %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32.\"", "\"abc_searchview_description_query\" : \"Upit za pretra\u017eivanje\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Omr\u00e5de med hj\u00e6lpemeddelelse\"", "\"abc_menu_alt_shortcut_label\" : \"Alt+\u200e\"", "\"common_signin_button_text\" : \"\u0633\u0627\u0626\u0646 \u0627\u0646 \u06a9\u0631\u06cc\u06ba\"", "\"fingerprint_error_hw_not_present\" : \"Toto za\u0159\u00edzen\u00ed nem\u00e1 sn\u00edma\u010d otisk\u016f prst\u016f\"", "\"fingerprint_error_no_fingerprints\" : \"Ingen fingeravtrykk er registrert.\"", "\"fingerprint_error_lockout\" : \"\u062a\u0639\u062f\u0627\u062f \u062a\u0644\u0627\u0634\u200c\u0647\u0627 \u0628\u06cc\u0634 \u0627\u0632 \u062d\u062f \u0645\u062c\u0627\u0632 \u0627\u0633\u062a. \u0644\u0637\u0641\u0627\u064b \u0628\u0639\u062f\u0627\u064b \u062f\u0648\u0628\u0627\u0631\u0647 \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0646\u06cc\u062f.\"", "\"abc_activity_chooser_view_see_all\" : \"\u0a38\u0a2d \u0a26\u0a47\u0a16\u0a4b\"", "\"default_error_msg\" : \"\u0646\u0627\u0645\u0639\u0644\u0648\u0645 \u062e\u0631\u0627\u0628\u06cc\"", "\"abc_searchview_description_search\" : \"S\u00f8k\"", "\"abc_action_bar_home_description\" : \"\u067e\u06cc\u0645\u0627\u06cc\u0634 \u0628\u0647 \u0635\u0641\u062d\u0647 \u0627\u0635\u0644\u06cc\"", "\"common_google_play_services_wear_update_text\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u5fc5\u8981\u3067\u3059\u3002\u307e\u3082\u306a\u304f\u81ea\u52d5\u66f4\u65b0\u3055\u308c\u307e\u3059\u3002\"", "\"abc_capital_off\" : \"VALA\"", "\"abc_capital_off\" : \"OFF\"", "\"fingerprint_error_no_fingerprints\" : \"\u0915\u094b\u0923\u0924\u094d\u092f\u093e\u0939\u0940 \u092b\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f\u091a\u0940 \u0928\u094b\u0902\u0926 \u091d\u093e\u0932\u0940 \u0928\u093e\u0939\u0940.\"", "\"fingerprint_error_user_canceled\" : \"Ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 h\u1ee7y thao t\u00e1c d\u00f9ng d\u1ea5u v\u00e2n tay.\"", "\"fingerprint_error_lockout\" : \"Has realizado demasiados intentos. Vuelve a probar m\u00e1s tarde.\"", "\"abc_activity_chooser_view_see_all\" : \"Xem t\u1ea5t c\u1ea3\"", "\"abc_searchview_description_voice\" : \"\u0d38\u0d02\u0d38\u0d3e\u0d30\u0d24\u0d4d\u0d24\u0d3f\u0d32\u0d42\u0d1f\u0d46 \u0d24\u0d3f\u0d30\u0d2f\u0d41\u0d15\"", "\"abc_action_bar_home_description\" : \"Vai ao inicio\"", "\"status_bar_notification_info_overflow\" : \"\u096f\u096f\u096f+\"", "\"common_google_play_services_unknown_issue\" : \"%1$s \u1780\u17c6\u1796\u17bb\u1784\u1798\u17b6\u1793\u1794\u1789\u17d2\u17a0\u17b6\u1787\u17b6\u1798\u17bd\u1799\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u179a\u1794\u179f\u17cb Google Play \u17d4 \u179f\u17bc\u1798\u1796\u17d2\u1799\u17b6\u1799\u17b6\u1798\u1798\u17d2\u178f\u1784\u1791\u17c0\u178f\u1793\u17c5\u1796\u17c1\u179b\u1780\u17d2\u179a\u17c4\u1799\u17d4\"", "\"common_open_on_phone\" : \"\u0bae\u0bca\u0baa\u0bc8\u0bb2\u0bbf\u0bb2\u0bcd \u0ba4\u0bbf\u0bb1\"", "\"fingerprint_error_no_fingerprints\" : \"\u6307\u7d0b\u304c\u767b\u9332\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\"", "\"default_error_msg\" : \"\u062e\u0637\u0627\u06cc \u0646\u0627\u0634\u0646\u0627\u0633\"", "\"common_google_play_services_unsupported_text\" : \"\u200f\u0644\u0646 \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644 %1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u0627\u0644\u062a\u064a \u0644\u0627 \u064a\u0648\u0641\u0631\u0647\u0627 \u062c\u0647\u0627\u0632\u0643.\"", "\"common_signin_button_text\" : \"\u0b89\u0bb3\u0bcd\u0ba8\u0bc1\u0bb4\u0bc8\u0b95\"", "\"abc_capital_off\" : \"UIT\"", "\"common_google_play_services_updating_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida praegu v\u00e4rskendatakse.\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0433\u043e\u0440\u0443\"", "\"common_google_play_services_update_button\" : \"\u66f4\u65b0\"", "\"abc_searchview_description_voice\" : \"Wyszukiwanie g\u0142osowe\"", "\"common_google_play_services_unsupported_text\" : \"Cihaz\u0131n\u0131z t\u0259r\u0259find\u0259n d\u0259st\u0259kl\u0259nm\u0259y\u0259n Google Play xidm\u0259tl\u0259ri olmadan %1$s t\u0259tbiqi i\u015fl\u0259m\u0259y\u0259c\u0259k.\"", "\"abc_capital_on\" : \"A\u00c7\"", "\"abc_menu_space_shortcut_label\" : \"\u7a7a\u683c\u952e\"", "\"common_google_play_services_enable_title\" : \"Activa Serveis de Google Play\"", "\"abc_activitychooserview_choose_application\" : \"Pilih apl\"", "\"abc_searchview_description_query\" : \"\uac80\uc0c9\uc5b4\"", "\"search_menu_title\" : \"\u641c\u5c0b\"", "\"common_google_play_services_unsupported_text\" : \"Aplikacija %1$s ne\u0107e raditi bez Google Play usluga, koje va\u0161 ure\u0111aj ne podr\u017eava.\"", "\"abc_action_bar_up_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432\u0432\u0435\u0440\u0445\"", "\"common_open_on_phone\" : \"\u0423\u0442\u0441\u0430\u0430\u0440 \u043d\u044d\u044d\u0445\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u670d\u52d9\u767c\u751f\u932f\u8aa4\"", "\"fingerprint_error_hw_not_present\" : \"Cet appareil ne poss\u00e8de pas de capteur d'empreintes digitales\"", "\"default_error_msg\" : \"\u0e84\u0ea7\u0eb2\u0ea1\u0e9c\u0eb4\u0e94\u0e9e\u0eb2\u0e94\u0e97\u0eb5\u0ec8\u0e9a\u0ecd\u0ec8\u0eae\u0eb9\u0ec9\u0e88\u0eb1\u0e81\"", "\"common_google_play_services_enable_text\" : \"\u0924\u0941\u092e\u094d\u0939\u0940 Google Play \u0938\u0947\u0935\u093e \u0938\u0915\u094d\u0937\u092e \u0915\u0947\u0932\u094d\u092f\u093e\u0936\u093f\u0935\u093e\u092f %1$s \u0939\u093e \u0905\u200d\u0945\u092a \u0915\u093e\u0930\u094d\u092f \u0915\u0930\u0923\u093e\u0930 \u0928\u093e\u0939\u0940.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s s\u1ebd kh\u00f4ng ch\u1ea1y n\u1ebfu kh\u00f4ng c\u00f3 c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Google Play. Thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n kh\u00f4ng h\u1ed7 tr\u1ee3 c\u00e1c d\u1ecbch v\u1ee5 n\u00e0y.\"", "\"abc_toolbar_collapse_description\" : \"Runtuhkan\"", "\"abc_capital_off\" : \"IZKLOP\"", "\"fingerprint_dialog_touch_sensor\" : \"Fingerabdrucksensor ber\u00fchren\"", "\"abc_capital_on\" : \"AKT\u0130V\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u06a9\u0647 \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0645\u0627 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0646\u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u062c\u0631\u0627 \u0646\u062e\u0648\u0627\u0647\u062f \u0634\u062f.\"", "\"fingerprint_error_no_fingerprints\" : \"Ez da erregistratu hatz-markarik.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s-\u10e1 Google Play Services-\u10d7\u10d0\u10dc \u10de\u10e0\u10dd\u10d1\u10da\u10d4\u10db\u10d0 \u10e8\u10d4\u10d4\u10e5\u10db\u10dc\u10d0. \u10d2\u10d7\u10ee\u10dd\u10d5\u10d7, \u10ea\u10d0\u10d3\u10dd\u10d7 \u10ee\u10d4\u10da\u10d0\u10ee\u10da\u10d0.\"", "\"abc_searchview_description_search\" : \"\u0406\u0437\u0434\u0435\u0443\"", "\"search_menu_title\" : \"S\u00f8g\"", "\"common_signin_button_text_long\" : \"Logg p\u00e5 med Google\"", "\"common_google_play_services_update_button\" : \"Atualizar\"", "\"fingerprint_error_no_fingerprints\" : \"\u0e9a\u0ecd\u0ec8\u0ea1\u0eb5\u0e81\u0eb2\u0e99\u0ea5\u0ebb\u0e87\u0e97\u0eb0\u0e9a\u0ebd\u0e99\u0ea5\u0eb2\u0e8d\u0e99\u0eb4\u0ec9\u0ea7\u0ea1\u0eb7.\"", "\"common_google_play_services_install_button\" : \"Telep\u00edt\u00e9s\"", "\"common_open_on_phone\" : \"\u00d6ppna p\u00e5 mobilen\"", "\"fingerprint_error_lockout\" : \"\u0422\u0432\u044a\u0440\u0434\u0435 \u043c\u043d\u043e\u0433\u043e \u043e\u043f\u0438\u0442\u0438. \u041c\u043e\u043b\u044f, \u043e\u043f\u0438\u0442\u0430\u0439\u0442\u0435 \u043e\u0442\u043d\u043e\u0432\u043e \u043f\u043e-\u043a\u044a\u0441\u043d\u043e.\"", "\"abc_menu_delete_shortcut_label\" : \"delete\"", "\"abc_action_bar_up_description\" : \"\u0a89\u0aaa\u0ab0 \u0aa8\u0ac5\u0ab5\u0abf\u0a97\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_enable_button\" : \"Habilitar\"", "\"confirm_device_credential_password\" : \"\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631\"", "\"fingerprint_dialog_touch_sensor\" : \"Dodirnite senzor otiska prsta\"", "\"abc_shareactionprovider_share_with\" : \"Yabelana no\"", "\"common_google_play_services_install_title\" : \"Lortu Google Play zerbitzuak\"", "\"common_google_play_services_enable_title\" : \"Aktivera Google Play-tj\u00e4nster\"", "\"common_google_play_services_unsupported_text\" : \"Aplikacija %1$s ne deluje brez storitev Google Play, ki jih va\u0161a naprava ne podpira.\"", "\"common_google_play_services_enable_title\" : \"Omogu\u0107ite Google Play usluge\"", "\"fingerprint_error_user_canceled\" : \"\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u17b7\u1780\u17b6\u179a\u200b\u179f\u17d2\u1793\u17b6\u1798\u200b\u1798\u17d2\u179a\u17b6\u1798\u200b\u178a\u17c3\u200b\u178f\u17d2\u179a\u17bc\u179c\u200b\u1794\u17b6\u1793\u200b\u1794\u17c4\u17c7\u200b\u1794\u1784\u17cb\u200b\u178a\u17c4\u1799\u200b\u17a2\u17d2\u1793\u1780\u200b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u17d4\"", "\"common_signin_button_text\" : \"\ub85c\uadf8\uc778\"", "\"common_google_play_services_notification_channel_name\" : \"Availability ng serbisyo ng Google Play\"", "\"common_google_play_services_updating_text\" : \"%1$s \u10d5\u10d4\u10e0 \u10d2\u10d0\u10d4\u10e8\u10d5\u10d4\u10d1\u10d0 Google Play Services-\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4, \u10e0\u10dd\u10db\u10d4\u10da\u10d7\u10d0 \u10d2\u10d0\u10dc\u10d0\u10ee\u10da\u10d4\u10d1\u10d0\u10ea \u10d0\u10db\u10df\u10d0\u10db\u10d0\u10d3 \u10db\u10d8\u10db\u10d3\u10d8\u10dc\u10d0\u10e0\u10d4\u10dd\u10d1\u10e1.\"", "\"fingerprint_error_lockout\" : \"Te veel pogingen. Probeer het later opnieuw.\"", "\"fingerprint_error_user_canceled\" : \"Vingerafdrukverificatie geannuleerd door gebruiker.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u12e8\u12a5\u1308\u12db \u1218\u120d\u12d5\u12ad\u1275 \u12a0\u12ab\u1263\u1262\"", "\"common_google_play_services_unknown_issue\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0cb2\u0ccd\u0cb2\u0cbf %1$s \u0cb8\u0cae\u0cb8\u0ccd\u0caf\u0cc6\u0caf\u0ca8\u0ccd\u0ca8\u0cc1 \u0cb9\u0cca\u0c82\u0ca6\u0cbf\u0ca6\u0cc6. \u0ca6\u0caf\u0cb5\u0cbf\u0c9f\u0ccd\u0c9f\u0cc1 \u0cae\u0ca4\u0ccd\u0ca4\u0cc6 \u0caa\u0ccd\u0cb0\u0caf\u0ca4\u0ccd\u0ca8\u0cbf\u0cb8\u0cbf.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play xidm\u0259tl\u0259rinin yeni versiyas\u0131 laz\u0131md\u0131r. Q\u0131sa m\u00fcdd\u0259t\u0259 \u00f6z\u00fcn\u00fc yenil\u0259y\u0259c\u0259k.\"", "\"abc_menu_space_shortcut_label\" : \"\u12ad\u134d\u1270\u1275\"", "\"abc_activitychooserview_choose_application\" : \"Selecciona una aplicaci\u00f3\"", "\"abc_action_mode_done\" : \"\u09b9\u09af\u09bc\u09c7 \u0997\u09c7\u099b\u09c7\"", "\"generic_error_user_canceled\" : \"Kimlik do\u011frulama kullan\u0131c\u0131 taraf\u0131ndan iptal edildi.\"", "\"abc_searchview_description_submit\" : \"D\u00ebrgo pyetjen\"", "\"search_menu_title\" : \"\u0627\u0644\u0628\u062d\u062b\"", "\"common_google_play_services_install_title\" : \"Google Play \u09aa\u09b0\u09bf\u09b7\u09c7\u09ac\u09be \u09aa\u09be\u09a8\"", "\"abc_shareactionprovider_share_with\" : \"Compartir con\"", "\"common_signin_button_text_long\" : \"\u1260Google \u12ed\u130d\u1261\"", "\"fingerprint_error_lockout\" : \"T\u00fal sok pr\u00f3b\u00e1lkoz\u00e1s. Pr\u00f3b\u00e1lja \u00fajra k\u00e9s\u0151bb.\"", "\"generic_error_user_canceled\" : \"Godkendelsen er annulleret af brugeren.\"", "\"common_google_play_services_update_button\" : \"\u0428\u0438\u043d\u044d\u0447\u043b\u044d\u0445\"", "\"abc_action_menu_overflow_description\" : \"T\u00f9y ch\u1ecdn kh\u00e1c\"", "\"fingerprint_error_user_canceled\" : \"Fingeravtrykk-operasjonen ble avbrutt av brukeren.\"", "\"abc_searchview_description_submit\" : \"\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\"", "\"common_google_play_services_enable_button\" : \"Activar\"", "\"common_google_play_services_install_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida teie seadmes pole.\"", "\"search_menu_title\" : \"Sesha\"", "\"common_signin_button_text\" : \"Iniciar sess\u00e3o\"", "\"mtrl_exceed_max_badge_number_suffix\" : \"%1$d%2$s\"", "\"abc_menu_delete_shortcut_label\" : \"sil\"", "\"abc_searchview_description_submit\" : \"Enviar consulta\"", "\"common_google_play_services_wear_update_text\" : \"Potrebna je nova verzija Google Play usluga. Uskoro \u0107e se a\u017eurirati.\"", "\"fingerprint_error_user_canceled\" : \"O usuario cancelou a operaci\u00f3n da impresi\u00f3n dixital.\"", "\"abc_menu_space_shortcut_label\" : \"spacja\"", "\"fingerprint_not_recognized\" : \"Nav atpaz\u012bts\"", "\"icon_content_description\" : \"Dialog Icon\"", "\"confirm_device_credential_password\" : \"\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0630\u0631\u0648\u0627\u0698\u0647\"", "\"abc_shareactionprovider_share_with_application\" : \"\u4f7f\u7528\u300c%s\u300d\u5206\u4eab\"", "\"fingerprint_error_hw_not_present\" : \"\u12ed\u1205 \u1218\u1223\u122a\u12eb \u12e8\u1323\u1275 \u12a0\u123b\u122b \u12f3\u1233\u123d \u12e8\u1208\u12cd\u121d\"", "\"fingerprint_error_hw_not_present\" : \"Ovaj ure\u0111aj nema senzor otiska prsta\"", "\"common_google_play_services_install_text\" : \"Hindi gagana ang %1$s nang wala ang mga serbisyo ng Google Play na wala sa iyong device.\"", "\"abc_capital_on\" : \"ACTIVA\"", "\"abc_toolbar_collapse_description\" : \"\u0416\u044b\u0439\u044b\u0448\u0442\u044b\u0440\u0443\u0443\"", "\"abc_action_bar_up_description\" : \"\u1021\u1015\u1031\u102b\u103a\u101e\u102d\u102f\u1037 \u101b\u103d\u103e\u1031\u1037\u101b\u1014\u103a\"", "\"abc_action_mode_done\" : \"Termin\u00e9\"", "\"common_google_play_services_updating_text\" : \"%1$s, \u015fu anda g\u00fcncellenmekte olan Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz.\"", "\"common_google_play_services_unsupported_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi hazitumiki kwenye kifaa chako.\"", "\"fingerprint_error_hw_not_available\" : \"Izingxenyekazi zekhompuyutha zezingxivizo zeminwe azitholakali.\"", "\"common_google_play_services_update_button\" : \"\u0395\u03bd\u03b7\u03bc\u03ad\u03c1\u03c9\u03c3\u03b7\"", "\"abc_action_bar_home_description\" : \"\u0411\u0430\u0448\u043a\u044b \u0431\u0435\u0442\u043a\u0435 \u0447\u0430\u0431\u044b\u0442\u0442\u043e\u043e\"", "\"abc_prepend_shortcut_label\" : \"Menu +\"", "\"abc_menu_alt_shortcut_label\" : \"Alt+\"", "\"abc_searchview_description_query\" : \"\u0916\u094b\u091c \u092a\u094d\u0930\u0936\u094d\u0928\"", "\"common_google_play_services_notification_channel_name\" : \"\u041d\u0430\u043b\u0438\u0447\u043d\u043e\u0441\u0442 \u043d\u0430 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play\"", "\"common_google_play_services_update_text\" : \"\u0ca8\u0cc0\u0cb5\u0cc1 Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0ca8\u0cb5\u0cc0\u0c95\u0cb0\u0cbf\u0cb8\u0ca6 \u0cb9\u0cca\u0cb0\u0ca4\u0cc1 %1$s \u0cb0\u0ca8\u0ccd \u0c86\u0c97\u0cc1\u0cb5\u0cc1\u0ca6\u0cbf\u0cb2\u0ccd\u0cb2.\"", "\"fingerprint_error_hw_not_available\" : \"\u0b06\u0b19\u0b4d\u0b17\u0b41\u0b20\u0b3f \u0b1a\u0b3f\u0b39\u0b4d\u0b28 \u0b39\u0b3e\u0b30\u0b4d\u0b21\u0b71\u0b47\u0b30\u0b4d\u200d \u0b09\u0b2a\u0b32\u0b2c\u0b4d\u0b27 \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_update_title\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d \u0436\u0430\u04a3\u044b\u0440\u0442\u0443\u0443\"", "\"abc_searchview_description_query\" : \"Zoekopdracht\"", "\"common_google_play_services_update_text\" : \"%1$s \u0924\u092a\u093e\u0908\u0902\u0932\u0947 Google \u092a\u094d\u0932\u0947 \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0905\u0926\u094d\u092f\u093e\u0935\u0927\u093f\u0915 \u0928\u0917\u0930\u0947\u0938\u092e\u094d\u092e \u0938\u091e\u094d\u091a\u093e\u0932\u0928 \u0939\u0941\u0901\u0926\u0948\u0928\u0964\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Lugar ng mensahe ng tulong\"", "\"common_google_play_services_updating_text\" : \"%1$s haitafanya kazi bila huduma za Google Play. Huduma hizi zinasasishwa sasa.\"", "\"abc_prepend_shortcut_label\" : \"Meny+\"", "\"abc_shareactionprovider_share_with_application\" : \"Mit %s teilen\"", "\"common_signin_button_text_long\" : \"Prijavi se pomo\u0107u Googlea\"", "\"abc_action_mode_done\" : \"Selesai\"", "\"fingerprint_dialog_touch_sensor\" : \"Tryck p\u00e5 fingeravtryckssensorn\"", "\"abc_searchview_description_search\" : \"\u641c\u7d22\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u09b8\u09b9\u09be\u09af\u09bc \u09ac\u09be\u09f0\u09cd\u09a4\u09be\u09f0 \u0995\u09cd\u09b7\u09c7\u09a4\u09cd\u09f0\"", "\"abc_searchview_description_clear\" : \"\u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\u0c28\u0c41 \u0c24\u0c40\u0c38\u0c3f\u0c35\u0c47\u0c38\u0c4d\u0c24\u0c41\u0c02\u0c26\u0c3f\"", "unsupported arm register", "\"abc_action_menu_overflow_description\" : \"Ezinye izinketho\"", "\"fingerprint_error_user_canceled\" : \"\u4f7f\u7528\u8005\u5df2\u53d6\u6d88\u6307\u7d0b\u9a57\u8b49\u4f5c\u696d\u3002\"", "\"abc_menu_enter_shortcut_label\" : \"\u0412\u0432\u043e\u0434\"", "\"common_signin_button_text\" : \"\u10e8\u10d4\u10e1\u10d5\u10da\u10d0\"", "\"abc_searchview_description_submit\" : \"\u0eaa\u0ebb\u0ec8\u0e87\u0e82\u0ecd\u0ec9\u0ea1\u0eb9\u0e99\"", "\"status_bar_notification_info_overflow\" : \"\u1049\u1049\u1049+\"", "\"fingerprint_error_hw_not_present\" : \"\u6b64\u88dd\u7f6e\u6c92\u6709\u6307\u7d0b\u611f\u61c9\u5668\"", "\"abc_shareactionprovider_share_with_application\" : \"Comparte contido coa aplicaci\u00f3n %s\"", "\"abc_searchview_description_query\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458 \u0431\u0430\u0440\u0430\u045a\u0435\"", "\"abc_activity_chooser_view_see_all\" : \"Kuva k\u00f5ik\"", "\"abc_menu_ctrl_shortcut_label\" : \"Vad\u012b\u0161anas tausti\u0146\u0161\u00a0+\"", "\"common_google_play_services_notification_channel_name\" : \"Google\u00a0Play pakalpojumu pieejam\u012bba\"", "\"common_signin_button_text\" : \"\u101c\u1000\u103a\u1019\u103e\u1010\u103a\u1011\u102d\u102f\u1038 \u101d\u1004\u103a\u101b\u1014\u103a\"", "\"abc_activitychooserview_choose_application\" : \"\u0c86\u0ccd\u0caf\u0caa\u0ccd\u200c\u0cb5\u0cca\u0c82\u0ca6\u0ca8\u0ccd\u0ca8\u0cc1 \u0c86\u0caf\u0ccd\u0c95\u0cc6\u0cae\u0cbe\u0ca1\u0cbf\"", "\"common_google_play_services_enable_title\" : \"Aktivizo sh\u00ebrbimet e \"Luaj me Google\"\"", "\"abc_action_menu_overflow_description\" : \"\u0e15\u0e31\u0e27\u0e40\u0e25\u0e37\u0e2d\u0e01\u0e2d\u0e37\u0e48\u0e19\"", "\"fingerprint_error_no_fingerprints\" : \"\u041d\u044f\u043c\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u0430\u043d\u0438 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u044a\u0446\u0438.\"", "\"common_google_play_services_enable_button\" : \"\u041e\u0432\u043e\u0437\u043c\u043e\u0436\u0438\"", "\"common_google_play_services_unsupported_text\" : \"Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1000\u102d\u102f \u101e\u1004\u1037\u103a\u1005\u1000\u103a\u1015\u1005\u1039\u1005\u100a\u103a\u1038\u1010\u103d\u1004\u103a \u1015\u1036\u1037\u1015\u102d\u102f\u1038\u1019\u1011\u102c\u1038\u101e\u100a\u1037\u103a\u1021\u1010\u103d\u1000\u103a \u104e\u1004\u103a\u1038\u1019\u101b\u103e\u102d\u1018\u1032 %1$s \u1000\u102d\u102f \u1016\u103d\u1004\u1037\u103a\u104d\u1019\u101b\u1015\u102b\u104b\"", "\"common_google_play_services_unsupported_text\" : \"%1$s no es pot executar sense Serveis de Google Play, que no \u00e9s compatible amb el teu dispositiu.\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u043a\u0443\u043f\u0438\"", "\"common_google_play_services_update_title\" : \"\u200f\u202b\u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "\"mtrl_picker_save\" : \"Save\"", "\"abc_action_mode_done\" : \"Hotovo\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0915\u0930\u0947\u0902\"", "\"abc_searchview_description_submit\" : \"G\u1eedi truy v\u1ea5n\"", "\"generic_error_user_canceled\" : \"Ukugunyaza kukhanselwe umsebenzisi.\"", "\"abc_activitychooserview_choose_application\" : \"Pasirinkite program\u0105\"", "\"abc_action_mode_done\" : \"\u0413\u0430\u0442\u043e\u0432\u0430\"", "\"fingerprint_error_lockout\" : \"\u06a9\u0627\u0641\u06cc \u0632\u06cc\u0627\u062f\u06c1 \u06a9\u0648\u0634\u0634\u06cc\u06ba\u06d4 \u0628\u0631\u0627\u06c1 \u06a9\u0631\u0645 \u0628\u0639\u062f \u0645\u06cc\u06ba \u062f\u0648\u0628\u0627\u0631\u06c1 \u06a9\u0648\u0634\u0634 \u06a9\u0631\u06cc\u06ba\u06d4\"", "\"common_google_play_services_enable_button\" : \"\u0423\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438\"", "\"abc_activity_chooser_view_see_all\" : \"Zobrazit v\u0161e\"", "\"default_error_msg\" : \"Tuntematon virhe\"", "\"common_google_play_services_install_title\" : \"Google Play \u0938\u0947\u0935\u093e\u090f\u0902 \u0907\u0902\u0938\u094d\u091f\u0949\u0932 \u0915\u0930\u0947\u0902\"", "\"common_open_on_phone\" : \"Abrir en tel\u00e9fono\"", "\"abc_shareactionprovider_share_with_application\" : \"Deila me\u00f0 %s\"", "\"common_google_play_services_install_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem vantar \u00ed t\u00e6ki\u00f0 \u00feitt.\"", "\"abc_search_hint\" : \"S\u00f6k \u2026\"", "\"abc_action_bar_home_description\" : \"P\u0101rvietoties uz s\u0101kuma ekr\u0101nu\"", "\"abc_activitychooserview_choose_application\" : \"Velg en app\"", "\"abc_search_hint\" : \"\u10eb\u10d8\u10d4\u10d1\u10d0\u2026\"", "\"common_google_play_services_enable_text\" : \"I-%1$s ngeke isebenze ngaphandle kokuthi unike amandla amasevisi we-Google Play.\"", "\"fingerprint_error_hw_not_present\" : \"Bu qurilmada barmoq izi skaneri yo\u2018q\"", "\"common_open_on_phone\" : \"\u00c5pne p\u00e5 telefonen\"", "\"abc_action_bar_home_description\" : \"\u041d\u0430\u0432\u0438\u0433\u0438\u0440\u0430\u043d\u0435 \u043a\u044a\u043c \u043d\u0430\u0447\u0430\u043b\u043d\u0438\u044f \u0435\u043a\u0440\u0430\u043d\"", "\"common_google_play_services_update_title\" : \"C\u1eadp nh\u1eadt d\u1ecbch v\u1ee5 c\u1ee7a Google Play\"", "\"common_google_play_services_update_button\" : \"\u0539\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u056c\"", "\"abc_menu_function_shortcut_label\" : \"Funksiya+\"", "\"fingerprint_error_lockout\" : \"Demasiadas tentativas. Tente novamente mais tarde.\"", "\"common_google_play_services_install_button\" : \"\u5b89\u88dd\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0938\u0947\u0935\u093e \u0938\u0941\u0930\u0942 \u0915\u0930\u093e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u178a\u17c4\u1799\u1782\u17d2\u1798\u17b6\u1793\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798\u179a\u1794\u179f\u17cb Google Play \u178a\u17c2\u179b\u17a7\u1794\u1780\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u1798\u17b7\u1793\u1782\u17b6\u17c6\u1791\u17d2\u179a\u1793\u17c4\u17c7\u1791\u17c1\u17d4\"", "\"abc_searchview_description_clear\" : \"\u0218terge\u021bi interogarea\"", "\"common_google_play_services_wear_update_text\" : \"Potrebujete novo razli\u010dico storitev Google Play. V kratkem se bodo posodobile.\"", "\"abc_action_bar_up_description\" : \"Desplazarse hacia arriba\"", "\"fingerprint_error_lockout\" : \"\u0417\u0430\u043d\u0430\u0434\u0442\u0430 \u0448\u043c\u0430\u0442 \u0441\u043f\u0440\u043e\u0431. \u041f\u0430\u045e\u0442\u0430\u0440\u044b\u0446\u0435 \u0441\u043f\u0440\u043e\u0431\u0443 \u043f\u0430\u0437\u043d\u0435\u0439.\"", "\"common_signin_button_text\" : \"Skr\u00e1 inn\"", "\"common_google_play_services_update_text\" : \"\u201e%1$s\u201c nebus paleid\u017eiama, jei neatnaujinsite \u201eGoogle Play\u201c paslaug\u0173.\"", "\"fingerprint_error_hw_not_available\" : \"Hardwaren til fingeraftryk er ikke tilg\u00e6ngelig.\"", "\"abc_menu_sym_shortcut_label\" : \"\u201eSym\u201c +\"", "\"abc_toolbar_collapse_description\" : \"\u05db\u05d9\u05d5\u05d5\u05e5\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b \u057d\u056d\u0561\u056c \u056f\u0561\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf\u0dc0\u0dbd \u0db1\u0dc0 \u0d85\u0db1\u0dd4\u0dc0\u0dcf\u0daf\u0dba\u0d9a\u0dca \u0d85\u0dc0\u0dc1\u0dca\u200d\u0dba\u0dba\u0dd2. \u0d91\u0dba \u0db8\u0daf \u0dc0\u0dda\u0dbd\u0dcf\u0dc0\u0d9a\u0dd2\u0db1\u0dca \u0d91\u0dba \u0dc0\u0dd2\u0dc3\u0dd2\u0db1\u0dca\u0db8 \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0dc0\u0db1\u0dd4 \u0d87\u0dad.\"", "\"common_google_play_services_update_button\" : \"\u0627\u067e \u0688\u06cc\u0679 \u06a9\u0631\u06cc\u06ba\"", "\"common_google_play_services_update_title\" : \"Google Play teenuste v\u00e4rskendamine\"", "\"abc_prepend_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200eMenu+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_install_text\" : \"%1$s \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u044a\u043b\u043d\u044f\u0432\u0430, \u0442\u044a\u0439 \u043a\u0430\u0442\u043e \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u0437\u0430 Google Play \u043d\u0435 \u0441\u0430 \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u0442\u043e \u0432\u0438.\"", "\"abc_toolbar_collapse_description\" : \"\u053e\u0561\u056c\u0565\u056c\"", "\"abc_search_hint\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0443\u0432\u0430\u045a\u0435\u2026\"", "\"fingerprint_error_user_canceled\" : \"\u4f7f\u7528\u8005\u5df2\u53d6\u6d88\u6307\u7d0b\u64cd\u4f5c\u3002\"", "\"confirm_device_credential_password\" : \"\ube44\ubc00\ubc88\ud638 \uc0ac\uc6a9\"", "\"common_google_play_services_enable_text\" : \"%1$s ne fonctionnera pas tant que vous n'aurez pas activ\u00e9 les services Google\u00a0Play.\"", "\"common_signin_button_text\" : \"Inicia sessi\u00f3\"", "\"common_google_play_services_notification_ticker\" : \"\u0e02\u0e49\u0e2d\u0e1c\u0e34\u0e14\u0e1e\u0e25\u0e32\u0e14\u0e02\u0e2d\u0e07\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\uc804\uccb4 \ubcf4\uae30\"", "\"common_google_play_services_notification_ticker\" : \"\u0413\u0440\u0435\u0448\u043a\u0430 Google Play \u0443\u0441\u043b\u0443\u0433\u0430\"", "\"common_google_play_services_notification_ticker\" : \"Google Play zerbitzuen errorea\"", "\"fingerprint_not_recognized\" : \"\u099a\u09bf\u09a8\u09be\u0995\u09cd\u09a4 \u0995\u09f0\u09bf\u09ac \u09aa\u09f0\u09be \u09a8\u09be\u0987\"", "\"abc_shareactionprovider_share_with\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u0438 \u0441\u043e\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ei toimi ilman Google Play Palveluita, joita laitteesi ei tue.\"", "\"abc_menu_function_shortcut_label\" : \"Fn+\"", "\"fingerprint_error_lockout\" : \"\u5c1d\u8bd5\u6b21\u6570\u8fc7\u591a\uff0c\u8bf7\u7a0d\u540e\u91cd\u8bd5\u3002\"", "\"fingerprint_dialog_touch_sensor\" : \"Tocca sensore impronte digitali\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ka probleme me sh\u00ebrbimet e Google Play. Provo s\u00ebrish.\"", "\"fingerprint_error_lockout\" : \"P\u0159\u00edli\u0161 mnoho pokus\u016f. Zkuste to pozd\u011bji.\"", "\"abc_activity_chooser_view_see_all\" : \"\u1021\u102c\u1038\u101c\u102f\u1036\u1038 \u1000\u103c\u100a\u1037\u103a\u101b\u1014\u103a\"", "\"abc_menu_meta_shortcut_label\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200eMeta+\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"abc_searchview_description_query\" : \"Busca a consulta\"", "\"abc_activity_chooser_view_see_all\" : \"\u0633\u0628\u06be\u06cc \u062f\u06cc\u06a9\u06be\u06cc\u06ba\"", "\"abc_menu_alt_shortcut_label\" : \"Alt +\"", "\"abc_searchview_description_voice\" : \"\u10ee\u10db\u10dd\u10d5\u10d0\u10dc\u10d8 \u10eb\u10d8\u10d4\u10d1\u10d0\"", "\"abc_action_menu_overflow_description\" : \"\u0411\u0456\u043b\u044c\u0448\u0435 \u043e\u043f\u0446\u0456\u0439\"", "\"abc_searchview_description_voice\" : \"\u062c\u0633\u062a\u062c\u0648\u06cc \u06af\u0641\u062a\u0627\u0631\u06cc\"", "\"common_google_play_services_update_title\" : \"\u0395\u03bd\u03b7\u03bc\u03ad\u03c1\u03c9\u03c3\u03b7 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03b9\u03ce\u03bd Google Play\"", "\"abc_action_bar_up_description\" : \"Przejd\u017a wy\u017cej\"", "\"abc_searchview_description_voice\" : \"\u12e8\u12f5\u121d\u133d \u134d\u1208\u130b\"", "\"fingerprint_error_hw_not_present\" : \"Este dispositivo non ten sensor de impresi\u00f3n dixital\"", "\"common_google_play_services_enable_button\" : \"Aktiveer\"", "/usr/local/google/buildbot/src/android/ndk-release-r21/external/libcxx/../../external/libunwind_llvm/src/UnwindCursor.hpp", "\"default_error_msg\" : \"\u0e02\u0e49\u0e2d\u0e1c\u0e34\u0e14\u0e1e\u0e25\u0e32\u0e14\u0e17\u0e35\u0e48\u0e44\u0e21\u0e48\u0e23\u0e39\u0e49\u0e08\u0e31\u0e01\"", "\"abc_search_hint\" : \"\u0916\u094b\u091c\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u2026\"", "\"fingerprint_error_user_canceled\" : \"\u0410\u045e\u0442\u044d\u043d\u0442\u044b\u0444\u0456\u043a\u0430\u0446\u044b\u044f \u043f\u0430 \u0430\u0434\u0431\u0456\u0442\u043a\u0430\u0445 \u043f\u0430\u043b\u044c\u0446\u0430\u045e \u0441\u043a\u0430\u0441\u0430\u0432\u0430\u043d\u0430 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u043b\u044c\u043d\u0456\u043a\u0430\u043c.\"", "\"abc_toolbar_collapse_description\" : \"\uc811\uae30\"", "\"common_google_play_services_notification_ticker\" : \"Google Play Tjenester-feil\"", "\"fingerprint_error_lockout\" : \"\u0905\u0924\u094d\u092f\u0927\u093f\u0915 \u092a\u091f\u0915 \u092a\u094d\u0930\u092f\u093e\u0938\u0939\u0930\u0942 \u0917\u0930\u093f\u090f\u0964 \u0915\u0943\u092a\u092f\u093e \u092a\u091b\u093f \u092b\u0947\u0930\u093f \u092a\u094d\u0930\u092f\u093e\u0938 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\u0964\"", "\"abc_searchview_description_search\" : \"Iskanje\"", "\"common_google_play_services_wear_update_text\" : \"Eine neue Version der Google Play-Dienste wird ben\u00f6tigt. Diese wird in K\u00fcrze automatisch aktualisiert.\"", "\"common_google_play_services_notification_channel_name\" : \"\u179b\u1791\u17d2\u1792\u1797\u17b6\u1796\u200b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"common_google_play_services_unsupported_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0a9a\u0abe\u0ab2\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0aa4\u0aae\u0abe\u0ab0\u0abe \u0a89\u0aaa\u0a95\u0ab0\u0aa3 \u0aa6\u0acd\u0ab5\u0abe\u0ab0\u0abe \u0ab8\u0aae\u0ab0\u0acd\u0aa5\u0abf\u0aa4 \u0aa8\u0aa5\u0ac0.\"", "\"common_google_play_services_notification_ticker\" : \"Error de Serveis de Google Play\"", "\"abc_action_bar_home_description\" : \"Navigera hem\"", "\"common_google_play_services_install_text\" : \"\u60a8\u7684\u88dd\u7f6e\u5c1a\u672a\u5b89\u88dd Google Play \u670d\u52d9\uff0c\u56e0\u6b64\u7121\u6cd5\u57f7\u884c\u300c%1$s\u300d\u3002\"", "\"default_error_msg\" : \"Ismeretlen hiba\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidad Servicios de Google Play\"", "\"confirm_device_credential_password\" : \"Gebruik wagwoord\"", "\"abc_searchview_description_query\" : \"\u0395\u03c1\u03ce\u03c4\u03b7\u03bc\u03b1 \u03b1\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\u03c2\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Bereich f\u00fcr die Hilfemeldung\"", "\"common_google_play_services_notification_ticker\" : \"Google Play \u0dc3\u0dda\u0dc0\u0dcf \u0daf\u0ddd\u0dc2\u0dba\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u044c \u043e\u0434\u043e\u043e\u0433\u043e\u043e\u0440 \u0448\u0438\u043d\u044d\u0447\u0438\u043b\u0436 \u0431\u0443\u0439 Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0436\u0438\u043b\u043b\u0430\u0445\u0433\u04af\u0439.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0414\u0435\u043b\u0438\u0442\u0435 \u043f\u043e\u043c\u043e\u045b\u0443 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0435 %s\"", "\"generic_error_user_canceled\" : \"Overenie zru\u0161il pou\u017e\u00edvate\u013e.\"", "\"confirm_device_credential_password\" : \"Utiliser le mot de passe\"", "_Unwind_Resume", "\"generic_error_user_canceled\" : \"\u05d4\u05d0\u05d9\u05de\u05d5\u05ea \u05d1\u05d5\u05d8\u05dc \u05e2\u05dc \u05d9\u05d3\u05d9 \u05d4\u05de\u05e9\u05ea\u05de\u05e9.\"", "\"common_google_play_services_enable_button\" : \"\u1016\u103d\u1004\u1037\u103a\u101b\u1014\u103a\"", "\"abc_shareactionprovider_share_with_application\" : \"Compartir con %s\"", "\"common_signin_button_text_long\" : \"\u0412\u0445\u043e\u0434 \u0441 Google\"", "\"common_google_play_services_install_title\" : \"\u1791\u17b6\u1789\u1799\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"confirm_device_credential_password\" : \"Tumia nenosiri\"", "\"common_google_play_services_wear_update_text\" : \"Se necesita una nueva versi\u00f3n de los servicios de Google Play. Se actualizar\u00e1n autom\u00e1ticamente en breve.\"", "\"fingerprint_error_hw_not_present\" : \"Peranti ini tiada penderia cap jari\"", "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl\u00a0+\"", "\"fingerprint_error_user_canceled\" : \"Kinansela ng user ang operasyon sa fingerprint.\"", "\"abc_searchview_description_clear\" : \"\u0410\u0441\u0443\u0443\u043b\u0433\u0430 \u0430\u0440\u0438\u043b\u0433\u0430\u0445\"", "\"abc_action_bar_home_description\" : \"Find hjem\"", "\"abc_action_bar_up_description\" : \"\u0414\u044d\u044d\u0448 \u0448\u0438\u043b\u0436\u0438\u0445\"", "\"fingerprint_dialog_touch_sensor\" : \"Dodirn. senzor za otisak prsta\"", "\"abc_searchview_description_search\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458\"", "\"common_google_play_services_update_text\" : \"%1$s ez da exekutatuko Google Play zerbitzuak eguneratzen ez badituzu.\"", "\"generic_error_user_canceled\" : \"\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e22\u0e01\u0e40\u0e25\u0e34\u0e01\u0e01\u0e32\u0e23\u0e15\u0e23\u0e27\u0e08\u0e2a\u0e2d\u0e1a\u0e2a\u0e34\u0e17\u0e18\u0e34\u0e4c\"", "\"common_signin_button_text\" : \"\u0938\u093e\u0907\u0928 \u0907\u0928 \u0917\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_menu_enter_shortcut_label\" : \"enter\"", "\"common_google_play_services_install_button\" : \"Sakinisha\"", "\"common_google_play_services_update_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0574\u056b\u0576\u0579\u0587 \u0579\u0569\u0561\u0580\u0574\u0561\u0581\u0576\u0565\u0584 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u0568:\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Yard\u0131m mesaj\u0131 b\u00f6lm\u0259si\"", "\"search_menu_title\" : \"Szukaj\"", "\"abc_activitychooserview_choose_application\" : \"\u30a2\u30d7\u30ea\u306e\u9078\u629e\"", "\"abc_action_mode_done\" : \"\u09b8\u09ae\u09cd\u09aa\u09a8\u09cd\u09a8 \u09b9\u2019\u09b2\"", "\"abc_action_bar_up_description\" : \"Idi gore\"", "\"common_google_play_services_updating_text\" : \"Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e %1$s \u0b1a\u0b3e\u0b32\u0b3f\u0b2c \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b2f\u0b47\u0b09\u0b01\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b30\u0b4d\u0b24\u0b4d\u0b24\u0b2e\u0b3e\u0b28 \u0b05\u0b2a\u0b21\u0b47\u0b1f\u0b4d\u200c \u0b39\u0b47\u0b09\u0b1b\u0b3f\u0964\"", "\"abc_searchview_description_submit\" : \"\u0915\u094d\u0935\u0947\u0930\u0940 \u0938\u092c\u092e\u093f\u091f \u0915\u0930\u0947\u0902\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0938\u0947 \u0936\u0947\u092f\u0930 \u0915\u0930\u0947\u0902\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab8\u0a95\u0acd\u0ab7\u0aae \u0a95\u0ab0\u0acb\"", "\"common_google_play_services_unsupported_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult koos Google Play teenustega, mida teie seadmes ei toetata.\"", "\"common_google_play_services_update_text\" : \"%1$s \u0a28\u0a39\u0a40\u0a02 \u0a1a\u0a71\u0a32\u0a47\u0a17\u0a3e \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a71\u0a15 \u0a24\u0a41\u0a38\u0a40\u0a02 Google Play \u0a38\u0a47\u0a35\u0a3e\u0a35\u0a3e\u0a02 \u0a28\u0a42\u0a70 \u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a28\u0a39\u0a40\u0a02 \u0a15\u0a30\u0a26\u0a47 \u0a39\u0a4b\u0964\"", "\"common_google_play_services_install_text\" : \"%1$s, Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93 \u0ab5\u0a97\u0ab0 \u0a9a\u0abe\u0ab2\u0ab6\u0ac7 \u0aa8\u0ab9\u0ac0\u0a82, \u0a9c\u0ac7 \u0aa4\u0aae\u0abe\u0ab0\u0abe \u0a89\u0aaa\u0a95\u0ab0\u0aa3\u0aae\u0abe\u0a82\u0aa5\u0ac0 \u0a96\u0ac2\u0a9f\u0ac7 \u0a9b\u0ac7.\"", "\"common_google_play_services_unsupported_text\" : \"\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c \"%1$s\" \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play. \u041e\u043d\u0438 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0432\u0430\u0448\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\"", "\"fingerprint_not_recognized\" : \"Aniqlanmadi\"", "\"abc_searchview_description_voice\" : \"\u05d7\u05d9\u05e4\u05d5\u05e9 \u05e7\u05d5\u05dc\u05d9\"", "\"abc_capital_off\" : \"V\u00c4LJAS\"", "\"abc_activity_chooser_view_see_all\" : \"Poka\u017ei vse\"", "\"default_error_msg\" : \"L\u1ed7i kh\u00f4ng x\u00e1c \u0111\u1ecbnh\"", "\"fingerprint_dialog_touch_sensor\" : \"Toca sensor huellas digitales\"", "\"fingerprint_not_recognized\" : \"Non riconosciuta\"", "\"abc_menu_function_shortcut_label\" : \"\u201eFunction\u201c +\"", "\"abc_shareactionprovider_share_with\" : \"Deel met\"", "\"abc_toolbar_collapse_description\" : \"Sbalit\"", "\"abc_menu_ctrl_shortcut_label\" : \"CTRL +\"", "\"generic_error_user_canceled\" : \"Anv\u00e4ndaren har avbrutit autentiseringen.\"", "\"common_google_play_services_notification_channel_name\" : \"Ketersediaan perkhidmatan Google Play\"", "\"abc_activity_chooser_view_see_all\" : \"\u0b85\u0ba9\u0bc8\u0ba4\u0bcd\u0ba4\u0bc8\u0baf\u0bc1\u0bae\u0bcd \u0b95\u0bbe\u0b9f\u0bcd\u0b9f\u0bc1\"", "\"abc_capital_off\" : \"\u09ac\u09a8\u09cd\u09a7 \u0986\u099b\u09c7\"", "\"abc_action_bar_home_description\" : \"\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0433\u043e\u043b\u043e\u0432\u043d\u0443\"", "\"fingerprint_error_hw_not_available\" : \"\u0aab\u0abf\u0a82\u0a97\u0ab0\u0aaa\u0acd\u0ab0\u0abf\u0aa8\u0acd\u0a9f \u0ab9\u0abe\u0ab0\u0acd\u0aa1\u0ab5\u0ac7\u0ab0 \u0a89\u0aaa\u0ab2\u0aac\u0acd\u0aa7 \u0aa8\u0aa5\u0ac0.\"", "\"search_menu_title\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"common_google_play_services_enable_title\" : \"\u200f\u202b\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Google Play\"", "\"abc_shareactionprovider_share_with_application\" : \"%s-\u10d8\u10d7 \u10d2\u10d0\u10d6\u10d8\u10d0\u10e0\u10d4\u10d1\u10d0\"", "\"common_google_play_services_update_title\" : \"\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"generic_error_user_canceled\" : \"Kasutaja t\u00fchistas autentimise.\"", "\"mtrl_picker_a11y_prev_month\" : \"Change to previous month\"", "_Unwind_VRS_Set", "\"abc_menu_alt_shortcut_label\" : \"\u200eAlt+\u200e\"", "\"common_google_play_services_updating_text\" : \"%1$s \u043d\u0435 \u0431\u0443\u0434\u0437\u0435 \u043f\u0440\u0430\u0446\u0430\u0432\u0430\u0446\u044c \u0431\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0430\u045e Google Play, \u044f\u043a\u0456\u044f \u045e \u0446\u044f\u043f\u0435\u0440\u0430\u0448\u043d\u0456 \u0447\u0430\u0441 \u0430\u0431\u043d\u0430\u045e\u043b\u044f\u044e\u0446\u0446\u0430.\"", "\"abc_searchview_description_search\" : \"\u0391\u03bd\u03b1\u03b6\u03ae\u03c4\u03b7\u03c3\u03b7\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e36\u0e48\u0e07\u0e01\u0e33\u0e25\u0e31\u0e07\u0e2d\u0e31\u0e1b\u0e40\u0e14\u0e15\u0e2d\u0e22\u0e39\u0e48\u0e43\u0e19\u0e02\u0e13\u0e30\u0e19\u0e35\u0e49\"", "\"fingerprint_not_recognized\" : \"\u0e9a\u0ecd\u0ec8\u0eae\u0eb1\u0e9a\u0eae\u0eb9\u0ec9\"", "\"abc_menu_enter_shortcut_label\" : \"\u0b0f\u0b23\u0b4d\u0b1f\u0b30\u0b4d\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u0aa8\u0ac0 \u0ab8\u0abe\u0aa5\u0ac7 \u0ab6\u0ac7\u0ab0 \u0a95\u0ab0\u0acb\"", "\"fingerprint_not_recognized\" : \"\u041d\u0435 \u0440\u0430\u0441\u043f\u0430\u0437\u043d\u0430\u043d\u0430\"", "\"common_google_play_services_wear_update_text\" : \"\u9700\u8981\u4f7f\u7528\u65b0\u7248\u672c\u7684 Google Play \u670d\u52d9\u3002\u66f4\u65b0\u6703\u5373\u5c07\u81ea\u52d5\u958b\u59cb\u3002\"", "\"common_google_play_services_install_title\" : \"Installer les services Google\u00a0Play\"", "\"default_error_msg\" : \"\u0d05\u0d1c\u0d4d\u0d1e\u0d3e\u0d24 \u0d2a\u0d3f\u0d36\u0d15\u0d4d\"", "\"fingerprint_error_no_fingerprints\" : \"\u0d2b\u0d3f\u0d02\u0d17\u0d7c\u0d2a\u0d4d\u0d30\u0d3f\u0d28\u0d4d\u0d31\u0d41\u0d15\u0d33\u0d4a\u0d28\u0d4d\u0d28\u0d41\u0d02 \u0d0e\u0d7b\u0d31\u0d4b\u0d7e \u0d1a\u0d46\u0d2f\u0d4d\u200c\u0d24\u0d3f\u0d1f\u0d4d\u0d1f\u0d3f\u0d32\u0d4d\u0d32.\"", "\"fingerprint_error_hw_not_present\" : \"Gailu honek ez du hatz-marken sentsorerik\"", "\"fingerprint_error_hw_not_present\" : \"\u00deetta t\u00e6ki er ekki me\u00f0 fingrafaralesara\"", "\"common_google_play_services_update_button\" : \"Atjaunin\u0101t\"", "\"fingerprint_dialog_touch_sensor\" : \"Dotkn\u011bte se sn\u00edma\u010de otisk\u016f prst\u016f\"", "\"abc_searchview_description_query\" : \"\u05e9\u05d0\u05d9\u05dc\u05ea\u05ea \u05d7\u05d9\u05e4\u05d5\u05e9\"", "\"common_google_play_services_enable_button\" : \"W\u0142\u0105cz\"", "\"fingerprint_error_lockout\" : \"\uc2dc\ub3c4 \ud69f\uc218\uac00 \ub108\ubb34 \ub9ce\uc2b5\ub2c8\ub2e4. \ub098\uc911\uc5d0 \ub2e4\uc2dc \uc2dc\ub3c4\ud574 \uc8fc\uc138\uc694.\"", "\"abc_capital_off\" : \"AF\"", "\"abc_searchview_description_query\" : \"Leitarfyrirspurn\"", "\"abc_activity_chooser_view_see_all\" : \"\u3059\u3079\u3066\u8868\u793a\"", "\"abc_action_bar_home_description\" : \"Eve gidi\u015f yolunu g\u00f6ster\"", "\"abc_shareactionprovider_share_with\" : \"Bendrinti su\"", "\"abc_action_bar_home_description\" : \"\u0e19\u0e33\u0e17\u0e32\u0e07\u0e44\u0e1b\u0e2b\u0e19\u0e49\u0e32\u0e41\u0e23\u0e01\"", "\"confirm_device_credential_password\" : \"Parol istifad\u0259 edin\"", "\"abc_capital_off\" : \"\u0985\u09ab\"", "\"abc_activitychooserview_choose_application\" : \"Een app selecteren\"", "\"common_google_play_services_install_title\" : \"Descargar Servicios de Google Play\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0e08\u0e30\u0e44\u0e21\u0e48\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e32\u0e01\u0e44\u0e21\u0e48\u0e21\u0e35\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play \u0e0b\u0e36\u0e48\u0e07\u0e2d\u0e38\u0e1b\u0e01\u0e23\u0e13\u0e4c\u0e02\u0e2d\u0e07\u0e04\u0e38\u0e13\u0e44\u0e21\u0e48\u0e2a\u0e19\u0e31\u0e1a\u0e2a\u0e19\u0e38\u0e19\"", "\"abc_shareactionprovider_share_with_application\" : \"Chia s\u1ebb v\u1edbi %s\"", "\"common_open_on_phone\" : \"\u1016\u102f\u1014\u103a\u1038\u1015\u1031\u102b\u103a\u1019\u103e\u102c \u1016\u103d\u1004\u1037\u103a\u1015\u102b\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u092c\u0948 \u0939\u0947\u0930\u094d\u0928\u0941\u0939\u094b\u0938\u094d\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0410\u0431\u0430\u0433\u0443\u043b\u0456\u0446\u044c \u043f\u0440\u0430\u0437 \u043f\u0440\u0430\u0433\u0440\u0430\u043c\u0443 \"%s\"\"", "\"abc_searchview_description_submit\" : \"Env\u00eda a consulta\"", "\"abc_searchview_description_voice\" : \"\u0995\u09a3\u09cd\u09a0\u09a7\u09cd\u09ac\u09a8\u09bf\u09f0 \u09a6\u09cd\u09ac\u09be\u09f0\u09be \u09b8\u09a8\u09cd\u09a7\u09be\u09a8\"", "\"abc_capital_off\" : \"DESAKTIBATU\"", "\"mtrl_picker_invalid_format_example\" : \"Example: %1$s\"", "\"common_google_play_services_enable_text\" : \"Rakendus %1$s t\u00f6\u00f6tab ainult siis, kui lubate Google Play teenused.\"", "\"fingerprint_error_hw_not_available\" : \"Pir\u0161to antspaudo aparatin\u0117 \u012franga nepasiekiama.\"", "getInfoFromEHABISection", "\"firebase_database_url\" : \"https://damn-vulnerable-bank.firebaseio.com\"", "\"common_google_play_services_unsupported_text\" : \"%1$s, Google Play hizmetleri olmadan \u00e7al\u0131\u015fmaz ve bu hizmetler cihaz\u0131n\u0131z taraf\u0131ndan desteklenmiyor.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0c35\u0c47\u0c32\u0c3f\u0c2e\u0c41\u0c26\u0c4d\u0c30 \u0c38\u0c46\u0c28\u0c4d\u0c38\u0c3e\u0c30\u0c4d\u200c\u0c28\u0c41 \u0c24\u0c3e\u0c15\u0c02\u0c21\u0c3f\"", "\"common_google_play_services_updating_text\" : \"%1$s non funzioner\u00e0 senza Google Play Services, attualmente in fase di aggiornamento.\"", "\"common_google_play_services_notification_ticker\" : \"Google Play xizmatlari xatosi\"", "\"abc_shareactionprovider_share_with\" : \"Chia s\u1ebb v\u1edbi\"", "\"abc_prepend_shortcut_label\" : \"Men\u00fctaste\u00a0+\"", "\"abc_menu_space_shortcut_label\" : \"Probel\"", "\"common_google_play_services_enable_button\" : \"Omogu\u0107i\"", "\"abc_search_hint\" : \"Rechercher\u2026\"", "\"common_google_play_services_update_title\" : \"Atnaujinkite \u201eGoogle Play\u201c paslaugas\"", "\"abc_searchview_description_submit\" : \"\u63d0\u4ea4\u67e5\u8be2\"", "\"common_google_play_services_update_button\" : \"Dateer op\"", "\"common_signin_button_text\" : \"\u0412\u043e\u0439\u0442\u0438\"", "\"abc_activitychooserview_choose_application\" : \"Odabir aplikacije\"", "\"abc_action_menu_overflow_description\" : \"\u062e\u064a\u0627\u0631\u0627\u062a \u0623\u0643\u062b\u0631\"", "\"fingerprint_error_hw_not_present\" : \"El dispositivo no tiene ning\u00fan sensor de huellas digitales\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ondervindt problemen met Google Play-services. Probeer het opnieuw.\"", "\"common_google_play_services_enable_button\" : \"\u0395\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03af\u03b7\u03c3\u03b7\"", "\"common_google_play_services_updating_text\" : \"%1$s ei toimi ilman Google Play Palveluita, joita p\u00e4ivitet\u00e4\u00e4n t\u00e4ll\u00e4 hetkell\u00e4.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play hizmetlerinin yeni s\u00fcr\u00fcm\u00fc gerekiyor. Kendisini k\u0131sa s\u00fcre i\u00e7inde g\u00fcncelleyecektir.\"", "\"abc_action_bar_up_description\" : \"\u12c8\u12f0 \u120b\u12ed \u12eb\u1235\u1231\"", "\"abc_shareactionprovider_share_with_application\" : \"%s\u09f0 \u099c\u09f0\u09bf\u09af\u09bc\u09a4\u09c7 \u09b6\u09cd\u09ac\u09c7\u09af\u09bc\u09be\u09f0 \u0995\u09f0\u0995\"", "\"abc_searchview_description_search\" : \"Mekl\u0113t\"", "\"common_open_on_phone\" : \"\u0b2b\u0b4b\u0b28\u0b4d\u200c\u0b30\u0b47 \u0b16\u0b4b\u0b32\u0b28\u0b4d\u0b24\u0b41\"", "\"common_open_on_phone\" : \"Obre al tel\u00e8fon\"", "\"fingerprint_error_no_fingerprints\" : \"\u0d87\u0d9f\u0dd2\u0dbd\u0dd2 \u0dc3\u0dbd\u0d9a\u0dd4\u0dab\u0dd4 \u0d87\u0dad\u0dd4\u0dc5\u0dad\u0dca \u0d9a\u0dbb \u0db1\u0ddc\u0db8\u0dd0\u0dad.\"", "\"abc_capital_on\" : \"\u0b05\u0b28\u0b4d\"", "\"abc_action_mode_done\" : \"Klar\"", "\"abc_action_bar_home_description\" : \"Navigeren naar startpositie\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play services-\u10d8\u10e1 \u10ee\u10d4\u10da\u10db\u10d8\u10e1\u10d0\u10ec\u10d5\u10d3\u10dd\u10db\u10dd\u10d1\u10d0\"", "\"common_google_play_services_install_text\" : \"Zur Nutzung von %1$s sind die Google Play-Dienste erforderlich, die auf deinem Ger\u00e4t nicht installiert sind.\"", "\"common_google_play_services_install_button\" : \"\u0938\u094d\u200d\u0925\u093e\u092a\u093f\u0924 \u0915\u0930\u093e\"", "\"common_google_play_services_update_button\" : \"\u0986\u09aa\u09a1\u09c7\u2019\u099f \u0995\u09f0\u0995\"", "\"common_google_play_services_install_text\" : \"%1$s ez da exekutatuko Google Play zerbitzurik gabe, baina ez dituzu gailuan.\"", "\"fingerprint_error_hw_not_available\" : \"\u041c\u0430\u043d\u0436\u0430 \u0438\u0437\u0438\u043d\u0438\u043d \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u0442\u044b\u043a \u043a\u0430\u043c\u0441\u044b\u0437\u0434\u043e\u043e\u0441\u0443 \u0436\u0435\u0442\u043a\u0438\u043b\u0438\u043a\u0442\u04af\u04af \u044d\u043c\u0435\u0441.\"", "\"abc_action_menu_overflow_description\" : \"Fler alternativ\"", "\"abc_activitychooserview_choose_application\" : \"V\u00e6lg en app\"", "\"abc_capital_on\" : \"\u0423\u041a\u0409\u0423\u0427\u0415\u041d\u041e\"", "\"common_google_play_services_update_title\" : \"\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Google\u00a0Play\"", "\"common_google_play_services_enable_title\" : \"Aktifkan layanan Google Play\"", "\"common_google_play_services_enable_title\" : \"Aktiveer Google Play Dienste\"", "\"abc_shareactionprovider_share_with_application\" : \"%s \u0b38\u0b39 \u0b38\u0b47\u0b5f\u0b3e\u0b30\u0b4d\u200d \u0b15\u0b30\u0b28\u0b4d\u0b24\u0b41\"", "\"common_open_on_phone\" : \"Odpiranje v telefonu\"", "\"abc_action_menu_overflow_description\" : \"\u0906\u0923\u0916\u0940 \u092a\u0930\u094d\u092f\u093e\u092f\"", "\"fingerprint_error_user_canceled\" : \"Op\u00e9ration d'authentification par empreinte digitale annul\u00e9e par l'utilisateur.\"", "\"abc_activitychooserview_choose_application\" : \"\u049a\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u043d\u044b \u0442\u0430\u04a3\u0434\u0430\u0443\"", "\"common_google_play_services_unknown_issue\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b1\u03bd\u03c4\u03b9\u03bc\u03b5\u03c4\u03c9\u03c0\u03af\u03b6\u03b5\u03b9 \u03ba\u03ac\u03c0\u03bf\u03b9\u03bf \u03c0\u03c1\u03cc\u03b2\u03bb\u03b7\u03bc\u03b1 \u03bc\u03b5 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play. \u03a0\u03c1\u03bf\u03c3\u03c0\u03b1\u03b8\u03ae\u03c3\u03c4\u03b5 \u03be\u03b1\u03bd\u03ac.\"", "\"fingerprint_error_hw_not_available\" : \"\u0a2b\u0a3f\u0a70\u0a17\u0a30\u0a2a\u0a4d\u0a30\u0a3f\u0a70\u0a1f \u0a39\u0a3e\u0a30\u0a21\u0a35\u0a47\u0a05\u0a30 \u0a09\u0a2a\u0a32\u0a2c\u0a27 \u0a28\u0a39\u0a40\u0a02\u0964\"", "\"common_google_play_services_unsupported_text\" : \"%1$s kan ikke kj\u00f8re uten Google Play-tjenester, som ikke st\u00f8ttes av enheten din.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ma problem z dost\u0119pem do Us\u0142ug Google Play. Spr\u00f3buj jeszcze raz.\"", "\"abc_searchview_description_voice\" : \"\u0b95\u0bc1\u0bb0\u0bb2\u0bcd \u0ba4\u0bc7\u0b9f\u0bb2\u0bcd\"", "\"appbar_scrolling_view_behavior\" : \"com.google.android.material.appbar.AppBarLayout$ScrollingViewBehavior\"", "\"mtrl_picker_range_header_only_end_selected\" : \"Start date \u2013 %1$s\"", "\"fingerprint_not_recognized\" : \"Nu este recunoscut\"", "\"common_google_play_services_install_text\" : \"\u101e\u1004\u1037\u103a\u1010\u1000\u103a\u1018\u101c\u1000\u103a\u1010\u103d\u1004\u103a Google Play \u101d\u1014\u103a\u1006\u1031\u102c\u1004\u103a\u1019\u103e\u102f\u1019\u103b\u102c\u1038\u1019\u101b\u103e\u102d\u101e\u1031\u102c\u1000\u103c\u1031\u102c\u1004\u1037\u103a %1$s \u1000\u102d\u102f\u1016\u103d\u1004\u1037\u103a\u104d\u1019\u101b\u1015\u102b\u104b\"", "\"abc_shareactionprovider_share_with\" : \"\u5206\u4eab\u5c0d\u8c61\"", "\"common_google_play_services_update_button\" : \"\u0a05\u0a71\u0a2a\u0a21\u0a47\u0a1f \u0a15\u0a30\u0a4b\"", "\"abc_toolbar_collapse_description\" : \"Restr\u00e2nge\u021bi\"", "\"search_menu_title\" : \"\uac80\uc0c9\"", "\"abc_action_mode_done\" : \"Ferdig\"", "\"common_google_play_services_unsupported_text\" : \"%1$s nuk do t\u00eb funksionoj\u00eb pa sh\u00ebrbimet e Google Play, t\u00eb cilat nuk mb\u00ebshteten nga pajisja jote.\"", "\"common_google_play_services_install_title\" : \"Installa Google Play Services\"", "\"common_google_play_services_install_title\" : \"Google Play-services ophalen\"", "\"abc_searchview_description_clear\" : \"Esborra la consulta\"", "\"fingerprint_error_lockout\" : \"Zu viele Versuche. Versuche es bitte sp\u00e4ter noch einmal.\"", "\"fingerprint_error_user_canceled\" : \"Operasi sidik jari dibatalkan oleh pengguna.\"", "\"abc_menu_space_shortcut_label\" : \"\u0e8d\u0eb0\u0eab\u0ea7\u0ec8\u0eb2\u0e87\"", "\"abc_searchview_description_voice\" : \"\u1021\u101e\u1036\u1016\u103c\u1004\u1037\u103a \u101b\u103e\u102c\u101b\u1014\u103a\"", "\"common_google_play_services_unsupported_text\" : \"\u200f%1$s \u05dc\u05d0 \u05ea\u05e4\u05e2\u05dc \u05dc\u05dc\u05d0 \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play, \u05e9\u05d0\u05d9\u05e0\u05dd \u05e0\u05ea\u05de\u05db\u05d9\u05dd \u05d1\u05de\u05db\u05e9\u05d9\u05e8 \u05e9\u05dc\u05da.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e \u0909\u092a\u0932\u092c\u094d\u0927\u0924\u093e\"", "\"abc_capital_on\" : \"\u0938\u0915\u094d\u0930\u093f\u092f\"", "\"common_google_play_services_update_text\" : \"Google Play \u0b9a\u0bc7\u0bb5\u0bc8\u0b95\u0bb3\u0bc8 \u0b87\u0baf\u0b95\u0bcd\u0b95\u0bbf\u0ba9\u0bbe\u0bb2\u0bcd \u0bae\u0b9f\u0bcd\u0b9f\u0bc1\u0bae\u0bc7, %1$s \u0b9a\u0bc6\u0baf\u0bb2\u0bcd\u0baa\u0b9f\u0bc1\u0bae\u0bcd.\"", "\"common_google_play_services_update_text\" : \"%1$s kan inte k\u00f6ras om du inte uppdaterar Google Play-tj\u00e4nsterna.\"", "\"common_open_on_phone\" : \"\u092b\u093c\u094b\u0928 \u092a\u0930 \u0916\u094b\u0932\u0947\u0902\"", "\"common_google_play_services_install_title\" : \"Dapatkan layanan Google Play\"", "\"fingerprint_dialog_touch_sensor\" : \"Ch\u1ea1m v\u00e0o c\u1ea3m bi\u1ebfn v\u00e2n tay\"", "\"abc_action_menu_overflow_description\" : \"\u041f\u043e\u0432\u0435\u045c\u0435 \u043e\u043f\u0446\u0438\u0438\"", "\"abc_shareactionprovider_share_with\" : \"Shiriki na\"", "\"common_google_play_services_update_button\" : \"\uc5c5\ub370\uc774\ud2b8\"", "\"abc_searchview_description_submit\" : \"Iesniegt vaic\u0101jumu\"", "\"fingerprint_error_no_fingerprints\" : \"Nav re\u0123istr\u0113ts neviens pirksta nospiedums.\"", "\"common_google_play_services_enable_title\" : \"Omogo\u010danje storitev Google Play\"", "\"fingerprint_error_hw_not_available\" : \"\u101c\u1000\u103a\u1017\u103d\u1031\u1005\u1000\u103a\u1015\u1005\u1039\u1005\u100a\u103a\u1038 \u1019\u101b\u1014\u102d\u102f\u1004\u103a\u1015\u102b\u104b\"", "\"common_google_play_services_update_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03b1\u03c6\u03bf\u03cd \u03b5\u03bd\u03b7\u03bc\u03b5\u03c1\u03ce\u03c3\u03b5\u03c4\u03b5 \u03c4\u03b9\u03c2 \u03a5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play.\"", "\"common_google_play_services_update_title\" : \"Google Play \u09b8\u09c7\u09f1\u09be \u0986\u09aa\u09a1\u09c7\u2019\u099f \u0995\u09f0\u0995\"", "\"common_google_play_services_enable_button\" : \"\u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\"", "\"common_google_play_services_notification_channel_name\" : \"Disponibilidade Servi\u00e7os do Google Play\"", "\"common_google_play_services_enable_button\" : \"Activer\"", "\"common_google_play_services_install_text\" : \"Google Play \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3f\u0d32\u0d4d\u0d32\u0d3e\u0d24\u0d46 %1$s \u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d3f\u0d15\u0d4d\u0d15\u0d3f\u0d32\u0d4d\u0d32, \u0d08 \u0d38\u0d47\u0d35\u0d28\u0d19\u0d4d\u0d19\u0d33\u0d3e\u0d15\u0d1f\u0d4d\u0d1f\u0d46 \u0d28\u0d3f\u0d19\u0d4d\u0d19\u0d33\u0d41\u0d1f\u0d46 \u0d09\u0d2a\u0d15\u0d30\u0d23\u0d24\u0d4d\u0d24\u0d3f\u0d7d \u0d07\u0d32\u0d4d\u0d32.\"", "\"common_google_play_services_unsupported_text\" : \"\u0397 \u03b5\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae %1$s \u03b4\u03b5\u03bd \u03b8\u03b1 \u03b5\u03ba\u03c4\u03b5\u03bb\u03b5\u03c3\u03c4\u03b5\u03af \u03c7\u03c9\u03c1\u03af\u03c2 \u03c4\u03b9\u03c2 \u03c5\u03c0\u03b7\u03c1\u03b5\u03c3\u03af\u03b5\u03c2 Google Play, \u03bf\u03b9 \u03bf\u03c0\u03bf\u03af\u03b5\u03c2 \u03b4\u03b5\u03bd \u03c5\u03c0\u03bf\u03c3\u03c4\u03b7\u03c1\u03af\u03b6\u03bf\u03bd\u03c4\u03b1\u03b9 \u03b1\u03c0\u03cc \u03c4\u03b7 \u03c3\u03c5\u03c3\u03ba\u03b5\u03c5\u03ae \u03c3\u03b1\u03c2.\"", "\"common_google_play_services_install_title\" : \"Instalace slu\u017eeb Google Play\"", "\"common_google_play_services_install_text\" : \"\u200f%1$s \u0628\u062f\u0648\u0646 \u062e\u062f\u0645\u0627\u062a Google Play \u06a9\u0647 \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647 \u0634\u0645\u0627 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u0627\u062c\u0631\u0627 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s ima problema sa Google Play uslugama. Probajte ponovo.\"", "\"abc_shareactionprovider_share_with\" : \"\u0a07\u0a38 \u0a28\u0a3e\u0a32 \u0a38\u0a3e\u0a02\u0a1d\u0a3e \u0a15\u0a30\u0a4b\"", "\"abc_menu_function_shortcut_label\" : \"Funksjon+\"", "\"common_google_play_services_notification_ticker\" : \"Gre\u0161ka Google Play usluge\"", "\"abc_search_hint\" : \"Busca\u2026\"", "\"common_google_play_services_notification_channel_name\" : \"Ukungatholakali kwamasevisi e-Google Play\"", "\"common_signin_button_text_long\" : \"Bejelentkez\u00e9s Google-fi\u00f3kkal\"", "\"abc_menu_meta_shortcut_label\" : \"M\u00e9ta+\"", "\"abc_capital_off\" : \"\u05db\u05d1\u05d5\u05d9\"", "\"common_google_play_services_enable_text\" : \"Google Play hizmetlerini etkinle\u015ftirmezseniz %1$s \u00e7al\u0131\u015fmaz.\"", "getFloatRegister", "\"fingerprint_error_no_fingerprints\" : \"Engin fingraf\u00f6r hafa veri\u00f0 skr\u00e1\u00f0.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u10e8\u10d4\u10d4\u10ee\u10d4\u10d7 \u10d7\u10d8\u10d7\u10d8\u10e1 \u10d0\u10dc\u10d0\u10d1\u10d4\u10ed\u10d3\u10d8\u10e1 \u10e1\u10d4\u10dc\u10e1\u10dd\u10e0\u10e1\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435 \u0441\u044a\u0441: %s\"", "\"fingerprint_dialog_touch_sensor\" : \"\u0aab\u0abf\u0a82\u0a97\u0ab0\u0aaa\u0acd\u0ab0\u0abf\u0aa8\u0acd\u0a9f\u0aa8\u0abe \u0ab8\u0ac7\u0aa8\u0acd\u0ab8\u0ab0\u0aa8\u0ac7 \u0ab8\u0acd\u0aaa\u0ab0\u0acd\u0ab6 \u0a95\u0ab0\u0acb\"", "\"abc_action_bar_up_description\" : \"\u0cae\u0cc7\u0cb2\u0c95\u0ccd\u0c95\u0cc6 \u0ca8\u0ccd\u0caf\u0cbe\u0cb5\u0cbf\u0c97\u0cc7\u0c9f\u0ccd \u0cae\u0cbe\u0ca1\u0cbf\"", "\"abc_capital_off\" : \"DESACTIVAR\"", "\"abc_searchview_description_clear\" : \"Pastro pyetjen\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n+\"", "\"abc_searchview_description_submit\" : \"Utf\u00f8r s\u00f8ket\"", "\"abc_search_hint\" : \"\u041f\u043e\u0448\u0443\u043a\u2026\"", "\"abc_searchview_description_voice\" : \"\u0906\u0935\u093e\u091c\u092e\u093e \u0906\u0927\u093e\u0930\u093f\u0924 \u0916\u094b\u091c\u0940\"", "\"common_google_play_services_enable_button\" : \"Ativar\"", "\"common_google_play_services_enable_text\" : \"%1$s \u0932\u0947 \u0924\u092a\u093e\u0908\u0901\u0932\u0947 Google Play \u0938\u0947\u0935\u093e\u0939\u0930\u0942 \u0938\u0915\u094d\u0937\u092e \u0928\u0917\u0930\u0947\u0938\u092e\u094d\u092e \u0915\u093e\u092e \u0917\u0930\u094d\u0926\u0948\u0928\u0964\"", "\"welcome\" : \"Welcome to Vulnerable Bank\"", "\"common_google_play_services_wear_update_text\" : \"\u200f\u05d3\u05e8\u05d5\u05e9\u05d4 \u05d2\u05e8\u05e1\u05d4 \u05d7\u05d3\u05e9\u05d4 \u05e9\u05dc \u05e9\u05d9\u05e8\u05d5\u05ea\u05d9 Google Play. \u05d4\u05d2\u05e8\u05e1\u05d4 \u05ea\u05ea\u05e2\u05d3\u05db\u05df \u05d1\u05e2\u05e6\u05de\u05d4 \u05ea\u05d5\u05da \u05d6\u05de\u05df \u05e7\u05e6\u05e8.\"", "\"common_google_play_services_update_text\" : \"Google Play \uc11c\ube44\uc2a4\ub97c \uc5c5\ub370\uc774\ud2b8\ud574\uc57c %1$s\uc774(\uac00) \uc2e4\ud589\ub429\ub2c8\ub2e4.\"", "\"common_google_play_services_install_title\" : \"S\u00e6kja \u00fej\u00f3nustu Google Play\"", "\"common_google_play_services_notification_channel_name\" : \"Tillg\u00e4nglighet f\u00f6r Google Plays tj\u00e4nster\"", "\"common_signin_button_text_long\" : \"Google-\u10d8\u10d7 \u10e8\u10d4\u10e1\u10d5\u10da\u10d0\"", "\"common_google_play_services_enable_button\" : \"Povolit\"", "\"default_error_msg\" : \"\u0c85\u0caa\u0cb0\u0cbf\u0c9a\u0cbf\u0ca4 \u0ca6\u0ccb\u0cb7\"", "index inlined table detected but pr function requires extra words", "\"common_google_play_services_wear_update_text\" : \"\u0412\u0435\u0440\u0441\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Google\u00a0Play \u0443\u0441\u0442\u0430\u0440\u0435\u043b\u0430. \u041e\u043d\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\"", "\"common_google_play_services_install_title\" : \"Preuzmite Google Play usluge\"", "\"abc_searchview_description_submit\" : \"\u0d1a\u0d4b\u0d26\u0d4d\u0d2f\u0d02 \u0d38\u0d2e\u0d7c\u0d2a\u0d4d\u0d2a\u0d3f\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u1021\u1000\u1030\u1021\u100a\u102e\u1019\u1000\u103a\u1006\u1031\u1037\u1002\u103b\u103a \u1014\u1031\u101b\u102c\"", "\"search_menu_title\" : \"Cari\"", "\"abc_capital_on\" : \"\u12a0\u1265\u122b\"", "\"common_google_play_services_notification_ticker\" : \"Chyba slu\u017eeb Google Play\"", "\"abc_searchview_description_voice\" : \"\u0414\u0430\u0443\u044b\u0441\u043f\u0435\u043d \u0456\u0437\u0434\u0435\u0443\"", "\"fingerprint_error_hw_not_present\" : \"Thi\u1ebft b\u1ecb n\u00e0y kh\u00f4ng c\u00f3 c\u1ea3m bi\u1ebfn v\u00e2n tay\"", "\"common_google_play_services_install_title\" : \"\u041f\u0440\u0435\u0437\u0435\u043c\u0438 \u0433\u0438 \u0443\u0441\u043b\u0443\u0433\u0438\u0442\u0435 \u043d\u0430 Google Play\"", "\"abc_capital_on\" : \"\u099a\u09be\u09b2\u09c1 \u0995\u09b0\u09c1\u09a8\"", "\"abc_action_bar_home_description\" : \"Ugr\u00e1s a f\u0151oldalra\"", "\"abc_action_bar_up_description\" : \"\u8f6c\u5230\u4e0a\u4e00\u5c42\u7ea7\"", "\"abc_toolbar_collapse_description\" : \"\u0421\u043e\u0431\u0435\u0440\u0438\"", "\"common_signin_button_text_long\" : \"\u0423\u0432\u0456\u0439\u0442\u0438 \u0432 \u043e\u0431\u043b\u0456\u043a. \u0437\u0430\u043f\u0438\u0441 Google\"", "\"common_google_play_services_install_button\" : \"O\u2018rnatish\"", "\"fingerprint_error_user_canceled\" : \"\u05e4\u05e2\u05d5\u05dc\u05ea \u05d8\u05d1\u05d9\u05e2\u05ea \u05d4\u05d0\u05e6\u05d1\u05e2 \u05d1\u05d5\u05d8\u05dc\u05d4 \u05d1\u05d9\u05d3\u05d9 \u05d4\u05de\u05e9\u05ea\u05de\u05e9.\"", "\"common_google_play_services_install_button\" : \"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c\"", "\"fingerprint_error_no_fingerprints\" : \"\u0e44\u0e21\u0e48\u0e21\u0e35\u0e25\u0e32\u0e22\u0e19\u0e34\u0e49\u0e27\u0e21\u0e37\u0e2d\u0e17\u0e35\u0e48\u0e25\u0e07\u0e17\u0e30\u0e40\u0e1a\u0e35\u0e22\u0e19\"", "\"fingerprint_error_no_fingerprints\" : \"No s'ha registrat cap empremta digital.\"", "\"abc_shareactionprovider_share_with\" : \"Compartilhar com\"", "\"generic_error_user_canceled\" : \"\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f\u043d\u044b \u043a\u043e\u043b\u0434\u043e\u043d\u0443\u0443\u0447\u0443 \u0436\u043e\u043a\u043a\u043e \u0447\u044b\u0433\u0430\u0440\u0434\u044b.\"", "\"abc_searchview_description_search\" : \"\u041f\u043e\u0448\u0443\u043a\"", "\"fingerprint_not_recognized\" : \"No se reconoci\u00f3\"", "\"common_google_play_services_install_button\" : \"\u0e95\u0eb4\u0e94\u0e95\u0eb1\u0ec9\u0e87\"", "\"common_google_play_services_install_button\" : \"\u041e\u0440\u043d\u043e\u0442\u0443\u0443\"", "\"confirm_device_credential_password\" : \"Sebenzisa iphasiwedi\"", "\"fingerprint_error_hw_not_present\" : \"\u0644\u0627 \u064a\u062d\u062a\u0648\u064a \u0647\u0630\u0627 \u0627\u0644\u062c\u0647\u0627\u0632 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0633\u062a\u0634\u0639\u0627\u0631 \u0628\u0635\u0645\u0627\u062a \u0627\u0644\u0623\u0635\u0627\u0628\u0639.\"", "\"abc_action_bar_up_description\" : \"Nach oben\"", "\"fingerprint_error_lockout\" : \"\u10db\u10d4\u10e2\u10d8\u10e1\u10db\u10d4\u10e2\u10d0\u10d3 \u10d1\u10d4\u10d5\u10e0\u10d8 \u10db\u10ea\u10d3\u10d4\u10da\u10dd\u10d1\u10d0 \u10d8\u10e7\u10dd. \u10d2\u10d7\u10ee\u10dd\u10d5\u10d7, \u10ea\u10d0\u10d3\u10dd\u10d7 \u10db\u10dd\u10d2\u10d5\u10d8\u10d0\u10dc\u10d4\u10d1\u10d8\u10d7.\"", "\"abc_searchview_description_clear\" : \"\u101b\u103e\u102c\u1016\u103d\u1031\u1019\u103e\u102f\u1000\u102d\u102f \u1016\u101a\u103a\u101b\u103e\u102c\u1038\u101b\u1014\u103a\"", "\"abc_shareactionprovider_share_with\" : \"Partekatu honekin\"", "\"mtrl_picker_date_header_selected\" : \"%1$s\"", "\"common_open_on_phone\" : \"\u09ab'\u09a8\u09a4 \u0996\u09cb\u09b2\u0995\"", "\"common_google_play_services_wear_update_text\" : \"\u00c9 necess\u00e1ria uma nova vers\u00e3o do Google Play Services. Ele ser\u00e1 atualizado em breve.\"", "LOOKING FOR BINARY: %s Absent :(", "\"abc_searchview_description_voice\" : \"Hlasov\u00e9 vyhled\u00e1v\u00e1n\u00ed\"", "\"fingerprint_error_user_canceled\" : \"Umsebenzi wesigxivizo somunwe sikhanselwe umsebenzisi.\"", "\"abc_shareactionprovider_share_with_application\" : \"\u8207\u300c%s\u300d\u5206\u4eab\"", "\"abc_action_menu_overflow_description\" : \"\u0bae\u0bc7\u0bb2\u0bc1\u0bae\u0bcd \u0bb5\u0bbf\u0bb0\u0bc1\u0baa\u0bcd\u0baa\u0b99\u0bcd\u0b95\u0bb3\u0bcd\"", "\"common_google_play_services_enable_title\" : \"I-enable ang mga serbisyo ng Google Play\"", "\"abc_action_mode_done\" : \"OK\"", "\"fingerprint_not_recognized\" : \"\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0646\u0634\u062f\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne\u0107e funkcionirati bez usluga Google Playa koje va\u0161 ure\u0111aj ne podr\u017eava.\"", "\"abc_menu_delete_shortcut_label\" : \"\u179b\u17bb\u1794\"", "\"fingerprint_error_no_fingerprints\" : \"Hakuna alama za vidole zilizojumuishwa.\"", "\"abc_searchview_description_submit\" : \"Indsend foresp\u00f8rgsel\"", "\"fingerprint_error_no_fingerprints\" : \"Parmak izi kaydedilmedi.\"", "\"common_google_play_services_enable_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435, \u044f\u043a\u0449\u043e \u043d\u0435 \u0432\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 Google Play.\"", "\"confirm_device_credential_password\" : \"Usar senha\"", "\"search_menu_title\" : \"T\u00ecm ki\u1ebfm\"", "\"abc_capital_on\" : \"\u0631\u0648\u0634\u0646\"", "\"default_error_msg\" : \"Hitilafu isiyojulikana\"", "\"abc_shareactionprovider_share_with\" : \"Partager avec\"", "\"abc_searchview_description_submit\" : \"Odeslat dotaz\"", "\"common_google_play_services_enable_title\" : \"Google Play \u0c38\u0c47\u0c35\u0c32\u0c28\u0c41 \u0c2a\u0c4d\u0c30\u0c3e\u0c30\u0c02\u0c2d\u0c3f\u0c02\u0c1a\u0c02\u0c21\u0c3f\"", "\"abc_toolbar_collapse_description\" : \"Collapse\"", "\"abc_action_mode_done\" : \"\u0b39\u0b4b\u0b07\u0b17\u0b32\u0b3e\"", "\"abc_searchview_description_clear\" : \"Zoekopdracht wissen\"", "\"common_google_play_services_unsupported_text\" : \"A(z) %1$s alkalmaz\u00e1s nem fut a Google Play-szolg\u00e1ltat\u00e1sok n\u00e9lk\u00fcl, amelyeket eszk\u00f6ze nem t\u00e1mogat.\"", "\"common_google_play_services_update_button\" : \"\u0d05\u0d2a\u0d4d\u200c\u0d21\u0d47\u0d31\u0d4d\u0d31\u0d41\u0d1a\u0d46\u0d2f\u0d4d\u0d2f\u0d41\u0d15\"", "\"abc_searchview_description_query\" : \"Axtar\u0131\u015f sor\u011fusu\"", "\"abc_capital_on\" : \"AKTIBATU\"", "\"abc_searchview_description_query\" : \"Qidiruv so\u2018rovi\"", "\"common_google_play_services_updating_text\" : \"%1$s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u0568 \u0579\u056b \u0561\u0577\u056d\u0561\u057f\u056b \u0561\u057c\u0561\u0576\u0581 Google Play \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0578\u0582\u0576\u0576\u0565\u0580\u056b, \u0578\u0580\u0578\u0576\u0584 \u0561\u0575\u057d \u057a\u0561\u0570\u056b\u0576 \u0569\u0561\u0580\u0574\u0561\u0581\u057e\u0578\u0582\u0574 \u0565\u0576:\"", "\"common_google_play_services_enable_title\" : \"Activa\u021bi serviciile Google Play\"", "unsupported register class", "\"fingerprint_error_lockout\" : \"\u1021\u1000\u103c\u102d\u1019\u103a\u1019\u103b\u102c\u1038\u1005\u103d\u102c \u1005\u1019\u103a\u1038\u1015\u103c\u102e\u1038\u1015\u102b\u1015\u103c\u102e\u104b \u1014\u1031\u102c\u1000\u103a\u1019\u103e \u1011\u1015\u103a\u1005\u1019\u103a\u1038\u1000\u103c\u100a\u1037\u103a\u1015\u102b\u104b\"", "\"default_error_msg\" : \"\u12eb\u120d\u1273\u12c8\u1240 \u1235\u1205\u1270\u1275\"", "\"abc_action_mode_done\" : \"Atlikta\"", "\"abc_searchview_description_query\" : \"Hakukysely\"", "\"common_google_play_services_wear_update_text\" : \"Este necesar\u0103 o nou\u0103 versiune a serviciilor Google Play. Se vor actualiza automat \u00een cur\u00e2nd.\"", "\"fingerprint_dialog_touch_sensor\" : \"\u09ab\u09bf\u0982\u0997\u09be\u09f0\u09aa\u09cd\u09f0\u09bf\u09a3\u09cd\u099f \u099b\u09c7\u09a8\u09cd\u09b8\u09f0\u099f\u09cb \u09b8\u09cd\u09aa\u09f0\u09cd\u09b6 \u0995\u09f0\u0995\"", "\"common_signin_button_text\" : \"Prihl\u00e1si\u0165 sa\"", "\"abc_toolbar_collapse_description\" : \"\u09b8\u0999\u09cd\u0995\u09c1\u099a\u09bf\u09a4 \u0995\u09b0\u09c1\u09a8\"", "\"abc_searchview_description_voice\" : \"Hangalap\u00fa keres\u00e9s\"", "\"abc_shareactionprovider_share_with_application\" : \"\u053f\u056b\u057d\u057e\u0565\u056c %s \u0570\u0561\u057e\u0565\u056c\u057e\u0561\u056e\u056b \u0574\u056b\u057b\u0578\u0581\u0578\u057e\"", "\"common_google_play_services_enable_title\" : \"\u1794\u17be\u1780\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\"", "\"generic_error_user_canceled\" : \"\u09af\u09be\u099a\u09be\u0987\u0995\u09b0\u09a3 \u09aa\u09cd\u09b0\u0995\u09cd\u09b0\u09bf\u09af\u09bc\u09be\u099f\u09bf \u09ac\u09cd\u09af\u09ac\u09b9\u09be\u09b0\u0995\u09be\u09b0\u09c0 \u09ac\u09be\u09a4\u09bf\u09b2 \u0995\u09b0\u09c7\u099b\u09c7\u09a8\u0964\"", "\"abc_menu_meta_shortcut_label\" : \"Meta \u0bae\u0bb1\u0bcd\u0bb1\u0bc1\u0bae\u0bcd\"", "\"abc_activity_chooser_view_see_all\" : \"Alles weergeven\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play hizmetlerinin kullan\u0131labilirli\u011fi\"", "\"abc_prepend_shortcut_label\" : \"\u041c\u0435\u043d\u044e\u00a0+\"", "\"abc_searchview_description_clear\" : \"Obri\u0161ite upit\"", "\"abc_activitychooserview_choose_application\" : \"Khetha insiza\"", "\"abc_activitychooserview_choose_application\" : \"\u0995\u09cb\u09a8\u09cb \u098f\u09aa\u09cd \u09ac\u09be\u099b\u09a8\u09bf \u0995\u09f0\u0995\"", "\"generic_error_user_canceled\" : \"Gebruiker het stawing gekanselleer.\"", "\"generic_error_user_canceled\" : \"\u0410\u0432\u0442\u0435\u043d\u0442\u0438\u0444\u0456\u043a\u0430\u0446\u0456\u044e \u0441\u043a\u0430\u0441\u043e\u0432\u0430\u043d\u043e \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0435\u043c.\"", "\"abc_searchview_description_search\" : \"Buscar\"", "\"common_google_play_services_unsupported_text\" : \"%1$s ne fonctionnera pas sans les services Google\u00a0Play, qui ne sont pas compatibles avec votre appareil.\"", "\"abc_searchview_description_query\" : \"Pertanyaan carian\"", "\"abc_capital_off\" : \"AUS\"", "\"abc_capital_on\" : \"\u0423\u041a\u041b.\"", "\"common_google_play_services_install_title\" : \"Google Play \u0cb8\u0cc7\u0cb5\u0cc6\u0c97\u0cb3\u0ca8\u0ccd\u0ca8\u0cc1 \u0caa\u0ca1\u0cc6\u0caf\u0cbf\u0cb0\u0cbf\"", "\"common_google_play_services_install_text\" : \"%1$s won't run without Google Play services, which are missing from your device.\"", "\"common_google_play_services_update_button\" : \"\u0410\u0431\u043d\u0430\u0432\u0456\u0446\u044c\"", "\"abc_searchview_description_voice\" : \"\u0c35\u0c3e\u0c2f\u0c3f\u0c38\u0c4d \u0c36\u0c4b\u0c27\u0c28\"", "\"fingerprint_not_recognized\" : \"\u10d0\u10e0 \u10d0\u10e0\u10d8\u10e1 \u10d0\u10db\u10dd\u10ea\u10dc\u10dd\u10d1\u10d8\u10da\u10d8\"", "\"common_google_play_services_enable_title\" : \"Aktivace slu\u017eeb Google Play\"", "\"common_signin_button_text\" : \"\u30ed\u30b0\u30a4\u30f3\"", "\"common_google_play_services_install_button\" : \"Zainstaluj\"", "\"common_signin_button_text_long\" : \"Google \u0dc3\u0db8\u0d9c\u0dd2\u0db1\u0dca \u0db4\u0dd4\u0dbb\u0db1\u0dca\u0db1\"", "\"mtrl_badge_numberless_content_description\" : \"New notification\"", "\"abc_searchview_description_clear\" : \"\u179f\u1798\u17d2\u17a2\u17b6\u178f\u200b\u179f\u17c6\u178e\u17bd\u179a\"", "\"abc_menu_space_shortcut_label\" : \"Espai\"", "\"abc_searchview_description_submit\" : \"\uac80\uc0c9\uc5b4 \ubcf4\ub0b4\uae30\"", "\"common_google_play_services_install_text\" : \"Programa \u201e%1$s\u201c nebus paleid\u017eiama be \u201eGoogle Play\u201c paslaug\u0173, kuri\u0173 n\u0117ra \u012frenginyje.\"", "\"abc_activity_chooser_view_see_all\" : \"Ham\u0131s\u0131na bax\u0131n\"", "\"abc_searchview_description_query\" : \"Telusuri kueri\"", "\"abc_action_mode_done\" : \"\u0414\u0430\u0439\u044b\u043d\"", "\"abc_action_bar_up_description\" : \"\u03a0\u03bb\u03bf\u03ae\u03b3\u03b7\u03c3\u03b7 \u03c0\u03c1\u03bf\u03c2 \u03c4\u03b1 \u03b5\u03c0\u03ac\u03bd\u03c9\"", "\"common_signin_button_text_long\" : \"Log masuk dengan Google\"", "\"common_google_play_services_unsupported_text\" : \"%1$s Google \u09aa\u09cd\u09b2\u09c7 \u09b8\u09c7\u09f1\u09be\u09f0 \u0985\u09ac\u09bf\u09b9\u09a8\u09c7 \u09a8\u099a\u09b2\u09c7, \u09af\u09bf\u09ac\u09cb\u09f0 \u0986\u09aa\u09cb\u09a8\u09be\u09f0 \u09a1\u09bf\u09ad\u09be\u0987\u099a\u09a4 \u099a\u09b2\u09bf\u09ac \u09a8\u09cb\u09f1\u09be\u09f0\u09c7\u0964\"", "\"common_google_play_services_enable_title\" : \"Google Play\u958b\u767a\u8005\u30b5\u30fc\u30d3\u30b9\u306e\u6709\u52b9\u5316\"", "\"abc_shareactionprovider_share_with_application\" : \"\u4e0e%s\u5206\u4eab\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u0b0f\u0b39\u0b3f Google Play \u0b38\u0b47\u0b2c\u0b3e\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b2c\u0b3f\u0b28\u0b3e \u0b1a\u0b3e\u0b32\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01, \u0b0f\u0b2c\u0b02 \u0b38\u0b47\u0b17\u0b41\u0b21\u0b3c\u0b3f\u0b15 \u0b06\u0b2a\u0b23\u0b19\u0b4d\u0b15 \u0b21\u0b3f\u0b2d\u0b3e\u0b07\u0b38\u0b4d\u200c\u0b30\u0b47 \u0b15\u0b3e\u0b2e \u0b15\u0b30\u0b47 \u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0ab8\u0ac7\u0ab5\u0abe\u0a93\u0aa8\u0ac0 \u0a89\u0aaa\u0ab2\u0aac\u0acd\u0aa7\u0aa4\u0abe\"", "\"abc_action_menu_overflow_description\" : \"\u05e2\u05d5\u05d3 \u05d0\u05e4\u05e9\u05e8\u05d5\u05d9\u05d5\u05ea\"", "\"common_google_play_services_enable_title\" : \"\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49\u0e1a\u0e23\u0e34\u0e01\u0e32\u0e23 Google Play\"", "\"common_google_play_services_update_title\" : \"Google Play \uc11c\ube44\uc2a4 \uc5c5\ub370\uc774\ud2b8\"", "\"abc_capital_on\" : \"TIL\"", "\"common_google_play_services_install_title\" : \"Google Play hizmetlerini edinin\"", "\"common_google_play_services_notification_ticker\" : \"Google Play xidm\u0259tl\u0259ri x\u0259tas\u0131\"", "\"common_google_play_services_notification_channel_name\" : \"\u201eGoogle Play\u201c paslaug\u0173 pasiekiamumas\"", "\"common_google_play_services_unknown_issue\" : \"%1$s t\u0259tbiqi il\u0259 Google Play xidm\u0259tl\u0259ri aras\u0131nda problem var. Daha sonra yenid\u0259n c\u0259hd edin.\"", "\"common_google_play_services_unknown_issue\" : \"%1$s t\u00e9 problemes amb Serveis de Google Play. Torna-ho a provar.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"V\u00f9ng th\u00f4ng b\u00e1o tr\u1ee3 gi\u00fap\"", "\"abc_searchview_description_voice\" : \"T\u00ecm ki\u1ebfm b\u1eb1ng gi\u1ecdng n\u00f3i\"", "\"common_google_play_services_unsupported_text\" : \"\u0414\u043e\u0434\u0430\u0442\u043e\u043a %1$s \u043d\u0435 \u043f\u0440\u0430\u0446\u044e\u0432\u0430\u0442\u0438\u043c\u0435 \u0431\u0435\u0437 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432 Google Play, \u044f\u043a\u0456 \u043d\u0435 \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u0443\u044e\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u0430\u0448\u043e\u043c\u0443 \u043f\u0440\u0438\u0441\u0442\u0440\u043e\u0457.\"", "\"abc_searchview_description_search\" : \"S\u00f8g\"", "\"common_google_play_services_updating_text\" : \"Lai lietotne %1$s darbotos, ir j\u0101instal\u0113 Google\u00a0Play pakalpojumi. Pa\u0161laik notiek to atjaunin\u0101\u0161ana.\"", "\"fingerprint_error_lockout\" : \"\u0916\u0942\u092a \u091c\u093e\u0938\u094d\u0924 \u092a\u094d\u0930\u092f\u0924\u094d\u0928. \u0915\u0943\u092a\u092f\u093e \u0928\u0902\u0924\u0930 \u092a\u0941\u0928\u094d\u0939\u093e \u092a\u094d\u0930\u092f\u0924\u094d\u0928 \u0915\u0930\u093e.\"", "\"abc_searchview_description_clear\" : \"Borrar consulta\"", "\"abc_shareactionprovider_share_with_application\" : \"\u0645\u0634\u0627\u0631\u0643\u0629 \u0645\u0639 %s\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Area pesan bantuan\"", "\"generic_error_user_canceled\" : \"\u0623\u0644\u063a\u0649 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629.\"", "\"google_app_id\" : \"1:932398433474:android:64f0cff260d1f223f3675b\"", "\"common_google_play_services_install_title\" : \"Installer les services Google Play\"", "\"common_google_play_services_unsupported_text\" : \"%1$s \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b \u049b\u04b1\u0440\u044b\u043b\u0493\u044b\u04a3\u044b\u0437\u0434\u0430 \u049b\u043e\u043b\u0434\u0430\u0443 \u043a\u04e9\u0440\u0441\u0435\u0442\u0456\u043b\u043c\u0435\u0439\u0442\u0456\u043d Google Play \u049b\u044b\u0437\u043c\u0435\u0442\u0456\u043d\u0441\u0456\u0437 \u0436\u04b1\u043c\u044b\u0441 \u0456\u0441\u0442\u0435\u043c\u0435\u0439\u0434\u0456.\"", "\"common_google_play_services_enable_button\" : \"\u0d2a\u0d4d\u0d30\u0d35\u0d7c\u0d24\u0d4d\u0d24\u0d28\u0d15\u0d4d\u0d37\u0d2e\u0d2e\u0d3e\u0d15\u0d4d\u0d15\u0d41\u0d15\"", "\"common_google_play_services_wear_update_text\" : \"Reikia naujos versijos \u201eGoogle Play\u201c paslaug\u0173. Jos netrukus bus atnaujintos.\"", "\"abc_searchview_description_voice\" : \"\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u200b\u178f\u17b6\u1798\u200b\u179f\u17c6\u17a1\u17c1\u1784\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u30d8\u30eb\u30d7 \u30e1\u30c3\u30bb\u30fc\u30b8\u9818\u57df\"", "\"fingerprint_not_recognized\" : \"\u0422\u0430\u0430\u043d\u044b\u043b\u0433\u0430\u043d \u0436\u043e\u043a\"", "\"abc_action_bar_up_description\" : \"Yopish\"", "\"abc_activity_chooser_view_see_all\" : \"\u0938\u092d\u0940 \u0926\u0947\u0916\u0947\u0902\"", "\"fingerprint_dialog_touch_sensor\" : \"\u12e8\u1323\u1275 \u12a0\u123b\u122b \u12f3\u1233\u1239\u1295 \u12ed\u1295\u12a9\"", "\"fingerprint_error_no_fingerprints\" : \"Nessuna impronta digitale registrata.\"", "\"fingerprint_dialog_touch_sensor\" : \"Atinge\u021bi senzorul de amprent\u0103\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u0938\u0947\u0935\u093e\u0915\u094b \u0909\u092a\u0932\u092c\u094d\u0927\u0924\u093e\"", "\"common_google_play_services_unknown_issue\" : \"%1$s mengalami masalah dengan layanan Google Play. Coba lagi.\"", "\"abc_searchview_description_search\" : \"\u0548\u0580\u0578\u0576\u0565\u056c\"", "\"common_google_play_services_install_button\" : \"\u1011\u100a\u1037\u103a\u101e\u103d\u1004\u103a\u1038\u1015\u102b\"", "\"abc_toolbar_collapse_description\" : \"\u0915\u094b\u0932\u0945\u092a\u094d\u0938 \u0915\u0930\u093e\"", "\"common_google_play_services_enable_title\" : \"Ativar servi\u00e7os do Google Play\"", "\"abc_action_menu_overflow_description\" : \"Fleiri valkostir\"", "\"fingerprint_error_no_fingerprints\" : \"\u0b95\u0bc8\u0bb0\u0bc7\u0b95\u0bc8\u0baa\u0bcd \u0baa\u0ba4\u0bbf\u0bb5\u0bc1\u0b95\u0bb3\u0bcd \u0b8e\u0ba4\u0bc1\u0bb5\u0bc1\u0bae\u0bbf\u0bb2\u0bcd\u0bb2\u0bc8.\"", "\"fingerprint_error_no_fingerprints\" : \"\u0915\u094b\u0908 \u092b\u093c\u093f\u0902\u0917\u0930\u092a\u094d\u0930\u093f\u0902\u091f \u0930\u091c\u093f\u0938\u094d\u091f\u0930 \u0928\u0939\u0940\u0902 \u0915\u093f\u092f\u093e \u0917\u092f\u093e \u0939\u0948.\"", "\"common_google_play_services_wear_update_text\" : \"Google Play \u0938\u0947\u0935\u093e\u0913\u0902 \u0915\u0947 \u0928\u090f \u0935\u0930\u094d\u0936\u0928 \u0915\u0940 \u091c\u093c\u0930\u0942\u0930\u0924 \u0939\u0948. \u092f\u0939 \u091c\u0932\u094d\u0926 \u0939\u0940 \u0905\u092a\u0928\u0947 \u0906\u092a \u0905\u092a\u0921\u0947\u091f \u0939\u094b \u091c\u093e\u090f\u0917\u093e.\"", "\"common_signin_button_text\" : \"\u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\"", "\"common_signin_button_text_long\" : \"\u041d\u0430\u0458\u0430\u0432\u0438 \u0441\u0435 \u0441\u043e Google\"", "\"abc_activity_chooser_view_see_all\" : \"Hammasi\"", "\"search_menu_title\" : \"\u641c\u7d22\"", "\"accessibility_fingerprint_dialog_help_area\" : \"Help message area\"", "\"fingerprint_dialog_touch_sensor\" : \"Prek sensorin e gjurm\u00ebs s\u00eb gishtit\"", "\"common_google_play_services_enable_title\" : \"Google Play teenuste lubamine\"", "\"abc_action_menu_overflow_description\" : \"\u200e\u200f\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200e\u200e\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200f\u200e\u200f\u200e\u200e\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200e\u200f\u200e\u200f\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200f\u200f\u200e\u200f\u200f\u200e\u200e\u200e\u200e\u200f\u200e\u200e\u200f\u200e\u200f\u200f\u200f\u200f\u200f\u200e\u200f\u200e\u200e\u200f\u200eMore options\u200e\u200f\u200e\u200e\u200f\u200e\"", "\"common_google_play_services_enable_button\" : \"Aktiv\u00e9r\"", "\"common_signin_button_text_long\" : \"Google\u0c24\u0c4b \u0c38\u0c48\u0c28\u0c4d \u0c07\u0c28\u0c4d \u0c1a\u0c47\u0c2f\u0c3f\"", "\"abc_activity_chooser_view_see_all\" : \"Angalia zote\"", "\"common_google_play_services_install_title\" : \"Descargar servizos de Google Play\"", "\"abc_action_menu_overflow_description\" : \"Yana\"", "\"fingerprint_error_no_fingerprints\" : \"\u0b15\u0b4c\u0b23\u0b38\u0b3f \u0b06\u0b19\u0b4d\u0b17\u0b41\u0b20\u0b3f \u0b1a\u0b3f\u0b39\u0b4d\u0b28 \u0b2a\u0b1e\u0b4d\u0b1c\u0b40\u0b15\u0b43\u0b24 \u0b39\u0b4b\u0b07\u0b28\u0b3e\u0b39\u0b3f\u0b01\u0964\"", "\"abc_action_mode_done\" : \"\u0ec1\u0ea5\u0ec9\u0ea7\u0ec6\"", "\"common_google_play_services_updating_text\" : \"%1$s getur ekki keyrt \u00e1n \u00fej\u00f3nustu Google Play, sem veri\u00f0 er a\u00f0 uppf\u00e6ra.\"", "\"common_google_play_services_update_text\" : \"%1$s \u1793\u17b9\u1784\u1798\u17b7\u1793\u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1791\u17c1 \u179b\u17bb\u17c7\u178f\u17d2\u179a\u17b6\u178f\u17c2\u17a2\u17d2\u1793\u1780\u1792\u17d2\u179c\u17be\u1794\u1785\u17d2\u1785\u17bb\u1794\u17d2\u1794\u1793\u17d2\u1793\u1797\u17b6\u1796\u179f\u17c1\u179c\u17b6\u1780\u1798\u17d2\u1798 Google Play\u17d4\"", "\"common_google_play_services_enable_text\" : \"Aplik\u00e1cia %1$s bude fungova\u0165 a\u017e po povolen\u00ed slu\u017eieb Google Play.\"", "\"common_google_play_services_notification_channel_name\" : \"Google Play \u043a\u044b\u0437\u043c\u0430\u0442\u0442\u0430\u0440\u044b\u043d\u044b\u043d \u0438\u0448\u0442\u0435\u0448\u0438\"", "\"fingerprint_error_lockout\" : \"Massa intents. Torna-ho a provar m\u00e9s tard.\"", "\"common_google_play_services_enable_title\" : \"Google Play \u04af\u0439\u043b\u0447\u0438\u043b\u0433\u044d\u044d\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u044d\u0445\"", "\"common_google_play_services_enable_button\" : \"Gaitu\"", "\"confirm_device_credential_password\" : \"\u0555\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c \u0563\u0561\u0572\u057f\u0576\u0561\u0562\u0561\u057c\"", "\"search_menu_title\" : \"Pretra\u017eite\"", "\"common_google_play_services_update_text\" : \"%1$s kan ikke k\u00f8re, medmindre du opdaterer Google Play-tjenester.\"", "\"fingerprint_error_lockout\" : \"\u5165\u529b\u56de\u6570\u304c\u4e0a\u9650\u3092\u8d85\u3048\u307e\u3057\u305f\u3002\u3057\u3070\u3089\u304f\u3057\u3066\u304b\u3089\u3082\u3046\u4e00\u5ea6\u304a\u8a66\u3057\u304f\u3060\u3055\u3044\u3002\"", "\"common_google_play_services_unsupported_text\" : \"%1$s sal nie werk sonder Google Play Dienste nie, wat nie deur jou toestel gesteun word nie.\"", "\"common_google_play_services_update_button\" : \"\u0a85\u0aaa\u0aa1\u0ac7\u0a9f \u0a95\u0ab0\u0acb\"", "\"abc_searchview_description_query\" : \"\u0c36\u0c4b\u0c27\u0c28 \u0c2a\u0c4d\u0c30\u0c36\u0c4d\u0c28\"", "\"abc_searchview_description_submit\" : \"Lek\u00e9rdez\u00e9s k\u00fcld\u00e9se\"", "\"common_google_play_services_install_button\" : \"\u0987\u09a8\u09b8\u09cd\u099f\u09b2 \u0995\u09b0\u09c1\u09a8\"", "\"default_error_msg\" : \"Ne\u017einoma klaida\"", "\"common_google_play_services_update_title\" : \"Actualizar servicios de Google Play\"", "\"common_google_play_services_update_text\" : \"Aplikacija %1$s ne\u0107e raditi ako ne a\u017eurirate Google Play usluge.\"", "\"accessibility_fingerprint_dialog_help_area\" : \"\u0e1e\u0e37\u0e49\u0e19\u0e17\u0e35\u0e48\u0e02\u0e49\u0e2d\u0e04\u0e27\u0e32\u0e21\u0e0a\u0e48\u0e27\u0e22\u0e40\u0e2b\u0e25\u0e37\u0e2d\"", "\"abc_action_menu_overflow_description\" : \"Lis\u00e4asetukset\"", "\"generic_error_user_canceled\" : \"\u0635\u0627\u0631\u0641 \u0646\u06d2 \u062a\u0635\u062f\u06cc\u0642 \u06a9\u0648 \u0645\u0646\u0633\u0648\u062e \u06a9\u0631 \u062f\u06cc\u0627\u06d4\"", "\"fingerprint_error_user_canceled\" : \"\u101c\u1000\u103a\u1017\u103d\u1031\u1016\u103c\u1004\u1037\u103a \u1021\u1011\u1031\u102c\u1000\u103a\u1021\u1011\u102c\u1038\u1005\u102d\u1005\u1005\u103a\u1001\u103c\u1004\u103a\u1038\u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101e\u1030\u1000 \u1015\u101a\u103a\u1016\u103b\u1000\u103a\u1011\u102c\u1038\u101e\u100a\u103a\u104b\"", "\"common_google_play_services_update_button\" : \"\u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_menu_space_shortcut_label\" : \"space\"", "\"abc_search_hint\" : \"\u09b8\u09a8\u09cd\u09a7\u09be\u09a8 \u0995\u09f0\u0995\u2026\"", "\"fingerprint_not_recognized\" : \"\u092a\u0939\u093f\u091a\u093e\u0928 \u092d\u090f\u0928\"", "\"abc_capital_off\" : \"VYP\"", "\"search_menu_title\" : \"\u0ba4\u0bc7\u0b9f\u0bb2\u0bcd\"", "\"generic_error_user_canceled\" : \"El usuario ha cancelado la autenticaci\u00f3n.\"", "\"abc_searchview_description_submit\" : \"Serah pertanyaan\"", "\"common_google_play_services_wear_update_text\" : \"\u0e88\u0eb3\u200b\u0ec0\u0e9b\u0eb1\u0e99\u200b\u0e95\u0ec9\u0ead\u0e87\u200b\u0ea1\u0eb5\u200b\u0e81\u0eb2\u200b\u0e99\u200b\u0e9a\u0ecd\u200b\u0ea5\u0eb4\u200b\u0e81\u0eb2\u0e99 Google Play \u0ec0\u0ea7\u0eb5\u200b\u0e8a\u0eb1\u0e99\u200b\u0ec3\u0edd\u0ec8. \u0ea1\u0eb1\u0e99\u200b\u0e88\u0eb0\u200b\u0ead\u0eb1\u0e9a\u200b\u0ec0\u0e94\u0e94\u200b\u0e95\u0ebb\u0ea7\u200b\u0ec0\u0ead\u0e87\u200b\u0ec4\u0ea7\u0ec6\u200b\u0e99\u0eb5\u0ec9.\"", "\"abc_activitychooserview_choose_application\" : \"App ausw\u00e4hlen\"", "\"common_google_play_services_enable_button\" : \"Activa\"", "\"abc_menu_function_shortcut_label\" : \"Funci\u00f3n\u00a0+\"", "\"common_google_play_services_update_title\" : \"Google Play-Dienste aktualisieren\"", "\"abc_search_hint\" : \"\u641c\u7d22\u2026\"", "\"common_google_play_services_enable_title\" : \"Gaitu Google Play zerbitzuak\"", "\"search_menu_title\" : \"\u041f\u0440\u0435\u0431\u0430\u0440\u0430\u0458\"", "\"abc_searchview_description_submit\" : \"\u0418\u0437\u043f\u0440\u0430\u0449\u0430\u043d\u0435 \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0430\u0442\u0430\"", "\"common_google_play_services_install_button\" : \"\u0dc3\u0dca\u0dae\u0dcf\u0db4\u0db1\u0dba \u0d9a\u0dbb\u0db1\u0dca\u0db1\"", "\"abc_action_menu_overflow_description\" : \"\u0414\u0430\u0433\u044b \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440\""], "firebase_urls": [{"url": "https://damn-vulnerable-bank.firebaseio.com", "open": false}], "files": ["AndroidManifest.xml", "META-INF/MANIFEST.MF", "META-INF/androidx.activity_activity.version", "META-INF/androidx.appcompat_appcompat-resources.version", "META-INF/androidx.appcompat_appcompat.version", "META-INF/androidx.arch.core_core-runtime.version", "META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version", "META-INF/androidx.biometric_biometric.version", "META-INF/androidx.cardview_cardview.version", "META-INF/androidx.coordinatorlayout_coordinatorlayout.version", "META-INF/androidx.core_core.version", "META-INF/androidx.cursoradapter_cursoradapter.version", "META-INF/androidx.customview_customview.version", "META-INF/androidx.documentfile_documentfile.version", "META-INF/androidx.drawerlayout_drawerlayout.version", "META-INF/androidx.fragment_fragment.version", "META-INF/androidx.interpolator_interpolator.version", "META-INF/androidx.legacy_legacy-support-core-ui.version", "META-INF/androidx.legacy_legacy-support-core-utils.version", "META-INF/androidx.legacy_legacy-support-v4.version", "META-INF/androidx.lifecycle_lifecycle-livedata-core.version", "META-INF/androidx.lifecycle_lifecycle-livedata.version", "META-INF/androidx.lifecycle_lifecycle-runtime.version", "META-INF/androidx.lifecycle_lifecycle-viewmodel.version", "META-INF/androidx.loader_loader.version", "META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version", "META-INF/androidx.media_media.version", "META-INF/androidx.print_print.version", "META-INF/androidx.recyclerview_recyclerview.version", "META-INF/androidx.savedstate_savedstate.version", "META-INF/androidx.slidingpanelayout_slidingpanelayout.version", "META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version", "META-INF/androidx.transition_transition.version", "META-INF/androidx.vectordrawable_vectordrawable-animated.version", "META-INF/androidx.vectordrawable_vectordrawable.version", "META-INF/androidx.versionedparcelable_versionedparcelable.version", "META-INF/androidx.viewpager2_viewpager2.version", "META-INF/androidx.viewpager_viewpager.version", "META-INF/com.google.android.material_material.version", "classes.dex", "firebase-auth-interop.properties", "firebase-auth.properties", "firebase-common.properties", "firebase-components.properties", "lib/arm64-v8a/libfrida-check.so", "lib/arm64-v8a/libtool-checker.so", "lib/armeabi-v7a/libfrida-check.so", "lib/armeabi-v7a/libtool-checker.so", "lib/x86/libfrida-check.so", "lib/x86/libtool-checker.so", "lib/x86_64/libfrida-check.so", "lib/x86_64/libtool-checker.so", "play-services-base.properties", "play-services-basement.properties", "play-services-tasks.properties", "res/anim-v21/design_bottom_sheet_slide_in.xml", "res/anim-v21/design_bottom_sheet_slide_out.xml", "res/anim-v21/mtrl_bottom_sheet_slide_in.xml", "res/anim-v21/mtrl_bottom_sheet_slide_out.xml", "res/anim/abc_fade_in.xml", "res/anim/abc_fade_out.xml", "res/anim/abc_grow_fade_in_from_bottom.xml", "res/anim/abc_popup_enter.xml", "res/anim/abc_popup_exit.xml", "res/anim/abc_shrink_fade_out_from_bottom.xml", "res/anim/abc_slide_in_bottom.xml", "res/anim/abc_slide_in_top.xml", "res/anim/abc_slide_out_bottom.xml", "res/anim/abc_slide_out_top.xml", "res/anim/abc_tooltip_enter.xml", "res/anim/abc_tooltip_exit.xml", "res/anim/bottom_anim.xml", "res/anim/btn_checkbox_to_checked_box_inner_merged_animation.xml", "res/anim/btn_checkbox_to_checked_box_outer_merged_animation.xml", "res/anim/btn_checkbox_to_checked_icon_null_animation.xml", "res/anim/btn_checkbox_to_unchecked_box_inner_merged_animation.xml", "res/anim/btn_checkbox_to_unchecked_check_path_merged_animation.xml", "res/anim/btn_checkbox_to_unchecked_icon_null_animation.xml", "res/anim/btn_radio_to_off_mtrl_dot_group_animation.xml", "res/anim/btn_radio_to_off_mtrl_ring_outer_animation.xml", "res/anim/btn_radio_to_off_mtrl_ring_outer_path_animation.xml", "res/anim/btn_radio_to_on_mtrl_dot_group_animation.xml", "res/anim/btn_radio_to_on_mtrl_ring_outer_animation.xml", "res/anim/btn_radio_to_on_mtrl_ring_outer_path_animation.xml", "res/anim/design_snackbar_in.xml", "res/anim/design_snackbar_out.xml", "res/anim/mtrl_card_lowers_interpolator.xml", "res/anim/side_anim.xml", "res/animator-v21/design_appbar_state_list_animator.xml", "res/animator/design_fab_hide_motion_spec.xml", "res/animator/design_fab_show_motion_spec.xml", "res/animator/mtrl_btn_state_list_anim.xml", "res/animator/mtrl_btn_unelevated_state_list_anim.xml", "res/animator/mtrl_card_state_list_anim.xml", "res/animator/mtrl_chip_state_list_anim.xml", "res/animator/mtrl_extended_fab_change_size_motion_spec.xml", "res/animator/mtrl_extended_fab_hide_motion_spec.xml", "res/animator/mtrl_extended_fab_show_motion_spec.xml", "res/animator/mtrl_extended_fab_state_list_animator.xml", "res/animator/mtrl_fab_hide_motion_spec.xml", "res/animator/mtrl_fab_show_motion_spec.xml", "res/animator/mtrl_fab_transformation_sheet_collapse_spec.xml", "res/animator/mtrl_fab_transformation_sheet_expand_spec.xml", "res/color-v21/abc_btn_colored_borderless_text_material.xml", "res/color-v23/abc_btn_colored_borderless_text_material.xml", "res/color-v23/abc_btn_colored_text_material.xml", "res/color-v23/abc_color_highlight_material.xml", "res/color-v23/abc_tint_btn_checkable.xml", "res/color-v23/abc_tint_default.xml", "res/color-v23/abc_tint_edittext.xml", "res/color-v23/abc_tint_seek_thumb.xml", "res/color-v23/abc_tint_spinner.xml", "res/color-v23/abc_tint_switch_track.xml", "res/color-v26/biometric_error_color.xml", "res/color/abc_background_cache_hint_selector_material_dark.xml", "res/color/abc_background_cache_hint_selector_material_light.xml", "res/color/abc_btn_colored_text_material.xml", "res/color/abc_hint_foreground_material_dark.xml", "res/color/abc_hint_foreground_material_light.xml", "res/color/abc_primary_text_disable_only_material_dark.xml", "res/color/abc_primary_text_disable_only_material_light.xml", "res/color/abc_primary_text_material_dark.xml", "res/color/abc_primary_text_material_light.xml", "res/color/abc_search_url_text.xml", "res/color/abc_secondary_text_material_dark.xml", "res/color/abc_secondary_text_material_light.xml", "res/color/abc_tint_btn_checkable.xml", "res/color/abc_tint_default.xml", "res/color/abc_tint_edittext.xml", "res/color/abc_tint_seek_thumb.xml", "res/color/abc_tint_spinner.xml", "res/color/abc_tint_switch_track.xml", "res/color/checkbox_themeable_attribute_color.xml", "res/color/common_google_signin_btn_text_dark.xml", "res/color/common_google_signin_btn_text_light.xml", "res/color/common_google_signin_btn_tint.xml", "res/color/design_box_stroke_color.xml", "res/color/design_error.xml", "res/color/design_icon_tint.xml", "res/color/material_on_background_disabled.xml", "res/color/material_on_background_emphasis_high_type.xml", "res/color/material_on_background_emphasis_medium.xml", "res/color/material_on_primary_disabled.xml", "res/color/material_on_primary_emphasis_high_type.xml", "res/color/material_on_primary_emphasis_medium.xml", "res/color/material_on_surface_disabled.xml", "res/color/material_on_surface_emphasis_high_type.xml", "res/color/material_on_surface_emphasis_medium.xml", "res/color/mtrl_bottom_nav_colored_item_tint.xml", "res/color/mtrl_bottom_nav_colored_ripple_color.xml", "res/color/mtrl_bottom_nav_item_tint.xml", "res/color/mtrl_bottom_nav_ripple_color.xml", "res/color/mtrl_btn_bg_color_selector.xml", "res/color/mtrl_btn_ripple_color.xml", "res/color/mtrl_btn_stroke_color_selector.xml", "res/color/mtrl_btn_text_btn_bg_color_selector.xml", "res/color/mtrl_btn_text_btn_ripple_color.xml", "res/color/mtrl_btn_text_color_selector.xml", "res/color/mtrl_calendar_item_stroke_color.xml", "res/color/mtrl_calendar_selected_range.xml", "res/color/mtrl_card_view_foreground.xml", "res/color/mtrl_card_view_ripple.xml", "res/color/mtrl_chip_background_color.xml", "res/color/mtrl_chip_close_icon_tint.xml", "res/color/mtrl_chip_ripple_color.xml", "res/color/mtrl_chip_surface_color.xml", "res/color/mtrl_chip_text_color.xml", "res/color/mtrl_choice_chip_background_color.xml", "res/color/mtrl_choice_chip_ripple_color.xml", "res/color/mtrl_choice_chip_text_color.xml", "res/color/mtrl_error.xml", "res/color/mtrl_extended_fab_bg_color_selector.xml", "res/color/mtrl_extended_fab_ripple_color.xml", "res/color/mtrl_extended_fab_text_color_selector.xml", "res/color/mtrl_fab_ripple_color.xml", "res/color/mtrl_filled_background_color.xml", "res/color/mtrl_filled_icon_tint.xml", "res/color/mtrl_filled_stroke_color.xml", "res/color/mtrl_indicator_text_color.xml", "res/color/mtrl_navigation_item_background_color.xml", "res/color/mtrl_navigation_item_icon_tint.xml", "res/color/mtrl_navigation_item_text_color.xml", "res/color/mtrl_on_primary_text_btn_text_color_selector.xml", "res/color/mtrl_outlined_icon_tint.xml", "res/color/mtrl_outlined_stroke_color.xml", "res/color/mtrl_popupmenu_overlay_color.xml", "res/color/mtrl_tabs_colored_ripple_color.xml", "res/color/mtrl_tabs_icon_color_selector.xml", "res/color/mtrl_tabs_icon_color_selector_colored.xml", "res/color/mtrl_tabs_legacy_text_color_selector.xml", "res/color/mtrl_tabs_ripple_color.xml", "res/color/mtrl_text_btn_text_color_selector.xml", "res/color/switch_thumb_material_dark.xml", "res/color/switch_thumb_material_light.xml", "res/color/test_mtrl_calendar_day.xml", "res/color/test_mtrl_calendar_day_selected.xml", "res/drawable-anydpi-v21/design_ic_visibility.xml", "res/drawable-anydpi-v21/design_ic_visibility_off.xml", "res/drawable-hdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-hdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-hdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-hdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-hdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-hdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-hdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-hdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_list_focused_holo.9.png", "res/drawable-hdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-hdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable-hdpi-v4/abc_list_pressed_holo_light.9.png", "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/drawable-hdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-hdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/drawable-hdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-hdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-hdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-hdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/drawable-hdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/drawable-hdpi-v4/common_full_open_on_phone.png", "res/drawable-hdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable-hdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable-hdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-hdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/drawable-hdpi-v4/design_ic_visibility.png", "res/drawable-hdpi-v4/design_ic_visibility_off.png", "res/drawable-hdpi-v4/googleg_disabled_color_18.png", "res/drawable-hdpi-v4/googleg_standard_color_18.png", "res/drawable-hdpi-v4/notification_bg_low_normal.9.png", "res/drawable-hdpi-v4/notification_bg_low_pressed.9.png", "res/drawable-hdpi-v4/notification_bg_normal.9.png", "res/drawable-hdpi-v4/notification_bg_normal_pressed.9.png", "res/drawable-hdpi-v4/notify_panel_notification_icon_bg.png", "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-ldrtl-hdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-ldrtl-mdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-ldrtl-xhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-ldrtl-xxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-ldrtl-xxxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-mdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-mdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-mdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-mdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-mdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-mdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-mdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-mdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-mdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-mdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_list_focused_holo.9.png", "res/drawable-mdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-mdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable-mdpi-v4/abc_list_pressed_holo_light.9.png", "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/drawable-mdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-mdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/drawable-mdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-mdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-mdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-mdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/drawable-mdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/drawable-mdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable-mdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable-mdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-mdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/drawable-mdpi-v4/design_ic_visibility.png", "res/drawable-mdpi-v4/design_ic_visibility_off.png", "res/drawable-mdpi-v4/googleg_disabled_color_18.png", "res/drawable-mdpi-v4/googleg_standard_color_18.png", "res/drawable-mdpi-v4/notification_bg_low_normal.9.png", "res/drawable-mdpi-v4/notification_bg_low_pressed.9.png", "res/drawable-mdpi-v4/notification_bg_normal.9.png", "res/drawable-mdpi-v4/notification_bg_normal_pressed.9.png", "res/drawable-mdpi-v4/notify_panel_notification_icon_bg.png", "res/drawable-v21/$avd_hide_password__0.xml", "res/drawable-v21/$avd_hide_password__1.xml", "res/drawable-v21/$avd_hide_password__2.xml", "res/drawable-v21/$avd_show_password__0.xml", "res/drawable-v21/$avd_show_password__1.xml", "res/drawable-v21/$avd_show_password__2.xml", "res/drawable-v21/abc_action_bar_item_background_material.xml", "res/drawable-v21/abc_btn_colored_material.xml", "res/drawable-v21/abc_dialog_material_background.xml", "res/drawable-v21/abc_edit_text_material.xml", "res/drawable-v21/abc_list_divider_material.xml", "res/drawable-v21/avd_hide_password.xml", "res/drawable-v21/avd_show_password.xml", "res/drawable-v21/design_bottom_navigation_item_background.xml", "res/drawable-v21/design_password_eye.xml", "res/drawable-v21/layout_selector_tran.xml", "res/drawable-v21/notification_action_background.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__10__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__10__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__10__2.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__10__3.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__11__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__11__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__12__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__12__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__12__2.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__12__3.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__1__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__1__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__2__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__2__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__3__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__3__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__4__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__4__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__5__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__5__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__6__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__6__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__7__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__8__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__8__1.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__9__0.xml", "res/drawable-v23/$$fingerprint_dialog_error_to_fp__9__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__10__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__10__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__11__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__11__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__12__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__13__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__14__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__14__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__15__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__15__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__16__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__17__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__17__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__18__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__18__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__19__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__19__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__1__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__20__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__20__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__21__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__21__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__21__2.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__21__3.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__22__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__22__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__23__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__23__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__23__2.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__23__3.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__2__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__2__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__3__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__3__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__4__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__4__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__5__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__5__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__6__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__6__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__7__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__7__1.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__8__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__9__0.xml", "res/drawable-v23/$$fingerprint_dialog_fp_to_error__9__1.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__0.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__1.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__10.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__11.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__12.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__13.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__2.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__3.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__4.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__5.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__6.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__7.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__8.xml", "res/drawable-v23/$fingerprint_dialog_error_to_fp__9.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__0.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__1.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__10.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__11.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__12.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__13.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__14.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__15.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__16.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__17.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__18.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__19.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__2.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__20.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__21.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__22.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__23.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__24.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__3.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__4.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__5.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__6.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__7.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__8.xml", "res/drawable-v23/$fingerprint_dialog_fp_to_error__9.xml", "res/drawable-v23/abc_control_background_material.xml", "res/drawable-v23/fingerprint_dialog_error_to_fp.xml", "res/drawable-v23/fingerprint_dialog_fp_to_error.xml", "res/drawable-v23/mtrl_popupmenu_background_dark.xml", "res/drawable-v24/$ic_launcher_foreground__0.xml", "res/drawable-v24/ic_launcher_foreground.xml", "res/drawable-watch-v20/abc_dialog_material_background.xml", "res/drawable-xhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-xhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-xhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-xhdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-xhdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-xhdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-xhdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_list_focused_holo.9.png", "res/drawable-xhdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-xhdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable-xhdpi-v4/abc_list_pressed_holo_light.9.png", "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/drawable-xhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-xhdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/drawable-xhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-xhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-xhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/drawable-xhdpi-v4/common_full_open_on_phone.png", "res/drawable-xhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable-xhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable-xhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-xhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/drawable-xhdpi-v4/design_ic_visibility.png", "res/drawable-xhdpi-v4/design_ic_visibility_off.png", "res/drawable-xhdpi-v4/googleg_disabled_color_18.png", "res/drawable-xhdpi-v4/googleg_standard_color_18.png", "res/drawable-xhdpi-v4/notification_bg_low_normal.9.png", "res/drawable-xhdpi-v4/notification_bg_low_pressed.9.png", "res/drawable-xhdpi-v4/notification_bg_normal.9.png", "res/drawable-xhdpi-v4/notification_bg_normal_pressed.9.png", "res/drawable-xhdpi-v4/notify_panel_notification_icon_bg.png", "res/drawable-xxhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-xxhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-xxhdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-xxhdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-xxhdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-xxhdpi-v4/abc_list_divider_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_list_focused_holo.9.png", "res/drawable-xxhdpi-v4/abc_list_longpressed_holo.9.png", "res/drawable-xxhdpi-v4/abc_list_pressed_holo_dark.9.png", "res/drawable-xxhdpi-v4/abc_list_pressed_holo_light.9.png", "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_light.9.png", "res/drawable-xxhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", "res/drawable-xxhdpi-v4/abc_popup_background_mtrl_mult.9.png", "res/drawable-xxhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-xxhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-xxhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", "res/drawable-xxhdpi-v4/common_google_signin_btn_icon_dark_normal_background.9.png", "res/drawable-xxhdpi-v4/common_google_signin_btn_icon_light_normal_background.9.png", "res/drawable-xxhdpi-v4/common_google_signin_btn_text_dark_normal_background.9.png", "res/drawable-xxhdpi-v4/common_google_signin_btn_text_light_normal_background.9.png", "res/drawable-xxhdpi-v4/design_ic_visibility.png", "res/drawable-xxhdpi-v4/design_ic_visibility_off.png", "res/drawable-xxhdpi-v4/googleg_disabled_color_18.png", "res/drawable-xxhdpi-v4/googleg_standard_color_18.png", "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", "res/drawable-xxxhdpi-v4/abc_ic_star_black_16dp.png", "res/drawable-xxxhdpi-v4/abc_ic_star_black_36dp.png", "res/drawable-xxxhdpi-v4/abc_ic_star_black_48dp.png", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_16dp.png", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_36dp.png", "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_48dp.png", "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", "res/drawable-xxxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", "res/drawable-xxxhdpi-v4/design_ic_visibility.png", "res/drawable-xxxhdpi-v4/design_ic_visibility_off.png", "res/drawable/abc_btn_borderless_material.xml", "res/drawable/abc_btn_check_material.xml", "res/drawable/abc_btn_check_material_anim.xml", "res/drawable/abc_btn_default_mtrl_shape.xml", "res/drawable/abc_btn_radio_material.xml", "res/drawable/abc_btn_radio_material_anim.xml", "res/drawable/abc_cab_background_internal_bg.xml", "res/drawable/abc_cab_background_top_material.xml", "res/drawable/abc_ic_ab_back_material.xml", "res/drawable/abc_ic_arrow_drop_right_black_24dp.xml", "res/drawable/abc_ic_clear_material.xml", "res/drawable/abc_ic_go_search_api_material.xml", "res/drawable/abc_ic_menu_overflow_material.xml", "res/drawable/abc_ic_search_api_material.xml", "res/drawable/abc_ic_voice_search_api_material.xml", "res/drawable/abc_item_background_holo_dark.xml", "res/drawable/abc_item_background_holo_light.xml", "res/drawable/abc_list_selector_background_transition_holo_dark.xml", "res/drawable/abc_list_selector_background_transition_holo_light.xml", "res/drawable/abc_list_selector_holo_dark.xml", "res/drawable/abc_list_selector_holo_light.xml", "res/drawable/abc_ratingbar_indicator_material.xml", "res/drawable/abc_ratingbar_material.xml", "res/drawable/abc_ratingbar_small_material.xml", "res/drawable/abc_seekbar_thumb_material.xml", "res/drawable/abc_seekbar_tick_mark_material.xml", "res/drawable/abc_seekbar_track_material.xml", "res/drawable/abc_spinner_textfield_background_material.xml", "res/drawable/abc_switch_thumb_material.xml", "res/drawable/abc_tab_indicator_material.xml", "res/drawable/abc_text_cursor_material.xml", "res/drawable/abc_textfield_search_material.xml", "res/drawable/abc_vector_test.xml", "res/drawable/addben.png", "res/drawable/addbenif.png", "res/drawable/appr.png", "res/drawable/backspace.xml", "res/drawable/balance.png", "res/drawable/banklogo.png", "res/drawable/benifc.png", "res/drawable/bg_circle.xml", "res/drawable/bg_circle_green.xml", "res/drawable/bg_circle_red.xml", "res/drawable/bg_circle_tran.xml", "res/drawable/bn.jpg", "res/drawable/btn_checkbox_checked_mtrl.xml", "res/drawable/btn_checkbox_checked_to_unchecked_mtrl_animation.xml", "res/drawable/btn_checkbox_unchecked_mtrl.xml", "res/drawable/btn_checkbox_unchecked_to_checked_mtrl_animation.xml", "res/drawable/btn_radio_off_mtrl.xml", "res/drawable/btn_radio_off_to_on_mtrl_animation.xml", "res/drawable/btn_radio_on_mtrl.xml", "res/drawable/btn_radio_on_to_off_mtrl_animation.xml", "res/drawable/circle.xml", "res/drawable/common_google_signin_btn_icon_dark.xml", "res/drawable/common_google_signin_btn_icon_dark_focused.xml", "res/drawable/common_google_signin_btn_icon_dark_normal.xml", "res/drawable/common_google_signin_btn_icon_disabled.xml", "res/drawable/common_google_signin_btn_icon_light.xml", "res/drawable/common_google_signin_btn_icon_light_focused.xml", "res/drawable/common_google_signin_btn_icon_light_normal.xml", "res/drawable/common_google_signin_btn_text_dark.xml", "res/drawable/common_google_signin_btn_text_dark_focused.xml", "res/drawable/common_google_signin_btn_text_dark_normal.xml", "res/drawable/common_google_signin_btn_text_disabled.xml", "res/drawable/common_google_signin_btn_text_light.xml", "res/drawable/common_google_signin_btn_text_light_focused.xml", "res/drawable/common_google_signin_btn_text_light_normal.xml", "res/drawable/design_fab_background.xml", "res/drawable/design_snackbar_background.xml", "res/drawable/done.jpg", "res/drawable/exchange.png", "res/drawable/food_back.jpg", "res/drawable/ic_calendar_black_24dp.xml", "res/drawable/ic_check_bold_24dp.xml", "res/drawable/ic_clear_black_24dp.xml", "res/drawable/ic_edit_black_24dp.xml", "res/drawable/ic_keyboard_arrow_left_black_24dp.xml", "res/drawable/ic_keyboard_arrow_right_black_24dp.xml", "res/drawable/ic_launcher_background.xml", "res/drawable/ic_menu_arrow_down_black_24dp.xml", "res/drawable/ic_menu_arrow_up_black_24dp.xml", "res/drawable/ic_mtrl_checked_circle.xml", "res/drawable/ic_mtrl_chip_checked_black.xml", "res/drawable/ic_mtrl_chip_checked_circle.xml", "res/drawable/ic_mtrl_chip_close_circle.xml", "res/drawable/lock.xml", "res/drawable/lock_bg_white.xml", "res/drawable/mtrl_dialog_background.xml", "res/drawable/mtrl_dropdown_arrow.xml", "res/drawable/mtrl_ic_arrow_drop_down.xml", "res/drawable/mtrl_ic_arrow_drop_up.xml", "res/drawable/mtrl_ic_cancel.xml", "res/drawable/mtrl_ic_error.xml", "res/drawable/mtrl_popupmenu_background.xml", "res/drawable/mtrl_popupmenu_background_dark.xml", "res/drawable/mtrl_tabs_default_indicator.xml", "res/drawable/myprofile.png", "res/drawable/navigation_empty_icon.xml", "res/drawable/notification_bg.xml", "res/drawable/notification_bg_low.xml", "res/drawable/notification_icon_background.xml", "res/drawable/notification_tile_bg.xml", "res/drawable/passrest.png", "res/drawable/person.jpg", "res/drawable/poster.png", "res/drawable/rates.png", "res/drawable/secr.jpg", "res/drawable/sends.jpg", "res/drawable/sets.jpeg", "res/drawable/shadow.png", "res/drawable/test_custom_background.xml", "res/drawable/tick.jpg", "res/drawable/tooltip_frame_dark.xml", "res/drawable/tooltip_frame_light.xml", "res/drawable/transactn.png", "res/drawable/wall.png", "res/drawable/whitecircle.xml", "res/font/muli_extrabold.xml", "res/interpolator-v21/mtrl_fast_out_linear_in.xml", "res/interpolator-v21/mtrl_fast_out_slow_in.xml", "res/interpolator-v21/mtrl_linear_out_slow_in.xml", "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_0.xml", "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_1.xml", "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_0.xml", "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_1.xml", "res/interpolator/btn_radio_to_off_mtrl_animation_interpolator_0.xml", "res/interpolator/btn_radio_to_on_mtrl_animation_interpolator_0.xml", "res/interpolator/fast_out_slow_in.xml", "res/interpolator/mtrl_linear.xml", "res/layout-land/mtrl_picker_header_dialog.xml", "res/layout-sw600dp-v13/design_layout_snackbar.xml", "res/layout-sw600dp-v13/mtrl_layout_snackbar.xml", "res/layout-v21/notification_action.xml", "res/layout-v21/notification_action_tombstone.xml", "res/layout-v21/notification_template_custom_big.xml", "res/layout-v21/notification_template_icon_group.xml", "res/layout-v22/abc_alert_dialog_button_bar_material.xml", "res/layout-v22/mtrl_alert_dialog_actions.xml", "res/layout-v26/abc_screen_toolbar.xml", "res/layout-v26/mtrl_calendar_month.xml", "res/layout-watch-v20/abc_alert_dialog_button_bar_material.xml", "res/layout-watch-v20/abc_alert_dialog_title_material.xml", "res/layout/abc_action_bar_title_item.xml", "res/layout/abc_action_bar_up_container.xml", "res/layout/abc_action_menu_item_layout.xml", "res/layout/abc_action_menu_layout.xml", "res/layout/abc_action_mode_bar.xml", "res/layout/abc_action_mode_close_item_material.xml", "res/layout/abc_activity_chooser_view.xml", "res/layout/abc_activity_chooser_view_list_item.xml", "res/layout/abc_alert_dialog_button_bar_material.xml", "res/layout/abc_alert_dialog_material.xml", "res/layout/abc_alert_dialog_title_material.xml", "res/layout/abc_cascading_menu_item_layout.xml", "res/layout/abc_dialog_title_material.xml", "res/layout/abc_expanded_menu_layout.xml", "res/layout/abc_list_menu_item_checkbox.xml", "res/layout/abc_list_menu_item_icon.xml", "res/layout/abc_list_menu_item_layout.xml", "res/layout/abc_list_menu_item_radio.xml", "res/layout/abc_popup_menu_header_item_layout.xml", "res/layout/abc_popup_menu_item_layout.xml", "res/layout/abc_screen_content_include.xml", "res/layout/abc_screen_simple.xml", "res/layout/abc_screen_simple_overlay_action_mode.xml", "res/layout/abc_screen_toolbar.xml", "res/layout/abc_search_dropdown_item_icons_2line.xml", "res/layout/abc_search_view.xml", "res/layout/abc_select_dialog_material.xml", "res/layout/abc_tooltip.xml", "res/layout/activity_addbenif.xml", "res/layout/activity_approvebenificiary.xml", "res/layout/activity_balanceview.xml", "res/layout/activity_banklogin.xml", "res/layout/activity_currencyrates.xml", "res/layout/activity_dashboard.xml", "res/layout/activity_login.xml", "res/layout/activity_mybenifview.xml", "res/layout/activity_myprofile.xml", "res/layout/activity_passreset.xml", "res/layout/activity_pendingbenificiary.xml", "res/layout/activity_sendmoney.xml", "res/layout/activity_signup.xml", "res/layout/activity_transactions.xml", "res/layout/activity_viewbenif.xml", "res/layout/custom_benif.xml", "res/layout/custom_dialog.xml", "res/layout/custom_list.xml", "res/layout/custom_pend.xml", "res/layout/design_bottom_navigation_item.xml", "res/layout/design_bottom_sheet_dialog.xml", "res/layout/design_layout_snackbar.xml", "res/layout/design_layout_snackbar_include.xml", "res/layout/design_layout_tab_icon.xml", "res/layout/design_layout_tab_text.xml", "res/layout/design_menu_item_action_area.xml", "res/layout/design_navigation_item.xml", "res/layout/design_navigation_item_header.xml", "res/layout/design_navigation_item_separator.xml", "res/layout/design_navigation_item_subheader.xml", "res/layout/design_navigation_menu.xml", "res/layout/design_navigation_menu_item.xml", "res/layout/design_text_input_end_icon.xml", "res/layout/design_text_input_start_icon.xml", "res/layout/device_credential_handler_activity.xml", "res/layout/fingerprint_dialog_layout.xml", "res/layout/layout_passcode_view.xml", "res/layout/mtrl_alert_dialog.xml", "res/layout/mtrl_alert_dialog_actions.xml", "res/layout/mtrl_alert_dialog_title.xml", "res/layout/mtrl_alert_select_dialog_item.xml", "res/layout/mtrl_alert_select_dialog_multichoice.xml", "res/layout/mtrl_alert_select_dialog_singlechoice.xml", "res/layout/mtrl_calendar_day.xml", "res/layout/mtrl_calendar_day_of_week.xml", "res/layout/mtrl_calendar_days_of_week.xml", "res/layout/mtrl_calendar_horizontal.xml", "res/layout/mtrl_calendar_month.xml", "res/layout/mtrl_calendar_month_labeled.xml", "res/layout/mtrl_calendar_month_navigation.xml", "res/layout/mtrl_calendar_months.xml", "res/layout/mtrl_calendar_vertical.xml", "res/layout/mtrl_calendar_year.xml", "res/layout/mtrl_layout_snackbar.xml", "res/layout/mtrl_layout_snackbar_include.xml", "res/layout/mtrl_picker_actions.xml", "res/layout/mtrl_picker_dialog.xml", "res/layout/mtrl_picker_fullscreen.xml", "res/layout/mtrl_picker_header_dialog.xml", "res/layout/mtrl_picker_header_fullscreen.xml", "res/layout/mtrl_picker_header_selection_text.xml", "res/layout/mtrl_picker_header_title_text.xml", "res/layout/mtrl_picker_header_toggle.xml", "res/layout/mtrl_picker_text_input_date.xml", "res/layout/mtrl_picker_text_input_date_range.xml", "res/layout/notification_media_action.xml", "res/layout/notification_media_cancel_action.xml", "res/layout/notification_template_big_media.xml", "res/layout/notification_template_big_media_custom.xml", "res/layout/notification_template_big_media_narrow.xml", "res/layout/notification_template_big_media_narrow_custom.xml", "res/layout/notification_template_lines_media.xml", "res/layout/notification_template_media.xml", "res/layout/notification_template_media_custom.xml", "res/layout/notification_template_part_chronometer.xml", "res/layout/notification_template_part_time.xml", "res/layout/select_dialog_item_material.xml", "res/layout/select_dialog_multichoice_material.xml", "res/layout/select_dialog_singlechoice_material.xml", "res/layout/splash_screen.xml", "res/layout/support_simple_spinner_dropdown_item.xml", "res/layout/test_action_chip.xml", "res/layout/test_design_checkbox.xml", "res/layout/test_reflow_chipgroup.xml", "res/layout/test_toolbar.xml", "res/layout/test_toolbar_custom_background.xml", "res/layout/test_toolbar_elevation.xml", "res/layout/test_toolbar_surface.xml", "res/layout/text_view_with_line_height_from_appearance.xml", "res/layout/text_view_with_line_height_from_layout.xml", "res/layout/text_view_with_line_height_from_style.xml", "res/layout/text_view_with_theme_line_height.xml", "res/layout/text_view_without_line_height.xml", "res/mipmap-anydpi-v26/ic_launcher.xml", "res/mipmap-anydpi-v26/ic_launcher_round.xml", "res/mipmap-hdpi-v4/ic_launcher.png", "res/mipmap-hdpi-v4/ic_launcher_foreground.png", "res/mipmap-hdpi-v4/ic_launcher_round.png", "res/mipmap-mdpi-v4/ic_launcher.png", "res/mipmap-mdpi-v4/ic_launcher_foreground.png", "res/mipmap-mdpi-v4/ic_launcher_round.png", "res/mipmap-xhdpi-v4/ic_launcher.png", "res/mipmap-xhdpi-v4/ic_launcher_foreground.png", "res/mipmap-xhdpi-v4/ic_launcher_round.png", "res/mipmap-xxhdpi-v4/ic_launcher.png", "res/mipmap-xxhdpi-v4/ic_launcher_foreground.png", "res/mipmap-xxhdpi-v4/ic_launcher_round.png", "res/mipmap-xxxhdpi-v4/ic_launcher.png", "res/mipmap-xxxhdpi-v4/ic_launcher_foreground.png", "res/mipmap-xxxhdpi-v4/ic_launcher_round.png", "res/xml/network_security_config.xml", "res/xml/standalone_badge.xml", "res/xml/standalone_badge_gravity_bottom_end.xml", "res/xml/standalone_badge_gravity_bottom_start.xml", "res/xml/standalone_badge_gravity_top_start.xml", "resources.arsc"], "exported_count": {"exported_activities": 5, "exported_services": 0, "exported_receivers": 0, "exported_providers": 0}, "apkid": {"classes.dex": {"anti_vm": ["Build.FINGERPRINT check", "Build.MODEL check", "Build.MANUFACTURER check", "Build.PRODUCT check", "Build.HARDWARE check", "Build.TAGS check"], "anti_debug": ["Debug.isDebuggerConnected() check"], "compiler": ["r8"]}}, "quark": [], "trackers": {"detected_trackers": 0, "total_trackers": 433, "trackers": []}, "playstore_details": {"error": true}, "secrets": ["\"firebase_database_url\" : \"https://damn-vulnerable-bank.firebaseio.com\"", "\"google_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\"", "\"google_crash_reporting_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\""], "average_cvss": null, "appsec": {"high": [{"title": "Base config is insecurely configured to permit clear text traffic to all domains", "description": "Scope:\n*\n\n", "section": "network"}, {"title": "Base config is configured to trust user installed certificates", "description": "Scope:\n*\n\n", "section": "network"}, {"title": "Clear text traffic is Enabled For App", "description": "[android:usesCleartextTraffic=true]\nThe app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is \"true\". Apps that target API level 28 or higher default to \"false\". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.", "section": "manifest"}], "warning": [{"title": "Base config is configured to trust system certificates", "description": "Scope:\n*\n\n", "section": "network"}, {"title": "App can be installed on a vulnerable Android version", "description": "[minSdk=21]\nThis application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", "section": "manifest"}, {"title": "Application Data can be Backed up", "description": "[android:allowBackup=true]\nThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", "section": "manifest"}, {"title": "Activity (com.app.damnvulnerablebank.CurrencyRates) is not Protected.", "description": "An intent-filter exists.\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", "section": "manifest"}, {"title": "Activity (com.google.firebase.auth.internal.FederatedSignInActivity) is Protected by a permission, but the protection level of the permission should be checked.", "description": "Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN [android:exported=true]\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.", "section": "manifest"}, {"title": "App can read/write to External Storage. Any App can read data written to External Storage.", "description": "App can read/write to External Storage. Any App can read data written to External Storage.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", "section": "code"}, {"title": "This app may contain hardcoded secrets", "description": "The following secrets were identified from the app. Ensure that these are not secrets or private information.\n\"firebase_database_url\" : \"https://damn-vulnerable-bank.firebaseio.com\"\n\"google_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\"\n\"google_crash_reporting_api_key\" : \"AIzaSyBbOHG6DDa6DOcRGEg57mw9nXYXcw6la3c\"", "section": "secrets"}], "info": [{"title": "The App logs information. Sensitive information should never be logged.", "description": "The App logs information. Sensitive information should never be logged.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", "section": "code"}], "secure": [{"title": "This App may have root detection capabilities.", "description": "This App may have root detection capabilities.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", "section": "code"}, {"title": "This application has no privacy trackers", "description": "This application does not include any user or device trackers. Unable to find trackers during static analysis.", "section": "trackers"}], "hotspot": [], "total_trackers": 433, "trackers": 0, "security_score": 49, "app_name": "DamnVulnerableBank", "file_name": "dvba_v1.1.0.apk", "hash": "5b40b49cd80dbe20ba611d32045b57c6", "version_name": "1.0"}, "virus_total": null, "base_url": "file:///home/mobsf/Mobile-Security-Framework-MobSF/mobsf", "dwd_dir": "file:///root/.MobSF/downloads/", "host_os": "nix", "timestamp": "2023-12-11T09:35:21.242Z"} \ No newline at end of file diff --git a/unittests/scans/mobsf/issue_9132.json b/unittests/scans/mobsf/issue_9132.json new file mode 100644 index 00000000000..608b417833c --- /dev/null +++ b/unittests/scans/mobsf/issue_9132.json @@ -0,0 +1,3675 @@ +{ + "version": "v3.6.7 Beta", + "title": "Static Analysis", + "file_name": "InsecureShop.apk", + "app_name": "InsecureShop", + "app_type": "apk", + "size": "4.53MB", + "md5": "c5d872355e43322f1692288e2c4e6f00", + "sha1": "eb665e44de4b6cf94786bb056996ab40fe32ed7e", + "sha256": "a83298ae4a37fcab8101e8b41e513dd2199af71a94ea537d556a318e07d4d1bd", + "package_name": "com.insecureshop", + "main_activity": "com.insecureshop.ProductListActivity", + "exported_activities": "['com.insecureshop.ChooserActivity', 'com.insecureshop.AboutUsActivity', 'com.insecureshop.WebViewActivity', 'com.insecureshop.WebView2Activity', 'com.insecureshop.ResultActivity']", + "browsable_activities": { + "com.insecureshop.WebViewActivity": { + "schemes": [ + "insecureshop://" + ], + "mime_types": [], + "hosts": [ + "com.insecureshop" + ], + "ports": [], + "paths": [], + "path_prefixs": [], + "path_patterns": [], + "browsable": true + } + }, + "activities": [ + "com.insecureshop.ChooserActivity", + "com.insecureshop.AboutUsActivity", + "com.insecureshop.CartListActivity", + "com.insecureshop.ProductListActivity", + "com.insecureshop.LoginActivity", + "com.insecureshop.WebViewActivity", + "com.insecureshop.WebView2Activity", + "com.insecureshop.PrivateActivity", + "com.insecureshop.SendingDataViaActionActivity", + "com.insecureshop.ResultActivity" + ], + "receivers": [], + "providers": [ + "com.insecureshop.contentProvider.InsecureShopProvider", + "androidx.core.content.FileProvider" + ], + "services": [ + "net.gotev.uploadservice.UploadService" + ], + "libraries": [], + "target_sdk": "29", + "max_sdk": "", + "min_sdk": "16", + "version_name": "1.0", + "version_code": "1", + "icon_hidden": false, + "icon_found": true, + "permissions": { + "android.permission.INTERNET": { + "status": "normal", + "info": "full Internet access", + "description": "Allows an application to create network sockets." + }, + "android.permission.READ_EXTERNAL_STORAGE": { + "status": "dangerous", + "info": "read external storage contents", + "description": "Allows an application to read from external storage." + }, + "android.permission.WRITE_EXTERNAL_STORAGE": { + "status": "dangerous", + "info": "read/modify/delete external storage contents", + "description": "Allows an application to write to external storage." + }, + "android.permission.READ_CONTACTS": { + "status": "dangerous", + "info": "read contact data", + "description": "Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people." + }, + "android.permission.WAKE_LOCK": { + "status": "normal", + "info": "prevent phone from sleeping", + "description": "Allows an application to prevent the phone from going to sleep." + } + }, + "certificate_analysis": { + "certificate_info": "APK is signed\nv1 signature: True\nv2 signature: True\nv3 signature: False\nFound 1 unique certificates\nSubject: CN=Android Debug, O=Android, C=US\nSignature Algorithm: rsassa_pkcs1v15\nValid From: 2016-09-06 10:14:25+00:00\nValid To: 2046-08-30 10:14:25+00:00\nIssuer: CN=Android Debug, O=Android, C=US\nSerial Number: 0x1\nHash Algorithm: sha1\nmd5: 5c935bdaa969c51ea7d7f5e52650f358\nsha1: c56a7946caf6923ced4cf7f4c6b0e5b0e97df26b\nsha256: d16dff509803ba1123ec7c573cc18c58bde996ca05bae3efe852fb3c668cfca8\nsha512: 6bba4313106fb684dd401dc39d2a65943df9d9bd832d5c58932c3936ab65285db35a78ace7f4fdaec28b839acd2e50a1cd0c88f2efe128268384d6affbc4f6a6\nPublicKey Algorithm: rsa\nBit Size: 1024\nFingerprint: 782478518db2c6c714a79b619561a97ad55a8f718e05f70341a0bafffe93b22f", + "certificate_findings": [ + [ + "info", + "Application is signed with a code signing certificate", + "Signed Application" + ], + [ + "warning", + "Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also vulnerable.", + "Application vulnerable to Janus Vulnerability" + ], + [ + "high", + "Application signed with a debug certificate. Production application must not be shipped with a debug certificate.", + "Application signed with debug certificate" + ], + [ + "high", + "Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues.", + "Certificate algorithm vulnerable to hash collision" + ] + ], + "certificate_summary": { + "high": 2, + "warning": 1, + "info": 1 + } + }, + "manifest_analysis": { + "manifest_findings": [ + { + "rule": "vulnerable_os_version", + "title": "App can be installed on a vulnerable Android version
                [minSdk=16]", + "severity": "warning", + "description": "This application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", + "name": "App can be installed on a vulnerable Android version[minSdk=16]", + "component": [ + "16" + ] + }, + { + "rule": "clear_text_traffic", + "title": "Clear text traffic is Enabled For App
                [android:usesCleartextTraffic=true]", + "severity": "high", + "description": "The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is \"true\". Apps that target API level 28 or higher default to \"false\". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.", + "name": "Clear text traffic is Enabled For App [android:usesCleartextTraffic=true]", + "component": [] + }, + { + "rule": "app_is_debuggable", + "title": "Debug Enabled For App
                [android:debuggable=true]", + "severity": "high", + "description": "Debugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.", + "name": "Debug Enabled For App [android:debuggable=true]", + "component": [] + }, + { + "rule": "app_allowbackup", + "title": "Application Data can be Backed up
                [android:allowBackup=true]", + "severity": "warning", + "description": "This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", + "name": "Application Data can be Backed up [android:allowBackup=true]", + "component": [] + }, + { + "rule": "exported_intent_filter_exists", + "title": "Activity (com.insecureshop.ChooserActivity) is not Protected.
                An intent-filter exists.", + "severity": "warning", + "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "name": "Activity com.insecureshop.ChooserActivity is not Protected.An intent-filter exists.", + "component": [ + "Activity", + "com.insecureshop.ChooserActivity" + ] + }, + { + "rule": "exported_intent_filter_exists", + "title": "Activity (com.insecureshop.WebViewActivity) is not Protected.
                An intent-filter exists.", + "severity": "warning", + "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "name": "Activity com.insecureshop.WebViewActivity is not Protected.An intent-filter exists.", + "component": [ + "Activity", + "com.insecureshop.WebViewActivity" + ] + }, + { + "rule": "exported_intent_filter_exists", + "title": "Activity (com.insecureshop.WebView2Activity) is not Protected.
                An intent-filter exists.", + "severity": "warning", + "description": "An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "name": "Activity com.insecureshop.WebView2Activity is not Protected.An intent-filter exists.", + "component": [ + "Activity", + "com.insecureshop.WebView2Activity" + ] + } + ], + "manifest_summary": { + "high": 2, + "warning": 5, + "info": 0, + "suppressed": 0 + } + }, + "network_security": { + "network_findings": [], + "network_summary": {} + }, + "binary_analysis": [], + "file_analysis": [], + "android_api": { + "api_ipc": { + "files": { + "com/bumptech/glide/manager/DefaultConnectivityMonitor.java": "5,6,17,46", + "com/insecureshop/AboutUsActivity.java": "3,4,63,87,87", + "com/insecureshop/ChooserActivity.java": "4,50,50,53", + "com/insecureshop/CustomReceiver.java": "5,10,14,19,19", + "com/insecureshop/DataBinderMapperImpl.java": "9,68", + "com/insecureshop/LoginActivity.java": "4,100,100", + "com/insecureshop/PrivateActivity.java": "68", + "com/insecureshop/ProductAdapter.java": "4,122,122", + "com/insecureshop/ProductListActivity.java": "4,5,56,56,63,63,91,91,96,96,100,100", + "com/insecureshop/ResultActivity.java": "38", + "com/insecureshop/SendingDataViaActionActivity.java": "4,53,53", + "com/insecureshop/WebView2Activity.java": "3,53,53,53,53,54,55,77,77,81,81,86,86,91,91,97,97,105,105", + "com/insecureshop/WebViewActivity.java": "3,73,73,80,80,92,92,99,99", + "com/insecureshop/broadcast/ProductDetailBroadCast.java": "5,8,12,13,13,13,14,16", + "com/insecureshop/databinding/ActivityImplicitIntentForNonExportedBinding.java": "12,17,23,28,29,32,37,38,41,46,47", + "com/insecureshop/databinding/ActivityImplicitIntentForNonExportedBindingImpl.java": "12,12,25,29", + "net/gotev/uploadservice/BroadcastData.java": "3,36,36,37,37", + "net/gotev/uploadservice/HttpUploadRequest.java": "4,25,25,26", + "net/gotev/uploadservice/HttpUploadTask.java": "3,18", + "net/gotev/uploadservice/MultipartUploadRequest.java": "4,23,23,24", + "net/gotev/uploadservice/MultipartUploadTask.java": "3,26", + "net/gotev/uploadservice/UploadNotificationConfig.java": "3,5,28,28,59,148,148,148,149,149,249,249,250,250,252,252,254,282,304,304,304", + "net/gotev/uploadservice/UploadRequest.java": "4,38,38,39,46,46", + "net/gotev/uploadservice/UploadService.java": "6,108,5,108,113,165", + "net/gotev/uploadservice/UploadServiceBroadcastReceiver.java": "5,6,11,60,60", + "net/gotev/uploadservice/UploadTask.java": "5,42,118,147,174,209,222,222,235,235,257,257" + }, + "metadata": { + "description": "Inter Process Communication", + "severity": "info" + } + }, + "api_base64_encode": { + "files": { + "net/gotev/uploadservice/HttpUploadRequest.java": "36,5" + }, + "metadata": { + "description": "Base64 Encode", + "severity": "info" + } + }, + "api_get_system_service": { + "files": { + "com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java": "123", + "com/bumptech/glide/manager/DefaultConnectivityMonitor.java": "64", + "com/bumptech/glide/request/target/CustomViewTarget.java": "187", + "com/bumptech/glide/request/target/NotificationTarget.java": "44", + "com/bumptech/glide/request/target/ViewTarget.java": "186", + "net/gotev/uploadservice/UploadService.java": "93", + "net/gotev/uploadservice/UploadTask.java": "43" + }, + "metadata": { + "description": "Get System Service", + "severity": "info" + } + }, + "api_send_broadcast": { + "files": { + "com/insecureshop/AboutUsActivity.java": "90", + "com/insecureshop/ProductAdapter.java": "124", + "net/gotev/uploadservice/UploadTask.java": "118,147,174,209" + }, + "metadata": { + "description": "Sending Broadcast", + "severity": "info" + } + }, + "api_notifications": { + "files": { + "com/bumptech/glide/request/target/NotificationTarget.java": "4,45", + "net/gotev/uploadservice/UploadTask.java": "4,227,240,259" + }, + "metadata": { + "description": "Android Notifications", + "severity": "info" + } + }, + "api_start_activity": { + "files": { + "com/insecureshop/CustomReceiver.java": "22", + "com/insecureshop/LoginActivity.java": "101", + "com/insecureshop/ProductListActivity.java": "57,92,97,101", + "com/insecureshop/SendingDataViaActionActivity.java": "56", + "com/insecureshop/WebView2Activity.java": "55", + "com/insecureshop/broadcast/ProductDetailBroadCast.java": "16" + }, + "metadata": { + "description": "Starting Activity", + "severity": "info" + } + }, + "api_message_digest": { + "files": { + "com/bumptech/glide/load/Key.java": "4,4", + "com/bumptech/glide/load/MultiTransformation.java": "5,5", + "com/bumptech/glide/load/Option.java": "4,4", + "com/bumptech/glide/load/Options.java": "6,6", + "com/bumptech/glide/load/engine/DataCacheKey.java": "4,4", + "com/bumptech/glide/load/engine/EngineKey.java": "7,7", + "com/bumptech/glide/load/engine/ResourceCacheKey.java": "10,10", + "com/bumptech/glide/load/engine/cache/SafeKeyGenerator.java": "10,10", + "com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java": "13,13", + "com/bumptech/glide/load/model/GlideUrl.java": "9,9", + "com/bumptech/glide/load/resource/UnitTransformation.java": "6,6", + "com/bumptech/glide/load/resource/bitmap/BitmapDrawableTransformation.java": "10,10", + "com/bumptech/glide/load/resource/bitmap/CenterCrop.java": "5,5", + "com/bumptech/glide/load/resource/bitmap/CenterInside.java": "5,5", + "com/bumptech/glide/load/resource/bitmap/CircleCrop.java": "5,5", + "com/bumptech/glide/load/resource/bitmap/DrawableTransformation.java": "11,11", + "com/bumptech/glide/load/resource/bitmap/FitCenter.java": "5,5", + "com/bumptech/glide/load/resource/bitmap/GranularRoundedCorners.java": "7,7", + "com/bumptech/glide/load/resource/bitmap/Rotate.java": "7,7", + "com/bumptech/glide/load/resource/bitmap/RoundedCorners.java": "8,8", + "com/bumptech/glide/load/resource/bitmap/VideoDecoder.java": "17,17", + "com/bumptech/glide/load/resource/gif/GifDrawableTransformation.java": "11,11", + "com/bumptech/glide/signature/AndroidResourceSignature.java": "7,7", + "com/bumptech/glide/signature/EmptySignature.java": "4,4", + "com/bumptech/glide/signature/MediaStoreSignature.java": "5,5", + "com/bumptech/glide/signature/ObjectKey.java": "5,5" + }, + "metadata": { + "description": "Message Digest", + "severity": "info" + } + }, + "api_http_connection": { + "files": { + "com/bumptech/glide/load/data/HttpUrlFetcher.java": "14,29,34,132,154,182,183,24,41,44,44,91,100,156,183", + "net/gotev/uploadservice/http/impl/HurlStackConnection.java": "7,21,29,125,23,24,33,124,137,139,27,29" + }, + "metadata": { + "description": "HTTP Connection", + "severity": "info" + } + }, + "api_https_connection": { + "files": { + "net/gotev/uploadservice/http/impl/HurlStackConnection.java": "12,12" + }, + "metadata": { + "description": "HTTPS Connection", + "severity": "info" + } + }, + "api_local_file_io": { + "files": { + "com/bumptech/glide/Glide.java": "130", + "com/bumptech/glide/load/engine/cache/DiskLruCacheFactory.java": "12,18,27,40", + "com/bumptech/glide/load/engine/cache/ExternalCacheDiskCacheFactory.java": "21", + "com/bumptech/glide/load/engine/cache/ExternalPreferredCacheDiskCacheFactory.java": "20,31", + "com/bumptech/glide/load/engine/cache/InternalCacheDiskCacheFactory.java": "20,21", + "com/insecureshop/util/Prefs.java": "42" + }, + "metadata": { + "description": "Local File I/O Operations", + "severity": "info" + } + }, + "api_java_reflection": { + "files": { + "com/bumptech/glide/Glide.java": "253", + "com/bumptech/glide/module/ManifestParser.java": "56", + "net/gotev/uploadservice/UploadService.java": "172" + }, + "metadata": { + "description": "Java Reflection", + "severity": "info" + } + }, + "api_content_provider": { + "files": { + "com/insecureshop/contentProvider/InsecureShopProvider.java": "3", + "com/insecureshop/contentProvider/InsecureshopFileProvider.java": "3" + }, + "metadata": { + "description": "Content Provider", + "severity": "info" + } + }, + "api_sms_call": { + "files": { + "com/bumptech/glide/load/data/mediastore/ThumbFetcher.java": "3,33,35,106,108,123,125", + "com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java": "3,23,27,28,31,33,33,91,91,105" + }, + "metadata": { + "description": "Query Database of SMS, Contacts etc", + "severity": "info" + } + }, + "api_base64_decode": { + "files": { + "com/bumptech/glide/load/model/DataUrlLoader.java": "57,3" + }, + "metadata": { + "description": "Base64 Decode", + "severity": "info" + } + }, + "api_start_service": { + "files": { + "net/gotev/uploadservice/UploadRequest.java": "41" + }, + "metadata": { + "description": "Starting Service", + "severity": "info" + } + }, + "api_installed": { + "files": { + "com/insecureshop/LoginActivity.java": "104,104" + }, + "metadata": { + "description": "Get Installed Applications", + "severity": "info" + } + } + }, + "code_analysis": { + "findings": { + "android_logging": { + "files": { + "com/bumptech/glide/Glide.java": "213,221,139,138,212,219,256,259", + "com/bumptech/glide/gifdecoder/GifHeaderParser.java": "243,277,242,276", + "com/bumptech/glide/gifdecoder/StandardGifDecoder.java": "155,175,193,153,173,191,215,224", + "com/bumptech/glide/load/data/AssetPathFetcher.java": "33,32", + "com/bumptech/glide/load/data/HttpUrlFetcher.java": "57,138,56,60,65,72,137,69,73", + "com/bumptech/glide/load/data/LocalUriFetcher.java": "35,34", + "com/bumptech/glide/load/data/mediastore/ThumbFetcher.java": "52,51", + "com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java": "56,105,55,104", + "com/bumptech/glide/load/engine/DecodeJob.java": "219,218,376,423,484", + "com/bumptech/glide/load/engine/DecodePath.java": "63,64", + "com/bumptech/glide/load/engine/Engine.java": "28,157", + "com/bumptech/glide/load/engine/GlideException.java": "76", + "com/bumptech/glide/load/engine/SourceGenerator.java": "92,93", + "com/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool.java": "92,146,93,147", + "com/bumptech/glide/load/engine/bitmap_recycle/LruBitmapPool.java": "146,176,184,208,91,98,145,155,175,183,197,207,216,92,99,156,222,198", + "com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java": "53,64,79,86,118,130,54,80,65,87,119,131", + "com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java": "67,51", + "com/bumptech/glide/load/engine/executor/GlideExecutor.java": "43,42", + "com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java": "72,71", + "com/bumptech/glide/load/model/ByteBufferEncoder.java": "23,20", + "com/bumptech/glide/load/model/ByteBufferFileLoader.java": "56,55", + "com/bumptech/glide/load/model/FileLoader.java": "65,64", + "com/bumptech/glide/load/model/ResourceLoader.java": "35,36", + "com/bumptech/glide/load/model/StreamEncoder.java": "44,43", + "com/bumptech/glide/load/resource/ImageDecoderResourceDecoder.java": "65,66", + "com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java": "57,56,65,66", + "com/bumptech/glide/load/resource/bitmap/BitmapImageDecoderResourceDecoder.java": "19,20", + "com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java": "113,120,137,146,180,190,203,220,235,241,245,250,256,260,112,119,136,145,179,189,202,219,234,240,244,249,255,259", + "com/bumptech/glide/load/resource/bitmap/Downsampler.java": "324,370,403,166,213,317,323,369,402,185,318,429", + "com/bumptech/glide/load/resource/bitmap/DrawableToBitmapConverter.java": "42,47,43,48", + "com/bumptech/glide/load/resource/bitmap/HardwareConfigState.java": "134,135", + "com/bumptech/glide/load/resource/bitmap/TransformationUtils.java": "151,85,96,106,123,128,148,86,97,107,108,109,113,124,129", + "com/bumptech/glide/load/resource/bitmap/VideoDecoder.java": "156,155", + "com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java": "84,89,95,105,85,90,96,106", + "com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java": "27,30", + "com/bumptech/glide/load/resource/gif/StreamGifDecoder.java": "57,58", + "com/bumptech/glide/manager/DefaultConnectivityMonitor.java": "23,22,49,69,50,70", + "com/bumptech/glide/manager/DefaultConnectivityMonitorFactory.java": "23,17", + "com/bumptech/glide/manager/RequestManagerFragment.java": "130,131", + "com/bumptech/glide/manager/RequestManagerRetriever.java": "335,336", + "com/bumptech/glide/manager/RequestTracker.java": "25,26", + "com/bumptech/glide/manager/SupportRequestManagerFragment.java": "133,142,134,143", + "com/bumptech/glide/module/ManifestParser.java": "23,30,41,46,22,29,34,40,45,35", + "com/bumptech/glide/request/SingleRequest.java": "425,57,540,472", + "com/bumptech/glide/request/target/CustomViewTarget.java": "281,282,302,303", + "com/bumptech/glide/request/target/ViewTarget.java": "280,281,301,302", + "com/bumptech/glide/signature/ApplicationVersionSignature.java": "53", + "com/bumptech/glide/util/ContentLengthInputStream.java": "34,31", + "com/bumptech/glide/util/pool/FactoryPools.java": "91,92", + "com/insecureshop/LoginActivity.java": "87,88,113", + "net/gotev/uploadservice/DefaultLoggerDelegate.java": "21,11,16,26" + }, + "metadata": { + "cvss": 7.5, + "cwe": "CWE-532: Insertion of Sensitive Information into Log File", + "owasp-mobile": "", + "masvs": "MSTG-STORAGE-3", + "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", + "description": "The App logs information. Sensitive information should never be logged.", + "severity": "info" + } + }, + "android_read_write_external": { + "files": { + "com/insecureshop/ChooserActivity.java": "66,67" + }, + "metadata": { + "cvss": 5.5, + "cwe": "CWE-276: Incorrect Default Permissions", + "owasp-mobile": "M2: Insecure Data Storage", + "masvs": "MSTG-STORAGE-2", + "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", + "description": "App can read/write to External Storage. Any App can read data written to External Storage.", + "severity": "warning" + } + }, + "android_hardcoded": { + "files": { + "com/bumptech/glide/load/Option.java": "76", + "com/bumptech/glide/load/engine/DataCacheKey.java": "36", + "com/bumptech/glide/load/engine/EngineResource.java": "95", + "com/bumptech/glide/load/engine/ResourceCacheKey.java": "82", + "com/bumptech/glide/manager/RequestManagerRetriever.java": "33" + }, + "metadata": { + "cvss": 7.4, + "cwe": "CWE-312: Cleartext Storage of Sensitive Information", + "masvs": "MSTG-STORAGE-14", + "owasp-mobile": "M9: Reverse Engineering", + "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10", + "description": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.", + "severity": "warning" + } + }, + "android_webview_ignore_ssl": { + "files": { + "com/insecureshop/util/CustomWebViewClient.java": "15,13" + }, + "metadata": { + "cvss": 7.4, + "cwe": "CWE-295: Improper Certificate Validation", + "owasp-mobile": "M3: Insecure Communication", + "masvs": "MSTG-NETWORK-3", + "ref": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification", + "description": "Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks", + "severity": "high" + } + }, + "android_write_app_dir": { + "files": { + "com/insecureshop/util/Prefs.java": "43,43" + }, + "metadata": { + "cvss": 3.9, + "cwe": "CWE-276: Incorrect Default Permissions", + "owasp-mobile": "", + "masvs": "MSTG-STORAGE-14", + "description": "App can write to App Directory. Sensitive Information should be encrypted.", + "severity": "info" + } + } + }, + "summary": { + "high": 1, + "warning": 2, + "info": 2, + "secure": 0, + "suppressed": 0 + } + }, + "niap_analysis": { + "FCS_RBG_EXT.1.1": { + "choice": "The application use no DRBG functionality for its cryptographic operations.", + "description": "Random Bit Generation Services", + "class": "Security Functional Requirements" + }, + "FCS_STO_EXT.1.1": { + "choice": "The application does not store any credentials to non-volatile memory.", + "description": "Storage of Credentials", + "class": "Security Functional Requirements" + }, + "FCS_CKM_EXT.1.1": { + "choice": "The application generate no asymmetric cryptographic keys.", + "description": "Cryptographic Key Generation Services", + "class": "Security Functional Requirements" + }, + "FDP_DEC_EXT.1.1": { + "choice": "The application has access to ['network connectivity'].", + "description": "Access to Platform Resources", + "class": "Security Functional Requirements" + }, + "FDP_DEC_EXT.1.2": { + "choice": "The application has access to ['address book'].", + "description": "Access to Platform Resources", + "class": "Security Functional Requirements" + }, + "FDP_NET_EXT.1.1": { + "choice": "The application has user/application initiated network communications.", + "description": "Network Communications", + "class": "Security Functional Requirements" + }, + "FDP_DAR_EXT.1.1": { + "choice": "The application implement functionality to encrypt sensitive data in non-volatile memory.", + "description": "Encryption Of Sensitive Application Data", + "class": "Security Functional Requirements" + }, + "FMT_MEC_EXT.1.1": { + "choice": "The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.", + "description": "Supported Configuration Mechanism", + "class": "Security Functional Requirements" + }, + "FTP_DIT_EXT.1.1": { + "choice": "The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.", + "description": "Protection of Data in Transit", + "class": "Security Functional Requirements" + }, + "FCS_COP.1.1(2)": { + "choice": "The application perform cryptographic hashing services in accordance with a specified cryptographic algorithm SHA-1/SHA-256/SHA-384/SHA-512 and message digest sizes 160/256/384/512 bits.", + "description": "Cryptographic Operation - Hashing", + "class": "Selection-Based Security Functional Requirements" + }, + "FCS_HTTPS_EXT.1.1": { + "choice": "The application implement the HTTPS protocol that complies with RFC 2818.", + "description": "HTTPS Protocol", + "class": "Selection-Based Security Functional Requirements" + }, + "FCS_HTTPS_EXT.1.2": { + "choice": "The application implement HTTPS using TLS.", + "description": "HTTPS Protocol", + "class": "Selection-Based Security Functional Requirements" + } + }, + "urls": [ + { + "urls": [ + "data:image" + ], + "path": "com/bumptech/glide/load/model/DataUrlLoader.java" + }, + { + "urls": [ + "file:///android_asset/" + ], + "path": "com/bumptech/glide/load/model/AssetUriLoader.java" + }, + { + "urls": [ + "https://www.insecureshopapp.com" + ], + "path": "com/insecureshop/ProductDetail.java" + }, + { + "urls": [ + "https://www.insecureshop.com/" + ], + "path": "com/insecureshop/SendingDataViaActionActivity.java" + }, + { + "urls": [ + "https://www.insecureshopapp.com" + ], + "path": "com/insecureshop/PrivateActivity.java" + }, + { + "urls": [ + "https://www.insecureshopapp.com/" + ], + "path": "com/insecureshop/broadcast/ProductDetailBroadCast.java" + }, + { + "urls": [ + "https://images.pexels.com/photos/7974/pexels-photo.jpg", + "https://www.insecureshopapp.com", + "https://images.pexels.com/photos/984619/pexels-photo-984619.jpeg", + "https://images.pexels.com/photos/343720/pexels-photo-343720.jpeg", + "https://images.pexels.com/photos/277390/pexels-photo-277390.jpeg", + "https://images.pexels.com/photos/225157/pexels-photo-225157.jpeg", + "https://images.pexels.com/photos/264819/pexels-photo-264819.jpeg", + "https://images.pexels.com/photos/532803/pexels-photo-532803.jpeg", + "https://images.pexels.com/photos/789812/pexels-photo-789812.jpeg" + ], + "path": "com/insecureshop/util/Util.java" + }, + { + "urls": [ + "http://stackoverflow.com/a/4410331" + ], + "path": "net/gotev/uploadservice/NameValue.java" + } + ], + "domains": { + "images.pexels.com": { + "bad": "no", + "geolocation": { + "ip": "104.16.235.10", + "country_short": "US", + "country_long": "United States of America", + "region": "California", + "city": "San Francisco", + "latitude": "37.775700", + "longitude": "-122.395203" + } + }, + "stackoverflow.com": { + "bad": "no", + "geolocation": { + "ip": "104.18.32.7", + "country_short": "US", + "country_long": "United States of America", + "region": "Texas", + "city": "Dallas", + "latitude": "32.783058", + "longitude": "-96.806671" + } + }, + "www.insecureshopapp.com": { + "bad": "no", + "geolocation": { + "ip": "34.149.87.45", + "country_short": "US", + "country_long": "United States of America", + "region": "Texas", + "city": "Houston", + "latitude": "29.941401", + "longitude": "-95.344498" + } + }, + "www.insecureshop.com": { + "bad": "no", + "geolocation": null + } + }, + "emails": [], + "strings": [ + "\"abc_searchview_description_clear\" : \"Smazat dotaz\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ile paylaş\"", + "\"abc_activitychooserview_choose_application\" : \"ஆப்ஸைத் தேர்வுசெய்க\"", + "\"abc_action_menu_overflow_description\" : \"Ďalšie možnosti\"", + "\"abc_searchview_description_query\" : \"Query sa paghahanap\"", + "\"abc_action_bar_home_description\" : \"Przejdź na stronę główną\"", + "\"abc_action_menu_overflow_description\" : \"Higit pang opsyon\"", + "\"mtrl_picker_day_of_week_column_header\" : \"Column of days: %1$s\"", + "\"abc_searchview_description_voice\" : \"Glasovno pretraživanje\"", + "\"abc_capital_off\" : \"ИСКЛУЧЕНО\"", + "\"abc_shareactionprovider_share_with\" : \"هم‌رسانی با\"", + "\"abc_menu_space_shortcut_label\" : \"רווח\"", + "\"abc_shareactionprovider_share_with\" : \"Udostępnij przez:\"", + "\"abc_capital_on\" : \"เปิด\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt மற்றும்\"", + "\"abc_searchview_description_voice\" : \"Busca por voz\"", + "\"abc_action_bar_up_description\" : \"Navigați în sus\"", + "\"abc_capital_off\" : \"ИСКЉУЧЕНО\"", + "\"abc_toolbar_collapse_description\" : \"ሰብስብ\"", + "\"abc_action_bar_up_description\" : \"ਉੱਪਰ ਜਾਓ\"", + "\"abc_capital_on\" : \"অন\"", + "\"abc_shareactionprovider_share_with_application\" : \"Поделиться с помощью %s\"", + "\"abc_search_hint\" : \"検索…\"", + "\"abc_capital_off\" : \"DESATIVADO\"", + "\"abc_menu_delete_shortcut_label\" : \"ഇല്ലാതാക്കുക\"", + "\"abc_searchview_description_voice\" : \"Paghahanap gamit ang boses\"", + "\"abc_menu_delete_shortcut_label\" : \"Supr\"", + "\"abc_shareactionprovider_share_with\" : \"Ibahagi sa/kay\"", + "\"abc_activitychooserview_choose_application\" : \"اختيار تطبيق\"", + "\"abc_action_bar_up_description\" : \"माथि नेभिगेट गर्नुहोस्\"", + "\"abc_action_bar_home_description\" : \"घराकडे नेव्हिगेट करा\"", + "\"abc_shareactionprovider_share_with_application\" : \"Del med %s\"", + "\"abc_searchview_description_search\" : \"සෙවීම\"", + "\"abc_action_bar_home_description\" : \"Idite na početnu\"", + "\"abc_searchview_description_search\" : \"Otsing\"", + "\"abc_toolbar_collapse_description\" : \"Згорнути\"", + "\"abc_menu_enter_shortcut_label\" : \"entrée\"", + "\"webview\" : \"Webview\"", + "\"abc_prepend_shortcut_label\" : \"मेनू+\"", + "\"abc_action_mode_done\" : \"Listo\"", + "\"mtrl_picker_range_header_title\" : \"Select a Date Range\"", + "\"abc_capital_on\" : \"KVEIKT\"", + "\"abc_menu_space_shortcut_label\" : \"бос орын\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Strg +\"", + "\"abc_menu_space_shortcut_label\" : \"բացատ\"", + "\"abc_action_bar_home_description\" : \"Zulazulela ekhaya\"", + "\"abc_searchview_description_clear\" : \"پاک کردن پُرسمان\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta +\"", + "\"abc_action_menu_overflow_description\" : \"مزید اختیارات\"", + "\"abc_capital_on\" : \"PÅ\"", + "\"abc_activitychooserview_choose_application\" : \"Избери апликација\"", + "\"abc_prepend_shortcut_label\" : \"Menú +\"", + "\"abc_menu_sym_shortcut_label\" : \"SYM +\"", + "\"abc_activitychooserview_choose_application\" : \"Valige rakendus\"", + "\"abc_menu_function_shortcut_label\" : \"Fungsi+\"", + "\"abc_action_mode_done\" : \"Končano\"", + "\"abc_activitychooserview_choose_application\" : \"Vybrat aplikaci\"", + "\"abc_searchview_description_voice\" : \"صوتی تلاش\"", + "\"search_menu_title\" : \"Որոնել\"", + "\"abc_toolbar_collapse_description\" : \"Samenvouwen\"", + "\"abc_action_menu_overflow_description\" : \"Flere valgmuligheder\"", + "\"abc_action_menu_overflow_description\" : \"Още опции\"", + "\"abc_searchview_description_search\" : \"Hľadať\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta-Taste +\"", + "\"abc_searchview_description_query\" : \"Пошуковий запит\"", + "\"abc_action_mode_done\" : \"Gotowe\"", + "\"abc_action_bar_home_description\" : \"Navegar para casa\"", + "\"abc_capital_off\" : \"አጥፋ\"", + "\"abc_menu_space_shortcut_label\" : \"Прабел\"", + "\"abc_menu_space_shortcut_label\" : \"espace\"", + "\"abc_activitychooserview_choose_application\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‏‏‎‎‎‎‏‏‎‎‏‎‎‏‏‏‎‎‎‏‏‏‏‏‏‎‎‎‏‎‎‏‎‏‎‎‎‏‏‎‏‎‏‏‎‎‏‏‏‏‏‎‏‎‎‏‏‏‏‎‎Choose an app‎‏‎‎‏‎\"", + "\"abc_action_mode_done\" : \"เสร็จ\"", + "\"abc_activity_chooser_view_see_all\" : \"Барлығын көру\"", + "\"abc_shareactionprovider_share_with\" : \"Comparteix amb\"", + "\"abc_capital_on\" : \"ACTIVAT\"", + "\"mtrl_picker_text_input_year_abbr\" : \"y\"", + "\"abc_searchview_description_clear\" : \"Effacer la requête\"", + "\"abc_shareactionprovider_share_with\" : \"यसमार्फत आदान प्रदान गर्नुहोस्\"", + "\"abc_toolbar_collapse_description\" : \"折りたたむ\"", + "\"abc_searchview_description_clear\" : \"क्‍वेरी साफ करा\"", + "\"abc_action_bar_home_description\" : \"Chỉ đường về nhà\"", + "\"abc_action_menu_overflow_description\" : \"Aukera gehiago\"", + "\"abc_menu_delete_shortcut_label\" : \"Suprimir\"", + "\"search_menu_title\" : \"Tafuta\"", + "\"abc_action_bar_up_description\" : \"Natrag\"", + "\"abc_searchview_description_query\" : \"Pretražite upit\"", + "\"abc_searchview_description_clear\" : \"ਪੁੱਛਗਿੱਛ ਕਲੀਅਰ ਕਰੋ\"", + "\"abc_shareactionprovider_share_with_application\" : \"Delite pomoću aplikacije %s\"", + "\"abc_action_mode_done\" : \"முடிந்தது\"", + "\"abc_searchview_description_voice\" : \"හඬ සෙවීම\"", + "\"abc_action_mode_done\" : \"ပြီးပြီ\"", + "\"abc_action_menu_overflow_description\" : \"სხვა ვარიანტები\"", + "\"abc_action_menu_overflow_description\" : \"Citas opcijas\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym+\"", + "\"abc_activity_chooser_view_see_all\" : \"Skatīt visu\"", + "\"abc_action_mode_done\" : \"Պատրաստ է\"", + "\"abc_searchview_description_search\" : \"Axtarın\"", + "\"abc_capital_on\" : \"HIDUP\"", + "\"abc_searchview_description_clear\" : \"Notīrīt vaicājumu\"", + "\"abc_activity_chooser_view_see_all\" : \"មើលទាំងអស់\"", + "\"abc_capital_on\" : \"ATIVADO\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym மற்றும்\"", + "\"abc_menu_space_shortcut_label\" : \"atstarpes taustiņš\"", + "\"abc_menu_space_shortcut_label\" : \"тастер за размак\"", + "\"abc_capital_on\" : \"VKLOP\"", + "\"abc_action_mode_done\" : \"Lokið\"", + "\"abc_capital_off\" : \"關閉\"", + "\"abc_shareactionprovider_share_with\" : \"اس کے ساتھ اشتراک کریں\"", + "\"abc_action_bar_up_description\" : \"Pārvietoties uz augšu\"", + "\"abc_action_menu_overflow_description\" : \"Daugiau parinkčių\"", + "\"abc_action_menu_overflow_description\" : \"その他のオプション\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s-এর সাথে শেয়ার করুন\"", + "\"abc_capital_off\" : \"ВЫКЛ\"", + "\"abc_toolbar_collapse_description\" : \"Свернуть\"", + "\"abc_action_mode_done\" : \"Bitti\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt +\"", + "\"abc_searchview_description_submit\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‏‎‏‏‏‏‏‎‎‏‏‏‎‏‏‎‎‏‎‎‏‎‏‎‎‏‎‏‎‏‎‏‎‏‎‎‎‎‎‏‏‎‎‎‎‎‏‏‎‎‎‏‏‎‎‎‎‎‎‎‎Submit query‎‏‎‎‏‎\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta +\"", + "\"abc_toolbar_collapse_description\" : \"Palos\"", + "\"abc_menu_delete_shortcut_label\" : \"„delete“\"", + "\"abc_activitychooserview_choose_application\" : \"Ընտրել հավելված\"", + "\"abc_searchview_description_voice\" : \"Ahozko bilaketa\"", + "\"abc_toolbar_collapse_description\" : \"ਸਮੇਟੋ\"", + "\"abc_menu_space_shortcut_label\" : \"taster za razmak\"", + "\"abc_action_bar_home_description\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‏‏‏‏‏‏‎‏‎‏‏‏‏‏‏‏‏‎‏‏‎‎‏‏‏‎‏‏‎‏‏‏‎‎‏‎‎‎‏‏‎‏‏‏‎‎‏‏‏‎‎‏‎‎‏‏‎‎‎‏‎Navigate home‎‏‎‎‏‎\"", + "\"abc_shareactionprovider_share_with\" : \"გაზიარება:\"", + "\"abc_searchview_description_search\" : \"शोध\"", + "\"abc_search_hint\" : \"بحث…\"", + "\"abc_activitychooserview_choose_application\" : \"ઍપ્લિકેશન પસંદ કરો\"", + "\"abc_prepend_shortcut_label\" : \"เมนู+\"", + "\"abc_searchview_description_clear\" : \"Vee navraag uit\"", + "\"abc_action_bar_home_description\" : \"Ir a inicio\"", + "\"abc_shareactionprovider_share_with_application\" : \"Share with %s\"", + "\"abc_shareactionprovider_share_with_application\" : \"Udostępnij przez: %s\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s എന്നതുമായി പങ്കിടുക\"", + "\"abc_menu_space_shortcut_label\" : \"സ്‌പെയ്‌സ്\"", + "\"abc_toolbar_collapse_description\" : \"Жию\"", + "\"search_menu_title\" : \"Търсене\"", + "\"abc_capital_off\" : \"DÉSACTIVER\"", + "\"abc_menu_enter_shortcut_label\" : \"sisestusklahv\"", + "\"abc_action_mode_done\" : \"Udfør\"", + "\"abc_capital_off\" : \"ปิด\"", + "\"abc_action_mode_done\" : \"Fertig\"", + "\"abc_shareactionprovider_share_with_application\" : \"แชร์ทาง %s\"", + "\"abc_activity_chooser_view_see_all\" : \"Ver tudo\"", + "\"abc_activity_chooser_view_see_all\" : \"ყველას ნახვა\"", + "\"abc_shareactionprovider_share_with\" : \"နှင့် မျှဝေရန်\"", + "\"abc_capital_off\" : \"DEAKTİV\"", + "\"abc_menu_shift_shortcut_label\" : \"Vaihto+\"", + "\"abc_menu_function_shortcut_label\" : \"Fonction+\"", + "\"abc_action_bar_up_description\" : \"Navigasi ke atas\"", + "\"abc_action_menu_overflow_description\" : \"Још опција\"", + "\"abc_searchview_description_query\" : \"Arama sorgusu\"", + "\"search_menu_title\" : \"Поиск\"", + "\"abc_searchview_description_query\" : \"Pretraži upit\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s सह शेअर करा\"", + "\"abc_searchview_description_submit\" : \"প্ৰশ্ন দাখিল কৰক\"", + "\"abc_action_bar_home_description\" : \"Eiti į pagrindinį puslapį\"", + "\"abc_menu_space_shortcut_label\" : \"клавиша за интервал\"", + "\"abc_searchview_description_voice\" : \"बोलकर खोजें\"", + "\"abc_menu_enter_shortcut_label\" : \"Enter 鍵\"", + "\"abc_searchview_description_voice\" : \"વૉઇસ શોધ\"", + "\"abc_action_bar_up_description\" : \"向上瀏覽\"", + "\"abc_action_bar_up_description\" : \"Navigera uppåt\"", + "\"abc_searchview_description_query\" : \"تلاش کا استفسار\"", + "\"abc_searchview_description_clear\" : \"Sorğunu silin\"", + "\"search_menu_title\" : \"ಹುಡುಕಿ\"", + "\"search_menu_title\" : \"खोजें\"", + "\"abc_activitychooserview_choose_application\" : \"ເລືອກແອັບ\"", + "\"abc_action_bar_home_description\" : \"Naviger hjem\"", + "\"abc_action_menu_overflow_description\" : \"Več možnosti\"", + "\"abc_menu_delete_shortcut_label\" : \"eliminar\"", + "\"abc_capital_on\" : \"បើក\"", + "\"aws_Identity_pool_ID\" : \"us-east-1:7e9426f7-42af-4717-8689-00a9a4b65c1c\"", + "\"abc_toolbar_collapse_description\" : \"ჩაკეცვა\"", + "\"abc_activity_chooser_view_see_all\" : \"Afișați tot\"", + "\"abc_menu_delete_shortcut_label\" : \"eyða\"", + "\"mtrl_picker_navigate_to_year_description\" : \"Navigate to year %1$s\"", + "\"abc_shareactionprovider_share_with\" : \"ಇವರೊಂದಿಗೆ ಹಂಚಿಕೊಳ್ಳಿ\"", + "\"abc_shareactionprovider_share_with_application\" : \"Kopīgot ar lietojumprogrammu %s\"", + "\"abc_action_bar_up_description\" : \"Revenir en haut de la page\"", + "\"abc_action_menu_overflow_description\" : \"অধিক বিকল্প\"", + "\"abc_activity_chooser_view_see_all\" : \"ಎಲ್ಲವನ್ನೂ ನೋಡಿ\"", + "\"abc_action_bar_home_description\" : \"Navigați la ecranul de pornire\"", + "\"abc_action_bar_up_description\" : \"Vai cara arriba\"", + "\"abc_shareactionprovider_share_with_application\" : \"Dijeli putem aplikacije %s\"", + "\"search_menu_title\" : \"جستجو\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s-тай хуваалцах\"", + "\"status_bar_notification_info_overflow\" : \"৯৯৯+\"", + "\"abc_capital_on\" : \"ĮJUNGTI\"", + "\"abc_menu_meta_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‎‏‎‏‎‎‎‎‏‎‎‏‏‎‏‎‎‏‎‏‏‎‏‎‎‎‎‎‏‏‎‎‎‎‎‎‏‏‎‎‏‎‏‎‎‏‏‎‎‎‎‏‏‎‏‎‏‎‏‎‏‎Meta+‎‏‎‎‏‎\"", + "\"abc_capital_off\" : \"ӨЧҮК\"", + "\"abc_action_bar_home_description\" : \"瀏覽主頁\"", + "\"abc_action_bar_home_description\" : \"Əsas səhifəyə keçin\"", + "\"abc_searchview_description_submit\" : \"Поднеси барање\"", + "\"abc_searchview_description_clear\" : \"검색어 삭제\"", + "\"abc_searchview_description_submit\" : \"መጠይቅ አስገባ\"", + "\"txt_content\" : \"Content\"", + "\"abc_capital_off\" : \"ປິດ\"", + "\"abc_searchview_description_voice\" : \"Ricerca vocale\"", + "\"abc_action_mode_done\" : \"Done\"", + "\"abc_menu_space_shortcut_label\" : \"空白鍵\"", + "\"abc_toolbar_collapse_description\" : \"Contraer\"", + "\"abc_activity_chooser_view_see_all\" : \"ดูทั้งหมด\"", + "\"abc_menu_meta_shortcut_label\" : \"Мета+\"", + "\"abc_activitychooserview_choose_application\" : \"Elegir una app\"", + "\"abc_menu_shift_shortcut_label\" : \"‎Shift+‎\"", + "\"abc_searchview_description_query\" : \"የፍለጋ መጠይቅ\"", + "\"abc_activity_chooser_view_see_all\" : \"ସବୁ ଦେଖନ୍ତୁ\"", + "\"abc_activity_chooser_view_see_all\" : \"Sien alles\"", + "\"abc_menu_space_shortcut_label\" : \"შორისი\"", + "\"abc_searchview_description_search\" : \"Soek\"", + "\"abc_action_mode_done\" : \"പൂർത്തിയായി\"", + "\"abc_activity_chooser_view_see_all\" : \"Shfaq çdo gjë\"", + "\"abc_menu_shift_shortcut_label\" : \"Mayús +\"", + "\"abc_menu_space_shortcut_label\" : \"espaço\"", + "\"abc_search_hint\" : \"Bilatu…\"", + "\"abc_action_bar_up_description\" : \"ଉପରକୁ ନେଭିଗେଟ୍ କରନ୍ତୁ\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta+\"", + "\"abc_searchview_description_submit\" : \"So‘rov yaratish\"", + "\"abc_prepend_shortcut_label\" : \"MENU +\"", + "\"abc_action_mode_done\" : \"Eginda\"", + "\"abc_capital_off\" : \"NONAKTIF\"", + "\"abc_searchview_description_clear\" : \"Futa hoja\"", + "\"abc_searchview_description_clear\" : \"清除查询\"", + "\"abc_capital_on\" : \"AKTIV\"", + "\"abc_activity_chooser_view_see_all\" : \"Zobraziť všetky\"", + "\"abc_searchview_description_search\" : \"সন্ধান\"", + "\"abc_action_menu_overflow_description\" : \"Weitere Optionen\"", + "\"abc_searchview_description_query\" : \"Sökfråga\"", + "\"abc_menu_space_shortcut_label\" : \"فاصله\"", + "\"abc_searchview_description_voice\" : \"Голосовий пошук\"", + "\"abc_shareactionprovider_share_with\" : \"Dijeli s\"", + "\"abc_searchview_description_query\" : \"Хайх асуулга\"", + "\"abc_toolbar_collapse_description\" : \"Minimieren\"", + "\"abc_capital_off\" : \"WYŁ.\"", + "\"abc_searchview_description_clear\" : \"Izbris poizvedbe\"", + "\"abc_searchview_description_search\" : \"Zoeken\"", + "\"abc_searchview_description_clear\" : \"ಪ್ರಶ್ನೆಯನ್ನು ತೆರವುಗೊಳಿಸಿ\"", + "\"abc_menu_enter_shortcut_label\" : \"Retorn\"", + "\"abc_action_mode_done\" : \"Tapos na\"", + "\"abc_shareactionprovider_share_with\" : \"Teilen mit\"", + "\"abc_action_mode_done\" : \"Fet\"", + "\"abc_action_mode_done\" : \"ተከናውኗል\"", + "\"abc_activity_chooser_view_see_all\" : \"Lihat semua\"", + "\"abc_action_bar_home_description\" : \"მთავარზე გადასვლა\"", + "\"abc_prepend_shortcut_label\" : \"Menyu+\"", + "\"abc_searchview_description_clear\" : \"Päringu tühistamine\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ktrl +\"", + "\"abc_activitychooserview_choose_application\" : \"Selecionar um app\"", + "\"abc_action_bar_home_description\" : \"Tunjukkan jalan ke rumah\"", + "\"abc_shareactionprovider_share_with_application\" : \"שיתוף עם %s\"", + "\"abc_menu_function_shortcut_label\" : \"Função +\"", + "\"abc_toolbar_collapse_description\" : \"Ocultar\"", + "\"abc_search_hint\" : \"Tafuta…\"", + "\"search_menu_title\" : \"Buscar\"", + "\"search_menu_title\" : \"ସର୍ଚ୍ଚ କରନ୍ତୁ\"", + "\"abc_searchview_description_submit\" : \"Pošaljite upit\"", + "\"abc_toolbar_collapse_description\" : \"Ciutkan\"", + "\"abc_searchview_description_clear\" : \"Slett søket\"", + "\"abc_searchview_description_search\" : \"Tìm kiếm\"", + "\"abc_searchview_description_submit\" : \"কোয়েরি জমা দিন\"", + "\"abc_menu_shift_shortcut_label\" : \"Shift+‎\"", + "\"abc_searchview_description_submit\" : \"ਪੁੱਛਗਿੱਛ ਸਪੁਰਦ ਕਰੋ\"", + "\"abc_search_hint\" : \"Введите запрос\"", + "\"abc_activitychooserview_choose_application\" : \"Izvēlieties lietotni\"", + "\"abc_capital_off\" : \"ИЗКЛ.\"", + "\"abc_capital_on\" : \"ВКЛ\"", + "\"abc_searchview_description_voice\" : \"Glasovna pretraga\"", + "\"abc_action_menu_overflow_description\" : \"Más opciones\"", + "\"abc_capital_off\" : \"I-OFF\"", + "\"abc_prepend_shortcut_label\" : \"Menu+\"", + "\"abc_capital_off\" : \"ӨШІРУ\"", + "\"abc_shareactionprovider_share_with\" : \"አጋራ በ\"", + "\"abc_activitychooserview_choose_application\" : \"አንድ መተግበሪያ ይምረጡ\"", + "\"abc_searchview_description_submit\" : \"Сурам тапшыруу\"", + "\"abc_searchview_description_clear\" : \"Изчистване на заявката\"", + "\"abc_menu_shift_shortcut_label\" : \"„Shift“ +\"", + "\"abc_capital_off\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‎‎‏‏‏‎‏‎‏‏‏‎‎‏‎‏‏‎‏‎‏‏‎‏‎‏‏‎‎‏‎‏‏‎‎‏‏‎‎‎‏‏‎‎‎‎‏‏‏‎‏‎‎‎‎‎‏‎‎‏‎OFF‎‏‎‎‏‎\"", + "\"abc_capital_off\" : \"გამორთვა\"", + "\"abc_action_bar_up_description\" : \"위로 이동\"", + "\"abc_menu_shift_shortcut_label\" : \"Tõstuklahv +\"", + "\"search_menu_title\" : \"શોધો\"", + "\"abc_search_hint\" : \"Szukaj…\"", + "\"abc_searchview_description_search\" : \"శోధన\"", + "\"mtrl_picker_range_header_unselected\" : \"Start date – End date\"", + "\"abc_activity_chooser_view_see_all\" : \"Pokaż wszystko\"", + "\"abc_toolbar_collapse_description\" : \"Sažmi\"", + "\"character_counter_content_description\" : \"Characters entered %1$d of %2$d\"", + "\"abc_searchview_description_query\" : \"Sesha umbuzo\"", + "\"abc_activity_chooser_view_see_all\" : \"Näytä kaikki\"", + "\"abc_menu_space_shortcut_label\" : \"mellemrum\"", + "\"abc_search_hint\" : \"ค้นหา…\"", + "\"search_menu_title\" : \"تلاش کریں\"", + "\"abc_search_hint\" : \"Haku…\"", + "\"abc_capital_on\" : \"YONIQ\"", + "\"abc_toolbar_collapse_description\" : \"Minnka\"", + "\"search_menu_title\" : \"ស្វែងរក\"", + "\"abc_searchview_description_submit\" : \"Ուղարկել հարցումը\"", + "\"abc_activitychooserview_choose_application\" : \"Kies 'n program\"", + "\"abc_searchview_description_search\" : \"検索\"", + "\"abc_capital_off\" : \"ஆஃப்\"", + "\"abc_capital_on\" : \"PÄÄLLÄ\"", + "\"abc_capital_on\" : \"AAN\"", + "\"abc_search_hint\" : \"ይፈልጉ…\"", + "\"abc_menu_delete_shortcut_label\" : \"supprimer\"", + "\"abc_capital_off\" : \"ఆఫ్\"", + "\"abc_searchview_description_search\" : \"ស្វែងរក\"", + "\"abc_searchview_description_clear\" : \"検索キーワードを削除\"", + "\"abc_shareactionprovider_share_with_application\" : \"Skupna raba z drugimi prek aplikacije %s\"", + "\"abc_searchview_description_submit\" : \"क्वेरी सबमिट करा\"", + "\"abc_action_mode_done\" : \"Болсон\"", + "\"abc_capital_off\" : \"FRA\"", + "\"abc_action_bar_up_description\" : \"Навигиране нагоре\"", + "\"abc_capital_on\" : \"开启\"", + "\"abc_menu_alt_shortcut_label\" : \"ALT +\"", + "\"abc_menu_sym_shortcut_label\" : \"Simbool+\"", + "\"abc_activitychooserview_choose_application\" : \"Ilovani tanlang\"", + "\"abc_menu_alt_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‎‎‏‎‎‎‎‏‎‎‏‎‏‎‏‎‎‎‎‏‎‎‏‎‏‎‎‏‏‏‏‏‏‎‏‏‏‎‎‎‎‏‏‏‎‏‎‎‎‏‎‏‏‏‎‏‏‏‏‏‎Alt+‎‏‎‎‏‎\"", + "\"abc_searchview_description_voice\" : \"Stemsoektog\"", + "\"abc_searchview_description_submit\" : \"提交查詢\"", + "\"abc_shareactionprovider_share_with_application\" : \"Partilhar com a aplicação %s\"", + "\"abc_action_bar_home_description\" : \"መነሻ ዳስስ\"", + "\"abc_searchview_description_query\" : \"Truy vấn tìm kiếm\"", + "\"abc_prepend_shortcut_label\" : \"Meniu+\"", + "\"abc_action_bar_home_description\" : \"ਹੋਮ 'ਤੇ ਜਾਓ\"", + "\"abc_searchview_description_search\" : \"Hledat\"", + "\"abc_action_bar_up_description\" : \"Fel\"", + "\"abc_searchview_description_submit\" : \"Kirim kueri\"", + "\"abc_action_bar_up_description\" : \"పైకి నావిగేట్ చేస్తుంది\"", + "\"abc_activity_chooser_view_see_all\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‎‎‏‏‏‏‎‏‎‎‏‏‎‏‎‏‏‎‏‏‏‏‏‎‎‏‏‏‎‎‏‏‏‏‎‏‎‎‏‎‎‎‎‏‏‎‎‎‎‏‏‎‏‎‎‏‏‏‏‎‏‎See all‎‏‎‎‏‎\"", + "\"abc_search_hint\" : \"Qidirish…\"", + "\"abc_searchview_description_voice\" : \"ಧ್ವನಿ ಹುಡುಕಾಟ\"", + "\"abc_searchview_description_voice\" : \"Puhehaku\"", + "\"abc_capital_off\" : \"ഓഫ്\"", + "\"abc_searchview_description_query\" : \"தேடல் வினவல்\"", + "\"abc_search_hint\" : \"ସର୍ଚ୍ଚ କରନ୍ତୁ…\"", + "\"abc_searchview_description_submit\" : \"Pošalji upit\"", + "\"abc_shareactionprovider_share_with_application\" : \"Kongsi dengan %s\"", + "\"abc_menu_alt_shortcut_label\" : \"„Alt“ +\"", + "\"abc_menu_enter_shortcut_label\" : \"INVIO\"", + "\"abc_activity_chooser_view_see_all\" : \"Преглед на всички\"", + "\"search_menu_title\" : \"検索\"", + "\"search_menu_title\" : \"সার্চ করুন\"", + "\"abc_activitychooserview_choose_application\" : \"යෙදුමක් තෝරන්න\"", + "\"abc_searchview_description_clear\" : \"ล้างคำค้นหา\"", + "\"abc_action_mode_done\" : \"सम्पन्न भयो\"", + "\"abc_shareactionprovider_share_with\" : \"Jaga:\"", + "\"abc_activity_chooser_view_see_all\" : \"सर्व पाहा\"", + "\"abc_shareactionprovider_share_with_application\" : \"Dela med %s\"", + "\"abc_searchview_description_clear\" : \"Wyczyść zapytanie\"", + "\"abc_shareactionprovider_share_with\" : \"இதில் பகிர்\"", + "\"abc_action_bar_up_description\" : \"Navega cap amunt\"", + "\"search_menu_title\" : \"శోధన\"", + "\"abc_searchview_description_query\" : \"ຄຳສຳລັບຄົ້ນຫາ\"", + "\"abc_menu_delete_shortcut_label\" : \"Delete 鍵\"", + "\"abc_action_bar_up_description\" : \"กลับ\"", + "\"abc_action_menu_overflow_description\" : \"Opsi lain\"", + "\"abc_action_menu_overflow_description\" : \"Više opcija\"", + "\"abc_action_mode_done\" : \"მზადაა\"", + "\"abc_action_bar_home_description\" : \"မူလနေရာကို ပြန်သွားရန်\"", + "\"abc_capital_off\" : \"VYP.\"", + "\"abc_prepend_shortcut_label\" : \"Menu மற்றும்\"", + "\"abc_searchview_description_voice\" : \"ਅਵਾਜ਼ੀ ਖੋਜ\"", + "\"abc_action_bar_home_description\" : \"ಹೋಮ್‌ಗೆ ನ್ಯಾವಿಗೇಟ್ ಮಾಡಿ\"", + "\"search_menu_title\" : \"Iskanje\"", + "\"abc_searchview_description_search\" : \"Претражите\"", + "\"abc_shareactionprovider_share_with\" : \"Delen met\"", + "\"abc_prepend_shortcut_label\" : \"Menú +\"", + "\"abc_action_menu_overflow_description\" : \"گزینه‌های بیشتر\"", + "\"abc_activity_chooser_view_see_all\" : \"সবগুলি দেখুন\"", + "\"abc_action_bar_up_description\" : \"Idite nagore\"", + "\"abc_prepend_shortcut_label\" : \"Valmynd+\"", + "\"abc_capital_off\" : \"ԱՆՋԱՏԵԼ\"", + "\"abc_prepend_shortcut_label\" : \"„Menu“ +\"", + "\"abc_searchview_description_voice\" : \"ভয়েস সার্চ করুন\"", + "\"abc_searchview_description_submit\" : \"Υποβολή ερωτήματος\"", + "\"abc_prepend_shortcut_label\" : \"Menü+\"", + "\"abc_shareactionprovider_share_with\" : \"Kopīgot ar:\"", + "\"abc_searchview_description_clear\" : \"მოთხოვნის გასუფთავება\"", + "\"abc_capital_on\" : \"ಆನ್\"", + "\"abc_activitychooserview_choose_application\" : \"Sélectionner une application\"", + "\"abc_searchview_description_search\" : \"Kërko\"", + "\"abc_capital_off\" : \"IMEZIMWA\"", + "\"mtrl_chip_close_icon_content_description\" : \"Remove %1$s\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s کے ساتھ اشتراک کریں\"", + "\"abc_menu_function_shortcut_label\" : \"Functie +\"", + "\"abc_shareactionprovider_share_with_application\" : \"Jaa: %s\"", + "\"abc_action_mode_done\" : \"हो गया\"", + "\"abc_shareactionprovider_share_with\" : \"Ndaje me\"", + "\"abc_searchview_description_search\" : \"ค้นหา\"", + "\"abc_action_menu_overflow_description\" : \"තවත් විකල්ප\"", + "\"abc_action_bar_up_description\" : \"Kembali ke atas\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ਨਾਲ ਸਾਂਝਾ ਕਰੋ\"", + "\"abc_search_hint\" : \"Որոնում…\"", + "\"abc_toolbar_collapse_description\" : \"تصغير\"", + "\"abc_menu_enter_shortcut_label\" : \"Eingabetaste\"", + "\"abc_search_hint\" : \"Pretražite…\"", + "\"abc_action_bar_home_description\" : \"Zur Startseite\"", + "\"abc_toolbar_collapse_description\" : \"Comprimi\"", + "\"abc_searchview_description_query\" : \"Consulta de cerca\"", + "\"abc_toolbar_collapse_description\" : \"Összecsukás\"", + "\"abc_action_menu_overflow_description\" : \"Autres options\"", + "\"abc_searchview_description_submit\" : \"Сұрауды жіберу\"", + "\"abc_activitychooserview_choose_application\" : \"Selecciona unha aplicación\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta taustiņš +\"", + "\"search_menu_title\" : \"Hledat\"", + "\"abc_action_bar_up_description\" : \"Siirry ylös\"", + "\"abc_searchview_description_search\" : \"Keresés\"", + "\"abc_search_hint\" : \"Keresés…\"", + "\"abc_shareactionprovider_share_with\" : \"Share with\"", + "\"abc_action_bar_up_description\" : \"Gaan op\"", + "\"abc_toolbar_collapse_description\" : \"Zwiń\"", + "\"abc_menu_delete_shortcut_label\" : \"избриши\"", + "\"abc_searchview_description_search\" : \"Szukaj\"", + "\"abc_search_hint\" : \"Buscar…\"", + "\"abc_toolbar_collapse_description\" : \"Zbaliť\"", + "\"abc_menu_function_shortcut_label\" : \"Funkcyjny+\"", + "\"abc_activitychooserview_choose_application\" : \"앱 선택\"", + "\"mtrl_picker_announce_current_selection\" : \"Current selection: %1$s\"", + "\"abc_action_menu_overflow_description\" : \"Altre opzioni\"", + "\"abc_prepend_shortcut_label\" : \"Menua +\"", + "\"abc_shareactionprovider_share_with_application\" : \"Shiriki ukitumia %s\"", + "\"search_menu_title\" : \"සෙවීම\"", + "\"abc_prepend_shortcut_label\" : \"Menüü +\"", + "\"abc_toolbar_collapse_description\" : \"Буулгах\"", + "\"abc_searchview_description_search\" : \"Telusuri\"", + "\"abc_menu_delete_shortcut_label\" : \"устгах\"", + "\"abc_menu_delete_shortcut_label\" : \"kustuta\"", + "\"abc_toolbar_collapse_description\" : \"Réduire\"", + "\"abc_menu_shift_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‎‎‎‎‏‏‎‎‎‏‏‎‎‏‏‎‎‏‏‏‎‏‎‎‏‏‎‎‎‎‎‏‏‎‏‎‏‏‎‎‎‎‎‎‎‎‏‎‎‏‎‎‎‏‏‏‎‏‎‎‎Shift+‎‏‎‎‏‎\"", + "\"abc_searchview_description_clear\" : \"কোয়েরি মুছে ফেলুন\"", + "\"abc_searchview_description_clear\" : \"କ୍ୱେରୀ ଖାଲି କରନ୍ତୁ\"", + "\"abc_searchview_description_submit\" : \"Наіслати запит\"", + "\"abc_menu_ctrl_shortcut_label\" : \"‎Ctrl+‎\"", + "\"abc_searchview_description_search\" : \"ସର୍ଚ୍ଚ କରନ୍ତୁ\"", + "\"abc_action_menu_overflow_description\" : \"ज़्यादा विकल्प\"", + "\"abc_capital_on\" : \"ИДЭВХТЭЙ\"", + "\"abc_searchview_description_clear\" : \"So‘rovni o‘chirish\"", + "\"abc_action_bar_home_description\" : \"转到首页\"", + "\"abc_activitychooserview_choose_application\" : \"ଗୋଟିଏ ଆପ୍‍ ବାଛନ୍ତୁ\"", + "\"abc_activity_chooser_view_see_all\" : \"Tout afficher\"", + "\"abc_activitychooserview_choose_application\" : \"ആപ്പ് തിരഞ്ഞെടുക്കുക\"", + "\"abc_capital_on\" : \"ACTIVER\"", + "\"abc_search_hint\" : \"Претражите…\"", + "\"abc_action_mode_done\" : \"Gereed\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s orqali ulashish\"", + "\"abc_action_menu_overflow_description\" : \"વધુ વિકલ્પો\"", + "\"abc_action_menu_overflow_description\" : \"További lehetőségek\"", + "\"abc_action_menu_overflow_description\" : \"Máis opcións\"", + "\"abc_menu_sym_shortcut_label\" : \"Symbol + \"", + "\"abc_capital_on\" : \"SEES\"", + "\"abc_search_hint\" : \"ಹುಡುಕಿ…\"", + "\"search_menu_title\" : \"Іздеу\"", + "\"abc_activitychooserview_choose_application\" : \"Alegeți o aplicație\"", + "\"abc_searchview_description_search\" : \"Ara\"", + "\"abc_menu_space_shortcut_label\" : \"боштук\"", + "\"abc_search_hint\" : \"Αναζήτηση…\"", + "\"abc_action_bar_home_description\" : \"Prejsť na plochu\"", + "\"abc_searchview_description_query\" : \"درخواست جستجو\"", + "\"abc_searchview_description_submit\" : \"ရှာဖွေစရာ အချက်အလက်ကို ပေးပို့ရန်\"", + "\"abc_searchview_description_clear\" : \"Ta bort frågan\"", + "\"abc_action_bar_home_description\" : \"Joan orri nagusira\"", + "\"abc_searchview_description_search\" : \"Haku\"", + "\"abc_searchview_description_query\" : \"সন্ধান কৰা প্ৰশ্ন\"", + "\"abc_searchview_description_query\" : \"ਖੋਜ ਪੁੱਛਗਿੱਛ\"", + "\"abc_action_menu_overflow_description\" : \"Mai multe opțiuni\"", + "\"abc_shareactionprovider_share_with\" : \"Dijeli sa\"", + "\"abc_toolbar_collapse_description\" : \"Yig‘ish\"", + "\"abc_searchview_description_voice\" : \"Hlasové vyhľadávanie\"", + "\"mtrl_picker_text_input_month_abbr\" : \"m\"", + "\"abc_shareactionprovider_share_with\" : \"শেয়ার করুন\"", + "\"search_menu_title\" : \"Ara\"", + "\"abc_menu_delete_shortcut_label\" : \"حذف\"", + "\"search_menu_title\" : \"Αναζήτηση\"", + "\"abc_activity_chooser_view_see_all\" : \"Prikaži sve\"", + "\"abc_activity_chooser_view_see_all\" : \"Ikusi guztiak\"", + "\"abc_action_bar_home_description\" : \"गृह पृष्ठमा जानुहोस्\"", + "\"abc_capital_on\" : \"ဖွင့်ရန်\"", + "\"abc_capital_on\" : \"تفعيل\"", + "\"abc_toolbar_collapse_description\" : \"સંકુચિત કરો\"", + "\"abc_activitychooserview_choose_application\" : \"একটি অ্যাপ বেছে নিন\"", + "\"abc_capital_off\" : \"ЗНИЖКА\"", + "\"abc_activitychooserview_choose_application\" : \"בחירת אפליקציה\"", + "\"abc_menu_delete_shortcut_label\" : \"ଡିଲିଟ୍‍\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s மூலம் பகிர்\"", + "\"abc_menu_enter_shortcut_label\" : \"Enter\"", + "\"abc_action_mode_done\" : \"Gotovo\"", + "\"abc_action_mode_done\" : \"تم\"", + "\"abc_shareactionprovider_share_with\" : \"వీరితో షేర్ చేస్తుంది\"", + "\"abc_action_bar_home_description\" : \"ઘરનો રસ્તો બતાવો\"", + "\"abc_action_menu_overflow_description\" : \"Meer opties\"", + "\"fab_transformation_scrim_behavior\" : \"com.google.android.material.transformation.FabTransformationScrimBehavior\"", + "\"search_menu_title\" : \"Keresés\"", + "\"mtrl_picker_toggle_to_year_selection\" : \"Tap to switch to selecting a year\"", + "\"abc_activitychooserview_choose_application\" : \"Tətbiq seçin\"", + "\"abc_action_bar_up_description\" : \"Перайсці ўверх\"", + "\"abc_activitychooserview_choose_application\" : \"Scelta di un'app\"", + "\"abc_action_bar_up_description\" : \"Zulazulela phezulu\"", + "\"abc_searchview_description_search\" : \"Pesquisar\"", + "\"abc_activitychooserview_choose_application\" : \"एउटा अनुप्रयोग छान्नुहोस्\"", + "\"abc_capital_off\" : \"关闭\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl + \"", + "\"abc_searchview_description_clear\" : \"محو طلب البحث\"", + "\"abc_action_bar_up_description\" : \"Fara upp\"", + "\"abc_shareactionprovider_share_with\" : \"مشاركة مع\"", + "\"abc_shareactionprovider_share_with\" : \"Поділитися:\"", + "\"abc_menu_function_shortcut_label\" : \"Function+‎\"", + "\"search_menu_title\" : \"Axtarın\"", + "\"abc_prepend_shortcut_label\" : \"ମେନୁ\"", + "\"abc_menu_shift_shortcut_label\" : \"MAIUSC +\"", + "\"abc_activity_chooser_view_see_all\" : \"Tingnan lahat\"", + "\"abc_menu_delete_shortcut_label\" : \"हटवा\"", + "\"abc_menu_space_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‎‎‎‎‏‎‎‎‎‎‎‏‎‎‏‎‎‏‏‏‏‎‏‏‎‎‎‏‏‏‏‎‏‏‏‏‎‎‎‏‏‏‏‎‏‏‎‏‎‏‏‎‏‏‏‏‎‏‎‏‎‎space‎‏‎‎‏‎\"", + "\"abc_capital_off\" : \"DESACTIVADO\"", + "\"abc_search_hint\" : \"검색...\"", + "\"abc_action_bar_home_description\" : \"Перайсці на галоўную старонку\"", + "\"abc_menu_enter_shortcut_label\" : \"retur\"", + "\"abc_searchview_description_clear\" : \"Сұрауды өшіру\"", + "\"abc_menu_delete_shortcut_label\" : \"ลบ\"", + "\"abc_searchview_description_search\" : \"تلاش کریں\"", + "\"abc_menu_meta_shortcut_label\" : \"„Meta“ +\"", + "\"abc_searchview_description_submit\" : \"Odoslať dopyt\"", + "\"abc_action_menu_overflow_description\" : \"Još opcija\"", + "\"abc_activitychooserview_choose_application\" : \"Pumili ng app\"", + "\"abc_activity_chooser_view_see_all\" : \"ሁሉንም ይመልከቱ\"", + "\"abc_searchview_description_voice\" : \"Kërkim me zë\"", + "\"abc_searchview_description_search\" : \"Qidiruv\"", + "\"abc_menu_delete_shortcut_label\" : \"מחיקה\"", + "\"abc_shareactionprovider_share_with_application\" : \"ለ%s አጋራ\"", + "\"abc_search_hint\" : \"Otsige …\"", + "\"abc_menu_shift_shortcut_label\" : \"Shift மற்றும்\"", + "\"abc_shareactionprovider_share_with\" : \"Поделиться с помощью\"", + "\"abc_activitychooserview_choose_application\" : \"Seleccionar una aplicación\"", + "\"action_settings\" : \"Settings\"", + "\"abc_action_menu_overflow_description\" : \"Бусад сонголт\"", + "\"abc_searchview_description_query\" : \"Consulta de pesquisa\"", + "\"status_bar_notification_info_overflow\" : \">999\"", + "\"abc_menu_shift_shortcut_label\" : \"Shift +\"", + "\"mtrl_picker_range_header_only_start_selected\" : \"%1$s – End date\"", + "\"abc_searchview_description_query\" : \"શોધ ક્વેરી\"", + "\"abc_shareactionprovider_share_with\" : \"Zdieľať s\"", + "\"abc_action_bar_up_description\" : \"Torna indietro\"", + "\"abc_action_bar_up_description\" : \"Přejít nahoru\"", + "\"abc_shareactionprovider_share_with\" : \"Del med\"", + "\"abc_action_bar_up_description\" : \"التنقل إلى أعلى\"", + "\"abc_search_hint\" : \"Meklējiet…\"", + "\"abc_activity_chooser_view_see_all\" : \"Показать все\"", + "\"abc_menu_space_shortcut_label\" : \"espacio\"", + "\"abc_action_bar_home_description\" : \"​ទៅទំព័រដើម\"", + "\"abc_searchview_description_clear\" : \"Izbriši upit\"", + "\"abc_action_menu_overflow_description\" : \"Այլ ընտրանքներ\"", + "\"abc_action_bar_home_description\" : \"Идите на почетну\"", + "\"abc_searchview_description_submit\" : \"ప్రశ్నని సమర్పిస్తుంది\"", + "\"abc_searchview_description_voice\" : \"Talesøk\"", + "\"mtrl_picker_out_of_range\" : \"Out of range: %1$s\"", + "\"abc_menu_function_shortcut_label\" : \"Function+\"", + "\"abc_action_bar_home_description\" : \"홈으로 이동\"", + "\"abc_menu_shift_shortcut_label\" : \"Mayúscula+\"", + "\"abc_shareactionprovider_share_with_application\" : \"Delen met %s\"", + "\"abc_activity_chooser_view_see_all\" : \"See all\"", + "\"lable_login\" : \"Log in.\"", + "\"abc_prepend_shortcut_label\" : \"תפריט+\"", + "\"abc_capital_on\" : \"ჩართვა\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ဖြင့် မျှဝေရန်\"", + "\"abc_searchview_description_submit\" : \"استفسار جمع کرائیں\"", + "\"abc_activity_chooser_view_see_all\" : \"Паказаць усе\"", + "\"search_menu_title\" : \"Ieškoti\"", + "\"abc_shareactionprovider_share_with\" : \"Споделяне със:\"", + "\"abc_capital_off\" : \"IZSLĒGT\"", + "\"abc_activitychooserview_choose_application\" : \"Välj en app\"", + "\"abc_search_hint\" : \"शोधा…\"", + "\"abc_searchview_description_clear\" : \"විමසුම හිස් කරන්න\"", + "\"abc_shareactionprovider_share_with\" : \"ଏହାଙ୍କ ସହ ସେୟାର୍‌ କରନ୍ତୁ\"", + "\"abc_searchview_description_query\" : \"Dotaz pro vyhledávání\"", + "\"abc_searchview_description_submit\" : \"Skicka fråga\"", + "\"abc_activity_chooser_view_see_all\" : \"دیدن همه\"", + "\"search_menu_title\" : \"ძიება\"", + "\"abc_shareactionprovider_share_with\" : \"Бөлісу\"", + "\"abc_activity_chooser_view_see_all\" : \"הצגת הכול\"", + "\"abc_action_bar_home_description\" : \"Přejít na plochu\"", + "\"abc_shareactionprovider_share_with\" : \"Condividi con\"", + "\"abc_action_bar_home_description\" : \"Navegar para a página inicial\"", + "\"abc_searchview_description_submit\" : \"Päringu esitamine\"", + "\"abc_action_bar_up_description\" : \"رفتن به بالا\"", + "\"abc_capital_off\" : \"ಆಫ್\"", + "\"abc_menu_function_shortcut_label\" : \"Function மற்றும்\"", + "\"abc_action_bar_home_description\" : \"Mag-navigate sa home\"", + "\"abc_capital_on\" : \"AKTIF\"", + "\"abc_menu_enter_shortcut_label\" : \"оруулах\"", + "\"abc_searchview_description_submit\" : \"ಪ್ರಶ್ನೆಯನ್ನು ಸಲ್ಲಿಸಿ\"", + "\"abc_shareactionprovider_share_with_application\" : \"Bagikan dengan %s\"", + "\"abc_searchview_description_search\" : \"Realiza buscas\"", + "\"abc_searchview_description_query\" : \"ಪ್ರಶ್ನೆಯನ್ನು ಹುಡುಕಿ\"", + "\"abc_action_mode_done\" : \"पूर्ण झाले\"", + "\"abc_shareactionprovider_share_with_application\" : \"هم‌رسانی با %s\"", + "\"abc_searchview_description_query\" : \"検索キーワード\"", + "\"abc_search_hint\" : \"వెతకండి…\"", + "\"abc_capital_on\" : \"OUI\"", + "\"abc_toolbar_collapse_description\" : \"Reduzir\"", + "\"abc_capital_on\" : \"КҮЙҮК\"", + "\"mtrl_picker_range_header_selected\" : \"%1$s – %2$s\"", + "\"abc_action_bar_home_description\" : \"මුල් පිටුවට සංචාලනය කරන්න\"", + "\"abc_capital_on\" : \"آن\"", + "\"mtrl_picker_toggle_to_calendar_input_mode\" : \"Switch to calendar input mode\"", + "\"abc_activity_chooser_view_see_all\" : \"Прикажи све\"", + "\"character_counter_pattern\" : \"%1$d / %2$d\"", + "\"btn_login\" : \"Log in\"", + "\"abc_search_hint\" : \"ស្វែងរក…\"", + "\"abc_searchview_description_voice\" : \"Гласовно пребарување\"", + "\"abc_menu_function_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‎‎‎‎‏‎‏‎‎‎‎‎‏‎‎‎‎‏‏‏‏‎‎‎‏‎‎‎‏‏‏‎‏‎‎‎‎‎‏‏‎‏‏‏‎‎‏‏‎‏‏‎‎‎‎‏‎‏‎‎‏‏‎Function+‎‏‎‎‏‎\"", + "\"abc_capital_on\" : \"ВКЛУЧЕНО\"", + "\"abc_menu_space_shortcut_label\" : \"διάστημα\"", + "\"abc_shareactionprovider_share_with\" : \"공유 대상:\"", + "\"abc_search_hint\" : \"Ara…\"", + "\"abc_action_menu_overflow_description\" : \"Rohkem valikuid\"", + "\"fab_transformation_sheet_behavior\" : \"com.google.android.material.transformation.FabTransformationSheetBehavior\"", + "\"search_menu_title\" : \"Telusuri\"", + "\"abc_menu_enter_shortcut_label\" : \"„enter“\"", + "\"abc_searchview_description_search\" : \"Sesha\"", + "\"abc_action_bar_up_description\" : \"Liigu üles\"", + "\"abc_searchview_description_query\" : \"Requête de recherche\"", + "\"abc_toolbar_collapse_description\" : \"Skjul\"", + "\"abc_activitychooserview_choose_application\" : \"ਇੱਕ ਐਪ ਚੁਣੋ\"", + "\"abc_search_hint\" : \"தேடுக…\"", + "\"abc_shareactionprovider_share_with\" : \"Төмөнкү менен бөлүшүү\"", + "\"abc_action_mode_done\" : \"ಮುಗಿದಿದೆ\"", + "\"abc_toolbar_collapse_description\" : \"Sakļaut\"", + "\"search_menu_title\" : \"ရှာဖွေမှု\"", + "\"abc_toolbar_collapse_description\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‎‏‏‎‎‏‎‎‎‎‎‎‏‏‏‎‏‏‏‎‎‎‎‏‏‏‎‏‏‏‎‎‎‏‏‏‎‎‎‏‏‎‎‏‏‎‏‏‏‏‏‎‏‏‎‏‏‏‎‏‎Collapse‎‏‎‎‏‎\"", + "\"abc_action_menu_overflow_description\" : \"Diğer seçenekler\"", + "\"password_toggle_content_description\" : \"Show password\"", + "\"abc_search_hint\" : \"සොයන්න...\"", + "\"abc_action_bar_up_description\" : \"Omhoog navigeren\"", + "\"abc_menu_space_shortcut_label\" : \"blanksteg\"", + "\"abc_toolbar_collapse_description\" : \"Suzi\"", + "\"abc_searchview_description_search\" : \"Търсене\"", + "\"abc_action_menu_overflow_description\" : \"ជម្រើសច្រើនទៀត\"", + "\"abc_activity_chooser_view_see_all\" : \"Mostra-ho tot\"", + "\"mtrl_picker_toggle_to_day_selection\" : \"Tap to switch to selecting a day\"", + "\"abc_capital_off\" : \"ଅଫ୍\"", + "\"abc_searchview_description_search\" : \"ಹುಡುಕಿ\"", + "\"chip_text\" : \"Chip text\"", + "\"abc_capital_on\" : \"ເປີດ\"", + "\"mtrl_picker_text_input_date_range_start_hint\" : \"Start date\"", + "\"abc_searchview_description_clear\" : \"வினவலை அழிக்கும்\"", + "\"abc_search_hint\" : \"Maghanap…\"", + "\"abc_searchview_description_query\" : \"Search query\"", + "\"abc_menu_space_shortcut_label\" : \"스페이스바\"", + "\"mtrl_picker_invalid_range\" : \"Invalid range.\"", + "\"abc_searchview_description_clear\" : \"Limpar consulta\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s аркылуу бөлүшүү\"", + "\"abc_toolbar_collapse_description\" : \"சுருக்கும்\"", + "\"abc_searchview_description_search\" : \"검색\"", + "\"abc_action_bar_up_description\" : \"Идите нагоре\"", + "\"abc_action_mode_done\" : \"Gatavs\"", + "\"abc_searchview_description_query\" : \"සෙවුම් විමසුම\"", + "\"abc_shareactionprovider_share_with\" : \"इससे शेयर करें:\"", + "\"mtrl_picker_invalid_format_use\" : \"Use: %1$s\"", + "\"abc_searchview_description_clear\" : \"Xóa truy vấn\"", + "\"abc_menu_space_shortcut_label\" : \"välilyönti\"", + "\"abc_search_hint\" : \"Căutați…\"", + "\"abc_shareactionprovider_share_with\" : \"Trimiteți la\"", + "\"abc_action_bar_home_description\" : \"Navigasi laman utama\"", + "\"abc_searchview_description_clear\" : \"Clear query\"", + "\"abc_menu_delete_shortcut_label\" : \"ລຶບ\"", + "\"abc_action_mode_done\" : \"Τέλος\"", + "\"abc_searchview_description_submit\" : \"Пошаљите упит\"", + "\"abc_prepend_shortcut_label\" : \"Kieslys+\"", + "\"abc_searchview_description_search\" : \"തിരയുക\"", + "\"abc_shareactionprovider_share_with_application\" : \"Ibahagi gamit ang %s\"", + "\"abc_searchview_description_voice\" : \"Penelusuran suara\"", + "\"abc_action_menu_overflow_description\" : \"Ещё\"", + "\"abc_searchview_description_submit\" : \"検索キーワードを送信\"", + "\"abc_menu_space_shortcut_label\" : \"razmak\"", + "\"abc_capital_on\" : \"BE\"", + "\"search_menu_title\" : \"Издөө\"", + "\"abc_searchview_description_search\" : \"搜尋\"", + "\"abc_action_menu_overflow_description\" : \"Nog opsies\"", + "\"abc_action_menu_overflow_description\" : \"Opsione të tjera\"", + "\"abc_searchview_description_voice\" : \"語音搜尋\"", + "\"abc_searchview_description_search\" : \"Tafuta\"", + "\"abc_searchview_description_voice\" : \"Sesli arama\"", + "\"abc_shareactionprovider_share_with\" : \"Ulashish\"", + "\"abc_toolbar_collapse_description\" : \"හකුළන්න\"", + "\"abc_menu_shift_shortcut_label\" : \"Shift+\"", + "\"exposed_dropdown_menu_content_description\" : \"Show dropdown menu\"", + "\"abc_searchview_description_submit\" : \"Senda fyrirspurn\"", + "\"status_bar_notification_info_overflow\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‎‏‎‏‏‏‎‎‎‏‏‏‏‎‎‏‎‎‏‏‎‏‎‏‏‎‎‏‎‏‏‎‎‎‏‎‎‎‎‎‎‎‏‎‎‎‎‏‎‏‎‏‎‎‎‎‏‎‎‎‎‎‎999+‎‏‎‎‏‎\"", + "\"search_menu_title\" : \"Претражите\"", + "\"abc_capital_off\" : \"DESACTIVA\"", + "\"abc_action_mode_done\" : \"Concluído\"", + "\"select_file\" : \"Select file\"", + "\"abc_searchview_description_clear\" : \"Удалить запрос\"", + "\"abc_searchview_description_query\" : \"Termen de căutare\"", + "\"abc_activitychooserview_choose_application\" : \"Chagua programu\"", + "\"abc_menu_enter_shortcut_label\" : \"एंटर करा\"", + "\"abc_menu_function_shortcut_label\" : \"Funksie+\"", + "\"abc_searchview_description_clear\" : \"ક્વેરી સાફ કરો\"", + "\"abc_toolbar_collapse_description\" : \"संक्षिप्त गर्नुहोस्\"", + "\"abc_searchview_description_clear\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‎‎‏‏‎‎‏‏‏‎‏‏‏‏‏‏‎‏‏‏‏‏‎‏‎‏‎‏‎‎‏‎‎‎‎‏‎‎‎‏‏‎‏‏‏‏‎‎‎‎‎‎‎‎‎‎‏‎‎‏‎Clear query‎‏‎‎‏‎\"", + "\"abc_search_hint\" : \"Vyhľadať…\"", + "\"abc_toolbar_collapse_description\" : \"ยุบ\"", + "\"abc_searchview_description_search\" : \"Search\"", + "\"abc_menu_function_shortcut_label\" : \"Функц+\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym +\"", + "\"abc_action_bar_home_description\" : \"ହୋମ୍ ପେଜ୍‌କୁ ନେଭିଗେଟ୍ କରନ୍ତୁ\"", + "\"abc_toolbar_collapse_description\" : \"ຫຍໍ້ລົງ\"", + "\"abc_search_hint\" : \"Sesha…\"", + "\"abc_capital_on\" : \"चालू\"", + "\"abc_action_mode_done\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‏‎‎‎‏‎‎‏‎‎‏‎‏‏‏‎‏‎‎‎‏‏‏‎‎‏‎‎‏‏‏‎‎‏‎‎‎‏‏‎‏‎‎‏‎‎‎‎‏‎‎‏‎‏‏‏‏‎‏‏‎Done‎‏‎‎‏‎\"", + "\"abc_menu_delete_shortcut_label\" : \"slet\"", + "\"abc_action_mode_done\" : \"تمام\"", + "\"abc_searchview_description_submit\" : \"Zoekopdracht verzenden\"", + "\"abc_searchview_description_clear\" : \"መጠይቅ አጽዳ\"", + "\"abc_toolbar_collapse_description\" : \"လျှော့ပြရန်\"", + "\"abc_action_bar_up_description\" : \"ზემოთ გადასვლა\"", + "\"abc_searchview_description_query\" : \"Søkeord\"", + "\"abc_action_bar_home_description\" : \"హోమ్‌కు నావిగేట్ చేస్తుంది\"", + "\"abc_searchview_description_voice\" : \"Paieška balsu\"", + "\"abc_searchview_description_voice\" : \"Галасавы пошук\"", + "\"abc_activity_chooser_view_see_all\" : \"Visa alla\"", + "\"search_menu_title\" : \"Pesquisar\"", + "\"abc_action_bar_up_description\" : \"ניווט למעלה\"", + "\"abc_toolbar_collapse_description\" : \"Yığcamlaşdırın\"", + "\"abc_activity_chooser_view_see_all\" : \"查看全部\"", + "\"abc_prepend_shortcut_label\" : \"Valikko+\"", + "\"abc_activity_chooser_view_see_all\" : \"Sjá allt\"", + "\"abc_toolbar_collapse_description\" : \"کوچک کردن\"", + "\"abc_searchview_description_query\" : \"Søgeforespørgsel\"", + "\"abc_capital_off\" : \"ਬੰਦ\"", + "\"abc_searchview_description_submit\" : \"Envia la consulta\"", + "\"abc_searchview_description_submit\" : \"வினவலைச் சமர்ப்பிக்கும்\"", + "\"abc_toolbar_collapse_description\" : \"Ahendamine\"", + "\"abc_search_hint\" : \"ຊອກຫາ…\"", + "\"abc_searchview_description_submit\" : \"שליחת שאילתה\"", + "\"abc_toolbar_collapse_description\" : \"Thu gọn\"", + "\"abc_searchview_description_voice\" : \"Гласово търсене\"", + "\"abc_action_bar_up_description\" : \"Joan gora\"", + "\"abc_searchview_description_query\" : \"搜尋查詢\"", + "\"abc_searchview_description_search\" : \"Sök\"", + "\"abc_searchview_description_voice\" : \"ଭଏସ୍‌ ସର୍ଚ୍ଚ\"", + "\"abc_menu_space_shortcut_label\" : \"зай\"", + "\"abc_shareactionprovider_share_with_application\" : \"%sと共有\"", + "\"abc_shareactionprovider_share_with_application\" : \"%sతో షేర్ చేస్తుంది\"", + "\"abc_action_bar_home_description\" : \"Krmarjenje na začetek\"", + "\"login\" : \"Login\"", + "\"abc_toolbar_collapse_description\" : \"ചുരുക്കുക\"", + "\"abc_menu_function_shortcut_label\" : \"Funció+\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt + \"", + "\"search_menu_title\" : \"Cerca\"", + "\"abc_searchview_description_clear\" : \"Hreinsa fyrirspurn\"", + "\"search_menu_title\" : \"ค้นหา\"", + "\"abc_shareactionprovider_share_with\" : \"Deila með\"", + "\"abc_activity_chooser_view_see_all\" : \"Ver todas\"", + "\"character_counter_overflowed_content_description\" : \"Character limit exceeded %1$d of %2$d\"", + "\"abc_capital_off\" : \"MATI\"", + "\"abc_menu_function_shortcut_label\" : \"ഫംഗ്ഷന്‍+\"", + "\"abc_searchview_description_voice\" : \"Röstsökning\"", + "\"abc_capital_off\" : \"ပိတ်ရန်\"", + "\"abc_action_bar_home_description\" : \"Navigate home\"", + "\"path_password_eye_mask_visible\" : \"M2,4.27 L2,4.27 L4.54,1.73 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", + "\"abc_capital_off\" : \"SLÖKKT\"", + "\"search_menu_title\" : \"Rechercher\"", + "\"abc_searchview_description_submit\" : \"إرسال طلب البحث\"", + "\"abc_activitychooserview_choose_application\" : \"Выберыце праграму\"", + "\"abc_menu_sym_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‏‏‎‎‏‏‏‎‏‏‏‏‏‎‏‎‏‎‏‏‎‎‎‏‎‏‎‏‎‏‎‎‏‎‎‏‏‏‏‏‏‏‎‎‏‎‏‎‎‎‎‎‏‎‎‎‎‎‎‏‎Sym+‎‏‎‎‏‎\"", + "\"abc_action_bar_home_description\" : \"Navegar a la página principal\"", + "\"abc_menu_space_shortcut_label\" : \"SPAZIO\"", + "\"abc_searchview_description_voice\" : \"Búsqueda por voz\"", + "\"search_menu_title\" : \"ፍለጋ\"", + "\"abc_activitychooserview_choose_application\" : \"Odaberite aplikaciju\"", + "\"abc_shareactionprovider_share_with\" : \"Skupna raba z:\"", + "\"search_menu_title\" : \"Maghanap\"", + "\"abc_search_hint\" : \"חיפוש…\"", + "\"abc_action_menu_overflow_description\" : \"আরও বিকল্প\"", + "\"abc_searchview_description_search\" : \"Bilatu\"", + "\"abc_prepend_shortcut_label\" : \"Meny + \"", + "\"abc_searchview_description_voice\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‎‏‏‎‎‎‏‏‎‎‏‏‎‎‎‎‏‎‎‎‎‎‎‏‎‏‏‏‏‏‎‏‏‏‎‎‏‏‏‎‎‎‏‎‏‎‎‏‏‎‏‏‎‎‏‎‎‎‏‏‎‎Voice search‎‏‎‎‏‎\"", + "\"abc_menu_sym_shortcut_label\" : \"‎Sym+‎\"", + "\"abc_menu_function_shortcut_label\" : \"Funkcijas taustiņš +\"", + "\"abc_searchview_description_submit\" : \"Trimiteți interogarea\"", + "\"abc_search_hint\" : \"Cerca…\"", + "\"abc_menu_shift_shortcut_label\" : \"Maiús +\"", + "\"abc_menu_space_shortcut_label\" : \"فضاء\"", + "\"abc_shareactionprovider_share_with\" : \"Delite pomoću\"", + "\"abc_action_bar_up_description\" : \"Движи се нагоре\"", + "\"abc_capital_on\" : \"ACTIVADO\"", + "\"abc_action_menu_overflow_description\" : \"Басқа опциялар\"", + "\"abc_searchview_description_clear\" : \"Διαγραφή ερωτήματος\"", + "\"abc_searchview_description_voice\" : \"Voice search\"", + "\"abc_menu_space_shortcut_label\" : \"spasi\"", + "\"abc_action_menu_overflow_description\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‎‎‎‏‏‏‎‎‏‏‏‎‎‎‏‎‎‏‏‏‎‏‎‎‏‏‎‎‏‎‎‏‎‏‎‏‎‎‎‏‏‏‎‏‎‎‎‏‏‎‏‎‎‎‏‎‎‏‏‎‎More options‎‏‎‎‏‎\"", + "\"abc_action_menu_overflow_description\" : \"추가 옵션\"", + "\"abc_action_bar_up_description\" : \"Gå opp\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s मार्फत आदान प्रदान गर्नुहोस्\"", + "\"abc_shareactionprovider_share_with_application\" : \"Deel met %s\"", + "\"abc_action_bar_up_description\" : \"Navigate up\"", + "\"abc_search_hint\" : \"Iskanje …\"", + "\"abc_activitychooserview_choose_application\" : \"เลือกแอป\"", + "\"abc_search_hint\" : \"Търсете…\"", + "\"status_bar_notification_info_overflow\" : \"+999\"", + "\"abc_shareactionprovider_share_with\" : \"આની સાથે શેર કરો\"", + "\"abc_menu_shift_shortcut_label\" : \"Skift + \"", + "\"abc_action_bar_home_description\" : \"گھر کی طرف نیویگیٹ کریں\"", + "\"abc_capital_on\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‎‏‏‏‏‎‏‎‎‎‎‏‏‏‏‎‏‎‎‎‎‏‏‏‏‏‏‎‎‏‎‎‎‏‎‏‎‎‏‎‎‎‏‎‎‎‎‎‎‎‎‏‏‏‎‏‏‏‎‏‏‎ON‎‏‎‎‏‎\"", + "\"abc_searchview_description_clear\" : \"清除查詢\"", + "\"abc_search_hint\" : \"തിരയുക…\"", + "\"abc_toolbar_collapse_description\" : \"Kunja\"", + "\"abc_capital_off\" : \"បិទ\"", + "\"abc_action_menu_overflow_description\" : \"ਹੋਰ ਵਿਕਲਪ\"", + "\"abc_toolbar_collapse_description\" : \"Vou in\"", + "\"abc_menu_space_shortcut_label\" : \"ruang\"", + "\"search_menu_title\" : \"Meklēt\"", + "\"abc_action_mode_done\" : \"Fine\"", + "\"abc_searchview_description_query\" : \"搜索查询\"", + "\"abc_activitychooserview_choose_application\" : \"कोई ऐप्लिकेशन चुनें\"", + "\"app_name\" : \"InsecureShop\"", + "\"abc_action_bar_up_description\" : \"Жоғары қарай өту\"", + "\"search_menu_title\" : \"חיפוש\"", + "\"abc_menu_space_shortcut_label\" : \"mezerník\"", + "\"abc_action_menu_overflow_description\" : \"More options\"", + "\"path_password_strike_through\" : \"M3.27,4.27 L19.74,20.74\"", + "\"abc_menu_space_shortcut_label\" : \"Space\"", + "\"abc_action_menu_overflow_description\" : \"మరిన్ని ఎంపికలు\"", + "\"abc_capital_off\" : \"ИДЭВХГҮЙ\"", + "\"abc_menu_delete_shortcut_label\" : \"Delete 键\"", + "\"abc_searchview_description_query\" : \"Bilaketa-kontsulta\"", + "\"abc_menu_function_shortcut_label\" : \"Fn +\"", + "\"abc_capital_off\" : \"IŠJUNGTI\"", + "\"search_menu_title\" : \"Хайх\"", + "\"abc_searchview_description_search\" : \"جستجو\"", + "\"abc_capital_on\" : \"I-ON\"", + "\"abc_capital_on\" : \"WŁ.\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta+‎\"", + "\"abc_action_menu_overflow_description\" : \"Lagi pilihan\"", + "\"abc_searchview_description_clear\" : \"क्वेरी खाली गर्नुहोस्\"", + "\"abc_activity_chooser_view_see_all\" : \"Прикажи ги сите\"", + "\"abc_action_mode_done\" : \"Nimemaliza\"", + "\"abc_capital_off\" : \"آف\"", + "\"abc_action_bar_home_description\" : \"Siirry etusivulle\"", + "\"hint_password\" : \"Password\"", + "\"abc_shareactionprovider_share_with_application\" : \"ចែក​រំលែក​ជា​មួយ %s\"", + "\"abc_searchview_description_search\" : \"Cerca\"", + "\"abc_menu_space_shortcut_label\" : \"bilslá\"", + "\"hide_bottom_view_on_scroll_behavior\" : \"com.google.android.material.behavior.HideBottomViewOnScrollBehavior\"", + "\"abc_capital_on\" : \"UKLJUČENO\"", + "\"abc_activitychooserview_choose_application\" : \"Вибрати програму\"", + "\"abc_searchview_description_voice\" : \"Meklēt ar balsi\"", + "\"abc_searchview_description_voice\" : \"Φωνητική αναζήτηση\"", + "\"abc_searchview_description_query\" : \"Keresési lekérdezés\"", + "\"abc_shareactionprovider_share_with\" : \"Paylaşın\"", + "\"abc_toolbar_collapse_description\" : \"కుదిస్తుంది\"", + "\"abc_toolbar_collapse_description\" : \"Daralt\"", + "\"abc_activitychooserview_choose_application\" : \"యాప్‌ను ఎంచుకోండి\"", + "\"abc_search_hint\" : \"શોધો…\"", + "\"abc_searchview_description_query\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‎‎‎‏‏‎‏‏‎‎‏‎‏‎‎‎‏‏‏‏‏‎‎‏‎‏‎‏‎‎‏‎‏‏‎‎‎‏‎‎‎‎‎‏‎‏‎‏‏‏‏‎‎‎‏‎‎‏‎‎‎‎Search query‎‏‎‎‏‎\"", + "\"abc_shareactionprovider_share_with_application\" : \"Ndaje me %s\"", + "\"search_menu_title\" : \"ຊອກຫາ\"", + "\"abc_prepend_shortcut_label\" : \"القائمة+\"", + "\"abc_searchview_description_search\" : \"Хайх\"", + "\"abc_activity_chooser_view_see_all\" : \"Tümünü göster\"", + "\"abc_shareactionprovider_share_with_application\" : \"Compartilhar com %s\"", + "\"abc_menu_shift_shortcut_label\" : \"Üst Karakter+\"", + "\"abc_action_mode_done\" : \"完成\"", + "\"abc_action_menu_overflow_description\" : \"နောက်ထပ် ရွေးစရာများ\"", + "\"abc_search_hint\" : \"Suchen…\"", + "\"abc_action_bar_up_description\" : \"Мурунку экранга өтүү\"", + "\"abc_menu_meta_shortcut_label\" : \"‎Meta+‎\"", + "\"txt_kala_uploaded\" : \"Your file has been uploaded.\"", + "\"abc_menu_space_shortcut_label\" : \"вселена\"", + "\"abc_search_hint\" : \"Tìm kiếm…\"", + "\"abc_searchview_description_query\" : \"सर्च क्वेरी\"", + "\"abc_searchview_description_clear\" : \"Lekérdezés törlése\"", + "\"abc_activitychooserview_choose_application\" : \"选择应用\"", + "\"abc_menu_delete_shortcut_label\" : \"ezabatu\"", + "\"abc_menu_space_shortcut_label\" : \"medzerník\"", + "\"abc_menu_enter_shortcut_label\" : \"ievadīšanas taustiņš\"", + "\"abc_searchview_description_query\" : \"ရှာဖွေရန် မေးခွန်း\"", + "\"abc_capital_off\" : \"ΑΠΕΝΕΡΓΟΠΟΙΗΣΗ\"", + "\"abc_capital_off\" : \"ВЫКЛ.\"", + "\"abc_toolbar_collapse_description\" : \"Σύμπτυξη\"", + "\"abc_searchview_description_voice\" : \"Glasovno iskanje\"", + "\"abc_search_hint\" : \"ရှာဖွေရန်…\"", + "\"abc_search_hint\" : \"Zoeken…\"", + "\"abc_action_bar_home_description\" : \"গৃহ পৃষ্ঠালৈ যাওক\"", + "\"abc_shareactionprovider_share_with\" : \"共有\"", + "\"abc_searchview_description_voice\" : \"音声検索\"", + "\"abc_activitychooserview_choose_application\" : \"Choose an app\"", + "\"abc_capital_off\" : \"DEZACTIVAT\"", + "\"abc_shareactionprovider_share_with\" : \"שיתוף עם\"", + "\"abc_searchview_description_search\" : \"Pretražite\"", + "\"abc_action_menu_overflow_description\" : \"Дадатковыя параметры\"", + "\"abc_searchview_description_submit\" : \"क्वेरी पेस गर्नुहोस्\"", + "\"abc_action_bar_home_description\" : \"होम पेज पर जाएं\"", + "\"abc_searchview_description_voice\" : \"음성 검색\"", + "\"abc_searchview_description_voice\" : \"Căutare vocală\"", + "\"abc_activitychooserview_choose_application\" : \"Bir uygulama seçin\"", + "\"abc_searchview_description_search\" : \"Leit\"", + "\"abc_shareactionprovider_share_with_application\" : \"Bendrinti naudojant programą „%s“\"", + "\"abc_activity_chooser_view_see_all\" : \"عرض الكل\"", + "\"abc_action_mode_done\" : \"완료\"", + "\"abc_searchview_description_voice\" : \"Recherche vocale\"", + "\"abc_activitychooserview_choose_application\" : \"Válasszon alkalmazást\"", + "\"abc_prepend_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‎‎‏‎‏‏‎‎‎‎‏‎‎‏‏‎‏‏‎‏‎‎‏‏‎‏‎‏‏‏‎‏‎‎‏‏‏‏‏‏‎‎‏‎‏‎‏‎‎‎‎‏‏‎‎‎‏‏‎‏‎Menu+‎‏‎‎‏‎\"", + "\"abc_searchview_description_query\" : \"Búsqueda\"", + "\"abc_menu_shift_shortcut_label\" : \"Umschalttaste +\"", + "\"abc_searchview_description_search\" : \"Maghanap\"", + "\"search_menu_title\" : \"Sök\"", + "\"abc_searchview_description_search\" : \"Rechercher\"", + "\"abc_search_hint\" : \"Введіть пошуковий запит…\"", + "\"abc_shareactionprovider_share_with_application\" : \"Comparteix amb %s\"", + "\"abc_prepend_shortcut_label\" : \"Imenyu+\"", + "\"search_menu_title\" : \"Pretraži\"", + "\"abc_action_bar_home_description\" : \"Անցնել գլխավոր էջ\"", + "\"abc_action_mode_done\" : \"Бүттү\"", + "\"abc_menu_enter_shortcut_label\" : \"sartu\"", + "\"abc_menu_enter_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‎‎‏‏‏‏‎‎‎‎‎‏‏‏‎‏‎‎‏‏‎‏‏‎‎‎‎‎‎‎‏‏‏‏‏‏‎‎‏‎‎‏‏‏‏‎‎‏‎‏‏‎‎‎‎‏‏‏‎‎‎enter‎‏‎‎‏‎\"", + "\"abc_activitychooserview_choose_application\" : \"選擇應用程式\"", + "\"abc_capital_on\" : \"ਚਾਲੂ\"", + "\"abc_searchview_description_query\" : \"Hoja ya utafutaji\"", + "\"abc_menu_delete_shortcut_label\" : \"odstrániť\"", + "\"abc_searchview_description_clear\" : \"I-clear ang query\"", + "\"abc_action_bar_home_description\" : \"Движи се кон дома\"", + "\"abc_action_bar_home_description\" : \"ഹോമിലേക്ക് പോവുക\"", + "\"abc_menu_function_shortcut_label\" : \"Funktsiooniklahv +\"", + "\"abc_capital_on\" : \"ચાલુ\"", + "\"abc_action_menu_overflow_description\" : \"ተጨማሪ አማራጮች\"", + "\"abc_menu_function_shortcut_label\" : \"Aðgerðarlykill+\"", + "\"abc_action_bar_up_description\" : \"மேலே செல்லும்\"", + "\"abc_searchview_description_voice\" : \"بحث صوتي\"", + "\"something_went_wrong\" : \"Something went wrong\"", + "\"abc_searchview_description_voice\" : \"Gesproken zoekopdracht\"", + "\"abc_menu_space_shortcut_label\" : \"svemir\"", + "\"abc_searchview_description_query\" : \"Поисковый запрос\"", + "\"txt_ok\" : \"Ok\"", + "\"abc_shareactionprovider_share_with_application\" : \"Megosztás a következő alkalmazással: %s\"", + "\"abc_searchview_description_clear\" : \"Sorguyu temizle\"", + "\"abc_menu_delete_shortcut_label\" : \"dzēšanas taustiņš\"", + "\"abc_action_menu_overflow_description\" : \"Více možností\"", + "\"abc_action_mode_done\" : \"කළා\"", + "\"abc_activitychooserview_choose_application\" : \"Izaberite aplikaciju\"", + "\"abc_search_hint\" : \"Vyhledat…\"", + "\"abc_menu_space_shortcut_label\" : \"hapësirë\"", + "\"search_menu_title\" : \"Qidiruv\"", + "\"abc_searchview_description_search\" : \"חיפוש\"", + "\"abc_action_menu_overflow_description\" : \"עוד אפשרויות\"", + "\"abc_searchview_description_clear\" : \"Tyhjennä kysely\"", + "\"abc_action_bar_up_description\" : \"Revenir en arrière\"", + "\"abc_action_bar_home_description\" : \"Нүүр хуудас уруу шилжих\"", + "\"abc_shareactionprovider_share_with_application\" : \"Partager avec %s\"", + "\"abc_capital_off\" : \"JOAKTIV\"", + "\"abc_toolbar_collapse_description\" : \"Replega\"", + "\"abc_menu_enter_shortcut_label\" : \"Intro\"", + "\"abc_capital_on\" : \"ഓൺ\"", + "\"abc_shareactionprovider_share_with\" : \"Կիսվել…\"", + "\"abc_shareactionprovider_share_with_application\" : \"Condividi tramite %s\"", + "\"abc_action_bar_home_description\" : \"Navega a la pàgina d'inici\"", + "\"abc_menu_shift_shortcut_label\" : \"Maius +\"", + "\"abc_action_bar_up_description\" : \"वापस जाएं\"", + "\"abc_capital_on\" : \"सुरू\"", + "\"abc_capital_on\" : \"VULA\"", + "\"abc_searchview_description_clear\" : \"Išvalyti užklausą\"", + "\"abc_searchview_description_clear\" : \"Hapus kueri\"", + "\"abc_activity_chooser_view_see_all\" : \"Az összes megtekintése\"", + "\"abc_capital_off\" : \"TẮT\"", + "\"abc_capital_on\" : \"ZAP\"", + "\"abc_searchview_description_search\" : \"खोज\"", + "\"abc_shareactionprovider_share_with\" : \"यांच्यासोबत शेअर करा\"", + "\"abc_searchview_description_submit\" : \"Submit query\"", + "\"abc_action_bar_up_description\" : \"Անցնել վերև\"", + "\"abc_menu_function_shortcut_label\" : \"Función +\"", + "\"abc_shareactionprovider_share_with_application\" : \"Yabelana ne-%s\"", + "\"abc_search_hint\" : \"ਖੋਜ…\"", + "\"abc_prepend_shortcut_label\" : \"منو+\"", + "\"abc_shareactionprovider_share_with\" : \"Дараахтай хуваалцах\"", + "\"abc_searchview_description_search\" : \"ძიება\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta + \"", + "\"abc_activitychooserview_choose_application\" : \"Chọn một ứng dụng\"", + "\"abc_search_hint\" : \"Axtarış...\"", + "\"abc_search_hint\" : \"Іздеу…\"", + "\"abc_shareactionprovider_share_with_application\" : \"Поділитися через додаток %s\"", + "\"abc_toolbar_collapse_description\" : \"ସଂକୁଚିତ କରନ୍ତୁ\"", + "\"abc_searchview_description_voice\" : \"Pesquisa por voz\"", + "\"abc_searchview_description_voice\" : \"व्हॉइस शोध\"", + "\"abc_action_bar_up_description\" : \"Ngjitu lart\"", + "\"abc_toolbar_collapse_description\" : \"收合\"", + "\"abc_search_hint\" : \"搜尋…\"", + "\"abc_searchview_description_query\" : \"Որոնման հարցում\"", + "\"abc_menu_space_shortcut_label\" : \"spatie\"", + "\"abc_searchview_description_query\" : \"Suchanfrage\"", + "\"abc_searchview_description_submit\" : \"විමසුම යොමු කරන්න\"", + "\"abc_searchview_description_voice\" : \"Sprachsuche\"", + "\"abc_toolbar_collapse_description\" : \"收起\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s සමඟ බෙදා ගන්න\"", + "\"abc_search_hint\" : \"تلاش کریں…\"", + "\"abc_searchview_description_submit\" : \"Lähetä kysely\"", + "\"abc_capital_on\" : \"ක්‍රියාත්මකයි\"", + "\"abc_searchview_description_query\" : \"Претражите упит\"", + "\"abc_searchview_description_voice\" : \"Голосовой поиск\"", + "\"abc_action_mode_done\" : \"סיום\"", + "\"abc_searchview_description_search\" : \"সার্চ করুন\"", + "\"abc_capital_off\" : \"POIS PÄÄLTÄ\"", + "\"abc_activitychooserview_choose_application\" : \"Изаберите апликацију\"", + "\"abc_action_menu_overflow_description\" : \"Więcej opcji\"", + "\"abc_menu_alt_shortcut_label\" : \"Alternēšanas taustiņš +\"", + "\"abc_action_bar_up_description\" : \"Prejsť nahor\"", + "\"abc_search_hint\" : \"Cari…\"", + "\"abc_action_bar_home_description\" : \"瀏覽首頁\"", + "\"abc_action_mode_done\" : \"Gata\"", + "\"abc_searchview_description_search\" : \"Pretraži\"", + "\"abc_searchview_description_query\" : \"Otsingupäring\"", + "\"abc_menu_function_shortcut_label\" : \"Funktion + \"", + "\"abc_searchview_description_search\" : \"ရှာရန်\"", + "\"search_menu_title\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‎‏‎‏‎‎‎‎‎‎‏‏‏‎‏‏‎‎‏‏‏‎‎‏‎‎‎‏‏‎‎‏‎‏‎‎‎‏‎‎‏‎‏‎‏‏‏‏‎‎‎‎‎‎‎‎‎‎‏‏‎‎Search‎‏‎‎‏‎\"", + "\"abc_menu_space_shortcut_label\" : \"空格鍵\"", + "\"abc_action_menu_overflow_description\" : \"ಇನ್ನಷ್ಟು ಆಯ್ಕೆಗಳು\"", + "\"abc_capital_off\" : \"बंद\"", + "\"abc_capital_on\" : \"ஆன்\"", + "\"abc_prepend_shortcut_label\" : \"Menú+\"", + "\"abc_searchview_description_voice\" : \"ค้นหาด้วยเสียง\"", + "\"abc_menu_space_shortcut_label\" : \"espazo\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl +\"", + "\"abc_activitychooserview_choose_application\" : \"ایک ایپ منتخب کریں\"", + "\"abc_shareactionprovider_share_with_application\" : \"Zdieľať s aplikáciou %s\"", + "\"abc_searchview_description_search\" : \"Поиск\"", + "\"abc_menu_delete_shortcut_label\" : \"slett\"", + "\"abc_searchview_description_clear\" : \"Garbitu kontsulta\"", + "\"search_menu_title\" : \"Zoeken\"", + "\"abc_searchview_description_voice\" : \"Гласовна претрага\"", + "\"abc_searchview_description_clear\" : \"Vymazať dopyt\"", + "\"abc_activity_chooser_view_see_all\" : \"എല്ലാം കാണുക\"", + "\"abc_capital_off\" : \"NON\"", + "\"abc_shareactionprovider_share_with_application\" : \"Κοινοποίηση στην εφαρμογή %s\"", + "\"abc_action_bar_up_description\" : \"Mag-navigate pataas\"", + "\"abc_menu_space_shortcut_label\" : \"Пробел\"", + "\"abc_capital_on\" : \"ACTIVAR\"", + "\"abc_searchview_description_voice\" : \"Häälotsing\"", + "\"abc_activitychooserview_choose_application\" : \"انتخاب برنامه\"", + "\"abc_activitychooserview_choose_application\" : \"ជ្រើសរើស​កម្មវិធី​​\"", + "\"abc_searchview_description_submit\" : \"ક્વેરી સબમિટ કરો\"", + "\"abc_menu_space_shortcut_label\" : \"spasiebalk\"", + "\"abc_searchview_description_query\" : \"Пошукавы запыт\"", + "\"search_menu_title\" : \"Пошук\"", + "\"abc_search_hint\" : \"Ieškoti…\"", + "\"abc_action_bar_home_description\" : \"Nenda mwanzo\"", + "\"abc_activity_chooser_view_see_all\" : \"Εμφάνιση όλων\"", + "\"abc_search_hint\" : \"Search…\"", + "\"abc_toolbar_collapse_description\" : \"Goqa\"", + "\"abc_searchview_description_query\" : \"Consulta de búsqueda\"", + "\"abc_search_hint\" : \"Søg…\"", + "\"abc_activity_chooser_view_see_all\" : \"Показати всі\"", + "\"abc_searchview_description_submit\" : \"Pošiljanje poizvedbe\"", + "\"abc_search_hint\" : \"Pesquisar…\"", + "\"abc_searchview_description_query\" : \"მოთხოვნის ძიება\"", + "\"abc_action_mode_done\" : \"Feito\"", + "\"abc_prepend_shortcut_label\" : \"Menu+‎\"", + "\"txt_title\" : \"Title\"", + "\"abc_menu_space_shortcut_label\" : \"пробіл\"", + "\"abc_menu_space_shortcut_label\" : \"„space“\"", + "\"abc_action_bar_up_description\" : \"ඉහළට සංචාලනය කරන්න\"", + "\"abc_action_menu_overflow_description\" : \"Περισσότερες επιλογές\"", + "\"abc_capital_off\" : \"AV\"", + "\"abc_searchview_description_submit\" : \"ارسال پُرسمان\"", + "\"abc_capital_on\" : \"ВКЛ.\"", + "\"abc_action_bar_home_description\" : \"Idi na početnu\"", + "\"abc_action_menu_overflow_description\" : \"ଅଧିକ ବିକଳ୍ପ\"", + "\"abc_action_menu_overflow_description\" : \"Chaguo zaidi\"", + "\"abc_activitychooserview_choose_application\" : \"अ‍ॅप निवडा\"", + "\"search_menu_title\" : \"Bilatu\"", + "\"msg_no_internet\" : \"No Internet\"", + "\"mtrl_picker_invalid_format\" : \"Invalid format.\"", + "\"abc_searchview_description_clear\" : \"Очистити запит\"", + "\"search_menu_title\" : \"Suche\"", + "\"abc_search_hint\" : \"Telusuri...\"", + "\"abc_searchview_description_search\" : \"ຊອກຫາ\"", + "\"search_menu_title\" : \"Otsing\"", + "\"abc_searchview_description_clear\" : \"Сурамды өчүрүү\"", + "\"abc_searchview_description_query\" : \"Vyhľadávací dopyt\"", + "\"abc_capital_on\" : \"ΕΝΕΡΓΟΠΟΙΗΣΗ\"", + "\"abc_menu_enter_shortcut_label\" : \"intro\"", + "\"abc_action_menu_overflow_description\" : \"Mais opções\"", + "\"abc_searchview_description_voice\" : \"Kutafuta kwa kutamka\"", + "\"search_menu_title\" : \"ਖੋਜ\"", + "\"mtrl_picker_confirm\" : \"\"", + "\"abc_action_bar_home_description\" : \"Gaan na tuisskerm\"", + "\"mtrl_picker_toggle_to_text_input_mode\" : \"Switch to text input mode\"", + "\"abc_activitychooserview_choose_application\" : \"აირჩიეთ აპი\"", + "\"abc_searchview_description_query\" : \"คำค้นหา\"", + "\"abc_menu_space_shortcut_label\" : \"zuriunea\"", + "\"abc_action_bar_home_description\" : \"ホームに戻る\"", + "\"abc_toolbar_collapse_description\" : \"បង្រួម\"", + "\"abc_searchview_description_voice\" : \"Səsli axtarış\"", + "\"abc_searchview_description_query\" : \"Kërko pyetjen\"", + "\"abc_menu_shift_shortcut_label\" : \"Shift +\"", + "\"abc_action_mode_done\" : \"થઈ ગયું\"", + "\"abc_action_bar_up_description\" : \"वर नेव्‍हिगेट करा\"", + "\"abc_capital_off\" : \"निष्क्रिय\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym +\"", + "\"abc_searchview_description_search\" : \"தேடும்\"", + "\"abc_action_menu_overflow_description\" : \"Més opcions\"", + "\"abc_searchview_description_voice\" : \"Ovozli qidiruv\"", + "\"search_menu_title\" : \"Search\"", + "\"abc_menu_meta_shortcut_label\" : \"META +\"", + "\"abc_searchview_description_search\" : \"Căutați\"", + "\"abc_searchview_description_voice\" : \"语音搜索\"", + "\"status_bar_notification_info_overflow\" : \"999+\"", + "\"abc_searchview_description_submit\" : \"Isumite ang query\"", + "\"abc_searchview_description_query\" : \"Iskalna poizvedba\"", + "\"abc_searchview_description_clear\" : \"Обришите упит\"", + "\"abc_toolbar_collapse_description\" : \"Skupi\"", + "\"abc_toolbar_collapse_description\" : \"Strnitev\"", + "\"abc_action_menu_overflow_description\" : \"更多选项\"", + "\"abc_action_menu_overflow_description\" : \"थप विकल्पहरू\"", + "\"abc_action_bar_up_description\" : \"മുകളിലേക്ക് പോവുക\"", + "\"abc_menu_delete_shortcut_label\" : \"silin\"", + "\"abc_shareactionprovider_share_with\" : \"ഇനിപ്പറയുന്നതുമായി പങ്കിടുക\"", + "\"abc_searchview_description_submit\" : \"କ୍ୱେରୀ ଦାଖଲ କରନ୍ତୁ\"", + "\"abc_action_bar_home_description\" : \"Vratite se na početnu stranicu\"", + "\"mtrl_picker_a11y_next_month\" : \"Change to next month\"", + "\"search_menu_title\" : \"Kërko\"", + "\"abc_menu_enter_shortcut_label\" : \"Enter 键\"", + "\"abc_searchview_description_clear\" : \"Ryd forespørgsel\"", + "\"abc_action_mode_done\" : \"Готово\"", + "\"abc_searchview_description_query\" : \"Zapytanie\"", + "\"abc_menu_delete_shortcut_label\" : \"borrar\"", + "\"abc_shareactionprovider_share_with\" : \"Partilhar com\"", + "\"abc_toolbar_collapse_description\" : \"Contrae\"", + "\"abc_shareactionprovider_share_with\" : \"Şununla paylaş:\"", + "\"abc_activitychooserview_choose_application\" : \"Zgjidh një aplikacion\"", + "\"abc_searchview_description_submit\" : \"Anfrage senden\"", + "\"abc_searchview_description_clear\" : \"מחיקת השאילתה\"", + "\"abc_searchview_description_clear\" : \"ചോദ്യം മായ്‌ക്കുക\"", + "\"abc_action_bar_home_description\" : \"ניווט לדף הבית\"", + "\"abc_capital_off\" : \"YOQILMAGAN\"", + "\"abc_search_hint\" : \"Kërko…\"", + "\"abc_activitychooserview_choose_application\" : \"Aukeratu aplikazio bat\"", + "\"abc_activitychooserview_choose_application\" : \"Изберете приложение\"", + "\"abc_toolbar_collapse_description\" : \"Згарнуць\"", + "\"error_icon_content_description\" : \"Error\"", + "\"abc_toolbar_collapse_description\" : \"ಕುಗ್ಗಿಸಿ\"", + "\"abc_searchview_description_submit\" : \"Invia query\"", + "\"abc_menu_space_shortcut_label\" : \"Espacio\"", + "\"abc_menu_space_shortcut_label\" : \"mellomrom\"", + "\"abc_searchview_description_submit\" : \"Dien navraag in\"", + "\"abc_action_bar_home_description\" : \"Revenir à l'accueil\"", + "\"abc_activitychooserview_choose_application\" : \"Izbira aplikacije\"", + "\"abc_search_hint\" : \"সার্চ করুন…\"", + "\"abc_menu_delete_shortcut_label\" : \"Delete\"", + "\"abc_prepend_shortcut_label\" : \"Meni +\"", + "\"abc_action_mode_done\" : \"Hazırdır\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ilə paylaşın\"", + "\"abc_menu_space_shortcut_label\" : \"స్పేస్\"", + "\"abc_menu_enter_shortcut_label\" : \"daxil olun\"", + "\"abc_action_bar_home_description\" : \"ກັບໄປໜ້າຫຼັກ\"", + "\"abc_searchview_description_query\" : \"ស្វែងរកសំណួរ​\"", + "\"abc_menu_meta_shortcut_label\" : \"മെറ്റ+\"", + "\"abc_shareactionprovider_share_with\" : \"Абагуліць праз\"", + "\"abc_searchview_description_clear\" : \"क्‍वेरी हटाएं\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+‎\"", + "\"abc_menu_ctrl_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‎‎‏‎‎‏‏‎‎‎‏‎‏‎‏‏‏‏‏‏‎‏‎‎‎‏‎‎‏‎‏‏‎‎‎‎‎‏‏‏‏‏‏‏‏‏‎‏‎‎‏‏‏‎‎‏‎‎‎‎‎Ctrl+‎‏‎‎‏‎\"", + "\"abc_shareactionprovider_share_with\" : \"Kongsi dengan\"", + "\"abc_action_menu_overflow_description\" : \"Flere alternativer\"", + "\"abc_searchview_description_clear\" : \"সন্ধান কৰা প্ৰশ্ন মচক\"", + "\"bottom_sheet_behavior\" : \"com.google.android.material.bottomsheet.BottomSheetBehavior\"", + "\"path_password_eye\" : \"M12,4.5C7,4.5 2.73,7.61 1,12c1.73,4.39 6,7.5 11,7.5s9.27,-3.11 11,-7.5c-1.73,-4.39 -6,-7.5 -11,-7.5zM12,17c-2.76,0 -5,-2.24 -5,-5s2.24,-5 5,-5 5,2.24 5,5 -2.24,5 -5,5zM12,9c-1.66,0 -3,1.34 -3,3s1.34,3 3,3 3,-1.34 3,-3 -1.34,-3 -3,-3z\"", + "\"abc_action_menu_overflow_description\" : \"Digər seçimlər\"", + "\"abc_action_bar_up_description\" : \"ওপৰলৈ যাওক\"", + "\"abc_shareactionprovider_share_with\" : \"แชร์กับ\"", + "\"abc_shareactionprovider_share_with_application\" : \"Partekatu %s aplikazioarekin\"", + "\"abc_action_bar_up_description\" : \"Yuxarı keçin\"", + "\"abc_shareactionprovider_share_with\" : \"Dela med\"", + "\"abc_menu_delete_shortcut_label\" : \"Löschen\"", + "\"abc_menu_space_shortcut_label\" : \"Szóköz\"", + "\"abc_searchview_description_voice\" : \"Raddleit\"", + "\"abc_menu_shift_shortcut_label\" : \"Maj+\"", + "\"abc_menu_space_shortcut_label\" : \"preslednica\"", + "\"abc_shareactionprovider_share_with_application\" : \"ແບ່ງປັນດ້ວຍ %s\"", + "\"abc_shareactionprovider_share_with\" : \"Comparte contido con\"", + "\"abc_action_bar_home_description\" : \"Πλοήγηση στην αρχική σελίδα\"", + "\"abc_action_bar_home_description\" : \"Перейти на главный экран\"", + "\"abc_capital_on\" : \"ZAP.\"", + "\"abc_action_mode_done\" : \"រួចរាល់\"", + "\"abc_menu_function_shortcut_label\" : \"Fn +\"", + "\"abc_action_menu_overflow_description\" : \"更多選項\"", + "\"abc_searchview_description_submit\" : \"Wyślij zapytanie\"", + "\"abc_action_mode_done\" : \"పూర్తయింది\"", + "\"abc_search_hint\" : \"Soek …\"", + "\"abc_searchview_description_query\" : \"Paieškos užklausa\"", + "\"abc_shareactionprovider_share_with_application\" : \"Сподели со %s\"", + "\"abc_shareactionprovider_share_with\" : \"ចែករំលែក​ជា​មួយ\"", + "\"abc_capital_off\" : \"બંધ\"", + "\"abc_searchview_description_voice\" : \"Talesøgning\"", + "\"abc_toolbar_collapse_description\" : \"Tiivistä\"", + "\"abc_activity_chooser_view_see_all\" : \"Se alle\"", + "\"abc_searchview_description_query\" : \"ସର୍ଚ୍ଚ କ୍ୱେରୀ\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym-Taste +\"", + "\"abc_activitychooserview_choose_application\" : \"Аппыг сонгох\"", + "\"abc_capital_on\" : \"사용\"", + "\"abc_capital_on\" : \"開啟\"", + "\"abc_capital_on\" : \"ON\"", + "\"abc_activity_chooser_view_see_all\" : \"Ver todo\"", + "\"abc_search_hint\" : \"खोजें…\"", + "\"abc_searchview_description_search\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‎‎‏‎‏‎‏‏‎‎‏‎‏‏‏‎‏‎‎‏‎‏‎‎‏‎‎‎‏‏‎‏‎‏‎‏‎‏‎‎‎‏‎‏‎‎‎‎‎‎‏‎‏‏‎‎‎‏‎‏‎Search‎‏‎‎‏‎\"", + "\"abc_search_hint\" : \"Søk\"", + "\"abc_searchview_description_clear\" : \"ລຶບຂໍ້ຄວາມຊອກຫາ\"", + "\"abc_searchview_description_search\" : \"Ieškoti\"", + "\"abc_searchview_description_clear\" : \"Выдаліць запыт\"", + "\"abc_action_mode_done\" : \"Kész\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl மற்றும்\"", + "\"abc_menu_function_shortcut_label\" : \"‎Function+‎\"", + "\"abc_searchview_description_voice\" : \"Үн менен издөө\"", + "\"abc_action_bar_home_description\" : \"হোমে নেভিগেট করুন\"", + "\"abc_shareactionprovider_share_with\" : \"ইয়াৰ জৰিয়তে শ্বেয়াৰ কৰক\"", + "\"abc_action_bar_up_description\" : \"Pomik navzgor\"", + "\"abc_menu_shift_shortcut_label\" : \"Pārslēgšanas taustiņš +\"", + "\"abc_activitychooserview_choose_application\" : \"Pilih aplikasi\"", + "\"abc_searchview_description_submit\" : \"Sorguyu gönder\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl+\"", + "\"abc_menu_function_shortcut_label\" : \"Funtzioa +\"", + "\"abc_searchview_description_submit\" : \"Wasilisha hoja\"", + "\"abc_searchview_description_search\" : \"શોધો\"", + "\"abc_searchview_description_submit\" : \"Адправіць запыт\"", + "\"abc_searchview_description_search\" : \"Cari\"", + "\"mtrl_picker_text_input_date_hint\" : \"Date\"", + "\"abc_action_bar_home_description\" : \"Boshiga o‘tish\"", + "\"abc_searchview_description_submit\" : \"ដាក់បញ្ជូន​សំណួរ\"", + "\"abc_searchview_description_search\" : \"ਖੋਜ\"", + "\"abc_action_bar_up_description\" : \"Naršyti aukštyn\"", + "\"abc_search_hint\" : \"Издөө…\"", + "\"search_menu_title\" : \"Căutați\"", + "\"abc_toolbar_collapse_description\" : \"छोटा करें\"", + "\"abc_searchview_description_query\" : \"সার্চ কোয়েরি\"", + "\"abc_activitychooserview_choose_application\" : \"Wybierz aplikację\"", + "\"abc_action_menu_overflow_description\" : \"ຕົວເລືອກເພີ່ມເຕີມ\"", + "\"abc_searchview_description_search\" : \"खोजें\"", + "\"abc_capital_off\" : \"ISKLJUČENO\"", + "\"abc_searchview_description_submit\" : \"Асуулга илгээх\"", + "\"abc_action_mode_done\" : \"Xong\"", + "\"abc_shareactionprovider_share_with\" : \"සමග බෙදා ගන්න\"", + "\"abc_searchview_description_query\" : \"ചോദ്യം തിരയുക\"", + "\"abc_action_bar_up_description\" : \"ເລື່ອນຂຶ້ນເທິງ\"", + "\"abc_menu_delete_shortcut_label\" : \"මකන්න\"", + "\"abc_searchview_description_query\" : \"Query di ricerca\"", + "\"abc_activity_chooser_view_see_all\" : \"Бүгдийг харах\"", + "\"abc_activity_chooser_view_see_all\" : \"Žr. viską\"", + "\"abc_capital_on\" : \"BẬT\"", + "\"abc_menu_space_shortcut_label\" : \"boşluk\"", + "\"abc_prepend_shortcut_label\" : \"Poga Izvēlne +\"", + "\"abc_capital_on\" : \"ՄԻԱՑՆԵԼ\"", + "\"abc_menu_shift_shortcut_label\" : \"Шифт+\"", + "\"abc_toolbar_collapse_description\" : \"Свиване\"", + "\"abc_toolbar_collapse_description\" : \"Tolestu\"", + "\"abc_capital_off\" : \"إيقاف\"", + "\"abc_prepend_shortcut_label\" : \"Menyja+\"", + "\"abc_action_bar_up_description\" : \"Yukarı git\"", + "\"abc_activitychooserview_choose_application\" : \"Выберите приложение\"", + "\"abc_capital_off\" : \"خاموش\"", + "\"abc_capital_on\" : \"ఆన్\"", + "\"abc_action_bar_home_description\" : \"Fara heim\"", + "\"abc_menu_delete_shortcut_label\" : \"刪除\"", + "\"abc_action_bar_up_description\" : \"Navegar hacia arriba\"", + "\"abc_shareactionprovider_share_with\" : \"分享对象\"", + "\"abc_searchview_description_submit\" : \"Sorğunu göndərin\"", + "\"abc_action_bar_up_description\" : \"اوپر نیویگیٹ کریں\"", + "\"abc_searchview_description_voice\" : \"Ukusesha ngezwi\"", + "\"abc_activitychooserview_choose_application\" : \"Колдонмо тандоо\"", + "\"path_password_eye_mask_strike_through\" : \"M2,4.27 L19.73,22 L22.27,19.46 L4.54,1.73 L4.54,1 L23,1 L23,23 L1,23 L1,4.27 Z\"", + "\"abc_searchview_description_voice\" : \"Дуут хайлт\"", + "\"search_menu_title\" : \"खोज\"", + "\"abc_action_menu_overflow_description\" : \"കൂടുതൽ ഓപ്ഷനുകൾ\"", + "\"abc_activity_chooser_view_see_all\" : \"Mostra tutto\"", + "\"abc_action_mode_done\" : \"ہو گیا\"", + "\"abc_action_bar_home_description\" : \"முகப்பிற்குச் செல்லும்\"", + "\"abc_searchview_description_search\" : \"Suche\"", + "\"abc_action_bar_up_description\" : \"উপরে নেভিগেট করুন\"", + "\"abc_shareactionprovider_share_with\" : \"Делите помоћу\"", + "\"abc_searchview_description_submit\" : \"მოთხოვნის გადაგზავნა\"", + "\"search_menu_title\" : \"Hľadať\"", + "\"abc_capital_off\" : \"KI\"", + "\"abc_searchview_description_submit\" : \"Bidali kontsulta\"", + "\"abc_searchview_description_clear\" : \"Obriši upit\"", + "\"abc_search_hint\" : \"Leita…\"", + "\"abc_activity_chooser_view_see_all\" : \"Alle anzeigen\"", + "\"abc_search_hint\" : \"جستجو…‏\"", + "\"abc_menu_delete_shortcut_label\" : \"মুছুন\"", + "\"abc_action_mode_done\" : \"完了\"", + "\"abc_activity_chooser_view_see_all\" : \"Տեսնել բոլորը\"", + "\"search_menu_title\" : \"Haku\"", + "\"abc_action_bar_up_description\" : \"Di chuyển lên\"", + "\"txt_success\" : \"Success !\"", + "\"submit\" : \"Submit\"", + "\"abc_shareactionprovider_share_with\" : \"Κοινοποίηση σε\"", + "\"abc_searchview_description_clear\" : \"Borra a consulta\"", + "\"abc_shareactionprovider_share_with_application\" : \"Trimiteți folosind %s\"", + "\"abc_action_bar_up_description\" : \"前に戻る\"", + "\"abc_shareactionprovider_share_with\" : \"Sdílet s\"", + "\"abc_searchview_description_submit\" : \"ส่งคำค้นหา\"", + "\"abc_capital_on\" : \"ҚОСУ\"", + "\"abc_searchview_description_clear\" : \"استفسار صاف کریں\"", + "\"abc_searchview_description_submit\" : \"Envoyer la requête\"", + "\"mtrl_picker_text_input_day_abbr\" : \"d\"", + "\"abc_searchview_description_voice\" : \"ຊອກຫາດ້ວຍສຽງ\"", + "\"abc_menu_sym_shortcut_label\" : \"Sym+‎\"", + "\"abc_searchview_description_query\" : \"طلب بحث\"", + "\"abc_menu_space_shortcut_label\" : \"tühik\"", + "\"abc_action_bar_home_description\" : \"Portami a casa\"", + "\"abc_action_bar_up_description\" : \"Gå op\"", + "\"abc_activity_chooser_view_see_all\" : \"Баарын көрүү\"", + "\"abc_searchview_description_clear\" : \"Suchanfrage löschen\"", + "\"search_menu_title\" : \"Leit\"", + "\"abc_prepend_shortcut_label\" : \"മെനു+\"", + "\"search_menu_title\" : \"തിരയുക\"", + "\"abc_activitychooserview_choose_application\" : \"Vybrať aplikáciu\"", + "\"abc_menu_function_shortcut_label\" : \"FUNZIONE +\"", + "\"abc_capital_on\" : \"מופעל\"", + "\"search_menu_title\" : \"Soek\"", + "\"abc_activity_chooser_view_see_all\" : \"બધી જુઓ\"", + "\"abc_searchview_description_clear\" : \"Cancella query\"", + "\"abc_activitychooserview_choose_application\" : \"အက်ပ်တစ်ခုကို ရွေးရန်\"", + "\"mtrl_picker_cancel\" : \"\"", + "\"abc_menu_delete_shortcut_label\" : \"CANC\"", + "\"abc_searchview_description_query\" : \"Заявка за търсене\"", + "\"abc_menu_ctrl_shortcut_label\" : \"„Ctrl“ +\"", + "\"abc_action_bar_up_description\" : \"Sogeza juu\"", + "\"abc_menu_space_shortcut_label\" : \"Leertaste\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s қолданбасымен бөлісу\"", + "\"abc_action_bar_up_description\" : \"Navegar para cima\"", + "\"abc_shareactionprovider_share_with\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‎‏‏‏‏‎‏‏‏‏‎‎‏‏‏‏‏‏‎‏‏‏‏‎‏‎‎‎‏‎‏‎‏‏‏‎‎‏‏‎‎‎‎‎‏‎‏‎‏‎‏‏‎‏‎‏‏‎‏‎‎‎Share with‎‏‎‎‏‎\"", + "\"abc_menu_delete_shortcut_label\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‏‎‏‎‎‎‎‎‎‏‏‎‎‏‎‎‎‎‏‏‎‎‎‎‏‏‏‎‎‎‏‎‎‏‏‎‎‏‏‏‏‏‏‎‎‏‏‎‏‏‎‎‎‎‎‎‎‎‏‏‎‎delete‎‏‎‎‏‎\"", + "\"mtrl_picker_date_header_title\" : \"Select a Date\"", + "\"search_menu_title\" : \"शोध\"", + "\"mtrl_picker_text_input_date_range_end_hint\" : \"End date\"", + "\"abc_action_bar_home_description\" : \"Liigu avalehele\"", + "\"abc_action_mode_done\" : \"Klaar\"", + "\"abc_activitychooserview_choose_application\" : \"Veldu forrit\"", + "\"abc_menu_delete_shortcut_label\" : \"ਮਿਟਾਓ\"", + "\"abc_toolbar_collapse_description\" : \"سکیڑیں\"", + "\"abc_capital_off\" : \"ක්‍රියාවිරහිතයි\"", + "\"abc_activity_chooser_view_see_all\" : \"Buka konke\"", + "\"abc_searchview_description_voice\" : \"Ձայնային որոնում\"", + "\"abc_activity_chooser_view_see_all\" : \"ເບິ່ງທັງໝົດ\"", + "\"abc_searchview_description_query\" : \"Іздеу сұрауы\"", + "\"abc_shareactionprovider_share_with\" : \"Megosztás a következővel:\"", + "\"abc_searchview_description_submit\" : \"Thumela umbuzo\"", + "\"abc_prepend_shortcut_label\" : \"Цэс+\"", + "\"mtrl_picker_date_header_unselected\" : \"Selected date\"", + "\"abc_capital_on\" : \"IESLĒGT\"", + "\"abc_menu_sym_shortcut_label\" : \"Simbolu taustiņš +\"", + "\"abc_menu_function_shortcut_label\" : \"Funktionstaste +\"", + "\"abc_shareactionprovider_share_with\" : \"ແບ່ງປັນກັບ\"", + "\"abc_toolbar_collapse_description\" : \"সংকোচন কৰক\"", + "\"abc_action_mode_done\" : \"ਹੋ ਗਿਆ\"", + "\"abc_activity_chooser_view_see_all\" : \"සියල්ල බලන්න\"", + "\"abc_action_bar_home_description\" : \"التوجه إلى المنزل\"", + "\"abc_shareactionprovider_share_with\" : \"Bagikan dengan\"", + "\"abc_searchview_description_clear\" : \"Kosongkan pertanyaan\"", + "\"abc_menu_space_shortcut_label\" : \"ସ୍ପେସ୍‍\"", + "\"abc_action_bar_up_description\" : \"រំកិលឡើងលើ\"", + "\"abc_searchview_description_search\" : \"البحث\"", + "\"abc_activity_chooser_view_see_all\" : \"সকলো চাওক\"", + "\"abc_searchview_description_submit\" : \"Pateikti užklausą\"", + "\"abc_toolbar_collapse_description\" : \"Komprimera\"", + "\"abc_searchview_description_clear\" : \"Исчисти барање\"", + "\"abc_action_mode_done\" : \"U krye\"", + "\"abc_action_mode_done\" : \"Kwenziwe\"", + "\"abc_action_bar_home_description\" : \"Orientohu për në shtëpi\"", + "\"abc_searchview_description_voice\" : \"Cerca per veu\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ನೊಂದಿಗೆ ಹಂಚಿಕೊಳ್ಳಿ\"", + "\"clear_text_end_icon_content_description\" : \"Clear text\"", + "\"abc_capital_on\" : \"IMEWASHWA\"", + "\"abc_activitychooserview_choose_application\" : \"Valitse sovellus\"", + "\"abc_capital_off\" : \"KAPAT\"", + "\"abc_toolbar_collapse_description\" : \"I-collapse\"", + "\"abc_action_bar_home_description\" : \"Негізгі бетке өту\"", + "\"abc_search_hint\" : \"Pretražite...\"", + "\"abc_capital_on\" : \"УВІМК.\"", + "\"abc_capital_off\" : \"사용 중지\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s과(와) 공유\"", + "\"abc_shareactionprovider_share_with_application\" : \"Sdílet s aplikací %s\"", + "\"abc_searchview_description_voice\" : \"Carian suara\"", + "\"abc_activitychooserview_choose_application\" : \"Επιλέξτε μια εφαρμογή\"", + "\"abc_searchview_description_query\" : \"Изделген сурам\"", + "\"abc_activity_chooser_view_see_all\" : \"అన్నీ చూడండి\"", + "\"abc_searchview_description_search\" : \"ፍለጋ\"", + "\"abc_searchview_description_query\" : \"शोध क्वेरी\"", + "\"abc_searchview_description_clear\" : \"Sula inkinga\"", + "\"abc_searchview_description_query\" : \"Meklēšanas vaicājums\"", + "\"abc_searchview_description_query\" : \"Soektognavraag\"", + "\"abc_search_hint\" : \"Хайх…\"", + "\"abc_searchview_description_search\" : \"Издөө\"", + "\"abc_shareactionprovider_share_with_application\" : \"Jagamine rakendusega %s\"", + "\"abc_activitychooserview_choose_application\" : \"Escolher uma aplicação\"", + "\"abc_shareactionprovider_share_with\" : \"Jaa…\"", + "\"abc_menu_function_shortcut_label\" : \"Funksioni+\"", + "\"abc_capital_on\" : \"AN\"", + "\"search_menu_title\" : \"Søk\"", + "\"abc_toolbar_collapse_description\" : \"Sutraukti\"", + "\"abc_searchview_description_clear\" : \"Ջնջել հարցումը\"", + "\"abc_toolbar_collapse_description\" : \"Recolher\"", + "\"abc_action_mode_done\" : \"Valmis\"", + "\"abc_menu_delete_shortcut_label\" : \"ሰርዝ\"", + "\"abc_searchview_description_query\" : \"Upit za pretraživanje\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt+‎\"", + "\"abc_activity_chooser_view_see_all\" : \"ਸਭ ਦੇਖੋ\"", + "\"abc_searchview_description_search\" : \"Søk\"", + "\"abc_action_bar_home_description\" : \"پیمایش به صفحه اصلی\"", + "\"abc_capital_off\" : \"VALA\"", + "\"abc_capital_off\" : \"OFF\"", + "\"abc_activity_chooser_view_see_all\" : \"Xem tất cả\"", + "\"abc_searchview_description_voice\" : \"സംസാരത്തിലൂടെ തിരയുക\"", + "\"abc_action_bar_home_description\" : \"Vai ao inicio\"", + "\"status_bar_notification_info_overflow\" : \"९९९+\"", + "\"abc_capital_off\" : \"UIT\"", + "\"abc_action_bar_up_description\" : \"Перейти вгору\"", + "\"abc_searchview_description_voice\" : \"Wyszukiwanie głosowe\"", + "\"abc_capital_on\" : \"AÇ\"", + "\"photo\" : \"Photo\"", + "\"abc_menu_space_shortcut_label\" : \"空格键\"", + "\"abc_activitychooserview_choose_application\" : \"Pilih apl\"", + "\"abc_searchview_description_query\" : \"검색어\"", + "\"search_menu_title\" : \"搜尋\"", + "\"abc_action_bar_up_description\" : \"Перейти вверх\"", + "\"abc_toolbar_collapse_description\" : \"Runtuhkan\"", + "\"abc_capital_off\" : \"IZKLOP\"", + "\"abc_capital_on\" : \"AKTİV\"", + "\"abc_searchview_description_search\" : \"Іздеу\"", + "\"search_menu_title\" : \"Søg\"", + "\"abc_menu_delete_shortcut_label\" : \"delete\"", + "\"abc_action_bar_up_description\" : \"ઉપર નૅવિગેટ કરો\"", + "\"abc_shareactionprovider_share_with\" : \"Yabelana no\"", + "\"abc_menu_space_shortcut_label\" : \"ክፍተት\"", + "\"abc_activitychooserview_choose_application\" : \"Selecciona una aplicació\"", + "\"abc_action_mode_done\" : \"হয়ে গেছে\"", + "\"abc_searchview_description_submit\" : \"Dërgo pyetjen\"", + "\"search_menu_title\" : \"البحث\"", + "\"abc_shareactionprovider_share_with\" : \"Compartir con\"", + "\"abc_action_menu_overflow_description\" : \"Tùy chọn khác\"", + "\"abc_searchview_description_submit\" : \"Отправить запрос\"", + "\"search_menu_title\" : \"Sesha\"", + "\"mtrl_exceed_max_badge_number_suffix\" : \"%1$d%2$s\"", + "\"abc_menu_delete_shortcut_label\" : \"sil\"", + "\"hint_email\" : \"Email\"", + "\"abc_searchview_description_submit\" : \"Enviar consulta\"", + "\"abc_menu_space_shortcut_label\" : \"spacja\"", + "\"icon_content_description\" : \"Dialog Icon\"", + "\"abc_shareactionprovider_share_with_application\" : \"使用「%s」分享\"", + "\"abc_capital_on\" : \"ACTIVA\"", + "\"abc_toolbar_collapse_description\" : \"Жыйыштыруу\"", + "\"abc_action_bar_up_description\" : \"အပေါ်သို့ ရွှေ့ရန်\"", + "\"abc_action_mode_done\" : \"Terminé\"", + "\"abc_action_bar_home_description\" : \"Башкы бетке чабыттоо\"", + "\"abc_prepend_shortcut_label\" : \"Menu +\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt+\"", + "\"abc_searchview_description_query\" : \"खोज प्रश्न\"", + "\"abc_action_bar_up_description\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‎‏‏‎‎‎‎‏‏‏‏‏‏‏‎‏‏‏‏‏‎‏‎‎‏‏‎‏‎‎‎‎‎‏‏‏‎‏‎‎‎‎‎‏‏‎‏‏‎‎‏‎‏‎‏‏‏‏‏‎‎Navigate up‎‏‎‎‏‎\"", + "\"abc_searchview_description_query\" : \"Zoekopdracht\"", + "\"abc_prepend_shortcut_label\" : \"Meny+\"", + "\"abc_shareactionprovider_share_with_application\" : \"Mit %s teilen\"", + "\"abc_action_mode_done\" : \"Selesai\"", + "\"abc_searchview_description_search\" : \"搜索\"", + "\"abc_searchview_description_clear\" : \"ప్రశ్నను తీసివేస్తుంది\"", + "\"abc_action_menu_overflow_description\" : \"Ezinye izinketho\"", + "\"abc_menu_enter_shortcut_label\" : \"Ввод\"", + "\"status_bar_notification_info_overflow\" : \"၉၉၉+\"", + "\"abc_searchview_description_submit\" : \"ສົ່ງຂໍ້ມູນ\"", + "\"abc_shareactionprovider_share_with_application\" : \"Comparte contido coa aplicación %s\"", + "\"abc_searchview_description_query\" : \"Пребарај барање\"", + "\"abc_activity_chooser_view_see_all\" : \"Kuva kõik\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Vadīšanas taustiņš +\"", + "\"abc_activitychooserview_choose_application\" : \"ಆ್ಯಪ್‌ವೊಂದನ್ನು ಆಯ್ಕೆಮಾಡಿ\"", + "\"abc_action_menu_overflow_description\" : \"ตัวเลือกอื่น\"", + "\"video\" : \"Video\"", + "\"abc_toolbar_collapse_description\" : \"Скупи\"", + "\"mtrl_picker_save\" : \"Save\"", + "\"abc_action_mode_done\" : \"Hotovo\"", + "\"abc_searchview_description_submit\" : \"Gửi truy vấn\"", + "\"abc_activitychooserview_choose_application\" : \"Pasirinkite programą\"", + "\"abc_action_mode_done\" : \"Гатова\"", + "\"abc_activity_chooser_view_see_all\" : \"Zobrazit vše\"", + "\"abc_shareactionprovider_share_with_application\" : \"Deila með %s\"", + "\"abc_search_hint\" : \"Sök …\"", + "\"abc_action_bar_home_description\" : \"Pārvietoties uz sākuma ekrānu\"", + "\"abc_activitychooserview_choose_application\" : \"Velg en app\"", + "\"abc_search_hint\" : \"ძიება…\"", + "\"abc_menu_function_shortcut_label\" : \"Funksiya+\"", + "\"abc_action_bar_home_description\" : \"Навигиране към началния екран\"", + "\"abc_searchview_description_clear\" : \"Ștergeți interogarea\"", + "\"abc_action_bar_up_description\" : \"Desplazarse hacia arriba\"", + "\"abc_menu_sym_shortcut_label\" : \"„Sym“ +\"", + "\"abc_toolbar_collapse_description\" : \"כיווץ\"", + "\"abc_toolbar_collapse_description\" : \"Ծալել\"", + "\"abc_search_hint\" : \"Пребарување…\"", + "\"abc_shareactionprovider_share_with_application\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‎‏‏‎‏‏‏‎‎‏‏‎‎‏‎‎‏‎‏‎‏‎‏‎‏‏‎‎‎‎‎‎‎‎‏‎‏‎‏‎‏‎‏‎‎‏‎‏‏‏‏‏‎‏‎‏‎‎‏‏‏‎Share with ‎‏‎‎‏‏‎%s‎‏‎‎‏‏‏‎‎‏‎‎‏‎\"", + "\"abc_activity_chooser_view_see_all\" : \"전체 보기\"", + "\"abc_shareactionprovider_share_with\" : \"Сподели со\"", + "\"abc_menu_function_shortcut_label\" : \"Fn+\"", + "\"abc_activity_chooser_view_see_all\" : \"အားလုံး ကြည့်ရန်\"", + "\"abc_searchview_description_query\" : \"Busca a consulta\"", + "\"abc_activity_chooser_view_see_all\" : \"سبھی دیکھیں\"", + "\"abc_menu_alt_shortcut_label\" : \"Alt +\"", + "\"abc_searchview_description_voice\" : \"ხმოვანი ძიება\"", + "\"abc_action_menu_overflow_description\" : \"Більше опцій\"", + "\"abc_searchview_description_voice\" : \"جستجوی گفتاری\"", + "\"abc_action_bar_up_description\" : \"Przejdź wyżej\"", + "\"abc_searchview_description_voice\" : \"የድምጽ ፍለጋ\"", + "\"abc_search_hint\" : \"खोज्नुहोस्…\"", + "\"abc_toolbar_collapse_description\" : \"접기\"", + "\"abc_search_hint\" : \"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‎‏‎‏‏‎‎‏‏‎‎‎‎‎‏‎‎‎‏‎‏‎‎‎‎‎‏‏‏‏‏‎‎‏‎‏‏‏‏‎‎‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‏‏‏‏‎‎Search…‎‏‎‎‏‎\"", + "\"abc_searchview_description_search\" : \"Iskanje\"", + "\"abc_action_bar_home_description\" : \"Navigera hem\"", + "\"abc_searchview_description_query\" : \"Ερώτημα αναζήτησης\"", + "\"abc_shareactionprovider_share_with_application\" : \"Делите помоћу апликације %s\"", + "\"abc_shareactionprovider_share_with_application\" : \"Compartir con %s\"", + "\"abc_menu_ctrl_shortcut_label\" : \"Ctrl +\"", + "\"abc_searchview_description_clear\" : \"Асуулга арилгах\"", + "\"abc_action_bar_home_description\" : \"Find hjem\"", + "\"abc_action_bar_up_description\" : \"Дээш шилжих\"", + "\"abc_searchview_description_search\" : \"Пребарај\"", + "\"abc_menu_enter_shortcut_label\" : \"enter\"", + "\"search_menu_title\" : \"Szukaj\"", + "\"abc_activitychooserview_choose_application\" : \"アプリの選択\"", + "\"abc_action_mode_done\" : \"সম্পন্ন হ’ল\"", + "\"abc_action_bar_up_description\" : \"Idi gore\"", + "\"abc_searchview_description_submit\" : \"क्वेरी सबमिट करें\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s से शेयर करें\"", + "\"abc_searchview_description_voice\" : \"חיפוש קולי\"", + "\"abc_capital_off\" : \"VÄLJAS\"", + "\"abc_activity_chooser_view_see_all\" : \"Pokaži vse\"", + "\"abc_menu_function_shortcut_label\" : \"„Function“ +\"", + "\"abc_shareactionprovider_share_with\" : \"Deel met\"", + "\"abc_toolbar_collapse_description\" : \"Sbalit\"", + "\"abc_menu_ctrl_shortcut_label\" : \"CTRL +\"", + "\"abc_activity_chooser_view_see_all\" : \"அனைத்தையும் காட்டு\"", + "\"abc_capital_off\" : \"বন্ধ আছে\"", + "\"abc_action_bar_home_description\" : \"Перейти на головну\"", + "\"search_menu_title\" : \"সন্ধান\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s-ით გაზიარება\"", + "\"mtrl_picker_a11y_prev_month\" : \"Change to previous month\"", + "\"abc_menu_alt_shortcut_label\" : \"‎Alt+‎\"", + "\"abc_searchview_description_search\" : \"Αναζήτηση\"", + "\"abc_menu_enter_shortcut_label\" : \"ଏଣ୍ଟର୍\"", + "\"abc_shareactionprovider_share_with_application\" : \"%sની સાથે શેર કરો\"", + "\"abc_searchview_description_query\" : \"שאילתת חיפוש\"", + "\"abc_capital_off\" : \"AF\"", + "\"abc_searchview_description_query\" : \"Leitarfyrirspurn\"", + "\"abc_activity_chooser_view_see_all\" : \"すべて表示\"", + "\"abc_action_bar_home_description\" : \"Eve gidiş yolunu göster\"", + "\"abc_shareactionprovider_share_with\" : \"Bendrinti su\"", + "\"abc_action_bar_home_description\" : \"นำทางไปหน้าแรก\"", + "\"abc_capital_off\" : \"অফ\"", + "\"abc_activitychooserview_choose_application\" : \"Een app selecteren\"", + "\"abc_shareactionprovider_share_with_application\" : \"Chia sẻ với %s\"", + "\"abc_activity_chooser_view_see_all\" : \"सबै हेर्नुहोस्\"", + "\"abc_shareactionprovider_share_with_application\" : \"Абагуліць праз праграму \"%s\"\"", + "\"abc_searchview_description_submit\" : \"Envía a consulta\"", + "\"abc_searchview_description_voice\" : \"কণ্ঠধ্বনিৰ দ্বাৰা সন্ধান\"", + "\"abc_capital_off\" : \"DESAKTIBATU\"", + "\"mtrl_picker_invalid_format_example\" : \"Example: %1$s\"", + "\"abc_shareactionprovider_share_with\" : \"Chia sẻ với\"", + "\"abc_prepend_shortcut_label\" : \"Menütaste +\"", + "\"txt_logout\" : \"logout\"", + "\"abc_menu_space_shortcut_label\" : \"Probel\"", + "\"abc_search_hint\" : \"Rechercher…\"", + "\"abc_searchview_description_submit\" : \"提交查询\"", + "\"abc_activitychooserview_choose_application\" : \"Odabir aplikacije\"", + "\"abc_action_menu_overflow_description\" : \"خيارات أكثر\"", + "\"abc_shareactionprovider_share_with_application\" : \"%sৰ জৰিয়তে শ্বেয়াৰ কৰক\"", + "\"abc_action_bar_up_description\" : \"ወደ ላይ ያስሱ\"", + "\"abc_searchview_description_search\" : \"Meklēt\"", + "\"abc_action_mode_done\" : \"Klar\"", + "\"abc_capital_on\" : \"ଅନ୍\"", + "\"abc_action_bar_home_description\" : \"Navigeren naar startpositie\"", + "\"abc_action_menu_overflow_description\" : \"Fler alternativ\"", + "\"abc_activitychooserview_choose_application\" : \"Vælg en app\"", + "\"abc_capital_on\" : \"УКЉУЧЕНО\"", + "\"abc_shareactionprovider_share_with_application\" : \"%s ସହ ସେୟାର୍‍ କରନ୍ତୁ\"", + "\"abc_action_menu_overflow_description\" : \"आणखी पर्याय\"", + "\"abc_activitychooserview_choose_application\" : \"Қолданбаны таңдау\"", + "\"abc_searchview_description_voice\" : \"குரல் தேடல்\"", + "\"appbar_scrolling_view_behavior\" : \"com.google.android.material.appbar.AppBarLayout$ScrollingViewBehavior\"", + "\"mtrl_picker_range_header_only_end_selected\" : \"Start date – %1$s\"", + "\"abc_shareactionprovider_share_with\" : \"分享對象\"", + "\"abc_toolbar_collapse_description\" : \"Restrângeți\"", + "\"search_menu_title\" : \"검색\"", + "\"abc_action_mode_done\" : \"Ferdig\"", + "\"abc_searchview_description_clear\" : \"Esborra la consulta\"", + "\"abc_menu_space_shortcut_label\" : \"ຍະຫວ່າງ\"", + "\"abc_searchview_description_voice\" : \"အသံဖြင့် ရှာရန်\"", + "\"abc_capital_on\" : \"सक्रिय\"", + "\"abc_action_menu_overflow_description\" : \"Повеќе опции\"", + "\"abc_shareactionprovider_share_with\" : \"Shiriki na\"", + "\"abc_searchview_description_submit\" : \"Iesniegt vaicājumu\"", + "\"abc_shareactionprovider_share_with\" : \"ਇਸ ਨਾਲ ਸਾਂਝਾ ਕਰੋ\"", + "\"abc_menu_function_shortcut_label\" : \"Funksjon+\"", + "\"abc_search_hint\" : \"Busca…\"", + "\"abc_menu_meta_shortcut_label\" : \"Méta+\"", + "\"abc_capital_off\" : \"כבוי\"", + "\"abc_shareactionprovider_share_with_application\" : \"Споделяне със: %s\"", + "\"abc_action_bar_up_description\" : \"ಮೇಲಕ್ಕೆ ನ್ಯಾವಿಗೇಟ್ ಮಾಡಿ\"", + "\"abc_capital_off\" : \"DESACTIVAR\"", + "\"abc_searchview_description_clear\" : \"Pastro pyetjen\"", + "\"abc_menu_function_shortcut_label\" : \"Función+\"", + "\"abc_searchview_description_submit\" : \"Utfør søket\"", + "\"abc_search_hint\" : \"Пошук…\"", + "\"abc_searchview_description_voice\" : \"आवाजमा आधारित खोजी\"", + "\"abc_searchview_description_submit\" : \"ചോദ്യം സമർപ്പിക്കുക\"", + "\"search_menu_title\" : \"Cari\"", + "\"abc_capital_on\" : \"አብራ\"", + "\"abc_searchview_description_voice\" : \"Дауыспен іздеу\"", + "\"abc_capital_on\" : \"চালু করুন\"", + "\"abc_action_bar_home_description\" : \"Ugrás a főoldalra\"", + "\"abc_action_bar_up_description\" : \"转到上一层级\"", + "\"abc_toolbar_collapse_description\" : \"Собери\"", + "\"abc_shareactionprovider_share_with\" : \"Compartilhar com\"", + "\"abc_searchview_description_search\" : \"Пошук\"", + "\"abc_action_bar_up_description\" : \"Nach oben\"", + "\"abc_searchview_description_clear\" : \"ရှာဖွေမှုကို ဖယ်ရှားရန်\"", + "\"abc_shareactionprovider_share_with\" : \"Partekatu honekin\"", + "\"mtrl_picker_date_header_selected\" : \"%1$s\"", + "\"abc_searchview_description_voice\" : \"Hlasové vyhledávání\"", + "\"abc_shareactionprovider_share_with_application\" : \"與「%s」分享\"", + "\"abc_action_menu_overflow_description\" : \"மேலும் விருப்பங்கள்\"", + "\"abc_action_mode_done\" : \"OK\"", + "\"abc_menu_delete_shortcut_label\" : \"លុប\"", + "\"abc_searchview_description_submit\" : \"Indsend forespørgsel\"", + "\"search_menu_title\" : \"Tìm kiếm\"", + "\"abc_capital_on\" : \"روشن\"", + "\"abc_shareactionprovider_share_with\" : \"Partager avec\"", + "\"abc_searchview_description_submit\" : \"Odeslat dotaz\"", + "\"abc_toolbar_collapse_description\" : \"Collapse\"", + "\"abc_action_mode_done\" : \"ହୋଇଗଲା\"", + "\"abc_searchview_description_clear\" : \"Zoekopdracht wissen\"", + "\"abc_searchview_description_query\" : \"Axtarış sorğusu\"", + "\"abc_capital_on\" : \"AKTIBATU\"", + "\"abc_searchview_description_query\" : \"Qidiruv so‘rovi\"", + "\"abc_action_mode_done\" : \"Atlikta\"", + "\"abc_searchview_description_query\" : \"Hakukysely\"", + "\"abc_toolbar_collapse_description\" : \"সঙ্কুচিত করুন\"", + "\"abc_searchview_description_voice\" : \"Hangalapú keresés\"", + "\"abc_shareactionprovider_share_with_application\" : \"Կիսվել %s հավելվածի միջոցով\"", + "\"abc_menu_meta_shortcut_label\" : \"Meta மற்றும்\"", + "\"abc_activity_chooser_view_see_all\" : \"Alles weergeven\"", + "\"abc_prepend_shortcut_label\" : \"Меню +\"", + "\"abc_searchview_description_clear\" : \"Obrišite upit\"", + "\"abc_activitychooserview_choose_application\" : \"Khetha insiza\"", + "\"abc_activitychooserview_choose_application\" : \"কোনো এপ্ বাছনি কৰক\"", + "\"abc_searchview_description_search\" : \"Buscar\"", + "\"abc_searchview_description_query\" : \"Pertanyaan carian\"", + "\"abc_capital_off\" : \"AUS\"", + "\"abc_capital_on\" : \"УКЛ.\"", + "\"selection_media_type\" : \"Select media type.\"", + "\"abc_searchview_description_voice\" : \"వాయిస్ శోధన\"", + "\"abc_searchview_description_clear\" : \"សម្អាត​សំណួរ\"", + "\"mtrl_badge_numberless_content_description\" : \"New notification\"", + "\"abc_searchview_description_submit\" : \"검색어 보내기\"", + "\"abc_menu_space_shortcut_label\" : \"Espai\"", + "\"abc_activity_chooser_view_see_all\" : \"Hamısına baxın\"", + "\"abc_searchview_description_query\" : \"Telusuri kueri\"", + "\"abc_action_mode_done\" : \"Дайын\"", + "\"abc_action_bar_up_description\" : \"Πλοήγηση προς τα επάνω\"", + "\"abc_shareactionprovider_share_with_application\" : \"与%s分享\"", + "\"abc_capital_on\" : \"TIL\"", + "\"abc_searchview_description_voice\" : \"Tìm kiếm bằng giọng nói\"", + "\"abc_searchview_description_search\" : \"Søg\"", + "\"abc_searchview_description_clear\" : \"Borrar consulta\"", + "\"abc_shareactionprovider_share_with_application\" : \"مشاركة مع %s\"", + "\"abc_searchview_description_voice\" : \"ស្វែងរក​តាម​សំឡេង\"", + "\"abc_action_bar_up_description\" : \"Yopish\"", + "\"abc_activity_chooser_view_see_all\" : \"सभी देखें\"", + "\"abc_searchview_description_search\" : \"Որոնել\"", + "\"abc_toolbar_collapse_description\" : \"कोलॅप्स करा\"", + "\"abc_action_menu_overflow_description\" : \"Fleiri valkostir\"", + "\"abc_activity_chooser_view_see_all\" : \"Hammasi\"", + "\"search_menu_title\" : \"搜索\"", + "\"abc_activity_chooser_view_see_all\" : \"Angalia zote\"", + "\"abc_action_menu_overflow_description\" : \"Yana\"", + "\"abc_action_mode_done\" : \"ແລ້ວໆ\"", + "\"search_menu_title\" : \"Pretražite\"", + "\"str_publish\" : \"publish\"", + "\"abc_searchview_description_query\" : \"శోధన ప్రశ్న\"", + "\"abc_searchview_description_submit\" : \"Lekérdezés küldése\"", + "\"abc_action_menu_overflow_description\" : \"Lisäasetukset\"", + "\"abc_menu_space_shortcut_label\" : \"space\"", + "\"abc_search_hint\" : \"সন্ধান কৰক…\"", + "\"abc_capital_off\" : \"VYP\"", + "\"search_menu_title\" : \"தேடல்\"", + "\"abc_searchview_description_submit\" : \"Serah pertanyaan\"", + "\"abc_activitychooserview_choose_application\" : \"App auswählen\"", + "\"abc_menu_function_shortcut_label\" : \"Función +\"", + "\"abc_search_hint\" : \"搜索…\"", + "\"search_menu_title\" : \"Пребарај\"", + "\"abc_searchview_description_submit\" : \"Изпращане на заявката\"", + "\"abc_action_menu_overflow_description\" : \"Дагы параметрлер\"" + ], + "firebase_urls": [], + "files": [ + "res/layout/test_toolbar.xml", + "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_0.xml", + "res/drawable-xxhdpi-v4/abc_ic_star_half_black_16dp.png", + "kotlin/reflect/KClassesKt.kotlin_metadata", + "res/color/material_on_primary_disabled.xml", + "res/color-v23/abc_btn_colored_text_material.xml", + "res/drawable-xhdpi-v4/ic_minus.png", + "res/drawable/notification_bg_low.xml", + "res/drawable-xhdpi-v4/abc_ic_star_black_48dp.png", + "res/drawable-xhdpi-v4/ic_plus.png", + "res/layout/activity_about_us.xml", + "res/animator/mtrl_extended_fab_hide_motion_spec.xml", + "res/drawable/abc_list_selector_background_transition_holo_light.xml", + "res/drawable-xxxhdpi-v4/ic_logout.png", + "res/color/abc_primary_text_disable_only_material_dark.xml", + "res/mipmap-hdpi-v4/ic_launcher.png", + "res/drawable-ldpi-v4/ic_launcher_background.png", + "kotlin/coroutines/experimental/Continuation.kotlin_metadata", + "META-INF/androidx.customview_customview.version", + "res/drawable-xxhdpi-v4/abc_ic_star_black_16dp.png", + "res/layout/activity_chooser.xml", + "res/drawable-mdpi-v4/ic_launcher_foreground.png", + "res/layout-v17/design_text_input_start_icon.xml", + "res/drawable-v24/ic_launcher_foreground.xml", + "kotlin/jvm/JvmSynthetic.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", + "kotlin/UByteKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", + "res/drawable/abc_cab_background_top_material.xml", + "res/drawable-xxxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", + "kotlin/collections/IndexedValue.kotlin_metadata", + "res/color/abc_primary_text_material_light.xml", + "res/color/mtrl_bottom_nav_item_tint.xml", + "res/layout/mtrl_calendar_day.xml", + "res/color/abc_primary_text_disable_only_material_light.xml", + "res/anim/abc_popup_exit.xml", + "res/drawable-ldrtl-hdpi-v17/abc_spinner_mtrl_am_alpha.9.png", + "META-INF/androidx.legacy_legacy-support-core-ui.version", + "res/drawable-mdpi-v4/abc_ic_star_half_black_16dp.png", + "res/drawable-hdpi-v4/ic_supermarket.png", + "res/layout/upload_success_dialog.xml", + "META-INF/com.google.android.material_material.version", + "res/drawable-xxxhdpi-v4/design_ic_visibility.png", + "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", + "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", + "kotlin/UseExperimental.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", + "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", + "res/layout/mtrl_picker_text_input_date_range.xml", + "res/color/material_on_primary_emphasis_medium.xml", + "res/drawable-anydpi-v21/design_ic_visibility.xml", + "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_36dp.png", + "res/drawable-hdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", + "res/color/mtrl_outlined_icon_tint.xml", + "res/drawable/abc_ic_voice_search_api_material.xml", + "res/interpolator/btn_checkbox_checked_mtrl_animation_interpolator_1.xml", + "res/drawable/abc_ic_ab_back_material.xml", + "res/color/mtrl_tabs_legacy_text_color_selector.xml", + "kotlin/reflect/KMutableProperty2.kotlin_metadata", + "res/layout/design_layout_snackbar.xml", + "kotlin/ranges/UIntProgressionIterator.kotlin_metadata", + "res/drawable-hdpi-v4/abc_ic_star_black_36dp.png", + "res/layout/activity_login.xml", + "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_light.png", + "res/drawable-xhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", + "res/drawable-hdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", + "META-INF/kotlin-stdlib-coroutines.kotlin_module", + "res/anim/mtrl_bottom_sheet_slide_in.xml", + "res/layout/text_view_without_line_height.xml", + "res/drawable-mdpi-v4/ic_plus.png", + "kotlin/internal/OnlyInputTypes.kotlin_metadata", + "kotlin/jvm/JvmOverloads.kotlin_metadata", + "res/layout/design_bottom_sheet_dialog.xml", + "res/drawable-hdpi-v4/ic_logout.png", + "res/layout/activity_implicit_intent_for_non_exported.xml", + "kotlin/collections/State.kotlin_metadata", + "kotlin/jvm/JvmField.kotlin_metadata", + "kotlin/coroutines/Continuation.kotlin_metadata", + "kotlin/properties/ObservableProperty.kotlin_metadata", + "kotlin/text/MatchNamedGroupCollection.kotlin_metadata", + "kotlin/properties/Delegates.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", + "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_light.png", + "res/anim/abc_popup_enter.xml", + "res/color/abc_tint_switch_track.xml", + "kotlin/LazyKt.kotlin_metadata", + "kotlin/internal/HidesMembers.kotlin_metadata", + "res/mipmap-xhdpi-v4/ic_launcher.png", + "res/color/abc_hint_foreground_material_light.xml", + "kotlin/sequences/DropWhileSequence.kotlin_metadata", + "res/layout/design_navigation_item_header.xml", + "kotlin/contracts/InvocationKind.kotlin_metadata", + "res/mipmap-xxhdpi-v4/ic_launcher_round.png", + "META-INF/CERT.SF", + "kotlin/collections/ArrayDeque.kotlin_metadata", + "kotlin/text/StringBuilderKt.kotlin_metadata", + "kotlin/collections/LinkedHashMap.kotlin_metadata", + "res/color/material_on_surface_emphasis_high_type.xml", + "res/color/mtrl_filled_background_color.xml", + "kotlin/time/ExperimentalTime.kotlin_metadata", + "res/layout-v17/abc_dialog_title_material.xml", + "res/drawable/tooltip_frame_light.xml", + "res/drawable-xxhdpi-v4/ic_email_black_24dp.png", + "META-INF/androidx.slidingpanelayout_slidingpanelayout.version", + "META-INF/kotlin-stdlib.kotlin_module", + "kotlin/coroutines/RestrictsSuspension.kotlin_metadata", + "res/anim/mtrl_bottom_sheet_slide_out.xml", + "kotlin/ULongKt.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", + "res/layout/toolbar.xml", + "res/drawable-xxxhdpi-v4/ic_plus.png", + "res/layout-v17/mtrl_alert_select_dialog_singlechoice.xml", + "res/color/material_on_background_emphasis_high_type.xml", + "kotlin/collections/AbstractIterator.kotlin_metadata", + "kotlin/text/DelimitedRangesSequence.kotlin_metadata", + "META-INF/androidx.exifinterface_exifinterface.version", + "res/layout/mtrl_alert_select_dialog_singlechoice.xml", + "res/drawable-xhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", + "res/drawable-v21/abc_ratingbar_small_material.xml", + "res/layout-v17/mtrl_picker_header_fullscreen.xml", + "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", + "kotlin/UnsafeLazyImpl.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_list_focused_holo.9.png", + "res/drawable-mdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", + "kotlin/collections/SlidingWindowKt.kotlin_metadata", + "res/drawable-xhdpi-v4/design_ic_visibility_off.png", + "res/layout-v17/notification_template_media_custom.xml", + "res/layout-v21/toolbar.xml", + "res/color/mtrl_tabs_ripple_color.xml", + "res/layout/design_menu_item_action_area.xml", + "kotlin/collections/IndexingIterator.kotlin_metadata", + "res/anim/btn_radio_to_on_mtrl_ring_outer_path_animation.xml", + "res/drawable-anydpi-v21/ic_launcher_background.xml", + "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", + "res/interpolator/mtrl_fast_out_linear_in.xml", + "kotlin/coroutines/experimental/CoroutinesLibraryKt.kotlin_metadata", + "res/drawable-xxhdpi-v4/ic_logout.png", + "res/drawable-ldrtl-xxxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", + "res/drawable-xhdpi-v4/abc_ic_star_half_black_48dp.png", + "res/drawable-xxxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", + "kotlin/collections/EmptyList.kotlin_metadata", + "res/drawable-mdpi-v4/abc_popup_background_mtrl_mult.9.png", + "res/layout/abc_popup_menu_item_layout.xml", + "res/layout/design_bottom_navigation_item.xml", + "res/drawable-xxxhdpi-v4/ic_launcher_foreground.png", + "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", + "kotlin/BuilderInference.kotlin_metadata", + "res/layout/mtrl_picker_header_fullscreen.xml", + "res/drawable/abc_ic_clear_material.xml", + "res/drawable-xhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", + "kotlin/WasExperimental.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", + "kotlin/collections/EmptyIterator.kotlin_metadata", + "kotlin/collections/UShortIterator.kotlin_metadata", + "kotlin/collections/MapWithDefaultKt.kotlin_metadata", + "res/layout/abc_alert_dialog_material.xml", + "kotlin/sequences/SubSequence.kotlin_metadata", + "kotlin/text/Regex.kotlin_metadata", + "res/mipmap-mdpi-v4/ic_launcher_round.png", + "kotlin/collections/IndexingIterable.kotlin_metadata", + "res/color/material_on_background_disabled.xml", + "kotlin/time/MeasureTimeKt.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", + "kotlin/UShortArray.kotlin_metadata", + "res/drawable-v21/avd_show_password.xml", + "res/color/abc_tint_default.xml", + "res/animator/mtrl_fab_hide_motion_spec.xml", + "res/layout-land/mtrl_picker_header_dialog.xml", + "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", + "kotlin/ExperimentalUnsignedTypes.kotlin_metadata", + "res/animator-v21/design_appbar_state_list_animator.xml", + "res/drawable-mdpi-v4/ic_email_black_24dp.png", + "res/layout/mtrl_alert_select_dialog_item.xml", + "kotlin/KotlinVersion.kotlin_metadata", + "kotlin/UShort.kotlin_metadata", + "kotlin/experimental/ExperimentalTypeInference.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", + "res/anim/btn_radio_to_on_mtrl_ring_outer_animation.xml", + "res/font/roboto.ttf", + "res/drawable-mdpi-v4/abc_ic_star_black_16dp.png", + "kotlin/coroutines/experimental/CombinedContext.kotlin_metadata", + "res/layout-v17/select_dialog_multichoice_material.xml", + "res/drawable-xhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", + "res/layout/test_action_chip.xml", + "res/color/mtrl_btn_stroke_color_selector.xml", + "res/interpolator-v21/mtrl_fast_out_linear_in.xml", + "res/drawable-v24/$ic_launcher_foreground__0.xml", + "res/layout/mtrl_alert_dialog_title.xml", + "res/drawable-xxxhdpi-v4/design_ic_visibility_off.png", + "res/drawable-v21/notification_action_background.xml", + "kotlin/collections/ReversedListReadOnly.kotlin_metadata", + "kotlin/contracts/Returns.kotlin_metadata", + "res/anim/abc_slide_out_bottom.xml", + "res/drawable-xhdpi-v4/design_ic_visibility.png", + "META-INF/androidx.legacy_legacy-support-v4.version", + "res/drawable-xxxhdpi-v4/ic_minus.png", + "kotlin/SuccessOrFailureKt.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", + "res/drawable-xxhdpi-v4/ic_supermarket.png", + "res/layout/mtrl_picker_text_input_date.xml", + "res/color/abc_btn_colored_borderless_text_material.xml", + "kotlin/jvm/JvmName.kotlin_metadata", + "res/drawable-mdpi-v4/ic_minus.png", + "kotlin/contracts/ExperimentalContracts.kotlin_metadata", + "kotlin/coroutines/CombinedContext.kotlin_metadata", + "res/drawable/abc_item_background_holo_light.xml", + "META-INF/androidx.versionedparcelable_versionedparcelable.version", + "res/layout-v17/mtrl_picker_actions.xml", + "kotlin/sequences/Sequence.kotlin_metadata", + "res/color/mtrl_text_btn_text_color_selector.xml", + "res/drawable-v21/abc_dialog_material_background.xml", + "res/drawable-xxhdpi-v4/ic_minus.png", + "kotlin/collections/MutableMapWithDefaultImpl.kotlin_metadata", + "kotlin/collections/ArraysKt.kotlin_metadata", + "res/drawable-ldrtl-xhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", + "res/drawable-xxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", + "res/color/material_on_surface_emphasis_medium.xml", + "res/drawable-xhdpi-v4/abc_list_longpressed_holo.9.png", + "res/drawable/ic_keyboard_arrow_left_black_24dp.xml", + "res/layout-v17/notification_template_media.xml", + "res/layout/fragment_home.xml", + "kotlin/collections/EmptySet.kotlin_metadata", + "res/font/roboto_medium.ttf", + "kotlin/ClassCastException.kotlin_metadata", + "kotlin/UByteArray.kotlin_metadata", + "res/drawable/abc_text_cursor_material.xml", + "res/layout/test_toolbar_elevation.xml", + "res/drawable-mdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/drawable-xxxhdpi-v4/abc_ic_star_black_16dp.png", + "res/color/material_on_background_emphasis_medium.xml", + "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/layout-v17/mtrl_layout_snackbar_include.xml", + "kotlin/collections/AbstractList.kotlin_metadata", + "res/drawable/notification_tile_bg.xml", + "kotlin/sequences/DistinctSequence.kotlin_metadata", + "res/color/mtrl_chip_surface_color.xml", + "res/layout-v17/abc_alert_dialog_title_material.xml", + "res/layout/abc_list_menu_item_layout.xml", + "res/drawable-hdpi-v4/abc_list_pressed_holo_light.9.png", + "res/layout/text_view_with_line_height_from_layout.xml", + "res/drawable/abc_btn_colored_material.xml", + "res/drawable-mdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", + "res/drawable/abc_list_divider_material.xml", + "res/layout/abc_list_menu_item_radio.xml", + "kotlin/sequences/SequenceBuilderIterator.kotlin_metadata", + "kotlin/comparisons/ComparisonsKt.kotlin_metadata", + "res/drawable-mdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", + "res/color/mtrl_chip_text_color.xml", + "res/color/abc_hint_foreground_material_dark.xml", + "res/xml/standalone_badge_gravity_bottom_end.xml", + "kotlin/ranges/ULongProgressionIterator.kotlin_metadata", + "kotlin/ULongArrayKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_light.png", + "res/anim/btn_checkbox_to_unchecked_box_inner_merged_animation.xml", + "res/layout/abc_action_menu_layout.xml", + "res/drawable-hdpi-v4/ic_info.png", + "res/animator-v19/mtrl_card_state_list_anim.xml", + "kotlin/reflect/KMutableProperty.kotlin_metadata", + "res/layout/abc_list_menu_item_icon.xml", + "kotlin/internal/InlineOnly.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", + "res/layout/notification_action.xml", + "res/drawable-xxxhdpi-v4/ic_launcher_background.png", + "res/drawable-mdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", + "res/anim/btn_checkbox_to_unchecked_check_path_merged_animation.xml", + "kotlin/text/UStringsKt.kotlin_metadata", + "res/layout/app_loading_dialog.xml", + "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_light.png", + "res/drawable-mdpi-v4/ic_supermarket.png", + "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", + "kotlin/collections/AbstractMutableList.kotlin_metadata", + "res/drawable-v21/abc_list_divider_material.xml", + "kotlin/collections/Grouping.kotlin_metadata", + "res/animator/mtrl_extended_fab_change_size_motion_spec.xml", + "res/drawable-ldrtl-xxhdpi-v17/abc_spinner_mtrl_am_alpha.9.png", + "res/animator/mtrl_fab_show_motion_spec.xml", + "res/anim-v21/design_bottom_sheet_slide_in.xml", + "res/drawable-mdpi-v4/notify_panel_notification_icon_bg.png", + "res/drawable-xxhdpi-v4/design_ic_visibility.png", + "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/layout-v17/notification_action.xml", + "res/drawable-xhdpi-v4/abc_switch_track_mtrl_alpha.9.png", + "res/drawable/mtrl_ic_arrow_drop_down.xml", + "res/drawable-xxxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", + "kotlin/UIntKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", + "res/color/mtrl_card_view_ripple.xml", + "res/anim/abc_slide_in_bottom.xml", + "res/drawable-mdpi-v4/abc_textfield_default_mtrl_alpha.9.png", + "res/drawable/mtrl_popupmenu_background.xml", + "res/layout/notification_template_part_chronometer.xml", + "res/drawable-hdpi-v4/abc_ic_star_black_48dp.png", + "res/color/mtrl_tabs_icon_color_selector_colored.xml", + "res/drawable-mdpi-v4/notification_bg_normal_pressed.9.png", + "kotlin/sequences/FlatteningSequence.kotlin_metadata", + "kotlin/native/concurrent/SharedImmutable.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_list_pressed_holo_dark.9.png", + "res/drawable-xhdpi-v4/ic_logout.png", + "kotlin/coroutines/coroutines.kotlin_builtins", + "kotlin/comparisons/NaturalOrderComparator.kotlin_metadata", + "AndroidManifest.xml", + "res/drawable-xhdpi-v4/ic_launcher_background.png", + "META-INF/core-ktx_release.kotlin_module", + "res/layout-v17/abc_popup_menu_header_item_layout.xml", + "res/drawable/btn_radio_off_mtrl.xml", + "META-INF/androidx.lifecycle_lifecycle-runtime.version", + "res/drawable-xxhdpi-v4/abc_ic_star_black_36dp.png", + "res/layout/abc_search_dropdown_item_icons_2line.xml", + "kotlin/js/JsName.kotlin_metadata", + "res/layout-v26/mtrl_calendar_month.xml", + "res/drawable-xxxhdpi-v4/abc_ic_star_black_36dp.png", + "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", + "kotlin/IllegalArgumentException.kotlin_metadata", + "res/drawable-xhdpi-v4/notification_bg_low_normal.9.png", + "kotlin/internal/ContractsDsl.kotlin_metadata", + "kotlin/time/TestTimeSource.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", + "res/layout/custom_dialog.xml", + "kotlin/time/DurationUnitKt.kotlin_metadata", + "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", + "res/layout/notification_template_lines_media.xml", + "res/layout-sw600dp-v13/design_layout_snackbar.xml", + "res/drawable-hdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", + "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_000.png", + "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_light.png", + "res/drawable/notification_bg.xml", + "res/layout-v17/abc_tooltip.xml", + "kotlin/time/DurationUnit.kotlin_metadata", + "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_000.png", + "res/drawable-anydpi-v21/ic_plus.xml", + "res/animator/design_fab_hide_motion_spec.xml", + "kotlin/LazyThreadSafetyMode.kotlin_metadata", + "res/menu/main_menu.xml", + "res/drawable/abc_ic_arrow_drop_right_black_24dp.xml", + "kotlin/NoSuchElementException.kotlin_metadata", + "res/drawable/abc_list_selector_holo_light.xml", + "res/drawable-xhdpi-v4/abc_ic_star_black_36dp.png", + "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_015.png", + "META-INF/androidx.databinding_library.version", + "res/anim/mtrl_card_lowers_interpolator.xml", + "res/drawable-anydpi-v21/ic_shopping_cart.xml", + "res/color/mtrl_filled_stroke_color.xml", + "res/drawable-v21/$avd_hide_password__2.xml", + "kotlin/sequences/DropTakeSequence.kotlin_metadata", + "res/layout-v17/mtrl_alert_dialog_actions.xml", + "res/drawable-xhdpi-v4/abc_list_focused_holo.9.png", + "kotlin/ranges/ClosedFloatRange.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", + "res/interpolator/btn_radio_to_off_mtrl_animation_interpolator_0.xml", + "res/color/mtrl_choice_chip_text_color.xml", + "res/drawable/test_custom_background.xml", + "res/color/mtrl_btn_ripple_color.xml", + "kotlin/AssertionError.kotlin_metadata", + "kotlin/text/Typography.kotlin_metadata", + "res/layout/mtrl_calendar_vertical.xml", + "res/layout/select_dialog_multichoice_material.xml", + "res/drawable-mdpi-v4/abc_btn_radio_to_on_mtrl_000.png", + "res/drawable-xhdpi-v4/abc_popup_background_mtrl_mult.9.png", + "res/layout/abc_action_mode_bar.xml", + "res/layout/notification_media_action.xml", + "res/drawable-anydpi-v21/design_ic_visibility_off.xml", + "META-INF/androidx.appcompat_appcompat-resources.version", + "res/drawable-xxhdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", + "res/drawable-mdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", + "kotlin/jvm/Volatile.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_ic_star_half_black_16dp.png", + "kotlin/coroutines/experimental/SequenceBuilder.kotlin_metadata", + "res/color/abc_tint_seek_thumb.xml", + "res/drawable-xxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", + "kotlin/collections/AbstractMutableCollection.kotlin_metadata", + "kotlin/text/StringBuilder.kotlin_metadata", + "res/layout/abc_list_menu_item_checkbox.xml", + "res/color/abc_secondary_text_material_dark.xml", + "kotlin/text/CharKt.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", + "res/drawable-v21/$avd_hide_password__1.xml", + "kotlin/UnsupportedOperationException.kotlin_metadata", + "res/drawable-hdpi-v4/abc_btn_radio_to_on_mtrl_015.png", + "res/layout/abc_tooltip.xml", + "res/drawable-mdpi-v4/abc_ic_menu_share_mtrl_alpha.png", + "res/drawable-xxhdpi-v4/abc_popup_background_mtrl_mult.9.png", + "res/drawable-mdpi-v4/abc_list_divider_mtrl_alpha.9.png", + "res/mipmap-xxxhdpi-v4/ic_launcher.png", + "kotlin/coroutines/experimental/EmptyCoroutineContext.kotlin_metadata", + "res/layout/notification_template_media.xml", + "res/drawable-hdpi-v4/abc_ic_menu_share_mtrl_alpha.png", + "res/layout-watch-v20/abc_alert_dialog_title_material.xml", + "res/drawable-xxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", + "kotlin/text/MatchResult.kotlin_metadata", + "res/anim/abc_slide_in_top.xml", + "res/drawable-hdpi-v4/abc_list_divider_mtrl_alpha.9.png", + "res/color/mtrl_calendar_selected_range.xml", + "res/drawable/btn_bg_yellow.xml", + "kotlin/collections/AbstractMutableMap.kotlin_metadata", + "res/drawable/abc_btn_radio_material_anim.xml", + "META-INF/androidx.appcompat_appcompat.version", + "res/color/abc_primary_text_material_dark.xml", + "res/drawable-hdpi-v4/ic_plus.png", + "kotlin/collections/AbstractCollection.kotlin_metadata", + "kotlin/time/MonotonicTimeSource.kotlin_metadata", + "kotlin/jvm/Synchronized.kotlin_metadata", + "META-INF/MANIFEST.MF", + "kotlin/coroutines/experimental/intrinsics/IntrinsicsKt.kotlin_metadata", + "kotlin/time/Duration.kotlin_metadata", + "res/color/mtrl_navigation_item_background_color.xml", + "res/drawable-xxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", + "META-INF/app_debug.kotlin_module", + "res/layout-v16/notification_template_custom_big.xml", + "kotlin/sequences/TakeWhileSequence.kotlin_metadata", + "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", + "res/drawable/design_password_eye.xml", + "res/drawable-v21/abc_ratingbar_indicator_material.xml", + "res/drawable-mdpi-v4/abc_text_select_handle_middle_mtrl_dark.png", + "kotlin/contracts/ContractBuilderKt.kotlin_metadata", + "res/drawable/abc_textfield_search_material.xml", + "kotlin/kotlin.kotlin_builtins", + "res/drawable-v23/abc_control_background_material.xml", + "META-INF/androidx.lifecycle_lifecycle-livedata.version", + "res/drawable-v21/abc_btn_colored_material.xml", + "kotlin/random/URandomKt.kotlin_metadata", + "res/layout/mtrl_alert_dialog.xml", + "res/drawable-xxhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", + "res/drawable/design_bottom_navigation_item_background.xml", + "res/drawable-mdpi-v4/abc_list_longpressed_holo.9.png", + "res/layout-v17/notification_template_big_media.xml", + "res/drawable-xhdpi-v4/abc_ic_star_half_black_36dp.png", + "res/color-v23/abc_tint_default.xml", + "kotlin/Error.kotlin_metadata", + "res/drawable/btn_checkbox_checked_mtrl.xml", + "res/anim/btn_radio_to_off_mtrl_dot_group_animation.xml", + "kotlin/HashCodeKt.kotlin_metadata", + "res/animator/mtrl_btn_state_list_anim.xml", + "res/layout/abc_action_bar_up_container.xml", + "kotlin/sequences/TransformingSequence.kotlin_metadata", + "res/color-v21/abc_btn_colored_borderless_text_material.xml", + "res/drawable-hdpi-v4/ic_launcher_foreground.png", + "res/drawable-anydpi-v21/ic_logout.xml", + "res/layout/abc_cascading_menu_item_layout.xml", + "res/color/mtrl_chip_close_icon_tint.xml", + "kotlin/UByte.kotlin_metadata", + "res/layout/mtrl_alert_dialog_actions.xml", + "kotlin/reflect/KClass.kotlin_metadata", + "res/drawable-ldrtl-mdpi-v17/abc_spinner_mtrl_am_alpha.9.png", + "res/drawable-hdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/color/test_mtrl_calendar_day_selected.xml", + "res/drawable/abc_ic_search_api_material.xml", + "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", + "res/drawable-v21/avd_hide_password.xml", + "res/drawable/abc_ic_menu_overflow_material.xml", + "kotlin/sequences/DistinctIterator.kotlin_metadata", + "res/mipmap-anydpi-v26/ic_launcher.xml", + "res/mipmap-xhdpi-v4/ic_launcher_round.png", + "res/drawable/tooltip_frame_dark.xml", + "res/drawable-xxhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", + "res/drawable-xxhdpi-v4/abc_textfield_default_mtrl_alpha.9.png", + "res/drawable/mtrl_ic_cancel.xml", + "res/drawable-mdpi-v4/design_ic_visibility.png", + "res/drawable-hdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", + "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", + "kotlin/UByteArrayKt.kotlin_metadata", + "res/drawable/abc_edit_text_material.xml", + "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_015.png", + "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", + "res/color/test_mtrl_calendar_day.xml", + "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", + "META-INF/androidx.cursoradapter_cursoradapter.version", + "META-INF/androidx.media_media.version", + "res/interpolator/btn_radio_to_on_mtrl_animation_interpolator_0.xml", + "res/drawable-xhdpi-v4/abc_ic_star_black_16dp.png", + "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_light.9.png", + "res/drawable-v21/abc_ratingbar_material.xml", + "res/anim/abc_grow_fade_in_from_bottom.xml", + "res/drawable-hdpi-v4/design_ic_visibility_off.png", + "res/drawable-mdpi-v4/abc_list_pressed_holo_light.9.png", + "kotlin/contracts/ConditionalEffect.kotlin_metadata", + "META-INF/androidx.savedstate_savedstate.version", + "kotlin/coroutines/experimental/SafeContinuation.kotlin_metadata", + "res/color/switch_thumb_material_dark.xml", + "META-INF/androidx.fragment_fragment.version", + "res/layout-v21/notification_action.xml", + "res/color/mtrl_bottom_nav_colored_ripple_color.xml", + "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_000.png", + "kotlin/collections/ArrayDequeKt.kotlin_metadata", + "res/anim/abc_tooltip_enter.xml", + "res/layout/notification_template_media_custom.xml", + "res/drawable-mdpi-v4/abc_btn_check_to_on_mtrl_000.png", + "res/drawable-hdpi-v4/notify_panel_notification_icon_bg.png", + "kotlin/InitializedLazyImpl.kotlin_metadata", + "res/drawable-hdpi-v4/abc_ic_star_half_black_16dp.png", + "META-INF/androidx.vectordrawable_vectordrawable.version", + "kotlin/NotImplementedError.kotlin_metadata", + "kotlin/UIntArray.kotlin_metadata", + "res/layout/abc_action_mode_close_item_material.xml", + "res/drawable/design_snackbar_background.xml", + "res/drawable-mdpi-v4/abc_list_focused_holo.9.png", + "kotlin/reflect/KProperty2.kotlin_metadata", + "res/drawable-hdpi-v4/abc_text_select_handle_right_mtrl_dark.png", + "res/drawable-xhdpi-v4/notification_bg_normal_pressed.9.png", + "res/anim/btn_checkbox_to_unchecked_icon_null_animation.xml", + "res/drawable-ldpi-v4/ic_minus.png", + "META-INF/androidx.core_core.version", + "kotlin/collections/AbstractSet.kotlin_metadata", + "res/layout/abc_activity_chooser_view.xml", + "res/drawable-hdpi-v4/ic_minus.png", + "META-INF/androidx.vectordrawable_vectordrawable-animated.version", + "kotlin/collections/MovingSubList.kotlin_metadata", + "res/drawable-mdpi-v4/abc_ic_star_half_black_48dp.png", + "kotlin/internal/AccessibleLateinitPropertyLiteral.kotlin_metadata", + "res/animator/mtrl_fab_transformation_sheet_expand_spec.xml", + "kotlin/text/RegexOption.kotlin_metadata", + "res/color/mtrl_chip_background_color.xml", + "kotlin/SuspendKt.kotlin_metadata", + "kotlin/sequences/ConstrainedOnceSequence.kotlin_metadata", + "res/layout-v21/product_item.xml", + "res/drawable-mdpi-v4/abc_ic_star_black_48dp.png", + "res/drawable-hdpi-v4/design_ic_visibility.png", + "res/drawable-hdpi-v4/notification_bg_low_pressed.9.png", + "res/layout/design_navigation_item.xml", + "res/color/design_icon_tint.xml", + "classes.dex", + "kotlin/collections/MapWithDefault.kotlin_metadata", + "res/color/material_on_surface_disabled.xml", + "res/anim/design_snackbar_in.xml", + "kotlin/coroutines/intrinsics/CoroutinesIntrinsicsHKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_list_longpressed_holo.9.png", + "res/font/roboto_bold.ttf", + "META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version", + "kotlin/ResultKt.kotlin_metadata", + "kotlin/native/concurrent/ThreadLocal.kotlin_metadata", + "kotlin/reflect/reflect.kotlin_builtins", + "res/drawable-xhdpi-v4/notification_bg_low_pressed.9.png", + "res/layout-v17/select_dialog_singlechoice_material.xml", + "kotlin/sequences/FilteringSequence.kotlin_metadata", + "res/interpolator/mtrl_fast_out_slow_in.xml", + "res/drawable-xxxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", + "res/color/mtrl_btn_text_btn_bg_color_selector.xml", + "kotlin/text/RegexExtensionsKt.kotlin_metadata", + "res/drawable-xhdpi-v4/ic_info.png", + "res/color/mtrl_btn_bg_color_selector.xml", + "res/layout-v21/test_toolbar_elevation.xml", + "res/drawable-xxhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", + "res/drawable-xxxhdpi-v4/ic_info.png", + "res/anim/btn_radio_to_off_mtrl_ring_outer_animation.xml", + "res/drawable-hdpi-v4/abc_ic_star_half_black_48dp.png", + "kotlin/PreconditionsKt.kotlin_metadata", + "res/layout/abc_alert_dialog_button_bar_material.xml", + "res/drawable-mdpi-v4/ic_logout.png", + "res/drawable-hdpi-v4/ic_launcher_background.png", + "res/drawable-mdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", + "kotlin/KotlinHKt.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", + "resources.arsc", + "res/drawable-xhdpi-v4/abc_list_selector_disabled_holo_light.9.png", + "kotlin/collections/ULongIterator.kotlin_metadata", + "res/color/mtrl_filled_icon_tint.xml", + "kotlin/collections/CollectionsKt.kotlin_metadata", + "kotlin/RuntimeException.kotlin_metadata", + "res/drawable-mdpi-v4/abc_list_pressed_holo_dark.9.png", + "res/drawable-xhdpi-v4/abc_text_select_handle_right_mtrl_dark.png", + "res/drawable-xxhdpi-v4/abc_list_pressed_holo_dark.9.png", + "kotlin/ranges/ULongRange.kotlin_metadata", + "res/drawable/abc_list_selector_background_transition_holo_dark.xml", + "res/drawable-hdpi-v4/abc_spinner_mtrl_am_alpha.9.png", + "kotlin/OptIn.kotlin_metadata", + "kotlin/coroutines/experimental/intrinsics/CoroutinesIntrinsicsExperimentalHKt.kotlin_metadata", + "res/color/abc_tint_spinner.xml", + "kotlin/reflect/KProperty.kotlin_metadata", + "kotlin/StandardKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_btn_check_to_on_mtrl_015.png", + "res/layout/abc_screen_simple_overlay_action_mode.xml", + "kotlin/NumbersKt.kotlin_metadata", + "res/drawable-xhdpi-v4/notify_panel_notification_icon_bg.png", + "kotlin/text/CharacterCodingException.kotlin_metadata", + "res/layout-v17/notification_template_big_media_narrow.xml", + "kotlin/text/IndentKt.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", + "res/drawable-xxxhdpi-v4/abc_ic_star_black_48dp.png", + "kotlin/sequences/GeneratorSequence.kotlin_metadata", + "res/anim/abc_fade_in.xml", + "res/layout/activity_main.xml", + "kotlin/Result.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", + "res/layout/test_reflow_chipgroup.xml", + "res/color/abc_search_url_text.xml", + "res/layout-v22/mtrl_alert_dialog_actions.xml", + "META-INF/kotlin-android-extensions-runtime.kotlin_module", + "kotlin/ranges/RangesKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_light.png", + "kotlin/collections/MapsKt.kotlin_metadata", + "res/drawable/notification_icon_background.xml", + "res/drawable-xhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", + "kotlin/experimental/BitwiseOperationsKt.kotlin_metadata", + "res/color/mtrl_extended_fab_ripple_color.xml", + "res/mipmap-xxxhdpi-v4/ic_launcher_round.png", + "res/layout/mtrl_alert_select_dialog_multichoice.xml", + "kotlin/random/XorWowRandom.kotlin_metadata", + "res/drawable-hdpi-v4/ic_shopping_cart.png", + "res/drawable-ldpi-v4/ic_email_black_24dp.png", + "kotlin/ArithmeticException.kotlin_metadata", + "kotlin/ExperimentalMultiplatform.kotlin_metadata", + "kotlin/coroutines/experimental/SequenceBuilderKt.kotlin_metadata", + "res/drawable/mtrl_popupmenu_background_dark.xml", + "res/color/mtrl_extended_fab_bg_color_selector.xml", + "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_dark.png", + "META-INF/androidx.lifecycle_lifecycle-livedata-core.version", + "res/drawable-anydpi-v21/ic_minus.xml", + "res/mipmap-anydpi-v26/ic_launcher_round.xml", + "res/drawable/abc_ratingbar_material.xml", + "res/drawable-xhdpi-v4/ic_email_black_24dp.png", + "res/drawable-xhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", + "res/layout/design_navigation_item_subheader.xml", + "res/anim/design_bottom_sheet_slide_out.xml", + "kotlin/contracts/ContractBuilder.kotlin_metadata", + "res/drawable-mdpi-v4/notification_bg_low_normal.9.png", + "res/drawable-hdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", + "kotlin/sequences/SequenceScope.kotlin_metadata", + "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_1.xml", + "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_dark.png", + "res/color/mtrl_navigation_item_text_color.xml", + "res/color/mtrl_tabs_colored_ripple_color.xml", + "res/drawable-xhdpi-v4/ic_shopping_cart.png", + "res/drawable/ic_mtrl_chip_close_circle.xml", + "kotlin/collections/collections.kotlin_builtins", + "kotlin/coroutines/experimental/AbstractCoroutineContextElement.kotlin_metadata", + "res/layout/abc_dialog_title_material.xml", + "res/drawable/mtrl_ic_arrow_drop_up.xml", + "res/layout/notification_template_part_time.xml", + "res/drawable-xxhdpi-v4/abc_ic_star_half_black_48dp.png", + "res/drawable-hdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", + "res/layout-v17/notification_template_big_media_custom.xml", + "kotlin/ConcurrentModificationException.kotlin_metadata", + "res/color-v23/abc_btn_colored_borderless_text_material.xml", + "res/color/bottom_icon_selector.xml", + "res/drawable-mdpi-v4/abc_spinner_mtrl_am_alpha.9.png", + "res/layout/product_item.xml", + "kotlin/collections/ArrayAsCollection.kotlin_metadata", + "kotlin/UInt.kotlin_metadata", + "META-INF/androidx.legacy_legacy-support-core-utils.version", + "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", + "kotlin/sequences/SequencesKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_list_focused_holo.9.png", + "res/layout-v21/test_design_checkbox.xml", + "kotlin/collections/SetsKt.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", + "res/layout-v17/notification_action_tombstone.xml", + "kotlin/time/TimeSourcesKt.kotlin_metadata", + "kotlin/collections/CollectionsHKt.kotlin_metadata", + "res/anim/btn_radio_to_on_mtrl_dot_group_animation.xml", + "res/color-v23/abc_tint_spinner.xml", + "kotlin/collections/LinkedHashSet.kotlin_metadata", + "res/drawable-v21/$avd_show_password__2.xml", + "res/color/abc_background_cache_hint_selector_material_dark.xml", + "kotlin/contracts/Effect.kotlin_metadata", + "kotlin/time/AdjustedTimeMark.kotlin_metadata", + "res/drawable-mdpi-v4/ic_info.png", + "res/drawable-mdpi-v4/abc_ic_star_black_36dp.png", + "res/animator/mtrl_extended_fab_show_motion_spec.xml", + "res/animator/mtrl_extended_fab_state_list_animator.xml", + "kotlin/collections/ArrayList.kotlin_metadata", + "res/layout/abc_search_view.xml", + "res/layout/text_view_with_theme_line_height.xml", + "kotlin/ranges/ULongProgression.kotlin_metadata", + "kotlin/collections/ReversedList.kotlin_metadata", + "kotlin/random/RandomKt.kotlin_metadata", + "META-INF/androidx.viewpager2_viewpager2.version", + "res/drawable/btn_bg.xml", + "res/drawable-xxhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", + "res/drawable-mdpi-v4/design_ic_visibility_off.png", + "META-INF/kotlin-stdlib-common.kotlin_module", + "META-INF/CERT.RSA", + "res/color/material_on_primary_emphasis_high_type.xml", + "res/layout/activity_webview.xml", + "res/drawable-xhdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", + "kotlin/contracts/ReturnsNotNull.kotlin_metadata", + "kotlin/collections/HashSet.kotlin_metadata", + "kotlin/collections/UByteIterator.kotlin_metadata", + "res/drawable-xhdpi-v4/notification_bg_normal.9.png", + "res/drawable/abc_ic_go_search_api_material.xml", + "kotlin/collections/UArraySortingKt.kotlin_metadata", + "kotlin/sequences/EmptySequence.kotlin_metadata", + "res/layout-v17/design_text_input_end_icon.xml", + "res/anim/design_bottom_sheet_slide_in.xml", + "kotlin/ranges/ComparableRange.kotlin_metadata", + "res/layout/mtrl_calendar_month_labeled.xml", + "kotlin/coroutines/AbstractCoroutineContextKey.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_btn_check_to_on_mtrl_015.png", + "META-INF/androidx.transition_transition.version", + "kotlin/TuplesKt.kotlin_metadata", + "res/interpolator-v21/mtrl_fast_out_slow_in.xml", + "res/drawable-xxhdpi-v4/design_ic_visibility_off.png", + "res/layout/mtrl_picker_header_toggle.xml", + "res/drawable-xhdpi-v4/abc_textfield_search_default_mtrl_alpha.9.png", + "res/drawable-mdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", + "kotlin/time/TimedValue.kotlin_metadata", + "kotlin/coroutines/AbstractCoroutineContextElement.kotlin_metadata", + "kotlin/io/Serializable.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_switch_track_mtrl_alpha.9.png", + "META-INF/androidx.print_print.version", + "res/color/mtrl_bottom_nav_colored_item_tint.xml", + "kotlin/reflect/KProperty1.kotlin_metadata", + "res/layout/design_layout_snackbar_include.xml", + "res/drawable/ic_mtrl_checked_circle.xml", + "res/drawable-ldrtl-mdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", + "kotlin/ULongArray.kotlin_metadata", + "kotlin/UninitializedPropertyAccessException.kotlin_metadata", + "kotlin/coroutines/experimental/RestrictsSuspension.kotlin_metadata", + "kotlin/sequences/TransformingIndexedSequence.kotlin_metadata", + "res/layout/abc_expanded_menu_layout.xml", + "res/layout-v21/cart_item.xml", + "res/interpolator-v21/mtrl_linear_out_slow_in.xml", + "META-INF/androidx.documentfile_documentfile.version", + "kotlin/coroutines/ContinuationKt.kotlin_metadata", + "kotlin/ranges/ClosedFloatingPointRange.kotlin_metadata", + "res/xml/provider_paths.xml", + "res/drawable/loading_ring.png", + "res/drawable/ic_edit_black_24dp.xml", + "res/drawable-anydpi-v21/ic_email_black_24dp.xml", + "res/layout/abc_screen_toolbar.xml", + "res/drawable-xhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", + "res/drawable/abc_btn_borderless_material.xml", + "res/color/mtrl_error.xml", + "res/color-v23/abc_color_highlight_material.xml", + "res/drawable-xxhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", + "res/layout/mtrl_layout_snackbar.xml", + "res/drawable/ic_menu_arrow_up_black_24dp.xml", + "res/layout-v17/upload_success_dialog.xml", + "kotlin/contracts/SimpleEffect.kotlin_metadata", + "META-INF/androidx.core_core-ktx.version", + "kotlin/collections/IterablesKt.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", + "res/animator-v19/mtrl_btn_state_list_anim.xml", + "res/layout/mtrl_calendar_days_of_week.xml", + "res/drawable/abc_tab_indicator_material.xml", + "kotlin/ULong.kotlin_metadata", + "res/layout/mtrl_calendar_horizontal.xml", + "kotlin/collections/GroupingKt.kotlin_metadata", + "META-INF/androidx.recyclerview_recyclerview.version", + "res/drawable/navigation_empty_icon.xml", + "res/drawable-ldpi-v4/ic_logout.png", + "res/layout/mtrl_picker_header_title_text.xml", + "res/drawable-xhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_light.9.png", + "res/mipmap-mdpi-v4/ic_launcher.png", + "kotlin/UShortKt.kotlin_metadata", + "kotlin/IllegalStateException.kotlin_metadata", + "res/drawable-anydpi-v21/ic_supermarket.xml", + "kotlin/coroutines/SafeContinuation.kotlin_metadata", + "kotlin/math/UMathKt.kotlin_metadata", + "res/xml/standalone_badge_gravity_top_start.xml", + "res/color/mtrl_popupmenu_overlay_color.xml", + "res/color/mtrl_tabs_icon_color_selector.xml", + "res/layout/mtrl_picker_header_selection_text.xml", + "res/layout-v21/notification_template_icon_group.xml", + "kotlin/internal/Exact.kotlin_metadata", + "res/layout-v17/design_layout_snackbar_include.xml", + "kotlin/ExperimentalStdlibApi.kotlin_metadata", + "res/layout/abc_activity_chooser_view_list_item.xml", + "res/drawable/abc_vector_test.xml", + "kotlin/UIntArrayKt.kotlin_metadata", + "res/color/abc_tint_edittext.xml", + "res/drawable-mdpi-v4/abc_cab_background_top_mtrl_alpha.9.png", + "res/drawable-xhdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", + "res/layout/abc_action_bar_title_item.xml", + "res/drawable/abc_btn_check_material.xml", + "res/drawable-v21/$avd_hide_password__0.xml", + "res/layout-v17/mtrl_picker_header_dialog.xml", + "kotlin/properties/ReadWriteProperty.kotlin_metadata", + "kotlin/UShortArrayKt.kotlin_metadata", + "res/color/mtrl_indicator_text_color.xml", + "res/drawable-xxhdpi-v4/abc_ic_star_black_48dp.png", + "res/drawable-xxxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", + "res/layout-v17/mtrl_picker_fullscreen.xml", + "kotlin/NullPointerException.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_text_select_handle_middle_mtrl_light.png", + "res/drawable/abc_btn_radio_material.xml", + "res/layout/notification_template_big_media.xml", + "res/drawable-ldrtl-hdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/drawable-xxhdpi-v4/abc_list_longpressed_holo.9.png", + "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_light.9.png", + "kotlin/coroutines/experimental/SequenceBuilderIterator.kotlin_metadata", + "res/drawable-xxhdpi-v4/ic_launcher_background.png", + "kotlin/NumberFormatException.kotlin_metadata", + "res/drawable/abc_cab_background_internal_bg.xml", + "res/layout-v17/notification_template_custom_big.xml", + "res/layout/cart_item.xml", + "res/layout-v21/notification_action_tombstone.xml", + "res/drawable-mdpi-v4/notification_bg_low_pressed.9.png", + "res/layout/activity_private.xml", + "res/drawable-v21/design_bottom_navigation_item_background.xml", + "res/layout/mtrl_picker_header_dialog.xml", + "res/interpolator/mtrl_linear_out_slow_in.xml", + "META-INF/kotlin-stdlib-jdk7.kotlin_module", + "kotlin/text/AppendableKt.kotlin_metadata", + "res/drawable-mdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", + "res/drawable/abc_seekbar_track_material.xml", + "res/drawable-xxhdpi-v4/ic_info.png", + "kotlin/UnsignedUtilsKt.kotlin_metadata", + "res/drawable-v21/design_password_eye.xml", + "res/drawable-hdpi-v4/abc_switch_track_mtrl_alpha.9.png", + "res/drawable-ldrtl-xxxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", + "kotlin/reflect/KMutableProperty0.kotlin_metadata", + "res/drawable/mtrl_dialog_background.xml", + "kotlin/jvm/JvmSuppressWildcards.kotlin_metadata", + "res/drawable-hdpi-v4/abc_ic_star_half_black_36dp.png", + "res/layout/select_dialog_item_material.xml", + "res/drawable-xhdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", + "META-INF/androidx.databinding_baseAdapters.version", + "res/drawable-mdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", + "kotlin/annotation/annotation.kotlin_builtins", + "res/drawable-ldpi-v4/ic_plus.png", + "res/drawable-xxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", + "res/layout-land-v17/mtrl_picker_header_dialog.xml", + "kotlin/collections/AbstractMap.kotlin_metadata", + "res/anim-v21/mtrl_bottom_sheet_slide_out.xml", + "res/drawable-watch-v20/abc_dialog_material_background.xml", + "res/layout/design_text_input_start_icon.xml", + "res/layout/mtrl_picker_fullscreen.xml", + "res/layout/mtrl_calendar_year.xml", + "META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version", + "res/layout/design_navigation_menu.xml", + "res/drawable-xhdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", + "res/color/abc_secondary_text_material_light.xml", + "res/color/switch_thumb_material_light.xml", + "kotlin/time/DurationKt.kotlin_metadata", + "res/anim/abc_slide_out_top.xml", + "res/layout/text_view_with_line_height_from_appearance.xml", + "META-INF/androidx.arch.core_core-runtime.version", + "res/layout/abc_screen_simple.xml", + "res/layout/notification_action_tombstone.xml", + "kotlin/collections/AbstractMutableSet.kotlin_metadata", + "res/drawable/ic_mtrl_chip_checked_circle.xml", + "res/drawable-mdpi-v4/abc_tab_indicator_mtrl_alpha.9.png", + "res/color-v23/abc_tint_seek_thumb.xml", + "kotlin/ranges/ClosedDoubleRange.kotlin_metadata", + "kotlin/internal/NoInfer.kotlin_metadata", + "res/interpolator/fast_out_slow_in.xml", + "res/color-v23/abc_tint_edittext.xml", + "res/drawable/abc_switch_thumb_material.xml", + "res/drawable-xhdpi-v4/abc_text_select_handle_left_mtrl_light.png", + "res/drawable/btn_checkbox_unchecked_mtrl.xml", + "kotlin/reflect/KCallable.kotlin_metadata", + "res/drawable-mdpi-v4/abc_ic_commit_search_api_mtrl_alpha.png", + "res/drawable-xhdpi-v4/abc_list_divider_mtrl_alpha.9.png", + "res/layout-sw600dp-v13/mtrl_layout_snackbar.xml", + "res/drawable/btn_radio_on_to_off_mtrl_animation.xml", + "res/layout/mtrl_calendar_month_navigation.xml", + "res/color/design_error.xml", + "res/layout/design_layout_tab_text.xml", + "kotlin/collections/RandomAccess.kotlin_metadata", + "res/drawable-hdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", + "res/drawable-xxhdpi-v4/abc_list_divider_mtrl_alpha.9.png", + "res/drawable-xxhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", + "res/drawable-hdpi-v4/ic_email_black_24dp.png", + "res/drawable-anydpi-v21/ic_launcher_foreground.xml", + "res/anim/btn_checkbox_to_checked_icon_null_animation.xml", + "res/color/checkbox_themeable_attribute_color.xml", + "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_copy_mtrl_am_alpha.png", + "res/drawable-hdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", + "kotlin/math/MathHKt.kotlin_metadata", + "kotlin/collections/UIntIterator.kotlin_metadata", + "kotlin/time/TimeSourceKt.kotlin_metadata", + "res/drawable/btn_radio_off_to_on_mtrl_animation.xml", + "res/drawable-v21/$avd_show_password__0.xml", + "META-INF/androidx.activity_activity.version", + "res/drawable-xhdpi-v4/abc_list_pressed_holo_light.9.png", + "kotlin/comparisons/ReversedComparator.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_ic_star_half_black_36dp.png", + "res/layout/design_navigation_menu_item.xml", + "res/layout/design_text_input_end_icon.xml", + "res/layout/abc_action_menu_item_layout.xml", + "res/font/roboto_light.ttf", + "kotlin/collections/EmptyMap.kotlin_metadata", + "res/drawable-hdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", + "res/layout-v17/abc_select_dialog_material.xml", + "res/color/mtrl_extended_fab_text_color_selector.xml", + "res/drawable-hdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", + "res/layout/activity_cart_list.xml", + "kotlin/internal/DynamicExtension.kotlin_metadata", + "res/drawable-ldpi-v4/ic_shopping_cart.png", + "res/drawable/ic_calendar_black_24dp.xml", + "res/drawable-v23/mtrl_popupmenu_background_dark.xml", + "res/layout-v17/abc_search_view.xml", + "res/layout-v22/abc_alert_dialog_button_bar_material.xml", + "res/animator/design_fab_show_motion_spec.xml", + "res/color/mtrl_choice_chip_ripple_color.xml", + "res/drawable-xhdpi-v4/abc_scrubber_control_off_mtrl_alpha.png", + "res/drawable/abc_btn_check_material_anim.xml", + "res/drawable-xhdpi-v4/abc_ab_share_pack_mtrl_alpha.9.png", + "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_48dp.png", + "kotlin/coroutines/experimental/ContinuationInterceptor.kotlin_metadata", + "kotlin/jvm/JvmMultifileClass.kotlin_metadata", + "res/drawable/edittext_bg.xml", + "res/drawable/abc_seekbar_thumb_material.xml", + "res/anim/abc_fade_out.xml", + "kotlin/properties/ReadOnlyProperty.kotlin_metadata", + "res/color/abc_background_cache_hint_selector_material_light.xml", + "kotlin/reflect/KMutableProperty1.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", + "kotlin/collections/MapWithDefaultImpl.kotlin_metadata", + "res/drawable-xhdpi-v4/abc_scrubber_primary_mtrl_alpha.9.png", + "kotlin/OptionalExpectation.kotlin_metadata", + "res/drawable/mtrl_tabs_default_indicator.xml", + "res/drawable-xxhdpi-v4/abc_ic_menu_copy_mtrl_am_alpha.png", + "kotlin/Pair.kotlin_metadata", + "res/drawable/mtrl_ic_error.xml", + "kotlin/coroutines/intrinsics/CoroutineSingletons.kotlin_metadata", + "res/drawable-hdpi-v4/abc_menu_hardkey_panel_mtrl_mult.9.png", + "kotlin/coroutines/CoroutineContext.kotlin_metadata", + "res/drawable-v21/abc_edit_text_material.xml", + "res/layout/mtrl_layout_snackbar_include.xml", + "kotlin/time/TimeMark.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_005.png", + "kotlin/reflect/KProperty0.kotlin_metadata", + "res/anim/btn_radio_to_off_mtrl_ring_outer_path_animation.xml", + "res/layout-v21/abc_screen_toolbar.xml", + "kotlin/Exception.kotlin_metadata", + "res/drawable-hdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", + "res/drawable/ic_keyboard_arrow_right_black_24dp.xml", + "res/color/design_box_stroke_color.xml", + "res/layout/mtrl_calendar_day_of_week.xml", + "META-INF/androidx.databinding_viewbinding.version", + "res/layout-watch-v20/abc_alert_dialog_button_bar_material.xml", + "res/drawable-mdpi-v4/abc_ic_menu_cut_mtrl_alpha.png", + "kotlin/ranges/UIntProgression.kotlin_metadata", + "res/anim/design_snackbar_out.xml", + "META-INF/androidx.drawerlayout_drawerlayout.version", + "res/drawable-v21/$avd_show_password__1.xml", + "res/drawable-hdpi-v4/abc_ic_star_black_16dp.png", + "kotlin/sequences/SequenceBuilderKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_popup_background_mtrl_mult.9.png", + "res/drawable-xxxhdpi-v4/ic_email_black_24dp.png", + "META-INF/androidx.interpolator_interpolator.version", + "kotlin/coroutines/CoroutineContextImplKt.kotlin_metadata", + "res/drawable-hdpi-v4/abc_textfield_search_activated_mtrl_alpha.9.png", + "res/color/mtrl_outlined_stroke_color.xml", + "res/drawable-mdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", + "res/drawable-hdpi-v4/abc_ic_menu_selectall_mtrl_alpha.png", + "kotlin/coroutines/EmptyCoroutineContext.kotlin_metadata", + "kotlin/text/StringNumberConversionsKt.kotlin_metadata", + "kotlin/text/StringsKt.kotlin_metadata", + "res/drawable-v21/abc_action_bar_item_background_material.xml", + "kotlin/IndexOutOfBoundsException.kotlin_metadata", + "kotlin/text/Appendable.kotlin_metadata", + "res/drawable/ic_menu_arrow_down_black_24dp.xml", + "kotlin/random/Random.kotlin_metadata", + "res/anim/abc_shrink_fade_out_from_bottom.xml", + "res/drawable-hdpi-v4/abc_textfield_default_mtrl_alpha.9.png", + "res/layout-v17/abc_alert_dialog_button_bar_material.xml", + "kotlin/text/MatchGroupCollection.kotlin_metadata", + "res/drawable/btn_radio_on_mtrl.xml", + "kotlin/ranges/UIntRange.kotlin_metadata", + "res/drawable-mdpi-v4/notification_bg_normal.9.png", + "res/drawable-xhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", + "res/drawable-xxhdpi-v4/abc_list_pressed_holo_light.9.png", + "res/drawable/abc_item_background_holo_dark.xml", + "kotlin/io/IoHKt.kotlin_metadata", + "kotlin/sequences/MergingSequence.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_text_select_handle_left_mtrl_light.png", + "kotlin/UNINITIALIZED_VALUE.kotlin_metadata", + "res/drawable-xxxhdpi-v4/ic_shopping_cart.png", + "res/drawable-anydpi-v21/ic_info.xml", + "META-INF/androidx.lifecycle_lifecycle-viewmodel.version", + "res/animator/mtrl_fab_transformation_sheet_collapse_spec.xml", + "res/drawable-hdpi-v4/notification_bg_low_normal.9.png", + "kotlin/coroutines/ContinuationInterceptor.kotlin_metadata", + "res/layout-v21/notification_template_custom_big.xml", + "res/layout/abc_popup_menu_header_item_layout.xml", + "res/layout-v17/notification_template_lines_media.xml", + "kotlin/jvm/JvmWildcard.kotlin_metadata", + "kotlin/jvm/Transient.kotlin_metadata", + "kotlin/Lazy.kotlin_metadata", + "res/layout/mtrl_picker_actions.xml", + "res/color/mtrl_navigation_item_icon_tint.xml", + "res/drawable-mdpi-v4/abc_ic_star_half_black_36dp.png", + "res/drawable-mdpi-v4/abc_list_selector_disabled_holo_dark.9.png", + "kotlin/internal/UProgressionUtilKt.kotlin_metadata", + "kotlin/coroutines/intrinsics/IntrinsicsKt.kotlin_metadata", + "res/drawable/btn_checkbox_unchecked_to_checked_mtrl_animation.xml", + "res/color/mtrl_calendar_item_stroke_color.xml", + "kotlin/contracts/CallsInPlace.kotlin_metadata", + "res/layout/mtrl_calendar_month.xml", + "kotlin/properties/NotNullVar.kotlin_metadata", + "res/layout/support_simple_spinner_dropdown_item.xml", + "kotlin/reflect/TypeOfKt.kotlin_metadata", + "kotlin/RequiresOptIn.kotlin_metadata", + "kotlin/collections/ReversedViewsKt.kotlin_metadata", + "res/drawable-xxxhdpi-v4/abc_spinner_mtrl_am_alpha.9.png", + "res/layout/test_toolbar_surface.xml", + "res/drawable-xxhdpi-v4/abc_list_selector_disabled_holo_dark.9.png", + "res/layout/abc_select_dialog_material.xml", + "res/layout/notification_template_icon_group.xml", + "res/drawable-hdpi-v4/abc_list_pressed_holo_dark.9.png", + "res/anim/btn_checkbox_to_checked_box_outer_merged_animation.xml", + "res/color/abc_tint_btn_checkable.xml", + "res/anim-v21/mtrl_bottom_sheet_slide_in.xml", + "kotlin/internal/internal.kotlin_builtins", + "META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version", + "res/interpolator/mtrl_linear.xml", + "kotlin/collections/MutableMapWithDefault.kotlin_metadata", + "res/layout/activity_product_list.xml", + "res/color/abc_btn_colored_text_material.xml", + "kotlin/Comparator.kotlin_metadata", + "res/color/mtrl_btn_text_btn_ripple_color.xml", + "kotlin/text/TextHKt.kotlin_metadata", + "res/xml/standalone_badge.xml", + "kotlin/collections/HashMap.kotlin_metadata", + "res/drawable-ldrtl-xxhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", + "kotlin/sequences/TakeSequence.kotlin_metadata", + "res/drawable-xxhdpi-v4/ic_shopping_cart.png", + "kotlin/collections/MapAccessorsKt.kotlin_metadata", + "res/layout/test_design_checkbox.xml", + "res/color/mtrl_bottom_nav_ripple_color.xml", + "res/drawable/ic_clear_black_24dp.xml", + "kotlin/internal/RequireKotlinVersionKind.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_015.png", + "res/layout-v17/mtrl_picker_dialog.xml", + "res/layout/notification_template_big_media_narrow_custom.xml", + "res/animator/mtrl_card_state_list_anim.xml", + "res/color/mtrl_on_primary_text_btn_text_color_selector.xml", + "res/drawable/abc_ratingbar_indicator_material.xml", + "res/drawable-xxhdpi-v4/abc_ic_menu_share_mtrl_alpha.png", + "res/layout-v17/abc_action_mode_close_item_material.xml", + "kotlin/LateinitKt.kotlin_metadata", + "kotlin/sequences/DropSequence.kotlin_metadata", + "META-INF/androidx.loader_loader.version", + "kotlin/NoWhenBranchMatchedException.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", + "res/drawable/abc_list_selector_holo_dark.xml", + "res/drawable-xxhdpi-v4/abc_btn_radio_to_on_mtrl_000.png", + "res/layout/base_main.xml", + "META-INF/androidx.viewpager_viewpager.version", + "res/animator/mtrl_btn_unelevated_state_list_anim.xml", + "res/drawable-ldpi-v4/ic_supermarket.png", + "res/drawable-ldrtl-xhdpi-v17/abc_ic_menu_cut_mtrl_alpha.png", + "res/layout-v26/abc_screen_toolbar.xml", + "res/anim/abc_tooltip_exit.xml", + "res/layout/notification_template_big_media_custom.xml", + "res/drawable-mdpi-v4/abc_text_select_handle_left_mtrl_dark.png", + "res/interpolator/btn_checkbox_unchecked_mtrl_animation_interpolator_0.xml", + "res/drawable-xhdpi-v4/ic_supermarket.png", + "kotlin/time/AbstractDoubleTimeSource.kotlin_metadata", + "res/drawable/abc_ratingbar_small_material.xml", + "res/drawable-mdpi-v4/abc_text_select_handle_right_mtrl_light.png", + "kotlin/time/AbstractLongTimeSource.kotlin_metadata", + "META-INF/androidx.cardview_cardview.version", + "res/drawable/mtrl_dropdown_arrow.xml", + "res/drawable/abc_spinner_textfield_background_material.xml", + "res/color/mtrl_btn_text_color_selector.xml", + "res/drawable/abc_dialog_material_background.xml", + "kotlin/comparisons/ReverseOrderComparator.kotlin_metadata", + "META-INF/androidx.coordinatorlayout_coordinatorlayout.version", + "kotlin/collections/IteratorsKt.kotlin_metadata", + "kotlin/internal/RequireKotlin.kotlin_metadata", + "res/color/mtrl_fab_ripple_color.xml", + "res/drawable-ldpi-v4/ic_launcher_foreground.png", + "res/layout/notification_media_cancel_action.xml", + "kotlin/ranges/ranges.kotlin_builtins", + "res/drawable-mdpi-v4/ic_launcher_background.png", + "res/mipmap-xxhdpi-v4/ic_launcher.png", + "kotlin/jvm/JvmPackageName.kotlin_metadata", + "res/drawable-ldpi-v4/ic_info.png", + "res/drawable-mdpi-v4/abc_switch_track_mtrl_alpha.9.png", + "res/drawable-xxxhdpi-v4/abc_ic_star_half_black_16dp.png", + "res/anim/btn_checkbox_to_checked_box_inner_merged_animation.xml", + "res/drawable-hdpi-v4/abc_list_selector_disabled_holo_dark.9.png", + "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_015.png", + "res/drawable-xxhdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", + "kotlin/jvm/JvmStatic.kotlin_metadata", + "res/layout-v17/notification_template_big_media_narrow_custom.xml", + "kotlin/text/MatchGroup.kotlin_metadata", + "res/drawable/btn_checkbox_checked_to_unchecked_mtrl_animation.xml", + "res/drawable-xxhdpi-v4/ic_launcher_foreground.png", + "res/drawable/design_fab_background.xml", + "res/layout/mtrl_calendar_months.xml", + "res/layout/design_layout_tab_icon.xml", + "res/anim-v21/design_bottom_sheet_slide_out.xml", + "res/drawable-xxxhdpi-v4/abc_text_select_handle_right_mtrl_light.png", + "res/layout/abc_screen_content_include.xml", + "res/drawable/ic_mtrl_chip_checked_black.xml", + "res/drawable-hdpi-v4/notification_bg_normal_pressed.9.png", + "res/color/mtrl_card_view_foreground.xml", + "res/layout/mtrl_picker_dialog.xml", + "res/layout/abc_alert_dialog_title_material.xml", + "res/mipmap-hdpi-v4/ic_launcher_round.png", + "kotlin/Experimental.kotlin_metadata", + "res/drawable-xxhdpi-v4/abc_btn_switch_to_on_mtrl_00012.9.png", + "res/layout/text_view_with_line_height_from_style.xml", + "res/color-v23/abc_tint_switch_track.xml", + "res/xml/standalone_badge_gravity_bottom_start.xml", + "res/drawable-mdpi-v4/abc_scrubber_control_to_pressed_mtrl_000.png", + "res/animator/mtrl_chip_state_list_anim.xml", + "res/drawable-mdpi-v4/ic_shopping_cart.png", + "res/layout/select_dialog_singlechoice_material.xml", + "res/layout/design_navigation_item_separator.xml", + "META-INF/kotlin-stdlib-common-coroutines.kotlin_module", + "kotlin/coroutines/experimental/CoroutineContext.kotlin_metadata", + "kotlin/UNumbersKt.kotlin_metadata", + "kotlin/collections/RingBuffer.kotlin_metadata", + "res/color/mtrl_chip_ripple_color.xml", + "kotlin/sequences/IndexingSequence.kotlin_metadata", + "res/drawable-xxxhdpi-v4/ic_supermarket.png", + "kotlin/jvm/Strictfp.kotlin_metadata", + "res/color/mtrl_choice_chip_background_color.xml", + "res/drawable-xxxhdpi-v4/abc_ic_menu_paste_mtrl_am_alpha.png", + "kotlin/Triple.kotlin_metadata", + "kotlin/time/TimeSource.kotlin_metadata", + "res/layout/test_toolbar_custom_background.xml", + "res/drawable-hdpi-v4/abc_text_select_handle_left_mtrl_dark.png", + "res/drawable-xhdpi-v4/abc_scrubber_track_mtrl_alpha.9.png", + "res/drawable/abc_btn_default_mtrl_shape.xml", + "res/drawable-xxhdpi-v4/ic_plus.png", + "kotlin/internal/LowPriorityInOverloadResolution.kotlin_metadata", + "res/drawable-mdpi-v4/abc_btn_switch_to_on_mtrl_00001.9.png", + "res/color-v23/abc_tint_btn_checkable.xml", + "res/drawable-xhdpi-v4/ic_launcher_foreground.png", + "res/drawable-xhdpi-v4/abc_btn_check_to_on_mtrl_000.png", + "res/drawable-hdpi-v4/abc_textfield_activated_mtrl_alpha.9.png", + "res/layout/notification_template_big_media_narrow.xml", + "res/layout-v17/mtrl_alert_select_dialog_multichoice.xml", + "res/drawable/abc_seekbar_tick_mark_material.xml", + "kotlin/collections/MutableCollectionsKt.kotlin_metadata", + "res/drawable-hdpi-v4/notification_bg_normal.9.png" + ], + "exported_count": { + "exported_activities": 5, + "exported_services": 1, + "exported_receivers": 0, + "exported_providers": 1 + }, + "apkid": { + "classes.dex": { + "anti_vm": [ + "Build.MODEL check", + "Build.MANUFACTURER check" + ], + "compiler": [ + "r8" + ] + } + }, + "quark": [], + "trackers": { + "detected_trackers": 0, + "total_trackers": 433, + "trackers": [] + }, + "playstore_details": { + "error": true + }, + "secrets": [ + "\"aws_Identity_pool_ID\" : \"us-east-1:7e9426f7-42af-4717-8689-00a9a4b65c1c\"" + ], + "average_cvss": null, + "appsec": { + "high": [ + { + "title": "Application signed with debug certificate", + "description": "Application signed with a debug certificate. Production application must not be shipped with a debug certificate.", + "section": "certificate" + }, + { + "title": "Certificate algorithm vulnerable to hash collision", + "description": "Application is signed with SHA1withRSA. SHA1 hash algorithm is known to have collision issues.", + "section": "certificate" + }, + { + "title": "Clear text traffic is Enabled For App", + "description": "[android:usesCleartextTraffic=true]\nThe app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is \"true\". Apps that target API level 28 or higher default to \"false\". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.", + "section": "manifest" + }, + { + "title": "Debug Enabled For App", + "description": "[android:debuggable=true]\nDebugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.", + "section": "manifest" + }, + { + "title": "Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks", + "description": "Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification", + "section": "code" + } + ], + "warning": [ + { + "title": "Application vulnerable to Janus Vulnerability", + "description": "Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also vulnerable.", + "section": "certificate" + }, + { + "title": "App can be installed on a vulnerable Android version", + "description": "[minSdk=16]\nThis application can be installed on an older version of android that has multiple unfixed vulnerabilities. Support an Android version > 8, API 26 to receive reasonable security updates.", + "section": "manifest" + }, + { + "title": "Application Data can be Backed up", + "description": "[android:allowBackup=true]\nThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.", + "section": "manifest" + }, + { + "title": "Activity (com.insecureshop.ChooserActivity) is not Protected.", + "description": "An intent-filter exists.\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "section": "manifest" + }, + { + "title": "Activity (com.insecureshop.WebViewActivity) is not Protected.", + "description": "An intent-filter exists.\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "section": "manifest" + }, + { + "title": "Activity (com.insecureshop.WebView2Activity) is not Protected.", + "description": "An intent-filter exists.\nAn Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.", + "section": "manifest" + }, + { + "title": "App can read/write to External Storage. Any App can read data written to External Storage.", + "description": "App can read/write to External Storage. Any App can read data written to External Storage.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage", + "section": "code" + }, + { + "title": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.", + "description": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10", + "section": "code" + } + ], + "info": [ + { + "title": "The App logs information. Sensitive information should never be logged.", + "description": "The App logs information. Sensitive information should never be logged.\nhttps://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs", + "section": "code" + }, + { + "title": "App can write to App Directory. Sensitive Information should be encrypted.", + "description": "App can write to App Directory. Sensitive Information should be encrypted.\n", + "section": "code" + } + ], + "secure": [ + { + "title": "This application has no privacy trackers", + "description": "This application does not include any user or device trackers. Unable to find trackers during static analysis.", + "section": "trackers" + } + ], + "hotspot": [ + { + "title": "Found 3 critical permission(s)", + "description": "Ensure that these permissions are required by the application.\n\nandroid.permission.READ_EXTERNAL_STORAGE (dangerous): read external storage contents - Allows an application to read from external storage.\n\nandroid.permission.WRITE_EXTERNAL_STORAGE (dangerous): read/modify/delete external storage contents - Allows an application to write to external storage.\n\nandroid.permission.READ_CONTACTS (dangerous): read contact data - Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.", + "section": "permissions" + } + ], + "total_trackers": 433, + "trackers": 0, + "security_score": 37, + "app_name": "InsecureShop", + "file_name": "InsecureShop.apk", + "hash": "c5d872355e43322f1692288e2c4e6f00", + "version_name": "1.0" + }, + "virus_total": null, + "base_url": "file:///home/mobsf/Mobile-Security-Framework-MobSF/mobsf", + "dwd_dir": "file:///root/.MobSF/downloads/", + "host_os": "nix", + "timestamp": "2023-12-10T07:45:42.794Z" +} \ No newline at end of file diff --git a/unittests/scans/mobsf/mobsf_3_7_9.json b/unittests/scans/mobsf/mobsf_3_7_9.json new file mode 100644 index 00000000000..7d7b922a450 --- /dev/null +++ b/unittests/scans/mobsf/mobsf_3_7_9.json @@ -0,0 +1,285 @@ +{ + "version":"v3.7.9 Beta", + "title":"Static Analysis", + "file_name":"bitbar-ios-sample.ipa", + "app_name":"BitbarIOSSample", + "app_type":"Objective C", + "size":"0.14MB", + "md5":"e1f08f17e868e9de32a87d0bdc522fac", + "sha1":"deca43e3dd1186d002dea64b4cef4c8b88142488", + "sha256":"07ff7a6608265fff57bd3369fb4e10321d939de5101bd966677cd9a210b820b1", + "build":"1.0", + "app_version":"1.0", + "sdk_name":"iphoneos9.1", + "platform":"9.1", + "min_os_version":"6.0", + "bundle_id":"com.bitbar.testdroid.BitbarIOSSample", + "bundle_url_types":[ + + ], + "bundle_supported_platforms":[ + "iPhoneOS" + ], + "icon_path":"", + "info_plist":"\n\n\n\n\tBuildMachineOSBuild\n\t15B42\n\tCFBundleDevelopmentRegion\n\ten\n\tCFBundleDisplayName\n\tBitbarIOSSample\n\tCFBundleExecutable\n\tBitbarIOSSample\n\tCFBundleIconFiles\n\t\n\t\ticon.png\n\t\n\tCFBundleIcons\n\t\n\t\tCFBundlePrimaryIcon\n\t\t\n\t\t\tCFBundleIconFiles\n\t\t\t\n\t\t\t\ticon.png\n\t\t\t\n\t\t\n\t\n\tCFBundleIdentifier\n\tcom.bitbar.testdroid.BitbarIOSSample\n\tCFBundleInfoDictionaryVersion\n\t6.0\n\tCFBundleName\n\tBitbarIOSSample\n\tCFBundlePackageType\n\tAPPL\n\tCFBundleShortVersionString\n\t1.0\n\tCFBundleSignature\n\t????\n\tCFBundleSupportedPlatforms\n\t\n\t\tiPhoneOS\n\t\n\tCFBundleVersion\n\t1.0\n\tDTCompiler\n\tcom.apple.compilers.llvm.clang.1_0\n\tDTPlatformBuild\n\t13B137\n\tDTPlatformName\n\tiphoneos\n\tDTPlatformVersion\n\t9.1\n\tDTSDKBuild\n\t13B137\n\tDTSDKName\n\tiphoneos9.1\n\tDTXcode\n\t0711\n\tDTXcodeBuild\n\t7B1005\n\tLSRequiresIPhoneOS\n\t\n\tMinimumOSVersion\n\t6.0\n\tUIDeviceFamily\n\t\n\t\t1\n\t\t2\n\t\n\tUIRequiredDeviceCapabilities\n\t\n\t\tarmv7\n\t\n\tUISupportedInterfaceOrientations\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\tUISupportedInterfaceOrientations~ipad\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\n\n", + "binary_info":{ + "endian":"<", + "bit":"32-bit", + "arch":"ARM", + "subarch":"CPU_SUBTYPE_ARM_V7" + }, + "permissions":{ + + }, + "ats_analysis":{ + "ats_findings":[ + + ], + "ats_summary":{ + + } + }, + "binary_analysis":{ + "findings":{ + "Binary makes use of insecure API(s)":{ + "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "severity":"high", + "cvss":6, + "cwe":"CWE-676: Use of Potentially Dangerous Function", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + }, + "Binary makes use of malloc function":{ + "detailed_desc":"The binary may use _malloc\n function instead of calloc", + "severity":"high", + "cvss":2, + "cwe":"CWE-789: Uncontrolled Memory Allocation", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + } + }, + "summary":{ + "high":2, + "warning":0, + "info":0, + "secure":0, + "suppressed":0 + } + }, + "macho_analysis":{ + "name":"BitbarIOSSample", + "nx":{ + "has_nx":true, + "severity":"info", + "description":"The binary has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable." + }, + "pie":{ + "has_pie":true, + "severity":"info", + "description":"The binary is build with -fPIC flag which enables Position independent code. This makes Return Oriented Programming (ROP) attacks much more difficult to execute reliably." + }, + "stack_canary":{ + "has_canary":true, + "severity":"info", + "description":"This binary has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return." + }, + "arc":{ + "has_arc":false, + "severity":"warning", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not." + }, + "rpath":{ + "has_rpath":false, + "severity":"info", + "description":"The binary does not have Runpath Search Path (@rpath) set." + }, + "code_signature":{ + "has_code_signature":true, + "severity":"info", + "description":"This binary has a code signature." + }, + "encrypted":{ + "is_encrypted":false, + "severity":"warning", + "description":"This binary is not encrypted." + }, + "symbol":{ + "is_stripped":true, + "severity":"info", + "description":"Debug Symbols are stripped" + } + }, + "dylib_analysis":[ + + ], + "framework_analysis":[ + + ], + "ios_api":{ + + }, + "code_analysis":{ + "findings":{ + + }, + "summary":{ + + } + }, + "file_analysis":[ + { + "issue":"Plist Files", + "files":[ + { + "file_path":"BitbarIOSSample.app/Info.plist", + "type":"ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac" + } + ] + } + ], + "libraries":[ + "/System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version: 1.2.0, current version: 1.11.0)", + "/System/Library/Frameworks/UIKit.framework/UIKit (compatibility version: 1.0.0, current version: 3512.29.5)", + "/System/Library/Frameworks/Foundation.framework/Foundation (compatibility version: 300.0.0, current version: 1241.14.0)", + "/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version: 64.0.0, current version: 600.0.0)", + "/usr/lib/libobjc.A.dylib (compatibility version: 1.0.0, current version: 228.0.0)", + "/usr/lib/libSystem.B.dylib (compatibility version: 1.0.0, current version: 1226.10.1)", + "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version: 150.0.0, current version: 1241.11.0)" + ], + "files":[ + "BitbarIOSSample.app/embedded.mobileprovision", + "BitbarIOSSample.app/Default@2x.png", + "BitbarIOSSample.app/RadioButton-Selected.png", + "BitbarIOSSample.app/_CodeSignature/CodeResources", + "BitbarIOSSample.app/en.lproj/InfoPlist.strings" + ], + "urls":[ + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd" + ], + "path":"BitbarIOSSample.app/archived-expanded-entitlements.xcent" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "http://www.apple.com/appleca/root.crl0", + "https://www.apple.com/appleca/0", + "http://www.apple.com/appleca/0m", + "http://developer.apple.com/certificationauthority/wwdrca.crl0" + ], + "path":"BitbarIOSSample.app/BitbarIOSSample" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "https://www.apple.com/appleca/0", + "http://developer.apple.com/certificationauthority/wwdrca.crl0", + "http://www.apple.com/appleca/0m", + "http://www.apple.com/appleca/root.crl0" + ], + "path":"IPA Strings Dump" + } + ], + "domains":{ + "www.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"92.122.160.209", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"Slough", + "latitude":"51.509491", + "longitude":"-0.595410" + }, + "ofac":false + }, + "developer.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"17.253.37.202", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"London", + "latitude":"51.508530", + "longitude":"-0.125740" + }, + "ofac":false + } + }, + "emails":[ + + ], + "strings":[ + "@_protocol_getMethodDescription", + "+FxD", + "otherButtonSelected:", + "NSString", + "%http://www.apple.com/appleca/root.crl0", + "!i*i", + "^s./%u", + "@_kCFCoreFoundationVersionNumber" + ], + "firebase_urls":[ + + ], + "appstore_details":{ + "error":true + }, + "secrets":[ + + ], + "trackers":{ + "detected_trackers":0, + "total_trackers":428, + "trackers":[ + + ] + }, + "virus_total":null, + "appsec":{ + "high":[ + { + "title":"Binary makes use of insecure API(s)", + "description":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "section":"binary" + }, + { + "title":"Binary makes use of malloc function", + "description":"The binary may use _malloc\n function instead of calloc", + "section":"binary" + } + ], + "warning":[ + { + "title":"Application binary is not compiled with ARC flag", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not.", + "section":"macho" + } + ], + "info":[ + + ], + "secure":[ + { + "title":"This application has no privacy trackers", + "description":"This application does not include any user or device trackers. Unable to find trackers during static analysis.", + "section":"trackers" + } + ], + "hotspot":[ + + ], + "total_trackers":428, + "trackers":0, + "security_score":42, + "app_name":"BitbarIOSSample", + "file_name":"bitbar-ios-sample.ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac", + "version_name":"1.0" + }, + "average_cvss":null + } \ No newline at end of file diff --git a/unittests/scans/mobsfscan/many_findings_cwe_lower.json b/unittests/scans/mobsfscan/many_findings_cwe_lower.json new file mode 100644 index 00000000000..6154e252a2f --- /dev/null +++ b/unittests/scans/mobsfscan/many_findings_cwe_lower.json @@ -0,0 +1,90 @@ +{ + "errors": [], + "mobsfscan_version": "0.2.0", + "results": { + "android_certificate_transparency": { + "metadata": { + "cwe": "cwe-295", + "description": "This app does not enforce TLS Certificate Transparency which helps to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority.", + "masvs": "MSTG-NETWORK-4", + "owasp-mobile": "M3: Insecure Communication", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4", + "severity": "INFO" + } + }, + "android_kotlin_hardcoded": { + "files": [ + { + "file_path": "app/src/main/java/com/routes/domain/analytics/event/Signatures.kt", + "match_lines": [ + 10, + 10 + ], + "match_position": [ + 243, + 271 + ], + "match_string": "key = \"hmi_busroutes_health\"" + } + ], + "metadata": { + "cwe": "cwe-798", + "description": "Files may contain hardcoded sensitive information like usernames, passwords, keys etc.", + "masvs": "MSTG-STORAGE-14", + "owasp-mobile": "M9: Reverse Engineering", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example", + "severity": "WARNING" + } + }, + "android_prevent_screenshot": { + "metadata": { + "cwe": "cwe-200", + "description": "This app does not have capabilities to prevent against Screenshots from Recent Task History/ Now On Tap etc.", + "masvs": "MSTG-STORAGE-9", + "owasp-mobile": "M2: Insecure Data Storage", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#finding-sensitive-information-in-auto-generated-screenshots-mstg-storage-9", + "severity": "INFO" + } + }, + "android_root_detection": { + "metadata": { + "cwe": "cwe-919", + "description": "This app does not have root detection capabilities. Running a sensitive application on a rooted device questions the device integrity and affects users data.", + "masvs": "MSTG-RESILIENCE-1", + "owasp-mobile": "M8: Code Tampering", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", + "severity": "INFO" + } + }, + "android_safetynet": { + "metadata": { + "cwe": "cwe-353", + "description": "This app does not uses SafetyNet Attestation API that provides cryptographically-signed attestation, assessing the device's integrity. This check helps to ensure that the servers are interacting with the genuine app running on a genuine Android device. ", + "masvs": "MSTG-RESILIENCE-1", + "owasp-mobile": "M8: Code Tampering", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1", + "severity": "INFO" + } + }, + "android_ssl_pinning": { + "metadata": { + "cwe": "cwe-295", + "description": "This app does not use TLS/SSL certificate or public key pinning to detect or prevent MITM attacks in secure communication channel.", + "masvs": "MSTG-NETWORK-4", + "owasp-mobile": "M3: Insecure Communication", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4", + "severity": "INFO" + } + }, + "android_tapjacking": { + "metadata": { + "cwe": "cwe-200", + "description": "This app does not have capabilities to prevent tapjacking attacks.", + "masvs": "MSTG-PLATFORM-9", + "owasp-mobile": "M1: Improper Platform Usage", + "reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9", + "severity": "INFO" + } + } + } + } diff --git a/unittests/scans/mozilla_observatory/nmap_scanme_2022.json b/unittests/scans/mozilla_observatory/nmap_scanme_2022.json new file mode 100644 index 00000000000..f34aacb13c6 --- /dev/null +++ b/unittests/scans/mozilla_observatory/nmap_scanme_2022.json @@ -0,0 +1,142 @@ +{ + "scan": { + "grade": "F", + "likelihood_indicator": "MEDIUM", + "response_headers": { + "Accept-Ranges": "bytes", + "Connection": "Keep-Alive", + "Content-Encoding": "gzip", + "Content-Length": "1570", + "Content-Type": "text/html", + "Date": "Mon, 20 Jun 2022 06:58:15 GMT", + "Keep-Alive": "timeout=5, max=100", + "Server": "Apache/2.4.7 (Ubuntu)", + "Vary": "Accept-Encoding" + }, + "score": 0, + "tests_failed": 6, + "tests_passed": 6, + "tests_quantity": 12 + }, + "tests": { + "content-security-policy": { + "data": null, + "expectation": "csp-implemented-with-no-unsafe", + "http": false, + "meta": false, + "pass": false, + "policy": null, + "result": "csp-not-implemented", + "score_description": "Content Security Policy (CSP) header not implemented", + "score_modifier": -25 + }, + "contribute": { + "data": null, + "expectation": "contribute-json-only-required-on-mozilla-properties", + "pass": true, + "result": "contribute-json-only-required-on-mozilla-properties", + "score_description": "Contribute.json isn't required on websites that don't belong to Mozilla", + "score_modifier": 0 + }, + "cookies": { + "data": null, + "expectation": "cookies-secure-with-httponly-sessions", + "pass": true, + "result": "cookies-not-found", + "sameSite": null, + "score_description": "No cookies detected", + "score_modifier": 0 + }, + "cross-origin-resource-sharing": { + "data": { + "acao": null, + "clientaccesspolicy": null, + "crossdomain": null + }, + "expectation": "cross-origin-resource-sharing-not-implemented", + "pass": true, + "result": "cross-origin-resource-sharing-not-implemented", + "score_description": "Content is not visible via cross-origin resource sharing (CORS) files or headers", + "score_modifier": 0 + }, + "public-key-pinning": { + "data": null, + "expectation": "hpkp-not-implemented", + "includeSubDomains": false, + "max-age": null, + "numPins": null, + "pass": true, + "preloaded": false, + "result": "hpkp-not-implemented-no-https", + "score_description": "HTTP Public Key Pinning (HPKP) header can't be implemented without HTTPS", + "score_modifier": 0 + }, + "redirection": { + "destination": "http://scanme.nmap.org/", + "expectation": "redirection-to-https", + "pass": false, + "redirects": false, + "result": "redirection-missing", + "route": [ + "http://scanme.nmap.org/" + ], + "score_description": "Does not redirect to an HTTPS site", + "score_modifier": -20, + "status_code": 200 + }, + "referrer-policy": { + "data": null, + "expectation": "referrer-policy-private", + "http": false, + "meta": false, + "pass": true, + "result": "referrer-policy-not-implemented", + "score_description": "Referrer-Policy header not implemented", + "score_modifier": 0 + }, + "strict-transport-security": { + "data": null, + "expectation": "hsts-implemented-max-age-at-least-six-months", + "includeSubDomains": false, + "max-age": null, + "pass": false, + "preload": false, + "preloaded": false, + "result": "hsts-not-implemented-no-https", + "score_description": "HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over HTTPS", + "score_modifier": -20 + }, + "subresource-integrity": { + "data": {}, + "expectation": "sri-implemented-and-external-scripts-loaded-securely", + "pass": true, + "result": "sri-not-implemented-but-all-scripts-loaded-from-secure-origin", + "score_description": "Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin", + "score_modifier": 0 + }, + "x-content-type-options": { + "data": null, + "expectation": "x-content-type-options-nosniff", + "pass": false, + "result": "x-content-type-options-not-implemented", + "score_description": "X-Content-Type-Options header not implemented", + "score_modifier": -5 + }, + "x-frame-options": { + "data": null, + "expectation": "x-frame-options-sameorigin-or-deny", + "pass": false, + "result": "x-frame-options-not-implemented", + "score_description": "X-Frame-Options (XFO) header not implemented", + "score_modifier": -20 + }, + "x-xss-protection": { + "data": null, + "expectation": "x-xss-protection-1-mode-block", + "pass": false, + "result": "x-xss-protection-not-implemented", + "score_description": "X-XSS-Protection header not implemented", + "score_modifier": -10 + } + } +} diff --git a/unittests/scans/ms_defender/defender.zip b/unittests/scans/ms_defender/defender.zip new file mode 100644 index 00000000000..43e06ffa06d Binary files /dev/null and b/unittests/scans/ms_defender/defender.zip differ diff --git a/unittests/scans/ms_defender/defender_multiple_files.zip b/unittests/scans/ms_defender/defender_multiple_files.zip new file mode 100644 index 00000000000..98f28dfe8fa Binary files /dev/null and b/unittests/scans/ms_defender/defender_multiple_files.zip differ diff --git a/unittests/scans/ms_defender/defender_wrong_machines.zip b/unittests/scans/ms_defender/defender_wrong_machines.zip new file mode 100644 index 00000000000..4b7d562d70d Binary files /dev/null and b/unittests/scans/ms_defender/defender_wrong_machines.zip differ diff --git a/unittests/scans/ms_defender/report_many_vulns.json b/unittests/scans/ms_defender/report_many_vulns.json new file mode 100644 index 00000000000..6938e64afaa --- /dev/null +++ b/unittests/scans/ms_defender/report_many_vulns.json @@ -0,0 +1,46 @@ +{ + "@odata.context": "https://api-eu.securitycenter.windows.com/api/asfDto)", + "value": [ + { + "id": "wjeriowerjoiewrjoweirjeowij-_-CVE-1234-5678-_-packagvendor-_-tools-_-1.2.3.4-_-", + "cveId": "CVE-1234-5678", + "machineId": "wjeriowerjoiewrjoweirjeowij", + "fixingKbId": null, + "productName": "tools", + "productVendor": "packagvendor", + "productVersion": "1.2.3.4", + "severity": "Low" + }, + { + "id": "wjeriowerjoiewrjoweirjeowij-_-CVE-1234-56788-_-packagvendor-_-tools-_-1.2.3.4-_-", + "cveId": "CVE-1234-56788", + "machineId": "wjeriowerjoiewrjoweirjeowij", + "fixingKbId": null, + "productName": "tools", + "productVendor": "packagvendor", + "productVersion": "1.2.3.4", + "severity": "High" + }, + { + "id": "wjeriowerjoiewrjoweirjeowij-_-CVE-5678-9887-_-packagvendor-_-tools-_-1.2.3.4-_-", + "cveId": "CVE-5678-9887", + "machineId": "wjeriowerjoiewrjoweirjeowij", + "fixingKbId": null, + "productName": "tools", + "productVendor": "packagvendor", + "productVersion": "1.2.3.4", + "severity": "Medium" + }, + { + "id": "wjeriowerjoiewrjoweirjeowij-_-CVE-5678-8888-_-packagvendor-_-tools-_-1.2.3.4-_-", + "cveId": "CVE-5678-8888", + "machineId": "wjeriowerjoiewrjoweirjeowij", + "fixingKbId": null, + "productName": "tools", + "productVendor": "packagvendor", + "productVersion": "1.2.3.4", + "severity": "Medium" + } + ], + "@odata.nextLink": "https://apiofazure?$skip=10000" + } \ No newline at end of file diff --git a/unittests/scans/ms_defender/report_no_vuln.json b/unittests/scans/ms_defender/report_no_vuln.json new file mode 100644 index 00000000000..a8b4c8a397a --- /dev/null +++ b/unittests/scans/ms_defender/report_no_vuln.json @@ -0,0 +1,5 @@ +{ + "@odata.context": "https://api-eu.securitycenter.windows.com/api/asfDto)", + "value": [], + "@odata.nextLink": "https://apiofazure?$skip=10000" + } \ No newline at end of file diff --git a/unittests/scans/ms_defender/report_one_vuln.json b/unittests/scans/ms_defender/report_one_vuln.json new file mode 100644 index 00000000000..7899abe571b --- /dev/null +++ b/unittests/scans/ms_defender/report_one_vuln.json @@ -0,0 +1,16 @@ +{ + "@odata.context": "https://api-eu.securitycenter.windows.com/api/asfDto)", + "value": [ + { + "id": "fjweoifjewiofjweoifjeowifjowei-_-CVE-1234-5678-_-packagvendor-_-tools-_-1.2.3.4-_-", + "cveId": "CVE-1234-5678", + "machineId": "fjweoifjewiofjweoifjeowifjowei", + "fixingKbId": null, + "productName": "tools", + "productVendor": "packagvendor", + "productVersion": "1.2.3.4", + "severity": "Low" + } + ], + "@odata.nextLink": "https://apiofazure?$skip=10000" + } \ No newline at end of file diff --git a/unittests/scans/neuvector/many_vulns.json b/unittests/scans/neuvector/many_vulns.json new file mode 100644 index 00000000000..efa6a10150b --- /dev/null +++ b/unittests/scans/neuvector/many_vulns.json @@ -0,0 +1,110 @@ +{ + "report": { + "vulnerabilities": [ + { + "name": "CVE-2015-8356", + "score": 7.2, + "severity": "High", + "vectors": "", + "description": "The setup_env function in group.c in sshd in OpenSSH allows local users to gain privileges.", + "package_name": "openssh", + "package_version": "7.2_p2-r0", + "fixed_version": "1:7.2p2-3", + "link": "https://security-tracker.debian.org/tracker/CVE-2015-8356", + "score_v3": 7.3, + "vectors_v3": "", + "published_timestamp": 1516561260, + "last_modified_timestamp": 1516561253, + "cpes": [ + "" + ], + "cves": [ + "" + ], + "feed_rating": "", + "in_base_image": true, + "tags": [ + "" + ] + },{ + "name": "CVE-2017-18342", + "score": 7.5, + "severity": "High", + "vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "description": "STATEMENT: PyYAML in channels for Red Hat MRG Messaging 2 should no longer be used, as a newer version is now available in Red Hat Enterprise Linux. Newer packages should be consumed from Red Hat Enterprise Linux channels. This issue affects the versions of the PyYAML package as shipped with Red Hat Satellite 5. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue. The PyYAML libary that is provided in the Red Hat OpenStack repositories is vulnerable. However, there are no instances where this library is used in a way which exposes the vulnerability. Any updates will be through the RHEL channels.", + "package_name": "PyYAML", + "package_version": "3.10-11.el7", + "link": "https://access.redhat.com/security/cve/CVE-2017-18342", + "score_v3": 9.8, + "vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "published_timestamp": 1638748800, + "last_modified_timestamp": 1638748800, + "feed_rating": "Moderate" + } + ], + "modules": [ + { + "name": "scanner", + "version": "1.011", + "source": "github", + "cves": [ + { + "name": "", + "status": "" + } + ], + "cpes": [ + "" + ] + } + ], + "checks": [ + { + "catalog": "docker", + "type": "", + "level": "INFO", + "test_number": "1", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "General Configuration", + "message": [ + "Host Configuration" + ], + "remediation": "", + "group": "nv.calico" + } + ], + "secrets": [ + { + "type": "", + "evidence": "", + "path": "", + "suggestion": "" + } + ], + "setid_perms": [ + { + "type": "", + "evidence": "", + "path": "" + } + ], + "envs": [ + [ + "PATH=/usr/local/sbin", + "GOSU_VERSION=1.12", + "REDIS_VERSION=6.0.2" + ] + ], + "labels": { + "key": [ + "" + ], + "value": "" + }, + "cmds": [ + "" + ] + } +} diff --git a/unittests/scans/neuvector/no_vuln.json b/unittests/scans/neuvector/no_vuln.json new file mode 100644 index 00000000000..995f43544bd --- /dev/null +++ b/unittests/scans/neuvector/no_vuln.json @@ -0,0 +1,70 @@ +{ + "report": { + "vulnerabilities": [ + ], + "modules": [ + { + "name": "scanner", + "version": "1.011", + "source": "github", + "cves": [ + { + "name": "", + "status": "" + } + ], + "cpes": [ + "" + ] + } + ], + "checks": [ + { + "catalog": "docker", + "type": "", + "level": "INFO", + "test_number": "1", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "General Configuration", + "message": [ + "Host Configuration" + ], + "remediation": "", + "group": "nv.calico" + } + ], + "secrets": [ + { + "type": "", + "evidence": "", + "path": "", + "suggestion": "" + } + ], + "setid_perms": [ + { + "type": "", + "evidence": "", + "path": "" + } + ], + "envs": [ + [ + "PATH=/usr/local/sbin", + "GOSU_VERSION=1.12", + "REDIS_VERSION=6.0.2" + ] + ], + "labels": { + "key": [ + "" + ], + "value": "" + }, + "cmds": [ + "" + ] + } +} \ No newline at end of file diff --git a/unittests/scans/neuvector/one_vuln.json b/unittests/scans/neuvector/one_vuln.json new file mode 100644 index 00000000000..583b62e164c --- /dev/null +++ b/unittests/scans/neuvector/one_vuln.json @@ -0,0 +1,96 @@ +{ + "report": { + "vulnerabilities": [ + { + "name": "CVE-2015-8356", + "score": 7.2, + "severity": "High", + "vectors": "", + "description": "The setup_env function in group.c in sshd in OpenSSH allows local users to gain privileges.", + "package_name": "openssh", + "package_version": "7.2_p2-r0", + "fixed_version": "1:7.2p2-3", + "link": "https://security-tracker.debian.org/tracker/CVE-2015-8356", + "score_v3": 7.3, + "vectors_v3": "", + "published_timestamp": 1516561260, + "last_modified_timestamp": 1516561253, + "cpes": [ + "" + ], + "cves": [ + "" + ], + "feed_rating": "", + "in_base_image": true, + "tags": [ + "" + ] + } + ], + "modules": [ + { + "name": "scanner", + "version": "1.011", + "source": "github", + "cves": [ + { + "name": "", + "status": "" + } + ], + "cpes": [ + "" + ] + } + ], + "checks": [ + { + "catalog": "docker", + "type": "", + "level": "INFO", + "test_number": "1", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "General Configuration", + "message": [ + "Host Configuration" + ], + "remediation": "", + "group": "nv.calico" + } + ], + "secrets": [ + { + "type": "", + "evidence": "", + "path": "", + "suggestion": "" + } + ], + "setid_perms": [ + { + "type": "", + "evidence": "", + "path": "" + } + ], + "envs": [ + [ + "PATH=/usr/local/sbin", + "GOSU_VERSION=1.12", + "REDIS_VERSION=6.0.2" + ] + ], + "labels": { + "key": [ + "" + ], + "value": "" + }, + "cmds": [ + "" + ] + } +} \ No newline at end of file diff --git a/unittests/scans/neuvector_compliance/many_vulns.json b/unittests/scans/neuvector_compliance/many_vulns.json new file mode 100644 index 00000000000..4cfc9a3db76 --- /dev/null +++ b/unittests/scans/neuvector_compliance/many_vulns.json @@ -0,0 +1,104 @@ +{ + "run_timestamp": 1663583567, + "run_at": "2022-09-19T10:32:47Z", + "kubernetes_cis_version": "1.6.0", + "docker_cis_version": "1.2.0", + "items": [ + { + "test_number": "D.1.1.1", + "category": "docker", + "type": "host", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "Ensure a separate partition for containers has been created", + "remediation": "For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition.", + "tags": [], + "level": "PASS", + "message": [] + }, + { + "test_number": "D.1.1.11", + "category": "docker", + "type": "host", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "Ensure auditing is configured for Dockerfiles and directories - /etc/docker/daemon.json", + "remediation": "Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "tags": [ + "GDPR", + "HIPAA", + "NIST" + ], + "level": "WARN", + "message": [] + }, + { + "test_number": "D.1.2.2", + "category": "docker", + "type": "host", + "profile": "Level 1", + "scored": true, + "automated": false, + "description": "Ensure that the version of Docker is up to date - Using 20.10.11, verify is it up to date as deemed necessary", + "remediation": "You should monitor versions of Docker releases and make sure your software is updated as required.", + "tags": [], + "level": "PASS", + "message": [ + "Using 20.10.11, verify is it up to date as deemed necessary" + ] + }, + { + "test_number": "D.2.10", + "category": "docker", + "type": "host", + "profile": "Level 2", + "scored": true, + "automated": false, + "description": "Ensure the default cgroup usage has been confirmed", + "remediation": "", + "tags": [], + "level": "PASS", + "message": [] + }, + { + "test_number": "K.4.1.3", + "category": "kubernetes", + "type": "worker", + "profile": "Level 1", + "scored": true, + "automated": false, + "description": "Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive", + "remediation": "Run the below command (based on the file location on your system) on the each worker node. For example, chmod 644 \u003cproxy kubeconfig file", + "tags": [ + "GDPR", + "HIPAA", + "NIST", + "PCI" + ], + "level": "PASS", + "message": [] + }, + { + "test_number": "K.4.1.8", + "category": "kubernetes", + "type": "worker", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "Ensure that the client certificate authorities file ownership is set to root:root - client-ca-file: /etc/kubernetes/ssl/kube-ca.pem", + "remediation": "Run the following command to modify the ownership of the --client-ca-file. chown root:root \u003cfilename\u003e", + "tags": [ + "GDPR", + "HIPAA", + "NIST", + "PCI" + ], + "level": "PASS", + "message": [ + "client-ca-file: /etc/kubernetes/ssl/kube-ca.pem" + ] + } + ] +} diff --git a/unittests/scans/neuvector_compliance/no_vuln.json b/unittests/scans/neuvector_compliance/no_vuln.json new file mode 100644 index 00000000000..8b857b9768c --- /dev/null +++ b/unittests/scans/neuvector_compliance/no_vuln.json @@ -0,0 +1,7 @@ +{ + "run_timestamp": 1663583567, + "run_at": "2022-09-19T10:32:47Z", + "kubernetes_cis_version": "1.6.0", + "docker_cis_version": "1.2.0", + "items": [] +} diff --git a/unittests/scans/neuvector_compliance/one_vuln.json b/unittests/scans/neuvector_compliance/one_vuln.json new file mode 100644 index 00000000000..04b765a65ad --- /dev/null +++ b/unittests/scans/neuvector_compliance/one_vuln.json @@ -0,0 +1,25 @@ +{ + "run_timestamp": 1663583567, + "run_at": "2022-09-19T10:32:47Z", + "kubernetes_cis_version": "1.6.0", + "docker_cis_version": "1.2.0", + "items": [ + { + "test_number": "D.1.1.11", + "category": "docker", + "type": "host", + "profile": "Level 1", + "scored": true, + "automated": true, + "description": "Ensure auditing is configured for Dockerfiles and directories - /etc/docker/daemon.json", + "remediation": "Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", + "tags": [ + "GDPR", + "HIPAA", + "NIST" + ], + "level": "WARN", + "message": [] + } + ] +} diff --git a/unittests/scans/nexpose/dns.xml b/unittests/scans/nexpose/dns.xml index 4ee9b3103bc..a682b00f475 100644 --- a/unittests/scans/nexpose/dns.xml +++ b/unittests/scans/nexpose/dns.xml @@ -31,7 +31,7 @@ @@ -56,7 +56,7 @@ diff --git a/unittests/scans/nikto/issue_9274.json b/unittests/scans/nikto/issue_9274.json new file mode 100644 index 00000000000..fa014208196 --- /dev/null +++ b/unittests/scans/nikto/issue_9274.json @@ -0,0 +1,62 @@ +[ + { + "host": "example.com", + "ip": "203.0.113.37", + "port": "443", + "banner": "", + "vulnerabilities": [ + { + "id": "999986", + "method": "GET", + "url": "/", + "msg": "Retrieved via header: 1.1 google." + }, + { + "id": "999978", + "references": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "method": "GET", + "url": "/", + "msg": "/:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead." + }, + { + "id": "999103", + "references": "https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/", + "method": "GET", + "url": "/robots.txt", + "msg": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type." + }, + { + "id": "999996", + "references": "https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt", + "method": "GET", + "url": "/robots.txt", + "msg": "contains 1 entry which should be manually viewed." + }, + { + "id": "999962", + "method": "GET", + "url": "/images/8f7c0a6.ico", + "msg": ": Server banner changed from 'nginx' to 'ghs'." + }, + { + "id": "999966", + "references": "http://breachattack.com/", + "method": "GET", + "url": "/", + "msg": "The Content-Encoding header is set to \\\"deflate\\\" which may mean that the server is vulnerable to the BREACH attack." + }, + { + "id": "999100", + "method": "GET", + "url": "/", + "msg": "Uncommon header 'x-google-gfe-load-report' found, with contents: utilization_percent: 51.177505 queries_per_second: 20382 errors_per_second: 0." + }, + { + "id": "999100", + "method": "GET", + "url": "/", + "msg": "Uncommon header 'x-google-gfe-backend-request-cost' found, with contents: 51.177506531784765." + } + ] + } + ] \ No newline at end of file diff --git a/unittests/scans/nmap_scanme.json b/unittests/scans/nmap_scanme.json deleted file mode 100644 index ca05d80a821..00000000000 --- a/unittests/scans/nmap_scanme.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "scan": { - "algorithm_version": 2, - "end_time": "Tue, 04 May 2021 09:07:02 GMT", - "grade": "F", - "hidden": false, - "likelihood_indicator": "MEDIUM", - "response_headers": { - "Accept-Ranges": "bytes", - "Connection": "Keep-Alive", - "Content-Type": "text/html; charset=utf-8", - "Date": "Tue, 04 May 2021 09:07:01 GMT", - "Keep-Alive": "timeout=5, max=100", - "Server": "Apache/2.4.6 (CentOS)", - "Strict-Transport-Security": "max-age=31536000; preload", - "Transfer-Encoding": "chunked" - }, - "scan_id": 18995270, - "score": 0, - "start_time": "Tue, 04 May 2021 09:07:00 GMT", - "state": "FINISHED", - "status_code": 200, - "tests_failed": 7, - "tests_passed": 5, - "tests_quantity": 12 - }, - "tests": { - "content-security-policy": { - "expectation": "csp-implemented-with-no-unsafe", - "name": "content-security-policy", - "output": { - "data": null, - "http": false, - "meta": false, - "policy": null - }, - "pass": false, - "result": "csp-not-implemented", - "score_description": "Content Security Policy (CSP) header not implemented", - "score_modifier": -25 - }, - "contribute": { - "expectation": "contribute-json-only-required-on-mozilla-properties", - "name": "contribute", - "output": { - "data": null - }, - "pass": true, - "result": "contribute-json-only-required-on-mozilla-properties", - "score_description": "Contribute.json isn't required on websites that don't belong to Mozilla", - "score_modifier": 0 - }, - "cookies": { - "expectation": "cookies-secure-with-httponly-sessions", - "name": "cookies", - "output": { - "data": null, - "sameSite": null - }, - "pass": true, - "result": "cookies-not-found", - "score_description": "No cookies detected", - "score_modifier": 0 - }, - "cross-origin-resource-sharing": { - "expectation": "cross-origin-resource-sharing-not-implemented", - "name": "cross-origin-resource-sharing", - "output": { - "data": { - "acao": null, - "clientaccesspolicy": null, - "crossdomain": null - } - }, - "pass": true, - "result": "cross-origin-resource-sharing-not-implemented", - "score_description": "Content is not visible via cross-origin resource sharing (CORS) files or headers", - "score_modifier": 0 - }, - "public-key-pinning": { - "expectation": "hpkp-not-implemented", - "name": "public-key-pinning", - "output": { - "data": null, - "includeSubDomains": false, - "max-age": null, - "numPins": null, - "preloaded": false - }, - "pass": true, - "result": "hpkp-invalid-cert", - "score_description": "HTTP Public Key Pinning (HPKP) header cannot be set, as site contains an invalid certificate chain", - "score_modifier": 0 - }, - "redirection": { - "expectation": "redirection-to-https", - "name": "redirection", - "output": { - "destination": "https://nmap.org/", - "redirects": true, - "route": [ - "http://nmap-scanme.nmap.org/", - "https://nmap.org/" - ], - "status_code": 301 - }, - "pass": false, - "result": "redirection-off-host-from-http", - "score_description": "Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS", - "score_modifier": -5 - }, - "referrer-policy": { - "expectation": "referrer-policy-private", - "name": "referrer-policy", - "output": { - "data": null, - "http": false, - "meta": false - }, - "pass": true, - "result": "referrer-policy-not-implemented", - "score_description": "Referrer-Policy header not implemented", - "score_modifier": 0 - }, - "strict-transport-security": { - "expectation": "hsts-implemented-max-age-at-least-six-months", - "name": "strict-transport-security", - "output": { - "data": null, - "includeSubDomains": false, - "max-age": null, - "preload": false, - "preloaded": false - }, - "pass": false, - "result": "hsts-invalid-cert", - "score_description": "HTTP Strict Transport Security (HSTS) header cannot be set, as site contains an invalid certificate chain", - "score_modifier": -20 - }, - "subresource-integrity": { - "expectation": "sri-implemented-and-external-scripts-loaded-securely", - "name": "subresource-integrity", - "output": { - "data": { - "//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js": { - "crossorigin": null, - "integrity": null - } - } - }, - "pass": false, - "result": "sri-not-implemented-and-external-scripts-not-loaded-securely", - "score_description": "Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src=\"//...\"", - "score_modifier": -50 - }, - "x-content-type-options": { - "expectation": "x-content-type-options-nosniff", - "name": "x-content-type-options", - "output": { - "data": null - }, - "pass": false, - "result": "x-content-type-options-not-implemented", - "score_description": "X-Content-Type-Options header not implemented", - "score_modifier": -5 - }, - "x-frame-options": { - "expectation": "x-frame-options-sameorigin-or-deny", - "name": "x-frame-options", - "output": { - "data": null - }, - "pass": false, - "result": "x-frame-options-not-implemented", - "score_description": "X-Frame-Options (XFO) header not implemented", - "score_modifier": -20 - }, - "x-xss-protection": { - "expectation": "x-xss-protection-1-mode-block", - "name": "x-xss-protection", - "output": { - "data": null - }, - "pass": false, - "result": "x-xss-protection-not-implemented", - "score_description": "X-XSS-Protection header not implemented", - "score_modifier": -10 - } - } -} diff --git a/unittests/scans/npm_audit/cwe_null.json b/unittests/scans/npm_audit/cwe_null.json new file mode 100644 index 00000000000..34669b728aa --- /dev/null +++ b/unittests/scans/npm_audit/cwe_null.json @@ -0,0 +1,81 @@ +{ + "actions": [ + { + "action": "install", + "module": "mocha-jenkins-reporter", + "target": "0.3.12", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "mocha-jenkins-reporter>mocha>debug", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 146, + "path": "mocha-jenkins-reporter>mocha>growl", + "dev": true, + "optional": false, + "bundled": false + } + ] + } + ], + "advisories": { + "146": { + "findings": [ + { + "version": "1.9.2", + "paths": ["mocha-jenkins-reporter>mocha>growl"], + "dev": true, + "optional": false, + "bundled": false + } + ], + "id": 146, + "created": "2016-09-06T12:49:40.000Z", + "updated": "2018-03-02T21:07:28.071Z", + "deleted": null, + "title": "Command Injection", + "found_by": { + "name": "Cristian-Alexandru Staicu" + }, + "reported_by": { + "name": "Cristian-Alexandru Staicu" + }, + "module_name": "growl", + "cves": ["CVE-2017-16042"], + "vulnerable_versions": "<1.10.2", + "patched_versions": ">=1.10.2", + "overview": "Affected versions of `growl` do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.", + "recommendation": "Update to version 1.10.2 or later.", + "references": "[Issue #60](https://github.com/tj/node-growl/issues/60)\n[PR #61](https://github.com/tj/node-growl/pull/61)", + "access": "public", + "severity": "critical", + "cwe": null, + "metadata": { + "module_type": "CLI.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://www.npmjs.com/advisories/146" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 0, + "moderate": 0, + "high": 0, + "critical": 1 + }, + "dependencies": 0, + "devDependencies": 43, + "optionalDependencies": 0, + "totalDependencies": 43 + }, + "runId": "ab9f276f-15b6-4034-a7a2-f0af6d4420f3" +} diff --git a/unittests/scans/npm_audit_sample/empty_with_error.json b/unittests/scans/npm_audit/empty_with_error.json similarity index 100% rename from unittests/scans/npm_audit_sample/empty_with_error.json rename to unittests/scans/npm_audit/empty_with_error.json diff --git a/unittests/scans/npm_audit/issue_7897.json b/unittests/scans/npm_audit/issue_7897.json new file mode 100644 index 00000000000..86fc1577abb --- /dev/null +++ b/unittests/scans/npm_audit/issue_7897.json @@ -0,0 +1,385 @@ +{ + "actions": [ + { + "action": "install", + "module": "express", + "target": "4.16.3", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "express>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>finalhandler>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>send>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>serve-static>send>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 106, + "path": "express>accepts>negotiator", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>send>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>serve-static>send>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 535, + "path": "express>send>mime", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 535, + "path": "express>serve-static>send>mime", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "serve-favicon", + "target": "2.5.0", + "isMajor": false, + "resolves": [ + { + "id": 526, + "path": "serve-favicon>fresh", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "pg-promise", + "target": "8.4.5", + "isMajor": true, + "resolves": [ + { + "id": 521, + "path": "pg-promise>pg", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "body-parser", + "target": "1.18.3", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "body-parser>debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "debug", + "target": "3.1.0", + "isMajor": true, + "resolves": [ + { + "id": 534, + "path": "debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "morgan", + "target": "1.9.0", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "morgan>debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + } + ], + "advisories": { + "106": { + "findings": [ + { + "version": "0.5.3", + "paths": [], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 106, + "created": "2016-05-04T16:34:12.000Z", + "updated": "2018-04-17T12:58:40.142Z", + "deleted": null, + "title": "Regular Expression Denial of Service", + "found_by": { + "name": "Adam Baldwin" + }, + "reported_by": { + "name": "Adam Baldwin" + }, + "module_name": "negotiator", + "cves": [ + "CVE-2016-10539" + ], + "vulnerable_versions": "<= 0.6.0", + "patched_versions": ">= 0.6.1", + "overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n", + "recommendation": "Update to version 0.6.1 or later.", + "references": "", + "access": "public", + "severity": "high", + "cwe": "CWE-400", + "metadata": { + "module_type": "Network.Library", + "exploitability": 6, + "affected_components": "Internal::Code::Function::acceptsLanguages()" + }, + "url": "https://nodesecurity.io/advisories/106" + }, + "107": { + "findings": [ + { + "version": "0.5.3", + "paths": [ + "express>accepts>negotiator" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 107, + "created": "2016-05-04T16:34:12.000Z", + "updated": "2018-04-17T12:58:40.142Z", + "deleted": null, + "title": "2222Regular Expression Denial of Service", + "found_by": { + "name": "Adam Baldwin" + }, + "reported_by": { + "name": "Adam Baldwin" + }, + "module_name": "negotiator", + "cves": [ + "CVE-2019-10321" + ], + "vulnerable_versions": "<= 0.6.0", + "patched_versions": ">= 0.6.1", + "overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n", + "recommendation": "Update to version 0.6.1 or later.", + "references": "", + "access": "public", + "severity": "high", + "cwe": "CWE-300", + "metadata": { + "module_type": "Network.Library", + "exploitability": 6, + "affected_components": "Internal::Code::Function::acceptsLanguages()" + }, + "url": "https://nodesecurity.io/advisories/107" + }, + "521": { + "findings": [ + { + "version": "5.1.0", + "paths": [ + "pg-promise>pg" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 521, + "created": "2017-08-13T04:26:17.960Z", + "updated": "2018-04-08T22:40:41.503Z", + "deleted": null, + "title": "Remote Code Execution", + "found_by": { + "name": "Sehrope Sarkuni" + }, + "reported_by": { + "name": "Sehrope Sarkuni" + }, + "module_name": "pg", + "cves": [ + "CVE-2017-16082" + ], + "vulnerable_versions": "< 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2", + "patched_versions": ">= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2", + "overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```", + "recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )", + "references": "[Node Postgres: Code Execution Vulnerability Announcement](https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability)", + "access": "public", + "severity": "high", + "cwe": "CWE-94", + "metadata": { + "module_type": "Network.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/521" + }, + "526": { + "findings": [ + { + "version": "0.3.0", + "paths": [ + "express>fresh", + "express>send>fresh", + "express>serve-static>send>fresh", + "serve-favicon>fresh" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 526, + "created": "2017-09-08T20:23:54.164Z", + "updated": "2018-04-09T00:15:21.807Z", + "deleted": null, + "title": "Regular Expression Denial of Service", + "found_by": { + "name": "Cristian-Alexandru Staicu" + }, + "reported_by": { + "name": "Cristian-Alexandru Staicu" + }, + "module_name": "fresh", + "cves": [ + "CVE-2017-16119" + ], + "vulnerable_versions": "< 0.5.2", + "patched_versions": ">= 0.5.2", + "overview": "Affected versions of `fresh` are vulnerable to regular expression denial of service when parsing specially crafted user input.", + "recommendation": "Update to version 0.5.2 or later.", + "references": "", + "access": "public", + "severity": "high", + "cwe": "CWE-400", + "metadata": { + "module_type": "Multi.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/526" + }, + "522": { + "findings": [ + { + "version": "5.1.0", + "paths": [ + "pg-promise>pg" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 522, + "created": "2017-08-13T04:26:17.960Z", + "updated": "2018-04-08T22:40:41.503Z", + "deleted": null, + "title": "2222Remote Code Execution", + "found_by": { + "name": "Sehrope Sarkuni" + }, + "reported_by": { + "name": "Sehrope Sarkuni" + }, + "module_name": "pg", + "cves": [ + "CVE-2019-16082" + ], + "vulnerable_versions": "< 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2", + "patched_versions": ">= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2", + "overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```", + "recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )", + "references": "[Node Postgres: Code Execution Vulnerability Announcement](https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability)", + "access": "public", + "severity": "high", + "cwe": "CWE-94", + "metadata": { + "module_type": "Network.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/522" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 7, + "moderate": 2, + "high": 6, + "critical": 0 + }, + "dependencies": 159, + "devDependencies": 0, + "optionalDependencies": 0, + "totalDependencies": 159 + }, + "runId": "849ed1f1-5dd8-4fda-872a-05cd46957c82" +} \ No newline at end of file diff --git a/unittests/scans/npm_audit_sample/many_vuln.json b/unittests/scans/npm_audit/many_vuln.json similarity index 100% rename from unittests/scans/npm_audit_sample/many_vuln.json rename to unittests/scans/npm_audit/many_vuln.json diff --git a/unittests/scans/npm_audit_sample/many_vuln_npm7.json b/unittests/scans/npm_audit/many_vuln_npm7.json similarity index 100% rename from unittests/scans/npm_audit_sample/many_vuln_npm7.json rename to unittests/scans/npm_audit/many_vuln_npm7.json diff --git a/unittests/scans/npm_audit_sample/many_vuln_with_groups.json b/unittests/scans/npm_audit/many_vuln_with_groups.json similarity index 100% rename from unittests/scans/npm_audit_sample/many_vuln_with_groups.json rename to unittests/scans/npm_audit/many_vuln_with_groups.json diff --git a/unittests/scans/npm_audit/multiple_cwes.json b/unittests/scans/npm_audit/multiple_cwes.json new file mode 100644 index 00000000000..d1e05975137 --- /dev/null +++ b/unittests/scans/npm_audit/multiple_cwes.json @@ -0,0 +1,2221 @@ +{ + "actions": [ + { + "isMajor": true, + "action": "install", + "resolves": [ + { + "id": 1059337, + "path": "@angular-devkit/build-angular>webpack-dev-server>ansi-html", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059356, + "path": "@angular-devkit/build-angular>postcss", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059413, + "path": "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059432, + "path": "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059434, + "path": "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059599, + "path": "@angular-devkit/build-angular>webpack-dev-server>yargs>cliui>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059599, + "path": "@angular-devkit/build-angular>webpack-dev-server>yargs>cliui>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059698, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059701, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059704, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059733, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059737, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059799, + "path": "@angular-devkit/build-angular>postcss", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059828, + "path": "@angular-devkit/build-angular>copy-webpack-plugin>glob-parent", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059828, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>glob-parent", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059828, + "path": "@angular-devkit/build-angular>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent", + "dev": true, + "optional": true, + "bundled": false + }, + { + "id": 1059870, + "path": "@angular-devkit/build-angular>browserslist", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059915, + "path": "@angular-devkit/build-angular>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059915, + "path": "@angular-devkit/build-angular>@angular-devkit/core>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059915, + "path": "@angular-devkit/build-angular>@angular-devkit/architect>@angular-devkit/core>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059915, + "path": "@angular-devkit/build-angular>@angular-devkit/build-webpack>@angular-devkit/architect>@angular-devkit/core>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059915, + "path": "@angular-devkit/build-angular>istanbul-instrumenter-loader>schema-utils>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060025, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060267, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>rc>ini", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1060279, + "path": "@angular-devkit/build-angular>webpack-dev-server>yargs>yargs-parser", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060396, + "path": "@angular-devkit/build-angular>tree-kill", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060396, + "path": "@angular-devkit/build-angular>@ngtools/webpack>tree-kill", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061294, + "path": "@angular-devkit/build-angular>copy-webpack-plugin>serialize-javascript", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061404, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>rc>minimist", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061405, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>mkdirp>minimist", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061405, + "path": "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar>mkdirp>minimist", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061457, + "path": "@angular-devkit/build-angular>copy-webpack-plugin>serialize-javascript", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "@angular-devkit/build-angular", + "target": "13.2.6" + }, + { + "isMajor": true, + "action": "install", + "resolves": [ + { + "id": 1059382, + "path": "karma", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059406, + "path": "karma>log4js", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059778, + "path": "karma>socket.io>socket.io-parser", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059778, + "path": "karma>socket.io>socket.io-client>socket.io-parser", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059871, + "path": "karma>socket.io>socket.io-client>engine.io-client>xmlhttprequest-ssl", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059976, + "path": "karma>socket.io>socket.io-client>engine.io-client>xmlhttprequest-ssl", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060087, + "path": "karma>socket.io>engine.io", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060234, + "path": "karma>socket.io", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061405, + "path": "karma>optimist>minimist", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061952, + "path": "karma", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "karma", + "target": "6.3.17" + }, + { + "isMajor": true, + "action": "install", + "resolves": [ + { + "id": 1059599, + "path": "@angular/cli>inquirer>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059599, + "path": "@angular/cli>inquirer>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060267, + "path": "@angular/cli>ini", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1060267, + "path": "@angular/cli>@schematics/update>ini", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061322, + "path": "@angular/cli>pacote>npm-registry-fetch", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1061322, + "path": "@angular/cli>@schematics/update>pacote>npm-registry-fetch", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "@angular/cli", + "target": "13.2.6" + }, + { + "isMajor": true, + "action": "install", + "resolves": [ + { + "id": 1059599, + "path": "@angular/compiler-cli>yargs>cliui>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059599, + "path": "@angular/compiler-cli>yargs>cliui>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059599, + "path": "@angular/compiler-cli>yargs>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059698, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059701, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059704, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059733, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1059737, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1060267, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>rc>ini", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061404, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>rc>minimist", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061405, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>mkdirp>minimist", + "dev": true, + "optional": true, + "bundled": true + }, + { + "id": 1061405, + "path": "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar>mkdirp>minimist", + "dev": true, + "optional": true, + "bundled": true + } + ], + "module": "@angular/compiler-cli", + "target": "13.2.6" + }, + { + "action": "update", + "resolves": [ + { + "id": 1059351, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059351, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059355, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059355, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059360, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059360, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059365, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059365, + "path": "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "url-parse", + "target": "1.5.10", + "depth": 6 + }, + { + "action": "update", + "resolves": [ + { + "id": 1059367, + "path": "karma>http-proxy>follow-redirects", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059367, + "path": "@angular-devkit/build-angular>webpack-dev-server>http-proxy-middleware>http-proxy>follow-redirects", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059420, + "path": "karma>http-proxy>follow-redirects", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059420, + "path": "@angular-devkit/build-angular>webpack-dev-server>http-proxy-middleware>http-proxy>follow-redirects", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "follow-redirects", + "target": "1.14.9", + "depth": 5 + }, + { + "action": "update", + "resolves": [ + { + "id": 1059404, + "path": "@angular/compiler-cli>shelljs", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1059412, + "path": "@angular/compiler-cli>shelljs", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "shelljs", + "target": "0.8.5", + "depth": 2 + }, + { + "action": "update", + "resolves": [ + { + "id": 1059486, + "path": "@angular-devkit/build-angular>less>request>http-signature>jsprim>json-schema", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "jsprim", + "target": "1.4.2", + "depth": 5 + } + ], + "advisories": { + "1059337": { + "findings": [ + { + "version": "0.0.7", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>ansi-html" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.0.8", + "module_name": "ansi-html", + "severity": "high", + "github_advisory_id": "GHSA-whgm-jr23-g3j9", + "cves": [ + "CVE-2021-23424" + ], + "access": "public", + "patched_versions": ">=0.0.8", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2022-03-08T22:23:35.000Z", + "recommendation": "Upgrade to version 0.0.8 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059337, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23424\n- https://github.com/Tjatse/ansi-html/issues/19\n- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849\n- https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69\n- https://github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63\n- https://github.com/advisories/GHSA-whgm-jr23-g3j9", + "created": "2022-03-09T20:00:43.984Z", + "reported_by": null, + "title": "Uncontrolled Resource Consumption in ansi-html", + "npm_advisory_id": null, + "overview": "This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.", + "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9" + }, + "1059351": { + "findings": [ + { + "version": "1.5.3", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.5.9", + "module_name": "url-parse", + "severity": "moderate", + "github_advisory_id": "GHSA-jf5r-8hm2-f872", + "cves": [ + "CVE-2022-0691" + ], + "access": "public", + "patched_versions": ">=1.5.9", + "cvss": { + "score": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + "updated": "2022-03-01T19:05:21.000Z", + "recommendation": "Upgrade to version 1.5.9 or later", + "cwe": "[\"CWE-639\"]", + "found_by": null, + "deleted": null, + "id": 1059351, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0691\n- https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63\n- https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4\n- https://github.com/advisories/GHSA-jf5r-8hm2-f872", + "created": "2022-03-09T20:00:43.986Z", + "reported_by": null, + "title": "Authorization Bypass Through User-Controlled Key in url-parse", + "npm_advisory_id": null, + "overview": "url-parse prior to 1.5.9 is vulnerable to authorization bypass by adding a backspace character to the input.", + "url": "https://github.com/advisories/GHSA-jf5r-8hm2-f872" + }, + "1059355": { + "findings": [ + { + "version": "1.5.3", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.5.8", + "module_name": "url-parse", + "severity": "critical", + "github_advisory_id": "GHSA-hgjh-723h-mx2j", + "cves": [ + "CVE-2022-0686" + ], + "access": "public", + "patched_versions": ">=1.5.8", + "cvss": { + "score": 9.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + "updated": "2022-02-23T21:26:49.000Z", + "recommendation": "Upgrade to version 1.5.8 or later", + "cwe": "[\"CWE-639\"]", + "found_by": null, + "deleted": null, + "id": 1059355, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0686\n- https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5\n- https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c\n- https://github.com/advisories/GHSA-hgjh-723h-mx2j", + "created": "2022-03-09T20:00:43.986Z", + "reported_by": null, + "title": "Authorization Bypass Through User-Controlled Key in url-parse", + "npm_advisory_id": null, + "overview": "url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key.", + "url": "https://github.com/advisories/GHSA-hgjh-723h-mx2j" + }, + "1059356": { + "findings": [ + { + "version": "7.0.17", + "paths": [ + "@angular-devkit/build-angular>postcss" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<7.0.36", + "module_name": "postcss", + "severity": "moderate", + "github_advisory_id": "GHSA-566m-qj78-rww5", + "cves": [ + "CVE-2021-23382" + ], + "access": "public", + "patched_versions": ">=7.0.36", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2022-02-23T20:31:16.000Z", + "recommendation": "Upgrade to version 7.0.36 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059356, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23382\n- https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641\n- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640\n- https://github.com/postcss/postcss/releases/tag/7.0.36\n- https://github.com/advisories/GHSA-566m-qj78-rww5", + "created": "2022-03-09T20:00:43.987Z", + "reported_by": null, + "title": "Regular Expression Denial of Service in postcss", + "npm_advisory_id": null, + "overview": "The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).", + "url": "https://github.com/advisories/GHSA-566m-qj78-rww5" + }, + "1059360": { + "findings": [ + { + "version": "1.5.3", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.5.7", + "module_name": "url-parse", + "severity": "moderate", + "github_advisory_id": "GHSA-8v38-pw62-9cw2", + "cves": [ + "CVE-2022-0639" + ], + "access": "public", + "patched_versions": ">=1.5.7", + "cvss": { + "score": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + "updated": "2022-02-22T18:08:06.000Z", + "recommendation": "Upgrade to version 1.5.7 or later", + "cwe": "[\"CWE-639\"]", + "found_by": null, + "deleted": null, + "id": 1059360, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0639\n- https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788\n- https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155\n- https://github.com/advisories/GHSA-8v38-pw62-9cw2", + "created": "2022-03-09T20:00:43.987Z", + "reported_by": null, + "title": "Authorization Bypass Through User-Controlled Key in url-parse", + "npm_advisory_id": null, + "overview": "url-parse prior to version 1.5.7 is vulnerable to Authorization Bypass Through User-Controlled Key. Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation.", + "url": "https://github.com/advisories/GHSA-8v38-pw62-9cw2" + }, + "1059365": { + "findings": [ + { + "version": "1.5.3", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>url-parse", + "@angular-devkit/build-angular>webpack-dev-server>sockjs-client>eventsource>original>url-parse" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.5.6", + "module_name": "url-parse", + "severity": "moderate", + "github_advisory_id": "GHSA-rqff-837h-mm52", + "cves": [ + "CVE-2022-0512" + ], + "access": "public", + "patched_versions": ">=1.5.6", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "updated": "2022-02-16T22:37:40.000Z", + "recommendation": "Upgrade to version 1.5.6 or later", + "cwe": "[\"CWE-639\"]", + "found_by": null, + "deleted": null, + "id": 1059365, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0512\n- https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40\n- https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b\n- https://github.com/advisories/GHSA-rqff-837h-mm52", + "created": "2022-03-09T20:00:43.988Z", + "reported_by": null, + "title": "Authorization bypass in url-parse", + "npm_advisory_id": null, + "overview": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.", + "url": "https://github.com/advisories/GHSA-rqff-837h-mm52" + }, + "1059367": { + "findings": [ + { + "version": "1.7.0", + "paths": [ + "karma>http-proxy>follow-redirects", + "@angular-devkit/build-angular>webpack-dev-server>http-proxy-middleware>http-proxy>follow-redirects" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.14.8", + "module_name": "follow-redirects", + "severity": "moderate", + "github_advisory_id": "GHSA-pw2r-vq6v-hr8c", + "cves": [ + "CVE-2022-0536" + ], + "access": "public", + "patched_versions": ">=1.14.8", + "cvss": { + "score": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "updated": "2022-02-11T21:18:03.000Z", + "recommendation": "Upgrade to version 1.14.8 or later", + "cwe": "[\"CWE-200\"]", + "found_by": null, + "deleted": null, + "id": 1059367, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0536\n- https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445\n- https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db\n- https://github.com/advisories/GHSA-pw2r-vq6v-hr8c", + "created": "2022-03-09T20:00:43.988Z", + "reported_by": null, + "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects", + "npm_advisory_id": null, + "overview": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.", + "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c" + }, + "1059382": { + "findings": [ + { + "version": "4.2.0", + "paths": [ + "karma" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<6.3.14", + "module_name": "karma", + "severity": "moderate", + "github_advisory_id": "GHSA-7x7c-qm48-pq9c", + "cves": [ + "CVE-2022-0437" + ], + "access": "public", + "patched_versions": ">=6.3.14", + "cvss": { + "score": 6.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + "updated": "2022-02-07T21:57:21.000Z", + "recommendation": "Upgrade to version 6.3.14 or later", + "cwe": "[\"CWE-79\"]", + "found_by": null, + "deleted": null, + "id": 1059382, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0437\n- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a\n- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885\n- https://github.com/karma-runner/karma/releases/tag/v6.3.14\n- https://github.com/advisories/GHSA-7x7c-qm48-pq9c", + "created": "2022-03-09T20:00:43.990Z", + "reported_by": null, + "title": "Cross-site Scripting in karma", + "npm_advisory_id": null, + "overview": "karma prior to version 6.3.14 contains a cross-site scripting vulnerability.", + "url": "https://github.com/advisories/GHSA-7x7c-qm48-pq9c" + }, + "1059404": { + "findings": [ + { + "version": "0.8.3", + "paths": [ + "@angular/compiler-cli>shelljs" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.8.5", + "module_name": "shelljs", + "severity": "high", + "github_advisory_id": "GHSA-4rq4-32rv-6wp6", + "cves": [ + "CVE-2022-0144" + ], + "access": "public", + "patched_versions": ">=0.8.5", + "cvss": { + "score": 7.1, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + }, + "updated": "2022-01-21T21:05:53.000Z", + "recommendation": "Upgrade to version 0.8.5 or later", + "cwe": "[\"CWE-269\"]", + "found_by": null, + "deleted": null, + "id": 1059404, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0144\n- https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c\n- https://github.com/advisories/GHSA-4rq4-32rv-6wp6", + "created": "2022-03-09T20:00:43.993Z", + "reported_by": null, + "title": "Improper Privilege Management in shelljs", + "npm_advisory_id": null, + "overview": "shelljs is vulnerable to Improper Privilege Management", + "url": "https://github.com/advisories/GHSA-4rq4-32rv-6wp6" + }, + "1059406": { + "findings": [ + { + "version": "4.5.1", + "paths": [ + "karma>log4js" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<6.4.0", + "module_name": "log4js", + "severity": "moderate", + "github_advisory_id": "GHSA-82v2-mx6x-wq7q", + "cves": [ + "CVE-2022-21704" + ], + "access": "public", + "patched_versions": ">=6.4.0", + "cvss": { + "score": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + }, + "updated": "2022-01-19T22:47:15.000Z", + "recommendation": "Upgrade to version 6.4.0 or later", + "cwe": "[\"CWE-276\"]", + "found_by": null, + "deleted": null, + "id": 1059406, + "references": "- https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q\n- https://github.com/log4js-node/log4js-node/pull/1141/commits/8042252861a1b65adb66931fdf702ead34fa9b76\n- https://github.com/log4js-node/streamroller/pull/87\n- https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21704\n- https://github.com/advisories/GHSA-82v2-mx6x-wq7q", + "created": "2022-03-09T20:00:43.993Z", + "reported_by": null, + "title": "Incorrect Default Permissions in log4js", + "npm_advisory_id": null, + "overview": "### Impact\r\nDefault file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.\r\n\r\n### Patches\r\nFixed by:\r\n* https://github.com/log4js-node/log4js-node/pull/1141\r\n* https://github.com/log4js-node/streamroller/pull/87\r\n\r\nReleased to NPM in log4js@6.4.0\r\n\r\n### Workarounds\r\nEvery version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details.\r\n\r\n### References\r\n\r\nThanks to [ranjit-git](https://www.huntr.dev/users/ranjit-git) for raising the issue, and to @peteriman for fixing the problem.\r\n\r\n### For more information\r\nIf you have any questions or comments about this advisory:\r\n* Open an issue in [logj4s-node](https://github.com/log4js-node/log4js-node)\r\n* Ask a question in the [slack channel](https://join.slack.com/t/log4js-node/shared_invite/enQtODkzMDQ3MzExMDczLWUzZmY0MmI0YWI1ZjFhODY0YjI0YmU1N2U5ZTRkOTYyYzg3MjY5NWI4M2FjZThjYjdiOGM0NjU2NzBmYTJjOGI)\r\n* Email us at [gareth.nomiddlename@gmail.com](mailto:gareth.nomiddlename@gmail.com)\r\n", + "url": "https://github.com/advisories/GHSA-82v2-mx6x-wq7q" + }, + "1059412": { + "findings": [ + { + "version": "0.8.3", + "paths": [ + "@angular/compiler-cli>shelljs" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.8.5", + "module_name": "shelljs", + "severity": "moderate", + "github_advisory_id": "GHSA-64g7-mvw6-v9qj", + "cves": [], + "access": "public", + "patched_versions": ">=0.8.5", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2022-01-14T20:50:59.000Z", + "recommendation": "Upgrade to version 0.8.5 or later", + "cwe": "[\"CWE-269\"]", + "found_by": null, + "deleted": null, + "id": 1059412, + "references": "- https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj\n- https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n- https://github.com/advisories/GHSA-64g7-mvw6-v9qj", + "created": "2022-03-09T20:00:43.994Z", + "reported_by": null, + "title": "Improper Privilege Management in shelljs", + "npm_advisory_id": null, + "overview": "### Impact\nOutput from the synchronous version of `shell.exec()` may be visible to other users on the same system. You may be affected if you execute `shell.exec()` in multi-user Mac, Linux, or WSL environments, or if you execute `shell.exec()` as the root user.\n\nOther shelljs functions (including the asynchronous version of `shell.exec()`) are not impacted.\n\n### Patches\nPatched in shelljs 0.8.5\n\n### Workarounds\nRecommended action is to upgrade to 0.8.5.\n\n### References\nhttps://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Ask at https://github.com/shelljs/shelljs/issues/1058\n* Open an issue at https://github.com/shelljs/shelljs/issues/new\n", + "url": "https://github.com/advisories/GHSA-64g7-mvw6-v9qj" + }, + "1059413": { + "findings": [ + { + "version": "0.10.0", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.0.0", + "module_name": "node-forge", + "severity": "moderate", + "github_advisory_id": "GHSA-8fr3-hfg3-gpgp", + "cves": [ + "CVE-2022-0122" + ], + "access": "public", + "patched_versions": ">=1.0.0", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2022-01-13T18:50:00.000Z", + "recommendation": "Upgrade to version 1.0.0 or later", + "cwe": "[\"CWE-601\"]", + "found_by": null, + "deleted": null, + "id": 1059413, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0122\n- https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e\n- https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae\n- https://github.com/advisories/GHSA-8fr3-hfg3-gpgp", + "created": "2022-03-09T20:00:43.994Z", + "reported_by": null, + "title": "Open Redirect in node-forge", + "npm_advisory_id": null, + "overview": "parseUrl functionality in node-forge mishandles certain uses of backslash such as https:/\\/\\/\\ and interprets the URI as a relative path. ", + "url": "https://github.com/advisories/GHSA-8fr3-hfg3-gpgp" + }, + "1059420": { + "findings": [ + { + "version": "1.7.0", + "paths": [ + "karma>http-proxy>follow-redirects", + "@angular-devkit/build-angular>webpack-dev-server>http-proxy-middleware>http-proxy>follow-redirects" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.14.7", + "module_name": "follow-redirects", + "severity": "high", + "github_advisory_id": "GHSA-74fj-2j2h-c42q", + "cves": [ + "CVE-2022-0155" + ], + "access": "public", + "patched_versions": ">=1.14.7", + "cvss": { + "score": 8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" + }, + "updated": "2022-01-11T18:41:09.000Z", + "recommendation": "Upgrade to version 1.14.7 or later", + "cwe": "[\"CWE-359\"]", + "found_by": null, + "deleted": null, + "id": 1059420, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-0155\n- https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22\n- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406\n- https://github.com/advisories/GHSA-74fj-2j2h-c42q", + "created": "2022-03-09T20:00:43.995Z", + "reported_by": null, + "title": "Exposure of sensitive information in follow-redirects", + "npm_advisory_id": null, + "overview": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", + "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q" + }, + "1059432": { + "findings": [ + { + "version": "0.10.0", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.0.0", + "module_name": "node-forge", + "severity": "low", + "github_advisory_id": "GHSA-5rrq-pxf6-6jx5", + "cves": [], + "access": "public", + "patched_versions": ">=1.0.0", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2022-01-07T22:20:53.000Z", + "recommendation": "Upgrade to version 1.0.0 or later", + "cwe": "[\"CWE-1321\"]", + "found_by": null, + "deleted": null, + "id": 1059432, + "references": "- https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5\n- https://github.com/advisories/GHSA-5rrq-pxf6-6jx5", + "created": "2022-03-09T20:00:43.997Z", + "reported_by": null, + "title": "Prototype Pollution in node-forge debug API.", + "npm_advisory_id": null, + "overview": "### Impact\nThe `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.\n\n### Patches\nThe `forge.debug` API and related functions were removed in 1.0.0.\n\n### Workarounds\nDon't use the `forge.debug` API directly or indirectly with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/1-npm-node-forge/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge).\n* Email us at support@digitalbazaar.com.", + "url": "https://github.com/advisories/GHSA-5rrq-pxf6-6jx5" + }, + "1059434": { + "findings": [ + { + "version": "0.10.0", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>selfsigned>node-forge" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.0.0", + "module_name": "node-forge", + "severity": "low", + "github_advisory_id": "GHSA-gf8q-jrpm-jvxq", + "cves": [], + "access": "public", + "patched_versions": ">=1.0.0", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2022-01-07T22:20:43.000Z", + "recommendation": "Upgrade to version 1.0.0 or later", + "cwe": "[]", + "found_by": null, + "deleted": null, + "id": 1059434, + "references": "- https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq\n- https://github.com/advisories/GHSA-gf8q-jrpm-jvxq", + "created": "2022-03-09T20:00:43.997Z", + "reported_by": null, + "title": "URL parsing in node-forge could lead to undesired behavior.", + "npm_advisory_id": null, + "overview": "### Impact\nThe regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.\n\n### Patches\n`forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.\n\n### Workarounds\nEnsure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge)\n* Email us at support@digitalbazaar.com\n", + "url": "https://github.com/advisories/GHSA-gf8q-jrpm-jvxq" + }, + "1059486": { + "findings": [ + { + "version": "0.2.3", + "paths": [ + "@angular-devkit/build-angular>less>request>http-signature>jsprim>json-schema" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.4.0", + "module_name": "json-schema", + "severity": "moderate", + "github_advisory_id": "GHSA-896r-f27r-55mw", + "cves": [ + "CVE-2021-3918" + ], + "access": "public", + "patched_versions": ">=0.4.0", + "cvss": { + "score": 9.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "updated": "2021-11-15T22:44:28.000Z", + "recommendation": "Upgrade to version 0.4.0 or later", + "cwe": "[\"CWE-915\",\"CWE-1321\"]", + "found_by": null, + "deleted": null, + "id": 1059486, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3918\n- https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741\n- https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9\n- https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a\n- https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa\n- https://github.com/advisories/GHSA-896r-f27r-55mw", + "created": "2022-03-09T20:00:44.009Z", + "reported_by": null, + "title": "json-schema is vulnerable to Prototype Pollution", + "npm_advisory_id": null, + "overview": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "url": "https://github.com/advisories/GHSA-896r-f27r-55mw" + }, + "1059599": { + "findings": [ + { + "version": "3.0.0", + "paths": [ + "@angular/cli>inquirer>string-width>strip-ansi>ansi-regex", + "@angular/compiler-cli>yargs>cliui>string-width>strip-ansi>ansi-regex", + "@angular-devkit/build-angular>webpack-dev-server>yargs>cliui>string-width>strip-ansi>ansi-regex" + ] + }, + { + "version": "3.0.0", + "paths": [ + "@angular/compiler-cli>yargs>cliui>strip-ansi>ansi-regex", + "@angular-devkit/build-angular>webpack-dev-server>yargs>cliui>strip-ansi>ansi-regex" + ] + }, + { + "version": "4.1.0", + "paths": [ + "@angular/cli>inquirer>strip-ansi>ansi-regex" + ] + }, + { + "version": "4.1.0", + "paths": [ + "@angular/compiler-cli>yargs>string-width>strip-ansi>ansi-regex" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">2.1.1 <5.0.1", + "module_name": "ansi-regex", + "severity": "moderate", + "github_advisory_id": "GHSA-93q8-gq69-wqmw", + "cves": [ + "CVE-2021-3807" + ], + "access": "public", + "patched_versions": ">=5.0.1", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2021-09-23T15:45:50.000Z", + "recommendation": "Upgrade to version 5.0.1 or later", + "cwe": "[\"CWE-918\",\"CWE-1333\"]", + "found_by": null, + "deleted": null, + "id": 1059599, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw", + "created": "2022-03-09T20:00:44.023Z", + "reported_by": null, + "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", + "npm_advisory_id": null, + "overview": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", + "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw" + }, + "1059698": { + "findings": [ + { + "version": "4.4.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar" + ] + }, + { + "version": "4.4.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.4.18", + "module_name": "tar", + "severity": "high", + "github_advisory_id": "GHSA-5955-9wpr-37jh", + "cves": [ + "CVE-2021-37713" + ], + "access": "public", + "patched_versions": ">=4.4.18", + "cvss": { + "score": 8.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "updated": "2021-08-31T16:02:33.000Z", + "recommendation": "Upgrade to version 4.4.18 or later", + "cwe": "[\"CWE-22\"]", + "found_by": null, + "deleted": null, + "id": 1059698, + "references": "- https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh\n- https://www.npmjs.com/package/tar\n- https://nvd.nist.gov/vuln/detail/CVE-2021-37713\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://github.com/advisories/GHSA-5955-9wpr-37jh", + "created": "2022-03-09T20:00:44.036Z", + "reported_by": null, + "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", + "npm_advisory_id": null, + "overview": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\nnode-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory.\n\nThis logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\\path`. If the drive letter does not match the extraction target, for example `D:\\extraction\\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory.\n\nAdditionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path.\n\nThis only affects users of `node-tar` on Windows systems.\n\n### Patches\n\n4.4.18 || 5.0.10 || 6.1.9\n\n### Workarounds\n\nThere is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does.\n\nUsers are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.\n\n### Fix\n\nThe fixed versions strip path roots from all paths prior to being resolved against the extraction target folder, even if such paths are not \"absolute\".\n\nAdditionally, a path starting with a drive letter and then two dots, like `c:../`, would bypass the check for `..` path portions. This is checked properly in the patched versions.\n\nFinally, a defense in depth check is added, such that if the `entry.absolute` is outside of the extraction taret, and we are not in preservePaths:true mode, a warning is raised on that entry, and it is skipped. Currently, it is believed that this check is redundant, but it did catch some oversights in development.\n", + "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh" + }, + "1059701": { + "findings": [ + { + "version": "4.4.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar" + ] + }, + { + "version": "4.4.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.4.18", + "module_name": "tar", + "severity": "high", + "github_advisory_id": "GHSA-qq89-hq3f-393p", + "cves": [ + "CVE-2021-37712" + ], + "access": "public", + "patched_versions": ">=4.4.18", + "cvss": { + "score": 8.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "updated": "2021-08-31T16:02:05.000Z", + "recommendation": "Upgrade to version 4.4.18 or later", + "cwe": "[\"CWE-22\",\"CWE-59\"]", + "found_by": null, + "deleted": null, + "id": 1059701, + "references": "- https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p\n- https://www.npmjs.com/package/tar\n- https://nvd.nist.gov/vuln/detail/CVE-2021-37712\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.debian.org/security/2021/dsa-5008\n- https://github.com/advisories/GHSA-qq89-hq3f-393p", + "created": "2022-03-09T20:00:44.036Z", + "reported_by": null, + "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", + "npm_advisory_id": null, + "overview": "### Impact\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\nnode-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.\n\nThis logic was insufficient when extracting tar files that contained two directories and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 \"short path\" counterparts. A specially crafted tar archive could thus include directories with two forms of the path that resolve to the same file system entity, followed by a symbolic link with a name in the first form, lastly followed by a file using the second form. It led to bypassing node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.\n\nThe v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below.\n\n### Patches\n\n6.1.9 || 5.0.10 || 4.4.18\n\n### Workarounds\n\nUsers may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.\n\n```js\nconst tar = require('tar')\n\ntar.x({\n file: 'archive.tgz',\n filter: (file, entry) => {\n if (entry.type === 'SymbolicLink') {\n return false\n } else {\n return true\n }\n }\n})\n```\n\nUsers are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves.\n\n#### Fix\n\nThe problem is addressed in the following ways, when comparing paths in the directory cache and path reservation systems:\n\n1. The `String.normalize('NFKD')` method is used to first normalize all unicode to its maximally compatible and multi-code-point form.\n2. All slashes are normalized to `/` on Windows systems (on posix systems, `\\` is a valid filename character, and thus left intact).\n3. When a symbolic link is encountered on Windows systems, the entire directory cache is cleared. Collisions related to use of 8.3 short names to replace directories with other (non-symlink) types of entries may make archives fail to extract properly, but will not result in arbitrary file writes.\n", + "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p" + }, + "1059704": { + "findings": [ + { + "version": "4.4.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar" + ] + }, + { + "version": "4.4.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.4.16", + "module_name": "tar", + "severity": "high", + "github_advisory_id": "GHSA-9r2w-394v-53qc", + "cves": [ + "CVE-2021-37701" + ], + "access": "public", + "patched_versions": ">=4.4.16", + "cvss": { + "score": 8.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "updated": "2021-08-31T16:01:51.000Z", + "recommendation": "Upgrade to version 4.4.16 or later", + "cwe": "[\"CWE-22\",\"CWE-59\"]", + "found_by": null, + "deleted": null, + "id": 1059704, + "references": "- https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc\n- https://www.npmjs.com/package/tar\n- https://nvd.nist.gov/vuln/detail/CVE-2021-37701\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.debian.org/security/2021/dsa-5008\n- https://github.com/advisories/GHSA-9r2w-394v-53qc", + "created": "2022-03-09T20:00:44.036Z", + "reported_by": null, + "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", + "npm_advisory_id": null, + "overview": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\n`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.\n\nThis logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\\` and `/` characters as path separators, however `\\` is a valid filename character on posix systems.\n\nBy first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.\n\nAdditionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. \n\nThese issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7.\n\nThe v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below.\n\n### Patches\n\n4.4.16 || 5.0.8 || 6.1.7\n\n### Workarounds\n\nUsers may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.\n\n```js\nconst tar = require('tar')\n\ntar.x({\n file: 'archive.tgz',\n filter: (file, entry) => {\n if (entry.type === 'SymbolicLink') {\n return false\n } else {\n return true\n }\n }\n})\n```\n\nUsers are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves.\n\n### Fix\n\nThe problem is addressed in the following ways:\n\n1. All paths are normalized to use `/` as a path separator, replacing `\\` with `/` on Windows systems, and leaving `\\` intact in the path on posix systems. This is performed in depth, at every level of the program where paths are consumed.\n2. Directory cache pruning is performed case-insensitively. This _may_ result in undue cache misses on case-sensitive file systems, but the performance impact is negligible.\n\n#### Caveat\n\nNote that this means that the `entry` objects exposed in various parts of tar's API will now always use `/` as a path separator, even on Windows systems. This is not expected to cause problems, as `/` is a valid path separator on Windows systems, but _may_ result in issues if `entry.path` is compared against a path string coming from some other API such as `fs.realpath()` or `path.resolve()`.\n\nUsers are encouraged to always normalize paths using a well-tested method such as `path.resolve()` before comparing paths to one another.", + "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc" + }, + "1059733": { + "findings": [ + { + "version": "4.4.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar" + ] + }, + { + "version": "4.4.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=4.0.0 <4.4.14", + "module_name": "tar", + "severity": "high", + "github_advisory_id": "GHSA-3jfq-g458-7qm9", + "cves": [ + "CVE-2021-32804" + ], + "access": "public", + "patched_versions": ">=4.4.14", + "cvss": { + "score": 8.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "updated": "2021-08-03T19:06:16.000Z", + "recommendation": "Upgrade to version 4.4.14 or later", + "cwe": "[\"CWE-22\"]", + "found_by": null, + "deleted": null, + "id": 1059733, + "references": "- https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9\n- https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4\n- https://www.npmjs.com/advisories/1770\n- https://www.npmjs.com/package/tar\n- https://nvd.nist.gov/vuln/detail/CVE-2021-32804\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://github.com/advisories/GHSA-3jfq-g458-7qm9", + "created": "2022-03-09T20:00:44.039Z", + "reported_by": null, + "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", + "npm_advisory_id": null, + "overview": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\n`node-tar` aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. \n\nThis logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. \n\n### Patches\n\n3.2.2 || 4.4.14 || 5.0.6 || 6.1.1\n\nNOTE: an adjacent issue [CVE-2021-32803](https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw) affects this release level. Please ensure you update to the latest patch levels that address CVE-2021-32803 as well if this adjacent issue affects your `node-tar` use case.\n\n### Workarounds\n\nUsers may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths.\n\n```js\nconst path = require('path')\nconst tar = require('tar')\n\ntar.x({\n file: 'archive.tgz',\n // either add this function...\n onentry: (entry) => {\n if (path.isAbsolute(entry.path)) {\n entry.path = sanitizeAbsolutePathSomehow(entry.path)\n entry.absolute = path.resolve(entry.path)\n }\n },\n\n // or this one\n filter: (file, entry) => {\n if (path.isAbsolute(entry.path)) {\n return false\n } else {\n return true\n }\n }\n})\n```\n\nUsers are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves.", + "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9" + }, + "1059737": { + "findings": [ + { + "version": "4.4.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar" + ] + }, + { + "version": "4.4.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=4.0.0 <4.4.15", + "module_name": "tar", + "severity": "high", + "github_advisory_id": "GHSA-r628-mhmh-qjhw", + "cves": [ + "CVE-2021-32803" + ], + "access": "public", + "patched_versions": ">=4.4.15", + "cvss": { + "score": 8.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "updated": "2021-08-03T18:59:59.000Z", + "recommendation": "Upgrade to version 4.4.15 or later", + "cwe": "[\"CWE-22\",\"CWE-23\"]", + "found_by": null, + "deleted": null, + "id": 1059737, + "references": "- https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw\n- https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20\n- https://www.npmjs.com/advisories/1771\n- https://nvd.nist.gov/vuln/detail/CVE-2021-32803\n- https://www.npmjs.com/package/tar\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://github.com/advisories/GHSA-r628-mhmh-qjhw", + "created": "2022-03-09T20:00:44.040Z", + "reported_by": null, + "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", + "npm_advisory_id": null, + "overview": "### Impact\n\nArbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution\n\n`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created.\n\nThis logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur.\n\nBy first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.\n\nThis issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.\n\n### Patches\n\n3.2.3 || 4.4.15 || 5.0.7 || 6.1.2\n\n### Workarounds\n\nUsers may work around this vulnerability without upgrading by creating a custom `filter` method which prevents the extraction of symbolic links.\n\n```js\nconst tar = require('tar')\n\ntar.x({\n file: 'archive.tgz',\n filter: (file, entry) => {\n if (entry.type === 'SymbolicLink') {\n return false\n } else {\n return true\n }\n }\n})\n```\n\nUsers are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves.", + "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw" + }, + "1059778": { + "findings": [ + { + "version": "3.2.0", + "paths": [ + "karma>socket.io>socket.io-parser", + "karma>socket.io>socket.io-client>socket.io-parser" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<3.3.2", + "module_name": "socket.io-parser", + "severity": "high", + "github_advisory_id": "GHSA-xfhh-g9f5-x4m4", + "cves": [ + "CVE-2020-36049" + ], + "access": "public", + "patched_versions": ">=3.3.2", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2021-06-30T16:54:43.000Z", + "recommendation": "Upgrade to version 3.3.2 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059778, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-36049\n- https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55\n- https://blog.caller.xyz/socketio-engineio-dos/\n- https://github.com/bcaller/kill-engine-io\n- https://github.com/socketio/socket.io-parser/releases/tag/3.3.2\n- https://github.com/socketio/socket.io-parser/releases/tag/3.4.1\n- https://www.npmjs.com/package/socket.io-parser\n- https://github.com/advisories/GHSA-xfhh-g9f5-x4m4", + "created": "2022-03-09T20:00:44.044Z", + "reported_by": null, + "title": "Resource exhaustion in socket.io-parser", + "npm_advisory_id": null, + "overview": "The `socket.io-parser` npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.", + "url": "https://github.com/advisories/GHSA-xfhh-g9f5-x4m4" + }, + "1059799": { + "findings": [ + { + "version": "7.0.17", + "paths": [ + "@angular-devkit/build-angular>postcss" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=7.0.0 <7.0.36", + "module_name": "postcss", + "severity": "moderate", + "github_advisory_id": "GHSA-hwj9-h5mp-3pm3", + "cves": [ + "CVE-2021-23368" + ], + "access": "public", + "patched_versions": ">=7.0.36", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-06-15T15:12:13.000Z", + "recommendation": "Upgrade to version 7.0.36 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059799, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23368\n- https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4\n- https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5\n- https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E\n- https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E\n- https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E\n- https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E\n- https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E\n- https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795\n- https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595\n- https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734\n- https://github.com/advisories/GHSA-hwj9-h5mp-3pm3", + "created": "2022-03-09T20:00:44.046Z", + "reported_by": null, + "title": "Regular Expression Denial of Service in postcss", + "npm_advisory_id": null, + "overview": "The npm package `postcss` from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + }, + "1059828": { + "findings": [ + { + "version": "3.1.0", + "paths": [ + "@angular-devkit/build-angular>copy-webpack-plugin>glob-parent", + "@angular-devkit/build-angular>webpack-dev-server>chokidar>glob-parent", + "@angular-devkit/build-angular>webpack>watchpack>watchpack-chokidar2>chokidar>glob-parent" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<5.1.2", + "module_name": "glob-parent", + "severity": "high", + "github_advisory_id": "GHSA-ww39-953v-wcq6", + "cves": [ + "CVE-2020-28469" + ], + "access": "public", + "patched_versions": ">=5.1.2", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2021-06-04T18:30:46.000Z", + "recommendation": "Upgrade to version 5.1.2 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059828, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-28469\n- https://github.com/gulpjs/glob-parent/pull/36\n- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\n- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\n- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-ww39-953v-wcq6", + "created": "2022-03-09T20:00:44.048Z", + "reported_by": null, + "title": "Regular expression denial of service", + "npm_advisory_id": null, + "overview": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.", + "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6" + }, + "1059870": { + "findings": [ + { + "version": "4.6.3", + "paths": [ + "@angular-devkit/build-angular>browserslist" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=4.0.0 <4.16.5", + "module_name": "browserslist", + "severity": "moderate", + "github_advisory_id": "GHSA-w8qv-6jwh-64r5", + "cves": [ + "CVE-2021-23364" + ], + "access": "public", + "patched_versions": ">=4.16.5", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-05-20T22:03:37.000Z", + "recommendation": "Upgrade to version 4.16.5 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1059870, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23364\n- https://github.com/browserslist/browserslist/pull/593\n- https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98\n- https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182\n- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194\n- https://github.com/advisories/GHSA-w8qv-6jwh-64r5", + "created": "2022-03-09T20:00:44.054Z", + "reported_by": null, + "title": "Regular Expression Denial of Service in browserslist", + "npm_advisory_id": null, + "overview": "The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.", + "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5" + }, + "1059871": { + "findings": [ + { + "version": "1.5.5", + "paths": [ + "karma>socket.io>socket.io-client>engine.io-client>xmlhttprequest-ssl" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.6.1", + "module_name": "xmlhttprequest-ssl", + "severity": "critical", + "github_advisory_id": "GHSA-72mh-269x-7mh5", + "cves": [ + "CVE-2021-31597" + ], + "access": "public", + "patched_versions": ">=1.6.1", + "cvss": { + "score": 9.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" + }, + "updated": "2021-05-20T21:59:29.000Z", + "recommendation": "Upgrade to version 1.6.1 or later", + "cwe": "[\"CWE-295\"]", + "found_by": null, + "deleted": null, + "id": 1059871, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-31597\n- https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2\n- https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1\n- https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt\n- https://security.netapp.com/advisory/ntap-20210618-0004/\n- https://github.com/advisories/GHSA-72mh-269x-7mh5", + "created": "2022-03-09T20:00:44.054Z", + "reported_by": null, + "title": "Improper Certificate Validation in xmlhttprequest-ssl", + "npm_advisory_id": null, + "overview": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.", + "url": "https://github.com/advisories/GHSA-72mh-269x-7mh5" + }, + "1059915": { + "findings": [ + { + "version": "6.10.0", + "paths": [ + "@angular-devkit/build-angular>ajv", + "@angular-devkit/build-angular>@angular-devkit/core>ajv", + "@angular-devkit/build-angular>@angular-devkit/architect>@angular-devkit/core>ajv", + "@angular-devkit/build-angular>@angular-devkit/build-webpack>@angular-devkit/architect>@angular-devkit/core>ajv" + ] + }, + { + "version": "5.5.2", + "paths": [ + "@angular-devkit/build-angular>istanbul-instrumenter-loader>schema-utils>ajv" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<6.12.3", + "module_name": "ajv", + "severity": "moderate", + "github_advisory_id": "GHSA-v88g-cgmw-v5xw", + "cves": [ + "CVE-2020-15366" + ], + "access": "public", + "patched_versions": ">=6.12.3", + "cvss": { + "score": 5.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2021-05-10T21:23:42.000Z", + "recommendation": "Upgrade to version 6.12.3 or later", + "cwe": "[\"CWE-915\"]", + "found_by": null, + "deleted": null, + "id": 1059915, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-15366\n- https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f\n- https://github.com/ajv-validator/ajv/releases/tag/v6.12.3\n- https://hackerone.com/bugs?subject=user&report_id=894259\n- https://github.com/ajv-validator/ajv/tags\n- https://github.com/advisories/GHSA-v88g-cgmw-v5xw", + "created": "2022-03-09T20:00:44.058Z", + "reported_by": null, + "title": "Prototype Pollution in Ajv", + "npm_advisory_id": null, + "overview": "An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)", + "url": "https://github.com/advisories/GHSA-v88g-cgmw-v5xw" + }, + "1059976": { + "findings": [ + { + "version": "1.5.5", + "paths": [ + "karma>socket.io>socket.io-client>engine.io-client>xmlhttprequest-ssl" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.6.2", + "module_name": "xmlhttprequest-ssl", + "severity": "high", + "github_advisory_id": "GHSA-h4j5-c7cj-74xg", + "cves": [ + "CVE-2020-28502" + ], + "access": "public", + "patched_versions": ">=1.6.2", + "cvss": { + "score": 9.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "updated": "2021-05-04T18:00:49.000Z", + "recommendation": "Upgrade to version 1.6.2 or later", + "cwe": "[\"CWE-94\"]", + "found_by": null, + "deleted": null, + "id": 1059976, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-28502\n- https://github.com/driverdan/node-XMLHttpRequest/commit/983cfc244c7567ad6a59e366e55a8037e0497fe6\n- https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js#L480\n- https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480\n- https://github.com/mjwwit/node-XMLHttpRequest/blob/ae38832a0f1347c5e96dda665402509a3458e302/lib/XMLHttpRequest.js#L531\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938\n- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935\n- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936\n- https://github.com/mjwwit/node-XMLHttpRequest/commit/ee1e81fc67729c7c0eba5537ed7fe1e30a6b3291\n- https://github.com/advisories/GHSA-h4j5-c7cj-74xg", + "created": "2022-03-09T20:00:44.064Z", + "reported_by": null, + "title": "Arbitrary Code Injection", + "npm_advisory_id": null, + "overview": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.", + "url": "https://github.com/advisories/GHSA-h4j5-c7cj-74xg" + }, + "1060025": { + "findings": [ + { + "version": "0.3.19", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>sockjs" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.3.20", + "module_name": "sockjs", + "severity": "moderate", + "github_advisory_id": "GHSA-c9g6-9335-x697", + "cves": [ + "CVE-2020-7693" + ], + "access": "public", + "patched_versions": ">=0.3.20", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-04-20T15:25:19.000Z", + "recommendation": "Upgrade to version 0.3.20 or later", + "cwe": "[\"CWE-20\"]", + "found_by": null, + "deleted": null, + "id": 1060025, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-7693\n- https://github.com/sockjs/sockjs-node/issues/252\n- https://github.com/sockjs/sockjs-node/pull/265\n- https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16\n- https://github.com/andsnw/sockjs-dos-py\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448\n- https://snyk.io/vuln/SNYK-JS-SOCKJS-575261\n- https://www.npmjs.com/package/sockjs\n- https://github.com/advisories/GHSA-c9g6-9335-x697", + "created": "2022-03-09T20:00:44.068Z", + "reported_by": null, + "title": "Improper Input Validation in SocksJS-Node", + "npm_advisory_id": null, + "overview": "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.", + "url": "https://github.com/advisories/GHSA-c9g6-9335-x697" + }, + "1060087": { + "findings": [ + { + "version": "3.2.1", + "paths": [ + "karma>socket.io>engine.io" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.0.0", + "module_name": "engine.io", + "severity": "high", + "github_advisory_id": "GHSA-j4f2-536g-r55m", + "cves": [ + "CVE-2020-36048" + ], + "access": "public", + "patched_versions": ">=4.0.0", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2021-04-06T22:58:34.000Z", + "recommendation": "Upgrade to version 4.0.0 or later", + "cwe": "[\"CWE-400\"]", + "found_by": null, + "deleted": null, + "id": 1060087, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-36048\n- https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b\n- https://blog.caller.xyz/socketio-engineio-dos/\n- https://github.com/bcaller/kill-engine-io\n- https://github.com/advisories/GHSA-j4f2-536g-r55m", + "created": "2022-03-09T20:00:44.073Z", + "reported_by": null, + "title": "Resource exhaustion in engine.io ", + "npm_advisory_id": null, + "overview": "Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.", + "url": "https://github.com/advisories/GHSA-j4f2-536g-r55m" + }, + "1060234": { + "findings": [ + { + "version": "2.1.1", + "paths": [ + "karma>socket.io" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<2.4.0", + "module_name": "socket.io", + "severity": "moderate", + "github_advisory_id": "GHSA-fxwf-4rqh-v8g3", + "cves": [ + "CVE-2020-28481" + ], + "access": "public", + "patched_versions": ">=2.4.0", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2021-01-20T05:39:25.000Z", + "recommendation": "Upgrade to version 2.4.0 or later", + "cwe": "[\"CWE-346\",\"CWE-453\"]", + "found_by": null, + "deleted": null, + "id": 1060234, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-28481\n- https://github.com/socketio/socket.io/issues/3671\n- https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357\n- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859\n- https://github.com/advisories/GHSA-fxwf-4rqh-v8g3", + "created": "2022-03-09T20:00:44.087Z", + "reported_by": null, + "title": "Insecure defaults due to CORS misconfiguration in socket.io", + "npm_advisory_id": null, + "overview": "The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.", + "url": "https://github.com/advisories/GHSA-fxwf-4rqh-v8g3" + }, + "1060267": { + "findings": [ + { + "version": "1.3.5", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>rc>ini" + ] + }, + { + "version": "1.3.5", + "paths": [ + "@angular/cli>ini", + "@angular/cli>@schematics/update>ini" + ] + }, + { + "version": "1.3.5", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>rc>ini" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.3.6", + "module_name": "ini", + "severity": "high", + "github_advisory_id": "GHSA-qqgx-2p2h-9c37", + "cves": [ + "CVE-2020-7788" + ], + "access": "public", + "patched_versions": ">=1.3.6", + "cvss": { + "score": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2020-12-10T16:51:40.000Z", + "recommendation": "Upgrade to version 1.3.6 or later", + "cwe": "[\"CWE-1321\"]", + "found_by": null, + "deleted": null, + "id": 1060267, + "references": "- https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1\n- https://www.npmjs.com/advisories/1589\n- https://snyk.io/vuln/SNYK-JS-INI-1048974\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7788\n- https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html\n- https://github.com/advisories/GHSA-qqgx-2p2h-9c37", + "created": "2022-03-09T20:00:44.090Z", + "reported_by": null, + "title": "Prototype Pollution", + "npm_advisory_id": null, + "overview": "### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require('fs')\nvar ini = require('ini')\n\nvar parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n> node poc.js\n{}\n{ polluted: 'polluted' }\n{ polluted: 'polluted' }\npolluted\n```", + "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37" + }, + "1060279": { + "findings": [ + { + "version": "11.1.1", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>yargs>yargs-parser" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=6.0.0 <13.1.2", + "module_name": "yargs-parser", + "severity": "moderate", + "github_advisory_id": "GHSA-p9pc-299p-vxgp", + "cves": [ + "CVE-2020-7608" + ], + "access": "public", + "patched_versions": ">=13.1.2", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2020-11-10T21:06:04.000Z", + "recommendation": "Upgrade to version 13.1.2 or later", + "cwe": "[\"CWE-915\"]", + "found_by": null, + "deleted": null, + "id": 1060279, + "references": "- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381\n- https://www.npmjs.com/advisories/1500\n- https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7608\n- https://github.com/advisories/GHSA-p9pc-299p-vxgp", + "created": "2022-03-09T20:00:44.091Z", + "reported_by": null, + "title": "Prototype Pollution in yargs-parser", + "npm_advisory_id": null, + "overview": "Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.", + "url": "https://github.com/advisories/GHSA-p9pc-299p-vxgp" + }, + "1060396": { + "findings": [ + { + "version": "1.2.1", + "paths": [ + "@angular-devkit/build-angular>tree-kill", + "@angular-devkit/build-angular>@ngtools/webpack>tree-kill" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.2.2", + "module_name": "tree-kill", + "severity": "high", + "github_advisory_id": "GHSA-884p-74jh-xrg2", + "cves": [], + "access": "public", + "patched_versions": ">=1.2.2", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2020-08-31T18:59:06.000Z", + "recommendation": "Upgrade to version 1.2.2 or later", + "cwe": "[\"CWE-77\"]", + "found_by": null, + "deleted": null, + "id": 1060396, + "references": "- https://hackerone.com/reports/701183\n- https://www.npmjs.com/advisories/1432\n- https://github.com/advisories/GHSA-884p-74jh-xrg2", + "created": "2022-03-09T20:00:44.102Z", + "reported_by": null, + "title": "Command Injection in tree-kill", + "npm_advisory_id": null, + "overview": "Versions of `tree-kill` prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the `kill` function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems.\n\n\n## Recommendation\n\nUpgrade to version 1.2.2 or later.", + "url": "https://github.com/advisories/GHSA-884p-74jh-xrg2" + }, + "1061294": { + "findings": [ + { + "version": "1.7.0", + "paths": [ + "@angular-devkit/build-angular>copy-webpack-plugin>serialize-javascript" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<3.1.0", + "module_name": "serialize-javascript", + "severity": "high", + "github_advisory_id": "GHSA-hxcc-f52p-wc94", + "cves": [ + "CVE-2020-7660" + ], + "access": "public", + "patched_versions": ">=3.1.0", + "cvss": { + "score": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "updated": "2020-08-11T14:14:52.000Z", + "recommendation": "Upgrade to version 3.1.0 or later", + "cwe": "[\"CWE-502\"]", + "found_by": null, + "deleted": null, + "id": 1061294, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-7660\n- https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd\n- https://github.com/advisories/GHSA-hxcc-f52p-wc94", + "created": "2022-03-09T20:00:44.179Z", + "reported_by": null, + "title": "Insecure serialization leading to RCE in serialize-javascript", + "npm_advisory_id": null, + "overview": "serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\". \n\nAn object such as `{\"foo\": /1\"/, \"bar\": \"a\\\"@__R--0__@\"}` was serialized as `{\"foo\": /1\"/, \"bar\": \"a\\/1\"/}`, which allows an attacker to escape the `bar` key. This requires the attacker to control the values of both `foo` and `bar` and guess the value of ``. The UID has a keyspace of approximately 4 billion making it a realistic network attack.", + "url": "https://github.com/advisories/GHSA-hxcc-f52p-wc94" + }, + "1061322": { + "findings": [ + { + "version": "3.9.1", + "paths": [ + "@angular/cli>pacote>npm-registry-fetch", + "@angular/cli>@schematics/update>pacote>npm-registry-fetch" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.0.5", + "module_name": "npm-registry-fetch", + "severity": "moderate", + "github_advisory_id": "GHSA-jmqm-f2gx-4fjv", + "cves": [], + "access": "public", + "patched_versions": ">=4.0.5", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "updated": "2020-07-07T18:26:22.000Z", + "recommendation": "Upgrade to version 4.0.5 or later", + "cwe": "[\"CWE-352\"]", + "found_by": null, + "deleted": null, + "id": 1061322, + "references": "- https://github.com/npm/npm-registry-fetch/security/advisories/GHSA-jmqm-f2gx-4fjv\n- https://github.com/npm/npm-registry-fetch/pull/29\n- https://github.com/npm/npm-registry-fetch/commit/18bf9b97fb1deecdba01ffb05580370846255c88\n- https://snyk.io/vuln/SNYK-JS-NPMREGISTRYFETCH-575432\n- https://github.com/advisories/GHSA-jmqm-f2gx-4fjv", + "created": "2022-03-09T20:00:44.181Z", + "reported_by": null, + "title": "Sensitive information exposure through logs in npm-registry-fetch", + "npm_advisory_id": null, + "overview": "Affected versions of `npm-registry-fetch` are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like `://[[:]@][:][:][/]`. The password value is not redacted and is printed to stdout and also to any generated log files.", + "url": "https://github.com/advisories/GHSA-jmqm-f2gx-4fjv" + }, + "1061404": { + "findings": [ + { + "version": "1.2.0", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>rc>minimist" + ] + }, + { + "version": "1.2.0", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>rc>minimist" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">=1.0.0 <1.2.3", + "module_name": "minimist", + "severity": "moderate", + "github_advisory_id": "GHSA-vh95-rmgr-6w4m", + "cves": [ + "CVE-2020-7598" + ], + "access": "public", + "patched_versions": ">=1.2.3", + "cvss": { + "score": 5.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2020-04-03T21:42:10.000Z", + "recommendation": "Upgrade to version 1.2.3 or later", + "cwe": "[\"CWE-915\"]", + "found_by": null, + "deleted": null, + "id": 1061404, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-7598\n- https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab\n- https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94\n- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764\n- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html\n- https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95\n- https://www.npmjs.com/advisories/1179\n- https://github.com/advisories/GHSA-vh95-rmgr-6w4m", + "created": "2022-03-09T20:00:44.187Z", + "reported_by": null, + "title": "Prototype Pollution in minimist", + "npm_advisory_id": null, + "overview": "Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. \nThis is exploitable if attackers have control over the arguments being passed to `minimist`.\n\n\n\n## Recommendation\n\nUpgrade to versions 0.2.1, 1.2.3 or later.", + "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m" + }, + "1061405": { + "findings": [ + { + "version": "0.0.8", + "paths": [ + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>mkdirp>minimist", + "@angular-devkit/build-angular>webpack-dev-server>chokidar>fsevents>node-pre-gyp>tar>mkdirp>minimist" + ] + }, + { + "version": "0.0.8", + "paths": [ + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>mkdirp>minimist", + "@angular/compiler-cli>chokidar>fsevents>node-pre-gyp>tar>mkdirp>minimist" + ] + }, + { + "version": "0.0.10", + "paths": [ + "karma>optimist>minimist" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.2.1", + "module_name": "minimist", + "severity": "moderate", + "github_advisory_id": "GHSA-vh95-rmgr-6w4m", + "cves": [ + "CVE-2020-7598" + ], + "access": "public", + "patched_versions": ">=0.2.1", + "cvss": { + "score": 5.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2020-04-03T21:42:10.000Z", + "recommendation": "Upgrade to version 0.2.1 or later", + "cwe": "[\"CWE-915\"]", + "found_by": null, + "deleted": null, + "id": 1061405, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-7598\n- https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab\n- https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94\n- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764\n- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html\n- https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95\n- https://www.npmjs.com/advisories/1179\n- https://github.com/advisories/GHSA-vh95-rmgr-6w4m", + "created": "2022-03-09T20:00:44.187Z", + "reported_by": null, + "title": "Prototype Pollution in minimist", + "npm_advisory_id": null, + "overview": "Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. \nParsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. \nThis is exploitable if attackers have control over the arguments being passed to `minimist`.\n\n\n\n## Recommendation\n\nUpgrade to versions 0.2.1, 1.2.3 or later.", + "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m" + }, + "1061457": { + "findings": [ + { + "version": "1.7.0", + "paths": [ + "@angular-devkit/build-angular>copy-webpack-plugin>serialize-javascript" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<2.1.1", + "module_name": "serialize-javascript", + "severity": "moderate", + "github_advisory_id": "GHSA-h9rv-jmmf-4pgx", + "cves": [ + "CVE-2019-16769" + ], + "access": "public", + "patched_versions": ">=2.1.1", + "cvss": { + "score": 4.2, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" + }, + "updated": "2019-12-05T18:44:25.000Z", + "recommendation": "Upgrade to version 2.1.1 or later", + "cwe": "[\"CWE-79\"]", + "found_by": null, + "deleted": null, + "id": 1061457, + "references": "- https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx\n- https://nvd.nist.gov/vuln/detail/CVE-2019-16769\n- https://github.com/advisories/GHSA-h9rv-jmmf-4pgx\n- https://www.npmjs.com/advisories/1426", + "created": "2022-03-09T20:00:44.190Z", + "reported_by": null, + "title": "Cross-Site Scripting in serialize-javascript", + "npm_advisory_id": null, + "overview": "Versions of `serialize-javascript` prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.\n\n\n## Recommendation\n\nUpgrade to version 2.1.1 or later.", + "url": "https://github.com/advisories/GHSA-h9rv-jmmf-4pgx" + }, + "1061952": { + "findings": [ + { + "version": "4.2.0", + "paths": [ + "karma" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<6.3.16", + "module_name": "karma", + "severity": "moderate", + "github_advisory_id": "GHSA-rc3x-jf5g-xvc5", + "cves": [ + "CVE-2021-23495" + ], + "access": "public", + "patched_versions": ">=6.3.16", + "cvss": { + "score": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" + }, + "updated": "2022-03-01T19:17:54.000Z", + "recommendation": "Upgrade to version 6.3.16 or later", + "cwe": "[]", + "found_by": null, + "deleted": null, + "id": 1061952, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23495\n- https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2412347\n- https://snyk.io/vuln/SNYK-JS-KARMA-2396325\n- https://github.com/advisories/GHSA-rc3x-jf5g-xvc5", + "created": "2022-03-09T22:00:43.328Z", + "reported_by": null, + "title": "Open redirect in karma", + "npm_advisory_id": null, + "overview": "Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.", + "url": "https://github.com/advisories/GHSA-rc3x-jf5g-xvc5" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 2, + "moderate": 42, + "high": 28, + "critical": 3 + }, + "dependencies": 24, + "devDependencies": 1227, + "optionalDependencies": 167, + "totalDependencies": 1251 + }, + "runId": "cef9e967-13de-44ae-985f-af2d11a30ed4" +} \ No newline at end of file diff --git a/unittests/scans/npm_audit/multiple_cwes2.json b/unittests/scans/npm_audit/multiple_cwes2.json new file mode 100644 index 00000000000..e212e320aea --- /dev/null +++ b/unittests/scans/npm_audit/multiple_cwes2.json @@ -0,0 +1,475 @@ +{ + "actions": [ + { + "action": "update", + "resolves": [ + { + "id": 1064972, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>resolve>path-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1064972, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>eslint-import-resolver-node>resolve>path-parse", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1064972, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>read-pkg-up>read-pkg>normalize-package-data>resolve>path-parse", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "path-parse", + "target": "1.0.7", + "depth": 7 + }, + { + "action": "update", + "resolves": [ + { + "id": 1065159, + "path": "@company.frontend/eslint-config-es6>eslint>ajv", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065159, + "path": "@company.frontend/eslint-config-es6>eslint>table>ajv", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "ajv", + "target": "6.12.6", + "depth": 4 + }, + { + "action": "update", + "resolves": [ + { + "id": 1065169, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>read-pkg-up>read-pkg>normalize-package-data>hosted-git-info", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "hosted-git-info", + "target": "2.8.9", + "depth": 6 + }, + { + "action": "update", + "resolves": [ + { + "id": 1065345, + "path": "@company.frontend/eslint-config-es6>eslint>inquirer>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065345, + "path": "@company.frontend/eslint-config-es6>eslint>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065345, + "path": "@company.frontend/eslint-config-es6>eslint>table>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065345, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065397, + "path": "@company.frontend/eslint-config-es6>eslint>inquirer>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065397, + "path": "@company.frontend/eslint-config-es6>eslint>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065397, + "path": "@company.frontend/eslint-config-es6>eslint>table>lodash", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1065397, + "path": "@company.frontend/eslint-config-es6>eslint-plugin-import>lodash", + "dev": true, + "optional": false, + "bundled": false + } + ], + "module": "lodash", + "target": "4.17.21", + "depth": 4 + }, + { + "action": "review", + "module": "ansi-regex", + "resolves": [ + { + "id": 1064843, + "path": "@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1064843, + "path": "@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1064843, + "path": "@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + }, + { + "id": 1064843, + "path": "@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex", + "dev": true, + "optional": false, + "bundled": false + } + ] + } + ], + "advisories": { + "1064843": { + "findings": [ + { + "version": "3.0.0", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex" + ] + }, + { + "version": "4.1.0", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex" + ] + }, + { + "version": "3.0.0", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex" + ] + }, + { + "version": "4.1.0", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex" + ] + } + ], + "metadata": null, + "vulnerable_versions": ">2.1.1 <5.0.1", + "module_name": "ansi-regex", + "severity": "moderate", + "github_advisory_id": "GHSA-93q8-gq69-wqmw", + "cves": [ + "CVE-2021-3807" + ], + "access": "public", + "patched_versions": ">=5.0.1", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2021-09-23T15:45:50.000Z", + "recommendation": "Upgrade to version 5.0.1 or later", + "cwe": [ + "CWE-918", + "CWE-1333" + ], + "found_by": null, + "deleted": null, + "id": 1064843, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw", + "created": "2022-03-11T08:00:43.795Z", + "reported_by": null, + "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", + "npm_advisory_id": null, + "overview": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", + "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw" + }, + "1064972": { + "findings": [ + { + "version": "1.0.6", + "paths": [ + "@company.frontend/eslint-config-es6>eslint-plugin-import>resolve>path-parse", + "@company.frontend/eslint-config-es6>eslint-plugin-import>eslint-import-resolver-node>resolve>path-parse", + "@company.frontend/eslint-config-es6>eslint-plugin-import>read-pkg-up>read-pkg>normalize-package-data>resolve>path-parse" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.0.7", + "module_name": "path-parse", + "severity": "moderate", + "github_advisory_id": "GHSA-hj48-42vr-x3v9", + "cves": [ + "CVE-2021-23343" + ], + "access": "public", + "patched_versions": ">=1.0.7", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-08-10T15:33:31.000Z", + "recommendation": "Upgrade to version 1.0.7 or later", + "cwe": [ + "CWE-400" + ], + "found_by": null, + "deleted": null, + "id": 1064972, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23343\n- https://github.com/jbgutierrez/path-parse/issues/8\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028\n- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067\n- https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E\n- https://github.com/jbgutierrez/path-parse/pull/10\n- https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7\n- https://github.com/advisories/GHSA-hj48-42vr-x3v9", + "created": "2022-03-11T08:00:43.817Z", + "reported_by": null, + "title": "Regular Expression Denial of Service in path-parse", + "npm_advisory_id": null, + "overview": "Affected versions of npm package `path-parse` are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.", + "url": "https://github.com/advisories/GHSA-hj48-42vr-x3v9" + }, + "1065159": { + "findings": [ + { + "version": "6.10.0", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>ajv", + "@company.frontend/eslint-config-es6>eslint>table>ajv" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<6.12.3", + "module_name": "ajv", + "severity": "moderate", + "github_advisory_id": "GHSA-v88g-cgmw-v5xw", + "cves": [ + "CVE-2020-15366" + ], + "access": "public", + "patched_versions": ">=6.12.3", + "cvss": { + "score": 5.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2021-05-10T21:23:42.000Z", + "recommendation": "Upgrade to version 6.12.3 or later", + "cwe": [ + "CWE-915" + ], + "found_by": null, + "deleted": null, + "id": 1065159, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-15366\n- https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f\n- https://github.com/ajv-validator/ajv/releases/tag/v6.12.3\n- https://hackerone.com/bugs?subject=user&report_id=894259\n- https://github.com/ajv-validator/ajv/tags\n- https://github.com/advisories/GHSA-v88g-cgmw-v5xw", + "created": "2022-03-11T08:00:43.828Z", + "reported_by": null, + "title": "Prototype Pollution in Ajv", + "npm_advisory_id": null, + "overview": "An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)", + "url": "https://github.com/advisories/GHSA-v88g-cgmw-v5xw" + }, + "1065169": { + "findings": [ + { + "version": "2.7.1", + "paths": [ + "@company.frontend/eslint-config-es6>eslint-plugin-import>read-pkg-up>read-pkg>normalize-package-data>hosted-git-info" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<2.8.9", + "module_name": "hosted-git-info", + "severity": "moderate", + "github_advisory_id": "GHSA-43f8-2h32-f4cj", + "cves": [ + "CVE-2021-23362" + ], + "access": "public", + "patched_versions": ">=2.8.9", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-05-07T17:39:04.000Z", + "recommendation": "Upgrade to version 2.8.9 or later", + "cwe": [ + "CWE-400" + ], + "found_by": null, + "deleted": null, + "id": 1065169, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23362\n- https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356\n- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355\n- https://github.com/npm/hosted-git-info/pull/76\n- https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7\n- https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01\n- https://github.com/npm/hosted-git-info/commits/v2\n- https://github.com/advisories/GHSA-43f8-2h32-f4cj", + "created": "2022-03-11T08:00:43.828Z", + "reported_by": null, + "title": "Regular Expression Denial of Service in hosted-git-info", + "npm_advisory_id": null, + "overview": "The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity", + "url": "https://github.com/advisories/GHSA-43f8-2h32-f4cj" + }, + "1065345": { + "findings": [ + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>inquirer>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>table>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint-plugin-import>lodash" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.17.21", + "module_name": "lodash", + "severity": "high", + "github_advisory_id": "GHSA-35jh-r3h4-6jhm", + "cves": [ + "CVE-2021-23337" + ], + "access": "public", + "patched_versions": ">=4.17.21", + "cvss": { + "score": 7.2, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + }, + "updated": "2021-03-31T23:59:26.000Z", + "recommendation": "Upgrade to version 4.17.21 or later", + "cwe": [ + "CWE-77" + ], + "found_by": null, + "deleted": null, + "id": 1065345, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23337\n- https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c\n- https://security.netapp.com/advisory/ntap-20210312-0006/\n- https://snyk.io/vuln/SNYK-JS-LODASH-1040724\n- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851\n- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851\n- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929\n- https://www.oracle.com//security-alerts/cpujul2021.html\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-35jh-r3h4-6jhm", + "created": "2022-03-11T08:00:43.837Z", + "reported_by": null, + "title": "Command Injection in lodash", + "npm_advisory_id": null, + "overview": "`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.", + "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm" + }, + "1065397": { + "findings": [ + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>inquirer>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint>table>lodash" + ] + }, + { + "version": "4.17.19", + "paths": [ + "@company.frontend/eslint-config-es6>eslint-plugin-import>lodash" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<4.17.21", + "module_name": "lodash", + "severity": "moderate", + "github_advisory_id": "GHSA-29mw-wpgm-hmr9", + "cves": [ + "CVE-2020-28500" + ], + "access": "public", + "patched_versions": ">=4.17.21", + "cvss": { + "score": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "updated": "2021-03-19T22:45:29.000Z", + "recommendation": "Upgrade to version 4.17.21 or later", + "cwe": [], + "found_by": null, + "deleted": null, + "id": 1065397, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-28500\n- https://github.com/lodash/lodash/pull/5065\n- https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7\n- https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8\n- https://security.netapp.com/advisory/ntap-20210312-0006/\n- https://snyk.io/vuln/SNYK-JS-LODASH-1018905\n- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893\n- https://www.oracle.com//security-alerts/cpujul2021.html\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-29mw-wpgm-hmr9", + "created": "2022-03-11T08:00:43.839Z", + "reported_by": null, + "title": "Regular Expression Denial of Service (ReDoS) in lodash", + "npm_advisory_id": null, + "overview": "All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = \"1\" for (var i = 0; i < n; i++) { ret += \" \" } return ret + \"1\"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log(\"time_cost0: \" + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log(\"time_cost1: \" + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log(\"time_cost2: \" + time_cost2)", + "url": "https://github.com/advisories/GHSA-29mw-wpgm-hmr9" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 0, + "moderate": 14, + "high": 4, + "critical": 0 + }, + "dependencies": 19, + "devDependencies": 175, + "optionalDependencies": 0, + "totalDependencies": 194 + }, + "runId": "9394affc-7252-4392-8ce0-3e0e323df119" +} diff --git a/unittests/scans/npm_audit_sample/no_vuln.json b/unittests/scans/npm_audit/no_vuln.json similarity index 100% rename from unittests/scans/npm_audit_sample/no_vuln.json rename to unittests/scans/npm_audit/no_vuln.json diff --git a/unittests/scans/npm_audit_sample/one_vuln.json b/unittests/scans/npm_audit/one_vuln.json similarity index 100% rename from unittests/scans/npm_audit_sample/one_vuln.json rename to unittests/scans/npm_audit/one_vuln.json diff --git a/unittests/scans/nuclei/empty.jsonl b/unittests/scans/nuclei/empty.jsonl new file mode 100644 index 00000000000..e69de29bb2d diff --git a/unittests/scans/nuclei/issue_9201.json b/unittests/scans/nuclei/issue_9201.json new file mode 100644 index 00000000000..153b9b7b3b5 --- /dev/null +++ b/unittests/scans/nuclei/issue_9201.json @@ -0,0 +1 @@ +{"template":"technologies/favicon-detect.yaml","template-url":"https://github.com/projectdiscovery/nuclei-templates/blob/master/technologies/favicon-detect.yaml","template-id":"favicon-detect","template-path":"nuclei-templates/technologies/favicon-detect.yaml","info":{"name":"favicon-detection","author":["un-fmunozs","dhiyaneshdk"],"tags":["tech","favicon"],"reference":["https://twitter.com/brsn76945860/status/1171233054951501824","https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a","https://medium.com/@asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139","https://github.com/devanshbatham/favfreak","https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv"],"severity":"info"},"matcher-name":"asp.net-favicon","type":"http","host":"https://example.com","matched-at":"https://example.com/favicon.ico%c0","ip":"10.10.10.10.","timestamp":"2023-03-13T11:05:07.373496332+03:00","curl-command":"curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36' 'https://example.com/favicon.ico'","matcher-status":true,"matched-line":null} diff --git a/unittests/scans/nuclei/many_findings_new.json b/unittests/scans/nuclei/many_findings_new.json new file mode 100644 index 00000000000..f06d7c92bb7 --- /dev/null +++ b/unittests/scans/nuclei/many_findings_new.json @@ -0,0 +1,2 @@ +{"template":"cves/2018/CVE-2018-15473.yaml","template-url":"https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2018/CVE-2018-15473.yaml","template-id":"CVE-2018-15473","info":{"name":"OpenSSH Username Enumeration v7.7","author":["r3dg33k","daffainfo","forgedhallpass"],"tags":["network","openssh","cve","cve2018"],"description":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.","reference":["https://nvd.nist.gov/vuln/detail/cve-2018-15473"],"severity":"medium","classification":{"cve-id":["cve-2018-15473"],"cwe-id":["cwe-362"],"cvss-metrics":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss-score":5.3}},"type":"network","host":"https://nuclei-example.com","matched-at":"nuclei-example.com:22","extracted-results":["SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7\n"],"ip":"127.0.0.1","timestamp":"2022-03-20T22:43:31.231312071-03:00","matcher-status":true,"matched-line":null} +{"template":"exposures/configs/prometheus-metrics.yaml","template-url":"https://github.com/projectdiscovery/nuclei-templates/blob/master/exposures/configs/prometheus-metrics.yaml","template-id":"prometheus-metrics","info":{"name":"Exposed Prometheus metrics","author":["dhiyaneshdk","philippedelteil"],"tags":["config","exposure","prometheus"],"reference":["https://github.com/prometheus/prometheus","https://hackerone.com/reports/1026196"],"severity":"low"},"type":"http","host":"https://nuclei-example.com","matched-at":"https://nuclei-example.com/metrics","ip":"127.0.0.1","timestamp":"2022-03-20T22:48:35.345037644-03:00","curl-command":"curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36' 'https://nuclei-example.com/metrics'","matcher-status":true,"matched-line":null} diff --git a/unittests/scans/nuclei/many_findings_third.json b/unittests/scans/nuclei/many_findings_third.json new file mode 100644 index 00000000000..ee85802fb5e --- /dev/null +++ b/unittests/scans/nuclei/many_findings_third.json @@ -0,0 +1,2 @@ +{"template":"misconfiguration/http-missing-security-headers.yaml","template-url":"https://github.com/projectdiscovery/nuclei-templates/blob/master/misconfiguration/http-missing-security-headers.yaml","template-id":"http-missing-security-headers","template-path":"nuclei-templates/misconfiguration/http-missing-security-headers.yaml","info":{"name":"HTTP Missing Security Headers","author":["socketz","geeknik","g4l1t0","convisoappsec","kurohost","dawid-czarnecki","forgedhallpass"],"tags":["misconfig","headers","generic"],"description":"This template searches for missing HTTP security headers. The impact of these missing headers can vary.\n","reference":null,"severity":"info"},"matcher-name":"x-content-type-options","type":"http","host":"https://example.com","matched-at":"https://example.com","request":"GET / HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 13 Mar 2023 08:01:51 GMT\r\nServer: Microsoft-IIS/10.0\r\nVary: Accept-Encoding\r\n\r\n\r\n\r\n\r\n\r\n \r\n EXAMPLE.COM\r\n\r\n\r\n\r\n\r\n\r\n\r\n","ip":"127.0.0.1","timestamp":"2023-03-13T11:02:11.829446505+03:00","curl-command":"curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36' 'https://example.com'","matcher-status":true,"matched-line":null} +{"template":"technologies/favicon-detect.yaml","template-url":"https://github.com/projectdiscovery/nuclei-templates/blob/master/technologies/favicon-detect.yaml","template-id":"favicon-detect","template-path":"nuclei-templates/technologies/favicon-detect.yaml","info":{"name":"favicon-detection","author":["un-fmunozs","dhiyaneshdk"],"tags":["tech","favicon"],"reference":["https://twitter.com/brsn76945860/status/1171233054951501824","https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a","https://medium.com/@asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139","https://github.com/devanshbatham/favfreak","https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv"],"severity":"info"},"matcher-name":"asp.net-favicon","type":"http","host":"https://example.com","matched-at":"https://example.com/favicon.ico","ip":"10.10.10.10.","timestamp":"2023-03-13T11:05:07.373496332+03:00","curl-command":"curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36' 'https://example.com/favicon.ico'","matcher-status":true,"matched-line":null} diff --git a/unittests/scans/nuclei/multiple_v3.json b/unittests/scans/nuclei/multiple_v3.json new file mode 100644 index 00000000000..6488f6b9d23 --- /dev/null +++ b/unittests/scans/nuclei/multiple_v3.json @@ -0,0 +1,196 @@ +[ + { + "template": "dns/dns-saas-service-detection.yaml", + "template-url": "https://templates.nuclei.sh/public/dns-saas-service-detection", + "template-id": "dns-saas-service-detection", + "template-path": "asdf/dns-saas-service-detection.yaml", + "info": { + "name": "DNS SaaS Service Detection", + "author": [ + "noah @thesubtlety", + "pdteam" + ], + "tags": [ + "dns", + "service" + ], + "description": "A CNAME DNS record was discovered", + "reference": [ + "https://ns1.com/resources/cname", + "https://www.theregister.com/2021/02/24/dns_cname_tracking/", + "https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/" + ], + "severity": "info", + "metadata": { + "max-request": 1 + } + }, + "matcher-name": "wix", + "type": "dns", + "host": "www.asdf.de", + "matched-at": "www.asdf.de", + "extracted-results": [ + "pointing.wixdns.net" + ], + "request": ";; opcode: QUERY, status: NOERROR, id: 9778\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags:; udp: 4096\n\n;; QUESTION SECTION:\n;www.asdf.de.\tIN\t CNAME\n", + "response": ";; opcode: QUERY, status: NOERROR, id: 9778\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags:; udp: 512\n\n;; QUESTION SECTION:\n;www.asdf.de.\tIN\t CNAME\n\n;; ANSWER SECTION:\nwww.asdf.de.\t3093\tIN\tCNAME\tpointing.wixdns.net.\n", + "timestamp": "2023-11-06T14:48:31.559886+01:00", + "matcher-status": true + }, + { + "template": "dns/caa-fingerprint.yaml", + "template-url": "https://templates.nuclei.sh/public/caa-fingerprint", + "template-id": "caa-fingerprint", + "template-path": "asdf/caa-fingerprint.yaml", + "info": { + "name": "CAA Record", + "author": [ + "pdteam" + ], + "tags": [ + "dns", + "caa" + ], + "description": "A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.", + "reference": [ + "https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record" + ], + "severity": "info", + "metadata": { + "max-request": 1 + }, + "classification": { + "cve-id": null, + "cwe-id": [ + "cwe-200" + ] + } + }, + "type": "dns", + "host": "www.asdf.de", + "matched-at": "www.asdf.de", + "request": ";; opcode: QUERY, status: NOERROR, id: 9301\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags:; udp: 4096\n\n;; QUESTION SECTION:\n;www.asdf.de.\tIN\t CAA\n", + "response": ";; opcode: QUERY, status: NOERROR, id: 9301\n;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags:; udp: 512\n\n;; QUESTION SECTION:\n;www.asdf.de.\tIN\t CAA\n\n;; ANSWER SECTION:\nwww.asdf.de.\t3093\tIN\tCNAME\tpointing.wixdns.net.\npointing.wixdns.net.\t300\tIN\tCNAME\tcdn1.wixdns.net.\ncdn1.wixdns.net.\t300\tIN\tCNAME\tbalancer-ccm.wixdns.net.\nbalancer-ccm.wixdns.net.\t300\tIN\tCNAME\ttd-balancer-199-15-163-148.wixdns.net.\n\n;; AUTHORITY SECTION:\nwixdns.net.\t600\tIN\tSOA\tdns1.p02.nsone.net. hostmaster.nsone.net. 1659255375 3600 600 604800 600\n", + "timestamp": "2023-11-06T14:48:31.591398+01:00", + "matcher-status": true + }, + { + "template": "ssl/detect-ssl-issuer.yaml", + "template-url": "https://templates.nuclei.sh/public/ssl-issuer", + "template-id": "ssl-issuer", + "template-path": "asdf/ssl/detect-ssl-issuer.yaml", + "info": { + "name": "Detect SSL Certificate Issuer", + "author": [ + "lingtren" + ], + "tags": [ + "ssl" + ], + "description": "Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.\n", + "severity": "info", + "metadata": { + "max-request": 1 + } + }, + "type": "ssl", + "host": "www.asdf.de", + "matched-at": "www.asdf.de:443", + "extracted-results": [ + "Sectigo Limited" + ], + "ip": "8.8.8.8", + "timestamp": "2023-11-06T14:58:55.774697+01:00", + "matcher-status": true + }, + { + "template": "ssl/ssl-dns-names.yaml", + "template-url": "https://templates.nuclei.sh/public/ssl-dns-names", + "template-id": "ssl-dns-names", + "template-path": "asdf/ssl/ssl-dns-names.yaml", + "info": { + "name": "SSL DNS Names", + "author": [ + "pdteam" + ], + "tags": [ + "ssl" + ], + "description": "Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.\n", + "severity": "info", + "metadata": { + "max-request": 1 + } + }, + "type": "ssl", + "host": "www.asdf.de", + "matched-at": "www.asdf.de:443", + "extracted-results": [ + "asdf.de", + "www.asdf.de" + ], + "ip": "8.8.8.8", + "timestamp": "2023-11-06T14:58:55.775854+01:00", + "matcher-status": true + }, + { + "template": "ssl/tls-version.yaml", + "template-url": "https://templates.nuclei.sh/public/tls-version", + "template-id": "tls-version", + "template-path": "asdf/ssl/tls-version.yaml", + "info": { + "name": "TLS Version - Detect", + "author": [ + "pdteam", + "pussycat0x" + ], + "tags": [ + "ssl" + ], + "description": "TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.\nIt is important to detect the TLS version in order to ensure secure communication between two computers or servers.\n", + "severity": "info", + "metadata": { + "max-request": 4 + } + }, + "type": "ssl", + "host": "www.asdf.de", + "matched-at": "www.asdf.de:443", + "extracted-results": [ + "tls12" + ], + "ip": "8.8.8.8", + "timestamp": "2023-11-06T14:58:57.693551+01:00", + "matcher-status": true + }, + { + "template": "ssl/tls-version.yaml", + "template-url": "https://templates.nuclei.sh/public/tls-version", + "template-id": "tls-version", + "template-path": "asdf/ssl/tls-version.yaml", + "info": { + "name": "TLS Version - Detect", + "author": [ + "pdteam", + "pussycat0x" + ], + "tags": [ + "ssl" + ], + "description": "TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.\nIt is important to detect the TLS version in order to ensure secure communication between two computers or servers.\n", + "severity": "info", + "metadata": { + "max-request": 4 + } + }, + "type": "ssl", + "host": "www.asdf.de", + "matched-at": "www.asdf.de:443", + "extracted-results": [ + "tls13" + ], + "ip": "8.8.8.8", + "timestamp": "2023-11-06T14:58:58.56985+01:00", + "matcher-status": true + } + ] \ No newline at end of file diff --git a/unittests/scans/openvas/many_vuln.xml b/unittests/scans/openvas/many_vuln.xml new file mode 100644 index 00000000000..855d3008cbe --- /dev/null +++ b/unittests/scans/openvas/many_vuln.xml @@ -0,0 +1,512 @@ +gpsmetasploitable2-scan2023-09-29T11:36:37.717132Z00metasploitable2-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done1044000metasploitable2-scan0Target100.00Network Source Interfacesource_iface2023-09-26T10:50:34Z2023-09-26T10:50:34ZCoordinated Universal TimeUTC44512/tcp{v1}e2eec5b536a10.0High1524/tcp{v1}e2eec5b536a10.0High8787/tcp{v1}e2eec5b536a10.0Highgeneral/tcp{v1}e2eec5b536a10.0High80/tcp{v1}e2eec5b536a10.0High3632/tcp{v1}e2eec5b536a9.3High5900/tcp{v1}e2eec5b536a9.0High5432/tcp{v1}e2eec5b536a9.0High6667/tcp{v1}e2eec5b536a8.1High6697/tcp{v1}e2eec5b536a8.1High21/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High21/tcp{v1}e2eec5b536a7.5High2121/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High80/tcp{v1}e2eec5b536a7.5High22/tcp{v1}e2eec5b536a7.5High6200/tcp{v1}e2eec5b536a7.5High5432/tcp{v1}e2eec5b536a7.4High80/tcp{v1}e2eec5b536a6.8Medium21/tcp{v1}e2eec5b536a6.4Medium80/tcp{v1}e2eec5b536a6.1Medium80/tcp{v1}e2eec5b536a6.1Medium80/tcp{v1}e2eec5b536a6.0Medium445/tcp{v1}e2eec5b536a6.0Medium5432/tcp{v1}e2eec5b536a5.9Medium80/tcp{v1}e2eec5b536a5.8Medium22/tcp{v1}e2eec5b536a5.3Medium22/tcp{v1}e2eec5b536a5.3Medium5432/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a5.0Medium5432/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a5.0Medium80/tcp{v1}e2eec5b536a4.8Medium5900/tcp{v1}e2eec5b536a4.8Medium21/tcp{v1}e2eec5b536a4.8Medium2121/tcp{v1}e2eec5b536a4.8Medium5432/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium22/tcp{v1}e2eec5b536a4.3Medium80/tcp{v1}e2eec5b536a4.3Medium5432/tcp{v1}e2eec5b536a4.05432/tcp{v1}e2eec5b536a4.0{v1}467e39e554agps2023-09-29T11:36:37.717168Z{v1}e2eec5b536a{v1}b6b9f466d63512/tcpnvtThe rexec service is runningUseless services10.0summary=This remote host is running a rexec service.|insight=rexec (remote execution client for an exec server) has the same + kind of functionality that rsh has: you can execute shell commands on a remote computer. + + The main difference is that rexec authenticate by reading the username and password *unencrypted* + from the socket.|qodType=remote_banner|solution=Disable the rexec service and use alternatives like SSH +instead.|solution_type=Mitigation|impact=|affected=High10.080remote_bannerThe rexec service was detected on the target system. +High5{v1}530765cf437gps2023-09-29T11:36:37.717208Z{v1}e2eec5b536a{v1}b6b9f466d631524/tcpnvtPossible Backdoor: IngreslockGain a shell remotely10.0summary=A backdoor is installed on the remote host.|insight=|qodType=remote_vul|solution=A whole cleanup of the infected system is recommended.|solution_type=Workaround|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected isystem.|affected=High10.099remote_vulThe service is answering to an 'id;' command with the following response: uid=0(root) gid=0(root) +High5{v1}5f5c7518c92gps2023-09-29T11:36:37.717216Z{v1}e2eec5b536a{v1}b6b9f466d638787/tcpnvtDistributed Ruby (dRuby/DRb) Multiple Remote Code Execution VulnerabilitiesGain a shell remotely10.0summary=Systems using Distributed Ruby (dRuby/DRb), which is available in Ruby versions 1.6 +and later, may permit unauthorized systems to execute distributed commands.|insight=|qodType=remote_vul|solution=Administrators of environments that rely on Distributed Ruby should ensure that +appropriate controls are in place. Code-level controls may include: + +- Implementing taint on untrusted input + +- Setting $SAFE levels appropriately (>2 is recommended if untrusted hosts are allowed to submit Ruby commands, and >3 may be appropriate) + +- Including drb/acl.rb to set ACLEntry to restrict access to trusted hosts|solution_type=Mitigation|impact=By default, Distributed Ruby does not impose restrictions on allowed hosts or set the + $SAFE environment variable to prevent privileged activities. If other controls are not in place, especially if the + Distributed Ruby process runs with elevated privileges, an attacker could execute arbitrary system commands or Ruby + scripts on the Distributed Ruby server. An attacker may need to know only the URI of the listening Distributed Ruby + server to submit Ruby commands.|affected=High10.099remote_vulThe service is running in $SAFE >= 1 mode. However it is still possible to run arbitrary syscall commands on the remote host. Sending an invalid syscall the service returned the following response: + +Flo:Errno::ENOSYS:bt["3/usr/lib/ruby/1.8/drb/drb.rb:1555:in `syscall'"0/usr/lib/ruby/1.8/drb/drb.rb:1555:in `send'"4/usr/lib/ruby/1.8/drb/drb.rb:1555:in `__send__'"A/usr/lib/ruby/1.8/drb/drb.rb:1555:in `perform_without_block'"3/usr/lib/ruby/1.8/drb/drb.rb:1515:in `perform'"5/usr/lib/ruby/1.8/drb/drb.rb:1589:in `main_loop'"0/usr/lib/ruby/1.8/drb/drb.rb:1585:in `loop'"5/usr/lib/ruby/1.8/drb/drb.rb:1585:in `main_loop'"1/usr/lib/ruby/1.8/drb/drb.rb:1581:in `start'"5/usr/lib/ruby/1.8/drb/drb.rb:1581:in `main_loop'"//usr/lib/ruby/1.8/drb/drb.rb:1430:in `run'"1/usr/lib/ruby/1.8/drb/drb.rb:1427:in `start'"//usr/lib/ruby/1.8/drb/drb.rb:1427:in `run'"6/usr/lib/ruby/1.8/drb/drb.rb:1347:in `initialize'"//usr/lib/ruby/1.8/drb/drb.rb:1627:in `new'"9/usr/lib/ruby/1.8/drb/drb.rb:1627:in `start_service'"%/usr/sbin/druby_timeserver.rb:12:errnoi+:mesg"Function not implemented +High5{v1}8c49cb44d75gps2023-09-29T11:36:37.717246Z{v1}e2eec5b536a{v1}b6b9f466d63general/tcpnvtOperating System (OS) End of Life (EOL) DetectionGeneral10.0summary=The Operating System (OS) on the remote host has reached the End +of Life (EOL) and should not be used anymore.|insight=|qodType=remote_banner|solution=Upgrade the OS on the remote host to a version which is still +supported and receiving security updates by the vendor.|solution_type=Mitigation|impact=An EOL version of an OS is not receiving any security updates + from the vendor. Unfixed security vulnerabilities might be leveraged by an attacker to compromise + the security of this host.|affected=High10.080remote_bannerThe "Ubuntu" Operating System on the remote host has reached the end of life. + +CPE: cpe:/o:canonical:ubuntu_linux:8.04 +Installed version, +build or SP: 8.04 +EOL date: 2013-05-09 +EOL info: https://wiki.ubuntu.com/Releases +High5{v1}22a938294adgps2023-09-29T11:36:37.717262Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki XSS and Command Execution VulnerabilitiesWeb application abuses10.0summary=TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities.|insight=The flaws are due to: + + - %URLPARAM{}% variable is not properly sanitized which lets attackers + conduct cross-site scripting attack. + + - %SEARCH{}% variable is not properly sanitised before being used in an + eval() call which lets the attackers execute perl code through eval + injection attack.|qodType=remote_banner|solution=Upgrade to version 4.2.4 or later.|solution_type=VendorFix|impact=Successful exploitation could allow execution of arbitrary script code or + commands. This could let attackers steal cookie-based authentication credentials or compromise the affected + application.|affected=TWiki, TWiki version prior to 4.2.4.High10.080remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.2.4 + +High5{v1}9e2edd735b3gps2023-09-29T11:36:37.717281Z{v1}e2eec5b536a{v1}b6b9f466d633632/tcpnvtDistCC RCE Vulnerability (CVE-2004-2687)Gain a shell remotely9.3summary=DistCC is prone to a remote code execution (RCE) +vulnerability.|insight=DistCC 2.x, as used in XCode 1.5 and others, when not configured + to restrict access to the server port, allows remote attackers to execute arbitrary commands via + compilation jobs, which are executed by the server without authorization checks.|qodType=remote_vul|solution=Vendor updates are available. Please see the references for +more information. + +For more information about DistCC's security see the references.|solution_type=VendorFix|impact=DistCC by default trusts its clients completely that in turn + could allow a malicious client to execute arbitrary commands on the server.|affected=High9.399remote_vulIt was possible to execute the "id" command. + +Result: uid=1(daemon) gid=1(daemon) +High5{v1}0b02451a968gps2023-09-29T11:36:37.717494Z{v1}e2eec5b536a{v1}b6b9f466d635900/tcpnvtVNC Brute Force LoginBrute force attacks9.0summary=Try to log in with given passwords via VNC protocol.|insight=This script tries to authenticate to a VNC server with the + passwords set in the password preference. It will also test and report if no authentication / + password is required at all. + + Note: Some VNC servers have a blacklisting scheme that blocks IP addresses after five unsuccessful + connection attempts for a period of time. The script will abort the brute force attack if it + encounters that it gets blocked. + + Note as well that passwords can be max. 8 characters long.|qodType=remote_active|solution=Change the password to something hard to guess or enable +password protection at all.|solution_type=Mitigation|impact=|affected=High9.095remote_activeIt was possible to connect to the VNC server with the password: password +High5{v1}e93a2434477gps2023-09-29T11:36:37.717503Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtPostgreSQL Default Credentials (PostgreSQL Protocol)Default Accounts9.0summary=It was possible to login into the remote PostgreSQL as user +postgres using weak credentials.|insight=|qodType=remote_vul|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=|affected=High9.099remote_vulIt was possible to login as user postgres with password "postgres". + + +High5{v1}3723bfe0094gps2023-09-29T11:36:37.717511Z{v1}e2eec5b536a{v1}b6b9f466d636667/tcpnvtUnrealIRCd Authentication Spoofing VulnerabilityGeneral8.1summary=UnrealIRCd is prone to authentication spoofing vulnerability.|insight=The flaw exists due to an error in + the 'm_authenticate' function in 'modules/m_sasl.c' script.|qodType=remote_banner|solution=Upgrade to UnrealIRCd 3.2.10.7, +or 4.0.6, or later.|solution_type=VendorFix|impact=Successful exploitation of this vulnerability + will allows remote attackers to spoof certificate fingerprints and consequently + log in as another user.|affected=UnrealIRCd before 3.2.10.7 and + 4.x before 4.0.6.High8.180remote_bannerInstalled version: 127.0.0.1 +Fixed version: 127.0.0.1 + +High5{v1}3723bfe0094gps2023-09-29T11:36:37.717520Z{v1}e2eec5b536a{v1}b6b9f466d636697/tcpnvtUnrealIRCd Authentication Spoofing VulnerabilityGeneral8.1summary=UnrealIRCd is prone to authentication spoofing vulnerability.|insight=The flaw exists due to an error in + the 'm_authenticate' function in 'modules/m_sasl.c' script.|qodType=remote_banner|solution=Upgrade to UnrealIRCd 3.2.10.7, +or 4.0.6, or later.|solution_type=VendorFix|impact=Successful exploitation of this vulnerability + will allows remote attackers to spoof certificate fingerprints and consequently + log in as another user.|affected=UnrealIRCd before 3.2.10.7 and + 4.x before 4.0.6.High8.180remote_bannerInstalled version: 127.0.0.1 +Fixed version: 127.0.0.1 + +High5{v1}a358693375bgps2023-09-29T11:36:37.717529Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtFTP Brute Force Logins ReportingBrute force attacks7.5summary=It was possible to login into the remote FTP server using +weak/known credentials.|insight=The following devices are / software is known to be affected: + + - CVE-2001-1594: Codonics printer FTP service as used in GE Healthcare eNTEGRA P&R + + - CVE-2013-7404: GE Healthcare Discovery NM 750b + + - CVE-2018-19063, CVE-2018-19064: Foscam C2 and Opticam i5 devices + + Note: As the VT 'FTP Brute Force Logins' (OID: 1.3.6.1.4.1.25623.1.0.108717) might run into a + timeout the actual reporting of this vulnerability takes place in this VT instead.|qodType=remote_active|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=This issue may be exploited by a remote attacker to e.g. gain + access to sensitive information or modify system configuration.|affected=High7.595remote_activeIt was possible to login with the following credentials <User>:<Password> + +msfadmin:msfadmin +postgres:postgres +service:service +user:user +High5{v1}4ecebea5997gps2023-09-29T11:36:37.717538Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTest HTTP dangerous methodsWeb Servers7.5summary=Misconfigured web servers allows remote clients to perform +dangerous HTTP methods such as PUT and DELETE.|insight=|qodType=remote_vul|solution=Use access restrictions to these dangerous HTTP methods +or disable them completely.|solution_type=Mitigation|impact=- Enabled PUT method: This might allow an attacker to upload + and run arbitrary code on this web server. + + - Enabled DELETE method: This might allow an attacker to delete additional files on this web + server.|affected=Web servers with enabled PUT and/or DELETE methods.High7.599remote_vulWe could upload the following files via the PUT method at this web server: + +http://127.0.0.1/dav/puttest1462543653.html + +We could delete the following files via the DELETE method at this web server: + +http://127.0.0.1/dav/puttest1462543653.html + + +High5{v1}dcc8491b116gps2023-09-29T11:36:37.717558Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtvsftpd Compromised Source Packages Backdoor VulnerabilityGain a shell remotely7.5summary=vsftpd is prone to a backdoor vulnerability.|insight=|qodType=remote_vul|solution=The repaired package can be downloaded from +the referenced link. Please validate the package with its signature.|solution_type=VendorFix|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected application.|affected=The vsftpd 2.3.4 source package is affected.High7.599remote_vulHigh5{v1}a358693375bgps2023-09-29T11:36:37.717575Z{v1}e2eec5b536a{v1}b6b9f466d632121/tcpnvtFTP Brute Force Logins ReportingBrute force attacks7.5summary=It was possible to login into the remote FTP server using +weak/known credentials.|insight=The following devices are / software is known to be affected: + + - CVE-2001-1594: Codonics printer FTP service as used in GE Healthcare eNTEGRA P&R + + - CVE-2013-7404: GE Healthcare Discovery NM 750b + + - CVE-2018-19063, CVE-2018-19064: Foscam C2 and Opticam i5 devices + + Note: As the VT 'FTP Brute Force Logins' (OID: 1.3.6.1.4.1.25623.1.0.108717) might run into a + timeout the actual reporting of this vulnerability takes place in this VT instead.|qodType=remote_active|solution=Change the password as soon as possible.|solution_type=Mitigation|impact=This issue may be exploited by a remote attacker to e.g. gain + access to sensitive information or modify system configuration.|affected=High7.595remote_activeIt was possible to login with the following credentials <User>:<Password> + +user:user +High5{v1}edca4d29119gps2023-09-29T11:36:37.717584Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtphpinfo() output ReportingWeb application abuses7.5summary=Many PHP installation tutorials instruct the user to create +a file called phpinfo.php or similar containing the phpinfo() statement. Such a file is often +left back in the webserver directory.|insight=|qodType=remote_banner|solution=Delete the listed files or restrict access to them.|solution_type=Workaround|impact=Some of the information that can be gathered from this file includes: + + The username of the user running the PHP process, if it is a sudo user, the IP address of the host, the web server + version, the system version (Unix, Linux, Windows, ...), and the root directory of the web server.|affected=High7.580remote_bannerThe following files are calling the function phpinfo() which disclose potentially sensitive information: + +http://127.0.0.1/mutillidae/phpinfo.php +http://127.0.0.1/phpinfo.php +High5{v1}28996b2da9agps2023-09-29T11:36:37.717594Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtPHP-CGI-based setups vulnerability when parsing query string parameters from php files.Web application abuses7.5summary=PHP is prone to an information-disclosure vulnerability.|insight=When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the + php-cgi receives a processed query string parameter as command line arguments which allows command-line + switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose + source code and obtain arbitrary code execution. + + An example of the -s command, allowing an attacker to view the source code of index.php is below: + + http://example.com/index.php?-s|qodType=remote_active|solution=PHP has released version 5.4.3 and 5.3.13 to address this vulnerability. +PHP is recommending that users upgrade to the latest version of PHP.|solution_type=VendorFix|impact=Exploiting this issue allows remote attackers to view the source code of files in the + context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code + on the affected computer. Other attacks are also possible.|affected=High7.595remote_activeBy doing the following HTTP POST request: + +"HTTP POST" body : <?php phpinfo();?> +URL : http://127.0.0.1/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E + +it was possible to execute the "<?php phpinfo();?>" command. + +Result: <title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head> +High5{v1}f209b933bd1gps2023-09-29T11:36:37.717604Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtRiello NetMan 204 Default Credentials (SSH)Default Accounts7.5summary=The remote Riello NetMan 204 network card is using known default +credentials for the SSH login.|insight=|qodType=exploit|solution=Change the password of the affected account(s).|solution_type=Workaround|impact=This issue may be exploited by a remote attacker to gain access + to sensitive information or modify system configuration.|affected=High7.5100exploitIt was possible to login as user 'user' with password 'user' and to execute 'cat /etc/passwd'. Result: + +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh +libuuid:x:100:101::/var/lib/libuuid:/bin/sh +dhcp:x:101:102::/nonexistent:/bin/false +syslog:x:102:103::/home/syslog:/bin/false +klog:x:103:104::/home/klog:/bin/false +sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin +msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash +bind:x:105:113::/var/cache/bind:/bin/false +postfix:x:106:115::/var/spool/postfix:/bin/false +ftp:x:107:65534::/home/ftp:/bin/false +postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash +mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false +tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false +distccd:x:111:65534::/:/bin/false +user:x:1001:1001:just a user,111,,:/home/user:/bin/bash +service:x:1002:1002:,,,:/home/service:/bin/bash +telnetd:x:112:120::/nonexistent:/bin/false +proftpd:x:113:65534::/var/run/proftpd:/bin/false +statd:x:114:65534::/var/lib/nfs:/bin/false +High5{v1}dcc8491b116gps2023-09-29T11:36:37.717613Z{v1}e2eec5b536a{v1}b6b9f466d636200/tcpnvtvsftpd Compromised Source Packages Backdoor VulnerabilityGain a shell remotely7.5summary=vsftpd is prone to a backdoor vulnerability.|insight=|qodType=remote_vul|solution=The repaired package can be downloaded from +the referenced link. Please validate the package with its signature.|solution_type=VendorFix|impact=Attackers can exploit this issue to execute arbitrary commands in the + context of the application. Successful attacks will compromise the affected application.|affected=The vsftpd 2.3.4 source package is affected.High7.599remote_vulHigh5{v1}d803f61f444gps2023-09-29T11:36:37.717621Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: OpenSSL CCS Man in the Middle Security Bypass VulnerabilitySSL and TLS7.4summary=OpenSSL is prone to security-bypass vulnerability.|insight=OpenSSL does not properly restrict processing of ChangeCipherSpec + messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in + certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive + information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.|qodType=remote_analysis|solution=Updates are available. Please see the references for more information.|solution_type=VendorFix|impact=Successfully exploiting this issue may allow attackers to obtain + sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.|affected=OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h.High7.470remote_analysisHigh5{v1}e70046de17fgps2023-09-29T11:36:37.717637Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki Cross-Site Request Forgery Vulnerability - Sep10Web application abuses6.8summary=TWiki is prone to a cross-site request forgery (CSRF) vulnerability.|insight=Attack can be done by tricking an authenticated TWiki user into visiting + a static HTML page on another side, where a Javascript enabled browser will send an HTTP POST request + to TWiki, which in turn will process the request as the TWiki user.|qodType=remote_banner|solution=Upgrade to TWiki version 4.3.2 or later.|solution_type=VendorFix|impact=Successful exploitation will allow attacker to gain administrative + privileges on the target application and can cause CSRF attack.|affected=TWiki version prior to 4.3.2Medium6.880remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.3.2 + +Medium5{v1}944cfcaaf66gps2023-09-29T11:36:37.717645Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtAnonymous FTP Login ReportingFTP6.4summary=Reports if the remote FTP Server allows anonymous logins.|insight=A host that provides an FTP service may additionally provide + Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the + host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although + users are commonly asked to send their email address as their password, little to no verification + is actually performed on the supplied data. + + Remark: NIST don't see 'configuration issues' as software flaws so the referenced CVE has a + severity of 0.0. The severity of this VT has been raised by Greenbone to still report a + configuration issue on the target.|qodType=remote_banner|solution=If you do not want to share files, you should disable anonymous +logins.|solution_type=Mitigation|impact=Based on the files accessible via this anonymous FTP login and + the permissions of this account an attacker might be able to: + + - gain access to sensitive files + + - upload or delete files.|affected=Medium6.480remote_bannerIt was possible to login to the remote FTP service with the following anonymous account(s): + +anonymous:anonymous@example.com +ftp:anonymous@example.com + +Medium5{v1}cc1c4db6d4fgps2023-09-29T11:36:37.717654Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtjQuery < 1.9.0 XSS VulnerabilityWeb application abuses6.1summary=jQuery is prone to a cross-site scripting (XSS) +vulnerability.|insight=The jQuery(strInput) function does not differentiate selectors + from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was + HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility + when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input + to be HTML if it explicitly starts with the '<' character, limiting exploitability only to + attackers who can control the beginning of a string, which is far less common.|qodType=remote_banner|solution=Update to version 1.9.0 or later.|solution_type=VendorFix|impact=|affected=jQuery prior to version 1.9.0.Medium6.180remote_bannerInstalled version: 1.3.2 +Fixed version: 1.9.0 +Installation +path / port: /mutillidae/javascript/ddsmoothmenu/jquery.min.js + +Detection info (see OID: 127.0.0.1.4.1.25127.0.0.1658 for more info): +- Identified file: http://127.0.0.1/mutillidae/javascript/ddsmoothmenu/jquery.min.js +- Referenced at: http://127.0.0.1/mutillidae/ +Medium5{v1}44d224b77c4gps2023-09-29T11:36:37.717662Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki < 6.1.0 XSS VulnerabilityWeb application abuses6.1summary=bin/statistics in TWiki 6.0.2 allows XSS via the webs parameter.|insight=|qodType=remote_banner|solution=Update to version 6.1.0 or later.|solution_type=VendorFix|impact=|affected=TWiki version 6.0.2 and probably prior.Medium6.180remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 6.1.0 + +Medium5{v1}e70046de17fgps2023-09-29T11:36:37.717670Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki Cross-Site Request Forgery VulnerabilityWeb application abuses6.0summary=TWiki is prone to a cross-site request forgery (CSRF) vulnerability.|insight=Remote authenticated user can create a specially crafted image tag that, + when viewed by the target user, will update pages on the target system with the privileges of the target user + via HTTP requests.|qodType=remote_banner|solution=Upgrade to version 4.3.1 or later.|solution_type=VendorFix|impact=Successful exploitation will allow attacker to gain administrative + privileges on the target application and can cause CSRF attack.|affected=TWiki version prior to 4.3.1Medium6.080remote_bannerInstalled version: 01.Feb.2003 +Fixed version: 4.3.1 + +Medium5{v1}71c655fd352gps2023-09-29T11:36:37.717677Z{v1}e2eec5b536a{v1}b6b9f466d63445/tcpnvtSamba MS-RPC Remote Shell Command Execution Vulnerability - Active CheckGain a shell remotely6.0summary=Samba is prone to a vulnerability that allows attackers to +execute arbitrary shell commands because the software fails to sanitize user-supplied input.|insight=|qodType=remote_vul|solution=Updates are available. Please see the referenced vendor advisory.|solution_type=VendorFix|impact=An attacker may leverage this issue to execute arbitrary shell + commands on an affected system with the privileges of the application.|affected=This issue affects Samba 3.0.0 through 3.0.25rc3.Medium6.099remote_vulMedium5{v1}e79b358813fgps2023-09-29T11:36:37.717686Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Deprecated SSLv2 and SSLv3 Protocol DetectionSSL and TLS5.9summary=It was possible to detect the usage of the deprecated SSLv2 +and/or SSLv3 protocol on this system.|insight=The SSLv2 and SSLv3 protocols contain known cryptographic + flaws like: + + - CVE-2014-3566: Padding Oracle On Downgraded Legacy Encryption (POODLE) + + - CVE-2016-0800: Decrypting RSA with Obsolete and Weakened eNcryption (DROWN)|qodType=remote_app|solution=It is recommended to disable the deprecated SSLv2 and/or SSLv3 +protocols in favor of the TLSv1.2+ protocols. Please see the references for more information.|solution_type=Mitigation|impact=An attacker might be able to use the known cryptographic flaws to + eavesdrop the connection between clients and the service to get access to sensitive data + transferred within the secured connection. + + Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates + anymore.|affected=All services providing an encrypted communication using the + SSLv2 and/or SSLv3 protocols.Medium5.998remote_appIn addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 127.0.0.1.4.1.25127.0.0.1067) VT. +Medium5{v1}75693259c28gps2023-09-29T11:36:37.717697Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtHTTP Debugging Methods (TRACE/TRACK) EnabledWeb Servers5.8summary=The remote web server supports the TRACE and/or TRACK +methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.|insight=It has been shown that web servers supporting this methods + are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in + conjunction with various weaknesses in browsers.|qodType=remote_vul|solution=Disable the TRACE and TRACK methods in your web server +configuration. + +Please see the manual of your web server or the references for more information.|solution_type=Mitigation|impact=An attacker may use this flaw to trick your legitimate web + users to give him their credentials.|affected=Web servers with enabled TRACE and/or TRACK methods.Medium5.899remote_vulThe web server has the following HTTP methods enabled: TRACE +Medium5{v1}316b754124fgps2023-09-29T11:36:37.717709Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Key Exchange (KEX) Algorithm(s) Supported (SSH)General5.3summary=The remote SSH server is configured to allow / support weak key +exchange (KEX) algorithm(s).|insight=- 1024-bit MODP group / prime KEX algorithms: + + Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key + exchange. Practitioners believed this was safe as long as new key exchange messages were generated + for every connection. However, the first step in the number field sieve-the most efficient + algorithm for breaking a Diffie-Hellman connection-is dependent only on this prime. + + A nation-state can break a 1024-bit prime.|qodType=remote_banner|solution=Disable the reported weak KEX algorithm(s) + +- 1024-bit MODP group / prime KEX algorithms: + +Alternatively use elliptic-curve Diffie-Hellmann in general, e.g. Curve 25519.|solution_type=Mitigation|impact=An attacker can quickly break individual connections.|affected=Medium5.380remote_bannerThe remote SSH server supports the following weak KEX algorithm(s): + +KEX algorithm | Reason +------------------------------------------------------------------------------------------- +diffie-hellman-group-exchange-sha1 | Using SHA-1 +diffie-hellman-group1-sha1 | Using Oakley Group 2 (a 1024-bit MODP group) and SHA-1 +Medium5{v1}79868c7d9b2gps2023-09-29T11:36:37.717720Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Host Key Algorithm(s) (SSH)General5.3summary=The remote SSH server is configured to allow / support weak host +key algorithm(s).|insight=|qodType=remote_banner|solution=Disable the reported weak host key algorithm(s).|solution_type=Mitigation|impact=|affected=Medium5.380remote_bannerThe remote SSH server supports the following weak host key algorithm(s): + +host key algorithm | Description +----------------------------------------------------------------------------------------- +ssh-dss | Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS) +Medium5{v1}e3e389ce2bagps2023-09-29T11:36:37.717728Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Report Weak Cipher SuitesSSL and TLS5.0summary=This routine reports all Weak SSL/TLS cipher suites accepted +by a service. + +NOTE: No severity for SMTP services with 'Opportunistic TLS' and weak cipher suites on port +25/tcp is reported. If too strong cipher suites are configured for this service the alternative +would be to fall back to an even more insecure cleartext communication.|insight=These rules are applied for the evaluation of the cryptographic + strength: + + - RC4 is considered to be weak (CVE-2013-2566, CVE-2015-2808) + + - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods + and therefore considered as weak (CVE-2015-4000) + + - 1024 bit RSA authentication is considered to be insecure and therefore as weak + + - Any cipher considered to be secure for only the next 10 years is considered as medium + + - Any other cipher is considered as strong|qodType=remote_app|solution=The configuration of this services should be changed so +that it does not accept the listed weak cipher suites anymore. + +Please see the references for more resources supporting you with this task.|solution_type=Mitigation|impact=|affected=Medium5.098remote_app'Weak' cipher suites accepted by this service via the SSLv3 protocol: + +TLS_RSA_WITH_RC4_128_SHA + +'Weak' cipher suites accepted by this service via the TLSv1.0 protocol: + +TLS_RSA_WITH_RC4_128_SHA + + +Medium5{v1}66ec0c4c6a4gps2023-09-29T11:36:37.717749Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvt/doc directory browsableWeb application abuses5.0summary=The /doc directory is browsable. +/doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.|insight=|qodType=remote_banner|solution=Use access restrictions for the /doc directory. +If you use Apache you might use this in your access.conf: + +<Directory /usr/doc> +AllowOverride None +order deny, allow +deny from all +allow from localhost +</Directory>|solution_type=Mitigation|impact=|affected=Medium5.080remote_bannerVulnerable URL: http://127.0.0.1/doc/ +Medium5{v1}fec842e796egps2023-09-29T11:36:37.717762Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Certificate ExpiredSSL and TLS5.0summary=The remote server's SSL/TLS certificate has already expired.|insight=This script checks expiry dates of certificates associated with + SSL/TLS-enabled services on the target and reports whether any have already expired.|qodType=remote_vul|solution=Replace the SSL/TLS certificate by a new one.|solution_type=Mitigation|impact=|affected=Medium5.099remote_vulThe certificate of the remote service expired on 2010-04-16 14:07:45. + +Certificate details: +fingerprint (SHA-1) | ED093088706603BFD5DC237399B498DA2D4D31C6 +fingerprint (SHA-256) | E7A7FA0D63E457C7C4A59B38B70849C6A70BDA6F830C7AF1E32DEE436DE813CC +issued by | 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +public key size (bits) | 1024 +serial | 00FAF93A4C7FB6B9CC +signature algorithm | sha1WithRSAEncryption +subject | 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +subject alternative names (SAN) | None +valid from | 2010-03-17 14:07:45 UTC +valid until | 2010-04-16 14:07:45 UTC +Medium5{v1}bccd1cd5b97gps2023-09-29T11:36:37.717769Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtawiki <= 20100125 Multiple LFI Vulnerabilities - Active CheckWeb application abuses5.0summary=awiki is prone to multiple local file include (LFI) +vulnerabilities because it fails to properly sanitize user-supplied input.|insight=|qodType=remote_vul|solution=No known solution was made available for at least one year +since the disclosure of this vulnerability. Likely none will be provided anymore. General +solution options are to upgrade to a newer release, disable respective features, remove the +product or replace the product by another one.|solution_type=WillNotFix|impact=An attacker can exploit this vulnerability to obtain potentially + sensitive information and execute arbitrary local scripts in the context of the webserver + process. This may allow the attacker to compromise the application and the host.|affected=awiki version 20100125 and prior.Medium5.099remote_vulVulnerable URL: http://127.0.0.1/mutillidae/index.php?page=/etc/passwd +Medium5{v1}68aaba31879gps2023-09-29T11:36:37.717783Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtCleartext Transmission of Sensitive Information via HTTPWeb application abuses4.8summary=The host / application transmits sensitive information (username, passwords) in +cleartext via HTTP.|insight=|qodType=remote_banner|solution=Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. +Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before +allowing to input sensitive data into the mentioned functions.|solution_type=Workaround|impact=An attacker could use this situation to compromise or eavesdrop on the + HTTP communication between the client and the server using a man-in-the-middle attack to get access to + sensitive data like usernames or passwords.|affected=Hosts / applications which doesn't enforce the transmission of sensitive data via an + encrypted SSL/TLS connection.Medium4.880remote_bannerThe following input fields were identified (URL:input name): + +http://127.0.0.1/dvwa/login.php:password +http://127.0.0.1/phpMyAdmin/:pma_password +http://127.0.0.1/phpMyAdmin/?D=A:pma_password +http://127.0.0.1/tikiwiki/tiki-install.php:pass +http://127.0.0.1/twiki/bin/view/TWiki/TWikiUserAuthentication:oldpassword +Medium5{v1}4406907af6bgps2023-09-29T11:36:37.717794Z{v1}e2eec5b536a{v1}b6b9f466d635900/tcpnvtVNC Server Unencrypted Data TransmissionGeneral4.8summary=The remote host is running a VNC server providing one or more insecure or +cryptographically weak Security Type(s) not intended for use on untrusted networks.|insight=|qodType=remote_analysis|solution=Run the session over an encrypted channel provided by IPsec [RFC4301] or SSH [RFC4254]. +Some VNC server vendors are also providing more secure Security Types within their products.|solution_type=Mitigation|impact=An attacker can uncover sensitive data by sniffing traffic to the + VNC server.|affected=Medium4.870remote_analysisThe VNC server provides the following insecure or cryptographically weak Security Type(s): + +2 (VNC authentication) +Medium5{v1}1fa3ebb87ecgps2023-09-29T11:36:37.717806Z{v1}e2eec5b536a{v1}b6b9f466d6321/tcpnvtFTP Unencrypted Cleartext LoginGeneral4.8summary=The remote host is running a FTP service that allows cleartext logins over +unencrypted connections.|insight=|qodType=remote_analysis|solution=Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see +the manual of the FTP service for more information.|solution_type=Mitigation|impact=An attacker can uncover login names and passwords by sniffing traffic to the + FTP service.|affected=Medium4.870remote_analysisThe remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s): + +Non-anonymous sessions: 331 Please specify the password. +Anonymous sessions: 331 Please specify the password. +Medium5{v1}1fa3ebb87ecgps2023-09-29T11:36:37.717816Z{v1}e2eec5b536a{v1}b6b9f466d632121/tcpnvtFTP Unencrypted Cleartext LoginGeneral4.8summary=The remote host is running a FTP service that allows cleartext logins over +unencrypted connections.|insight=|qodType=remote_analysis|solution=Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see +the manual of the FTP service for more information.|solution_type=Mitigation|impact=An attacker can uncover login names and passwords by sniffing traffic to the + FTP service.|affected=Medium4.870remote_analysisThe remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s): + +Non-anonymous sessions: 331 Password required for openvasvt +Anonymous sessions: 331 Password required for anonymous +Medium5{v1}e79b358813fgps2023-09-29T11:36:37.717825Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol DetectionSSL and TLS4.3summary=It was possible to detect the usage of the deprecated TLSv1.0 +and/or TLSv1.1 protocol on this system.|insight=The TLSv1.0 and TLSv1.1 protocols contain known cryptographic + flaws like: + + - CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST) + + - CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy + Encryption (FREAK)|qodType=remote_app|solution=It is recommended to disable the deprecated TLSv1.0 and/or +TLSv1.1 protocols in favor of the TLSv1.2+ protocols. Please see the references for more +information.|solution_type=Mitigation|impact=An attacker might be able to use the known cryptographic flaws + to eavesdrop the connection between clients and the service to get access to sensitive data + transferred within the secured connection. + + Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates + anymore.|affected=All services providing an encrypted communication using the + TLSv1.0 and/or TLSv1.1 protocols.Medium4.398remote_appThe service is only providing the deprecated TLSv1.0 protocol and supports one or more ciphers. Those supported ciphers can be found in the 'SSL/TLS: Report Supported Cipher Suites' (OID: 127.0.0.1.4.1.25127.0.0.1067) VT. +Medium5{v1}9c322581ba5gps2023-09-29T11:36:37.717836Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtphpMyAdmin 'error.php' Cross Site Scripting VulnerabilityWeb application abuses4.3summary=phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.|insight=The flaw is caused by input validation errors in the 'error.php' +script when processing crafted BBcode tags containing '@' characters, which +could allow attackers to inject arbitrary HTML code within the error page +and conduct phishing attacks.|qodType=remote_vul|solution=No known solution was made available for at least one year since the disclosure +of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer +release, disable respective features, remove the product or replace the product by another one.|solution_type=WillNotFix|impact=Successful exploitation will allow attackers to inject arbitrary +HTML code within the error page and conduct phishing attacks.|affected=phpMyAdmin version 3.3.8.1 and prior.Medium4.399remote_vulMedium5{v1}2b0831858b0gps2023-09-29T11:36:37.717847Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtjQuery < 1.6.3 XSS VulnerabilityWeb application abuses4.3summary=jQuery is prone to a cross-site scripting (XSS) +vulnerability.|insight=Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, + when using location.hash to select elements, allows remote attackers to inject arbitrary web + script or HTML via a crafted tag.|qodType=remote_banner|solution=Update to version 1.6.3 or later.|solution_type=VendorFix|impact=|affected=jQuery prior to version 1.6.3.Medium4.380remote_bannerInstalled version: 1.3.2 +Fixed version: 1.6.3 +Installation +path / port: /mutillidae/javascript/ddsmoothmenu/jquery.min.js + +Detection info (see OID: 127.0.0.1.4.1.25127.0.0.1658 for more info): +- Identified file: http://127.0.0.1/mutillidae/javascript/ddsmoothmenu/jquery.min.js +- Referenced at: http://127.0.0.1/mutillidae/ +Medium5{v1}55390940921gps2023-09-29T11:36:37.717855Z{v1}e2eec5b536a{v1}b6b9f466d6322/tcpnvtWeak Encryption Algorithm(s) Supported (SSH)General4.3summary=The remote SSH server is configured to allow / support weak +encryption algorithm(s).|insight=- The 'arcfour' cipher is the Arcfour stream cipher with 128-bit + keys. The Arcfour cipher is believed to be compatible with the RC4 cipher [SCHNEIER]. Arcfour + (and RC4) has problems with weak keys, and should not be used anymore. + + - The 'none' algorithm specifies that no encryption is to be done. Note that this method provides + no confidentiality protection, and it is NOT RECOMMENDED to use it. + + - A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to + recover plaintext from a block of ciphertext.|qodType=remote_active|solution=Disable the reported weak encryption algorithm(s).|solution_type=Mitigation|impact=|affected=Medium4.395remote_activeThe remote SSH server supports the following weak client-to-server encryption algorithm(s): + +3des-cbc +aes128-cbc +aes192-cbc +aes256-cbc +arcfour +arcfour128 +arcfour256 +blowfish-cbc +cast128-cbc +rijndael-cbc@lysator.liu.se + + +The remote SSH server supports the following weak server-to-client encryption algorithm(s): + +3des-cbc +aes128-cbc +aes192-cbc +aes256-cbc +arcfour +arcfour128 +arcfour256 +blowfish-cbc +cast128-cbc +rijndael-cbc@lysator.liu.se +Medium5{v1}1fe916ed11dgps2023-09-29T11:36:37.717864Z{v1}e2eec5b536a{v1}b6b9f466d6380/tcpnvtTWiki 'organization' Cross-Site Scripting VulnerabilityWeb application abuses4.3summary=TWiki is prone to a cross-site scripting (XSS) vulnerability.|insight=The flaw is due to an improper validation of user-supplied input + to the 'organization' field when registering or editing a user, which allows attackers to execute + arbitrary HTML and script code in a user's browser session in the context of an affected site.|qodType=remote_analysis|solution=No known solution was made available for at least one year +since the disclosure of this vulnerability. Likely none will be provided anymore. General solution +options are to upgrade to a newer release, disable respective features, remove the product or +replace the product by another one.|solution_type=WillNotFix|impact=Successful exploitation will allow remote attackers to insert + arbitrary HTML and script code, which will be executed in a user's browser + session in the context of an affected site.|affected=TWiki version 5.1.1 and priorMedium4.370remote_analysisVulnerable URL: http://127.0.0.1/twiki/bin/view/Main/CccCcc +Medium5{v1}101c559718cgps2023-09-29T11:36:37.717875Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength VulnerabilitySSL and TLS4.0summary=The SSL/TLS service uses Diffie-Hellman groups with insufficient strength +(key size < 2048).|insight=The Diffie-Hellman group are some big numbers that are used as base for + the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size + of these parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really + powerful attackers like governments.|qodType=remote_banner|solution=Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use +a 2048-bit or stronger Diffie-Hellman group (see the references). + +For Apache Web Servers: +Beginning with version 2.4.7, mod_ssl will use DH parameters which include primes with lengths of more than 1024 bits.|solution_type=Workaround|impact=An attacker might be able to decrypt the SSL/TLS communication offline.|affected=4.080remote_bannerServer Temporary Key Size: 1024 bits + +5{v1}fec842e796egps2023-09-29T11:36:37.717887Z{v1}e2eec5b536a{v1}b6b9f466d635432/tcpnvtSSL/TLS: Certificate Signed Using A Weak Signature AlgorithmSSL and TLS4.0summary=The remote service is using a SSL/TLS certificate in the certificate chain that has been signed using a +cryptographically weak hashing algorithm.|insight=The following hashing algorithms used for signing SSL/TLS certificates are considered cryptographically weak + and not secure enough for ongoing use: + + - Secure Hash Algorithm 1 (SHA-1) + + - Message Digest 5 (MD5) + + - Message Digest 4 (MD4) + + - Message Digest 2 (MD2) + + Beginning as late as January 2017 and as early as June 2016, browser developers such as Microsoft and Google will begin warning users when visiting + web sites that use SHA-1 signed Secure Socket Layer (SSL) certificates. + + NOTE: The script preference allows to set one or more custom SHA-1 fingerprints of CA certificates which are trusted by this routine. The fingerprints + needs to be passed comma-separated and case-insensitive: + + Fingerprint1 + + or + + fingerprint1, Fingerprint2|qodType=remote_banner|solution=Servers that use SSL/TLS certificates signed with a weak SHA-1, MD5, MD4 or MD2 hashing algorithm will need to obtain new +SHA-2 signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.|solution_type=Mitigation|impact=|affected=4.080remote_bannerThe following certificates are part of the certificate chain but using insecure signature algorithms: + +Subject: 127.0.0.1127.0.0.1=#726F6F74407562756E74753830342D626173652E6C6F63616C646F6D61696E,CN=ubuntu804-base.localdomain,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX +Signature Algorithm: sha1WithRSAEncryption + + +500000000000000000{v1}e2eec5b536a2023-09-26T10:50:34Z2023-09-26T13:04:00Z444201923002023-09-26T13:04:00Z \ No newline at end of file diff --git a/unittests/scans/openvas/no_vuln.xml b/unittests/scans/openvas/no_vuln.xml new file mode 100644 index 00000000000..7f0ea2e69c9 --- /dev/null +++ b/unittests/scans/openvas/no_vuln.xml @@ -0,0 +1 @@ +gpsHP-scan2023-10-04T21:34:09.251181Z00HP-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done000000HP-scan0Target100.00Network Source Interfacesource_iface2023-09-25T10:46:09Z2023-09-25T10:46:09ZCoordinated Universal TimeUTC0000000000000000002023-09-25T10:54:26Z \ No newline at end of file diff --git a/unittests/scans/openvas/one_vuln.xml b/unittests/scans/openvas/one_vuln.xml new file mode 100644 index 00000000000..7a22e01825c --- /dev/null +++ b/unittests/scans/openvas/one_vuln.xml @@ -0,0 +1,34 @@ +gpsdc01-testlab-scan2023-10-04T21:40:07.211438Z00dc01-testlab-scanXML9.0descendingseverityapply_overrides=0 levels=hml rows=-1 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1nistNVD Vulnerability Severity RatingsNone0.00.0Low0.13.9Medium4.06.9High7.010.0Done101000dc01-testlab-scan0Target100.00Network Source Interfacesource_iface2023-09-28T14:48:02Z2023-09-28T14:48:02ZCoordinated Universal TimeUTC1general/tcp10.0.101.210.0HighMozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windowsgps2023-10-04T21:40:07.211472Z10.0.101.2general/tcpnvtMozilla Firefox Security Update (mfsa_2023-32_2023-36) - WindowsGeneral10.0summary=Mozilla Firefox is prone to multiple vulnerabilities.|insight=Multiple flaws exist due to, + + - Memory corruption in IPC CanvasTranslator. + + - Memory corruption in IPC ColorPickerShownCallback. + + - Memory corruption in IPC FilePickerShownCallback. + + - Integer Overflow in RecordedSourceSurfaceCreation. + + - Memory corruption in JIT UpdateRegExpStatics. + + - Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. + + - Persisted search terms were formatted as URLs. + + - Push notifications saved to disk unencrypted. + + - XLL file extensions were downloadable without warnings. + + - Browsing Context potentially not cleared when closing Private Window. + + - Memory safety bugs.|qodType=registry|solution=Upgrade to version 117 or later, +Please see the references for more information.|solution_type=VendorFix|impact=Successful exploitation will allow + attackers to run arbitrary code, cause denial of service and disclose + sensitive information on affected systems.|affected=Mozilla Firefox version before + 117 on Windows.High10.097registryInstalled version: 116.0.3 +Fixed version: 117 +Installation +path / port: C:\Program Files\Mozilla Firefox + +High5 + +0000000000000000010.0.101.22023-09-28T14:48:02Z2023-09-28T16:12:15Z11000002023-09-28T16:12:15Z \ No newline at end of file diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_cwe.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_cwe.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_cwe.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_cwe.json index bdc4e6ab621..c794ccbd0f3 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_cwe.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_cwe.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "", - "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "", + "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_reference.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_reference.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_reference.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_reference.json index 116ce993cbd..bb979c60b27 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_reference.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_empty_reference.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_cwe.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_cwe.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_cwe.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_cwe.json index 36a139c8226..241ce8d0c83 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_cwe.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_cwe.json @@ -1,23 +1,23 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_reference.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_reference.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_reference.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_reference.json index 46376bc7dbc..6952935e816 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_reference.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_missing_reference.json @@ -1,23 +1,23 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_multiple_vulns.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_multiple_vulns.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_multiple_vulns.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_multiple_vulns.json index dd891e2713f..547ee5273c9 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_multiple_vulns.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_multiple_vulns.json @@ -1,43 +1,43 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }, - { - "Package": { - "pm": "npm", - "group": "None", - "name": "axios", - "version": "0.19.2", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "f7fc0998-d7c0-4f98-aba5-661f7db01bfd", - "title": "[CVE-2020-28168] Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerabi...", - "description": "Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.", - "cvssScore": "5.9", - "cvssVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "cwe": "None", - "reference": "https://ossindex.sonatype.org/vuln/f7fc0998-d7c0-4f98-aba5-661f7db01bfd?component-type=npm&component-name=axios&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }, + { + "Package": { + "pm": "npm", + "group": "None", + "name": "axios", + "version": "0.19.2", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "f7fc0998-d7c0-4f98-aba5-661f7db01bfd", + "title": "[CVE-2020-28168] Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerabi...", + "description": "Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.", + "cvssScore": "5.9", + "cvssVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "cwe": "None", + "reference": "https://ossindex.sonatype.org/vuln/f7fc0998-d7c0-4f98-aba5-661f7db01bfd?component-type=npm&component-name=axios&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_no_vuln.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_no_vuln.json similarity index 94% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_no_vuln.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_no_vuln.json index aaddc352542..6182534c20f 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_no_vuln.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_no_vuln.json @@ -1,5 +1,5 @@ -{ - "Packages Audited": 0, - "Vulnerabilities Found": 0, - "Packages": [] -} +{ + "Packages Audited": 0, + "Vulnerabilities Found": 0, + "Packages": [] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_null_cwe.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_null_cwe.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_null_cwe.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_null_cwe.json index 692f9c15471..7f61565fb47 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_null_cwe.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_null_cwe.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": null, - "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": null, + "reference": "https://snyk.io/vuln/search?q=react-dom&type=npm, https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_one_vuln.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_one_vuln.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_one_vuln.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_one_vuln.json index 29fde3ccb5c..2bf3e6873be 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_one_vuln.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_one_vuln.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "6.1", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "6.1", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_critical.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_critical.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_critical.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_critical.json index cba207a4ffc..98099234f60 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_critical.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_critical.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "9.5", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "9.5", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_high.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_high.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_high.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_high.json index 5e5cbe0af61..b654175eefe 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_high.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_high.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "8.0", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "8.0", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_info.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_info.json similarity index 98% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_info.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_info.json index 82572e9d144..4a99729a2e5 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_info.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_info.json @@ -1,41 +1,41 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - }, - { - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "11.0", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - }, - { - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + }, + { + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "11.0", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + }, + { + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_low.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_low.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_low.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_low.json index 29a08d9546d..0f00b8194b6 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_low.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_low.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": ".5", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": ".5", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_medium.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_medium.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_medium.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_medium.json index 5f57488c06e..e47cbd62059 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_medium.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_severity_medium.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "5.0", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "5.0", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_vuln_no_cvssscore.json b/unittests/scans/ossindex_devaudit/ossindex_devaudit_vuln_no_cvssscore.json similarity index 97% rename from unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_vuln_no_cvssscore.json rename to unittests/scans/ossindex_devaudit/ossindex_devaudit_vuln_no_cvssscore.json index 3eaf1ad0689..23b55b0b414 100644 --- a/unittests/scans/ossindex_devaudit_sample/ossindex_devaudit_vuln_no_cvssscore.json +++ b/unittests/scans/ossindex_devaudit/ossindex_devaudit_vuln_no_cvssscore.json @@ -1,24 +1,24 @@ -{ - "Packages Audited": 1, - "Vulnerabilities Found": 1, - "Packages": [ - { - "Package": { - "pm": "npm", - "group": "None", - "name": "react-dom", - "version": "16.4.1", - "vendor": "None" - }, - "Vulnerabilities": [{ - "id": "422fd048-4155-4213-8126-75b4c3135820", - "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", - "cvssScore": "", - "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "cwe": "CWE-79", - "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" - } - ] - }] -} +{ + "Packages Audited": 1, + "Vulnerabilities Found": 1, + "Packages": [ + { + "Package": { + "pm": "npm", + "group": "None", + "name": "react-dom", + "version": "16.4.1", + "vendor": "None" + }, + "Vulnerabilities": [{ + "id": "422fd048-4155-4213-8126-75b4c3135820", + "title": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", + "cvssScore": "", + "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cwe": "CWE-79", + "reference": "https://ossindex.sonatype.org/vuln/422fd048-4155-4213-8126-75b4c3135820?component-type=npm&component-name=react-dom&utm_source=devaudit&utm_medium=integration&utm_content=3.4" + } + ] + }] +} diff --git a/unittests/scans/php_symfony_security_check_sample/php_symfony_many_vuln.json b/unittests/scans/php_symfony_security_check/php_symfony_many_vuln.json similarity index 100% rename from unittests/scans/php_symfony_security_check_sample/php_symfony_many_vuln.json rename to unittests/scans/php_symfony_security_check/php_symfony_many_vuln.json diff --git a/unittests/scans/php_symfony_security_check_sample/php_symfony_no_vuln.json b/unittests/scans/php_symfony_security_check/php_symfony_no_vuln.json similarity index 100% rename from unittests/scans/php_symfony_security_check_sample/php_symfony_no_vuln.json rename to unittests/scans/php_symfony_security_check/php_symfony_no_vuln.json diff --git a/unittests/scans/php_symfony_security_check_sample/php_symfony_one_vuln.json b/unittests/scans/php_symfony_security_check/php_symfony_one_vuln.json similarity index 100% rename from unittests/scans/php_symfony_security_check_sample/php_symfony_one_vuln.json rename to unittests/scans/php_symfony_security_check/php_symfony_one_vuln.json diff --git a/unittests/scans/pip-audit/empty.json b/unittests/scans/pip_audit/empty.json similarity index 100% rename from unittests/scans/pip-audit/empty.json rename to unittests/scans/pip_audit/empty.json diff --git a/unittests/scans/pip-audit/many_vulns.json b/unittests/scans/pip_audit/many_vulns.json similarity index 100% rename from unittests/scans/pip-audit/many_vulns.json rename to unittests/scans/pip_audit/many_vulns.json diff --git a/unittests/scans/pip-audit/zero_vulns.json b/unittests/scans/pip_audit/zero_vulns.json similarity index 100% rename from unittests/scans/pip-audit/zero_vulns.json rename to unittests/scans/pip_audit/zero_vulns.json diff --git a/unittests/scans/popeye/popeye_many_vul.json b/unittests/scans/popeye/popeye_many_vul.json new file mode 100644 index 00000000000..6e2b6124bee --- /dev/null +++ b/unittests/scans/popeye/popeye_many_vul.json @@ -0,0 +1,1823 @@ +{ + "popeye": { + "score": 67, + "grade": "D", + "sanitizers": [ + { + "sanitizer": "cluster", + "gvr": "cluster", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "Version": [ + { + "group": "__root__", + "gvr": "cluster", + "level": 0, + "message": "[POP-406] K8s version OK" + } + ] + } + }, + { + "sanitizer": "clusterroles", + "gvr": "rbac.authorization.k8s.io/v1/clusterroles", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 1, + "score": 0 + } + }, + { + "sanitizer": "clusterrolebindings", + "gvr": "rbac.authorization.k8s.io/v1/clusterrolebindings", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + } + }, + { + "sanitizer": "configmaps", + "gvr": "v1/configmaps", + "tally": { + "ok": 1, + "info": 1, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/kube-root-ca.crt": [ + { + "group": "__root__", + "gvr": "v1/configmaps", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ] + } + }, + { + "sanitizer": "daemonsets", + "gvr": "apps/v1/daemonsets", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + } + }, + { + "sanitizer": "deployments", + "gvr": "apps/v1/deployments", + "tally": { + "ok": 0, + "info": 0, + "warning": 6, + "error": 2, + "score": 0 + }, + "issues": { + "test-namespace/random": [ + { + "group": "random", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + } + ], + "test-namespace/resource-test": [ + { + "group": "resource-test", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + } + ], + "test-namespace/testing-vuln-2021-44228": [ + { + "group": "vuln-2021-44228", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + } + ], + "test-namespace/testing-resource-1": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + } + ], + "test-namespace/testing-resource-2": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + } + ], + "test-namespace/testing-place": [ + { + "group": "__root__", + "gvr": "apps/v1/deployments", + "level": 3, + "message": "[POP-501] Unhealthy 1 desired but have 0 available" + }, + { + "group": "place", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + } + ], + "test-namespace/testing-resource": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + } + ], + "test-namespace/web": [ + { + "group": "__root__", + "gvr": "apps/v1/deployments", + "level": 3, + "message": "[POP-501] Unhealthy 1 desired but have 0 available" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 80" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 4000" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 9090" + } + ] + } + }, + { + "sanitizer": "horizontalpodautoscalers", + "gvr": "autoscaling/v1/horizontalpodautoscalers", + "tally": { + "ok": 0, + "info": 1, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "": [ + { + "group": "__root__", + "gvr": "autoscaling/v1/horizontalpodautoscalers", + "level": 1, + "message": "[POP-402] No metric-server detected nodes is forbidden: User \"system:serviceaccount:test-namespace:test-namespace-sa\" cannot list resource \"nodes\" in API group \"\" at the cluster scope" + } + ] + } + }, + { + "sanitizer": "ingresses", + "gvr": "networking.k8s.io/v1/ingresses", + "tally": { + "ok": 2, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/testing": [], + "test-namespace/test-ingress": [] + } + }, + { + "sanitizer": "namespaces", + "gvr": "v1/namespaces", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 1, + "score": 0 + } + }, + { + "sanitizer": "networkpolicies", + "gvr": "networking.k8s.io/v1/networkpolicies", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/resource-node-default": [] + } + }, + { + "sanitizer": "persistentvolumes", + "gvr": "v1/persistentvolumes", + "tally": { + "ok": 16, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "pvc-0592cf0d-ae17-437e-b90a-53d9180f5a6b": [], + "pvc-07096b36-91a0-49de-9123-fb163e602bf2": [], + "pvc-0e45c81d-474a-4003-8320-8c49b7a562a6": [], + "pvc-26895cdf-df7f-4dbb-bdc8-d9b5bef51544": [], + "pvc-29e4da1a-346a-487d-940c-e8975b2dfe05": [], + "pvc-40cff458-59cc-4d2e-bf10-fde8ccd7c574": [], + "pvc-518afe1f-2b08-4060-9adb-7108c0cf23c3": [], + "pvc-7bcf4a79-0d29-499c-8e7b-136cf0e1b6cb": [], + "pvc-a9dffad2-a184-475d-ba84-b42980a26c9e": [], + "pvc-b286fc0e-1469-49ad-8e28-1a0e331299de": [], + "pvc-b34639b1-103c-4de5-ba95-25963a648ca8": [], + "pvc-b4e727ad-6dea-4ca2-9549-be2150b484d9": [], + "pvc-c9f4d729-2619-4cdd-ade9-aeca4a25904e": [], + "pvc-e1d45e3b-bd52-41d0-b81a-c0c84991625b": [], + "pvc-ea8d4012-4aa8-44c0-bd38-3c0804c4c39f": [], + "pvc-fd478741-c88c-44d0-8a94-887603ed8dfc": [] + } + }, + { + "sanitizer": "persistentvolumeclaims", + "gvr": "v1/persistentvolumeclaims", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + } + }, + { + "sanitizer": "pods", + "gvr": "v1/pods", + "tally": { + "ok": 0, + "info": 0, + "warning": 29, + "error": 6, + "score": 0 + }, + "issues": { + "test-namespace/random-6cff44dc94-d92km": [ + { + "group": "random", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + }, + { + "group": "random", + "gvr": "containers", + "level": 2, + "message": "[POP-102] No probes defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "random", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/resource-test-6585b7597d-c4xd9": [ + { + "group": "resource-test", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + }, + { + "group": "resource-test", + "gvr": "containers", + "level": 2, + "message": "[POP-102] No probes defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "resource-test", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/test-integration-27962887-jpwzh": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "test-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/scanner-test-integration-27962890-rvb4w": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "scanner-test-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962760-pvdbt": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962775-hg85k": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962791-74b6l": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962806-rx5s8": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962822-q82rj": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962838-h8q8q": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962853-qwnf4": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 3, + "message": "[POP-207] Pod is in an unhappy phase (Failed)" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962869-67z97": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962525-jwbcd": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 3, + "message": "[POP-207] Pod is in an unhappy phase (Failed)" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962540-dhdsn": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962556-w57pq": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962572-4bfh4": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962587-5lbzg": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962603-jc6ds": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962619-r9xxd": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 3, + "message": "[POP-207] Pod is in an unhappy phase (Failed)" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962634-8ffhf": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962650-8xkdr": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962666-bg6fm": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962681-k89hk": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962697-7jmt8": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962713-6x5gg": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962728-4sv7x": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/analysis-integration-env-27962744-qf262": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "analysis-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/testing-vuln-2021-44228-6888d6b7b-zjtt6": [ + { + "group": "vuln-2021-44228", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "vuln-2021-44228", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/testing-resource-65459fc74b-fkgj4": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-205] Pod was restarted (21) times" + }, + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/testing-resource-7c65f94bdb-jprlq": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/testing-place-587cff8d78-q4bdx": [ + { + "group": "place", + "gvr": "containers", + "level": 3, + "message": "[POP-203] Pod is waiting [0/1] CrashLoopBackOff" + }, + { + "group": "place", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + } + ], + "test-namespace/testing-resource-684d9d5bb-5tx5r": [ + { + "group": "resource", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + } + ], + "test-namespace/test-test-0": [ + { + "group": "test", + "gvr": "containers", + "level": 3, + "message": "[POP-100] Untagged docker image in use" + }, + { + "group": "test", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + }, + { + "group": "config-reloader", + "gvr": "containers", + "level": 2, + "message": "[POP-102] No probes defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "init-config-reloader", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "test", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "config-reloader", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/bees-integration-27962807-vmlwd": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "bees-integration-container", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ], + "test-namespace/web-6d947fbdc4-vwslh": [ + { + "group": "__root__", + "gvr": "v1/pods", + "level": 3, + "message": "[POP-207] Pod is in an unhappy phase (Pending)" + }, + { + "group": "web", + "gvr": "containers", + "level": 3, + "message": "[POP-203] Pod is waiting [0/1] ImagePullBackOff" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-101] Image tagged \"latest\" in use" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-102] No probes defined" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 80" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 4000" + }, + { + "group": "web", + "gvr": "containers", + "level": 1, + "message": "[POP-108] Unnamed port 9090" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 1, + "message": "[POP-206] No PodDisruptionBudget defined" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-300] Using \"default\" ServiceAccount" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-301] Connects to API Server? ServiceAccount token is mounted" + }, + { + "group": "web", + "gvr": "containers", + "level": 2, + "message": "[POP-306] Container could be running as root user. Check SecurityContext/Image" + }, + { + "group": "__root__", + "gvr": "v1/pods", + "level": 2, + "message": "[POP-302] Pod could be running as root user. Check SecurityContext/Image" + } + ] + } + }, + { + "sanitizer": "poddisruptionbudgets", + "gvr": "policy/v1/poddisruptionbudgets", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + } + }, + { + "sanitizer": "podsecuritypolicies", + "gvr": "policy/v1beta1/podsecuritypolicies", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 1, + "score": 0 + } + }, + { + "sanitizer": "replicasets", + "gvr": "apps/v1/replicasets", + "tally": { + "ok": 7, + "info": 0, + "warning": 0, + "error": 2, + "score": 77 + }, + "issues": { + "test-namespace/random-6cff44dc94": [], + "test-namespace/resource-test-6585b7597d": [], + "test-namespace/testing-vuln-2021-44228-6888d6b7b": [], + "test-namespace/testing-resource-65459fc74b": [], + "test-namespace/testing-resource-5897677ddb": [], + "test-namespace/testing-resource-7c65f94bdb": [], + "test-namespace/testing-place-587cff8d78": [ + { + "group": "__root__", + "gvr": "apps/v1/replicasets", + "level": 3, + "message": "[POP-1120] Unhealthy ReplicaSet 1 desired but have 0 ready" + } + ], + "test-namespace/testing-resource-684d9d5bb": [], + "test-namespace/web-6d947fbdc4": [ + { + "group": "__root__", + "gvr": "apps/v1/replicasets", + "level": 3, + "message": "[POP-1120] Unhealthy ReplicaSet 1 desired but have 0 ready" + } + ] + } + }, + { + "sanitizer": "roles", + "gvr": "rbac.authorization.k8s.io/v1/roles", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/test-namespace-role": [] + } + }, + { + "sanitizer": "rolebindings", + "gvr": "rbac.authorization.k8s.io/v1/rolebindings", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/test-namespace-role-binding": [] + } + }, + { + "sanitizer": "secrets", + "gvr": "v1/secrets", + "tally": { + "ok": 9, + "info": 5, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/additional-scrape-configs": [ + { + "group": "__root__", + "gvr": "v1/secrets", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ], + "test-namespace/default-token-vjfgc": [ + { + "group": "__root__", + "gvr": "v1/secrets", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ], + "test-namespace/test-integration-config": [], + "test-namespace/scanner-test-integration-config": [], + "test-namespace/analysis-integration-config": [], + "test-namespace/testing-tls": [], + "test-namespace/test-ingress-tls": [], + "test-namespace/test-test": [], + "test-namespace/test-test-tls-assets-0": [ + { + "group": "__root__", + "gvr": "v1/secrets", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ], + "test-namespace/test-test-web-config": [], + "test-namespace/test-token-m5675": [ + { + "group": "__root__", + "gvr": "v1/secrets", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ], + "test-namespace/bees-integration-config": [], + "test-namespace/test-namespace-sa-token-6jr6n": [ + { + "group": "__root__", + "gvr": "v1/secrets", + "level": 1, + "message": "[POP-400] Used? Unable to locate resource reference" + } + ] + } + }, + { + "sanitizer": "services", + "gvr": "v1/services", + "tally": { + "ok": 0, + "info": 0, + "warning": 8, + "error": 0, + "score": 0 + }, + "issues": { + "test-namespace/testing-vuln-2021-44228": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/testing-resource-1": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/testing-resource-3": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/testing-place": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/testing-resource": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/test": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 1, + "message": "[POP-1102] Use of target port #9090 for service port TCP:web:80. Prefer named port" + }, + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/test-operated": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ], + "test-namespace/web": [ + { + "group": "__root__", + "gvr": "v1/services", + "level": 1, + "message": "[POP-1102] Use of target port #80 for service port TCP:80:80. Prefer named port" + }, + { + "group": "__root__", + "gvr": "v1/services", + "level": 1, + "message": "[POP-1102] Use of target port #4000 for service port TCP:4000:4000. Prefer named port" + }, + { + "group": "__root__", + "gvr": "v1/services", + "level": 1, + "message": "[POP-1102] Use of target port #9090 for service port TCP:9090:9090. Prefer named port" + }, + { + "group": "__root__", + "gvr": "v1/services", + "level": 2, + "message": "[POP-1109] Only one Pod associated with this endpoint" + } + ] + } + }, + { + "sanitizer": "serviceaccounts", + "gvr": "v1/serviceaccounts", + "tally": { + "ok": 3, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "test-namespace/default": [], + "test-namespace/test": [], + "test-namespace/test-namespace-sa": [] + } + }, + { + "sanitizer": "statefulsets", + "gvr": "apps/v1/statefulsets", + "tally": { + "ok": 0, + "info": 0, + "warning": 0, + "error": 1, + "score": 0 + }, + "issues": { + "test-namespace/test-test": [ + { + "group": "test", + "gvr": "containers", + "level": 3, + "message": "[POP-100] Untagged docker image in use" + }, + { + "group": "test", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + } + ] + } + } + ] + } +} \ No newline at end of file diff --git a/unittests/scans/popeye/popeye_one_vul.json b/unittests/scans/popeye/popeye_one_vul.json new file mode 100644 index 00000000000..9a3de875beb --- /dev/null +++ b/unittests/scans/popeye/popeye_one_vul.json @@ -0,0 +1,29 @@ +{ + "popeye": { + "score": 89, + "grade": "B", + "sanitizers": [ + { + "sanitizer": "pods", + "gvr": "v1/pods", + "tally": { + "ok": 0, + "info": 0, + "warning": 1, + "error": 0, + "score": 0 + }, + "issues": { + "test-namespace/6cff44dc94-d92km": [ + { + "group": "test-group", + "gvr": "containers", + "level": 2, + "message": "[POP-106] No resources requests/limits defined" + } + ] + } + } + ] + } +} \ No newline at end of file diff --git a/unittests/scans/popeye/popeye_zero_vul.json b/unittests/scans/popeye/popeye_zero_vul.json new file mode 100644 index 00000000000..10837334918 --- /dev/null +++ b/unittests/scans/popeye/popeye_zero_vul.json @@ -0,0 +1,29 @@ +{ + "popeye": { + "score": 100, + "grade": "B", + "sanitizers": [ + { + "sanitizer": "cluster", + "gvr": "cluster", + "tally": { + "ok": 1, + "info": 0, + "warning": 0, + "error": 0, + "score": 100 + }, + "issues": { + "Version": [ + { + "group": "__root__", + "gvr": "cluster", + "level": 0, + "message": "[POP-406] K8s version OK" + } + ] + } + } + ] + } +} \ No newline at end of file diff --git a/unittests/scans/pwn_sast/many_findings.json b/unittests/scans/pwn_sast/many_findings.json new file mode 100644 index 00000000000..18199b652ec --- /dev/null +++ b/unittests/scans/pwn_sast/many_findings.json @@ -0,0 +1,38 @@ +{ + "report_name":"mock_unittest", + "data":[ + { + "timestamp": "2022-07-08 09:11:52.913858476 -0600", + "security_references": { + "sast_module": "PWN::SAST::Eval", + "section": "MALICIOUS CODE PROTECTION", + "nist_800_53_uri": "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3", + "cwe_id": "95", + "cwe_uri": "https://cwe.mitre.org/data/definitions/95.html" + }, + "filename": { + "git_repo_root_uri": "https://mock_unittest.local/mock_binary/tree/dev", + "entry": "request.php" + }, + "line_no_and_contents": [ + { + "line_no": "1430", + "contents": "eval($_REQUEST['search'])", + "author": "Author: Mock User <46459665+mock_user@users.noreply.github.com>\n" + }, + { + "line_no": "8036", + "contents": "eval($_REQUEST['first_name'])", + "author": "Author: Mock Usertwo <99459665+mock_usertwo@users.noreply.github.com\n" + }, + { + "line_no": "8414", + "contents": "eval($_REQUEST['last_name'])", + "author": "Author: Mock Userthree <89723465+mock_userthree@users.noreply.github.com>\n" + } + ], + "raw_content": "1430:eval($_REQUEST['search']),\n8036:eval($_REQUEST['first_name'])\n8414:eval($_REQUEST['last_name'])\n", + "test_case_filter": "\n grep -n 'eval(' ./request.php\n " + } + ] +} diff --git a/unittests/scans/pwn_sast/no_findings.json b/unittests/scans/pwn_sast/no_findings.json new file mode 100644 index 00000000000..d2ce6154619 --- /dev/null +++ b/unittests/scans/pwn_sast/no_findings.json @@ -0,0 +1,4 @@ +{ + "report_name":"mock_unittest", + "data":[] +} diff --git a/unittests/scans/pwn_sast/one_dup_finding.json b/unittests/scans/pwn_sast/one_dup_finding.json new file mode 100644 index 00000000000..5f9d39c1e86 --- /dev/null +++ b/unittests/scans/pwn_sast/one_dup_finding.json @@ -0,0 +1,33 @@ +{ + "report_name":"mock_unittest", + "data":[ + { + "timestamp": "2022-07-08 09:11:52.913858476 -0600", + "security_references": { + "sast_module": "PWN::SAST::Eval", + "section": "MALICIOUS CODE PROTECTION", + "nist_800_53_uri": "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3", + "cwe_id": "95", + "cwe_uri": "https://cwe.mitre.org/data/definitions/95.html" + }, + "filename": { + "git_repo_root_uri": "https://mock_unittest.local/mock_binary/tree/dev", + "entry": "request.php" + }, + "line_no_and_contents": [ + { + "line_no": "8414", + "contents": "eval($_REQUEST['last_name'])", + "author": "Author: Mock Userthree <89723465+mock_userthree@users.noreply.github.com>\n" + }, + { + "line_no": "8414", + "contents": "eval($_REQUEST['last_name'])", + "author": "Author: Mock Userthree <89723465+mock_userthree@users.noreply.github.com>\n" + } + ], + "raw_content": "1430:eval($_REQUEST['search']),\n8036:eval($_REQUEST['first_name'])\n8414:eval($_REQUEST['last_name'])\n", + "test_case_filter": "\n grep -n 'eval(' ./request.php\n " + } + ] +} diff --git a/unittests/scans/pwn_sast/one_finding.json b/unittests/scans/pwn_sast/one_finding.json new file mode 100644 index 00000000000..d9997369cc7 --- /dev/null +++ b/unittests/scans/pwn_sast/one_finding.json @@ -0,0 +1,28 @@ +{ + "report_name":"mock_unittest", + "data":[ + { + "timestamp": "2022-07-08 09:11:52.913858476 -0600", + "security_references": { + "sast_module": "PWN::SAST::Eval", + "section": "MALICIOUS CODE PROTECTION", + "nist_800_53_uri": "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3", + "cwe_id": "95", + "cwe_uri": "https://cwe.mitre.org/data/definitions/95.html" + }, + "filename": { + "git_repo_root_uri": "https://mock_unittest.local/mock_binary/tree/dev", + "entry": "request.php" + }, + "line_no_and_contents": [ + { + "line_no": "8414", + "contents": "eval($_REQUEST['last_name'])", + "author": "Author: Mock Userthree <89723465+mock_userthree@users.noreply.github.com>\n" + } + ], + "raw_content": "1430:eval($_REQUEST['search']),\n8036:eval($_REQUEST['first_name'])\n8414:eval($_REQUEST['last_name'])\n", + "test_case_filter": "\n grep -n 'eval(' ./request.php\n " + } + ] +} diff --git a/unittests/scans/qualys/Qualys_Sample_Report.csv b/unittests/scans/qualys/Qualys_Sample_Report.csv new file mode 100644 index 00000000000..cd5357f0433 --- /dev/null +++ b/unittests/scans/qualys/Qualys_Sample_Report.csv @@ -0,0 +1,54 @@ +"IP","Network","DNS","NetBIOS","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","CVE ID","Vendor Reference","Bugtraq ID","CVSS3","CVSS3 Base","CVSS3 Temporal","Threat","Impact","Solution","Exploitability","Associated Malware","PCI Vuln","Ticket State","Instance","OS CPE","Category","Associated Tags" +"10.98.57.180","Global Default Network","ip-10-98-57-180.eu-west-1.compute.internal","EC2AMAZ-IU0C43L","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","105971","EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected","Active","Vuln","5",,,,,"05/13/2021 07:08:28","05/25/2021 07:36:58","74",,,"Microsoft ASP.NET End of Life",,"7.4","8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)","7.4 (E:U/RL:U/RC:C)","Microsoft ASP.NET 1.0 has reached product End of Life in its support cycle on June 27, 2019 . +No further bug fixes, enhancements, security updates or technical support is available for this version. +QID Detection Logic (Authenticated): +The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.","The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.","Upgrade to the latest supported Microsoft ASP.NET. Refer to dotnet-core (https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-and-net-core).",,,"yes","Open",,,"Security Policy","AWS, Cloud Agent" +"10.98.57.180","Global Default Network","ip-10-98-57-180.eu-west-1.compute.internal","EC2AMAZ-IU0C43L","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","105970","EOL/Obsolete Software: Microsoft ASP.NET 1.1 Detected","Active","Vuln","5",,,,,"05/13/2021 07:08:28","05/25/2021 07:36:58","74",,,"Microsoft ASP.NET End of Life",,"7.4","8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)","7.4 (E:U/RL:U/RC:C)","Microsoft ASP.NET 1.1 has reached product End of Life in its support cycle on June 27, 2019 . +No further bug fixes, enhancements, security updates or technical support is available for this version. +QID Detection Logic (Authenticated): +The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.","The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.","Upgrade to the latest supported Microsoft ASP.NET. Refer to dotnet-core (https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-and-net-core).",,,"yes","Open",,,"Security Policy","AWS, Cloud Agent" +"10.98.57.180","Global Default Network","ip-10-98-57-180.eu-west-1.compute.internal","EC2AMAZ-IU0C43L","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","91762","Microsoft Windows Security Update for May 2021","Active","Vuln","5",,,,,"05/13/2021 07:08:28","05/25/2021 07:36:58","74",,"CVE-2021-31192, CVE-2021-31188, CVE-2021-31170, CVE-2021-28476, CVE-2021-31184, CVE-2021-31190, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208, CVE-2021-31169, CVE-2021-31165, CVE-2021-1720, CVE-2021-28479, CVE-2021-31185, CVE-2021-31194, CVE-2021-31191, CVE-2021-31186, CVE-2021-31205, CVE-2021-31193, CVE-2021-31187, CVE-2020-26144, CVE-2020-24587, CVE-2020-24588","KB5003169, KB5003171, KB5003172, KB5003174, KB5003197, KB5003203, KB5003208, KB5003209, KB5003210, KB5003220, KB5003225, KB5003228, KB5003233",,"8.6","9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)","8.6 (E:U/RL:O/RC:C)","Microsoft releases the security update for Windows May 2021 +The KB Articles associated with the update: +KB5003169 (https://support.microsoft.com/en-us/help/5003169) +KB5003171 (https://support.microsoft.com/en-us/help/5003171) +KB5003172 (https://support.microsoft.com/en-us/help/5003172) +KB5003174 (https://support.microsoft.com/en-us/help/5003174) +KB5003197 (https://support.microsoft.com/en-us/help/5003197) +KB5003203 (https://support.microsoft.com/en-us/help/5003203) +KB5003208 (https://support.microsoft.com/en-us/help/5003208) +KB5003209 (https://support.microsoft.com/en-us/help/5003209) +KB5003210 (https://support.microsoft.com/en-us/help/5003210) +KB5003220 (https://support.microsoft.com/en-us/help/5003220) +KB5003225 (https://support.microsoft.com/en-us/help/5003225) +KB5003228 (https://support.microsoft.com/en-us/help/5003228) +KB5003233 (https://support.microsoft.com/en-us/help/5003233) + This QID checks for the file version of ntoskrnl.exe + The following versions of ntoskrnl.exe with their corresponding KBs are verified: +KB5003169 - +KB5003171 - +KB5003172 - +KB5003174 - +KB5003197 - +KB5003203 - +KB5003208 - +KB5003209 - +KB5003210 - +KB5003220 - +KB5003225 - +KB5003228 - +KB5003233 -","A remote attacker could exploit this vulnerability and execute code on the target system.","Please refer to the Security Update Guide (https://portal.msrc.microsoft.com/en-us/security-guidance) for more information pertaining to these vulnerabilities. + Patch: +Following are links for downloading patches to fix the vulnerabilities: + Microsoft Security Update Guide: WIndows (https://portal.msrc.microsoft.com/en-us/security-guidance)",,,"yes","Open",,,"Windows","AWS, Cloud Agent" +"10.98.57.151","Global Default Network","ip-10-98-57-151.eu-west-1.compute.internal","EC2AMAZ-N4OQ6HS","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","105971","EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected","Active","Vuln","5",,,,,"05/25/2021 15:13:02","06/08/2021 11:08:19","50","06/07/2021 22:53:26",,"Microsoft ASP.NET End of Life",,"7.4","8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)","7.4 (E:U/RL:U/RC:C)","Microsoft ASP.NET 1.0 has reached product End of Life in its support cycle on June 27, 2019 . +No further bug fixes, enhancements, security updates or technical support is available for this version. +QID Detection Logic (Authenticated): +The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.","The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.","Upgrade to the latest supported Microsoft ASP.NET. Refer to dotnet-core (https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-and-net-core).",,,"yes","Open",,,"Security Policy","AWS, Cloud Agent" +"10.98.49.209","Global Default Network","ip-10-98-49-209.eu-west-1.compute.internal","EC2AMAZ-N4OQ6HS","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","105971","EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected","Active","Vuln","5",,,,,"05/26/2021 09:46:37","06/08/2021 12:18:00","44","05/27/2021 00:38:46",,"Microsoft ASP.NET End of Life",,"7.4","8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)","7.4 (E:U/RL:U/RC:C)","Microsoft ASP.NET 1.0 has reached product End of Life in its support cycle on June 27, 2019 . +No further bug fixes, enhancements, security updates or technical support is available for this version. +QID Detection Logic (Authenticated): +The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.","The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.","Upgrade to the latest supported Microsoft ASP.NET. Refer to dotnet-core (https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-and-net-core).",,,"yes","Open",,,"Security Policy","AWS, Cloud Agent" +"10.98.35.11","Global Default Network","ip-10-98-35-11.eu-west-1.compute.internal","EC2AMAZ-N4OQ6HS","QAGENT","Windows Server 2016 Datacenter 64 bit Edition Version 1607","host scanned, found vuln","105971","EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected","Active","Vuln","5",,,,,"06/02/2021 17:08:57","06/08/2021 11:53:11","37",,,"Microsoft ASP.NET End of Life",,"7.4","8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)","7.4 (E:U/RL:U/RC:C)","Microsoft ASP.NET 1.0 has reached product End of Life in its support cycle on June 27, 2019 . +No further bug fixes, enhancements, security updates or technical support is available for this version. +QID Detection Logic (Authenticated): +The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.","The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.","Upgrade to the latest supported Microsoft ASP.NET. Refer to dotnet-core (https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-and-net-core).",,,"yes","Open",,,"Security Policy","AWS, Cloud Agent" diff --git a/unittests/scans/qualys/empty.csv b/unittests/scans/qualys/empty.csv new file mode 100644 index 00000000000..d3602955f3c --- /dev/null +++ b/unittests/scans/qualys/empty.csv @@ -0,0 +1,3 @@ +"IP","Network","DNS","NetBIOS","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","CVE ID","Vendor Reference","Bugtraq ID","CVSS3","CVSS3 Base","CVSS3 Temporal","Threat","Impact","Solution","Exploitability","Associated Malware","PCI Vuln","Ticket State","Instance","OS CPE","Category","Associated Tags" + + diff --git a/unittests/scans/qualys/monthly_pci_issue6932.csv b/unittests/scans/qualys/monthly_pci_issue6932.csv new file mode 100644 index 00000000000..705abdd5112 --- /dev/null +++ b/unittests/scans/qualys/monthly_pci_issue6932.csv @@ -0,0 +1,2 @@ +IP,HOSTNAME,LAST SCAN,QID,VULN TITLE,TYPE,SEVERITY,PORT,PROTOCOL,OPERATING SYSTEM,IS_PCI,FALSE POSITIVE STATUS,CVSS_BASE,Q_SEVERITY,THREAT,IMPACT,SOLUTION,CVSS_TEMPORAL,CATEGORY,RESULT,BUGTRAQID,CVEID +192.168.0.1,abv.xyw.com.fj,22/09/2022 13:01,86476,Web Server Stopped Responding,POTENTIAL,Medium,80,tcp,Linux 2.x,Fail,Requested,6.4,3,The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP / HTTPS requests. Consequently the service aborted testing for HTTP / HTTPS vulnerabilities. The vulnerabilities already detected are still posted. For more details about this QID please review the following Qualys KB article:

                ,The service was unable to complete testing for HTTP / HTTPS vulnerabilities since the Web server stopped responding.,Check the Web server status.

                If the Web server was crashed during the scan please restart the server report the incident to Customer Support and stop scanning the Web server until the issue is resolved.

                If the Web server is unable to process multiple concurrent HTTP / HTTPS requests please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported please contact Customer Support.,6.1,Web server,The web server did not respond for 4 consecutive HTTP requests. After these the service was still unable to connect to the web server 2 minutes later.,-, \ No newline at end of file diff --git a/unittests/scans/redhatsatellite/many_findings.json b/unittests/scans/redhatsatellite/many_findings.json new file mode 100644 index 00000000000..2d381c0b011 --- /dev/null +++ b/unittests/scans/redhatsatellite/many_findings.json @@ -0,0 +1,163 @@ +{ + "total": 6, + "subtotal": 6, + "selectable": 6, + "page": 1, + "per_page": 20, + "error": null, + "search": null, + "sort": { + "by": "updated", + "order": "desc" + }, + "results": [ + { + "id": 1, + "pulp_id": "RHSA-1966:12313", + "title": "Important: firefox security update", + "errata_id": "RHSA-1966:12313", + "issued": "1966-01-02", + "updated": "1966-01-02", + "severity": "Important", + "description": "Mozilla Firefox is an open-source web browser, designed for stox to ves section.", + "solution": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://accee effect.", + "summary": "An update for firefox is now available for Red Hat Entere References section.", + "reboot_suggested": false, + "uuid": "RHSA-1966:12313", + "name": "Important: firefox security update", + "type": "security", + "cves": [ + { + "cve_id": "CVE-1990-1", + "href": "https://access.redhat.com/security/cve/CVE-1990-1" + }, + { + "cve_id": "CVE-1990-2", + "href": "https://access.redhat.com/security/cve/CVE-1990-2" + }, + { + "cve_id": "CVE-1990-3", + "href": "https://access.redhat.com/security/cve/CVE-1990-3" + }, + { + "cve_id": "CVE-1990-4", + "href": "https://access.redhat.com/security/cve/CVE-1990-4" + }, + { + "cve_id": "CVE-1990-5", + "href": "https://access.redhat.com/security/cve/CVE-1990-5" + } + ], + "bugs": [ + { + "bug_id": "2255360", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=2255360" + }, + { + "bug_id": "2255361", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=2255361" + }, + { + "bug_id": "2255362", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=2255362" + }, + { + "bug_id": "2255370", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=2255370" + } + ], + "hosts_available_count": 1, + "hosts_applicable_count": 1, + "packages": [ + "firefox-11", + "firefox-1" + ], + "module_streams": [], + "installable": true + }, + { + "id": 2, + "pulp_id": "RHSA-1966:0013", + "title": "Important: gstreamer1-plugins-bad-free security update", + "errata_id": "RHSA-1966:0013", + "issued": "1966-01-02", + "updated": "1966-01-02", + "severity": "Important", + "description": "G is a on.", + "solution": "For details on how to apply this update, w8", + "summary": "An updaten.", + "reboot_suggested": false, + "uuid": "RHSA-1966:0013", + "name": "Important: gstreamer1-plugins-bad-free security update", + "type": "security", + "cves": [ + { + "cve_id": "CVE-1990-222", + "href": "https://access.redhat.com/security/cve/CVE-1990-222" + } + ], + "bugs": [ + { + "bug_id": "333", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=333" + } + ], + "hosts_available_count": 2, + "hosts_applicable_count": 2, + "packages": [ + "g", + "g64", + "g5", + "g4" + ], + "module_streams": [], + "installable": true + }, + { + "id": 3, + "pulp_id": "RHSA-1966:0009", + "title": "Importantity update", + "errata_id": "RHSA-1966:0009", + "issued": "1966-01-02", + "updated": "1966-01-02", + "severity": "Important", + "description": "n.", + "solution": "For details on how to apply8", + "summary": "An updaton.", + "reboot_suggested": false, + "uuid": "RHSA-1966:0009", + "name": "Importity update", + "type": "security", + "cves": [ + { + "cve_id": "CVE-1990-6377", + "href": "https://access.redhat.com/security/cve/CVE-1990-6377" + }, + { + "cve_id": "CVE-1990-6478", + "href": "https://access.redhat.com/security/cve/CVE-1990-6478" + } + ], + "bugs": [ + { + "bug_id": "33", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=33" + }, + { + "bug_id": "123", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=123" + } + ], + "hosts_available_count": 3, + "hosts_applicable_count": 3, + "packages": [ + "asfjoiwefjoewfjo1", + "asfjoiwefjoewfjo2", + "asfjoiwefjoewfjo3", + "asfjoiwefjoewfjo4" + ], + "module_streams": [], + "installable": true + } + ] +} \ No newline at end of file diff --git a/unittests/scans/redhatsatellite/no_findings.json b/unittests/scans/redhatsatellite/no_findings.json new file mode 100644 index 00000000000..42a33038e69 --- /dev/null +++ b/unittests/scans/redhatsatellite/no_findings.json @@ -0,0 +1,14 @@ +{ + "total": 0, + "subtotal": 0, + "selectable": 0, + "page": 1, + "per_page": 20, + "error": null, + "search": null, + "sort": { + "by": "updated", + "order": "desc" + }, + "results": [] +} \ No newline at end of file diff --git a/unittests/scans/redhatsatellite/one_finding.json b/unittests/scans/redhatsatellite/one_finding.json new file mode 100644 index 00000000000..ff5a1c1c054 --- /dev/null +++ b/unittests/scans/redhatsatellite/one_finding.json @@ -0,0 +1,47 @@ +{ + "total": 3, + "subtotal": 3, + "selectable": 3, + "page": 1, + "per_page": 20, + "error": null, + "search": null, + "sort": { + "by": "updated", + "order": "desc" + }, + "results": [ + { + "id": 1, + "pulp_id": "RHBA-1978:1", + "title": "Satellite 6 Client Bug Fix Update", + "errata_id": "RHBA-1978:1", + "issued": "1978-07-12", + "updated": "1978-07-12", + "severity": "None", + "description": "Red Hat Satellite is a system gs.", + "solution": "Before applyindex", + "summary": "Updated Satelliellite.", + "reboot_suggested": false, + "uuid": "RHBA-1978:1", + "name": "Satellite 6 Client Bug Fix Update", + "type": "bugfix", + "cves": [], + "bugs": [ + { + "bug_id": "3", + "href": "https://bugzilla.redhat.com/show_bug.cgi?id=3" + } + ], + "hosts_available_count": 9, + "hosts_applicable_count": 9, + "packages": [ + "asdf-fwje0-12.21.12.33.1", + "asdf-fwje0-12.21.12.33.2", + "asdf-fwje0-12.21.12.33.3" + ], + "module_streams": [], + "installable": true + } + ] +} \ No newline at end of file diff --git a/unittests/scans/rubocop/empty.json b/unittests/scans/rubocop/empty.json new file mode 100644 index 00000000000..87beb8d6b2a --- /dev/null +++ b/unittests/scans/rubocop/empty.json @@ -0,0 +1,15 @@ +{ + "metadata": { + "rubocop_version": "1.13.0", + "ruby_engine": "ruby", + "ruby_version": "3.0.3", + "ruby_patchlevel": "157", + "ruby_platform": "x86_64-linux" + }, + "files": [], + "summary": { + "offense_count": 0, + "target_file_count": 0, + "inspected_file_count": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/rubocop/many_vulns.json b/unittests/scans/rubocop/many_vulns.json new file mode 100644 index 00000000000..408008c7b06 --- /dev/null +++ b/unittests/scans/rubocop/many_vulns.json @@ -0,0 +1 @@ +{"metadata":{"rubocop_version":"1.24.1","ruby_engine":"ruby","ruby_version":"3.0.3","ruby_patchlevel":"157","ruby_platform":"x86_64-linux"},"files":[{"path":"fake_app_unsecure/app/main.rb","offenses":[{"severity":"convention","message":"`File.read` is safer than `IO.read`.","cop_name":"Security/IoMethods","corrected":false,"correctable":true,"location":{"start_line":12,"start_column":1,"last_line":12,"last_column":13,"length":13,"line":12,"column":1}},{"severity":"convention","message":"`File.read` is safer than `IO.read`.","cop_name":"Security/IoMethods","corrected":false,"correctable":true,"location":{"start_line":13,"start_column":1,"last_line":13,"last_column":15,"length":15,"line":13,"column":1}},{"severity":"convention","message":"Prefer `JSON.parse` over `JSON.load`.","cop_name":"Security/JSONLoad","corrected":false,"correctable":true,"location":{"start_line":19,"start_column":6,"last_line":19,"last_column":9,"length":4,"line":19,"column":6}},{"severity":"convention","message":"Prefer using `YAML.safe_load` over `YAML.load`.","cop_name":"Security/YAMLLoad","corrected":false,"correctable":true,"location":{"start_line":22,"start_column":6,"last_line":22,"last_column":9,"length":4,"line":22,"column":6}},{"severity":"convention","message":"The use of `Kernel#open` is a serious security risk.","cop_name":"Security/Open","corrected":false,"correctable":false,"location":{"start_line":25,"start_column":1,"last_line":25,"last_column":4,"length":4,"line":25,"column":1}},{"severity":"convention","message":"The use of `Kernel#open` is a serious security risk.","cop_name":"Security/Open","corrected":false,"correctable":false,"location":{"start_line":26,"start_column":1,"last_line":26,"last_column":4,"length":4,"line":26,"column":1}},{"severity":"convention","message":"The use of `URI.open` is a serious security risk.","cop_name":"Security/Open","corrected":false,"correctable":false,"location":{"start_line":27,"start_column":5,"last_line":27,"last_column":8,"length":4,"line":27,"column":5}}]}],"summary":{"offense_count":7,"target_file_count":1,"inspected_file_count":1}} \ No newline at end of file diff --git a/unittests/scans/rubocop/one_finding.json b/unittests/scans/rubocop/one_finding.json new file mode 100644 index 00000000000..3abeb1443d6 --- /dev/null +++ b/unittests/scans/rubocop/one_finding.json @@ -0,0 +1,5430 @@ +{ + "metadata": { + "rubocop_version": "1.13.0", + "ruby_engine": "ruby", + "ruby_version": "3.0.3", + "ruby_patchlevel": "157", + "ruby_platform": "x86_64-linux" + }, + "files": [ + { + "path": "app/controllers/admin_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 23, + "last_line": 5, + "last_column": 49, + "length": 27, + "line": 5, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 3, + "last_line": 8, + "last_column": 5, + "length": 19, + "line": 7, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Use the return of the conditional for variable assignment and comparison.", + "cop_name": "Style/ConditionalAssignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 5, + "last_line": 15, + "last_column": 7, + "length": 97, + "line": 11, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 12, + "start_column": 16, + "last_line": 12, + "last_column": 18, + "length": 3, + "line": 12, + "column": 16 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 14, + "start_column": 35, + "last_line": 14, + "last_column": 37, + "length": 3, + "line": 14, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Use the return of the conditional for variable assignment and comparison.", + "cop_name": "Style/ConditionalAssignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 17, + "start_column": 5, + "last_line": 21, + "last_column": 7, + "length": 125, + "line": 17, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Do not prefix reader method names with `get_`.", + "cop_name": "Naming/AccessorMethodName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 24, + "start_column": 7, + "last_line": 24, + "last_column": 19, + "length": 13, + "line": 24, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Do not prefix reader method names with `get_`.", + "cop_name": "Naming/AccessorMethodName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 28, + "start_column": 7, + "last_line": 28, + "last_column": 14, + "length": 8, + "line": 28, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use `%w` or `%W` for an array of words.", + "cop_name": "Style/WordArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 11, + "last_line": 30, + "last_column": 27, + "length": 17, + "line": 30, + "column": 11 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 12, + "last_line": 30, + "last_column": 17, + "length": 6, + "line": 30, + "column": 12 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 20, + "last_line": 30, + "last_column": 26, + "length": 7, + "line": 30, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for update_user is too high. [<6, 17, 6> 19/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 34, + "start_column": 3, + "last_line": 46, + "last_column": 5, + "length": 411, + "line": 34, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [11/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 34, + "start_column": 3, + "last_line": 46, + "last_column": 5, + "length": 411, + "line": 34, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 37, + "start_column": 52, + "last_line": 37, + "last_column": 61, + "length": 10, + "line": 37, + "column": 52 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 37, + "start_column": 66, + "last_line": 37, + "last_column": 88, + "length": 23, + "line": 37, + "column": 66 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 7, + "last_line": 39, + "last_column": 44, + "length": 38, + "line": 39, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Don't use parentheses around a method call.", + "cop_name": "Style/RedundantParentheses", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 32, + "last_line": 39, + "last_column": 44, + "length": 13, + "line": 39, + "column": 32 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 51, + "last_line": 44, + "last_column": 59, + "length": 9, + "line": 44, + "column": 51 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 63, + "last_line": 44, + "last_column": 71, + "length": 9, + "line": 44, + "column": 63 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 72, + "last_line": 44, + "last_column": 72, + "length": 1, + "line": 44, + "column": 72 + } + }, + { + "severity": "convention", + "message": "Use `!=` instead of inverting `==`.", + "cop_name": "Style/InverseMethods", + "corrected": false, + "correctable": true, + "location": { + "start_line": 50, + "start_column": 16, + "last_line": 50, + "last_column": 44, + "length": 29, + "line": 50, + "column": 16 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 57, + "start_column": 51, + "last_line": 57, + "last_column": 59, + "length": 9, + "line": 57, + "column": 51 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 57, + "start_column": 63, + "last_line": 57, + "last_column": 71, + "length": 9, + "line": 57, + "column": 63 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 57, + "start_column": 72, + "last_line": 57, + "last_column": 72, + "length": 1, + "line": 57, + "column": 72 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 69, + "start_column": 26, + "last_line": 69, + "last_column": 28, + "length": 3, + "line": 69, + "column": 26 + } + } + ] + }, + { + "path": "app/controllers/api/v1/mobile_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use nested module/class definitions instead of compact style.", + "cop_name": "Style/ClassAndModuleChildren", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 7, + "last_line": 2, + "last_column": 31, + "length": 25, + "line": 2, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless params[:class]`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 9, + "start_column": 5, + "last_line": 9, + "last_column": 6, + "length": 2, + "line": 9, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 28, + "start_column": 33, + "last_line": 28, + "last_column": 35, + "length": 3, + "line": 28, + "column": 33 + } + } + ] + }, + { + "path": "app/controllers/api/v1/users_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use nested module/class definitions instead of compact style.", + "cop_name": "Style/ClassAndModuleChildren", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 7, + "last_line": 2, + "last_column": 30, + "length": 24, + "line": 2, + "column": 7 + } + }, + { + "severity": "warning", + "message": "Unused block argument - `options`. If it's necessary, use `_` or `_options` as an argument name to indicate that it won't be used.", + "cop_name": "Lint/UnusedBlockArgument", + "corrected": false, + "correctable": true, + "location": { + "start_line": 20, + "start_column": 56, + "last_line": 20, + "last_column": 62, + "length": 7, + "line": 20, + "column": 56 + } + }, + { + "severity": "convention", + "message": "Annotation keywords like `TODO` should be all upper case, followed by a colon, and a space, then a note describing the problem.", + "cop_name": "Style/CommentAnnotation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 21, + "start_column": 9, + "last_line": 21, + "last_column": 14, + "length": 6, + "line": 21, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 7, + "last_line": 22, + "last_column": 8, + "length": 2, + "line": 22, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 7, + "last_line": 24, + "last_column": 9, + "length": 63, + "line": 22, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 28, + "start_column": 29, + "last_line": 28, + "last_column": 30, + "length": 2, + "line": 28, + "column": 29 + } + }, + { + "severity": "convention", + "message": "Prefer `Regexp.last_match(1)` over `$1`.", + "cop_name": "Style/PerlBackrefs", + "corrected": false, + "correctable": true, + "location": { + "start_line": 33, + "start_column": 10, + "last_line": 33, + "last_column": 11, + "length": 2, + "line": 33, + "column": 10 + } + }, + { + "severity": "convention", + "message": "Prefer `Regexp.last_match(2)` over `$2`.", + "cop_name": "Style/PerlBackrefs", + "corrected": false, + "correctable": true, + "location": { + "start_line": 34, + "start_column": 12, + "last_line": 34, + "last_column": 13, + "length": 2, + "line": 34, + "column": 12 + } + }, + { + "severity": "warning", + "message": "Use `OpenSSL::Digest.hexdigest('SHA1', \"#{ACCESS_TOKEN_SALT}:#{id}\")` instead of `OpenSSL::Digest::SHA1.hexdigest(\"#{ACCESS_TOKEN_SALT}:#{id}\")`.", + "cop_name": "Lint/DeprecatedOpenSSLConstant", + "corrected": false, + "correctable": true, + "location": { + "start_line": 40, + "start_column": 14, + "last_line": 40, + "last_column": 74, + "length": 61, + "line": 40, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 46, + "start_column": 30, + "last_line": 46, + "last_column": 31, + "length": 2, + "line": 46, + "column": 30 + } + }, + { + "severity": "convention", + "message": "Do not use `::` for method calls.", + "cop_name": "Style/ColonMethodCall", + "corrected": false, + "correctable": true, + "location": { + "start_line": 47, + "start_column": 23, + "last_line": 47, + "last_column": 24, + "length": 2, + "line": 47, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 52, + "start_column": 48, + "last_line": 52, + "last_column": 50, + "length": 3, + "line": 52, + "column": 48 + } + } + ] + }, + { + "path": "app/controllers/application_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing space after `#`.", + "cop_name": "Layout/LeadingCommentSpace", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 3, + "last_line": 9, + "last_column": 40, + "length": 38, + "line": 9, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Wrap multiline memoization blocks in `begin` and `end`.", + "cop_name": "Style/MultilineMemoization", + "corrected": false, + "correctable": true, + "location": { + "start_line": 19, + "start_column": 5, + "last_line": 22, + "last_column": 5, + "length": 133, + "line": 19, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 3) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 26, + "start_column": 3, + "last_line": 26, + "last_column": 5, + "length": 3, + "line": 26, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 27, + "start_column": 6, + "last_line": 27, + "last_column": 56, + "length": 51, + "line": 27, + "column": 6 + } + }, + { + "severity": "convention", + "message": "Rename `is_admin?` to `admin?`.", + "cop_name": "Naming/PredicateName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 30, + "start_column": 7, + "last_line": 30, + "last_column": 15, + "length": 9, + "line": 30, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use safe navigation (`&.`) instead of checking if an object exists before calling the method.", + "cop_name": "Style/SafeNavigation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 31, + "start_column": 5, + "last_line": 31, + "last_column": 38, + "length": 34, + "line": 31, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless !is_admin?`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 35, + "start_column": 5, + "last_line": 35, + "last_column": 6, + "length": 2, + "line": 35, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 35, + "start_column": 5, + "last_line": 35, + "last_column": 6, + "length": 2, + "line": 35, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 35, + "start_column": 5, + "last_line": 37, + "last_column": 6, + "length": 46, + "line": 35, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 1) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 5, + "last_line": 36, + "last_column": 5, + "length": 1, + "line": 36, + "column": 5 + } + }, + { + "severity": "warning", + "message": "`end` at 37, 3 is not aligned with `if` at 35, 4.", + "cop_name": "Layout/EndAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 37, + "start_column": 4, + "last_line": 37, + "last_column": 6, + "length": 3, + "line": 37, + "column": 4 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for has_info is too high. [<3, 15, 8> 17.26/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 40, + "start_column": 3, + "last_line": 52, + "last_column": 5, + "length": 374, + "line": 40, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Cyclomatic complexity for has_info is too high. [9/7]", + "cop_name": "Metrics/CyclomaticComplexity", + "corrected": false, + "correctable": false, + "location": { + "start_line": 40, + "start_column": 3, + "last_line": 52, + "last_column": 5, + "length": 374, + "line": 40, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [11/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 40, + "start_column": 3, + "last_line": 52, + "last_column": 5, + "length": 374, + "line": 40, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Perceived complexity for has_info is too high. [9/8]", + "cop_name": "Metrics/PerceivedComplexity", + "corrected": false, + "correctable": false, + "location": { + "start_line": 40, + "start_column": 3, + "last_line": 52, + "last_column": 5, + "length": 374, + "line": 40, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Rename `has_info` to `info?`.", + "cop_name": "Naming/PredicateName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 40, + "start_column": 7, + "last_line": 40, + "last_column": 14, + "length": 8, + "line": 40, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 0) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 7, + "last_line": 44, + "last_column": 6, + "length": 0, + "line": 44, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 7, + "last_line": 46, + "last_column": 9, + "length": 186, + "line": 44, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Line is too long. [158/120]", + "cop_name": "Layout/LineLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 44, + "start_column": 121, + "last_line": 44, + "last_column": 158, + "length": 38, + "line": 44, + "column": 121 + } + }, + { + "severity": "convention", + "message": "Avoid rescuing without specifying an error class.", + "cop_name": "Style/RescueStandardError", + "corrected": false, + "correctable": true, + "location": { + "start_line": 47, + "start_column": 7, + "last_line": 47, + "last_column": 12, + "length": 6, + "line": 47, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 3) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 48, + "start_column": 7, + "last_line": 48, + "last_column": 9, + "length": 3, + "line": 48, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 55, + "start_column": 113, + "last_line": 55, + "last_column": 113, + "length": 1, + "line": 55, + "column": 113 + } + } + ] + }, + { + "path": "app/controllers/benefit_forms_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 1) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 3, + "last_line": 9, + "last_column": 3, + "length": 1, + "line": 9, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Redundant `begin` block detected.", + "cop_name": "Style/RedundantBegin", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 4, + "last_line": 9, + "last_column": 8, + "length": 5, + "line": 9, + "column": 4 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 12, + "start_column": 35, + "last_line": 12, + "last_column": 46, + "length": 12, + "line": 12, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Avoid rescuing without specifying an error class.", + "cop_name": "Style/RescueStandardError", + "corrected": false, + "correctable": true, + "location": { + "start_line": 13, + "start_column": 4, + "last_line": 13, + "last_column": 9, + "length": 6, + "line": 13, + "column": 4 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 21, + "start_column": 25, + "last_line": 21, + "last_column": 53, + "length": 29, + "line": 21, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 23, + "last_line": 24, + "last_column": 44, + "length": 22, + "line": 24, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body end.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 28, + "start_column": 1, + "last_line": 29, + "last_column": 0, + "length": 1, + "line": 28, + "column": 1 + } + } + ] + }, + { + "path": "app/controllers/dashboard_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless params[:font]`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 10, + "start_column": 5, + "last_line": 10, + "last_column": 6, + "length": 2, + "line": 10, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 5, + "last_line": 10, + "last_column": 6, + "length": 2, + "line": 10, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 16, + "start_column": 5, + "last_line": 16, + "last_column": 28, + "length": 24, + "line": 16, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 26, + "last_line": 18, + "last_column": 36, + "length": 11, + "line": 18, + "column": 26 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 19, + "start_column": 14, + "last_line": 19, + "last_column": 34, + "length": 21, + "line": 19, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 14, + "last_line": 22, + "last_column": 35, + "length": 22, + "line": 22, + "column": 14 + } + } + ] + }, + { + "path": "app/controllers/messages_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 25, + "last_line": 18, + "last_column": 56, + "length": 32, + "line": 18, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 21, + "start_column": 23, + "last_line": 21, + "last_column": 49, + "length": 27, + "line": 21, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [11/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 25, + "start_column": 3, + "last_line": 37, + "last_column": 5, + "length": 393, + "line": 25, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 36, + "last_line": 29, + "last_column": 36, + "length": 1, + "line": 29, + "column": 36 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 42, + "last_line": 29, + "last_column": 50, + "length": 9, + "line": 29, + "column": 42 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 51, + "last_line": 29, + "last_column": 51, + "length": 1, + "line": 29, + "column": 51 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 34, + "start_column": 36, + "last_line": 34, + "last_column": 36, + "length": 1, + "line": 34, + "column": 36 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 34, + "start_column": 42, + "last_line": 34, + "last_column": 50, + "length": 9, + "line": 34, + "column": 42 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 34, + "start_column": 51, + "last_line": 34, + "last_column": 51, + "length": 1, + "line": 34, + "column": 51 + } + } + ] + }, + { + "path": "app/controllers/paid_time_off_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + } + ] + }, + { + "path": "app/controllers/password_resets_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for reset_password is too high. [<4, 25, 7> 26.27/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 5, + "start_column": 3, + "last_line": 17, + "last_column": 5, + "length": 484, + "line": 5, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Avoid using `Marshal.load`.", + "cop_name": "Security/MarshalLoad", + "corrected": false, + "correctable": false, + "location": { + "start_line": 6, + "start_column": 20, + "last_line": 6, + "last_column": 23, + "length": 4, + "line": 6, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 25, + "last_line": 11, + "last_column": 67, + "length": 43, + "line": 11, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Move `redirect_to :login` out of the conditional.", + "cop_name": "Style/IdenticalConditionalBranches", + "corrected": false, + "correctable": false, + "location": { + "start_line": 12, + "start_column": 7, + "last_line": 12, + "last_column": 24, + "length": 18, + "line": 12, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 14, + "start_column": 23, + "last_line": 14, + "last_column": 72, + "length": 50, + "line": 14, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Move `redirect_to :login` out of the conditional.", + "cop_name": "Style/IdenticalConditionalBranches", + "corrected": false, + "correctable": false, + "location": { + "start_line": 15, + "start_column": 7, + "last_line": 15, + "last_column": 24, + "length": 18, + "line": 15, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 21, + "start_column": 25, + "last_line": 21, + "last_column": 87, + "length": 63, + "line": 21, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 14, + "last_line": 22, + "last_column": 45, + "length": 32, + "line": 22, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 23, + "last_line": 24, + "last_column": 71, + "length": 49, + "line": 24, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for send_forgot_password is too high. [<3, 20, 5> 20.83/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 29, + "start_column": 3, + "last_line": 38, + "last_column": 5, + "length": 395, + "line": 29, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Modifier form of `unless` makes the line too long.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 104, + "last_line": 36, + "last_column": 109, + "length": 6, + "line": 36, + "column": 104 + } + }, + { + "severity": "convention", + "message": "Line is too long. [129/120]", + "cop_name": "Layout/LineLength", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 121, + "last_line": 36, + "last_column": 129, + "length": 9, + "line": 36, + "column": 121 + } + }, + { + "severity": "convention", + "message": "Rename `is_valid?` to `valid?`.", + "cop_name": "Naming/PredicateName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 52, + "start_column": 7, + "last_line": 52, + "last_column": 15, + "length": 9, + "line": 52, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless token =~ /(?\\d+)-(?[A-Z0-9]{32})/i`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 53, + "start_column": 5, + "last_line": 53, + "last_column": 6, + "length": 2, + "line": 53, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer `$LAST_MATCH_INFO` from the stdlib 'English' module (don't forget to require it) over `$~`.", + "cop_name": "Style/SpecialGlobalVars", + "corrected": false, + "correctable": true, + "location": { + "start_line": 56, + "start_column": 32, + "last_line": 56, + "last_column": 33, + "length": 2, + "line": 56, + "column": 32 + } + }, + { + "severity": "convention", + "message": "Prefer `$LAST_MATCH_INFO` from the stdlib 'English' module (don't forget to require it) over `$~`.", + "cop_name": "Style/SpecialGlobalVars", + "corrected": false, + "correctable": true, + "location": { + "start_line": 60, + "start_column": 31, + "last_line": 60, + "last_column": 32, + "length": 2, + "line": 60, + "column": 31 + } + } + ] + }, + { + "path": "app/controllers/pay_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 3, + "last_line": 5, + "last_column": 5, + "length": 15, + "line": 4, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [11/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 7, + "start_column": 3, + "last_line": 20, + "last_column": 5, + "length": 356, + "line": 7, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 34, + "last_line": 18, + "last_column": 34, + "length": 1, + "line": 18, + "column": 34 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 1) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 23, + "start_column": 3, + "last_line": 23, + "last_column": 3, + "length": 1, + "line": 23, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 33, + "last_line": 24, + "last_column": 33, + "length": 1, + "line": 24, + "column": 33 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 64, + "last_line": 24, + "last_column": 64, + "length": 1, + "line": 24, + "column": 64 + } + }, + { + "severity": "convention", + "message": "Use `&&` instead of `and`.", + "cop_name": "Style/AndOr", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 21, + "last_line": 30, + "last_column": 23, + "length": 3, + "line": 30, + "column": 21 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 31, + "start_column": 25, + "last_line": 31, + "last_column": 52, + "length": 28, + "line": 31, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 33, + "start_column": 23, + "last_line": 33, + "last_column": 67, + "length": 45, + "line": 33, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 41, + "start_column": 34, + "last_line": 41, + "last_column": 34, + "length": 1, + "line": 41, + "column": 34 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 41, + "start_column": 61, + "last_line": 41, + "last_column": 69, + "length": 9, + "line": 41, + "column": 61 + } + } + ] + }, + { + "path": "app/controllers/performance_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + } + ] + }, + { + "path": "app/controllers/retirement_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + } + ] + }, + { + "path": "app/controllers/schedule_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for create is too high. [<8, 18, 4> 20.1/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 4, + "start_column": 3, + "last_line": 20, + "last_column": 5, + "length": 465, + "line": 4, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [13/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 4, + "start_column": 3, + "last_line": 20, + "last_column": 5, + "length": 465, + "line": 4, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 7, + "last_line": 15, + "last_column": 9, + "length": 310, + "line": 7, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 44, + "last_line": 7, + "last_column": 48, + "length": 5, + "line": 7, + "column": 44 + } + }, + { + "severity": "warning", + "message": "Useless assignment to variable - `a`.", + "cop_name": "Lint/UselessAssignment", + "corrected": false, + "correctable": false, + "location": { + "start_line": 11, + "start_column": 9, + "last_line": 11, + "last_column": 9, + "length": 1, + "line": 11, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 12, + "start_column": 9, + "last_line": 12, + "last_column": 10, + "length": 2, + "line": 12, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 34, + "last_line": 18, + "last_column": 34, + "length": 1, + "line": 18, + "column": 34 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 50, + "last_line": 18, + "last_column": 58, + "length": 9, + "line": 18, + "column": 50 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 18, + "start_column": 62, + "last_line": 18, + "last_column": 70, + "length": 9, + "line": 18, + "column": 62 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for get_pto_schedule is too high. [<9, 18, 2> 20.22/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 22, + "start_column": 3, + "last_line": 39, + "last_column": 5, + "length": 442, + "line": 22, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [16/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 22, + "start_column": 3, + "last_line": 39, + "last_column": 5, + "length": 442, + "line": 22, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Do not prefix reader method names with `get_`.", + "cop_name": "Naming/AccessorMethodName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 22, + "start_column": 7, + "last_line": 22, + "last_column": 22, + "length": 16, + "line": 22, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 3) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 5, + "last_line": 24, + "last_column": 7, + "length": 3, + "line": 24, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 3) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 27, + "start_column": 8, + "last_line": 27, + "last_column": 10, + "length": 3, + "line": 27, + "column": 8 + } + }, + { + "severity": "convention", + "message": "Use hash literal `{}` instead of `Hash.new`.", + "cop_name": "Style/EmptyLiteral", + "corrected": false, + "correctable": true, + "location": { + "start_line": 27, + "start_column": 18, + "last_line": 27, + "last_column": 25, + "length": 8, + "line": 27, + "column": 18 + } + }, + { + "severity": "warning", + "message": "Do not suppress exceptions.", + "cop_name": "Lint/SuppressedException", + "corrected": false, + "correctable": false, + "location": { + "start_line": 34, + "start_column": 5, + "last_line": 34, + "last_column": 10, + "length": 6, + "line": 34, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Avoid rescuing without specifying an error class.", + "cop_name": "Style/RescueStandardError", + "corrected": false, + "correctable": true, + "location": { + "start_line": 34, + "start_column": 5, + "last_line": 34, + "last_column": 10, + "length": 6, + "line": 34, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 3) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 37, + "start_column": 5, + "last_line": 37, + "last_column": 7, + "length": 3, + "line": 37, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [11/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 45, + "start_column": 3, + "last_line": 57, + "last_column": 5, + "length": 285, + "line": 45, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 1) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 46, + "start_column": 3, + "last_line": 46, + "last_column": 3, + "length": 1, + "line": 46, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Add empty line after guard clause.", + "cop_name": "Layout/EmptyLineAfterGuardClause", + "corrected": false, + "correctable": true, + "location": { + "start_line": 48, + "start_column": 6, + "last_line": 48, + "last_column": 37, + "length": 32, + "line": 48, + "column": 6 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 49, + "start_column": 23, + "last_line": 49, + "last_column": 25, + "length": 3, + "line": 49, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 50, + "start_column": 38, + "last_line": 50, + "last_column": 47, + "length": 10, + "line": 50, + "column": 38 + } + }, + { + "severity": "convention", + "message": "Surrounding space missing for operator `<<`.", + "cop_name": "Layout/SpaceAroundOperators", + "corrected": false, + "correctable": true, + "location": { + "start_line": 51, + "start_column": 13, + "last_line": 51, + "last_column": 14, + "length": 2, + "line": 51, + "column": 13 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 56, + "start_column": 6, + "last_line": 56, + "last_column": 16, + "length": 11, + "line": 56, + "column": 6 + } + }, + { + "severity": "convention", + "message": "Redundant `return` detected.", + "cop_name": "Style/RedundantReturn", + "corrected": false, + "correctable": true, + "location": { + "start_line": 56, + "start_column": 6, + "last_line": 56, + "last_column": 11, + "length": 6, + "line": 56, + "column": 6 + } + }, + { + "severity": "warning", + "message": "Useless `private` access modifier.", + "cop_name": "Lint/UselessAccessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 59, + "start_column": 3, + "last_line": 59, + "last_column": 9, + "length": 7, + "line": 59, + "column": 3 + } + } + ] + }, + { + "path": "app/controllers/sessions_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 44, + "last_line": 4, + "last_column": 58, + "length": 15, + "line": 4, + "column": 44 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for create is too high. [<6, 28, 6> 29.26/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 11, + "start_column": 3, + "last_line": 31, + "last_column": 5, + "length": 553, + "line": 11, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [16/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 11, + "start_column": 3, + "last_line": 31, + "last_column": 5, + "length": 553, + "line": 11, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 14, + "last_line": 29, + "last_column": 27, + "length": 14, + "line": 29, + "column": 14 + } + } + ] + }, + { + "path": "app/controllers/tutorials_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/controllers/users_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 44, + "last_line": 4, + "last_column": 58, + "length": 15, + "line": 4, + "column": 44 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for update is too high. [<6, 36, 7> 37.16/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 26, + "start_column": 3, + "last_line": 45, + "last_column": 5, + "length": 701, + "line": 26, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [16/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 26, + "start_column": 3, + "last_line": 45, + "last_column": 5, + "length": 701, + "line": 26, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 36, + "last_line": 39, + "last_column": 36, + "length": 1, + "line": 39, + "column": 36 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 52, + "last_line": 39, + "last_column": 60, + "length": 9, + "line": 39, + "column": 52 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 64, + "last_line": 39, + "last_column": 71, + "length": 8, + "line": 39, + "column": 64 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 39, + "start_column": 72, + "last_line": 39, + "last_column": 72, + "length": 1, + "line": 39, + "column": 72 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 42, + "start_column": 23, + "last_line": 42, + "last_column": 46, + "length": 24, + "line": 42, + "column": 23 + } + } + ] + }, + { + "path": "app/controllers/work_info_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless !(@user) || @user.admin`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 5, + "start_column": 5, + "last_line": 5, + "last_column": 6, + "length": 2, + "line": 5, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Don't use parentheses around a variable.", + "cop_name": "Style/RedundantParentheses", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 9, + "last_line": 5, + "last_column": 15, + "length": 7, + "line": 5, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 23, + "last_line": 6, + "last_column": 63, + "length": 41, + "line": 6, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body end.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 1, + "last_line": 11, + "last_column": 0, + "length": 1, + "line": 10, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/admin_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/api/v1/users_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use nested module/class definitions instead of compact style.", + "cop_name": "Style/ClassAndModuleChildren", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 8, + "last_line": 2, + "last_column": 27, + "length": 20, + "line": 2, + "column": 8 + } + } + ] + }, + { + "path": "app/helpers/application_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/benefit_forms_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/dashboard_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/messages_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/paid_time_off_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/password_resets_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/pay_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/performance_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/retirement_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/schedule_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/sessions_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/tutorials_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/users_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/helpers/work_info_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 6, + "length": 6, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/mailers/user_mailer.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 17, + "last_line": 3, + "last_column": 39, + "length": 23, + "line": 3, + "column": 17 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 32, + "last_line": 7, + "last_column": 48, + "length": 17, + "line": 7, + "column": 32 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 59, + "last_line": 7, + "last_column": 74, + "length": 16, + "line": 7, + "column": 59 + } + }, + { + "severity": "convention", + "message": "Prefer `to_s` over string interpolation.", + "cop_name": "Style/RedundantInterpolation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 14, + "last_line": 9, + "last_column": 23, + "length": 10, + "line": 9, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 35, + "last_line": 9, + "last_column": 64, + "length": 30, + "line": 9, + "column": 35 + } + } + ] + }, + { + "path": "app/models/analytics.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 35, + "last_line": 3, + "last_column": 37, + "length": 3, + "line": 3, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Prefer `to_s` over string interpolation.", + "cop_name": "Style/RedundantInterpolation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 49, + "last_line": 3, + "last_column": 56, + "length": 8, + "line": 3, + "column": 49 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 87, + "last_line": 3, + "last_column": 95, + "length": 9, + "line": 3, + "column": 87 + } + }, + { + "severity": "convention", + "message": "Use `%w` or `%W` for an array of words.", + "cop_name": "Style/WordArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 20, + "last_line": 10, + "last_column": 59, + "length": 40, + "line": 10, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 21, + "last_line": 10, + "last_column": 32, + "length": 12, + "line": 10, + "column": 21 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 35, + "last_line": 10, + "last_column": 44, + "length": 10, + "line": 10, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 47, + "last_line": 10, + "last_column": 58, + "length": 12, + "line": 10, + "column": 47 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 7, + "last_line": 15, + "last_column": 9, + "length": 3, + "line": 15, + "column": 7 + } + } + ] + }, + { + "path": "app/models/application_record.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/models/benefits.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 1, + "last_line": 4, + "last_column": 0, + "length": 1, + "line": 3, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use keyword arguments when defining method with boolean argument.", + "cop_name": "Style/OptionalBooleanParameter", + "corrected": false, + "correctable": false, + "location": { + "start_line": 4, + "start_column": 23, + "last_line": 4, + "last_column": 36, + "length": 14, + "line": 4, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 33, + "last_line": 5, + "last_column": 40, + "length": 8, + "line": 5, + "column": 33 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 43, + "last_line": 5, + "last_column": 48, + "length": 6, + "line": 5, + "column": 43 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 35, + "last_line": 7, + "last_column": 39, + "length": 5, + "line": 7, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 63, + "last_line": 10, + "last_column": 68, + "length": 6, + "line": 10, + "column": 63 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless File.exist?(full_file_name)`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 14, + "start_column": 5, + "last_line": 14, + "last_column": 6, + "length": 2, + "line": 14, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use `$stderr` instead of `STDERR`.", + "cop_name": "Style/GlobalStdStream", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 23, + "last_line": 15, + "last_column": 28, + "length": 6, + "line": 15, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Line is too long. [128/120]", + "cop_name": "Layout/LineLength", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 121, + "last_line": 15, + "last_column": 128, + "length": 8, + "line": 15, + "column": 121 + } + }, + { + "severity": "convention", + "message": "Pass `&:dup` as an argument to `collect` instead of a block.", + "cop_name": "Style/SymbolProc", + "corrected": false, + "correctable": true, + "location": { + "start_line": 20, + "start_column": 31, + "last_line": 20, + "last_column": 53, + "length": 23, + "line": 20, + "column": 31 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 48, + "last_line": 22, + "last_column": 53, + "length": 6, + "line": 22, + "column": 48 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 57, + "last_line": 22, + "last_column": 67, + "length": 11, + "line": 22, + "column": 57 + } + } + ] + }, + { + "path": "app/models/key_management.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/models/message.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "warning", + "message": "Use `==` if you meant to do a comparison or wrap the expression in parentheses to indicate you meant to assign in a condition.", + "cop_name": "Lint/AssignmentInCondition", + "corrected": false, + "correctable": false, + "location": { + "start_line": 7, + "start_column": 16, + "last_line": 7, + "last_column": 16, + "length": 1, + "line": 7, + "column": 16 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 33, + "last_line": 7, + "last_column": 47, + "length": 15, + "line": 7, + "column": 33 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 7, + "last_line": 10, + "last_column": 24, + "length": 18, + "line": 10, + "column": 7 + } + } + ] + }, + { + "path": "app/models/paid_time_off.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 5, + "last_line": 7, + "last_column": 25, + "length": 21, + "line": 7, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 29, + "last_line": 7, + "last_column": 48, + "length": 20, + "line": 7, + "column": 29 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 5, + "last_line": 11, + "last_column": 19, + "length": 15, + "line": 11, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 23, + "last_line": 11, + "last_column": 36, + "length": 14, + "line": 11, + "column": 23 + } + }, + { + "severity": "warning", + "message": "Useless assignment to variable - `result`.", + "cop_name": "Lint/UselessAssignment", + "corrected": false, + "correctable": false, + "location": { + "start_line": 15, + "start_column": 5, + "last_line": 15, + "last_column": 10, + "length": 6, + "line": 15, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer using `.to_f` on one side only.", + "cop_name": "Style/FloatDivision", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 14, + "last_line": 15, + "last_column": 68, + "length": 55, + "line": 15, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 14, + "last_line": 15, + "last_column": 33, + "length": 20, + "line": 15, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Operator `/` should be surrounded by a single space.", + "cop_name": "Layout/SpaceAroundOperators", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 40, + "last_line": 15, + "last_column": 40, + "length": 1, + "line": 15, + "column": 40 + } + }, + { + "severity": "convention", + "message": "Unnecessary spacing detected.", + "cop_name": "Layout/ExtraSpacing", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 41, + "last_line": 15, + "last_column": 41, + "length": 1, + "line": 15, + "column": 41 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 43, + "last_line": 15, + "last_column": 63, + "length": 21, + "line": 15, + "column": 43 + } + } + ] + }, + { + "path": "app/models/pay.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 17, + "last_line": 15, + "last_column": 80, + "length": 64, + "line": 15, + "column": 17 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 19, + "start_column": 64, + "last_line": 19, + "last_column": 84, + "length": 21, + "line": 19, + "column": 64 + } + } + ] + }, + { + "path": "app/models/performance.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 1) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 3, + "last_line": 6, + "last_column": 3, + "length": 1, + "line": 6, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 24, + "last_line": 6, + "last_column": 36, + "length": 13, + "line": 6, + "column": 24 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 33, + "last_line": 7, + "last_column": 42, + "length": 10, + "line": 7, + "column": 33 + } + } + ] + }, + { + "path": "app/models/retirement.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/models/schedule.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + } + ] + }, + { + "path": "app/models/user.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 9, + "last_line": 2, + "last_column": 20, + "length": 12, + "line": 2, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 4, + "start_column": 1, + "last_line": 4, + "last_column": 5, + "length": 5, + "line": 4, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Space inside { missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 32, + "last_line": 7, + "last_column": 32, + "length": 1, + "line": 7, + "column": 32 + } + }, + { + "severity": "convention", + "message": "Space inside } missing.", + "cop_name": "Layout/SpaceInsideHashLiteralBraces", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 46, + "last_line": 7, + "last_column": 46, + "length": 1, + "line": 7, + "column": 46 + } + }, + { + "severity": "convention", + "message": "Missing space after `#`.", + "cop_name": "Layout/LeadingCommentSpace", + "corrected": false, + "correctable": true, + "location": { + "start_line": 31, + "start_column": 5, + "last_line": 31, + "last_column": 64, + "length": 60, + "line": 31, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 8, + "last_line": 36, + "last_column": 22, + "length": 15, + "line": 36, + "column": 8 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 27, + "last_line": 36, + "last_column": 40, + "length": 14, + "line": 36, + "column": 27 + } + }, + { + "severity": "warning", + "message": "`private` (on line 39) does not make singleton methods private. Use `private_class_method` or `private` inside a `class << self` block instead.", + "cop_name": "Lint/IneffectiveAccessModifier", + "corrected": false, + "correctable": false, + "location": { + "start_line": 41, + "start_column": 3, + "last_line": 41, + "last_column": 5, + "length": 3, + "line": 41, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Add empty line after guard clause.", + "cop_name": "Layout/EmptyLineAfterGuardClause", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 5, + "last_line": 44, + "last_column": 46, + "length": 42, + "line": 44, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Favor `unless` over `if` for negative conditions.", + "cop_name": "Style/NegatedIf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 5, + "last_line": 44, + "last_column": 46, + "length": 42, + "line": 44, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Don't use parentheses around a variable.", + "cop_name": "Style/RedundantParentheses", + "corrected": false, + "correctable": true, + "location": { + "start_line": 44, + "start_column": 41, + "last_line": 44, + "last_column": 46, + "length": 6, + "line": 44, + "column": 41 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`raise \"Incorrect Password!\" unless user.password == Digest::MD5.hexdigest(password)`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 45, + "start_column": 5, + "last_line": 45, + "last_column": 6, + "length": 2, + "line": 45, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 48, + "start_column": 13, + "last_line": 48, + "last_column": 33, + "length": 21, + "line": 48, + "column": 13 + } + }, + { + "severity": "convention", + "message": "Redundant `return` detected.", + "cop_name": "Style/RedundantReturn", + "corrected": false, + "correctable": true, + "location": { + "start_line": 50, + "start_column": 5, + "last_line": 50, + "last_column": 10, + "length": 6, + "line": 50, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless will_save_change_to_password?`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 54, + "start_column": 5, + "last_line": 54, + "last_column": 6, + "length": 2, + "line": 54, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Favor modifier `if` usage when having a single-line body. Another good alternative is the usage of control flow `&&`/`||`.", + "cop_name": "Style/IfUnlessModifier", + "corrected": false, + "correctable": true, + "location": { + "start_line": 54, + "start_column": 5, + "last_line": 54, + "last_column": 6, + "length": 2, + "line": 54, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 55, + "start_column": 45, + "last_line": 55, + "last_column": 57, + "length": 13, + "line": 55, + "column": 45 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 61, + "start_column": 57, + "last_line": 61, + "last_column": 63, + "length": 7, + "line": 61, + "column": 57 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 65, + "start_column": 5, + "last_line": 65, + "last_column": 14, + "length": 10, + "line": 65, + "column": 5 + } + } + ] + }, + { + "path": "app/models/work_info.rb", + "offenses": [ + { + "severity": "convention", + "message": "Add an empty line after magic comments.", + "cop_name": "Layout/EmptyLineAfterMagicComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 1, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 2, + "last_column": 5, + "length": 5, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing space after `#`.", + "cop_name": "Layout/LeadingCommentSpace", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 3, + "last_line": 5, + "last_column": 27, + "length": 25, + "line": 5, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 5, + "last_line": 9, + "last_column": 13, + "length": 9, + "line": 9, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 18, + "last_line": 9, + "last_column": 33, + "length": 16, + "line": 9, + "column": 18 + } + }, + { + "severity": "convention", + "message": "Prefer `!iv.nil?` over `iv != nil`.", + "cop_name": "Style/NonNilCheck", + "corrected": false, + "correctable": true, + "location": { + "start_line": 16, + "start_column": 20, + "last_line": 16, + "last_column": 28, + "length": 9, + "line": 16, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Prefer `!iv.nil?` over `iv != nil`.", + "cop_name": "Style/NonNilCheck", + "corrected": false, + "correctable": true, + "location": { + "start_line": 25, + "start_column": 20, + "last_line": 25, + "last_column": 28, + "length": 9, + "line": 25, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 26, + "start_column": 16, + "last_line": 26, + "last_column": 33, + "length": 18, + "line": 26, + "column": 16 + } + }, + { + "severity": "convention", + "message": "Add empty line after guard clause.", + "cop_name": "Layout/EmptyLineAfterGuardClause", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 5, + "last_line": 30, + "last_column": 43, + "length": 39, + "line": 30, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 11, + "last_line": 30, + "last_column": 23, + "length": 13, + "line": 30, + "column": 11 + } + }, + { + "severity": "convention", + "message": "Add empty line after guard clause.", + "cop_name": "Layout/EmptyLineAfterGuardClause", + "corrected": false, + "correctable": true, + "location": { + "start_line": 35, + "start_column": 5, + "last_line": 35, + "last_column": 76, + "length": 72, + "line": 35, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 35, + "start_column": 11, + "last_line": 35, + "last_column": 31, + "length": 21, + "line": 35, + "column": 11 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 35, + "start_column": 40, + "last_line": 35, + "last_column": 58, + "length": 19, + "line": 35, + "column": 40 + } + }, + { + "severity": "convention", + "message": "Redundant `self` detected.", + "cop_name": "Style/RedundantSelf", + "corrected": false, + "correctable": true, + "location": { + "start_line": 36, + "start_column": 5, + "last_line": 36, + "last_column": 23, + "length": 19, + "line": 36, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 40, + "start_column": 5, + "last_line": 40, + "last_column": 17, + "length": 13, + "line": 40, + "column": 5 + } + } + ] + } + ], + "summary": { + "offense_count": 324, + "target_file_count": 46, + "inspected_file_count": 46 + } +} \ No newline at end of file diff --git a/unittests/scans/rubocop/zero_vulns.json b/unittests/scans/rubocop/zero_vulns.json new file mode 100644 index 00000000000..7681a0d5cd7 --- /dev/null +++ b/unittests/scans/rubocop/zero_vulns.json @@ -0,0 +1,2461 @@ +{ + "metadata": { + "rubocop_version": "1.13.0", + "ruby_engine": "ruby", + "ruby_version": "3.0.3", + "ruby_patchlevel": "157", + "ruby_platform": "x86_64-linux" + }, + "files": [ + { + "path": "sample_rails_app-master/app/channels/application_cable/channel.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/channels/application_cable/connection.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/account_activations_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for edit is too high. [<3, 17, 4> 17.72/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 3, + "start_column": 3, + "last_line": 14, + "last_column": 5, + "length": 341, + "line": 3, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 8, + "start_column": 25, + "last_line": 8, + "last_column": 44, + "length": 20, + "line": 8, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 24, + "last_line": 11, + "last_column": 48, + "length": 25, + "line": 11, + "column": 24 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/application_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 1, + "last_line": 7, + "last_column": 4, + "length": 4, + "line": 7, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 5, + "last_line": 13, + "last_column": 7, + "length": 155, + "line": 7, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return if logged_in?`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 8, + "start_column": 7, + "last_line": 8, + "last_column": 12, + "length": 6, + "line": 8, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 26, + "last_line": 10, + "last_column": 41, + "length": 16, + "line": 10, + "column": 26 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/microposts_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 40, + "last_line": 2, + "last_column": 58, + "length": 19, + "line": 2, + "column": 40 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for create is too high. [<3, 20, 2> 20.32/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 5, + "start_column": 3, + "last_line": 15, + "last_column": 5, + "length": 350, + "line": 5, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 25, + "last_line": 9, + "last_column": 44, + "length": 20, + "line": 9, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 19, + "start_column": 23, + "last_line": 19, + "last_column": 41, + "length": 19, + "line": 19, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 25, + "start_column": 1, + "last_line": 25, + "last_column": 4, + "length": 4, + "line": 25, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 25, + "start_column": 5, + "last_line": 27, + "last_column": 7, + "length": 86, + "line": 25, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 1, + "last_line": 29, + "last_column": 4, + "length": 4, + "line": 29, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 29, + "start_column": 5, + "last_line": 32, + "last_column": 7, + "length": 138, + "line": 29, + "column": 5 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/password_resets_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 42, + "last_line": 2, + "last_column": 57, + "length": 16, + "line": 2, + "column": 42 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 42, + "last_line": 3, + "last_column": 57, + "length": 16, + "line": 3, + "column": 42 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 42, + "last_line": 4, + "last_column": 57, + "length": 16, + "line": 4, + "column": 42 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 3, + "last_line": 7, + "last_column": 5, + "length": 13, + "line": 6, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 14, + "start_column": 22, + "last_line": 14, + "last_column": 66, + "length": 45, + "line": 14, + "column": 22 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 17, + "start_column": 28, + "last_line": 17, + "last_column": 52, + "length": 25, + "line": 17, + "column": 28 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 22, + "start_column": 3, + "last_line": 23, + "last_column": 5, + "length": 14, + "line": 22, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 31, + "start_column": 25, + "last_line": 31, + "last_column": 50, + "length": 26, + "line": 31, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 40, + "start_column": 1, + "last_line": 40, + "last_column": 4, + "length": 4, + "line": 40, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 40, + "start_column": 5, + "last_line": 42, + "last_column": 7, + "length": 93, + "line": 40, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 46, + "start_column": 1, + "last_line": 46, + "last_column": 4, + "length": 4, + "line": 46, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 46, + "start_column": 5, + "last_line": 48, + "last_column": 7, + "length": 70, + "line": 46, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Do not prefix reader method names with `get_`.", + "cop_name": "Naming/AccessorMethodName", + "corrected": false, + "correctable": false, + "location": { + "start_line": 46, + "start_column": 9, + "last_line": 46, + "last_column": 16, + "length": 8, + "line": 46, + "column": 9 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 51, + "start_column": 1, + "last_line": 51, + "last_column": 4, + "length": 4, + "line": 51, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 51, + "start_column": 5, + "last_line": 56, + "last_column": 7, + "length": 161, + "line": 51, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Don't use parentheses around the condition of an `unless`.", + "cop_name": "Style/ParenthesesAroundCondition", + "corrected": false, + "correctable": true, + "location": { + "start_line": 52, + "start_column": 14, + "last_line": 53, + "last_column": 56, + "length": 86, + "line": 52, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Use safe navigation (`&.`) instead of checking if an object exists before calling the method.", + "cop_name": "Style/SafeNavigation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 52, + "start_column": 15, + "last_line": 52, + "last_column": 39, + "length": 25, + "line": 52, + "column": 15 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 59, + "start_column": 1, + "last_line": 59, + "last_column": 4, + "length": 4, + "line": 59, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 59, + "start_column": 5, + "last_line": 64, + "last_column": 7, + "length": 175, + "line": 59, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless @user.password_reset_expired?`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 60, + "start_column": 7, + "last_line": 60, + "last_column": 8, + "length": 2, + "line": 60, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 61, + "start_column": 26, + "last_line": 61, + "last_column": 54, + "length": 29, + "line": 61, + "column": 26 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/relationships_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/sessions_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 3, + "last_line": 4, + "last_column": 5, + "length": 13, + "line": 3, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Assignment Branch Condition size for create is too high. [<5, 25, 7> 26.44/17]", + "cop_name": "Metrics/AbcSize", + "corrected": false, + "correctable": false, + "location": { + "start_line": 6, + "start_column": 3, + "last_line": 23, + "last_column": 5, + "length": 589, + "line": 6, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Method has too many lines. [16/10]", + "cop_name": "Metrics/MethodLength", + "corrected": false, + "correctable": false, + "location": { + "start_line": 6, + "start_column": 3, + "last_line": 23, + "last_column": 5, + "length": 589, + "line": 6, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Use safe navigation (`&.`) instead of checking if an object exists before calling the method.", + "cop_name": "Style/SafeNavigation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 8, + "start_column": 8, + "last_line": 8, + "last_column": 61, + "length": 54, + "line": 8, + "column": 8 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 14, + "start_column": 20, + "last_line": 14, + "last_column": 44, + "length": 25, + "line": 14, + "column": 20 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 20, + "last_line": 15, + "last_column": 62, + "length": 43, + "line": 15, + "column": 20 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/static_pages_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use a guard clause (`return unless logged_in?`) instead of wrapping the code inside a conditional expression.", + "cop_name": "Style/GuardClause", + "corrected": false, + "correctable": false, + "location": { + "start_line": 4, + "start_column": 5, + "last_line": 4, + "last_column": 6, + "length": 2, + "line": 4, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Trailing whitespace detected.", + "cop_name": "Layout/TrailingWhitespace", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 1, + "last_line": 9, + "last_column": 2, + "length": 2, + "line": 9, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 3, + "last_line": 11, + "last_column": 5, + "length": 14, + "line": 10, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 13, + "start_column": 3, + "last_line": 14, + "last_column": 5, + "length": 15, + "line": 13, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Put empty method definitions on a single line.", + "cop_name": "Style/EmptyMethod", + "corrected": false, + "correctable": true, + "location": { + "start_line": 16, + "start_column": 3, + "last_line": 17, + "last_column": 5, + "length": 17, + "line": 16, + "column": 3 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/controllers/users_controller.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 40, + "last_line": 3, + "last_column": 63, + "length": 98, + "line": 2, + "column": 40 + } + }, + { + "severity": "convention", + "message": "Use `%i` or `%I` for an array of symbols.", + "cop_name": "Style/SymbolArray", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 40, + "last_line": 4, + "last_column": 55, + "length": 16, + "line": 4, + "column": 40 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 22, + "last_line": 24, + "last_column": 72, + "length": 51, + "line": 24, + "column": 22 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 38, + "start_column": 25, + "last_line": 38, + "last_column": 41, + "length": 17, + "line": 38, + "column": 25 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 47, + "start_column": 23, + "last_line": 47, + "last_column": 36, + "length": 14, + "line": 47, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 52, + "start_column": 14, + "last_line": 52, + "last_column": 24, + "length": 11, + "line": 52, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 59, + "start_column": 14, + "last_line": 59, + "last_column": 24, + "length": 11, + "line": 59, + "column": 14 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 67, + "start_column": 1, + "last_line": 67, + "last_column": 4, + "length": 4, + "line": 67, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 67, + "start_column": 5, + "last_line": 70, + "last_column": 7, + "length": 143, + "line": 67, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 75, + "start_column": 1, + "last_line": 75, + "last_column": 4, + "length": 4, + "line": 75, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 75, + "start_column": 5, + "last_line": 78, + "last_column": 7, + "length": 117, + "line": 75, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 81, + "start_column": 1, + "last_line": 81, + "last_column": 4, + "length": 4, + "line": 81, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 81, + "start_column": 5, + "last_line": 83, + "last_column": 7, + "length": 77, + "line": 81, + "column": 5 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/account_activations_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/application_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at module body beginning.", + "cop_name": "Layout/EmptyLinesAroundModuleBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 18, + "last_line": 5, + "last_column": 52, + "length": 35, + "line": 5, + "column": 18 + } + }, + { + "severity": "convention", + "message": "Prefer string interpolation to string concatenation.", + "cop_name": "Style/StringConcatenation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 7, + "last_line": 9, + "last_column": 37, + "length": 31, + "line": 9, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 9, + "start_column": 20, + "last_line": 9, + "last_column": 24, + "length": 5, + "line": 9, + "column": 20 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/microposts_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/password_resets_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/relationships_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/sessions_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at module body beginning.", + "cop_name": "Layout/EmptyLinesAroundModuleBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Use safe navigation (`&.`) instead of checking if an object exists before calling the method.", + "cop_name": "Style/SafeNavigation", + "corrected": false, + "correctable": true, + "location": { + "start_line": 21, + "start_column": 10, + "last_line": 21, + "last_column": 73, + "length": 64, + "line": 21, + "column": 10 + } + }, + { + "severity": "convention", + "message": "Trailing whitespace detected.", + "cop_name": "Layout/TrailingWhitespace", + "corrected": false, + "correctable": true, + "location": { + "start_line": 27, + "start_column": 1, + "last_line": 27, + "last_column": 2, + "length": 2, + "line": 27, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/static_pages_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/helpers/users_helper.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level module documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 6, + "length": 6, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at module body beginning.", + "cop_name": "Layout/EmptyLinesAroundModuleBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Do not use `::` for method calls.", + "cop_name": "Style/ColonMethodCall", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 31, + "last_line": 6, + "last_column": 32, + "length": 2, + "line": 6, + "column": 31 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 8, + "start_column": 52, + "last_line": 8, + "last_column": 61, + "length": 10, + "line": 8, + "column": 52 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/jobs/application_job.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/mailers/application_mailer.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 17, + "last_line": 2, + "last_column": 37, + "length": 21, + "line": 2, + "column": 17 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/mailers/user_mailer.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Extra empty line detected at class body beginning.", + "cop_name": "Layout/EmptyLinesAroundClassBody", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 1, + "last_line": 3, + "last_column": 0, + "length": 1, + "line": 2, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 35, + "last_line": 5, + "last_column": 54, + "length": 20, + "line": 5, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 35, + "last_line": 10, + "last_column": 50, + "length": 16, + "line": 10, + "column": 35 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/models/application_record.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/models/micropost.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 8, + "start_column": 48, + "last_line": 8, + "last_column": 77, + "length": 30, + "line": 8, + "column": 48 + } + }, + { + "severity": "convention", + "message": "Align the keys of a hash literal if they span more than one line.", + "cop_name": "Layout/HashAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 31, + "last_line": 10, + "last_column": 66, + "length": 36, + "line": 10, + "column": 31 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 10, + "start_column": 42, + "last_line": 10, + "last_column": 66, + "length": 25, + "line": 10, + "column": 42 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/models/relationship.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 2, + "start_column": 37, + "last_line": 2, + "last_column": 42, + "length": 6, + "line": 2, + "column": 37 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 37, + "last_line": 3, + "last_column": 42, + "length": 6, + "line": 3, + "column": 37 + } + } + ] + }, + { + "path": "sample_rails_app-master/app/models/user.rb", + "offenses": [ + { + "severity": "convention", + "message": "Missing top-level class documentation comment.", + "cop_name": "Style/Documentation", + "corrected": false, + "correctable": false, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 5, + "length": 5, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Missing frozen string literal comment.", + "cop_name": "Style/FrozenStringLiteralComment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 1, + "start_column": 1, + "last_line": 1, + "last_column": 1, + "length": 1, + "line": 1, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Align the keys of a hash literal if they span more than one line.", + "cop_name": "Layout/HashAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 35, + "last_line": 3, + "last_column": 61, + "length": 27, + "line": 3, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 3, + "start_column": 48, + "last_line": 3, + "last_column": 61, + "length": 14, + "line": 3, + "column": 48 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 4, + "start_column": 48, + "last_line": 4, + "last_column": 60, + "length": 13, + "line": 4, + "column": 48 + } + }, + { + "severity": "convention", + "message": "Align the keys of a hash literal if they span more than one line.", + "cop_name": "Layout/HashAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 5, + "start_column": 35, + "last_line": 5, + "last_column": 55, + "length": 21, + "line": 5, + "column": 35 + } + }, + { + "severity": "convention", + "message": "Align the keys of a hash literal if they span more than one line.", + "cop_name": "Layout/HashAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 36, + "last_line": 6, + "last_column": 62, + "length": 27, + "line": 6, + "column": 36 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 6, + "start_column": 49, + "last_line": 6, + "last_column": 62, + "length": 14, + "line": 6, + "column": 49 + } + }, + { + "severity": "convention", + "message": "Prefer single-quoted strings when you don't need string interpolation or special symbols.", + "cop_name": "Style/StringLiterals", + "corrected": false, + "correctable": true, + "location": { + "start_line": 7, + "start_column": 49, + "last_line": 7, + "last_column": 61, + "length": 13, + "line": 7, + "column": 49 + } + }, + { + "severity": "convention", + "message": "Align the keys of a hash literal if they span more than one line.", + "cop_name": "Layout/HashAlignment", + "corrected": false, + "correctable": true, + "location": { + "start_line": 8, + "start_column": 36, + "last_line": 8, + "last_column": 56, + "length": 21, + "line": 8, + "column": 36 + } + }, + { + "severity": "convention", + "message": "Add an empty line after attribute accessor.", + "cop_name": "Layout/EmptyLinesAroundAttributeAccessor", + "corrected": false, + "correctable": true, + "location": { + "start_line": 11, + "start_column": 3, + "last_line": 11, + "last_column": 64, + "length": 62, + "line": 11, + "column": 3 + } + }, + { + "severity": "convention", + "message": "Freeze mutable objects assigned to constants.", + "cop_name": "Style/MutableConstant", + "corrected": false, + "correctable": true, + "location": { + "start_line": 15, + "start_column": 23, + "last_line": 15, + "last_column": 58, + "length": 36, + "line": 15, + "column": 23 + } + }, + { + "severity": "convention", + "message": "Use `self.digest` instead of `User.digest`.", + "cop_name": "Style/ClassMethods", + "corrected": false, + "correctable": true, + "location": { + "start_line": 23, + "start_column": 7, + "last_line": 23, + "last_column": 10, + "length": 4, + "line": 23, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Avoid multi-line ternary operators, use `if` or `unless` instead.", + "cop_name": "Style/MultilineTernaryOperator", + "corrected": false, + "correctable": true, + "location": { + "start_line": 24, + "start_column": 12, + "last_line": 25, + "last_column": 69, + "length": 135, + "line": 24, + "column": 12 + } + }, + { + "severity": "convention", + "message": "Use `self.new_token` instead of `User.new_token`.", + "cop_name": "Style/ClassMethods", + "corrected": false, + "correctable": true, + "location": { + "start_line": 30, + "start_column": 7, + "last_line": 30, + "last_column": 10, + "length": 4, + "line": 30, + "column": 7 + } + }, + { + "severity": "convention", + "message": "Add empty line after guard clause.", + "cop_name": "Layout/EmptyLineAfterGuardClause", + "corrected": false, + "correctable": true, + "location": { + "start_line": 43, + "start_column": 5, + "last_line": 43, + "last_column": 31, + "length": 27, + "line": 43, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 105, + "start_column": 1, + "last_line": 105, + "last_column": 4, + "length": 4, + "line": 105, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 105, + "start_column": 5, + "last_line": 107, + "last_column": 7, + "length": 60, + "line": 105, + "column": 5 + } + }, + { + "severity": "convention", + "message": "Use 2 (not 4) spaces for indentation.", + "cop_name": "Layout/IndentationWidth", + "corrected": false, + "correctable": true, + "location": { + "start_line": 110, + "start_column": 1, + "last_line": 110, + "last_column": 4, + "length": 4, + "line": 110, + "column": 1 + } + }, + { + "severity": "convention", + "message": "Inconsistent indentation detected.", + "cop_name": "Layout/IndentationConsistency", + "corrected": false, + "correctable": true, + "location": { + "start_line": 110, + "start_column": 5, + "last_line": 113, + "last_column": 7, + "length": 143, + "line": 110, + "column": 5 + } + } + ] + } + ], + "summary": { + "offense_count": 145, + "target_file_count": 25, + "inspected_file_count": 25 + } +} \ No newline at end of file diff --git a/unittests/scans/choctaw_hog/many_vulns.json b/unittests/scans/rusty_hog/choctawhog_many_vulns.json similarity index 100% rename from unittests/scans/choctaw_hog/many_vulns.json rename to unittests/scans/rusty_hog/choctawhog_many_vulns.json diff --git a/unittests/scans/rusty_hog/choctawhog_no_vuln.json b/unittests/scans/rusty_hog/choctawhog_no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/rusty_hog/choctawhog_no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/choctaw_hog/one_vuln.json b/unittests/scans/rusty_hog/choctawhog_one_vuln.json similarity index 100% rename from unittests/scans/choctaw_hog/one_vuln.json rename to unittests/scans/rusty_hog/choctawhog_one_vuln.json diff --git a/unittests/scans/rusty_hog/durochog_many_vulns.json b/unittests/scans/rusty_hog/durochog_many_vulns.json new file mode 100644 index 00000000000..0b18b7cf6f0 --- /dev/null +++ b/unittests/scans/rusty_hog/durochog_many_vulns.json @@ -0,0 +1,38 @@ +[ + { + "stringsFound":[ + "password = getEncryptedPass()" + ], + "path":"/scan_folder/unittests/scans/sonarqube/sonar-no-finding.html", + "reason":"password (Password)", + "linenum":7712, + "diff":"$password = getEncryptedPass();" + }, + { + "stringsFound":[ + "password=\" " + ], + "path":"/scan_folder/unittests/scans/sonarqube/sonar-single-finding.html", + "reason":"password (Password)", + "linenum":3738, + "diff":" \"user=\" + uname + \"&password=\" + password);" + }, + { + "stringsFound":[ + "pass = '\" . $pass . \"'\"" + ], + "path":"/scan_folder/unittests/scans/sonarqube/sonar-6-findings.html", + "reason":"pass (Password)", + "linenum":1052, + "diff":" $query = \"SELECT * FROM users WHERE login = '\" . $login . \"' AND pass = '\" . $pass . \"'\"; // Unsafe" + }, + { + "stringsFound":[ + "password: \"\"" + ], + "path":"/scan_folder/helm/defectdojo/values.yaml", + "reason":"password (Password)", + "linenum":274, + "diff":" password: \"\"" + } + ] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/durochog_no_vuln.json b/unittests/scans/rusty_hog/durochog_no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/rusty_hog/durochog_no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/durochog_one_vuln.json b/unittests/scans/rusty_hog/durochog_one_vuln.json new file mode 100644 index 00000000000..14ad74e479c --- /dev/null +++ b/unittests/scans/rusty_hog/durochog_one_vuln.json @@ -0,0 +1,11 @@ +[ + { + "stringsFound":[ + "password = retrievePassword()" + ], + "path":"/scan_folder/unittests/scans/sonarqube/sonar-no-finding.html", + "reason":"password (Password)", + "linenum":68622, + "diff":"val password = retrievePassword()" + } +] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/essexhog_many_vulns.json b/unittests/scans/rusty_hog/essexhog_many_vulns.json new file mode 100644 index 00000000000..27415e71162 --- /dev/null +++ b/unittests/scans/rusty_hog/essexhog_many_vulns.json @@ -0,0 +1,26 @@ +[ + { + "stringsFound": [ + "-----BEGIN EC PRIVATE KEY-----" + ], + "page_id": "12345", + "reason": "SSH (EC) private key", + "url": "https://confluence.com/pages/viewpage.action?pageId=12345" + }, + { + "stringsFound": [ + "-----BEGIN DSA PRIVATE KEY-----" + ], + "page_id": "12345", + "reason": "SSH (DSA) private key", + "url": "https://confluence.com/pages/viewpage.action?pageId=12345" + }, + { + "stringsFound": [ + "-----BEGIN RSA PRIVATE KEY-----" + ], + "page_id": "12345", + "reason": "RSA private key", + "url": "https://confluence.com/pages/viewpage.action?pageId=12345" + } +] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/essexhog_no_vuln.json b/unittests/scans/rusty_hog/essexhog_no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/rusty_hog/essexhog_no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/essexhog_one_vuln.json b/unittests/scans/rusty_hog/essexhog_one_vuln.json new file mode 100644 index 00000000000..ed5ca75879e --- /dev/null +++ b/unittests/scans/rusty_hog/essexhog_one_vuln.json @@ -0,0 +1,10 @@ +[ + { + "stringsFound": [ + "-----BEGIN RSA PRIVATE KEY-----" + ], + "page_id": "998772", + "reason": "RSA private key", + "url": "https://confluence.com/pages/viewpage.action?pageId=998772" + } +] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/gottingenhog_many_vulns.json b/unittests/scans/rusty_hog/gottingenhog_many_vulns.json new file mode 100644 index 00000000000..c8c23105f18 --- /dev/null +++ b/unittests/scans/rusty_hog/gottingenhog_many_vulns.json @@ -0,0 +1,92 @@ +[ + { + "stringsFound": [ + "password: jeans" + ], + "issue_id": "TEST-123", + "reason": "password", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "pw: freitag" + ], + "issue_id": "TEST-235", + "reason": "pw", + "url": "https://jira.com/browse/TEST-234", + "location": "comment by \"Erika Mustermann\" on \"2021-12-14T11:30:08.000+0100\"" + }, + { + "stringsFound": [ + "Password: 1289sf" + ], + "issue_id": "TEST-123", + "reason": "Password", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "AKIA1234567891234567" + ], + "issue_id": "TEST-123", + "reason": "Azure Access Key ID", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "password: admin" + ], + "issue_id": "TEST-123", + "reason": "password", + "url": "https://jira.com/browse/TEST-123", + "location": "comment by \"Max Mustermann\" on \"2021-12-08T10:32:09.000+0100\"" + }, + { + "stringsFound": [ + "user: admin" + ], + "issue_id": "TEST-123", + "reason": "user", + "url": "https://jira.com/browse/TEST-123", + "location": "comment by \"Erika Mustermann\" on \"2021-12-15T11:55:13.000+0100\"" + }, + { + "stringsFound": [ + "PW: 189ygdjhi9" + ], + "issue_id": "TEST-123", + "reason": "PW", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "sk_live_12345678901234567890asdf" + ], + "issue_id": "TEST-123", + "reason": "Stripe API Key", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "User: 1298gyhoij1o23i" + ], + "issue_id": "TEST-123", + "reason": "User", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + }, + { + "stringsFound": [ + "user: admin" + ], + "issue_id": "TEST-123", + "reason": "user", + "url": "https://jira.com/browse/TEST-123", + "location": "comment by \"Max Mustermann\" on \"2021-12-08T10:32:09.000+0100\"" + } +] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/gottingenhog_no_vuln.json b/unittests/scans/rusty_hog/gottingenhog_no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/rusty_hog/gottingenhog_no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/rusty_hog/gottingenhog_one_vuln.json b/unittests/scans/rusty_hog/gottingenhog_one_vuln.json new file mode 100644 index 00000000000..cc8aadedac5 --- /dev/null +++ b/unittests/scans/rusty_hog/gottingenhog_one_vuln.json @@ -0,0 +1,11 @@ +[ + { + "stringsFound": [ + "password: jeans" + ], + "issue_id": "TEST-123", + "reason": "password", + "url": "https://jira.com/browse/TEST-123", + "location": "Issue Description" + } +] \ No newline at end of file diff --git a/unittests/scans/sarif/DefectDojo_django-DefectDojo__2020-12-11_13 42 10__export.sarif b/unittests/scans/sarif/DefectDojo_django-DefectDojo__2020-12-11_13 42 10__export.sarif index 413dc07caf3..5dd4b339b75 100644 --- a/unittests/scans/sarif/DefectDojo_django-DefectDojo__2020-12-11_13 42 10__export.sarif +++ b/unittests/scans/sarif/DefectDojo_django-DefectDojo__2020-12-11_13 42 10__export.sarif @@ -3425,7 +3425,7 @@ }, { "location":{ - "uri":"dojo/tools/whitesource/parser.py", + "uri":"dojo/tools/mend/parser.py", "uriBaseId":"%SRCROOT%", "index":113 } @@ -12193,7 +12193,7 @@ { "physicalLocation":{ "artifactLocation":{ - "uri":"dojo/tools/whitesource/parser.py", + "uri":"dojo/tools/mend/parser.py", "uriBaseId":"%SRCROOT%", "index":113 }, @@ -17161,7 +17161,7 @@ { "physicalLocation":{ "artifactLocation":{ - "uri":"dojo/tools/whitesource/parser.py", + "uri":"dojo/tools/mend/parser.py", "uriBaseId":"%SRCROOT%", "index":113 }, @@ -17188,7 +17188,7 @@ { "physicalLocation":{ "artifactLocation":{ - "uri":"dojo/tools/whitesource/parser.py", + "uri":"dojo/tools/mend/parser.py", "uriBaseId":"%SRCROOT%", "index":113 }, diff --git a/unittests/scans/sarif/codeQL-output.sarif b/unittests/scans/sarif/codeQL-output.sarif index a01a8779d93..3da6a9aeb1d 100644 --- a/unittests/scans/sarif/codeQL-output.sarif +++ b/unittests/scans/sarif/codeQL-output.sarif @@ -5876,18 +5876,6 @@ "uri" : "bad/libapi.py", "uriBaseId" : "%SRCROOT%", "index" : 31 - }, - "region" : { - "startLine" : 8, - "startColumn" : 12, - "endColumn" : 20 - }, - "contextRegion" : { - "startLine" : 6, - "endLine" : 10, - "snippet" : { - "text" : "\n\ndef keygen(username, password=None):\n\n if password:\n" - } } }, "message" : { diff --git a/unittests/scans/sarif/cxf-3.4.6.sarif b/unittests/scans/sarif/cxf-3.4.6.sarif new file mode 100644 index 00000000000..1dba1d4343e --- /dev/null +++ b/unittests/scans/sarif/cxf-3.4.6.sarif @@ -0,0 +1,877 @@ +{ + "version": "2.1.0", + "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "runs": [ + { + "tool": { + "driver": { + "name": "Grype", + "version": "0.34.7", + "informationUri": "https://github.com/anchore/grype", + "rules": [ + { + "id": "CVE-2008-0732-geronimo-j2ee-management_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-j2ee-management_1.1_spec package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-j2ee-management_1.1_spec\nVersion: 1.0.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-j2ee-management_1.1_spec | 1.0.1 | | java-archive | lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2008-0732-geronimo-javamail_1.4_mail", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-javamail_1.4_mail package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-javamail_1.4_mail\nVersion: 1.8.4\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-javamail_1.4_mail | 1.8.4 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2008-0732-geronimo-javamail_1.4_provider", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-javamail_1.4_provider package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-javamail_1.4_provider\nVersion: 1.8.4\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-javamail_1.4_provider | 1.8.4 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2008-0732-geronimo-javamail_1.4_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-javamail_1.4_spec package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-javamail_1.4_spec\nVersion: 1.7.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-javamail_1.4_spec | 1.7.1 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2008-0732-geronimo-jms_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-jms_1.1_spec package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-jms_1.1_spec\nVersion: 1.1.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-jms_1.1_spec-1.1.1.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-jms_1.1_spec | 1.1.1 | | java-archive | lib/geronimo-jms_1.1_spec-1.1.1.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2008-0732-geronimo-jta_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2008-0732 low vulnerability for geronimo-jta_1.1_spec package" + }, + "fullDescription": { + "text": "The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2008-0732\nSeverity: low\nPackage: geronimo-jta_1.1_spec\nVersion: 1.1.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-jta_1.1_spec-1.1.1.jar\nData Namespace: nvd\nLink: [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732)", + "markdown": "**Vulnerability CVE-2008-0732**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | geronimo-jta_1.1_spec | 1.1.1 | | java-archive | lib/geronimo-jta_1.1_spec-1.1.1.jar | nvd | [CVE-2008-0732](https://nvd.nist.gov/vuln/detail/CVE-2008-0732) |\n" + }, + "properties": { + "security-severity": "2.1" + } + }, + { + "id": "CVE-2011-5034-geronimo-j2ee-management_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-j2ee-management_1.1_spec package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-j2ee-management_1.1_spec\nVersion: 1.0.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-j2ee-management_1.1_spec | 1.0.1 | | java-archive | lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2011-5034-geronimo-javamail_1.4_mail", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-javamail_1.4_mail package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-javamail_1.4_mail\nVersion: 1.8.4\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-javamail_1.4_mail | 1.8.4 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2011-5034-geronimo-javamail_1.4_provider", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-javamail_1.4_provider package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-javamail_1.4_provider\nVersion: 1.8.4\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-javamail_1.4_provider | 1.8.4 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2011-5034-geronimo-javamail_1.4_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-javamail_1.4_spec package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-javamail_1.4_spec\nVersion: 1.7.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-javamail_1.4_mail-1.8.4.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-javamail_1.4_spec | 1.7.1 | | java-archive | lib/geronimo-javamail_1.4_mail-1.8.4.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2011-5034-geronimo-jms_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-jms_1.1_spec package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-jms_1.1_spec\nVersion: 1.1.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-jms_1.1_spec-1.1.1.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-jms_1.1_spec | 1.1.1 | | java-archive | lib/geronimo-jms_1.1_spec-1.1.1.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2011-5034-geronimo-jta_1.1_spec", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2011-5034 high vulnerability for geronimo-jta_1.1_spec package" + }, + "fullDescription": { + "text": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2011-5034\nSeverity: high\nPackage: geronimo-jta_1.1_spec\nVersion: 1.1.1\nFix Version: \nType: java-archive\nLocation: lib/geronimo-jta_1.1_spec-1.1.1.jar\nData Namespace: nvd\nLink: [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034)", + "markdown": "**Vulnerability CVE-2011-5034**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | geronimo-jta_1.1_spec | 1.1.1 | | java-archive | lib/geronimo-jta_1.1_spec-1.1.1.jar | nvd | [CVE-2011-5034](https://nvd.nist.gov/vuln/detail/CVE-2011-5034) |\n" + }, + "properties": { + "security-severity": "7.8" + } + }, + { + "id": "CVE-2019-12406-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2019-12406 medium vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property \"attachment-max-count\"." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2019-12406\nSeverity: medium\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2019-12406](https://nvd.nist.gov/vuln/detail/CVE-2019-12406)", + "markdown": "**Vulnerability CVE-2019-12406**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2019-12406](https://nvd.nist.gov/vuln/detail/CVE-2019-12406) |\n" + }, + "properties": { + "security-severity": "6.5" + } + }, + { + "id": "CVE-2019-12419-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2019-12419 critical vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2019-12419\nSeverity: critical\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2019-12419](https://nvd.nist.gov/vuln/detail/CVE-2019-12419)", + "markdown": "**Vulnerability CVE-2019-12419**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| critical | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2019-12419](https://nvd.nist.gov/vuln/detail/CVE-2019-12419) |\n" + }, + "properties": { + "security-severity": "9.8" + } + }, + { + "id": "CVE-2019-12423-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2019-12423 high vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2019-12423\nSeverity: high\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2019-12423](https://nvd.nist.gov/vuln/detail/CVE-2019-12423)", + "markdown": "**Vulnerability CVE-2019-12423**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2019-12423](https://nvd.nist.gov/vuln/detail/CVE-2019-12423) |\n" + }, + "properties": { + "security-severity": "7.5" + } + }, + { + "id": "CVE-2019-17573-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2019-17573 medium vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2019-17573\nSeverity: medium\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2019-17573](https://nvd.nist.gov/vuln/detail/CVE-2019-17573)", + "markdown": "**Vulnerability CVE-2019-17573**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2019-17573](https://nvd.nist.gov/vuln/detail/CVE-2019-17573) |\n" + }, + "properties": { + "security-severity": "6.1" + } + }, + { + "id": "CVE-2020-13954-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2020-13954 medium vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2020-13954\nSeverity: medium\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2020-13954](https://nvd.nist.gov/vuln/detail/CVE-2020-13954)", + "markdown": "**Vulnerability CVE-2020-13954**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2020-13954](https://nvd.nist.gov/vuln/detail/CVE-2020-13954) |\n" + }, + "properties": { + "security-severity": "6.1" + } + }, + { + "id": "CVE-2020-1954-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2020-1954 medium vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2020-1954\nSeverity: medium\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2020-1954](https://nvd.nist.gov/vuln/detail/CVE-2020-1954)", + "markdown": "**Vulnerability CVE-2020-1954**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2020-1954](https://nvd.nist.gov/vuln/detail/CVE-2020-1954) |\n" + }, + "properties": { + "security-severity": "5.3" + } + }, + { + "id": "CVE-2020-36518-jackson-databind", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2020-36518 high vulnerability for jackson-databind package" + }, + "fullDescription": { + "text": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2020-36518\nSeverity: high\nPackage: jackson-databind\nVersion: 2.11.4\nFix Version: \nType: java-archive\nLocation: lib/jackson-databind-2.11.4.jar\nData Namespace: nvd\nLink: [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518)", + "markdown": "**Vulnerability CVE-2020-36518**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | jackson-databind | 2.11.4 | | java-archive | lib/jackson-databind-2.11.4.jar | nvd | [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518) |\n" + }, + "properties": { + "security-severity": "7.5" + } + }, + { + "id": "CVE-2021-22696-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2021-22696 high vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2021-22696\nSeverity: high\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2021-22696](https://nvd.nist.gov/vuln/detail/CVE-2021-22696)", + "markdown": "**Vulnerability CVE-2021-22696**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2021-22696](https://nvd.nist.gov/vuln/detail/CVE-2021-22696) |\n" + }, + "properties": { + "security-severity": "7.5" + } + }, + { + "id": "CVE-2021-30468-cxf-xjc-runtime", + "name": "JavaMatcherCpeMatch", + "shortDescription": { + "text": "CVE-2021-30468 high vulnerability for cxf-xjc-runtime package" + }, + "fullDescription": { + "text": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11." + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability CVE-2021-30468\nSeverity: high\nPackage: cxf-xjc-runtime\nVersion: 3.3.1\nFix Version: \nType: java-archive\nLocation: lib/cxf-xjc-runtime-3.3.1.jar\nData Namespace: nvd\nLink: [CVE-2021-30468](https://nvd.nist.gov/vuln/detail/CVE-2021-30468)", + "markdown": "**Vulnerability CVE-2021-30468**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | cxf-xjc-runtime | 3.3.1 | | java-archive | lib/cxf-xjc-runtime-3.3.1.jar | nvd | [CVE-2021-30468](https://nvd.nist.gov/vuln/detail/CVE-2021-30468) |\n" + }, + "properties": { + "security-severity": "7.5" + } + }, + { + "id": "GHSA-57j2-w4cx-62h2-jackson-databind", + "name": "JavaMatcherExactDirectMatch", + "shortDescription": { + "text": "GHSA-57j2-w4cx-62h2 high vulnerability for jackson-databind package" + }, + "fullDescription": { + "text": "Deeply nested json in jackson-databind" + }, + "helpUri": "https://github.com/anchore/grype", + "help": { + "text": "Vulnerability GHSA-57j2-w4cx-62h2\nSeverity: high\nPackage: jackson-databind\nVersion: 2.11.4\nFix Version: 2.12.6.1\nType: java-archive\nLocation: lib/jackson-databind-2.11.4.jar\nData Namespace: github:java\nLink: [GHSA-57j2-w4cx-62h2](https://github.com/advisories/GHSA-57j2-w4cx-62h2)", + "markdown": "**Vulnerability GHSA-57j2-w4cx-62h2**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | jackson-databind | 2.11.4 | 2.12.6.1 | java-archive | lib/jackson-databind-2.11.4.jar | github:java | [GHSA-57j2-w4cx-62h2](https://github.com/advisories/GHSA-57j2-w4cx-62h2) |\n" + }, + "properties": { + "security-severity": "7.5" + } + } + ] + } + }, + "results": [ + { + "ruleId": "CVE-2008-0732-geronimo-j2ee-management_1.1_spec", + "message": { + "text": "The path lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar reports geronimo-j2ee-management_1.1_spec at version 1.0.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2008-0732-geronimo-javamail_1.4_mail", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_mail at version 1.8.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2008-0732-geronimo-javamail_1.4_provider", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_provider at version 1.8.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2008-0732-geronimo-javamail_1.4_spec", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_spec at version 1.7.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2008-0732-geronimo-jms_1.1_spec", + "message": { + "text": "The path lib/geronimo-jms_1.1_spec-1.1.1.jar reports geronimo-jms_1.1_spec at version 1.1.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-jms_1.1_spec-1.1.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2008-0732-geronimo-jta_1.1_spec", + "message": { + "text": "The path lib/geronimo-jta_1.1_spec-1.1.1.jar reports geronimo-jta_1.1_spec at version 1.1.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-jta_1.1_spec-1.1.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-j2ee-management_1.1_spec", + "message": { + "text": "The path lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar reports geronimo-j2ee-management_1.1_spec at version 1.0.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-j2ee-management_1.1_spec-1.0.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-javamail_1.4_mail", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_mail at version 1.8.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-javamail_1.4_provider", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_provider at version 1.8.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-javamail_1.4_spec", + "message": { + "text": "The path lib/geronimo-javamail_1.4_mail-1.8.4.jar reports geronimo-javamail_1.4_spec at version 1.7.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-javamail_1.4_mail-1.8.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-jms_1.1_spec", + "message": { + "text": "The path lib/geronimo-jms_1.1_spec-1.1.1.jar reports geronimo-jms_1.1_spec at version 1.1.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-jms_1.1_spec-1.1.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2011-5034-geronimo-jta_1.1_spec", + "message": { + "text": "The path lib/geronimo-jta_1.1_spec-1.1.1.jar reports geronimo-jta_1.1_spec at version 1.1.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/geronimo-jta_1.1_spec-1.1.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2019-12406-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2019-12419-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2019-12423-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2019-17573-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2020-13954-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2020-1954-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2020-36518-jackson-databind", + "message": { + "text": "The path lib/jackson-databind-2.11.4.jar reports jackson-databind at version 2.11.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/jackson-databind-2.11.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2021-22696-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "CVE-2021-30468-cxf-xjc-runtime", + "message": { + "text": "The path lib/cxf-xjc-runtime-3.3.1.jar reports cxf-xjc-runtime at version 3.3.1 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/cxf-xjc-runtime-3.3.1.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + }, + { + "ruleId": "GHSA-57j2-w4cx-62h2-jackson-databind", + "message": { + "text": "The path lib/jackson-databind-2.11.4.jar reports jackson-databind at version 2.11.4 which would result in a vulnerable (java-archive) package installed" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/jackson-databind-2.11.4.jar" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + } + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/sarif/suppression_test.sarif b/unittests/scans/sarif/suppression_test.sarif new file mode 100644 index 00000000000..7283be7b0cb --- /dev/null +++ b/unittests/scans/sarif/suppression_test.sarif @@ -0,0 +1,139 @@ +{ + "$schema":"http://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "version":"2.1.0", + "runs":[ + { + "tool":{ + "driver":{ + "name":"CodeScanner", + "rules":[ + { + "id":"TST0001", + "fullDescription":{ + "text":"Rule 001" + } + }, + { + "id":"TST0002", + "fullDescription":{ + "text":"Rule 002" + } + }, + { + "id":"TST0003", + "fullDescription":{ + "text":"Rule 003" + } + }, + { + "id":"TST0004", + "fullDescription":{ + "text":"Rule 004" + } + }, + { + "id":"TST0005", + "fullDescription":{ + "text":"Rule 005" + } + } + ] + } + }, + "results":[ + { + "ruleId":"TST0001", + "message":{ + "text":"Suppressed" + }, + "locations":[ + { + "physicalLocation":{ + "artifactLocation":{ + "uri":"file:///C:/code/file1.c" + } + } + } + ], + "suppressions":[ + { + "kind":"external" + } + ] + }, + { + "ruleId":"TST0002", + "message":{ + "text":"Suppressed" + }, + "locations":[ + { + "physicalLocation":{ + "artifactLocation":{ + "uri":"file:///C:/code/file2.c" + } + } + } + ], + "suppressions":[ + { + "kind":"external" + } + ] + }, + { + "ruleId":"TST0003", + "message":{ + "text":"Suppressed" + }, + "locations":[ + { + "physicalLocation":{ + "artifactLocation":{ + "uri":"file:///C:/code/file3.c" + } + } + } + ], + "suppressions":[ + { + "kind":"inSource" + } + ] + }, + { + "ruleId":"TST0004", + "message":{ + "text":"Not suppressed" + }, + "locations":[ + { + "physicalLocation":{ + "artifactLocation":{ + "uri":"file:///C:/code/file4.c" + } + } + } + ] + }, + { + "ruleId":"TST0005", + "message":{ + "text":"Not suppressed" + }, + "locations":[ + { + "physicalLocation":{ + "artifactLocation":{ + "uri":"file:///C:/code/file5.c" + } + } + } + ], + "suppressions":[] + } + ], + "columnKind":"utf16CodeUnits" + } + ] +} \ No newline at end of file diff --git a/unittests/scans/semgrep/cwe_list.json b/unittests/scans/semgrep/cwe_list.json new file mode 100644 index 00000000000..8aaac62ace7 --- /dev/null +++ b/unittests/scans/semgrep/cwe_list.json @@ -0,0 +1,86 @@ +{ + "errors": [ ], + "results": [ + { + "check_id": "javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage", + "end": { + "col": 22, + "line": 12, + "offset": 357 + }, + "extra": { + "fingerprint": "143cb0c62f3740d62180cbde3ffa976e", + "is_ignored": false, + "lines": "const app = express();", + "message": "A CSRF middleware was not detected in your express application. Ensure you are either using one such as `csurf` or `csrf` (see rule references) and/or you are properly doing CSRF validation in your routes with a token or cookies.", + "metadata": { + "category": "security", + "cwe": [ + "CWE-352: Cross-Site Request Forgery (CSRF)" + ], + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "owasp": [ + "A01:2021 - Broken Access Control", + "A05:2017 - Broken Access Control" + ], + "references": [ + "https://www.npmjs.com/package/csurf", + "https://www.npmjs.com/package/csrf", + "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html" + ], + "shortlink": "https://sg.run/BxzR", + "source": "https://semgrep.dev/r/javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage", + "technology": [ + "javascript", + "typescript", + "express" + ] + }, + "metavars": { + "$APP": { + "abstract_content": "app", + "end": { + "col": 10, + "line": 12, + "offset": 345 + }, + "start": { + "col": 7, + "line": 12, + "offset": 342 + }, + "unique_id": { + "sid": 9, + "type": "id" + } + }, + "$EXPRESS": { + "abstract_content": "express", + "end": { + "col": 20, + "line": 12, + "offset": 355 + }, + "start": { + "col": 13, + "line": 12, + "offset": 348 + }, + "unique_id": { + "sid": 1, + "type": "id" + } + } + }, + "severity": "INFO" + }, + "path": "index.js", + "start": { + "col": 7, + "line": 12, + "offset": 342 + } + } + ], + "version": "0.96.0" +} \ No newline at end of file diff --git a/unittests/scans/semgrep/issue_8435.json b/unittests/scans/semgrep/issue_8435.json new file mode 100644 index 00000000000..37dad8ca5bd --- /dev/null +++ b/unittests/scans/semgrep/issue_8435.json @@ -0,0 +1,69 @@ +{ + "errors": [ + ], + "results": [ + { + "check_id": "generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth", + "end": { + "col": 38431, + "line": 1, + "offset": 38430 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "fc255e575f2b938f11bf70bb737def0a1aa3ea044296972c9c6ff5b66b0d931064731b30406fc873b300c2bcf73cb66797513b709991e334fd355599d60d53d8_0", + "is_ignored": false, + "lines": "", + "message": "Twitter OAuth detected", + "metadata": { + "category": "security", + "confidence": "LOW", + "cwe": [ + "CWE-798: Use of Hard-coded Credentials" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2021 - Identification and Authentication Failures" + ], + "references": [ + "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "BYUNq8", + "url": "https://semgrep.dev/playground/r/A8TRG6/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth", + "version_id": "A8TRG6" + } + }, + "shortlink": "https://sg.run/Lwb7", + "source": "https://semgrep.dev/r/generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth", + "source-rule-url": "https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json", + "subcategory": [ + "audit" + ], + "technology": [ + "secrets", + "twitter" + ], + "vulnerability_class": [ + "Hard-coded Secrets" + ] + }, + "metavars": {}, + "severity": "ERROR" + }, + "path": "/somedir/somefile.js", + "start": { + "col": 37650, + "line": 1, + "offset": 37649 + } + } + ], + "version": "1.33.2" +} \ No newline at end of file diff --git a/unittests/scans/semgrep/many_vulns.json b/unittests/scans/semgrep/many_vulns.json index 3c32b1fef65..1bb27ba54c7 100644 --- a/unittests/scans/semgrep/many_vulns.json +++ b/unittests/scans/semgrep/many_vulns.json @@ -936,7 +936,7 @@ }, { "check_id": "python.lang.security.insecure-hash-algorithms.insecure-hash-algorithm-md5", - "path": "tools/whitesource/parser.py", + "path": "tools/mend/parser.py", "start": { "line": 104, "col": 24 diff --git a/unittests/scans/semgrep/semgrep_version_1_30_0_line_26.json b/unittests/scans/semgrep/semgrep_version_1_30_0_line_26.json new file mode 100644 index 00000000000..1de52e18f12 --- /dev/null +++ b/unittests/scans/semgrep/semgrep_version_1_30_0_line_26.json @@ -0,0 +1,463 @@ +{ + "errors": [], + "paths": { + "_comment": "", + "scanned": [ + "test.go" + ] + }, + "results": [ + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 31, + "line": 30, + "offset": 689 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "f900d4624c2a2c2cae7cb9c94c4fb9df53a242700f19122be398d33598deb554a3fa3af3ba3864af95c90694505624e04e9e1c86fb96338f1feb40bd8b07ef2e_0", + "is_ignored": false, + "lines": " tmpl := \"

                \" + customerId + \"

                \"\n\n\n return template.HTML(tmpl)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "tmpl", + "end": { + "col": 9, + "line": 27, + "offset": 594 + }, + "start": { + "col": 5, + "line": 27, + "offset": 590 + } + }, + "$X": { + "abstract_content": "\"

                \"+customerId", + "end": { + "col": 44, + "line": 27, + "offset": 629 + }, + "start": { + "col": 13, + "line": 27, + "offset": 598 + } + }, + "$Y": { + "abstract_content": "\"

                \"", + "end": { + "col": 68, + "line": 27, + "offset": 653 + }, + "start": { + "col": 47, + "line": 27, + "offset": 632 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 5, + "line": 27, + "offset": 590 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 82, + "line": 54, + "offset": 1365 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "031880af370966b08c1806fde9119ea4c44be84c62070337dca38612f90d6bb71c5b2375ee4b74d4d78f1bb795e146c22083569f6e42a27277418809f3205224_0", + "is_ignored": false, + "lines": " return template.HTML(\"

                \" + customerId + \"

                \")", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "\"

                \"+customerId", + "end": { + "col": 57, + "line": 54, + "offset": 1340 + }, + "start": { + "col": 26, + "line": 54, + "offset": 1309 + } + }, + "$X": { + "abstract_content": "\"

                \"", + "end": { + "col": 81, + "line": 54, + "offset": 1364 + }, + "start": { + "col": 60, + "line": 54, + "offset": 1343 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 54, + "offset": 1295 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 58, + "line": 61, + "offset": 1575 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "18795c725c42a323357bf6a126fb895e11b764e80f583a69df3bd5c1812caf2259eab742aa70fcfb1663444041ea4795dfa53cc90cbe1eae03625c3feccddd53_0", + "is_ignored": false, + "lines": " return template.HTML(\"

                \" + customerId)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "\"

                \"", + "end": { + "col": 44, + "line": 61, + "offset": 1561 + }, + "start": { + "col": 26, + "line": 61, + "offset": 1543 + } + }, + "$X": { + "abstract_content": "customerId", + "end": { + "col": 57, + "line": 61, + "offset": 1574 + }, + "propagated_value": { + "svalue_abstract_content": "r.URL.Query().Get(\"id\")", + "svalue_end": { + "col": 42, + "line": 58, + "offset": 1472 + }, + "svalue_start": { + "col": 19, + "line": 58, + "offset": 1449 + } + }, + "start": { + "col": 47, + "line": 61, + "offset": 1564 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 61, + "offset": 1529 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 31, + "line": 71, + "offset": 1890 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "9d2e74567ab26a1d82545fcb12aeee62c0114385756213c3a4f0252c9e7233300490727af8c9cd3bba6194084f10dcaab03ac907162b58afa6370da6fbbd12fc_0", + "is_ignored": false, + "lines": " tmpl, err := fmt.Printf(\"

                %s

                \", customerId)\n if err != nil {\n return template.HTML(\"\")\n }\n return template.HTML(tmpl)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$ERR": { + "abstract_content": "err", + "end": { + "col": 14, + "line": 67, + "offset": 1729 + }, + "start": { + "col": 11, + "line": 67, + "offset": 1726 + } + }, + "$P": { + "abstract_content": "Printf", + "end": { + "col": 28, + "line": 67, + "offset": 1743 + }, + "start": { + "col": 22, + "line": 67, + "offset": 1737 + } + }, + "$T": { + "abstract_content": "tmpl", + "end": { + "col": 9, + "line": 67, + "offset": 1724 + }, + "start": { + "col": 5, + "line": 67, + "offset": 1720 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 5, + "line": 67, + "offset": 1720 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 91, + "line": 77, + "offset": 2127 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "d5ee587632748693a7a70a22212cf105cdd778ee28678f970d4aed05a525226c14db4d8cd51ff6ec7e3d4f22b41c6788feebabf1f4bd70d9f8fb57ca8e70fb2b_0", + "is_ignored": false, + "lines": " return template.HTML(fmt.Sprintf(\"

                %s

                \", customerId))", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$P": { + "abstract_content": "Sprintf", + "end": { + "col": 37, + "line": 77, + "offset": 2073 + }, + "start": { + "col": 30, + "line": 77, + "offset": 2066 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 77, + "offset": 2048 + } + } + ], + "version": "1.30.0" +} \ No newline at end of file diff --git a/unittests/scans/semgrep/semgrep_version_1_30_0_line_27.json b/unittests/scans/semgrep/semgrep_version_1_30_0_line_27.json new file mode 100644 index 00000000000..1de52e18f12 --- /dev/null +++ b/unittests/scans/semgrep/semgrep_version_1_30_0_line_27.json @@ -0,0 +1,463 @@ +{ + "errors": [], + "paths": { + "_comment": "", + "scanned": [ + "test.go" + ] + }, + "results": [ + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 31, + "line": 30, + "offset": 689 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "f900d4624c2a2c2cae7cb9c94c4fb9df53a242700f19122be398d33598deb554a3fa3af3ba3864af95c90694505624e04e9e1c86fb96338f1feb40bd8b07ef2e_0", + "is_ignored": false, + "lines": " tmpl := \"

                \" + customerId + \"

                \"\n\n\n return template.HTML(tmpl)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "tmpl", + "end": { + "col": 9, + "line": 27, + "offset": 594 + }, + "start": { + "col": 5, + "line": 27, + "offset": 590 + } + }, + "$X": { + "abstract_content": "\"

                \"+customerId", + "end": { + "col": 44, + "line": 27, + "offset": 629 + }, + "start": { + "col": 13, + "line": 27, + "offset": 598 + } + }, + "$Y": { + "abstract_content": "\"

                \"", + "end": { + "col": 68, + "line": 27, + "offset": 653 + }, + "start": { + "col": 47, + "line": 27, + "offset": 632 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 5, + "line": 27, + "offset": 590 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 82, + "line": 54, + "offset": 1365 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "031880af370966b08c1806fde9119ea4c44be84c62070337dca38612f90d6bb71c5b2375ee4b74d4d78f1bb795e146c22083569f6e42a27277418809f3205224_0", + "is_ignored": false, + "lines": " return template.HTML(\"

                \" + customerId + \"

                \")", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "\"

                \"+customerId", + "end": { + "col": 57, + "line": 54, + "offset": 1340 + }, + "start": { + "col": 26, + "line": 54, + "offset": 1309 + } + }, + "$X": { + "abstract_content": "\"

                \"", + "end": { + "col": 81, + "line": 54, + "offset": 1364 + }, + "start": { + "col": 60, + "line": 54, + "offset": 1343 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 54, + "offset": 1295 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 58, + "line": 61, + "offset": 1575 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "18795c725c42a323357bf6a126fb895e11b764e80f583a69df3bd5c1812caf2259eab742aa70fcfb1663444041ea4795dfa53cc90cbe1eae03625c3feccddd53_0", + "is_ignored": false, + "lines": " return template.HTML(\"

                \" + customerId)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$T": { + "abstract_content": "\"

                \"", + "end": { + "col": 44, + "line": 61, + "offset": 1561 + }, + "start": { + "col": 26, + "line": 61, + "offset": 1543 + } + }, + "$X": { + "abstract_content": "customerId", + "end": { + "col": 57, + "line": 61, + "offset": 1574 + }, + "propagated_value": { + "svalue_abstract_content": "r.URL.Query().Get(\"id\")", + "svalue_end": { + "col": 42, + "line": 58, + "offset": 1472 + }, + "svalue_start": { + "col": 19, + "line": 58, + "offset": 1449 + } + }, + "start": { + "col": 47, + "line": 61, + "offset": 1564 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 61, + "offset": 1529 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 31, + "line": 71, + "offset": 1890 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "9d2e74567ab26a1d82545fcb12aeee62c0114385756213c3a4f0252c9e7233300490727af8c9cd3bba6194084f10dcaab03ac907162b58afa6370da6fbbd12fc_0", + "is_ignored": false, + "lines": " tmpl, err := fmt.Printf(\"

                %s

                \", customerId)\n if err != nil {\n return template.HTML(\"\")\n }\n return template.HTML(tmpl)", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$ERR": { + "abstract_content": "err", + "end": { + "col": 14, + "line": 67, + "offset": 1729 + }, + "start": { + "col": 11, + "line": 67, + "offset": 1726 + } + }, + "$P": { + "abstract_content": "Printf", + "end": { + "col": 28, + "line": 67, + "offset": 1743 + }, + "start": { + "col": 22, + "line": 67, + "offset": 1737 + } + }, + "$T": { + "abstract_content": "tmpl", + "end": { + "col": 9, + "line": 67, + "offset": 1724 + }, + "start": { + "col": 5, + "line": 67, + "offset": 1720 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 5, + "line": 67, + "offset": 1720 + } + }, + { + "check_id": "go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "end": { + "col": 91, + "line": 77, + "offset": 2127 + }, + "extra": { + "engine_kind": "OSS", + "fingerprint": "d5ee587632748693a7a70a22212cf105cdd778ee28678f970d4aed05a525226c14db4d8cd51ff6ec7e3d4f22b41c6788feebabf1f4bd70d9f8fb57ca8e70fb2b_0", + "is_ignored": false, + "lines": " return template.HTML(fmt.Sprintf(\"

                %s

                \", customerId))", + "message": "Found a formatted template string passed to 'template.HTML()'. 'template.HTML()' does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability.", + "metadata": { + "category": "security", + "confidence": "MEDIUM", + "cwe": [ + "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + ], + "cwe2021-top25": true, + "cwe2022-top25": true, + "impact": "MEDIUM", + "license": "Commons Clause License Condition v1.0[LGPL-2.1-only]", + "likelihood": "LOW", + "owasp": [ + "A07:2017 - Cross-Site Scripting (XSS)", + "A03:2021 - Injection" + ], + "references": [ + "https://golang.org/pkg/html/template/#HTML" + ], + "semgrep.dev": { + "rule": { + "origin": "community", + "rule_id": "8GUjDW", + "url": "https://semgrep.dev/playground/r/e1TNz3/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "version_id": "e1TNz3" + } + }, + "shortlink": "https://sg.run/weE0", + "source": "https://semgrep.dev/r/go.lang.security.audit.net.formatted-template-string.formatted-template-string", + "subcategory": [ + "audit" + ], + "technology": [ + "go" + ] + }, + "metavars": { + "$P": { + "abstract_content": "Sprintf", + "end": { + "col": 37, + "line": 77, + "offset": 2073 + }, + "start": { + "col": 30, + "line": 77, + "offset": 2066 + } + } + }, + "severity": "WARNING" + }, + "path": "test.go", + "start": { + "col": 12, + "line": 77, + "offset": 2048 + } + } + ], + "version": "1.30.0" +} \ No newline at end of file diff --git a/unittests/scans/snyk/all_containers_target_output.json b/unittests/scans/snyk/all_containers_target_output.json new file mode 100644 index 00000000000..5775165a65f --- /dev/null +++ b/unittests/scans/snyk/all_containers_target_output.json @@ -0,0 +1,4760 @@ +[ + { + "vulnerabilities": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-07-04T09:30:02.378909Z", + "credit": [ + "Takuto Yoshikai" + ], + "cvssScore": 9.1, + "description": "## Overview\n[Django](https://pypi.org/project/Django/) is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.\n\nAffected versions of this package are vulnerable to SQL Injection via the `Trunc(kind)` and `Extract(lookup_name)` arguments, if untrusted data is used as a `kind/lookup_name` value.\r\n\r\n**Note:** Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\r\n\r\nDjango 4.1 pre-released versions (4.1a1, 4.1a2) are being affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.\n## Remediation\nUpgrade `Django` to version 3.2.14, 4.0.6 or higher.\n## References\n- [Django Security Release](https://www.djangoproject.com/weblog/2022/jul/04/security-releases/)\n- [GitHub Commit](https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492)\n- [GitHub Commit](https://github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5)\n- [GitHub Commit](https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c)\n- [GitHub Commit](https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e)\n", + "disclosureTime": "2022-07-04T09:14:12Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "3.2.14", + "4.0.6" + ], + "id": "SNYK-PYTHON-DJANGO-2940618", + "identifiers": { + "CWE": [ + "CWE-89" + ], + "CVE": [ + "CVE-2022-34265" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-04T10:19:35.965182Z", + "moduleName": "django", + "packageManager": "pip", + "packageName": "django", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-04T10:19:35.962957Z", + "references": [ + { + "title": "Django Security Release", + "url": "https://www.djangoproject.com/weblog/2022/jul/04/security-releases/" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e" + } + ], + "severity": "critical", + "socialTrendAlert": false, + "title": "SQL Injection", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,3.2.14)", + "[4.0a1,4.0.6)" + ] + }, + "severityWithCritical": "critical", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "django@4.0.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "django", + "version": "4.0.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-07-05T10:15:12.872000Z", + "credit": [ + "Kishin Yagami" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference in the `iterwalk()` function (used by `canonicalize`) that can be triggered by malicious input.\r\n\r\n**NOTE:** \r\nThis only applies when lxml is used together with libxml2 2.9.10 through 2.9.14.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `lxml` to version 4.9.1 or higher.\n## References\n- [GitHub Commit](https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f)\n", + "disclosureTime": "2022-07-05T10:09:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.9.1" + ], + "id": "SNYK-PYTHON-LXML-2940874", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2022-2309" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-05T12:53:27.224197Z", + "moduleName": "lxml", + "packageManager": "pip", + "packageName": "lxml", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-05T12:53:27.206935Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.9.1)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "lxml@4.8.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "lxml", + "version": "4.8.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-07-05T10:15:12.872000Z", + "credit": [ + "Kishin Yagami" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference in the `iterwalk()` function (used by `canonicalize`) that can be triggered by malicious input.\r\n\r\n**NOTE:** \r\nThis only applies when lxml is used together with libxml2 2.9.10 through 2.9.14.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `lxml` to version 4.9.1 or higher.\n## References\n- [GitHub Commit](https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f)\n", + "disclosureTime": "2022-07-05T10:09:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.9.1" + ], + "id": "SNYK-PYTHON-LXML-2940874", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2022-2309" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-05T12:53:27.224197Z", + "moduleName": "lxml", + "packageManager": "pip", + "packageName": "lxml", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-05T12:53:27.206935Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.9.1)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "androguard@3.4.0a1", + "lxml@4.8.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "lxml", + "version": "4.8.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-07-05T10:15:12.872000Z", + "credit": [ + "Kishin Yagami" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference in the `iterwalk()` function (used by `canonicalize`) that can be triggered by malicious input.\r\n\r\n**NOTE:** \r\nThis only applies when lxml is used together with libxml2 2.9.10 through 2.9.14.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `lxml` to version 4.9.1 or higher.\n## References\n- [GitHub Commit](https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f)\n", + "disclosureTime": "2022-07-05T10:09:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.9.1" + ], + "id": "SNYK-PYTHON-LXML-2940874", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2022-2309" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-05T12:53:27.224197Z", + "moduleName": "lxml", + "packageManager": "pip", + "packageName": "lxml", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-05T12:53:27.206935Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.9.1)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "androguard@3.4.0a1", + "lxml@4.8.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "lxml", + "version": "4.8.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2021-01-20T11:40:10.785788Z", + "credit": [ + "Ajmal Aboobacker" + ], + "cvssScore": 8.8, + "description": "## Overview\n[networkx](https://pypi.org/project/networkx/) is a Python package for creating and manipulating graphs and networks\n\nAffected versions of this package are vulnerable to Deserialization of Untrusted Data. This package is vulnerable to arbitrary code execution via insecure YAML deserialization due to the use of a known vulnerable function `load()` in yaml, which is called in `read_yaml()` in `networkx/readwrite/nx_yaml.py`.\r\n\r\n`networkx/readwrite/nx_yaml.py` is deprecated and scheduled to be removed in the next release of Networkx. Users should avoid using this function completely.\n\n## Details\n\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\n\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\n\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\n\n \nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\n \n\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\n\n- Apache Blog\n \n## Remediation\nUpgrade `networkx` to version 2.6 or higher.\n## References\n- [GitHub PR](https://github.com/networkx/networkx/pull/4541)\n", + "disclosureTime": "2021-01-20T11:20:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6" + ], + "id": "SNYK-PYTHON-NETWORKX-1062709", + "identifiers": { + "CWE": [ + "CWE-502" + ], + "CVE": [] + }, + "language": "python", + "malicious": false, + "modificationTime": "2021-07-09T09:31:56.016717Z", + "moduleName": "networkx", + "packageManager": "pip", + "packageName": "networkx", + "patches": [], + "proprietary": false, + "publicationTime": "2021-03-21T16:33:35Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/networkx/networkx/pull/4541" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Deserialization of Untrusted Data", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,2.6)" + ] + }, + "severityWithCritical": "high", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "androguard@3.4.0a1", + "networkx@2.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "networkx", + "version": "2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2021-01-20T11:40:10.785788Z", + "credit": [ + "Ajmal Aboobacker" + ], + "cvssScore": 8.8, + "description": "## Overview\n[networkx](https://pypi.org/project/networkx/) is a Python package for creating and manipulating graphs and networks\n\nAffected versions of this package are vulnerable to Deserialization of Untrusted Data. This package is vulnerable to arbitrary code execution via insecure YAML deserialization due to the use of a known vulnerable function `load()` in yaml, which is called in `read_yaml()` in `networkx/readwrite/nx_yaml.py`.\r\n\r\n`networkx/readwrite/nx_yaml.py` is deprecated and scheduled to be removed in the next release of Networkx. Users should avoid using this function completely.\n\n## Details\n\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\n\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\n\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\n\n \nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\n \n\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\n\n- Apache Blog\n \n## Remediation\nUpgrade `networkx` to version 2.6 or higher.\n## References\n- [GitHub PR](https://github.com/networkx/networkx/pull/4541)\n", + "disclosureTime": "2021-01-20T11:20:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6" + ], + "id": "SNYK-PYTHON-NETWORKX-1062709", + "identifiers": { + "CWE": [ + "CWE-502" + ], + "CVE": [] + }, + "language": "python", + "malicious": false, + "modificationTime": "2021-07-09T09:31:56.016717Z", + "moduleName": "networkx", + "packageManager": "pip", + "packageName": "networkx", + "patches": [], + "proprietary": false, + "publicationTime": "2021-03-21T16:33:35Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/networkx/networkx/pull/4541" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Deserialization of Untrusted Data", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,2.6)" + ] + }, + "severityWithCritical": "high", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "androguard@3.4.0a1", + "networkx@2.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "networkx", + "version": "2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-12-19T10:23:33.311250Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference due to missing return-value validation in the `PyArray_DescrNew` function, which may allow attackers to conduct Denial of Service attacks by repetitively creating and sort arrays.\r\n\r\n**Note:** This may likely only happen if application memory is already exhausted, as it requires the `newdescr` object of the `PyArray_DescrNew` to evaluate to `NULL`.\n## Remediation\nUpgrade `numpy` to version 1.22.2 or higher.\n## References\n- [GitHub Issue](https://github.com/numpy/numpy/issues/19038)\n- [GitHub PR](https://github.com/numpy/numpy/pull/20960)\n- [GitHub Release](https://github.com/numpy/numpy/releases/tag/v1.22.2)\n", + "disclosureTime": "2021-12-19T10:02:22Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.22.2" + ], + "id": "SNYK-PYTHON-NUMPY-2321964", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2021-41495" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-02-04T08:02:18.455219Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:24Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/19038" + }, + { + "title": "GitHub PR", + "url": "https://github.com/numpy/numpy/pull/20960" + }, + { + "title": "GitHub Release", + "url": "https://github.com/numpy/numpy/releases/tag/v1.22.2" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[0,1.22.2)" + ] + }, + "severityWithCritical": "low", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "numpy", + "version": "1.21.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-12-19T10:52:47.566097Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to Buffer Overflow due to missing boundary checks in the `array_from_pyobj` function of `fortranobject.c`. This may allow an attacker to conduct Denial of Service by carefully constructing an array with negative values.\n## Remediation\nUpgrade `numpy` to version 1.22.0 or higher.\n## References\n- [GitHub Commit](https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2)\n- [GitHub Issue](https://github.com/numpy/numpy/issues/19000)\n", + "disclosureTime": "2021-12-19T10:41:15Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.22.0" + ], + "id": "SNYK-PYTHON-NUMPY-2321966", + "identifiers": { + "CWE": [ + "CWE-119", + "CWE-120" + ], + "CVE": [ + "CVE-2021-41496" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-05-29T14:25:40.751786Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:24Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/19000" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Buffer Overflow", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,1.22.0)" + ] + }, + "severityWithCritical": "low", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "numpy", + "version": "1.21.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-12-19T11:15:21.052159Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) due to an incomplete string comparison in the `numpy.core` component, which may allow attackers to fail the APIs via constructing specific string objects.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `numpy` to version 1.22.0rc1 or higher.\n## References\n- [GitHub Commit](https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2)\n- [GitHub Issue](https://github.com/numpy/numpy/issues/18993)\n- [GitHub PR](https://github.com/numpy/numpy/pull/19539)\n", + "disclosureTime": "2021-12-19T11:06:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.22.0rc1" + ], + "id": "SNYK-PYTHON-NUMPY-2321970", + "identifiers": { + "CWE": [ + "CWE-400", + "CWE-1023" + ], + "CVE": [ + "CVE-2021-34141" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2021-12-19T15:16:23.795046Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:23.793333Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/18993" + }, + { + "title": "GitHub PR", + "url": "https://github.com/numpy/numpy/pull/19539" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,1.22.0rc1)" + ] + }, + "severityWithCritical": "low", + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "numpy", + "version": "1.21.5" + } + ], + "ok": false, + "dependencyCount": 76, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "pip", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "9 vulnerable dependency paths", + "remediation": { + "unresolved": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-07-04T09:30:02.378909Z", + "credit": [ + "Takuto Yoshikai" + ], + "cvssScore": 9.1, + "description": "## Overview\n[Django](https://pypi.org/project/Django/) is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.\n\nAffected versions of this package are vulnerable to SQL Injection via the `Trunc(kind)` and `Extract(lookup_name)` arguments, if untrusted data is used as a `kind/lookup_name` value.\r\n\r\n**Note:** Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\r\n\r\nDjango 4.1 pre-released versions (4.1a1, 4.1a2) are being affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.\n## Remediation\nUpgrade `Django` to version 3.2.14, 4.0.6 or higher.\n## References\n- [Django Security Release](https://www.djangoproject.com/weblog/2022/jul/04/security-releases/)\n- [GitHub Commit](https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492)\n- [GitHub Commit](https://github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5)\n- [GitHub Commit](https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c)\n- [GitHub Commit](https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e)\n", + "disclosureTime": "2022-07-04T09:14:12Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "3.2.14", + "4.0.6" + ], + "id": "SNYK-PYTHON-DJANGO-2940618", + "identifiers": { + "CWE": [ + "CWE-89" + ], + "CVE": [ + "CVE-2022-34265" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-04T10:19:35.965182Z", + "moduleName": "django", + "packageManager": "pip", + "packageName": "django", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-04T10:19:35.962957Z", + "references": [ + { + "title": "Django Security Release", + "url": "https://www.djangoproject.com/weblog/2022/jul/04/security-releases/" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e" + } + ], + "severity": "critical", + "socialTrendAlert": false, + "title": "SQL Injection", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,3.2.14)", + "[4.0a1,4.0.6)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "django@4.0.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "django", + "version": "4.0.5", + "severityWithCritical": "critical" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-07-05T10:15:12.872000Z", + "credit": [ + "Kishin Yagami" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference in the `iterwalk()` function (used by `canonicalize`) that can be triggered by malicious input.\r\n\r\n**NOTE:** \r\nThis only applies when lxml is used together with libxml2 2.9.10 through 2.9.14.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `lxml` to version 4.9.1 or higher.\n## References\n- [GitHub Commit](https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f)\n", + "disclosureTime": "2022-07-05T10:09:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.9.1" + ], + "id": "SNYK-PYTHON-LXML-2940874", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2022-2309" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-07-05T12:53:27.224197Z", + "moduleName": "lxml", + "packageManager": "pip", + "packageName": "lxml", + "patches": [], + "proprietary": false, + "publicationTime": "2022-07-05T12:53:27.206935Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.9.1)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "androguard@3.4.0a1", + "lxml@4.8.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "lxml", + "version": "4.8.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2021-01-20T11:40:10.785788Z", + "credit": [ + "Ajmal Aboobacker" + ], + "cvssScore": 8.8, + "description": "## Overview\n[networkx](https://pypi.org/project/networkx/) is a Python package for creating and manipulating graphs and networks\n\nAffected versions of this package are vulnerable to Deserialization of Untrusted Data. This package is vulnerable to arbitrary code execution via insecure YAML deserialization due to the use of a known vulnerable function `load()` in yaml, which is called in `read_yaml()` in `networkx/readwrite/nx_yaml.py`.\r\n\r\n`networkx/readwrite/nx_yaml.py` is deprecated and scheduled to be removed in the next release of Networkx. Users should avoid using this function completely.\n\n## Details\n\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\n\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\n\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\n\n \nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\n \n\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\n\n- Apache Blog\n \n## Remediation\nUpgrade `networkx` to version 2.6 or higher.\n## References\n- [GitHub PR](https://github.com/networkx/networkx/pull/4541)\n", + "disclosureTime": "2021-01-20T11:20:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6" + ], + "id": "SNYK-PYTHON-NETWORKX-1062709", + "identifiers": { + "CWE": [ + "CWE-502" + ], + "CVE": [] + }, + "language": "python", + "malicious": false, + "modificationTime": "2021-07-09T09:31:56.016717Z", + "moduleName": "networkx", + "packageManager": "pip", + "packageName": "networkx", + "patches": [], + "proprietary": false, + "publicationTime": "2021-03-21T16:33:35Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/networkx/networkx/pull/4541" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Deserialization of Untrusted Data", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,2.6)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "androguard@3.4.0a1", + "networkx@2.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "networkx", + "version": "2.5", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-12-19T10:23:33.311250Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to NULL Pointer Dereference due to missing return-value validation in the `PyArray_DescrNew` function, which may allow attackers to conduct Denial of Service attacks by repetitively creating and sort arrays.\r\n\r\n**Note:** This may likely only happen if application memory is already exhausted, as it requires the `newdescr` object of the `PyArray_DescrNew` to evaluate to `NULL`.\n## Remediation\nUpgrade `numpy` to version 1.22.2 or higher.\n## References\n- [GitHub Issue](https://github.com/numpy/numpy/issues/19038)\n- [GitHub PR](https://github.com/numpy/numpy/pull/20960)\n- [GitHub Release](https://github.com/numpy/numpy/releases/tag/v1.22.2)\n", + "disclosureTime": "2021-12-19T10:02:22Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.22.2" + ], + "id": "SNYK-PYTHON-NUMPY-2321964", + "identifiers": { + "CWE": [ + "CWE-476" + ], + "CVE": [ + "CVE-2021-41495" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-02-04T08:02:18.455219Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:24Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/19038" + }, + { + "title": "GitHub PR", + "url": "https://github.com/numpy/numpy/pull/20960" + }, + { + "title": "GitHub Release", + "url": "https://github.com/numpy/numpy/releases/tag/v1.22.2" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "NULL Pointer Dereference", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[0,1.22.2)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "numpy", + "version": "1.21.5", + "severityWithCritical": "low" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-12-19T10:52:47.566097Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to Buffer Overflow due to missing boundary checks in the `array_from_pyobj` function of `fortranobject.c`. This may allow an attacker to conduct Denial of Service by carefully constructing an array with negative values.\n## Remediation\nUpgrade `numpy` to version 1.22.0 or higher.\n## References\n- [GitHub Commit](https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2)\n- [GitHub Issue](https://github.com/numpy/numpy/issues/19000)\n", + "disclosureTime": "2021-12-19T10:41:15Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.22.0" + ], + "id": "SNYK-PYTHON-NUMPY-2321966", + "identifiers": { + "CWE": [ + "CWE-119", + "CWE-120" + ], + "CVE": [ + "CVE-2021-41496" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2022-05-29T14:25:40.751786Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:24Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/19000" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Buffer Overflow", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,1.22.0)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "numpy", + "version": "1.21.5", + "severityWithCritical": "low" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-12-19T11:15:21.052159Z", + "credit": [ + "Daybreak2019" + ], + "cvssScore": 3.7, + "description": "## Overview\n[numpy](https://github.com/numpy/numpy) is a fundamental package needed for scientific computing with Python.\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) due to an incomplete string comparison in the `numpy.core` component, which may allow attackers to fail the APIs via constructing specific string objects.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `numpy` to version 1.22.0rc1 or higher.\n## References\n- [GitHub Commit](https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2)\n- [GitHub Issue](https://github.com/numpy/numpy/issues/18993)\n- [GitHub PR](https://github.com/numpy/numpy/pull/19539)\n", + "disclosureTime": "2021-12-19T11:06:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.22.0rc1" + ], + "id": "SNYK-PYTHON-NUMPY-2321970", + "identifiers": { + "CWE": [ + "CWE-400", + "CWE-1023" + ], + "CVE": [ + "CVE-2021-34141" + ] + }, + "language": "python", + "malicious": false, + "modificationTime": "2021-12-19T15:16:23.795046Z", + "moduleName": "numpy", + "packageManager": "pip", + "packageName": "numpy", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-19T15:16:23.793333Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/numpy/numpy/issues/18993" + }, + { + "title": "GitHub PR", + "url": "https://github.com/numpy/numpy/pull/19539" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,1.22.0rc1)" + ] + }, + "from": [ + "Mobile-Security-Framework-MobSF@0.0.0", + "quark-engine@22.2.1", + "pandas@1.4.3", + "numpy@1.21.5" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": true, + "isRuntime": false, + "name": "numpy", + "version": "1.21.5", + "severityWithCritical": "low" + } + ], + "upgrade": {}, + "patch": {}, + "ignore": {}, + "pin": { + "django@4.0.5": { + "upgradeTo": "django@4.0.6", + "vulns": [ + "SNYK-PYTHON-DJANGO-2940618" + ], + "isTransitive": false + }, + "lxml@4.8.0": { + "upgradeTo": "lxml@4.9.1", + "vulns": [ + "SNYK-PYTHON-LXML-2940874" + ], + "isTransitive": false + }, + "networkx@2.5": { + "upgradeTo": "networkx@2.6", + "vulns": [ + "SNYK-PYTHON-NETWORKX-1062709" + ], + "isTransitive": true + }, + "numpy@1.21.5": { + "upgradeTo": "numpy@1.22.2", + "vulns": [ + "SNYK-PYTHON-NUMPY-2321964", + "SNYK-PYTHON-NUMPY-2321966", + "SNYK-PYTHON-NUMPY-2321970" + ], + "isTransitive": true + } + } + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 6, + "projectName": "Mobile-Security-Framework-MobSF", + "foundProjectCount": 8, + "displayTargetFile": "Mobile-Security-Framework-MobSF/requirements.txt", + "path": "/mnt/c/Projects/cyberspect" + }, + { + "vulnerabilities": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-05-10T08:56:54.870883Z", + "credit": [ + "uberbrady" + ], + "cvssScore": 4.2, + "description": "## Overview\n[bootstrap-table](https://www.npmjs.com/package/bootstrap-table) is an extended table to integration with some of the most widely used CSS frameworks. (Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js).\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of the `onCellHtmlData` callback method, it is possible to be exploited when `exportOptions` is set to \"true\".\n## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\n \nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code: \n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\nUpgrade `bootstrap-table` to version 1.20.2 or higher.\n## References\n- [GitHub Commit](https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9)\n- [GitHub Issue](https://github.com/wenzhixin/bootstrap-table/issues/6144)\n- [GitHub PR](https://github.com/wenzhixin/bootstrap-table/pull/6145)\n", + "disclosureTime": "2022-05-10T08:50:36Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.20.2" + ], + "id": "SNYK-JS-BOOTSTRAPTABLE-2812823", + "identifiers": { + "CWE": [ + "CWE-79" + ], + "CVE": [ + "CVE-2022-1726" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-26T12:26:58.496442Z", + "moduleName": "bootstrap-table", + "packageManager": "npm", + "packageName": "bootstrap-table", + "patches": [], + "proprietary": false, + "publicationTime": "2022-05-17T13:46:44Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/wenzhixin/bootstrap-table/issues/6144" + }, + { + "title": "GitHub PR", + "url": "https://github.com/wenzhixin/bootstrap-table/pull/6145" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Cross-site Scripting (XSS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.20.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "@dependencytrack/frontend@4.4.0", + "bootstrap-table@1.19.1" + ], + "upgradePath": [ + false, + "bootstrap-table@1.20.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "bootstrap-table", + "version": "1.19.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-05-15T13:30:42.632133Z", + "credit": [ + "Brady Wetherington (@uberbrady)" + ], + "cvssScore": 4.2, + "description": "## Overview\n[bootstrap-table](https://www.npmjs.com/package/bootstrap-table) is an extended table to integration with some of the most widely used CSS frameworks. (Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js).\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `onCellHtmlData` function. If you set the `exportOptions` in the Bootstrap Table to true, it will allow arbitrary Javascript to execute.\n## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\n \nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code: \n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\nUpgrade `bootstrap-table` to version 1.20.2 or higher.\n## References\n- [GitHub Commit](https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9)\n- [GitHub Issue](https://github.com/wenzhixin/bootstrap-table/issues/4005)\n- [GitHub Issue](https://github.com/wenzhixin/bootstrap-table/issues/6144)\n- [GitHub PR](https://github.com/wenzhixin/bootstrap-table/pull/6145)\n- [PoC](https://live.bootstrap-table.com/code/uberbrady/11033)\n", + "disclosureTime": "2022-05-15T13:26:35Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.20.2" + ], + "id": "SNYK-JS-BOOTSTRAPTABLE-2825191", + "identifiers": { + "CWE": [ + "CWE-79" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-29T15:09:34.811742Z", + "moduleName": "bootstrap-table", + "packageManager": "npm", + "packageName": "bootstrap-table", + "patches": [], + "proprietary": false, + "publicationTime": "2022-05-29T15:09:34.810428Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/wenzhixin/bootstrap-table/issues/4005" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/wenzhixin/bootstrap-table/issues/6144" + }, + { + "title": "GitHub PR", + "url": "https://github.com/wenzhixin/bootstrap-table/pull/6145" + }, + { + "title": "PoC", + "url": "https://live.bootstrap-table.com/code/uberbrady/11033" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Cross-site Scripting (XSS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.20.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "@dependencytrack/frontend@4.4.0", + "bootstrap-table@1.19.1" + ], + "upgradePath": [ + false, + "bootstrap-table@1.20.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "bootstrap-table", + "version": "1.19.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2020-11-16T13:56:08.785340Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[merge](https://github.com/yeikos/js.merge) is a library that allows you to merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The 'merge' function already checks for '__proto__' keys in an object to prevent prototype pollution, but does not check for 'constructor' or 'prototype' keys.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `merge` to version 2.1.0 or higher.\n## References\n- [GitHub PR](https://github.com/yeikos/js.merge/pull/38)\n", + "disclosureTime": "2020-11-16T13:33:17Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.1.0" + ], + "id": "SNYK-JS-MERGE-1040469", + "identifiers": { + "WS": [ + "WS-2020-0218" + ], + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-01-07T08:27:14.285738Z", + "moduleName": "merge", + "packageManager": "npm", + "packageName": "merge", + "patches": [], + "proprietary": false, + "publicationTime": "2020-11-16T16:28:38Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/yeikos/js.merge/pull/38" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.1.0" + ] + }, + "severityWithCritical": "high", + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-bootstrap-toggle@1.1.4", + "merge@1.2.1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "merge", + "version": "1.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2020-11-22T15:18:43.156000Z", + "credit": [ + "Alessio Della Libera (d3lla)" + ], + "cvssScore": 7.3, + "description": "## Overview\n[merge](https://github.com/yeikos/js.merge) is a library that allows you to merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.\n\nAffected versions of this package are vulnerable to Prototype Pollution via `_recursiveMerge `. \r\n\r\n## PoC: \r\n\r\n```javascript\r\nconst merge = require('merge');\r\n\r\nconst payload2 = JSON.parse('{\"x\": {\"__proto__\":{\"polluted\":\"yes\"}}}');\r\n\r\nlet obj1 = {x: {y:1}};\r\n\r\nconsole.log(\"Before : \" + obj1.polluted);\r\nmerge.recursive(obj1, payload2);\r\nconsole.log(\"After : \" + obj1.polluted);\r\nconsole.log(\"After : \" + {}.polluted);\r\n```\r\n\r\nOutput:\r\n```console\r\nBefore : undefined\r\nAfter : yes\r\nAfter : yes\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `merge` to version 2.1.1 or higher.\n## References\n- [GitHub Commit](https://github.com/yeikos/js.merge/commit/7b0ddc2701d813f2ba289b32d6a4b9d4cc235fb4)\n- [Vulnerable Code](https://github.com/yeikos/js.merge/blob/master/src/index.ts#L64)\n", + "disclosureTime": "2020-11-22T15:13:53Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.1.1" + ], + "id": "SNYK-JS-MERGE-1042987", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-7wpw-2hjm-89gp" + ], + "CVE": [ + "CVE-2020-28499" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:07.366296Z", + "moduleName": "merge", + "packageManager": "npm", + "packageName": "merge", + "patches": [], + "proprietary": true, + "publicationTime": "2021-02-23T16:42:39.612000Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/yeikos/js.merge/commit/7b0ddc2701d813f2ba289b32d6a4b9d4cc235fb4" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.1.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-bootstrap-toggle@1.1.4", + "merge@1.2.1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "merge", + "version": "1.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "severityWithCritical": "high", + "from": [ + "@dependencytrack/frontend@4.4.0", + "chart.js@2.9.4", + "moment@2.24.0" + ], + "upgradePath": [ + false, + "chart.js@2.9.4", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "moment", + "version": "2.24.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "severityWithCritical": "high", + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-chartjs@3.5.1", + "@types/chart.js@2.9.24", + "moment@2.24.0" + ], + "upgradePath": [ + false, + "vue-chartjs@3.5.1", + "@types/chart.js@2.9.24", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "moment", + "version": "2.24.0" + } + ], + "ok": false, + "dependencyCount": 113, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "npm", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "6 vulnerable dependency paths", + "remediation": { + "unresolved": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2020-11-16T13:56:08.785340Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[merge](https://github.com/yeikos/js.merge) is a library that allows you to merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The 'merge' function already checks for '__proto__' keys in an object to prevent prototype pollution, but does not check for 'constructor' or 'prototype' keys.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `merge` to version 2.1.0 or higher.\n## References\n- [GitHub PR](https://github.com/yeikos/js.merge/pull/38)\n", + "disclosureTime": "2020-11-16T13:33:17Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.1.0" + ], + "id": "SNYK-JS-MERGE-1040469", + "identifiers": { + "WS": [ + "WS-2020-0218" + ], + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-01-07T08:27:14.285738Z", + "moduleName": "merge", + "packageManager": "npm", + "packageName": "merge", + "patches": [], + "proprietary": false, + "publicationTime": "2020-11-16T16:28:38Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/yeikos/js.merge/pull/38" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.1.0" + ] + }, + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-bootstrap-toggle@1.1.4", + "merge@1.2.1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "merge", + "version": "1.2.1", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2020-11-22T15:18:43.156000Z", + "credit": [ + "Alessio Della Libera (d3lla)" + ], + "cvssScore": 7.3, + "description": "## Overview\n[merge](https://github.com/yeikos/js.merge) is a library that allows you to merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.\n\nAffected versions of this package are vulnerable to Prototype Pollution via `_recursiveMerge `. \r\n\r\n## PoC: \r\n\r\n```javascript\r\nconst merge = require('merge');\r\n\r\nconst payload2 = JSON.parse('{\"x\": {\"__proto__\":{\"polluted\":\"yes\"}}}');\r\n\r\nlet obj1 = {x: {y:1}};\r\n\r\nconsole.log(\"Before : \" + obj1.polluted);\r\nmerge.recursive(obj1, payload2);\r\nconsole.log(\"After : \" + obj1.polluted);\r\nconsole.log(\"After : \" + {}.polluted);\r\n```\r\n\r\nOutput:\r\n```console\r\nBefore : undefined\r\nAfter : yes\r\nAfter : yes\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `merge` to version 2.1.1 or higher.\n## References\n- [GitHub Commit](https://github.com/yeikos/js.merge/commit/7b0ddc2701d813f2ba289b32d6a4b9d4cc235fb4)\n- [Vulnerable Code](https://github.com/yeikos/js.merge/blob/master/src/index.ts#L64)\n", + "disclosureTime": "2020-11-22T15:13:53Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.1.1" + ], + "id": "SNYK-JS-MERGE-1042987", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-7wpw-2hjm-89gp" + ], + "CVE": [ + "CVE-2020-28499" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:07.366296Z", + "moduleName": "merge", + "packageManager": "npm", + "packageName": "merge", + "patches": [], + "proprietary": true, + "publicationTime": "2021-02-23T16:42:39.612000Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/yeikos/js.merge/commit/7b0ddc2701d813f2ba289b32d6a4b9d4cc235fb4" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/yeikos/js.merge/blob/master/src/index.ts%23L64" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.1.1" + ] + }, + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-bootstrap-toggle@1.1.4", + "merge@1.2.1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "merge", + "version": "1.2.1", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "from": [ + "@dependencytrack/frontend@4.4.0", + "vue-chartjs@3.5.1", + "@types/chart.js@2.9.24", + "moment@2.24.0" + ], + "upgradePath": [ + false, + "vue-chartjs@3.5.1", + "@types/chart.js@2.9.24", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "moment", + "version": "2.24.0", + "severityWithCritical": "high" + } + ], + "upgrade": { + "bootstrap-table@1.19.1": { + "upgradeTo": "bootstrap-table@1.20.2", + "upgrades": [ + "bootstrap-table@1.19.1", + "bootstrap-table@1.19.1" + ], + "vulns": [ + "SNYK-JS-BOOTSTRAPTABLE-2812823", + "SNYK-JS-BOOTSTRAPTABLE-2825191" + ] + } + }, + "patch": {}, + "ignore": {}, + "pin": {} + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 5, + "projectName": "@dependencytrack/frontend", + "foundProjectCount": 8, + "displayTargetFile": "frontend/package-lock.json", + "path": "/mnt/c/Projects/cyberspect/frontend" + }, + { + "vulnerabilities": [], + "ok": true, + "dependencyCount": 17, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "nuget", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "No known vulnerabilities", + "filesystemPolicy": false, + "uniqueCount": 0, + "targetFile": "sbom/Lambda/obj/project.assets.json", + "projectName": "cyberspect", + "foundProjectCount": 8, + "displayTargetFile": "sbom/Lambda/obj/project.assets.json", + "path": "/mnt/c/Projects/cyberspect" + }, + { + "vulnerabilities": [], + "ok": true, + "dependencyCount": 1, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "nuget", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "No known vulnerabilities", + "filesystemPolicy": false, + "uniqueCount": 0, + "targetFile": "sbom/LicenseCacheBuilder/obj/project.assets.json", + "projectName": "cyberspect", + "foundProjectCount": 8, + "displayTargetFile": "sbom/LicenseCacheBuilder/obj/project.assets.json", + "path": "/mnt/c/Projects/cyberspect" + }, + { + "vulnerabilities": [], + "ok": true, + "dependencyCount": 48, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "nuget", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "No known vulnerabilities", + "filesystemPolicy": false, + "uniqueCount": 0, + "targetFile": "sbom/SBOM/obj/project.assets.json", + "projectName": "cyberspect", + "foundProjectCount": 8, + "displayTargetFile": "sbom/SBOM/obj/project.assets.json", + "path": "/mnt/c/Projects/cyberspect" + }, + { + "vulnerabilities": [], + "ok": true, + "dependencyCount": 107, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "cocoapods", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "No known vulnerabilities", + "filesystemPolicy": false, + "uniqueCount": 0, + "targetFile": "sbom/SBOMTests/TestFiles/Podfile", + "projectName": "TestFiles", + "foundProjectCount": 8, + "displayTargetFile": "sbom/SBOMTests/TestFiles/Podfile", + "path": "/mnt/c/Projects/cyberspect" + }, + { + "vulnerabilities": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "David Fernandez" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is an Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Denial of Service (DoS)\nas `ASP.NET Core` fails to properly validate web requests.\r\n\r\n**NOTE:** Microsoft has not commented on third-party claims that the issue is that the `TextEncoder.EncodeCore` function in the `System.Text.Encodings.Web` package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [David Fernandez Blog](https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS)\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0247)\n", + "disclosureTime": "2017-05-09T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60045", + "identifiers": { + "CWE": [ + "CWE-254" + ], + "CVE": [ + "CVE-2017-0247" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.708862Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-09T00:00:00Z", + "references": [ + { + "title": "David Fernandez Blog", + "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0247" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3.0,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Joonwoo Yu", + "Hyoung-Kee Choi" + ], + "cvssScore": 7.5, + "description": "## Overview\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is a Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\nAffected versions of this package are vulnerable to Improper Certificate Validation. It allows an attacker to bypass _Enhanced Security Usage_ tagging when they present a certificate that is invalid for a specific use.\n## Remediation\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0248)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60046", + "identifiers": { + "CWE": [ + "CWE-287" + ], + "CVE": [ + "CVE-2017-0248" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.783290Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0248" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Certificate Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.3, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Privilege Escalation\ndue to failing to properly sanitize web requests.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60047", + "identifiers": { + "CWE": [ + "CWE-269" + ], + "CVE": [ + "CVE-2017-0249" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-10-09T14:33:54.951128Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Privilege Escalation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Mikhail Shcherbakov" + ], + "cvssScore": 5.3, + "description": "## Overview\nThe ASP.NET Core fails to properly sanitize the _Web Request Handler_ component, allowing an attacker to spoof web requests and bypass authentication.\n\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0256)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60048", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2017-0256" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.613538Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0256" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authentication Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2018-10-11T06:50:22.411410Z", + "credit": [ + "leecow" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nWhen HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.\r\n\r\n**Note:** The presence of `System.Net.Http` in the dependency graph of `netcoreapp2.0` isn't the final determination of what is loaded at runtime. The version conflict resolution logic will prefer what is present in `Microsoft.NETCore.App/2.1.5`, or the latest patch release. As such, is not considered an issue.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/88)\n", + "disclosureTime": "2018-10-09T22:51:18Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.20710", + "4.0.1-beta-23225", + "4.1.4", + "4.3.4" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-72439", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "GHSA": [ + "GHSA-7jgj-8wvc-jh57" + ], + "CVE": [ + "CVE-2018-8292" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2022-06-14T06:22:44.080361Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2018-10-10T15:24:52Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/88" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[2.0.20126.16343, 2.0.20710)", + "[4.0.0,4.0.1-beta-23225)", + "[4.1.0,4.1.4)", + "[4.3.0,4.3.4)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "David Fernandez" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is an Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Denial of Service (DoS)\nas `ASP.NET Core` fails to properly validate web requests.\r\n\r\n**NOTE:** Microsoft has not commented on third-party claims that the issue is that the `TextEncoder.EncodeCore` function in the `System.Text.Encodings.Web` package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [David Fernandez Blog](https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS)\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0247)\n", + "disclosureTime": "2017-05-09T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60045", + "identifiers": { + "CWE": [ + "CWE-254" + ], + "CVE": [ + "CVE-2017-0247" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.708862Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-09T00:00:00Z", + "references": [ + { + "title": "David Fernandez Blog", + "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0247" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3.0,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Joonwoo Yu", + "Hyoung-Kee Choi" + ], + "cvssScore": 7.5, + "description": "## Overview\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is a Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\nAffected versions of this package are vulnerable to Improper Certificate Validation. It allows an attacker to bypass _Enhanced Security Usage_ tagging when they present a certificate that is invalid for a specific use.\n## Remediation\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0248)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60046", + "identifiers": { + "CWE": [ + "CWE-287" + ], + "CVE": [ + "CVE-2017-0248" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.783290Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0248" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Certificate Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.3, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Privilege Escalation\ndue to failing to properly sanitize web requests.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60047", + "identifiers": { + "CWE": [ + "CWE-269" + ], + "CVE": [ + "CVE-2017-0249" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-10-09T14:33:54.951128Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Privilege Escalation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Mikhail Shcherbakov" + ], + "cvssScore": 5.3, + "description": "## Overview\nThe ASP.NET Core fails to properly sanitize the _Web Request Handler_ component, allowing an attacker to spoof web requests and bypass authentication.\n\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0256)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60048", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2017-0256" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.613538Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0256" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authentication Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2018-10-11T06:50:22.411410Z", + "credit": [ + "leecow" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nWhen HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.\r\n\r\n**Note:** The presence of `System.Net.Http` in the dependency graph of `netcoreapp2.0` isn't the final determination of what is loaded at runtime. The version conflict resolution logic will prefer what is present in `Microsoft.NETCore.App/2.1.5`, or the latest patch release. As such, is not considered an issue.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/88)\n", + "disclosureTime": "2018-10-09T22:51:18Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.20710", + "4.0.1-beta-23225", + "4.1.4", + "4.3.4" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-72439", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "GHSA": [ + "GHSA-7jgj-8wvc-jh57" + ], + "CVE": [ + "CVE-2018-8292" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2022-06-14T06:22:44.080361Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2018-10-10T15:24:52Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/88" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[2.0.20126.16343, 2.0.20710)", + "[4.0.0,4.0.1-beta-23225)", + "[4.1.0,4.1.4)", + "[4.3.0,4.3.4)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "David Fernandez" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is an Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Denial of Service (DoS)\nas `ASP.NET Core` fails to properly validate web requests.\r\n\r\n**NOTE:** Microsoft has not commented on third-party claims that the issue is that the `TextEncoder.EncodeCore` function in the `System.Text.Encodings.Web` package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [David Fernandez Blog](https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS)\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0247)\n", + "disclosureTime": "2017-05-09T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60045", + "identifiers": { + "CWE": [ + "CWE-254" + ], + "CVE": [ + "CVE-2017-0247" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.708862Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-09T00:00:00Z", + "references": [ + { + "title": "David Fernandez Blog", + "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0247" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3.0,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Joonwoo Yu", + "Hyoung-Kee Choi" + ], + "cvssScore": 7.5, + "description": "## Overview\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is a Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\nAffected versions of this package are vulnerable to Improper Certificate Validation. It allows an attacker to bypass _Enhanced Security Usage_ tagging when they present a certificate that is invalid for a specific use.\n## Remediation\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0248)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60046", + "identifiers": { + "CWE": [ + "CWE-287" + ], + "CVE": [ + "CVE-2017-0248" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.783290Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0248" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Certificate Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.3, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Privilege Escalation\ndue to failing to properly sanitize web requests.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60047", + "identifiers": { + "CWE": [ + "CWE-269" + ], + "CVE": [ + "CVE-2017-0249" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-10-09T14:33:54.951128Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Privilege Escalation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Mikhail Shcherbakov" + ], + "cvssScore": 5.3, + "description": "## Overview\nThe ASP.NET Core fails to properly sanitize the _Web Request Handler_ component, allowing an attacker to spoof web requests and bypass authentication.\n\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0256)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60048", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2017-0256" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.613538Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0256" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authentication Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "severityWithCritical": "medium", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2018-10-11T06:50:22.411410Z", + "credit": [ + "leecow" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nWhen HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.\r\n\r\n**Note:** The presence of `System.Net.Http` in the dependency graph of `netcoreapp2.0` isn't the final determination of what is loaded at runtime. The version conflict resolution logic will prefer what is present in `Microsoft.NETCore.App/2.1.5`, or the latest patch release. As such, is not considered an issue.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/88)\n", + "disclosureTime": "2018-10-09T22:51:18Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.20710", + "4.0.1-beta-23225", + "4.1.4", + "4.3.4" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-72439", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "GHSA": [ + "GHSA-7jgj-8wvc-jh57" + ], + "CVE": [ + "CVE-2018-8292" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2022-06-14T06:22:44.080361Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2018-10-10T15:24:52Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/88" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[2.0.20126.16343, 2.0.20710)", + "[4.0.0,4.0.1-beta-23225)", + "[4.1.0,4.1.4)", + "[4.3.0,4.3.4)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Net.Http", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestAdapter@2.2.8", + "NETStandard.Library@1.6.1", + "System.Xml.XDocument@4.3.0", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "MSTest.TestFramework@2.2.8", + "NETStandard.Library@1.6.1", + "System.Xml.XDocument@4.3.0", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "System.Xml.XmlDocument@4.3.0", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "severityWithCritical": "high", + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Xml.XDocument@4.3.0", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "System.Text.RegularExpressions", + "version": "4.3.0" + } + ], + "ok": false, + "dependencyCount": 106, + "org": "wmcsl", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "nuget", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "25 vulnerable dependency paths", + "remediation": { + "unresolved": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "David Fernandez" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is an Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Denial of Service (DoS)\nas `ASP.NET Core` fails to properly validate web requests.\r\n\r\n**NOTE:** Microsoft has not commented on third-party claims that the issue is that the `TextEncoder.EncodeCore` function in the `System.Text.Encodings.Web` package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [David Fernandez Blog](https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS)\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0247)\n", + "disclosureTime": "2017-05-09T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60045", + "identifiers": { + "CWE": [ + "CWE-254" + ], + "CVE": [ + "CVE-2017-0247" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.708862Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-09T00:00:00Z", + "references": [ + { + "title": "David Fernandez Blog", + "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0247" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3.0,4.3.2)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Net.Http", + "version": "4.3.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Joonwoo Yu", + "Hyoung-Kee Choi" + ], + "cvssScore": 7.5, + "description": "## Overview\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) is a Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\nAffected versions of this package are vulnerable to Improper Certificate Validation. It allows an attacker to bypass _Enhanced Security Usage_ tagging when they present a certificate that is invalid for a specific use.\n## Remediation\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0248)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60046", + "identifiers": { + "CWE": [ + "CWE-287" + ], + "CVE": [ + "CVE-2017-0248" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.783290Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0248" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Certificate Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Net.Http", + "version": "4.3.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.3, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Privilege Escalation\ndue to failing to properly sanitize web requests.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 4.1.2, 4.3.2 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60047", + "identifiers": { + "CWE": [ + "CWE-269" + ], + "CVE": [ + "CVE-2017-0249" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-10-09T14:33:54.951128Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Privilege Escalation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Net.Http", + "version": "4.3.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "alternativeIds": [], + "creationTime": "2017-07-19T00:00:00Z", + "credit": [ + "Mikhail Shcherbakov" + ], + "cvssScore": 5.3, + "description": "## Overview\nThe ASP.NET Core fails to properly sanitize the _Web Request Handler_ component, allowing an attacker to spoof web requests and bypass authentication.\n\n## References\n- [GitHub Issue](https://github.com/aspnet/Announcements/issues/239)\n- [Microsoft Security Advisory](https://technet.microsoft.com/en-us/library/security/4021279.aspx)\n- [NVD](https://nvd.nist.gov/vuln/detail/2017-0256)\n", + "disclosureTime": "2017-05-12T00:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.1.2", + "4.3.2" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-60048", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2017-0256" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2021-08-24T14:49:07.613538Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2017-05-12T00:00:00Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "title": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/2017-0256" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authentication Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[,4.1.2)", + "[4.3,4.3.2)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Net.Http", + "version": "4.3.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2018-10-11T06:50:22.411410Z", + "credit": [ + "leecow" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Net.Http](https://www.nuget.org/packages/System.Net.Http/) Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nWhen HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.\r\n\r\n**Note:** The presence of `System.Net.Http` in the dependency graph of `netcoreapp2.0` isn't the final determination of what is loaded at runtime. The version conflict resolution logic will prefer what is present in `Microsoft.NETCore.App/2.1.5`, or the latest patch release. As such, is not considered an issue.\n\n## Remediation\n\nUpgrade `System.Net.Http` to version 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/88)\n", + "disclosureTime": "2018-10-09T22:51:18Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.20710", + "4.0.1-beta-23225", + "4.1.4", + "4.3.4" + ], + "id": "SNYK-DOTNET-SYSTEMNETHTTP-72439", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "GHSA": [ + "GHSA-7jgj-8wvc-jh57" + ], + "CVE": [ + "CVE-2018-8292" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2022-06-14T06:22:44.080361Z", + "moduleName": "system.net.http", + "packageManager": "nuget", + "packageName": "System.Net.Http", + "patches": [], + "proprietary": false, + "publicationTime": "2018-10-10T15:24:52Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/88" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[2.0.20126.16343, 2.0.20710)", + "[4.0.0,4.0.1-beta-23225)", + "[4.1.0,4.1.4)", + "[4.3.0,4.3.4)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Net.Http@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Net.Http", + "version": "4.3.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2019-05-15T16:00:51.866263Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\n[System.Text.RegularExpressions](https://www.nuget.org/packages/System.Text.RegularExpressions/) is a regular expression engine.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\ndue to improperly processing of RegEx strings.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `System.Text.RegularExpressions` to version 4.3.1 or higher.\n\n\n## References\n\n- [GitHub Issue](https://github.com/dotnet/announcements/issues/111)\n\n- [Microsoft Security Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820)\n", + "disclosureTime": "2019-05-14T07:00:00Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "4.3.1" + ], + "id": "SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2019-0820" + ] + }, + "language": "dotnet", + "malicious": false, + "modificationTime": "2020-12-14T14:40:55.968790Z", + "moduleName": "system.text.regularexpressions", + "packageManager": "nuget", + "packageName": "System.Text.RegularExpressions", + "patches": [], + "proprietary": false, + "publicationTime": "2019-05-16T15:55:53Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/dotnet/announcements/issues/111" + }, + { + "title": "Microsoft Security Advisory", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "[4.3.0, 4.3.1)" + ] + }, + "from": [ + "cyberspect@1.0.0", + "Moq@4.17.2", + "Castle.Core@4.4.1", + "NETStandard.Library@1.6.1", + "System.Xml.XDocument@4.3.0", + "System.Xml.ReaderWriter@4.3.0", + "System.Text.RegularExpressions@4.3.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": true, + "name": "System.Text.RegularExpressions", + "version": "4.3.0", + "severityWithCritical": "high" + } + ], + "upgrade": {}, + "patch": {}, + "ignore": {}, + "pin": {} + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 6, + "targetFile": "sbom/SBOMTests/obj/project.assets.json", + "projectName": "cyberspect", + "foundProjectCount": 8, + "displayTargetFile": "sbom/SBOMTests/obj/project.assets.json", + "path": "/mnt/c/Projects/cyberspect" + } +] diff --git a/unittests/scans/snyk/single_project_None_cvss.json b/unittests/scans/snyk/single_project_None_cvss.json new file mode 100644 index 00000000000..aaada39ac95 --- /dev/null +++ b/unittests/scans/snyk/single_project_None_cvss.json @@ -0,0 +1,187 @@ +{ + "vulnerabilities": [ + { + "CVSSv3": null, + "creationTime": "2022-04-14T10:18:59.325331Z", + "credit": [ + "" + ], + "cvssScore": null, + "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `SLES:15.3` `permissions` to version 20181225-23.12.1 or higher.\n## References\n- [E-Mail link for SUSE-SU-2022:0141-1](https://lists.suse.com/pipermail/sle-security-updates/2022-January/010038.html)\n- [Link for SUSE-SU-2022:0141-1](https://www.suse.com/support/update/announcement/2022/suse-su-20220141-1/)\n- [SUSE Bug 1169614](https://bugzilla.suse.com/1169614)\n- [SUSE Security Ratings](https://www.suse.com/support/security/rating/)\n", + "disclosureTime": "2022-01-20T12:47:24Z", + "exploit": "Not Defined", + "id": "SNYK-SLES153-PERMISSIONS-2648113", + "identifiers": { + "SUSE": [ + "SUSE-SU-2022:0141-1" + ], + "ALTERNATIVE": [], + "CVE": [], + "CWE": [] + }, + "malicious": false, + "modificationTime": "2022-04-14T10:18:59.327856Z", + "nvdSeverity": "low", + "packageName": "permissions", + "patches": [], + "publicationTime": "2022-04-14T10:18:37.951002Z", + "references": [ + { + "title": "E-Mail link for SUSE-SU-2022:0141-1", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010038.html" + }, + { + "title": "Link for SUSE-SU-2022:0141-1", + "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220141-1/" + }, + { + "title": "SUSE Bug 1169614", + "url": "https://bugzilla.suse.com/1169614" + }, + { + "title": "SUSE Security Ratings", + "url": "https://www.suse.com/support/security/rating/" + } + ], + "relativeImportance": null, + "semver": { + "vulnerable": [ + "<20181225-23.12.1" + ] + }, + "severity": "low", + "socialTrendAlert": false, + "title": "SUSE-SU-2022:0141-1", + "packageManager": "sles:15.3", + "language": "linux", + "severityWithCritical": "low", + "from": [ + "docker-image|a_container-engine-tls@8.2.0-28.tar", + "permissions@20181225-23.6.1" + ], + "upgradePath": [ + false, + "permissions@20181225-23.12.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "permissions", + "version": "20181225-23.6.1", + "nearestFixedInVersion": "20181225-23.12.1" + } + ], + "ok": false, + "dependencyCount": 135, + "org": "myorg", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.22.1\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "rpm", + "ignoreSettings": null, + "docker": { + "baseImageRemediation": { + "code": "UNTRACKED_NEW_OS", + "advice": [ + { + "message": "Note that we currently do not have vulnerability information for SUSE Linux Enterprise Server, which we detected in your image.", + "bold": true, + "color": "yellow" + } + ] + } + }, + "summary": "75 vulnerable dependency paths", + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 75, + "projectName": "docker-image|a_container-engine-tls", + "platform": "linux/amd64", + "path": "docker-archive:a_container-engine-tls:8.2.0-28.tar" +} \ No newline at end of file diff --git a/unittests/scans/snyk/single_project_one_vuln_with_ampersands.json b/unittests/scans/snyk/single_project_one_vuln_with_ampersands.json new file mode 100644 index 00000000000..3515ad79bb2 --- /dev/null +++ b/unittests/scans/snyk/single_project_one_vuln_with_ampersands.json @@ -0,0 +1,168 @@ +{ + "vulnerabilities": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2020-07-24T12:05:01.916784Z", + "credit": [ + "reeser" + ], + "cvssScore": 9.8, + "description": "## Overview\n[lodash](https://www.npmjs.com/package/lodash) is a modern JavaScript utility library delivering modularity, performance, & extras.\n\nAffected versions of this package are vulnerable to Prototype Pollution in `zipObjectDeep` due to an incomplete fix for [CVE-2020-8203](https://snyk.io/vuln/SNYK-JS-LODASH-567746).\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `lodash` to version 4.17.20 or higher.\n## References\n- [GitHub Issue](https://github.com/lodash/lodash/issues/4874)\n", + "disclosureTime": "2020-07-24T12:00:52Z", + "exploit": "Not Defined", + "fixedIn": [ + "4.17.20" + ], + "functions": [], + "functions_new": [], + "id": "SNYK-JS-LODASH-590103", + "identifiers": { + "CVE": [], + "CWE": [ + "CWE-400" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2020-08-16T12:11:40.402299Z", + "moduleName": "lodash", + "packageManager": "npm", + "packageName": "lodash", + "patches": [], + "proprietary": false, + "publicationTime": "2020-08-16T13:09:06Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/lodash/lodash/issues/4874" + } + ], + "semver": { + "vulnerable": [ + "<4.17.20" + ] + }, + "severity": "critical", + "severityWithCritical": "critical", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "from": [ + "myproject@0.1.0", + "@angular/localize@11.0.4", + "@babel/core@7.8.3", + "lodash@4.17.13" + ], + "upgradePath": [ + false, + "@angular/localize@11.0.4", + "@babel/core@7.8.3", + "lodash@4.17.20" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "lodash", + "version": "4.17.13" + } + ], + "ok": false, + "dependencyCount": 65, + "org": "myorg", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.22.1\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": {} + }, + "packageManager": "npm", + "ignoreSettings": { + "adminOnly": true, + "reasonRequired": true, + "disregardFilesystemIgnores": true + }, + "summary": "1 critical severity vulnerable dependency path", + "severityThreshold": "critical", + "remediation": { + "unresolved": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2020-07-24T12:05:01.916784Z", + "credit": [ + "reeser" + ], + "cvssScore": 9.8, + "description": "## Overview\n[lodash](https://www.npmjs.com/package/lodash) is a modern JavaScript utility library delivering modularity, performance, & extras.\n\nAffected versions of this package are vulnerable to Prototype Pollution in `zipObjectDeep` due to an incomplete fix for [CVE-2020-8203](https://snyk.io/vuln/SNYK-JS-LODASH-567746).\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `lodash` to version 4.17.20 or higher.\n## References\n- [GitHub Issue](https://github.com/lodash/lodash/issues/4874)\n", + "disclosureTime": "2020-07-24T12:00:52Z", + "exploit": "Not Defined", + "fixedIn": [ + "4.17.20" + ], + "functions": [], + "functions_new": [], + "id": "SNYK-JS-LODASH-590103", + "identifiers": { + "CVE": [], + "CWE": [ + "CWE-400" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2020-08-16T12:11:40.402299Z", + "moduleName": "lodash", + "packageManager": "npm", + "packageName": "lodash", + "patches": [], + "proprietary": false, + "publicationTime": "2020-08-16T13:09:06Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/lodash/lodash/issues/4874" + } + ], + "semver": { + "vulnerable": [ + "<4.17.20" + ] + }, + "severity": "critical", + "severityWithCritical": "critical", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "from": [ + "myproject@0.1.0", + "@angular/localize@11.0.4", + "@babel/core@7.8.3", + "lodash@4.17.13" + ], + "upgradePath": [ + false, + "@angular/localize@11.0.4", + "@babel/core@7.8.3", + "lodash@4.17.20" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "lodash", + "version": "4.17.13" + } + ], + "upgrade": {}, + "patch": {}, + "ignore": {}, + "pin": {} + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 1, + "projectName": "myproject", + "displayTargetFile": "package-lock.json", + "path": "/home/foo/workspace" +} diff --git a/unittests/scans/snyk/single_project_upgrade_libs.json b/unittests/scans/snyk/single_project_upgrade_libs.json new file mode 100644 index 00000000000..d0b8a810878 --- /dev/null +++ b/unittests/scans/snyk/single_project_upgrade_libs.json @@ -0,0 +1,22780 @@ +{ + "vulnerabilities": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T14:30:51.778839Z", + "credit": [ + "Ben Caller", + "Robert McLaughlin" + ], + "cvssScore": 7.5, + "description": "## Overview\n[ansi-html](https://www.npmjs.org/package/ansi-html) is an An elegant lib that converts the chalked (ANSI) text to HTML.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.\r\n\r\n### PoC\r\n```\r\nrequire('ansi-html')('x1b[0mx1b[' + '0'.repeat(35))\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-html` to version 0.0.9 or higher.\n## References\n- [GitHub Issue](https://github.com/Tjatse/ansi-html/issues/19)\n- [GitHub PR](https://github.com/Tjatse/ansi-html/pull/20)\n", + "disclosureTime": "2021-05-26T14:19:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "0.0.9" + ], + "id": "SNYK-JS-ANSIHTML-1296849", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23424" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-13T13:31:55.912082Z", + "moduleName": "ansi-html", + "packageManager": "npm", + "packageName": "ansi-html", + "patches": [], + "proprietary": true, + "publicationTime": "2021-08-18T15:37:20Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/Tjatse/ansi-html/issues/19" + }, + { + "title": "GitHub PR", + "url": "https://github.com/Tjatse/ansi-html/pull/20" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.0.9" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "ansi-html@0.0.7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "ansi-html", + "version": "0.0.7" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "@types/jest@24.9.1", + "jest-diff@24.9.0", + "pretty-format@24.9.0", + "ansi-regex@4.1.0" + ], + "upgradePath": [ + false, + "@types/jest@24.9.1", + "jest-diff@24.9.0", + "pretty-format@24.9.0", + "ansi-regex@4.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "4.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "eslint@6.8.0", + "inquirer@7.0.4", + "strip-ansi@5.2.0", + "ansi-regex@4.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "eslint@6.8.0", + "inquirer@7.0.4", + "strip-ansi@5.2.0", + "ansi-regex@4.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "4.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "@jest/test-sequencer@24.9.0", + "jest-runner@24.9.0", + "jest-jasmine2@24.9.0", + "expect@24.9.0", + "jest-matcher-utils@24.9.0", + "jest-diff@24.9.0", + "pretty-format@24.9.0", + "ansi-regex@4.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "@jest/test-sequencer@24.9.0", + "jest-runner@24.9.0", + "jest-jasmine2@24.9.0", + "expect@24.9.0", + "jest-matcher-utils@24.9.0", + "jest-diff@24.9.0", + "pretty-format@24.9.0", + "ansi-regex@4.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "4.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "eslint@6.8.0", + "inquirer@7.0.4", + "string-width@4.2.2", + "strip-ansi@6.0.0", + "ansi-regex@5.0.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "eslint@6.8.0", + "inquirer@7.0.4", + "string-width@4.2.2", + "strip-ansi@6.0.0", + "ansi-regex@5.0.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "5.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "html-webpack-plugin@4.0.0-beta.11", + "pretty-error@2.1.2", + "renderkid@2.0.5", + "strip-ansi@3.0.1", + "ansi-regex@2.1.1" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "html-webpack-plugin@4.5.0", + "pretty-error@2.1.2", + "renderkid@2.0.6", + "strip-ansi@6.0.0", + "ansi-regex@5.0.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "2.1.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "fork-ts-checker-webpack-plugin@3.1.1", + "babel-code-frame@6.26.0", + "chalk@1.1.3", + "has-ansi@2.0.0", + "ansi-regex@2.1.1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "ansi-regex", + "version": "2.1.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-09T14:28:31.617043Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns` [[\\\\]()#;?]*` and `(?:;[-a-zA-Z\\\\d\\\\/#&.:=?%@~_]*)*`.\r\n\r\n\r\n### PoC\r\n```js\r\nimport ansiRegex from 'ansi-regex';\r\n\r\nfor(var i = 1; i <= 50000; i++) {\r\n var time = Date.now();\r\n var attack_str = \"\\u001B[\"+\";\".repeat(i*10000);\r\n ansiRegex().test(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-regex` to version 4.1.1, 5.0.1, 6.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a)\n- [GitHub Commit](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9)\n- [GitHub PR](https://github.com/chalk/ansi-regex/pull/37)\n", + "disclosureTime": "2021-09-09T14:27:43Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.1.1", + "5.0.1", + "6.0.1" + ], + "id": "SNYK-JS-ANSIREGEX-1583908", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3807" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-13T11:26:51.564118Z", + "moduleName": "ansi-regex", + "packageManager": "npm", + "packageName": "ansi-regex", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-12T12:52:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" + }, + { + "title": "GitHub PR", + "url": "https://github.com/chalk/ansi-regex/pull/37" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.1.1 <4.1.1", + ">=5.0.0 <5.0.1", + ">=6.0.0 <6.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "string-length@2.0.0", + "strip-ansi@4.0.0", + "ansi-regex@3.0.0" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "jest@26.6.0", + "jest-cli@26.6.0", + "@jest/core@26.6.0", + "@jest/reporters@26.6.0", + "string-length@4.0.1", + "strip-ansi@6.0.0", + "ansi-regex@5.0.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ansi-regex", + "version": "3.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2022-04-07T07:58:38.528444Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `mapValues()` method, due to improper check in `createObjectIterator` function.\r\n\r\n## PoC\r\n\r\n```js\r\n//when objects are parsed, all properties are created as own (the objects can come from outside sources (http requests/ file))\r\nconst hasOwn = JSON.parse('{\"__proto__\": {\"isAdmin\": true}}');\r\n\r\n//does not have the property, because it's inside object's own \"__proto__\"\r\nconsole.log(hasOwn.isAdmin);\r\n\r\nasync.mapValues(hasOwn, (val, key, cb) => cb(null, val), (error, result) => {\r\n // after the method executes, hasOwn.__proto__ value (isAdmin: true) replaces the prototype of the newly created object, leading to potential exploits.\r\n console.log(result.isAdmin);\r\n});\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `async` to version 2.6.4, 3.2.2 or higher.\n## References\n- [GitHub Backport PR](https://github.com/caolan/async/pull/1828)\n- [GitHub Commit](https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2)\n- [GitHub Commit](https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d)\n- [PoC](https://jsfiddle.net/oz5twjd9/)\n", + "disclosureTime": "2022-04-07T07:49:24Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.6.4", + "3.2.2" + ], + "id": "SNYK-JS-ASYNC-2441827", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-43138" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-14T08:24:43.116685Z", + "moduleName": "async", + "packageManager": "npm", + "packageName": "async", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-07T14:22:18Z", + "references": [ + { + "title": "GitHub Backport PR", + "url": "https://github.com/caolan/async/pull/1828" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" + }, + { + "title": "PoC", + "url": "https://jsfiddle.net/oz5twjd9/" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.0.0 <2.6.4", + ">=3.0.0 <3.2.2" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "portfinder@1.0.28", + "async@2.6.3" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "portfinder@1.0.28", + "async@2.6.4" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "async", + "version": "2.6.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-01T13:30:25.617926Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[browserslist](https://www.npmjs.org/package/browserslist) is a Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.\r\n\r\n### PoC by Yeting Li\r\n```\r\nvar browserslist = require(\"browserslist\")\r\nfunction build_attack(n) {\r\n var ret = \"> \"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// browserslist('> 1%')\r\n\r\n//browserslist(build_attack(500000))\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n browserslist(attack_str);\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `browserslist` to version 4.16.5 or higher.\n## References\n- [GitHub Commit](https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98)\n- [GitHub PR](https://github.com/browserslist/browserslist/pull/593)\n- [Vulnerable Regular Expression](https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js#L472-L474)\n", + "disclosureTime": "2021-04-01T13:19:27Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "4.16.5" + ], + "id": "SNYK-JS-BROWSERSLIST-1090194", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-w8qv-6jwh-64r5" + ], + "CVE": [ + "CVE-2021-23364" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-16T13:18:31.649076Z", + "moduleName": "browserslist", + "packageManager": "npm", + "packageName": "browserslist", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-28T15:14:31Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98" + }, + { + "title": "GitHub PR", + "url": "https://github.com/browserslist/browserslist/pull/593" + }, + { + "title": "Vulnerable Regular Expression", + "url": "https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<4.16.5" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "browserslist@4.10.0" + ], + "upgradePath": [ + false, + "react-scripts@5.0.0", + "react-dev-utils@12.0.0", + "browserslist@4.18.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "browserslist", + "version": "4.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-05-30T09:26:40.480408Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.3, + "description": "## Overview\n[css-what](https://www.npmjs.org/package/css-what) is an a CSS selector parser\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via attribute parsing.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `css-what` to version 5.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655)\n- [GitHub PR](https://github.com/fb55/css-what/pull/503)\n- [GitHub Release](https://github.com/fb55/css-what/releases/tag/v5.0.1)\n", + "disclosureTime": "2021-05-30T09:19:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "5.0.1" + ], + "id": "SNYK-JS-CSSWHAT-1298035", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-q8pj-2vqx-8ggc" + ], + "CVE": [ + "CVE-2021-33587" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:59.787603Z", + "moduleName": "css-what", + "packageManager": "npm", + "packageName": "css-what", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-30T13:11:01.486283Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655" + }, + { + "title": "GitHub PR", + "url": "https://github.com/fb55/css-what/pull/503" + }, + { + "title": "GitHub Release", + "url": "https://github.com/fb55/css-what/releases/tag/v5.0.1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.0.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "enzyme@3.11.0", + "cheerio@1.0.0-rc.9", + "cheerio-select@1.4.0", + "css-what@5.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "css-what", + "version": "5.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-05-30T09:26:40.480408Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.3, + "description": "## Overview\n[css-what](https://www.npmjs.org/package/css-what) is an a CSS selector parser\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via attribute parsing.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `css-what` to version 5.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655)\n- [GitHub PR](https://github.com/fb55/css-what/pull/503)\n- [GitHub Release](https://github.com/fb55/css-what/releases/tag/v5.0.1)\n", + "disclosureTime": "2021-05-30T09:19:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "5.0.1" + ], + "id": "SNYK-JS-CSSWHAT-1298035", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-q8pj-2vqx-8ggc" + ], + "CVE": [ + "CVE-2021-33587" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:59.787603Z", + "moduleName": "css-what", + "packageManager": "npm", + "packageName": "css-what", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-30T13:11:01.486283Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655" + }, + { + "title": "GitHub PR", + "url": "https://github.com/fb55/css-what/pull/503" + }, + { + "title": "GitHub Release", + "url": "https://github.com/fb55/css-what/releases/tag/v5.0.1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.0.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "enzyme@3.11.0", + "cheerio@1.0.0-rc.9", + "cheerio-select@1.4.0", + "css-select@4.1.2", + "css-what@5.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "css-what", + "version": "5.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-05-30T09:26:40.480408Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.3, + "description": "## Overview\n[css-what](https://www.npmjs.org/package/css-what) is an a CSS selector parser\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via attribute parsing.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `css-what` to version 5.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655)\n- [GitHub PR](https://github.com/fb55/css-what/pull/503)\n- [GitHub Release](https://github.com/fb55/css-what/releases/tag/v5.0.1)\n", + "disclosureTime": "2021-05-30T09:19:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "5.0.1" + ], + "id": "SNYK-JS-CSSWHAT-1298035", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-q8pj-2vqx-8ggc" + ], + "CVE": [ + "CVE-2021-33587" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:59.787603Z", + "moduleName": "css-what", + "packageManager": "npm", + "packageName": "css-what", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-30T13:11:01.486283Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655" + }, + { + "title": "GitHub PR", + "url": "https://github.com/fb55/css-what/pull/503" + }, + { + "title": "GitHub Release", + "url": "https://github.com/fb55/css-what/releases/tag/v5.0.1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.0.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-native-svg@9.13.6", + "css-select@2.1.0", + "css-what@3.4.2" + ], + "upgradePath": [ + false, + "react-native-svg@12.3.0", + "css-select@4.2.1", + "css-what@5.1.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "css-what", + "version": "3.4.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "alternativeIds": [], + "creationTime": "2021-05-30T09:26:40.480408Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.3, + "description": "## Overview\n[css-what](https://www.npmjs.org/package/css-what) is an a CSS selector parser\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via attribute parsing.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `css-what` to version 5.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655)\n- [GitHub PR](https://github.com/fb55/css-what/pull/503)\n- [GitHub Release](https://github.com/fb55/css-what/releases/tag/v5.0.1)\n", + "disclosureTime": "2021-05-30T09:19:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "5.0.1" + ], + "id": "SNYK-JS-CSSWHAT-1298035", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-q8pj-2vqx-8ggc" + ], + "CVE": [ + "CVE-2021-33587" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:59.787603Z", + "moduleName": "css-what", + "packageManager": "npm", + "packageName": "css-what", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-30T13:11:01.486283Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655" + }, + { + "title": "GitHub PR", + "url": "https://github.com/fb55/css-what/pull/503" + }, + { + "title": "GitHub Release", + "url": "https://github.com/fb55/css-what/releases/tag/v5.0.1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.0.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@svgr/plugin-svgo@4.3.1", + "svgo@1.3.2", + "css-select@2.1.0", + "css-what@3.4.2" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "css-what", + "version": "3.4.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/core@0.67.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/core@0.67.0", + "d3-interpolate@2.0.1", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/core@0.67.0", + "d3-scale-chromatic@2.0.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/bar@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/bar@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-scale-chromatic@2.0.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-scale-chromatic@2.0.0", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/bar@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-scale@3.3.0", + "d3-interpolate@2.0.1", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-scale@3.3.0", + "d3-interpolate@2.0.1", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "d3-color", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", + "alternativeIds": [], + "creationTime": "2021-05-18T16:51:02.039581Z", + "credit": [ + "chalker" + ], + "cvssScore": 7.7, + "description": "## Overview\n[dns-packet](https://www.npmjs.com/package/dns-packet) is an An abstract-encoding compliant module for encoding / decoding DNS packets\n\nAffected versions of this package are vulnerable to Remote Memory Exposure. It creates buffers with `allocUnsafe` and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.\n## Remediation\nUpgrade `dns-packet` to version 1.3.4, 5.2.4 or higher.\n## References\n- [GitHub Commit](https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56)\n- [HackerOne Report](https://hackerone.com/bugs?subject=user&report_id=968858)\n", + "disclosureTime": "2021-05-18T16:19:47Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.4", + "5.2.4" + ], + "id": "SNYK-JS-DNSPACKET-1293563", + "identifiers": { + "CWE": [ + "CWE-201" + ], + "GHSA": [ + "GHSA-3wcq-x3mq-6r9p" + ], + "CVE": [ + "CVE-2021-23386" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:52.020369Z", + "moduleName": "dns-packet", + "packageManager": "npm", + "packageName": "dns-packet", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-20T14:40:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56" + }, + { + "title": "HackerOne Report", + "url": "https://hackerone.com/bugs?subject=user&%3Breport_id=968858" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Remote Memory Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.4", + ">=2.0.0 <5.2.4" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "bonjour@3.5.0", + "multicast-dns@6.2.3", + "dns-packet@1.3.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "bonjour@3.5.0", + "multicast-dns@6.2.3", + "dns-packet@1.3.4" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "dns-packet", + "version": "1.3.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-05-12T14:16:29.503630Z", + "credit": [ + "Timothee Desurmont" + ], + "cvssScore": 6.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure by allowing cookies and the authorization headers to be leaked to external sites.\n## Remediation\nUpgrade `eventsource` to version 1.1.1, 2.0.2 or higher.\n## References\n- [GitHub Commit](https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4)\n", + "disclosureTime": "2022-05-12T14:14:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.1.1", + "2.0.2" + ], + "id": "SNYK-JS-EVENTSOURCE-2823375", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-1650" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-26T16:55:11.791827Z", + "moduleName": "eventsource", + "packageManager": "npm", + "packageName": "eventsource", + "patches": [], + "proprietary": false, + "publicationTime": "2022-05-12T14:23:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.1.1", + ">=2.0.0 <2.0.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "eventsource", + "version": "1.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-05-12T14:16:29.503630Z", + "credit": [ + "Timothee Desurmont" + ], + "cvssScore": 6.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure by allowing cookies and the authorization headers to be leaked to external sites.\n## Remediation\nUpgrade `eventsource` to version 1.1.1, 2.0.2 or higher.\n## References\n- [GitHub Commit](https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4)\n", + "disclosureTime": "2022-05-12T14:14:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.1.1", + "2.0.2" + ], + "id": "SNYK-JS-EVENTSOURCE-2823375", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-1650" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-26T16:55:11.791827Z", + "moduleName": "eventsource", + "packageManager": "npm", + "packageName": "eventsource", + "patches": [], + "proprietary": false, + "publicationTime": "2022-05-12T14:23:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.1.1", + ">=2.0.0 <2.0.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "eventsource", + "version": "1.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-01-11T12:27:16.635235Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure by leaking the cookie header to a third party site in the process of fetching a remote URL with the cookie in the request body. If the response contains a `location` header, it will follow the redirect to another URL of a potentially malicious actor, to which the cookie would be exposed.\n## Remediation\nUpgrade `follow-redirects` to version 1.14.7 or higher.\n## References\n- [GitHub Commit](https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22)\n", + "disclosureTime": "2022-01-11T12:06:36Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.14.7" + ], + "id": "SNYK-JS-FOLLOWREDIRECTS-2332181", + "identifiers": { + "CWE": [ + "CWE-359" + ], + "CVE": [ + "CVE-2022-0155" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-12T12:49:36.151110Z", + "moduleName": "follow-redirects", + "packageManager": "npm", + "packageName": "follow-redirects", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-12T12:49:36.149349Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.14.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "follow-redirects", + "version": "1.14.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-02-09T13:37:15.331538Z", + "credit": [ + "haxatron" + ], + "cvssScore": 2.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure due a leakage of the Authorization header from the same hostname during HTTPS to HTTP redirection. An attacker who can listen in on the wire (or perform a MITM attack) will be able to receive the Authorization header due to the usage of the insecure HTTP protocol which does not verify the hostname the request is sending to.\n## Remediation\nUpgrade `follow-redirects` to version 1.14.8 or higher.\n## References\n- [GitHub Commit](https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445)\n", + "disclosureTime": "2022-02-09T12:43:30Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.14.8" + ], + "id": "SNYK-JS-FOLLOWREDIRECTS-2396346", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0536" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-09T17:20:22.056440Z", + "moduleName": "follow-redirects", + "packageManager": "npm", + "packageName": "follow-redirects", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-09T17:20:22.054220Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.14.8" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.8" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "follow-redirects", + "version": "1.14.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2020-10-09T09:34:22.716485Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[glob-parent](https://www.npmjs.com/package/glob-parent) is a package that helps extracting the non-magic parent path from a glob string.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The `enclosure` regex used to check for strings ending in enclosure containing path separator.\r\n\r\n### PoC by Yeting Li\r\n```\r\nvar globParent = require(\"glob-parent\")\r\nfunction build_attack(n) {\r\nvar ret = \"{\"\r\nfor (var i = 0; i < n; i++) {\r\nret += \"/\"\r\n}\r\n\r\nreturn ret;\r\n}\r\n\r\nglobParent(build_attack(5000));\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `glob-parent` to version 5.1.2 or higher.\n## References\n- [GitHub PR](https://github.com/gulpjs/glob-parent/pull/36)\n- [GitHub Release](https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2)\n", + "disclosureTime": "2021-01-12T12:42:32Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "5.1.2" + ], + "id": "SNYK-JS-GLOBPARENT-1016905", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-ww39-953v-wcq6" + ], + "CVE": [ + "CVE-2020-28469" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:54.924659Z", + "moduleName": "glob-parent", + "packageManager": "npm", + "packageName": "glob-parent", + "patches": [], + "proprietary": true, + "publicationTime": "2021-01-12T15:00:42Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/gulpjs/glob-parent/pull/36" + }, + { + "title": "GitHub Release", + "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.1.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "globby@8.0.2", + "fast-glob@2.2.7", + "glob-parent@3.1.0" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "react-dev-utils@11.0.0", + "globby@11.0.1", + "fast-glob@3.1.1", + "glob-parent@5.1.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "glob-parent", + "version": "3.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2020-10-09T09:34:22.716485Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[glob-parent](https://www.npmjs.com/package/glob-parent) is a package that helps extracting the non-magic parent path from a glob string.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The `enclosure` regex used to check for strings ending in enclosure containing path separator.\r\n\r\n### PoC by Yeting Li\r\n```\r\nvar globParent = require(\"glob-parent\")\r\nfunction build_attack(n) {\r\nvar ret = \"{\"\r\nfor (var i = 0; i < n; i++) {\r\nret += \"/\"\r\n}\r\n\r\nreturn ret;\r\n}\r\n\r\nglobParent(build_attack(5000));\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `glob-parent` to version 5.1.2 or higher.\n## References\n- [GitHub PR](https://github.com/gulpjs/glob-parent/pull/36)\n- [GitHub Release](https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2)\n", + "disclosureTime": "2021-01-12T12:42:32Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "5.1.2" + ], + "id": "SNYK-JS-GLOBPARENT-1016905", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-ww39-953v-wcq6" + ], + "CVE": [ + "CVE-2020-28469" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:54.924659Z", + "moduleName": "glob-parent", + "packageManager": "npm", + "packageName": "glob-parent", + "patches": [], + "proprietary": true, + "publicationTime": "2021-01-12T15:00:42Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/gulpjs/glob-parent/pull/36" + }, + { + "title": "GitHub Release", + "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<5.1.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack@4.42.0", + "watchpack@1.7.5", + "watchpack-chokidar2@2.0.1", + "chokidar@2.1.8", + "glob-parent@3.1.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glob-parent", + "version": "3.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", + "alternativeIds": [], + "creationTime": "2020-10-18T14:32:45.749491Z", + "credit": [ + "Alessio Della Libera (d3lla)" + ], + "cvssScore": 7.5, + "description": "## Overview\n[immer](https://www.npmjs.com/package/immer) is a package that allows you to create your next immutable state by mutating the current one.\n\nAffected versions of this package are vulnerable to Prototype Pollution.\n\n### PoC\r\n```\r\nconst {applyPatches, enablePatches} = require(\"immer\");\r\nenablePatches();\r\nlet obj = {};\r\nconsole.log(\"Before : \" + obj.polluted);\r\napplyPatches({}, [ { op: 'add', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\r\n// applyPatches({}, [ { op: 'replace', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\r\nconsole.log(\"After : \" + obj.polluted);\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `immer` to version 8.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5)\n- [Vulnerable Code](https://github.com/immerjs/immer/blob/master/src/plugins/patches.ts#L213)\n", + "disclosureTime": "2020-10-18T14:20:15Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.0.1" + ], + "id": "SNYK-JS-IMMER-1019369", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-9qmh-276g-x5pj" + ], + "CVE": [ + "CVE-2020-28477" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-03-04T10:57:12.173172Z", + "moduleName": "immer", + "packageManager": "npm", + "packageName": "immer", + "patches": [], + "proprietary": true, + "publicationTime": "2021-01-19T16:02:34Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/immerjs/immer/blob/master/src/plugins/patches.ts%23L213" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<8.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "immer@1.10.0" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "react-dev-utils@11.0.3", + "immer@8.0.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "immer", + "version": "1.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-08-12T17:14:32.677481Z", + "credit": [ + "Alessio Della Libera of Snyk Research Team" + ], + "cvssScore": 5.6, + "description": "## Overview\n[immer](https://www.npmjs.com/package/immer) is a package that allows you to create your next immutable state by mutating the current one.\n\nAffected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the `path` parameter are arrays. In particular, this bypass is possible because the condition `(p === \"__proto__\" || p === \"constructor\")` in `applyPatches_` returns `false` if `p` is `['__proto__']` (or `['constructor']`). The `===` operator (strict equality operator) returns `false` if the operands have different type.\r\n\r\n\r\n### PoC\r\n\r\n```\r\nconst {applyPatches, enablePatches} = require(\"immer\");\r\nenablePatches();\r\n\r\n// applyPatches({}, [ { op: 'add', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\r\n// applyPatches({}, [ { op: 'replace', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\r\n// console.log(polluted); // Error: [Immer] Patching reserved attributes like __proto__, prototype and constructor is not allowed\r\n\r\napplyPatches({}, [ { op: 'add', path: [['__proto__'], 'polluted'], value: 'yes' } ]);\r\n// applyPatches({}, [ { op: 'replace', path: [['__proto__'], 'polluted'], value: 'yes' } ]);\r\nconsole.log(polluted);\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `immer` to version 9.0.6 or higher.\n## References\n- [GitHub Commit](https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237)\n- [Snyk Blog](https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/)\n", + "disclosureTime": "2021-08-12T17:14:00Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "9.0.6" + ], + "id": "SNYK-JS-IMMER-1540542", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-23436" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-11-05T14:06:11.516776Z", + "moduleName": "immer", + "packageManager": "npm", + "packageName": "immer", + "patches": [], + "proprietary": true, + "publicationTime": "2021-09-01T15:42:32Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237" + }, + { + "title": "Snyk Blog", + "url": "https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<9.0.6" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "immer@1.10.0" + ], + "upgradePath": [ + false, + "react-scripts@5.0.0", + "react-dev-utils@12.0.0", + "immer@9.0.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "immer", + "version": "1.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "alternativeIds": [], + "creationTime": "2021-12-30T14:41:17.923623Z", + "credit": [ + "Unknown" + ], + "cvssScore": 4.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Reverse Tabnabbing because of no `rel` attribute in the link to `https://istanbul.js.org/`.\n## Remediation\nUpgrade `istanbul-reports` to version 3.1.3 or higher.\n## References\n- [GitHub Commit](https://github.com/istanbuljs/istanbuljs/commit/4eceb9eb8b3169b882d74ecc526fb5837ebc6205)\n- [GitHub PR](https://github.com/istanbuljs/istanbuljs/pull/591)\n- [GitHub Release](https://github.com/istanbuljs/istanbuljs/releases/tag/istanbul-reports-v3.1.3)\n", + "disclosureTime": "2021-12-30T14:13:55Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "3.1.3" + ], + "id": "SNYK-JS-ISTANBULREPORTS-2328088", + "identifiers": { + "CWE": [ + "CWE-1022" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-12-30T15:42:28.495661Z", + "moduleName": "istanbul-reports", + "packageManager": "npm", + "packageName": "istanbul-reports", + "patches": [], + "proprietary": false, + "publicationTime": "2021-12-30T15:42:28.493526Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/istanbuljs/istanbuljs/commit/4eceb9eb8b3169b882d74ecc526fb5837ebc6205" + }, + { + "title": "GitHub PR", + "url": "https://github.com/istanbuljs/istanbuljs/pull/591" + }, + { + "title": "GitHub Release", + "url": "https://github.com/istanbuljs/istanbuljs/releases/tag/istanbul-reports-v3.1.3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Reverse Tabnabbing", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "istanbul-reports@2.2.7" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "jest@26.6.0", + "jest-cli@26.6.0", + "@jest/core@26.6.0", + "@jest/reporters@26.6.0", + "istanbul-reports@3.1.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "istanbul-reports", + "version": "2.2.7" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "alternativeIds": [], + "creationTime": "2021-11-14T15:11:37.579980Z", + "credit": [ + "Yoshino-s" + ], + "cvssScore": 8.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `validate` function, which when given a special payload will pollute `Object` with undesired attributes.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `json-schema` to version 0.4.0 or higher.\n## References\n- [GitHub Commit](https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741)\n", + "disclosureTime": "2021-11-14T15:05:57Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "0.4.0" + ], + "id": "SNYK-JS-JSONSCHEMA-1920922", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-3918" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-12-17T15:25:44.736835Z", + "moduleName": "json-schema", + "packageManager": "npm", + "packageName": "json-schema", + "patches": [], + "proprietary": false, + "publicationTime": "2021-11-14T16:49:43.070251Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.4.0" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.1", + "json-schema@0.2.3" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.2", + "json-schema@0.4.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "json-schema", + "version": "0.2.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "alternativeIds": [], + "creationTime": "2021-11-14T15:11:37.579980Z", + "credit": [ + "Yoshino-s" + ], + "cvssScore": 8.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `validate` function, which when given a special payload will pollute `Object` with undesired attributes.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `json-schema` to version 0.4.0 or higher.\n## References\n- [GitHub Commit](https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741)\n", + "disclosureTime": "2021-11-14T15:05:57Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "0.4.0" + ], + "id": "SNYK-JS-JSONSCHEMA-1920922", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-3918" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-12-17T15:25:44.736835Z", + "moduleName": "json-schema", + "packageManager": "npm", + "packageName": "json-schema", + "patches": [], + "proprietary": false, + "publicationTime": "2021-11-14T16:49:43.070251Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.4.0" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.1", + "json-schema@0.2.3" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.2", + "json-schema@0.4.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "json-schema", + "version": "0.2.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "alternativeIds": [], + "creationTime": "2021-11-14T15:11:37.579980Z", + "credit": [ + "Yoshino-s" + ], + "cvssScore": 8.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `validate` function, which when given a special payload will pollute `Object` with undesired attributes.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `json-schema` to version 0.4.0 or higher.\n## References\n- [GitHub Commit](https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741)\n", + "disclosureTime": "2021-11-14T15:05:57Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "0.4.0" + ], + "id": "SNYK-JS-JSONSCHEMA-1920922", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-3918" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-12-17T15:25:44.736835Z", + "moduleName": "json-schema", + "packageManager": "npm", + "packageName": "json-schema", + "patches": [], + "proprietary": false, + "publicationTime": "2021-11-14T16:49:43.070251Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.4.0" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.1", + "json-schema@0.2.3" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.2", + "json-schema@0.4.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "json-schema", + "version": "0.2.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", + "alternativeIds": [], + "creationTime": "2021-03-22T12:03:39.360085Z", + "credit": [ + "Marc Hassan" + ], + "cvssScore": 7.2, + "description": "## Overview\n[lodash.template](https://www.npmjs.com/package/lodash.template) is a The Lodash method _.template exported as a Node.js module.\n\nAffected versions of this package are vulnerable to Command Injection via `template`.\r\n\r\n### PoC\r\n```js\r\nvar _ = require('lodash');\r\n\r\n_.template('', { variable: '){console.log(process.env)}; with(obj' })()\r\n```\n## Remediation\nThere is no fixed version for `lodash.template`.\n## References\n- [GitHub Commit](https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c)\n- [Vulnerable Code](https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851)\n", + "disclosureTime": "2020-11-17T13:02:10Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-LODASHTEMPLATE-1088054", + "identifiers": { + "CWE": [ + "CWE-78" + ], + "GHSA": [ + "GHSA-35jh-r3h4-6jhm" + ], + "CVE": [ + "CVE-2021-23337" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:28:18.096614Z", + "moduleName": "lodash.template", + "packageManager": "npm", + "packageName": "lodash.template", + "patches": [], + "proprietary": true, + "publicationTime": "2021-02-15T11:50:50Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Command Injection", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "workbox-webpack-plugin@4.3.1", + "workbox-build@4.3.1", + "lodash.template@4.5.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "lodash.template", + "version": "4.5.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@babel/core@7.9.0", + "json5@2.2.0", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "@babel/core@7.9.0", + "json5@2.2.0", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "loader-utils@1.4.0", + "json5@1.0.1", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "loader-utils@1.4.0", + "json5@1.0.1", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@svgr/plugin-svgo@4.3.1", + "svgo@1.3.2", + "mkdirp@0.5.5", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@svgr/plugin-svgo@4.3.1", + "svgo@1.3.2", + "mkdirp@0.5.5", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "@babel/core@7.14.0", + "json5@2.2.0", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "@babel/core@7.14.0", + "json5@2.2.0", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "jest-util@24.9.0", + "mkdirp@0.5.5", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "jest-util@24.9.0", + "mkdirp@0.5.5", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "severityWithCritical": "low", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "minimist", + "version": "1.2.5" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "moment-timezone@0.5.33", + "moment@2.29.1" + ], + "upgradePath": [ + false, + "moment-timezone@0.5.33", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "moment", + "version": "2.29.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "@types/moment-timezone@0.5.30", + "moment-timezone@0.5.33", + "moment@2.29.1" + ], + "upgradePath": [ + false, + "@types/moment-timezone@0.5.30", + "moment-timezone@0.5.33", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "moment", + "version": "2.29.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-01-17T12:08:00.675849Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.5, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a `Location` response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.\n## Remediation\nUpgrade `node-fetch` to version 2.6.7, 3.1.1 or higher.\n## References\n- [Github Commit](https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60)\n- [GitHub PR](https://github.com/node-fetch/node-fetch/pull/1449)\n", + "disclosureTime": "2022-01-17T12:00:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6.7", + "3.1.1" + ], + "id": "SNYK-JS-NODEFETCH-2342118", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0235", + "CVE-2022-1365" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-18T09:45:11.278222Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-17T16:25:00Z", + "references": [ + { + "title": "Github Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" + }, + { + "title": "GitHub PR", + "url": "https://github.com/node-fetch/node-fetch/pull/1449" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.6.7", + ">=3.0.0 <3.1.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/core@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2020-09-11T10:50:56.354201Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.9, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.\n## Remediation\nUpgrade `node-fetch` to version 2.6.1, 3.0.0-beta.9 or higher.\n## References\n- [GitHub Advisory](https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334)\n", + "disclosureTime": "2020-09-10T17:55:53Z", + "exploit": "Unproven", + "functions": [ + { + "functionId": { + "filePath": "lib/index.js", + "className": null, + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "fixedIn": [ + "2.6.1", + "3.0.0-beta.9" + ], + "id": "SNYK-JS-NODEFETCH-674311", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-w7rc-rwvf-8q5r" + ], + "CVE": [ + "CVE-2020-15168" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-26T16:47:31.069025Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2020-09-11T14:12:46Z", + "references": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service", + "insights": { + "triageAdvice": null + }, + "functions_new": [ + { + "functionId": { + "filePath": "lib/index.js", + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "semver": { + "vulnerable": [ + "<2.6.1", + ">=3.0.0-beta.1 <3.0.0-beta.9" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/core@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-01-17T12:08:00.675849Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.5, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a `Location` response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.\n## Remediation\nUpgrade `node-fetch` to version 2.6.7, 3.1.1 or higher.\n## References\n- [Github Commit](https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60)\n- [GitHub PR](https://github.com/node-fetch/node-fetch/pull/1449)\n", + "disclosureTime": "2022-01-17T12:00:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6.7", + "3.1.1" + ], + "id": "SNYK-JS-NODEFETCH-2342118", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0235", + "CVE-2022-1365" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-18T09:45:11.278222Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-17T16:25:00Z", + "references": [ + { + "title": "Github Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" + }, + { + "title": "GitHub PR", + "url": "https://github.com/node-fetch/node-fetch/pull/1449" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.6.7", + ">=3.0.0 <3.1.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/bar@0.67.0", + "@nivo/legends@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2020-09-11T10:50:56.354201Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.9, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.\n## Remediation\nUpgrade `node-fetch` to version 2.6.1, 3.0.0-beta.9 or higher.\n## References\n- [GitHub Advisory](https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334)\n", + "disclosureTime": "2020-09-10T17:55:53Z", + "exploit": "Unproven", + "functions": [ + { + "functionId": { + "filePath": "lib/index.js", + "className": null, + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "fixedIn": [ + "2.6.1", + "3.0.0-beta.9" + ], + "id": "SNYK-JS-NODEFETCH-674311", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-w7rc-rwvf-8q5r" + ], + "CVE": [ + "CVE-2020-15168" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-26T16:47:31.069025Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2020-09-11T14:12:46Z", + "references": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service", + "insights": { + "triageAdvice": null + }, + "functions_new": [ + { + "functionId": { + "filePath": "lib/index.js", + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "semver": { + "vulnerable": [ + "<2.6.1", + ">=3.0.0-beta.1 <3.0.0-beta.9" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/bar@0.67.0", + "@nivo/legends@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-01-17T12:08:00.675849Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.5, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a `Location` response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.\n## Remediation\nUpgrade `node-fetch` to version 2.6.7, 3.1.1 or higher.\n## References\n- [Github Commit](https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60)\n- [GitHub PR](https://github.com/node-fetch/node-fetch/pull/1449)\n", + "disclosureTime": "2022-01-17T12:00:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6.7", + "3.1.1" + ], + "id": "SNYK-JS-NODEFETCH-2342118", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0235", + "CVE-2022-1365" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-18T09:45:11.278222Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-17T16:25:00Z", + "references": [ + { + "title": "Github Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" + }, + { + "title": "GitHub PR", + "url": "https://github.com/node-fetch/node-fetch/pull/1449" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.6.7", + ">=3.0.0 <3.1.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/legends@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2020-09-11T10:50:56.354201Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.9, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.\n## Remediation\nUpgrade `node-fetch` to version 2.6.1, 3.0.0-beta.9 or higher.\n## References\n- [GitHub Advisory](https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334)\n", + "disclosureTime": "2020-09-10T17:55:53Z", + "exploit": "Unproven", + "functions": [ + { + "functionId": { + "filePath": "lib/index.js", + "className": null, + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "fixedIn": [ + "2.6.1", + "3.0.0-beta.9" + ], + "id": "SNYK-JS-NODEFETCH-674311", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-w7rc-rwvf-8q5r" + ], + "CVE": [ + "CVE-2020-15168" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-26T16:47:31.069025Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2020-09-11T14:12:46Z", + "references": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service", + "insights": { + "triageAdvice": null + }, + "functions_new": [ + { + "functionId": { + "filePath": "lib/index.js", + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "semver": { + "vulnerable": [ + "<2.6.1", + ">=3.0.0-beta.1 <3.0.0-beta.9" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/legends@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "node-fetch", + "version": "1.7.3" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-01-17T12:08:00.675849Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.5, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a `Location` response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.\n## Remediation\nUpgrade `node-fetch` to version 2.6.7, 3.1.1 or higher.\n## References\n- [Github Commit](https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60)\n- [GitHub PR](https://github.com/node-fetch/node-fetch/pull/1449)\n", + "disclosureTime": "2022-01-17T12:00:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6.7", + "3.1.1" + ], + "id": "SNYK-JS-NODEFETCH-2342118", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0235", + "CVE-2022-1365" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-18T09:45:11.278222Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-17T16:25:00Z", + "references": [ + { + "title": "Github Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" + }, + { + "title": "GitHub PR", + "url": "https://github.com/node-fetch/node-fetch/pull/1449" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.6.7", + ">=3.0.0 <3.1.1" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "jest-fetch-mock@3.0.3", + "cross-fetch@3.1.4", + "node-fetch@2.6.1" + ], + "upgradePath": [ + false, + "jest-fetch-mock@3.0.3", + "cross-fetch@3.1.5", + "node-fetch@2.6.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-fetch", + "version": "2.6.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-01-06T11:16:25.853884Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Open Redirect via `parseUrl` function when it mishandles certain uses of backslash such as `https:/\\/\\/\\` and interprets the URI as a relative path.\r\n\r\n### PoC:\r\n```js\r\n\r\n// poc.js\r\nvar forge = require(\"node-forge\");\r\nvar url = forge.util.parseUrl(\"https:/\\/\\/\\www.github.com/foo/bar\");\r\nconsole.log(url);\r\n\r\n// Output of node poc.js:\r\n\r\n{\r\n full: 'https://',\r\n scheme: 'https',\r\n host: '',\r\n port: 443,\r\n path: '/www.github.com/foo/bar', <<<---- path should be \"/foo/bar\"\r\n fullHost: ''\r\n}\r\n\r\n```\n## Remediation\nUpgrade `node-forge` to version 1.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e)\n- [URL Confusion Explained - Snyk Blog](https://snyk.io/blog/url-confusion-vulnerabilities/)\n", + "disclosureTime": "2022-01-06T11:09:34Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.0" + ], + "id": "SNYK-JS-NODEFORGE-2330875", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "GHSA": [ + "GHSA-gf8q-jrpm-jvxq" + ], + "CVE": [ + "CVE-2022-0122" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-10T22:56:46.640081Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-06T17:17:25Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e" + }, + { + "title": "URL Confusion Explained - Snyk Blog", + "url": "https://snyk.io/blog/url-confusion-vulnerabilities/" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.2.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-forge", + "version": "0.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-01-09T10:11:24.467022Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `forge.debug` API if called with untrusted input.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `node-forge` to version 1.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/51228083550dde97701ac8e06c629a5184117562)\n", + "disclosureTime": "2022-01-08T00:22:42Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.0.0" + ], + "id": "SNYK-JS-NODEFORGE-2331908", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "GHSA": [ + "GHSA-5rrq-pxf6-6jx5" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-09T15:54:48.990788Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-09T15:54:48.988558Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/51228083550dde97701ac8e06c629a5184117562" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.2.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-forge", + "version": "0.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T08:56:55.258238Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 5.6, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA's `PKCS#1 v1.5` signature verification code which does not properly check `DigestInfo` for a proper `ASN.1` structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T08:47:53Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430337", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-2r2c-g63r-vccr" + ], + "CVE": [ + "CVE-2022-24773" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:53.367585Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:53.330824Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-forge", + "version": "0.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T09:05:59.631233Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 7.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA's `PKCS#1` v1.5 signature verification code which does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T08:57:14Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430339", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-x4jg-mjrx-434g" + ], + "CVE": [ + "CVE-2022-24772" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:52.726979Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:52.700898Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-forge", + "version": "0.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T09:20:18.671201Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 5.6, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA`s `PKCS#1` v1.5 signature verification code which is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T09:07:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430341", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-cfm4-qjh2-4765" + ], + "CVE": [ + "CVE-2022-24771" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:53.013303Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:53.005772Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "node-forge", + "version": "0.10.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2021-09-17T14:35:00.993728Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern `\\s*(?:([+-]?)\\s*(\\d+))?` in `RE_NTH_ELEMENT` with quantified overlapping adjacency.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `nth-check` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726)\n", + "disclosureTime": "2021-09-17T14:32:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-NTHCHECK-1586032", + "identifiers": { + "CWE": [ + "CWE-1333" + ], + "CVE": [ + "CVE-2021-3803" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-13T10:42:22.281450Z", + "moduleName": "nth-check", + "packageManager": "npm", + "packageName": "nth-check", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-17T15:20:51Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "enzyme@3.11.0", + "cheerio@1.0.0-rc.9", + "cheerio-select@1.4.0", + "css-select@4.1.2", + "nth-check@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "nth-check", + "version": "2.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2021-09-17T14:35:00.993728Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern `\\s*(?:([+-]?)\\s*(\\d+))?` in `RE_NTH_ELEMENT` with quantified overlapping adjacency.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `nth-check` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726)\n", + "disclosureTime": "2021-09-17T14:32:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-NTHCHECK-1586032", + "identifiers": { + "CWE": [ + "CWE-1333" + ], + "CVE": [ + "CVE-2021-3803" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-13T10:42:22.281450Z", + "moduleName": "nth-check", + "packageManager": "npm", + "packageName": "nth-check", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-17T15:20:51Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-native-svg@9.13.6", + "css-select@2.1.0", + "nth-check@1.0.2" + ], + "upgradePath": [ + false, + "react-native-svg@12.3.0", + "css-select@4.2.1", + "nth-check@2.0.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "nth-check", + "version": "1.0.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2021-09-17T14:35:00.993728Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern `\\s*(?:([+-]?)\\s*(\\d+))?` in `RE_NTH_ELEMENT` with quantified overlapping adjacency.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `nth-check` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726)\n", + "disclosureTime": "2021-09-17T14:32:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-NTHCHECK-1586032", + "identifiers": { + "CWE": [ + "CWE-1333" + ], + "CVE": [ + "CVE-2021-3803" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-13T10:42:22.281450Z", + "moduleName": "nth-check", + "packageManager": "npm", + "packageName": "nth-check", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-17T15:20:51Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@svgr/plugin-svgo@4.3.1", + "svgo@1.3.2", + "css-select@2.1.0", + "nth-check@1.0.2" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "nth-check", + "version": "1.0.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-05-23T12:23:14.606493Z", + "credit": [ + "Diego Perini" + ], + "cvssScore": 6.2, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when it is provided the invalid selector `_:-ms-fullscreen`. This triggers an infinite loop.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3)\n- [GitHub Issue](https://github.com/dperini/nwsapi/issues/46#issuecomment-1134223659)\n", + "disclosureTime": "2022-05-23T12:06:55Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-NWSAPI-2841516", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-15T15:35:57.288474Z", + "moduleName": "nwsapi", + "packageManager": "npm", + "packageName": "nwsapi", + "patches": [], + "proprietary": false, + "publicationTime": "2022-06-15T15:35:57.286030Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/dperini/nwsapi/issues/46%23issuecomment-1134223659" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest-environment-jsdom-fourteen@1.0.1", + "jsdom@14.1.0", + "nwsapi@2.2.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "nwsapi", + "version": "2.2.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-05-23T12:23:14.606493Z", + "credit": [ + "Diego Perini" + ], + "cvssScore": 6.2, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when it is provided the invalid selector `_:-ms-fullscreen`. This triggers an infinite loop.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3)\n- [GitHub Issue](https://github.com/dperini/nwsapi/issues/46#issuecomment-1134223659)\n", + "disclosureTime": "2022-05-23T12:06:55Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-NWSAPI-2841516", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-15T15:35:57.288474Z", + "moduleName": "nwsapi", + "packageManager": "npm", + "packageName": "nwsapi", + "patches": [], + "proprietary": false, + "publicationTime": "2022-06-15T15:35:57.286030Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/dperini/nwsapi/issues/46%23issuecomment-1134223659" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "nwsapi@2.2.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "nwsapi", + "version": "2.2.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-05-23T12:23:14.606493Z", + "credit": [ + "Diego Perini" + ], + "cvssScore": 6.2, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when it is provided the invalid selector `_:-ms-fullscreen`. This triggers an infinite loop.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3)\n- [GitHub Issue](https://github.com/dperini/nwsapi/issues/46#issuecomment-1134223659)\n", + "disclosureTime": "2022-05-23T12:06:55Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-NWSAPI-2841516", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-15T15:35:57.288474Z", + "moduleName": "nwsapi", + "packageManager": "npm", + "packageName": "nwsapi", + "patches": [], + "proprietary": false, + "publicationTime": "2022-06-15T15:35:57.286030Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/dperini/nwsapi/issues/46%23issuecomment-1134223659" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "nwsapi@2.2.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "nwsapi", + "version": "2.2.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-19T16:00:22.449519Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[path-parse](https://www.npmjs.org/package/path-parse) is a Node.js path.parse() ponyfill\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions. ReDoS exhibits polynomial worst-case time complexity.\r\n\r\n### PoC\r\n```\r\nvar pathParse = require('path-parse');\r\nfunction build_attack(n) {\r\n var ret = \"\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/\"\r\n }\r\n return ret + \"◎\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n pathParse(attack_str);\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `path-parse` to version 1.0.7 or higher.\n## References\n- [GitHub Issue 1](https://github.com/jbgutierrez/path-parse/issues/8)\n- [GitHub PR](https://github.com/jbgutierrez/path-parse/pull/10)\n", + "disclosureTime": "2021-02-19T15:54:01Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.7" + ], + "id": "SNYK-JS-PATHPARSE-1077067", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23343" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.024375Z", + "moduleName": "path-parse", + "packageManager": "npm", + "packageName": "path-parse", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-04T08:38:49Z", + "references": [ + { + "title": "GitHub Issue 1", + "url": "https://github.com/jbgutierrez/path-parse/issues/8" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jbgutierrez/path-parse/pull/10" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@babel/core@7.9.0", + "resolve@1.15.0", + "path-parse@1.0.6" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "@babel/core@7.9.0", + "resolve@1.15.0", + "path-parse@1.0.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "path-parse", + "version": "1.0.6" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-19T16:00:22.449519Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[path-parse](https://www.npmjs.org/package/path-parse) is a Node.js path.parse() ponyfill\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions. ReDoS exhibits polynomial worst-case time complexity.\r\n\r\n### PoC\r\n```\r\nvar pathParse = require('path-parse');\r\nfunction build_attack(n) {\r\n var ret = \"\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/\"\r\n }\r\n return ret + \"◎\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n pathParse(attack_str);\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `path-parse` to version 1.0.7 or higher.\n## References\n- [GitHub Issue 1](https://github.com/jbgutierrez/path-parse/issues/8)\n- [GitHub PR](https://github.com/jbgutierrez/path-parse/pull/10)\n", + "disclosureTime": "2021-02-19T15:54:01Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.7" + ], + "id": "SNYK-JS-PATHPARSE-1077067", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23343" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.024375Z", + "moduleName": "path-parse", + "packageManager": "npm", + "packageName": "path-parse", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-04T08:38:49Z", + "references": [ + { + "title": "GitHub Issue 1", + "url": "https://github.com/jbgutierrez/path-parse/issues/8" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jbgutierrez/path-parse/pull/10" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@babel/preset-env@7.14.1", + "babel-plugin-polyfill-corejs2@0.2.0", + "@babel/helper-define-polyfill-provider@0.2.0", + "resolve@1.20.0", + "path-parse@1.0.6" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "@svgr/webpack@4.3.3", + "@babel/preset-env@7.14.1", + "babel-plugin-polyfill-corejs2@0.2.0", + "@babel/helper-define-polyfill-provider@0.2.0", + "resolve@1.20.0", + "path-parse@1.0.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "path-parse", + "version": "1.0.6" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-19T16:00:22.449519Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[path-parse](https://www.npmjs.org/package/path-parse) is a Node.js path.parse() ponyfill\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions. ReDoS exhibits polynomial worst-case time complexity.\r\n\r\n### PoC\r\n```\r\nvar pathParse = require('path-parse');\r\nfunction build_attack(n) {\r\n var ret = \"\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/\"\r\n }\r\n return ret + \"◎\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n pathParse(attack_str);\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `path-parse` to version 1.0.7 or higher.\n## References\n- [GitHub Issue 1](https://github.com/jbgutierrez/path-parse/issues/8)\n- [GitHub PR](https://github.com/jbgutierrez/path-parse/pull/10)\n", + "disclosureTime": "2021-02-19T15:54:01Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.7" + ], + "id": "SNYK-JS-PATHPARSE-1077067", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23343" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.024375Z", + "moduleName": "path-parse", + "packageManager": "npm", + "packageName": "path-parse", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-04T08:38:49Z", + "references": [ + { + "title": "GitHub Issue 1", + "url": "https://github.com/jbgutierrez/path-parse/issues/8" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jbgutierrez/path-parse/pull/10" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "babel-plugin-istanbul@5.2.0", + "test-exclude@5.2.3", + "read-pkg-up@4.0.0", + "read-pkg@3.0.0", + "normalize-package-data@2.5.0", + "resolve@1.20.0", + "path-parse@1.0.6" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "babel-plugin-istanbul@5.2.0", + "test-exclude@5.2.3", + "read-pkg-up@4.0.0", + "read-pkg@3.0.0", + "normalize-package-data@2.5.0", + "resolve@1.20.0", + "path-parse@1.0.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "path-parse", + "version": "1.0.6" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-flexbugs-fixes@4.1.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-flexbugs-fixes@4.1.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-flexbugs-fixes@4.1.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-flexbugs-fixes@4.1.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-loader@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-loader@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-loader@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-loader@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-safe-parser@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-safe-parser@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-safe-parser@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-safe-parser@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "icss-utils@4.1.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "icss-utils@4.1.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "icss-utils@4.1.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "icss-utils@4.1.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-extract-imports@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-extract-imports@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-extract-imports@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-extract-imports@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-local-by-default@3.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-local-by-default@3.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-local-by-default@3.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-local-by-default@3.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-scope@2.2.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-scope@2.2.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-scope@2.2.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-scope@2.2.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-values@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-values@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-values@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "css-loader@3.4.2", + "postcss-modules-values@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss-browser-comments@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss-browser-comments@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss-browser-comments@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-normalize@8.0.1", + "postcss-browser-comments@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "autoprefixer@9.8.6", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "autoprefixer@9.8.6", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "autoprefixer@9.8.6", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "autoprefixer@9.8.6", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-blank-pseudo@0.1.4", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-blank-pseudo@0.1.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-blank-pseudo@0.1.4", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-blank-pseudo@0.1.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-has-pseudo@0.10.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-has-pseudo@0.10.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-has-pseudo@0.10.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-has-pseudo@0.10.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-prefers-color-scheme@3.1.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-prefers-color-scheme@3.1.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-prefers-color-scheme@3.1.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "css-prefers-color-scheme@3.1.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-attribute-case-insensitive@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-attribute-case-insensitive@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-attribute-case-insensitive@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-attribute-case-insensitive@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-functional-notation@2.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-functional-notation@2.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-functional-notation@2.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-functional-notation@2.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-gray@5.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-gray@5.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-gray@5.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-gray@5.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-hex-alpha@5.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-hex-alpha@5.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-hex-alpha@5.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-hex-alpha@5.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-mod-function@3.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-mod-function@3.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-mod-function@3.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-mod-function@3.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-rebeccapurple@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-rebeccapurple@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-rebeccapurple@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-color-rebeccapurple@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-media@7.0.8", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-media@7.0.8", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-media@7.0.8", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-media@7.0.8", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-properties@8.0.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-properties@8.0.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-properties@8.0.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-properties@8.0.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-selectors@5.1.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-selectors@5.1.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-selectors@5.1.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-custom-selectors@5.1.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-dir-pseudo-class@5.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-dir-pseudo-class@5.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-dir-pseudo-class@5.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-dir-pseudo-class@5.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-double-position-gradients@1.0.0", + "postcss@7.0.35" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-double-position-gradients@1.0.0", + "postcss@7.0.35" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-env-function@2.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-env-function@2.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-env-function@2.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-env-function@2.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-visible@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-visible@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-visible@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-visible@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-within@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-within@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-within@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-focus-within@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-font-variant@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-font-variant@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-font-variant@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-font-variant@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-gap-properties@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-gap-properties@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-gap-properties@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-gap-properties@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-image-set-function@3.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-image-set-function@3.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-image-set-function@3.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-image-set-function@3.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-initial@3.0.4", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-initial@3.0.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-initial@3.0.4", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-initial@3.0.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-lab-function@2.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-lab-function@2.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-lab-function@2.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-lab-function@2.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-logical@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-logical@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-logical@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-logical@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-media-minmax@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-media-minmax@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-media-minmax@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-media-minmax@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-nesting@7.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-nesting@7.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-nesting@7.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-nesting@7.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-overflow-shorthand@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-overflow-shorthand@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-overflow-shorthand@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-overflow-shorthand@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-page-break@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-page-break@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-page-break@2.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-page-break@2.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-place@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-place@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-place@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-place@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-pseudo-class-any-link@6.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-pseudo-class-any-link@6.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-pseudo-class-any-link@6.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-pseudo-class-any-link@6.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-replace-overflow-wrap@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-replace-overflow-wrap@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-replace-overflow-wrap@3.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-replace-overflow-wrap@3.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-matches@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-matches@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-matches@4.0.0", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-matches@4.0.0", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-not@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-not@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-not@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "postcss-preset-env@6.7.0", + "postcss-selector-not@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "css-declaration-sorter@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "css-declaration-sorter@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "css-declaration-sorter@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "css-declaration-sorter@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "cssnano-util-raw-cache@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "cssnano-util-raw-cache@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "cssnano-util-raw-cache@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "cssnano-util-raw-cache@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-calc@7.0.5", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-calc@7.0.5", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-calc@7.0.5", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-calc@7.0.5", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-colormin@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-colormin@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-colormin@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-colormin@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-convert-values@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-convert-values@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-convert-values@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-convert-values@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-comments@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-comments@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-comments@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-comments@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-duplicates@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-duplicates@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-duplicates@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-duplicates@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-empty@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-empty@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-empty@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-empty@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-overridden@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-overridden@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-overridden@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-discard-overridden@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-rules@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-rules@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-rules@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-rules@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-font-values@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-font-values@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-font-values@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-font-values@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-gradients@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-gradients@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-gradients@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-gradients@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-params@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-params@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-params@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-params@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-selectors@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-selectors@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-selectors@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-minify-selectors@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-charset@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-charset@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-charset@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-charset@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-display-values@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-display-values@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-display-values@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-display-values@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-positions@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-positions@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-positions@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-positions@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-repeat-style@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-repeat-style@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-repeat-style@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-repeat-style@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-string@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-string@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-string@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-string@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-timing-functions@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-timing-functions@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-timing-functions@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-timing-functions@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-unicode@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-unicode@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-unicode@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-unicode@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-url@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-url@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-url@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-url@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-whitespace@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-whitespace@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-whitespace@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-normalize-whitespace@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-ordered-values@4.1.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-ordered-values@4.1.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-ordered-values@4.1.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-ordered-values@4.1.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-initial@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-initial@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-initial@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-initial@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-transforms@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-transforms@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-transforms@4.0.2", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-reduce-transforms@4.0.2", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-svgo@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-svgo@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-svgo@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-svgo@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-unique-selectors@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-unique-selectors@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-unique-selectors@4.0.1", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-unique-selectors@4.0.1", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "stylehacks@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "stylehacks@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "stylehacks@4.0.3", + "postcss@7.0.35" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "optimize-css-assets-webpack-plugin@5.0.3", + "cssnano@4.1.11", + "cssnano-preset-default@4.0.8", + "postcss-merge-longhand@4.0.11", + "stylehacks@4.0.3", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.35" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-05T10:34:06.518802Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}/*# sourceMappingURL=\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 7.0.36, 8.2.10 or higher.\n## References\n- [Fix Commit #1](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5)\n- [Fix Commit #2](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4)\n- [GitHub Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3)\n", + "disclosureTime": "2021-04-05T10:32:44Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.0.36", + "8.2.10" + ], + "id": "SNYK-JS-POSTCSS-1090595", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-hwj9-h5mp-3pm3" + ], + "CVE": [ + "CVE-2021-23368" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.030348Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-12T13:07:14Z", + "references": [ + { + "title": "Fix Commit #1", + "url": "https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5" + }, + { + "title": "Fix Commit #2", + "url": "https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4" + }, + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.0.36", + ">=8.0.0 <8.2.10" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "resolve-url-loader@3.1.2", + "postcss@7.0.21" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "resolve-url-loader@3.1.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.21" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-04-26T15:22:41.908415Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[postcss](https://www.npmjs.com/package/postcss) is a PostCSS is a tool for transforming styles with JS plugins.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `\\/\\*\\s*# sourceMappingURL=(.*)`.\r\n\r\n### PoC\r\n```\r\nvar postcss = require(\"postcss\")\r\nfunction build_attack(n) {\r\n var ret = \"a{}\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/*# sourceMappingURL=\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\n// postcss.parse('a{}/*# sourceMappingURL=a.css.map */')\r\nfor(var i = 1; i <= 500000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n try{\r\n postcss.parse(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n catch(e){\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\");\r\n }\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `postcss` to version 8.2.13, 7.0.36 or higher.\n## References\n- [GitHub Commit](https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956)\n", + "disclosureTime": "2021-04-26T15:09:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "8.2.13", + "7.0.36" + ], + "id": "SNYK-JS-POSTCSS-1255640", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23382" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.050563Z", + "moduleName": "postcss", + "packageManager": "npm", + "packageName": "postcss", + "patches": [], + "proprietary": true, + "publicationTime": "2021-04-26T16:18:39Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=8.0.0 <8.2.13", + "<7.0.36" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "resolve-url-loader@3.1.2", + "postcss@7.0.21" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "resolve-url-loader@3.1.4", + "postcss@7.0.36" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "postcss", + "version": "7.0.21" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-10-08T12:15:58.593115Z", + "credit": [ + "Ready Research" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU.\r\n\r\n### PoC\r\n```\r\nconst strip = require('prompts/lib/util/strip.js');\r\nfor(var i = 1; i <= 5000; i++) {\r\nvar time = Date.now();\r\nvar attack_str = \"\\u001B[\"+\";\".repeat(i*1000);\r\nstrip(attack_str)\r\nvar time_cost = Date.now() - time;\r\nconsole.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `prompts` to version 2.4.2 or higher.\n## References\n- [GitHub PR](https://github.com/terkelg/prompts/pull/333)\n- [GitHub Release](https://github.com/terkelg/prompts/releases/tag/v2.4.2)\n", + "disclosureTime": "2021-10-08T12:09:35Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.4.2" + ], + "id": "SNYK-JS-PROMPTS-1729737", + "identifiers": { + "CWE": [ + "CWE-1333" + ], + "CVE": [ + "CVE-2021-3868" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-10-18T11:52:51.626359Z", + "moduleName": "prompts", + "packageManager": "npm", + "packageName": "prompts", + "patches": [], + "proprietary": false, + "publicationTime": "2021-10-08T13:48:51Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/terkelg/prompts/pull/333" + }, + { + "title": "GitHub Release", + "url": "https://github.com/terkelg/prompts/releases/tag/v2.4.2" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.4.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "prompts@2.4.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "prompts@2.4.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "prompts", + "version": "2.4.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-03-09T10:16:13.615967Z", + "credit": [ + "zpbrent(zhou", + "peng@shu)" + ], + "cvssScore": 5.6, + "description": "## Overview\n[react-dev-utils](https://www.npmjs.com/package/react-dev-utils) is an includes some utilities used by Create React App.\n\nAffected versions of this package are vulnerable to Command Injection via `getProcessForPort` - where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.\n## Remediation\nUpgrade `react-dev-utils` to version 11.0.4 or higher.\n## References\n- [Facebook Advisory](https://www.facebook.com/security/advisories/cve-2021-24033)\n- [POC: GitHub PR](https://github.com/facebook/create-react-app/pull/10644)\n", + "disclosureTime": "2021-03-09T10:14:45Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "11.0.4" + ], + "id": "SNYK-JS-REACTDEVUTILS-1083268", + "identifiers": { + "CWE": [ + "CWE-78" + ], + "GHSA": [ + "GHSA-5q6m-3h65-w53x" + ], + "CVE": [ + "CVE-2021-24033" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-09-24T13:25:49.294067Z", + "moduleName": "react-dev-utils", + "packageManager": "npm", + "packageName": "react-dev-utils", + "patches": [], + "proprietary": false, + "publicationTime": "2021-03-09T15:18:51Z", + "references": [ + { + "title": "Facebook Advisory", + "url": "https://www.facebook.com/security/advisories/cve-2021-24033" + }, + { + "title": "POC: GitHub PR", + "url": "https://github.com/facebook/create-react-app/pull/10644" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Command Injection", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<11.0.4" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1" + ], + "upgradePath": [ + false, + "react-scripts@4.0.0", + "react-dev-utils@11.0.4" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "react-dev-utils", + "version": "10.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2021-10-22T13:41:32.060118Z", + "credit": [ + "Unknown" + ], + "cvssScore": 8.1, + "description": "## Overview\n[shell-quote](https://www.npmjs.com/package/shell-quote) is a package used to quote and parse shell commands.\n\nAffected versions of this package are vulnerable to Remote Code Execution (RCE). An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is `{A-z]` instead of the correct `{A-Za-z]`. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.\n## Remediation\nUpgrade `shell-quote` to version 1.7.3 or higher.\n## References\n- [GitHub ChangeLog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173)\n- [GitHub Commit](https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe)\n", + "disclosureTime": "2021-10-22T13:39:50Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.7.3" + ], + "id": "SNYK-JS-SHELLQUOTE-1766506", + "identifiers": { + "CWE": [ + "CWE-94" + ], + "CVE": [ + "CVE-2021-42740" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-23T09:36:55.477345Z", + "moduleName": "shell-quote", + "packageManager": "npm", + "packageName": "shell-quote", + "patches": [], + "proprietary": false, + "publicationTime": "2021-10-22T14:42:50.335737Z", + "references": [ + { + "title": "GitHub ChangeLog", + "url": "https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md%23173" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Remote Code Execution (RCE)", + "insights": { + "triageAdvice": "This vulnerability is only applicable on Windows operating system" + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.7.3" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "react-dev-utils@10.2.1", + "shell-quote@1.7.2" + ], + "upgradePath": [ + false, + "react-scripts@5.0.0", + "react-dev-utils@12.0.0", + "shell-quote@1.7.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "shell-quote", + "version": "1.7.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2021-04-15T12:21:08.776563Z", + "credit": [ + "Yeting Li", + "Ben Caller" + ], + "cvssScore": 7.5, + "description": "## Overview\n[ssri](https://github.com/zkat/ssri) is a Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). `ssri` processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ssri` to version 6.0.2, 7.1.1, 8.0.1 or higher.\n## References\n- [GitHub Additional Information](https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf)\n- [GitHub Commit](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2)\n", + "disclosureTime": "2018-02-14T20:39:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "6.0.2", + "7.1.1", + "8.0.1" + ], + "id": "SNYK-JS-SSRI-1246392", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "NSP": [ + "565" + ], + "CVE": [ + "CVE-2021-27290" + ], + "GHSA": [ + "GHSA-vx3p-948g-6vhq" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-23T14:33:16.198456Z", + "moduleName": "ssri", + "packageManager": "npm", + "packageName": "ssri", + "patches": [], + "proprietary": false, + "publicationTime": "2021-04-15T14:43:24Z", + "references": [ + { + "title": "GitHub Additional Information", + "url": "https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=5.2.2 <6.0.2", + ">=7.0.0 <7.1.1", + ">=8.0.0 <8.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "terser-webpack-plugin@2.3.8", + "cacache@13.0.1", + "ssri@7.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "terser-webpack-plugin@2.3.8", + "cacache@13.0.1", + "ssri@7.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ssri", + "version": "7.1.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-08T12:39:02.502663Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the main functionality.\r\n\r\n### PoC\r\n```\r\nvar tmpl = require(\"tmpl\")\r\nfor(var i = 1; i <= 1000; i++) {\r\n var time = Date.now();\r\n payload = \"hello, \" + \"{\".repeat(i*10000) + \"day\"\r\n tmpl(payload, {day: \"tomorrow\"})\r\n var time_taken = Date.now() - time;\r\n console.log(\"payload length: \" + payload.length + \" - time taken: \" + time_taken + \"ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `tmpl` to version 1.0.5 or higher.\n## References\n- [GitHub Commit](https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6)\n", + "disclosureTime": "2021-09-08T11:19:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.5" + ], + "id": "SNYK-JS-TMPL-1583443", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3777" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-09-15T18:40:54.505298Z", + "moduleName": "tmpl", + "packageManager": "npm", + "packageName": "tmpl", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-15T18:40:54.502927Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.5" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.4" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.5" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "tmpl", + "version": "1.0.4" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-08T12:39:02.502663Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the main functionality.\r\n\r\n### PoC\r\n```\r\nvar tmpl = require(\"tmpl\")\r\nfor(var i = 1; i <= 1000; i++) {\r\n var time = Date.now();\r\n payload = \"hello, \" + \"{\".repeat(i*10000) + \"day\"\r\n tmpl(payload, {day: \"tomorrow\"})\r\n var time_taken = Date.now() - time;\r\n console.log(\"payload length: \" + payload.length + \" - time taken: \" + time_taken + \"ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `tmpl` to version 1.0.5 or higher.\n## References\n- [GitHub Commit](https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6)\n", + "disclosureTime": "2021-09-08T11:19:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.5" + ], + "id": "SNYK-JS-TMPL-1583443", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3777" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-09-15T18:40:54.505298Z", + "moduleName": "tmpl", + "packageManager": "npm", + "packageName": "tmpl", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-15T18:40:54.502927Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.5" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.4" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.5" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "tmpl", + "version": "1.0.4" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-02-13T14:46:07.185334Z", + "credit": [ + "khizar" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `unset` function in `index.js`, because it allows access to object prototype properties.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `unset-value` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561)\n- [GitHub Issue](https://github.com/jonschlinkert/unset-value/issues/11)\n- [GitHub PR](https://github.com/jonschlinkert/unset-value/pull/12)\n- [GitHub Release](https://github.com/jonschlinkert/unset-value/releases)\n", + "disclosureTime": "2022-02-13T14:44:04Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-UNSETVALUE-2400660", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-13T15:26:38.065734Z", + "moduleName": "unset-value", + "packageManager": "npm", + "packageName": "unset-value", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-13T15:26:38.063549Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/jonschlinkert/unset-value/issues/11" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jonschlinkert/unset-value/pull/12" + }, + { + "title": "GitHub Release", + "url": "https://github.com/jonschlinkert/unset-value/releases" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "babel-jest@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "anymatch@2.0.0", + "micromatch@3.1.10", + "braces@2.3.2", + "snapdragon@0.8.2", + "base@0.11.2", + "cache-base@1.0.1", + "unset-value@1.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "unset-value", + "version": "1.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-02-13T14:46:07.185334Z", + "credit": [ + "khizar" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `unset` function in `index.js`, because it allows access to object prototype properties.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `unset-value` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561)\n- [GitHub Issue](https://github.com/jonschlinkert/unset-value/issues/11)\n- [GitHub PR](https://github.com/jonschlinkert/unset-value/pull/12)\n- [GitHub Release](https://github.com/jonschlinkert/unset-value/releases)\n", + "disclosureTime": "2022-02-13T14:44:04Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-UNSETVALUE-2400660", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-13T15:26:38.065734Z", + "moduleName": "unset-value", + "packageManager": "npm", + "packageName": "unset-value", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-13T15:26:38.063549Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/jonschlinkert/unset-value/issues/11" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jonschlinkert/unset-value/pull/12" + }, + { + "title": "GitHub Release", + "url": "https://github.com/jonschlinkert/unset-value/releases" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/fake-timers@24.9.0", + "jest-message-util@24.9.0", + "micromatch@3.1.10", + "braces@2.3.2", + "snapdragon@0.8.2", + "base@0.11.2", + "cache-base@1.0.1", + "unset-value@1.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "unset-value", + "version": "1.0.0" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2021-07-26T12:59:09.903181Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.\n## Remediation\nUpgrade `url-parse` to version 1.5.2 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0)\n- [GitHub Issue](https://github.com/unshiftio/url-parse/issues/206)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/208)\n", + "disclosureTime": "2021-07-26T12:57:37Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.2" + ], + "id": "SNYK-JS-URLPARSE-1533425", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "CVE": [ + "CVE-2021-3664" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-26T15:23:41.208720Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2021-07-26T15:23:41.206700Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/unshiftio/url-parse/issues/206" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/208" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-02-15T10:01:29.002928Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.\r\n\r\n## PoC:\r\n\r\n```js\r\n// PoC.js\r\n var parse = require('url-parse')\r\nvar cc=parse(\"http://admin:password123@@127.0.0.1\")\r\n\r\n//Output:\r\n{ slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: 'admin:password123',\r\n host: '@127.0.0.1',\r\n port: '',\r\n hostname: '@127.0.0.1',\r\n password: 'password123',\r\n username: 'admin',\r\n origin: 'http://@127.0.0.1',\r\n href: 'http://admin:password123@@127.0.0.1/' }\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.6 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/223)\n", + "disclosureTime": "2022-02-15T09:53:25Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.6" + ], + "id": "SNYK-JS-URLPARSE-2401205", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0512" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-15T15:27:36.795014Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-15T13:06:08Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/223" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Access Restriction Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.6" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T10:47:02.113879Z", + "credit": [ + "Rohan Sharma" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass via the `hostname` field of a parsed URL, because \"url-parse\" is unable to find the correct hostname when no port number is provided in the URL.\r\n\r\n## PoC:\r\n```js\r\nvar Url = require('url-parse');\r\nvar PAYLOAD = \"http://example.com:\";\r\n\r\nconsole.log(Url(PAYLOAD));\r\n\r\n// Expected hostname: example.com\r\n// Actual hostname by url-parse: example.com:\r\n```\r\n\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: '',\r\n host: 'example.com:',\r\n port: '',\r\n hostname: 'example.com:',\r\n password: '',\r\n username: '',\r\n origin: 'http://example.com:',\r\n href: 'http://example.com:/'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.8 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5)\n", + "disclosureTime": "2022-02-21T10:36:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.8" + ], + "id": "SNYK-JS-URLPARSE-2407759", + "identifiers": { + "CWE": [ + "CWE-285" + ], + "CVE": [ + "CVE-2022-0686" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-21T16:02:45.057937Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45.055472Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.8" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.8" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T12:56:54.006952Z", + "credit": [ + "haxatron" + ], + "cvssScore": 8.1, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Improper Input Validation due to improper fix of [CVE-2020-8124](https://security.snyk.io/vuln/SNYK-JS-URLPARSE-543307) , it is possible to be exploited via the `\\b` (backspace) character.\r\n\r\n## PoC:\r\n```js\r\nconst parse = require('./index.js')\r\n\r\nurl = parse('\\bhttp://google.com')\r\n\r\nconsole.log(url)\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: false,\r\n protocol: '',\r\n hash: '',\r\n query: '',\r\n pathname: '\\bhttp://google.com',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: '\\bhttp://google.com'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.9 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63)\n", + "disclosureTime": "2022-02-21T12:49:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.9" + ], + "id": "SNYK-JS-URLPARSE-2407770", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2022-0691" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:13:29.620707Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Input Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.9" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.9" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-24T09:02:19.641584Z", + "credit": [ + "haxatron" + ], + "cvssScore": 6.2, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF.\r\n\r\n## PoC:\r\n```\r\nparse = require('url-parse')\r\n\r\nconsole.log(parse(\"http:@/127.0.0.1\"))\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/127.0.0.1',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: 'http:///127.0.0.1'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.7 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/226)\n", + "disclosureTime": "2022-02-17T00:00:00Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.7" + ], + "id": "SNYK-JS-URLPARSE-2412697", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0639" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-24T16:08:31.527221Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-24T16:08:31.525302Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/226" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass Through User-Controlled Key", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2021-07-26T12:59:09.903181Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.\n## Remediation\nUpgrade `url-parse` to version 1.5.2 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0)\n- [GitHub Issue](https://github.com/unshiftio/url-parse/issues/206)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/208)\n", + "disclosureTime": "2021-07-26T12:57:37Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.2" + ], + "id": "SNYK-JS-URLPARSE-1533425", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "CVE": [ + "CVE-2021-3664" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-26T15:23:41.208720Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2021-07-26T15:23:41.206700Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/unshiftio/url-parse/issues/206" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/208" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-02-15T10:01:29.002928Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.\r\n\r\n## PoC:\r\n\r\n```js\r\n// PoC.js\r\n var parse = require('url-parse')\r\nvar cc=parse(\"http://admin:password123@@127.0.0.1\")\r\n\r\n//Output:\r\n{ slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: 'admin:password123',\r\n host: '@127.0.0.1',\r\n port: '',\r\n hostname: '@127.0.0.1',\r\n password: 'password123',\r\n username: 'admin',\r\n origin: 'http://@127.0.0.1',\r\n href: 'http://admin:password123@@127.0.0.1/' }\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.6 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/223)\n", + "disclosureTime": "2022-02-15T09:53:25Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.6" + ], + "id": "SNYK-JS-URLPARSE-2401205", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0512" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-15T15:27:36.795014Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-15T13:06:08Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/223" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Access Restriction Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.6" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T10:47:02.113879Z", + "credit": [ + "Rohan Sharma" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass via the `hostname` field of a parsed URL, because \"url-parse\" is unable to find the correct hostname when no port number is provided in the URL.\r\n\r\n## PoC:\r\n```js\r\nvar Url = require('url-parse');\r\nvar PAYLOAD = \"http://example.com:\";\r\n\r\nconsole.log(Url(PAYLOAD));\r\n\r\n// Expected hostname: example.com\r\n// Actual hostname by url-parse: example.com:\r\n```\r\n\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: '',\r\n host: 'example.com:',\r\n port: '',\r\n hostname: 'example.com:',\r\n password: '',\r\n username: '',\r\n origin: 'http://example.com:',\r\n href: 'http://example.com:/'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.8 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5)\n", + "disclosureTime": "2022-02-21T10:36:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.8" + ], + "id": "SNYK-JS-URLPARSE-2407759", + "identifiers": { + "CWE": [ + "CWE-285" + ], + "CVE": [ + "CVE-2022-0686" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-21T16:02:45.057937Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45.055472Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.8" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.8" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T12:56:54.006952Z", + "credit": [ + "haxatron" + ], + "cvssScore": 8.1, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Improper Input Validation due to improper fix of [CVE-2020-8124](https://security.snyk.io/vuln/SNYK-JS-URLPARSE-543307) , it is possible to be exploited via the `\\b` (backspace) character.\r\n\r\n## PoC:\r\n```js\r\nconst parse = require('./index.js')\r\n\r\nurl = parse('\\bhttp://google.com')\r\n\r\nconsole.log(url)\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: false,\r\n protocol: '',\r\n hash: '',\r\n query: '',\r\n pathname: '\\bhttp://google.com',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: '\\bhttp://google.com'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.9 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63)\n", + "disclosureTime": "2022-02-21T12:49:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.9" + ], + "id": "SNYK-JS-URLPARSE-2407770", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2022-0691" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:13:29.620707Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Input Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.9" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.9" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-24T09:02:19.641584Z", + "credit": [ + "haxatron" + ], + "cvssScore": 6.2, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF.\r\n\r\n## PoC:\r\n```\r\nparse = require('url-parse')\r\n\r\nconsole.log(parse(\"http:@/127.0.0.1\"))\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/127.0.0.1',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: 'http:///127.0.0.1'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.7 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/226)\n", + "disclosureTime": "2022-02-17T00:00:00Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.7" + ], + "id": "SNYK-JS-URLPARSE-2412697", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0639" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-24T16:08:31.527221Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-24T16:08:31.525302Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/226" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass Through User-Controlled Key", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "url-parse@1.5.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2021-07-26T12:59:09.903181Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.\n## Remediation\nUpgrade `url-parse` to version 1.5.2 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0)\n- [GitHub Issue](https://github.com/unshiftio/url-parse/issues/206)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/208)\n", + "disclosureTime": "2021-07-26T12:57:37Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.2" + ], + "id": "SNYK-JS-URLPARSE-1533425", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "CVE": [ + "CVE-2021-3664" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-26T15:23:41.208720Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2021-07-26T15:23:41.206700Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/unshiftio/url-parse/issues/206" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/208" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.2" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-02-15T10:01:29.002928Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.\r\n\r\n## PoC:\r\n\r\n```js\r\n// PoC.js\r\n var parse = require('url-parse')\r\nvar cc=parse(\"http://admin:password123@@127.0.0.1\")\r\n\r\n//Output:\r\n{ slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: 'admin:password123',\r\n host: '@127.0.0.1',\r\n port: '',\r\n hostname: '@127.0.0.1',\r\n password: 'password123',\r\n username: 'admin',\r\n origin: 'http://@127.0.0.1',\r\n href: 'http://admin:password123@@127.0.0.1/' }\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.6 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/223)\n", + "disclosureTime": "2022-02-15T09:53:25Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.6" + ], + "id": "SNYK-JS-URLPARSE-2401205", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0512" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-15T15:27:36.795014Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-15T13:06:08Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/223" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Access Restriction Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.6" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.6" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T10:47:02.113879Z", + "credit": [ + "Rohan Sharma" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass via the `hostname` field of a parsed URL, because \"url-parse\" is unable to find the correct hostname when no port number is provided in the URL.\r\n\r\n## PoC:\r\n```js\r\nvar Url = require('url-parse');\r\nvar PAYLOAD = \"http://example.com:\";\r\n\r\nconsole.log(Url(PAYLOAD));\r\n\r\n// Expected hostname: example.com\r\n// Actual hostname by url-parse: example.com:\r\n```\r\n\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: '',\r\n host: 'example.com:',\r\n port: '',\r\n hostname: 'example.com:',\r\n password: '',\r\n username: '',\r\n origin: 'http://example.com:',\r\n href: 'http://example.com:/'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.8 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5)\n", + "disclosureTime": "2022-02-21T10:36:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.8" + ], + "id": "SNYK-JS-URLPARSE-2407759", + "identifiers": { + "CWE": [ + "CWE-285" + ], + "CVE": [ + "CVE-2022-0686" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-21T16:02:45.057937Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45.055472Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.8" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.8" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T12:56:54.006952Z", + "credit": [ + "haxatron" + ], + "cvssScore": 8.1, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Improper Input Validation due to improper fix of [CVE-2020-8124](https://security.snyk.io/vuln/SNYK-JS-URLPARSE-543307) , it is possible to be exploited via the `\\b` (backspace) character.\r\n\r\n## PoC:\r\n```js\r\nconst parse = require('./index.js')\r\n\r\nurl = parse('\\bhttp://google.com')\r\n\r\nconsole.log(url)\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: false,\r\n protocol: '',\r\n hash: '',\r\n query: '',\r\n pathname: '\\bhttp://google.com',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: '\\bhttp://google.com'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.9 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63)\n", + "disclosureTime": "2022-02-21T12:49:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.9" + ], + "id": "SNYK-JS-URLPARSE-2407770", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2022-0691" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:13:29.620707Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Input Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.9" + ] + }, + "severityWithCritical": "high", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.9" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-24T09:02:19.641584Z", + "credit": [ + "haxatron" + ], + "cvssScore": 6.2, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF.\r\n\r\n## PoC:\r\n```\r\nparse = require('url-parse')\r\n\r\nconsole.log(parse(\"http:@/127.0.0.1\"))\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/127.0.0.1',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: 'http:///127.0.0.1'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.7 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/226)\n", + "disclosureTime": "2022-02-17T00:00:00Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.7" + ], + "id": "SNYK-JS-URLPARSE-2412697", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0639" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-24T16:08:31.527221Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-24T16:08:31.525302Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/226" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass Through User-Controlled Key", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.7" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.7" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "url-parse", + "version": "1.5.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "@microsoft/signalr@3.1.14", + "ws@6.2.1" + ], + "upgradePath": [ + false, + "@microsoft/signalr@3.1.14", + "ws@6.2.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ws", + "version": "6.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "ws@6.2.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "ws@6.2.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ws", + "version": "6.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest-environment-jsdom-fourteen@1.0.1", + "jsdom@14.1.0", + "ws@6.2.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest-environment-jsdom-fourteen@1.0.1", + "jsdom@14.1.0", + "ws@6.2.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ws", + "version": "6.2.1" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.2" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ws", + "version": "5.2.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.2" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "ws", + "version": "5.2.2" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-10T10:54:16.017794Z", + "credit": [ + "gkmrrr" + ], + "cvssScore": 5.6, + "description": "## Overview\n[yup](https://www.npmjs.org/package/yup) is a Dead simple Object schema validation\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `.SetLocale` function.\r\n\r\n## PoC\r\n```js\r\nlet yup = require('yup');\r\nconst payload = JSON.parse('{\"__proto__\":{\"polluted\":\"Yes! Its Polluted\"}}');\r\nyup.setLocale(payload);\r\nconsole.log({}.polluted)\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `yup` to version 0.30.0 or higher.\n## References\n- [GitHub Commit](https://github.com/jquense/yup/commit/15a0f43007d2468d90a4917101d63e3d335e04b3)\n- [GitHub PR](https://github.com/jquense/yup/pull/1088)\n", + "disclosureTime": "2020-10-25T10:54:13Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "0.30.0" + ], + "id": "SNYK-JS-YUP-2420835", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-10T16:03:23.644669Z", + "moduleName": "yup", + "packageManager": "npm", + "packageName": "yup", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-10T16:03:23.643288Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/jquense/yup/commit/15a0f43007d2468d90a4917101d63e3d335e04b3" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jquense/yup/pull/1088" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.30.0" + ] + }, + "severityWithCritical": "medium", + "from": [ + "acme-review@1.0.0", + "yup@0.29.3" + ], + "upgradePath": [ + false, + "yup@0.30.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "yup", + "version": "0.29.3" + } + ], + "ok": false, + "dependencyCount": 1628, + "org": "brice-syslogic", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "npm", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "summary": "254 vulnerable dependency paths", + "remediation": { + "unresolved": [ + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T14:30:51.778839Z", + "credit": [ + "Ben Caller", + "Robert McLaughlin" + ], + "cvssScore": 7.5, + "description": "## Overview\n[ansi-html](https://www.npmjs.org/package/ansi-html) is an An elegant lib that converts the chalked (ANSI) text to HTML.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.\r\n\r\n### PoC\r\n```\r\nrequire('ansi-html')('x1b[0mx1b[' + '0'.repeat(35))\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ansi-html` to version 0.0.9 or higher.\n## References\n- [GitHub Issue](https://github.com/Tjatse/ansi-html/issues/19)\n- [GitHub PR](https://github.com/Tjatse/ansi-html/pull/20)\n", + "disclosureTime": "2021-05-26T14:19:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "0.0.9" + ], + "id": "SNYK-JS-ANSIHTML-1296849", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23424" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-13T13:31:55.912082Z", + "moduleName": "ansi-html", + "packageManager": "npm", + "packageName": "ansi-html", + "patches": [], + "proprietary": true, + "publicationTime": "2021-08-18T15:37:20Z", + "references": [ + { + "title": "GitHub Issue", + "url": "https://github.com/Tjatse/ansi-html/issues/19" + }, + { + "title": "GitHub PR", + "url": "https://github.com/Tjatse/ansi-html/pull/20" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.0.9" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "ansi-html@0.0.7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "ansi-html", + "version": "0.0.7", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", + "alternativeIds": [], + "creationTime": "2022-04-07T07:58:38.528444Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `mapValues()` method, due to improper check in `createObjectIterator` function.\r\n\r\n## PoC\r\n\r\n```js\r\n//when objects are parsed, all properties are created as own (the objects can come from outside sources (http requests/ file))\r\nconst hasOwn = JSON.parse('{\"__proto__\": {\"isAdmin\": true}}');\r\n\r\n//does not have the property, because it's inside object's own \"__proto__\"\r\nconsole.log(hasOwn.isAdmin);\r\n\r\nasync.mapValues(hasOwn, (val, key, cb) => cb(null, val), (error, result) => {\r\n // after the method executes, hasOwn.__proto__ value (isAdmin: true) replaces the prototype of the newly created object, leading to potential exploits.\r\n console.log(result.isAdmin);\r\n});\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `async` to version 2.6.4, 3.2.2 or higher.\n## References\n- [GitHub Backport PR](https://github.com/caolan/async/pull/1828)\n- [GitHub Commit](https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2)\n- [GitHub Commit](https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d)\n- [PoC](https://jsfiddle.net/oz5twjd9/)\n", + "disclosureTime": "2022-04-07T07:49:24Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.6.4", + "3.2.2" + ], + "id": "SNYK-JS-ASYNC-2441827", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-43138" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-14T08:24:43.116685Z", + "moduleName": "async", + "packageManager": "npm", + "packageName": "async", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-07T14:22:18Z", + "references": [ + { + "title": "GitHub Backport PR", + "url": "https://github.com/caolan/async/pull/1828" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" + }, + { + "title": "PoC", + "url": "https://jsfiddle.net/oz5twjd9/" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=2.0.0 <2.6.4", + ">=3.0.0 <3.2.2" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "portfinder@1.0.28", + "async@2.6.3" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "portfinder@1.0.28", + "async@2.6.4" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "async", + "version": "2.6.3", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-18T13:32:47.195986Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[d3-color](https://www.npmjs.org/package/d3-color) is a Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `rgb()` and `hrc()` functions. \r\n\r\nPoC by Yeting Li: \r\n```\r\nvar d3Color = require(\"d3-color\")\r\n// d3Color.rgb(\"rgb(255,255,255)\")\r\n\r\nfunction build_blank(n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"1\"\r\n }\r\n return ret + \"!\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 1000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_blank(i)\r\n d3Color.rgb(attack_str)\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `d3-color` to version 3.1.0 or higher.\n## References\n- [Github PR](https://github.com/d3/d3-color/pull/100)\n- [Github PR](https://github.com/d3/d3-color/pull/99)\n- [GitHub PR](https://github.com/d3/d3-color/pull/89)\n- [Github Releases](https://github.com/d3/d3-color/releases/tag/v3.1.0)\n", + "disclosureTime": "2021-02-18T13:30:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "3.1.0" + ], + "id": "SNYK-JS-D3COLOR-1076592", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:16:21.616192Z", + "moduleName": "d3-color", + "packageManager": "npm", + "packageName": "d3-color", + "patches": [], + "proprietary": true, + "publicationTime": "2021-07-05T14:17:56Z", + "references": [ + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/100" + }, + { + "title": "Github PR", + "url": "https://github.com/d3/d3-color/pull/99" + }, + { + "title": "GitHub PR", + "url": "https://github.com/d3/d3-color/pull/89" + }, + { + "title": "Github Releases", + "url": "https://github.com/d3/d3-color/releases/tag/v3.1.0" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<3.1.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/annotations@0.67.0", + "@nivo/colors@0.67.0", + "d3-scale@3.3.0", + "d3-interpolate@2.0.1", + "d3-color@2.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "d3-color", + "version": "2.0.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", + "alternativeIds": [], + "creationTime": "2021-05-18T16:51:02.039581Z", + "credit": [ + "chalker" + ], + "cvssScore": 7.7, + "description": "## Overview\n[dns-packet](https://www.npmjs.com/package/dns-packet) is an An abstract-encoding compliant module for encoding / decoding DNS packets\n\nAffected versions of this package are vulnerable to Remote Memory Exposure. It creates buffers with `allocUnsafe` and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.\n## Remediation\nUpgrade `dns-packet` to version 1.3.4, 5.2.4 or higher.\n## References\n- [GitHub Commit](https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56)\n- [HackerOne Report](https://hackerone.com/bugs?subject=user&report_id=968858)\n", + "disclosureTime": "2021-05-18T16:19:47Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.4", + "5.2.4" + ], + "id": "SNYK-JS-DNSPACKET-1293563", + "identifiers": { + "CWE": [ + "CWE-201" + ], + "GHSA": [ + "GHSA-3wcq-x3mq-6r9p" + ], + "CVE": [ + "CVE-2021-23386" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-06T14:08:52.020369Z", + "moduleName": "dns-packet", + "packageManager": "npm", + "packageName": "dns-packet", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-20T14:40:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56" + }, + { + "title": "HackerOne Report", + "url": "https://hackerone.com/bugs?subject=user&%3Breport_id=968858" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Remote Memory Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.4", + ">=2.0.0 <5.2.4" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "bonjour@3.5.0", + "multicast-dns@6.2.3", + "dns-packet@1.3.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "bonjour@3.5.0", + "multicast-dns@6.2.3", + "dns-packet@1.3.4" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "dns-packet", + "version": "1.3.1", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-05-12T14:16:29.503630Z", + "credit": [ + "Timothee Desurmont" + ], + "cvssScore": 6.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure by allowing cookies and the authorization headers to be leaked to external sites.\n## Remediation\nUpgrade `eventsource` to version 1.1.1, 2.0.2 or higher.\n## References\n- [GitHub Commit](https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4)\n", + "disclosureTime": "2022-05-12T14:14:39Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.1.1", + "2.0.2" + ], + "id": "SNYK-JS-EVENTSOURCE-2823375", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-1650" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-05-26T16:55:11.791827Z", + "moduleName": "eventsource", + "packageManager": "npm", + "packageName": "eventsource", + "patches": [], + "proprietary": false, + "publicationTime": "2022-05-12T14:23:37Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.1.1", + ">=2.0.0 <2.0.2" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "eventsource", + "version": "1.1.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-01-11T12:27:16.635235Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure by leaking the cookie header to a third party site in the process of fetching a remote URL with the cookie in the request body. If the response contains a `location` header, it will follow the redirect to another URL of a potentially malicious actor, to which the cookie would be exposed.\n## Remediation\nUpgrade `follow-redirects` to version 1.14.7 or higher.\n## References\n- [GitHub Commit](https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22)\n", + "disclosureTime": "2022-01-11T12:06:36Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.14.7" + ], + "id": "SNYK-JS-FOLLOWREDIRECTS-2332181", + "identifiers": { + "CWE": [ + "CWE-359" + ], + "CVE": [ + "CVE-2022-0155" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-12T12:49:36.151110Z", + "moduleName": "follow-redirects", + "packageManager": "npm", + "packageName": "follow-redirects", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-12T12:49:36.149349Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.14.7" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.7" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "follow-redirects", + "version": "1.14.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-02-09T13:37:15.331538Z", + "credit": [ + "haxatron" + ], + "cvssScore": 2.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure due a leakage of the Authorization header from the same hostname during HTTPS to HTTP redirection. An attacker who can listen in on the wire (or perform a MITM attack) will be able to receive the Authorization header due to the usage of the insecure HTTP protocol which does not verify the hostname the request is sending to.\n## Remediation\nUpgrade `follow-redirects` to version 1.14.8 or higher.\n## References\n- [GitHub Commit](https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445)\n", + "disclosureTime": "2022-02-09T12:43:30Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.14.8" + ], + "id": "SNYK-JS-FOLLOWREDIRECTS-2396346", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0536" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-09T17:20:22.056440Z", + "moduleName": "follow-redirects", + "packageManager": "npm", + "packageName": "follow-redirects", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-09T17:20:22.054220Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.14.8" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "http-proxy-middleware@0.19.1", + "http-proxy@1.18.1", + "follow-redirects@1.14.8" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "follow-redirects", + "version": "1.14.1", + "severityWithCritical": "low" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "alternativeIds": [], + "creationTime": "2021-11-14T15:11:37.579980Z", + "credit": [ + "Yoshino-s" + ], + "cvssScore": 8.6, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `validate` function, which when given a special payload will pollute `Object` with undesired attributes.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `json-schema` to version 0.4.0 or higher.\n## References\n- [GitHub Commit](https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741)\n", + "disclosureTime": "2021-11-14T15:05:57Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "0.4.0" + ], + "id": "SNYK-JS-JSONSCHEMA-1920922", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [ + "CVE-2021-3918" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-12-17T15:25:44.736835Z", + "moduleName": "json-schema", + "packageManager": "npm", + "packageName": "json-schema", + "patches": [], + "proprietary": false, + "publicationTime": "2021-11-14T16:49:43.070251Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<0.4.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.1", + "json-schema@0.2.3" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "request@2.88.2", + "http-signature@1.2.0", + "jsprim@1.4.2", + "json-schema@0.4.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "json-schema", + "version": "0.2.3", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", + "alternativeIds": [], + "creationTime": "2021-03-22T12:03:39.360085Z", + "credit": [ + "Marc Hassan" + ], + "cvssScore": 7.2, + "description": "## Overview\n[lodash.template](https://www.npmjs.com/package/lodash.template) is a The Lodash method _.template exported as a Node.js module.\n\nAffected versions of this package are vulnerable to Command Injection via `template`.\r\n\r\n### PoC\r\n```js\r\nvar _ = require('lodash');\r\n\r\n_.template('', { variable: '){console.log(process.env)}; with(obj' })()\r\n```\n## Remediation\nThere is no fixed version for `lodash.template`.\n## References\n- [GitHub Commit](https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c)\n- [Vulnerable Code](https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851)\n", + "disclosureTime": "2020-11-17T13:02:10Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-LODASHTEMPLATE-1088054", + "identifiers": { + "CWE": [ + "CWE-78" + ], + "GHSA": [ + "GHSA-35jh-r3h4-6jhm" + ], + "CVE": [ + "CVE-2021-23337" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:28:18.096614Z", + "moduleName": "lodash.template", + "packageManager": "npm", + "packageName": "lodash.template", + "patches": [], + "proprietary": true, + "publicationTime": "2021-02-15T11:50:50Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Command Injection", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "workbox-webpack-plugin@4.3.1", + "workbox-build@4.3.1", + "lodash.template@4.5.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "lodash.template", + "version": "4.5.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-03-18T13:02:08.840039Z", + "credit": [ + "Unknown" + ], + "cvssScore": 3.7, + "description": "## Overview\n[minimist](https://www.npmjs.com/package/minimist) is a parse argument options module.\n\nAffected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`.\r\n\r\n**Notes:** \r\n\r\n- This vulnerability is a bypass to [CVE-2020-7598](https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764)\r\n\r\n- The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.\r\n\r\n\r\n## PoC by Snyk\r\n```js\r\nrequire('minimist')('--_.constructor.constructor.prototype.foo bar'.split(' '));\r\nconsole.log((function(){}).foo); // bar\r\n```\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `minimist` to version 1.2.6 or higher.\n## References\n- [Fix Commit](https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d)\n- [GitHub Issue](https://github.com/substack/minimist/issues/164)\n- [Vulnerable Code](https://github.com/substack/minimist/blob/master/index.js#L69)\n", + "disclosureTime": "2022-03-18T12:24:05Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.2.6" + ], + "id": "SNYK-JS-MINIMIST-2429795", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "SNYK": [ + "SNYK-JS-MINIMIST-559764" + ], + "CVE": [ + "CVE-2021-44906" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-06T12:01:22.204194Z", + "moduleName": "minimist", + "packageManager": "npm", + "packageName": "minimist", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-21T12:09:35Z", + "references": [ + { + "title": "Fix Commit", + "url": "https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/substack/minimist/issues/164" + }, + { + "title": "Vulnerable Code", + "url": "https://github.com/substack/minimist/blob/master/index.js%23L69" + } + ], + "severity": "low", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.2.6" + ] + }, + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.5" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "@cnakazawa/watch@1.0.4", + "minimist@1.2.6" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "minimist", + "version": "1.2.5", + "severityWithCritical": "low" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "alternativeIds": [], + "creationTime": "2022-04-05T08:46:07.677588Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n[moment](https://www.npmjs.com/package/moment) is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.\n\nAffected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.\n\n## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```\n\n## Remediation\nUpgrade `moment` to version 2.29.2 or higher.\n## References\n- [GitHub Commit](https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5)\n", + "disclosureTime": "2022-04-05T08:39:23Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.29.2" + ], + "id": "SNYK-JS-MOMENT-2440688", + "identifiers": { + "CWE": [ + "CWE-22" + ], + "GHSA": [ + "GHSA-8hfj-j24r-96c4" + ], + "CVE": [ + "CVE-2022-24785" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-05T12:30:50.880408Z", + "moduleName": "moment", + "packageManager": "npm", + "packageName": "moment", + "patches": [], + "proprietary": false, + "publicationTime": "2022-04-05T12:30:50.878091Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Directory Traversal", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.29.2" + ] + }, + "from": [ + "acme-review@1.0.0", + "@types/moment-timezone@0.5.30", + "moment-timezone@0.5.33", + "moment@2.29.1" + ], + "upgradePath": [ + false, + "@types/moment-timezone@0.5.30", + "moment-timezone@0.5.33", + "moment@2.29.2" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "moment", + "version": "2.29.1", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "alternativeIds": [], + "creationTime": "2022-01-17T12:08:00.675849Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.5, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Information Exposure when fetching a remote url with Cookie, if it get a `Location` response header, it will follow that url and try to fetch that url with provided cookie. This can lead to forwarding secure headers to 3th party.\n## Remediation\nUpgrade `node-fetch` to version 2.6.7, 3.1.1 or higher.\n## References\n- [Github Commit](https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60)\n- [GitHub PR](https://github.com/node-fetch/node-fetch/pull/1449)\n", + "disclosureTime": "2022-01-17T12:00:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.6.7", + "3.1.1" + ], + "id": "SNYK-JS-NODEFETCH-2342118", + "identifiers": { + "CWE": [ + "CWE-200" + ], + "CVE": [ + "CVE-2022-0235", + "CVE-2022-1365" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-04-18T09:45:11.278222Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-17T16:25:00Z", + "references": [ + { + "title": "Github Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60" + }, + { + "title": "GitHub PR", + "url": "https://github.com/node-fetch/node-fetch/pull/1449" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Information Exposure", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.6.7", + ">=3.0.0 <3.1.1" + ] + }, + "from": [ + "acme-review@1.0.0", + "jest-fetch-mock@3.0.3", + "cross-fetch@3.1.4", + "node-fetch@2.6.1" + ], + "upgradePath": [ + false, + "jest-fetch-mock@3.0.3", + "cross-fetch@3.1.5", + "node-fetch@2.6.7" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-fetch", + "version": "2.6.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2020-09-11T10:50:56.354201Z", + "credit": [ + "Unknown" + ], + "cvssScore": 5.9, + "description": "## Overview\n[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js\n\nAffected versions of this package are vulnerable to Denial of Service. Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.\n## Remediation\nUpgrade `node-fetch` to version 2.6.1, 3.0.0-beta.9 or higher.\n## References\n- [GitHub Advisory](https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r)\n- [GitHub Commit](https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334)\n", + "disclosureTime": "2020-09-10T17:55:53Z", + "exploit": "Unproven", + "functions": [ + { + "functionId": { + "filePath": "lib/index.js", + "className": null, + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "fixedIn": [ + "2.6.1", + "3.0.0-beta.9" + ], + "id": "SNYK-JS-NODEFETCH-674311", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-w7rc-rwvf-8q5r" + ], + "CVE": [ + "CVE-2020-15168" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-26T16:47:31.069025Z", + "moduleName": "node-fetch", + "packageManager": "npm", + "packageName": "node-fetch", + "patches": [], + "proprietary": false, + "publicationTime": "2020-09-11T14:12:46Z", + "references": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service", + "insights": { + "triageAdvice": null + }, + "functions_new": [ + { + "functionId": { + "filePath": "lib/index.js", + "functionName": "fetch" + }, + "version": [ + ">1.7.1 <1.7.4", + ">2.0.0-alpha.7 <2.6.1" + ] + } + ], + "semver": { + "vulnerable": [ + "<2.6.1", + ">=3.0.0-beta.1 <3.0.0-beta.9" + ] + }, + "from": [ + "acme-review@1.0.0", + "@nivo/line@0.67.0", + "@nivo/legends@0.67.0", + "recompose@0.30.0", + "fbjs@0.8.17", + "isomorphic-fetch@2.2.1", + "node-fetch@1.7.3" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-fetch", + "version": "1.7.3", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-01-06T11:16:25.853884Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Open Redirect via `parseUrl` function when it mishandles certain uses of backslash such as `https:/\\/\\/\\` and interprets the URI as a relative path.\r\n\r\n### PoC:\r\n```js\r\n\r\n// poc.js\r\nvar forge = require(\"node-forge\");\r\nvar url = forge.util.parseUrl(\"https:/\\/\\/\\www.github.com/foo/bar\");\r\nconsole.log(url);\r\n\r\n// Output of node poc.js:\r\n\r\n{\r\n full: 'https://',\r\n scheme: 'https',\r\n host: '',\r\n port: 443,\r\n path: '/www.github.com/foo/bar', <<<---- path should be \"/foo/bar\"\r\n fullHost: ''\r\n}\r\n\r\n```\n## Remediation\nUpgrade `node-forge` to version 1.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e)\n- [URL Confusion Explained - Snyk Blog](https://snyk.io/blog/url-confusion-vulnerabilities/)\n", + "disclosureTime": "2022-01-06T11:09:34Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.0" + ], + "id": "SNYK-JS-NODEFORGE-2330875", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "GHSA": [ + "GHSA-gf8q-jrpm-jvxq" + ], + "CVE": [ + "CVE-2022-0122" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-10T22:56:46.640081Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-06T17:17:25Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e" + }, + { + "title": "URL Confusion Explained - Snyk Blog", + "url": "https://snyk.io/blog/url-confusion-vulnerabilities/" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.2.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-forge", + "version": "0.10.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-01-09T10:11:24.467022Z", + "credit": [ + "Unknown" + ], + "cvssScore": 6.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `forge.debug` API if called with untrusted input.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `node-forge` to version 1.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/51228083550dde97701ac8e06c629a5184117562)\n", + "disclosureTime": "2022-01-08T00:22:42Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.0.0" + ], + "id": "SNYK-JS-NODEFORGE-2331908", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "GHSA": [ + "GHSA-5rrq-pxf6-6jx5" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-01-09T15:54:48.990788Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-01-09T15:54:48.988558Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/51228083550dde97701ac8e06c629a5184117562" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.2.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-forge", + "version": "0.10.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T08:56:55.258238Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 5.6, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA's `PKCS#1 v1.5` signature verification code which does not properly check `DigestInfo` for a proper `ASN.1` structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T08:47:53Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430337", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-2r2c-g63r-vccr" + ], + "CVE": [ + "CVE-2022-24773" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:53.367585Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:53.330824Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-forge", + "version": "0.10.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T09:05:59.631233Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 7.3, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA's `PKCS#1` v1.5 signature verification code which does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T08:57:14Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430339", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-x4jg-mjrx-434g" + ], + "CVE": [ + "CVE-2022-24772" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:52.726979Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:52.700898Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-forge", + "version": "0.10.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "alternativeIds": [], + "creationTime": "2022-03-20T09:20:18.671201Z", + "credit": [ + "Moosa Yahyazadeh" + ], + "cvssScore": 5.6, + "description": "## Overview\n[node-forge](https://github.com/digitalbazaar/forge) is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.\n\nAffected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to RSA`s `PKCS#1` v1.5 signature verification code which is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.\n## Remediation\nUpgrade `node-forge` to version 1.3.0 or higher.\n## References\n- [GitHub Commit](https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1)\n", + "disclosureTime": "2022-03-20T09:07:01Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "1.3.0" + ], + "id": "SNYK-JS-NODEFORGE-2430341", + "identifiers": { + "CWE": [ + "CWE-347" + ], + "GHSA": [ + "GHSA-cfm4-qjh2-4765" + ], + "CVE": [ + "CVE-2022-24771" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-03-20T16:39:53.013303Z", + "moduleName": "node-forge", + "packageManager": "npm", + "packageName": "node-forge", + "patches": [], + "proprietary": false, + "publicationTime": "2022-03-20T16:39:53.005772Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Improper Verification of Cryptographic Signature", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.3.0" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.11", + "node-forge@0.10.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "selfsigned@1.10.13", + "node-forge@1.3.0" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "node-forge", + "version": "0.10.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-05-23T12:23:14.606493Z", + "credit": [ + "Diego Perini" + ], + "cvssScore": 6.2, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when it is provided the invalid selector `_:-ms-fullscreen`. This triggers an infinite loop.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3)\n- [GitHub Issue](https://github.com/dperini/nwsapi/issues/46#issuecomment-1134223659)\n", + "disclosureTime": "2022-05-23T12:06:55Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [], + "id": "SNYK-JS-NWSAPI-2841516", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-15T15:35:57.288474Z", + "moduleName": "nwsapi", + "packageManager": "npm", + "packageName": "nwsapi", + "patches": [], + "proprietary": false, + "publicationTime": "2022-06-15T15:35:57.286030Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/dperini/nwsapi/commit/ab9cde1eb05ec9badfc3abaf15687b1a6f9e9ad3" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/dperini/nwsapi/issues/46%23issuecomment-1134223659" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Denial of Service (DoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "*" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "nwsapi@2.2.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "nwsapi", + "version": "2.2.0", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-02-19T16:00:22.449519Z", + "credit": [ + "Yeting Li" + ], + "cvssScore": 5.3, + "description": "## Overview\n[path-parse](https://www.npmjs.org/package/path-parse) is a Node.js path.parse() ponyfill\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions. ReDoS exhibits polynomial worst-case time complexity.\r\n\r\n### PoC\r\n```\r\nvar pathParse = require('path-parse');\r\nfunction build_attack(n) {\r\n var ret = \"\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \"/\"\r\n }\r\n return ret + \"◎\";\r\n}\r\n\r\nfor(var i = 1; i <= 5000000; i++) {\r\n if (i % 10000 == 0) {\r\n var time = Date.now();\r\n var attack_str = build_attack(i)\r\n pathParse(attack_str);\r\n var time_cost = Date.now() - time;\r\n console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n }\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `path-parse` to version 1.0.7 or higher.\n## References\n- [GitHub Issue 1](https://github.com/jbgutierrez/path-parse/issues/8)\n- [GitHub PR](https://github.com/jbgutierrez/path-parse/pull/10)\n", + "disclosureTime": "2021-02-19T15:54:01Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.7" + ], + "id": "SNYK-JS-PATHPARSE-1077067", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-23343" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.024375Z", + "moduleName": "path-parse", + "packageManager": "npm", + "packageName": "path-parse", + "patches": [], + "proprietary": true, + "publicationTime": "2021-05-04T08:38:49Z", + "references": [ + { + "title": "GitHub Issue 1", + "url": "https://github.com/jbgutierrez/path-parse/issues/8" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jbgutierrez/path-parse/pull/10" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.7" + ] + }, + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "babel-plugin-istanbul@5.2.0", + "test-exclude@5.2.3", + "read-pkg-up@4.0.0", + "read-pkg@3.0.0", + "normalize-package-data@2.5.0", + "resolve@1.20.0", + "path-parse@1.0.6" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "babel-plugin-istanbul@5.2.0", + "test-exclude@5.2.3", + "read-pkg-up@4.0.0", + "read-pkg@3.0.0", + "normalize-package-data@2.5.0", + "resolve@1.20.0", + "path-parse@1.0.7" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "path-parse", + "version": "1.0.6", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-10-08T12:15:58.593115Z", + "credit": [ + "Ready Research" + ], + "cvssScore": 5.3, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU.\r\n\r\n### PoC\r\n```\r\nconst strip = require('prompts/lib/util/strip.js');\r\nfor(var i = 1; i <= 5000; i++) {\r\nvar time = Date.now();\r\nvar attack_str = \"\\u001B[\"+\";\".repeat(i*1000);\r\nstrip(attack_str)\r\nvar time_cost = Date.now() - time;\r\nconsole.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `prompts` to version 2.4.2 or higher.\n## References\n- [GitHub PR](https://github.com/terkelg/prompts/pull/333)\n- [GitHub Release](https://github.com/terkelg/prompts/releases/tag/v2.4.2)\n", + "disclosureTime": "2021-10-08T12:09:35Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "2.4.2" + ], + "id": "SNYK-JS-PROMPTS-1729737", + "identifiers": { + "CWE": [ + "CWE-1333" + ], + "CVE": [ + "CVE-2021-3868" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-10-18T11:52:51.626359Z", + "moduleName": "prompts", + "packageManager": "npm", + "packageName": "prompts", + "patches": [], + "proprietary": false, + "publicationTime": "2021-10-08T13:48:51Z", + "references": [ + { + "title": "GitHub PR", + "url": "https://github.com/terkelg/prompts/pull/333" + }, + { + "title": "GitHub Release", + "url": "https://github.com/terkelg/prompts/releases/tag/v2.4.2" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.4.2" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "prompts@2.4.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "prompts@2.4.2" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "prompts", + "version": "2.4.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R", + "alternativeIds": [], + "creationTime": "2021-04-15T12:21:08.776563Z", + "credit": [ + "Yeting Li", + "Ben Caller" + ], + "cvssScore": 7.5, + "description": "## Overview\n[ssri](https://github.com/zkat/ssri) is a Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). `ssri` processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ssri` to version 6.0.2, 7.1.1, 8.0.1 or higher.\n## References\n- [GitHub Additional Information](https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf)\n- [GitHub Commit](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2)\n", + "disclosureTime": "2018-02-14T20:39:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "6.0.2", + "7.1.1", + "8.0.1" + ], + "id": "SNYK-JS-SSRI-1246392", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "NSP": [ + "565" + ], + "CVE": [ + "CVE-2021-27290" + ], + "GHSA": [ + "GHSA-vx3p-948g-6vhq" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-23T14:33:16.198456Z", + "moduleName": "ssri", + "packageManager": "npm", + "packageName": "ssri", + "patches": [], + "proprietary": false, + "publicationTime": "2021-04-15T14:43:24Z", + "references": [ + { + "title": "GitHub Additional Information", + "url": "https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf" + }, + { + "title": "GitHub Commit", + "url": "https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=5.2.2 <6.0.2", + ">=7.0.0 <7.1.1", + ">=8.0.0 <8.0.1" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "terser-webpack-plugin@2.3.8", + "cacache@13.0.1", + "ssri@7.1.0" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "terser-webpack-plugin@2.3.8", + "cacache@13.0.1", + "ssri@7.1.1" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "ssri", + "version": "7.1.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "alternativeIds": [], + "creationTime": "2021-09-08T12:39:02.502663Z", + "credit": [ + "Unknown" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the main functionality.\r\n\r\n### PoC\r\n```\r\nvar tmpl = require(\"tmpl\")\r\nfor(var i = 1; i <= 1000; i++) {\r\n var time = Date.now();\r\n payload = \"hello, \" + \"{\".repeat(i*10000) + \"day\"\r\n tmpl(payload, {day: \"tomorrow\"})\r\n var time_taken = Date.now() - time;\r\n console.log(\"payload length: \" + payload.length + \" - time taken: \" + time_taken + \"ms\")\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `tmpl` to version 1.0.5 or higher.\n## References\n- [GitHub Commit](https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6)\n", + "disclosureTime": "2021-09-08T11:19:47Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.0.5" + ], + "id": "SNYK-JS-TMPL-1583443", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "CVE": [ + "CVE-2021-3777" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-09-15T18:40:54.505298Z", + "moduleName": "tmpl", + "packageManager": "npm", + "packageName": "tmpl", + "patches": [], + "proprietary": false, + "publicationTime": "2021-09-15T18:40:54.502927Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.0.5" + ] + }, + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.4" + ], + "upgradePath": [ + false, + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/transform@24.9.0", + "jest-haste-map@24.9.0", + "sane@4.1.0", + "walker@1.0.7", + "makeerror@1.0.11", + "tmpl@1.0.5" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "tmpl", + "version": "1.0.4", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "alternativeIds": [], + "creationTime": "2022-02-13T14:46:07.185334Z", + "credit": [ + "khizar" + ], + "cvssScore": 7.5, + "description": "## Overview\n\nAffected versions of this package are vulnerable to Prototype Pollution via the `unset` function in `index.js`, because it allows access to object prototype properties.\n\n## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n \n- Property definition by path\n \n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of “path”, they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n \n- Web server\n \n\n## How to prevent\n\n1. Freeze the prototype— use `Object.freeze (Object.prototype)`.\n \n2. Require schema validation of JSON input.\n \n3. Avoid using unsafe recursive merge functions.\n \n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n \n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. “JavaScript prototype pollution attack in NodeJS application.” GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n\n## Remediation\nUpgrade `unset-value` to version 2.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561)\n- [GitHub Issue](https://github.com/jonschlinkert/unset-value/issues/11)\n- [GitHub PR](https://github.com/jonschlinkert/unset-value/pull/12)\n- [GitHub Release](https://github.com/jonschlinkert/unset-value/releases)\n", + "disclosureTime": "2022-02-13T14:44:04Z", + "exploit": "Not Defined", + "functions": [], + "fixedIn": [ + "2.0.1" + ], + "id": "SNYK-JS-UNSETVALUE-2400660", + "identifiers": { + "CWE": [ + "CWE-1321" + ], + "CVE": [] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-13T15:26:38.065734Z", + "moduleName": "unset-value", + "packageManager": "npm", + "packageName": "unset-value", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-13T15:26:38.063549Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/jonschlinkert/unset-value/pull/12/commits/abb534769f6ea62c3dd988f5ce0a4ebd1f91b561" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/jonschlinkert/unset-value/issues/11" + }, + { + "title": "GitHub PR", + "url": "https://github.com/jonschlinkert/unset-value/pull/12" + }, + { + "title": "GitHub Release", + "url": "https://github.com/jonschlinkert/unset-value/releases" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Prototype Pollution", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<2.0.1" + ] + }, + "from": [ + "acme-review@1.0.0", + "jest-enzyme@7.1.2", + "jest-environment-enzyme@7.1.2", + "jest-environment-jsdom@24.9.0", + "@jest/environment@24.9.0", + "@jest/fake-timers@24.9.0", + "jest-message-util@24.9.0", + "micromatch@3.1.10", + "braces@2.3.2", + "snapdragon@0.8.2", + "base@0.11.2", + "cache-base@1.0.1", + "unset-value@1.0.0" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "unset-value", + "version": "1.0.0", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2021-07-26T12:59:09.903181Z", + "credit": [ + "ready-research" + ], + "cvssScore": 5.3, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.\n## Remediation\nUpgrade `url-parse` to version 1.5.2 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0)\n- [GitHub Issue](https://github.com/unshiftio/url-parse/issues/206)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/208)\n", + "disclosureTime": "2021-07-26T12:57:37Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.2" + ], + "id": "SNYK-JS-URLPARSE-1533425", + "identifiers": { + "CWE": [ + "CWE-601" + ], + "CVE": [ + "CVE-2021-3664" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-07-26T15:23:41.208720Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2021-07-26T15:23:41.206700Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/unshiftio/url-parse/issues/206" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/208" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Open Redirect", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.2" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.2" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "url-parse", + "version": "1.5.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P", + "alternativeIds": [], + "creationTime": "2022-02-15T10:01:29.002928Z", + "credit": [ + "ranjit-git" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.\r\n\r\n## PoC:\r\n\r\n```js\r\n// PoC.js\r\n var parse = require('url-parse')\r\nvar cc=parse(\"http://admin:password123@@127.0.0.1\")\r\n\r\n//Output:\r\n{ slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: 'admin:password123',\r\n host: '@127.0.0.1',\r\n port: '',\r\n hostname: '@127.0.0.1',\r\n password: 'password123',\r\n username: 'admin',\r\n origin: 'http://@127.0.0.1',\r\n href: 'http://admin:password123@@127.0.0.1/' }\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.6 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/223)\n", + "disclosureTime": "2022-02-15T09:53:25Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.6" + ], + "id": "SNYK-JS-URLPARSE-2401205", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0512" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-15T15:27:36.795014Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-15T13:06:08Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/223" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Access Restriction Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.6" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.6" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "url-parse", + "version": "1.5.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T10:47:02.113879Z", + "credit": [ + "Rohan Sharma" + ], + "cvssScore": 6.4, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass via the `hostname` field of a parsed URL, because \"url-parse\" is unable to find the correct hostname when no port number is provided in the URL.\r\n\r\n## PoC:\r\n```js\r\nvar Url = require('url-parse');\r\nvar PAYLOAD = \"http://example.com:\";\r\n\r\nconsole.log(Url(PAYLOAD));\r\n\r\n// Expected hostname: example.com\r\n// Actual hostname by url-parse: example.com:\r\n```\r\n\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/',\r\n auth: '',\r\n host: 'example.com:',\r\n port: '',\r\n hostname: 'example.com:',\r\n password: '',\r\n username: '',\r\n origin: 'http://example.com:',\r\n href: 'http://example.com:/'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.8 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5)\n", + "disclosureTime": "2022-02-21T10:36:50Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.8" + ], + "id": "SNYK-JS-URLPARSE-2407759", + "identifiers": { + "CWE": [ + "CWE-285" + ], + "CVE": [ + "CVE-2022-0686" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-21T16:02:45.057937Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45.055472Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.8" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.8" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "url-parse", + "version": "1.5.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-21T12:56:54.006952Z", + "credit": [ + "haxatron" + ], + "cvssScore": 8.1, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Improper Input Validation due to improper fix of [CVE-2020-8124](https://security.snyk.io/vuln/SNYK-JS-URLPARSE-543307) , it is possible to be exploited via the `\\b` (backspace) character.\r\n\r\n## PoC:\r\n```js\r\nconst parse = require('./index.js')\r\n\r\nurl = parse('\\bhttp://google.com')\r\n\r\nconsole.log(url)\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: false,\r\n protocol: '',\r\n hash: '',\r\n query: '',\r\n pathname: '\\bhttp://google.com',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: '\\bhttp://google.com'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.9 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63)\n", + "disclosureTime": "2022-02-21T12:49:06Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.9" + ], + "id": "SNYK-JS-URLPARSE-2407770", + "identifiers": { + "CWE": [ + "CWE-20" + ], + "CVE": [ + "CVE-2022-0691" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-06-09T15:13:29.620707Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-21T16:02:45Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63" + } + ], + "severity": "high", + "socialTrendAlert": false, + "title": "Improper Input Validation", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.9" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.9" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "url-parse", + "version": "1.5.1", + "severityWithCritical": "high" + }, + { + "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P", + "alternativeIds": [], + "creationTime": "2022-02-24T09:02:19.641584Z", + "credit": [ + "haxatron" + ], + "cvssScore": 6.2, + "description": "## Overview\n[url-parse](https://www.npmjs.com/package/url-parse) is a Small footprint URL parser that works seamlessly across Node.js and browser environments.\n\nAffected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF.\r\n\r\n## PoC:\r\n```\r\nparse = require('url-parse')\r\n\r\nconsole.log(parse(\"http:@/127.0.0.1\"))\r\n```\r\nOutput:\r\n\r\n```\r\n{\r\n slashes: true,\r\n protocol: 'http:',\r\n hash: '',\r\n query: '',\r\n pathname: '/127.0.0.1',\r\n auth: '',\r\n host: '',\r\n port: '',\r\n hostname: '',\r\n password: '',\r\n username: '',\r\n origin: 'null',\r\n href: 'http:///127.0.0.1'\r\n}\r\n```\n## Remediation\nUpgrade `url-parse` to version 1.5.7 or higher.\n## References\n- [GitHub Commit](https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788)\n- [GitHub PR](https://github.com/unshiftio/url-parse/pull/226)\n", + "disclosureTime": "2022-02-17T00:00:00Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "1.5.7" + ], + "id": "SNYK-JS-URLPARSE-2412697", + "identifiers": { + "CWE": [ + "CWE-639" + ], + "CVE": [ + "CVE-2022-0639" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2022-02-24T16:08:31.527221Z", + "moduleName": "url-parse", + "packageManager": "npm", + "packageName": "url-parse", + "patches": [], + "proprietary": false, + "publicationTime": "2022-02-24T16:08:31.525302Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788" + }, + { + "title": "GitHub PR", + "url": "https://github.com/unshiftio/url-parse/pull/226" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Authorization Bypass Through User-Controlled Key", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + "<1.5.7" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.1" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "webpack-dev-server@3.11.0", + "sockjs-client@1.4.0", + "eventsource@1.1.0", + "original@1.0.2", + "url-parse@1.5.7" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "url-parse", + "version": "1.5.1", + "severityWithCritical": "medium" + }, + { + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", + "alternativeIds": [], + "creationTime": "2021-05-26T08:37:36.519338Z", + "credit": [ + "Robert McLaughlin" + ], + "cvssScore": 5.3, + "description": "## Overview\n[ws](https://www.npmjs.com/package/ws) is a simple to use websocket client, server and console for node.js.\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a `ws` server.\r\n\r\n##PoC\r\n```\r\nfor (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {\r\n const value = 'b' + ' '.repeat(length) + 'x';\r\n const start = process.hrtime.bigint();\r\n\r\n value.trim().split(/ *, */);\r\n\r\n const end = process.hrtime.bigint();\r\n\r\n console.log('length = %d, time = %f ns', length, end - start);\r\n}\r\n```\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `ws` to version 7.4.6, 6.2.2, 5.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff)\n", + "disclosureTime": "2021-05-26T08:34:58Z", + "exploit": "Proof of Concept", + "functions": [], + "fixedIn": [ + "7.4.6", + "6.2.2", + "5.2.3" + ], + "id": "SNYK-JS-WS-1296835", + "identifiers": { + "CWE": [ + "CWE-400" + ], + "GHSA": [ + "GHSA-6fc8-4gx4-v693" + ], + "CVE": [ + "CVE-2021-32640" + ] + }, + "language": "js", + "malicious": false, + "modificationTime": "2021-08-08T13:56:55.072977Z", + "moduleName": "ws", + "packageManager": "npm", + "packageName": "ws", + "patches": [], + "proprietary": false, + "publicationTime": "2021-05-26T11:57:43Z", + "references": [ + { + "title": "GitHub Commit", + "url": "https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff" + } + ], + "severity": "medium", + "socialTrendAlert": false, + "title": "Regular Expression Denial of Service (ReDoS)", + "insights": { + "triageAdvice": null + }, + "functions_new": [], + "semver": { + "vulnerable": [ + ">=7.0.0 <7.4.6", + ">=6.0.0 <6.2.2", + "<5.2.3" + ] + }, + "from": [ + "acme-review@1.0.0", + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.2" + ], + "upgradePath": [ + false, + "react-scripts@3.4.4", + "jest@24.9.0", + "jest-cli@24.9.0", + "@jest/core@24.9.0", + "@jest/reporters@24.9.0", + "jest-runtime@24.9.0", + "jest-config@24.9.0", + "jest-environment-jsdom@24.9.0", + "jsdom@11.12.0", + "ws@5.2.3" + ], + "isUpgradable": true, + "isPatchable": false, + "isPinnable": false, + "isRuntime": false, + "name": "ws", + "version": "5.2.2", + "severityWithCritical": "medium" + } + ], + "upgrade": { + "react-native-svg@9.13.6": { + "upgradeTo": "react-native-svg@12.3.0", + "upgrades": [ + "css-what@3.4.2", + "nth-check@1.0.2" + ], + "vulns": [ + "SNYK-JS-CSSWHAT-1298035", + "SNYK-JS-NTHCHECK-1586032" + ] + }, + "react-scripts@3.4.4": { + "upgradeTo": "react-scripts@5.0.0", + "upgrades": [ + "browserslist@4.10.0", + "immer@1.10.0", + "shell-quote@1.7.2", + "ansi-regex@2.1.1", + "glob-parent@3.1.0", + "immer@1.10.0", + "istanbul-reports@2.2.7", + "postcss@7.0.21", + "postcss@7.0.21", + "react-dev-utils@10.2.1" + ], + "vulns": [ + "SNYK-JS-BROWSERSLIST-1090194", + "SNYK-JS-IMMER-1540542", + "SNYK-JS-SHELLQUOTE-1766506", + "SNYK-JS-ANSIREGEX-1583908", + "SNYK-JS-GLOBPARENT-1016905", + "SNYK-JS-IMMER-1019369", + "SNYK-JS-ISTANBULREPORTS-2328088", + "SNYK-JS-POSTCSS-1090595", + "SNYK-JS-POSTCSS-1255640", + "SNYK-JS-REACTDEVUTILS-1083268" + ] + }, + "yup@0.29.3": { + "upgradeTo": "yup@0.30.0", + "upgrades": [ + "yup@0.29.3" + ], + "vulns": [ + "SNYK-JS-YUP-2420835" + ] + } + }, + "patch": {}, + "ignore": {}, + "pin": {} + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 43, + "projectName": "acme-review", + "foundProjectCount": 1, + "displayTargetFile": "package-lock.json", + "path": "F:\\acme\\foobar-two" +} diff --git a/unittests/scans/snyk/snykcode_issue_9270.json b/unittests/scans/snyk/snykcode_issue_9270.json new file mode 100644 index 00000000000..b9a56f85c44 --- /dev/null +++ b/unittests/scans/snyk/snykcode_issue_9270.json @@ -0,0 +1,10782 @@ +{ + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "SnykCode", + "semanticVersion": "1.0.0", + "version": "1.0.0", + "rules": [ + { + "id": "javascript/XSS", + "name": "XSS", + "shortDescription": { + "text": "Cross-site Scripting (XSS)" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n## Best practices for prevention\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "XSS", + "Security", + "SourceNetworkRequest", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/mjackson/unpkg/commit/db69375e9c944a115e0d542485694e5529e1ddd7?diff=split#diff-59f9f1a3f7e9116d78e320b8b4f3739db8ceaddcff22dae7d19dbc2a5304024aL-1", + "lines": [ + { + "line": "res.status(404).send(`Cannot find main file \"${mainFilename}\" in package ${req.packageSpec}`)\n", + "lineNumber": 95, + "lineChange": "removed" + }, + { + "line": "res.status(404).type('text').send(`Cannot find main file \"${mainFilename}\" in package ${req.packageSpec}`)\n", + "lineNumber": 95, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/themeblvd/backroad/commit/08be2967098668a994d9d8bd034452c7b5b1ae6b?diff=split#diff-a73913970ad590fbf5ed8688eed6f7eda75939c6217a98c2d583e27709b7226fL-1", + "lines": [ + { + "line": "res.status(500).send(err);\n", + "lineNumber": 80, + "lineChange": "removed" + }, + { + "line": "res.status(404).send({ message: 'User not found.' });\n", + "lineNumber": 80, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/embark-framework/embark/commit/efbe71f5e25a3070088a3ea3a08e953e8e446a52?diff=split#diff-7c96a33de8e6615819fd2eccdb5d047d6fde50184a37faf63235fcf90319a606L-1", + "lines": [ + { + "line": "return res.send(\"-- couldn't profile \" + contractName + \" - it's not deployed or could be an interface\");\n", + "lineNumber": 82, + "lineChange": "removed" + }, + { + "line": "return res.send({error: \"-- couldn't profile \" + contractName + \" - it's not deployed or could be an interface\"});\n", + "lineNumber": 82, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 141, + "cwe": [ + "CWE-79" + ] + } + }, + { + "id": "javascript/NoRateLimitingForExpensiveWebOperation", + "name": "NoRateLimitingForExpensiveWebOperation", + "shortDescription": { + "text": "Allocation of Resources Without Limits or Throttling" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nWithout unlimited resources, software operating in the real world is inherently limited in the resources it may consume; similarly, servers are limited by the number of simultaneous sessions they can handle. Therefore, it is important for developers to design software that considers these real-world physical (or virtual) limitations and limits user sessions accordingly, both in terms of the number of user sessions and in the quantity of resources each user may demand. Software with this weakness does not include such limitations and as a result, individual user sessions may consume too many resources, leading to unintended software behavior including, potentially, denial of service. This can be compared to a single restaurant customer emptying out the entire buffet, leaving no food for other customers--or an entire busload mobbing the buffet all at once, with a similar effect. This may happen inadvertently or as a result of an attack by a malicious user.\n\n## Best practices for prevention\n* Test extensively to obtain baseline values indicating how the software performs in the real world under various conditions (normal and peak); use these values to determine reasonable software limits.\n* Set clear limits for all flexible parameters such as maximum allocable memory, number of processes within a given timeframe, file descriptors, requests per client, number of records per request, etc. This is particularly true for any parameters within user control.\n* Release all resources when no longer in use, including incorporating timeouts for inactive users, processes, and resources.\n* Familiarize Dev, Ops, and IT teams with best practices for recognizing and preventing DoS attacks and out-of-control resource allocation to prevent catastrophic failures.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "NoRateLimitingForExpensiveWebOperation", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/ministryofjustice/apvs-external-web/commit/0c9c9b33869909092d7cb442f10e76a08e4acb60?diff=split#diff-322f0482bd28fc40f84fcb0aaf208fef7fb63082d462cf02d11f46e59c531c24L-1", + "lines": [ + { + "line": "// rate limiting\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "if (config.RATE_LIMITING_ENABLED === 'true') {\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": " app.enable('trust proxy')\n", + "lineNumber": 45, + "lineChange": "added" + }, + { + "line": " var limiter = new RateLimit({\n", + "lineNumber": 46, + "lineChange": "added" + }, + { + "line": " windowMs: parseInt(config.RATE_LIMITING_WINDOW_MILLISECONDS),\n", + "lineNumber": 47, + "lineChange": "added" + }, + { + "line": " max: parseInt(config.RATE_LIMITING_REQUEST_LIMIT),\n", + "lineNumber": 48, + "lineChange": "added" + }, + { + "line": " delayMs: 0, // disable delaying - full speed until the max limit is reached\n", + "lineNumber": 49, + "lineChange": "added" + }, + { + "line": " skip: function (req) {\n", + "lineNumber": 50, + "lineChange": "added" + }, + { + "line": " return req.url.startsWith('/public') // skip public assets\n", + "lineNumber": 51, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 52, + "lineChange": "added" + }, + { + "line": " })\n", + "lineNumber": 53, + "lineChange": "added" + }, + { + "line": " // apply to all requests\n", + "lineNumber": 54, + "lineChange": "added" + }, + { + "line": " app.use(limiter)\n", + "lineNumber": 55, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 56, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 57, + "lineChange": "added" + }, + { + "line": "var packageJson = require('../package.json')\n", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": "var developmentMode = app.get('env') === 'development'\n", + "lineNumber": 59, + "lineChange": "none" + }, + { + "line": "var releaseVersion = packageJson.version\n", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": "var serviceName = 'Get help with prison visits'\n", + "lineNumber": 61, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 62, + "lineChange": "none" + }, + { + "line": "app.set('view engine', 'html')\n", + "lineNumber": 63, + "lineChange": "none" + }, + { + "line": "app.set('views', path.join(__dirname, 'views'))\n", + "lineNumber": 64, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 65, + "lineChange": "none" + }, + { + "line": "nunjucks(app, {\n", + "lineNumber": 66, + "lineChange": "none" + }, + { + "line": " watch: developmentMode,\n", + "lineNumber": 67, + "lineChange": "none" + }, + { + "line": " noCache: developmentMode\n", + "lineNumber": 68, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 69, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 70, + "lineChange": "none" + }, + { + "line": "app.use('/public', express.static(path.join(__dirname, 'public')))\n", + "lineNumber": 71, + "lineChange": "none" + }, + { + "line": "app.use('/public', express.static(path.join(__dirname, 'govuk_modules', 'govuk_template')))\n", + "lineNumber": 72, + "lineChange": "none" + }, + { + "line": "app.use('/public', express.static(path.join(__dirname, 'govuk_modules', 'govuk_frontend_toolkit')))\n", + "lineNumber": 73, + "lineChange": "none" + }, + { + "line": "app.use(favicon(path.join(__dirname, 'govuk_modules', 'govuk_template', 'images', 'favicon.ico')))\n", + "lineNumber": 74, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 75, + "lineChange": "none" + }, + { + "line": "// Basic auth\n", + "lineNumber": 76, + "lineChange": "none" + }, + { + "line": "if (config.BASIC_AUTH_ENABLED === 'true') {\n", + "lineNumber": 77, + "lineChange": "none" + }, + { + "line": " app.use(function (req, res, next) {\n", + "lineNumber": 78, + "lineChange": "none" + }, + { + "line": " var credentials = auth(req)\n", + "lineNumber": 79, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 80, + "lineChange": "none" + }, + { + "line": " if (req.url === '' || req.url === '/' || req.url === '/status') {\n", + "lineNumber": 81, + "lineChange": "none" + }, + { + "line": " next() // must leave root url free for Azure gateway\n", + "lineNumber": 82, + "lineChange": "none" + }, + { + "line": " } else {\n", + "lineNumber": 83, + "lineChange": "none" + }, + { + "line": " if (!credentials ||\n", + "lineNumber": 84, + "lineChange": "none" + }, + { + "line": " credentials.name !== config.BASIC_AUTH_USERNAME ||\n", + "lineNumber": 85, + "lineChange": "none" + }, + { + "line": " credentials.pass !== config.BASIC_AUTH_PASSWORD) {\n", + "lineNumber": 86, + "lineChange": "none" + }, + { + "line": " res.statusCode = 401\n", + "lineNumber": 87, + "lineChange": "none" + }, + { + "line": " res.setHeader('WWW-Authenticate', 'Basic realm=\"APVS External Web\"')\n", + "lineNumber": 88, + "lineChange": "none" + }, + { + "line": " res.end('Access denied')\n", + "lineNumber": 89, + "lineChange": "none" + }, + { + "line": " } else {\n", + "lineNumber": 90, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 91, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 92, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 93, + "lineChange": "none" + }, + { + "line": " })\n", + "lineNumber": 94, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 95, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 96, + "lineChange": "none" + }, + { + "line": "app.use(bodyParser.json())\n", + "lineNumber": 97, + "lineChange": "none" + }, + { + "line": "app.use(bodyParser.urlencoded({ extended: false }))\n", + "lineNumber": 98, + "lineChange": "none" + }, + { + "line": "app.use(expressSanitized())\n", + "lineNumber": 99, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 100, + "lineChange": "none" + }, + { + "line": "// Send assetPath to all views.\n", + "lineNumber": 101, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 102, + "lineChange": "none" + }, + { + "line": " res.locals.asset_path = '/public/'\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 104, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 105, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 106, + "lineChange": "none" + }, + { + "line": "// Add variables that are available in all views.\n", + "lineNumber": 107, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 108, + "lineChange": "none" + }, + { + "line": " res.locals.serviceName = serviceName\n", + "lineNumber": 109, + "lineChange": "none" + }, + { + "line": " res.locals.releaseVersion = 'v' + releaseVersion\n", + "lineNumber": 110, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 111, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 112, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 113, + "lineChange": "none" + }, + { + "line": "// Set locale for translations.\n", + "lineNumber": 114, + "lineChange": "none" + }, + { + "line": "i18n.configure({\n", + "lineNumber": 115, + "lineChange": "none" + }, + { + "line": " locales: ['en', 'cy'],\n", + "lineNumber": 116, + "lineChange": "none" + }, + { + "line": " directory: path.join(__dirname, '/locales'),\n", + "lineNumber": 117, + "lineChange": "none" + }, + { + "line": " updateFiles: config.I18N_UPDATEFILES || true\n", + "lineNumber": 118, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 119, + "lineChange": "none" + }, + { + "line": "app.use(i18n.init)\n", + "lineNumber": 120, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 121, + "lineChange": "none" + }, + { + "line": "// Log each HTML request and it's response.\n", + "lineNumber": 122, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 123, + "lineChange": "none" + }, + { + "line": " // Log response started.\n", + "lineNumber": 124, + "lineChange": "none" + }, + { + "line": " log.info({ request: req }, 'Route Started.')\n", + "lineNumber": 125, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 126, + "lineChange": "none" + }, + { + "line": " // Log response finished.\n", + "lineNumber": 127, + "lineChange": "none" + }, + { + "line": " onFinished(res, function () {\n", + "lineNumber": 128, + "lineChange": "none" + }, + { + "line": " log.info({ response: res }, 'Route Complete.')\n", + "lineNumber": 129, + "lineChange": "none" + }, + { + "line": " })\n", + "lineNumber": 130, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 131, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 132, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 133, + "lineChange": "none" + }, + { + "line": "// Use cookie parser middleware (required for csurf)\n", + "lineNumber": 134, + "lineChange": "none" + }, + { + "line": "app.use(cookieParser(config.EXT_APPLICATION_SECRET, { httpOnly: true, secure: config.EXT_SECURE_COOKIE === 'true' }))\n", + "lineNumber": 135, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 136, + "lineChange": "none" + }, + { + "line": "// Check for valid CSRF tokens on state-changing methods.\n", + "lineNumber": 137, + "lineChange": "none" + }, + { + "line": "var csrfProtection = csurf({ cookie: { httpOnly: true, secure: config.EXT_SECURE_COOKIE === 'true' } })\n", + "lineNumber": 138, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 139, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 140, + "lineChange": "none" + }, + { + "line": " csrfExcludeRoutes.forEach(function (route) {\n", + "lineNumber": 141, + "lineChange": "none" + }, + { + "line": " if (req.originalUrl.includes(route) && req.method === 'POST') {\n", + "lineNumber": 142, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 143, + "lineChange": "none" + }, + { + "line": " } else {\n", + "lineNumber": 144, + "lineChange": "none" + }, + { + "line": " csrfProtection(req, res, next)\n", + "lineNumber": 145, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 146, + "lineChange": "none" + }, + { + "line": " })\n", + "lineNumber": 147, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 148, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 149, + "lineChange": "none" + }, + { + "line": "// Generate CSRF tokens to be sent in POST requests\n", + "lineNumber": 150, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 151, + "lineChange": "none" + }, + { + "line": " if (req.hasOwnProperty('csrfToken')) {\n", + "lineNumber": 152, + "lineChange": "none" + }, + { + "line": " res.locals.csrfToken = req.csrfToken()\n", + "lineNumber": 153, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 154, + "lineChange": "none" + }, + { + "line": " next()\n", + "lineNumber": 155, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 156, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 157, + "lineChange": "none" + }, + { + "line": "// Build the router to route all HTTP requests and pass to the routes file for route configuration.\n", + "lineNumber": 158, + "lineChange": "none" + }, + { + "line": "var router = express.Router()\n", + "lineNumber": 159, + "lineChange": "none" + }, + { + "line": "routes(router)\n", + "lineNumber": 160, + "lineChange": "none" + }, + { + "line": "app.use('/', router)\n", + "lineNumber": 161, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 162, + "lineChange": "none" + }, + { + "line": "// catch 404 and forward to error handler.\n", + "lineNumber": 163, + "lineChange": "none" + }, + { + "line": "app.use(function (req, res, next) {\n", + "lineNumber": 164, + "lineChange": "none" + }, + { + "line": " var err = new Error('Not Found')\n", + "lineNumber": 165, + "lineChange": "none" + }, + { + "line": " err.status = 404\n", + "lineNumber": 166, + "lineChange": "none" + }, + { + "line": " res.status(404)\n", + "lineNumber": 167, + "lineChange": "none" + }, + { + "line": " next(err)\n", + "lineNumber": 168, + "lineChange": "none" + }, + { + "line": "})\n", + "lineNumber": 169, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 170, + "lineChange": "none" + }, + { + "line": "// catch CSRF token errors\n", + "lineNumber": 171, + "lineChange": "none" + }, + { + "line": "app.use(function (err, req, res, next) {\n", + "lineNumber": 172, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/SOSML/SOSML/commit/7e27f8b78d458f8ca8a4313730af19de6dc948a2?diff=split#diff-4e0d36557976efd053a8a93638c538d9c6530933aceca263867cd67b5ed9e5baL-1", + "lines": [ + { + "line": "var callDockerLimiter = new RateLimit({\n", + "lineNumber": 24, + "lineChange": "added" + }, + { + "line": " windowMs: 10*60*1000, // 1 hour window\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": " delayAfter: 10, // begin slowing down responses after the first 10 requests\n", + "lineNumber": 26, + "lineChange": "added" + }, + { + "line": " delayMs: 100, // slow down subsequent responses by 100 milliseconds per request\n", + "lineNumber": 27, + "lineChange": "added" + }, + { + "line": " max: 50, // start blocking after 50 requests\n", + "lineNumber": 28, + "lineChange": "added" + }, + { + "line": " message: \"Too many requests made from this IP, please try again in a few minutes\"\n", + "lineNumber": 29, + "lineChange": "added" + }, + { + "line": "});\n", + "lineNumber": 30, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 31, + "lineChange": "added" + }, + { + "line": "function evalSMLCode(payload, response) {\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": " let dockerrunner = cmd.get(\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": " 'docker run --cpus=1 --memory=128m --rm -i --read-only derjesko/mosmlfallback',\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": " function (err, data, stderr) {\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": " var last_line = data.split(/\\r?\\n/).pop();\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": " var error_code = parseInt(last_line.substring(2));\n", + "lineNumber": 37, + "lineChange": "none" + }, + { + "line": " error_text = '';\n", + "lineNumber": 38, + "lineChange": "none" + }, + { + "line": " if (error_code > 0) {\n", + "lineNumber": 39, + "lineChange": "none" + }, + { + "line": " if (error_code == 124) {\n", + "lineNumber": 40, + "lineChange": "none" + }, + { + "line": " error_text = 'SML hit the time limit of 3 seconds.';\n", + "lineNumber": 41, + "lineChange": "none" + }, + { + "line": " } else {\n", + "lineNumber": 42, + "lineChange": "none" + }, + { + "line": " data = data.replace(last_line, 'SML exited with ' + error_code);\n", + "lineNumber": 43, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 44, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 45, + "lineChange": "none" + }, + { + "line": " data = data.replace(last_line, error_text);\n", + "lineNumber": 46, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/plain');\n", + "lineNumber": 47, + "lineChange": "none" + }, + { + "line": " response.end(data);\n", + "lineNumber": 48, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 49, + "lineChange": "none" + }, + { + "line": " );\n", + "lineNumber": 50, + "lineChange": "none" + }, + { + "line": " dockerrunner.stdin.write(payload);\n", + "lineNumber": 51, + "lineChange": "none" + }, + { + "line": " dockerrunner.stdin.destroy();\n", + "lineNumber": 52, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 53, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 54, + "lineChange": "none" + }, + { + "line": "function readFile(name, callback) {\n", + "lineNumber": 55, + "lineChange": "none" + }, + { + "line": " fs.readFile(name, 'utf8', function (err, data) {\n", + "lineNumber": 56, + "lineChange": "none" + }, + { + "line": " if (err) {\n", + "lineNumber": 57, + "lineChange": "none" + }, + { + "line": " return console.log(err);\n", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 59, + "lineChange": "none" + }, + { + "line": " callback(data);\n", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 61, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 62, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 63, + "lineChange": "none" + }, + { + "line": "function outputFile(name, response) {\n", + "lineNumber": 64, + "lineChange": "none" + }, + { + "line": " readFile(name, function (data) {\n", + "lineNumber": 65, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/plain');\n", + "lineNumber": 66, + "lineChange": "none" + }, + { + "line": " response.end(data);\n", + "lineNumber": 67, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 68, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 69, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 70, + "lineChange": "none" + }, + { + "line": "function listDir(name, response) {\n", + "lineNumber": 71, + "lineChange": "none" + }, + { + "line": " fs.readdir(name, function (err, items) {\n", + "lineNumber": 72, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/json');\n", + "lineNumber": 73, + "lineChange": "none" + }, + { + "line": " response.end(JSON.stringify({codes: items}));\n", + "lineNumber": 74, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 75, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 76, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 77, + "lineChange": "none" + }, + { + "line": "server.post('/api/fallback/',\n", + "lineNumber": 69, + "lineChange": "removed" + }, + { + "line": "server.post('/api/fallback/', callDockerLimiter,\n", + "lineNumber": 78, + "lineChange": "added" + }, + { + "line": " function (request, response) {\n", + "lineNumber": 79, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/SOSML/SOSML/commit/7e27f8b78d458f8ca8a4313730af19de6dc948a2?diff=split#diff-4e0d36557976efd053a8a93638c538d9c6530933aceca263867cd67b5ed9e5baL-1", + "lines": [ + { + "line": "var callDockerLimiter = new RateLimit({\n", + "lineNumber": 24, + "lineChange": "added" + }, + { + "line": " windowMs: 10*60*1000, // 1 hour window\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": " delayAfter: 10, // begin slowing down responses after the first 10 requests\n", + "lineNumber": 26, + "lineChange": "added" + }, + { + "line": " delayMs: 100, // slow down subsequent responses by 100 milliseconds per request\n", + "lineNumber": 27, + "lineChange": "added" + }, + { + "line": " max: 50, // start blocking after 50 requests\n", + "lineNumber": 28, + "lineChange": "added" + }, + { + "line": " message: \"Too many requests made from this IP, please try again in a few minutes\"\n", + "lineNumber": 29, + "lineChange": "added" + }, + { + "line": "});\n", + "lineNumber": 30, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 31, + "lineChange": "added" + }, + { + "line": "function evalSMLCode(payload, response) {\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": " let dockerrunner = cmd.get(\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": " 'docker run --cpus=1 --memory=128m --rm -i --read-only derjesko/mosmlfallback',\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": " function (err, data, stderr) {\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": " var last_line = data.split(/\\r?\\n/).pop();\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": " var error_code = parseInt(last_line.substring(2));\n", + "lineNumber": 37, + "lineChange": "none" + }, + { + "line": " error_text = '';\n", + "lineNumber": 38, + "lineChange": "none" + }, + { + "line": " if (error_code > 0) {\n", + "lineNumber": 39, + "lineChange": "none" + }, + { + "line": " if (error_code == 124) {\n", + "lineNumber": 40, + "lineChange": "none" + }, + { + "line": " error_text = 'SML hit the time limit of 3 seconds.';\n", + "lineNumber": 41, + "lineChange": "none" + }, + { + "line": " } else {\n", + "lineNumber": 42, + "lineChange": "none" + }, + { + "line": " data = data.replace(last_line, 'SML exited with ' + error_code);\n", + "lineNumber": 43, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 44, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 45, + "lineChange": "none" + }, + { + "line": " data = data.replace(last_line, error_text);\n", + "lineNumber": 46, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/plain');\n", + "lineNumber": 47, + "lineChange": "none" + }, + { + "line": " response.end(data);\n", + "lineNumber": 48, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 49, + "lineChange": "none" + }, + { + "line": " );\n", + "lineNumber": 50, + "lineChange": "none" + }, + { + "line": " dockerrunner.stdin.write(payload);\n", + "lineNumber": 51, + "lineChange": "none" + }, + { + "line": " dockerrunner.stdin.destroy();\n", + "lineNumber": 52, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 53, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 54, + "lineChange": "none" + }, + { + "line": "function readFile(name, callback) {\n", + "lineNumber": 55, + "lineChange": "none" + }, + { + "line": " fs.readFile(name, 'utf8', function (err, data) {\n", + "lineNumber": 56, + "lineChange": "none" + }, + { + "line": " if (err) {\n", + "lineNumber": 57, + "lineChange": "none" + }, + { + "line": " return console.log(err);\n", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 59, + "lineChange": "none" + }, + { + "line": " callback(data);\n", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 61, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 62, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 63, + "lineChange": "none" + }, + { + "line": "function outputFile(name, response) {\n", + "lineNumber": 64, + "lineChange": "none" + }, + { + "line": " readFile(name, function (data) {\n", + "lineNumber": 65, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/plain');\n", + "lineNumber": 66, + "lineChange": "none" + }, + { + "line": " response.end(data);\n", + "lineNumber": 67, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 68, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 69, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 70, + "lineChange": "none" + }, + { + "line": "function listDir(name, response) {\n", + "lineNumber": 71, + "lineChange": "none" + }, + { + "line": " fs.readdir(name, function (err, items) {\n", + "lineNumber": 72, + "lineChange": "none" + }, + { + "line": " response.set('Content-Type', 'text/json');\n", + "lineNumber": 73, + "lineChange": "none" + }, + { + "line": " response.end(JSON.stringify({codes: items}));\n", + "lineNumber": 74, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 75, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 76, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 77, + "lineChange": "none" + }, + { + "line": "server.post('/api/fallback/',\n", + "lineNumber": 69, + "lineChange": "none" + }, + { + "line": " function (request, response) {\n", + "lineNumber": 79, + "lineChange": "none" + }, + { + "line": " var payload = request.body.code;\n", + "lineNumber": 80, + "lineChange": "none" + }, + { + "line": " evalSMLCode(payload, response);\n", + "lineNumber": 81, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 82, + "lineChange": "none" + }, + { + "line": ");\n", + "lineNumber": 83, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 84, + "lineChange": "none" + }, + { + "line": "server.post('/api/validate/',\n", + "lineNumber": 76, + "lineChange": "removed" + }, + { + "line": "server.post('/api/validate/', callDockerLimiter,\n", + "lineNumber": 85, + "lineChange": "added" + }, + { + "line": " function (request, response) {\n", + "lineNumber": 86, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 27, + "cwe": [ + "CWE-770" + ] + } + }, + { + "id": "javascript/Ssrf", + "name": "Ssrf", + "shortDescription": { + "text": "Server-Side Request Forgery (SSRF)" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "\n## Details\nIn a server-side request forgery attack, a malicious user supplies a URL (an external URL or a network IP address such as 127.0.0.1) to the application's back end. The server then accesses the URL and shares its results, which may include sensitive information such as AWS metadata, internal configuration information, or database contents with the attacker. Because the request comes from the back end, it bypasses access controls, potentially exposing information the user does not have sufficient privileges to receive. The attacker can then exploit this information to gain access, modify the web application, or demand a ransom payment.\n\n## Best practices for prevention\n* Blacklists are problematic and attackers have numerous ways to bypass them; ideally, use a whitelist of all permitted domains and IP addresses.\n* Use authentication even within your own network to prevent exploitation of server-side requests.\n* Implement zero trust and sanitize and validate all URL and header data returning to the server from the user. Strip invalid or suspect characters, then inspect to be certain it contains a valid and expected value.\n* Ideally, avoid sending server requests based on user-provided data altogether.\n* Ensure that you are not sending raw response bodies from the server directly to the client. Only deliver expected responses.\n* Disable suspect and exploitable URL schemas. Common culprits include obscure and little-used schemas such as `file://`, `dict://`, `ftp://`, and `gopher://`.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "Ssrf", + "Security", + "SourceHttpBody", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/brislink/specter/commit/2b9c8046b4b1670e76011dad9c23dc67884f310a?diff=split#diff-b82186eeba82312da558b62cb554e48a69ad2768b38736aed0640d42fa7230a1L-1", + "lines": [ + { + "line": "\n", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": "\t\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "\trequest(headers,function(error,response,body){\t\t\n", + "lineNumber": 13, + "lineChange": "removed" + }, + { + "line": "\t\t\t\t\n", + "lineNumber": 14, + "lineChange": "removed" + }, + { + "line": "\t\t\n", + "lineNumber": 15, + "lineChange": "removed" + }, + { + "line": " var resultCount = paginationSize - 1;\n", + "lineNumber": 16, + "lineChange": "removed" + }, + { + "line": " var results = body.hits;\n", + "lineNumber": 17, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 18, + "lineChange": "removed" + }, + { + "line": "\tif(results.hits.length===0) return res.send(404);\n", + "lineNumber": 19, + "lineChange": "removed" + }, + { + "line": "\t\tvar total = body.hits.hits.length;\n", + "lineNumber": 20, + "lineChange": "removed" + }, + { + "line": "\t\tvar common = {\n", + "lineNumber": 21, + "lineChange": "removed" + }, + { + "line": "\t\t\t\n", + "lineNumber": 22, + "lineChange": "removed" + }, + { + "line": "\t\t\tdata : results.hits.slice(0,resultCount),\n", + "lineNumber": 23, + "lineChange": "removed" + }, + { + "line": "\t\t\tpageNo : pageNo,\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "\t\t\ttotal: total,\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "\t\t\tpreferences : preferences,\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\t\t\tindex: preferences.tagIndex\n", + "lineNumber": 27, + "lineChange": "removed" + }, + { + "line": "\t\t};\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": "\t\t\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": " var dataToRender = helpers.buildResponse(common);\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": "\t\tdataToRender.tag = tag;\n", + "lineNumber": 31, + "lineChange": "removed" + }, + { + "line": "\t\treturn res.render(constants.views.tagResults,dataToRender);\n", + "lineNumber": 32, + "lineChange": "removed" + }, + { + "line": " });\n", + "lineNumber": 33, + "lineChange": "removed" + } + ] + }, + { + "commitURL": "https://github.com/IoTKETI/Mobius/commit/df05de87c5d8c6f5f8625558c02e57b3260cf361?diff=split#diff-9c349b5d37e276e7b4ed18ad832fbe3772d2135fbca2d6dde6861d8cebb7a842L-1", + "lines": [ + { + "line": " else if(usesecure === 'enable') {\n", + "lineNumber": 230, + "lineChange": "none" + }, + { + "line": " options = {\n", + "lineNumber": 229, + "lineChange": "removed" + }, + { + "line": " hostname: usecoapcbhost,\n", + "lineNumber": 230, + "lineChange": "removed" + }, + { + "line": " port: usecsebaseport,\n", + "lineNumber": 231, + "lineChange": "removed" + }, + { + "line": " path: request.url,\n", + "lineNumber": 232, + "lineChange": "removed" + }, + { + "line": " method: request.method,\n", + "lineNumber": 233, + "lineChange": "removed" + }, + { + "line": " headers: headers,\n", + "lineNumber": 234, + "lineChange": "removed" + }, + { + "line": " ca: fs.readFileSync('ca-crt.pem')\n", + "lineNumber": 235, + "lineChange": "removed" + }, + { + "line": " };\n", + "lineNumber": 236, + "lineChange": "removed" + }, + { + "line": " options.ca = fs.readFileSync('ca-crt.pem');\n", + "lineNumber": 231, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 237, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 2, + "cwe": [ + "CWE-918" + ] + } + }, + { + "id": "javascript/NoHardcodedPasswords", + "name": "NoHardcodedPasswords", + "shortDescription": { + "text": "Use of Hardcoded Credentials" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nDevelopers may use hardcoded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n## Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hardcoded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "NoHardcodedPasswords", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/MosheWorld/Teacher-Student-Backend/commit/8578b6d9666996ebbfeffc058b22ef076bb856ba?diff=split#diff-0d543c6db9caf085d6e9f704ed0a1ec6baf47092768cfcb746a3e42266d83672L-1", + "lines": [ + { + "line": "user: 'studyhubemail@gmail.com',\n", + "lineNumber": 23, + "lineChange": "removed" + }, + { + "line": "pass: 'nuaheuvhpv'\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "user: process.env.EMAIL_USERNAME,\n", + "lineNumber": 23, + "lineChange": "added" + }, + { + "line": "pass: process.env.EMAIL_PASSWORD\n", + "lineNumber": 24, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/huluoyang/freecodecamp.cn/commit/277a09a3c3062263b61fb0bf02e17fd2be8ccb79?diff=split#diff-407d92ccd5a2b9275fe28f063fc49fbbedf9a87cfa6a1c3b8c72ce4b86858787L-1", + "lines": [ + { + "line": "user: 'huluoyang@gmail.com',\n", + "lineNumber": 12, + "lineChange": "removed" + }, + { + "line": "pass: 'nopainnogain'\n", + "lineNumber": 13, + "lineChange": "removed" + }, + { + "line": "user: process.env.MANDRILL_USER || false,\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "pass: process.env.MANDRILL_PASSWORD\n", + "lineNumber": 14, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/tubackkhoa/tkframework/commit/0ac0f7964f71d71d3930e554cbaf928f39f4540f?diff=split#diff-ad73f37992e2c25b9ad0d945783289cbf65b92741918fabea31bfe5b9de96688L-1", + "lines": [ + { + "line": "password: \"abc123ABC\",\n", + "lineNumber": 15, + "lineChange": "removed" + }, + { + "line": "password: process.env.DB_PASS,\n", + "lineNumber": 15, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 44, + "cwe": [ + "CWE-798", + "CWE-259" + ] + } + }, + { + "id": "javascript/NoSqli", + "name": "NoSqli", + "shortDescription": { + "text": "NoSQL Injection" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nIn an NoSQL injection attack, the user can submit an NoSQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other systems within the network. This is one of the most commonly exploited categories of vulnerability, but can largely be avoided through good coding practices.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "NoSqli", + "Security", + "SourceServer", + "SourceHttpBody", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/txwkx/book-room/commit/07d49f6d24577b1cc1f7374cd8156aba894ab481?diff=split#diff-386f21d62bc9118d346e66a9ea781c22cb0570a51656f80313d829b3a47eaeefL-1", + "lines": [ + { + "line": "const mongoose = require('mongoose');\n", + "lineNumber": 1, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 2, + "lineChange": "removed" + }, + { + "line": "//Model\n", + "lineNumber": 3, + "lineChange": "removed" + }, + { + "line": "const roomSchema = new mongoose.Schema({ name: String, title: String });\n", + "lineNumber": 4, + "lineChange": "removed" + }, + { + "line": "const Room = mongoose.model('Room', roomSchema);\n", + "lineNumber": 5, + "lineChange": "removed" + }, + { + "line": "const mongoose = require('mongoose'),\n", + "lineNumber": 1, + "lineChange": "added" + }, + { + "line": " ObjectId = mongoose.Types.ObjectId;\n", + "lineNumber": 2, + "lineChange": "added" + }, + { + "line": "const room = require('./models/roomModel');\n", + "lineNumber": 3, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": "const roomRouter = express.Router();\n", + "lineNumber": 7, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 8, + "lineChange": "none" + }, + { + "line": "roomRouter.get('/', (req, res) => {\n", + "lineNumber": 9, + "lineChange": "none" + }, + { + "line": " let query = {};\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": " Room.find(query, (err, rooms) => {\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": " if(err) res.status(500).send(err);\n", + "lineNumber": 13, + "lineChange": "none" + }, + { + "line": " else res.json(rooms);\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": " });\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "});\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": "roomRouter.get('/:id', (req, res) => {\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " Room.findById(req.params.id, (err, room) => {\n", + "lineNumber": 19, + "lineChange": "removed" + }, + { + "line": " const roomId = ObjectId(req.params.id);\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": " room.findById(roomId, (err, room) => {\n", + "lineNumber": 18, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/dnbard/brackets-extension-rating/commit/5005713d903d0f72e9166c852114ee2731b832b1?diff=split#diff-47f1ac8221ebff697d20f61a182c8c58ae0cfdb152ce1fa2f74e322f451d4ae6L-1", + "lines": [ + { + "line": " Extension.findOne({_id: id}, function(err, extension){\n", + "lineNumber": 21, + "lineChange": "removed" + }, + { + "line": " if (err){\n", + "lineNumber": 22, + "lineChange": "removed" + }, + { + "line": " res.status(500).send(err);\n", + "lineNumber": 23, + "lineChange": "removed" + }, + { + "line": " } else if (!extension){\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": " res.status(404).send(extension);\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": " } else {\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": " if (typeof id !== 'string'){\n", + "lineNumber": 23, + "lineChange": "added" + }, + { + "line": " res.status(422).send();\n", + "lineNumber": 24, + "lineChange": "added" + }, + { + "line": " return;\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 26, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 27, + "lineChange": "added" + }, + { + "line": " if (!registry){\n", + "lineNumber": 28, + "lineChange": "added" + }, + { + "line": " res.status(500).send('Registry is not available');\n", + "lineNumber": 29, + "lineChange": "added" + }, + { + "line": " return;\n", + "lineNumber": 30, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 31, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 32, + "lineChange": "added" + }, + { + "line": " extension = _.filter(registry, function(el){\n", + "lineNumber": 33, + "lineChange": "added" + }, + { + "line": " return el._id === id;\n", + "lineNumber": 34, + "lineChange": "added" + }, + { + "line": " });\n", + "lineNumber": 35, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 36, + "lineChange": "added" + }, + { + "line": " if (extension){\n", + "lineNumber": 37, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/lydiahallie/CodeBuddy/commit/833bc261d0ea3d8bc879aef9e56819907523eef0?diff=split#diff-7b34d6d0aa663ac1e8442aee4f25c59ced93612f5b90c5fe6279ad48c7df1001L-1", + "lines": [ + { + "line": "const author = await User.findOne({ _id: currentUser._id });\n", + "lineNumber": 23, + "lineChange": "removed" + }, + { + "line": "const recipient = await User.findOne({ _id: user._id });\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "const author = await User.findOne({ _id: req.user._id });\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": "const recipient = await User.findOne({ _id: id });\n", + "lineNumber": 26, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 9, + "cwe": [ + "CWE-943" + ] + } + }, + { + "id": "javascript/HardcodedSecret/test", + "name": "HardcodedSecret/test", + "shortDescription": { + "text": "Hardcoded Secret" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nWhen constants are hardcoded into applications, this information could easily be reverse-engineered and become known to attackers. For example, if a breached authentication token is hardcoded in multiple places in the application, it may lead to components of the application remaining vulnerable if not all instances are changed.\nAnother negative effect of hard-coding constants is potential unpredictability in the application's performance if the development team fails to update every single instance of the hardcoded constant throughout the code. For these reasons, hard-coding security-relevant constants is considered bad coding practice and should be remedied if present and avoided in future.\n\n## Best practices for prevention\n- Never hard code security-related constants; use symbolic names or configuration lookup files.\n- As hard coding is often done by coders working alone on a small scale, examine all legacy code components and test carefully when scaling.\n- Adopt a \"future-proof code\" mindset: While use of constants may save a little time now and make development simpler in the short term, it could cost time and money adapting to scale or other unforeseen circumstances (such as new hardware) in the future.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HardcodedSecret", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/ridoy/Monk/commit/d702fedf42ebc197c9131a09918affb6adb396ad?diff=split#diff-d20e0c91f722f4a7eb0a8a7dfa4d7799aa292685d66aaeb37f3122ff3594fefdL-1", + "lines": [ + { + "line": "}, 'SECRET');\n", + "lineNumber": 41, + "lineChange": "removed" + }, + { + "line": "}, process.env.SECRET);\n", + "lineNumber": 41, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/xiaoshan5733/cms/commit/da6178e57541766a84406b42d526a18b72704180?diff=split#diff-a21b912911c328c339d5f819be1e95f0973d6fdf93c1e8f29ff9bb2fbe9933e4L-1", + "lines": [ + { + "line": "data = jwt.verify(token, 'cms')\n", + "lineNumber": 54, + "lineChange": "removed" + }, + { + "line": "data = jwt.verify(token, config.jwt.secret)\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/sidewalklabs/commonspace/commit/32f2996ef0daad6eadab6ac8dacef8cd68048704?diff=split#diff-8a8ae07582c9d433ec8c2e5c4310ff8901e604f4965c5b90a49117ad46c47595L-1", + "lines": [ + { + "line": "const token = jwt.sign(user, 'secret');\n", + "lineNumber": 50, + "lineChange": "removed" + }, + { + "line": "return res.json({user, token});\n", + "lineNumber": 51, + "lineChange": "removed" + }, + { + "line": "const token = jwt.sign(user, process.env.jwt_secret);\n", + "lineNumber": 53, + "lineChange": "added" + }, + { + "line": "return res.json({token});\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 60, + "cwe": [ + "CWE-547" + ] + } + }, + { + "id": "javascript/JwtDecodeMethod", + "name": "JwtDecodeMethod", + "shortDescription": { + "text": "Insecure JWT Verification Method" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nSome JSON Web Token (JWT) parse/decode methods do not enforce validation or integrity checks of the JWT. If an application relies on these methods to authenticate users, an attacker could create arbitrary JWTs that may be accepted by the application.\n\n### Best practices for prevention\n\n- Always enforce JWT signature verification by using safe verification methods to ensure the structure and integrity of the JWT is validated before processing.\n\n## Best practices for prevention\n* [JWT Validation](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens)", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "JwtDecodeMethod", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-347" + ] + } + }, + { + "id": "javascript/HardcodedNonCryptoSecret", + "name": "HardcodedNonCryptoSecret", + "shortDescription": { + "text": "Hardcoded Secret" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nWhen constants are hardcoded into applications, this information could easily be reverse-engineered and become known to attackers. For example, if a breached authentication token is hardcoded in multiple places in the application, it may lead to components of the application remaining vulnerable if not all instances are changed.\nAnother negative effect of hard-coding constants is potential unpredictability in the application's performance if the development team fails to update every single instance of the hardcoded constant throughout the code. For these reasons, hard-coding security-relevant constants is considered bad coding practice and should be remedied if present and avoided in future.\n\n## Best practices for prevention\n- Never hard code security-related constants; use symbolic names or configuration lookup files.\n- As hard coding is often done by coders working alone on a small scale, examine all legacy code components and test carefully when scaling.\n- Adopt a \"future-proof code\" mindset: While use of constants may save a little time now and make development simpler in the short term, it could cost time and money adapting to scale or other unforeseen circumstances (such as new hardware) in the future.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HardcodedNonCryptoSecret", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/DanielMil/Authentication-Server/commit/310ce5500e9e751ee2fd9f3018bf772e9aae8364?diff=split#diff-dcdc3e0b3362edb8fec2a51d3fa51f8fb8af8f70247e06d9887fa934834c9122L-1", + "lines": [ + { + "line": "// Set environment variables\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "const sessionSecret: any = process.env.SESSION_SECRET;\n", + "lineNumber": 15, + "lineChange": "added" + }, + { + "line": "const dbConnection: any = process.env.MONGO_URI; \n", + "lineNumber": 16, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": "// Mongo config\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": "const DB_CONNECTION: any = process.env.MONGO_URI; \n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "mongoose.connect(DB_CONNECTION, { useNewUrlParser: true })\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " .then(() => console.log(\"Succesfully connected to MongoDB.\"))\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " .catch((err: mongoose.Error) => console.error(err));\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "const MongoStore = mongoStore(session); \n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "const db: any = mongoose.connection;\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": " \n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "// Fix mongo deprecation warnings\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "mongoose.set('useNewUrlParser', true);\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "mongoose.set('useFindAndModify', false);\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "mongoose.set('useCreateIndex', true);\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "// Configure express session\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "app.use(cookieParser());\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "app.use(session({\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": " secret: \"secret\",\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": " secret: sessionSecret,\n", + "lineNumber": 33, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/virena-app/virena/commit/8058527e8ef71bfa81f0cb0fb35eb80d00e08fdb?diff=split#diff-186488e26aa960d29fec244ac086f15e024c5a84df47eeba233d9b8d2525de2dL-1", + "lines": [ + { + "line": "client_id: '8fcf3e5c2d3d5dd78188',\n", + "lineNumber": 36, + "lineChange": "removed" + }, + { + "line": "client_secret: '0e102c56021e1aa28005b469b3c83ef7cb7e5b0e'\n", + "lineNumber": 37, + "lineChange": "removed" + }, + { + "line": "client_id: process.env.GITINIT,\n", + "lineNumber": 36, + "lineChange": "added" + }, + { + "line": "client_secret: process.env.GITSEE\n", + "lineNumber": 37, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/nemtech/nem2-library-js/commit/dd101718759035849eeb9d4a388656acdb5bf6d9?diff=split#diff-59ccc41578f07869060f7aea9ceca193a407696cce3de9f7219f98187f65c5b7L-1", + "lines": [ + { + "line": "const hash = sha3_512.create();\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "hash.update('secret');\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": "const hash = new Ripemd160().update(Buffer.from('Test Hash 160')).digest('Hex');\t\t\n", + "lineNumber": 31, + "lineChange": "added" + }, + { + "line": "const secretLockTransaction = {\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "\tdeadline: deadline(),\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": "\tmosaicId: [3646934825, 3576016193],\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": "\tmosaicAmount: uint64.fromUint(10000000),\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": "\tduration: uint64.fromUint(100),\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": "\thashAlgorithm: 0,\n", + "lineNumber": 36, + "lineChange": "removed" + }, + { + "line": "\tsecret: '225fe6d12b73a7d51f2992ce82951dbf8c173fa4',\n", + "lineNumber": 37, + "lineChange": "removed" + }, + { + "line": "\thashAlgorithm: HashAlgorithm.RIPEMD_160,\n", + "lineNumber": 37, + "lineChange": "added" + }, + { + "line": "\tsecret: hash,\n", + "lineNumber": 38, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 68, + "cwe": [ + "CWE-547" + ] + } + }, + { + "id": "javascript/HardcodedSecret", + "name": "HardcodedSecret", + "shortDescription": { + "text": "Hardcoded Secret" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nWhen constants are hardcoded into applications, this information could easily be reverse-engineered and become known to attackers. For example, if a breached authentication token is hardcoded in multiple places in the application, it may lead to components of the application remaining vulnerable if not all instances are changed.\nAnother negative effect of hard-coding constants is potential unpredictability in the application's performance if the development team fails to update every single instance of the hardcoded constant throughout the code. For these reasons, hard-coding security-relevant constants is considered bad coding practice and should be remedied if present and avoided in future.\n\n## Best practices for prevention\n- Never hard code security-related constants; use symbolic names or configuration lookup files.\n- As hard coding is often done by coders working alone on a small scale, examine all legacy code components and test carefully when scaling.\n- Adopt a \"future-proof code\" mindset: While use of constants may save a little time now and make development simpler in the short term, it could cost time and money adapting to scale or other unforeseen circumstances (such as new hardware) in the future.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HardcodedSecret", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/ridoy/Monk/commit/d702fedf42ebc197c9131a09918affb6adb396ad?diff=split#diff-d20e0c91f722f4a7eb0a8a7dfa4d7799aa292685d66aaeb37f3122ff3594fefdL-1", + "lines": [ + { + "line": "}, 'SECRET');\n", + "lineNumber": 41, + "lineChange": "removed" + }, + { + "line": "}, process.env.SECRET);\n", + "lineNumber": 41, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/xiaoshan5733/cms/commit/da6178e57541766a84406b42d526a18b72704180?diff=split#diff-a21b912911c328c339d5f819be1e95f0973d6fdf93c1e8f29ff9bb2fbe9933e4L-1", + "lines": [ + { + "line": "data = jwt.verify(token, 'cms')\n", + "lineNumber": 54, + "lineChange": "removed" + }, + { + "line": "data = jwt.verify(token, config.jwt.secret)\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/sidewalklabs/commonspace/commit/32f2996ef0daad6eadab6ac8dacef8cd68048704?diff=split#diff-8a8ae07582c9d433ec8c2e5c4310ff8901e604f4965c5b90a49117ad46c47595L-1", + "lines": [ + { + "line": "const token = jwt.sign(user, 'secret');\n", + "lineNumber": 50, + "lineChange": "removed" + }, + { + "line": "return res.json({user, token});\n", + "lineNumber": 51, + "lineChange": "removed" + }, + { + "line": "const token = jwt.sign(user, process.env.jwt_secret);\n", + "lineNumber": 53, + "lineChange": "added" + }, + { + "line": "return res.json({token});\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 60, + "cwe": [ + "CWE-547" + ] + } + }, + { + "id": "javascript/HardcodedNonCryptoSecret/test", + "name": "HardcodedNonCryptoSecret/test", + "shortDescription": { + "text": "Hardcoded Secret" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nWhen constants are hardcoded into applications, this information could easily be reverse-engineered and become known to attackers. For example, if a breached authentication token is hardcoded in multiple places in the application, it may lead to components of the application remaining vulnerable if not all instances are changed.\nAnother negative effect of hard-coding constants is potential unpredictability in the application's performance if the development team fails to update every single instance of the hardcoded constant throughout the code. For these reasons, hard-coding security-relevant constants is considered bad coding practice and should be remedied if present and avoided in future.\n\n## Best practices for prevention\n- Never hard code security-related constants; use symbolic names or configuration lookup files.\n- As hard coding is often done by coders working alone on a small scale, examine all legacy code components and test carefully when scaling.\n- Adopt a \"future-proof code\" mindset: While use of constants may save a little time now and make development simpler in the short term, it could cost time and money adapting to scale or other unforeseen circumstances (such as new hardware) in the future.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HardcodedNonCryptoSecret", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/DanielMil/Authentication-Server/commit/310ce5500e9e751ee2fd9f3018bf772e9aae8364?diff=split#diff-dcdc3e0b3362edb8fec2a51d3fa51f8fb8af8f70247e06d9887fa934834c9122L-1", + "lines": [ + { + "line": "// Set environment variables\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "const sessionSecret: any = process.env.SESSION_SECRET;\n", + "lineNumber": 15, + "lineChange": "added" + }, + { + "line": "const dbConnection: any = process.env.MONGO_URI; \n", + "lineNumber": 16, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": "// Mongo config\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": "const DB_CONNECTION: any = process.env.MONGO_URI; \n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "mongoose.connect(DB_CONNECTION, { useNewUrlParser: true })\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " .then(() => console.log(\"Succesfully connected to MongoDB.\"))\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " .catch((err: mongoose.Error) => console.error(err));\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "const MongoStore = mongoStore(session); \n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "const db: any = mongoose.connection;\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": " \n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "// Fix mongo deprecation warnings\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "mongoose.set('useNewUrlParser', true);\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "mongoose.set('useFindAndModify', false);\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "mongoose.set('useCreateIndex', true);\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "// Configure express session\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "app.use(cookieParser());\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "app.use(session({\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": " secret: \"secret\",\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": " secret: sessionSecret,\n", + "lineNumber": 33, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/virena-app/virena/commit/8058527e8ef71bfa81f0cb0fb35eb80d00e08fdb?diff=split#diff-186488e26aa960d29fec244ac086f15e024c5a84df47eeba233d9b8d2525de2dL-1", + "lines": [ + { + "line": "client_id: '8fcf3e5c2d3d5dd78188',\n", + "lineNumber": 36, + "lineChange": "removed" + }, + { + "line": "client_secret: '0e102c56021e1aa28005b469b3c83ef7cb7e5b0e'\n", + "lineNumber": 37, + "lineChange": "removed" + }, + { + "line": "client_id: process.env.GITINIT,\n", + "lineNumber": 36, + "lineChange": "added" + }, + { + "line": "client_secret: process.env.GITSEE\n", + "lineNumber": 37, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/nemtech/nem2-library-js/commit/dd101718759035849eeb9d4a388656acdb5bf6d9?diff=split#diff-59ccc41578f07869060f7aea9ceca193a407696cce3de9f7219f98187f65c5b7L-1", + "lines": [ + { + "line": "const hash = sha3_512.create();\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "hash.update('secret');\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": "const hash = new Ripemd160().update(Buffer.from('Test Hash 160')).digest('Hex');\t\t\n", + "lineNumber": 31, + "lineChange": "added" + }, + { + "line": "const secretLockTransaction = {\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "\tdeadline: deadline(),\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": "\tmosaicId: [3646934825, 3576016193],\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": "\tmosaicAmount: uint64.fromUint(10000000),\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": "\tduration: uint64.fromUint(100),\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": "\thashAlgorithm: 0,\n", + "lineNumber": 36, + "lineChange": "removed" + }, + { + "line": "\tsecret: '225fe6d12b73a7d51f2992ce82951dbf8c173fa4',\n", + "lineNumber": 37, + "lineChange": "removed" + }, + { + "line": "\thashAlgorithm: HashAlgorithm.RIPEMD_160,\n", + "lineNumber": 37, + "lineChange": "added" + }, + { + "line": "\tsecret: hash,\n", + "lineNumber": 38, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 68, + "cwe": [ + "CWE-547" + ] + } + }, + { + "id": "javascript/NoHardcodedPasswords/test", + "name": "NoHardcodedPasswords/test", + "shortDescription": { + "text": "Use of Hardcoded Credentials" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nDevelopers may use hardcoded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n## Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hardcoded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "NoHardcodedPasswords", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/MosheWorld/Teacher-Student-Backend/commit/8578b6d9666996ebbfeffc058b22ef076bb856ba?diff=split#diff-0d543c6db9caf085d6e9f704ed0a1ec6baf47092768cfcb746a3e42266d83672L-1", + "lines": [ + { + "line": "user: 'studyhubemail@gmail.com',\n", + "lineNumber": 23, + "lineChange": "removed" + }, + { + "line": "pass: 'nuaheuvhpv'\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "user: process.env.EMAIL_USERNAME,\n", + "lineNumber": 23, + "lineChange": "added" + }, + { + "line": "pass: process.env.EMAIL_PASSWORD\n", + "lineNumber": 24, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/huluoyang/freecodecamp.cn/commit/277a09a3c3062263b61fb0bf02e17fd2be8ccb79?diff=split#diff-407d92ccd5a2b9275fe28f063fc49fbbedf9a87cfa6a1c3b8c72ce4b86858787L-1", + "lines": [ + { + "line": "user: 'huluoyang@gmail.com',\n", + "lineNumber": 12, + "lineChange": "removed" + }, + { + "line": "pass: 'nopainnogain'\n", + "lineNumber": 13, + "lineChange": "removed" + }, + { + "line": "user: process.env.MANDRILL_USER || false,\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "pass: process.env.MANDRILL_PASSWORD\n", + "lineNumber": 14, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/tubackkhoa/tkframework/commit/0ac0f7964f71d71d3930e554cbaf928f39f4540f?diff=split#diff-ad73f37992e2c25b9ad0d945783289cbf65b92741918fabea31bfe5b9de96688L-1", + "lines": [ + { + "line": "password: \"abc123ABC\",\n", + "lineNumber": 15, + "lineChange": "removed" + }, + { + "line": "password: process.env.DB_PASS,\n", + "lineNumber": 15, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 44, + "cwe": [ + "CWE-798", + "CWE-259" + ] + } + }, + { + "id": "javascript/HTTPSourceWithUncheckedType", + "name": "HTTPSourceWithUncheckedType", + "shortDescription": { + "text": "Improper Type Validation" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nWhen an object is coming from `req.body` or `req.query`, coming from the express framework. The value of this property can be controlled by the user. This could be abused by an attacker to craft the properties of the object to crash the application or bypass its logic. As such, consider checking the type of the object.\n\nIf this weakness is present, illegitimate input provided from the user's end could lead to unpredictable results such as the program crashing, unauthorized access to secure resources or command execution at the server side. In addition, if the server is overwhelmed by these types of malfunctions, it may lead to denial of service to legitimate users and tasks.\n\nExample:\n\n```\nmodule.exports = function(req, res) {\n var data = req.query;\n // type of value isnt checked before being used\n data.ids = data.ids.split(',');\n doStuff(data.ids);\n\n };\n```\n\n\n\n## Best practices for prevention\n* Adopt a zero-trust model in which all input is considered potentially suspect.\n* Check the type of the object.\n\nExample:\n\n```\nmodule.exports = function(req, res) {\n var data = req.query;\n if (data.ids && typeof data.ids == 'string') {\n\n // type of value is checked\n data.ids = data.ids.split(',');\n doStuff(data.ids);\n } else {}\n };\n```\n\n## References\n\n* [CWE-1287: Improper Validation of Specified Type of Input](https://cwe.mitre.org/data/definitions/1287.html)\n* [JavaScript type confusion: Bypassed input validation (and how to remediate)](https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/)\n* [req.query Documentation](https://expressjs.com/en/4x/api.html#req.query)", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HTTPSourceWithUncheckedType", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/alexolivero/Obscurify/commit/e4833d36d4aa981b050caca88919784147fc8d95?diff=split#diff-7b56e6433cf96918ac3b03d1d103fc0286e593ad610f9419dfe3f99309ec33acL-1", + "lines": [ + { + "line": "if( key < req.query.obscurifyScore.toString()){\r\n", + "lineNumber": 145, + "lineChange": "removed" + }, + { + "line": "if( parseInt(key) < parseInt(req.query.obscurifyScore)){\r\n", + "lineNumber": 144, + "lineChange": "added" + }, + { + "line": " usersBelow += value;\r\n", + "lineNumber": 146, + "lineChange": "none" + }, + { + "line": "}\r\n", + "lineNumber": 147, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/ansible-semaphore/semaphore/commit/dc2dac98ad166701ed94f346d99dc2ff44b8a721?diff=split#diff-223cdc8b17a7eed4b42bce8401320629190defc2ac7bc7950b8a1563eb66c10dL-1", + "lines": [ + { + "line": "if (req.body.identity && req.body.identity.length > 0) {\n", + "lineNumber": 51, + "lineChange": "removed" + }, + { + "line": "if (typeof req.body.identity == 'string' && req.body.identity.length > 0) {\n", + "lineNumber": 51, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Financial-Times/polyfill-service/commit/471ddf842dc4d672dbf3b09702d91b850d04e4b9?diff=split#diff-e4e457f4b65b990f84bd0649da30984786b38b197e0edcf3e01b168b682f5abeL-1", + "lines": [ + { + "line": "excludes: (req.query.excludes && req.query.excludes.split(',')) || [],\n", + "lineNumber": 58, + "lineChange": "removed" + }, + { + "line": "excludes: (typeof req.query.excludes === 'string' && req.query.excludes.split(',')) || [],\n", + "lineNumber": 58, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 39, + "cwe": [ + "CWE-1287" + ] + } + }, + { + "id": "python/UnsupportedLanguage/test", + "name": "UnsupportedLanguage/test", + "shortDescription": { + "text": "Python 2 source code" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nThe Python 2 interpreter has been unsupported since January 2020 and does not receive security updates.\nThese source files appear to be in the Python 2 syntax, and therefore depend on unsupported 3rd party components for operation.\n\n## Best practices for prevention\n* If this code is still in use, port it to Python 3", + "text": "" + }, + "properties": { + "tags": [ + "python", + "UnsupportedLanguage", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-1104" + ] + } + }, + { + "id": "javascript/Sqli", + "name": "Sqli", + "shortDescription": { + "text": "SQL Injection" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nIn an SQL injection attack, the user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other systems within the network. This is one of the most commonly exploited categories of vulnerability, but can largely be avoided through good coding practices.\n\n## Best practices for prevention\n* Avoid passing user-entered parameters directly to the SQL server.\n* Avoid using string concatenation to build SQL queries from user-entered parameters.\n* When coding, define SQL code first, then pass in parameters. Use prepared statements with parameterized queries. Examples include `SqlCommand()` in .NET and `bindParam()` in PHP.\n* Use strong typing for all parameters so unexpected user data will be rejected.\n* Where direct user input cannot be avoided for performance reasons, validate input against a very strict allowlist of permitted characters, avoiding special characters such as `? & / < > ; - ' \" \\` and spaces. Use a vendor-supplied escaping routine if possible.\n* Develop your application in an environment and/or using libraries that provide protection against SQL injection.\n* Harden your entire environment around a least-privilege model, ideally with isolated accounts with privileges only for particular tasks.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "Sqli", + "Security", + "SourceHttpParam", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/Urigo/WhatsApp-Clone-Server/commit/088088847265c4ea29791cdbdc98d21b4b7b3e7d?diff=split#diff-64fc2a1d7ebf96939c4047a39fc850f244454c0f3eff44c48d8249e29a6269e1L-1", + "lines": [ + { + "line": " const { rows } = await db.query(sql`\n", + "lineNumber": 134, + "lineChange": "removed" + }, + { + "line": " INSERT INTO messages(chat_id, sender_user_id, content)\n", + "lineNumber": 135, + "lineChange": "removed" + }, + { + "line": " VALUES(${chatId}, ${currentUser.id}, ${content})\n", + "lineNumber": 136, + "lineChange": "removed" + }, + { + "line": " RETURNING *\n", + "lineNumber": 137, + "lineChange": "removed" + }, + { + "line": " `);\n", + "lineNumber": 138, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 139, + "lineChange": "removed" + }, + { + "line": " const messageAdded = rows[0];\n", + "lineNumber": 140, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 141, + "lineChange": "removed" + }, + { + "line": " injector.get(PubSub).publish('messageAdded', {\n", + "lineNumber": 142, + "lineChange": "removed" + }, + { + "line": " messageAdded,\n", + "lineNumber": 143, + "lineChange": "removed" + }, + { + "line": " });\n", + "lineNumber": 144, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 145, + "lineChange": "removed" + }, + { + "line": " return messageAdded;\n", + "lineNumber": 146, + "lineChange": "removed" + }, + { + "line": " return injector\n", + "lineNumber": 134, + "lineChange": "added" + }, + { + "line": " .get(Chats)\n", + "lineNumber": 135, + "lineChange": "added" + }, + { + "line": " .addMessage({ chatId, content, userId: currentUser.id });\n", + "lineNumber": 136, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/vpdb/server/commit/25011eb029e72f51b0fc48259c8c0ea8b37b177d?diff=split#diff-dec1b2b754bba471fe0144e0960b50e5511aa6843c3fdd778a7e0e617938056bL-1", + "lines": [ + { + "line": "\t\t\t\tquery.or([\r\n", + "lineNumber": 124, + "lineChange": "removed" + }, + { + "line": "\t\t\t\tquery.push({ $or: [\r\n", + "lineNumber": 124, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\t{ name: regex },\r\n", + "lineNumber": 125, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\t{ username: regex }\r\n", + "lineNumber": 126, + "lineChange": "none" + }, + { + "line": "\t\t\t\t]);\r\n", + "lineNumber": 127, + "lineChange": "removed" + }, + { + "line": "\t\t\t\t]});\r\n", + "lineNumber": 127, + "lineChange": "added" + }, + { + "line": "\t\t\t}\r\n", + "lineNumber": 128, + "lineChange": "none" + }, + { + "line": "\t\t}\r\n", + "lineNumber": 129, + "lineChange": "none" + }, + { + "line": "\t\tif (req.query.name) {\r\n", + "lineNumber": 130, + "lineChange": "none" + }, + { + "line": "\t\t\tquery.where('name').equals(req.query.name);\r\n", + "lineNumber": 131, + "lineChange": "removed" + }, + { + "line": "\t\t\tquery.push({ name: new RegExp('^' + _.escapeRegExp(req.query.name) + '$', 'i') });\r\n", + "lineNumber": 131, + "lineChange": "added" + }, + { + "line": "\t\t}\r\n", + "lineNumber": 132, + "lineChange": "none" + }, + { + "line": "\r\n", + "lineNumber": 133, + "lineChange": "none" + }, + { + "line": "\t\t// filter by role\r\n", + "lineNumber": 134, + "lineChange": "none" + }, + { + "line": "\t\tif (canList && req.query.roles) {\r\n", + "lineNumber": 135, + "lineChange": "none" + }, + { + "line": "\t\t\t// sanitze and split\r\n", + "lineNumber": 136, + "lineChange": "none" + }, + { + "line": "\t\t\tlet roles = req.query.roles.trim().replace(/[^a-z0-9,-]+/gi, '').split(',');\r\n", + "lineNumber": 137, + "lineChange": "none" + }, + { + "line": "\t\t\tquery.where('roles').in(roles);\r\n", + "lineNumber": 138, + "lineChange": "removed" + }, + { + "line": "\t\t\tquery.push( { roles: { $in: roles }});\r\n", + "lineNumber": 138, + "lineChange": "added" + }, + { + "line": "\t\t}\r\n", + "lineNumber": 139, + "lineChange": "none" + }, + { + "line": "\r\n", + "lineNumber": 140, + "lineChange": "none" + }, + { + "line": "\t\treturn query.exec();\r\n", + "lineNumber": 141, + "lineChange": "removed" + }, + { + "line": "\t\tconsole.log(api.searchQuery(query));\r\n", + "lineNumber": 141, + "lineChange": "added" + }, + { + "line": "\t\treturn User.find(api.searchQuery(query)).exec();\r\n", + "lineNumber": 142, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/RedstoneDaedalus/verifybot/commit/b7d59d6b87e5eb4b5c8732969baca49466338c3d?diff=split#diff-913d641a0712b4b17eb483f777442426ecfc90bb4062492e9833586e5cbdea4aL-1", + "lines": [ + { + "line": "const data = await client.query(`SELECT * FROM linked_accounts WHERE secret_key = '${req.query.key ? req.query.key.replace(/[^a-z\\d]/ig, \"\") : \"\"}';`);\n", + "lineNumber": 125, + "lineChange": "removed" + }, + { + "line": "const data = await client.query(\"SELECT * FROM linked_accounts WHERE secret_key = ?;\", [cient.connection.escape(req.query.key || \"\")]);\n", + "lineNumber": 125, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 42, + "cwe": [ + "CWE-89" + ] + } + }, + { + "id": "javascript/HttpToHttps/test", + "name": "HttpToHttps/test", + "shortDescription": { + "text": "Cleartext Transmission of Sensitive Information" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\nThis weakness occurs when software transmits sensitive information, such as passwords or credit card numbers, in unencrypted form. This information may then be intercepted by threat actors using sniffer tools or interception techniques such as man-in-the-middle (MITM) attacks (often involving social engineering). Attackers can then use information gleaned to perform a variety of actions, depending on the information type. Possible actions include gaining unauthorized access, impersonating a user, moving laterally within the organization's network, or retrieving and potentially modifying files. This weakness is almost completely avoidable through intelligent architecture and design.\n\n## Best practices for prevention\n* Build web applications around a security mindset and the awareness that sniffers may be present at any time.\n* Ensure that all sensitive data transmission uses reliable encryption.\n* Implement security measures so that sensitive results are never returned in plain text.\n* Implement multiple-factor authentication methods to validate remote instances.\n* Use SSL not only at logon but throughout communications.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "HttpToHttps", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/medic/couch2pg/commit/062eaa0f53d2cd2327232a695c60bf4c9fd589f6?diff=split#diff-e727e4bdf3657fd1d798edcd6b099d6e092f8573cba266154583a746bba0f346L-1", + "lines": [ + { + "line": "var httplib = require('http');\n", + "lineNumber": 1, + "lineChange": "removed" + }, + { + "line": "var httplib = require('https');\n", + "lineNumber": 1, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/dondi/GRNsight/commit/01e7d39d55ea9c18348a48aac5954183d825e834?diff=split#diff-65890f102baa526da3cc5d65e0528ea728fa9fa63659a7f2e1d523686240359cL-1", + "lines": [ + { + "line": "var https = require(\"http\");\n", + "lineNumber": 2, + "lineChange": "removed" + }, + { + "line": "var https = require(\"https\");\n", + "lineNumber": 2, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/watilde/npmbrew/commit/968a0cd04e732ede4552e60e86762ce77f7f0a5c?diff=split#diff-94469ba7812da76fe341041375403897426443f146321489331bb46bb45faf5bL-1", + "lines": [ + { + "line": "var http = require(\"http\")\n", + "lineNumber": 2, + "lineChange": "removed" + }, + { + "line": "var http = require(\"https\")\n", + "lineNumber": 2, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 4, + "cwe": [ + "CWE-319" + ] + } + }, + { + "id": "javascript/PT", + "name": "PT", + "shortDescription": { + "text": "Path Traversal" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nBeing able to access and manipulate an arbitrary path leads to vulnerabilities when a program is being run with privileges that the user providing the path should not have. A website with a path traversal vulnerability would allow users access to sensitive files on the server hosting it. CLI programs may also be vulnerable to path traversal if they are being ran with elevated privileges (such as with the setuid or setgid flags in Unix systems).\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`.\n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "PT", + "Security", + "SourceHttpParam", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/NodeBB/NodeBB/commit/cacc732015c64bba55a6ab45510086febccfb1b2?diff=split#diff-300f765b568b38163933bfcd40c75fe91709a35e9a7522bca2f8c5fe4b19195aL-1", + "lines": [ + { + "line": "\t\t\t\t\tuploadUserPicture(req.user.uid, req.files.userPhoto.name, req.files.userPhoto.path, res);\n", + "lineNumber": 101, + "lineChange": "removed" + }, + { + "line": "\t\t\t\t\tuploadUserPicture(req.user.uid, path.extname(req.files.userPhoto.name), req.files.userPhoto.path, res);\n", + "lineNumber": 101, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\treturn;\n", + "lineNumber": 102, + "lineChange": "none" + }, + { + "line": "\t\t\t\t}\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\n", + "lineNumber": 104, + "lineChange": "none" + }, + { + "line": "\t\t\t\tvar absolutePath = path.join(global.configuration['ROOT_DIRECTORY'], global.nconf.get('upload_path'), path.basename(oldpicture));\n", + "lineNumber": 105, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\n", + "lineNumber": 106, + "lineChange": "none" + }, + { + "line": "\t\t\t\tfs.unlink(absolutePath, function(err) {\n", + "lineNumber": 107, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\tif(err) {\t\t\t\t\n", + "lineNumber": 108, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\t\tconsole.error('[%d] %s', Date.now(), + err);\n", + "lineNumber": 109, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\t}\n", + "lineNumber": 110, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\t\n", + "lineNumber": 111, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\tuploadUserPicture(req.user.uid, path.extname(req.files.userPhoto.name), req.files.userPhoto.path, res);\n", + "lineNumber": 112, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\t\n", + "lineNumber": 113, + "lineChange": "none" + }, + { + "line": "\t\t\t\t});\n", + "lineNumber": 114, + "lineChange": "none" + }, + { + "line": "\t\t\t});\n", + "lineNumber": 115, + "lineChange": "none" + }, + { + "line": "\t\t});\n", + "lineNumber": 116, + "lineChange": "none" + }, + { + "line": "\t\t\n", + "lineNumber": 117, + "lineChange": "none" + }, + { + "line": "\t\tfunction uploadUserPicture(uid, extension, tempPath, res) {\n", + "lineNumber": 118, + "lineChange": "none" + }, + { + "line": "\t\t\tif(!extension) {\n", + "lineNumber": 119, + "lineChange": "none" + }, + { + "line": "\t\t\t\tres.send({\n", + "lineNumber": 120, + "lineChange": "none" + }, + { + "line": "\t\t\t\t\terror: 'Error uploading file! Error : Invalid extension!'\n", + "lineNumber": 121, + "lineChange": "none" + }, + { + "line": "\t\t\t\t});\n", + "lineNumber": 122, + "lineChange": "none" + }, + { + "line": "\t\t\t\treturn;\n", + "lineNumber": 123, + "lineChange": "none" + }, + { + "line": "\t\t\t}\n", + "lineNumber": 124, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 125, + "lineChange": "none" + }, + { + "line": "\t\t\tvar filename = uid + '-profileimg' + extension;\n", + "lineNumber": 126, + "lineChange": "none" + }, + { + "line": "\t\t\tvar uploadPath = path.join(global.configuration['ROOT_DIRECTORY'], global.nconf.get('upload_path'), filename);\n", + "lineNumber": 127, + "lineChange": "none" + }, + { + "line": "\t\t\t\n", + "lineNumber": 128, + "lineChange": "none" + }, + { + "line": "\t\t\t// @todo move to proper logging code - this should only be temporary\n", + "lineNumber": 129, + "lineChange": "none" + }, + { + "line": "\t\t\tconsole.log('Info: Attempting upload to: '+ uploadPath);\n", + "lineNumber": 130, + "lineChange": "none" + }, + { + "line": "\t\t\t\n", + "lineNumber": 131, + "lineChange": "none" + }, + { + "line": "\t\t\tvar is = fs.createReadStream(tempPath);\n", + "lineNumber": 132, + "lineChange": "none" + }, + { + "line": "\t\t\tvar os = fs.createWriteStream(uploadPath);\n", + "lineNumber": 133, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/vilmosioo/magma/commit/b13ae22e9cc3646444f949279c92dfa54fa2e882?diff=split#diff-e727e4bdf3657fd1d798edcd6b099d6e092f8573cba266154583a746bba0f346L-1", + "lines": [ + { + "line": "\tres.render(req.params.path || 'home');\n", + "lineNumber": 41, + "lineChange": "removed" + }, + { + "line": "\tconsole.log(req.params.path);\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\tvar template = routes['/' + req.params.path] || routes['/'];\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "\ttemplate = template.templateUrl;\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 45, + "lineChange": "added" + }, + { + "line": "\tres.render(path.basename(template, path.extname(template)), {\n", + "lineNumber": 46, + "lineChange": "added" + }, + { + "line": "\t\tconstants: {\n", + "lineNumber": 47, + "lineChange": "added" + }, + { + "line": "\t\t\tROUTES: JSON.stringify(routes)\n", + "lineNumber": 48, + "lineChange": "added" + }, + { + "line": "\t\t}\n", + "lineNumber": 49, + "lineChange": "added" + }, + { + "line": "\t});\n", + "lineNumber": 50, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/cube-js/cube.js/commit/256be019d9393daff7d8776be2c39bceafc49ce2?diff=split#diff-e3f9f2305d99d77628204eb1da6a6fd4695a3b3235274d4e7d8a65a150f0941fL-1", + "lines": [ + { + "line": "await Promise.all(files.map(file => fs.writeFile(path.join(file.fileName), file.content)));\n", + "lineNumber": 143, + "lineChange": "removed" + }, + { + "line": "await Promise.all(\n", + "lineNumber": 144, + "lineChange": "added" + }, + { + "line": " files.map(file => path.join(...[dashboardAppPath].concat(file.fileName.split('/'))))\n", + "lineNumber": 145, + "lineChange": "added" + }, + { + "line": ");\n", + "lineNumber": 146, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 42, + "cwe": [ + "CWE-23" + ] + } + }, + { + "id": "javascript/UseCsurfForExpress", + "name": "UseCsurfForExpress", + "shortDescription": { + "text": "Cross-Site Request Forgery (CSRF)" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\nCross-site request forgery is an attack in which a malicious third party takes advantage of a user's authenticated credentials (such as a browser cookie) to impersonate that trusted user and perform unauthorized actions. The web application server cannot tell the difference between legitimate and malicious requests. This type of attack generally begins by tricking the user with a social engineering attack, such as a link or popup that the user inadvertently clicks, causing an unauthorized request to be sent to the web server. Consequences vary: At a standard user level, attackers can change passwords, transfer funds, make purchases, or connect with contacts; from an administrator account, attackers can then make changes to or even take down the app itself.\n\n## Best practices for prevention\n* Use development frameworks that defend against CSRF, using a nonce, hash, or some other security device to the URL and/or to forms.\n* Implement secure, unique, hidden tokens that are checked by the server each time to validate state-change requests.\n* Never assume that authentication tokens and session identifiers mean a request is legitimate.\n* Understand and implement other safe-cookie techniques, such as double submit cookies.\n* Terminate user sessions when not in use, including automatic timeout.\n* Ensure rigorous coding practices and defenses against other commonly exploited CWEs, since cross-site scripting (XSS), for example, can be used to bypass defenses against CSRF.\n\n## References\n\n* [Express Documentation - Implement CSRF Protection](https://expressjs.com/en/resources/middleware/csurf.html)\n* [Node Security Checklist - CSRF](https://blog.risingstack.com/node-js-security-checklist/#csrf)", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "UseCsurfForExpress", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/xiaoshan5733/cms/commit/cfa979899ffc5d7a1305571923ba6ae70548675b?diff=split#diff-e07d531ac040ce3f40e0ce632ac2a059d7cd60f20e61f78268ac3be015b3b28fL-1", + "lines": [ + { + "line": "var app = express();\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "//连接数据库\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "mongoose.connect(config.mongodb.uri);\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "var db = mongoose.connection;\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "db.on('error', console.error.bind(console, 'connection error:'));\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "db.once('open', function callback () {\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": " console.log('连接mongodb成功');\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "});\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "//引入数据模型\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "util.walk(appPath + '/server/models', null, function(path) {\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": " require(path);\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "});\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": "// view engine setup\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": "app.set('views', path.join(__dirname, 'views'));\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": "app.set('view engine', 'jade');\n", + "lineNumber": 37, + "lineChange": "none" + }, + { + "line": "//定义全局字段\n", + "lineNumber": 38, + "lineChange": "none" + }, + { + "line": "app.locals = {\n", + "lineNumber": 39, + "lineChange": "none" + }, + { + "line": " title: 'CMS',\n", + "lineNumber": 40, + "lineChange": "none" + }, + { + "line": " pretty: true,\n", + "lineNumber": 41, + "lineChange": "none" + }, + { + "line": " moment: moment,\n", + "lineNumber": 42, + "lineChange": "none" + }, + { + "line": " _: underscore,\n", + "lineNumber": 43, + "lineChange": "none" + }, + { + "line": " util: util,\n", + "lineNumber": 44, + "lineChange": "none" + }, + { + "line": " config: config,\n", + "lineNumber": 45, + "lineChange": "none" + }, + { + "line": " adminDir: config.admin.dir ? ('/' + config.admin.dir) : ''\n", + "lineNumber": 46, + "lineChange": "none" + }, + { + "line": "};\n", + "lineNumber": 47, + "lineChange": "none" + }, + { + "line": "app.set('config', config);\n", + "lineNumber": 48, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 49, + "lineChange": "none" + }, + { + "line": "app.use(favicon());\n", + "lineNumber": 50, + "lineChange": "none" + }, + { + "line": "app.use(logger('dev'));\n", + "lineNumber": 51, + "lineChange": "none" + }, + { + "line": "app.use(bodyParser.json());\n", + "lineNumber": 54, + "lineChange": "none" + }, + { + "line": "app.use(bodyParser.urlencoded());\n", + "lineNumber": 55, + "lineChange": "none" + }, + { + "line": "app.use(cookieParser());\n", + "lineNumber": 56, + "lineChange": "none" + }, + { + "line": "app.use(session({\n", + "lineNumber": 57, + "lineChange": "none" + }, + { + "line": " secret: 'ruoguan'/*,\n", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": " store: new RedisStore*/\n", + "lineNumber": 59, + "lineChange": "none" + }, + { + "line": "}));\n", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": "//app.use(csrf());\n", + "lineNumber": 58, + "lineChange": "removed" + }, + { + "line": "app.use(csrf());\n", + "lineNumber": 61, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Detry322/redisred/commit/57aeed9563c1020ca70093310634000d795ae3b4?diff=split#diff-e07d531ac040ce3f40e0ce632ac2a059d7cd60f20e61f78268ac3be015b3b28fL-1", + "lines": [ + { + "line": "var csrf = require('csurf');\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": "//Initialize auth\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": "authentication(passport, adminUsername, adminPassword);\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "//Initialize the app\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "var app = express();\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "app.set('views', './views');\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "app.set('view engine', 'jade');\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "app.use(favicon('./public/assets/favicon.png'));\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "app.use(bodyParser.urlencoded({ extended: false }));\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "app.use(expressSession({ secret: sessionSecret, resave: true, saveUninitialized: true }));\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "app.use(passport.initialize());\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "app.use(passport.session());\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "app.use(csrf());\n", + "lineNumber": 32, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/slidewiki/slidewiki-platform/commit/3e1fd3ff647826a1321f4272924da9bfbcc91383?diff=split#diff-a4c65ede64197e1a112899a68bf994485b889c4b143198bac4af53425b38406fL-1", + "lines": [ + { + "line": "import cookieParser from 'cookie-parser';\n", + "lineNumber": 10, + "lineChange": "added" + }, + { + "line": "import csrf from 'csurf';\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": "import compression from 'compression';\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": "import debugLib from 'debug';\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "import path from 'path';\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "import serialize from 'serialize-javascript';\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": "import {navigateAction} from 'fluxible-router';\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "import debugLib from 'debug';\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "import React from 'react';\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": "import ReactDOM from 'react-dom/server';\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": "import app from './app';\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": "import HTMLComponent from './components/DefaultHTMLLayout';\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": "import { createElementWithContext } from 'fluxible-addons-react';\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": "import favicon from 'serve-favicon';\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": "const env = process.env.NODE_ENV;\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "const debug = debugLib('slidewiki-platform');\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "const server = express();\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "server.use(favicon(path.join(__dirname, '/favicon.ico')));\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "server.use('/public', express['static'](path.join(__dirname, '/build')));\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "server.use('/bower_components', express['static'](path.join(__dirname, '/bower_components')));\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "server.use('/custom_modules', express['static'](path.join(__dirname, '/custom_modules')));\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "server.use('/assets', express['static'](path.join(__dirname, '/assets')));\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "server.use(compression());\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "server.use(bodyParser.json());\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": "server.use(csrf({cookie: true}));\n", + "lineNumber": 35, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 66, + "cwe": [ + "CWE-352" + ] + } + }, + { + "id": "javascript/PrototypePollution", + "name": "PrototypePollution", + "shortDescription": { + "text": "Prototype Pollution" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nPrototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `_proto_`, `constructor` and `prototype`. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the `Object.prototype` are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\n\nThere are two main ways in which the pollution of prototypes occurs:\n\n- Unsafe `Object` recursive merge\n\n- Property definition by path\n\n\n### Unsafe Object recursive merge\n\nThe logic of a vulnerable recursive merge function follows the following high-level model:\n```\nmerge (target, source)\n\n foreach property of source\n\n if property exists and is an object on both the target and the source\n\n merge(target[property], source[property])\n\n else\n\n target[property] = source[property]\n```\n
                \n\nWhen the source object contains a property named `_proto_` defined with `Object.defineProperty()` , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of `Object` and the source of `Object` as defined by the attacker. Properties are then copied on the `Object` prototype.\n\nClone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: `merge({},source)`.\n\n`lodash` and `Hoek` are examples of libraries susceptible to recursive merge attacks.\n\n### Property definition by path\n\nThere are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: `theFunction(object, path, value)`\n\nIf the attacker can control the value of \"path\", they can set this value to `_proto_.myValue`. `myValue` is then assigned to the prototype of the class of the object.\n\n## Types of attacks\n\nThere are a few methods by which Prototype Pollution can be manipulated:\n\n| Type |Origin |Short description |\n|--|--|--|\n| **Denial of service (DoS)**|Client |This is the most likely attack.
                DoS occurs when `Object` holds generic functions that are implicitly called for various operations (for example, `toString` and `valueOf`).
                The attacker pollutes `Object.prototype.someattr` and alters its state to an unexpected value such as `Int` or `Object`. In this case, the code fails and is likely to cause a denial of service.
                **For example:** if an attacker pollutes `Object.prototype.toString` by defining it as an integer, if the codebase at any point was reliant on `someobject.toString()` it would fail. |\n |**Remote Code Execution**|Client|Remote code execution is generally only possible in cases where the codebase evaluates a specific attribute of an object, and then executes that evaluation.
                **For example:** `eval(someobject.someattr)`. In this case, if the attacker pollutes `Object.prototype.someattr` they are likely to be able to leverage this in order to execute code.|\n|**Property Injection**|Client|The attacker pollutes properties that the codebase relies on for their informative value, including security properties such as cookies or tokens.
                **For example:** if a codebase checks privileges for `someuser.isAdmin`, then when the attacker pollutes `Object.prototype.isAdmin` and sets it to equal `true`, they can then achieve admin privileges.|\n\n## Affected environments\n\nThe following environments are susceptible to a Prototype Pollution attack:\n\n- Application server\n\n- Web server\n\n\n## Best practices for prevention\n\n1. Freeze the prototype - use `Object.freeze (Object.prototype)`.\n\n2. Require schema validation of JSON input.\n\n3. Avoid using unsafe recursive merge functions.\n\n4. Consider using objects without prototypes (for example, `Object.create(null)`), breaking the prototype chain and preventing pollution.\n\n5. As a best practice use `Map` instead of `Object`.\n\n### For more information on this vulnerability type:\n\n[Arteau, Oliver. \"JavaScript prototype pollution attack in NodeJS application.\" GitHub, 26 May 2018](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "PrototypePollution", + "Security", + "SourceServer", + "SourceHttpParam", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/VincentLoy/tweetParser.js/commit/31ccbf365abbb6398fb78705074c11458421cec6?diff=split#diff-343e9403c50c367c18f841170513c764a80c01c26a0d9c2746a5fd632febe770L-1", + "lines": [ + { + "line": " for (var i in datas) {\n", + "lineNumber": 18, + "lineChange": "removed" + }, + { + "line": " var i;\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 19, + "lineChange": "added" + }, + { + "line": " for (i = 0; i < datas.length; i += 1) {\n", + "lineNumber": 20, + "lineChange": "added" + }, + { + "line": " if (datas[i].contributions > 1) {\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": " datas[i].wording = \"contributions\";\n", + "lineNumber": 22, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/wachunga/omega/commit/0ea594b103c957680b02e5b3d3e6763cf49d2c3a?diff=split#diff-a4c65ede64197e1a112899a68bf994485b889c4b143198bac4af53425b38406fL-1", + "lines": [ + { + "line": "issues[id].assignee = assignee; \n", + "lineNumber": 47, + "lineChange": "removed" + }, + { + "line": "issues[id-1].assignee = assignee; \n", + "lineNumber": 47, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/vampd/vampd/commit/edc7005b68e3e42f461249f8257ba16664983a79?diff=split#diff-8832eceed707e9acd023cc8a42587cb109d860d7272ff10950e3a01bb6f9be94L-1", + "lines": [ + { + "line": "site.override_attributes.drupal.sites[site_name].actions = actions;\n", + "lineNumber": 53, + "lineChange": "removed" + }, + { + "line": "site.override_attributes.drupal.sites[site_name].deploy.action = actions;\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 8, + "cwe": [ + "CWE-1321" + ] + } + }, + { + "id": "javascript/DOMXSS", + "name": "DOMXSS", + "shortDescription": { + "text": "Cross-site Scripting (XSS)" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n## Best practices for prevention\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "DOMXSS", + "Security", + "SourceResourceAccess", + "SourceNetworkRequest", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/quilime/dynamic-site/commit/0e64e840355d79a879f7eeab00d3b0f1bc33b484?diff=split#diff-3803a4142e90f0f59977727226f37112d7b946ccfeca5b47455aee1ae6dee97bL-1", + "lines": [ + { + "line": "codePre.innerHTML = prettyPrintOne(code);\n", + "lineNumber": 108, + "lineChange": "removed" + }, + { + "line": "codePre.innerText = code;\n", + "lineNumber": 111, + "lineChange": "added" + }, + { + "line": "prettyPrint();\n", + "lineNumber": 112, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/10up/distributor/commit/059a661149ceadc49f1093631cb4099f3ba4f2ac?diff=split#diff-d2e585d5738b595b24a722e974f1933e4ff11ee961254e6334a654d8927d7103L-1", + "lines": [ + { + "line": "endpointResult.innerHTML = dt.limited_connection;\n", + "lineNumber": 95, + "lineChange": "removed" + }, + { + "line": "endpointResult.innerText = dt.limited_connection;\n", + "lineNumber": 101, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/minj/foxtrick/commit/ada03f2d4d5e4ae9f7b2f4cfeb2eceaa5b4322d6?diff=split#diff-6e9376b3e13b333f7778db725b2e2b6ec79943d3752cb5e7104c47969c4bbd63L-1", + "lines": [ + { + "line": "a.innerHTML = Foxtrickl10n.getString('foxtrick.LeagueAndMatchChat.CupChat');\n", + "lineNumber": 96, + "lineChange": "removed" + }, + { + "line": "a.textContent = Foxtrickl10n.getString('foxtrick.LeagueAndMatchChat.CupChat');\n", + "lineNumber": 92, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 116, + "cwe": [ + "CWE-79" + ] + } + }, + { + "id": "javascript/InsecureHash", + "name": "InsecureHash", + "shortDescription": { + "text": "Use of Password Hash With Insufficient Computational Effort" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nSensitive information should never be stored in plain text, since this makes it very easy for unauthorized users, whether malicious insiders or outside attackers, to access. Hashing methods are used to make stored passwords and other sensitive data unreadable to users. For example, when a password is defined for the first time, it is hashed and then stored. The next time that user attempts to log on, the password they enter is hashed following the same procedure and compared with the stored value. In this way, the original password never needs to be stored in the system.\n\nHashing is a one-way scheme, meaning a hashed password cannot be reverse engineered. However, if an outdated or custom programmed hashing scheme is used, it becomes simple for an attacker with powerful modern computing power to gain access to the hashes used. This opens up access to all stored password information, leading to breached security. Therefore, it is essential for developers to understand modern, secure password hashing techniques.\n\n## Best practices for prevention\n* Use strong standard algorithms for hashing rather than simpler but outdated methods or DIY hashing schemes, which may have inherent weaknesses.\n* Use modular design for all code dealing with hashing so it can be swapped out as security standards change over time.\n* Use salting in combination with hashing (While this places more demands on resources, it is an essential step for tighter security.).\n* Implement zero-trust architecture to ensure that access to password data is granted only for legitimate business purposes.\n* Increase developer awareness of current standards in data security and cryptography.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "InsecureHash", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/emgram769/livechan-js/commit/99ecea722f7fc204ce3293ff2b0e315d0e61ccad?diff=split#diff-fdbfe737b6f8eaccddd46f57a79b5532942e1667c38ca880c32d89723af39857L-1", + "lines": [ + { + "line": "var hash_pass = crypto.createHash('sha1').update(password).digest('base64');\n", + "lineNumber": 88, + "lineChange": "removed" + }, + { + "line": "var hash_pass = crypto.createHash('sha512').update(config.admin_pw_salt, 'base64').update(password, 'utf8').digest('base64');\n", + "lineNumber": 88, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Synzvato/decentraleyes/commit/8855358381cff8156fe7a801d9201371034373a2?diff=split#diff-8e3adc8af301344e44c7efc3f4a24d375d02d285c617793db6d2eabe367b9d92L-1", + "lines": [ + { + "line": "hash = crypto.createHash('md5');\n", + "lineNumber": 139, + "lineChange": "removed" + }, + { + "line": "hash = crypto.createHash('sha512');\n", + "lineNumber": 139, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/openmrs/openmrs-contrib-id/commit/877c9a874b349a330b806414bfad82d03de39eb1?diff=split#diff-629444d01512e7f8fd688f67bf412d620053325ed416c34f940ffd52bb4420e2L-1", + "lines": [ + { + "line": "hash = crypto.createHash('md5');\n", + "lineNumber": 109, + "lineChange": "removed" + }, + { + "line": "hash = crypto.createHash('sha512');\n", + "lineNumber": 109, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 52, + "cwe": [ + "CWE-916" + ] + } + }, + { + "id": "javascript/ZipSlip", + "name": "ZipSlip", + "shortDescription": { + "text": "Arbitrary File Write via Archive Extraction (Zip Slip)" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nZip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.\n\n## Example\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "ZipSlip", + "Security", + "SourceArchive", + "", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-22" + ] + } + }, + { + "id": "javascript/NoHardcodedCredentials/test", + "name": "NoHardcodedCredentials/test", + "shortDescription": { + "text": "Use of Hardcoded Credentials" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nDevelopers may use hardcoded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n## Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hardcoded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "NoHardcodedCredentials", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/thallium205/BitcoinVisualizer/commit/3fd03f5ec7236a0602ea2960dc786b156601efc6?diff=split#diff-a0f6e6d9c44dcd75d4a33b841594a196ff2e74137919f62ac68935a991378528L-1", + "lines": [ + { + "line": "host : '10.0.0.1',\r\n", + "lineNumber": 2, + "lineChange": "removed" + }, + { + "line": "user : 'root',\r\n", + "lineNumber": 3, + "lineChange": "removed" + }, + { + "line": "password : 'webster',\r\n", + "lineNumber": 4, + "lineChange": "removed" + }, + { + "line": "database : 'blockviewer'\r\n", + "lineNumber": 5, + "lineChange": "removed" + }, + { + "line": "host : process.env.sqlhost,\r\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": "user : process.env.sqluser,\r\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": "password : process.env.sqlpass,\r\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": "database : process.env.sqldatabase\r\n", + "lineNumber": 10, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/azukiapp/azk/commit/f032902cd00ad2ed6dfb8d9f7d9f31e9db10b210?diff=split#diff-14c376258425dc4f37d3c24807f4b5ba8b060f4dd75d5e90f8d88396acacbf3bL-1", + "lines": [ + { + "line": "username: 'docker',\n", + "lineNumber": 298, + "lineChange": "removed" + }, + { + "line": "username: azk.cst.VM_USER,\n", + "lineNumber": 298, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/jedireza/aqua/commit/5c35c79f56ada04f4d2c565954ccf63f55b1f706?diff=split#diff-c85bcf94d1b915dac9d6da178bf7648fa1a910cbcdc14a82fef8a90cf9f62e21L-1", + "lines": [ + { + "line": "password : 'test',\n", + "lineNumber": 203, + "lineChange": "removed" + }, + { + "line": "email : 'test@test.com'\n", + "lineNumber": 204, + "lineChange": "removed" + }, + { + "line": "password : results.rootPassword,\n", + "lineNumber": 203, + "lineChange": "added" + }, + { + "line": "email : results.rootEmail\n", + "lineNumber": 204, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 30, + "cwe": [ + "CWE-798" + ] + } + } + ] + } + }, + "results": [ + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16)", + "[bypassSecurityTrustHtml](17)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 216, + "endLine": 216, + "startColumn": 44, + "endColumn": 67 + } + } + } + ], + "fingerprints": { + "0": "041274fc0869f892f98d45c0bd6903f2cfad48bc93a806c69ccfdb2c86f32781", + "1": "7921a677.4773f344.607187b5.a517c54b.ef9f7d82.8020cfdf.df7e59ba.cde67692.72e8bf12.664e3b30.21371afe.dee12555.fbac9e17.787328db.83265159.de97a755" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 65, + "endColumn": 78 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 83, + "endColumn": 91 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 83, + "endColumn": 96 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 60, + "endColumn": 63 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 55, + "endColumn": 59 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/challenge.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 12, + "endColumn": 59 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 117, + "endLine": 117, + "startColumn": 29, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 117, + "endLine": 117, + "startColumn": 63, + "endColumn": 73 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 119, + "endLine": 119, + "startColumn": 29, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 120, + "endLine": 120, + "startColumn": 31, + "endColumn": 46 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 121, + "endLine": 121, + "startColumn": 34, + "endColumn": 49 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 122, + "endLine": 122, + "startColumn": 39, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 215, + "endLine": 215, + "startColumn": 25, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 216, + "endLine": 216, + "startColumn": 68, + "endColumn": 77 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 216, + "endLine": 216, + "startColumn": 68, + "endColumn": 99 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/score-board/score-board.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 216, + "endLine": 216, + "startColumn": 44, + "endColumn": 67 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8)", + "[bypassSecurityTrustHtml](9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 37, + "endColumn": 60 + } + } + } + ], + "fingerprints": { + "0": "1ea030f297935ab7db59fe215a71ce9c51aacfc72938e77d615d828f87adc0e0", + "1": "3df95e84.4773f344.607187b5.74eb2808.ef9f7d82.8020cfdf.83265159.428468b6.a6348f37.70b638aa.8b3a84e3.c559ebce.4463c21f.51429c53.83265159.7f547f77" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/image-captcha.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 20, + "endLine": 20, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/image-captcha.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 20, + "endLine": 20, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/image-captcha.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 20, + "endLine": 20, + "startColumn": 12, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/image-captcha.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 20, + "endLine": 20, + "startColumn": 68, + "endColumn": 72 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/image-captcha.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 20, + "endLine": 20, + "startColumn": 12, + "endColumn": 72 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 44, + "endLine": 44, + "startColumn": 30, + "endColumn": 40 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 44, + "endLine": 44, + "startColumn": 54, + "endColumn": 63 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 61, + "endColumn": 65 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 61, + "endColumn": 71 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/data-export/data-export.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 37, + "endColumn": 60 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13)", + "[bypassSecurityTrustHtml](14)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 50, + "endLine": 50, + "startColumn": 37, + "endColumn": 60 + } + } + } + ], + "fingerprints": { + "0": "145bb7c088f3191c1b0d55120ac56ba0cbb22ea4b26198b225aee2f2b777e4ba", + "1": "839b1d0f.4773f344.607187b5.824d2503.ef9f7d82.8020cfdf.0b4f0b50.ae94f388.46b7c801.6b0b4bb5.81f55990.72a8f743.4463c21f.7312b3d3.83265159.a83217da" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 104, + "endColumn": 117 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 30, + "endLine": 30, + "startColumn": 7, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 30, + "endLine": 30, + "startColumn": 7, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 99, + "endColumn": 102 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 94, + "endColumn": 98 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/user.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 12, + "endColumn": 98 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 22, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 45, + "endLine": 45, + "startColumn": 40, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 48, + "endLine": 48, + "startColumn": 18, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 50, + "endLine": 50, + "startColumn": 77, + "endColumn": 81 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 50, + "endLine": 50, + "startColumn": 119, + "endColumn": 123 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 50, + "endLine": 50, + "startColumn": 61, + "endColumn": 138 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 50, + "endLine": 50, + "startColumn": 37, + "endColumn": 60 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)", + "[bypassSecurityTrustHtml](13)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 43, + "endColumn": 66 + } + } + } + ], + "fingerprints": { + "0": "0b74757bb31439faf25f1dcf6062dd282cc8090d43b9d1b69fc44ac6b0c8a0fd", + "1": "7921a677.4773f344.607187b5.d7919eeb.ef9f7d82.81760a8a.566b8f28.cde67692.a6348f37.70b638aa.8b18f948.4a954e56.4463c21f.7312b3d3.83265159.a83217da" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 21, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 21, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 18, + "endColumn": 31 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 36, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 36, + "endColumn": 49 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 13, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 8, + "endColumn": 12 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 23, + "startColumn": 12, + "endColumn": 12 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 62, + "endLine": 62, + "startColumn": 26, + "endColumn": 30 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 62, + "endLine": 62, + "startColumn": 44, + "endColumn": 53 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 64, + "endLine": 64, + "startColumn": 18, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 67, + "endColumn": 75 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 67, + "endColumn": 83 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/administration/administration.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 43, + "endColumn": 66 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)", + "[bypassSecurityTrustHtml](13)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 45, + "endColumn": 68 + } + } + } + ], + "fingerprints": { + "0": "33df10f2aa9f160fc2b96996c33d9012491b8540f9ca56f7fdf4557d9edd621d", + "1": "cf7733e4.4773f344.ed5da594.a517c54b.ef9f7d82.32f843a3.0b4f0b50.116a0c7b.cf7733e4.eb7d1438.0a3df746.c8688b2b.ab9128a4.32f843a3.83265159.116a0c7b" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 62, + "endColumn": 75 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 80, + "endColumn": 88 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 57, + "endColumn": 60 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 52, + "endColumn": 56 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/track-order.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 12, + "endColumn": 56 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 39, + "endLine": 39, + "startColumn": 28, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 39, + "endLine": 39, + "startColumn": 58, + "endColumn": 65 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 78, + "endColumn": 85 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 78, + "endColumn": 90 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 78, + "endColumn": 93 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 69, + "endColumn": 110 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/track-result/track-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 45, + "endColumn": 68 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from data from a remote resource flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[data from a remote resource](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16)", + "[bypassSecurityTrustHtml](17)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 84, + "endLine": 84, + "startColumn": 47, + "endColumn": 70 + } + } + } + ], + "fingerprints": { + "0": "abd4e0bd5997a9d87e6687d628a4a73eccda02a164cbb4bcc2dfc5d0fb62b2ea", + "1": "7921a677.4773f344.607187b5.a517c54b.ef9f7d82.81760a8a.566b8f28.cde67692.cf7733e4.3635f48a.d7512ab0.e6336d2f.4463c21f.7312b3d3.83265159.9b5cefb9" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 21, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 21, + "startColumn": 22, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 18, + "endColumn": 31 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 36, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 36, + "endColumn": 49 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 13, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 8, + "endColumn": 12 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/feedback.service.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 23, + "startColumn": 12, + "endColumn": 12 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 80, + "endLine": 80, + "startColumn": 26, + "endColumn": 30 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 80, + "endLine": 80, + "startColumn": 44, + "endColumn": 53 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 81, + "endLine": 81, + "startColumn": 27, + "endColumn": 36 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 83, + "endLine": 83, + "startColumn": 76, + "endColumn": 85 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 83, + "endLine": 83, + "startColumn": 117, + "endColumn": 126 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 83, + "endLine": 83, + "startColumn": 9, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 84, + "endLine": 84, + "startColumn": 71, + "endColumn": 80 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 84, + "endLine": 84, + "startColumn": 71, + "endColumn": 83 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 84, + "endLine": 84, + "startColumn": 71, + "endColumn": 91 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/about/about.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 84, + "endLine": 84, + "startColumn": 47, + "endColumn": 70 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Unsanitized input from browser storage flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[browser storage](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8)", + "[bypassSecurityTrustHtml](9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 36, + "endLine": 36, + "startColumn": 43, + "endColumn": 66 + } + } + } + ], + "fingerprints": { + "0": "046e16ab4dbfb48a4781c00cff82e58e29672069dc0a150e72aed4b8da04427a", + "1": "cf7733e4.4773f344.607187b5.400fd3fd.90100e46.8020cfdf.0b4f0b50.66506c4e.46b7c801.706318d0.86aa5c73.400fd3fd.4463c21f.8020cfdf.cebf5fac.5691ba88" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 32, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 32, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 11, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 32, + "endLine": 32, + "startColumn": 9, + "endColumn": 14 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 33, + "endLine": 33, + "startColumn": 27, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 33, + "endLine": 33, + "startColumn": 17, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 34, + "endLine": 34, + "startColumn": 11, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 34, + "endLine": 34, + "startColumn": 11, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 36, + "endLine": 36, + "startColumn": 67, + "endColumn": 111 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/last-login-ip/last-login-ip.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 36, + "endLine": 36, + "startColumn": 43, + "endColumn": 66 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "Unsanitized input from cookies flows into send, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[cookies](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15)", + "[send](16)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 15, + "endColumn": 19 + } + } + } + ], + "fingerprints": { + "0": "00ca59a0355087ec9f0affdc8fd90a7dbbdf6f4a31f3c55a053e5028fc1fc577", + "1": "839b1d0f.4773f344.a32ed1a1.d7919eeb.ef9f7d82.8020cfdf.cd61fc56.2f05c567.dca15045.6b0b4bb5.81f55990.4ee3cf31.cca38dbc.34a4d81a.0334236c.2f05c567" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 64, + "endColumn": 71 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 64, + "endColumn": 71 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 60, + "endColumn": 71 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 56, + "endColumn": 59 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 13, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 11, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 26, + "endLine": 26, + "startColumn": 28, + "endColumn": 40 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 26, + "endLine": 26, + "startColumn": 28, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 26, + "endLine": 26, + "startColumn": 19, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 26, + "endLine": 26, + "startColumn": 56, + "endColumn": 78 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 28, + "endLine": 28, + "startColumn": 26, + "endColumn": 30 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 47, + "endLine": 47, + "startColumn": 69, + "endColumn": 73 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 57, + "endLine": 57, + "startColumn": 41, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 59, + "endLine": 59, + "startColumn": 82, + "endColumn": 86 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 23, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 20, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 65, + "endLine": 65, + "startColumn": 15, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 804, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "Unsanitized input from an HTTP parameter flows into send, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[an HTTP parameter](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10)", + "[send](11)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 16, + "endColumn": 20 + } + } + } + ], + "fingerprints": { + "0": "ca83cad0f9e3992c2cdcd287969b4fe89bf3906a312dc6b114fcfaead4419687", + "1": "716f11c4.4773f344.cae2544c.289fcdd5.d3562abd.8020cfdf.83265159.2f05c567.9dc2a0d3.706318d0.cae2544c.289fcdd5.79a7d027.f8890b3c.0334236c.e6930396" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 14, + "endLine": 14, + "startColumn": 26, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 14, + "endLine": 14, + "startColumn": 26, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 14, + "endLine": 14, + "startColumn": 22, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 14, + "endLine": 14, + "startColumn": 16, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 14, + "endLine": 14, + "startColumn": 7, + "endColumn": 9 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 13, + "startColumn": 5, + "endColumn": 10 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 12, + "endLine": 12, + "startColumn": 16, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 12, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 45, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 27, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 21, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/recycles.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 16, + "endColumn": 20 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 754, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/XSS", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "Unsanitized input from an HTTP parameter flows into bypassSecurityTrustHtml, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).", + "arguments": [ + "[an HTTP parameter](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8)", + "[bypassSecurityTrustHtml](9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 151, + "endLine": 151, + "startColumn": 41, + "endColumn": 64 + } + } + } + ], + "fingerprints": { + "0": "22e73eee0efe2f75ab91d1b6197fcb36ca60a94dd923daf4398205d4bd5ac2f4", + "1": "b7602041.4773f344.607187b5.c484ae4b.ef9f7d82.8020cfdf.ea235696.cde67692.1f17e802.b6e32c83.72aa1700.c484ae4b.4463c21f.33e93315.ca2eca62.5b5a306a" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 144, + "endLine": 144, + "startColumn": 62, + "endColumn": 63 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 144, + "endLine": 144, + "startColumn": 62, + "endColumn": 63 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 144, + "endLine": 144, + "startColumn": 9, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 145, + "endLine": 145, + "startColumn": 9, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 146, + "endLine": 146, + "startColumn": 20, + "endColumn": 30 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 146, + "endLine": 146, + "startColumn": 31, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 58, + "endColumn": 68 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 150, + "endLine": 150, + "startColumn": 32, + "endColumn": 42 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 151, + "endLine": 151, + "startColumn": 65, + "endColumn": 75 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/search-result/search-result.component.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 151, + "endLine": 151, + "startColumn": 41, + "endColumn": 64 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 754, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 73, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "05062c87dc99cecece6ca2e0dcc2ca2534249be1f78e70af6121ef577079ec8c", + "1": "4923bf76.4773f344.8b8d7a0c.c559ebce.fd1fa73f.5eabb05b.83265159.3cee0341.c3f8dfad.b6e32c83.4937536e.4f83689a.fd1fa73f.cb9c4e89.83265159.b325124d" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 21, + "endLine": 73, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/userProfile.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 8, + "endColumn": 16 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 19, + "endLine": 47, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "625211daf741757913e91df57456e491e76d32baae2aa31b7324a621e8720991", + "1": "4923bf76.9c6e2949.8b18f948.c559ebce.fd1fa73f.5eabb05b.83265159.be9bb487.1db69a21.b6e32c83.8b18f948.c559ebce.c2cde80a.2da1a176.83265159.041df0b3" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 19, + "endLine": 47, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 29, + "endLine": 29, + "startColumn": 23, + "endColumn": 39 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 51, + "endLine": 72, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "9754d33d2c25b45e7b1d70df4c2aa0dac731bdf5e9908e2a58e5b5c245eb4d2d", + "1": "4923bf76.4773f344.8b8d7a0c.c559ebce.fd1fa73f.5eabb05b.83265159.3cee0341.c3f8dfad.b6e32c83.a32ed1a1.4f83689a.fd1fa73f.cb9c4e89.83265159.b325124d" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 51, + "endLine": 72, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/videoHandler.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 52, + "endLine": 52, + "startColumn": 8, + "endColumn": 16 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/easterEgg.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "b2a03956040ab16ee56bbb15c3048b7527a6ed4334dec2935c6ecff64499a1d1", + "1": "4923bf76.4773f344.8b8d7a0c.c559ebce.fd1fa73f.5eabb05b.83265159.3cee0341.87ba341e.b6e32c83.4937536e.c559ebce.fd1fa73f.cb9c4e89.83265159.041df0b3" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/easterEgg.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/easterEgg.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 15, + "endLine": 15, + "startColumn": 9, + "endColumn": 17 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 45, + "startColumn": 17, + "endColumn": 2 + } + } + } + ], + "fingerprints": { + "0": "fa2757c8d403548a54f45a6bdca7867a0a28107f4bd2a9fcb9ecf18200f9053b", + "1": "92e26ef2.4773f344.8b18f948.c559ebce.fd1fa73f.5fce695c.83265159.89d75565.92e26ef2.b6e32c83.8b18f948.c559ebce.fd1fa73f.5fce695c.83265159.89d75565" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 45, + "startColumn": 17, + "endColumn": 2 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 9, + "endColumn": 15 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 54, + "endLine": 94, + "startColumn": 18, + "endColumn": 2 + } + } + } + ], + "fingerprints": { + "0": "d99bbb6f4fb9f46875c66e28d01504c628074d304504c645efae8ae129582793", + "1": "92e26ef2.4773f344.aa4dda5f.c559ebce.fd1fa73f.5fce695c.83265159.89d75565.92e26ef2.4773f344.782a8fc0.c559ebce.fd1fa73f.5fce695c.83265159.29e8dc3a" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 54, + "endLine": 94, + "startColumn": 18, + "endColumn": 2 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/dataErasure.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 87, + "endLine": 87, + "startColumn": 11, + "endColumn": 17 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/privacyPolicyProof.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "520b030a888a2b60aae83aed160b919d30cba715196707e27f44902cde0ce139", + "1": "4923bf76.4773f344.8b8d7a0c.c559ebce.fd1fa73f.5eabb05b.83265159.3cee0341.87ba341e.b6e32c83.4937536e.c559ebce.0cc54b27.cb9c4e89.83265159.041df0b3" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/privacyPolicyProof.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/privacyPolicyProof.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 15, + "endLine": 15, + "startColumn": 9, + "endColumn": 17 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/languages.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 11, + "endLine": 73, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "a915535c27c481c411594f05b4cc1789b3c7fd1aab9eb6ed7f5481f5f09819aa", + "1": "099c30d7.9c6e2949.8b18f948.c559ebce.fd1fa73f.5eabb05b.83265159.be9bb487.c3f8dfad.b6e32c83.eff3b32f.4f83689a.fd1fa73f.becd9ff1.83265159.b325124d" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/languages.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 11, + "endLine": 73, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/languages.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 8, + "endColumn": 16 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeSnippet.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 74, + "endLine": 120, + "startColumn": 32, + "endColumn": 2 + } + } + } + ], + "fingerprints": { + "0": "1ebeb3f1c81c0895045bb35313f554f9bb3a4e401174286d3cea92b114b61390", + "1": "e7d2421a.9c6e2949.8b18f948.c559ebce.fd1fa73f.8020cfdf.83265159.33454e9d.e7d2421a.b6e32c83.7b031cb3.c559ebce.474b452e.becd9ff1.7b7de394.33454e9d" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeSnippet.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 74, + "endLine": 120, + "startColumn": 32, + "endColumn": 2 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeSnippet.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 94, + "endLine": 94, + "startColumn": 47, + "endColumn": 59 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeFixes.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 69, + "endLine": 98, + "startColumn": 38, + "endColumn": 2 + } + } + } + ], + "fingerprints": { + "0": "3dd9cd9cc4132d9c049a111fb70a9078126d4563e444f1183c14c11e44b6457d", + "1": "a5aeea87.9c6e2949.8b18f948.c559ebce.fd1fa73f.5eabb05b.83265159.67311e43.a05cdd83.b6e32c83.7b031cb3.c559ebce.3a08f0d2.becd9ff1.7b7de394.6de01bb2" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeFixes.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 69, + "endLine": 98, + "startColumn": 38, + "endColumn": 2 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/vulnCodeFixes.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 80, + "endLine": 80, + "startColumn": 46, + "endColumn": 61 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 554, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.", + "arguments": [ + "[endpoint handler](0)", + "[a file system operation](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/premiumReward.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + ], + "fingerprints": { + "0": "7c5bd04663f7f2d99a5b4a2306e5c5879f1dbb72ab7f55bd60d48380ef3b7d88", + "1": "4923bf76.4773f344.8b8d7a0c.c559ebce.fd1fa73f.5eabb05b.83265159.3cee0341.40bc0bae.b6e32c83.4937536e.c559ebce.fd1fa73f.cb9c4e89.83265159.041df0b3" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/premiumReward.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 13, + "endLine": 16, + "startColumn": 10, + "endColumn": 4 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/premiumReward.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 15, + "endLine": 15, + "startColumn": 9, + "endColumn": 17 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 504, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/Ssrf", + "ruleIndex": 2, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into request.get, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4),(5)", + "[request.get](6)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 23, + "startColumn": 30, + "endColumn": 15 + } + } + } + ], + "fingerprints": { + "0": "aac46065ef2da0fd582140907a91ceb700478885678eb2514bd6be88f423f1a6", + "1": "dca15045.70dd3b3b.568208f0.d7919eeb.79a7d027.98c7c24d.df7e59ba.377cd288.6849fe68.b6e32c83.568208f0.08906714.79a7d027.98c7c24d.83265159.a41fb358" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 13, + "endColumn": 17 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 13, + "endColumn": 17 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 9, + "endColumn": 17 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 13, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 19, + "endLine": 19, + "startColumn": 11, + "endColumn": 14 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 16, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/profileImageUrlUpload.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 23, + "startColumn": 30, + "endColumn": 15 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 801, + "priorityScoreFactors": [ + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedPasswords", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Do not hardcode passwords in code. Found hardcoded password used in password.", + "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.", + "arguments": [ + "[password](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 85, + "endLine": 85, + "startColumn": 77, + "endColumn": 85 + } + } + } + ], + "fingerprints": { + "0": "16d5be7628d45f333c93c4c34719773cffc76c5cabb20bb1b6d24012894f7656", + "1": "12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.8030ba4b.12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.8030ba4b" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 85, + "endLine": 85, + "startColumn": 77, + "endColumn": 85 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 552, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedPasswords", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Do not hardcode passwords in code. Found hardcoded password used in password.", + "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.", + "arguments": [ + "[password](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 92, + "endLine": 92, + "startColumn": 78, + "endColumn": 86 + } + } + } + ], + "fingerprints": { + "0": "b203dbff1fae69efd59c7816d07b9e61017893371f623e6d5194e53e6182022a", + "1": "12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.8030ba4b.12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.8030ba4b" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 92, + "endLine": 92, + "startColumn": 78, + "endColumn": 86 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 552, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedPasswords", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Do not hardcode passwords in code. Found hardcoded password used in password.", + "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.", + "arguments": [ + "[password](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/two-factor-auth-service.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 64, + "endLine": 64, + "startColumn": 42, + "endColumn": 50 + } + } + } + ], + "fingerprints": { + "0": "053124f7de915c72b62680448fa0dae1376075b94155babf06de21d09e516311", + "1": "12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.1a479e39.12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.1a479e39" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/two-factor-auth-service.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 64, + "endLine": 64, + "startColumn": 42, + "endColumn": 50 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 552, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedPasswords", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Do not hardcode passwords in code. Found hardcoded password used in password.", + "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.", + "arguments": [ + "[password](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/two-factor-auth-service.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 80, + "endLine": 80, + "startColumn": 42, + "endColumn": 50 + } + } + } + ], + "fingerprints": { + "0": "0ae497be512b556e109e19c0440dda3c97f83bc158078bfb8ffa858e573ce203", + "1": "12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.1a479e39.12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.1a479e39" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/Services/two-factor-auth-service.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 80, + "endLine": 80, + "startColumn": 42, + "endColumn": 50 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 552, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedPasswords", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Do not hardcode passwords in code. Found hardcoded password used in passwordRepeat.", + "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.", + "arguments": [ + "[passwordRepeat](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 85, + "endLine": 85, + "startColumn": 111, + "endColumn": 125 + } + } + } + ], + "fingerprints": { + "0": "16d5be7628d45f333c93c4c34719773cffc76c5cabb20bb1b6d24012894f7656", + "1": "12567ef6.4773f344.607187b5.e052b9a9.79a7d027.fcf3002d.52789fac.8030ba4b.12567ef6.4773f344.607187b5.e052b9a9.79a7d027.fcf3002d.52789fac.8030ba4b" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "frontend/src/app/oauth/oauth.component.spec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 85, + "endLine": 85, + "startColumn": 111, + "endColumn": 125 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 552, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoSqli", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into findOne, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4),(5),(6)", + "[findOne](7)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 16, + "endColumn": 23 + } + } + } + ], + "fingerprints": { + "0": "d3e6d95802bfa65cdee1cc840eda6a7b8422f24962e436dd01730e6116e317ec", + "1": "93652555.4773f344.07efaa4d.9163ada2.ef9f7d82.34a4d81a.df7e59ba.d66579bf.f759b1f9.b6e32c83.07efaa4d.08906714.79a7d027.34a4d81a.0334236c.2151aa9e" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 16, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 11, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 31, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 24, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 16, + "endColumn": 23 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoSqli", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into findOne, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10)", + "[findOne](11)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 28, + "endColumn": 35 + } + } + } + ], + "fingerprints": { + "0": "508ff7c452d0f0a821d3efbddf9c8ead6c964f813b9ead52ee2ebfe4882ee5f0", + "1": "93652555.4773f344.07efaa4d.9163ada2.ef9f7d82.34a4d81a.df7e59ba.d66579bf.f759b1f9.b6e32c83.07efaa4d.08906714.79a7d027.34a4d81a.0334236c.2151aa9e" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 16, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 11, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 31, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 20, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 15, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 43, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 38, + "endColumn": 41 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 36, + "endColumn": 47 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 28, + "endColumn": 35 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoSqli", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into update, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8)", + "[update](9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 22, + "endColumn": 28 + } + } + } + ], + "fingerprints": { + "0": "98c5e37129708b191ac56a1b1984e16a6f40c2e8df534ee7935629794fa5db85", + "1": "12567ef6.4773f344.607187b5.9163ada2.ef9f7d82.34a4d81a.df7e59ba.d66579bf.f759b1f9.b6e32c83.07efaa4d.08906714.79a7d027.34a4d81a.0334236c.2151aa9e" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 16, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 11, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 31, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 20, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 15, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 13, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 24, + "endLine": 24, + "startColumn": 22, + "endColumn": 28 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoSqli", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into update, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)", + "[update](13)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 30, + "endColumn": 36 + } + } + } + ], + "fingerprints": { + "0": "cd257a65b7a12c252af31b0293deb39e45738a460da8fd9dbaba89db52b4a305", + "1": "12567ef6.4773f344.607187b5.9163ada2.ef9f7d82.34a4d81a.df7e59ba.d66579bf.f759b1f9.b6e32c83.07efaa4d.08906714.79a7d027.34a4d81a.0334236c.2151aa9e" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 20, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 16, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 16, + "endLine": 16, + "startColumn": 11, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 31, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 20, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 25, + "endLine": 25, + "startColumn": 15, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 43, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 31, + "endLine": 31, + "startColumn": 38, + "endColumn": 41 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 42, + "endLine": 42, + "startColumn": 28, + "endColumn": 30 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 42, + "endLine": 42, + "startColumn": 23, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 42, + "endLine": 42, + "startColumn": 21, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/likeProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 41, + "endLine": 41, + "startColumn": 30, + "endColumn": 36 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoSqli", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Unsanitized input from the HTTP request body flows into update, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an NoSQL query. This may result in an NoSQL Injection vulnerability.", + "arguments": [ + "[the HTTP request body](0)", + "[flows](1),(2),(3),(4)", + "[update](5)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 16, + "endColumn": 22 + } + } + } + ], + "fingerprints": { + "0": "403a9b0a3b2d6ed8a1f613645a03631613f8380c2f8e8a86d83422a2f70b66bf", + "1": "12567ef6.4773f344.607187b5.9163ada2.ef9f7d82.34a4d81a.df7e59ba.d66579bf.f759b1f9.b6e32c83.2d2c7aff.08906714.79a7d027.34a4d81a.0334236c.2151aa9e" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 18, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 18, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 14, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 9, + "endColumn": 12 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 18, + "endLine": 18, + "startColumn": 7, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/updateProductReviews.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 17, + "endLine": 17, + "startColumn": 16, + "endColumn": 22 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 752, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/HardcodedSecret/test", + "ruleIndex": 5, + "level": "note", + "message": { + "text": "Hardcoded value is used as a cipher key (in jsonwebtoken.#default.sign). Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "markdown": "Hardcoded {0} is used as a {1}. Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "arguments": [ + "[value](0)", + "[cipher key (in jsonwebtoken.#default.sign)](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 149, + "endLine": 149, + "startColumn": 8, + "endColumn": 39 + } + } + } + ], + "fingerprints": { + "0": "8927f4670c679414a5cdfb3bd6bff6b363ce47acae79bd92803aa7e46f9f21a7", + "1": "20326186.4773f344.8b18f948.d7919eeb.79a7d027.8020cfdf.df938d4d.45cbaa21.20326186.4773f344.8b18f948.d7919eeb.79a7d027.8020cfdf.df938d4d.45cbaa21" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 149, + "endLine": 149, + "startColumn": 8, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 146, + "endLine": 146, + "startColumn": 35, + "endColumn": 39 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 401, + "priorityScoreFactors": [ + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/JwtDecodeMethod", + "ruleIndex": 6, + "level": "warning", + "message": { + "text": "A JWT decode() method is used that decodes the token but does not check its validity or integrity. If the JWT has originated from an untrusted source, decoded data could be crafted by an attacker and should not be considered safe to use or process within the application. Always use JWT verification methods to validate the structure and integrity of a token.", + "markdown": "A JWT decode() method is used that decodes the token but does not check its validity or integrity. If the JWT has originated from an untrusted source, decoded data could be crafted by an attacker and should not be considered safe to use or process within the application. Always use JWT verification methods to validate the structure and integrity of a token.", + "arguments": [] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "routes/verify.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 113, + "endLine": 113, + "startColumn": 41, + "endColumn": 51 + } + } + } + ], + "fingerprints": { + "0": "ba26f4ebc04a19051e00a5ec819e920845ad080a17d8b484b364ecce02b640bf", + "1": "46b7c801.4773f344.0f22609d.72a8f743.ef9f7d82.8020cfdf.ea4b1c47.ae94f388.46b7c801.4773f344.0f22609d.72a8f743.ef9f7d82.8020cfdf.ea4b1c47.ae94f388" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "routes/verify.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 113, + "endLine": 113, + "startColumn": 41, + "endColumn": 51 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 301, + "priorityScoreFactors": [ + { + "label": true, + "type": "hotFileCodeFlow" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/HardcodedNonCryptoSecret", + "ruleIndex": 7, + "level": "error", + "message": { + "text": "Avoid hardcoding values that are meant to be secret. Found a hardcoded string used in here.", + "markdown": "Avoid hardcoding values that are meant to be secret. Found {0} used in {1}.", + "arguments": [ + "[a hardcoded string](0)", + "[here](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 54, + "endLine": 54, + "startColumn": 49, + "endColumn": 55 + } + } + } + ], + "fingerprints": { + "0": "ce76473d8a0de12d7deba29848fec2332cc17798cae52436f64242dd341b6ba2", + "1": "46b7c801.4773f344.607187b5.72a8f743.79a7d027.a47a18e2.dd02ad61.ae94f388.46b7c801.dd1130f5.8b18f948.61d81d8d.79a7d027.a47a18e2.468bb5d4.ae94f388" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 83, + "endColumn": 107 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 54, + "endLine": 54, + "startColumn": 49, + "endColumn": 55 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 801, + "priorityScoreFactors": [ + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/HardcodedSecret", + "ruleIndex": 8, + "level": "error", + "message": { + "text": "Hardcoded value is used as a cipher key (in jsonwebtoken.#default.verify). Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "markdown": "Hardcoded {0} is used as a {1}. Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "arguments": [ + "[value](0)", + "[cipher key (in jsonwebtoken.#default.verify)](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 83, + "endColumn": 107 + } + } + } + ], + "fingerprints": { + "0": "bd0cbcaad32d2a689a2b613cc191c8bd05eed93dbb3584632c7192475e3b7c61", + "1": "fc3065be.4773f344.8b18f948.61d81d8d.ef9f7d82.a47a18e2.468bb5d4.ae94f388.46b7c801.4773f344.8b18f948.61d81d8d.4c40509c.f30cf624.468bb5d4.ae94f388" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 22, + "endLine": 22, + "startColumn": 83, + "endColumn": 107 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 197, + "endLine": 197, + "startColumn": 9, + "endColumn": 15 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/HardcodedSecret", + "ruleIndex": 8, + "level": "error", + "message": { + "text": "Hardcoded value is used as a cipher key (in crypto.#default.createHmac). Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "markdown": "Hardcoded {0} is used as a {1}. Generate the value with a cryptographically strong random number generator and do not hardcode it in source code.", + "arguments": [ + "[value](0)", + "[cipher key (in crypto.#default.createHmac)](1)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 20, + "endColumn": 902 + } + } + } + ], + "fingerprints": { + "0": "505b93a244fdf2552034cc5341be6bf71983ed87f9dc70780fe2589154471256", + "1": "ae77ea27.4773f344.8b18f948.d7919eeb.feee7bcb.5fce695c.c8cd882a.89d75565.839b1d0f.4773f344.191eaf2b.3b7658bb.ac82cb7b.5fce695c.c8cd882a.71520ffe" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 23, + "endLine": 23, + "startColumn": 20, + "endColumn": 902 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "lib/insecurity.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 158, + "endLine": 158, + "startColumn": 23, + "endColumn": 33 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 802, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedCredentials/test", + "ruleIndex": 21, + "level": "note", + "message": { + "text": "Do not hardcode credentials in code. Found hardcoded credential used in register.", + "markdown": "Do not hardcode credentials in code. Found hardcoded credential used in {0}.", + "arguments": [ + "[register](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 396, + "endLine": 396, + "startColumn": 22, + "endColumn": 27 + } + } + } + ], + "fingerprints": { + "0": "0df952e0c180c52854d6919b014e50ddb8fb548cc6cc101fcee86385a5618e7b", + "1": "306348b3.4773f344.607187b5.d7919eeb.79a7d027.f7edcf51.d79c4c07.382555c6.6bb676bb.4773f344.c9330245.d7919eeb.ff08c1e7.5fce695c.d79c4c07.d85bc50f" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 396, + "endLine": 396, + "startColumn": 11, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 417, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "javascript/NoHardcodedCredentials/test", + "ruleIndex": 21, + "level": "note", + "message": { + "text": "Do not hardcode credentials in code. Found hardcoded credential used in register.", + "markdown": "Do not hardcode credentials in code. Found hardcoded credential used in {0}.", + "arguments": [ + "[register](0)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 433, + "endLine": 433, + "startColumn": 22, + "endColumn": 27 + } + } + } + ], + "fingerprints": { + "0": "406af9b904e9b91700eb515b87979a86e7495640b3957ab2b0782b44aa4fbc0e", + "1": "306348b3.4773f344.607187b5.d7919eeb.79a7d027.f7edcf51.d79c4c07.382555c6.6bb676bb.4773f344.c9330245.d7919eeb.ff08c1e7.5fce695c.d79c4c07.d85bc50f" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "test/api/2faSpec.ts", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 433, + "endLine": 433, + "startColumn": 11, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 417, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + }, + { + "label": true, + "type": "fixExamples" + } + ], + "isAutofixable": false + } + } + ], + "properties": { + "coverage": [ + { + "isSupported": true, + "lang": "JavaScript", + "files": 15, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "TypeScript", + "files": 536, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "XML", + "files": 5, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "HTML", + "files": 75, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "Python", + "files": 3, + "type": "SUPPORTED" + }, + { + "isSupported": false, + "lang": "TypeScript", + "files": 35, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "XML", + "files": 2, + "type": "FAILED_PARSING" + } + ] + } + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/snyk/snykcontainer_issue_9270.json b/unittests/scans/snyk/snykcontainer_issue_9270.json new file mode 100644 index 00000000000..0cc8316fbab --- /dev/null +++ b/unittests/scans/snyk/snykcontainer_issue_9270.json @@ -0,0 +1,4041 @@ +{ + "vulnerabilities": [ + { + "id": "SNYK-DEBIAN11-GCC10-5901313", + "cpes": [], + "title": "CVE-2023-4039", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.8, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4039", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4039" + }, + { + "url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", + "title": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64" + }, + { + "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", + "title": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf" + } + ], + "cvssDetails": [ + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 8.1, + "modificationTime": "2023-09-20T11:09:16.812999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-09-15T01:10:52.576715Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-11-08T09:43:38.403520Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-10` package and not the `gcc-10` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\n\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `gcc-10`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [arm-security@arm.com](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [arm-security@arm.com](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n", + "epssDetails": { + "percentile": "0.14414", + "probability": "0.00046", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4039" + ], + "CWE": [], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "gcc-10", + "creationTime": "2023-09-14T00:55:43.720861Z", + "disclosureTime": "2023-09-13T09:15:15.690000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-14T00:54:21.518198Z", + "modificationTime": "2023-11-08T09:43:38.403520Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "gcc-10/libgcc-s1@10.2.1-6" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "gcc-10/libgcc-s1", + "version": "10.2.1-6" + }, + { + "id": "SNYK-DEBIAN11-GCC10-5901313", + "cpes": [], + "title": "CVE-2023-4039", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.8, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4039", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4039" + }, + { + "url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", + "title": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64" + }, + { + "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", + "title": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf" + } + ], + "cvssDetails": [ + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 8.1, + "modificationTime": "2023-09-20T11:09:16.812999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-09-15T01:10:52.576715Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-11-08T09:43:38.403520Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-10` package and not the `gcc-10` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\n\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `gcc-10`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [arm-security@arm.com](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [arm-security@arm.com](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n", + "epssDetails": { + "percentile": "0.14414", + "probability": "0.00046", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4039" + ], + "CWE": [], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "gcc-10", + "creationTime": "2023-09-14T00:55:43.720861Z", + "disclosureTime": "2023-09-13T09:15:15.690000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-14T00:54:21.518198Z", + "modificationTime": "2023-11-08T09:43:38.403520Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "gcc-10/libstdc++6@10.2.1-6", + "gcc-10/libgcc-s1@10.2.1-6" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "gcc-10/libgcc-s1", + "version": "10.2.1-6" + }, + { + "id": "SNYK-DEBIAN11-GCC10-5901313", + "cpes": [], + "title": "CVE-2023-4039", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.8, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4039", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4039" + }, + { + "url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", + "title": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64" + }, + { + "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", + "title": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf" + } + ], + "cvssDetails": [ + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 8.1, + "modificationTime": "2023-09-20T11:09:16.812999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-09-15T01:10:52.576715Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-11-08T09:43:38.403520Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-10` package and not the `gcc-10` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\n\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `gcc-10`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [arm-security@arm.com](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [arm-security@arm.com](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n", + "epssDetails": { + "percentile": "0.14414", + "probability": "0.00046", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4039" + ], + "CWE": [], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "gcc-10", + "creationTime": "2023-09-14T00:55:43.720861Z", + "disclosureTime": "2023-09-13T09:15:15.690000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-14T00:54:21.518198Z", + "modificationTime": "2023-11-08T09:43:38.403520Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "gcc-10/libgomp1@10.2.1-6" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "gcc-10/libgomp1", + "version": "10.2.1-6" + }, + { + "id": "SNYK-DEBIAN11-GCC10-5901313", + "cpes": [], + "title": "CVE-2023-4039", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.8, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4039", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4039" + }, + { + "url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64", + "title": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64" + }, + { + "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf", + "title": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf" + } + ], + "cvssDetails": [ + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 8.1, + "modificationTime": "2023-09-20T11:09:16.812999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-09-15T01:10:52.576715Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 4.8, + "modificationTime": "2023-11-08T09:43:38.403520Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-10` package and not the `gcc-10` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\n\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `gcc-10`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [arm-security@arm.com](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [arm-security@arm.com](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n", + "epssDetails": { + "percentile": "0.14414", + "probability": "0.00046", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4039" + ], + "CWE": [], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "gcc-10", + "creationTime": "2023-09-14T00:55:43.720861Z", + "disclosureTime": "2023-09-13T09:15:15.690000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-14T00:54:21.518198Z", + "modificationTime": "2023-11-08T09:43:38.403520Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "gcc-10/libstdc++6@10.2.1-6" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "gcc-10/libstdc++6", + "version": "10.2.1-6" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-532215", + "cpes": [], + "title": "Resource Management Errors", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "title": "https://security-tracker.debian.org/tracker/CVE-2010-4756" + }, + { + "url": "http://cxib.net/stuff/glob-0day.c", + "title": "http://cxib.net/stuff/glob-0day.c" + }, + { + "url": "http://securityreason.com/achievement_securityalert/89", + "title": "http://securityreason.com/achievement_securityalert/89" + }, + { + "url": "http://securityreason.com/exploitalert/9223", + "title": "http://securityreason.com/exploitalert/9223" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=681681" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 4.3, + "modificationTime": "2023-02-09T11:23:31.120244Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:41:21.515733Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2010-4756)\n- [http://cxib.net/stuff/glob-0day.c](http://cxib.net/stuff/glob-0day.c)\n- [http://securityreason.com/achievement_securityalert/89](http://securityreason.com/achievement_securityalert/89)\n- [http://securityreason.com/exploitalert/9223](http://securityreason.com/exploitalert/9223)\n- [MISC](https://bugzilla.redhat.com/show_bug.cgi?id=681681)\n- [MISC](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756)\n", + "epssDetails": { + "percentile": "0.79904", + "probability": "0.00824", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2010-4756" + ], + "CWE": [ + "CWE-399" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2020-08-19T09:32:45.970155Z", + "disclosureTime": "2011-03-02T20:00:00Z", + "packageManager": "debian:11", + "publicationTime": "2011-03-02T20:00:00Z", + "modificationTime": "2023-11-08T09:41:21.515733Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-5894105", + "cpes": [], + "title": "Use After Free", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.9, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4806", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4806" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4806", + "title": "https://access.redhat.com/security/cve/CVE-2023-4806" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2237782" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/4", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/5", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/6", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/8", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/8" + }, + { + "url": "https://security.gentoo.org/glsa/202310-03", + "title": "https://security.gentoo.org/glsa/202310-03" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5453", + "title": "https://access.redhat.com/errata/RHSA-2023:5453" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5455", + "title": "https://access.redhat.com/errata/RHSA-2023:5455" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7409", + "title": "https://access.redhat.com/errata/RHSA-2023:7409" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-09-27T01:10:58.963846Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-11-08T09:44:04.286569Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nA flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4806)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4806)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2237782)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/4)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/5)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/6)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/8)\n- [secalert@redhat.com](https://security.gentoo.org/glsa/202310-03)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5453)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5455)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:7409)\n", + "epssDetails": { + "percentile": "0.40141", + "probability": "0.00097", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4806" + ], + "CWE": [ + "CWE-416" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2023-09-13T13:01:01.946655Z", + "disclosureTime": "2023-09-18T17:15:55.813000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-13T13:01:01.926030Z", + "modificationTime": "2023-11-08T09:44:04.286569Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-5894112", + "cpes": [], + "title": "Use After Free", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.9, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4813", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4813" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4813", + "title": "https://access.redhat.com/security/cve/CVE-2023-4813" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2237798" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/8", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/8" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5453", + "title": "https://access.redhat.com/errata/RHSA-2023:5453" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5455", + "title": "https://access.redhat.com/errata/RHSA-2023:5455" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231110-0003/", + "title": "https://security.netapp.com/advisory/ntap-20231110-0003/" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7409", + "title": "https://access.redhat.com/errata/RHSA-2023:7409" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-09-21T01:10:58.024645Z" + }, + { + "assigner": "SUSE", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-10-12T11:02:48.940818Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-11-08T09:44:04.286614Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nA flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4813)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4813)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2237798)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/8)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5453)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5455)\n- [secalert@redhat.com](https://security.netapp.com/advisory/ntap-20231110-0003/)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:7409)\n", + "epssDetails": { + "percentile": "0.41335", + "probability": "0.00102", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4813" + ], + "CWE": [ + "CWE-416" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2023-09-13T13:01:46.841726Z", + "disclosureTime": "2023-09-12T22:15:08.277000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-13T13:01:32.099229Z", + "modificationTime": "2023-11-08T09:44:04.286614Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-521063", + "cpes": [], + "title": "Out-of-Bounds", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 9.8, + "malicious": false, + "isDisputed": true, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "title": "https://security-tracker.debian.org/tracker/CVE-2019-1010022" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22850%23c3", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=22850%23c3" + }, + { + "url": "https://ubuntu.com/security/CVE-2019-1010022", + "title": "https://ubuntu.com/security/CVE-2019-1010022" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "critical", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 9.8, + "modificationTime": "2022-01-03T17:53:20.558676Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2019-1010022)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=22850)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3)\n- [UBUNTU](https://ubuntu.com/security/CVE-2019-1010022)\n", + "epssDetails": { + "percentile": "0.68021", + "probability": "0.00335", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2019-1010022" + ], + "CWE": [ + "CWE-119" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "critical", + "packageName": "glibc", + "creationTime": "2020-08-19T09:35:26.761208Z", + "disclosureTime": "2019-07-15T04:15:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-07-24T09:33:32.251091Z", + "modificationTime": "2022-10-26T02:04:58.132579Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-521199", + "cpes": [], + "title": "Uncontrolled Recursion", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 7.5, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "title": "https://security-tracker.debian.org/tracker/CVE-2019-9192" + }, + { + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=24269" + }, + { + "url": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192", + "title": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192" + }, + { + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2022-01-03T18:01:31.673539Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2019-9192)\n- [CONFIRM](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=24269)\n- [Ubuntu CVE Tracker](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192)\n- [cve@mitre.org](https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS)\n", + "epssDetails": { + "percentile": "0.43326", + "probability": "0.00108", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2019-9192" + ], + "CWE": [ + "CWE-674" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "high", + "packageName": "glibc", + "creationTime": "2020-08-19T09:34:51.325920Z", + "disclosureTime": "2019-02-26T18:29:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-02-26T18:29:00Z", + "modificationTime": "2022-10-26T02:05:07.667771Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-522385", + "cpes": [], + "title": "Use of Insufficiently Random Values", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "title": "https://security-tracker.debian.org/tracker/CVE-2019-1010025" + }, + { + "url": "https://support.f5.com/csp/article/K06046097", + "title": "https://support.f5.com/csp/article/K06046097" + }, + { + "url": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=22853" + }, + { + "url": "https://ubuntu.com/security/CVE-2019-1010025", + "title": "https://ubuntu.com/security/CVE-2019-1010025" + }, + { + "url": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2022-01-03T17:53:25.533412Z" + }, + { + "assigner": "Red Hat", + "severity": "low", + "cvssV3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvssV3BaseScore": 2.9, + "modificationTime": "2023-11-08T09:41:53.285202Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2019-1010025)\n- [CONFIRM](https://support.f5.com/csp/article/K06046097)\n- [CONFIRM](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=22853)\n- [UBUNTU](https://ubuntu.com/security/CVE-2019-1010025)\n- [josh@bress.net](https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS)\n", + "epssDetails": { + "percentile": "0.63157", + "probability": "0.00255", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2019-1010025" + ], + "CWE": [ + "CWE-330" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2020-08-19T09:35:27.035439Z", + "disclosureTime": "2019-07-15T04:15:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-07-24T09:33:59.230537Z", + "modificationTime": "2023-11-08T09:41:53.285202Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-529848", + "cpes": [], + "title": "Information Exposure", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "title": "https://security-tracker.debian.org/tracker/CVE-2019-1010024" + }, + { + "url": "https://support.f5.com/csp/article/K06046097", + "title": "https://support.f5.com/csp/article/K06046097" + }, + { + "url": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=22852" + }, + { + "url": "http://www.securityfocus.com/bid/109162", + "title": "http://www.securityfocus.com/bid/109162" + }, + { + "url": "https://ubuntu.com/security/CVE-2019-1010024", + "title": "https://ubuntu.com/security/CVE-2019-1010024" + }, + { + "url": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2022-01-03T17:53:36.633029Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:41:53.283850Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2019-1010024)\n- [CONFIRM](https://support.f5.com/csp/article/K06046097)\n- [CONFIRM](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=22852)\n- [Security Focus](http://www.securityfocus.com/bid/109162)\n- [UBUNTU](https://ubuntu.com/security/CVE-2019-1010024)\n- [josh@bress.net](https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS)\n", + "epssDetails": { + "percentile": "0.88369", + "probability": "0.02258", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2019-1010024" + ], + "CWE": [ + "CWE-200" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2020-08-19T09:35:29.535158Z", + "disclosureTime": "2019-07-15T04:15:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-07-24T09:44:44.882448Z", + "modificationTime": "2023-11-08T09:41:53.283850Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-531451", + "cpes": [], + "title": "CVE-2019-1010023", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 8.8, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "title": "https://security-tracker.debian.org/tracker/CVE-2019-1010023" + }, + { + "url": "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "title": "https://sourceware.org/bugzilla/show_bug.cgi?id=22851" + }, + { + "url": "http://www.securityfocus.com/bid/109167", + "title": "http://www.securityfocus.com/bid/109167" + }, + { + "url": "https://ubuntu.com/security/CVE-2019-1010023", + "title": "https://ubuntu.com/security/CVE-2019-1010023" + }, + { + "url": "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 8.8, + "modificationTime": "2022-01-03T17:53:36.820375Z" + }, + { + "assigner": "Red Hat", + "severity": "high", + "cvssV3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 7.8, + "modificationTime": "2023-11-08T09:41:53.271238Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nGNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2019-1010023)\n- [CONFIRM](https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS)\n- [MISC](https://sourceware.org/bugzilla/show_bug.cgi?id=22851)\n- [Security Focus](http://www.securityfocus.com/bid/109167)\n- [UBUNTU](https://ubuntu.com/security/CVE-2019-1010023)\n- [josh@bress.net](https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS)\n", + "epssDetails": { + "percentile": "0.82602", + "probability": "0.01081", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2019-1010023" + ], + "CWE": [], + "ALTERNATIVE": [] + }, + "nvdSeverity": "high", + "packageName": "glibc", + "creationTime": "2020-08-19T09:35:27.642271Z", + "disclosureTime": "2019-07-15T04:15:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-07-24T09:36:38.241516Z", + "modificationTime": "2023-11-08T09:41:53.271238Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-531492", + "cpes": [], + "title": "Uncontrolled Recursion", + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 7.5, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "title": "https://security-tracker.debian.org/tracker/CVE-2018-20796" + }, + { + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "title": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141" + }, + { + "url": "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "title": "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20190315-0002/", + "title": "https://security.netapp.com/advisory/ntap-20190315-0002/" + }, + { + "url": "http://www.securityfocus.com/bid/107160", + "title": "http://www.securityfocus.com/bid/107160" + }, + { + "url": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796", + "title": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796" + }, + { + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS", + "title": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2022-01-03T16:26:27.939810Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:41:53.328123Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2018-20796)\n- [CONFIRM](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [MISC](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141)\n- [MISC](https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html)\n- [Netapp Security Advisory](https://security.netapp.com/advisory/ntap-20190315-0002/)\n- [Security Focus](http://www.securityfocus.com/bid/107160)\n- [Ubuntu CVE Tracker](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796)\n- [cve@mitre.org](https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS)\n", + "epssDetails": { + "percentile": "0.77618", + "probability": "0.00678", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2018-20796" + ], + "CWE": [ + "CWE-674" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "high", + "packageName": "glibc", + "creationTime": "2020-08-19T09:34:51.493703Z", + "disclosureTime": "2019-02-26T02:29:00Z", + "packageManager": "debian:11", + "publicationTime": "2019-02-26T02:29:00Z", + "modificationTime": "2023-11-08T09:41:53.328123Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-532215", + "cpes": [], + "title": "Resource Management Errors", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 4.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "title": "https://security-tracker.debian.org/tracker/CVE-2010-4756" + }, + { + "url": "http://cxib.net/stuff/glob-0day.c", + "title": "http://cxib.net/stuff/glob-0day.c" + }, + { + "url": "http://securityreason.com/achievement_securityalert/89", + "title": "http://securityreason.com/achievement_securityalert/89" + }, + { + "url": "http://securityreason.com/exploitalert/9223", + "title": "http://securityreason.com/exploitalert/9223" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=681681" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 4.3, + "modificationTime": "2023-02-09T11:23:31.120244Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:41:21.515733Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2010-4756)\n- [http://cxib.net/stuff/glob-0day.c](http://cxib.net/stuff/glob-0day.c)\n- [http://securityreason.com/achievement_securityalert/89](http://securityreason.com/achievement_securityalert/89)\n- [http://securityreason.com/exploitalert/9223](http://securityreason.com/exploitalert/9223)\n- [MISC](https://bugzilla.redhat.com/show_bug.cgi?id=681681)\n- [MISC](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756)\n", + "epssDetails": { + "percentile": "0.79904", + "probability": "0.00824", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2010-4756" + ], + "CWE": [ + "CWE-399" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2020-08-19T09:32:45.970155Z", + "disclosureTime": "2011-03-02T20:00:00Z", + "packageManager": "debian:11", + "publicationTime": "2011-03-02T20:00:00Z", + "modificationTime": "2023-11-08T09:41:21.515733Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-5894105", + "cpes": [], + "title": "Use After Free", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.9, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4806", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4806" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4806", + "title": "https://access.redhat.com/security/cve/CVE-2023-4806" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237782", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2237782" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/4", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/5", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/6", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/8", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/8" + }, + { + "url": "https://security.gentoo.org/glsa/202310-03", + "title": "https://security.gentoo.org/glsa/202310-03" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/", + "title": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5453", + "title": "https://access.redhat.com/errata/RHSA-2023:5453" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5455", + "title": "https://access.redhat.com/errata/RHSA-2023:5455" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7409", + "title": "https://access.redhat.com/errata/RHSA-2023:7409" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-09-27T01:10:58.963846Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-11-08T09:44:04.286569Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nA flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4806)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4806)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2237782)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/4)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/5)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/6)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/8)\n- [secalert@redhat.com](https://security.gentoo.org/glsa/202310-03)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/)\n- [secalert@redhat.com](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5453)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5455)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:7409)\n", + "epssDetails": { + "percentile": "0.40141", + "probability": "0.00097", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4806" + ], + "CWE": [ + "CWE-416" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2023-09-13T13:01:01.946655Z", + "disclosureTime": "2023-09-18T17:15:55.813000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-13T13:01:01.926030Z", + "modificationTime": "2023-11-08T09:44:04.286569Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-GLIBC-5894112", + "cpes": [], + "title": "Use After Free", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.9, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4813", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-4813" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4813", + "title": "https://access.redhat.com/security/cve/CVE-2023-4813" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237798", + "title": "https://bugzilla.redhat.com/show_bug.cgi?id=2237798" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/03/8", + "title": "http://www.openwall.com/lists/oss-security/2023/10/03/8" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5453", + "title": "https://access.redhat.com/errata/RHSA-2023:5453" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5455", + "title": "https://access.redhat.com/errata/RHSA-2023:5455" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231110-0003/", + "title": "https://security.netapp.com/advisory/ntap-20231110-0003/" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7409", + "title": "https://access.redhat.com/errata/RHSA-2023:7409" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-09-21T01:10:58.024645Z" + }, + { + "assigner": "SUSE", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-10-12T11:02:48.940818Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 5.9, + "modificationTime": "2023-11-08T09:44:04.286614Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nA flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.\n## Remediation\nThere is no fixed version for `Debian:11` `glibc`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-4813)\n- [secalert@redhat.com](https://access.redhat.com/security/cve/CVE-2023-4813)\n- [secalert@redhat.com](https://bugzilla.redhat.com/show_bug.cgi?id=2237798)\n- [secalert@redhat.com](http://www.openwall.com/lists/oss-security/2023/10/03/8)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5453)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:5455)\n- [secalert@redhat.com](https://security.netapp.com/advisory/ntap-20231110-0003/)\n- [secalert@redhat.com](https://access.redhat.com/errata/RHSA-2023:7409)\n", + "epssDetails": { + "percentile": "0.41335", + "probability": "0.00102", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-4813" + ], + "CWE": [ + "CWE-416" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "glibc", + "creationTime": "2023-09-13T13:01:46.841726Z", + "disclosureTime": "2023-09-12T22:15:08.277000Z", + "packageManager": "debian:11", + "publicationTime": "2023-09-13T13:01:32.099229Z", + "modificationTime": "2023-11-08T09:44:04.286614Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1", + "glibc/libc6@2.31-13+deb11u7" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "glibc/libc6", + "version": "2.31-13+deb11u7" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-518334", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.4, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-6755", + "title": "https://security-tracker.debian.org/tracker/CVE-2007-6755" + }, + { + "url": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "title": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "title": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "title": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html" + }, + { + "url": "http://rump2007.cr.yp.to/15-shumow.pdf", + "title": "http://rump2007.cr.yp.to/15-shumow.pdf" + }, + { + "url": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "title": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/" + }, + { + "url": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", + "title": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + }, + { + "url": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "title": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect" + }, + { + "url": "http://www.securityfocus.com/bid/63657", + "title": "http://www.securityfocus.com/bid/63657" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-02-09T11:25:00.865086Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-11-08T09:41:50.005364Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2007-6755)\n- [http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/](http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/)\n- [http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html](http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html)\n- [http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html](http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html)\n- [http://rump2007.cr.yp.to/15-shumow.pdf](http://rump2007.cr.yp.to/15-shumow.pdf)\n- [http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/](http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/)\n- [https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html](https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html)\n- [http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect](http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect)\n- [Security Focus](http://www.securityfocus.com/bid/63657)\n", + "epssDetails": { + "percentile": "0.76307", + "probability": "0.00614", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2007-6755" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:23:31.735743Z", + "disclosureTime": "2013-10-11T22:55:00Z", + "packageManager": "debian:11", + "publicationTime": "2013-10-11T22:55:00Z", + "modificationTime": "2023-11-08T09:41:50.005364Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-525332", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.1, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-0928", + "title": "https://security-tracker.debian.org/tracker/CVE-2010-0928" + }, + { + "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "title": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/" + }, + { + "url": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf" + }, + { + "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "title": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html" + }, + { + "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "title": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/" + }, + { + "url": "http://xforce.iss.net/xforce/xfdb/56750", + "title": "http://xforce.iss.net/xforce/xfdb/56750" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750", + "title": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + }, + { + "url": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "cvssV3BaseScore": 5.1, + "modificationTime": "2023-02-09T11:22:59.868606Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2010-0928)\n- [http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/](http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/)\n- [http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf](http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf)\n- [http://www.networkworld.com/news/2010/030410-rsa-security-attack.html](http://www.networkworld.com/news/2010/030410-rsa-security-attack.html)\n- [http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/](http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/)\n- [http://xforce.iss.net/xforce/xfdb/56750](http://xforce.iss.net/xforce/xfdb/56750)\n- [X-force Vulnerability Report](https://exchange.xforce.ibmcloud.com/vulnerabilities/56750)\n- [cve@mitre.org](http://www.osvdb.org/62808)\n- [cve@mitre.org](http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf)\n", + "epssDetails": { + "percentile": "0.27307", + "probability": "0.00066", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2010-0928" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:30:53.411236Z", + "disclosureTime": "2010-03-05T19:30:00Z", + "packageManager": "debian:11", + "publicationTime": "2010-03-05T19:30:00Z", + "modificationTime": "2023-02-10T13:11:38.644692Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-6048819", + "cpes": [], + "title": "Improper Check for Unusual or Exceptional Conditions", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-5678", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-5678" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" + }, + { + "url": "https://www.openssl.org/news/secadv/20231106.txt", + "title": "https://www.openssl.org/news/secadv/20231106.txt" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231130-0010/", + "title": "https://security.netapp.com/advisory/ntap-20231130-0010/" + } + ], + "cvssDetails": [ + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T13:48:19.543999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-22T01:10:47.412869Z" + }, + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2023-11-22T11:02:51.571843Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-5678)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n- [openssl-security@openssl.org](https://security.netapp.com/advisory/ntap-20231130-0010/)\n", + "epssDetails": { + "percentile": "0.33119", + "probability": "0.00079", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-5678" + ], + "CWE": [ + "CWE-754" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2023-11-07T02:36:49.140701Z", + "disclosureTime": "2023-11-06T16:15:42.670000Z", + "packageManager": "debian:11", + "publicationTime": "2023-11-07T02:33:36.224937Z", + "modificationTime": "2023-11-22T11:02:51.571843Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-518334", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.4, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-6755", + "title": "https://security-tracker.debian.org/tracker/CVE-2007-6755" + }, + { + "url": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "title": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "title": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "title": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html" + }, + { + "url": "http://rump2007.cr.yp.to/15-shumow.pdf", + "title": "http://rump2007.cr.yp.to/15-shumow.pdf" + }, + { + "url": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "title": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/" + }, + { + "url": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", + "title": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + }, + { + "url": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "title": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect" + }, + { + "url": "http://www.securityfocus.com/bid/63657", + "title": "http://www.securityfocus.com/bid/63657" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-02-09T11:25:00.865086Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-11-08T09:41:50.005364Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2007-6755)\n- [http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/](http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/)\n- [http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html](http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html)\n- [http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html](http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html)\n- [http://rump2007.cr.yp.to/15-shumow.pdf](http://rump2007.cr.yp.to/15-shumow.pdf)\n- [http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/](http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/)\n- [https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html](https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html)\n- [http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect](http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect)\n- [Security Focus](http://www.securityfocus.com/bid/63657)\n", + "epssDetails": { + "percentile": "0.76307", + "probability": "0.00614", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2007-6755" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:23:31.735743Z", + "disclosureTime": "2013-10-11T22:55:00Z", + "packageManager": "debian:11", + "publicationTime": "2013-10-11T22:55:00Z", + "modificationTime": "2023-11-08T09:41:50.005364Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-525332", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.1, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-0928", + "title": "https://security-tracker.debian.org/tracker/CVE-2010-0928" + }, + { + "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "title": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/" + }, + { + "url": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf" + }, + { + "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "title": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html" + }, + { + "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "title": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/" + }, + { + "url": "http://xforce.iss.net/xforce/xfdb/56750", + "title": "http://xforce.iss.net/xforce/xfdb/56750" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750", + "title": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + }, + { + "url": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "cvssV3BaseScore": 5.1, + "modificationTime": "2023-02-09T11:22:59.868606Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2010-0928)\n- [http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/](http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/)\n- [http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf](http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf)\n- [http://www.networkworld.com/news/2010/030410-rsa-security-attack.html](http://www.networkworld.com/news/2010/030410-rsa-security-attack.html)\n- [http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/](http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/)\n- [http://xforce.iss.net/xforce/xfdb/56750](http://xforce.iss.net/xforce/xfdb/56750)\n- [X-force Vulnerability Report](https://exchange.xforce.ibmcloud.com/vulnerabilities/56750)\n- [cve@mitre.org](http://www.osvdb.org/62808)\n- [cve@mitre.org](http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf)\n", + "epssDetails": { + "percentile": "0.27307", + "probability": "0.00066", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2010-0928" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:30:53.411236Z", + "disclosureTime": "2010-03-05T19:30:00Z", + "packageManager": "debian:11", + "publicationTime": "2010-03-05T19:30:00Z", + "modificationTime": "2023-02-10T13:11:38.644692Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-6048819", + "cpes": [], + "title": "Improper Check for Unusual or Exceptional Conditions", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-5678", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-5678" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" + }, + { + "url": "https://www.openssl.org/news/secadv/20231106.txt", + "title": "https://www.openssl.org/news/secadv/20231106.txt" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231130-0010/", + "title": "https://security.netapp.com/advisory/ntap-20231130-0010/" + } + ], + "cvssDetails": [ + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T13:48:19.543999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-22T01:10:47.412869Z" + }, + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2023-11-22T11:02:51.571843Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-5678)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n- [openssl-security@openssl.org](https://security.netapp.com/advisory/ntap-20231130-0010/)\n", + "epssDetails": { + "percentile": "0.33119", + "probability": "0.00079", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-5678" + ], + "CWE": [ + "CWE-754" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2023-11-07T02:36:49.140701Z", + "disclosureTime": "2023-11-06T16:15:42.670000Z", + "packageManager": "debian:11", + "publicationTime": "2023-11-07T02:33:36.224937Z", + "modificationTime": "2023-11-22T11:02:51.571843Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1", + "openssl/libssl1.1@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl/libssl1.1", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-518334", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.4, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-6755", + "title": "https://security-tracker.debian.org/tracker/CVE-2007-6755" + }, + { + "url": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", + "title": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", + "title": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html" + }, + { + "url": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", + "title": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html" + }, + { + "url": "http://rump2007.cr.yp.to/15-shumow.pdf", + "title": "http://rump2007.cr.yp.to/15-shumow.pdf" + }, + { + "url": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", + "title": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/" + }, + { + "url": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", + "title": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" + }, + { + "url": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", + "title": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect" + }, + { + "url": "http://www.securityfocus.com/bid/63657", + "title": "http://www.securityfocus.com/bid/63657" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-02-09T11:25:00.865086Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "cvssV3BaseScore": 5.4, + "modificationTime": "2023-11-08T09:41:50.005364Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2007-6755)\n- [http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/](http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/)\n- [http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html](http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html)\n- [http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html](http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html)\n- [http://rump2007.cr.yp.to/15-shumow.pdf](http://rump2007.cr.yp.to/15-shumow.pdf)\n- [http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/](http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/)\n- [https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html](https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html)\n- [http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect](http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect)\n- [Security Focus](http://www.securityfocus.com/bid/63657)\n", + "epssDetails": { + "percentile": "0.76307", + "probability": "0.00614", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2007-6755" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:23:31.735743Z", + "disclosureTime": "2013-10-11T22:55:00Z", + "packageManager": "debian:11", + "publicationTime": "2013-10-11T22:55:00Z", + "modificationTime": "2023-11-08T09:41:50.005364Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-525332", + "cpes": [], + "title": "Cryptographic Issues", + "CVSSv3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.1, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-0928", + "title": "https://security-tracker.debian.org/tracker/CVE-2010-0928" + }, + { + "url": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/", + "title": "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/" + }, + { + "url": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf" + }, + { + "url": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html", + "title": "http://www.networkworld.com/news/2010/030410-rsa-security-attack.html" + }, + { + "url": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/", + "title": "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/" + }, + { + "url": "http://xforce.iss.net/xforce/xfdb/56750", + "title": "http://xforce.iss.net/xforce/xfdb/56750" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750", + "title": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750" + }, + { + "url": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf", + "title": "http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "cvssV3BaseScore": 5.1, + "modificationTime": "2023-02-09T11:22:59.868606Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2010-0928)\n- [http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/](http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/)\n- [http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf](http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf)\n- [http://www.networkworld.com/news/2010/030410-rsa-security-attack.html](http://www.networkworld.com/news/2010/030410-rsa-security-attack.html)\n- [http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/](http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/)\n- [http://xforce.iss.net/xforce/xfdb/56750](http://xforce.iss.net/xforce/xfdb/56750)\n- [X-force Vulnerability Report](https://exchange.xforce.ibmcloud.com/vulnerabilities/56750)\n- [cve@mitre.org](http://www.osvdb.org/62808)\n- [cve@mitre.org](http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf)\n", + "epssDetails": { + "percentile": "0.27307", + "probability": "0.00066", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2010-0928" + ], + "CWE": [ + "CWE-310" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2020-08-19T09:30:53.411236Z", + "disclosureTime": "2010-03-05T19:30:00Z", + "packageManager": "debian:11", + "publicationTime": "2010-03-05T19:30:00Z", + "modificationTime": "2023-02-10T13:11:38.644692Z", + "socialTrendAlert": false, + "relativeImportance": "unimportant", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl", + "version": "1.1.1w-0+deb11u1" + }, + { + "id": "SNYK-DEBIAN11-OPENSSL-6048819", + "cpes": [], + "title": "Improper Check for Unusual or Exceptional Conditions", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "" + ], + "semver": { + "vulnerable": [ + "*" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "linux", + "severity": "low", + "cvssScore": 5.3, + "malicious": false, + "isDisputed": false, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-5678", + "title": "https://security-tracker.debian.org/tracker/CVE-2023-5678" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" + }, + { + "url": "https://www.openssl.org/news/secadv/20231106.txt", + "title": "https://www.openssl.org/news/secadv/20231106.txt" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231130-0010/", + "title": "https://security.netapp.com/advisory/ntap-20231130-0010/" + } + ], + "cvssDetails": [ + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T13:48:19.543999Z" + }, + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-22T01:10:47.412869Z" + }, + { + "assigner": "SUSE", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2023-11-22T11:02:51.571843Z" + } + ], + "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:11` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nThere is no fixed version for `Debian:11` `openssl`.\n## References\n- [ADVISORY](https://security-tracker.debian.org/tracker/CVE-2023-5678)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n- [openssl-security@openssl.org](https://security.netapp.com/advisory/ntap-20231130-0010/)\n", + "epssDetails": { + "percentile": "0.33119", + "probability": "0.00079", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2023-5678" + ], + "CWE": [ + "CWE-754" + ], + "ALTERNATIVE": [] + }, + "nvdSeverity": "medium", + "packageName": "openssl", + "creationTime": "2023-11-07T02:36:49.140701Z", + "disclosureTime": "2023-11-06T16:15:42.670000Z", + "packageManager": "debian:11", + "publicationTime": "2023-11-07T02:33:36.224937Z", + "modificationTime": "2023-11-22T11:02:51.571843Z", + "socialTrendAlert": false, + "relativeImportance": "minor issue", + "severityWithCritical": "low", + "from": [ + "docker-image|sarim04/juiceshop@latest", + "openssl@1.1.1w-0+deb11u1" + ], + "upgradePath": [], + "isUpgradable": false, + "isPatchable": false, + "name": "openssl", + "version": "1.1.1w-0+deb11u1" + } + ], + "ok": false, + "dependencyCount": 9, + "org": "sarim04", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "deb", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "docker": { + "binariesVulns": { + "issuesData": {}, + "affectedPkgs": {} + } + }, + "summary": "67 vulnerable dependency paths", + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 13, + "projectName": "docker-image|sarim04/juiceshop", + "platform": "linux/amd64", + "hasUnknownVersions": false, + "path": "sarim04/juiceshop:latest/juiceshop", + "applications": [ + { + "vulnerabilities": [ + { + "id": "SNYK-JS-EXPRESSJWT-575022", + "title": "Authorization Bypass", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "credit": [ + "IST Group" + ], + "semver": { + "vulnerable": [ + "<6.0.0" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "6.0.0" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "high", + "cvssScore": 7.4, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "express-jwt", + "references": [ + { + "url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef", + "title": "GitHub Commit" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "critical", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "cvssV3BaseScore": 9.1, + "modificationTime": "2022-10-22T01:10:30.246806Z" + } + ], + "description": "## Overview\n[express-jwt](https://www.npmjs.com/package/express-jwt) is a JWT authentication middleware.\n\nAffected versions of this package are vulnerable to Authorization Bypass. The `algorithms` entry to be specified in the configuration is not being enforced. When `algorithms` is not specified in the configuration, with the combination of `jwks-rsa`, it may lead to authorization bypass.\n## Remediation\nUpgrade `express-jwt` to version 6.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef)\n", + "epssDetails": { + "percentile": "0.57214", + "probability": "0.00197", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2020-15084" + ], + "CWE": [ + "CWE-285" + ], + "GHSA": [ + "GHSA-6g6m-m6h5-w9gf" + ] + }, + "packageName": "express-jwt", + "proprietary": false, + "creationTime": "2020-07-01T09:33:11.790635Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2020-07-01T09:30:03Z", + "packageManager": "npm", + "publicationTime": "2020-07-01T15:32:36Z", + "modificationTime": "2022-10-22T01:10:30.246806Z", + "socialTrendAlert": false, + "severityWithCritical": "high", + "from": [ + "juice-shop@15.3.0", + "express-jwt@0.1.3" + ], + "upgradePath": [ + false, + "express-jwt@6.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "express-jwt", + "version": "0.1.3" + }, + { + "id": "SNYK-JS-JSONWEBTOKEN-3180022", + "title": "Improper Authentication", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "credit": [ + "Unknown" + ], + "semver": { + "vulnerable": [ + "<9.0.0" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "9.0.0" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 6.4, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "jsonwebtoken", + "references": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "title": "GitHub Release" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "cvssV3BaseScore": 7.6, + "modificationTime": "2023-02-28T01:10:17.504751Z" + } + ], + "description": "## Overview\n[jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) is a JSON Web Token implementation (symmetric and asymmetric)\n\nAffected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. \r\n\r\n## Exploitability\r\nUsers are affected only if all of the following conditions are true for the `jwt.verify()` function:\r\n\r\n1) A token with no signature is received.\r\n\r\n2) No algorithms are specified.\r\n\r\n3) A falsy (e.g., `null`, `false`, `undefined`) secret or key is passed.\n## Remediation\nUpgrade `jsonwebtoken` to version 9.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3)\n- [GitHub Release](https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0)\n", + "epssDetails": { + "percentile": "0.13102", + "probability": "0.00046", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2022-23540" + ], + "CWE": [ + "CWE-287" + ], + "GHSA": [ + "GHSA-qwph-4952-7xr6" + ] + }, + "packageName": "jsonwebtoken", + "proprietary": false, + "creationTime": "2022-12-22T09:09:36.072853Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2022-12-22T03:32:59Z", + "packageManager": "npm", + "publicationTime": "2022-12-22T09:13:25.290846Z", + "modificationTime": "2023-02-28T01:10:17.504751Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "jsonwebtoken@0.4.0" + ], + "upgradePath": [ + false, + "jsonwebtoken@9.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "jsonwebtoken", + "version": "0.4.0" + }, + { + "id": "SNYK-JS-JSONWEBTOKEN-3180024", + "title": "Improper Restriction of Security Token Assignment", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "Unknown" + ], + "semver": { + "vulnerable": [ + "<9.0.0" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "9.0.0" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 6.5, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "jsonwebtoken", + "references": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "title": "GitHub Release" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "cvssV3BaseScore": 6.3, + "modificationTime": "2023-02-28T01:10:17.572355Z" + } + ], + "description": "## Overview\n[jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) is a JSON Web Token implementation (symmetric and asymmetric)\n\nAffected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the `secretOrPublicKey ` argument due to misconfigurations of the key retrieval function `jwt.verify()`. Exploiting this vulnerability might result in incorrect verification of forged tokens when tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm.\r\n\r\n**Note:**\r\nThis vulnerability affects your application if it supports the usage of both symmetric and asymmetric keys in `jwt.verify()` implementation with the same key retrieval function.\n## Remediation\nUpgrade `jsonwebtoken` to version 9.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3)\n- [GitHub Release](https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0)\n", + "epssDetails": { + "percentile": "0.19014", + "probability": "0.00053", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2022-23541" + ], + "CWE": [ + "CWE-1259" + ], + "GHSA": [ + "GHSA-hjrf-2m68-5959" + ] + }, + "packageName": "jsonwebtoken", + "proprietary": false, + "creationTime": "2022-12-22T09:14:27.155728Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2022-12-22T03:33:19Z", + "packageManager": "npm", + "publicationTime": "2022-12-22T09:16:03.621406Z", + "modificationTime": "2023-02-28T01:10:17.572355Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "jsonwebtoken@0.4.0" + ], + "upgradePath": [ + false, + "jsonwebtoken@9.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "jsonwebtoken", + "version": "0.4.0" + }, + { + "id": "SNYK-JS-JSONWEBTOKEN-3180026", + "title": "Use of a Broken or Risky Cryptographic Algorithm", + "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "credit": [ + "Unknown" + ], + "semver": { + "vulnerable": [ + "<9.0.0" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "9.0.0" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 6.8, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "jsonwebtoken", + "references": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "title": "GitHub Release" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "cvssV3BaseScore": 8.1, + "modificationTime": "2022-12-31T01:11:45.823807Z" + } + ], + "description": "## Overview\n[jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) is a JSON Web Token implementation (symmetric and asymmetric)\n\nAffected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm such that the library can be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm. \r\n\r\n## Exploitability\r\n\r\nUsers are affected when using an algorithm and a key type _other_ than the combinations mentioned below:\r\n\r\nEC: ES256, ES384, ES512\r\n \r\nRSA: RS256, RS384, RS512, PS256, PS384, PS512 \r\n\r\nRSA-PSS: PS256, PS384, PS512 \r\n\r\nAnd for Elliptic Curve algorithms:\r\n\r\nES256: prime256v1\r\n\r\nES384: secp384r1\r\n\r\nES512: secp521r1 \r\n\r\n## Workaround \r\n\r\nUsers who are unable to upgrade to the fixed version can use the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and `verify()` functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.\n## Remediation\nUpgrade `jsonwebtoken` to version 9.0.0 or higher.\n## References\n- [GitHub Commit](https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3)\n- [GitHub Release](https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0)\n", + "epssDetails": { + "percentile": "0.17011", + "probability": "0.00050", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2022-23539" + ], + "CWE": [ + "CWE-327" + ], + "GHSA": [ + "GHSA-8cf7-32gw-wr33" + ] + }, + "packageName": "jsonwebtoken", + "proprietary": false, + "creationTime": "2022-12-22T09:19:03.430735Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2022-12-22T03:32:22Z", + "packageManager": "npm", + "publicationTime": "2022-12-22T10:32:50.173080Z", + "modificationTime": "2023-01-01T13:30:43.098324Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "jsonwebtoken@0.4.0" + ], + "upgradePath": [ + false, + "jsonwebtoken@9.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "jsonwebtoken", + "version": "0.4.0" + }, + { + "id": "npm:jsonwebtoken:20150331", + "title": "Authentication Bypass", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P", + "credit": [ + "Tim McLean" + ], + "semver": { + "vulnerable": [ + "<4.2.2" + ] + }, + "exploit": "Proof of Concept", + "fixedIn": [ + "4.2.2" + ], + "patches": [ + { + "id": "patch:npm:jsonwebtoken:20150331:0", + "urls": [ + "https://snyk-patches.s3.amazonaws.com/npm/jsonwebtoken/20150331/jsonwebtoken_20150331_0_0_1bb584bc382295eeb7ee8c4452a673a77a68b687_snyk.patch" + ], + "version": "=4.0.0 || =4.1.0 || =4.2.1", + "comments": [], + "modificationTime": "2019-12-03T11:40:45.753281Z" + } + ], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "high", + "cvssScore": 7.5, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "jsonwebtoken", + "references": [ + { + "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "title": "Auth0 Blog" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/WinDyAlphA/CVE-2015-9235_JWT_key_confusion", + "title": "PoC" + }, + { + "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", + "title": "Tim McLean Blog" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "critical", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV3BaseScore": 9.8, + "modificationTime": "2022-01-03T17:48:53.018995Z" + } + ], + "description": "## Overview\r\n[`jsonwebtoken`](https://www.npmjs.com/package/jsonwebtoken) is a JSON Web token implementation for symmetric and asymmetric keys.\r\nAffected versions of this package are vulnerable to an Authentication Bypass attack, due to the \"algorithm\" not being enforced. Attackers are given the opportunity to choose the algorithm sent to the server and generate signatures with arbitrary contents. The server expects an asymmetric key (RSA) but is sent a symmetric key (HMAC-SHA) with RSA's public key, so instead of going through a key validation process, the server will think the public key is actually an HMAC private key.\r\n\r\n## Remediation\r\nUpgrade `jsonwebtoken` to version 4.2.2 or greater.\r\n\r\n## References\r\n- [GitHub Commit](https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687)\r\n- [Tim McLean Blog](https://www.timmclean.net/2015/02/25/jwt-alg-none.html)\r\n- [Auth0 Blog](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/)", + "epssDetails": { + "percentile": "0.75071", + "probability": "0.00559", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2015-9235" + ], + "CWE": [ + "CWE-592" + ], + "NSP": [ + "17" + ], + "GHSA": [ + "GHSA-c7hr-j4mj-j2w6" + ], + "ALTERNATIVE": [ + "SNYK-JS-JSONWEBTOKEN-10037" + ] + }, + "packageName": "jsonwebtoken", + "proprietary": false, + "creationTime": "2015-03-31T16:00:00Z", + "functions_new": [], + "alternativeIds": [ + "SNYK-JS-JSONWEBTOKEN-10037" + ], + "disclosureTime": "2015-03-31T16:00:00Z", + "packageManager": "npm", + "publicationTime": "2015-03-31T16:00:00Z", + "modificationTime": "2023-09-29T09:15:01.983455Z", + "socialTrendAlert": false, + "severityWithCritical": "high", + "from": [ + "juice-shop@15.3.0", + "jsonwebtoken@0.4.0" + ], + "upgradePath": [ + false, + "jsonwebtoken@5.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "jsonwebtoken", + "version": "0.4.0" + }, + { + "id": "SNYK-JS-SANITIZEHTML-1070780", + "title": "Validation Bypass", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P", + "credit": [ + "Ron Masas", + "Checkmarx" + ], + "semver": { + "vulnerable": [ + "<2.3.2" + ] + }, + "exploit": "Proof of Concept", + "fixedIn": [ + "2.3.2" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 6.5, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/apostrophecms/sanitize-html/commit/6012524e7824a2c8f6782b2bc5f93b1261723403", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/apostrophecms/sanitize-html/pull/460", + "title": "GitHub PR" + }, + { + "url": "https://advisory.checkmarx.net/advisory/CX-2021-4309", + "title": "POC: Potential Exploit" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2022-01-03T16:36:59.234021Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:37:50.578095Z" + } + ], + "description": "## Overview\n[sanitize-html](https://github.com/punkave/sanitize-html) is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis\n\nAffected versions of this package are vulnerable to Validation Bypass. There is no proper validation of the hostnames set by the `allowedIframeHostnames` option when the `allowIframeRelativeUrls` is set to `true`. This allows attackers to bypass the hostname whitelist for the iframe element.\n## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\n \nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code: \n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\nUpgrade `sanitize-html` to version 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/apostrophecms/sanitize-html/commit/6012524e7824a2c8f6782b2bc5f93b1261723403)\n- [GitHub PR](https://github.com/apostrophecms/sanitize-html/pull/460)\n- [POC: Potential Exploit](https://advisory.checkmarx.net/advisory/CX-2021-4309)\n", + "epssDetails": { + "percentile": "0.48819", + "probability": "0.00137", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2021-26540" + ], + "CWE": [ + "CWE-20" + ], + "GHSA": [ + "GHSA-mjxr-4v3x-q3m4" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2021-02-09T08:21:52.232749Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2021-02-09T08:07:33Z", + "packageManager": "npm", + "publicationTime": "2021-02-09T16:34:45.881363Z", + "modificationTime": "2023-11-08T09:37:50.578095Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@2.3.2" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "SNYK-JS-SANITIZEHTML-1070786", + "title": "Access Restriction Bypass", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "credit": [ + "Ron Masas", + "Checkmarx" + ], + "semver": { + "vulnerable": [ + "<2.3.1" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "2.3.1" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 6.5, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/apostrophecms/sanitize-html/pull/458", + "title": "GitHub PR" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2022-04-27T01:10:36.338203Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:37:50.738101Z" + } + ], + "description": "## Overview\n[sanitize-html](https://github.com/punkave/sanitize-html) is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis\n\nAffected versions of this package are vulnerable to Access Restriction Bypass. Internationalized domain name (IDN) is not properly handled. This allows attackers to bypass hostname whitelist validation set by the `allowedIframeHostnames` option.\n## Remediation\nUpgrade `sanitize-html` to version 2.3.1 or higher.\n## References\n- [GitHub PR](https://github.com/apostrophecms/sanitize-html/pull/458)\n", + "epssDetails": { + "percentile": "0.48819", + "probability": "0.00137", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2021-26539" + ], + "CWE": [ + "CWE-20" + ], + "GHSA": [ + "GHSA-rjqq-98f6-6j3r" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2021-02-09T08:37:16.368073Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2021-02-09T08:21:55Z", + "packageManager": "npm", + "publicationTime": "2021-02-09T16:34:49Z", + "modificationTime": "2023-11-08T09:37:50.738101Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@2.3.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "SNYK-JS-SANITIZEHTML-2957526", + "title": "Regular Expression Denial of Service (ReDoS)", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "credit": [ + "Nariyoshi Chida of NTT Security Japan" + ], + "semver": { + "vulnerable": [ + "<2.7.1" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "2.7.1" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 5.3, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/apostrophecms/sanitize-html/pull/557", + "title": "GitHub PR" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "high", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "cvssV3BaseScore": 7.5, + "modificationTime": "2022-09-02T01:11:51.670814Z" + }, + { + "assigner": "Red Hat", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "cvssV3BaseScore": 5.3, + "modificationTime": "2023-11-08T09:37:50.786715Z" + } + ], + "description": "## Overview\n[sanitize-html](https://github.com/punkave/sanitize-html) is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\nUpgrade `sanitize-html` to version 2.7.1 or higher.\n## References\n- [GitHub Commit](https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c)\n- [GitHub PR](https://github.com/apostrophecms/sanitize-html/pull/557)\n", + "epssDetails": { + "percentile": "0.44428", + "probability": "0.00112", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2022-25887" + ], + "CWE": [ + "CWE-1333" + ] + }, + "packageName": "sanitize-html", + "proprietary": true, + "creationTime": "2022-07-21T08:00:56.827849Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2022-07-21T07:37:40Z", + "packageManager": "npm", + "publicationTime": "2022-08-29T13:28:12.439235Z", + "modificationTime": "2023-11-08T09:37:50.786715Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@2.7.1" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "SNYK-JS-SANITIZEHTML-585892", + "title": "Arbitrary Code Execution", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "credit": [ + "mikesamuel" + ], + "semver": { + "vulnerable": [ + "<2.0.0-beta" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "2.0.0-beta" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "critical", + "cvssScore": 9.4, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/apostrophecms/sanitize-html/pull/156", + "title": "GitHub PR" + } + ], + "cvssDetails": [], + "description": "## Overview\n[sanitize-html](https://github.com/punkave/sanitize-html) is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution. Tag transformations which turn an attribute value into a text node using `transformTags` could be vulnerable to code execution.\n## Remediation\nUpgrade `sanitize-html` to version 2.0.0-beta or higher.\n## References\n- [GitHub PR](https://github.com/apostrophecms/sanitize-html/pull/156)\n", + "epssDetails": null, + "identifiers": { + "CVE": [], + "CWE": [ + "CWE-94" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2020-07-17T15:02:43.082824Z", + "functions_new": [], + "alternativeIds": [], + "disclosureTime": "2020-09-07T09:46:18Z", + "packageManager": "npm", + "publicationTime": "2020-09-07T09:46:10Z", + "modificationTime": "2020-09-07T15:37:06.961614Z", + "socialTrendAlert": false, + "severityWithCritical": "critical", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@2.0.0" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "npm:sanitize-html:20141024", + "title": "Cross-site Scripting (XSS)", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "credit": [ + "Unknown" + ], + "semver": { + "vulnerable": [ + "<1.4.3" + ] + }, + "exploit": "Not Defined", + "fixedIn": [ + "1.4.3" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 4.3, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json", + "title": "CVE" + }, + { + "url": "https://github.com/punkave/sanitize-html/issues/29", + "title": "GitHub Issue" + }, + { + "url": "https://nodesecurity.io/advisories/135", + "title": "Node Security Advisories" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cvssV3BaseScore": 6.1, + "modificationTime": "2022-01-03T17:40:52.414772Z" + } + ], + "description": "## Overview\r\n\r\nSince the sanitize-html module trusts 'text' coming from htmlparser2, and outputs it without further escaping (because htmlparser2 does not decode entities in text before delivering it), this results in an XSS attack vector if sanitize-html ignores the img tag (according to user-configured filter rules) but passes the text intact, as it must do to keep any text in documents.\r\n\r\n\r\n## References\r\n- https://github.com/punkave/sanitize-html/issues/29", + "epssDetails": { + "percentile": "0.47924", + "probability": "0.00132", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2016-1000237" + ], + "CWE": [ + "CWE-79" + ], + "GHSA": [ + "GHSA-3j7m-hmh3-9jmp" + ], + "ALTERNATIVE": [ + "SNYK-JS-SANITIZEHTML-10048" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2015-11-06T02:09:36.180000Z", + "functions_new": [], + "alternativeIds": [ + "SNYK-JS-SANITIZEHTML-10048" + ], + "disclosureTime": "2015-11-06T02:09:36Z", + "packageManager": "npm", + "publicationTime": "2015-11-06T02:09:36Z", + "modificationTime": "2022-01-03T17:40:52.414772Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@1.4.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "npm:sanitize-html:20160801", + "title": "Cross-site Scripting (XSS)", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "credit": [ + "Björn Kimminich" + ], + "semver": { + "vulnerable": [ + "<=1.4.2" + ] + }, + "exploit": "Not Defined", + "fixedIn": [], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 4.7, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/punkave/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/punkave/sanitize-html/issues/29", + "title": "GitHub Issue" + } + ], + "cvssDetails": [], + "description": "## Overview\nSanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.\n\nSource: _Node Security Project_\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `sanitize-html` to `1.4.3` or later\n\n## References\n- https://github.com/punkave/sanitize-html/issues/29\n- https://github.com/punkave/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf\n\n", + "epssDetails": null, + "identifiers": { + "CVE": [], + "CWE": [ + "CWE-79" + ], + "NSP": [ + "135" + ], + "ALTERNATIVE": [ + "SNYK-JS-SANITIZEHTML-10127" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2016-08-02T08:28:08.097000Z", + "functions_new": [], + "alternativeIds": [ + "SNYK-JS-SANITIZEHTML-10127" + ], + "disclosureTime": "2016-08-01T18:02:31Z", + "packageManager": "npm", + "publicationTime": "2016-08-01T18:02:31Z", + "modificationTime": "2020-12-14T14:41:17.951016Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@1.4.3" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + }, + { + "id": "npm:sanitize-html:20161026", + "title": "Cross-site Scripting (XSS)", + "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", + "credit": [ + "Andrew Krasichkov" + ], + "semver": { + "vulnerable": [ + "<1.11.4" + ] + }, + "exploit": "Functional", + "fixedIn": [ + "1.11.4" + ], + "patches": [], + "insights": { + "triageAdvice": null + }, + "language": "js", + "severity": "medium", + "cvssScore": 5.4, + "functions": [], + "malicious": false, + "isDisputed": false, + "moduleName": "sanitize-html", + "references": [ + { + "url": "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403", + "title": "GitHub Commit" + }, + { + "url": "https://github.com/punkave/sanitize-html/issues/100", + "title": "GitHub Issue" + } + ], + "cvssDetails": [ + { + "assigner": "NVD", + "severity": "medium", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "cvssV3BaseScore": 6.1, + "modificationTime": "2022-01-03T16:21:19.197646Z" + } + ], + "description": "## Overview\n[`sanitize-html`](https://www.npmjs.com/package/sanitize-html) is a library for scrubbing html input of malicious values.\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. If at least one `nonTextTags` tag is allowed, a malicious user may potentially conduct an XSS attack.\n\n**PoC:**\n```js\nvar sanitizeHtml = require('sanitize-html');\n\nvar dirty = '!!';\nvar clean = sanitizeHtml(dirty, {\n allowedTags: [ 'textarea' ]\n});\n\nconsole.log(clean);\n\n// !!\n```\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `sanitize-html` to version 1.11.4 or later.\n\n## References\n- [GitHub Issue](https://github.com/punkave/sanitize-html/issues/100)\n- [GitHub Commit](https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403)\n", + "epssDetails": { + "percentile": "0.35000", + "probability": "0.00084", + "modelVersion": "v2023.03.01" + }, + "identifiers": { + "CVE": [ + "CVE-2017-16016" + ], + "CWE": [ + "CWE-79" + ], + "NSP": [ + "154" + ], + "GHSA": [ + "GHSA-xc6g-ggrc-qq4r" + ], + "ALTERNATIVE": [ + "SNYK-JS-SANITIZEHTML-10461" + ] + }, + "packageName": "sanitize-html", + "proprietary": false, + "creationTime": "2017-04-12T10:49:58.283000Z", + "functions_new": [], + "alternativeIds": [ + "SNYK-JS-SANITIZEHTML-10461" + ], + "disclosureTime": "2016-03-26T23:49:58.283000Z", + "packageManager": "npm", + "publicationTime": "2017-04-12T11:00:58.283000Z", + "modificationTime": "2022-01-03T16:21:19.197646Z", + "socialTrendAlert": false, + "severityWithCritical": "medium", + "from": [ + "juice-shop@15.3.0", + "sanitize-html@1.4.2" + ], + "upgradePath": [ + false, + "sanitize-html@1.11.4" + ], + "isUpgradable": true, + "isPatchable": false, + "name": "sanitize-html", + "version": "1.4.2" + } + ], + "ok": false, + "dependencyCount": 71, + "org": "sarim04", + "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", + "isPrivate": true, + "licensesPolicy": { + "severities": {}, + "orgLicenseRules": { + "AGPL-1.0": { + "licenseType": "AGPL-1.0", + "severity": "high", + "instructions": "" + }, + "AGPL-3.0": { + "licenseType": "AGPL-3.0", + "severity": "high", + "instructions": "" + }, + "Artistic-1.0": { + "licenseType": "Artistic-1.0", + "severity": "medium", + "instructions": "" + }, + "Artistic-2.0": { + "licenseType": "Artistic-2.0", + "severity": "medium", + "instructions": "" + }, + "CDDL-1.0": { + "licenseType": "CDDL-1.0", + "severity": "medium", + "instructions": "" + }, + "CPOL-1.02": { + "licenseType": "CPOL-1.02", + "severity": "high", + "instructions": "" + }, + "EPL-1.0": { + "licenseType": "EPL-1.0", + "severity": "medium", + "instructions": "" + }, + "GPL-2.0": { + "licenseType": "GPL-2.0", + "severity": "high", + "instructions": "" + }, + "GPL-3.0": { + "licenseType": "GPL-3.0", + "severity": "high", + "instructions": "" + }, + "LGPL-2.0": { + "licenseType": "LGPL-2.0", + "severity": "medium", + "instructions": "" + }, + "LGPL-2.1": { + "licenseType": "LGPL-2.1", + "severity": "medium", + "instructions": "" + }, + "LGPL-3.0": { + "licenseType": "LGPL-3.0", + "severity": "medium", + "instructions": "" + }, + "MPL-1.1": { + "licenseType": "MPL-1.1", + "severity": "medium", + "instructions": "" + }, + "MPL-2.0": { + "licenseType": "MPL-2.0", + "severity": "medium", + "instructions": "" + }, + "MS-RL": { + "licenseType": "MS-RL", + "severity": "medium", + "instructions": "" + }, + "SimPL-2.0": { + "licenseType": "SimPL-2.0", + "severity": "high", + "instructions": "" + } + } + }, + "packageManager": "npm", + "ignoreSettings": { + "adminOnly": false, + "reasonRequired": false, + "disregardFilesystemIgnores": false + }, + "docker": {}, + "summary": "12 vulnerable dependency paths", + "remediation": { + "unresolved": [], + "upgrade": { + "express-jwt@0.1.3": { + "upgradeTo": "express-jwt@6.0.0", + "upgrades": [ + "express-jwt@0.1.3" + ], + "vulns": [ + "SNYK-JS-EXPRESSJWT-575022" + ] + }, + "jsonwebtoken@0.4.0": { + "upgradeTo": "jsonwebtoken@9.0.0", + "upgrades": [ + "jsonwebtoken@0.4.0", + "jsonwebtoken@0.4.0", + "jsonwebtoken@0.4.0", + "jsonwebtoken@0.4.0" + ], + "vulns": [ + "SNYK-JS-JSONWEBTOKEN-3180022", + "SNYK-JS-JSONWEBTOKEN-3180024", + "SNYK-JS-JSONWEBTOKEN-3180026", + "npm:jsonwebtoken:20150331" + ] + }, + "sanitize-html@1.4.2": { + "upgradeTo": "sanitize-html@2.7.1", + "upgrades": [ + "sanitize-html@1.4.2", + "sanitize-html@1.4.2", + "sanitize-html@1.4.2", + "sanitize-html@1.4.2", + "sanitize-html@1.4.2", + "sanitize-html@1.4.2", + "sanitize-html@1.4.2" + ], + "vulns": [ + "SNYK-JS-SANITIZEHTML-2957526", + "SNYK-JS-SANITIZEHTML-1070780", + "SNYK-JS-SANITIZEHTML-1070786", + "SNYK-JS-SANITIZEHTML-585892", + "npm:sanitize-html:20161026", + "npm:sanitize-html:20141024", + "npm:sanitize-html:20160801" + ] + } + }, + "patch": {}, + "ignore": {}, + "pin": {} + }, + "filesystemPolicy": false, + "filtered": { + "ignore": [], + "patch": [] + }, + "uniqueCount": 12, + "targetFile": "/juice-shop/package.json", + "projectName": "juice-shop", + "displayTargetFile": "/juice-shop/package.json", + "hasUnknownVersions": false, + "path": "sarim04/juiceshop:latest" + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/sonarqube/sonar-6-findings.json b/unittests/scans/sonarqube/sonar-6-findings.json new file mode 100644 index 00000000000..63512fc09d2 --- /dev/null +++ b/unittests/scans/sonarqube/sonar-6-findings.json @@ -0,0 +1,139 @@ +{ + "date": "Thursday, Jan 18, 2024", + "projectName": "vulnerable-flask-app", + "inNewCodePeriod": false, + "allBugs": false, + "fixMissingRule": false, + "noSecurityHotspot": false, + "noRulesInReport": false, + "onlyDetectedRules": true, + "vulnerabilityPhrase": "Vulnerability", + "noCoverage": true, + "vulnerabilityPluralPhrase": "Vulnerabilities", + "sonarBaseURL": "https://sonar.192-168-38-31.nip.io", + "sonarComponent": "vulnerable-flask-app", + "rules": { + "python:S4502": { + "name": "Disabling CSRF protections is security-sensitive", + "htmlDesc": "

                A cross-site request forgery (CSRF) attack occurs when a trusted user of a web application can be forced, by an attacker, to perform sensitive\nactions that he didn’t intend, such as updating his profile or sending a message, more generally anything that can change the state of the\napplication.

                \n

                The attacker can trick the user/victim to click on a link, corresponding to the privileged action, or to visit a malicious web site that embeds a\nhidden web request and as web browsers automatically include cookies, the actions can be authenticated and sensitive.

                \n

                Ask Yourself Whether

                \n
                  \n
                • The web application uses cookies to authenticate users.
                  • \n
                • There exist sensitive operations in the web application that can be performed when the user is authenticated.
                  • \n
                • The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example.
                  • \n
                \n

                There is a risk if you answered yes to any of those questions.

                \n

                Recommended Secure Coding Practices

                \n
                  \n
                • Protection against CSRF attacks is strongly recommended:\n
                    \n
                  • to be activated by default for all unsafe HTTP\n methods.
                    • \n
                  • implemented, for example, with an unguessable CSRF token
                    • \n
                  • \n
                • Of course all sensitive operations should not be performed with safe HTTP methods like GET which are designed to be\n used only for information retrieval.
                  • \n
                \n

                Sensitive Code Example

                \n

                For a Django application, the code is sensitive when,

                \n
                  \n
                • django.middleware.csrf.CsrfViewMiddleware is not used in the Django settings:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n] # Sensitive: django.middleware.csrf.CsrfViewMiddleware is missing\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \n@csrf_exempt # Sensitive\ndef example(request):\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application, the code is sensitive when,

                \n
                  \n
                • the WTF_CSRF_ENABLED setting is set to false:
                  • \n
                \n
                \napp = Flask(__name__)\napp.config['WTF_CSRF_ENABLED'] = False # Sensitive\n
                \n
                  \n
                • the application doesn’t use the CSRFProtect module:
                  • \n
                \n
                \napp = Flask(__name__) # Sensitive: CSRFProtect is missing\n\n@app.route('/')\ndef hello_world():\n    return 'Hello, World!'\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app)\n\n@app.route('/example/', methods=['POST'])\n@csrf.exempt # Sensitive\ndef example():\n    return 'example '\n
                \n
                  \n
                • the CSRF protection is disabled on a form:
                  • \n
                \n
                \nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = False # Sensitive\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                Compliant Solution

                \n

                For a Django application,

                \n
                  \n
                • it is recommended to protect all the views with django.middleware.csrf.CsrfViewMiddleware:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.middleware.csrf.CsrfViewMiddleware', # Compliant\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n]\n
                \n
                  \n
                • and to not disable the CSRF protection on specific views:
                  • \n
                \n
                \ndef example(request): # Compliant\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application,

                \n
                  \n
                • the CSRFProtect module should be used (and not disabled further with WTF_CSRF_ENABLED set to false):\n
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app) # Compliant\n
                \n
                  \n
                • and it is recommended to not disable the CSRF protection on specific views or forms:
                  • \n
                \n
                \n@app.route('/example/', methods=['POST']) # Compliant\ndef example():\n    return 'example '\n\nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = True # Compliant\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                See

                \n", + "severity": "CRITICAL" + }, + "python:S4792": { + "name": "Configuring loggers is security-sensitive", + "htmlDesc": "

                Configuring loggers is security-sensitive. It has led in the past to the following vulnerabilities:

                \n\n

                Logs are useful before, during and after a security incident.

                \n
                  \n
                • Attackers will most of the time start their nefarious work by probing the system for vulnerabilities. Monitoring this activity and stopping it\n is the first step to prevent an attack from ever happening.
                  • \n
                • In case of a successful attack, logs should contain enough information to understand what damage an attacker may have inflicted.
                  • \n
                \n

                Logs are also a target for attackers because they might contain sensitive information. Configuring loggers has an impact on the type of information\nlogged and how they are logged.

                \n

                This rule flags for review code that initiates loggers configuration. The goal is to guide security code reviews.

                \n

                Ask Yourself Whether

                \n
                  \n
                • unauthorized users might have access to the logs, either because they are stored in an insecure location or because the application gives\n access to them.
                  • \n
                • the logs contain sensitive information on a production server. This can happen when the logger is in debug mode.
                  • \n
                • the log can grow without limit. This can happen when additional information is written into logs every time a user performs an action and the\n user can perform the action as many times as he/she wants.
                  • \n
                • the logs do not contain enough information to understand the damage an attacker might have inflicted. The loggers mode (info, warn, error)\n might filter out important information. They might not print contextual information like the precise time of events or the server hostname.
                  • \n
                • the logs are only stored locally instead of being backuped or replicated.
                  • \n
                \n

                There is a risk if you answered yes to any of those questions.

                \n

                Recommended Secure Coding Practices

                \n
                  \n
                • Check that your production deployment doesn’t have its loggers in \"debug\" mode as it might write sensitive information in logs.
                  • \n
                • Production logs should be stored in a secure location which is only accessible to system administrators.
                  • \n
                • Configure the loggers to display all warnings, info and error messages. Write relevant information such as the precise time of events and the\n hostname.
                  • \n
                • Choose log format which is easy to parse and process automatically. It is important to process logs rapidly in case of an attack so that the\n impact is known and limited.
                  • \n
                • Check that the permissions of the log files are correct. If you index the logs in some other service, make sure that the transfer and the\n service are secure too.
                  • \n
                • Add limits to the size of the logs and make sure that no user can fill the disk with logs. This can happen even when the user does not control\n the logged information. An attacker could just repeat a logged action many times.
                  • \n
                \n

                Remember that configuring loggers properly doesn’t make them bullet-proof. Here is a list of recommendations explaining on how to use your\nlogs:

                \n
                  \n
                • Don’t log any sensitive information. This obviously includes passwords and credit card numbers but also any personal information such as user\n names, locations, etc…​ Usually any information which is protected by law is good candidate for removal.
                  • \n
                • Sanitize all user inputs before writing them in the logs. This includes checking its size, content, encoding, syntax, etc…​ As for any user\n input, validate using whitelists whenever possible. Enabling users to write what they want in your logs can have many impacts. It could for example\n use all your storage space or compromise your log indexing service.
                  • \n
                • Log enough information to monitor suspicious activities and evaluate the impact an attacker might have on your systems. Register events such as\n failed logins, successful logins, server side input validation failures, access denials and any important transaction.
                  • \n
                • Monitor the logs for any suspicious activity.
                  • \n
                \n

                Sensitive Code Example

                \n
                \nimport logging\nfrom logging import Logger, Handler, Filter\nfrom logging.config import fileConfig, dictConfig\n\nlogging.basicConfig()  # Sensitive\n\nlogging.disable()  # Sensitive\n\n\ndef update_logging(logger_class):\n    logging.setLoggerClass(logger_class)  # Sensitive\n\n\ndef set_last_resort(last_resort):\n    logging.lastResort = last_resort  # Sensitive\n\n\nclass CustomLogger(Logger):  # Sensitive\n    pass\n\n\nclass CustomHandler(Handler):  # Sensitive\n    pass\n\n\nclass CustomFilter(Filter):  # Sensitive\n    pass\n\n\ndef update_config(path, config):\n    fileConfig(path)  # Sensitive\n    dictConfig(config)  # Sensitive\n
                \n

                See

                \n", + "severity": "CRITICAL" + } + }, + "issues": [ + { + "rule": "python:S4502", + "severity": "CRITICAL", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 8, + "description": "Disabling CSRF protections is security-sensitive", + "message": "Make sure disabling CSRF protection is safe here.", + "key": "AYvNd32RyD1npIoQXyT1" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 24, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT2" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 49, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT3" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 81, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT6" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 108, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32SyD1npIoQXyT9" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 185, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32SyD1npIoQXyUB" + } + ], + "hotspotKeys": [ + "AYvNd32RyD1npIoQXyT1", + "AYvNd32RyD1npIoQXyT2", + "AYvNd32RyD1npIoQXyT3", + "AYvNd32RyD1npIoQXyT6", + "AYvNd32SyD1npIoQXyT9", + "AYvNd32SyD1npIoQXyUB" + ], + "deltaAnalysis": "No", + "qualityGateStatusPeriodDate": "2023-11-15", + "qualityGateStatus": { + "projectStatus": { + "status": "OK", + "conditions": [ + { + "status": "OK", + "metricKey": "new reliability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new security rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new maintainability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + } + ], + "ignoredConditions": false, + "period": { + "mode": "PREVIOUS_VERSION", + "date": "2023-11-15T07:40:39+0000" + }, + "caycStatus": "compliant" + } + }, + "summary": { + "blocker": 0, + "critical": 1, + "major": 0, + "minor": 5 + } +} \ No newline at end of file diff --git a/unittests/scans/sonarqube/sonar-no-finding.json b/unittests/scans/sonarqube/sonar-no-finding.json new file mode 100644 index 00000000000..9d80f1dbb65 --- /dev/null +++ b/unittests/scans/sonarqube/sonar-no-finding.json @@ -0,0 +1,63 @@ +{ + "date": "Thursday, Jan 18, 2024", + "projectName": "vulnerable-flask-app", + "inNewCodePeriod": false, + "allBugs": false, + "fixMissingRule": false, + "noSecurityHotspot": false, + "noRulesInReport": false, + "onlyDetectedRules": true, + "vulnerabilityPhrase": "Vulnerability", + "noCoverage": true, + "vulnerabilityPluralPhrase": "Vulnerabilities", + "sonarBaseURL": "https://sonar.192-168-38-31.nip.io", + "sonarComponent": "vulnerable-flask-app", + "rules": { + }, + "issues": [ + ], + "hotspotKeys": [ + ], + "deltaAnalysis": "No", + "qualityGateStatusPeriodDate": "2023-11-15", + "qualityGateStatus": { + "projectStatus": { + "status": "OK", + "conditions": [ + { + "status": "OK", + "metricKey": "new reliability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new security rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new maintainability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + } + ], + "ignoredConditions": false, + "period": { + "mode": "PREVIOUS_VERSION", + "date": "2023-11-15T07:40:39+0000" + }, + "caycStatus": "compliant" + } + }, + "summary": { + "blocker": 0, + "critical": 1, + "major": 0, + "minor": 5 + } +} \ No newline at end of file diff --git a/unittests/scans/sonarqube/sonar-single-finding.json b/unittests/scans/sonarqube/sonar-single-finding.json new file mode 100644 index 00000000000..ecc8e52f57f --- /dev/null +++ b/unittests/scans/sonarqube/sonar-single-finding.json @@ -0,0 +1,79 @@ +{ + "date": "Thursday, Jan 18, 2024", + "projectName": "vulnerable-flask-app", + "inNewCodePeriod": false, + "allBugs": false, + "fixMissingRule": false, + "noSecurityHotspot": false, + "noRulesInReport": false, + "onlyDetectedRules": true, + "vulnerabilityPhrase": "Vulnerability", + "noCoverage": true, + "vulnerabilityPluralPhrase": "Vulnerabilities", + "sonarBaseURL": "https://sonar.192-168-38-31.nip.io", + "sonarComponent": "vulnerable-flask-app", + "rules": { + "python:S4502": { + "name": "Disabling CSRF protections is security-sensitive", + "htmlDesc": "

                A cross-site request forgery (CSRF) attack occurs when a trusted user of a web application can be forced, by an attacker, to perform sensitive\nactions that he didn’t intend, such as updating his profile or sending a message, more generally anything that can change the state of the\napplication.

                \n

                The attacker can trick the user/victim to click on a link, corresponding to the privileged action, or to visit a malicious web site that embeds a\nhidden web request and as web browsers automatically include cookies, the actions can be authenticated and sensitive.

                \n

                Ask Yourself Whether

                \n
                  \n
                • The web application uses cookies to authenticate users.
                  • \n
                • There exist sensitive operations in the web application that can be performed when the user is authenticated.
                  • \n
                • The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example.
                  • \n
                \n

                There is a risk if you answered yes to any of those questions.

                \n

                Recommended Secure Coding Practices

                \n
                  \n
                • Protection against CSRF attacks is strongly recommended:\n
                    \n
                  • to be activated by default for all unsafe HTTP\n methods.
                    • \n
                  • implemented, for example, with an unguessable CSRF token
                    • \n
                  • \n
                • Of course all sensitive operations should not be performed with safe HTTP methods like GET which are designed to be\n used only for information retrieval.
                  • \n
                \n

                Sensitive Code Example

                \n

                For a Django application, the code is sensitive when,

                \n
                  \n
                • django.middleware.csrf.CsrfViewMiddleware is not used in the Django settings:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n] # Sensitive: django.middleware.csrf.CsrfViewMiddleware is missing\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \n@csrf_exempt # Sensitive\ndef example(request):\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application, the code is sensitive when,

                \n
                  \n
                • the WTF_CSRF_ENABLED setting is set to false:
                  • \n
                \n
                \napp = Flask(__name__)\napp.config['WTF_CSRF_ENABLED'] = False # Sensitive\n
                \n
                  \n
                • the application doesn’t use the CSRFProtect module:
                  • \n
                \n
                \napp = Flask(__name__) # Sensitive: CSRFProtect is missing\n\n@app.route('/')\ndef hello_world():\n    return 'Hello, World!'\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app)\n\n@app.route('/example/', methods=['POST'])\n@csrf.exempt # Sensitive\ndef example():\n    return 'example '\n
                \n
                  \n
                • the CSRF protection is disabled on a form:
                  • \n
                \n
                \nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = False # Sensitive\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                Compliant Solution

                \n

                For a Django application,

                \n
                  \n
                • it is recommended to protect all the views with django.middleware.csrf.CsrfViewMiddleware:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.middleware.csrf.CsrfViewMiddleware', # Compliant\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n]\n
                \n
                  \n
                • and to not disable the CSRF protection on specific views:
                  • \n
                \n
                \ndef example(request): # Compliant\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application,

                \n
                  \n
                • the CSRFProtect module should be used (and not disabled further with WTF_CSRF_ENABLED set to false):\n
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app) # Compliant\n
                \n
                  \n
                • and it is recommended to not disable the CSRF protection on specific views or forms:
                  • \n
                \n
                \n@app.route('/example/', methods=['POST']) # Compliant\ndef example():\n    return 'example '\n\nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = True # Compliant\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                See

                \n", + "severity": "CRITICAL" + } + }, + "issues": [ + { + "rule": "python:S4502", + "severity": "CRITICAL", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 8, + "description": "Disabling CSRF protections is security-sensitive", + "message": "Make sure disabling CSRF protection is safe here.", + "key": "AYvNd32RyD1npIoQXyT1" + } + ], + "hotspotKeys": [ + "AYvNd32RyD1npIoQXyT1" + ], + "deltaAnalysis": "No", + "qualityGateStatusPeriodDate": "2023-11-15", + "qualityGateStatus": { + "projectStatus": { + "status": "OK", + "conditions": [ + { + "status": "OK", + "metricKey": "new reliability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new security rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new maintainability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + } + ], + "ignoredConditions": false, + "period": { + "mode": "PREVIOUS_VERSION", + "date": "2023-11-15T07:40:39+0000" + }, + "caycStatus": "compliant" + } + }, + "summary": { + "blocker": 0, + "critical": 1, + "major": 0, + "minor": 5 + } +} \ No newline at end of file diff --git a/unittests/scans/sonarqube/sonar-table-in-table-with-whitespace.html b/unittests/scans/sonarqube/sonar-table-in-table-with-whitespace.html new file mode 100644 index 00000000000..c8554b35ec6 --- /dev/null +++ b/unittests/scans/sonarqube/sonar-table-in-table-with-whitespace.html @@ -0,0 +1,598 @@ + + + + + + SonarQube Vulnerability Report + + + + +
                + + +

                SonarQube Vulnerability Report

                +
                +
                Report Generated On
                +
                Fri Aug 02 2019
                +
                Project Name
                +
                java tomcat
                +
                Application
                +
                tomcat
                +
                Release
                +
                1.0.0
                +
                Delta analysis
                +
                No
                +
                +

                Summary of the Detected Vulnerabilities +

                + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                SeverityNumber of Issues
                BLOCKER + 0 +
                CRITICAL + 2 +
                MAJOR + 0 +
                MINOR + 5 +
                + + + + +
                + +
                + +

                Detail of the Detected Vulnerabilities +

                + + + + + + + + + + + + + + + + + + + + + + + + + + +
                RuleSeverityComponentLineDescriptionMessageStatus
                + squid:S2975 + + BLOCKER + + java/org/apache/catalina/util/URLEncoder.java + + 190 + + "clone" should not be overridden + + Remove this "clone" implementation; use a copy constructor or copy factory instead. + TO_REVIEW
                +

                Known Security Rules

                + + + + + + + + + + + + + + + + + + + + + + + + + +
                RuleDescription
                squid:S864 + +
                +

                The rules of operator precedence are complicated and can lead to errors. For this reason, + parentheses should be used for clarification in complex + statements. However, this does not mean that parentheses should be gratuitously added around + every operation.

                +

                This rule raises issues when && and || are used in + combination, when assignment and equality or relational + operators are used in together in a condition, and for other operator combinations according + to the following table:

                + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                +, -, *, /, %<<, >>, >>>&^|
                +, -, *, /, %xxxx
                <<, >>, >>>xxxx
                &xxxx
                ^xxxx
                |xxxx
                +

                Noncompliant Code Example

                + 
                +x = a + b - c;
+x = a + 1 << b;  // Noncompliant
+
+if ( a > b || c < d || a == d) {...}
+if ( a > b && c < d || a == b) {...}  // Noncompliant
+if (a = f(b,c) == 1) { ... } // Noncompliant; == evaluated first
+
                +

                Compliant Solution

                + 
                +x = a + b - c;
+x = (a + 1) << b;
+
+if ( a > b || c < d || a == d) {...}
+if ( (a > b && c < d) || a == b) {...}
+if ( (a = f(b,c)) == 1) { ... }
+
                +

                See

                +
                  +
                • MISRA C:2004, 12.1 - Limited dependence should be placed on C's operator precedence + rules in expressions +
                  • +
                • MISRA C:2004, 12.2 - The value of an expression shall be the same under any order of + evaluation that the standard permits. +
                  • +
                • MISRA C:2004, 12.5 - The operands of a logical && or || shall be + primary-expressions. +
                  • +
                • MISRA C++:2008, 5-0-1 - The value of an expression shall be the same under any order of + evaluation that the standard permits. +
                  • +
                • MISRA C++:2008, 5-0-2 - Limited dependence should be placed on C++ operator precedence + rules in expressions +
                  • +
                • MISRA C++:2008, 5-2-1 - Each operand of a logical && or || shall be a + postfix-expression. +
                  • +
                • MISRA C:2012, 12.1 - The precedence of operators within expressions should be made + explicit +
                  • +
                • CERT, EXP00-C. - Use + parentheses for precedence of operation +
                  • +
                • CERT, EXP53-J. - Use + parentheses for precedence of operation +
                  • +
                • MITRE, CWE-783 - Operator + Precedence Logic Error +
                  • +
                +
                +
                squid:S2115 + +
                +

                Failure to password-protect a database is so careless or naive as to be almost negligent. + Databases should always be password protected, but the + use of a database connection with an empty password is a clear indication of a database that + is not protected.

                +

                This rule flags database connections with empty passwords.

                +

                Noncompliant Code Example

                + 
                +Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "AppLogin", "");
+Connection conn2 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=");
+
                +

                Compliant Solution

                + 
                +DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=password");
+
+DriverManager.getConnection("jdbc:mysql://address=(host=myhost1)(port=1111)(key1=value1)(user=sandy)(password=secret),address=(host=myhost2)(port=2222)(key2=value2)(user=sandy)(password=secret)/db");
+
+DriverManager.getConnection("jdbc:mysql://sandy:secret@[myhost1:1111,myhost2:2222]/db");
+
+String url = "jdbc:postgresql://localhost/test";
+Properties props = new Properties();
+props.setProperty("user", "fred");
+props.setProperty("password", "secret");
+DriverManager.getConnection(url, props);
+
                +

                See

                + +
                +
                squid:S1148 + +
                +

                Throwable.printStackTrace(...) prints a Throwable and its stack + trace to some stream. By default that stream + System.Err, which could inadvertently expose sensitive information.

                +

                Loggers should be used instead to print Throwables, as they have many + advantages:

                +
                  +
                • Users are able to easily retrieve the logs.
                  • +
                • The format of log messages is uniform and allow users to browse the logs easily.
                  • +
                +

                This rule raises an issue when printStackTrace is used without arguments, i.e. + when the stack trace is printed to the default + stream.

                +

                Noncompliant Code Example

                + 
                +try {
+  /* ... */
+} catch(Exception e) {
+  e.printStackTrace();        // Noncompliant
+}
+
                +

                Compliant Solution

                + 
                +try {
+  /* ... */
+} catch(Exception e) {
+  LOGGER.log("context", e);
+}
+
                +

                See

                + +
                +
                squid:S2975 + +
                +

                Many consider clone and Cloneable broken in Java, largely because the rules for overriding clone are tricky +and difficult to get right, according to Joshua Bloch:

                +
                + Object's clone method is very tricky. It's based on field copies, and it's "extra-linguistic." It creates an object without calling a constructor. + There are no guarantees that it preserves the invariants established by the constructors. There have been lots of bugs over the years, both in and + outside Sun, stemming from the fact that if you just call super.clone repeatedly up the chain until you have cloned an object, you have a shallow + copy of the object. The clone generally shares state with the object being cloned. If that state is mutable, you don't have two independent objects. + If you modify one, the other changes as well. And all of a sudden, you get random behavior. +
                +

                A copy constructor or copy factory should be used instead.

                +

                This rule raises an issue when clone is overridden, whether or not Cloneable is implemented.

                +

                Noncompliant Code Example

                +
                +public class MyClass {
+  // ...
+
+  public Object clone() { // Noncompliant
+    //...
+  }
+}
+
                +

                Compliant Solution

                +
                +public class MyClass {
+  // ...
+
+  MyClass (MyClass source) {
+    //...
+  }
+}
+
                +

                See

                + +

                See Also

                +
                  +
                • S2157 - "Cloneables" should implement + "clone" +
                  • +
                • S1182 - Classes that override "clone" + should be "Cloneable" and call "super.clone()" +
                  • +
                +
                +
                +
                + + + + \ No newline at end of file diff --git a/unittests/scans/sonarqube/sonar.json b/unittests/scans/sonarqube/sonar.json new file mode 100644 index 00000000000..63512fc09d2 --- /dev/null +++ b/unittests/scans/sonarqube/sonar.json @@ -0,0 +1,139 @@ +{ + "date": "Thursday, Jan 18, 2024", + "projectName": "vulnerable-flask-app", + "inNewCodePeriod": false, + "allBugs": false, + "fixMissingRule": false, + "noSecurityHotspot": false, + "noRulesInReport": false, + "onlyDetectedRules": true, + "vulnerabilityPhrase": "Vulnerability", + "noCoverage": true, + "vulnerabilityPluralPhrase": "Vulnerabilities", + "sonarBaseURL": "https://sonar.192-168-38-31.nip.io", + "sonarComponent": "vulnerable-flask-app", + "rules": { + "python:S4502": { + "name": "Disabling CSRF protections is security-sensitive", + "htmlDesc": "

                A cross-site request forgery (CSRF) attack occurs when a trusted user of a web application can be forced, by an attacker, to perform sensitive\nactions that he didn’t intend, such as updating his profile or sending a message, more generally anything that can change the state of the\napplication.

                \n

                The attacker can trick the user/victim to click on a link, corresponding to the privileged action, or to visit a malicious web site that embeds a\nhidden web request and as web browsers automatically include cookies, the actions can be authenticated and sensitive.

                \n

                Ask Yourself Whether

                \n
                  \n
                • The web application uses cookies to authenticate users.
                  • \n
                • There exist sensitive operations in the web application that can be performed when the user is authenticated.
                  • \n
                • The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example.
                  • \n
                \n

                There is a risk if you answered yes to any of those questions.

                \n

                Recommended Secure Coding Practices

                \n
                  \n
                • Protection against CSRF attacks is strongly recommended:\n
                    \n
                  • to be activated by default for all unsafe HTTP\n methods.
                    • \n
                  • implemented, for example, with an unguessable CSRF token
                    • \n
                  • \n
                • Of course all sensitive operations should not be performed with safe HTTP methods like GET which are designed to be\n used only for information retrieval.
                  • \n
                \n

                Sensitive Code Example

                \n

                For a Django application, the code is sensitive when,

                \n
                  \n
                • django.middleware.csrf.CsrfViewMiddleware is not used in the Django settings:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n] # Sensitive: django.middleware.csrf.CsrfViewMiddleware is missing\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \n@csrf_exempt # Sensitive\ndef example(request):\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application, the code is sensitive when,

                \n
                  \n
                • the WTF_CSRF_ENABLED setting is set to false:
                  • \n
                \n
                \napp = Flask(__name__)\napp.config['WTF_CSRF_ENABLED'] = False # Sensitive\n
                \n
                  \n
                • the application doesn’t use the CSRFProtect module:
                  • \n
                \n
                \napp = Flask(__name__) # Sensitive: CSRFProtect is missing\n\n@app.route('/')\ndef hello_world():\n    return 'Hello, World!'\n
                \n
                  \n
                • the CSRF protection is disabled on a view:
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app)\n\n@app.route('/example/', methods=['POST'])\n@csrf.exempt # Sensitive\ndef example():\n    return 'example '\n
                \n
                  \n
                • the CSRF protection is disabled on a form:
                  • \n
                \n
                \nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = False # Sensitive\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                Compliant Solution

                \n

                For a Django application,

                \n
                  \n
                • it is recommended to protect all the views with django.middleware.csrf.CsrfViewMiddleware:
                  • \n
                \n
                \nMIDDLEWARE = [\n    'django.middleware.security.SecurityMiddleware',\n    'django.contrib.sessions.middleware.SessionMiddleware',\n    'django.middleware.common.CommonMiddleware',\n    'django.middleware.csrf.CsrfViewMiddleware', # Compliant\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\n    'django.contrib.messages.middleware.MessageMiddleware',\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\n]\n
                \n
                  \n
                • and to not disable the CSRF protection on specific views:
                  • \n
                \n
                \ndef example(request): # Compliant\n    return HttpResponse(\"default\")\n
                \n

                For a Flask application,

                \n
                  \n
                • the CSRFProtect module should be used (and not disabled further with WTF_CSRF_ENABLED set to false):\n
                  • \n
                \n
                \napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app) # Compliant\n
                \n
                  \n
                • and it is recommended to not disable the CSRF protection on specific views or forms:
                  • \n
                \n
                \n@app.route('/example/', methods=['POST']) # Compliant\ndef example():\n    return 'example '\n\nclass unprotectedForm(FlaskForm):\n    class Meta:\n        csrf = True # Compliant\n\n    name = TextField('name')\n    submit = SubmitField('submit')\n
                \n

                See

                \n", + "severity": "CRITICAL" + }, + "python:S4792": { + "name": "Configuring loggers is security-sensitive", + "htmlDesc": "

                Configuring loggers is security-sensitive. It has led in the past to the following vulnerabilities:

                \n\n

                Logs are useful before, during and after a security incident.

                \n
                  \n
                • Attackers will most of the time start their nefarious work by probing the system for vulnerabilities. Monitoring this activity and stopping it\n is the first step to prevent an attack from ever happening.
                  • \n
                • In case of a successful attack, logs should contain enough information to understand what damage an attacker may have inflicted.
                  • \n
                \n

                Logs are also a target for attackers because they might contain sensitive information. Configuring loggers has an impact on the type of information\nlogged and how they are logged.

                \n

                This rule flags for review code that initiates loggers configuration. The goal is to guide security code reviews.

                \n

                Ask Yourself Whether

                \n
                  \n
                • unauthorized users might have access to the logs, either because they are stored in an insecure location or because the application gives\n access to them.
                  • \n
                • the logs contain sensitive information on a production server. This can happen when the logger is in debug mode.
                  • \n
                • the log can grow without limit. This can happen when additional information is written into logs every time a user performs an action and the\n user can perform the action as many times as he/she wants.
                  • \n
                • the logs do not contain enough information to understand the damage an attacker might have inflicted. The loggers mode (info, warn, error)\n might filter out important information. They might not print contextual information like the precise time of events or the server hostname.
                  • \n
                • the logs are only stored locally instead of being backuped or replicated.
                  • \n
                \n

                There is a risk if you answered yes to any of those questions.

                \n

                Recommended Secure Coding Practices

                \n
                  \n
                • Check that your production deployment doesn’t have its loggers in \"debug\" mode as it might write sensitive information in logs.
                  • \n
                • Production logs should be stored in a secure location which is only accessible to system administrators.
                  • \n
                • Configure the loggers to display all warnings, info and error messages. Write relevant information such as the precise time of events and the\n hostname.
                  • \n
                • Choose log format which is easy to parse and process automatically. It is important to process logs rapidly in case of an attack so that the\n impact is known and limited.
                  • \n
                • Check that the permissions of the log files are correct. If you index the logs in some other service, make sure that the transfer and the\n service are secure too.
                  • \n
                • Add limits to the size of the logs and make sure that no user can fill the disk with logs. This can happen even when the user does not control\n the logged information. An attacker could just repeat a logged action many times.
                  • \n
                \n

                Remember that configuring loggers properly doesn’t make them bullet-proof. Here is a list of recommendations explaining on how to use your\nlogs:

                \n
                  \n
                • Don’t log any sensitive information. This obviously includes passwords and credit card numbers but also any personal information such as user\n names, locations, etc…​ Usually any information which is protected by law is good candidate for removal.
                  • \n
                • Sanitize all user inputs before writing them in the logs. This includes checking its size, content, encoding, syntax, etc…​ As for any user\n input, validate using whitelists whenever possible. Enabling users to write what they want in your logs can have many impacts. It could for example\n use all your storage space or compromise your log indexing service.
                  • \n
                • Log enough information to monitor suspicious activities and evaluate the impact an attacker might have on your systems. Register events such as\n failed logins, successful logins, server side input validation failures, access denials and any important transaction.
                  • \n
                • Monitor the logs for any suspicious activity.
                  • \n
                \n

                Sensitive Code Example

                \n
                \nimport logging\nfrom logging import Logger, Handler, Filter\nfrom logging.config import fileConfig, dictConfig\n\nlogging.basicConfig()  # Sensitive\n\nlogging.disable()  # Sensitive\n\n\ndef update_logging(logger_class):\n    logging.setLoggerClass(logger_class)  # Sensitive\n\n\ndef set_last_resort(last_resort):\n    logging.lastResort = last_resort  # Sensitive\n\n\nclass CustomLogger(Logger):  # Sensitive\n    pass\n\n\nclass CustomHandler(Handler):  # Sensitive\n    pass\n\n\nclass CustomFilter(Filter):  # Sensitive\n    pass\n\n\ndef update_config(path, config):\n    fileConfig(path)  # Sensitive\n    dictConfig(config)  # Sensitive\n
                \n

                See

                \n", + "severity": "CRITICAL" + } + }, + "issues": [ + { + "rule": "python:S4502", + "severity": "CRITICAL", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 8, + "description": "Disabling CSRF protections is security-sensitive", + "message": "Make sure disabling CSRF protection is safe here.", + "key": "AYvNd32RyD1npIoQXyT1" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 24, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT2" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 49, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT3" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 81, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32RyD1npIoQXyT6" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 108, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32SyD1npIoQXyT9" + }, + { + "rule": "python:S4792", + "severity": "MINOR", + "status": "TO_REVIEW", + "component": "vulnerable-flask-app.py", + "line": 185, + "description": "Configuring loggers is security-sensitive", + "message": "Make sure that this logger's configuration is safe.", + "key": "AYvNd32SyD1npIoQXyUB" + } + ], + "hotspotKeys": [ + "AYvNd32RyD1npIoQXyT1", + "AYvNd32RyD1npIoQXyT2", + "AYvNd32RyD1npIoQXyT3", + "AYvNd32RyD1npIoQXyT6", + "AYvNd32SyD1npIoQXyT9", + "AYvNd32SyD1npIoQXyUB" + ], + "deltaAnalysis": "No", + "qualityGateStatusPeriodDate": "2023-11-15", + "qualityGateStatus": { + "projectStatus": { + "status": "OK", + "conditions": [ + { + "status": "OK", + "metricKey": "new reliability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new security rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + }, + { + "status": "OK", + "metricKey": "new maintainability rating", + "comparator": "GT", + "errorThreshold": "A", + "actualValue": "A" + } + ], + "ignoredConditions": false, + "period": { + "mode": "PREVIOUS_VERSION", + "date": "2023-11-15T07:40:39+0000" + }, + "caycStatus": "compliant" + } + }, + "summary": { + "blocker": 0, + "critical": 1, + "major": 0, + "minor": 5 + } +} \ No newline at end of file diff --git a/unittests/scans/ssh_audit/bug_fix.json b/unittests/scans/ssh_audit/bug_fix.json new file mode 100644 index 00000000000..ac2dbf7231e --- /dev/null +++ b/unittests/scans/ssh_audit/bug_fix.json @@ -0,0 +1,388 @@ +{ + "banner": { + "comments": "Ubuntu-3ubuntu0.5", + "protocol": "2.0", + "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5", + "software": "OpenSSH_8.9p1" + }, + "compression": [ + "none", + "zlib@openssh.com" + ], + "cves": [], + "enc": [ + { + "algorithm": "chacha20-poly1305@openssh.com", + "notes": { + "info": [ + "default cipher since OpenSSH 6.9", + "available since OpenSSH 6.5" + ] + } + }, + { + "algorithm": "aes128-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm": "aes192-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm": "aes256-ctr", + "notes": { + "info": [ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm": "aes128-gcm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm": "aes256-gcm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ] + } + } + ], + "kex": [ + { + "algorithm": "curve25519-sha256", + "notes": { + "info": [ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 7.4, Dropbear SSH 2018.76" + ] + } + }, + { + "algorithm": "curve25519-sha256@libssh.org", + "notes": { + "info": [ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 6.4, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm": "ecdh-sha2-nistp256", + "notes": { + "fail": [ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info": [ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm": "ecdh-sha2-nistp384", + "notes": { + "fail": [ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info": [ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm": "ecdh-sha2-nistp521", + "notes": { + "fail": [ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info": [ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm": "sntrup761x25519-sha512@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 8.5" + ] + } + }, + { + "algorithm": "diffie-hellman-group-exchange-sha256", + "keysize": 3072, + "notes": { + "info": [ + "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", + "available since OpenSSH 4.4" + ] + } + }, + { + "algorithm": "diffie-hellman-group16-sha512", + "notes": { + "info": [ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ] + } + }, + { + "algorithm": "diffie-hellman-group18-sha512", + "notes": { + "info": [ + "available since OpenSSH 7.3" + ] + } + }, + { + "algorithm": "diffie-hellman-group14-sha256", + "notes": { + "info": [ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ], + "warn": [ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm": "kex-strict-s-v00@openssh.com", + "notes": { + "fail": [ + "using unknown algorithm" + ] + } + } + ], + "key": [ + { + "algorithm": "rsa-sha2-512", + "keysize": 3072, + "notes": { + "info": [ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm": "rsa-sha2-256", + "keysize": 3072, + "notes": { + "info": [ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm": "ecdsa-sha2-nistp256", + "notes": { + "fail": [ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info": [ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ], + "warn": [ + "using weak random number generator could reveal the key" + ] + } + }, + { + "algorithm": "ssh-ed25519", + "notes": { + "info": [ + "available since OpenSSH 6.5" + ] + } + } + ], + "mac": [ + { + "algorithm": "umac-64-etm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ], + "warn": [ + "using small 64-bit tag size" + ] + } + }, + { + "algorithm": "umac-128-etm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm": "hmac-sha2-256-etm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm": "hmac-sha2-512-etm@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm": "hmac-sha1-etm@openssh.com", + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm" + ], + "info": [ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm": "umac-64@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 4.7" + ], + "warn": [ + "using encrypt-and-MAC mode", + "using small 64-bit tag size" + ] + } + }, + { + "algorithm": "umac-128@openssh.com", + "notes": { + "info": [ + "available since OpenSSH 6.2" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-sha2-256", + "notes": { + "info": [ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-sha2-512", + "notes": { + "info": [ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm": "hmac-sha1", + "notes": { + "fail": [ + "using broken SHA-1 hash algorithm" + ], + "info": [ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn": [ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations": { + "critical": { + "del": { + "kex": [ + { + "name": "ecdh-sha2-nistp256", + "notes": "" + }, + { + "name": "ecdh-sha2-nistp384", + "notes": "" + }, + { + "name": "ecdh-sha2-nistp521", + "notes": "" + } + ], + "key": [ + { + "name": "ecdsa-sha2-nistp256", + "notes": "" + } + ], + "mac": [ + { + "name": "hmac-sha1", + "notes": "" + }, + { + "name": "hmac-sha1-etm@openssh.com", + "notes": "" + } + ] + } + }, + "warning": { + "del": { + "kex": [ + { + "name": "diffie-hellman-group14-sha256", + "notes": "" + } + ], + "mac": [ + { + "name": "hmac-sha2-256", + "notes": "" + }, + { + "name": "hmac-sha2-512", + "notes": "" + }, + { + "name": "umac-128@openssh.com", + "notes": "" + }, + { + "name": "umac-64-etm@openssh.com", + "notes": "" + }, + { + "name": "umac-64@openssh.com", + "notes": "" + } + ] + } + } + }, + "target": "nanana.com:22" +} \ No newline at end of file diff --git a/unittests/scans/ssh_audit/many_vulns.json b/unittests/scans/ssh_audit/many_vulns.json new file mode 100644 index 00000000000..44d15ee91af --- /dev/null +++ b/unittests/scans/ssh_audit/many_vulns.json @@ -0,0 +1,469 @@ +{ + "banner":{ + "comments":"Debian-10+deb10u2", + "protocol":"2.0", + "raw":"SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", + "software":"OpenSSH_7.9p1" + }, + "compression":[ + "none", + "zlib@openssh.com" + ], + "cves":[ + { + "cvssv2":7.0, + "description":"privilege escalation via supplemental groups", + "name":"CVE-2021-41617" + }, + { + "cvssv2":7.8, + "description":"command injection via anomalous argument transfers", + "name":"CVE-2020-15778" + }, + { + "cvssv2":7.8, + "description":"memory corruption and local code execution via pre-authentication integer overflow", + "name":"CVE-2019-16905" + }, + { + "cvssv2":5.3, + "description":"enumerate usernames via challenge response", + "name":"CVE-2016-20012" + } + ], + "enc":[ + { + "algorithm":"chacha20-poly1305@openssh.com", + "notes":{ + "info":[ + "default cipher since OpenSSH 6.9", + "available since OpenSSH 6.5" + ] + } + }, + { + "algorithm":"aes128-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes192-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm":"aes256-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes128-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"aes256-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + } + ], + "fingerprints":[ + { + "hash":"mHoRf3V/hprQTMrO1PcDB2FSGhB61MlDJ//eWMtkkjE", + "hash_alg":"SHA256", + "hostkey":"ssh-ed25519" + }, + { + "hash":"df:8c:70:0c:d4:18:76:81:83:9e:39:05:6d:f1:01:75", + "hash_alg":"MD5", + "hostkey":"ssh-ed25519" + }, + { + "hash":"W1xWUfJ7EU3CEi4etW6JwLbQZz04gtYEfc8YGIouNyc", + "hash_alg":"SHA256", + "hostkey":"ssh-rsa" + }, + { + "hash":"f4:a2:aa:82:f8:fe:b1:06:de:9a:da:dc:bc:5d:e3:6c", + "hash_alg":"MD5", + "hostkey":"ssh-rsa" + } + ], + "kex":[ + { + "algorithm":"curve25519-sha256", + "notes":{ + "info":[ + "default fail key exchange since OpenSSH 6.4", + "available since OpenSSH 7.4, Dropbear SSH 2018.76" + ] + } + }, + { + "algorithm":"curve25519-sha256@libssh.org", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 6.4, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp384", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp521", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"diffie-hellman-group-exchange-sha256", + "notes":{ + "info":[ + "available since OpenSSH 4.4" + ] + } + }, + { + "algorithm":"diffie-hellman-group16-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ] + } + }, + { + "algorithm":"diffie-hellman-group18-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha256", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 3.9, Dropbear SSH 0.53" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + } + ], + "key":[ + { + "algorithm":"rsa-sha2-512", + "keysize":2048, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"rsa-sha2-256", + "keysize":2048, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"ssh-rsa", + "keysize":2048, + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8", + "available since OpenSSH 2.5.0, Dropbear SSH 0.28" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + }, + { + "algorithm":"ecdsa-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ], + "warn":[ + "using weak random number generator could reveal the key" + ] + } + }, + { + "algorithm":"ssh-ed25519", + "notes":{ + "info":[ + "available since OpenSSH 6.5" + ] + } + } + ], + "mac":[ + { + "algorithm":"umac-64-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-256-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-512-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha1-etm@openssh.com", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"umac-64@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 4.7" + ], + "warn":[ + "using encrypt-and-MAC mode", + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-256", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-512", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations":{ + "critical":{ + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha1", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp256", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp384", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp521", + "notes":"" + } + ], + "key":[ + { + "name":"ecdsa-sha2-nistp256", + "notes":"" + }, + { + "name":"ssh-rsa", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha1", + "notes":"" + }, + { + "name":"hmac-sha1-etm@openssh.com", + "notes":"" + } + ] + } + }, + "warning":{ + "chg":{ + "key":[ + { + "name":"rsa-sha2-256", + "notes":"increase modulus size to 3072 bits or larger" + }, + { + "name":"rsa-sha2-512", + "notes":"increase modulus size to 3072 bits or larger" + } + ] + }, + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha2-256", + "notes":"" + }, + { + "name":"hmac-sha2-512", + "notes":"" + }, + { + "name":"umac-128@openssh.com", + "notes":"" + }, + { + "name":"umac-64-etm@openssh.com", + "notes":"" + }, + { + "name":"umac-64@openssh.com", + "notes":"" + } + ] + } + } + }, + "target":"sdf.sdf.fewio:22" + } \ No newline at end of file diff --git a/unittests/scans/ssh_audit/many_vulns2.json b/unittests/scans/ssh_audit/many_vulns2.json new file mode 100644 index 00000000000..c516ff80e1c --- /dev/null +++ b/unittests/scans/ssh_audit/many_vulns2.json @@ -0,0 +1,404 @@ +{ + "banner":{ + "comments":"Ubuntu-3ubuntu0.4", + "protocol":"2.0", + "raw":"SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4", + "software":"OpenSSH_8.9p1" + }, + "compression":[ + "none", + "zlib@openssh.com" + ], + "cves":[ + + ], + "enc":[ + { + "algorithm":"chacha20-poly1305@openssh.com", + "notes":{ + "info":[ + "default cipher since OpenSSH 6.9", + "available since OpenSSH 6.5" + ] + } + }, + { + "algorithm":"aes128-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes192-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7" + ] + } + }, + { + "algorithm":"aes256-ctr", + "notes":{ + "info":[ + "available since OpenSSH 3.7, Dropbear SSH 0.52" + ] + } + }, + { + "algorithm":"aes128-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"aes256-gcm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + } + ], + "fingerprints":[ + { + "hash":"7HGjPCpM7KL+xEDT+o4oMsuLphK9emAFY4T9fglsCjE", + "hash_alg":"SHA256", + "hostkey":"ssh-ed25519" + }, + { + "hash":"f5:30:24:c3:30:91:30:31:02:d6:44:9d:66:2e:92:8e", + "hash_alg":"MD5", + "hostkey":"ssh-ed25519" + }, + { + "hash":"v9O1CYNZpN+Ng3R+49vHmiBoJ6WhvMQ1Z4BeHcWFE4E", + "hash_alg":"SHA256", + "hostkey":"ssh-rsa" + }, + { + "hash":"0f:3b:05:af:12:cb:89:a0:41:01:47:55:b5:74:be:96", + "hash_alg":"MD5", + "hostkey":"ssh-rsa" + } + ], + "kex":[ + { + "algorithm":"curve25519-sha256", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 7.4, Dropbear SSH 2018.76" + ] + } + }, + { + "algorithm":"curve25519-sha256@libssh.org", + "notes":{ + "info":[ + "default key exchange since OpenSSH 6.4", + "available since OpenSSH 6.4, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp384", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"ecdh-sha2-nistp521", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ] + } + }, + { + "algorithm":"sntrup761x25519-sha512@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 8.5" + ] + } + }, + { + "algorithm":"diffie-hellman-group-exchange-sha256", + "keysize":3072, + "notes":{ + "info":[ + "OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).", + "available since OpenSSH 4.4" + ] + } + }, + { + "algorithm":"diffie-hellman-group16-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ] + } + }, + { + "algorithm":"diffie-hellman-group18-sha512", + "notes":{ + "info":[ + "available since OpenSSH 7.3" + ] + } + }, + { + "algorithm":"diffie-hellman-group14-sha256", + "notes":{ + "info":[ + "available since OpenSSH 7.3, Dropbear SSH 2016.73" + ], + "warn":[ + "2048-bit modulus only provides 112-bits of symmetric strength" + ] + } + } + ], + "key":[ + { + "algorithm":"rsa-sha2-512", + "keysize":3072, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm":"rsa-sha2-256", + "keysize":3072, + "notes":{ + "info":[ + "available since OpenSSH 7.2" + ] + } + }, + { + "algorithm":"ecdsa-sha2-nistp256", + "notes":{ + "fail":[ + "using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency" + ], + "info":[ + "available since OpenSSH 5.7, Dropbear SSH 2013.62" + ], + "warn":[ + "using weak random number generator could reveal the key" + ] + } + }, + { + "algorithm":"ssh-ed25519", + "notes":{ + "info":[ + "available since OpenSSH 6.5" + ] + } + } + ], + "mac":[ + { + "algorithm":"umac-64-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-256-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha2-512-etm@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"hmac-sha1-etm@openssh.com", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 6.2" + ] + } + }, + { + "algorithm":"umac-64@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 4.7" + ], + "warn":[ + "using encrypt-and-MAC mode", + "using small 64-bit tag size" + ] + } + }, + { + "algorithm":"umac-128@openssh.com", + "notes":{ + "info":[ + "available since OpenSSH 6.2" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-256", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha2-512", + "notes":{ + "info":[ + "available since OpenSSH 5.9, Dropbear SSH 2013.56" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + }, + { + "algorithm":"hmac-sha1", + "notes":{ + "fail":[ + "using broken SHA-1 hash algorithm" + ], + "info":[ + "available since OpenSSH 2.1.0, Dropbear SSH 0.28" + ], + "warn":[ + "using encrypt-and-MAC mode" + ] + } + } + ], + "recommendations":{ + "critical":{ + "del":{ + "kex":[ + { + "name":"ecdh-sha2-nistp256", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp384", + "notes":"" + }, + { + "name":"ecdh-sha2-nistp521", + "notes":"" + } + ], + "key":[ + { + "name":"ecdsa-sha2-nistp256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha1", + "notes":"" + }, + { + "name":"hmac-sha1-etm@openssh.com", + "notes":"" + } + ] + } + }, + "warning":{ + "del":{ + "kex":[ + { + "name":"diffie-hellman-group14-sha256", + "notes":"" + } + ], + "mac":[ + { + "name":"hmac-sha2-256", + "notes":"" + }, + { + "name":"hmac-sha2-512", + "notes":"" + }, + { + "name":"umac-128@openssh.com", + "notes":"" + }, + { + "name":"umac-64-etm@openssh.com", + "notes":"" + }, + { + "name":"umac-64@openssh.com", + "notes":"" + } + ] + } + } + }, + "target":"1.1.1.1:22" + } \ No newline at end of file diff --git a/unittests/scans/sslyze/one_target_many_vuln_new.json b/unittests/scans/sslyze/one_target_many_vuln_new.json new file mode 100644 index 00000000000..9fd3e05da19 --- /dev/null +++ b/unittests/scans/sslyze/one_target_many_vuln_new.json @@ -0,0 +1,6459 @@ +{ + "date_scans_completed": "2022-01-17T16:45:39.806271", + "date_scans_started": "2022-01-17T16:45:07.847329", + "server_scan_results": [{ + "connectivity_error_trace": null, + "connectivity_result": { + "cipher_suite_supported": "ECDHE-RSA-AES128-GCM-SHA256", + "client_auth_requirement": "DISABLED", + "highest_tls_version_supported": "TLS_1_2", + "supports_ecdh_key_exchange": true + }, + "connectivity_status": "COMPLETED", + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "example.com", + "xmpp_to_hostname": null + }, + "scan_result": { + "certificate_info": { + "error_reason": null, + "error_trace": null, + "result": { + "certificate_deployments": [{ + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 3, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [{ + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "12.0.0_r9" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS 8" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [{ + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-12-19" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-11-28" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\naWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\nMjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\nYTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\nVG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\nwEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\nn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\nU7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\nR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\nhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\nHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\ncRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\nMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\nawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\nc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\nLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\nAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\nAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\nMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\ncnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\nAdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\nHtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\nSFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\nVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\nVsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\nGO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\niwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\nvfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\nxgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\nRLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\nuice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\nMwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\nCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "GEWyFu/Qg5oYUalXMl2jNiFwScs=", + "fingerprint_sha256": "kJTCvfppe0UD2q0RZ+sgpaRx6pjQH3ZUcmP8nq7HyPI=", + "hpkp_pin": "9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-05-17T12:00:00", + "not_valid_before": "2020-03-23T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 24492660100626679905549940109758101886765610555498019561237351076174546942126705991290366882656509310080501513812602706206351444964387935952263594274233370803388167168928622758093210777190425680103032107490380624850201721276806477615228126295940226807450889945207930835675033102934727992726436862717218438550009918736547634295262737442314962888280468639663924173291556081067280523421305313565638162799590985864930177996395295461079048360209103196860440439931811226709024172075892526400113878162488184158428982955287187952820072365979821268476491392572259766081582413144401029571982863046316691680331687828250550192773 + }, + "serial_number": 14540638993096550868240433790861531645, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Walnut Creek", + "value": "Walnut Creek" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Lucas Garron Torres", + "value": "Lucas Garron Torres" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + } + ], + "rfc4514_string": "CN=*.example.com,O=Lucas Garron Torres,L=Walnut Creek,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\nU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\nnf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\nKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\nkujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\nAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\naHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\nLy9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\noDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\nQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\nxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\nCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\nc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\nj6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "H7hrEWjsdDFUBi6MnMWxcaS3zLQ=", + "fingerprint_sha256": "FUxDPEkZKcXvaG6DjjI2ZKAOag2CLMyVj7TasD5JoI8=", + "hpkp_pin": "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-03-08T12:00:00", + "not_valid_before": "2013-03-08T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827 + }, + "serial_number": 2646203786665923649276728595390119057, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA", + "value": "DigiCert SHA2 Secure Server CA" + } + ], + "rfc4514_string": "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }], + "hostname_used_for_server_name_indication": "example.com" + }, + "status": "COMPLETED" + }, + "elliptic_curves": { + "error_reason": null, + "error_trace": null, + "result": { + "rejected_curves": [{ + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [{ + "name": "prime256v1", + "openssl_nid": 415 + }], + "supports_ecdh_key_exchange": true + }, + "status": "COMPLETED" + }, + "heartbleed": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_heartbleed": false + }, + "status": "COMPLETED" + }, + "http_headers": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "openssl_ccs_injection": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_ccs_injection": false + }, + "status": "COMPLETED" + }, + "robot": { + "error_reason": null, + "error_trace": null, + "result": { + "robot_result": "NOT_VULNERABLE_NO_ORACLE" + }, + "status": "COMPLETED" + }, + "session_renegotiation": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "status": "COMPLETED" + }, + "session_resumption": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "ssl_2_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "SSL_2_0" + }, + "status": "COMPLETED" + }, + "ssl_3_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "SSL_3_0" + }, + "status": "COMPLETED" + }, + "tls_1_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BB+kKj4jZcJhWyafTSeHiVPOZURAwLo5caVK76AkkqGlHTd2J/LaKklV6hUNWgL1yp4q1DHzPjarpmYKpuuDDm4=", + "size": 256, + "type_name": "ECDH", + "x": "H6QqPiNlwmFbJp9NJ4eJU85lREDAujlxpUrvoCSSoaU=", + "y": "HTd2J/LaKklV6hUNWgL1yp4q1DHzPjarpmYKpuuDDm4=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BA+K25OY1Ldz/wavrGJ0PPAdOKXHUJxOcihZWG5sEAk7Dm+5MWU+2nY1UKlE+XxX4ABj9fFoCqhyy0JCib8DzAU=", + "size": 256, + "type_name": "ECDH", + "x": "D4rbk5jUt3P/Bq+sYnQ88B04pcdQnE5yKFlYbmwQCTs=", + "y": "Dm+5MWU+2nY1UKlE+XxX4ABj9fFoCqhyy0JCib8DzAU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BA1jFqqiVAqZtTmDX4Um3/eF+7F12q4fDSTxw9iaZqT6iQIC+0ATYHRB+rlRzQv2FNMIV1WVDP+cS18qmEhccGc=", + "size": 256, + "type_name": "ECDH", + "x": "DWMWqqJUCpm1OYNfhSbf94X7sXXarh8NJPHD2JpmpPo=", + "y": "iQIC+0ATYHRB+rlRzQv2FNMIV1WVDP+cS18qmEhccGc=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "i1qLXLRiOcYpH09MUcd1KlJpTRnO2ddO3m0z/ZiZcHJKqeSX2doCRgkWr5940Z3VDn4sL94IKZJg/CL8QSo0J3MADbiBax5W3eQ7zkFh1Ohc15PGXfloMh7njbMDAW7OF++RA8qGfuFyAMsNu4dA8H+I/6llqEcAVQ7UxaaHG5d98KZVN6LZMi96b/DvqRBm/NFv44XPaSdicnEHvkU71QVaVvWyRWRRsz3ZjPl0KotozSCXuzkkT7tuUexMiFmyjgy67M4eXJqYidhD3cWPlBOhpfDzWcvUUVHSE3jzEb66NvSwz4gKlW6XWzEh1bVJ2DvrFI9+kK2OMehDmzXdnw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "hkLLvEmEUG3wvj/JpvfMUeiUWiXL3Jz39tiEPoJpaQ3/Vsqgrk8PIJZVw+iCspLxA738tViQhff6r+y4lFFx6Pg6u+1Y+8zyH6FlDoF1NHnxD964wtLaUJyB1m6ptDFrOrP7Ct1f1iagSSXZX4wuIIs2Fa9Quz+Us7V1Rv8Uys0PezGTXu44RiDBpT0HbA3M/WlPdEwcbgB+7m6Y+kF7iJfVh4uZUpVxgLx5QCXUtUSdZu2wctj+LJfXXkDOIVRX/3QOe0C1dWQXti4D1bmNb4w2QUlN61+E9/st9bNYsXxmq4zmQl39bNuHBgy7al1Ojn0yEfo2cC37COcCQoM4IA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "Nv262PrIjtVk3Etcmaucg6SSQ2ZKIu/OIkEYUGwmRSM2jD8IBi5eAoELYTfyHRcsMVAcgDQYd0YFNNStzl7865C+iHMWg9zJEOz7sG3MCuP5GZvWfW+wGDW482y6H5Bmb/lFddJqIpS+Tsh9wbpfar9qIHxWdFuJvdErxOK/6Qt7OfWdrpjkZKNs5Io0Jg7mtlaYCfvpt2xxD5dPgdwMYfuuhgFN7MJzlv3qUZ9B5oHshAY3mMBfHNrG8dV0oKHC7x/WghpTo0hj+E6LSKk+6HCeHerVBowHhdIXzlKVvNHrvELLotXLZFN7tbchPFw3EDcgfD7z4HoW2ztsHh0njA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "N5Y4LTqaNhUsAgqxyQ0Xy/eo1jwDxl37H/Ea/6J0Xhqd9sh61RRK+ubbJypMWIONy/a7T8y7yUvbRAOkXrw10vf9v6bmdMoCof/CfrJs0r865kfsqv6FYI0apIXajlTXi/69g1GDHnBjTLbCKxtNHq1fvfKCaIxrs/4tWhEq21J6KsRHkDY3TGdsiGotg5mMyEKQKFDu4jc8EHhg9aunmHaUI8Zf/Qp/ddVHjD6q615wmMcBzErL0QseysK+RhLCqsXCH/TE35FEDR+k9mL90XFViBWQqRTI5a/vhcWLIksBLzvElBGqzi8e0IOkODAk/XXpFIC1pseBe6u3nbrQZg==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_0" + }, + "status": "COMPLETED" + }, + "tls_1_1_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BFjVW61MxiaqoBrMjEDjlJ8XYpXRPQSZcqQM+EzCoYPBwJzYR27YUeUicHKfyB+0LEXN//xKp2IUgQfjTTN94D0=", + "size": 256, + "type_name": "ECDH", + "x": "WNVbrUzGJqqgGsyMQOOUnxdildE9BJlypAz4TMKhg8E=", + "y": "wJzYR27YUeUicHKfyB+0LEXN//xKp2IUgQfjTTN94D0=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BJVnNcmlwRwjrRKRYsh7T7jV0jgNa8ehpHXh18sAFE2dxNQgnn36jHQMCcUL4w8EM77PDcA4fbL/nMu9E1aNUXw=", + "size": 256, + "type_name": "ECDH", + "x": "lWc1yaXBHCOtEpFiyHtPuNXSOA1rx6GkdeHXywAUTZ0=", + "y": "xNQgnn36jHQMCcUL4w8EM77PDcA4fbL/nMu9E1aNUXw=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BEFlH41tOAM7RNy89WhvDzUPC/6ULikPXn4bhL+AEEV0ugK0JY3VE3/aQ0/ghmGjzQ60Vb2snvBPLtoK+HJjkb0=", + "size": 256, + "type_name": "ECDH", + "x": "QWUfjW04AztE3Lz1aG8PNQ8L/pQuKQ9efhuEv4AQRXQ=", + "y": "ugK0JY3VE3/aQ0/ghmGjzQ60Vb2snvBPLtoK+HJjkb0=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "PeXw3ZVa8bFUkgBBfsp/kxJfUKqJui4Ib6vVLwiAMt5WxLujFB14rQWaGqDGaXwe41GrOmcJJbQ52lDdCofCedYFQnf9NCVuWHM2c3L0HHrzeIhbMML3mkQgvGXaKzsiLlCkNreouajJ6+h4ml0iTdRyKIa+V8K5MQokTNnkG5La28gUbAOSJFR+OIhVjMwjFMW+SR9SUgu7++yIXPTaaTK6lHFZmdI81UuamVlipuclaczsXmqkkO+UFx3+ojegy50RX5jauWRGhbfkzWppT/bUfws3a8f2yFuhEJ53wSYgu8+Lg6rFa2ZLckKet6zqp64g7+5DCIMOUVFHcWtelg==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "IbbAqEQXzz68+4zUTW9v6wQGCtld1/qPz7SPT6x6Rz4uJ9ka/Bw+zkq09h5GE/ps6iFngHNaEWau9m+I1HxtwCW6wndy+0ua/70pdzIkbZOUEnz665VphiB0bWGXHVrP5XACufi8DOa33u7lWNrGmdUYS8A6Fxp7C9Uqmgwpovpy/fLC+KIdbJnnpQWD7XY7C5oJJaRSjTDE4N2Wm2f7Houks0pw9HoYlYov+mU3MZBUSTqQsBr6mcqJtYuz9DyJ5inVMqpZTVGOfwdP/LxvA+4KEVUVsQLmyrZEKivSXjusyp/cNFEY6T2A2RRC61KUEyHdP3OQOkCqx+EQLxbYRg==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "jW8uTIm1hcOlbyemZKySANpNSpeHnbo9lPVAD35GukQg49yqOcz/bGiofvo478sw/8YAIcO3Wreu0nRFvFKQJ0s4H1oS2HyjBw7hp8VhOcy6aVpOmUoyiIJ+xibHdiU3NuRIlbVGh2asZ/8dK+bfra2QOrAiYeyFIe/2FRdVJy2A4tDn6QRhg+WHS9WlH7cspjvwAt3WS36TtufiwidMYOQ3GkCvYM5BheBWchQ1r1qny705N3tpcYlaocm+yHavw1mNvioxtTkoV1V8m289wdCirzEU2W/A7+00sRXsjhypSaN48JCAamkOU9DbxdrWObwIsFqantAZxXB157OUHA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "S7wciZ4NheHCpExyYDmyXvsC+69GOAvgNqb9ZNwdO7K9D9MruIHfN9weKTwWfoGIkUMYLRePukjVNfgfGDu5hv9JAZx0B/oBr1l4hPUpPFKIkKMz4apAkAkrLOGb+nyZIuidAe6FZ3OSX9Pc/GKeycU/eHVZDK+QvaGfJLcJd6Y+nCHsigxOSQrIbMFuV9QCU9pePXUCoDpQeFgflzipiQ6cOuTr5jghlCN4EBKBADGLwhKAtVXZ0Ke2D/BEZJf4gi4EnhnKVp/qYdWl/VId6EqF8TcTnOHEc1r3g5LIQXhAjk4P+w/2PorrzGzJWnyptFwg1XPcx+R+m60OIUYwFw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_1" + }, + "status": "COMPLETED" + }, + "tls_1_2_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOHtg998boSRifh55Y3u0fNbnOCvjtKTrbjk476CERMGVxynZBK62SBIZkMpOtaJMvk0MD7b2mkEh5v5UghD7tc=", + "size": 256, + "type_name": "ECDH", + "x": "4e2D33xuhJGJ+Hnlje7R81uc4K+O0pOtuOTjvoIREwY=", + "y": "VxynZBK62SBIZkMpOtaJMvk0MD7b2mkEh5v5UghD7tc=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BELiP35THfUA0swpm/jS2ueT/SjZ/reAc4ddjt6cYtjZK6DUJXcSADzV06DJxq6WMWX1fIvTFfqKLcIA78MD5H4=", + "size": 256, + "type_name": "ECDH", + "x": "QuI/flMd9QDSzCmb+NLa55P9KNn+t4Bzh12O3pxi2Nk=", + "y": "K6DUJXcSADzV06DJxq6WMWX1fIvTFfqKLcIA78MD5H4=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BISl7w0/FhRccj5cC6kPl4tkF0BoJAeznwuYpN+qTz2DfVJ6ePc/sDdp2jvBSAa1Rwou2sSKQ66qJJRJC/VEMtI=", + "size": 256, + "type_name": "ECDH", + "x": "hKXvDT8WFFxyPlwLqQ+Xi2QXQGgkB7OfC5ik36pPPYM=", + "y": "fVJ6ePc/sDdp2jvBSAa1Rwou2sSKQ66qJJRJC/VEMtI=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BPMe9E3Dig537ATXLy7Lt96xflRKM1dFtWMnZUNrkrfyj0nmMGR0zYziE/o/VTimfMF/ZVU1PAQa+joioe74dSE=", + "size": 256, + "type_name": "ECDH", + "x": "8x70TcOKDnfsBNcvLsu33rF+VEozV0W1YydlQ2uSt/I=", + "y": "j0nmMGR0zYziE/o/VTimfMF/ZVU1PAQa+joioe74dSE=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BGoDyQxanYXBWEGkSBXAedG54eEPKI0ZhpMpm0Y0Hma56gjy7Z6lvVz/lOeKtz5ZNHFDSckR0qoUuPa0BD7sKqI=", + "size": 256, + "type_name": "ECDH", + "x": "agPJDFqdhcFYQaRIFcB50bnh4Q8ojRmGkymbRjQeZrk=", + "y": "6gjy7Z6lvVz/lOeKtz5ZNHFDSckR0qoUuPa0BD7sKqI=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BGUbZT+0gny0qteMv05r/beUtDISmd8Nr2SoEUeMl/GffFe0iuYk+rutb3Dy/+wXq21aVyyZv+QgUV4OxwTeS58=", + "size": 256, + "type_name": "ECDH", + "x": "ZRtlP7SCfLSq14y/Tmv9t5S0MhKZ3w2vZKgRR4yX8Z8=", + "y": "fFe0iuYk+rutb3Dy/+wXq21aVyyZv+QgUV4OxwTeS58=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHps3zHV6d3RhPdWtet3G5bip03fHIAn26MH47Z2rJJMJ/EueIYejisWFQtwX72W8PBA6n+LDcWyBZGQtW2kwLM=", + "size": 256, + "type_name": "ECDH", + "x": "emzfMdXp3dGE91a163cbluKnTd8cgCfbowfjtnaskkw=", + "y": "J/EueIYejisWFQtwX72W8PBA6n+LDcWyBZGQtW2kwLM=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "GvoBurzk8qZ23MoTUputsOLhbYODZc3snWBCeQ1LL/90E5i4oHJg83qUb/PN/m/ccgAU9DfTXDwFDWKoZtrNlgyODoXMQDNAQjSIX0PEfCeENJT8HgI10genkHAkhipGPJ89Aq33YiKYVmnhIezNEABJ5Us2ywOKUibKcIH661ogaZwhiFdFtZ4Ain/G91IyTc8yFaWIONsJ8AROox0mImcECBGzMPMo8OUhP4h/M9YG+v0m/kvGflFXto1if0YrDJFGtSA5dq0UEVVAaGWzGvGsgSk62+yPxkFYedik/V+ZTHcXs3W++2O95w0DPUZ5DQrlWVPKpRgkOCTIGV37gw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "Dcr6x9qtPeUDvgubVoiW9bSp6fvjz9SDIGzVkQE901PJcA3iQpWiwBycOYB1fJiwGQI6cC59ArR0eO1R9s8xLpbZsoOHQeuBMTI//yh2hHQkqSiho3ZkFaGJbgG90hUO9wNyzDLz9vkX1+bFJ83chAYgjfs/gn3SYJt08eIeeuCMm7wIg8Ktb6d6O2X27VC5gYoWdhnW4czTm5ImyxLPVSrNdG1qhK0/NWWMonZmvR8DjN0QxW0YDg5n/+j2GpyRdB3NXx4JEJ2RN9K+SM0XhtrcJ8W2y+LHmIrnQQKudAtepiBUMLvM317+nzbQcfKRh40l6AQcVyTdCKKDgAc3TA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "MmPjVHibIrTKpr3LVwZzJ/6CM+3IvcVgVPNkpJhZDKGYmuLZgBih5qHFd67TDSV9FPx77WXnO2sOkHqJZVQmStRoQOkGURGSP0AP+YZQOf+eqF1g48oXamcu3d/KoIWUA/ClbHb8ebJ1crGgpS1faLPLOzY3WDREaUSl/HLkgiLEUois1RA4sOS0Wu42Q28VPBJpXtE/8YdfY53PhvDd6S+UGe7EgX1KumGDfUJYjfzOtlteTWh0cRnMq1G7LzJFlJ++a3MNfGapOKakyU+7cLceme54kEFY/LjZNSAljN1yOdZz1lNZ8Ii/QiokWSbba62z55fUzGACKntGRrwkcA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "mJiHsJMoxTGP9rV+Cze18bjLR0JQpK3PAHA/6X78D+cd4vwfk/7oarCpeQ6i1iy3UAmEpn+gZn5Pla9VwFjO00ldx1m9vzcIernIVfBMBfcBo4nl8NvLzpZ0sJBudxUvurXxbaLwJ30jKagqI7Ztcoh35u3T/Cqucw8DxoYHTnvPBZE0MASV5+I4soeJZ9zVXzYpmGOvME8HFi/KafjTWJoLn+wCua5ZpxeabcnCUGpXRnOaMlr/RmSVjsq3NmPL+8RiCVOySolfGJq06Bd0djGPAL6hofnQKc3kio3HZY1VNQydgNvofr7WmPlFYn2QF/yAmgJqhO14x+oYi4FaHA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "ohnfEiOt64P02g9iqsXdt077wPO9Fjv/Hh1uBgpljc8r3Q47kvcHu7TBpliba9QAtDWa+5eY1tXXevUt/8zGWRhfjEOruloGcyUYa0St8WPwWXU71hHlSHPKMc82LxfTnTQRNEnYJPhTkMBoPwS0p5bBUVgo6nriAQrN+OpYYTC4bU4lwNWIRVZ7m+esb/kMAHY6yfhAX5uoiMv8siNpmwxN3xdGjDHM4ISYlbQIb1kwwqcnJBTxqRWEyKjtjGGx5QEp++GbGh5O+6no4ZFkMiBhLWGc/5PjERbGI0pjkceOo8xT9Qpa6bVVL0xjRShIyq6v6XPhcaEdJiPMQEmQUA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "XDDx5pURpzZ/0jIn3Ian/iT3v8MbBIafV8UUwFCUCmo4x19SvALd0PbmuR1jEgXgIKzWlpFosON3wr55LxUL8e8/mvlXBN9Lr+RBHKU17yiX27mueneJJYpVdSf2ehqPkBjxXY6w2OgnZZ69o+w/M+kARSCgS3n76keKaU3r0uof/tFNMuBK7QzwE9FTrHBJS/P/xulTJH08stTF64rr7SbzVGWPHKRplBy0iQJRNcNwQsEFfrZWybXR34PVfdDmCmEUDkkdjrlUUbVYJ5ynqi1Ehise26heot6ROy4Y0XBrII4Mc981eBviOy9HSqGD/sv/JxEJr9mzFA4XbV8FyA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "pSwKuIb+G/i6h4CXFfpg5wzhOkvdxCRcLHKjDOrOUTPMQ9KvuFIWtXZARh2Ef+SEShR2LSmeGIJjnkQIl6cxjgwilPReSSalEz94/iTyu7veG2M2yIKwPmg8YRwADFz5889gYAMRDgO7FMSJuWzHU3Bv4J5V/0eLdnbU1gRdfUKykcv2yTNgSdcGncQrdN01YWM+ft3ujSW6HRS7pvtcUdQvCCq3GoCPbaKSPrqjMLYXiyWL6Dw3RHlYTp6pXtuyj6DhuQ4Eff6ILfNYWTGfRr4bC6FSp51wRTwtAu7SVN9c6pBAI4hW+0jQZZLJe6tsYTwKARMQR1EAsMB6L5DFyA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "ueXoMKt5EQxJ/5GfvyMB0HJdemRV7dSCzKy1qgZE6GTrxc46aJhg7ZUDu5p3iYd+Po4W15oHR1zNhXX3WeiFcKXn9fGuDRgaPI3zqFaV8JT3xiF8dW5TJuucNaYsk7lOhXl4HS+pfmKiDr7PljAcq2Hg+lByUO/MYTX3jruxlhePjU+bmNADy+N0Rumx1aGOU7Jny45nvCVgdFG3UqOD6iHxL7manSi+6TqKmv0Jp0TqJqXEvB5or4PdaSCTdN7gKKGwNzG4PYrkPAS+0TWMyO9FwV9hi6o3DajIK5jprtgxOpJXBszsUH4J9uV5WakHuzHzp8nUTIiL+FDW5b7hYw==", + "public_bytes": "FSmlGYhJCcKG/QWSz/mKycBmrxVcSqojwvkxkPdo5lgwCbhkkSONsSBHXFY8YeZSetpQj+y9FlWbbIN6UFJLclMuiLYfv+W2QqrpDUXvxrLwV3iNmdH1ZOhqXaxEVxENyoBfrB3GtU+9qBjdZH7CA3mDwI8yz4OwqeC0HJKR5ppVChgitkwzkazirYUr0gAxzCj2POwm2b5KZqO+YokoqHMSkBfXKyUD1m+CYLCdG7zOXcWBYQUgibVFBF1yxbznmZz+RD7kfgpc5q5YjZudISLe59Uii+bN4RKw/zSuwMcADXqWG7GJ9ebDpey7Sa3vzg716gg2g2wIcc50UOhoVQ==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_2" + }, + "status": "COMPLETED" + }, + "tls_1_3_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_3" + }, + "status": "COMPLETED" + }, + "tls_1_3_early_data": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "tls_compression": { + "error_reason": null, + "error_trace": null, + "result": { + "supports_compression": false + }, + "status": "COMPLETED" + }, + "tls_fallback_scsv": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + } + }, + "scan_status": "COMPLETED", + "server_location": { + "connection_type": "DIRECT", + "hostname": "example.com", + "http_proxy_settings": null, + "ip_address": "1.1.1.1", + "port": 443 + }, + "uuid": "2b44dd4d-433d-4492-8faa-aec9c83ed7e3" + }], + "sslyze_url": "https://github.com/nabla-c0d3/sslyze", + "sslyze_version": "5.0.1" +} \ No newline at end of file diff --git a/unittests/scans/sslyze/one_target_many_vuln.json b/unittests/scans/sslyze/one_target_many_vuln_old.json similarity index 100% rename from unittests/scans/sslyze/one_target_many_vuln.json rename to unittests/scans/sslyze/one_target_many_vuln_old.json diff --git a/unittests/scans/sslyze/one_target_one_vuln_new.json b/unittests/scans/sslyze/one_target_one_vuln_new.json new file mode 100644 index 00000000000..3acced9d7fb --- /dev/null +++ b/unittests/scans/sslyze/one_target_one_vuln_new.json @@ -0,0 +1,6014 @@ +{ + "date_scans_completed": "2022-01-17T16:46:15.754574", + "date_scans_started": "2022-01-17T16:46:10.091480", + "server_scan_results": [{ + "connectivity_error_trace": null, + "connectivity_result": { + "cipher_suite_supported": "TLS_AES_256_GCM_SHA384", + "client_auth_requirement": "DISABLED", + "highest_tls_version_supported": "TLS_1_3", + "supports_ecdh_key_exchange": true + }, + "connectivity_status": "COMPLETED", + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "example.com", + "xmpp_to_hostname": null + }, + "scan_result": { + "certificate_info": { + "error_reason": null, + "error_trace": null, + "result": { + "certificate_deployments": [{ + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [{ + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "12.0.0_r9" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS 8" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [{ + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-12-19" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-11-28" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQApRkVlF+tqkgtif1mEPakjANBgkqhkiG9w0BAQsFADBZ\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypS\nYXBpZFNTTCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEw\nMzE1MDAwMDAwWhcNMjIwMzE1MjM1OTU5WjAVMRMwEQYDVQQDDAoqLmRlbGZpLmx0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mHuEsqjMWKhu40LHxYW\nLe3AKTAJuo27Y6gBtLcqC5WsRxcHmVWfgHOEBkE04tGFSZMAceVyVj5htlGe4sjG\nwPkC16iLmiIxQSGhYwNXgQpgcLDOo57mPIay4X2uCTIGhPeKEjeucYdlWUKi1upq\nqvamGBRlkQPExUB3XO2fg3z3z1sg5RUXhJgL7b7TBYL+YcBVxtedoH3o2ycPfmrq\nSD8gUgkS22jjzupbxxaX15iAUh9+uZK3yD5z9zi4yqCQL7vwpQ6BLQEeKxxKHYh/\nQOb7r9VywrhX85/ZYM7Jfhjw6S47Lis0R9A17gUrqxdwyg9/ivnpU1ENRu6a1+/O\nrQIDAQABo4IDDTCCAwkwHwYDVR0jBBgwFoAUpI3lvnx55HAjbS4pNK0jWNz1MX8w\nHQYDVR0OBBYEFIc0BTQrVS2xfCPzXpdPd3/ObBoPMB8GA1UdEQQYMBaCCiouZGVs\nZmkubHSCCGRlbGZpLmx0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwgZsGA1UdHwSBkzCBkDBGoESgQoZAaHR0cDovL2NybDMu\nZGlnaWNlcnQuY29tL1JhcGlkU1NMVExTRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0x\nLmNybDBGoESgQoZAaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMVExT\nRFZSU0FNaXhlZFNIQTI1NjIwMjBDQS0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAEC\nATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYUG\nCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\nY29tME8GCCsGAQUFBzAChkNodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFw\naWRTU0xUTFNEVlJTQU1peGVkU0hBMjU2MjAyMENBLTEuY3J0MAkGA1UdEwQCMAAw\nggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK\n+PlNXSZcJV3HhAAAAXg1DLciAAAEAwBHMEUCID477jyZIq6tp+eT3NQTQ3Qbp+Q8\nrMWOkFJ8x+2BC8aJAiEA//ud6GZ6LEK9RaVBsmeh2oBWWXzBufb6URcEK1LbgDoA\ndgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXg1DLd1AAAEAwBH\nMEUCIQDvz0jrhRciyeIvHhUDG1Cq/JkpCv3RSUEDGYvd5jcO9gIgPuuj4gGlBMAN\nmZZ5OiUsFffap/sFvGPdBXi0LHBZGrswDQYJKoZIhvcNAQELBQADggEBAEBNA33F\nSP/yZa8pOPUsoU9mS8C//730wu4VgOBSm0K6EED8Tk+otQINsmswqDjOms5aWPno\n0zEBVzYOUFCAJIidS9gdKGWnb3IZWYPBfvPrbz8fSXimSimE+ED1n2Yxkq1Y3yHD\nZtEda/yWWFppF/9fOs4fXnl95LeB7ostXcnvXoyG5a6MBb0v3zSqJU0a1QxEcDw8\n/yndrFUk6Sz73uNNHq4eryyqGmJ2vv+QGT1085QDRLy3ddjPA1lGxkWV9FrP12vN\nJf6RPlFRGg7fzI2kOAYA5i3SlG/BVvrfAaRKGpYEd7EW5CshhGLlmps9ktr4r5qR\n+OW4FvL367DMTmI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "IHwka+OHM8hN1tRg8jkPJUUBLkA=", + "fingerprint_sha256": "6hUCEFZ2fDbUGZ4JUCzl5GmqECBXsEtTR+vv3bbl8QY=", + "hpkp_pin": "jOCNy2j9i+LxBZky3BDcAex0ol2U/WvrEAfdBg1W40U=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2022-03-15T23:59:59", + "not_valid_before": "2021-03-15T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28578147992458018397930663562792065435082968700721346055819518525354195777024933418451461321165889815553440738236541553360631794962216423208025375566765217567664759567253493108447572631647323517149244486627449316391153536901256955706146462334382623286576917418569853055105730435535744503519171084860730502006876249233286831346004162737402500398400168250098672986435557060818859240807187091540286436840487325726235437966447903385961590475571601483401261100711460542427163349212618804474173050813201665729676966681878285492132779896194011884172219885855266798048452552318005831264163301195432141031705089365947087572653 + }, + "serial_number": 3428951006436800667962695313007041170, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=*.example.com", + "value": "*.example.com" + }], + "rfc4514_string": "CN=*.example.com" + }, + "subject_alternative_name": { + "dns": [ + "*.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0yMDA3MTYxMjI1MjdaFw0yMzA1MzEyMzU5NTlaMFkxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKlJhcGlkU1NMIFRMUyBE\nViBSU0EgTWl4ZWQgU0hBMjU2IDIwMjAgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBANpuQ1VVmXvZlaJmxGVYotAMFzoApohbJAeNpzN+49LbgkrM\nLv2tblII8H43vN7UFumxV7lJdPwLP22qa0sV9cwCr6QZoGEobda+4pufG0aSfHQC\nQhulaqKpPcYYOPjTwgqJA84AFYj8l/IeQ8n01VyCurMIHA478ts2G6GGtEx0ucnE\nfV2QHUL64EC2yh7ybboo5v8nFWV4lx/xcfxoxkFTVnAIRgHrH2vUdOiV9slOix3z\n5KPs2rK2bbach8Sh5GSkgp2HRoS/my0tCq1vjyLJeP0aNwPd3rk5O8LiffLev9j+\nUKZo0tt0VvTLkdGmSN4h1mVY6DnGfOwp1C5SK0MCAwEAAaOCAgswggIHMB0GA1Ud\nDgQWBBSkjeW+fHnkcCNtLik0rSNY3PUxfzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bw\no+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQG\nCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3\noDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9v\ndENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0\nR2xvYmFsUm9vdENBLmNybDCBzgYDVR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsG\nAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcC\nAjB+DHxBbnkgdXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNj\nZXB0YW5jZSBvZiB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBh\ndCBodHRwczovL3d3dy5kaWdpY2VydC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUA\nA4IBAQAi49xtSOuOygBycy50quCThG45xIdUAsQCaXFVRa9asPaB/jLINXJL3qV9\nJ0Gh2bZM0k4yOMeAMZ57smP6JkcJihhOFlfQa18aljd+xNc6b+GX6oFcCHGr+gsE\nyPM8qvlKGxc5T5eHVzV6jpjpyzl6VEKpaxH6gdGVpQVgjkOR9yY9XAUlFnzlOCpq\nsm7r2ZUKpDfrhUnVzX2nSM15XSj48rVBBAnGJWkLPijlACd3sWFMVUiKRz1C5PZy\nel2l7J/W4d99KFLSYgoy5GDmARpwLc//fXfkr40nMY8ibCmxCsjXQTe0fJbtrrLL\nyWQlk9VDV296EI/kQOJNLVEkJ54P\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "m9CKWIdvbISdtruZqLGUiSZHhg4=", + "fingerprint_sha256": "5vpISoWJQNEBl4VVRUqkZlMatsSrxK0rAAYmqqwNBPk=", + "hpkp_pin": "48hXNwn3laJAzsrIBprOcewUb097BGNL7e+MVM7Rcis=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2023-05-31T23:59:59", + "not_valid_before": "2020-07-16T12:25:27", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27574323204680624563828232751587726221614248135444919305107192432358158712885634902023526263476568000548956635892871232119825117569958181507625421723755440661659655382171341195513888591832987804080918992434260104963355485317095112178389837324188942874283181495696976630686075061284801124642200510841127304555323615001583090401892633316318617318068397987391334692735182696642811398335455679721283673797613937064201001202434279028751316590484836668909354002102995942171354622174974635705425910250149774710777862545946917761383109590429482046753677126173529497505985521767736455487435900636821013875344068916182447696707 + }, + "serial_number": 10094920634610845175072226827329899116, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1", + "value": "RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1" + } + ], + "rfc4514_string": "CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "qJhdOmXl5cSy19ZtQMbdL7GcVDY=", + "fingerprint_sha256": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=", + "hpkp_pin": "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2031-11-10T00:00:00", + "not_valid_before": "2006-11-10T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303 + }, + "serial_number": 10944719598952040374951832963794454346, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root CA", + "value": "DigiCert Global Root CA" + } + ], + "rfc4514_string": "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }], + "hostname_used_for_server_name_indication": "example.com" + }, + "status": "COMPLETED" + }, + "elliptic_curves": { + "error_reason": null, + "error_trace": null, + "result": { + "rejected_curves": [{ + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [{ + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + } + ], + "supports_ecdh_key_exchange": true + }, + "status": "COMPLETED" + }, + "heartbleed": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_heartbleed": false + }, + "status": "COMPLETED" + }, + "http_headers": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "openssl_ccs_injection": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_ccs_injection": false + }, + "status": "COMPLETED" + }, + "robot": { + "error_reason": null, + "error_trace": null, + "result": { + "robot_result": "NOT_VULNERABLE_NO_ORACLE" + }, + "status": "COMPLETED" + }, + "session_renegotiation": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "status": "COMPLETED" + }, + "session_resumption": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "ssl_2_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + } + ], + "tls_version_used": "SSL_2_0" + }, + "status": "COMPLETED" + }, + "ssl_3_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + } + ], + "tls_version_used": "SSL_3_0" + }, + "status": "COMPLETED" + }, + "tls_1_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_0" + }, + "status": "COMPLETED" + }, + "tls_1_1_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_1" + }, + "status": "COMPLETED" + }, + "tls_1_2_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BCusTDhbJGcl4ENzyetCilDQ9G5m55gOTzGUQub9TzRm+IF8kBP34gYBgVEqpxyvmHqiC2V946EysgkQsX4gByk=", + "size": 256, + "type_name": "ECDH", + "x": "K6xMOFskZyXgQ3PJ60KKUND0bmbnmA5PMZRC5v1PNGY=", + "y": "+IF8kBP34gYBgVEqpxyvmHqiC2V946EysgkQsX4gByk=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BGiNYzDMKCt6rAM0m0SldnGc3QyDhC/lU7Qg9RhrflZYIAdkexKccH1KmUGJmZqJT85RMC2b0jodhYboblLtnVE=", + "size": 256, + "type_name": "ECDH", + "x": "aI1jMMwoK3qsAzSbRKV2cZzdDIOEL+VTtCD1GGt+Vlg=", + "y": "IAdkexKccH1KmUGJmZqJT85RMC2b0jodhYboblLtnVE=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHf9fAc42Xvvairf3QtJR0DGopNjq/bDr2gLN1c9/JWnZdsasch1Ce19keaZy1+h+8T7hn1+YWv5mKwkSogdrRQ=", + "size": 256, + "type_name": "ECDH", + "x": "d/18BzjZe+9qKt/dC0lHQMaik2Or9sOvaAs3Vz38lac=", + "y": "Zdsasch1Ce19keaZy1+h+8T7hn1+YWv5mKwkSogdrRQ=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOEFugp+bKGoYrJFuEkApepUqF8uyKLYW/IIXRMtUrEHhr5R6zGKLkH94+mRPIzpuJtVtdZLslxXnsjV1WRFGbE=", + "size": 256, + "type_name": "ECDH", + "x": "4QW6Cn5soahiskW4SQCl6lSoXy7Iothb8ghdEy1SsQc=", + "y": "hr5R6zGKLkH94+mRPIzpuJtVtdZLslxXnsjV1WRFGbE=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BNTn3BO5CAa8AtfsHcrMI0iKse0ntmEzXG8QeHsYuQ9QjeZtWPndjZ0EdG9tYPkEFPVhBkgzp7N3Xa3WlD+5u+M=", + "size": 256, + "type_name": "ECDH", + "x": "1OfcE7kIBrwC1+wdyswjSIqx7Se2YTNcbxB4exi5D1A=", + "y": "jeZtWPndjZ0EdG9tYPkEFPVhBkgzp7N3Xa3WlD+5u+M=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BAkqDEIkEsixfEGwyPX7csysGJxcBj7XG9nXfcG2pUDxxO66tcZ05eYDLp4Zegs+2wa3p1wbptfX1r6KX/YrCm4=", + "size": 256, + "type_name": "ECDH", + "x": "CSoMQiQSyLF8QbDI9ftyzKwYnFwGPtcb2dd9wbalQPE=", + "y": "xO66tcZ05eYDLp4Zegs+2wa3p1wbptfX1r6KX/YrCm4=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "YdeLxWeO0fsO8I0gavdC/gZTvKFWK61ZZXR8Z3c5c9hYjmheQMYu9tcVwXU/TdxWed6Zt7mrZEaPVWR6Vmbwcp7L3T+UnyfPfjZtutFmFhD5VSdiar2VHj9r9Dv4DzobxaM4Sp2FCChgnTlF9g9IFC3KXtLVE9UEySe5pCmHxSWCNYFYrnqjcCf/uINEozIX/SZrhzKE9k7dmHSTtLH+4tSTdiYZlbkbniabqsa+dedsN1SpkcewomL9NJut7Cclb6d1ALrLpRcqRu6MpbWbb9Q+CzXV6Hetj/ZTtUXC9fPU0pzVk9Me1YNrc9eIOQWREOji0BTonJ8vZdq9QLjhEQ==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "jDM8s/kckph+5Xg07wUlnlmDqyfn3QytoQI5kk2Z4w1qBeHSfyxyHfww9J3bdUNf4e8UC5fph/XV5V49xRMOfNJmOm+Ex0YOLEP51+rzrRSEAt9NMZk+np3QPbOSFklSOZQgR0Mt8ZSMDL+FlEcyYH1b+4aLZghWotRHO0buZOPvPQkMk86HIrOqQYSRZKeEDZ9saFIBnAYRSyualLhv3au8fLO5vWKDIUdsORBnYkgSC3FUwoOyVyaIIgMUo13LFAx1kp8sQkJTOAesfVlY1koo2hERqQBlenEwc3+3pEG+2kMHz9FDPMi+67WsEPq75h2DdKswFSDvPCscvOZcpw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "JeSAtP2f6xEdAFd96ETCVQ0Dgs29OI7YQVNU6cEacGIx+XtkYpBzcoLN1fdEe+a1jTGTH6uIqrxw2tnHMhnVzvidBpFfp4gP9KWUEZ7+UchJtYEfvpylnFMzrnW+xIUdmbiThWe+PMw2YUxFVeozn3B2//e+ZfOSQIYmEZGFBME1qGL1p9iJMdygB7JvZ96190//jSx4v9TNixsguhyQYBH1nN5dlRxs1MYM3z9gDbB2xh6nwuUdiaxgCdhDdjwoXd5duouqWl84ySM9xiXHaMEy5yzLJ/yVKlvhL/Z+FeHqypTqh+dZarWLuTyvR+AysBjd61epGmwVSbkBtWu5DA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "bT6uNfxkVx52fV8080wvxJtopeXmJWiIXT8TX+TsHcZQkoN6K2V3CLNtbprTSJPmSVA+2GaFOZJnCRm+/OyvQ1no9N2X4iZs90V+Ui9eLAkTXFfi21JGIlItleROuFGGoQZNHBA1RkaZowpH8eQKGGT4p1fd9leIU/6syCt1GUxLh8skje7AAd9tpuCUYG+YUNbjeCPijE1epjjg7TXhGN23r+IhyjOTTjDJ35HDq4CWruwGHr+O65+HfZ7pj9XEzG8hDrmSNtXTGqggENZKX2oTnoTIp0jkCgzYiVx+I2k0w5egMB1AFHpdjNKa/sjQHNTiSchZWu4QrefB5Rbcdw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "fUW/bVfr80HhvAIhCs0U+yxtXvVdw+zL62srlZq6t/UfQQ30AtTxMa3Vdm45T/hwmlUYhW91LqvBDMRLzBVUlp506oOIJVRCOlsxH+pgobepi4E7k34A+bPooCFl4vYnaAEv/mCZOGwRFsR3IHPSZla5yqrF0mGpxvNog5+QXMxP2t2tcqW67BYFdnH1DJoPidTZDni6owEtM+6P0lUUYQ2hqApw+BuAqR6bGesdCZy1U7wck8WKI9RJ3/aQ8lpyA5ncO+3P+7NZR9k05C0wjSiikUh7Owm9GzrbY487Rm1y+TesPuHHUw1chK8dkx8+oqmWFQN4xmiygd5/0c5TQw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "iN9TRTSauHaywF8YmNFQlGjiyPhgiNMn5yO08kwzt7bztYZxw9Y12hGnmlFvJ0pyiOU9f5+YtJFEaSikszjC6txsObWHauRkhzfyE/VAeKNR0o9uLpCUgKZHEXHRbacBPykY1mNNAh0uy69iLJl+TMDPaQ4BvnAJKxZM1NE7zQzO7PwADsYTZFBmMvPUQ3ZTwXVTV0i2xZFEOklkZQl9+5yR1Od7k+iIBfh7QOqLDensluWsxcrnMtd+jXmfhAuYwepF6zO9c/cVph+95BAuVZRNsjBZdTiAz6yyPIhgcnaE9EXIS90arJmdAuJ915EA/TjqlOrasBbWSorkODDijQ==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "VjhDce3QjVqNIV+PXuacLDdAdtQmzzheslVFsOsTLSSAKKUZFhncHDXgj6NAaS9b/X23ynb7feTNcEwMZShyXrtsZBhYXoqofrsCUnB4MDwoTpReyvCSCvj/6RwvosLmR8/KkLd9lSM4AGU8GXB3yd85lhGTG63S4Za0pm+PFAZErpMFkHFvmjaZBSnk5NMlkZZuWNwH6jYwBsTEyb2QlPJmsxOLj4BBIDh+H80ve1rauxxj7ZrwN3/kpRfc2PmrT7iubMlzUyI0bV0iLXin74Txf8AOBL7TNm8HCxmwIZIX1h53gKF8dspPPVtreWGkmNqC/X4HG2G0+CNjRjzAbA==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "UOiVL9jGrxWknTlOb6Zqt5qFAGVrTMC+KVDwjsNQKHeBtGefBN/u66XONcbVkstfTfAgrwGpSdM1gR9clzSHGlA2ylhbK+bfJZQ3K1LgHC6ohZyAi7/yI8ADGQ40nKlH/Q5O0WzSIvJUTN6hb++Lr0wyBUgRsr1LlsubafhEu3hQobaOtvgXu5dBWdcO/uCEET0xiLFCMA15JF/MKvkebC0SRBensaTN5/dLdGvFmFH7hY3p1G82+n3TxB9MA4oGahd1TsjbIE/o87zaQU+LCGw4L1Xx9DQH8tX0Bw9OQQ3WC23dnBls45K1v3Mb+9vKpWcXrXBs2aeaJNSunl3ncw==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "oopJh6tW+p5jTaouAo2vFETwsVjaRWA2TeTJyeM74XdWyqECw4E7YoxLoTWzhlATltbTkxcLlcpTBYQaGbUXJm6zW2HfKJkTy0ER6b8J1ZjSWBbsh7dyKZ1eOFUT28vcU32qRf6ivHknSCLLL/665DdOVlvLMTSpTAH8H4tg0d2mtPweKVVGGw0GP6OiRvVTRGCAfIDf3ebRrLhIZirfx1+IG4NDWjyeiP72ViiB+/zP0DRCc3uoVQDWqtejfFAJ2u27qu27lUYlclIItx1B8aLL38C6qc/CM03T8BOAzYHFsHEmdhVc81Jbwa9zNbhb7HrooDTUImO+HuKobuNqKQ==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "unFHsDotZ2WwaUSECfeWuWRJCHhojNK7dWpZuah+IK7Pfzorw1SPHuPdlgbdigD7B6GLIhKYpbtLVYJckjUuxy8pdwm7JCFNqritELXVvZhZScceapie1+chapVazCfRFQHUSmmdD31wfx7Qofp5C/g6NjXu+9pLKwcFIS4JtD56zIJFTV607NdRJpzOK/KLHuYnXUqkKUyFYizy2t/NshST7hsaGEXoSD5lwPZ/xDZdLkYeUDXYNIGB4Df53YEW+xixnsclgk0czbE6+PIR7JhKw8acj5MjqEI4OgBQeNw3UmGT5kW53oxMwCUXHacDm8Ab+vye72Msbs26SYj9Qw==", + "public_bytes": "o68HJieZDZCmMPgXtxWxF14/oX2tDLnnHmzEcO8Wa8CIbydZ/TE66l++lPV6D1ip492nQzsudLrrmp4oA/MsQOW6Pd0wBaHJ3qKX4f7j5Sz+dFz5bkDVdQ0OeWDNvh/hPL81ifkhiI0XRNXqR4b/dlyW+wJlSazbSDfg8YXIJp8uAPcNtjm1IjarWfXcmBWysgKlKEyn5SjMA5yubdfnCL6AKQUFhXP7AY9ZatbjY6y8cZsXLQQpnVHwDMAJr2pG67e+gCXgWZSC5qaqzOkRdsFzgFPOUIyQZBzOWsFxBAWju4fIW1jm00wIc6+1bncU4i+E4Uebr1wstFqbqvOSew==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_2" + }, + "status": "COMPLETED" + }, + "tls_1_3_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "Rj6KRnFFwuBbnKZuhePs+mmK4YAg/ejWzPye7InQvjE=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "skYoLd2nfEkcUn8zZkAYKJixKnHK8QsNlFoq678U0Xc=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_3" + }, + "status": "COMPLETED" + }, + "tls_1_3_early_data": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "tls_compression": { + "error_reason": null, + "error_trace": null, + "result": { + "supports_compression": false + }, + "status": "COMPLETED" + }, + "tls_fallback_scsv": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + } + }, + "scan_status": "COMPLETED", + "server_location": { + "connection_type": "DIRECT", + "hostname": "example.com", + "http_proxy_settings": null, + "ip_address": "1.1.1.1", + "port": 443 + }, + "uuid": "ca6c8935-a850-43e7-ab67-9145d9d119b6" + }], + "sslyze_url": "https://github.com/nabla-c0d3/sslyze", + "sslyze_version": "5.0.1" +} \ No newline at end of file diff --git a/unittests/scans/sslyze/one_target_one_vuln.json b/unittests/scans/sslyze/one_target_one_vuln_old.json similarity index 100% rename from unittests/scans/sslyze/one_target_one_vuln.json rename to unittests/scans/sslyze/one_target_one_vuln_old.json diff --git a/unittests/scans/sslyze/one_target_zero_vuln_new.json b/unittests/scans/sslyze/one_target_zero_vuln_new.json new file mode 100644 index 00000000000..3b8ec71c8ff --- /dev/null +++ b/unittests/scans/sslyze/one_target_zero_vuln_new.json @@ -0,0 +1,6136 @@ +{ + "date_scans_completed": "2022-01-28T11:47:54.230959", + "date_scans_started": "2022-01-28T11:47:34.449950", + "server_scan_results": [ + { + "connectivity_error_trace": null, + "connectivity_result": { + "cipher_suite_supported": "TLS_AES_128_GCM_SHA256", + "client_auth_requirement": "DISABLED", + "highest_tls_version_supported": "TLS_1_3", + "supports_ecdh_key_exchange": true + }, + "connectivity_status": "COMPLETED", + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "example.com", + "xmpp_to_hostname": null + }, + "scan_result": { + "certificate_info": { + "error_reason": null, + "error_trace": null, + "result": { + "certificate_deployments": [ + { + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 3, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": null, + "ocsp_response_is_trusted": null, + "path_validation_results": [ + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "12.0.0_r9" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS 8" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [ + ], + "name": "Mozilla", + "path": "sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-12-19" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-11-28" + }, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [ + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "bx4hnENW+9Jgn1xeBgAO7VErKts=", + "fingerprint_sha256": "KwG0Z1HDB82pOFTWhqIV16g847zx7YAOlRP8sDGRgvc=", + "hpkp_pin": "eprLMvWJQBmzhVtSA3xFT8Qc+B9uFhBngux3gtNFBj0=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "not_valid_after": "2023-01-19T04:39:56", + "not_valid_before": "2022-01-24T04:39:56", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 1137351753972468548878823913237480241606715259, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=IL", + "value": "IL" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Springfield", + "value": "Springfield" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=example.com", + "value": "example.com" + } + ], + "rfc4514_string": "CN=example.com,O=Example Enterprises,L=Springfield,ST=IL,C=US" + }, + "subject_alternative_name": { + "dns": [ + "example.com", + "s.example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "MOAXYauX5ZoGtB7yCvby3n7097A=", + "fingerprint_sha256": "SP+LSUZox1IwS0i/6Bh1iYfe9lguXwm5IfS2C7PWqN0=", + "hpkp_pin": "Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2024-06-27T23:59:59", + "not_valid_before": "2020-07-29T12:30:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 3860826545901910642936848779406233792, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Example Enterprises", + "value": "Example Enterprises" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Example Issuing CA", + "value": "Example Issuing CA" + } + ], + "rfc4514_string": "CN=Example Issuing CA,O=Example Enterprises,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----REDACTED-----END CERTIFICATE-----\n", + "fingerprint_sha1": "3zwk+b/WZnYbJoBz/gbRzI1PgqQ=", + "fingerprint_sha256": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=", + "hpkp_pin": "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", + "issuer": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "not_valid_after": "2038-01-15T12:00:00", + "not_valid_before": "2013-08-01T12:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 12345, + "rsa_n": 12345678901234567890 + }, + "serial_number": 4293743540046975378534879503202253541, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [ + { + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=DigiCert Inc", + "value": "DigiCert Inc" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=www.digicert.com", + "value": "www.digicert.com" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=DigiCert Global Root G2", + "value": "DigiCert Global Root G2" + } + ], + "rfc4514_string": "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + } + ], + "hostname_used_for_server_name_indication": "example.com" + }, + "status": "COMPLETED" + }, + "elliptic_curves": { + "error_reason": null, + "error_trace": null, + "result": { + "rejected_curves": [ + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [ + { + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + } + ], + "supports_ecdh_key_exchange": true + }, + "status": "COMPLETED" + }, + "heartbleed": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_heartbleed": false + }, + "status": "COMPLETED" + }, + "http_headers": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "openssl_ccs_injection": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_ccs_injection": false + }, + "status": "COMPLETED" + }, + "robot": { + "error_reason": null, + "error_trace": null, + "result": { + "robot_result": "NOT_VULNERABLE_RSA_NOT_SUPPORTED" + }, + "status": "COMPLETED" + }, + "session_renegotiation": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "status": "COMPLETED" + }, + "session_resumption": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "ssl_2_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server interrupted the TLS handshake" + } + ], + "tls_version_used": "SSL_2_0" + }, + "status": "COMPLETED" + }, + "ssl_3_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "SSL_3_0" + }, + "status": "COMPLETED" + }, + "tls_1_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + } + ], + "tls_version_used": "TLS_1_0" + }, + "status": "COMPLETED" + }, + "tls_1_1_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: protocol version " + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: protocol version " + } + ], + "tls_version_used": "TLS_1_1" + }, + "status": "COMPLETED" + }, + "tls_1_2_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BAJyDPopBq3gkvBUAi4CLy5yPiqerMxUkadkJBTPXeWB8afsPImSektXgdsZqvm7dUoemEcbwcRVhRUaz97xDDs=", + "size": 256, + "type_name": "ECDH", + "x": "AnIM+ikGreCS8FQCLgIvLnI+Kp6szFSRp2QkFM9d5YE=", + "y": "8afsPImSektXgdsZqvm7dUoemEcbwcRVhRUaz97xDDs=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOuGihnYfaaGHJsLSnOmRnfvhMzsd6QQ8DgRsULC5LRPqoDWyMbXR/Q8IEim9wcPPpmb2pAwebvbDlWpAf78wkQ=", + "size": 256, + "type_name": "ECDH", + "x": "64aKGdh9poYcmwtKc6ZGd++EzOx3pBDwOBGxQsLktE8=", + "y": "qoDWyMbXR/Q8IEim9wcPPpmb2pAwebvbDlWpAf78wkQ=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BKQNhMwvMSg4Rkx/FqB1UyP2ap06xsZgjMP7sa88Y9mXDEKMuMZPr067siqxquQPekv36ZFX29W3f9TrEtib5dM=", + "size": 256, + "type_name": "ECDH", + "x": "pA2EzC8xKDhGTH8WoHVTI/ZqnTrGxmCMw/uxrzxj2Zc=", + "y": "DEKMuMZPr067siqxquQPekv36ZFX29W3f9TrEtib5dM=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BAdUh9Pd6HzI8QreG9Dca7wJqlsBjuQCObwtEn0hXdKNdZFUZVcMfeWgN5t80pDh0L/aCgG/dD0ii80R14N/Dqk=", + "size": 256, + "type_name": "ECDH", + "x": "B1SH093ofMjxCt4b0NxrvAmqWwGO5AI5vC0SfSFd0o0=", + "y": "dZFUZVcMfeWgN5t80pDh0L/aCgG/dD0ii80R14N/Dqk=" + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_2" + }, + "status": "COMPLETED" + }, + "tls_1_3_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "kx3fLfd0ugVkKB77WUhUZUKl/Y47HvsA/vbAcIJEvAo=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "PC9GPlTue/WVVMEUFMjrHI8iq/putFGAGN0qS/+3xCY=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [ + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_3" + }, + "status": "COMPLETED" + }, + "tls_1_3_early_data": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "tls_compression": { + "error_reason": null, + "error_trace": null, + "result": { + "supports_compression": false + }, + "status": "COMPLETED" + }, + "tls_fallback_scsv": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + } + }, + "scan_status": "COMPLETED", + "server_location": { + "connection_type": "DIRECT", + "hostname": "example.com", + "http_proxy_settings": null, + "ip_address": "40.76.4.15", + "port": 443 + }, + "uuid": "b4693b81-ac23-47e6-9c41-029001a29dcc" + } + ], + "sslyze_url": "https://github.com/nabla-c0d3/sslyze", + "sslyze_version": "5.0.2" +} diff --git a/unittests/scans/sslyze/one_target_zero_vuln.json b/unittests/scans/sslyze/one_target_zero_vuln_old.json similarity index 100% rename from unittests/scans/sslyze/one_target_zero_vuln.json rename to unittests/scans/sslyze/one_target_zero_vuln_old.json diff --git a/unittests/scans/sslyze/two_targets_many_vuln_new.json b/unittests/scans/sslyze/two_targets_many_vuln_new.json new file mode 100644 index 00000000000..84ec2045591 --- /dev/null +++ b/unittests/scans/sslyze/two_targets_many_vuln_new.json @@ -0,0 +1,12777 @@ +{ + "date_scans_completed": "2022-01-17T17:23:32.798533", + "date_scans_started": "2022-01-17T17:23:27.355556", + "server_scan_results": [{ + "connectivity_error_trace": null, + "connectivity_result": { + "cipher_suite_supported": "ECDHE-RSA-AES256-GCM-SHA384", + "client_auth_requirement": "DISABLED", + "highest_tls_version_supported": "TLS_1_2", + "supports_ecdh_key_exchange": true + }, + "connectivity_status": "COMPLETED", + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "example.com", + "xmpp_to_hostname": null + }, + "scan_result": { + "certificate_info": { + "error_reason": null, + "error_trace": null, + "result": { + "certificate_deployments": [{ + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 2, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": { + "certificate_status": "GOOD", + "next_update": "2022-01-19T15:45:27", + "produced_at": "2022-01-12T15:45:27", + "response_status": "SUCCESSFUL", + "revocation_time": null, + "serial_number": 26483498740186297778148040768960961460, + "this_update": "2022-01-12T15:45:27" + }, + "ocsp_response_is_trusted": true, + "path_validation_results": [{ + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "12.0.0_r9" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS 8" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [{ + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-12-19" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-11-28" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFvzCCBKegAwIBAgIQE+yJTKI2o3Ya2xy5nbmbtDANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDMxNzAwMDAwMFoXDTIyMDQxNzIzNTk1OVowHDEaMBgGA1UEAxMRd3d3\nLmtpbG9iYWl0YXMubHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf\nu23U068+FZlN1G59ih12IXa/bJ+5QnSj35wLlCLpptZCHm2qBm0fcxIKeN8aSGRc\n2uxxtDuWi4qSH/xb/F8KfBdn+yG2GU0sBCpr2uvA6/2xWbfenJoWqjko5Xy0Udam\nBH6JpQ7tWOOCrr+vqujDwn2otyWRrnGBmE/YhjMRIslgKYCX1UX3cQWH7DWZtlKS\nLDEOB1mlEg41M8dIruE/A2bfQa1NM5kYEhfWjQA/Pc5lDXazUiaG/Vf4hEvv9yfi\nY1AG8YXGOrKH2QfviwAy1f8pnvFfk1X+R5ofvZI7+IVdgX9KCvzAxB9dxaVm4mJZ\n2+gtYyNpc68C8YluujZ/AgMBAAGjggKHMIICgzAfBgNVHSMEGDAWgBSNjF7EVK2K\n4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUILxpOrWEutE0Ejqlzgti/fcYliMwDgYD\nVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC\nARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcB\nAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln\nb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUH\nMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCEXd3dy5raWxv\nYmFpdGFzLmx0gg1raWxvYmFpdGFzLmx0MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDv\nAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4Px44RgAABAMA\nRzBFAiAbH/8JEXtTR6YFNpYL51VTXNAo3APNSuODEgdw7noAaQIhAMzsP729QZ4P\nG9UwnGc06KjFFU9PLmcMRFwdFG+lGHQYAHUA36Veq2iCTx9sre64X04+WurNohKk\nal6OOxLAIERcKnMAAAF4Px44JwAABAMARjBEAiAmh2zGR5pQa9WHP1OyvYyS803k\nJ1Zl4iCrbzGTQTQ1TAIgP5NpF6PwX8XmJfAaDwhXkH0gNyj3BH7mLDp/AzzjbsUw\nDQYJKoZIhvcNAQELBQADggEBABrN4a0N62SaOf6RiaynmPZ5rTfE/n42jbo7rzrG\nT4xTjOzcXpLliT1iqn9bkaoykiNsLNUNl46xmuK4+cu+IReWdn9HqPzt/8HEeQHr\nL6cRbTXuPtuEvc9S7xIYkN39v5EOO4dz6S/5fB4kEHxoxV0EIKPNTpvkeonKft7d\nLEZi4rTD1+Yim3XX5NrdYjWIseYFUlp9tUzbs9k12ViAW3SVByd61xwq2jSUwuu+\n7Adcr83A0vRl936u6Qkz+foy1vfoDIrA46ItCAfwydfdznM6j5SdqCY7R573C6zm\n3mwbQnT1A9d3IklcWr13bAWqzzF3ZWaIMNIib53KeTLaSVs=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "/HiNwaRofBbnYeNMp0IiIbY9Hp8=", + "fingerprint_sha256": "4GkRZH9r/l6Vjxcd3vHFb6E9RtrugyTT7tzkQm6U8CY=", + "hpkp_pin": "OreZx8EtGyBY8t4cOWPem3u9JS6jiiBKouolai92XI4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "not_valid_after": "2022-04-17T23:59:59", + "not_valid_before": "2021-03-17T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20164315188386108499453415098176907352707316110652144032980202370991757250208740468773168173292154328340739615868992947595199923117570106100019230910631455507648813569031383122829052819815864084119069760623300954748652353372348882730444764463170338799145512676358061330659033075855271760265703044007142425345009620950401839329400224775403042880947096348191774392336432712767347374420165543038049504785638560631591840323012915782821959211577162840445988015199079323346719438771528967423657831381720477585830354170734024272853438044967333697794490515560831702522300115448244475262769823005101354358868562466473816766079 + }, + "serial_number": 26483498740186297778148040768960961460, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=www.example.com", + "value": "www.example.com" + }], + "rfc4514_string": "CN=www.example.com" + }, + "subject_alternative_name": { + "dns": [ + "www.example.com", + "example.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx\nMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV\nBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE\nChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g\nVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N\nTQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj\neocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E\noKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk\nHaswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY\nuK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j\nBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb\n+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw\nCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0\nLmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr\nBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv\nbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov\nL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H\nukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH\n7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi\nH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx\nRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv\nxvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38\nsbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL\nl6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq\n6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY\nLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "M+ToCAcgTCthgqOhS1kazSW18Ns=", + "fingerprint_sha256": "f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=", + "hpkp_pin": "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2030-12-31T23:59:59", + "not_valid_before": "2018-11-02T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 27071805731268068429094433253870941103630115656544083986688557250096650002741356969068276793574297189996744882329828714710418422450500008985954757761749612179194262954838266897268532461471487935006536720272494786369295065485985775416665556679189441271529970596944264659076045397506534017596880375081936227230390079744485923579156075147392924215968126808432802589158460341539735535162275393422353916283261069707744210608603163551594107036190302366892832801673071921401850194237815007641724075220215236537097134132878656895768334289537403738520740616524362273323209296475725089291190047065303870231628551068954108124949 + }, + "serial_number": 166627644428940058458651716034439089575, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=GB", + "value": "GB" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=Greater Manchester", + "value": "Greater Manchester" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Salford", + "value": "Salford" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Sectigo Limited", + "value": "Sectigo Limited" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA", + "value": "Sectigo RSA Domain Validation Secure Server CA" + } + ], + "rfc4514_string": "CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "K48bVzMNu6LQemxR9w7pDdq5rY4=", + "fingerprint_sha256": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=", + "hpkp_pin": "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "not_valid_after": "2038-01-18T23:59:59", + "not_valid_before": "2010-02-01T00:00:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 4096, + "rsa_e": 65537, + "rsa_n": 522487583617525075342463885337225473046087723081156730587063215030496109729932253265799265766294932028686353264919061580385049464836356954829105402248183391733854684450211900139329107087047502332675235340095978056484941150490991882497576839367560163275257272036049422473305642441793498160967907038120493294785868862142444988597324986519765187124452830375519261844367396077186284797811937481089746704868620023056657703518830114050467515432464700561931699003833397734285032347494370276582779046272750546463559965522756516229404690045766706787524020435412948721306424393993169229289467834493533160413056397476973792368174460238110091615871730381483443293300931137331198904539782455960886494693833561140472387578208844296917484075205019671738707845074905611668239406330644414805698779400987201310909725918270612084339872279020908867861033880814315358914565703236337174308524328436716608021785644764836810087074012339936543228255034168864046688601575503801789648707560351240165066165280965007233076211669633638389449522443357879549163908594012762321622514340998051396106368358204746516265702776221449060497686599696175189532242983987568916433102740386532378470836364707455134729548367373189550921756904777340153719441907345834660183638543 + }, + "serial_number": 2645093764781058787591871645665788717, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.12", + "name": "sha384WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 48, + "name": "sha384" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=New Jersey", + "value": "New Jersey" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=Jersey City", + "value": "Jersey City" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=The USERTRUST Network", + "value": "The USERTRUST Network" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=USERTrust RSA Certification Authority", + "value": "USERTrust RSA Certification Authority" + } + ], + "rfc4514_string": "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }], + "hostname_used_for_server_name_indication": "example.com" + }, + "status": "COMPLETED" + }, + "elliptic_curves": { + "error_reason": null, + "error_trace": null, + "result": { + "rejected_curves": [{ + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [{ + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + } + ], + "supports_ecdh_key_exchange": true + }, + "status": "COMPLETED" + }, + "heartbleed": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_heartbleed": false + }, + "status": "COMPLETED" + }, + "http_headers": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "openssl_ccs_injection": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_ccs_injection": false + }, + "status": "COMPLETED" + }, + "robot": { + "error_reason": null, + "error_trace": null, + "result": { + "robot_result": "NOT_VULNERABLE_NO_ORACLE" + }, + "status": "COMPLETED" + }, + "session_renegotiation": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "status": "COMPLETED" + }, + "session_resumption": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "ssl_2_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "SSL_2_0" + }, + "status": "COMPLETED" + }, + "ssl_3_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "SSL_3_0" + }, + "status": "COMPLETED" + }, + "tls_1_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "TLS_1_0" + }, + "status": "COMPLETED" + }, + "tls_1_1_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "TLS_1_1" + }, + "status": "COMPLETED" + }, + "tls_1_2_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "ephemeral_key": null + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BOeg6liVEgE5Wthgc+jbhW17CCj8eqwsiQK5kU4fqeRd3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=", + "size": 256, + "type_name": "ECDH", + "x": "56DqWJUSATla2GBz6NuFbXsIKPx6rCyJArmRTh+p5F0=", + "y": "3hKHlkTSBXFBzqq//ZL8u1B0XuyuaqyWcPiqODh1/gU=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEoXJf//////////w==", + "public_bytes": "OyHmRZ0A3S3R7OyDKd35esNhP0FhXhgqfhqkRDSanqTKWsnu/hN5/Yk15ZBwpZbtJatHBLSo5YRG0hITCCW1i6m2cOvRcgO0QrVHgpeKrKf1Af6CND4LFDLoCulk426bG2eWakaxlQNdFvjQnm1Ayujm/hHCBwU1Kpjt5kMCd6TEJ51chPjx2snJ0PkkdIrIMR5esjFl+pnihrWjx1hc+f6QPyRTFlNosw2Uw508vN6ko9e5RzuUxQu5UTfk3HRLcvkDucvOOt14VChP3SAWvS5YQwFADnXPGWTwOmTlqGB83itLLyGRVwA0Ljme4ERoe/PajtNn2chbUBCBtTqZ5g==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEoXJf//////////w==", + "public_bytes": "nus/6Xx4sKpYtUYjifmFRrlzbHDq2PDEv0mkpgHFgxeDKS21cmMrsvSt7Uoi0ZPGg2ZkAfi2RmvphI+y6AmQ06doa2REV3WME2d6FLRlCOBPtoldcbMUjgqVvj3kDLiDTl+WUYyRuWqh9E5WGDwJmN0DcVtd276UTFD4sChpcJxv2HgKyUQlj8J4wukjcyBfD8OAIqQ56PPW6f4LR0ZoPl6lT4ul+M7XFfcoAAOuSwOXpnIEmenT+YWBvfnebqkKuA5EUrPCUizqHu+L2+3TVesaT40jI7MCc7/O+CZfk3NPkYKlk4exDQT3BgDsjM0TOuV8BFwilJGW3s+74mexZg==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEoXJf//////////w==", + "public_bytes": "HKO50h6dB0kPsoE5Id+e7FI1ERm0QzfDZjzC/kt0Ipy/+dgv8VuxFVQlpiV/Igb724Si51gbwgIkJM3I9rwqNO6BHEFLJv37+zc7y0NDdwOeHr9KwKDMjoncarIN3Yi5lTG/i0pLNkYI2wqb7nPhiDo9ITETrRg4D96tOfLu+yIUk6qnA/K7DxkyY8kiLlidY2i5qxBxBshMYRt5mmCbTSe990Cd4uvuN5pJwIfKCkyP5buBGj1kJJOLbb/FnOI3XF3qZbCtlSzvy7HysfSN0FO782oN3X+XW5L7CcQYlTXxfJ86yJowvVAHabgLy1yrjKcmXcZ++jwJYgsKUheC7Q==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": null, + "generator": "Ag==", + "prime": "//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaDssbzSibBsu/6iGtCOGEoXJf//////////w==", + "public_bytes": "m97mfBgtONIam4C2s86n0Py5w3O/8ZYNF8SSfj0lZ6gOWvigpqWz5OVgd3lcq4ajgj8CBisIUsuyA1D1yPWD8odkMwphn+yM6DT1WRM4fm4IucLoHlDg3BlUDfQKNKlAUcrDMahc5Wix8f2jTUmxB8HNial24AS8rUsbynCI0ZlPUCO/1MLHZiTXZ3Bk72tFuwONdkuX1Uq5WlmGEBArlEQm/0SztqXlTm3tSBoUqdd5AgUucFKWO5U7+sFuk1nruf/sfsJsH03xog4XQVJPtO8n9WlNh566bKk3e200LrJW72ZCxwnKMF6/sg58r4XkhUSPxmj8+w63wh9MUeCQ3Q==", + "size": 2048, + "type_name": "DH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "TLS_1_2" + }, + "status": "COMPLETED" + }, + "tls_1_3_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "TLS_1_3" + }, + "status": "COMPLETED" + }, + "tls_1_3_early_data": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "tls_compression": { + "error_reason": null, + "error_trace": null, + "result": { + "supports_compression": false + }, + "status": "COMPLETED" + }, + "tls_fallback_scsv": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + } + }, + "scan_status": "COMPLETED", + "server_location": { + "connection_type": "DIRECT", + "hostname": "example.com", + "http_proxy_settings": null, + "ip_address": "82.135.216.30", + "port": 443 + }, + "uuid": "1e9b0814-7f94-403a-a187-a0b337727389" + }, + { + "connectivity_error_trace": null, + "connectivity_result": { + "cipher_suite_supported": "TLS_AES_256_GCM_SHA384", + "client_auth_requirement": "DISABLED", + "highest_tls_version_supported": "TLS_1_3", + "supports_ecdh_key_exchange": true + }, + "connectivity_status": "COMPLETED", + "network_configuration": { + "network_max_retries": 3, + "network_timeout": 5, + "tls_client_auth_credentials": null, + "tls_opportunistic_encryption": null, + "tls_server_name_indication": "example2.com", + "xmpp_to_hostname": null + }, + "scan_result": { + "certificate_info": { + "error_reason": null, + "error_trace": null, + "result": { + "certificate_deployments": [{ + "leaf_certificate_has_must_staple_extension": false, + "leaf_certificate_is_ev": false, + "leaf_certificate_signed_certificate_timestamps_count": 3, + "leaf_certificate_subject_matches_hostname": true, + "ocsp_response": { + "certificate_status": "GOOD", + "next_update": "2022-01-21T07:48:01", + "produced_at": "2022-01-14T08:48:43", + "response_status": "SUCCESSFUL", + "revocation_time": null, + "serial_number": 2879838927595130340002626610084408956, + "this_update": "2022-01-14T08:33:01" + }, + "ocsp_response_is_trusted": true, + "path_validation_results": [{ + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Android", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem", + "version": "12.0.0_r9" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Apple", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem", + "version": "iOS 15, iPadOS 15, macOS 12, tvOS 15, and watchOS 8" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Java", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem", + "version": "jdk-13.0.2" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": [{ + "dotted_string": "1.2.276.0.44.1.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.392.200091.100.721.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.40.0.17.1.22", + "name": "Unknown OID" + }, + { + "dotted_string": "1.2.616.1.113527.2.5.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.159.1.17.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14370.1.6", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.14777.6.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.23223.1.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.29836.1.10", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.34697.2.4", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.36305.2", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4146.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.4788.2.202.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6334.1.100.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.7879.13.24.1", + "name": "Unknown OID" + }, + { + "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.156.112554.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.528.1.1003.1.2.7", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.578.1.26.1.3.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.83.21.0", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.756.1.89.1.2.1.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.3.1.1.5", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.792.3.0.4.1.1.4", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.23.6", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.113733.1.7.48.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114028.10.1.2", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114171.500.9", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114404.1.1.2.4.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114412.2.1", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114413.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.23.3", + "name": "Unknown OID" + }, + { + "dotted_string": "2.16.840.1.114414.1.7.24.3", + "name": "Unknown OID" + } + ], + "name": "Mozilla", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem", + "version": "2021-12-19" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + }, + { + "openssl_error_string": null, + "trust_store": { + "ev_oids": null, + "name": "Windows", + "path": "/usr/local/lib/python3.9/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/microsoft_windows.pem", + "version": "2021-11-28" + }, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "was_validation_successful": true + } + ], + "received_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "received_chain_contains_anchor_certificate": false, + "received_chain_has_valid_order": true, + "verified_certificate_chain": [{ + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIFNTCCBNqgAwIBAgIQAiqjBX42Mbj9zoUVehtufDAKBggqhkjOPQQDAjBKMQsw\nCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX\nQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwODAyMDAwMDAwWhcNMjIwODAx\nMjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG\nA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe\nMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI\nzj0DAQcDQgAErjZ1rODUpXvGKqmi4hs3Fy5Cb1HQhFun8YvFRgGnE1+VOZDhks6w\n+F6OCLYmv8vPsTH7Ik7D7N4dHZtEZvGUWqOCA3UwggNxMB8GA1UdIwQYMBaAFKXO\nN+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBRyJZwsCd5Y/01RtgYPT4xc7itA\n9TA8BgNVHREENTAzghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouY3liZWFyLmNh\ncmWCC2N5YmVhci5jYXJlMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln\naWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDov\nL2NybDQuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNV\nHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj\nZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v\nb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp\nZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw\nADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5X\nfZxgCvj5TV0mXCVdx4QAAAF7BiuDQAAABAMARzBFAiEAinsjpqH6y0dgD9PZzmJf\niMqO3wAy/0u99yY52KCYS/ACIA3i2UM4RxP88VdXC52rDXYSAa9QoYVu2p7Pm8My\nrf65AHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7BiuDIAAA\nBAMARjBEAiAPUsfiu1QQxKfjGi/KFy26VkVwE0dfBEqIL5ED6ixsHgIgOZV8aSoB\nnBrghMkQhq3F76C8EuN+3urso/eK1gCztngAdgDfpV6raIJPH2yt7rhfTj5a6s2i\nEqRqXo47EsAgRFwqcwAAAXsGK4NrAAAEAwBHMEUCIQDeNDTONNwvupcqDQOkizYA\nevsOjFD4Eb18n8BrPKIOWgIgW3hkic23EC967fx2PWoQkgnRPgJi4Yp92CgYhIR4\n9kIwCgYIKoZIzj0EAwIDSQAwRgIhAPQJ+LRa7Fzbf9xwCDt+WEBVSY1a03fJJcL0\n4F64rLHwAiEAw1bMWse2P9Ct/KZ5jf4kqccv6quDTUHbQnHosWDJ1QI=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "VILG+lx+J2IaSGQvqQ+mjqounmY=", + "fingerprint_sha256": "p7Sd6za5gdXaMUBTLAb1zNgcv8taM2+utHPnMDBiYe4=", + "hpkp_pin": "CMq0oGwgbJM/wpy1JPGU7Fe1opZ0+Ij9U7VPZdEGbfo=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "not_valid_after": "2022-08-01T23:59:59", + "not_valid_before": "2021-08-02T00:00:00", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 78798657560097216573643758556539061718306409379467316909415735510733326586719, + "ec_y": 67496324654521620172937781008812482166124026617504985355751152030877893104730, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 2879838927595130340002626610084408956, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.10045.4.3.2", + "name": "ecdsa-with-SHA256" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.8", + "name": "stateOrProvinceName" + }, + "rfc4514_string": "ST=California", + "value": "California" + }, + { + "oid": { + "dotted_string": "2.5.4.7", + "name": "localityName" + }, + "rfc4514_string": "L=San Francisco", + "value": "San Francisco" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=sni.cloudflaressl.com", + "value": "sni.cloudflaressl.com" + } + ], + "rfc4514_string": "CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=California,C=US" + }, + "subject_alternative_name": { + "dns": [ + "sni.cloudflaressl.com", + "*.example2.com", + "example2.com" + ] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\nclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw\nMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV\nBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD\nQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe\nnQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb\n16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME\nGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l\nBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI\nKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j\nb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t\nbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF\nBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB\nAAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un\n+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe\nlpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H\ngoE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1\nCZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw\n6DEdfgkfCv4+3ao8XnTSrLE=\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "s912BtK1qLShN3Hb7MnuHOyvo4o=", + "fingerprint_sha256": "OrvmPa91bFAWtrhfUgFf2Oisvid8UIexJ6YFY6hB7Yo=", + "hpkp_pin": "FEzVOUp4dF3gI0ZVPRJhFbSJVXR+uQmMH65xhs1glH4=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2024-12-31T23:59:59", + "not_valid_before": "2020-01-27T12:48:08", + "public_key": { + "algorithm": "_EllipticCurvePublicKey", + "ec_curve_name": "secp256r1", + "ec_x": 83984075730615231530440956498748499276900957075036316089284983112230089232319, + "ec_y": 84720202049003273739269829519636180374924996951868121119946393481023066512343, + "key_size": 256, + "rsa_e": null, + "rsa_n": null + }, + "serial_number": 13580602362388610137601344763287833660, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.11", + "name": "sha256WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 32, + "name": "sha256" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=US", + "value": "US" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Cloudflare\\, Inc.", + "value": "Cloudflare, Inc." + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3", + "value": "Cloudflare Inc ECC CA-3" + } + ], + "rfc4514_string": "CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US" + }, + "subject_alternative_name": { + "dns": [] + } + }, + { + "as_pem": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\nRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\nVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\nDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\nZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\nVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\nmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\nIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\nmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\nXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\ndc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\njl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\nBE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\nDQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\njkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\nEpn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\nksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\nR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n-----END CERTIFICATE-----\n", + "fingerprint_sha1": "1N4g0F5m/FP+GlCILHjbKFLK5HQ=", + "fingerprint_sha256": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=", + "hpkp_pin": "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=", + "issuer": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "not_valid_after": "2025-05-12T23:59:00", + "not_valid_before": "2000-05-12T18:46:00", + "public_key": { + "algorithm": "_RSAPublicKey", + "ec_curve_name": null, + "ec_x": null, + "ec_y": null, + "key_size": 2048, + "rsa_e": 65537, + "rsa_n": 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 + }, + "serial_number": 33554617, + "signature_algorithm_oid": { + "dotted_string": "1.2.840.113549.1.1.5", + "name": "sha1WithRSAEncryption" + }, + "signature_hash_algorithm": { + "digest_size": 20, + "name": "sha1" + }, + "subject": { + "attributes": [{ + "oid": { + "dotted_string": "2.5.4.6", + "name": "countryName" + }, + "rfc4514_string": "C=IE", + "value": "IE" + }, + { + "oid": { + "dotted_string": "2.5.4.10", + "name": "organizationName" + }, + "rfc4514_string": "O=Baltimore", + "value": "Baltimore" + }, + { + "oid": { + "dotted_string": "2.5.4.11", + "name": "organizationalUnitName" + }, + "rfc4514_string": "OU=CyberTrust", + "value": "CyberTrust" + }, + { + "oid": { + "dotted_string": "2.5.4.3", + "name": "commonName" + }, + "rfc4514_string": "CN=Baltimore CyberTrust Root", + "value": "Baltimore CyberTrust Root" + } + ], + "rfc4514_string": "CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE" + }, + "subject_alternative_name": { + "dns": [] + } + } + ], + "verified_chain_has_legacy_symantec_anchor": false, + "verified_chain_has_sha1_signature": false + }], + "hostname_used_for_server_name_indication": "example2.com" + }, + "status": "COMPLETED" + }, + "elliptic_curves": { + "error_reason": null, + "error_trace": null, + "result": { + "rejected_curves": [{ + "name": "X448", + "openssl_nid": 1035 + }, + { + "name": "prime192v1", + "openssl_nid": 409 + }, + { + "name": "secp160k1", + "openssl_nid": 708 + }, + { + "name": "secp160r1", + "openssl_nid": 709 + }, + { + "name": "secp160r2", + "openssl_nid": 710 + }, + { + "name": "secp192k1", + "openssl_nid": 711 + }, + { + "name": "secp224k1", + "openssl_nid": 712 + }, + { + "name": "secp224r1", + "openssl_nid": 713 + }, + { + "name": "secp256k1", + "openssl_nid": 714 + }, + { + "name": "sect163k1", + "openssl_nid": 721 + }, + { + "name": "sect163r1", + "openssl_nid": 722 + }, + { + "name": "sect163r2", + "openssl_nid": 723 + }, + { + "name": "sect193r1", + "openssl_nid": 724 + }, + { + "name": "sect193r2", + "openssl_nid": 725 + }, + { + "name": "sect233k1", + "openssl_nid": 726 + }, + { + "name": "sect233r1", + "openssl_nid": 727 + }, + { + "name": "sect239k1", + "openssl_nid": 728 + }, + { + "name": "sect283k1", + "openssl_nid": 729 + }, + { + "name": "sect283r1", + "openssl_nid": 730 + }, + { + "name": "sect409k1", + "openssl_nid": 731 + }, + { + "name": "sect409r1", + "openssl_nid": 732 + }, + { + "name": "sect571k1", + "openssl_nid": 733 + }, + { + "name": "sect571r1", + "openssl_nid": 734 + } + ], + "supported_curves": [{ + "name": "X25519", + "openssl_nid": 1034 + }, + { + "name": "prime256v1", + "openssl_nid": 415 + }, + { + "name": "secp384r1", + "openssl_nid": 715 + }, + { + "name": "secp521r1", + "openssl_nid": 716 + } + ], + "supports_ecdh_key_exchange": true + }, + "status": "COMPLETED" + }, + "heartbleed": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_heartbleed": false + }, + "status": "COMPLETED" + }, + "http_headers": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "openssl_ccs_injection": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_ccs_injection": false + }, + "status": "COMPLETED" + }, + "robot": { + "error_reason": null, + "error_trace": null, + "result": { + "robot_result": "NOT_VULNERABLE_RSA_NOT_SUPPORTED" + }, + "status": "COMPLETED" + }, + "session_renegotiation": { + "error_reason": null, + "error_trace": null, + "result": { + "is_vulnerable_to_client_renegotiation_dos": false, + "supports_secure_renegotiation": true + }, + "status": "COMPLETED" + }, + "session_resumption": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "ssl_2_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC4_128_WITH_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC4_128_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_RC2_128_CBC_WITH_MD5", + "openssl_name": "RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "SSL_CK_IDEA_128_CBC_WITH_MD5", + "openssl_name": "IDEA-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "SSL_CK_DES_64_CBC_WITH_MD5", + "openssl_name": "DES-CBC-MD5" + }, + "error_message": "Server rejected the connection" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "SSL_CK_DES_192_EDE3_CBC_WITH_MD5", + "openssl_name": "DES-CBC3-MD5" + }, + "error_message": "Server rejected the connection" + } + ], + "tls_version_used": "SSL_2_0" + }, + "status": "COMPLETED" + }, + "ssl_3_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [], + "is_tls_version_supported": false, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS error: wrong version number" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS error: wrong version number" + } + ], + "tls_version_used": "SSL_3_0" + }, + "status": "COMPLETED" + }, + "tls_1_0_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BJd8VQp1GUY2nFEckNO51f5ZGqXPsZq0l+WYAOxAcC/owdP2Wv/g+TOwdm/T+o1ttGQRUdFOqG990AriBZtqk6s=", + "size": 256, + "type_name": "ECDH", + "x": "l3xVCnUZRjacURyQ07nV/lkapc+xmrSX5ZgA7EBwL+g=", + "y": "wdP2Wv/g+TOwdm/T+o1ttGQRUdFOqG990AriBZtqk6s=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BLhADMeJwDHALImhgUOakrEshKAUvp1eAZs1jhnVAuQR8YOkO+eezAMwa7rCWt5M/fe31jHOLzj/jSFQdWLM46Q=", + "size": 256, + "type_name": "ECDH", + "x": "uEAMx4nAMcAsiaGBQ5qSsSyEoBS+nV4BmzWOGdUC5BE=", + "y": "8YOkO+eezAMwa7rCWt5M/fe31jHOLzj/jSFQdWLM46Q=" + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_0" + }, + "status": "COMPLETED" + }, + "tls_1_1_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDx0uerUCeqHH/erJtsqewEaStEJLGCm8TgXDmBCEXM+XIhhK1mTGlYOlviN6lQpQWcPM9GeNLZh62dOqQCIbmQ=", + "size": 256, + "type_name": "ECDH", + "x": "PHS56tQJ6ocf96sm2yp7ARpK0QksYKbxOBcOYEIRcz4=", + "y": "XIhhK1mTGlYOlviN6lQpQWcPM9GeNLZh62dOqQCIbmQ=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDEJOwDzbWwPalklGTiZlcoaHP2b5G+iAKzFA9awsYvc+CQ0oMySCc9vGac8g4ZcQztqPzTrUw04/L2SzyID+zs=", + "size": 256, + "type_name": "ECDH", + "x": "MQk7APNtbA9qWSUZOJmVyhoc/Zvkb6IArMUD1rCxi9w=", + "y": "+CQ0oMySCc9vGac8g4ZcQztqPzTrUw04/L2SzyID+zs=" + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_1" + }, + "status": "COMPLETED" + }, + "tls_1_2_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-ECDSA-CHACHA20-POLY1305" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "bo/TbzxCswOtNJygbCXZh1wjlVGJjOSgP3tvMgQd1wY=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-GCM-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDde3YqJO03Unl0S+IvfWlTmND2pWufkdML0PLKkW0pgO+OlfKTnE5jP9UsUSUgXasY6VwDBZkvot3951LARFxo=", + "size": 256, + "type_name": "ECDH", + "x": "N17diok7TdSeXRL4i99aVOY0Pala5+R0wvQ8sqRbSmA=", + "y": "O+OlfKTnE5jP9UsUSUgXasY6VwDBZkvot3951LARFxo=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-AES256-SHA384" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BDRJ0ekmVNktLI7MNbeNxYL9I4XLGRRbUbL+HbwKXSjOOz6aIaRNUuGpLC2mrf7A+pgAbCw/bL75riLGJul8+e4=", + "size": 256, + "type_name": "ECDH", + "x": "NEnR6SZU2S0sjsw1t43Fgv0jhcsZFFtRsv4dvApdKM4=", + "y": "Oz6aIaRNUuGpLC2mrf7A+pgAbCw/bL75riLGJul8+e4=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES256-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BGWXTCFyGVBdIgU2yNiTsTvOmZ7gQl67JsOkApibcK0ClwyHIdStIXqwiE0uWP+yjM/atrMUHl4RSb+3Jn45kvY=", + "size": 256, + "type_name": "ECDH", + "x": "ZZdMIXIZUF0iBTbI2JOxO86ZnuBCXrsmw6QCmJtwrQI=", + "y": "lwyHIdStIXqwiE0uWP+yjM/atrMUHl4RSb+3Jn45kvY=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-GCM-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BJtGl/e1dPawNaiblraxFZx2dHnUAOuqIL9BLH5Km/Ss7vKjRbVbnjwyOBhnKotfJTMDOHCfSceQjVsrxHV0cM8=", + "size": 256, + "type_name": "ECDH", + "x": "m0aX97V09rA1qJuWtrEVnHZ0edQA66ogv0Esfkqb9Kw=", + "y": "7vKjRbVbnjwyOBhnKotfJTMDOHCfSceQjVsrxHV0cM8=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-AES128-SHA256" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BHRJnmek4a4pPQp5q+kBiOFpF0LvtCzOrOfgfJ02ErrL97eSZg05auRCty4WTNZpBLWup7rIwo86ZpiDRA9hbWg=", + "size": 256, + "type_name": "ECDH", + "x": "dEmeZ6Thrik9Cnmr6QGI4WkXQu+0LM6s5+B8nTYSuss=", + "y": "97eSZg05auRCty4WTNZpBLWup7rIwo86ZpiDRA9hbWg=" + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-AES128-SHA" + }, + "ephemeral_key": { + "curve_name": "prime256v1", + "generator": null, + "prime": null, + "public_bytes": "BE8nogEwgYIGwcqRPbkRckj2fVNh9oO2bRDGzxJpezOqgtLfKVQ6xDi6RkTNS19gBqrQwuLHkGhNu+oKpTiPoQQ=", + "size": 256, + "type_name": "ECDH", + "x": "TyeiATCBggbBypE9uRFySPZ9U2H2g7ZtEMbPEml7M6o=", + "y": "gtLfKVQ6xDi6RkTNS19gBqrQwuLHkGhNu+oKpTiPoQQ=" + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_SHA", + "openssl_name": "RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_RC4_128_MD5", + "openssl_name": "RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA256", + "openssl_name": "NULL-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_SHA", + "openssl_name": "NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_RSA_WITH_NULL_MD5", + "openssl_name": "NULL-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_IDEA_CBC_SHA", + "openssl_name": "IDEA-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_256_CCM_8", + "openssl_name": "AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CCM", + "openssl_name": "AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM_8", + "openssl_name": "AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CCM", + "openssl_name": "AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + "openssl_name": "EXP-RC2-CBC-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_RC4_128_SHA", + "openssl_name": "AECDH-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 0, + "name": "TLS_ECDH_anon_WITH_NULL_SHA", + "openssl_name": "AECDH-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "AECDH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "AECDH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "AECDH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_RSA_WITH_NULL_SHA", + "openssl_name": "ECDH-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDH-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDH-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDH-ECDSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDH-ECDSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDH-ECDSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDH-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-RSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_RSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-RSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "ECDHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "ECDHE-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "openssl_name": "ECDHE-RSA-AES256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "ECDHE-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "ECDHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "ECDHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "openssl_name": "ECDHE-ECDSA-RC4-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 0, + "name": "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "openssl_name": "ECDHE-ECDSA-NULL-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + "openssl_name": "ECDHE-ECDSA-CAMELLIA256-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "ECDHE-ECDSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "ECDHE-ECDSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "ECDHE-ECDSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + "openssl_name": "ECDHE-ECDSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + "openssl_name": "ECDHE-ECDSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + "openssl_name": "ECDHE-ECDSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ECDHE-ECDSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_SEED_CBC_SHA", + "openssl_name": "ADH-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_RC4_128_MD5", + "openssl_name": "ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 56, + "name": "TLS_DH_anon_WITH_DES_CBC_SHA", + "openssl_name": "ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "ADH-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "ADH-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_GCM_SHA384", + "openssl_name": "ADH-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA256", + "openssl_name": "ADH-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 256, + "name": "TLS_DH_anon_WITH_AES_256_CBC_SHA", + "openssl_name": "ADH-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_GCM_SHA256", + "openssl_name": "ADH-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA256", + "openssl_name": "ADH-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 128, + "name": "TLS_DH_anon_WITH_AES_128_CBC_SHA", + "openssl_name": "ADH-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 168, + "name": "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "ADH-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + "openssl_name": "EXP-ADH-RC4-MD5" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": true, + "key_size": 40, + "name": "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-ADH-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DH-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_RSA_WITH_DES_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DH-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DH_DSS_WITH_DES_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DH-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DH-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DH-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DH-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DH-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DH-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DH-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-RSA-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "openssl_name": "EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "openssl_name": "DHE-RSA-CHACHA20-POLY1305" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-RSA-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-RSA-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-RSA-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-RSA-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM_8", + "openssl_name": "DHE-RSA-AES256-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CCM", + "openssl_name": "DHE-RSA-AES256-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-RSA-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-RSA-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-RSA-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM_8", + "openssl_name": "DHE-RSA-AES128-CCM8" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "openssl_name": "DHE-RSA-AES128-CCM" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-RSA-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-RSA-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "DHE-RSA-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-RSA-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_SEED_CBC_SHA", + "openssl_name": "DHE-DSS-SEED-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 56, + "name": "TLS_DHE_DSS_WITH_DES_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", + "openssl_name": "DHE-DSS-CAMELLIA128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + "openssl_name": "DHE-DSS-ARIA256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + "openssl_name": "DHE-DSS-ARIA128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "openssl_name": "DHE-DSS-AES256-GCM-SHA384" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "openssl_name": "DHE-DSS-AES256-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "openssl_name": "DHE-DSS-AES256-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "openssl_name": "DHE-DSS-AES128-GCM-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "openssl_name": "DHE-DSS-AES128-SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "openssl_name": "DHE-DSS-AES128-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 168, + "name": "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "openssl_name": "EDH-DSS-DES-CBC3-SHA" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 40, + "name": "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + "openssl_name": "EXP-EDH-DSS-DES-CBC-SHA" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_2" + }, + "status": "COMPLETED" + }, + "tls_1_3_cipher_suites": { + "error_reason": null, + "error_trace": null, + "result": { + "accepted_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_CHACHA20_POLY1305_SHA256", + "openssl_name": "TLS_CHACHA20_POLY1305_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "Kqqnh7dDTchjhmyznH1SaDqCveWAQ+a83FO5J0ER/ic=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 256, + "name": "TLS_AES_256_GCM_SHA384", + "openssl_name": "TLS_AES_256_GCM_SHA384" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "0plTAMduYB2TDXRMkqSwen03lCjnZlPzra2oxkqhqxo=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_GCM_SHA256", + "openssl_name": "TLS_AES_128_GCM_SHA256" + }, + "ephemeral_key": { + "curve_name": "X25519", + "generator": null, + "prime": null, + "public_bytes": "bmYW0VxDaEpn85vtYM7IsiYjj8VUxYjUW1BCvQmdH3c=", + "size": 253, + "type_name": "ECDH", + "x": null, + "y": null + } + } + ], + "is_tls_version_supported": true, + "rejected_cipher_suites": [{ + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_SHA256", + "openssl_name": "TLS_AES_128_CCM_SHA256" + }, + "error_message": "TLS alert: handshake failure" + }, + { + "cipher_suite": { + "is_anonymous": false, + "key_size": 128, + "name": "TLS_AES_128_CCM_8_SHA256", + "openssl_name": "TLS_AES_128_CCM_8_SHA256" + }, + "error_message": "TLS alert: handshake failure" + } + ], + "tls_version_used": "TLS_1_3" + }, + "status": "COMPLETED" + }, + "tls_1_3_early_data": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + }, + "tls_compression": { + "error_reason": null, + "error_trace": null, + "result": { + "supports_compression": false + }, + "status": "COMPLETED" + }, + "tls_fallback_scsv": { + "error_reason": null, + "error_trace": null, + "result": null, + "status": "NOT_SCHEDULED" + } + }, + "scan_status": "COMPLETED", + "server_location": { + "connection_type": "DIRECT", + "hostname": "example2.com", + "http_proxy_settings": null, + "ip_address": "104.21.26.66", + "port": 443 + }, + "uuid": "ad332186-3d97-41bf-95dd-d800fa399811" + } + ], + "sslyze_url": "https://github.com/nabla-c0d3/sslyze", + "sslyze_version": "5.0.1" +} \ No newline at end of file diff --git a/unittests/scans/sslyze/two_targets_two_vuln.json b/unittests/scans/sslyze/two_targets_two_vuln_old.json similarity index 100% rename from unittests/scans/sslyze/two_targets_two_vuln.json rename to unittests/scans/sslyze/two_targets_two_vuln_old.json diff --git a/unittests/scans/stackhawk/invalid.json b/unittests/scans/stackhawk/invalid.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/unittests/scans/stackhawk/invalid.json @@ -0,0 +1 @@ +{} diff --git a/unittests/scans/stackhawk/oddly_familiar_json_that_isnt_us.json b/unittests/scans/stackhawk/oddly_familiar_json_that_isnt_us.json new file mode 100644 index 00000000000..b7a11993a20 --- /dev/null +++ b/unittests/scans/stackhawk/oddly_familiar_json_that_isnt_us.json @@ -0,0 +1,4 @@ +{ + "service": "Not StackHawk", + "scanCompleted": {} +} diff --git a/unittests/scans/stackhawk/stackhawk_many_vul.json b/unittests/scans/stackhawk/stackhawk_many_vul.json new file mode 100644 index 00000000000..83810b93f15 --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_many_vul.json @@ -0,0 +1,895 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "21", + "spiderDuration": "45", + "completedScanStats": { + "urlsCount": "31", + "duration": "66", + "scanResultsStats": { + "totalCount": "55", + "lowCount": "22", + "mediumCount": "22", + "highCount": "11", + "lowTriagedCount": "0", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + { + "pluginId": "90027", + "pluginName": "Cookie Slack Detector", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107360/message/2258" + }, + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107370/message/2275" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107365/message/2281" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107358/message/2250" + }, + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107368/message/2264" + }, + { + "path": "/payload/3113", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107374/message/2255" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107362/message/2267" + }, + { + "path": "/payload/3109", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107456/message/2273" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107359/message/2241" + }, + { + "path": "/payload/3107", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107369/message/2253" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027" + }, + { + "pluginId": "40025", + "pluginName": "Proxy Disclosure", + "severity": "Medium", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107368/message/1586" + }, + { + "path": "/payload/stream/3096", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107455/message/1593" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107357/message/1571" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107364/message/1575" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107360/message/1565" + }, + { + "path": "/payload/3115", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107371/message/1584" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107365/message/1573" + }, + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107370/message/1581" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107359/message/1568" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107362/message/1578" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025" + }, + { + "pluginId": "20012", + "pluginName": "Anti CSRF Tokens Scanner", + "severity": "High", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107370/message/1167" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107366/message/1154" + }, + { + "path": "/payload/3107", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107369/message/1156" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107364/message/1171" + }, + { + "path": "/payload/3113", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107374/message/1164" + }, + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107368/message/1169" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107365/message/1166" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107360/message/1158" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107362/message/1152" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107367/message/1161" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "HTTP Header Protection", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012" + }, + { + "pluginId": "40012", + "pluginName": "Cross Site Scripting Weakness (Reflected in JSON Response)", + "severity": "High", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012/path/107358/message/236" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 1 + } + ], + "totalCount": "1", + "category": "Input Sanitization", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012" + }, + { + "pluginId": "10038", + "pluginName": "Content Security Policy (CSP) Header Not Set", + "severity": "Medium", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107367/message/49" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107359/message/17" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107360/message/20" + }, + { + "path": "/search", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107358/message/10" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107362/message/18" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107358/message/21" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107365/message/45" + }, + { + "path": "/token-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107361/message/19" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107366/message/47" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107357/message/9" + }, + { + "path": "/payloads", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107363/message/24" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107364/message/48" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 12 + } + ], + "totalCount": "12", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038" + }, + { + "pluginId": "10063", + "pluginName": "Permissions Policy Header Not Set", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107362/message/18" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107359/message/17" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107366/message/47" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107364/message/48" + }, + { + "path": "/token-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107361/message/19" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107358/message/21" + }, + { + "path": "/payloads", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107363/message/24" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107360/message/20" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107365/message/45" + }, + { + "path": "/search", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107358/message/10" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107367/message/49" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107357/message/9" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 12 + } + ], + "totalCount": "12", + "category": "", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063" + }, + { + "pluginId": "90027", + "pluginName": "Cookie Slack Detector", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107362/message/2267" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107365/message/2281" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107359/message/2241" + }, + { + "path": "/payload/3113", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107374/message/2255" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107360/message/2258" + }, + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107368/message/2264" + }, + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107370/message/2275" + }, + { + "path": "/payload/3109", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107456/message/2273" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107358/message/2250" + }, + { + "path": "/payload/3107", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107369/message/2253" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027" + }, + { + "pluginId": "40025", + "pluginName": "Proxy Disclosure", + "severity": "Medium", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107368/message/1586" + }, + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107370/message/1581" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107365/message/1573" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107360/message/1565" + }, + { + "path": "/payload/3115", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107371/message/1584" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107359/message/1568" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107357/message/1571" + }, + { + "path": "/payload/stream/3096", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107455/message/1593" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107364/message/1575" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025/path/107362/message/1578" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025" + }, + { + "pluginId": "20012", + "pluginName": "Anti CSRF Tokens Scanner", + "severity": "High", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107365/message/1166" + }, + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107368/message/1169" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107362/message/1152" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107364/message/1171" + }, + { + "path": "/payload/3107", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107369/message/1156" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107360/message/1158" + }, + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107370/message/1167" + }, + { + "path": "/payload/3113", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107374/message/1164" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107366/message/1154" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107367/message/1161" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "HTTP Header Protection", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012" + }, + { + "pluginId": "40012", + "pluginName": "Cross Site Scripting Weakness (Reflected in JSON Response)", + "severity": "High", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012/path/107358/message/236" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 1 + } + ], + "totalCount": "1", + "category": "Input Sanitization", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012" + }, + { + "pluginId": "10038", + "pluginName": "Content Security Policy (CSP) Header Not Set", + "severity": "Medium", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107362/message/18" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107360/message/20" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107357/message/9" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107365/message/45" + }, + { + "path": "/search", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107358/message/10" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107359/message/17" + }, + { + "path": "/token-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107361/message/19" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107364/message/48" + }, + { + "path": "/payloads", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107363/message/24" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107358/message/21" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107366/message/47" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038/path/107367/message/49" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 12 + } + ], + "totalCount": "12", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038" + }, + { + "pluginId": "10063", + "pluginName": "Permissions Policy Header Not Set", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payloads", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107363/message/24" + }, + { + "path": "/search", + "method": "POST", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107358/message/21" + }, + { + "path": "", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107357/message/9" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107360/message/20" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107366/message/47" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107367/message/49" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107364/message/48" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107365/message/45" + }, + { + "path": "/", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107359/message/17" + }, + { + "path": "/token-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107361/message/19" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107362/message/18" + }, + { + "path": "/search", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063/path/107358/message/10" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 12 + } + ], + "totalCount": "12", + "category": "", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063" + } + ] + } +} diff --git a/unittests/scans/stackhawk/stackhawk_one_vul.json b/unittests/scans/stackhawk/stackhawk_one_vul.json new file mode 100644 index 00000000000..350b005a7bc --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_one_vul.json @@ -0,0 +1,108 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "21", + "spiderDuration": "45", + "completedScanStats": { + "urlsCount": "31", + "duration": "66", + "scanResultsStats": { + "totalCount": "10", + "lowCount": "0", + "mediumCount": "0", + "highCount": "10", + "lowTriagedCount": "0", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + { + "pluginId": "20012", + "pluginName": "Anti CSRF Tokens Scanner", + "severity": "High", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3111", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107370/message/1167" + }, + { + "path": "/payload/3103", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107366/message/1154" + }, + { + "path": "/payload/3107", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107369/message/1156" + }, + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107364/message/1171" + }, + { + "path": "/payload/3113", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107374/message/1164" + }, + { + "path": "/payload/3105", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107368/message/1169" + }, + { + "path": "/payload/3097", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107365/message/1166" + }, + { + "path": "/basic-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107360/message/1158" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107362/message/1152" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012/path/107367/message/1161" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 10 + } + ], + "totalCount": "10", + "category": "HTTP Header Protection", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012" + } + ] + } +} diff --git a/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_false_positive.json b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_false_positive.json new file mode 100644 index 00000000000..de92b4546fe --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_false_positive.json @@ -0,0 +1,66 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "30", + "spiderDuration": "48", + "completedScanStats": { + "urlsCount": "31", + "duration": "78", + "scanResultsStats": { + "totalCount": "3", + "lowCount": "3", + "mediumCount": "0", + "highCount": "0", + "lowTriagedCount": "3", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + { + "pluginId": "90027", + "pluginName": "Cookie Slack Detector", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3101", + "method": "GET", + "status": "FALSE_POSITIVE", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107364/message/2020" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "FALSE_POSITIVE", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107362/message/2001" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "FALSE_POSITIVE", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107367/message/2007" + } + ], + "pathStats": [ + { + "status": "FALSE_POSITIVE", + "count": 3 + } + ], + "totalCount": "3", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027" + } + ] + } +} diff --git a/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_have_different_status.json b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_have_different_status.json new file mode 100644 index 00000000000..b169ff77e73 --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_have_different_status.json @@ -0,0 +1,74 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "30", + "spiderDuration": "48", + "completedScanStats": { + "urlsCount": "31", + "duration": "78", + "scanResultsStats": { + "totalCount": "3", + "lowCount": "3", + "mediumCount": "0", + "highCount": "0", + "lowTriagedCount": "3", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + { + "pluginId": "90027", + "pluginName": "Cookie Slack Detector", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3101", + "method": "GET", + "status": "NEW", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107364/message/2020" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "FALSE_POSITIVE", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107362/message/2001" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "RISK_ACCEPTED", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107367/message/2007" + } + ], + "pathStats": [ + { + "status": "NEW", + "count": 1 + }, + { + "status": "RISK_ACCEPTED", + "count": 1 + }, + { + "status": "FALSE_POSITIVE", + "count": 1 + } + ], + "totalCount": "3", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027" + } + ] + } +} diff --git a/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_risk_accepted.json b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_risk_accepted.json new file mode 100644 index 00000000000..0691bb64846 --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_risk_accepted.json @@ -0,0 +1,66 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "30", + "spiderDuration": "48", + "completedScanStats": { + "urlsCount": "31", + "duration": "78", + "scanResultsStats": { + "totalCount": "3", + "lowCount": "3", + "mediumCount": "0", + "highCount": "0", + "lowTriagedCount": "3", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + { + "pluginId": "90027", + "pluginName": "Cookie Slack Detector", + "severity": "Low", + "host": "https://localhost:9000", + "paths": [ + { + "path": "/payload/3101", + "method": "GET", + "status": "RISK_ACCEPTED", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107364/message/2020" + }, + { + "path": "/jwt-auth", + "method": "GET", + "status": "RISK_ACCEPTED", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107362/message/2001" + }, + { + "path": "/payload/3099", + "method": "GET", + "status": "RISK_ACCEPTED", + "pathURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027/path/107367/message/2007" + } + ], + "pathStats": [ + { + "status": "RISK_ACCEPTED", + "count": 3 + } + ], + "totalCount": "3", + "category": "Information Leakage", + "findingURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027" + } + ] + } +} diff --git a/unittests/scans/stackhawk/stackhawk_zero_vul.json b/unittests/scans/stackhawk/stackhawk_zero_vul.json new file mode 100644 index 00000000000..d5d619b7a01 --- /dev/null +++ b/unittests/scans/stackhawk/stackhawk_zero_vul.json @@ -0,0 +1,31 @@ +{ + "service": "StackHawk", + "scanCompleted": { + "scan": { + "id": "e2ff5651-7eef-47e9-b743-0c2f7d861e27", + "hawkscanVersion": "2.1.1", + "env": "Development", + "status": "COMPLETED", + "application": "Secured Application", + "startedTimestamp": "2022-02-16T23:07:19.575Z", + "scanURL": "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27" + }, + "scanDuration": "21", + "spiderDuration": "45", + "completedScanStats": { + "urlsCount": "31", + "duration": "66", + "scanResultsStats": { + "totalCount": "0", + "lowCount": "0", + "mediumCount": "0", + "highCount": "0", + "lowTriagedCount": "0", + "mediumTriagedCount": "0", + "highTriagedCount": "0" + } + }, + "findings": [ + ] + } +} diff --git a/unittests/scans/sysdig_reports/sysdig.json b/unittests/scans/sysdig_reports/sysdig.json new file mode 100644 index 00000000000..810d1ab21b1 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig.json @@ -0,0 +1,5513 @@ +{ + "data": [ + { + "imageId": "sha256:a8e04461b233d63ca6c3d977a2407aefadcccf60d4cd4ca239ce91605dd2d969", + "imagePullString": "docker.io/sysdiglabs/recurling:0.1", + "osName": "ubuntu 14.04", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "observer", + "k8sPodContainerName": "observer", + "vulnName": "CVE-2022-0778", + "vulnSeverity": "High", + "vulnLink": "https://ubuntu.com/security/CVE-2022-0778", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2022-03-15T00:00:00Z", + "vulnSolutionDate": "2022-03-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.1f-1ubuntu2.27+esm5", + "packageName": "libssl1.0.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.1f-1ubuntu2.15", + "packageSuggestedFix": "1.0.1f-1ubuntu2.27+esm5", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:a8e04461b233d63ca6c3d977a2407aefadcccf60d4cd4ca239ce91605dd2d969", + "imagePullString": "docker.io/sysdiglabs/recurling:0.1", + "osName": "ubuntu 14.04", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "observer", + "k8sPodContainerName": "observer", + "vulnName": "CVE-2022-0778", + "vulnSeverity": "High", + "vulnLink": "https://ubuntu.com/security/CVE-2022-0778", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2022-03-15T00:00:00Z", + "vulnSolutionDate": "2022-03-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.1f-1ubuntu2.27+esm5", + "packageName": "openssl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.1f-1ubuntu2.15", + "packageSuggestedFix": "1.0.1f-1ubuntu2.27+esm5", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:a8e04461b233d63ca6c3d977a2407aefadcccf60d4cd4ca239ce91605dd2d969", + "imagePullString": "docker.io/sysdiglabs/recurling:0.1", + "osName": "ubuntu 14.04", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "observer", + "k8sPodContainerName": "observer", + "vulnName": "CVE-2022-25235", + "vulnSeverity": "High", + "vulnLink": "https://ubuntu.com/security/CVE-2022-25235", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2022-02-15T00:00:00Z", + "vulnSolutionDate": "2022-02-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.1.0-4ubuntu1.4+esm4", + "packageName": "libexpat1", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.0-4ubuntu1", + "packageSuggestedFix": "2.1.0-4ubuntu1.4+esm4", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:a8e04461b233d63ca6c3d977a2407aefadcccf60d4cd4ca239ce91605dd2d969", + "imagePullString": "docker.io/sysdiglabs/recurling:0.1", + "osName": "ubuntu 14.04", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "observer", + "k8sPodContainerName": "observer", + "vulnName": "CVE-2022-25236", + "vulnSeverity": "High", + "vulnLink": "https://ubuntu.com/security/CVE-2022-25236", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2022-02-15T00:00:00Z", + "vulnSolutionDate": "2022-02-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.1.0-4ubuntu1.4+esm4", + "packageName": "libexpat1", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.0-4ubuntu1", + "packageSuggestedFix": "2.1.0-4ubuntu1.4+esm4", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-1000132", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000132", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2018-02-18T00:00:00Z", + "vulnSolutionDate": "2018-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "4.5.2", + "packageName": "mercurial", + "packageType": "python", + "packagePath": "/usr/lib/python2.7/dist-packages/mercurial-3.1.2.egg-info", + "packageVersion": "3.1.2", + "packageSuggestedFix": "4.5.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-16492", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2018-04-24T00:00:00Z", + "vulnSolutionDate": "2018-07-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.0.2", + "packageName": "extend", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/extend/package.json", + "packageVersion": "3.0.1", + "packageSuggestedFix": "3.0.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-23568", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23568", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2018-04-24T00:00:00Z", + "vulnSolutionDate": "2018-07-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.0.2", + "packageName": "extend", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/extend/package.json", + "packageVersion": "3.0.1", + "packageSuggestedFix": "3.0.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-3918", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2021-10-09T00:00:00Z", + "vulnSolutionDate": "2021-11-02T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.4.0", + "packageName": "json-schema", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/jsprim/node_modules/json-schema/package.json", + "packageVersion": "0.2.3", + "packageSuggestedFix": "0.4.0", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-44906", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2020-03-10T00:00:00Z", + "vulnSolutionDate": "2022-03-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.6", + "packageName": "minimist", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/rc/node_modules/minimist/package.json", + "packageVersion": "1.2.0", + "packageSuggestedFix": "1.2.6", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "glob", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/glob/package.json", + "packageVersion": "7.1.1", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "minimatch", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", + "packageVersion": "3.0.3", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "rimraf", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/rimraf/package.json", + "packageVersion": "2.6.1", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-7788", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.3, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vulnDisclosureDate": "2020-12-08T00:00:00Z", + "vulnSolutionDate": "2020-12-09T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.3.6", + "packageName": "ini", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/ini/package.json", + "packageVersion": "1.3.4", + "packageSuggestedFix": "1.3.6", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-20834", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20834", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2018-04-30T00:00:00Z", + "vulnSolutionDate": "2018-04-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.2", + "packageName": "tar", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/tar/package.json", + "packageVersion": "2.2.1", + "packageSuggestedFix": "2.2.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2019-13173", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13173", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2019-05-15T00:00:00Z", + "vulnSolutionDate": "2019-05-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.12", + "packageName": "fstream", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/fstream/package.json", + "packageVersion": "1.0.11", + "packageSuggestedFix": "1.0.12", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2015-8315", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2015-8315", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2015-11-20T00:00:00Z", + "vulnSolutionDate": "2017-05-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.7", + "packageName": "debug", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/debug/package.json", + "packageVersion": "2.6.6", + "packageSuggestedFix": "2.6.7", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-1000048", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000048", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-02-14T00:00:00Z", + "vulnSolutionDate": "2017-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.3.2", + "packageName": "qs", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/request/node_modules/qs/package.json", + "packageVersion": "6.3.0", + "packageSuggestedFix": "6.3.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-15010", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-05T00:00:00Z", + "vulnSolutionDate": "2017-09-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.3.3", + "packageName": "tough-cookie", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/request/node_modules/tough-cookie/package.json", + "packageVersion": "2.3.2", + "packageSuggestedFix": "2.3.3", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-16118", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16118", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-08T00:00:00Z", + "vulnSolutionDate": "2017-09-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.1.2", + "packageName": "forwarded", + "packageType": "javascript", + "packagePath": "/node_modules/forwarded/package.json", + "packageVersion": "0.1.1", + "packageSuggestedFix": "0.1.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-16136", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16136", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-27T00:00:00Z", + "vulnSolutionDate": "2017-09-27T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.3.10", + "packageName": "method-override", + "packageType": "javascript", + "packagePath": "/node_modules/method-override/package.json", + "packageVersion": "2.3.9", + "packageSuggestedFix": "2.3.10", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.7", + "packageName": "brace-expansion", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/read-package-json/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json", + "packageVersion": "1.1.6", + "packageSuggestedFix": "1.1.7", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-3737", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-03-12T00:00:00Z", + "vulnSolutionDate": "2018-03-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.13.2", + "packageName": "sshpk", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/sshpk/package.json", + "packageVersion": "1.13.1", + "packageSuggestedFix": "1.13.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-28469", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2021-01-12T00:00:00Z", + "vulnSolutionDate": "2021-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "5.1.2", + "packageName": "glob-parent", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/glob-parent/package.json", + "packageVersion": "2.0.0", + "packageSuggestedFix": "5.1.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-7754", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7754", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2020-10-15T00:00:00Z", + "vulnSolutionDate": "2020-10-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.1", + "packageName": "npm-user-validate", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json", + "packageVersion": "0.1.5", + "packageSuggestedFix": "1.0.1", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2019-16776", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2019-12-10T00:00:00Z", + "vulnSolutionDate": "2019-12-10T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.13.3", + "packageName": "npm", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/package.json", + "packageVersion": "4.2.0", + "packageSuggestedFix": "6.13.3", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-36049", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-36049", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2019-09-23T00:00:00Z", + "vulnSolutionDate": "2020-09-28T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "3.3.2", + "packageName": "socket.io-parser", + "packageType": "javascript", + "packagePath": "/node_modules/socket.io-parser/package.json", + "packageVersion": "2.3.1", + "packageSuggestedFix": "3.3.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2019-14697", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14697", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2019-07-16T00:00:00Z", + "vulnSolutionDate": "2019-07-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.20-r5", + "packageName": "musl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.20-r3", + "packageSuggestedFix": "1.1.20-r5", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2019-14697", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14697", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2019-07-16T00:00:00Z", + "vulnSolutionDate": "2019-07-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.20-r5", + "packageName": "musl-utils", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.20-r3", + "packageSuggestedFix": "1.1.20-r5", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2019-1543", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.4, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2019-03-06T00:00:00Z", + "vulnSolutionDate": "2019-05-28T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1b-r1", + "packageName": "libcrypto1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2019-1543", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.4, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2019-03-06T00:00:00Z", + "vulnSolutionDate": "2019-05-28T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1b-r1", + "packageName": "libssl1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2021-3450", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.4, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-03-22T00:00:00Z", + "vulnSolutionDate": "2021-03-25T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1k-r0", + "packageName": "libcrypto1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2021-3450", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.4, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-03-22T00:00:00Z", + "vulnSolutionDate": "2021-03-25T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1k-r0", + "packageName": "libssl1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2021-23840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2021-02-16T00:00:00Z", + "vulnSolutionDate": "2021-02-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1j-r0", + "packageName": "libcrypto1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2021-23840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2021-02-16T00:00:00Z", + "vulnSolutionDate": "2021-02-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1j-r0", + "packageName": "libssl1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2020-1967", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2020-04-07T00:00:00Z", + "vulnSolutionDate": "2020-04-21T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1g-r0", + "packageName": "libcrypto1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:3d2a373f46ae28f3376c356d27210759aa9348fd94c517cf77e9df2a2c41c37f", + "imagePullString": "docker.io/redis:5.0.3-alpine", + "osName": "alpine 3.9.2", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "redis", + "k8sPodContainerName": "redis", + "vulnName": "CVE-2020-1967", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2020-04-07T00:00:00Z", + "vulnSolutionDate": "2020-04-21T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.1g-r0", + "packageName": "libssl1.1", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.1a-r1", + "packageSuggestedFix": "1.1.1j-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2022-29361", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-29361", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2022-05-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "Werkzeug", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/Werkzeug-0.12.2.dist-info/METADATA", + "packageVersion": "0.12.2", + "packageSuggestedFix": "0.15.3", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-10989", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-07-06T00:00:00Z", + "vulnSolutionDate": "2017-08-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r1", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-8105", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8105", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-24T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-8287", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8287", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-26T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2016-9841", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2016-9843", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2018-20225", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2020-05-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2019-14806", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14806", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vulnDisclosureDate": "2019-05-14T00:00:00Z", + "vulnSolutionDate": "2019-05-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.15.3", + "packageName": "Werkzeug", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/Werkzeug-0.12.2.dist-info/METADATA", + "packageVersion": "0.12.2", + "packageSuggestedFix": "0.15.3", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl-utils", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2018-1000656", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000656", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-04-10T00:00:00Z", + "vulnSolutionDate": "2018-04-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.12.3", + "packageName": "Flask", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/Flask-0.12.2.dist-info/METADATA", + "packageVersion": "0.12.2", + "packageSuggestedFix": "0.12.3", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2018-8740", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-03-16T00:00:00Z", + "vulnSolutionDate": "2018-04-02T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r2", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2019-1010083", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010083", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-04-26T00:00:00Z", + "vulnSolutionDate": "2018-04-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0", + "packageName": "Flask", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/Flask-0.12.2.dist-info/METADATA", + "packageVersion": "0.12.2", + "packageSuggestedFix": "0.12.3", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2019-20916", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-20916", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2019-04-16T00:00:00Z", + "vulnSolutionDate": "2019-07-22T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "19.2", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-9233", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-14T00:00:00Z", + "vulnSolutionDate": "2017-06-17T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.0-r1", + "packageName": "expat", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.2.0-r0", + "packageSuggestedFix": "2.2.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2k-r0", + "packageSuggestedFix": "1.0.2o-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2k-r0", + "packageSuggestedFix": "1.0.2o-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2016-10244", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10244", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-08-25T00:00:00Z", + "vulnSolutionDate": "2016-09-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2016-9840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:37ab38d2a581a3adb377b4ed35d9a251329b62e82e334ce116b7fbaad7cb419e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-vote:statsd-5", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "vote", + "k8sPodContainerName": "vote", + "vulnName": "CVE-2016-9842", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-26291", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-04-04T00:00:00Z", + "vulnSolutionDate": "2021-04-04T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.8.1", + "packageName": "org.apache.maven:maven-artifact", + "packageType": "java", + "packagePath": "/usr/share/maven/lib/maven-artifact-3.3.3.jar", + "packageVersion": "3.3.3", + "packageSuggestedFix": "3.8.1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-26291", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-04-04T00:00:00Z", + "vulnSolutionDate": "2021-04-04T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.8.1", + "packageName": "org.apache.maven:maven-compat", + "packageType": "java", + "packagePath": "/usr/share/maven/lib/maven-compat-3.3.3.jar", + "packageVersion": "3.3.3", + "packageSuggestedFix": "3.8.1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-26291", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-04-04T00:00:00Z", + "vulnSolutionDate": "2021-04-04T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.8.1", + "packageName": "org.apache.maven:maven-core", + "packageType": "java", + "packagePath": "/usr/share/maven/lib/maven-core-3.3.3.jar", + "packageVersion": "3.3.3", + "packageSuggestedFix": "3.8.1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-26291", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2021-04-04T00:00:00Z", + "vulnSolutionDate": "2021-04-04T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.8.1", + "packageName": "org.apache.maven:maven-model", + "packageType": "java", + "packagePath": "/usr/share/maven/lib/maven-model-3.3.3.jar", + "packageVersion": "3.3.3", + "packageSuggestedFix": "3.8.1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-8105", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8105", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-24T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-8287", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8287", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-26T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2016-9841", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2016-9843", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2019-17571", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-17571", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2019-12-18T00:00:00Z", + "vulnSolutionDate": "2017-04-05T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.8.2", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2020-9493", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9493", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2021-06-15T00:00:00Z", + "vulnSolutionDate": "2021-06-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.0-alpha1", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2022-23305", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2022-01-17T00:00:00Z", + "vulnSolutionDate": "2014-07-12T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.0", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-15708", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15708", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2015-01-28T00:00:00Z", + "vulnSolutionDate": "2015-11-22T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "3.2.2", + "packageName": "commons-collections:commons-collections", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar", + "packageVersion": "3.2.1", + "packageSuggestedFix": "3.2.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2019-13116", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13116", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2015-01-28T00:00:00Z", + "vulnSolutionDate": "2015-11-22T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "3.2.2", + "packageName": "commons-collections:commons-collections", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar", + "packageVersion": "3.2.1", + "packageSuggestedFix": "3.2.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-10790", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10790", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-22T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "4.8-r2", + "packageName": "libtasn1", + "packageType": "os", + "packagePath": "", + "packageVersion": "4.8-r0", + "packageSuggestedFix": "4.8-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl-utils", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-4104", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2021-12-11T00:00:00Z", + "vulnSolutionDate": "2021-12-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.0", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2k-r0", + "packageSuggestedFix": "1.0.2o-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2k-r0", + "packageSuggestedFix": "1.0.2o-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2018-6003", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6003", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-01-04T00:00:00Z", + "vulnSolutionDate": "2018-01-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "4.8-r3", + "packageName": "libtasn1", + "packageType": "os", + "packagePath": "", + "packageVersion": "4.8-r0", + "packageSuggestedFix": "4.8-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2021-37714", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2021-08-18T00:00:00Z", + "vulnSolutionDate": "2021-08-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.14.2", + "packageName": "org.jsoup:jsoup", + "packageType": "java", + "packagePath": "/usr/share/maven/lib/jsoup-1.7.2.jar", + "packageVersion": "1.7.2", + "packageSuggestedFix": "1.14.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2016-10244", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10244", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-08-25T00:00:00Z", + "vulnSolutionDate": "2016-09-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-6891", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6891", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-05-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "4.8-r1", + "packageName": "libtasn1", + "packageType": "os", + "packagePath": "", + "packageVersion": "4.8-r0", + "packageSuggestedFix": "4.8-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2022-23302", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2022-01-17T00:00:00Z", + "vulnSolutionDate": "2014-07-12T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.0", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2022-23307", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2021-06-15T00:00:00Z", + "vulnSolutionDate": "2021-06-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.0-alpha1", + "packageName": "log4j:log4j", + "packageType": "java", + "packagePath": "/root/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar", + "packageVersion": "1.2.12", + "packageSuggestedFix": "2.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2016-9840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2016-9842", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2019-10086", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.3, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vulnDisclosureDate": "2014-04-29T00:00:00Z", + "vulnSolutionDate": "2019-08-03T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.9.4", + "packageName": "commons-beanutils:commons-beanutils", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar", + "packageVersion": "1.7.0", + "packageSuggestedFix": "1.9.4", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2019-10086", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.3, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vulnDisclosureDate": "2014-04-29T00:00:00Z", + "vulnSolutionDate": "2019-08-03T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.5.0", + "packageName": "commons-validator:commons-validator", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-validator/commons-validator/1.2.0/commons-validator-1.2.0.jar", + "packageVersion": "1.2.0", + "packageSuggestedFix": "1.5.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2019-3834", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3834", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.3, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vulnDisclosureDate": "2014-04-29T00:00:00Z", + "vulnSolutionDate": "2019-08-03T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.5.0", + "packageName": "commons-validator:commons-validator", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-validator/commons-validator/1.2.0/commons-validator-1.2.0.jar", + "packageVersion": "1.2.0", + "packageSuggestedFix": "1.5.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2014-0114", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2014-0114", + "vulnCvssVersion": "2.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "vulnDisclosureDate": "2014-04-29T00:00:00Z", + "vulnSolutionDate": "2019-08-03T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.9.4", + "packageName": "commons-beanutils:commons-beanutils", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar", + "packageVersion": "1.7.0", + "packageSuggestedFix": "1.9.4", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2014-0114", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2014-0114", + "vulnCvssVersion": "2.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "vulnDisclosureDate": "2014-04-29T00:00:00Z", + "vulnSolutionDate": "2019-08-03T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "1.5.0", + "packageName": "commons-validator:commons-validator", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-validator/commons-validator/1.2.0/commons-validator-1.2.0.jar", + "packageVersion": "1.2.0", + "packageSuggestedFix": "1.5.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:d483a18d607a33cf6ab56799422b593c20ff2c8cba8626c5c419d0a10d50ba5b", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-worker:jmx-1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "worker", + "k8sPodContainerName": "worker", + "vulnName": "CVE-2017-12628", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12628", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2015-01-28T00:00:00Z", + "vulnSolutionDate": "2015-11-22T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "3.2.2", + "packageName": "commons-collections:commons-collections", + "packageType": "java", + "packagePath": "/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar", + "packageVersion": "3.2.1", + "packageSuggestedFix": "3.2.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10989", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-07-06T00:00:00Z", + "vulnSolutionDate": "2017-08-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r1", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-8105", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8105", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-24T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-8287", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8287", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-26T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9841", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9843", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-20225", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2020-05-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-5300", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2012-03-06T00:00:00Z", + "vulnSolutionDate": "2016-06-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.0-r0", + "packageName": "expat", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.1-r2", + "packageSuggestedFix": "2.2.0-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl-utils", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-8740", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-03-16T00:00:00Z", + "vulnSolutionDate": "2018-04-02T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r2", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-18074", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vulnDisclosureDate": "2018-06-27T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.20.0", + "packageName": "requests", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/requests-2.13.0.dist-info/METADATA", + "packageVersion": "2.13.0", + "packageSuggestedFix": "2.20.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2019-20916", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-20916", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2019-04-16T00:00:00Z", + "vulnSolutionDate": "2019-07-22T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "19.2", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-3731", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-01-26T00:00:00Z", + "vulnSolutionDate": "2017-01-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2k-r0", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-3731", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-01-26T00:00:00Z", + "vulnSolutionDate": "2017-01-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2k-r0", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-9233", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-14T00:00:00Z", + "vulnSolutionDate": "2017-06-17T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.0-r1", + "packageName": "expat", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.1-r2", + "packageSuggestedFix": "2.2.0-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-10244", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10244", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-08-25T00:00:00Z", + "vulnSolutionDate": "2016-09-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16544", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16544", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.24.2-r13", + "packageName": "busybox", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.24.2-r12", + "packageSuggestedFix": "1.24.2-r13", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-aks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9842", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-1000132", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000132", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.1, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2018-02-18T00:00:00Z", + "vulnSolutionDate": "2018-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "4.5.2", + "packageName": "mercurial", + "packageType": "python", + "packagePath": "/usr/lib/python2.7/dist-packages/mercurial-3.1.2.egg-info", + "packageVersion": "3.1.2", + "packageSuggestedFix": "4.5.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-16492", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2018-04-24T00:00:00Z", + "vulnSolutionDate": "2018-07-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.0.2", + "packageName": "extend", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/extend/package.json", + "packageVersion": "3.0.1", + "packageSuggestedFix": "3.0.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-23568", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-23568", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2018-04-24T00:00:00Z", + "vulnSolutionDate": "2018-07-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.0.2", + "packageName": "extend", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/extend/package.json", + "packageVersion": "3.0.1", + "packageSuggestedFix": "3.0.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-3918", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2021-10-09T00:00:00Z", + "vulnSolutionDate": "2021-11-02T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.4.0", + "packageName": "json-schema", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/jsprim/node_modules/json-schema/package.json", + "packageVersion": "0.2.3", + "packageSuggestedFix": "0.4.0", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2021-44906", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2020-03-10T00:00:00Z", + "vulnSolutionDate": "2022-03-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.6", + "packageName": "minimist", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/rc/node_modules/minimist/package.json", + "packageVersion": "1.2.0", + "packageSuggestedFix": "1.2.6", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "glob", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/glob/package.json", + "packageVersion": "7.1.1", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "minimatch", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/minimatch/package.json", + "packageVersion": "3.0.3", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "rimraf", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/rimraf/package.json", + "packageVersion": "2.6.1", + "packageSuggestedFix": "", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-7788", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.3, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vulnDisclosureDate": "2020-12-08T00:00:00Z", + "vulnSolutionDate": "2020-12-09T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.3.6", + "packageName": "ini", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/ini/package.json", + "packageVersion": "1.3.4", + "packageSuggestedFix": "1.3.6", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-20834", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20834", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2018-04-30T00:00:00Z", + "vulnSolutionDate": "2018-04-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.2", + "packageName": "tar", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/tar/package.json", + "packageVersion": "2.2.1", + "packageSuggestedFix": "2.2.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2019-13173", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13173", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2019-05-15T00:00:00Z", + "vulnSolutionDate": "2019-05-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.12", + "packageName": "fstream", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/fstream/package.json", + "packageVersion": "1.0.11", + "packageSuggestedFix": "1.0.12", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2015-8315", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2015-8315", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2015-11-20T00:00:00Z", + "vulnSolutionDate": "2017-05-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.7", + "packageName": "debug", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/debug/package.json", + "packageVersion": "2.6.6", + "packageSuggestedFix": "2.6.7", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-1000048", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000048", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-02-14T00:00:00Z", + "vulnSolutionDate": "2017-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.3.2", + "packageName": "qs", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/request/node_modules/qs/package.json", + "packageVersion": "6.3.0", + "packageSuggestedFix": "6.3.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-15010", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-05T00:00:00Z", + "vulnSolutionDate": "2017-09-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.3.3", + "packageName": "tough-cookie", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/tough-cookie/package.json", + "packageVersion": "2.3.2", + "packageSuggestedFix": "2.3.3", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-16118", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16118", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-08T00:00:00Z", + "vulnSolutionDate": "2017-09-15T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "0.1.2", + "packageName": "forwarded", + "packageType": "javascript", + "packagePath": "/node_modules/forwarded/package.json", + "packageVersion": "0.1.1", + "packageSuggestedFix": "0.1.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-16136", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16136", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-09-27T00:00:00Z", + "vulnSolutionDate": "2017-09-27T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.3.10", + "packageName": "method-override", + "packageType": "javascript", + "packagePath": "/node_modules/method-override/package.json", + "packageVersion": "2.3.9", + "packageSuggestedFix": "2.3.10", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2017-18077", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18077", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-03-01T00:00:00Z", + "vulnSolutionDate": "2017-04-07T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.7", + "packageName": "brace-expansion", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/init-package-json/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json", + "packageVersion": "1.1.6", + "packageSuggestedFix": "1.1.7", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2018-3737", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3737", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-03-12T00:00:00Z", + "vulnSolutionDate": "2018-03-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.13.2", + "packageName": "sshpk", + "packageType": "javascript", + "packagePath": "/node_modules/gc-stats/node_modules/sshpk/package.json", + "packageVersion": "1.13.1", + "packageSuggestedFix": "1.13.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-28469", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2021-01-12T00:00:00Z", + "vulnSolutionDate": "2021-03-06T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "5.1.2", + "packageName": "glob-parent", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/nodemon/node_modules/glob-parent/package.json", + "packageVersion": "2.0.0", + "packageSuggestedFix": "5.1.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-7754", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7754", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2020-10-15T00:00:00Z", + "vulnSolutionDate": "2020-10-16T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.1", + "packageName": "npm-user-validate", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/node_modules/npm-user-validate/package.json", + "packageVersion": "0.1.5", + "packageSuggestedFix": "1.0.1", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2019-16776", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16776", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.1, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "vulnDisclosureDate": "2019-12-10T00:00:00Z", + "vulnSolutionDate": "2019-12-10T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.13.3", + "packageName": "npm", + "packageType": "javascript", + "packagePath": "/usr/local/lib/node_modules/npm/package.json", + "packageVersion": "4.2.0", + "packageSuggestedFix": "6.13.3", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:4db941217dc6e602c46a6eefc85c05b899f034bd8327efc571d5c1afafbeef2e", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-result:metrics-3", + "osName": "debian 8.7", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "result", + "k8sPodContainerName": "result", + "vulnName": "CVE-2020-36049", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-36049", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2019-09-23T00:00:00Z", + "vulnSolutionDate": "2020-09-28T00:00:00Z", + "vulnExploitable": true, + "vulnFixAvailable": true, + "vulnFixVersion": "3.3.2", + "packageName": "socket.io-parser", + "packageType": "javascript", + "packagePath": "/node_modules/socket.io-parser/package.json", + "packageVersion": "2.3.1", + "packageSuggestedFix": "3.3.2", + "k8sPodCount": 3 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10684", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10684", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10685", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10685", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0-r8", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-10989", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-10989", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-07-06T00:00:00Z", + "vulnSolutionDate": "2017-08-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r1", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-8105", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8105", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-24T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-8287", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8287", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-03-26T00:00:00Z", + "vulnSolutionDate": "2017-05-13T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9841", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9843", + "vulnSeverity": "Critical", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 9.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-20225", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20225", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2020-05-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": false, + "vulnFixVersion": "", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-5300", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-5300", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2012-03-06T00:00:00Z", + "vulnSolutionDate": "2016-06-21T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.0-r0", + "packageName": "expat", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.1-r2", + "packageSuggestedFix": "2.2.0-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11112", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11112", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-11113", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11113", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-24T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-13728", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13728", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-08-23T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20170701-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-15650", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-10-18T00:00:00Z", + "vulnSolutionDate": "2017-10-19T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.1.14-r16", + "packageName": "musl-utils", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.1.14-r14", + "packageSuggestedFix": "1.1.14-r16", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-8740", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-03-16T00:00:00Z", + "vulnSolutionDate": "2018-04-02T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "3.13.0-r2", + "packageName": "sqlite-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "3.13.0-r0", + "packageSuggestedFix": "3.13.0-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-18074", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vulnDisclosureDate": "2018-06-27T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.20.0", + "packageName": "requests", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/requests-2.13.0.dist-info/METADATA", + "packageVersion": "2.13.0", + "packageSuggestedFix": "2.20.0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2019-20916", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-20916", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vulnDisclosureDate": "2019-04-16T00:00:00Z", + "vulnSolutionDate": "2019-07-22T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "19.2", + "packageName": "pip", + "packageType": "python", + "packagePath": "/usr/local/lib/python2.7/site-packages/pip-9.0.1.dist-info/METADATA", + "packageVersion": "9.0.1", + "packageSuggestedFix": "19.2", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-3731", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-01-26T00:00:00Z", + "vulnSolutionDate": "2017-01-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2k-r0", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-3731", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-01-26T00:00:00Z", + "vulnSolutionDate": "2017-01-26T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2k-r0", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-9233", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2017-06-14T00:00:00Z", + "vulnSolutionDate": "2017-06-17T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.2.0-r1", + "packageName": "expat", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.1.1-r2", + "packageSuggestedFix": "2.2.0-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libcrypto1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2018-0732", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.5, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vulnDisclosureDate": "2018-06-11T00:00:00Z", + "vulnSolutionDate": "2018-08-14T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.0.2o-r1", + "packageName": "libssl1.0", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.0.2j-r0", + "packageSuggestedFix": "1.0.2k-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-10244", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10244", + "vulnCvssVersion": "3.0", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-08-25T00:00:00Z", + "vulnSolutionDate": "2016-09-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "2.6.3-r1", + "packageName": "freetype", + "packageType": "os", + "packagePath": "", + "packageVersion": "2.6.3-r0", + "packageSuggestedFix": "2.6.3-r1", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-libs", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16879", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16879", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 7.8, + "vulnCvssVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-18T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "6.0_p20171125-r0", + "packageName": "ncurses-terminfo-base", + "packageType": "os", + "packagePath": "", + "packageVersion": "6.0-r7", + "packageSuggestedFix": "6.0-r8", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2017-16544", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16544", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2017-11-08T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.24.2-r13", + "packageName": "busybox", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.24.2-r12", + "packageSuggestedFix": "1.24.2-r13", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9840", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + }, + { + "imageId": "sha256:27f385e91e79c8cf1849bd09c0128162668faa292a32c7427072d952821cf7e0", + "imagePullString": "docker.io/sysdiglabs/example-voting-app-voter:0.1", + "osName": "alpine 3.4.6", + "k8sClusterName": "demo-kube-eks", + "k8sNamespaceName": "example-voting-app", + "k8sWorkloadType": "deployment", + "k8sWorkloadName": "voter", + "k8sPodContainerName": "voter", + "vulnName": "CVE-2016-9842", + "vulnSeverity": "High", + "vulnLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", + "vulnCvssVersion": "3.1", + "vulnCvssScore": 8.8, + "vulnCvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vulnDisclosureDate": "2016-09-30T00:00:00Z", + "vulnExploitable": false, + "vulnFixAvailable": true, + "vulnFixVersion": "1.2.11-r0", + "packageName": "zlib", + "packageType": "os", + "packagePath": "", + "packageVersion": "1.2.8-r2", + "packageSuggestedFix": "1.2.11-r0", + "k8sPodCount": 1 + } + ] +} \ No newline at end of file diff --git a/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv b/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv new file mode 100644 index 00000000000..2530fa87a89 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_empty_with_error.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv new file mode 100644 index 00000000000..8fa90b5da80 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv @@ -0,0 +1,51 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,K8S cluster name,K8S namespace name,K8S workload type,K8S workload name,K8S container name,Image ID,K8S POD count,Package suggested fix,In use,Risk accepted +CVE-2022-29162,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-28642,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2023-28642,2023-03-25,2023-03-29,v1.1.5,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-36054,Medium,libgssapi-krb5-2,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libk5crypto3,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libkrb5-3,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-36054,Medium,libkrb5support0,1.19.2-2ubuntu0.2,os,,mongo,ubuntu 22.04,3.1,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-36054,2023-07-05,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-48522,Medium,perl-base,5.34.0-3ubuntu1.2,os,,mongo,ubuntu 22.04,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://ubuntu.com/security/CVE-2022-48522,2023-08-22,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-25809,Medium,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,6.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L,https://nvd.nist.gov/vuln/detail/CVE-2023-25809,2023-03-29,2023-03-29,v1.1.5,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false +CVE-2023-29383,Low,login,1:4.8.1-2ubuntu2.1,os,,mongo,ubuntu 22.04,3.1,3.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-29383,2023-03-30,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-29383,Low,passwd,1:4.8.1-2ubuntu2.1,os,,mongo,ubuntu 22.04,3.1,3.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-29383,2023-03-30,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-2975,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-2975,2023-07-07,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-2975,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N,https://ubuntu.com/security/CVE-2023-2975,2023-07-07,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3446,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3446,2023-07-13,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3446,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3446,2023-07-13,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3817,Low,libssl3,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3817,2023-07-25,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-3817,Low,openssl,3.0.2-0ubuntu1.10,os,,mongo,ubuntu 22.04,3.1,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,https://ubuntu.com/security/CVE-2023-3817,2023-07-25,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2023-4016,Low,libprocps8,2:3.3.17-6ubuntu2,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-4016,2023-08-02,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-4016,Low,procps,2:3.3.17-6ubuntu2,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-4016,2023-08-02,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2022-27943,Low,gcc-12-base,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2022-27943,Low,libgcc-s1,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-27943,Low,libstdc++6,12.3.0-1ubuntu1~22.04,os,,mongo,ubuntu 22.04,3.1,5.5,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2022-27943,2022-03-23,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-2781,Low,coreutils,8.32-4.1ubuntu1,os,,mongo,ubuntu 22.04,3.0,6.5,CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N,https://ubuntu.com/security/CVE-2016-2781,2016-02-28,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-46908,Low,libsqlite3-0,3.37.2-2ubuntu0.1,os,,mongo,ubuntu 22.04,3.1,7.3,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L,https://ubuntu.com/security/CVE-2022-46908,2022-12-04,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2023-2953,Low,libldap-2.5-0,2.5.16+dfsg-0ubuntu0.22.04.1,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2023-2953,2022-08-24,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2022-3715,Low,bash,5.1-6ubuntu1,os,,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://ubuntu.com/security/CVE-2022-3715,2022-10-27,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-20013,Negligible,libc-bin,2.35-0ubuntu3.4,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2016-20013,2016-08-31,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,false,false +CVE-2016-20013,Negligible,libc6,2.35-0ubuntu3.4,os,,mongo,ubuntu 22.04,3.1,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,https://ubuntu.com/security/CVE-2016-20013,2016-08-31,,,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,,true,false +CVE-2017-5648,Critical,org.apache.tomcat.embed:tomcat-embed-core,8.5.11,java,/usr/src/app/app.jar:BOOT-INF/lib/tomcat-embed-core-8.5.11.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N,https://nvd.nist.gov/vuln/detail/CVE-2017-5648,2017-02-09,2017-03-13,8.5.12,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,8.5.32,true,false +CVE-2017-8105,Critical,freetype,2.6.3-r0,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-8105,2017-03-24,2017-05-13,2.6.3-r1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.3-r1,false,false +CVE-2017-8287,Critical,freetype,2.6.3-r0,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-8287,2017-03-26,2017-05-13,2.6.3-r1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.3-r1,false,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-commons,1.12.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-commons-1.12.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,1.13.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.13.11,true,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-rest-core,2.5.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-rest-core-2.5.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,2.6.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.11,true,false +CVE-2018-1273,Critical,org.springframework.data:spring-data-rest-webmvc,2.5.7.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-data-rest-webmvc-2.5.7.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-1273,2018-03-27,2018-04-04,2.6.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.6.11,true,false +CVE-2018-19360,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19360,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-19361,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19361,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-19362,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19362,2018-11-18,2018-11-23,2.8.11.3,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-7489,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-7489,2018-02-10,2018-02-11,2.8.11.1,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2018-8014,Critical,org.apache.tomcat.embed:tomcat-embed-core,8.5.11,java,/usr/src/app/app.jar:BOOT-INF/lib/tomcat-embed-core-8.5.11.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-8014,2018-05-16,2018-05-16,8.5.32,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,8.5.32,true,false +CVE-2016-1000027,Critical,org.springframework:spring-aop,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-aop-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-beans,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-beans-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-context,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-context-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-core,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-core-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-expression,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-expression-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-tx,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-tx-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-web,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-web-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-1000027,Critical,org.springframework:spring-webmvc,4.3.6.RELEASE,java,/usr/src/app/app.jar:BOOT-INF/lib/spring-webmvc-4.3.6.RELEASE.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-1000027,2016-07-08,2020-08-11,5.3.0-M2,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,4.3.16,true,false +CVE-2016-9841,Critical,zlib,1.2.8-r2,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-9841,2016-09-30,,1.2.11-r0,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.2.11-r0,true,false +CVE-2016-9843,Critical,zlib,1.2.8-r2,os,,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2016-9843,2016-09-30,,1.2.11-r0,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,1.2.11-r0,true,false +CVE-2017-15095,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-15095,2017-11-02,2017-09-07,2.8.11,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false +CVE-2017-17485,Critical,com.fasterxml.jackson.core:jackson-databind,2.8.6,java,/usr/src/app/app.jar:BOOT-INF/lib/jackson-databind-2.8.6.jar,weaveworksdemos/carts:0.4.8,alpine 3.4.6,3.1,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2017-17485,2017-04-11,2017-04-19,2.8.9,false,kubernetes,sock-shop,deployment,carts,carts,sha256:c004737361182d3cd7f38e6d9ce4a44f2a349b8dc996834e2cba0defcd0cb522,1,2.9.10,true,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv b/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv new file mode 100644 index 00000000000..2530fa87a89 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv b/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv new file mode 100644 index 00000000000..61979cbff14 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +Wrong Field Contents,High,github.com/opencontainers/runc,v1.1.0,golang,/usr/local/bin/gosu,mongo,ubuntu 22.04,3.1,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2022-29162,2022-05-05,2022-05-12,v1.1.2,false,kubernetes,sock-shop,deployment,carts-db,carts-db,sha256:ee3b4d1239f12b094c4936dd08a2fbc227300beaf784c46c509e2f1ac5e6d879,1,v1.1.5,false,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv new file mode 100644 index 00000000000..02ddeb47af2 --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv @@ -0,0 +1,2 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted +CVE-2018-19360,Critical,com.fasterxml.jackson.core:jackson-databind,2.9.7,java,/app/text4shell-poc.jar:BOOT-INF/lib/jackson-databind-2.9.7.jar,harbor.aamiles.org:30003/library/text4shell-docker-vuln:latest,alpine 3.9.4,3.0,9.8,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,https://nvd.nist.gov/vuln/detail/CVE-2018-19360,2018-11-18,2018-11-23,v2.9.8,false,harbor.aamiles.org:30003,library/text4shell-docker-vuln,sha256:c4e3524ae58d87458d65518ec68ee292ce2ef330924fd1f42afacf11b698cb03,v2.9.10,false diff --git a/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv b/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv new file mode 100644 index 00000000000..89b12f8ee2e --- /dev/null +++ b/unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv @@ -0,0 +1 @@ +Vulnerability ID,Severity,Package name,Package version,Package type,Package path,Image,OS Name,CVSS version,CVSS score,CVSS vector,Vuln link,Vuln Publish date,Vuln Fix date,Fix version,Public Exploit,Registry name,Registry image repository,Image ID,Package suggested fix,Risk accepted diff --git a/unittests/scans/talisman/many_findings.json b/unittests/scans/talisman/many_findings.json new file mode 100644 index 00000000000..04ca49682cc --- /dev/null +++ b/unittests/scans/talisman/many_findings.json @@ -0,0 +1,73 @@ +{ + "summary": { + "types": { + "filecontent": 5, + "filesize": 0, + "filename": 0, + "warnings": 0, + "ignores": 0 + } + }, + "results": [ + { + "filename": "talisman_report/talisman_reports/data/report.json", + "failure_list": [ + { + "type": "filecontent", + "message": "Expected file to not to contain hex encoded texts such as: aws_secret=\\\"AKIAIMNOJVGFDXXXE4UI\\\"\",\"commits\":...", + "commits": [], + "severity": "high" + }, + { + "type": "filecontent", + "message": "Expected file to not to contain hex encoded texts such as: aws_secret=\\\"AKIAIMNOJVGFDXXXE4MA\\\"\",\"commits\":...", + "commits": [], + "severity": "high" + }, + { + "type": "filecontent", + "message": "Potential secret pattern : {\"summary\":{\"types\":{\"filecontent\":2,\"filesize\":0,\"filename\":0,\"warnings\":0,\"ignores\":0}},\"results\":[{\"filename\":\"talisman/tools/gitleaks/findings.txt\",\"failure_list\":[{\"type\":\"filecontent\",\"message\":\"Potential secret pattern : aws_secret=\\\"AKIAIMNOJVGFDXXXE4UI\\\"\",\"commits\":[\"ccb9316f83ec989ec3e565dba290b2041491799e\"],\"severity\":\"low\"}],\"warning_list\":[],\"ignore_list\":[]},{\"filename\":\"README.md\",\"failure_list\":[{\"type\":\"filecontent\",\"message\":\"Potential secret pattern : aws_secret=\\\"AKIAIMNOJVGFDXXXE4MA\\\"\",\"commits\":[\"ccb9316f83ec989ec3e565dba290b2041491799e\"", + "commits": [ + "4261e6743687ca774c35d969531fee48b2a4b70d" + ], + "severity": "low" + } + ], + "warning_list": [], + "ignore_list": [] + }, + { + "filename": "README.md", + "failure_list": [ + { + "type": "filecontent", + "message": "Potential secret pattern : aws_secret=\"AKIAIMNOJVGFDXXXE4MA\"", + "commits": [ + "320de646d26477d2ec547e5af1c3251a5484efa9", + "4261e6743687ca774c35d969531fee48b2a4b70d", + "ccb9316f83ec989ec3e565dba290b2041491799e" + ], + "severity": "low" + } + ], + "warning_list": [], + "ignore_list": [] + }, + { + "filename": "talisman/tools/gitleaks/findings.txt", + "failure_list": [ + { + "type": "filecontent", + "message": "Potential secret pattern : aws_secret=\"AKIAIMNOJVGFDXXXE4UI\"", + "commits": [ + "4261e6743687ca774c35d969531fee48b2a4b70d", + "ccb9316f83ec989ec3e565dba290b2041491799e" + ], + "severity": "low" + } + ], + "warning_list": [], + "ignore_list": [] + } + ] +} diff --git a/unittests/scans/talisman/no_finding.json b/unittests/scans/talisman/no_finding.json new file mode 100644 index 00000000000..3d8530679a3 --- /dev/null +++ b/unittests/scans/talisman/no_finding.json @@ -0,0 +1,12 @@ +{ + "summary": { + "types": { + "filecontent": 0, + "filesize": 0, + "filename": 0, + "warnings": 0, + "ignores": 0 + } + }, + "results": [] +} \ No newline at end of file diff --git a/unittests/scans/talisman/one_finding.json b/unittests/scans/talisman/one_finding.json new file mode 100644 index 00000000000..9db4458a07c --- /dev/null +++ b/unittests/scans/talisman/one_finding.json @@ -0,0 +1,28 @@ +{ + "summary": { + "types": { + "filecontent": 0, + "filesize": 0, + "filename": 1, + "warnings": 0, + "ignores": 0 + } + }, + "results": [ + { + "filename": "password.html", + "failure_list": [ + { + "type": "filename", + "message": "The file name \"password.html\" failed checks against the pattern password", + "commits": [ + "0ab760b933186f5490c5699fb5ec777d4b6a5bc4" + ], + "severity": "low" + } + ], + "warning_list": [], + "ignore_list": [] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/nessus/nessus_many_vuln.csv b/unittests/scans/tenable/nessus/nessus_many_vuln.csv similarity index 100% rename from unittests/scans/nessus/nessus_many_vuln.csv rename to unittests/scans/tenable/nessus/nessus_many_vuln.csv diff --git a/unittests/scans/nessus/nessus_many_vuln.xml b/unittests/scans/tenable/nessus/nessus_many_vuln.xml similarity index 100% rename from unittests/scans/nessus/nessus_many_vuln.xml rename to unittests/scans/tenable/nessus/nessus_many_vuln.xml diff --git a/unittests/scans/nessus/nessus_many_vuln2-all.csv b/unittests/scans/tenable/nessus/nessus_many_vuln2-all.csv similarity index 100% rename from unittests/scans/nessus/nessus_many_vuln2-all.csv rename to unittests/scans/tenable/nessus/nessus_many_vuln2-all.csv diff --git a/unittests/scans/nessus/nessus_many_vuln2-default.csv b/unittests/scans/tenable/nessus/nessus_many_vuln2-default.csv similarity index 100% rename from unittests/scans/nessus/nessus_many_vuln2-default.csv rename to unittests/scans/tenable/nessus/nessus_many_vuln2-default.csv diff --git a/unittests/scans/nessus/nessus_v_unknown.xml b/unittests/scans/tenable/nessus/nessus_v_unknown.xml similarity index 100% rename from unittests/scans/nessus/nessus_v_unknown.xml rename to unittests/scans/tenable/nessus/nessus_v_unknown.xml diff --git a/unittests/scans/tenable/nessus/nessus_with_cvssv3.nessus b/unittests/scans/tenable/nessus/nessus_with_cvssv3.nessus new file mode 100644 index 00000000000..243c76971b6 --- /dev/null +++ b/unittests/scans/tenable/nessus/nessus_with_cvssv3.nessus @@ -0,0 +1,10541 @@ + + + + Basic Network Scan + + + + scan.enable_utf8_output + no + + + bw_prevent_core_updates + yes + + + bw_prevent_plugin_updates + yes + + + plugin_set + + 146991;15713;11592;11591;16046;58484;58321;16321;11480;19939;11475;73190;10747;23735;40613;33218;26020;29749;31094;11714;11187;14195;14196;18212;14241;73189;21020;18208;109799;109800;109730;91230;31607;23750;18415;18414;18413;10277;10715;10949;91231;14256;11604;17307;10974;10973;11283;10976;10975;10977;10978;10979;10980;10981;11287;10982;10983;11289;11288;14718;10984;11290;10985;11291;11382;11292;10986;11294;11381;10987;11293;11295;11296;11379;11056;11285;12039;11297;11380;11383;11547;11594;14337;17630;12270;12199;17629;17988;20807;16217;20933;17635;15782;15627;24736;19771;17986;24741;20808;20134;24744;24737;20744;24019;24739;24740;19377;10001;11393;10961;11276;10962;10963;11032;10820;11202;10990;10991;11003;10993;10994;10996;10997;10995;10998;10999;11000;11208;11001;10819;10826;10798;10778;11004;11203;11204;11205;11206;11207;11098;11833;99764;99766;99765;99767;99768;99769;99770;99771;99772;99773;99774;99775;99777;99776;99779;99778;99781;99780;99782;99783;99784;99785;99786;99787;99788;99789;99790;99791;99792;99793;99795;99794;99796;99797;99799;99798;99801;99800;99802;99803;99804;99805;99806;99807;99808;99809;99811;99810;99813;99812;97416;99815;99814;99816;99817;99818;99819;99820;99821;99822;99823;99824;99825;99826;99827;99828;99829;99830;99831;99832;99833;99834;99835;99836;99837;99838;99839;99840;99841;99842;99843;99844;99845;99846;99847;99849;99848;99850;99852;99851;99853;99854;99856;99855;99857;99858;99859;99860;99861;99862;99863;99864;99865;99866;99867;99868;99869;99870;99871;99872;99873;99874;99875;99877;99876;99878;99879;99880;99881;99882;99883;99885;99884;99887;99886;99888;99889;99890;99891;99892;99893;99894;99895;99896;99897;99898;99899;99901;99900;99902;99903;99904;99905;99908;99909;99910;99911;99912;99913;99915;99914;99916;99936;99937;99938;99939;99941;99940;99942;99944;99943;99945;99946;99947;99948;99949;99950;99951;99953;99952;100684;100683;100685;100686;100687;100688;100811;100812;100689;100690;100691;100692;100693;100695;100694;100696;100697;100698;100699;100700;100702;100701;100813;100722;100814;100723;101848;101306;101307;101849;101851;101850;101308;101309;101852;101310;101853;101311;101854;101855;101312;101313;101314;101315;102480;102479;102221;102222;102224;102223;102225;102227;102226;102228;102229;102230;102232;102231;102233;102234;102235;102236;102237;102238;102239;102240;102241;102243;102242;102244;102245;102997;102998;102999;103000;103002;103001;103003;103004;103006;103005;103008;103007;103010;103009;103012;103011;103013;103014;103015;103016;103017;103018;103019;103020;103021;103023;103022;103024;103025;103027;103026;103029;103028;103030;103031;103032;103033;103034;103055;103056;103057;103059;103060;103058;103061;103062;103064;103063;103065;103066;103067;103068;103069;103070;103071;103072;103073;103074;103075;103076;103077;103078;103079;103080;103082;103081;103084;103083;103085;103086;103087;103088;103733;103734;103735;103736;103737;103738;103739;103740;103820;103821;104576;104577;103878;103879;104578;103937;103938;103939;103940;103941;103942;104277;104278;104280;104279;104281;104282;104283;104285;104284;104286;104287;104288;104289;104290;104292;104291;104293;104294;104296;104295;104325;104326;104327;104328;104329;104331;104330;104333;104332;104334;104463;104902;104904;104903;104905;104906;104907;104909;104908;104910;104911;105164;104912;104913;104914;104915;104916;104917;104918;104919;104920;104921;104923;104922;104925;104924;104926;104927;104928;104930;104929;104932;104931;104934;104933;104935;105046;105301;105047;105303;105302;105304;105305;105306;105307;105308;105309;105310;105311;105312;105314;105313;105315;105316;105318;105317;105319;105320;105321;105322;105618;105323;105655;106145;106144;106146;106148;106147;106150;106149;106151;106152;106153;106154;106155;106156;106157;106158;106159;106160;106161;106162;106163;106164;106165;106166;106167;106402;106404;106403;106406;106405;106760;106761;106763;106762;106764;106766;106765;106767;106768;106769;106770;106771;106772;106773;106774;106775;106776;106778;106777;108455;108456;108457;108458;108459;108460;108461;108462;108463;108464;108466;108465;108468;108467;108469;108470;108471;108472;108473;108474;109470;108475;109471;109472;109473;109474;109475;109476;109478;109477;109479;109480;109481;109482;109483;109485;109484;109487;109486;109488;109489;109490;109491;109492;109493;109494;109495;109497;109496;109498;109499;109500;109501;109502;109503;109504;109505;109506;109507;109508;109509;109510;109512;109511;109513;109514;109515;109619;109516;109620;109813;110126;110127;110128;110129;110130;110131;110132;110134;110133;110136;110135;110137;110139;110138;110141;110140;110142;110143;110144;110145;110146;110148;110147;110149;110150;110151;110152;110153;110155;110154;110617;110156;110730;110731;110732;110733;110734;110735;110737;110736;110738;110739;110740;110741;110742;110743;110744;110745;110746;110747;110748;110825;110826;110827;110828;110841;110842;110843;110844;110845;110846;110847;110848;110849;110851;110850;110852;110853;110854;110855;110856;110857;110858;110859;110860;110861;110862;110863;110864;110865;110866;110867;110868;110869;110870;110871;110872;110873;110874;110875;110876;110877;110879;110878;110881;110880;110882;110883;111182;111183;111184;111643;111644;111645;111646;111647;111648;111649;117540;111650;117541;117542;117543;117544;117545;117546;117547;117548;117549;117550;117551;117552;117553;117555;117554;117557;117556;117559;117558;117560;117561;117562;117563;117564;117565;117566;117567;117568;117569;117570;117571;117572;117573;117574;117576;117575;117577;117578;117579;117580;117581;117582;117583;117584;117430;117585;112237;112238;117586;117725;117726;117728;117727;117729;117731;117730;117732;117733;117734;117735;117736;117738;117737;117739;117740;117741;118049;117742;117744;117743;117745;117746;117747;117748;117749;117751;117750;117752;117753;117754;117755;117757;117756;117758;117759;117760;117761;117762;118366;117763;118367;118411;118412;118413;118414;118415;118417;118416;118418;118419;118420;118421;118422;118423;118424;118426;118425;118427;118428;118430;118431;118432;118433;118429;118434;118435;118436;118437;118438;118439;118440;118736;118738;118739;118740;118737;118741;118742;118743;118755;118756;118758;118757;118759;118760;118761;119059;119060;119061;119063;119064;119065;119062;119066;119067;119068;119070;119071;119072;119069;119073;119564;119074;119513;119514;119515;119516;119517;119518;119519;119520;119521;119522;119523;119525;119524;119526;119528;119529;119527;119530;119531;119532;119533;119565;119896;119897;119898;119899;119900;119901;119902;119903;119904;119906;119907;119905;119908;119909;119910;119911;119912;119914;119913;119915;119916;119917;119918;119919;119920;119921;119922;119923;119924;119925;119927;119928;119926;119929;119930;119931;119932;119933;119934;119935;119936;120974;120990;120991;120992;120994;120995;120993;120996;120998;120997;120999;121000;121001;121002;121275;121277;121278;122166;121276;122167;122168;122169;122171;122172;122170;122173;122174;122202;122201;122204;122203;122205;122206;122207;122209;122210;122208;122211;122213;122212;122214;122215;122216;122217;122373;122218;122375;122376;122374;122377;122378;122379;122380;122381;122382;122383;122384;122385;122386;122387;122388;122414;122459;122687;122689;122690;122688;122691;122692;122694;122693;122695;122696;122697;122698;122700;122699;122770;122701;122703;122702;122704;122705;122706;122707;122708;122709;122710;123102;123103;123104;123105;123106;123107;123108;123109;123110;123111;123112;123113;123114;123115;123116;123117;123119;123120;123118;123121;123583;123584;123585;123586;123588;123587;123589;123591;123590;123592;123593;123594;123595;123596;123597;123598;123599;123601;123600;123602;123603;123604;123606;123605;123608;123607;123609;123610;123611;123612;123613;123614;123616;123615;123617;123618;123619;123620;123621;123622;123623;123625;123624;123626;123628;123627;123629;123630;123843;123844;123845;123846;123848;123847;123849;123850;123851;123852;123853;123854;123855;123856;123857;123858;123859;123860;123861;123863;123862;123864;123865;123867;123866;123868;123869;123870;123871;123872;123873;123874;123875;123876;123877;123878;123879;123880;123881;123882;123883;123884;123886;123885;123887;123888;123889;123890;123892;123891;123893;123894;123895;123896;123897;123898;123899;123900;123901;123902;123903;123905;123904;123906;123907;123908;123909;123910;123911;123912;123913;123768;123697;123698;123699;123700;123701;123702;123703;123705;123706;123707;123708;123704;123709;123710;123711;123713;123712;123714;123715;123716;123717;123718;123720;123721;123719;123722;123723;123724;123725;123726;123727;123728;123729;123730;123732;123733;123731;123734;123736;123737;123738;123735;123739;123741;123740;123742;123743;123744;123745;123746;124375;124376;124377;124378;124380;124379;124381;124382;124383;124384;124385;124386;124387;124388;124389;124391;124392;124390;124393;124395;124394;124396;124397;124398;124431;124430;124432;124433;124435;124434;124436;124438;124439;124437;124440;124441;124442;124444;124443;124445;124446;124447;124448;124449;124450;124610;124612;124611;124613;124614;124615;124616;124617;124618;124619;124621;124620;124622;124624;124625;124626;124623;124627;124628;124629;124630;124631;124633;124632;124634;124635;124636;124729;124730;124731;124732;124733;124734;124735;124736;124737;124738;124739;124740;124741;124742;124743;124744;124745;124746;124747;124748;124749;124751;124750;124878;124879;124877;124881;124880;124882;124883;124884;124885;124886;124887;124888;124889;124890;124891;124892;124893;124895;124896;124894;124897;124899;124898;124900;124901;124902;124903;124904;124905;124906;124907;124909;124908;124910;124912;124913;124914;124911;124915;124916;124918;124919;124917;124920;124921;124922;124924;124923;124925;124926;124928;124927;124930;124929;124931;124933;124932;124934;124936;124935;124938;124937;124939;124940;124941;124943;124944;124942;124945;124946;124947;124948;124949;124950;124951;124952;124953;124954;124955;124956;124957;124958;124959;124960;124961;124962;124963;124964;124966;124967;124968;124969;124965;124791;124792;124793;124794;124795;124796;124797;124798;124800;124799;124801;124802;124803;124804;124805;124806;124808;124807;124809;124810;124811;124813;124814;124812;124815;124816;124817;124818;124819;125100;124821;124820;124822;124823;124824;124825;124826;124827;124828;124829;124830;125301;124831;124832;124833;124834;125101;124835;124836;124837;124970;124971;124972;124974;124973;124975;124976;124977;124979;124978;124980;124981;124983;124982;124984;124985;124986;124987;124989;124990;124991;124992;124993;124994;124995;124996;124997;124988;124998;124999;125000;125001;125002;125003;125004;125005;125006;125007;125008;125009;125102;125010;125103;125279;125488;125489;125490;125491;125492;125493;125494;125496;125495;125497;125498;125499;125500;125501;125502;125504;125505;125506;125503;125507;125508;125509;125511;125512;125510;125513;125514;125515;125516;125518;125519;125517;125521;125520;125523;125522;125524;125526;125525;125527;125528;125529;125530;125556;125557;125558;125559;125561;125560;125562;125563;125565;125564;125566;125567;125568;125569;125570;125571;125572;125573;125574;125576;125575;125577;125578;125579;125581;125580;125583;125582;125584;125585;125586;125587;125588;125752;125753;126267;126266;126268;126269;126270;126271;126272;126273;126274;126276;126275;126277;126278;126279;126280;126281;126282;126284;126283;126285;126286;126287;126289;126288;126290;126292;126293;126291;126294;126295;126296;126298;126299;126415;126297;126416;126417;126418;126419;126420;126421;126422;126929;126423;126424;126425;126427;126426;126428;126429;126430;126431;126432;126433;126535;126536;126537;126538;126539;126540;126541;126542;126544;126543;126545;126546;126547;126548;126549;126551;126552;126550;126554;126553;126555;126556;126843;126844;126845;126846;126847;126848;126849;126850;126851;126852;126930;126853;126854;126855;126856;126858;126857;126860;126859;126862;126861;126863;126864;126866;126865;126867;126868;126869;126870;126871;126872;126873;126874;126875;126876;126877;126878;126879;126881;126880;126931;126932;126933;126934;126935;126997;126999;126998;127000;127001;127002;127003;127004;127005;127006;127007;127008;127009;127010;127011;127012;127014;127013;127015;127016;127017;127018;127019;127020;127021;127022;127023;127024;127026;127025;127028;127027;127029;127564;128086;128087;128088;128089;128090;128091;128092;128093;128094;128095;128096;128097;128099;128098;128100;128101;128103;128102;128104;128105;128184;128183;128185;128186;128187;128188;128189;128190;128191;128192;128193;128194;128196;128195;128197;128198;128200;128199;128201;128202;128203;128204;128888;128889;128890;128891;128892;128893;128894;128895;128896;128897;128899;128898;128900;128901;128902;128903;128904;128906;128905;128907;128909;128908;128911;128910;128912;128913;128915;128914;128916;128917;128918;128919;128920;128922;128921;128923;128796;128924;128798;128797;128800;128799;128801;128802;128803;128804;128805;128806;128807;128808;128809;128810;128811;128812;128813;128814;128815;128816;128817;128818;128819;128820;128822;128821;128823;128824;128825;128827;128826;128828;128829;128830;128831;128832;128833;128835;128834;128836;128837;128838;128839;128841;128840;128925;128842;128843;128844;128926;128927;128928;128929;128930;128931;128932;128933;128934;128935;128936;128937;128938;128939;128941;128940;128942;128944;128943;128945;128946;128947;128948;128950;128949;128951;128952;128953;128954;128955;128956;128957;128958;128960;128959;129115;129117;129116;129118;129119;129121;129120;129122;129123;129124;129125;129126;129128;129127;129129;129130;129131;129132;129133;129134;129135;129173;129174;129175;129176;129177;129179;129178;129180;129181;129182;129184;129183;129185;129186;129136;129187;129188;129189;129190;129191;129192;129193;129195;129194;129196;129197;129198;129199;129200;129202;129201;129203;129204;129205;129207;129206;129209;129208;129211;129210;129213;129212;129214;129215;129216;129217;129218;129220;129219;129221;129222;129223;129224;129225;129226;129227;129228;129229;129231;129230;129233;129232;129234;129235;129237;129236;129238;129239;129240;129242;129243;129244;129245;129246;129247;129241;129248;129250;129249;129251;129252;129253;129254;129255;129257;129256;129259;129258;129260;129428;129261;129429;129430;129431;129432;129433;129434;129435;129436;129437;129438;129439;129441;129440;129442;129443;129444;129445;129446;129448;129447;129449;129450;129451;129453;129452;129454;130805;130806;130807;130808;130809;130810;130811;130812;130813;130814;130815;130816;130817;130818;130819;130820;130821;130822;130823;130825;130824;130826;130828;130827;130829;130831;130832;130830;130833;130834;130835;130836;130837;130838;130839;130841;130840;130842;130843;130844;130845;130846;130847;130848;130849;130851;130850;130852;130853;130855;130854;130856;130857;130858;130859;130860;130861;130862;130863;130864;130865;130866;130867;130868;130869;130870;130871;130872;130874;130873;130876;130875;130877;130879;130878;130880;130882;130881;130637;130883;130639;130638;130640;130641;130642;130643;130644;130645;130646;130647;130649;130648;130650;130651;130652;130653;130655;130654;130657;130656;130658;130659;130660;130661;130662;130663;130664;130665;130666;130667;130668;130669;130670;130671;130672;130673;130674;130675;130676;130677;130678;130679;130680;130681;130682;130684;130683;130685;130686;130687;130688;130690;130689;130691;130693;130692;130694;130695;130696;130697;130698;130699;130700;130701;130703;130702;130705;130704;130706;130707;130708;130709;130710;130711;130712;130713;130714;130715;130716;130717;130718;130719;130720;130721;130722;130723;130724;130725;130726;130727;130728;130729;130730;130732;130731;130733;130734;130735;131341;131342;131343;131344;131345;131346;131347;131348;131349;131350;131351;131352;131353;131354;131355;131356;131357;131358;131359;131360;131361;130736;131363;131362;131365;131364;131366;131368;131367;131369;131370;131371;131372;131472;131473;131474;131475;131476;131477;131478;131479;131480;131481;131482;131483;131485;131484;131486;131487;131488;131489;131490;131491;131492;131493;131495;131494;131497;131496;131499;131498;131500;131501;131502;131504;131503;131505;131506;131507;131508;131509;131510;131511;131513;131512;131515;131514;131517;131516;131845;131846;131847;131848;131850;131849;131851;131852;131854;131853;131855;131856;131857;131858;131859;131860;131861;131863;131862;131865;131864;131866;131867;131868;131869;131870;131871;131872;131874;131873;131876;131875;131877;131878;131879;131880;131881;131882;131883;131884;131886;131885;131887;131889;131888;131890;131891;131893;131892;131895;131894;131896;131897;131898;131899;131900;131901;131902;131903;131904;131905;131906;131908;131907;131909;131910;131911;131912;131913;131577;131576;131578;131579;131581;131580;131582;131583;131584;131586;131585;131587;131588;131589;131590;131591;131592;131593;131594;131595;131596;131597;131598;131599;131600;131601;131602;131603;131604;131605;131606;131607;131608;131609;131610;131611;131612;131613;131614;131615;131914;131616;131617;131618;131619;131621;131620;131622;131623;131624;131625;131626;131627;131628;131629;131630;131631;131632;131633;131634;131635;131637;131636;131638;131640;131639;131642;131641;131643;131644;131645;131646;131647;131649;131648;131650;131651;131652;131653;131654;131655;131656;131657;131658;131659;131660;131661;131662;131663;131664;131666;131665;131667;131669;131668;131671;131670;131673;131672;131674;131797;131796;131798;131799;131800;131801;131802;131803;131804;131806;131805;131807;131808;131809;131810;131811;131812;131813;131814;131815;131816;131817;131818;131819;131820;131821;131822;131824;131823;131825;131827;131826;132271;132272;132273;132274;132276;132275;132277;132278;132279;132280;132281;132282;132283;132284;132285;132286;132287;132288;132289;132291;132290;132292;132293;132294;132295;132296;132297;132298;132299;132300;132301;132302;132121;132122;132123;132124;132125;132126;132127;132128;132130;132129;132132;132131;132133;132134;132135;132136;132137;132138;132139;132140;132142;132141;132143;132144;132145;132146;132147;132148;132149;132150;132151;132152;132153;132154;132155;132157;132156;132158;132159;132160;132161;132162;132163;132164;132165;132166;132167;132168;132169;132170;132171;132172;132173;132174;132175;132176;132177;132178;132179;132180;132181;132182;132183;132185;132184;132186;132187;132188;132189;132190;132191;132192;132193;132195;132194;132196;132197;132198;132199;132200;132201;132202;132203;132205;132204;132206;132207;132209;132208;132210;132211;132212;132213;132214;132215;132216;132217;132218;132219;132220;132353;132354;132355;132356;132357;132358;132359;132360;132361;132363;132362;132364;132365;132366;132367;132368;132369;132370;132371;132372;132373;132374;132375;132376;132377;132378;132379;132594;132595;132596;132597;132598;132599;132600;132602;132601;132604;132603;132606;132607;132605;132608;132610;132609;132611;132612;132613;132614;132615;132616;132617;132618;132619;132620;132621;132622;132623;132624;132625;132626;132627;132628;132629;132631;132632;132794;132630;132795;132797;132796;132798;132799;132800;132801;132803;132802;132804;132805;132806;132807;132809;132810;132808;132811;132812;132813;132814;132816;132815;132818;132817;132819;132820;132821;132822;132823;132824;132825;132826;132827;132828;132829;132830;132831;132832;132833;132834;132835;132836;132837;132838;132839;132840;132841;132842;132843;132844;132845;132846;133744;133895;133896;133897;133898;133899;133900;133901;133902;133903;133904;133905;133906;133907;133908;133909;133910;133911;133912;133914;133913;133915;133916;133917;133918;133919;133920;133921;133922;133923;133924;133925;133926;133928;133927;133930;133929;133931;133932;133933;133934;133935;133936;133937;133938;133939;133940;133974;133975;133976;133977;133978;133979;133980;133981;133982;133983;133984;133985;133987;133986;133988;133989;133990;133991;133993;133992;133995;133994;133996;133997;133998;133999;134000;134001;134002;134003;134004;134005;134006;134007;134008;134010;134009;134011;134012;134013;134014;134016;134015;134018;134017;134019;134476;134387;134477;134478;134480;134479;134481;134482;134483;134484;134485;134487;134486;134488;134489;134490;134491;134492;134493;134495;134494;134496;134497;134498;134499;134500;134501;134502;134503;134504;134505;134506;134507;134508;134509;134510;134511;134512;134513;134514;134515;134516;134517;134518;134519;134520;134521;134522;134523;134525;134526;134524;134527;134528;134529;134530;134532;134533;134531;134534;134535;134536;134537;134538;134539;134540;134541;134542;134543;134544;134545;134546;134547;134548;134549;134551;134550;134552;134553;134554;134555;134734;134733;134736;134735;134737;134738;134739;134740;134741;134742;134743;134744;134745;134746;134747;134748;134749;134777;134778;134779;134781;134780;134783;134782;134785;134784;134786;134787;134788;134789;134790;134791;134792;134793;134845;134795;134796;134794;134797;134798;134799;134800;134801;134802;134803;134804;134805;134806;134807;134808;134809;134810;134811;134812;134813;134814;134815;134816;134817;134819;134818;134820;135117;135118;135119;135120;135121;135122;135123;135124;135125;135126;135128;135127;135130;135129;135132;135131;135133;135134;135135;135136;135138;135137;135140;135139;135141;135143;135142;135145;135144;135146;135147;135149;135148;135151;135150;135152;135153;135154;135155;135157;135156;135158;135501;135502;135503;135504;135505;135506;135507;135508;135509;135510;135511;135512;135514;135513;135515;135516;135518;135517;135520;135521;135519;135522;135523;135524;135526;135527;135525;135528;135530;135529;135531;135532;135533;135534;135535;135536;135537;135538;135539;135540;135542;135541;135544;135543;135545;135546;135547;135548;135549;135550;135551;135552;135553;135554;135555;135556;135557;135558;135560;135559;135561;135562;135563;135564;135565;135566;135568;135569;135570;135567;135571;135605;135606;135607;135608;135609;135610;135611;135612;135613;135615;135614;135616;135617;135618;135619;135620;135621;135622;135623;135624;135625;135626;135627;135629;135630;135628;135631;135632;135633;135634;135635;135636;135637;135638;135639;135640;135641;135642;135643;135644;135645;135646;135647;135648;135649;135650;135651;135652;135653;135654;135655;135656;135657;135658;135659;135660;135661;135662;135734;135735;135736;135737;135738;135739;135740;135741;135742;135744;135743;135745;135746;136217;136218;136219;136221;136220;136222;136223;136224;136226;136225;136227;136228;136229;136231;136230;136232;136233;136234;136235;136236;136237;136238;136240;136239;136241;136243;136242;136244;136245;136246;136247;136248;136249;136250;136251;136253;136252;136254;136255;136256;136257;136258;136259;136260;136261;136262;136263;136264;136266;136265;136268;136267;136269;136270;136271;136272;136273;136274;136275;136277;136276;136278;136854;136855;136856;136857;136858;136860;136859;136861;136862;136863;136864;136865;136867;136866;136868;136869;136871;136870;137012;137014;137013;137015;137016;137017;137018;137020;137019;137021;137022;137023;137025;137024;137026;137028;137027;137030;137029;137031;137032;137033;137034;137035;137036;137461;137462;137463;137464;137465;137466;137467;137468;137469;137470;137471;137472;137473;137474;137475;137476;137477;137478;137479;137480;137481;137482;137483;137484;137485;137486;137488;137489;137490;137491;137487;137492;137493;137494;137495;137497;137496;137498;137499;137500;137501;137502;137503;137505;137504;137506;137507;137508;137510;137509;137511;137512;137513;137514;137515;137517;137518;137516;137519;137520;137521;137522;137523;137524;137525;137526;137527;137528;137794;137795;137796;137797;137798;137799;137800;137801;137802;137803;137804;137805;137806;137807;137808;137809;137810;137811;137812;137813;137814;137815;137816;137817;137818;137931;137933;137932;137934;137935;137936;137937;137938;137939;137940;137941;137942;137943;137944;137945;137946;137947;137948;137950;137949;137952;137951;137953;137954;137955;137957;137956;137959;137958;137961;137960;137963;137962;137964;137965;137967;137966;137968;137969;137970;137971;137972;137973;137974;137975;137976;137977;137978;137979;137980;137981;137982;137983;137984;137985;137986;137987;137988;137989;137990;137991;137992;137993;137994;137995;137996;137997;137998;137999;138000;138001;138002;138003;138004;138005;138006;138007;138008;138009;138010;138011;138012;139124;139125;139126;139127;139128;139129;139130;139131;139132;139134;139133;139135;139136;139137;139138;139140;139139;139141;139142;139143;139144;139145;139146;139148;139147;139149;139150;139152;139151;139154;139153;139155;139156;139157;139158;139159;139160;139161;139741;139742;139743;139938;139939;139940;139941;139942;139943;139944;139945;139946;139947;139948;139949;139951;139950;139953;139952;139955;139954;139957;139956;139958;139959;139960;139961;139963;139962;139964;139965;139966;139967;139968;139969;139970;139971;139973;139972;139975;139974;139977;139976;139978;139979;139980;139981;139982;139984;139983;139985;139986;139987;139988;139989;139990;139991;139992;139993;139994;139996;139995;139997;139999;139998;140000;140001;140002;140003;140004;140005;140006;140007;140009;140008;140010;140011;140012;140013;140014;140015;140016;140017;140136;140137;140138;140139;140140;140142;140141;140143;140144;140145;140146;140147;140148;140149;140150;140151;140152;140153;140154;140155;140156;140157;140158;140159;140160;140161;140162;140163;140164;140165;140166;140167;140317;140318;140319;140320;140321;140322;140323;140324;140325;140326;140327;140329;140328;140330;140331;140332;140333;140334;140335;140336;140337;140338;140339;140340;140341;140342;140343;140344;140345;140346;140347;140348;140349;140350;140351;140352;140353;140354;140355;140356;140357;140359;140358;140360;140939;140940;140941;140942;140943;140944;140945;140946;140947;140948;140949;140950;140951;140952;140953;140954;140956;140955;140958;140957;140960;140959;140961;140963;140964;140962;140965;140966;140967;140968;140969;140970;140971;140973;140972;140974;140975;140976;140977;140978;140979;140980;140981;140982;140983;140984;140985;140987;140986;140988;140989;140990;140991;140992;140993;140994;140995;140996;140997;140998;140818;140819;140820;140821;140822;140823;140824;140825;140826;140827;140828;140829;140830;140831;140832;140833;140835;140834;140836;140837;140838;140840;140839;140842;140841;140843;140844;140846;140845;140847;140848;140849;140850;140851;140852;140853;140854;140855;140856;140858;140857;140859;140860;140862;140861;140864;140863;140865;140866;140867;140868;140869;140870;140871;140872;140873;140874;140875;140876;140877;140878;140879;140880;140881;140882;140883;140884;140885;140886;140887;140889;140888;140890;140891;140892;140893;140894;140895;140896;140897;140898;140899;140900;140901;140902;140903;140904;140905;140906;140907;140908;140910;140909;140911;140912;140914;140913;140915;140916;140999;140917;141000;141001;141002;141003;141004;141005;141006;141007;141008;141316;141324;141319;141315;141337;141332;141320;141326;141323;141333;141321;141338;141336;141328;141330;141329;141327;141325;141335;141339;141334;141380;141331;141750;141377;141715;141768;141675;141647;141646;141752;141718;141737;141671;141670;141722;141765;141705;141682;141665;141726;141758;141724;141700;141721;141655;141674;141706;141658;141766;141660;141676;141659;141645;141668;141769;141712;141731;141742;141749;141672;141745;141697;141739;141678;141763;141693;141733;141666;141730;141692;141684;141714;141717;141751;141740;141764;142083;141878;142074;142098;142096;142113;142092;142106;142062;142122;142100;142075;142073;142124;142118;142125;142064;142084;142117;142066;142109;142070;142132;142127;142067;142072;142087;142121;142102;142111;142085;142093;142101;142130;142129;142069;142134;142123;142089;142063;142103;142061;142082;142076;142128;142120;142088;142133;142091;142119;142116;142090;142081;142079;142068;142086;142094;142126;142071;142065;142080;142077;142131;142099;142112;142110;142180;142184;142166;142179;142168;142175;142203;142148;142200;142177;142173;142164;142167;142161;142147;142201;142187;142154;142157;142152;142170;142172;142204;142265;142298;142244;142255;142271;142288;142267;142340;142282;142266;142287;142290;142237;142277;142294;142346;142342;142269;142263;142289;142286;142256;142319;142231;142261;142281;142240;142315;142337;142348;142310;142349;142314;142262;142358;142357;142234;142235;142361;142280;142304;143229;142227;142257;142305;142242;142339;142303;142259;142238;142251;142347;142328;142313;142343;142312;142278;142268;142352;142232;142300;142354;142308;142307;142317;142327;142284;142326;142322;142345;142254;142353;142306;142333;142299;142309;142292;142335;142350;142330;142293;142329;142316;142320;142331;142332;142296;142285;142276;142279;142252;142273;142360;142295;142270;142274;142249;142297;142302;142321;142253;142233;142260;142301;142236;142245;142344;142336;142355;142243;142341;142334;142258;142323;142230;142246;142576;142543;142505;142557;142562;142585;142578;142566;142567;142561;142554;142538;142512;142536;142508;142534;142579;142565;142558;142544;142507;142511;142516;142514;142525;142559;142545;142584;142531;142547;142528;142582;142568;142530;142553;143254;143259;143257;143415;143393;143394;143413;143408;143407;143409;143400;143403;143396;143416;143391;143404;143412;143395;143387;143385;143411;143418;143390;143399;143417;143406;143414;143389;143402;144178;144131;144118;144192;144181;144128;144162;144168;144164;144159;144119;144194;144186;144145;144155;144154;144169;144180;144130;144160;144142;144139;144170;144195;144161;144156;144176;144150;144138;144149;144151;144153;144229;144220;144255;144239;144267;144238;144258;144224;144230;144268;144221;144244;144252;144270;144253;144269;144245;144219;144271;144263;144233;144240;144251;144228;144261;144226;144235;144236;144231;144242;144222;144249;144256;144265;144653;144272;144670;144668;144698;144685;144686;144664;144655;144687;144697;144682;144661;144663;144665;144675;144676;144674;144662;144660;144677;144678;144667;144656;144695;144699;144690;144680;144693;144688;144684;144683;144689;144700;144703;144702;144671;144659;144692;144715;144731;144722;144734;144718;144727;144728;144726;144716;144741;144719;144742;144724;144720;144739;144721;144831;144829;145099;145137;145188;145116;145210;145207;145184;145103;145202;145168;145145;145162;145209;145160;145182;145211;145159;145098;145216;145111;145201;145147;145163;145161;145100;145212;145129;145213;145127;145158;145166;145180;145206;145113;145125;145183;145173;145106;145151;145174;145102;145134;145157;145176;145128;145155;145146;145130;145153;145135;145117;145186;145104;145139;145148;145171;145144;145170;145185;145133;145169;145177;145101;145110;145189;145109;145121;145140;145215;145143;145136;145203;145105;145214;145118;145709;145782;145773;145777;145754;145737;145730;145770;145761;145715;145733;145749;145712;145753;145752;145721;145726;145741;145764;145719;145732;145756;145774;145744;145757;145731;145734;145779;145743;145718;145742;145766;145778;145738;145750;145771;145713;145785;145783;145748;145745;145717;145727;145740;145755;145723;146151;146182;146121;146179;146160;146138;146147;146152;146110;146158;146178;146157;146128;146159;146154;146190;146167;146193;146140;146108;146149;146175;146181;146153;146120;146161;146172;146112;146177;146131;146124;146168;146123;146180;146114;146186;146117;146176;146118;146183;146115;146113;146107;146126;146116;146188;146164;146127;146136;146139;146109;146189;146134;146142;146132;146165;146143;146150;146169;146148;146173;146185;146171;146246;146236;146252;146218;146239;146217;146230;146235;146229;146263;146226;146255;146225;146227;146222;146240;146219;146253;146245;146237;146254;146224;146231;146261;146250;146228;146249;146262;146256;146232;146258;146259;146238;146251;146243;146220;146257;146732;146221;146678;146710;146767;146764;146680;146647;146742;146734;146697;146702;146753;146741;146644;146738;146713;146754;146765;146655;146659;146686;146687;146705;146646;146650;146671;146668;146744;146704;146739;146641;146701;146651;146707;146696;146752;146708;146660;146675;146681;146709;146731;146743;146664;146663;146684;146672;146727;146728;146645;146703;146740;146733;146747;146690;146642;146698;146652;146692;146682;146711;146656;146694;146760;146761;146706;146679;146719;146722;146661;146714;146674;146712;146723;146762;146693;146730;146748;146717;146720;146670;146657;146758;146721;146695;146759;146716;146648;146756;146755;146766;146658;146654;146724;146683;146735;147480;147546;147587;147542;147530;147505;147455;147492;147608;147477;147588;147536;147456;147582;147471;147583;147430;147552;147513;147539;147614;147499;147613;147600;147596;147487;147453;147526;147540;147431;147457;147423;147574;147472;147531;147462;147607;147533;147549;147479;147577;147573;147580;147557;147527;147468;147478;147458;147547;147422;147520;147516;147427;147503;147541;147448;147535;147442;147428;147534;147521;147465;147569;147566;147449;147466;147590;147585;147599;147538;147598;147446;147603;147474;147493;147491;147611;147444;147559;147490;147562;147467;147460;147451;147616;147438;147595;147525;147551;147605;147561;147507;147459;147619;147517;147489;147443;147432;147461;147495;147424;147592;147433;147425;147555;147584;147518;147475;147601;147441;147510;147609;147528;147114;147118;147081;147129;147035;147124;147045;147117;147100;147042;147029;147126;147088;147074;147046;147125;147102;147049;147080;147054;147064;147132;147131;147105;147092;147028;147041;147057;147040;147119;147107;147061;147079;147122;147055;147066;147130;147104;147128;147110;147103;147089;147043;147084;147069;147032;147038;147047;147065;147095;147083;147094;147077;147090;147109;147031;147111;147052;147112;147093;147063;147123;147133;147044;147071;147059;147097;147073;147053;147037;147056;147120;147113;147039;147085;147075;147051;147033;147072;147062;147096;147058;147078;147070;147115;147127;147048;147025;147076;147121;147099;147036;147067;147082;147101;147106;147034;147091;147108;147086;147581;147560;147473;147578;147615;147504;147604;147470;147543;147508;147488;147594;147602;147445;147553;147589;147512;147486;147610;147572;147434;147567;147593;147439;147501;147440;147550;147483;147514;147522;147537;147426;147496;147556;147485;147494;147482;147565;147506;147617;147497;147509;147481;147523;147476;147670;147672;147668;147666;147686;147664;147683;147679;147690;147681;147673;147702;147703;147674;147669;147696;147693;147676;147677;147694;147701;147699;147689;147665;147692;147675;147698;147671;147667;147691;147687;147684;147678;147700;147682;147695;148067;148077;148043;148050;148046;148055;148082;148057;148062;148059;148084;148060;148047;148073;148075;148041;148065;148079;148083;148049;148044;148056;148076;148052;148058;148074;148069;148086;148078;148063;148042;148061;148071;148054;148068;148064;148048;148081;148070;148040;148576;148589;148582;148630;148634;148618;148580;148628;148620;148597;148631;148638;148596;148626;148605;148611;148625;148619;148612;148585;148598;148608;148601;148607;148613;148602;148583;148595;148633;148575;148635;148629;148577;148627;148586;148624;148637;148603;148579;148622;148587;148609;148604;148621;148584;148617;148591;148592;148581;148616;148578;148593;148640;148590;148632;149116;149096;149165;149161;149102;149107;149097;149175;149197;149176;149190;149130;149153;149154;149147;149095;149144;149182;149124;149137;149177;149155;149178;149171;149187;149140;149148;149166;149186;149104;149115;149173;149110;149141;149157;149156;149114;149134;149111;149183;149158;149149;149131;149200;149098;149109;149118;149117;149170;149125;149184;149194;149202;149132;149198;149129;149169;149099;149143;149100;149201;149136;149168;149167;149160;149163;149159;149139;149120;149128;149188;149122;149123;149108;149105;149119;149146;149204;149196;149112;149101;149106;149162;149142;149126;149121;149127;149133;149181;149189;149145;149164;149150;149193;149199;149192;149172;149151;149138;149191;149565;149588;149583;149615;149625;149563;149622;149582;149559;149552;149601;149576;149597;149543;149531;149607;149551;149556;149532;149595;149623;149544;149561;149638;149591;149626;149632;149538;149618;149575;149585;149624;149540;149619;149631;149593;149599;149586;149617;149604;149587;149610;149606;149574;149581;149620;149608;149547;149578;149621;149630;149592;149546;150167;150192;150170;150216;150166;150227;150181;150174;150208;150210;150189;150214;150197;150225;150224;150221;150198;150175;150184;150211;150217;150231;150229;150178;150187;150226;150179;150186;150204;150219;150176;150169;150213;150177;150202;150209;150195;150185;150188;150207;150205;150199;150247;150250;150263;150278;150277;150265;150254;150271;150264;150252;150268;150253;150258;150249;151039;151031;151045;151052;151043;151040;151048;151032;151042;151026;151033;151041;151034;151029;151046;151036;151047;151038;151035;151161;151171;151174;151169;151180;151172;151157;151182;151185;151167;151175;151166;151173;151178;151177;151176;151179;151162;151156;151184;151183;151160;151186;151170;151168;151163;151159;151164;151181;151165;151158;151232;151257;151256;151221;151249;151228;151250;151258;151242;151245;151223;151237;151244;151233;151235;151227;151229;151236;151222;151263;151259;151231;151220;151248;151262;151246;151230;151238;151225;151260;151247;151234;151251;151241;151252;151255;151243;151240;151239;151253;151254;151261;151226;151224;151297;151344;151324;151294;151336;151314;151325;151307;151348;151330;151299;151326;151331;151349;151332;151323;151337;151327;151320;151295;151342;151316;151312;151311;151313;151317;151296;151319;151340;151334;151329;151321;151350;151341;151303;151338;151322;151335;151302;151310;151345;151328;151300;151304;151347;151339;151305;151315;151301;151298;151308;151343;151318;151306;151351;151309;151333;151415;151388;151902;151392;151896;151420;151421;151399;151895;151408;151398;151381;151402;151382;151400;151419;151397;151409;151894;151389;151414;151416;151404;151898;151417;151379;151391;151384;151385;151405;151394;151395;151418;151380;151411;151387;151412;151376;151401;151393;151390;151383;151406;151386;151413;151378;151396;151403;151568;151556;151544;151537;151560;151563;151538;151536;151565;151562;151548;151534;151549;151547;151558;151535;151552;151533;151564;151541;151543;151570;151545;151561;151551;151555;151550;151540;151569;151553;151559;151566;151542;151539;151546;151567;151554;151768;151557;151782;151788;151769;151773;151776;151766;151785;151774;151779;151767;151783;151787;151781;151772;151777;151784;151786;151789;151780;151770;151771;151775;152336;152309;152343;152279;152334;152321;152295;152303;152274;152324;152302;152308;152319;152331;152294;152289;152340;152314;152275;152328;152338;152330;152304;152316;152284;152345;152293;152276;152299;152296;152337;152310;152342;152290;152326;152277;152339;152317;152313;152292;152286;152305;152287;152311;152285;152315;152280;152333;152281;152323;152307;152298;152306;152301;152344;152278;152282;152329;152325;152320;152341;152312;152300;152332;152318;152327;152322;152291;152283;152297;152335;152408;152400;152409;152396;152403;152399;152404;152397;152407;152402;152405;152406;152401;153064;153067;153052;153084;153058;153070;153049;153048;153079;153085;153076;153053;153063;153071;153054;153057;153075;153080;153078;153081;153086;153068;153059;153065;153082;153066;153055;153077;153050;153051;153056;153060;153357;153069;153262;153289;153333;153346;153318;153339;153313;153328;153314;153276;153298;153287;153295;153270;153338;153280;153311;153264;153323;153342;153319;153290;153281;153312;153275;153305;153348;153301;153355;153279;153292;153316;153302;153273;153268;153272;153359;153299;153320;153354;153271;153260;153300;153340;153315;153358;153329;153324;153308;153332;153331;153297;153347;153349;153343;153327;153309;153353;153307;153261;153321;153330;153293;153288;153326;153266;153360;153306;153344;153282;153325;153263;153274;153304;153283;153317;153294;153322;153334;153337;153286;153296;153352;153267;153335;153350;153345;153284;153356;153336;153310;153278;153341;153277;153303;153269;153291;153259;153351;153265;153606;153634;153628;153648;153633;153651;153629;153653;153657;153642;153607;153664;153610;153650;153640;153639;153638;153660;153644;153609;153602;153603;153662;153608;153641;153637;153604;153663;153646;153654;153655;153649;153645;153661;153656;153647;153659;153714;153717;155469;153739;153747;153715;153730;153697;153673;153755;153692;153758;153732;153746;153681;153708;153719;153675;153693;153688;153720;153726;153700;153718;153735;153761;153716;153671;153680;153760;153677;153713;153698;153674;153740;153734;153721;153682;153703;153749;153672;153728;153686;153737;153759;153754;153704;153722;153695;153687;153738;153710;153701;153712;153733;153702;153711;153736;153683;153684;153678;153679;153731;153706;153748;153707;153696;153676;153699;153729;153727;153724;153685;153705;153670;153723;154000;154001;154371;154393;154398;154403;154363;154365;154399;154407;154372;154364;154397;154361;154362;154359;154375;154411;154388;154404;154385;154373;154392;154389;154387;154358;154396;154390;154400;154401;154391;154367;154386;154406;154409;154394;154382;154380;154402;154379;154360;154366;154378;154395;154377;154369;154383;154376;154374;154370;153658;154408;154384;154357;154368;154788;154795;154799;154810;154794;154811;154786;154787;154807;154789;154792;154793;154805;154813;154796;154812;154790;154803;154801;154785;154809;154802;154791;154797;154804;154798;154806;154800;155281;155267;155269;155285;155280;155286;155288;155139;155141;155272;155140;155273;155283;155142;155279;155240;155284;155287;155266;155290;155242;155275;155235;155270;155282;155265;155248;155138;155131;155260;155251;155277;155117;155239;155291;155271;155237;155129;155261;155262;155268;155238;155228;155241;155229;155246;155120;155230;155244;155247;155278;155257;155255;155118;155236;155259;155263;155264;155276;155254;155256;155250;155119;155121;155233;155128;155249;155289;155252;155227;155258;155253;155130;155274;155243;155226;155234;155504;155521;155480;155231;155500;155478;155488;155535;155508;155490;155514;155516;155481;155510;155532;155477;155512;155534;155476;155460;155506;155494;155518;155489;155530;155484;155475;155509;155529;155503;155531;155472;155513;155479;155519;155526;155485;155473;155515;155507;155524;155491;155533;155492;155527;155498;155474;155537;155495;155487;155520;155502;155517;155497;155522;155536;155505;155528;155496;155501;155493;155471;155511;155523;155482;155486;155499;155525;155483;156306;156294;156298;156312;156296;156305;156311;156302;156301;156304;156303;156308;156295;156313;156307;156299;156310;156293;156309;156300;156297;156347;156373;156344;156350;156372;156351;156365;156362;156357;156358;156354;156367;156359;156383;156374;156355;156343;156371;156369;156360;156352;156346;156379;156378;156381;156382;156349;156364;156376;156348;156363;156356;156353;156368;156377;156366;156345;156536;156489;156518;156534;156508;156490;156535;156533;156529;156510;156516;156519;156487;156509;156530;156506;156507;156491;156527;156513;156520;156495;156504;156492;156522;156541;156498;156540;156532;156511;156494;156524;156521;156537;156526;156488;156531;156502;156496;156493;156517;156497;156539;156500;156514;156525;156538;156523;156515;156505;156528;156501;156552;156503;156512;156499;156542;156414;156413;156404;156407;156400;156408;156409;156415;156412;156401;156416;156410;156406;156411;156402;156405;156423;156424;156430;156428;156429;156425;156431;156432;156438;156427;157209;157192;157169;157206;157193;157212;157186;157217;157179;157178;157203;157208;157171;157170;157194;157187;157219;157197;157216;157195;157211;157173;157196;157204;157184;157175;157177;157191;157218;157220;157207;157213;157222;157172;157200;157174;157210;157201;157215;157185;157925;157926;157927;157922;157928;157924;157923;157916;157912;157913;157915;157917;157918;157914;157941;157955;157991;157983;157947;157950;157979;157964;158023;157984;157980;157951;157978;158011;157958;158025;158016;157954;158005;157969;157972;157981;158018;158007;157990;157949;157940;158020;158002;158019;158009;157937;157944;158012;157987;158017;157946;158000;157965;158003;157971;157976;157966;158024;157988;157998;158006;157985;157942;157970;158027;157959;157992;157977;158028;158001;158013;157956;157962;157999;157933;158010;157993;157973;157986;157945;158021;157994;157997;157974;158014;157934;157996;157930;157982;157995;158008;157952;157967;158029;157989;157960;157963;157943;158022;157957;157975;157968;157936;157931;158015;157961;158030;157953;158004;157948;158040;158313;158310;158300;158282;158306;158302;158274;158317;158289;158299;158276;158311;158294;158318;158284;158288;158293;158312;158320;158297;158292;158309;158295;158280;158298;158279;158301;158303;158285;158277;158286;158290;158278;158291;158283;158304;158281;158275;158315;158287;158308;158296;158419;158314;158405;158399;158421;158413;158374;158426;158432;158396;158422;158365;158424;158397;158423;158369;158394;158407;158412;158373;158428;158379;158382;158391;158388;158434;158372;158371;158409;158408;158406;158414;158363;158410;158385;158431;158384;158393;158398;158376;158427;158362;158386;158420;158416;158370;158411;158380;158381;158400;158425;158377;158404;158418;158401;158417;158387;158367;158378;158375;158364;158366;158493;158482;158476;158477;158491;158484;158469;158465;158483;158472;158481;158480;158486;158485;158462;158470;158478;158466;158487;158468;158490;158461;158479;158532;158533;158526;158553;158552;158529;158538;158524;158534;158548;158550;158523;158551;158531;158536;158530;158525;158544;158547;158540;158539;158542;158541;158543;158537;158535;158522;158545;158549;158527;158546;158528;159104;159082;159094;159081;159080;159084;159085;159101;159095;159102;159086;159093;159096;159087;159083;159091;159103;159089;159099;159100;159088;10003;10002;11275;10004;11319;11509;10585;11880;11854;11855;11881;15405;11166;10957;10522;11155;11558;11417;10988;10005;15553;10716;10006;10794;10442;11101;11085;11221;111845;121646;111846;121647;121648;121649;121650;121651;121652;121653;121654;111847;121655;121656;121657;111848;121658;121659;111849;121660;121661;121662;111850;121663;121665;121664;111851;121666;111852;121667;121668;121669;111853;121670;111854;121671;111855;121672;121673;111856;121674;111857;111858;121675;111859;121676;121677;121678;111860;121679;121680;111861;111862;121681;121682;121683;121684;121685;111863;121686;111864;121687;121688;121689;121690;111865;121691;121692;121693;121694;111866;121695;121696;111867;121697;111868;121698;111869;121699;111870;121700;121701;121702;121703;121704;111871;121705;111872;121706;121707;121708;121709;121710;111873;121711;121713;121712;111874;121714;121715;121716;121717;111875;121718;121719;121720;111876;111877;121721;121722;111878;121724;121723;121725;111879;121726;121727;111880;121728;111881;121729;111882;121730;111883;121731;121732;111884;121733;111885;121734;111886;121735;121736;111887;111888;121737;121738;121739;121740;111889;121741;121742;121743;121744;121745;121746;121747;111890;121749;121748;121750;121751;111891;121752;121753;111892;111893;121754;121756;121755;121757;121758;121759;111894;121760;121761;121762;121763;121764;111895;121765;111896;121766;111897;111898;121767;111899;121768;121769;121770;111900;121771;121772;121773;121774;121775;111902;111901;121776;121777;121778;111903;121779;121780;121782;121781;111904;121783;121785;121784;121787;121786;121788;111905;121789;121790;111906;121791;121792;121793;111907;121794;121795;111908;121796;111909;121797;111910;121798;121799;121800;111911;121801;111912;111913;121802;111914;121803;111915;121804;111916;121805;121806;111917;111918;121807;111919;121808;121809;111920;121810;121811;111921;121812;111922;121813;111923;121814;111924;121815;111925;121816;111926;121817;111927;121818;121819;111928;111929;121820;111930;121822;121821;121823;121824;121825;121826;121827;121828;121829;121830;121831;111931;121832;121833;111932;121834;121835;111933;121836;121837;111934;121838;111935;121839;111936;121840;111937;121841;111270;111271;121842;111272;121843;111273;121844;111274;121845;121846;111275;121848;121847;111276;121849;121850;111277;121851;111938;121852;111939;121853;111940;121854;111941;121855;111942;121856;111943;121857;111944;121858;121859;111945;121860;111946;121861;121862;121863;121864;121865;121866;121867;111947;121868;111948;121869;111949;121870;121871;121872;121873;111950;121874;121875;121876;112034;121877;121878;112221;121879;121880;121881;121882;112223;121883;121884;117336;121885;117396;121886;121887;117633;121888;117637;121889;117881;121890;118208;121891;118494;121892;121893;121894;121895;121896;121897;119749;121899;121898;121900;111278;121901;121902;121903;121904;111279;121905;111280;121906;111281;121907;121908;111282;121909;111283;121910;121911;121912;111284;121913;111285;121914;111286;121915;121916;121917;121918;121919;111287;121920;121921;121922;111288;121923;111289;121924;111290;121925;111291;121926;111292;121927;121928;111293;121929;121930;111294;121931;111295;121932;121933;111296;111297;111298;121934;121935;121936;121937;121938;121939;111299;121940;111300;121941;121942;121943;111301;111302;121944;121945;111303;121946;111304;121947;121948;111305;121950;121949;121951;111306;121952;111307;121953;111308;121954;121955;111309;121956;121957;121958;111310;121959;111951;121961;121960;111952;121962;111953;111954;121963;111955;121964;121965;111956;121966;111957;111958;121967;121968;111959;121969;121970;111960;121971;121972;121973;111961;121974;111962;121975;111963;121976;121977;111964;121978;121979;112062;121980;121981;112035;121982;121983;112224;121984;121985;121986;121987;112220;121988;112222;121990;121989;117399;117397;121991;121992;121993;117634;121994;117638;121995;118209;119423;121996;121997;118308;121998;121999;122000;122001;122002;122003;122004;122005;122006;122007;122008;122009;119753;122010;119750;122011;122012;122013;122014;122015;122016;122017;122018;122019;122020;122021;122022;122898;122899;122900;122901;122902;122903;122904;122905;133296;133297;133298;133299;133300;122894;122920;122895;122921;122922;122923;122924;122925;122926;125161;125162;125156;125157;125158;125159;125160;125155;125084;125085;125086;125088;125089;124862;124863;124864;124865;124866;124868;124867;124869;124870;125083;125400;125402;125401;125403;126120;126121;126122;126124;126123;126194;126195;126196;126197;126198;126199;126200;126201;126202;126204;126203;126190;126205;126185;126186;126187;126188;126189;126176;126177;126178;126478;126470;126472;126471;126955;126954;128166;128167;128168;128169;128170;128171;128172;128173;128163;128164;128165;128758;128726;128727;128759;128709;128710;129294;129293;129783;129784;129785;129786;129787;129789;129788;130109;130108;129681;129682;129683;129685;129684;129686;129687;132521;132522;132523;132524;132525;132527;132526;132528;132519;132520;132695;132694;132696;132963;132964;132965;132966;132967;132968;132969;122023;122024;122025;122026;122027;122028;122030;122029;122031;122896;122897;122910;122911;122906;122907;122909;122908;122915;122914;122916;122917;122918;122912;122913;122919;124861;125087;126212;126213;126214;126215;125075;126216;125076;125077;125078;125079;125080;125081;125082;124680;124681;125393;125394;125395;125396;125398;125397;125399;126209;126210;126211;126179;126180;126181;126182;126106;126107;126108;126109;126110;126473;128174;128714;128175;128715;128717;128716;128718;128719;128720;128721;128722;128723;128711;128712;128713;128734;128735;128736;128737;128738;129295;129296;129689;129690;129691;129692;129693;129688;130114;130115;130116;130117;130118;130107;130203;130204;130205;130206;131125;132540;132541;132542;132544;132545;132546;132543;132537;132538;132531;132539;132532;132533;132534;132535;131763;132536;132677;132970;132972;132971;132973;132974;132975;132976;132977;132978;126377;126376;126378;126379;126380;126111;126112;126113;126114;126116;126115;126117;126206;126208;126207;126192;126191;126193;126183;126474;126184;128151;128152;128153;128154;128155;128156;128157;128158;128159;128160;128161;128162;128729;128739;128730;128731;129102;128732;128733;129103;128728;129678;129679;129680;129164;129163;129165;130124;130125;130126;130112;130111;130110;130113;130120;130119;130121;130122;130123;130101;130102;130103;130104;130105;130106;132589;132529;132530;131762;133227;133061;132979;133062;132980;132982;132981;132983;132984;132985;132986;133301;133302;133469;133470;133503;133501;133502;133683;133684;133685;133812;133811;134040;134041;134206;134207;134208;134424;134425;134426;134835;135494;135484;135483;135486;135485;135487;135488;135489;135490;135491;135492;135493;136030;136031;136032;136033;136034;136035;136037;136036;136104;136106;136105;136107;136108;136109;136405;136110;136406;136552;136553;136554;136555;136556;136557;136548;136549;136550;136551;136693;136695;136694;137057;137323;137317;137318;137319;137320;137321;137322;137316;137643;137637;137644;137638;137639;137640;137641;137642;137776;137875;137781;137877;137876;138441;137878;138442;138443;138519;138517;138516;138518;139046;139047;139048;139049;139050;139051;139079;139080;139081;139242;139509;139510;139696;139697;139702;139700;139864;140113;140413;140125;141638;141639;141640;140459;140495;140710;140711;140718;141096;141091;141441;141439;141476;141440;141478;141480;141860;141644;143063;141859;143065;143061;143062;143064;143066;143060;143363;143444;144062;144061;144082;144521;144520;144517;144518;144519;132987;132988;132989;132990;133262;133263;133264;133466;133500;133499;133686;133687;133688;133689;133803;133802;134085;134084;134086;134422;134423;134427;134875;135301;135306;135302;135307;135308;135309;135310;135303;135305;135304;135298;135299;135863;135865;135864;135866;135867;135868;135870;135869;135877;135906;135907;136092;136332;136331;136334;136333;136335;136336;136337;136328;136330;136329;136327;136326;136407;136408;136567;136409;136568;136569;136570;136571;136572;136697;136901;137328;137329;137197;137198;137191;137193;137192;137194;137195;137302;137196;137303;137712;137714;137713;137717;137716;137718;137719;137873;137874;138190;138191;138192;138184;138189;138179;138180;138513;138520;138515;138814;138815;139052;139053;139054;139056;139055;139057;139058;139075;139513;139243;139514;139611;139608;139609;139610;139728;139863;139865;139866;140114;140122;140116;140115;140661;140117;140662;140663;140664;140536;140709;140712;140704;140713;140714;140715;140716;141090;141444;141098;141442;141445;141443;141477;141475;141643;141642;141858;142652;142653;142985;142986;142989;142987;142988;142991;143245;143244;143362;143446;143487;143488;144072;144071;144217;133063;133064;133065;133066;133067;133068;133069;133060;133209;133467;133295;133468;133498;133504;133505;133506;133806;133807;133808;133809;133810;133804;133805;133957;133956;134209;134210;134211;134212;134873;134874;135402;135403;134872;135404;135406;135405;135300;135779;135781;135780;135782;135783;135784;135785;135786;135787;135789;135790;135792;135791;135793;135777;135778;135871;135872;135873;136093;136094;136095;136096;136097;136098;136099;136345;136100;136346;136573;136574;136576;136575;136577;136578;136579;136580;136581;136696;136698;136699;137199;137189;137190;137187;137188;137200;137201;137202;137721;137720;137722;137724;137723;137725;137783;137782;137784;137777;137778;137779;137780;138181;138182;138183;138188;138514;138521;138812;138813;138817;138816;139043;139044;139045;139076;139077;139512;139078;139612;139698;139699;139729;140118;140126;140112;140408;140409;140410;140411;140412;140457;140537;140580;140703;140702;140705;140706;140708;140707;140785;141094;141093;141481;141496;141495;141866;141867;141864;141865;142215;142658;142656;142655;142657;142654;142990;143379;143248;143247;143250;143251;143252;143358;143447;143448;144065;144067;144064;144069;144068;144077;144076;144514;144218;144516;144513;144901;144515;144896;145232;145231;145420;145233;145419;145699;145411;146482;146773;146772;146864;146863;146862;146878;146877;147008;147007;147004;147005;147006;147825;147822;147950;147952;147954;148128;148294;148282;148284;148283;148338;148814;148818;148809;148817;148823;148904;148905;149058;149290;149827;149919;149921;149920;149950;149949;150035;149951;150046;150047;150243;150241;150287;150439;150749;150922;150924;150284;150923;150944;151437;151436;151962;151197;151952;151953;151951;151950;152014;152053;152052;152051;152092;152381;152370;152386;152556;152368;152787;152785;152793;152883;152878;152884;153031;153498;153506;153503;153691;153689;153690;153958;153935;153938;153957;153929;153975;155329;155328;144895;155850;144893;144894;144891;144892;144898;145421;145418;145417;145459;145416;145695;145694;146483;146484;146487;146774;146771;146769;146770;146876;147002;147000;147001;147949;147948;147824;147823;147819;147818;147951;147955;148186;148290;148289;148288;148286;148287;148340;148339;148811;148824;148822;148821;148820;148902;149057;149294;149838;149284;149831;149832;149926;149925;150072;150070;150069;150071;150424;150442;150423;150438;150441;150288;150751;150925;150926;150931;150932;150930;153933;151196;151435;151961;150998;151966;152016;152015;152050;152084;152085;152090;152371;152369;152373;152558;152797;152789;152792;152880;152882;153038;152881;153042;153043;153493;153491;153742;153505;153744;153743;153757;153756;153962;153934;153963;153956;153928;153955;153980;153979;154025;155330;155331;155347;155851;144900;144899;144902;145230;145415;145414;145413;145412;145693;145696;146067;146440;146485;146486;146775;146776;146777;146778;146875;146873;146874;146998;146997;146999;146996;146995;147820;147821;147953;148190;148129;148191;148189;148192;148344;148292;148293;148291;148285;148341;148342;148812;148813;148901;148900;148907;148908;149052;149048;149285;149292;149293;149283;149291;149295;149289;149288;149823;149829;149828;149819;149833;149820;149821;149930;149945;149944;150039;150040;150041;150067;150240;150068;150239;150285;150435;150444;150445;150286;150917;150916;150915;150909;150908;150910;150911;150929;153184;153185;151438;151439;151016;151644;151957;151949;151956;151955;151958;151959;152054;152083;152385;152372;152380;152388;152379;152374;152502;152557;152560;152794;152788;152886;152885;153032;153033;153045;153041;153040;153497;153492;153501;153500;153499;153751;153753;153750;153990;153752;153939;153961;153960;153945;153946;153986;153988;155310;155309;155319;155321;153987;155320;155852;156583;156584;156587;156585;156586;156588;148023;148024;148025;148026;148030;148029;148027;148028;148353;148345;148356;148352;148347;148349;148354;148350;148357;148351;148355;148346;148348;148816;148815;148909;148910;149054;149053;149050;149051;149287;149286;149830;149437;149826;149836;149837;149825;149824;149952;149953;150036;150038;150037;150042;150043;150066;150237;150236;150235;150437;150443;150750;150933;150283;150934;150918;150921;150919;150920;150907;153937;153936;151014;151434;151015;151433;151645;151946;151947;151945;151963;151967;151960;151964;151965;152091;152082;152378;152377;152375;152376;152387;152500;152499;152501;152492;152559;152791;152786;152790;152796;152879;153036;153037;153039;153034;153044;153035;153504;153496;153495;153502;153494;153725;153745;153930;153927;153974;153973;153972;155313;153971;155327;155326;155322;155853;156589;156578;156582;156577;156580;156581;156579;156592;156591;128724;156590;128725;10921;18182;10920;11321;11378;11367;11171;10007;11345;54848;54849;54850;54851;54853;54852;54854;54855;54856;18714;18716;18713;37391;18715;18720;18723;18721;18741;18729;18719;18724;18717;18722;54862;18736;18733;18730;18727;18726;18739;18728;18740;18732;18731;18742;18743;18712;18734;18735;18725;18795;18786;18784;18755;18750;18772;18771;18789;18770;18785;18783;18765;18769;18758;18768;18792;18756;18747;18751;18762;18787;18761;18763;18790;18778;18779;18791;18773;18774;18777;18764;18781;37950;18794;18749;18754;18767;18753;18759;18748;18782;18752;18757;18744;18766;18746;18776;18745;18780;18760;18793;18788;18812;18775;18807;18804;18811;18798;18806;18810;18809;18800;18808;18796;18801;18802;18803;18799;18805;18797;19209;19208;19850;19851;19852;19853;19854;19855;19856;19858;19857;19860;19859;19862;19861;54863;19863;19865;19864;19866;19951;19867;19952;20017;20149;20150;54864;20151;20152;54865;20163;20912;20913;20914;20915;20916;20917;20918;20919;20920;21074;21075;21248;21121;21272;21314;21342;21343;21344;21345;21346;21583;21584;21639;21640;21699;21765;21766;21767;22050;22081;22098;22099;22100;22101;22102;24656;22152;22153;22170;22236;22237;54866;22348;22349;22420;22421;22468;22467;24657;23653;24658;54867;23654;24659;24661;24660;24662;23940;23939;24663;24664;24665;24667;24666;24668;24691;24787;24788;24789;24791;24790;24792;24915;24914;24916;24917;24918;25092;25093;25174;25094;25222;25253;25373;25771;25374;25772;25773;25774;25775;25776;25831;54868;25844;25843;25845;25846;25847;25848;25907;25957;26053;26054;26055;26113;26202;26972;27537;27609;28147;28148;28277;28149;28294;28295;28296;28362;28335;29188;29189;29254;31027;29704;31053;31099;31100;31101;31324;31323;31706;31707;31739;31708;31740;31801;31802;31803;31994;32056;32033;32083;32444;32445;32455;32446;33287;33288;33465;33398;54869;33466;33533;33534;33746;33565;33747;33748;33749;33750;33751;33752;33753;33754;33755;33824;33825;34061;34086;34295;34296;34300;34719;34782;34731;34784;34783;34785;34822;34852;34972;34971;35223;35035;35282;35274;35292;35376;54870;35377;54871;35577;35601;35636;35727;35728;35826;35825;35827;36009;36010;36037;36011;36038;36104;36105;36106;36145;36186;36573;36206;38166;38201;38655;38719;38720;38778;38915;39008;39421;39422;39472;39473;39522;39559;39560;39567;40408;39796;40459;54872;40473;40503;40511;40512;40513;40598;40622;40623;40669;40624;40877;40977;54873;42168;41972;42169;42293;42294;42341;42826;54874;43102;54875;43112;43638;43353;44120;44121;44122;50435;44946;44947;44994;45007;45024;54876;45400;54877;45425;45424;45426;45581;54878;45611;46345;46358;47047;54879;54880;47141;54881;54882;47562;47563;47786;54883;47787;54884;48920;48919;54885;48922;48921;48923;49177;54886;49178;49229;49230;49238;54887;49290;50308;54888;54889;50353;50388;54890;50427;54891;54892;50436;50661;50660;50832;50668;54893;51063;54894;54895;51126;51371;51372;51386;51940;51451;51941;51942;51943;51944;52165;52460;52599;54896;54897;52635;52636;52996;54899;54898;53298;53361;54900;53362;54901;54902;53476;54903;53515;54905;54904;53626;53898;53899;54649;54648;54906;55173;55423;55703;55704;55705;55706;55707;55736;55735;55834;55737;55980;56092;56093;56094;56142;56513;57893;57892;57894;57896;57895;59478;59508;59507;59509;59686;59510;59970;59971;60050;60051;60052;60087;60053;60141;60112;61553;61552;61748;61660;61749;61750;61751;61752;62079;62080;62102;62483;62469;62500;62501;62549;62719;62761;62762;63002;63003;63004;63167;63168;63169;63479;63170;63480;63481;63555;63647;64491;64535;64590;64622;64727;64728;64879;64970;65060;65176;65177;65552;65553;65583;65705;65660;65706;65724;65943;65944;65945;66158;65946;66449;66450;66483;66484;66638;66967;66850;67009;67115;67116;67234;68916;69196;69224;69225;69226;69242;69243;69244;69431;69433;69432;69519;69520;69521;69818;69935;69957;69958;70199;70437;70438;70439;70440;70441;70499;70500;70738;70951;70952;70953;70954;71232;71233;71234;71235;71467;71468;71469;71470;71471;71472;71473;71573;71929;71930;71931;71932;72188;72187;72265;72398;72399;72400;72488;72489;72589;72590;72591;72731;72781;72838;72943;72967;73028;73029;73247;73248;73249;73250;73251;73252;73253;73409;73637;73638;73788;73789;73951;74255;74329;74330;74331;74332;74370;74380;74497;76204;76205;76206;76207;76208;76712;76476;76713;76714;76974;76975;77091;77543;77544;77545;77583;77832;77833;77877;77915;77878;77917;77916;77972;78483;78588;78656;78657;78724;78829;78830;78831;78832;79254;79692;79866;79867;79868;79869;79870;79871;79872;80204;80205;80206;80443;80569;80570;80571;80572;80883;81075;81386;81387;81388;81523;81524;81653;82914;82915;82916;82918;82917;82919;82920;82921;82922;82923;82924;82925;82927;82926;83372;83371;83374;83373;83492;84126;84127;84588;84589;84590;84591;84646;84675;84829;84830;85276;85043;85412;85277;85413;85583;85694;85725;85746;85768;86106;86222;86224;86223;86662;86663;86664;86791;86792;86875;87055;87182;87183;87375;87376;87377;87378;87477;87478;87602;87603;87883;87929;88564;88565;88566;88567;88625;88626;88701;88723;88909;88910;88911;88912;88992;89084;89085;89086;89726;89758;89759;89789;89790;89836;89941;89942;90010;90028;90029;90203;90204;90319;90320;90321;90363;90547;90715;90548;90800;90801;90802;90836;91046;90863;91285;91312;91353;91354;91355;91357;91356;91462;91573;91718;91719;91830;91918;91976;92498;92499;92523;92607;92758;92759;92761;92760;93080;93081;93082;93198;93246;93384;93411;93412;93484;93535;93617;93618;93619;93663;93664;93687;93722;93819;93742;94439;94440;94441;94516;94438;94517;94972;95028;95442;95443;95723;95724;95725;95773;96090;96092;96091;96165;96166;96179;96180;96181;96407;96408;96409;96612;96703;96804;97101;97102;97103;97104;97580;97581;97755;97918;99034;97919;99138;99249;99267;99378;99441;99596;99597;99598;99635;99917;100223;100224;100389;100512;100703;100795;100794;100964;101051;101116;101115;101118;101117;101169;101170;101206;101316;101317;101358;101359;101532;101549;101550;101789;101790;101905;102038;101932;102365;102133;102366;102432;102433;102434;102435;102501;103089;103090;103091;103142;103143;103255;103256;103306;103307;103361;103308;103424;103423;103516;103537;103570;103599;103703;103704;103705;103943;103944;103945;104105;104146;104215;104216;104362;104363;104641;104642;104702;104788;104858;104859;104860;105113;105377;105416;105656;106051;106106;106204;106309;106352;106564;106565;106586;106632;106850;107006;107102;107103;107234;108302;107233;108303;108382;108412;108413;108594;108595;108690;108725;108762;108763;108890;109147;109362;109433;109432;109554;109583;109653;109685;109654;109870;109871;109948;109949;109950;110308;110391;110528;110432;110619;110693;110936;111004;111035;111036;111149;111185;111226;111413;111498;111499;111500;111660;111524;111737;111996;111995;112054;112180;117325;117326;117327;117328;117495;117653;117515;117654;118059;118168;118316;117896;118586;118746;118903;119280;119113;119447;119332;119448;119536;119640;119853;121144;121145;121327;121458;121567;121505;121632;122046;122176;122143;122219;122415;122469;122576;122577;122740;122940;123059;123124;123437;123649;123650;123810;123811;123812;124140;124354;125209;125323;125348;125917;126031;126032;126093;126092;126094;126367;126685;126614;127729;126882;127730;127882;127993;128274;128518;128749;128750;128751;128963;129375;129521;129868;130079;130158;130507;130751;131114;131178;131681;132333;132383;132384;132688;132741;132742;133250;132847;133437;133642;133665;133643;133945;134276;134396;134277;134616;134850;135159;134971;135160;135219;135576;135280;135666;135717;136305;135892;136392;136393;136544;136707;136728;136729;137042;137130;137177;137391;137699;137774;137822;137823;137890;138131;138207;139011;139279;139719;139764;139779;140362;140568;140740;141673;141789;142916;143256;143350;143541;144141;144018;145028;144863;145276;145472;146369;147737;147790;148201;148274;148266;148500;148512;148866;149067;149513;149799;149858;149975;150008;150096;150334;151897;151970;152969;150337;153430;153456;153528;156121;155849;156200;156338;156857;156769;157116;157865;158034;157284;158111;158105;158157;158149;158245;158209;158352;158473;158489;158644;158558;158645;158686;158764;158743;158921;158886;159052;159055;159115;54857;54858;54859;159068;54860;54861;11840;53333;156594;10474;53334;121162;97974;97975;97976;97977;97978;97979;97980;97981;97982;97983;97984;97985;97987;97986;99106;99173;99201;99315;99710;99599;99732;100325;100132;100466;100598;100599;100600;100601;100769;101029;101030;101052;101053;101171;101207;101172;101233;101234;101822;102134;102205;102206;102207;102436;102591;102592;102593;102979;102922;102980;102981;103425;103426;104703;103468;103538;103571;103880;103681;104130;104131;104297;104132;104298;104499;104500;104673;104719;105165;105166;105167;105324;105391;105392;105393;105464;105619;105657;106052;106053;106587;106588;108565;108566;108596;109621;109622;109623;109801;109922;110100;110157;110232;110233;110311;110234;111103;110694;111104;111151;111527;111582;111642;112018;112206;121097;121099;121098;121100;121101;121102;121103;121418;121104;121419;121420;133452;133451;124409;122611;125254;125285;125308;133453;125626;125627;133454;133455;133456;126175;127808;133457;128032;133458;133459;129492;133460;133461;133462;133463;131227;131834;133399;133952;133765;136804;136805;137746;101533;101399;101398;101401;101400;101403;101402;101404;101405;101406;101407;101408;101409;101410;101411;101412;101413;101414;101415;101416;101417;101418;101419;101420;101421;101422;101423;101424;101425;101426;101427;101428;101430;101429;101431;101432;101433;101434;101435;101436;101437;101439;101438;101440;101441;101442;101443;101444;101445;101446;101447;101448;101449;101450;101451;101452;101453;101454;101455;101456;101457;101458;101459;101460;101461;101462;101463;101464;101465;101466;101467;101468;101469;101470;101471;101472;101473;101474;101475;101476;101477;101479;101478;101480;101481;101482;101483;101485;101484;101486;101487;101534;119217;104579;119218;119219;104580;119220;119222;119221;119223;119224;119225;119226;119227;119228;119229;119230;119231;119232;104581;119233;119234;119235;104582;119236;119237;104674;104816;119238;105048;105049;105086;119085;119086;119087;119089;119088;119090;119091;119092;144534;144545;144523;122400;144524;144538;122972;122749;123683;144526;144266;144543;125286;144257;125727;144533;144234;144537;126048;126243;144528;126505;126700;128968;144544;127809;144243;144227;144260;144232;128111;144223;144248;144250;129846;144024;144025;144021;144540;144035;130363;130758;144531;144529;144019;144026;144044;131724;144539;144525;144428;144530;144424;144436;144430;144431;144433;144434;144429;144425;144442;10008;10407;19948;11545;73498;11015;142711;10669;73497;21329;38761;38760;15628;12127;11521;15563;11784;39482;31626;21557;87732;54843;10351;42084;146927;154933;85005;85006;85007;11243;94357;94356;11241;11244;11259;104973;94358;94359;94360;94362;94361;94363;94364;94365;94366;94367;104969;94670;104974;80190;34081;111138;94368;99246;42211;73298;94369;70565;35660;94370;94371;94372;107196;94373;11250;34082;15583;55900;65790;69920;78914;11248;11864;11863;11860;11861;11862;11859;42147;17289;11242;73299;83783;11254;11263;11258;11240;94374;11256;11253;17575;67005;11249;24275;11266;11246;50602;42368;94375;18527;49773;57917;82505;66393;35559;100257;24276;50426;64260;17290;34083;102915;11265;11245;94376;48274;94377;94378;94379;94380;122613;94381;94382;94383;94384;94385;79583;94386;65820;40355;99247;46240;42367;94387;69443;74217;50322;80222;81168;68959;76941;31800;94388;76191;34417;94389;94390;94391;94393;94392;94394;50601;73684;57916;64261;66693;94395;24745;73371;40987;64262;11255;94396;11261;11262;11264;34323;94397;34418;35777;94398;94399;76993;94400;94401;94402;130100;94403;81169;17291;17292;80964;94404;94405;12116;11247;11257;94406;11252;34084;11251;94407;91959;17293;17294;62203;32505;11260;49217;59785;40666;11109;24012;97144;31644;31645;17989;11435;97145;53322;11757;81374;90024;87410;90025;117601;95920;99664;138597;117482;112192;117483;123756;146087;45623;45553;85580;81375;45552;31349;90026;11007;31350;17320;21244;32122;73307;60023;11464;46789;73306;46790;46788;11461;46786;46787;46785;40798;21080;40800;40799;40801;40803;40802;40804;40805;40806;77813;49172;52671;53450;57042;42119;43875;44643;45504;47164;50613;48374;51924;55143;56197;57483;58682;61561;63453;66409;69845;64785;70342;74011;77176;71946;77711;79855;83470;84800;87917;86402;89830;91096;92034;94071;96452;99373;102427;104626;106845;109895;111011;111793;117599;117876;118931;119675;120951;122367;122252;125221;124007;127903;129977;132036;133672;136562;134705;139580;142466;144109;146421;154153;149380;150343;151584;153363;156665;40797;56212;23776;134168;135693;137646;141834;156228;149452;150503;152044;154713;42861;157896;158780;34815;40447;43069;44595;134169;46858;48299;50604;52755;55805;56959;58537;59425;53474;61624;62479;62835;63241;63449;65218;64583;66444;65909;66871;70214;69865;70857;71350;71950;73432;73993;74430;77171;77576;78440;79139;80483;84155;84157;84156;84158;85325;84641;86059;86368;86850;87243;87656;88638;89868;93523;32504;91162;55806;141788;144946;146445;154435;147748;149451;150419;23779;62693;54606;136948;137645;156231;152000;154724;54605;22868;88718;124089;141787;147413;147418;147411;147415;148454;151581;152630;156661;62681;63300;100841;100842;26021;145065;151977;154710;145064;22361;62682;94759;101395;104572;108337;109726;121110;142742;156193;147419;150440;152487;154144;94760;62683;22540;91386;91780;94055;99366;111965;109729;112191;122254;127896;134945;138572;141805;147421;149449;153458;157902;91388;72171;72173;78679;89781;93513;95888;97214;100792;102324;104575;109039;118085;121128;122815;133674;135695;72169;21220;21099;21100;44939;108379;124026;126633;141835;146448;62684;154426;62686;139204;143468;133695;134715;137367;140531;144017;156060;149434;150491;153399;62685;132871;62687;33220;83475;31096;132585;43390;48298;50562;53895;55811;38700;50705;55814;118089;133694;137362;140491;147716;153471;43861;50988;59179;74024;133056;136190;137647;141804;144979;146442;149466;151660;154434;156654;118090;157448;43860;109030;124022;141848;154718;149480;153437;109032;65127;139602;144052;154720;139603;155585;140728;141861;156253;149447;152028;152667;154730;62688;154729;131943;131836;44937;69099;69098;23975;51189;53632;55815;59172;61775;84403;88719;99369;104629;109864;112061;118976;122817;127899;132022;134764;138891;141854;145015;146446;154430;156059;147659;148457;150451;151828;152628;153400;157450;158730;51188;55816;138888;144051;156220;151976;154727;134223;62689;150713;157402;154712;150714;154230;136947;137628;141786;154719;156223;152029;153439;134218;62690;137905;137651;156229;157840;137652;62691;22035;21698;24002;27584;30200;158733;33256;34695;35821;38746;39355;40494;49173;52672;53451;57043;42120;43876;45505;47165;44644;48375;50614;51925;55144;56198;58683;57484;61562;63454;66410;69846;70343;64786;74012;77175;77712;79856;71947;83471;84801;86403;87918;89831;92035;91097;96453;94072;99374;102428;106846;104627;109896;111012;111794;117877;117600;118932;119676;120952;122253;122368;124008;125222;127904;129978;133673;132037;134706;136563;139581;142467;144107;154155;146422;150341;149379;151586;153364;156668;66517;20836;66542;56213;62692;20384;26072;20385;137067;148375;148705;150483;150489;150943;69237;69236;69238;69556;69239;150480;150485;150481;150484;150482;150488;60024;150487;150486;18217;25170;21302;19308;11487;24284;52481;45380;79419;45374;10441;49308;100959;100955;12128;10836;18432;18431;42304;18299;51342;56855;69817;11620;20345;64994;76461;106684;106685;106686;106687;106688;106689;108891;108892;108893;108894;108895;106310;106311;106312;106313;106314;106315;106316;108896;108897;109951;109952;109953;109954;109955;109956;109957;118824;118825;118826;118827;118828;118829;118830;118831;119618;119619;119620;119621;119622;119623;119624;119625;119626;119627;119628;119629;119630;119631;119632;119633;122425;122426;122427;122428;122429;132730;132731;132732;132733;139752;139753;139754;139755;144314;144320;143136;143147;143131;143142;145097;145114;145195;145124;144496;144502;144498;144485;151050;151027;152175;76460;151051;151030;152173;152174;152172;152856;152858;152855;152148;150804;152151;152149;152152;152854;155458;155453;155452;155459;155455;155454;156554;155457;156555;155456;156553;156556;158514;158658;158515;156602;156599;156600;156596;156601;158342;158343;158519;158513;158520;158516;158517;158667;158661;158665;158346;158669;158670;158668;158512;158345;158662;158666;158664;158518;158660;158663;158344;158671;158497;158498;158495;158496;158499;63695;63696;63697;63698;63699;63700;63701;64299;63702;63703;63704;63705;63706;63707;63709;63710;63711;158659;63712;63713;63714;63715;63716;63717;63718;63719;63720;63722;63721;63723;63724;63725;63726;63727;63728;63730;63729;63731;63732;63733;63734;63735;63736;64509;63737;63738;63739;63740;63741;63743;63742;63745;63744;63746;63747;63749;63748;64510;66785;67177;66786;66787;66788;66789;66790;67178;67179;67181;67180;68964;67182;68965;68966;68968;68967;70274;68969;70276;70275;70721;70277;72926;72927;72067;72066;72069;72068;72287;72288;72070;76074;76075;76076;76077;76078;76079;73837;73838;73839;73840;73841;73842;76080;74191;73843;74192;74193;74194;74195;74196;77251;77250;77252;77253;77254;77256;77255;77258;77257;77259;77260;77261;77262;77263;77264;77265;77267;77266;81108;81920;80498;80499;80500;81271;81272;81273;81274;80502;81275;81921;81922;81923;81498;81499;81500;81501;81502;84264;84492;84493;84265;84266;84267;84268;84269;84270;84271;85603;84272;84273;84275;84274;85605;85604;85606;85301;85303;85302;85414;85304;85415;85416;85417;86350;85450;85515;86351;86352;86353;86354;86765;86766;86767;86768;86769;94169;94170;94171;94173;92608;88882;88883;88884;88885;92609;92610;94174;94175;94176;94178;92611;92612;92560;92561;92563;92562;92564;92565;94442;94096;94443;94097;94098;94444;94445;94099;94446;94180;94181;93820;93821;95482;93822;95483;96878;96879;96880;96881;99918;100467;100468;100469;100470;100471;100472;22373;22372;22374;22375;22376;22377;22378;22379;22381;22380;22382;22383;22384;22385;22386;22388;22387;22389;22390;22391;22392;22393;22394;14391;14392;14393;14394;14395;14397;14396;14398;14612;14399;14400;14401;14402;14602;14403;14616;14404;14405;14617;14406;14407;14408;14603;14409;14410;14411;14412;14604;14618;14413;14414;14415;14416;14417;14418;14419;14420;14605;14421;14422;14423;14424;14606;14619;14620;14425;14426;14607;14608;14427;14621;14428;14429;14430;14431;14432;14433;14609;14610;14601;14434;18449;14435;14436;18450;14622;14437;14438;14439;15863;18451;18452;18453;18454;18455;18456;22395;18457;22396;22397;22398;18458;22399;22400;22401;22402;18459;22403;22404;22405;22406;22407;64309;64310;64311;64312;64313;63750;63751;63752;63753;64314;63755;63754;63756;63757;64315;64316;64317;64318;64319;63758;63760;63759;63762;63761;63763;64320;63764;64321;63765;63766;63767;63768;63769;63770;63771;63772;64323;64322;63773;64324;63774;63775;63776;63777;63778;63779;63780;63782;63781;63783;63784;63786;63785;63787;63788;63789;64325;64327;64326;64328;64329;64330;64331;64332;64333;64334;64335;64336;64337;64338;64339;64340;64342;64341;64344;64343;63791;63790;63793;63792;63794;63795;63796;63797;64345;64347;64346;64348;64349;64350;64351;64352;64353;64354;63798;63799;63800;63801;64355;64356;64357;63802;63804;63803;63805;63806;64358;64359;64360;63807;63809;63808;63810;63812;63811;63813;63814;63815;63816;63817;63818;63819;63821;63820;63822;63824;63823;63825;63826;63827;46820;46712;65258;65257;65260;65259;47048;65261;46821;65262;47049;47050;47052;47051;47053;47054;46822;46823;46824;65263;31026;30256;47055;47056;47057;46825;47058;47059;46826;47060;65264;46827;65265;30258;30259;30260;30261;30257;30262;30263;30265;30266;65266;30267;30264;30268;30270;30269;30271;30272;30273;65267;65268;65269;46828;30274;30275;30276;30277;30278;30279;30280;30281;30282;30283;30284;30285;30286;30288;30287;30289;28378;28379;28380;28381;28382;28383;28384;28385;28386;28387;28388;28389;28390;28391;28392;28393;28394;28395;28396;28397;28398;28399;28400;28401;28402;28403;28404;28405;28406;28407;28408;28409;28410;28411;28412;28413;28414;28415;28416;28417;28419;28420;28421;28422;28423;28424;28425;28426;28427;28428;28429;28430;28431;28432;28433;28434;28435;28436;28437;28438;28439;28440;65270;65271;65272;65273;65274;28418;32507;65275;65276;28441;47061;28442;28444;28443;28446;28445;28447;28448;28449;28451;28452;28450;28453;28455;28454;28456;46714;46715;46713;46716;46717;46718;46870;46871;46719;46720;30290;30291;30292;30293;30294;30295;30296;30297;30298;30299;30301;30300;30302;30303;30304;30305;30306;65277;30307;30308;65278;28457;65279;28458;28459;28460;46721;65280;28462;28463;28461;28464;28465;28466;28467;28468;28469;28470;28471;28472;65281;65282;30310;30309;30311;30313;30312;30314;30315;30316;30317;30318;30319;30320;30321;30322;30324;30325;30323;30327;30326;30328;30329;30330;65283;65284;65285;65286;65287;65288;28473;28474;28475;28476;28477;28478;28479;28480;28481;65289;65290;28482;28483;28484;28485;28486;28487;28489;28488;28490;28491;28492;28493;28494;28495;28496;28498;65291;28499;28500;28501;28497;28502;28503;28504;28506;28505;28507;28508;28509;28510;28511;28512;28513;28514;28515;28516;28517;28518;28519;28520;28521;28522;31804;28523;28524;28525;28526;28528;28527;28529;28530;28531;28532;28533;28534;28535;28536;28537;28538;28539;28540;28541;28542;28543;28544;28546;28545;28547;28548;28549;28550;28551;28552;28553;28554;28555;28556;28557;28558;28559;30332;30331;30333;30335;30334;30336;30337;30338;30339;30340;30341;30342;30344;30343;30346;30345;30347;30348;30349;30350;30351;30352;30353;30354;30355;30356;30357;30358;30360;30359;46722;30361;28561;28560;28562;28563;28564;28566;28565;28567;28569;28568;28570;28571;28572;28573;28574;28575;28576;28577;28578;28579;65292;28580;28582;28581;65293;28584;28583;28585;28587;28586;28588;28589;28590;28591;28592;28593;28594;28595;28596;28598;28597;28599;28600;28601;28602;28603;28604;28605;28606;28607;28608;28610;28611;28612;28613;28609;28614;28615;28616;28617;28618;28619;52071;52072;46872;47062;47063;46723;28620;28621;28622;28623;28624;28625;28626;28627;28628;28629;28630;28631;65294;65295;28632;30362;28633;30363;30364;30365;28634;28635;28636;28638;28637;28639;28640;28641;28642;28643;28644;28645;28646;28647;28648;28649;28650;65296;65297;65298;65299;32508;32509;65300;32511;32510;32512;32513;32514;32515;32516;30366;30367;30368;30369;30370;30371;30372;30373;30374;30375;30376;30377;30378;30379;30380;30381;30382;30383;30384;30385;30386;30387;30388;30389;30390;30391;30392;30393;30394;30395;30396;30397;30398;30399;30400;30401;30402;30403;30404;30405;30406;30407;30408;30409;30410;30411;30413;30412;30414;30415;30416;30417;30418;30419;30420;30421;30422;30423;30424;30425;30426;30427;30428;30429;30430;30431;30432;30434;30433;30435;30436;30437;30438;30439;30440;30441;30442;30443;30444;30445;30446;30447;30448;30449;30450;30451;30452;30453;30454;30455;30456;30457;30458;30459;30461;30460;65301;30462;30463;30464;30465;30466;30468;30467;30469;30470;30471;30472;30473;30474;30475;30476;30478;30477;30479;30480;30482;30481;30483;30484;30485;30486;30487;30488;30489;30490;30491;30492;30493;30494;30495;30496;30497;30498;30499;30500;30501;30502;30503;30504;30505;30506;30507;30508;30509;30510;30511;30512;30513;30514;30515;30516;30517;30518;47064;28651;28652;28653;28654;28655;28656;28657;28658;65302;28659;28660;28661;28662;28663;28664;65303;28665;65304;28666;28668;28667;28669;28671;28670;65305;28672;28673;65306;28674;28675;28677;28676;28678;28679;28680;28682;28681;28683;28685;28684;28686;28688;28687;28689;28690;28691;28692;28693;28695;28694;28696;28697;28698;28699;28700;28702;28701;28703;28704;28705;28707;28706;28708;28709;28710;28711;47065;47066;47067;47068;47069;47070;47071;47072;47073;47075;47074;47076;47077;47078;47080;47079;47081;47082;47083;47084;47085;47086;47087;47088;47089;47091;47090;47092;47093;47094;47095;47096;47098;47097;47099;30520;30519;30521;30522;65307;30523;30524;30526;30525;30527;30528;30529;30530;30531;30532;30533;30534;30535;30536;30538;30537;30539;30541;30540;30542;30543;30544;30546;30545;30547;30548;30549;30551;30550;30552;30554;30553;30555;30556;30557;30559;30558;30560;30561;30562;30564;30563;30565;30566;30567;30568;30569;30571;30570;30572;30573;30574;30575;30576;30577;30578;30579;30581;30580;30582;30583;30585;30584;30586;30587;30588;30589;30590;30592;30593;30591;30594;30595;28712;28713;28714;28716;28715;32213;32214;32215;32216;30596;32217;28717;30597;28718;28719;28720;28721;28722;28723;28724;28726;28725;65308;28727;28728;28729;28730;28731;28732;28734;28733;28735;28736;65309;28737;28738;65310;28739;28740;28742;28741;28743;28744;28745;28746;65311;28747;28749;28748;28750;28752;28751;28753;28754;28755;28756;28757;30598;28758;30599;30601;30600;30602;30603;30604;30606;30605;30607;30608;30609;30611;30610;30612;30613;30614;30616;30615;30617;30619;30618;30620;30622;30621;30623;30625;30624;30626;30628;30627;30629;30630;30631;30633;30632;30634;30635;30636;65312;30637;28759;28761;28760;30638;30639;28762;28764;28763;28765;30640;28766;28767;30641;30642;28768;30643;30645;30644;30646;30647;28769;28771;28770;30648;30649;28772;28774;28773;28775;28776;30650;30651;28777;30652;28778;30653;28779;28781;28780;28782;28783;28784;28786;28785;28787;28788;28789;28791;28790;28792;65313;65314;65316;65315;28793;28795;28794;28796;28797;28798;28800;28799;28801;28802;28803;28804;28805;28807;28806;28808;28809;28810;28811;28812;28814;28813;28815;28816;28817;28818;28819;28820;28821;28822;28823;28824;65318;65317;65319;65320;65321;32218;32219;32220;32221;32222;32223;32224;32225;32226;32227;32228;32229;30654;30655;30656;30657;30659;30658;30661;30660;28825;30662;28826;65322;30663;28827;30664;28828;65323;28829;28830;30665;30666;30667;28831;30668;28832;28833;28835;28834;28836;30669;31805;30670;28837;28838;30671;30672;30673;30674;30675;28839;30677;30676;30678;30679;30680;28840;30681;30682;28841;30683;30684;30685;30686;30687;30688;30689;30690;30691;30692;30693;28842;30694;30695;28843;28844;28845;28846;28847;28848;28849;28850;28851;28852;28853;28854;28855;28856;28857;28858;28859;28860;28861;28863;28862;28864;28865;28867;28866;28868;28870;28869;28871;28872;28873;28874;28875;28876;28877;28878;28880;28879;28882;28881;28883;28884;28885;28886;28887;28888;28889;28890;28891;28892;28893;28894;28895;28896;28897;28898;28899;28901;28900;28903;28902;65324;65325;65326;65327;28904;28905;30696;30697;30698;28906;28907;30699;30700;30701;30702;30703;30704;30705;30706;30707;30708;30709;30710;30711;30712;30713;30714;30715;30716;30717;30718;30719;30720;30721;30722;30724;30723;30725;30726;30727;30728;30729;30730;30732;30731;30733;30734;30735;30736;30737;30738;30739;30740;30741;30742;30743;30744;30745;30746;30747;30748;30749;30750;30751;30752;30753;30754;30755;30756;30758;30757;30759;30760;30761;30762;30763;30764;30765;30766;30767;30769;30768;30771;30770;30773;30772;30774;30775;30777;30776;30779;30778;30781;30780;30782;30783;30784;30785;30786;65329;65328;65330;28908;28909;28910;28911;28912;28914;28913;28915;28916;28918;28917;28919;28920;28921;28922;28923;28924;28925;28926;28927;30787;30789;30788;30790;30791;30792;30793;30794;30795;30796;30797;30798;30799;30800;30801;30802;30803;30804;30805;30806;30807;30808;30809;30810;30811;30812;30813;30814;30815;30816;30817;30818;30819;32517;32518;32519;32520;32521;32522;32523;32524;32526;32525;32527;32528;32529;32530;32531;32532;32533;32534;32536;32535;32537;32538;28928;30820;30821;30822;30823;28929;30825;30824;28930;30826;30827;30828;30829;30830;30831;30832;30833;30834;30835;28931;30836;30837;28932;28933;30838;30839;30840;28934;30841;30842;30843;28935;28936;30844;30845;28937;30846;28938;30848;30847;30849;30850;30851;30852;30853;30854;28940;28939;28942;28941;28944;28943;28945;65331;28946;28947;28948;65332;28949;28950;28951;28953;28952;30855;28954;30856;30857;30858;28955;28956;30859;30860;30861;28957;30862;28958;28959;28960;30863;30864;30865;30866;28961;30867;30868;30869;28962;30870;30871;28963;30872;30873;28964;30874;28965;28966;30875;30876;30877;30878;28967;28968;30879;28969;30880;28970;28971;65333;28972;28973;28974;28975;28976;28977;28978;28979;28981;28980;28982;28983;28984;28985;28986;28987;28988;28989;28990;28991;28992;28993;28994;28995;28997;28996;28998;29000;28999;29001;29002;29003;29004;29005;29006;29007;29008;29009;29010;29011;29012;29013;29014;29015;29016;29018;29017;29020;29019;29021;30881;29023;29022;29025;29024;65334;29026;29027;29028;29029;29030;29031;29032;29033;29034;32539;32540;32541;32542;32543;32544;32545;32547;32546;32548;65335;29035;29036;29037;29038;29039;29040;29041;29042;29043;29044;29045;29046;29048;29047;29049;29050;29051;29052;29053;29054;29055;29056;29057;29058;29059;29060;29061;29062;29063;29064;29065;29066;29067;29068;29069;29070;29071;29072;29073;29075;29074;29077;29076;29078;29079;29080;29081;29082;65336;65337;65338;65339;65341;65340;65343;65342;65344;65345;32550;32549;32552;32551;32553;32554;32556;32555;32558;32557;32560;32559;32561;32562;32563;32564;32565;32566;32567;32569;32568;32570;32572;32571;32573;32574;32576;32575;32578;32577;32580;32579;32582;32581;32583;32584;32585;32586;32587;32588;32589;32590;32591;32592;32593;32594;32595;32596;32597;32598;32599;32600;32602;32601;32604;32603;32605;32606;32607;32608;32609;32610;32611;32612;32613;32614;32615;32616;32617;32618;32619;32620;32621;32622;32623;32624;32625;32626;32627;32628;32630;32629;32631;32632;32633;32634;32635;32636;32637;32638;32639;32640;32641;32642;32643;32644;32645;32646;32647;32648;32649;32651;32650;32652;32653;32654;32655;32656;32657;32658;32659;32660;32661;32662;32663;32665;32664;32666;32667;32668;32669;32670;32672;32671;32673;32674;32675;32676;32677;32678;32679;32680;32681;32683;32682;32684;32685;32686;32687;32688;32690;32689;32691;32692;32693;32694;32695;32697;32696;32698;32699;32700;32702;32701;32703;32705;32704;32706;32707;32708;32710;32709;32711;32712;32713;32714;32715;32716;32717;32718;32720;32719;32721;32722;32723;32724;32725;32726;32727;32728;32729;32730;32731;29083;29084;29085;29086;29087;29089;29088;29090;29091;29092;29093;29094;29095;29096;29097;29098;29099;29100;29101;29102;29103;29104;29105;29106;29107;29108;29109;29110;29111;29112;29113;29114;29115;29116;29117;29118;29119;29120;29121;29122;29123;29124;29125;29126;29127;29128;29129;29130;29131;29132;29133;29134;29135;29614;29615;29616;29617;29618;65346;29136;29138;29137;29140;29139;29141;29142;29143;29144;30882;30883;30884;30885;30886;30887;30888;30889;30890;30891;30892;30894;30893;30895;30896;65347;29619;65348;29620;29622;29621;29624;29623;29625;29626;29627;29628;29630;29629;29631;29632;29634;29633;29635;29636;29637;29638;29640;29639;29641;29642;29644;29643;29645;29646;29648;29647;29650;29649;29651;29652;29653;29654;29655;29656;29658;29657;29659;29660;29662;29661;29664;29663;29665;29666;29667;29668;29669;29670;29671;29672;29673;29674;29675;29676;29677;29678;29679;29680;29681;29682;29683;29684;31468;31469;31471;31470;31472;31473;32732;31474;31475;31476;31478;31477;31479;31480;31481;29145;29146;29147;29148;29149;29150;29151;29152;29154;29153;29155;29156;29157;29158;29159;29161;29160;29162;29163;29164;29165;29166;29168;29167;29169;29170;29171;29172;29173;65349;65350;65351;65352;65353;65354;65356;65355;65357;65358;65360;65359;65362;65361;65363;65364;29315;29316;29317;29318;29319;29320;29321;29322;29323;29324;29325;29174;29175;29176;29177;30897;30898;30899;30900;30901;30903;30902;30904;30905;30906;30907;30908;30909;30910;30911;30912;30913;30914;30915;30916;30917;30918;30919;30920;30921;30923;30922;30924;30925;30926;30927;30928;30929;30930;30932;30931;30933;30934;30935;30937;30936;30938;30940;30939;30941;30942;30943;30944;30945;30946;30947;30948;30949;30950;30951;30953;30952;30954;30956;30955;30957;31483;31482;31484;31486;31485;31487;31488;31489;31490;31491;31493;31492;31494;31495;31496;31497;31498;31499;31500;31501;31502;31503;31504;31505;31506;31507;31508;31509;31510;31511;31512;31513;31514;31515;32733;29178;32734;32735;32736;32737;32738;32739;32740;32741;32742;32743;32744;32745;32746;32747;32748;32749;32750;32751;32752;32753;32754;32755;32756;32757;32758;32759;32760;32761;32762;32763;32764;32766;32765;32767;32768;32769;32770;32771;32772;32773;32774;32775;32776;32777;32778;32779;32781;32780;32782;32783;32784;32785;32786;32787;32788;32789;32790;32791;32792;32793;32794;32795;32796;32797;32798;32799;32800;32801;32802;32803;32804;32805;32806;32807;32808;32809;32810;32812;32811;32813;32814;32815;32816;32817;32818;32819;32820;32821;32822;32823;32824;32825;32826;32827;32828;32829;32830;32831;32832;32833;29179;65365;36571;37918;29326;29327;29328;29329;29330;29331;29332;29333;29334;29335;29336;32230;32231;32232;65366;32233;32234;32235;32236;32237;32238;32239;65367;32240;32242;32241;32243;32244;32245;32246;32248;32247;32249;32250;32251;32252;32253;32254;32255;32256;32257;32259;32258;32260;32261;32263;32262;32264;32265;32266;32267;32268;32270;32269;32271;32272;32274;32273;32276;32275;32277;32278;32279;32280;32281;32282;32283;32284;32285;32286;32287;32288;32289;32290;32291;32292;29685;32293;29686;29687;29688;31194;31195;31196;31197;31198;31199;31200;31201;31202;31203;31204;31205;31206;31207;31208;31209;31210;31211;31212;31213;31214;31215;29180;65368;29181;29182;29183;29184;29185;29186;31216;31217;31218;31220;31219;31222;31221;31224;31223;31226;31225;31227;31228;31230;31231;31229;31232;31233;31234;31235;31236;31238;31237;31239;31240;31241;31242;31243;31244;31245;31246;31247;31248;31249;31250;31251;31252;31253;31255;31254;31256;31257;31258;31259;31260;31261;31263;31262;31264;31265;31266;31267;31268;31269;31271;31270;33290;33289;33291;33292;33293;33294;33295;33296;33297;33298;33299;30958;65369;65370;65371;65372;65373;65374;65375;65376;65377;65378;65379;65380;65381;65382;65383;65384;65385;65386;65387;30959;30960;30961;30962;30963;30965;30964;30966;30967;30969;30968;30970;30971;30972;30973;30974;30975;30976;30977;30978;30979;30980;30981;30982;30983;30984;30985;30987;30986;30988;32294;30989;65388;30990;30991;30992;30993;30994;30996;30995;30998;30997;31000;30999;31001;31002;31003;31004;31005;31006;31007;31008;31009;31010;31011;31012;31013;31015;31014;31016;31017;31018;31020;31019;31021;31022;31023;31516;31517;31518;31519;31520;31521;31522;31523;31524;31525;31526;31527;31528;31529;31530;31531;31532;31533;31534;31535;31536;31537;31538;31539;31540;31541;31542;31543;31024;31544;31545;31546;31548;31547;31549;31550;31551;31552;31553;31554;31555;31556;31557;31558;31559;31560;31561;31562;31563;31564;31565;31566;31567;31568;32834;31569;31570;31571;65389;34853;65390;31272;31273;31274;31275;31276;31277;31279;31278;31281;31280;31282;31283;31284;31285;31286;31287;31288;31289;31290;31291;31292;31866;31867;31868;31869;31870;31871;31872;31873;31874;31876;31875;31877;31878;31880;31879;31881;31882;31884;31883;31886;31885;31887;31888;31890;31889;31892;31891;31893;31894;31896;31895;31897;31898;31900;31899;31901;31902;31903;31904;31905;31906;31907;31908;31909;31910;31911;31912;31913;31914;31915;31916;31917;31918;31919;31921;31920;31923;31922;31924;31925;31926;31927;31928;31929;31930;31931;31932;31933;31934;31936;31935;31938;31937;31939;31940;65391;31572;31573;31574;31576;31575;31578;31577;32835;32836;32837;32838;32839;32840;32841;32842;32844;32843;32846;32845;32848;32847;32849;32850;32851;32852;32853;32854;32855;32856;32857;32858;32859;32860;32861;32862;32863;32864;32865;32866;32867;32868;32869;32870;32871;32872;32873;32874;32875;32876;32877;32878;32879;32880;32881;32882;32883;32884;32885;32886;31579;31580;31581;31582;31583;31585;31584;32888;32887;32889;65392;32890;32891;32892;32894;32893;32895;32896;32897;32898;32899;32900;32901;32902;32903;32904;32905;32906;32907;32908;32909;32910;32911;32912;32913;32914;32915;32916;32917;32919;32918;32920;32921;32922;32923;32924;32925;32926;32927;32928;32929;32930;32931;32932;32933;32934;32935;32936;32937;32938;32939;32940;32941;32942;32943;32944;32945;32947;32946;32948;32949;32950;32951;32952;32953;32954;65393;33591;33592;33593;33594;33595;33596;33597;33598;33599;33600;33601;33602;33603;33604;33605;33606;33607;33608;65394;32955;32956;32957;32958;32959;32960;32962;32961;32964;32963;32966;32965;32967;32968;32969;32970;32971;32972;32973;32975;32974;32976;32977;32978;32979;32980;32981;32982;32983;32984;32985;32987;32988;32989;32986;32990;32992;32991;32993;32994;32995;31941;31943;31942;31945;31944;33300;33301;33303;33302;33304;33305;33306;33307;33308;33309;33310;33311;33312;33313;33314;33315;33316;33317;33318;33319;33320;33321;33322;32996;32997;32998;33000;32999;33002;33001;33003;33004;33005;33006;33007;33008;33009;33010;33012;33011;33013;33014;37646;33015;37916;65395;65396;65397;38134;65398;33016;65399;32295;32296;32297;65400;65401;65402;65403;35475;35476;35477;35478;35479;35480;35481;33017;33018;33019;33020;33021;33022;33023;33024;33025;33026;33028;33027;33029;33031;33030;33032;33034;33033;33035;33036;33037;33038;33039;33040;33041;33042;33043;33044;33045;33046;33047;33048;33049;33051;33050;33052;33053;33054;33055;33609;65404;65405;33610;33611;33612;33613;33614;33615;33617;33616;33618;33619;33620;33621;33622;33623;33056;32298;33057;37656;37340;36370;65406;36316;37037;37335;36448;38003;36461;36398;36923;33058;33059;33061;33060;33062;33063;33064;33065;33066;33067;33068;33070;33069;33071;33072;33073;33074;33075;33076;36341;36985;37652;37780;36732;38089;37843;38100;36911;37489;37973;36464;36546;65407;36286;36733;36390;37981;37906;36498;37744;37666;35828;35829;35831;35830;35832;35833;35834;35836;35835;35837;35838;35839;35841;35840;35842;35843;35844;35845;35846;35847;35848;35849;35850;35851;35852;35853;35854;34854;34855;33323;33324;33325;33326;33327;33328;33329;33330;33331;33332;33333;33335;33334;33336;33337;33338;33339;33340;33341;33342;33343;33344;33345;33346;33348;33347;33350;33349;33351;33352;33353;33354;33355;33356;33357;33358;33359;33361;33360;33362;33952;33953;33954;33955;33956;33957;33958;33959;33960;33961;33962;33963;33964;33965;33966;33967;33968;33969;33970;33971;33972;33973;33974;33975;33976;33977;33978;33979;33980;33981;33982;33983;33984;33985;33986;33987;33988;33990;33989;33991;33992;33993;33994;33995;33996;33997;33998;33999;34000;34001;34002;34003;34004;34005;34006;34007;34008;33363;34009;37921;37325;37691;36314;37638;38146;37344;36663;37195;36871;36481;37321;65408;65410;65409;37971;37980;37277;37187;36246;37158;38097;36540;37653;36921;37345;38057;37436;38105;37697;36469;37908;36727;37024;37339;37329;37615;37894;36387;65411;37102;36647;37685;36845;36666;36501;37020;37228;36372;38102;36455;36371;37267;37919;37729;36713;37832;37536;37889;36602;37365;36936;37445;37338;37807;37132;37314;37181;33624;33625;33626;33627;33628;33629;33630;33631;33632;33633;33634;33636;33635;33637;33638;33639;33640;33641;33642;33643;33644;33646;33645;33647;33648;33649;33650;33651;33652;33653;33654;33655;33656;33657;33658;33659;33660;33661;33662;33663;33664;33665;33666;33667;33668;33670;33669;33671;33672;33673;33674;33675;33676;33677;33678;33679;33681;33680;33682;33683;33684;33685;34511;33686;34512;34513;34514;34515;34516;34517;34518;34519;34520;34521;34522;34523;34524;34525;34526;34527;34528;34529;34531;34530;34532;34533;34534;34535;34536;34537;34538;34539;34540;34541;33687;33688;33689;33690;33691;33692;33693;33694;33695;33696;33698;33697;33699;33700;33702;33701;33703;33704;33705;33706;33707;33708;33709;33711;33710;33712;33713;33715;33714;33716;33717;33718;33719;33721;33720;33722;33723;33724;33726;33725;33728;33727;33729;33730;33731;33732;33733;33734;34542;34543;34544;34545;34547;34546;34548;34549;34550;34551;34552;34553;34554;34555;34556;34557;34558;34559;34560;34561;34562;34563;34564;34565;34566;34567;34568;34569;34570;34571;34572;34573;34574;34575;34576;34577;34578;34579;65412;65413;34010;65414;34011;34012;34013;34014;34015;34016;34017;34856;34857;34858;34859;34860;34861;34862;34863;34864;34865;34866;34867;34868;34869;34870;34871;34872;34873;34874;34875;34876;34878;34877;34879;34880;34881;34882;34884;34883;34885;34886;34888;34887;34890;34889;34891;34892;34893;34894;34895;34896;34898;34897;34900;34899;34901;34902;34903;34904;34905;34906;34907;34908;34909;34910;34911;34912;34913;34914;34915;34916;34917;34918;34919;34920;34921;34922;34923;34924;34925;34926;34927;34928;34929;34930;34931;34932;37396;37214;65415;36368;37248;37776;37619;65416;37074;37789;36630;37914;36410;36744;37395;36317;37307;37184;37623;36801;36282;36803;37209;37174;37352;36289;37494;37793;36408;37349;36453;36646;37787;37985;37705;37392;37863;36718;65417;37972;36738;37012;36956;38082;37651;36982;36849;37465;37784;37192;37233;36854;37014;37941;37464;37441;36532;36487;37636;37521;37967;36395;37232;36785;36219;37112;37684;36405;36834;36668;38059;37104;37245;36269;36809;36412;36942;37930;37976;36607;37035;36586;38209;38210;38211;38212;38213;38214;38215;38216;38217;38218;38219;38220;38221;38222;38223;38224;38225;38226;38227;38228;38229;38230;38231;38232;38233;38234;38235;38237;38236;38238;38239;38240;38241;38242;38243;38245;38244;38246;38247;38248;38249;38250;38251;38252;38253;38254;38255;38256;65418;35482;35483;35484;35485;35486;35487;35488;35489;35490;35491;35492;35493;35494;35495;35496;35497;35498;65419;65420;65421;65422;65423;65424;65425;65426;65427;35499;35500;35501;35502;65428;43405;43406;43407;43408;65429;34933;34934;34935;35855;35857;35856;35859;35858;35861;35860;35862;35863;35864;35865;35866;35867;36631;37694;37774;36536;37564;37384;36902;36466;65430;37854;36828;37182;36900;36754;37642;37199;36705;36792;36817;36465;37897;37943;36939;37730;37146;37322;36836;37041;38121;38119;37394;37837;36818;37566;36667;37023;37372;37160;37574;37077;36726;37903;36439;37304;37216;37009;38077;36381;37008;36800;37332;36979;36283;36488;36296;37120;36230;38029;37597;37678;37847;36940;37805;37611;36416;37620;37879;36728;36359;37056;36525;36691;36669;37351;37360;38039;34580;34581;34582;34583;34584;34585;34586;34587;34588;34589;34591;34590;34592;34593;34594;34595;34596;34597;34598;34599;34600;34601;34602;34603;34604;34605;34606;34607;34608;34609;34610;34611;34612;34613;34614;34615;34616;34617;34618;34619;34620;34621;34622;34623;34624;34625;34626;34627;34628;34629;34630;34631;34632;34633;34634;34635;34636;34637;34638;34639;34640;34641;34642;34643;34644;34645;34646;34647;34648;34649;34650;34652;34651;34653;34654;34655;34656;34657;34658;34659;34660;34661;34662;34663;34664;34665;34666;34667;34668;65431;65432;65433;65434;35112;35113;35114;35115;35116;35117;35118;35119;35120;35121;65435;65436;35122;35123;35124;35125;35126;35127;35128;35129;35130;35131;35132;35133;35134;35135;35136;35137;35138;35139;35140;35141;35142;35143;35144;35145;35146;35147;35148;35149;35151;35150;35152;38257;38258;38260;38259;38261;38262;38263;38264;38265;38267;38266;38268;38269;38270;38271;38272;38273;38274;38275;38276;38277;38278;38279;38281;38280;38282;38283;38284;38285;38286;36502;36310;37721;37376;37845;37224;37156;36867;36593;37129;36223;37302;37754;37660;37760;37986;37674;37511;37679;37113;36581;37659;37059;37771;37303;37770;38045;36437;37622;36529;36829;36917;36741;36988;36227;37067;36367;36932;37668;37720;36325;37524;36888;37408;37719;37054;38123;65437;37168;38120;36764;36419;36881;38139;36901;36444;38125;36783;36270;36580;37380;38093;37502;36424;37084;37975;37816;37578;37761;37116;37001;36307;36876;37468;36328;37022;37280;36500;37082;36274;36778;36431;37247;37737;37557;38145;36252;36434;36885;37650;36771;37357;37500;37265;37764;37708;37926;37745;37937;37858;37689;36642;36695;38017;37775;38088;37006;37583;38040;37208;36712;37342;38041;38124;36345;38109;37266;38033;36393;37193;38020;36612;37676;35153;37709;35155;35154;35157;35156;35158;35159;35160;35161;35162;35163;35164;35165;35166;35167;35168;35169;38287;38288;38289;38290;38291;38292;38293;38294;38295;38296;38298;38297;38300;38299;38301;38302;38303;38304;38306;38305;38308;38307;38310;38309;38311;38312;38313;38315;38314;38316;38317;38318;38319;38320;38321;38322;38324;38323;38325;38326;38327;38328;38329;38330;38332;38331;38333;38334;38335;38336;38338;38337;38339;38340;38342;38341;38343;38344;38345;38346;38347;38348;38349;38351;38350;38352;38353;38354;38355;38356;38358;38357;39623;39624;39625;39626;39627;39628;39629;39630;39631;39632;37005;38359;38360;38361;38362;38363;38364;38365;38366;38367;38368;38369;38370;38371;38372;38373;38374;38375;38376;38377;38378;38379;38381;38380;38382;38383;38384;38385;38386;38387;38388;38389;38390;38391;38392;38393;38395;38394;38396;38397;38398;38399;38400;38401;38402;38403;38404;38405;38406;38407;38408;38409;38411;38410;38412;38413;38414;38415;38417;38416;38418;38419;38421;38420;38423;38422;38424;38425;38426;38428;38427;38429;38430;38431;38432;38433;38434;38435;38436;38437;38438;38439;38440;38441;38442;38443;38445;38444;38446;34936;65438;36680;35170;35171;36627;65439;65440;65441;44138;44137;44139;44140;44141;44142;44144;44143;44146;44145;44148;44147;44150;44149;44151;44152;44153;44154;44156;44155;44157;44158;44160;44159;44161;44162;44163;44164;44165;44166;44167;44168;44169;44170;44171;44172;44173;44174;44175;44176;44177;44178;44179;44180;44181;44182;44183;44184;44185;44186;44187;44188;44189;44190;44191;44192;65442;65443;65444;65445;65446;65447;35504;35503;35505;35506;35507;35508;35509;35510;35511;35512;35513;35514;35515;35516;35518;35517;35520;35519;35522;35521;35524;35523;35526;35525;35527;35528;35530;35529;35531;35532;35533;35534;35535;35536;35537;35539;35538;35541;35540;35542;35543;35544;35545;65448;65449;39810;39811;39812;39813;39814;35546;35868;35869;35870;35871;35872;35873;35874;35875;35876;35877;35878;35879;35880;35881;35882;35883;35884;35885;35886;35887;35888;35889;35890;35891;35892;35893;35894;35895;35896;35897;35898;35899;35900;39009;39010;39011;39012;39013;39014;39015;39016;39017;39018;39019;39020;39021;39022;39023;39024;39025;39026;39027;39028;39029;39030;39031;39032;39033;39034;39035;39036;39037;39038;39039;39040;39041;39042;39043;39044;39045;39046;39047;39048;39050;39049;39052;39051;39053;39054;39055;39056;38101;37453;36824;36839;37796;37170;37690;36477;37140;36970;37411;37786;36417;36609;36708;37291;36490;36884;36925;37861;36961;36440;38062;36994;37993;36544;38127;36613;37961;37230;39057;39058;39059;39060;39061;39062;39063;39064;39065;39066;39067;39068;39069;39070;39071;39072;39073;39074;39075;39076;39078;39077;39080;39079;39081;39082;39083;39084;39085;39086;39087;39088;39089;39090;39091;39092;39093;39095;39094;39097;39096;39098;39099;39100;39101;39102;39103;39104;39105;39107;39106;39108;39109;39110;39111;39112;39113;39114;39115;39116;37417;37491;37476;37531;36253;36595;37343;37382;37664;37301;36247;37931;38016;37434;37693;37448;37079;37955;36514;38053;37748;37083;36974;37757;37917;37763;37573;37856;36886;37088;36758;37963;36898;37011;39117;39118;39120;39119;39121;39122;39124;39123;39125;39126;39127;39128;39129;39130;39131;39132;39133;39134;39135;39137;39136;39138;39139;39140;39141;39142;39143;39144;39146;39145;39147;39148;39150;39149;39152;39151;39153;39154;39155;39156;39157;39158;39159;39160;39161;39162;39163;39164;39165;39166;39167;39168;39169;39171;39170;39172;39173;39175;39174;39176;39177;43409;43410;43411;43412;65450;43414;43413;43415;39633;38448;38447;38449;38450;38451;38452;38453;38454;38455;38456;38457;38458;38459;38460;38461;38463;38462;38465;38464;38466;38467;38468;38469;38470;38471;38472;38473;38474;38475;38476;38477;38478;38479;38480;38481;38482;38483;38484;38485;38486;38487;38489;38488;38491;38490;38492;38493;38495;38494;38496;38497;38499;38498;38500;38501;38502;38503;38504;38505;38507;38506;38508;38509;38510;38511;38512;38513;38514;38515;38516;38517;38518;38519;38520;38521;38522;38523;38524;38525;38526;38527;38528;38529;38530;38531;38532;38533;38534;38535;38536;38537;38538;38539;38540;38541;38542;38543;65451;65452;44431;44432;44433;44434;44435;44436;44437;44438;38544;38545;38546;38547;38548;38549;38550;38551;38552;38553;38554;38555;38556;38557;38558;38559;38560;38561;38562;38563;38564;38565;38566;38567;38568;38569;38570;38571;38572;38573;38574;38575;38576;38577;38578;38579;38580;38581;38582;38583;38584;38585;38586;38587;38588;38589;38590;38591;38592;38593;38594;38595;38596;38598;38597;38599;38600;38601;38602;38603;38604;38606;38605;38607;38608;38609;38611;38610;38612;38613;39634;39635;39637;39636;39638;39639;39640;39641;39642;39643;39644;39645;39646;39647;39648;39649;39650;39651;39652;39653;39654;39655;39656;39657;39658;39659;39660;39662;39661;38614;38615;38616;38617;38618;38619;38620;38621;38622;38623;38624;38625;38626;38627;38628;38629;38630;38631;38632;38633;38634;38635;38636;38637;38638;38639;39663;39664;39665;39666;39667;39668;39669;39670;39671;39672;39673;39674;39675;39676;39677;39678;39679;39680;39681;39682;39684;39683;39685;39686;39687;39688;39689;39690;39691;39692;39693;39694;39695;39696;42481;42482;42483;42484;42485;42486;42487;42488;42489;42490;42491;42492;42493;42494;42495;42496;42497;42498;42499;42500;42501;42502;42503;42504;42505;42506;42507;42508;42509;42510;42511;42480;42512;39697;39698;39699;39700;39701;39702;39703;39704;50707;50708;39705;39707;39706;39708;39709;39710;39711;39712;39713;39714;39715;39716;39717;39718;39719;39720;39721;39722;39723;39724;39725;39726;39727;39728;39729;39730;39731;39732;39733;39734;39735;39736;39737;39738;39739;39740;39742;39741;39743;39744;42513;39745;42514;42515;42516;42517;42518;42519;42520;42521;42522;42523;42524;42525;42526;42527;42528;42529;42531;42530;42532;42533;42534;42535;42536;42537;42539;42538;42541;42540;42542;42543;42544;42545;42546;42547;42548;42549;42550;42551;42552;42553;39746;39747;65453;65454;52073;39178;39180;39179;39182;39181;39183;39184;39185;39186;39187;39188;39190;39189;39191;39192;39193;39194;39195;39196;39197;39198;39199;39200;39201;39202;39203;39204;39205;39206;39207;39208;39209;39210;39211;39212;39214;39213;39215;39216;39218;39217;39219;39220;39221;39222;39223;39224;39225;39226;39227;39228;39229;39230;39231;39232;41647;41648;41649;41650;41651;41652;41653;41654;41655;41656;41657;41658;41659;41660;41661;41663;41662;41664;41665;41667;41666;41669;41668;41670;41671;41672;41673;41674;41675;39233;39234;39235;39236;39237;39238;39239;39240;39241;39242;39243;39245;39244;39247;39246;39248;39249;39251;39250;39252;39253;39254;39255;39256;39257;39259;39258;39260;39261;39262;41676;41677;41678;41679;41680;41681;41682;41683;41684;39263;39264;39265;39266;39267;39268;39269;39270;39271;39272;39273;39274;39275;39276;39277;39278;39279;39280;39281;39282;39283;39284;39285;39286;39287;39288;39289;41685;41686;41687;41688;41689;41690;41691;41692;41693;41694;41695;41696;41697;41698;41699;41700;41701;41702;41703;41704;41705;41706;41707;41708;41709;41710;41711;41712;41713;41715;39290;39291;39292;39293;39294;39295;39296;41714;39297;39299;39298;39300;39301;39302;42554;65455;42555;42556;42557;42558;42559;42560;42561;42562;42563;42564;42565;42566;42567;42568;42569;42570;42571;42572;42573;39748;39749;39750;39751;39752;39753;39754;39755;39756;39757;39759;39758;39760;65456;65457;65458;65459;65460;39815;39816;39817;39818;39819;39820;39821;39822;39823;39824;39825;39826;39827;39828;39830;39829;39831;39832;39833;39834;39835;39836;39837;39838;39839;39840;39841;65461;52074;65462;52075;39842;52076;39843;43899;43900;43901;43902;43903;50709;47622;47623;47624;47625;47626;47627;47628;47629;47630;47631;47632;47633;47634;47635;47636;47637;47638;47639;47640;47641;47642;47643;43416;43417;43418;43419;43421;43420;43422;43423;43424;43425;43426;43427;43428;43429;43430;43431;43432;43433;43434;43435;47644;47646;47645;47647;47648;47649;47650;47651;43904;43905;43906;43907;43908;43909;43911;43910;43912;43913;43914;43915;43916;43917;43919;43918;43921;43920;43922;43923;43925;43924;43926;43927;43929;43928;43930;43931;43932;43933;43934;43935;43936;43937;43938;43939;43940;43941;43942;43943;43944;43946;43945;43947;43948;43949;43950;43951;43952;43953;43954;43955;43956;43957;43958;43959;43960;43961;43962;43963;43964;43966;43965;43967;43968;43970;43969;43971;43972;43973;43974;43975;43976;43977;43978;43979;43980;43981;43982;43983;43984;43985;43986;41716;41717;41718;41719;41720;41721;41722;41723;41724;41725;41726;41727;41728;41729;41730;41731;41732;41733;41734;41735;41736;41737;41738;41739;41741;41740;41743;41742;41744;41745;41746;41747;41748;41749;41750;41751;41752;41754;41753;41755;41756;41757;41758;41759;41760;41761;41762;41763;41764;41765;41766;41767;41768;41769;41770;41771;41772;41773;41774;41775;41777;41776;41779;41778;41781;41780;41783;41782;41785;41784;41786;41787;41788;41789;41791;41790;41793;41792;41795;41794;41797;41796;41799;41798;41800;41801;41802;41803;41804;41805;41806;43184;43185;43186;43187;43188;43190;43189;43436;43437;43439;43438;43440;43441;43442;43443;43444;43445;43447;43446;43448;43449;43450;43451;43452;43453;43454;43455;43456;43457;43458;43459;43460;43462;43461;43463;43464;43465;43466;43467;43468;65463;43469;43470;43471;43472;43474;43473;43475;43476;43477;43478;43479;43480;43481;43482;43484;43483;43486;43485;43487;43488;43489;41807;41808;41809;41810;41811;41812;41813;41814;41815;41816;41817;41818;41819;41820;41821;41822;41823;41824;41825;41826;41827;41829;41828;41830;41831;41832;41833;41834;41835;41836;41837;41838;41839;41840;41841;41843;41842;41844;41845;41846;41847;41848;41849;41851;41850;41852;41853;41854;41855;41856;41857;41858;41859;41861;41860;41862;41863;41864;41865;41866;41867;41868;41869;41870;41871;41873;41872;41874;41875;41877;41876;41878;41879;41880;41881;41882;41883;41884;41885;41886;41887;41888;41889;41890;41891;43191;43192;43193;43194;43196;43195;43197;43198;43199;43200;43201;43202;43203;43204;41892;41893;41895;41894;41897;41896;41899;41898;41900;41901;41902;41903;41904;41905;41906;41907;41908;41909;41910;41911;41912;41913;41914;41915;41916;41917;41918;41919;41920;41921;41922;41924;41923;41925;41926;41927;41928;41929;41930;41931;41932;41933;41934;41935;41936;41937;43205;43206;43207;43208;43209;43210;43211;43212;43214;43213;43216;43215;43217;43218;43219;43220;43222;43221;43224;43223;43226;43225;43227;43228;43229;43230;43231;43233;43232;43235;43234;45628;45629;45630;45631;45632;45633;45634;45635;45636;45637;45638;45639;45640;45641;45642;45643;45644;45645;45646;45647;45648;45649;45650;43490;43491;43492;43493;43494;43495;43496;43497;43498;43500;43499;43501;43502;43503;43504;43505;43506;43507;43508;43509;43510;43511;43512;43513;43514;43515;43516;43517;43518;43519;43520;43521;43522;43523;43524;43525;43526;43527;43528;43529;43530;43531;43532;43533;43534;43535;43536;43537;43538;43539;43540;43541;43542;43543;43544;43545;43546;43547;43548;43549;43550;43551;43552;43553;43555;43554;43556;43236;43237;43238;43239;43240;43241;43242;43243;43244;43245;43246;43248;43247;43249;43250;43251;43252;43253;43254;43255;43256;43257;43258;43259;43260;43261;43262;43263;43265;43264;43266;43267;43268;43269;43270;43271;43272;43273;43274;43275;43277;43276;43279;43278;45651;43280;45652;45653;48765;48764;48766;48767;48768;48769;48770;48771;48772;48773;48774;48775;43281;43282;43283;43284;43285;43286;43287;43288;43289;43290;43291;43292;43293;43294;43295;43296;43297;43298;43299;43300;43301;43302;43303;43304;43305;43306;43307;43308;43309;43310;43311;43312;43313;43314;43315;45654;45655;45656;45657;45658;44193;44194;43557;43558;43559;44195;44196;44197;44198;44199;44200;44201;44202;44203;44204;44205;44206;44207;44208;44210;44209;44211;44212;44213;44214;44215;44216;44217;44218;44219;44220;43560;43561;43562;43563;43564;43565;43566;43568;43567;43569;43570;43571;43573;43572;43574;43575;43576;43578;43577;43579;43581;43580;43582;43583;43584;44439;43585;44440;44442;44441;44443;44444;44445;44221;44223;44222;44224;44225;44227;44226;44228;44229;44230;44231;44232;44233;44234;44235;44236;44237;44239;44238;44240;44242;44241;44244;44243;44245;44246;44247;44248;44249;44250;44251;44252;44253;44254;44256;44255;44257;44258;44259;44260;44261;44262;44263;44264;44265;44266;44267;44268;44269;44270;44271;44272;44273;44274;44275;44276;44277;44278;44279;44281;44280;44283;44282;44284;44285;44286;44287;44288;44289;44290;44291;44292;44293;44294;44295;44296;44297;44298;44299;44300;44301;45141;45142;45143;45144;45145;45146;45147;45148;45149;45150;45151;45152;45153;45154;45155;45156;42574;42575;42577;42576;42578;42579;42581;42580;42583;42582;42584;42585;42587;42586;42589;42588;42591;42590;42593;42592;42595;42594;42597;42596;42599;42598;42601;42600;42602;42603;42604;42605;42606;42607;42608;42609;42610;42611;42612;42613;42614;42615;42616;42618;42617;42619;42620;42621;42622;42623;42624;42625;42626;42627;42628;42629;42630;42631;42632;42633;42634;42635;42637;42636;42638;42639;42641;42640;42643;42642;42644;42645;42647;42646;42649;42648;42651;42650;45157;45158;45159;45161;45160;45162;45163;45165;45164;45166;45167;45168;45169;45170;45171;45172;45173;45174;45175;42652;42653;42654;42655;42656;42657;42658;42659;42660;42661;42662;42663;42664;42665;42666;42667;42668;42669;42670;42671;42672;42673;42674;42675;42676;42677;42678;42679;42680;42681;42682;42683;42684;42685;42686;42687;42688;42689;42690;42691;42692;42693;42694;42695;42697;42696;42699;42698;42700;42701;42702;42703;42704;42705;42706;42707;42708;42709;42710;42711;42712;42713;42714;42715;42716;42717;42718;42719;42720;46359;46360;46361;46362;46363;46364;46365;46366;46367;46368;46369;46370;42721;42722;42723;42724;42725;42726;42727;42728;42729;42730;42731;42732;42733;42734;42735;42737;42736;42738;42739;42741;42740;42742;42743;42744;42745;42746;42747;42748;42749;42750;42751;42752;42753;42754;42755;42756;42757;42758;42759;42760;42761;42762;42763;42764;42765;42766;42767;42769;42768;42770;42771;42772;42773;42774;42775;42776;42777;42778;42779;42780;42781;42782;42783;65464;65465;52077;65466;44446;44447;44448;44449;44450;44451;44452;44453;44454;44455;44456;44457;44458;44459;44460;44461;44462;44463;44464;44465;44466;44467;44468;44469;44470;44471;44472;44473;44474;44475;44476;44477;44478;44479;44480;44481;44482;44483;44484;44485;44486;44487;44488;44489;44490;44491;44492;44493;44494;44495;44497;44496;44498;44499;44500;44501;44502;44503;44504;44505;44506;44507;44508;44509;44510;44511;44512;44513;44514;44515;44516;44517;44518;44519;44520;44521;44522;44523;44524;44525;44526;44527;44528;44529;44530;44531;44532;44533;44534;44535;44536;44537;44538;44539;44540;44541;44542;44543;44544;45176;45178;45177;45179;45180;45181;45182;45183;45184;45185;45186;45187;45188;45189;45190;45191;45192;45193;45194;45195;45196;45197;45198;45199;45200;45201;45202;45203;45204;45205;45206;45207;45208;45210;45209;45211;45212;45213;45214;45215;45216;45217;45218;45219;45220;45221;45222;45223;45224;45225;45226;45227;45228;45229;45230;45231;45232;45233;45234;45235;45236;45237;45238;45239;45240;45241;45242;45243;45244;45245;45246;45247;45248;45249;45250;45251;45252;45253;45254;45255;45256;45257;45258;45259;45260;45261;46371;46372;46373;46374;46375;46376;46377;46379;46378;46381;46380;46383;46382;46384;45262;45263;45264;45265;45266;45267;45268;45269;45270;45271;45272;45273;45274;45275;45276;45277;45278;45279;45280;45281;45282;45283;45284;45285;45286;45287;45288;45289;45290;45291;45292;45293;45294;45295;45296;45297;45298;45299;45300;45301;45302;45303;45304;45305;45306;45307;45308;45309;45310;45311;45312;45313;45314;45315;45316;45317;45318;45319;45320;45321;45322;45323;45324;45325;45326;45327;45328;45329;45330;45331;45332;45333;45334;45335;45336;46385;46386;46387;46388;46390;46389;46391;46393;46392;46394;46395;46396;46397;46399;46398;46400;46401;46402;46403;46405;46404;46407;46406;47652;47653;47654;47655;47656;47657;47658;47659;47660;47661;47662;47663;47664;47665;47666;47667;47668;47669;47670;47671;47672;53917;53918;53919;53921;53920;53922;53923;53924;53925;49309;49310;49311;49312;49313;49314;49316;49315;52078;52079;52081;52080;52082;52083;52085;52084;52086;52087;52088;49317;49318;49319;49320;49322;49321;49323;49324;49325;49326;49327;49328;49329;49330;49332;49331;49333;49334;49336;49335;49337;49338;49339;49340;49341;49342;49343;49344;49345;49346;49347;49348;49349;49350;43987;43988;43989;43990;43991;43992;43994;43993;43995;43996;43997;43998;43999;44000;44001;44002;44003;44004;44005;44006;44007;44008;44009;44010;44011;44012;44013;44014;44015;44016;44017;44018;44019;44020;44021;44022;44023;44024;44025;44545;44546;44547;44548;44549;44550;44551;44552;44553;44554;44555;44556;44557;44558;44560;44559;44562;44561;44563;44564;44565;44566;44567;44568;44569;44570;44571;44572;44573;44574;44575;44576;44577;44578;44579;44580;44581;44582;44583;44584;46018;46408;46409;46410;46411;46412;46414;46413;46416;46415;46417;46418;46419;46420;46421;46422;46423;46424;46425;46426;46427;46428;46429;46430;46431;46432;46433;46434;46435;42784;42785;44302;43316;43317;43318;43319;43320;43321;43322;43323;43324;45659;45660;45661;45662;45663;45665;45664;45666;45667;45668;45669;45670;45671;45672;45673;45674;45675;45676;45677;45678;45679;45680;45681;45682;45683;45684;45685;45686;45687;45688;45689;45690;45691;45692;45693;45694;45695;45696;45698;45697;45700;45699;45702;45701;45703;45704;45705;45706;45707;45708;45709;45710;45711;45713;45712;45714;45715;45716;45717;45718;45719;45720;45721;45722;45723;45724;45725;45726;45727;45728;45729;45730;45731;45732;45733;45734;45735;45736;45737;45738;45739;45740;45741;45742;45743;45744;45745;45746;45747;43586;43587;43589;43588;45749;45748;45751;45750;45752;45753;45754;45755;45756;45757;45758;45759;45760;45762;45761;45764;45763;45765;45766;45767;45768;45769;45770;45771;45772;45773;45774;45775;45776;45777;45779;45778;45781;45780;45782;45783;45785;45784;45787;45786;45789;45788;45791;45790;45792;45793;45795;45794;45796;45797;45798;45799;45800;45801;45802;45803;45804;45805;45806;45807;45808;45809;45810;45811;45812;45813;45814;45816;45815;45817;45818;45819;45820;45821;45822;45823;45824;45825;45826;45827;45828;45829;45830;45832;45831;45833;45834;45836;45835;45838;45837;45840;45839;45841;45842;45843;45844;45845;45846;45847;45848;45849;45850;45852;45851;45853;45854;45855;45856;45857;45858;45859;45860;45862;45861;45863;45865;45864;45867;45866;45869;45868;45870;45871;45872;45873;45874;45875;45876;45877;45878;45879;45880;45881;45882;45883;45884;45885;45886;45887;45888;45889;45890;45891;45892;45893;45894;45895;45896;45897;45898;45899;45900;45901;45902;45903;45904;45905;45906;45907;45908;45909;45910;45911;45912;45913;45914;45915;45916;45917;45918;45919;45920;45921;45922;46886;46887;46888;46889;46890;46891;46892;46893;46894;46895;46896;46897;46898;46899;46900;46901;46902;46903;46904;46905;53926;65467;43325;43326;43590;46019;46020;46022;46021;46023;46024;46026;46025;46027;46028;46029;46030;46031;46032;46033;46034;46036;46035;46037;46038;46040;46039;46041;46042;46043;46044;46045;46046;46048;46047;46049;46050;46051;46052;46053;46054;46055;46056;46058;46057;46060;46059;46062;46061;46064;46063;46065;46066;46067;46068;46070;46069;46071;46072;46073;46074;46075;46076;46077;46078;46079;46080;46081;46082;46083;46084;46085;46086;46087;46088;46089;46090;46091;46092;46093;46094;46095;46096;46097;46098;46099;46100;46101;46102;46103;46104;46106;46105;46107;46108;46109;46437;46436;46438;46439;46440;46441;46442;46443;46445;46444;46446;46447;46448;46449;46450;46451;46452;46453;46454;46455;46456;46457;46458;46459;46460;46461;46462;46463;46464;46465;46466;46467;46468;46469;46471;46470;46472;46473;46474;46475;46476;46477;46478;46479;46480;46481;46482;46483;46484;46485;46486;46487;46488;46489;46490;46491;46492;46493;46494;46495;46496;46497;46498;46500;46499;46501;46502;46503;46504;46505;46506;46507;46508;46509;46510;46512;46511;46514;46513;46515;46516;46517;46518;46519;46520;46521;46522;46523;46524;46525;46526;46527;46528;46529;46530;46531;46532;46534;46533;46536;46535;46538;46537;46540;46539;46541;46542;46543;46544;46545;46546;46547;46548;46549;46550;46551;46552;46554;46553;46556;46555;46557;46558;46559;46560;46562;46563;46564;46565;46566;46567;46568;46569;46570;46571;46572;46573;46574;46575;46576;46577;46578;46579;46580;46581;46561;46582;46583;46584;46585;46586;46587;46588;46589;46590;46591;46592;46593;46594;46595;46596;46598;46597;46599;46600;46601;46602;46603;46604;46605;46606;46607;46608;46609;46610;46611;46612;53927;53928;53929;53930;53931;53932;53933;53934;53935;53936;53937;53938;53939;53940;53941;53942;53943;53944;53945;53946;53948;53947;53949;53950;53951;53952;53953;53954;53955;53956;53957;53958;53959;53960;53961;53962;53963;53964;53965;53966;53967;53968;53969;53970;53971;53972;53973;52089;52090;52091;52092;52093;52094;52095;52096;52097;52098;52099;52100;52101;52102;52103;52104;46613;46614;46615;46616;46617;46618;46619;46620;46621;46622;46623;46624;46625;46626;46627;46628;46629;46630;46631;46632;46633;46634;46635;54302;54303;54304;54305;54306;54307;54308;54309;54310;54311;54312;54313;54314;54315;54316;54317;54318;54319;54320;54322;54321;54324;54323;53974;53975;53976;53977;53978;53979;53980;53981;53982;53983;53984;53985;53986;53987;53988;53989;53990;53991;53992;53994;53993;53995;53996;53997;53998;53999;54000;54001;54002;54003;54004;54005;54006;54007;52105;52106;52107;52109;52108;52111;52110;52112;52113;46636;46637;46638;46639;46640;46641;46642;46643;46644;46645;46646;46647;54326;54325;54327;54328;54329;54330;54331;54332;54333;54334;54335;54336;54337;54338;54339;54340;54341;54342;54343;54344;54345;54346;54347;54348;54349;54008;54009;54011;54010;54012;54013;54014;54015;54016;54017;54018;54019;54020;54021;54022;54023;54024;54025;54026;54027;54028;54030;54029;54032;54031;54033;54034;54035;54036;54037;54038;54039;54040;54041;54042;54043;54044;54045;54046;54047;54048;54049;54050;54052;54051;54053;54054;54056;54055;54057;52114;52115;52116;52118;52117;46110;46111;46112;46113;46114;46115;46117;46116;46118;46119;46121;46120;46122;46123;46124;46125;46126;46127;46128;46129;46130;46131;46132;46133;46134;46135;46136;46137;46138;46139;46140;46141;46142;46144;46143;46145;46146;46147;46148;46149;46150;46151;46152;46153;46154;46155;46156;46157;46158;46159;46160;46161;46162;46163;46164;46165;46166;46167;46168;46906;46907;46908;46909;46910;46911;46912;46913;46914;46915;46916;46917;46919;46918;46920;46921;46922;46923;46925;46924;46926;46927;46928;46929;46930;46931;46932;46933;46934;46935;46936;46937;46938;46939;46940;46941;46942;46943;54350;54351;45923;45924;45925;45927;45926;45928;45929;45930;45931;45932;45933;45934;45935;45936;45937;45938;45939;45940;45941;45942;45943;45944;45945;45946;45947;45948;45949;45950;45951;45952;45953;45954;45956;45955;45957;45958;45959;46944;46945;46946;46947;46948;46949;46950;46951;46952;46953;46954;46956;46955;45960;45961;45962;45963;45964;45965;45966;45967;45968;45969;45970;45971;45972;45974;45973;45975;45976;45977;45978;45979;45980;45981;45982;45983;45984;45985;45986;45987;45988;45989;45990;45991;45992;45993;45994;45995;45996;45997;45998;45999;46000;46001;46002;46003;46004;46957;46958;46959;46960;46961;46962;46963;46964;46965;46966;46967;46968;46969;46970;46971;46972;46973;46974;46975;46976;46977;46978;46979;46980;46981;46982;46983;46984;46985;46986;46987;46988;46989;54352;54353;50710;50711;65468;50712;50713;50714;50715;50716;50717;50718;50719;50720;50721;50722;50723;50724;50725;50726;50727;50728;50729;50730;50731;50732;50733;50735;50734;50736;50737;50739;50738;50740;50741;50742;50743;50745;50744;50746;50747;50748;50749;50750;50751;50752;50753;50754;50755;50756;50757;50758;50759;50760;50761;50762;46648;46649;46650;46651;46652;46653;46654;46655;46656;46657;46658;46659;46660;46661;46662;54354;54355;54356;54357;54358;54359;54360;54361;54362;54363;54364;54365;54366;54367;54368;54369;54370;54371;54372;54373;54374;54375;54376;54058;54059;54060;54061;54062;54063;54064;54065;54066;54067;54068;54069;54070;54071;54072;54073;54074;54075;54076;54077;54079;54078;54080;54081;54082;54083;54084;54085;54086;54087;54088;54089;54091;54090;54092;54093;54094;54095;54096;54097;54098;54099;54100;54101;54102;54104;54103;54106;54105;52120;52119;52121;52122;52123;52124;52125;52126;52127;52128;52129;52130;52131;52132;48776;48777;48779;48778;48780;48781;48782;48783;48784;48785;48786;48787;48788;48789;48790;48791;48792;48793;48794;48795;48796;48797;48798;48799;48800;48801;48802;48803;54107;54108;54109;54110;54111;54112;54113;54114;54115;54116;54118;54117;54119;54120;54121;54122;54123;54124;54125;54126;54127;54128;54130;54129;54131;54132;54133;54134;54135;54137;54136;54138;54139;54140;54141;54142;54143;54144;54145;54146;54147;54148;54149;54150;54151;54152;54153;54154;48804;48805;48806;48807;48808;48809;48810;48811;48812;48813;46990;46991;46992;46993;46994;46995;46996;54377;54378;54379;54380;54381;54382;54383;54384;54385;54386;54387;54388;54389;54390;54391;54392;54393;54394;54155;54156;50763;50764;54157;54158;54395;54396;54397;54398;54399;54400;54401;54402;54403;54404;54405;48437;48438;48439;48440;48441;48442;48444;48443;48445;48447;48446;48448;48449;48450;48451;48452;48453;48454;48455;48456;48457;48458;48459;48460;48462;48461;48463;48464;48465;48466;48467;48468;48469;48470;48471;48472;48473;48474;48475;48476;48477;48478;48479;48480;48481;48482;48483;48484;48485;48486;48487;48488;48489;48490;48491;48492;48494;48493;48495;48496;48497;48499;48498;48500;48501;48502;48504;48503;48505;48506;48507;48508;48509;48510;54406;46998;46997;46999;47000;47001;47002;47003;47005;47004;47006;47007;47008;47009;47010;47012;47011;47013;47014;54407;47015;54408;54409;54411;54410;54412;54413;54414;54415;54416;54417;54418;54419;54420;54421;54422;54423;54424;54425;48511;48512;48513;48514;48515;48516;48517;48518;48519;48520;48521;48522;48523;48524;48526;48525;48527;48528;48529;48530;48531;48532;48533;48534;48535;48536;48537;48538;48539;48540;48541;48542;48543;48544;48545;48546;48547;48548;48549;48550;48551;48552;48553;48554;48555;48556;48557;48559;48558;48560;48561;48562;48563;48564;48565;48566;54426;54427;54428;54429;54430;54431;54432;54433;54435;54434;54436;54437;54438;54439;54440;54442;54441;54443;54444;54446;54445;54447;54448;54449;54450;54451;54452;54454;54453;54455;54456;54457;54458;54460;54459;54461;54462;54463;54464;54465;54466;54467;54468;54469;54470;54471;54472;54473;48567;48568;48569;48570;48571;48572;48573;48574;48575;48576;48577;48578;48579;48580;48581;48582;48583;48584;48585;48586;48588;48587;48589;48590;48591;48592;48593;48594;48595;48596;48597;48598;48599;48600;48601;48602;48603;48604;48605;48606;48607;48608;48609;48610;48611;48612;48613;48614;48615;48616;48617;48618;50765;50766;50767;50768;50769;50770;50771;50772;50774;50773;50775;50776;54159;54160;54161;54162;54163;54164;54165;54166;54167;54168;54169;48619;48620;48621;48622;48623;54474;54475;54476;54477;54478;54479;54480;54481;54482;54483;54484;54485;54486;54487;54488;54489;54490;54491;54492;54493;54494;54495;54496;54497;54498;54499;54500;54501;54502;54503;54504;54505;54506;54507;54508;54509;54510;54511;54512;54513;54514;54515;54516;54517;54519;54518;54520;54521;54522;54523;54524;54525;54526;54527;54528;54529;54530;54531;54532;54533;54534;54535;54537;54536;54538;54539;54540;54541;54542;54543;54545;54544;54546;48814;48815;48816;48817;48818;48819;48820;48822;48821;48823;48824;48825;48826;48828;48827;48829;48830;48831;48832;48833;48834;48835;48836;48837;48838;48839;48840;48841;48842;48844;48843;48846;48845;48847;48848;48849;48850;48852;48851;48854;48853;48856;48855;48858;48857;48859;48860;48861;48862;48863;48864;48865;48866;48867;48868;48869;48870;48871;48872;48873;48874;48876;48875;48877;48878;48879;48880;48881;48882;48883;48884;48885;48886;48887;48888;48889;48890;48891;48892;48893;48894;50089;50090;50091;50092;50093;50094;50095;50096;50097;50098;50099;50100;50101;50102;50103;50104;48624;48625;48626;48627;48628;48629;48630;48631;48632;48633;48634;48635;48636;48637;48638;48639;48640;48641;48642;48643;48644;48645;48646;48647;48648;48649;48650;48652;48651;48653;48654;48655;48656;48657;48658;48659;48660;48661;48662;48663;50105;50106;50107;50108;50109;50110;50111;50112;50113;50114;50115;50116;50117;50118;50119;50120;50121;50122;50123;50124;50125;50126;50127;50129;50128;50130;50131;50132;50133;50134;50135;50136;50137;50138;50139;50140;50141;50142;50143;50144;50145;50146;50147;50148;50149;50150;48665;48664;48667;48666;48668;48669;48671;48670;48673;48672;48674;48675;48676;48677;48678;48679;48680;48681;48682;48683;48684;48685;48686;48687;48688;48689;48690;48691;48692;48693;48694;48695;48696;48697;48698;48699;48700;48701;48702;48703;48704;48705;48706;48707;48708;48709;48710;48711;48712;48713;48714;50151;50152;50153;50154;50155;50156;50157;50158;50159;50160;50161;50162;50163;50164;50165;50166;50167;50168;50169;50170;50171;50172;50173;50174;50176;50175;50177;50178;50179;50180;50181;50182;50183;50184;50185;50186;50187;50188;50189;50190;50191;50192;50193;50194;50195;50196;48715;48716;48717;48718;48719;48720;48721;48722;48723;48724;48725;48726;48727;48728;48729;48730;48731;48732;48733;48734;48735;48736;48737;48738;48739;48740;50197;50198;50199;50200;50201;50202;50203;50204;50205;50206;50208;50207;50209;50210;50211;50212;50213;50214;50215;50216;50217;50218;50219;50220;50221;50222;50223;50224;50225;52133;52134;52135;52136;52137;52138;52139;52140;52141;52142;52143;52144;52145;52146;52147;52148;52149;54170;54171;54173;54172;54175;54174;54176;54177;54178;54179;54180;54181;54182;54183;54184;54185;54186;54187;54188;50226;50227;50228;50229;50230;50231;50232;50233;50234;50235;50236;50237;50238;50239;50240;50241;50242;50243;50244;50245;50246;50247;50248;50249;50250;50251;50252;50253;50254;50255;50256;50257;50258;50259;50260;50261;50263;50262;50264;50265;50266;50267;50268;50269;50270;50271;51201;51202;51203;51204;51205;51206;51207;51208;51209;51210;51211;51212;51213;51214;51215;51217;51216;51219;51218;51220;51221;51223;51222;51224;54189;54190;54191;54192;54193;54194;54195;54196;54197;54198;54200;54199;54201;54202;54203;54204;54205;54206;54207;54208;54209;54210;54211;54212;54213;54214;54215;54216;54217;54218;54219;54220;54221;54222;54223;54224;54225;54226;54227;54228;54229;54230;54231;54232;54233;54234;54235;54236;54237;54238;54239;54240;54241;54242;54243;54244;54245;54246;54247;54248;54249;54250;54251;54252;54253;54254;54255;54256;54257;54258;51225;51227;51226;51228;51229;51230;51231;51232;51233;51235;51234;51236;51237;51238;51239;51240;51241;51242;51243;51245;51244;51247;51246;52771;52770;52772;52773;52774;52775;52776;52777;54259;54260;54261;52778;52779;52780;52781;52782;52783;52784;49351;49352;49353;49354;49355;49356;49357;49358;49359;49360;49361;49362;49363;49364;49365;49366;49367;49368;49369;49370;49371;49372;49374;49373;49375;49376;49378;49377;49379;49380;49381;49382;49383;49384;49385;49386;49387;49388;49389;49390;49391;49392;49393;49394;49395;49396;49397;49399;49398;49400;49401;49402;49403;49404;49405;49406;49407;49408;49409;49410;49411;49412;49413;49414;49415;49416;49417;49418;49419;49420;49421;49422;49423;49424;49425;49426;49427;49428;49429;49430;49431;49432;49433;49434;49436;49435;49437;49438;49439;49440;49442;49441;49443;49444;49445;49446;49447;49448;49449;49450;49451;49452;49453;49454;49455;49456;49457;49458;49460;49459;49461;49462;49463;49464;49465;49466;49467;49468;49469;49470;49471;49472;49473;49474;49475;49476;49477;49478;49479;49480;49481;49482;49483;49484;49485;49486;49487;49488;49489;49490;49491;49492;49494;49493;49496;49495;49497;49498;49499;49500;49501;49502;49503;49504;49505;49506;49507;49508;49509;49510;49511;49512;49513;49514;49515;49516;49517;49518;49519;49520;49521;49522;65469;49523;49525;49524;49526;49527;49528;49529;49530;49531;49532;49533;49534;49535;49536;49537;49538;49539;49540;49541;49542;49543;49544;49545;49546;49547;49548;49549;49550;49551;49552;49553;49554;49555;49556;49557;49558;49559;49560;49561;49562;49563;49564;49565;49566;49567;49569;49568;49571;49570;49572;49573;49574;49575;49576;49577;49578;49579;49580;49581;49582;49583;49584;49585;49586;49587;49588;49589;49590;49591;49592;49593;49594;49595;49596;49597;49598;49599;49600;49601;49602;49603;49604;49605;49606;49607;49608;49609;49610;49611;49612;49613;49614;49616;49615;49617;49618;49620;49619;49622;49621;49623;49624;49626;49625;49627;49628;52166;52167;52168;52169;52170;52171;52172;52173;52174;52175;52177;52176;52178;50777;50778;50779;65470;52785;52786;52787;52788;52789;52790;52791;52792;52793;52794;65471;65472;49629;52179;52180;52181;52183;52182;52184;52185;52186;52187;52188;52190;52189;52191;52192;52193;52194;52195;50780;50991;50990;50992;50993;50994;50995;50996;50997;50998;50999;51000;51001;51002;51003;51004;51005;51006;51007;51008;51009;51010;51011;51012;51013;51014;51015;51016;51017;51018;51019;51020;51021;51022;51023;51024;51025;51026;51027;51028;51029;51030;51031;51032;51033;51034;51035;51036;51037;51038;51039;51040;51041;51042;51044;51043;51538;51539;51541;51540;51542;51543;51544;51545;51547;51546;51548;51549;51550;51551;51552;51553;51555;51554;53002;53003;53004;53005;53006;53007;53009;53008;52197;52196;52198;52199;52200;52201;52203;52202;52204;52205;52207;52206;52208;52209;52210;52211;52212;52213;52214;52215;52216;52218;52217;52219;52220;52221;52222;52223;49630;49631;49632;50272;50273;50274;50275;50276;50277;50278;50279;50280;50281;50282;50283;50284;51249;51248;51250;51252;51251;51253;51254;50285;51255;51256;51257;51258;51259;51261;51260;51262;51263;51264;51265;51266;51267;51268;51269;51270;51271;51272;51273;51274;51275;51276;51277;51278;51279;51280;51281;51282;51283;51284;51285;51286;51287;51288;51289;51290;51291;51292;51293;53010;53011;53012;53013;53014;53015;53016;53017;53018;53019;53020;53021;53022;53023;53024;53025;53026;53027;53028;53029;53030;53031;53032;53033;53034;53035;53036;53037;53038;53039;53041;53040;53042;53043;53044;53045;53046;53047;54547;54548;54549;54550;50286;65473;50287;50288;50289;51294;51295;51296;51297;51298;51299;51300;51301;51302;51303;51304;51305;51306;51307;51308;51309;51310;51311;51312;51313;51314;51315;51316;51317;51319;51318;51320;51321;51322;51323;51324;51325;51327;51326;51328;51329;51330;51331;51332;51333;51334;51335;52795;52796;52797;52150;52151;52152;52153;52154;52155;52156;65474;52798;52799;52800;52801;52802;52803;52804;52805;52806;52807;52808;52809;52810;52811;52813;52812;52814;52815;52816;52817;54551;54552;54553;50781;50782;50783;50784;50785;50786;50787;50788;50789;54554;54555;54556;54557;54558;54559;54560;54561;54562;54563;50290;50292;50291;65475;54262;54564;54263;54565;54566;54264;54265;54267;54266;51045;51046;51047;51048;51050;51049;51051;51052;51053;51054;51055;54567;54568;53048;53049;53050;53051;53052;53053;53054;53055;53056;53057;53058;53059;53060;53061;53062;53063;53064;53065;53066;53067;53068;53069;53070;53072;53071;53073;53074;53076;53075;53077;53078;53079;53080;53081;53082;53083;53084;53085;53086;53087;53088;53089;53090;53091;53092;53094;53093;53095;53096;53097;53098;53099;53100;53101;53102;53103;53104;53105;53106;53108;53107;53109;53110;53111;53112;53113;53114;53115;53116;53118;53117;53120;53119;53121;53122;53123;53124;53125;53126;53127;53128;53129;53130;53131;53132;53133;53134;53135;53136;53137;53138;53139;53140;54569;54570;54268;54269;54270;54271;54272;52818;52819;52820;54650;54651;54652;54653;54655;54654;54656;54657;54658;54659;54660;54661;54662;54663;54664;54665;54666;54667;54668;54669;54670;54671;54672;54673;54674;54675;54676;54677;54678;54679;54680;54681;54682;54683;54684;54685;54686;54687;54688;54689;52224;52226;52227;52228;52229;52230;52231;52232;52233;52234;52235;52236;52237;52238;52239;52240;52241;52242;52243;52244;52245;52246;52247;52248;52250;52251;52252;52253;52254;52255;52256;52257;52258;52259;52260;52261;52262;52263;52264;52265;52266;52267;52268;52269;52270;52271;52272;52225;52273;52274;52275;52276;52277;52278;52279;52280;52282;52281;52283;52284;52285;52286;52287;52288;52289;52290;52291;52292;52293;52294;52295;52296;52297;52298;52299;52300;52301;52302;52303;52304;52305;55290;55291;55292;55293;55295;55294;55296;55297;55298;55299;55300;55301;55302;55303;55304;55305;55306;52306;52307;52308;52309;52310;52311;52312;52313;52314;52315;52316;52317;52318;52319;52320;52321;52322;52323;52325;52324;52326;52327;52328;52329;52331;52330;52332;52333;52334;52335;52336;52337;52338;52339;52340;52341;52342;52343;52344;52345;52346;52347;52348;52349;52350;52351;52352;52353;52354;52355;52357;52356;52358;52359;52360;52361;52363;52362;52364;52365;52366;52367;52368;52369;52371;52370;52373;52372;52374;52375;52376;52377;52379;52378;52380;52821;52822;52823;52824;52825;52826;52827;52828;52829;52830;52831;52832;52833;52834;52835;52836;52837;52838;52839;52840;52841;52842;52843;52381;52382;52383;52384;52385;52386;52387;52388;52389;52390;52391;52393;52394;52392;52395;52396;52397;52399;52398;52401;52400;52403;52402;52404;52405;52406;52407;52408;52410;52409;52412;52411;52413;52414;52416;52415;52417;52418;52420;52419;52422;52421;52424;52423;52425;52426;52428;52427;52429;52430;52431;52432;52433;52434;52435;52436;52437;52438;52439;52440;52441;52442;52443;52444;52445;52446;52447;52448;52449;52450;52451;52452;55307;52453;55308;55309;55310;55311;55312;55313;55314;55315;55316;55317;55318;55319;55320;55321;55322;55323;55324;55325;55326;55327;55328;55329;55330;55331;55333;55332;55334;55335;55336;55337;55339;55338;55341;55340;55343;55342;55344;55345;55346;55347;55348;55349;55351;55350;55352;55353;55354;55355;55356;55357;55358;55360;55359;55361;55362;55363;55364;55365;55366;55367;55368;55370;55369;55371;55372;55373;55374;55375;55376;55378;55377;54690;54691;54692;54693;54273;72839;55174;55175;55177;55176;52844;54274;52845;52846;52848;52847;52850;52849;52851;52852;52854;52853;52855;52856;52857;52858;52859;52860;52861;52862;52863;52864;55178;55179;55180;55181;55182;55183;55185;55184;55186;55187;55188;55189;55190;55191;55193;55192;55194;55195;55197;55196;55198;55199;55200;55201;55202;55203;55204;55205;55206;55207;55208;55209;55210;55211;55213;55212;55214;55215;55216;55217;55218;55219;55220;55221;55222;55223;55225;55224;55226;55227;55228;55229;55230;55231;55232;55233;55234;55235;55236;55238;55237;55240;55239;55241;55242;55244;55243;55245;55246;55247;55248;55249;55250;55251;54275;52865;52866;52867;52868;52869;52870;52871;52872;52873;52875;52874;52877;52876;52878;52879;52880;52881;52883;52882;52884;52885;52887;52886;52889;52888;52890;52891;52893;52892;52894;52895;52896;52897;52898;52899;52900;52901;52902;52903;52904;52905;52907;52906;52909;52908;52911;52910;52913;52912;52914;52915;52916;52917;52918;52919;52920;52921;52922;52923;52924;52925;52926;52927;52928;52929;52930;52931;52932;52933;52934;52935;52936;52937;52938;52940;52939;52942;52941;54694;54695;54696;54697;54698;54699;54700;54701;54702;54703;54704;54705;54706;54707;54708;54709;54710;54711;54712;54713;54714;54715;53141;53142;53143;53144;53145;53146;53147;53148;53150;53149;53151;53152;53153;53154;53155;53156;53157;53158;53159;53160;53161;53162;53163;53164;53165;53166;53168;53167;53169;53170;53171;53172;53173;53174;53175;53176;53177;53178;53179;53180;53181;53182;53183;53184;53185;53186;53187;53188;53189;53190;54716;54717;54719;54718;54721;54720;54722;54723;54724;54725;54726;54727;54728;54729;54730;54731;54732;54733;54734;54736;54735;54738;54737;54739;54740;54742;54741;54744;54743;54745;54746;54748;54747;54749;55252;55253;54750;53191;53192;53193;53194;53195;53196;53197;54751;54752;54753;54754;54755;54756;54757;54758;54759;54760;54761;54762;54763;54764;54765;54766;54767;54768;54769;54771;54770;54773;54772;54774;54775;54777;54776;54276;54277;54278;54279;54280;54281;54779;54778;54780;54781;54782;54783;54784;54785;54786;54787;54788;54789;54790;54791;54792;54793;54794;54795;54796;54797;54798;54799;54801;54800;54802;54803;54804;54805;54806;54807;54808;54809;65476;54810;65477;59073;54571;54282;55254;55255;55256;55257;55258;55259;55260;55261;55262;55263;55264;55265;55266;55267;55268;55269;55270;55271;55272;55273;65478;65479;54283;54284;65480;65481;65482;65483;54812;54811;54813;54814;54815;54816;54817;54818;54819;54820;54821;54822;54823;55274;55275;55276;55277;55278;55279;55379;55380;55381;55383;55382;55384;54285;65484;72840;65485;65486;65487;65488;65489;65490;72841;65491;65492;65493;65494;65495;65496;65497;65498;65499;65500;65501;72842;65502;59074;65503;65504;65505;65506;72843;65507;65508;65509;72844;72845;65510;65511;65512;65513;59075;65514;72846;65515;65516;65517;65518;72847;65519;65520;65521;72848;65522;65523;65524;65525;65526;65527;65918;65528;65529;71160;71161;71162;65707;65708;65709;71163;65710;65711;66275;66276;66277;66278;71164;71165;65712;66279;69308;69285;65919;69286;69287;69349;69350;69351;69352;66280;69310;69309;69311;69312;74271;69353;74272;77378;74273;74274;72609;77379;77380;74275;79062;87184;77412;77381;74276;79063;77413;77382;87185;77383;80967;77414;77415;77416;77417;83878;83879;91233;80968;86194;88993;88994;86126;91234;91235;91236;91237;91238;102120;102121;102122;102123;102124;102125;102126;102822;102127;104123;10009;69863;76870;83135;103189;126924;84087;59917;91103;81491;76871;89053;103190;77333;94970;103191;79626;87374;85447;14611;97051;77532;81022;89672;83874;102321;92356;102129;102128;102130;102322;102323;92357;99184;99183;102131;73557;136323;136324;136325;73558;73308;76168;86656;85930;88590;90942;95477;73559;77603;78772;81406;82900;84880;88085;88591;89829;90448;73560;92323;95255;107229;107230;107231;107232;111353;111354;152700;125707;73561;125708;73562;73563;73472;73564;74468;74512;73735;94674;110777;79660;73565;73566;111969;111970;111971;111972;70495;70496;45489;45488;21186;25038;32082;33102;134862;30151;40363;109364;109363;109365;109366;109687;109686;109689;109688;109691;109690;109693;109692;109694;110193;110194;110195;110196;110446;110447;110448;110449;110450;110451;110452;110453;110454;110455;110456;110780;110781;110967;110782;111605;111334;111336;111335;111550;111551;111606;111607;111608;111701;112085;112086;112087;112088;112089;117589;117590;117708;117591;117592;117709;117710;118042;118041;118044;118043;118400;118401;118403;118402;118832;118404;118833;118834;118835;118836;118959;119502;119503;119504;119505;119506;119507;119782;119781;119783;119784;119786;119785;119787;119788;119789;119790;109120;109119;109122;109121;109123;109124;109125;109126;109127;109128;109129;109130;109131;109132;109133;109134;109135;109136;109137;109138;109139;109140;109141;109177;109178;109179;109180;109181;121047;121048;121049;121050;121051;121052;121054;121053;121363;121362;121364;121365;121366;121367;121368;122158;122159;122160;122162;122161;122261;122260;122671;122672;122673;122674;122675;122676;122677;122678;122679;122680;123465;122861;123466;123467;123468;123469;124123;124124;124125;123757;124126;124127;124128;124301;124302;124303;124304;124305;125287;124592;124593;124594;125091;125288;125289;125290;125291;125598;125599;125600;125601;125602;125603;125954;126831;125899;125898;125900;125901;126384;126383;126956;126957;127460;126958;126959;126960;126962;126961;126963;127461;127463;127462;127464;127465;127466;127467;128284;128285;128286;128287;128288;128289;129063;128290;129064;129065;129066;129067;129068;129069;129070;129071;129392;129790;129559;129560;129561;129562;129563;129791;129792;129793;129794;129795;129851;130214;130028;130215;130216;130217;130218;130219;130220;130221;130222;130223;130224;130225;130226;130227;130229;130228;130230;130231;130232;130233;130234;130235;130236;130400;130401;130470;130402;130598;130599;130600;130601;130603;130602;130604;130605;130606;130607;130608;131027;131026;131028;131029;131031;131030;131082;131234;131236;131235;131237;131238;132258;132259;132261;132260;132262;132263;132264;132265;132266;132734;132735;133092;133093;133094;133095;133149;133552;133096;133554;133553;133555;133556;133866;133652;133867;133868;134117;134118;134327;134328;134329;134678;134679;134896;134897;134569;134898;134899;135594;135595;135929;135930;135931;135932;135933;136360;136361;136362;136363;136365;136364;136528;136529;136530;136749;136750;136751;136753;136752;137089;137088;137091;137090;137566;137567;137568;137569;137570;138043;137571;138044;138045;138046;138047;138048;138049;138050;138051;138616;138617;138618;138619;138620;138621;138622;138623;138624;138625;138626;138628;138627;138629;138630;138854;138856;138855;138857;139337;139338;139339;139852;139853;139862;139859;139856;139855;139857;139858;139861;140194;140198;140195;140197;140199;140196;140209;140636;143158;140634;143159;140635;141107;141106;141108;141958;141987;141952;141985;141998;141943;141999;141993;141939;141996;141940;141957;141949;141988;141986;141967;141963;141953;141965;141989;141991;141962;141974;141973;141972;141945;141977;141959;141994;141983;141951;141956;141941;142000;141975;141976;141978;141966;141942;142022;141954;141990;141970;141955;141964;141971;141968;141946;141984;141960;141947;141995;141938;141948;141997;142724;142723;142725;142728;142722;142738;142720;142733;142734;142726;143579;142737;143583;143589;143582;143580;143577;143581;143575;143578;143576;156175;143586;144806;144807;144795;144801;144805;144799;144797;144804;144796;144803;144798;145454;144800;145456;145453;145455;145457;145452;145450;145449;146630;146629;146624;146633;146625;146631;147715;146626;146634;146632;146628;146627;146635;146623;146622;147906;147910;147913;147912;147914;147909;147908;147911;147907;148193;148196;148195;148194;148337;148921;148914;148919;148915;148922;148920;149305;148913;149860;149870;149864;149873;149875;149865;149871;149861;149869;149867;149863;150975;150993;150976;150971;150973;150974;150970;150969;150980;150968;150964;150983;150979;150977;150978;150966;150972;150967;150965;150994;151268;151272;151271;151273;151267;151277;151270;151266;151274;151269;151275;151799;151793;151795;151794;151792;151796;151798;151931;151930;152237;153152;152236;152233;152238;152234;153786;153421;153416;153420;153426;153425;153422;153427;153418;153424;153883;153417;153898;153896;153897;153900;153899;154179;154913;154914;154912;154911;155979;155760;155980;155994;156020;155982;155989;155973;156112;156182;156262;156263;158591;158722;158725;157182;158046;157884;157883;157885;157408;158210;158211;158213;158592;158214;158590;158588;158721;158723;158724;158720;158719;158788;69560;158954;69561;69563;69562;69564;69565;69566;69567;69568;78262;69570;69571;69572;69573;69569;69574;69576;69575;69577;69578;78263;69579;69580;69581;69582;69583;69584;69585;69586;69587;69588;78264;69589;78265;78266;78267;78269;78268;78270;69590;69592;69591;69593;69594;69595;69596;69597;69598;69599;69600;69601;69602;69603;69604;69605;69606;69607;69608;69609;69610;69611;69612;69613;69614;69615;69616;69617;69618;69619;69621;69620;69622;69623;69624;69625;69626;69627;69628;69629;69630;69631;69632;69633;69634;69635;69636;69637;69638;69639;69640;69641;69642;69643;69644;69645;69646;69647;69648;69649;69650;69651;69652;69653;69654;69656;69655;69657;69658;69659;69660;69661;69662;69663;69664;69665;69666;69667;69668;69669;69670;69671;69672;69673;69674;69675;69676;69677;69678;69679;69680;69681;69682;69683;69684;69686;69685;69688;69687;69690;69689;69691;69692;69693;69694;69696;69697;69698;69699;69695;69700;69701;69702;69703;69704;69705;69706;69707;69708;69709;69710;69711;69712;69713;69714;69716;69715;69717;69718;69720;69719;69721;69722;69723;69724;69725;69726;69728;69727;69730;69729;69731;69732;69733;69734;69735;69736;69737;69738;69739;69740;69741;69742;69743;69744;69745;69747;69746;69748;73126;69749;69750;69751;69752;69753;69754;69755;69756;69757;69758;69759;69760;69761;69762;69763;69764;69766;69765;69767;69768;69769;69770;69771;70218;70219;70220;70221;70223;70222;70224;70225;70226;70227;70228;70229;70230;70231;70232;70233;70234;70567;70568;70896;70569;70897;70898;70900;70899;70901;70902;70903;70904;70905;70906;70907;70908;71078;71079;71266;71267;71268;71269;72266;71270;71395;71396;71397;71398;71399;71400;71401;71574;71575;71576;71577;71578;71579;71580;71581;71582;72289;72290;72291;72292;72293;72294;72295;72296;72297;72298;72299;72300;72301;72302;72303;72304;72305;72306;72745;72746;72747;72748;72749;72750;72751;72944;72946;72945;72947;72948;72949;72950;72951;73058;73059;73060;73061;73227;73228;73229;73230;73231;73232;73233;73234;73235;73236;73237;73569;73438;73649;73650;73651;73652;73653;73654;73655;78271;78272;78273;78274;78275;78276;78277;78278;78279;78280;78281;78282;78283;78284;78285;78286;78287;78288;78289;78290;78291;78292;78293;78294;78295;78296;78297;78298;78299;78300;78301;78302;78303;78304;78305;78306;78307;78308;78309;78310;78311;78312;78313;78314;78315;78316;78317;78318;78319;78320;78321;78322;78324;78323;78325;78326;78327;78328;78329;78330;78331;78332;78333;78335;78334;78336;78337;78339;78338;78340;78341;78342;78343;78344;78345;78346;78347;78348;78349;78350;78351;78352;78353;78354;78355;78357;78356;78358;78359;78360;78361;78363;78362;78364;78365;78366;78367;78448;78484;78485;78558;78559;78560;78561;78562;78658;78778;78777;78779;78780;78781;78872;78873;78874;78875;79292;79294;79293;79295;79296;79297;79298;79558;79559;79561;79560;79562;79725;79840;79841;79842;79873;79874;79875;80122;80414;80415;80416;80417;80419;80418;80557;80461;80921;80922;81320;81024;81321;81322;81323;81324;81325;81326;81327;81328;81330;81329;81673;81674;81675;81676;81826;81677;81827;81828;81829;82043;82044;82045;82046;82047;82506;82507;82508;82509;82831;82832;82833;82834;82835;82836;82856;82857;82858;82859;83056;83057;83058;83059;83268;83269;83270;83271;83272;83280;83493;83494;83495;83496;83497;83880;83881;83882;83883;83885;83884;83973;83974;83976;83975;83977;83978;84128;84129;84243;84244;84245;84246;84247;84248;84249;84250;84293;84251;84370;84369;84371;84372;84593;84592;84594;84595;84596;84623;84624;84625;84647;84925;84926;84927;84928;84929;84930;84964;84931;85044;85045;85230;85231;85232;85451;85452;85453;85454;85455;85457;85456;85458;85632;85633;85747;85748;85631;85749;85750;85751;85752;86073;86074;86075;86355;86076;86356;86495;86496;86634;86636;86635;86637;86638;86770;86771;87014;87015;87016;87339;87340;87341;87342;87343;87344;87345;87347;87346;87348;87349;87350;87351;87352;87353;87354;87355;87379;87380;87966;87967;87968;87969;87970;87971;87972;87973;87974;87990;87991;88655;88656;88657;88658;88659;88660;88662;88661;88663;88664;89119;88756;89120;89837;89838;89839;89841;89840;89843;89842;89844;89845;89846;89847;89848;89965;89966;90100;89967;90155;90154;90267;90268;90269;90270;90271;90272;90273;90274;90364;90365;90513;90366;90514;90629;90630;90631;90632;90633;90776;90777;90778;90864;90865;90866;90867;91047;91048;91239;91240;91241;91463;91464;91465;91466;91467;91468;91469;91470;91471;91627;91628;91629;91768;91769;91858;92221;92222;92223;92469;92470;92471;92472;92661;92662;92663;92664;93008;93009;93010;93011;93012;93013;93014;93015;93016;93251;93252;93743;93253;93744;93536;93537;93538;93540;93539;93665;93745;93789;94018;94019;94020;94022;94021;94183;94341;94342;94681;94682;94182;94683;94684;94685;94686;94973;94974;94975;94976;94977;95609;95893;95894;95895;95896;95897;95935;95898;96282;96283;96284;96394;96395;96631;96632;96805;96806;96807;96808;96809;97022;97023;97024;97025;97146;97147;97148;97149;97329;97553;97554;97555;97556;97557;97896;97897;99035;99036;99037;99038;99186;99039;99419;99418;99529;99530;99532;99531;99534;99533;99711;99535;99712;99713;99714;100105;100274;100106;100276;100275;100552;100553;100554;100636;100638;100637;100639;100640;100641;100642;100644;100643;100873;100874;101000;100999;101001;101002;101004;101003;101064;101270;101271;101272;101551;101273;101934;101933;101958;101959;102178;102177;102179;102180;102208;102181;102367;102502;102544;102545;102546;102548;102547;102863;102864;102865;102866;102868;102867;102869;102870;102871;102872;102873;102874;102876;102875;103224;102877;103225;103226;103228;103227;103229;103309;103310;103650;103651;103652;103653;103572;103600;103601;103602;103603;103604;103755;103822;103824;103823;103825;104179;104180;104182;104181;104392;104183;104393;104394;104395;104704;104705;104706;104707;105050;105051;105052;105053;105054;105055;105417;105419;105418;105420;105422;105421;109182;109367;109368;109555;109695;109696;109697;117342;109698;109699;109700;109701;110198;110197;110199;110200;110201;110202;110457;110458;110459;110460;110462;110461;110463;110783;110784;111337;111338;111552;111553;111609;111610;111611;111612;111702;112090;112091;112092;112093;112094;112095;112096;117343;112097;117344;117345;117346;117347;117348;117603;117604;117606;117605;117608;117607;117922;117923;117924;118210;118211;118212;118213;118361;118363;118362;118802;118595;118803;118804;118805;119464;119687;119465;119466;119467;119468;119469;119471;119470;119472;119473;119474;119475;119476;119477;119478;124199;119688;121359;121360;121361;119689;119812;119813;119814;119815;105516;105517;105620;106168;106169;106170;106171;106690;106691;106692;106693;106695;106694;106930;106931;106932;106934;106933;106936;106935;107236;107235;107238;107237;107239;107240;107241;108414;108597;108598;108600;108599;108601;108602;108603;108844;108845;108691;108847;108846;108848;109369;108849;108850;108852;108851;109183;109184;109185;109186;121130;121131;121369;121132;121370;122034;122035;123081;122096;122602;122758;123082;122759;122760;123083;123084;123085;123086;123087;123088;123089;123090;123091;123956;123957;123958;124200;124653;124654;124655;125604;125092;125292;125293;125314;125294;125295;125605;125955;125902;125903;125739;125904;126346;127060;127061;127062;127063;127064;127065;127066;127068;127067;127069;127070;127071;127072;127073;127074;127468;127075;127810;127811;127812;127813;127814;127815;127816;127817;127818;127819;128291;128292;128293;128294;128617;129006;129005;129007;129008;129009;129010;129011;129012;129013;129014;129407;129564;129565;129566;129567;129568;129570;129569;129796;129797;129798;129852;130281;130282;130403;130404;130280;130471;130609;131083;130610;131239;131240;131241;131242;131243;131244;132321;132026;132322;132323;132324;132754;132755;132756;132757;133004;133005;133006;133007;133558;133557;133559;133560;133653;133869;133870;133871;134119;134120;134570;134571;134572;134573;134575;134574;134681;134680;134682;135710;135934;135935;135936;135937;135938;136624;136625;136626;136627;136628;136629;137093;137092;137094;137095;137096;137097;137099;137098;137101;137100;138052;138053;138054;138055;138631;138056;138057;138632;138058;138060;138059;138061;138634;138633;138635;138636;138637;138638;138639;138640;138642;138641;138643;139083;139084;139085;139086;139087;139088;139090;139089;139091;139092;139093;139549;139548;139550;140092;140086;140091;140095;140090;140096;140088;140093;148126;140094;140085;140089;140087;140210;140206;140207;140612;140611;141969;141982;141961;141950;141981;141980;141992;141979;141944;142984;142981;142978;142976;142980;142974;142977;142979;142983;142993;142975;143367;144465;143887;144471;144463;144472;144461;144464;144473;144459;144470;144467;144469;144466;144460;144468;144458;144462;144994;144997;144990;145003;144993;145005;145004;145008;145001;145000;144998;145009;144989;144999;145002;145010;144995;144991;144992;144988;145458;145451;146570;146569;146567;146818;146814;146819;147916;147917;147919;147918;147915;148131;148132;148377;148378;148899;148898;149431;149430;149432;149783;149784;149791;149814;149872;149868;149862;149866;150150;151514;151508;151509;151518;151517;151519;151522;151515;151521;151511;151510;151513;151507;151512;151520;151933;151934;153160;153171;153167;153166;153162;153170;153165;153169;153163;153164;153161;153882;153861;153859;153860;153864;153863;153858;154188;154899;154901;154897;154900;155372;155354;155607;155758;156174;156264;156867;156870;156868;156877;156871;156864;157410;158177;158192;158193;158195;158587;158589;158695;158697;158696;158790;158791;158986;11581;80863;10530;10760;69790;70210;70211;70212;11019;80862;10818;11498;10011;10012;10014;11027;19780;19304;80304;80228;55623;157546;90798;157624;157524;157691;157677;157693;157654;157476;157534;157555;157539;157590;157714;157578;157617;157709;157602;157705;157618;157660;157501;157650;157627;157685;157605;157547;157681;157492;157635;157713;157679;157571;157632;157519;157499;157698;157686;157574;157634;157553;157554;157498;157689;157633;157597;157672;157657;157566;157509;157606;157695;157527;157721;157671;157644;157706;157699;157477;157594;157612;157620;157616;157582;157692;157652;157619;157535;157665;157538;157664;157637;157622;157639;157645;157584;157687;157599;157510;157609;157523;157491;157700;157552;157548;157707;157520;157506;157629;157658;157703;157607;157495;157613;157719;157487;157598;157533;157559;157723;157682;157651;157595;157708;157668;157688;157701;157615;157522;157488;157611;157515;157525;157684;157711;157583;157669;157680;157490;157710;157593;157478;157647;157569;157572;157674;157728;157621;157587;157696;157724;157500;157648;157526;157608;157588;157655;157475;157483;157561;157470;157482;157504;157649;157610;157636;157562;157573;157514;157541;157697;157473;157653;157715;157659;157560;157536;157530;157586;157646;157600;157716;157511;157642;157484;157718;157544;157486;157471;157558;158840;157565;157673;157481;157576;157704;157542;157563;157726;157603;157729;157516;157643;157591;157676;157556;157623;157663;158839;158854;157638;157496;157702;157564;157683;157505;157550;158874;157512;158851;157604;157577;157518;157517;157630;157485;157532;158878;157712;157507;157513;157725;157581;157575;157579;157521;157557;157625;157497;157568;157656;157667;157479;157662;157545;157493;157528;157596;157589;157537;157502;157720;157628;159005;157508;157472;157503;157469;157717;157585;157640;157494;157480;157631;157626;157529;157570;157540;157661;157727;157474;157551;157489;157722;157675;157666;157592;157678;157601;157531;157567;157694;157580;157670;157543;157641;157690;157614;157549;158879;158848;158858;158872;158834;158846;158871;158869;158847;158826;158865;158860;158855;158831;158852;158841;158859;158856;158832;158833;158864;158825;158862;158837;158835;158863;158853;158838;158849;158824;158844;158829;158828;158845;158827;158861;158823;55669;33283;33284;33280;33285;84821;10015;46180;27596;31417;32322;30214;33225;42372;42977;41062;32323;25897;34963;158843;34964;43828;45592;43831;40822;25904;44339;16271;72236;11118;10462;148376;148708;153836;19599;62349;87733;62350;28289;41644;25336;35618;10016;11555;10536;10644;10366;10445;10489;66382;66381;21185;63111;10017;29703;121573;121574;112212;127125;127126;127127;131731;132319;135182;139386;136715;136716;112214;121575;112213;11238;14187;112215;34021;27854;61463;11882;104145;104144;19299;11909;11137;11793;11915;31654;31408;44589;11408;11507;11607;11665;11788;11853;12100;14748;14803;31656;31655;31407;50069;68914;40467;57603;42052;45004;48205;50070;53896;54646;56216;57791;62101;64912;68915;73405;77531;31659;96450;101787;26023;31118;33477;76622;81126;84959;58795;122059;92320;96451;100995;101788;103838;61644;108758;122060;111788;117807;121355;123642;64893;128033;135290;139574;150280;150244;153584;153885;153884;155600;153952;156255;158900;69014;76914;73081;15588;11042;11041;11046;14177;10752;46740;46739;46741;10938;144568;142023;142362;143421;143420;143419;11030;12280;16193;106230;10704;148240;148241;88098;156753;146314;106231;14771;146313;111465;142640;48204;141262;141394;57792;12293;35452;15908;90247;90248;90249;106979;122718;156558;156103;156860;106980;136424;155999;156165;156057;156183;156184;156327;155998;156014;156162;156056;156032;156002;156001;156164;156000;156257;156158;156669;156197;156157;156256;156132;156375;12239;156166;80864;153585;15554;17692;153583;15555;34433;56972;57875;153586;20386;17693;133766;127859;148239;156473;106717;126779;55976;35299;22203;17694;10678;106718;10677;106232;10440;17695;126447;131734;132315;156471;158094;10480;12046;31738;10918;122487;122488;122489;141263;58593;80917;80918;80919;87240;87241;107227;107228;136931;79624;80920;58592;130175;144969;10766;17696;11209;11092;144968;110266;11210;125634;125635;12066;11483;11484;110267;14251;72602;127858;93525;72601;93515;94330;96730;95826;99185;100269;101953;99127;103505;103420;104350;105769;106308;106946;105075;109397;108812;111218;110398;118146;117632;121331;119610;121645;118569;125090;123080;129391;128150;132056;136919;145550;126951;148262;150851;149331;153652;146459;129587;133857;151621;130461;133528;132024;137137;134950;138575;136920;140654;142881;144451;147663;148263;145548;149353;149987;149061;152127;152037;154714;153434;154137;154722;156911;156187;158036;157199;158972;153507;60025;60026;60027;62803;60028;65633;62242;64287;72666;70174;70562;70925;72667;69984;73647;72907;76315;77745;79312;78585;81050;81746;82703;85407;84490;86253;85987;86571;88050;87310;91225;92844;92359;90118;93124;65676;60029;60031;60030;49793;90005;60032;93776;94337;96877;99264;90006;100256;103419;104387;105612;106974;109060;110325;117588;111110;118712;119839;127048;125148;131702;132045;133727;135855;146215;146458;149992;62357;64456;72962;70257;77822;78871;79360;81145;81790;82712;90315;88418;94050;91311;90309;103223;92494;93741;42825;30056;20383;11090;61396;35403;61395;118710;12031;54970;54969;73761;62810;62812;69513;58607;62811;34393;55719;55720;16390;63146;23832;23841;24239;11105;24238;19376;19387;24240;24015;24816;26970;25086;32398;18040;24013;18041;22511;22510;82848;104386;90266;81976;69444;85988;86419;88843;69445;19386;18140;69446;16364;17303;11734;21326;15623;16334;20977;20976;20985;11659;16012;15439;16094;11465;44872;22870;137855;138344;138339;138338;138345;138340;138218;138219;107059;107070;107060;107061;107062;107063;107065;107064;107067;107066;107068;107069;133801;133852;133859;133865;133862;133959;134116;134304;134418;134303;134419;133724;17157;10018;14377;17158;102916;78921;47700;50324;50323;50325;78920;50326;109724;18199;72966;72397;72672;72965;72396;139002;136283;138577;122755;121435;150987;150077;150076;150074;150081;122756;150788;151188;104176;150752;82567;78510;78509;103855;45005;18046;10019;45555;34395;34394;34397;34396;10666;31049;15968;14817;14816;10844;33270;149981;64588;64589;10843;58601;12057;10362;10363;11071;18357;108380;108381;14233;58107;25674;110561;51644;52157;52714;53544;54971;55457;56921;56922;57289;58431;58432;58433;58904;58905;58906;59503;59504;59714;60064;60065;61993;61994;64717;65896;65897;65898;69558;69559;71538;73019;73020;73021;73022;76087;76088;76089;77858;57561;77859;78623;79438;79440;79439;79441;80036;81205;81257;82901;88715;90799;90997;93533;93534;95926;95927;99363;100386;102958;104042;104658;105390;105041;105545;107100;107101;110568;110562;117808;118974;122670;22878;21303;63202;40885;33576;33564;32132;21304;32135;72683;71095;111232;112115;111233;80518;58602;58603;23736;10020;18376;25931;137180;25671;137181;100160;131193;106870;117406;117405;122854;124411;126338;106871;131566;14830;73615;73616;73617;73618;38650;38649;49696;73619;73620;73621;117407;73622;73624;73623;81181;61431;38648;81180;11795;33948;73965;76309;55285;55284;74186;20095;19765;19587;11365;10638;10021;11994;110095;62627;110385;117885;150799;73291;73292;87766;96315;81318;73290;81317;76307;135973;76308;77369;77370;135974;76774;76775;77367;19385;19522;44876;87776;25337;76773;24281;42261;24280;17638;54831;17583;25706;84431;88933;84432;88932;76589;33762;19703;38973;38876;38875;25348;11096;11715;29923;11948;104103;104102;11102;73490;42982;16189;16456;35974;14347;21328;26056;35975;19415;34055;10022;38911;24321;30105;30106;10023;11298;153948;117882;10502;25161;101810;117883;105160;105159;122369;123935;35454;42475;20297;15785;153926;153989;154381;158673;152543;152541;152542;153474;79358;20844;11667;10024;39519;84574;57913;39520;39521;53210;46215;23971;17241;11062;14350;11064;11554;11641;12063;12027;11411;77156;86721;110769;101026;105371;77155;11672;77249;77248;123936;124367;12010;22130;64258;49710;32434;19556;35224;85850;78074;21611;21174;25443;42264;39535;39536;77829;82581;78385;77823;78067;77857;59850;14304;14305;14306;14307;14308;10601;14218;14219;11072;11445;11674;11651;17663;10025;10460;57729;18188;15466;10507;14786;35621;21747;18365;12043;58975;46883;46884;109059;101355;101356;11052;32475;12011;28361;31351;46241;46242;40988;10026;10579;10568;11907;10027;20089;30215;76942;30216;30217;69368;69369;73945;74495;79861;81486;84728;85241;85896;81487;88385;92493;93865;106679;100996;125738;109947;111790;130212;131735;149315;137838;137837;149320;149212;149211;149210;152682;154662;136808;146595;139917;139911;139921;139915;139916;159060;49777;50976;52158;53842;54923;55533;55534;56862;62355;59446;60120;62119;62562;63166;65736;106136;66838;69106;70889;71940;81488;81489;81490;88716;87502;87503;89998;89999;90000;94611;94577;96625;97227;99478;101232;106200;122237;122238;122239;122240;119264;124652;122505;122506;122507;124588;124562;126339;136769;159110;159061;159111;44116;42983;11051;22311;40422;17840;40450;11318;25121;34245;11320;10728;10605;10886;35371;10329;11932;16260;10539;11510;47760;11152;38735;11857;86072;16261;10028;10029;10549;10828;10827;34097;34098;34096;16191;110770;110776;128055;56195;20749;20748;38829;136761;136760;87777;24233;76794;76792;76793;28332;38830;30020;30021;11198;20845;99933;99931;99932;58649;58648;20846;50676;20843;110289;110292;110290;110293;110291;47744;29854;66555;66554;10383;17193;11638;58652;58147;68963;71992;73439;74125;77247;82296;70135;51395;49674;70498;88881;91460;73762;55670;38199;72583;91461;77327;82295;20949;35430;38947;43007;51191;51527;50071;33550;20982;55819;20983;65643;65642;20950;53829;42370;71040;84987;71038;81210;124859;124860;71096;74511;74510;15450;14270;10927;12114;51585;11649;11648;17151;11647;51564;68927;68928;69442;16363;69930;74037;93410;69929;76163;68994;68993;76164;76256;104381;70302;73515;72726;76165;82663;84400;93381;68992;93401;93405;34334;34346;93402;93403;93406;21748;22541;93686;90998;91000;91947;90999;51160;19500;19548;15703;34236;18247;30052;15746;34242;10030;11440;11995;18375;10031;12237;11082;14225;19598;22158;11996;15849;14828;23637;10686;34474;10556;104901;104900;40984;11130;11973;22528;11548;154981;64914;64915;111073;152198;152197;11135;11707;11733;15470;18654;61650;62074;62973;64878;47748;70720;78069;77779;86048;81424;15562;18245;74106;11462;44426;16206;74107;13635;15565;48316;50599;64877;11917;47166;81554;11463;11553;42346;42345;24223;21035;18250;23733;23734;18251;18293;19524;19365;10389;46349;35473;42105;69316;69317;57035;73760;55692;55691;67258;27526;33901;40621;27527;25218;25200;25219;33140;33108;95662;117341;143477;96317;95663;20174;45503;45502;20147;20840;20173;25766;25934;10951;10034;18546;81601;18619;81602;46222;57617;69306;81603;84549;23963;23964;46221;31048;15461;11866;11759;22448;74324;74325;74323;10506;19749;34202;21727;25567;18410;10035;46236;46237;29899;30107;11114;73375;73374;73376;14819;91486;11776;26924;10388;15625;10724;11503;103302;103303;103304;103305;34489;15773;15774;21772;25083;10036;66391;145595;145682;145662;145644;145642;145599;145592;145660;145649;145627;24232;145673;145583;145573;145591;145598;145681;145596;145610;145688;145674;145630;145651;145640;145656;145620;145601;145683;145575;145685;145616;145588;145669;145650;145663;145690;145675;145670;145602;145678;145586;145612;145613;145625;145581;145652;145668;145637;145631;145611;145676;145647;145622;145617;145638;145684;145589;145648;145679;145572;145641;145618;145587;145633;145576;145657;145628;145624;145635;145664;145597;145579;145607;145646;145654;145614;145687;145680;145593;145594;145667;145658;145665;145672;145645;145653;145590;145580;145666;145619;145634;145686;145608;145643;145606;145615;145600;145623;145661;145578;145603;145621;145629;145639;145605;145609;145659;145574;145689;145632;145677;145604;145585;145636;145655;145671;145577;145582;145584;145626;145921;146041;145938;145869;145834;145912;145984;145949;145950;145983;145972;145801;145976;145935;145895;145807;145852;145993;145979;146010;145796;145901;145803;145866;145942;145827;145948;145958;145929;146014;145830;146006;145818;145992;145994;145985;145974;145858;146003;146004;146027;146011;145982;145828;145884;146012;146000;145889;146034;145897;145814;146008;145991;146039;145798;145941;145851;145955;145842;145799;145967;145936;145903;145823;145794;145952;146022;145810;145808;145825;146007;145863;145850;146023;146018;145995;145841;145885;145795;145930;145966;145975;145812;145876;145946;145874;145934;145886;145831;145971;145928;145838;145856;145960;145947;145797;145906;146024;145913;145953;146029;145999;145822;145853;145997;145954;145846;145981;145802;145956;145970;145905;145879;145861;146025;145804;145951;145907;145870;145964;145867;145908;146013;145916;146021;145859;145819;145843;145805;145996;146030;145919;145878;145868;145833;146005;145857;145836;145909;145840;145940;145887;145957;146040;145882;145811;145871;145837;145845;145839;145813;145986;145835;145924;145849;145806;145917;145883;145880;145815;146028;145965;145977;145865;145826;146037;145890;145896;145881;145939;145809;146038;145998;146019;145877;145854;145872;145904;145943;145968;145875;145987;145820;145922;145824;146035;145973;146031;145898;145959;146036;145899;146026;145900;145978;146020;145926;145893;145944;145873;146032;145918;145910;146015;145888;146016;145914;145864;145915;145832;145969;145821;145911;145961;146001;145847;145848;145816;145980;145860;146042;145891;145988;145844;145989;145927;145932;145945;145963;145923;145892;145925;145855;145817;145894;145933;145800;145990;146017;145920;145902;145829;146009;145962;146002;145937;145862;145931;146033;145570;145698;145792;145791;146490;146089;146552;146802;146548;146539;146800;146871;146872;146870;146965;146964;146963;146994;147137;147713;147191;147887;148033;148188;148187;148281;148318;148420;148424;148422;148687;148686;148688;148863;148940;148941;149026;149237;149775;149874;149732;149746;149741;150034;149738;149743;149730;149757;149778;149740;149767;149774;149764;149747;149751;149729;149779;149759;149781;149771;149770;149768;149758;149752;150031;149773;149750;149739;149777;149749;149772;149748;149753;149763;149754;150033;149765;149737;149728;149731;149756;149733;149766;149745;149734;150032;149769;149762;150045;149736;149755;149744;149780;149776;149761;150044;150064;150065;150298;150385;150297;150384;150835;150838;150833;150841;150831;150836;150840;150830;150842;150832;150839;150837;150834;151362;151363;151365;151151;151367;151145;151144;151147;151146;151364;151431;151366;151876;151879;151797;152066;152168;152067;152358;152359;152367;152575;152461;152596;152574;152468;152455;152583;152454;152588;152572;152591;152573;152582;153151;153150;153149;152576;152594;152893;153155;153411;153412;153410;153409;153520;153590;153539;153521;153532;153519;153763;154156;154157;154050;154272;154158;154649;154642;154644;154872;154329;154871;154870;154877;154874;154873;154884;154979;154969;155337;155029;155070;155098;155047;155033;155069;155049;155083;155041;155040;155037;155173;155064;155055;155084;155036;155189;155195;155095;155176;155344;155338;155205;155187;155051;155063;155186;155188;155061;155044;155031;155039;155065;155125;155066;155032;155046;155028;155062;155030;155175;155145;155343;155198;155340;155050;155147;155097;155054;155099;155156;155136;155027;155196;155161;155163;155057;155199;155180;155124;155034;155038;155043;155052;155068;155116;155067;155077;155045;155056;155078;155053;155558;155561;155339;155042;155135;155556;155560;155341;155555;155342;155557;155588;155562;155554;155619;155839;155838;155996;155997;156117;156238;156118;156125;156235;156444;156236;156239;156796;156237;157155;157080;156795;157205;157330;157156;157328;157381;157406;158088;158086;158087;158117;158988;158488;158435;158946;158945;158953;21793;158944;21794;21795;21796;21797;21919;21798;21920;21921;21799;21800;21922;21923;21802;21801;21803;21804;67025;21924;21805;21806;21807;21808;21925;21926;21809;21810;21927;67026;21811;21928;21812;21813;21814;21815;21816;21929;21930;21817;21931;21932;21933;21934;67027;21818;23980;23981;21935;21820;21819;21821;21822;21936;21937;21824;21823;21938;21825;21939;21826;21827;21828;21830;21829;21940;21831;21832;21833;21834;21941;21942;21835;21943;21944;21836;21837;67028;21838;21945;21839;21840;21841;21946;21947;21842;21843;21948;21949;21844;67029;21950;21951;21952;21845;21953;21846;21954;21847;21848;21955;21849;21956;67030;67031;67032;21851;21850;21957;67033;21958;21959;21960;21852;21853;21854;21855;21961;21962;21856;21857;23982;21858;21963;67034;23983;21859;21964;21965;21860;21861;21862;21863;21966;21864;21967;21865;21866;21867;21968;21868;21869;21870;21871;21872;21874;21873;21969;21875;21970;21971;21972;21973;21876;21974;21877;21878;21975;21879;21976;21977;21880;21978;21979;21881;21883;21882;21884;21885;21886;21887;21980;21888;21981;21982;21890;21889;21983;21891;21984;21892;21985;21986;21987;21988;21989;21893;21990;21894;21895;21896;21991;21897;21992;22134;21898;21993;22274;21994;22275;22082;67035;21899;21900;21995;21996;22135;21901;21997;21902;22064;21903;21904;21905;22036;21998;21999;22001;22000;22037;22002;22065;21906;22038;22103;22276;22039;22277;22104;22067;22066;22320;22238;22161;22136;22278;22163;22162;22137;22138;22197;22164;22279;22207;67036;22280;22281;22258;22282;22337;22321;22338;22339;22422;22340;22450;22423;22424;22425;22427;22426;22484;22513;22879;22485;36238;22514;36520;22880;36335;67037;37714;37153;37281;37577;36615;36309;37366;37097;23941;23788;23789;23942;23943;23944;23984;24005;24023;24285;24024;36838;24357;24286;24287;24288;24877;24289;24358;24290;67038;24818;24702;24673;24763;24703;24727;24704;24674;24919;25041;24764;24878;24920;25006;25007;25042;25095;25043;25044;25126;67040;67039;67041;67042;67043;67044;67045;67047;67046;67048;67049;25150;43639;25223;25175;25204;43640;25298;25353;25254;25205;43641;25206;67050;25255;25224;25256;25257;43642;25574;25447;25403;67051;25354;25355;25526;36608;38103;25462;37778;25496;25495;25497;25498;25499;25500;25501;25575;25527;25502;43643;25528;25576;25577;26203;25712;43644;25613;25578;43645;25579;43646;25580;25777;43647;25614;25713;25908;25714;25715;67052;67053;43648;67054;25812;38130;25739;25740;25741;37749;36643;25832;43649;25813;67055;25778;25849;67056;25850;26003;26004;67057;26073;27538;43650;26074;25949;43651;25972;25958;25973;26028;26204;26075;43652;26076;26973;26974;26077;43653;26929;26205;26206;26207;37953;43654;43656;43655;43657;37552;43658;37788;37507;43659;36400;27539;27541;27540;27543;27542;67058;37627;67059;43660;37428;37449;37318;36452;36664;37834;38001;67060;37859;36614;43661;29190;37163;36264;67061;29255;37591;29750;36661;43662;29751;29256;43663;67062;29730;29752;29731;43664;29753;29754;43665;29931;29901;29967;29966;43666;30022;43667;43668;29932;29933;43669;29934;30154;43670;30044;43671;43673;43672;30221;30220;31138;30222;31054;31301;31139;31140;31141;31995;31310;31168;43674;31302;31142;43675;31293;43676;31586;31996;31997;31424;31627;43677;31609;31610;43678;43679;31741;31685;31684;31946;32139;31947;31998;31999;43680;43681;32000;32001;43682;43683;32002;43684;32326;43685;32401;32456;43686;43687;43688;33258;43689;33109;33170;33364;43690;33365;43691;33110;33111;43692;33171;33142;33448;33366;33172;33524;43693;33399;33400;33229;43694;33489;43695;43696;33735;33736;43697;43698;33490;33449;43699;33525;33526;43700;43701;43702;37794;43703;43704;43705;43706;34051;33890;43707;67063;34052;43708;34062;43709;34278;34170;43710;34326;34222;43711;34462;34502;43712;34339;34375;36765;34463;43713;34503;37062;37176;37341;35186;43714;36485;43715;35263;43716;37692;43717;43718;43719;35172;35173;35260;43720;43721;43722;35187;35310;43723;35311;43724;35353;43725;43726;35650;35312;43727;43728;35589;35424;35590;38891;35591;35651;35602;35603;35718;36021;35719;35767;35789;35780;43729;38867;43730;43731;36089;43732;35768;35965;38892;43733;35966;38894;38893;35931;43734;43735;38895;43737;43736;36039;43738;43740;43739;36107;38896;36155;43741;43742;36187;36188;38897;43743;38898;43744;38899;43745;38900;38901;38902;43746;38721;38903;43747;43748;67065;67064;43749;43750;67066;38868;43752;43751;38930;43753;39303;43754;39373;43755;39423;39424;43756;43757;43758;39438;43759;43760;43761;39523;43762;43763;39524;43764;39585;43766;43765;43767;43768;39801;40344;40345;43769;43770;43771;43772;40394;40423;40436;40437;43773;43775;43774;43776;40532;40593;40533;40625;40626;43777;40753;40779;40808;43778;43779;43780;43781;43783;43782;43784;43785;43786;43787;43789;43788;40893;40878;40894;40932;40933;40934;43790;43791;43792;43793;43794;43795;41627;43796;43797;43798;43799;43800;42059;42071;42151;43801;43802;43803;43804;43805;43806;42257;42265;42266;42295;42296;42309;42330;67067;67068;67069;67070;67071;67072;67073;67074;67075;67076;67077;43808;43807;43031;43809;43070;43810;43071;43072;43811;43812;43354;43355;43356;43357;43358;43359;43624;43625;43832;43817;43866;44026;44027;43878;44028;44096;44097;44098;44099;44395;44427;44428;44598;44677;44948;44647;44648;44649;44671;44949;44968;44962;45053;44969;45067;45066;45089;45088;45068;45090;45091;45092;45361;45093;45362;45346;45363;45364;45365;45366;45367;45368;45347;45442;45443;45444;46873;46754;46755;45582;45594;46756;46757;46758;46256;46759;46257;46760;46258;46694;46695;46696;46761;46762;46874;46763;47031;48408;47032;47101;47788;47102;48265;47129;47703;47702;47737;47738;47739;48341;47740;47741;47789;47790;48266;47805;48342;47806;47865;47866;48267;47867;47903;48343;48217;48218;48219;48268;48269;48909;48301;48302;48303;48910;48409;48741;48911;48742;48743;48744;48745;48912;67078;67079;49203;49179;49180;49204;49181;49182;49261;49183;49262;49634;49633;49713;49714;67080;49715;49716;49781;49936;49809;49810;49811;49812;49813;49814;50003;50790;50791;50792;50794;50793;50795;50796;50797;50798;50799;50800;50801;50802;50803;50804;50805;50806;50807;50808;50809;50810;51144;50862;50863;51775;51776;51777;51778;51779;51780;51145;51146;51781;51783;51782;51784;51426;51785;53413;53414;51786;51885;53415;51886;51887;53831;53416;53417;51888;53418;53419;53420;53421;52505;53422;53423;52506;52507;52508;52509;52510;53424;53425;53426;53427;52617;53428;52757;52943;52944;52945;53429;53577;53239;53504;53430;53338;53431;53339;53494;53432;53433;53434;53599;53598;53600;53601;53643;53642;53813;53814;53870;53815;53871;53872;67081;54936;67082;67083;54937;54938;67084;55110;55000;55835;55001;55404;55405;55837;55836;55515;67085;55536;55609;56260;56261;56262;56263;56264;56265;56266;56267;55838;56268;55839;56270;56269;55840;55860;55861;55862;55864;55863;55996;55924;56271;55997;56272;56273;56071;56072;56046;56073;56127;56126;56128;56129;56274;56247;56275;56248;56276;56249;56311;56312;56338;56380;56408;56780;56514;56535;56536;56559;56569;56570;56621;56654;56694;56695;56558;56781;56782;56783;56784;56878;56879;56880;67086;56973;56985;57373;57375;57374;57376;57068;57378;57377;57379;57140;57291;57380;57381;57307;57404;57354;57405;57406;57485;57486;57562;57487;57488;57642;57667;57668;57669;57730;57731;57692;57732;57733;57734;67087;57777;57779;57778;57780;57806;57807;57808;57809;57810;57864;57878;57922;57923;57924;57951;57960;57962;57982;57961;58041;57983;57984;57985;63564;58042;58108;58096;58109;58276;58275;58294;58344;58345;58390;58403;58404;58457;58502;58458;58503;58504;58519;58584;58663;58664;58665;58666;58752;58685;58803;58778;58849;58850;58852;58851;58879;67088;59019;59020;59021;59058;59165;59212;59213;59214;59233;59312;59294;59378;59388;59412;59413;59414;59479;59480;59482;59481;59570;59609;59918;59560;59919;59920;59921;59922;59923;59924;59925;59926;59927;59928;59930;59929;59931;59932;59933;59934;59936;59935;59687;59719;59937;59737;59738;59938;59838;67089;59949;59939;59960;59981;59998;59999;60001;60000;60054;60066;60121;60067;67090;67091;67092;67093;67094;61397;61398;61399;61400;61437;61450;61464;61554;61626;61599;61600;61661;61651;61682;61683;61720;61721;61722;61753;61754;61999;61790;61789;61791;62047;62048;62066;62081;62082;62083;62084;62085;62103;62104;62126;62217;62127;62187;62206;62316;62431;62395;62396;62484;62485;62520;62521;62522;62523;62524;62596;62597;62630;62598;62720;62763;67095;62764;62862;62871;62920;62910;62911;62928;62921;63005;63006;63100;63187;63171;63207;63305;63306;63565;63567;63566;63568;63569;63570;63571;63572;63573;63574;63575;63576;63577;63578;63579;63580;63431;63432;63581;63670;63671;63672;64081;67096;63673;64381;67097;64383;64382;64385;64384;64386;64492;64511;64536;64512;64537;64562;64691;64692;64729;64730;64896;64731;65132;65133;65134;65135;65136;65137;65138;65139;65140;65141;65142;65143;65144;65145;65146;65147;65148;65149;65150;65151;65152;65153;65155;65154;65156;65157;65159;65158;64939;65031;64971;65061;65032;65160;65161;65062;65063;65162;65079;65064;65163;65164;65080;65165;65166;65167;65224;65225;65226;65227;65554;65530;65555;65618;65644;65634;65661;65693;65725;65694;67098;65726;65770;65771;65903;65920;65932;65987;66204;65988;66001;66027;66002;66003;66217;66205;66206;66257;66396;66397;66429;66430;66451;66521;66485;66528;66673;66674;66675;66701;66702;66791;66775;66776;66887;66888;66946;66947;66965;66996;66997;66998;67183;67235;68858;68859;68941;68940;69022;69140;69141;69142;69144;69143;69215;69245;69246;69247;69336;69434;69497;69496;69791;69779;69936;69937;69998;69999;70000;70001;70104;70179;79148;79149;79150;79151;79152;79153;79154;70344;79155;70400;70464;70483;70501;70570;70547;70571;70572;70633;70634;70635;70685;70686;70687;70688;70699;70747;70769;79156;79157;79158;79159;79160;79161;79162;79163;79164;79165;79166;79167;79168;79169;79170;79171;79172;79173;79174;79175;79176;71178;71179;71236;71237;71379;71271;71272;71273;71274;71354;71355;71356;71357;71380;71501;71539;71540;71583;71584;71865;71866;71901;71978;71979;72044;72153;72045;72205;72246;72267;72268;72351;72350;72352;72436;72437;72490;72863;72491;72492;72493;72561;72592;72673;72864;72865;72694;72733;72732;72803;72804;72866;72805;72910;72986;72987;72988;73062;73063;73064;73084;73085;73105;73162;73163;73191;73192;73276;73277;73309;74126;73319;73320;73387;73464;73578;73579;73580;73656;73675;73712;73790;73791;73922;73923;74127;74128;74094;74141;74142;74226;74227;74309;74310;74311;74312;74333;74334;74335;74471;74472;74473;74475;74474;76170;76217;76218;76429;76430;76431;76432;76537;76538;76623;76684;76685;76687;76686;76688;76715;76716;76837;76838;76779;76839;76840;77005;76948;77058;77006;77031;77032;77033;77034;77059;77060;77121;77187;77188;77239;77286;77384;77439;77546;77505;77506;77507;77508;77509;77564;77584;77609;77692;77989;77990;77991;77992;77993;78396;77781;77834;77835;77879;77918;77994;77995;77996;78043;78070;79177;79178;79179;79180;79181;78397;79183;79182;79184;79185;78486;78487;78488;78489;78490;79186;78516;78517;78605;79187;78606;78607;78608;78609;78751;78702;78782;78783;78860;78876;78895;79188;79219;79189;79220;79299;79300;79313;79338;79361;79563;79642;79643;79693;79694;79726;79695;79727;79876;79843;79877;79878;79879;79880;79881;80088;80056;80105;80106;80107;80123;80124;80125;80360;80400;80526;80527;80867;80868;80869;80870;80969;81005;81054;81025;81026;81055;81089;81188;81276;81277;81278;81440;81441;81442;81443;81503;81525;81885;81886;81887;81888;81890;81889;81892;81891;81893;81894;81895;81896;81897;81898;81954;81759;81792;81924;81925;81997;82083;81998;82474;82475;82272;82476;82431;82477;82478;82510;82621;82667;82714;82783;82801;82802;82803;82804;82928;83000;82999;83001;83118;83375;83376;83377;83417;83378;83379;83380;83418;83419;83420;83421;83530;83994;83979;84091;84197;84092;84198;84199;84276;84345;84346;84347;84348;84406;84405;84445;84446;84506;84550;84648;84769;84770;84771;85008;84772;85009;85010;85011;85012;85013;85014;85015;85016;85017;85018;85019;85020;85021;84883;85022;84884;85023;85024;85025;85026;85027;85028;85029;84988;85030;85046;85047;85049;85048;85305;85306;85336;85127;85387;85459;85460;85462;85461;85464;85463;85516;85634;85636;85635;85637;86497;86498;86499;86500;86501;86502;86503;86504;86505;86506;86507;86508;86509;86510;86511;86512;86514;86513;86515;86482;86483;86484;86485;86516;86517;86518;86549;86550;86611;86639;86723;86724;86711;86725;86726;86831;86887;86917;87127;86918;86919;87128;87129;87130;87131;87132;87133;87134;87135;87136;87137;87138;87139;87140;87141;87142;87143;87144;87145;87146;87147;87148;87149;87150;87151;87152;87153;87154;87155;87156;87157;87159;87158;87173;87160;87067;87174;87161;87223;87224;87281;87283;87282;87284;87285;87356;87357;87422;87358;87423;87381;87424;87425;87426;87540;87604;87770;87778;87779;87780;87781;87782;87783;87784;87785;87930;87992;88060;88061;88062;88063;88148;88147;88419;88386;88420;88421;88510;88509;88757;88683;88758;88759;88761;88760;88763;88762;88844;89059;89060;89087;89088;89760;89761;89762;89763;89849;89850;89943;89944;89968;89969;89970;89971;90068;90069;90120;90121;90122;90123;90124;90156;90157;90158;90159;90275;90276;90367;90368;90449;90450;90451;90452;90634;90636;90635;90637;90721;90722;90723;90837;90868;91017;91018;91019;91020;91166;91167;91168;91169;91170;91171;91172;91104;91106;91105;91195;91390;91391;91392;91393;91394;91504;91503;91635;91636;91732;91785;91786;91787;91788;92002;92026;92378;92379;92473;92566;92567;92586;92680;92702;92681;92703;92682;92726;92826;92950;92951;92872;92952;93052;93029;93129;93099;93318;93319;93541;93594;93666;93542;93777;93778;93780;93779;93830;93803;93965;93867;93967;93966;94202;94140;94203;94254;94292;94471;94472;95320;94409;95321;95322;95323;95324;95325;95327;95326;95328;95329;95331;95330;95332;95333;95334;95335;95336;95337;95338;95339;95340;95341;95342;95343;95344;95345;95346;95347;95348;95349;95350;95351;95352;95353;95354;94740;94741;94742;94978;94979;94980;94982;94981;95355;95356;95372;95373;95444;95484;95576;95577;95952;96004;95953;96048;96036;96049;96050;96182;96285;96286;96339;96340;96341;96342;96457;96456;96567;96568;96569;96613;96633;96664;96810;96811;96812;96929;96813;96962;97026;97027;97028;97134;97194;97330;97305;97331;97389;97390;97391;97472;97558;97527;97528;97611;97612;97613;97756;97836;97795;97837;97949;97951;97950;97952;97953;97954;97955;97956;97957;97959;97958;97960;97961;99040;97962;99316;99041;99317;99379;99380;99381;99382;99383;99384;99481;99482;99483;99536;99538;99537;99539;99540;99541;100065;100066;100068;100067;100174;100326;100175;100327;100329;100328;100358;100428;100359;100429;100430;100555;100557;100556;100558;100770;100815;100935;100936;100937;100938;100965;101005;101091;101119;101120;101235;101236;101237;101488;101489;101823;101906;101907;102020;102735;102734;102736;102737;102738;102739;102741;102740;102743;102742;102744;102745;102746;102747;102748;102749;102750;102751;102752;102753;102754;102755;102756;102757;102758;102759;102760;102761;102762;102878;102763;102503;102504;102764;102765;102766;102505;102767;102768;102769;102879;102549;102881;102880;102883;102882;102884;102885;103035;103196;103145;103144;103230;103362;103384;103385;103387;103386;103517;103573;103574;103605;103606;103706;103790;103707;103826;103881;103946;104106;104053;104054;104217;104218;104256;104257;104396;104583;104584;104675;104789;104790;104817;104818;105057;105056;105059;105058;105060;105061;105062;105114;105588;105589;105556;105590;105591;105592;105593;105594;105658;106107;106108;106233;106172;106234;106317;106354;106353;106535;106355;106356;106566;106567;107074;107075;107269;107271;107270;107272;107273;107275;107274;108339;108338;108340;108341;108342;108343;108344;108383;108384;108489;108660;108898;108899;108900;109370;109371;109372;109373;109374;109375;109376;109377;109378;109379;110235;110236;110237;109525;109380;110238;109526;110239;109527;110240;109528;110241;110242;110243;109529;109530;110244;110245;109655;109656;110246;110247;109923;110249;110248;109814;109815;109958;109959;109961;109960;109962;109963;109965;109964;109966;110203;110204;110205;110206;110296;110298;110297;110569;110536;110645;110646;110648;110647;110649;110650;110652;110651;110663;110905;110906;110907;110908;111074;111075;111013;111076;111077;111079;111078;111339;111355;111340;111356;111613;111341;111615;111614;111616;111617;111703;111704;112021;112020;112022;112163;112164;112165;118982;117485;117486;117826;117827;117829;117828;117830;117831;117832;117833;118018;117834;118019;118020;118021;118022;118117;118118;118156;118311;118312;118405;118406;118983;118984;119690;118985;119691;118986;118987;118988;118989;118991;118990;118992;118993;118994;119692;118996;118995;118997;118998;118999;119000;119001;119002;119003;119004;119005;119044;119045;118838;118837;119046;119047;119006;119048;119049;119050;119051;119661;119662;119663;119664;119665;119479;119666;119873;119874;119754;119791;120956;121192;121216;121371;121545;121546;121548;121547;121550;121549;121551;122061;122062;122719;122063;122064;122065;122350;122351;122352;122353;122450;122451;122452;122618;122761;122619;122951;122952;122953;122954;122955;123015;123014;123092;124414;123558;123559;123560;123561;124032;123562;124033;124034;124093;124035;124202;124201;124241;124203;124242;124415;124416;124871;124872;124873;125166;125167;125168;125169;125170;125171;125172;125315;125316;125552;125553;125554;125801;125802;126074;125803;126006;126007;126008;126075;126076;126219;126385;126386;126387;126388;126389;126479;126480;126649;126650;126651;126790;126791;126792;126989;126990;126991;126992;126993;127469;127470;127471;127472;127473;127474;135312;128330;128331;128332;128651;128333;128335;128334;128337;128336;128338;128339;128340;128341;128342;128343;128344;128345;128346;128347;128348;128349;128350;128351;128352;129015;128353;128354;128355;128357;128356;128359;128358;128360;128361;128363;128362;128364;128365;128366;128367;128368;128369;128370;128371;128372;128373;128374;128375;128376;128377;128378;129016;128379;128380;128381;128382;128383;128384;128385;128386;128387;128389;128388;128391;128390;128392;129017;127918;127919;129018;129019;129021;129020;129022;128976;129023;128977;129024;129538;129393;129471;129472;129473;130176;130128;130129;130177;130178;130179;130180;130181;130434;130435;130436;130472;130473;130474;130976;130977;131032;130978;131033;131034;131569;131570;131571;131572;131779;132398;131958;132399;131959;132400;132401;132402;132404;132403;132405;132939;132873;133097;133099;133098;133100;133309;133311;133310;133312;133313;133314;133315;133317;133316;133507;133442;134087;133508;133767;133624;133768;133769;133770;133771;133872;134088;134089;134090;134091;134121;134122;134123;134237;134238;134239;134385;134386;134453;134900;134901;134902;134903;134904;134905;134907;134908;134909;134910;134906;134912;134911;134913;134914;136771;135313;135314;135315;135317;135316;135319;135318;135320;135322;135321;135323;135324;135326;135325;135327;135328;135330;135329;135331;135332;135334;135333;135335;135336;135337;135338;135339;135340;135342;135341;135343;135344;135346;135345;135348;135347;135349;135350;135351;135352;135353;135355;135354;135356;135357;135358;135359;135360;135361;135362;136015;136016;136017;136194;136018;136195;136019;136196;136197;136198;136020;136199;136200;136773;136772;136775;136774;136776;136777;137005;137006;137149;137007;137150;137151;137152;137281;137336;137337;137338;137370;137415;137729;137730;137761;137762;137763;138378;138377;138501;139422;139416;139423;139235;139236;139417;139420;139415;139424;139418;139419;139421;140123;140119;140583;140585;140584;141613;141625;141611;141585;143283;141630;141600;141617;141597;143285;141593;141631;141635;141614;141608;141601;141623;143286;141605;141604;141634;141586;141589;141602;141591;141595;141594;141579;141584;141633;143284;141598;141583;141624;141596;141629;141587;141590;141632;141612;141599;141616;141588;141609;141622;143287;141610;141626;141578;141607;141592;143288;141618;141636;142647;142609;141619;142600;142608;142599;142651;142650;142604;142605;142602;142649;142646;142601;142598;142603;142606;142607;142648;142645;142644;143057;143122;143052;143046;143048;143050;143056;143047;143049;143051;143113;143055;143910;144004;145444;146880;143114;146881;144972;144549;144370;144974;144971;144973;144547;146883;145037;145038;145439;145441;145519;146099;146100;146098;146097;146315;149505;146882;146879;146958;148557;147884;147883;147885;148184;148185;152361;148426;148425;148885;148745;148882;149207;149206;149208;149205;150771;150774;150773;150765;150767;150770;150764;150769;150772;150762;150763;151448;151614;151674;151979;151987;152497;152360;152663;152666;152664;152910;152909;152973;152970;152971;152976;153473;153472;155551;155545;153767;155547;155553;155543;155552;155541;155549;155546;155548;155550;155538;155539;155540;155759;155757;155761;155821;155942;155863;156241;156242;156240;156460;156820;156821;156791;157118;157065;157064;157138;157294;157452;157453;158081;158083;158436;158438;158440;158444;130262;158439;44340;80224;80223;87052;80357;87053;87054;80225;80358;29722;93244;31299;80221;80226;14640;65984;65983;40821;47588;63558;63559;63560;73270;76459;77004;40820;20348;22876;20347;17230;17231;10037;11755;10797;11640;14314;14316;14317;14315;10652;10651;10038;12096;50512;15710;33532;10308;10552;11721;10040;11722;10041;33279;10042;11723;10043;18356;40983;65739;101086;101087;59837;101088;105256;101089;101090;104670;104996;107072;104997;105084;105085;104998;104999;104847;105000;104669;128283;128149;134563;134891;105001;105002;134890;10919;18528;10044;62076;62075;104740;52016;12084;139913;22094;11518;17584;55994;20162;20160;15617;15620;15618;15621;15622;20961;16320;16319;13849;18131;12281;66518;65740;11011;17772;17773;17774;17775;17776;17777;69481;71173;77052;77053;83766;91192;91854;91855;76127;83087;84193;84726;84727;85895;93480;137557;48944;17778;48945;48946;48947;48948;48949;48950;48951;48952;48953;48954;48955;48956;48957;48958;48959;48960;48961;48962;48963;48964;48965;48966;48967;17779;48968;48969;55385;48971;17780;48972;48973;48974;17781;48975;48976;48977;48978;48979;48980;48981;48982;48983;48984;48985;48986;48987;48988;48989;48990;48991;48992;48993;17782;48994;48998;48995;71431;48996;48997;48999;49000;49001;49002;49003;49005;49004;71432;49006;49007;49008;49009;49011;49010;49012;49013;49014;69949;70137;49015;71433;66697;49016;69335;49017;49018;49019;49020;49021;49022;49023;49024;49025;49026;49027;49028;70170;68961;69303;69913;49029;49030;49031;49032;49033;49034;49035;49036;70123;49037;69923;49038;49039;49040;49041;49042;49043;49044;49045;49046;49047;49048;49049;49050;49051;71434;49052;49053;49054;49055;70164;56045;49056;49647;17783;17784;49648;17785;52586;69954;70095;56313;56314;56315;56316;56317;56318;56319;56320;56321;56631;79271;79272;79273;66698;58831;58566;58567;58568;58569;58570;58571;58572;58573;58574;58621;71435;69914;59716;59857;59858;70024;69425;71436;62370;62371;67203;62372;62373;67204;62374;62375;62376;62760;62710;69135;70125;70096;70124;70127;69426;65885;65886;65887;65888;65889;65890;65891;65931;67218;69924;70078;66861;69789;66699;66700;69921;69076;70076;69079;69082;69103;69856;69376;69377;69378;69379;130060;130061;69553;70314;70315;70316;70317;70318;70319;70320;70321;70322;70312;70313;70323;71437;70474;70493;71438;70784;70914;71995;72183;72184;72185;72668;72705;72724;73018;73210;73211;73269;73340;73341;73342;73343;73344;73345;73346;73347;73533;73915;73916;74015;74016;74241;88988;88989;88990;88991;76312;77153;77154;77759;78028;78029;78030;78031;78032;78033;77984;78034;78035;78036;78037;78693;78240;78750;79218;79690;81911;83876;81980;86675;81423;81594;81595;81596;92412;81421;82498;83528;81972;90525;90526;82584;82585;82571;82574;82575;82572;82573;82568;82569;82570;82852;108954;108955;83054;130062;83767;130063;84287;85685;85126;85124;85125;85255;130064;86246;86247;86248;86249;86250;92457;88102;93528;93529;93530;93531;86914;86915;86916;86950;86951;130013;87504;87819;97469;88103;91962;88592;88488;130065;88717;130014;88713;89051;89690;89783;89784;89785;90066;90527;90353;90354;90355;90356;68997;93562;90307;90308;90357;90310;90311;90358;90359;90766;93108;91960;90861;90862;90893;90714;91759;91760;130015;91130;130066;91946;91321;91338;91730;91761;92630;92948;93563;93122;93123;93192;93193;93048;93347;94108;93736;93737;94054;93738;93866;131164;131165;94252;108956;108957;130763;130971;130764;130765;94762;94763;130761;130762;93898;93899;130766;130767;130597;95257;95256;94354;94109;129817;129818;94070;129819;94469;94291;94680;95538;96047;95479;102995;99400;97211;99266;99371;99372;103783;97991;97992;97943;97944;97945;97946;99026;99027;99028;99029;99031;99032;99033;100423;103510;103509;99471;99472;99473;99665;99666;99667;99668;102360;102361;102362;102363;99687;99688;100424;99985;130093;103511;100425;100426;99981;100416;103512;101264;100993;100838;100840;102202;101267;101298;101269;101268;101528;101529;102018;131079;131080;131131;131187;131188;131393;131394;131395;131396;102497;102498;102499;130094;102364;102778;102779;129820;103113;103049;129821;103459;103702;103668;103565;103693;131192;103694;103695;131327;103669;103675;103676;103566;103670;103671;103567;103672;103817;103819;103856;104127;104177;104480;104461;104460;104533;130067;130095;104718;104661;104662;104663;105257;105112;106400;106401;106630;107095;106484;107091;133861;107150;129781;108406;108404;132697;132698;132680;132052;109087;109088;131166;131400;131130;131399;131321;131325;131326;124196;108880;108881;108882;131397;131398;125031;134712;108720;108721;131729;132078;131951;131322;131323;108722;108723;132039;131324;132033;132077;131126;108724;135922;133044;109404;132043;132042;109393;109401;109400;110399;109402;134981;133265;109728;110564;110565;110566;131703;110686;130016;124172;130068;130096;130017;110535;110567;110687;138346;138435;138347;138436;138348;138437;135198;110688;138438;138349;138350;138439;138351;138352;138353;111211;134226;130097;130098;123521;112217;133226;112218;112288;112219;123415;112289;123515;140653;122249;117943;117944;117945;132041;117946;117947;117948;117949;117950;132074;132104;117951;117952;132048;132049;132044;117953;123788;117954;133472;133473;117955;117956;133089;127893;144504;130069;117917;145537;130018;133267;134946;128877;134947;118462;118461;118821;118822;152699;119844;121248;131727;131728;126103;129948;124773;123789;124774;126343;126104;124060;129822;121395;126118;129947;130023;126102;139801;133958;139802;122483;136978;131699;125775;132318;126509;126599;122751;126073;132342;132244;132414;132053;131700;132245;132055;125390;132246;126477;127111;134948;138354;127110;131778;132100;138355;125391;124589;123790;124277;123791;127916;127098;134951;127099;123792;129499;127913;126507;127912;127917;130092;128526;129812;128421;123793;132723;134713;123794;127049;123795;127050;134894;128113;128114;128615;128051;124061;124325;126119;126822;124326;126100;126101;126105;124334;138440;124331;124332;124333;137072;137073;139324;137234;134213;137235;136768;126341;136972;136973;136829;128063;138380;128064;126823;125256;139806;137074;137075;136970;136971;126632;126916;125341;125032;126310;129823;126311;129980;129981;129945;131697;132720;136481;132241;133726;128769;128684;132678;139666;130768;130917;130972;130916;130974;128058;128418;128281;129946;130975;130973;128079;131698;132719;128419;136482;125679;132679;126342;126446;136483;125778;132242;125776;126344;134173;134227;127044;126005;140220;126004;147766;147878;126639;126340;126643;126640;126701;128685;126645;126644;128053;128034;127121;126642;128054;126646;126629;133043;127118;143157;127123;128532;128081;137052;128546;127900;128112;147761;128533;142497;137243;128120;129291;131946;130174;128119;131427;132855;128325;128550;128683;132772;128760;128547;128757;135674;136712;128761;129558;129536;129592;134889;129778;129591;129779;129713;130021;130022;129586;129537;134562;129531;129816;129827;129733;129530;129588;129584;129732;129826;129780;129694;129695;129532;129943;139850;129533;134108;129777;133850;133851;133841;133842;138024;130090;138025;130272;129815;129813;130367;130397;130594;130213;129810;135897;130457;129824;129944;134383;129811;129809;129942;129850;134448;135291;131183;134449;133046;135294;135295;134450;130398;129814;140191;140190;130399;130210;130211;130368;130207;132750;132751;131020;129982;130593;130464;130624;130258;130259;130208;151459;131231;131075;131076;131428;132718;131230;131024;131288;136719;131228;131229;139068;131739;135289;134115;131403;147653;131232;140632;132721;141500;133000;133001;133864;133261;133403;133408;134447;133409;147650;135407;147732;147651;133405;133720;133406;133721;133603;133722;142018;140656;140721;133604;140631;134107;133960;133961;134565;134566;134233;134234;134230;134231;134567;134232;134413;134415;134414;134224;134417;134219;134229;134326;134236;140203;134568;134443;134235;147764;147654;148021;151483;83871;78827;78828;86104;82429;86105;138881;143231;143219;139800;143234;146084;148951;150073;148091;148097;148217;148216;148096;148221;148220;134164;153895;150026;150027;137085;148646;152176;149448;146581;148450;144945;139411;150807;142589;148655;144950;148451;154928;150811;139543;151441;149812;148223;148222;136588;136589;136830;136831;138375;149526;149525;155370;155369;152024;138892;152025;138893;137558;137559;149301;149314;149302;149313;149304;149303;154726;154725;149877;148306;136916;136917;150996;155445;155444;149312;149311;152673;152674;149851;149852;137659;137660;137661;137662;137135;137136;152670;152671;136914;138894;136915;139064;138895;154828;154829;149354;149355;155024;155025;149470;149471;141830;141831;150997;155676;156946;155677;145513;139425;139517;139577;137840;152974;140202;157877;152936;145692;152961;151019;143155;158563;142493;151487;138016;138017;148137;156884;147765;139035;139927;153258;141499;142908;139228;142909;149469;149467;139792;148694;145263;154931;154930;154929;148970;148968;148969;148643;139605;135859;146214;139229;149468;138373;144503;139805;139539;140098;151216;139804;139516;139468;139542;145793;140099;139540;140100;139004;139426;145509;146056;139470;139576;137850;140101;139803;140102;139469;139007;143424;152540;147763;134053;134054;134444;140402;147146;140273;135012;140212;153943;141352;145553;145554;145555;149844;149842;149843;149847;142366;148101;153563;153560;137629;144197;153561;148092;153398;152813;141361;158651;148099;152527;152390;154851;138446;142213;149352;155447;149846;148381;149845;136621;145250;142211;154723;141358;149325;136827;138040;136612;136614;136615;147762;136700;142143;149371;152749;136587;137406;137564;138376;155451;155315;149298;146203;154853;142363;152750;136622;152410;136918;152485;136669;150059;140221;149465;149209;149370;142364;155450;155449;142214;136891;140218;152121;152122;142425;142424;142423;148836;141832;149718;146058;146057;150058;149454;137835;149979;137836;155733;155734;142496;146213;154343;139230;141116;141117;141231;141230;146264;139037;139614;137147;137280;139926;138147;148296;141113;137901;137903;137902;142959;141114;148106;152658;148104;148102;141172;148107;143154;141193;148100;142053;149789;141397;137148;153554;138094;141266;138092;142891;141373;141372;151375;142958;148427;141371;140222;151374;148327;140223;141398;138211;148103;137182;141368;141369;140793;140799;153209;153207;148250;140111;153204;134451;147816;153203;142592;153208;152131;148095;153154;153153;143490;137143;147649;153206;133401;146480;146481;141351;158584;153950;146618;139604;153947;149455;151662;135902;133651;142593;135971;154878;141354;143220;140505;150862;150861;140271;144279;140270;140219;141437;153224;141461;149299;149300;138152;151020;140097;149957;158207;158208;149368;148098;137203;156947;140185;158887;137184;157903;149310;152877;158559;146805;146804;140186;139922;149719;140131;152529;140189;139665;155019;134707;134711;152987;137361;137332;142473;142472;154197;148124;138587;152213;139029;153257;140272;146266;139664;139067;138019;141467;137852;139747;146268;146267;138327;152212;140216;140452;148652;148712;154932;151661;153556;153562;153549;150141;154348;153555;149327;149363;139232;142033;149330;141370;151915;150052;149364;145706;150992;147963;147964;147962;148105;151132;150990;145707;145708;151467;146307;153551;149365;151133;150050;149879;145501;151916;149362;150339;150051;147733;141438;136671;147758;134445;140403;147147;136748;157361;155300;152812;148320;137144;137145;146211;146212;157157;146202;141170;141171;137141;137142;136623;158586;141357;145265;141356;137654;137655;137656;137630;137631;137407;137408;152130;142824;133530;154438;137856;138359;149849;153944;139545;154234;154233;142495;133404;143150;140213;139413;137134;146450;135766;141115;147759;151154;142659;143217;142995;148978;147622;148959;149880;151187;145547;145422;148962;148447;146216;148957;149329;142494;145552;148954;142490;147756;149328;147760;145551;142365;142660;147877;145556;143232;147652;143216;143165;142597;142373;147876;145557;141192;146594;142661;139325;137241;150502;133407;137185;138015;137649;138018;139799;150849;150847;150848;139600;140456;143475;140268;139575;140269;139599;142879;142880;150279;136120;151013;150506;150246;139582;139597;144929;141353;142590;139544;142503;138148;141083;137183;138524;139327;139036;135858;144196;134446;140404;143153;149809;149450;141119;148093;138876;148090;148094;138361;148448;142890;137851;153219;147893;141460;153694;17786;17787;71924;71925;71926;72725;73755;71153;78557;72458;72487;72559;70457;72485;82586;72140;82587;72141;72338;72510;70894;72460;73827;73455;73456;73457;72509;76882;78064;70399;76588;76970;78690;78691;76865;77411;79146;73027;77682;77681;73458;74036;76972;74443;79744;77051;82588;82589;76790;77222;83733;82473;77729;82590;79359;82666;78918;78919;83734;81912;81913;91426;87820;87821;87847;89083;78824;93113;78825;78858;77284;73828;73829;73436;79249;79250;76971;83904;76968;76969;76881;79577;78894;78737;79625;79667;79803;83183;80460;17788;17789;83782;17790;69985;17791;68991;69134;17792;17795;99233;99234;74010;10682;10045;38152;10561;76126;91427;69912;149982;69853;33942;33943;33944;33945;11556;122370;11014;65941;71464;66023;61518;76491;140294;78676;81671;82270;81978;85541;87894;86302;85266;85267;93382;88100;95951;100790;97226;110563;54954;59819;59820;59821;54953;88595;104479;91731;88596;154422;63644;69138;149502;76128;107004;131952;91963;151442;44945;44914;59227;61514;64555;42796;81574;91964;61515;133304;11012;156945;10545;155349;17793;70940;32131;32130;69950;69952;69953;69951;58512;70136;70089;70090;70092;70091;76121;77987;79668;80283;81546;93939;90312;99706;77968;83466;79124;85449;101357;110518;133078;142662;112019;69948;23938;10046;143384;128616;133723;152532;69075;73300;69074;128052;101265;103193;94470;69922;10970;10971;68960;12023;10700;10387;138362;11689;129590;89033;96802;78387;61574;78388;61575;61577;61576;76346;66202;66762;74147;74146;73736;47864;17794;61492;67217;71430;69802;133305;69801;69102;11791;84500;138761;70073;84501;97470;97471;72728;76129;87954;80302;60107;62182;86912;72727;69788;73754;10754;66696;76130;69059;69058;16201;16202;86913;87506;86152;91342;152530;91343;86153;101531;86192;91344;93400;100323;104462;107259;100843;86193;67247;67248;70166;82701;70167;82740;67244;67245;67246;90590;118088;122347;130503;118145;70258;99934;90591;83877;64789;69057;69056;66860;62181;87849;112121;112122;69925;69926;138882;69133;99935;88593;88594;143233;69078;73301;69077;148264;122115;148445;156567;155301;156566;109118;105161;129983;10972;129984;69825;77760;86151;79584;81407;128176;79585;81952;81973;79581;83768;83769;72180;79582;126586;76131;69047;70079;69048;126587;69049;69046;69050;78624;83770;97021;83771;83731;90539;90540;90541;83773;83772;86123;76132;69019;76125;72181;78596;81408;85649;88527;128177;85650;85651;78625;92045;86544;97326;81974;81953;72245;72182;60139;60140;60138;88528;103112;70197;70198;82702;70196;80282;78770;78768;93109;78769;78767;88589;69919;78766;70077;70088;91961;70169;102978;56485;56484;58004;141084;11013;129969;129970;129971;25906;42960;93478;129972;93479;25550;25549;55568;64437;69855;69854;71841;71840;71839;69132;71838;69130;69131;101816;101817;96907;96772;96908;119888;130173;70122;119287;69081;69080;69469;69495;69468;19559;69447;33946;58950;15942;13856;16245;30123;33169;33947;11138;139082;33201;65952;55653;62777;65950;65949;65951;126053;153176;153175;151484;154869;79640;79641;146935;55474;55473;79639;55927;10942;142019;55926;48275;42961;24742;25682;58563;40876;58562;40614;76261;142020;74025;74026;76916;81316;78893;103467;105373;110904;110903;121472;118463;125258;149878;138212;140790;132397;150866;155584;73205;62308;73204;40615;40616;69128;69129;69136;56392;59018;59465;96630;51663;51664;154777;59017;62310;62309;11892;126466;140798;150865;142894;130347;124000;148182;124001;128304;132103;132102;121386;140192;52546;52547;52545;121387;137001;137000;137002;156614;132752;92038;137003;92039;150791;152046;154423;67193;38663;148403;12301;134975;140758;149481;158566;130592;59310;63339;158567;76571;70741;63325;76771;79745;83163;83763;85242;85661;70740;87012;87373;91352;91885;93608;92723;95659;95539;96778;96928;97525;97948;99377;100104;101205;102526;103927;103381;104174;105083;105370;105617;108886;108887;109725;110265;110779;111378;118856;111789;119148;125549;148674;76770;58810;58809;58209;58749;56282;14626;16477;15462;109403;76943;65720;111517;35087;34729;36075;35009;39437;36131;45437;46706;51125;49712;51935;55905;59726;65668;66308;79388;81147;83352;106610;93897;39436;29830;148647;46172;74039;43400;11277;22409;22365;21641;26011;18165;21167;21335;16318;38183;18219;11399;21215;19392;72427;27600;158092;158059;157338;158672;158690;155715;155841;155630;155633;155586;155587;155628;155629;154965;153976;153977;153978;153981;153890;155661;155631;76260;76258;76257;156102;76259;21744;15828;10047;33269;19693;19692;34992;19551;29829;40551;149644;149510;130456;129979;100387;11073;11190;59400;59402;59401;157905;33275;20214;149307;150962;149308;57800;57802;81439;140693;140694;140695;140696;57799;57801;20220;18255;10581;42340;99731;40667;66404;59715;64689;66407;66408;130263;46705;42339;24283;72090;39790;48340;51955;53297;55512;55513;72091;55553;55542;57362;58388;74190;63689;64246;63690;66526;65928;70915;78480;79859;82780;85745;86948;91102;91677;93245;99669;103194;109017;117480;139918;122236;122535;125880;129388;132019;134765;135593;138573;153433;148039;68929;72092;68881;55514;72093;24278;24279;23781;19393;99584;99585;99586;99587;20131;17983;18029;20130;14183;18643;25369;131286;52457;10612;121036;21205;58650;73611;20889;25215;21917;40418;20827;17985;10048;11567;73610;19305;125782;126988;126050;58230;58952;58951;126953;11980;10746;17997;11879;125777;22308;34693;100161;36036;77390;36217;53576;53575;71213;69804;77030;99986;124281;124330;136178;128548;110771;106947;106948;106949;123008;139205;146869;149439;152864;124004;154244;153087;53574;62356;11724;20292;44135;16275;17597;15506;17306;31137;31859;11524;33789;15530;19511;20984;18101;11564;21240;15531;18083;38879;30132;35765;65789;70656;72661;72662;90765;59243;25494;72671;72660;62941;45435;62942;48382;51923;63642;111967;136945;45434;51922;10049;11725;11611;76190;18620;12102;10675;10676;11613;11281;76189;12097;18540;58409;17647;17273;38952;122599;122648;87597;159113;72459;11368;12060;11687;19236;10815;32318;110772;125477;138553;67175;67176;45590;59327;77158;110773;123687;59326;23741;30051;12271;51816;10924;26912;26913;10050;11726;58989;58990;45043;32442;22231;22296;42353;42371;17260;17998;21187;17227;42878;15442;17999;19945;36183;29727;31131;31730;33577;34385;42468;45554;47683;50844;56007;65970;71977;73734;76936;77149;79580;84149;79804;11754;15900;27608;47716;16141;24901;11199;31646;11756;15860;23775;21119;19756;17255;20137;29802;14665;17256;11940;14318;24003;18563;10051;11947;25758;11385;14313;10922;12265;12212;11970;12240;11384;18097;14283;14284;14285;15722;14220;14286;14287;14288;14289;24263;14290;14291;16000;10465;10402;11727;108952;108953;110287;152356;61446;19391;12012;28330;109596;140633;15819;17208;57336;11196;66238;44319;12266;19679;44657;43403;18118;19553;19554;18119;18117;72741;72742;11748;10368;25214;14639;54841;91822;106757;137233;46865;46866;23642;32317;10052;62369;70455;70456;76110;84020;84826;69800;76111;77571;82824;84021;84827;86002;87764;87765;94898;94899;103252;103253;101161;101162;108588;108589;126635;126636;138332;138333;134166;134167;143553;143483;143485;144811;147892;147891;147890;147889;151352;151458;151457;151455;151456;157142;157141;157423;157424;157245;157246;157189;157190;23935;23936;23937;30153;40662;34195;76112;33763;62629;34056;39007;43172;49120;51841;58293;76113;79245;84022;84828;91335;91336;46766;50451;53547;56928;59904;62701;71519;76114;59905;76115;51840;59644;60098;24699;25905;28227;33128;34475;36216;42044;46173;70454;103254;101163;143552;143484;144810;91337;22416;22016;11896;22017;10871;86653;22417;22447;91824;15486;76116;55690;11182;11180;122583;11616;10736;10583;11798;11476;11477;11446;18012;18016;16478;11728;40353;51394;82084;101031;101032;101033;101065;101092;101121;101173;101208;101174;101175;82085;101209;101210;101211;101238;101239;101274;101275;101318;101319;101320;82086;101321;101376;101377;101378;101535;101536;101552;101553;101774;101775;82087;101791;101792;101824;101856;101908;101909;101935;101936;101937;101960;82088;101982;102039;102040;102041;102042;102043;102044;102085;102096;102220;82089;102368;102437;102438;102439;102440;102441;102481;102482;102594;82090;102595;102596;102597;102628;102784;102785;102786;102787;102788;102789;82091;102804;102805;102886;102806;102823;102824;102843;102844;102845;102887;82092;102888;102889;102890;102891;102923;102924;102925;102961;102926;102962;82093;102982;103036;103092;103093;103094;103095;103197;103257;103258;103363;82094;103330;103388;103389;103390;103391;103427;103428;103429;103430;103431;82095;103460;103469;103470;103471;103472;103518;103519;103575;103576;103577;82096;103607;103682;103683;103708;103709;103710;103711;103712;103713;103714;82097;103756;103791;104055;103858;103947;103948;103949;103988;103989;82098;103990;103991;104056;104133;104219;104184;104185;104186;104220;104221;104299;104300;104301;104335;104336;104337;104338;104481;104364;104397;82099;104398;104399;104412;104413;104438;104439;104440;104464;104501;104502;82100;104534;104563;104585;104676;104677;104678;104679;104680;104681;104682;82101;104683;104708;104709;104720;104721;104744;104745;104746;104747;104748;82102;104749;104750;104751;104791;104936;104937;104938;104939;105009;105115;82103;105116;105117;105118;105168;105169;105193;105194;105325;105326;105327;82104;105328;105360;105378;105394;105395;105396;105423;105424;105425;105426;82105;105427;105428;105429;105465;105488;105494;105495;105496;105518;105557;82106;105621;105659;105622;105660;105661;105662;105701;105702;105703;105734;82107;105753;105797;105798;106075;106054;106055;106173;106174;106175;106205;82108;106206;106207;106208;106209;106210;106211;106318;106407;106408;106409;82109;106410;106411;106463;106464;106508;106536;106589;106590;106591;106592;82110;106633;106659;106696;106697;106722;106723;106724;106725;106779;106780;82111;106781;106808;106809;106819;106851;106872;106873;106904;106953;106954;82112;106981;106982;106983;106984;106985;107076;107104;107105;107133;107118;82113;107134;107151;107152;107242;107276;107277;107278;108415;108385;108416;82114;108522;108567;108568;108569;108604;108605;108606;108608;108609;82115;108661;108662;108692;108693;108694;108695;108726;108727;108728;108729;82116;108764;108765;108766;108767;108768;108769;108770;108788;108814;108815;82117;108901;108902;108903;108904;109062;109043;109044;109045;109063;109064;82118;109089;109090;109091;109148;109149;109187;109188;109217;109283;109284;82119;109327;109328;109346;109347;109348;109381;109407;109408;109409;109531;82120;109584;109585;109586;109657;109734;109735;109736;109737;109738;109872;82121;109924;110055;110158;110159;110160;110161;110162;110163;110164;110250;82122;110312;110313;110314;110696;110664;110697;110724;110725;82123;110726;110727;110728;110785;110786;110814;110815;110816;110817;110818;82124;110819;110840;110909;110926;110927;110945;110946;110947;110948;111046;82125;111080;111081;111082;111165;111166;111083;111084;111085;111086;111111;82126;111167;111168;111169;111170;111171;111172;111221;111222;111223;111311;82127;111312;111313;111314;111315;111357;111358;111359;111388;111389;111390;82128;111391;111392;111393;111394;111467;111519;111520;111533;111554;111555;82129;111556;112047;111618;111651;111762;111705;111763;111764;111765;111982;82130;111983;111984;112048;112049;112050;112065;112125;112126;112127;112166;82131;112167;112168;112184;112195;112196;112197;112225;112226;112227;112228;82132;112229;112230;112231;117349;117295;117296;117350;117351;117366;117367;82133;117432;117433;117434;117464;117487;117501;117502;117593;117609;117610;82134;117618;117619;117620;117640;33815;117641;117642;117643;117673;117711;117712;82135;117713;117714;117715;117810;117811;117835;117836;117837;117889;82136;117907;117908;82137;118070;118096;118119;118120;118157;118214;118215;82138;118239;118240;118313;118364;118407;118468;118469;118470;118471;118503;82139;118504;118577;118578;118596;118733;118597;118735;118734;118753;118806;118807;82140;118839;118808;118888;118889;118891;118890;118892;118938;119052;82141;119039;119053;119054;119101;119100;119102;119103;119104;119151;119152;82142;119105;119119;119120;119121;119122;119123;119153;119266;119267;82143;119310;82144;119289;119311;119312;119560;119425;119667;119693;119694;119695;82145;119729;119816;119730;119847;119848;119849;119875;119876;119877;119878;119889;82146;119890;119941;119942;119957;120958;120957;120959;120960;120961;120962;82147;121055;120988;121071;121133;121193;121233;121313;121315;121314;82148;121316;121372;121397;121398;121399;121423;121424;121436;121437;121481;121480;121482;82149;121483;121517;121518;121552;121622;121553;121554;121555;121556;82150;121623;121624;121625;122036;121626;121627;122066;122037;122038;122067;82151;122097;122098;122099;122100;122101;122195;122196;122262;122263;122264;82152;122265;122266;122267;122318;122319;122320;122404;122405;122430;122431;82153;122453;122454;122490;122491;122511;122512;122547;122513;122514;122515;82154;82155;122548;122549;122550;122603;122604;122620;122720;122762;122721;82156;122824;122825;122826;122827;122828;122829;122928;122879;122929;122930;122931;82157;122956;122932;123017;123016;123018;123019;123093;123094;123095;123096;82158;123135;123421;123420;123470;123471;123522;123523;123524;123525;123526;82159;123527;123528;123529;123563;123564;123565;123566;123567;123689;123690;82160;123798;123832;123833;123834;124036;123959;124065;124094;124204;124217;82161;124218;124243;124282;124283;124306;124307;124339;124340;124341;124342;82162;124343;124417;124595;124596;124463;124597;124598;124656;124657;124658;82163;124659;124720;124777;124778;124874;125093;124875;125174;125173;125175;82164;125266;125267;125268;125269;125270;125296;125297;125317;125298;82165;125478;82166;125407;125374;125409;125408;125410;125411;125412;125413;125479;125555;82298;125606;125644;125607;125740;125682;125741;125836;125837;125926;82299;125927;125956;125957;125928;125958;126009;126010;126011;126054;126077;126078;126079;82300;126126;126220;126222;126221;126223;126247;126248;126347;126348;126349;82301;126350;126481;126390;126482;126511;126512;126605;126513;82479;126606;126607;126528;126652;126793;126653;126833;126832;126834;126835;82593;126836;126926;126927;126964;127076;126965;127101;127475;127476;127477;127478;82594;127480;127479;127481;127482;127483;127485;127484;127820;127920;127821;82645;127862;127863;127864;127865;127866;127922;127921;127923;127924;127925;82646;127926;127927;128038;128082;128121;128122;128123;128124;128179;128305;82167;82668;128306;128393;128394;128424;128395;128426;128425;128428;128427;82669;128509;128555;128556;128557;128558;128618;128619;128743;128777;128778;128779;82715;128780;128781;128880;128881;128882;128883;129025;129105;129304;129106;82716;129361;129305;129363;129362;129408;129409;129410;129411;129474;129475;82717;129505;129477;129476;129539;129571;129572;129594;129697;129595;82718;129734;129735;129765;129766;129799;129800;129828;129801;129853;129854;129855;82743;130029;130130;130131;130030;130031;130071;130132;130072;130182;130133;82784;130283;130284;130285;130286;130287;130405;130348;130406;130407;83002;130408;130522;130521;130523;130611;130770;130769;130771;130772;130773;130918;82785;130980;130979;131035;131084;131085;131134;131135;131137;131136;131138;82168;82805;131245;131246;131247;131248;131429;131430;131291;131292;131293;82837;131328;131329;131330;131331;131431;131433;131432;131435;131434;131436;131437;82860;131705;131740;131780;131781;131782;131783;131837;131960;131961;131962;82861;131963;131964;131965;132058;132059;132060;132080;132081;132105;132106;82862;132107;132267;132268;132325;132344;132345;132406;132346;132420;132421;82863;132422;132513;132514;132590;132592;132591;132593;132681;132682;133218;82904;132940;132758;132759;132941;132776;132777;132874;133102;133101;83060;133103;133104;133105;133150;133219;133228;133229;133276;133362;133318;83119;133277;133319;133320;133321;133322;133323;133324;133363;133364;133365;83142;133366;133411;133412;133414;133413;133509;133532;133561;133562;133654;82169;133655;83164;133656;133697;133698;133729;133728;133730;133772;133773;133813;83143;133814;133873;133875;133874;133876;133877;134240;134241;133967;134092;83144;134093;134125;134124;134126;134175;134176;134178;134177;134179;134180;83165;134181;134242;134182;134243;134244;134352;134245;134430;134429;83166;134431;134454;134432;134576;134630;134631;134632;134633;134683;134766;134716;83167;134767;134768;134769;134770;134771;134879;134880;134881;134915;134916;83168;134955;134982;134983;135098;135099;135100;135101;135102;135205;135190;135364;135363;135496;135495;135497;135498;136630;135596;135721;135722;135723;83190;135724;135939;135976;135975;135977;135978;135979;135980;135981;83476;136201;136067;136202;136068;136203;136204;136206;136205;136289;136288;82170;83498;136290;136366;136368;136367;136412;136427;136429;136428;136484;136951;83499;136631;136672;136673;136702;136674;136720;136832;136833;136834;136835;83545;136836;136893;136952;136980;136979;136982;136981;136983;136984;83500;136985;136987;136986;137008;137153;137205;137154;137206;137207;137248;137247;83531;137282;137339;137283;137371;137284;137372;137416;137418;137417;83747;137419;137572;137670;137671;137672;137841;137858;137859;137860;137861;137862;83819;137863;137886;137887;137906;137907;137908;137909;137910;137911;138062;83905;138063;138224;138064;138364;138389;138390;138391;138392;138393;83886;138529;138578;138781;138782;138858;138783;138859;138910;138911;138912;83864;138913;139009;139008;139094;139244;139095;139096;139098;139097;139207;82171;83865;139208;139209;139245;139246;139247;139248;139249;139251;139250;83866;139252;139297;139253;139340;139341;139387;139388;139428;139427;139429;139430;83887;139518;139519;139520;139552;139551;139624;139585;139625;139626;139627;83888;139628;139629;139630;139675;139703;139735;139756;139758;139757;139759;83906;139760;139773;139774;139775;139776;139876;140046;139928;140048;140047;83907;140049;140050;140051;140052;140053;140054;140055;140056;140057;140058;83918;140103;140134;140224;140225;140295;140296;140298;140297;140468;140469;83995;140538;140539;140540;140606;140541;140665;140931;140804;140932;140805;84023;140806;140807;140808;140809;140810;140934;140933;140935;141062;141131;84061;141132;141133;141134;141135;141136;141137;141247;141246;141286;141291;82172;84062;141272;141287;141271;141379;141378;141389;141463;141466;141794;141508;84093;141792;141791;142174;141901;141872;141910;142011;142052;142107;142105;84130;142159;142176;142202;142153;142169;142199;142206;142158;142155;84094;142504;142571;142546;143107;142551;142521;142632;142633;142616;142634;142623;84165;142670;142619;142861;142667;142827;142825;142832;142845;142849;142918;84166;142931;142926;142924;142936;143099;143109;143104;143133;143138;143170;84252;143169;143193;143185;143186;143224;143226;143336;143308;143323;143305;84253;143401;143386;143392;143410;143388;143440;143435;143459;143461;84294;143527;143512;143518;143519;143597;144097;143594;144022;144029;144023;144092;84295;144152;144099;144264;144262;144343;144494;144350;144439;144444;144441;82173;84296;144490;144497;144478;144541;144595;144574;144587;144681;144636;144627;84297;144638;144666;144657;144738;144723;144725;144735;144758;144762;144814;84349;144825;144924;144836;144956;144925;145217;145167;145208;145165;84407;145237;145259;145384;145427;145437;145475;145531;145772;145724;145725;146163;84408;146053;146155;146129;146133;146191;146119;146278;146291;146283;146324;84433;146321;146372;146361;146360;146466;146473;146527;146521;146512;84434;146504;146555;146609;146612;146610;146700;146604;146602;146608;146736;146666;84435;146699;146665;146677;146725;146667;146887;146919;146893;146945;146981;84447;146974;146968;147179;147182;147176;147187;147532;147548;147685;147744;84448;147772;147797;147800;147775;147903;147813;147898;147902;147901;82174;84471;147926;147928;148072;148080;147960;148053;148173;148166;148146;84472;148206;148272;148254;148275;148270;148301;148302;148311;148312;148323;148322;84473;148363;148416;148440;148442;148508;148610;148623;148701;148749;148762;84494;148927;148926;148965;149008;149016;149004;149003;149015;149014;149019;149009;84495;149034;149036;149037;149040;149103;149246;149344;149262;84507;149261;149345;149339;149372;149342;149426;149427;149460;149423;149492;149485;84508;149488;149517;149518;149515;149568;149854;149889;150005;150107;150111;150097;150099;150173;150262;150255;150272;150303;150301;150309;150333;84551;150467;150336;150454;150453;150703;150796;150806;150805;150904;84597;150985;150984;151006;151044;151111;151028;151361;151131;151192;151264;82175;151265;84676;151219;151369;151368;151370;151373;151480;151486;151516;151676;84677;151677;152075;151812;151829;151891;151834;153148;152012;152006;152078;152059;84812;152171;152170;152228;152194;152193;152215;84831;152217;152214;152223;152349;152547;152519;152383;152384;152486;152517;84832;152662;152535;154200;152737;152607;153132;152723;152739;152773;152898;84833;152899;152966;152983;152982;153026;153217;153216;153226;153480;153431;84834;153482;153481;153548;153571;153601;153600;153772;153741;153843;153811;84835;153809;153808;153810;153845;153846;153841;153842;153844;153966;153965;84885;154114;153994;153996;154021;154020;154195;154237;154257;154331;84932;154330;154427;154410;154627;154733;154514;154736;154735;154731;154752;82176;84989;154739;154747;154749;154751;154753;154754;154882;154881;154936;154923;84990;154920;154950;155013;155016;155014;155123;155060;155312;155346;155439;84991;155440;155604;155622;155639;155658;155675;155683;155712;155711;85050;155710;155707;155713;155721;155739;155740;155738;155822;155861;155922;155848;85051;155924;155921;156018;156039;156163;156159;156160;156234;156173;156315;85052;156318;156314;156396;156329;156332;156320;156322;156321;156328;156335;85128;156334;156333;156336;156384;156385;156386;156391;156393;156394;156392;85233;156449;156417;156418;156419;156576;156575;156457;156691;156690;156789;85278;156765;156766;156770;156965;156964;156818;156773;85279;156794;156920;156954;156955;156963;157055;157048;157047;157058;157255;82177;157262;85280;157250;157252;157254;157248;158247;157261;157324;157365;157321;157379;85418;157397;157401;157407;157409;157846;157901;158026;158032;85465;158035;158049;158045;158067;158084;158170;158196;158450;158510;85419;158511;158647;158649;158681;158675;158676;158685;159090;158698;158747;85546;158819;158783;158821;158820;158850;158978;158933;85547;158996;159003;159002;159001;159069;159072;159076;159079;159077;159116;85584;159141;85585;85586;85654;82178;85655;85656;85663;85695;85769;85807;85897;85808;85888;85931;82179;86049;86021;86022;86195;86127;86154;86155;86196;86197;86211;82180;86212;86213;86225;86226;86227;86357;86406;86428;86429;86446;82181;86551;86552;86553;86578;86579;86640;86641;86676;86677;86712;82182;159140;86793;86794;86920;86907;86952;86953;87056;87068;87069;87070;82183;87072;87071;87073;87074;87075;87076;87111;87112;87186;82184;87265;87266;87268;87267;87286;87287;87315;87316;87330;87382;82185;87427;87605;87508;87606;92678;87607;87682;87738;87683;87729;87850;87826;87884;87897;87931;87932;87933;87956;82186;87957;87958;87975;87977;87976;87978;87993;87994;88105;88023;88106;82187;88107;88108;88387;88422;88388;88491;88492;88493;88494;88511;82188;88599;88580;88600;88627;88724;88740;88764;88766;88765;82189;88810;88863;88845;88864;88887;88886;88913;88938;88914;88939;88940;82190;88971;88972;88974;88973;88995;88997;88996;88998;88999;89040;89000;82191;89041;89042;89043;89045;89044;90803;90805;90804;90806;82192;90807;90870;90869;90871;90872;90873;90874;90895;90926;90943;82193;90944;90945;91021;91022;91049;91050;91107;91051;91108;91109;82194;91132;91133;91134;91135;91136;91137;91196;91197;91173;91198;82195;91242;91243;91264;91265;91299;91286;91287;91323;91324;91325;82196;91358;91326;91359;91361;91360;91362;91363;91395;91396;82197;91444;91397;91445;91472;91521;91522;91489;91446;91505;91523;91548;82198;91574;91575;91576;91577;91578;91613;91688;91687;91689;91770;82199;91690;91691;91733;91789;91771;91831;91832;91834;91833;91835;82200;91836;91859;91860;91900;91901;91903;91902;91904;91905;91919;91920;91921;91948;91922;91977;91978;91979;92665;92324;92003;82201;92325;92326;92380;92474;92500;92524;92501;92544;92545;82202;92546;92547;92568;92569;92570;92613;92631;92762;92587;92632;92633;82203;92634;92635;92636;92637;92638;92004;92639;92640;92763;92641;82204;92683;92705;92704;92727;92729;92728;92827;92794;92793;92828;92829;92873;92874;92969;92970;92953;93017;93053;82205;93054;93083;93130;93199;93131;93132;93133;93236;93320;93321;82206;93322;93353;93323;93385;93413;93386;93415;93416;93414;93417;82207;93543;93485;93544;93545;93564;93565;93566;93567;93568;93569;82208;93570;93612;93620;93667;93688;93689;93690;93746;93691;93692;82209;93831;93832;93834;93833;93847;93868;93869;82210;93900;93913;93969;93968;93970;94075;94100;94077;94076;94078;82211;94101;94110;94102;94112;94113;94114;94111;94141;94142;94143;82212;94144;94145;94184;94204;94293;94233;94255;94257;94256;94258;82213;94294;94295;94296;94298;94297;94299;94300;94343;94411;94410;82214;94447;94448;94474;94473;94475;94476;94477;94518;94519;82215;94520;94583;94585;94586;94587;94612;94764;94584;94916;82216;94917;94940;94983;95029;95030;94941;95031;95261;95262;95263;82217;95296;95357;95359;95358;95360;95399;95412;95413;95454;82218;95455;95456;95457;95485;95486;95601;95635;95634;95653;95654;95664;82219;95665;95774;95775;95899;96005;96007;96006;96009;96008;82220;96010;96011;96012;96013;96014;95955;95954;96051;96093;96094;96085;82221;96095;96096;96097;96098;96100;96099;96155;96183;96184;96185;82222;96186;96187;96188;96189;96190;96191;96272;96192;96343;96396;82223;96458;96459;96490;96491;96492;96493;96535;96536;96537;96570;82224;96634;96635;96636;96665;96666;96732;96704;96814;96779;82225;96815;96816;96817;96818;96839;96840;96841;96882;96883;96884;82226;96909;96911;96910;96930;96931;96963;96983;97029;97087;97052;82227;97105;97106;97150;97195;97216;97231;97088;97232;97233;97234;97235;82228;97356;97236;97332;97392;97394;97393;97395;97396;97418;82229;97437;97438;97440;97439;97441;97473;97559;97614;97588;82230;97641;97640;97642;97669;97668;97697;97698;97780;97782;97781;97796;82231;97797;97799;97798;97898;97899;97920;97921;97963;82232;97964;97965;97966;99000;99001;99002;99042;99003;99043;99045;82233;99107;99139;99044;99187;99188;99189;99202;99251;99250;99252;99253;82234;99269;99268;99270;99271;99291;99401;99442;99402;99403;99420;82235;99421;99422;99443;99542;99543;99544;99600;99601;99602;99603;82236;99636;99637;99638;99639;99672;99604;99673;99674;99692;99693;82237;99715;99694;99734;99733;99735;99736;99737;99738;99739;99740;82238;99919;99997;99998;99999;100069;100107;100108;100109;100110;100133;82239;100162;100176;100177;100225;100226;100227;100302;100303;100304;100330;82240;100360;100390;100431;100473;100474;100475;100476;100477;100478;100479;100480;82241;100513;100481;100482;100575;100514;100515;100516;100517;100518;82242;100519;100559;100576;100577;100578;100602;100622;100624;100623;100672;82243;100645;100673;100724;100771;100772;100796;100816;100817;100848;100849;82244;100850;100851;100875;100876;100939;100941;100940;100966;101006;101007;14848;14850;14849;14851;14853;14852;14855;14854;14857;14856;14858;14859;14860;14861;14862;14863;14864;14865;14866;14867;14868;14869;14870;14871;14872;14873;14874;14875;14876;14877;14878;14879;14880;14881;14882;14883;38953;14885;14887;14886;14888;14889;14890;14891;14892;14893;14894;14895;14897;14896;14898;14899;14901;14900;14902;14903;14905;14904;14906;14907;14908;14909;14910;14911;14912;14913;14914;14915;14916;14917;14918;14919;14920;14921;14922;14923;14924;14925;14926;14927;14928;14929;14930;14931;14932;14933;14934;14935;14936;14937;22542;22543;22544;22545;22546;22547;22548;22549;22550;22551;14938;22552;22553;22554;22555;22556;22557;22558;22559;22560;14939;22561;22563;22562;22564;22565;22566;22567;22568;22569;22570;22571;14940;22572;22573;22574;22575;22576;22577;22578;22579;22580;22581;14941;22582;22583;22584;22585;22587;22586;22589;22588;22590;22591;14942;22592;22594;22593;22595;22596;22597;22598;22599;22600;22601;14943;22602;22603;22604;22605;22606;22607;22608;22610;22609;14944;22611;22613;22612;22614;22615;22616;22617;22619;22618;22620;22621;14945;22622;22623;22624;22625;22626;22627;22628;22629;22630;22631;14946;22632;22633;22634;22635;22636;22637;22638;22640;22639;22641;14947;22642;22643;22644;22646;22645;22647;22648;22649;22650;22651;14948;22652;22653;22654;22655;22656;22657;22658;22659;22661;22660;14949;22662;22663;22664;22665;22666;22667;22668;22669;22670;22671;14950;22672;22673;22674;22675;22677;22676;22678;22679;22680;22681;22682;14951;22683;22684;22686;22685;22688;22687;22689;22690;22691;14952;22692;22693;22694;22695;22696;22697;22698;22699;22700;22701;14953;22702;22703;22704;22705;22706;22707;22708;22709;22710;22711;14954;22712;22713;22714;22715;22717;22716;22718;22719;22721;22720;14955;22722;22724;22723;22725;22726;22728;22727;22729;22730;22731;22904;22732;22733;22734;22735;22881;22905;22906;22907;22908;14957;22927;22931;22934;22935;22936;22937;23655;23656;23657;23658;14958;23660;23659;23662;23661;23701;23700;23703;23702;23704;23742;23737;14959;23743;23757;23765;23766;23767;23844;23768;23770;23790;14960;23791;23792;23845;23846;23847;23848;23849;23912;23911;14961;23913;23945;23946;23948;23947;23949;25339;24006;25225;24025;24026;14962;24247;24248;24291;24292;24293;24294;24295;24297;24296;24346;14963;24359;24347;24765;24776;24793;24794;24819;24834;24865;24835;14964;24879;24880;24881;24921;25008;25009;25010;25011;25012;25096;14965;25097;25098;25099;25100;25151;25152;25153;25176;25177;14966;25226;25227;25228;25229;25258;25299;25259;25300;25301;25356;25455;14967;25463;25503;25464;25465;25504;25529;25505;25506;25531;25530;25532;14968;25555;25556;25557;25558;25581;25582;25583;25584;25585;14969;25586;25615;25616;25628;25629;25638;25675;25640;25639;25676;14970;25677;25678;25695;25742;25743;25744;25779;25780;25801;25781;25782;14971;25851;25825;25826;25852;25853;25855;25854;25856;25857;14972;25858;25859;25860;25861;25887;25936;25937;25909;25938;25959;14973;25961;25960;25962;25963;25964;25965;25966;25974;26029;26030;14974;26031;26032;26033;26034;26035;26078;26079;26080;26208;26209;26210;14975;26975;26211;26930;26931;26976;27043;27066;27515;27544;14976;27545;27546;27548;27547;27549;27577;27587;27621;27628;27629;14977;27804;27630;27819;27842;27843;28150;28151;28297;28253;28298;14978;28299;28300;28301;28336;28337;28338;28339;29191;29192;29226;14979;29227;29228;29257;29258;29259;29260;29261;29262;29263;29337;14980;29338;29339;29705;29706;29707;29755;29756;29803;29805;29806;29807;14981;29836;29808;29837;29838;29839;29840;29856;29857;29858;29859;14982;29860;29861;29872;29873;29902;29903;29904;29935;29936;14983;29937;29938;29939;29968;29984;30000;30023;30059;30061;30060;14984;30062;30063;30064;30065;30066;30067;30111;30112;30125;30126;14985;30188;30189;38954;30223;30225;30224;30155;30226;30227;30228;14986;30229;30230;30231;31028;30232;31056;31055;31123;31102;31143;14987;31144;31145;31146;31147;31149;31148;31150;31151;31169;31170;14988;31303;31358;31359;31360;31425;31426;31587;31588;31589;31590;14989;31591;31592;31628;31629;31630;31631;31632;31661;31662;38955;14990;31687;31663;31709;31710;31711;31806;31721;31807;31809;31808;14991;31810;31948;31811;31950;31949;31951;31952;31969;32003;32004;14992;32005;32006;32007;32008;32034;32035;32057;32058;32059;14993;32060;32084;32085;32086;32125;32126;32127;32140;32141;32142;32143;14994;32144;32305;32307;32306;32309;32308;32378;32377;32379;32380;14995;32402;32403;32404;32405;32406;32407;32435;32447;32457;32448;14996;32482;33077;33173;33174;33175;33177;33176;33178;33230;14997;33367;33401;33402;33403;33450;33467;33491;33492;33507;14998;33508;33527;33551;33552;33566;33567;33568;33737;33738;33739;14999;33740;33741;33764;33773;33772;33774;33775;33826;33933;33934;15000;34033;34032;34053;34087;34088;34163;34171;34212;34223;34246;15001;34253;34254;34255;34352;34340;34354;34353;34370;34355;34371;15002;34386;34387;34388;34392;34415;34444;34449;34450;34478;34492;15003;34500;34700;34669;34745;34720;34757;34810;34823;34937;15004;34938;34949;34950;34973;34975;34974;35010;34995;35031;35011;35032;15005;35033;35036;35083;35061;35077;35091;35106;35225;35174;35252;15006;35253;35254;35275;35276;35293;35294;35313;35314;35329;35333;35334;15007;35365;35364;35366;35378;35382;35383;35425;35384;35431;15008;35461;35463;35547;35548;35549;35550;35567;35612;35622;35637;15009;35638;35662;35663;35664;35691;35692;35738;35752;35739;35754;15010;35755;35762;35763;35764;35790;35901;35902;35907;35908;35991;15011;35924;35992;35925;35932;35958;35967;35968;35979;35980;35987;15012;35988;35989;35993;36046;36040;36134;36047;36066;36067;36052;15013;36053;36076;36084;36118;36090;36119;36120;36123;36135;15014;36142;36146;36164;36172;36173;36189;36174;36207;36208;36843;38158;15015;38202;38640;38641;38642;38656;38666;38667;38690;38668;38691;15016;38692;38696;38702;38703;38722;38723;38704;38724;38725;38747;15017;38795;38833;38869;38859;38878;38861;38880;39332;38980;38990;15018;38991;38992;39333;39374;39334;39391;39439;39440;39441;15019;39451;39483;39452;39495;39568;39569;44690;44691;44692;44693;44694;15020;44695;44696;44697;44698;44699;44700;44702;44701;44703;44704;15021;44705;44706;44707;44708;44709;44710;44712;44711;44713;44714;15022;44715;44717;44716;44718;44719;44721;44720;44722;44723;44724;15023;44725;44726;44727;44728;44729;44731;44730;44732;44733;44734;15024;44735;44736;44737;44738;44740;44739;44742;44741;44743;44744;15025;44745;44746;44747;44748;44749;44750;44751;44752;44753;44754;15026;44755;44756;44757;44758;44759;44760;44761;44762;44763;44764;15027;44765;44766;44767;44768;44769;44770;44772;44773;44774;15028;44775;44776;44777;44778;44779;44780;44781;44782;44783;44784;15029;44785;44786;44787;44788;44790;44789;44791;44792;44794;44793;15030;44795;44796;44797;44798;44799;44800;44801;44802;44803;44804;15031;44806;44805;44808;44807;44810;44809;44811;44812;44814;44813;15032;44815;44816;44817;44818;44819;44820;44821;44822;44823;44824;44825;15033;44826;44827;44828;44829;44830;44831;44832;44834;44833;15034;44835;44836;44837;44838;44839;44841;44840;44843;44842;15035;44844;44845;44846;44848;44847;44849;44850;44851;44852;44853;44854;15036;44855;44856;44858;44857;44859;44860;44862;44861;15037;44863;44864;44865;44866;44867;44950;44970;44951;44988;45008;15038;45025;45027;45026;45055;45054;45056;45069;45062;45057;45094;45113;15039;45123;45134;45337;45396;45369;45407;45397;45412;45427;45428;15040;45445;45479;45480;45546;45556;45558;45557;45559;45560;45612;15041;46226;46213;46314;46243;46315;46316;46346;46352;46707;15042;46708;46709;46710;46724;46725;46829;46830;46831;46832;46861;46862;15043;46875;47103;47104;47105;47154;47153;47584;47589;47704;47705;47735;15044;47767;47736;47792;47791;47890;47889;48220;48221;48222;15045;48223;48224;48225;48240;48241;48247;48248;48249;48256;48384;15046;48270;48344;48385;48386;48387;48895;48896;48924;48925;48928;15047;49057;49058;49103;49114;49121;49150;49184;49151;49231;49275;15048;49276;49277;49291;49292;49676;49717;49766;49767;49815;49965;15049;49966;50024;50309;50452;50696;50453;50826;50825;50864;15050;50865;51127;51128;51181;51180;51397;51398;51399;51400;51401;15051;51427;51428;51440;51531;51530;51556;51557;51558;51559;15052;51588;51665;51677;51817;51819;51818;51828;51829;51862;51945;51946;15053;51959;51977;51978;51979;52027;52028;52029;52030;52031;52032;15054;52037;52055;52056;52461;52462;52463;52484;52511;52512;52513;15055;52548;52537;52549;52550;52600;52551;52618;52619;52621;52620;15056;52637;52660;52674;52691;52718;52720;52719;52758;52741;52946;15057;52947;52948;52949;52997;52998;53198;53211;53212;53224;53259;15058;53260;53304;53324;53340;53341;53342;53343;53344;53393;53477;15059;53495;53496;53505;53506;53507;53558;53559;53602;53604;53603;15060;53605;53832;53833;53861;53860;53862;53880;53900;54588;15061;55027;55029;55028;55030;55031;55032;55033;55034;55035;55036;55037;15062;55038;55039;55040;55041;55042;55043;55045;55044;55065;55066;15063;55136;55145;55146;55164;55280;55170;55486;55487;55488;55489;15064;55490;55491;55516;55537;55524;55538;55554;55555;55610;55624;15065;55625;55641;55672;55673;55674;55694;55708;55721;55722;55769;15066;55770;55776;55820;55841;55852;55888;55889;55942;55998;56025;15067;56026;56074;56116;56143;56130;56144;56231;56145;56167;15068;56179;56307;56285;56340;56339;56381;56393;56394;56395;56409;56414;15069;56415;56443;56444;56669;56571;56586;56622;56623;56624;56662;15070;56663;56670;56671;56672;56714;56715;56727;56716;56728;56729;15071;56730;56759;56761;56760;56785;56786;56850;56856;56882;56881;56883;15072;56884;56923;56929;56982;56986;56987;56999;57499;57500;15073;57501;57502;57503;57504;57505;57507;57506;57508;57509;15074;57510;57512;57511;57513;57514;57515;57516;57517;57518;57519;15075;57520;57521;57522;57523;57525;57524;57526;57527;57542;57583;15076;57543;57621;57643;57693;57735;57702;57737;57736;57738;57753;15077;57811;57812;57813;57814;57827;57851;57879;57880;57925;57963;15078;57964;58012;58011;58043;58077;58078;58110;58135;58097;58136;15079;58148;58172;58198;58173;58199;58200;58251;58250;58295;58277;15080;58303;58304;58324;58391;58357;58393;58392;58436;58417;58437;15081;58459;58485;58460;58486;58530;58541;58598;58667;58608;58728;15082;58729;58753;58754;58766;58804;58817;58853;58854;58855;58883;58880;15083;58884;58908;58978;58969;59059;59060;59061;59062;15084;59070;59093;59094;59166;59167;59183;59182;59215;59216;59250;59251;15085;59758;59760;59759;59762;59761;59764;59763;59765;59766;59767;15086;59769;59768;59770;59771;59772;59773;59774;59775;59776;59777;15087;59778;59780;59779;59781;59782;59824;59825;59839;60088;59890;15088;60002;59961;60003;60004;60068;60005;60156;60142;61374;61382;15089;61401;61415;61438;61439;61440;61441;61495;61520;61537;15090;61538;61555;61578;61627;61652;61662;61723;61734;61735;62000;61792;15091;62011;62012;62013;62014;62015;62016;62049;62067;62086;62113;15092;62188;62225;62285;62317;62318;62440;62452;62448;62453;62599;15093;62643;62644;62664;62665;62666;62667;62721;62722;62723;15094;62748;62778;62804;62872;62805;62949;62929;63125;63028;63068;63114;15095;63126;63151;63188;63194;63193;63270;63269;63271;63272;63273;15096;63335;63341;63356;63342;63357;63358;63359;63382;63384;63383;15097;63385;63433;63386;63456;63457;63512;63511;63556;63557;15098;63582;63640;63648;64082;64364;64395;64439;64396;64493;64397;64553;15099;64623;64591;64635;64624;64648;64649;64662;64663;64671;64880;64732;15100;64867;64881;64897;64898;64972;64973;64995;64996;65033;15101;65556;65178;65179;65228;65557;65558;65584;65581;65582;65585;15102;65586;65635;65695;65696;65793;65744;65727;65812;65921;66159;15103;66004;66028;66296;66180;66281;66383;66384;66431;66486;15104;66546;66547;66548;66557;66558;66560;66559;66562;66561;15105;66563;66564;66565;66566;66567;66569;66568;66570;66571;66572;66573;15106;66574;66576;66575;66603;66602;66677;66676;66678;66916;15107;66766;66767;66768;66792;66846;66847;66851;66852;66905;66906;66910;15108;66917;66936;66974;66937;66976;67100;67101;67102;67131;67236;15109;67201;67202;68889;68942;68970;68971;69083;69094;69084;69107;15110;69109;69108;69227;69197;69228;69277;69313;69354;69398;69435;69459;15111;69470;69473;69484;69483;69506;69505;69522;69523;69542;15112;69780;69781;69884;69813;69841;69848;69885;69895;69938;69959;69960;15113;70002;70080;70128;70105;70148;70200;70201;70303;70353;15114;70354;70355;70372;70373;70374;70375;70402;70401;70403;70417;15115;70502;70503;70533;70534;70548;70636;70664;70652;70722;70733;15116;70737;70748;70749;70807;70981;70982;70983;70984;70985;70986;15117;71080;71025;71097;71055;71098;71118;71146;71141;71220;71180;15118;71221;71275;71254;71276;71277;71278;71402;71442;71474;71497;15119;71502;71526;71527;71528;71541;71585;71586;71618;71764;71769;15120;71778;71779;71780;71781;71782;71848;71802;71849;71850;71867;15121;71902;71911;71933;71934;71980;72010;72011;72109;72046;72239;15122;72240;72248;72375;72353;72354;72355;72401;72412;72439;72438;15123;72440;72537;72538;72562;72610;72647;72611;72758;72655;72782;15124;72886;72911;72912;72952;72989;72990;72991;72992;72994;72993;73065;15125;73139;73106;73214;73164;73215;73216;73239;73238;15126;73254;73255;73256;73278;73293;73350;73351;73388;73421;73440;15127;73441;73485;73465;73486;73501;73534;73581;73599;73713;73625;15128;73626;73657;73691;73714;73715;73743;73744;73745;73844;73855;15129;73856;73866;73867;73869;73868;73924;73971;73997;74027;74043;15130;74045;74044;74095;74096;74129;74097;74164;74197;74256;15131;77306;74277;74278;74279;74280;74294;74313;74314;74315;74336;15132;74338;74337;74375;74374;74381;74476;74477;74498;74499;76057;15133;76081;76082;76090;76091;76171;76194;76172;76219;76285;76286;15134;76299;76349;76387;76417;76418;76433;76465;76477;76499;76583;15135;76599;76689;76605;76606;76717;76690;76841;76842;76843;76844;15136;76857;76858;76884;76949;76950;76976;76977;77007;77035;77100;15137;77101;77102;77111;77122;77123;77202;77240;77287;77343;77307;15138;77344;77358;77418;77419;77422;77468;77469;77510;77511;77547;15139;77610;77585;77611;77637;77671;77715;77716;77751;77752;77762;77763;15140;77824;77825;77880;77881;77882;77919;77920;77921;15141;77973;78027;78026;78044;134330;78045;78046;78047;78091;78092;78449;15142;78563;78518;78519;78520;78589;78659;78681;78695;78694;78725;15143;78785;78784;78833;78834;78896;78861;78898;78897;79064;79065;15144;79066;79190;79221;79255;79339;79564;79362;79600;79586;15145;79627;79628;79629;79636;79637;79669;79696;79697;79728;79729;79730;15146;79731;79806;79805;79808;79807;79883;79882;79884;79885;79886;15147;79888;79887;79889;79890;80057;80058;80126;80207;80127;80208;80229;15148;80284;80230;80285;80255;80286;80307;80308;80361;80393;15149;80401;80420;80421;80444;80445;80446;80462;80528;80558;80573;15150;80574;80833;80834;80871;80872;80970;80972;80971;80973;81006;15151;81027;81028;81029;81056;81090;81109;81110;81111;15152;81129;81131;81130;81150;81149;81189;81211;134331;81250;81251;81279;81301;15153;81302;81409;81413;81444;81445;81446;81447;81426;15154;81448;81450;81449;81527;81526;81555;81528;81556;81747;81598;81607;81654;15155;81760;81748;81794;81793;81795;81830;81831;81832;81833;15156;81835;81834;81836;81899;81900;81926;81927;81955;81982;81983;15157;81984;81999;82000;82001;82048;82302;82303;82304;82305;15158;82432;82511;82512;82538;82595;82622;82624;82623;82670;82719;82720;15159;82721;82722;82744;82745;82746;82838;82806;82839;82865;82864;82929;15160;82930;83003;83062;83061;83063;83064;83120;83065;83145;15161;83146;83147;83191;83192;83193;83231;83232;83233;83234;83235;15162;83236;83253;83273;83306;83307;83335;83308;83336;83381;83422;15163;83423;83501;83532;83546;83547;83748;83775;83784;83785;83786;15164;83787;83788;83789;83820;83889;83908;83919;83960;83980;84024;15165;84025;84026;84063;84167;84168;84169;84170;84171;84200;15166;84298;84277;84299;84300;84350;84436;84373;84449;84474;84509;15167;84510;84511;84552;84598;84599;84626;84649;84650;84836;84837;84838;15168;84933;84839;84965;84992;85031;84993;85032;85053;15169;85129;85130;85162;85161;85164;85163;85165;85184;85352;85281;15170;85353;85354;85355;85356;85357;85388;85466;85517;85587;85588;15171;85589;85569;85590;85657;85664;85696;85726;85753;85755;85754;85756;15172;85770;85809;85810;85851;85898;85912;85914;85913;85915;15173;85944;86023;86024;86025;86050;86107;86108;86156;86157;86303;15174;86304;86329;86375;86430;86447;86448;86486;86580;86581;86582;15175;86642;86618;86665;86666;86678;86679;86680;86681;15176;86682;86700;86713;86727;86728;86772;86795;86832;86833;86888;86921;15177;86998;86954;87057;87058;87077;87078;87080;87079;87162;87163;15178;87164;87175;87187;87288;87212;87331;87289;87359;87360;87383;15179;87384;87428;87430;87429;87431;87479;87509;92679;87510;87511;15180;87541;87608;87739;87740;87684;87742;87741;87827;87828;87851;87829;15181;87852;87853;87898;87899;87900;87901;87979;87934;87995;87996;15182;88024;88110;88109;88389;88423;88424;88425;88427;88426;15183;88462;88495;88496;88497;88498;88499;88568;88581;88602;88601;15184;88628;88629;88631;88630;88702;88725;88727;88726;88741;88728;88865;15185;88768;88767;88846;88866;88867;88868;88915;88869;88941;88916;88942;15186;88943;88975;88976;89001;89046;89002;89003;89004;89005;15187;89061;89121;89062;89694;89122;89695;89696;89697;89698;15188;89791;89792;89793;89851;89794;89877;89876;89878;89926;89972;90030;15189;90031;90032;90033;90070;90071;90101;90125;90160;90126;90127;15190;90205;90206;90207;90252;90277;90278;90279;90280;90281;90322;15191;90323;90369;90370;90371;90409;90410;90453;90454;90515;90549;15192;90550;90551;90552;90686;90638;90687;90688;90724;90725;90767;15193;90768;90808;90838;90839;90840;90841;90896;90897;90927;90928;15194;90929;91023;91024;91025;91052;91110;91138;91139;91140;91174;15195;91175;91199;91200;91244;91266;91288;91300;91365;91364;91366;15196;91430;91429;91431;91447;91473;91474;91490;91506;91524;91549;15197;91550;91614;91615;91616;91692;91693;91837;91891;91886;91906;91892;15198;91923;91907;91924;91925;91926;91927;91965;92224;15199;92327;92381;92328;92475;92382;92502;92525;92526;92548;92527;15200;92571;92572;92573;92588;92614;92642;92643;92644;92666;92730;92706;15201;92731;92954;92955;92764;92795;92956;92875;92957;93018;92958;15202;93114;93019;93116;93115;93117;93134;93237;93238;93254;93324;15203;93354;93325;93387;93418;93419;93420;93486;93546;93547;93548;15204;93549;93613;93621;93668;93669;93693;93694;93695;93723;93747;15205;93748;93835;93836;93837;93838;93848;93849;93870;93871;93914;15206;93941;94023;94056;94079;94115;94116;94146;94205;94234;15207;94259;94260;94456;94478;94521;94588;94589;94644;94613;15208;94645;94738;94744;94743;94901;94902;94942;94922;95032;94943;15209;95033;95264;95034;95297;95298;95362;95361;95414;95445;15210;95610;95666;95667;95776;95777;95827;95828;96015;96016;96017;96018;15211;95936;95956;95957;95958;96101;96102;96104;96103;96105;96193;15212;96194;96287;96195;96318;96344;96345;96346;96410;96460;96461;15213;96462;96494;96496;96495;96498;96497;96637;96638;96667;96668;15214;96669;96819;96780;96843;96842;96844;96885;96912;96913;96932;15215;96933;96984;97067;97068;97089;97090;97136;97135;97137;97196;97217;15216;97358;97357;97397;97398;97399;97400;97442;97474;97475;15217;97498;97529;97530;97589;97615;97643;97644;97670;97699;97757;15218;97783;97800;97801;97802;97900;97922;97923;97967;99004;99005;15219;99006;99007;99008;99046;99047;99190;99140;99254;99292;99318;15220;99485;99484;99545;99640;99675;99695;99717;99716;99741;99742;99954;15221;99970;99971;99972;99973;100029;100070;100071;100111;15222;100163;100164;100165;100166;100178;100167;100277;100278;100279;100306;100305;15223;100391;100432;100392;100483;100433;100484;100520;100522;100521;100560;15224;100579;100561;100580;100625;100726;100725;100727;100728;100739;100773;15225;100774;100818;100797;100819;100852;100853;100877;100878;100879;100880;15226;100967;101008;101009;101010;101011;101012;101013;101034;101035;101066;15227;101067;101176;101240;101241;101322;101323;101379;101380;101490;101554;15228;101555;101556;101557;101793;101794;101857;101910;101911;101983;101984;15229;101985;102045;102046;102097;102209;102135;102210;102211;102369;102370;15230;102371;103792;102372;102373;102374;102442;102443;102444;102445;102446;15231;102447;102448;102449;102483;102529;102598;102550;102599;102600;102629;15232;102630;102684;102685;102715;102790;102791;102792;102807;102825;102826;15233;102927;102928;102929;102930;102931;102963;102964;103096;103146;103116;103147;15234;103198;103148;103231;103259;103260;103261;103311;103312;103331;15235;103364;103392;103365;103432;103473;103539;103578;103579;103580;103608;15236;103654;103655;103715;103716;103717;103757;103758;103793;103794;103859;15237;103882;103992;103993;103994;104057;104058;104134;104222;104223;104224;15238;104258;104259;104302;104339;104340;104365;104400;104401;104402;104403;15239;104441;104414;104442;104465;104466;104467;104482;104483;104484;104485;15240;104486;104503;104504;104535;104586;104587;104588;104643;104644;104645;15241;104684;104685;104686;104722;104723;104724;104752;104753;104754;104792;15242;104819;104861;104862;104940;105087;104975;105089;105088;105120;105119;15243;105121;105123;105122;105170;105195;105329;105330;105331;105332;105397;15244;105431;105430;105432;105433;105489;105497;105498;105499;105595;105623;15245;105663;105664;105704;105754;105799;105800;105801;105802;106056;15246;106076;106109;106176;106212;106213;106235;106319;106321;106320;106413;106412;106414;15247;106509;106415;106593;106537;106661;106660;106726;106662;106727;15248;106728;106729;106852;106820;106853;106854;106874;106875;106876;106877;15249;106955;106956;106957;106986;107025;107024;107026;107119;107120;107121;15250;107122;107123;107124;107199;107279;108304;108345;108386;108346;108387;15251;108418;108417;108420;108419;108421;108422;108490;108523;108570;108571;15252;108610;108611;108664;108663;108697;108696;108698;108730;108731;108771;108772;15253;108774;108773;108789;108816;108817;108853;108854;108905;109003;108906;15254;109046;109047;109092;109065;109218;109093;109219;109220;109329;15255;109410;109349;109412;109411;109413;109415;109414;109518;109517;109556;15256;109557;109558;109587;109588;109589;109624;109658;109659;109660;109739;15257;109802;109901;109816;109925;109902;109968;109967;109969;110101;15258;110102;110165;110207;110208;110315;110316;110317;110318;110386;110418;15259;110419;110420;110421;110423;110422;110424;110464;110503;110537;110570;15260;110571;110572;110624;110665;110666;110729;110787;110910;110820;110911;15261;110928;110929;110968;111014;111087;111088;111089;111112;111141;111140;111173;15262;111175;111174;111316;111234;111317;111360;111395;111396;111468;15263;111521;111534;111535;111536;111537;111538;111557;111594;111652;111653;15264;111668;111706;111707;111796;111797;111798;111985;111986;111987;111988;15265;112066;112185;112232;112233;112280;117297;117298;117368;117369;117370;15266;117435;117436;117437;117503;117504;117505;117506;117611;117621;117674;15267;117644;117645;117675;117676;117677;117678;117812;117838;117890;117862;15268;117909;117957;117958;118023;118097;118071;118099;118098;118121;118122;15269;118158;118180;118179;118216;118365;118408;118472;118473;118474;118495;15270;118720;118719;118721;118723;118722;118840;118893;118894;118895;118939;15271;119018;119040;134332;119124;119125;119269;119268;119290;119313;119314;119480;15272;119508;119509;119561;119634;119792;119817;119850;119891;119892;119893;15273;120963;119943;121056;121057;121134;121135;121167;121136;15274;121168;121234;121317;121400;121425;121426;121438;121485;121484;121557;121486;15275;121558;121560;121559;121561;121576;121603;121628;122068;122069;122102;15276;122163;122268;122269;122270;122271;122321;122272;122516;122517;122518;122519;15277;122551;122621;122722;122723;122793;122724;122794;122933;122957;15278;123021;123020;123023;123022;123024;123025;123097;123026;123531;123530;123532;15279;123533;123691;123692;123758;123799;123800;123836;123835;124037;15280;124038;124039;124095;124096;124205;124344;124345;124368;124683;124721;15281;124722;124779;124780;125094;125095;125096;125097;125176;125343;125344;15282;125414;125415;125608;125416;125609;125709;125783;125742;125784;125857;15283;125858;125859;125905;125929;125930;126012;125959;126013;126127;126128;15284;126129;126224;126351;126352;126391;126392;126514;126529;126654;126608;126655;15285;126656;126657;126755;126837;126966;126967;126968;127102;127077;15286;127486;127487;127488;127489;127490;127492;127491;127822;127867;127823;15287;127928;127868;127929;127930;128066;128083;128180;128181;128125;128182;15288;128307;128429;128430;128479;128510;128511;128534;128559;128560;128620;15289;128621;128622;128782;128783;128884;129026;129072;129073;129074;129107;15290;129108;129306;129364;129412;129365;129413;129414;129415;129416;129506;15291;129507;129596;129597;129856;129985;130073;130134;130135;130136;130288;15292;130289;130290;130349;130350;130351;130437;130369;130524;130438;130525;15293;130612;130631;130981;130774;130983;130982;130984;130985;131086;131036;131087;15294;131140;131139;131141;131142;131249;131294;131438;131439;15295;131784;131838;131966;132062;132061;132063;132082;132108;132109;132269;132110;15296;132326;132423;132347;132425;132424;132427;132426;132635;132699;15297;132736;132760;132761;133106;133107;132875;133108;133109;133110;133151;133230;15298;133325;133326;133415;133416;133417;133418;133419;133475;133533;133534;15299;133657;133658;133699;133700;133731;133732;133733;133734;133815;133816;15300;133878;133879;133880;134094;133968;134095;134183;134353;134433;134434;15301;134577;134634;134772;134773;134774;134839;134917;134984;135103;135416;15302;135191;135206;135207;135208;135365;135366;135499;135417;135725;135794;15303;135878;135879;135982;135983;135984;136069;136123;136125;136124;15304;136126;136127;136291;136369;136292;136371;136370;136373;136372;136375;136374;15305;136376;136430;136413;136590;136431;136591;136675;136703;136676;15306;136721;136754;136778;136837;136932;136933;137155;137208;137209;137340;137341;15307;137373;137374;137375;137376;137573;137673;137674;137675;137731;137764;15308;137864;137888;137912;138065;138104;138066;138105;138106;138107;138225;15309;138226;138227;138365;138394;138644;138645;138646;138647;138648;138649;15310;138650;138651;138860;138914;139010;139099;139211;139210;139254;139298;15311;139255;139342;139389;139521;139522;139553;139631;139777;139812;139877;15312;139878;139929;139930;140059;140060;140061;140062;140104;140299;140300;15313;140301;140302;140303;140607;140666;140667;140796;140811;140936;141138;15314;141243;141385;141464;141511;141651;141552;141725;141841;141886;141843;15315;141897;142189;142050;142513;142626;142635;142618;142664;142858;142885;15316;142951;142920;143002;143130;143187;143194;143191;143260;143332;143315;15317;143313;143439;143509;143505;143500;143551;143593;143544;144043;144041;15318;144189;144311;144322;144353;144437;144477;144426;144483;144594;144609;15319;144626;144624;144691;144679;144672;144737;144824;144839;144818;144866;15320;145021;145132;145194;145123;145397;145386;145309;145319;145480;145471;15321;145527;145523;145728;146242;146052;146122;146318;146353;146371;146357;15322;146389;146514;146561;146562;146617;146599;146613;146603;146757;146787;15323;146786;146791;146892;146926;146895;146922;146942;146986;147784;147789;15324;147855;147793;147904;148172;148169;148170;148235;148236;148225;15325;148212;148234;148277;148305;148300;148314;148326;148433;148364;148444;148441;15326;148536;148615;148756;148870;148841;148963;148932;148967;148964;15327;149010;149007;149011;149017;149020;149005;149038;149219;149082;149229;149232;15328;149218;149250;149275;149373;149482;149609;149490;149635;149715;149855;15329;150115;149897;150109;150095;150165;150228;150310;150302;150706;150704;15330;150705;150803;150903;150905;151037;151422;151423;151622;151485;15331;151667;151807;151890;151833;152019;152068;152138;152163;152165;152169;15332;152224;152271;152270;152418;152395;152518;152419;152564;152516;152565;152568;15333;152753;152638;152775;152783;152892;152967;153024;152943;153123;153202;15334;153201;153182;153215;153485;153512;153572;153570;153509;153862;153668;15335;153865;153970;153941;153993;154148;154177;154159;154178;154229;154194;15336;154263;154354;154432;154428;154707;154732;154734;154750;154772;154818;15337;154815;154948;154949;155015;155294;155293;155311;155314;15338;155317;155373;155634;155708;155709;155769;155870;155975;156013;15339;156015;156114;156186;156124;156188;156189;156233;156191;156260;15340;156259;156267;156266;156442;156331;156451;156466;156547;156564;156563;156616;15341;156651;156636;156695;156697;156751;156762;156768;156767;156763;15342;156948;156949;156950;157263;157253;157256;157251;157259;15343;157260;157258;157249;157257;157322;157320;157378;157380;157447;15344;157891;157886;157908;158044;158031;158052;158043;158090;158089;158109;158158;15345;158201;158200;158202;158204;158203;158270;158335;158509;158684;158585;15346;158678;158677;158699;158746;158682;158762;158761;158781;158836;158857;15347;158898;158897;158899;159112;159109;15348;15349;15351;15350;15353;15352;15354;15355;15357;15356;15359;15358;15360;15361;15363;15362;15364;15365;15366;15367;15368;15369;15370;15371;15373;15372;15375;15374;15376;15377;15378;15379;15380;15381;15382;15383;15384;15385;15386;15387;15388;15389;15390;15391;15653;15654;15655;15656;15657;15658;15659;15660;15661;15662;15663;15664;15665;15666;15667;15668;15669;15670;15671;15672;15673;15674;15675;15676;15677;15678;15679;15680;15681;15682;15683;15685;15684;15686;15687;15688;15689;15727;15728;15824;15729;15825;15830;15831;15835;15844;15690;15845;15893;15907;15899;15932;15925;15961;15953;15994;16007;16008;16020;16025;16047;16048;16049;16072;16073;16074;16087;16096;16102;16103;16104;16105;16106;16112;16127;16128;16129;16013;16130;16131;16132;16150;16155;16156;16165;16176;16181;16196;16182;16186;16212;16213;16214;16215;16233;16234;16235;16236;16237;16239;16238;16246;16248;16249;16252;16262;16266;16284;16283;16300;16311;16341;16340;16342;16343;16345;16344;16346;16347;16365;16348;16380;16381;16383;16382;16391;16457;16465;16464;16470;17130;17143;17136;17196;17197;17232;17286;17299;17324;17577;17578;17600;17639;17640;17641;17657;17664;17673;17674;18009;18010;18030;18042;18056;18053;18080;18086;18087;18115;18143;18151;18152;18153;18157;18158;18195;18242;18226;18303;18227;18304;18514;18513;18516;18515;18517;18518;18595;18519;18623;18603;18596;18629;18630;18631;18632;18645;18651;18646;18652;18655;19195;18662;18664;18663;18667;18665;18674;18673;19188;19189;19219;19196;19220;19221;19224;19223;19225;19257;19270;19258;19315;19316;19317;19318;19319;19336;19373;57528;19430;19431;19432;19433;19475;19477;19476;19479;19478;19526;19527;19528;19529;19530;19531;19560;19532;19561;19562;19564;19563;19565;19566;19567;19568;19569;19570;19609;19571;19611;19610;19612;19613;19682;19683;19684;19685;19690;19708;19709;19710;19711;19785;19786;19787;19788;19789;19790;19791;19792;19793;19794;19795;19796;19797;19799;19798;19800;19801;19802;19804;19803;19806;19805;19808;19807;19809;19845;19846;19847;19953;19848;19955;19954;19956;19957;19958;19959;19960;19961;19963;19962;19964;19965;19966;19967;19968;19969;19970;20018;20019;20020;20063;20070;20072;20071;22736;22737;22738;22740;22739;22741;22743;22744;22742;22745;22746;22748;22747;22749;22750;22751;22752;22753;22754;22755;22757;22756;22758;22759;22760;22761;22762;22763;22764;22766;22765;22767;22769;22768;22770;22771;22772;22774;22773;22775;22776;22777;22778;22779;22780;22781;22783;22782;22785;22784;22786;22788;22787;22789;22790;22791;22792;22793;22794;22795;22797;22796;22798;22799;22800;22802;22803;22804;22801;22805;22806;22807;22808;22809;22811;22810;22812;22813;22815;22814;22816;22818;22817;22819;22821;22820;22822;22823;22824;22825;22826;22827;22828;22830;22829;22832;22831;22834;22833;22835;22837;22836;22838;22839;22840;22842;22841;22843;22844;22845;22847;22846;22848;22849;22850;22852;22851;22853;22855;22854;22856;22857;22858;22859;22860;22861;22862;22863;22864;22865;14832;84239;10053;27582;21293;17599;10054;153223;135673;149524;135097;53493;73213;72392;136341;76868;76867;76869;76866;72416;72391;56754;53492;142596;12295;92627;62974;63476;46738;137364;138149;138150;148825;138151;153806;52045;58483;144790;148360;126603;19750;52536;22410;11691;11713;31130;54615;49110;15556;24322;10663;144791;22159;106203;121509;50677;13751;19770;11104;11017;10679;69934;69933;111754;25292;19751;51094;51093;51095;110553;110554;121037;39463;12638;18261;36185;32319;24670;84086;139785;155305;47605;47606;58591;103789;103114;104126;103219;11655;70447;18200;10438;45433;45432;35351;47801;47800;47761;20745;20746;15783;103115;33480;34325;35450;12217;35372;11951;55883;15753;33447;11002;31658;72779;10595;58182;106137;106138;136411;103647;145073;87593;87594;87595;157842;87596;34111;17631;59959;40875;35373;147947;22235;111529;106050;155350;117358;124029;117359;21214;22366;31116;44059;38926;24711;22315;22475;21662;58747;58748;58745;58746;33446;10057;11338;11386;27856;27857;29925;32433;66239;83113;67192;70742;74222;71858;92786;105411;73967;66240;93561;74223;73968;71859;77810;83114;92787;72802;100682;10953;42818;86322;59852;10058;17991;10059;19309;19238;71177;24903;27535;74089;27855;21778;99689;95882;11344;97995;11394;29801;15514;12241;22482;109142;11933;44920;22481;42058;72704;33925;32506;24244;24242;24243;33482;24018;70294;66755;81319;73160;100934;86445;93197;90198;99762;101396;117884;101397;124239;154728;131764;137079;137365;137055;31643;42978;69430;69400;38928;66527;45122;42979;18505;20926;14772;20925;31466;21559;12287;109208;12013;111604;119833;35029;51185;131730;135187;144756;139206;148956;148955;70411;80442;68905;90265;10450;10451;11631;20869;141781;141780;154967;18254;12086;26915;21023;154966;14234;34769;58183;70545;90027;93650;56693;56692;35717;63324;63691;71144;73634;72102;84291;85652;89682;134979;135757;62678;64990;71145;72103;73635;76619;77186;78511;79386;81975;84292;85653;86673;89683;107088;78515;94051;91781;92495;95026;97942;99690;101063;102714;107089;108688;124176;109344;111599;122349;123006;124698;118307;121214;126952;132340;134702;136745;137636;140766;140765;143126;143274;148896;148935;149999;151932;152533;155559;156863;153402;158095;159145;158982;122449;109041;24264;18639;24265;92626;24266;18638;70920;18641;92355;39365;42254;32325;128551;35751;89684;33274;18640;136927;11625;14198;31731;11997;27057;10833;18565;18566;18567;10060;11751;136928;18568;18569;18120;110555;15453;21092;20253;11075;33926;22312;18222;46692;66395;21555;20129;11805;23624;18461;21621;18479;33856;22299;20069;31650;43099;16061;11022;12233;42833;11100;16044;52482;22305;40349;11976;69471;26185;24355;13845;18617;136766;149062;11946;11505;12118;10061;34369;45065;136767;51141;12062;12269;45109;35760;34349;39805;34221;47022;44938;61709;63338;33397;31850;31851;22903;31863;19428;42412;43030;20349;83813;45120;54613;14375;21039;24021;23636;10928;10933;10510;11093;22253;18393;83814;31720;29927;11908;15720;45023;81604;15719;14358;10062;20727;20394;64458;66033;64457;46198;46197;46199;46200;63245;41607;135096;109941;153800;119499;112037;112038;112039;112040;112041;112042;112044;112043;112045;117665;112046;118799;121249;122973;105752;81816;101025;76572;11758;59656;59655;73317;20750;23652;20321;16469;50511;19689;55995;61491;83474;61489;109042;119305;130465;61490;96956;101110;95921;95922;57918;73372;95923;73370;73373;77632;77633;77634;77635;79720;77864;85545;85544;74368;77304;81342;84640;84402;90422;93716;96961;77631;64703;101530;108405;103382;77303;112193;64701;138601;64702;108713;55732;111528;150504;78823;153805;69982;94163;83032;70727;87309;91813;104178;62946;62945;45371;38206;35462;35467;40849;40850;73921;40851;73349;84163;91131;101846;101847;104380;104897;106562;109683;117809;121232;122717;76149;135179;135924;132018;101304;103818;107222;112211;121064;122649;143422;150049;150048;139749;73348;139750;139751;136421;101305;106849;58003;94513;104389;94514;104390;94515;102036;104391;102037;72336;149643;72335;10609;11473;14805;12095;88145;45006;18532;90191;149501;99169;90427;99170;99172;99171;154138;18362;62351;22493;11409;19552;11812;22494;24814;155470;52974;26014;76311;25080;22129;22128;22196;22195;22127;22126;22133;25296;76310;31357;25295;45344;45345;10063;11656;11619;38651;105255;35611;20958;20957;61995;61996;11497;11197;35716;23724;18537;24733;18536;22160;61610;61611;61609;85448;58290;10361;10570;10064;151191;154814;151190;16223;147171;108804;10558;77026;108799;108800;108801;152458;108802;11889;23640;18416;46783;51861;53856;62734;77055;107149;125737;128036;128553;129470;135311;149260;104815;127100;11828;12232;16111;51179;66373;24267;20211;16250;22412;51675;51674;14664;30253;65688;65687;47135;53512;14682;34237;25899;11538;11644;11449;10065;19418;150945;80119;133510;88390;122552;137913;139813;91525;97499;118614;110056;126393;141516;105434;132549;134956;118615;97758;96052;126394;94344;150477;95374;122553;91838;129308;118616;97864;88703;105435;118617;147628;97443;118618;94765;140615;104187;118598;105398;147626;142318;132550;91053;118619;124206;136128;95959;136129;135013;100134;136130;104303;154697;105466;129075;151462;138228;97476;144346;118620;132551;88428;95960;118621;152819;96053;118622;97091;129076;144096;118623;87786;157382;152816;94345;104366;137377;132552;91327;139814;134918;93200;89973;96054;147637;119732;138229;132553;151461;137914;105399;126395;118599;118624;124418;151495;118625;105467;156827;93255;156848;151498;118626;154685;151460;146409;93030;147905;104188;129598;122432;127495;92845;105436;136131;118627;78119;78120;78121;91141;97306;88917;78122;78123;154678;78124;88429;118628;132554;105400;95961;126396;139815;154698;132555;118629;78125;78126;154701;118630;156833;88870;123027;142038;118600;122958;123028;136132;92846;118631;97419;78127;97151;91201;139816;78128;78129;78130;97901;97359;78131;88430;97477;78132;78133;146410;87743;104189;78134;125417;78135;78136;78137;86003;78138;78139;88431;78140;78141;78142;78143;78144;78145;78146;78147;95962;105333;78148;78149;78150;78151;78152;88432;78153;78154;95937;123029;78155;146413;78156;78157;84450;123030;96106;78158;78159;78160;88531;93971;78161;78162;78163;78164;83477;86004;78165;118632;78166;86005;78167;78168;78169;78170;78171;144341;93696;78172;78173;138819;78174;78175;78176;78177;78178;78179;78180;78181;78182;154679;78183;78184;78185;79670;78187;78188;143112;100135;78189;78190;118633;78191;78192;78193;83004;105735;78194;78195;78196;83502;78197;78198;78199;78200;78491;86006;80256;80257;78660;78696;78697;127496;91617;78835;84451;78877;137676;133625;79340;80447;85945;79601;79732;79602;79644;79603;79587;86007;79604;79809;79605;79606;79733;79891;85946;79892;80038;80059;80108;81608;80231;92383;92384;81557;80309;97671;80529;86008;88582;80891;92528;86009;81558;83148;156835;88433;85947;81303;81390;81391;141185;86256;81609;118634;82671;88434;82576;86271;86272;82513;141173;85948;97420;82539;82577;119731;88435;82672;85949;86257;82673;125683;85963;83005;82905;82931;82932;83006;85950;83038;86026;83749;85951;99203;93135;95938;84010;91202;85771;154702;93256;85952;93850;85916;111708;86010;91367;85953;85917;85918;88064;88436;91368;84966;86011;85054;88437;86012;84627;99238;85954;86013;91507;86014;91579;88065;85131;88847;85518;93915;88811;88812;105510;94655;91328;91301;88813;85607;85852;91398;93084;101938;88814;85697;85853;85708;86015;85854;85855;85856;85889;85857;85890;91329;85891;85932;119894;91432;97307;138230;86109;97308;91302;95963;86187;91433;97531;87902;86358;86330;118635;86407;86619;86449;97560;87903;88438;91330;156824;88815;91313;88439;91314;91448;91315;86773;86729;86796;86774;136133;99048;147636;107135;123977;149078;95939;88848;144363;118636;126397;104190;93100;154686;155624;139704;119793;99920;118601;118637;93257;118638;92667;135014;138652;126398;110057;126399;118639;139817;97152;105401;123136;144103;118640;132556;91434;101491;100179;118641;154700;94646;92876;142359;90455;118642;136208;104687;146388;99641;136209;134957;104304;97401;101492;92707;126400;132557;104191;87787;118643;104107;97838;118644;151466;152776;100180;149081;94984;119818;87660;91861;94449;100000;118645;121439;122763;132558;97444;129309;95717;90324;119733;95940;156826;132559;136134;124419;118602;127078;97153;154690;100181;118603;95941;91142;151463;139818;122764;122554;118646;144344;132560;144364;87904;142043;95942;123031;132561;139819;156831;118647;91580;129310;105437;118648;129307;154703;118649;124420;132562;119895;118650;156828;97445;129311;157297;126401;91143;122765;119696;146403;139820;104192;132563;156843;144358;100136;95035;118651;87432;156834;97421;147633;87905;129312;138395;105438;91694;125480;137915;105402;88849;118652;122433;119697;154682;94147;104108;92847;147631;104305;146390;136135;105403;154699;154672;132548;152825;142523;121440;137916;154680;118653;146405;95900;151499;118654;118655;105439;88851;107136;156829;147632;132564;118604;105404;118656;94647;123032;97478;95964;95718;97360;97154;91054;129313;146611;93839;94408;136136;127497;95400;94985;134958;152827;124464;93247;154674;118605;118657;148278;139821;97422;97361;91055;138233;132565;144098;118658;150462;94117;124421;132566;118606;93749;104306;88871;96463;127498;126402;132567;157367;147500;97479;139822;154689;100001;152823;149070;118659;91695;153762;119635;152820;95965;127493;150194;159139;123978;118607;144093;139823;101093;152777;144359;118660;97155;100137;142248;118608;92959;139824;136137;147629;78201;100002;96985;87771;118661;137917;78202;103262;142041;136138;156823;78203;154692;118662;105440;97218;138231;152814;122766;142049;126403;91056;118663;154676;147630;144352;143110;118665;118664;139825;118666;118609;101858;129314;118667;86016;105468;118668;122767;93136;124422;147524;136139;118669;88769;135940;97402;78204;124423;91435;144435;95943;118670;155605;91551;104260;97924;78205;88025;118671;125481;133511;132568;97423;93916;129315;118672;144345;88872;156841;97446;90411;149069;118673;92708;100003;95944;90102;144349;118674;150465;87433;94766;105469;144357;118675;118676;99009;118677;118678;137918;103313;93201;152826;147634;154675;118679;97362;93239;105441;132569;101912;100704;154695;123837;93202;88852;136207;111709;118680;127499;156837;123838;118610;122434;136140;94479;95966;125482;97532;132570;118611;118681;118682;104307;119819;156840;97447;99204;121441;143102;118612;118683;104261;78206;147635;145255;87434;100138;155753;94206;100004;132571;139826;147625;147623;156825;101493;139827;78207;93750;90809;151496;107137;144355;136141;94412;105442;91303;142036;132572;144361;88026;99444;88463;126404;94522;154693;156842;134959;118685;118684;119820;88742;132573;100331;91144;92986;118686;104193;132547;122622;154684;125483;88066;88873;118687;118688;142037;154880;132574;146404;154691;88770;136142;88440;97156;94118;118689;133774;97424;118690;95967;143103;118691;93840;126405;118692;78208;136143;100112;136144;104415;78209;118693;78210;78211;155754;78212;147627;78213;88441;157329;126406;154671;154696;94480;146391;95036;99921;138067;101094;147624;93550;156838;134960;78214;118694;152824;94301;88888;96781;94923;154677;95968;126407;154687;118695;104341;138234;139828;119668;95969;135015;136145;126408;144356;105470;112023;100280;126448;154683;125484;104194;103995;100182;142247;87788;93841;91369;110058;88874;118696;127500;150460;110059;132575;146402;142046;91436;118697;154968;104308;118698;129316;154673;78215;101913;78216;93203;152815;126409;150469;118699;97333;86017;78217;118613;104109;95970;132576;78218;78219;91331;118700;140616;104135;137919;142264;95971;90456;92005;132577;156830;78220;124424;100006;105443;151465;154681;118701;78221;154694;105444;105445;158316;78222;78223;96464;87435;100007;94687;138232;146408;124425;127501;146398;136146;94648;78224;78225;129317;154888;87436;97480;149072;100168;122435;92709;140617;156839;78226;92765;140470;132578;118702;99546;132579;90161;132580;152821;127494;156836;101859;94986;104262;118703;87906;152817;136147;124426;139829;132581;104342;152822;132582;125485;88442;119669;101242;100139;126410;97902;88569;89945;78227;154688;105405;122768;96288;78228;78229;138068;137378;101324;129318;78230;118724;105471;78231;78232;91552;81597;151790;102732;76940;151021;85693;102733;73948;73950;73949;138140;76332;76333;148022;78427;59477;95387;97191;73598;76073;32376;30152;35322;11054;10066;18186;15540;10837;20754;60154;15764;10838;10067;39806;39875;21573;43164;13661;13662;13663;13665;13666;13668;13667;13669;13670;13671;13672;13674;13673;13676;13675;13678;13677;13679;13680;13682;62243;13683;13684;13685;13686;13687;13688;13689;13690;13691;13692;13693;13694;13695;13696;13697;13698;13699;13700;13701;13702;13703;13704;13705;13706;13707;13708;13709;13710;13711;13712;13713;13714;13715;13717;13716;13718;13719;13720;13722;13721;13723;13724;13725;13727;13726;13728;13729;13730;13731;13732;13733;13734;13736;13735;13737;13738;13739;13748;13749;13746;13747;13750;13850;14207;14208;14209;14210;13851;14203;14252;15474;14320;14321;14348;14349;14627;14628;14839;14592;14593;14373;14374;14642;14643;14741;14742;14743;14744;14688;14689;14690;14691;14692;14693;14701;14702;14703;14704;14789;14716;14717;14764;14765;14807;14808;15430;15422;15454;15475;15578;15471;15544;15584;15585;62245;62246;15730;15731;15732;15733;62247;15734;15735;15747;15748;15790;15791;15847;15848;15841;15842;15895;15896;15930;15977;15976;15978;15979;15980;16026;16027;16028;16029;16030;16031;16050;16051;16055;16032;16052;16033;16097;16107;16098;16099;16113;62248;16133;16134;16267;16166;16268;16167;16285;16287;16286;20056;20073;20074;20076;20075;20077;20078;20164;20098;20099;20100;20101;20114;20138;20139;16288;20165;20166;16289;20186;20187;20188;20189;20190;20191;20192;20193;20194;20229;20230;20231;20232;20242;20243;20256;16301;20287;20257;20288;20259;20258;20260;20277;20278;20279;20289;20290;20291;20305;20304;20306;20307;20308;20309;20310;20311;20323;16349;16350;20324;20325;20326;20350;20351;16351;16352;16353;16354;62253;62254;16355;16356;16357;16358;16373;16374;16466;17137;16467;19614;19615;19616;19617;19618;19619;19620;19621;19622;19623;19624;19625;19626;19627;18314;18315;18316;19628;18317;19629;18318;19630;18319;19631;19632;19633;18320;19634;18321;19635;18322;19636;19637;18323;19638;18324;18325;19639;18326;19640;18327;62255;18328;19641;19642;18329;19643;18330;18331;19644;18332;19645;19646;18333;19647;18334;19648;19649;19650;19651;19652;19653;19654;19655;62256;19656;62257;62258;18335;19657;19658;18336;18377;18337;18438;18378;18574;18439;18575;18508;18577;18509;18578;18542;19464;18579;18580;18543;18581;18582;18593;18604;62259;18624;18625;18684;19259;18685;19190;19197;19198;19230;16118;19290;16119;19260;19262;19261;19264;19271;19272;19274;19273;19275;19278;19276;19279;19280;19291;19293;19292;19294;19374;19375;19321;19320;19322;19378;19379;19465;19466;19435;19434;19467;19468;19420;19436;19421;19659;19437;19469;19470;19438;19660;19471;19480;19482;19481;19483;19661;19662;19663;19664;19666;19665;19667;19668;19720;19721;19722;19724;19723;19725;19726;19727;19728;19729;19731;19730;19732;19733;19734;19736;19735;19737;19738;19739;19740;19868;19869;19870;19871;19873;19872;19874;19875;19876;19878;19877;19879;19881;19880;19971;19972;19882;19883;19884;20021;19973;20022;20023;20024;20025;20026;20027;20167;20028;24027;20029;62260;62261;62262;62263;20403;20405;20404;20406;20407;20408;20409;20410;20730;20756;20757;20802;20848;20847;20871;24028;24030;24029;20872;24031;20881;24032;24033;20882;20883;24034;24035;24036;24037;20884;24038;24039;24041;24040;20937;24042;24044;24043;24045;24046;24047;24048;24049;24050;24052;24051;24053;24054;24055;24056;24057;24058;24059;24060;20997;20998;24061;24062;24063;24064;24065;24066;24067;24068;24069;24070;24071;24072;24073;24074;24075;21076;24077;24076;24078;24079;24080;24081;24082;21101;21122;21123;21190;21191;21192;21169;24083;21249;21251;21250;21252;21253;21273;21274;21294;21295;21296;24084;24085;24086;24087;24088;24089;24090;24091;24092;24093;24094;24095;24096;24097;24098;24099;24100;24101;24102;24103;24104;24105;24106;24107;24108;24109;24110;24111;24112;24113;24114;24115;24117;24116;24118;24119;24120;24121;24122;24123;24124;24125;24126;24127;24128;24129;24130;24131;24132;24133;24134;24135;24136;24137;24138;24139;24140;24141;24142;24143;24144;24145;24146;24147;24148;24149;24150;24151;24152;24154;24153;24155;24156;24157;24158;24159;24160;24161;24162;24163;24164;24165;24166;24167;24168;24169;24170;24171;24172;24173;24174;24175;24176;24177;24178;24179;24180;24181;24182;24183;27648;62264;62266;62265;62267;62268;62269;62270;27649;24184;27650;27651;27652;27653;24185;27654;27655;24186;24187;27656;27657;24188;27658;24189;24190;24191;24192;27660;27659;24193;27661;27662;27663;27664;24194;27666;27665;24195;24196;27668;27667;27669;27670;24229;27671;27672;27673;24198;24197;27674;27675;27676;27678;27677;27679;24200;24199;27680;27681;27683;27682;24224;24225;27685;27684;24226;27686;24231;24230;27688;27687;24298;27689;27691;27690;27693;27692;27695;27694;27696;27697;27698;27699;27700;27701;27702;27703;27704;27705;27706;24820;27707;27708;27710;27709;27711;27712;27714;27713;27715;27716;27718;27717;24299;27719;24324;24325;27720;27721;27723;27722;27725;27724;27726;24300;27727;27728;27729;27730;27731;27732;27733;27734;27735;27736;27737;27738;27739;27740;24301;27741;24302;27742;27743;27745;27744;27746;27747;27748;27749;27750;27751;24303;27752;27753;27754;27755;24304;24305;27756;27757;27758;24306;27759;27760;27761;27762;24348;24349;27764;27763;27765;27766;27767;27769;27768;27770;27771;27772;24361;24360;27773;27774;27775;27777;27776;24728;27778;27779;24692;27780;27781;24693;24694;27782;27783;27785;27784;27786;27787;27788;27790;27789;27791;27792;27793;27795;27794;27797;27796;27798;27799;27800;27801;24766;24714;28152;24715;28153;27805;27807;27806;27808;24716;27810;27809;28302;24717;27811;24718;27812;24767;24729;27820;28254;27821;27822;28186;28154;28155;28156;28157;28303;28158;28255;28160;28159;24768;24769;28161;28304;28162;28305;28163;24821;28164;24822;28187;28213;24795;28188;24796;28189;28190;28191;28192;28306;28214;24824;24823;28216;28215;28307;28229;28256;28230;24882;24883;28231;28257;24836;28258;24837;24884;28308;24885;28309;28310;28311;28312;28313;28340;28341;24922;29264;24923;28342;28343;30024;29193;28344;24924;25001;24925;24926;28345;28346;29194;28347;29195;29265;25002;24927;24928;29266;30068;29267;29269;29268;25003;29270;25045;29271;25046;29272;29708;29273;29709;30069;29275;29274;29276;25013;29277;25014;25027;25028;25029;29278;25030;29279;29841;29280;29281;29282;29283;25047;29284;25048;29842;29710;29711;30025;30026;29712;29713;29714;29715;25101;29757;29809;29758;29759;29760;29761;29810;29762;29763;29764;29765;29766;29767;29768;29794;29795;25127;25128;25178;25179;25180;25181;25182;25183;25230;25232;25231;25233;25234;25448;25302;25303;25304;25466;25357;25358;25467;25468;25469;25375;25376;25377;25378;25379;25380;25559;25449;25450;25507;25470;25471;25508;25509;25510;25511;25617;25618;25587;25588;25589;25590;25657;25658;25619;25716;25659;25621;25620;25630;25631;25745;25717;25746;25747;25910;25783;25839;25838;25862;25863;25864;25911;25865;25912;25939;25940;25941;25913;25975;25976;25977;25978;25979;25980;26081;26036;26082;26083;26114;26115;26932;26116;26933;27058;26934;26935;26936;27059;27060;27061;27631;27632;27633;27634;27635;27636;27637;27638;28232;27639;28233;28234;29196;28314;28315;29198;29197;29286;29285;29287;29843;29844;30070;29845;29846;30071;29847;29848;29862;29863;29864;29865;29940;29941;29942;29943;29944;29945;29946;30027;29947;29948;30028;29949;29985;29986;29987;31361;29988;29989;30156;30072;31427;30073;30074;30075;30076;30077;30078;30079;30080;30081;30082;30083;30084;30113;30233;30085;62271;62272;62273;62274;36704;62275;62276;31362;34965;34966;37222;30086;37932;36311;30114;37675;36774;30115;35012;36853;35013;35226;35014;36755;35015;35227;37165;35044;37734;35045;35385;30087;37823;36373;35046;38122;35047;35078;37147;35079;35048;35049;35062;35063;35064;36742;37924;35065;37255;35092;35093;35094;37348;30234;35095;35096;35097;35098;37057;37657;37313;35099;30235;37488;35228;36460;37100;38098;36324;38006;37149;35229;35230;35231;35232;36447;36894;35233;35234;35235;37257;35236;35237;37568;35238;35239;35264;35255;35256;36570;35265;35266;37268;36266;36263;37604;35267;37013;35386;35387;35665;35592;30157;30158;30159;30160;30161;30162;30163;30236;30237;30238;31057;31058;30239;30240;31029;31059;31030;31061;31060;31063;31062;31065;31064;31066;31067;31068;31069;31070;31071;31072;31073;31075;31074;31077;31076;31078;31079;31080;31103;31104;31105;31106;31107;31108;31171;31172;31124;31363;31152;31173;31153;31174;31175;31176;31177;31178;31179;31180;31181;31364;31182;31311;31312;31313;31314;31812;31315;31316;31365;31317;31318;31813;31814;31325;31326;31366;31367;31428;31369;31368;31370;31371;31372;31373;31374;31375;31429;31430;31431;31432;31433;31434;31435;31436;31664;31665;31970;31666;31667;31669;31668;31971;31670;31688;31689;31690;31691;32087;31692;31712;31713;31743;31742;31744;31745;31746;31815;31747;31748;31749;31750;31751;31816;31817;31818;31819;31820;31821;31822;31823;31824;31825;31826;31827;31828;31829;31972;31973;31974;31975;31976;31977;31978;31979;31980;32382;31981;31982;32036;32038;32037;32039;32040;32041;32042;32043;32044;32088;32089;32090;32091;32092;32093;32094;32095;32096;32097;32098;32099;32100;32101;32102;32104;32103;32105;32106;32107;32108;32109;32196;32197;32198;33143;32199;32200;32201;32202;32203;32204;33144;32205;32207;32206;32327;33231;32328;32329;32458;32330;32331;32332;32333;32334;32335;33232;32336;32337;32338;32339;32340;32341;32342;32343;32344;32459;32345;32346;32347;32348;32349;32460;32383;32384;32385;32387;32386;32408;32410;32409;32411;32412;32413;32436;32414;32437;32438;32461;32463;32462;32464;32465;32466;32468;32467;32469;32483;32484;32486;32485;33078;33079;33080;33081;33082;33083;33112;33113;33114;33115;33116;33117;33145;33146;33147;33148;33149;33150;33179;33180;33181;33182;33184;33183;33185;33221;33222;33233;33234;33368;33369;33235;33370;33236;33237;33238;33259;33261;33260;33262;33263;33264;33371;33372;33373;33404;33405;33406;33407;33408;33409;33410;33411;33412;33413;33414;33415;33416;34124;34421;33417;33418;33453;33454;33455;33456;33457;33458;33459;33468;33469;33470;33535;33839;33514;33515;33536;33516;33840;33517;33518;33519;33537;33520;33521;33538;33539;33540;33541;33542;33543;33553;33554;33555;33569;33841;33842;33765;33776;33766;33767;33768;33777;33769;33770;33778;34172;33843;33844;33845;33846;33847;34100;33883;34101;34102;34103;34125;34126;34128;34127;34129;34130;34131;34132;34133;34134;34135;34137;34136;34138;34139;34422;34140;34279;34142;34141;34143;34144;34145;34147;34146;34148;34149;34150;34173;34174;34175;34176;34177;34178;34180;34179;34181;34182;34183;34185;34184;34186;34187;34203;34204;34224;34225;34226;34227;34280;34282;34281;34423;34283;34284;34305;34285;34286;34287;34306;34313;34307;34314;34308;34309;34479;34341;34342;34377;34376;34343;34344;34356;34357;34378;34379;34380;34381;34425;34424;34426;34427;34451;34452;34480;34454;34453;34455;34481;34710;34456;34711;34493;34482;34483;34494;34495;34670;34671;34673;34672;34674;34675;34712;34701;34676;34677;34713;34681;34683;34682;34684;34702;34703;34705;34704;34758;34706;34759;34707;34714;34746;34715;34747;34716;34717;34721;34722;34824;34748;35016;34749;35017;34750;34825;34760;34761;34774;34775;34776;34777;34778;34826;34827;34828;34829;34830;34831;34832;34833;34834;34835;34837;34836;37315;37735;36933;37326;35388;35389;35390;37525;36641;35391;37912;37801;35392;35393;35394;35395;35396;35397;36344;35398;35438;37219;37826;37803;36411;35399;37860;35400;36222;35455;36929;37875;35593;37157;35456;36767;35404;35439;35440;37773;35464;35441;37947;37071;35457;38129;38028;35666;37560;36322;35465;41973;42374;41974;41975;42375;42072;42073;42121;42122;42123;42267;42074;42268;42124;42152;42376;42153;42125;42126;42269;42127;42270;42128;42377;42154;42155;42156;42157;42158;42444;35466;42445;42446;42447;42448;42271;42192;42193;35693;42194;42449;42195;42272;42273;42786;42274;36971;42378;42881;42379;42275;42276;42882;42277;42278;42279;42280;42281;42787;42827;42297;35560;42935;42380;42381;42382;42383;42384;42385;42386;42401;42400;42965;42402;42403;42883;42884;42450;42451;42452;42453;42936;42901;42902;42903;36779;42802;42803;42804;42805;42806;42807;42984;42904;42905;42906;42907;42985;42845;42846;42848;42847;42849;42986;42988;42987;37553;44877;35561;42885;37289;43008;42908;36882;43113;42909;42910;43327;42911;37279;43328;42937;42938;42939;42941;42940;42942;43114;42966;43370;43371;47167;43115;35594;44878;43611;43602;43090;43329;43009;43010;43011;43012;43013;43372;43014;47168;43032;43591;35595;43033;43034;43116;43035;43117;43612;43036;43118;37680;37960;35596;43330;43091;43092;43373;43119;43103;43120;43121;43122;43123;43124;43126;43125;44879;43331;43165;43166;43332;47169;43603;43604;47170;43333;43334;43335;43336;43337;43338;43339;43340;43341;35734;43374;43375;44880;44881;44882;43592;43593;43606;43607;44883;35597;43594;43595;37881;37378;35604;35667;36955;35668;35669;37920;35670;36489;36702;35671;35735;36304;37466;35694;36913;36301;35781;37388;36735;35933;37687;35720;35808;36796;37727;35744;35745;36603;37133;35746;37641;36945;35753;36780;35756;36748;37543;35782;36996;35959;35783;35769;38079;35960;36291;35801;35802;36866;36875;35909;36287;35926;35927;38159;37482;36068;35934;37423;35961;37264;37872;35962;37197;39392;36108;36660;36233;35981;36320;35982;36827;35983;35984;37905;37136;35994;35995;35996;36811;36384;38080;35997;36022;37306;36023;37444;37323;36024;36025;36503;36026;37242;37633;36041;37824;36054;37911;37813;36156;36905;36077;37298;36091;36109;37599;36110;37517;36124;36125;37865;37541;37753;36126;37866;38669;38796;38670;38672;38671;39592;39593;36165;36312;36166;37055;36703;36175;36190;36706;38184;36209;38956;37075;38185;36210;36261;36211;37870;38957;38160;37309;38673;38726;38674;38727;38186;38187;38188;38189;38835;38675;38676;38809;38811;38810;38916;39453;38749;38748;38958;38750;38959;38960;38993;38994;38797;38798;38812;38836;38837;38961;38962;38862;38863;38904;38905;38906;39393;38907;38931;39474;39475;39476;38908;38917;38918;38919;38932;38933;38934;38935;38936;38937;38995;38938;38939;38940;38941;38996;38997;38942;38943;39394;38998;38999;39000;39395;39396;39503;39397;39539;39504;39398;39399;39400;39771;39401;39540;39505;39402;39541;39403;39404;39405;39406;39407;39542;39454;39455;39543;39456;39457;39458;39544;39459;39477;39545;39546;39506;39507;39508;39509;39510;39511;39512;39513;39844;39547;39548;40828;40474;39602;39603;39604;39605;39606;39607;39608;39609;39610;39611;39612;39613;39772;39854;39773;40948;40580;39774;39855;39845;39846;40409;39847;40410;39856;39857;39858;39859;39861;39860;39862;39863;39864;40346;39865;39866;40347;40424;40356;40357;40358;43015;40395;40411;40413;40412;40425;40414;40427;40426;40428;40451;40452;40453;40481;40454;40455;40475;40476;40456;40482;40670;40483;40484;40754;40504;40505;40829;40628;40627;40506;40507;40755;40514;40830;40515;40774;40756;40516;40757;40517;40534;40535;40536;40579;40566;40567;40949;40568;40569;40950;40570;40581;40582;40671;40599;40600;40601;41628;40672;40602;40603;40604;40831;40832;41629;40605;40606;40629;40863;40673;40864;40674;40675;40676;40677;40678;40679;40680;40681;40682;40833;40683;40684;40685;40686;40687;40688;40689;40690;40758;40759;40865;40866;40780;42454;40809;40810;40854;40855;40856;40857;40951;40952;40867;41630;41631;40909;40908;41632;41609;40895;40990;40896;41633;40897;40991;40898;40953;40954;40955;40956;41015;41016;40993;40992;40994;40995;41610;40996;41611;41017;41018;41019;41020;41612;41613;42387;41614;42045;41634;41635;42282;41636;47171;42283;47172;44884;47173;47174;47175;47176;47177;44885;44886;44887;44888;47178;47179;44889;47180;50669;47181;47182;47183;47184;47185;47186;47187;47188;47189;47190;47191;47192;47194;47193;47195;47196;47198;47197;47199;47200;47201;47202;47203;47204;47205;47206;47207;47208;47209;47835;47210;47211;47212;47213;47214;47215;47216;47217;47684;47218;47219;47220;47221;49152;47222;47719;47596;47585;47223;47224;47225;47226;47768;47227;47586;47228;47597;47229;47598;47720;47607;47608;47564;47565;47673;47674;47230;47587;47609;47610;47599;47611;47685;47612;47686;47675;47769;47770;47721;47836;47613;47231;47837;47771;47772;47614;47687;47722;47838;47723;47724;47839;48226;47840;48355;48356;47232;48206;50428;47841;48227;48357;47807;48324;48410;47808;47809;47811;47810;48358;47812;48376;47813;47842;47843;47844;47233;48304;48228;48229;47845;48305;48411;47846;47847;47234;47848;47849;48230;47850;47851;47235;48412;48207;48208;47236;47237;47238;48325;48326;47240;47239;47242;47241;48929;49677;48306;48359;49090;48377;48930;48307;48388;49649;48378;48746;49650;49091;48308;48389;48277;49660;49073;48365;53394;47243;48413;48309;48327;48310;48425;48426;48328;48330;48329;48331;47244;47245;49104;48390;48391;50389;48747;48366;47246;48368;48367;48369;48414;48913;48914;48415;49105;48379;48931;48932;49106;49153;48897;49074;48392;48393;48394;48395;47247;48416;48417;49107;48418;48420;48419;49059;49060;49092;49093;49075;47248;49094;49095;48748;48915;49293;48916;49294;49122;49154;49061;49155;49096;49156;49157;47249;49194;47250;47251;47252;49158;47253;49159;49160;49097;49076;49185;49077;47254;49195;49196;49678;49679;49680;49718;49239;49240;49241;49242;49161;49243;49244;49245;47255;49162;49163;49197;49164;49165;49198;49186;49246;49187;49295;49661;49199;49188;49200;49201;49937;47256;49247;49681;49979;49938;49719;49682;49248;49720;49662;49664;49663;49249;49635;51344;47257;51345;49296;49721;49297;47258;49722;49651;49723;49724;49725;49683;49684;49816;49685;50697;49782;49726;49727;47259;49817;49783;47260;49768;47261;47262;50454;49769;49939;49980;49818;49819;49981;49820;50354;50455;49821;47263;49982;49940;50025;49968;49983;50026;49985;49984;49986;50293;50294;51464;49987;50437;50004;49988;50005;50390;50006;49969;50391;50027;50392;50028;50393;50029;50030;50031;50032;50033;50034;50477;50355;50394;50395;50396;50532;50438;50295;50439;50035;50036;50007;50397;50310;50311;50496;50593;50497;50478;50356;50312;50440;50398;50456;50419;50457;50420;50441;50421;50399;50479;50584;50585;50480;50586;50481;50482;50483;50484;50587;50588;50400;50458;50589;50485;50401;50414;50468;50402;50422;50506;50403;50507;50498;50564;50499;50565;50442;50443;50444;50515;50516;50517;50518;50566;50519;50520;50550;50551;50552;50553;50554;50459;50486;47264;50555;50556;50626;50557;50508;47265;47266;47267;50567;50594;50568;50590;50591;47268;50595;50596;50682;50592;47269;50615;50683;50617;50616;50684;50662;50685;50618;50663;50698;50671;50670;50619;50672;50673;50812;50674;50813;50664;50675;50656;50655;50657;47270;50833;50834;50814;50972;50847;50835;47271;47272;50836;50837;51064;47273;47274;51065;51082;51081;50866;51083;47275;51099;50867;51084;47276;50979;51066;51067;47277;51346;51068;51147;51148;51149;51150;51193;47278;47279;47280;51347;51129;51130;51131;51137;51151;47281;51348;51390;51362;51361;51405;51406;51412;51373;51374;51375;51407;51376;51413;51414;47282;51377;51429;51415;51381;51382;51383;51402;51403;51391;51392;51378;53395;51408;51409;47283;47284;51430;51419;51431;51441;47285;51442;51443;47286;47287;47288;47289;47290;47291;47292;47293;47294;47295;47296;47297;47298;47299;47300;47301;47302;47303;47304;47305;47306;47307;47308;47309;47310;47311;47312;47313;47314;47315;47316;47317;47318;47320;47319;47321;47322;47323;47324;47326;47325;47328;47327;47329;47330;47331;47332;47333;47334;47335;47336;47338;47337;47339;47340;47341;47342;47343;47344;47345;47346;47347;47348;47349;47350;47351;47352;47353;47354;47355;47356;47357;47358;47359;47360;47361;47363;47362;47364;47365;47366;47367;47368;47370;47369;47371;47372;47373;47374;47375;47376;47377;47378;47379;47380;47381;47382;47383;47384;47385;47386;47387;47388;47389;47390;47391;47392;47393;47394;47395;47396;47397;47398;47399;47400;47401;47402;47403;47404;47405;47406;47407;47408;47409;47410;47411;47413;47412;47414;47415;47416;47417;47418;47419;47420;47421;47422;47423;47424;47425;47426;47427;47428;47429;47430;47431;47615;47432;47433;47434;47435;47436;47437;47438;47439;47440;47441;47442;47443;47444;47445;47446;47447;47448;47449;47450;47451;47452;47453;47454;47455;47456;47457;47459;47458;47460;47461;47462;47463;47464;47465;47466;47467;47468;47469;47470;47471;47472;47473;47474;47475;47476;47477;47478;47479;47480;47481;47482;47483;47484;47485;47486;47487;47488;47489;47490;47491;47492;47493;47494;47495;47496;47497;47498;47499;47500;47502;47501;47503;47504;47505;47506;47507;47508;47509;47510;47511;47512;47513;47514;47515;47516;47517;47518;47519;47520;47521;47523;47522;47524;47525;47526;47527;47528;47529;47530;47531;47532;47533;47534;47535;47536;47537;47538;47539;47540;47600;47541;47543;47542;47544;47545;47546;47547;47548;47549;47550;47551;47566;47552;47676;47553;47554;47555;51448;51449;51576;51577;54631;51512;52552;51565;51947;54632;51948;51513;51444;51514;51515;51516;51517;51518;51519;51445;51465;51578;51579;51646;51647;51648;51649;51650;51651;51652;51653;51654;51853;51655;51787;51656;51854;51566;51788;51580;51678;51679;51581;51680;51681;51821;51820;51822;51830;53901;55002;51823;51831;51855;51856;51863;51864;52004;53478;51896;51842;51927;51897;55943;55944;55984;55865;55866;55867;55868;55945;55909;55910;55946;55869;55870;55947;55890;55891;55948;55985;56095;56096;56075;56076;55986;55960;55949;55950;55951;55911;55952;55961;55962;55963;51980;55987;55988;56010;55989;51989;55892;56011;56146;51990;55954;55953;55893;55955;56012;56013;56180;56014;56286;55990;56147;56287;56148;56149;56131;56132;51949;56097;56181;56150;56219;56218;56015;56098;56100;56099;56151;56182;56102;56101;56183;56103;56104;56396;56105;56133;56134;56135;56136;56137;56138;56349;56106;56200;56107;56201;56350;52017;56202;56288;56302;56184;56351;56220;56152;52018;56153;52019;56185;56154;56186;56155;56156;56203;56221;56289;56232;56222;51960;56157;56352;56353;52033;56158;56224;56223;56354;56225;56233;56355;56322;56226;56227;56228;56356;52705;56357;56290;52034;56291;56292;51961;56358;56359;56293;52569;56294;56217;52570;51981;56360;56295;52514;52515;56416;56303;56361;56309;56308;56234;56362;56364;56363;56365;56417;56418;56366;56367;56341;56368;56419;56386;56369;56382;56370;56397;56537;56421;56420;56573;56572;56422;56342;56423;56371;56538;56539;56540;56515;56516;56517;52464;56473;56424;56457;56475;56474;56518;56398;56519;56486;56487;56488;56489;56696;56520;56541;56542;56543;56544;56717;56655;56656;56545;56546;56547;52465;56787;56788;56931;56930;56574;56575;56851;56932;56852;56885;57141;56933;56886;56887;56673;56789;57069;57308;56888;56718;56934;56790;56935;56936;56889;56890;56791;56792;56793;56731;56794;56732;56719;57070;56720;56795;57071;56733;52516;57072;56796;56863;56721;56864;56813;56697;56814;56937;56815;56938;56891;56939;56892;56893;56722;56797;56798;56799;56800;57142;56950;56801;56802;56894;56895;56896;56924;56940;56925;56963;56926;56865;56918;56964;56965;56966;56897;57000;56951;56952;56898;57006;57007;57001;56899;52517;56941;57324;57325;57754;57143;52005;56967;57073;57002;52057;52006;57003;57004;57008;57009;57074;57075;57076;52159;57077;57078;57326;52518;57327;57366;57367;57368;57369;57416;57417;57418;57309;57328;57382;57383;57384;57385;57419;57420;57386;57387;57388;57476;57437;57421;57438;57422;57439;57423;57424;57440;57401;57425;57441;57622;57389;57442;57443;57477;57450;57478;57444;57451;57452;57714;52466;52467;52485;52538;52539;52519;52520;52553;52742;52554;52743;52744;52555;52571;52556;52558;52557;52560;52559;52522;52521;52623;52622;52561;52759;52624;52601;52540;52602;52572;52603;52604;52573;52638;52562;52574;52661;52625;52639;52675;54834;52662;52663;52640;52981;52982;52641;52692;52590;52643;52642;52644;52645;52693;53435;52646;52591;52676;52647;52677;52694;52695;52678;52679;52664;52680;52681;52721;52665;52722;52724;52723;52725;52696;52706;52697;52726;52727;53240;52950;52951;52952;53241;52953;52745;52964;52965;52746;53516;52983;56296;53305;52999;53000;53306;53213;53214;53215;53363;53216;53199;52984;52985;53364;53345;53365;52954;53366;53242;53243;52955;53200;53452;53201;53261;53202;53262;53263;53264;53203;53225;53367;53436;53437;53265;53300;53299;53325;53326;53453;53406;53479;53438;55050;53550;53368;53396;53551;53541;53454;53455;53456;53457;53458;53459;53460;53461;53552;53462;53553;53480;53481;53463;53517;53518;53497;53519;53464;53508;53520;53465;53466;53467;53498;53554;53560;53499;53555;53556;53521;53557;53522;53561;53562;53537;53563;53849;53606;53607;53564;53565;53609;53608;53816;53566;53610;53567;53578;53611;53635;53634;53612;53817;53818;53627;53834;53835;53613;54286;53614;53863;53864;53644;53645;53615;53865;53866;55386;53902;53903;53904;53850;53836;53851;54944;54292;54293;54608;54609;54294;54295;54572;54573;54633;54574;54634;54957;54635;54575;54296;54297;54576;54636;54824;54907;55051;54975;54908;55052;54909;54910;54976;54637;54911;54912;54913;54835;54836;54837;54958;54914;55387;54977;55003;54946;54947;54915;54916;54917;54959;55053;54978;54948;54949;54960;54961;55054;55055;54950;55056;54962;54963;55004;55005;55006;55007;55057;55147;55058;55148;55059;55149;55150;55492;55008;54979;54980;55493;55494;55151;55495;54945;55152;55061;55060;54981;55153;55154;55062;55388;55389;55155;55390;55391;55156;55392;55393;55578;55675;55676;55394;55475;55476;55425;55496;55461;55412;55463;55462;55464;55579;55580;55465;55466;55556;55426;55842;55427;55497;55545;55871;55428;55498;55499;55525;55526;55654;55655;55599;55600;55527;55601;55602;55546;55557;55581;55558;55528;55559;55500;55560;55501;55582;55529;55656;55595;55561;55596;55657;55583;55603;55604;55611;55562;55658;55659;55660;55661;56108;55662;55738;55612;55677;55678;55680;55679;55739;55740;55750;55751;56016;55872;55663;55873;55752;55874;55875;55876;55807;55741;55760;55808;55753;55742;55843;55743;55766;55767;55744;55771;55777;55844;56297;55778;55772;55779;55781;55780;55754;55782;55783;57544;57584;57545;57453;57563;57479;57564;57565;57566;57546;57590;57715;57716;57591;57592;57547;57623;57703;57624;57670;57644;57548;57625;57549;57645;57609;57626;57717;57694;57695;57718;57610;57671;57627;57672;57611;58461;58462;57755;57756;57781;57782;57783;57784;57673;57674;57897;57719;57815;57828;57881;57898;57816;57829;57865;57899;60006;60007;59972;59973;59826;59940;59974;57757;59975;59941;59976;60069;62724;62725;60070;60071;60128;60073;60072;60074;57866;60157;57986;57867;60158;60122;61416;61465;60123;57987;60075;60129;60130;60131;60113;61417;61383;60143;60144;60132;61384;60145;61418;60146;60147;60148;61419;60149;61466;57868;60133;61385;61386;61420;61421;61387;61442;61467;61468;61422;61423;61469;61470;61471;61472;61496;61473;61424;61474;61475;61476;61497;61477;61425;57817;61498;61499;61500;61579;57882;61580;61663;61664;61521;61556;61581;61613;61582;61628;61583;61665;61666;61667;61684;61614;61685;61615;61616;61629;61630;61631;61632;61633;61634;61635;61636;61637;57900;62128;58013;61584;61686;61668;61669;62129;62130;62131;62132;61601;61697;61698;61699;57901;61602;61687;61688;61755;58014;61700;61670;61671;61672;57902;62133;61673;61674;62134;62135;62136;62017;61701;61702;61756;62018;61776;61777;61778;61703;62137;62138;61757;61758;61736;61737;61638;61738;58120;57952;61779;62050;57869;58121;57953;58122;61739;62139;61724;61759;62140;62019;62141;62020;62021;58123;57954;62417;62142;62143;62189;61761;61760;62034;62035;62144;62145;62146;62147;62051;62052;57903;62053;62190;62191;62148;62149;57904;62150;62151;62152;62153;62154;62155;62157;62156;62158;62159;62160;62161;62162;62163;62164;62319;62192;62320;62165;62321;62322;58015;62323;62166;62324;57965;62378;62377;62294;58044;62226;62167;62227;62295;62325;57966;62418;62326;62397;62327;58045;62328;62329;62330;62331;62228;62332;62789;62333;62334;62335;62336;62229;62230;62441;62337;62231;62232;62442;62233;62338;62193;62443;62339;62398;62296;62399;64083;62297;62234;62550;64440;62790;62654;62419;62420;62421;62525;62526;57905;57906;62400;62449;58016;62527;62567;62454;58017;62502;62668;62455;58018;62528;62655;62456;62529;62530;62600;62531;62470;58046;62486;62568;62645;62551;62569;62601;58047;62532;62533;62534;63195;62726;62602;62535;62603;62604;62605;62727;62606;62570;58048;62696;62487;62697;62536;58049;62646;62656;58050;62503;62537;62538;62647;62552;62749;62657;62658;58079;62607;62839;62648;62670;62669;62671;62779;62608;62610;62609;62672;62873;62673;62750;58252;62765;62728;62729;62698;62863;62822;62823;57988;57989;62699;58187;62751;62752;63029;57990;62766;62767;62730;62824;62825;62768;62840;62841;62826;62827;62864;62865;57967;62889;62842;62753;62828;62829;62754;62769;58188;58019;62843;62912;62844;62874;62845;58080;62846;62875;62847;62848;62849;62950;62850;62951;62876;62851;62852;62830;62877;62894;62878;62831;62853;62854;63101;62879;62895;62896;62952;62855;62880;62881;63007;63008;62882;63102;62883;65531;62913;62970;62971;62914;63208;58149;63030;62915;62953;58189;62954;63031;62955;63032;62978;63033;63034;63035;63009;63051;63010;63037;63036;63038;63039;63040;63041;63127;63081;63282;63042;63043;63044;63045;63128;63103;63046;63082;58098;58253;63083;63084;63052;63085;63086;63129;58020;63130;63087;63088;63047;63172;63131;63053;63011;63054;63196;63307;63089;63012;63013;63014;63173;63090;63048;63055;63138;63139;63140;63056;58150;63233;63209;63141;63142;63057;58151;63234;63132;63235;63175;63174;63176;63246;58051;63247;63177;63178;63179;58152;63248;63482;63143;58153;63133;63210;63180;63189;63197;63249;63198;63250;63483;63211;63212;63236;63213;63237;63238;64882;63239;63484;63214;63251;63327;63252;63274;63253;63387;63254;63215;63181;63360;63328;63275;63255;63276;63485;63486;63277;63487;63488;63513;58155;58154;63361;65180;63489;63308;63490;63216;63240;63491;63309;63524;63458;63492;63278;63310;63283;63329;58156;63493;63363;63362;63494;63375;63495;63336;63311;65823;63388;63496;63389;63343;63391;63390;63330;63497;63393;63392;63498;63499;63500;63376;63377;63378;63394;63400;63459;63501;63460;58157;58278;58124;58158;58125;58126;58159;58160;58686;58190;58305;58191;58254;58306;58255;58256;58279;58622;58307;58623;58280;58257;58308;58281;58161;58282;58258;58296;58259;58297;58418;58309;58364;58463;58260;58464;58310;58311;58366;58365;58367;58368;58369;58370;58312;58371;58346;58372;58687;58542;58543;58487;58336;58337;58373;58405;58374;58406;58375;58544;58376;58488;58465;58419;58688;58689;58420;58545;58377;58466;58546;58467;58489;58468;58547;58548;58690;58691;58549;58624;58625;58626;58550;58627;58692;58551;58730;58421;58694;58693;58695;58668;58469;58470;58553;58552;58554;58696;58697;58698;58699;58731;58669;58700;58701;58702;58703;58704;58705;58706;58707;58708;58709;58779;58628;58629;58630;58631;58632;58555;58633;58924;58634;58635;58636;58637;58638;58780;58781;58710;58782;58783;58732;58733;58711;58805;58712;58784;58785;58818;58819;58820;58821;58856;58639;58786;58822;58713;58714;58857;58858;58715;58955;58925;58787;58926;58996;58788;58789;58823;58824;58825;58826;58827;58755;58834;58835;58859;58956;58860;58979;58861;58997;58909;58910;58911;58912;58885;58886;58887;58957;58914;58913;58915;58958;58960;58959;59256;58888;58836;58980;58927;58928;58929;58930;59098;58862;59071;58931;58932;58916;58881;58933;58934;58935;58961;58863;59257;59079;58998;59080;58970;58917;58936;58981;61585;58918;59258;59450;58999;59259;59000;59001;59099;59002;59004;59003;59005;58919;59006;59100;59007;59008;58971;59022;59101;58982;59260;58983;58962;59023;59261;59081;58984;59331;58985;61478;59262;59198;59024;59025;59263;59264;59199;59082;59265;59072;59266;61479;59102;59217;59267;59268;59269;59270;59200;59201;59203;59202;59271;59204;59219;59218;59272;59295;59273;59531;59332;59296;59962;59333;59297;59274;59298;59205;59276;59429;59483;59277;59299;59278;59300;59301;59334;59335;59336;59337;59279;59338;59339;59389;59340;59280;59341;59342;59344;59343;59345;59346;59415;59379;59347;59348;59350;59349;59351;59352;59417;59416;59418;59419;59420;59421;59431;59430;59432;59433;59434;59571;59572;59532;59435;59353;59511;59533;59573;59512;59513;59484;59485;59486;59436;59437;59514;59390;59515;59487;59534;59535;59574;59536;59537;59538;59539;59661;59391;59540;59575;59576;59541;59542;59488;59543;59544;59545;59438;59840;59688;59689;59690;59691;59422;59577;59578;59579;59580;59581;59582;59799;59546;59662;59800;59720;59663;59664;59950;59692;59693;59694;59695;59665;59696;59951;59697;59801;59698;59547;59548;59841;59699;59739;59666;59842;59942;59549;59550;59740;59802;59741;59804;59805;59742;59806;59743;59744;59807;59808;59827;59943;59745;59944;59978;59977;63628;63627;63629;63502;63503;63504;63630;63583;63461;63514;63525;63505;63526;63527;63515;63649;65229;63528;63631;63529;65230;63530;63531;63632;63506;63507;63516;63517;64084;63508;63509;63518;63532;63650;63651;63462;69819;63633;64365;64366;63634;64367;63635;63510;63533;63636;63652;63653;64085;63654;63655;63624;64368;63656;63657;64398;63658;63659;63660;64086;64251;64252;64087;63584;64253;63585;63586;63661;63587;64399;64254;64400;64265;64266;64267;64460;63625;64255;64268;64256;64441;64369;64371;64370;67261;64269;67262;64372;67263;67264;67266;67265;67267;67268;67269;67270;67271;67272;67273;67274;67275;64088;67276;67277;67278;64270;67279;67280;64271;67281;67282;67283;68985;67284;67285;69288;67286;64272;67287;64273;64373;67288;67289;67290;64274;67291;67292;67293;67295;67294;67296;67297;64275;67298;67299;67300;64276;67301;67303;67302;67304;64277;67305;67306;67307;67308;67310;67309;67311;67312;68998;67313;67314;67315;67317;67316;64442;67318;64278;67319;67320;67321;64401;67322;67323;68999;67324;67325;67326;67327;67328;64402;67329;67330;67331;64403;67332;64404;67333;64405;67335;67334;67336;67337;67339;67338;67340;68860;68986;67341;64443;64406;69061;69000;64444;67342;69001;68890;68882;68883;68884;68885;68886;68887;68891;64445;64494;68892;68893;68894;67343;68895;64495;68972;69023;68896;68897;64407;69002;69003;64408;69004;65168;64409;65169;68861;69005;68987;69006;68988;69007;68989;68973;68974;64410;69024;69026;69025;68975;69027;70202;69062;69198;69199;69145;69146;64672;69147;69063;69064;69148;69149;69095;69150;69151;69152;69216;64446;69200;69201;69202;69203;69204;69153;69205;69085;69028;64592;69206;69207;69208;69209;69086;69217;69186;69355;69187;64447;69188;64411;64412;69210;69248;69211;64413;69403;69249;69380;69356;69289;69290;70203;64414;69298;69299;69381;69382;69300;69357;69358;64415;64416;69359;69360;69361;64417;69291;64418;69362;69383;69363;69292;69364;64257;69384;69385;64419;69386;69387;69388;69404;69389;69405;69365;69302;64420;69390;69391;69406;69407;69408;64461;69409;64593;69410;69411;69392;69393;69394;69460;64448;69461;64462;69485;70204;69450;70909;64463;69486;69782;64449;69783;69524;69525;64464;64450;69815;69462;69772;69527;69526;69436;69784;69528;69463;69529;69451;69531;69530;69532;69533;69452;69498;69773;69534;69487;69535;69543;69544;69774;69488;69785;69775;69793;69792;69536;69537;69886;69820;69887;69821;69545;69961;69805;69962;69963;69814;69857;69858;70048;70049;69896;70041;69897;70042;70050;70028;70029;64513;70051;70052;70043;69964;69965;64514;70053;70054;64496;70055;70030;70031;69910;70032;69966;69849;69967;70033;69859;70149;69911;70056;64497;64477;70035;70034;70057;64594;70044;70058;70045;64595;64538;64596;69917;70081;70059;70082;70106;70083;70150;70151;70107;70108;70152;64539;70153;70154;70155;70036;70061;69968;70060;70296;70037;70156;70205;70062;64540;70157;70504;70593;70046;70003;64597;64598;70063;70356;70064;64599;70038;70047;71542;70235;70065;70357;64600;70345;70206;70236;70237;70238;64541;70207;70158;70278;64542;70208;64543;70180;70358;70159;70279;70239;70280;71543;70297;64601;70181;70298;70304;70305;70359;64544;70808;71544;71545;70240;70209;70505;71081;70418;70506;70281;64545;70282;65231;70360;70361;70376;64546;70404;70377;70419;70405;70406;70420;64602;70421;70422;70423;70424;70425;70426;64673;70362;70427;70428;70528;70429;70407;70408;70430;70378;70431;70507;70508;70509;70409;70861;70510;70814;70927;70432;70410;70638;70637;70511;70928;70929;70433;70529;70639;70434;70512;70815;70435;70436;70816;70665;70666;64478;70549;70817;70550;70653;70654;70513;64625;70734;70655;70514;70640;70818;70819;70809;70641;70642;70667;70643;70668;70669;70644;70670;70810;70820;70821;70822;64515;70735;70823;70736;70700;70645;70594;70824;64868;70774;70775;70987;64733;64650;70671;70825;70826;71056;71057;70750;70776;71058;70811;70786;70827;70787;70788;70789;70812;64603;70930;70828;70829;70723;70813;70830;70751;70831;70939;70832;70839;70833;70862;70840;70931;71082;70841;70790;64674;70910;70863;70955;70864;70988;70989;64869;70834;70956;70957;70911;70912;70990;70992;70991;70993;71083;64651;70994;71059;64554;71060;64664;71061;71062;66337;71063;71064;71065;71066;71084;71085;66338;64665;70958;71086;64675;64676;71181;71142;71067;71147;71148;71149;71956;71150;64547;71151;71403;64677;71068;71404;71069;64548;71183;71182;64899;71405;71406;71407;64549;64883;64550;64604;72402;71087;71143;71326;64678;71247;71327;71328;71248;71408;71409;71410;71411;71255;71184;71279;71280;71281;71282;71358;71222;71413;71412;71775;71329;71359;71330;71360;71414;71415;71417;71416;71418;71249;71381;71361;71362;71363;71283;71185;71419;71364;71587;71331;71421;71420;71422;71423;71443;71256;71382;71250;71476;71475;71383;71384;71851;71284;71444;71503;72110;71504;72096;71477;72111;71478;71479;71480;71445;71852;71481;71482;72097;71853;71446;71484;71483;71546;66339;71547;71548;71447;71619;71365;71385;71776;71777;66340;71332;71549;71620;71550;71588;71551;71386;71552;71589;71590;71754;71448;71785;71591;71449;71592;71621;71622;71623;71625;71624;71626;71593;71633;71634;71638;71594;64734;71755;71505;64735;71854;71595;71596;71770;71765;71756;71758;71757;71597;71766;71759;72867;71760;71598;71761;71767;71768;71599;71639;71903;71640;71627;71600;71601;64736;71602;71771;64737;71803;71788;71789;71790;64738;73870;73871;71804;71805;71868;71869;71870;64900;71871;71872;71873;64854;64855;64856;64974;64870;64871;64884;64872;64739;64679;64975;64940;64976;64740;64977;64857;65600;64978;65081;64858;64979;64741;64980;64981;64982;65587;65232;65588;65034;65035;65233;65036;64983;64997;64998;64941;64999;65000;65234;65001;65002;64984;65065;65037;65038;65040;65039;64901;65532;64985;65589;65657;64986;65645;65181;65182;65646;65619;65590;65620;65235;65621;65236;65591;65647;65658;65534;65533;65535;65536;65659;65066;65537;65538;65592;65713;65183;65593;65772;65559;65539;65636;65637;65648;65649;65671;65773;65594;65662;65650;65663;65774;65622;69189;65825;65824;65745;65746;65747;65748;66724;65749;65750;65751;65752;65753;65754;65755;65756;69229;65664;65758;65757;65775;65759;65776;65777;65813;65814;66005;65933;65858;65953;65826;65830;65831;65859;65832;65833;65954;65834;65760;65835;65836;66006;65837;65778;65860;65838;66591;65839;65861;66241;65956;65955;66242;65961;65815;65962;66160;66161;66162;65963;65964;65827;65965;65971;65966;65972;65828;66163;65973;65974;66007;66008;66164;67344;65934;66398;66399;66400;66376;66377;66378;66165;66218;66181;66009;66183;66182;66191;66166;69212;66207;66208;66219;66220;66258;66038;66039;66167;66010;66011;67345;66040;66184;66243;66209;66244;71553;66221;66168;66259;66260;66222;66261;66223;66245;66246;66282;66283;66262;66263;66224;66362;66363;66247;66248;66297;66249;66298;66320;66309;66299;66322;66321;66323;66324;66284;66364;66365;66366;66310;66592;66679;66432;66433;66703;66704;66379;66367;66385;66386;66639;66640;66368;66501;66401;66369;66434;66435;66453;66452;66387;66388;66502;66593;66503;66594;66380;66436;66595;66529;66530;66596;66531;66454;66532;66533;66597;66598;66599;66577;66578;66534;66579;66580;66725;66487;66641;66642;66680;66643;67346;66600;66681;66601;66604;66605;66606;66644;66607;66619;66645;66646;66647;66648;66649;66650;66682;66651;66653;66652;66654;66655;66656;66683;66684;66657;66685;66686;66688;66687;67347;67348;66727;66726;66728;67349;66729;66620;66621;66622;66623;66793;66624;66625;66626;66608;66627;66658;66609;66628;66610;66611;66612;66613;66743;66744;67350;66730;66745;66731;66746;66732;66747;67351;66748;66749;66733;66750;66751;67352;67353;66794;66629;67354;67355;66752;66753;66795;67356;67357;66796;66754;67358;67359;66797;67360;67361;67362;67363;67364;67365;67366;67367;67368;67369;67370;67371;67372;69218;67373;67374;67375;67376;67377;67378;67379;67380;67381;67382;67383;67384;67385;67386;67387;67388;67389;67390;67392;67391;67393;67394;67395;71912;71913;71914;72047;72048;71915;71916;71800;71917;71920;71921;71922;71923;72027;72028;71918;72189;71904;71919;71905;72012;72013;72120;72121;72307;72308;72441;72442;71957;71958;71959;72221;73535;73536;72014;72112;72113;72015;71981;72249;72250;72122;71982;72222;72123;72124;72125;72126;77586;77612;77782;72127;77783;77922;77784;77785;77786;77787;77608;77675;77866;79341;72049;77613;79342;79343;72029;77764;77788;77789;77790;77791;72030;77867;77765;77766;77868;77792;77793;77794;72031;78093;77869;77676;77677;77870;77795;78398;77796;77923;77924;78399;78400;77871;77925;77797;72137;72190;77926;77927;77872;77873;72269;77767;77974;77928;77929;77930;77798;77932;77931;72191;72050;77933;77975;77934;77935;77997;77936;77874;78241;78242;78048;78049;78243;78094;78050;77875;77937;77938;78051;78095;78052;77876;77939;78703;77940;77941;77942;77998;78053;78054;78368;77943;78369;78096;77944;77999;78370;78371;78000;78564;78001;77945;78055;78244;78245;78097;78098;78246;78247;78056;78099;78248;78249;78100;78372;78373;78101;78374;78565;78375;78102;78376;78566;72192;78377;78057;78378;78103;78379;78380;78058;78250;78251;78252;78401;78402;78704;78786;78381;78567;78787;78568;78382;78752;78705;78788;78492;78403;78629;78706;78789;78493;78630;78790;78791;78494;78569;79389;78631;78792;78632;78793;78682;78683;78794;79067;78795;78796;78797;78799;78798;78800;78801;78802;79068;78803;79191;79084;78571;78570;78581;78661;79085;78582;78572;78662;78707;78708;78709;78573;78862;78574;79390;78633;78710;78711;78575;78712;78576;72223;78610;78713;78804;72224;78726;78899;78805;78806;78807;78714;78808;79086;79069;78727;78715;78863;78728;78864;78809;78810;79070;79071;79087;79256;79088;78900;78901;78902;72225;78716;79192;78903;78729;78904;79257;78905;78906;78811;79193;78907;72226;79072;78812;79073;79089;79090;79194;79195;79391;79258;79091;78813;79092;79093;79196;78814;79094;79074;79095;79075;79096;79236;79097;80362;78865;79076;79237;78866;79238;79392;79098;79077;79099;79100;79078;79239;79314;79315;79316;79259;79317;79260;72309;79344;79261;79345;79262;72356;79240;79671;72357;79263;79747;79763;79264;79764;79393;79765;79318;79265;79394;79395;79748;79396;79766;79893;79565;79894;79767;79749;79895;79768;79698;79319;72310;79363;79397;79699;79645;79646;79769;79770;79771;81343;79672;81655;79398;79896;79897;79673;79647;79648;79898;81344;79773;79772;79607;79649;79650;79399;79400;81345;79674;79651;79675;79676;72251;79652;79677;79678;79679;79566;79653;79654;79608;79700;79774;80363;79899;79776;79777;72252;72270;79422;79778;79701;79900;79779;72154;79780;79702;79655;79703;79781;79782;79783;79704;79784;79750;79785;79786;79751;79752;79787;79788;79901;79902;79775;79903;79789;79904;79905;79705;79906;79907;79908;79910;79909;79911;79912;79913;79914;79915;80060;79790;79916;79917;80089;79918;72311;79919;79920;79921;80128;80129;80130;79923;79922;79791;79924;79925;80364;79926;79706;79792;79927;79928;79929;80131;79930;80132;79931;80365;79932;79933;79934;79935;80366;80090;80336;79936;79937;79938;79939;80061;79940;79941;79942;79943;79944;79945;79946;79947;80133;80062;80258;80367;80232;72443;80063;79948;80134;80368;72444;79949;81346;80135;80136;80402;79950;80137;80369;80138;80287;80370;80064;79951;80091;80139;79952;80233;79953;80140;80141;80337;80142;80143;80144;81347;80403;80288;79954;80234;83066;80338;80092;80835;80065;80836;80066;80404;80405;80235;80067;80068;80406;80339;80372;80371;80340;80236;80341;80373;80259;81581;80374;81837;80342;80260;80261;80375;80289;80290;80291;80343;80376;80344;80293;80292;80294;80463;80295;80296;80345;80297;80346;80145;80347;80146;80348;72715;80298;80349;80147;80237;80422;80310;80423;72716;72376;80377;80378;72403;80311;80312;80313;72377;80314;80315;81956;80316;81957;80317;80318;80319;80321;80322;80323;80320;80324;80325;80326;80327;80379;80380;80381;72445;72446;72462;72378;72447;72379;72463;72404;72405;72406;72407;72408;72516;72253;72517;72518;72448;72648;72593;72449;72358;72450;72464;72465;72451;72519;72360;72359;72466;72380;72520;72752;72623;72381;72624;72539;72545;72544;72540;73030;72783;72784;73422;72625;72785;72786;72521;72626;72628;72627;72629;72649;72631;72630;72522;72523;72524;72525;73310;73031;73032;72541;72650;72651;72526;72652;72654;72653;72759;72695;72674;72546;72547;72760;72632;72675;72761;72548;72762;72763;72656;72764;72765;72787;72766;72753;72788;72657;73537;72789;72767;72913;72806;72807;73140;72754;72914;72887;72888;72889;72915;72890;73107;72916;72917;72868;73033;72968;72969;72869;73034;72970;72971;72972;72973;72870;72891;73035;73108;73036;72871;73037;73038;72918;73109;73039;72892;73040;73041;73217;73042;73086;72974;73087;73110;73043;73044;73045;73141;73165;73142;73143;73166;73046;73144;73145;73146;73240;73257;73423;73167;73193;73168;73047;73169;73311;73048;73194;73312;73195;73170;73313;73258;73259;73260;73261;73352;73171;73314;73424;73353;73241;73354;73262;73218;73242;73746;73355;73356;73263;73357;73358;73359;73264;73360;73361;73362;73363;73425;73426;73364;73365;73366;73265;73315;73502;73503;73538;73504;73505;73506;73367;73925;73926;73539;73507;73540;73541;73542;73543;73544;73427;73428;73429;73600;73601;73430;73602;73545;73658;73508;73546;73772;73509;73547;73659;73660;73603;73627;73692;73548;73773;73774;73693;73694;73695;73696;73972;73697;73698;73699;73628;73729;73700;73701;73629;73630;73716;73702;74017;73717;73631;73775;73776;73703;73747;73730;73749;73748;73731;73750;73777;73778;73807;73808;73809;73810;73811;77061;73812;73813;73814;73704;73815;73816;73846;73845;73872;73873;73874;73875;73876;73817;74382;73927;73877;73928;73847;73929;73878;73879;73897;73930;73848;73818;73898;73819;79793;79346;73973;73952;73998;73953;73954;73955;74130;73880;73899;74109;74110;73999;73956;74000;74001;74002;74383;74018;74165;74166;74046;73957;74167;74003;74111;74281;74282;74112;74198;74199;74113;74047;74131;76092;74048;74168;74132;74049;74169;74170;74133;74050;74174;74178;74177;74179;74180;74200;74201;74228;74229;77092;74230;77093;74236;74384;74237;74231;74238;74175;74385;77103;77104;74232;74386;74257;74387;74388;74389;74390;74391;74392;74393;74394;74396;74395;74398;74397;74400;74399;74401;74402;74403;74316;74317;74404;74405;76093;76094;74406;74407;74408;74409;76095;76096;74410;74411;74412;74413;74414;74339;74500;74501;74503;74502;76151;74340;74341;76097;74478;76173;76098;76099;76100;76101;76152;76153;76263;76058;76264;74504;76083;76059;76420;76419;76209;76174;76175;76102;76210;76220;76221;76176;76133;76222;76265;76266;79794;76691;77768;77769;76374;76478;76334;76325;76326;77946;77947;76624;76421;76625;76223;76267;76350;76351;76352;76607;76268;76692;76370;76371;76363;76327;76539;76375;76391;76300;76392;76335;76393;76328;76376;76395;76394;76329;76859;76353;76860;76479;78383;76422;76377;76466;76483;76467;76540;76484;76396;77345;77346;76485;76541;76486;76542;77062;76468;76845;77063;76514;76608;76609;76693;76626;76627;76628;76629;77203;76610;77204;77205;76611;76846;76847;76848;76849;77064;76612;76850;77065;77206;76875;76851;76876;76877;76978;76878;76613;76979;76861;76862;77066;76918;76917;76920;76919;76718;76852;76980;76921;77770;76853;77094;76863;76981;77105;76982;77067;77068;77069;76983;77308;76984;77309;77310;77207;77070;77208;77209;77311;77440;77071;77223;77072;77210;77224;77268;77073;77095;77106;77225;77226;77312;77231;77347;77313;77314;77232;77948;77107;77392;77108;77211;77393;77394;77227;77348;77349;77350;77351;77228;77441;77442;77352;77353;77354;77269;77359;77233;77360;77361;77423;77424;77395;77396;77397;77425;77426;77398;77362;77399;77400;77443;77427;77771;77444;77678;77445;77446;77428;77772;77447;77449;77448;77587;77481;77482;77483;78038;77949;77588;77363;77589;77450;77590;77484;77591;77592;77429;77430;77614;78583;77800;77799;77593;77615;77594;77559;77595;77616;77451;77617;77801;89123;80448;80530;89124;80531;89125;89126;89127;89128;89129;80532;83920;80892;80575;80533;80576;89130;89131;80449;80450;80837;80893;80894;80451;80873;80464;80465;80974;80452;82306;80534;80874;89132;80535;80875;82626;82625;89133;80895;80536;80896;80876;80838;80975;81057;81058;81059;80839;80897;81610;89134;81611;81007;81060;81008;81091;89135;80976;81348;80977;80978;81092;89136;89137;89138;89140;89139;89141;89142;89143;89144;89146;89145;84374;84301;81529;84375;84453;84452;84454;84376;84455;84456;85282;84512;84513;84475;81530;85283;84457;84840;84458;84459;84514;84460;92046;84476;84515;81093;84678;84461;84477;84516;84517;84478;80979;84479;81190;85083;85084;81212;84679;85085;81151;84437;84480;81132;80980;84841;84901;84518;84519;84481;84680;84842;84520;84521;84682;84681;84773;84774;86312;84749;84750;84683;84684;84775;89147;81191;84776;84685;84843;84777;84686;84687;84688;84751;84752;84753;84778;84779;84844;89148;85086;84845;81133;85055;84902;84846;85056;84847;80981;84848;84903;84850;84849;81152;84904;81112;84967;85057;84689;84851;84968;85058;84690;84969;85087;85059;84691;84692;84852;84905;80982;84853;81153;85060;85061;81213;84854;89149;81349;85062;82596;84855;85132;85088;84906;85089;85063;85064;84907;85090;81170;85091;85092;85093;85065;84908;85094;84909;81061;85095;81171;81172;85133;85420;85421;85284;85285;85467;85286;85307;85468;85287;85166;85167;85389;85168;85288;85390;85289;81173;85290;92047;85169;85134;85170;85171;85548;85549;85358;85244;85308;85309;81094;85310;85311;85312;85313;81214;85314;85315;85359;81095;85316;85360;85391;85361;85362;85392;87959;85317;89150;85469;85363;85570;85364;85393;85470;85365;85471;85472;85473;85665;85550;85474;89151;85475;85476;85292;85291;85551;85552;85422;85318;85423;85394;85424;85553;85478;85477;85709;85591;85554;85479;85555;85592;85556;85425;85727;85480;85571;85811;85666;85481;85572;85482;85667;85668;85557;85659;85669;85558;85559;85670;86683;81215;85638;85671;89152;89153;85672;85812;85673;85813;85674;85814;85815;86684;85816;85698;85817;86313;85772;85818;85819;85675;85676;85677;81113;81216;87059;87060;87061;86331;86027;85678;85919;85773;85920;85820;85821;85728;85822;81114;81217;85824;85823;86028;85825;81115;81218;85826;85964;85900;85899;86029;85774;85827;86258;86128;85828;81350;85829;85990;85989;86158;85830;86159;86160;85831;86129;85934;85933;86031;86030;86032;85955;86161;85956;85892;86259;85832;86033;81351;86319;85921;85935;85936;86034;85937;86035;85938;85939;86036;85940;89154;86037;86038;86039;86797;86798;86799;86040;86041;85922;85923;86042;81174;86228;86229;86230;86231;86051;86232;86052;86643;86644;86273;86260;86233;86261;86077;86053;86274;86110;86130;86235;86234;86078;86054;86043;86275;86131;86055;86162;86163;86164;86165;86167;86166;86168;86169;86170;86171;86172;86236;86237;86173;86174;86685;86111;86376;81352;86262;86333;86332;86113;86112;86263;86264;86114;86175;83039;81192;89155;81219;81353;89156;81354;81355;81838;81356;81357;81358;81359;81220;81361;81360;81362;81363;81364;83194;83195;89157;89158;81221;81411;81410;81392;81393;81365;87113;81451;81452;81453;81454;89159;89160;89161;89162;89163;89164;89165;89166;89167;89168;89169;81366;89170;81394;89171;81367;82747;81414;81455;81456;89172;89173;82273;82274;81457;89174;81427;81582;81583;81428;81429;81531;81415;81458;81430;81431;81839;81584;81459;81612;81585;81586;89175;81796;81705;89176;89177;89178;89179;81613;81614;81532;81533;81656;81657;81840;81678;82723;82724;81679;82933;81841;81706;81658;89180;81707;81708;81709;81710;89181;89182;82540;81842;89183;81797;82541;81711;81615;81616;82542;81712;81680;81713;81843;89184;89185;81714;81681;81617;81682;89186;89187;81715;81716;81844;81845;89188;89189;89190;89191;89192;89193;89194;89195;81846;81717;81847;81848;82307;81849;81850;82275;89196;89197;89198;81851;89199;81852;81853;82276;82674;81854;81855;82277;82675;89200;89201;81856;81857;81858;81718;81859;81860;81958;92048;82543;81928;81861;89202;89203;81929;89204;81930;89205;81959;81862;82049;82544;81985;82050;81986;81863;81864;82748;89206;81865;89207;89208;89209;81931;82051;82433;81866;81960;89210;81961;89211;82052;82053;81987;82054;82278;89213;89212;89214;81988;82279;82280;89215;89216;89217;89218;89219;89220;81989;81990;82281;81991;82055;82056;81992;82725;82308;89221;82676;81993;82309;82310;81994;82677;82934;82545;82282;82434;82057;82283;82435;82436;82284;82285;82546;82547;82437;82059;82058;89222;82935;82438;89223;82060;82439;89224;82548;82440;82441;82442;82443;82061;89225;82311;89226;82866;82597;82598;82599;82749;89227;89228;82600;82549;82601;83821;82726;82602;82936;82840;82867;82937;82550;82603;82604;82727;82938;82868;82939;89229;82940;82605;82627;82606;82607;82608;82941;82551;85185;82552;82869;82553;82942;89231;89230;89232;82609;82750;82943;82728;82312;82610;82611;82944;82841;82945;82612;82444;82554;82946;82555;89233;82556;82613;89234;82947;82647;82648;82614;82649;82628;86408;82870;82445;82678;82629;89236;89235;89237;89238;82948;89239;82679;82630;89240;82871;82872;82950;89241;82729;83196;82951;85560;82949;82615;85561;82952;82953;82954;82955;82557;82616;82730;83309;89242;82956;82873;82874;82751;82875;82958;82957;82960;82959;82961;82962;82963;82752;82876;89243;82877;82878;82879;82880;82731;82964;86265;82881;82965;89244;82842;89245;82680;82966;82882;82883;83007;83008;82967;82968;83067;82884;82885;83009;83121;83089;82886;82887;83310;83090;83010;83149;89246;82969;82970;83311;83011;82971;84910;83012;83150;82972;83013;83151;82974;82973;82888;82975;89247;89248;89250;89249;89251;89252;89253;89254;83152;82889;82976;83014;89255;89256;83122;83123;83040;82977;82978;83041;83015;83042;83822;83017;83016;83043;83018;83197;83091;83068;83019;83070;83069;83020;83021;83071;83124;83022;83072;83125;83312;83092;83023;83198;83093;82979;83044;83199;83313;83200;83126;83202;83201;89257;83203;83073;83074;89258;83075;83204;83205;83076;83127;83314;83077;89259;83206;83207;89260;89261;83078;83128;83208;83209;83315;83750;92049;83210;83751;83211;83079;83316;83237;83094;83238;83212;83317;83213;83239;83318;83319;83153;83129;89262;83240;83214;83320;89263;83241;89264;83215;83321;83216;83382;83322;89265;89266;89267;89268;89270;89269;89272;89271;89274;89273;89275;89276;89277;89278;89279;83217;83154;89280;83218;83219;89281;83220;83221;83222;83323;83548;83324;83223;83549;83224;89282;83225;89283;89284;83242;83325;83790;87512;83326;83550;83383;83384;84302;84303;84304;83226;83385;83227;83228;83386;89285;83890;83327;83503;83478;83337;83504;83505;83551;83823;83891;83824;83825;83387;89286;89287;83338;83339;89288;89289;89290;83340;84305;83921;83552;83479;83341;83342;83480;83388;89291;89292;89293;89294;89296;89295;89297;89298;89299;89300;89302;89301;89304;89303;83553;83826;83481;84856;83892;83827;83828;84857;84095;83829;83830;83831;83791;83506;83893;83832;83507;83833;83508;83834;83509;83835;89305;83836;83922;83894;83923;83895;83896;83897;83924;83837;83838;84027;83898;84028;83899;89306;89307;83839;83925;83926;83927;89308;89309;84096;84029;83961;83928;84030;83929;84031;83930;83931;84032;84033;83932;83933;83996;83934;84034;83997;84064;84035;83998;83999;84036;83935;84172;84173;84000;84001;84002;83840;89310;83900;84065;84097;84098;89311;84037;84038;89312;89313;89314;89315;89316;89317;89318;89319;89320;89321;92050;89322;89323;84039;84040;84041;83962;86409;86410;89324;83936;84099;83937;84066;89325;84174;83963;83938;89326;84100;89327;84101;84102;84103;84042;84175;89328;84176;84177;84178;84858;84859;84306;84179;84180;84181;84307;89329;84131;84278;84067;84279;84280;84377;84281;84308;89330;84309;84310;89331;89332;84311;84312;89333;89334;84462;89335;84313;84378;84379;89336;89337;89338;89339;89340;89341;89342;89343;89344;89345;89346;89347;89348;89349;89350;89351;89352;89353;89354;89355;89356;89357;89358;89360;89359;89361;89362;89363;89364;89365;89366;89367;89368;89369;89371;89370;89372;89373;89374;89375;89376;89377;89378;89380;89379;89381;89382;89383;89384;89385;89387;89386;89388;89389;89390;89391;89392;89393;89395;89394;89396;89397;89398;89399;89400;89401;89402;89403;89404;89405;89406;89407;89408;89409;89410;89411;89412;89413;89414;89415;89416;89417;89418;89419;89420;89421;89422;89423;89424;89425;89426;89427;89428;89429;89430;89432;89431;89433;89434;89435;89436;89437;89438;89439;89440;89441;89442;89443;92051;89444;89445;89446;89447;89448;89449;89450;89451;89452;89453;89454;89456;89455;89457;89458;89459;89460;89461;89462;89463;89464;89465;89466;89467;89468;89469;89470;89471;89472;90639;92796;92645;94745;93258;92052;92225;94987;92766;96347;95299;96019;90128;89879;94767;94207;94769;94768;90208;92053;90946;96196;92054;89473;90640;95972;94988;93972;90898;89795;92668;90372;93441;96197;94208;92055;94989;95668;92848;90810;92056;93622;90947;94770;93724;95542;89880;92226;94057;93259;92797;94990;92227;94771;89474;90641;92228;95669;90209;93487;94772;95543;95611;90948;90325;89475;94773;92057;94656;90642;92058;93137;94774;93872;89881;94481;96348;96614;94775;90011;94776;93101;90373;89476;92229;94777;89477;92059;95726;92230;95578;90012;94746;90034;96198;89478;89796;94778;96289;89479;96349;90643;91057;92231;90949;93571;89480;93873;94924;92385;89481;94991;90412;95300;94523;90326;89482;95401;92589;95402;89483;90327;90726;89484;89485;92060;92061;92062;96350;90035;89486;92063;94413;90210;95945;94779;93973;89487;92064;89488;89489;94119;93623;92232;90950;95487;93874;95403;90457;94780;89490;91058;90951;93138;89882;93204;91059;92233;89491;89492;92234;94688;89493;92065;89494;90374;92066;89495;93572;96199;92067;92732;92068;95670;94590;92767;95363;95671;90458;93624;93102;93875;95404;90727;90328;90930;89496;95655;89699;92069;92684;89497;94992;89498;93488;89499;94235;92070;93876;92071;92072;90728;94781;90644;92798;93917;95488;90211;89500;94993;94657;92235;94782;92236;89501;93260;96107;94783;93625;89502;93355;94784;96200;92073;89503;92877;94785;96055;90413;96167;93877;94994;93878;92074;89504;92710;94786;92075;94024;93326;89505;89506;93573;95458;93489;89507;93327;90729;94995;95672;92329;92237;93085;95673;92799;94614;89508;93918;92076;90072;90129;92238;96156;91060;92077;90689;93031;92615;92590;94120;94787;89509;96157;93055;94788;92239;89510;92240;94789;90931;94996;89511;95037;89512;90459;89513;92078;90811;90329;96108;92241;95446;90952;90130;93974;92079;92080;94790;90645;90646;94791;92081;90036;89514;94997;93574;90013;92082;94792;94793;92242;93490;94998;89515;95579;90131;92646;94236;89516;94482;92083;96020;96273;96109;94483;96201;89517;89518;90730;92084;89519;94999;89520;94794;89521;94615;92085;90375;92086;89522;94795;92878;89523;92243;94658;92244;89524;93020;90256;89797;94747;90132;92245;92087;93086;95447;92441;89525;94796;94797;92529;92733;89526;90953;92669;92879;89527;92987;94798;92246;92088;89528;94025;92089;88464;92247;89798;95000;92090;89529;94799;92530;93139;92988;92531;90162;93261;92091;94800;94801;92386;95375;95901;90516;92330;90954;95301;89530;94484;94802;89531;93262;92849;89532;92092;90899;92093;89533;89534;89535;90212;92971;94058;95674;89536;89537;90955;93879;95302;89538;89539;94803;94804;92616;92094;92248;94805;95675;95303;94806;89946;93421;89540;89541;92095;92249;89542;89543;96202;89544;95001;93140;94121;92647;94807;93087;96203;92096;89545;95304;89546;92097;96204;89547;93626;92098;95002;96290;95580;95448;95003;90103;94524;92989;92250;93975;91061;95489;94808;89548;93627;94809;92617;93628;93880;90037;93881;94457;90731;89549;93751;89550;93670;89551;93882;89552;95405;93575;90956;93919;93103;95778;92880;89947;91062;92099;94925;96205;95779;92251;96351;95459;89799;94026;95727;92100;90647;90038;89553;89554;92101;89555;90104;93088;92252;90957;95676;93056;90690;90460;94810;90812;93021;95376;95780;92102;96168;92800;92103;92253;92532;94185;93725;95004;93726;96206;93671;95581;92442;90014;89556;94811;90732;90039;95490;90040;90648;89557;89800;89558;92533;89801;92104;94812;94813;93057;94814;93920;95728;90958;89559;93022;90517;92801;90213;90649;94059;91063;90214;95491;96319;89560;89561;90813;92105;92734;89562;90376;90461;95544;92106;89883;92443;95677;90959;92254;94689;92107;89563;90650;92802;90282;96465;92670;90900;96274;93058;92108;89564;92109;89565;92830;91064;93629;94815;94816;92803;89566;94485;90462;92110;95612;95678;93089;94817;94818;92387;94616;92255;92256;90651;94819;90691;89567;92388;92476;93672;89884;95415;90652;90814;92534;92804;92111;90215;92112;92257;95005;94820;90653;96207;94821;96733;92972;92113;93921;93141;92444;93205;92114;89802;90414;92258;92259;93551;94209;94414;92115;93976;95416;90960;93422;95006;92591;89568;94822;94823;92116;92117;93491;89569;93576;92118;92119;95781;92260;92768;96110;89570;92445;94148;90961;93423;90463;90105;90692;96021;89571;94824;93922;90694;90693;95613;92120;94825;90695;96022;92121;93883;95007;93059;92261;94826;94828;94827;90330;90331;90962;93424;93923;92881;92805;92990;89572;92535;89700;92262;92122;92123;96208;90963;90464;96169;90733;96023;93977;94591;94829;95782;89701;96209;94027;93328;95008;89573;92124;97157;93329;92263;90654;92264;93924;93901;89574;89575;94830;92125;95009;96210;89576;92265;96211;90769;95010;94831;92266;95729;90734;90041;89577;92126;94832;96320;95679;96111;90655;92671;90216;89578;95011;95305;94486;93330;90656;92648;94833;89579;90735;89580;90964;95012;92389;92960;92127;89581;92390;92735;92331;90217;92973;93630;94834;90465;92128;92267;94835;93206;94836;96158;90965;97533;94926;88111;94837;95013;89582;89803;94659;89583;90966;94487;95406;96212;95492;92268;92269;89584;90133;92129;90657;90770;94617;89585;93090;89586;93263;93978;90042;92685;90967;90968;93425;93142;95829;92270;96466;92271;94838;95493;92130;92272;92446;89587;94839;94840;96615;96159;90218;92131;94841;94842;95680;92132;95830;95681;92618;89588;90219;90658;92850;92273;90043;90283;90044;89702;92882;92536;90466;94843;92391;90659;92274;95306;95730;92672;92133;95682;94844;96352;96112;93925;92134;94028;92806;94845;94618;95731;92135;95902;93631;94210;96353;92275;90220;93632;90969;93752;95614;94122;89589;92276;93979;93727;92136;96213;89590;93032;92137;95460;92138;93926;92277;95903;95582;93728;92139;95494;92278;93633;90284;90875;94846;90660;95904;90815;89591;89592;93634;90221;92140;93884;94847;92279;96214;90816;93143;92280;90736;89593;90222;92332;92736;90377;93927;92141;93577;89594;94848;93980;89804;90518;92961;92619;93356;90970;92142;90842;90971;95732;90015;89595;92143;92281;90415;92282;89596;92144;93578;95583;93357;93885;89597;94849;94488;92283;92145;92146;89598;92284;95683;92285;92147;93579;96170;95783;93207;89599;95784;94186;89885;89600;95684;89601;89602;96354;94851;94850;94852;94853;92286;96215;90972;92649;92686;94854;90416;92148;92287;90257;90467;92149;90163;93673;94211;89603;89886;96056;94123;92883;96057;89887;90224;90223;92477;95685;93635;96216;93886;90225;94124;92150;89604;94855;96113;94856;95905;92711;89605;90519;89888;89606;94261;89607;96024;93426;93636;90973;95686;90468;93637;93208;89703;94187;92807;89608;90417;95615;93091;94748;91065;94660;94857;93928;92151;92152;92153;89609;93929;90661;92154;92155;89610;92156;92288;90737;95584;95946;94212;92157;92158;92592;94858;94859;92620;96670;92159;94661;96355;90134;92289;93981;96171;89611;94860;89612;90738;95495;90901;93887;94861;89613;90469;92808;94525;95947;92160;95687;93930;94526;89889;94862;92161;95973;89614;90696;89615;94237;96025;89616;95014;90974;93753;93888;94029;92162;92163;94863;90332;90817;92650;90975;89617;95449;93358;92164;90258;92165;92549;92166;89618;92167;92168;94489;92169;94030;92392;89619;94864;92290;96114;92171;92170;94490;94865;92333;95496;92291;92172;96275;90285;93331;95688;95038;92173;92174;96217;95461;95015;95497;92175;92809;90697;90226;92176;94080;94867;94866;92177;92292;90698;92178;92179;93264;94868;92293;92180;89620;92181;89621;93638;92393;94690;96218;90662;93359;95307;93754;94213;95462;90333;93265;94869;89890;94870;95689;90227;93427;92810;95690;96115;90228;94871;93729;93060;92182;89622;90739;92394;92593;95407;93639;92294;90378;92183;89891;89623;95906;94662;92184;92185;92186;93492;92737;89624;93982;89625;92187;89805;92811;92334;90976;89626;89627;92621;92188;89628;92189;94749;92295;95016;96026;92190;89629;92191;94872;92296;90470;89630;94873;89631;96027;95785;92297;90229;89892;94874;89893;90663;89632;92812;90230;93493;95017;96219;92298;92192;95691;95616;94592;89633;92962;92193;89634;92738;92299;92194;93889;94875;92622;90073;92335;89635;89636;92300;92769;89894;90471;90977;92623;90379;94876;96160;95308;89806;94877;92301;92195;92336;93890;89637;92302;90664;90231;92447;92196;95907;89704;92197;94031;94878;93332;92198;90843;92337;92303;89638;92199;92200;92201;92202;96161;92203;96220;89639;92204;92205;92206;94879;93266;89640;90045;94125;94880;95908;90978;92207;94881;94882;93209;92304;89641;89948;89642;94883;92208;90472;92209;90016;94884;94885;94886;93210;90473;94750;92210;89643;96356;89705;94887;92212;92211;92712;92305;94262;90520;92306;90046;94888;92213;93333;94593;89644;92673;95733;90047;89645;89646;92307;95948;90740;95692;96162;90779;89647;92214;89648;96291;95498;92215;90048;90232;95545;92216;93931;89649;92217;93580;89650;92991;92218;89706;93932;95417;92624;89807;101494;105196;97839;105803;97237;104343;104468;101495;105379;104755;99486;99141;100485;105804;96671;102182;101558;97672;96616;101559;99174;99404;105805;101560;105806;103609;102326;97645;101325;101561;99405;101095;101562;99922;103581;104147;101914;99255;99049;102098;99256;97158;101961;101563;101564;97500;96845;101068;97746;101036;102021;105807;102375;102932;101496;99487;104820;101565;97053;101860;96886;101566;101962;101567;104589;101986;100261;104821;96672;105808;105809;105810;101568;101569;100740;99605;99987;105705;96499;104443;100603;102376;105811;102377;101570;96964;97448;96673;105124;101571;102450;100183;105812;105813;105814;101572;101177;102022;97159;102793;96674;100434;105197;97784;101573;100729;101574;105380;99050;97160;100307;101575;97449;103097;99142;97334;102378;105815;103098;104404;105816;105817;101825;103883;99743;103433;101576;101497;96782;105818;102327;105819;96887;103884;97335;104725;96675;104344;104688;101577;105820;105198;103996;105821;103149;105822;105823;99676;99051;96846;97616;101326;105511;105824;96467;97238;103540;99293;104590;99923;102379;104591;97161;101578;101579;96705;97239;102506;102380;105825;105826;101580;97803;103885;97481;105827;96357;104726;101987;99642;105828;104710;105125;101581;105829;101795;96734;102716;101582;101988;105472;101014;101583;105830;105831;100854;100741;100486;101584;104756;102631;104822;101585;105126;105832;97240;101586;101587;103886;103099;97450;105833;102086;101588;100072;100968;105834;97241;102381;96571;101589;97759;100604;102892;101590;103887;104941;105835;102024;102023;103888;104823;105836;99677;97673;99052;100184;97451;104976;103889;105381;101591;102382;99423;97242;102933;100435;96706;105837;104148;100855;101592;101593;105838;103332;97030;105706;101498;101122;99606;100185;101594;101915;97452;104149;100856;97162;101595;102383;97243;97163;101596;100857;105199;99696;97674;101499;105839;104150;105840;100308;104592;101500;99988;101597;99406;105361;102934;105841;101989;105842;96500;97244;101598;97675;105843;105844;105845;104405;101599;97700;105846;102183;102893;101600;101601;96986;105847;102246;97164;101602;101603;101604;104646;101178;102384;97804;99607;104536;103520;101605;100969;104593;102099;105848;105849;105850;96965;102087;102601;97336;97968;105851;97054;101606;101990;105852;105853;102385;99608;105854;105855;101607;104594;101608;97031;104793;105856;100820;101609;104151;101610;101501;100186;97337;97676;104595;101991;101611;101212;102935;100187;97677;105857;104596;97701;97309;104444;105473;101612;101613;97032;105127;105858;101992;105859;101614;105128;103333;99407;103582;103100;101502;103890;100073;101861;97925;97702;103541;101615;104059;100821;104597;97840;96735;101916;96572;101862;102451;97760;101616;100562;101617;99643;97363;99408;101618;105860;96501;97617;100188;100436;97364;105861;100361;105862;96783;97165;101619;99143;102717;103101;101620;100008;100074;101776;102386;102452;100309;99488;104598;103891;105863;105864;101621;105707;105200;103542;100332;105865;100437;101503;97033;104942;102184;102387;96358;97903;105512;96888;105866;104824;101537;101622;100742;102894;96987;102602;101863;104977;101623;101624;105867;104263;101625;100970;105868;102185;102895;101626;97425;102088;105869;105870;99924;101627;97166;101179;105871;100487;105872;101628;103334;104825;105010;105873;100743;103892;103543;101629;101630;102453;105874;97678;105875;102025;99409;101631;104416;101632;101633;101634;105876;99955;105877;100488;96889;104110;99239;103583;104445;105878;105879;99718;104152;97534;97805;101993;105880;97167;100605;101994;104794;101180;104826;99609;103610;102896;102484;103544;102454;100489;100009;99547;102936;101635;104978;104757;100310;103893;105881;101504;102388;104758;104195;97168;105882;96538;97169;101636;101637;103434;102983;97535;96934;101864;105883;100189;104309;102389;97703;105884;104310;96736;103894;100971;101638;101639;104599;101865;96737;101917;105885;101640;105886;105887;96784;100858;100190;99053;99144;101641;102455;101213;103895;102390;101995;100438;101642;105888;101643;100730;104727;103896;105889;101644;104153;105890;101866;102551;100822;97338;105891;101645;101054;97865;104689;105201;97245;101123;96935;101181;101646;103435;103335;100490;101647;105892;97806;100798;105893;104060;105894;102552;99054;103263;96936;97170;103897;103232;105895;103898;99319;101648;99257;103117;105896;102391;96988;102794;105897;102247;105898;101649;99489;101650;100626;102392;97171;100228;101069;104728;102897;101651;105899;96539;102456;105900;100744;101505;99678;101652;104111;100191;105011;101996;97679;96890;96891;105446;104406;101653;99697;100563;103899;97704;104311;101243;97453;104600;103611;101963;101506;105901;99272;99145;102393;101654;101655;101997;99175;102827;99445;101656;99410;105902;101182;103612;101998;103264;102718;102047;104827;99719;101657;101507;101999;101214;101327;105903;103336;103393;102603;101658;96617;101659;103150;105904;97454;105447;105905;97866;97310;97867;105906;96937;102898;105202;102000;105907;101660;101015;101661;99146;101508;105908;105909;103664;99989;101662;100192;103545;105910;101663;101664;99176;105911;105912;96359;105129;104312;96468;105474;103546;99411;105913;102328;101918;102394;96573;96892;96321;102100;99610;105130;102937;105914;105915;100606;103199;100030;97785;100745;100193;99205;100823;101665;101796;97172;103547;101666;104729;105131;96893;102212;100311;105519;104711;97069;104601;104345;99644;101667;103265;105475;101668;105916;101669;102001;101670;105917;96894;105203;100010;101671;104417;101672;105918;102604;97646;101673;96738;96502;100746;101674;97926;102984;100972;97482;104154;105919;97501;99412;97246;105500;105920;100491;104795;102275;103233;101675;102605;103102;105921;100824;102457;105922;104196;96503;100731;101070;101676;101677;99679;101678;97705;96895;104225;103900;103901;103613;105923;105924;105925;101679;103902;105926;105927;100564;97590;100229;101680;102795;102458;104469;101681;96966;104264;104602;104603;100492;101682;102770;105928;99611;101683;102395;99424;100607;102002;99413;102026;96540;103314;102485;103997;100493;97365;105012;103103;99680;103436;104979;105929;99010;102396;102027;104446;102828;97969;102459;101867;104447;100194;100859;105930;97173;102606;97786;102397;105204;99177;96847;102003;102004;100333;104418;100011;102486;104419;101685;101684;97536;105931;96504;104796;100312;105932;99191;99320;102829;99414;99055;103437;101686;101919;102899;105933;100494;101920;102900;97618;99744;99321;105205;105934;99490;100195;103548;97706;104690;104691;97591;97502;105132;99745;103998;103549;105935;101687;97426;101868;101688;104313;105936;99612;105937;100075;97868;104604;103614;96989;102398;101777;103903;101778;99056;105938;105939;105940;101689;105013;97970;104112;102028;100076;104448;103234;105941;102607;104155;97070;101244;101690;105942;103200;102608;105943;105133;101691;101215;99491;101692;103151;100732;100825;101921;101509;105944;101693;104314;103521;101694;97619;103438;105945;97247;102487;101695;103950;99681;101124;102985;100077;101696;101697;101698;96896;101779;101699;101700;97339;100230;99548;105946;105947;97537;102005;105382;103550;105948;102609;105949;97680;97174;103235;99273;101701;96967;102213;104828;105950;100747;97427;105951;104197;100196;105952;100733;105953;100334;100078;100973;97503;97841;102488;97034;99415;102719;104156;100079;100197;97681;96676;102089;101869;105134;102460;105954;103337;97483;104346;101071;105955;101702;97428;102461;105956;100608;105957;103551;105958;104980;97175;99258;97248;101183;104605;105959;101703;105960;105961;99645;105962;101704;97761;105135;101538;101705;101706;101707;99057;104157;103338;102938;102399;101708;99549;101709;105963;97176;101797;101510;102796;102400;96677;103904;100080;101710;102276;103439;97561;101096;105383;101711;97429;96707;99416;105964;101712;96897;101245;97647;103118;103339;102029;101713;105965;97648;97538;104449;101714;105334;102048;97927;97071;104606;101870;103037;102830;99492;97455;105476;97311;102808;102489;105966;101328;97539;97249;97682;102901;103665;99613;104158;101715;97177;105967;96739;97869;97340;100734;99746;99147;102006;105968;105969;102720;105708;104159;96678;100012;101072;101028;105970;97620;100495;96574;96990;105971;105972;104607;102610;104450;101716;103340;96360;105206;99493;103104;97649;101717;104730;96848;101718;104315;100627;103615;102214;100031;100013;105973;97621;103366;97178;103201;103905;100198;105974;102721;105207;97683;102401;103951;103266;105975;104160;105976;96785;96849;105977;100032;101719;101922;96679;100335;105978;97622;103906;101720;97971;101721;102186;104451;97179;100199;101780;96505;105136;105979;97762;96968;102402;99322;102007;101964;105980;105981;105384;101511;103616;100231;104608;105982;104829;101246;105983;97540;100033;96361;97541;106077;101184;102403;97763;102404;99148;103952;105984;101512;97684;96898;103367;96680;101722;100826;101329;105985;101871;101723;99494;104347;97430;96740;101724;105986;99720;101725;101726;101727;97250;105477;97504;101728;101729;102507;103236;105137;101037;101730;101731;101732;97505;96991;101733;100439;102490;99614;100281;101734;99721;105987;97870;99550;96469;97764;104830;97341;100336;102632;100860;101735;100440;96969;104609;101923;97072;103105;104831;97842;101736;96681;103394;101513;103341;105385;99446;104610;105988;99108;99323;100748;103552;101737;103267;105989;104981;103268;101185;101738;102136;105990;102215;101965;102831;96708;97707;105386;100735;101872;96506;105991;101739;105014;100337;103269;96362;105992;101740;97787;97180;101741;96507;99925;101038;101216;101742;101781;97542;101743;105993;105501;105994;103617;100338;100749;104407;105995;103440;100362;104692;104316;100750;102277;99324;104832;103342;99447;100014;100034;101744;101745;102049;99495;102329;105996;99747;104505;105171;101873;103907;97055;102832;105997;101039;105998;102986;105999;104452;101746;96470;106000;103618;104833;102405;102248;102462;103908;105208;103553;103106;106001;102463;101782;106002;102686;102722;97685;97623;106003;100363;100200;104161;96508;102464;106005;106004;104506;106006;102902;97456;102406;104834;106007;101874;100736;99425;105138;101247;102611;106008;106009;101747;97181;102612;103107;106010;105736;103619;96899;102050;100609;96682;101748;101783;102613;106011;102008;100751;101749;101750;97543;105139;102614;97624;104943;106012;101751;103554;97484;101514;102903;104611;100705;100201;106013;106014;97182;101752;101875;106015;97056;100364;106016;101753;96509;97686;106017;102137;101754;106018;102723;103108;102009;99748;101755;103202;102407;99149;106019;106020;101756;101757;96741;109350;108305;120199;120200;120202;120201;108306;110573;107153;108612;117891;120203;120204;108790;108907;120205;106611;108423;106987;120206;120207;106021;120208;111235;111766;120209;109559;106022;120210;107154;120211;120212;120213;108491;111469;120214;120215;120216;120217;108492;120219;120218;106905;108665;120220;110299;120221;120222;109817;120223;120224;110625;117813;110425;106906;108732;108855;106698;120225;110667;106634;120226;120227;109702;108666;120228;107155;120229;120230;106416;117488;120231;106274;120232;120233;109818;120234;120235;120236;107156;120237;120238;110597;120239;118072;120240;120241;118100;120242;117716;108908;120244;120243;108909;120245;109703;120246;110574;108977;120247;118409;107107;120248;110613;120249;120954;120250;108493;106110;120251;109704;108613;120252;120253;120254;120255;106078;120256;117925;108268;120257;120258;119106;119154;120259;108494;106417;111236;120260;120261;117531;120262;120263;120264;109004;108910;108667;120265;109705;120266;120267;120268;120269;107157;111767;109221;120270;120271;120272;107158;120273;120274;120275;108614;120276;117959;109094;108699;120277;120278;120279;120280;110387;117960;108668;120281;118159;120282;120283;107280;120284;107159;120286;120285;105709;120287;106023;109416;107160;118045;120288;106177;120289;120290;106988;106024;120291;109706;117371;120292;109819;120293;106510;120294;120295;120296;117646;120297;110166;120298;120299;107007;118334;120300;120301;106275;110300;120302;120303;120304;120305;106025;120306;120307;110689;111799;117372;118896;120308;119107;106821;120309;108495;120310;108347;120311;112067;109740;110821;106322;120312;120313;120314;108307;120315;110949;120316;120317;106822;120318;118857;120319;111558;120320;120321;110912;107161;118160;120322;120323;107027;110690;120324;111619;120325;120326;120327;108911;120328;110626;120329;120330;106511;120331;107162;120332;120333;106730;106418;120334;120335;120336;110698;118897;120337;109434;120338;120339;108836;109285;106907;120340;118579;120341;118841;120342;117717;120343;111237;120344;120345;120346;109820;109590;121072;120347;120348;120349;108856;120350;108615;120351;120352;110627;120353;108496;120354;120355;112169;106908;107281;119126;120356;120357;111238;120358;120359;117438;120360;117961;120361;120362;120363;120364;107028;117926;120365;120366;120367;120368;111397;117927;106823;105710;120369;120370;120371;120372;109048;120373;120375;120374;120376;108775;117507;107125;118940;120377;107029;111239;106026;120378;120379;109095;120380;107008;120381;108818;107030;120382;106594;120383;117718;110388;108616;120385;120384;117489;120386;110426;108617;120387;119155;109873;109821;106079;108669;120388;106824;106419;120389;109741;110930;120390;106027;106512;120391;120392;120393;111539;120394;120395;117647;117532;109005;120397;120396;120398;120399;120400;119156;120401;120402;120403;109096;119243;120404;120405;120406;120407;120408;111710;120409;109286;107163;106028;120410;119291;120411;120412;120413;117299;120414;107164;120415;120416;106635;108497;119244;120417;120418;111470;107138;120419;120420;120421;111047;120422;119127;108837;110913;119055;120423;120424;120425;120427;120426;111240;120428;106029;109874;120429;120430;120431;120432;120433;118101;120434;120435;106909;107165;108424;120436;120437;108498;118941;120438;120439;119245;120440;110400;120441;120442;109150;106057;106782;120443;109222;109351;120444;120446;120445;120447;107166;109707;119007;108499;107167;120448;106058;120449;120450;107009;120451;106825;120452;120453;120454;110167;107168;120455;120456;120457;109708;120458;120459;120460;120461;117892;120462;120955;120463;110168;107169;109519;106910;120464;109560;120465;108670;117439;120467;120466;120468;120469;120470;111398;111241;120471;120472;120473;120474;120475;106276;110209;120476;120477;109417;120478;120479;111242;118102;106513;120480;120481;108308;106514;108500;120483;120482;110575;120484;120485;120486;106030;120487;120488;120489;120490;120491;120492;106515;106178;110931;120493;117962;120494;120496;120495;120497;117839;120498;109970;120500;120499;119108;106080;120502;120501;120504;120503;120505;120506;110251;120507;110538;106277;106081;106420;120508;120509;120510;108618;120511;109520;110301;120512;120513;117840;120514;120515;107031;120516;108912;111399;111711;110252;120517;120518;120519;108425;109561;120520;109352;120521;120522;120523;106636;120524;120525;120526;120527;112098;120528;106516;120529;111522;120530;109926;120531;120532;120533;120534;106278;120535;120536;117300;120537;120538;120539;108776;110520;106279;120540;120541;109287;120542;117814;120543;120544;106323;120545;108309;120546;120547;120548;110427;106638;106637;110822;117648;112099;106538;120549;120550;120551;106989;120552;120553;120554;106731;111400;120555;118475;108777;120556;120557;106539;110169;120558;120559;108501;120560;120561;120562;106990;118103;120563;120564;106540;111015;106031;120565;120566;106878;106032;120567;111712;120568;120569;120570;106826;110327;120571;109006;120572;109562;117490;120573;120574;120575;120576;120577;111471;120578;107032;120579;111243;120580;120581;110598;106517;118809;120582;120583;110668;120584;111620;111559;111768;111472;106518;120585;120586;120587;109742;108502;109822;120588;120589;109743;120590;120591;112100;120592;118046;120593;117508;108269;109353;120594;109563;120595;120596;108503;106519;120597;120598;120599;120600;120601;106911;120602;110401;120603;120604;106280;120605;120606;106281;112051;120607;120608;105596;120610;120609;107170;110428;106912;120611;111244;120612;120613;120614;106082;120615;106282;120616;112068;120617;107033;112234;120618;118960;108388;109288;120619;120620;110950;105737;121073;120621;109823;120623;120622;109971;120624;120626;120625;111048;120627;109824;110170;108504;120628;118047;120629;106179;108913;110932;120630;120631;118842;108505;106639;120632;108619;120633;120634;120635;120636;120637;120638;106640;109018;106283;109382;120639;107077;120640;109875;120641;110253;111016;120642;120643;120644;120645;120646;108914;120647;117963;120648;117841;120649;120650;109223;120651;119157;120652;105624;111473;120653;110914;110060;107171;118123;120654;108506;109354;110210;120656;120655;110576;110061;120657;106033;111475;111474;120658;110951;120660;120659;108426;108915;120661;108572;120662;120663;106827;106641;118314;109709;107010;120664;117440;108838;120665;117612;106642;118410;120666;120667;108348;108778;109435;110669;120668;111713;117373;108733;110389;108734;120669;120670;120671;120672;120674;120673;120676;120675;120677;120678;108857;120679;120680;106828;120682;120681;120684;120683;120685;120686;120687;106520;120688;120689;120690;106421;120691;107172;120692;109803;117374;109418;120693;106913;111989;120694;108916;108671;110823;120695;107173;120697;120696;111245;120698;111361;120699;109591;106914;109564;120700;106083;120701;108791;120702;120703;120705;120704;110402;120706;108389;120707;120708;120709;120710;120711;120712;118104;120713;109151;120714;108672;106915;120715;120716;107034;106084;120717;118580;120718;106284;109224;107011;120719;120721;120720;106937;107174;109225;120722;120723;120724;120725;106285;110577;110788;106643;120726;110670;108735;120727;120728;119158;118241;109419;120729;109903;120730;107175;120731;109420;120732;105738;120733;120734;120735;120736;118181;110789;110790;120737;109710;120738;108673;117622;108700;111714;110302;120739;120740;120741;117509;120742;118242;120743;120744;120745;106111;120746;120747;118243;108390;120748;106644;109972;109711;120749;120750;120751;120753;120752;120754;120755;108427;120756;120757;106541;110171;120758;120759;120760;117842;107035;111476;108779;108736;117375;117719;120761;120762;120763;120764;120765;110933;120766;120767;120768;117843;111401;120769;120770;120771;112101;108839;110671;106112;105711;106085;120772;107036;107176;106542;108349;120774;120773;120775;120776;107012;120777;108917;120778;119019;120779;120780;120781;120782;120783;120784;120785;110952;110172;120786;120787;111990;120788;120789;107037;120790;120791;106465;120792;120793;107013;108310;120794;120795;120796;118843;109876;120797;106645;120798;120799;111246;110672;108674;120800;109152;120801;120802;120803;109226;120804;120805;108428;109744;120806;108675;120807;120808;106086;112186;119020;120809;106595;120810;120811;106646;111247;120812;112235;120813;106113;110328;120815;120814;117964;109592;120816;108311;108780;106180;120817;120818;120819;120820;120821;120822;120823;120824;120825;106829;109049;111477;108701;106466;118244;118725;118245;120826;120827;108918;111769;120828;110173;120829;120830;108312;120831;120832;117720;109421;108620;108978;120833;106596;120834;109189;120835;111770;108313;120836;109973;106568;120837;110824;106286;120838;106958;120839;120840;110599;119159;120841;120842;109804;106521;108573;119128;111715;117533;120844;120843;120845;120846;120847;108737;120848;120849;120850;106783;110673;110103;118335;120851;120852;120853;108676;120854;108792;120855;120856;108919;120857;106991;120858;106114;111654;111621;111716;120859;107038;107177;106422;109712;120860;109825;108677;120861;120862;120863;109927;121074;118048;109805;120864;120865;120866;108920;120867;120868;108702;109745;110303;120869;106034;109422;120870;120871;120872;109423;107282;120873;110329;120874;111717;111017;119008;120875;120876;120878;120877;111718;120879;120880;109746;111719;120881;111595;111248;120882;120883;108921;106830;117510;110273;108819;120884;120885;108350;117965;111560;106992;120886;120887;107039;120888;106647;120889;120890;120891;120892;120893;106035;120894;120895;120896;117534;120897;120898;120899;108621;118898;120900;108678;109747;120901;109436;120902;118581;111249;120903;120904;118899;120905;120906;120908;120907;108622;120909;120910;120911;120912;120913;117491;120914;108922;107040;120916;120915;120917;120918;120919;120920;109227;120921;120922;120923;120924;106648;120925;120926;106423;120928;120927;120929;120930;107108;109748;108507;120931;110915;106784;117301;112102;111250;108679;120932;105739;119009;106522;109928;120933;111251;110674;110211;120935;120934;119129;120936;117302;120937;120938;107041;120939;120940;120941;120942;120943;121332;122650;129319;129508;127502;131194;131785;124369;131195;121137;130291;128431;131332;125931;123098;121235;123472;127103;122555;122978;125228;130032;129829;121373;124465;120964;131706;132636;125418;130775;124346;131440;130033;124466;127869;125486;124467;124468;122273;125177;131196;123137;122103;121487;129599;123033;128561;120965;126353;131786;125419;125838;122274;128084;122070;129600;122830;122556;132778;129601;131707;125645;121442;123034;129602;128562;124469;122039;122623;130475;125420;124470;130613;130776;125646;129603;126130;129077;124471;124599;131088;128126;132637;123035;123693;130777;121075;130778;132638;123801;129604;131787;129394;125375;124472;123036;126706;123759;124473;125906;127503;131441;124474;124475;129830;126794;131573;129320;125421;128432;122979;129540;129170;122520;122275;131839;126411;130919;122436;125422;130986;124723;127870;125647;131442;131089;130779;130476;126591;121138;125648;131443;124684;122769;131708;122276;121169;132111;131333;123534;124685;126225;128396;126131;129417;127931;129698;124308;122795;130780;127932;126014;129078;132639;124476;124724;123568;124477;124478;130477;132112;124284;129605;131250;128563;128480;125610;129606;122071;131251;122354;125229;130409;126795;125271;121258;125860;129607;131252;131444;126796;130292;132779;124600;122557;131840;130781;128039;129608;130478;129609;124244;130293;128397;125932;123099;124479;130294;129949;121076;124040;129610;125423;128535;124480;124781;132640;129612;129611;125743;124207;123802;131253;133111;124699;127504;124347;125649;129027;128564;128127;126354;125178;123037;131090;122558;126055;125611;129028;124481;122725;132641;127505;124482;121318;125785;128398;126355;124483;122559;126797;132642;131037;123569;124484;124485;128128;124177;125179;125744;121139;129613;123535;124660;131254;122651;122437;124348;129418;132407;126015;125745;128885;122104;129419;123760;122105;121170;125907;127506;123473;121194;131334;130782;122277;123570;128129;122455;132348;124041;128433;125960;131143;121443;128434;127507;129950;124725;125908;122406;123038;131709;128399;132083;132643;123803;122322;129509;124486;130295;123138;125650;125230;121444;128744;123474;122456;129079;127104;131445;132027;122278;127508;130296;131446;122796;122880;122652;124349;122197;127509;123694;124487;131447;125424;122407;124488;129951;121519;131788;122040;131789;129767;130479;124489;121236;129614;125425;130297;131038;124490;126356;121333;124285;122106;129395;132644;127871;128400;124491;128565;122279;131710;132028;130410;131091;122681;128566;132645;123761;129615;125318;125180;130783;127824;125684;131574;132646;128130;128652;130411;129736;126798;130298;128295;129080;131168;129616;126969;128481;130299;129541;121319;125231;121077;122408;122409;124350;129699;122653;129617;129618;121217;122410;130300;121237;129831;122134;124492;125319;124601;131197;125651;122072;130034;129700;126530;128401;132327;124493;122438;126132;127510;121259;122654;124494;128040;124569;130480;126799;122624;128784;128567;122560;130301;123100;128785;127511;130784;121260;123139;125861;130987;127933;127512;132737;121374;130614;128568;130481;128131;128435;125652;122980;131199;131198;128296;124726;129420;128132;122355;130785;129321;128786;126970;128623;127872;125181;129029;128569;129619;126800;125426;131711;125427;132647;132648;127934;129171;127513;122561;127514;127935;124495;129109;129620;123039;124496;124570;124497;127079;125653;128787;125654;125909;124782;128436;129510;125182;129621;128570;125272;131092;127936;131790;124245;123040;131039;131335;131448;131791;130074;128571;123839;129511;124498;124499;130075;132328;124500;126357;131093;128788;129542;130786;129622;122198;130302;129623;130920;129624;125786;132408;126449;127825;122682;122323;128133;124370;130237;131169;132113;132649;124501;126515;123475;123476;131200;127515;132329;126016;122797;129625;122280;131094;129626;122073;124502;130370;131336;131255;125299;123140;126516;124783;126838;131449;128624;121577;131040;132114;129627;130303;124503;126358;128402;122981;122281;125428;121488;130412;123477;132780;131792;124504;127937;130787;124505;131450;122135;130788;131041;131741;131144;122521;131201;129366;122881;130789;131793;130352;124371;130304;130790;124506;121140;122282;122136;125862;131337;122074;126658;124507;123041;127516;124208;128572;124727;124178;131095;130305;131145;125655;130988;132651;123571;124427;123804;131096;132652;128482;130989;122439;122625;127517;130306;124508;124509;126517;122982;130482;122440;131146;132650;131097;123572;122798;122522;121578;125273;124510;124511;131256;126659;122075;124686;121579;122076;125746;132781;131451;128573;129628;131452;129832;121334;126518;130791;128574;127518;129367;125656;131712;125429;123805;128085;131042;124571;122283;122284;127519;122655;124512;125863;124513;126660;122371;130307;125430;131043;124372;120966;130308;123042;125274;124514;121401;131098;132029;129081;132115;123762;127826;131841;124516;124515;123478;124572;122726;131453;129629;125864;123101;132653;129630;124066;129543;125275;130483;126839;129631;129632;126412;121078;128297;129030;129421;132116;129633;131202;125787;122285;123043;121238;122286;124042;131713;121079;131203;128483;122077;129802;121080;131454;131967;126359;130035;121195;121489;128134;124573;131338;130615;126017;122983;131455;121320;126531;128789;121375;128041;131170;121081;125183;131456;124043;124517;129322;131171;131714;129323;124373;124518;128790;122356;128484;124246;129952;122078;121580;128575;124519;121261;128485;122562;121445;126994;130484;127938;132654;124520;130485;127939;125300;123141;130486;121141;129634;129368;127520;130309;122626;131044;129635;128886;130616;127105;131204;132084;129953;122107;124428;132117;127080;126080;127521;125910;123479;124010;128978;128625;129636;121262;124521;124522;127081;124523;123763;127940;125376;126264;123840;130487;129637;125685;121321;121490;122079;124700;123142;129638;124524;125612;129544;124574;125911;122287;121322;132782;126661;126995;124525;130488;130310;132783;132118;124351;124011;130311;128576;123764;132655;129512;129324;122523;121263;124602;123806;131257;129325;124247;131339;124661;124526;127873;129639;121082;126265;126313;130312;127522;124603;130489;122108;121239;132784;126801;124527;127523;123044;123045;121264;124528;121562;128437;121520;130792;130490;129422;124529;121083;129082;132656;132270;129640;130313;130314;128577;129110;123536;121265;126360;122627;124530;124531;126314;122288;122411;122628;130793;122457;124532;127524;121171;130036;131715;129833;121266;129701;129641;130491;131099;128486;121267;129642;125377;126532;124067;122563;129834;121376;131716;129643;124604;129326;123537;124179;129083;124533;125933;126662;131100;127525;121268;126056;124180;131457;125431;123143;125657;130315;131742;131842;130316;125686;124701;121402;129644;130317;121563;131101;131458;124784;128578;124248;126663;124575;124534;130990;129031;123046;129645;129702;128791;131045;129835;125747;131968;123841;122984;128067;125320;127526;123047;122934;131258;131794;130794;125865;131102;129646;128487;124535;125658;131103;125961;128579;127527;123765;125866;130795;125748;126133;124068;124536;124249;127528;125232;132657;121084;121085;129478;130037;122564;121491;123766;122565;121323;131717;122799;124576;132030;127529;132409;128488;121377;124537;122289;132119;123048;129647;122800;130318;127530;127082;124538;131459;124539;124785;122566;124540;130319;125487;127874;122357;124786;131460;128745;131718;124044;131205;129032;123480;131104;124541;122041;128792;124250;130320;123807;128793;123979;130321;128626;124702;129648;130796;129327;121086;130797;130322;129649;129650;129836;122683;130798;124687;125867;120989;127083;130492;123049;124542;122935;130799;125432;125962;127875;130076;121269;129513;131105;125613;128653;124251;124605;124543;126018;125233;129651;122164;126483;121581;127531;125788;122080;130800;129768;130493;121492;128794;131575;129652;124544;128489;126664;124577;128580;130323;125378;124045;126361;122458;127084;132658;129653;124069;123573;131106;131461;132659;121582;129803;131046;131462;125868;124545;131843;127941;129769;122199;125184;129654;122290;132120;122567;128581;132660;128582;122629;122324;129655;132661;129837;126802;125912;124787;124546;125710;122200;128583;129033;127532;123695;125433;122568;129034;123050;124548;124547;127085;124012;125659;131969;126803;130801;130802;131172;124549;124550;129737;122684;126707;129857;124551;122081;127533;125185;121196;121270;130324;124606;126134;131463;121271;124552;123051;131107;123538;130803;131464;132662;129703;127534;121142;122985;130804;129858;131465;122082;126533;124553;129656;131206;125186;129035;124554;130325;124688;129423;125434;129657;127535;122524;124578;131047;129111;121446;124555;131108;122137;127942;122862;127536;125789;125660;127537;122569;130991;122727;132785;130326;122083;122882;125276;125661;130327;126996;129424;125277;132663;123052;126665;130137;128490;124252;125790;128438;122138;131147;122358;129172;131259;132664;129658;122986;121493;124703;132786;124556;127538;130038;121197;126840;126804;125435;124607;125436;129112;125869;121218;127943;124352;125234;131207;124181;120967;127944;131048;126362;123808;129113;124689;121198;121494;125870;124557;125321;124558;122728;130328;126226;123767;122139;129770;126805;130353;124559;125345;124728;129659;129660;124876;126135;122656;137920;143353;140542;133008;137786;142228;139554;133701;133420;141489;139100;139879;134184;140543;137102;141879;137103;137921;136677;141756;137922;138820;137210;136148;135367;137787;140759;138069;143307;133881;135368;141873;142291;133563;143255;140544;134127;134455;140545;137923;144618;134919;136149;140760;133231;134578;137211;140226;143177;136414;144963;142045;144488;137156;133817;134456;136293;134985;138821;134128;141870;138396;133775;134986;133818;134882;143176;134435;137420;144834;135985;137104;137105;137842;137924;137677;140227;142587;135369;139676;142356;141874;143291;140063;135986;140668;143137;142586;141269;142857;136432;135726;140618;134684;144546;135418;139256;134920;140546;138397;138398;140105;144612;139705;134457;142520;138861;134987;137379;133112;142197;138530;136150;142527;143330;137732;141522;133659;135419;135987;135420;141510;138108;141282;142957;132787;136678;139343;137106;133421;139706;141384;136151;133702;134185;141245;133564;141881;138109;144615;133422;145016;140812;137380;136433;133423;141186;136531;134246;141277;143326;137107;134247;133232;140813;141283;143173;135988;143598;140761;135209;133882;139299;134129;143405;133626;133627;142182;138399;137788;144031;139431;135104;134988;136434;141900;143139;136294;133565;132876;143183;134130;142927;134248;134096;144828;135989;136210;139931;136953;133883;137678;137679;133735;134989;139707;136838;133367;144669;143171;143325;139677;138400;143140;137108;141289;133368;141280;139257;142668;134249;137680;133369;144347;144183;134131;138822;141520;139212;143344;135105;135990;141270;144957;140669;143458;139880;134250;134186;138110;142624;133819;139586;138531;134132;144135;140547;137574;142581;133566;137421;141876;140619;138235;137422;136435;136592;140506;136532;137423;138476;136377;137733;140670;133567;137109;138111;136839;141139;143149;137110;141317;134990;144246;138532;143106;138401;136415;140620;134187;141887;141909;137111;138163;143356;144536;143227;135991;133424;136934;134458;138653;137112;137157;134991;134961;133568;140608;133736;142160;140304;137158;139778;134251;134436;137159;143189;133113;140548;144124;141880;137925;139632;139678;139258;141299;139881;135421;138823;143261;133569;142338;142637;141486;133884;135992;139633;138915;140621;141267;133009;134579;142283;143294;142666;133703;133570;142617;138193;134685;133010;144830;138477;144319;140622;133885;144163;134635;136935;139679;141285;133737;136211;141555;142955;139259;134133;142517;138824;137113;137424;142580;141296;143464;143515;139101;134134;138654;133571;135106;141892;139102;143436;137009;137926;140671;138478;142669;143196;142835;138402;133886;139634;142518;134992;137010;141300;137765;138112;138916;134354;144038;138366;139432;142614;134333;141902;137114;136436;133114;132788;133572;141896;133233;140623;144479;135370;137160;139390;136378;136722;135727;138862;144487;137681;133776;139708;133887;137425;133660;138917;133234;141518;136988;138403;140672;142541;137843;137865;132738;142564;141907;144325;135993;138825;140228;144701;144611;133011;136295;144717;139260;133573;133888;134097;132789;133012;144654;135260;133535;136379;136152;141485;144132;135711;142947;140549;136593;133235;136954;137866;143334;135210;142621;134840;133425;137115;133426;144482;133236;137212;137682;143135;136679;141268;133777;144225;134252;136755;134841;138579;140305;135597;138863;134883;138404;135422;133115;132877;132739;136296;141894;140229;135598;140106;143293;140230;133574;142013;138113;133575;139523;141527;133576;138533;141882;134993;137426;134135;138864;134055;141140;136437;143129;141187;138194;144134;135371;141273;141509;135211;144030;134459;141524;139761;136723;144500;141274;142533;143351;139587;138865;140673;133443;141141;138405;141142;136936;144129;137116;136380;134136;135372;133013;139932;139882;134842;141930;139736;133704;134188;136381;142205;142841;139344;136153;133889;136680;144730;141188;138406;141101;138826;134580;142847;137734;141908;136840;136841;136681;133116;133577;136632;139261;139213;137161;133578;141875;140624;143188;142171;137844;134884;134137;135994;139345;136779;136594;141515;140550;142193;137867;138866;135212;144617;139555;142542;142040;140762;141189;134253;138195;143300;138114;138479;143258;138196;144827;136704;133778;139103;139524;144117;141298;140064;142532;139680;136937;134138;134460;134139;134636;141490;133779;144136;142229;133370;143465;141895;133738;136212;141526;142954;138480;142192;133371;136842;139104;141143;141190;137117;132790;140551;141295;143516;141376;133427;140438;142622;139681;137927;140306;138236;144736;133237;136297;135995;141903;141885;139214;133372;135599;139635;143309;142919;137118;137575;137683;140507;139262;137162;141556;134581;137011;140674;134461;141869;140552;138237;142569;138115;139105;144039;133428;136382;143329;142552;134994;138164;144440;138238;139433;133238;141275;136780;140553;134056;137427;141290;138070;133739;133014;136724;141144;140307;144475;144486;139883;139263;138239;134582;142198;139636;137766;135600;144140;141392;139391;134637;140308;132791;136682;134638;136683;133579;133117;142830;137428;144481;137684;134995;142887;133580;134583;144040;136781;138407;139392;139215;138408;136843;142529;133373;135213;141795;142860;143502;133015;133705;137429;136705;139346;137845;133890;144166;141484;133016;136684;141145;137119;138918;137685;144489;138409;134462;135996;136844;144310;138240;143098;140471;139709;136756;133581;140554;135601;142851;141928;136298;133239;143105;138580;139884;136938;140675;143349;135712;144342;139637;137846;140508;133820;144045;144616;142636;139710;144042;134463;140763;133582;141248;139216;142886;133429;141244;137735;144362;136845;141532;141297;133628;136299;134140;144091;134996;134057;137120;139106;135214;134334;144652;137430;133821;135602;140814;142351;144123;137686;133118;140309;133512;141519;139217;139525;135423;142051;138116;139762;143525;144474;142016;141375;136939;136725;139682;144484;143346;141889;136846;141877;140231;143530;136633;134254;136154;141550;136300;138117;141146;136989;139434;140555;137687;133374;133583;142862;133017;144835;136438;138410;144324;138534;134355;138118;144696;137163;137847;140815;133240;140232;135728;141488;143174;137736;134962;144241;138919;140107;136847;142837;138367;133119;139711;139712;136595;136416;133375;136301;142828;144822;142574;138655;133241;134584;141521;145017;142935;144175;140233;141278;132740;137164;144247;141386;140556;143228;139393;143111;140439;142515;137213;137121;143397;133584;139107;137214;135107;136439;139885;139588;143596;137215;138656;143434;133740;138241;136848;137431;136155;136685;135997;139737;141891;144577;144729;143354;134639;135998;139526;135999;133152;134997;133430;139108;133278;138242;138119;141871;136440;142914;140065;138120;133376;144613;143595;138867;142588;140816;136156;141381;142934;141906;136383;141487;144583;140625;139556;138920;133120;142104;135016;142048;140066;142047;138868;137868;137432;138243;132878;136000;137928;135424;137122;138411;138197;137433;144127;135215;134464;143520;134189;137688;143453;138198;138921;137123;144315;142928;143167;143501;142842;137434;138368;141554;133741;139933;136757;133377;142577;142839;139638;144542;133536;144480;137435;144323;142509;141883;139527;133018;138657;140676;137689;140108;133431;137929;134885;142510;140817;143195;133891;138121;143438;136417;144572;142671;133378;134717;135108;138412;137436;138369;134465;144036;133742;137767;138244;133242;141288;140609;134718;141102;136001;133892;139264;139713;134998;137576;133585;136002;138122;135109;141292;133743;133893;144606;136686;133586;138413;133379;137124;143108;142519;133706;136441;138869;136634;143296;137737;140557;138535;142859;144694;143230;136157;137437;135373;142195;134255;141249;141899;139265;137125;142191;139528;133587;143128;138581;153199;146397;145474;144967;147116;146363;145559;146296;145154;146392;153212;146471;146125;148202;146468;147777;147769;154180;144919;146844;146279;148174;148716;148793;147934;147773;145769;146297;146718;146412;146689;148801;147957;148732;147792;145558;148204;146373;147469;146896;148788;148715;148797;145238;144965;148198;146396;147745;147940;148157;148780;147739;147087;148743;148720;147782;145784;148722;145486;144920;146575;148728;146839;148783;146746;145142;147795;146917;145152;147734;145367;146841;148731;146284;146969;147933;144966;146277;148790;148727;148197;145483;146899;147859;145522;146364;145760;147450;147958;146554;145528;147787;148214;146913;148782;155960;145391;146856;145521;146393;146192;148718;147945;148792;148232;146901;146407;146902;147959;148085;146564;146509;148734;146835;146853;146399;145126;147186;147778;148777;146828;147175;145204;148726;146977;148741;148742;148776;149414;145240;146843;147027;146223;148917;146289;146260;153093;149989;147435;148730;154065;147854;148804;145107;147742;144964;148735;146400;148802;146323;147188;145716;148724;148163;148156;148796;147935;146184;147743;146244;145196;144838;146290;146368;145122;145315;146905;145780;144918;146572;152831;147026;145759;146737;146525;147770;148798;146558;145302;145254;147183;145131;146884;147768;148178;154140;146847;148799;147873;154857;147771;146559;147180;145747;145241;147429;146292;145178;148778;146234;148800;145337;148729;145482;148725;148785;146505;148238;148744;146280;148228;146894;144955;146462;145200;146276;146886;146970;148781;147153;146472;144958;147618;153200;147177;144816;147068;148205;147747;154184;146464;147484;147515;144961;146295;146943;148158;148208;147939;144954;145119;147554;148721;146467;148199;146830;146370;144916;148717;146855;147738;154839;145235;146606;146909;147519;146556;147943;146469;146557;146834;146947;146294;146502;147746;147802;147185;145190;148161;147791;146829;146691;145776;146054;147932;148805;148719;148789;148784;148154;146854;146356;147437;145197;147941;148794;145141;148779;146837;147498;144842;145281;148229;145751;148733;148253;145568;145150;146515;146354;148803;147181;148736;145388;146414;146522;146415;147156;148791;145529;148231;146049;145112;147798;144819;145722;147942;147847;146979;147576;148213;146319;145562;146850;146281;146900;148051;148087;148723;148786;145714;146529;146848;148230;146939;149990;146840;145763;147803;146286;147154;146358;146832;146275;148787;148795;146749;146137;145138;147740;146842;146500;145115;146519;147856;145318;144840;145260;146906;147151;146241;147815;158437;158443;158441;158557;156741;158257;157153;158442;157888;20952;62277;62278;62279;62280;62281;62282;133440;133441;22414;50651;22295;21610;159010;34969;31660;11586;24016;25039;69476;69494;21565;69475;17593;23831;45112;73640;21567;58233;11026;22964;17975;11153;14773;140575;57914;10068;10069;11193;10070;10071;10072;10534;17141;10073;10788;12036;30218;99132;12246;32315;22269;80103;99133;32316;80104;25492;144648;89724;77057;103673;77056;70295;32031;29252;27619;66519;65741;39621;47745;47746;10074;27576;56310;23925;15934;59328;77159;110774;123688;50450;50449;46201;16224;59318;20302;22056;52673;80998;81127;83365;106606;21079;23869;25694;29741;31799;34741;35742;40434;43068;46859;48300;49307;50493;44596;51926;53472;54299;54972;55140;55803;56259;56874;58001;58207;58538;58994;59426;61550;61622;62480;62836;63242;63450;64506;64584;64916;65219;65910;66445;66872;67225;69866;70858;71351;71951;72284;72606;72937;73433;73740;73994;74431;76413;77172;77577;78441;79140;79442;79835;80484;80946;81819;82781;84048;84365;84642;84730;85326;86060;86369;86423;86851;87244;87657;88639;89834;90425;91163;91670;92012;93461;93960;94334;94628;95762;96388;97142;97727;99283;100052;100756;101362;102262;103124;103922;104544;105175;105691;108281;108958;109601;110397;110979;111683;117410;118909;119462;119094;122117;123938;125056;125815;128633;133607;137253;141494;28211;11952;20158;11323;59196;59176;59175;60111;60110;11710;119778;19396;20293;16095;56992;18428;18429;41945;40824;110558;62392;89692;89693;62393;25371;27599;24712;58272;58273;133090;128148;90151;25442;38828;20929;149498;38156;121038;50525;58902;76578;76577;151288;151291;10075;10076;88840;84919;84920;73523;86470;100594;81383;81384;81382;56049;76535;122858;123009;131285;125405;137084;155788;76534;31347;93098;38155;129782;143482;150156;17367;85514;73524;81670;82996;86471;112183;124328;139546;73669;76493;79253;83812;73531;73522;97387;95439;95440;119751;73525;77988;88841;85910;85911;93128;97066;99969;124324;100384;52544;102132;104274;100998;104656;104657;103873;104352;104886;110415;106583;122855;110812;131283;117936;121356;124280;119421;128278;125885;128552;125886;125888;125887;125889;132317;127134;131185;139547;134228;130209;133358;131320;141122;143045;141567;141121;144948;156783;156754;147661;156752;152514;156755;156550;156569;73526;73527;158390;93196;73532;85737;89867;85738;85739;90314;85740;85741;85806;87896;73528;85742;73529;73530;77220;88842;74105;83031;21589;158687;11796;65669;65670;65059;65058;144448;148136;132633;139233;65614;125924;152220;154005;65613;157230;139315;141216;144566;147921;149359;152861;155706;158564;49808;125925;86697;119258;119835;102682;119836;90566;119259;119260;119261;119262;119263;101523;124412;127059;130625;102858;104742;119308;119837;119309;104436;121246;119838;109398;111376;121045;131077;118092;124413;131191;126750;133525;135848;140503;144647;141568;139316;49807;141217;144567;147920;149358;152161;154004;32396;45404;55422;48276;157229;49780;55671;52458;57050;62064;62384;72723;62063;86698;90567;101524;102859;112059;104433;109399;111377;121046;118093;131078;126751;125153;128422;129494;133526;135849;43029;64094;32395;39481;35807;133853;131941;131942;139412;139924;131316;132872;58645;92700;132586;11939;11370;10376;12053;33549;47557;21146;14588;14266;12527;12530;110559;15761;15500;110560;12555;12556;12566;12575;12581;20989;14440;12589;14345;140310;37723;122372;134356;107078;37111;109437;117910;88875;21646;64488;92338;53905;34939;86334;100974;133629;91332;117844;135880;40910;156075;21378;18814;110465;37996;18815;78878;86645;151497;44952;102687;86176;18816;18817;132665;43176;66968;55429;90876;83939;143517;18818;57402;33186;31081;84409;37293;158265;21379;74295;95585;18819;18820;91475;103555;74176;30029;144125;35998;72953;18821;18822;78495;153072;92674;96363;18823;18824;91203;84600;57907;72954;36136;86583;65540;142952;42874;67249;106879;70515;18825;137381;87980;57415;46244;69087;53579;99058;32487;92675;100140;153984;99206;47793;109877;18826;88665;100313;80923;18827;128491;127876;133969;55912;58609;99178;126592;70066;122959;37713;87981;31633;42808;18828;18829;78577;88570;124788;92676;117863;23950;146411;51404;109713;18830;111540;34445;36012;18831;86385;97807;33935;133243;31830;61586;117594;84651;129545;81062;88729;97197;23951;36645;150273;86386;91696;144147;34685;142665;111402;21380;18832;35405;111403;37252;25591;92831;139639;108923;93494;139109;72527;135729;149974;105335;101826;21381;145024;86584;139738;21382;133327;134963;112128;32488;134999;63015;90553;91908;148750;148503;21730;56077;76134;104226;45583;158143;69278;58828;21731;18833;21383;62488;139640;144165;73549;85366;138123;156224;92884;66734;44599;145027;57785;92885;22294;92339;35277;25129;149234;119056;92886;83328;157887;74479;21384;55281;21585;55913;92887;22486;94491;73661;101186;96364;94126;144184;100113;92888;18834;60114;66769;21385;84886;136533;92889;21386;58756;85426;71506;100881;37724;96365;18835;80069;92890;36588;57445;91697;91909;86805;92891;106424;134719;126019;18836;40460;92892;84482;59083;104835;127539;58358;37913;92893;51100;84693;90979;18837;84321;78815;92894;91145;50327;34164;156036;18838;50328;87290;92895;18839;134720;38114;35283;34688;146798;86177;91698;25827;153126;151004;25305;92896;56803;119510;86585;85519;138414;61443;84322;158451;128308;24719;81460;34256;18840;61587;101966;135881;18841;58937;94492;157244;106732;18842;36042;58313;35562;146499;63368;103474;18843;84694;106467;57857;21387;18844;150010;129573;21700;94663;88583;103556;137342;84104;87685;84068;104061;128584;79810;139471;87609;93983;125437;139529;121403;72247;122630;142311;87176;124374;41021;18845;54619;21388;51101;25437;87114;111404;149374;137382;66735;127945;26084;103759;95393;152657;18846;25472;31714;37848;24705;37320;89707;25748;34389;21389;65840;18847;63369;121604;76879;63364;24201;87686;125871;122936;35289;145257;66507;145560;148511;35613;118315;18848;147937;65935;104113;62105;59103;47025;99615;128492;153205;118900;18849;54620;51393;127540;52728;38779;26085;84695;84553;96850;34257;65936;87687;62884;40978;28316;34976;100610;103795;36791;153817;26212;123053;149247;21390;136990;63263;48749;100674;33239;134437;18850;132792;103522;61740;22451;104982;26977;88743;69213;58162;142275;149341;72312;125662;62068;110675;76301;60150;22208;121495;57550;88816;122165;63637;72717;95408;125614;37142;18851;59746;86876;22882;36579;86775;156027;50329;61725;58972;23758;18852;126534;144157;95450;22883;142940;47751;44333;37021;73900;137285;66635;18853;21391;138370;18854;126928;102688;119821;22515;22487;104487;126841;95499;51503;72893;57454;36167;91720;21678;44625;37781;36819;136384;91370;93942;106831;97219;30241;45547;131466;18855;157237;31953;57585;54838;63395;134438;23793;90605;56078;43161;96292;122987;18856;21392;63396;18857;67117;18858;63588;151809;146598;89764;22884;153870;126363;118844;104488;21393;57908;58837;81134;76195;64742;129084;132410;54621;133822;51962;63016;47142;127541;108703;158217;88666;18859;93933;91699;51102;65623;102465;18860;80148;143591;152901;152227;51132;106236;33904;21394;19337;138536;54982;59380;83080;21395;111018;18861;84132;86198;138658;38799;133432;33374;156078;106810;59361;133707;38135;25802;132064;104489;89006;18862;25803;144927;148207;21396;56804;36865;37369;112236;105063;18863;21788;35050;56323;140234;87480;109050;22428;148748;18864;90286;107126;70516;65989;37032;58646;61501;26086;62856;111176;27844;138245;150702;129114;36191;36605;18865;18867;18866;72872;83130;35284;87269;84380;131970;22209;59281;87291;21397;64873;78816;135941;149973;87688;106880;89765;96510;107042;140311;35240;21789;34270;21907;91790;133708;131844;119270;121521;21398;82062;102846;18868;112069;84410;18869;140725;21701;117966;85699;118182;18870;118496;18871;142946;79656;87292;55395;21399;108623;126593;18872;158033;35335;40583;84254;96163;99749;126315;18873;94238;106287;40899;34728;84381;81175;72955;140677;86586;34301;21400;22885;21401;136534;90606;38140;42238;47677;21402;153894;78634;84201;90980;35701;47616;135713;110628;106938;58640;82313;36365;137930;18874;119562;18875;36869;48250;18876;21403;94415;104162;97808;144658;129838;37618;28193;38697;48396;138124;83510;149424;18877;66918;106811;144182;21404;104537;122883;79955;37542;35051;35290;158169;94918;85593;83841;46259;97972;37058;136955;104731;106993;158782;63159;47818;18878;94416;92851;71874;21405;18879;86335;84860;36864;58359;85594;35052;119698;44345;90334;29769;18880;137789;104693;49108;142535;119879;18881;18882;62791;35241;137343;154139;105448;18883;51504;86620;81461;93984;156698;44600;96397;119511;121272;84483;117303;99551;108351;62770;59747;69052;96116;133328;57909;18884;69395;107109;87689;91026;18885;96992;51450;62956;61741;124286;35426;26087;132879;37495;21768;154925;103343;55812;18886;51567;87385;25664;84522;18887;93614;140626;85775;22871;103760;140472;86877;96411;106425;140678;58938;89007;28165;130238;95734;117649;86079;18888;22452;124219;111362;25833;21406;147688;88817;34504;37185;110403;21407;37467;19338;18889;21408;18890;94417;71529;58422;88149;91476;64374;56117;53439;21577;139739;81096;51928;141103;66798;21409;147558;110390;57968;82578;86834;76951;18891;69008;85595;42331;35469;60055;146477;150260;62022;104863;86835;43104;32061;37433;55821;50627;107110;33240;57852;68898;28348;112281;31154;55723;136535;36362;36476;21410;29689;101330;18892;97342;108314;145364;46876;91928;29770;55157;88027;42355;92340;88500;106733;37229;147814;18893;149073;146846;68917;29771;76922;28349;83792;61480;85965;91508;37593;18894;37125;18895;119563;117650;137344;137286;25632;18896;22488;53468;58438;109190;93442;57529;87885;87361;118073;154774;117441;45613;103584;37695;82890;18897;126484;22453;37115;138125;118476;57675;135882;36275;61762;22198;25015;19339;105064;18898;23738;54951;84628;48370;53906;85337;22499;102689;83554;157386;25260;153826;119315;99192;66549;112070;59302;145349;35935;51950;33547;22500;18899;36492;88667;21411;61451;53907;62814;18900;88465;81395;77638;88853;91027;118704;77596;125438;84696;91399;134843;150314;105214;73150;76584;109330;88067;50699;106597;125098;83793;51505;153222;34977;84697;35936;21412;38838;81009;136706;23985;84652;58864;85172;59439;130494;77733;37616;121199;111405;83794;56805;145274;34151;64089;144193;37929;51560;151899;136849;21413;127106;62832;139934;111363;85858;28259;56657;86431;122570;18901;18902;45529;25512;38963;108524;43342;37712;126136;127542;130239;37799;66581;147098;34496;144158;63401;110578;59945;49062;27550;81331;119426;88730;96058;25451;108680;96366;18903;36212;127946;18904;81193;21414;87610;87982;103475;45570;37480;67237;71485;105336;125439;18905;125440;105090;62054;158995;21415;18906;70865;100496;134721;43093;100282;85991;111561;96172;77315;126485;144028;139266;136158;53523;130240;59516;64791;57329;111019;92448;149425;36998;24730;18907;104227;26088;127543;83555;25425;106699;93443;134686;18908;84698;59063;84699;85859;96322;135795;23986;153073;71960;86044;86836;132349;85639;106036;103523;126519;23759;92770;85427;25834;21416;62792;18909;124608;146288;72528;92739;149483;127086;122412;99552;71603;18910;120968;36863;106037;131467;78015;146792;37227;152860;86889;53852;57646;39578;87293;142539;106734;35053;101539;76600;55956;65841;103953;102833;19340;23952;124429;18911;53881;87690;156021;18912;139714;57830;92006;21417;49273;134921;56490;80149;85640;87691;55430;18913;105665;83901;50330;35623;18914;87789;18915;21418;125687;21647;18916;100565;148697;137165;133970;117845;65067;18917;121427;63373;56576;64516;100141;71223;122657;38881;150316;151119;104163;121564;109051;130241;24202;127947;96117;97687;137869;103656;37846;145478;18918;131468;86276;110254;36231;96086;141465;58471;89047;85367;87692;72612;18919;92341;47904;21419;138126;76614;21420;136850;84861;42094;19341;103557;84411;22239;93674;158199;121629;94081;27578;18920;29950;156715;34762;85641;43376;36947;93144;118246;88603;93061;125346;32062;51963;71450;21421;84780;21422;35054;28350;22489;89048;81798;34786;136442;25981;138922;112071;101540;40868;141844;18921;130921;130242;18922;150312;110539;125749;95500;123980;52486;18923;85173;58641;21574;148506;64792;121522;104265;58201;63469;122884;21423;93985;156440;92027;102615;110953;126413;42129;34390;99059;103476;95418;70964;146166;85483;71451;153396;21424;103152;59313;50331;77883;90335;124220;83909;146578;66799;22909;21425;25840;109052;18924;38800;61557;105337;38801;95419;85924;21633;18925;95501;36300;58642;149361;59206;96323;90336;27508;130243;109383;63370;56491;131260;126137;153435;119481;83511;87294;40485;100283;18926;91791;136159;76543;18927;159035;66455;49166;25841;51964;38802;78002;105215;61780;83795;35582;29796;95502;50469;134585;53440;121335;56168;96511;18928;34723;38751;156026;105140;69250;87693;26037;156029;35427;126364;65967;62793;57786;62866;86621;119699;87611;96820;137126;51363;21426;95503;18929;51568;118074;59859;136003;61742;140312;87213;151009;92897;62885;140627;84970;99553;110429;25261;51103;55517;103477;90287;61588;35937;131469;136758;69412;96618;61639;130244;36910;34940;43377;63069;95504;36730;70261;158197;23794;84700;72382;57403;91371;110653;124046;71530;21427;70672;40486;131470;86188;18930;80424;136956;42428;66889;73266;153220;126486;87790;145316;88512;142855;118477;39315;119822;103741;61781;124560;33419;66630;45584;141793;101276;153982;97788;104759;52966;109749;84701;142856;130245;147680;103478;22240;88466;106598;21428;45561;83081;37117;94691;100441;130439;121324;95505;147900;36192;55845;149343;86178;95814;78016;87997;59517;32063;88668;18931;156052;40571;149079;18932;45614;100497;27067;38803;63256;109625;88068;23987;95506;18933;149857;122631;76060;104647;146907;85700;100646;103153;88669;18934;50700;33241;62194;53407;130246;56277;95507;144673;18935;152069;110540;87612;56685;61763;71070;153821;84554;120969;91929;86878;56492;87177;119246;78017;65184;65170;81332;95786;35089;18936;19342;84069;63049;124353;51991;95508;128979;59466;32449;102278;107243;103840;34497;64288;92740;88584;55158;61522;107043;85757;143178;18937;29849;73389;18938;88818;86806;127948;25049;79795;18939;148526;148869;43626;45114;95509;55877;149249;135603;70795;82786;127544;36807;83512;18940;55009;106994;100081;90844;62611;153815;111583;36654;35055;133709;21429;62489;24825;109228;153827;85257;136302;91267;32110;66250;58137;81462;96619;81116;19343;73321;51379;157239;60151;95510;31983;35336;35583;64743;150171;103524;149888;126842;18941;21430;134256;21431;18942;84412;18943;137166;88977;18944;150091;21432;59084;66845;73676;40691;127545;87744;95511;136596;89708;35695;84702;110579;79364;102939;22516;133476;18945;148200;117864;111655;56772;23663;99554;96938;108738;71808;51582;37439;74342;144172;71983;21433;109661;89895;63115;158787;109662;105065;109053;137790;126081;27813;145236;136160;23871;147874;85033;146833;36550;62340;18946;18947;69888;134922;90288;84813;70299;57628;108979;18948;25050;35401;93388;111406;96939;86277;87745;36673;55822;106832;18949;35770;19344;143543;45135;100284;88467;58889;121565;88684;19345;146601;90049;145567;68918;102530;99496;80350;158994;126365;158403;96324;62886;18950;18951;38882;97544;124209;32145;152226;122109;18952;43037;133244;87830;36893;22051;62705;97809;141517;149883;150196;21434;18953;65541;82650;122960;124221;133710;95546;24307;104836;58670;83796;99555;18954;73632;101217;35242;88468;61502;73633;87694;59009;29990;21435;127949;58360;58472;21436;92771;21437;29229;21438;73111;21439;117721;21440;37696;71285;21441;91372;37518;59282;88876;27640;143306;137870;18955;144868;18956;92342;35243;136940;144569;128585;71152;131148;82286;37225;135942;34978;66311;85428;96059;18957;145149;83842;87695;25426;88028;18958;92503;149512;39375;134335;62114;65185;77560;99698;87831;25130;26089;32299;81432;38964;18959;18960;120970;105449;21442;56476;138127;56493;42967;139683;52626;18961;96367;141284;18962;22501;83229;108429;53441;74114;59085;156210;19346;35624;93581;18963;89008;62806;157236;18964;38086;83940;22454;91437;61617;52058;22210;36251;153083;106115;59095;88944;66582;18965;34732;158989;23760;47143;42404;35337;137249;87295;156030;91839;146130;132428;18966;18967;73792;35938;21586;21443;156688;100581;58790;150015;144191;136851;137167;21444;48397;84814;140135;49123;32064;37471;22040;135730;87696;87983;21445;19347;37800;122084;129085;139830;99060;102690;86922;74181;69396;51069;57292;104797;42414;65199;48380;85608;77124;111771;69214;18968;42213;46245;149977;144177;44346;96221;150317;86686;35338;65842;136957;102330;123574;18969;105450;105502;37716;103237;38804;94418;25914;18970;92898;53442;107111;144190;145095;53469;21446;35563;18971;137791;138923;71257;130617;87746;87697;96512;121273;88604;61764;76196;65843;131295;144573;29288;18972;91373;89009;86266;89709;62731;18973;44407;92899;139472;87854;127546;134722;66814;35999;87225;111720;136687;117722;137792;77976;18974;153061;49728;57293;36564;87960;56762;86837;88469;72098;100775;21447;66736;56587;18975;58314;90233;106735;140628;89927;91581;108574;92900;140937;145023;23664;21563;90592;35584;21448;66631;92813;92901;87481;22052;103841;61743;91734;92902;25633;21449;18976;21450;101218;135425;124182;62490;127547;37841;18977;57818;102466;96851;40957;50332;92903;88670;29230;32065;90554;30127;103657;130413;106855;91553;88470;126138;118901;149231;42342;100393;29951;78521;92904;36518;139267;92537;73857;92651;37025;139435;95364;66312;151121;37131;132065;90050;92905;39594;86387;38021;153819;34484;40429;96639;25473;18978;72696;119851;89852;18979;93360;152745;36773;21451;70449;48332;46246;25634;18980;105338;122042;43094;138582;35625;51520;58829;139763;77836;86857;88471;141314;26038;97545;156028;120971;34327;92906;59026;147697;103842;66169;21452;58556;25016;92907;128135;122885;92741;69337;87362;35963;29874;21590;18981;92908;56477;82480;66837;92504;84523;105406;18982;153818;84703;85066;152746;87482;92909;51506;38705;100582;35279;82906;31031;92910;110691;40518;38002;128136;92911;38112;62341;34045;88472;24797;36333;18983;82514;71071;92912;27044;106856;36837;81587;92913;60101;70306;36576;21453;140235;34228;18984;37398;108352;133661;92914;89766;22517;43596;26090;50838;46214;37137;34188;18985;106649;36995;119700;154658;51666;105066;148703;34838;137690;104944;55970;34816;86587;140236;37183;37109;64987;151972;22139;81097;97403;94493;139436;50333;36618;88473;141293;93495;149071;158402;18986;103344;147897;50505;78611;143437;102010;18987;149514;105216;133971;82002;122359;102030;96742;36280;104760;111991;110969;134844;72995;153871;137691;23872;77717;89896;140237;47144;73550;42912;18988;21587;89853;74239;117651;103479;18989;18990;84704;66737;123481;85484;37096;136536;90845;88474;23988;56521;59220;92915;57551;35672;34446;118902;129661;18991;83797;24720;91637;71238;125278;108430;92916;69088;128042;104507;18992;66632;62957;92917;26091;156732;97107;102491;21454;86432;92918;84705;148518;50334;38657;65844;106736;92919;92772;18993;88475;128309;32066;80537;18994;100827;36237;92920;96471;79707;54622;18995;106881;97546;92921;21455;109663;140558;37076;92922;122988;132411;57338;24227;153823;92923;89010;65968;92924;79401;148599;61765;18996;97810;18997;118336;56079;151120;35280;92925;87984;117376;22341;57910;57739;25381;92926;96412;73487;99109;73793;92927;92832;89089;102101;34165;57647;153985;18998;93986;92928;21456;128586;91966;139268;102797;110430;91374;70262;88945;90846;102331;55502;124222;18999;73267;94082;53346;19000;89011;151778;53443;89727;19001;144187;149346;21457;58647;57629;56017;121404;86450;19002;135192;127548;21634;97108;56806;25679;37822;110274;93389;24365;64666;93033;95451;33187;22886;51832;100442;45446;91509;69065;19003;37951;25533;95787;40858;89012;66907;49686;85729;84706;38965;148211;57432;31155;36752;84707;72790;99646;19004;62958;126666;108624;19005;81683;44601;67103;78039;19348;72002;70701;89013;76719;95039;29289;129425;83024;97625;106237;47814;21458;86879;38966;91146;125934;64988;19006;86377;96368;84133;37206;19007;19008;144144;86838;37503;21459;19009;55878;35639;40461;19349;21460;84043;84708;109593;77125;83941;85368;19010;42310;61539;64885;77316;36636;105625;34979;87907;65845;56548;19011;86433;64874;81117;21461;37292;36421;152490;44049;37047;87661;123809;118754;25017;87698;87226;81618;19012;34018;86858;144174;21462;40659;93496;158983;42196;157319;101541;34686;19013;37039;104062;88671;158246;101187;63290;19014;136726;135714;132683;106939;96037;25804;84524;22502;91930;83798;21463;61481;47567;21464;37617;32146;45595;55914;40660;32067;87747;122085;21465;138537;34980;109594;65969;25784;131340;36168;101967;21466;87613;91910;127950;19015;42170;55846;139589;36472;152288;129839;47033;19350;25805;142156;153816;19016;34152;136385;74444;19017;145187;119316;102138;130922;144185;87614;19018;79365;32147;73881;156079;19019;109565;97688;88150;152747;72849;76985;84887;49652;21467;87699;119271;55439;29772;87188;128587;45447;77036;19020;111177;84862;133588;88476;19021;81867;35640;152205;21468;132793;66938;52666;148530;106812;151410;117911;21469;90289;147172;118124;100975;19022;90847;47794;84709;37686;35339;35928;19023;64421;57390;66210;51889;134336;70484;97312;48427;105362;88819;21470;63674;51915;38015;46005;143526;125379;31954;106214;21471;158985;94083;91931;154315;19024;135943;139831;95365;139347;95265;19025;19026;27845;61675;25359;78003;24838;37029;133894;121405;72768;146574;102553;82481;106215;36000;107044;123981;19027;150172;89928;145781;143466;85293;21472;88672;119057;109066;35285;85966;19028;21473;84105;49729;111178;97220;66012;70379;22211;25560;70646;76615;111596;51521;72494;99240;89014;76986;32489;56857;34951;94450;19029;84710;103796;19030;103441;87227;61782;39425;93730;21474;57552;19031;96369;136688;73151;26937;19032;21475;130440;37777;34206;40935;23665;102279;120972;86278;19033;108476;118858;106426;152073;42875;84971;99974;90741;65846;101876;28194;81659;100828;21476;126756;106959;19351;23989;57720;34839;22887;36976;85596;87296;22872;57045;19034;88501;153285;89974;119272;24366;95974;79956;151900;105067;58283;109929;83910;21477;21478;65847;19035;70965;58963;131261;123422;42886;142035;90234;63365;86279;110319;109626;86451;80351;93497;148522;33905;63371;99616;103345;88744;141535;19036;84934;141391;73431;21479;158633;91268;152818;84314;19037;146560;37028;19038;50470;111656;97592;22910;94692;137438;19039;36682;100285;129369;19040;73488;142573;74318;109054;21480;90568;154773;86080;76720;90290;63470;19041;21481;91554;19042;159065;50335;134923;146516;85860;102408;56494;19043;73779;62298;124223;111721;19044;25806;126139;21482;49730;81588;136941;19045;36517;82063;81463;47130;129954;54623;58210;19046;156025;88112;19352;134466;69372;139110;70595;85573;19047;55633;47752;76302;45571;87700;154045;148516;68943;73551;151500;112052;62207;153892;21483;110521;103761;21484;28166;130077;125791;97789;153949;94458;56522;85861;49189;19048;27551;105712;146673;32068;94451;91510;78496;21485;35626;131471;84496;80983;64989;125935;156470;142151;135193;45382;21486;31437;81962;86955;151346;34498;119482;133662;58315;84994;72676;84525;84972;22212;56723;127549;76854;66770;109532;19049;128746;112072;111541;93361;88877;95693;87542;147148;139348;148520;85369;19050;19051;55681;136537;151008;31183;100976;156469;105141;137287;51104;73152;19052;128795;149039;135883;37145;38061;21487;139394;83513;93428;86320;35340;58838;101542;45572;37223;26938;123982;85574;34271;81222;66456;88502;84323;22923;58347;34817;90848;84781;96993;83902;61503;19053;106882;59027;124609;27622;146985;36766;35939;124224;36193;95512;85992;139641;141147;141512;133329;104983;90235;63397;87701;36920;135944;96060;144815;19353;45585;137216;136852;38967;111179;65975;36391;45573;19054;79567;50701;94693;141148;85893;105626;84324;19055;19056;66815;144826;122605;84070;19057;90337;53397;84325;61640;126667;146763;60056;27610;45586;84526;94263;57455;36857;103585;19058;57294;96709;19059;19060;72206;64744;118024;70966;63463;156370;36922;133121;97689;21488;92343;88513;62959;150168;125936;19061;38058;80840;66170;31082;85520;66583;100339;87386;91932;79402;108858;19062;82681;26939;103480;91911;127550;28317;90474;86388;19063;38805;124183;35341;104945;117465;153074;141549;104063;84527;90236;90902;132942;152859;22911;81223;100977;19064;28195;73049;37486;19065;90607;84413;37933;124047;97109;103860;88151;62649;153062;19066;21489;61676;87908;148537;19067;149489;154044;19068;19069;89015;58520;22518;19070;56080;69860;21490;146857;23771;21491;22007;65848;59314;56495;106288;23744;122989;99750;21492;131262;88673;94751;87387;106813;130183;84815;129426;79403;85758;96472;56527;139111;19071;125099;92344;22924;154199;145563;83556;109055;138784;87483;93429;61677;63070;56081;151971;59168;106737;64922;94214;102987;50351;109019;136021;101331;94903;104490;125839;19072;58316;25785;117492;79957;19073;96370;103909;22938;93987;56399;19074;128310;73552;136635;35442;102467;19075;24798;145193;66919;107045;91582;94419;95409;37051;85258;37437;109191;85521;61504;58473;84438;35056;50336;106857;19076;132350;93988;31831;84382;37516;19077;19078;77109;36848;143175;88152;88820;91933;19079;125663;86588;70866;93267;104984;89767;52038;135731;60134;87297;138128;69437;19080;22519;37792;85245;94527;21493;87702;128588;93934;144126;58423;66185;21494;36402;59748;97904;35057;84711;107046;103762;84712;19081;21648;21495;25942;135945;151005;118247;24686;19082;93498;119109;103861;74004;147872;56400;141318;21496;19083;153824;22008;157234;87178;85522;37934;62706;156324;148519;93211;131263;52707;83281;66966;129546;22018;96513;84484;152207;25592;157323;39426;139590;32148;19354;121447;84995;31832;19084;87832;123539;22888;29340;90742;129547;101381;103481;156031;19085;53266;134723;36617;19086;19087;50500;52956;153814;120973;24007;22925;40661;130632;146607;100706;59169;135194;144148;45009;140938;58839;106700;31438;144133;69507;101332;19088;108477;108431;87703;72850;66999;63434;58920;25718;88113;46791;106427;40958;19355;152570;130992;36281;19089;104612;133433;96994;111478;61766;57926;64886;91304;138071;118705;91375;85993;87704;83095;19090;21497;85862;19091;21498;48401;103461;21499;92574;19092;144188;93582;87748;19093;86859;78071;134257;128403;118942;19094;65849;22889;153813;157238;84555;133972;26092;122571;70263;25786;21500;124129;48360;103620;126487;72313;144122;19095;19096;108681;93989;86179;105451;132066;105026;126414;87662;119794;147848;82579;32069;103797;19097;59207;21501;139642;99556;58521;23850;139715;35564;156565;53347;110699;118497;103999;21502;86554;22503;143510;65068;111407;59086;41007;56169;36768;71961;36259;82891;83282;58021;47699;108508;39579;85994;119701;19098;41047;117723;35058;58671;21503;93755;44429;88532;21504;57051;35342;140629;87513;87749;19099;83964;146845;87705;57144;125913;93552;33471;95513;19100;35354;148930;139395;87750;91477;140313;40508;100737;35696;19101;111657;141322;84044;87751;77884;19102;80538;36731;111090;51929;35343;144841;19103;60102;19104;39427;154316;36239;65850;148505;56763;134337;122572;117652;104491;86214;109229;52468;31109;21505;76987;19105;87298;90877;55915;39784;105259;64667;86589;43127;41948;53470;140473;84528;135604;104732;117511;19106;73553;19107;37254;110954;91840;111408;27814;19108;55396;38806;52698;59381;149267;21506;21591;106181;91491;46260;19109;95694;148534;108859;73442;81684;103718;86839;96061;72114;70517;22342;25051;26039;96118;138371;133589;102280;39428;111091;153822;45338;92345;79197;156403;88503;37377;86267;94127;62023;39867;96371;86180;50404;24886;122685;59853;21507;96119;127551;89808;74240;124789;37595;103346;48278;87299;107283;85995;21508;78114;130495;33906;19110;134467;129771;151624;83514;63366;25102;35458;152203;80238;19111;96120;19112;103954;90051;89768;39802;82892;85034;84182;37811;76177;86519;137439;36240;36941;33188;148147;69066;111722;50074;33938;36521;19113;21509;152126;117893;80352;19114;102940;35940;107127;128887;133434;23666;94346;102724;136853;106701;106858;51507;33857;19115;36459;57411;61589;84224;85338;138199;99325;96995;21510;83441;111180;128654;118961;53217;108315;141149;66508;19116;21511;96121;136070;150311;64652;119273;110304;72194;21512;36968;19117;101827;150230;58757;60115;84973;90780;110504;154659;33242;133435;42298;87270;34724;45574;51670;93781;22140;61678;90237;153812;43879;84653;154198;26940;102508;122043;117304;65003;128043;44922;50320;26093;91526;81619;128439;79734;111479;151002;35941;84782;146605;92929;131795;77885;68990;37124;136443;92505;63435;36428;137127;31376;156199;19118;80453;37213;38031;19119;44390;127951;133436;92575;95586;94494;148931;71935;93990;19120;92652;118075;36637;83082;90238;91841;84713;84601;152150;19121;37430;80924;144446;19122;52986;35641;19123;152071;77679;83942;152206;71072;23667;103666;157235;19356;19124;151010;70264;19125;139112;90239;51965;19126;136386;110700;140314;100829;101828;65542;146285;108781;60135;25787;55991;19127;38151;74019;84326;137793;128493;19128;34391;31377;110916;36683;66738;56773;84714;61679;19129;51930;136689;152125;93943;60089;61505;105503;65851;86590;137168;104348;92395;37015;99557;123644;142625;35714;29811;24770;36194;52575;144167;83943;36912;141191;153983;83752;56187;19130;84383;78663;81685;96222;112187;137889;82482;119636;148517;144823;56496;94904;151003;122658;150002;19131;21513;35037;72155;110970;156323;139218;76269;71166;37427;136444;54624;152857;62979;23851;21790;90052;25052;77241;21514;25807;78104;27588;152748;132943;84783;135000;77753;86305;152204;56497;19132;22455;134258;121087;21515;57489;85996;79320;121406;156474;64646;136303;144179;84715;82753;46792;99558;96821;85997;133630;19133;84327;35344;151377;19134;19135;21516;96473;80559;153820;125937;108625;19136;127952;51194;91934;91700;106995;63589;35295;136387;64887;84282;87165;38113;103862;40496;85863;106599;21517;91527;87543;144962;92346;89854;119274;34416;139886;123144;49109;85894;132351;104228;55682;66875;37677;84529;56498;104198;58022;109289;103482;62168;34019;83283;37923;65560;135110;119058;19137;56816;19138;19140;19139;121407;22912;127953;21518;80577;25427;25967;128589;157935;71239;25943;39408;72128;83389;21519;99497;88153;103442;138129;103483;91028;106996;100340;39376;58023;56499;85234;85730;73153;123645;87544;34189;19141;36298;103827;36377;80454;87388;34770;65852;79301;87228;65937;117442;61566;27601;89063;104733;142883;59104;128137;64923;61402;81534;143172;108704;81010;101784;95309;111224;55847;99193;22118;133245;21520;54825;51824;19142;108353;71452;125441;92833;88821;105363;57612;19143;85319;43847;49770;127827;105339;122140;19144;61388;25306;31378;59382;104266;31032;86591;94347;118706;19357;127552;121219;82893;148525;62422;99647;38728;90338;37850;68899;126806;25915;97811;92963;87791;77189;154926;21521;64859;87935;55397;95587;36878;121274;88504;62887;47131;123054;45348;49731;90608;59283;118707;21522;90291;158521;102988;62612;40396;70485;106859;40760;19145;51420;117724;25749;158073;93145;64875;48333;87615;93023;139113;104000;102691;95514;70241;90555;83442;21523;69293;27552;150218;135732;37706;106238;54952;143467;52563;33375;22105;135111;22241;91935;84530;159073;111480;80898;21524;36265;96620;71088;22520;139114;156022;133380;106216;21525;148865;86999;110934;86840;139716;91066;146616;45040;122413;19146;19147;38678;110431;67250;156764;107112;64693;66777;57355;135733;82894;91936;149013;56204;56528;109750;128440;89897;57704;95909;19148;54826;99259;86841;96164;92742;22490;151007;132429;49687;106738;51446;50337;50075;37040;96514;57740;112073;87000;70265;24799;81154;97690;56082;91937;122686;56500;30030;21526;92834;31156;134190;95515;96372;19149;77754;96743;62457;22350;70932;21527;54625;124790;66264;69219;140738;84011;36790;76364;87229;101829;91938;19150;96122;91939;111658;103828;95588;105260;106600;19358;128138;140630;86434;56523;93640;111020;88585;22491;127553;84328;73974;133537;43177;48334;93944;57463;91940;152491;103843;87752;136304;35910;157332;21528;19151;148840;31304;88731;122086;36433;129427;104985;152571;56478;21529;22006;23852;111409;89898;80455;119021;91949;126668;43038;19152;22343;158990;64422;86389;35771;57553;85925;95589;43095;139349;65853;85776;96223;103484;59551;144582;21530;73050;23853;121336;108739;84255;39320;58202;57911;67251;82631;42060;37275;19153;148140;102941;62208;86592;21679;62571;32070;119110;19154;118248;85429;100498;62807;45448;102725;19155;35428;131173;87001;127954;76630;19156;33493;19157;85833;119637;23761;129548;36450;101188;22141;56988;103844;50980;132352;128404;19158;57741;131296;22504;65624;47155;127554;56588;40979;19159;139935;157240;90556;61744;21531;34089;79079;86268;85485;19160;37043;147857;21532;140679;139557;56900;92713;19161;111142;25103;23953;104761;19162;62539;87514;137169;93024;84716;19163;72156;66341;148928;36232;140680;73975;111318;117443;147152;137692;61375;122291;36224;131149;153893;133973;85486;96062;56674;86860;19164;38763;29952;97251;76103;31184;63050;19165;21533;47601;25982;110466;85523;50815;35911;88745;91912;25018;84717;34840;21534;28351;139643;126082;90521;24826;19359;151407;137693;19166;34771;51966;90781;19168;19167;37101;51508;111410;29953;87616;85370;108626;21535;67194;145488;19169;148704;19170;151001;104367;97691;36385;82483;59700;59583;94084;141790;32071;111659;32350;69096;21536;154356;21537;94459;152668;85957;117305;97457;23954;84329;93073;63144;100365;100861;153825;64860;106612;153181;80039;57742;127555;63160;131109;135500;39496;32388;140739;26978;85562;33420;34508;59184;25207;127556;139717;104508;127557;58138;32128;45615;21538;72808;19171;94905;19172;21539;148514;19173;89049;89710;82064;22456;119512;124287;50338;35990;19174;22041;87515;97692;150308;19175;21540;97812;19176;29866;91583;64653;104564;149360;138583;19177;138200;81559;90292;33907;63379;54983;81901;92964;19178;21541;44661;129549;86181;153872;19179;89711;19180;102051;49167;90699;69546;27641;86593;138372;78730;26213;148527;119880;104509;21756;95394;51857;76780;132880;19181;149464;62553;119317;70777;72157;35286;80925;136942;117444;36897;89728;31327;103109;106960;93991;140238;118478;57705;29690;119795;100314;21542;19182;19183;87002;77837;108316;124210;152070;85246;37892;31833;145469;148702;97035;88154;34382;34310;21543;77235;38706;139740;144625;32470;156053;131297;36697;150408;85731;86842;73154;83799;38764;59749;157413;46767;149493;19184;130496;36760;25788;34247;22213;22492;43128;46338;66876;138130;96123;64668;130441;150105;69499;129840;36392;77401;55518;59828;19185;19186;144146;58024;37141;79958;111181;57883;30088;21544;123540;117445;22521;52987;19187;83390;32072;111092;137738;112074;29732;57743;89729;23854;38133;85320;31693;121220;157867;44602;28196;91913;88505;127558;51387;59750;76487;139832;152072;73322;92347;21545;28167;125750;131264;29691;83944;112198;22304;37817;14340;14280;99994;102917;104970;104971;119307;126754;125632;126647;128078;128415;17984;12613;12614;12617;15419;35700;149509;12014;20247;50510;50509;63223;77746;44873;49998;49997;58088;81182;66986;21580;63203;88696;88697;150427;24898;157327;10077;10078;10497;11923;10369;10699;21247;11455;10405;11311;11395;25402;20804;26193;31682;35088;38718;45528;52026;15931;52025;52024;76788;76786;12099;21644;20337;138853;20221;11160;11579;10080;10079;10082;10081;34324;10083;11565;101547;50811;10648;18367;11779;11614;11539;10084;10085;10086;10467;10692;10087;11566;10088;65078;10089;10488;14709;12080;12037;11392;10565;11391;10090;10653;53847;42149;11112;10929;19782;12056;36051;11045;11371;32373;32375;32374;10091;10821;19300;57272;10092;19303;11711;19520;19383;48351;48350;15479;25553;25548;48352;18302;58205;57793;57794;57889;11905;33546;22272;21017;65767;66294;66933;67171;12278;90255;65766;19512;20015;15624;11115;11876;12030;21019;16185;19419;21040;14338;11810;21018;12081;11211;10093;11998;10420;21339;19400;21168;150079;21245;34348;34488;20959;83465;11670;21619;21779;36143;21780;21036;18622;21324;36144;11037;14441;14442;14443;14444;14445;14446;14447;14448;14449;14450;14451;14452;14453;14454;14455;14456;14457;14458;14459;14460;14461;14462;14463;14464;14465;14466;14467;14468;14469;14470;14471;14472;14473;14475;14474;14476;14477;14479;14478;14481;14480;14482;14483;14484;14485;14486;14487;14488;14489;14490;14491;14492;14493;14494;14495;14496;14497;14498;14499;14500;14501;14503;14502;14505;14504;14506;14507;14508;14509;14510;14511;14512;14513;14514;14515;14516;14517;14518;14520;14519;14522;14521;14523;14524;14526;14525;14527;14528;14529;14530;14531;14532;14533;14534;14536;14535;14537;14538;14539;14540;14541;14542;14543;14544;14545;14546;14548;14547;14550;14549;14551;14552;14553;14554;14555;14556;14558;14557;14560;14559;14562;14561;14563;14564;14566;14565;14568;14567;14569;14570;14571;14572;14573;14574;14575;14576;14577;14578;14579;14580;14581;14582;14648;14583;14649;14650;14651;14652;14653;14662;14661;14666;14669;14675;14694;14677;14705;14710;14725;14746;14745;14747;14767;14766;14774;14779;14780;14781;14790;14791;14797;14798;14799;14809;14811;14821;15406;15407;15418;15424;15429;15431;15444;15445;15446;15447;15448;15472;15473;15476;15511;15512;15513;15526;15527;15538;15539;15545;15558;15559;15560;15567;15568;15579;15580;15581;15582;15587;15590;15606;15607;15610;15608;15612;15619;15634;15644;15645;15646;15647;15648;15649;15691;15692;15693;15694;15695;15696;15723;15724;15725;15754;15736;15768;15776;15777;15792;15818;15826;15833;15827;15837;15840;15843;15846;15903;15906;15921;15913;15922;15933;15954;15955;15969;15971;15989;15993;15997;16001;16002;16003;16004;16005;16006;16011;16010;16021;16034;16067;16066;16075;16068;16392;16393;16395;16394;16396;16397;16399;16398;16400;16401;16402;16403;16404;16405;16406;16407;16408;16409;16410;16411;16412;16413;16415;16414;16417;16416;16419;16418;16420;16421;16423;16422;16424;16425;16426;16427;16428;16429;16431;16430;16433;16432;16434;16435;16436;16437;16439;16438;16441;16440;16442;16443;16444;16445;16447;16446;16448;16449;16450;16451;16452;16453;16459;16458;16460;16471;17127;16472;17128;17138;17144;17145;17153;17164;17233;17206;17234;17235;17236;17248;17249;17250;17251;17261;17262;17263;17274;17275;17283;17276;17287;17284;17288;17317;17318;17319;17330;17344;17345;17353;17576;17580;17579;17581;17582;17615;17588;17616;17619;17620;17632;17642;17643;17665;17666;17667;17675;17676;17977;17992;17978;17993;18001;18013;18031;18043;18044;18045;18060;18061;18081;18088;18089;18102;18090;18116;18121;18126;18125;18127;18146;18144;18145;18159;18168;18169;18170;18228;18229;18230;18231;18232;18233;18234;18252;18269;18270;18271;18272;18338;18379;18380;18381;18382;18383;18384;18406;18425;18426;18427;18445;18448;18464;18465;18466;18468;18467;18481;18520;18529;18530;18531;18538;18544;18545;18547;18548;18549;18564;18590;18605;18606;18607;18633;18634;18647;18656;18666;18668;18669;18686;19199;19200;19210;19211;19212;19222;19231;19281;19282;19323;19324;19325;19326;19327;19328;19329;19330;19360;19361;19364;19366;19388;19389;19439;19440;19441;19442;19472;19484;19485;19533;19534;19535;19536;19537;19538;19572;19573;19574;19575;19576;19577;19578;19669;19670;19671;19686;19687;19741;19742;19810;19811;19812;19813;19814;19815;19816;19817;19818;19819;19820;19821;19822;19849;19974;19975;19976;19977;19978;19979;20030;20031;20032;20033;20034;20035;20036;20079;20080;20081;20102;20103;20115;20116;20117;20118;21275;20140;20142;20153;20154;20155;20156;20157;20195;20196;20197;20198;20233;20234;20235;20236;20244;20261;20262;20263;20264;20265;20266;20267;20281;20280;20313;20312;20314;20315;20327;20328;20330;20329;20352;20353;20355;20354;20356;20357;20371;20358;20411;20412;20413;20414;20415;20416;20418;20417;20419;20731;20798;20814;20815;20822;20823;20828;20829;20864;20873;20874;20894;20895;20896;20921;20934;20935;20938;20953;20962;20979;20980;20999;21000;21001;21021;21022;21044;21045;21046;21047;21048;21084;21085;21094;21095;21096;21097;21124;21125;21126;21127;21129;21128;21148;21147;21160;21166;21194;21195;21196;21197;21198;21199;21231;21254;21255;21256;21276;21277;21278;21279;21297;21298;21299;21315;21316;21317;21318;21347;21319;21348;21349;21350;21351;21352;21353;21354;21578;21355;21614;21579;21615;21663;21665;21664;21671;21666;21667;21680;21681;21702;21703;21704;21706;21705;21707;21708;21709;21710;21712;21711;21732;21734;21743;21742;21750;21758;21773;21759;21774;21775;21908;21791;22010;22009;22011;22012;22080;22083;22106;22107;22108;22119;22120;22142;22143;22144;22145;22146;22147;22148;22165;22166;22167;22168;22169;22171;22199;22200;22214;22215;22216;22217;22218;22242;22283;22284;22285;22286;22287;22288;22289;22290;22323;22324;22325;22326;22327;22351;22352;22353;22354;22355;22356;22429;22457;22458;22459;22460;22464;22469;22470;22471;22505;22506;22522;22890;22891;22892;22893;22894;22920;22913;22914;22915;22928;22929;22930;22939;23626;23668;23670;23669;23671;23672;23673;23674;23705;23675;23706;23707;23708;23709;23710;23725;23726;23727;23728;23729;23730;23745;23746;23747;23762;23795;23796;23855;23857;23856;23858;23859;23860;23861;23862;23863;23864;23865;23866;23867;23873;23874;23955;23956;23957;23958;23990;23991;23992;24008;24203;24205;24204;24206;24207;24209;24208;24249;24210;24250;24251;24252;24253;24254;24255;24256;24257;24258;24308;24309;24310;24311;24312;24313;24350;24351;24352;24353;24362;24367;24368;24369;24721;24722;24731;24732;24749;24750;24751;24772;24771;24773;24777;24800;24801;24802;24828;24829;24830;24839;24840;24841;24866;24867;24868;24869;24887;24888;24889;24929;24930;24931;24932;24933;24934;24935;24936;24937;24938;25019;25020;25053;25054;25055;25056;25057;25058;25059;25060;25104;25105;25106;25107;25108;25109;25110;25111;25131;25132;25133;25155;25154;25160;25184;25185;25186;25187;25188;25208;25209;25235;25236;25262;25288;25263;25340;25341;25361;25360;25382;25383;25384;25438;25452;25453;25474;25534;25561;25562;25593;25594;25641;25660;25661;25680;25665;25719;25789;25790;25791;25792;25793;25809;25808;25810;25866;25867;25869;25868;25870;25871;25872;25888;25873;25916;25917;25918;25920;25919;25921;25944;26040;26042;26041;26043;26094;26095;26097;26096;26098;26099;26100;26101;26102;26104;26103;26214;26117;26215;26216;26941;26943;26942;26945;26944;26946;26947;26980;26979;27045;27046;27047;27048;27049;27050;27051;27068;27517;27516;27553;27518;27554;27555;27556;27557;27558;27559;27579;27580;27592;27593;27611;27612;27613;27815;27823;27816;27824;27825;27826;27827;27847;27846;27848;28197;28198;28199;28217;28218;28219;28220;28260;28261;28263;28262;28264;28265;28266;28267;28318;28319;28320;28321;28322;28323;29231;29232;29290;29291;29292;29293;29294;29295;29296;29297;29716;29717;29733;29734;29812;29813;29814;29815;29816;29817;29818;29819;29820;29821;29905;29822;29907;29906;29908;29909;30031;29910;30032;30033;30089;30116;30117;30118;30119;30120;30128;30242;30135;30136;30137;30138;30139;30243;30244;31033;31083;31034;31084;31085;31157;31110;31158;31294;31295;31328;31329;31330;31380;31379;31381;31382;31383;31384;31385;31386;31387;31439;31440;31441;31442;31443;31444;31445;31446;31447;31593;31594;31611;31612;31613;31614;31634;31635;31636;31671;31672;31753;31752;31835;31834;31836;31837;31838;31955;31956;31957;31958;31959;31960;31961;31962;32009;32010;32011;32012;32014;32013;32015;32016;32017;32045;32046;32073;32074;32075;32111;32149;32150;32151;32152;32153;32208;32209;32210;32300;32301;32302;32303;32304;32351;32352;32353;32415;32417;32416;32450;32418;32491;32490;33084;33085;33118;33189;33202;33203;33243;33244;33246;33245;33265;33421;33422;33460;33461;33472;33473;33474;33494;33509;33556;33557;33558;33779;33780;33781;33782;33831;33832;33834;33833;33835;33836;33853;33854;33855;33858;33861;33891;34090;34091;34092;34093;34104;34105;34114;34248;34115;34251;34250;34259;34258;34272;34273;34297;34298;34299;34365;34678;34383;34733;34689;34734;34735;35018;34787;35019;35020;35021;35022;35023;35024;35059;35084;35085;35086;35100;35101;35102;35107;35108;35188;35189;35244;35257;35268;35269;35270;35271;35345;35346;35347;35348;35349;35350;35355;35356;35379;35380;35406;35432;35443;35367;35444;35614;35673;35674;35675;35731;35732;35791;35792;35793;35794;35795;35796;35797;35798;35799;35800;35809;35810;35811;35812;35813;35814;35815;35816;35817;35819;35818;35903;35904;35905;35912;35916;35917;35929;35942;35943;35954;35964;35969;35985;36002;36001;36013;36003;36027;36048;36055;36078;36085;36086;36092;36093;36094;36095;36096;36137;36138;36140;36139;36157;36158;36176;36195;36196;36197;36198;38161;38677;38883;38884;38885;38886;38887;38909;38920;38944;39561;39565;39571;39570;39595;39580;39614;39596;39776;39775;39778;39777;39780;39779;39781;39782;39848;39797;39868;39869;39870;40462;40463;40519;40520;40630;40631;40632;40633;40634;40635;40879;40880;40911;40912;40913;40914;40915;40916;40917;40918;40919;40959;40960;40961;40962;40963;40964;41022;41023;41637;42197;42214;42415;42239;42913;42834;42914;42915;42916;42968;43378;44890;44891;44892;44893;44894;44896;44895;44897;44898;44971;46768;46769;46770;46771;46772;46773;46774;46775;46776;46777;46778;46779;46793;46794;46804;46805;46806;46807;46808;46809;47016;49098;49115;49125;49124;49127;49636;49637;49732;49126;49771;50605;51349;51416;51532;51533;51534;51535;51536;51537;51657;51658;56425;56426;56445;56446;56458;56459;56460;56502;56501;56503;56524;56549;56589;56590;56504;56591;56593;56592;56594;56595;56625;56635;56626;56658;56660;56659;56686;56807;56808;56901;56724;56902;56903;56904;56906;56905;56908;56907;57433;57446;57456;57630;57631;57648;57649;57650;57651;57652;57653;57654;57655;57656;57721;57722;57723;57744;57745;58025;58081;58099;58100;58101;58102;58139;58174;58211;58175;58212;58213;58214;58216;58215;58217;58218;58219;58220;58221;58222;58378;58379;58380;58381;58382;59610;59612;59611;59613;59614;59615;59616;59617;59618;59620;59619;59622;59621;59624;59623;59625;59626;59627;59628;59629;59630;59632;59631;59633;59634;59645;59646;59647;59648;59650;59649;59651;59667;59668;59669;59670;59671;59672;59673;59674;59675;59676;59678;59677;59679;59701;59702;59703;59704;59680;59705;59706;59707;59708;59709;59894;59893;59895;59896;59897;59898;59899;59900;59901;59902;61540;61542;61541;61543;61544;61545;62235;62236;61783;62237;62286;62287;62288;62289;62300;62299;62302;62301;62342;62343;62345;62344;62359;62360;62362;62361;62363;62364;62379;62380;62631;62383;62632;62633;62634;62650;62651;62652;62867;63436;63437;63402;63438;63439;63440;63441;65862;67252;69438;69453;69464;69500;69454;69508;69538;69539;69547;69850;69861;69898;69889;69899;69900;70084;70085;69901;70109;70110;70111;70112;70129;70130;70131;70160;70161;70182;70184;70307;70308;70183;70309;70310;70311;70324;70380;70381;70382;70486;70487;70647;70648;70650;70649;70651;70673;70674;70675;70676;70677;70752;70778;70753;70835;70779;70836;70867;70868;70869;70959;70995;70996;70997;71073;71089;71090;71119;71120;71121;71122;71123;71124;71167;71168;71169;71170;71240;71258;71259;71286;71453;71454;71486;71487;71488;71628;71507;71762;71801;71809;71810;71812;71811;71906;71907;72016;72017;72032;72033;72051;72052;72053;72054;72071;72072;72073;72074;72075;72076;72077;72079;72078;74283;72080;72129;72130;72138;72158;72159;72207;72208;72254;72255;72256;72314;72139;72361;72383;72384;72385;72409;72411;72410;72413;72414;72418;72452;72453;72549;72613;72634;72633;72635;72636;72637;72638;72640;72639;72718;72755;72756;72851;72894;72996;72997;73127;73219;73220;73390;73391;73392;73393;73394;73406;73407;73849;73858;73859;73860;73861;73958;74051;74028;74052;74053;74054;74055;74056;74057;74058;74098;74060;74059;74061;74062;74064;74063;74065;74066;74067;74099;74234;74171;74258;74259;74319;74260;74320;74371;74372;74445;76061;76062;82003;76063;76064;76066;76065;82004;76084;76154;76178;76179;76180;76224;76225;76226;76270;76227;76272;76271;76273;76287;76288;76304;76305;76330;76331;76397;76434;76544;76303;76545;76864;76996;77110;77112;77190;77212;77213;77234;77452;77453;77454;77456;77455;77457;77458;77459;77460;77461;77462;77470;77467;77512;77471;77773;77548;77774;77775;77776;78059;77886;78060;78384;78879;78880;78881;79266;79080;79415;79404;79416;79417;79609;79418;79811;79812;79813;79814;79844;79959;79960;79961;79963;79962;79964;79965;79966;79967;79968;79969;79970;79971;79972;79973;79974;79975;79976;79977;79978;79979;79980;79981;79982;80109;80040;80209;80210;80239;80240;80241;80242;80243;80244;80262;80245;80264;80263;80265;80266;80267;80268;80269;80270;80271;80272;80273;80328;81224;81225;81226;81227;81228;81229;81230;81231;81232;81368;81369;81396;81370;81535;81686;81536;81688;81687;81690;81689;82006;82005;82007;82008;82009;82010;82011;82314;82732;82632;82733;82734;82735;84071;83443;83911;83912;84072;84315;84330;84331;84531;84332;84556;84602;84603;84604;84605;84606;84607;84654;86081;86082;84718;84719;86084;86083;86085;86086;86087;86088;84935;84863;84974;86089;85430;85431;86132;86133;86134;86135;86136;86137;86435;91735;86687;86688;86690;86689;86691;86692;86693;86701;87484;87485;87516;86908;87545;87546;87706;87707;87708;87709;87710;87711;87712;87713;88391;87985;88393;88392;88586;88587;103586;88822;89713;89712;89809;89810;89811;89899;89901;89900;89903;89902;89905;89906;89904;90053;90339;89907;90340;90380;90743;90744;90849;91176;91376;91378;91377;91478;91379;91479;91480;91481;91638;103587;91701;91703;91704;91702;91842;91844;91843;91845;91846;91847;91862;91864;91863;91983;91982;92348;92042;92350;92349;92351;92478;92479;92480;92482;92481;92483;92484;92486;92485;92653;92852;93698;93697;93902;93903;93945;93946;93992;93993;94085;93994;94420;94422;94460;94421;94461;94594;94595;94889;94890;94891;94892;94893;94936;95018;95019;95020;95021;95266;95267;95268;95269;95270;95271;95420;95421;95516;95517;95518;95519;95520;95521;95522;95523;95524;95525;95526;95527;95528;95547;95548;95602;95603;95604;95605;95636;95637;95638;95639;95640;95641;95642;95696;95695;95697;95698;95699;95735;95736;95737;95738;95739;95740;95741;95742;95743;95815;95817;95816;96124;96125;96126;96127;96128;96224;96225;96226;96227;96228;96229;96230;96231;96232;96233;96234;96235;96236;96237;96238;96239;96240;96242;96241;96244;96243;96245;96276;96373;96398;96399;96413;96414;96415;96416;96417;96418;96419;96420;96421;96422;96423;96424;96425;96474;96426;96475;96515;96516;96541;96543;96542;96544;96575;96576;96640;96641;96642;96643;96644;96683;96684;96686;96685;96687;96688;96689;96690;96710;96691;96744;96745;96747;96746;96749;96748;96786;96787;96853;96852;96854;96855;96856;96857;96858;96859;96860;96914;96861;96916;96915;96996;97092;97111;97110;97112;97183;97184;97252;97253;97254;97255;97256;97257;97258;97259;97260;97261;97262;97263;97265;97264;97267;97266;97268;97269;97270;97271;97272;97273;97343;97344;97813;97814;97815;99011;99012;99013;99014;99274;99275;99276;100015;99699;100016;100017;100018;100082;100083;100084;100085;100262;100263;100443;100444;100445;100446;100523;100628;100629;100630;100647;100648;100649;100650;100651;100652;100653;100654;100655;100656;100657;100942;100675;100943;100944;100945;100946;101016;101017;101018;101019;101020;101021;101073;101074;101075;101333;101248;101334;101335;101336;101337;101338;101339;101340;101342;101341;101343;101344;101345;101924;102531;102532;102616;102617;102618;102619;102620;102798;102799;102942;103271;103270;103272;103273;103274;103275;103276;103277;103278;103279;103280;103282;103281;103443;103444;103446;103445;103447;103448;103449;103450;103463;103462;103464;103485;103486;103719;103720;103721;103722;103723;103725;103724;103727;103726;103846;103845;103847;103848;103849;103850;103851;103910;103911;103912;103913;104064;104066;104067;104068;104065;104069;104070;104229;104231;104230;104232;104233;104510;104492;104512;104511;104513;104514;104515;104516;104517;104518;104519;104520;104694;104695;104697;105261;105262;104696;105263;105264;105627;105628;105629;105630;105631;105632;105634;105633;105635;105755;105756;105666;105757;106038;106039;106087;106116;106117;106428;106429;106739;106883;106884;106885;106886;106887;107178;107200;107201;107284;108432;108317;108433;108434;108435;108525;108526;108627;108628;108820;108821;108822;108924;108925;108926;108927;108928;108929;108930;108931;109007;109056;109097;109098;109099;109230;109231;109232;109233;109234;109235;109290;109533;109534;109535;109627;109806;109930;109974;109975;109976;110174;110175;110176;110212;110255;110256;110522;110524;110523;110525;110614;110615;110616;110677;110676;111143;111225;111412;111411;112075;112076;112077;112078;117967;117968;117969;117894;118505;118507;118506;118509;118508;118510;118845;118846;118847;118848;124211;124212;124213;124214;124215;119131;119130;119133;119132;119134;119160;119161;119162;119164;119163;119165;119275;119276;119319;119318;119320;119321;119322;119323;119483;119703;119702;119704;119852;119944;119945;122729;122730;122731;122732;122733;122734;122735;122831;122736;122833;122832;122835;122834;122836;122937;122990;123423;123424;123425;123426;123427;123428;123429;123575;123576;123577;123578;123579;123580;123582;123581;123696;123842;123983;123984;123985;124070;124071;124072;124130;124131;124132;124225;124226;124227;124228;124288;124289;127559;127560;127561;125751;127562;127563;127955;127956;127957;127958;127959;127960;127961;127962;127963;127964;127965;127966;127968;127967;127969;127970;127971;127972;127974;127973;128441;128442;128443;128444;128590;128591;128592;128593;128595;128594;128596;128597;130329;130633;130634;130635;130636;131265;131266;131268;131267;134468;134469;134470;134471;134472;134473;134474;134586;134475;134587;134588;134589;134590;134591;134592;134593;134594;134595;134596;134597;134598;134599;134600;134601;134602;134603;134604;134605;134606;134608;134607;134610;134609;134641;134640;134642;134643;134724;134725;134726;134727;134728;134730;134731;134732;134729;134776;134924;134925;134775;134926;134927;134928;134929;134930;134964;134965;134966;134967;134968;134969;135017;135018;135019;135020;135021;135112;135114;135113;135115;135116;135195;135216;135426;135427;135946;135947;135948;135949;136214;136213;136216;136215;136538;136539;136540;136541;136542;136636;136637;136638;136639;136640;136642;136641;137288;136643;137440;137383;137441;137442;137444;137443;137446;137445;137447;137448;137449;137450;137451;137452;137453;137454;137455;137456;137457;137458;137459;137460;138924;138925;138926;138927;138928;138929;138930;138931;138932;138933;138934;138935;138936;138937;138938;138939;138940;138941;138942;138943;138944;138945;138946;138947;138948;138949;138950;138951;138952;138953;138955;138954;138956;138957;138958;138959;138960;138961;138963;138962;138964;138965;138966;138968;138967;138969;138970;138971;138972;138973;138974;139115;139116;139118;139117;139119;139120;139122;139121;139123;139269;139270;139271;139272;139273;139274;139437;139438;139439;139440;139441;139718;139833;139834;139887;139888;139889;139890;139891;139892;139937;139936;140067;140068;140069;140070;140071;140072;140315;140316;140474;140559;140560;140561;140562;140563;140564;140565;140566;140567;141063;141064;141065;141066;141067;141068;141505;141531;141735;141669;141701;141732;141837;142010;142325;142250;142239;142272;142241;142854;142848;142843;142834;142826;142833;142850;142846;142844;142923;142933;142930;142939;142932;143524;143491;143494;143531;143493;143495;143528;143503;144597;144590;144603;144591;144598;144592;144593;144602;144588;144601;144600;144589;150006;144610;144614;144821;144817;144820;144607;144832;144865;144833;144864;144867;144922;144923;145256;145341;145380;145327;145378;145296;145282;145321;145303;145333;145369;145425;145432;145428;145426;145424;145429;145433;145436;145430;145473;145489;145477;145524;145526;145561;145566;145564;145711;145758;148268;148273;148267;148271;149221;149216;149222;149220;149228;149217;149215;149223;149226;149233;149277;150016;150011;150007;150000;150025;150022;150001;150013;150020;150023;150009;150004;150021;157035;156966;156996;156979;157007;156978;156999;156990;156991;156993;157011;157029;156994;157000;157036;157038;157032;156977;157026;157010;157020;157003;157043;157009;156987;157012;157042;157028;157018;156968;156995;156984;157005;157041;156970;157030;157037;156971;157021;156974;157017;157015;156997;157014;156975;157006;156998;156967;157002;157031;157024;157033;157008;156988;157004;157019;156973;156992;156969;156976;157001;156980;156972;156985;156986;157022;157027;157016;157034;156983;156982;157025;157023;157039;156989;154715;154716;157040;156981;157013;157140;157266;157241;158198;34312;24017;18220;159007;20738;20736;24746;26927;19314;42963;25338;16225;42964;100356;34399;109405;117459;119240;117596;125631;130273;139748;35468;10094;65822;80306;102494;110270;100357;80305;65702;105374;105375;80202;154879;80201;158560;158888;152483;158891;158889;158890;152484;51370;44675;53336;110612;110192;39330;128523;55929;58846;66804;82902;90681;99522;80949;88022;96624;76591;84810;70482;86481;103962;119559;58089;57803;58090;57804;57805;77556;92462;94160;92463;92464;94161;38701;55930;55931;91715;53876;17245;10095;45405;12288;21188;18627;155737;66964;10408;11736;11893;18371;19605;15975;20110;31420;10946;11716;20177;20178;20179;66963;82566;105389;157066;102174;157069;157068;20344;18615;21325;157067;100620;18194;10690;19384;100621;18433;40668;34197;34742;52589;52657;77761;52975;53569;53879;54647;55460;54989;55765;55959;56023;56125;56230;56241;56391;56650;56779;56920;57468;57288;57666;57876;57974;58206;58328;58342;58434;58536;58644;58954;59117;59255;35558;35689;39449;38154;38699;38791;59735;59958;61381;61462;61774;62518;62313;62519;62861;63063;63110;63232;63645;63468;65029;65097;65691;64813;66930;66813;67232;66556;69423;69139;39356;39492;39852;40778;70494;70273;70916;70923;71227;72167;71968;72616;72800;72939;73082;73419;73710;74008;74122;74434;76581;77184;77581;77861;77409;78475;78080;79141;79336;79578;79836;80485;41958;41000;42413;42798;81207;80951;81020;82534;81647;83136;83366;82825;84049;84342;84731;83745;85567;84667;84921;86209;85743;86380;86061;86852;87417;87206;86598;87245;88681;88956;88088;90194;89786;89685;44317;44587;45086;45610;46171;90542;90794;91716;91350;91128;91455;92791;92628;93476;93817;94136;94580;94676;95480;96828;99136;97724;99633;99995;100991;100679;47859;48383;46732;46850;47139;93315;47595;103421;101980;103648;102993;104434;103933;106350;105356;105152;106485;106682;106840;107220;109395;109899;110228;111383;117636;117429;117333;49237;49089;49285;118887;119097;118153;119558;119684;121514;122617;122246;131738;122853;124279;125371;124460;126753;125729;125952;127129;128328;127120;129848;128741;129054;131190;130275;130463;131022;132717;133053;131954;132097;50476;133848;50049;133954;134215;134701;135094;133465;135704;135917;136122;136348;135401;137635;137701;136743;137081;139001;139459;139695;140406;138449;140700;139794;141573;142209;142641;142719;144781;141194;142971;143471;146204;146060;146544;145071;148243;148487;146948;147754;51161;50977;51511;149412;148558;148848;148996;150430;150854;149900;151672;152189;151831;152928;152609;153255;153515;153630;153829;153931;154238;154706;155352;155867;156033;156462;156862;158051;157293;158500;52501;51872;158936;51921;53392;65723;42895;34196;42894;24710;24709;66272;136192;66271;45049;55734;52980;65925;71897;45048;20228;26196;20241;19767;56980;56713;66925;62315;56712;136193;66926;17656;15717;16195;16194;14237;15451;19234;19235;122114;119776;119777;124240;123419;123013;16265;20159;72757;123520;103513;103514;123796;119775;124173;123464;123463;81259;81260;103515;56819;66718;66719;33761;19752;16120;81258;18355;49977;66325;67020;67019;67018;67017;62412;16183;64471;77665;69477;58402;22003;25769;58401;58513;50689;50690;51815;50692;56385;62284;62283;50691;38971;38972;56634;62391;16175;35725;33141;10097;93028;85182;50695;56407;62416;86609;50693;50694;25084;62415;35726;59968;60047;38927;19228;16174;59734;59733;11500;11501;10099;10471;11436;15851;20248;19942;19943;27620;28293;11363;81703;158252;15517;12243;50304;55975;50305;117615;117616;12117;77115;77114;147193;22497;77113;10100;11602;59797;59798;14370;111351;67022;67023;67024;21306;25898;20223;18296;50307;50306;35360;35359;12210;10731;11642;24876;25950;40350;45543;58724;11913;35555;26015;16060;15927;26016;69033;69034;69032;69040;69039;69036;69038;69035;69037;78429;107056;33902;44318;19307;22181;22180;19501;10101;101111;107057;16162;20171;15604;18132;21164;15605;49119;35554;101112;22899;22900;61448;18133;61449;18135;18134;18136;24817;17650;58010;11617;18137;18138;11646;21081;22004;104410;87413;96797;87415;11745;19255;19755;21736;87414;18363;31191;19254;22902;19194;18400;17308;117886;21745;73980;110695;11979;12089;90313;76283;76284;72177;82849;72175;72178;52979;52978;56165;55552;55551;58387;22225;53641;58399;58398;49645;38792;90941;72176;90796;102431;66969;66849;71806;83030;19601;55550;76616;57862;43635;53857;58526;58527;67121;64475;44330;62204;39617;39616;124086;79233;121349;141251;141208;64474;64473;141362;58185;29725;65255;71889;76620;103787;99030;100868;102500;103788;103696;119501;71890;71891;76621;99729;99728;118038;133605;93079;118040;100870;125736;54999;71892;54998;99360;63265;65256;71886;71887;71888;55577;71885;55906;76463;55907;59055;55749;55748;47780;47779;25655;11520;93097;100869;76462;54628;12120;54627;11396;36128;152164;36129;69480;70453;78110;71499;78870;89938;104812;63523;65617;66358;69281;69282;69283;73806;64631;64632;73461;59718;70806;77054;97888;83815;91571;83993;85767;97552;62902;91972;91973;69424;83489;59717;69399;96270;51812;87211;57700;57699;66273;46676;57701;56651;52614;46675;70099;70101;70100;83036;90196;93844;95658;100159;109914;90197;58516;42879;101296;58515;101297;70147;79798;79799;79800;79801;77730;94933;70146;79802;78111;70145;89939;104813;74269;99591;74270;74268;70141;76357;70140;76509;76776;76054;96607;76055;22318;70171;23698;33771;43155;19707;19706;19607;19701;51850;51849;78628;55831;78512;88562;85626;89780;88563;96532;85627;102959;87172;83279;90099;96449;83278;83348;107094;81824;74253;74252;36141;155862;93811;97889;117704;96271;93812;58184;42832;44109;51200;52015;42800;10103;100461;111666;70172;71378;69323;69346;69322;10104;59330;61612;73460;73462;109917;50563;35930;109918;101299;84088;84089;56024;53621;62099;69195;76427;79719;81206;69983;53622;78514;84090;51369;78513;52654;51418;52655;128768;76769;133955;90545;124002;126826;76768;50539;50540;59684;72963;77020;72964;78079;50349;50541;90546;59683;86058;100963;81916;92540;103732;81918;81917;73094;81919;32055;29747;77022;77023;77024;77151;77152;77150;77025;77021;85802;85803;96721;96722;76390;73093;85804;35804;46239;46238;64633;76389;73463;53624;76913;88020;53623;88021;84194;44328;84196;84195;56166;111667;146806;150245;146807;106460;106461;97859;147923;11372;33095;45593;57536;20893;97860;33548;34694;25352;38832;46015;46677;49272;53532;58811;59851;66541;90251;69020;73639;72959;78090;76345;85181;84923;90150;91260;91222;103530;94654;90624;70118;20988;94673;27056;27054;55832;68962;69799;16890;85766;16889;16888;16887;16886;16885;16843;16790;16480;17115;17114;16697;16696;16694;16695;16591;17369;16564;16563;17370;16836;16835;17372;17371;16621;26217;16946;26218;16903;26219;16560;26221;26220;26222;26223;26224;16964;26225;26226;16913;17373;26227;16549;16550;16547;16548;16505;16504;16503;16502;16881;26228;16873;16872;16865;16864;16863;16862;17374;26229;17375;17376;16846;16845;17377;16842;16841;16830;16829;16810;16809;17378;17379;16804;16806;16803;16802;16799;17380;16798;16789;16787;16786;16780;16779;16777;16776;16774;16775;16773;16772;16769;16768;16759;16758;26230;26231;17126;17125;17124;17123;26232;17122;26233;17113;17079;17078;17077;17076;17075;17065;17064;17055;21616;17054;26234;16984;16983;26235;16729;16718;16715;26236;16714;16703;16676;16673;16671;16646;16645;16639;16644;16638;16632;26237;16606;16602;16601;26238;16961;16960;16959;16958;16957;26240;26239;26241;16930;26242;26243;16897;26118;26244;16896;16892;26245;26246;26247;26248;26249;26250;16567;26251;16553;26119;16535;16483;26252;17381;16869;26253;16857;16856;26254;16821;17382;17383;16820;16785;16784;16783;26255;26256;26257;26258;26259;26260;26261;17384;16756;17385;17386;16735;16750;17084;17085;17083;26262;26264;26263;26265;26266;17024;17023;17022;17020;17019;26267;16990;16989;16988;26268;26269;16981;16982;16972;16712;26270;16710;16707;16700;16686;16685;21130;18394;16681;26271;26272;16668;16667;16666;16650;16620;16619;26273;26274;16615;16614;16613;17387;26275;17388;26276;26277;26278;26279;16501;26280;16497;16481;26281;21131;26282;20830;26283;17086;17074;26284;26285;26286;26287;26288;26290;26289;26291;26292;26293;26294;21909;26295;21546;21102;26296;26297;16962;28268;26298;26299;26300;26301;26302;18395;26303;26304;21103;21547;18396;26305;21548;26306;26308;26307;26309;26310;26311;26312;20359;20199;20200;21910;22259;22260;26313;26314;26315;26316;21911;21649;26317;21549;26318;21650;22328;22329;26319;22261;21651;26320;21912;26321;26322;21913;26323;26120;26324;26325;26326;26327;26328;26329;26121;26330;26331;26332;39304;39305;33828;33829;26335;26122;26123;32451;32452;32453;33862;38679;33863;38680;38681;38729;38730;38731;36056;36057;36058;36059;36060;36061;41638;43129;43130;43131;49111;49112;49113;56825;56827;56826;56828;56829;56830;56831;56832;56833;56834;56835;72895;72896;79568;79569;79570;76067;16904;17051;16692;16691;16690;16949;16948;16945;16944;16943;16942;16941;16940;17389;17390;16902;16901;17392;17391;17393;17394;17395;17396;17397;17398;17399;26336;26337;26338;26339;26340;26341;17102;17101;17073;16765;16755;16752;16751;16738;16737;16721;26342;26343;26344;26345;16699;26346;16997;16996;16995;26347;26348;16974;16973;26349;26350;26351;26352;26353;26354;16653;26355;26356;26357;26358;16618;16617;26359;26360;26361;26362;26363;16900;26124;26125;26364;26365;26366;26367;26369;26368;16517;16516;26370;26371;26372;26374;26373;17111;26375;26376;26377;26378;26379;17053;26380;17052;17030;26381;26382;26126;26383;26127;26384;26385;26386;26387;16731;26389;26388;26390;26391;26392;26393;26394;26395;19539;26396;26397;26398;26399;26400;26401;26403;26402;26404;17400;26405;26406;26407;26408;26409;19540;26410;26411;26412;26413;26414;26415;26416;19541;26417;26419;26418;20037;26420;26421;20038;26422;26423;26424;26425;26426;26427;21760;21761;21762;26428;26429;21652;26430;26431;22057;26432;26433;26434;26435;36062;35066;36063;36064;51466;51467;40607;45413;45617;51468;56704;56705;53267;53268;56706;86115;86116;86117;17401;17402;17403;17404;17405;17406;17117;17116;17110;17109;17407;17107;17106;17099;17050;17027;17028;17026;17025;16709;16708;17408;16598;16597;16596;16595;16924;16905;16884;16880;16871;16559;16558;16557;16533;16532;16531;16530;16528;16529;16527;16526;16519;16518;16509;16510;16507;17121;17120;16850;16844;16840;16839;26436;16788;16760;16778;26437;16757;26438;26439;16992;17409;26440;26441;16970;26442;16698;16689;16663;17410;26443;16657;16628;26444;26445;16584;26446;16566;26447;18397;17411;16938;26448;26449;16934;26450;26451;16933;17412;26452;26453;16853;16852;17413;26454;26455;16521;26456;26457;26458;26459;26460;26461;26462;26463;26464;16554;16525;16524;16523;16522;26465;26466;16515;16868;16858;16834;16833;26467;26468;16771;26469;16764;16754;16736;17105;17104;17103;17100;26470;17048;26471;16991;16975;26472;16711;26473;26474;16684;16683;16682;16654;26475;16616;16594;16579;26476;16578;16577;16576;16954;16953;16952;16951;26477;16932;16947;16925;16931;16915;16914;16895;16883;16882;17414;26478;26479;16565;16556;16555;16551;26480;26481;26482;26483;26484;26485;16508;26486;17108;16847;18398;16827;26487;18399;26488;26489;16742;16713;26490;26491;26492;17032;17001;16978;26493;16977;16976;26494;16963;16693;16956;26495;16675;16674;16672;16670;16655;26496;16630;16634;16629;16627;26497;17415;26498;16605;16604;26499;16603;26500;17416;16580;17417;26501;16575;16574;16573;26502;16570;16569;17418;17419;16929;16928;16927;16926;17420;26503;26504;26505;26506;16911;16910;16909;16908;26507;16907;16906;16899;16898;26508;16877;16891;16876;16875;16874;26509;26510;26511;16867;16854;16855;26512;16732;16726;16725;56836;56837;56838;56839;22895;16724;17421;16704;26513;26514;26516;26515;26517;26518;16656;26519;26520;16607;16590;17422;17423;17424;16971;20331;26522;26521;26523;16912;26128;26524;26525;22109;26526;26527;21653;26528;26529;16544;16543;26530;26531;19362;26532;26533;17425;26534;18608;26535;20801;19363;20803;20799;19486;26536;22866;26537;26538;26539;26540;20201;20202;20203;26541;26542;26543;22430;20800;26544;26545;22172;26547;26546;26548;21550;21551;21552;26549;22431;22432;22173;26550;26551;22174;22175;22176;26552;22433;22434;22263;26129;26130;26553;26131;26132;26554;26555;26133;26134;26135;27062;26556;26136;26557;26558;26137;26559;26138;26560;26561;26562;26563;29199;32390;32389;26564;26565;29797;31615;29798;26139;34315;34316;33864;35642;35643;33936;39001;41024;41025;41026;40364;40365;40366;46813;43132;43133;46697;46698;53269;57330;53270;53271;66504;56840;63319;72956;72957;78717;82682;88155;82683;16568;88156;17426;16534;17089;17088;16832;16831;16828;16826;16825;17427;16801;16800;16717;16716;17063;17061;17062;17060;17059;17058;17057;17056;17045;17043;17041;17042;17040;17000;17039;16998;16999;16979;17428;16968;16861;17429;16797;17430;17431;16490;16489;17433;17432;17434;17031;17435;16728;16727;17436;16723;17437;16625;16600;16939;16923;16922;16921;16920;26566;16538;26567;26568;16819;16795;16794;16793;16792;26569;26570;16749;17438;17439;17440;17096;17095;17094;17093;17092;26571;17441;17046;17442;17443;17010;17444;17009;17008;26572;17007;26573;16987;16986;16985;16719;16705;26574;26575;26576;16665;16662;16664;16661;16660;16659;26577;17445;16647;17446;17447;16593;16592;26578;26579;17448;17449;17450;17451;16537;16536;16506;16500;16499;16498;16484;26580;26581;26582;16950;26583;26584;26585;26586;26587;26588;26589;16546;16545;16894;16893;16879;16870;16860;16859;26590;16838;16837;26591;16823;16824;16822;16796;26592;26593;16767;16766;26594;16488;16487;16486;16485;17452;17453;17454;17455;17112;17456;17457;17459;17458;17460;17461;26595;17087;26596;26597;26598;26599;17029;26600;26601;17016;17015;17014;17013;26602;51469;26603;51470;51471;51472;51473;26604;51474;16743;16741;17462;16740;16739;16730;51475;16722;17463;51476;51477;26605;26606;51478;16688;26607;16687;16669;26608;16658;26609;16643;16626;16642;26610;17464;16624;26611;16623;16622;26612;16599;51479;16969;16967;16966;16965;26614;26613;26616;26615;51480;17465;51481;16955;51482;51483;16937;16936;51484;26617;16935;26618;51485;51486;51487;26619;16919;26620;16918;16917;16916;26621;26622;26623;26624;51488;16582;16581;16572;26625;16571;16562;16561;16552;26626;26627;26628;16542;16539;26629;26630;26631;26632;16520;26633;17466;17467;17468;17469;17471;17470;51489;16491;51490;51491;51492;26634;51493;17472;16866;51494;26635;51495;26636;21654;16851;17473;26637;16849;17474;16848;51496;51497;26638;17476;17475;16818;17477;16817;16816;16815;16812;16811;26639;16808;16807;51498;16805;17478;17479;16791;51499;26640;17480;17481;16782;17482;17483;17484;26641;16781;16770;26642;17485;17486;26643;26644;16762;26645;16761;26646;26647;26648;26649;16746;17487;17488;17489;26650;26651;26652;17118;26653;17490;17491;17492;17091;26654;17090;26655;26656;26657;26659;26658;26660;17038;17037;17035;26661;17034;17033;26662;26663;17017;26664;26665;26666;17006;17005;17493;17494;17495;17004;17496;26667;17003;17497;17002;16994;16993;26668;26670;26669;16720;16706;16702;17498;17499;26671;16701;26672;16679;16680;16678;16677;26674;26673;16649;17500;17501;17502;17503;16648;16640;26675;17504;17505;17506;16631;17507;26676;16611;16612;16610;16609;26677;26678;26679;26680;16608;26681;26682;26683;16589;17508;17509;17510;16588;16587;16586;16585;16583;16514;16513;16512;16511;17511;17512;17513;17514;26684;17515;17516;17517;17518;17519;16496;16495;16494;16493;26685;16492;26686;26687;26688;26689;26690;26691;26692;17098;17119;17520;26693;17521;17522;17523;17524;26694;26696;26695;26697;26698;17082;17081;26699;26700;17080;17071;17525;17526;17527;17528;17529;17530;17531;17070;17532;17533;17534;17068;17069;17067;17066;26701;17535;26702;26703;17036;26140;26704;26705;26706;26707;26708;17021;26709;26710;26711;26712;26713;17536;26714;17537;26715;17538;17539;26716;26717;26718;26719;17540;17541;17542;17543;17544;17545;16763;17546;17547;17549;17548;17550;26720;26722;26721;26723;16753;16747;16748;16745;16744;26724;16734;16733;26725;26726;26727;26728;26729;26730;26731;26732;16652;16651;17551;17552;17553;17554;17555;17556;17557;26733;26734;16641;16637;16636;16635;16633;18339;26735;26736;26737;26738;26739;26740;26741;26742;26743;26744;16980;17558;26745;17559;17560;17561;17562;17563;26746;17564;26747;26748;26749;26750;26751;26752;18340;18341;17565;17566;26753;26754;26755;22435;20084;22436;26756;26757;17567;18342;18343;17568;26758;26759;18344;26760;26761;26762;26763;18345;18346;18347;26764;26765;26766;26767;26768;26769;23711;26770;26771;18348;26772;26773;26774;18349;18350;26775;26776;26777;26778;26779;26780;26781;26782;22177;22178;22179;26783;26784;26785;26786;26787;18351;26788;26789;26790;26791;19399;21656;21657;21658;26792;26793;26794;22437;22438;22439;22440;19823;22441;26795;26796;26797;26798;26799;22462;22461;26800;26801;26802;26803;26804;26805;19980;19824;26806;26807;26808;26809;26810;26811;20085;19981;26812;19487;26813;26814;19825;26815;19826;19982;26816;26817;26818;26819;20954;19983;26820;26821;20086;26822;26823;26824;20955;21659;20868;26825;20397;21104;21105;21106;21107;21553;21660;21108;26826;26827;21109;21110;21111;20956;21112;21113;21735;26828;26829;26830;26831;26832;26833;26141;26834;34736;26835;26836;26837;26838;21713;21714;26839;26840;21161;26841;26842;26843;26844;21914;26845;26142;23627;23628;26846;26143;26847;26848;26144;26849;26850;26851;26852;26853;26854;26855;23712;23713;26145;23629;23630;26146;26147;26856;26857;26858;26859;26860;26861;26862;26863;22916;22919;22917;23714;23715;28269;23716;23717;23718;23719;23720;23721;26864;26865;23722;23723;26866;38968;26867;26868;26869;26870;26871;26872;26873;26874;26875;26148;26876;26877;26149;26878;26879;56068;56069;26880;26881;26882;26883;26884;26885;26886;26887;26150;26888;26151;26152;38969;26153;26154;26155;26889;26890;26891;26156;26892;43134;43135;26893;26894;43137;43136;26895;26896;43138;43139;27063;27064;27065;26898;26897;26948;29200;28270;28271;28272;30045;30046;30047;31035;31839;31036;29969;29970;43140;43141;29971;29972;32154;29973;32155;32156;32157;32158;34737;32159;33190;39377;39378;35175;35176;35177;39379;39380;35697;35698;34952;39381;39382;34738;44347;44348;44349;44350;39383;39384;44351;44352;44353;44354;43360;43361;41976;41977;41978;47753;47754;44404;44405;44603;43142;43143;46261;46347;46348;47145;47146;47147;47148;47149;52039;56841;56842;56843;56844;51659;52040;56845;56846;56847;56596;56848;56597;56849;63291;58610;58611;58613;58612;61591;61590;61592;63442;63443;63444;68919;86215;73718;86118;73719;16541;86119;16540;16878;16814;16813;16482;17097;17072;17049;17047;17044;17018;17569;17570;17012;17572;17571;17573;17011;10490;33899;11701;30202;26914;23731;20065;84502;45608;10602;10105;15706;16317;10495;10106;10784;28334;10763;40405;50343;50344;50345;12055;69826;42893;85582;100669;85602;85601;85805;15641;15642;92539;24260;49218;11149;11801;10498;57572;129585;17154;91634;59861;44987;45084;91815;140735;11040;15640;10107;10930;10533;10532;48432;10527;74469;10484;10582;77334;77335;77336;77337;77338;77339;76796;77340;77341;77342;76797;77391;80087;83162;80086;82430;89057;117394;117395;105158;73155;76795;15613;18402;18403;80085;42436;64483;48203;34491;18039;49211;76348;20387;16126;76347;10108;45358;45357;84047;15750;10109;10110;10111;18570;20960;20834;21684;21337;11083;33268;100720;100721;96146;103188;96145;94961;96626;68904;94962;39364;72929;153487;65576;72928;65575;138763;97019;70075;70074;77811;90512;97020;77027;72026;77002;77003;72025;77001;76766;74104;80885;72505;72506;72507;72508;76428;72504;74287;72283;74288;67230;67231;72220;144708;144080;144290;144291;74286;144766;144287;144303;144777;144074;144075;144298;144084;144768;144289;144288;144090;144767;144776;144304;144707;144286;144083;144302;144079;145061;144779;144778;144780;144773;144070;144063;144073;144774;144775;84290;87538;155843;110416;110417;64379;64378;149349;70097;143441;70098;72118;80476;80477;100380;103378;104104;120953;77029;77028;120945;97577;97578;101521;103674;97579;148709;148372;78066;45059;74121;66987;72586;144860;78065;144861;145058;144812;145059;145272;145063;145060;145270;145066;145401;149782;146085;145271;145055;144859;144858;145052;145053;145054;145056;145057;145051;145050;139731;136763;136764;139005;106714;144633;70173;77812;65893;65892;106715;65894;66307;65895;66306;81779;66172;61565;62786;63323;81780;81781;81782;81783;81784;62738;59293;61564;39591;81785;72860;72859;81786;72861;72862;42191;77607;77604;79384;77709;77710;83520;45356;50348;10799;97524;140201;118823;77708;120944;126987;136547;134564;100718;140200;143123;143124;100719;151155;135852;139330;135853;141471;135854;66473;66472;72368;73102;84401;85630;104388;106844;125897;76359;85707;76767;146571;91633;80963;66270;76358;79334;79335;93223;102019;93224;93225;119843;124563;124564;124565;96177;104357;66269;62560;65703;70586;62559;80865;80866;62561;101168;53490;44394;31052;25005;62558;25149;25738;26186;42824;26187;25656;55594;29997;96143;96144;83300;89691;83299;85254;84585;91502;89788;25662;35906;77116;77117;77118;77119;77120;80478;81492;81493;81494;145032;145045;143265;80334;80335;80199;66760;80200;38977;57848;57849;57847;16086;69928;10112;10410;117888;15401;15396;11044;15397;14843;15398;15399;10600;15400;17592;14390;26069;38717;35281;22079;53869;29895;51098;51097;63304;15469;15643;16273;19784;68983;127914;138093;138078;138076;138079;125878;138080;138081;138077;138075;20887;11704;58292;10113;10114;45399;45609;34948;10347;11425;18174;11572;17258;69180;47828;77750;51938;11557;76166;15541;14841;18392;14674;10115;41645;55549;36087;25203;25202;33276;24700;18539;20805;28331;20734;40825;10661;10657;10572;10573;99281;99523;108808;47594;10492;10935;11871;10371;10577;10116;10956;10117;10671;106609;58363;10537;10406;10575;10680;10937;51956;62940;10118;10932;11028;31648;10695;10685;10119;10759;10120;59817;10667;10631;10372;10370;11443;11874;10576;11412;10936;11142;10358;11661;11663;11662;62694;10941;62695;11935;11605;15986;71494;122095;122423;122032;134976;124119;125342;140770;122189;122188;122257;122191;122244;122187;122190;102803;69816;20285;69554;73918;72877;14630;14631;14632;14633;16142;14629;14634;14635;18050;16161;14636;14637;15935;11700;30134;38951;59368;59369;59371;59370;70739;72721;72722;78892;91232;91818;91819;95719;95720;96446;144454;90892;91763;147894;91764;95319;95721;95722;97890;96447;97891;97892;100847;124775;122248;126638;124776;127051;139224;152959;10122;38949;20991;33484;10496;17311;10123;11414;10124;10625;42085;52609;10966;12254;10125;15856;15853;10435;29729;31050;12643;12263;15393;18139;11815;13857;10801;11488;15616;63639;64686;64685;17244;10126;20296;11825;16282;16278;42212;10127;22228;22229;10805;10128;18588;18587;25572;25636;12300;15864;10129;14683;11984;10436;107073;11532;31724;97999;105778;34099;80458;42180;88577;40458;42354;44624;70094;76117;97998;101165;103870;88578;136670;140217;143152;150859;14829;19779;41056;11128;118017;10353;10733;15614;15615;125029;125030;62621;62622;62623;62625;62624;62626;18446;16154;18447;20112;11273;22089;21307;18203;43163;18201;17202;17203;20835;17609;12268;18401;18011;12101;73966;15425;45568;11729;73330;73331;50686;14788;15775;15778;22205;141061;12015;11402;11403;11068;11856;10589;11220;11043;10683;72035;82994;76592;84962;90627;68931;80101;68932;72034;29697;10130;10469;72063;14684;15771;11271;90189;47743;76489;76490;22314;24782;25737;90190;21051;27590;20320;20319;18368;25760;25761;25762;21572;62186;88097;97140;62185;88738;21562;18552;30208;88739;52669;58429;58430;102425;102426;59713;147190;22131;34238;11156;22132;65196;11783;11797;14376;14388;18291;65197;14253;65198;87817;11696;11697;58579;57560;63059;68888;60036;72395;59849;59848;66784;59847;63303;59846;57559;60037;72394;11369;22901;106202;107223;138525;150053;51368;100550;29700;45087;57861;54300;111674;111675;111676;111677;11272;111678;17585;10455;16197;49086;52534;49087;53488;53489;52535;56872;56469;56873;58319;56470;59497;59498;58320;62077;66498;62078;66499;70026;70588;70589;72104;72105;70027;74040;74092;78597;74041;131132;78598;132416;132415;134222;135032;134221;149023;135031;149022;152751;153850;152752;158930;158931;153849;84504;86600;86001;86601;86602;86603;87371;91347;87372;92410;92411;91348;94914;94915;94971;94934;95824;96830;95825;96831;100025;100300;100301;101954;101955;103506;100026;104359;104360;105651;105652;106397;106398;108795;108796;110384;110383;103507;111105;117878;117880;118718;118717;119767;121473;126476;126475;127047;127046;117879;158981;158980;21783;21782;25998;26000;34157;35913;34158;38985;35914;41060;38986;41061;45390;47037;45391;47762;47763;47038;20218;20219;25996;58500;20217;15972;17200;10538;11781;11782;21120;18477;15862;86905;111679;118237;118039;118238;148499;147817;16226;64835;18480;64836;15926;12245;19395;35610;16198;19394;18526;47714;23843;132311;132312;132313;132314;109321;33869;46181;53337;87312;23842;91487;72202;121515;91488;11690;66189;121516;12032;55775;58400;66190;12058;65055;65056;66898;72743;78859;72685;83956;89925;125733;106951;109551;125734;111603;118147;117337;119500;121330;124168;129776;127053;130099;139734;139726;145533;145248;148401;148418;148975;151193;154055;154894;157860;156929;99984;106559;104634;153924;65054;71215;73302;129098;86898;89725;89034;105293;97609;125706;129169;133527;135178;138887;155735;155627;156930;130595;158977;148245;12227;17348;42797;130596;81576;29852;29219;44320;11764;25461;72515;147720;147722;147717;144307;144305;144301;144306;72514;147719;147721;147718;143590;144645;18289;11047;12071;23965;18653;152137;36102;29834;36184;106622;47114;109319;109320;85216;85217;45578;59329;85218;85219;85220;85221;85222;73272;73273;73274;100220;87218;122592;122593;118713;124769;124770;129297;124771;130265;125629;128282;128324;135287;122594;110775;132693;132674;122595;122596;130266;132729;122597;122598;132673;132672;110125;111530;117338;128420;128522;138329;124772;140768;140660;140767;140769;148391;147728;154056;152865;157158;132728;138840;130267;157176;157152;128423;159092;138841;129589;129593;132724;129099;132722;139003;132320;146824;132727;135765;134953;134980;134952;135203;134978;134759;134760;133854;133855;138328;139797;139795;139798;139796;137065;138838;138360;123003;154057;48263;128763;130506;130591;128326;126620;128762;130278;45577;139066;138880;138837;143272;141828;132954;141799;146593;146592;148265;146103;129405;129406;129162;129386;109318;10131;11635;129104;70414;11903;11902;22298;22297;21143;69273;66389;73024;64438;64634;70918;73025;78088;77860;84622;86020;86655;87416;92871;87767;94355;95916;100385;99691;102017;101300;112160;103383;118069;104478;108564;106631;111063;110227;111064;128077;129303;130970;132243;133308;134403;135925;137366;121188;138877;139875;143380;144980;147705;148641;149899;151429;122346;122420;122814;123954;124682;125923;131163;152984;64470;43636;45490;79420;21142;35435;69280;25736;121255;62938;62939;43088;35474;121256;25824;34420;64484;105508;39331;35109;31095;88489;25823;33882;24899;63201;25992;44337;78912;35321;26059;11974;44689;12256;156443;106656;135011;106657;125152;124719;136929;106658;156439;118310;10444;50576;10604;70176;10814;70175;14810;10925;43850;87501;57322;42820;42819;69182;77687;70477;71310;68906;77685;68907;68908;68909;68910;68911;68912;68913;69194;70478;70479;70480;70476;70481;70475;71997;71996;71999;71998;72001;72000;77756;73492;73493;73494;73495;73496;73687;77000;76502;76503;76505;76504;76506;76507;76508;78420;78421;78422;78423;78424;78426;78425;80953;80954;80955;80957;80956;82794;80958;82795;82796;82797;82798;82912;85224;85226;85225;85227;85228;84768;86605;85229;86475;86476;86477;86606;86607;86608;88091;88092;88093;88094;88095;88096;90761;91762;92518;92519;92520;92521;92512;92513;92514;92515;94331;96316;94333;94332;94579;94678;96658;96659;96660;96661;96662;102699;99524;99525;102700;101266;99526;99527;102701;102702;102703;102704;102705;102706;102707;102708;102072;102073;102074;102075;102076;102077;102078;102079;102080;102081;104032;104033;104034;104035;104036;104037;104038;104039;104040;104041;105653;106385;106386;106387;106388;106389;106390;106391;106392;106393;106394;109211;109210;109212;109213;109214;109215;109216;111204;111205;111206;137004;111207;126508;118231;126925;125773;118232;121389;121642;122242;125546;122241;121129;121390;121066;121215;121644;121111;121354;121126;121070;121069;121643;124236;124091;124003;124031;124193;124195;124765;124327;124092;125309;124238;125774;124030;127056;124760;130514;127122;134893;126785;130517;132038;130516;130469;130505;130264;130460;132959;130468;132075;132046;130053;130519;130466;131944;130504;130515;130459;130518;130520;133303;130502;130270;130279;130467;140454;140737;133965;133088;133863;133860;133725;133050;133051;133145;135683;136701;146092;136119;137056;139069;138210;136828;139071;139070;136285;140467;138909;139033;138596;140586;138608;138605;138604;138889;139032;138908;138906;138839;138907;138905;151625;141802;141827;143381;141806;141868;141845;142145;141849;141846;143383;143263;143382;144982;144986;146194;150137;145261;145691;145571;146106;146090;144978;144985;144984;144933;145502;148664;144983;148665;148670;148671;149810;149473;148668;148682;149788;148673;148657;148661;149970;148651;149369;148677;148648;148672;148654;148683;149859;148676;149453;148659;149366;148678;148650;148666;148667;148679;148675;148663;148660;148669;148658;148662;148680;148653;149967;148681;148645;148649;149351;151631;151630;151635;151639;151629;153253;153252;153256;153128;151638;151637;151632;151634;158934;151628;151633;151636;151626;151627;155626;154110;154111;154112;154113;154119;154126;154127;154109;154123;154118;154122;154121;154125;154120;154116;154117;154124;154108;154115;158896;154107;156689;156671;156683;156680;156681;156676;156685;156686;156679;156672;158041;156673;156684;156674;156682;156687;156693;156670;156678;156694;156782;156675;156677;156692;70120;70121;69872;71023;69870;74140;77326;82913;84877;84878;109406;69873;69874;69871;69875;69876;55941;55940;55939;55938;55937;55936;55935;55934;56769;56770;56771;57636;57637;57638;57639;58874;58875;58876;58877;58878;59987;59988;59989;59990;59991;59992;59993;59994;59995;59996;59997;62711;62712;62713;70102;62714;63519;63520;66336;66509;66510;66511;66512;66513;66514;66515;66516;77686;141393;70165;148031;91890;80191;80192;80193;80194;80195;80196;80197;91778;91779;126510;126917;121067;121068;131701;104175;104100;108520;80198;70922;85270;77688;69986;69987;73688;76306;76124;77689;77690;77691;103052;106680;69241;69183;70025;71429;73057;73023;66721;66720;55933;55932;38974;11467;99983;151494;151371;151424;151372;25626;25021;40446;43814;25710;20284;77437;33094;23996;62800;62799;23997;24758;26969;57976;17598;19335;34029;40872;57975;30053;16474;11426;11844;11453;14681;149646;149499;10375;137747;141210;141213;141214;141212;141211;137748;17351;11511;11512;10411;43829;11575;11580;47140;72393;76402;50978;51389;51388;18183;23868;25991;31119;35258;39354;21050;15404;18256;18184;14279;18058;11763;18185;20225;59608;108590;122157;27041;62311;121166;121165;121358;121357;117666;119422;118798;122589;109942;11328;69555;33257;31464;31465;24747;43154;11813;76799;78890;87598;87965;106196;76798;97895;97894;12252;15829;138014;11983;10640;24998;65047;10132;119327;119677;112063;110767;110768;123831;128650;126468;135030;140401;124590;121471;56877;10541;34117;11387;11494;11388;13659;10796;99928;99929;11063;10133;25085;38664;29993;34235;34243;33745;29994;106721;83265;56468;92660;10378;10379;90706;97893;118399;150139;77275;159063;77276;77277;77278;77279;77280;71154;71457;20870;58038;45477;10722;10723;25701;42329;45478;19603;19602;23782;19774;19678;42259;42260;11705;31352;24784;24783;24262;11741;19557;19558;12033;65986;65985;85908;121434;83736;85909;58653;58654;83737;11911;80555;88807;66328;80203;66327;66326;80554;72772;72773;46311;86426;19523;151882;10812;55574;58726;59180;61432;73332;73334;73336;76510;76594;80078;80079;80080;80081;80832;86900;86901;88983;91974;97496;122588;122586;122857;151883;121544;125223;127114;133474;129535;133471;80831;55573;118155;118154;80556;64394;93221;59230;59232;59231;73470;73521;155678;151576;153490;151577;151575;151620;151011;59229;59228;59358;59359;59360;62926;151292;155731;21631;22005;146861;24356;106623;106624;106625;34332;106626;57410;63094;72815;73123;106627;119607;16475;119608;106628;26057;21155;26058;39006;21558;21308;22367;22408;20824;20994;38694;17973;11427;11175;104129;11522;11891;49646;11941;20096;44391;101812;101813;58482;20892;25811;17841;101814;12296;122878;156549;146312;19777;56283;146799;125216;71261;126259;157358;126258;71262;110483;21333;21560;25483;95928;91223;124648;97862;124649;10134;10135;10646;33200;20806;20294;31134;20295;20728;41625;33219;10769;18374;21016;97863;48246;27523;55701;35627;71522;71441;79387;71440;53513;53514;24904;24326;46255;24327;71439;117887;11005;57461;83303;156258;156115;156455;156559;156017;156232;156061;156016;65030;62123;62122;62124;79743;64486;45436;88905;122752;10870;34266;122754;40331;109943;119461;119460;121312;122977;40468;12002;72264;11717;100383;122753;70743;74224;83115;71860;74225;71861;73969;53534;83116;74090;20890;55818;19764;10419;10543;61487;63281;70744;73970;66637;61486;66722;66941;66944;66942;11009;59685;70072;70071;72619;70260;72880;52658;52659;70103;11718;59109;14312;63266;59036;59035;21024;20861;22091;11633;29869;81810;11355;11406;30207;11023;11354;10727;34472;17352;11843;81811;57939;57940;80457;149500;43028;91999;92000;20936;93685;94253;95917;16153;96731;99134;103598;100270;104378;105080;106296;108786;110324;111137;105003;104848;118178;119841;118574;121393;125150;123128;127054;129467;130057;130967;131957;134954;133531;136930;137071;141099;141100;143478;143115;144453;146086;146427;147658;149041;149042;149333;149043;149986;149984;149985;152038;152036;152039;152129;153429;153709;153432;154711;154775;154717;156222;156230;156221;157403;157242;158163;157181;159106;159105;123129;158976;123130;122365;124005;125219;127901;129975;132034;133670;134703;136560;139578;142468;144106;146420;154152;149381;150342;151587;153362;156666;154436;147414;147416;147417;147412;148455;151582;152631;156662;152697;158319;109865;112060;118975;122816;127898;132021;134763;147620;145014;146447;154429;156058;147660;148456;150450;151827;152629;153401;157449;158729;144055;122366;124006;125220;127902;129976;132035;133671;134704;136561;139579;142465;144108;146423;154154;149378;150340;151585;153365;156667;121029;121030;121031;121032;121033;121034;108584;108753;109866;108585;108754;109867;121641;122193;121476;123133;122949;125999;126069;125362;126623;128529;110806;117291;117918;122192;121511;154425;122232;122947;123011;125360;126000;126070;126621;128059;138082;128060;139062;139786;128527;130171;131766;132712;133849;132710;135199;134406;135273;136356;128524;137050;129100;130169;131772;132708;132713;133692;134404;135200;135275;136403;137048;138084;138444;149254;148774;150121;151573;152415;153091;153876;139073;139790;140733;141569;142912;144769;142612;144277;145447;148013;146782;139039;139788;140731;141572;142911;144283;142610;144772;145466;146779;148015;149282;148766;150801;150120;152413;151572;152636;153106;153879;155916;154816;156604;158652;157445;153088;158691;153880;155918;154820;157444;156605;158693;158655;97143;122116;125404;124020;131284;155789;95258;152211;154014;157114;139456;139328;144621;146590;152210;154013;157115;139663;139329;144620;95259;146589;100027;96829;97497;101956;122585;122587;122856;121543;127113;129534;126261;126260;109016;111682;119614;106189;110978;108282;109944;118934;118309;117409;124194;127894;131945;153047;122247;127124;121542;125953;125165;130968;135589;139601;133650;128706;132938;138503;134408;136559;141470;148539;152424;152489;147704;156254;144981;151610;150707;151293;147922;149472;149433;155448;154142;153397;157878;158219;157434;157385;142717;146823;93813;99128;103531;143218;105110;121478;105111;121599;122401;123508;123506;125949;125358;126217;128774;126703;128971;128969;138095;139184;139869;129389;130364;131955;132773;133690;135412;136358;137086;138588;139317;148772;149256;149529;150158;152453;151612;153112;154061;139867;141776;143059;143425;144285;144855;145467;146784;148109;148396;152504;152634;154058;155920;156196;154876;157906;156609;158656;158068;95929;158928;156847;154245;105786;137839;108884;11603;135296;132047;139727;158830;119241;126590;135189;78550;79310;81087;82699;105792;84488;86270;85408;87314;86654;88047;91228;90096;92496;122508;18062;18352;107071;18353;28212;18683;25554;20113;21175;20911;21763;24811;22476;28252;32477;30255;33281;34211;35111;38744;40946;40502;42434;47023;45372;50548;51423;52754;55416;56480;57797;59066;62214;62215;65577;66808;69877;70561;70301;76317;72687;77748;24241;22418;18369;19295;18521;20135;15573;21554;22335;25122;24762;25346;27625;25704;29699;30203;29983;31736;33131;34118;35436;38989;40928;45387;51061;55763;93721;95411;96798;95919;100355;99167;103360;101931;105515;105689;106305;104355;108805;109392;126381;111109;118571;119498;121388;31992;31604;34773;33286;39768;39338;42477;40553;46837;45044;47887;49143;52612;50653;53410;55638;69879;56482;58322;59068;62216;60127;62802;66000;65579;66810;70563;71498;72689;73304;74139;76316;77747;77201;80055;81051;81915;82711;84491;83291;86252;85446;86790;88597;87370;91221;93593;92358;12514;12515;12516;12517;12519;12518;12520;14242;14676;14768;15898;15420;17195;16251;17587;18189;18437;19463;19773;20249;18099;20990;21073;21341;22479;22125;23740;24234;24354;23926;25081;25297;25566;29723;25830;30254;31605;32478;33282;33790;34210;35110;34374;35684;38743;40591;40501;40945;42433;44095;45542;45373;47024;48424;49289;52753;50549;53412;54935;55415;56141;56481;59067;62213;65578;66809;67130;57798;69878;72688;73648;76318;77749;78551;81088;81730;81977;84489;82700;85409;86829;88048;87321;91229;90097;93317;92497;95918;99135;101957;104379;105081;108787;106297;111136;110323;119840;118573;121391;125151;127055;84565;86722;100427;100271;109361;119842;118575;121392;60019;77814;71948;74013;77713;79857;83472;84802;86404;87919;89832;91098;92036;94073;96454;99375;102429;104671;106847;109897;111009;111791;117874;80227;117597;119673;120949;122250;70350;73995;73434;74432;77173;77578;78442;79142;80486;56962;58539;59427;61625;62481;63451;62837;63243;64585;65220;65911;66446;66873;69867;70215;70859;70349;71352;71952;84159;84161;84162;84160;84643;85327;86384;86062;86853;87246;87658;88640;89869;93524;91164;56960;56961;88720;123976;152273;88722;69347;91387;127895;155137;152698;153459;72172;72174;78680;89782;91389;93514;95889;97215;100793;102325;109040;118084;121127;153436;148710;153092;109031;124021;140605;153438;109033;62222;84404;88721;99370;104630;62220;62221;72170;137653;137879;57044;56199;55421;58684;61563;63455;66411;64787;69847;74014;77714;71949;79858;83473;84803;86405;89833;87920;91099;92037;94074;96455;99376;102430;104672;106848;109898;111010;111792;117875;117598;119674;120950;122251;56214;55420;100960;100956;137068;63340;77371;77372;125406;56196;77368;71041;93404;93407;71039;139914;148449;148656;71465;61519;76492;78677;80861;82271;81979;85542;85268;85269;88101;59822;59823;133180;70259;148358;66836;109597;137650;69319;58180;104666;55435;83991;58291;47682;110643;110644;109279;59090;84670;57773;58070;62739;62993;63542;58074;58353;58893;59404;60038;61710;62575;62584;58894;59403;60039;61711;62576;62585;62740;62994;63543;70709;70944;63544;64718;65128;65801;66475;66988;69264;69988;63545;64719;65129;65802;66476;66989;69265;69989;70945;70710;71343;72327;73095;73765;74436;76758;77899;77493;70711;70946;71344;72328;73096;73766;74437;76759;77900;77494;78469;79661;80519;82034;82035;81517;82499;83436;84575;77495;77901;78470;79662;80520;81518;82036;82037;82500;82582;82997;83437;85272;84576;85686;85383;86068;86761;87473;88751;88458;89872;90788;84577;85273;55418;56376;56755;57358;57774;58072;58354;85384;85687;86069;86417;86762;87474;88459;88752;89873;90789;91544;92752;93659;95471;95883;94957;96773;97636;99627;90790;91545;92753;93660;117940;94231;94958;95436;95472;95884;96774;97637;99123;99124;99628;100807;102356;103677;105211;104635;106300;108374;110807;99629;100808;102357;103678;104636;105039;105615;106301;106560;108375;55419;110808;117669;117919;117292;118394;119605;119748;117667;118396;119603;56377;56756;57359;55417;53915;54973;55141;56258;55804;56875;58002;58208;58540;58995;59428;61551;61623;62482;62838;63244;63452;64507;64586;64917;65221;65912;66447;66874;67226;69868;70860;71353;71953;72285;72607;72938;73435;73741;73996;74433;76415;77174;77579;78443;79143;79443;79837;80487;80947;80999;81128;81820;82782;83367;106607;84050;84366;84644;84732;85328;86063;86370;86424;86854;87247;87659;88641;89870;90426;91165;91671;92013;93462;93961;94335;94629;95763;96389;97728;99284;100053;100757;101363;102263;103125;103923;104545;105176;105692;108283;108959;109602;110396;110977;111681;117408;118908;119424;119093;123937;125055;125814;128632;133606;137252;141492;53914;59197;59178;59177;58619;34322;125890;128279;125891;125892;125893;125894;125895;135899;135900;76789;106758;76787;45381;41971;51078;51079;54974;58792;59818;72036;64919;71230;73670;76452;84218;55851;74263;81183;50828;87924;92943;93519;94338;95286;97939;99103;103373;103374;104851;105781;105485;118981;110097;111758;111977;118884;118465;119099;123517;124299;127135;130454;129496;131128;134628;137076;134974;140771;139202;143222;143117;144851;150960;157421;158147;40480;89924;80220;89964;70891;70892;70893;70917;70924;71228;72168;71969;72617;72801;72940;73083;73420;73711;74009;80219;74123;74435;76582;77185;77862;77582;78081;77410;79144;78476;79579;79337;79838;80488;80950;81208;81021;82535;83137;81648;83368;82826;84051;84343;84733;83746;84668;85568;84922;86210;85744;86381;86064;86855;87418;86599;87207;87248;88682;88957;88089;90195;89787;89686;90543;90795;91717;91129;91351;91456;92792;93477;92629;93818;93316;94581;94137;94677;99137;95481;97725;99996;99634;100992;101981;103422;103649;102994;100680;103934;104435;106351;105153;106486;106683;106841;105357;107221;109396;109900;110229;111382;117635;117428;117332;118886;119096;118152;119557;119683;122616;121513;131737;122852;122245;124278;124459;125370;126752;125728;125951;127128;127119;128327;129847;129053;131189;130274;128740;130462;131021;132716;133052;131953;132096;133847;133953;134214;134700;135093;133464;135703;135916;136121;136347;135400;137700;137634;136742;137080;139000;139694;139458;140405;138448;140699;139793;141574;142208;142642;142718;144782;141195;143470;142970;146205;146061;146543;145072;148242;148488;147755;146949;149413;148559;148849;148995;150431;150855;151673;149901;152190;151832;152608;152927;153254;153516;153631;153828;153932;154239;154705;155353;155866;156034;156461;156861;158050;157292;158501;158935;110519;110502;100128;100129;104814;70890;16151;18214;21781;15786;24812;56871;30201;59499;66500;72106;74093;103508;25999;35915;38987;41059;45389;47764;25997;58501;55693;55458;34290;35686;127915;39435;40873;43002;46673;50072;52587;43003;61997;64472;62594;64699;65027;65998;66929;70459;46674;50073;52588;55459;56748;58605;59463;58606;59464;19702;56749;61998;62595;64700;65028;65999;66928;70458;78891;29702;34291;35685;39766;70611;130366;55576;70610;58725;61433;59181;73333;73335;73337;76595;76511;80830;86902;86903;88984;91975;80829;135851;55575;54832;139733;129055;71263;71571;99311;56584;50052;50053;71570;50054;50057;50059;50061;50065;58093;50066;58094;56178;58095;59045;59914;62909;65216;65217;66868;67208;69839;70340;70341;72933;73414;78436;79829;82767;82768;83353;83415;85347;84740;85349;85878;86382;87250;86817;87251;87329;87874;87873;88880;90004;90430;91044;92014;91610;93532;93463;94010;94913;95810;94015;97739;99310;99313;105177;101364;100758;100295;104664;104546;103744;103126;105729;152482;146347;150988;21724;22025;53374;50058;50067;50060;57286;24328;50055;50064;50062;55135;50056;25173;59046;50063;50531;22539;50068;12257;142902;71264;156551;65673;142903;91857;86383;81882;72281;81883;72280;65926;71898;65924;138883;40563;61621;70609;61620;58812;117617;125548;128178;99265;50681;62801;64476;69932;77757;78599;70590;74124;77758;131568;78600;83088;78601;85410;86604;86066;12513;50680;45439;45440;45441;80170;77971;80171;80173;80172;80174;80175;80176;80177;80178;80179;80180;80181;80182;80183;80184;80185;80186;80187;80188;80189;84764;85881;124027;86632;58092;53844;58091;53843;62947;140215;54845;77407;77405;103251;103836;57775;58071;62741;62995;63546;58075;58355;58895;59406;60040;61712;62577;62586;58896;59405;60041;61713;62578;62587;62742;62996;70712;71042;63547;64720;64721;65189;65190;65803;65804;66477;66478;66990;66991;69266;69267;69990;69991;70713;71043;71345;72329;73097;73767;74438;76760;77496;77902;76761;77497;77903;78471;79663;80521;81519;82501;83463;84578;87109;56757;57360;57776;58073;58356;95473;96268;96904;97662;99967;101771;105043;108518;111043;111980;117938;118592;56758;57361;56557;91224;130055;84240;65700;65699;84583;54846;84584;76965;100839;139203;76963;77331;77330;93520;94339;93522;78674;89101;90784;85404;103981;89102;90785;93517;103982;96764;78672;97573;99436;100670;101897;121105;119417;129300;124161;125364;103983;126922;105008;106141;107092;110268;126920;131949;129060;134113;136921;121307;140776;121308;121309;119418;121106;129298;125366;124162;124163;136925;140774;125368;126918;131947;129058;133211;134109;133214;147644;148947;151642;155570;135856;134111;136923;138086;139572;142677;140756;144635;142422;144643;156389;155574;144639;146104;157892;148949;147648;154825;151640;156387;158991;61413;70093;77863;84503;81758;82713;86570;86245;87737;90148;91262;94935;93526;103359;61412;56567;118800;142032;142031;28185;83305;83304;123519;138598;83350;11742;117705;117706;117707;33483;12065;15902;23753;59569;14654;18123;14655;14656;20866;21118;20226;20837;20322;19783;15852;20245;15487;19193;23754;23755;23756;23783;23924;33810;49284;21139;21117;17974;17364;14712;21771;22483;22411;15611;59568;24345;25673;19947;54579;16338;22307;12253;16339;16136;10566;25711;34336;26060;11598;11637;11601;10641;15626;11780;17661;33903;20016;14360;11650;20176;34293;15564;52000;51999;31854;83957;83958;56568;11361;83959;12025;17672;16315;20222;30110;33479;21144;17194;55511;16312;18495;11441;22509;12045;19591;16316;121433;155717;155716;153157;158361;152680;153158;56510;153147;56509;57049;91989;56511;154964;84017;144793;63157;63158;84241;84242;84018;86804;63694;63693;148430;86885;63692;117639;135186;134677;139377;148038;156790;82078;82079;82080;82081;82082;82472;90192;90193;108752;71217;71218;135293;71219;71216;148037;81704;86472;77530;58427;58426;58428;81402;108592;153848;77479;77478;77480;90444;90447;90445;90446;155632;153636;153635;157290;157289;81821;81822;155865;81823;81378;81379;81380;148307;81381;81377;62784;62783;80960;62782;80961;80962;63205;63204;63206;143600;148429;155864;80959;57371;85599;94327;151286;55446;157383;55445;55444;86444;86886;58976;55448;72257;55447;62785;55449;61798;61799;61800;61801;61802;61803;61804;61805;61806;61807;61808;61809;61811;61810;61812;61813;61814;61816;61815;61817;61818;61819;61820;61821;61822;61823;61824;61825;61826;61827;61828;61829;61830;61831;61832;61833;61834;61835;61836;61837;61838;61839;61840;61841;61842;61843;61844;61845;61846;61847;61848;61849;61850;61851;61852;61853;61854;61855;61856;61857;61858;61860;61859;61861;61862;61863;61864;61865;61866;61868;61867;61870;61869;61871;61872;61873;61874;61876;61875;61878;61877;61879;61880;61881;61882;61884;61883;61885;61886;61887;61888;61889;61890;61891;61892;61893;61894;61895;61896;61898;61897;61900;61899;61901;61902;61904;61903;61905;61906;14776;61907;61909;61908;61911;61910;61912;13860;13861;13862;13864;13863;13865;13866;61913;13867;13869;13868;61914;13870;13871;13872;13873;13874;13876;13875;13877;13878;13880;13879;13881;13882;13883;13884;13885;13886;13887;13888;13889;13890;13891;13892;13893;14777;61915;13894;13895;13896;13897;13898;13899;13900;13901;13902;13903;13904;13905;13906;13907;13908;13909;13911;13910;13912;13913;13914;13915;13916;13917;13918;13919;13920;13921;13923;13922;13924;13925;13926;13927;13928;13929;13930;13932;13931;13934;13933;13935;13936;13937;13938;13939;13940;61916;13941;13942;13943;14778;13944;13945;13946;13947;61917;13948;13949;13950;13951;13952;13953;13954;13955;61918;13956;13957;13958;13959;13960;13961;13962;13963;13964;13965;13966;13967;13968;13969;13970;13971;13972;13973;61919;13974;13975;13976;13977;13978;13979;13980;13981;13982;13983;13984;13985;13986;13987;13988;13990;13989;13992;13991;13993;13994;13996;13995;13997;13998;13999;14000;14002;14001;14003;14004;14005;14006;14007;14008;14010;14009;14011;14012;14013;14014;14015;14016;14017;14018;14019;14020;14021;14022;14023;14024;14025;14026;14027;14028;14029;14031;14030;14032;14033;14034;14035;14036;14037;14038;14039;14040;14041;61920;14042;14043;14044;14045;14046;14048;14047;14050;14049;14051;14052;14054;14053;14055;14056;14057;14058;14059;14061;14060;61921;14062;14063;14064;14065;14066;14068;14067;14069;14070;14071;14072;14073;14074;14075;14076;14077;14078;14079;14080;14081;14082;14083;14084;14085;14086;14087;14088;14089;14090;14091;14092;14093;14094;14095;14096;14097;14098;14099;14100;14101;14102;14103;14104;14105;14106;14107;14108;14109;14110;14111;14112;14113;14114;14115;14116;14117;14118;14119;14120;14121;14122;14123;14124;14125;14126;14127;14128;14129;14130;14131;14132;14133;14134;14136;14135;14137;14138;14139;14140;14141;14142;14143;14144;14145;14146;14148;14147;14149;14150;14152;14151;14153;14154;14156;14155;14158;14157;14159;14160;14161;14162;14163;14164;14165;14166;14167;14168;14820;14170;14171;14172;14173;14174;14175;14176;14329;14328;14330;14331;14333;14332;14334;14335;14387;14673;14678;14679;14680;14723;14749;14750;14751;14752;14753;14754;14755;14794;14795;14796;14840;15413;15434;15435;15521;15522;15523;15546;24551;15547;15548;15549;15550;15551;15597;15598;15599;15600;15601;15602;15603;15635;15636;15637;15638;15650;15698;15697;15737;15699;15738;15739;15740;15769;15793;15794;15836;15839;15838;15915;15916;15917;15918;15920;15919;15956;15957;15998;15981;16015;16014;16035;16036;16037;16038;16076;16065;16078;16077;16079;16080;16081;16082;16114;16083;16115;16116;16117;16135;16157;16158;16184;16218;16219;16220;16240;16241;16242;16253;16243;16254;16255;16257;16256;16258;16259;16269;16290;16291;16292;16293;16294;16302;16359;16360;16375;16376;16377;16378;16379;16461;16473;17131;17139;61922;61924;61923;61925;17140;17215;17216;17277;17278;17279;17280;17281;17331;17332;17333;61926;17334;17347;17346;17658;17601;17668;17669;17670;17677;17678;18002;18003;18004;18032;18052;18091;18103;18104;18105;18106;18107;18171;18172;18173;18235;18236;18237;18273;18274;18275;18276;18305;18277;18306;18307;18308;18411;18412;18404;18434;18435;18440;18496;18497;18498;18499;18550;18561;18562;18583;18584;18597;18599;18598;18649;18675;18676;18677;19191;18678;19192;19201;19226;19265;19267;19885;19886;19887;19888;19889;19890;19891;19892;19893;19894;19895;19896;19897;19899;19898;19901;19900;19903;19902;19904;19905;19906;19907;19908;19909;19910;19911;19912;19913;19914;19915;19916;19917;19918;19919;19920;19921;19922;19923;20427;19984;20428;20429;19985;20039;20040;20041;20042;20430;20043;20431;20057;20432;20433;20119;20120;20121;20434;20435;20122;20123;20124;20125;20436;20437;20126;20127;20438;20128;20439;20440;20441;20442;20443;20444;20445;20446;20447;20448;20449;20450;20452;20453;20454;20455;20456;20457;20458;20459;20460;20461;20462;20463;20464;20465;20466;20467;20468;20469;20470;20471;20472;20473;20474;20475;20476;20477;20479;20478;20794;20793;20795;20796;20797;20809;20810;20817;20818;20819;20831;20832;20849;20850;20851;20852;20853;20854;20875;20876;20877;20878;20897;20939;20940;20942;20941;20964;20981;21002;21003;21004;21028;21037;21098;21114;21115;21132;21149;21133;21177;21178;21179;21200;21201;21202;21203;21206;21207;21281;21282;21283;21284;21320;21285;21356;21357;21358;21359;21360;21575;21598;21599;21600;21602;21603;21617;21635;21661;21668;21669;21670;21715;21716;21718;21717;21720;21719;21751;21752;21754;21753;21755;21769;21770;21776;21777;22013;22014;22019;22020;22042;22058;22053;23876;23875;23878;23877;23880;23879;23881;23882;23883;23884;23885;23886;23887;23888;23889;23890;23891;23892;23893;23895;23894;23896;23897;23898;23899;23900;23901;23902;23903;23904;23905;23906;23908;23907;24552;23909;24553;24554;24556;24555;24557;24558;24559;24560;24561;24562;24563;24564;24565;24566;24567;24568;24569;24570;24571;24572;24574;24573;24575;24576;24577;24578;24579;24580;24581;24582;24584;24583;24585;24586;24587;24588;24589;24590;24591;24592;24594;24593;24595;24596;24597;24598;24599;24600;24601;24602;24603;24605;24604;24607;24606;24608;24609;24610;24611;24613;24612;24615;24614;24616;24617;24618;24620;24619;24621;24622;24623;24624;24625;24626;24627;24628;24629;24630;24632;24631;24633;24634;24635;24636;24637;24638;24640;24639;24641;24642;24644;24643;24645;24646;24648;24647;24649;24650;24651;24652;24653;24654;24675;24655;24688;24687;24695;24689;24706;24753;24754;24778;24779;24804;24805;24806;24807;24808;24810;24809;24832;24831;24842;24843;24891;24892;24893;24894;24895;24939;24940;24941;37804;37324;24942;24943;24944;24945;24946;24947;25033;25034;25062;25063;25064;25113;25114;37164;37741;25115;25189;25157;37907;25190;25191;25212;25237;25265;25266;25310;25311;25429;25428;25430;25431;25439;25432;25440;25441;25475;25513;25514;25515;25516;25517;25518;25537;37988;25563;38078;25564;25565;37483;25598;25599;25600;25601;25602;25603;25666;25669;25670;25697;25685;25698;25721;25794;25750;25796;25795;25835;25836;25875;37370;36699;37033;36567;25891;25892;25893;25894;25895;25896;25923;37080;25945;25946;25947;25968;25969;25983;26006;26007;26008;26009;26045;26046;26047;26048;26049;26105;26106;26107;26188;26899;26900;26901;26902;26950;27069;27561;27070;27071;27519;27562;36338;27614;27623;27615;27624;27642;37643;27643;27817;37237;27849;27850;27851;28200;37167;28223;37122;37295;28273;28274;28275;37602;37783;28276;28324;36221;28352;29201;29202;29233;29234;29298;38147;29299;29300;29342;36831;38104;29718;38054;37598;37481;36522;36966;36423;37838;36944;36340;36574;37559;36747;37399;36254;37768;37534;37715;37196;37007;38065;36622;36456;37731;37539;36496;36483;37747;37925;37239;36934;37891;36582;38009;37138;37402;37432;36903;37053;38084;37010;36413;36858;37506;37204;37198;37672;36983;37798;37272;36891;37601;36928;37095;36651;36442;37592;37802;36353;37688;37317;37429;36268;36273;38052;36721;37665;36250;37864;37530;38007;36650;36334;36679;38085;38090;37550;36784;36975;36868;36572;36475;37790;36965;36352;36511;37004;37107;38043;37090;37970;36877;37682;37999;37066;38150;37528;36326;36562;37655;37171;37296;38072;37180;36737;36696;36937;36709;37791;36826;37628;37671;37648;37895;37812;37031;37551;37487;38111;37069;36375;36619;37179;36590;36480;37957;36556;37108;37852;36813;37514;36835;37736;36739;38142;37155;37319;37246;37952;37455;36787;37286;37669;36299;38030;37347;37442;37508;37034;36648;36548;36793;37523;37589;38068;36621;37118;37614;36873;36798;37519;36278;36523;37782;36776;37890;37221;37311;37938;37290;37457;37048;37144;36973;37383;37990;38141;37756;37590;37718;36802;36698;38038;38047;36470;38064;36672;37073;37840;36688;36850;36427;37877;38106;37424;37758;36446;36578;38108;36467;37256;37581;37166;37922;36707;37330;36542;36355;37446;37250;37143;37410;38096;36825;36290;38012;36816;37373;37191;36378;37353;36649;36930;37835;36554;37596;37202;36804;37478;36482;37044;37003;36235;37460;38136;37205;37815;37732;36715;43039;37169;36351;37091;36293;37752;37707;36775;36620;38076;37699;37510;37556;37869;38107;37172;37126;37258;37942;37904;37305;38162;38190;38163;38203;38682;38753;38752;38765;38766;47909;47908;47910;47911;38813;47912;47914;47913;38839;47915;38840;38841;38970;47916;38842;38843;47917;38852;47918;47919;47920;38921;47921;47922;47924;47923;47925;47926;47927;39321;39351;39352;39357;39358;47928;39359;39360;39366;39367;39368;38698;40457;38754;39385;39386;47929;39410;39409;39442;47930;47931;47932;39460;47933;39549;39484;47934;47935;39550;47936;39572;47937;47938;47939;47940;39615;47941;47942;47943;47944;47945;47946;47947;47948;40537;47949;40538;40539;47950;40595;40692;47951;40775;40781;40811;47952;40869;40936;47953;47954;47955;47956;41048;41063;41064;41615;41616;41617;41618;47957;47958;47959;41941;47960;47961;47962;41979;47963;42061;42405;47965;47964;47966;47967;47968;47969;47970;47971;47972;47973;47974;47975;47976;42788;42789;47977;47978;47979;47980;47981;47982;47983;42835;47984;47985;47986;47987;47988;47989;47990;47991;42887;42889;42888;47993;47992;47994;42917;47995;47996;47997;47998;47999;48000;48001;48002;48003;42969;48004;48005;43016;43040;43017;43073;48006;48007;48008;48009;48010;48011;48012;43105;48013;43106;48014;43162;48015;48017;48016;48018;48020;48019;48021;48022;48023;43392;48024;48026;48025;48028;48027;48030;48029;48032;48031;48033;48034;48035;48036;48037;48038;48039;44916;43816;48040;48041;43818;48042;48043;43848;48044;43849;48045;48046;48047;48048;48049;48050;44040;48051;48052;48053;48054;48055;48056;48057;44100;48058;48059;48060;48061;48062;48063;44325;48064;48066;48065;44355;44590;48067;48068;48069;48070;48071;48072;44626;44627;44628;44662;44629;44630;44631;48073;48074;44632;44663;48075;48077;48076;44917;48078;48079;44918;44923;48080;48081;44953;48082;44972;48083;45028;45058;45063;48084;48085;48086;48087;48088;48089;48090;48091;48092;48093;48094;48095;48096;45518;45519;48097;48098;45562;48099;48100;45587;48101;48102;48103;45601;45602;48104;48105;45618;48106;48107;48108;48109;46174;46184;48110;48111;48112;48113;48114;46262;48115;48116;48117;48118;48119;48120;48121;48122;48123;48124;49941;48125;48126;48127;46853;46854;48128;48129;48130;48131;48132;48133;48134;48135;48136;48137;48138;48139;48140;48141;48143;48142;48279;48335;48371;48398;48421;49116;49250;49251;49252;49253;49278;49298;49299;49638;49653;49665;49733;49734;49735;49736;49794;49822;49942;49943;50339;50352;50357;50358;50359;50405;50471;50501;50502;50569;50570;50578;50579;50580;50665;50666;50702;50816;50818;50817;50868;51085;51105;51195;51350;51384;51385;51789;51790;51792;51791;51843;51951;51967;51968;52059;52576;52648;52649;53444;53568;53837;54287;55613;55773;55823;56159;56298;56372;56401;56402;56427;56461;56550;56725;56774;57010;56909;57340;57339;57426;57490;57554;57758;57831;57832;57884;58176;57927;58192;58193;58439;58614;58758;59105;59252;59303;59284;36583;36545;36347;38083;36369;36426;37962;37526;36842;36432;37485;36524;36404;38128;36463;36277;37567;36558;37710;37215;37092;36399;38115;36549;37818;36963;36420;37331;36449;37571;37016;36980;36297;36383;38087;36924;37405;36358;37880;37189;37403;37194;36360;36700;37312;37027;36386;37371;36516;37451;36638;37545;36634;37621;37991;36717;37575;38056;37527;36350;37588;37613;37681;36248;36879;36436;36441;37420;37139;36629;37899;36964;37368;36552;36584;37218;37726;36539;37969;36729;37739;36276;37868;37563;36438;37269;37544;37772;37379;36348;37882;36342;36687;37236;36852;36625;36569;38138;36958;37050;36938;37637;37440;37537;37626;37421;37584;36486;38042;37475;36563;37945;37435;37211;36830;36526;36689;37612;37401;36770;36531;37587;36245;37515;37407;37284;36561;36557;37529;36242;38060;36794;36632;36753;36624;37509;37212;38014;37106;38063;36653;36743;37883;36759;37661;36594;37454;36948;36890;36598;37703;37949;36999;37814;37030;36926;36736;38032;36260;38013;37114;36349;37294;37300;37900;37431;37658;36425;36823;37308;36969;37569;36566;37751;36840;36844;36288;36750;37477;38035;37535;37065;37851;36859;36960;38018;37285;36640;37572;36883;38066;36292;38027;37099;36821;36234;37414;38069;37127;36321;36462;36473;37839;37874;37473;36693;36909;36977;36723;36505;36993;36990;37093;37915;36513;37645;36388;36762;36308;37585;36846;37701;36534;36294;37103;36414;36306;36599;38137;37078;37418;37493;36346;36763;37994;37600;37496;37415;37244;37673;36677;43074;36407;36606;37927;38149;36671;37766;36403;36601;38051;37419;38048;37261;37354;36812;37235;38117;37704;36675;36751;37049;37409;36429;37855;37634;37087;37610;36591;37259;37346;36255;37334;36535;37253;36318;36295;37282;36918;36781;37785;37871;37998;37134;38164;36943;38165;38191;38204;38192;48144;38658;38683;38693;38707;38708;38853;38767;38814;38815;38844;38845;48145;38865;38864;48146;39761;38981;38982;39316;48147;39322;39323;39324;39429;39443;39444;39485;39478;39486;48148;39581;39552;39562;39566;39573;39582;48149;39803;39849;39804;39871;39872;39873;48150;39874;40359;40397;40398;40399;42991;40415;41949;41950;40430;40438;40464;40465;43075;40497;40498;40509;40521;40522;40523;40540;40584;40585;40596;40597;40636;40637;40638;48151;40693;40695;40694;40696;40697;40698;40699;40700;40701;40761;40762;40763;40764;40812;40813;40900;40920;43851;40965;40966;40967;40968;40980;40997;48152;41030;41027;41049;48153;43852;41050;41051;43608;41619;41639;41640;48154;41959;41960;41961;42046;42047;42062;42063;42075;42076;42090;42091;42092;42095;48155;42096;42097;42130;42131;42133;42132;48156;42181;42198;42199;42215;42240;42284;42992;42311;42993;42356;42429;48157;43144;42809;42810;42811;48158;48159;42918;48160;42943;42994;42995;42996;42997;42998;42999;43000;43019;43018;43020;43021;43023;43022;43041;43024;43042;43043;43044;43045;43077;43076;46175;48161;43167;43362;43363;43393;48162;43394;43605;43609;43610;48163;43613;43853;48164;43880;43867;43881;44041;48165;44042;48166;44043;48167;48168;44061;48169;44101;44102;44103;44123;44303;44321;48170;48171;44334;44356;44385;44396;44402;44408;48172;44604;48173;44650;48174;44664;44673;44672;48175;44868;44869;44870;44919;44954;44955;44963;44989;44995;44997;44996;45029;45030;45041;45031;45124;45115;45136;45137;48176;48177;45370;45449;45521;45520;45530;45548;45563;48178;48179;45564;48180;45565;45567;45566;45588;46176;46177;46227;48181;48182;46330;46331;46663;46664;48183;46678;46679;46680;46690;48184;46711;46699;46726;46734;46743;46744;48185;46849;48187;48186;46877;46878;47041;47042;47115;47116;48188;47127;47133;47132;48189;48190;48191;48192;48193;48194;48195;48196;48198;48197;48199;48200;48209;48251;48271;48272;48311;48318;48319;48345;48336;48346;48347;48348;48399;48403;48402;48422;48428;48933;48898;49064;49063;49078;49099;49100;49117;49190;49202;49205;49207;49206;49208;49209;49254;49263;49654;49300;49688;49666;49737;49739;49738;49740;49741;49743;49742;49784;49795;49967;49970;49971;49972;49973;49989;50008;50076;50296;50313;50315;50314;50321;50406;50424;50423;50429;50425;50472;50445;50503;50533;50534;50535;50536;50558;50581;50571;50582;50583;50606;50607;50608;50609;50628;50667;50819;50820;50827;50839;50848;50849;50981;51070;51071;51106;51182;51196;51336;51353;51337;51380;51793;51794;51795;51796;51797;51799;51798;51800;51801;51802;51803;51805;51804;51806;51807;51808;51809;51810;51865;51899;51898;51931;51916;51932;51982;51992;52035;52036;52041;52060;52061;52160;52454;52469;52523;52541;52564;52577;52592;52593;52699;52708;52729;52730;52747;52748;52957;52958;53001;53226;53227;53244;53272;53273;53274;53289;53290;53301;53302;53309;53327;53348;53349;53350;53351;53369;53398;53509;53524;53538;53542;53616;53617;53629;53628;53882;53908;53909;53910;54288;54289;54290;54298;54577;54578;54589;54610;54611;54626;54638;54639;54839;54918;54919;54939;54940;54964;54991;55111;55112;55171;55614;55406;55634;55615;55664;55665;55666;55683;55695;55709;55848;55849;55853;55916;55894;56083;56084;56085;56109;56118;56160;61927;56324;56325;61928;56373;56374;61929;61930;56403;56428;56429;56447;61931;56462;56525;56526;56529;56530;56532;56531;61932;56551;56598;61933;56599;56627;56687;61934;56707;56708;56726;56764;56765;61935;61936;56810;56809;61937;56858;56910;56953;61938;56968;57046;57052;57079;61939;57145;57146;57320;57319;57331;57332;61941;61940;57407;57412;57413;57427;57428;57429;57480;57530;57567;57568;57593;61942;57724;57819;61943;57833;57912;61944;57955;58026;58082;58163;58103;58177;58178;61945;61946;58771;58424;58440;58474;58475;58476;58490;58491;58505;58506;58522;61947;58531;58557;58558;61948;58575;58585;58599;58716;58717;58734;58759;61949;58830;58806;58865;61950;58890;58921;58939;59010;59011;59012;59087;59096;61951;59185;61952;59221;61953;61954;59304;59305;59315;59319;59362;59440;59681;61955;59518;59519;59635;61956;59652;59561;59653;59710;59843;59860;61957;61558;61958;61959;61960;61962;61961;61964;61963;61965;61966;61967;61968;61969;61970;61971;61972;61974;61973;61975;61976;61977;61978;61979;61981;61980;61982;61983;61984;61986;61985;61987;61988;61989;61991;61990;61992;62444;62445;62401;62402;62403;62386;62423;62404;62424;62425;62447;62446;62491;62504;62659;62540;62972;62794;63017;63134;63104;63161;63199;63257;63284;63312;63344;63331;63374;63464;64279;64505;64504;64551;64563;64626;64647;64745;64861;64902;64942;66042;66041;66043;66044;66045;66047;66046;66048;66049;66050;66052;66051;66053;66054;66055;66057;66056;66058;66059;66060;66062;66061;66063;66064;66065;66067;66066;66068;66069;66070;66071;66072;66073;66074;66075;66076;66078;66077;66079;66080;66081;66083;66082;66084;66085;66086;66087;66088;66089;66090;66092;66091;66093;66094;66095;66097;66096;66098;66099;66100;66101;66102;66103;66104;66105;66106;66107;66108;66109;66110;66111;66113;66112;66114;66115;66116;66117;66118;66119;66120;66121;66122;66123;66124;66125;66126;66128;66127;66130;66129;66131;66132;66133;66134;66135;66137;66136;66138;66139;66140;66142;66141;66143;66145;66144;66146;66147;66148;66150;66149;66151;66153;66152;66154;66155;66156;66157;66186;66251;66252;66265;66266;66285;66286;66313;66330;66342;66402;66614;66535;66615;66689;66881;66890;66911;66899;66977;66975;66978;67011;67010;67013;67012;67014;67104;67132;67133;67134;67135;67136;67137;67253;68862;67254;69067;69053;69089;69097;69154;69155;69220;69190;69230;69231;69232;69314;69338;69339;69439;69465;69466;69489;69467;69491;69490;69548;69540;69549;69794;69822;69842;69890;69891;69892;69918;69939;70004;70005;70132;70133;70185;70162;70242;70300;70325;70383;70384;70385;70519;70518;70521;70520;70522;70573;70523;70678;70680;70679;70681;70689;70837;70968;70967;70998;71027;71026;71028;71029;71030;71032;71031;71074;71075;71076;71091;71092;71099;71100;71508;71101;71509;71510;71511;71512;71554;71604;71605;71607;71606;71609;71608;72018;71936;72020;72019;72021;72022;72023;72024;72055;72056;72081;72099;72082;72100;72101;72131;72133;72132;72134;72135;72136;72467;72468;72495;72529;72530;72531;72532;72550;72552;72551;72563;72553;72564;72594;72595;72596;72614;72597;72641;72642;72919;72920;72921;72998;72999;73000;73001;73002;73003;73005;73004;73051;73052;73053;73067;73066;73068;73443;73128;73444;73446;73445;73447;73448;73449;73467;73466;73489;73604;73582;73931;73932;73933;73976;73934;73977;74029;73978;74030;74068;74069;74071;74070;74072;74074;74073;74075;74077;74076;74078;74079;74080;74082;74081;74415;74416;74417;74419;74418;74446;74447;74448;74450;74449;74451;74452;74453;74480;74454;74481;76068;74513;76423;76436;76435;76437;76438;76439;76469;76440;76470;76471;76480;76481;76482;76886;76885;76887;76923;76924;76925;76952;76954;76953;76955;77037;77038;77039;77040;77041;77042;77074;77096;77075;77097;77639;77098;77640;77641;77642;77644;77643;77646;77645;77647;77648;77649;77650;77651;77653;77652;77654;77655;77656;77658;77657;77802;77838;77839;77841;77840;77842;77843;77887;77888;77889;77977;77950;78018;78019;78061;78612;78062;78613;78615;78614;78616;78664;78617;78665;78684;78666;78685;78686;78687;78718;78688;78731;79321;78732;79322;79347;79366;79367;79405;79406;79407;79408;79409;79411;79410;79571;79572;79573;79589;79588;79610;79611;79612;79613;79630;79632;79631;79633;79984;79983;79985;79987;79986;79988;79989;79990;79992;79991;79993;79995;79994;79996;80042;80041;80382;80383;80384;80385;80386;80426;80425;80427;80428;80429;80431;80430;80432;80433;80434;80436;80435;80437;80466;80456;80467;80560;80468;80561;80562;80563;81194;80578;81195;81197;81196;81198;81233;81234;81235;81236;81280;81237;81281;81283;81282;81284;81333;81334;81335;81336;81932;81337;81933;81934;81935;81937;81936;81938;81939;81940;81942;81941;81943;82315;81944;82316;82317;82318;82320;82319;82321;82323;82322;82324;82326;82325;82327;82329;82328;82330;82331;82332;82333;82334;82336;82335;82337;82338;82339;82340;82341;82342;82343;82345;82344;82347;82346;82348;82349;82350;82351;82352;82354;82353;82355;82356;82358;82357;82360;82359;82361;82362;82364;82363;82365;82366;82367;82368;82369;82370;82371;82372;82373;82375;82374;82376;82377;82378;82379;82381;82380;82382;82383;82384;82386;82385;82387;82388;82389;82390;82391;82392;82393;82395;82394;82396;82397;82398;82400;82399;82401;82402;82403;82404;82405;82406;82407;82408;82409;82410;82411;82412;82413;82414;82416;82415;82418;82417;82419;82420;82422;82421;82446;82447;82448;82449;82484;82450;82451;82452;82453;82454;82455;82456;82457;82458;82459;82486;82485;82558;82559;82560;82561;82562;82563;82617;82618;82633;82685;82684;82686;82736;82738;82737;83097;83096;83098;83099;83100;83102;83101;83103;83104;83155;83157;83156;83158;83169;83170;83244;83243;83245;83246;83247;83248;83249;83254;83250;83274;83275;83276;83284;83329;64561;64560;65982;66392;73226;80913;80914;81495;32324;51359;11652;20093;64490;11653;14324;19473;15651;49792;14344;36074;42262;72094;47860;47861;62787;62788;26010;73474;73475;73476;73477;73478;73479;73481;73480;73482;73483;73484;73473;86674;10635;129355;129359;84796;93845;86874;93828;87725;91765;93609;95540;96486;99670;125735;104437;121191;129062;129360;87726;72713;93719;93739;93829;91766;93788;93610;95632;95541;96487;105076;125732;121422;129356;129353;128879;131289;133679;148830;138099;141203;142219;84797;93740;93810;93718;105077;125730;121394;128973;129501;132051;128974;96488;133682;138101;148833;141205;142220;148829;149002;152112;157853;154939;157911;105078;157461;128876;129358;129352;132054;105079;133678;148834;138103;141198;142216;148828;149030;152111;154973;157855;157467;157921;125731;133681;148835;138102;141204;148827;149238;152115;157857;154937;129052;128878;157464;132050;149031;152117;157856;154940;157462;157909;148831;141202;142221;148826;154635;152114;157858;157919;157468;157459;157920;63147;157460;64932;72709;63148;64933;72710;63149;64934;72711;65731;63150;65732;64935;72373;72374;72712;79826;129354;121190;84798;93846;87210;87727;87728;91767;93616;95633;93611;96489;122258;129051;128975;129357;132079;133680;138100;64502;130626;63268;140188;130627;10562;49778;18248;17688;18370;153617;157126;87922;95924;25702;31732;31733;42871;70397;70398;83953;87923;83954;32397;22046;84046;73186;73187;70396;73185;73183;111531;153891;155446;139744;155017;73184;157872;81247;127116;127117;128416;139732;148958;150864;139745;153460;29900;25089;25091;73225;81246;73832;76579;79123;82529;90835;91991;140658;73224;91992;111532;141105;100784;130271;135972;135181;136667;143116;146620;146619;126824;125779;125780;125781;126825;134762;152042;145262;150860;87955;87989;97212;97213;66318;67119;68933;66319;67120;72729;73833;76145;81106;81422;82620;85160;88624;97417;97352;100572;110813;127115;141833;144970;148261;154721;72730;86311;93720;90424;76118;73834;81815;83735;85402;73830;141779;141778;77477;95469;152041;95470;124366;70195;44986;69955;70785;148846;57713;73835;79234;73831;156024;156023;57728;69915;69916;103529;102355;100131;100130;42290;61719;65942;50986;72349;65580;72216;72204;72186;87500;89940;91310;100125;110272;137648;136668;144450;91500;73854;76580;95812;73852;73853;74038;136666;91501;65738;65737;72587;72588;76119;76120;73137;73836;73136;72622;72621;76146;77558;79215;102496;70412;70413;59110;58582;59111;59112;58581;38654;11313;26967;10136;45627;66634;22256;25683;31640;14804;11577;11570;66633;10137;20987;19252;14826;14827;15823;14825;19310;100597;100595;100596;10138;10139;34849;54604;62125;32399;10422;60033;60034;60035;64451;12218;66717;25993;126244;14243;51998;53448;53449;58965;62358;63267;72370;72215;72878;73305;65899;66201;66390;66841;70293;71500;76148;73804;76405;77183;78063;78109;80121;84164;91856;93195;20255;19233;19949;31346;45438;18035;65900;18430;18644;47902;72618;73568;62368;72212;38207;26197;45579;72217;13842;14379;19585;21728;11910;19600;21116;25118;10620;10382;10346;24785;26067;15867;20812;24909;24910;25928;18541;11890;18290;10141;56820;11335;93911;51839;51838;102083;102082;73149;104667;101114;85380;55133;55134;140132;127910;108712;104668;136339;122582;123752;59453;33392;136338;138175;138214;138174;138177;138176;138216;138215;138336;138337;139059;139060;139061;136968;139034;140792;141009;141363;141815;142456;142740;142901;143156;143588;144809;145448;146207;146271;146586;147192;147812;148298;148565;148693;148939;149090;149476;150138;150281;150721;150868;150999;151810;152004;152232;152685;155601;153368;153369;153450;153666;153839;153995;154327;154738;155653;156011;156077;156545;156916;157369;157881;158097;158583;159037;136969;112153;112152;71176;88955;12107;49675;93231;93226;77910;72417;56632;56448;154998;56633;109915;109916;72879;140655;97994;139615;125154;68880;68879;130091;101027;100551;105109;108813;51351;51352;97085;93227;92361;56998;93232;153488;139231;140517;138602;153444;138603;151623;136664;84669;136665;93228;93233;133306;104497;81261;74250;76404;74251;135177;62033;144813;118095;144792;50346;85381;92219;92220;93229;146449;147727;93234;151600;153440;154992;156101;157430;151591;158785;147724;151593;148481;147723;148462;150362;122256;158784;148472;139483;138523;137728;136617;142713;141452;146417;147726;147725;149384;156113;129056;136618;129057;88700;131186;122927;122546;92413;92414;92415;92362;92416;92374;92370;92376;92375;112279;131023;92363;92417;92371;92364;92418;92419;92420;92365;92421;92366;92377;92422;92423;92424;92372;92425;92426;92427;92367;92428;92429;92430;92368;92431;92432;92373;132101;92369;92433;92434;92435;92436;92437;92438;92439;93235;93230;70942;108521;130432;103857;112114;30213;39420;134714;117335;123797;30212;99763;71175;71077;59732;59731;30058;22926;15763;11972;90925;11623;16179;18424;64377;80889;93222;10473;31345;34471;34470;11133;10735;121039;142960;70941;10359;11124;11125;65901;11735;65902;141366;72905;141341;141340;156941;72904;31719;31718;59108;11481;52050;54607;70682;11303;11686;11685;31647;31786;46885;85513;11519;24813;11809;11552;36100;36101;10947;11937;13651;11039;10888;12255;11622;11609;76496;76497;76498;18008;67124;67125;67126;67127;67128;73962;67123;27597;21235;23641;56564;56565;40419;46182;46183;51974;51090;64930;44383;30055;44382;46817;64931;63638;72334;67243;88931;126648;126506;122243;122363;81777;65914;154963;135921;76512;65915;81778;149642;48201;71212;15566;18059;11924;11544;35556;23934;18691;20210;22364;47128;77983;22527;18690;70023;35749;34095;36050;24874;58907;14257;51852;15639;35090;13843;15586;35953;22049;11337;88934;19776;69051;16170;39537;64096;42842;54842;39538;55410;52051;93527;19718;17604;18065;18244;18813;14668;15432;57768;57919;62743;62997;63548;58005;58348;58897;59408;60042;61714;62579;62588;17218;17603;18064;18243;18689;19719;29744;58898;59407;60043;61715;20842;24701;24875;25349;21225;21322;21627;22095;22369;23633;23930;62580;62589;62744;62998;63549;70714;70947;63550;64722;65130;65805;66479;66992;69268;69992;63551;64723;65131;65806;28329;30209;31652;31864;33393;33505;34268;34766;35218;35251;25735;25820;26068;27521;66480;66993;69269;69993;70948;70715;71346;72330;73098;73768;74439;76762;77904;77498;70716;70949;71347;72331;73099;73769;74440;33522;38200;39372;40351;40478;40930;42305;43173;44658;45392;34267;34767;35219;35581;35778;36045;36215;76763;77905;77499;78472;79664;80522;82038;82039;81520;82502;83438;84579;77500;77906;78473;79665;39853;47123;47781;49145;50084;50382;51120;52530;52766;53593;40479;40931;42306;43174;44659;45393;80523;103569;50085;50383;51121;52531;52767;53594;55287;45133;55901;56037;56119;56334;56750;57769;58006;58349;45403;47124;47782;47829;49146;81521;82040;82041;82503;82583;82998;83439;85274;84580;85688;85385;86070;86763;87475;88753;88460;89874;90791;84581;85275;57316;53595;85386;85689;86418;86071;86764;87476;88461;88754;89875;90792;91546;92754;95474;93661;94959;95885;96775;97638;90793;99630;91547;92755;117941;93662;94232;55288;95437;94960;95475;95886;96776;97639;99125;99126;100126;99631;100809;102358;103679;105212;104637;106302;108586;108755;108376;109868;110809;100127;99632;102359;100810;104638;103680;105040;105213;105616;106303;106561;108377;108587;108756;55902;56038;56120;109869;110810;117670;117920;117293;119606;118395;121477;122194;123134;122950;126001;126071;126624;125363;128530;110811;117668;117294;117921;119604;118397;122233;121512;123012;122948;125361;125877;126072;126002;128061;126622;128062;138083;139063;139787;128528;131767;130172;132714;132711;133677;135201;134407;135274;136357;137051;128525;129101;56335;130170;131773;132709;132715;133693;134405;135202;135276;136404;137049;138085;138445;149255;148775;150122;151574;152414;153090;153877;139074;139791;140734;141570;142913;144770;144278;142611;146424;145446;146781;148012;139040;56751;139789;140732;141571;142910;142613;144282;144771;145465;146425;146780;148014;148767;149281;150802;150119;57351;151571;152635;152412;153105;153878;155915;154817;158657;156603;157446;153089;158692;153881;155917;154819;157443;156606;158654;14197;158694;12642;15408;15712;14181;14728;16085;40362;20862;14192;57770;57920;62745;63552;62999;58007;58350;59410;58899;61716;60044;62590;62581;17605;19694;19269;58900;59409;20735;60045;24748;61717;25350;29743;21628;22096;22370;23635;23929;62591;62582;62746;70717;63000;71044;63553;64724;65191;64725;65192;65807;65808;66481;66482;66994;66995;69270;69271;69994;31193;32134;33563;34294;34819;35287;35977;39493;40664;45110;25754;25837;28226;69995;70718;71045;71348;72332;73100;73770;76764;74441;77501;77907;44111;50384;51122;45394;44961;47125;47783;49147;50086;47784;53596;55289;56039;55886;56121;56752;57771;58008;58351;50087;50385;51123;49148;52532;52768;76765;77502;77908;78474;79666;81522;80524;82504;83464;84582;87110;95476;96269;96905;97663;99968;105044;101772;105507;109946;108519;111044;55887;56040;56122;111981;118593;117939;122402;121600;123509;123507;125359;125950;126218;128775;126704;128972;128970;138096;139185;129390;139870;130365;131956;133691;132774;135413;136359;137087;56336;138589;139318;148773;149257;149528;151613;150157;153111;152452;154060;139868;141775;143426;143058;144284;144854;145468;146783;148110;148395;56753;57352;152503;152633;154059;155919;156195;156610;157907;154875;158069;158653;11590;158929;16172;12016;35600;50001;50002;55801;58435;59980;59643;63643;82828;90510;79638;97833;100464;103876;57033;138554;90149;72836;72837;72832;72833;72834;72835;74496;33950;72780;10356;12229;12204;62758;51835;51834;55532;51836;11018;11314;62028;10357;11161;10939;10934;33395;11163;18027;29314;15465;10143;10142;11159;11808;11835;22319;15464;10885;11308;10673;125313;10862;11067;108593;11214;11870;91827;10674;108761;64784;69482;10144;11217;10145;108409;73756;10390;10391;102683;16169;10418;21309;10516;10822;11504;108373;49698;49697;49699;49700;62718;18049;66497;62717;21757;18359;11931;72179;20342;20373;20930;68995;72686;72906;81699;22055;64936;56512;21053;20841;19525;19715;21052;21239;19716;20838;29996;16143;14327;53288;12029;21246;25546;11489;25116;11310;11877;11836;22413;18218;11770;14182;14838;11851;17815;30219;17816;17817;17818;17819;17820;17821;17822;17823;17824;17825;17826;17827;17828;17799;17829;17800;32137;17691;17830;17697;17831;17801;17802;17803;17804;17805;17832;25759;29251;17833;34159;42899;17834;57604;62927;17806;17807;17808;17809;25242;29345;34160;35766;42900;17835;46328;46702;47158;48759;49711;50527;57605;17810;58802;59448;62637;62638;62639;63617;65733;66177;68937;70461;71971;71972;57606;58661;59967;59449;62640;62641;62642;63618;65734;68938;66178;88379;70462;71973;71974;73572;73318;76529;77669;84924;85536;86657;86546;86658;87419;88380;89054;90829;90682;90830;91993;91994;93000;93001;93375;93376;94165;94196;95876;95877;99514;99510;101977;101819;104048;103965;106098;106097;17836;109166;109167;111153;111154;118233;66179;88381;68939;70463;71975;71976;73573;73574;76530;77670;99511;86659;78477;88382;80886;85537;82799;82800;85538;84767;85539;85223;86660;86547;86661;87420;88383;89055;90831;90683;90832;91995;91996;93002;93003;93377;93378;94166;95878;94197;95879;99515;99512;101820;101978;104049;103966;106099;106100;109168;109169;111155;111156;118234;121227;124158;126782;132956;130025;138571;135699;141796;145252;88384;87421;89056;90833;90684;90834;91997;91998;93004;93005;93379;93380;94167;94198;95880;95881;99516;99513;101821;101979;104050;106101;103967;109170;106102;111157;109171;111158;118235;121228;124159;126783;130026;132957;83347;135700;138570;141797;145247;148936;154259;151969;156907;36020;17811;17812;17813;17814;34161;17837;111159;118236;111160;121229;124160;130027;126784;132958;135701;138560;141798;148937;145251;154258;151968;21632;156908;61393;10343;64503;14831;14319;17838;96723;96724;96725;96726;99517;99518;101811;96727;96728;99519;96729;99520;133181;71116;124174;124175;138561;11299;29346;46816;61696;83292;83293;83294;83296;83295;86548;90685;83297;96767;96766;96769;96768;96770;96771;99593;101895;103536;106103;111593;111600;138902;138904;138896;138903;138039;138568;138569;141847;138567;145538;154267;148986;138901;32138;46815;34162;34727;88698;52053;52054;16093;10626;14343;19416;71862;91823;11192;15449;15477;17313;11842;25198;17690;24905;57558;10481;17698;10719;64263;129468;147021;18618;146199;154416;154417;63563;49774;63562;71159;66361;73757;30057;66360;150054;49775;49776;61429;71635;64690;61430;60099;65604;71636;154935;150055;150056;157377;150057;153612;10424;10425;16045;73685;73682;73683;73125;73124;153046;35619;35588;41646;42150;20341;20340;33272;15542;10761;122316;12017;10721;10665;10146;65721;108716;108717;11730;20932;20931;11608;108718;110230;148832;10147;83955;110231;25799;88964;11219;86949;88904;90774;89028;92465;97192;97193;99440;96833;108689;110096;118398;120197;120198;123462;121620;126627;128118;130433;138562;139910;142144;149280;148297;150798;157339;157425;154776;71458;47833;88965;25612;10148;70566;70564;112118;103872;102780;103926;103970;127136;92541;102781;110943;110944;14378;119780;10494;11830;43815;10150;42409;118730;43614;10151;10152;11600;11020;15572;18294;18295;18223;18142;97664;97665;100321;76475;95823;11737;72830;104128;12258;11514;11474;70585;81791;100322;11897;11898;11899;81405;81404;102860;81403;102861;62992;63185;62990;62989;62991;63186;63688;90713;90603;96485;90602;29929;29930;29928;31342;15765;140657;15766;58769;15767;19503;58770;19301;18358;49779;102709;102710;102711;102712;102713;67200;118086;118087;29220;29221;66394;29222;29223;29224;29225;10153;10154;10468;19696;28377;31135;31343;10155;19695;100511;10689;10691;10156;10580;10681;10364;12225;12077;10352;90254;10157;58651;64582;50545;50546;14272;11106;50547;84006;119681;25800;18257;25767;12104;44064;11827;11158;44066;12119;119682;65632;17594;15421;33523;34447;60081;34507;60080;60082;21154;70943;10360;10586;149508;17309;127140;127141;127142;127143;127145;127144;127147;127146;127148;127149;127150;127151;127152;127153;127155;127154;127157;127156;127159;127158;127160;127161;127162;127163;127164;127165;127166;127167;127168;127169;127170;127171;127172;127173;127174;127175;127176;127178;127177;127179;127180;127181;127182;127183;127184;127185;127186;127187;127188;127189;127191;127190;127192;127193;127194;127196;127195;127197;127199;127198;127200;127201;127202;127204;127203;127205;127206;127207;127209;127210;127208;127211;127212;127213;127214;127215;127216;127217;127218;127219;127221;127220;127223;127222;127224;127225;127226;127227;127228;127229;127230;127231;127232;127234;127233;127235;127236;127237;127238;127239;127240;127242;127241;127243;127244;127245;127246;127247;127248;127250;127249;127251;127252;127253;127254;127255;127256;127258;127257;127259;127260;127261;127262;127263;127264;127266;127265;127267;127268;127269;127270;127271;127272;127273;127274;127275;127276;127277;127278;127280;127279;127282;127281;127283;127284;127285;127286;127287;127288;127289;127290;127291;127292;127293;127294;127295;127296;127297;127298;127299;127300;127301;127302;127303;127304;127305;127306;127307;127308;127309;127310;127311;127313;127312;127314;127315;127316;127317;127318;127319;127320;127321;127322;127323;127324;127325;127326;127328;127327;127329;127330;127331;127333;127332;127334;127335;127336;127337;127338;127339;127340;127342;127341;127343;127344;127346;127345;127347;127348;127349;127350;127352;127351;127353;127354;127355;127356;127358;127357;127359;127361;127360;127362;127363;127364;127365;127366;127367;127369;127368;127370;127371;127372;127373;127374;127375;127376;127377;127378;127379;127380;127381;127382;127383;127384;127386;127385;127388;127387;127389;127390;127391;127392;127393;127394;127396;127395;127398;127397;127399;127400;127401;127402;127403;127404;127405;127406;127407;127409;127408;127410;127411;127412;127413;127414;127415;127416;127417;127418;127419;127420;127421;127422;127423;127424;127426;127425;127427;127428;127429;127430;127431;127432;127433;127434;127435;127436;127437;127438;127439;127440;127441;127442;127443;127444;127445;127446;127447;127448;127449;127450;127452;127451;127453;127454;127456;127455;127457;127458;128703;127459;128704;128701;128702;128695;128696;128693;128694;128699;128700;128691;128687;128692;128688;128689;128690;128697;128705;128698;129901;129900;129898;129899;129904;129905;129921;129920;129932;129933;129912;129913;129906;129907;129883;129884;129887;129886;129888;129889;129934;129935;129892;129893;129926;129927;129914;129915;129894;129895;129890;129891;129929;129928;129911;129910;129936;129937;130202;130201;129924;129925;129903;129902;129922;129923;129908;129909;129918;129919;129931;129930;129940;129941;129938;129939;129916;129917;129897;129896;131768;131769;131770;131771;131776;131777;131417;131774;131418;131404;131409;131405;131410;131413;131414;131425;131426;131406;131407;131415;131416;131411;131421;131412;131419;131422;131423;131420;131424;131408;132457;132458;132505;132506;132443;132444;132508;132507;132461;132462;132473;132472;132477;132476;132503;132504;132497;132470;132498;132471;132493;132501;132494;132502;132441;132442;132479;132480;132487;132488;132447;132448;132460;132459;132455;132456;132485;132486;132491;132492;132511;132512;132474;132475;132509;132510;132446;132445;132454;132453;132452;132451;132484;132483;132496;132495;132466;132467;132433;132449;132434;132450;132435;132436;132468;132469;132463;132464;132465;132437;132438;132587;132588;132439;132440;132489;132490;132481;132482;132499;132500;132478;133086;133072;133087;133073;133070;133080;133071;133081;133084;133085;133074;133075;133082;133083;133076;133077;133079;134320;134321;134324;134325;134316;134317;135759;135760;135761;135763;135762;135764;134309;134310;134411;134412;134322;134323;134318;134319;134314;134315;134313;134312;134409;134410;134311;136902;136903;136908;136909;136906;136907;136904;136905;136910;136911;137058;138766;138767;138774;138773;138771;138772;138777;138778;138779;138780;138768;138769;138775;138776;138770;140281;140292;140293;140697;140282;140698;141400;141399;141401;141406;141402;140276;141405;140288;140289;140290;140291;140283;140284;140277;140274;140275;140278;141403;141404;141408;141407;140286;140287;140279;140280;140285;143960;143961;143895;143894;143916;143915;143939;143938;143917;143918;143906;143907;143952;143953;143908;143909;143896;143897;143927;143928;143987;143986;143930;143931;143925;143926;143998;143999;143944;143943;143923;143924;143982;143983;143985;143984;143888;143889;143912;143892;143893;143957;143956;143942;143911;143941;144086;144085;143965;143964;143929;143967;143966;143962;143963;144000;144001;143945;143969;143901;143900;143980;143968;143981;143959;143958;143921;143922;143988;143989;143920;143919;143935;143934;143978;143979;143955;143954;144003;144002;143913;143914;143948;143949;143996;143997;143933;143932;144009;144010;143950;143951;143972;143973;143936;143937;143992;143993;144048;144049;145703;145702;143898;143899;143970;143971;143947;143946;143994;143995;144008;144007;143974;143975;143890;143891;143902;143903;143904;143905;144005;144006;144088;144087;143976;143977;143990;143991;143940;147405;147406;147313;147339;147340;147312;147408;147407;147298;147299;147293;147292;147390;147391;147274;147273;147321;147322;147400;147287;147288;147337;147338;147370;147371;147373;147372;147310;147311;147387;147386;147378;147379;147398;147362;147361;147280;147399;147279;147325;147326;147300;147301;147290;147291;147359;149336;147360;147278;147277;147316;147350;149335;147349;147303;147302;147394;147238;147395;147237;147369;147347;147368;147348;149337;147374;149338;147375;147353;147354;147253;147254;147269;147270;147343;147344;147710;147711;147381;147259;147380;147258;147385;147384;147366;147367;147252;147251;147403;147404;147409;147410;147328;147327;147257;147389;147388;147346;147345;147248;147247;147281;147282;147240;147239;147356;147355;147332;147331;147264;147309;147308;147364;147363;147383;147382;147265;147266;147272;147271;147335;147336;147396;147397;147351;147709;147708;147334;147352;147333;147323;147324;147245;147246;147297;147296;147305;147304;147376;147377;147295;147294;147393;147392;147283;147401;147284;147402;147263;147262;147317;147318;147244;147243;147319;147320;147285;147276;147275;147315;147286;147314;147307;147306;147357;147358;147242;147241;147249;147250;147289;147267;147268;147261;147260;147342;147341;154552;154553;154605;154607;154585;154500;154590;154609;154478;154531;154536;154625;154636;154615;154515;154480;154479;154533;154571;154522;154517;154521;154527;154617;154573;154623;154524;154507;154530;154465;154594;154622;154624;154575;154546;154501;154488;154545;154520;154613;154564;154563;154534;154572;154481;154582;154539;154595;154475;154489;154580;154540;154547;154583;154499;154600;154510;154535;154474;154463;154599;154593;154597;154559;154452;154577;154626;154574;154508;154502;154639;154592;154567;154619;154506;154557;154556;154621;154561;154548;154482;154560;154596;154519;154633;154587;154470;154551;154550;154511;154505;154631;154518;154493;154492;154544;154555;154586;154464;154628;154566;154441;154450;154604;154581;154562;154532;154579;154487;154516;154528;154467;154483;154490;154608;154523;154578;154494;154457;154462;154598;154543;154526;154542;154466;154565;154476;154509;154616;154447;154445;154554;154603;154570;154610;154486;154504;154591;154503;154541;154614;154461;154584;154485;154602;154576;154568;154525;154496;154601;154495;154454;154498;154538;154588;154549;154497;154558;154529;154491;154448;154471;154451;154469;154446;154468;154460;154459;154442;154443;154455;154472;154439;154444;154484;154453;154440;154456;154537;154477;56821;36017;49118;11357;11353;11356;42255;11358;15984;42256;11800;150154;107261;107262;107263;107264;58413;58414;58750;118150;105359;118151;118956;127907;134220;66671;61394;73894;66672;73519;71117;77246;78386;107265;86884;122612;132775;106375;106374;41608;124335;124336;16310;16274;149511;136340;10767;11926;12238;10158;10251;11466;66763;66026;66025;66765;66764;21241;21242;21243;147729;149403;147730;147731;148711;57334;57333;11033;42086;53848;17228;17229;57335;10159;10386;110723;20971;20974;23932;25756;25293;35288;19700;21609;118937;118957;118933;119938;143423;140795;154231;154232;147145;144949;151975;154235;157354;110839;47827;11549;46704;46703;42823;11201;11327;10160;72600;15715;72665;10989;10528;10529;142137;142136;20924;11410;47899;27534;54922;27574;10162;12248;47039;47581;47582;23786;10163;69557;23970;72348;53536;53846;62977;62026;62027;55471;55543;55544;77473;77474;12122;65917;71847;65916;66036;66034;66035;33867;43060;48364;48407;51367;54988;56682;57890;63337;66335;71523;31136;34049;34085;33227;25524;65675;65674;56691;56812;12050;36103;74261;20318;18506;29898;12049;40852;40853;20747;33481;25952;50023;25125;62968;62967;47804;47803;36205;21340;23699;23769;23978;12048;65722;45569;58447;66913;72814;58968;23787;62704;62703;70726;83289;58446;66914;58445;50679;56684;56668;66915;65550;65551;88982;32481;11740;10164;10165;58833;58832;87242;25294;40330;60153;38850;38849;11664;20388;26071;26922;10540;10166;10167;25201;81981;97988;107258;111968;122777;135920;138356;83744;121310;86631;121311;88054;90923;91515;95575;84288;95389;19517;97861;71783;10884;10647;38831;43156;73188;57556;64937;67122;64938;21596;155154;15788;149645;14194;11282;12202;11447;31192;11183;59660;59657;59659;59658;149497;117427;103929;103928;119326;142492;142481;83521;72483;82528;133058;146428;151287;157125;133059;63417;122509;138357;145034;146429;149046;152123;158894;72484;84621;87411;94575;96001;97385;100258;102782;105776;103457;111106;72481;157318;158893;122510;126049;133307;134761;138358;145035;149045;152124;155842;158892;87412;90119;93912;94576;95370;96002;97386;100259;102783;105777;103458;111107;11233;10654;34292;95390;95391;34460;74120;74119;11599;11537;15974;15468;22874;44392;44393;17214;11872;26195;35041;59246;59245;59247;69100;59248;109581;11419;27524;27525;20109;11074;21740;26012;31348;26013;26198;33228;12125;77562;77563;153475;153486;77605;35805;11643;35261;111384;111385;110326;103869;21608;103865;103866;103867;104571;104275;103868;104276;10578;57578;66268;67008;57579;57577;57580;57576;57575;149523;74514;74515;74516;74517;74518;74519;74520;74521;74522;74523;74525;74524;74527;74526;74528;74529;74530;74531;74532;74533;74534;74535;74536;74537;74538;74542;74539;74540;74543;74541;74544;74546;74545;74547;74548;74549;74550;74551;74552;74553;74555;74554;74556;74557;74558;74559;74560;74561;74562;74563;74564;74566;74565;74567;74568;74569;74571;74570;74578;74572;74573;74574;74575;74576;74577;74585;74579;74580;74582;74581;74583;74584;74586;74589;74588;74587;74590;74591;74593;74592;74594;74595;74596;74597;74598;74599;74600;74601;74603;74602;74605;74604;74606;74607;74608;74609;74611;74610;74613;74612;74614;74615;74616;74617;74618;74620;74619;74621;74622;74623;74624;74625;74626;74628;74627;74629;74630;74639;74631;74632;74633;74635;74634;74636;74637;74638;74643;74641;74640;74642;74649;74644;74645;74647;74646;74648;74651;74650;74656;74652;74653;74654;74657;74655;74659;74658;74660;74662;74661;74663;74664;74665;74666;74668;74667;74669;74671;74672;74673;74674;74670;74675;74676;74677;74678;74679;74680;74681;74682;74683;74684;74685;74686;74688;74687;74689;74690;74691;74692;74694;74693;74695;74696;74697;74698;74699;74700;74701;74702;74703;74704;74705;74706;74707;74708;74709;74710;74712;74711;74713;74714;74715;74722;74717;74718;74716;74719;74720;74721;74731;74723;74724;74726;74725;74727;74728;74729;74730;74732;74733;74734;74735;74736;74737;74738;74743;74740;74739;74741;74742;74744;74745;74747;74746;74749;74750;74751;74752;74753;74748;74754;74755;74756;74757;74758;74759;74760;74761;74762;74763;74764;74765;74767;74766;74768;74769;74770;74771;74772;74773;74775;74774;74777;74776;74778;74779;74786;74780;74781;74782;74783;74784;74785;74789;74787;74788;74791;74790;74794;74792;74793;74795;74796;74797;74798;74799;74800;74801;74802;74803;74807;74804;74805;74806;74810;74808;74809;74812;74811;74813;74814;74816;74815;74817;74818;74819;74820;74822;74821;74823;74824;74825;74826;74827;74828;74833;74829;74830;74831;74832;74841;74834;74835;74836;74837;74838;74839;74840;74847;74842;74843;74844;74845;74846;74851;74848;74849;74850;74853;74852;74855;74854;74856;74857;74858;74859;74885;74860;74861;74862;74863;74864;74866;74865;74867;74868;74869;74870;74871;74872;74873;74874;74875;74876;74877;74879;74880;74878;74881;74883;74882;74884;74891;74886;74887;74888;74889;74890;74892;74893;74894;74895;74896;74897;74903;74898;74900;74901;74899;74902;74911;74904;74905;74906;74908;74907;74909;74910;74918;74912;74913;74914;74915;74916;74917;74919;74920;74921;74922;74923;74924;74926;74925;74927;74928;74929;74930;74931;74932;74938;74933;74934;74935;74936;74937;74942;74939;74940;74941;74943;74944;74945;74946;74947;74948;74949;74950;74951;74956;74952;74953;74954;74955;74957;74958;74959;74960;74961;74962;74963;74964;74965;74966;74967;74968;74969;74970;74971;74972;74973;74974;74976;74975;74977;74983;74978;74979;74980;74981;74984;74982;74987;74986;74985;75036;74988;74989;74997;74990;74991;74992;74993;74995;74994;74996;75003;74998;75000;74999;75001;75011;75002;75004;75006;75005;75007;75008;75010;75015;75009;75012;75013;75014;75020;75017;75016;75018;75019;75021;75022;75023;75024;75025;75026;75027;75028;75029;75030;75031;75032;75033;75034;75093;75035;75037;75038;75040;75039;75042;75041;75043;75044;75045;75046;75047;75048;75049;75050;75051;75052;75057;75053;75054;75055;75056;75062;75058;75059;75060;75061;75069;75063;75064;75065;75066;75067;75068;75070;75071;75072;75073;75074;75075;75076;75077;75078;75079;75080;75081;75082;75083;75084;75085;75086;75087;75088;75089;75090;75091;75092;75141;75094;75095;75096;75097;75098;75099;75100;75102;75101;75104;75103;75105;75106;75108;75107;75109;75110;75112;75111;75113;75114;75115;75116;75117;75118;75119;75120;75121;75123;75122;75124;75125;75126;75128;75127;75129;75130;75131;75132;75133;75134;75135;75136;75137;75138;75139;75140;75142;75143;75144;75146;75145;75147;75148;75149;75150;75151;75155;75152;75153;75154;75160;75156;75157;75158;75159;75162;75161;75167;75163;75164;75165;75166;75168;75169;75170;75171;75172;75173;75174;75176;75175;75181;75177;75178;75179;75180;75187;75182;75183;75185;75184;75188;75186;75190;75189;75191;75192;75193;75194;75195;75197;75196;75199;75198;75200;75201;75203;75202;75204;75205;75206;75207;75208;75209;75210;75211;75214;75212;75213;75215;75216;75217;75218;75219;75220;75221;75222;75223;75224;75226;75225;75227;75228;75229;75230;75231;75232;75233;75234;75235;75236;75237;75238;75239;75240;75241;75242;75243;75244;75284;75247;75245;75246;75254;75248;75249;75250;75251;75252;75253;75255;75260;75257;75256;75258;75259;75261;75262;75264;75263;75265;75266;75267;75268;75269;75270;75271;75272;75273;75274;75276;75275;75277;75278;75280;75279;75282;75281;75283;75327;75285;75286;75287;75288;75289;75290;75291;75292;75293;75295;75294;75297;75296;75298;75299;75300;75302;75301;75303;75304;75306;75305;75307;75308;75309;75310;75317;75311;75313;75312;75314;75315;75316;75318;75319;75320;75321;75322;75323;75324;75325;75326;75377;75328;75329;75330;75331;75332;75333;75334;75335;75336;75337;75338;75339;75340;75341;75342;75343;75344;75345;75347;75346;75348;75349;75350;75351;75352;75353;75354;75355;75356;75357;75358;75359;75366;75360;75361;75362;75364;75363;75365;75369;75367;75368;75370;75371;75372;75373;75374;75375;75376;75392;75382;75378;75379;75380;75381;75386;75383;75384;75385;75388;75387;76069;76085;76104;76135;75389;76136;76137;76181;76182;76183;75390;76211;76228;76229;76230;76336;76337;76338;76340;76339;75391;76341;76342;76343;76365;76366;76488;76546;76721;76722;76723;76724;76725;76726;76956;76958;76957;76960;76959;76988;77127;77126;77128;77129;77130;77131;77132;77133;77134;77135;77136;77214;77177;77288;75396;77289;77290;77291;77292;77293;77294;77295;77297;77296;77318;77317;77365;77364;77366;77431;77432;77565;77618;77619;77620;77621;77660;77659;77693;77718;77719;77720;77734;77777;77778;77803;77804;77844;77890;77846;77845;77965;77966;77967;78020;78115;78021;75393;78116;75394;78117;78118;78450;78451;78452;78453;75395;78497;78498;78591;78590;78636;78635;75400;75397;78637;78719;78720;78733;78734;78818;78817;78820;78819;78837;78836;75398;75399;79267;79101;79102;79103;79104;79105;79106;79107;79222;79198;79223;79224;79226;79225;79241;79268;79269;79323;79324;79348;79349;79350;79368;79412;79413;79423;75406;75401;79574;79590;79575;79591;79592;79614;79615;79616;79617;75402;79753;79754;79755;75403;79796;79815;79816;79817;79818;79819;79820;79821;79998;79997;79999;80043;80044;80045;80046;80047;80048;80050;80049;75404;80051;80052;80053;80093;80094;80095;75405;80151;80150;80153;80152;80212;80211;75411;75407;80246;80274;80275;80276;80277;80278;80299;80300;80301;75408;75409;75410;75415;75412;75413;80353;75414;80539;81238;81239;81240;81241;81242;81252;81243;80540;81253;81254;81285;81286;81287;81304;81305;80541;81338;80542;81371;81372;81373;81397;81416;81417;81418;81433;81434;81560;81561;80543;81562;81563;81589;81620;81621;81622;81623;80354;81691;81692;81693;81719;81720;81761;81762;81763;81764;81765;81799;81868;81869;81870;81945;81963;81964;81946;81965;81995;82012;82013;82014;82245;82246;82247;82423;82424;82425;82426;82460;82461;82462;82463;82487;82515;82516;82635;82634;82652;82651;82654;82653;82655;80355;80564;82754;82755;82756;82843;82844;82845;82907;82807;83025;83083;83084;83085;83105;83106;83107;83160;83159;80579;83171;83230;83391;83393;83392;83394;83395;83396;83397;83398;83399;83533;83534;83557;83558;83559;83800;83802;83801;83803;83804;80841;83805;83806;83807;83913;83867;83914;80842;83915;83965;83981;83982;84012;83983;84013;80843;84014;84106;84134;84183;84136;84135;84137;84184;84185;84186;84187;84283;84284;84333;84334;84335;84336;84384;84385;84386;84387;84414;84415;84416;84439;84532;84497;84533;84557;84630;84655;84656;84629;84657;84658;80926;80984;84720;84754;84755;84756;84816;84865;84864;84866;84867;84868;80985;84869;84870;84888;84996;84997;84999;84998;85000;85002;85001;85003;80986;85135;85136;85174;85186;80987;85187;85235;85259;85260;80988;85371;85433;85434;85432;85435;85436;85437;85524;85525;85609;85610;85701;85703;85702;85835;85834;85836;85837;85838;85839;85840;85926;80989;85927;85998;86045;80990;86046;86056;86047;86090;86091;86092;80356;86093;86094;86120;86138;86139;86182;86183;86238;86239;86280;86281;86282;86283;86284;86285;86286;86287;86321;86336;86337;86338;86390;86391;86392;86393;86394;86437;80991;86436;86555;86594;86595;86596;80992;86667;86622;86623;86646;86647;86956;86668;86694;80993;86730;86732;86733;86731;86734;80438;80994;86735;86736;86737;86738;86739;86740;86776;86777;86800;86801;86957;86958;86959;86807;86960;86863;86961;86962;86864;86880;86963;86890;86891;86909;86923;86924;86964;81030;86965;87003;87004;87005;87006;81063;87017;81064;87081;87082;81098;87083;87084;87085;87086;87087;87088;87089;87115;87116;81136;87117;87166;87189;87389;87437;87438;87439;81137;87390;87391;81138;87440;87714;87441;87392;81139;87442;87486;87393;87443;87394;81140;87444;87445;87446;87447;81141;87487;87488;87517;87518;81142;87617;87618;87619;87620;87663;87621;87623;87622;87624;87625;87626;87628;87627;87629;87630;87631;87632;87633;87634;81155;87635;87716;87715;87717;81156;81199;87718;87772;88533;93062;93064;93065;93066;88394;93074;93092;93104;93105;93146;88534;93212;93213;93214;93215;93216;93240;93248;88535;93249;93250;93334;93335;93336;88536;93337;93362;93363;93063;90569;93390;93391;93392;93393;93430;93431;93432;88538;93433;93434;93435;93436;93444;93445;93499;93500;93553;93554;93595;93583;93596;93584;93585;88539;93597;93598;93599;88540;93675;93699;93700;93701;93702;93703;93704;93705;93706;93707;93731;93708;93732;93756;93757;93758;93782;93783;93823;93824;93825;93851;93852;88541;93853;93854;93855;93856;93995;88542;93996;93997;93998;93999;94000;94001;94002;94032;94033;88543;94034;88537;94060;94062;94061;94063;94086;88544;94087;94088;94090;94089;94092;94091;94128;87833;94129;94215;94216;94217;94218;94239;94220;94219;94240;94241;94242;94244;94245;94302;94303;94304;94305;94306;94307;94308;94309;94310;94311;94312;94423;94243;88545;94425;94426;88546;94424;94528;94529;88547;94530;94531;94597;94596;94598;94600;94599;88548;94601;94602;94620;94619;94649;94664;88549;94752;94753;94754;94694;94755;94695;94919;94756;88550;88114;94894;88551;94906;94944;94945;88552;94946;94947;94949;94948;94950;94951;88553;94953;94952;95022;95040;95023;95272;95273;95274;95275;95310;95311;88605;95377;95378;95463;95529;95530;95531;95533;95532;95550;95549;95551;95552;88115;95553;95554;95555;95556;95557;95558;95560;95559;95591;95590;95593;95594;95592;95595;95596;95597;95643;95700;95644;95645;95646;95647;95648;95649;95702;95701;95703;95704;95705;95706;95707;95708;95744;95745;95747;95746;95748;95749;95751;95750;95752;95753;95754;95755;95756;95757;95788;95789;95790;95791;95792;95910;95793;88606;95818;95911;95912;95913;96028;96029;91492;96030;95975;88116;95976;96063;96064;96129;96130;88607;96131;96132;96133;88608;96173;96174;96175;96176;88609;96247;96246;96248;88610;88611;88612;88613;88614;88615;88616;88632;88633;88634;88635;88686;88685;88687;88704;88688;88705;88706;88732;88733;88734;88735;88736;88771;88772;88773;88774;88775;88823;88824;88825;88826;88827;88828;88829;88830;93394;88854;88855;88878;88879;88918;88919;88920;88921;88922;88923;88924;88925;94093;88926;88927;88946;94246;88117;94427;88978;88979;88980;89017;89016;88118;89018;89019;89050;89090;89091;88119;89092;95395;89652;89651;89653;89714;88120;89715;89716;89717;89718;89719;88121;89812;89813;89814;88122;89855;89856;89857;89908;89909;89910;89911;88123;89912;89914;89913;89916;89915;89949;88124;89950;89975;89976;88125;90017;89977;90018;90054;88126;90055;90056;90057;90058;90059;90060;90061;88127;90062;88128;90106;90135;90136;90164;90165;90166;90167;88129;90169;90168;90171;90170;90172;90173;90240;90253;90259;90260;90293;90294;90341;90381;90382;90418;90475;90419;90477;90478;90476;90480;90479;90481;90483;90482;90484;90485;90522;90523;90528;90524;90557;90529;88130;90559;90560;90558;90561;90562;90563;90564;90565;90593;90594;90700;88157;90610;90609;90611;90612;90665;90771;90701;90702;90772;90782;90878;90879;90783;90932;90903;90904;90905;90907;90906;90908;90909;90910;90911;90912;90933;91067;91068;90934;90935;91069;90981;90982;90983;90984;90985;90986;91070;91071;91111;91147;91177;91178;91204;91205;91206;88131;91207;91208;91209;91269;87719;88132;91271;91270;91273;91272;91274;91275;91276;91277;91278;91279;88133;91305;89093;91289;91290;91306;91400;91401;91402;91404;91403;91405;91406;91407;91408;91409;91410;90107;91411;91412;91413;91438;88134;91482;91439;91484;91483;88135;91485;91511;91512;88136;91528;91529;91530;91532;91531;91534;91533;88137;91555;91584;91585;91586;88138;91587;91588;91589;91618;91619;88139;91620;91630;88158;91631;91639;91640;91705;91706;91707;91708;91709;91710;91721;91722;91723;91736;91772;91773;91848;91774;91793;91792;88159;91794;91795;91865;88160;91866;91867;91868;91849;91870;91869;88161;91871;88162;87730;88163;91887;91888;88164;91889;91941;88395;91943;91942;91944;91945;88396;91950;91951;91952;91953;88397;91980;90108;91967;90109;91984;88398;91985;91987;91986;88399;92043;92308;92007;92309;92352;92310;92353;92354;92450;92487;92449;92488;92506;92507;92538;92550;92625;92551;92594;92595;92597;92596;92598;92654;92655;88165;92743;92714;92715;88166;92745;92744;92746;88400;92773;92775;92774;92776;92777;92778;92930;92853;92974;92975;92976;92977;92931;92932;92978;92933;88401;92979;92992;92980;92981;92982;92993;92994;88402;93067;93068;93069;96249;96277;96545;102965;96577;102966;102967;103154;103156;103157;103155;103158;103159;96546;103160;103161;103203;103162;96547;103283;103284;96578;96579;103285;103286;103288;103287;103290;103289;103291;103292;103368;103395;96580;103396;103397;103398;103399;103400;103451;103452;96581;103487;96582;96293;103588;103589;103590;103591;103621;103622;103624;103623;103659;103658;96583;103660;103661;103728;103763;96621;103764;103798;103799;103800;103801;96622;103802;104071;104072;104073;96623;104074;104076;104075;104077;104079;104078;104080;104081;104082;104083;104084;104085;104086;104114;104087;104115;96645;104164;104165;104234;104235;104166;96294;96646;104236;104238;104237;96647;104240;104239;104241;104242;104243;104244;104245;104420;104246;104349;104421;104422;104423;104424;104425;104426;104470;104522;104521;104524;104523;104525;104526;104527;96648;104528;104613;104614;104615;104616;104648;96649;104762;104763;104764;104765;96295;96711;104766;104767;104768;104769;104770;104772;104771;96712;104798;105218;105217;105219;96713;105220;105221;105223;105222;105224;105226;105225;105227;105228;105230;105229;105231;105232;105233;105234;105235;105236;105237;105239;105238;105240;105241;105243;105242;105244;105245;96714;105246;105265;105266;105340;105341;105342;105343;105344;105364;105365;105366;96296;105452;105453;96750;105454;105455;105456;105457;105478;105504;105505;96297;96822;96788;96823;96862;96863;96864;96866;96865;96917;96900;96918;96919;96941;96940;96942;96325;96943;96944;96998;96997;96999;97000;97001;96250;97002;97003;97004;97005;97006;97073;97074;97075;97077;97076;97078;97093;97094;97113;97114;97115;97116;97138;97274;97275;97276;97277;97278;97279;97281;97280;97282;97283;97284;97313;97285;97286;97288;97287;97289;97290;97314;97291;97292;97315;97366;97368;97367;97369;96374;97370;96375;96251;97458;97459;97562;97563;97564;97566;97565;97567;97569;97568;97650;97651;97708;97710;97709;97711;97712;97713;97715;97714;97716;97747;97748;97790;97791;97816;97817;97818;97819;97843;97905;99015;99016;99017;99018;99020;99019;99021;99022;99150;96252;99110;99151;99111;99152;99112;99153;99154;99155;99156;99157;99158;99207;99179;99194;99208;99209;99211;99210;99212;99213;99241;99277;99260;99294;99296;99295;99297;96376;99326;99328;99327;96377;99385;99417;99426;99427;99428;99429;99449;99448;99430;99450;99498;99559;99499;99560;99561;96253;99617;99618;99648;99649;99700;99702;99701;99703;99704;99722;99752;99751;99753;96378;99926;99956;99927;99957;99990;99958;100019;100035;100020;100036;100037;100038;100039;100040;100042;100041;100043;100044;100086;100114;100169;100170;100202;96379;100203;100204;100232;100286;96254;100366;100367;96380;100394;100395;100447;100448;100499;96381;100500;100501;100502;100503;96382;100504;100524;100566;100567;96383;100611;96384;100612;100658;100659;100676;100708;100707;100709;100710;100712;100713;100714;96385;100711;100715;100738;100752;100753;100799;100830;100831;100832;96400;100863;100862;100882;96427;100883;100884;100885;101125;101126;101128;101129;101127;103163;101130;101131;101132;101133;101135;101134;101136;101137;101189;101190;101191;101220;101219;101278;101277;101279;101280;101281;101282;101283;101284;101285;101286;101287;101288;101346;101347;101348;101349;101515;101516;101543;101517;96548;101785;101758;101759;101760;101761;101830;96549;101969;101968;96550;101970;101971;102011;101972;102052;96551;102053;102054;96552;102055;102056;102057;102058;96553;96554;102216;102217;102249;96555;102333;102332;102334;102335;96278;102337;102336;102338;102468;102469;96556;102470;102471;102472;102509;96557;102554;102555;102510;102556;102557;102558;96558;102559;102560;102561;102562;102563;102564;102565;102566;96559;102567;102568;102621;102622;102771;102809;102810;102811;102812;102834;102847;102848;102849;102943;102944;102945;102946;102948;102947;102949;102968;102969;105558;117516;117517;117518;117520;117519;106430;117521;117522;117524;117525;117526;117523;106431;117613;117536;117655;117657;117656;117658;117659;117685;106432;117687;117686;106523;117688;117689;117690;117691;117692;117693;117789;117791;117790;117792;117793;117795;117794;117797;117796;117819;117798;117852;117853;117854;117855;117856;106543;117857;117897;117928;117898;117929;117930;117931;117974;117975;117976;117977;117978;106544;117979;117980;117981;117982;117983;117984;117985;117986;117987;106545;118066;118109;118110;118111;118112;118113;117988;118114;106546;118115;118116;106547;118169;106548;118170;106549;118191;118193;118192;118195;106550;118196;118194;118197;118219;118221;118220;118249;118250;118317;106551;106552;118338;118337;118339;118340;118341;118342;118343;118344;118345;106569;118378;118379;118380;118381;118382;118383;118384;118385;106570;118386;118444;118445;118446;118447;118448;118449;106601;118450;118451;118452;118453;118479;118480;118481;105713;118482;106613;118483;118485;118484;118487;118486;118488;118489;118561;118562;106614;118563;118817;118867;118818;118868;118869;118870;118871;118872;118873;118874;118875;118877;118876;118879;118878;118880;118881;106663;118951;105714;106664;106665;119023;119022;119024;119025;119026;119027;119029;119028;119030;119078;119079;106666;119077;119080;119081;119082;119083;119084;106667;119114;119135;119136;106669;106668;119137;119138;119139;119140;119141;106702;119295;119296;119297;106703;119298;119490;119491;119492;119493;119494;119495;106704;119537;105715;119538;119539;119540;119569;119570;119541;119542;119543;119544;119545;119546;119547;106705;119548;119550;119549;119641;119642;119643;106741;106740;119670;119706;119671;119707;119709;106742;119708;119710;119711;119712;119713;119714;119715;106743;119716;119717;119738;119737;119739;119759;119804;106744;119854;119805;106785;119855;119857;119856;106814;119858;119859;119860;119861;119862;119863;119864;119865;119866;119867;119868;119946;119947;119949;119948;119950;106833;119951;119952;119953;106860;106862;106861;106864;106863;106889;106888;106890;106891;106892;106893;106894;106895;105716;106916;106917;106918;106919;106920;105740;106921;106922;106923;106940;106924;106961;105741;105597;106962;106963;106964;106966;106965;106997;106998;106999;107000;105742;107001;107047;107048;107049;107050;107113;107128;107180;107179;107181;107182;107183;107184;107202;107185;107244;107245;107246;105758;107285;107286;108270;108271;108354;108272;108355;108356;108391;108357;108392;108436;108437;108438;108439;108440;108441;108442;108443;108444;108445;108446;108447;108478;108575;108527;108576;108629;105636;106059;108630;108577;108631;108632;108633;108635;108634;106060;108636;108637;108638;108639;108640;108641;108682;106061;108740;108741;108742;108743;108782;108783;108784;106062;108785;108860;108861;106063;108932;108934;108933;108936;108935;108937;108980;108981;106064;109021;109020;106065;109022;109023;109067;109068;106066;109069;109100;109101;109102;106067;109236;109103;109237;109238;109239;109291;109292;109293;109294;109295;109296;105637;109384;109385;109424;109425;109521;109522;109536;106068;109537;109538;109539;109541;109540;106069;109595;106070;109664;106071;109714;109715;109716;109717;109718;109719;106072;109720;109752;109751;109753;109878;109879;109880;109904;109931;109933;109932;109934;109935;109936;110062;110063;110064;110065;110066;110067;110068;105638;106217;110069;110105;110106;110107;110213;110104;110177;110178;110179;110180;110181;110182;110214;110257;110275;110309;106218;110334;110335;110336;110337;106219;110392;110407;110408;110409;110433;110470;110434;110471;110435;110436;110472;110437;110438;105639;106220;110439;110440;110441;110442;106221;106222;110529;110530;110543;106223;110586;110587;110588;110589;110590;110591;110592;110593;106224;110609;110610;110633;110634;110678;110679;110680;110658;110681;110802;110801;110829;110830;110831;110832;110833;110834;110835;110955;110937;110956;110957;105640;110958;110959;110960;110961;110963;110962;110964;110965;111037;111093;111094;111095;111096;111097;111098;111099;111100;111192;111193;111194;111195;111196;111197;106289;111198;111199;106290;111345;111415;111416;111417;111418;111419;111420;111421;111422;111423;111424;111425;111414;111426;111428;111427;111429;111430;111431;111432;111501;111502;111542;111543;111544;111545;105641;111563;111564;111565;111566;111567;111568;111569;111570;111571;111572;111573;111584;111586;111585;111588;111587;111589;111597;111624;111598;111625;111626;111627;111590;111628;111629;111630;111631;106324;111632;111633;111634;111635;111636;111637;111638;111779;106325;111661;111669;111670;111671;111738;111739;111808;111780;106326;111809;111810;111811;106357;111997;112031;111998;106358;111812;111999;112000;112001;112002;112003;105642;106359;112004;112005;112006;112007;106360;112008;112009;112137;112138;106361;112139;112140;106362;112141;112142;112144;112143;112181;112182;112262;112263;106363;112264;112265;112266;112267;112268;112269;112270;112286;112285;117329;117330;117353;117352;117380;117379;106433;106434;117381;117382;117383;117384;117475;117476;117477;120981;121088;121459;123148;123149;123150;123151;123152;123153;123154;123155;123156;123157;123158;123159;121536;123160;123161;123162;123163;123164;121537;123165;123166;123167;123438;123439;123440;123492;123493;123494;123495;123541;123542;121538;123543;123544;123632;123545;123651;123652;123653;123654;123655;123656;123657;123658;123659;123660;123661;123662;123663;123664;123665;123666;123667;123668;123669;123670;123769;123770;123771;123772;123773;123775;123774;123776;123777;123778;123779;123814;123813;123815;123816;123817;123818;123819;123820;123821;123918;123919;123991;123920;123921;123922;123992;124016;124017;124051;124052;124053;124141;124054;124081;124050;124101;124102;124103;124104;124105;124106;124107;124108;124142;124143;124144;124145;124146;124147;124186;124187;124188;124189;124216;124264;124263;124266;124265;124267;124291;124292;124309;124310;124311;124312;124313;121588;124355;124356;124357;124358;124359;121589;124399;124360;124400;124401;124402;124579;124580;124581;124582;124584;124583;121590;124585;124639;124640;124642;124641;121591;124643;124707;124706;124708;124709;124710;124711;124712;124713;124714;124754;124755;124756;124848;124849;124850;124851;121608;125017;121609;125018;125019;125020;125021;125022;125210;125211;125212;125213;125241;125242;121633;125302;125243;125304;125303;125305;125324;125306;125325;125326;125327;125328;121634;125330;125329;125331;125332;125350;125349;125450;125451;125452;125453;125454;125455;125456;125532;125533;125534;125617;125618;125619;125668;125669;125670;125671;125717;125693;125667;125694;125718;125695;125696;125697;125698;125699;125700;125701;125757;125719;122088;125758;125793;125794;125795;125796;125843;122089;125797;125807;125808;125810;125809;122090;125844;122091;125918;125919;125941;125943;125942;125982;125983;126059;126033;126034;126035;126036;126037;126038;126039;126041;126042;126043;126060;126040;122144;126146;126061;126147;126148;121146;126227;126228;126229;126230;126231;126232;122145;126233;126234;126235;126236;126304;122177;126324;126325;126327;126326;126328;126329;126330;126331;126332;126333;122178;126334;126335;122179;126456;126368;126369;126370;126371;122180;126372;126373;126437;126438;126490;126491;126522;126523;126883;126885;126886;126884;126887;126888;126889;122221;122220;126890;122222;126891;126892;126893;126894;126895;126896;126898;126899;126897;122223;126900;126901;126902;126903;126905;126904;126907;126906;126908;126909;126910;126911;126912;126975;126976;126978;126977;126979;126980;127035;127036;127037;127088;127731;127732;127733;127734;127735;127736;122224;127737;127738;122225;127739;127740;127741;127742;122226;127743;127833;127834;127835;127836;127837;127883;122227;122293;121147;127994;127995;127996;127997;127998;127999;128000;128001;128002;128003;128004;128005;128006;128007;128008;128009;128010;128012;128011;128013;122294;128014;122295;128015;122296;128016;128044;128045;128047;128046;122297;122298;128110;128070;128139;128140;122299;128141;121148;122300;128142;128143;122301;122302;128409;128453;128454;128455;122303;122304;128456;128457;122305;128458;128459;128460;128461;128462;128463;128464;128465;128503;128519;128537;128538;122394;128539;128540;128541;122338;128602;128603;128604;128605;128606;128607;128608;121149;131991;128668;128669;128670;128671;122395;128672;128863;128864;128865;128867;128866;128868;128869;122396;128964;128965;128986;128987;122339;129279;129094;129095;129280;129281;129335;129336;129337;129338;129340;129341;129342;129343;129344;129339;129346;129376;129377;129378;129379;129380;129345;129397;129398;121150;129399;129400;129455;129456;129457;129458;129459;129460;129461;129462;129463;129464;129481;129482;129484;129483;129485;129486;129487;129522;129523;129524;129525;129579;129580;129662;129663;129664;129665;129666;129667;129668;129669;129670;129672;129671;129705;129704;129706;129707;129708;129709;129710;129711;129743;129744;129745;129805;129806;129807;129843;129842;129877;129998;129999;130000;122416;122417;130049;122418;130080;130081;130082;130083;130085;130086;130143;130084;130159;130160;130333;130334;130335;130336;130337;130339;130355;130338;130356;130357;130358;130359;130360;130387;130448;130420;122443;130500;130501;122444;130577;130576;130578;130579;130580;130581;122445;130885;130582;130936;130886;130887;130888;130889;130890;130937;130891;130892;130893;130938;122492;130894;130895;130939;130940;131008;122470;131009;131010;131057;131058;131059;131060;131062;131061;131063;122493;131064;131065;131066;122494;131115;131116;131117;131155;131156;131157;131158;131179;131180;131181;122495;131219;131220;131275;131276;131277;131278;122496;131279;131280;131281;131282;131381;131301;131382;131383;131384;131532;131534;131533;131536;131535;131537;131538;131539;131540;131541;131542;131543;131720;131544;122497;131682;131683;131684;131685;131687;131686;131688;131689;131690;131691;131692;131693;131721;122498;131922;131992;131993;131994;131995;131997;131996;122529;132068;132069;132086;132032;132087;132385;132386;132516;132515;132517;122579;122580;122578;122607;122642;122643;122644;122660;122661;122662;122714;122741;122742;122743;122744;122745;122746;122772;122847;122848;122888;122849;122941;122942;122963;122943;123168;123169;123170;123171;123172;123173;123174;123441;123175;123176;123177;123178;123179;123180;123181;121151;123182;123183;123184;123185;123186;123188;123187;123189;121152;123191;123190;121153;123192;121154;123194;123193;123195;123196;123197;121155;123199;123198;123200;123201;123202;123203;123205;123204;121156;123206;123207;123208;123209;123210;123211;123212;123213;123214;121157;123216;123215;123218;123217;123219;121281;123220;123221;123222;123223;121282;123224;123225;123227;123228;121283;123229;123230;123231;123232;123233;123234;123235;123236;123237;123226;123238;123239;123240;123241;123242;123243;123244;123245;123246;121284;123247;123248;123249;123250;123251;121285;123252;123253;123254;123255;123256;123257;123258;123259;123261;123262;123442;123263;123264;123265;123266;123260;121286;123267;123268;123270;123271;123443;123269;123272;121287;123273;123275;123274;123277;123276;121288;123278;123279;123280;123281;123282;123283;123284;123285;121289;123286;123287;121290;123289;123288;123290;123291;123292;123293;121291;123294;123295;123296;123297;123298;123299;123300;123301;123302;123303;123305;123304;123307;123306;123309;123308;123311;123310;123312;123313;123314;123315;123316;123317;123318;123319;123320;123321;123322;123323;123324;123325;123326;123327;123328;123330;123331;123332;123333;123334;123335;123336;123329;123337;123338;121089;123340;123339;123341;123342;121339;123344;123343;121340;123345;123346;123347;123348;123349;123350;123351;121411;123352;123353;123354;121412;123355;123356;123357;123358;123359;121413;123360;123361;121414;123362;123363;121415;123364;123365;121428;123367;121090;123366;121429;123368;123369;123370;121430;123371;123373;123372;123374;123375;121431;123376;123377;123378;121460;123379;123380;123381;123382;121461;123383;123384;123385;123386;123387;123388;121462;123389;123390;123391;123392;123393;121463;123394;123395;123396;123398;121464;123399;123397;123400;123401;123402;123403;123404;123405;123406;123407;123408;138668;138669;138670;138671;138672;138673;138674;138675;138785;138786;133251;138787;138788;138789;138790;138828;138829;133252;138977;138978;138980;138979;138981;133253;138982;138984;138983;138985;138987;138988;138989;138986;139012;139013;139014;139015;139016;139017;139019;139018;132904;139020;139021;139168;139221;139280;139022;139281;139302;133288;139303;139304;139305;139306;139355;139356;139357;139443;139444;139445;139401;139446;139447;139448;133340;139449;139450;139451;139477;139478;139558;139559;139560;139561;139562;133341;139563;139565;139564;139591;139644;139645;139646;139648;139647;139650;139649;139651;139652;133342;139653;133343;139654;139655;139765;133344;133345;139767;139768;139769;139766;139780;139896;139897;139898;139899;139900;139901;139902;139903;140021;140020;140022;140023;140024;140073;140075;140074;140077;140076;140078;140079;140080;140081;140170;140171;140172;140173;140175;140174;140240;141904;140366;140367;140368;140369;140365;140371;140370;140372;140373;140374;140375;140376;140377;140442;140444;140443;140445;140681;140509;140510;140511;132905;140569;140570;140571;140572;140573;140574;140610;140682;140683;140684;140685;140686;140687;140688;140689;133346;140741;140690;133347;140691;140726;140692;140742;140727;132906;140743;140744;140764;141069;141151;141070;141071;140797;141073;141072;141152;141153;141154;141074;141075;141156;141076;141155;141078;141077;141079;141080;141157;141081;141158;141159;141160;141162;141163;141164;141165;141161;141166;133488;141167;141168;141169;141276;133489;141281;141279;133490;141294;141390;133491;141387;141382;133492;141388;141411;141409;141462;141529;141507;141513;141506;141534;141523;141525;141514;141530;141533;141528;141504;141560;141559;133519;141839;141719;141662;141840;141925;141905;141893;141888;141890;141884;141898;142042;142039;141927;141929;141924;141926;142044;142095;142135;142114;142078;142108;142115;142097;142183;142188;142165;142194;142185;142162;142196;142190;142163;142207;142181;142150;142186;142178;142149;142572;142540;142324;142522;142560;142555;142583;142549;142506;142575;142537;142550;142524;142526;142631;142630;142628;142620;142615;133592;142627;142629;142638;142836;142838;142852;142829;142831;142840;133593;142853;142915;142921;142925;142945;142950;142944;142938;142942;142956;142937;142949;142917;142929;142948;142953;142941;142922;143141;143100;143001;143101;143134;143144;143145;143146;143143;143192;143180;143184;143182;143179;143190;143181;143168;132763;132907;143225;143298;143343;143289;143338;143352;143333;143345;143320;143290;143301;143295;143340;143303;143348;143314;143299;143335;143316;133644;143327;143310;143337;143355;143318;143321;143302;143341;143317;143304;143331;143322;143324;143311;133645;143297;143312;133666;143347;133667;143319;143342;143292;143357;143328;143339;132908;143508;143504;143496;143507;143462;143398;143499;143452;133668;143457;133669;143463;143521;143455;143460;143456;143497;143492;143514;143506;143522;143523;143529;143511;143513;143545;143498;143547;143550;143546;143540;143549;133714;143539;143536;143538;143548;143537;143542;132909;133757;143592;144033;144020;133758;144120;144317;144309;144316;144308;144312;145351;145279;144321;145335;145358;144313;145338;145353;145307;145382;145334;145313;145297;133759;145277;145329;145374;133760;145331;145360;145280;145368;145362;145372;145332;145294;145323;145322;145326;145389;145293;145301;145345;133827;145348;145359;145350;145347;133828;145324;145285;145400;145317;145375;145385;132910;134073;134152;134153;134154;134155;134156;134157;134193;134194;134195;134196;134197;134198;134279;134280;134281;132764;134282;134283;134284;134347;132911;134348;134349;134362;134397;134398;134617;134618;134619;134620;134559;132912;134696;134822;134755;134823;134851;134932;134933;134934;132913;134935;134936;135161;135003;135005;135006;135004;135008;135007;135009;135010;135022;135162;135163;135220;135221;135222;132914;135264;135263;135383;135265;135385;135384;135386;135446;135447;135448;135449;135450;135451;132915;135452;135453;135454;135577;135578;135670;135749;135750;136004;136005;136007;136008;136006;136009;132916;136023;136010;136012;136072;136073;132917;136011;136306;136307;132918;132919;136308;136309;132920;136311;136310;136312;132848;132949;136314;136313;136315;136316;136317;132950;132951;136449;136450;136451;136453;136452;136454;136455;136456;136457;136459;136458;136461;136460;136489;136488;136490;136491;136492;133031;136691;136872;136873;136874;136875;136876;136877;133130;136878;136879;136880;136881;133131;136882;136883;136884;136885;136886;136888;136887;136889;136959;136960;136961;136962;136992;136963;136993;136994;136996;136995;136997;137131;137132;137227;137228;137229;137230;137231;137251;137349;133132;137350;137351;137392;138676;138677;132849;133133;138678;138680;138681;138679;138682;138683;138684;138685;138686;138687;138688;138689;138690;138691;138692;133170;138693;138694;138696;138695;133171;138697;138698;138700;138699;133172;138701;138703;138702;133173;138704;138705;138706;138708;138707;138709;133174;138711;138710;138712;138713;138714;138715;138716;138717;138718;138719;138720;138721;138990;138723;138722;133198;138724;138725;138726;138728;138729;133199;138730;138731;138727;138732;139307;138991;138733;138734;138736;138735;138737;138738;138739;133200;138740;138741;138742;138743;138744;138746;138745;138747;138748;138749;138751;138750;138752;138753;138754;138755;138756;138757;145336;151525;151526;151527;145370;151528;151615;151619;151702;151806;151822;151824;151816;151823;145395;151814;151818;151841;151853;151840;145278;151938;151936;151937;152017;152008;152009;152058;152057;152063;152064;152065;152219;152261;152257;152262;152391;152392;152394;152471;152474;152477;152470;152463;152462;152456;152457;152469;152466;152460;152467;152473;152472;152515;152563;152561;152647;152693;152692;152694;152696;152731;152719;152722;152730;152736;152738;152770;152756;152755;152758;152769;152840;152841;152839;152852;152837;152844;145377;152838;152876;152875;152896;152895;152900;152958;152956;152942;153000;153005;145284;153025;153029;153116;153114;153113;153108;153107;145356;153195;153218;153251;153392;153394;153393;153395;153415;145330;153414;153457;153455;153453;153452;153454;145344;153530;145295;153537;153533;153529;153578;153667;153669;153778;153783;153782;153796;145354;153847;153875;153874;154006;154008;154007;154010;154012;154009;154079;154192;154196;154191;145361;154206;154215;154214;154228;154216;154209;154211;145383;154213;154207;154282;145306;154284;154513;154612;154748;154770;145314;154759;154764;154761;154762;154769;154766;152835;154767;154763;154768;154765;154755;154760;154757;154758;154756;154822;154865;154867;145311;154866;154863;154860;154864;154952;154951;154946;154978;154976;155345;145339;154975;155355;155362;155358;145394;155583;155621;155356;155652;155657;155660;155662;145273;155714;155726;145399;155859;155823;155860;155872;145305;155887;155871;155879;155886;145376;155875;155873;156144;156130;156146;156131;156151;156138;156150;156142;156152;156179;156135;156192;156185;145435;156218;156216;156215;156217;156273;145431;156270;156274;156276;145434;156279;156316;156319;156317;156340;156341;156436;151685;156426;156434;156433;156395;156437;145423;151688;151704;145485;151712;151747;145525;145530;145729;151710;151726;151709;151736;151684;151752;151722;151739;151706;151729;151719;151746;151721;151724;151707;151728;151717;151699;152119;151753;145775;151683;151749;145735;151735;145710;151708;145720;151693;151714;145762;151718;151692;151744;151713;151731;151730;151756;145736;151705;151725;151711;151737;151686;151751;151741;151716;145767;145768;145746;151732;151734;151697;151742;151694;151715;151696;151698;151755;151750;151740;151703;151700;151695;146144;146513;146162;151720;151743;151701;151687;151733;151754;151748;151738;151727;151691;151723;151745;146274;146287;151817;151820;151819;145381;151839;151851;151838;151860;146293;151866;151847;151935;146282;151941;151940;152011;151939;152013;152010;152007;152118;145355;146298;152154;152147;152166;146320;152179;152196;145365;152218;152256;152263;152250;152249;152260;152258;146325;152255;152259;152393;146317;152459;152553;152554;146355;152552;152644;152569;152624;152562;146503;145310;146518;152646;146524;152645;146510;152679;152695;146506;152733;152732;152734;152721;152720;152728;152727;152726;146508;152724;152729;152735;152768;152771;152757;152767;152799;146507;152798;152848;152850;152849;146528;152894;152897;152962;152960;152963;152941;153008;153007;153009;153004;153003;153002;153006;153001;152999;152998;153030;146501;153115;153117;153118;153188;146715;153187;153186;153250;153245;146662;153244;146745;146676;153413;146688;146649;153451;153479;146750;153543;153541;153579;153599;153594;153596;153595;153598;153597;146858;153771;153780;153792;153790;153913;153912;153911;153914;153901;146852;153909;146851;153968;154011;154091;154103;146836;154069;154105;152725;154064;146831;146918;154104;154186;146908;154193;154187;154208;154243;146897;154283;154289;154285;154286;146888;154281;154287;146898;154290;154280;154288;154606;154589;154611;154512;154664;154665;154661;154660;146911;146914;146916;154743;154889;154890;154892;154896;154898;154945;146938;155012;155010;155009;155008;155191;155299;155177;155357;155379;155382;155380;155383;147159;147158;155381;147157;147161;147149;155656;155663;147160;155664;155665;147150;155696;155697;155701;155777;155744;155771;155773;155775;155778;147174;155774;155772;155770;155779;147184;155776;147173;155826;155825;147189;155857;147178;147606;147563;155877;155888;155824;155878;155876;155885;155874;155881;155880;155883;155884;155932;155934;145304;156145;156143;156141;156154;147783;147799;147779;156137;147774;156136;156149;147794;147776;156153;145308;147780;156140;156180;156177;156139;156181;148839;156252;156219;147845;156277;156268;147844;156269;156275;156271;156278;156272;147846;156339;156435;156448;147850;156447;147860;147858;145325;147853;147931;147852;147929;147930;147925;147927;147924;145290;148066;148045;145357;148159;148148;148141;148152;148153;148179;148203;148176;148209;148210;148315;148308;148313;148310;148309;148321;148325;148324;148384;148385;148411;148412;148417;148409;148431;148435;148436;145390;148432;148439;148535;148513;148438;145298;148606;148614;148588;148699;145379;148696;148759;148763;148746;149627;149555;149605;149564;149634;145340;150114;149553;149548;145283;149640;149613;149628;149616;149533;149545;145320;149589;149637;149554;145275;149603;149536;149573;149534;149580;149562;149570;149557;149598;149577;145371;149629;145299;149590;145286;149636;149558;149611;149569;149594;149549;149596;149541;149579;149571;149612;149537;149550;150103;149530;149614;149567;145396;149584;149572;149539;150090;149566;149641;145312;145387;149600;149560;149639;149542;149602;149884;149886;145287;149887;149892;149890;149891;145292;149896;149895;149882;149881;149893;149894;145373;149885;145392;150003;150089;150113;150098;150087;150094;145342;150088;150104;150183;145398;150206;150269;150261;150275;150259;150248;150256;150251;150276;145393;150304;150319;150452;150466;150474;150315;150471;150455;150457;150461;150755;151080;150754;151079;151073;151076;151071;151074;151083;151078;151072;151082;145366;151081;151075;151077;151062;151060;151024;151067;151058;151068;151023;151066;145328;151069;151054;151061;151022;151053;151070;151056;151059;145288;151065;151055;151064;151063;151057;151198;151199;151283;151278;151280;151282;151358;145346;145289;153967;156450;156637;156761;156781;156956;156779;157096;156467;157082;157348;157416;158130;158131;156593;158240;158150;156647;156649;156643;156648;158508;156721;156723;156722;158575;158507;158642;156747;158629;158617;158639;158650;158689;158883;159075;159049;159078;156780;156778;156850;156845;156852;156844;156851;156849;156904;156940;156938;156937;156939;156942;156957;156943;156959;157081;156958;157113;157088;157104;157110;157093;157084;157092;157107;157147;157148;157198;157225;157232;157326;157399;157400;157398;157890;157325;157938;157889;158058;158234;158235;158236;158223;158224;158222;158220;158231;158239;158232;158218;158241;158340;158237;158392;158449;158577;158576;158578;158626;158635;158636;158641;158627;158624;158625;158637;158628;158638;158632;158623;158640;158631;158643;158630;158742;158777;158774;158779;158776;158778;158773;158775;159044;159054;159047;159048;159050;159042;159053;159040;159046;159043;159036;159039;159051;159045;159038;159056;159074;159126;159124;158634;15571;17204;48404;121040;122421;90407;90408;38762;74189;74187;74188;56171;56172;34372;152139;152140;46701;28290;18259;11550;14822;22496;159125;134384;14700;14714;14715;38665;22093;15834;21675;13847;51460;51459;31855;34725;35628;38688;76494;51142;25343;51143;14179;151214;151215;151213;151210;151208;151212;151211;128037;151209;151905;154657;156854;151207;148373;148707;23625;10169;33589;33588;71525;69170;87311;34351;34350;58727;25004;25552;26064;71524;29218;33129;31968;40826;44597;46814;51773;34510;59191;69185;77408;61731;154167;86904;154166;104351;94199;122033;142882;21784;11895;25551;133717;66586;17699;44067;17700;17839;10608;44068;44069;44071;44070;10802;11031;44072;17701;11837;17702;11848;44073;44075;44074;19592;44076;22466;44077;44078;44079;31737;44081;51920;44080;53841;17703;73079;84638;85382;85690;90924;90022;106608;90023;93194;96151;99359;103781;130455;147662;154174;10771;10954;10883;17704;70895;67140;17705;86122;44065;11712;17706;78655;11574;17744;10439;10823;17798;17745;17707;17746;17748;17749;17747;17750;17751;17752;17753;17754;17755;17756;17757;17759;17760;56996;17761;17762;17764;17763;17765;45039;45359;17766;17767;57711;58564;57459;58799;59076;64532;77086;74363;78552;80566;82030;87219;84151;17768;46801;51058;56162;51919;57460;58565;57712;58800;59077;64533;73403;77087;71856;78553;80567;82031;87220;84152;58801;59078;64534;64620;71857;73404;74364;78554;77088;80568;82032;84153;90888;84636;87221;88529;89081;90890;82033;93814;84154;90889;84637;87222;88530;90891;89082;93815;93786;104408;96873;109945;105291;121383;112119;122504;128115;132726;146374;144053;146591;152780;157231;93112;93816;93787;94963;96874;97328;104409;105292;112120;158973;121384;125642;121385;125641;128117;128116;135919;132725;144047;148402;152782;148125;157228;156100;158974;91572;158975;17769;74326;12110;77200;50845;73412;11060;51892;11267;78555;51893;17770;57323;62352;62354;62353;86348;81052;81053;151490;70919;56822;56823;29249;151489;31860;19555;35656;51645;35657;17150;20067;125261;128776;128773;125643;125260;103701;125226;73668;79746;125259;125257;125262;125263;154347;56022;73491;73667;21330;154346;11416;12262;14221;16463;18190;19769;15529;125356;12637;40354;143480;69371;34373;43863;143481;43864;35557;49271;40827;76313;42291;42892;44960;45121;46204;47113;47583;48317;49174;49964;51343;55506;51774;54587;55470;56042;56585;57039;57751;58583;59089;59555;61414;61732;62984;62821;63301;64363;65927;73764;70217;70532;69541;72371;72372;73942;72884;74362;19312;19766;21221;21786;22875;23977;25036;25290;25755;25900;27506;29742;31129;33168;31734;33396;33949;34368;34459;34680;35185;35761;14235;14244;11922;66520;65742;14638;14246;14245;11578;14247;11900;14336;14248;21746;11404;13844;14249;18503;14261;14346;14250;66293;32479;27818;11076;17708;11081;10855;10848;10849;10850;12112;10851;10852;11452;11226;10840;10854;10853;11225;11918;11224;11223;11227;109733;135697;81004;124059;156935;84811;151978;72214;78692;86478;144089;77421;72213;73614;147640;93121;64707;64708;64709;64710;64711;64712;64713;64706;64704;64705;78075;78699;78077;64714;64715;64716;57619;90860;130268;119939;124121;135678;148980;77221;142663;73121;53258;78076;88104;119885;132991;147639;157405;130269;126467;119940;126776;152027;76709;73122;130277;103936;120948;130589;142372;145246;156931;142210;48338;76708;48339;136765;78776;78775;137853;148923;137854;145249;138563;151904;74151;71899;14641;136747;16209;70546;18204;73825;22074;22075;17654;51873;10808;73826;90601;99479;109206;124118;135582;148952;82829;72009;80952;88042;96608;106105;121250;133213;145220;156890;70178;76596;84766;92461;101845;111161;126789;138507;152040;70471;78544;86479;94164;104046;118177;130020;141808;154291;22073;78747;78748;78749;78603;78602;17586;86575;82855;99594;109204;124157;135679;148895;145267;156898;151903;141809;154266;70177;108454;80966;88043;96777;121225;133055;84879;92585;101837;111152;126775;138555;78548;86574;94250;80965;118203;104052;130054;125147;148912;156906;131184;133091;145225;126777;123007;138594;133057;152772;122545;71642;71643;18205;74150;62820;62819;81048;123685;134306;134205;154342;133268;134225;129973;123686;129504;124156;135677;148976;17729;17730;81002;81003;123684;106299;121421;133146;156944;78085;69301;92542;76618;126781;17731;86569;124090;142212;154340;18181;56876;73733;73732;104324;99470;136284;106140;133002;126827;72369;78542;86541;118330;76617;72043;72415;104047;72042;107266;61645;72259;72260;85271;65048;65049;45544;64837;57290;64838;61746;61646;65050;64839;65051;63521;64840;65053;65052;61681;64841;65995;73570;73571;82820;65996;82821;90625;90626;99588;99589;109202;109203;124198;135592;124197;148960;135591;148961;52002;64844;57959;64847;64454;64790;64851;71966;64850;71967;80907;80908;88045;88046;96628;96629;106190;106191;121230;132992;121231;132960;145218;145219;156888;76532;156887;76533;84825;84824;92516;101843;92517;101844;111163;111162;126821;126820;138522;138576;152020;152021;54997;64845;59462;66932;64848;66943;45379;64842;49996;64843;64846;62593;56566;64849;70473;70472;78481;78482;86542;94138;86543;94139;103963;103964;118228;118227;130011;130010;141800;141801;154344;154345;88755;71462;71463;65743;55958;90828;64816;96657;70963;111332;106903;152033;93592;84881;78911;103931;86545;142146;25951;76683;73612;82830;90604;99521;109207;80890;88041;96627;106139;78086;69305;76883;84808;92492;101839;111214;76590;78478;86474;103932;118572;69304;11563;78910;78087;78084;18034;125340;135588;133045;125547;132937;156889;129004;138607;151906;129974;154292;139874;141303;91825;154655;156885;148977;135204;154253;135172;80997;78700;90859;135681;148934;121257;133260;145224;156933;111210;126788;138610;152043;78774;78773;73738;73737;81023;77667;71047;71048;71046;101902;132955;135583;148916;132936;145223;156893;101899;126828;138526;150416;151974;118714;130019;141785;154297;109163;124169;135698;121252;133054;145245;101903;156891;111212;101900;138511;151892;118202;130059;109164;124170;135584;148918;106201;121251;101904;133359;145569;156832;101901;111213;126829;138508;151973;118594;141641;130070;56052;154262;56056;56060;56064;45626;53897;58798;65997;73576;82903;90762;99480;109205;124155;135585;56051;148894;56055;56059;45625;56063;51573;57589;63623;71970;80906;88146;96611;106188;121253;133047;145266;156822;56057;56053;56061;56065;60048;55632;68934;76531;84822;92522;101836;111219;126830;138528;152026;47718;56054;56050;56058;56062;56066;50652;56653;62662;78540;70460;86576;94201;103971;118230;130058;141829;154332;111680;70765;71644;72981;72982;70766;55786;17614;73118;73119;73120;135705;81001;81000;35363;55668;55702;47747;73596;99930;109165;70731;70732;70730;70729;72339;80912;88049;106199;121601;133042;76570;84795;92543;111333;78543;94436;103980;72340;40550;22076;74467;74466;76576;12067;12047;45624;26192;10660;10658;110053;76937;76938;104786;136066;124171;133041;111164;104787;124276;73577;80915;84799;18175;69552;12126;71537;69478;136809;57978;57977;57979;77666;57980;81605;57981;107090;69479;101896;86473;71022;103987;82854;111352;135850;124237;148925;106759;121347;146048;156855;111228;152030;138564;123830;130005;154326;142223;72065;73597;77636;84916;83469;136998;109209;135237;135676;72777;72064;72775;88044;145244;136091;138590;72778;86577;104051;154418;124337;126051;138509;72776;88086;88087;142594;103663;74042;82822;90679;99528;109201;135680;124122;148924;88053;96610;80909;144326;132961;121226;145264;157127;76527;92460;101815;111209;126915;84823;138592;152035;94290;103935;118205;130012;141807;154771;78541;87209;73914;124462;125265;138074;109430;109431;109345;121396;73913;10594;10613;67396;67397;67398;67399;67400;67401;67402;67403;67404;67405;67406;67407;67408;67409;67410;67411;67412;67413;67414;67415;67416;67417;67418;67419;67420;67421;67422;67423;67424;67425;67426;67427;67428;67429;67430;67431;67432;67433;67434;67435;67436;67437;67438;67439;67440;67441;67442;67443;67444;67445;67446;67447;67448;67449;67450;67451;67452;67453;67454;67455;67456;67457;67458;67459;67460;67461;67462;67463;67464;67465;67466;67467;67468;110054;67469;67470;67471;67472;67473;67474;67475;67476;67477;67478;67479;67480;67481;67482;67483;67484;67485;67486;67487;67488;67489;67490;67491;67492;67493;67494;67495;67496;67497;67498;67499;67500;67501;67502;67503;67504;67505;67507;67506;67509;67508;67510;67511;67512;67513;67514;67515;67516;67517;67518;67519;67521;67520;67522;67523;67525;67524;67526;67527;67528;67529;67530;67531;67532;67533;67534;67535;67536;67537;67538;67539;67540;67541;67542;67543;67544;67545;67546;67547;67548;67549;67550;67551;67552;67553;67554;67555;67556;67557;67558;67559;67560;67561;67562;67563;67564;67565;67566;67567;67568;67570;67569;67571;67572;67574;67573;67576;67575;67577;67578;67579;67580;67582;67581;67583;67584;67585;67586;67587;67588;67589;67590;67591;67592;67594;67593;67595;67596;67597;67598;67599;67600;67602;67601;67604;67603;67605;67606;67607;67608;67610;67609;67611;67612;67613;67614;67615;67616;67618;67617;67620;67619;67622;67621;67623;67624;67625;67626;67627;67628;67629;67630;67631;67632;67633;67634;67635;67636;67637;67639;67638;67640;67641;67642;67643;67644;67645;67646;67647;67648;67649;67650;67651;67652;67654;67653;67656;67655;67657;67658;67660;67659;67662;67661;67664;67663;67666;67665;67667;67668;67670;67669;67671;67672;67674;67673;67676;67675;67677;67678;67679;67680;67681;67682;67683;67684;67685;67686;67687;67688;67689;67690;67691;67692;67693;67694;67695;67697;67696;67698;67699;67700;67701;67702;67703;67704;67705;67706;67707;67708;67709;67710;67711;67712;67713;67714;67715;67716;67717;67718;67719;67720;67721;67722;67723;67724;67725;67726;67727;67728;67729;67730;67731;67732;67733;67734;67735;67736;67737;67738;67739;67740;67741;67742;67743;67744;67745;67746;67747;67748;67749;67750;67751;67752;67753;67755;67754;67756;67757;67759;67758;67760;67761;67762;67763;67764;67765;67766;67767;67768;67769;67770;67771;67772;67773;67775;67774;67776;67777;67778;67780;67779;67781;67782;67783;67784;67785;67786;67787;67788;67789;67790;67791;67792;67793;67794;67795;67796;67797;67798;67799;67800;67801;67802;67803;67804;67805;67806;67807;67808;67809;67810;67811;67812;67813;67814;67815;67816;67817;67818;67819;67821;67820;67823;67822;67824;67825;67827;67826;67829;67828;67830;67831;67832;67833;67834;67835;67836;67837;67838;67839;67840;67841;67842;67843;67844;67845;67846;67847;67849;67848;67851;67850;67852;67853;67855;67854;67856;67858;67857;67859;67860;67862;67861;67863;67864;67865;67866;67868;67867;67869;67870;67872;67871;67873;67874;67875;67876;67877;67878;67879;67880;67881;67882;67883;67885;67884;67886;67887;67888;67889;67890;67891;67892;67893;67894;67895;67896;67897;67898;67899;67901;67900;67902;67903;67904;67905;67906;67907;67908;67909;67910;67911;67912;67913;67914;67915;67916;67917;67918;67919;67920;67921;67923;67922;67924;67925;67926;67927;67928;67929;67930;67931;67932;67933;67934;67935;67936;67937;67938;67939;67940;67941;67942;67943;67944;67945;67946;67947;67948;67949;67950;67951;67952;67953;67954;67955;67956;67957;67958;67959;67960;67961;67962;67963;67964;67965;67966;67967;67968;67969;67970;67971;67972;67973;67975;67974;67976;67977;67978;67979;67981;67980;67982;67983;67984;67985;67987;67986;67989;67988;67990;67991;67992;67993;67994;67995;67996;67997;67998;68000;67999;68001;68002;68003;68004;68005;68006;68007;68008;68009;68010;68011;68012;68013;68015;68014;68016;68018;68017;68019;68020;68021;68022;68023;68025;68024;68026;68028;68027;68029;68030;68032;68031;68033;68034;68035;68036;68037;68038;68040;68039;68041;68043;68044;68042;68045;68046;68047;68049;68050;68051;68048;68052;68053;68054;68055;68056;68057;68058;68059;68061;68060;68062;68063;68064;68065;68066;68067;68068;68069;68070;68071;68072;68073;68074;68075;68076;68077;68078;68079;68080;68081;68082;68083;68084;68085;68086;68088;68087;68089;68090;68091;68092;68093;68094;68095;68096;68097;68098;68099;68100;68101;68102;68103;68104;68105;68107;68106;68108;68109;68111;68110;68112;68113;68115;68114;68117;68116;68119;68118;68120;68121;68123;68122;68124;68125;68127;68126;68128;68129;68130;68131;68132;68133;68135;68134;68136;68137;68138;68139;68140;68141;68142;68143;68144;68145;68146;68147;68148;68149;68151;68150;68152;68153;68154;68155;68156;68157;68159;68158;68160;68161;68163;68162;68164;68165;68166;68167;68168;68169;68170;68171;68173;68172;68174;68175;68176;68177;68178;68179;68180;68181;68182;68183;68184;68185;68186;68187;68188;68189;68191;68190;68192;68193;68194;68195;68196;68197;68198;68199;68200;68201;68202;68203;68204;68205;68206;68207;68208;68209;68210;68211;68212;68213;68214;68215;68216;68217;68218;68219;68220;68221;68222;68223;68224;68225;68226;68227;68228;68229;68230;68231;68232;68233;68234;68235;68236;68237;68239;68238;68240;68241;68242;68243;68244;68245;68246;68248;68247;68249;68250;68251;68252;68253;68255;68254;68257;68256;68258;68259;68260;68261;68262;68264;68263;68265;68266;68267;68268;68270;68269;68271;68272;68274;68273;68275;68276;68277;68278;68279;68280;68281;68282;68283;68284;68285;68286;68287;68288;68289;68290;68291;68292;68293;68294;68295;68296;68297;68298;68300;68299;68301;68302;68303;68305;68304;68306;68307;68308;68309;68310;68311;68312;68313;68314;68315;68316;68317;68318;68319;68320;68321;68322;68323;68324;68325;68326;68328;68327;68329;68330;68332;68331;68333;68334;68335;68336;68337;68338;68339;68340;68341;68342;68343;68344;68345;68346;68347;68348;68349;68350;68351;68352;68353;68354;68355;68356;68357;68358;68359;68360;68361;68362;68363;68364;68365;68366;68367;68368;68369;68370;68371;68372;68374;68375;68376;68377;68378;68373;68379;68380;68381;68382;68383;68385;68384;68387;68386;68388;68389;68390;68391;68392;68393;68394;68395;68396;68397;68398;68399;68400;68401;68402;68403;68404;68405;68406;68407;68408;68409;68410;68411;68412;68413;68414;68415;68416;68417;68418;68419;68420;68421;68422;68423;68424;68425;68426;68427;68428;68429;68430;68431;68432;68433;68434;68435;68436;68438;68437;68439;68440;68441;68442;68443;68444;68445;68446;68447;68448;68449;68450;68451;68452;68453;68454;68456;68455;68457;68458;68460;68461;68462;68463;68464;68459;68465;68466;68467;68469;68468;68470;68471;68472;68473;68475;68474;68477;68476;68479;68478;68480;68481;68482;68483;68484;68485;68486;68488;68489;68490;68487;68491;68492;68493;68494;68495;68496;68497;68498;68499;68500;68502;68501;68504;68503;68505;68506;68507;68508;68509;68510;68511;68512;68513;68514;68515;68516;68518;68517;68519;68520;68521;68522;68523;68524;68525;68526;68527;68528;68530;68531;68532;68533;68529;68534;68535;68536;68537;68538;68539;68540;68541;68542;68544;68543;68545;68546;68547;68548;68549;68550;68551;68552;68553;68554;68555;68556;68557;68558;68559;68560;68561;68562;68563;68564;68565;68567;68568;68569;68566;68570;68571;68573;68572;68575;68574;68576;68577;68579;68578;68581;68580;68582;68583;68584;68585;68587;68586;68588;68589;68590;68591;68593;68592;68595;68594;68597;68596;68598;68599;68600;68601;68603;68602;68604;68605;68606;68607;68608;68609;68610;68612;68613;68611;68614;68615;68616;68617;68618;68619;68620;68622;68621;68623;68624;68625;68626;68627;68628;68629;68630;68631;68632;68633;68634;68636;68635;68638;68637;68639;68640;68641;68642;68643;68644;68646;68645;68647;68648;68649;68650;68651;68652;68653;68654;68655;68656;68657;68658;68659;68660;68661;68662;68663;68664;68665;68666;68667;68668;68669;68670;68671;68672;68673;68674;68675;68676;68677;68678;68679;68680;68681;68682;68683;68684;68685;68686;68687;68689;68688;68691;68690;68692;68693;68694;68695;68696;68697;68698;68699;68700;68701;68702;68703;68704;68705;68706;68708;68707;68710;68709;68712;68711;68713;68714;68715;68716;68717;68718;68720;68719;68721;68722;68723;68724;68725;68726;68727;68729;68728;68730;68731;68733;68732;68734;68735;68736;68737;68738;68739;68740;68741;68742;68743;68744;68745;68747;68746;68748;68749;68750;68751;68752;68753;68754;68755;68756;68757;68758;68759;68760;68761;68762;68763;68764;68765;68766;68767;68768;68769;68770;68771;68772;68773;68774;68775;68776;68777;68778;68779;68780;68781;68782;68783;68784;68785;68786;68787;68788;68789;68790;68791;68792;68793;68794;68795;68796;68797;68798;68799;68800;68802;68801;68803;68804;68805;68806;68807;68808;68809;68810;68811;68812;68813;68814;68815;68816;68817;68818;68819;68820;68821;68822;68823;68824;68825;68826;68827;68828;68829;68830;68831;68832;68833;68834;68835;68836;68837;68838;68839;68840;68841;68842;68843;68863;68844;68864;68920;69009;68976;69010;69156;69157;69158;69159;69221;69251;69252;69340;69253;69455;69456;69492;69501;69776;69806;69940;69941;70006;70008;70007;70113;70009;70186;70187;70283;70284;70346;70347;70285;70286;70287;70288;70326;70363;70386;70450;70465;70524;70535;70574;70575;70551;70552;70596;70597;70598;70690;70691;70692;70693;70702;70754;71125;70770;71102;71126;71104;71103;71127;71105;71128;71129;71106;71107;71130;71109;71108;71110;71111;71112;71113;71131;71114;71186;71187;71252;71251;71241;71387;71333;71287;71288;71289;71366;71334;71367;71368;71388;71513;71555;71556;71610;71611;68845;68846;68847;68848;68849;68850;68851;68853;68852;68854;68855;68856;68977;68978;69509;69510;69942;70525;70526;70599;71132;71133;71134;71514;71489;71515;71875;71876;71908;71985;71984;72057;72058;72160;72195;72227;72228;72271;72272;72315;72316;72362;72419;72469;72470;72471;72496;72565;72566;72677;72734;72697;72735;72791;72792;72809;72922;72852;73006;73007;73009;73008;73069;73070;73088;73089;73112;73172;73173;73196;73197;73279;73294;73280;73324;73323;73395;73450;73583;73605;73584;73662;73677;73720;73794;73721;73935;73795;74100;73936;74202;74143;74296;74203;74297;74298;74299;74343;74345;74344;76727;76728;76729;76730;76731;76732;76733;76734;76736;76735;74505;76737;74455;74482;74456;74457;74483;76155;76738;76231;76232;76441;76739;76442;76443;76547;76740;76548;76631;76742;76741;76694;76695;76743;76744;76745;76746;76855;76747;76856;76748;76888;77008;77009;77010;77011;77044;77043;77045;77076;77077;77137;77191;77192;77242;77270;77385;77463;77549;77550;77513;77514;77515;77516;77517;77566;77597;77622;77694;77736;77735;77737;77738;77739;77740;77805;77847;77849;77848;77951;77952;77978;78004;78005;78022;78072;78522;78523;78524;78404;78618;78525;78526;78527;78500;78499;78501;78454;78528;78638;78529;78530;78639;78531;78592;78593;78619;78640;78753;78721;78754;78755;78838;78882;78883;78908;79199;79200;79201;79227;79369;79370;79371;79372;79373;79424;79593;79594;79708;79680;79681;79709;79756;79757;79845;79846;79847;80000;80001;80002;80003;80070;80071;80110;80111;80112;80114;80113;80155;80154;72472;72533;72534;72535;73221;73222;73243;73606;73607;73959;73960;73961;74376;74101;74377;74378;74484;76184;76185;76186;76602;76601;76603;76781;76927;76926;76928;77138;77139;77140;77355;77623;77624;77625;77891;77892;77893;77894;77953;78578;78579;78580;78756;78757;78839;79242;79243;79325;79374;79376;79375;79758;79735;80004;80005;80006;80156;80157;80158;80329;80387;80407;80503;80504;80877;80899;80900;80901;80927;81011;81065;81044;81031;81066;81099;81067;81157;81306;81307;81288;81289;81464;81465;81466;81467;81537;81538;81800;81721;81802;81801;81723;81722;81804;81803;81724;81725;81805;81806;81660;81807;81749;81808;81766;81902;81947;82015;82065;82016;82287;82288;82289;82464;82465;82488;82489;82517;82687;82688;82689;82690;82757;82787;82808;82788;82789;82980;82981;82982;83026;83131;83400;83401;83402;83403;83404;83444;83445;83446;83447;83984;83535;83985;84003;84073;84074;84107;84138;84202;84256;84351;84352;84353;84354;84417;84418;84463;84464;84485;84534;84608;84757;84659;84784;84785;85096;85097;84817;85098;85099;85100;85101;85102;85103;85104;85105;85106;85107;84889;85108;84890;85109;85111;85110;85112;85113;85114;85115;84975;85035;85036;85067;85116;85117;85247;85294;85339;85137;85395;85487;85489;85488;85490;85491;85492;85526;85611;85613;85612;85614;85642;85679;85710;85732;85711;85777;85778;85779;85780;85781;85782;85864;85865;85958;85959;86095;86096;86199;86240;86359;86360;86487;86520;86522;86521;86556;86557;86612;86624;86714;86715;86741;86742;86743;86843;86892;86925;87018;86926;86927;87019;87020;87021;87022;87023;87024;87025;87026;87090;87027;87028;87091;87029;87092;87030;87093;87031;87033;87032;87034;87094;87035;87095;87036;87037;87038;87039;87040;87041;87042;87096;87097;87118;87119;87230;87231;87271;87272;87300;87301;87302;87363;87364;87365;87395;87396;87448;87449;87450;87451;87547;87636;81101;81100;81564;81102;81871;81966;81873;81872;82518;82490;82491;83045;83046;83047;83448;83449;83776;84108;84109;84388;84110;84419;84389;84786;84818;84819;85118;85175;85176;85177;85178;85261;85262;85263;85438;85439;85440;85967;86395;86438;86778;86779;86780;86881;87098;87332;87753;87792;87793;87794;87795;87796;87797;87798;87799;88029;87936;88030;88031;88069;88070;88071;88167;88168;88403;88443;88444;88445;88477;88478;88674;88776;88777;88778;88779;88780;88781;88856;88782;89065;89064;89094;89095;89769;89815;89816;89770;89858;89859;89952;89951;89978;89953;89979;89980;89981;90074;90075;90110;90111;90113;90112;90137;90174;90175;90176;90177;90295;90296;90383;90384;90486;90487;90488;90489;90613;90614;90667;90666;90746;90745;90747;90850;90880;91029;91030;91031;91032;91148;91149;91150;91151;91210;91152;91211;91072;91112;91113;91212;91414;91415;91416;91417;91418;91494;91493;91535;91641;91737;91797;91796;91798;92008;91799;92028;92396;92397;92576;92489;92577;92599;92687;92689;92688;92690;92716;92747;92835;92934;92935;92936;92937;93034;93035;93093;93147;93268;93338;93446;93447;93501;93641;93760;93759;93791;93790;93842;93804;93857;93947;93948;93949;94149;94221;94222;94247;94264;94428;94495;94496;94696;94429;94698;94697;94699;94700;94701;94702;94703;94704;94705;94706;94707;94708;94709;94710;94711;94712;94713;94714;94715;94716;94717;94718;94719;94720;94721;94722;94723;94724;94725;94726;94727;94622;94621;94895;94907;94908;94927;95041;95276;94928;95277;95379;95464;95410;95598;95561;95831;95977;95978;95979;95980;96065;96066;87834;96067;87835;87836;88032;88033;88981;88857;90178;90297;90342;90936;90937;90938;90987;91213;91291;91292;91294;91293;91590;91591;91592;91738;91850;92656;92657;92677;92779;92780;92781;92983;92984;93148;93448;93449;93676;93677;93678;93904;93905;93906;94064;94094;94223;94224;94532;94533;94225;95042;95043;95044;95617;95758;95759;96068;96069;96070;96279;96298;96299;96326;96327;96328;96329;96401;96476;96584;96585;96586;96587;96588;96751;96692;96753;96752;96789;96945;96970;97036;97007;97008;97139;97198;97293;97346;97345;97347;97372;97371;97404;97405;97485;97547;97506;97508;97507;97593;97626;97627;97749;97765;97820;97821;99061;99062;99063;99064;99066;99065;99067;99068;99070;99069;99072;99071;99073;99074;97906;97907;99075;99754;99298;99299;99329;99330;99332;99331;99386;99333;99334;99451;99452;99500;99562;99755;99563;99564;99565;99566;99567;100046;100045;100087;100088;100171;100089;100341;100342;100343;100344;100368;100369;100396;100397;100505;100506;100507;100525;100526;100527;100613;100528;100776;100800;100886;100887;100947;100888;100889;101022;100978;101076;101097;101139;101138;101249;101250;101382;101251;101383;101798;101877;101878;102031;102511;102281;102282;102283;102284;102339;102285;102340;102286;102287;102288;102289;102290;102292;102291;102293;102294;102295;102296;102297;102299;102298;102300;102301;102302;102303;102341;102342;102343;102344;102345;102346;102347;102473;102409;102512;102533;102513;102514;102515;102516;102534;102569;102570;102571;102633;102772;102850;102851;102904;102970;103204;103164;103165;103166;103238;103347;103488;103489;103490;103491;103525;103558;103559;103625;103626;103684;103803;103729;103829;103914;103955;104088;104001;104002;104089;104199;104200;104247;104248;104368;104618;104617;104698;104773;104799;104837;104838;104864;104946;104947;104948;105015;105016;105027;105028;105068;105142;96477;96478;96479;96589;97057;97117;97118;97406;97407;97408;99159;99160;99387;99161;99388;99389;100233;100234;100449;100235;100450;100451;100583;100584;101098;101192;101193;101194;102059;102060;102061;102572;102623;102624;102773;103348;103401;103402;103560;103765;104167;104168;104169;104369;104370;104371;104565;105144;105143;105145;105247;105598;105599;105600;105601;105667;105668;105669;105670;105671;106118;106239;106119;106240;106327;106364;106365;106366;106368;106571;106572;107014;107079;107015;107203;107080;107204;107205;107247;107206;108318;108273;108319;108358;108320;108321;108359;108393;108394;108479;108642;108938;108862;108863;109104;109105;109106;109107;109108;109109;109110;109111;109112;109153;109154;109438;109024;109113;109155;109025;109439;109192;109297;109193;109298;109331;109332;109333;109440;109542;109665;109629;109666;109807;109808;109809;109810;109811;109826;109827;109977;109978;109979;109980;109981;109982;109983;109984;109985;109986;110070;110108;110109;110276;110278;110277;110505;110582;110702;110701;110704;110703;110705;110706;110707;110629;110749;110751;110750;110917;110752;110918;110995;110996;111024;111252;111025;111253;111254;111320;111319;111482;111481;111483;111484;111485;111723;111724;111800;111801;112025;112103;112129;112130;117466;117623;117624;117679;117765;117766;117767;117815;117768;118025;117970;118026;118027;118076;118125;118161;118183;118184;118368;118709;118763;118762;118764;118765;118766;118767;118768;118769;118771;118770;118772;118774;118773;118775;118776;118778;118777;118779;118780;118781;118782;118783;118784;118810;118811;118511;118859;118512;118812;118813;118849;118850;119111;119166;118860;119278;119247;119248;119293;119329;119328;119756;119755;119757;119796;105520;105759;105760;106040;106241;106225;106242;106328;106468;106670;107051;107052;108939;109008;109156;109386;109523;109524;109630;109543;109631;109632;109828;109829;109881;110071;110404;110527;110584;110583;110585;110997;111144;110998;111562;111622;111725;111726;112283;111993;117378;117446;117513;117493;117514;117770;117769;117847;117848;117849;118053;118054;118055;118105;118106;118107;118441;118814;118851;118852;118861;119279;119534;119535;119567;119638;119639;120975;121200;121172;121279;121408;121378;121496;121497;121498;121499;121500;121523;121524;121525;121526;121584;121583;122325;122326;122327;122328;122461;122460;122462;122574;122632;122575;122633;122801;122863;122838;122938;122864;122991;122992;123055;123122;123430;123431;123483;123484;123485;123646;123960;123986;124097;124014;124133;124134;124135;124229;124253;124230;127567;124254;127568;127569;127570;127571;127572;127573;127574;127575;127576;125106;125107;125108;125109;127577;127578;127579;127580;127581;127582;127583;125187;125110;125188;127584;125189;125111;125190;125112;125191;127585;125442;125443;125444;127586;127587;127588;125589;127589;125688;125689;125914;127590;126022;126023;126024;127591;127592;127593;127594;126083;126141;126249;126142;126300;126316;127595;126317;126318;126450;126451;127596;126609;127597;126671;127598;127599;126672;126807;126708;127030;127600;126936;126937;127601;126938;127602;126971;127031;127603;127604;127605;127606;127608;127607;127609;127976;127610;127977;127611;127612;127978;127979;127981;127980;127982;127983;127984;128298;128405;128445;128598;128512;128513;128494;128514;128599;128655;128656;128846;128845;128847;129036;128747;128848;128748;128961;128980;129086;129087;129088;129328;129262;129138;129139;129263;129264;129329;129330;129574;129514;129987;130039;129989;129988;130040;130138;130139;130184;130247;130414;130415;130442;130497;131269;131270;131271;130737;131272;131110;130993;131273;131111;131113;131112;131373;131274;131518;131519;131520;131521;131828;131829;131915;131971;131972;131973;131974;132221;132303;132304;132667;132668;120976;132380;120977;132381;132412;121201;121202;121566;121630;122045;122044;122141;122802;122803;122804;122805;123145;123631;123961;123962;124048;124231;125113;125114;125115;125116;125235;125236;125237;125238;125665;125380;125792;125755;125938;125804;125963;125964;125965;125966;126143;126144;126488;126557;126610;126674;126673;127613;127614;127615;127616;127617;127985;128600;128601;128981;129140;129141;129515;129551;129575;129955;129841;129956;129990;130994;130995;130997;130996;131175;131174;131743;131209;131744;132305;131916;131917;131918;132067;132881;132944;133019;133020;133021;133153;133122;133123;133154;133182;133183;133184;133155;133220;133185;133186;133187;133279;133330;133331;133332;140038;133444;140032;133590;133591;140033;133513;133514;133515;133631;133780;133745;133781;133782;133823;134020;134058;134021;134022;140035;134059;140036;134141;134142;134143;134338;134191;134339;134340;134357;134341;134388;134556;134644;134687;134688;134689;134690;134750;134751;134691;134752;134821;134753;134931;134886;134887;135001;134846;134970;135428;135217;135218;135663;135374;135375;135429;135376;135430;135377;135573;135664;135378;135665;135379;135380;135431;135715;135747;135748;135884;135950;135885;135951;135952;135953;135954;135955;135956;135957;135958;136644;140034;136597;136598;136445;136446;136161;136447;136418;136419;136600;136599;136543;136601;136645;136646;136602;136647;137345;137171;136958;137218;137219;137037;137220;137221;137129;137222;137223;137224;137250;137289;137384;137346;137694;137385;137695;137386;137529;137530;137387;137531;137532;138201;137768;137696;137769;137770;137771;137740;137819;137820;137871;138202;138203;138204;138246;138481;138482;138483;138484;138485;138486;138487;138659;138660;138661;138662;138663;138664;138665;138667;138666;138975;140037;138976;139396;139162;139163;139275;139219;139276;139277;139397;139278;139350;139351;139352;139473;139474;139475;139530;139613;140436;140042;139909;140205;149376;140613;140395;140455;140483;140437;140524;140482;140486;140498;140497;140525;140783;140614;142897;141221;141234;141228;141252;141215;141257;141241;141239;141218;141238;141236;141229;141235;141258;141237;141253;141242;141232;141223;141254;141209;141256;141219;141220;141233;141250;141227;141225;141255;141226;141259;141224;141240;141222;141053;141120;141310;141312;141313;141414;141309;141130;143210;141413;141308;141261;141311;141637;141856;141777;141813;141855;141857;141912;141935;142005;142744;141933;142786;142785;142752;142743;142780;142755;142791;142763;142770;142811;142789;142751;142997;142776;142797;142796;142814;142764;142812;142804;142769;142750;142760;142768;142800;142748;142774;142754;142782;142794;142805;142813;142773;142749;142801;142778;142759;142775;142756;142783;142777;142802;142792;142899;142753;142771;142803;142781;142798;142762;142772;142765;142787;142767;142766;142747;142795;142758;142761;142815;142482;142484;142486;142962;142487;142485;142900;142895;142488;142799;142790;142898;142745;142793;142779;142746;142757;142788;142784;142964;142961;142963;142877;142965;142996;142896;143118;143197;143368;143201;143372;143377;146197;143378;146200;143534;144212;144216;144209;144213;144208;144206;144329;144330;144333;144331;144335;144332;144338;144336;144508;144563;144371;144562;144372;144373;132762;144375;132945;132946;133381;133663;133382;133632;134023;133711;134024;134061;134060;134342;134343;134358;144340;134359;144374;144561;144339;134645;144565;144447;144564;144457;135381;135433;135432;135574;136388;136022;136448;136485;136727;137173;137172;137225;137226;137290;137388;137291;137697;137821;138247;138417;138488;138418;139164;139165;139167;139166;139541;139398;139531;139476;139771;140082;140084;140208;140496;140500;140588;140499;140789;140930;140926;141207;141364;141367;141365;141395;141396;142024;142222;142483;142676;142869;142868;143067;142867;143207;142905;146201;146198;143427;143451;143486;143535;144014;144207;144210;144711;144748;144853;144844;144940;145012;145036;145006;145086;145075;145080;145462;145461;145508;145539;146565;145540;146046;146078;146077;146083;146101;146195;146438;146546;146441;146639;146640;146580;146638;146636;146637;146583;146568;146585;148551;146768;146866;146865;146868;146867;146934;146933;147141;147169;147166;147170;147167;147165;147195;147168;147213;147641;147646;147655;147712;147656;147863;147861;147888;148035;148183;148127;148181;148134;148219;148547;148421;148343;148359;148382;148423;148446;148371;148398;148571;148644;148556;148713;148997;148861;148862;148884;148883;148998;149021;149000;148999;149001;149059;149056;151113;149213;149909;149316;149914;149928;149958;149915;149931;149947;149943;149922;149937;149969;149941;149954;149932;149964;149966;149959;149955;149935;149940;149962;149965;149929;149936;149939;149924;149942;149963;149933;149923;152764;155325;155318;149917;149916;155323;149956;149948;149913;149968;155348;149912;149961;149960;149938;155324;149918;149911;149946;149934;149927;149910;149994;149995;149993;149790;149785;150063;149996;150060;150133;150145;150142;150153;150238;150282;150349;150242;150345;150344;150348;150500;150496;150693;150425;151217;150447;150449;150426;150429;150428;150495;150725;150494;150498;150497;150493;153180;150499;150747;150748;150723;150724;150779;150794;151359;151150;151218;151148;151450;151279;151284;151449;151152;151432;151353;151430;151505;151917;151926;151918;151682;151681;151984;151928;151982;151925;152095;152093;152184;152177;152264;152365;152366;152496;152538;152509;152498;152495;152493;152494;152511;152513;152510;152512;152549;152548;152622;152625;152615;152616;152626;152614;152623;152687;152617;152686;152795;152911;152979;152907;152978;152980;152981;153109;153240;153110;153237;153236;153241;153239;153419;153531;153574;153565;153534;153566;153575;153997;153765;154106;154066;154341;154097;154085;154096;154835;154128;154176;154353;154164;154270;154271;154277;154236;154269;154268;154808;154433;154782;154780;154848;154844;154859;154850;154833;154837;154886;154905;154934;155568;155978;154902;155987;155967;155969;155986;155390;155414;155984;155403;155406;155412;155398;155405;155387;155407;155437;155392;155428;155434;155413;155391;155429;155408;155396;155395;155410;155389;155415;155388;155425;155424;155417;155427;155394;155397;155422;155421;155419;155430;155435;155402;155436;155426;155418;155401;155438;155400;155420;155409;155393;155423;155404;155431;155416;155623;155433;155432;155411;155617;155608;155609;155610;155611;155606;155563;155569;155572;155564;155298;155566;155567;155565;155636;155692;155693;155695;155694;155846;155847;155845;155844;155957;155958;155991;155993;156045;156119;156123;156120;156156;156206;156244;156147;156243;156398;156399;146196;144802;144904;156397;144907;144906;144903;145505;144905;145700;146045;146047;146376;146377;146096;146269;146300;148549;148550;146299;146304;146305;146352;148546;147804;146534;146549;148548;147767;146588;146587;146989;146988;146993;147202;147204;147203;147205;147642;147621;148544;147811;148545;147862;147865;147840;147839;147869;147864;148383;147966;147965;147967;148036;148088;148133;148458;148459;148258;148259;148380;148453;148642;148452;149049;149245;149214;149296;149357;149356;149420;149421;149822;150061;150062;150299;154915;150722;150688;150689;150784;150778;150783;150843;150782;150941;151114;151112;151281;154917;151506;151529;151690;151689;151943;151948;151954;151944;152018;152049;152094;152195;152265;152267;152268;152266;152744;152382;152389;152464;152465;152598;152601;152578;152597;152754;152618;152912;153210;153390;153172;153442;153443;153558;153567;153559;153557;153665;153837;153550;153838;153964;153991;154916;153992;154165;154146;154145;154163;154971;154746;154970;154845;154885;155245;155011;155616;155615;155674;155673;155638;155679;155680;155926;155742;155889;156116;156204;155869;156205;156265;156458;156459;156652;156664;156663;156706;156705;156700;156797;156708;156800;156910;156876;157060;156875;157061;156936;157121;157122;157159;157161;157123;157223;157275;157277;157274;157335;157333;157317;157316;157368;158103;158101;158098;158726;158108;158113;158104;158110;158114;158118;158269;158268;158305;158267;158307;158332;158350;158467;158732;158797;158796;158794;158882;158884;158881;158904;158903;158984;158959;158970;158956;158968;158099;158962;158999;158998;156476;156570;156574;156571;156573;156572;156707;156740;156858;156859;157137;157164;157359;157291;157387;158112;158102;158107;158100;158171;158471;158359;158474;158492;158463;158475;158738;158740;158739;158767;158800;158795;158793;158792;159015;159066;159067;158997;159011;159016;159057;158734;159070;159071;159117;159173;68857;79445;79446;79447;79448;79449;79450;79451;79452;79453;79454;79455;79456;79457;79458;79459;79460;79461;79462;79463;79464;79465;79466;79467;79468;79469;79470;79471;79472;68878;79473;79474;79475;79476;79477;79478;79479;79480;79481;79482;79483;79484;79485;79486;79487;79488;79489;79490;79491;79492;79493;79494;79495;79496;79497;79498;79499;79500;79501;79502;79503;79504;79505;79506;79507;79508;79509;79510;79511;79512;79513;79514;79515;79516;79517;79518;79519;79520;79521;79522;79523;79524;79525;79526;79527;159123;79528;79529;79530;79531;79532;79533;79534;79536;79537;79538;79539;78234;78235;79535;78236;78237;78238;78239;79540;79541;79543;79542;79544;79545;79546;79547;79548;79549;79550;79551;79553;79552;79554;79555;79556;79557;80007;80247;80008;80248;80279;80280;80395;80394;80439;80929;81012;80928;81103;81119;81694;81118;81695;81726;81696;81903;81767;81768;81948;81904;81874;81967;81968;82066;82691;82692;82983;83108;83482;83484;83483;83485;83966;83967;84004;84139;84140;84141;84203;84257;84440;84390;84891;85037;85038;85138;85139;85141;85140;85142;85143;85144;85145;85147;85146;85188;85148;85236;85237;85340;85493;85528;85527;85529;85733;85783;85784;85968;86216;86613;86669;86670;86802;86781;86782;86882;87167;87273;87303;87232;87333;87366;87489;87800;87801;87802;87803;88034;88169;88170;88171;88446;88689;88737;88858;88783;89020;89066;89817;89818;89860;89982;90019;90076;90138;90139;90298;90385;90988;90989;91153;91154;91155;91316;91295;91280;91739;91740;91741;91742;91743;91744;91745;91746;91747;91748;91749;91750;91751;91752;91753;91754;91755;91756;91419;91776;91775;91777;91800;92600;92601;92602;92658;92659;92691;92782;92783;92854;93036;93037;93038;93679;93395;93396;93397;93709;93680;93761;93792;93793;93907;93908;94065;94095;94226;94227;94229;94228;94430;94497;94498;94534;94535;94650;94909;94930;94931;95045;95046;94929;95278;95279;95280;95366;95380;95599;95618;95619;95620;95621;95760;95794;95796;95795;96071;96072;96073;96074;96300;96517;96518;96519;96520;96521;96522;96590;96591;96790;96946;96947;97058;97079;97119;97120;97316;97409;97410;97411;97412;97486;97908;99076;99077;99078;99079;99081;99080;99162;99082;99164;99113;99390;99391;99392;99163;99568;99569;99975;99976;99977;100090;100115;100116;100205;100236;100237;100238;100399;100398;100529;100530;100585;100586;100948;101040;101140;101196;101195;101197;101198;101199;101252;101200;102062;102063;102064;102065;102835;102625;102573;102774;102906;102905;102908;102907;103403;103404;103830;103592;103593;104137;104136;104138;103627;104201;104202;104203;104249;104204;104453;104454;104619;105146;105147;105249;105248;105250;105521;105251;105643;105644;105717;105718;105761;106120;105762;106121;106243;106226;106291;106469;106524;107129;106706;107130;107248;107249;108360;108823;108864;108940;108941;109114;109157;109334;109158;109426;109544;109545;109667;109668;109830;109987;109988;109989;110110;110072;110305;110526;110306;110580;110581;110791;110884;110792;111021;111023;111022;111049;111773;111772;111992;112024;112282;112170;117377;117512;117846;118050;118051;117764;118708;118052;118962;118963;119010;119277;119292;119484;119566;119823;121605;122573;122087;122837;123482;124013;124637;124638;125105;125104;125615;125664;125754;126021;126020;126140;126669;126670;127565;127566;127975;129137;129550;129370;129986;130884;130923;131150;132666;131208;134611;135572;136071;137128;137170;137217;138415;137739;138416;139442;140168;140169;140018;140019;140361;141383;141374;142884;142943;143148;143132;143454;144837;145565;146248;147899;150475;150464;150463;150180;150986;150906;151049;151464;152045;152398;153582;153221;154015;154016;154858;155945;156595;155946;156597;156598;158127;158121;35008;10636;24743;24228;31651;86314;86315;26199;40985;21152;17595;11437;86316;10756;122403;11936;83349;53331;127857;102821;50350;35658;53471;35779;25247;126588;58076;25335;25245;65765;132935;25248;58604;25244;27507;25250;50542;25252;57915;25246;51859;44344;25287;69181;50543;29831;25251;108715;25249;40989;22255;19253;16476;42349;42351;42350;18525;19256;31051;10170;11906;31133;100381;100382;28292;76193;76214;76215;76192;76216;76262;76122;42337;42336;45082;42338;18612;18193;13645;13858;13646;13647;13859;13648;105157;105155;105156;122156;31789;101166;27802;27627;11845;10781;14255;108803;17636;22232;11626;16063;21025;59727;10171;11669;11024;17336;25571;25568;25570;25569;31467;59241;59242;50413;49806;18535;25708;11806;17327;17329;19505;15911;15909;11478;11479;10591;21227;138072;153136;155598;134709;134708;134710;138222;136825;136817;136762;136810;136818;138034;142873;142874;138035;137242;138036;138042;136819;136812;136824;136811;136823;136822;136816;136821;136813;136815;138041;138038;136814;137880;142876;137904;137900;137899;138220;138221;138331;141350;140502;140526;140530;140527;140516;140529;140528;140576;140522;142872;142875;144930;144932;148574;148560;152523;152505;152507;152506;153213;153141;153135;153140;153146;155591;155594;155592;155596;155593;155595;155597;155307;157862;158760;72817;72818;72819;72820;72821;72822;72823;72824;72825;72826;72827;73138;72883;78586;78587;80281;81167;83816;85535;86906;89687;89688;90246;90775;91673;91958;92942;93125;96314;95478;99438;105376;122259;122822;123512;122757;122348;137279;124009;123079;123557;129302;129502;126819;126786;126787;128414;128413;128508;132040;134305;133266;148123;138037;136826;137355;108591;148845;132771;135255;148974;138335;135904;135898;132584;137626;154336;158085;138334;135903;135755;157876;72828;72829;93126;91969;105295;95925;135756;100419;105296;91970;91971;91674;105297;91675;96531;105298;111065;103222;104811;101164;105299;112161;133858;135690;106143;80888;64286;86186;91676;72816;71496;142491;10611;10517;71495;38197;135238;135277;31462;38914;25764;47697;25768;70683;25763;81148;81166;50861;50860;50987;17201;17253;17574;16479;117530;10345;10172;12236;128276;128277;64294;64295;122502;122503;66334;19944;17996;19593;25444;19594;17209;35976;109061;20743;58119;10783;106457;40472;56818;73459;109582;106458;109394;139414;84470;121348;106459;88490;88099;83266;83267;84289;14837;65549;44047;44048;34044;34043;21041;29726;18417;18418;42352;27598;29748;10811;10664;10173;14733;16323;10174;109037;146059;146430;146433;146206;106488;106489;108515;106490;108516;106491;106492;106493;106494;106495;106496;106497;106498;106499;106500;106501;106502;106503;106504;106505;108517;106506;106507;109038;119886;119887;106952;106273;121474;106198;10508;11693;93006;93007;64853;73689;36162;64852;24246;11070;12111;10176;11675;11682;10564;10593;56240;17349;19584;17596;14185;17350;14357;26063;26025;17648;19513;17649;17314;10177;10670;15973;11850;11008;15949;19519;20088;17689;17219;11116;12041;17220;11761;15478;17221;19950;15948;15770;21305;10750;11117;20376;11050;11237;17796;11807;20111;17709;22268;17710;24906;25159;29833;33849;17711;17712;17713;31649;24907;39480;41014;43351;44921;48244;51139;17797;25368;25971;28181;32123;35043;35067;35750;58681;42862;57825;58966;59056;59529;60085;63621;64992;66584;66842;67259;71426;77285;48245;51140;51439;52717;55925;55969;57537;58039;122590;58967;63622;64993;66585;66843;67260;69401;58988;71427;71927;72881;73338;73862;74291;59057;76281;76791;77402;78545;79246;80330;81080;81510;82025;59530;83033;83517;84362;84671;85298;85885;60086;69348;72882;73411;73863;74292;76282;76772;77403;78546;79247;69402;80331;81081;81511;82026;83034;83518;84363;84672;85299;85886;86300;88679;88693;90007;90360;90920;91441;91897;92554;71428;71928;72511;78556;78082;84364;84673;85300;85887;86301;88694;90008;78547;90361;90921;91442;91898;92555;93077;93656;94106;94955;95874;79248;96799;101525;104631;105771;107216;122591;109576;111230;117340;117497;119764;80332;121602;81082;81512;82027;83035;83519;57557;122536;87599;93078;93657;94107;94956;95875;96800;97353;122537;100420;88680;100804;101526;122538;122539;104632;105772;107217;88695;109577;111215;117498;122821;90009;90362;90922;91443;91899;92556;122540;96801;104633;105773;107218;109578;97354;111231;117499;119765;121510;123827;123753;124762;122541;125640;127130;100421;100805;101527;122542;122543;122544;105774;117500;119766;121353;123828;123754;124763;125639;127131;132770;134949;107219;135926;139571;109579;111216;111217;121475;129557;130276;134944;135918;122750;139569;140532;142591;152853;123829;154650;154663;155590;123755;124764;125681;126637;127132;128531;131732;132769;140533;141355;142904;143449;133400;154656;154349;155589;158133;134162;135969;136741;138593;139570;144947;154296;155625;146311;149348;155730;158154;10839;15708;14770;59088;70728;67173;64557;67174;46803;17714;10513;19232;20009;19311;17302;19597;65615;14356;16335;22316;16336;15433;65616;15392;17687;10628;17715;10535;11444;15436;15861;17239;10810;11236;10655;10856;11966;11630;136744;73289;10701;17716;11468;10867;13650;19494;17717;19495;18033;58987;23927;20402;48243;19518;20180;21236;19768;18207;19239;31608;19227;11531;21153;18573;23968;17205;17225;18124;18589;18626;20132;20379;21323;15762;22021;15779;14226;18084;15780;18051;13840;11767;11938;13655;18007;17301;16200;12093;25822;16071;18156;11969;15850;20300;17246;18166;22267;14368;12008;20246;20374;23774;20169;21918;51456;12034;20339;51457;19514;20283;19753;15982;11799;14292;16138;19754;14293;15711;14294;14295;14296;14708;15983;21083;20091;20867;21091;11229;10574;12026;15784;43402;19547;43401;19546;56703;58040;16210;17259;21222;35259;35402;19313;15928;21310;21159;84216;84217;22512;99661;99662;59171;99663;36083;22124;36171;36170;44324;48908;49142;51425;55993;56379;56652;59211;57337;57372;59244;55023;54630;58087;57346;62312;61659;69448;62663;66295;69184;67227;67228;72714;77702;78233;78738;79599;79797;76277;76278;77305;76915;81818;83732;85986;144644;144641;88985;95027;88986;90428;99280;143253;88987;143262;110722;117334;119600;119601;125855;125856;123416;131319;143273;138595;143489;143532;126705;143282;129696;144646;144649;40352;66203;14787;17634;22873;19778;24001;24672;14258;14188;17297;17298;16208;19287;18621;18637;17247;35060;16276;11324;15905;10831;22271;21189;24261;34337;40796;15772;34338;14613;18659;43158;43157;35587;43159;20378;20215;11824;17610;48202;20216;21582;34726;21238;34419;19521;18636;17222;21228;11816;17223;20011;23784;20170;16122;20251;11099;11695;10618;21697;55928;57318;58410;78689;59317;59969;64670;72282;97947;91784;38866;40663;43862;40986;47802;52042;50706;55436;59195;34205;59194;10179;69177;71050;69176;69178;10968;18038;10180;14824;15485;10381;100296;12641;134042;100297;134043;134044;134045;134046;134047;134048;134050;134051;134049;77389;134052;65768;65769;90537;90538;77388;63079;63078;21049;29995;21645;25037;12035;18611;11200;17321;18591;66844;66175;25090;137327;137326;156380;137146;137632;33848;47765;138884;43027;51438;35262;47766;33103;16207;33823;20338;29746;57350;67205;53546;53545;21219;66862;90797;34304;34169;112154;20972;67099;31120;28373;29187;22115;23840;22116;22117;10181;11739;17152;11766;10182;29800;20891;22310;25421;31410;10183;10341;69320;11760;14193;80399;81047;53360;19940;10459;34851;70067;70068;55402;55403;15854;10184;108806;52610;42087;15855;17295;16139;11334;101167;119685;120946;123511;127045;125638;127052;11080;10185;10186;11540;29897;17653;99727;33812;33813;11629;108719;34347;54583;73787;54584;100465;11820;78083;104031;130127;63348;63349;63350;63351;63352;63353;63354;64669;65854;72659;81300;130024;83818;88808;86422;93050;94610;97435;100260;102527;104574;106842;111966;107226;110288;118936;125264;126309;127905;127906;137078;133966;139746;144060;148419;149850;152683;63355;90423;18202;65856;65855;65857;26024;40947;11456;16309;118224;15417;91826;11916;10483;63347;110976;17240;63346;18360;19545;20969;18300;15570;15721;11482;11666;14190;11743;14727;18006;24713;15858;21145;11676;14189;11744;12007;24669;62385;23976;73380;87944;87945;57573;69429;77780;87946;87947;106192;86699;35375;33868;73379;87948;87949;87950;87951;87952;106193;106194;106487;106195;87953;91816;10187;14178;15760;91817;18672;10622;63477;59114;99592;18616;151440;10188;152101;150958;150959;81497;150850;81496;65948;81086;81516;65947;64684;10649;25221;100571;17971;11785;18436;35580;11407;27055;19302;17718;106750;106751;50544;50989;51366;56956;106752;106753;84215;106754;106755;106756;11849;25040;77986;34265;11450;10634;66970;10189;132749;11768;10190;10464;10191;15484;70446;35690;31117;25344;12113;45501;40665;11752;10192;34473;90894;11305;11634;10194;10193;10195;51875;51874;51876;46856;147020;46857;14232;146582;14685;53916;11750;11694;146386;149522;11589;21158;109919;127908;135694;125628;124766;141359;142058;139225;148847;150869;152231;154449;127897;103053;106681;109920;124767;139226;141360;142057;109921;137857;142056;144327;18658;19705;19775;103054;20013;18005;15936;15938;15937;17224;15939;17363;15940;15941;22932;70661;76344;148406;66236;70662;72151;73823;73824;129750;148407;129751;129752;129753;129754;129755;129756;129757;129758;129760;129759;129761;129762;129763;73377;129764;70663;70684;73132;73133;73134;73135;77281;77282;87472;87672;95392;84960;66234;66235;84961;66237;66233;57365;69318;81669;105154;123418;57364;96337;71155;71156;46212;71459;82297;71460;18216;12018;11612;150162;19759;145534;139240;156198;122364;152871;148367;119602;118332;139241;118333;138898;138897;143479;65811;65810;91782;91783;118331;11134;38789;117905;117906;48353;48354;155705;10196;56044;10948;10423;18361;11376;10197;12279;59786;59787;59788;59789;59790;59792;59791;71536;70761;59793;59794;59795;59796;10931;12040;18419;73159;65930;65929;107197;73158;26061;58848;58847;107198;26001;11975;10712;20395;22336;21556;24761;25123;25347;25703;27626;29698;26916;29982;30204;33130;31735;34119;35437;38988;40929;45388;48323;49260;51062;55764;56667;59113;62890;66636;72706;78678;84505;85662;87848;12226;11278;21561;69422;17637;11506;20136;24268;10198;90544;46350;144631;144629;144628;144632;149704;152141;61460;61461;79355;144630;12121;17655;86148;86427;86251;11738;11123;14834;11999;16313;17243;18224;18225;21015;22317;29728;22204;10199;119779;125879;128056;128057;119752;132247;132248;132249;132250;132251;119613;132252;132253;132254;132255;132257;132256;31412;17296;11057;10730;10521;20825;58453;66173;64814;39329;12249;50434;57690;44119;48907;50612;51814;53409;57025;55908;57863;59173;62065;65630;63289;69472;76458;71772;14278;21140;20184;27591;25573;33744;50022;20183;12044;17254;11496;27522;18558;15789;15395;31418;12251;10554;15438;10461;10377;10200;83185;32195;34461;71884;21564;50687;12264;88862;12635;71880;12631;12632;12633;12303;12302;12304;12305;12306;12307;12308;12309;12310;12311;12313;12312;12314;12315;12317;12316;12319;12318;12320;12321;12322;12323;12325;12324;12327;12326;12329;12328;12331;12330;12332;12333;12334;12335;12336;12337;12338;12339;12341;12340;12342;12343;12345;12344;12346;12347;12349;12348;12351;12350;12352;12354;12353;12355;12356;12357;12358;12359;12360;12361;12362;12363;12364;12365;12366;12367;12368;12369;12370;12371;12372;12374;12373;12375;12376;12377;12378;12379;12380;12382;12381;12383;12384;12385;12386;12388;12387;12389;12390;12391;12392;12393;12394;12395;12396;12397;12398;12399;12400;12401;12402;12403;12404;12405;12406;12407;12408;12409;12410;12411;12412;12413;12414;12415;12416;12417;12418;12419;12420;12421;12422;15652;12423;12424;12426;12425;12427;12428;12429;12430;12431;12432;12433;12434;12435;12436;12437;12439;12438;12441;12440;12443;12442;12445;12444;12447;12446;12448;12449;12450;12451;12452;12453;12454;12455;12456;12457;12458;12459;12460;12461;12463;12462;12464;12465;12467;12466;12469;12468;12470;12471;12473;12472;12475;12474;12476;12477;12479;12478;12481;12480;12482;12483;12485;12484;12486;12487;12488;12489;12490;12491;12492;12493;12495;12494;12496;12497;12498;12499;12501;12500;12502;12503;12505;12504;12507;12506;13658;12508;14310;12509;13854;14625;12636;14311;14595;14624;12510;12511;14211;14215;14212;13653;13652;14696;14213;13846;14698;13853;15427;14239;14326;14240;14214;14380;14802;14623;14309;14697;15412;14739;14738;14737;14596;15410;15411;14740;14736;14735;14734;14801;15426;15440;15535;16016;15409;15537;15428;15958;15959;15943;15630;15441;15944;15700;15534;15629;16017;15633;16018;15533;15632;15536;15960;15532;15701;16009;15631;16019;15702;15741;15990;15945;15946;15995;15991;16053;15947;15992;16039;16040;16041;16054;16144;16108;16145;16366;16109;16295;16221;16147;16146;16148;16244;16149;16159;16110;18017;17165;17338;16222;17166;17167;17168;17169;17170;17171;16160;16296;17172;16211;17994;17173;16297;17174;17175;16263;16384;17176;17177;17178;16264;16298;17179;17621;17181;17180;17146;18309;17182;19827;17184;17183;17185;17186;18441;17187;16367;16361;18310;17188;16385;17189;16368;17147;17148;17207;17149;17190;16369;16370;16371;17191;17192;16386;17339;17129;18442;17264;17265;17252;18443;17340;18018;17266;17310;17267;17622;17589;18311;18312;18160;17268;19542;17269;17270;18161;18128;18313;17590;17591;17644;17365;17366;17995;17623;17624;17625;17645;19688;17659;17660;18093;17646;17626;17627;17628;17979;17980;17679;19828;19986;17981;17680;18469;19672;19987;18108;18094;18019;18278;18095;19829;18129;18147;19283;18196;18109;18162;18148;18110;18130;18279;18111;19988;19691;18197;18163;18198;18470;18280;18253;18385;18500;18421;18238;18239;18444;18386;18240;18407;18408;18241;18387;18388;18389;18510;18390;18409;18422;18423;18471;18472;18473;18554;19712;18474;18501;18475;18476;18512;18555;19989;18511;18556;18557;19990;19543;18594;19390;19830;18687;18648;18688;18635;19213;18657;19296;19380;19284;19268;19285;19422;19381;19409;19277;19331;19673;19332;19423;19286;19297;19831;19410;19832;19411;19991;19993;19992;19424;19412;19425;19994;19413;19488;19489;19490;19491;63828;20044;19544;19674;19675;63829;20045;19713;20046;19676;19677;20047;19833;19834;19714;20048;19835;19836;19837;19995;20058;20049;20050;20059;20060;20051;20107;20204;20143;20104;20105;20237;20238;20144;20106;20205;20145;20146;20141;20206;63830;20207;20208;20268;20360;20269;20270;20361;20362;20363;20364;20365;20366;20367;21086;21029;21030;21087;21031;20732;21088;21032;21033;20751;21089;20733;20480;20398;20752;20399;20481;20482;20922;20400;20753;20855;20856;20965;21042;20857;20858;20898;21034;20899;20900;20966;20886;63831;21005;21134;21043;21135;21090;63832;21286;21180;21181;21362;21287;21363;22084;21232;21257;22219;21288;22220;22085;21365;21364;21366;22086;21367;21682;21592;21593;22068;21594;21721;21636;21595;21637;22043;21638;21672;21683;21915;21722;22110;22044;22069;21916;22015;22111;22221;22045;22088;22054;22222;22112;22070;22291;22071;22330;22243;22149;22113;22223;22114;22150;22121;22122;22151;22201;22202;22264;22224;22292;22265;22266;22293;22344;22345;22331;22346;22347;22463;22442;22443;63833;22357;22358;22360;22359;22444;22523;22472;22473;22524;22474;22525;22918;23676;22896;22940;23677;23679;23678;23631;23680;23681;23682;23683;23684;23959;23797;23798;23960;23961;23962;23993;24009;24314;24010;63834;24676;24211;24212;24315;24363;63835;24316;24259;63836;24317;24896;24318;25312;25313;24364;25314;63837;24319;25238;24833;63838;25315;63839;24320;24696;25316;24677;24707;24774;24708;24697;25317;24678;24724;63840;24948;25318;25319;24775;25320;63841;25321;24897;25065;24949;24950;25322;25323;25324;25066;24951;25325;25067;25068;25326;25327;40702;40703;25135;25328;25136;25137;25138;25139;25140;25141;25142;25143;25144;25145;25146;25158;26903;25329;25192;25213;25330;25331;25362;25267;25332;25333;25193;25334;25268;25239;25269;25270;27828;25538;25604;25454;25404;28235;25363;25364;25519;25365;25366;25367;25476;25477;25520;25478;25479;25480;25481;25482;25539;25605;25521;25522;25523;25540;25606;25607;26189;25722;25723;25608;25622;25609;25984;27829;27830;27831;25610;25623;25611;25686;25724;27832;25624;25725;63842;25924;25876;25727;25726;28236;40704;28237;26050;27833;28238;25815;25828;25751;25752;25753;25816;25817;25829;25818;25819;28239;25797;27834;28240;25877;25985;25878;28241;25986;27563;40705;63843;40707;40706;26108;26109;25987;25948;43833;26190;25988;25970;25989;26051;27564;26191;26110;26052;26111;26952;26951;27035;26112;26953;26954;26904;26905;26906;27616;27565;26907;40708;26955;27036;28201;40709;27052;28202;27644;27645;27646;28242;27566;27567;27568;27569;27570;27571;28363;28243;28244;28245;28246;27602;27835;36860;27836;28168;37484;27837;27852;27838;36380;27839;27840;63844;28247;27853;28248;40710;63845;29203;36457;28169;28364;28365;28366;28367;43834;29301;29302;28368;28353;29773;28354;63846;29235;29204;29774;29303;63847;40711;29692;29693;29736;29737;29775;29776;29777;29875;29778;29876;29974;29975;29976;29977;30001;30002;30003;29954;29955;29956;31448;30140;30034;30035;32419;30004;30090;30091;40712;30245;30246;30247;31159;40713;31086;31305;40714;33247;31160;31161;31162;40715;31984;31306;63848;31185;31388;31307;40716;31163;31308;31186;31616;31985;31595;32018;32019;31389;63849;31617;31618;63850;40717;31754;32354;31619;31755;31756;31694;31695;31757;40718;32160;63851;32420;31840;40719;31986;31987;32112;32161;31988;32162;32020;32021;40720;32022;40721;63852;32163;43835;63853;43836;32355;63854;32356;32391;32421;32471;63855;32472;32422;32423;32424;32425;32427;32426;33783;32428;32429;33248;33096;33151;33152;33153;33376;33154;33097;33086;63856;33098;33377;33087;63857;33155;43838;43837;33156;33157;33462;33191;33192;33510;33512;33511;33423;33424;40722;33249;33250;33495;33496;33425;33578;33579;33580;34953;33497;33475;33463;63858;40723;33529;33528;33530;33570;33830;33571;34954;34955;63859;43839;43840;43841;40724;34057;33784;33581;33582;33583;33584;33586;33585;33865;40725;40726;33892;33884;63860;63861;63862;63863;63864;63865;63866;63867;34058;34023;33893;34063;34064;34034;34054;34065;63868;34274;34275;34190;34191;34288;34328;40727;34329;34229;34464;34465;34466;40728;34333;34330;34384;34696;34467;63869;40729;34690;34505;34691;34751;34841;35190;34842;34763;34764;40730;63870;34752;35038;34811;34956;35178;43842;40731;35179;35180;35181;40732;35182;35183;35191;40733;35192;40734;40735;40736;35323;35315;35300;35316;35301;35317;35357;35318;35652;35358;40737;35381;35302;40738;35319;35324;63871;35551;35429;35433;35434;35585;35586;36014;35653;35654;35605;35645;35615;35616;35721;35617;36029;35918;35757;35722;35773;35772;35774;36069;38870;35919;63872;63873;35775;36015;36097;36098;35970;35776;35971;35944;35972;63874;63875;63876;63877;36099;35945;35946;36030;35947;36031;40739;36032;40740;63878;36111;40741;40742;36044;36043;36065;36112;36113;36114;36159;36115;36177;36160;36178;36179;36180;36181;36214;36213;37605;40743;38193;38659;38660;38661;43843;38709;38710;38732;40744;38768;38769;38816;38817;38819;38818;40745;38820;38821;63879;38871;38872;38873;38874;38922;38945;38983;63880;39306;39307;39369;39370;39412;39411;39413;39430;39431;39432;40746;39461;39525;39526;39527;39528;63881;39529;39530;39531;39584;39583;39798;39597;39598;39599;63882;63883;63884;63885;39770;39799;39850;40340;40341;40342;40400;40401;40402;40431;40432;40433;40439;40440;40441;63886;63887;63888;40487;40747;40748;40749;40510;40541;40542;40543;40544;40608;63889;40639;40609;40640;40765;40766;40782;40795;40814;40834;40835;40836;63890;40837;63891;40838;40839;63892;63893;63894;40840;63895;40901;40921;40902;40922;40923;41008;40998;41031;41032;63896;41942;41065;41620;63897;63898;63899;41951;41962;41963;42065;42064;42077;42134;42159;42160;42161;42162;42163;42135;42164;42165;42216;42430;42285;42286;42288;42287;42312;42313;42357;42358;42359;42360;42431;42432;42456;42455;42469;42470;42790;42828;63900;63901;63902;42850;42890;42944;43845;43844;42945;43846;42946;63903;43046;63904;43047;43048;43078;43079;43080;63905;63906;43081;63908;63907;63909;53539;43168;63910;43169;43171;43170;43179;43178;43180;43597;43627;43628;43819;43820;43868;43821;63911;63912;43882;43883;44030;44029;63913;44062;44063;63914;44104;44105;44386;63915;63916;44430;63917;44605;63918;44633;44634;44635;63919;44651;44652;44666;44924;44956;44957;44665;44973;63920;46263;44974;46264;46265;46266;46267;46268;46269;46270;63921;63922;63923;46271;46272;46273;46274;46275;46276;46277;46278;46279;46280;46281;46282;46283;46285;46284;46286;46287;63924;46288;63925;46289;46290;46291;46292;46293;46294;46295;63926;46296;46297;46298;46299;46300;46302;46301;63927;63928;63929;63930;63931;63932;46303;46304;46305;46307;46306;46309;46308;46310;46665;63933;46681;46682;46683;46684;63934;46780;46735;46833;46834;63935;46835;47017;63936;79274;47027;47026;79275;47034;47043;47044;47117;47118;47119;47869;47871;47870;63937;47872;47873;63938;47874;47875;47876;47877;47878;47879;63939;47880;47882;47881;47884;47883;47885;63940;47886;63941;47905;48210;48212;48211;63942;48231;48252;48232;48258;48257;63943;48312;48313;79276;63944;63945;63946;48314;63947;79277;63948;48400;48423;63949;48751;48750;48899;48934;63950;48935;63951;49128;49129;63952;49130;49131;49132;53540;49133;49232;49233;49301;49639;63953;49640;63954;49744;63955;49745;49746;49747;49748;49749;49785;49786;49796;49797;49798;49799;49800;49801;49802;49974;49990;50009;50037;50038;50040;50039;50077;50078;50079;50340;50297;50341;50360;50361;50362;50363;50407;50408;50446;50447;50473;50474;63956;63957;50537;50630;50629;50631;50632;50633;50634;50635;50636;50638;50637;50639;50640;50641;50642;50620;50643;50644;50645;63958;50646;50647;50648;63959;63960;50703;50840;50841;50850;50851;50852;50853;50869;50870;50871;63961;63962;51056;63963;51072;63964;63965;51108;51107;51109;51110;51133;51153;51154;51155;51156;51157;51183;51197;63966;51354;51355;51357;51410;51358;63967;51417;51500;51432;51452;51523;51522;63968;51524;63970;63969;51561;51562;51563;51569;51570;51571;51589;51590;51671;51672;51811;51825;51826;51827;51866;51868;51867;51869;51917;51933;51918;52487;51952;51994;51993;63971;51995;52007;52008;53535;52009;63972;52020;52021;52063;52062;52064;52065;63973;52488;52161;52489;52490;52491;52492;52493;52494;52495;52496;52497;52524;52542;52578;52594;52595;52596;52605;52606;52607;52608;63974;52627;52628;52700;52701;52709;52749;52750;52760;52761;52762;52763;52764;53204;53205;53206;63975;53207;53245;53246;53291;53292;53293;53328;53310;53311;53329;63976;53352;53370;53399;53371;53400;53445;79278;53483;53500;63977;63978;53482;53525;53526;53581;53580;53582;53583;53584;53630;53631;63979;53646;53820;53819;53821;53853;53873;53867;53874;53911;63980;54590;54591;54592;54593;54594;54595;63981;54596;54597;54598;54599;54600;54601;54925;54926;54941;54928;54927;54930;54929;54932;54931;54984;54933;55011;55010;55012;55013;55014;55015;55159;55016;63982;55160;63984;63983;63985;63986;55398;55399;55400;55401;55450;55451;55452;55519;63987;55520;55539;55597;55584;55585;55598;63989;63988;63991;63990;55616;55626;55642;55643;63992;55644;63993;55645;55635;55646;55636;55647;55667;55684;55685;79279;55724;55710;55725;55726;55727;63994;55755;55756;63995;55809;55813;55825;55824;55854;55855;55856;63996;55879;55880;55881;55882;55917;55965;55964;55966;56110;55999;56000;56001;63997;56027;56028;56029;56030;56031;56032;56047;56086;76632;76633;76634;56111;56112;56113;56114;56170;56188;56205;63998;63999;64000;64001;64002;56235;64003;56250;56252;56251;56253;56254;56255;56278;56304;56326;56327;56328;56329;56383;56405;56404;56410;56411;56463;56505;56533;56534;56552;56553;56560;56561;56577;56578;56579;56628;56636;79280;56661;64004;64005;56698;56699;56709;56740;56741;56742;56743;56744;56745;56766;56811;56859;56866;56867;56942;56927;56975;56974;56989;56990;56991;57011;64006;57012;57014;57013;57015;57016;57017;64007;64008;57018;57020;57019;57021;57022;64009;57023;57036;57037;64010;57053;64011;64012;64013;64014;57054;57081;57295;64015;57296;57310;57311;57312;64016;57356;79281;57391;57408;57409;64017;64018;57481;57464;76635;57491;57492;57482;57493;57494;57594;64019;64020;64021;57657;57595;57676;57678;57677;76636;57679;57746;57747;57748;57759;57760;64022;57787;57761;57788;57789;57820;57821;64023;57822;57823;76637;76638;64024;64025;57870;64026;57885;57871;79282;64027;57929;57928;57930;57931;57957;57969;57956;57992;57993;57991;57994;57995;58027;64028;58052;64029;58053;58054;79283;58055;58056;58057;58058;58059;58060;58061;58063;58062;58064;58065;58066;58067;58083;58068;58085;58086;58111;58084;76639;58194;58261;64030;58262;58284;58285;58298;58338;58339;58394;58361;58407;58441;58442;79284;58507;79285;58508;58509;58510;58523;64031;58586;58672;58673;58674;58675;58718;58676;76640;58719;76641;58772;79286;58773;58841;58840;58866;58867;58868;64032;58869;64033;58882;76642;76643;78922;64034;58940;78923;59028;59029;59031;59030;64035;64036;59106;76644;59222;64037;59223;78924;59224;78925;59253;59306;59307;64038;59363;59383;59423;59392;59424;64039;59467;59468;59489;59490;59491;59562;59563;59492;59564;59584;64040;59585;59586;59587;59588;59589;59590;59591;59592;59593;59594;59595;59596;59597;59598;59599;59600;59636;64041;59638;64042;59637;64043;59711;59712;78926;64044;59721;59751;59752;64045;59753;64046;59844;64047;59946;59952;59947;59982;78927;64048;60008;60009;60010;60057;60011;60058;60076;78928;64049;60124;60159;60160;64050;61376;61377;61378;61389;61390;61403;61404;61405;64051;61452;76645;61454;61546;78929;76646;76647;61618;61603;61604;61559;78930;64052;78931;61653;61654;61689;61690;61691;64053;61704;61767;61705;61768;61769;61770;78932;64054;64055;61793;64056;62001;62024;62055;62056;62069;62070;62087;78933;62089;62088;62091;62090;62092;62093;62209;76648;76650;76649;76651;76652;62169;62170;62195;62303;62196;62405;78934;78935;62406;62407;78936;62471;64057;62472;62473;62505;62541;62542;62543;62544;62572;78937;78938;64058;62613;62614;62635;62615;62636;64059;62732;62755;64060;62771;62772;62833;64061;62834;62857;62916;62897;62917;62922;62930;62923;62931;64062;62980;62981;62932;64063;76653;78939;78941;78940;64064;63105;64065;78942;64066;64067;63152;64068;63162;64069;63182;78943;63190;119427;63258;63292;64070;63293;64071;64072;76233;63403;63404;63406;63405;63407;63408;63409;64073;64074;63410;63412;63411;63414;63413;63415;63416;63445;63446;64075;119428;63465;63466;119429;64076;63534;78944;64077;63590;63662;63641;63663;63675;63676;66879;64079;64080;78945;78946;64280;78947;64281;119430;64387;78948;64388;64389;64390;64391;64392;64393;119431;64479;64465;64466;64467;64468;64498;64517;64518;64519;64520;64564;64565;64627;64628;76234;76235;64694;64695;64696;64697;64746;64747;64748;64749;64750;65171;64751;64752;64753;64754;64755;64756;64758;64757;64760;64759;64761;64762;64764;64763;64765;64766;64767;64768;64769;64770;64772;64771;64774;64773;64775;65172;78949;64793;76654;76655;64794;76656;76657;76658;64903;64904;64924;64943;78950;64944;64945;65004;119432;65005;65006;65007;65041;65069;65070;65071;65072;65073;65074;65075;65082;65083;78951;65084;65085;65173;65200;76659;65201;65202;65203;65204;65205;65206;65207;65237;78952;119433;65238;66880;78953;65543;65544;65561;65562;65605;65625;78954;65626;65697;65651;65652;65677;65678;65698;65714;65728;65729;65779;65780;65781;119434;119435;119436;119437;65863;65905;119438;119439;65922;65938;65990;65976;66192;78955;65991;65992;66013;66014;66015;66029;66030;66211;66212;66213;66331;66225;66370;78956;66403;66437;66438;66439;66440;66457;66458;66459;76660;66488;66489;78957;66971;66522;66523;66524;66525;66536;66537;66550;78958;66659;66660;66661;76236;66690;66662;66705;66706;66707;78959;78960;66771;66772;66773;78961;66853;78962;78963;66882;66883;66939;66940;66949;66948;66979;66980;66981;76237;76238;67184;76661;78964;67219;67238;67239;76289;67240;68865;68866;68921;68900;79287;68901;79288;78965;68922;68944;69012;69011;69110;69111;78966;69160;69161;69162;78967;76239;69222;119341;119342;69254;69255;69256;69315;78968;69341;72261;69413;76662;76663;76664;69493;78969;69502;69777;69778;119343;119344;78970;69882;69883;72238;78971;69795;69823;76290;69851;78972;79289;69943;76665;69944;70010;70011;70012;70114;70013;70163;76666;70243;76667;70244;70245;70247;70246;70248;70249;70371;70250;71188;70327;70348;70387;70451;78973;70466;72237;70489;70488;70553;70536;70554;78974;70555;78976;70600;70601;70602;78977;78975;70694;70695;70696;70697;70703;76669;70755;70771;70791;70792;70793;70871;70870;70913;78978;78979;70999;71000;71001;71003;71002;71004;71005;71006;71007;71008;71009;71010;71011;71012;71013;71014;71015;71016;71017;71019;71018;78980;78981;71093;78982;71189;71190;78983;71900;71224;71225;71242;71243;78984;71389;78985;71290;71291;71293;71292;71335;71336;71337;71369;71370;78986;78987;78988;71390;78989;71516;76670;76671;72390;78990;71557;76187;71558;71612;71613;71877;78991;71878;71909;71962;71963;71986;78992;71987;78993;78994;72059;72161;72060;72196;76672;72273;72209;72274;72317;72318;72319;72320;72363;72321;72364;78995;78996;78997;72420;72454;72473;72474;72497;78998;72498;72499;72567;72643;72568;72678;72679;119345;72698;72736;72737;78999;119346;72793;72794;72810;72853;119347;72854;76673;72923;79000;72975;79001;72976;73010;73011;73071;73072;73090;73091;79002;73113;73174;73175;73198;73199;79003;73281;73282;73283;73284;73295;79004;73326;73325;79005;73396;73451;79006;79007;73452;79008;73585;73587;73586;79009;73608;79010;79012;79011;79013;79014;73663;79015;119348;119349;73678;79016;73705;76674;76675;76676;73780;73781;73782;73796;119350;119351;73901;73937;79017;74005;74020;119440;79018;79019;74031;74032;79020;74102;79021;76240;76241;119352;119353;74144;76677;79022;79023;74204;74205;74206;74207;74300;79024;74302;74301;74304;74303;74346;74347;74348;79025;79027;79026;79028;79029;76889;76890;76892;76891;76893;76894;76895;76896;76897;76898;76899;76900;74459;74458;74460;74461;79030;74485;119354;74486;119356;119355;79031;76156;76242;76901;76243;76244;76291;76274;76292;76293;79032;79290;79033;79108;79034;76398;76902;76399;76400;76401;76678;76679;76445;76444;76446;76447;76903;76549;76550;76515;76516;76585;79035;79036;79109;76680;76904;76696;79110;76697;76699;76698;76700;76749;76905;76906;79111;76750;76751;76907;79037;79038;76908;79112;79039;76997;77012;77013;77014;77015;77016;77078;77079;79113;77046;79114;77080;77082;77081;77083;77141;77178;77142;77143;77193;77195;77194;79040;77243;79041;77271;77298;77356;77357;77386;79042;79043;77464;79044;79045;77519;77518;77521;77520;77522;77523;77561;79046;79047;77567;79048;77626;77627;77628;77661;77695;77696;79049;77697;77698;77741;77699;77826;77806;77827;79050;77815;77828;79051;77895;77896;79052;77979;78006;78008;78007;77980;78009;79053;78023;78073;79054;79055;78406;78405;78407;78408;78410;78409;78412;78411;78414;78413;78455;78415;78456;78457;78458;78459;78502;78503;78532;78533;78534;78535;79056;79057;79058;78594;79059;78595;78620;78621;79060;78735;78722;78736;79291;79061;78758;78759;78760;78840;78867;119441;78884;79115;79116;79117;78909;79202;79204;79203;79205;79206;79207;79228;79302;79303;79326;79327;79328;79329;79351;79377;79352;79378;79379;79380;79425;79426;119357;79595;79596;79597;79682;79683;79736;79684;79685;79710;79711;79737;79849;79848;79850;79851;80009;80010;80011;80012;80013;80072;80073;80074;80096;80097;80098;80159;80115;80116;80160;80161;80213;80214;80215;80216;80388;80396;80440;80408;80469;80505;80470;80506;80508;80507;80544;80509;80878;80879;80881;80880;80882;80930;80931;80932;81014;81013;81033;81032;81034;81035;81068;81036;81069;81104;81071;81070;81143;81158;81159;81200;81201;81202;81203;81204;81244;85712;81290;81291;81292;81293;85713;81339;81340;85714;81468;81469;81470;81471;81472;81473;81474;81475;146265;81504;81505;81506;81539;81625;81624;81627;81626;81628;81629;81630;81631;81632;81633;81635;81634;81636;81637;81638;81639;81640;81661;81663;81662;85704;81664;81727;81728;81750;81769;81905;81906;81907;81908;81969;81949;117467;82492;82017;82067;82018;82493;82290;82292;82291;82466;82427;82467;82494;82495;82496;82564;82519;82619;82636;82637;82656;82693;82758;82790;82809;82791;82810;82811;82846;82895;82896;82812;82897;112239;82908;82909;82910;82984;82986;82985;83048;83027;83028;83161;83132;83172;83173;83343;83405;83424;83406;83407;83409;83408;83411;83410;83425;83412;83427;83426;83428;83429;83430;83431;83432;83433;83536;83537;83753;83754;83808;83844;83843;83986;83968;83987;84005;84076;84075;84111;84077;84188;84112;84142;84143;84189;84204;84225;84258;84355;84356;84357;84358;84359;84391;84360;84420;84392;84421;84422;84465;84466;84467;84486;84535;84609;84610;84660;84758;84631;84787;84788;84820;84789;84871;84872;84873;84911;84912;84936;84937;84938;84940;84939;84941;84942;84943;84944;84945;84946;84947;84892;84948;84893;84949;84950;84951;84952;84953;84954;84976;84977;84955;84956;85039;84978;85040;85041;117306;85068;85069;85070;85248;85149;119358;85238;119359;85249;85705;85295;85342;85341;85715;85716;85372;85441;85396;85373;85442;85443;85494;85495;85496;85497;85530;85563;85531;119360;85615;85617;85616;85618;85643;85644;112240;85619;85645;85680;85717;85718;85969;88636;85970;85971;85972;85973;85974;85999;85975;85976;119361;117307;86000;85977;85978;86702;85979;85980;85981;119362;86097;86098;86099;117308;86200;86201;119363;86306;86844;86241;86242;86362;86361;86396;86411;112241;86412;86414;86413;86488;86523;86439;86524;86525;86526;86597;86558;86559;86560;86561;86562;86614;117309;86625;119364;86716;86717;86718;86744;86719;86745;86746;86845;86861;86893;87043;86910;86966;86862;86928;86929;86930;86968;86967;86969;86931;86970;86971;86932;86972;86933;86973;86934;86974;86935;86936;86937;86975;86976;86977;86979;86978;86980;86981;86983;86982;86984;86985;86986;86987;86988;86989;88571;86990;86991;87044;87045;87046;87047;87048;87049;87050;87100;87101;87102;87099;87179;87190;87191;87192;87193;87837;87194;119365;87195;87233;87234;87274;87275;88573;88572;87305;87304;87306;87307;87334;87335;87336;87337;87452;87397;87398;87399;87453;87454;87456;87455;87457;87458;87490;119366;87519;87637;87665;87664;87754;87805;87804;87806;87807;87809;87808;87810;87811;87855;87812;87856;90077;87937;87886;87998;87999;88036;88035;88072;88073;88074;88075;88076;88077;88172;88173;88574;88404;88405;119442;88406;88447;88448;88449;88479;88480;88506;88481;88482;117310;88554;88556;88555;88557;88558;88617;88618;112242;88588;88675;88690;88746;88784;88785;88787;88786;88788;88789;88790;88791;88792;88794;88793;88889;88859;88890;89067;89068;89069;89071;89070;89072;89073;89096;89097;119367;89720;89771;89772;89773;89774;89819;89861;89820;89821;89862;89917;89983;89954;89955;89984;89956;89985;89986;90078;90079;90114;119368;90115;90116;90117;90140;90141;90179;90180;90181;90182;90183;90261;90184;90299;90300;90301;90302;90343;90386;90388;90387;90990;90389;90390;90391;90491;90492;90493;90490;90530;119369;90494;90495;90496;90498;90497;90499;90500;90570;90615;90616;90668;90670;90669;90671;90672;90749;90748;90750;90818;90819;90851;90852;90853;119370;90881;90882;91033;91034;91035;117311;91036;91073;91074;91075;91076;91077;91037;91038;91078;91114;119371;91115;91080;91079;91116;91117;91118;119372;91157;91156;91179;91214;91246;91245;119373;119374;91307;91317;91380;91381;91383;91382;91440;91420;91495;91449;91496;119375;91497;91536;91632;91621;91642;91711;91724;91757;91801;91802;91803;91804;91851;91805;112243;91852;112171;91872;91988;92029;92030;92398;92399;92044;119376;92401;92451;112244;92400;92490;92508;92509;92510;92578;92552;92579;92553;92580;92603;92604;92693;92692;92695;92694;92696;92697;92717;92718;92748;92836;92814;92837;92855;92856;92857;92858;92938;119377;92939;117312;92941;92940;92995;93039;93040;93041;93042;93043;93044;93070;93118;93119;93094;93095;119378;93149;93269;93339;93364;119379;93365;112245;112246;112172;93450;93555;93451;93502;119380;93452;119381;93503;93556;93586;93504;93681;93642;93762;93763;93764;93784;93785;112173;93805;93826;93843;93858;93891;93950;93951;93952;112247;94066;94035;119382;112248;94103;94104;94105;94130;94131;94150;94188;94189;94191;94190;94192;94265;119383;94230;94313;94314;94315;94316;94317;94318;94431;94348;94452;94453;94454;94462;94499;94463;94500;94501;94502;94503;94536;94537;94538;94539;94540;94541;94542;94543;94545;94544;94546;94547;94548;94549;94550;94551;94552;94553;94554;94555;94556;94557;94558;94559;94560;94561;94562;94563;94564;94565;94566;94567;94568;94569;94603;94604;94605;94606;112249;112250;112251;94624;94623;94625;94626;94651;94665;94666;94667;94896;119384;94897;94910;94911;119385;94912;94920;94937;95024;95047;110330;95291;95292;95381;95382;95465;110331;95562;95563;95600;119386;95622;95819;95820;110332;95981;95982;95983;96038;96039;96040;110333;96267;96306;96307;96308;96309;96310;96311;96312;96313;96402;96403;96428;96480;96523;96524;96525;96560;96592;96594;96593;96596;96595;96598;96597;96971;96972;112174;96650;96651;96652;96693;96754;96755;96756;96791;96824;96867;96825;96920;96826;96921;96922;96948;96949;97009;112252;97010;96973;97011;97012;97059;97013;97061;97060;97095;97062;97121;97185;97199;97200;97348;97294;97349;97350;97374;97373;97413;97375;97460;97414;97461;97462;97487;97463;97465;97464;97489;97488;97490;97491;97492;97509;97510;97512;97511;97513;97514;97548;97594;119387;97595;97596;97628;97630;97629;97928;97929;97930;97931;97717;97718;97750;97792;97766;97768;97767;97769;97844;97871;97822;97823;97872;97873;97874;97875;97876;97877;97878;97879;97880;97881;97883;97882;97884;97885;97932;97886;112253;97933;97909;112254;112256;112255;97910;97911;99335;99336;99337;117313;117314;99339;99338;99341;99340;99343;99342;99345;99344;99346;99347;99348;99431;99453;99501;99454;99455;112175;99502;99503;99504;99571;99570;99572;99573;99650;99574;99651;99652;99682;99683;99684;100021;100047;100091;100142;100092;100093;100143;100094;100095;100117;100118;100119;100144;100172;100239;100240;119388;112257;100315;100316;100287;100288;100317;100318;100345;100346;100370;100371;100400;100401;100452;100453;100454;100455;100456;100457;100531;100508;100532;100533;100587;100534;100631;100716;100660;112258;112176;112259;117316;117315;100777;100833;100778;100801;100890;100892;100891;100979;100893;100895;100894;100896;100897;100898;100899;100900;100901;100980;100902;100981;112260;100982;100949;100950;100983;101023;101077;101078;101099;101100;101101;101102;101103;101141;101253;101254;101255;101360;112261;101384;101385;101386;101518;101786;101799;101879;101880;101881;101882;101883;101939;102012;112177;102090;102139;102140;102141;102142;102143;102144;102102;102145;102103;102146;102104;102147;102149;102148;102106;102105;102107;102108;102110;102109;102111;102150;102112;102113;102151;102114;102152;102115;102153;102154;102155;102116;102117;102156;102119;102118;102157;102158;102159;102187;102348;102250;102304;102305;102349;102350;102410;102306;102411;102412;102517;102492;102518;102535;102519;102520;102537;102536;102538;102574;102575;102634;102813;102692;102726;102775;102950;102727;102951;102909;103038;102971;103039;103040;103041;103042;103043;103044;103045;103046;103119;103349;103167;103168;103169;103170;103171;103172;103205;103206;103239;103207;103208;103240;103241;103209;103242;103243;103350;103351;103352;103453;103405;103406;103407;103408;103465;103492;103493;103495;103494;103496;103497;103498;103499;103527;103526;103561;103500;103562;103628;103629;103630;103632;103631;103633;103685;103686;103687;103766;103804;103805;103956;103957;103916;103915;103958;104090;104003;104004;104005;104006;104091;104092;104116;104139;104170;104140;104205;104250;104251;104267;104455;104372;104456;104457;104493;104458;104538;119389;104539;104540;104541;104620;104566;104567;104621;104622;104568;104699;104700;104774;104775;104801;104800;104802;104839;104840;104841;104842;104865;104843;104986;104949;104950;104951;104987;104988;105017;105018;105029;119390;105069;105209;105091;105092;105210;105267;105268;105269;105252;105367;105368;105369;105345;105407;105479;105559;105560;105522;105523;105524;105525;105526;105527;105528;105529;105530;105531;105532;105533;105561;105562;105672;105564;105563;105565;105673;105566;105567;105674;105602;105568;105603;105569;105604;105605;105606;105607;105608;105609;105610;105676;105675;105677;105678;105679;105680;105681;105682;105645;105646;105743;106088;106089;106122;106182;106183;106244;106245;106246;106247;106248;106249;106250;106251;106252;106253;106254;106255;106256;109427;106329;106330;106331;106332;106333;106334;106525;106335;106336;106553;106574;106573;106650;106651;106616;106615;106671;107058;106925;107053;109428;107017;107016;107018;107019;107081;107114;107082;107186;107187;107188;107190;107189;107191;107207;107287;107208;108322;119391;108323;108324;108325;108274;108276;108275;108277;108326;108327;108328;108330;108329;108331;108361;108332;108362;108395;108396;108480;108397;108448;108683;108643;108644;108865;108866;108982;108868;108867;108869;108983;108942;108985;108984;108986;108987;108989;108988;108990;108991;108992;108993;108995;108994;108996;108998;108997;108999;109070;109009;109026;109027;109115;109116;109160;109117;109335;109194;109195;109300;109299;109301;109302;109303;109304;109305;109306;109307;109387;109336;109337;109338;109339;119392;119393;119394;119395;119396;119397;119398;119399;119400;109388;109389;109390;109391;109566;109441;109442;109443;109444;109567;109568;109546;109569;109633;109634;109570;109635;109636;109637;109638;109639;109640;109641;109754;109642;109669;109670;109755;109831;109832;109833;109834;109835;109836;109837;109905;109906;109838;109907;109839;109840;109841;109842;109844;109843;109845;109846;109847;109908;109909;109910;109990;109991;109992;109993;109994;109995;109996;109997;110215;110216;110217;110218;110219;110073;109998;109999;110000;110001;110002;110003;110004;110074;110075;110005;110006;110007;110008;110009;110010;110011;110013;110012;110014;110015;110016;110017;110076;110018;110077;110078;110080;110079;110081;110111;110082;110083;110084;110085;110087;110086;110113;110112;110114;110115;110116;110117;110118;110119;110220;110120;110221;110280;110279;110281;110405;110406;110467;110468;110506;110469;110507;110541;110600;110601;110602;110603;110604;110605;110606;110607;110608;110654;110618;110631;110630;110632;110708;110709;110692;110793;110710;110711;110712;110713;110714;119401;110794;110716;110715;110796;110795;110885;110797;110753;110798;110754;110755;110757;110756;110759;110758;110799;110800;110919;111026;111028;111027;111000;110999;111001;111029;111030;111031;111032;111145;111033;111034;111146;111147;111148;111255;111256;111257;111342;111321;111322;111323;111324;111325;111326;111327;111364;111365;111366;111486;111487;111488;111489;111490;111491;111492;111493;111514;111515;111516;111623;111774;111727;111729;111728;111730;111731;111732;111733;111734;111735;111736;111775;112026;112027;112028;112029;112030;111776;111802;111803;111804;111805;111994;119402;119403;112104;112131;112132;112133;112134;112178;112179;117317;117318;117319;117320;117321;117322;117323;117324;112284;119404;117398;117447;117468;117469;117470;117471;117494;117535;119405;117587;117625;117626;117680;117681;117771;117773;117772;117774;117776;117775;117777;117779;117778;117780;117781;117816;117782;117783;117784;117818;117817;117895;118028;117912;117865;117971;117972;118029;118126;118030;118127;119406;119407;118077;118128;118162;118163;118164;118165;118185;118186;118187;118513;118369;118370;118371;118372;118373;118374;118375;118376;118377;118514;118515;118516;118517;118518;118519;118521;118520;118522;118523;118524;118525;118526;118527;118529;118528;118530;118531;118532;118726;118533;118534;118535;118536;118537;118538;118539;118540;118541;118542;118543;118544;118545;118546;118547;118548;118549;118550;118551;118553;118552;118555;118554;118556;118557;118559;118558;118560;118582;118583;118744;118785;118786;118787;118788;118789;118790;118745;118791;118792;118793;118943;118815;118816;118944;118945;118862;118863;118865;118864;118946;119408;119410;119409;119112;118947;118949;118948;119411;118950;118964;119412;119075;119076;119167;119168;119169;119170;119171;119172;119173;119174;119175;119413;119294;119414;119415;119416;119331;119330;119485;119486;119487;119488;119443;119568;119705;119489;119734;119735;119736;119797;119798;119799;119800;119758;119801;119802;119803;120978;120979;121143;121173;121203;121280;121325;121337;121338;121379;121380;121448;121449;121450;121451;121452;121453;121454;121501;121502;121528;121527;121530;121529;121531;121606;121585;121586;121587;122110;122111;122112;122142;122175;122329;122330;122331;122332;122333;122292;122334;122335;122336;122441;122337;122442;122464;122463;122465;122634;122635;122636;122637;122525;122526;122606;122737;122738;122739;122638;122639;122659;122711;122712;122713;122771;122839;122840;122841;122806;122842;122843;122807;122886;122865;122866;122939;122993;122994;123056;123146;123123;123433;123432;123434;123486;123487;123488;123647;123915;123914;123916;123963;123964;123987;123988;123989;124049;123990;124098;124015;124099;124136;124137;124138;124232;124233;124255;127087;124257;124256;124258;124259;124260;124261;124838;124662;124663;124664;124665;124666;124667;124669;124668;124671;124670;124672;124673;124690;124691;124692;124693;124839;124840;124841;124842;124752;124843;124844;124845;124846;124847;125011;125033;125034;125035;125012;125013;125014;125015;125036;125037;125038;125039;125117;125118;125040;125041;125042;125043;125044;125045;125046;125047;125048;125049;125050;125051;125120;125119;125122;125121;125192;125123;125124;125125;125126;125127;125128;125193;125194;125195;125197;125196;125198;125199;125053;125054;125052;125200;125201;125322;125239;125240;125347;125381;125382;125383;125384;125385;125445;125446;125590;125616;125711;125690;125691;125692;125712;125756;125713;125714;125840;125841;125842;125805;125806;125872;125915;125939;125940;125967;125968;125969;125970;125971;125972;125973;126057;125974;125975;125976;125978;125977;126026;126025;126028;126027;126029;126030;126058;126084;126085;126086;126087;126088;126089;126301;126251;126250;126302;126252;126320;126319;126322;126321;126489;126323;126452;126453;126520;126521;126558;126559;126675;126676;126677;126678;126611;126594;126612;126679;126680;126681;126682;126709;126710;126711;126712;126757;126758;126759;126760;126761;126762;126939;126940;126941;126942;126943;126972;126973;127033;127032;127619;127618;127620;127621;127622;127623;127624;127625;127626;127627;127628;127629;127630;127631;127632;127633;127634;127635;127636;127637;127638;127639;127640;127641;127642;127644;127643;127646;127645;127647;127648;127649;127651;127650;127652;127653;127654;127656;127655;127657;127658;127659;127660;127661;127662;127663;127664;127665;127666;127667;127668;127669;127670;127671;127672;127673;127674;127675;127676;127677;127678;127679;127680;127681;127682;127683;127684;127686;127685;127687;127688;127689;127690;127692;127691;127693;127694;127695;127696;127698;127697;127699;127700;127702;127701;127703;127704;127705;127706;127708;127707;127709;127710;127711;127712;127713;127714;127715;127716;127717;127718;127719;127720;127721;127722;127828;127829;127986;127830;127831;127832;127877;127878;127879;127987;127988;128068;127989;127990;127992;127991;128106;128107;128108;128109;128406;128515;128069;128205;128299;128300;128407;128446;128408;128447;128448;128449;128450;128451;128495;128452;128496;128497;128498;128516;128657;128517;128658;128536;128659;128849;128627;128660;128662;128661;128663;128664;128665;128850;128851;128666;128852;128853;128854;128855;128857;128856;128858;128859;128860;130185;129037;128962;128982;128983;128985;128984;129142;129143;129144;129089;129038;129039;129040;129041;129265;129145;129266;129090;129331;129091;129092;129146;129147;129148;129149;129150;129267;129268;129269;129270;129396;129272;129271;129273;129274;129275;129276;129371;129332;129333;129372;129373;129374;129479;129480;129516;129517;129518;129519;129520;129576;129804;129738;129739;129740;129741;129742;129859;129860;129861;129862;129957;129863;129864;129865;129866;129867;129958;129959;129960;129991;129992;129993;129994;129996;129995;130041;130042;130043;130045;130044;130140;130046;130186;130141;130154;130155;130187;130188;130189;130190;130248;130249;130330;130331;130332;130250;130251;130354;130371;130373;130372;130375;130374;130377;130376;130378;130379;130380;130381;130382;130383;130384;130385;130416;130417;130418;130419;130443;130444;130445;130446;130527;130526;130528;130529;130530;130531;130532;130533;130534;130535;130536;130537;130538;130539;130540;130541;130542;130543;130544;130545;130546;130547;130548;130549;130550;130551;130552;130553;130554;130555;130556;130558;130559;130557;130560;130561;130562;130563;130564;130565;130567;130566;130568;130569;130570;130571;130573;130572;130574;130575;130738;130739;130741;130740;130742;130743;130744;130745;130746;130747;130748;130749;130924;130925;130926;130927;130928;130929;130931;130930;130932;130933;130935;130934;130999;130998;131000;131001;131002;131003;131004;131005;131050;131049;131051;131052;131053;131152;131151;131153;131154;131176;131210;131211;131212;131213;131214;131215;131216;131217;131177;131298;131218;131300;131299;131374;131375;131376;131377;131378;131379;131522;131380;131523;131524;131525;131526;131527;131528;132222;131529;132223;132224;131530;131719;131675;131676;131677;131678;132225;132226;131975;131976;131745;131746;131747;131748;131749;131919;131920;131921;131977;131978;131979;131980;131981;131982;131983;131984;131985;131986;132031;132227;132228;132229;132230;132231;132232;132233;132234;132235;132330;132392;132331;132382;132393;132669;132684;132882;132685;132686;132687;132700;132883;132701;132884;132885;132947;132948;132887;132886;133022;133023;133024;133025;133026;133027;133028;133124;133125;133156;133157;133158;133126;133127;133159;133160;133161;133162;133163;133164;133165;133166;133167;133168;133188;133189;133190;133191;133222;133221;133246;133247;133248;133249;133223;133280;133281;133282;133283;133284;133285;133286;133287;133333;133334;133335;133336;133337;133338;133383;133384;133385;133387;133386;133445;133446;133478;133477;133479;133480;133481;133482;133483;133484;133486;133485;133487;133516;133633;133634;133635;133636;133637;133638;133640;133639;133664;133712;133746;133713;133747;133748;133750;133749;133751;133752;133753;133783;133785;133784;133786;133787;133824;133825;133941;133943;133944;134025;133942;134026;134027;134029;134028;134030;134031;134032;134033;134062;134034;134064;134063;134065;134066;134067;134068;134098;134192;134144;134145;134146;134147;134148;134259;134260;134261;134262;134263;134264;134389;134390;134391;134392;134557;134558;134265;134266;134267;134268;134269;134270;134271;134344;134272;134345;134360;134361;134393;134394;134439;134827;134613;134612;134615;134614;134665;134666;134838;134667;134670;134671;134826;134825;134672;134676;134669;134673;134668;134674;138073;134675;134834;134833;134832;134830;134828;134829;134831;134861;134869;134868;143082;134867;134837;143006;135230;134836;134860;134859;134858;134857;134895;134870;134939;134940;134941;135052;134943;135035;135066;135073;135080;135070;135044;135075;135079;136321;135058;135076;135077;135064;135049;135069;135038;135061;135078;143095;135047;135063;135054;135055;135043;135034;135040;135062;135036;135072;135042;135059;135056;135060;135046;135051;135068;135074;135039;135057;135037;135048;135045;135053;135041;135095;135067;135071;135065;135050;135033;135083;135081;135082;135085;135084;135087;135090;135088;135092;135089;135091;135086;135183;135175;135184;135176;135174;135173;135185;135259;135257;135256;135258;135236;135234;135232;135233;135231;135235;135242;135240;135241;135254;135244;135272;135253;135250;135247;135252;135239;135245;135243;135249;135248;143039;139382;135246;139381;135251;135414;137244;137245;137246;135288;135415;135912;135456;136038;135460;135459;143038;135457;143035;135458;135461;135769;135689;135688;135686;135687;135684;135685;135692;135691;135876;135767;135774;135776;135768;135772;135905;135788;135770;135775;135875;135861;139379;135909;135908;135862;135910;135874;135911;135914;135915;135773;135913;135927;136045;136116;143040;143032;143018;143042;143041;136044;143037;136057;143019;136058;136042;136041;136053;136050;136040;143031;136117;136048;143008;136039;136059;143016;143015;143034;143029;136052;143011;136049;136114;136113;136115;143023;136051;136046;136054;143004;136056;143009;136118;143010;136043;143013;136055;143012;136060;136047;143020;136112;136062;136064;136063;136061;136065;136319;136320;136101;136102;136103;136184;136111;136185;136181;136186;136188;136187;136322;136585;136342;136343;136344;136351;136354;136350;136349;136353;136352;136471;136476;136470;136477;136475;136494;136498;136495;136478;136480;136519;136479;136500;136497;136499;136518;136517;136525;136526;136496;136523;136516;136524;136520;136522;136521;136558;136582;136584;136583;136586;136609;136610;136611;136717;136713;136718;143017;136714;136976;136977;136739;136736;136735;136740;136737;136820;143003;137062;143022;137061;136900;136738;143021;137060;136899;136898;136912;136913;139384;136974;136975;139378;139380;137082;137063;137059;137064;143075;137069;137066;137083;137881;137070;137139;137186;137138;137140;138387;137204;137237;137238;137240;137239;137236;137278;137274;137275;137305;137276;137313;137273;137562;137561;137727;137277;137310;137307;137306;137314;137309;137311;137315;137667;137668;137312;137395;137396;137394;137308;137324;137414;137331;137333;137334;137325;137412;137393;137363;137330;137335;137359;137413;137410;137409;137360;137411;137560;137726;138029;138032;138026;137563;137666;137665;137709;137704;137756;137664;137707;137711;137669;137706;137715;137708;137710;137705;137755;137828;137830;137833;137832;137831;137834;137829;143005;137749;137895;137750;137894;137752;143027;137751;137760;137758;137759;137885;137775;137896;137882;137883;137884;137898;137897;137893;138217;138013;137892;138033;138022;138023;138021;138028;138031;138030;138027;138089;138020;138090;138146;138145;138142;138141;138143;138144;138162;138157;138153;138155;138154;138161;138159;138173;138158;138160;138169;138156;138172;138170;138384;138171;143086;138178;138186;138185;138187;138383;138386;138382;138388;138451;138447;138450;138765;138502;138504;138500;138505;138609;138559;138557;139455;139383;138556;138558;138565;138566;138842;138606;139006;138764;138805;138806;138803;138807;138802;138799;139041;143036;138798;138801;138809;138800;138808;138810;138811;138843;138804;138846;138849;138845;138847;138844;138850;138848;138879;138885;139038;138886;139072;139042;139234;139194;139198;139183;139188;139199;139200;139187;139193;139195;139197;139192;139191;139190;139189;139332;139196;139186;139331;139201;139289;139285;139288;139286;139284;139294;139283;139287;139293;139296;139291;139292;139295;139290;139322;139319;139321;139320;139323;139333;139335;139336;139334;139376;139375;139385;139467;139462;139466;139460;139461;139464;139463;139620;139481;139482;139511;139465;139515;139508;139537;139538;139621;139617;139618;139616;139622;139619;139623;139670;139669;139672;139673;139671;139674;139772;139919;139809;139807;139811;139808;139854;139810;139851;139920;139860;140129;140083;140121;140110;140120;140124;140127;140128;140130;140204;140489;140579;140407;140389;140393;143033;140394;140397;140390;140392;140400;140399;140461;140460;140391;140396;140435;140398;140488;140434;140490;140484;140485;140487;140493;140492;140523;140494;143030;140581;140582;140602;140587;140594;140598;140597;140746;140599;140745;140750;140749;140747;140748;140780;140778;140779;140781;140782;141125;143073;141042;143068;143077;141015;143088;141028;141041;141016;143078;141044;141029;143089;141025;141047;141024;141056;141033;143092;141048;141060;141050;141058;143080;141055;141051;141010;141017;141031;141040;141021;143079;141013;143084;141023;143087;141037;141018;141039;141027;141020;141043;141038;143096;141022;143074;141012;143091;141035;141032;141019;141014;141030;143094;141036;143072;143024;143028;143014;141045;141011;143025;143007;143026;141034;141306;141128;141046;141026;141052;141057;141059;141049;143069;143085;141089;141123;141087;141088;141085;141086;141127;141305;141126;141124;141129;143070;141174;141175;141184;141196;141264;141265;141199;141197;141200;141201;141260;141307;141814;141453;141455;141454;141457;141456;141458;141582;141536;141628;141547;141540;141546;141577;141548;142034;141580;141606;141603;141581;141627;141774;142002;141812;141826;141811;141819;141816;141823;141818;141817;142004;141911;142003;142006;142009;142008;142007;142025;142030;142452;142029;142028;142430;142392;142400;142404;142429;142385;142396;142436;142440;142418;142378;143093;142426;143090;142432;142393;143071;142399;142389;142428;142448;142433;143076;142379;142380;142391;142376;142403;142384;142414;142441;142382;142398;142377;142387;142434;142413;142442;142381;142427;142431;142417;142401;142375;142407;142383;143083;142394;142435;142416;142449;142437;142402;142405;142446;142451;142445;143081;142439;142408;142412;142443;142397;142447;142444;143097;142410;142395;142390;142438;142386;142415;142388;142406;142409;142374;142450;142457;142459;142454;142453;142458;142455;142461;142463;142460;142471;142474;142475;142476;142477;142469;142470;142478;142480;142479;142643;142673;142674;142672;142675;142705;142704;142707;142699;142696;142906;142701;142708;142703;142709;142706;142700;142702;142697;142698;142710;142715;142716;142714;142871;142907;142863;142982;143240;142973;142864;142992;142994;143054;142972;143364;143160;143162;143164;143161;144199;143163;143213;143199;143198;143235;143200;143212;143203;143209;143205;143202;143208;143211;143204;143236;143237;143241;143239;143238;143279;143281;143280;143275;143369;143276;143365;143278;143370;143277;144200;143366;145070;143442;143469;143473;143472;143474;143605;143604;143606;144410;143603;143602;143601;143607;144553;144116;144114;144115;144113;144205;144202;144201;144204;144382;144203;144399;144273;144389;144420;144419;144276;144274;144281;144280;144414;144552;144404;144402;144275;144421;144384;144380;144551;144423;144400;144393;144392;144407;144415;144390;144418;144383;144385;144377;144379;144391;144409;144397;144422;144381;144406;144403;144378;144401;144412;144396;144388;144398;144376;144394;144408;144405;144509;144386;144387;144395;144417;144413;144411;144416;144604;146810;144605;144505;144506;144507;144510;144512;144511;144522;144557;144548;144556;144554;144558;144560;144555;144559;144550;144706;144705;144753;144754;144765;145089;144942;145049;144847;144846;144848;144845;155786;144850;144872;145229;144871;144936;144941;144937;144931;144935;144934;144939;144996;145088;145077;145082;145087;145079;145085;145083;145068;145042;145067;145044;145226;145043;145243;145227;145406;155781;145076;145074;145242;145493;145500;145494;145497;145498;145492;145495;145499;145496;145403;145536;145404;145408;145405;145407;145701;145443;145440;145503;145507;145506;145544;145545;145543;145541;145704;145787;145790;145786;145788;145789;146082;146076;146073;146072;146080;146075;146081;146079;146055;146071;146074;146093;146095;146210;146094;146566;147015;146316;146379;146382;146383;146380;146378;146381;146434;146432;146431;146492;146439;146493;146491;146541;146532;146545;146533;146537;146550;146551;146547;146536;146540;146535;146542;149503;146584;149504;149507;149506;147013;146793;146801;146803;146809;146813;146815;146812;146817;146811;146816;146822;146821;146820;146930;146929;146931;155780;146932;147011;147010;147014;147017;147018;147016;146955;146953;146951;146961;146960;146959;146954;146957;146956;146952;146950;147009;147707;147012;147023;147139;147143;147138;147140;147199;147201;147200;147142;147197;147198;147196;147194;147208;147214;147209;147211;147215;147207;147210;147212;147235;147232;147234;147365;147236;147233;147643;147706;147809;147805;147808;148117;147810;147806;147807;147828;147841;147827;147835;147836;147833;147831;147837;147838;147829;147830;147842;147826;147834;147832;147866;147868;147867;147881;147879;147882;147880;147886;148247;148224;148020;148018;148016;148019;148017;148032;148122;148118;148120;148119;148114;148116;148121;148113;148115;148215;148316;148490;148249;148893;148888;148890;148886;148887;148889;148257;148246;148256;148317;148319;148330;148331;148329;148333;148390;148328;148332;148368;148369;148394;148370;148379;148393;148397;148852;148460;148572;148540;148489;148542;148566;148543;148570;148562;148561;148564;148568;148569;148563;148567;148684;148685;148769;148770;148771;148768;148806;148808;148807;148857;148860;148851;148876;148877;148853;148892;148854;148858;148880;157845;148878;149063;148881;148879;148906;148943;148903;148942;148950;148945;148981;148985;148983;148984;148982;148989;148993;148988;148990;149258;149024;149028;149236;149235;149029;149027;149025;149060;149091;155782;149240;149243;149241;149242;149239;149318;149319;149321;149317;149441;149444;149445;149435;149443;149442;149876;149793;149978;149695;149677;149670;149653;149664;149698;149693;149705;149690;149657;149686;149680;149676;149692;149703;149697;149706;149712;149682;149678;149652;149694;149655;149683;149687;149660;149671;149662;149654;149679;149701;149691;149702;149710;149656;149669;149674;149658;149673;149688;149696;149659;149663;149684;149672;149700;149709;149675;149689;149708;149713;149667;149665;149714;149681;149666;149707;149668;149685;149711;149720;149792;149726;149721;149760;149725;149735;149723;149724;149813;149722;149841;149811;149980;149816;149817;149815;149835;149840;149839;149898;149904;149997;149998;150075;150433;150117;150296;150118;150295;150289;150290;150125;150701;150123;150700;150124;150136;150135;150127;150126;150128;150149;150148;150146;150147;150294;150161;150291;150786;150321;150323;150322;150785;150326;150347;150346;150375;150293;150350;155785;150829;150389;150392;150390;150393;150388;150808;150391;150810;150378;150379;150380;150376;150382;150381;150383;150377;150386;150387;150820;150818;150819;150421;150422;150432;150826;150825;150817;150812;150434;150827;150823;150813;150815;150816;150501;150759;150758;150757;150828;150824;150790;150795;150756;150792;150766;150776;150781;150822;150777;150814;155783;150780;150775;151290;152103;150844;150821;150845;150853;155784;150852;151117;151276;150951;151018;150963;150991;150950;151116;151115;151426;151140;151142;151149;151138;151135;151136;151143;151141;151139;151153;151289;151137;151427;151428;151445;151454;151453;151446;151493;151580;151579;151578;151846;151864;151871;151855;151856;151857;151872;151854;151862;151850;151845;151888;151886;151863;151889;151887;151867;151843;151858;151842;151859;155787;152003;151929;151670;151671;151668;151669;151675;151811;152080;151914;151913;151910;151908;151911;151912;151909;151852;151844;151861;151848;151849;151865;151927;152005;152001;152074;152077;152076;152097;152132;152133;152440;152352;152355;152348;152347;152350;152585;152346;152351;152354;152353;152447;152444;152438;152740;152445;152449;152443;152451;152439;152448;152450;152442;152446;152595;152605;152590;152441;152584;152592;152604;152586;152593;152606;152581;152600;152577;152603;152579;152589;152602;152580;152599;152613;152627;152620;152621;152619;152832;152660;152678;152661;152689;152968;152688;152975;152874;152778;152781;152779;152829;152828;152862;152863;152902;152903;152906;152905;152908;152904;152932;152926;152934;152964;152965;152955;152923;152935;152924;152922;152939;152930;152938;152937;152933;152925;152931;152929;152972;152977;152940;153098;153099;153102;153095;153096;153101;153103;153097;153094;153100;153104;153233;153231;153228;153232;153234;153235;153238;153229;153230;153242;153371;153370;153404;153403;153405;153513;153523;153518;153525;153517;153524;153522;153834;153552;153553;153833;153835;153832;153764;153777;153803;153804;153776;153887;153873;153902;153886;153940;154019;154022;154023;154024;154018;154086;154072;154071;154084;154076;154077;154046;154075;154074;154083;154047;154048;154070;154078;154049;154080;154293;154081;154082;154136;154135;154134;154143;154168;154169;154170;154313;154324;154294;154310;154307;154311;154309;154320;154260;154252;154261;154254;154737;154251;154255;154669;154667;154333;154335;154295;154306;154312;154334;154419;154421;154420;154437;154668;154670;154666;154784;154832;154938;154830;154856;154855;154781;154831;154841;154838;154834;154846;154847;154843;154836;154840;154842;154893;154854;154887;154849;155292;154910;154891;154909;154944;154947;154943;155132;154942;155105;155058;155172;155178;155197;155151;155168;155090;155201;155200;155194;155193;155085;155094;155217;155169;155210;155073;155152;155091;155181;155110;155144;155224;155159;155080;155089;155112;155190;155167;155086;155165;155160;155079;155209;155216;155207;155171;155111;155072;155212;155092;155059;155219;155100;155155;155126;155093;155133;155153;155122;155208;155170;155150;155225;155101;155211;155103;155185;155071;155146;155214;155179;155184;155106;155114;155082;155087;155203;155192;155202;155206;155107;155096;155088;155148;155164;155204;155113;155102;155081;155218;155158;155104;155182;155183;155108;155215;155149;155115;155109;155022;155021;155074;155023;155223;155332;155075;155335;155336;155333;155334;155612;155361;155364;155368;155366;155360;155359;155367;155371;155386;155365;155384;155376;155385;155378;155377;155544;155542;155614;155599;155618;155613;155654;155689;155684;155691;155690;155686;155685;155682;155688;155831;155765;155858;155755;155718;155728;155720;155719;155725;155743;155736;155756;155741;155746;155745;155762;155763;155764;155832;155833;155835;155830;155820;155941;155937;155891;155890;155868;155940;155927;155928;155931;155955;155968;155954;155956;155951;155971;155950;155977;155985;155988;155974;155983;155976;155995;156005;156003;156004;156037;156038;156044;155966;156109;156106;156111;156107;156108;156129;156127;156126;156134;156133;156201;156202;156225;156128;156250;156246;156247;156249;156248;156261;156452;156454;156453;156251;156465;156463;156716;156464;156548;156659;156726;156658;158870;156632;156656;156655;156657;156730;156653;156660;156905;156734;156729;156696;156728;156727;156735;156731;156739;156738;156737;156733;156736;156774;156792;156788;156793;156819;156873;156798;156874;156866;156865;157053;156878;156869;156872;156909;156913;157044;157046;156912;157049;157045;157056;157052;157054;157051;157100;157089;157097;157099;157111;157135;157133;157132;157071;157095;157091;157134;157106;157904;157136;157163;157166;157168;157226;157167;157183;157165;157264;157267;157268;157265;157270;157269;157296;157285;157309;157295;157311;157880;157312;157313;157314;157337;157363;157336;157384;157366;157362;157364;157376;157374;157375;157411;157412;157417;157414;157418;157331;157455;157420;157415;157451;157465;157466;157454;157854;158119;158096;157874;157875;157861;157873;158066;158056;158047;158048;158055;158057;158071;158075;158074;158082;158080;158093;158077;158070;158078;158076;158132;158120;158129;158116;158115;158106;158356;158368;158326;158216;158215;158260;158248;158263;158266;158261;158264;158262;158323;158321;158322;158324;158325;158341;158327;158347;158334;158349;158360;158351;158333;158355;158464;158354;158504;158505;158556;158565;158555;158735;158727;158736;158674;158741;158993;158745;158811;158814;158812;158808;158803;158807;158813;158804;158805;158873;158822;158802;158806;158810;158895;158816;158809;158815;158924;158906;158913;158918;158912;158907;158923;158914;159114;159168;159165;158948;158950;158942;158952;158947;158949;158951;159122;158943;159030;159000;159041;159119;159118;159108;159120;159121;159169;159167;138374;90250;139374;12512;59189;149983;105412;14657;33927;117484;109322;109323;109324;109325;109326;100635;111108;100634;33126;125835;152610;55800;11673;45138;45139;10202;21677;28376;42799;86420;70290;70291;46693;21606;25241;11048;11930;10656;21607;33273;52973;39807;39808;159166;39809;20996;33561;21327;20995;33562;31422;12042;76254;76253;10203;10392;10204;32032;11006;21141;76252;18560;18559;34030;77089;50577;16462;39588;39589;11822;11829;39587;14222;14180;77684;107005;10205;10161;22363;22227;10627;77683;54602;54603;66317;58171;70352;103221;95950;148695;150716;155127;66315;66316;33476;41947;35737;41946;12082;59607;90712;51461;51463;51462;10421;157830;157809;157789;157816;157744;157782;157734;157793;157742;157760;157768;157732;157731;157800;157769;157747;157749;157836;157774;157827;157835;157799;157767;157811;157733;157779;157772;157803;157825;157797;157834;157771;157748;157806;157798;157762;157763;157764;157804;157817;157754;157794;157785;157838;157759;157745;157792;157750;157808;157776;157766;157784;157781;157821;157752;157743;157775;157765;157756;157730;157795;157818;157758;157773;157810;157812;157755;157802;157746;157829;157783;157788;157791;157828;157839;157741;157751;157824;157777;157757;157837;157826;157740;157814;157736;157787;157820;157801;157761;157815;157813;157823;157737;157735;157739;157831;157770;157805;157833;157822;157796;157832;157819;157738;157807;157753;157780;157790;157778;157844;157786;157863;157864;158842;158877;158867;158868;158876;46337;71174;40334;28333;158965;11684;35273;10206;10207;10479;70144;10208;70143;10210;11418;10214;10215;103532;10223;54586;53335;20759;10226;10227;11841;10239;11420;11111;69428;10340;105413;108888;70745;70746;108889;69427;18213;62438;69514;69515;55507;57347;105414;57348;57349;55508;55509;50830;10245;10096;49689;10380;11390;11943;11389;14223;12230;78428;87818;52455;61434;63065;76939;68996;83140;43005;43004;43006;83141;33860;99476;31097;50000;10762;64298;19504;17987;20880;29868;25169;99477;29867;29853;20986;28291;21676;11058;10950;10790;26062;10804;31993;33226;35687;34772;38745;39339;39767;42478;40554;45045;46838;47888;50654;49144;52613;53411;55639;56483;59069;58323;71616;31788;49999;12000;76710;136402;148112;142489;154852;146489;136423;158554;136355;148692;122056;24685;25217;136734;17719;28228;29253;32476;17720;17721;41970;122057;34993;47036;35298;55733;122058;46351;49228;52503;57752;58949;67118;63561;82580;74242;64459;65631;69276;122860;125388;128549;132023;136177;133210;142419;138223;156756;149699;149350;155620;70926;76973;80916;81485;157360;87768;71377;73080;74290;76202;87769;90098;90508;92466;99199;96142;104849;111974;100388;101773;103535;119306;108378;126307;126308;130629;130628;124087;124088;39502;15394;10786;14711;90509;15985;25240;58327;45047;45046;11398;14381;104887;24684;13657;17722;11113;25216;17723;58662;11442;44406;11168;76314;11523;15705;11131;18364;10246;11775;11493;24020;10417;10711;11585;10514;18650;10415;10416;11492;35951;12061;12073;16468;35952;65612;63686;12059;12087;44341;44342;44343;146444;147022;146273;146443;146272;62291;66807;56981;55650;40617;55651;72211;40618;72258;62292;62293;126003;19298;32194;22465;148399;148400;138506;139583;140504;147961;150694;150753;150417;147870;150787;150717;150719;152120;151762;149848;151808;150718;151663;152096;153441;156226;157848;156725;158042;155603;154141;148573;144081;145705;154919;154918;156326;157847;138499;93374;138762;72263;36073;145532;72262;29924;11929;36072;36163;31121;31122;67129;12219;84231;145445;84232;84233;84234;84235;84236;84237;24236;11173;11174;10633;84238;25734;69956;12001;19604;10453;19681;50431;50430;10454;18507;21230;46802;21313;34443;36019;70216;91345;91384;91385;81700;56993;73641;60084;85691;85543;85692;73642;73643;85411;85600;81788;89111;86899;103048;88839;117360;96875;96876;119845;124591;124329;126469;129292;73644;73645;56994;56995;117361;73646;58448;87208;52961;58450;81701;60083;23799;53572;72702;72556;82698;97327;53548;91625;89029;89030;89031;89032;83951;84262;88410;88411;88412;62964;70591;81248;23800;23801;23802;58796;72707;23803;90001;70415;53223;83522;65602;109145;109146;55630;63427;23804;64682;21725;23805;84498;95713;81298;146452;81789;81577;23806;23807;76573;59892;84586;59500;59501;59374;58449;53573;122186;26066;118576;111466;73567;82664;83467;91346;49694;83468;70559;72201;72703;70558;81049;80359;66405;66406;131704;129469;152098;62797;155947;130430;62795;62796;65195;131736;66805;65193;65194;130431;127139;72557;72558;86572;86573;120947;136182;134977;152099;77377;77376;91622;91623;122424;91624;70557;72486;76147;70556;111139;57598;24872;23808;118711;23809;23810;87124;87125;91626;87126;101930;62439;100462;100463;65656;80910;23811;23812;25147;23813;23814;24725;23815;23816;54291;23967;54645;59249;52962;64296;64297;137356;83952;104101;84263;85403;70760;88413;88414;88415;88416;53549;55025;55026;88417;59325;64630;72107;72108;73303;77964;51360;62965;87891;70592;59502;83917;83774;81553;59376;59375;59377;82665;70292;81249;59373;50303;59557;59556;59559;82076;59558;57599;72708;23817;83301;66761;23818;23819;97436;83302;23820;23821;23822;119147;23823;23824;23825;23826;23827;57600;52993;52995;52994;52992;91283;94328;91284;94329;23828;83187;23829;23830;90002;90003;58953;121006;58797;70416;141304;84566;84570;84567;84568;84569;90599;90600;53543;125312;83523;110534;117671;135696;145268;119265;73516;123010;59528;64487;70351;58991;73517;59527;62566;53877;65603;53878;70921;109143;81107;106228;109280;109144;106229;57601;63429;152531;63428;63430;139606;112123;112124;83263;64683;70530;83264;81376;97666;70531;97667;84499;85842;81591;131775;81592;81593;99168;95714;131401;131402;146453;81545;133216;95715;82853;100299;102991;95716;81578;81299;127057;112162;125392;57602;76574;58451;76575;67142;67143;67144;84587;103533;103534;72620;55631;47759;62032;61494;61493;82269;77375;77374;19506;108714;69869;73636;57030;57029;58186;149972;155316;149971;71807;159008;11502;90940;74365;74367;74149;76279;76280;87539;87507;90708;86610;93383;101840;94679;103925;106197;118229;74366;105654;74379;87601;119811;44674;74148;11561;65046;61648;61597;58993;58992;61598;61649;10720;144104;20863;21226;21629;22097;22371;23634;23928;24735;144105;25351;33394;33506;34269;34768;35220;36130;35978;39494;40874;45111;25765;25842;28374;27536;30210;31653;42307;50386;43175;51124;52769;52533;53597;44660;45395;47785;47126;49149;50088;57317;59411;60046;62583;61718;62592;62747;63001;64726;63554;65187;65809;55884;69996;69272;70950;70719;55885;71349;56041;56123;57353;56337;57921;57772;58009;58352;58901;72333;73771;73101;77909;77283;82042;80525;15820;138818;15822;18533;138213;18534;66545;38687;147896;85183;146621;144584;146962;152986;148404;154240;152985;151985;156557;89963;90429;92558;97726;96832;97575;104361;111795;117672;119149;101044;85628;71157;80303;85565;88809;101045;101046;104639;106563;147144;71158;148280;153589;85566;89027;93343;91814;101047;101048;101049;101050;103121;104640;71461;33104;25994;23785;28375;10637;22922;142462;141575;133964;19748;11347;17724;43637;141576;74289;10809;11499;11086;11346;10247;11088;10248;11232;11350;10249;11349;11316;10278;10729;11348;11351;111549;10588;10055;11352;11838;11087;11364;10250;38877;10614;17326;121041;50625;18298;100789;18155;23752;60097;18054;18055;15543;14842;18600;15914;26921;25672;10958;10959;10960;48435;50659;69060;71863;72658;76369;146308;151646;156886;33937;34398;35328;41980;36035;43369;42934;48434;45140;92440;11362;72664;59862;19334;22495;72663;11954;11955;11021;10350;10967;11654;11846;38157;47579;47580;57027;57028;11535;10252;78701;57026;77969;78822;77970;88907;88908;107267;50600;10500;11583;20975;107268;39564;40421;42369;44094;46329;48436;50387;51936;55833;55142;56734;57941;59047;61536;62702;64621;65913;67233;69844;71342;72435;72983;84765;85882;86633;97835;100806;104628;124028;26065;12064;11942;11719;16064;11624;31098;10717;10437;18249;12038;11720;25935;152522;151666;145549;150863;149326;150140;152659;80169;66839;66840;145491;90201;51894;51895;15403;90202;72885;77856;77855;77830;42399;58134;77831;19398;10846;10847;44941;44331;44940;17328;44332;11469;14224;14713;22023;20303;25930;57634;57635;11035;10705;21224;15987;21642;110271;56983;22092;10253;31790;29835;22368;21787;55977;55978;55979;36018;17970;51119;18460;51118;11448;23969;16216;16171;22867;18670;16180;33928;45360;10725;22877;35327;18265;21576;30206;33125;45060;50597;45061;53845;50598;57877;66694;66695;101084;19772;42148;20090;21209;29250;101085;21208;60162;60163;60164;60165;60166;60167;60168;60169;60170;60171;60172;60173;60174;60175;60176;60177;60178;60179;60180;60182;60181;60183;60184;60186;60185;60187;60188;60189;60190;60191;60192;60193;60194;60195;60196;60197;60198;60199;60200;60201;60202;60203;60204;60205;60207;60206;60208;60209;60210;60212;60211;60213;60214;60215;60216;60217;60218;60219;60220;60221;60222;60223;60224;60225;60226;60227;60228;60229;60230;60231;60232;60233;60234;60235;60236;60237;60238;60239;60240;60241;60242;60243;60244;60246;60245;60248;60247;60249;60250;60251;60252;60254;60253;60255;60256;60258;60257;60259;60260;60261;60262;60264;60263;60265;60266;60267;60268;60269;60270;60271;60272;60273;60275;60274;60276;60277;60278;60279;60280;60281;60282;60283;60285;60284;60286;60287;60288;60289;60290;60291;60292;60293;60294;60295;60296;60297;60298;60299;60300;60301;60302;60304;60303;60305;60306;60307;60308;60309;60310;60311;60312;60313;60314;60315;60316;60317;60318;65042;60319;60320;60321;60322;60323;60325;60324;60326;60327;60328;60329;60331;60330;60332;60333;60334;60335;60336;60337;60338;60339;60340;60341;60342;60343;60344;60345;60346;60347;60348;60350;60349;60351;60352;60353;60354;60355;60356;60357;60358;60360;60359;60361;60362;60364;60363;60365;60366;60368;60367;60369;60370;60371;60372;60373;60374;60375;60376;60377;60378;60379;60381;60380;60383;60382;60385;60384;60386;60387;60388;60389;60390;60391;60392;60393;60394;60395;60396;60397;60398;60399;60400;60401;60402;60403;60404;60405;60406;60407;60408;60409;60410;60411;60412;60413;60414;60415;60416;60417;60418;60419;60421;60420;60422;60423;60424;60425;60427;60426;60428;60429;60430;60431;60432;60433;60434;60435;60436;60437;60438;60439;60440;60441;60442;60443;60444;60445;60446;60447;60448;60449;60450;60451;60453;60452;60454;60455;60456;60457;60458;60460;60459;60461;60462;60463;60464;60466;60465;60467;60468;60469;60470;60471;60472;60473;60474;60475;60476;60477;60478;60480;60479;60481;60482;60483;60484;60486;60485;60487;60488;60489;60490;60491;60492;60493;60494;60495;60496;60497;60498;60499;60500;60501;60502;60503;60504;60505;60506;60507;60509;60508;60510;60511;60512;60513;60514;60515;60516;60517;60518;60519;60520;60521;60522;60523;60524;60525;60526;60527;60528;60529;60530;60531;60532;60533;60535;60534;60536;60537;60539;60538;60540;60541;60542;60543;60544;60545;60546;60547;60548;60549;60550;60552;60551;60553;60554;60555;60556;60557;60558;60559;60560;60561;60562;60563;60564;60565;60566;60567;60568;60569;60571;60570;60572;60573;60574;60575;60576;60578;60577;60579;60580;60581;60583;60582;60584;60585;60586;60587;60588;60590;60589;60591;60592;60593;60595;60594;60596;60597;60598;60600;60599;60601;60602;60603;60604;60605;60606;60607;60608;60609;60610;60611;60612;60613;60614;60615;60616;60617;62808;62809;60618;60619;60620;60621;60623;60622;60624;60625;60626;60627;60628;60629;60630;60632;60631;60633;60634;60635;60637;60636;60638;60639;65043;60640;60641;60642;60644;60643;60645;60646;60647;60649;60648;60650;60651;60652;60653;60654;60655;60656;60657;60658;60660;60659;60661;60662;60663;60664;60665;60666;60667;60668;60669;60670;60671;60673;60672;60674;60675;60676;60677;60678;60679;60680;60681;60682;60683;60684;60685;60687;60686;60689;60688;60690;65044;60692;60691;60693;60694;60695;60696;60697;60698;60699;60700;60701;60702;60703;60704;60705;60706;60707;60708;60709;60710;60711;60712;60713;60715;60714;60716;60718;60717;60719;60720;60721;60722;60724;60723;60725;60727;60726;60728;60729;60730;60731;60732;60733;60734;60735;60736;60737;60738;60739;60740;60741;60743;60742;60744;60745;60746;60747;60748;60749;60750;60752;60751;60753;60754;60755;60756;60757;60758;60759;60760;60761;60763;60762;60764;60765;60766;60767;60768;60769;60770;60772;60771;60773;60774;60775;60776;60777;60779;60778;60780;60781;60782;60784;60783;60785;60786;60787;60788;60789;60790;60791;60793;60792;60794;60795;60796;60797;60798;60799;60800;60801;60802;60804;60803;60805;60806;60807;60808;60809;60811;60810;60812;60813;60814;60816;60815;60817;60818;60819;60820;60821;60822;60823;60824;60825;60826;60827;60828;60829;60830;60831;60832;60833;60834;60836;60837;60838;60839;60835;60840;60841;60842;60843;60844;60845;60846;60847;60848;60849;60850;60851;60852;60853;60854;60855;60856;60857;60858;60859;60860;60861;60862;60863;60864;60866;60865;60867;60868;60869;60870;60871;60872;60873;60874;60875;60876;60877;60878;60880;60879;60881;60882;60883;60884;60885;60886;60887;60888;60889;60890;60891;60892;60893;60894;60895;60896;60897;60898;60899;60901;60900;60902;60903;60904;60905;60906;60907;60909;60908;60910;60911;60913;60912;60915;60914;60917;60916;60918;60919;60920;60921;60922;60923;60924;60925;60927;60926;60929;60928;60930;60931;60932;60933;60934;60936;60935;60937;60939;60938;60941;60940;60942;60943;60944;60945;60946;60947;60948;60949;60950;60952;60951;60953;60954;60955;60956;60957;60958;60959;60960;60961;60962;60963;60964;60965;60966;60967;60968;60969;60970;60971;60972;60973;60974;60976;60975;60977;60978;60979;60980;60981;60982;60983;60984;60985;60986;60987;60988;60989;60990;60991;60992;60993;60994;60995;60996;60997;60998;60999;61000;61001;61002;61003;61004;61005;61006;61007;61009;61008;61011;61010;61013;61012;61014;61015;61017;61016;61019;61018;61020;61021;61022;61023;61024;61025;61026;61027;61028;61029;61030;61031;61032;61034;61033;61036;61035;61037;61038;61039;61040;61041;61042;61043;61044;61046;61045;61047;61048;61049;61050;61051;61052;61053;61054;61055;61056;61057;61058;61059;61060;61061;61062;61063;61064;61065;61066;61067;61068;61069;61070;61071;61072;61073;61074;61075;61076;61077;61078;61079;61080;61081;61082;61083;61085;61084;61087;61086;61089;61088;61091;61090;61093;61092;61094;61095;61096;61097;61098;61099;61100;61101;61102;61103;61104;61105;61106;61107;61108;61109;61110;61111;61112;61113;61114;61115;61116;61117;61118;61119;61120;61121;61122;61123;61124;61125;61126;61127;61128;61129;61130;61131;61132;61133;61134;61135;61136;61137;61138;61139;61140;61141;61142;61144;61143;61145;61146;61147;61148;61149;61150;61151;61152;61153;61154;61155;61157;61156;61159;61158;61160;61161;61162;61163;61164;61165;61166;61167;61168;61169;61170;61171;61172;61174;61173;61176;61175;61177;61178;61180;61179;61181;61182;61183;61184;61185;61186;61187;61188;61189;61190;61191;61193;61192;61194;61195;61196;61197;61198;61199;61200;61201;61202;61203;61204;61205;61206;61207;61208;61209;61211;61210;61212;61213;61214;61215;61216;61217;61218;61219;61220;61221;61222;61223;61225;61224;61226;61227;61228;61229;61230;61231;61233;61232;61234;61235;61237;61236;61238;61239;61240;61242;61241;61243;61244;61245;61246;61247;61249;61248;61251;61250;61252;61253;61254;61255;61256;61257;61258;61259;61260;61262;61261;61263;61264;61265;61267;61266;61268;61269;61270;61271;61272;61273;61275;61274;61276;61277;61278;61279;61280;61281;61282;61283;61284;61285;61286;61287;61288;61289;61290;61291;61292;61293;61294;61295;61296;61297;61298;61299;61300;61302;61301;61303;61304;61305;61306;61307;61308;61309;61310;61311;61312;61313;61314;61315;61317;61316;61318;61319;61320;61321;61322;61323;61324;61325;61327;61326;61328;61329;61331;61332;61330;61333;61334;61335;61336;61337;61338;61339;61340;61342;61341;61343;61344;61345;61346;61347;61349;61348;61350;61352;61351;61353;61354;61355;61357;61356;61358;83916;61359;61361;61360;61362;61363;61364;61366;61365;61367;61368;61369;61371;61370;61372;61407;61406;61408;61409;61410;61427;61426;61428;61455;61456;61605;61560;61606;61655;61656;61692;61657;61693;61694;61726;61784;61727;61785;62071;61786;61794;61796;61795;62057;62059;62058;62094;62095;62106;62108;62107;62109;62171;62172;62174;62173;62175;62197;62218;62346;62304;62427;62426;62428;62432;62492;62493;62506;62555;62554;62556;62616;62617;62653;62618;62773;62774;62775;62859;62858;62898;62918;62924;62933;62919;62934;63018;63019;63071;63020;63106;63191;63183;63192;63314;63313;63294;63591;63601;63592;63471;63593;63595;63594;63596;63597;63598;63600;63599;63602;63603;63604;63605;63472;63606;63607;63664;63677;63678;64090;64091;63679;64282;64423;64424;64425;64426;64427;64428;64429;64489;64605;64499;64521;64522;64523;64566;64776;64777;64778;64779;64946;65563;64947;64948;65008;64950;64949;65010;65009;64951;65011;64952;65012;64953;64954;65013;64955;64956;64957;64958;65014;64959;65015;64960;65016;65017;64962;64961;64964;64963;65018;65019;65020;65021;65022;65086;65076;65087;65089;65088;65090;65091;65092;65093;65094;65239;65174;65240;65241;65242;65243;65244;65564;65565;65606;65627;65653;65654;65679;65716;65715;65761;65762;65782;65783;65864;65906;65957;65977;65993;66016;66017;66018;66214;66019;66226;66227;66228;66229;66371;66441;66460;66461;66462;66490;66491;66551;66663;66664;66665;66708;66709;66778;66779;66780;66774;66884;66891;66885;66950;66951;66952;66982;66983;66984;67185;67220;68867;67241;68868;68945;68946;69013;69068;69163;69164;69165;69166;69167;69257;69223;69279;69258;69342;69440;69503;69504;69786;69796;69945;69946;70014;70016;70015;70017;70115;70188;70467;70388;70389;70390;70392;70391;70365;70364;70393;70394;70490;70468;70491;70537;70576;70577;70578;70603;70604;70605;70704;70705;70707;70706;70708;70756;70757;70772;71191;71294;71192;71295;71296;71297;71298;71193;71490;71194;71195;71196;71197;71198;71199;71299;71200;71201;71300;71302;71301;71202;71303;71304;71305;71306;71338;71339;71340;71341;71371;71372;71373;71391;71491;71424;71517;71641;71629;71630;71631;71632;71894;71893;71910;71988;71989;72083;72084;72162;72197;72210;72275;72276;72322;72323;72365;72421;72475;72476;72477;72500;72501;72569;72570;72680;72738;72699;72739;72795;72796;72811;72855;72924;73013;73012;73014;73073;73074;73114;73115;73116;73176;73177;73200;73201;73285;73286;73296;73368;73369;73408;73453;73454;73588;73589;73590;73664;73679;73706;73797;73798;73938;73907;74103;74172;74208;74209;74305;74306;74307;74308;74349;74487;74350;74488;74489;74490;74492;74491;76197;76157;76245;76246;76448;76449;76450;76551;76552;76681;76752;76701;76702;76703;76753;76782;76783;77017;77018;77047;77084;77144;77215;77272;77216;77465;77551;77552;77553;77554;77598;77629;77700;77954;78416;78417;78418;77955;77865;77956;77957;77981;78419;78460;78841;78842;78844;78843;78845;78846;78847;78641;78642;78848;78643;78644;78849;78645;78646;78850;78536;78537;78622;78647;78648;78649;78851;78852;78853;78854;78855;81294;79082;79081;79229;79230;79231;79304;79305;79330;79381;79331;79427;79657;79658;79712;79713;79714;79715;79759;80014;80015;80016;80017;80018;80019;80020;80099;80075;80100;80162;80117;80163;80164;80397;80545;80409;80546;80902;80903;80904;80933;80905;81037;81015;81038;81072;81074;81073;81160;81308;81310;81309;81477;81476;81478;81479;81540;81541;81751;82248;82249;82250;82251;82252;82253;82254;82255;82256;82257;82258;82259;82260;82261;81770;81809;82262;82263;82264;82265;82266;82293;82294;82468;82469;82520;82521;82522;82638;82694;82759;82760;82813;82814;82815;82816;82987;82988;82989;83029;83174;83450;83451;83453;83452;83454;83455;83456;83457;83458;83459;83460;83538;83969;84015;84078;84113;84114;84144;84226;84259;84536;84393;84537;84394;84538;84539;84540;84541;84542;84543;84611;84661;84790;84791;84792;84894;84895;85189;84793;85190;85191;85192;85193;85194;85195;85196;85197;85198;85199;85200;85201;85202;85203;85204;85205;85206;85207;85208;85209;85210;85004;85071;85072;85119;85120;85211;85150;85264;85296;85212;85343;85397;85498;85499;85500;85501;85502;85503;85564;85620;85621;85622;85623;85646;85759;85706;85785;85760;85787;85786;85788;85789;85866;85790;85867;85960;85961;86100;86202;86101;86243;86363;86364;86489;86527;86528;86671;86529;86563;86564;86615;86626;86748;86747;86749;86750;86751;86846;86894;86938;86939;87548;87549;87550;87551;87552;87553;87554;87555;87556;87638;87557;87558;87559;87560;87561;87562;87563;87564;87565;87566;87567;87568;87569;86992;87570;87572;87571;87573;87574;87575;87576;87577;87578;87579;87580;87062;87103;87120;87121;87235;87581;87582;87584;87583;87308;87585;87401;87400;87402;87586;87459;87403;87460;87491;87492;87587;87639;87773;87838;87839;87840;87841;87813;87842;87843;87844;87938;88000;88037;88078;88079;88080;88174;88175;88407;88450;88451;88452;88483;88484;88676;88796;88795;88797;88798;88800;88799;88801;88860;89074;89075;89098;89099;89822;89823;89824;89825;89863;89864;89957;89958;89959;89987;89988;90020;90080;90081;90142;90143;90144;90145;90146;90241;90242;90243;90244;90344;90345;90392;90393;90501;90502;90503;90504;90617;90618;90673;90674;90751;90753;90752;90854;90939;91039;91040;91041;91042;91538;91537;91643;91539;91540;91541;91542;91081;91215;91216;91543;91296;91421;91644;91645;91646;91513;91514;91647;91648;91712;91806;91807;91808;91853;92031;91809;92032;92402;92403;92491;92404;92581;92582;92605;92719;92698;92720;92721;92722;92749;92859;92996;92965;92997;92998;93071;93072;93150;93096;93340;93366;93453;93454;93643;93557;93794;93795;93796;93797;93859;93892;94003;94004;94005;94151;94193;94194;94248;94266;94570;94571;95832;95833;94432;95834;95835;95836;95837;95838;95839;95840;95842;95841;95843;95844;95845;95846;95847;95848;95849;95850;95851;95853;95852;95855;95854;95857;95856;95858;95859;95860;96386;95861;95862;95864;95863;95914;95865;94627;94652;94653;95049;95050;95051;95052;95293;95866;95867;95868;95869;95870;95871;95872;95984;95985;96041;96042;96043;96044;96280;96301;96302;96330;96331;96332;96333;96481;96526;96561;96562;96563;96599;96600;96757;96758;96759;96760;96792;96974;96975;97037;97038;97039;97122;97201;97295;97376;97377;97378;97379;97415;97493;97515;97516;97517;97597;97631;97632;97751;97770;97845;97846;99214;99215;99216;99217;99218;99219;99220;99221;99222;99223;99224;99225;99226;99227;99228;97934;97935;99229;99300;99301;99349;99350;99351;99352;99353;99354;99505;99456;99506;99575;99576;99619;99577;99620;99621;99622;100048;100049;100120;100096;100097;100173;100347;100348;100349;100350;100372;100373;100402;100403;100458;100535;100536;100537;100568;100779;100903;100802;100905;100904;100906;100984;101041;101079;101104;101105;101256;101257;101258;101387;101388;101800;101884;101925;102032;102635;102637;102636;102638;102639;102640;102642;102641;102643;102644;102645;102647;102646;102648;102649;102650;102652;102651;102653;102654;102655;102656;102657;102659;102658;102660;102662;102661;102663;102664;102665;102666;102667;102521;102668;102669;102670;102671;102672;102673;102576;102675;102674;102676;102677;102776;102852;102853;103173;102972;103174;103244;103175;103353;103409;103410;103501;103411;103502;103594;103595;103634;103635;103688;103730;103806;103831;103959;103960;104007;104008;104093;104206;104207;104268;104269;104373;104623;104624;104701;104803;104804;104866;104868;104867;104989;104990;105019;105030;105031;105032;105070;105071;105387;105534;105535;105536;105537;105570;105611;105571;105572;105573;105683;106123;106227;106257;106124;106258;106337;106339;106338;106369;106340;106341;106554;106575;107020;107021;107083;107209;107084;107210;107211;107212;107250;108363;108278;108364;108365;108333;108334;108366;108398;108481;108399;108645;108870;108943;108944;109010;109445;109446;109447;109448;109449;109450;109451;109452;109454;109453;109455;109456;109457;109458;109459;109057;109460;109196;109308;109461;109463;109462;109340;109464;109465;109571;109643;109644;109671;109848;109849;109850;109852;109851;109853;109854;110019;110020;110021;110022;110023;110024;110025;110026;110027;110028;110088;110121;110122;110282;110283;110307;110508;110542;110886;110888;110887;110890;110889;110891;110892;110893;110655;110717;110718;110719;110720;110971;110935;110920;111002;111003;111113;111050;111258;111259;111260;111343;111344;111495;111494;111497;111496;111523;111777;111778;111806;112053;111807;112105;112135;112136;117472;117473;117474;117627;117628;117682;117786;117785;117787;117788;117850;117851;117973;118031;118056;118057;118058;118108;118166;118167;118217;118218;118442;119176;118443;119178;119177;119179;119180;119181;119182;119183;119184;119185;119186;119187;119188;119189;119190;119191;119192;119193;119194;119195;119196;119197;119198;119199;119200;119201;119202;119203;119204;119205;119206;118584;118727;118585;119207;119208;119209;118853;118866;119249;119210;119250;119251;119444;119252;119445;119446;119881;119882;119884;119883;121204;120980;121205;121326;121409;121410;121455;121456;121457;121503;121504;121532;121533;121534;121535;121607;121631;122389;122390;122391;122392;122466;122467;122468;122527;122528;122640;122641;122844;122845;122846;122887;122961;122962;123057;122995;123058;123147;123435;123436;123489;123490;123491;123648;123917;123966;123965;124100;124184;124185;124139;124234;124235;124262;124290;125016;124704;124705;124753;125203;125202;125204;125205;125206;125207;125129;125208;125447;125448;125449;125531;125591;125715;125716;126763;125916;125979;125980;126090;125981;126091;126145;126434;126303;126435;126366;126436;126454;126613;126455;126683;126684;126713;126714;126715;126944;126945;126946;126974;127034;127723;127724;127725;127726;127727;127728;128207;128206;128209;128208;128211;128210;128212;128213;128214;128215;128216;128217;128218;128219;128220;128221;128222;128223;128224;128225;128226;128227;128228;128229;128230;128231;128232;128233;128234;128235;128236;128237;128238;128239;128240;128241;128242;128243;128244;128245;128246;128247;128248;128249;128250;128251;128253;128252;128254;128255;128256;128257;128258;128259;128260;128261;128262;128263;128264;128265;128266;128267;128268;128269;128270;128271;128272;128273;127880;127881;128311;128499;128500;128502;128501;128667;128862;128861;129042;129093;129151;129277;129152;129278;129334;129577;130048;130047;129997;130078;130142;130157;130156;130191;130252;130192;130386;130498;130499;130447;130618;130750;131006;131007;131054;131055;131056;131679;131531;131680;131830;131831;131832;131987;131988;131989;131990;132085;132306;132307;132332;132888;132889;133029;133030;133128;133129;133192;133169;133193;133194;133195;133196;133197;133339;133388;133447;133517;133538;133518;133641;133754;133755;133756;133788;133789;133826;134069;134070;134071;134072;134149;134150;134151;134273;134274;134275;134346;134440;134395;134646;134647;134648;134649;134650;134652;134692;134693;134651;134694;134695;134754;134847;134848;135002;135261;134849;135262;135796;135797;135798;135799;135800;135802;135801;135803;135804;135806;135805;135808;135807;135278;135809;135810;135811;135812;135813;135279;135814;135815;135816;135817;135818;135819;135820;135821;135822;135823;135824;135825;135826;135827;135828;135829;135830;135831;135832;135833;135834;135835;135836;135837;135838;135839;135840;135841;135843;135842;135382;135844;135575;135716;135886;135845;135888;135887;135889;135890;135891;135959;136162;135960;136389;136390;136486;136391;136603;136487;137038;136690;137039;137040;136991;137041;137174;137175;137176;137292;137293;137294;137347;137348;137389;137533;137534;137390;137741;137698;137743;137742;137772;137773;138205;138206;138419;138489;138538;138584;138585;138827;138586;139220;139301;139300;139354;139353;139399;139400;139893;139894;139895;140239;140440;140441;141710;141104;141748;141691;141649;141686;141687;141753;141746;141681;141690;141677;141747;141754;141707;141698;141736;141760;141703;141720;141664;141743;141683;141711;141734;141727;141761;141702;141694;141657;141652;141650;141738;141667;141729;141679;141685;141688;141661;141695;141723;141696;141689;141744;141663;141728;141770;141654;141713;141709;141767;141755;141648;141762;141708;141704;141716;141150;141656;141653;141699;141680;141759;141412;141410;141741;141838;141842;142012;142015;142014;142556;142563;142548;142570;142810;142816;142822;142819;142821;142820;142823;142818;142999;142817;143044;143000;143243;143371;143360;143246;143361;143359;143533;144215;144214;144211;144294;144295;144297;144293;144292;144367;144369;144296;144368;144843;144744;144987;145438;145442;145460;145697;145504;146062;146064;146063;146065;148971;146270;148972;148973;147135;147136;147206;147714;150159;150160;150446;150448;150710;150760;150479;150800;150709;150711;150478;150761;150768;150789;151447;151678;151503;152088;152087;152089;152086;152192;152364;152866;152867;152951;152952;152950;152946;152949;152948;153227;153225;154130;154202;153168;154132;154131;154201;154275;154276;154821;154412;154823;155949;155948;155953;155972;156176;156178;156456;156719;159006;156717;156720;156757;156718;156799;156803;157050;157227;157131;157859;157247;158054;158079;158329;158330;158328;158331;158348;158875;61373;140214;158922;18373;19588;15704;10254;10256;124650;11593;11596;23777;23778;38948;17633;11573;12072;30124;31787;50575;16281;11709;10257;50574;11375;40887;11377;17212;10396;11777;23974;42411;33852;105613;26918;108810;99364;93962;48763;106716;56954;58181;10398;87013;63080;23973;99439;35730;103871;65791;62042;10456;18585;44401;60119;10395;20811;58452;63155;66350;18602;22313;72367;22024;76056;10901;10902;10904;10908;10905;10906;10903;10907;26919;10859;56210;13855;65057;133147;48762;44676;49274;51587;52456;56824;53503;52977;53830;70395;72909;55286;62466;59915;59916;62468;62224;62467;63231;63372;63426;63380;64587;64508;66869;65692;64918;65222;65884;66425;66448;66870;67216;69333;70855;69332;69334;70854;71324;73990;69840;70856;71323;71325;71322;71945;71265;74154;72286;72608;72936;73418;73989;73992;73742;73991;73865;74429;76416;76123;78446;77170;76464;77161;77580;78444;79145;79839;78447;79444;81209;80489;80948;81731;81046;83359;82779;81732;81884;82823;84763;82075;83369;84737;84058;84052;84645;84742;84367;84809;85880;86065;85329;87875;86149;86371;86856;86469;86818;87876;87893;87249;87313;87252;87671;90511;91045;92818;122484;100051;101113;135901;21655;20368;12209;18028;16337;18502;19407;19408;20006;18680;20008;21193;21696;20928;22034;21334;25699;22194;25700;34311;29855;106298;34413;72908;34412;34477;35362;35635;34821;47556;42443;48761;47045;47750;55802;58335;62045;59044;66423;33881;43089;34414;39350;35634;39783;39622;46017;44045;148541;10397;38689;63478;10911;10912;10913;10915;10914;10916;10394;11839;10404;14818;134420;11454;134421;134942;38153;66424;11818;42410;10785;10893;10894;10892;10910;15996;17607;88699;18491;12298;18085;10433;10434;11330;10482;10486;10485;10499;10504;10509;10519;10525;10632;10555;10563;10603;10693;10615;10619;10668;10734;10806;11366;11309;10861;10865;10866;10926;20885;11326;11307;10945;10944;11325;10943;10964;11143;11306;11029;11304;11336;11322;11301;11091;11300;11144;11145;11146;11177;11148;11147;11286;11215;11178;11191;11194;11212;11231;11413;11423;11433;11485;11528;11534;11541;11595;11683;11774;11878;11787;11790;11789;11792;11802;11803;11804;16299;11831;11832;11886;11887;11888;11928;11885;11921;11920;11992;11989;11990;12051;12052;12090;12092;12091;12205;12206;12208;12207;12235;12267;13637;13643;13639;13638;13640;13641;13642;14254;14732;14724;15467;15455;15456;15457;15458;15459;17976;15460;15714;15894;15966;15965;15964;15963;15962;16123;16125;16124;16333;16332;16324;16331;16328;16325;16326;16327;16329;16330;18020;18021;18022;18024;18023;18025;18026;18490;18215;18482;18483;18484;18488;18489;18492;18485;18486;18487;18679;18681;18682;19401;19402;19403;19404;19405;19406;19997;19998;19999;20000;20001;20002;20003;20004;20005;20172;20299;20298;20382;20390;20389;20904;20905;20906;20907;20908;20909;21077;20910;21078;21210;21212;21211;21331;21213;21332;21685;21686;21687;21688;21689;21690;21691;21695;21692;21693;21694;22027;22028;22029;22030;22031;22032;22033;22182;22183;22184;22185;22186;22187;22188;22189;22190;22191;22192;22193;22332;22333;22334;22449;22529;22530;22531;22532;22533;22534;22535;22536;22537;22538;23643;23644;23645;23647;23646;23836;23833;23834;23837;23835;23839;23838;23998;23999;24000;24329;24330;24331;24332;24334;24333;24336;24335;24338;24337;24339;24340;25026;24911;25022;25023;25025;25024;25162;25163;25165;25164;25167;25166;25168;25489;25484;25485;25486;25487;25488;25687;25688;25689;25690;25691;25692;25880;25881;25882;25883;25884;25885;25901;25902;25886;26017;26022;26018;26019;26961;26963;26962;26964;26965;28183;26966;28184;29307;29308;29309;29310;29311;29312;29313;29893;29894;31037;31038;31039;31040;31041;31042;31043;31044;33107;31046;31047;31413;31414;31415;31416;31791;31792;31793;31794;31796;31795;31797;31798;32310;32311;32313;32312;33133;33132;33134;33135;33136;33138;33137;33441;33442;33443;33444;33870;33871;33872;33873;33874;33875;33876;33877;33878;33879;33880;34120;34121;34122;34123;34401;34402;34403;34404;34405;34406;34407;34408;34410;34409;34411;34476;34743;34744;35069;35070;35071;35072;35073;35074;35075;35076;35221;35361;35630;35631;35632;35633;35822;35823;35824;36147;36148;36149;36150;36151;36152;36153;36154;38742;39340;39341;39342;39343;39344;39345;39346;39347;39348;39349;39791;39792;39793;39794;39795;40407;40435;40555;40556;40557;40558;40559;40560;40561;40562;40565;40888;40889;40890;40891;40892;42106;42107;42108;42109;42110;42112;42111;42113;42114;42115;42116;42118;42117;42437;42438;42440;42439;42441;42442;43062;43061;43063;43064;43065;43066;43865;44110;44413;44414;44415;44416;44417;44418;44419;44420;44421;44422;44423;44424;44425;45020;45021;45378;45506;45507;45508;45509;45510;45511;45512;45513;45514;45515;45516;46312;46313;46839;46840;46841;46842;46843;46844;46845;46846;46847;46848;47710;47711;47712;47713;48216;48285;48284;48286;48287;48288;48290;48289;48291;48292;48293;48294;48295;48296;48297;49219;49220;49221;49222;49223;49224;49225;49226;49227;49695;49948;49949;49950;49951;49952;49953;49954;49955;49956;49957;49958;49959;49960;49961;49962;49963;50528;50529;50530;51162;51163;51164;51165;51166;51167;51168;51169;51170;51171;51172;51173;51174;51175;51176;51177;51178;51454;51455;51903;51904;51905;51907;51906;51909;51908;51910;51911;51913;51912;51914;52583;52584;52585;53375;53376;53377;53378;53379;53380;53381;53382;53383;53384;53385;53386;53387;53388;53389;53390;53391;53858;53859;55117;55118;55119;55120;55121;55122;55123;55124;55125;55126;55127;55128;55129;55130;55131;55132;55569;55570;55571;55572;55787;55788;55789;55790;55791;55792;55793;55794;55795;55796;55797;55798;55799;56173;56174;56175;56176;56177;56449;56450;56452;56451;56453;56454;56455;56456;56736;56737;56738;56739;57273;57274;57275;57276;57277;57278;57279;57280;57281;57282;57283;57284;57285;57414;57469;57470;57471;57473;57472;57474;57475;57943;57942;57944;57945;57946;57947;57948;57949;58329;57950;58330;58331;58333;58332;58655;58334;58657;58656;58658;58659;59037;58660;59039;59038;59041;59040;59042;59043;59454;59455;59456;59457;59458;59459;59460;59906;59908;59907;59909;59910;59912;59911;61527;59913;61528;61529;61530;61531;61533;61532;61534;61535;62043;62044;62223;62459;62460;62461;62462;62463;62464;62465;62903;62904;62905;62906;62907;62908;63224;63225;63226;63227;63228;63229;63230;63419;63420;63421;63422;63423;63424;63425;63522;64570;64571;64572;64573;64574;64575;64576;64577;64578;64579;64580;64581;65210;65211;65212;65213;65214;65215;65876;65875;65877;65878;65879;65880;65881;65882;65883;66412;66413;66414;66415;66416;66417;66418;66419;66421;66422;66863;66864;66865;66866;66867;67209;67210;67211;67212;67213;67214;67215;69324;69325;69326;69327;69328;69329;69330;69331;69827;69828;69830;69829;69831;69832;69833;69834;69927;69835;69836;69837;69838;70332;70333;70334;70335;70336;70337;70338;70339;70846;70847;70848;70849;70850;70851;70852;70853;71312;71311;71313;71314;71315;71316;71317;71318;71319;71321;71320;71941;71942;71944;71943;72428;72429;72430;72432;72431;72434;72433;72930;72931;72932;72934;72935;73413;73415;73416;73417;73805;73981;73982;73983;73984;73985;73986;73987;73988;74422;74423;74424;74425;74426;74428;74427;76406;76407;76408;76409;76410;76411;77160;77162;77163;77164;77165;77166;77167;77168;77169;77572;77573;77574;77575;78432;78431;78433;78434;78435;78437;78438;78439;79125;79126;79127;79128;79129;79311;79130;79131;79133;79132;79134;79827;79135;79136;79137;79138;79828;79831;79830;79832;79833;80490;79834;80491;80492;80493;80494;80495;80496;80497;81262;81263;81264;81265;81266;81267;81268;81269;81270;81733;81734;81735;81736;81757;81737;81738;81739;81740;81741;81742;81743;81744;81745;82770;82769;82771;82772;82773;82793;82774;82775;82776;82777;82778;83358;83440;83362;83416;83357;83356;83354;83355;83370;83361;83364;83363;83360;84053;84054;84738;84055;84056;84059;84060;84057;84085;84761;84736;84743;84762;84734;84739;84735;84744;84747;84745;84741;84748;84746;84882;85333;85348;85350;85332;85321;85335;85330;85346;85406;85334;85323;85322;85324;85331;85540;85845;85843;85846;85876;85877;85884;85879;85847;85844;85849;85883;85848;86367;86372;86365;86366;86374;86373;86819;86820;86821;86822;86823;86824;86826;86825;86830;86827;86828;86849;87253;87254;87255;87256;87258;87257;87259;87260;87261;87262;87264;87263;134204;87877;87878;87879;87892;87882;87880;87890;87881;88642;87895;88643;88644;88645;88646;88647;88648;88649;88650;88651;88652;88654;88653;89746;89747;89748;89749;89751;89750;89753;89752;89754;89755;89779;89756;89757;89835;90432;90431;90433;90434;90436;90435;90437;90438;90439;90440;90441;90442;90443;91001;91002;91003;91004;91005;91006;91007;91008;91009;91010;91011;91012;91596;91013;91014;91015;91016;91597;91598;91611;91599;91600;91601;91602;91603;91604;91605;91606;91612;91607;91608;91609;91672;92015;92016;92017;92018;92020;92019;92021;92022;92023;92024;92819;92025;92820;92843;92821;92839;92822;92823;92825;92824;93464;93465;93466;93481;93468;93467;93470;93469;93471;93472;93473;93474;93475;93651;94011;93963;94017;94016;94014;94012;94013;94008;94009;93964;94340;94630;94631;94632;94633;94634;94635;94636;94637;94638;94639;94640;94641;94642;94643;95764;95809;95765;95766;95811;95813;95767;95768;95769;95770;95772;95771;96390;96391;96392;96393;97729;97325;97745;97730;97731;97737;97743;97732;97794;97740;97744;97741;97738;97733;97734;97754;97736;97742;97735;99285;107195;100054;104043;104044;99305;99365;99306;99307;99286;99282;99287;99308;99309;99304;99312;99289;99288;99290;104889;104665;99314;102265;102264;102266;102267;102268;104382;102269;102270;104890;102271;122485;102272;102273;105178;105179;105180;105181;105182;105184;105183;105185;105186;105187;105188;105190;105189;105191;105192;101522;101365;104383;101366;101367;101368;101369;101370;104891;101371;101372;101373;102035;101374;101375;100759;100760;133048;100761;100762;100763;100764;100766;100765;100767;104892;100785;100787;100782;100783;100768;100786;100788;100791;100055;100056;100057;100058;100059;100060;100061;104045;100062;104893;100103;100063;104547;104548;104549;104550;104551;104552;104553;104554;104555;104556;104557;104894;104558;104570;104559;104560;104561;104562;103745;103746;103747;103748;103749;103750;103924;104384;104895;103784;103751;103786;103752;103785;103753;103816;103754;103127;104385;103128;103129;103130;103131;103132;103220;103137;136946;103138;103139;104896;103133;103134;103141;103135;103456;103192;103136;103122;103123;103140;108960;108961;108962;108963;108964;108965;108966;108967;108968;108969;108970;108971;108972;108973;108974;109029;109036;108976;108975;105796;111684;111685;111686;111687;111688;111689;111690;111691;111693;111692;111694;111755;111695;112116;111786;122486;111697;111696;111698;111699;111756;111787;111973;111700;119582;119583;119584;119585;119586;119587;119589;119588;119591;119590;119612;119592;119593;119594;136616;119595;119596;119686;119609;119597;119768;119769;119770;119771;119772;119773;119774;119598;119599;119611;106795;106796;106797;106798;106799;106800;106655;106801;106802;106803;106804;106806;106805;106818;106807;106817;105585;105731;105546;105693;105548;105547;105549;105550;105551;105552;105553;105554;105730;105694;105695;105728;105696;105697;105699;105698;105700;110980;110981;110982;110983;110984;110985;110986;110987;110988;110989;111070;111071;110990;110991;110992;110993;111008;111045;111042;111007;110994;110484;110485;110486;110487;110488;110489;110490;110491;110414;110492;110493;110494;110495;110496;110497;110498;110499;110500;110501;108284;108285;108286;108287;108288;108289;108290;108291;108757;108292;108407;108336;111072;128764;108408;108293;108294;108295;108296;108297;108299;108298;108301;108300;109652;109603;109604;109605;109606;109607;109609;109608;109610;109611;109731;109732;109612;109684;109613;109614;109615;109616;109618;109651;109617;123513;118910;123514;118911;118912;118913;118914;118915;118916;118917;118918;122818;118919;122819;118920;122820;119463;119095;118979;118921;118978;118922;118923;118924;118958;118925;118926;118927;118928;118929;119017;118930;117997;117998;117999;118000;118001;118003;118002;118005;118004;118148;118006;118149;118007;118008;118009;118010;118012;118011;118014;118013;118094;118015;118016;110642;117411;117412;117413;117414;117415;117416;117418;117417;117419;117420;117481;117431;117421;117422;117460;117423;119239;117458;117424;117425;117426;123939;123940;123941;123942;123943;123944;123945;123946;123947;123948;123974;123949;123975;123950;123951;123952;123955;123953;127841;127842;127843;127844;127846;127845;127847;127848;127850;127849;127852;127851;127861;127853;127909;127860;127854;127855;127856;131926;131925;131927;131928;131930;131929;131931;131932;131933;131934;131935;131936;131937;131938;132020;131939;131940;122118;122119;122121;122120;122122;122123;122124;122125;122126;122127;122154;122234;122128;122129;122130;122131;122132;122155;122317;122974;122185;122255;122133;121011;121012;121013;121014;121015;121016;121017;121018;121019;121020;121109;123131;121021;123132;121022;121023;121035;121024;121025;121044;121026;121213;121027;121189;121065;121028;126570;126569;126571;126572;126573;126574;126575;126576;126578;126577;126601;126579;126602;126600;126580;126581;126582;126631;126630;126583;126584;126628;126585;126641;126604;125817;125818;125819;125820;125821;125822;125823;125824;125825;125826;125881;125827;125828;125829;125830;130260;125831;125834;125832;125833;122779;122780;122781;122782;122783;122784;122785;122786;122787;122788;122778;122789;122790;122859;122975;122869;122791;122792;125058;125059;125060;125816;125061;125062;125063;125064;125065;125066;125067;125164;125217;125074;125225;125068;125069;126634;125149;125057;125070;125071;125227;130261;125163;125255;125072;125073;130901;130902;130903;130904;130905;130906;130907;130908;130909;130910;130911;131025;130912;130913;130915;130914;130969;129716;129717;129718;129719;129720;129721;129722;129723;129724;129725;129727;129728;129729;129730;129731;129885;129715;131318;129726;128634;128636;128635;128637;128638;128640;128639;128641;128642;128643;128644;128770;128771;128742;128772;128645;128707;128646;129166;128647;131567;128686;128648;128649;128767;129167;128708;135463;135464;135465;135466;135467;135468;135469;135470;135471;135472;135473;135474;135590;136425;136474;137399;135718;135476;135477;135475;135675;135682;135587;135478;135479;135758;135462;135481;135480;135719;135482;139484;139485;139486;139487;139488;139489;139490;139491;139492;139493;139701;139494;139496;139495;140595;139598;139497;139498;139499;139500;139501;139502;139503;139504;139584;139505;139506;140596;139507;143561;143558;143569;143570;143571;143565;143559;143572;143560;143564;143562;143557;143566;143608;147956;143555;144058;144059;144057;144056;143556;143563;143567;143573;133608;143568;133609;133610;133611;133612;133613;134863;133614;134864;133615;133616;133617;133618;133619;133719;133718;133716;133620;133621;133622;132858;132857;132859;132860;132862;132861;132864;132863;132865;132866;132999;133049;132993;132994;132868;132867;132870;132869;138453;138454;138455;138456;138457;138458;138459;138460;138461;138462;138600;138463;138465;138464;138466;138467;138468;138469;138512;138470;138471;139314;138472;138452;138473;138474;137304;137254;137255;137256;137257;137258;137259;137260;137261;137262;137263;137264;137265;138088;137266;137267;137268;137269;137369;137270;137271;137272;134369;134368;134370;134371;134865;134372;134373;134866;134374;134375;134428;134376;136472;134377;136473;134416;134378;134379;134380;134381;134382;136501;136502;136503;136504;136505;136506;136507;136508;136510;136509;136527;136565;136564;136566;136511;136512;136513;136515;136514;142684;142682;142680;142693;142681;142683;142679;142690;142687;142685;142686;142888;142691;142692;142689;142808;142806;142809;142807;142695;143043;142694;142688;141430;141433;141427;141423;141424;141420;141422;141431;141434;141416;141432;141426;141503;141417;141491;141493;142595;141429;141418;141435;141425;141436;141419;141421;141428;141931;141415;140414;140415;140416;140417;140418;140419;140420;140421;140422;140423;140425;140424;140501;140426;140427;140428;140429;140430;140518;140519;140520;140521;140431;140534;140432;140465;140433;149259;148466;148461;148468;148486;148473;148475;148465;148477;148467;148480;148471;148469;148482;148485;148463;148479;148470;148476;148737;148474;148740;148739;148738;149367;148538;148464;148483;148714;148552;148553;148484;148478;152435;152430;152431;152422;152434;152436;152421;152425;152528;152433;152428;152488;152525;152432;152524;152526;152520;152426;152437;152429;152669;152427;152521;152423;156072;156063;156065;156068;156071;156066;156070;156064;156067;156069;156073;156227;156074;158206;156062;158167;158164;158165;158166;158251;156194;158205;146326;146329;146345;146335;146337;146342;146338;146339;146327;146341;148979;146344;146328;146346;146336;146343;146330;146332;146331;146418;146419;146455;146457;146454;146456;146333;146340;146479;146426;146334;153214;144884;144887;144873;144874;144882;144880;144888;144881;144877;144878;145040;145041;145039;144879;144886;144889;145033;144885;145093;145094;145091;145092;144883;144977;144876;144875;151606;151592;151588;151604;151596;151599;151598;151601;151611;151471;151472;151473;151474;151475;151476;151477;151478;151479;151488;151609;151664;151589;151597;151603;151595;151608;151607;151590;151605;151602;151594;151647;150369;150370;150367;150374;150354;150353;150368;150357;150363;150708;150365;150371;152587;150356;150351;150352;150361;150373;150360;150364;150372;150366;150358;150418;150355;150359;147226;147222;147230;147220;147224;147223;147231;147217;147221;147229;147946;147225;147024;147003;147227;147228;147218;147750;147753;147751;147752;147638;147657;147216;147219;147749;149383;149382;149396;149398;149391;149390;149440;149394;149389;149392;149438;149397;149393;149386;149401;149395;149385;149400;149387;149479;149436;149402;149388;149399;154986;154989;154990;154994;154993;154987;154997;154984;154995;154983;154996;154982;154999;155962;154985;155174;155000;155020;155143;155018;154991;155306;154988;154037;154034;154033;154026;154042;154041;154029;154043;154035;154040;154036;154027;154175;154032;154172;154038;154028;154039;154030;154171;154173;154051;154031;153381;153383;153373;153372;153377;153386;153375;153384;159064;153379;153380;153376;153374;153385;153382;153387;153388;153378;153389;153470;153428;158037;157429;157428;157432;157440;157435;157436;157426;157437;157442;157431;157427;157879;157441;157433;158039;157850;157849;157852;157851;157439;157841;157438;156617;156618;156620;156619;156621;156622;156623;156624;156625;156626;156627;156713;156628;156745;156629;156771;156630;156640;156639;156641;156642;156714;156631;158716;158701;158703;158717;158711;158704;158700;158712;158709;158713;158718;158702;158744;158786;158708;158714;158710;158818;158707;158759;158927;158715;158706;158705;123458;123459;123460;124120;123461;119150;18592;11110;26920;87734;17651;48405;35453;11867;152100;10412;11457;11459;10427;11460;10431;11458;10413;10567;10430;10426;10401;17662;10531;11119;52459;38912;72543;61647;10449;11868;46742;10432;10429;12028;50859;10553;26917;10400;48942;10428;126527;24786;10917;73026;10860;56211;10399;57608;81425;23910;10457;10458;11562;10895;10896;10897;10898;10899;10900;97086;96982;100871;16314;11329;100064;103877;80333;118715;118716;124117;137754;144951;144952;149377;157063;47709;122614;84729;122615;88561;19699;21626;154957;154955;154956;154958;154959;157062;97996;73182;12069;10835;11141;19550;47151;18553;34209;27585;31132;23979;55046;31856;55047;35352;25663;24756;24755;27586;40870;40871;54581;54580;18391;10258;10520;10259;45517;10260;10703;11053;108659;11772;10261;10262;11852;11038;52611;42088;11270;54582;11421;10263;72604;72603;63334;63333;31167;40470;11621;14227;40469;20833;11597;43827;10659;45022;43100;40448;10969;10264;41028;56009;11490;10266;27841;62759;76474;11317;10551;74091;10548;10547;10546;22415;10857;10550;34022;10858;63136;19763;10800;19762;10688;35296;32081;25422;25423;25424;14274;40449;49088;22477;35609;11865;83139;11164;17155;11126;17156;48406;22941;10349;22942;41066;22943;22944;24952;38010;107294;22945;22946;107295;22947;22948;22949;25194;19214;22950;20332;24370;22951;21258;107296;19202;107297;107298;19443;19444;39387;19367;21792;21259;37385;36851;36284;23914;36847;24844;107299;107300;107301;107303;107302;107304;130508;22952;107305;107306;22953;82536;19838;40924;19743;107307;22954;67145;22955;107308;107310;107309;107311;107313;107312;109911;109882;20052;47891;107314;107315;107316;22244;42066;29719;46333;25456;105346;107317;107318;22956;25385;46745;107319;22957;19446;107320;20739;19203;19579;107321;33791;107322;107323;107324;107325;107327;107326;107328;107329;107330;129869;138420;19204;107331;61391;22958;107332;107333;107334;107336;107335;107337;107338;107339;107340;107342;107341;126716;121174;135434;129870;138421;140363;149794;156785;25541;107343;31596;107344;107345;107346;107347;148754;24371;107348;107349;107350;22959;19368;107351;71645;107352;21006;24372;26157;43884;25271;19215;24343;107353;107354;24373;107355;22960;107356;22961;107357;107358;111114;71646;25386;25272;107359;71813;107360;19447;107361;19448;107362;20943;30164;30165;41952;19449;19369;25069;22962;107364;107363;22445;107365;36541;37052;20740;36389;19744;107366;107367;19839;26981;107368;32361;22963;36756;107369;25387;107370;20859;20271;22965;107371;107372;22966;107373;22967;25728;38854;22968;107374;22969;107375;25070;107376;20272;22059;43885;25388;20273;35407;107377;53510;20380;24953;33204;37663;26982;26983;37390;22970;107378;33908;107379;107380;154221;39488;39487;41981;22971;22972;35408;21260;25071;107382;107381;107383;107384;107385;107386;22060;107387;23685;22973;22974;107388;22975;22061;109855;23686;22301;107389;25642;107390;30166;24845;107391;76070;107392;25643;25273;107393;107394;73908;107395;107396;37632;107397;107398;24374;107399;22897;107400;23915;24375;28278;25274;33909;107401;132890;107402;71814;107403;43886;23994;24376;24377;107404;107405;107407;107406;23748;71647;23916;107408;47892;47156;107409;107410;27072;35193;24378;24846;107411;24213;107412;24379;107413;24380;24954;107414;37310;107415;107416;26984;107417;107418;26985;107419;37997;26956;107420;107421;107422;129871;30005;42970;26986;132891;148760;135435;25644;107423;25433;107424;107425;107426;107427;107428;107429;109883;24847;46317;26987;107430;26158;26988;107431;26159;107432;41943;30006;107433;29826;25275;107434;25276;107435;107436;107437;107438;107439;130509;26989;107440;71648;107441;107442;107443;126717;30167;107444;67146;107445;27073;71649;26990;107446;71650;32492;107447;107448;107449;117683;31989;26160;30007;107450;107451;42171;41052;26161;26957;26991;107452;77913;107453;107454;107455;62305;107456;97123;26162;36604;107457;107458;27074;27075;32164;107459;36895;107460;71651;31758;35194;35195;37884;107461;67147;107462;26958;31759;107463;45450;107464;26908;29205;36551;27617;107465;27076;32362;107466;62507;36474;32165;32166;32167;32493;32168;32169;107467;36856;107468;29206;107469;35409;31187;107470;107471;32494;36313;36336;107472;37316;107473;107474;107475;107476;121175;107477;126718;30168;33205;107478;81875;107479;30169;107480;107481;31331;107482;31332;32496;32495;32363;107483;107484;107485;31333;107486;32364;107487;62508;34788;33206;34789;107488;107489;43145;38168;38167;38169;107490;107491;107492;107493;107494;107495;71652;107496;33207;107497;107498;107499;58842;107500;32365;33910;107501;33792;34066;107502;33911;34790;77466;34791;34792;35196;34793;34794;34795;96564;35197;34796;34797;107503;33793;36396;51969;35578;35410;38822;107504;35198;107505;39553;107506;39554;107507;39555;40610;107508;34798;35199;48917;107509;111115;34106;107510;58843;107511;58844;37958;36623;35200;107512;37954;36656;37547;37522;107513;35201;107514;36339;35411;107515;36814;107516;35202;35203;36600;38118;71815;107517;38711;35579;67148;107518;41053;71653;38770;38780;38736;38771;38823;38781;44387;35568;107519;107520;35569;39414;107521;55063;38737;38756;107522;38738;35412;107523;38824;38782;38783;36806;49787;39325;39317;71816;107524;37667;107525;36861;39574;42136;42137;42182;107526;59285;39415;42138;40586;42183;42184;42098;42185;42217;107527;42218;42219;60090;40776;107528;39002;107529;39308;39762;39326;107530;39309;39532;42099;42139;39763;107531;40367;107532;40969;40937;107533;42220;43343;42140;46666;42078;107534;42221;45603;135436;42241;107535;71654;107536;107537;107538;71655;43096;71817;49134;67149;107539;42919;71818;107540;71656;107541;67150;107542;67151;107544;107543;107545;109856;138422;132892;71657;107546;107547;48936;49135;107548;50041;49079;49750;49136;107549;107550;107551;107552;107553;107554;107555;124073;135437;145192;44925;107556;107558;107557;44926;107559;107560;46318;71819;107561;107562;46319;71820;52470;51877;49080;49991;107563;45116;71658;107564;99432;107565;45596;107566;107567;46320;107568;50572;55477;56430;50364;107569;132893;56675;107570;126615;107571;66187;107572;66188;107573;107574;49234;53275;132894;107575;107576;50621;47100;107577;107578;48937;107579;55478;107580;50622;107581;107582;71659;71660;71661;71662;71663;71664;107583;93710;107584;71665;107585;107586;71666;107587;71667;50521;56431;51878;51879;57632;107588;56432;110656;64249;71668;107589;51880;87367;107590;51881;107591;62110;107593;107592;56676;57834;107594;54965;107595;64654;71669;107596;71670;107597;53247;53276;107598;59441;107599;52967;71671;107600;71672;71673;71674;71675;71676;71677;71135;59979;64655;59601;107601;54992;107603;107602;59049;107604;93798;107605;56433;55479;107606;71678;56434;71679;56435;71680;107607;107608;107609;58643;107610;107612;107611;107613;107614;71681;107615;107616;107617;107618;107619;107620;107621;71682;57392;107622;56464;107623;58477;107624;107625;107626;107627;107628;107629;107630;107631;124074;69902;71683;107632;56976;107633;107634;107635;57835;59050;107636;59051;59286;107637;64656;107638;107639;107640;107641;107642;107643;107644;66739;107645;107646;107647;107648;124075;68869;64657;107649;71684;107650;57680;66352;107651;107652;121176;83539;111116;107653;64606;58735;107654;59287;107655;64607;107656;107657;107658;107659;107660;66353;107661;64608;71685;79428;58028;107662;58559;107663;83540;107664;58127;107665;68870;107666;107667;64609;107668;59963;80844;107669;65208;107670;58736;107671;64610;107672;66710;72003;107673;73054;107674;107675;62450;63217;107676;107677;65628;61482;107678;64611;107679;64612;107680;106090;107681;107682;59442;156786;71686;71687;107683;62433;107684;61593;107685;91593;69903;107686;71455;107687;71689;71688;71690;107688;107689;74083;65680;107690;121177;107691;80845;107692;65638;107693;65681;107694;77721;109071;126719;107695;107696;107697;107698;107699;107700;107701;107702;107703;107704;107705;107706;107707;66800;72165;107709;107708;107710;107711;107712;107713;107714;107715;107716;107717;107718;107719;107721;107720;107722;111117;118060;121178;132895;129872;69904;107723;90082;71691;107724;107725;70442;69905;107726;107727;77680;107728;84721;107729;70443;107730;107731;107733;107732;107734;107735;76517;107736;80076;107737;107738;73055;74084;107739;76086;107740;79306;107741;85734;80846;107742;82761;107743;82762;107744;87493;107745;90083;107746;80847;107747;107748;107749;107750;107751;107752;107753;111118;118061;124076;126720;138423;154224;87640;107755;107754;90084;107756;107757;84205;107758;107759;109072;86452;107760;109073;107761;86453;107762;107763;107764;107765;111119;90571;107766;107767;107768;107769;90572;111120;107770;107771;107772;107773;111121;118129;118130;92405;107774;126721;87520;107775;87521;107776;107777;132896;146233;107778;90703;90704;107779;107780;107781;109074;87986;107782;118062;90085;90573;107783;107784;93587;107785;107786;109075;107787;135438;126722;138424;154226;97124;107788;107789;97125;107790;107791;109076;126723;135439;138425;145191;156749;154225;97693;99756;107792;100145;107793;107794;100146;111122;118131;111123;118132;118133;118134;121179;126724;126725;141557;141558;151901;29980;22976;24323;22977;107795;41067;22979;22978;22980;107796;22981;22982;23763;23687;23688;19205;20333;22983;19206;20053;21261;107797;107798;19450;107799;107800;19580;39388;21007;19370;22154;36952;21262;22245;22984;24848;107801;107802;107803;107805;107804;130510;107806;22985;82537;24381;107807;107808;22986;20054;41001;19745;107809;22987;67152;107810;22988;107811;107812;107813;107814;107815;107816;109912;109884;20055;47893;107817;107818;107819;22302;42067;29720;46334;25457;107820;105347;22989;107821;25389;46746;107822;22990;107823;19451;107824;19581;33794;107826;107825;107827;107828;107829;107830;107831;107832;107833;129873;19207;138426;61392;107834;22991;107835;107836;107837;107838;107839;107840;107841;107842;107843;107844;107845;121180;126726;129874;135440;138427;140364;149803;156784;25542;107846;107847;31597;107848;107849;107850;148765;24382;107851;107852;107853;22992;19371;71692;107854;24383;26992;24384;25277;24342;19216;107855;107856;24385;107857;22993;107858;22994;107859;107860;111124;71693;25390;107861;25391;107862;71821;107863;19452;107864;19453;20944;30170;30171;41953;19454;19372;22995;107865;107866;107867;22446;36725;20741;107868;19746;19840;107869;107870;26993;32366;22996;107871;38126;107872;25392;20860;20274;107873;107874;22998;38855;107875;22999;20742;107876;25072;107877;20275;43887;25393;20276;35413;107878;53511;20381;24955;33208;26994;36329;36931;22062;107879;21008;107880;23000;33912;107881;107882;154219;39489;39490;41982;23001;35414;25073;21263;107884;107883;107886;107885;107888;107887;22063;107889;23689;23002;23003;107890;23004;109857;107891;25645;30172;107892;24849;107893;23739;107894;71694;107895;25646;107896;107897;73909;107898;67153;107899;107900;107901;107902;24386;22898;107903;23917;24387;25394;33913;107904;107905;132897;71822;107906;43888;23918;24388;24389;107907;107908;107909;107910;71695;23749;107911;47894;107912;47157;27077;107913;23919;35204;24390;24850;107914;24214;107915;24391;107916;24392;24851;107917;37742;107918;107919;26995;107920;107921;26996;26997;107922;107923;107924;129875;42971;30008;25543;132898;135441;148764;25647;107925;25434;107926;107927;107928;107929;107930;107931;24852;109885;46321;37070;26998;26999;27000;107932;27001;107933;41944;107934;30009;29827;25278;107935;107936;107937;107938;107939;130511;25395;107940;71696;107941;107942;126727;107943;25729;30173;69906;107944;27078;107945;107946;27002;32497;71697;107947;107948;107949;117684;31990;27003;28279;27079;107950;30010;107951;42172;41054;27004;27005;27006;27080;107952;77914;107953;107954;107955;62115;107956;97126;27081;107957;25648;107958;107959;27082;27083;32170;107960;71698;31760;31761;35205;35206;38004;37728;107961;107962;31334;45451;107963;27084;29207;36874;27085;107964;27086;32367;107965;62509;37278;29721;32171;32172;32173;32174;32498;32175;43889;32176;107966;37825;107967;29208;35415;107968;107969;31188;107970;32499;37188;107971;107972;107973;107974;107975;107976;121181;126728;30174;107977;81876;107978;30175;107979;31335;107980;31336;32500;32501;32177;32368;107981;107982;107983;31337;107984;32369;107985;62510;34799;33209;34800;107986;43146;107987;38170;38171;107989;107988;107990;107991;107992;107993;71699;107994;33210;107995;107996;107997;58760;107998;32370;33914;107999;33795;34067;33915;108000;34801;34802;34803;35207;34805;34804;34806;34807;96565;34808;35208;33796;108001;37639;51970;35570;38825;108002;35209;108003;39556;108004;39557;108005;39558;35210;40368;34809;108006;48918;35416;35211;108007;111125;34107;108008;58761;108009;58762;37456;37702;108010;35212;36795;108011;35417;108012;37287;108013;35213;35214;36512;36555;108014;38712;108015;35571;108016;41055;71701;71700;38784;38772;38773;38826;38757;38785;44388;108017;35572;108018;55064;38739;108019;38740;108020;35573;108021;35418;38786;38787;38827;36559;49788;39327;39318;108022;36337;108023;37297;39575;42141;42186;108024;59234;39416;42142;40587;42258;42100;42187;42166;108025;42188;108026;42222;42223;42224;40777;108027;39003;108028;39310;40750;39764;108029;39417;39765;42101;60091;40343;108030;40369;43344;108031;40970;108032;40938;42225;42143;46667;108033;40925;42226;46322;135442;42242;71702;108034;71823;43049;49137;71824;71703;108035;108036;67154;67155;108037;108038;108039;108040;109858;132899;138428;71704;108041;108042;48938;50042;49081;49751;49138;108043;108044;108045;108046;108047;108048;108049;124077;135443;145172;44927;108050;108051;108052;108053;44928;108054;46323;108055;71825;46324;108056;71826;44357;108057;52471;49082;49992;108058;45117;108059;71705;99433;108060;45597;108061;108062;46325;108063;55480;50538;56436;50365;132900;108064;56677;108065;108066;65978;126616;108067;65979;108069;108068;53277;49235;132901;108070;50623;108071;48939;108072;55481;108073;50624;108074;108075;108076;71707;71706;71708;71709;71711;71710;93711;108077;108078;108079;71712;108080;71713;108081;71714;50522;108082;53822;56437;51882;57633;108083;56438;110657;64250;108084;51883;87368;108085;51884;108086;108087;56678;57836;56700;108088;54966;108089;64658;53248;108090;53278;108091;59443;52968;108092;71715;71716;71717;71718;71719;71720;71721;71879;64659;108093;55017;108094;108095;59013;108096;93799;56439;108097;55482;108098;56440;56441;71722;71723;108099;108100;58737;108101;108102;108103;108104;108105;108106;108107;71724;108108;108109;108110;108111;108112;108113;71725;108114;56465;108115;58478;108116;108117;108118;108119;108120;108121;108122;108123;124078;69907;71726;108124;56977;108125;108126;57837;108127;59014;108128;59052;59235;108129;64660;108130;108131;108132;108133;108134;108136;108135;66740;92406;108137;64552;108139;108138;108140;108141;68871;124079;64661;108142;71727;108143;57681;108144;66332;108145;121182;83541;108146;111126;64524;108147;58738;108148;59236;108149;64525;108150;108151;108152;108153;66333;108154;64526;71728;79429;58029;108155;58587;108156;83542;108157;58128;108158;68872;108159;108160;64527;108161;59953;108162;80848;65186;108163;58739;108164;58763;64528;108165;66711;108166;72004;108167;73056;108168;62451;108169;63218;108170;65595;108171;61457;108172;64529;108173;64530;108174;106091;108175;59444;108176;156787;71729;71730;108177;62429;108178;61594;108179;91594;108180;69908;108181;71456;71731;71732;71733;108182;74085;108183;65665;108184;108185;121183;80849;108186;65639;108187;65672;108188;77722;109077;126729;72166;108189;108190;108191;108192;108193;108194;108195;108196;108197;108198;108199;108200;108201;108202;111127;108203;118063;121184;129876;132902;91595;68873;90086;108204;69397;108205;108206;69909;70444;108207;84722;108208;70445;108209;108210;108211;108213;108212;108214;76518;108215;108216;80077;74086;108217;79270;80850;108218;82763;108219;82764;108220;87494;108221;90087;108222;108223;108224;108225;108226;108227;108228;111128;118064;124080;126730;138429;154223;87641;108229;90088;108230;108231;108232;109078;86454;108233;108234;109079;86455;108235;108236;108237;108238;111129;90574;108239;108240;108241;108242;111130;90575;108243;108244;108245;108246;111131;118135;92407;118136;108247;126731;87522;108248;87523;108249;108250;132903;146247;90675;108251;90676;108252;108253;108254;109080;87987;108255;118065;90089;108256;90576;108257;93588;108258;108259;108260;109081;126732;135444;138430;154222;97127;108261;108262;97128;108264;108263;109082;126733;135445;145096;138431;154220;156750;97694;108265;99757;100147;108266;108267;100148;111132;118137;111133;118138;118139;121185;118140;126735;126734;141551;141553;151893;80580;80581;80582;80583;80584;80585;80586;80587;80588;80589;80590;88514;80591;78395;80592;80593;80594;80595;80596;80597;80598;80599;80600;80601;80602;80603;80604;80605;80606;80607;80608;80609;80610;80611;80612;80613;80614;80615;80617;80616;80618;80619;80620;80621;80623;80622;80624;80625;80627;80626;80628;80629;80631;80630;80633;80632;80635;80634;80636;80637;80638;80640;80639;80641;80642;80643;80644;80645;80646;80647;80648;80649;80650;80651;80652;80653;80654;80655;80656;80657;80658;80659;80660;80661;84807;80662;80663;80664;80665;80666;80667;80668;80669;80670;80671;80672;80673;80674;80675;80676;80677;80678;80679;80680;80681;80682;80684;80683;80685;80686;80687;80688;80689;80690;80691;80692;80693;80694;80695;80696;80697;80698;80699;80700;80701;80702;80703;80704;80705;80706;80707;80708;80709;80710;80711;80712;80713;80934;80714;80716;80715;80718;80717;80719;80720;80721;80722;80723;80724;80725;80726;80727;80728;80729;80730;80731;80733;80732;80734;80735;80737;80736;80739;80738;80741;80740;80743;80742;80745;80744;80747;80746;80748;80749;80750;80751;80752;80753;80754;80756;80755;80757;80758;80759;80760;80761;80762;80763;80764;80765;80766;80767;80768;80769;80770;80771;80772;80773;80774;80776;80775;80778;80777;80779;80780;80782;80781;80783;80784;80785;80786;80788;80787;80789;80790;80792;80791;80794;80793;80795;80796;80797;80798;80799;80800;80801;80802;80803;80804;80805;80806;80807;80809;80808;80810;80811;80812;80813;80814;80815;80817;80816;80818;80819;80820;80821;80822;80823;80824;36510;36870;37948;37361;36271;37928;38071;36972;37461;37878;38025;37019;37416;36808;37909;36258;37902;38046;37893;37580;36639;36565;37094;37862;38094;38024;23126;23147;23150;67156;23151;23155;23158;23159;37154;37833;23163;23164;23165;23166;36626;37540;23167;23168;23198;23223;23235;23238;67157;23239;23244;67158;23247;23248;36327;38116;23249;23254;23255;23257;24974;24975;37130;23258;23259;23260;23262;23261;23263;36915;37857;37700;23264;36272;38110;23265;37992;36616;36678;37982;23266;23267;37458;36872;23268;23269;24393;23690;24394;23285;23291;23294;23295;23297;23296;38067;36987;13295;23301;13296;13297;13298;13299;13300;13301;23304;13302;33916;13304;13303;13305;13306;13307;13309;21170;26959;23306;13310;13311;13312;13313;13314;13315;13316;13317;18068;13318;13319;13320;13321;13322;13323;26909;13324;67159;14199;13325;13326;23315;21009;13327;13328;13330;23316;13331;13332;13333;13334;13336;17356;13337;23321;13338;13339;13340;13341;13342;13343;13345;13346;13347;13348;13349;13350;23326;13351;13352;72142;13354;13353;13355;13356;22155;13357;23327;13358;13359;13360;67160;13361;13362;13363;23328;13364;13365;13366;13367;13368;13369;13370;33211;13371;13372;23330;13373;13374;67161;13375;13377;13378;13380;13381;23334;13382;23336;23335;13383;13384;13385;13386;23338;33797;67162;13387;13388;13389;36568;37081;13390;13391;23343;13392;23344;13393;13394;13395;23345;23346;23351;23352;23355;23358;23359;13396;13398;13397;16084;13399;23360;23361;13400;23362;23363;25730;13401;23364;23365;13402;23366;23367;23368;13403;23369;24984;25074;23371;23372;23373;23374;13404;37808;24985;36946;23375;23376;23377;23378;23379;13405;36543;43895;23381;23383;23384;23385;23386;23387;23388;23389;23390;23391;23392;22507;15593;15482;15594;15744;17357;18284;13406;20945;30176;23395;23396;23397;23402;23403;23404;23405;23406;23407;19455;19456;23409;23410;37241;36716;37226;37979;23411;24986;36406;36305;24853;23412;23413;23414;23415;23416;23417;33798;23418;37733;37251;37548;36577;23421;24395;37271;23423;23424;27053;36302;37867;76553;27007;20946;23427;23428;25279;73910;37363;24396;24397;24398;27509;34996;27008;24399;37397;27009;24854;27010;25281;26960;25650;38026;31762;36789;27087;67163;29828;36415;37098;36954;31598;33426;33799;35222;34068;71734;36494;40971;40939;67164;71735;71736;71737;72144;72143;76519;86456;86457;90577;90578;13407;23430;13408;13409;13410;13411;13412;23433;13413;33918;13414;13415;13416;13417;13419;21171;27011;13420;13421;13422;13423;13424;13425;18070;13426;13427;13428;13429;13430;13431;13432;27088;13433;67165;14200;13434;23439;21010;13435;27012;23440;13437;13438;13440;17358;13441;13442;13444;13443;13446;13445;13447;13448;13450;13451;13452;13453;13454;13455;13456;13457;13458;13459;13460;22156;13461;13462;13463;13464;13465;13466;13467;13468;13469;13470;13471;13472;13473;13474;33212;13476;13475;13477;13478;13480;13481;13483;13484;23447;13485;13486;13487;13488;13489;13490;13491;13492;13493;23449;13494;13495;13496;13497;13498;13499;16088;13500;13501;13502;13503;13504;23452;23453;25731;13505;23454;23455;13506;25076;13507;13508;43896;23457;23459;23460;22508;15595;15483;15596;15745;17359;18283;13509;20947;23461;23462;23463;19457;19582;23465;23466;37670;37821;23772;27014;38008;76554;20948;23470;24400;24401;27015;24402;24856;27016;25652;27017;27089;29850;31599;33427;35215;34069;37644;40972;40940;71738;71739;72145;76520;86458;86459;90579;90580;23472;23473;23474;67166;13510;13511;13513;23477;23478;14367;13514;13515;13516;13517;19458;26165;13518;13519;13520;33919;53353;13521;13523;13524;13525;16089;29209;13527;53281;13529;34230;13740;22157;23480;13530;23485;23486;13531;13534;14201;13536;72146;23488;46797;23491;23492;13541;13543;13544;16187;23493;23494;72147;23495;46798;13545;13546;13547;13549;13550;13551;18074;13548;15756;13554;16090;13555;13556;13553;13558;31600;13559;23496;23497;13560;25732;13561;23498;23499;23500;23501;27090;13562;13563;23503;13564;23504;23505;13565;24993;56688;13566;23507;23508;21264;45408;23509;23510;13567;23511;40973;13568;52731;21011;13569;13571;24994;36978;23512;23513;23514;23515;23516;13572;13741;13573;23517;49655;13574;13575;49789;13745;37260;23519;28280;23521;23522;23523;23524;15757;13576;23525;23526;23527;23528;23529;55018;13577;26166;23530;26167;45032;23531;17360;15609;26910;18179;18285;30177;23534;23535;23536;23541;23542;34997;34998;23543;23544;23545;76555;23546;21265;23547;19841;19459;19460;23549;23550;37513;37046;36670;23551;38081;24995;36719;37426;23552;19842;17683;48941;18609;23553;23554;23555;33800;23556;25398;21172;36504;37387;36889;36257;24403;23559;37533;56087;23562;23563;47895;24996;33213;27018;36330;36676;23564;27019;24858;52732;25078;23567;23568;24220;24404;27091;26168;25283;73911;36354;24405;24406;27092;24407;34999;27021;27020;36484;45118;24859;27022;27023;25285;27093;71740;27024;27025;37630;71741;31763;67167;36547;35419;36684;37558;37722;30178;33801;33428;32371;33802;35000;35420;38075;71742;35574;39004;40974;40941;71743;71827;71828;67168;71744;71829;80884;46326;55540;71746;71745;71747;73593;77911;78112;72148;76521;86460;86461;90581;90582;23569;13579;23570;14366;72149;13581;71830;16188;23572;13583;13584;23573;13585;46799;13586;13587;13588;13589;13590;13592;13591;13593;16091;29211;46800;13594;18076;33921;27094;13596;53527;18078;13600;22248;13601;13603;13604;16092;13605;13606;13607;27095;13608;31601;13609;23574;23575;13610;13611;25733;13612;23576;13615;13616;13617;23578;14202;13620;56679;27026;23580;23581;21267;45409;13621;23582;40975;13622;13623;52733;13624;13625;13626;27027;13627;13629;23583;23584;23586;23585;23587;13630;13743;13631;34231;49790;37470;23589;23591;23592;23593;23594;15759;13633;23595;23596;25196;13634;27029;45033;14672;23597;27096;17361;15999;27097;54967;18180;18286;46764;23598;23599;23603;35001;35002;23604;23605;23606;49656;21268;23607;19843;19461;19583;23609;23610;19844;17686;22249;18610;23611;23612;36841;23613;33803;19462;25401;21173;76556;36986;23773;38005;23619;23620;56088;47896;24997;33214;34232;27030;36451;21012;23621;24861;28281;27031;52734;25079;23623;24222;24408;27032;27098;73912;67169;24409;27099;24410;24862;27033;27034;45119;24863;27039;27100;27042;71748;31764;67170;30179;35421;33804;33429;32372;33805;33806;35422;35003;35423;37711;71749;35576;39005;40976;71750;40942;71831;71751;71832;46327;55541;71752;71753;73594;77912;78113;76522;72150;86462;86463;90583;90584;44397;76800;76801;76802;76803;76804;76805;76807;76806;82817;76808;82818;90619;90620;90621;90622;99457;99458;99459;109172;109173;109174;109175;109176;124153;124154;135667;135668;135669;148933;29217;47040;78461;76809;76810;76811;76812;76813;76814;76815;80935;80936;80937;80938;80939;80940;80941;80942;88001;88002;88003;96601;96602;106125;121221;106126;121222;121223;132996;132997;156903;132998;156901;156902;76816;156900;76818;76817;76819;76820;76821;84759;84760;92452;92453;92455;92454;101802;101801;101803;101804;101805;101806;111186;111187;111188;111189;111190;111191;126764;126765;126766;126767;126768;126769;138539;151922;151923;76822;76823;76824;76826;76825;76827;76828;11513;100997;76829;76830;76831;76832;76833;76834;76835;76836;78463;78462;86530;86531;86532;86533;86534;94132;94133;94134;94135;118188;118189;118190;130006;130007;130008;130009;141772;141773;141771;154265;154264;124062;126263;130458;86996;86994;86995;140041;154473;142712;78915;86425;102862;103874;78916;78917;146309;146310;148180;154339;78913;144366;144449;146992;83817;62118;144334;73963;62117;62893;159004;155441;155442;155443;156208;144198;146808;144622;146928;91459;91458;91123;91917;92559;77504;86421;87600;59115;59116;47136;47137;47138;154954;77503;92040;92041;53812;42877;58105;58106;31681;31680;53811;53332;57824;66351;24912;82028;71844;71845;71846;103504;123417;104353;131167;132583;66973;66972;71843;49288;127058;154953;92467;20865;127107;141474;150981;92468;148994;149047;96305;92967;95656;109575;27618;146091;153807;155961;157871;17972;150720;150715;146088;56649;56648;38929;29999;62948;25933;26002;39448;92968;72337;46860;133963;133962;34060;100845;100846;99237;100872;70142;65873;65874;94900;66024;131725;136175;96281;11834;69441;45019;21673;11901;21229;19516;21082;34109;16137;34110;18048;40552;18671;12088;10393;20978;121572;47620;66037;79721;66835;69284;70213;71115;73246;71784;73575;76528;79722;79723;77238;79724;83992;81812;85581;85962;100844;90705;92790;93110;97526;99707;94932;97100;99235;126702;102731;104850;12215;158383;121164;47621;49070;121163;104498;121043;74243;84344;49071;47619;49072;49069;49286;53633;129500;119846;133148;21764;123005;58343;11706;21726;31717;43404;140535;24781;122584;24726;30131;42931;42932;42933;119721;119722;119723;119724;119725;119726;119727;24873;29216;40420;44384;45591;82530;57287;48433;49693;56215;69041;69042;63318;64501;65601;73131;77985;79742;108809;83529;84674;86191;100617;89052;89080;91193;91194;139912;139923;148111;44400;24870;10768;35620;15929;12294;20010;16163;12124;10923;15463;19237;57750;49692;16190;62031;62029;62030;21571;17652;38793;14228;16228;18504;20970;12647;14217;15718;35661;38794;21630;21038;22230;17257;11415;11753;18372;11066;10882;10708;10965;11341;108798;70658;104411;152684;100158;102094;102095;10607;32320;32314;106462;10267;11821;11343;12634;97993;121007;10268;10472;57620;153954;11340;56300;86328;11195;51092;10269;149334;56299;10881;122501;11339;90707;11169;14273;153588;31421;73920;71533;70657;63156;20927;90317;71049;153953;64913;58751;94437;31705;64688;56284;80102;70544;45410;52963;15901;42981;42980;121009;45411;57571;10863;35297;91263;62565;61447;32321;20007;131290;132675;83738;56043;124410;89058;62969;83298;121008;51356;83875;42873;42053;66848;57041;78479;65821;156899;42880;51891;58768;105415;94761;81606;57582;86067;51192;71534;21643;62563;62564;56984;63398;56471;56472;131127;132676;35291;95631;60108;103864;69551;26928;42476;11875;132634;14361;11677;10270;17285;35703;35705;31355;29701;10544;132025;11817;11569;11568;11762;35704;35706;10639;10817;10271;126589;10803;11230;117387;117390;34946;117365;128766;117363;117388;117392;117401;117364;66935;117389;66931;128765;117362;68981;70168;117402;117391;117393;73203;81105;117457;73763;73944;117404;143125;117403;83487;79860;88714;119728;90773;90152;90153;91811;91812;94336;118731;118732;117400;102918;101361;97610;97576;101548;102960;129387;102977;105005;108760;112036;112064;139607;143599;95887;151425;73919;122235;60093;144365;99671;73943;34947;60094;69240;60095;38208;60096;117461;47900;57691;57850;42822;60022;60021;45580;32394;56090;65690;73212;73500;74421;77182;78584;82077;83730;92557;65689;49270;50658;10409;12260;12261;12284;13848;14800;125387;127137;66474;68930;40620;71566;78068;71567;71568;71569;72744;78506;12259;40619;87735;78507;21570;42962;19496;20286;15950;62390;62389;33439;33440;33438;38913;43615;32121;35688;25705;39314;21597;38198;35105;35104;38695;29926;77557;68958;33437;25000;33486;64817;23931;64818;24022;64819;25124;64820;25370;64821;25627;25709;64822;25903;64823;26923;64824;30149;64825;31344;64826;31356;64827;35030;64828;36034;64829;40495;64830;42373;64831;33487;64832;33488;64833;33545;64815;30148;21162;124651;31423;25082;39590;17725;59736;76593;82995;84963;90628;106349;51138;32136;25693;64834;11658;69420;39618;11374;11373;10272;20888;18114;19697;55992;16322;118226;50047;50048;11536;11678;117942;76213;18000;18354;33277;25929;49709;41068;118225;41069;41071;41070;41072;41073;41074;58224;41075;41077;41076;58225;41078;41079;41080;41081;41083;41082;41084;41085;41086;41088;41087;41089;41090;41091;41093;41092;41094;41095;41096;41097;41098;41100;41099;41101;41102;41103;41105;41104;41106;41107;41108;41109;41110;41112;41111;41114;41113;41116;41115;41118;41119;41117;41120;41121;41122;41123;41124;41125;41126;41127;41128;41129;41130;41131;41132;41133;41134;41135;41136;41137;41138;41139;41140;41141;41142;41143;41144;41145;41146;41147;41148;41149;41150;41151;41152;41153;41155;41154;41156;41157;41159;41158;41160;41161;41162;41163;41164;41165;41166;41167;41168;41169;58226;41170;41171;41172;44653;41173;41174;41175;41176;41177;41178;41179;41180;41181;41182;41183;41184;41185;41186;41187;41188;41189;41190;41191;41192;41193;41194;41195;41196;41197;41198;41199;41200;41201;41202;41203;41204;41205;41206;41207;41208;41209;41210;41211;41212;41213;41214;41215;41216;41217;41218;41219;41220;41221;41222;41223;41224;41225;41227;41226;41228;41229;41230;41231;41232;41233;41234;41235;41236;41237;41238;41239;41240;41241;41242;41244;41243;41245;41246;41247;41248;41249;41250;41251;41252;41253;41254;58227;41255;41256;41257;41258;41259;41260;41261;41262;41264;41263;41266;41265;41267;41269;41268;41270;41271;41272;41273;41274;41275;41276;41277;41278;41280;41281;41279;41282;41283;41284;41285;41286;41287;41288;41290;41289;41291;41292;41293;41294;41295;41296;41297;41298;41299;41300;41301;41302;41303;41304;41306;41305;41307;41308;41309;41310;41311;41312;41313;41314;41316;41315;41317;41318;41320;41319;41322;41321;41324;41323;41621;41325;41326;41327;41964;41641;42227;41954;42299;42048;42243;42200;42947;42863;42920;42812;42836;42948;44929;43147;43364;43598;43379;43599;43854;44031;44050;44304;44591;44654;45452;44998;44958;47107;45070;45453;46205;45125;46247;46335;46216;58228;45401;47688;46169;46217;46668;47018;46685;47795;47590;46863;47568;48752;47617;49255;49101;48429;48900;48901;49757;49758;49759;49191;49760;49657;49823;51338;50854;50523;50855;50982;51111;51660;51953;58229;52629;52702;53250;52710;52711;53823;53251;53312;53636;53354;53401;53355;53637;53585;53618;53883;53868;54993;55617;55440;56033;55768;55895;55918;55826;56002;55971;41328;41329;41330;41331;41332;41333;41334;41335;41337;41336;41338;41339;41340;41341;41342;41343;41345;41344;41347;41346;41348;41349;39877;39876;39879;39878;39880;39881;39883;39882;39885;39884;39887;39886;39889;39888;39890;39891;40403;40641;41033;42388;43395;44358;44899;39892;47689;39893;39894;39896;39895;41009;39897;45375;44359;39898;40841;40881;45071;39899;47755;39900;39901;39902;39903;40642;44360;39904;39906;39905;39907;39908;44124;42244;45598;44975;47690;39909;39910;39911;46006;42245;42389;39912;39913;39915;39914;39916;42173;44678;39917;39918;44361;39919;39921;39920;42949;40442;44305;39922;39923;39924;39925;40882;47569;46185;43025;39926;39927;39928;42228;45339;39929;47570;39930;39931;39932;39933;39934;39935;39936;45619;47796;39937;39938;42837;45349;39939;39940;45095;39941;39942;39944;39943;42471;43600;45096;39945;40643;41034;42314;39946;39947;39948;39949;39950;40842;39951;39952;42102;39953;39954;39955;39956;39957;46248;39958;42390;43148;44032;40572;45531;43050;39959;40336;40815;44976;39960;45522;39961;39962;40488;43855;44636;46879;39963;39964;44606;39965;46206;39966;39967;39968;45532;47815;39969;39970;39971;46007;44900;45383;39972;39973;39974;40903;39975;39976;39977;39978;39979;39980;44306;39981;39982;39983;39984;39985;44607;43380;39986;40644;39987;39988;39989;39990;39991;39992;39993;46186;39994;39995;39996;39997;39998;39999;40524;42457;40000;40816;41622;42921;46187;40001;40002;40003;40525;42851;45454;45604;40004;45533;40005;42813;43051;40006;40007;40008;40009;40010;40011;40012;40783;45010;44621;40013;40014;40016;40015;40017;44086;45491;46727;40018;47602;42864;40019;40020;47120;40021;40022;40023;42229;44679;46249;45492;40645;40024;41035;43629;40025;46228;40026;40784;46218;40027;46229;40028;42315;44999;42201;40029;40030;40032;40031;40034;40033;40035;42852;40036;40037;40038;40039;40040;46353;43616;40041;40042;45097;46339;42791;40043;40044;40337;40045;40046;44362;40047;45455;40048;40049;40646;47019;40499;40050;40051;47591;40052;40053;40054;40055;41002;40056;40057;40058;40573;40059;40060;40061;42972;44409;40062;40063;46008;40064;40545;46749;40065;40066;40067;40068;40070;40069;46230;44608;42416;47706;40071;40072;40074;40073;40076;40075;44087;45523;41036;42973;40077;46669;40443;40078;40079;40080;40081;40082;40083;43869;41010;40084;47819;44125;40085;40086;40087;41037;40088;40089;40090;40092;40091;40093;40094;40095;40859;42458;42922;47725;40096;40097;47726;40098;40099;40100;44609;40101;40102;40103;44610;40104;40105;40106;43082;40107;40108;42230;44044;40109;44990;40110;40111;47820;40112;40113;41938;44051;47727;40114;40116;40115;40117;43345;40118;42859;40119;44930;40120;40121;40123;40122;44977;40124;40125;40126;40127;40128;40129;40130;40132;40131;40133;42202;41003;46686;40134;45126;40135;40136;40137;40138;41038;40139;42459;40588;40140;45011;40141;46207;40142;46340;40143;40144;44112;45456;45457;40145;40146;40147;42246;45350;45458;45481;40148;40149;44363;47773;40647;40150;40151;40152;40154;40153;42068;40843;42950;45072;40785;40844;40155;40786;40157;40156;40159;40158;40787;42417;40160;40161;40162;40163;40164;40165;40166;40167;40168;40169;40170;40171;40172;40173;40174;40404;40648;41039;42391;43396;44364;44901;47691;47906;49279;50460;45524;53682;40176;40175;41011;45376;49944;50366;50461;40177;53683;40178;44365;40845;40179;47756;45073;40883;50012;40181;40180;40649;44366;40183;40182;42247;40184;44126;45599;44978;47692;49083;53651;49824;40185;42248;46009;42392;40186;40187;42174;44680;46354;53652;49752;40188;40189;42175;49212;40190;40191;40192;44367;40193;40444;42951;44307;40194;40195;47852;40196;40884;47571;49753;40197;40198;42231;45340;47572;49667;40199;40200;40201;45620;47797;50415;53653;40202;40203;40204;42838;45351;40205;40206;45098;40207;42472;43601;45099;53654;40208;40650;40788;41040;42316;40209;40210;40211;40212;40846;42103;40213;53655;53656;40214;47816;53657;42393;43149;44033;50316;40574;45534;43052;40338;40817;44979;45525;40215;40216;40489;43381;44637;48320;46880;49641;53658;40217;48753;49993;44611;46208;40218;53659;40219;40220;48233;45535;40221;40222;50367;46010;44902;40223;44612;45384;40224;40904;53660;53661;48259;40225;40226;40227;40228;40229;40230;49754;44308;40231;40651;43382;40232;40233;40234;46188;49213;40235;40237;40236;42460;40526;40238;40239;40240;40818;42923;41623;48902;46189;53662;53663;40241;40242;40527;42853;45459;45605;50298;40243;40245;40244;45536;53664;40246;53665;42814;43053;53666;53667;53668;40247;40249;40248;40360;40250;42334;40789;42952;44034;44964;47774;48280;49668;53669;53670;40251;53671;40252;40819;40253;44088;46728;45493;53672;47603;48234;40254;42865;40255;47121;49975;40256;42232;46250;44681;45494;40652;49669;50368;48754;41041;43630;40257;46231;40790;46219;46232;50010;42317;45000;42203;53673;40258;40259;40260;40262;40261;42854;45460;53674;53675;53676;40263;40264;40265;40266;46355;49192;43617;53677;40267;46341;45100;42792;53678;40268;40339;42144;40269;44368;53679;45461;40270;40653;47020;40500;40272;40271;49264;47592;40273;40274;40275;41004;40575;53680;42974;44410;49256;40546;46750;50011;40276;40277;44613;46233;47707;53681;42418;40278;40279;40280;45526;49945;53684;50462;44089;42975;41042;40281;40445;46670;40282;40283;40284;40285;43870;41012;40286;53685;40287;44127;41043;40288;40289;40290;40860;42461;42924;47728;48430;50013;53686;40291;40292;47729;40293;40294;44614;49257;44615;40295;40296;48372;43083;40905;50369;40297;44991;40298;49265;40299;41939;44052;47730;50370;40300;46781;40301;43346;40302;42860;40303;53687;44931;40304;40305;40306;44980;42204;42205;40307;40308;40309;42206;46687;49280;50371;50463;53688;41005;40310;45127;50014;48235;40311;40312;40313;41044;40314;42462;40589;40315;45012;46209;46342;49214;40316;45462;49258;44113;45463;40317;44682;42249;45352;45482;45464;40318;44369;47775;40654;40319;40320;40321;40322;40323;40847;42069;42953;53689;45074;40791;46729;40792;40324;40793;42419;53690;40325;40326;40327;42925;43383;44370;44903;45527;47693;47907;49281;50464;53770;53769;53771;53772;45034;47678;45495;47868;49946;50465;50372;53773;53774;53775;53782;44371;45075;47757;50018;53691;53784;44128;45600;47694;49084;49825;44981;53692;46011;53693;44683;46356;49210;53694;53696;53695;47134;53697;42954;44309;47853;53698;53699;47573;49755;45341;53700;49670;47798;45621;50416;53701;53702;42839;45353;45101;43107;45102;53703;53704;53705;53706;53707;53708;44053;49302;46178;50417;53709;53710;53711;53712;53713;53714;53715;47817;53716;43150;50317;44035;44667;43054;53717;44982;43384;44638;48321;46881;49642;53718;53719;53720;53721;48755;49994;53723;53722;44616;46210;53724;53725;48236;45537;53726;53727;44904;50373;44905;44622;44617;44618;53728;53729;48260;43813;44310;49756;53730;46190;43385;49215;42926;46191;48903;53731;53732;53733;53734;53735;42855;45465;45606;50299;42463;53736;53737;45538;43055;53738;53884;53739;42394;43631;44411;45128;49671;50015;50409;53741;53740;42395;44090;44668;45354;45607;46730;53742;53743;53744;53745;47604;48237;47122;49976;53746;46251;44684;45496;50374;49672;48756;43632;46234;53747;46220;46235;50016;45001;53748;42856;45466;53749;53750;53751;53752;53753;48322;53754;46357;49193;43618;43856;53755;45103;46343;53885;53756;53757;44403;53758;53759;44372;45467;47021;53760;53761;49266;53762;53763;47593;53886;53764;53765;53766;53838;44412;53767;53768;46751;50017;49947;53776;50466;53778;53777;53779;44091;42976;53780;53781;46671;43871;53783;53785;44129;42464;42927;47731;50019;48431;53787;53786;53788;47732;44619;48373;53887;53789;53790;53791;44992;44623;53792;53875;44054;47733;50375;53793;46782;53888;53794;47758;53795;43347;53796;44932;53824;49267;44983;45035;43619;44906;45497;47854;49282;50376;50467;53797;53798;53799;45129;53800;48238;50020;48281;45013;53801;49168;46012;53802;53803;46211;53804;46344;49216;45468;49259;53805;53806;53807;45469;44114;44685;44322;45355;45470;53889;44373;53825;47776;47777;42955;45076;53808;53809;53810;49139;75454;75486;75548;75646;75647;75648;75649;75650;75651;75652;75653;75654;75655;75656;75657;75658;75659;75661;75660;75663;75662;75664;75665;75667;75666;75682;75683;75668;75684;75688;75416;75687;75417;75418;75419;75420;75421;75422;75423;75424;75425;75426;75427;75428;75429;75430;75431;75432;75434;75433;75435;75436;75437;75438;75439;75440;75441;75442;75443;75444;75445;75446;75447;75449;75448;75450;75451;75452;75453;75455;75456;75457;75458;75459;75460;75461;75462;75463;75464;75465;75466;75467;75468;75469;75470;75471;75472;75473;75474;75475;75476;75477;75478;75479;75480;75481;75482;75483;75485;75484;75487;75488;75489;75490;75491;75492;75493;75494;75495;75496;75498;75499;75500;75501;75497;75502;75503;75504;75505;75506;75507;75508;75509;75510;75511;75512;75513;75514;75515;75516;75517;75518;75519;75520;75521;75522;75523;75524;75525;75526;75527;75528;75529;75530;75531;75532;75533;75534;75535;75536;75537;75538;75540;75541;75542;75539;75544;75545;75543;75546;75547;75549;75550;75551;75552;75553;75554;75555;75556;75557;75558;75559;75560;75561;75562;75563;75564;75565;75566;75567;75568;75570;75569;75581;75609;75610;75571;75572;75573;75574;75575;75576;75577;75578;75579;75580;75582;75583;75584;75585;75586;75587;75588;75589;75590;75591;75592;75593;75594;75595;75596;75597;75598;75599;75600;75601;75602;75603;75604;75605;75606;75607;75608;75611;75612;75614;75613;75615;75616;75617;75618;75619;75620;75621;75622;75623;75624;75625;75626;75627;75628;75629;75630;75631;75632;75633;75635;75634;75636;75637;75639;75638;75640;75641;75642;75643;75644;75645;75669;75670;75671;75672;75673;75674;75675;75676;75678;75677;75679;75680;75681;75686;75685;75689;75690;75691;75692;75693;75694;75695;75697;75696;75698;75699;75700;75701;75703;75702;75704;75705;75707;75706;75708;75709;75711;75710;75713;75712;75714;75715;75716;75717;75718;75719;75720;75721;75722;75723;75724;75725;75726;75727;75728;75729;75730;75731;75732;75733;75734;75735;75736;75737;75738;75739;75740;75741;75742;75743;75744;75745;75746;75747;75748;75749;75750;75751;75752;75753;75754;75755;75756;75757;75758;75759;75760;75761;75763;75762;75765;75764;75766;75767;75768;75769;75770;75771;75772;75773;75775;75774;75776;75777;75778;75779;75780;75781;75828;75944;75945;75946;75948;75947;75949;75950;75952;75951;75953;75964;75963;75965;75966;75967;75968;75969;75970;75976;75977;75782;75783;75784;75785;75786;75787;75788;75790;75789;75792;75791;75793;75794;75795;75796;75797;75798;75799;75800;75801;75802;75803;75804;75805;75806;75807;75808;75809;75810;75811;75812;75813;75814;75815;75816;75817;75818;75819;75820;75821;75822;75823;75824;75825;75826;75827;75829;75830;75831;75832;75834;75835;75833;75836;75837;75838;75839;75840;75842;75841;75844;75843;75845;75846;75847;75848;75849;75850;75851;75852;75853;75854;75855;75857;75856;75858;75859;75860;75861;75862;75863;75865;75864;75866;75867;75868;75869;75871;75872;75873;75870;75875;75876;75874;75877;75878;75879;75880;75882;75881;75883;75884;75885;75886;75888;75887;75889;75890;75891;75917;75918;75892;75893;75894;75895;75896;75897;75898;75899;75900;75901;75902;75903;75904;75905;75906;75907;75908;75909;75910;75911;75912;75913;75914;75915;75916;75919;75920;75921;75922;75924;75923;75926;75925;75928;75927;75929;75930;75931;75932;75933;75934;75935;75937;75936;75938;75939;75940;75941;75943;75942;75955;75954;75956;75957;75958;75959;75960;75961;75962;75971;75972;75973;75974;75975;75978;75979;75980;75981;75982;75983;75984;75985;75986;75987;75988;75989;75990;75991;75992;75994;75993;75995;75996;75997;75998;75999;76000;76001;76002;76003;76004;76005;76006;76007;76009;76008;76010;76011;76013;76012;76014;76015;76016;76017;76018;76020;76019;76021;76022;76023;76024;76025;76026;76027;76028;76029;76030;76031;76032;76033;76035;76034;76036;76037;76038;76040;76039;76041;76042;76043;76044;76045;76046;76047;76048;76049;76050;76051;76052;55161;76188;41350;41351;64158;66343;72977;80021;67105;68947;41352;41353;41354;41355;41357;41356;41358;41955;42876;42363;43386;44374;44907;50872;52686;50873;50874;50875;50876;51591;52650;53252;53647;55483;56003;57084;57083;57970;57971;58112;58524;64208;69343;70189;69344;81697;74006;82739;64209;41359;50877;51592;57085;57086;44375;57972;41360;51593;41361;51594;45064;50878;51595;50879;73783;50880;53890;44376;41362;41363;41364;42250;44130;50881;50882;44984;50883;50884;51086;57087;52565;57586;58774;64098;66505;64905;71763;41365;41366;41367;42251;44377;50885;50886;50887;50888;51087;52566;42252;50889;57088;57089;57090;65023;65907;69474;77048;82657;58030;71614;41368;41369;42176;44686;50890;50973;53282;55165;58740;64099;64100;64102;64101;71964;69294;58615;64103;64104;64105;64106;64107;69295;69296;71965;76367;76909;77742;79307;81507;64108;81665;77099;69787;58263;64109;77196;69345;64110;44378;77850;77958;41370;42956;44311;55547;57091;64111;64112;64113;64114;64115;69259;72241;80389;81076;50891;64116;64117;41371;50892;53528;64118;83330;50893;76472;41372;51596;42233;45130;50894;50895;53586;57092;58764;58941;64862;70018;70019;71833;73410;76523;58942;41373;41374;41375;50897;50896;50898;51112;55972;52765;57093;64119;65794;66953;73129;79760;81389;83461;53484;41376;42829;55711;64120;79738;81970;81120;50487;76198;55586;70134;50899;83133;80165;45104;42473;41377;45105;50983;57094;70842;77217;82019;41378;41379;67221;66354;68948;71786;72243;72242;74115;81121;58140;41380;42300;57095;55618;57096;41381;52066;41382;53587;55587;64121;76247;77755;50900;53356;57097;64123;64122;64124;66020;41383;53357;53501;64125;41384;53402;64126;55827;51597;81666;57098;83285;41965;51598;41385;51599;53283;41386;45036;79618;42866;43151;44036;52683;70780;64127;74087;41387;79414;42989;41388;41389;41390;44965;57099;57100;57465;64128;64129;64130;65024;80022;74173;57838;58973;64131;64132;64134;64133;64135;64136;65175;65596;65865;66666;66667;67195;70933;70934;70935;72554;73147;68949;76989;76990;77599;80023;81122;81123;82068;71559;71560;79761;41391;41392;43387;44639;50902;50901;50903;50904;51983;52959;53912;55019;55162;53485;55828;57101;57102;57996;58286;58560;64138;64137;64140;64141;64139;64142;64143;64613;64636;64965;65566;65939;66492;66920;68950;69969;70936;71492;72085;72700;72455;73075;73591;73850;74088;76105;76500;77244;77672;78885;79308;79686;80565;80054;80995;81077;81877;81245;83486;55829;64925;73510;82819;41393;50905;50906;53313;55712;57103;58720;64144;81752;44389;50907;83286;64145;51600;41394;50908;41395;41396;64146;50909;52630;50910;54985;57104;64147;64148;72422;64149;41397;50911;51601;57105;55441;50912;57106;57434;64150;71307;71308;74351;76604;77229;77673;81039;81295;81667;57839;44908;64151;41398;41399;51198;57696;64152;66287;66954;72797;74321;82639;66955;50913;68951;68952;70631;77433;76501;41400;41401;64153;70758;51602;51661;44312;55981;57107;72277;64154;68874;64155;64156;66253;66741;70289;68953;73117;41402;57613;64157;64906;64159;64160;50914;41403;51603;70872;73609;65795;57108;81311;41404;41956;42928;43857;51604;51605;50915;53891;52631;56004;58113;64162;64161;65545;64163;66193;66854;69090;41405;41406;42396;51606;43872;51667;50916;52751;55619;64164;58164;64165;64166;66194;65597;66616;69069;72681;70960;74284;77319;81435;79634;58141;64168;64167;64169;64863;64780;65245;66538;69029;71171;41407;41408;42857;50917;50918;50919;52067;55137;64171;65246;66031;66855;69070;64170;71020;72555;74254;77273;79635;81436;70873;69071;72423;74007;76998;79208;81419;83287;64172;53486;41409;52684;50921;50920;76473;51199;43056;81909;51088;43858;53284;54840;70632;77674;76754;41410;41411;41412;51607;41413;41414;42343;44037;42990;52685;44966;51608;50922;51609;50923;51610;50924;51611;51612;50925;51613;52597;51614;53570;53571;57109;55686;57110;57111;57297;57853;57854;64173;58845;64174;64176;64175;64177;64178;64179;64180;64500;64888;66539;66742;66344;66912;67196;68954;70039;71033;70040;71034;72163;72324;72478;72325;73554;74033;74462;76557;80249;78650;80250;82020;51615;78651;41415;44092;50926;50927;50974;51934;57430;65717;68875;71425;77145;77230;79232;81312;41416;42867;54640;55620;57725;64181;68979;73939;76138;78105;83462;83515;81480;81481;41417;71035;69054;58767;58943;50928;57112;57596;64192;65568;65567;41418;72615;42234;55563;55564;82021;57113;53358;65682;65829;50929;73268;78253;64182;41419;50930;50931;77959;74506;77472;69374;55431;50932;55432;55484;81161;80166;41420;50933;51616;43633;76558;50934;51617;53314;81176;81878;69511;70328;74373;77434;77435;82428;41421;50935;50936;57114;57115;64531;64183;42301;45002;41422;51618;41423;41424;42830;50937;50938;50939;51619;51620;52988;57116;55138;57569;58031;58678;58677;64185;64184;64186;65718;74352;73592;77299;78886;81124;81996;64187;57117;64188;69457;71834;71835;41426;41425;50941;50940;58165;55896;64189;64190;51621;74210;50942;43620;51622;65784;76139;41427;64191;77179;51134;50943;54641;51623;42793;77662;58479;79687;77663;57118;64193;58721;57119;41428;41429;52735;55745;81078;64194;73511;55774;77600;64195;42145;64196;82640;73130;76755;83543;50944;41430;52712;58775;53588;64197;64198;64199;66463;70794;41431;41432;64200;50945;55696;51624;64781;70796;70797;72229;74507;72769;64201;50946;55728;58195;64202;41433;56018;79332;41435;41434;41436;50947;53253;55697;57531;57682;64203;64204;64205;64206;66300;72198;79309;58588;64207;66288;70843;53839;54827;53228;50948;51625;74021;53619;80251;56019;50949;51626;42420;70937;70938;41437;41957;52687;42364;43388;44379;44909;50950;52688;50951;50952;52651;51627;53229;53648;58114;57886;41438;42957;73297;83049;41439;55565;64926;72199;73707;74116;68980;74117;78856;57120;50953;55548;66552;41440;57121;76248;71172;71561;57122;41441;43873;76910;80217;81313;57123;41442;64210;83516;51628;50954;64211;69375;76140;76141;41443;44131;57124;71836;72856;76106;41444;41445;41446;67197;57125;71136;72244;71137;79822;55713;55714;57126;73979;41447;44592;52960;51844;51629;50955;57127;41448;50956;51630;53892;65247;55467;78667;41449;43084;54920;64212;50957;51631;57128;64213;80252;64214;53854;53529;41642;41450;44055;52689;53230;50958;64215;64216;65683;77524;82470;77723;50959;57129;58203;64217;64218;69233;65796;72200;73468;76424;54828;57130;79739;72536;70724;79619;72873;73751;77180;74145;78254;64219;73784;64220;64221;73512;43348;41451;50960;53254;57131;57132;64222;70020;64223;64224;57133;54642;44933;76372;53826;78464;41452;54921;65248;69168;71226;74118;81040;57840;57841;76212;81508;80024;41453;64225;45131;57726;64864;70021;57134;57727;64889;73708;77743;41454;41455;41456;41457;51632;64226;69030;69191;69192;71392;73555;76053;66195;45014;64227;66464;73327;51633;80390;53446;57597;57555;50961;65940;52472;64228;64229;50962;80253;82658;66021;69414;50963;55503;50964;53638;57855;64430;69458;80825;77197;81542;81543;58317;53231;55020;70781;56020;53827;80996;81641;51634;50965;55453;52690;41458;41459;78887;41460;43085;51635;53315;45077;54994;57136;57137;58115;64230;58944;64469;64231;64796;64795;66254;69091;69893;69894;71138;72086;73178;73397;79620;77960;81642;82523;76373;78868;41461;80254;64232;65797;50966;50967;54934;55973;58395;58396;64234;64233;64235;64236;64237;64238;69297;66985;71393;70969;71562;73015;78652;82990;41462;73287;53316;51636;57138;66801;70961;71937;80547;81643;67106;69112;72456;74463;82641;67107;67108;69113;67109;69114;67110;67111;69115;69116;67112;67113;69117;67114;64239;64240;57139;41463;51637;64241;52162;41464;56034;64242;29911;27101;27102;27603;27103;33378;34317;39497;29347;27104;27105;29348;29349;27106;27107;29350;27108;29351;27109;29352;27110;29353;27604;33379;33380;51682;39498;66345;59602;27111;67255;35948;27112;29354;27113;29355;27114;27115;29356;27116;29357;27117;29358;27118;29359;27119;27120;27121;29360;29361;27122;27123;29362;27528;29363;27529;28369;31087;31088;31722;31715;32113;32114;33498;33756;33499;33757;34318;34319;34941;34957;41465;35303;41466;41467;36199;41983;41468;41984;44934;42365;49887;42868;49888;43397;49889;44380;49890;44910;49891;45498;49892;49893;49894;51411;50488;52736;57147;53232;57148;53649;57149;55485;56005;57150;56608;57151;56609;57152;57153;57858;58116;59520;27124;27126;27125;27127;27128;27129;27130;27131;29694;27132;29912;31620;33119;31602;34198;33120;34428;34345;34958;35325;41986;41985;27510;30121;27133;41469;58032;41470;35949;41471;35950;41472;41987;27134;29364;27135;29365;27136;27137;27138;27139;29366;27140;29367;29240;29368;29877;32023;34843;34844;41988;51683;51684;51685;51687;51686;27142;27141;29369;38910;51688;51689;13753;13754;13755;13756;13757;13758;13759;13760;13761;13762;13763;13764;13765;13766;13767;13768;13769;13770;13771;13772;13773;13774;13775;13776;13777;13778;13779;13780;13781;13782;13783;13784;13785;13786;13787;13788;13789;13790;13791;13793;13792;13794;13795;13797;13796;13798;13799;13800;13801;13802;13803;13804;13805;13806;13807;13808;13809;13810;13811;13812;13813;13814;13815;13816;13817;13818;13819;13820;13821;13822;13823;13824;13825;13826;13827;13828;13829;13830;13831;13832;13833;13834;13835;13836;13837;14206;13838;14231;14264;14276;14322;14600;14658;14667;14730;14731;14769;14775;15423;15528;15552;15569;15726;15755;15923;16303;16304;16305;16306;16307;16362;16372;16454;17198;17217;17237;17238;17242;17271;17300;17325;20082;17606;17617;17618;17671;17982;18014;18057;18082;18096;18112;18113;18154;18462;18463;19240;19241;19242;19243;19244;19245;19247;19246;19248;19249;19250;19251;19333;19382;19924;19925;19926;19927;19928;19929;19930;19931;19932;19933;19934;19935;19936;19937;19996;20064;20083;20087;20209;20239;20240;20282;20334;20335;20369;20370;20483;20758;20820;20821;20879;20901;20923;21013;20967;21014;21093;21136;21137;21138;21150;21163;21233;21290;21289;21368;21369;21622;21370;21623;21624;21723;24412;24413;24414;24415;24416;24417;24418;24419;24420;24421;24422;24423;24424;24425;24426;24427;24428;24429;24430;24431;24433;24432;24434;24435;24436;24437;24439;24438;24441;24440;24442;24443;24444;24445;24446;24447;24448;24449;24450;24451;24452;24453;24454;24455;24456;24458;24457;24459;24460;24461;24462;24463;24464;24465;24466;24411;25405;25406;25407;25408;25409;25410;25411;25412;25413;25414;25415;25416;25417;25418;25419;26169;26170;26171;26172;26173;26174;26175;26176;26177;26178;26179;26180;26181;26182;26183;26184;30141;83560;83561;83563;83562;83565;83564;83567;83566;83569;83568;83570;83571;83573;83572;83575;83574;83576;83577;83578;83579;83581;83580;83582;83583;83584;83585;83586;83587;83588;83589;83590;83591;83592;83593;83594;83595;83596;83597;83598;83599;83600;83601;83602;83604;83603;83605;83606;83607;83608;83609;83610;83612;83613;83611;83614;83615;83617;83616;83619;83618;83620;83622;83621;83623;83624;83625;83626;83627;83628;83629;83630;83631;83632;83634;83633;83635;83636;83637;83638;83639;83640;83845;83641;83642;83644;83643;83846;83847;83848;83645;119958;83849;83646;83647;83648;83850;119959;83649;83650;83652;83651;83653;83654;83655;83656;83657;83658;83851;83659;83660;83661;83662;83663;83664;83666;83665;83668;83667;83669;83670;83671;83672;83673;83674;83675;83676;83677;83678;83679;83680;83681;83682;83683;119960;83685;83684;83686;83687;83688;119961;83689;83690;83691;119962;83692;83693;83694;83695;83697;83696;83698;83700;83699;83701;83702;83703;83704;83705;119963;83706;83707;83709;83708;83710;83711;83712;83713;83714;83715;83717;83716;83718;83719;83720;83721;83722;83724;83723;83725;83726;119964;83852;83727;83728;83755;83756;83757;83853;83854;83855;83856;83857;83858;83859;83860;83868;83869;83870;83903;83945;83946;83947;83948;83970;83971;83988;84016;84079;84080;84081;84082;84083;84084;84115;84116;84145;84146;84147;119965;119966;84190;84191;84192;84206;84207;84260;84227;84285;84261;84337;84286;84423;84441;84338;84361;84396;84395;84397;84424;84425;84426;84427;84442;84443;84468;84469;119967;84544;84546;84545;84723;84547;84558;84559;84560;84548;84561;84562;84633;84632;84634;84663;84724;84725;84662;84874;84875;119968;84876;84896;84897;84898;84913;84899;84914;84979;85074;85073;85151;85121;85152;85153;85179;85180;85213;85215;85214;85239;85250;85374;85375;119969;85376;85377;85378;85398;85399;85400;85379;85401;85504;85505;85532;85575;85576;85577;85597;85598;85624;119970;85625;85647;85681;85719;85720;85721;85722;85723;85761;85762;85763;85791;85764;85792;85793;85794;85795;85841;85796;85868;85870;85871;85901;85902;85903;85869;85904;85905;85906;85928;85929;85941;85942;86057;86121;86140;86141;86142;86143;119971;86184;86203;86217;86288;86289;86290;86307;86308;86309;86339;86340;86341;86342;86343;86344;86345;86346;86347;86397;86378;86398;86399;86440;86442;86441;86464;86490;86535;86536;86538;86537;86539;86540;86616;86627;86628;86648;86695;86649;86696;86703;86705;86704;86706;86707;86709;86708;86752;86753;86755;86754;86756;86757;86803;86808;86865;86866;86867;86868;86869;86870;86883;86895;87642;86941;86940;86943;86942;87007;87720;87008;87009;87643;87051;87010;87064;87063;87721;87104;87105;87106;87122;87180;87181;87196;87404;87197;87198;87644;87199;87201;87645;87202;87200;87214;119972;87215;87646;87276;87278;87279;87277;87280;87317;87318;87319;87338;87461;87495;87405;87496;87524;87525;87526;87527;87588;87528;87589;87590;87591;87647;87649;87648;87650;87651;87652;87653;87654;87655;87666;87667;87668;87669;87670;87722;87723;87724;87731;87857;87858;87859;87860;87861;87862;87863;87864;87866;87865;87867;87887;87910;87909;87911;87912;87913;87961;87962;87963;87964;87914;87988;88004;88005;88007;88006;88008;88009;88039;88038;88140;88081;88082;88141;88142;88143;88144;88176;88177;88178;88408;88453;88485;88454;88507;88486;88508;119973;88559;88515;88560;88575;88619;88620;88622;88621;88677;88623;88691;88692;88707;119974;88708;88709;88802;88710;88803;88832;88831;88834;88833;88835;88891;88892;88893;88947;88948;88949;89021;89022;89076;89654;89077;89656;89655;89722;89657;89658;89723;89775;89730;89731;89918;89919;89920;89921;89922;89923;89929;89960;89961;89989;89990;89991;89992;89993;89994;90063;90064;90065;90092;90093;90185;90187;90186;90262;90303;90263;90264;90304;90305;90346;90347;90348;90394;90395;90397;90396;90398;90399;90420;90506;90531;90505;90533;90532;90534;90535;90536;90585;90586;90587;90595;90596;90597;90623;90755;90754;90756;90757;90758;90759;119975;90820;90821;90883;90885;90884;90886;90913;90914;90991;90992;90993;90994;90995;90996;91043;91119;119976;91120;91121;91158;91159;91160;91161;91180;119977;91247;91248;91217;91249;91250;91251;91252;91253;91254;91281;91282;91297;91298;91308;91309;91318;91319;91649;91650;91651;91652;119978;91653;91654;91556;91655;91656;91657;91658;91659;91660;91661;91662;91663;91664;91666;91665;91667;91668;93151;91669;93152;93153;93154;93155;93157;93156;93159;93158;93160;93162;93161;93163;93164;93165;93166;93167;93168;93169;93171;93170;93173;93172;93175;93174;93176;93177;93178;93179;93180;93181;93183;93182;93184;93185;93187;93186;93188;93189;93190;93270;93271;93273;93272;93274;93275;93277;93276;93278;93279;93280;93282;93281;93283;93284;93285;93286;93287;93288;93290;93289;93291;93292;93293;93294;93295;93296;93297;93298;93299;93300;93301;93303;93302;93305;93304;93306;93307;93308;93309;93310;93311;93312;93313;93314;93367;93341;93342;93368;93369;93371;93370;93372;93373;93438;93437;93455;93439;93456;93457;93458;93459;93505;93506;93507;93508;93589;93558;93590;93591;93644;93615;93645;93646;93712;93647;93713;93714;93733;93734;93735;93765;93766;93767;93768;93769;93770;93772;93771;93806;119979;93807;93808;119980;93860;93861;93862;93893;93863;93894;119981;93895;93909;119982;93910;93935;93936;93937;119983;94006;94007;94036;94037;94039;94038;94040;94041;94042;94043;94067;94268;94267;94270;94269;94271;94272;94273;94274;94275;94277;94276;94278;94279;94280;94282;94281;94283;94284;94285;94319;94286;94320;94321;94322;94324;94323;94325;94349;94326;94433;94350;94434;94435;94455;119984;94504;94505;94506;94572;94507;94607;94608;94609;94668;119985;94728;94729;94739;94757;94921;94758;94938;94939;94969;95281;95282;95283;95312;95294;95313;95314;95315;119986;95316;95317;95367;95369;95368;95384;95383;95397;95396;95398;119987;95422;95423;95424;95452;95453;95534;95535;95536;95537;95564;119988;95565;95606;95607;95608;95623;95624;95625;95626;95627;95628;95650;95651;95652;95660;95710;95709;95711;95712;95761;95797;95798;95799;95800;95801;95802;95804;95803;95805;95806;95821;95822;96031;95915;96032;96033;96034;95986;95987;95988;95989;95990;95991;96075;96076;96077;96078;96079;96081;96080;96082;96083;96087;96088;96089;96134;96135;96136;96138;96137;96139;96140;96141;96147;96148;96149;96150;96255;96256;96257;96258;96259;96260;96261;96262;96263;96264;96265;96266;119989;96303;96334;96335;119990;96387;96404;96405;96429;96430;96432;96431;96434;96433;96435;119991;96527;96482;96528;96529;96530;96566;96604;96603;96653;96654;96655;96694;96695;96696;96697;96698;96699;96700;96701;96702;96715;96716;96717;96718;96761;96762;96793;96794;96795;96827;96868;96869;96870;96901;96902;96923;96903;96924;96925;96926;96950;96976;96977;97014;97015;97040;97041;97042;97043;97044;97045;97046;97063;97064;97065;97080;97081;119992;97082;97096;97097;97129;97130;97186;97187;97188;97202;97189;97203;97204;97206;97205;97207;97296;97297;97299;97298;97300;97317;97380;119993;97381;97382;119994;97431;97433;97432;97467;97466;97494;97495;97518;97519;97520;97549;97550;97570;97571;97652;97653;97572;97598;97599;97654;97656;97655;97695;97657;97771;97696;97772;97773;97774;97775;97776;97777;97824;97825;97826;97827;97829;97828;97830;119995;97831;97832;97847;97848;97850;97849;97851;97912;97913;97914;97915;97916;99083;99084;99085;119996;99086;99087;99088;99089;99090;99091;99092;99114;99115;99116;99118;99117;99119;99120;119997;99165;99180;99181;99230;99231;99232;99242;99243;99244;99245;99261;99262;99263;99302;99355;99356;99357;99358;99393;99394;99395;99397;99396;99434;99460;99462;99461;99463;99464;99465;99466;99467;99468;99469;99507;99508;99578;99579;99580;99623;99624;99625;99653;99654;99758;99705;99759;99760;99761;99959;99960;99961;99962;99963;99964;99978;99979;99980;99991;100022;99992;100024;100023;100050;100121;100122;100149;100150;100152;100151;100206;100207;100208;100209;100210;100211;100212;100213;100215;100214;100241;100242;100244;100243;100245;100246;100264;100289;100291;100290;100292;100351;100319;100352;100320;100353;100354;100374;100375;100376;100377;100378;119998;100404;100405;100406;100407;100408;100410;100409;100459;100538;100539;100540;100542;100541;100543;100544;100569;100588;100589;100614;100754;100661;100780;100803;100834;100864;100865;100907;100866;100867;100909;100908;100910;100911;100912;100913;100914;100915;100916;100917;100918;100951;100953;100952;100954;100985;100986;119999;101042;101043;101056;101055;101057;101058;101059;101060;101061;101080;101081;101082;101106;101107;101108;101109;101142;101143;120000;101144;101145;101147;101146;101201;101202;101203;101259;101204;101221;101222;101223;101225;101224;101226;101227;101228;101229;101230;101260;101289;101290;101291;101292;101293;101350;101351;101352;101353;101389;101390;101391;101392;101393;101394;101519;101520;101762;101763;101765;101764;101766;120001;101767;101768;101807;101808;101831;101832;101885;101886;101887;101888;101889;101890;101926;101891;101927;101940;101941;101942;101943;101944;101945;101946;101947;101948;102013;102066;102068;102067;102069;102070;102189;102188;102190;102191;102192;102193;102194;102218;102251;102219;102252;102253;102255;102254;102256;102257;102308;102307;102309;102310;102311;102312;102313;102314;102315;102316;102317;102318;102319;102320;102351;102352;102353;102354;102413;102414;102415;102474;102476;102475;102477;102478;102539;120002;102540;102541;102577;102542;102578;102579;102626;102627;102693;102694;102695;102728;102696;102729;102800;102802;102801;102837;102836;102839;102838;102840;102841;102854;102855;102856;120003;102910;102911;120004;102912;102913;102914;102952;102953;104649;102954;102955;120005;102973;102974;102989;102990;103111;103110;103176;103120;103178;103177;103179;103180;103181;103182;103183;103184;103185;103186;103210;103211;103212;103213;103214;103215;103216;103245;103246;120006;103247;103248;103294;103293;103295;103296;103297;103299;103298;103300;103301;120007;103315;103316;103317;103318;103355;103354;103369;103371;103370;103412;103413;103415;103414;103454;103455;103528;103503;103563;103564;103596;103597;103636;103637;103638;103639;103640;103689;103690;103742;103743;103767;103768;103769;103770;103771;103772;103807;103832;103833;103852;103853;103854;103917;103918;103919;103920;103961;104009;104010;104011;104012;104013;104014;104015;104017;104018;104019;104020;104021;104022;104023;104024;104025;104026;104027;104028;104029;104030;104094;104095;104096;104097;104098;104099;104117;104141;104142;104171;104172;104208;104209;104210;104252;104253;104650;104254;104542;104255;104270;104271;104374;104375;104376;104427;104428;104429;104430;104471;104472;104473;104474;104475;104476;104494;104495;104529;104530;104531;104532;104651;104016;104777;104778;104779;104780;104781;104782;104783;104805;104806;104869;104870;104871;104872;104873;104874;104875;104876;104877;104878;104879;104880;104952;104953;104954;104955;104956;104957;104958;104959;104960;104961;104962;104963;104964;104965;104776;104966;104967;104991;104968;104992;104993;105020;105033;105034;105035;105036;105072;105073;105094;105093;105095;105096;105097;120008;105098;120009;105148;105149;105150;105172;120010;105253;105271;105270;105272;105273;105274;105275;105276;105277;105278;105279;105280;105281;120011;105282;105283;105284;105285;105287;105288;105289;105290;105348;105349;105350;105351;105286;105352;105388;105353;105480;105408;105458;105409;105459;105460;105462;105461;105463;105481;105483;105482;120012;105506;105513;105538;105539;105540;105541;105574;105576;105575;105577;105578;105579;105580;105581;105582;105648;105647;105684;105685;105719;105720;106092;105721;105722;105744;105763;105764;105765;106041;106042;106043;106044;106045;106046;106047;106048;106049;106073;106093;106127;106094;106095;106128;106129;106130;106131;106132;106133;106185;106184;106187;106186;107251;106259;106260;106261;106262;106263;106292;106293;106294;106342;106343;106344;106345;120013;106346;106370;106435;106436;106437;106438;106439;106440;106441;106443;106442;106444;106445;106446;106447;106448;106449;106450;106451;106452;106453;106454;106455;106456;106470;106471;106472;106473;106474;106475;106476;106477;106479;106478;106480;106481;106527;106526;106528;120014;106529;106530;106531;106532;106555;120015;106576;106577;106578;106579;106580;106602;106603;106604;106605;106617;106618;106652;106653;106654;106673;106672;106674;106707;106708;106745;106746;106747;106748;106786;106787;106788;106789;106815;106834;106835;106836;106865;106866;106867;106896;106868;106897;106898;106900;106899;106901;106926;106941;106942;106943;106944;120016;106967;107002;107022;107054;107055;107085;107086;107115;107131;107116;107132;107139;107141;107140;107143;107142;107144;107213;107214;107252;107253;107254;107255;107288;120017;107289;107290;107291;107292;108279;108280;108509;108511;108510;108367;108512;108368;108369;108400;108401;108402;108449;108450;120018;108451;108452;108482;108528;108529;108530;108531;108532;108578;108533;108579;108580;108581;108646;108647;108648;108650;108649;108652;108651;108653;118346;108655;108654;108656;108684;108685;108686;108687;108705;108744;108745;108746;108747;108748;108749;108825;108824;108826;108827;108828;108829;108830;108831;108871;108872;108873;108874;108875;108876;108877;108945;108946;108947;109000;108948;109001;109011;109013;109012;109014;109015;109028;109083;120019;109084;109085;109161;109162;109198;109197;120020;109240;109241;109242;109243;109244;109245;109246;109247;109248;109249;109250;109251;109252;109253;109254;109255;109256;109257;109258;109259;109260;109261;109262;109264;109263;109265;109266;109267;109268;109269;109270;109271;109272;109273;109274;109275;109276;109278;109277;109309;109310;109341;109342;109355;109356;109357;109358;109359;109360;109547;109548;109549;109550;109572;109598;118251;109599;109645;109647;109646;118252;120021;109672;109673;109674;109675;109676;120022;109678;109677;109679;109721;109722;109756;109757;109758;109759;109760;109761;109762;109763;109764;109765;109766;109767;109768;109769;109770;109771;109772;109773;109774;109776;109775;109777;109778;109779;109780;109781;109782;109783;109784;109786;109785;109787;109788;109789;109790;109791;109792;109793;109794;109796;109795;109797;109859;120023;109860;109861;109862;109886;109887;109888;109889;109891;109890;118253;109913;109937;109938;109939;118254;110029;118255;110030;110031;110032;110034;110033;110036;110035;110037;110038;110039;110040;110041;110042;118256;110043;110089;110090;110091;110092;118257;110093;118258;110183;110123;110184;110185;110186;110187;110188;110189;110190;110222;110223;110224;110258;110259;110260;110261;110284;110310;110338;110339;110340;110341;110342;110343;110344;110345;110347;110346;110348;110349;110350;110351;110353;110352;110354;110355;110356;110357;110358;110359;110360;110361;110362;110363;110364;110365;110366;110367;110368;110369;110370;110371;110372;110373;110374;110375;110376;110377;110379;110378;110380;110381;118259;110393;110394;110410;110411;118260;110412;110443;110444;110445;118261;110473;110509;120024;110510;110511;118262;110512;110531;110544;118263;110545;110546;118264;110547;110548;110594;118265;110595;118266;110596;110620;118267;110659;110621;110635;110636;110637;110638;118268;110639;118269;110640;110660;110661;110682;118270;110683;118271;110684;110685;120025;110760;110761;110762;110763;110764;110803;110804;110836;110837;110838;118272;120026;120027;120028;120029;120030;120031;120032;120033;110938;118273;120034;120035;120036;110966;110972;120037;120038;120039;120040;111051;118274;120042;120041;120043;120044;120045;120046;111052;111053;111055;111054;111056;111057;111058;111059;111101;111102;120047;120048;111134;111150;120049;118275;120051;120050;120052;111200;111201;120053;111202;120054;111203;118276;120055;120056;111261;111262;111263;120057;111264;111265;120058;111328;111329;111346;111347;111348;111367;111369;111368;120059;111370;111371;120060;111372;120061;120062;120063;120064;111373;111433;118277;111434;120065;111435;120066;111436;111437;111438;111439;111440;111441;111442;120067;111443;111444;111445;111446;111447;111448;111449;111450;111451;111452;111453;111455;111454;111456;111457;111458;111459;111460;111461;111462;111463;111464;111503;111504;111505;120068;111507;111506;111508;111509;111525;120069;111546;120070;111548;111547;111574;121042;111575;120072;120071;111591;111592;120073;111639;111662;120074;111663;120075;111664;120076;111740;120077;111741;118278;111743;111742;118279;111744;118280;111745;111747;111746;111781;118281;120078;111782;111784;111783;120079;120080;111785;118282;111813;120081;111814;111815;118283;111816;111817;111818;111820;111819;111821;111822;111823;111824;111825;111826;111827;111828;111829;111830;111831;111832;111833;111834;111836;111835;111837;120082;111838;111839;111840;111841;111842;112010;112011;112012;120083;112013;118284;112014;112015;112016;120084;120085;119211;119142;112055;112056;120086;112057;120087;112079;112080;112081;112082;112106;112107;119551;112108;112145;112146;112148;112147;118285;120088;112271;112188;112199;112200;112201;112202;120089;112203;120090;112204;120091;112272;112273;112274;112275;112276;112278;112277;117354;112287;117355;118286;118287;120092;120093;117385;117386;118288;117448;120094;117449;120095;117450;117451;117452;120096;117453;120097;117478;120098;120099;117527;117528;118289;117529;120100;120101;120102;117629;117660;117661;118290;117663;117662;117664;120103;120104;117694;118291;117695;117696;118292;117697;120105;117698;117699;117700;118293;117701;120106;117703;117702;117799;117801;117802;117800;117803;117804;117820;120108;120107;120109;120110;118294;120111;117821;117822;118295;117899;117823;117824;118296;117858;120112;117859;120113;120114;120115;117900;117866;118297;118298;117901;120117;120116;117902;117903;120118;117932;118299;120119;117933;120120;120121;117989;117990;117991;122393;120122;117992;118300;117993;118301;120123;117994;120124;117995;118302;120125;118032;120126;118033;118034;118078;118079;120127;118080;118141;120128;118171;120129;120130;118172;120131;120132;118173;120133;118175;118174;118198;118199;118303;120134;118222;118304;118223;118305;120135;118306;120136;118318;120137;120138;118319;118320;118321;120139;118347;118348;120140;118349;118350;118351;120141;118352;118353;118354;118355;118356;118357;120142;118387;118388;120143;118390;118389;118391;120144;120145;118454;118455;118456;118457;118458;118459;118460;120146;120147;118490;118491;120148;120149;118499;118498;118500;118501;119571;118502;118564;120150;118565;118566;119449;118587;118588;119672;119572;120151;118589;119450;118590;119451;118728;119573;118729;120152;120153;118747;118748;118749;119574;120154;120155;120156;118819;119552;120157;120158;120159;118854;120161;120160;120162;118882;118952;118953;119553;120163;118965;119575;119011;119644;119012;119554;119013;119031;119032;120164;119033;119034;119035;119036;119041;119042;119576;119115;120165;120166;119116;119117;120167;120168;119143;119144;119645;119145;119212;119213;119555;119214;119215;120169;119281;119282;119283;120170;119284;120171;120172;119285;119286;120173;119299;119333;125666;119334;120174;120175;119335;119336;119452;119453;119454;119455;119456;119457;120176;120178;120177;120180;120179;120181;120182;119556;120183;119577;119578;120184;119579;119646;119647;119648;120185;120186;119649;129578;119650;119651;119718;119719;119740;119720;119741;120187;119742;119743;119745;119744;120188;119746;119747;119760;119761;119762;119763;120189;119806;120190;120191;119807;120192;119808;119809;119810;119824;119825;119869;119870;120193;119871;119872;119937;119954;120194;119955;120195;119956;120196;120982;120983;120984;120985;120986;120987;121003;121058;126492;121059;121060;121061;121091;121092;121093;121094;121158;121159;121206;121207;121209;121208;121240;121241;121242;121243;121293;121292;121295;121294;121296;121297;121298;121299;121300;121301;121302;121304;121303;121305;121341;121342;121343;121416;121344;121417;121465;121467;121466;121539;121540;121568;121569;121570;121610;121571;121611;121612;121613;121614;121615;121616;121617;121618;121635;121636;121637;121638;122047;122048;122049;122050;122092;122113;122146;122147;122148;122149;122181;122182;122228;122230;122229;122307;122306;122308;122309;122311;122310;122312;122341;122340;122342;122344;122343;122345;122360;122361;122397;122419;122446;122471;122472;122473;122474;122475;122476;122477;122478;122530;122531;122532;122581;122608;122645;122609;122663;123780;122664;122665;122666;122715;122748;122747;122774;122773;122775;122776;122808;122809;122810;122850;122851;122889;122890;122944;122964;122965;122967;122966;122968;122969;122970;122996;122997;122998;122999;123000;123060;123061;123062;123063;123064;123065;123066;123067;123068;123069;123070;123071;123125;123126;123409;123410;123411;123412;123444;123413;123446;123445;123447;123448;123449;123450;123451;123496;123497;123499;123498;123500;123501;123546;123547;123548;123549;123550;123551;123633;123634;123635;123636;123671;126524;123673;123672;123748;123747;123749;123781;123782;123783;123784;123785;123823;123822;123824;123825;123923;123924;123925;123926;123927;123928;123929;123968;123967;123969;123970;123993;123994;123995;123996;123997;123998;124018;124055;124056;124057;124082;124083;124109;124110;124111;124112;124113;124148;124149;124150;124151;124190;124268;124269;124270;124293;124294;124295;124296;124314;124315;124317;124316;124318;124319;124320;124361;124362;124363;124364;124403;124404;124405;124452;124451;124454;124453;124456;124455;124586;124644;124646;124645;124647;124674;124675;124694;124695;124715;124716;124757;124853;124852;124854;126493;124855;126439;124856;124857;126440;125023;125214;126525;125024;126441;125130;125920;125131;125132;125133;125244;125245;126457;125246;126458;138490;125248;125247;125280;125249;125281;125282;125283;125307;126494;125333;125334;129878;125335;126336;125351;125457;125458;125459;125460;125461;125462;125463;125464;125465;126442;126686;125466;125467;130087;125468;125469;125470;126443;125471;125535;125536;126736;125537;125539;125538;125541;125540;126495;126459;125592;125620;125672;125673;126496;125674;125675;125676;121004;121005;121160;121306;122051;121468;122093;122094;122150;122151;122231;122313;150628;122867;122891;125677;126526;122945;122971;123072;123073;123452;123453;123454;123455;123456;123552;123553;123554;123637;123638;123639;123640;123674;123826;123971;123972;124084;124321;124365;124406;124858;150613;150546;125702;125250;125284;125336;125472;125473;125678;125759;125703;125845;125846;125944;125984;150510;150662;150666;150625;150649;150551;150561;150575;150610;150684;150585;150682;150512;150530;150600;150626;150669;150597;150648;150529;150598;150618;150681;150540;150594;150558;150664;150554;150620;150514;150614;150563;150593;150624;150633;150619;150660;125760;150533;150642;150568;150507;125761;150650;150535;150552;150517;150668;150638;125762;150601;125763;125764;125798;125799;125800;125847;125848;125849;125873;125850;125874;125875;125876;125921;125922;125945;125946;125947;125985;125986;125987;125988;125989;125991;125990;125993;125992;125994;125995;125997;125996;126044;126046;126045;126047;126062;126063;126149;126151;126150;126153;126152;126154;126155;126156;126157;126159;126158;126160;128071;126161;126162;126163;126164;126166;126165;126167;126168;126169;126170;126171;126172;126173;126237;126238;126239;126240;126253;126337;126444;126460;126461;126462;126497;126463;126499;126498;126501;126500;126502;126560;126561;126562;127744;126595;126597;126596;126687;126617;126618;126619;126688;126689;126690;126691;126692;128017;126693;126694;126695;126696;126697;126737;126738;126739;126740;126741;126742;126743;126744;126770;126771;126808;126809;126810;126811;126812;126813;126814;126913;126914;126981;126982;126984;126983;126985;126986;127038;128018;127040;127039;127089;127090;127092;127091;127745;127746;127747;127748;127749;127750;127751;127752;127753;127754;127755;127756;127757;127758;127759;127760;127761;127762;127763;127764;127765;127766;127767;127768;128019;127769;127771;127770;127773;127772;127774;127775;127777;127776;127779;127778;127780;127781;127782;127783;127784;127785;127786;127787;127788;127789;127838;127790;127884;127885;128020;128021;128609;128610;128072;128022;128073;128048;128144;128074;128145;128146;128147;128301;128312;128302;128752;128313;128314;128315;128317;128316;128318;128319;128410;129096;128466;128411;128468;128467;128469;128470;128471;128472;128473;128504;128520;128542;128543;128544;128612;128611;128613;128628;128673;128870;128674;128675;129844;128676;128677;128678;128679;128753;128871;128872;128873;128966;128988;128989;128990;128991;128992;129043;129044;129045;129046;129153;129047;129155;129154;129156;129157;129158;129159;138248;129160;129282;129283;129285;129286;129284;129287;129288;129347;129348;129349;129350;129381;129382;130088;129383;138249;129401;129402;129403;129404;129465;129526;129527;129528;129529;129552;129553;129554;129581;129555;129582;129583;129673;129674;129675;129676;129746;129747;129748;129773;129772;129879;129845;129881;129880;129961;129962;129963;129965;129964;129966;130001;130002;130050;130051;130089;130144;130941;130145;130162;130161;130164;130165;130163;130166;130942;130193;130943;130194;130195;130196;130944;130198;130197;130199;130253;130254;130255;130256;130257;130340;130341;130342;130343;130344;130345;131067;130361;130388;130389;130390;130391;130421;130422;130423;130424;130425;130426;130449;130451;130450;130512;130452;130583;130584;130619;138250;130620;130621;130752;130753;130754;130755;130896;130897;130898;130899;130900;130945;130946;130947;130948;130950;130949;130952;130951;130953;130954;130955;130956;130957;130958;130959;130960;131068;138251;131069;131070;131071;131118;131119;131121;131120;131122;131123;131124;131159;131160;131221;131222;131223;138252;131224;131302;131303;131304;131305;131306;131307;131308;131309;131310;134278;131311;131312;131385;131386;131387;131388;131389;131390;131391;131545;131546;131547;131548;131549;131550;131551;131552;131553;131554;131555;131556;131557;131558;131750;131751;131752;131753;131754;131755;131756;138253;131757;131758;131759;131760;138254;131998;131833;131999;132000;132001;132002;132003;132004;132005;132007;132006;132008;132009;132010;132070;132072;132071;132073;132089;132088;132090;132091;132092;132093;132094;132236;132237;132238;132239;132308;132309;132334;132335;132336;132338;132337;132388;132387;132389;132390;132395;132394;132396;132431;132430;132432;132518;132671;132670;132703;132702;132704;132705;132706;132707;132743;132744;132745;132765;132766;132767;132850;132851;132852;132853;132921;132922;144032;132923;132924;132926;132927;132925;132928;132952;133032;138255;133033;133034;133035;133037;133036;133038;133134;133135;133136;133137;133138;133139;133140;133141;133175;133176;133177;133201;133202;133203;133254;133255;133256;133257;133258;133348;133259;133349;133389;133390;133391;133393;133392;133394;133395;133397;133396;133438;133439;133448;133493;133494;133495;133539;133520;133540;133541;133542;133543;133544;133545;133546;133547;133594;133595;133596;133597;133598;133600;133599;133601;133602;133761;133762;133763;133790;133791;133792;133829;133830;133831;133832;133833;133834;133835;133836;133837;133838;133839;133946;133947;133948;133949;134035;134036;134074;134075;134076;134077;134078;134079;134080;134081;134082;134083;134099;134101;134100;134102;134103;134104;134105;134106;134158;134160;134159;134161;134199;134200;134202;134201;134203;134285;134286;134287;134288;134290;134289;134291;134292;134294;134293;134295;134296;134297;138256;134350;134351;134364;134363;134365;134366;134399;134400;138257;134401;134441;134560;134561;134621;134622;134623;134624;134625;134654;134655;134653;134656;134697;134698;134756;134757;134824;134853;134854;134852;134855;134937;134972;134938;135023;135024;135025;135164;138258;135165;135166;135167;135169;135168;135196;135197;135223;135224;135225;135226;135227;139904;135228;135266;135267;135268;135281;135387;135388;135389;135390;135391;135392;135393;135394;135395;135396;135397;135579;135671;135751;135580;135752;135753;135754;135961;135893;135962;135963;135964;135965;136013;136024;136025;136014;136026;136075;136074;136076;136077;136079;136080;136078;136081;136082;136163;136164;136165;136167;136166;136169;136168;136170;136279;136280;136394;136395;138259;136396;136397;136462;136463;136464;136465;136467;136466;136468;136469;136649;136648;136650;136651;136652;136653;136654;136655;136656;136657;136658;136659;136660;136661;136782;136662;136783;136784;136785;136786;136787;136788;136789;136790;138260;136791;136792;136793;138261;136794;136795;136796;136797;136799;136798;136800;137535;137536;137537;137538;138262;137539;137540;138263;137541;137542;138540;137543;150576;150582;150590;150661;150605;150651;150679;150577;150528;150676;150599;137544;150511;137545;150547;150538;150588;150672;150583;150589;150644;150557;150539;150630;150518;150627;150608;150555;150673;150602;150553;150544;150615;150581;150522;150635;150573;150606;150520;150680;150659;150578;150683;150652;150525;150607;150632;150665;150584;150641;150623;150663;150564;150657;150591;150574;150545;150647;150677;150639;150616;150569;150629;150595;150560;150556;150531;150548;150542;150643;150580;150674;150526;150541;150603;150523;150527;150609;150670;150611;150592;150513;150634;150656;150549;150596;150636;150637;150671;137547;137546;137548;137549;137551;137550;137577;137552;137578;137579;137580;137581;137582;138541;137583;137584;137585;137586;137587;137588;137589;137590;137591;137592;138264;137593;137594;137595;137596;137597;137598;138491;137599;137600;137601;137602;137603;137604;137605;137606;138542;137607;137608;137609;137610;137611;137612;137614;137613;137615;137616;137618;137617;137619;137620;137622;137621;137623;137624;138265;138266;138267;138543;138268;138269;138270;138271;138272;138273;138274;138275;138276;138277;138278;138279;138280;138281;138282;138283;138285;138284;138544;138286;138288;138287;138289;138290;138291;138292;138293;138294;138295;138296;138297;138298;138299;138300;138301;138302;138303;138304;138305;138306;138307;138308;138309;138310;138311;138312;138313;138314;138315;138317;138316;138318;138319;138320;138321;138322;138323;138324;138432;138433;138434;138492;138493;138494;138495;138496;138545;138546;138547;138549;138548;138550;138551;138758;138759;138791;138760;138792;138794;138795;138830;138793;138831;138832;138833;138871;138870;138993;138992;138994;138996;138995;139169;139170;139171;139172;139173;139174;139175;139176;139177;139178;139222;139223;139282;139308;139309;139310;139358;139359;139360;139361;139362;139363;139364;139402;139403;139404;139405;139406;139407;139408;139409;139410;139452;139453;139454;139532;139534;139533;139535;139536;139566;139592;139593;139594;139656;139595;139657;139835;139836;139837;139658;139684;139685;139686;139687;139688;139689;139690;139691;139720;139721;139722;139723;139781;139838;139839;139840;139841;139842;139843;139844;139845;139846;139847;139905;139906;139907;140025;140026;140027;140109;140241;140242;140243;140244;140246;140245;140247;140248;140446;140249;140250;140251;140252;140253;140254;140255;140256;140257;140258;140259;143618;140260;143713;140262;140261;140263;140264;140379;140378;140380;140381;140382;140383;140384;140386;140385;140388;140387;140447;140448;140449;140475;140476;140477;140478;140479;140480;140481;140513;140512;140514;140515;143683;143870;143849;143767;143790;143840;143634;143746;143833;143872;143733;143715;143691;143835;143693;143883;143645;143734;143782;143825;143868;143628;143828;143739;143655;143641;143864;143807;143732;143789;143774;143806;143877;143667;143714;143810;143724;143823;143808;143736;143756;143636;143793;143829;143798;143750;143682;143800;143685;143651;143873;143853;143637;143707;143610;143630;143781;143665;143663;143631;143805;143819;143718;143678;143657;143743;143690;143865;143866;143721;143815;143671;143643;143679;143652;143775;143783;143839;143650;143612;143708;143801;143699;143842;143747;143837;143742;143762;143640;143672;143609;143681;143757;143786;143850;143615;143884;143845;143722;143673;143803;143744;143626;143784;143862;143659;143882;143758;143771;143656;143751;143649;143827;143759;143670;143820;143811;143709;143696;143614;143613;143838;143706;143848;143847;143766;143720;143638;143813;143822;143816;143647;143797;143684;143635;143726;143830;143876;143621;143832;143788;143644;143851;143754;143874;143622;143623;143791;143689;143765;143768;143777;143795;143863;143772;143844;143694;143779;143632;143761;143776;143854;143695;143658;143792;143719;143809;143629;143624;143763;143841;143773;143727;143885;143688;143843;143697;143880;143716;143760;143858;143749;143664;143616;143730;143799;143748;143620;143787;143712;143855;143660;143648;143852;143728;143731;143711;143831;143817;143753;143745;143627;143879;143676;143625;143881;143698;143703;143704;143725;143737;143710;143846;143814;143723;143869;143859;143661;143794;143700;143871;143617;143770;143778;143796;143738;143654;143639;143740;143834;143856;143802;143668;143735;143886;143780;143875;143857;143741;143752;143764;143867;143785;143646;143812;143769;143826;143687;143702;143642;143662;143818;143686;143680;143701;143677;143611;143861;143675;143878;143717;143836;143653;143674;143804;143692;143755;143824;143666;143619;143860;143821;143633;143729;143669;144046;143705;144034;144027;144037;144094;144095;144102;144100;144101;144173;144137;144171;144143;144121;144237;144259;144318;144254;144360;144354;144348;144351;144438;144427;144443;144445;144499;144432;144492;144476;144501;144491;144493;144495;144527;144535;144532;144571;144581;144575;144578;144570;144576;144580;144586;144579;144596;144599;144619;144608;144623;144637;144740;144733;144732;144760;144764;144763;144759;144757;144761;144911;144910;144921;144913;144917;144926;144909;144928;144912;144915;144908;144914;144953;144960;144959;145025;145018;145022;145030;145031;145019;145020;145029;145026;145120;145156;145205;145198;145164;145181;145179;145199;145175;145108;145239;145258;145352;145253;145343;145291;145300;145363;145490;145476;145470;145487;145479;145484;145481;145520;145739;146050;145765;146146;146051;146174;146141;146135;146156;146170;146145;146187;146111;146322;146362;146365;146359;146366;146367;146401;146394;146406;146395;146416;146387;146463;146470;146460;146478;146476;146474;146465;146475;146461;146520;146526;146517;146511;146523;146530;146553;146563;146573;146576;146577;146579;146600;146597;146615;146614;146643;146669;146726;146751;146729;146685;146653;146790;146789;146788;146795;146785;146794;146797;146796;146838;146923;146849;146925;146890;146910;146924;146921;146904;146885;146915;146912;146891;146920;146889;146903;146936;146946;146944;146941;146940;146937;146980;146972;146966;146984;146973;146967;146976;146983;146978;146982;146971;146987;146975;147030;147134;147050;147060;147155;147162;147575;147612;147570;147463;147511;147568;147591;147464;147454;147586;147579;147452;147544;147597;147545;147529;147571;147447;147502;147436;147564;147741;147736;147735;147781;147786;147788;147796;147785;147801;147843;147849;147851;147875;147871;147944;147936;147938;148142;148144;148149;148143;148164;148162;148165;148171;148177;148139;148168;148145;148175;148138;148160;148155;148150;148167;148151;148226;148227;148237;148233;148251;148252;148269;148276;148299;148304;148303;148365;148361;148366;148362;148386;148389;148387;148388;148410;148413;148415;148408;148414;148437;148443;148434;148532;148523;148515;148507;148529;148504;148524;148501;148502;148528;148521;148509;148510;148533;148531;148600;148594;148639;148636;148700;148698;148747;148758;148761;148751;148755;148757;148752;148753;148838;148837;148867;148864;148872;148873;148871;148868;148874;148929;148875;149006;148966;149012;149018;149080;149035;149076;149083;149068;149084;149074;149075;149077;150521;149179;149203;149180;149113;149195;149174;149152;149185;149135;149230;149225;149224;150508;150667;150658;150515;149227;150562;150612;150622;150536;150654;150631;150645;149248;150586;150571;150532;149266;150559;150675;150516;150509;149279;150566;149269;150678;150524;150604;150534;150565;150537;150519;150617;150655;149276;150572;150543;150646;150640;150550;150579;149274;150621;150567;149271;150570;150587;150653;150874;150888;150902;150914;150872;151084;151099;151127;151122;151201;151355;151618;151803;151993;152155;152199;152128;152221;152476;152550;152551;152544;152762;152810;152811;152834;153461;153477;153484;153626;153774;153840;153867;153915;154250;154212;154640;154740;154862;155819;155812;155801;155814;155798;155905;156012;156099;156167;156211;156290;149265;149264;149272;149263;149268;150306;149273;150274;149278;149270;149347;149340;149429;149428;149422;149457;149456;149463;149462;149461;149458;149459;149487;149494;149491;149484;149486;149516;149633;149535;149716;149717;149795;149805;149808;149800;149806;149801;149798;149804;149802;149797;149796;149856;149807;149976;150017;150014;150024;150019;150018;150012;150110;150100;150101;151492;150106;150085;150083;150092;150112;150084;150102;150086;150108;150082;150116;150093;150193;150201;150182;150215;150203;150190;150200;150222;150220;150212;150223;150191;150266;150257;150267;150685;150270;150686;150698;150307;150695;150697;150300;150318;152107;150313;150305;150335;150338;150699;150400;150402;150397;150505;150413;150404;150696;150401;150407;150406;150396;150414;150399;150412;150395;150415;150687;150405;150411;150398;150409;150410;150403;150473;150470;150472;150459;150476;150458;150468;150746;150730;150726;150456;150740;150745;150737;150731;150736;150739;150738;150733;150732;150743;150742;150729;150727;150728;150735;150741;150744;150734;150891;150927;150901;150889;150890;150893;150913;150898;150892;150870;150871;150895;150876;150873;150877;150885;150884;150912;150896;150875;150894;150887;150882;150900;150928;150883;150886;150878;150881;150880;150879;150899;150897;151086;151088;151085;151090;151094;151106;151105;151095;151104;151098;151087;151103;151092;151093;151110;151089;151108;151109;151102;151096;151107;151101;151091;151100;151097;151126;151118;151124;151123;151125;151195;151206;151200;151205;151194;151203;151202;151204;151360;151357;151354;151356;151481;151491;151531;151524;151532;151523;151530;151617;151616;151650;151654;151649;151651;151656;151653;151652;152272;151655;151659;151657;151658;151760;151758;151765;151757;151763;151761;151764;151759;151804;151802;151805;151801;151815;151813;151821;151868;151869;151878;151877;151880;151884;151875;151885;151881;151874;151870;151873;151986;151998;151980;151995;151994;151996;151989;151988;151991;151983;151997;151990;151992;151999;151981;152056;152048;152055;152022;152032;152023;152031;152062;152061;152060;152110;152109;152104;152106;152113;152105;152158;152108;152116;152142;152146;152156;152157;152160;152159;152153;152162;152188;152167;152187;152186;152185;152202;152200;152201;152222;152248;152247;152239;152246;152242;152252;152244;152253;152251;152240;152245;152241;152254;152243;152269;152481;152475;152478;152479;152480;152545;152546;152567;152566;152612;152611;152649;152651;152643;152652;152648;152650;152656;152642;152641;152654;152655;152653;152676;152677;152691;152690;152704;152714;152710;152708;152718;152715;152705;152717;152703;152716;152712;152707;152706;152713;152709;152759;152760;152763;152765;152761;152766;152809;152806;152804;152807;152802;152803;152805;152800;152801;152808;152833;152851;152845;152847;152843;152842;152836;152890;152891;152887;152888;152889;152915;152920;152914;152919;152921;152945;152947;152944;153020;152711;153015;153019;153012;153022;153011;153018;153016;153010;153017;153013;153023;153021;152996;152992;152997;152989;152990;152988;152994;152995;152993;152991;153027;153028;153124;153119;153125;153120;153122;153121;153198;153192;153191;153189;153194;153193;153197;153190;153196;153249;153247;153246;153014;153248;153423;153463;153465;153464;153469;153462;153466;153468;153478;153483;153489;153535;153540;153542;153538;153536;153577;153580;153576;153618;153581;153620;153623;153611;153622;153625;153614;153627;153619;153621;153632;153615;153624;153643;153616;153775;153773;153784;153787;153798;153794;153793;153791;153795;153830;153831;153868;153919;153903;153918;153907;153869;153917;153920;153923;153904;153921;153916;153905;153922;153906;153951;153969;153999;154003;154002;153998;154067;154100;154099;154087;154090;154102;154098;154052;154089;154093;154062;154068;154092;154095;154101;154073;154054;154088;154094;154063;154129;154133;154160;154189;154185;154161;154183;154181;154182;154190;154217;154218;154256;154249;154210;154247;154248;154305;154319;154299;154322;154298;154321;154323;154304;154318;154302;154308;154301;154314;154325;154303;154317;154300;154355;154634;154638;154630;154620;154632;154629;154618;154637;154651;154653;154646;154647;154648;154652;154641;154643;154654;154645;154708;154742;154744;154741;154861;154907;154906;154745;154908;154904;154924;154922;154927;154921;154941;155002;155004;155001;155006;155003;155005;155007;155048;155076;155157;155134;155166;155213;155302;155304;155303;155465;155462;155466;155464;155463;155363;155461;155467;155581;155468;155576;155580;155579;155582;155578;155575;155635;155651;155577;155646;155640;155650;155649;155641;155644;155642;155645;155648;155647;155659;155643;155671;155669;155668;155670;155667;155699;155703;155666;155700;155704;155698;155702;155723;155724;155748;155813;155806;155805;155807;155791;155800;155797;155810;155817;155809;155804;155802;155795;155793;155803;155808;155792;155799;155815;155796;155816;155818;155794;155811;155836;155827;155837;155829;155828;155840;155834;155856;155855;155854;155895;155910;155911;155902;155912;155894;155909;155907;155903;155913;155898;155899;155893;155906;155897;155904;155900;155896;155901;155929;155930;155990;155981;155959;155992;156008;156009;156010;156007;156006;156019;156047;156046;156051;156049;156048;156050;156090;156282;156092;156084;156088;156083;156081;156082;156086;156097;156093;156089;156087;156091;156096;156085;156080;156098;156095;156094;156148;156110;156172;156169;156170;156213;156214;156207;156209;156212;156245;158145;156281;156287;156291;156292;156285;156284;156286;156288;156283;156289;156280;156330;156342;156337;156421;156420;156422;156445;156446;156468;156480;156475;156479;156477;156611;156607;156644;156634;156615;156635;158146;156638;158142;156646;156709;156699;156703;156702;158061;156704;156701;156748;156746;158174;156760;156759;156758;156775;158063;156777;156776;156923;156806;156814;158064;156813;156807;156810;156815;156809;156817;156805;156811;156816;156808;156881;156882;156883;156922;158191;156924;158060;156927;156926;156921;158065;156925;156928;156919;156952;156951;159133;158137;156953;157090;157094;157073;157128;157083;157072;157079;157078;157087;157070;158091;157101;157098;157076;157103;157109;157102;158156;158139;157075;157074;157108;157144;157145;157146;157149;157151;157202;157180;157221;158175;157188;157214;157233;157278;157283;157271;157281;157279;157280;157282;157272;157276;157306;157301;157273;157298;157300;157308;157310;157302;157305;157315;157307;157303;157340;157304;157342;157344;157341;157345;157343;157334;157347;157373;157395;157392;157396;157393;157391;157394;157389;157390;157388;157419;157869;157870;157900;157898;157899;157897;157894;157895;157932;157939;157929;158062;158123;158122;158124;157346;158128;158126;158141;158155;158151;158136;158152;158153;158144;158138;158184;158185;158181;158186;158189;158183;158190;158180;158179;158176;158173;158182;158233;158226;158228;158244;158221;158230;158227;158242;158229;158238;158225;158336;158337;158339;158430;158358;158357;158415;158433;158395;158446;158445;158447;158448;159146;158503;158506;159150;158570;159149;158569;158579;158581;158568;158571;158580;158582;158620;158614;158603;158602;158612;158601;159170;158616;158610;158621;158597;158594;158598;158609;158607;158615;159159;159154;159155;158606;158619;158596;158595;158599;158613;158608;158622;158605;158618;158611;158593;159151;158750;159148;158756;158758;158753;158757;158748;159158;159164;159156;158754;158755;158752;158751;158765;158763;158772;158766;158769;158771;158768;158770;158798;158799;159162;158801;158880;158885;159012;158916;158920;158908;158915;158910;158926;158919;158925;158917;159152;158911;159018;158909;158955;158957;158961;158966;158963;158960;158969;158967;158964;159027;158958;159013;159034;159029;159019;159028;159031;159147;159062;159161;159171;159163;159128;159130;159136;159127;159131;159157;159129;159177;159172;159174;159176;156478;156812;157086;157077;157105;157154;157150;157868;158140;158172;158178;158194;158188;158187;158338;158429;158604;158600;158749;159017;159014;159021;159025;159033;159032;159023;159175;159134;41989;27143;27144;29370;31125;31126;31296;31297;33572;33573;34942;34943;36033;51690;38856;51691;51692;41990;51693;51694;42318;51695;51696;51697;51698;51699;51700;51701;51702;51703;51704;52567;57154;57587;58776;63610;64907;66506;29371;51705;51706;51707;51708;51709;51710;51711;51712;51713;51714;51715;51716;52568;51717;35552;27145;29372;58166;28282;29373;31765;31766;31767;31768;34697;34698;34699;34779;41473;35920;42253;49826;42319;46013;49827;56600;57155;57298;65025;65908;56021;57156;31319;31338;31673;42397;27146;29374;29375;27147;29376;27148;29377;27149;27150;29378;27151;27152;29379;29779;29780;29878;30092;33266;33381;34233;41474;34429;35004;41475;35606;36079;41476;41477;42320;42177;49828;44687;49829;49830;50975;53285;57157;57158;55166;58480;59053;59445;61658;62002;62198;69172;29879;29380;61523;27153;27154;27155;27156;27157;27158;31390;31963;33894;35676;41478;35470;53233;57159;32076;27159;29381;27160;27161;29382;29383;27162;51718;35565;51719;49831;27163;27164;61524;29384;27165;29385;29386;27166;29387;27167;27168;29388;31449;31450;33382;33383;33500;33501;41479;35445;41480;41991;57160;159135;57161;57162;59552;61728;62176;62674;34289;36200;34276;31451;36016;31452;59983;53234;57163;27594;29389;27595;34070;34071;41481;41992;53530;57164;58408;32212;32211;41482;49832;27169;28325;31320;30191;30192;31127;31128;27170;29390;10503;27171;27172;29391;28370;29343;29392;33099;35025;33100;41483;42235;42321;49833;45471;49834;49835;53589;49836;57165;56601;57166;58299;58765;64865;27173;29393;27174;29394;29395;27175;27176;29396;29397;27177;29398;27178;27179;29399;27180;29400;27181;27182;29401;27183;29402;27184;29403;27185;29404;29782;29781;31111;31112;32047;32048;33384;33385;33502;33503;34166;34167;34944;41484;34945;41485;35103;41486;36121;41487;38180;41488;41993;45622;49837;49838;50856;51135;52989;57167;55974;57168;56602;57169;59948;65798;66956;27186;29783;34260;41489;66355;67222;27187;29405;31391;31392;41490;35471;41491;38643;42840;49839;55715;57170;62060;55761;57171;35245;33223;29406;27188;49840;27189;27190;29407;29408;45106;49841;27191;27192;29409;29410;27193;29412;29411;27605;27194;28203;29413;29913;29914;31394;31393;31621;31769;31770;33158;41492;33159;34359;34358;35368;41493;37844;41494;41495;39389;42815;43389;49842;50984;57172;56603;35758;41497;41496;41994;57842;66356;51638;67242;58142;33785;51720;52473;57173;66617;41498;68955;41995;42302;42322;49843;55621;57174;57175;56604;56605;57176;41499;38946;27195;31395;31396;34437;35034;41500;35955;57177;53590;57178;55588;42794;49844;28224;35715;41501;41502;41996;57179;57180;53403;57181;56606;61595;27196;29414;53502;57182;53317;57183;53359;57184;27197;27198;33895;41997;27199;27200;27201;27202;34320;35677;42104;29243;29415;51721;35740;51639;29416;27203;27204;27647;28355;29417;32440;32439;34213;41503;34708;34709;29915;31622;33121;35304;41504;29418;27205;29419;27206;27207;29420;27208;29421;30048;30049;31397;31398;34046;41505;41506;41507;42958;49845;45078;29422;49846;27209;51640;53286;57185;27210;31453;31454;33193;33194;27211;29423;41508;38644;49847;42398;42869;49848;43152;49849;44038;49850;59639;27212;27520;29424;27213;29425;29426;41509;27572;41998;27214;29427;27215;29428;27216;29429;27217;30036;30037;49851;45539;51722;34199;51723;41999;51724;42000;51725;51726;51727;57186;51728;57466;59682;60059;65026;27218;29430;58525;60092;62096;62780;62573;63626;63091;65598;65866;66668;67198;50080;59354;57187;54612;42189;29431;49852;27530;29432;29433;27219;59118;27220;27221;29434;29784;29785;31964;31965;34753;34754;51729;35246;51730;35747;51731;42001;51732;51733;51734;51735;51737;51736;51738;51739;51984;52969;57188;57190;57191;57192;57189;57194;57193;57195;58129;58300;58561;59054;59451;62494;62935;63279;61596;63473;64614;64637;64966;65569;65958;66493;66921;68956;27222;55830;57196;27223;29435;34438;42049;41966;49853;27224;27225;29436;27226;29437;27227;27228;29438;33430;33431;41510;38684;49854;49855;53487;57197;57198;64092;58722;51740;51741;51742;51743;34192;51744;51745;38857;27230;27229;29439;29440;27231;59854;27232;27233;34366;34967;41511;29916;30193;30194;36004;38807;31321;31322;41512;41513;58791;62210;29441;27234;27235;29442;27236;29443;29444;27237;51746;51747;52970;57199;57200;61453;61641;61680;27238;27239;34153;35330;38181;29244;57201;50377;55442;55920;57435;62960;63295;66802;81125;58576;27240;33267;29445;33215;33251;33896;27241;29446;33559;29245;29447;27242;34214;41514;34215;35080;41515;41516;36201;41517;42002;51748;59829;66289;66957;27243;28170;32115;27244;27245;29448;27246;29449;27247;29450;27248;66958;29451;27249;27250;27251;29452;49856;66959;34506;34439;33160;42003;33161;35741;41518;42004;27252;29453;27253;27254;59855;27255;29454;27256;29455;27257;27258;29456;31190;31189;41519;35921;29457;27259;27261;27260;29458;44313;49857;41520;35922;35956;35986;27262;29459;27263;27264;27265;27266;34959;36005;59190;27267;34430;34431;29460;29246;29461;34981;27268;28171;41521;68876;31399;31400;42005;41522;57614;27269;29462;10560;35247;34193;34194;51749;35005;27270;29463;29464;27271;34845;36006;29465;27272;64908;62061;63021;27273;29466;34739;34740;41523;39514;39433;49858;27274;29467;34982;34968;57313;29468;29469;29470;34024;32049;41524;41525;41967;49859;49860;42929;49861;43859;59119;49862;51339;52632;57204;57203;53893;56006;57205;57683;59493;62116;62961;65546;66196;66856;69092;27275;29471;27276;29472;29473;27511;31771;31772;34035;34036;27277;41526;29474;29475;29476;32050;34072;34200;34485;41527;41528;41529;49863;49864;43822;50968;53235;57206;55757;52737;57207;57208;62177;59064;65599;66197;62962;66857;69093;27278;27279;27280;30195;27512;34037;31773;35305;36070;42006;51750;42007;57209;52752;55622;57210;57658;59065;62381;63092;66198;65570;66618;69072;30248;27513;32178;31774;35306;34038;42008;36071;51751;52068;27281;57211;27282;35331;61567;27283;27284;29477;27285;27286;29478;38645;41530;51113;29479;27287;29480;27288;28204;29481;49865;42816;29482;27289;29483;30038;30039;32179;49866;43057;32180;51089;41531;51364;36710;29484;59120;59121;29485;27290;27291;59122;29486;27292;27293;27294;27295;29487;27296;59123;29488;59124;27297;27298;27299;28172;29489;59125;29880;29248;30142;30249;59126;30143;30144;30250;31089;31090;41532;59127;33252;33253;59128;33432;41533;41534;59129;59130;34331;59131;59132;41535;34457;59133;41536;35026;59134;35446;34755;41537;59135;41538;59136;59137;41539;59138;39335;42009;41540;41541;59139;42465;59140;49867;59141;49868;59142;43398;59143;59144;49869;44398;59145;59146;49870;59147;46252;59148;49871;49872;59149;59150;49873;59151;49874;59152;51158;59153;51752;59154;52971;59156;59155;57212;55468;59157;55504;59158;57213;59159;56607;59160;57214;59161;57659;59522;59521;62675;62676;65959;65960;66782;66781;29490;59162;27300;27301;27302;29786;32051;34239;27303;27304;28173;36202;27305;27306;35973;29491;27307;27308;29492;27309;29493;27310;29494;27311;29495;29991;29992;31623;31624;36122;41542;44093;49875;51159;49876;68877;57431;27312;29496;27313;29497;27314;29498;34780;27315;42010;41543;49877;42236;42323;55566;57215;27316;31401;34718;31402;31403;42011;42012;67223;27317;27318;29499;29958;29957;60103;27319;29500;27320;29959;29960;29787;34509;27321;27322;27323;28174;42013;34679;49878;57216;55433;29501;27324;57217;55434;29502;27325;51753;51754;29503;27326;29504;28175;41544;36007;42014;35759;41545;49879;29505;27327;30180;33885;35248;42015;35447;42324;29506;29344;45003;49880;34073;42325;34261;27328;38662;27531;35459;38646;38923;39445;63072;63680;27329;29507;27330;29508;27331;29509;28326;32024;32052;35553;41546;35733;35748;41547;41548;42016;41549;49881;49882;55897;57218;58167;59494;61547;50821;28205;27332;30015;57219;58577;62781;28176;52738;29510;34486;29881;29851;41550;36080;42017;55746;57220;33786;35027;38950;29511;27333;41551;27334;29512;34074;34075;41552;41553;49883;52990;53591;57221;58777;60077;60152;64093;66465;35678;42018;42019;43634;49884;41554;36182;35607;49885;55850;57222;29513;27606;27335;29514;32473;32474;58196;49886;29515;27336;38788;51755;27337;34025;27338;30093;36203;42020;30094;51756;30095;34207;34208;41555;34846;34847;34983;35320;41556;35699;41557;42021;50969;55698;57223;57684;59163;59722;62003;63259;33195;66301;33196;34076;34077;60104;58616;66290;32077;27339;27340;27341;32129;31775;34812;27342;27343;54829;57224;34984;29516;29517;29518;27344;29519;34026;57225;33939;53639;27345;29520;27347;27346;35679;42022;27348;27349;29521;27351;27350;30181;31637;33513;33837;33838;36008;35448;36204;42190;42421;45499;49895;50489;29522;27352;49896;57226;31696;31697;32025;31991;32026;34367;34960;35307;42366;49898;49897;43399;44381;49899;49900;44911;49901;45500;52652;53236;57227;57228;53650;33386;33387;41558;27353;27355;27354;29523;41559;42023;42959;49902;27356;27357;29524;27358;27359;29525;30182;33886;34985;34765;41560;45107;49903;50021;32116;32117;42024;41561;55687;57229;64927;28356;29526;27360;34027;57230;53447;29527;49904;56610;57231;35039;27361;51757;42303;49905;29882;29528;29883;33787;35460;60060;41562;41563;35646;66553;41564;29529;30016;29961;51758;35680;42025;51759;29531;29530;57232;56611;30196;30197;63345;62004;29532;66230;27532;27362;29533;42026;29534;41565;29962;29535;28327;27363;29536;32078;32079;34440;34441;41566;49906;49907;34487;29537;27364;34468;34078;34262;41567;35681;41568;41569;50842;27365;29538;27366;29539;27589;29540;31841;31842;31843;34321;61695;27367;29541;27368;29542;27369;29543;27370;29544;29545;41570;41571;41572;41573;42841;49908;45385;49909;50610;57233;53640;57234;55139;57235;56612;57570;58033;58679;59237;59316;65719;49910;44132;56613;57236;32454;41574;36116;41575;42027;41576;42028;57237;67199;33088;27371;27373;27372;27374;27375;27376;27377;27378;27533;29884;31309;31844;33224;33574;34039;34458;34469;34687;35957;35249;42029;57238;35784;55716;27379;39361;31776;27380;57239;56701;35006;35007;27381;29546;34263;41577;34264;35736;27382;49911;33162;44593;45540;49912;28283;29547;28284;28285;29548;29885;29886;29549;31091;33433;49913;51845;27383;27384;28177;27385;27386;33089;33887;35028;33090;29550;28286;34040;34041;49914;51641;57240;53894;65249;39499;39434;43086;49915;27387;29551;31339;31340;34692;27388;27389;27390;27391;27392;29552;27393;27394;27395;27396;27397;31455;31456;34813;35449;36081;42326;29887;35682;35923;29553;27398;27399;29554;29555;28178;32118;32119;41578;42030;49916;43621;65785;49917;57241;56702;59164;59984;29556;33888;33897;34240;49918;53531;57242;57243;53855;27400;29557;27401;29558;30251;30198;30199;41579;36169;41643;42031;49919;44056;49920;49921;50043;53237;57244;59384;62545;41580;27403;27402;27404;35785;27405;57245;53318;54830;57246;56614;29559;57247;27407;27406;27408;29560;30145;30146;33924;33923;41581;49922;35332;51642;57248;54643;58891;59308;38713;27409;43349;33163;49923;29561;36082;27410;29562;27412;27411;29563;27413;29565;29564;29566;27414;27416;27415;29567;27417;41582;39418;50822;53255;56615;57249;59393;57250;61771;57251;27418;29568;33898;33889;57252;27419;34986;41583;29569;27420;29789;29790;29570;32120;27421;27422;29571;29572;29573;27423;28328;34028;51760;34020;57253;42032;65799;69118;34987;28371;28206;34988;28225;27424;34042;27425;29574;27426;29575;27427;27429;27428;29576;27430;27431;27432;31457;29577;32181;35647;27433;29578;27434;27435;27436;27437;27438;27439;27440;27441;27442;27443;27444;27573;29695;27581;29888;31113;31845;31114;32027;34201;34360;34961;35250;39462;27445;42327;27446;29579;44935;49924;31458;31777;42033;27447;27448;59830;29580;27449;27450;27451;33434;29581;29582;27452;29823;27453;29824;32182;32183;41584;49925;45132;64866;27454;27455;27456;27457;27458;34814;34848;35040;35184;35598;38776;42034;42035;27459;29583;41585;41586;41587;41588;41589;49926;59355;69055;36049;41590;42036;33216;35472;45015;49927;59288;66466;51447;27460;27461;34241;57872;29584;27607;59523;59524;27462;29585;27463;27464;29586;27465;29587;49928;27466;29588;29889;29890;51761;29589;27467;32184;55505;57254;27468;29590;27469;31846;31847;33122;33123;28287;27470;29591;27471;29592;31298;31674;31675;34154;34155;34499;34442;41591;41592;49929;45472;46170;49930;52525;56035;57255;56616;57256;57843;64431;31698;33435;34168;41593;42037;41594;27472;27473;29593;31676;31699;41595;27514;57257;53256;34249;51762;51763;34989;33788;42328;27474;57258;55021;35683;33091;33092;57259;51764;53828;34079;57260;27475;29594;49931;41597;41596;41598;27476;42038;27477;30050;27478;31404;31778;34047;34990;35272;35729;38924;42039;42070;57261;53319;57262;54995;56617;57263;57264;58117;58945;59723;64797;62097;66255;69169;27479;29595;27480;31115;30096;42040;51765;32441;32502;27481;51766;57265;56618;59469;62025;62963;27482;29596;28207;29891;29791;29792;29963;57266;57267;63153;42041;41599;30097;27483;29597;31780;31779;34302;34303;30098;30099;30100;31459;31460;31716;31723;31782;31781;32392;32393;51767;51768;35599;51769;51770;38846;27484;29598;27485;27486;29599;27487;27488;29600;29601;27489;27490;29602;27491;34234;35723;41600;38847;41601;49932;43365;29603;49933;57268;53404;57269;58143;67256;30017;30040;30101;30102;33164;30103;30104;33165;49934;27492;30041;29604;27493;27494;29605;29606;27495;27496;29607;33166;66803;27497;29608;27498;28179;29609;41602;38182;42042;41603;42422;42406;51365;49935;27499;52163;29610;27500;29611;33101;33742;33743;27501;29612;27502;41604;35369;34991;34962;41605;29613;28180;56619;57270;57299;27503;27504;27505;33951;33821;47152;10273;26926;10590;13660;10493;14369;30133;77606;25927;25926;70971;70972;70973;70974;70975;70976;70977;70978;70979;70980;17162;17161;67172;67007;19218;70970;67006;69171;54618;54616;54617;50704;17163;132057;10274;78011;78012;78013;78014;80860;44959;51813;69262;69261;22226;25707;55115;69263;55116;30211;22419;125636;125637;125633;125551;125550;125310;131765;125311;73947;80911;73946;76362;138209;76361;151469;76403;81549;81550;81547;81551;135297;81552;137827;81548;31858;67002;62925;81600;77406;81599;69307;77404;103195;103837;126625;72513;89871;81179;88903;112155;91124;103839;104573;125372;72512;126626;71993;77050;90199;91895;93717;91125;96045;97661;100593;104459;136619;119616;110778;119617;124768;131233;133675;96046;151470;59367;59366;73964;66927;87505;57766;57767;59365;71994;72542;79083;84368;85256;85351;86873;90200;136620;91894;133676;151468;88598;69803;141082;56412;58514;56413;62458;25490;25491;62716;62715;50432;52052;56378;45017;45018;50433;51190;53209;59757;73275;53208;59192;59193;124697;104972;102203;59835;59834;59836;62009;102204;62010;63066;73690;90919;91896;93653;101158;102528;105509;117614;125373;126780;132098;32133;57796;57795;58204;57859;93344;93345;93654;93655;93409;93408;93658;105779;109035;128303;128329;106399;125357;121254;128417;124568;25458;38653;31857;21271;67229;42083;92757;92840;67003;68936;67004;68935;91915;93652;133410;130630;47046;56666;63067;91261;60161;55627;59208;61435;61436;86150;55628;55629;59209;69179;72480;76144;80118;92001;94052;59097;59210;74152;93346;25445;25446;74153;83117;72219;31726;31725;14298;14299;14323;16387;14300;72218;46818;46819;62813;33811;142226;53620;105300;142225;46733;110556;21217;11657;21218;49659;49658;72342;72343;72344;72345;72341;72346;72347;93560;19417;21237;10275;63418;45545;109552;11495;22478;13852;46224;46223;46225;47163;35308;10276;12216;18164;10443;12213;25220;11618;94675;151791;50603;35724;93440;135706;135707;135708;135709;49175;49176;52716;52715;105074;121245;10279;10584;20316;15707;11927;107096;101159;135970;101160;10280;42263;72831;51890;136890;57462;10281;142639;46203;46202;62776;99595;136090;58232;58231;131081;100574;100573;102274;125882;137757;142054;147895;148392;150797;151134;153159;140918;131726;23972;10709;10282;11610;43101;77302;77301;19608;11400;11401;11451;11660;10283;10284;19507;17342;17341;19508;19509;54986;19510;23650;20755;18263;11819;18262;18264;18493;58385;35820;46784;11914;155964;23780;155965;32443;10285;121621;10286;10523;14229;11576;14729;25199;78390;78391;78393;78392;78394;73339;78389;35702;71881;20185;71882;46737;27575;26968;22303;29799;46736;14364;16229;49706;14359;61733;15709;25954;15891;25953;39563;12003;56735;10596;40493;76255;11894;34434;14659;14591;20813;80479;80480;70139;70138;62574;58815;58816;54943;58814;66256;74369;53625;47901;58813;80481;54924;80482;54987;48363;55817;70126;86317;88090;100422;14191;20903;58528;58529;58389;11434;86318;86323;87822;70587;64568;72203;77528;77529;81813;91981;96484;100157;64569;64567;86325;81814;86326;86324;87823;93127;97141;104743;121010;136318;138330;86327;60016;80035;55593;57062;57765;18178;57764;11059;20168;19758;34361;150937;150946;150938;150936;150935;154151;157124;150856;151504;151502;151501;154149;50448;50526;157120;50475;49702;47029;17726;47030;46867;47715;47028;46868;51059;17727;47576;51957;56301;57540;121112;62986;121113;17728;47578;47577;104358;48255;51975;56008;57080;62987;66426;72690;81579;74245;83490;81649;88935;121114;46869;136770;138851;148405;147163;52634;54301;53323;121115;55759;55859;56070;57082;57541;62985;62988;63200;66427;51958;66428;121116;51526;72692;72691;74246;74247;77475;81650;83764;51976;83526;121117;121118;88936;121119;121120;102587;51987;103329;103782;106710;106975;121121;111066;118035;124064;121122;81651;77476;83765;83527;72693;121123;88937;99367;102588;103697;106711;74248;106976;121124;111067;74249;81580;99361;99368;100681;103698;102589;106712;106977;111068;118036;124063;126125;132413;94578;132418;136807;138097;138574;144054;147019;152183;154147;95438;96003;157119;99362;102590;121125;103699;118037;126312;124058;106713;126245;132419;136806;138098;138591;133845;141446;147164;144050;152182;106978;154150;122447;111069;157117;10477;11438;11150;39446;46753;50688;47696;47708;17322;49701;50347;34970;10807;43623;105006;39447;26070;35806;25289;25995;12085;10478;25525;11176;12123;11218;47749;33866;44314;39479;90318;54990;94251;26026;59356;15904;15924;14615;50418;42054;42423;46193;51972;42424;130590;43160;44967;39465;51528;44136;39466;47831;55903;46194;39467;46195;40406;42055;39468;49067;47830;33817;56242;56243;56244;42056;42872;47832;42425;51529;52483;50494;47834;39469;55904;48926;48927;11139;42479;42426;42427;51973;39470;44134;46196;56245;40927;40926;117861;117860;20252;33271;10287;17160;10491;19596;42210;62891;62892;137703;138614;137702;134892;138615;91428;149094;154960;17213;110766;134871;93483;97225;97224;93482;62628;52044;99730;20401;135408;135409;66811;135410;55455;55456;11747;35649;35648;139030;133361;82591;104273;99248;144585;148336;139031;82592;52653;34050;133269;134629;149064;154962;133217;103968;25625;34216;34362;103969;34490;22048;34363;35451;50831;24683;133623;25171;154351;158648;24679;25172;29724;154350;16192;24680;25925;107224;107225;84007;104354;84008;84009;24690;100618;100619;84918;84917;24682;27583;49707;58580;24681;24815;154961;134452;134302;148428;139667;139668;58597;32400;35042;25120;25148;25547;25757;17611;11428;14686;12076;10501;10288;10743;44875;33445;44874;73518;11157;11582;18405;12234;137053;10696;11636;11615;137054;45083;11136;43877;69421;14719;14793;14784;34432;63399;38888;64876;82898;22123;19941;22362;17210;34031;20068;19704;138510;35743;138385;57394;138890;138852;138797;138612;138796;138613;138611;138381;138599;138379;44118;11284;44117;35655;81575;17272;48239;23933;24900;11097;12075;14706;14707;20012;14699;21618;17315;17316;22480;18098;15561;21605;15951;72580;72579;156441;100961;103875;20484;20485;20486;50044;49791;49803;49804;49805;49995;100962;50045;50081;50046;50300;50319;50301;50524;50318;51501;20487;50378;50410;50411;50412;50490;50491;50559;50492;50560;50649;50573;20488;51114;51115;50823;50824;50843;50857;51184;50970;51073;51075;51074;51076;20489;51116;51117;51340;51136;51421;51433;51434;51435;51436;20490;51437;51453;51502;51525;51509;51572;51583;51584;51643;51668;51669;52526;52579;20491;52527;51673;51771;51846;51848;51847;51858;51870;51871;51900;20492;51954;65098;51985;51986;51996;51997;52022;52023;52069;52070;20493;52164;52474;52475;52476;52477;52478;52479;52480;52498;65099;65100;20494;52499;52528;52500;52529;52580;65101;52581;52667;52598;65102;52682;52739;20495;52740;52972;52991;53218;65103;53219;53220;53221;53222;53238;20496;20497;53257;53287;53295;53294;53296;53303;53320;53321;53372;53408;55067;20498;55068;55069;55070;55071;55072;55073;55074;55075;55076;55077;20499;55078;55080;55079;55081;55082;55083;55084;55085;55086;55087;55089;55088;20500;55090;55091;55092;55093;55094;55095;55096;55098;55097;55100;55099;55101;20501;20502;55102;55103;55105;55104;55106;55107;55108;55109;55113;55114;55407;20503;55469;55163;55605;55168;55167;55282;55172;55283;55408;55409;55413;55414;20504;55589;55454;55590;55522;55521;55530;55531;55567;55591;55606;55592;20505;55637;55607;55688;55648;55689;55699;55700;55717;55718;55729;20506;55730;55731;55758;55762;55921;55982;55784;55810;55785;55922;20507;55857;55858;55898;55899;56562;55923;55957;55967;55968;56036;56089;56115;56139;56140;56279;58511;58532;56048;20508;20509;56161;56189;56191;56190;56193;56192;56206;56194;56236;56207;56237;20510;56330;56256;56331;56257;56280;56281;56332;56305;56344;56343;20511;56345;56346;56347;56375;56387;56406;56384;56389;56388;56390;56466;56479;56506;20512;56507;56555;56554;56563;56580;56581;56556;56582;56583;56629;56630;56637;56638;20514;20513;56639;56640;56641;56642;56643;56644;56646;56645;56664;56647;20515;56680;56775;56746;57393;56747;56767;56776;56768;56777;56778;20516;56817;56853;56854;56860;57685;56868;56861;56869;56870;56911;56943;56912;20517;56913;56914;56916;56915;56919;56944;56945;56946;56947;20518;56948;56949;56969;56917;56970;56971;57997;57005;56978;57024;57038;57047;20519;57048;57055;57056;57057;57059;57058;57061;57060;57271;57300;20520;20521;57301;57302;57303;57304;57305;57306;57457;57458;57314;57315;57321;20522;57341;57342;57343;57344;57345;57357;57370;57436;57447;57448;20523;57449;57467;57495;57496;57497;57498;57532;57533;20524;57534;57535;57588;57615;57616;57660;57661;57662;20525;57663;57664;57665;57697;57686;57687;57688;57698;57689;57707;57706;20526;57873;57762;57763;57790;57874;57844;57845;57856;57846;57887;57888;57933;57932;20527;20528;57934;57935;57936;57937;57938;57958;57973;57998;58034;58035;58036;57999;58037;20529;58104;58069;58118;58130;58131;58179;58144;58145;58168;58146;58169;20530;58170;58197;58264;58223;58266;58265;58267;58268;58269;58270;20531;58271;58287;58288;58289;58301;58318;58325;58326;58340;58341;20533;20532;58384;58383;58425;58589;58397;58807;58481;58443;58492;58444;58493;58494;58495;58496;58497;20534;58498;58499;58534;58533;58590;58578;58617;58600;58680;58618;20535;58723;58742;58741;58743;58808;58871;58870;58872;58873;58892;20536;58922;58923;59015;59470;63107;58946;59032;58947;58948;58964;58974;59016;58986;59033;20537;59034;59107;59170;59186;59364;59187;59188;59225;59226;59238;20538;20539;59254;59289;59290;59291;59292;59309;59320;59321;59322;59323;20540;59324;59385;59386;59394;59525;59640;59654;59724;59395;59725;59396;59397;59398;59399;59471;59452;59472;59473;20541;20542;59474;59475;59476;59495;59496;59526;59553;59554;59565;59566;20543;59567;59603;59604;61568;59605;59754;59755;59784;59783;59810;59809;59811;59812;20545;20544;20546;59813;59814;59815;59816;59831;59832;59833;59845;59856;59891;20547;20548;59954;59903;59956;59955;59957;59964;61729;59985;59965;59986;60012;60013;20549;20550;20551;20552;60014;60078;60079;60105;61506;60106;60125;60126;60136;60137;20553;61379;61380;61411;61445;61458;61483;61485;61484;62036;61507;20554;61508;61509;61510;61511;61512;61513;61525;61526;61548;61549;20555;61569;61619;61570;61607;61608;61642;61643;61706;61707;61730;62062;20557;20556;20558;61745;61772;62382;61773;61787;61788;62005;62007;62037;62006;20559;62039;62038;62040;62041;62072;62073;62098;62111;62112;62178;20561;20560;62179;62180;62199;62211;62200;62212;62219;62434;62238;62239;62240;20562;62241;62290;62306;62307;62347;62348;62365;62366;62387;62388;63285;20563;62408;62409;62411;62410;62430;62435;62436;62474;62437;62475;20564;20565;20566;62476;62495;62496;62497;62660;62511;62512;62513;62515;62514;62546;20567;62547;62548;62557;62619;62620;62677;62661;62700;62707;62708;62709;20568;62733;62756;62816;62815;62818;62817;62860;62868;62888;62869;62870;62899;62900;20569;62936;62937;62982;62983;63022;63023;63024;63025;63026;63145;63027;20570;63058;63093;63108;63109;63116;63117;63118;63119;63121;63120;20571;63122;63123;63124;63154;63163;63164;63184;63165;63219;63220;20572;63221;63222;63260;63261;63262;63264;63286;63287;63288;63296;63297;20573;63299;63298;63316;63315;63317;63320;63322;63321;63367;20574;63448;63447;63665;63467;64480;63474;63475;63535;63536;63537;63538;63539;63540;20575;63541;63608;63611;63609;63612;63613;63614;64432;64433;63615;64434;20576;63616;20577;64435;63666;63667;63668;63669;64436;64283;64284;64285;64289;64290;64291;20578;64375;64376;64481;64482;64615;64616;64617;20579;64618;64629;64619;64638;64639;64640;64641;64680;64681;64698;64967;20580;20581;20582;20583;64782;64783;64798;64968;65684;64799;64800;64801;64802;64803;64804;64805;20584;64806;64807;64808;64809;64810;64811;64890;64891;64892;64909;20585;64910;64911;64928;64929;64969;65045;65095;65077;65096;65250;65104;65251;20586;65252;65547;65571;65573;65572;65574;65608;65607;65609;65610;65611;20587;65629;65640;65641;65655;65666;65667;65685;65686;20588;65730;65763;65786;65787;65817;65816;65788;65800;20589;65818;65819;65867;65868;65869;65870;65871;65872;65923;20590;20591;20760;65980;65981;66022;65994;66032;66199;66171;66200;66215;66231;66232;66291;20592;66292;66302;66303;66314;66346;66347;66348;20593;66357;66372;66442;66443;66467;66468;66469;66470;66471;66494;20594;66495;66496;66669;66540;66587;66588;66589;66590;20595;66670;66691;66692;66712;66713;66714;66715;66716;20596;66783;66816;66817;66818;66819;66820;66821;66822;66823;20597;20598;66824;66825;66826;66827;66828;66829;66830;66831;66832;66833;20599;66834;66877;66858;66892;66886;66893;66901;66900;20600;66902;66904;66903;66922;66923;66924;66960;66962;66961;20601;67000;67186;67001;67015;67138;67016;67187;67139;67188;67189;20602;67190;20603;20604;67206;67191;67224;68902;68903;68957;68923;68924;68925;68926;69073;69031;69119;20605;69120;69173;69121;69122;69123;69124;69125;69126;69127;20606;69174;69175;69234;69235;69260;69366;69367;69373;69415;20607;69416;69417;69418;69419;69797;69798;69807;20608;20761;69808;69809;69810;69811;69824;69812;69843;20609;69862;69947;69970;69971;69973;69972;69974;69975;69976;69977;20610;69978;69979;69980;69981;70086;70087;70116;70117;70190;20611;70191;70192;70193;70194;70251;70252;70253;70254;70255;20612;70256;70266;70267;70268;70269;70270;70366;70367;70452;20613;70492;70539;70538;70540;70541;70542;70543;20614;20615;20616;70580;70579;70582;70581;70584;70583;70606;70607;70608;70698;20617;70725;70759;70782;70783;70798;70799;70800;70801;70802;20618;70803;70804;70805;70844;70845;70874;70875;70876;20619;70962;71021;71036;71037;71094;71139;71203;71204;71205;20620;71206;71207;71208;71209;71211;71210;71244;71253;71260;20621;71309;71374;71375;71376;71394;71493;71518;71531;71532;20623;20622;71563;71564;71565;71615;71791;71792;71793;71795;71794;20624;71796;71797;71798;71799;71837;71895;71855;71896;20625;71938;71990;71939;72005;72087;72088;72089;72115;72116;20626;72117;72164;72230;72231;72232;72234;72233;72235;72278;72326;72502;72366;20627;20628;72386;72424;72425;72457;72598;72479;72571;72503;72572;72573;20629;72575;72574;72576;72577;72578;20630;72599;72682;72719;72701;72720;72740;73398;72799;72798;72812;72858;72857;20631;72874;72875;72897;72876;72898;72900;72899;72901;20632;72902;72925;72978;72979;72980;73016;73017;73076;73077;73078;20633;73148;73092;73180;73179;73181;73202;73245;73223;73316;73288;20634;73328;73399;73329;73400;73401;73402;73513;73556;73514;73665;73666;20635;73680;73681;73709;73722;73723;73724;73725;73726;73727;73728;20636;73752;73753;73820;73785;73799;73786;73800;73801;73802;65105;73803;73821;73822;73882;73883;73884;73885;73887;73886;20637;73888;73889;20762;73890;73891;73892;73893;73902;73903;73904;73905;73906;73940;20763;73941;74022;74023;74034;74035;74420;76107;74134;74135;74136;74137;74182;20764;20765;74183;74184;74185;74211;74212;74213;74214;74285;74215;20766;74322;74508;74353;76199;77245;74354;74355;74356;74357;74358;74359;20767;74360;74361;74464;74494;74493;74509;76108;76109;76142;76143;20768;76158;76159;76160;76200;76201;76249;76250;76251;76276;76275;76294;20769;76295;76296;76297;76298;76354;76379;76378;76380;76381;20770;76382;76383;76385;76384;76386;76451;76425;76524;76525;76559;76560;20771;76561;76563;76562;76564;76565;76566;76568;76567;20772;76569;76586;76682;76587;76704;76705;76706;76707;76756;20638;76757;20773;20774;76784;76935;76785;76961;76962;76991;77019;76999;77568;77049;77085;77146;20775;77148;77147;77320;77198;77181;77199;77218;77219;77237;77236;77274;77387;77724;77300;20776;77321;77322;77323;77324;77325;77485;77420;77436;77486;20777;77664;77487;77488;77489;77490;77492;77491;77526;77525;77527;20778;77555;77569;77601;77570;77602;78465;77701;77725;77726;77744;20779;20780;77808;77807;77816;77809;77817;77818;77820;77819;77821;20781;77851;20782;77853;77852;77854;77897;77898;77961;77982;78010;78040;78041;78042;20783;78106;78107;78466;78504;78255;78256;78257;78258;78259;20784;20785;78260;78261;78467;78468;78505;78538;78539;78653;78654;78668;78698;20786;78723;78761;78762;78763;78764;78765;78821;78869;78888;79119;20639;20787;79120;79121;79122;79209;79210;79211;79212;79213;79214;20788;79244;79354;79333;79383;79382;79430;79431;79432;79433;20789;79434;79435;79436;79576;79598;79621;79688;79622;79623;79659;79716;20790;79689;79717;79740;79741;79718;79824;79823;79825;79852;79853;79854;80025;80026;20791;80027;80028;80029;80030;80031;80032;80033;80167;80034;80218;80168;20792;80391;80392;80410;80411;80412;80441;80413;80548;80549;80471;81041;21054;80851;80472;80473;80474;80510;80511;80512;80513;80514;80515;80516;81177;21055;80517;80550;80551;80552;80827;80826;81016;80852;80853;80854;21056;21057;80943;80944;80945;81017;81019;81018;81042;81043;81045;81144;81341;81162;21058;81163;81164;81165;81178;81296;81255;81256;81297;81314;20640;21059;81398;81399;81400;81412;81420;81544;81729;81644;81482;81483;81484;21060;81509;81566;81565;81567;81568;81645;81569;81646;81590;81570;81571;21071;81572;81573;81753;81668;81698;81754;81755;81756;81771;81772;81773;81774;81775;21061;81776;81879;81880;81881;81910;81950;81951;81971;82022;21062;82023;82069;82024;82070;82071;82072;82073;82074;82267;21063;82268;82471;82524;82497;82565;82526;82525;82642;82527;82643;82644;82659;21064;82660;82661;82662;82695;82696;82697;82765;82766;82847;82792;21065;83109;83086;82911;82991;82992;82993;83050;83051;83052;83110;83111;21066;83112;83134;83277;83176;83175;83177;83178;83180;83179;83181;83182;21067;83251;83252;83255;83256;83257;83258;83331;83259;83332;83260;83333;20641;21072;83261;83334;83262;83434;83544;83345;83344;83413;83414;83435;21068;83777;83758;83778;83760;83759;83761;83762;83779;83809;83861;83780;83810;21069;83811;83862;83863;83949;83950;83972;83989;83990;84045;84117;21070;84118;84119;84120;84121;84122;84123;84124;84125;84148;21182;84208;84316;84209;84317;84210;84318;84211;84319;84212;84213;84320;84214;84228;84229;21151;84230;84339;84487;84428;84429;84430;84664;84794;84444;84563;84564;21183;84612;84613;84614;84616;84615;84618;84617;84619;84620;21184;84635;84665;84666;84900;84915;84957;84958;85240;84980;21204;84981;84982;84983;84984;84985;84986;85042;85075;85076;85077;21216;85078;85079;85080;85081;85122;85123;85155;85154;85156;85157;21234;20642;85158;85159;85345;85344;85251;85578;85252;85253;85297;85265;85444;86400;85445;21270;85533;85506;85648;85507;85508;85509;85510;85511;85512;21291;85534;85579;85660;85682;85683;85684;85724;85735;85765;85797;21292;85798;85799;85800;85801;85872;85873;85874;85875;85907;21300;21568;85982;85983;85984;86102;86103;86144;86291;86145;86146;86147;86185;86189;86190;86204;21301;86205;86206;86207;86208;86218;86292;86293;86219;86220;86294;86244;86221;86295;21321;86296;86297;86298;86299;86310;86379;86443;86401;21371;86491;86415;86565;86416;86465;86466;86467;86492;86468;21372;86493;86494;86566;86629;86617;86650;86630;86651;86758;86652;86672;86720;86809;21373;86759;86760;86783;86784;86785;86786;86787;86788;86789;20643;21374;86810;86811;86812;86813;86814;86815;86816;86847;86848;86871;21375;86872;86896;86897;86944;86911;86993;87065;87066;87107;21376;87168;87108;87123;87169;87170;87203;87320;87205;87204;87216;87217;21377;87236;87237;87238;87239;87406;87369;87407;87408;87409;87462;87463;87464;21569;87466;87465;87468;87467;87470;87469;87497;87498;87499;87471;87529;87530;87531;87532;21588;87533;87535;87534;87536;87537;87755;88804;87756;87757;87758;87759;87761;87760;87915;21604;87774;87868;87814;87815;87816;87845;87846;87888;87916;87939;21612;88010;88011;88013;88012;88014;88015;88016;88017;88018;88019;88040;88455;88083;88084;27858;21613;27860;27859;88456;88637;88457;88409;88487;88516;88517;88518;88519;88520;88521;88522;88523;27861;88524;88525;88526;88576;88678;88711;88712;88861;88747;88748;88749;88750;88805;20644;27862;88806;88836;88837;88838;88928;89776;88929;88894;88895;88897;88896;88898;88899;89023;89024;88900;89025;27863;88901;88902;89026;88950;88930;88951;88952;88953;89078;89079;89732;89733;89100;89826;90421;89659;90598;89660;27864;89734;89865;89777;89778;89827;89828;89866;89930;89931;89932;27865;89933;89934;89935;89995;89936;89962;89937;89996;90822;90021;89997;90855;91255;90094;90095;90147;27866;90245;90188;90349;90306;90350;90400;90401;90402;90403;90404;90507;90405;27867;90406;90588;90824;90915;91256;90589;91333;90677;90825;90760;90678;90826;90827;90856;90857;90858;90887;27868;27869;90916;91257;90918;90917;91082;91083;91084;91085;91086;91087;91088;91090;91089;27870;27871;27872;91091;91092;91093;91094;91095;91258;91122;91181;91182;91183;91184;91185;91186;91187;91188;91189;91190;91191;27873;91218;91219;91220;91259;91320;91334;91341;91422;91423;91424;91425;27874;91451;91450;91498;91557;91499;91558;91559;91560;91561;20645;27875;20646;91562;91563;91564;91565;91566;91567;91568;91569;91725;91570;27876;91726;91728;91727;91758;91729;91914;91873;91874;91875;91876;91877;91878;91879;91880;91882;91881;91883;27877;91884;91893;92408;91954;91955;91956;91957;91968;92009;92010;27878;92011;92311;92033;92313;92312;92314;92315;92316;92317;92318;92319;92456;92409;27879;92511;92784;92583;92584;92785;92699;92750;92751;92966;92815;92860;27880;92861;92862;92863;92864;92865;92866;92867;93509;92868;27881;92869;92985;92999;93025;93045;93046;93047;93106;93107;93120;27882;93217;93241;93242;93243;93218;93219;93220;93398;93682;93399;93460;93683;93511;93510;27883;93559;93600;142021;93601;93602;93603;93604;93605;93606;93607;93648;93649;93684;93715;93773;93774;27884;93775;93827;93938;93800;93801;93809;93864;93896;93953;93954;93955;93956;93957;93958;93959;20647;27885;94044;94045;94068;94069;94152;94153;94154;94155;94156;94157;94159;94158;94249;94195;94287;27886;94288;94351;94352;94508;94289;94353;94464;94465;94466;94467;94468;27887;94509;94510;94573;94574;95025;94669;94730;94731;94732;94733;94734;94735;94736;94737;27888;27889;94954;95054;95053;95466;95284;95285;95371;95295;95318;95385;95386;27890;95425;95426;95427;97351;95428;95429;95430;95431;95432;95434;95433;95467;95566;27891;95567;95568;95569;95571;95570;95573;95572;95574;95661;95629;95807;96035;95808;95873;95949;95992;27892;95993;95994;95995;95996;95998;95997;95999;96000;96336;96304;96871;96406;96436;96437;96439;96438;96440;96441;27893;96442;96443;96444;96445;96483;96605;97852;96656;96872;97047;96719;96720;96763;96978;27894;96796;96927;97083;96952;96951;97853;96953;96954;96955;96980;96979;96981;97016;97017;27895;27896;97018;97098;97048;97049;97050;97084;97099;97208;97190;97221;97209;97301;102814;20648;27897;27898;97222;97223;97302;97303;97304;97318;97319;97320;97321;97322;97323;97324;27899;97383;97384;97521;97434;101833;100545;102258;97468;97523;97522;97551;97600;99121;97601;97602;97603;97604;27900;97605;97606;97607;97633;97608;97634;97658;97659;97719;97660;97720;97721;97722;27901;97723;97752;97753;97973;97778;97779;97793;97854;99093;97855;97856;97887;97936;27902;97857;97937;97917;99122;97938;99023;99024;99025;99094;99095;99096;99097;27903;99098;99099;99100;99101;99182;99195;100677;99196;99197;99198;99278;99279;99303;99435;27904;99626;100153;99582;99581;99583;99655;99656;99657;99658;99659;99660;99685;99723;99686;27906;27905;99724;99725;99726;100247;99965;99966;100154;100216;99993;100293;100249;100248;100098;27907;100099;100100;100265;100101;100379;100102;100155;100156;100218;100217;100219;100250;27908;100251;100252;100266;100253;100267;100254;100255;100268;100294;100411;100412;100413;100414;100460;100415;27909;20649;100509;100546;100547;100548;100570;100549;100591;100590;100632;100633;100662;27910;100919;100663;100664;100665;100667;100666;100835;100668;100755;100678;100781;100836;100837;27911;100920;101261;101148;100921;100923;100922;100924;100925;100927;100926;27912;100928;100929;100930;100931;100932;100987;100933;100988;100989;100990;101149;101024;27913;101062;101083;101150;101151;101153;101152;101155;101154;101157;101156;103319;101231;101262;101263;27914;101354;101545;101546;101769;101770;101809;101834;101835;101892;101893;27915;101894;101928;101929;101949;101950;102091;101952;101951;101973;101974;102092;102014;102015;102016;102033;27916;102034;102071;102093;102160;102161;102195;102197;102196;102259;102198;27917;102260;102261;102416;102417;102418;102419;102420;102421;102422;102423;102424;102493;27918;102522;102523;102580;102543;102525;102524;102582;102581;102583;102584;102678;102679;102680;20650;27919;102681;102697;102777;102816;102815;102817;102818;102820;102819;102857;102956;102957;27920;102975;102976;103047;103187;103217;103372;103218;103250;103249;103320;103321;103322;27921;103323;103324;103325;103326;103327;103356;103416;103417;103418;27922;103466;103641;103642;103643;103644;103645;103646;103667;103808;103691;103662;103692;27923;103731;103773;103774;103775;103776;103777;103778;103779;103780;103809;103810;103811;103812;27924;103813;103814;103815;103834;103835;103863;103921;104118;104119;104120;27925;27926;104122;104121;104143;104173;104211;104212;104213;104272;104317;104318;104319;104320;104321;104322;27927;104377;104323;104431;104477;104432;104496;104652;104807;104994;105542;104543;104569;104625;27928;105543;104712;104653;104713;104715;104714;104734;104716;104717;104735;104736;104738;104737;104739;27929;104995;104784;104808;104785;104810;104809;104844;104845;104846;104881;104882;20651;104883;27930;104884;105021;105037;105038;105099;105100;105101;105102;105104;105103;105105;105354;27931;105355;105107;105106;105173;105254;105544;105583;105649;105650;105686;105687;105688;27932;105724;105723;105725;105746;105745;105747;105726;105748;105727;105749;105750;105751;106482;27933;27934;105767;105766;106264;108750;106096;106074;106135;106134;106265;106266;106267;106268;106269;106270;106272;106271;106295;106347;106790;108751;106348;106371;106372;106373;27935;106483;106533;106534;106556;106557;106581;106558;106619;106582;106620;106675;27936;106676;106677;106678;106709;106749;106791;106792;125352;106793;106794;106816;106837;27937;106839;106838;106869;106927;106928;107145;106929;106968;106945;107087;107215;27938;106970;106969;106971;106972;106973;107023;107003;107146;107117;107147;107148;107192;27939;107193;107194;107257;107256;107293;108335;108370;108949;108371;108372;108403;108453;20652;27940;108483;108484;108514;108513;108582;108583;108658;108657;108706;108707;108708;27941;108710;108709;108793;108794;108833;108832;108834;108835;108841;108840;108842;108878;108843;27942;109058;108879;108950;108951;109002;109086;109199;109466;109200;109311;109467;27943;109312;109313;109314;109315;109317;109316;109343;109468;109469;109600;109648;27944;109649;109650;109680;109892;109681;109723;109798;109812;109940;109863;109893;109894;27945;110044;110045;110046;110047;110048;110049;110050;110051;110052;110094;27946;110124;110225;110191;110226;110262;110320;110263;110285;110264;110321;110286;110322;27947;110382;110395;110413;110474;110475;110549;110476;110477;110478;110479;110481;110480;110513;110550;110514;27948;110515;110516;110517;110532;110533;110551;110552;110611;110622;110623;27949;27950;110641;110939;110662;110721;110765;110805;110894;110895;110896;110897;110898;110899;110900;110921;20653;27951;110922;110923;110924;110940;110925;110941;110942;110973;111005;110974;110975;111006;27952;111039;111038;111040;111041;111061;111060;111062;111135;111266;111267;111268;117825;27953;111269;111330;111331;111374;117537;111349;111375;111510;111511;111512;111513;111526;111576;27954;111577;111578;111579;111580;111581;111640;111641;111672;111673;111748;27955;111749;111750;111751;112017;111752;111753;111843;112032;111844;112033;117479;112058;112083;27956;112084;112149;112109;112110;112189;112111;112112;112150;112113;112151;112190;112205;117331;27957;27958;117356;117357;117496;117538;117454;117455;117456;154827;117539;117630;117595;117631;27959;117806;117805;117867;117868;117869;117870;117871;117872;117873;118322;27960;117913;117904;117914;117915;118067;117934;117916;117996;117935;118794;118068;118358;118081;118082;27961;118323;118142;118083;118143;118324;118144;118200;118176;119300;118325;118201;118326;118327;118328;118359;118329;27962;20654;118392;27963;118393;119146;118492;118567;118591;118568;118751;118750;152537;118795;118796;27964;118797;118820;118855;118904;118905;118906;118907;119043;119253;118954;118966;118967;27965;118968;118970;118969;118971;118972;118973;119014;119118;119216;119254;119255;119256;119257;27966;119496;119301;119303;119302;119337;119338;119339;119340;119458;119652;119459;27967;119580;119497;119581;119653;119654;119655;125542;119826;119827;119828;119829;119830;119831;119832;27968;121062;121063;121095;121096;121161;121186;121187;121210;121211;27969;121212;121224;121244;121328;121345;121329;122398;122479;121346;121381;121382;27970;121432;121469;121592;121593;121594;122052;121470;121506;121507;121508;121541;122053;121595;121596;121597;27971;121598;121619;121639;121640;122054;122055;122610;122152;122153;122183;27972;122184;122362;122314;122399;122480;122481;122482;122499;122500;27973;20655;27974;27975;122533;122646;122647;122667;122668;122669;122716;122811;122812;122813;122868;27976;122892;122893;122946;123001;136604;123074;124152;123075;123076;123077;123078;123127;123502;124114;27977;123414;124271;123503;123457;123555;123504;123505;123641;27978;123675;27979;123676;123677;123678;123679;123680;123681;123682;123750;123751;123786;124272;123787;123930;123931;27980;123932;123933;123934;123973;123999;124019;124085;124115;124116;27981;124191;124273;124274;124297;124275;124322;124323;124758;125386;124407;125765;124408;27982;124457;124561;124458;124587;124676;124677;124678;124679;125593;124696;124759;27983;124717;124718;125025;125026;125027;125028;125134;125135;125474;125475;125136;126095;125353;125137;125138;27985;27984;65106;27986;125139;125140;125141;125142;125143;125144;125145;125215;125251;125252;125253;125337;27987;125338;125339;125766;125948;125354;125355;125476;125543;125544;125594;125545;125621;20656;125622;20657;27988;125623;125624;125625;125704;125705;125720;125721;125722;125723;125724;125725;125726;125767;125768;125769;27989;125770;125771;125772;125811;125812;125813;125851;125853;125852;125854;125998;126064;126065;27990;126066;126067;126096;126068;126097;126098;126099;27991;126174;126241;126242;126255;126254;126257;126256;126503;126305;27992;126306;126374;126375;126464;126445;126465;126504;126564;126563;127791;126565;27993;126566;126567;126568;126598;126698;126745;127093;126746;126747;126748;126749;27994;126772;126773;126774;126815;126816;126817;126818;126947;126948;126949;126950;27995;127792;127041;127886;127042;127887;127094;127043;127095;127096;127793;127097;127794;127795;27996;127796;127798;127797;127799;127800;127801;127802;127803;127804;27997;127805;127806;127839;127840;127888;127890;127889;127891;127892;128023;128024;20658;27998;27999;128025;128026;128027;128028;128029;128031;128030;128050;128049;128076;128075;28000;128320;128321;128322;128323;128412;128993;128474;128680;128475;128476;128477;128505;128478;28001;128506;128681;128507;128521;128545;128614;128629;128630;128682;128631;128754;129048;28002;128755;128756;128874;128967;128875;129289;134888;129049;129050;129290;129351;129384;28003;129385;129466;129488;129489;129490;129556;129491;129712;129677;28004;129749;129775;129774;129808;129882;129967;130146;129968;130003;130052;130147;130148;28005;28006;130149;130150;130151;130152;130167;130200;130585;130362;130392;130393;130394;28007;28008;28009;130395;130427;130513;130396;130586;134657;142870;130428;130429;130587;130588;130622;130623;130756;130757;28010;130961;131694;130962;130963;131011;130964;131012;131013;130965;130966;131014;131313;131015;131016;28011;131017;131072;131074;131073;131161;131182;131162;131225;131226;131314;28012;20659;131315;132011;131392;131559;131560;131561;131695;131696;131562;28013;131563;131564;131565;131722;131723;132012;131761;131923;131924;132013;132014;28014;132015;132095;132016;132310;132240;132689;133142;132690;132691;28015;132692;132746;132747;132768;132748;133224;132854;132929;132930;132931;132932;132933;132953;28016;133039;28017;133040;133143;133178;133144;133179;133204;133205;133206;133207;133225;28018;133289;133548;133290;133292;133291;133350;133293;133294;133351;133352;133353;133354;133355;28019;133356;133398;133449;133450;133496;133497;133521;133522;133523;28020;133549;133524;133550;133551;133646;133647;133648;133649;133715;133764;133840;28021;28022;133793;133794;133795;133796;133798;133797;133799;133800;133950;133951;134037;28023;134038;134039;134298;134299;134300;134301;134367;134402;20660;134442;28024;134658;134659;134660;134661;134662;134663;134664;134699;134758;134856;28025;135026;135027;135028;135029;135170;135171;135229;135269;135270;28026;28027;135271;135282;135283;135284;135285;135286;135398;135399;135455;135581;28028;135672;136398;135846;135847;136027;135894;136281;135895;135966;135896;135967;135968;151919;136083;136028;28029;136029;136084;136171;136085;136086;136087;136088;136089;136173;136172;28030;136282;136400;136399;136401;136420;136545;136493;136546;136605;136606;136607;28031;136608;28032;136663;136692;136964;136708;136709;136710;136711;136730;136731;136732;136965;136733;136759;136966;28033;136801;136802;136803;136894;136943;136944;136967;137043;137044;137045;28034;137046;137133;137178;143270;137179;137232;137295;137352;137296;137298;137297;28035;137299;28036;137300;137301;137353;137553;137554;137555;137556;20661;137625;28037;137744;137824;137745;137825;137848;137872;137849;137891;138132;138133;138134;28038;138135;138136;138137;138138;138139;138165;138166;138167;138168;138325;28039;138208;138326;138497;138498;138552;138834;138835;138836;138872;138873;28040;138874;138997;138875;139179;139365;138998;138999;139023;139024;139180;139025;139026;139027;28041;139181;139028;139366;139182;139311;139312;139313;140028;139367;139368;28042;139369;139371;139370;139372;139373;139480;139479;139567;139568;139596;139659;28043;139660;139662;139661;139692;139693;139724;147981;139725;139770;139782;28044;139783;140176;139784;139848;139908;140029;140265;140030;140031;140177;28045;140178;140179;140180;140182;140181;140184;140183;140266;140267;28046;140450;140451;140458;140589;140590;140591;140593;140600;140592;20662;140603;140601;28047;140604;140647;140646;140645;140639;140641;140644;140642;28048;140640;140637;140648;140638;140643;140650;140652;140649;140651;140659;28049;140701;140717;140720;140719;140723;140722;140730;140724;28050;140729;28051;140751;140753;140736;140755;140752;140754;140786;140784;140788;28052;140787;140801;140802;140803;140800;140925;141482;140929;140920;140924;140922;28053;140923;140919;140921;141825;142027;140928;140927;141092;141054;141109;141112;28054;141111;148334;141097;141095;141922;141110;148842;141180;141182;141178;141183;141179;141181;28055;141177;141206;141176;141302;141301;141450;141451;141449;141448;141447;28056;141459;141936;141483;141537;141542;141543;141545;141479;141538;28057;28058;141539;141541;141544;141615;141620;141621;141824;141862;141821;141863;141923;142502;20663;28059;28060;141822;141934;141820;141913;141921;141932;141937;142367;142001;142865;142017;142026;28061;142055;142368;142218;142369;142370;142371;142464;142499;142501;142498;28062;142735;142500;142729;142732;142730;142727;142731;142721;142741;149521;142736;28063;142739;142866;142969;142968;142966;142967;142998;143121;143127;143120;143119;28064;143214;143215;143206;143242;143249;143264;143266;143271;143267;143269;144890;143268;28065;143376;143374;143375;143373;145013;143428;143430;143432;143433;143431;144111;143429;144110;28066;143445;144112;143476;143587;143585;143584;144011;144012;144078;144013;144015;144016;144709;144066;28067;144300;144299;144704;144337;144710;144745;144747;144746;144751;144750;28068;144749;144752;144789;144786;144785;144788;144808;144787;144849;144897;144869;145228;145234;28069;28070;144870;144943;144944;145011;145007;145046;145047;145048;145078;147987;145084;20664;28071;145081;145221;145409;145410;145464;145463;145517;145514;145510;145516;28072;145518;145511;145512;145515;146349;145542;146043;146069;146044;146306;146066;146070;28073;146068;146208;146209;146301;146302;146303;146348;146351;146350;146375;28074;146385;146384;146435;146436;147988;146437;146494;146538;148006;148011;147979;28075;147996;147976;147999;147980;147986;147990;147977;147975;147983;28076;148009;147978;148005;147982;147991;147997;147995;148008;148000;147994;147984;148004;147993;28077;148007;148010;147985;147998;147989;28078;28079;28080;20665;28081;28082;28083;28084;28085;28086;28088;28087;148001;147992;147974;148003;28089;148002;147968;147970;147973;147972;147969;147971;148089;148034;28091;28090;148108;148130;149032;148135;148891;148218;148244;148248;148260;148279;28092;148295;148335;148498;148495;148491;148493;148497;28093;148492;148496;148494;148555;149044;148554;148689;148691;20666;148690;148819;149244;148810;28094;148856;148859;148991;148855;148938;148953;148992;148987;149055;149092;28095;149093;149251;149474;149252;149253;149323;149306;149322;149332;150325;149324;149419;28096;149417;149418;149409;149408;149405;148911;149416;149661;149410;149415;149407;149411;28097;149406;149404;149446;149478;149477;149519;149520;149527;149651;149649;149650;152134;28098;28099;149742;149727;149834;149818;149906;149907;149908;149903;149905;149991;150029;149988;150712;150030;150028;150324;28100;150130;150131;150492;150129;150132;153852;150134;150144;150320;150143;150151;150152;28101;150155;150164;150232;150233;150234;150394;150292;150420;150436;150691;150690;150692;150809;150793;150846;28102;150857;150858;150939;150867;150942;150949;151017;150947;150948;150953;153127;151000;150954;20667;20668;28103;150957;153131;150955;150956;150940;150952;150995;151444;151443;151583;151451;151452;151679;156562;28104;28105;151800;151680;151836;151830;151835;153130;151921;151907;153129;151837;151920;28106;151924;152002;156918;152555;152081;152079;153942;152135;152136;152144;152145;152178;152143;152229;152180;152181;28107;152230;157372;152216;152235;152362;152363;152417;152420;152416;152508;152830;152539;152536;28108;152632;152637;156633;152640;152639;152681;152665;152702;28109;152774;152784;152868;152870;152846;152869;152917;152913;152918;152916;28110;152953;152954;152957;153138;153134;153143;157224;153145;153139;153361;153144;153137;153142;153156;28111;153174;153178;153445;153526;153179;153177;153476;153527;153183;153211;153243;153367;153366;153391;153408;154053;153407;153406;153511;153510;28112;153447;153514;153446;153449;153448;153508;153573;153568;153569;153593;153591;153592;28113;153768;153766;153785;153781;153801;153769;154162;153770;154205;153799;153779;153802;153797;153788;153851;153789;153856;153853;20669;28114;153854;153855;153857;153866;153888;153910;153908;153925;153959;154203;28115;28116;154204;154227;154242;154241;154273;154279;154278;154352;154274;28117;154328;154337;154338;154405;154779;154431;154415;154414;154413;154569;154704;154709;154778;28118;154783;156561;154883;154903;154977;154974;154972;155222;154980;155221;155162;28119;155232;155220;155297;155892;156041;155296;155295;155351;155308;155375;155374;28120;155602;155655;155637;155672;155681;155687;155722;155727;155729;28121;155751;155752;155749;155747;155768;155750;155767;155766;155923;28122;155908;155943;155935;155944;155936;156043;155938;155939;28123;155925;155952;155970;156203;156040;156042;28124;156055;156161;156054;156076;157139;156105;156104;156122;156168;20670;28125;156171;156155;156190;156472;156485;156482;156486;156484;28126;156481;156483;156544;156568;156543;156612;156613;156608;28127;156712;156645;156743;156650;156711;156742;156744;156772;28128;156801;156853;156804;156802;28129;156880;156915;156879;156917;156934;156914;157143;156962;156960;156961;28130;157057;157059;157112;157085;157160;157162;157243;157299;28131;157286;157287;157357;157349;157371;157350;157351;157458;157353;158125;157352;157355;157404;28132;157370;157356;157457;157456;157843;157463;157882;28133;158072;158053;28134;158212;158134;158135;158160;158162;158258;158255;158159;158161;158256;158253;158249;158254;20671;28135;158273;158572;158679;158259;158271;158272;158454;158455;158456;158250;158457;158458;28136;28137;158502;158680;158574;158573;158683;158646;158688;158731;158737;158453;28138;158789;158817;159022;158866;158901;158902;158905;158939;158941;158940;158937;158932;28139;158938;158987;159059;159020;159024;159058;159026;159107;159142;158728;159144;28140;159143;159137;159138;28141;28142;28143;159160;28144;28145;28146;20672;28208;28209;28210;28249;28251;28250;28288;28357;28358;29236;28359;28360;28372;20673;29213;29214;29304;29696;29237;29215;29238;29239;29305;29738;29739;29740;20674;29793;29892;29917;29918;29919;29920;29922;29921;29964;29978;29979;30018;30019;30042;30043;20675;30147;30183;30252;30184;31092;31164;20676;31093;31165;31166;31341;65107;31405;31461;31603;31406;31625;31638;31783;31639;20677;31677;31678;31700;31702;31703;31701;31704;31784;31848;31785;20678;31966;31967;20679;32053;32028;32029;32185;32186;32054;32187;32189;32188;32190;20680;32191;32192;32193;33197;65108;33254;65109;32357;32359;32358;32360;32431;32430;33198;32432;33093;33199;33217;33388;33124;33255;20681;33436;33389;33464;33544;33390;33504;33531;45473;33758;33560;33827;33575;20682;33759;33760;33587;33808;33807;33809;33940;33941;34059;34048;34080;20683;34094;34116;36904;37738;37936;65110;36243;38073;38000;37910;36953;36855;20684;36256;37333;37068;38049;36805;37662;37836;37944;36491;36681;20685;20686;38023;37570;37161;37499;38095;37631;38074;37538;36711;36364;20687;37649;37886;37299;36499;37887;36916;37203;37355;37177;36611;37546;36899;37965;37045;37683;20688;37853;36745;37207;37977;38099;36652;36927;37422;36374;36896;20689;36262;36225;65111;36984;37474;36761;37984;37654;36815;36657;36674;37447;37968;20690;37828;20691;37888;37746;37974;65112;37362;37162;37876;36382;36220;36714;38132;20692;36397;37469;37842;38044;37381;36454;38011;36279;37217;65113;65114;36218;20693;37002;38070;36720;36665;36786;37810;37148;38131;36478;37740;65115;65116;38036;37504;20694;37042;36589;36749;38037;36746;37364;37956;38092;36361;37607;20695;20696;37463;37220;37359;36471;37935;37983;38148;36537;36366;37606;36907;37337;36418;37152;37498;37819;20697;37389;36530;36635;37438;20698;37978;37849;38194;37762;37806;36228;38205;38195;38647;38196;38685;20699;38686;38715;38714;38716;38741;38758;38759;39362;38777;38848;38984;20700;39390;20701;39312;39311;39313;39336;39337;39533;39353;39363;39371;39419;39491;39515;20702;39516;39517;39518;39534;39586;39600;39601;39619;39620;40348;20703;39786;20704;39787;39788;39789;40655;39800;39851;44326;40361;40329;40417;40416;20705;40656;40490;40491;65117;40492;40528;40529;40531;40547;40576;40590;40751;40530;40657;20706;40658;40752;40767;40943;65118;40768;40769;40794;40848;40906;40944;20707;20708;40981;41006;40982;41013;41046;41045;41606;41624;41940;20709;41969;41968;42043;42051;42050;42079;42080;42081;42082;42093;42167;42146;20710;42237;42207;42344;42208;42209;42474;42407;42335;42408;42466;42467;42817;42795;20711;42858;42891;43001;43026;42930;43058;43087;43059;65119;20712;43097;43108;43109;43110;43153;43366;43368;43367;43622;43823;43824;65120;20713;43825;43874;65121;43897;43898;44039;44057;44058;44106;44107;20714;44108;44115;44133;44323;44669;45549;44327;44336;44335;44655;44399;44656;44586;44585;44594;20715;20716;44641;44640;44688;44912;44913;44985;44936;45016;45037;45038;45042;45079;45080;45081;20717;45108;65122;45342;45377;45343;20718;45484;45483;45398;65123;45475;45476;45474;45485;45486;45487;47159;47160;47822;47823;45550;47821;45551;45589;20719;47162;47161;47574;47824;47825;47855;46014;45575;45576;46179;46192;46254;46336;46253;46672;20720;46688;47799;46691;46700;47618;46731;65124;46752;46810;46811;46812;46836;46855;20721;47035;47108;47109;65125;47110;47111;47575;47826;47856;47857;50342;47679;20722;47695;47734;47778;47742;47858;48282;48242;48283;48253;48261;48262;48315;20723;48361;48349;48362;48381;48904;49268;49169;48757;48758;49170;48905;49269;20724;49065;49066;49102;49140;49171;49141;49303;49304;49305;49236;49283;20725;49306;20726;49644;49643;49673;49761;49762;49763;49764;50082;49765;49772;50083;11140;50302;25345;149495;14363;23651;149496;71954;10542;19289;25821;35608;61517;61516;106379;55049;71883;87869;57574;55048;106380;87870;106381;87871;106382;106383;106384;87872;10289;57891;35309;59642;42843;51574;42844;99982;22869;152742;152743;11154;152741;33851;20161;52633;79235;18586;12115;12285;11228;46882;12297;64485;152357;72582;57641;33850;108797;92321;11671;12198;23966;19497;19498;19499;92322;18260;19698;11359;10291;11746;35707;94046;35708;35710;35709;94048;94047;35711;94049;10829;35712;35713;11765;11699;15967;77704;77705;77706;52670;11280;12272;10645;24341;16272;19938;77703;10292;10374;104124;60109;141118;136949;104125;104660;104659;136950;54614;19760;20992;139457;136613;11981;17211;17282;47862;16455;16203;70764;14785;130168;14792;14833;16280;20133;12004;82704;69101;76388;78889;82705;82706;11471;19717;82707;19757;55022;24734;19427;20175;18551;34820;16232;16230;101294;146990;52504;91126;100272;94671;104888;100273;101301;101295;94672;20148;20181;20182;19397;25420;31861;31862;33900;55983;56238;91127;17226;56239;31419;31409;10293;22078;22077;25990;12094;64292;64293;38889;16140;38890;10294;16062;14823;11472;32381;42347;45406;42348;11526;14847;11107;11749;20968;18494;40549;33819;62798;62100;68984;62901;76536;83729;86567;72007;72008;72985;88051;88052;90680;92458;92459;86568;96609;99200;99509;101818;103930;94168;109682;111208;118204;106104;124167;130056;135586;148897;63646;42831;121247;40548;132962;145222;156846;126778;138527;151942;78549;141784;154246;92788;92789;69044;69045;10295;69043;158459;65701;46332;158460;54644;11679;20993;20346;80083;80084;80082;150989;10744;82531;82532;106719;82533;31642;31853;33278;33485;34400;34730;106720;35068;40466;41626;48760;55024;55608;138341;63137;48906;50650;51772;51851;52976;53405;58416;138899;60049;63381;66216;69015;138900;72279;70560;137358;137357;78626;137753;137397;138342;138343;100592;105294;112216;136896;146102;111518;136999;136895;126246;128080;136422;69016;31852;69017;69018;20066;122534;40370;40372;40373;40374;40375;40376;40377;40379;40378;40380;40381;52010;40382;40383;40385;40384;40386;40387;42178;40388;40389;89112;40390;40391;40392;89113;89114;40393;52011;89115;89116;42179;42289;42870;89117;89118;52012;89735;43826;45386;89736;44642;44993;89737;45402;89738;89739;56246;89740;46765;52013;47150;49085;52014;89741;49703;89742;50611;50858;89743;50985;89744;51077;89745;99166;51422;89673;89674;51971;52582;89675;53592;89676;89677;53840;89678;54968;89679;55747;56508;89680;56665;89681;89105;57749;58362;58302;58535;89106;89107;58744;89108;58903;89109;89035;58977;89036;59506;89037;59966;89038;61747;62944;89039;63332;64642;64643;64812;65735;66723;69193;69550;70527;71214;71245;71617;72006;87673;87674;72958;73469;87675;87676;73851;87677;74244;87678;74465;87679;77630;87680;78025;79762;87681;86254;81079;87889;88954;88906;92949;96084;93512;99102;103357;96338;105410;105584;105768;110901;110902;111350;118360;118955;123556;124192;125146;126699;127807;128994;129161;130346;131018;132017;136174;137047;137354;139849;137826;143166;141757;31727;106585;106584;118091;57397;140044;140043;151128;140045;151130;151129;134217;133843;133844;152047;70448;136746;20094;44646;121350;89661;89662;89663;89664;89665;89666;89667;89668;89669;89670;89671;121351;121352;59447;56997;70877;70878;70879;81083;76368;86945;87940;70880;70881;70882;70883;70884;70885;70886;70887;71773;72037;81084;76203;80037;79862;86946;87941;70888;71774;83781;73917;74470;78108;81085;86947;87942;99129;103375;87943;99130;102698;99131;103376;105614;134876;105486;105782;134877;134878;111759;118466;118885;123518;124300;125218;128035;129493;129497;138475;108711;146827;151665;158494;140039;143221;145090;132856;129825;152411;152675;152672;152225;130004;130153;156560;76945;134216;82741;94053;99708;122976;111386;111601;132753;76964;76966;84150;84804;99709;104852;110295;105787;110294;111602;140772;129498;143450;141803;157129;73895;73896;76944;44645;45414;57399;57398;63113;63112;31729;32503;33105;34156;34818;36117;57400;42308;51057;45541;54996;77963;77962;78826;95260;78670;78671;87762;87763;63075;63074;77332;84219;84220;31728;72038;72039;71052;73671;76453;84221;74264;81184;87925;92944;95287;97989;111975;59091;59729;63076;73672;76454;81185;58793;71231;74265;84805;87926;91226;71051;92945;95288;97990;105555;105783;110098;111978;20301;20729;26200;57395;105788;111220;125884;133208;151012;151285;153547;153544;153545;153546;105793;84340;66897;76426;66896;82899;76947;79147;76946;63062;146825;150163;153889;63061;84341;154017;156035;82708;76360;82710;78669;82709;76495;145402;67141;78508;79863;99474;102084;105514;76994;56957;66908;63060;56958;76356;77727;66909;79864;83184;47897;66812;65209;65223;66274;66806;70612;76457;77728;79865;81146;83186;86124;86125;86255;87592;90710;91322;91713;92870;95468;103377;99475;104654;105784;106950;111760;112207;129503;135411;150982;140040;149902;146826;155790;72119;90711;91828;91829;63681;64920;63684;63682;63683;63685;33106;59372;40907;90763;93191;106621;149786;90351;90764;90352;92841;93051;119015;135923;119016;105789;92842;134163;119834;152873;148255;91339;105794;95441;156932;105790;91340;81315;100717;105586;112208;119304;105795;78024;78771;91457;119037;119038;112209;57396;143574;152534;152872;156361;78857;82742;25119;26201;72040;73673;76455;84222;72041;71054;143554;74266;81186;87927;92946;95289;97940;99104;100417;103379;111757;111976;118464;134626;59092;59730;63077;71053;73674;76456;81187;84223;93521;97834;58794;74267;64921;84806;87928;91227;118980;118883;119098;123516;125883;124298;129495;130453;131129;132417;134627;134973;137663;137077;143223;144852;150961;149853;157422;157130;92947;95290;97941;158148;99105;100418;99590;103380;104853;105791;105487;110099;105785;111979;111761;123002;118467;125224;127138;140773;26911;10342;10758;26925;61708;104885;19288;66174;65792;30150;11786;19229;11165;10463;11397;52704;52703;55523;64558;64559;73595;76355;95657;11731;52656;20317;30108;50829;39328;50971;21336;51060;10650;110557;152701;84399;155732;154458;11185;11184;69864;127108;50514;15520;50513;10296;15910;20061;15437;19474;21739;15402;14230;62735;62736;41058;65188;62737;16270;60061;60062;60063;10610;74262;74220;74221;74218;74216;74219;69370;105732;60017;105733;60018;103050;48264;12006;72771;83346;55640;103051;39471;11470;52003;50504;43111;121479;108807;12224;47863;57640;44670;43067;10470;10297;22257;11771;22306;21311;10816;24864;18292;18287;14365;18288;40773;11515;11516;20250;18572;18571;11794;19502;21566;24780;14186;17142;10298;18122;11095;11315;10505;24004;11424;10526;38808;22309;25681;10299;10592;11639;33859;22047;69275;69274;58620;81787;10475;69321;11668;10300;81702;58411;19590;58412;20014;15787;18478;12005;22206;32124;17732;17733;17734;87011;90709;92606;94511;105484;96803;11486;11628;11627;17735;17736;17737;17738;17739;17740;124338;17741;57040;17742;17743;109429;111665;126262;43352;56979;10697;11606;34781;33932;14722;44316;44315;10698;35374;47898;17771;52756;109553;10757;14382;108534;108535;108536;108537;108539;108538;108540;21785;22300;108542;108541;108543;108544;108545;108547;108546;108548;108549;108550;108552;108551;108553;108554;117602;77707;108555;108556;108557;108558;108560;108559;108561;108562;108563;146497;127911;146488;128280;146498;146495;146531;146496;20343;11279;67257;49704;49705;11732;62183;62184;10367;12074;10662;19781;31865;11089;10301;18177;73758;69516;42292;70119;69517;73520;83739;83740;83742;83741;29306;73759;11151;83743;20108;29871;10302;10557;17368;63135;10303;20839;24235;10476;10304;25087;25088;141853;141562;92724;94582;142142;142224;142138;141561;141852;141564;141563;141920;141918;141914;142141;142060;141850;141565;141916;141851;141919;136410;139065;138091;138878;140453;142059;139871;141469;140791;145069;146451;145535;146860;146859;148850;149787;152191;153587;45415;45416;45417;45419;45418;36132;34501;38978;44588;49690;45429;45423;45422;33127;34219;35659;36161;39450;41057;56683;45430;49691;51510;53475;55649;57607;58594;62394;70022;45420;142140;45421;141917;141566;140462;140463;141915;140464;142139;136897;136892;35082;47112;50561;52615;55169;56229;58595;59728;62413;64097;68982;36133;72061;76967;78604;81825;40823;42821;45431;56348;81401;58596;59505;64380;61459;66374;69449;72062;76995;66375;62975;69021;71229;96178;100221;77438;74235;83290;80398;86018;84639;90316;94512;97355;97858;106843;108759;158561;133529;11162;86019;100123;102199;102200;102201;133270;133271;119678;124566;125595;119679;135771;136180;136183;133272;133273;135720;126052;119680;133274;136426;124023;141497;124024;124025;141498;133275;141472;141468;125630;132076;131733;129097;133360;133696;135180;135702;137398;137368;141473;57034;57826;87171;18047;23638;157866;158562;92725;128065;57709;62943;63098;63099;62120;73103;99906;57710;31411;124567;125896;132341;133357;133402;137633;137658;139326;139237;139238;140187;139227;139730;57708;108485;83288;83491;93049;96663;141344;141343;101838;141345;141347;141349;105082;129168;141348;108883;108486;141342;141346;123510;99907;78739;78740;74155;79691;102175;73385;74156;77533;78741;82850;84571;93075;93076;93026;102176;77534;79216;78742;156724;83872;93027;91916;106395;106396;73382;73383;73386;73384;73206;73207;73208;73499;72903;72645;73209;74293;77535;72646;77536;74157;74158;74159;77537;74160;74161;74162;74163;79217;77538;77539;77540;78743;78744;78745;78746;82851;84572;84573;83873;86997;87775;94200;99236;100222;128995;105587;108487;108488;107260;128996;128999;129000;129001;117937;129002;128997;129003;128998;61488;63097;77541;82029;83055;89689;102996;103568;72644;77542;17337;80855;70070;80856;71466;80857;80858;80859;134308;23639;70069;23649;11181;102586;27803;16173;11010;10616;11692;76777;76778;76598;76597;21749;19946;16277;11584;11333;11542;20375;11533;62966;64244;62202;11688;10305;10487;12083;10466;24671;38734;16070;10306;63280;140578;11274;21729;51988;12019;96533;96534;108811;10307;20826;20973;21733;21738;22921;25770;25956;27040;29998;33820;35788;38858;43181;47717;50379;50846;51091;56681;57363;59756;67207;71787;11530;19217;15817;16199;15952;16152;16204;30187;30186;30185;10365;158243;112194;131317;147420;12054;70613;70614;70615;131835;70616;70617;70618;80887;70619;70620;74442;70621;70622;70623;70624;70626;70627;70625;70628;70629;66420;46016;141782;70630;141783;62516;152102;62517;77668;70329;70330;63620;10940;139239;151482;20097;38652;48214;47698;48215;49068;53373;54956;55652;62976;70331;10309;21674;54955;22022;23732;25879;10310;10311;21223;20227;11847;11430;11429;10312;10313;10314;28182;25684;20393;20391;24277;20392;22072;31641;122448;54629;54585;15912;15970;40564;10315;10316;72388;72389;73613;122422;76167;78078;21737;26027;106629;11884;23648;72387;34335;17362;78675;34217;34218;11559;34113;78673;35629;36127;41029;69105;77731;79251;70762;69881;71521;72942;73864;76150;76992;77732;89103;90786;91820;79252;92816;80459;81672;83488;84398;85405;86480;87824;40335;48213;55510;48943;40999;43350;44338;46864;49978;57538;56689;58517;59239;60116;61571;50678;51458;53473;52502;55411;56163;54942;61572;62477;63095;65253;64361;66543;66894;56164;57539;58518;56690;59240;60117;60118;70763;69880;71520;72941;61573;63096;62478;64362;66544;65254;66895;69104;87825;103984;102919;89104;90787;91821;93518;92817;93940;103985;95435;97574;96765;99437;100671;101898;102920;102921;119419;118206;121107;129301;124164;125365;126923;103986;105007;106142;107093;108885;126921;110269;129061;131950;134114;111387;140777;136922;117339;119420;118207;121108;124165;129299;125367;124166;136926;140775;126919;129059;125369;131948;133212;134110;133215;147645;148946;151643;134112;155571;135857;136924;138087;140757;139573;142678;144634;142421;155573;144642;156390;144640;146105;147647;157893;148948;151641;154824;156388;158992;34112;56710;97997;104741;111227;105151;137657;143151;88958;64687;24270;24269;88959;64788;100994;24282;55438;55437;45050;45051;43830;48337;72482;73437;51187;24271;45052;61797;71637;71246;72684;40477;155963;52001;44871;51186;85736;102992;70767;56467;24272;88960;104854;104855;105045;108411;104856;104857;59275;88961;65548;88962;91990;51902;34220;135860;24871;25197;34252;42897;144455;42898;144456;55472;70768;52668;59641;88963;24274;137565;24273;11108;21625;52616;63619;38733;18246;11360;18601;18301;24759;125680;106376;42801;72960;51860;51341;106306;51939;106307;106377;56620;106378;59048;60100;72984;62046;64452;69997;67021;73471;77157;79437;83053;83138;83351;85082;85243;85985;87921;88579;91100;91101;91810;93111;93516;96606;96906;97635;100298;104356;103358;105004;106304;111229;109034;125597;119615;125596;122823;128554;129849;132099;136179;137627;142420;149475;148844;155026;153173;159009;156546;105025;30129;63326;25291;73378;62414;73271;64247;19414;105358;32080;18420;76169;62008;79421;123004;74108;18297;81385;11703;30109;15988;105163;64243;105258;64248;64556;65704;79385;64259;63687;15443;73686;72152;29745;69852;141810;62205;62314;51586;65764;76526;76071;40577;76072;40578;24237;118977;133846;140193;151189;101842;140577;139873;136286;136191;136176;136287;151025;139872;133856;118935;140211;101841;64894;64245;140466;72961;59387;105174;97210;34994;59311;47681;80475;63302;105022;105162;24014;76873;76874;24011;66176;76872;105023;105024;100028;84019;64264;90067;110482;66304;80553;64991;63064;35370;123643;92360;69518;105108;77373;101302;101303;126382;82827;66305;83524;83525;64895;85629;105372;64453;14836;16023;33391;20224;24757;20336;60015;11049;15557;18221;52543;38925;40592;58274;19306;51096;10317;55443;11222;19589;20902;11560;11167;14597;12108;40771;40772;65126;40770;14599;14586;14584;14598;11094;14585;15857;33139;44046;11645;20377;57031;57032;14301;11811;11332;58133;17602;14371;10318;11331;12098;14302;10452;10319;14372;11912;19680;42057;34850;26194;11422;22254;11919;11778;51080;12200;11084;24245;18366;31657;71024;11239;10515;12201;11077;11078;11127;11129;11065;11235;10687;10320;11069;11061;10321;10597;40862;40861;40332;40333;81513;81514;81515;81438;29981;21312;22090;25117;18037;81437;33822;18036;19426;20372;44329;20212;10891;14644;14645;14646;14647;35081;144755;92701;93802;94162;112210;95630;96958;96957;96959;96960;99398;97388;99399;100124;102585;103328;102842;104214;103972;103973;103974;103975;103976;103977;103978;103979;103700;104898;105490;104899;105491;105492;105493;107097;105775;106902;107098;107099;109573;109574;109727;111379;111380;111381;112156;112157;112158;112159;119656;119657;118570;119658;119659;119660;119288;134165;122870;122871;145062;122872;122873;122874;122875;122876;122877;135292;130759;125389;130760;132934;131133;131019;134172;134174;134171;132343;132339;134170;132316;134307;132391;136189;135928;149087;149085;144712;138363;144713;149065;149066;149089;144650;144862;144794;141836;140794;144975;141501;144856;144784;141502;144857;149033;144976;149297;144714;145546;142889;144651;149088;144743;144783;144452;149086;146596;148843;152209;152208;154826;156325;11546;74328;74327;78089;18100;32480;70368;18141;18266;132995;18267;18258;18268;18642;18206;19549;20951;21027;22498;25637;23751;29965;33167;34244;33478;35566;38790;40807;44943;44944;47106;51901;70369;70370;70659;70660;72581;87322;87323;87324;86710;87325;87326;87327;127109;20062;48254;42896;26971;11814;11188;11934;47701;10322;47680;13841;21338;44942;10559;17608;11587;12203;11527;87736;25342;42089;54844;12068;55535;59174;58386;59606;62121;66859;69137;71864;11431;30130;18614;24902;32030;18613;31606;14614;25372;24999;42435;35326;21581;11439;15480;24908;25493;20213;35278;11508;29870;30122;11698;11213;31679;11121;11120;10323;10324;10325;12020;66349;29825;10512;14806;15859;17305;14782;11588;30054;16058;11432;11993;30205;58000;25932;24913;25459;23870;25955;25798;25243;19515;18523;18628;14269;34448;18150;15892;18176;18522;20092;20737;34756;10684;31683;50495;66945;70497;56091;71535;91349;91714;72770;100615;102495;104655;70838;158452;35786;62757;35787;100616;43391;44620;105042;22526;15452;34364;19606;16205;11925;62367;20254;22234;43098;22233;39500;131287;39501;49708;34108;22270;22273;53533;58454;58455;29832;49287;63073;58456;11702;11708;18524;36088;16059;51833;16178;17199;29896;10327;11681;45085;35803;72774;142893;142892;127133;142878;72670;72585;72669;14184;72584;117462;21620;117463;14325;10830;14660;48273;14726;119242;21165;140133;139925;135188;158168;25460;10447;10702;10569;11769;118801;11985;11234;10777;19429;17312;24698;40886;73104;72813;148374;148706;78430;96448;15781;17304;10714; + + + + assessment_mode + webapp_known + + + TARGET + testphp.vulnweb.com + + + local_portscan.snmp + yes + + + listen_address + 0.0.0.0 + + + severity_processed + 202203230748 + + + slice_network_addresses + no + + + disable_api + no + + + non_simult_ports + 139, 445, 3389 + + + local_portscan.netstat_ssh + yes + + + ssl_mode + tls_1_2 + + + max_checks + 4 + + + network_scanners.syn + yes + + + stop_scan_on_disconnect + no + + + severity_basis + cvss_v2 + + + report_crashes + yes + + + scan_history_expiration_days + 0 + + + network_scanners.tcp + no + + + disable_guides + no + + + xmlrpc_listen_port + 443 + + + discovery_mode + portscan_common + + + report_cleanup_threshold_days + 30 + + + engine.max_hosts + 16 + + + name + Basic Network Scan + + + whoami + dummy + + + advanced_mode + default + + + scan_description + + + + bw_prevent_agent_scans + yes + + + reverse_lookup + no + + + track_unique_agents + yes + + + optimize_test + yes + + + engine.min + 4 + + + log_whole_attack + no + + + portscan.ping + yes + + + cgi_path + /cgi-bin:/scripts + + + unscanned_closed + no + + + auto_update_ui + yes + + + network_scanners.udp + no + + + auto_update + yes + + + listen_port + 1241 + + + engine.max + 16 + + + local_portscan.netstat_wmi + yes + + + checks_read_timeout + 5 + + + plugins_timeout + 320 + + + auto_enable_dependencies + yes + + + safe_checks + yes + + + report_task_id + 7cee556a-08ae-96c8-d6ec-eecc732e91999febddbb02223ba7 + + + allow_post_scan_editing + yes + + + visibility + private + + + bw_permanent_blackout_window + no + + + wizard_uuid + 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 + + + scan.unlimited + no + + + max_hosts + 30 + + + engine.max_checks + 64 + + + plugin_upload + yes + + + reduce_connections_on_congestion + no + + + silent_dependencies + yes + + + scan_vulnerability_groups + no + + + feed_type + ProFeed + + + port_range + default + + + scan_vulnerability_groups_mixed + yes + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Controller : + Domain Controller : + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain : + Domain : + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Username : + Domain Username : + entry + + + + + ADSI Settings + 60024 + ADSI Settings[password]:Domain Password : + Domain Password : + password + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Controller 2: + Domain Controller 2: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain 2: + Domain 2: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Username 2: + Domain Username 2: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[password]:Domain Password 2: + Domain Password 2: + password + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Controller 3: + Domain Controller 3: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain 3: + Domain 3: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Username 3: + Domain Username 3: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[password]:Domain Password 3: + Domain Password 3: + password + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Controller 4: + Domain Controller 4: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain 4: + Domain 4: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Username 4: + Domain Username 4: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[password]:Domain Password 4: + Domain Password 4: + password + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Controller 5: + Domain Controller 5: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain 5: + Domain 5: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[entry]:Domain Username 5: + Domain Username 5: + entry + + + + + ADSI Settings + 60024 + ADSI Settings[password]:Domain Password 5: + Domain Password 5: + password + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Adtran AOS Compliance Checks + 71991 + Adtran AOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[entry]:AirWatch Environment API URL : + AirWatch Environment API URL : + entry + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[entry]:AirWatch port : + AirWatch port : + entry + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[entry]:AirWatch username : + AirWatch username : + entry + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[password]:AirWatch password : + AirWatch password : + password + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[entry]:AirWatch API key : + AirWatch API key : + entry + + + + + AirWatch API Settings + 76460 + AirWatch API Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + AirWatch API Settings + 76460 + AirWatch API Settings[checkbox]:Verify SSL certificate : + Verify SSL certificate : + checkbox + no + no + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Alcatel TiMOS Compliance Checks + 102730 + Alcatel TiMOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Amazon AWS Compliance Checks + 72426 + Amazon AWS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Amazon AWS Compliance Checks + 72426 + Amazon AWS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Amazon AWS Compliance Checks + 72426 + Amazon AWS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Amazon AWS Compliance Checks + 72426 + Amazon AWS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Amazon AWS Compliance Checks + 72426 + Amazon AWS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Antivirus Software Check + 16193 + Antivirus Software Check[entry]:Delay (in days, between 0 and 7) : + Delay (in days, between 0 and 7) : + entry + 0 + 0 + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[entry]:Apple Profile Manager server : + Apple Profile Manager server : + entry + + + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[entry]:Apple Profile Manager port : + Apple Profile Manager port : + entry + 443 + 443 + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[entry]:Apple Profile Manager username : + Apple Profile Manager username : + entry + + + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[password]:Apple Profile Manager password : + Apple Profile Manager password : + password + + + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[checkbox]:Force Device Updates : + Force Device Updates : + checkbox + yes + yes + + + Apple Profile Manager API Settings + 60032 + Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : + Device Update Timeout (Minutes) : + entry + 5 + 5 + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Arista EOS Compliance Checks + 92838 + Arista EOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + ArubaOS Compliance Checks + 153133 + ArubaOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region af-south-1 : + Region af-south-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-east-1 : + Region ap-east-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-northeast-1 : + Region ap-northeast-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-northeast-2 : + Region ap-northeast-2 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-northeast-3 : + Region ap-northeast-3 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-south-1 : + Region ap-south-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-southeast-1 : + Region ap-southeast-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ap-southeast-2 : + Region ap-southeast-2 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region ca-central-1 : + Region ca-central-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region cn-north-1 : + Region cn-north-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region cn-northwest-1 : + Region cn-northwest-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-central-1 : + Region eu-central-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-north-1 : + Region eu-north-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-south-1 : + Region eu-south-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-west-1 : + Region eu-west-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-west-2 : + Region eu-west-2 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region eu-west-3 : + Region eu-west-3 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region me-south-1 : + Region me-south-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region sa-east-1 : + Region sa-east-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-east-1 : + Region us-east-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-east-2 : + Region us-east-2 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-gov-east-1 : + Region us-gov-east-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-gov-west-1 : + Region us-gov-west-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-west-1 : + Region us-west-1 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Region us-west-2 : + Region us-west-2 : + checkbox + no + no + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[password]:AWS Access Key ID : + AWS Access Key ID : + password + + + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[password]:AWS Secret Access Key : + AWS Secret Access Key : + password + + + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + Amazon Web Services Settings + 73490 + Amazon Web Services Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + yes + yes + + + Microsoft Azure Compliance Checks + 79357 + Microsoft Azure Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Microsoft Azure Compliance Checks + 79357 + Microsoft Azure Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Microsoft Azure Compliance Checks + 79357 + Microsoft Azure Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Microsoft Azure Compliance Checks + 79357 + Microsoft Azure Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Microsoft Azure Compliance Checks + 79357 + Microsoft Azure Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Microsoft Azure Settings + 79358 + Microsoft Azure Settings[entry]:Username : + Username : + entry + + + + + Microsoft Azure Settings + 79358 + Microsoft Azure Settings[password]:Password : + Password : + password + + + + + Microsoft Azure Settings + 79358 + Microsoft Azure Settings[entry]:Client ID : + Client ID : + entry + 443 + 443 + + + Microsoft Azure Settings + 79358 + Microsoft Azure Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + Microsoft Azure Settings + 79358 + Microsoft Azure Settings[entry]:Subscriptions : + Subscriptions : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[entry]:Blackberry UEM Hostname : + Blackberry UEM Hostname : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[entry]:Blackberry UEM Port : + Blackberry UEM Port : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[entry]:Blackberry UEM Tenant : + Blackberry UEM Tenant : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[entry]:Blackberry UEM Domain : + Blackberry UEM Domain : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[entry]:Blackberry UEM Username : + Blackberry UEM Username : + entry + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[password]:Blackberry UEM Password : + Blackberry UEM Password : + password + + + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[checkbox]:Blackberry UEM SSL : + Blackberry UEM SSL : + checkbox + yes + yes + + + Blackberry UEM Settings + 124860 + Blackberry UEM Settings[checkbox]:Blackberry UEM Verify SSL Certificate : + Blackberry UEM Verify SSL Certificate : + checkbox + no + no + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + BlueCoat ProxySG Compliance Checks + 70470 + BlueCoat ProxySG Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Brocade FabricOS Compliance Checks + 71842 + Brocade FabricOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Check Point GAiA Compliance Checks + 62679 + Check Point GAiA Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Cisco ACI Compliance Checks + 137785 + Cisco ACI Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[radio]:IOS Config File To Audit : + IOS Config File To Audit : + radio + Saved/(show config);Running/(show running);Startup/(show startup) + + Saved/(show config);Running/(show running);Startup/(show startup) + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Cisco IOS Compliance Checks + 46689 + Cisco IOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Cisco Firepower Compliance Checks + 128275 + Cisco Firepower Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Citrix NITRO API Settings + 154869 + Citrix NITRO API Settings[entry]:Username + Username + entry + + + + + Citrix NITRO API Settings + 154869 + Citrix NITRO API Settings[password]:Password + Password + password + + + + + Citrix NITRO API Settings + 154869 + Citrix NITRO API Settings[entry]:Port + Port + entry + 443 + 443 + + + Citrix NITRO API Settings + 154869 + Citrix NITRO API Settings[checkbox]:SSL + SSL + checkbox + yes + yes + + + Citrix NITRO API Settings + 154869 + Citrix NITRO API Settings[checkbox]:Verify SSL Certificate + Verify SSL Certificate + checkbox + yes + yes + + + Citrix Application Delivery Compliance Checks + 154868 + Citrix Application Delivery Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Citrix Application Delivery Compliance Checks + 154868 + Citrix Application Delivery Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Citrix Application Delivery Compliance Checks + 154868 + Citrix Application Delivery Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Citrix Application Delivery Compliance Checks + 154868 + Citrix Application Delivery Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Citrix Application Delivery Compliance Checks + 154868 + Citrix Application Delivery Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Citrix XenServer Compliance Checks + 69512 + Citrix XenServer Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Citrix XenServer Compliance Checks + 69512 + Citrix XenServer Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Citrix XenServer Compliance Checks + 69512 + Citrix XenServer Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Citrix XenServer Compliance Checks + 69512 + Citrix XenServer Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Citrix XenServer Compliance Checks + 69512 + Citrix XenServer Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Cleartext protocols settings + 21744 + Cleartext protocols settings[entry]:User name : + User name : + entry + + + + + Cleartext protocols settings + 21744 + Cleartext protocols settings[password]:Password (unsafe!) : + Password (unsafe!) : + password + + + + + Cleartext protocols settings + 21744 + Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet + + Try to perform patch level checks over telnet + checkbox + no + no + + + Cleartext protocols settings + 21744 + Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh + + Try to perform patch level checks over rsh + checkbox + no + no + + + Cleartext protocols settings + 21744 + Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec + + Try to perform patch level checks over rexec + checkbox + no + no + + + Windows Compliance Checks + 21156 + Windows Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Windows Compliance Checks + 21156 + Windows Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Windows Compliance Checks + 21156 + Windows Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Windows Compliance Checks + 21156 + Windows Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Windows Compliance Checks + 21156 + Windows Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Windows File Contents Compliance Checks + 24760 + Windows File Contents Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Windows File Contents Compliance Checks + 24760 + Windows File Contents Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Windows File Contents Compliance Checks + 24760 + Windows File Contents Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Windows File Contents Compliance Checks + 24760 + Windows File Contents Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Windows File Contents Compliance Checks + 24760 + Windows File Contents Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Database Compliance Checks + 33814 + Database Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Database Compliance Checks + 33814 + Database Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Database Compliance Checks + 33814 + Database Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Database Compliance Checks + 33814 + Database Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Database Compliance Checks + 33814 + Database Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Database settings + 33815 + Database settings[radio]:DB Type : + DB Type : + radio + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + + + Database settings + 33815 + Database settings[radio]:Database service type : + Database service type : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Database settings + 33815 + Database settings[entry]:Database SID : + Database SID : + entry + + + + + Database settings + 33815 + Database settings[entry]:Database port to use : + Database port to use : + entry + + + + + Database settings + 33815 + Database settings[entry]:Login : + Login : + entry + + + + + Database settings + 33815 + Database settings[password]:Password : + Password : + password + + + + + Database settings + 33815 + Database settings[radio]:Oracle auth type: + Oracle auth type: + radio + NORMAL;SYSOPER;SYSDBA + NORMAL;SYSOPER;SYSDBA + + + Database settings + 33815 + Database settings[radio]:SQL Server auth type: + SQL Server auth type: + radio + Windows;SQL + Windows;SQL + + + Database settings + 33815 + Database settings[radio]:Sybase ASE auth type: + Sybase ASE auth type: + radio + RSA;Plain Text + RSA;Plain Text + + + Database settings + 33815 + Database settings[radio]:Additional DB Type (1) : + Additional DB Type (1) : + radio + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + + + Database settings + 33815 + Database settings[radio]:Additional Database service type (1) : + Additional Database service type (1) : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Database settings + 33815 + Database settings[entry]:Additional Database SID (1) : + Additional Database SID (1) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Database port to use (1) : + Additional Database port to use (1) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Login (1) : + Additional Login (1) : + entry + + + + + Database settings + 33815 + Database settings[password]:Additional Password (1) : + Additional Password (1) : + password + + + + + Database settings + 33815 + Database settings[radio]:Additional Oracle auth type (1) : + Additional Oracle auth type (1) : + radio + NORMAL;SYSOPER;SYSDBA + NORMAL;SYSOPER;SYSDBA + + + Database settings + 33815 + Database settings[radio]:Additional SQL Server auth type (1) : + Additional SQL Server auth type (1) : + radio + Windows;SQL + Windows;SQL + + + Database settings + 33815 + Database settings[radio]:Additional Sybase ASE auth type (1) : + Additional Sybase ASE auth type (1) : + radio + RSA;Plain Text + RSA;Plain Text + + + Database settings + 33815 + Database settings[radio]:Additional DB Type (2) : + Additional DB Type (2) : + radio + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + + + Database settings + 33815 + Database settings[radio]:Additional Database service type (2) : + Additional Database service type (2) : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Database settings + 33815 + Database settings[entry]:Additional Database SID (2) : + Additional Database SID (2) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Database port to use (2) : + Additional Database port to use (2) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Login (2) : + Additional Login (2) : + entry + + + + + Database settings + 33815 + Database settings[password]:Additional Password (2) : + Additional Password (2) : + password + + + + + Database settings + 33815 + Database settings[radio]:Additional Oracle auth type (2) : + Additional Oracle auth type (2) : + radio + NORMAL;SYSOPER;SYSDBA + NORMAL;SYSOPER;SYSDBA + + + Database settings + 33815 + Database settings[radio]:Additional SQL Server auth type (2) : + Additional SQL Server auth type (2) : + radio + Windows;SQL + Windows;SQL + + + Database settings + 33815 + Database settings[radio]:Additional Sybase ASE auth type (2) : + Additional Sybase ASE auth type (2) : + radio + RSA;Plain Text + RSA;Plain Text + + + Database settings + 33815 + Database settings[radio]:Additional DB Type (3) : + Additional DB Type (3) : + radio + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + + + Database settings + 33815 + Database settings[radio]:Additional Database service type (3) : + Additional Database service type (3) : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Database settings + 33815 + Database settings[entry]:Additional Database SID (3) : + Additional Database SID (3) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Database port to use (3) : + Additional Database port to use (3) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Login (3) : + Additional Login (3) : + entry + + + + + Database settings + 33815 + Database settings[password]:Additional Password (3) : + Additional Password (3) : + password + + + + + Database settings + 33815 + Database settings[radio]:Additional Oracle auth type (3) : + Additional Oracle auth type (3) : + radio + NORMAL;SYSOPER;SYSDBA + NORMAL;SYSOPER;SYSDBA + + + Database settings + 33815 + Database settings[radio]:Additional SQL Server auth type (3) : + Additional SQL Server auth type (3) : + radio + Windows;SQL + Windows;SQL + + + Database settings + 33815 + Database settings[radio]:Additional Sybase ASE auth type (3) : + Additional Sybase ASE auth type (3) : + radio + RSA;Plain Text + RSA;Plain Text + + + Database settings + 33815 + Database settings[radio]:Additional DB Type (4) : + Additional DB Type (4) : + radio + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL;Sybase ASE + + + Database settings + 33815 + Database settings[radio]:Additional Database service type (4) : + Additional Database service type (4) : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Database settings + 33815 + Database settings[entry]:Additional Database SID (4) : + Additional Database SID (4) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Database port to use (4) : + Additional Database port to use (4) : + entry + + + + + Database settings + 33815 + Database settings[entry]:Additional Login (4) : + Additional Login (4) : + entry + + + + + Database settings + 33815 + Database settings[password]:Additional Password (4) : + Additional Password (4) : + password + + + + + Database settings + 33815 + Database settings[radio]:Additional Oracle auth type (4) : + Additional Oracle auth type (4) : + radio + NORMAL;SYSOPER;SYSDBA + NORMAL;SYSOPER;SYSDBA + + + Database settings + 33815 + Database settings[radio]:Additional SQL Server auth type (4) : + Additional SQL Server auth type (4) : + radio + Windows;SQL + Windows;SQL + + + Database settings + 33815 + Database settings[radio]:Additional Sybase ASE auth type (4) : + Additional Sybase ASE auth type (4) : + radio + RSA;Plain Text + RSA;Plain Text + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Dell Force10 FTOS Compliance Checks + 72461 + Dell Force10 FTOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Patch Management: Dell KACE K1000 Settings + 76866 + Patch Management: Dell KACE K1000 Settings[entry]:K1000 Address : + K1000 Address : + entry + + + + + Patch Management: Dell KACE K1000 Settings + 76866 + Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Port : + K1000 Database Port : + entry + 3306 + 3306 + + + Patch Management: Dell KACE K1000 Settings + 76866 + Patch Management: Dell KACE K1000 Settings[entry]:K1000 Organization Database Name : + + K1000 Organization Database Name : + entry + ORG1 + ORG1 + + + Patch Management: Dell KACE K1000 Settings + 76866 + Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Username : + K1000 Database Username : + entry + R1 + R1 + + + Patch Management: Dell KACE K1000 Settings + 76866 + Patch Management: Dell KACE K1000 Settings[password]:K1000 Database Password : + K1000 Database Password : + password + + + + + Do not scan fragile devices + 22481 + Do not scan fragile devices[checkbox]:Scan Network Printers + Scan Network Printers + checkbox + no + no + + + Do not scan fragile devices + 22481 + Do not scan fragile devices[checkbox]:Scan Novell Netware hosts + Scan Novell Netware hosts + checkbox + no + no + + + Do not scan fragile devices + 22481 + Do not scan fragile devices[checkbox]:Scan Operational Technology devices + Scan Operational Technology devices + checkbox + yes + yes + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Extreme ExtremeXOS Compliance Checks + 73156 + Extreme ExtremeXOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + F5 Compliance Checks + 95388 + F5 Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + F5 Compliance Checks + 95388 + F5 Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + F5 Compliance Checks + 95388 + F5 Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + F5 Compliance Checks + 95388 + F5 Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + F5 Compliance Checks + 95388 + F5 Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + F5 Settings + 95387 + F5 Settings[entry]:Username : + Username : + entry + + + + + F5 Settings + 95387 + F5 Settings[password]:Password : + Password : + password + + + + + F5 Settings + 95387 + F5 Settings[entry]:Port : + Port : + entry + 443 + 443 + + + F5 Settings + 95387 + F5 Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + F5 Settings + 95387 + F5 Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + yes + yes + + + Service Detection + 22964 + Service Detection[radio]:Test SSL based services + Test SSL based services + radio + All ports + All ports + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + FireEye Compliance Checks + 70469 + FireEye Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Fortigate FortiOS Compliance Checks + 70272 + Fortigate FortiOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Google Cloud Platform Settings + 150079 + Google Cloud Platform Settings[file]:Service Account JSON Key File : + Service Account JSON Key File : + file + + + + + Google Cloud Platform Compliance Checks + 150078 + Google Cloud Platform Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Google Cloud Platform Compliance Checks + 150078 + Google Cloud Platform Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Google Cloud Platform Compliance Checks + 150078 + Google Cloud Platform Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Google Cloud Platform Compliance Checks + 150078 + Google Cloud Platform Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Google Cloud Platform Compliance Checks + 150078 + Google Cloud Platform Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Generic SSH Compliance Checks + 129714 + Generic SSH Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Generic SSH Compliance Checks + 129714 + Generic SSH Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Generic SSH Compliance Checks + 129714 + Generic SSH Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Generic SSH Compliance Checks + 129714 + Generic SSH Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Generic SSH Compliance Checks + 129714 + Generic SSH Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Global variable settings + 12288 + Global variable settings[checkbox]:Probe services on every port + Probe services on every port + checkbox + yes + yes + + + Global variable settings + 12288 + Global variable settings[checkbox]:Do not log in with user accounts not specified in the + policy + + Do not log in with user accounts not specified in the policy + checkbox + yes + yes + + + Global variable settings + 12288 + Global variable settings[checkbox]:Enable CGI scanning + Enable CGI scanning + checkbox + no + yes + + + Global variable settings + 12288 + Global variable settings[radio]:Network type + Network type + radio + Mixed (use RFC 1918);Private LAN;Public WAN (Internet) + Mixed (use RFC 1918) + + + Global variable settings + 12288 + Global variable settings[checkbox]:Enable experimental scripts + Enable experimental scripts + checkbox + no + no + + + Global variable settings + 12288 + Global variable settings[checkbox]:Thorough tests (slow) + Thorough tests (slow) + checkbox + no + no + + + Global variable settings + 12288 + Global variable settings[radio]:Report verbosity + Report verbosity + radio + Normal;Quiet;Verbose + Normal + + + Global variable settings + 12288 + Global variable settings[radio]:Report paranoia + Report paranoia + radio + Normal;Avoid false alarms;Paranoid (more false alarms) + Normal + + + Global variable settings + 12288 + Global variable settings[entry]:HTTP User-Agent + HTTP User-Agent + entry + Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) + Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) + + + Global variable settings + 12288 + Global variable settings[file]:SSL certificate to use : + SSL certificate to use : + file + + + + + Global variable settings + 12288 + Global variable settings[file]:SSL CA to trust : + SSL CA to trust : + file + + + + + Global variable settings + 12288 + Global variable settings[file]:SSL key to use : + SSL key to use : + file + + + + + Global variable settings + 12288 + Global variable settings[password]:SSL password for SSL key : + SSL password for SSL key : + password + + + + + Global variable settings + 12288 + Global variable settings[checkbox]:Enumerate all SSL ciphers + Enumerate all SSL ciphers + checkbox + yes + yes + + + Global variable settings + 12288 + Global variable settings[checkbox]:Enable CRL checking (connects to Internet) + Enable CRL checking (connects to Internet) + checkbox + no + no + + + Global variable settings + 12288 + Global variable settings[checkbox]:Enable plugin debugging + Enable plugin debugging + checkbox + no + no + + + Global variable settings + 12288 + Global variable settings[entry]:Java ARchive Detection Path : + Java ARchive Detection Path : + entry + + + + + Good MDM Settings + 66963 + Good MDM Settings[entry]:GMC Server : + GMC Server : + entry + + + + + Good MDM Settings + 66963 + Good MDM Settings[entry]:Port : + Port : + entry + + + + + Good MDM Settings + 66963 + Good MDM Settings[entry]:Domain : + Domain : + entry + + + + + Good MDM Settings + 66963 + Good MDM Settings[entry]:Username : + Username : + entry + + + + + Good MDM Settings + 66963 + Good MDM Settings[password]:Password : + Password : + password + + + + + Good MDM Settings + 66963 + Good MDM Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + Good MDM Settings + 66963 + Good MDM Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + Hosts File Whitelisted Entries + 73980 + Hosts File Whitelisted Entries[file]:Upload file with custom hosts entries : + Upload file with custom hosts entries : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[radio]:HP ProCurve File To Audit : + HP ProCurve File To Audit : + radio + Saved/(show config);Default/(show default-config);Running/(show running-config) + + Saved/(show config);Default/(show default-config);Running/(show running-config) + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + HP ProCurve Compliance Checks + 70271 + HP ProCurve Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + HTTP cookies import + 42893 + HTTP cookies import[file]:Cookies file : + Cookies file : + file + + + + + HTTP login page + 11149 + HTTP login page[entry]:Login page : + Login page : + entry + / + / + + + HTTP login page + 11149 + HTTP login page[entry]:Login form : + Login form : + entry + + + + + HTTP login page + 11149 + HTTP login page[entry]:Login form fields : + Login form fields : + entry + user=%USER%&pass=%PASS% + user=%USER%&pass=%PASS% + + + HTTP login page + 11149 + HTTP login page[radio]:Login form method : + Login form method : + radio + POST;GET + POST + + + HTTP login page + 11149 + HTTP login page[checkbox]:Automated login page search + Automated login page search + checkbox + no + no + + + HTTP login page + 11149 + HTTP login page[entry]:Re-authenticate delay (seconds) : + Re-authenticate delay (seconds) : + entry + + + + + HTTP login page + 11149 + HTTP login page[entry]:Check authentication on page : + Check authentication on page : + entry + + + + + HTTP login page + 11149 + HTTP login page[entry]:Follow 30x redirections (# of levels) : + Follow 30x redirections (# of levels) : + entry + 2 + 0 + + + HTTP login page + 11149 + HTTP login page[entry]:Authenticated regex : + Authenticated regex : + entry + + + + + HTTP login page + 11149 + HTTP login page[checkbox]:Invert test (disconnected if regex matches) + Invert test (disconnected if regex matches) + checkbox + no + no + + + HTTP login page + 11149 + HTTP login page[checkbox]:Match regex on HTTP headers + Match regex on HTTP headers + checkbox + no + no + + + HTTP login page + 11149 + HTTP login page[checkbox]:Case insensitive regex + Case insensitive regex + checkbox + no + no + + + HTTP login page + 11149 + HTTP login page[checkbox]:Abort web application tests if login fails + Abort web application tests if login fails + checkbox + no + no + + + Remote web server screenshot + 59861 + Remote web server screenshot[checkbox]:Allow Nessus to connect to the cloud to take a + screenshot of the public targets + + Allow Nessus to connect to the cloud to take a screenshot of the public targets + + checkbox + no + no + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Huawei VRP Compliance Checks + 73157 + Huawei VRP Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server + : + + Web Reports Server : + entry + + + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : + + Web Reports Port : + entry + + + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username + : + + Web Reports Username : + entry + + + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports + Password : + + Web Reports Password : + password + + + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : + SSL : + checkbox + no + no + + + Patch Management: IBM Tivoli Endpoint Manager Server Settings + 62558 + Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL + Certificate : + + Verify SSL Certificate : + checkbox + no + no + + + Intune Settings + 125030 + Intune Settings[entry]:Intune Tenant : + Intune Tenant : + entry + + + + + Intune Settings + 125030 + Intune Settings[entry]:Intune Client : + Intune Client : + entry + + + + + Intune Settings + 125030 + Intune Settings[password]:Intune Secret : + Intune Secret : + password + + + + + Intune Settings + 125030 + Intune Settings[entry]:Intune Username : + Intune Username : + entry + + + + + Intune Settings + 125030 + Intune Settings[password]:Intune Password : + Intune Password : + password + + + + + Active Outbound Connection to Host Listed in Known Bot Database + 58430 + Active Outbound Connection to Host Listed in Known Bot Database[file]:Custom Netstat IP + Threat List : + + Custom Netstat IP Threat List : + file + + + + + Active Connection to or from Host Listed in Custom Netstat IP Threat List + 147190 + Active Connection to or from Host Listed in Custom Netstat IP Threat List[file]:Custom + Netstat IP Threat List : + + Custom Netstat IP Threat List : + file + + + + + IBM iSeries Credentials + 57861 + IBM iSeries Credentials[entry]:Login : + Login : + entry + + + + + IBM iSeries Credentials + 57861 + IBM iSeries Credentials[password]:Password : + Password : + password + + + + + IBM iSeries Compliance Checks + 57860 + IBM iSeries Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + IBM iSeries Compliance Checks + 57860 + IBM iSeries Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + IBM iSeries Compliance Checks + 57860 + IBM iSeries Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + IBM iSeries Compliance Checks + 57860 + IBM iSeries Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + IBM iSeries Compliance Checks + 57860 + IBM iSeries Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Juniper Junos Compliance Checks + 62680 + Juniper Junos Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Kerberos configuration + 17351 + Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : + Kerberos Key Distribution Center (KDC) : + entry + + + + + Kerberos configuration + 17351 + Kerberos configuration[entry]:Kerberos KDC Port : + Kerberos KDC Port : + entry + 88 + 88 + + + Kerberos configuration + 17351 + Kerberos configuration[radio]:Kerberos KDC Transport : + Kerberos KDC Transport : + radio + tcp + tcp + + + Kerberos configuration + 17351 + Kerberos configuration[entry]:Kerberos Realm (SSH only) : + Kerberos Realm (SSH only) : + entry + + + + + LDAP 'Domain Admins' Group Membership Enumeration + 58038 + LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : + LDAP user : + entry + + + + + LDAP 'Domain Admins' Group Membership Enumeration + 58038 + LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : + + LDAP password : + password + + + + + LDAP 'Domain Admins' Group Membership Enumeration + 58038 + LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : + + Max results : + entry + 1000 + 1000 + + + Login configurations + 10870 + Login configurations[entry]:HTTP account : + HTTP account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:HTTP password (sent in clear) : + HTTP password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:NNTP account : + NNTP account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:NNTP password (sent in clear) : + NNTP password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:FTP account : + FTP account : + entry + anonymous + anonymous + + + Login configurations + 10870 + Login configurations[password]:FTP password (sent in clear) : + FTP password (sent in clear) : + password + nessus@nessus.org + ********* + + + Login configurations + 10870 + Login configurations[entry]:FTP writeable directory : + FTP writeable directory : + entry + /incoming + /incoming + + + Login configurations + 10870 + Login configurations[entry]:POP2 account : + POP2 account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:POP2 password (sent in clear) : + POP2 password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:POP3 account : + POP3 account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:POP3 password (sent in clear) : + POP3 password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:IMAP account : + IMAP account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:IMAP password (sent in clear) : + IMAP password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:IPMI account : + IPMI account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:IPMI password (sent in clear) : + IPMI password (sent in clear) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:SMB account : + SMB account : + entry + + + + + Login configurations + 10870 + Login configurations[password]:SMB password : + SMB password : + password + + + + + Login configurations + 10870 + Login configurations[entry]:SMB domain (optional) : + SMB domain (optional) : + entry + + + + + Login configurations + 10870 + Login configurations[radio]:SMB password type : + SMB password type : + radio + Password;LM Hash;NTLM Hash + Password;LM Hash;NTLM Hash + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB account (1) : + Additional SMB account (1) : + entry + + + + + Login configurations + 10870 + Login configurations[password]:Additional SMB password (1) : + Additional SMB password (1) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB domain (optional) (1) : + Additional SMB domain (optional) (1) : + entry + + + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB account (2) : + Additional SMB account (2) : + entry + + + + + Login configurations + 10870 + Login configurations[password]:Additional SMB password (2) : + Additional SMB password (2) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB domain (optional) (2) : + Additional SMB domain (optional) (2) : + entry + + + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB account (3) : + Additional SMB account (3) : + entry + + + + + Login configurations + 10870 + Login configurations[password]:Additional SMB password (3) : + Additional SMB password (3) : + password + + + + + Login configurations + 10870 + Login configurations[entry]:Additional SMB domain (optional) (3) : + Additional SMB domain (optional) (3) : + entry + + + + + Login configurations + 10870 + Login configurations[checkbox]:Never send SMB credentials in clear text + Never send SMB credentials in clear text + checkbox + yes + yes + + + Login configurations + 10870 + Login configurations[checkbox]:Only use NTLMv2 + Only use NTLMv2 + checkbox + no + yes + + + Login configurations + 10870 + Login configurations[checkbox]:Only use Kerberos authentication for SMB + Only use Kerberos authentication for SMB + checkbox + no + no + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:Username : + Username : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[password]:Password : + Password : + password + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:Root URL : + Root URL : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:Platform ID : + Platform ID : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:Billing ID : + Billing ID : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:App ID : + App ID : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:App version : + App version : + entry + + + + + MaaS360 Settings + 92000 + MaaS360 Settings[entry]:App access key : + App access key : + entry + + + + + Mobile Device Manager Compliance Checks + 81914 + Mobile Device Manager Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Mobile Device Manager Compliance Checks + 81914 + Mobile Device Manager Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Mobile Device Manager Compliance Checks + 81914 + Mobile Device Manager Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Mobile Device Manager Compliance Checks + 81914 + Mobile Device Manager Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Mobile Device Manager Compliance Checks + 81914 + Mobile Device Manager Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[entry]:MobileIron VSP Admin Portal URL : + MobileIron VSP Admin Portal URL : + entry + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[entry]:MobileIron VSP Admin Portal Port : + MobileIron VSP Admin Portal Port : + entry + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[entry]:MobileIron port : + MobileIron port : + entry + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[entry]:MobileIron username : + MobileIron username : + entry + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[password]:MobileIron password : + MobileIron password : + password + + + + + MobileIron API Settings + 72904 + MobileIron API Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + MobileIron API Settings + 72904 + MobileIron API Settings[checkbox]:Verify SSL certificate : + Verify SSL certificate : + checkbox + no + no + + + MongoDB Compliance Checks + 76513 + MongoDB Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + MongoDB Compliance Checks + 76513 + MongoDB Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + MongoDB Compliance Checks + 76513 + MongoDB Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + MongoDB Compliance Checks + 76513 + MongoDB Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + MongoDB Compliance Checks + 76513 + MongoDB Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + MongoDB Settings + 76512 + MongoDB Settings[entry]:Username : + Username : + entry + + + + + MongoDB Settings + 76512 + MongoDB Settings[password]:Password : + Password : + password + + + + + MongoDB Settings + 76512 + MongoDB Settings[entry]:Database for authentication : + Database for authentication : + entry + + + + + MongoDB Settings + 76512 + MongoDB Settings[entry]:Port : + Port : + entry + 27017 + 27017 + + + Nessus SYN scanner + 11219 + Nessus SYN scanner[radio]:Firewall detection : + Firewall detection : + radio + Automatic (normal);Disabled (softer);Do not detect RST rate limitation + (soft);Ignore closed ports (aggressive) + + Automatic (normal) + + + Nessus TCP scanner + 10335 + Nessus TCP scanner[radio]:Firewall detection : + Firewall detection : + radio + Automatic (normal);Disabled (softer);Do not detect RST rate limitation + (soft);Ignore closed ports (aggressive) + + Automatic (normal) + + + Netapp API Settings + 112118 + Netapp API Settings[entry]:Username : + Username : + entry + + + + + Netapp API Settings + 112118 + Netapp API Settings[password]:Password : + Password : + password + + + + + Netapp API Settings + 112118 + Netapp API Settings[entry]:vFiler : + vFiler : + entry + + + + + Netapp API Settings + 112118 + Netapp API Settings[entry]:Port : + Port : + entry + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + NetApp Data ONTAP Compliance Checks + 66934 + NetApp Data ONTAP Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Office 365 Compliance Checks + 109580 + Office 365 Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Office 365 Compliance Checks + 109580 + Office 365 Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Office 365 Compliance Checks + 109580 + Office 365 Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Office 365 Compliance Checks + 109580 + Office 365 Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Office 365 Compliance Checks + 109580 + Office 365 Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Office 365 Settings + 109581 + Office 365 Settings[entry]:Username : + Username : + entry + + + + + Office 365 Settings + 109581 + Office 365 Settings[password]:Password : + Password : + password + + + + + Office 365 Settings + 109581 + Office 365 Settings[entry]:Client Id : + Client Id : + entry + + + + + Office 365 Settings + 109581 + Office 365 Settings[password]:Client Secret : + Client Secret : + password + + + + + OpenStack Compliance Checks + 86349 + OpenStack Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + OpenStack Compliance Checks + 86349 + OpenStack Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + OpenStack Compliance Checks + 86349 + OpenStack Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + OpenStack Compliance Checks + 86349 + OpenStack Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + OpenStack Compliance Checks + 86349 + OpenStack Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + OpenStack Settings + 86348 + OpenStack Settings[entry]:Username : + Username : + entry + + + + + OpenStack Settings + 86348 + OpenStack Settings[entry]:Tenant Name for Authentication : + Tenant Name for Authentication : + entry + admin + admin + + + OpenStack Settings + 86348 + OpenStack Settings[password]:Password : + Password : + password + + + + + OpenStack Settings + 86348 + OpenStack Settings[entry]:Port : + Port : + entry + 443 + 443 + + + OpenStack Settings + 86348 + OpenStack Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + OpenStack Settings + 86348 + OpenStack Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + yes + yes + + + Oracle Settings + 22076 + Oracle Settings[radio]:Oracle service type : + Oracle service type : + radio + SID;SERVICE_NAME + SID;SERVICE_NAME + + + Oracle Settings + 22076 + Oracle Settings[entry]:Oracle SID : + Oracle SID : + entry + + + + + Oracle Settings + 22076 + Oracle Settings[checkbox]:Test default accounts (slow) + Test default accounts (slow) + checkbox + no + no + + + OVAL Linux Compliance Checks + 83188 + OVAL Linux Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + OVAL Linux Compliance Checks + 83188 + OVAL Linux Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + OVAL Linux Compliance Checks + 83188 + OVAL Linux Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + OVAL Linux Compliance Checks + 83188 + OVAL Linux Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + OVAL Linux Compliance Checks + 83188 + OVAL Linux Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + OVAL Windows Compliance Checks + 83189 + OVAL Windows Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + OVAL Windows Compliance Checks + 83189 + OVAL Windows Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + OVAL Windows Compliance Checks + 83189 + OVAL Windows Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + OVAL Windows Compliance Checks + 83189 + OVAL Windows Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + OVAL Windows Compliance Checks + 83189 + OVAL Windows Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Palo Alto Networks PAN-OS Compliance Checks + 64095 + Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Palo Alto Networks PAN-OS Compliance Checks + 64095 + Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Palo Alto Networks PAN-OS Compliance Checks + 64095 + Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Palo Alto Networks PAN-OS Compliance Checks + 64095 + Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Palo Alto Networks PAN-OS Compliance Checks + 64095 + Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Palo Alto Networks PAN-OS Settings + 64286 + Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : + Palo Alto Username : + entry + + + + + Palo Alto Networks PAN-OS Settings + 64286 + Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : + Palo Alto Password : + password + + + + + Palo Alto Networks PAN-OS Settings + 64286 + Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : + Palo Alto Port : + entry + 443 + 443 + + + Palo Alto Networks PAN-OS Settings + 64286 + Palo Alto Networks PAN-OS Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + Palo Alto Networks PAN-OS Settings + 64286 + Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + Patch Report + 66334 + Patch Report[checkbox]:Display the superseded patches in the report + Display the superseded patches in the report + checkbox + yes + yes + + + PCI DSS compliance + 33929 + PCI DSS compliance[checkbox]:Check for PCI-DSS compliance + Check for PCI-DSS compliance + checkbox + no + no + + + Ping the remote host + 10180 + Ping the remote host[entry]:TCP ping destination port(s) : + TCP ping destination port(s) : + entry + built-in + built-in + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Do an ARP ping + Do an ARP ping + checkbox + yes + yes + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Do a TCP ping + Do a TCP ping + checkbox + yes + yes + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Do an ICMP ping + Do an ICMP ping + checkbox + yes + yes + + + Ping the remote host + 10180 + Ping the remote host[entry]:Number of retries (ICMP) : + Number of retries (ICMP) : + entry + 2 + 2 + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) + Do an applicative UDP ping (DNS,RPC...) + checkbox + no + no + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Make the dead hosts appear in the report + Make the dead hosts appear in the report + checkbox + no + no + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Log live hosts in the report + Log live hosts in the report + checkbox + no + no + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Test the local Nessus host + Test the local Nessus host + checkbox + yes + yes + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Fast network discovery + Fast network discovery + checkbox + no + no + + + Ping the remote host + 10180 + Ping the remote host[checkbox]:Interpret ICMP unreach from gateway + Interpret ICMP unreach from gateway + checkbox + no + no + + + Nessus Launched Plugin List + 112154 + Nessus Launched Plugin List[checkbox]:Enable Plugin List Report + Enable Plugin List Report + checkbox + no + no + + + Port scanners settings + 33812 + Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators + + Check open TCP ports found by local port enumerators + checkbox + no + no + + + Port scanners settings + 33812 + Port scanners settings[checkbox]:Only run network port scanners if local port enumeration + failed + + Only run network port scanners if local port enumeration failed + checkbox + yes + yes + + + Rackspace Compliance Checks + 79356 + Rackspace Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Rackspace Compliance Checks + 79356 + Rackspace Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Rackspace Compliance Checks + 79356 + Rackspace Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Rackspace Compliance Checks + 79356 + Rackspace Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Rackspace Compliance Checks + 79356 + Rackspace Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Rackspace Settings + 79355 + Rackspace Settings[entry]:Username : + Username : + entry + + + + + Rackspace Settings + 79355 + Rackspace Settings[password]:Password or API Key : + Password or API Key : + password + + + + + Rackspace Settings + 79355 + Rackspace Settings[radio]:Authentication Method : + Authentication Method : + radio + API-Key;Password + API-Key;Password + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:Dallas-Fort Worth (DFW) : + Dallas-Fort Worth (DFW) : + checkbox + yes + yes + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:Chicago (ORD) : + Chicago (ORD) : + checkbox + yes + yes + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:Northern Virginia (IAD) : + Northern Virginia (IAD) : + checkbox + yes + yes + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:London (LON) : + London (LON) : + checkbox + yes + yes + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:Sydney (SYD) : + Sydney (SYD) : + checkbox + yes + yes + + + Rackspace Settings + 79355 + Rackspace Settings[checkbox]:Hong Kong (HKG) : + Hong Kong (HKG) : + checkbox + yes + yes + + + RHEV Settings + 77089 + RHEV Settings[entry]:Username : + Username : + entry + + + + + RHEV Settings + 77089 + RHEV Settings[password]:Password : + Password : + password + + + + + RHEV Settings + 77089 + RHEV Settings[entry]:Port : + Port : + entry + 443 + 443 + + + RHEV Settings + 77089 + RHEV Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + RHEV Compliance Checks + 77090 + RHEV Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + RHEV Compliance Checks + 77090 + RHEV Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + RHEV Compliance Checks + 77090 + RHEV Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + RHEV Compliance Checks + 77090 + RHEV Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + RHEV Compliance Checks + 77090 + RHEV Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Salesforce.com Settings + 76710 + Salesforce.com Settings[entry]:Username : + Username : + entry + + + + + Salesforce.com Settings + 76710 + Salesforce.com Settings[password]:Password : + Password : + password + + + + + Salesforce.com Compliance Checks + 76711 + Salesforce.com Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Salesforce.com Compliance Checks + 76711 + Salesforce.com Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Salesforce.com Compliance Checks + 76711 + Salesforce.com Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Salesforce.com Compliance Checks + 76711 + Salesforce.com Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Salesforce.com Compliance Checks + 76711 + Salesforce.com Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Server : + Satellite 6 Server : + entry + + + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Port : + Satellite 6 Port : + entry + 443 + 443 + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Use SSL : + Satellite 6 Use SSL : + checkbox + yes + yes + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[checkbox]:Satellite 6 Verify Certificate + : + + Satellite 6 Verify Certificate : + checkbox + yes + yes + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[entry]:Satellite 6 Username : + Satellite 6 Username : + entry + + + + + Patch Management: Red Hat Satellite 6 Settings + 84232 + Patch Management: Red Hat Satellite 6 Settings[password]:Satellite 6 Password : + Satellite 6 Password : + password + + + + + Patch Management: Red Hat Satellite Server Settings + 84238 + Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) + [separated w/ semicolons] : + + Red Hat Satellite server(s) [separated w/ semicolons] : + entry + + + + + Patch Management: Red Hat Satellite Server Settings + 84238 + Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : + + Red Hat Satellite port(s) : + entry + 443 + 443 + + + Patch Management: Red Hat Satellite Server Settings + 84238 + Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : + + Verify SSL certificates : + checkbox + no + no + + + Patch Management: Red Hat Satellite Server Settings + 84238 + Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) + : + + Red Hat Satellite username(s) : + entry + + + + + Patch Management: Red Hat Satellite Server Settings + 84238 + Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite + password(s) : + + Red Hat Satellite password(s) : + password + + + + + ICCP/COTP TSAP Addressing Weakness + 23812 + ICCP/COTP TSAP Addressing Weakness[entry]:Start COTP TSAP : + Start COTP TSAP : + entry + 8 + 8 + + + ICCP/COTP TSAP Addressing Weakness + 23812 + ICCP/COTP TSAP Addressing Weakness[entry]:Stop COTP TSAP : + Stop COTP TSAP : + entry + 8 + 8 + + + Modbus/TCP Coil Access + 23817 + Modbus/TCP Coil Access[entry]:Start reg : + Start reg : + entry + 0 + 0 + + + Modbus/TCP Coil Access + 23817 + Modbus/TCP Coil Access[entry]:End reg : + End reg : + entry + 16 + 16 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[file]:SCAP File (zip) #1 : + SCAP File (zip) #1 : + file + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:SCAP Version #1 : + SCAP Version #1 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : + SCAP Data Stream ID (1.2 only) #1 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #1 : + SCAP Benchmark ID #1 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Profile ID #1 : + SCAP Profile ID #1 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:OVAL Result Type #1 : + OVAL Result Type #1 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[file]:SCAP File (zip) #2 : + SCAP File (zip) #2 : + file + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:SCAP Version #2 : + SCAP Version #2 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : + SCAP Data Stream ID (1.2 only) #2 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #2 : + SCAP Benchmark ID #2 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Profile ID #2 : + SCAP Profile ID #2 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:OVAL Result Type #2 : + OVAL Result Type #2 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[file]:SCAP File (zip) #3 : + SCAP File (zip) #3 : + file + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:SCAP Version #3 : + SCAP Version #3 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : + SCAP Data Stream ID (1.2 only) #3 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #3 : + SCAP Benchmark ID #3 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Profile ID #3 : + SCAP Profile ID #3 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:OVAL Result Type #3 : + OVAL Result Type #3 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[file]:SCAP File (zip) #4 : + SCAP File (zip) #4 : + file + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:SCAP Version #4 : + SCAP Version #4 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : + SCAP Data Stream ID (1.2 only) #4 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #4 : + SCAP Benchmark ID #4 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Profile ID #4 : + SCAP Profile ID #4 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:OVAL Result Type #4 : + OVAL Result Type #4 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[file]:SCAP File (zip) #5 : + SCAP File (zip) #5 : + file + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:SCAP Version #5 : + SCAP Version #5 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : + SCAP Data Stream ID (1.2 only) #5 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #5 : + SCAP Benchmark ID #5 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[entry]:SCAP Profile ID #5 : + SCAP Profile ID #5 : + entry + + + + + SCAP Linux Compliance Checks + 66757 + SCAP Linux Compliance Checks[radio]:OVAL Result Type #5 : + OVAL Result Type #5 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[file]:SCAP File (zip) #1 : + SCAP File (zip) #1 : + file + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:SCAP Version #1 : + SCAP Version #1 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : + SCAP Data Stream ID (1.2 only) #1 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #1 : + SCAP Benchmark ID #1 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Profile ID #1 : + SCAP Profile ID #1 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:OVAL Result Type #1 : + OVAL Result Type #1 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[file]:SCAP File (zip) #2 : + SCAP File (zip) #2 : + file + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:SCAP Version #2 : + SCAP Version #2 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : + SCAP Data Stream ID (1.2 only) #2 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #2 : + SCAP Benchmark ID #2 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Profile ID #2 : + SCAP Profile ID #2 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:OVAL Result Type #2 : + OVAL Result Type #2 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[file]:SCAP File (zip) #3 : + SCAP File (zip) #3 : + file + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:SCAP Version #3 : + SCAP Version #3 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : + SCAP Data Stream ID (1.2 only) #3 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #3 : + SCAP Benchmark ID #3 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Profile ID #3 : + SCAP Profile ID #3 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:OVAL Result Type #3 : + OVAL Result Type #3 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[file]:SCAP File (zip) #4 : + SCAP File (zip) #4 : + file + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:SCAP Version #4 : + SCAP Version #4 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : + SCAP Data Stream ID (1.2 only) #4 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #4 : + SCAP Benchmark ID #4 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Profile ID #4 : + SCAP Profile ID #4 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:OVAL Result Type #4 : + OVAL Result Type #4 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[file]:SCAP File (zip) #5 : + SCAP File (zip) #5 : + file + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:SCAP Version #5 : + SCAP Version #5 : + radio + 1.2;1.1;1.0 + 1.2;1.1;1.0 + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : + SCAP Data Stream ID (1.2 only) #5 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #5 : + SCAP Benchmark ID #5 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[entry]:SCAP Profile ID #5 : + SCAP Profile ID #5 : + entry + + + + + SCAP Windows Compliance Checks + 66756 + SCAP Windows Compliance Checks[radio]:OVAL Result Type #5 : + OVAL Result Type #5 : + radio + Full results w/ system characteristics;Full results w/o system + characteristics;Thin results + + Full results w/ system characteristics;Full results w/o system characteristics;Thin + results + + + + Patch Management: SCCM Server Settings + 57029 + Patch Management: SCCM Server Settings[entry]:SCCM Server : + SCCM Server : + entry + + + + + Patch Management: SCCM Server Settings + 57029 + Patch Management: SCCM Server Settings[entry]:SCCM Domain : + SCCM Domain : + entry + + + + + Patch Management: SCCM Server Settings + 57029 + Patch Management: SCCM Server Settings[entry]:SCCM Username : + SCCM Username : + entry + + + + + Patch Management: SCCM Server Settings + 57029 + Patch Management: SCCM Server Settings[password]:SCCM Password : + SCCM Password : + password + + + + + SMB Scope + 10917 + SMB Scope[checkbox]:Request information about the domain + Request information about the domain + checkbox + yes + yes + + + SMTP settings + 11038 + SMTP settings[entry]:Third party domain : + Third party domain : + entry + example.edu + example.edu + + + SMTP settings + 11038 + SMTP settings[entry]:From address : + From address : + entry + nobody@example.edu + nobody@example.edu + + + SMTP settings + 11038 + SMTP settings[entry]:To address : + To address : + entry + postmaster@[AUTO_REPLACED_IP] + postmaster@[AUTO_REPLACED_IP] + + + SNMP settings + 19762 + SNMP settings[entry]:Community name : + Community name : + entry + public + public + + + SNMP settings + 19762 + SNMP settings[entry]:Community name (1) : + Community name (1) : + entry + + + + + SNMP settings + 19762 + SNMP settings[entry]:Community name (2) : + Community name (2) : + entry + + + + + SNMP settings + 19762 + SNMP settings[entry]:Community name (3) : + Community name (3) : + entry + + + + + SNMP settings + 19762 + SNMP settings[entry]:UDP port : + UDP port : + entry + 161 + 161 + + + SNMP settings + 19762 + SNMP settings[entry]:Additional UDP port (1) : + Additional UDP port (1) : + entry + + 161 + + + SNMP settings + 19762 + SNMP settings[entry]:Additional UDP port (2) : + Additional UDP port (2) : + entry + + 161 + + + SNMP settings + 19762 + SNMP settings[entry]:Additional UDP port (3) : + Additional UDP port (3) : + entry + + 161 + + + SNMP settings + 19762 + SNMP settings[entry]:SNMPv3 user name : + SNMPv3 user name : + entry + + + + + SNMP settings + 19762 + SNMP settings[password]:SNMPv3 authentication password : + SNMPv3 authentication password : + password + + + + + SNMP settings + 19762 + SNMP settings[radio]:SNMPv3 authentication algorithm : + SNMPv3 authentication algorithm : + radio + MD5;SHA1 + MD5;SHA1 + + + SNMP settings + 19762 + SNMP settings[password]:SNMPv3 privacy password : + SNMPv3 privacy password : + password + + + + + SNMP settings + 19762 + SNMP settings[radio]:SNMPv3 privacy algorithm : + SNMPv3 privacy algorithm : + radio + AES;DES + AES;DES + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + SonicWALL SonicOS Compliance Checks + 71955 + SonicWALL SonicOS Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + SSH settings + 14273 + SSH settings[entry]:SSH user name : + SSH user name : + entry + root + root + + + SSH settings + 14273 + SSH settings[password]:SSH password (unsafe!) : + SSH password (unsafe!) : + password + + + + + SSH settings + 14273 + SSH settings[file]:SSH public key to use : + SSH public key to use : + file + + + + + SSH settings + 14273 + SSH settings[file]:SSH private key to use : + SSH private key to use : + file + + + + + SSH settings + 14273 + SSH settings[password]:Passphrase for SSH key : + Passphrase for SSH key : + password + + + + + SSH settings + 14273 + SSH settings[radio]:Elevate privileges with : + Elevate privileges with : + radio + Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' + Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' + + + SSH settings + 14273 + SSH settings[entry]:Privilege elevation binary path (directory) : + Privilege elevation binary path (directory) : + entry + + + + + SSH settings + 14273 + SSH settings[entry]:su login : + su login : + entry + + + + + SSH settings + 14273 + SSH settings[entry]:Escalation account : + Escalation account : + entry + root + root + + + SSH settings + 14273 + SSH settings[password]:Escalation password : + Escalation password : + password + + + + + SSH settings + 14273 + SSH settings[file]:SSH known_hosts file : + SSH known_hosts file : + file + + + + + SSH settings + 14273 + SSH settings[entry]:Preferred SSH port : + Preferred SSH port : + entry + 22 + 22 + + + SSH settings + 14273 + SSH settings[entry]:Client version : + Client version : + entry + OpenSSH_5.0 + OpenSSH_5.0 + + + SSH settings + 14273 + SSH settings[entry]:Additional SSH user name (1) : + Additional SSH user name (1) : + entry + + + + + SSH settings + 14273 + SSH settings[password]:Additional SSH password (1) : + Additional SSH password (1) : + password + + + + + SSH settings + 14273 + SSH settings[entry]:Additional SSH user name (2) : + Additional SSH user name (2) : + entry + + + + + SSH settings + 14273 + SSH settings[password]:Additional SSH password (2) : + Additional SSH password (2) : + password + + + + + SSH settings + 14273 + SSH settings[entry]:Additional SSH user name (3) : + Additional SSH user name (3) : + entry + + + + + SSH settings + 14273 + SSH settings[password]:Additional SSH password (3) : + Additional SSH password (3) : + password + + + + + SSH settings + 14273 + SSH settings[entry]:Additional SSH user name (4) : + Additional SSH user name (4) : + entry + + + + + SSH settings + 14273 + SSH settings[password]:Additional SSH password (4) : + Additional SSH password (4) : + password + + + + + SSH settings + 14273 + SSH settings[entry]:Additional SSH user name (5) : + Additional SSH user name (5) : + entry + + + + + SSH settings + 14273 + SSH settings[password]:Additional SSH password (5) : + Additional SSH password (5) : + password + + + + + SSL Certificate Expiry + 15901 + SSL Certificate Expiry[entry]:Identify certificates that expire within x days + Identify certificates that expire within x days + entry + 60 + 60 + + + SMB Registry : Start the Registry Service during the scan + 35703 + SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry + service during the scan + + Start the registry service during the scan + checkbox + no + no + + + SMB Registry : Start the Registry Service during the scan + 35703 + SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative + shares during the scan + + Enable administrative shares during the scan + checkbox + no + no + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Server : + + Symantec Altiris Database Server : + entry + + + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Port : + + Symantec Altiris Database Port : + entry + 5690 + 5690 + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Name : + + Symantec Altiris Database Name : + entry + Symantec_CMDB + Symantec_CMDB + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[checkbox]:Symantec Altiris Use Windows + Credentials : + + Symantec Altiris Use Windows Credentials : + checkbox + no + no + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Username : + + Symantec Altiris Database Username : + entry + + + + + Patch Management: Symantec Altiris Settings + 78013 + Patch Management: Symantec Altiris Settings[password]:Symantec Altiris Database Password + : + + Symantec Altiris Database Password : + password + + + + + Unix File Contents Compliance Checks + 72095 + Unix File Contents Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Unix File Contents Compliance Checks + 72095 + Unix File Contents Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Unix File Contents Compliance Checks + 72095 + Unix File Contents Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Unix File Contents Compliance Checks + 72095 + Unix File Contents Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Unix File Contents Compliance Checks + 72095 + Unix File Contents Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + Unix Compliance Checks + 21157 + Unix Compliance Checks[radio]:Docker Scan Scope : + Docker Scan Scope : + radio + all + all + + + VMware vCenter/vSphere Compliance Checks + 64455 + VMware vCenter/vSphere Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + VMware vCenter/vSphere Compliance Checks + 64455 + VMware vCenter/vSphere Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + VMware vCenter/vSphere Compliance Checks + 64455 + VMware vCenter/vSphere Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + VMware vCenter/vSphere Compliance Checks + 64455 + VMware vCenter/vSphere Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + VMware vCenter/vSphere Compliance Checks + 64455 + VMware vCenter/vSphere Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:VMware user name : + VMware user name : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:VMware password : + VMware password : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : + Ignore SSL Certificate : + checkbox + no + no + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:Additional VMware user name (1) : + Additional VMware user name (1) : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:Additional VMware password (1) : + Additional VMware password (1) : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (1) : + Additional Ignore SSL Certificate (1) : + checkbox + no + no + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:Additional VMware user name (2) : + Additional VMware user name (2) : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:Additional VMware password (2) : + Additional VMware password (2) : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (2) : + Additional Ignore SSL Certificate (2) : + checkbox + no + no + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:Additional VMware user name (3) : + Additional VMware user name (3) : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:Additional VMware password (3) : + Additional VMware password (3) : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (3) : + Additional Ignore SSL Certificate (3) : + checkbox + no + no + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:Additional VMware user name (4) : + Additional VMware user name (4) : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:Additional VMware password (4) : + Additional VMware password (4) : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (4) : + Additional Ignore SSL Certificate (4) : + checkbox + no + no + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[entry]:Additional VMware user name (5) : + Additional VMware user name (5) : + entry + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[password]:Additional VMware password (5) : + Additional VMware password (5) : + password + + + + + VMware SOAP API Settings + 57395 + VMware SOAP API Settings[checkbox]:Additional Ignore SSL Certificate (5) : + Additional Ignore SSL Certificate (5) : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:VMware vCenter host : + VMware vCenter host : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:VMware vCenter port : + VMware vCenter port : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : + VMware vCenter user name : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:VMware vCenter password : + VMware vCenter password : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:SSL : + SSL : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (1) : + Additional VMware vCenter host (1) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (1) : + Additional VMware vCenter port (1) : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (1) : + + Additional VMware vCenter user name (1) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (1) : + + Additional VMware vCenter password (1) : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional SSL (1) : + Additional SSL (1) : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (1) : + + Additional Verify SSL Certificate (1) : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (2) : + Additional VMware vCenter host (2) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (2) : + Additional VMware vCenter port (2) : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (2) : + + Additional VMware vCenter user name (2) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (2) : + + Additional VMware vCenter password (2) : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional SSL (2) : + Additional SSL (2) : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (2) : + + Additional Verify SSL Certificate (2) : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (3) : + Additional VMware vCenter host (3) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (3) : + Additional VMware vCenter port (3) : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (3) : + + Additional VMware vCenter user name (3) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (3) : + + Additional VMware vCenter password (3) : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional SSL (3) : + Additional SSL (3) : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (3) : + + Additional Verify SSL Certificate (3) : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (4) : + Additional VMware vCenter host (4) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (4) : + Additional VMware vCenter port (4) : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (4) : + + Additional VMware vCenter user name (4) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (4) : + + Additional VMware vCenter password (4) : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional SSL (4) : + Additional SSL (4) : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (4) : + + Additional Verify SSL Certificate (4) : + checkbox + no + no + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter host (5) : + Additional VMware vCenter host (5) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter port (5) : + Additional VMware vCenter port (5) : + entry + 443 + 443 + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[entry]:Additional VMware vCenter user name (5) : + + Additional VMware vCenter user name (5) : + entry + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[password]:Additional VMware vCenter password (5) : + + Additional VMware vCenter password (5) : + password + + + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional SSL (5) : + Additional SSL (5) : + checkbox + yes + yes + + + VMware vCenter SOAP API Settings + 63060 + VMware vCenter SOAP API Settings[checkbox]:Additional Verify SSL Certificate (5) : + + Additional Verify SSL Certificate (5) : + checkbox + no + no + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + WatchGuard Compliance Checks + 86269 + WatchGuard Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[checkbox]:Enable web applications tests + Enable web applications tests + checkbox + no + no + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[entry]:Maximum run time (min) : + Maximum run time (min) : + entry + 60 + 60 + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[checkbox]:Try all HTTP methods + Try all HTTP methods + checkbox + no + no + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[radio]:Combinations of arguments values + Combinations of arguments values + radio + one value;some pairs;all pairs (slower but efficient);some combinations;all + combinations (extremely slow) + + one value;some pairs;all pairs (slower but efficient);some combinations;all + combinations (extremely slow) + + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[checkbox]:HTTP Parameter Pollution + HTTP Parameter Pollution + checkbox + no + no + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[radio]:Stop at first flaw + Stop at first flaw + radio + per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) + + per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) + + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[checkbox]:Test embedded web servers + Test embedded web servers + checkbox + no + no + + + Web Application Tests Settings + 39471 + Web Application Tests Settings[entry]:URL for Remote File Inclusion : + URL for Remote File Inclusion : + entry + http://rfi.nessus.org/rfi.txt + http://rfi.nessus.org/rfi.txt + + + Web mirroring + 10662 + Web mirroring[entry]:Number of pages to mirror : + Number of pages to mirror : + entry + 1000 + 1000 + + + Web mirroring + 10662 + Web mirroring[entry]:Maximum depth : + Maximum depth : + entry + 6 + 6 + + + Web mirroring + 10662 + Web mirroring[entry]:Start page : + Start page : + entry + / + / + + + Web mirroring + 10662 + Web mirroring[entry]:Excluded items regex : + Excluded items regex : + entry + /server_privileges\.php|logout + /server_privileges\.php|logout + + + Web mirroring + 10662 + Web mirroring[checkbox]:Follow dynamic pages : + Follow dynamic pages : + checkbox + no + no + + + Malicious Process Detection + 59275 + Malicious Process Detection[file]:Additional MD5 hashes (optional) : + Additional MD5 hashes (optional) : + file + + + + + Malicious Process Detection + 59275 + Malicious Process Detection[file]:Known good MD5 hashes (optional) : + Known good MD5 hashes (optional) : + file + + + + + Malicious Process Detection + 59275 + Malicious Process Detection[file]:Yara rules file : + Yara rules file : + file + + + + + Malicious Process Detection + 59275 + Malicious Process Detection[checkbox]:disable_dns_resolution + disable_dns_resolution + checkbox + no + no + + + Malicious Process Detection + 59275 + Malicious Process Detection[checkbox]:enable_malware_scanning + enable_malware_scanning + checkbox + no + no + + + Wake-on-LAN + 52616 + Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: + List of MAC addresses for Wake-on-LAN: + file + + + + + Wake-on-LAN + 52616 + Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: + Time to wait (in minutes) for the systems to boot: + entry + 5 + 5 + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[entry]:WSUS Server : + WSUS Server : + entry + + + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[entry]:WSUS Port : + WSUS Port : + entry + + + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[entry]:WSUS Username : + WSUS Username : + entry + + + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[password]:WSUS Password : + WSUS Password : + password + + + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[checkbox]:SSL : + SSL : + checkbox + no + no + + + Patch Management: WSUS Server Settings + 57031 + Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : + Verify SSL Certificate : + checkbox + no + no + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Policy file #1 : + Policy file #1 : + file + + + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Policy file #2 : + Policy file #2 : + file + + + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Policy file #3 : + Policy file #3 : + file + + + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Policy file #4 : + Policy file #4 : + file + + + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Policy file #5 : + Policy file #5 : + file + + + + + ZTE ROSNG Compliance Checks + 144328 + ZTE ROSNG Compliance Checks[file]:Offline config file (.txt or .zip) : + Offline config file (.txt or .zip) : + file + + + + + + + + MacOS X Local Security Checks + enabled + + + F5 Networks Local Security Checks + enabled + + + DNS + enabled + + + Gain a shell remotely + enabled + + + Solaris Local Security Checks + enabled + + + Port scanners + mixed + + + Web Servers + enabled + + + SMTP problems + enabled + + + Service detection + enabled + + + CGI abuses : XSS + enabled + + + Debian Local Security Checks + enabled + + + Mandriva Local Security Checks + enabled + + + Databases + enabled + + + Default Unix Accounts + enabled + + + Denial of Service + enabled + + + Settings + enabled + + + Palo Alto Local Security Checks + enabled + + + HP-UX Local Security Checks + enabled + + + Backdoors + enabled + + + VMware ESX Local Security Checks + enabled + + + NewStart CGSL Local Security Checks + enabled + + + SCADA + enabled + + + Oracle Linux Local Security Checks + enabled + + + General + enabled + + + PhotonOS Local Security Checks + enabled + + + Red Hat Local Security Checks + enabled + + + FreeBSD Local Security Checks + enabled + + + CGI abuses + enabled + + + Rocky Linux Local Security Checks + enabled + + + Tenable.ot + disabled + + + Netware + enabled + + + Windows : User management + enabled + + + Amazon Linux Local Security Checks + enabled + + + Peer-To-Peer File Sharing + enabled + + + Slackware Local Security Checks + enabled + + + SNMP + enabled + + + Fedora Local Security Checks + enabled + + + Gentoo Local Security Checks + enabled + + + Huawei Local Security Checks + enabled + + + Ubuntu Local Security Checks + enabled + + + Misc. + enabled + + + Alma Linux Local Security Checks + enabled + + + Virtuozzo Local Security Checks + enabled + + + FTP + enabled + + + Firewalls + enabled + + + Windows : Microsoft Bulletins + enabled + + + Junos Local Security Checks + enabled + + + SuSE Local Security Checks + enabled + + + Policy Compliance + disabled + + + Windows + enabled + + + OracleVM Local Security Checks + enabled + + + RPC + enabled + + + CentOS Local Security Checks + enabled + + + CISCO + enabled + + + AIX Local Security Checks + enabled + + + Scientific Linux Local Security Checks + enabled + + + Mobile Devices + enabled + + + + + 34220 + Netstat Portscanner (WMI) + Netstat Portscanner (WMI) + enabled + + + 14274 + Nessus SNMP Scanner + Nessus SNMP Scanner + enabled + + + 14272 + Netstat Portscanner (SSH) + Netstat Portscanner (SSH) + enabled + + + 10180 + Ping the remote host + Ping the remote host + enabled + + + 11219 + Nessus SYN scanner + Nessus SYN scanner + enabled + + + + + + + 1648044472 + Wed Mar 23 15:07:52 2022 + cpe:/a:php:php:5.1.6 -> PHP PHP + 1648044472 + false + Basic Network Scan + 138 + cpe:/a:nginx:nginx:1.19.0 -> Nginx + cpe:/a:php:php:5.6.40-38+ubuntu20.04.1+deb.sury.org+1 -> PHP PHP + CVE-2014-8626, CVE-2012-1172, + CVE-2012-1171, CVE-2012-0831, CVE-2012-0789, CVE-2012-0788, CVE-2012-0781, CVE-2012-0057, + CVE-2011-4885, CVE-2011-4566, CVE-2011-3379, CVE-2011-1398, CVE-2010-1130, CVE-2010-1129, + CVE-2010-1128, CVE-2009-5016, CVE-2009-4143, CVE-2009-4142, CVE-2009-4018, CVE-2009-4017, + CVE-2009-3558, CVE-2009-3557, CVE-2009-3294, CVE-2009-3293, CVE-2009-3292, CVE-2009-3291, + CVE-2009-2687, CVE-2009-1272, CVE-2009-1271, CVE-2008-7068, CVE-2008-5658, CVE-2008-5625, + CVE-2008-5624, CVE-2008-5557, CVE-2008-5498, CVE-2008-3660, CVE-2008-3659, CVE-2008-3658, + CVE-2008-2829, CVE-2008-2666, CVE-2008-2665, CVE-2008-2371, CVE-2007-5424, CVE-2007-4663, + CVE-2007-4662, CVE-2007-4661, CVE-2007-4660, CVE-2007-4659, CVE-2007-4658, CVE-2007-4652, + CVE-2007-4586, CVE-2007-4507, CVE-2007-4441, CVE-2007-4255, CVE-2007-4033, CVE-2007-4010, + CVE-2007-3806, CVE-2007-3799, CVE-2007-3790, CVE-2007-3378, CVE-2007-3294, CVE-2007-3007, + CVE-2007-2872, CVE-2007-2844, CVE-2007-2756, CVE-2007-1900, CVE-2007-1890, CVE-2007-1889, + CVE-2007-1888, CVE-2007-1887, CVE-2007-1886, CVE-2007-1885, CVE-2007-1884, CVE-2007-1835, + CVE-2007-1825, CVE-2007-1824, CVE-2007-1718, CVE-2007-1717, CVE-2007-1701, CVE-2007-1700, + CVE-2007-1649, CVE-2007-1584, CVE-2007-1583, CVE-2007-1454, CVE-2007-1453, CVE-2007-1452, + CVE-2007-1413, CVE-2007-1383, CVE-2007-1381, CVE-2007-1380, CVE-2007-1376, CVE-2007-1001, + CVE-2007-0988, CVE-2007-0910, CVE-2007-0909, CVE-2007-0908, CVE-2007-0907, CVE-2007-0906, + CVE-2007-0905, CVE-2007-0448, CVE-2006-7205, CVE-2006-6383, CVE-2006-5706, CVE-2006-5465, + CVE-2006-4812, CVE-2006-4625, CVE-2006-4486, CVE-2006-2660, CVE-2006-1549, CVE-2006-1015 + + 110 + PHP < 5.3.12 / 5.4.2 CGI Query String + Code Execution: Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround + is available as well. + + cpe:/a:igor_sysoev:nginx:1.19.0 -> Nginx + cpe:/a:php:php:5.6.40 -> PHP PHP + cpe:/o:linux:linux_kernel -> Linux Kernel + cpe:/o:linux:linux_kernel + linux + 65 + SinFP + [{"FQDN":"testphp.vulnweb.com","sources":["get_host_report_name()","determine_fqdn()"]},{"FQDN":"ec2-44-228-249-3.us-west-2.compute.amazonaws.com","sources":["get_host_fqdn()"]}] + general-purpose + Linux Kernel 2.6 + 197 + 197 + 1648042696 + 1648042695 + 1648042695 + ? + ? + ? + ? + ? + ? + ? + ? + 10.20.0.254 + [{"predicted-os": "Microsoft Windows Server 2012 R2", + "confidence": 1},{"predicted-os": "Ubuntu 14.04 Linux Kernel 3.13", + "confidence": 6},{"predicted-os": "CentOS Linux 7 Linux Kernel 3.10", + "confidence": 1}] + + + P1:B10113:F0x12:W62727:O0204ffff:M1460: + P2:B10113:F0x12:W62643:O0204ffff0402080affffffff4445414401030307:M1460: + P3:B00000:F0x00:W0:O0:M0 + P4:190101_7_p=80R + + testphp.vulnweb.com + ec2-44-228-249-3.us-west-2.compute.amazonaws.com + 44.228.249.3 + 1648042311 + Wed Mar 23 14:31:51 2022 + + + all + By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform + Enumeration) matches for various hardware and software products found on a host. + + Note that if an official CPE is not available for the product, this plugin computes the best + possible CPE based on the information available from the scan. + + cpe.nbin + 2022/02/14 + Common Platform Enumeration (CPE) + 2010/04/21 + combined + None + 1.118 + http://cpe.mitre.org/ + https://nvd.nist.gov/products/cpe + + n/a + It was possible to enumerate CPE names that matched on the remote system. + + The remote operating system matched the following CPE : + + cpe:/o:linux:linux_kernel -> Linux Kernel + + Following application CPE's matched on the remote system : + + cpe:/a:igor_sysoev:nginx:1.19.0 -> Nginx + cpe:/a:nginx:nginx:1.19.0 -> Nginx + cpe:/a:php:php:5.1.6 -> PHP PHP + cpe:/a:php:php:5.6.40 -> PHP PHP + cpe:/a:php:php:5.6.40-38+ubuntu20.04.1+deb.sury.org+1 -> PHP PHP + + + + all + 1 + This plugin displays, for each tested host, information about the scan itself : + + - The version of the plugin set. + - The type of scanner (Nessus or Nessus Home). + - The version of the Nessus Engine. + - The port scanner(s) used. + - The port range scanned. + - The ping round trip time + - Whether credentialed or third-party patch management checks are possible. + - Whether the display of superseded patches is enabled + - The date of the scan. + - The duration of the scan. + - The number of hosts scanned in parallel. + - The number of checks done in parallel. + + scan_info.nasl + 2021/09/27 + Nessus Scan Information + 2005/08/26 + summary + None + 1.106 + n/a + This plugin displays information about the Nessus scan. + Information about this scan : + + Nessus version : 10.1.1 + Nessus build : X20061 + Plugin feed version : 202203230748 + Scanner edition used : Nessus + Scanner OS : LINUX + Scanner distribution : ubuntu910-x86-64 + Scan type : Normal + Scan name : dummy scan + Scan policy used : Basic Network Scan + Scanner IP : 10.20.0.0.1 + Port scanner(s) : nessus_syn_scanner + Port range : default + Ping RTT : 184.503 ms + Thorough tests : no + Experimental tests : no + Paranoia level : 1 + Report verbosity : 1 + Safe checks : yes + Optimize the test : yes + Credentialed checks : no + Patch management checks : None + Display superseded patches : yes (supersedence plugin launched) + CGI scanning : enabled + Web application tests : disabled + Max hosts : 30 + Max checks : 4 + Recv timeout : 5 + Backports : None + Allow post-scan editing: Yes + Scan Start Date : 2022/3/23 14:32 CET + Scan duration : 2151 sec + + + + all + The remote host is missing one or more security patches. This plugin lists the newest + version of each patch to install to make sure the remote host is up-to-date. + + patches_summary.nbin + 2022/03/08 + Patch Report + 2013/07/08 + combined + None + 1.204 + Install the patches listed below. + The remote host is missing several patches. + + + . You need to take the following action : + + [ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + + + Action to take : Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' + workaround is available as well. + + +Impact : Taking this action will resolve 110 different vulnerabilities (CVEs). + + + + + + 5.3 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + 5.0 + CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N + Multiple Nessus plugins identified directories on the web server that are browsable. + + browsable_web_dir.nasl + 2021/01/19 + Browsable Web Directories + 2009/09/15 + remote + Medium + 1.10 + http://www.nessus.org/u?0a35179e + Make sure that browsable directories do not leak confidential information or give access to + sensitive resources. Additionally, use access restrictions or disable directory indexing for any + that do. + + Some directories on the remote web server are browsable. + + The following directories are browsable : + + http://testphp.vulnweb.com/CVS/ + http://testphp.vulnweb.com/Templates/ + http://testphp.vulnweb.com/admin/ + http://testphp.vulnweb.com/images/ + + + + Based on the remote operating system, it is possible to determine what the remote system + type is (eg: a printer, router, general-purpose computer, etc). + + device_type.nasl + 2011/05/23 + Device Type + 2011/05/23 + combined + None + $Revision: 1.1 $ + n/a + It is possible to guess the remote device type. + Remote device type : general-purpose + Confidence level : 65 + + + + all + True + Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is + possible to guess the name of the remote operating system in use. It is also possible sometimes to + guess the version of the operating system. + + os_fingerprint.nasl + True + 2022/03/09 + OS Identification + 2003/12/09 + combined + None + 2.61 + n/a + It is possible to guess the remote operating system. + + Remote operating system : Linux Kernel 2.6 + Confidence level : 65 + Method : SinFP + + + The remote host is running Linux Kernel 2.6 + + + + The remote web server contains a client access policy file. This is a simple XML file used + by Microsoft Silverlight to allow access to services that reside outside the exact web domain from + which a Silverlight control originated. + + true + clientaccesspolicy.nasl + 2021/01/19 + Web Site Client Access Policy File Detection + 2014/02/11 + remote + None + 1.5 + http://www.nessus.org/u?a4eeeaa2 + Review the contents of the policy file carefully. Improper policies, especially an + unrestricted one with just '*', could allow for cross- site request forgery or other + attacks against the web server. + + The remote web server contains a 'clientaccesspolicy.xml' file. + + Nessus was able to obtain a client access policy file from the + remote host at the following URL : + + GET /clientaccesspolicy.xml HTTP/1.1 + Host: testphp.vulnweb.com + Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 + Accept-Language: en + Connection: Keep-Alive + User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) + Pragma: no-cache + Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* + + + + The remote web server contains a cross-domain policy file. This is a simple XML file used + by Adobe's Flash Player to allow access to data that resides outside the exact web domain from + which a Flash movie file originated. + + true + crossdomain.nasl + 2021/01/19 + Web Site Cross-Domain Policy File Detection + 2008/05/15 + remote + None + 1.16 + http://www.nessus.org/u?8a58aa76 + http://kb2.adobe.com/cps/142/tn_14213.html + http://www.nessus.org/u?74a6a9a5 + http://www.nessus.org/u?acb70df2 + + Review the contents of the policy file carefully. Improper policies, especially an + unrestricted one with just '*', could allow for cross- site request forgery and cross-site + scripting attacks against the web server. + + The remote web server contains a 'crossdomain.xml' file. + + Nessus was able to obtain a cross-domain policy file from the remote + host using the following URL : + + http://testphp.vulnweb.com/crossdomain.xml + + + + True + This test gives some information about the remote HTTP protocol - the version used, whether + HTTP Keep-Alive and HTTP pipelining are enabled, etc... + + This test is informational only and does not denote any security problem. + + http_info.nasl + 2019/11/22 + HyperText Transfer Protocol (HTTP) Information + 2007/01/30 + remote + None + 1.14 + n/a + Some information about the remote HTTP configuration can be extracted. + + Response Code : HTTP/1.1 200 OK + + Protocol version : HTTP/1.1 + SSL : no + Keep-Alive : no + Options allowed : (Not implemented) + Headers : + + Server: nginx/1.19.0 + Date: Wed, 23 Mar 2022 13:53:26 GMT + Content-Type: text/html; charset=UTF-8 + Transfer-Encoding: chunked + Connection: keep-alive + X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1 + + Response Body : + + <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + <html><!-- InstanceBegin template="/Templates/main_dynamic_template.dwt.php" + codeOutsideHTMLIsLocked="false" --> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> + + <!-- InstanceBeginEditable name="document_title_rgn" --> + <title>Home of Acunetix Art</title> + <!-- InstanceEndEditable --> + <link rel="stylesheet" href="style.css" type="text/css"> + <!-- InstanceBeginEditable name="headers_rgn" --> + <!-- here goes headers headers --> + <!-- InstanceEndEditable --> + <script language="JavaScript" type="text/JavaScript"> + <!-- + function MM_reloadPage(init) { //reloads the window if Nav4 resized + if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) + { + document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} + else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload(); + } + MM_reloadPage(true); + //--> + </script> + + </head> + <body> + <div id="mainLayer" style="position:absolute; width:700px; z-index:1"> + <div id="masthead"> + <h1 id="siteName"><a href="https://www.acunetix.com/"><img src="images/logo.gif" + width="306" height="38" border="0" alt="Acunetix website security"></a></h1> + <h6 id="siteInfo">TEST and Demonstration site for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix + Web Vulnerability Scanner</a></h6> + <div id="globalNav"> + <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr> + <td align="left"> + <a href="index.php">home</a> | <a href="categories.php">categories</a> + | <a href="artists.php">artists + </a> | <a href="disclaimer.php">disclaimer</a> | <a href="cart.php">your + cart</a> | + <a href="guestbook.php">guestbook</a> | + <a href="AJAX/index.php">AJAX Demo</a> + </td> + <td align="right"> + </td> + </tr></table> + </div> + </div> + <!-- end masthead --> + + <!-- begin content --> + <!-- InstanceBeginEditable name="content_rgn" --> + <div id="content"> + <h2 id="pageName">welcome to our page</h2> + <div class="story"> + <h3>Test site for Acunetix WVS.</h3> + </div> + </div> + <!-- InstanceEndEditable --> + <!--end content --> + + <div id="navBar"> + <div id="search"> + <form action="search.php?test=query" method="post"> + <label>search art</label> + <input name="searchFor" type="text" size="10"> + <input name="goButton" type="submit" value="go"> + </form> + </div> + <div id="sectionLinks"> + <ul> + <li><a href="categories.php">Browse categories</a></li> + <li><a href="artists.php">Browse artists</a></li> + <li><a href="cart.php">Your cart</a></li> + <li><a href="login.php">Signup</a></li> + <li><a href="userinfo.php">Your profile</a></li> + <li><a href="guestbook.php">Our guestbook</a></li> + <li><a href="AJAX/index.php">AJAX Demo</a></li> + </li> + </ul> + </div> + <div class="relatedLinks"> + <h3>Links</h3> + <ul> + <li><a href="http://www.acunetix.com">Security art</a></li> + <li><a href="https://www.acunetix.com/vulnerability-scanner/php-security-scanner/">PHP + scanner</a></li> + <li><a href="https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/">PHP + vuln help</a></li> + <li><a href="http://www.eclectasy.com/Fractal-Explorer/index.html">Fractal + Explorer</a></li> + </ul> + </div> + <div id="advert"> + <p> + <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" + width="107" height="66"> + <param name="movie" value="Flash/add.swf"> + <param name=quality value=high> + <embed src="Flash/add.swf" quality=high pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" + type="application/x-shockwave-flash" width="107" height="66"></embed> + </object> + </p> + </div> + </div> + + <!--end navbar --> + <div id="siteInfo"> <a href="http://www.acunetix.com">About Us</a> + | <a href="privacy.php">Privacy Policy</a> | <a href="mailto:wvs@acunetix.com">Contact + Us</a> | <a href="/Mod_Rewrite_Shop/">Shop</a> | <a href="/hpp/">HTTP + Parameter Pollution</a> | &copy;2019 + Acunetix Ltd + </div> + + + <br> + <div style="background-color:lightgray;width:100%;text-align:center;font-size:12px;padding:1px"> + <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not + a real shop. This is an example PHP application, which is intentionally vulnerable to web attacks. + It is intended to help you test Acunetix. It also helps you understand how developer errors and bad + configuration may let someone break into your website. You can use it to test other tools and your + manual hacking skills as well. Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), + and Cross-site Request Forgery (CSRF), and more.</p> + </div> + </div> + </body> + <!-- InstanceEnd --></html> + + + + True + cpe:/a:nginx:nginx + Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote + host. + + nginx_detect.nasl + 0001-T-0677 + 2021/04/07 + nginx HTTP Server Detection + 2018/01/26 + remote + None + 1.6 + https://nginx.org/ + n/a + The nginx HTTP server was detected on the remote host. + IAVT:0001-T-0677 + + URL : http://testphp.vulnweb.com/ + Version : 1.19.0 + source : Server: nginx/1.19.0 + + + + 730 days + + 20349 + 20879 + 49634 + cpe:/a:php:php + CVE-2006-1015 + CVE-2006-1549 + CVE-2006-2660 + CVE-2006-4486 + CVE-2006-4625 + CVE-2006-4812 + CVE-2006-5465 + CVE-2006-5706 + CVE-2006-7205 + CVE-2007-0448 + CVE-2007-1381 + CVE-2007-1584 + CVE-2007-1888 + CVE-2007-2844 + CVE-2007-5424 + 5.9 + 7.5 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 94 + 119 + 399 + According to its banner, the version of PHP 5.x installed on the remote host is older than + 5.2. Such versions may be affected by several buffer overflows. + + To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the + remote server or to manipulate several variables processed by some PHP functions such as 'htmlentities().' + + false + PoC + No exploit is required + php_5_2_0.nasl + 2006/11/02 + 2021/01/19 + PHP 5.x < 5.2 Multiple Vulnerabilities + 2008/03/25 + remote + Low + High + 1.28 + http://www.hardened-php.net/advisory_092006.133.html + http://www.php.net/releases/5_2_0.php + + Upgrade to PHP version 5.2.0 or later. + The remote web server uses a version of PHP that is affected by multiple buffer overflows. + + Very Low + No recorded events + No recorded events + 6.7 + 2006/11/02 + CWE:94 + CWE:119 + CWE:399 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2 + + + + 730 days + + 21508 + 22496 + 22805 + 22806 + 22862 + 22922 + 23119 + 23120 + 23219 + 23233 + 23234 + 23235 + 23236 + 23237 + 23238 + cpe:/a:php:php + CVE-2006-6383 + CVE-2007-0905 + CVE-2007-0906 + CVE-2007-0907 + CVE-2007-0908 + CVE-2007-0909 + CVE-2007-0910 + CVE-2007-0988 + CVE-2007-1376 + CVE-2007-1380 + CVE-2007-1383 + CVE-2007-1452 + CVE-2007-1453 + CVE-2007-1454 + CVE-2007-1700 + CVE-2007-1701 + CVE-2007-1824 + CVE-2007-1825 + CVE-2007-1835 + CVE-2007-1884 + CVE-2007-1885 + CVE-2007-1886 + CVE-2007-1887 + CVE-2007-1889 + CVE-2007-1890 + CVE-2007-4441 + CVE-2007-4586 + 5.9 + 7.5 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 20 + 119 + 189 + 399 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string + vulnerabilities, arbitrary code execution, 'safe_mode' and 'open_basedir' + bypasses, and clobbering of super-globals. + + false + PoC + No exploit is required + php_5_2_1.nasl + 2007/02/08 + 2021/01/19 + PHP < 5.2.1 Multiple Vulnerabilities + 2007/04/02 + remote + Low + High + 1.28 + http://www.php.net/releases/5_2_1.php + Upgrade to PHP version 5.2.1 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 6.7 + 2006/12/09 + CWE:20 + CWE:119 + CWE:189 + CWE:399 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.1 + + + + 730 days + + 35440 + 35435 + cpe:/a:php:php + CVE-2009-2687 + 3.6 + 5.1 + 3.8 + CVSS2#E:U/RL:OF/RC:C + CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P + 20 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.10. Such versions are reportedly affected by multiple vulnerabilities : + + - Sufficient checks are not performed on fields reserved for offsets in function 'exif_read_data()'. + Successful exploitation of this issue could result in a denial of service condition. (bug 48378) + + - Provided 'safe_mode_exec_dir' is not set (not set by default), it may be possible to + bypass 'safe_mode' restrictions by preceding a backslash in functions such as 'exec()', + 'system()', 'shell_exec()', 'passthru()' and 'popen()' on a + system running PHP on Windows. (bug 45997) + + false + Unproven + No exploit is required + php_5_2_10.nasl + 2009/06/18 + 2021/01/19 + PHP < 5.2.10 Multiple Vulnerabilities + 2009/06/22 + remote + Low + Medium + 1.13 + 35441 + https://bugs.php.net/bug.php?id=45997 + https://bugs.php.net/bug.php?id=48378 + http://www.php.net/releases/5_2_10.php + http://www.php.net/ChangeLog-5.php#5.2.10 + + Upgrade to PHP version 5.2.10 or later. + The remote web server uses a version of PHP that is affected by multiple vulnerabilities. + + Very Low + No recorded events + No recorded events + 3.6 + 2009/05/24 + Secunia:35441 + CWE:20 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.10 + + + + 730 days + + 36449 + 44889 + cpe:/a:php:php + CVE-2009-3291 + CVE-2009-3292 + CVE-2009-3293 + CVE-2009-3294 + CVE-2009-4018 + CVE-2009-5016 + 5.9 + 7.5 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 20 + 134 + 264 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.11. Such versions may be affected by several security issues : + + - An unspecified error occurs in certificate validation inside 'php_openssl_apply_verification_policy'. + + - An unspecified input validation vulnerability affects the color index in 'imagecolortransparent()'. + + - An unspecified input validation vulnerability affects exif processing. + + - Calling 'popen()' with an invalid mode can cause a crash under Windows. (Bug #44683) + + - An integer overflow in 'xml_utf8_decode()' can make it easier to bypass cross-site + scripting and SQL injection protection mechanisms using a specially crafted string with a long UTF-8 + encoding. (Bug #49687) + + - 'proc_open()' can bypass 'safe_mode_protected_env_vars'. + (Bug #49026) + + false + PoC + No exploit is required + php_5_2_11.nasl + 2009/09/16 + 2021/01/19 + PHP < 5.2.11 Multiple Vulnerabilities + 2009/09/18 + remote + Low + High + 1.19 + 36791 + http://www.php.net/ChangeLog-5.php#5.2.11 + http://www.php.net/releases/5_2_11.php + http://news.php.net/php.internals/45597 + http://www.php.net/ChangeLog-5.php#5.2.11 + + Upgrade to PHP version 5.2.11 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 6.7 + Secunia:36791 + CWE:20 + CWE:134 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.11 + + + + 730 days + + 37389 + 37390 + cpe:/a:php:php + CVE-2009-3557 + CVE-2009-3558 + CVE-2009-4017 + CVE-2009-4142 + CVE-2009-4143 + 5.9 + 6.8 + 5.3 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P + 79 + 264 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.12. Such versions may be affected by several security issues : + + - It is possible to bypass the 'safe_mode' configuration setting using 'tempnam()'. + (CVE-2009-3557) + + - It is possible to bypass the 'open_basedir' configuration setting using 'posix_mkfifo()'. + (CVE-2009-3558) + + - Provided file uploading is enabled (it is by default), an attacker can upload files using a POST + request with 'multipart/form-data' content even if the target script doesn't actually + support file uploads per se. By supplying a large number (15,000+) of files, an attacker could cause + the web server to stop responding while it processes the file list. (CVE-2009-4017) + + - Missing protection for '$_SESSION' from interrupt corruption and improved 'session.save_path' + check. + (CVE-2009-4143) + + - Insufficient input string validation in the 'htmlspecialchars()' function. + (CVE-2009-4142) + + false + Unproven + No exploit is required + php_5_2_12.nasl + 2009/12/17 + 2021/01/19 + PHP < 5.2.12 Multiple Vulnerabilities + 2009/12/18 + remote + Low + Medium + 1.16 + 37821 + http://www.nessus.org/u?57f2d08f + http://www.php.net/releases/5_2_12.php + http://www.php.net/ChangeLog-5.php#5.2.12 + + Upgrade to PHP version 5.2.12 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 5.9 + 2009/12/17 + Secunia:37821 + CWE:79 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.12 + + + + 730 days + + 38182 + 38430 + 38431 + cpe:/a:php:php + CVE-2010-1128 + CVE-2010-1129 + CVE-2010-1130 + 5.3 + 6.4 + 5.0 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N + According to its banner, the version of PHP installed on the remote host is older than + 5.3.2 / 5.2.13. Such versions may be affected by several security issues : + + - Directory paths not ending with '/' may not be correctly validated inside 'tempnam()' + in 'safe_mode' configuration. + + - It may be possible to bypass the 'open_basedir'/ 'safe_mode' configuration + restrictions due to an error in session extensions. + + - An unspecified vulnerability affects the LCG entropy. + + false + Unproven + No exploit is required + php_5_2_13.nasl + 2010/02/25 + 2021/01/19 + PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities + 2010/02/26 + remote + Low + Medium + 1.16 + 38708 + http://securityreason.com/achievement_securityalert/82 + http://securityreason.com/securityalert/7008 + https://seclists.org/fulldisclosure/2010/Feb/208 + http://www.php.net/releases/5_3_2.php + http://www.php.net/ChangeLog-5.php#5.3.2 + http://www.php.net/releases/5_2_13.php + http://www.php.net/ChangeLog-5.php#5.2.13 + + Upgrade to PHP version 5.3.2 / 5.2.13 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 5.3 + 2010/02/11 + Secunia:38708 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.3.2 / 5.2.13 + + + + 730 days + + 23105 + 23357 + cpe:/a:php:php + CVE-2007-1001 + CVE-2007-1583 + CVE-2007-1649 + CVE-2007-1717 + CVE-2007-1718 + 7.5 + 6.7 + CVSS:3.0/E:P/RL:O/RC:C + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + 5.8 + 7.8 + CVE-2007-1649 + 6.1 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N + According to its banner, the version of PHP 5.x installed on the remote host is older than + 5.2.2. It is, therefore, affected by multiple vulnerabilities: + + - A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that + could be forced to process WBMP images from an untrusted source could result in arbitrary code + execution. (CVE-2007-1001) + + - A vulnerability in the way the mbstring extension setglobal variables was discovered where a + script using the mb_parse_str() function to set global variables could be forced to to enable the + register_globals configuration option, possibly resulting in global variable injection. + (CVE-2007-1583) + + - A context-dependent attacker could read portions of heap memory by executing certain scripts with + a serialized data input string beginning with 'S:', which did not properly track the + number of input bytes being processed. (CVE-2007-1649) + + - A vulnerability in how PHP's mail() function processed email messages, truncating potentially + important information after the first ASCIIZ (\0) byte. + (CVE-2007-1717) + + - A vulnerability in how PHP's mail() function processed header data was discovered. If a + script sent mail using a subject header containing a string from an untrusted source, a remote + attacker could send bulk email to unintended recipients (CVE-2007-1718). + + false + PoC + No exploit is required + php_5_2_2.nasl + 2007/05/03 + 2021/01/19 + PHP 5.x < 5.2.2 Multiple vulnerabilities + 2012/01/11 + remote + Low + High + 1.8 + http://www.php.net/releases/5_2_2.php + Upgrade to PHP version 5.2.2 or later. + The remote web server uses a version of PHP that is affected by multiple vulnerabilities. + + Very Low + No recorded events + No recorded events + 6.6 + 2007/03/23 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.2 + + + + 730 days + + 23235 + 23359 + 24089 + 24259 + 24261 + cpe:/a:php:php + CVE-2007-1887 + CVE-2007-1900 + CVE-2007-2756 + CVE-2007-2872 + CVE-2007-3007 + 7.3 + 6.6 + CVSS:3.0/E:P/RL:O/RC:C + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + 5.9 + 7.5 + CVE-2007-1887 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 189 + 264 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.3. It is, therefore, affected by multiple vulnerabilities: + + - A buffer overflow in the sqlite_decode_function() in the bundled sqlite library could allow + context-dependent attackers to execute arbitrary code. (CVE-2007-1887) + + - A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to + inject arbitrary email headers via a special email address. This only affects Mandriva Linux 2007.1. + (CVE-2007-1900) + + - An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to + process PNG images from an untrusted source could allow a remote attacker to cause a denial of + service. (CVE-2007-2756) + + - An integer overflow flaw was found in the chunk_split() function that ould possibly execute + arbitrary code as the apache user if a remote attacker was able to pass arbitrary data to the third + argument of chunk_split() (CVE-2007-2872). + + - An open_basedir and safe_mode restriction bypass which could allow context-dependent attackers to + determine the existence of arbitrary files. (CVE-2007-3007) + + false + PoC + No exploit is required + php_5_2_3.nasl + 2007/05/31 + 2021/01/19 + PHP < 5.2.3 Multiple Vulnerabilities + 2007/06/02 + remote + Low + High + 1.25 + http://www.php.net/releases/5_2_3.php + Upgrade to PHP version 5.2.3 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 6.7 + 2007/04/07 + CWE:189 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.3 + + + + 730 days + + 24661 + 24261 + 24922 + 25498 + cpe:/a:php:php + CVE-2007-1413 + CVE-2007-2872 + CVE-2007-3294 + CVE-2007-3378 + CVE-2007-3790 + CVE-2007-3799 + CVE-2007-3806 + CVE-2007-4010 + CVE-2007-4033 + CVE-2007-4255 + CVE-2007-4507 + CVE-2007-4652 + CVE-2007-4658 + CVE-2007-4659 + CVE-2007-4660 + CVE-2007-4661 + CVE-2007-4662 + CVE-2007-4663 + 5.9 + 6.8 + 5.3 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P + 20 + 22 + 119 + 189 + 362 + 399 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.4. Such versions may be affected by various issues, including but not limited to several + overflows. + + false + PoC + No exploit is required + php_5_2_4.nasl + 2007/08/30 + 2021/01/19 + PHP < 5.2.4 Multiple Vulnerabilities + 2007/09/03 + remote + Low + Medium + 1.21 + http://www.php.net/releases/5_2_4.php + Upgrade to PHP version 5.2.4 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 6.7 + 2007/06/01 + CWE:20 + CWE:22 + CWE:119 + CWE:189 + CWE:362 + CWE:399 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.4 + + + + 730 days + + 26403 + 69246 + cpe:/a:php:php + CVE-2007-3996 + CVE-2007-4782 + CVE-2007-4783 + CVE-2007-4784 + CVE-2007-4825 + CVE-2007-4840 + CVE-2007-4887 + CVE-2007-4889 + CVE-2007-5447 + CVE-2007-5653 + CVE-2007-5898 + CVE-2007-5899 + CVE-2007-5900 + CVE-2008-2107 + CVE-2008-2108 + CVE-2008-4107 + 5.9 + 4.4 + 3.4 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P + 20 + 22 + 78 + 94 + 189 + 200 + 264 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.5. Such versions may be affected by various issues, including but not limited to several buffer + overflows. + + false + PoC + No exploit is required + php_5_2_5.nasl + 2021/01/19 + PHP < 5.2.5 Multiple Vulnerabilities + 2007/11/12 + remote + Low + Medium + 1.21 + http://www.php.net/releases/5_2_5.php + Upgrade to PHP version 5.2.5 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 6.7 + 2007/09/10 + CWE:20 + CWE:22 + CWE:78 + CWE:94 + CWE:189 + CWE:200 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.5 + + + + 730 days + + 27413 + 28392 + 29009 + cpe:/a:php:php + CVE-2007-4850 + CVE-2007-6039 + CVE-2008-0599 + CVE-2008-1384 + CVE-2008-2050 + CVE-2008-2051 + 5.9 + 7.5 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 20 + 119 + 264 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.6. Such versions may be affected by the following issues : + + - A stack-based buffer overflow in FastCGI SAPI. + + - An integer overflow in printf(). + + - An security issue arising from improper calculation of the length of PATH_TRANSLATED in + cgi_main.c. + + - A safe_mode bypass in cURL. + + - Incomplete handling of multibyte chars inside escapeshellcmd(). + + - Issues in the bundled PCRE fixed by version 7.6. + + false + Unproven + No exploit is required + php_5_2_6.nasl + 2021/01/19 + PHP < 5.2.6 Multiple Vulnerabilities + 2008/05/02 + remote + Low + High + 1.29 + 30048 + https://seclists.org/bugtraq/2008/Mar/285 + https://seclists.org/fulldisclosure/2008/May/102 + https://seclists.org/fulldisclosure/2008/May/106 + http://www.php.net/releases/5_2_6.php + + Upgrade to PHP version 5.2.6 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 5.9 + Secunia:30048 + CWE:20 + CWE:119 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.6 + + + + 730 days + + 29796 + 29797 + 29829 + 30087 + 30649 + 31612 + 32383 + 32625 + 32688 + 32948 + 70928 + cpe:/a:php:php + CVE-2008-2371 + CVE-2008-2665 + CVE-2008-2666 + CVE-2008-2829 + CVE-2008-3658 + CVE-2008-3659 + CVE-2008-3660 + CVE-2008-5557 + CVE-2008-5624 + CVE-2008-5625 + CVE-2008-5658 + CVE-2008-7068 + CVE-2014-8626 + 5.9 + 7.5 + 5.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 20 + 22 + 119 + 264 + According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. + It is, therefore, affected by multiple vulnerabilities : + + - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service + attack. + (CVE-2008-2371) + + - Multiple directory traversal vulnerabilities exist in functions such as 'posix_access', + 'chdir', and 'ftok' that allow a remote attacker to bypass 'safe_mode' + restrictions. (CVE-2008-2665 and CVE-2008-2666). + + - A buffer overflow flaw in 'php_imap.c' may be triggered when processing long message + headers due to the use of obsolete API calls. This can be exploited to cause a denial of service or + to execute arbitrary code. + (CVE-2008-2829) + + - A buffer overflow in the 'imageloadfont' function in 'ext/gd/gd.c' can be + triggered when a specially crafted font is given. This can be exploited to cause a denial of service + or to execute arbitrary code. (CVE-2008-3658) + + - A buffer overflow flaw exists in PHP's internal function 'memnstr' which can be + exploited by an attacker using the delimiter argument to the 'explode' function. This can + be used to cause a denial of service or to execute arbitrary code. (CVE-2008-3659) + + - When PHP is used as a FastCGI module, an attacker by requesting a file whose file name extension + is preceded by multiple dots can cause a denial of service. + (CVE-2008-3660) + + - A heap-based buffer overflow flaw in the mbstring extension can be triggered via a specially + crafted string containing an HTML entity that is not handled during Unicode conversion. This can be + exploited to execute arbitrary code.(CVE-2008-5557) + + - Improper initialization of global variables 'page_uid' and 'page_gid' when PHP + is used as an Apache module allows the bypassing of security restriction due to SAPI 'php_getuid' + function overloading. (CVE-2008-5624) + + - PHP does not enforce the correct restrictions when 'safe_mode' is enabled through a + 'php_admin_flag' setting in 'httpd.conf'. This allows an attacker, by placing a + specially crafted 'php_value' entry in '.htaccess', to able to write to + arbitrary files. + (CVE-2008-5625) + + - The 'ZipArchive::extractTo' function in the ZipArchive extension fails to filter + directory traversal sequences from file names. An attacker can exploit this to write to arbitrary + files. (CVE-2008-5658) + + - Under limited circumstances, an attacker can cause a file truncation to occur when calling the + 'dba_replace' function with an invalid argument. (CVE-2008-7068) + + - A buffer overflow error exists in the function 'date_from_ISO8601' function within file + 'xmlrpc.c' because user-supplied input is improperly validated. + This can be exploited by a remote attacker to cause a denial of service or to execute arbitrary + code. + (CVE-2014-8626) + + false + Unproven + No exploit is required + php_5_2_7.nasl + 2008/12/04 + 2021/01/19 + PHP 5 < 5.2.7 Multiple Vulnerabilities + 2008/12/05 + remote + Low + High + 1.31 + http://cxsecurity.com/issue/WLB-2008110041 + http://cxsecurity.com/issue/WLB-2008110058 + http://cxsecurity.com/issue/WLB-2008120011 + https://seclists.org/fulldisclosure/2008/Jun/237 + https://seclists.org/fulldisclosure/2008/Jun/238 + https://www.openwall.com/lists/oss-security/2008/08/08/2 + https://www.openwall.com/lists/oss-security/2008/08/13/8 + https://seclists.org/fulldisclosure/2008/Nov/674 + https://seclists.org/fulldisclosure/2008/Dec/90 + https://bugs.php.net/bug.php?id=42862 + https://bugs.php.net/bug.php?id=45151 + https://bugs.php.net/bug.php?id=45722 + http://www.php.net/releases/5_2_7.php + http://www.php.net/ChangeLog-5.php#5.2.7 + + Upgrade to PHP version 5.2.8 or later. + + Note that version 5.2.7 has been removed from distribution because of a regression in that version + that results in the 'magic_quotes_gpc' setting remaining off even if it was set to on. + + The remote web server uses a version of PHP that is affected by multiple vulnerabilities. + + Very Low + > 365 days + No recorded events + 6.7 + 2008/06/19 + CWE:20 + CWE:22 + CWE:119 + CWE:264 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.7 + + + + 730 days + + 32673 + cpe:/a:php:php + CVE-2008-5814 + CVE-2008-5844 + 5.5 + 7.5 + 5.5 + CVSS2#E:U/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + 16 + 79 + According to its banner, the version of PHP installed on the remote host is earlier than + 5.2.8. As such, it is potentially affected by the following vulnerabilities : + + - PHP fails to properly sanitize error messages of arbitrary HTML or script code, would code allow + for cross-site scripting attacks if PHP's 'display_errors' setting is enabled. + (CVE-2008-5814) + + - Version 5.2.7 introduced a regression with regard to 'magic_quotes' functionality due to + an incorrect fix to the filter extension. As a result, the 'magic_quotes_gpc' setting + remains off even if it is set to on. (CVE-2008-5844) + + false + Unproven + No exploit is required + php_5_2_8.nasl + 2021/01/19 + PHP < 5.2.8 Multiple Vulnerabilities + 2008/12/09 + remote + Low + High + 1.19 + https://bugs.php.net/bug.php?id=42718 + http://www.php.net/releases/5_2_8.php + + Upgrade to PHP version 5.2.8 or later. + The remote web server uses a version of PHP that may be affected by multiple + vulnerabilities. + + Very Low + No recorded events + No recorded events + 5.5 + CWE:16 + CWE:79 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.8 + + + + 730 days + + 33002 + 33927 + cpe:/a:php:php + CVE-2008-5498 + CVE-2009-1271 + CVE-2009-1272 + 3.6 + 5.0 + 3.9 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P + 20 + 200 + According to its banner, the version of PHP installed on the remote host is older than + 5.2.9. Such versions may be affected by several security issues : + + - Background color is not correctly validated with a non true color image in function 'imagerotate()'. + (CVE-2008-5498) + + - A denial of service condition can be triggered by trying to extract zip files that contain files + with relative paths in file or directory names. + + - Function 'explode()' is affected by an unspecified vulnerability. + + - It may be possible to trigger a segfault by passing a specially crafted string to function 'json_decode()'. + + - Function 'xml_error_string()' is affected by a flaw which results in messages being off + by one. + + false + Unproven + No exploit is required + php_5_2_9.nasl + 2009/02/26 + 2021/01/19 + PHP < 5.2.9 Multiple Vulnerabilities + 2009/02/27 + remote + Low + Medium + 1.14 + 34081 + http://news.php.net/php.internals/42762 + http://www.php.net/releases/5_2_9.php + http://www.php.net/ChangeLog-5.php#5.2.9 + + Upgrade to PHP version 5.2.9 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + No recorded events + No recorded events + 3.6 + Secunia:34081 + CWE:20 + CWE:200 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.2.9 + + + + 730 days + + 51954 + 53403 + 55297 + cpe:/a:php:php + CVE-2011-1398 + CVE-2012-0831 + CVE-2012-1172 + 5.9 + 6.8 + CVE-2012-0831 + 5.3 + CVSS2#E:POC/RL:OF/RC:C + CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P + According to its banner, the version of PHP installed on the remote host is earlier than + 5.3.11, and as such is potentially affected by multiple vulnerabilities : + + - During the import of environment variables, temporary changes to the 'magic_quotes_gpc' + directive are not handled properly. This can lower the difficulty for SQL injection attacks. + (CVE-2012-0831) + + - The '$_FILES' variable can be corrupted because the names of uploaded files are not + properly validated. + (CVE-2012-1172) + + - The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' + and 'readline_read_history'. + + - The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / + CVE-2011-1398) + + false + Unproven + No exploit is required + php_5_3_11.nasl + 2012/04/26 + 2021/01/19 + PHP < 5.3.11 Multiple Vulnerabilities + 2012/05/02 + remote + Low + Medium + 1.16 + http://www.nessus.org/u?e81d4026 + https://bugs.php.net/bug.php?id=61043 + https://bugs.php.net/bug.php?id=54374 + https://bugs.php.net/bug.php?id=60227 + https://marc.info/?l=oss-security&m=134626481806571&w=2 + http://www.php.net/archive/2012.php#id2012-04-26-1 + http://www.php.net/ChangeLog-5.php#5.3.11 + + Upgrade to PHP version 5.3.11 or later. + The remote web server uses a version of PHP that is affected by multiple vulnerabilities. + + Very Low + No recorded events + No recorded events + 5.9 + 2012/02/09 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.3.11 + + + + 730 days + + 49754 + 50907 + 51193 + 51806 + 51952 + 51992 + 52043 + cpe:/a:php:php + CVE-2011-3379 + CVE-2011-4566 + CVE-2011-4885 + CVE-2012-0057 + CVE-2012-0781 + CVE-2012-0788 + CVE-2012-0789 + 2.7 + 7.5 + 6.5 + CVSS2#E:H/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + According to its banner, the version of PHP installed on the remote host is older than + 5.3.9. As such, it may be affected by the following security issues : + + - The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. + (CVE-2011-3379) + + - It is possible to create a denial of service condition by sending multiple, specially crafted + requests containing parameter values that cause hash collisions when computing the hash values for + storage in a hash table. (CVE-2011-4885) + - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote + attacker to read arbitrary memory locations or cause a denial of service condition. This + vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566) + + - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to + create or overwrite files, resulting in arbitrary code execution. (CVE-2012-0057) + + - An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the + application to dereference a NULL pointer. This causes the application to crash. (CVE-2012-0781) + + - The 'PDORow' implementation contains an error that can cause application crashes when + interacting with the session feature. (CVE-2012-0788) + + - An error exists in the timezone handling such that repeated calls to the function 'strtotime' + can allow a denial of service attack via memory consumption. + (CVE-2012-0789) + + false + High + true + No exploit is required + true + php_5_3_9.nasl + 2012/01/11 + 2021/01/19 + PHP < 5.3.9 Multiple Vulnerabilities + 2012/01/13 + remote + Low + High + 1.24 + https://www.tenable.com/security/research/tra-2012-01 + http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5 + http://www.php.net/archive/2012.php#id2012-01-11-1 + https://seclists.org/bugtraq/2012/Jan/91 + https://bugs.php.net/bug.php?id=55475 + https://bugs.php.net/bug.php?id=55776 + https://bugs.php.net/bug.php?id=53502 + http://www.php.net/ChangeLog-5.php#5.3.9 + + Upgrade to PHP version 5.3.9 or later. + The remote web server uses a version of PHP that is affected by multiple flaws. + Very Low + > 365 days + No recorded events + TRA-2012-01 + 5.7 + 2011/09/23 + TRA:TRA-2012-01 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.3.9 + + + + 730 days + + 53388 + CANVAS + 520827 + cpe:/a:php:php + CVE-2012-1823 + 5.9 + 7.5 + CVE-2012-1823 + 6.5 + CVSS2#E:H/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P + According to its banner, the version of PHP installed on the remote host is earlier than + 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information + disclosure vulnerability. + + An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP + source code from the web server or to potentially execute arbitrary code. In vulnerable + configurations, PHP treats certain query string parameters as command line arguments including + switches such as '-s', '-d', and '-c'. + + Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. + Apache with 'mod_php' is not an exploitable configuration. + + true + High + true + true + true + Exploits are available + true + php_5_4_2.nasl + PHP CGI Argument Injection + 2012/05/03 + 2021/09/27 + PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution + 2012/05/04 + remote + Low + High + 1.24 + http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ + https://bugs.php.net/bug.php?id=61910 + http://www.php.net/archive/2012.php#id2012-05-03-1 + http://www.php.net/ChangeLog-5.php#5.3.12 + http://www.php.net/ChangeLog-5.php#5.4.2 + + Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is + available as well. + + The remote web server uses a version of PHP that is affected by a remote code execution + vulnerability. + + Very Low + 30 to 120 days + No recorded events + 9.0 + 2012/05/03 + CERT:520827 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.3.12 / 5.4.2 + + + + cpe:/a:php:php + 7.5 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + 5.0 + DoS + manual + CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P + According to its self-reported version number, the version of PHP running on the remote web + server is prior to 7.3.24. It is, therefore affected by multiple vulnerabilities + + php_7_3_24.nasl + 2020-A-0510-S + 2020/10/29 + 2021/06/03 + PHP < 7.3.24 Multiple Vulnerabilities + 2020/11/06 + remote + Medium + 1.4 + https://www.php.net/ChangeLog-7.php#7.3.24 + Upgrade to PHP version 7.3.24 or later. + I + The version of PHP running on the remote web server is affected by multiple vulnerabilities. + + 2020/10/29 + IAVA:2020-A-0510-S + + URL : http://testphp.vulnweb.com/ (5.1.6 under http://testphp.vulnweb.com/secured/phpinfo.php) + Installed version : 5.1.6 + Fixed version : 7.3.24 + + + + cpe:/a:php:php + 5.3 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + 5.0 + Score based on analysis of the vendor advisory. + manual + CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N + According to its self-reported version number, the version of PHP running on the remote web + server is prior to 7.3.28. + It is, therefore affected by an email header injection vulnerability, due to a failure to properly + handle CR-LF sequences in header fields. An unauthenticated, remote attacker can exploit this, by + inserting line feed characters into email headers, to gain full control of email header content. + + php_7_3_28.nasl + 2021/04/29 + 2021/08/26 + PHP < 7.3.28 Email Header Injection + 2021/08/26 + remote + Medium + 1.1 + https://www.php.net/ChangeLog-7.php#7.3.28 + Upgrade to PHP version 7.3.28 or later. + The version of PHP running on the remote web server is affected by an email header injection + vulnerability. + + 2021/04/29 + + URL : http://testphp.vulnweb.com/ (5.1.6 under http://testphp.vulnweb.com/secured/phpinfo.php) + Installed version : 5.1.6 + Fixed version : 7.3.28 + + + + 730 days + + 65673 + cpe:/a:php:php + CVE-2012-1171 + 3.4 + 5.0 + 3.7 + CVSS2#E:U/RL:OF/RC:C + CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N + According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior + to 5.3.11 or 5.4.x prior to 5.4.1 and thus, is potentially affected by a security bypass + vulnerability. + + An error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in the libxml extension + and the 'stream_close' method that could allow a remote attacker to bypass 'open_basedir' + protections and obtain sensitive information. + + Note that this plugin has not attempted to exploit this issue, but has instead relied only on PHP's + self-reported version number. + + false + Unproven + No exploit is required + php_rshutdown_open_basedir_bypass.nasl + 2012/03/12 + 2021/01/19 + PHP PHP_RSHUTDOWN_FUNCTION Security Bypass + 2014/04/01 + remote + Low + Medium + 1.9 + http://www.nessus.org/u?bcc428c2 + https://bugs.php.net/bug.php?id=61367 + + Upgrade to PHP version 5.3.11 / 5.4.1 or later. + The remote web server uses a version of PHP that is potentially affected by a security bypass + vulnerability. + + Very Low + No recorded events + No recorded events + 3.4 + 2012/03/12 + + Version source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + Fixed version : 5.3.11 / 5.4.1 + + + + cpe:/a:php:php + 10.0 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + 10.0 + Unsupported Software + manual + CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C + According to its version, the installation of PHP on the remote host is no longer + supported. + + Lack of support implies that no new security patches for the product will be released by the vendor. + As a result, it is likely to contain security vulnerabilities. + + php_unsupported.nasl + 0001-A-0581 + 2021/02/15 + PHP Unsupported Version Detection + 2012/05/04 + remote + Critical + 1.21 + http://php.net/eol.php + https://wiki.php.net/rfc/releaseprocess + + Upgrade to a version of PHP that is currently supported. + The remote host contains an unsupported version of a web application scripting language. + + true + IAVA:0001-A-0581 + + Source : X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1 + Installed version : 5.6.40-38+ubuntu20.04.1+deb.sury.org+1 + End of support date : 2018/12/31 + Announcement : http://php.net/supported-versions.php + Supported versions : 7.3.x / 7.4.x / 8.0.x + + + + cpe:/a:php:php + 10.0 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + 10.0 + Unsupported Software + manual + CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C + According to its version, the installation of PHP on the remote host is no longer + supported. + + Lack of support implies that no new security patches for the product will be released by the vendor. + As a result, it is likely to contain security vulnerabilities. + + php_unsupported.nasl + 0001-A-0581 + 2021/02/15 + PHP Unsupported Version Detection + 2012/05/04 + remote + Critical + 1.21 + http://php.net/eol.php + https://wiki.php.net/rfc/releaseprocess + + Upgrade to a version of PHP that is currently supported. + The remote host contains an unsupported version of a web application scripting language. + + true + IAVA:0001-A-0581 + + Source : http://testphp.vulnweb.com/secured/phpinfo.php + Installed version : 5.1.6 + End of support date : 2006/08/24 + Announcement : http://php.net/eol.php + Supported versions : 7.3.x / 7.4.x / 8.0.x + + + + True + cpe:/a:php:php + Nessus was able to determine the version of PHP available on the remote web server. + + php_version.nasl + 0001-T-0936 + 2020/09/22 + PHP Version Detection + 2010/08/04 + remote + None + 1.25 + n/a + It was possible to obtain the version number of the remote PHP installation. + IAVT:0001-T-0936 + + Nessus was able to identify the following PHP version information : + + Version : 5.1.6 + Source : http://testphp.vulnweb.com/secured/phpinfo.php + + Version : 5.6.40-38+ubuntu20.04.1+deb.sury.org+1 + Source : X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1 + + + + cpe:/a:php:php + 5.3 + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + 5.0 + score from an analysis done by Tenable + manual + CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N + Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP + function 'phpinfo()' for debugging purposes. Various PHP applications may also include + such a file. By accessing such a file, a remote attacker can discover a large amount of information + about the remote web server, including : + + - The username of the user who installed PHP and if they are a SUDO user. + + - The IP address of the host. + + - The version of the operating system. + + - The web server version. + + - The root directory of the web server. + + - Configuration information about the remote PHP installation. + + phpinfo.nasl + 2021/02/15 + Web Server info.php / phpinfo.php Detection + 2003/02/12 + remote + Medium + 1.20 + Remove the affected file(s). + The remote web server contains a PHP script that is prone to an information disclosure + attack. + + + Nessus discovered the following URL that calls phpinfo() : + + - http://testphp.vulnweb.com/secured/phpinfo.php + + + + True + This plugin attempts to determine the type and the version of the remote web server. + + http_version.nasl + 0001-T-0931 + 2020/10/30 + HTTP Server Type and Version + 2000/01/04 + remote + None + 1.141 + n/a + A web server is running on the remote host. + IAVT:0001-T-0931 + The remote web server type is : + + nginx/1.19.0 + + + + The remote web server in some responses sets a permissive Content-Security-Policy (CSP) + frame-ancestors response header or does not set one at all. + + The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group + as a way to mitigate cross-site scripting and clickjacking attacks. + + http_X_Content_Security_Policy_header.nasl + 2021/01/19 + Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header + + 2010/10/26 + remote + None + 1.6 + http://www.nessus.org/u?55aa8f57 + http://www.nessus.org/u?07cc2a06 + https://content-security-policy.com/ + https://www.w3.org/TR/CSP2/ + + Set a non-permissive Content-Security-Policy frame-ancestors header for all requested + resources. + + The remote web server does not take steps to mitigate a class of web application + vulnerabilities. + + + The following pages do not set a Content-Security-Policy frame-ancestors response header or set a + permissive policy: + + - http://testphp.vulnweb.com/ + - http://testphp.vulnweb.com/AJAX/ + - http://testphp.vulnweb.com/AJAX/index.php + - http://testphp.vulnweb.com/AJAX/index.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/showxml.php + - http://testphp.vulnweb.com/CVS/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-3.html + - http://testphp.vulnweb.com/Templates/ + - http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php + - http://testphp.vulnweb.com/admin/ + - http://testphp.vulnweb.com/artists.php + - http://testphp.vulnweb.com/cart.php + - http://testphp.vulnweb.com/categories.php + - http://testphp.vulnweb.com/disclaimer.php + - http://testphp.vulnweb.com/guestbook.php + - http://testphp.vulnweb.com/hpp/ + - http://testphp.vulnweb.com/images/ + - http://testphp.vulnweb.com/index.php + - http://testphp.vulnweb.com/listproducts.php + - http://testphp.vulnweb.com/login.php + - http://testphp.vulnweb.com/search.php + - http://testphp.vulnweb.com/secured/ + - http://testphp.vulnweb.com/secured/newuser.php + - http://testphp.vulnweb.com/signup.php + + + + The remote web server in some responses sets a permissive X-Frame-Options response header + or does not set one at all. + + The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks + and is currently supported by all major browser vendors + + http_X_Frame_Options_header.nasl + 2021/01/19 + Missing or Permissive X-Frame-Options HTTP Response Header + 2010/10/26 + remote + None + 1.5 + https://en.wikipedia.org/wiki/Clickjacking + http://www.nessus.org/u?399b1f56 + + Set a properly configured X-Frame-Options header for all requested resources. + The remote web server does not take steps to mitigate a class of web application + vulnerabilities. + + + The following pages do not set a X-Frame-Options response header or set a permissive policy: + + - http://testphp.vulnweb.com/ + - http://testphp.vulnweb.com/AJAX/ + - http://testphp.vulnweb.com/AJAX/index.php + - http://testphp.vulnweb.com/AJAX/index.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/showxml.php + - http://testphp.vulnweb.com/CVS/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-3.html + - http://testphp.vulnweb.com/Templates/ + - http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php + - http://testphp.vulnweb.com/admin/ + - http://testphp.vulnweb.com/artists.php + - http://testphp.vulnweb.com/cart.php + - http://testphp.vulnweb.com/categories.php + - http://testphp.vulnweb.com/disclaimer.php + - http://testphp.vulnweb.com/guestbook.php + - http://testphp.vulnweb.com/hpp/ + - http://testphp.vulnweb.com/images/ + - http://testphp.vulnweb.com/index.php + - http://testphp.vulnweb.com/listproducts.php + - http://testphp.vulnweb.com/login.php + - http://testphp.vulnweb.com/search.php + - http://testphp.vulnweb.com/secured/ + - http://testphp.vulnweb.com/secured/newuser.php + - http://testphp.vulnweb.com/signup.php + + + + 4.3 + CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N + 693 + The remote web server does not set an X-Frame-Options response header or a + Content-Security-Policy 'frame-ancestors' response header in all content responses. This + could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can + trick a user into clicking an area of the vulnerable page that is different than what the user + perceives the page to be. This can result in a user performing fraudulent or malicious transactions. + + X-Frame-Options has been proposed by Microsoft as a way to mitigate clickjacking attacks and is + currently supported by all major browser vendors. + + Content-Security-Policy (CSP) has been proposed by the W3C Web Application Security Working Group, + with increasing support among all major browser vendors, as a way to mitigate clickjacking and other + attacks. The 'frame-ancestors' policy directive restricts which sources can embed the + protected resource. + + Note that while the X-Frame-Options and Content-Security-Policy response headers are not the only + mitigations for clickjacking, they are currently the most reliable methods that can be detected + through automation. Therefore, this plugin may produce false positives if other mitigation + strategies (e.g., frame-busting JavaScript) are deployed or if the page does not perform any + security-sensitive transactions. + + http_generic_clickjacking.nasl + 2017/05/16 + Web Application Potentially Vulnerable to Clickjacking + 2015/08/22 + remote + Medium + $Revision: 1.7 $ + http://www.nessus.org/u?399b1f56 + https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet + https://en.wikipedia.org/wiki/Clickjacking + + Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' + directive) HTTP header with the page's response. + This prevents the page's content from being rendered by another site when using the frame or + iframe HTML tags. + + The remote web server may fail to mitigate a class of web application vulnerabilities. + + CWE:693 + + The following pages do not use a clickjacking mitigation response header and contain a clickable + event : + + - http://testphp.vulnweb.com/ + - http://testphp.vulnweb.com/AJAX/ + - http://testphp.vulnweb.com/AJAX/index.php + - http://testphp.vulnweb.com/AJAX/index.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php + - http://testphp.vulnweb.com/artists.php + - http://testphp.vulnweb.com/cart.php + - http://testphp.vulnweb.com/categories.php + - http://testphp.vulnweb.com/disclaimer.php + - http://testphp.vulnweb.com/guestbook.php + - http://testphp.vulnweb.com/index.php + - http://testphp.vulnweb.com/listproducts.php + - http://testphp.vulnweb.com/login.php + - http://testphp.vulnweb.com/search.php + - http://testphp.vulnweb.com/signup.php + + + + The remote web server contains linkable content that can be used to gather information + about a target. + + http_sitemap.nasl + 2016/06/24 + Web Application Sitemap + 2016/06/24 + remote + None + $Revision: 1.1 $ + http://www.nessus.org/u?5496c8d9 + n/a + The remote web server hosts linkable content that can be crawled by Nessus. + + The following sitemap was created from crawling linkable content on the target host : + + - http://testphp.vulnweb.com/ + - http://testphp.vulnweb.com/AJAX/ + - http://testphp.vulnweb.com/AJAX/index.php + - http://testphp.vulnweb.com/AJAX/index.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/.php + - http://testphp.vulnweb.com/AJAX/index.php/showxml.php/showxml.php/showxml.php/showxml.php + - http://testphp.vulnweb.com/AJAX/showxml.php + - http://testphp.vulnweb.com/AJAX/styles.css + - http://testphp.vulnweb.com/CVS/ + - http://testphp.vulnweb.com/CVS/Entries + - http://testphp.vulnweb.com/CVS/Entries.Log + - http://testphp.vulnweb.com/CVS/Repository + - http://testphp.vulnweb.com/CVS/Root + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html + - http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-3.html + - http://testphp.vulnweb.com/Templates/ + - http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php + - http://testphp.vulnweb.com/admin/ + - http://testphp.vulnweb.com/admin/create.sql + - http://testphp.vulnweb.com/artists.php + - http://testphp.vulnweb.com/cart.php + - http://testphp.vulnweb.com/categories.php + - http://testphp.vulnweb.com/disclaimer.php + - http://testphp.vulnweb.com/guestbook.php + - http://testphp.vulnweb.com/hpp/ + - http://testphp.vulnweb.com/images/ + - http://testphp.vulnweb.com/images/logo.gif + - http://testphp.vulnweb.com/images/remark.gif + - http://testphp.vulnweb.com/index.php + - http://testphp.vulnweb.com/listproducts.php + - http://testphp.vulnweb.com/login.php + - http://testphp.vulnweb.com/search.php + - http://testphp.vulnweb.com/secured/ + - http://testphp.vulnweb.com/secured/newuser.php + - http://testphp.vulnweb.com/secured/style.css + - http://testphp.vulnweb.com/signup.php + - http://testphp.vulnweb.com/style.css + + Attached is a copy of the sitemap file. + + + e48dbcc1e83a31720de4adbe039409a9 + + + + Nessus gathered HREF links to external sites by crawling the remote web server. + + webmirror_ext_URL.nasl + 2011/08/19 + External URLs + 2010/10/04 + remote + None + $Revision: 1.3 $ + n/a + Links to external sites were gathered. + + 7 external URLs were gathered on this web server : + URL... - Seen on... + + + http://blog.mindedsecurity.com/2009/05/client-side-http-parameter-pollution.html - /hpp/ + http://www.acunetix.com - / + http://www.eclectasy.com/Fractal-Explorer/index.html - / + https://www.acunetix.com/ - / + https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/ - + / + https://www.acunetix.com/vulnerability-scanner/ - / + https://www.acunetix.com/vulnerability-scanner/php-security-scanner/ - / + + + + Nessus harvested HREF mailto: links and extracted email addresses by crawling the remote + web server. + + webmirror_mailto.nasl + 2018/05/24 + Web Server Harvested Email Addresses + 2010/10/04 + remote + None + 1.7 + n/a + Email addresses were harvested from the web server. + + + The following email address has been gathered : + + + - 'wvs@acunetix.com', referenced from : + /search.php + /listproducts.php + /index.php + /artists.php + /categories.php + /signup.php + /disclaimer.php + / + /Templates/main_dynamic_template.dwt.php + /cart.php + /guestbook.php + /login.php + + + + 2.6 + CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N + 522 + 523 + 718 + 724 + 928 + 930 + The remote web server contains several HTML form fields containing an input of type 'password' + which transmit their information to a remote web server in cleartext. + + An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords + of valid users. + + www_clear_text_passwords.nasl + 2016/11/29 + Web Server Transmits Cleartext Credentials + 2007/09/28 + remote + Low + $Revision: 1.17 $ + Make sure that every sensitive form transmits content over HTTPS. + The remote web server might transmit credentials in cleartext. + CWE:522 + CWE:523 + CWE:718 + CWE:724 + CWE:928 + CWE:930 + Page : /login.php + Destination Page: /userinfo.php + + Page : /signup.php + Destination Page: /secured/newuser.php + + + + + This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are + used by the remote host. + + It is suggested that you change the number of pages to mirror in the 'Options' section of + the client. + + webmirror3.nbin + 2022/02/14 + Web mirroring + 2001/05/04 + remote + None + 3.84 + n/a + Nessus can crawl the remote website. + + Webmirror performed 174 queries in 89s (1.0955 queries per second) + + The following CGIs have been discovered : + + + + CGI : /search.php + Methods : POST + Argument : goButton + Value: go + Argument : searchFor + Argument : test + Value: query + + + + CGI : /listproducts.php + Methods : GET + Argument : cat + Value: 4 + + + + CGI : /artists.php + Methods : GET + Argument : artist + Value: 3 + + + + CGI : /comment.php + Methods : GET + Argument : aid + Value: 3 + + + + CGI : /guestbook.php + Methods : POST + Argument : name + Value: anonymous user + Argument : submit + Value: add message + Argument : text + + + + CGI : /AJAX/index.php/.php + Methods : GET + Argument : id + + + + CGI : /userinfo.php + Methods : POST + Argument : pass + Argument : uname + + + + CGI : /hpp/ + Methods : GET + Argument : pp + Value: 12 + + + + CGI : /AJAX/index.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/.php + Methods : GET + Argument : id + + + + CGI : /secured/newuser.php + Methods : POST + Argument : signup + Value: signup + Argument : uaddress + Argument : ucc + Argument : uemail + Argument : upass + Argument : upass2 + Argument : uphone + Argument : urname + Argument : uuname + + + + CGI : /AJAX/index.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/.php/showxml.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/.php/showxml.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/showxml.php/.php/.php + Methods : GET + Argument : id + + + + CGI : /AJAX/index.php/showxml.php/showxml.php/showxml.php/showxml.php/.php + Methods : GET + Argument : id + + Directory index found at /admin/ + Directory index found at /images/ + Directory index found at /Templates/ + Directory index found at /CVS/ + + + + This plugin attempts to determine the presence of various common directories on the remote + web server. By sending a request for a directory, the web server response code indicates if it is a + valid directory or not. + + DDI_Directory_Scanner.nasl + OWASP-CM-006 + 2021/08/17 + Web Server Directory Enumeration + 2002/06/26 + remote + None + 1.114 + http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location + n/a + It is possible to enumerate directories on the web server. + OWASP:OWASP-CM-006 + + The following directories were discovered: + /admin, /cgi-bin, /secured, /CVS, /Templates, /images + + While this is not, in and of itself, a bug, you should manually inspect + these directories to ensure that they are in compliance with company + security standards + + + + It was possible to identify the remote service by its banner or by looking at the error + message it sends when it receives a 'HELP' request. + + find_service2.nasl + 2018/11/26 + Service Detection (HELP Request) + 2002/11/18 + remote + None + 1.317 + n/a + The remote service could be identified. + A web server seems to be running on this port. + + + The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this + feature is that the uptime of the remote host can sometimes be computed. + + tcp_timestamps.nasl + 2019/03/06 + TCP/IP Timestamps Supported + 2007/05/16 + remote + None + 1.21 + http://www.ietf.org/rfc/rfc1323.txt + n/a + The remote service implements TCP timestamps. + + + CVE-1999-0524 + 0.0 + CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + 0.0 + CVE-1999-0524 + CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N + 200 + The remote host answers to an ICMP timestamp request. This allows an attacker to know the + date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in + defeating time-based authentication protocols. + + Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately + incorrect, but usually within 1000 seconds of the actual system time. + + icmp_timestamp.nasl + 2019/10/04 + ICMP Timestamp Request Remote Date Disclosure + 1999/08/01 + remote + None + 1.48 + Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). + + It is possible to determine the exact time set on the remote host. + 1995/01/01 + CWE:200 + The difference between the local and remote clocks is 1 second. + + + + Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host. + + fqdn.nasl + 2017/04/14 + Host Fully Qualified Domain Name (FQDN) Resolution + 2004/02/11 + remote + None + $Revision: 1.16 $ + n/a + It was possible to resolve the name of the remote host. + + 44.228.249.3 resolves as ec2-44-228-249-3.us-west-2.compute.amazonaws.com. + + + + This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even + against a firewalled target. + + Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but + they might cause problems for less robust firewalls and also leave unclosed connections on the + remote target, if the network is loaded. + + nessus_syn_scanner.nbin + 2022/02/14 + Nessus SYN scanner + 2009/02/04 + remote + None + 1.43 + Protect your target with an IP filter. + It is possible to determine which TCP ports are open. + Port 80/tcp was found to be open + + + + diff --git a/unittests/scans/nessus_was/nessus_was_many_vuln.csv b/unittests/scans/tenable/nessus_was/nessus_was_many_vuln.csv similarity index 100% rename from unittests/scans/nessus_was/nessus_was_many_vuln.csv rename to unittests/scans/tenable/nessus_was/nessus_was_many_vuln.csv diff --git a/unittests/scans/nessus_was/nessus_was_many_vuln.xml b/unittests/scans/tenable/nessus_was/nessus_was_many_vuln.xml similarity index 100% rename from unittests/scans/nessus_was/nessus_was_many_vuln.xml rename to unittests/scans/tenable/nessus_was/nessus_was_many_vuln.xml diff --git a/unittests/scans/nessus_was/nessus_was_no_vuln.csv b/unittests/scans/tenable/nessus_was/nessus_was_no_vuln.csv similarity index 100% rename from unittests/scans/nessus_was/nessus_was_no_vuln.csv rename to unittests/scans/tenable/nessus_was/nessus_was_no_vuln.csv diff --git a/unittests/scans/nessus_was/nessus_was_no_vuln.xml b/unittests/scans/tenable/nessus_was/nessus_was_no_vuln.xml similarity index 100% rename from unittests/scans/nessus_was/nessus_was_no_vuln.xml rename to unittests/scans/tenable/nessus_was/nessus_was_no_vuln.xml diff --git a/unittests/scans/nessus_was/nessus_was_one_vuln.csv b/unittests/scans/tenable/nessus_was/nessus_was_one_vuln.csv similarity index 100% rename from unittests/scans/nessus_was/nessus_was_one_vuln.csv rename to unittests/scans/tenable/nessus_was/nessus_was_one_vuln.csv diff --git a/unittests/scans/nessus_was/nessus_was_one_vuln.xml b/unittests/scans/tenable/nessus_was/nessus_was_one_vuln.xml similarity index 100% rename from unittests/scans/nessus_was/nessus_was_one_vuln.xml rename to unittests/scans/tenable/nessus_was/nessus_was_one_vuln.xml diff --git a/unittests/scans/tenable/tenable_many_vuln.csv b/unittests/scans/tenable/tenable_many_vuln.csv new file mode 100644 index 00000000000..0bc8a92e393 --- /dev/null +++ b/unittests/scans/tenable/tenable_many_vuln.csv @@ -0,0 +1,548 @@ +Plugin ID,CVE,CVSS,Risk,Host,Protocol,Port,Name,Synopsis,Description,Solution,See Also,Plugin Output,,Vulnerability State,IP Address,FQDN,NetBios,OS,,Plugin Family,CVSS Base Score,CVSS Temporal Score,CVSS Temporal Vector,CVSS Vector,CVSS3 Base Score,CVSS3 Temporal Score,CVSS3 Temporal Vector,CVSS3 Vector,System Type,Host Start,Host End,Vulnerability Priority Rating (VPR),First Found,Last Found,Host Scan Schedule ID,Host Scan ID,Indexed At,Last Authenticated Results Date,Last Unauthenticated Results Date,Tracked,Risk Factor,Severity,Original Severity,Modification,Plugin Family ID,Plugin Type,Plugin Version,Service,Plugin Modification Date,Plugin Publication Date,Checks for Malware,Exploit Available,Exploited by Malware,Exploited by Nessus,CANVAS,D2 Elliot,Metasploit,Core Exploits,ExploitHub,Default Account,Patch Available,In The News,Unsupported By Vendor,Last Fixed +176700,CVE-2023-32233,6.8,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : kernel (ALAS-2023-2050),The remote Amazon Linux 2 host is missing a security update.,"The version of kernel installed on the remote host is prior to 4.14.314-238.539. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2050 advisory. + + - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.",Run 'yum update kernel' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2023-32233.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2050.html"," +Remote package installed : kernel-4.14.314-237.533.amzn2 +Should be : kernel-4.14.314-238.539.amzn2 + +Remote package installed : kernel-tools-4.14.314-237.533.amzn2 +Should be : kernel-tools-4.14.314-238.539.amzn2 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,6.8,5.3,E:POC/RL:OF/RC:C,AV:L/AC:L/Au:S/C:C/I:C/A:C,7.8,7,E:P/RL:O/RC:C,AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.612Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46666,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46663,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2022-31624,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46661,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2022-27380,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46659,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46667,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2022-27384,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46657,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176703,CVE-2021-46668,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : mariadb (ALAS-2023-2057),The remote Amazon Linux 2 host is missing a security update.,"The version of mariadb installed on the remote host is prior to 5.5.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2057 advisory. + + - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657) + + - MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. (CVE-2021-46659) + + - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661) + + - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. + (CVE-2021-46663) + + - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666) + + - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667) + + - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. + (CVE-2021-46668) + + - An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. (CVE-2022-27380) + + - An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. + (CVE-2022-27384) + + - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update mariadb' to update your system.,"https://alas.aws.amazon.com/cve/html/CVE-2021-46659.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46661.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46663.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46667.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46668.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27380.html +https://alas.aws.amazon.com/cve/html/CVE-2022-27384.html +https://alas.aws.amazon.com/cve/html/CVE-2022-31624.html +https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46657.html +https://alas.aws.amazon.com/cve/html/CVE-2021-46666.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2057.html"," +Remote package installed : mariadb-libs-5.5.68-1.amzn2 +Should be : mariadb-libs-5.5.68-1.amzn2.0.1 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.9,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.7,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176711,CVE-2019-9923,5,High,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : tar (ALAS-2023-2064),The remote Amazon Linux 2 host is missing a security update.,"The version of tar installed on the remote host is prior to 1.26-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2064 advisory. + + - pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. (CVE-2019-9923) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.",Run 'yum update tar' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2019-9923.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2064.html"," +Remote package installed : tar-1.26-35.amzn2.0.1 +Should be : tar-1.26-35.amzn2.0.2 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,5,3.7,E:U/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:P,7.5,6.5,E:U/RL:O/RC:C,AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.602Z,2023-06-08T01:25:48Z,,TRUE,Medium,3,3,NONE,54,local,1,,2023-06-05T00:00:00Z,2023-06-05T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +164329,CVE-2022-37439,4.6,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,"Splunk Enterprise 8.1 < 8.1.11, 8.2.0 < 8.2.7.1 / Universal Forwarders 8.1 < 8.1.11, 8.2.0 < 8.2.7.1 (SVD-2022-0803)",An application running on a remote web server host is affected by a vulnerability,"The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-0803 advisory. + + - In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. + (CVE-2022-37439) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","For Splunk Enterprise and Universal Forwarder customers, upgrade versions to 8.1.11, 8.2.7.1, or higher.",http://www.nessus.org/u?06538c78," + Path : /opt/splunkforwarder + Installed version : 8.2.0 + Fixed version : 8.2.7.1 +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,CGI abuses,4.6,3.4,E:U/RL:OF/RC:C,AV:L/AC:L/Au:S/C:N/I:N/A:C,5.5,4.8,E:U/RL:O/RC:C,AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-05-19T15:08:24.420Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.613Z,2023-06-08T01:25:48Z,,TRUE,Medium,2,2,NONE,6,combined,1.4,,2022-12-06T00:00:00Z,2022-08-22T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176699,CVE-2021-3800,4.9,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : glib2 (ALAS-2023-2058),The remote Amazon Linux 2 host is missing a security update.,"The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2058 advisory. + + - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. (CVE-2021-3800) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.",Run 'yum update glib2' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-3800.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2058.html"," +Remote package installed : glib2-2.56.1-9.amzn2.0.3 +Should be : glib2-2.56.1-9.amzn2.0.5 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,4.9,3.8,E:POC/RL:OF/RC:C,AV:L/AC:L/Au:N/C:C/I:N/A:N,5.5,5,E:P/RL:O/RC:C,AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.594Z,2023-06-08T01:25:48Z,,TRUE,Medium,2,2,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176705,CVE-2022-21216,7.2,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : microcode_ctl (ALAS-2023-2056),The remote Amazon Linux 2 host is missing a security update.,"The version of microcode_ctl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2056 advisory. + + - Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. (CVE-2022-21216) + + - Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-33972) + + - Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-38090) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update microcode_ctl' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2022-21216.html +https://alas.aws.amazon.com/cve/html/CVE-2022-33972.html +https://alas.aws.amazon.com/cve/html/CVE-2022-38090.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2056.html"," +Remote package installed : microcode_ctl-2.1-47.amzn2.0.14 +Should be : microcode_ctl-2.1-47.amzn2.0.15 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,7.2,5.3,E:U/RL:OF/RC:C,AV:A/AC:L/Au:M/C:C/I:C/A:C,6.8,5.9,E:U/RL:O/RC:C,AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.596Z,2023-06-08T01:25:48Z,,TRUE,High,2,2,NONE,54,local,1,,2023-06-05T00:00:00Z,2023-06-05T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176705,CVE-2022-33972,7.2,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : microcode_ctl (ALAS-2023-2056),The remote Amazon Linux 2 host is missing a security update.,"The version of microcode_ctl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2056 advisory. + + - Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. (CVE-2022-21216) + + - Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-33972) + + - Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-38090) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update microcode_ctl' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2022-21216.html +https://alas.aws.amazon.com/cve/html/CVE-2022-33972.html +https://alas.aws.amazon.com/cve/html/CVE-2022-38090.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2056.html"," +Remote package installed : microcode_ctl-2.1-47.amzn2.0.14 +Should be : microcode_ctl-2.1-47.amzn2.0.15 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,7.2,5.3,E:U/RL:OF/RC:C,AV:A/AC:L/Au:M/C:C/I:C/A:C,6.8,5.9,E:U/RL:O/RC:C,AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.596Z,2023-06-08T01:25:48Z,,TRUE,High,2,2,NONE,54,local,1,,2023-06-05T00:00:00Z,2023-06-05T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176705,CVE-2022-38090,7.2,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : microcode_ctl (ALAS-2023-2056),The remote Amazon Linux 2 host is missing a security update.,"The version of microcode_ctl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2056 advisory. + + - Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. (CVE-2022-21216) + + - Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-33972) + + - Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. + (CVE-2022-38090) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.",Run 'yum update microcode_ctl' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2022-21216.html +https://alas.aws.amazon.com/cve/html/CVE-2022-33972.html +https://alas.aws.amazon.com/cve/html/CVE-2022-38090.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2056.html"," +Remote package installed : microcode_ctl-2.1-47.amzn2.0.14 +Should be : microcode_ctl-2.1-47.amzn2.0.15 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,7.2,5.3,E:U/RL:OF/RC:C,AV:A/AC:L/Au:M/C:C/I:C/A:C,6.8,5.9,E:U/RL:O/RC:C,AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.596Z,2023-06-08T01:25:48Z,,TRUE,High,2,2,NONE,54,local,1,,2023-06-05T00:00:00Z,2023-06-05T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176717,CVE-2022-2521,7.8,Medium,ip-127-0-0-1.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : libtiff (ALAS-2023-2055),The remote Amazon Linux 2 host is missing a security update.,"The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2055 advisory. + + - It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (CVE-2022-2521) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.",Run 'yum update libtiff' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2022-2521.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2055.html"," +Remote package installed : libtiff-4.0.3-35.amzn2.0.5 +Should be : libtiff-4.0.3-35.amzn2.0.6 + +",,Active,127.0.0.1,ip-127-0-0-1.us-west-2.compute.internal,,Linux Kernel 4.14.313-235.533.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,7.8,6.1,E:POC/RL:OF/RC:C,AV:N/AC:L/Au:N/C:N/I:N/A:C,6.5,5.9,E:P/RL:O/RC:C,AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T01:58:56.166Z,null,2023-06-08T01:58:56.166Z,2023-06-08T01:58:56.166Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:00:22.609Z,2023-06-08T01:25:48Z,,TRUE,High,2,2,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +164329,CVE-2022-37439,4.6,Medium,ip-192-168-1-110.us-west-2.compute.internal,TCP,0,"Splunk Enterprise 8.1 < 8.1.11, 8.2.0 < 8.2.7.1 / Universal Forwarders 8.1 < 8.1.11, 8.2.0 < 8.2.7.1 (SVD-2022-0803)",An application running on a remote web server host is affected by a vulnerability,"The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-0803 advisory. + + - In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. + (CVE-2022-37439) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","For Splunk Enterprise and Universal Forwarder customers, upgrade versions to 8.1.11, 8.2.7.1, or higher.",http://www.nessus.org/u?06538c78," + Path : /opt/splunkforwarder + Installed version : 8.2.0 + Fixed version : 8.2.7.1 +",,Active,192.168.1.110,ip-192-168-1-110.us-west-2.compute.internal,,Linux Kernel 4.14.311-233.529.amzn2.x86_64 on Amazon Linux 2,,CGI abuses,4.6,3.4,E:U/RL:OF/RC:C,AV:L/AC:L/Au:S/C:N/I:N/A:C,5.5,4.8,E:U/RL:O/RC:C,AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T02:01:27.233Z,null,2023-05-18T01:42:29.529Z,2023-06-08T02:01:27.233Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:02:49.981Z,2023-06-08T01:28:20Z,,TRUE,Medium,2,2,NONE,6,combined,1.4,,2022-12-06T00:00:00Z,2022-08-22T00:00:00Z,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +176699,CVE-2021-3800,4.9,Medium,ip-192-168-1-110.us-west-2.compute.internal,TCP,0,Amazon Linux 2 : glib2 (ALAS-2023-2058),The remote Amazon Linux 2 host is missing a security update.,"The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2058 advisory. + + - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. (CVE-2021-3800) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.",Run 'yum update glib2' to update your system.,"https://alas.aws.amazon.com/faqs.html +https://alas.aws.amazon.com/cve/html/CVE-2021-3800.html +https://alas.aws.amazon.com/AL2/ALAS-2023-2058.html"," +Remote package installed : glib2-2.56.1-9.amzn2.0.3 +Should be : glib2-2.56.1-9.amzn2.0.5 + +",,Active,192.167.1.110,ip-192-168-1-110.us-west-2.compute.internal,,Linux Kernel 4.14.311-233.529.amzn2.x86_64 on Amazon Linux 2,,Amazon Linux Local Security Checks,4.9,3.8,E:POC/RL:OF/RC:C,AV:L/AC:L/Au:N/C:C/I:N/A:N,5.5,5,E:P/RL:O/RC:C,AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N,general-purpose,2023-06-08T01:07:18.371Z,2023-06-08T02:01:27.233Z,null,2023-06-08T02:01:27.233Z,2023-06-08T02:01:27.233Z,template-1f03a3b4-dc06-2525-a174-f7a3392cca43702ca449c77037a3,6411de3d-b7d5-4a18-b428-4c24bbfd5162,2023-06-08T02:02:50.018Z,2023-06-08T01:28:20Z,,TRUE,Medium,2,2,NONE,54,local,1.1,,2023-06-06T00:00:00Z,2023-06-05T00:00:00Z,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, diff --git a/unittests/scans/testssl/failed_target.csv b/unittests/scans/testssl/failed_target.csv new file mode 100644 index 00000000000..ca8e8f0fbc7 --- /dev/null +++ b/unittests/scans/testssl/failed_target.csv @@ -0,0 +1,2 @@ +"id","fqdn/ip","port","severity","finding","cve","cwe" +"scanProblem","testssl.target.de/1.2.3.4","443","FATAL","Can't connect to '1.2.3.4:443' Make sure a firewall is not between you and your scanning target!","","" \ No newline at end of file diff --git a/unittests/scans/testssl/overall_critical.csv b/unittests/scans/testssl/overall_critical.csv new file mode 100644 index 00000000000..54191daf067 --- /dev/null +++ b/unittests/scans/testssl/overall_critical.csv @@ -0,0 +1,199 @@ +"id","fqdn/ip","port","severity","finding","cve","cwe" +"service","www.test.com/127.0.0.1","443","INFO","HTTP","","" +"pre_128cipher","www.test.com/127.0.0.1","443","INFO","No 128 cipher limit bug","","" +"SSLv2","www.test.com/127.0.0.1","443","OK","not offered","","" +"SSLv3","www.test.com/127.0.0.1","443","OK","not offered","","" +"TLS1","www.test.com/127.0.0.1","443","LOW","offered (deprecated)","","" +"TLS1_1","www.test.com/127.0.0.1","443","LOW","offered (deprecated)","","" +"TLS1_2","www.test.com/127.0.0.1","443","OK","offered","","" +"TLS1_3","www.test.com/127.0.0.1","443","INFO","not offered + downgraded to weaker protocol","","" +"NPN","www.test.com/127.0.0.1","443","INFO","offered with h2, http/1.1 (advertised)","","" +"ALPN_HTTP2","www.test.com/127.0.0.1","443","OK","h2","","" +"ALPN","www.test.com/127.0.0.1","443","INFO","http/1.1","","" +"cipherlist_NULL","www.test.com/127.0.0.1","443","OK","not offered","","CWE-327" +"cipherlist_aNULL","www.test.com/127.0.0.1","443","CRITICAL","offered","","CWE-327" +"cipherlist_EXPORT","www.test.com/127.0.0.1","443","OK","not offered","","CWE-327" +"cipherlist_LOW","www.test.com/127.0.0.1","443","OK","not offered","","CWE-327" +"cipherlist_3DES_IDEA","www.test.com/127.0.0.1","443","MEDIUM","offered","","CWE-310" +"cipherlist_AVERAGE","www.test.com/127.0.0.1","443","LOW","offered","","CWE-310" +"cipherlist_GOOD","www.test.com/127.0.0.1","443","OK","offered","","" +"cipherlist_STRONG","www.test.com/127.0.0.1","443","OK","offered","","" +"cipher_order","www.test.com/127.0.0.1","443","OK","server","","" +"protocol_negotiated","www.test.com/127.0.0.1","443","OK","Default protocol TLS1.2","","" +"cipher_negotiated","www.test.com/127.0.0.1","443","OK","ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)","","" +"cipher-tls1_xc014","www.test.com/127.0.0.1","443","LOW","TLSv1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_xc019","www.test.com/127.0.0.1","443","CRITICAL","TLSv1 xc019 AECDH-AES256-SHA ECDH 256 AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_x35","www.test.com/127.0.0.1","443","LOW","TLSv1 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_x84","www.test.com/127.0.0.1","443","LOW","TLSv1 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","","" +"cipher-tls1_xc013","www.test.com/127.0.0.1","443","LOW","TLSv1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_xc018","www.test.com/127.0.0.1","443","CRITICAL","TLSv1 xc018 AECDH-AES128-SHA ECDH 256 AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_x2f","www.test.com/127.0.0.1","443","LOW","TLSv1 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_x41","www.test.com/127.0.0.1","443","LOW","TLSv1 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","","" +"cipher-tls1_x96","www.test.com/127.0.0.1","443","LOW","TLSv1 x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA","","" +"cipher-tls1_xc012","www.test.com/127.0.0.1","443","MEDIUM","TLSv1 xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_xc017","www.test.com/127.0.0.1","443","CRITICAL","TLSv1 xc017 AECDH-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_x0a","www.test.com/127.0.0.1","443","MEDIUM","TLSv1 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_x07","www.test.com/127.0.0.1","443","MEDIUM","TLSv1 x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA","","" +"cipherorder_TLSv1","www.test.com/127.0.0.1","443","INFO","ECDHE-RSA-AES256-SHA AECDH-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AECDH-AES128-SHA AES128-SHA CAMELLIA128-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA AECDH-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA","","" +"cipher-tls1_1_xc014","www.test.com/127.0.0.1","443","LOW","TLSv1.1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_1_xc019","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.1 xc019 AECDH-AES256-SHA ECDH 256 AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_1_x35","www.test.com/127.0.0.1","443","LOW","TLSv1.1 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_1_x84","www.test.com/127.0.0.1","443","LOW","TLSv1.1 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","","" +"cipher-tls1_1_xc013","www.test.com/127.0.0.1","443","LOW","TLSv1.1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_1_xc018","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.1 xc018 AECDH-AES128-SHA ECDH 256 AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_1_x2f","www.test.com/127.0.0.1","443","LOW","TLSv1.1 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_1_x41","www.test.com/127.0.0.1","443","LOW","TLSv1.1 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","","" +"cipher-tls1_1_x96","www.test.com/127.0.0.1","443","LOW","TLSv1.1 x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA","","" +"cipher-tls1_1_xc012","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.1 xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_1_xc017","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.1 xc017 AECDH-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_1_x0a","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.1 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_1_x07","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.1 x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA","","" +"cipherorder_TLSv1_1","www.test.com/127.0.0.1","443","INFO","ECDHE-RSA-AES256-SHA AECDH-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AECDH-AES128-SHA AES128-SHA CAMELLIA128-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA AECDH-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA","","" +"cipher-tls1_2_xc030","www.test.com/127.0.0.1","443","OK","TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","","" +"cipher-tls1_2_xc028","www.test.com/127.0.0.1","443","LOW","TLSv1.2 xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","","" +"cipher-tls1_2_xc014","www.test.com/127.0.0.1","443","LOW","TLSv1.2 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_2_xc019","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.2 xc019 AECDH-AES256-SHA ECDH 256 AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_2_x9d","www.test.com/127.0.0.1","443","OK","TLSv1.2 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384","","" +"cipher-tls1_2_x3d","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256","","" +"cipher-tls1_2_x35","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA","","" +"cipher-tls1_2_x84","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA","","" +"cipher-tls1_2_xc02f","www.test.com/127.0.0.1","443","OK","TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","","" +"cipher-tls1_2_xc027","www.test.com/127.0.0.1","443","LOW","TLSv1.2 xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","","" +"cipher-tls1_2_xc013","www.test.com/127.0.0.1","443","LOW","TLSv1.2 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_2_xc018","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.2 xc018 AECDH-AES128-SHA ECDH 256 AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_2_x9c","www.test.com/127.0.0.1","443","OK","TLSv1.2 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256","","" +"cipher-tls1_2_x3c","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256","","" +"cipher-tls1_2_x2f","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA","","" +"cipher-tls1_2_x41","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA","","" +"cipher-tls1_2_x96","www.test.com/127.0.0.1","443","LOW","TLSv1.2 x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA","","" +"cipher-tls1_2_xc012","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.2 xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_2_xc017","www.test.com/127.0.0.1","443","CRITICAL","TLSv1.2 xc017 AECDH-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_2_x0a","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.2 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA","","" +"cipher-tls1_2_x07","www.test.com/127.0.0.1","443","MEDIUM","TLSv1.2 x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA","","" +"cipherorder_TLSv1_2","www.test.com/127.0.0.1","443","INFO","ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AECDH-AES256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA AECDH-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA AECDH-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA","","" +"FS","www.test.com/127.0.0.1","443","OK","offered","","" +"FS_ciphers","www.test.com/127.0.0.1","443","INFO","ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA","","" +"FS_ECDHE_curves","www.test.com/127.0.0.1","443","OK","secp256k1 prime256v1 secp384r1 secp521r1","","" +"TLS_extensions","www.test.com/127.0.0.1","443","INFO","'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15' 'next protocol/#13172' 'application layer protocol negotiation/#16'","","" +"TLS_session_ticket","www.test.com/127.0.0.1","443","INFO","valid for 300 seconds only (= 60 days","","" +"cert_notBefore","www.test.com/127.0.0.1","443","INFO","2022-02-07 02:47","","" +"cert_notAfter","www.test.com/127.0.0.1","443","OK","2023-03-11 02:47","","" +"cert_extlifeSpan","www.test.com/127.0.0.1","443","OK","certificate has no extended life time according to browser forum","","" +"cert_eTLS","www.test.com/127.0.0.1","443","INFO","not present","","" +"cert_crlDistributionPoints","www.test.com/127.0.0.1","443","INFO","http://crl2.alphassl.com/gs/gsalphasha2g2.crl","","" +"cert_ocspURL","www.test.com/127.0.0.1","443","INFO","http://ocsp2.globalsign.com/gsalphasha2g2","","" +"OCSP_stapling","www.test.com/127.0.0.1","443","LOW","not offered","","" +"cert_mustStapleExtension","www.test.com/127.0.0.1","443","INFO","--","","" +"DNS_CAArecord","www.test.com/127.0.0.1","443","LOW","--","","" +"certificate_transparency","www.test.com/127.0.0.1","443","OK","yes (certificate extension)","","" +"certs_countServer","www.test.com/127.0.0.1","443","INFO","1","","" +"certs_list_ordering_problem","www.test.com/127.0.0.1","443","INFO","no","","" +"cert_caIssuers","www.test.com/127.0.0.1","443","INFO","AlphaSSL CA - SHA256 - G2 (GlobalSign nv-sa from BE)","","" +"intermediate_cert_badOCSP","www.test.com/127.0.0.1","443","OK","intermediate certificate(s) is/are ok","","" +"HTTP_status_code","www.test.com/127.0.0.1","443","INFO","200 OK ('/')","","" +"HTTP_clock_skew","www.test.com/127.0.0.1","443","INFO","-7 seconds from localtime","","" +"HTTP_headerTime","www.test.com/127.0.0.1","443","INFO","1652093782","","" +"HSTS","www.test.com/127.0.0.1","443","LOW","not offered","","" +"HPKP","www.test.com/127.0.0.1","443","INFO","No support for HTTP Public Key Pinning","","" +"banner_server","www.test.com/127.0.0.1","443","INFO","nginx","","" +"banner_application","www.test.com/127.0.0.1","443","INFO","No application banner found","","" +"cookie_count","www.test.com/127.0.0.1","443","INFO","3 at '/'","","" +"cookie_secure","www.test.com/127.0.0.1","443","INFO","2/3 at '/' marked as secure","","" +"cookie_httponly","www.test.com/127.0.0.1","443","INFO","2/3 at '/' marked as HttpOnly","","" +"Cache-Control","www.test.com/127.0.0.1","443","INFO","no-store, no-cache, must-revalidate, post-check=0, pre-check=0","","" +"Pragma","www.test.com/127.0.0.1","443","INFO","no-cache","","" +"banner_reverseproxy","www.test.com/127.0.0.1","443","INFO","X-Cache-Debug: /","","CWE-200" +"heartbleed","www.test.com/127.0.0.1","443","OK","not vulnerable , timed out","CVE-2014-0160","CWE-119" +"CCS","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2014-0224","CWE-310" +"ticketbleed","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2016-9244","CWE-200" +"ROBOT","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168","CWE-203" +"secure_renego","www.test.com/127.0.0.1","443","OK","supported","","CWE-310" +"secure_client_renego","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2011-1473","CWE-310" +"CRIME_TLS","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2012-4929","CWE-310" +"BREACH","www.test.com/127.0.0.1","443","MEDIUM","potentially VULNERABLE, gzip deflate HTTP compression detected - only supplied '/' tested","CVE-2013-3587","CWE-310" +"POODLE_SSL","www.test.com/127.0.0.1","443","OK","not vulnerable, no SSLv3","CVE-2014-3566","CWE-310" +"fallback_SCSV","www.test.com/127.0.0.1","443","OK","supported","","" +"SWEET32","www.test.com/127.0.0.1","443","LOW","uses 64 bit block ciphers","CVE-2016-2183 CVE-2016-6329","CWE-327" +"FREAK","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2015-0204","CWE-310" +"DROWN","www.test.com/127.0.0.1","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310" +"DROWN_hint","www.test.com/127.0.0.1","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=1BD29C55A8E4C8D77BF3A46095CCAE91EC6057FB0705C4DA9CB40F42B23430C1","CVE-2016-0800 CVE-2016-0703","CWE-310" +"LOGJAM","www.test.com/127.0.0.1","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310" +"LOGJAM-common_primes","www.test.com/127.0.0.1","443","OK","no DH key with <= TLS 1.2","CVE-2015-4000","CWE-310" +"BEAST_CBC_TLS1","www.test.com/127.0.0.1","443","MEDIUM","ECDHE-RSA-AES256-SHA AECDH-AES256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA AECDH-AES128-SHA AES128-SHA CAMELLIA128-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA AECDH-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA","CVE-2011-3389","CWE-20" +"BEAST","www.test.com/127.0.0.1","443","LOW","VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)","CVE-2011-3389","CWE-20" +"LUCKY13","www.test.com/127.0.0.1","443","LOW","potentially vulnerable, uses TLS CBC ciphers","CVE-2013-0169","CWE-310" +"winshock","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2014-6321","CWE-94" +"RC4","www.test.com/127.0.0.1","443","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310" +"clientsimulation-android_442","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-android_500","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-SHA","","" +"clientsimulation-android_60","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-SHA","","" +"clientsimulation-android_70","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-android_81","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-android_90","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-android_X","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-chrome_74_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-chrome_79_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-firefox_66_win81","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-firefox_71_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-ie_6_xp","www.test.com/127.0.0.1","443","INFO","No connection","","" +"clientsimulation-ie_8_win7","www.test.com/127.0.0.1","443","INFO","TLSv1.0 ECDHE-RSA-AES256-SHA","","" +"clientsimulation-ie_8_xp","www.test.com/127.0.0.1","443","INFO","TLSv1.0 DES-CBC3-SHA","","" +"clientsimulation-ie_11_win7","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-SHA384","","" +"clientsimulation-ie_11_win81","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-SHA384","","" +"clientsimulation-ie_11_winphone81","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-SHA","","" +"clientsimulation-ie_11_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-edge_15_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-edge_17_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-opera_66_win10","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-safari_9_ios9","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-safari_9_osx1011","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-safari_10_osx1012","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-safari_121_ios_122","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-safari_130_osx_10146","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-apple_ats_9_ios9","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-java_6u45","www.test.com/127.0.0.1","443","INFO","TLSv1.0 AES128-SHA","","" +"clientsimulation-java_7u25","www.test.com/127.0.0.1","443","INFO","TLSv1.0 ECDHE-RSA-AES128-SHA","","" +"clientsimulation-java_8u161","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-java1102","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-java1201","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-openssl_102e","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-openssl_110l","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-openssl_111d","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"clientsimulation-thunderbird_68_3_1","www.test.com/127.0.0.1","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","","" +"rating_spec","www.test.com/127.0.0.1","443","INFO","SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)","","" +"rating_doc","www.test.com/127.0.0.1","443","INFO","https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide","","" +"protocol_support_score","www.test.com/127.0.0.1","443","INFO","0","","" +"protocol_support_score_weighted","www.test.com/127.0.0.1","443","INFO","0","","" +"key_exchange_score","www.test.com/127.0.0.1","443","INFO","0","","" +"key_exchange_score_weighted","www.test.com/127.0.0.1","443","INFO","0","","" +"cipher_strength_score","www.test.com/127.0.0.1","443","INFO","0","","" +"cipher_strength_score_weighted","www.test.com/127.0.0.1","443","INFO","0","","" +"final_score","www.test.com/127.0.0.1","443","INFO","0","","" +"overall_grade","www.test.com/127.0.0.1","443","CRITICAL","T","","" +"grade_cap_reason_1","www.test.com/127.0.0.1","443","INFO","Grade capped to T. Issues with the chain of trust (chain incomplete)","","" +"grade_cap_reason_2","www.test.com/127.0.0.1","443","INFO","Grade capped to B. TLS 1.1 offered","","" +"grade_cap_reason_3","www.test.com/127.0.0.1","443","INFO","Grade capped to B. TLS 1.0 offered","","" +"grade_cap_reason_4","www.test.com/127.0.0.1","443","INFO","Grade capped to A. HSTS is not offered","","" diff --git a/unittests/scans/testssl/overall_medium.csv b/unittests/scans/testssl/overall_medium.csv new file mode 100644 index 00000000000..20e72d001cc --- /dev/null +++ b/unittests/scans/testssl/overall_medium.csv @@ -0,0 +1,11 @@ +"id","fqdn/ip","port","severity","finding","cve","cwe" +"service","testurl.com/127.0.0.1","443","INFO","HTTP","","" +"pre_128cipher","testurl.com/127.0.0.1","443","INFO","No 128 cipher limit bug","","" +"SSLv2","testurl.com/127.0.0.1","443","OK","not offered","","" +"key_exchange_score_weighted","testurl.com/127.0.0.1","443","INFO","27","","" +"cipher_strength_score","testurl.com/127.0.0.1","443","INFO","90","","" +"cipher_strength_score_weighted","testurl.com/127.0.0.1","443","INFO","36","","" +"final_score","testurl.com/127.0.0.1","443","INFO","91","","" +"overall_grade","testurl.com/127.0.0.1","443","MEDIUM","B","","" +"grade_cap_reason_1","testurl.com/127.0.0.1","443","INFO","Grade capped to B. TLS 1.1 offered","","" +"grade_cap_reason_2","testurl.com/127.0.0.1","443","INFO","Grade capped to B. TLS 1.0 offered","","" diff --git a/unittests/scans/threagile/bad_formatted_risks_file.json b/unittests/scans/threagile/bad_formatted_risks_file.json new file mode 100644 index 00000000000..9e26dfeeb6e --- /dev/null +++ b/unittests/scans/threagile/bad_formatted_risks_file.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/unittests/scans/threagile/empty_file_no_risks.json b/unittests/scans/threagile/empty_file_no_risks.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/threagile/empty_file_no_risks.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/threagile/risks.json b/unittests/scans/threagile/risks.json new file mode 100644 index 00000000000..7216cb94be7 --- /dev/null +++ b/unittests/scans/threagile/risks.json @@ -0,0 +1,111 @@ +[ + { + "category": "unguarded-direct-datastore-access", + "risk_status": "unchecked", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@energon-ta\u003eenergontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "energon-ta\u003eenergontopolicyregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "in-discussion", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIAMSidecar\u003c/b\u003e via \u003cb\u003eIAMBachendAPIPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage@iam-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "iam-sidecar-ta\u003eiambachendapipoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "unguarded-direct-datastore-access", + "risk_status": "accepted", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eIDMSidecar\u003c/b\u003e via \u003cb\u003eIAMSidecarPoliciesRegoFileStorage\u003c/b\u003e", + "synthetic_id": "unguarded-direct-datastore-access@idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage@idm-sidecar-ta@policies-rego-storage-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "policies-rego-storage-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "idm-sidecar-ta\u003eiamsidecarpoliciesregofilestorage", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "policies-rego-storage-ta" + ] + }, + { + "category": "missing-network-segmentation", + "risk_status": "in-progress", + "severity": "medium", + "exploitation_likelihood": "unlikely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003eIAMBackendAPI\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers", + "synthetic_id": "missing-network-segmentation@iam-backend-api-ta", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "iam-backend-api-ta", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "iam-backend-api-ta" + ] + }, + { + "category": "mixed-targets-on-shared-runtime", + "risk_status": "mitigated", + "severity": "low", + "exploitation_likelihood": "unlikely", + "exploitation_impact": "low", + "title": "\u003cb\u003eMixed Targets on Shared Runtime\u003c/b\u003e named \u003cb\u003eSome Shared Runtime\u003c/b\u003e might enable attackers moving from one less valuable target to a more valuable one", + "synthetic_id": "mixed-targets-on-shared-runtime@some-runtime", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "some-runtime", + "most_relevant_communication_link": "", + "data_breach_probability": "improbable", + "data_breach_technical_assets": [ + "some-component", + "some-other-component" + ] + }, + { + "category": "missing-authentication", + "risk_status": "false-positive", + "severity": "elevated", + "exploitation_likelihood": "likely", + "exploitation_impact": "medium", + "title": "\u003cb\u003eMissing Authentication\u003c/b\u003e covering communication link \u003cb\u003eSome Traffic\u003c/b\u003e from \u003cb\u003eSome Technical Asset\u003c/b\u003e to \u003cb\u003eSome Other Technical Asset\u003c/b\u003e", + "synthetic_id": "missing-authentication@some-component\u003esome-traffic@some-component@some-other-component", + "most_relevant_data_asset": "", + "most_relevant_technical_asset": "", + "most_relevant_trust_boundary": "", + "most_relevant_shared_runtime": "", + "most_relevant_communication_link": "some-component\u003esome-traffic", + "data_breach_probability": "possible", + "data_breach_technical_assets": [ + "some-other-component" + ] + } + ] \ No newline at end of file diff --git a/unittests/scans/trivy/issue_9092.json b/unittests/scans/trivy/issue_9092.json new file mode 100644 index 00000000000..1da1cd1b3cd --- /dev/null +++ b/unittests/scans/trivy/issue_9092.json @@ -0,0 +1,74 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "sbom.json", + "ArtifactType": "cyclonedx", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "requirements.txt", + "Class": "lang-pkgs", + "Type": "pip", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-37920", + "PkgName": "certifi", + "InstalledVersion": "2022.5.18.1", + "FixedVersion": "2023.7.22", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37920", + "Ref": "pkg:pypi/certifi@2022.5.18.1", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Title": "python-certifi: Removal of e-Tugra root certificate", + "Description": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37920", + "https://github.com/certifi/python-certifi", + "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909", + "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7", + "https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml", + "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", + "https://www.cve.org/CVERecord?id=CVE-2023-37920" + ], + "PublishedDate": "2023-07-25T21:15:00Z", + "LastModifiedDate": "2023-08-12T06:16:00Z" + } + ] + } + ] + } \ No newline at end of file diff --git a/unittests/scans/trivy/issue_9170.json b/unittests/scans/trivy/issue_9170.json new file mode 100644 index 00000000000..77a83dd218b --- /dev/null +++ b/unittests/scans/trivy/issue_9170.json @@ -0,0 +1,3691 @@ +{ + "ClusterName": "minikube", + "Resources": [ + { + "Namespace": "default", + "Kind": "Service", + "Name": "kubernetes", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Service/kubernetes", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "service kubernetes in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "httpbin", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Service/httpbin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "service httpbin in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "vault-agent-injector-svc", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Service/vault-agent-injector-svc", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "service vault-agent-injector-svc in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "vault", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Service/vault", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "service vault in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "caas-scanners", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ServiceAccount/caas-scanners", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "serviceaccount caas-scanners in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "vault-internal", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Service/vault-internal", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "service vault-internal in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "serviceaccount default in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "vault", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ServiceAccount/vault", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "serviceaccount vault in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "vault-agent-injector", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ServiceAccount/vault-agent-injector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "serviceaccount vault-agent-injector in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "configmap kube-root-ca.crt in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "ConfigMap", + "Name": "popeye-config", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "ConfigMap/popeye-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 151, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "configmap popeye-config in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Role", + "Name": "caas-scanners-role", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "Deployment/httpbin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 138, + "Failures": 14, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV001", + "AVDID": "AVD-KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv001" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV003", + "AVDID": "AVD-KSV-0003", + "Title": "Default capabilities: some containers do not drop all", + "Description": "The container should drop all default capabilities and add only those that are needed for its execution.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should add 'ALL' to 'securityContext.capabilities.drop'", + "Namespace": "builtin.kubernetes.KSV003", + "Query": "data.builtin.kubernetes.KSV003.deny", + "Resolution": "Add 'ALL' to containers[].securityContext.capabilities.drop.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv003", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/", + "https://avd.aquasec.com/misconfig/ksv003" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV012", + "AVDID": "AVD-KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv012" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV013", + "AVDID": "AVD-KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv013" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV014", + "AVDID": "AVD-KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv014" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV015", + "AVDID": "AVD-KSV-0015", + "Title": "CPU requests not specified", + "Description": "When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'resources.requests.cpu'", + "Namespace": "builtin.kubernetes.KSV015", + "Query": "data.builtin.kubernetes.KSV015.deny", + "Resolution": "Set 'containers[].resources.requests.cpu'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv015", + "References": [ + "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits", + "https://avd.aquasec.com/misconfig/ksv015" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV016", + "AVDID": "AVD-KSV-0016", + "Title": "Memory requests not specified", + "Description": "When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'resources.requests.memory'", + "Namespace": "builtin.kubernetes.KSV016", + "Query": "data.builtin.kubernetes.KSV016.deny", + "Resolution": "Set 'containers[].resources.requests.memory'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv016", + "References": [ + "https://kubesec.io/basics/containers-resources-limits-memory/", + "https://avd.aquasec.com/misconfig/ksv016" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV020", + "AVDID": "AVD-KSV-0020", + "Title": "Runs with UID \u003c= 10000", + "Description": "Force the container to run with user ID \u003e 10000 to avoid conflicts with the host’s user table.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'securityContext.runAsUser' \u003e 10000", + "Namespace": "builtin.kubernetes.KSV020", + "Query": "data.builtin.kubernetes.KSV020.deny", + "Resolution": "Set 'containers[].securityContext.runAsUser' to an integer \u003e 10000.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv020", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv020" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV021", + "AVDID": "AVD-KSV-0021", + "Title": "Runs with GID \u003c= 10000", + "Description": "Force the container to run with group ID \u003e 10000 to avoid conflicts with the host’s user table.", + "Message": "Container 'httpbin' of Deployment 'httpbin' should set 'securityContext.runAsGroup' \u003e 10000", + "Namespace": "builtin.kubernetes.KSV021", + "Query": "data.builtin.kubernetes.KSV021.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to an integer \u003e 10000.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv021", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv021" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV030", + "AVDID": "AVD-KSV-0030", + "Title": "Runtime/Default Seccomp profile not set", + "Description": "According to pod security standard 'Seccomp', the RuntimeDefault seccomp profile must be required, or allow specific additional profiles.", + "Message": "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'", + "Namespace": "builtin.kubernetes.KSV030", + "Query": "data.builtin.kubernetes.KSV030.deny", + "Resolution": "Set 'spec.securityContext.seccompProfile.type', 'spec.containers[*].securityContext.seccompProfile' and 'spec.initContainers[*].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv030", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv030" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV104", + "AVDID": "AVD-KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container httpbin of deployment httpbin in default namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv104" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV106", + "AVDID": "AVD-KSV-0106", + "Title": "Container capabilities must only include NET_BIND_SERVICE", + "Description": "Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.", + "Message": "container should drop all", + "Namespace": "builtin.kubernetes.KSV106", + "Query": "data.builtin.kubernetes.KSV106.deny", + "Resolution": "Set 'spec.containers[*].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[*].securityContext.capabilities.add'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv106", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv106" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 124, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 124, + "Content": " - image: kennethreitz/httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: kennethreitz/httpbin", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 125, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " name: httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 127, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 128, + "Content": " - containerPort: 80", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 129, + "Content": " name: port-httpbin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: port-httpbin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " limits:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlimits\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 133, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "deployment httpbin in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV117", + "AVDID": "AVD-KSV-0117", + "Title": "Prevent binding to privileged ports", + "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", + "Message": "deployment httpbin in default namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", + "Namespace": "builtin.kubernetes.KSV117", + "Query": "data.builtin.kubernetes.KSV117.deny", + "Resolution": "Do not map the container ports to privileged host ports when starting a container.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/", + "https://avd.aquasec.com/misconfig/ksv117" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "StatefulSet", + "Name": "vault", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.15.9", + "EOSL": true + }, + "ImageID": "sha256:e5d0e3edb4467b55a57efce11dde2bd44def5718ea848b3e6eb39e32355059ac", + "DiffIDs": [ + "sha256:579bc0f2bef2b2a8b9e33055679857993dd2a4bd8a06633bf0f9c9e9eb15dfd3", + "sha256:cd2e463c321b4995156773eb3af9212a59695a739dfe8e6cc889565b82d102f9", + "sha256:abff06489f308c4cf8d76294664fec2c186dd3cead767f667388dc3e9f3fcfd3", + "sha256:225bf0e44f50faf7a72dacef0f34c23457d9b08b4547a3ba78878af7fa04150c", + "sha256:03b7a2e65386465eff861c5b65374f8df4ff14b9017ad12331e0f888c6ad4901", + "sha256:82239321d6fcbb7a70f27e4db4d01872e2d62bff0fc64c6414a2b83b7a3c595c", + "sha256:ef681dd8e6de33a023e2c2c416a12795072487ee62f445cfd5cf7f8bec834cdd" + ], + "RepoTags": [ + "hashicorp/vault:1.14.0" + ], + "RepoDigests": [ + "hashicorp/vault@sha256:b2177a8bfe85f89ff403c9f51b8a00a6efd1be8e475bc2637390c36977df994d" + ], + "ImageConfig": { + "architecture": "amd64", + "created": "2023-06-19T15:57:07.759951559Z", + "history": [ + { + "created": "2023-06-14T20:42:13.893052319Z", + "created_by": "/bin/sh -c #(nop) ADD file:4fa8e307f595ecff485113fb0ec6e2320979eaa6fb3eb467d2433771a6f016e6 in / " + }, + { + "created": "2023-06-14T20:42:13.993588153Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ARG BIN_NAME", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ARG NAME=vault", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ARG PRODUCT_VERSION", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ARG PRODUCT_REVISION", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ARG TARGETOS TARGETARCH", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "LABEL name=Vault maintainer=Vault Team \u003cvault@hashicorp.com\u003e vendor=HashiCorp version=1.14.0 release=13a649f860186dffe3f3a4459814d87191efc321 revision=13a649f860186dffe3f3a4459814d87191efc321 summary=Vault is a tool for securely accessing secrets. description=Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "COPY LICENSE /licenses/mozilla.txt # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ENV NAME=vault", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.788765343Z", + "created_by": "ENV VERSION=", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:05.8927642Z", + "created_by": "RUN |6 BIN_NAME=vault NAME=vault PRODUCT_VERSION=1.14.0 PRODUCT_REVISION=13a649f860186dffe3f3a4459814d87191efc321 TARGETOS=linux TARGETARCH=amd64 /bin/sh -c addgroup ${NAME} \u0026\u0026 adduser -S -G ${NAME} ${NAME} # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:06.501616217Z", + "created_by": "RUN |6 BIN_NAME=vault NAME=vault PRODUCT_VERSION=1.14.0 PRODUCT_REVISION=13a649f860186dffe3f3a4459814d87191efc321 TARGETOS=linux TARGETARCH=amd64 /bin/sh -c apk add --no-cache libcap su-exec dumb-init tzdata # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:07.691936141Z", + "created_by": "COPY dist/linux/amd64/vault /bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:07.749628505Z", + "created_by": "RUN |6 BIN_NAME=vault NAME=vault PRODUCT_VERSION=1.14.0 PRODUCT_REVISION=13a649f860186dffe3f3a4459814d87191efc321 TARGETOS=linux TARGETARCH=amd64 /bin/sh -c mkdir -p /vault/logs \u0026\u0026 mkdir -p /vault/file \u0026\u0026 mkdir -p /vault/config \u0026\u0026 chown -R ${NAME}:${NAME} /vault # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:07.749628505Z", + "created_by": "VOLUME [/vault/logs]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:07.749628505Z", + "created_by": "VOLUME [/vault/file]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:07.749628505Z", + "created_by": "EXPOSE map[8200/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:07.759951559Z", + "created_by": "COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-06-19T15:57:07.759951559Z", + "created_by": "ENTRYPOINT [\"docker-entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-06-19T15:57:07.759951559Z", + "created_by": "CMD [\"server\" \"-dev\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:579bc0f2bef2b2a8b9e33055679857993dd2a4bd8a06633bf0f9c9e9eb15dfd3", + "sha256:cd2e463c321b4995156773eb3af9212a59695a739dfe8e6cc889565b82d102f9", + "sha256:abff06489f308c4cf8d76294664fec2c186dd3cead767f667388dc3e9f3fcfd3", + "sha256:225bf0e44f50faf7a72dacef0f34c23457d9b08b4547a3ba78878af7fa04150c", + "sha256:03b7a2e65386465eff861c5b65374f8df4ff14b9017ad12331e0f888c6ad4901", + "sha256:82239321d6fcbb7a70f27e4db4d01872e2d62bff0fc64c6414a2b83b7a3c595c", + "sha256:ef681dd8e6de33a023e2c2c416a12795072487ee62f445cfd5cf7f8bec834cdd" + ] + }, + "config": { + "Cmd": [ + "server", + "-dev" + ], + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NAME=vault", + "VERSION=" + ], + "Labels": { + "description": "Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.", + "maintainer": "Vault Team \u003cvault@hashicorp.com\u003e", + "name": "Vault", + "release": "13a649f860186dffe3f3a4459814d87191efc321", + "revision": "13a649f860186dffe3f3a4459814d87191efc321", + "summary": "Vault is a tool for securely accessing secrets.", + "vendor": "HashiCorp", + "version": "1.14.0" + }, + "Volumes": { + "/vault/file": {}, + "/vault/logs": {} + }, + "ExposedPorts": { + "8200/tcp": {} + }, + "ArgsEscaped": true + } + } + }, + "Results": [ + { + "Target": "StatefulSet/vault", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 140, + "Failures": 12, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV003", + "AVDID": "AVD-KSV-0003", + "Title": "Default capabilities: some containers do not drop all", + "Description": "The container should drop all default capabilities and add only those that are needed for its execution.", + "Message": "Container 'vault' of StatefulSet 'vault' should add 'ALL' to 'securityContext.capabilities.drop'", + "Namespace": "builtin.kubernetes.KSV003", + "Query": "data.builtin.kubernetes.KSV003.deny", + "Resolution": "Add 'ALL' to containers[].securityContext.capabilities.drop.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv003", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/", + "https://avd.aquasec.com/misconfig/ksv003" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV011", + "AVDID": "AVD-KSV-0011", + "Title": "CPU not limited", + "Description": "Enforcing CPU limits prevents DoS via resource exhaustion.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'resources.limits.cpu'", + "Namespace": "builtin.kubernetes.KSV011", + "Query": "data.builtin.kubernetes.KSV011.deny", + "Resolution": "Set a limit value under 'containers[].resources.limits.cpu'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv011", + "References": [ + "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits", + "https://avd.aquasec.com/misconfig/ksv011" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV014", + "AVDID": "AVD-KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv014" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV015", + "AVDID": "AVD-KSV-0015", + "Title": "CPU requests not specified", + "Description": "When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'resources.requests.cpu'", + "Namespace": "builtin.kubernetes.KSV015", + "Query": "data.builtin.kubernetes.KSV015.deny", + "Resolution": "Set 'containers[].resources.requests.cpu'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv015", + "References": [ + "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits", + "https://avd.aquasec.com/misconfig/ksv015" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV016", + "AVDID": "AVD-KSV-0016", + "Title": "Memory requests not specified", + "Description": "When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'resources.requests.memory'", + "Namespace": "builtin.kubernetes.KSV016", + "Query": "data.builtin.kubernetes.KSV016.deny", + "Resolution": "Set 'containers[].resources.requests.memory'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv016", + "References": [ + "https://kubesec.io/basics/containers-resources-limits-memory/", + "https://avd.aquasec.com/misconfig/ksv016" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV018", + "AVDID": "AVD-KSV-0018", + "Title": "Memory not limited", + "Description": "Enforcing memory limits prevents DoS via resource exhaustion.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'resources.limits.memory'", + "Namespace": "builtin.kubernetes.KSV018", + "Query": "data.builtin.kubernetes.KSV018.deny", + "Resolution": "Set a limit value under 'containers[].resources.limits.memory'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv018", + "References": [ + "https://kubesec.io/basics/containers-resources-limits-memory/", + "https://avd.aquasec.com/misconfig/ksv018" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV020", + "AVDID": "AVD-KSV-0020", + "Title": "Runs with UID \u003c= 10000", + "Description": "Force the container to run with user ID \u003e 10000 to avoid conflicts with the host’s user table.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'securityContext.runAsUser' \u003e 10000", + "Namespace": "builtin.kubernetes.KSV020", + "Query": "data.builtin.kubernetes.KSV020.deny", + "Resolution": "Set 'containers[].securityContext.runAsUser' to an integer \u003e 10000.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv020", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv020" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV021", + "AVDID": "AVD-KSV-0021", + "Title": "Runs with GID \u003c= 10000", + "Description": "Force the container to run with group ID \u003e 10000 to avoid conflicts with the host’s user table.", + "Message": "Container 'vault' of StatefulSet 'vault' should set 'securityContext.runAsGroup' \u003e 10000", + "Namespace": "builtin.kubernetes.KSV021", + "Query": "data.builtin.kubernetes.KSV021.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to an integer \u003e 10000.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv021", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv021" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV030", + "AVDID": "AVD-KSV-0030", + "Title": "Runtime/Default Seccomp profile not set", + "Description": "According to pod security standard 'Seccomp', the RuntimeDefault seccomp profile must be required, or allow specific additional profiles.", + "Message": "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'", + "Namespace": "builtin.kubernetes.KSV030", + "Query": "data.builtin.kubernetes.KSV030.deny", + "Resolution": "Set 'spec.securityContext.seccompProfile.type', 'spec.containers[*].securityContext.seccompProfile' and 'spec.initContainers[*].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv030", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv030" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV104", + "AVDID": "AVD-KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container vault of statefulset vault in default namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv104" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV106", + "AVDID": "AVD-KSV-0106", + "Title": "Container capabilities must only include NET_BIND_SERVICE", + "Description": "Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.", + "Message": "container should drop all", + "Namespace": "builtin.kubernetes.KSV106", + "Query": "data.builtin.kubernetes.KSV106.deny", + "Resolution": "Set 'spec.containers[*].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[*].securityContext.capabilities.add'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv106", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv106" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 224, + "EndLine": 309, + "Code": { + "Lines": [ + { + "Number": 224, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 225, + "Content": " - \"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"/usr/local/bin/docker-entrypoint.sh vault server -dev \\n\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 226, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 227, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 228, + "Content": " - -ec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -ec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 229, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 230, + "Content": " - name: HOST_IP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: HOST_IP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 231, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 232, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 233, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV116", + "AVDID": "AVD-KSV-0116", + "Title": "Runs with a root primary or supplementary GID", + "Description": "According to pod security standard 'Non-root groups', containers should be forbidden from running with a root primary or supplementary GID.", + "Message": "statefulset vault in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0", + "Namespace": "builtin.kubernetes.KSV116", + "Query": "data.builtin.kubernetes.KSV116.deny", + "Resolution": "Set 'containers[].securityContext.runAsGroup' to a non-zero integer or leave undefined.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv116", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-runasuser/", + "https://avd.aquasec.com/misconfig/ksv116" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + } + ] + } + ] +} diff --git a/unittests/scans/trivy/issue_9263.json b/unittests/scans/trivy/issue_9263.json new file mode 100644 index 00000000000..daf5241a566 --- /dev/null +++ b/unittests/scans/trivy/issue_9263.json @@ -0,0 +1,75 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "sbom.json", + "ArtifactType": "cyclonedx", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "requirements.txt", + "Class": "lang-pkgs", + "Type": "pip", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2013-7445", + "PkgID": "linux-libc-dev@6.1.55-1", + "PkgName": "linux-libc-dev", + "InstalledVersion": "6.1.55-1", + "Status": "will_not_fix", + "Layer": { + "Digest": "sha256:938cae48a646a95127345a544f75f4e0b83f5fa612858e524aedea6981af4a1e", + "DiffID": "sha256:dfe25755ef07309fcb76dd47b2bb21e6dd92adedce8d9aa7f5bbceaf7fc726c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects", + "Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-399" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V2Score": 7.8 + }, + "redhat": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V2Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2013-7445", + "https://bugzilla.kernel.org/show_bug.cgi?id=60533", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7445", + "https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)", + "https://nvd.nist.gov/vuln/detail/CVE-2013-7445", + "https://www.cve.org/CVERecord?id=CVE-2013-7445" + ], + "PublishedDate": "2015-10-16T01:59:00.12Z", + "LastModifiedDate": "2015-10-16T16:22:25.587Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/unittests/scans/trivy/issue_9333.json b/unittests/scans/trivy/issue_9333.json new file mode 100644 index 00000000000..f361b6275fc --- /dev/null +++ b/unittests/scans/trivy/issue_9333.json @@ -0,0 +1,875 @@ +{ + "SchemaVersion": 2, + "CreatedAt": "2024-01-15T08:58:29.82753744Z", + "ArtifactName": "", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "debian", + "Name": "10.13" + }, + "ImageID": "sha256:22ae3921bdaac434bb4cb92dbbc209e46b1f3f70e9fa0b5fbbb43ce7d452c72d", + "DiffIDs": [ + "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c", + "sha256:f1186e5061f20658954f6bfdfaead0abc5ed2371d70f707da05206e868a226ab", + "sha256:fe0fb3ab4a0f7be72784fcab5ef9c8fda65ea9b1067e8f7cdf293c12bcd25c13", + "sha256:c45660adde371317a1eafb102ee1d33b059328ec73a01b5c2461c4d04a40ecec", + "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b", + "sha256:cb81227abde588a006a8b7ceac6034a303813efadc2c711fabf7b224649d183f", + "sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec", + "sha256:3c777d951de2c488f73618f92b2adee8bd5de6f77e36bab51d57583bc487b99b", + "sha256:0d5f5a015e5d65973cce1dbab5aa60ce0836dbf2b3c9eabcb6efc89db1db3221", + "sha256:baa0956fea600c916f370870566aca1edf9a5ffc7facf51cfb1286e774f6e0e2", + "sha256:2f08eba9a3eddbb1e9dc2b70a25a1a3860807dac0d42c1e40fd890bbafbfba29", + "sha256:bf7d7d997f27e713b44ac0e763a38c46f9698e71e2243b0ffa80405d62d8c5e0" + ], + "RepoTags": [ + "" + ], + "RepoDigests": [ + "" + ], + "ImageConfig": { + "architecture": "amd64", + "created": "2024-01-15T08:56:27.807609822Z", + "history": [ + { + "created": "2023-04-12T00:20:15Z", + "created_by": "/bin/sh -c #(nop) ADD file:40953ed6e6f96703b2e0c13288437c2aaf8b3df33dbc423686290cbe0e595a5e in / " + }, + { + "created": "2023-04-12T00:20:15Z", + "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", + "empty_layer": true + }, + { + "created": "2023-04-12T07:52:41Z", + "created_by": "/bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\tnetbase \t\twget \t; \trm -rf /var/lib/apt/lists/*" + }, + { + "created": "2023-04-12T07:52:47Z", + "created_by": "/bin/sh -c set -ex; \tif ! command -v gpg \u003e /dev/null; then \t\tapt-get update; \t\tapt-get install -y --no-install-recommends \t\t\tgnupg \t\t\tdirmngr \t\t; \t\trm -rf /var/lib/apt/lists/*; \tfi" + }, + { + "created": "2023-04-12T07:53:05Z", + "created_by": "/bin/sh -c apt-get update \u0026\u0026 apt-get install -y --no-install-recommends \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t\u0026\u0026 rm -rf /var/lib/apt/lists/*" + }, + { + "created": "2023-04-12T07:54:04Z", + "created_by": "/bin/sh -c set -ex; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tautoconf \t\tautomake \t\tbzip2 \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\timagemagick \t\tlibbz2-dev \t\tlibc6-dev \t\tlibcurl4-openssl-dev \t\tlibdb-dev \t\tlibevent-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tlibglib2.0-dev \t\tlibgmp-dev \t\tlibjpeg-dev \t\tlibkrb5-dev \t\tliblzma-dev \t\tlibmagickcore-dev \t\tlibmagickwand-dev \t\tlibmaxminddb-dev \t\tlibncurses5-dev \t\tlibncursesw5-dev \t\tlibpng-dev \t\tlibpq-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tlibtool \t\tlibwebp-dev \t\tlibxml2-dev \t\tlibxslt-dev \t\tlibyaml-dev \t\tmake \t\tpatch \t\tunzip \t\txz-utils \t\tzlib1g-dev \t\t\t\t$( \t\t\tif apt-cache show 'default-libmysqlclient-dev' 2\u003e/dev/null | grep -q '^Version:'; then \t\t\t\techo 'default-libmysqlclient-dev'; \t\t\telse \t\t\t\techo 'libmysqlclient-dev'; \t\t\tfi \t\t) \t; \trm -rf /var/lib/apt/lists/*" + }, + { + "created": "2023-04-12T09:05:40Z", + "created_by": "/bin/sh -c groupadd --gid 1000 node \u0026\u0026 useradd --uid 1000 --gid node --shell /bin/bash --create-home node" + }, + { + "created": "2023-04-12T09:11:56Z", + "created_by": "/bin/sh -c #(nop) ENV NODE_VERSION=14.21.3", + "empty_layer": true + }, + { + "created": "2023-04-12T09:12:09Z", + "created_by": "/bin/sh -c ARCH= \u0026\u0026 dpkgArch=\"$(dpkg --print-architecture)\" \u0026\u0026 case \"${dpkgArch##*-}\" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo \"unsupported architecture\"; exit 1 ;; esac \u0026\u0026 set -ex \u0026\u0026 for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 141F07595B7B3FFE74309A937405533BE57C7D57 74F12602B6F1C4E913FAA37AD3A89613643B6201 61FC681DFB92A079F1685E77973F295594EC4689 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$key\" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\" ; done \u0026\u0026 curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz\" \u0026\u0026 curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc\" \u0026\u0026 gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \u0026\u0026 grep \" node-v$NODE_VERSION-linux-$ARCH.tar.xz\\$\" SHASUMS256.txt | sha256sum -c - \u0026\u0026 tar -xJf \"node-v$NODE_VERSION-linux-$ARCH.tar.xz\" -C /usr/local --strip-components=1 --no-same-owner \u0026\u0026 rm \"node-v$NODE_VERSION-linux-$ARCH.tar.xz\" SHASUMS256.txt.asc SHASUMS256.txt \u0026\u0026 ln -s /usr/local/bin/node /usr/local/bin/nodejs \u0026\u0026 node --version \u0026\u0026 npm --version" + }, + { + "created": "2023-04-12T09:12:09Z", + "created_by": "/bin/sh -c #(nop) ENV YARN_VERSION=1.22.19", + "empty_layer": true + }, + { + "created": "2023-04-12T09:12:12Z", + "created_by": "/bin/sh -c set -ex \u0026\u0026 for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$key\" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\" ; done \u0026\u0026 curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz\" \u0026\u0026 curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc\" \u0026\u0026 gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \u0026\u0026 mkdir -p /opt \u0026\u0026 tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \u0026\u0026 ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \u0026\u0026 ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \u0026\u0026 rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \u0026\u0026 yarn --version" + }, + { + "created": "2023-04-12T09:12:12Z", + "created_by": "/bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/ " + }, + { + "created": "2023-04-12T09:12:12Z", + "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]", + "empty_layer": true + }, + { + "created": "2023-04-12T09:12:12Z", + "created_by": "/bin/sh -c #(nop) CMD [\"node\"]", + "empty_layer": true + }, + { + "created": "2024-01-15T08:56:23Z", + "created_by": "WORKDIR /usr/src/app/", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-01-15T08:56:23Z", + "created_by": "COPY src/ /usr/src/app/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-01-15T08:56:27Z", + "created_by": "RUN /bin/sh -c npm install # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-01-15T08:56:27Z", + "created_by": "EXPOSE map[3000/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-01-15T08:56:27Z", + "created_by": "CMD [\"node\" \"index.js\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c", + "sha256:f1186e5061f20658954f6bfdfaead0abc5ed2371d70f707da05206e868a226ab", + "sha256:fe0fb3ab4a0f7be72784fcab5ef9c8fda65ea9b1067e8f7cdf293c12bcd25c13", + "sha256:c45660adde371317a1eafb102ee1d33b059328ec73a01b5c2461c4d04a40ecec", + "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b", + "sha256:cb81227abde588a006a8b7ceac6034a303813efadc2c711fabf7b224649d183f", + "sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec", + "sha256:3c777d951de2c488f73618f92b2adee8bd5de6f77e36bab51d57583bc487b99b", + "sha256:0d5f5a015e5d65973cce1dbab5aa60ce0836dbf2b3c9eabcb6efc89db1db3221", + "sha256:baa0956fea600c916f370870566aca1edf9a5ffc7facf51cfb1286e774f6e0e2", + "sha256:2f08eba9a3eddbb1e9dc2b70a25a1a3860807dac0d42c1e40fd890bbafbfba29", + "sha256:bf7d7d997f27e713b44ac0e763a38c46f9698e71e2243b0ffa80405d62d8c5e0" + ] + }, + "config": { + "Cmd": [ + "node", + "index.js" + ], + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NODE_VERSION=14.21.3", + "YARN_VERSION=1.22.19" + ], + "WorkingDir": "/usr/src/app/", + "ArgsEscaped": true + } + } + }, + "Results": [ + { + "Target": "noppaknopsta/example-app:main-159 (debian 10.13)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2011-3374", + "PkgID": "apt@1.8.2.3", + "PkgName": "apt", + "InstalledVersion": "1.8.2.3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://seclists.org/fulldisclosure/2011/Sep/221", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518", + "https://ubuntu.com/security/CVE-2011-3374" + ], + "PublishedDate": "2019-11-26T00:15:11.03Z", + "LastModifiedDate": "2021-02-09T16:08:18.683Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgID": "bash@5.0-4", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "VendorSeverity": { + "cbl-mariner": 3, + "debian": 1, + "nvd": 3, + "oracle-oval": 1, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://linux.oracle.com/cve/CVE-2019-18276.html", + "https://linux.oracle.com/errata/ELSA-2021-1679.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2019-18276", + "https://security.gentoo.org/glsa/202105-34", + "https://security.netapp.com/advisory/ntap-20200430-0003/", + "https://ubuntu.com/security/notices/USN-5380-1", + "https://www.cve.org/CVERecord?id=CVE-2019-18276", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:10.603Z", + "LastModifiedDate": "2023-11-07T03:06:25.3Z" + }, + { + "VulnerabilityID": "TEMP-0841856-B18BAF", + "PkgID": "bash@5.0-4", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Status": "affected", + "Layer": { + "DiffID": "sha256:b2dba74777543b60e1a5be6da44e67659f51b8df1e96922205a5dde6b92dda3c" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "[Privilege escalation possible to other user than root]", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1 + } + }, + { + "VulnerabilityID": "CVE-2017-13716", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", + "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2017-13716", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", + "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", + "https://www.cve.org/CVERecord?id=CVE-2017-13716" + ], + "PublishedDate": "2017-08-28T21:29:00.293Z", + "LastModifiedDate": "2019-10-03T00:03:26.223Z" + }, + { + "VulnerabilityID": "CVE-2018-1000876", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "integer overflow leads to heap-based buffer overflow in objdump", + "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190", + "CWE-787" + ], + "VendorSeverity": { + "amazon": 2, + "debian": 1, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "http://www.securityfocus.com/bid/106304", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://access.redhat.com/security/cve/CVE-2018-1000876", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", + "https://linux.oracle.com/cve/CVE-2018-1000876.html", + "https://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-1000876", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", + "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-1000876" + ], + "PublishedDate": "2018-12-20T17:29:01.033Z", + "LastModifiedDate": "2023-11-07T02:51:14.47Z" + }, + { + "VulnerabilityID": "CVE-2018-12697", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", + "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "debian": 1, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104538", + "https://access.redhat.com/errata/RHSA-2019:2075", + "https://access.redhat.com/security/cve/CVE-2018-12697", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://linux.oracle.com/cve/CVE-2018-12697.html", + "https://linux.oracle.com/errata/ELSA-2019-2075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2018-12697", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057", + "https://ubuntu.com/security/notices/USN-4326-1", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4326-1/", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-12697" + ], + "PublishedDate": "2018-06-23T23:29:00.22Z", + "LastModifiedDate": "2019-08-03T13:15:17.257Z" + }, + { + "VulnerabilityID": "CVE-2018-12698", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", + "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", + "Severity": "LOW", + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104539", + "https://access.redhat.com/security/cve/CVE-2018-12698", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://nvd.nist.gov/vuln/detail/CVE-2018-12698", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057", + "https://ubuntu.com/security/notices/USN-4326-1", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4326-1/", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-12698" + ], + "PublishedDate": "2018-06-23T23:29:00.283Z", + "LastModifiedDate": "2019-10-03T00:03:26.223Z" + }, + { + "VulnerabilityID": "CVE-2018-12699", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", + "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://www.securityfocus.com/bid/104540", + "https://access.redhat.com/security/cve/CVE-2018-12699", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", + "https://nvd.nist.gov/vuln/detail/CVE-2018-12699", + "https://security.gentoo.org/glsa/201908-01", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23057", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-12699" + ], + "PublishedDate": "2018-06-23T23:29:00.33Z", + "LastModifiedDate": "2019-08-03T13:15:17.587Z" + }, + { + "VulnerabilityID": "CVE-2018-12934", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", + "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", + "Severity": "LOW", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2018-12934", + "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934", + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", + "https://nvd.nist.gov/vuln/detail/CVE-2018-12934", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23059", + "https://ubuntu.com/security/notices/USN-4326-1", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4326-1/", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-12934" + ], + "PublishedDate": "2018-06-28T14:29:00.683Z", + "LastModifiedDate": "2020-04-21T22:15:13.15Z" + }, + { + "VulnerabilityID": "CVE-2018-17358", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17358", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: invalid memory access in _bfd_stab_section_find_nearest_line in syms.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/security/cve/CVE-2018-17358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358", + "https://nvd.nist.gov/vuln/detail/CVE-2018-17358", + "https://seclists.org/bugtraq/2020/Jan/25", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23686", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-17358" + ], + "PublishedDate": "2018-09-23T18:29:00.283Z", + "LastModifiedDate": "2019-10-31T01:15:12.203Z" + }, + { + "VulnerabilityID": "CVE-2018-17359", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17359", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: invalid memory access in bfd_zalloc in opncls.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.", + "Severity": "LOW", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/security/cve/CVE-2018-17359", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359", + "https://nvd.nist.gov/vuln/detail/CVE-2018-17359", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23686", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-17359" + ], + "PublishedDate": "2018-09-23T18:29:00.44Z", + "LastModifiedDate": "2019-10-31T01:15:12.437Z" + }, + { + "VulnerabilityID": "CVE-2018-17360", + "PkgID": "binutils@2.31.1-16", + "PkgName": "binutils", + "InstalledVersion": "2.31.1-16", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e01a454893a9a11115c598e5dec158ded8bd41326046c993c81b76b6a963590b" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17360", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c", + "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", + "Severity": "LOW", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "debian": 1, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "https://access.redhat.com/security/cve/CVE-2018-17360", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360", + "https://nvd.nist.gov/vuln/detail/CVE-2018-17360", + "https://sourceware.org/bugzilla/show_bug.cgi?id=23685", + "https://ubuntu.com/security/notices/USN-4336-1", + "https://ubuntu.com/security/notices/USN-4336-2", + "https://usn.ubuntu.com/4336-1/", + "https://www.cve.org/CVERecord?id=CVE-2018-17360" + ], + "PublishedDate": "2018-09-23T18:29:00.547Z", + "LastModifiedDate": "2019-10-31T01:15:12.56Z" + }, + { + "VulnerabilityID": "CVE-2023-26136", + "PkgID": "tough-cookie@2.5.0", + "PkgName": "tough-cookie", + "PkgPath": "usr/local/lib/node_modules/npm/node_modules/tough-cookie/package.json", + "InstalledVersion": "2.5.0", + "FixedVersion": "4.1.3", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:f8a91dd5fc84e4e5a1f261cf306ba1de28894524326d86eec0d74e9c0d22baec" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26136", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Title": "tough-cookie: prototype pollution in cookie memstore", + "Description": "Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 4, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-26136", + "https://github.com/salesforce/tough-cookie", + "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e", + "https://github.com/salesforce/tough-cookie/issues/282", + "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3", + "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-26136", + "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", + "https://www.cve.org/CVERecord?id=CVE-2023-26136" + ], + "PublishedDate": "2023-07-01T05:15:16.103Z", + "LastModifiedDate": "2023-11-07T04:09:26.4Z" + } + ] + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/trivy/kubernetes.json b/unittests/scans/trivy/kubernetes.json new file mode 100644 index 00000000000..ad2e0e39fc2 --- /dev/null +++ b/unittests/scans/trivy/kubernetes.json @@ -0,0 +1,1742 @@ +{ + "ClusterName": "arn:aws:eks:us-east-1:576036489467:cluster/monitoring-test-cluster", + "Vulnerabilities": [ + { + "Namespace": "default", + "Kind": "Deployment", + "Name": "redis-follower", + "Results": [ + { + "Target": "gcr.io/google_samples/gb-redis-follower:v2 (debian 10.4)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-27350", + "VendorIDs": [ + "DSA-4808-1" + ], + "PkgName": "apt", + "InstalledVersion": "1.8.2.1", + "FixedVersion": "1.8.2.2", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "apt: integer overflows and underflows while parsing .deb packages", + "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 5.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-27350", + "https://bugs.launchpad.net/bugs/1899193", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350", + "https://security.netapp.com/advisory/ntap-20210108-0005/", + "https://ubuntu.com/security/notices/USN-4667-1", + "https://ubuntu.com/security/notices/USN-4667-2", + "https://usn.ubuntu.com/usn/usn-4667-1", + "https://www.debian.org/security/2020/dsa-4808" + ], + "PublishedDate": "2020-12-10T04:15:00Z", + "LastModifiedDate": "2021-01-08T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "apt", + "InstalledVersion": "1.8.2.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://seclists.org/fulldisclosure/2011/Sep/221", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518", + "https://ubuntu.com/security/CVE-2011-3374" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2021-02-09T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://linux.oracle.com/cve/CVE-2019-18276.html", + "https://linux.oracle.com/errata/ELSA-2021-1679.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2019-18276", + "https://security.gentoo.org/glsa/202105-34", + "https://security.netapp.com/advisory/ntap-20200430-0003/", + "https://ubuntu.com/security/notices/USN-5380-1", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2022-06-07T18:41:00Z" + }, + { + "VulnerabilityID": "CVE-2021-37600", + "PkgName": "bsdutils", + "InstalledVersion": "2.33.1-0.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", + "Description": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 1.2, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-37600", + "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", + "https://github.com/karelzak/util-linux/issues/1395", + "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", + "https://security.netapp.com/advisory/ntap-20210902-0002/" + ], + "PublishedDate": "2021-07-30T14:15:00Z", + "LastModifiedDate": "2021-10-18T12:18:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgName": "bsdutils", + "InstalledVersion": "2.33.1-0.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.netapp.com/advisory/ntap-20220331-0002/" + ], + "PublishedDate": "2022-02-21T19:15:00Z", + "LastModifiedDate": "2022-06-03T14:15:00Z" + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Deployment", + "Name": "redis-leader", + "Results": [ + { + "Target": "docker.io/redis:6.0.5 (debian 10.4)", + "Class": "os-pkgs", + "Type": "debian", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-27350", + "VendorIDs": [ + "DSA-4808-1" + ], + "PkgName": "apt", + "InstalledVersion": "1.8.2.1", + "FixedVersion": "1.8.2.2", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "apt: integer overflows and underflows while parsing .deb packages", + "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 5.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-27350", + "https://bugs.launchpad.net/bugs/1899193", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350", + "https://security.netapp.com/advisory/ntap-20210108-0005/", + "https://ubuntu.com/security/notices/USN-4667-1", + "https://ubuntu.com/security/notices/USN-4667-2", + "https://usn.ubuntu.com/usn/usn-4667-1", + "https://www.debian.org/security/2020/dsa-4808" + ], + "PublishedDate": "2020-12-10T04:15:00Z", + "LastModifiedDate": "2021-01-08T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2011-3374", + "PkgName": "apt", + "InstalledVersion": "1.8.2.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", + "Severity": "LOW", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/cve-2011-3374", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", + "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", + "https://seclists.org/fulldisclosure/2011/Sep/221", + "https://security-tracker.debian.org/tracker/CVE-2011-3374", + "https://snyk.io/vuln/SNYK-LINUX-APT-116518", + "https://ubuntu.com/security/CVE-2011-3374" + ], + "PublishedDate": "2019-11-26T00:15:00Z", + "LastModifiedDate": "2021-02-09T16:08:00Z" + }, + { + "VulnerabilityID": "CVE-2019-18276", + "PkgName": "bash", + "InstalledVersion": "5.0-4", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped", + "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", + "Severity": "LOW", + "CweIDs": [ + "CWE-273" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", + "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://linux.oracle.com/cve/CVE-2019-18276.html", + "https://linux.oracle.com/errata/ELSA-2021-1679.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2019-18276", + "https://security.gentoo.org/glsa/202105-34", + "https://security.netapp.com/advisory/ntap-20200430-0003/", + "https://ubuntu.com/security/notices/USN-5380-1", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.youtube.com/watch?v=-wGtxJ8opa8" + ], + "PublishedDate": "2019-11-28T01:15:00Z", + "LastModifiedDate": "2022-06-07T18:41:00Z" + }, + { + "VulnerabilityID": "CVE-2021-37600", + "PkgName": "bsdutils", + "InstalledVersion": "2.33.1-0.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-37600", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", + "Description": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.", + "Severity": "LOW", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 1.2, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-37600", + "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", + "https://github.com/karelzak/util-linux/issues/1395", + "https://nvd.nist.gov/vuln/detail/CVE-2021-37600", + "https://security.netapp.com/advisory/ntap-20210902-0002/" + ], + "PublishedDate": "2021-07-30T14:15:00Z", + "LastModifiedDate": "2021-10-18T12:18:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0563", + "PkgName": "bsdutils", + "InstalledVersion": "2.33.1-0.1", + "Layer": { + "Digest": "sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df", + "DiffID": "sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74" + }, + "SeveritySource": "debian", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "Description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", + "Severity": "LOW", + "CweIDs": [ + "CWE-209" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-0563", + "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0563", + "https://security.netapp.com/advisory/ntap-20220331-0002/" + ], + "PublishedDate": "2022-02-21T19:15:00Z", + "LastModifiedDate": "2022-06-03T14:15:00Z" + } + ] + } + ] + } + ], + "Misconfigurations": [ + { + "Namespace": "default", + "Kind": "Deployment", + "Name": "redis-follower", + "Results": [ + { + "Target": "Deployment/redis-follower", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 23, + "Failures": 8, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV001", + "Title": "Process can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'follower' of Deployment 'redis-follower' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv001" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: gcr.io/google_samples/gb-redis-follower:v2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: follower", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV003", + "Title": "Default capabilities not dropped", + "Description": "The container should drop all default capabilities and add only those that are needed for its execution.", + "Message": "Container 'follower' of Deployment 'redis-follower' should add 'ALL' to 'securityContext.capabilities.drop'", + "Namespace": "builtin.kubernetes.KSV003", + "Query": "data.builtin.kubernetes.KSV003.deny", + "Resolution": "Add 'ALL' to containers[].securityContext.capabilities.drop.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv003", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/", + "https://avd.aquasec.com/misconfig/ksv003" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: gcr.io/google_samples/gb-redis-follower:v2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: follower", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV011", + "Title": "CPU not limited", + "Description": "Enforcing CPU limits prevents DoS via resource exhaustion.", + "Message": "Container 'follower' of Deployment 'redis-follower' should set 'resources.limits.cpu'", + "Namespace": "builtin.kubernetes.KSV011", + "Query": "data.builtin.kubernetes.KSV011.deny", + "Resolution": "Set a limit value under 'containers[].resources.limits.cpu'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv011", + "References": [ + "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits", + "https://avd.aquasec.com/misconfig/ksv011" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: gcr.io/google_samples/gb-redis-follower:v2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: follower", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV012", + "Title": "Runs as root user", + "Description": "'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'follower' of Deployment 'redis-follower' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv012" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: gcr.io/google_samples/gb-redis-follower:v2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: follower", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'follower' of Deployment 'redis-follower' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv014" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: gcr.io/google_samples/gb-redis-follower:v2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: follower", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Deployment", + "Name": "redis-leader", + "Results": [ + { + "Target": "Deployment/redis-leader", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 23, + "Failures": 8, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV001", + "Title": "Process can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'leader' of Deployment 'redis-leader' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv001" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: docker.io/redis:6.0.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV003", + "Title": "Default capabilities not dropped", + "Description": "The container should drop all default capabilities and add only those that are needed for its execution.", + "Message": "Container 'leader' of Deployment 'redis-leader' should add 'ALL' to 'securityContext.capabilities.drop'", + "Namespace": "builtin.kubernetes.KSV003", + "Query": "data.builtin.kubernetes.KSV003.deny", + "Resolution": "Add 'ALL' to containers[].securityContext.capabilities.drop.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv003", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/", + "https://avd.aquasec.com/misconfig/ksv003" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: docker.io/redis:6.0.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV011", + "Title": "CPU not limited", + "Description": "Enforcing CPU limits prevents DoS via resource exhaustion.", + "Message": "Container 'leader' of Deployment 'redis-leader' should set 'resources.limits.cpu'", + "Namespace": "builtin.kubernetes.KSV011", + "Query": "data.builtin.kubernetes.KSV011.deny", + "Resolution": "Set a limit value under 'containers[].resources.limits.cpu'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv011", + "References": [ + "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits", + "https://avd.aquasec.com/misconfig/ksv011" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: docker.io/redis:6.0.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV012", + "Title": "Runs as root user", + "Description": "'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'leader' of Deployment 'redis-leader' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv012" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: docker.io/redis:6.0.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'leader' of Deployment 'redis-leader' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv014" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 132, + "EndLine": 143, + "Code": { + "Lines": [ + { + "Number": 132, + "Content": " - image: docker.io/redis:6.0.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": true, + "LastCause": false + }, + { + "Number": 133, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " name: leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - containerPort: 6379", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 138, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 139, + "Content": " requests:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + }, + { + "Number": 140, + "Content": " cpu: 100m", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": true + }, + { + "Number": 141, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "redis-follower", + "Results": [ + { + "Target": "Service/redis-follower", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 31, + "Failures": 0, + "Exceptions": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "redis-leader", + "Results": [ + { + "Target": "Service/redis-leader", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 31, + "Failures": 0, + "Exceptions": 0 + } + } + ] + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/trivy/license_scheme.json b/unittests/scans/trivy/license_scheme.json new file mode 100644 index 00000000000..d66c4b2cf6a --- /dev/null +++ b/unittests/scans/trivy/license_scheme.json @@ -0,0 +1,239 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "alpine:3.11", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "alpine", + "Name": "3.11.13" + }, + "ImageID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229", + "DiffIDs": [ + "sha256:69715584ec78c168981b0925dd7c50f4537bc598dcbce814db2803a10b777b5c" + ], + "RepoTags": [ + "alpine:3.11" + ], + "RepoDigests": [ + "alpine@sha256:bcae378eacedab83da66079d9366c8f5df542d7ed9ab23bf487e3e1a8481375d" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "9a36cae78f6934ef1807fa6d7fbe783ef8ef7c719438a53c5ce3d6cabd0ad551", + "created": "2021-11-12T17:20:17.61716938Z", + "docker_version": "20.10.7", + "history": [ + { + "created": "2021-11-12T17:20:17Z", + "created_by": "/bin/sh -c #(nop) ADD file:efe2d94a88cdbbd01c3ef095f0a2473cec9e74804b49cd6fb9b837d362631409 in / " + }, + { + "created": "2021-11-12T17:20:17Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:69715584ec78c168981b0925dd7c50f4537bc598dcbce814db2803a10b777b5c" + ] + }, + "config": { + "Cmd": [ + "/bin/sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:ff3f29274d45b1bf9ebf7c6df3a8021bb2396803c7644ee8306b9f45732a61ea" + } + } + }, + "Results": [ + { + "Target": "OS Packages", + "Class": "license", + "Licenses": [ + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "alpine-baselayout", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "alpine-keys", + "FilePath": "", + "Name": "MIT", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "apk-tools", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "busybox", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "MEDIUM", + "Category": "reciprocal", + "PkgName": "ca-certificates-cacert", + "FilePath": "", + "Name": "MPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "ca-certificates-cacert", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "libc-utils", + "FilePath": "", + "Name": "BSD-3-Clause", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "libcrypto1.1", + "FilePath": "", + "Name": "OpenSSL", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "libssl1.1", + "FilePath": "", + "Name": "OpenSSL", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "libtls-standalone", + "FilePath": "", + "Name": "ISC", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "musl", + "FilePath": "", + "Name": "MIT", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "musl-utils", + "FilePath": "", + "Name": "MIT", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "musl-utils", + "FilePath": "", + "Name": "BSD-3-Clause", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "musl-utils", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "scanelf", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "HIGH", + "Category": "restricted", + "PkgName": "ssl_client", + "FilePath": "", + "Name": "GPL-2.0", + "Confidence": 1, + "Link": "" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "zlib", + "FilePath": "", + "Name": "Zlib", + "Confidence": 1, + "Link": "" + } + ] + }, + { + "Target": "Loose File License(s)", + "Class": "license-file", + "Licenses": [ + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "", + "FilePath": "/etc/ssl/misc/CA.pl", + "Name": "OpenSSL", + "Confidence": 1, + "Link": "https://spdx.org/licenses/OpenSSL.html" + }, + { + "Severity": "LOW", + "Category": "notice", + "PkgName": "", + "FilePath": "/etc/ssl/misc/tsget.pl", + "Name": "OpenSSL", + "Confidence": 1, + "Link": "https://spdx.org/licenses/OpenSSL.html" + } + ] + } + ] +} diff --git a/unittests/scans/trivy/misconfigurations_and_secrets.json b/unittests/scans/trivy/misconfigurations_and_secrets.json new file mode 100644 index 00000000000..89f0b721e7d --- /dev/null +++ b/unittests/scans/trivy/misconfigurations_and_secrets.json @@ -0,0 +1,192 @@ +{ + "SchemaVersion": 2, + "ArtifactName": ".", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "requirements.txt", + "Class": "lang-pkgs", + "Type": "pip", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2021-33503", + "PkgName": "urllib3", + "InstalledVersion": "1.26.3", + "FixedVersion": "1.26.5", + "Layer": {}, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33503", + "DataSource": { + "ID": "osv", + "Name": "Python Packaging Advisory Database", + "URL": "https://github.com/pypa/advisory-db" + }, + "Title": "python-urllib3: ReDoS in the parsing of authority part of URL", + "Description": "An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-33503", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503", + "https://errata.almalinux.org/8/ALSA-2021-4162.html", + "https://github.com/advisories/GHSA-q2q7-5pp4-w6pg", + "https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec", + "https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg", + "https://linux.oracle.com/cve/CVE-2021-33503.html", + "https://linux.oracle.com/errata/ELSA-2021-4162.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-33503", + "https://security.gentoo.org/glsa/202107-36", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-06-29T11:15:00Z", + "LastModifiedDate": "2021-12-08T20:34:00Z" + }, + { + "VulnerabilityID": "CVE-2021-28363", + "PkgName": "urllib3", + "InstalledVersion": "1.26.3", + "FixedVersion": "1.26.4", + "Layer": {}, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-28363", + "DataSource": { + "ID": "osv", + "Name": "Python Packaging Advisory Database", + "URL": "https://github.com/pypa/advisory-db" + }, + "Title": "python-urllib3: HTTPS proxy host name not validated when using default SSLContext", + "Description": "The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 6.4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-28363", + "https://github.com/advisories/GHSA-5phf-pp7p-vc2r", + "https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml", + "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15", + "https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0", + "https://github.com/urllib3/urllib3/commits/main", + "https://github.com/urllib3/urllib3/releases/tag/1.26.4", + "https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-28363", + "https://pypi.org/project/urllib3/1.26.4/", + "https://security.gentoo.org/glsa/202107-36", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-03-15T18:15:00Z", + "LastModifiedDate": "2021-12-08T19:58:00Z" + } + ] + }, + { + "Target": "Dockerfile", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 22, + "Failures": 1, + "Exceptions": 0 + }, + "Misconfigurations": [ + { + "Type": "Dockerfile Security Check", + "ID": "DS002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds002" + ], + "Status": "FAIL", + "Layer": {}, + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general", + "Code": { + "Lines": null + } + } + } + ] + }, + { + "Target": "Dockerfile", + "Class": "secret", + "Secrets": [ + { + "RuleID": "github-pat", + "Category": "GitHub", + "Severity": "CRITICAL", + "Title": "GitHub Personal Access Token", + "StartLine": 24, + "EndLine": 24, + "Match": "ENV GITHUB_PAT=*****" + } + ] + }, + { + "Target": "secret.txt", + "Class": "secret", + "Secrets": [ + { + "RuleID": "github-pat", + "Category": "GitHub", + "Severity": "CRITICAL", + "Title": "GitHub Personal Access Token", + "StartLine": 1, + "EndLine": 1, + "Match": "GITHUB_PAT=*****" + } + ] + } + ] + } + \ No newline at end of file diff --git a/unittests/scans/trivy/scheme_2_many_vulns.json b/unittests/scans/trivy/scheme_2_many_vulns.json index 7ae199be509..5e94bf08f88 100644 --- a/unittests/scans/trivy/scheme_2_many_vulns.json +++ b/unittests/scans/trivy/scheme_2_many_vulns.json @@ -20,6 +20,7 @@ { "VulnerabilityID": "CVE-2020-15999", "PkgName": "freetype", + "PkgPath": "app/libs/freetype-2.9.1-r2", "InstalledVersion": "2.9.1-r2", "FixedVersion": "2.9.1-r3", "Layer": { @@ -72,6 +73,7 @@ { "VulnerabilityID": "CVE-2020-28196", "PkgName": "krb5-libs", + "PkgPath": "app/libs/krb5-libs-1.15.5-r0", "InstalledVersion": "1.15.5-r0", "FixedVersion": "1.15.5-r1", "Layer": { @@ -115,6 +117,7 @@ { "VulnerabilityID": "CVE-2019-12900", "PkgName": "libbz2", + "PkgPath": "app/libs/libbz2-1.0.6-r6", "InstalledVersion": "1.0.6-r6", "FixedVersion": "1.0.6-r7", "Layer": { @@ -177,6 +180,7 @@ { "VulnerabilityID": "CVE-2018-11771", "PkgName": "org.apache.commons:commons-compress", + "PkgPath": "app/libs/commons-compress-1.14", "InstalledVersion": "1.14", "FixedVersion": "1.18", "Layer": { @@ -230,6 +234,7 @@ { "VulnerabilityID": "CVE-2018-1324", "PkgName": "org.apache.commons:commons-compress", + "PkgPath": "app/libs/commons-compress-1.14", "InstalledVersion": "1.14", "FixedVersion": "1.16", "Layer": { diff --git a/unittests/scans/trivy_operator/configauditreport_many.json b/unittests/scans/trivy_operator/configauditreport_many.json new file mode 100644 index 00000000000..9f5efc2337d --- /dev/null +++ b/unittests/scans/trivy_operator/configauditreport_many.json @@ -0,0 +1,192 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ConfigAuditReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:22:54Z", + "generation": 1, + "labels": { + "plugin-config-hash": "659b7b9c46", + "resource-spec-hash": "fc85b485f", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1268", + "uid": "a92e0951-e988-419d-8602-6852f920ce06" + }, + "report": { + "checks": [ + { + "category": "Kubernetes Security Check", + "checkID": "KSV014", + "description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.readOnlyRootFilesystem' to true" + ], + "severity": "LOW", + "success": false, + "title": "Root file system is not read-only" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV016", + "description": "When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'resources.requests.memory'" + ], + "severity": "LOW", + "success": false, + "title": "Memory requests not specified" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV030", + "description": "The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.", + "messages": [ + "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'" + ], + "severity": "LOW", + "success": false, + "title": "Default Seccomp profile not set" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV015", + "description": "When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'resources.requests.cpu'" + ], + "severity": "LOW", + "success": false, + "title": "CPU requests not specified" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV011", + "description": "Enforcing CPU limits prevents DoS via resource exhaustion.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'resources.limits.cpu'" + ], + "severity": "LOW", + "success": false, + "title": "CPU not limited" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV012", + "description": "'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.runAsNonRoot' to true" + ], + "severity": "MEDIUM", + "success": false, + "title": "Runs as root user" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV018", + "description": "Enforcing memory limits prevents DoS via resource exhaustion.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'resources.limits.memory'" + ], + "severity": "LOW", + "success": false, + "title": "Memory not limited" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV110", + "description": "ensure that default namespace should not be used", + "messages": [ + "ReplicaSet 'nginx-deployment-965685897' should not be set with 'default' namespace" + ], + "severity": "LOW", + "success": false, + "title": "The default namespace should not be used" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV003", + "description": "The container should drop all default capabilities and add only those that are needed for its execution.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should add 'ALL' to 'securityContext.capabilities.drop'" + ], + "severity": "LOW", + "success": false, + "title": "Default capabilities not dropped" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV021", + "description": "Force the container to run with group ID \u003e 10000 to avoid conflicts with the host’s user table.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.runAsGroup' \u003e 10000" + ], + "severity": "LOW", + "success": false, + "title": "Runs with low group ID" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV001", + "description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.allowPrivilegeEscalation' to false" + ], + "severity": "MEDIUM", + "success": false, + "title": "Process can elevate its own privileges" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV106", + "description": "Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.", + "messages": [ + "container should drop all" + ], + "severity": "LOW", + "success": false, + "title": "Container capabilities must only include NET_BIND_SERVICE" + }, + { + "category": "Kubernetes Security Check", + "checkID": "KSV020", + "description": "Force the container to run with user ID \u003e 10000 to avoid conflicts with the host’s user table.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.runAsUser' \u003e 10000" + ], + "severity": "LOW", + "success": false, + "title": "Runs with low user ID" + } + ], + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "dev" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 11, + "mediumCount": 2 + }, + "updateTimestamp": "2023-03-23T16:22:54Z" + } +} + diff --git a/unittests/scans/trivy_operator/configauditreport_no_vuln.json b/unittests/scans/trivy_operator/configauditreport_no_vuln.json new file mode 100644 index 00000000000..7eea65c8cde --- /dev/null +++ b/unittests/scans/trivy_operator/configauditreport_no_vuln.json @@ -0,0 +1,48 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ConfigAuditReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:22:54Z", + "generation": 1, + "labels": { + "plugin-config-hash": "659b7b9c46", + "resource-spec-hash": "fc85b485f", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1268", + "uid": "a92e0951-e988-419d-8602-6852f920ce06" + }, + "report": { + "checks": [], + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "dev" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-23T16:22:54Z" + } +} + diff --git a/unittests/scans/trivy_operator/configauditreport_single_vuln.json b/unittests/scans/trivy_operator/configauditreport_single_vuln.json new file mode 100644 index 00000000000..13dd9a8afb1 --- /dev/null +++ b/unittests/scans/trivy_operator/configauditreport_single_vuln.json @@ -0,0 +1,60 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ConfigAuditReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:22:54Z", + "generation": 1, + "labels": { + "plugin-config-hash": "659b7b9c46", + "resource-spec-hash": "fc85b485f", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1268", + "uid": "a92e0951-e988-419d-8602-6852f920ce06" + }, + "report": { + "checks": [ + { + "category": "Kubernetes Security Check", + "checkID": "KSV014", + "description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "messages": [ + "Container 'nginx' of ReplicaSet 'nginx-deployment-965685897' should set 'securityContext.readOnlyRootFilesystem' to true" + ], + "severity": "LOW", + "success": false, + "title": "Root file system is not read-only" + } + ], + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "dev" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 1, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-23T16:22:54Z" + } +} + diff --git a/unittests/scans/trivy_operator/exposedsecretreport_many.json b/unittests/scans/trivy_operator/exposedsecretreport_many.json new file mode 100644 index 00000000000..f7e36bcdff2 --- /dev/null +++ b/unittests/scans/trivy_operator/exposedsecretreport_many.json @@ -0,0 +1,72 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ExposedSecretReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-24T08:34:18Z", + "generation": 1, + "labels": { + "resource-spec-hash": "69497b548d", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-c868466d4", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-c868466d4-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-c868466d4", + "uid": "1f07d5aa-f272-4f3d-ada8-a3f80ab8088d" + } + ], + "resourceVersion": "1798", + "uid": "46490b45-f440-446c-9574-efcd3afe3a92" + }, + "report": { + "artifact": { + "repository": "library/secret", + "tag": "latest" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "secrets": [ + { + "category": "AWS", + "match": "AWS_secret_KEY=\"****************************************\"", + "ruleID": "aws-secret-access-key", + "severity": "CRITICAL", + "target": "root/aws_secret.txt", + "title": "AWS Secret Access Key" + }, + { + "category": "GitHub", + "match": "GITHUB_PAT=\"****************************************\"", + "ruleID": "github-pat", + "severity": "CRITICAL", + "target": "root/github_secret.txt", + "title": "GitHub Personal Access Token" + } + ], + "summary": { + "criticalCount": 2, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-24T08:34:18Z" + } +} + diff --git a/unittests/scans/trivy_operator/exposedsecretreport_no_vuln.json b/unittests/scans/trivy_operator/exposedsecretreport_no_vuln.json new file mode 100644 index 00000000000..2e90a386298 --- /dev/null +++ b/unittests/scans/trivy_operator/exposedsecretreport_no_vuln.json @@ -0,0 +1,55 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ExposedSecretReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-24T08:34:18Z", + "generation": 1, + "labels": { + "resource-spec-hash": "69497b548d", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-c868466d4", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-c868466d4-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-c868466d4", + "uid": "1f07d5aa-f272-4f3d-ada8-a3f80ab8088d" + } + ], + "resourceVersion": "1798", + "uid": "46490b45-f440-446c-9574-efcd3afe3a92" + }, + "report": { + "artifact": { + "repository": "library/secret", + "tag": "latest" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "secrets": [], + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-24T08:34:18Z" + } +} + diff --git a/unittests/scans/trivy_operator/exposedsecretreport_single_vuln.json b/unittests/scans/trivy_operator/exposedsecretreport_single_vuln.json new file mode 100644 index 00000000000..c678645b39c --- /dev/null +++ b/unittests/scans/trivy_operator/exposedsecretreport_single_vuln.json @@ -0,0 +1,64 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "ExposedSecretReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-24T08:34:18Z", + "generation": 1, + "labels": { + "resource-spec-hash": "69497b548d", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-c868466d4", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-c868466d4-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-c868466d4", + "uid": "1f07d5aa-f272-4f3d-ada8-a3f80ab8088d" + } + ], + "resourceVersion": "1798", + "uid": "46490b45-f440-446c-9574-efcd3afe3a92" + }, + "report": { + "artifact": { + "repository": "library/secret", + "tag": "latest" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "secrets": [ + { + "category": "AWS", + "match": "AWS_secret_KEY=\"****************************************\"", + "ruleID": "aws-secret-access-key", + "severity": "CRITICAL", + "target": "root/aws_secret.txt", + "title": "AWS Secret Access Key" + } + ], + "summary": { + "criticalCount": 1, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0 + }, + "updateTimestamp": "2023-03-24T08:34:18Z" + } +} + diff --git a/unittests/scans/trivy_operator/vulnerabilityreport_extended.json b/unittests/scans/trivy_operator/vulnerabilityreport_extended.json new file mode 100644 index 00000000000..dfa44a0a0bf --- /dev/null +++ b/unittests/scans/trivy_operator/vulnerabilityreport_extended.json @@ -0,0 +1,206 @@ +{ + "kind": "VulnerabilityReport", + "apiVersion": "aquasecurity.github.io/v1alpha1", + "metadata": { + "name": "pod-ubuntu-ubuntu", + "namespace": "lbc", + "uid": "e2c1fa59-051b-479d-ab47-f7bf6e7f858d", + "resourceVersion": "26700784781", + "generation": 1, + "creationTimestamp": "2024-01-23T13:43:55Z", + "labels": { + "resource-spec-hash": "666674544b", + "trivy-operator.container.name": "ubuntu", + "trivy-operator.resource.kind": "Pod", + "trivy-operator.resource.name": "ubuntu", + "trivy-operator.resource.namespace": "lbc" + }, + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "ownerReferences": [ + { + "apiVersion": "v1", + "kind": "Pod", + "name": "ubuntu", + "uid": "aa8d6ec8-5417-4190-93e9-6d4d78dc8da9", + "controller": true, + "blockOwnerDeletion": false + } + ], + "managedFields": [ + { + "manager": "trivy-operator", + "operation": "Update", + "apiVersion": "aquasecurity.github.io/v1alpha1", + "time": "2024-01-23T13:43:55Z", + "fieldsType": "FieldsV1", + "fieldsV1": { + "f:metadata": { + "f:annotations": { + ".": {}, + "f:trivy-operator.aquasecurity.github.io/report-ttl": {} + }, + "f:labels": { + ".": {}, + "f:resource-spec-hash": {}, + "f:trivy-operator.container.name": {}, + "f:trivy-operator.resource.kind": {}, + "f:trivy-operator.resource.name": {}, + "f:trivy-operator.resource.namespace": {} + }, + "f:ownerReferences": { + ".": {}, + "k:{\"uid\":\"aa8d6ec8-5417-4190-93e9-6d4d78dc8da9\"}": {} + } + }, + "f:report": { + ".": {}, + "f:artifact": { + ".": {}, + "f:digest": {}, + "f:repository": {}, + "f:tag": {} + }, + "f:os": { + ".": {}, + "f:family": {}, + "f:name": {} + }, + "f:registry": { + ".": {}, + "f:server": {} + }, + "f:scanner": { + ".": {}, + "f:name": {}, + "f:vendor": {}, + "f:version": {} + }, + "f:summary": { + ".": {}, + "f:criticalCount": {}, + "f:highCount": {}, + "f:lowCount": {}, + "f:mediumCount": {}, + "f:noneCount": {}, + "f:unknownCount": {} + }, + "f:updateTimestamp": {}, + "f:vulnerabilities": {} + } + } + } + ] + }, + "report": { + "updateTimestamp": "2024-01-23T13:43:55Z", + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.48.3" + }, + "registry": { + "server": "index.docker.io" + }, + "artifact": { + "repository": "library/ubuntu", + "digest": "sha256:f78909c2b360d866b3220655c0b079838258b8891a12ac25fc670f0cbb54229f", + "tag": "20.04" + }, + "os": { + "family": "ubuntu", + "name": "20.04" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "mediumCount": 5, + "lowCount": 0, + "unknownCount": 0, + "noneCount": 0 + }, + "vulnerabilities": [ + { + "vulnerabilityID": "CVE-2024-0553", + "resource": "libgnutls30", + "installedVersion": "3.6.13-2ubuntu1.9", + "fixedVersion": "3.6.13-2ubuntu1.10", + "publishedDate": "2024-01-16T12:15:45Z", + "lastModifiedDate": "2024-01-19T21:15:08Z", + "severity": "MEDIUM", + "title": "gnutls: incomplete fix for CVE-2023-5981", + "primaryLink": "https://avd.aquasec.com/nvd/cve-2024-0553", + "links": [], + "score": 5.9, + "target": "ubuntu:20.04 (ubuntu 20.04)", + "class": "os-pkgs", + "packageType": "ubuntu" + }, + { + "vulnerabilityID": "CVE-2024-22365", + "resource": "libpam-modules", + "installedVersion": "1.3.1-5ubuntu4.6", + "fixedVersion": "1.3.1-5ubuntu4.7", + "publishedDate": "", + "lastModifiedDate": "", + "severity": "MEDIUM", + "title": "pam: allowing unpriledged user to block another user namespace", + "primaryLink": "https://avd.aquasec.com/nvd/cve-2024-22365", + "links": [], + "score": 5.5, + "target": "ubuntu:20.04 (ubuntu 20.04)", + "class": "os-pkgs", + "packageType": "ubuntu" + }, + { + "vulnerabilityID": "CVE-2024-22365", + "resource": "libpam-modules-bin", + "installedVersion": "1.3.1-5ubuntu4.6", + "fixedVersion": "1.3.1-5ubuntu4.7", + "publishedDate": "", + "lastModifiedDate": "", + "severity": "MEDIUM", + "title": "pam: allowing unpriledged user to block another user namespace", + "primaryLink": "https://avd.aquasec.com/nvd/cve-2024-22365", + "links": [], + "score": 5.5, + "target": "ubuntu:20.04 (ubuntu 20.04)", + "class": "os-pkgs", + "packageType": "ubuntu" + }, + { + "vulnerabilityID": "CVE-2024-22365", + "resource": "libpam-runtime", + "installedVersion": "1.3.1-5ubuntu4.6", + "fixedVersion": "1.3.1-5ubuntu4.7", + "publishedDate": "", + "lastModifiedDate": "", + "severity": "MEDIUM", + "title": "pam: allowing unpriledged user to block another user namespace", + "primaryLink": "https://avd.aquasec.com/nvd/cve-2024-22365", + "links": [], + "score": 5.5, + "target": "ubuntu:20.04 (ubuntu 20.04)", + "class": "os-pkgs", + "packageType": "ubuntu" + }, + { + "vulnerabilityID": "CVE-2024-22365", + "resource": "libpam0g", + "installedVersion": "1.3.1-5ubuntu4.6", + "fixedVersion": "1.3.1-5ubuntu4.7", + "publishedDate": "", + "lastModifiedDate": "", + "severity": "MEDIUM", + "title": "pam: allowing unpriledged user to block another user namespace", + "primaryLink": "https://avd.aquasec.com/nvd/cve-2024-22365", + "links": [], + "score": 5.5, + "target": "ubuntu:20.04 (ubuntu 20.04)", + "class": "os-pkgs", + "packageType": "ubuntu" + } + ] + } +} \ No newline at end of file diff --git a/unittests/scans/trivy_operator/vulnerabilityreport_many.json b/unittests/scans/trivy_operator/vulnerabilityreport_many.json new file mode 100644 index 00000000000..9dbdb6b1191 --- /dev/null +++ b/unittests/scans/trivy_operator/vulnerabilityreport_many.json @@ -0,0 +1,535 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "VulnerabilityReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:23:01Z", + "generation": 1, + "labels": { + "resource-spec-hash": "fc85b485f", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1293", + "uid": "b21503db-3075-4bb5-a259-aa33dbbaef4c" + }, + "report": { + "artifact": { + "repository": "library/nginx", + "tag": "alpine" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "summary": { + "criticalCount": 2, + "highCount": 3, + "lowCount": 11, + "mediumCount": 25, + "noneCount": 0, + "unknownCount": 0 + }, + "updateTimestamp": "2023-03-23T16:23:01Z", + "vulnerabilities": [ + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23914", + "resource": "curl", + "score": 4.2, + "severity": "CRITICAL", + "target": "", + "title": "curl: HSTS ignored on multiple requests", + "vulnerabilityID": "CVE-2023-23914" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23916", + "resource": "curl", + "score": 6.5, + "severity": "HIGH", + "target": "", + "title": "curl: HTTP multi-header compression denial of service", + "vulnerabilityID": "CVE-2023-23916" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23915", + "resource": "curl", + "score": 4.2, + "severity": "MEDIUM", + "target": "", + "title": "curl: HSTS amnesia with --parallel", + "vulnerabilityID": "CVE-2023-23915" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27535", + "resource": "curl", + "severity": "MEDIUM", + "target": "", + "title": "curl: FTP too eager connection reuse", + "vulnerabilityID": "CVE-2023-27535" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27533", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: TELNET option IAC injection", + "vulnerabilityID": "CVE-2023-27533" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27534", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: SFTP path ~ resolving discrepancy", + "vulnerabilityID": "CVE-2023-27534" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27536", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: GSS delegation too eager connection re-use", + "vulnerabilityID": "CVE-2023-27536" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27537", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: HSTS double-free", + "vulnerabilityID": "CVE-2023-27537" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27538", + "resource": "curl", + "severity": "LOW", + "target": "", + "title": "curl: SSH connection too eager reuse still", + "vulnerabilityID": "CVE-2023-27538" + }, + { + "fixedVersion": "3.0.8-r1", + "installedVersion": "3.0.8-r0", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464", + "resource": "libcrypto3", + "severity": "MEDIUM", + "target": "", + "title": "A security vulnerability has been identified in all supported versions ...", + "vulnerabilityID": "CVE-2023-0464" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23914", + "resource": "libcurl", + "score": 4.2, + "severity": "CRITICAL", + "target": "", + "title": "curl: HSTS ignored on multiple requests", + "vulnerabilityID": "CVE-2023-23914" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23916", + "resource": "libcurl", + "score": 6.5, + "severity": "HIGH", + "target": "", + "title": "curl: HTTP multi-header compression denial of service", + "vulnerabilityID": "CVE-2023-23916" + }, + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23915", + "resource": "libcurl", + "score": 4.2, + "severity": "MEDIUM", + "target": "", + "title": "curl: HSTS amnesia with --parallel", + "vulnerabilityID": "CVE-2023-23915" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27535", + "resource": "libcurl", + "severity": "MEDIUM", + "target": "", + "title": "curl: FTP too eager connection reuse", + "vulnerabilityID": "CVE-2023-27535" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27533", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: TELNET option IAC injection", + "vulnerabilityID": "CVE-2023-27533" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27534", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: SFTP path ~ resolving discrepancy", + "vulnerabilityID": "CVE-2023-27534" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27536", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: GSS delegation too eager connection re-use", + "vulnerabilityID": "CVE-2023-27536" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27537", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: HSTS double-free", + "vulnerabilityID": "CVE-2023-27537" + }, + { + "fixedVersion": "7.88.1-r1", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-27538", + "resource": "libcurl", + "severity": "LOW", + "target": "", + "title": "curl: SSH connection too eager reuse still", + "vulnerabilityID": "CVE-2023-27538" + }, + { + "fixedVersion": "3.0.8-r1", + "installedVersion": "3.0.8-r0", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464", + "resource": "libssl3", + "severity": "MEDIUM", + "target": "", + "title": "A security vulnerability has been identified in all supported versions ...", + "vulnerabilityID": "CVE-2023-0464" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3970", + "resource": "tiff", + "score": 8.8, + "severity": "HIGH", + "target": "", + "title": "libtiff: integer overflow in function TIFFReadRGBATileExt of the file", + "vulnerabilityID": "CVE-2022-3970" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3570", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: heap Buffer overflows in tiffcrop.c", + "vulnerabilityID": "CVE-2022-3570" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3597", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", + "vulnerabilityID": "CVE-2022-3597" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3598", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-3598" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3599", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-3599" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3626", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", + "vulnerabilityID": "CVE-2022-3626" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3627", + "resource": "tiff", + "score": 6.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", + "vulnerabilityID": "CVE-2022-3627" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4645", + "resource": "tiff", + "score": 5.6, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c", + "vulnerabilityID": "CVE-2022-4645" + }, + { + "fixedVersion": "4.4.0-r2", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48281", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2022-48281" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0795", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0795" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0796", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0796" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0797", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0797" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0798", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0798" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0799", + "resource": "tiff", + "score": 5.5, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0799" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0800", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0800" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0801", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0801" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0802", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0802" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0803", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0803" + }, + { + "fixedVersion": "4.4.0-r3", + "installedVersion": "4.4.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0804", + "resource": "tiff", + "score": 6.1, + "severity": "MEDIUM", + "target": "", + "title": "libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c", + "vulnerabilityID": "CVE-2023-0804" + }, + { + "fixedVersion": "", + "installedVersion": "v1.44.212", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2020-8911", + "resource": "github.com/aws/aws-sdk-go", + "score": 5.6, + "severity": "MEDIUM", + "target": "", + "title": "aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang", + "vulnerabilityID": "CVE-2020-8911" + }, + { + "fixedVersion": "", + "installedVersion": "v1.44.212", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2020-8912", + "resource": "github.com/aws/aws-sdk-go", + "score": 2.5, + "severity": "LOW", + "target": "", + "title": "aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang", + "vulnerabilityID": "CVE-2020-8912" + } + ] + } +} diff --git a/unittests/scans/trivy_operator/vulnerabilityreport_no_vuln.json b/unittests/scans/trivy_operator/vulnerabilityreport_no_vuln.json new file mode 100644 index 00000000000..4f8e2c6a53b --- /dev/null +++ b/unittests/scans/trivy_operator/vulnerabilityreport_no_vuln.json @@ -0,0 +1,56 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "VulnerabilityReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:23:01Z", + "generation": 1, + "labels": { + "resource-spec-hash": "fc85b485f", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1293", + "uid": "b21503db-3075-4bb5-a259-aa33dbbaef4c" + }, + "report": { + "artifact": { + "repository": "library/nginx", + "tag": "alpine" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "summary": { + "criticalCount": 0, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0, + "noneCount": 0, + "unknownCount": 0 + }, + "updateTimestamp": "2023-03-23T16:23:01Z", + "vulnerabilities": [] + } +} diff --git a/unittests/scans/trivy_operator/vulnerabilityreport_single_vuln.json b/unittests/scans/trivy_operator/vulnerabilityreport_single_vuln.json new file mode 100644 index 00000000000..fdbab161899 --- /dev/null +++ b/unittests/scans/trivy_operator/vulnerabilityreport_single_vuln.json @@ -0,0 +1,69 @@ +{ + "apiVersion": "aquasecurity.github.io/v1alpha1", + "kind": "VulnerabilityReport", + "metadata": { + "annotations": { + "trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" + }, + "creationTimestamp": "2023-03-23T16:23:01Z", + "generation": 1, + "labels": { + "resource-spec-hash": "fc85b485f", + "trivy-operator.container.name": "nginx", + "trivy-operator.resource.kind": "ReplicaSet", + "trivy-operator.resource.name": "nginx-deployment-965685897", + "trivy-operator.resource.namespace": "default" + }, + "name": "replicaset-nginx-deployment-965685897-nginx", + "namespace": "default", + "ownerReferences": [ + { + "apiVersion": "apps/v1", + "blockOwnerDeletion": false, + "controller": true, + "kind": "ReplicaSet", + "name": "nginx-deployment-965685897", + "uid": "d19c7f74-b4c3-429d-9a45-1b2f5efc3c88" + } + ], + "resourceVersion": "1293", + "uid": "b21503db-3075-4bb5-a259-aa33dbbaef4c" + }, + "report": { + "artifact": { + "repository": "library/nginx", + "tag": "alpine" + }, + "registry": { + "server": "index.docker.io" + }, + "scanner": { + "name": "Trivy", + "vendor": "Aqua Security", + "version": "0.38.2" + }, + "summary": { + "criticalCount": 1, + "highCount": 0, + "lowCount": 0, + "mediumCount": 0, + "noneCount": 0, + "unknownCount": 0 + }, + "updateTimestamp": "2023-03-23T16:23:01Z", + "vulnerabilities": [ + { + "fixedVersion": "7.87.0-r2", + "installedVersion": "7.87.0-r1", + "links": [], + "primaryLink": "https://avd.aquasec.com/nvd/cve-2023-23914", + "resource": "curl", + "score": 4.2, + "severity": "CRITICAL", + "target": "", + "title": "curl: HSTS ignored on multiple requests", + "vulnerabilityID": "CVE-2023-23914" + } + ] + } +} diff --git a/unittests/scans/trufflehog/many_vulns.json b/unittests/scans/trufflehog/v2_many_vulns.json similarity index 100% rename from unittests/scans/trufflehog/many_vulns.json rename to unittests/scans/trufflehog/v2_many_vulns.json diff --git a/unittests/scans/trufflehog/v3_git.json b/unittests/scans/trufflehog/v3_git.json new file mode 100644 index 00000000000..fc7beba6424 --- /dev/null +++ b/unittests/scans/trufflehog/v3_git.json @@ -0,0 +1,4 @@ +{"SourceMetadata":{"Data":{"Git":{"commit":"fbc14303ffbf8fb1c2c1914e8dda7d0121633aca","file":"keys","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","repository":"https://github.com/trufflesecurity/test_keys","timestamp":"2022-06-16 10:17:40 -0700 -0700","line":4}}},"SourceID":0,"SourceType":16,"SourceName":"trufflehog - git","DetectorType":2,"DetectorName":"AWS","Verified":true,"Raw":"QUtJQVlWUDRDSVBQRVJVVklGWEc=","Redacted":"AKIAYVP4CIPPERUVIFXG","ExtraData":{"account":"595918472158","arn":"arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj","user_id":"AIDAYVP4CIPPJ5M54LRCY"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Git":{"commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","file":"keys","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","repository":"https://github.com/trufflesecurity/test_keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":16,"SourceName":"trufflehog - git","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Git":{"commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","file":"keys","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","repository":"https://github.com/trufflesecurity/test_keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":1}}},"SourceID":0,"SourceType":16,"SourceName":"trufflehog - git","DetectorType":15,"DetectorName":"PrivateKey","Verified":true,"Raw":"LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQ21GbGN6STFOaTFqZEhJQUFBQUdZbU55ZVhCMEFBQUFHQUFBQUJBak5JWnV1bgp4Z0xrTThLdXpmbVF1UkFBQUFFQUFBQUFFQUFBR1hBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FEZTNBbDBFTVB6CnV0Vk5rNURpeGFZckdNSzU2UnFVb3FHQmlua2U2U1dWV21xb20xbEJjSld6b3I2SGxuTVJQUHI3WUNFc0pLTDRJcHVWd3UKaW5SYTVrZHROVHlNN3l5UVRTUjJ4WENTMGZVSXROdXE4cFVrdHNIOFZVZ2dwTWVldzhoSnY3ckZBN3RuSWczVVhDbDZpRgpPTFpLYkRBNWFhMjRpZHBjRDhiMUk5L1J6VE9CMWZ1MG9mNXhkOXZnT0R6R3c1SnZIUVNKMEZhQTQyYU5CTUd3ckRoREIzCnNnblJOZFdmNk5OSWg4S3BYWE1LSkFEZjNrbHN5bjZIZThMMmJQTXA4YTR3d3lzMllCMzVwNXpRMEpVUm92c2Rld2xPeEgKTlQ3ZVAxOWVWZjRkQ3JlaWJ4VW1SVWFvYjVERW9IRWs4V3J4aktXSVlVdUxlRDZBZmNXNm9YeVJVMll5OFZydDZTcUZsNQpXQWk0N1ZNRlRrRFpZUy9lQ3ZHNTNxOVVCSHBDajdRdmIwdlNrQ1pYQnZCSWhsdzE5M0YzUFg0V3ZPMUlYc013dlExRDFYCmxtb21zSXRicU0wY0p5S3c2TFUxOFFXaUJIdkU3QnFjcGhhb0w1RTA4VzJBVFRTUklNQ3A2cnQ0cnB0TTdLeUdLOHJjNlcKVVlyQ25XdDZLbENBOEFBQVdRWGsrbFZ4NmJINWl0SUtLWW1RcjZjUi81eHRaMkdIQXhuWXR2bFczeG5HaFUwTUh2K2xKMgp1b1dsVDJSWEU1cGRNVVFqN3JOV0FNcWt3aWZTS1pzOXdCZlllbzFUYUZEbUMzblc3eUhTTjNYVHVPNzhtUElXNUp5dm1FClJqNXFqc1VuN2ZObXpFQ29BeG5WRVJod25GM0txVUJFUHpJQWM2Lzd2L25hOU5UaWlHYUpQY285bHZDb1BXYlZMTjA4V0cKU3V5VSsweDV6YzNlYnp1UGNZcXU1L2M1bm1pR3hoQUxySWhqSVMwT1YxbXRBQUZodmRNak1JSE9pak96U0tWQ0M3clJrNQprRzlFTUxOdk9uL0RVVlNSSGFtdzVnczJWM1YrWnEyZzVuWVdmZ3E4YURTVEI4WGxJek9qMWN6M0h3Zk42cGZTTlEvM1FlCndPUWZXZlRXZE8rSlNMOGFvQk41V2c4dERiZ212bWJGcklOc0pmRmZTbTB3WmdjSGhDN1VsNFUzdjRjOFBvTmRLOUhYd2kKVEtLeko5bnhMWWIrdkRoNTBjbmtzZXUyZ3QwS3dWcGpJb3J4RXFlSzc1NW1LUGFvM0ptT01yNnVGVFFzYitnK1pOZ1B3bApuUkhBNElneCt6QURGajN0d2xkbktJaVJwQlE1SjRhY3VyM3VRK3NhYW5CVFhndWwxVGlGaVVHVDJjbnorSWlDc2RQb3ZnClRBTXQ4NjhXNUxtenBmSDRDeTU0SnRhUkM0L1V1TW5rVEdiV2d1dFZEbldqMnN0T0F6c1ExWW1oSDVpZ1VtYzk0bVVMK1cKOHZRRENLcGVJOG4rcXVEUzl6eFR2eTRMNEg1SXo3T1psaDBoNk4xM0JEdkNZWEtjTkYvdWdrZnhaYnU4bVpzWlFRelhOUgp3T3JFdEtvSGM0QW5YWU56c3VIRW9FeUx5SnhHZkZSRFNUTGJ5Tjl3Rk9TL2MwazlHanRlK2tRUlpqQlZHT1JFNXNONlgzCmFrVW5URjc2UmhiRWMrTGFtcndNMWg1MzQwYndvc1JiUjhJK1Vyc1FkRmZKQkVqMVpTeU1SSmxNa0ZVTmk2Ymx0N2JoeXgKZWErUG0yQTYxNG5sWVVCancyS0t6em44Ti8wSDJOcEpqSXB0dkRzYnJ4M0JTL3JLd09lSndhdlJyR25JbEV6dUFhZzR2eApaYjJUUFZ0YTQ1dXo3ZlFQNUlCbDgzYjBCSktJNVp2L2ZuaVVlTEk3OFcvVXNacWI2NFlRYmZSeUJ6RnRJMVQvU3NDaTBCCmUwRXlLTXpieHRTY2VUMU1iOGVKaVZJcTA0WHB3ZXo5ZklVdDVyU2VkWkQ4S1BxOFA2czBjR3NSN1FtdzZlWFovZEJSL2EKczV2UGhmSVVtUWF3bW53QVZ1V05SZFFRNzlqVUJTbjVNK1pSVlZUZ0VHK3ZGeXZ4ci9iWnFPbzFKQ29xNUJtUWhMV0dSSgpEazlUb2xiZUZJVkZya3VYa2N1OTlhMDc5dXg3WFNrT042NG9QekhyY3NFempQQTFHUHFzOUNHQlNPMTZ3cS9uSTN6ZytFCmtjT0NhdXJjOXlISkpQd2R1ZW0wKzhXTFgzV29HTmZRUkt1cnRRemUycHB5OEthckV0RGhEZDk2c0traFlhcU9nM0dPWDgKWXg4MjdMNHZ1V1NKU0lxS3VPMmtINmtPQ01VTk8xNnBpdjB6Lzh1M0NKeE9HaDkrNEZaSW9wODFmaUZUS0xoVjMvZ3dMbQpmekZZKytLSVpyTGZaY1VqemQ4ME5ORWphNjlGNDUyRWI5SHJJNUJ1ck4vUHpuREVpOWJ6TTU5OFk3YmV5bDQva2Q0UjJlClM3U1c5L0xPckd3NVVneHRpVStrVjhuUHoxUGRneE80c1Jsbm50U0JFd2tRQnpNa0xPcHEyaDJCdUoyVGxNUC9UV3V3TFEKc0RrdjFZazFwRDByb0dtdE16YnVqblVSR3hxUko4Z1VtdUlvdDRocGZ5UlNzc3ZuUlFRWjNsUUNRQ3dIaUUrSEp4WFdmNQpjNTh6T01qVzdvMjF0SThlMTN1VW5iUm9RVkpNOVhZcWsxdXNQWElrWVBZTDl1T3czQVcvWm4rY25EcnNYdlRLOVp4Z0dECi85MGIxQk53VnFNbFVLK1FnZ0hOd2w1cUQ4ZW9YSzVjRHZhdjY2dGUrRStWN0ZZRlEwNnczdHl0UlZ6OFNqb2FpQ2hOMDIKbXVJanZsNkc3SG9qMWhPYk0ydC9aaGVOMUVTaFMxMXo4NjhoaFM2TXg3R3ZJZHRrWHV2ZGlCWU1pQkxPc2hKUXhCOE16eAppdWc5VytEaTN1cExmMFVNQzFUcUFER3Boc0lIUlU3UmJtSFE4UndwN2RvZ3N3bURmcFJTYXBQdDlwMEQrNkFkNVZCemkzCmYzQlBYajc2VUJMTUVKQ3JaUjFQMjh2bkFBN0F5TkhhTHZNUGxXRE1HNXYzVi9VVit1Z3lGY29CQU95amlRZ1lTVDhGM2UKSHg3VVBWbFRLOGR5dmsxWitZdzBucmZOQ2xJPQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K","Redacted":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAACmFl","ExtraData":null,"StructuredData":{"github_ssh_key":[{"user":"thisisforgithub0"}]}} +{"SourceMetadata":{"Data":{"Git":{"commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","file":"keys","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","repository":"https://github.com/trufflesecurity/test_keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":16,"SourceName":"trufflehog - git","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null} \ No newline at end of file diff --git a/unittests/scans/trufflehog/v3_github.json b/unittests/scans/trufflehog/v3_github.json new file mode 100644 index 00000000000..d1a3fb13f18 --- /dev/null +++ b/unittests/scans/trufflehog/v3_github.json @@ -0,0 +1,4 @@ +{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/fbc14303ffbf8fb1c2c1914e8dda7d0121633aca/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"fbc14303ffbf8fb1c2c1914e8dda7d0121633aca","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","file":"keys","timestamp":"2022-06-16 10:17:40 -0700 -0700","line":4}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":2,"DetectorName":"AWS","Verified":true,"Raw":"QUtJQVlWUDRDSVBQRVJVVklGWEc=","Redacted":"AKIAYVP4CIPPERUVIFXG","ExtraData":{"account":"595918472158","arn":"arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj","user_id":"AIDAYVP4CIPPJ5M54LRCY"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":1}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":15,"DetectorName":"PrivateKey","Verified":true,"Raw":"LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQ21GbGN6STFOaTFqZEhJQUFBQUdZbU55ZVhCMEFBQUFHQUFBQUJBak5JWnV1bgp4Z0xrTThLdXpmbVF1UkFBQUFFQUFBQUFFQUFBR1hBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FEZTNBbDBFTVB6CnV0Vk5rNURpeGFZckdNSzU2UnFVb3FHQmlua2U2U1dWV21xb20xbEJjSld6b3I2SGxuTVJQUHI3WUNFc0pLTDRJcHVWd3UKaW5SYTVrZHROVHlNN3l5UVRTUjJ4WENTMGZVSXROdXE4cFVrdHNIOFZVZ2dwTWVldzhoSnY3ckZBN3RuSWczVVhDbDZpRgpPTFpLYkRBNWFhMjRpZHBjRDhiMUk5L1J6VE9CMWZ1MG9mNXhkOXZnT0R6R3c1SnZIUVNKMEZhQTQyYU5CTUd3ckRoREIzCnNnblJOZFdmNk5OSWg4S3BYWE1LSkFEZjNrbHN5bjZIZThMMmJQTXA4YTR3d3lzMllCMzVwNXpRMEpVUm92c2Rld2xPeEgKTlQ3ZVAxOWVWZjRkQ3JlaWJ4VW1SVWFvYjVERW9IRWs4V3J4aktXSVlVdUxlRDZBZmNXNm9YeVJVMll5OFZydDZTcUZsNQpXQWk0N1ZNRlRrRFpZUy9lQ3ZHNTNxOVVCSHBDajdRdmIwdlNrQ1pYQnZCSWhsdzE5M0YzUFg0V3ZPMUlYc013dlExRDFYCmxtb21zSXRicU0wY0p5S3c2TFUxOFFXaUJIdkU3QnFjcGhhb0w1RTA4VzJBVFRTUklNQ3A2cnQ0cnB0TTdLeUdLOHJjNlcKVVlyQ25XdDZLbENBOEFBQVdRWGsrbFZ4NmJINWl0SUtLWW1RcjZjUi81eHRaMkdIQXhuWXR2bFczeG5HaFUwTUh2K2xKMgp1b1dsVDJSWEU1cGRNVVFqN3JOV0FNcWt3aWZTS1pzOXdCZlllbzFUYUZEbUMzblc3eUhTTjNYVHVPNzhtUElXNUp5dm1FClJqNXFqc1VuN2ZObXpFQ29BeG5WRVJod25GM0txVUJFUHpJQWM2Lzd2L25hOU5UaWlHYUpQY285bHZDb1BXYlZMTjA4V0cKU3V5VSsweDV6YzNlYnp1UGNZcXU1L2M1bm1pR3hoQUxySWhqSVMwT1YxbXRBQUZodmRNak1JSE9pak96U0tWQ0M3clJrNQprRzlFTUxOdk9uL0RVVlNSSGFtdzVnczJWM1YrWnEyZzVuWVdmZ3E4YURTVEI4WGxJek9qMWN6M0h3Zk42cGZTTlEvM1FlCndPUWZXZlRXZE8rSlNMOGFvQk41V2c4dERiZ212bWJGcklOc0pmRmZTbTB3WmdjSGhDN1VsNFUzdjRjOFBvTmRLOUhYd2kKVEtLeko5bnhMWWIrdkRoNTBjbmtzZXUyZ3QwS3dWcGpJb3J4RXFlSzc1NW1LUGFvM0ptT01yNnVGVFFzYitnK1pOZ1B3bApuUkhBNElneCt6QURGajN0d2xkbktJaVJwQlE1SjRhY3VyM3VRK3NhYW5CVFhndWwxVGlGaVVHVDJjbnorSWlDc2RQb3ZnClRBTXQ4NjhXNUxtenBmSDRDeTU0SnRhUkM0L1V1TW5rVEdiV2d1dFZEbldqMnN0T0F6c1ExWW1oSDVpZ1VtYzk0bVVMK1cKOHZRRENLcGVJOG4rcXVEUzl6eFR2eTRMNEg1SXo3T1psaDBoNk4xM0JEdkNZWEtjTkYvdWdrZnhaYnU4bVpzWlFRelhOUgp3T3JFdEtvSGM0QW5YWU56c3VIRW9FeUx5SnhHZkZSRFNUTGJ5Tjl3Rk9TL2MwazlHanRlK2tRUlpqQlZHT1JFNXNONlgzCmFrVW5URjc2UmhiRWMrTGFtcndNMWg1MzQwYndvc1JiUjhJK1Vyc1FkRmZKQkVqMVpTeU1SSmxNa0ZVTmk2Ymx0N2JoeXgKZWErUG0yQTYxNG5sWVVCancyS0t6em44Ti8wSDJOcEpqSXB0dkRzYnJ4M0JTL3JLd09lSndhdlJyR25JbEV6dUFhZzR2eApaYjJUUFZ0YTQ1dXo3ZlFQNUlCbDgzYjBCSktJNVp2L2ZuaVVlTEk3OFcvVXNacWI2NFlRYmZSeUJ6RnRJMVQvU3NDaTBCCmUwRXlLTXpieHRTY2VUMU1iOGVKaVZJcTA0WHB3ZXo5ZklVdDVyU2VkWkQ4S1BxOFA2czBjR3NSN1FtdzZlWFovZEJSL2EKczV2UGhmSVVtUWF3bW53QVZ1V05SZFFRNzlqVUJTbjVNK1pSVlZUZ0VHK3ZGeXZ4ci9iWnFPbzFKQ29xNUJtUWhMV0dSSgpEazlUb2xiZUZJVkZya3VYa2N1OTlhMDc5dXg3WFNrT042NG9QekhyY3NFempQQTFHUHFzOUNHQlNPMTZ3cS9uSTN6ZytFCmtjT0NhdXJjOXlISkpQd2R1ZW0wKzhXTFgzV29HTmZRUkt1cnRRemUycHB5OEthckV0RGhEZDk2c0traFlhcU9nM0dPWDgKWXg4MjdMNHZ1V1NKU0lxS3VPMmtINmtPQ01VTk8xNnBpdjB6Lzh1M0NKeE9HaDkrNEZaSW9wODFmaUZUS0xoVjMvZ3dMbQpmekZZKytLSVpyTGZaY1VqemQ4ME5ORWphNjlGNDUyRWI5SHJJNUJ1ck4vUHpuREVpOWJ6TTU5OFk3YmV5bDQva2Q0UjJlClM3U1c5L0xPckd3NVVneHRpVStrVjhuUHoxUGRneE80c1Jsbm50U0JFd2tRQnpNa0xPcHEyaDJCdUoyVGxNUC9UV3V3TFEKc0RrdjFZazFwRDByb0dtdE16YnVqblVSR3hxUko4Z1VtdUlvdDRocGZ5UlNzc3ZuUlFRWjNsUUNRQ3dIaUUrSEp4WFdmNQpjNTh6T01qVzdvMjF0SThlMTN1VW5iUm9RVkpNOVhZcWsxdXNQWElrWVBZTDl1T3czQVcvWm4rY25EcnNYdlRLOVp4Z0dECi85MGIxQk53VnFNbFVLK1FnZ0hOd2w1cUQ4ZW9YSzVjRHZhdjY2dGUrRStWN0ZZRlEwNnczdHl0UlZ6OFNqb2FpQ2hOMDIKbXVJanZsNkc3SG9qMWhPYk0ydC9aaGVOMUVTaFMxMXo4NjhoaFM2TXg3R3ZJZHRrWHV2ZGlCWU1pQkxPc2hKUXhCOE16eAppdWc5VytEaTN1cExmMFVNQzFUcUFER3Boc0lIUlU3UmJtSFE4UndwN2RvZ3N3bURmcFJTYXBQdDlwMEQrNkFkNVZCemkzCmYzQlBYajc2VUJMTUVKQ3JaUjFQMjh2bkFBN0F5TkhhTHZNUGxXRE1HNXYzVi9VVit1Z3lGY29CQU95amlRZ1lTVDhGM2UKSHg3VVBWbFRLOGR5dmsxWitZdzBucmZOQ2xJPQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K","Redacted":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAACmFl","ExtraData":null,"StructuredData":{"github_ssh_key":[{"user":"thisisforgithub0"}]}} +{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"counter \u003ccounter@counters-MacBook-Air.local\u003e","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null} \ No newline at end of file diff --git a/unittests/scans/trufflehog3/issue_6999.json b/unittests/scans/trufflehog3/issue_6999.json new file mode 100644 index 00000000000..b50545134a7 --- /dev/null +++ b/unittests/scans/trufflehog3/issue_6999.json @@ -0,0 +1,21 @@ +[ + { + "rule": { + "id": "high-entropy-based-rules2", + "message": "High Entropy", + "severity": "MEDIUM" + }, + "path": "tests/Services/GoodDrafts/DataSets/4620060807393", + "line": "2", + "secret": "6B760A0478D4EB84EA8CD6202E866A4C", + "context": { + "2": "4620060807393\";}i:24;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"PROD_REGDATE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:27:31.000+03:00\";}i:25;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_COVER_EDITOR\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:26;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_COVER_DATEEDIT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:34:33.000+03:00\";}i:27;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:26:\"PROD_CHANGE_VERSION_STATUS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:4:\"NONE\";}i:28;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_COVER_HAS_FILE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:3:\"Yes\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"1\";}i:29;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:15:\"BRAND_OWNER_GLN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:30;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"BRAND_OWNER_NAME\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:105:\"\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \"\u041b\u0415\u0420\u0423\u0410 \u041f\u0410\u0420\u0424\u042e\u041c\u0421\"\";}i:31;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"GS1_MEMBER_GLN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:32;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:15:\"GS1_MEMBER_NAME\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:105:\"\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \"\u041b\u0415\u0420\u0423\u0410 \u041f\u0410\u0420\u0424\u042e\u041c\u0421\"\";}i:33;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"MANUFACTURER_GLN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:34;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"MANUFACTURER_NAME\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:105:\"\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \"\u041b\u0415\u0420\u0423\u0410 \u041f\u0410\u0420\u0424\u042e\u041c\u0421\"\";}i:35;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PROD_TM_CHANGED_BY_GS46\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:3:\"Yes\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"1\";}i:36;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PROD_COVER_IS_ACTIVE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:3:\"Yes\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"1\";}i:37;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:22:\"TOOL_FOR_PROD_ENCODING\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:12:\"\u041f\u043e\u0440\u0442\u0430\u043b\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:6:\"PORTAL\";}i:38;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_DATA_QUALITY\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:5:\"> 25%\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:20:\"DATA_QUALITY_GROUP_B\";}i:39;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"PREFIX_OWNER\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:40;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:22:\"PREFIX_OWNER_NAME_CALC\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:105:\"\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \"\u041b\u0415\u0420\u0423\u0410 \u041f\u0410\u0420\u0424\u042e\u041c\u0421\"\";}i:41;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"ENT_INN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:10:\"4706036599\";}i:42;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:24:\"\u0418\u0437\u043c\u0435\u0440\u0435\u043d\u043e \u0432 iLab\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_MEAS_ILAB\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:43;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:32:\"\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 GTINAPP\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"TRUE_GTINAPP\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";a:9:{i:0;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDB_90000506\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:45:\"\u0410\u0431\u0441\u043e\u043b\u044e\u0442 \u0432 \u043a\u0430\u0436\u0434\u043e\u043c \u0430\u0440\u043e\u043c\u0430\u0442\u0435\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDB_90000506\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";i:150303082;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_156_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";N;}i:1;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";a:8:{i:0;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000187\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";s:39:\"\u0420\u041e\u0421\u0421\u0418\u0419\u0421\u041a\u0410\u042f \u0424\u0415\u0414\u0415\u0420\u0410\u0426\u0418\u042f\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:2:\"RU\";}i:1;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000850\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";s:39:\"\u0420\u041e\u0421\u0421\u0418\u0419\u0421\u041a\u0410\u042f \u0424\u0415\u0414\u0415\u0420\u0410\u0426\u0418\u042f\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:2:\"RU\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000850\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:2;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000851\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";s:29:\"\u0421\u0410\u041d\u041a\u0422-\u041f\u0415\u0422\u0415\u0420\u0411\u0423\u0420\u0413\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:5:\"SPE\u00a0\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000851\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:3;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000192\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:13:\"4620060809991\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000192\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:4;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000626\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:10:\"4706036599\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000626\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:5;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:5:\"FLOAT\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000627\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:11:\"7.8020102E8\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:5:\"FLOAT\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000627\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:6;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000852\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:39:\"\u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0430\u044f \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u044f\";}i:7;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000188\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:29:\"\u0421\u0430\u043d\u043a\u0442-\u041f\u0435\u0442\u0435\u0440\u0431\u0443\u0440\u0433\";}}}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";i:150303082;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_165_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";N;}i:2;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";a:2:{i:0;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000151\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:493:\"\u041d\u0435 \u0440\u0430\u0441\u043f\u044b\u043b\u044f\u0442\u044c \u0432\u0431\u043b\u0438\u0437\u0438 \u043e\u0433\u043d\u044f, \u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0432 \u0441\u0443\u0445\u043e\u043c \u043f\u0440\u043e\u0432\u0435\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u043e\u043c \u043f\u043e\u043c\u0435\u0449\u0435\u043d\u0438\u0438 \u0432\u0434\u0430\u043b\u0438 \u043e\u0442 \u0434\u0435\u0442\u0435\u0439, \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u044f \u043f\u0440\u044f\u043c\u044b\u0445 \u0441\u043e\u043b\u043d\u0435\u0447\u043d\u044b\u0445 \u043b\u0443\u0447\u0435\u0439 \u043d\u0430 \u0444\u043b\u0430\u043a\u043e\u043d \u0441 \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u043e\u0439 \u0432\u043e\u0434\u043e\u0439, \u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u0440\u0430\u043d\u0441\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0446\u0432\u0435\u0442\u0430 \u0438 \u0430\u0440\u043e\u043c\u0430\u0442\u0430. \u0418\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u044f \u0432 \u043f\u0438\u0449\u0443 - \u043e\u043f\u0430\u0441\u043d\u043e \u0434\u043b\u044f \u0436\u0438\u0437\u043d\u0438 \u0438 \u0437\u0434\u043e\u0440\u043e\u0432\u044c\u044f.\";}i:1;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:12:\"WEB_90000150\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:57:\"\u041d\u0430\u043d\u0435\u0441\u0442\u0438 \u043d\u0430 \u043a\u043e\u0436\u0443, \u043e\u0434\u0435\u0436\u0434\u0443, \u0432\u043e\u043b\u043e\u0441\u044b.\";}}}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";i:150303082;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_161_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";N;}i:3;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";a:4:{i:0;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000106\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:2:\"25\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000106\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:1;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:5:\"FLOAT\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000109\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:3:\"5.0\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:5:\"FLOAT\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000109\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:2;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:17:\"GDDE_90000109_MES\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";s:21:\"\u0413\u041e\u0414; \u041b\u0415\u0422 \";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:3:\"ANN\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:17:\"GDDE_90000109_MES\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}i:3;O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000105\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:1:\"5\";}s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDE_90000105\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";N;}}}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";i:150303082;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_152_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";N;}i:4;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";O:38:\"Slimex\\Api\\GS1\\Structures\\ExtAttrValue\":9:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000MultValue\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrDescr\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrText\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000attrType\";s:6:\"STRING\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000extAttrId\";s:13:\"GDDB_70000164\";s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000descr\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000dictId\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000groupId\";N;s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ExtAttrValue\u0000value\";s:47:\"alcohol denat., parfum, aqua, bht. Min 80% Vol.\";}}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";i:150303082;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_150_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";N;}i:5;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeGroups\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroups\u0000group\";a:2:{i:0;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1550\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1550;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:27:\"\u041d\u0430\u0431\u043e\u0440/\u041a\u043e\u043c\u043f\u043b\u0435\u043a\u0442\";}i:1;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";b:1;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1551\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1551;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:16:\"\u0412\u043b\u043e\u0436\u0435\u043d\u0438\u044f\";}}}s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:14:\"SRC_3_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";s:31:\"\u041d\u0430\u0431\u043e\u0440\u044b/\u041a\u043e\u043c\u043f\u043b\u0435\u043a\u0442\u044b\";}i:6;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeGroups\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroups\u0000group\";a:3:{i:0;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";b:1;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1491\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1491;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:46:\"\u0417\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043e \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438\";}i:1;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";b:1;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1418\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1418;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:25:\"\u0426\u0435\u043b\u0435\u0432\u043e\u0439 \u0440\u044b\u043d\u043e\u043a\";}i:2;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";b:1;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1419\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1419;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:45:\"\u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430\u043c\";}}}s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:15:\"SRC_33_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";s:25:\"\u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u0440\u044b\u043d\u043a\u0438\";}i:7;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeGroups\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroups\u0000group\";O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1460\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1460;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:12:\"\u041f\u0430\u0440\u0442\u0438\u0438\";}}s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_163_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";s:12:\"\u041f\u0430\u0440\u0442\u0438\u0438\";}i:8;O:40:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\":5:{s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeGroups\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeGroups\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroups\u0000group\";a:2:{i:0;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";b:1;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1554\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1554;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:61:\"\u041d\u043e\u043c\u0435\u0440 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430/\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 \u0434\u0443\u0445\u043e\u0432\";}i:1;O:44:\"Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\":7:{s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isCollection\";N;s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000description\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000id\";s:4:\"1544\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000intId\";i:1544;s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000longText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000isOptional\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeGroupMeta\u0000shortText\";s:8:\"\u0414\u0443\u0445\u0438\";}}}s:57:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000AttributeValues\";O:41:\"Slimex\\Api\\GS1\\Structures\\AttributeValues\":1:{s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\AttributeValues\u0000value\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000idRecord\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000infoTypeId\";s:16:\"SRC_173_10000365\";s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecord\u0000intoTypeText\";s:8:\"\u0414\u0443\u0445\u0438\";}}}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";s:13:\"4620060807393\";}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";O:41:\"Slimex\\Api\\GS1\\Structures\\OperationResult\":12:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000CheckResult\";N;s:60:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000DataObjectRecords\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000pubRslt\";N;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000SubResults\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000dataObjectId\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000errCode\";i:0;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000errMsg\";s:95:\"The request has been successfully completed and the response is in the body of the SOAP message\";s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000errName\";s:8:\"NO_ERROR\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000gln\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000idRecord\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000key\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\OperationResult\u0000variant\";N;}s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";a:6:{i:0;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303669\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:8:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"BINARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_BASE_IMG_IMG\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";s:21:\"LEROY-Green Lilac.jpg\";s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";s:10:\"image/jpeg\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";N;}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PACK_BASE_IMG_LNG_RU\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PACK_BASE_IMG_LNG_EN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_BASE_IMG_URL\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:111:\"http://res.cloudinary.com/gs1-russia/image/upload/v1578911436/PACK_BASE_IMG/4620060807386/LEROY-Green-Lilac.jpg\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PACK_BASE_IMG_URL_CLEAN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:117:\"http://res.cloudinary.com/gs1-russia/image/upload/v1578911437/PACK_BASE_IMG/4620060807386/clean/LEROY-Green-Lilac.jpg\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:22:\"PACK_BASE_IMG_IMG_HASH\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:32:\"6B760A0478D4EB84EA8CD6202E866A4C\";}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:20:\"\u0423\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0439\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PACK_BASE_IMG_LNG_UA\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:18:\"\u041a\u0430\u0437\u0430\u0445\u0441\u043a\u0438\u0439\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PACK_BASE_IMG_LNG_KZ\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:13:\"PACK_BASE_IMG\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303669;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}i:1;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303089\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:10:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_HEIGHT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"126\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:10:\"PACK_WIDTH\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"85\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_LENGTH\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"36\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:9:\"PACK_MEAS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"MM\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"MMT\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_WEIGHT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"225\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PACK_WEIGHT_MEAS_BRUTTO\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"\u0413\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"GRM\";}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_WEIGHT_NETTO\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"50\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PACK_WEIGHT_MEAS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:4:\"\u041c\u041b\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"MLT\";}i:8;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:8:\"PACK_VOL\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:6:\"385560\";}i:9;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PACK_VOL_MEASURE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:5:\"\u041c\u041c3\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:14:\"PACK_BASE_MEAS\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303089;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}i:2;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:13:\"4620060807393\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:27:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:18:\"PROD_CVR_BASE_GTIN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060807386\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_CODE_TYPE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:6:\"EAN-13\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:5:\"EAN13\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:15:\"PROD_COVER_GTIN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060807393\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_COVER_PREFIX\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:9:\"462006080\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:9:\"PROD_GTIN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"739\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PROD_COVER_CHECK\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"3\";}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:8:\"PROD_PVN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PROD_COVER_TYPE_DICT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:23:\"\u041a\u041e\u0420\u041e\u0411\u041a\u0410/\u0411\u041e\u041a\u0421\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"BOX\";}i:8;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_COVER_MATERIAL\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:12:\"\u041a\u0410\u0420\u0422\u041e\u041d\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"34\";}i:9;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_PACK_FORM\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:26:\"\u041f\u0420\u042f\u041c\u041e\u0423\u0413\u041e\u041b\u042c\u041d\u0418\u041a\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:11:\"RECTANGULAR\";}i:10;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_COUNT_PCK\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"5\";}i:11;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:10:\"PROD_COUNT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"5\";}i:12;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"PROD_MEASURE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:4:\"\u0428\u0422\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"PCE\";}i:13;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_COVER_AUTHOR\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:14;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"PROD_REGDATE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:27:31.000+03:00\";}i:15;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_COVER_EDITOR\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:16;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_COVER_DATEEDIT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:27:31.000+03:00\";}i:17;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_HAS_CHVER\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:18;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:26:\"PROD_CHANGE_VERSION_STATUS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:4:\"NONE\";}i:19;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PROD_TM_CHANGED_BY_GS46\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:3:\"Yes\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"1\";}i:20;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"PROD_ENT_GLN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:21;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:13:\"PROD_ENT_NAME\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:105:\"\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \"\u041b\u0415\u0420\u0423\u0410 \u041f\u0410\u0420\u0424\u042e\u041c\u0421\"\";}i:22;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PROD_COVER_IS_ACTIVE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:3:\"Yes\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"1\";}i:23;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:22:\"TOOL_FOR_PROD_ENCODING\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:12:\"\u041f\u043e\u0440\u0442\u0430\u043b\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:6:\"PORTAL\";}i:24;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"MANUFACTURER_GLN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060809991\";}i:25;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:33:\"\u0417\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u0438\u0437 1\u0421\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:18:\"PROD_CODED_FROM_1C\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:26;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";s:32:\"\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 GTINAPP\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:12:\"TRUE_GTINAPP\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";s:1:\"0\";s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303085\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:11:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_HEIGHT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"118\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:10:\"PACK_WIDTH\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"80\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_LENGTH\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"187\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:9:\"PACK_MEAS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"MM\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"MMT\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"PACK_WEIGHT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"835\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PACK_WEIGHT_MEAS_BRUTTO\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"\u0413\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"GRM\";}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_WEIGHT_NETTO\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"800\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PACK_WEIGHT_MEAS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"\u0413\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:3:\"GRM\";}i:8;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PACK_WEIGHT_COVER\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"35\";}i:9;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:5:\"FLOAT\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:8:\"PACK_VOL\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:7:\"1765280\";}i:10;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PACK_VOL_MEASURE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:5:\"\u041c\u041c3\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:15:\"PACK_GROUP_MEAS\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303085;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303084;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:15:\"PACK_GROUP_UNIT\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303084;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";s:1:\"0\";s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}i:3;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303087\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:17:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"INTEGER\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"CERT_ID_RECORD\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:9:\"150303087\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:9:\"CERT_GTIN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:13:\"4620060807386\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_CERT_COUNTRY\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:12:\"\u0420\u043e\u0441\u0441\u0438\u044f\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"RU\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_CERT_TYPE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:52:\"\u0414\u0435\u043a\u043b\u0430\u0440\u0430\u0446\u0438\u044f EAC - \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0415\u0410\u042d\u0421 N\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:10:\"DECL_EAC_2\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PROD_CERT_NUMBER\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:35:\"\u0415\u0410\u042d\u0421 N RU \u0414-RU.\u0410\u041477.\u0412.06841\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"BINARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_CERT_SCAN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";s:17:\"\u0415\u0410\u042d\u0421-2018.PDF\";s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";s:15:\"application/pdf\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";N;}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:17:\"PROD_CERT_RD_TYPE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:10:\"\u0421\u0435\u0440\u0438\u044f\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:9:\"RD_SERIAL\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:4:\"DATE\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:20:\"PROD_CERT_ISSUE_DATE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2018-06-26T12:00:00.000+03:00\";}i:8;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:4:\"DATE\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:23:\"PROD_CERT_VALIDITY_FROM\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2018-06-26T12:00:00.000+03:00\";}i:9;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:4:\"DATE\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:21:\"PROD_CERT_VALIDITY_TO\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2023-06-25T12:00:00.000+03:00\";}i:10;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:26:\"PROD_CERT_VALIDITY_WITHOUT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:11;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:13:\"PROD_CERT_URL\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:100:\"http://res.cloudinary.com/gs1-russia/image/upload/v1578911437/PROD_CERT/4620060807386/EAEHS-2018.pdf\";}i:12;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:6:\"STRING\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_CERT_URL_CLEAN\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:100:\"http://res.cloudinary.com/gs1-russia/image/upload/v1578911437/PROD_CERT/4620060807386/EAEHS-2018.pdf\";}i:13;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:21:\"PROD_CERT_DATE_CREATE\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:27:34.000+03:00\";}i:14;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:9:\"DATE_TIME\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:11:\"CHANGE_TIME\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:29:\"2020-01-13T13:34:24.000+03:00\";}i:15;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:13:\"PROD_CERT_CHK\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}i:16;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:7:\"BOOLEAN\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:18:\"PROD_CERT_PASS_CHK\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:2:\"No\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:1:\"0\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:9:\"PROD_CERT\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303087;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}i:4;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303083\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:9:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_1\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:146:\"33 - \u042d\u0424\u0418\u0420\u041d\u042b\u0415 \u041c\u0410\u0421\u041b\u0410 \u0418 \u0420\u0415\u0417\u0418\u041d\u041e\u0418\u0414\u042b; \u041f\u0410\u0420\u0424\u042e\u041c\u0415\u0420\u041d\u042b\u0415, \u041a\u041e\u0421\u041c\u0415\u0422\u0418\u0427\u0415\u0421\u041a\u0418\u0415\u0418\u041b\u0418 \u0422\u0423\u0410\u041b\u0415\u0422\u041d\u042b\u0415 \u0421\u0420\u0415\u0414\u0421\u0422\u0412\u0410\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"33\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_2\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:49:\"330300 - \u0414\u0443\u0445\u0438 \u0438 \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f \u0432\u043e\u0434\u0430:\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:6:\"330300\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_3\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:42:\"3303009000 - - \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f \u0432\u043e\u0434\u0430\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:10:\"3303009000\";}i:3;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PROD_OKPD2_CLASS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:83:\"20 - \u0412\u0435\u0449\u0435\u0441\u0442\u0432\u0430 \u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0435\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"20\";}i:4;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_OKPD2_SUBCLASS\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:178:\"20.4 - \u041c\u044b\u043b\u043e \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043c\u043e\u044e\u0449\u0438\u0435, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0447\u0438\u0441\u0442\u044f\u0449\u0438\u0435 \u0438 \u043f\u043e\u043b\u0438\u0440\u0443\u044e\u0449\u0438\u0435, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u0430\u0440\u0444\u044e\u043c\u0435\u0440\u043d\u044b\u0435 \u0438 \u043a\u043e\u0441\u043c\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:4:\"20.4\";}i:5;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:16:\"PROD_OKPD2_GROUP\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:77:\"20.42 - \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u0430\u0440\u0444\u044e\u043c\u0435\u0440\u043d\u044b\u0435 \u0438 \u043a\u043e\u0441\u043c\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:5:\"20.42\";}i:6;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:19:\"PROD_OKPD2_SUBGROUP\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:79:\"20.42.1 - \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u0430\u0440\u0444\u044e\u043c\u0435\u0440\u043d\u044b\u0435 \u0438 \u043a\u043e\u0441\u043c\u0435\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:7:\"20.42.1\";}i:7;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:15:\"PROD_OKPD2_KIND\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:50:\"20.42.11 - \u0414\u0443\u0445\u0438 \u0438 \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f \u0432\u043e\u0434\u0430\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:8:\"20.42.11\";}i:8;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:14:\"PROD_OKPD2_CAT\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:42:\"20.42.11.120 - \u0412\u043e\u0434\u0430 \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:12:\"20.42.11.120\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:10:\"PROD_CLASS\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303083;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}i:5;O:42:\"Slimex\\Api\\GS1\\Structures\\DataObjectRecord\":20:{s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000AttributeGroups\";N;s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000baseKey\";s:9:\"150303088\";s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000BaseAttributeValues\";O:45:\"Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\":1:{s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttributeValues\u0000value\";a:3:{i:0;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:10:\"DICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_1\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:146:\"33 - \u042d\u0424\u0418\u0420\u041d\u042b\u0415 \u041c\u0410\u0421\u041b\u0410 \u0418 \u0420\u0415\u0417\u0418\u041d\u041e\u0418\u0414\u042b; \u041f\u0410\u0420\u0424\u042e\u041c\u0415\u0420\u041d\u042b\u0415, \u041a\u041e\u0421\u041c\u0415\u0422\u0418\u0427\u0415\u0421\u041a\u0418\u0415\u0418\u041b\u0418 \u0422\u0423\u0410\u041b\u0415\u0422\u041d\u042b\u0415 \u0421\u0420\u0415\u0414\u0421\u0422\u0412\u0410\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:2:\"33\";}i:1;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_2\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:49:\"330300 - \u0414\u0443\u0445\u0438 \u0438 \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f \u0432\u043e\u0434\u0430:\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:6:\"330300\";}i:2;O:39:\"Slimex\\Api\\GS1\\Structures\\BaseAttrValue\":12:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileData\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrDescr\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrText\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000attrType\";s:13:\"SUBDICTIONARY\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000baseAttrId\";s:7:\"TNVED_3\";s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000descr\";s:42:\"3303009000 - - \u0442\u0443\u0430\u043b\u0435\u0442\u043d\u0430\u044f \u0432\u043e\u0434\u0430\";s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000dictId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000fileName\";N;s:48:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000groupId\";N;s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000mimeType\";N;s:46:\"\u0000Slimex\\Api\\GS1\\Structures\\BaseAttrValue\u0000value\";s:10:\"3303009000\";}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000InfoTypeRecords\";O:41:\"Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\":1:{s:49:\"\u0000Slimex\\Api\\GS1\\Structures\\InfoTypeRecords\u0000record\";N;}s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000ReqValues\";O:35:\"Slimex\\Api\\GS1\\Structures\\ReqValues\":1:{s:45:\"\u0000Slimex\\Api\\GS1\\Structures\\ReqValues\u0000reqValue\";N;}s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000result\";N;s:64:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000SubDataObjectRecords\";O:46:\"Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\":1:{s:54:\"\u0000Slimex\\Api\\GS1\\Structures\\SubDataObjectRecords\u0000record\";N;}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:5:\"TNVED\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303088;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:150303082;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";N;s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}}}s:59:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectDescr\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectId\";s:14:\"PACK_BASE_UNIT\";s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000dataObjectText\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey1\";N;s:56:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000externalKey2\";N;s:52:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000idRecord\";i:150303082;s:63:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000metaInfoVersionTime\";N;s:58:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentIdRecord\";i:135989643;s:53:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000parentKey\";N;s:47:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000src\";s:7:\"GS46NEW\";s:51:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000variant\";s:1:\"0\";s:50:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000errors\";N;s:55:\"\u0000Slimex\\Api\\GS1\\Structures\\DataObjectRecord\u0000isValidated\";b:0;}" + }, + "id": "848440d9-fecb-38ce-8527-3a7b2db07b99", + "branch": null, + "message": null, + "author": null, + "commit": null, + "date": null + } + ] \ No newline at end of file diff --git a/unittests/scans/twistlock/one_vuln_no_link.json b/unittests/scans/twistlock/one_vuln_no_link.json new file mode 100644 index 00000000000..e57799eb7e3 --- /dev/null +++ b/unittests/scans/twistlock/one_vuln_no_link.json @@ -0,0 +1,51 @@ +{ + "results": [ + { + "id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "distro": "Debian GNU/Linux 9 (stretch)", + "compliances": [ + { + "title": "Sensitive information provided in environment variables", + "severity": "high", + "cause": "The environment variables DD_CELERY_BROKER_PASSWORD,DD_DATABASE_PASSWORD,DD_SECRET_KEY contain sensitive data" + } + ], + "complianceDistribution": { + "critical": 0, + "high": 1, + "medium": 0, + "low": 0, + "total": 1 + }, + "vulnerabilities": [ + { + "id": "PRISMA-2021-0013", + "status": "fixed in 1.1.1", + "description": "marked package prior to 1.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS). The regex within src/rules.js file have multiple unused capture groups which could lead to a denial of service attack if user input is reachable. Origin: https://github.com/markedjs/marked/commit/bd4f8c464befad2b304d51e33e89e567326e62e0", + "severity": "medium", + "packageName": "marked", + "packageVersion": "0.3.9", + "riskFactors": [ + "DoS", + "Has fix", + "Medium severity" + ], + "impactedVersions": [ + "\u003c1.1.1" + ], + "publishedDate": "2021-01-14T10:29:35Z", + "discoveredDate": "2022-11-16T07:38:50Z", + "fixDate": "2021-01-14T10:29:35Z", + "layerTime": "1970-01-01T00:00:00Z" + } + ], + "vulnerabilityDistribution": { + "critical": 1, + "high": 0, + "medium": 0, + "low": 0, + "total": 1 + } + } + ] +} diff --git a/unittests/scans/vcg/one_finding.xml b/unittests/scans/vcg/one_finding.xml new file mode 100644 index 00000000000..e2913457991 --- /dev/null +++ b/unittests/scans/vcg/one_finding.xml @@ -0,0 +1,16 @@ + + + + +6 +Suspicious Comment +Comment Indicates Potentially Unfinished Code +The comment includes some wording which indicates that the developer regards +it as unfinished or does not trust it to work correctly. +Findings.xml +21 +TODO: Check the Code +False +LawnGreen + + \ No newline at end of file diff --git a/unittests/scans/veracode/dynamic_embedded_format.json b/unittests/scans/veracode/dynamic_embedded_format.json new file mode 100644 index 00000000000..eb6329ee878 --- /dev/null +++ b/unittests/scans/veracode/dynamic_embedded_format.json @@ -0,0 +1,233 @@ +{ + "_embedded": { + "findings": [ + { + "issue_id": 1568514641, + "scan_type": "DYNAMIC", + "description": "Injections happen when untrusted data is inserted into an interpreted syntax and subsequently evaluated on the server side. This syntax may be a SQL query, a parsed JSON or XML document, an executed script or other syntax that may be in use within the application. Although the target syntax has not been identified, the application behavior demonstrates that the input HTTP parameter may be inserted without proper escaping. It was observed by sending valid and invalid payloads that should throw or should not throw errors. By inserting a proper and improper comments such as ``, `*/_/*`, `/*_*/` into the `api` parameter, the scanner was able to spot a difference in the responses, which is a good indicator of a potential vulnerability. Confidence: medium. Response codes: `404`, `404`, `404`. Similarities: `` vs `*/_/*`: 0.0; `*/_/*` vs `/*_*/`: 0.0; `` vs `/*_*/`: 1.0. It is recommended to identify how the current parameter is used in the application source code, and make sure it is escaped before inserting into any syntax or query. You can add valid values to an allowlist and invalid values to a blocklist. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 4, + "cwe": { + "id": 74, + "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "href": "https://api.veracode.com/appsec/v1/cwes/74" + }, + "path": "/api/*_*//new_user_sign_up?param=wild-things", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Code Injection", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 28, + "name": "Code Injection", + "href": "https://api.veracode.com/appsec/v1/categories/28" + }, + "vulnerable_parameter": "api", + "attack_vector": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "url": "https://application.insecure-company-alliance.com:443/api/*_*//new_user_sign_up?param=wild-things" + }, + "build_id": 986413 + }, + { + "issue_id": 1568514646, + "scan_type": "DYNAMIC", + "description": "The target web page does not specify Content-Security-Policy. While lack of Content-Security-Policy on the website does not represents a security risk by itself, a strict Content-Security-Policy may serve as an additional protection layer from Cross-Site-Scripting attacks. Content-Security-Policy helps to ensure that all resources (such as scripts, images or video files) on the website are loaded from trusted sources. Content-Security-Policy may also help to protect from UI redressing attacks, such as \"Clickjacking\". Consider implementing strict Content-Security-Policy by setting the corresponding HTTP header for each page response from the website. It is recommended to move all scripts to trusted locations and specify \"script-src\" or \"default-src\" directives. If inline javascript is required on the website, inline scripts may be accompanied with a cryptographic nonce (number used once) or a hash, to ensure only trusted scripts are executed. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-11-13T04:24:21.030Z", + "status": "OPEN", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 829, + "name": "Inclusion of Functionality from Untrusted Control Sphere", + "href": "https://api.veracode.com/appsec/v1/cwes/829" + }, + "path": "/?param=wild-things", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Insecure Dependencies", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 32, + "name": "Insecure Dependencies", + "href": "https://api.veracode.com/appsec/v1/categories/32" + }, + "attack_vector": "Inclusion of Functionality from Untrusted Control Sphere", + "url": "https://application.insecure-company-alliance.com:443/?param=wild-things" + }, + "build_id": 986413 + }, + { + "issue_id": 1568514647, + "scan_type": "DYNAMIC", + "description": "The site application.insecure-company-alliance.com:443 does not properly utilize the X-Content-Type-Options header. This header can be set to protect against MIME type confusion attacks in Internet Explorer versions 9 and higher, Chrome and Safari. Content sniffing is a method browsers use to attempt to determine the real content type of a response by looking at the content itself, instead of the response header's content-type value. By returning X-Content-Type-Options: nosniff, certain elements will only load external resources if their content-type matches what is expected. It should be noted this check was only executed against the first few pages of this site. Set the X-Content-Type-Options header to a value of \"nosniff\" (without quotes). It is recommended this header be set side wide by configuring your web or application server to return this value for all resources. More information on configuring this header can be found at https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers#xcto CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": false, + "finding_status": { + "first_found_date": "2020-01-21T20:59:10.531Z", + "status": "CLOSED", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 0, + "cwe": { + "id": 16, + "name": "Configuration", + "href": "https://api.veracode.com/appsec/v1/cwes/16" + }, + "path": "/?param=something-CRAZY", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "x-content-type-options header", + "attack_vector": "Configuration", + "url": "https://application.insecure-company-alliance.com:443/?param=something-CRAZY" + }, + "build_id": 986413 + }, + { + "issue_id": 156851234646, + "scan_type": "DYNAMIC", + "description": "Weak TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is supported on application.insecure-company-alliance.com:-1. Only support strong versions of ciphers. Veracode recommends the guidance published by the National Institute of Standards and Technology (NIST), excerpted below from NIST 800-52: Cipher suites that use the Triple Data Encryption Algorithm (TDEA, also written as 3DES) are no longer allowed due to the limited amounts of data that can be processed under a single key. The server should be configured to only use cipher suites for which it has a valid certificate containing a signature providing at least 112 bits of security. Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE over ECDH). Ephemeral keys provide perfect forward secrecy. Prefer GCM or CCM modes over CBC mode. The use of an authenticated encryption mode prevents several attacks. Note that these are not available in versions prior to TLS 1.2. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-06-23T06:52:22.283Z", + "status": "CLOSED", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 757, + "name": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "href": "https://api.veracode.com/appsec/v1/cwes/757" + }, + "path": "/", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "attack_vector": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "url": "https://application.insecure-company-alliance.com:443/" + }, + "build_id": 986413 + }, + { + "issue_id": 15623414646, + "scan_type": "DYNAMIC", + "description": "Weak TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA is supported on application.insecure-company-alliance.com:-1. Only support strong versions of ciphers. Veracode recommends the guidance published by the National Institute of Standards and Technology (NIST), excerpted below from NIST 800-52: Cipher suites that use the Triple Data Encryption Algorithm (TDEA, also written as 3DES) are no longer allowed due to the limited amounts of data that can be processed under a single key. The server should be configured to only use cipher suites for which it has a valid certificate containing a signature providing at least 112 bits of security. Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE over ECDH). Ephemeral keys provide perfect forward secrecy. Prefer GCM or CCM modes over CBC mode. The use of an authenticated encryption mode prevents several attacks. Note that these are not available in versions prior to TLS 1.2. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-06-23T06:52:22.283Z", + "status": "OPEN", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 757, + "name": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "href": "https://api.veracode.com/appsec/v1/cwes/757" + }, + "path": "/", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA", + "attack_vector": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "url": "https://application.insecure-company-alliance.com:443/" + }, + "build_id": 986413 + } + ] + }, + "_links": { + "first": { + "href": "link" + }, + "self": { + "href": "link", + "templated": true + }, + "next": { + "href": "link" + }, + "last": { + "href": "link" + }, + "application": { + "href": "link" + }, + "non-sca": { + "href": "link", + "templated": true + } + }, + "page": { + "size": 5, + "total_elements": 10, + "total_pages": 2, + "number": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/veracode/dynamic_findings_list_format.json b/unittests/scans/veracode/dynamic_findings_list_format.json new file mode 100644 index 00000000000..3f35433de9c --- /dev/null +++ b/unittests/scans/veracode/dynamic_findings_list_format.json @@ -0,0 +1,203 @@ +{ + "findings": [ + { + "issue_id": 1568514641, + "scan_type": "DYNAMIC", + "description": "Injections happen when untrusted data is inserted into an interpreted syntax and subsequently evaluated on the server side. This syntax may be a SQL query, a parsed JSON or XML document, an executed script or other syntax that may be in use within the application. Although the target syntax has not been identified, the application behavior demonstrates that the input HTTP parameter may be inserted without proper escaping. It was observed by sending valid and invalid payloads that should throw or should not throw errors. By inserting a proper and improper comments such as ``, `*/_/*`, `/*_*/` into the `api` parameter, the scanner was able to spot a difference in the responses, which is a good indicator of a potential vulnerability. Confidence: medium. Response codes: `404`, `404`, `404`. Similarities: `` vs `*/_/*`: 0.0; `*/_/*` vs `/*_*/`: 0.0; `` vs `/*_*/`: 1.0. It is recommended to identify how the current parameter is used in the application source code, and make sure it is escaped before inserting into any syntax or query. You can add valid values to an allowlist and invalid values to a blocklist. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 4, + "cwe": { + "id": 74, + "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "href": "https://api.veracode.com/appsec/v1/cwes/74" + }, + "path": "/api/*_*//new_user_sign_up?param=wild-things", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Code Injection", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 28, + "name": "Code Injection", + "href": "https://api.veracode.com/appsec/v1/categories/28" + }, + "vulnerable_parameter": "api", + "attack_vector": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "url": "https://application.insecure-company-alliance.com:443/api/*_*//new_user_sign_up?param=wild-things" + }, + "build_id": 986413 + }, + { + "issue_id": 1568514646, + "scan_type": "DYNAMIC", + "description": "The target web page does not specify Content-Security-Policy. While lack of Content-Security-Policy on the website does not represents a security risk by itself, a strict Content-Security-Policy may serve as an additional protection layer from Cross-Site-Scripting attacks. Content-Security-Policy helps to ensure that all resources (such as scripts, images or video files) on the website are loaded from trusted sources. Content-Security-Policy may also help to protect from UI redressing attacks, such as \"Clickjacking\". Consider implementing strict Content-Security-Policy by setting the corresponding HTTP header for each page response from the website. It is recommended to move all scripts to trusted locations and specify \"script-src\" or \"default-src\" directives. If inline javascript is required on the website, inline scripts may be accompanied with a cryptographic nonce (number used once) or a hash, to ensure only trusted scripts are executed. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-11-13T04:24:21.030Z", + "status": "OPEN", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 829, + "name": "Inclusion of Functionality from Untrusted Control Sphere", + "href": "https://api.veracode.com/appsec/v1/cwes/829" + }, + "path": "/?param=wild-things", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Insecure Dependencies", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 32, + "name": "Insecure Dependencies", + "href": "https://api.veracode.com/appsec/v1/categories/32" + }, + "attack_vector": "Inclusion of Functionality from Untrusted Control Sphere", + "url": "https://application.insecure-company-alliance.com:443/?param=wild-things" + }, + "build_id": 986413 + }, + { + "issue_id": 1568514647, + "scan_type": "DYNAMIC", + "description": "The site application.insecure-company-alliance.com:443 does not properly utilize the X-Content-Type-Options header. This header can be set to protect against MIME type confusion attacks in Internet Explorer versions 9 and higher, Chrome and Safari. Content sniffing is a method browsers use to attempt to determine the real content type of a response by looking at the content itself, instead of the response header's content-type value. By returning X-Content-Type-Options: nosniff, certain elements will only load external resources if their content-type matches what is expected. It should be noted this check was only executed against the first few pages of this site. Set the X-Content-Type-Options header to a value of \"nosniff\" (without quotes). It is recommended this header be set side wide by configuring your web or application server to return this value for all resources. More information on configuring this header can be found at https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers#xcto CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": false, + "finding_status": { + "first_found_date": "2020-01-21T20:59:10.531Z", + "status": "CLOSED", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 0, + "cwe": { + "id": 16, + "name": "Configuration", + "href": "https://api.veracode.com/appsec/v1/cwes/16" + }, + "path": "/?param=something-CRAZY", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "x-content-type-options header", + "attack_vector": "Configuration", + "url": "https://application.insecure-company-alliance.com:443/?param=something-CRAZY" + }, + "build_id": 986413 + }, + { + "issue_id": 156851234646, + "scan_type": "DYNAMIC", + "description": "Weak TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is supported on application.insecure-company-alliance.com:-1. Only support strong versions of ciphers. Veracode recommends the guidance published by the National Institute of Standards and Technology (NIST), excerpted below from NIST 800-52: Cipher suites that use the Triple Data Encryption Algorithm (TDEA, also written as 3DES) are no longer allowed due to the limited amounts of data that can be processed under a single key. The server should be configured to only use cipher suites for which it has a valid certificate containing a signature providing at least 112 bits of security. Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE over ECDH). Ephemeral keys provide perfect forward secrecy. Prefer GCM or CCM modes over CBC mode. The use of an authenticated encryption mode prevents several attacks. Note that these are not available in versions prior to TLS 1.2. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-06-23T06:52:22.283Z", + "status": "CLOSED", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 757, + "name": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "href": "https://api.veracode.com/appsec/v1/cwes/757" + }, + "path": "/", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "attack_vector": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "url": "https://application.insecure-company-alliance.com:443/" + }, + "build_id": 986413 + }, + { + "issue_id": 15623414646, + "scan_type": "DYNAMIC", + "description": "Weak TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA is supported on application.insecure-company-alliance.com:-1. Only support strong versions of ciphers. Veracode recommends the guidance published by the National Institute of Standards and Technology (NIST), excerpted below from NIST 800-52: Cipher suites that use the Triple Data Encryption Algorithm (TDEA, also written as 3DES) are no longer allowed due to the limited amounts of data that can be processed under a single key. The server should be configured to only use cipher suites for which it has a valid certificate containing a signature providing at least 112 bits of security. Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE over ECDH). Ephemeral keys provide perfect forward secrecy. Prefer GCM or CCM modes over CBC mode. The use of an authenticated encryption mode prevents several attacks. Note that these are not available in versions prior to TLS 1.2. CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2020-06-23T06:52:22.283Z", + "status": "OPEN", + "resolution": "MITIGATED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 757, + "name": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "href": "https://api.veracode.com/appsec/v1/cwes/757" + }, + "path": "/", + "hostname": "application.insecure-company-alliance.com", + "plugin": "Server Configuration", + "port": "443", + "discovered_by_vsa": 0, + "finding_category": { + "id": 27, + "name": "Server Configuration", + "href": "https://api.veracode.com/appsec/v1/categories/27" + }, + "vulnerable_parameter": "TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA", + "attack_vector": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + "url": "https://application.insecure-company-alliance.com:443/" + }, + "build_id": 986413 + } + ] +} \ No newline at end of file diff --git a/unittests/scans/veracode/mitigated_fixed_finding.xml b/unittests/scans/veracode/mitigated_fixed_finding.xml new file mode 100644 index 00000000000..dcc9db287cf --- /dev/null +++ b/unittests/scans/veracode/mitigated_fixed_finding.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/unittests/scans/veracode/sca_embedded_format.json b/unittests/scans/veracode/sca_embedded_format.json new file mode 100644 index 00000000000..ff290379f69 --- /dev/null +++ b/unittests/scans/veracode/sca_embedded_format.json @@ -0,0 +1,618 @@ +{ + "_embedded": { + "findings": [ + { + "scan_type": "SCA", + "description": "spring-boot-autoconfigure is vulnerable to Denial Of Service (DoS). The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which caches the 404 responses. An attacker can cause the application to crash by submitting a request to the welcome page which the server is unable to properly respond to.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-05-31T16:11:27.482Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 4, + "cwe": { + "id": 400, + "name": "Uncontrolled Resource Consumption", + "href": "https://api.veracode.com/appsec/v1/cwes/400" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-20883", + "cvss": 7.1, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-20883", + "severity": "High", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "spring-boot-autoconfigure-2.5.14.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/beta/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/charlie/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/delta/spring-boot-autoconfigure-2.5.14.jar" + } + ], + "version": "2.5.14" + } + }, + { + "scan_type": "SCA", + "description": "Okio is vulnerable to Denial of Service (DoS). The vulnerability arises due to improper handling of the `xlen` parameter in the `consumeHeader` function of `GzipSource.kt`. When the parsing value exceeds `0x7fff` in a maliciously crafted gzip buffer, an attacker can crash the application.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-14T16:50:18.629Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-3635", + "cvss": 5.4, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-3635", + "severity": "Medium", + "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "cvss3": { + "score": 5.9, + "severity": "Medium", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "okio-2.8.0.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/okio-2.8.0.jar" + } + ], + "version": "2.8.0" + } + }, + { + "scan_type": "SCA", + "description": "com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in `FileBackedOutputStream`, which allow an attacker to access the temporary directory.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-06-15T19:19:21.853Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 552, + "name": "Files or Directories Accessible to External Parties", + "href": "https://api.veracode.com/appsec/v1/cwes/552" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-2976", + "cvss": 5.2, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-2976", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:P/A:N", + "cvss3": { + "score": 7.1, + "severity": "High", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "guava-30.0-jre.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/guava-30.0-jre.jar" + }, + { + "path": "path/to/beta/guava-30.0-jre.jar" + }, + { + "path": "path/to/charlie/guava-30.0-jre.jar" + }, + { + "path": "path/to/delta/guava-30.0-jre.jar" + } + ], + "version": "30.0-jre" + } + }, + { + "scan_type": "SCA", + "description": "semver is vulnerable to Regular Expression Denial Of Service (ReDoS) attacks. A malicious user is able to cause parsing slowdowns when untrusted user data is provided as a range via the function `parseRange` due to the usage of regex expression with inefficient time complexity.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-06-29T21:07:28.570Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 1333, + "name": "Inefficient Regular Expression Complexity", + "href": "https://api.veracode.com/appsec/v1/cwes/1333" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "isc", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2022-25883", + "cvss": 5.0, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2022-25883", + "severity": "Medium", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "semver", + "language": "JAVASCRIPT", + "component_path": [ + { + "path": "path/to/alpha/node_modules:semver" + } + ], + "version": "5.7.1" + } + }, + { + "scan_type": "SCA", + "description": "inflight is vulnerable to a Memory Leak. The vulnerability is caused by improper memory management due to a lack of resource freeing, which can result in Denial of Service conditions.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T14:17:13.144Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "isc", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "SRCCLR-SID-41137", + "cvss": 5.0, + "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/search#query=SRCCLR-SID-41137", + "severity": "Medium", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "inflight", + "language": "JAVASCRIPT", + "component_path": [ + { + "path": "path/to/alpha/node_modules:inflight" + } + ], + "version": "1.0.6" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:34.656Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-ext-jdk15on-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-ext-jdk15on-1.69.jar" + }, + { + "path": "path/to/beta/bcprov-ext-jdk15on-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.992Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-jdk15on-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/beta/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/charlie/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/delta/bcprov-jdk15on-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.943Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-jdk15to18-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-jdk15to18-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.649Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-ext-jdk15to18-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-ext-jdk15to18-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the `onsiteURL` regular expression of `antisamy-esapi.xml`, allowing an attacker to inject and execute malicious javascript", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": false, + "finding_status": { + "first_found_date": "2023-02-17T02:54:55.674Z", + "status": "OPEN", + "resolution": "POTENTIAL_FALSE_POSITIVE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 79, + "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "href": "https://api.veracode.com/appsec/v1/cwes/79" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "bsd-3-clause", + "risk_rating": "2" + }, + { + "license_id": "cc-by-sa-3.0", + "risk_rating": "4" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2022-24891", + "cvss": 4.3, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2022-24891", + "severity": "Medium", + "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "cvss3": { + "score": 6.1, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "esapi-2.2.0.0.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha//esapi-2.2.0.0.jar" + } + ], + "version": "2.2.0.0" + } + } + ] + }, + "_links": { + "first": { + "href": "link" + }, + "self": { + "href": "link", + "templated": true + }, + "next": { + "href": "link" + }, + "last": { + "href": "link" + }, + "application": { + "href": "link" + }, + "non-sca": { + "href": "link", + "templated": true + } + }, + "page": { + "size": 5, + "total_elements": 10, + "total_pages": 2, + "number": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/veracode/sca_findings_list_format.json b/unittests/scans/veracode/sca_findings_list_format.json new file mode 100644 index 00000000000..af5cce4a1a9 --- /dev/null +++ b/unittests/scans/veracode/sca_findings_list_format.json @@ -0,0 +1,588 @@ +{ + "findings": [ + { + "scan_type": "SCA", + "description": "spring-boot-autoconfigure is vulnerable to Denial Of Service (DoS). The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which caches the 404 responses. An attacker can cause the application to crash by submitting a request to the welcome page which the server is unable to properly respond to.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-05-31T16:11:27.482Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 4, + "cwe": { + "id": 400, + "name": "Uncontrolled Resource Consumption", + "href": "https://api.veracode.com/appsec/v1/cwes/400" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-20883", + "cvss": 7.1, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-20883", + "severity": "High", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "spring-boot-autoconfigure-2.5.14.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/beta/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/charlie/spring-boot-autoconfigure-2.5.14.jar" + }, + { + "path": "path/to/delta/spring-boot-autoconfigure-2.5.14.jar" + } + ], + "version": "2.5.14" + } + }, + { + "scan_type": "SCA", + "description": "Okio is vulnerable to Denial of Service (DoS). The vulnerability arises due to improper handling of the `xlen` parameter in the `consumeHeader` function of `GzipSource.kt`. When the parsing value exceeds `0x7fff` in a maliciously crafted gzip buffer, an attacker can crash the application.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-14T16:50:18.629Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-3635", + "cvss": 5.4, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-3635", + "severity": "Medium", + "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "cvss3": { + "score": 5.9, + "severity": "Medium", + "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "okio-2.8.0.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/okio-2.8.0.jar" + } + ], + "version": "2.8.0" + } + }, + { + "scan_type": "SCA", + "description": "com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in `FileBackedOutputStream`, which allow an attacker to access the temporary directory.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-06-15T19:19:21.853Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 552, + "name": "Files or Directories Accessible to External Parties", + "href": "https://api.veracode.com/appsec/v1/cwes/552" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "apache-2.0", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-2976", + "cvss": 5.2, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-2976", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:P/A:N", + "cvss3": { + "score": 7.1, + "severity": "High", + "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "guava-30.0-jre.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/guava-30.0-jre.jar" + }, + { + "path": "path/to/beta/guava-30.0-jre.jar" + }, + { + "path": "path/to/charlie/guava-30.0-jre.jar" + }, + { + "path": "path/to/delta/guava-30.0-jre.jar" + } + ], + "version": "30.0-jre" + } + }, + { + "scan_type": "SCA", + "description": "semver is vulnerable to Regular Expression Denial Of Service (ReDoS) attacks. A malicious user is able to cause parsing slowdowns when untrusted user data is provided as a range via the function `parseRange` due to the usage of regex expression with inefficient time complexity.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-06-29T21:07:28.570Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 1333, + "name": "Inefficient Regular Expression Complexity", + "href": "https://api.veracode.com/appsec/v1/cwes/1333" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "isc", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2022-25883", + "cvss": 5.0, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2022-25883", + "severity": "Medium", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "semver", + "language": "JAVASCRIPT", + "component_path": [ + { + "path": "path/to/alpha/node_modules:semver" + } + ], + "version": "5.7.1" + } + }, + { + "scan_type": "SCA", + "description": "inflight is vulnerable to a Memory Leak. The vulnerability is caused by improper memory management due to a lack of resource freeing, which can result in Denial of Service conditions.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T14:17:13.144Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "isc", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "SRCCLR-SID-41137", + "cvss": 5.0, + "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/search#query=SRCCLR-SID-41137", + "severity": "Medium", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "cvss3": { + "score": 7.5, + "severity": "High", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + }, + "product_id": "abc123-bca321", + "component_filename": "inflight", + "language": "JAVASCRIPT", + "component_path": [ + { + "path": "path/to/alpha/node_modules:inflight" + } + ], + "version": "1.0.6" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:34.656Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-ext-jdk15on-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-ext-jdk15on-1.69.jar" + }, + { + "path": "path/to/beta/bcprov-ext-jdk15on-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.992Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-jdk15on-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/beta/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/charlie/bcprov-jdk15on-1.69.jar" + }, + { + "path": "path/to/delta/bcprov-jdk15on-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.943Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-jdk15to18-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-jdk15to18-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "org.bouncycastle is vulnerable to LDAP injection. The vulnerability exists because the `engineGetCRLs` function in `X509LDAPCertStoreSpi.java` does not properly validate the `X.509` certificates, allowing an attacker to insert malicious certificate's subject name with special characters such as `CN=Subject*)(objectclass=.` into an LDAP search filter without any escape mechanism.", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2023-07-06T16:10:32.649Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 295, + "name": "Improper Certificate Validation", + "href": "https://api.veracode.com/appsec/v1/cwes/295" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "mit", + "risk_rating": "2" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2023-33201", + "cvss": 4.6, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2023-33201", + "severity": "Medium", + "vector": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "cvss3": { + "score": 5.3, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "bcprov-ext-jdk15to18-1.69.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha/bcprov-ext-jdk15to18-1.69.jar" + } + ], + "version": "1.69" + } + }, + { + "scan_type": "SCA", + "description": "esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the `onsiteURL` regular expression of `antisamy-esapi.xml`, allowing an attacker to inject and execute malicious javascript", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": false, + "finding_status": { + "first_found_date": "2023-02-17T02:54:55.674Z", + "status": "OPEN", + "resolution": "POTENTIAL_FALSE_POSITIVE", + "new": false, + "resolution_status": "APPROVED", + "last_seen_date": "2023-07-17T00:29:40.651Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 79, + "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "href": "https://api.veracode.com/appsec/v1/cwes/79" + }, + "component_id": "efg456-gfe654", + "licenses": [ + { + "license_id": "bsd-3-clause", + "risk_rating": "2" + }, + { + "license_id": "cc-by-sa-3.0", + "risk_rating": "4" + } + ], + "metadata": { + "sca_scan_mode": "UPLOAD", + "sca_dep_mode": "UNKNOWN" + }, + "cve": { + "name": "CVE-2022-24891", + "cvss": 4.3, + "href": "http://nvd.nist.gov/vuln/detail/CVE-2022-24891", + "severity": "Medium", + "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "cvss3": { + "score": 6.1, + "severity": "Medium", + "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + }, + "product_id": "abc123-bca321", + "component_filename": "esapi-2.2.0.0.jar", + "language": "JAVA", + "component_path": [ + { + "path": "path/to/alpha//esapi-2.2.0.0.jar" + } + ], + "version": "2.2.0.0" + } + } + ] +} \ No newline at end of file diff --git a/unittests/scans/veracode/static_embedded_format.json b/unittests/scans/veracode/static_embedded_format.json new file mode 100644 index 00000000000..f375ff84d34 --- /dev/null +++ b/unittests/scans/veracode/static_embedded_format.json @@ -0,0 +1,194 @@ +{ + "_embedded": { + "findings": [ + { + "issue_id": 16516872, + "scan_type": "STATIC", + "description": "This call to page.html() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 80, + "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "href": "https://api.veracode.com/appsec/v1/cwes/80" + }, + "file_path": "/WEB-INF/views/contact.jsp", + "file_name": "update.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 20, + "name": "Cross-Site Scripting (XSS)", + "href": "https://api.veracode.com/appsec/v1/categories/20" + }, + "procedure": "lambda_3", + "exploitability": 1, + "attack_vector": "page.html", + "file_line_number": 50 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516873, + "scan_type": "STATIC", + "description": "This call to page.html() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 80, + "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "href": "https://api.veracode.com/appsec/v1/cwes/80" + }, + "file_path": "/WEB-INF/views/contact.jsp", + "file_name": "update.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 20, + "name": "Cross-Site Scripting (XSS)", + "href": "https://api.veracode.com/appsec/v1/categories/20" + }, + "procedure": "lambda_4", + "exploitability": 1, + "attack_vector": "page.html", + "file_line_number": 59 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516853, + "scan_type": "STATIC", + "description": "The application contains hard-coded information that may contain credentials to an external service. The use of hard-coded credentials significantly increases the possibility that the account being protected will be compromised. set Store credentials out-of-band from the application code. Follow best practices for protecting credentials stored in locations such as configuration or properties files. References: CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 798, + "name": "Use of Hard-coded Credentials", + "href": "https://api.veracode.com/appsec/v1/cwes/798" + }, + "file_path": "/WEB-INF/layouts/default.jsp", + "file_name": "default.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 10, + "name": "Credentials Management", + "href": "https://api.veracode.com/appsec/v1/categories/10" + }, + "procedure": "!main", + "exploitability": 1, + "attack_vector": "set", + "file_line_number": 135 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516871, + "scan_type": "STATIC", + "description": "SSRF attacks works when an attacker can pass a URL to access other upstream resources. This happens when resource urls aren't validated for expected destination. Attackers can craft a vulnerable URL to access variety of sensitive information like AWS metadata, database services and other web enabled services. As a mitigation, create a list of allowed hosts and protocols and validate every request against it. As far as possible, don't allow URLs coming directly from user to be passed on these APIs.References : CWE 918
                SSRF Attacks                ", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 918, + "name": "Server-Side Request Forgery (SSRF)", + "href": "https://api.veracode.com/appsec/v1/cwes/918" + }, + "file_path": "com/insecure-company-alliance/CoolProduct/class.java", + "file_name": "class.java", + "module": "CoolProduct.jar", + "relative_location": 1, + "finding_category": { + "id": 8, + "name": "Information Leakage", + "href": "https://api.veracode.com/appsec/v1/categories/8" + }, + "procedure": "com.insecure-company-alliance.CoolProduct.Class.execute", + "exploitability": 1, + "attack_vector": "org.apache.http.client.HttpClient.execute", + "file_line_number": 147 + }, + "build_id": 1268436506 + } + ] + }, + "_links": { + "first": { + "href": "link" + }, + "self": { + "href": "link", + "templated": true + }, + "next": { + "href": "link" + }, + "last": { + "href": "link" + }, + "application": { + "href": "link" + }, + "non-sca": { + "href": "link", + "templated": true + } + }, + "page": { + "size": 5, + "total_elements": 10, + "total_pages": 2, + "number": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/veracode/static_findings_list_format.json b/unittests/scans/veracode/static_findings_list_format.json new file mode 100644 index 00000000000..a790a13ce63 --- /dev/null +++ b/unittests/scans/veracode/static_findings_list_format.json @@ -0,0 +1,164 @@ +{ + "findings": [ + { + "issue_id": 16516872, + "scan_type": "STATIC", + "description": "This call to page.html() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 80, + "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "href": "https://api.veracode.com/appsec/v1/cwes/80" + }, + "file_path": "/WEB-INF/views/contact.jsp", + "file_name": "update.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 20, + "name": "Cross-Site Scripting (XSS)", + "href": "https://api.veracode.com/appsec/v1/categories/20" + }, + "procedure": "lambda_3", + "exploitability": 1, + "attack_vector": "page.html", + "file_line_number": 50 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516873, + "scan_type": "STATIC", + "description": "This call to page.html() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "CLOSED", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 80, + "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "href": "https://api.veracode.com/appsec/v1/cwes/80" + }, + "file_path": "/WEB-INF/views/contact.jsp", + "file_name": "update.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 20, + "name": "Cross-Site Scripting (XSS)", + "href": "https://api.veracode.com/appsec/v1/categories/20" + }, + "procedure": "lambda_4", + "exploitability": 1, + "attack_vector": "page.html", + "file_line_number": 59 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516853, + "scan_type": "STATIC", + "description": "The application contains hard-coded information that may contain credentials to an external service. The use of hard-coded credentials significantly increases the possibility that the account being protected will be compromised. set Store credentials out-of-band from the application code. Follow best practices for protecting credentials stored in locations such as configuration or properties files. References: CWE", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 798, + "name": "Use of Hard-coded Credentials", + "href": "https://api.veracode.com/appsec/v1/cwes/798" + }, + "file_path": "/WEB-INF/layouts/default.jsp", + "file_name": "default.jsp", + "module": "CoolProduct.jsa", + "relative_location": -1, + "finding_category": { + "id": 10, + "name": "Credentials Management", + "href": "https://api.veracode.com/appsec/v1/categories/10" + }, + "procedure": "!main", + "exploitability": 1, + "attack_vector": "set", + "file_line_number": 135 + }, + "build_id": 1268436506 + }, + { + "issue_id": 16516871, + "scan_type": "STATIC", + "description": "SSRF attacks works when an attacker can pass a URL to access other upstream resources. This happens when resource urls aren't validated for expected destination. Attackers can craft a vulnerable URL to access variety of sensitive information like AWS metadata, database services and other web enabled services. As a mitigation, create a list of allowed hosts and protocols and validate every request against it. As far as possible, don't allow URLs coming directly from user to be passed on these APIs.References : CWE 918
                SSRF Attacks                ", + "count": 1, + "context_type": "APPLICATION", + "context_guid": "zyx789-xyz987", + "violates_policy": true, + "finding_status": { + "first_found_date": "2021-08-27T07:33:40.989Z", + "status": "OPEN", + "resolution": "UNRESOLVED", + "mitigation_review_status": "NONE", + "new": false, + "resolution_status": "NONE", + "last_seen_date": "2021-09-10T04:06:31.614Z" + }, + "finding_details": { + "severity": 3, + "cwe": { + "id": 918, + "name": "Server-Side Request Forgery (SSRF)", + "href": "https://api.veracode.com/appsec/v1/cwes/918" + }, + "file_path": "com/insecure-company-alliance/CoolProduct/class.java", + "file_name": "class.java", + "module": "CoolProduct.jar", + "relative_location": 1, + "finding_category": { + "id": 8, + "name": "Information Leakage", + "href": "https://api.veracode.com/appsec/v1/categories/8" + }, + "procedure": "com.insecure-company-alliance.CoolProduct.Class.execute", + "exploitability": 1, + "attack_vector": "org.apache.http.client.HttpClient.execute", + "file_line_number": 147 + }, + "build_id": 1268436506 + } + ] +} \ No newline at end of file diff --git a/unittests/scans/veracode/veracode_maven.xml b/unittests/scans/veracode/veracode_maven.xml new file mode 100644 index 00000000000..00d86a185f2 --- /dev/null +++ b/unittests/scans/veracode/veracode_maven.xml @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/unittests/scans/veracode/veracode_scan_changed_severity.xml b/unittests/scans/veracode/veracode_scan_changed_severity.xml new file mode 100644 index 00000000000..1962133ad67 --- /dev/null +++ b/unittests/scans/veracode/veracode_scan_changed_severity.xml @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + component_affects_policy_compliance="false" new="false"> + + + + + + + + + + + + + diff --git a/unittests/scans/veracode/veracode_scan_sca_mitigated.xml b/unittests/scans/veracode/veracode_scan_sca_mitigated.xml new file mode 100644 index 00000000000..f60cb419dae --- /dev/null +++ b/unittests/scans/veracode/veracode_scan_sca_mitigated.xml @@ -0,0 +1,65 @@ + + + + + + + + + + + + > + + + + + + + + + + + + + + + + + + component_affects_policy_compliance="false" new="false"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/unittests/scans/veracode_sca/veracode_sca.csv b/unittests/scans/veracode_sca/veracode_sca.csv new file mode 100644 index 00000000000..3fe76c8eccf --- /dev/null +++ b/unittests/scans/veracode_sca/veracode_sca.csv @@ -0,0 +1,4 @@ +"Issue ID","Issue type","Ignored","Status","Project ID","Library","Version in use","Library release date","Package manager","Coordinate 1","Coordinate 2","Latest version","Latest release date","Project","Branch","Tag","Issue opened: Scan ID","Issue opened: Scan date","Issue fixed: Scan ID","Issue fixed: Scan date","Dependency (Transitive or Direct)","Scan","Scan date","Vulnerability ID","Title","CVSS score","Severity","CVE","Public or Veracode Customer Access","Disclosure date","Has vulnerable methods","Number of vulnerable methods","Updated release date","Release date","Updated Version","License","License Risk" +127637430,"Vulnerability",false,"Open",369423,"AWS Java SDK for Amazon S3","1.11.951","8 Feb 2021 00:00AM GMT","MAVEN","com.amazonaws","aws-java-sdk-s3","1.12.277","8 Aug 2022 01:00AM GMT","some-project","master",,38648137,"7 Jul 2022 09:15AM GMT","","","Transitive",39777838,"8 Aug 2022 10:01AM GMT",36376,"Path Traversal",6.4,"Medium","2022-31159","Public Disclosure","15 Jul 2022 00:00AM GMT",false,0,"","",,,"" +122648496,"Vulnerability",false,"Open",369423,"spring-cloud-function-context","3.2.5","26 May 2022 01:00AM GMT","MAVEN","org.springframework.cloud","spring-cloud-function-context","4.0.0-M4","29 Jul 2022 01:00AM GMT","some-project","master",,37831009,"14 Jun 2022 11:34AM GMT","","","Transitive",39777838,"8 Aug 2022 10:01AM GMT",36006,"Denial Of Service (DoS)",5,"Medium","2022-22979","Public Disclosure","15 Jun 2022 00:00AM GMT",false,0,"","",,,"" +126041205,"Vulnerability",false,"Resolved",203830,"Apache Commons Configuration","2.1.1","5 Feb 2017 00:00AM GMT","MAVEN","org.apache.commons","commons-configuration2","2.8.0","30 Jun 2022 01:00AM GMT","some-project","master",,38492656,"2 Jul 2022 23:19PM GMT",39357916,"2022-07-27T08:27:30.217+00:00","Direct",38980296,"16 Jul 2022 23:05PM GMT",36282,"Arbitrary Code Execution",7.5,"High","2022-33980","Public Disclosure","14 Jun 2022 00:00AM GMT",false,0,"","",,,"" diff --git a/unittests/scans/veracode_sca/veracode_sca.json b/unittests/scans/veracode_sca/veracode_sca.json new file mode 100644 index 00000000000..3c4e09d3379 --- /dev/null +++ b/unittests/scans/veracode_sca/veracode_sca.json @@ -0,0 +1 @@ +{"_embedded":{"issues":[{"id":"ddcc6e1b-3ed9-45c8-b77a-ead759fb5e2c","site_id":129556889,"created_date":"2022-07-29T05:13:00.924+0000","issue_status":"open","issue_type":"vulnerability","ignored":false,"severity":8.8,"workspace_id":"12345","project_id":"12345","project_name":"some-project","project_branch":"master","library":{"id":"maven:org.apache.calcite.avatica:avatica-core:1.11.0:","name":"Apache Calcite Avatica","version":"1.11.0","release_date":"2018-03-06","latest_version":"1.22.0","latest_version_release_date":"2022-07-26","direct":true,"transitive":false,"_links":{"self":{"href":"https://api.veracode.com/srcclr/v3/libraries/maven:org.apache.calcite.avatica:avatica-core:1.11.0:"}}},"vulnerability":{"id":"36527","title":"Arbitrary Code Execution","cve":"2022-36364","cvss2_vector":"(AV:L/AC:L/Au:S/C:P/I:P/A:P)","cvss3_vector":"AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss2_score":4.3,"cvss3_score":8.8,"cwe_id":"CWE-665","_links":{"self":{"href":"https://api.veracode.com/srcclr/v3/vulnerabilities/36527"}}},"vulnerable_method":false,"_links":{"vulnerability":{"href":"https://api.veracode.com/srcclr/v3/vulnerabilities/36527"},"workspace":{"href":"https://api.veracode.com/srcclr/v3/workspaces/123456"},"html":{"href":"https://sca.analysiscenter.veracode.com/teams/X33hjMQ/issues/vulnerabilities/12345"},"self":{"href":"https://api.veracode.com/srcclr/v3/issues/12355"}}}]},"_links":{"self":{"href":"https://api.veracode.com/srcclr/v3/workspaces/12345/issues?type=vulnerability&project_id=1234&page=0&size=200&sort=id,desc"}},"page":{"size":200,"total_elements":1,"total_pages":1,"number":0}} diff --git a/unittests/scans/veracode_sca/veracode_sca_fixed.json b/unittests/scans/veracode_sca/veracode_sca_fixed.json new file mode 100644 index 00000000000..e3746fecd0b --- /dev/null +++ b/unittests/scans/veracode_sca/veracode_sca_fixed.json @@ -0,0 +1 @@ +{"_embedded": {"issues": [{"id": "8ef6657a-bd7b-4f18-8107-e5c7b320f718", "site_id": 127637430, "created_date": "2022-07-18T15:49:10.704+0000", "issue_status": "fixed", "issue_type": "vulnerability", "ignored": false, "severity": 6.5, "workspace_id": "cf0a843f-b732-4a2b-ade8-a36ff3ae0181", "project_id": "d5535c41-439a-4d06-a600-4b6da095edda", "project_name": "some-project", "project_branch": "master", "library": {"id": "maven:com.amazonaws:aws-java-sdk-s3:1.11.951:", "name": "AWS Java SDK for Amazon S3", "version": "1.11.951", "release_date": "2021-02-08", "latest_version": "1.12.307", "latest_version_release_date": "2022-09-20", "direct": false, "transitive": true, "_links": {"self": {"href": "https://api.veracode.com/srcclr/v3/libraries/maven:com.amazonaws:aws-java-sdk-s3:1.11.951:"}}}, "vulnerability": {"id": "36376", "title": "Path Traversal", "cve": "2022-31159", "cvss2_vector": "", "cvss3_vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss2_score": 6.4, "cvss3_score": 6.5, "cwe_id": "CWE-22", "_links": {"self": {"href": "https://api.veracode.com/srcclr/v3/vulnerabilities/36376"}}}, "vulnerable_method": false, "_links": {"vulnerability": {"href": "https://api.veracode.com/srcclr/v3/vulnerabilities/36376"}, "workspace": {"href": "https://api.veracode.com/srcclr/v3/workspaces/cf0a043f-b752-4a2b-ade8-a36fe3ae0285"}, "html": {"href": "https://sca.analysiscenter.veracode.com/teams/dppFqb3/issues/vulnerabilities/12345"}, "self": {"href": "https://api.veracode.com/srcclr/v3/issues/8ef6552a-bd7b-4f18-8107-12345"}}}]}} diff --git a/unittests/scans/wazuh/many_findings.json b/unittests/scans/wazuh/many_findings.json new file mode 100644 index 00000000000..3543150b66c --- /dev/null +++ b/unittests/scans/wazuh/many_findings.json @@ -0,0 +1,264 @@ +{ + "data": { + "affected_items": [ + { + "architecture": "amd64", + "condition": "Package unfixed", + "cve": "CVE-YYYY-fjiewof", + "cvss2_score": 7.5, + "cvss3_score": 9.8, + "detection_time": "2023-02-08T13:55:24Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-fjiewof", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-fjiewof" + ], + "name": "123123", + "published": "1980-04-22", + "severity": "Critical", + "status": "VALID", + "title": "CVE-YYYY-fjiewof affects 123123", + "type": "PACKAGE", + "updated": "2021-02-25", + "version": "2.11" + }, + { + "architecture": "all", + "condition": "Package unfixed", + "cve": "CVE-YYYY-UIOOOI", + "cvss2_score": 0, + "cvss3_score": 0, + "detection_time": "2023-02-08T13:55:35Z", + "external_references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-UIOOOI" + ], + "name": "asdfasdfsadfsdf", + "published": "1980-05-17T18:00:00Z", + "severity": "Low", + "status": "VALID", + "title": "CVE-YYYY-UIOOOI affects asdfasdfsadfsdf", + "type": "PACKAGE", + "version": "2.28" + }, + { + "architecture": "amd64", + "condition": "Package unfixed", + "cve": "CVE-YYYY-fjiewof", + "cvss2_score": 7.5, + "cvss3_score": 9.8, + "detection_time": "2023-02-08T13:55:24Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-fjiewof", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-fjiewof" + ], + "name": "test", + "published": "1980-04-22", + "severity": "Critical", + "status": "VALID", + "title": "CVE-YYYY-fjiewof affects test", + "type": "PACKAGE", + "updated": "2021-02-25", + "version": "123.1" + }, + { + "architecture": "amd64", + "condition": "Package unfixed", + "cve": "CVE-YYYY-YYfwef", + "cvss2_score": 0, + "cvss3_score": 0, + "detection_time": "2023-02-08T13:55:20Z", + "external_references": [ + "https://access.redhat.com/security/cve/CVE-YYYY-YYfwef", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-YYfwef" + ], + "name": "123123", + "published": "1980-02-01", + "severity": "Low", + "status": "VALID", + "title": "CVE-YYYY-YYfwef affects 123123", + "type": "PACKAGE", + "version": "28" + }, + { + "architecture": "amd64", + "condition": "Package unfixed", + "cve": "CVE-YYYY-ff43a", + "cvss2_score": 4.3, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T13:55:24Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-ff43a", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ff43a" + ], + "name": "123123", + "published": "1980-07-23", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-ff43a affects 123123", + "type": "PACKAGE", + "updated": "2022-04-18", + "version": "28" + }, + { + "architecture": "amd64", + "condition": "Package less than 15", + "cve": "CVE-YYYY-KLWI", + "cvss2_score": 4, + "cvss3_score": 6.5, + "detection_time": "2023-02-08T16:33:28Z", + "external_references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-KLWI" + ], + "name": "b123ost", + "published": "1980-04-29", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-KLWI affects b123ost", + "type": "PACKAGE", + "updated": "2022-04-25", + "version": "1892123.891.10" + }, + { + "architecture": "all", + "condition": "Package less than 2u2", + "cve": "CVE-YYYY-jfjieo", + "cvss2_score": 0, + "cvss3_score": 0, + "detection_time": "2023-02-08T16:34:09Z", + "external_references": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-jfjieo" + ], + "name": "teststestse", + "severity": "Untriaged", + "status": "VALID", + "title": "CVE-YYYY-jfjieo affects teststestse", + "type": "PACKAGE", + "version": "2u1" + }, + { + "architecture": "amd64", + "condition": "Package less than 422", + "cve": "CVE-YYYY-XXXXX", + "cvss2_score": 0, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T13:55:10Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX" + ], + "name": "123123123", + "published": "1980-09-01", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-XXXXX affects 123123123", + "type": "PACKAGE", + "updated": "2022-09-07", + "version": "42" + }, + { + "architecture": "amd64", + "condition": "Package less than 1:1238", + "cve": "CVE-YYYY-IJKL", + "cvss2_score": 0, + "cvss3_score": 7.5, + "detection_time": "2023-02-08T16:34:30Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-IJKL", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-IJKL" + ], + "name": "jfiowaefjeow", + "published": "1980-09-21", + "severity": "High", + "status": "VALID", + "title": "CVE-YYYY-IJKL affects jfiowaefjeow", + "type": "PACKAGE", + "updated": "2022-11-03", + "version": "1892123.891.10" + }, + { + "architecture": "amd64", + "condition": "Package less than 1:1238", + "cve": "CVE-YYYY-jfioe", + "cvss2_score": 0, + "cvss3_score": 7.5, + "detection_time": "2023-02-08T16:34:39Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-jfioe", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-jfioe" + ], + "name": "uiuiui", + "published": "1980-09-21", + "severity": "High", + "status": "VALID", + "title": "CVE-YYYY-jfioe affects uiuiui", + "type": "PACKAGE", + "updated": "2022-12-28", + "version": "1892123.891.10" + }, + { + "architecture": "amd64", + "condition": "Package less than lorem impsumversion", + "cve": "CVE-YYYY-EFGH", + "cvss2_score": 0, + "cvss3_score": 7.5, + "detection_time": "2023-02-08T16:34:40Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-EFGH", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-EFGH" + ], + "name": "bfasf", + "published": "1980-09-21", + "severity": "High", + "status": "VALID", + "title": "CVE-YYYY-EFGH affects bfasf", + "type": "PACKAGE", + "updated": "2022-12-28", + "version": "1892123.891.10" + }, + { + "architecture": "amd64", + "condition": "Package unfixed", + "cve": "CVE-YYYY-ABCD", + "cvss2_score": 1.2, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T16:34:07Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-ABCD", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ABCD" + ], + "name": "fewfef", + "published": "1980-07-30", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-ABCD affects fewfef", + "type": "PACKAGE", + "updated": "2021-10-18", + "version": "2.33.1-0.1" + }, + { + "architecture": "amd64", + "condition": "Package less than 12312304.2", + "cve": "CVE-YYYY-XXXXX", + "cvss2_score": 0, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T13:55:10Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX" + ], + "name": "asfasdfsafd", + "published": "1980-09-01", + "severity": "Medium", + "status": "UNTRIAGED", + "title": "CVE-YYYY-XXXXX affects asfasdfsafd", + "type": "PACKAGE", + "updated": "2022-09-07", + "version": "3.2" + } + ], + "failed_items": [], + "total_affected_items": 13, + "total_failed_items": 0 + }, + "error": 0, + "message": "All selected vulnerabilities were returned" +} \ No newline at end of file diff --git a/unittests/scans/wazuh/no_findings.json b/unittests/scans/wazuh/no_findings.json new file mode 100644 index 00000000000..6d28049cc16 --- /dev/null +++ b/unittests/scans/wazuh/no_findings.json @@ -0,0 +1,10 @@ +{ + "data": { + "affected_items": [], + "failed_items": [], + "total_affected_items": 0, + "total_failed_items": 0 + }, + "error": 0, + "message": "All selected vulnerabilities were returned" +} \ No newline at end of file diff --git a/unittests/scans/wazuh/one_finding.json b/unittests/scans/wazuh/one_finding.json new file mode 100644 index 00000000000..a3ab190a4b4 --- /dev/null +++ b/unittests/scans/wazuh/one_finding.json @@ -0,0 +1,31 @@ +{ + "data": { + "affected_items": [ + { + "architecture": "amd64", + "condition": "Package less than 4.3.2", + "cve": "CVE-1234-123123", + "cvss2_score": 0, + "cvss3_score": 5.5, + "detection_time": "2023-02-08T13:55:10Z", + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX" + ], + "name": "asdf", + "published": "2022-09-01", + "severity": "Medium", + "status": "VALID", + "title": "CVE-YYYY-XXXXX affects asdf", + "type": "PACKAGE", + "updated": "2022-09-07", + "version": "4.3.1" + } + ], + "failed_items": [], + "total_affected_items": 1, + "total_failed_items": 0 + }, + "error": 0, + "message": "All selected vulnerabilities were returned" +} \ No newline at end of file diff --git a/unittests/scans/wazuh/one_finding_with_endpoint.json b/unittests/scans/wazuh/one_finding_with_endpoint.json new file mode 100644 index 00000000000..5363d0f13ed --- /dev/null +++ b/unittests/scans/wazuh/one_finding_with_endpoint.json @@ -0,0 +1,29 @@ +{ + "data": { + "affected_items": [ + { + "name": "asdf", + "version": "1", + "cve": "CVE-1234-1234", + "cvss2_score": 0, + "title": "CVE-1234-1234 affects curl", + "published": "2023-12-07", + "architecture": "amd64", + "status": "VALID", + "cvss3_score": 6.5, + "external_references": [ + "https://nvd.nist.gov/vuln/detail/CVE-1234-1234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1234-1234" + ], + "updated": "2023-12-24", + "severity": "Medium", + "type": "PACKAGE", + "detection_time": "2023-12-13T22:11:57+00:00", + "condition": "Package less than 2", + "agent_ip": "111.111.111.111", + "agent_name": "agent-1" + } + ], + "total_affected_items": 1 + } +} \ No newline at end of file diff --git a/unittests/scans/wfuzz/issue_7863.json b/unittests/scans/wfuzz/issue_7863.json new file mode 100644 index 00000000000..e98b8ad9f08 --- /dev/null +++ b/unittests/scans/wfuzz/issue_7863.json @@ -0,0 +1,14 @@ +[ + { + "chars": 2823, + "code": 404, + "payload": "/server-status | GET /server-status HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Wfuzz/3.1.0\nHost: example.com\n\n", + "lines": 0, + "location": "", + "method": "GET", + "post_data": [], + "server": "", + "url": "https://example.com/server-status", + "words": 60 + } +] \ No newline at end of file diff --git a/unittests/scans/whispers/empty_with_error.json b/unittests/scans/whispers/empty_with_error.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/unittests/scans/whispers/empty_with_error.json @@ -0,0 +1 @@ +[] diff --git a/unittests/scans/whispers/whispers_many_vul.json b/unittests/scans/whispers/whispers_many_vul.json new file mode 100644 index 00000000000..171b95c1687 --- /dev/null +++ b/unittests/scans/whispers/whispers_many_vul.json @@ -0,0 +1 @@ +[{"key": "01_static_password", "value": "hardcoded0", "file": "src/config.yml", "line": 12, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}, {"key": "02_static_passwords", "value": "Hardcoded1", "file": "src/config.yml", "line": 14, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}, {"key": "02_static_passwords", "value": "hardCoded2", "file": "src/config.yml", "line": 15, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}, {"key": "02_static_passwords", "value": "haRdcOded3", "file": "src/config.yml", "line": 16, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}, {"key": "password", "value": "hardcodEd", "file": "src/config.yml", "line": 19, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}] diff --git a/unittests/scans/whispers/whispers_one_vul.json b/unittests/scans/whispers/whispers_one_vul.json new file mode 100644 index 00000000000..dca4eda44fe --- /dev/null +++ b/unittests/scans/whispers/whispers_one_vul.json @@ -0,0 +1 @@ +[{"key": "pip password", "value": "hardcoded", "file": "src/pip.conf", "line": 2, "rule_id": "pip", "message": "pip.conf Password", "severity": "CRITICAL"}] diff --git a/unittests/scans/whispers/whispers_one_vul_v2.2.json b/unittests/scans/whispers/whispers_one_vul_v2.2.json new file mode 100644 index 00000000000..86563c46599 --- /dev/null +++ b/unittests/scans/whispers/whispers_one_vul_v2.2.json @@ -0,0 +1 @@ +[{"key": "pip password", "value": "hardcoded", "file": "src/pip.conf", "line": 2, "rule_id": "pip", "message": "pip.conf Password", "severity": "High"}] diff --git a/unittests/scans/whispers/whispers_zero_vul.json b/unittests/scans/whispers/whispers_zero_vul.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/unittests/scans/whispers/whispers_zero_vul.json @@ -0,0 +1 @@ +[] diff --git a/unittests/scans/whitesource_sample/okhttp_one_vuln.json b/unittests/scans/whitesource_sample/okhttp_one_vuln.json deleted file mode 100644 index f9903baae70..00000000000 --- a/unittests/scans/whitesource_sample/okhttp_one_vuln.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "vulnerabilities":[ - { - "name":"WS-2009-0001", - "type":"WS", - "severity":"low", - "score":"0.0", - "publishDate":"2007-10-07", - "lastUpdatedDate":"2009-08-06", - "url":"https://issues.apache.org/jira/browse/CODEC-55", - "description":"Not all \"business\" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.\n\nUpdated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability", - "project":"okhttp", - "product":"okhttp", - "library":{ - "keyUuid":"9aa14ac7-e415-4ed5-be35-bd2957fd7fd2", - "filename":"commons-codec-1.3.jar", - "name":"Codec", - "groupId":"commons-codec", - "artifactId":"commons-codec", - "version":"1.3", - "sha1":"fd32786786e2adb664d5ecc965da47629dca14ba", - "type":"MAVEN_ARTIFACT", - "description":"The codec package contains simple encoder and decoders for\n various formats such as Base64 and Hexadecimal. In addition to these\n widely used encoders and decoders, the codec package also maintains a\n collection of phonetic encoding utilities.", - "architecture":"", - "languageVersion":"" - } - } - ] -} \ No newline at end of file diff --git a/unittests/scans/wpscan/issue5774.json b/unittests/scans/wpscan/issue5774.json new file mode 100644 index 00000000000..53fb5eb232c --- /dev/null +++ b/unittests/scans/wpscan/issue5774.json @@ -0,0 +1,1265 @@ +{ + "banner": { + "description": "WordPress Security Scanner by the WPScan Team", + "version": "3.8.20", + "authors": [ + "@_WPScan_", + "@ethicalhack3r", + "@erwan_lr", + "@firefart" + ], + "sponsor": "Sponsored by Automattic - https://automattic.com/" + }, + "start_time": 1642783425, + "start_memory": 46145536, + "target_url": "http://example.com/wordpress/", + "target_ip": "78.46.101.82", + "effective_url": "http://example.com/wordpress/", + "interesting_findings": [ + { + "url": "http://example.com/wordpress/", + "to_s": "Headers", + "type": "headers", + "found_by": "Headers (Passive Detection)", + "confidence": 100, + "confirmed_by": { + + }, + "references": { + + }, + "interesting_entries": [ + "x-cdn-diag: jfk4-2051-2-9270-r-0-0-304-0.068--;2051-14-9468----0-0-72" + ] + }, + { + "url": "http://example.com/wordpress/xmlrpc.php", + "to_s": "XML-RPC seems to be enabled: http://example.com/wordpress/xmlrpc.php", + "type": "xmlrpc", + "found_by": "Link Tag (Passive Detection)", + "confidence": 30, + "confirmed_by": { + + }, + "references": { + "url": [ + "http://codex.wordpress.org/XML-RPC_Pingback_API" + ], + "metasploit": [ + "auxiliary/scanner/http/wordpress_ghost_scanner", + "auxiliary/dos/http/wordpress_xmlrpc_dos", + "auxiliary/scanner/http/wordpress_xmlrpc_login", + "auxiliary/scanner/http/wordpress_pingback_access" + ] + }, + "interesting_entries": [ + + ] + } + ], + "version": { + "number": "4.7.6", + "release_date": "2017-09-19", + "status": "insecure", + "found_by": "Emoji Settings (Passive Detection)", + "confidence": 100, + "interesting_entries": [ + "http://example.com/wordpress/, Match: 'wp-includes\\/js\\/wp-emoji-release.min.js?ver=4.7.6'" + ], + "confirmed_by": { + "Meta Generator (Passive Detection)": { + "confidence": 60, + "interesting_entries": [ + "http://example.com/wordpress/, Match: 'WordPress 4.7.6'" + ] + } + }, + "vulnerabilities": [ + { + "title": "WordPress 2.3-4.8.3 - Host Header Injection in Password Reset", + "fixed_in": null, + "references": { + "cve": [ + "2017-8295" + ], + "url": [ + "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html", + "https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html", + "https://core.trac.wordpress.org/ticket/25239" + ], + "wpvulndb": [ + "b3f2f3db-75e4-4d48-ae5e-d4ff172bc093" + ] + } + }, + { + "title": "WordPress <= 4.8.2 - $wpdb->prepare() Weakness", + "fixed_in": "4.7.7", + "references": { + "cve": [ + "2017-16510" + ], + "url": [ + "https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/", + "https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d", + "https://twitter.com/ircmaxell/status/923662170092638208", + "https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html" + ], + "wpvulndb": [ + "c161f0f0-6527-4ba4-a43d-36c644e250fc" + ] + } + }, + { + "title": "WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload", + "fixed_in": "4.7.8", + "references": { + "cve": [ + "2017-17092" + ], + "url": [ + "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509" + ], + "wpvulndb": [ + "0d2323bd-aecd-4d58-ba4b-597a43034f57" + ] + } + }, + { + "title": "WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping", + "fixed_in": "4.7.8", + "references": { + "cve": [ + "2017-17094" + ], + "url": [ + "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de" + ], + "wpvulndb": [ + "1f71a775-e87e-47e9-9642-bf4bce99c332" + ] + } + }, + { + "title": "WordPress 4.3.0-4.9 - HTML Language Attribute Escaping", + "fixed_in": "4.7.8", + "references": { + "cve": [ + "2017-17093" + ], + "url": [ + "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a" + ], + "wpvulndb": [ + "a6281b30-c272-4d44-9420-2ebd3c8ff7da" + ] + } + }, + { + "title": "WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing", + "fixed_in": "4.7.8", + "references": { + "cve": [ + "2017-17091" + ], + "url": [ + "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c" + ], + "wpvulndb": [ + "809f68d5-97aa-44e5-b181-cc7bdf5685c5" + ] + } + }, + { + "title": "WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)", + "fixed_in": "4.7.9", + "references": { + "cve": [ + "2018-5776", + "2016-9263" + ], + "url": [ + "https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850", + "https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/", + "https://core.trac.wordpress.org/ticket/42720" + ], + "wpvulndb": [ + "6ac45244-9f09-4e9c-92f3-f339d450fe72" + ] + } + }, + { + "title": "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + "fixed_in": null, + "references": { + "cve": [ + "2018-6389" + ], + "url": [ + "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html", + "https://github.com/quitten/doser.py", + "https://thehackernews.com/2018/02/wordpress-dos-exploit.html" + ], + "wpvulndb": [ + "5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919" + ] + } + }, + { + "title": "WordPress 3.7-4.9.4 - Remove localhost Default", + "fixed_in": "4.7.10", + "references": { + "cve": [ + "2018-10101" + ], + "url": [ + "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216" + ], + "wpvulndb": [ + "835614a2-ad92-4027-b485-24b39038171d" + ] + } + }, + { + "title": "WordPress 3.7-4.9.4 - Use Safe Redirect for Login", + "fixed_in": "4.7.10", + "references": { + "cve": [ + "2018-10100" + ], + "url": [ + "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e" + ], + "wpvulndb": [ + "01b587e0-0a86-47af-a088-6e5e350e8247" + ] + } + }, + { + "title": "WordPress 3.7-4.9.4 - Escape Version in Generator Tag", + "fixed_in": "4.7.10", + "references": { + "cve": [ + "2018-10102" + ], + "url": [ + "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d" + ], + "wpvulndb": [ + "2b7c77c3-8dbc-4a2a-9ea3-9929c3373557" + ] + } + }, + { + "title": "WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion", + "fixed_in": "4.7.11", + "references": { + "cve": [ + "2018-12895" + ], + "url": [ + "https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/", + "http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/", + "https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd", + "https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/", + "https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/" + ], + "wpvulndb": [ + "42ab2bd9-bbb1-4f25-a632-1811c5130bb4" + ] + } + }, + { + "title": "WordPress <= 5.0 - Authenticated File Delete", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20147" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" + ], + "wpvulndb": [ + "e3ef8976-11cb-4854-837f-786f43cbdf44" + ] + } + }, + { + "title": "WordPress <= 5.0 - Authenticated Post Type Bypass", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20152" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", + "https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/" + ], + "wpvulndb": [ + "999dba5a-82fb-4717-89c3-6ed723cc7e45" + ] + } + }, + { + "title": "WordPress <= 5.0 - PHP Object Injection via Meta Data", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20148" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" + ], + "wpvulndb": [ + "046ff6a0-90b2-4251-98fc-b7fba93f8334" + ] + } + }, + { + "title": "WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20153" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" + ], + "wpvulndb": [ + "3182002e-d831-4412-a27d-a5e39bb44314" + ] + } + }, + { + "title": "WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20150" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", + "https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460" + ], + "wpvulndb": [ + "7f7a0795-4dd7-417d-804e-54f12595d1e4" + ] + } + }, + { + "title": "WordPress <= 5.0 - User Activation Screen Search Engine Indexing", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20151" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" + ], + "wpvulndb": [ + "65f1aec4-6d28-4396-88d7-66702b21c7a2" + ] + } + }, + { + "title": "WordPress <= 5.0 - File Upload to XSS on Apache Web Servers", + "fixed_in": "4.7.12", + "references": { + "cve": [ + "2018-20149" + ], + "url": [ + "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", + "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a" + ], + "wpvulndb": [ + "d741f5ae-52ca-417d-a2ca-acdfb7ca5808" + ] + } + }, + { + "title": "WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution", + "fixed_in": "5.0.1", + "references": { + "cve": [ + "2019-8942", + "2019-8943" + ], + "url": [ + "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/", + "https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce" + ], + "wpvulndb": [ + "1a693e57-f99c-4df6-93dd-0cdc92fd0526" + ] + } + }, + { + "title": "WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)", + "fixed_in": "4.7.13", + "references": { + "cve": [ + "2019-9787" + ], + "url": [ + "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b", + "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/", + "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/" + ], + "wpvulndb": [ + "d150f43f-6030-4191-98b8-20ae05585936" + ] + } + }, + { + "title": "WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation", + "fixed_in": "4.7.14", + "references": { + "cve": [ + "2019-16222" + ], + "url": [ + "https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68", + "https://hackerone.com/reports/339483" + ], + "wpvulndb": [ + "4494a903-5a73-4cad-8c14-1e7b4da2be61" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - Stored XSS in Customizer", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17674" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + ], + "wpvulndb": [ + "d39a7b84-28b9-4916-a2fc-6192ceb6fa56" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17671" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308", + "https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/" + ], + "wpvulndb": [ + "3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - Stored XSS in Style Tags", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17672" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + ], + "wpvulndb": [ + "d005b1f8-749d-438a-8818-21fba45c6465" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - JSON Request Cache Poisoning", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17673" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + ], + "wpvulndb": [ + "7804d8ed-457a-407e-83a7-345d3bbe07b2" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation ", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17669", + "2019-17670" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + ], + "wpvulndb": [ + "26a26de2-d598-405d-b00c-61f71cfacff6" + ] + } + }, + { + "title": "WordPress <= 5.2.3 - Admin Referrer Validation", + "fixed_in": "4.7.15", + "references": { + "cve": [ + "2019-17675" + ], + "url": [ + "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0", + "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + ], + "wpvulndb": [ + "715c00e3-5302-44ad-b914-131c162c3f71" + ] + } + }, + { + "title": "WordPress <= 5.3 - Authenticated Improper Access Controls in REST API", + "fixed_in": "4.7.16", + "references": { + "cve": [ + "2019-20043", + "2019-16788" + ], + "url": [ + "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" + ], + "wpvulndb": [ + "4a6de154-5fbd-4c80-acd3-8902ee431bd8" + ] + } + }, + { + "title": "WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links", + "fixed_in": "4.7.16", + "references": { + "cve": [ + "2019-20042" + ], + "url": [ + "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", + "https://hackerone.com/reports/509930", + "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7" + ], + "wpvulndb": [ + "23553517-34e3-40a9-a406-f3ffbe9dd265" + ] + } + }, + { + "title": "WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content", + "fixed_in": "4.7.16", + "references": { + "cve": [ + "2019-16781", + "2019-16780" + ], + "url": [ + "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v" + ], + "wpvulndb": [ + "be794159-4486-4ae1-a5cc-5c190e5ddf5f" + ] + } + }, + { + "title": "WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass", + "fixed_in": "4.7.16", + "references": { + "cve": [ + "2019-20041" + ], + "url": [ + "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", + "https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53" + ], + "wpvulndb": [ + "8fac612b-95d2-477a-a7d6-e5ec0bb9ca52" + ] + } + }, + { + "title": "WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated", + "fixed_in": "4.7.17", + "references": { + "cve": [ + "2020-11027" + ], + "url": [ + "https://wordpress.org/news/2020/04/wordpress-5-4-1/", + "https://core.trac.wordpress.org/changeset/47634/", + "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw" + ], + "wpvulndb": [ + "7db191c0-d112-4f08-a419-a1cd81928c4e" + ] + } + }, + { + "title": "WordPress < 5.4.1 - Unauthenticated Users View Private Posts", + "fixed_in": "4.7.17", + "references": { + "cve": [ + "2020-11028" + ], + "url": [ + "https://wordpress.org/news/2020/04/wordpress-5-4-1/", + "https://core.trac.wordpress.org/changeset/47635/", + "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w" + ], + "wpvulndb": [ + "d1e1ba25-98c9-4ae7-8027-9632fb825a56" + ] + } + }, + { + "title": "WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer", + "fixed_in": "4.7.17", + "references": { + "cve": [ + "2020-11025" + ], + "url": [ + "https://wordpress.org/news/2020/04/wordpress-5-4-1/", + "https://core.trac.wordpress.org/changeset/47633/", + "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c" + ], + "wpvulndb": [ + "4eee26bd-a27e-4509-a3a5-8019dd48e429" + ] + } + }, + { + "title": "WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache", + "fixed_in": "4.7.17", + "references": { + "cve": [ + "2020-11029" + ], + "url": [ + "https://wordpress.org/news/2020/04/wordpress-5-4-1/", + "https://core.trac.wordpress.org/changeset/47637/", + "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c" + ], + "wpvulndb": [ + "e721d8b9-a38f-44ac-8520-b4a9ed6a5157" + ] + } + }, + { + "title": "WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads", + "fixed_in": "4.7.17", + "references": { + "cve": [ + "2020-11026" + ], + "url": [ + "https://wordpress.org/news/2020/04/wordpress-5-4-1/", + "https://core.trac.wordpress.org/changeset/47638/", + "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2", + "https://hackerone.com/reports/179695" + ], + "wpvulndb": [ + "55438b63-5fc9-4812-afc4-2f1eff800d5f" + ] + } + }, + { + "title": "WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure", + "fixed_in": "4.7.20", + "references": { + "cve": [ + "2021-29450" + ], + "url": [ + "https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/", + "https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html", + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq", + "https://core.trac.wordpress.org/changeset/50717/" + ], + "youtube": [ + "https://www.youtube.com/watch?v=J2GXmxAdNWs" + ], + "wpvulndb": [ + "6a3ec618-c79e-4b9c-9020-86b157458ac5" + ] + } + }, + { + "title": "WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer", + "fixed_in": "4.7.21", + "references": { + "cve": [ + "2020-36326", + "2018-19296" + ], + "url": [ + "https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62", + "https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/", + "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9", + "https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/" + ], + "youtube": [ + "https://www.youtube.com/watch?v=HaW15aMzBUM" + ], + "wpvulndb": [ + "4cd46653-4470-40ff-8aac-318bee2f998d" + ] + } + }, + { + "title": "WordPress < 5.8 - Plugin Confusion", + "fixed_in": "5.8", + "references": { + "cve": [ + "2021-44223" + ], + "url": [ + "https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/" + ], + "wpvulndb": [ + "95e01006-84e4-4e95-b5d7-68ea7b5aa1a8" + ] + } + }, + { + "title": "WordPress < 5.8.3 - SQL Injection via WP_Query", + "fixed_in": "4.7.22", + "references": { + "cve": [ + "2022-21661" + ], + "url": [ + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84", + "https://hackerone.com/reports/1378209" + ], + "wpvulndb": [ + "7f768bcf-ed33-4b22-b432-d1e7f95c1317" + ] + } + }, + { + "title": "WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs", + "fixed_in": "4.7.22", + "references": { + "cve": [ + "2022-21662" + ], + "url": [ + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w", + "https://hackerone.com/reports/425342", + "https://blog.sonarsource.com/wordpress-stored-xss-vulnerability" + ], + "wpvulndb": [ + "dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8" + ] + } + }, + { + "title": "WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query", + "fixed_in": "4.7.22", + "references": { + "cve": [ + "2022-21664" + ], + "url": [ + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86" + ], + "wpvulndb": [ + "24462ac4-7959-4575-97aa-a6dcceeae722" + ] + } + }, + { + "title": "WordPress < 5.8.3 - Super Admin Object Injection in Multisites", + "fixed_in": "4.7.22", + "references": { + "cve": [ + "2022-21663" + ], + "url": [ + "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h", + "https://hackerone.com/reports/541469" + ], + "wpvulndb": [ + "008c21ab-3d7e-4d97-b6c3-db9d83f390a7" + ] + } + } + ] + }, + "main_theme": { + "slug": "twentyfourteen", + "location": "http://example.com/wordpress/wp-content/themes/twentyfourteen/", + "latest_version": "3.2", + "last_updated": "2021-07-22T00:00:00.000Z", + "outdated": true, + "readme_url": false, + "directory_listing": false, + "error_log_url": null, + "style_url": "http://example.com/wordpress/wp-content/themes/twentyfourteen/style.css?ver=4.7.6", + "style_name": "Twenty Fourteen", + "style_uri": "https://wordpress.org/themes/twentyfourteen/", + "description": "In 2014, our default theme lets you create a responsive magazine website with a sleek, modern design. Feature your favorite homepage content in either a grid or a slider. Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors. Creating a magazine website with WordPress has never been easier.", + "author": "the WordPress team", + "author_uri": "https://wordpress.org/", + "template": null, + "license": "GNU General Public License v2 or later", + "license_uri": "http://www.gnu.org/licenses/gpl-2.0.html", + "tags": "blog, news, two-columns, three-columns, left-sidebar, right-sidebar, custom-background, custom-header, custom-menu, editor-style, featured-images, flexible-header, footer-widgets, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready, accessibility-ready", + "text_domain": "twentyfourteen", + "found_by": "Css Style In Homepage (Passive Detection)", + "confidence": 70, + "interesting_entries": [ + + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + + ], + "version": { + "number": "1.9", + "confidence": 80, + "found_by": "Style (Passive Detection)", + "interesting_entries": [ + "http://example.com/wordpress/wp-content/themes/twentyfourteen/style.css?ver=4.7.6, Match: 'Version: 1.9'" + ], + "confirmed_by": { + + } + }, + "parents": [ + + ] + }, + "plugins": { + "all-in-one-seo-pack": { + "slug": "all-in-one-seo-pack", + "location": "http://example.com/wordpress/wp-content/plugins/all-in-one-seo-pack/", + "latest_version": "4.1.6.2", + "last_updated": "2022-01-11T16:02:00.000Z", + "outdated": true, + "readme_url": null, + "directory_listing": null, + "error_log_url": null, + "found_by": "Comment (Passive Detection)", + "confidence": 30, + "interesting_entries": [ + + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + { + "title": "All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)", + "fixed_in": "2.10", + "references": { + "url": [ + "https://www.ripstech.com/php-security-calendar-2018/#day-4", + "https://wordpress.org/support/topic/a-critical-vulnerability-has-been-detected-in-this-plugin/", + "https://semperfiwebdesign.com/all-in-one-seo-pack-release-history/" + ], + "wpvulndb": [ + "16353d45-75d1-4820-b93f-daad90c322a8" + ] + } + }, + { + "title": "All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)", + "fixed_in": "3.2.7", + "references": { + "cve": [ + "2019-16520" + ], + "url": [ + "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack" + ], + "wpvulndb": [ + "868dccee-089b-43d2-a80a-6cadba91f770" + ] + } + }, + { + "title": "All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting", + "fixed_in": "3.6.2", + "references": { + "cve": [ + "2020-35946" + ], + "url": [ + "https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/" + ], + "youtube": [ + "https://www.youtube.com/watch?v=2fqMM6HRV5s" + ], + "wpvulndb": [ + "528fff6c-54fe-4812-9b08-8c4e47350c83" + ] + } + }, + { + "title": "All in One SEO Pack < 4.1.0.2 - Admin RCE via unserialize", + "fixed_in": "4.1.0.2", + "references": { + "cve": [ + "2021-24307" + ], + "url": [ + "https://aioseo.com/changelog/" + ], + "wpvulndb": [ + "ab2c94d2-f6c4-418b-bd14-711ed164bcf1" + ] + } + } + ], + "version": { + "number": "2.3.12.2.1", + "confidence": 60, + "found_by": "Comment (Passive Detection)", + "interesting_entries": [ + "http://example.com/wordpress/, Match: 'All in One SEO Pack 2.3.12.2.1 by'" + ], + "confirmed_by": { + + } + } + }, + "cleaner-gallery": { + "slug": "cleaner-gallery", + "location": "http://example.com/wordpress/wp-content/plugins/cleaner-gallery/", + "latest_version": "1.1.0", + "last_updated": "2014-07-11T15:17:00.000Z", + "outdated": false, + "readme_url": null, + "directory_listing": null, + "error_log_url": null, + "found_by": "Urls In Homepage (Passive Detection)", + "confidence": 80, + "interesting_entries": [ + + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + + ], + "version": null + }, + "nextcellent-gallery-nextgen-legacy": { + "slug": "nextcellent-gallery-nextgen-legacy", + "location": "http://example.com/wordpress/wp-content/plugins/nextcellent-gallery-nextgen-legacy/", + "latest_version": "1.9.35", + "last_updated": "2017-10-16T09:19:00.000Z", + "outdated": false, + "readme_url": null, + "directory_listing": null, + "error_log_url": null, + "found_by": "Comment (Passive Detection)", + "confidence": 30, + "interesting_entries": [ + + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + + ], + "version": { + "number": "2.2.3", + "confidence": 60, + "found_by": "Comment (Passive Detection)", + "interesting_entries": [ + "http://example.com/wordpress/, Match: 'https://wordpress.org/?v=5.2.2", + "https://www.sample-owasp-wp.com/comments/feed/, https://wordpress.org/?v=5.2.2" + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + { + "title": "WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata", + "fixed_in": "4.6.4", + "references": { + "cve": [ + "2017-6814" + ], + "url": [ + "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7", + "https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html", + "https://seclists.org/oss-sec/2017/q1/563" + ], + "wpvulndb": [ + "2c5632d8-4d40-4099-9e8f-23afde51b56e" + ] + } + }, + { + "title": "WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation", + "fixed_in": "4.6.4", + "references": { + "cve": [ + "2017-6815" + ], + "url": [ + "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", + "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e" + ], + "wpvulndb": [ + "d40374cf-ee95-40b7-9dd5-dbb160b877b1" + ] + } + }, + { + "title": "WordPress 2.3-4.8.3 - Host Header Injection in Password Reset", + "fixed_in": null, + "references": { + "cve": [ + "2017-8295" + ], + "url": [ + "https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html", + "https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html", + "https://core.trac.wordpress.org/ticket/25239" + ], + "wpvulndb": [ + "b3f2f3db-75e4-4d48-ae5e-d4ff172bc093" + ] + } + } + ] + }, + "main_theme": { + "slug": "customizr", + "location": "https://www.sample-owasp-wp.com/wp-content/themes/customizr/", + "latest_version": "4.1.42", + "last_updated": "2019-06-30T00:00:00.000Z", + "outdated": false, + "readme_url": "https://www.sample-owasp-wp.com/wp-content/themes/customizr/readme.txt", + "directory_listing": false, + "error_log_url": "https://www.sample-owasp-wp.com/wp-content/themes/customizr/error_log", + "style_url": "https://www.sample-owasp-wp.com/wp-content/themes/customizr/style.css?ver=4.1.42", + "style_name": null, + "style_uri": null, + "description": null, + "author": null, + "author_uri": null, + "template": null, + "license": null, + "license_uri": null, + "tags": null, + "text_domain": null, + "found_by": "Css Style (Passive Detection)", + "confidence": 70, + "interesting_entries": [ + + ], + "confirmed_by": { + + }, + "vulnerabilities": [ + { + "title": "YouTube Embed <= 13.8.1 - Cross-Site Request Forgery (CSRF)", + "fixed_in": "11.8.2", + "references": { + "url": [ + "https://security.dxw.com/advisories/csrf-in-youtube-plugin/", + "http://seclists.org/fulldisclosure/2017/Jul/64" + ], + "wpvulndb": [ + "8873" + ] + } + } + + ], + "version": { + "number": "4.1.42", + "confidence": 80, + "found_by": "Style (Passive Detection)", + "interesting_entries": [ + "https://www.sample-owasp-wp.com/wp-content/themes/customizr/style.css?ver=4.1.42, Match: 'Version: 4.1.42'" + ], + "confirmed_by": { + + } + }, + "parents": [ + + ] + }, + "plugins": { + "youtube-embed-plus": { + "slug": "youtube-embed-plus", + "location": "https://www.sample-owasp-wp.com/wp-content/plugins/youtube-embed-plus/", + "latest_version": "13.1", + "last_updated": "2019-05-11T14:32:00.000Z", + "outdated": false, + "readme_url": null, + "directory_listing": null, + "error_log_url": null, + "found_by": "Urls In Homepage (Passive Detection)", + "confidence": 100, + "interesting_entries": [ + + ], + "confirmed_by": { + "Javascript Var (Passive Detection)": { + "confidence": 60, + "interesting_entries": [ + + ] + } + }, + "vulnerabilities": [ + { + "title": "YouTube Embed <= 11.8.1 - Cross-Site Request Forgery (CSRF)", + "fixed_in": "11.8.2", + "references": { + "url": [ + "https://security.dxw.com/advisories/csrf-in-youtube-plugin/", + "http://seclists.org/fulldisclosure/2017/Jul/64" + ], + "wpvulndb": [ + "8873" + ] + } + }, + { + "title": "YouTube Embed <= 12.8.1 - Cross-Site Request Forgery (CSRF)", + "fixed_in": "11.8.2", + "references": { + "url": [ + "https://security.dxw.com/advisories/csrf-in-youtube-plugin/", + "http://seclists.org/fulldisclosure/2017/Jul/64" + ], + "wpvulndb": [ + "8873" + ] + } + } + ], + "version": null + } + }, + "config_backups": { + + }, + "stop_time": 1562094699, + "elapsed": 22, + "requests_done": 58, + "cached_requests": 6, + "data_sent": 12055, + "data_sent_humanised": "11.772 KB", + "data_received": 142206, + "data_received_humanised": "138.873 KB", + "used_memory": 198258688, + "used_memory_humanised": "189.074 MB" +} diff --git a/unittests/scans/yarn_audit/issue_6495.json b/unittests/scans/yarn_audit/issue_6495.json new file mode 100644 index 00000000000..f7a594c0eee --- /dev/null +++ b/unittests/scans/yarn_audit/issue_6495.json @@ -0,0 +1,142 @@ +{ + "actions": [], + "advisories": { + "1068298": { + "findings": [ + { + "version": "1.3.5", + "paths": [ + "@angular/cli>ini", + "danger>parse-git-config>ini", + "@datorama/akita>schematics-utilities>@schematics/update>ini", + "@datorama/akita-ng-entity-service>@datorama/akita>schematics-utilities>@schematics/update>ini", + "nodemon>update-notifier>latest-version>package-json>registry-auth-token>rc>ini", + "@mikro-orm/cli>@mikro-orm/migrations>knex>liftoff>findup-sync>resolve-dir>global-modules>global-prefix>ini", + "@mikro-orm/cli>@mikro-orm/knex>@mikro-orm/migrations>knex>liftoff>findup-sync>resolve-dir>global-modules>global-prefix>ini", + "@mikro-orm/cli>@mikro-orm/entity-generator>@mikro-orm/knex>@mikro-orm/migrations>knex>liftoff>findup-sync>resolve-dir>global-modules>global-prefix>ini" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<1.3.6", + "module_name": "ini", + "severity": "high", + "github_advisory_id": "GHSA-qqgx-2p2h-9c37", + "cves": [ + "CVE-2020-7788" + ], + "access": "public", + "patched_versions": ">=1.3.6", + "cvss": { + "score": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "updated": "2021-07-28T21:12:38.000Z", + "recommendation": "Upgrade to version 1.3.6 or later", + "cwe": [ + "CWE-1321" + ], + "found_by": null, + "deleted": null, + "id": 1068298, + "references": "- https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1\n- https://www.npmjs.com/advisories/1589\n- https://snyk.io/vuln/SNYK-JS-INI-1048974\n- https://nvd.nist.gov/vuln/detail/CVE-2020-7788\n- https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html\n- https://github.com/advisories/GHSA-qqgx-2p2h-9c37", + "created": "2020-12-10T16:53:45.000Z", + "reported_by": null, + "title": "Prototype Pollution", + "npm_advisory_id": null, + "overview": "### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require('fs')\nvar ini = require('ini')\n\nvar parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n> node poc.js\n{}\n{ polluted: 'polluted' }\n{ polluted: 'polluted' }\npolluted\n```", + "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37" + }, + "1075625": { + "findings": [ + { + "version": "0.4.3", + "paths": [ + "@playwright/test>jpeg-js", + "@playwright/test>playwright-core>jpeg-js" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<0.4.4", + "module_name": "jpeg-js", + "severity": "high", + "github_advisory_id": "GHSA-xvf7-4v9q-58w6", + "cves": [ + "CVE-2022-25851" + ], + "access": "public", + "patched_versions": ">=0.4.4", + "cvss": { + "score": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "updated": "2022-06-20T21:58:36.000Z", + "recommendation": "Upgrade to version 0.4.4 or later", + "cwe": [ + "CWE-835" + ], + "found_by": null, + "deleted": null, + "id": 1075625, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-25851\n- https://github.com/jpeg-js/jpeg-js/issues/105\n- https://github.com/jpeg-js/jpeg-js/pull/106/\n- https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295\n- https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218\n- https://github.com/advisories/GHSA-xvf7-4v9q-58w6", + "created": "2022-06-11T00:00:17.000Z", + "reported_by": null, + "title": "Infinite loop in jpeg-js", + "npm_advisory_id": null, + "overview": "The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.", + "url": "https://github.com/advisories/GHSA-xvf7-4v9q-58w6" + }, + "1075701": { + "findings": [ + { + "version": "9.6.0", + "paths": [ + "nodemon>update-notifier>latest-version>package-json>got" + ] + } + ], + "metadata": null, + "vulnerable_versions": "<11.8.5", + "module_name": "got", + "severity": "moderate", + "github_advisory_id": "GHSA-pfrx-2q88-qq97", + "cves": [ + "CVE-2022-33987" + ], + "access": "public", + "patched_versions": ">=11.8.5", + "cvss": { + "score": 0, + "vectorString": null + }, + "updated": "2022-06-27T17:09:23.000Z", + "recommendation": "Upgrade to version 11.8.5 or later", + "cwe": [], + "found_by": null, + "deleted": null, + "id": 1075701, + "references": "- https://nvd.nist.gov/vuln/detail/CVE-2022-33987\n- https://github.com/sindresorhus/got/pull/2047\n- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0\n- https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc\n- https://github.com/sindresorhus/got/releases/tag/v11.8.5\n- https://github.com/sindresorhus/got/releases/tag/v12.1.0\n- https://github.com/advisories/GHSA-pfrx-2q88-qq97", + "created": "2022-06-19T00:00:21.000Z", + "reported_by": null, + "title": "Got allows a redirect to a UNIX socket", + "npm_advisory_id": null, + "overview": "The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.", + "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 0, + "moderate": 1, + "high": 10, + "critical": 0 + }, + "dependencies": 2236, + "devDependencies": 121, + "optionalDependencies": 0, + "totalDependencies": 2357 + } +} \ No newline at end of file diff --git a/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json new file mode 100644 index 00000000000..ae94444f8ce --- /dev/null +++ b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json @@ -0,0 +1,12 @@ +{"type":"auditAdvisory","data":{"resolution":{"id":1028248,"path":"react-native-svg>css-select>nth-check","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.0.2","paths":["react-native-svg>css-select>nth-check"]}],"metadata":null,"vulnerable_versions":"<2.0.1","module_name":"nth-check","severity":"moderate","github_advisory_id":"GHSA-rp65-9cf3-cjxr","cves":["CVE-2021-3803"],"access":"public","patched_versions":">=2.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-20T20:15:09.000Z","recommendation":"Upgrade to version 2.0.1 or later","cwe":"[\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028248,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3803\n- https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726\n- https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0\n- https://github.com/advisories/GHSA-rp65-9cf3-cjxr","created":"2022-03-06T16:00:42.621Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in nth-check","npm_advisory_id":null,"overview":"nth-check is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-rp65-9cf3-cjxr"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028029,"path":"react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.6.5","paths":["react-native>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-tools>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>@react-native-community/cli-tools>node-fetch"]},{"version":"2.6.5","paths":["react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro>node-fetch","react-native>@react-native-community/cli>@react-native-community/cli-plugin-metro>metro-config>metro>node-fetch"]}],"metadata":null,"vulnerable_versions":"<2.6.7","module_name":"node-fetch","severity":"high","github_advisory_id":"GHSA-r683-j2x4-v87g","cves":["CVE-2022-0235"],"access":"public","patched_versions":">=2.6.7","cvss":{"score":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"updated":"2022-01-23T01:52:43.000Z","recommendation":"Upgrade to version 2.6.7 or later","cwe":"[\"CWE-173\",\"CWE-200\",\"CWE-601\"]","found_by":null,"deleted":null,"id":1028029,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0235\n- https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10\n- https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7\n- https://github.com/node-fetch/node-fetch/pull/1453\n- https://github.com/advisories/GHSA-r683-j2x4-v87g","created":"2022-03-06T16:00:42.588Z","reported_by":null,"title":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","npm_advisory_id":null,"overview":"node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-r683-j2x4-v87g"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[\"CWE-918\",\"CWE-1333\"]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} + {"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":"[]","found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} + {"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":6,"high":5,"critical":0},"dependencies":923,"devDependencies":0,"optionalDependencies":0,"totalDependencies":923}} \ No newline at end of file diff --git a/unittests/scans/yarn_audit/yarn_audit_multiple_cwes2.json b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes2.json new file mode 100644 index 00000000000..f29d9b26774 --- /dev/null +++ b/unittests/scans/yarn_audit/yarn_audit_multiple_cwes2.json @@ -0,0 +1,7 @@ +{"type":"info","data":"No lockfile found."} +{"type":"auditAdvisory","data":{"resolution":{"id":1064843,"path":"@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.0.0","paths":["@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex","@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":["CWE-918","CWE-1333"],"found_by":null,"deleted":null,"id":1064843,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-11T08:00:43.795Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1064843,"path":"@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.0.0","paths":["@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex","@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":["CWE-918","CWE-1333"],"found_by":null,"deleted":null,"id":1064843,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-11T08:00:43.795Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1064843,"path":"@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.0.0","paths":["@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex","@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":["CWE-918","CWE-1333"],"found_by":null,"deleted":null,"id":1064843,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-11T08:00:43.795Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1064843,"path":"@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.0.0","paths":["@company.frontend/eslint-config-es6>eslint>strip-ansi>ansi-regex","@company.frontend/eslint-config-es6>eslint>inquirer>string-width>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>inquirer>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["@company.frontend/eslint-config-es6>eslint>table>string-width>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":["CWE-918","CWE-1333"],"found_by":null,"deleted":null,"id":1064843,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-11T08:00:43.795Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1028226,"path":"react-native>@react-native-community/cli>strip-ansi>ansi-regex","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.1.0","paths":["react-native>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-hermes>@react-native-community/cli-platform-android>logkitty>ansi-fragments>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>ora>strip-ansi>ansi-regex","react-native>@react-native-community/cli>@react-native-community/cli-types>ora>strip-ansi>ansi-regex"]},{"version":"4.1.0","paths":["react-native>@react-native-community/cli>strip-ansi>ansi-regex"]}],"metadata":null,"vulnerable_versions":">2.1.1 <5.0.1","module_name":"ansi-regex","severity":"moderate","github_advisory_id":"GHSA-93q8-gq69-wqmw","cves":["CVE-2021-3807"],"access":"public","patched_versions":">=5.0.1","cvss":{"score":7.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-09-23T15:45:50.000Z","recommendation":"Upgrade to version 5.0.1 or later","cwe":[],"found_by":null,"deleted":null,"id":1028226,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw","created":"2022-03-06T16:00:42.619Z","reported_by":null,"title":" Inefficient Regular Expression Complexity in chalk/ansi-regex","npm_advisory_id":null,"overview":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"}}} +{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":4,"high":0,"critical":0},"dependencies":191,"devDependencies":0,"optionalDependencies":0,"totalDependencies":191}} diff --git a/unittests/scans/zap/zap-xml-plus-format.xml b/unittests/scans/zap/zap-xml-plus-format.xml new file mode 100644 index 00000000000..948c659027e --- /dev/null +++ b/unittests/scans/zap/zap-xml-plus-format.xml @@ -0,0 +1,60 @@ + + + + + + 90028 + 90028 + Insecure HTTP Method - PUT + Insecure HTTP Method - PUT + 2 + 2 + Medium (Medium) + Medium + This method was originally intended for file managemant operations. It is now most commonly used in REST services, PUT is most-often utilized for **update** capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource.. + + + + http://localhost:8080/bodgeit/js/qndto7n63d + PUT + + + response code 403 for potentially insecure HTTP METHOD + PUT http://localhost:8080/bodgeit/js/qndto7n63d HTTP/1.1 +Host: localhost:8080 +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0 +Accept: */* +Accept-Language: de,en-US;q=0.7,en;q=0.3 +Connection: keep-alive +Referer: https://localhost:8080/bodgeit/ +Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901 +Sec-Fetch-Dest: script +Sec-Fetch-Mode: no-cors +Sec-Fetch-Site: same-origin +Content-Length: 35 + + + "J0O0glajHdR0Mgp":"UToh9IpCY5zh3CB" + HTTP/1.1 403 Forbidden +Server: Apache-Coyote/1.1 +Content-Type: text/html;charset=utf-8 +Content-Language: en +Content-Length: 1004 +Date: Fri, 30 Sep 2022 06:40:15 GMT + + + <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.37 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 403 - </h1><div class="line"></div><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><hr class="line"><h3>Apache Tomcat/8.0.37</h3></body></html> + + + 1 + TBA + See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods, for understanding REST operations see http://www.restapitutorial.com/lessons/httpmethods.html + http://projects.webappsec.org/Fingerprinting + + 200 + 45 + 2303 + + + + diff --git a/unittests/test_adminsite.py b/unittests/test_adminsite.py new file mode 100644 index 00000000000..bc48a7ea454 --- /dev/null +++ b/unittests/test_adminsite.py @@ -0,0 +1,19 @@ +from .dojo_test_case import DojoTestCase +from django.contrib import admin +import django.apps + + +class AdminSite(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def test_is_model_defined(self): + for subclass in django.apps.apps.get_models(): + if subclass._meta.proxy: + continue + if subclass.__module__ == 'dojo.models': + if not ((subclass.__name__[:9] == "Tagulous_") and (subclass.__name__[-5:] == "_tags")): + with self.subTest(type="base", subclass=subclass): + self.assertIn(subclass, admin.site._registry.keys(), "{} is not registered in 'admin.site' in models.py".format(subclass)) + else: + with self.subTest(type="tag", subclass=subclass): + self.assertIn(subclass, admin.site._registry.keys(), "{} is not registered in 'tagulous.admin' in models.py".format(subclass)) diff --git a/unittests/test_sonarqube_updater.py b/unittests/test_api_sonarqube_updater.py similarity index 87% rename from unittests/test_sonarqube_updater.py rename to unittests/test_api_sonarqube_updater.py index d8c46450cdb..097d23e745d 100644 --- a/unittests/test_sonarqube_updater.py +++ b/unittests/test_api_sonarqube_updater.py @@ -1,6 +1,6 @@ from .dojo_test_case import DojoTestCase from dojo.models import Tool_Configuration, Tool_Type -from dojo.tools.sonarqube_api.updater import SonarQubeApiUpdater +from dojo.tools.api_sonarqube.updater import SonarQubeApiUpdater class TestSonarQubeApiUpdater(DojoTestCase): @@ -12,85 +12,85 @@ def setUp(self): self.updater = SonarQubeApiUpdater() def test_transitions_for_sonarqube_from_open_1(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('OPEN', 'CONFIRMED'), ['confirm'] ) def test_transitions_for_sonarqube_from_open_2(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('OPEN', 'RESOLVED / FIXED'), ['resolve'] ) def test_transitions_for_sonarqube_from_reopened_1(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('REOPENED', 'RESOLVED / FIXED'), ['resolve'] ) def test_transitions_for_sonarqube_from_reopened_2(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('REOPENED', 'CONFIRMED'), ['confirm'] ) def test_transitions_for_sonarqube_from_resolved_1(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('RESOLVED / FIXED', 'CONFIRMED'), ['reopen', 'confirm'] ) def test_transitions_for_sonarqube_from_resolved_2(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('RESOLVED / FIXED', 'RESOLVED / FALSE-POSITIVE'), ['reopen', 'falsepositive'] ) def test_transitions_for_sonarqube_from_resolved_3(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('RESOLVED / FIXED', 'RESOLVED / WONTFIX'), ['reopen', 'wontfix'] ) def test_transitions_for_sonarqube_fake_target_origin(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('FAKE_STATUS', 'RESOLVED / FIXED'), None ) def test_transitions_for_sonarqube_fake_target_status(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('RESOLVED / FIXED', 'FAKE_STATUS'), None ) def test_transitions_for_sonarqube_from_confirmed_1(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('CONFIRMED', 'REOPENED'), ['unconfirm'] ) def test_transitions_for_sonarqube_from_confirmed_2(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('CONFIRMED', 'RESOLVED / FIXED'), ['resolve'] ) def test_transitions_for_open_reopen_status_1(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('OPEN', 'REOPENED'), None ) def test_transitions_for_open_reopen_status_2(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('REOPENED', 'OPEN'), None ) def test_transitions_for_open_reopen_status_3(self): - self.assertEquals( + self.assertEqual( self.updater.get_sonarqube_required_transitions_for('REOPENED', 'REOPENED'), None ) diff --git a/unittests/test_apiv2_metadata.py b/unittests/test_apiv2_metadata.py index cedaaeb3574..3e39dc2bbc0 100644 --- a/unittests/test_apiv2_metadata.py +++ b/unittests/test_apiv2_metadata.py @@ -35,7 +35,7 @@ def test_query_metadata(self): def test_query_product_endpoint(self): r = self.client.get(reverse('product-detail', args=(1,))) - self.assertTrue(dict(name='foo', value='bar') in r.json()['product_meta']) + self.assertIn(dict(name='foo', value='bar'), r.json()['product_meta']) def test_delete(self): r = self.client.delete(reverse('metadata-detail', args=(self.mid,))) @@ -45,7 +45,7 @@ def test_delete(self): self.assertEqual(r.status_code, 404) r = self.client.get(reverse('product-detail', args=(1,))) - self.assertTrue(dict(name='foo', value='bar') not in r.json()['product_meta']) + self.assertNotIn(dict(name='foo', value='bar'), r.json()['product_meta']) def test_no_product_or_endpoint_as_parameter(self): r = self.create(name='foo', value='bar') diff --git a/unittests/test_apiv2_methods.py b/unittests/test_apiv2_methods.py deleted file mode 100644 index ea62a08bf94..00000000000 --- a/unittests/test_apiv2_methods.py +++ /dev/null @@ -1,28 +0,0 @@ -from dojo.urls import v2_api -from .dojo_test_case import DojoTestCase -from .test_rest_framework import get_open_api3_json_schema, BASE_API_URL - - -class ApiEndpointMethods(DojoTestCase): - fixtures = ['dojo_testdata.json'] - - def setUp(self): - super().setUp() - - self.schema = get_open_api3_json_schema() - - self.registry = v2_api.registry - - def test_is_defined(self): - - for reg, _, _ in sorted(self.registry): - if reg in ['import-scan', 'reimport-scan', 'notes', 'system_settings', 'users', 'roles', 'import-languages', 'endpoint_meta_import', 'test_types']: - continue - - for method in ['get', 'post']: - self.assertIsNotNone(self.schema["paths"][BASE_API_URL + '/' + reg + '/'].get(method), - "Endpoint: {}, Method: {}".format(reg, method)) - - for method in ['get', 'put', 'patch', 'delete']: - self.assertIsNotNone(self.schema["paths"][BASE_API_URL + '/' + reg + '/{id}/'].get(method), - "Endpoint: {}, Method: {}".format(reg, method)) diff --git a/unittests/test_apiv2_methods_and_endpoints.py b/unittests/test_apiv2_methods_and_endpoints.py new file mode 100644 index 00000000000..408dd7cc060 --- /dev/null +++ b/unittests/test_apiv2_methods_and_endpoints.py @@ -0,0 +1,126 @@ +from dojo.urls import v2_api +from .dojo_test_case import DojoTestCase +from .test_rest_framework import get_open_api3_json_schema, BASE_API_URL +import django.apps +from dojo.api_v2 import serializers +from dojo.models import ( + Contact, + Product_Line, + Report_Type, + CWE, + BurpRawRequestResponse, + FileAccessToken, + UserAnnouncement, + BannerConf, + GITHUB_Conf, + GITHUB_Issue, + GITHUB_Clone, + GITHUB_Details_Cache, + GITHUB_PKey, + Tool_Product_History, + Objects_Review, + Objects_Product, + Testing_Guide_Category, + Testing_Guide, + Benchmark_Type, + Benchmark_Category, + Benchmark_Requirement, + Benchmark_Product, + Benchmark_Product_Summary, + Choice, +) + + +class ApiEndpointMethods(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def setUp(self): + super().setUp() + + self.schema = get_open_api3_json_schema() + + self.registry = v2_api.registry + + def test_is_defined(self): + exempt_list = [ + 'import-scan', 'reimport-scan', 'notes', 'system_settings', 'roles', + 'import-languages', 'endpoint_meta_import', 'test_types', + 'configuration_permissions', 'questionnaire_questions', + 'questionnaire_answers', 'questionnaire_answered_questionnaires', + 'questionnaire_engagement_questionnaires', 'questionnaire_general_questionnaires', + 'dojo_group_members', 'product_members', 'product_groups', 'product_type_groups', + 'product_type_members' + ] + for reg, _, _ in sorted(self.registry): + if reg in exempt_list: + continue + for method in ['get', 'post']: + self.assertIsNotNone( + self.schema["paths"][f'{BASE_API_URL}/{reg}/'].get(method), + f"Endpoint: {reg}, Method: {method}", + ) + + for method in ['get', 'put', 'patch', 'delete']: + self.assertIsNotNone( + self.schema["paths"][f'{BASE_API_URL}/{reg}' + '/{id}/'].get(method), + f"Endpoint: {reg}, Method: {method}", + ) + + self.assertIsNotNone( + self.schema["paths"] + .get(f'{BASE_API_URL}/{reg}' + '/{id}/delete_preview/', {}) + .get('get'), + f"Endpoint: {reg}, Method: get - delete_preview", + ) + + +class ApiEndpoints(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def setUp(self): + super().setUp() + + self.used_models = [] + for serializer in serializers.__dict__.values(): + if hasattr(serializer, 'Meta'): + if hasattr(serializer.Meta, 'model'): + self.used_models.append(serializer.Meta.model) + self.no_api_models = [ # TODO: these models are excluded from check for now but implementation is needed + Contact, + Product_Line, + Report_Type, + CWE, + BurpRawRequestResponse, + FileAccessToken, + UserAnnouncement, + BannerConf, + GITHUB_Conf, + GITHUB_Issue, + GITHUB_Clone, + GITHUB_Details_Cache, + GITHUB_PKey, + Tool_Product_History, + Objects_Review, + Objects_Product, + Testing_Guide_Category, + Testing_Guide, + Benchmark_Type, + Benchmark_Category, + Benchmark_Requirement, + Benchmark_Product, + Benchmark_Product_Summary, + Choice, + ] + + def test_is_defined(self): + for subclass in django.apps.apps.get_models(): + if subclass.__module__ == 'dojo.models': + if (subclass.__name__[:9] == "Tagulous_") and (subclass.__name__[-5:] == "_tags"): + continue + if subclass.__name__ in ['Alerts']: + continue + with self.subTest(subclass=subclass): + if subclass in self.used_models: + self.assertNotIn(subclass, self.no_api_models, "Thank you, you just implemented API endpoint for the model which was needed. Please remove it from exception list 'self.no_api_models'") + if subclass not in self.no_api_models: + self.assertIn(subclass, self.used_models, "API endpoint for the managing mentioned model is need") diff --git a/unittests/test_apiv2_notifications.py b/unittests/test_apiv2_notifications.py new file mode 100644 index 00000000000..a847df2dc0d --- /dev/null +++ b/unittests/test_apiv2_notifications.py @@ -0,0 +1,59 @@ +from rest_framework.test import APITestCase, APIClient +from django.urls import reverse +from rest_framework.authtoken.models import Token + + +class NotificationsTest(APITestCase): + """ + Test the metadata APIv2 endpoint. + """ + fixtures = ['dojo_testdata.json'] + + def setUp(self): + token = Token.objects.get(user__username='admin') + self.client = APIClient() + self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key) + + r = self.create( + template=True, + scan_added=['alert', 'slack'] + ) + self.assertEqual(r.status_code, 201) + + def create(self, **kwargs): + return self.client.post(reverse('notifications-list'), kwargs, format='json') + + def create_test_user(self): + password = 'testTEST1234!@#$' + r = self.client.post(reverse('user-list'), { + "username": "api-user-notification", + "password": password + }, format='json') + return r.json()["id"] + + def test_notification_get(self): + r = self.client.get(reverse('notifications-list'), format='json') + self.assertEqual(r.status_code, 200) + self.assertEqual(r.json()['results'][0]['template'], False) + + def test_notification_template(self): + q = {'template': True} + r = self.client.get(reverse('notifications-list'), q, format='json') + self.assertEqual(r.status_code, 200) + self.assertEqual(r.json()['results'][0]['template'], True) + + def test_notification_template_multiple(self): + q = {'template': True, 'scan_added': ['alert', 'slack']} + r = self.client.post(reverse('notifications-list'), q, format='json') + self.assertEqual("Notification template already exists", r.json()["non_field_errors"][0]) + + def test_user_notifications(self): + """ + creates user and checks if template is assigned + """ + user = {"user": self.create_test_user()} + r = self.client.get(reverse('notifications-list'), user, format='json') + self.assertEqual(r.status_code, 200) + self.assertEqual(r.json()['results'][0]['template'], False) + self.assertIn('alert', r.json()['results'][0]['scan_added']) + self.assertIn('slack', r.json()['results'][0]['scan_added']) diff --git a/unittests/test_apiv2_scan_import_options.py b/unittests/test_apiv2_scan_import_options.py index d4edb46360c..6e62f460d93 100644 --- a/unittests/test_apiv2_scan_import_options.py +++ b/unittests/test_apiv2_scan_import_options.py @@ -49,11 +49,11 @@ def test_epmty_scan(self): Import the ZAP scan without a test file. """ test = self.import_zap_scan(upload_empty_scan=False) - self.assertFalse(len(self.get_all_finding_ids(active=True, test__test_type=test.test_type)) == 0) + self.assertNotEqual(len(self.get_all_finding_ids(active=True, test__test_type=test.test_type)), 0) def test_full_scan(self): """ Import the ZAP scan with a test file. """ test = self.import_zap_scan(upload_empty_scan=True) - self.assertFalse(len(self.get_all_finding_ids(active=True, test__test_type=test.test_type)) == 0) + self.assertNotEqual(len(self.get_all_finding_ids(active=True, test__test_type=test.test_type)), 0) diff --git a/unittests/test_apiv2_user.py b/unittests/test_apiv2_user.py index 1c1fc5837c8..54f7e391c1f 100644 --- a/unittests/test_apiv2_user.py +++ b/unittests/test_apiv2_user.py @@ -18,7 +18,7 @@ def test_user_list(self): r = self.client.get(reverse('user-list')) self.assertEqual(r.status_code, 200, r.content[:1000]) user_list = r.json()['results'] - self.assertTrue(len(user_list) >= 1, r.content[:1000]) + self.assertGreaterEqual(len(user_list), 1, r.content[:1000]) for user in user_list: for item in ['username', 'first_name', 'last_name', 'email']: self.assertIn(item, user, r.content[:1000]) @@ -53,7 +53,7 @@ def test_user_add(self): "password": "weakPassword" }, format='json') self.assertEqual(r.status_code, 400, r.content[:1000]) - self.assertIn('The password must contain at least 1 digit, 0-9.', r.content.decode("utf-8")) + self.assertIn('Password must contain at least 1 digit, 0-9.', r.content.decode("utf-8")) def test_user_change_password(self): # some user diff --git a/unittests/test_apply_finding_template.py b/unittests/test_apply_finding_template.py index 7cb89799618..e3302d0df61 100644 --- a/unittests/test_apply_finding_template.py +++ b/unittests/test_apply_finding_template.py @@ -161,7 +161,7 @@ def test_apply_template_to_finding_with_data_saves_success(self): test_mitigation = 'template mitigation' test_impact = 'template impact' - result = self.make_request(True, 1, 1, + self.make_request(True, 1, 1, {'title': test_title, 'cwe': test_cwe, 'severity': test_severity, @@ -191,11 +191,11 @@ def test_unauthorized_apply_template_to_finding_fails(self): def test_apply_template_to_finding_with_illegal_finding_fails(self): with self.assertRaises(Exception): - result = self.make_request(True, None, 1) + self.make_request(True, None, 1) def test_apply_template_to_finding_with_illegal_template_fails(self): with self.assertRaises(Exception): - result = self.make_request(True, 1, None) + self.make_request(True, 1, None) def test_apply_template_to_finding_with_no_data_returns_view_success(self): result = self.make_request(True, 1, 1, None) diff --git a/unittests/test_bulk_risk_acceptance_api.py b/unittests/test_bulk_risk_acceptance_api.py index 9e91fc9edb7..dafa7d321a2 100644 --- a/unittests/test_bulk_risk_acceptance_api.py +++ b/unittests/test_bulk_risk_acceptance_api.py @@ -4,7 +4,7 @@ from rest_framework.reverse import reverse from rest_framework.test import APITestCase, APIClient -from dojo.models import Product_Type, Product, Engagement, Product_Type_Member, Test, Finding, User, Test_Type, Role +from dojo.models import Product_Type, Product, Engagement, Product_Type_Member, Test, Finding, User, Test_Type, Role, Vulnerability_Id from dojo.authorization.roles_permissions import Roles @@ -39,60 +39,70 @@ def setUpTestData(cls): target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) def create_finding(test: Test, reporter: User, cve: str) -> Finding: - return Finding(test=test, title='Finding {}'.format(cve), cve=cve, severity='High', + return Finding(test=test, title='Finding {}'.format(cve), cve=cve, severity='High', verified=True, description='Hello world!', mitigation='Delete system32', impact='Everything', reporter=reporter, numerical_severity='S1', static_finding=True, dynamic_finding=False) Finding.objects.bulk_create( map(lambda i: create_finding(cls.test_a, cls.user, 'CVE-1999-{}'.format(i)), range(50, 150, 3))) + for finding in Finding.objects.filter(test=cls.test_a): + Vulnerability_Id.objects.get_or_create(finding=finding, vulnerability_id=finding.cve) Finding.objects.bulk_create( map(lambda i: create_finding(cls.test_b, cls.user, 'CVE-1999-{}'.format(i)), range(51, 150, 3))) + for finding in Finding.objects.filter(test=cls.test_b): + Vulnerability_Id.objects.get_or_create(finding=finding, vulnerability_id=finding.cve) Finding.objects.bulk_create( map(lambda i: create_finding(cls.test_c, cls.user, 'CVE-1999-{}'.format(i)), range(52, 150, 3))) + for finding in Finding.objects.filter(test=cls.test_c): + Vulnerability_Id.objects.get_or_create(finding=finding, vulnerability_id=finding.cve) Finding.objects.bulk_create( map(lambda i: create_finding(cls.test_d, cls.user, 'CVE-2000-{}'.format(i)), range(50, 150, 3))) + for finding in Finding.objects.filter(test=cls.test_d): + Vulnerability_Id.objects.get_or_create(finding=finding, vulnerability_id=finding.cve) Finding.objects.bulk_create( map(lambda i: create_finding(cls.test_e, cls.user, 'CVE-1999-{}'.format(i)), range(50, 150, 3))) + for finding in Finding.objects.filter(test=cls.test_e): + Vulnerability_Id.objects.get_or_create(finding=finding, vulnerability_id=finding.cve) def setUp(self) -> None: self.client = APIClient() self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key) def test_test_accept_risks(self): - accepted_risks = [{'cve': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', + accepted_risks = [{'vulnerability_id': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', 'accepted_by': 'King of the Internet'} for i in range(100, 150)] result = self.client.post(reverse('test-accept-risks', kwargs={'pk': self.test_a.id}), data=accepted_risks, format='json') - self.assertEquals(len(result.json()), 17) - self.assertEquals(self.test_a.unaccepted_open_findings.count(), 17) - self.assertEquals(self.test_b.unaccepted_open_findings.count(), 33) - self.assertEquals(self.test_c.unaccepted_open_findings.count(), 33) + self.assertEqual(len(result.json()), 17) + self.assertEqual(self.test_a.unaccepted_open_findings.count(), 17) + self.assertEqual(self.test_b.unaccepted_open_findings.count(), 33) + self.assertEqual(self.test_c.unaccepted_open_findings.count(), 33) - self.assertEquals(self.test_d.unaccepted_open_findings.count(), 34) - self.assertEquals(self.engagement_2a.risk_acceptance.count(), 0) + self.assertEqual(self.test_d.unaccepted_open_findings.count(), 34) + self.assertEqual(self.engagement_2a.risk_acceptance.count(), 0) def test_engagement_accept_risks(self): - accepted_risks = [{'cve': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', + accepted_risks = [{'vulnerability_id': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', 'accepted_by': 'King of the Internet'} for i in range(100, 150)] result = self.client.post(reverse('engagement-accept-risks', kwargs={'pk': self.engagement.id}), data=accepted_risks, format='json') - self.assertEquals(len(result.json()), 50) - self.assertEquals(self.engagement.unaccepted_open_findings.count(), 50) + self.assertEqual(len(result.json()), 50) + self.assertEqual(self.engagement.unaccepted_open_findings.count(), 50) - self.assertEquals(self.engagement_2a.risk_acceptance.count(), 0) - self.assertEquals(self.engagement_2a.unaccepted_open_findings.count(), 34) + self.assertEqual(self.engagement_2a.risk_acceptance.count(), 0) + self.assertEqual(self.engagement_2a.unaccepted_open_findings.count(), 34) def test_finding_accept_risks(self): - accepted_risks = [{'cve': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', + accepted_risks = [{'vulnerability_id': 'CVE-1999-{}'.format(i), 'justification': 'Demonstration purposes', 'accepted_by': 'King of the Internet'} for i in range(60, 140)] result = self.client.post(reverse('finding-accept-risks'), data=accepted_risks, format='json') - self.assertEquals(len(result.json()), 106) - self.assertEquals(Finding.unaccepted_open_findings().count(), 62) + self.assertEqual(len(result.json()), 106) + self.assertEqual(Finding.unaccepted_open_findings().count(), 62) - self.assertEquals(self.engagement_2a.risk_acceptance.count(), 0) - self.assertEquals(self.engagement_2a.unaccepted_open_findings.count(), 34) + self.assertEqual(self.engagement_2a.risk_acceptance.count(), 0) + self.assertEqual(self.engagement_2a.unaccepted_open_findings.count(), 34) for ra in self.engagement_2b.risk_acceptance.all(): for finding in ra.accepted_findings.all(): - self.assertEquals(self.engagement_2a.product, finding.test.engagement.product) + self.assertEqual(self.engagement_2a.product, finding.test.engagement.product) diff --git a/unittests/test_cleanup_alerts.py b/unittests/test_cleanup_alerts.py index 5b961921117..c35bd65b21e 100644 --- a/unittests/test_cleanup_alerts.py +++ b/unittests/test_cleanup_alerts.py @@ -2,7 +2,6 @@ from .dojo_test_case import DojoTestCase from django.conf import settings from dojo.models import User, Alerts -from datetime import datetime, timezone import logging logger = logging.getLogger(__name__) @@ -13,9 +12,9 @@ class TestCleanupAlerts(DojoTestCase): def setUp(self): testuser = User.objects.get(username='admin') Alerts.objects.filter(user_id=testuser).delete() - Alerts.objects.create(title="B", user_id=testuser, created=datetime(2021, 1, 8, 16, 54, 23, 597051, tzinfo=timezone.utc)) - Alerts.objects.create(title="A", user_id=testuser, created=datetime(2021, 1, 7, 16, 54, 23, 597051, tzinfo=timezone.utc)) - Alerts.objects.create(title="C", user_id=testuser, created=datetime(2021, 1, 9, 16, 54, 23, 597051, tzinfo=timezone.utc)) + Alerts.objects.create(title="A", user_id=testuser) + Alerts.objects.create(title="B", user_id=testuser) + Alerts.objects.create(title="C", user_id=testuser) def test_delete_alerts_disabled(self): settings.MAX_ALERTS_PER_USER = -1 @@ -23,25 +22,25 @@ def test_delete_alerts_disabled(self): alerts_before = Alerts.objects.filter(user_id=testuser).count() cleanup_alerts() alerts_after = Alerts.objects.filter(user_id=testuser).count() - self.assertEquals(alerts_before, alerts_after) + self.assertEqual(alerts_before, alerts_after) def test_delete_all_alerts(self): settings.MAX_ALERTS_PER_USER = 0 testuser = User.objects.get(username='admin') cleanup_alerts() alerts_after = Alerts.objects.filter(user_id=testuser).count() - self.assertEquals(alerts_after, 0) + self.assertEqual(alerts_after, 0) def test_delete_more_than_two_alerts(self): settings.MAX_ALERTS_PER_USER = 2 testuser = User.objects.get(username='admin') cleanup_alerts() alerts_after = Alerts.objects.filter(user_id=testuser).count() - self.assertEquals(alerts_after, 2) - self.assertEquals(Alerts.objects.filter(user_id=testuser, title="A").count(), 0) - self.assertEquals(Alerts.objects.filter(user_id=testuser, title="B").count(), 1) - self.assertEquals(Alerts.objects.filter(user_id=testuser, title="C").count(), 1) + self.assertEqual(alerts_after, 2) + self.assertEqual(Alerts.objects.filter(user_id=testuser, title="A").count(), 0) + self.assertEqual(Alerts.objects.filter(user_id=testuser, title="B").count(), 1) + self.assertEqual(Alerts.objects.filter(user_id=testuser, title="C").count(), 1) cleanup_alerts() alerts_after = Alerts.objects.filter(user_id=testuser).count() - self.assertEquals(alerts_after, 2) + self.assertEqual(alerts_after, 2) diff --git a/unittests/test_copy_model.py b/unittests/test_copy_model.py new file mode 100644 index 00000000000..d23e132ca73 --- /dev/null +++ b/unittests/test_copy_model.py @@ -0,0 +1,321 @@ +from .dojo_test_case import DojoTestCase +from dojo.models import Endpoint, Endpoint_Status, Finding, Test, Engagement, Product, User + + +class TestCopyFindingModel(DojoTestCase): + + def test_duplicate_finding_same_test(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + finding = Finding.objects.create(test=test, reporter=user) + # Do the counting + current_finding_count = Finding.objects.filter(test=test).count() + # Do the copy + finding_copy = finding.copy(test=test) + # Make sure the copy was made without error + self.assertEqual(current_finding_count + 1, Finding.objects.filter(test=test).count()) + # Are the findings the same + self.assertEqual(finding.hash_code, finding_copy.hash_code) + + def test_duplicate_finding_different_test(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test1 = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test1') + test2 = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test2') + finding = Finding.objects.create(test=test1, reporter=user) + # Do the counting + engagement_finding_count = Finding.objects.filter(test__engagement=engagement).count() + # Do the copy + finding_copy = finding.copy(test=test2) + # Make sure the copy was made without error + self.assertEqual(Finding.objects.filter(test=test1).count(), Finding.objects.filter(test=test2).count()) + # Are the findings the same + self.assertEqual(finding.hash_code, finding_copy.hash_code) + # Does the engagement have more findings + self.assertEqual(engagement_finding_count + 1, Finding.objects.filter(test__engagement=engagement).count()) + + def test_duplicate_finding_with_tags(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + finding = Finding.objects.create(test=test, reporter=user) + finding.unsaved_tags = ['test_tag'] + finding.save() + # Do the counting + current_finding_count = Finding.objects.filter(test=test).count() + # Do the copy + finding_copy = finding.copy(test=test) + # Make sure the copy was made without error + self.assertEqual(current_finding_count + 1, Finding.objects.filter(test=test).count()) + # Do the tags match + self.assertEqual(finding.tags, finding_copy.tags) + + def test_duplicate_finding_with_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + finding = Finding.objects.create(test=test, reporter=user) + finding.unsaved_notes = ['test_note'] + finding.save() + # Do the counting + current_finding_count = Finding.objects.filter(test=test).count() + # Do the copy + finding_copy = finding.copy(test=test) + # Make sure the copy was made without error + self.assertEqual(current_finding_count + 1, Finding.objects.filter(test=test).count()) + # Do the notes match + self.assertEqual(finding.notes, finding_copy.notes) + + def test_duplicate_finding_with_tags_and_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + finding = Finding.objects.create(test=test, reporter=user) + finding.unsaved_tags = ['test_tag'] + finding.unsaved_notes = ['test_note'] + finding.save() + # Do the counting + current_finding_count = Finding.objects.filter(test=test).count() + # Do the copy + finding_copy = finding.copy(test=test) + # Make sure the copy was made without error + self.assertEqual(current_finding_count + 1, Finding.objects.filter(test=test).count()) + # Do the tags match + self.assertEqual(finding.notes, finding_copy.notes) + # Do the notes match + self.assertEqual(finding.notes, finding_copy.notes) + + def test_duplicate_finding_with_endpoints(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_finding', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + endpoint = Endpoint.from_uri('0.0.0.0') + endpoint.save() + finding = Finding.objects.create(test=test, reporter=user) + endpoint_status = Endpoint_Status.objects.create(finding=finding, endpoint=endpoint) + # Do the counting + current_finding_count = Finding.objects.filter(test=test).count() + current_endpoint_finding_count = endpoint.findings_count + current_endpoint_count = Endpoint.objects.all().count() + current_endpoint_status_count = Endpoint_Status.objects.filter(endpoint=endpoint).count() + # Do the copy + finding_copy = finding.copy(test=test) + # Make sure the copy was made without error + self.assertEqual(current_finding_count + 1, Finding.objects.filter(test=test).count()) + # Make sure the number of endpoints stayed the same + self.assertEqual(current_endpoint_count, Endpoint.objects.all().count()) + # Make sure the number of findings on the endpoint grew + self.assertEqual(current_endpoint_finding_count + 1, endpoint.findings_count) # TODO + # Make sure the number of endpoint status objects grew + self.assertEqual(current_endpoint_status_count + 1, Endpoint_Status.objects.filter(endpoint=endpoint).count()) + # Make sure the endpoint status objects point at different findings + self.assertNotEqual(endpoint_status, finding_copy.status_finding.all().first()) + + +class TestCopyTestModel(DojoTestCase): + + def test_duplicate_test_same_enagagement(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + # Do the counting + current_test_count = Test.objects.filter(engagement=engagement).count() + current_test_finding_count = Finding.objects.filter(test=test).count() + current_engagement_finding_count = Finding.objects.filter(test__engagement=engagement).count() + # Do the copy + test_copy = test.copy(engagement=engagement) + # Make sure the copy was made without error + self.assertEqual(current_test_count + 1, Test.objects.filter(engagement=engagement).count()) + # Do the tests have the same number of findings + self.assertEqual(current_test_finding_count, Finding.objects.filter(test=test_copy).count()) + # Make sure the engagement has more findings + self.assertEqual(current_engagement_finding_count + 1, Finding.objects.filter(test__engagement=engagement).count()) + + def test_duplicate_tests_different_engagements(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement1 = self.create_engagement('eng1', product) + engagement2 = self.create_engagement('eng2', product) + test = self.create_test(engagement=engagement1, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + # Do the counting + product_finding_count = Finding.objects.filter(test__engagement__product=product).count() + # Do the copy + test_copy = test.copy(engagement=engagement2) + # Make sure the copy was made without error + self.assertEqual(Test.objects.filter(engagement=engagement1).count(), Test.objects.filter(engagement=engagement2).count()) + # Do the enagements have the same number of findings + self.assertEqual(Finding.objects.filter(test__engagement=engagement1).count(), Finding.objects.filter(test__engagement=engagement2).count()) + # Are the tests equal + self.assertEqual(test, test_copy) + # Does the product thave more findings + self.assertEqual(product_finding_count + 1, Finding.objects.filter(test__engagement__product=product).count()) + + def test_duplicate_test_with_tags(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + test.unsaved_tags = ['test_tag'] + test.save() + # Do the counting + current_test_count = Test.objects.filter(engagement=engagement).count() + # Do the copy + test_copy = test.copy(engagement=engagement) + # Make sure the copy was made without error + self.assertEqual(current_test_count + 1, Test.objects.filter(engagement=engagement).count()) + # Do the tags match + self.assertEqual(test.tags, test_copy.tags) + + def test_duplicate_test_with_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + test.unsaved_notes = ['test_note'] + test.save() + # Do the counting + current_test_count = Test.objects.filter(engagement=engagement).count() + # Do the copy + test_copy = test.copy(engagement=engagement) + # Make sure the copy was made without error + self.assertEqual(current_test_count + 1, Test.objects.filter(engagement=engagement).count()) + # Do the notes match + self.assertEqual(test.notes, test_copy.notes) + + def test_duplicate_test_with_tags_and_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + test.unsaved_tags = ['test_tag'] + test.unsaved_notes = ['test_note'] + test.save() + # Do the counting + current_test_count = Test.objects.filter(engagement=engagement).count() + # Do the copy + test_copy = test.copy(engagement=engagement) + # Make sure the copy was made without error + self.assertEqual(current_test_count + 1, Test.objects.filter(engagement=engagement).count()) + # Do the notes match + self.assertEqual(test.notes, test_copy.notes) + # Do the tags match + self.assertEqual(test.tags, test_copy.tags) + + +class TestCopyEngagementModel(DojoTestCase): + + def test_duplicate_engagement(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + # Do the counting + current_product_count = Product.objects.filter(prod_type=product_type).count() + current_engagement_finding_count = Finding.objects.filter(test__engagement=engagement).count() + current_engagement_product_finding_count = Finding.objects.filter(test__engagement__product=product).count() + # Do the copy + engagement_copy = engagement.copy() + # Make sure the copy was made without error + self.assertEqual(current_product_count + 1, Engagement.objects.filter(product=product).count()) + # Do the tests have the same number of findings + self.assertEqual(current_engagement_finding_count, Finding.objects.filter(test__engagement=engagement_copy).count()) + # Make sure the product has more findings + self.assertEqual(current_engagement_product_finding_count + 1, Finding.objects.filter(test__engagement__product=product).count()) + + def test_duplicate_engagement_with_tags(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + engagement.unsaved_tags = ['test_tag'] + engagement.save() + # Do the counting + current_engagement_count = Engagement.objects.filter(product=product).count() + # Do the copy + engagement_copy = engagement.copy() + # Make sure the copy was made without error + self.assertEqual(current_engagement_count + 1, Engagement.objects.filter(product=product).count()) + # Do the tags match + self.assertEqual(engagement.tags, engagement_copy.tags) + + def test_duplicate_engagement_with_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + engagement.unsaved_notes = ['test_note'] + engagement.save() + # Do the counting + current_engagement_count = Engagement.objects.filter(product=product).count() + # Do the copy + engagement_copy = engagement.copy() + # Make sure the copy was made without error + self.assertEqual(current_engagement_count + 1, Engagement.objects.filter(product=product).count()) + # Do the notes match + self.assertEqual(engagement.notes, engagement_copy.notes) + + def test_duplicate_engagement_with_tags_and_notes(self): + # Set the scene + user, _ = User.objects.get_or_create(username="admin") + product_type = self.create_product_type('prod_type') + product = self.create_product('test_deuplicate_test', prod_type=product_type) + engagement = self.create_engagement('eng', product) + test = self.create_test(engagement=engagement, scan_type='NPM Audit Scan', title='test') + _ = Finding.objects.create(test=test, reporter=user) + engagement.unsaved_tags = ['test_tag'] + engagement.unsaved_notes = ['test_note'] + engagement.save() + # Do the counting + current_engagement_count = Engagement.objects.filter(product=product).count() + # Do the copy + engagement_copy = engagement.copy() + # Make sure the copy was made without error + self.assertEqual(current_engagement_count + 1, Engagement.objects.filter(product=product).count()) + # Do the notes match + self.assertEqual(engagement.notes, engagement_copy.notes) + # Do the tags match + self.assertEqual(engagement.tags, engagement_copy.tags) diff --git a/unittests/test_deduplication_logic.py b/unittests/test_deduplication_logic.py index 65cf77c2752..8937104d92d 100644 --- a/unittests/test_deduplication_logic.py +++ b/unittests/test_deduplication_logic.py @@ -1,7 +1,9 @@ from .dojo_test_case import DojoTestCase from dojo.models import Finding, User, Product, Endpoint, Endpoint_Status, Test, Engagement from dojo.models import System_Settings +from django.conf import settings from crum import impersonate +import unittest import logging logger = logging.getLogger(__name__) deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") @@ -23,11 +25,6 @@ # -> that is an insteresting improvment to consider # - If the unique_id does NOT match, the finding is still considered for dedupe if the hash_code matches. We may need to forbid as the unique_id should be leading for the same test_type -# false positive history observations: -# - doesn't respect dedupe_on_engagement -# - if endpoints are mismatching, it falls back to comparing just the title + test_type or cwe + test_type. this leads to false positive false positives (pung intended) -# - I think this feature should be resdesigned and use the dedupe algo to find "identical/similar findings" to copy false_p status from - # test data summary # product 1: Python How-to # engagement 2: April monthly engagement (dedupe_inside: True) @@ -217,7 +214,7 @@ def test_identical_except_filepath_legacy(self): finding_new, finding_24 = self.copy_and_reset_finding(id=24) finding_new.file_path = '/dev/null' - finding_22 = Finding.objects.get(id=22) + Finding.objects.get(id=22) finding_new.save(dedupe_option=True) @@ -417,13 +414,24 @@ def test_identical_legacy_no_endpoints_dynamic(self): # existing findings in test 3 are from ZAP scanner, which uses hash_code algorithm with ['title', 'cwe', 'endpoints', 'severity'] def test_identical_hash_code(self): # 4 is already a duplicate of 2, let's see what happens if we create an identical finding (but reset status) + # 2 has an endpoint ftp://localhost, 4 has no endpoint # expect: marked as duplicate finding_new, finding_4 = self.copy_and_reset_finding(id=4) finding_new.save(dedupe_option=True) - self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + if (settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []): + # expect duplicate, as endpoints shouldn't affect dedupe + self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + else: + self.assert_finding(finding_new, not_pk=4, duplicate=False, duplicate_finding_id=None, hash_code=finding_4.hash_code) + + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) + finding_new.save(dedupe_option=True) + self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_2.hash_code) def test_identical_ordering_hash_code(self): + dedupe_algo_endpoint_fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = [] finding_2 = Finding.objects.get(id=2) # 3 is already a duplicate of 2, but let's reset it's status. then update 24 and see if it gets marked as duplicate of 2 or 3 # expect: marked as duplicate of 2 as lowest finding_id should be chosen as original @@ -443,6 +451,9 @@ def test_identical_ordering_hash_code(self): self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_2.id, hash_code=finding_2.hash_code) # self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_3.id, hash_code=finding_2.hash_code) + # reset for further tests + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = dedupe_algo_endpoint_fields + def test_identical_except_title_hash_code(self): # 4 is already a duplicate of 2, let's see what happens if we create an identical finding with different title (and reset status) # expect: NOT marked as duplicate as title is part of hash_code calculation @@ -454,22 +465,42 @@ def test_identical_except_title_hash_code(self): def test_identical_except_description_hash_code(self): # 4 is already a duplicate of 2, let's see what happens if we create an identical finding with different description (and reset status) + # 2 has an endpoint ftp://localhost, 4 has no endpoint # expect: marked as duplicate finding_new, finding_4 = self.copy_and_reset_finding(id=4) + finding_new.description = 'useless finding' finding_new.save(dedupe_option=True) - self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + if (settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []): + # expect duplicate, as endpoints shouldn't affect dedupe + self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + else: + self.assert_finding(finding_new, not_pk=4, duplicate=False, duplicate_finding_id=None, hash_code=finding_4.hash_code) + + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) + finding_new.save(dedupe_option=True) + self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_2.hash_code) # TODO not usefile with ZAP? def test_identical_except_line_hash_code(self): # 4 is already a duplicate of 2, let's see what happens if we create an identical finding with different line (and reset status) + # 2 has an endpoint ftp://localhost, 4 has no endpoint # expect: marked as duplicate finding_new, finding_4 = self.copy_and_reset_finding(id=4) finding_new.line = 666 finding_new.save(dedupe_option=True) - self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + if (settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []): + # expect duplicate, as endpoints shouldn't affect dedupe + self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + else: + self.assert_finding(finding_new, not_pk=4, duplicate=False, duplicate_finding_id=None, hash_code=finding_4.hash_code) + + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) + finding_new.line = 666 + finding_new.save(dedupe_option=True) + self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_2.hash_code) # TODO not usefile with ZAP? def test_identical_except_filepath_hash_code(self): @@ -479,14 +510,23 @@ def test_identical_except_filepath_hash_code(self): finding_new.file_path = '/dev/null' finding_new.save(dedupe_option=True) - self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + if (settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []): + # expect duplicate, as endpoints shouldn't affect dedupe + self.assert_finding(finding_new, not_pk=4, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_4.hash_code) + else: + self.assert_finding(finding_new, not_pk=4, duplicate=False, duplicate_finding_id=None, hash_code=finding_4.hash_code) + + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) + finding_new.file_path = '/dev/null' + finding_new.save(dedupe_option=True) + self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=finding_4.duplicate_finding.id, hash_code=finding_2.hash_code) def test_dedupe_inside_engagement_hash_code(self): # finding 2 in engagement 1 # make a copy and store it in engagement 2, test 4 # should not result in being marked as duplicate as it crosses engagement boundaries # both test 3 and 4 are ZAP scans (cross scanner dedupe is still not working very well) - finding_new, finding_2 = self.copy_and_reset_finding(id=2) + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) finding_new.test = Test.objects.get(id=4) finding_new.save(dedupe_option=True) @@ -499,13 +539,14 @@ def test_dedupe_not_inside_engagement_hash_code(self): # both test 3 and 4 are ZAP scans (cross scanner dedupe is still not working very well) self.set_dedupe_inside_engagement(False) - finding_new, finding_2 = self.copy_and_reset_finding(id=2) + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) finding_new.test = Test.objects.get(id=4) finding_new.save(dedupe_option=True) self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=2, hash_code=finding_2.hash_code) # hash_code: if file_path and line or both empty and there are no endpoints, dedupe should happen (as opposed to legacy dedupe) + @unittest.skip("Test is not valid because finding 2 has an endpoint.") def test_identical_no_filepath_no_line_no_endpoints_hash_code(self): finding_new, finding_2 = self.copy_and_reset_finding(id=2) finding_new.file_path = None @@ -515,35 +556,110 @@ def test_identical_no_filepath_no_line_no_endpoints_hash_code(self): self.assert_finding(finding_new, not_pk=2, duplicate=True, duplicate_finding_id=2, hash_code=finding_2.hash_code) def test_identical_hash_code_with_identical_endpoints(self): - finding_new, finding_4 = self.copy_and_reset_finding_add_endpoints(id=4) # has myhost.com, myhost2.com + # create an identical copy of the new finding, with the same endpoints + finding_new, finding_2 = self.copy_with_endpoints_without_dedupe_and_reset_finding(id=2) # has ftp://localhost + finding_new.save(dedupe_option=True) + + # expect: marked as duplicate of original finding 2 (because finding 4 is a duplicate of finding 2 in sample data), hash_code not affected by endpoints (endpoints are not anymore in ZAP configuration for hash_code) + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=True, duplicate_finding_id=2, hash_code=finding_2.hash_code, not_hash_code=None) + + def test_dedupe_algo_endpoint_fields_host_port_identical(self): + dedupe_algo_endpoint_fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = ["host", "port"] + + # create an identical copy of the new finding, with the same endpoints but different path + finding_new, finding_2 = self.copy_and_reset_finding(id=2) # finding_2 has host ftp://localhost finding_new.save() - # create an identical copy of the new finding, with the same endpoints - finding_new2, finding_new = self.copy_and_reset_finding(id=finding_new.id) - finding_new2.save(dedupe_option=False) + ep = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="localhost", protocol="ftp", path="local") + ep.save() + finding_new.endpoints.add(ep) + finding_new.save() - ep1 = Endpoint(product=finding_new2.test.engagement.product, finding=finding_new2, host="myhost.com", protocol="https") + # expect: marked as duplicate of original finding 2 (because finding 4 is a duplicate of finding 2 in sample data), hash_code not affected by endpoints (endpoints are not anymore in ZAP configuration for hash_code) + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=True, duplicate_finding_id=2, hash_code=finding_2.hash_code, not_hash_code=None) + + # reset for further tests + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = dedupe_algo_endpoint_fields + + def test_dedupe_algo_endpoint_field_path_different(self): + dedupe_algo_endpoint_fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = ["path"] + + # create an identical copy of the new finding, with the same endpoints but different path + finding_new, finding_2 = self.copy_and_reset_finding(id=2) # finding_2 has host ftp://localhost + finding_new.save() + + ep = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="localhost", protocol="ftp", path="local") + ep.save() + finding_new.endpoints.add(ep) + finding_new.save() + + # expect: marked as duplicate of original finding 2 (because finding 4 is a duplicate of finding 2 in sample data), hash_code not affected by endpoints (endpoints are not anymore in ZAP configuration for hash_code) + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=False, duplicate_finding_id=None, hash_code=finding_2.hash_code, not_hash_code=None) + + # reset for further tests + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = dedupe_algo_endpoint_fields + + def test_identical_hash_code_with_intersect_endpoints(self): + dedupe_algo_endpoint_fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = ["host", "port"] + # ep1: https://myhost.com, ep2: https://myhost2.com + finding_new, finding_2 = self.copy_and_reset_finding(id=2) + finding_new.save(dedupe_option=False) + ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") ep1.save() - ep2 = Endpoint(product=finding_new2.test.engagement.product, finding=finding_new2, host="myhost2.com", protocol="https") + ep2 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost2.com", protocol="https") ep2.save() - finding_new2.endpoints.add(ep1) - finding_new2.endpoints.add(ep2) - finding_new2.save() + finding_new.endpoints.add(ep1) + finding_new.endpoints.add(ep2) + finding_new.save(dedupe_option=True) + # expect: marked not as duplicate of original finding 2 because the endpoints are different + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=False, hash_code=finding_2.hash_code) - # expect: marked as duplicate of original finding 2 (because finding 4 is a duplicate of finding 2 in sample data), hash_code not affected by endpoints (endpoints are not anymore in ZAP configuration for hash_code) - self.assert_finding(finding_new2, not_pk=finding_new.pk, duplicate=True, duplicate_finding_id=2, hash_code=finding_new.hash_code, not_hash_code=None) + # create an identical copy of the new finding without original endpoints, but with 3 extra endpoints. + finding_new3, finding_new = self.copy_and_reset_finding(id=finding_new.id) + finding_new3.save(dedupe_option=False) + ep1 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost4.com", protocol="https") + ep1.save() + ep2 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost2.com", protocol="https") + ep2.save() + ep3 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost3.com", protocol="https") + ep3.save() + finding_new3.endpoints.add(ep1) + finding_new3.endpoints.add(ep2) + finding_new3.endpoints.add(ep3) + finding_new3.save() + + # expect: marked not as duplicate of original finding 2 or finding_new3 because the endpoints are different + self.assert_finding(finding_new3, not_pk=finding_new.pk, duplicate=True, duplicate_finding_id=finding_new.id, hash_code=finding_new.hash_code) + # expect: marked not as duplicate of original finding 2 because the endpoints are different + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=False, hash_code=finding_2.hash_code) + # reset for further tests + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = dedupe_algo_endpoint_fields def test_identical_hash_code_with_different_endpoints(self): - finding_new, finding_4 = self.copy_and_reset_finding_add_endpoints(id=4) - # save with dedupe so hash_code contains endpoints - finding_new.save() + dedupe_algo_endpoint_fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = ["host", "port"] + # ep1: https://myhost.com, ep2: https://myhost2.com + finding_new, finding_2 = self.copy_and_reset_finding(id=2) + finding_new.save(dedupe_option=False) + ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") + ep1.save() + ep2 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost2.com", protocol="https") + ep2.save() + finding_new.endpoints.add(ep1) + finding_new.endpoints.add(ep2) + finding_new.save(dedupe_option=True) + # expect: marked not as duplicate of original finding 2 because the endpoints are different + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=False, hash_code=finding_2.hash_code) - # create an identical copy of the new finding, but with 1 extra endpoint. should not be marked as duplicate + # create an identical copy of the new finding without original endpoints, but with 3 extra endpoints. finding_new3, finding_new = self.copy_and_reset_finding(id=finding_new.id) finding_new3.save(dedupe_option=False) ep1 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost4.com", protocol="https") ep1.save() - ep2 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost2.com", protocol="https") + ep2 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost2.com", protocol="http") ep2.save() ep3 = Endpoint(product=finding_new3.test.engagement.product, finding=finding_new3, host="myhost3.com", protocol="https") ep3.save() @@ -552,11 +668,15 @@ def test_identical_hash_code_with_different_endpoints(self): finding_new3.endpoints.add(ep3) finding_new3.save() - # expect: marked as duplicate, hash_code not affected by endpoints (ZAP hash_code not dependent on endpoints anymore) - self.assert_finding(finding_new3, not_pk=finding_new.pk, duplicate=True, hash_code=finding_4.hash_code) + # expect: marked not as duplicate of original finding 2 or finding_new3 because the endpoints are different + self.assert_finding(finding_new3, not_pk=finding_new.pk, duplicate=False, hash_code=finding_new.hash_code) + self.assert_finding(finding_new3, not_pk=finding_2.pk, duplicate=False, hash_code=finding_2.hash_code) + # expect: marked not as duplicate of original finding 2 because the endpoints are different + self.assert_finding(finding_new, not_pk=finding_2.pk, duplicate=False, hash_code=finding_2.hash_code) + # reset for further tests + settings.DEDUPE_ALGO_ENDPOINT_FIELDS = dedupe_algo_endpoint_fields # # unique_id algo uses id from tool. hash_code is still calculated, according to legacy field config Checkmarx detailed scan - def test_identical_unique_id(self): # create identical copy finding_new, finding_124 = self.copy_and_reset_finding(id=124) @@ -586,7 +706,7 @@ def test_title_description_line_filepath_different_unique_id(self): # create identical copy, change some fields finding_new, finding_124 = self.copy_and_reset_finding(id=124) finding_new.title = 'another title' - finding_new.cve = 'CVE-2020-12345' + finding_new.unsaved_vulnerability_ids = ['CVE-2020-12345'] finding_new.cwe = '456' finding_new.description = 'useless finding' finding_new.save() @@ -598,7 +718,7 @@ def test_title_description_line_filepath_different_and_id_different_unique_id(se # create identical copy, change some fields finding_new, finding_124 = self.copy_and_reset_finding(id=124) finding_new.title = 'another title' - finding_new.cve = 'CVE-2020-12345' + finding_new.unsaved_vulnerability_ids = ['CVE-2020-12345'] finding_new.cwe = '456' finding_new.description = 'useless finding' finding_new.unique_id_from_tool = '9999' @@ -740,7 +860,7 @@ def test_title_description_line_filepath_different_unique_id_or_hash_code(self): # create identical copy, change some fields finding_new, finding_224 = self.copy_and_reset_finding(id=224) finding_new.title = 'another title' - finding_new.cve = 'CVE-2020-12345' + finding_new.unsaved_vulnerability_ids = ['CVE-2020-12345'] finding_new.cwe = '456' finding_new.description = 'useless finding' finding_new.save() @@ -752,7 +872,7 @@ def test_title_description_line_filepath_different_and_id_different_unique_id_or # create identical copy, change some fields finding_new, finding_224 = self.copy_and_reset_finding(id=224) finding_new.title = 'another title' - finding_new.cve = 'CVE-2020-12345' + finding_new.unsaved_vulnerability_ids = ['CVE-2020-12345'] finding_new.cwe = '456' finding_new.description = 'useless finding' finding_new.unique_id_from_tool = '9999' @@ -816,11 +936,12 @@ def test_dedupe_inside_engagement_unique_id_or_hash_code2(self): # create identical copy finding_new, finding_224 = self.copy_and_reset_finding(id=224) - # first setup some finding with same unique_id in different engagement, but same test_type + # first setup some finding with same unique_id in different engagement, but same scan_type self.set_dedupe_inside_engagement(False) finding_22 = Finding.objects.get(id=22) finding_22.test.test_type = finding_224.test.test_type + finding_22.test.scan_type = finding_224.test.scan_type finding_22.test.save() finding_22.unique_id_from_tool = '888' @@ -875,8 +996,11 @@ def test_identical_different_endpoints_unique_id_or_hash_code(self): finding_new.endpoints.add(ep1) finding_new.save() - # expect duplicate, as endpoints shouldn't affect dedupe and hash_code due to unique_id - self.assert_finding(finding_new, not_pk=224, duplicate=True, duplicate_finding_id=224, hash_code=finding_224.hash_code) + if settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []: + # expect duplicate, as endpoints shouldn't affect dedupe and hash_code due to unique_id + self.assert_finding(finding_new, not_pk=224, duplicate=True, duplicate_finding_id=224, hash_code=finding_224.hash_code) + else: + self.assert_finding(finding_new, not_pk=224, duplicate=False, duplicate_finding_id=None, hash_code=finding_224.hash_code) # same scenario, now with different uid. and different endpoints, but hash will be different due the endpoints because we set dynamic_finding to True finding_new, finding_224 = self.copy_and_reset_finding(id=224) @@ -889,8 +1013,11 @@ def test_identical_different_endpoints_unique_id_or_hash_code(self): finding_new.dynamic_finding = True finding_new.save() - # different uid. and different endpoints, but endpoints not used for hash anymore -> duplicate - self.assert_finding(finding_new, not_pk=224, duplicate=True, hash_code=finding_224.hash_code) + if settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []: + # different uid. and different endpoints, but endpoints not used for hash anymore -> duplicate + self.assert_finding(finding_new, not_pk=224, duplicate=True, hash_code=finding_224.hash_code) + else: + self.assert_finding(finding_new, not_pk=224, duplicate=False, hash_code=finding_224.hash_code) # same scenario, now with different uid. and different endpoints finding_new, finding_224 = self.copy_and_reset_finding(id=224) @@ -903,254 +1030,11 @@ def test_identical_different_endpoints_unique_id_or_hash_code(self): finding_new.dynamic_finding = False finding_new.save() - # different uid. and different endpoints, dynamic_finding is set to False hash_code still not affected by endpoints - self.assert_finding(finding_new, not_pk=224, duplicate=True, duplicate_finding_id=224, hash_code=finding_224.hash_code) - - # sync false positive history tests - - def test_false_positive_history_with_dedupe_no_endpoints_identical(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.false_p = False - finding_new.save() - - # dedupe is enabled, hash_code matches, so new finding marked as duplicate AND copies false positive True from original - # feature or BUG? finding already marked as duplicate, should it als be marked as false positive? - # should we do the same for out_of_scope? risk accepted? - # should this be part of the dedupe process? or seperate as in false_p history? - self.assert_finding(finding_new, not_pk=22, duplicate=True, duplicate_finding_id=finding_22.id, hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_with_dedupe_no_endpoints_title_matches_but_not_hash_code(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.cwe = 432 - finding_new.false_p = False - finding_new.save() - - # dedupe is enabled, hash_code doesn't matches, so new finding not marked as duplicate and also not recognized by false positive history - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, False) - - def test_false_positive_history_with_dedupe_no_endpoints_cwe_matches_but_not_hash_code(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.title = 'same same but different' - finding_new.false_p = False - finding_new.save() - - # dedupe is enabled, hash_code doesn't matches, so new finding not marked as duplicate and also not recognized by false positive history - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, False) - - def test_false_positive_history_without_dedupe_no_endpoints_identical(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.false_p = False - finding_new.save() - - # dedupe is disabled, hash_code matches, so marked as false positive - self.assert_finding(finding_new, not_pk=22, duplicate=False, hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_without_dedupe_no_endpoints_title_matches_but_not_hash_code(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.cwe = 432 - finding_new.false_p = False - finding_new.save() - - # dedupe is disabled, hash_code doesn't matches, so not marked as false positive - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, False) - - def test_false_positive_history_without_dedupe_no_endpoints_cwe_matches_but_not_hash_code(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.title = 'same same but different' - finding_new.false_p = False - finding_new.save() - - # dedupe is enabled, hash_code doesn't matches, so new finding not marked as duplicate and also not recognized by false positive history - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, False) - - # false positive history with endpoints - - def test_false_positive_history_with_dedupe_with_endpoints_identical(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.save(dedupe_option=False) - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.false_p = False - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.save(false_history=True) - - # dedupe is enabled, hash_code mismatche due to endpoints, so new finding not marked as duplicate AND copies false positive True from original even with mismatching endpoints - # feature or BUG? false positive status is copied when dedupe says it's not a dupe and endpoints are mismatching - self.assert_finding(finding_new, not_pk=22, duplicate=False, hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_with_dedupe_with_endpoints_title_matches_but_not_hash_code(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - finding_22.false_p = True - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.false_p = False - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.cwe = 432 - finding_new.save(false_history=True) - - # dedupe is enabled, hash_code doesn't matches, so new finding not marked as duplicate but it IS recognized by false positive history because of the title matching - # feature or BUG? false positive status is copied when dedupe says it's not a dupe and endpoints are mismatching - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_with_dedupe_with_endpoints_cwe_matches_but_not_hash_code(self): - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.false_p = True - finding_22.cwe = 123 # testdate has no CWE - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.title = 'same same but different' - finding_new.false_p = False - finding_new.save(false_history=True) - - # dedupe is enabled, hash_code doesn't matches, so new finding not marked as duplicate but it IS recognized by false positive history because of the cwe matching - # feature or BUG? false positive status is copied when dedupe says it's not a dupe and endpoints are mismatching - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_without_dedupe_with_endpoints_identical(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.false_p = False - finding_new.save(false_history=True) - - # dedupe is disabled, hash_code matches, so marked as false positive - self.assert_finding(finding_new, not_pk=22, duplicate=False, hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_without_dedupe_with_endpoints_title_matches_but_not_hash_code(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.cwe = 432 - finding_new.false_p = False - finding_new.save(false_history=True) - - # dedupe is disabled, hash_code doesn't matches, but it IS recognized by false positive history because of the title matching - # feature or BUG? false positive status is copied when dedupe says it's not a dupe and endpoints are mismatching - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) - - def test_false_positive_history_without_dedupe_with_endpoints_cwe_matches_but_not_hash_code(self): - self.enable_dedupe(enable=False) - self.enable_false_positive_history() - finding_22 = Finding.objects.get(id=22) - ep1 = Endpoint(product=finding_22.test.engagement.product, finding=finding_22, host="myhostxxx.com", protocol="https") - ep1.save() - finding_22.endpoints.add(ep1) - finding_22.cwe = 123 # test data has now CWE here - finding_22.false_p = True - finding_22.save(dedupe_option=False) - - # create a copy of 22 - finding_new, finding_22 = self.copy_and_reset_finding(id=22) - finding_new.save(dedupe_option=False) - ep1 = Endpoint(product=finding_new.test.engagement.product, finding=finding_new, host="myhost.com", protocol="https") - ep1.save() - finding_new.endpoints.add(ep1) - finding_new.title = 'same same but different' - finding_new.false_p = False - finding_new.save(false_history=True) - - # dedupe is disabled, hash_code doesn't matches, so new finding not marked as duplicate but it IS recognized by false positive history because of the cwe matching - # feature or BUG? false positive status is copied when dedupe says it's not a dupe and endpoints are mismatching - self.assert_finding(finding_new, not_pk=22, duplicate=False, not_hash_code=finding_22.hash_code) - self.assertEquals(finding_new.false_p, True) + if settings.DEDUPE_ALGO_ENDPOINT_FIELDS == []: + # different uid. and different endpoints, dynamic_finding is set to False hash_code still not affected by endpoints + self.assert_finding(finding_new, not_pk=224, duplicate=True, duplicate_finding_id=224, hash_code=finding_224.hash_code) + else: + self.assert_finding(finding_new, not_pk=224, duplicate=False, duplicate_finding_id=None, hash_code=finding_224.hash_code) # # some extra tests @@ -1164,7 +1048,7 @@ def test_hash_code_onetime(self): hash_code_at_creation = finding_new.hash_code finding_new.title = 'new_title' - finding_new.cve = 999 + finding_new.unsaved_vulnerability_ids = [999] # both title and cve affect hash_code for ZAP scans, but not here because hash_code was already calculated finding_new.save() @@ -1190,14 +1074,14 @@ def test_duplicate_after_modification(self): # expect: not marked as duplicate with dedupe_option-False finding_new, finding_24 = self.copy_and_reset_finding(id=24) finding_new.title = 'new_title' - finding_new.cve = 999 + finding_new.unsaved_vulnerability_ids = [999] finding_new.save(dedupe_option=True) self.assert_finding(finding_new, not_pk=24, duplicate=False, not_hash_code=None) # now when we change the title and cve back the same as finding_24, it should be marked as duplicate # howwever defect dojo does NOT recalculate the hash_code, so it will not mark this finding as duplicate. feature or BUG? finding_new.title = finding_24.title - finding_new.cve = finding_24.cve + finding_new.unsaved_vulnerability_ids = finding_24.unsaved_vulnerability_ids finding_new.save(dedupe_option=True) self.assert_finding(finding_new, not_pk=24, duplicate=False, not_hash_code=None) @@ -1261,7 +1145,7 @@ def log_test(self, test): if isinstance(test, int): test = Test.objects.get(pk=test) - logger.debug('\t\t' + 'test %i: %s (algo=%s, dynamic=%s)', test.id, test, test.dedupe_algo, test.test_type.dynamic_tool) + logger.debug('\t\t' + 'test %i: %s (algo=%s, dynamic=%s)', test.id, test, test.deduplication_algorithm, test.test_type.dynamic_tool) self.log_findings(test.finding_set.all()) def log_all_products(self): @@ -1314,6 +1198,16 @@ def copy_and_reset_finding(self, id): # return unsaved new finding and reloaded existing finding return new, Finding.objects.get(id=id) + def copy_with_endpoints_without_dedupe_and_reset_finding(self, id): + finding_new, finding_org = self.copy_and_reset_finding(id=id) + # first save without dedupe to avoid hash_code calculation to happen without endpoints + finding_new.save(dedupe_option=False) + for ep in finding_org.endpoints.all(): + finding_new.endpoints.add(ep) + finding_new.save(dedupe_option=False) + # return saved new finding and reloaded existing finding + return finding_new, finding_org + def copy_and_reset_finding_add_endpoints(self, id, static=False, dynamic=True): finding_new, finding_org = self.copy_and_reset_finding(id=id) # remove file_path and line as we now have endpoints @@ -1382,8 +1276,3 @@ def enable_dedupe(self, enable=True): system_settings = System_Settings.objects.get() system_settings.enable_deduplication = enable system_settings.save() - - def enable_false_positive_history(self, enable=True): - system_settings = System_Settings.objects.get() - system_settings.false_positive_history = enable - system_settings.save() diff --git a/unittests/test_duplication_loops.py b/unittests/test_duplication_loops.py index f2d25e1fbb2..1ce45533365 100644 --- a/unittests/test_duplication_loops.py +++ b/unittests/test_duplication_loops.py @@ -133,6 +133,7 @@ def test_set_duplicate_exception_delete_original_duplicates_adapt(self): set_duplicate(self.finding_c, self.finding_b) self.assertEqual(self.finding_b.original_finding.first().id, self.finding_a.id) logger.debug('going to delete finding B') + b_active = self.finding_b.active b_id = self.finding_b.id self.finding_b.delete() logger.debug('deleted finding B') @@ -141,7 +142,7 @@ def test_set_duplicate_exception_delete_original_duplicates_adapt(self): self.assertEqual(self.finding_a.original_finding.first(), self.finding_c) self.assertEqual(self.finding_a.duplicate_finding, None) self.assertEqual(self.finding_a.duplicate, False) - self.assertEqual(self.finding_a.active, True) + self.assertEqual(self.finding_a.active, b_active) self.assertEqual(self.finding_c.original_finding.first(), None) self.assertEqual(self.finding_c.duplicate_finding, self.finding_a) @@ -157,6 +158,7 @@ def test_set_duplicate_exception_delete_original_1_duplicate_adapt(self): set_duplicate(self.finding_a, self.finding_b) self.assertEqual(self.finding_b.original_finding.first().id, self.finding_a.id) logger.debug('going to delete finding B') + b_active = self.finding_b.active b_id = self.finding_b.id self.finding_b.delete() logger.debug('deleted finding B') @@ -164,7 +166,7 @@ def test_set_duplicate_exception_delete_original_1_duplicate_adapt(self): self.assertEqual(self.finding_a.original_finding.first(), None) self.assertEqual(self.finding_a.duplicate_finding, None) self.assertEqual(self.finding_a.duplicate, False) - self.assertEqual(self.finding_a.active, True) + self.assertEqual(self.finding_a.active, b_active) with self.assertRaises(Finding.DoesNotExist): self.finding_b = Finding.objects.get(id=b_id) diff --git a/unittests/test_endpoint_meta_import.py b/unittests/test_endpoint_meta_import.py index b7b25542a0f..e0ec437c42f 100644 --- a/unittests/test_endpoint_meta_import.py +++ b/unittests/test_endpoint_meta_import.py @@ -27,7 +27,7 @@ def test_endpoint_meta_import_endpoint_create_tag_create_meta_create(self): meta_count_before = self.db_dojo_meta_count() with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=True, create_dojo_meta=True) self.assertEqual(endpoint_count_before + 3, self.db_endpoint_count()) @@ -36,20 +36,20 @@ def test_endpoint_meta_import_endpoint_create_tag_create_meta_create(self): def test_endpoint_meta_import_endpoint_missing_hostname(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_no_hostname, create_endpoints=True, create_tags=True, create_dojo_meta=True, expected_http_status_code=400) def test_endpoint_meta_import_tag_remove_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=True, create_dojo_meta=False) # Record numbers endpoint_count_before = self.db_endpoint_count() endpoint_tag_count_before = self.db_endpoint_tag_count() # Import again with one column missing with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_removed, create_endpoints=True, create_tags=True, create_dojo_meta=False) # See that nothing has been removed self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -58,14 +58,14 @@ def test_endpoint_meta_import_tag_remove_column(self): def test_endpoint_meta_import_tag_added_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=True, create_dojo_meta=False) # Record numbers endpoint_count_before = self.db_endpoint_count() endpoint_tag_count_before = self.db_endpoint_tag_count() # Import again with one column added with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_added, create_endpoints=True, create_tags=True, create_dojo_meta=False) # See that nothing has been removed self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -75,7 +75,7 @@ def test_endpoint_meta_import_tag_added_column(self): def test_endpoint_meta_import_tag_changed_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=True, create_dojo_meta=False) # Record numbers endpoint_count_before = self.db_endpoint_count() @@ -85,7 +85,7 @@ def test_endpoint_meta_import_tag_changed_column(self): human_resource_tag = endpoint['tags'][endpoint['tags'].index('team:human resources')] # Import again with one column missing with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_changed, create_endpoints=True, create_tags=True, create_dojo_meta=False) # See that nothing has been added or removed self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -99,14 +99,14 @@ def test_endpoint_meta_import_tag_changed_column(self): def test_endpoint_meta_import_meta_remove_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=False, create_dojo_meta=True) # Record numbers endpoint_count_before = self.db_endpoint_count() meta_count_before = self.db_dojo_meta_count() # Import again with one column missing with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_removed, create_endpoints=True, create_tags=False, create_dojo_meta=True) # See that nothing has been removed self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -115,14 +115,14 @@ def test_endpoint_meta_import_meta_remove_column(self): def test_endpoint_meta_import_meta_added_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=False, create_dojo_meta=True) # Record numbers endpoint_count_before = self.db_endpoint_count() meta_count_before = self.db_dojo_meta_count() # Import again with one column added with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_added, create_endpoints=True, create_tags=False, create_dojo_meta=True) # 1 meta x 3 endpoints = 3 tags self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -131,7 +131,7 @@ def test_endpoint_meta_import_meta_added_column(self): def test_endpoint_meta_import_meta_changed_column(self): # Import full scan first with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=3): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_full, create_endpoints=True, create_tags=False, create_dojo_meta=True) # Record numbers endpoint_count_before = self.db_endpoint_count() @@ -141,7 +141,7 @@ def test_endpoint_meta_import_meta_changed_column(self): meta_value = self.get_endpoints_meta_api(endpoint_id, 'team')['results'][0]['value'] # Import again with one column missing with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params( + self.endpoint_meta_import_scan_with_params( self.meta_import_updated_changed, create_endpoints=True, create_tags=False, create_dojo_meta=True) # See that nothing has been added or removed self.assertEqual(endpoint_count_before, self.db_endpoint_count()) diff --git a/unittests/test_endpoint_model.py b/unittests/test_endpoint_model.py index 5376bd8f208..839a815b166 100644 --- a/unittests/test_endpoint_model.py +++ b/unittests/test_endpoint_model.py @@ -1,8 +1,13 @@ +import datetime from .dojo_test_case import DojoTestCase +from unittest import skip from dojo.endpoint.utils import endpoint_get_or_create -from dojo.models import Endpoint +from dojo.models import Product_Type, Product, Engagement, Test, Finding, Endpoint, Endpoint_Status from django.core.exceptions import ValidationError +from django.apps import apps +from django.utils import timezone +from dojo.endpoint.utils import remove_broken_endpoint_statuses class TestEndpointModel(DojoTestCase): @@ -149,3 +154,222 @@ def test_get_or_create(self): port=8443 ) self.assertTrue(created7) + + def test_equality_without_products(self): + # Test with all the fields + e1 = Endpoint(protocol="https", host="localhost", port=5439, path="test", query="param=value") + e2 = Endpoint(protocol="https", host="localhost", port=5439, path="test", query="param=value") + e3 = Endpoint(protocol="https", host="localhost", port=5439, path="different", query="param=value") + # Verify e1 and e2 are actually equal + self.assertEqual(e1, e2) + # Verify e1 and e2 are not equal because the path is different + self.assertNotEqual(e1, e3) + + def test_equality_with_one_product_one_without(self): + # Define the product + p = Product.objects.get_or_create( + name="test product", + description="", + prod_type=Product_Type.objects.get_or_create(name="test pt")[0] + )[0] + e1 = Endpoint(host="localhost") + e2 = Endpoint(host="localhost", product=p) + # Verify e1 and e2 are actually equal + # Since on has a product and the other does not, we cannot use products to aid in equality + self.assertEqual(e1, e2) + + def test_equality_with_products(self): + # Define the product + p1 = Product.objects.get_or_create( + name="test product 1", + description="", + prod_type=Product_Type.objects.get_or_create(name="test pt")[0] + )[0] + p2 = Product.objects.get_or_create( + name="test product 2", + description="", + prod_type=Product_Type.objects.get_or_create(name="test pt")[0] + )[0] + # Define the endpoints + e1 = Endpoint(host="localhost", product=p1) + e2 = Endpoint(host="localhost", product=p1) + e3 = Endpoint(host="localhost", product=p2) + # Verify e1 and e2 are actually equal + # Since the products match, this should be true + self.assertEqual(e1, e2) + # Verify e1 and e2 are not equal + # Because the products are different, the endpoint objects are not the same + self.assertNotEqual(e1, e3) + + +@skip("Outdated - this class was testing clean-up broken entries in old version of model; new version of model doesn't to store broken entries") +class TestEndpointStatusBrokenModel(DojoTestCase): + + def test_endpoint_status_broken(self): + + self.prod_type = Product_Type.objects.create() + self.product = Product.objects.create(prod_type=self.prod_type) + self.engagement = Engagement.objects.create( + product=self.product, + target_start=datetime.datetime(2020, 1, 1, tzinfo=timezone.utc), + target_end=datetime.datetime(2022, 1, 1, tzinfo=timezone.utc) + ) + self.test = Test.objects.create( + engagement=self.engagement, + target_start=datetime.datetime(2020, 1, 1, tzinfo=timezone.utc), + target_end=datetime.datetime(2022, 1, 1, tzinfo=timezone.utc), + test_type_id=1 + ) + from django.contrib.auth import get_user_model + user = get_user_model().objects.create().pk + self.finding = Finding.objects.create(test=self.test, reporter_id=user).pk + self.endpoint = Endpoint.objects.create(protocol='http', host='foo.bar.eps').pk + self.another_finding = Finding.objects.create(test=self.test, reporter_id=user).pk + self.another_endpoint = Endpoint.objects.create(protocol='http', host='bar.foo.eps').pk + self.endpoint_status = { + 'standard': Endpoint_Status.objects.create( + date=datetime.datetime(2021, 3, 1, tzinfo=timezone.utc), + last_modified=datetime.datetime(2021, 4, 1, tzinfo=timezone.utc), + mitigated=False, + finding_id=self.finding, + endpoint_id=self.endpoint + ).pk, + 'removed_endpoint': Endpoint_Status.objects.create( + date=datetime.datetime(2021, 2, 1, tzinfo=timezone.utc), + last_modified=datetime.datetime(2021, 5, 1, tzinfo=timezone.utc), + mitigated=True, + finding_id=self.another_finding, + endpoint_id=None + ).pk, + 'removed_finding': Endpoint_Status.objects.create( + date=datetime.datetime(2021, 2, 1, tzinfo=timezone.utc), + last_modified=datetime.datetime(2021, 5, 1, tzinfo=timezone.utc), + mitigated=True, + finding_id=None, + endpoint_id=self.another_endpoint + ).pk, + } + + Finding.objects.get(id=self.finding).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status['standard']) + ) + Finding.objects.get(id=self.another_finding).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status['removed_endpoint']) + ) + + Endpoint.objects.get(id=self.endpoint).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status['standard']) + ) + Endpoint.objects.get(id=self.another_endpoint).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status['removed_finding']) + ) + + remove_broken_endpoint_statuses(apps) + + with self.subTest('Stadnard eps for finding'): + f = Finding.objects.filter(id=self.finding) + self.assertEqual(f.count(), 1) + f = f.first() + self.assertEqual(f.endpoint_status.count(), 1) + self.assertEqual(f.endpoint_status.first().pk, self.endpoint_status['standard']) + + with self.subTest('Broken eps for finding'): + f = Finding.objects.filter(id=self.another_finding) + self.assertEqual(f.count(), 1) + f = f.first() + self.assertEqual(f.endpoint_status.count(), 0) + + with self.subTest('Stadnard eps for endpoint'): + e = Endpoint.objects.filter(id=self.endpoint) + self.assertEqual(e.count(), 1) + e = e.first() + self.assertEqual(e.endpoint_status.count(), 1) + self.assertEqual(e.endpoint_status.first().pk, self.endpoint_status['standard']) + + with self.subTest('Broken eps for endpoint'): + e = Endpoint.objects.filter(id=self.another_endpoint) + self.assertEqual(e.count(), 1) + e = e.first() + self.assertEqual(e.endpoint_status.count(), 0) + + +class TestEndpointStatusModel(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def test_str(self): + eps = Endpoint_Status.objects.get(id=1) + self.assertEqual(str(eps), "'High Impact Test Finding' on 'ftp://localhost'") + + # def test_dummy(self): + # fs = Finding.objects.all() + # for f in fs: + # print(f.id, f.test.engagement.product.id, str(f)) + + # es = Endpoint.objects.all() + # for e in es: + # print(e.id, e.product.id, str(e)) + + # epss = Endpoint_Status.objects.all() + # for eps in epss: + # print(eps.id, eps.finding.id, eps.endpoint.id, str(eps)) + + def test_status_evaluation(self): + ep1 = Endpoint.objects.get(id=4) + ep2 = Endpoint.objects.get(id=5) + ep3 = Endpoint.objects.get(id=6) + ep4 = Endpoint.objects.get(id=7) + ep5 = Endpoint.objects.get(id=8) + + with self.subTest('Endpoint without statuses'): + self.assertEqual(ep1.findings_count, 0, ep1.findings.all()) + self.assertEqual(ep1.active_findings_count, 0, ep1.active_findings) + self.assertFalse(ep1.vulnerable, ep1.active_findings_count) + self.assertTrue(ep1.mitigated, ep1.active_findings_count) + + with self.subTest('Endpoint with vulnerabilities but all of them are mitigated because of different reasons'): + self.assertEqual(ep2.findings_count, 4, ep2.findings.all()) + self.assertEqual(ep2.active_findings_count, 1, ep2.active_findings) + self.assertTrue(ep2.vulnerable, ep2.active_findings_count) + self.assertFalse(ep2.mitigated, ep2.active_findings_count) + + with self.subTest('Host without vulnerabilities'): + self.assertEqual(ep1.host_endpoints_count, 2, ep1.host_endpoints) + self.assertEqual(ep2.host_endpoints_count, 2, ep2.host_endpoints) + self.assertEqual(ep1.host_findings_count, 4, ep1.host_findings) + self.assertEqual(ep2.host_findings_count, 4, ep2.host_findings) + self.assertEqual(ep1.host_active_findings_count, 1, ep1.host_active_findings) + self.assertEqual(ep2.host_active_findings_count, 1, ep2.host_active_findings) + self.assertEqual(ep1.host_mitigated_endpoints_count, 1, ep1.host_mitigated_endpoints) + self.assertEqual(ep2.host_mitigated_endpoints_count, 1, ep2.host_mitigated_endpoints) + + with self.subTest('Endpoint with one vulnerabilitiy but EPS is mitigated'): + self.assertEqual(ep3.findings_count, 1, ep3.findings.all()) + self.assertEqual(ep3.active_findings_count, 1, ep3.active_findings) + self.assertTrue(ep3.vulnerable, ep3.active_findings_count) + self.assertFalse(ep3.mitigated, ep3.active_findings_count) + + with self.subTest('Endpoint with one vulnerability'): + self.assertEqual(ep4.findings_count, 1, ep4.findings.all()) + self.assertEqual(ep4.active_findings_count, 1, ep4.active_findings) + self.assertTrue(ep4.vulnerable, ep4.active_findings_count) + self.assertFalse(ep4.mitigated, ep4.active_findings_count) + + with self.subTest('Endpoint with one vulnerability but finding is mitigated'): + self.assertEqual(ep5.findings_count, 1, ep5.findings.all()) + self.assertEqual(ep5.active_findings_count, 0, ep5.active_findings) + self.assertFalse(ep5.vulnerable, ep5.active_findings_count) + self.assertTrue(ep5.mitigated, ep5.active_findings_count) + + with self.subTest('Host with vulnerabilities'): + self.assertEqual(ep3.host_endpoints_count, 3, ep3.host_endpoints) + self.assertEqual(ep4.host_endpoints_count, 3, ep4.host_endpoints) + self.assertEqual(ep5.host_endpoints_count, 3, ep5.host_endpoints) + self.assertEqual(ep3.host_findings_count, 2, ep3.host_findings) + self.assertEqual(ep4.host_findings_count, 2, ep4.host_findings) + self.assertEqual(ep5.host_findings_count, 2, ep5.host_findings) + self.assertEqual(ep3.host_active_findings_count, 2, ep3.host_active_findings) + self.assertEqual(ep4.host_active_findings_count, 2, ep4.host_active_findings) + self.assertEqual(ep5.host_active_findings_count, 2, ep5.host_active_findings) + self.assertEqual(ep3.host_mitigated_endpoints_count, 2, ep3.host_mitigated_endpoints) + self.assertEqual(ep4.host_mitigated_endpoints_count, 2, ep4.host_mitigated_endpoints) + self.assertEqual(ep5.host_mitigated_endpoints_count, 2, ep5.host_mitigated_endpoints) diff --git a/unittests/test_factory.py b/unittests/test_factory.py index 85df7eab753..a1e1d20fd69 100644 --- a/unittests/test_factory.py +++ b/unittests/test_factory.py @@ -9,25 +9,25 @@ def test_get_parser(self): scan_type = "Acunetix Scan" testfile = open(get_unit_tests_path() + "/scans/acunetix/one_finding.xml") parser = get_parser(scan_type) - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() with self.subTest(scan_type="Anchore Engine Scan"): scan_type = "Anchore Engine Scan" - testfile = open(get_unit_tests_path() + "/scans/anchore/one_vuln.json") + testfile = open(get_unit_tests_path() + "/scans/anchore_engine/one_vuln.json") parser = get_parser(scan_type) - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() - with self.subTest(scan_type="Nessus Scan"): - scan_type = "Nessus Scan" - testfile = open(get_unit_tests_path() + "/scans/nessus/nessus_v_unknown.xml") + with self.subTest(scan_type="Tenable Scan"): + scan_type = "Tenable Scan" + testfile = open(get_unit_tests_path() + "/scans/tenable/nessus/nessus_v_unknown.xml") parser = get_parser(scan_type) - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() with self.subTest(scan_type="ZAP Scan"): scan_type = "ZAP Scan" testfile = open(get_unit_tests_path() + "/scans/zap/some_2.9.0.xml") parser = get_parser(scan_type) - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() def test_get_parser_error(self): diff --git a/unittests/test_false_positive_history_logic.py b/unittests/test_false_positive_history_logic.py new file mode 100644 index 00000000000..2ec8e816169 --- /dev/null +++ b/unittests/test_false_positive_history_logic.py @@ -0,0 +1,1870 @@ +from .dojo_test_case import DojoTestCase +from dojo.models import Finding, User, Product, Endpoint, Endpoint_Status, Test, Engagement +from dojo.models import System_Settings +from crum import impersonate +import logging +from datetime import datetime +logger = logging.getLogger(__name__) +deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") + +# Test data summary. All engagements have deduplication_on_engagement set to true. +# +# product 1: Python How-to +# engagement 2: April monthly engagement (dedupe_inside: True) +# test 13: ZAP Scan (algo=hash_code, dynamic=True) +# no findings +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# +# product 2: Security How-to +# engagement 1: 1st Quarter Engagement (dedupe_inside: True) +# test 3: ZAP Scan (algo=hash_code, dynamic=True) +# findings: +# 2 : "High Impact Test Fin": High : act: True : ver: True : mit: False: dup: False: dup_id: None: hash_code: 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7: eps: 0: notes: []: uid: None +# 3 : "High Impact Test Fin": High : act: True : ver: True : mit: False: dup: True : dup_id: 2 : hash_code: 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7: eps: 0: notes: []: uid: None +# 4 : "High Impact Test Fin": High : act: True : ver: True : mit: False: dup: True : dup_id: 2 : hash_code: 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7: eps: 0: notes: []: uid: None +# 5 : "High Impact Test Fin": High : act: True : ver: True : mit: False: dup: True : dup_id: 2 : hash_code: 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7: eps: 0: notes: []: uid: None +# 6 : "High Impact Test Fin": High : act: True : ver: True : mit: False: dup: True : dup_id: 2 : hash_code: 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7: eps: 0: notes: []: uid: None +# 7 : "DUMMY FINDING ": High : act: False: ver: False: mit: False: dup: False: dup_id: None: hash_code: c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0: eps: 0: notes: [1]: uid: None +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# test 14: ZAP Scan (algo=hash_code, dynamic=True) +# no findings +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# engagement 4: April monthly engagement (dedupe_inside: True) +# test 4: ZAP Scan (algo=hash_code, dynamic=True) +# no findings +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# engagement 5: April monthly engagement (dedupe_inside: True) +# test 55: Checkmarx Scan detailed (algo=unique_id_from_tool, dynamic=False) +# findings: +# 124 : "Low Impact Test Find": Low : act: True : ver: True : mit: False: dup: False: dup_id: None: hash_code: 9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa: eps: 0: notes: []: uid: 12345 +# 125 : "Low Impact Test Find": Low : act: True : ver: True : mit: False: dup: True : dup_id: None: hash_code: 9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa: eps: 0: notes: []: uid: 12345 +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# test 66: Checkmarx Scan detailed (algo=unique_id_from_tool, dynamic=False) +# no findings +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# test 77: Veracode Scan (algo=unique_id_from_tool_or_hash_code, dynamic=False) +# findings: +# 224 : "UID Impact Test Find": Low : act: True : ver: True : mit: False: dup: False: dup_id: None: hash_code: 6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1: eps: 0: notes: []: uid: 6789 +# 225 : "UID Impact Test Find": Low : act: True : ver: True : mit: False: dup: True : dup_id: 224 : hash_code: 6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1: eps: 0: notes: []: uid: 6789 +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# test 88: Veracode Scan (algo=unique_id_from_tool_or_hash_code, dynamic=False) +# no findings +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# engagement 6: April monthly engagement (dedupe_inside: True) +# engagement 3: weekly engagement (dedupe_inside: True) +# test 33: Xanitizer Scan Findings Import (algo=legacy, dynamic=False) +# findings: +# 22 : "Low Impact Test Find": Low : act: True : ver: True : mit: False: dup: False: dup_id: None: hash_code: 9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa: eps: 0: notes: []: uid: None +# 23 : "Low Impact Test Find": Low : act: True : ver: True : mit: False: dup: True : dup_id: 22 : hash_code: 9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa: eps: 0: notes: []: uid: None +# 24 : "Low Impact Test Find": Low : act: True : ver: True : mit: False: dup: True : dup_id: 22 : hash_code: 9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa: eps: 0: notes: []: uid: None +# endpoints +# 2: ftp://localhost/ +# 1: http://127.0.0.1/endpoint/420/edit/ +# 3: ssh:127.0.1 +# endpoint statuses +# 1: dojo.Endpoint.None dojo.Finding.None 1 2020-07-01 00:00:00+00:00 2020-07-01 17:45:39.791907+00:00 False None None False False False ftp://localhost/ High Impact Test Finding +# +# product 3: Security Podcast + + +class TestFalsePositiveHistoryLogic(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def run(self, result=None): + testuser = User.objects.get(username='admin') + testuser.usercontactinfo.block_execution = True + testuser.save() + + # Unit tests are running without any user, which will result in actions like dedupe happening in the celery process + # this doesn't work in unittests as unittests are using an in memory sqlite database and celery can't see the data + # so we're running the test under the admin user context and set block_execution to True + with impersonate(testuser): + super().run(result) + + def setUp(self): + logger.debug('disabling dedupe') + self.disable_dedupe() + logger.debug('enabling false positive history') + self.enable_false_positive_history() + self.enable_retroactive_false_positive_history() + self.log_summary() + + def tearDown(self): + self.log_summary() + + # ----------------------------------------------- # + # Tests with hash_code as deduplication algorithm # + # ----------------------------------------------- # + + # Same Test # + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_test(self): + # Copy finding 2 and store it in the same test (to test retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it in the same test + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=2, test_id=3, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 2 and store it in the same test (to test disabled retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it in the same test + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=2, test_id=3, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it in the same test + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.save() + # Assert that finding belongs to the same test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=2, test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + # Finding 7 in Product 2, Engagement 1, Test 3 (has a different hash code) + def test_fp_history_different_hash_code_same_test(self): + # Copy finding 7 and store it in the same test (to test retroactive replication) + find_created_before_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 7 and store it in the same test + find_created_after_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=7, test_id=3, not_hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=7, test_id=3, not_hash_code=find_2.hash_code) + + # Same Engagement Different Test # + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_engagement_different_test(self): + # Copy finding 2 and store it at Product 2, Engagement 1, Test 14 (to test retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.test = Test.objects.get(id=14) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 1, Test 14 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=14) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=2, engagement_id=1, not_test_id=3, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, engagement_id=1, not_test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_engagement_different_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 2 and store it at Product 2, Engagement 1, Test 14 (to test disabled retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.test = Test.objects.get(id=14) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 1, Test 14 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=14) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=2, engagement_id=1, not_test_id=3, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, engagement_id=1, not_test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_engagement_different_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 1, Test 14 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=14) + find_created_after_mark.save() + # Assert that finding belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=7, engagement_id=1, not_test_id=3, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + # Finding 7 in Product 2, Engagement 1, Test 3 (has a different hash code) + def test_fp_history_different_hash_code_same_engagement_different_test(self): + # Copy finding 7 and store it at Product 2, Engagement 1, Test 14 (to test retroactive replication) + find_created_before_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_before_mark.test = Test.objects.get(id=14) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 7 and store it at Product 2, Engagement 1, Test 14 + find_created_after_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_after_mark.test = Test.objects.get(id=14) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=7, engagement_id=1, not_test_id=3, not_hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=7, engagement_id=1, not_test_id=3, not_hash_code=find_2.hash_code) + + # Same Product Different Engagement # + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_product_different_engagement(self): + # Copy finding 2 and store it at Product 2, Engagement 4, Test 4 (to test retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.test = Test.objects.get(id=4) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 4, Test 4 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=4) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=2, product_id=2, not_engagement_id=1, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, product_id=2, not_engagement_id=1, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_product_different_engagement_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 2 and store it at Product 2, Engagement 4, Test 4 (to test disabled retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.test = Test.objects.get(id=4) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 4, Test 4 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=4) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=2, product_id=2, not_engagement_id=1, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=2, product_id=2, not_engagement_id=1, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_same_product_different_engagement_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 2, Engagement 4, Test 4 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=4) + find_created_after_mark.save() + # Assert that finding belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=2, product_id=2, not_engagement_id=1, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + # Finding 7 in Product 2, Engagement 1, Test 3 (has a different hash code) + def test_fp_history_different_hash_code_same_product_different_engagement(self): + # Copy finding 7 and store it at Product 2, Engagement 4, Test 4 (to test retroactive replication) + find_created_before_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_before_mark.test = Test.objects.get(id=4) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 7 and store it at Product 2, Engagement 4, Test 4 + find_created_after_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_after_mark.test = Test.objects.get(id=4) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=7, product_id=2, not_engagement_id=1, not_hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=7, product_id=2, not_engagement_id=1, not_hash_code=find_2.hash_code) + + # Different Product # + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_different_product(self): + # Copy finding 2 and store it at Product 1, Engagement 2, Test 13 (to test retroactive replication) + find_created_before_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_before_mark.test = Test.objects.get(id=13) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 1, Engagement 2, Test 13 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=13) + find_created_after_mark.save() + # Assert that both findings belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=2, not_product_id=2, hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=2, not_product_id=2, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + def test_fp_history_equal_hash_code_different_product_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 2 and store it at Product 1, Engagement 2, Test 13 + find_created_after_mark, find_2 = self.copy_and_reset_finding(id=2) + find_created_after_mark.test = Test.objects.get(id=13) + find_created_after_mark.save() + # Assert that finding belongs to a different product and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=2, not_product_id=2, hash_code=find_2.hash_code) + + # Finding 2 in Product 2, Engagement 1, Test 3 + # Finding 7 in Product 2, Engagement 1, Test 3 (has a different hash code) + def test_fp_history_different_hash_code_different_product(self): + # Copy finding 7 and store it at Product 1, Engagement 2, Test 13 (to test retroactive replication) + find_created_before_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_before_mark.test = Test.objects.get(id=13) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 2 as fp + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.save() + # Copy finding 7 and store it at Product 1, Engagement 2, Test 13 + find_created_after_mark, find_7 = self.copy_and_reset_finding(id=7) + find_created_after_mark.test = Test.objects.get(id=13) + find_created_after_mark.save() + # Assert that both findings belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=7, not_product_id=2, not_hash_code=find_2.hash_code) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=7, not_product_id=2, not_hash_code=find_2.hash_code) + + # --------------------------------------------------------- # + # Tests with unique_id_from_tool as deduplication algorithm # + # --------------------------------------------------------- # + + # Same Test # + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_test(self): + # Copy finding 124 and store it in the same test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it in the same test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=124, test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 124 and store it in the same test (to test disabled retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it in the same test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it in the same test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.save() + # Assert that finding belongs to the same test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_different_unique_id_same_test(self): + # Copy finding 124, change unique_id and store it in the same test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124, change unique_id and store it in the same test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, test_id=55, not_unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, test_id=55, not_unique_id_from_tool=find_124.unique_id_from_tool) + + # Same Engagement Different Test # + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_engagement_different_test(self): + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.test = Test.objects.get(id=66) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = Test.objects.get(id=66) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=124, engagement_id=5, not_test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, engagement_id=5, not_test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_engagement_different_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 (to test disabled retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.test = Test.objects.get(id=66) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = Test.objects.get(id=66) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, engagement_id=5, not_test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, engagement_id=5, not_test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_engagement_different_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = Test.objects.get(id=66) + find_created_after_mark.save() + # Assert that finding belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, engagement_id=5, not_test_id=55, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_different_unique_id_same_engagement_different_test(self): + # Copy finding 124, change unique_id and store it at Product 2, Engagement 5, Test 66 (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.test = Test.objects.get(id=66) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124 = Finding.objects.get(id=124) + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, Engagement 5, Test 66 + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.unique_id_from_tool = 'somefakeid123' + find_created_after_mark.test = Test.objects.get(id=66) + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, engagement_id=5, not_test_id=55, not_unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, engagement_id=5, not_test_id=55, not_unique_id_from_tool=find_124.unique_id_from_tool) + + # Same Product Different Engagement # + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_product_different_engagement(self): + # Create new test and new engagament in the same product + find_124 = Finding.objects.get(id=124) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_124) + # Copy finding 124 and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=124, product_id=2, not_engagement_id=5, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, product_id=2, not_engagement_id=5, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_product_different_engagement_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Create new test and new engagament in the same product + find_124 = Finding.objects.get(id=124) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_124) + # Copy finding 124 and store it at Product 2, New Engagement, New Test (to test disabled retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, product_id=2, not_engagement_id=5, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=124, product_id=2, not_engagement_id=5, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_same_product_different_engagement_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Create new test and new engagament in the same product + find_124 = Finding.objects.get(id=124) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_124) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that finding belongs to the same product but in a different engagement and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, product_id=2, not_engagement_id=5, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_different_unique_id_same_product_different_engagement(self): + # Create new test and new engagament in the same product + find_124 = Finding.objects.get(id=124) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_124) + # Copy finding 124, change unique_id and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124, change unique_id and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, product_id=2, not_engagement_id=5, not_unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, product_id=2, not_engagement_id=5, not_unique_id_from_tool=find_124.unique_id_from_tool) + + # Different Product # + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_different_product(self): + # Create new test, new engagament and new product + find_124 = Finding.objects.get(id=124) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_124) + # Copy finding 124 and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, not_product_id=2, unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, not_product_id=2, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_equal_unique_id_different_product_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Create new test, new engagament and new product + find_124 = Finding.objects.get(id=124) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_124) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that finding belongs to the same product but in a different engagement and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, not_product_id=2, unique_id_from_tool=find_124.unique_id_from_tool) + + # Finding 124 in Product 2, Engagement 5, Test 55 + def test_fp_history_different_unique_id_different_product(self): + # Create new test, new engagament and new product + find_124 = Finding.objects.get(id=124) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_124) + # Copy finding 124 and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_before_mark.unique_id_from_tool = 'somefakeid123' + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 124 as fp + find_124.false_p = True + find_124.save() + # Copy finding 124 and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_124 = self.copy_and_reset_finding(id=124) + find_created_after_mark.unique_id_from_tool = 'somefakeid123' + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=124, not_product_id=2, not_unique_id_from_tool=find_124.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=124, not_product_id=2, not_unique_id_from_tool=find_124.unique_id_from_tool) + + # ---------------------------------------------------------------------- # + # Tests with unique_id_from_tool_or_hash_code as deduplication algorithm # + # ---------------------------------------------------------------------- # + + # Same Test # + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_test(self): + # Copy finding 224, change hash_code, and store it in the same test (to test retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it in the same test (to test retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it in the same test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it in the same test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same test and are marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=True, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same test and are marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=True, not_pk=224, test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 224, change hash_code, and store it in the same test (to test disabled retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it in the same test (to test disabled retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it in the same test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it in the same test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same test and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same test and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False, not_pk=224, test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it in the same test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it in the same test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.save() + # Assert that finding has a different hash_code, an equal unique_id, + # belongs to the same test and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=False, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that finding has an equal hash_code, a different unique_id, + # belongs to the same test and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=False, not_pk=224, test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_different_unique_id_or_hash_code_same_test(self): + # Copy finding 224, change hash_code, change unique_id and store it in the same test (to test retroactive replication) + find_created_before_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark = self.change_finding_hash_code(find_created_before_mark) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, change unique_id and store it in the same test + find_created_after_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark = self.change_finding_hash_code(find_created_after_mark) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.save() + # Assert that both findings has a different hash_code, a different unique_id, + # belongs to the same test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=224, test_id=77, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Same Engagement Different Test # + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_engagement_different_test(self): + # Copy finding 224, change hash_code, and store it at Product 2, Engagement 5, Test 88 (to test retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.test = Test.objects.get(id=88) + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it at Product 2, Engagement 5, Test 88 (to test retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.test = Test.objects.get(id=88) + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = Test.objects.get(id=88) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = Test.objects.get(id=88) + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_engagement_different_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 224, change hash_code, and store it at Product 2, Engagement 5, Test 88 (to test disabled retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.test = Test.objects.get(id=88) + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it at Product 2, Engagement 5, Test 88 (to test disabled retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.test = Test.objects.get(id=88) + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = Test.objects.get(id=88) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = Test.objects.get(id=88) + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, engagement_id=5, not_test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_engagement_different_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = Test.objects.get(id=88) + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = Test.objects.get(id=88) + find_created_after_mark_diff_unique_id.save() + # Assert that finding has a different hash_code, an equal unique_id, + # belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that finding has an equal hash_code, a different unique_id, + # belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_different_unique_id_or_hash_code_same_engagement_different_test(self): + # Copy finding 224, change hash_code, change unique_id and store it at Product 2, Engagement 5, Test 88 (to test retroactive replication) + find_created_before_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark = self.change_finding_hash_code(find_created_before_mark) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.test = Test.objects.get(id=88) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, change unique_id and store it at Product 2, Engagement 5, Test 88 + find_created_after_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark = self.change_finding_hash_code(find_created_after_mark) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.test = Test.objects.get(id=88) + find_created_after_mark.save() + # Assert that both findings has a different hash_code, a different unique_id, + # belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=224, engagement_id=5, not_test_id=77, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Same Product Different Engagement # + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_product_different_engagement(self): + # Create new test and new engagament in the same product + find_224 = Finding.objects.get(id=224) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_224) + # Copy finding 224, change hash_code, and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.test = test_new + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.test = test_new + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = test_new + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = test_new + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same product but in a different engagement and are marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same product but in a different engagement and are marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_product_different_engagement_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Create new test and new engagament in the same product + find_224 = Finding.objects.get(id=224) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_224) + # Copy finding 224, change hash_code, and store it at Product 2, New Engagement, New Test (to test disabled retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.test = test_new + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it at Product 2, New Engagement, New Test (to test disabled retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.test = test_new + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = test_new + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = test_new + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to the same product but in a different engagement and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to the same product but in a different engagement and only one of them is marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=True, not_pk=224, product_id=2, not_engagement_id=5, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_same_product_different_engagement_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Create new test and new engagament in the same product + find_224 = Finding.objects.get(id=224) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_224) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = test_new + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at Product 2, New Engagement, New Test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = test_new + find_created_after_mark_diff_unique_id.save() + # Assert that finding has a different hash_code, an equal unique_id, + # belongs to the same product but in a different engagement and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that finding has an equal hash_code, a different unique_id, + # belongs to the same product but in a different engagement and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_different_unique_id_or_hash_code_same_product_different_engagement(self): + # Create new test and new engagament in the same product + find_224 = Finding.objects.get(id=224) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_224) + # Copy finding 224, change hash_code, change unique_id and store it at Product 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark = self.change_finding_hash_code(find_created_before_mark) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, change unique_id and store it at Product 2, New Engagement, New Test + find_created_after_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark = self.change_finding_hash_code(find_created_after_mark) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings has a different hash_code, a different unique_id, + # belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=224, product_id=2, not_engagement_id=5, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Different Product # + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_different_product(self): + # Create new test, new engagament and new product + find_224 = Finding.objects.get(id=224) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_224) + # Copy finding 224, change hash_code, and store it at New Product, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_hash_code = self.change_finding_hash_code(find_created_before_mark_diff_hash_code) + find_created_before_mark_diff_hash_code.test = test_new + find_created_before_mark_diff_hash_code.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False) + # Copy finding 224, change unique_id, and store it at New Product, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark_diff_unique_id = self.change_finding_unique_id(find_created_before_mark_diff_unique_id) + find_created_before_mark_diff_unique_id.test = test_new + find_created_before_mark_diff_unique_id.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at New Product, New Engagement, New Test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = test_new + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at New Product, New Engagement, New Test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = test_new + find_created_after_mark_diff_unique_id.save() + # Assert that both findings has a different hash_code, an equal unique_id, + # belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_hash_code, false_p=False, not_pk=224, not_product_id=2, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=False, not_pk=224, not_product_id=2, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that both findings has an equal hash_code, a different unique_id, + # belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_unique_id, false_p=False, not_pk=224, not_product_id=2, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=False, not_pk=224, not_product_id=2, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_equal_unique_id_or_hash_code_different_product_dedupe_enabled(self): + # Create new test, new engagament and new product + find_224 = Finding.objects.get(id=224) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_224) + # Enable deduplication + self.enable_dedupe() + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, and store it at New Product, New Engagement, New Test + find_created_after_mark_diff_hash_code, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_hash_code = self.change_finding_hash_code(find_created_after_mark_diff_hash_code) + find_created_after_mark_diff_hash_code.test = test_new + find_created_after_mark_diff_hash_code.save() + # Copy finding 224, change unique_id, and store it at New Product, New Engagement, New Test + find_created_after_mark_diff_unique_id, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark_diff_unique_id = self.change_finding_unique_id(find_created_after_mark_diff_unique_id) + find_created_after_mark_diff_unique_id.test = test_new + find_created_after_mark_diff_unique_id.save() + # Assert that finding has a different hash_code, an equal unique_id, + # belongs to a different product and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_hash_code, false_p=False, not_pk=224, not_product_id=2, not_hash_code=find_224.hash_code, unique_id_from_tool=find_224.unique_id_from_tool) + # Assert that finding has an equal hash_code, a different unique_id, + # belongs to a different product and is NOT marked as fp + self.assert_finding(find_created_after_mark_diff_unique_id, false_p=False, not_pk=224, not_product_id=2, hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # Finding 224 in Product 2, Engagement 5, Test 77 + def test_fp_history_different_unique_id_or_hash_code_different_product(self): + # Create new test, new engagament and new product + find_224 = Finding.objects.get(id=224) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_224) + # Copy finding 224, change hash_code, change unique_id and store it at New Product, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_before_mark = self.change_finding_hash_code(find_created_before_mark) + find_created_before_mark = self.change_finding_unique_id(find_created_before_mark) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 224 as fp + find_224 = Finding.objects.get(id=224) + find_224.false_p = True + find_224.save() + # Copy finding 224, change hash_code, change unique_id and store it at New Product, New Engagement, New Test + find_created_after_mark, find_224 = self.copy_and_reset_finding(id=224) + find_created_after_mark = self.change_finding_hash_code(find_created_after_mark) + find_created_after_mark = self.change_finding_unique_id(find_created_after_mark) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings has a different hash_code, a different unique_id, + # belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=224, not_product_id=2, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=224, not_product_id=2, not_hash_code=find_224.hash_code, not_unique_id_from_tool=find_224.unique_id_from_tool) + + # -------------------------------------------- # + # Tests with legacy as deduplication algorithm # + # -------------------------------------------- # + + # Same Test # + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_test(self): + # Copy finding 22 and store it in the same test (to test retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it in the same test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=22, test_id=33, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Copy finding 22 and store it in the same test (to test disabled retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it in the same test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.save() + # Assert that both findings belongs to the same test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=22, test_id=33, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_test_dedupe_enabled(self): + # Enable deduplication + self.enable_dedupe() + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it in the same test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.save() + # Assert that finding belongs to the same test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=22, test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_different_legacy_same_test(self): + # Copy finding 22, change title and store it in the same test (to test retroactive replication) + find_created_before_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_title = self.change_finding_title(find_created_before_mark_diff_title) + find_created_before_mark_diff_title.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_title, false_p=False) + # Copy finding 22, change severity and store it in the same test (to test retroactive replication) + find_created_before_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_severity = self.change_finding_severity(find_created_before_mark_diff_severity) + find_created_before_mark_diff_severity.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_severity, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22, change title and store it in the same test + find_created_after_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_title = self.change_finding_title(find_created_after_mark_diff_title) + find_created_after_mark_diff_title.save() + # Copy finding 22, change severity and store it in the same test + find_created_after_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_severity = self.change_finding_severity(find_created_after_mark_diff_severity) + find_created_after_mark_diff_severity.save() + # Assert that both findings has a different title , an equal severity, + # belongs to the same test and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_title, false_p=False, not_pk=22, test_id=33, not_title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_title, false_p=False, not_pk=22, test_id=33, not_title=find_22.title, severity=find_22.severity) + # Assert that both findings has an equal title , a different severity, + # belongs to the same test and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_severity, false_p=False, not_pk=22, test_id=33, title=find_22.title, not_severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_severity, false_p=False, not_pk=22, test_id=33, title=find_22.title, not_severity=find_22.severity) + + # Same Engagement Different Test # + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_engagement_different_test(self): + # Create new test + find_22 = Finding.objects.get(id=22) + test_new = self.create_new_test_from_finding(find_22) + # Copy finding 22 and store it at Produt 2, Engagement 3, New Test (to test retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, Engagement 3, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_engagement_different_test_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Create new test + find_22 = Finding.objects.get(id=22) + test_new = self.create_new_test_from_finding(find_22) + # Copy finding 22 and store it at Produt 2, Engagement 3, New Test (to test disabled retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, Engagement 3, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same engagement but in a different test and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_engagement_different_test_dedupe_enabled(self): + # Create new test + find_22 = Finding.objects.get(id=22) + test_new = self.create_new_test_from_finding(find_22) + # Enable deduplication + self.enable_dedupe() + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, Engagement 3, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that finding belongs to the same engagement but in a different test and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_different_legacy_same_engagement_different_test(self): + # Create new test + find_22 = Finding.objects.get(id=22) + test_new = self.create_new_test_from_finding(find_22) + # Copy finding 22, change title and store it at Produt 2, Engagement 3, New Test (to test retroactive replication) + find_created_before_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_title = self.change_finding_title(find_created_before_mark_diff_title) + find_created_before_mark_diff_title.test = test_new + find_created_before_mark_diff_title.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_title, false_p=False) + # Copy finding 22, change severity and store it at Produt 2, Engagement 3, New Test (to test retroactive replication) + find_created_before_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_severity = self.change_finding_severity(find_created_before_mark_diff_severity) + find_created_before_mark_diff_severity.test = test_new + find_created_before_mark_diff_severity.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_severity, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22, change severity and store it at Produt 2, Engagement 3, New Test + find_created_after_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_title = self.change_finding_title(find_created_after_mark_diff_title) + find_created_after_mark_diff_title.test = test_new + find_created_after_mark_diff_title.save() + # Copy finding 22, change severity and store it at Produt 2, Engagement 3, New Test + find_created_after_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_severity = self.change_finding_severity(find_created_after_mark_diff_severity) + find_created_after_mark_diff_severity.test = test_new + find_created_after_mark_diff_severity.save() + # Assert that both findings has a different title , an equal severity, + # belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_title, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, not_title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_title, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, not_title=find_22.title, severity=find_22.severity) + # Assert that both findings has an equal title , a different severity, + # belongs to the same engagement but in a different test and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_severity, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, not_severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_severity, false_p=False, not_pk=22, engagement_id=3, not_test_id=33, title=find_22.title, not_severity=find_22.severity) + + # Same Product Different Engagement # + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_product_different_engagement(self): + # Create new test and new engagement + find_22 = Finding.objects.get(id=22) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_22) + # Copy finding 22 and store it at Produt 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, New Engagement, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and are marked as fp + self.assert_finding(find_created_before_mark, false_p=True, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_product_different_engagement_non_retroactive(self): + # Disable retroactive FP history + self.disable_retroactive_false_positive_history() + # Create new test and new engagement + find_22 = Finding.objects.get(id=22) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_22) + # Copy finding 22 and store it at Produt 2, New Engagement, New Test (to test disabled retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, New Engagement, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to the same product but in a different engagement and only one of them is marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=True, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_same_product_different_engagement_dedupe_enabled(self): + # Create new test and new engagement + find_22 = Finding.objects.get(id=22) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_22) + # Enable deduplication + self.enable_dedupe() + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at Produt 2, New Engagement, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that finding belongs to the same product but in a different engagement and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_different_legacy_same_product_different_engagement(self): + # Create new test and new engagement + find_22 = Finding.objects.get(id=22) + test_new, eng_new = self.create_new_test_and_engagment_from_finding(find_22) + # Copy finding 22, change title and store it at Produt 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_title = self.change_finding_title(find_created_before_mark_diff_title) + find_created_before_mark_diff_title.test = test_new + find_created_before_mark_diff_title.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_title, false_p=False) + # Copy finding 22, change severity and store it at Produt 2, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_severity = self.change_finding_severity(find_created_before_mark_diff_severity) + find_created_before_mark_diff_severity.test = test_new + find_created_before_mark_diff_severity.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_severity, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22, change severity and store it at Produt 2, New Engagement, New Test + find_created_after_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_title = self.change_finding_title(find_created_after_mark_diff_title) + find_created_after_mark_diff_title.test = test_new + find_created_after_mark_diff_title.save() + # Copy finding 22, change severity and store it at Produt 2, New Engagement, New Test + find_created_after_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_severity = self.change_finding_severity(find_created_after_mark_diff_severity) + find_created_after_mark_diff_severity.test = test_new + find_created_after_mark_diff_severity.save() + # Assert that both findings has a different title , an equal severity, + # belongs to the same product but in a engagement test and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_title, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, not_title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_title, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, not_title=find_22.title, severity=find_22.severity) + # Assert that both findings has an equal title , a different severity, + # belongs to the same product but in a different engagement and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_severity, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, not_severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_severity, false_p=False, not_pk=22, product_id=2, not_engagement_id=3, title=find_22.title, not_severity=find_22.severity) + + # Different Product # + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_different_product(self): + # Create new test, new engagement and new product + find_22 = Finding.objects.get(id=22) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_22) + # Copy finding 22 and store it at New Produt, New Engagement, New Test (to test retroactive replication) + find_created_before_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark.test = test_new + find_created_before_mark.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at New Produt, New Engagement, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that both findings belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_equal_legacy_different_product_dedupe_enabled(self): + # Create new test, new engagement and new product + find_22 = Finding.objects.get(id=22) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_22) + # Enable deduplication + self.enable_dedupe() + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22 and store it at New Produt, New Engagement, New Test + find_created_after_mark, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark.test = test_new + find_created_after_mark.save() + # Assert that finding belongs to a different product and is NOT marked as fp + self.assert_finding(find_created_after_mark, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, severity=find_22.severity) + + # Finding 22 in Product 2, Engagement 3, Test 33 + def test_fp_history_different_legacy_different_product(self): + # Create new test, new engagement and new product + find_22 = Finding.objects.get(id=22) + test_new, eng_new, product_new = self.create_new_test_and_engagment_and_product_from_finding(find_22) + # Copy finding 22, change title and store it at New Produt, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_title = self.change_finding_title(find_created_before_mark_diff_title) + find_created_before_mark_diff_title.test = test_new + find_created_before_mark_diff_title.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_title, false_p=False) + # Copy finding 22, change severity and store it at New Produt, New Engagement, New Test (to test retroactive replication) + find_created_before_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_before_mark_diff_severity = self.change_finding_severity(find_created_before_mark_diff_severity) + find_created_before_mark_diff_severity.test = test_new + find_created_before_mark_diff_severity.save() + # Makes sure that the copy is not a false positive + self.assert_finding(find_created_before_mark_diff_severity, false_p=False) + # Mark finding 22 as fp + find_22 = Finding.objects.get(id=22) + find_22.false_p = True + find_22.save() + # Copy finding 22, change severity and store it at New Produt, New Engagement, New Test + find_created_after_mark_diff_title, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_title = self.change_finding_title(find_created_after_mark_diff_title) + find_created_after_mark_diff_title.test = test_new + find_created_after_mark_diff_title.save() + # Copy finding 22, change severity and store it at New Produt, New Engagement, New Test + find_created_after_mark_diff_severity, find_22 = self.copy_and_reset_finding(id=22) + find_created_after_mark_diff_severity = self.change_finding_severity(find_created_after_mark_diff_severity) + find_created_after_mark_diff_severity.test = test_new + find_created_after_mark_diff_severity.save() + # Assert that both findings has a different title , an equal severity, + # belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_title, false_p=False, not_pk=22, not_product_id=2, not_title=find_22.title, severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_title, false_p=False, not_pk=22, not_product_id=2, not_title=find_22.title, severity=find_22.severity) + # Assert that both findings has an equal title , a different severity, + # belongs to a different product and are NOT marked as fp + self.assert_finding(find_created_before_mark_diff_severity, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, not_severity=find_22.severity) + self.assert_finding(find_created_after_mark_diff_severity, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, not_severity=find_22.severity) + + # --------------- # + # Utility Methods # + # --------------- # + + def log_product(self, product): + if isinstance(product, int): + product = Product.objects.get(pk=product) + + logger.debug('product %i: %s', product.id, product.name) + for eng in product.engagement_set.all(): + self.log_engagement(eng) + for test in eng.test_set.all(): + self.log_test(test) + + def log_engagement(self, eng): + if isinstance(eng, int): + eng = Engagement.objects.get(pk=eng) + + logger.debug('\t' + 'engagement %i: %s (dedupe_inside: %s)', eng.id, eng.name, eng.deduplication_on_engagement) + + def log_test(self, test): + if isinstance(test, int): + test = Test.objects.get(pk=test) + + logger.debug('\t\t' + 'test %i: %s (algo=%s, dynamic=%s)', test.id, test, test.deduplication_algorithm, test.test_type.dynamic_tool) + self.log_findings(test.finding_set.all()) + + def log_all_products(self): + for product in Product.objects.all(): + self.log_summary(product=product) + + def log_findings(self, findings): + if not findings: + logger.debug('\t\t' + 'no findings') + else: + logger.debug('\t\t' + 'findings:') + for finding in findings: + logger.debug('\t\t\t{:4.4}'.format(str(finding.id)) + ': "' + '{:20.20}'.format(finding.title) + '": ' + '{:5.5}'.format(finding.severity) + ': act: ' + '{:5.5}'.format(str(finding.active)) + + ': ver: ' + '{:5.5}'.format(str(finding.verified)) + ': mit: ' + '{:5.5}'.format(str(finding.is_mitigated)) + + ': dup: ' + '{:5.5}'.format(str(finding.duplicate)) + ': dup_id: ' + + ('{:4.4}'.format(str(finding.duplicate_finding.id)) if finding.duplicate_finding else 'None') + ': hash_code: ' + str(finding.hash_code) + + ': eps: ' + str(finding.endpoints.count()) + ": notes: " + str([n.id for n in finding.notes.all()]) + + ': uid: ' + '{:5.5}'.format(str(finding.unique_id_from_tool)) + (' fp' if finding.false_p else '') + ) + + logger.debug('\t\tendpoints') + for ep in Endpoint.objects.all(): + logger.debug('\t\t\t' + str(ep.id) + ': ' + str(ep)) + + logger.debug('\t\t' + 'endpoint statuses') + for eps in Endpoint_Status.objects.all(): + logger.debug('\t\t\t' + str(eps.id) + ': ' + str(eps)) + + def log_summary(self, product=None, engagement=None, test=None): + if product: + self.log_product(product) + + if engagement: + self.log_engagement(engagement) + + if test: + self.log_test(test) + + if not product and not engagement and not test: + self.log_all_products() + + def copy_and_reset_finding(self, id): + org = Finding.objects.get(id=id) + new = org + new.pk = None + new.duplicate = False + new.duplicate_finding = None + new.false_p = False + new.active = True + new.hash_code = None + # return unsaved new finding and reloaded existing finding + return new, Finding.objects.get(id=id) + + def copy_and_reset_test(self, id): + org = Test.objects.get(id=id) + new = org + new.pk = None + # return unsaved new test and reloaded existing test + return new, Test.objects.get(id=id) + + def copy_and_reset_engagement(self, id): + org = Engagement.objects.get(id=id) + new = org + new.pk = None + # return unsaved new engagement and reloaded existing engagement + return new, Engagement.objects.get(id=id) + + def copy_and_reset_product(self, id): + org = Product.objects.get(id=id) + new = org + new.pk = None + new.name = '%s (Copy %s)' % (org.name, datetime.now()) + # return unsaved new product and reloaded existing product + return new, Product.objects.get(id=id) + + def change_finding_hash_code(self, finding): + return self.change_finding_title(finding) + + def change_finding_unique_id(self, finding): + finding.unique_id_from_tool = datetime.now() + return finding + + def change_finding_title(self, finding): + finding.title = '%s (Copy %s)' % (finding.title, datetime.now()) + return finding + + def change_finding_severity(self, finding): + # Get list of severities without the current finding severity + severities = [sev for sev in ['Info', 'Low', 'Medium', 'High', 'Critical'] if sev != finding.severity] + # Return the finding with the highest severity from list + finding.severity = severities[-1] + return finding + + def assert_finding(self, finding, false_p, duplicate=None, not_pk=None, + hash_code=None, not_hash_code=None, unique_id_from_tool=None, + not_unique_id_from_tool=None, title=None, not_title=None, severity=None, + not_severity=None, test_id=None, not_test_id=None, engagement_id=None, + not_engagement_id=None, product_id=None, not_product_id=None): + # Ensure we're always asserting against the latest state + finding = Finding.objects.get(id=finding.id) + + self.assertEqual(finding.false_p, false_p) + + if duplicate: + self.assertEqual(finding.duplicate, duplicate) + + if not_pk: + self.assertNotEqual(finding.pk, not_pk) + + if hash_code: + self.assertEqual(finding.hash_code, hash_code) + + if not_hash_code: + self.assertNotEqual(finding.hash_code, not_hash_code) + + if unique_id_from_tool: + self.assertEqual(finding.unique_id_from_tool, unique_id_from_tool) + + if not_unique_id_from_tool: + self.assertNotEqual(finding.unique_id_from_tool, not_unique_id_from_tool) + + if title: + self.assertEqual(finding.title, title) + + if not_title: + self.assertNotEqual(finding.title, not_title) + + if severity: + self.assertEqual(finding.severity, severity) + + if not_severity: + self.assertNotEqual(finding.severity, not_severity) + + if test_id: + self.assertEqual(finding.test.id, test_id) + + if not_test_id: + self.assertNotEqual(finding.test.id, not_test_id) + + if engagement_id: + self.assertEqual(finding.test.engagement.id, engagement_id) + + if not_engagement_id: + self.assertNotEqual(finding.test.engagement.id, not_engagement_id) + + if product_id: + self.assertEqual(finding.test.engagement.product.id, product_id) + + if not_product_id: + self.assertNotEqual(finding.test.engagement.product.id, not_product_id) + + def set_dedupe_inside_engagement(self, deduplication_on_engagement): + for eng in Engagement.objects.all(): + logger.debug('setting deduplication_on_engagment to %s for %i', str(deduplication_on_engagement), eng.id) + eng.deduplication_on_engagement = deduplication_on_engagement + eng.save() + + def create_new_test_from_finding(self, finding): + test_new, test = self.copy_and_reset_test(id=finding.test.id) + test_new.save() + return test_new + + def create_new_test_and_engagment_from_finding(self, finding): + eng_new, eng = self.copy_and_reset_engagement(id=finding.test.engagement.id) + eng_new.save() + test_new, test = self.copy_and_reset_test(id=finding.test.id) + test_new.engagement = eng_new + test_new.save() + return test_new, eng_new + + def create_new_test_and_engagment_and_product_from_finding(self, finding): + product_new, product = self.copy_and_reset_product(id=finding.test.engagement.product.id) + product_new.save() + eng_new, eng = self.copy_and_reset_engagement(id=finding.test.engagement.id) + eng_new.product = product_new + eng_new.save() + test_new, test = self.copy_and_reset_test(id=finding.test.id) + test_new.engagement = eng_new + test_new.save() + return test_new, eng_new, product_new + + def enable_false_positive_history(self): + system_settings = System_Settings.objects.get() + system_settings.false_positive_history = True + system_settings.save() + + def enable_retroactive_false_positive_history(self): + system_settings = System_Settings.objects.get() + system_settings.retroactive_false_positive_history = True + system_settings.save() + + def disable_retroactive_false_positive_history(self): + system_settings = System_Settings.objects.get() + system_settings.retroactive_false_positive_history = False + system_settings.save() + + def enable_dedupe(self): + system_settings = System_Settings.objects.get() + system_settings.enable_deduplication = True + system_settings.save() + + def disable_dedupe(self): + system_settings = System_Settings.objects.get() + system_settings.enable_deduplication = False + system_settings.save() diff --git a/unittests/test_finding_helper.py b/unittests/test_finding_helper.py index dc6544be79e..00f7198234b 100644 --- a/unittests/test_finding_helper.py +++ b/unittests/test_finding_helper.py @@ -1,11 +1,14 @@ from .dojo_test_case import DojoTestCase -from dojo.models import Finding, Test +from dojo.models import Finding, Test, Vulnerability_Id, Finding_Template, Vulnerability_Id_Template from django.contrib.auth.models import User from unittest import mock +from unittest.mock import patch from crum import impersonate import datetime from django.utils import timezone import logging +from dojo.finding.helper import save_vulnerability_ids, save_vulnerability_ids_template + logger = logging.getLogger(__name__) @@ -34,7 +37,7 @@ def test_new_finding(self, mock_tz): self.assertEqual( self.get_status_fields(finding), - (True, True, False, False, False, None, None, frozen_datetime) + (True, False, False, False, False, None, None, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -64,7 +67,7 @@ def test_mark_fresh_as_mitigated(self, mock_dt): finding.save() self.assertEqual( self.get_status_fields(finding), - (False, True, False, False, True, frozen_datetime, self.user_1, frozen_datetime) + (False, False, False, False, True, frozen_datetime, self.user_1, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -82,7 +85,7 @@ def test_mark_old_active_as_mitigated(self, mock_can_edit, mock_tz): self.assertEqual( self.get_status_fields(finding), - (False, True, False, False, True, frozen_datetime, self.user_1, frozen_datetime) + (False, False, False, False, True, frozen_datetime, self.user_1, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -104,7 +107,7 @@ def test_mark_old_active_as_mitigated_custom_edit(self, mock_can_edit, mock_tz): self.assertEqual( self.get_status_fields(finding), - (False, True, False, False, True, custom_mitigated, self.user_2, frozen_datetime) + (False, False, False, False, True, custom_mitigated, self.user_2, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -126,7 +129,7 @@ def test_update_old_mitigated_with_custom_edit(self, mock_can_edit, mock_tz): self.assertEqual( self.get_status_fields(finding), - (False, True, False, False, True, custom_mitigated, self.user_2, frozen_datetime) + (False, False, False, False, True, custom_mitigated, self.user_2, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -149,7 +152,7 @@ def test_update_old_mitigated_with_missing_data(self, mock_can_edit, mock_tz): self.assertEqual( self.get_status_fields(finding), - (False, True, False, False, True, frozen_datetime, self.user_1, frozen_datetime) + (False, False, False, False, True, frozen_datetime, self.user_1, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -168,7 +171,7 @@ def test_set_old_mitigated_as_active(self, mock_can_edit, mock_tz): self.assertEqual( self.get_status_fields(finding), - (True, True, False, False, False, None, None, frozen_datetime) + (True, False, False, False, False, None, None, frozen_datetime) ) @mock.patch('dojo.finding.helper.timezone.now') @@ -188,3 +191,54 @@ def test_set_active_as_false_p(self, mock_can_edit, mock_tz): # TODO marking as false positive resets verified to False, possible bug / undesired behaviour? (False, False, True, False, True, frozen_datetime, self.user_1, frozen_datetime) ) + + @mock.patch('dojo.finding.helper.timezone.now') + @mock.patch('dojo.finding.helper.can_edit_mitigated_data', return_value=False) + def test_set_active_as_out_of_scope(self, mock_can_edit, mock_tz): + mock_tz.return_value = frozen_datetime + + with impersonate(self.user_1): + test = Test.objects.last() + finding = Finding(test=test) + finding.save() + finding.out_of_scope = True + finding.save() + + self.assertEqual( + self.get_status_fields(finding), + # TODO marking as false positive resets verified to False, possible bug / undesired behaviour? + (False, False, False, True, True, frozen_datetime, self.user_1, frozen_datetime) + ) + + +class TestSaveVulnerabilityIds(DojoTestCase): + + @patch('dojo.finding.helper.Vulnerability_Id.objects.filter') + @patch('django.db.models.query.QuerySet.delete') + @patch('dojo.finding.helper.Vulnerability_Id.save') + def test_save_vulnerability_ids(self, save_mock, delete_mock, filter_mock): + finding = Finding() + new_vulnerability_ids = ['REF-1', 'REF-2', 'REF-2'] + filter_mock.return_value = Vulnerability_Id.objects.none() + + save_vulnerability_ids(finding, new_vulnerability_ids) + + filter_mock.assert_called_with(finding=finding) + delete_mock.assert_called_once() + self.assertEqual(save_mock.call_count, 2) + self.assertEqual('REF-1', finding.cve) + + @patch('dojo.finding.helper.Vulnerability_Id_Template.objects.filter') + @patch('django.db.models.query.QuerySet.delete') + @patch('dojo.finding.helper.Vulnerability_Id_Template.save') + def test_save_vulnerability_id_templates(self, save_mock, delete_mock, filter_mock): + finding_template = Finding_Template() + new_vulnerability_ids = ['REF-1', 'REF-2', 'REF-2'] + filter_mock.return_value = Vulnerability_Id_Template.objects.none() + + save_vulnerability_ids_template(finding_template, new_vulnerability_ids) + + filter_mock.assert_called_with(finding_template=finding_template) + delete_mock.assert_called_once() + self.assertEqual(save_mock.call_count, 2) + self.assertEqual('REF-1', finding_template.cve) diff --git a/unittests/test_finding_model.py b/unittests/test_finding_model.py index d6efb450668..e6053dcd916 100644 --- a/unittests/test_finding_model.py +++ b/unittests/test_finding_model.py @@ -1,5 +1,7 @@ from .dojo_test_case import DojoTestCase -from dojo.models import Finding, Test, Engagement +from dojo.models import User, Finding, Test, Engagement, DojoMeta +from datetime import datetime, timedelta +from crum import impersonate class TestFindingModel(DojoTestCase): @@ -50,6 +52,165 @@ def test_get_file_path_with_link_and_source_code_management_uri(self): engagement.source_code_management_uri = 'URL' self.assertEqual('FilePath', finding.get_file_path_with_link()) + def test_get_file_path_with_link_and_source_code_management_uri_github_no_scm_type_with_details_and_line(self): + # checks that for github.com in uri dojo makes correct url to browse on github + + test = Test() + engagement = Engagement() + test.engagement = engagement + engagement.commit_hash = "some-commit-hash" + engagement.branch_tag = "some-branch" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + engagement.source_code_management_uri = 'https://github.com/some-test-account/some-test-repo' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_github_with_scm_type_with_details_and_line(self): + # checks that for github in custom field dojo makes correct url to browse on github + + # create scm-type custom field with value "github" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="github") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.commit_hash = "some-commit-hash" + engagement.branch_tag = "some-branch" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://github.com/some-test-account/some-test-repo' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_public_project_with_no_details_and_line(self): + # checks that for public bitbucket (bitbucket.org) in custom field + # dojo makes correct url to browse on public bitbucket (for project uri) + + # create scm-type custom field with value "bitbucket" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="bitbucket") + product_metadata.save() + + # create finding with scm uri line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/some-test-user/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_public_project_with_commithash_and_line(self): + # checks that for public bitbucket (bitbucket.org) in custom field and existing commit hash in finding + # dojo makes correct url to browse on public bitbucket (for project uri) + + # create scm-type custom field with value "bitbucket" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="bitbucket") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.commit_hash = "some-commit-hash" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/some-test-user/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_standalone_project_with_commithash_and_line(self): + # checks that for standalone bitbucket in custom field and existing commit hash in finding + # dojo makes correct url to browse on standalone/onpremise bitbucket (for project uri) + + # create scm-type custom field with value "bitbucket-standalone" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="bitbucket-standalone") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.commit_hash = "some-commit-hash" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/scm/some-test-project/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_standalone_project_with_branchtag_and_line(self): + # checks that for standalone bitbucket in custom field and existing branch/tag in finding + # dojo makes correct url to browse on standalone/onpremise bitbucket (for project uri) + + # create scm-type custom field with value "bitbucket-standalone" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="bitbucket-standalone") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.branch_tag = "some-branch" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/scm/some-test-project/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_standalone_user_with_branchtag_and_line(self): + # checks that for standalone bitbucket in custom field and existing branch/tag in finding + # dojo makes correct url to browse on standalone/onpremise bitbucket (for user uri) + + # create scm-type custom field with value "bitbucket-standalone" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="bitbucket-standalone") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.branch_tag = "some-branch" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/scm/~some-user/some-test-repo.git' + + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + def test_get_file_path_with_xss_attack(self): test = Test() engagement = Engagement() @@ -103,3 +264,147 @@ def test_get_references_with_links_markdown(self): finding = Finding() finding.references = 'URL: [https://www.example.com](https://www.example.com)' self.assertEqual('URL: [https://www.example.com](https://www.example.com)', finding.get_references_with_links()) + + +class TestFindingSLAExpiration(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + def run(self, result=None): + testuser = User.objects.get(username='admin') + testuser.usercontactinfo.block_execution = True + testuser.save() + + # unit tests are running without any user, which will result in actions like dedupe happening in the celery process + # this doesn't work in unittests as unittests are using an in memory sqlite database and celery can't see the data + # so we're running the test under the admin user context and set block_execution to True + with impersonate(testuser): + super().run(result) + + def test_sla_expiration_date(self): + """ + tests if the SLA expiration date and SLA days remaining are calculated correctly + after a finding's severity is updated + """ + user, _ = User.objects.get_or_create(username='admin') + product_type = self.create_product_type('test_product_type') + sla_config = self.create_sla_configuration(name='test_sla_config') + product = self.create_product(name='test_product', prod_type=product_type) + product.sla_configuration = sla_config + product.save() + engagement = self.create_engagement('test_eng', product) + test = self.create_test(engagement=engagement, scan_type='ZAP Scan', title='test_test') + finding = Finding.objects.create( + test=test, + reporter=user, + title='test_finding', + severity='Critical', + date=datetime.now().date()) + finding.set_sla_expiration_date() + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + def test_sla_expiration_date_after_finding_severity_updated(self): + """ + tests if the SLA expiration date and SLA days remaining are calculated correctly + after a finding's severity is updated + """ + user, _ = User.objects.get_or_create(username='admin') + product_type = self.create_product_type('test_product_type') + sla_config = self.create_sla_configuration(name='test_sla_config') + product = self.create_product(name='test_product', prod_type=product_type) + product.sla_configuration = sla_config + product.save() + engagement = self.create_engagement('test_eng', product) + test = self.create_test(engagement=engagement, scan_type='ZAP Scan', title='test_test') + finding = Finding.objects.create( + test=test, + reporter=user, + title='test_finding', + severity='Critical', + date=datetime.now().date()) + finding.set_sla_expiration_date() + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + finding.severity = 'Medium' + finding.set_sla_expiration_date() + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + def test_sla_expiration_date_after_product_updated(self): + """ + tests if the SLA expiration date and SLA days remaining are calculated correctly + after a product changed from one SLA configuration to another + """ + user, _ = User.objects.get_or_create(username='admin') + product_type = self.create_product_type('test_product_type') + sla_config_1 = self.create_sla_configuration(name='test_sla_config_1') + sla_config_2 = self.create_sla_configuration( + name='test_sla_config_2', + critical=1, + high=2, + medium=3, + low=4) + product = self.create_product(name='test_product', prod_type=product_type) + product.sla_configuration = sla_config_1 + product.save() + engagement = self.create_engagement('test_eng', product) + test = self.create_test(engagement=engagement, scan_type='ZAP Scan', title='test_test') + finding = Finding.objects.create( + test=test, + reporter=user, + title='test_finding', + severity='Critical', + date=datetime.now().date()) + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + product.sla_configuration = sla_config_2 + product.save() + + finding.set_sla_expiration_date() + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + def test_sla_expiration_date_after_sla_configuration_updated(self): + """ + tests if the SLA expiration date and SLA days remaining are calculated correctly + after the SLA configuration on a product was updated to a different number of SLA days + """ + user, _ = User.objects.get_or_create(username='admin') + product_type = self.create_product_type('test_product_type') + sla_config = self.create_sla_configuration(name='test_sla_config') + product = self.create_product(name='test_product', prod_type=product_type) + product.sla_configuration = sla_config + product.save() + engagement = self.create_engagement('test_eng', product) + test = self.create_test(engagement=engagement, scan_type='ZAP Scan', title='test_test') + finding = Finding.objects.create( + test=test, + reporter=user, + title='test_finding', + severity='Critical', + date=datetime.now().date()) + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) + + sla_config.critical = 10 + sla_config.save() + + finding.set_sla_expiration_date() + + expected_sla_days = getattr(product.sla_configuration, finding.severity.lower(), None) + self.assertEqual(finding.sla_expiration_date, datetime.now().date() + timedelta(days=expected_sla_days)) + self.assertEqual(finding.sla_days_remaining(), expected_sla_days) diff --git a/unittests/test_flush_auditlog.py b/unittests/test_flush_auditlog.py new file mode 100644 index 00000000000..ffaeb538baa --- /dev/null +++ b/unittests/test_flush_auditlog.py @@ -0,0 +1,45 @@ +from dojo.tasks import flush_auditlog +from .dojo_test_case import DojoTestCase +from django.test import override_settings +from auditlog.models import LogEntry +from datetime import date, datetime +from dojo.models import Finding +from dateutil.relativedelta import relativedelta +import logging +logger = logging.getLogger(__name__) + + +class TestFlushAuditlog(DojoTestCase): + fixtures = ['dojo_testdata.json'] + + @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=-1) + def test_flush_auditlog_disabled(self): + entries_before = LogEntry.objects.all().count() + flush_auditlog() + entries_after = LogEntry.objects.all().count() + self.assertEqual(entries_before, entries_after) + + @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=0) + def test_delete_all_entries(self): + entries_before = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + flush_auditlog() + entries_after = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + # we have three old log entries in our testdata + self.assertEqual(entries_before - 3, entries_after) + + @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=1) + def test_delete_entries_with_retention_period(self): + entries_before = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + two_weeks_ago = datetime.today() - relativedelta(weeks=2) + log_entry = LogEntry.objects.log_create( + instance=Finding.objects.all()[0], + timestamp=two_weeks_ago, + changes="foo", + action=LogEntry.Action.UPDATE, + ) + log_entry.timestamp = two_weeks_ago + log_entry.save() + flush_auditlog() + entries_after = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + # we have three old log entries in our testdata and added a new one + self.assertEqual(entries_before - 3 + 1, entries_after) diff --git a/unittests/test_google_sheets_configuration.py b/unittests/test_google_sheets_configuration.py deleted file mode 100644 index ef86c274355..00000000000 --- a/unittests/test_google_sheets_configuration.py +++ /dev/null @@ -1,67 +0,0 @@ -import os -from .dojo_test_case import DojoVCRTestCase -from .dojo_test_case import DojoTestCase -import logging -from vcr import VCR -from django.urls import reverse - - -logger = logging.getLogger(__name__) - - -class GoogleSheetsConfigTestApi(DojoVCRTestCase): - fixtures = ['dojo_testdata.json'] - - def __init__(self, *args, **kwargs): - DojoTestCase.__init__(self, *args, **kwargs) - - def assert_cassette_played(self): - if True: # set to True when committing. set to False when recording new test cassettes - self.assertTrue(self.cassette.all_played) - - def _get_vcr(self, **kwargs): - my_vcr = super(GoogleSheetsConfigTestApi, self)._get_vcr(**kwargs) - my_vcr.record_mode = 'once' - my_vcr.path_transformer = VCR.ensure_suffix('.yaml') - my_vcr.cassette_library_dir = os.path.dirname(os.path.abspath(__file__)) + '/vcr/google_sheets/' - return my_vcr - - def setUp(self): - super().setUp() - self.client.force_login(self.get_test_admin()) - - def test_config_google_sheets(self): - # To regenerate the cassette, use an actual credentials json file - with open('tests/test-dojo-sheets-NONEXISTING.json', 'rb') as f: - data = {} - # fail on purpose to get all the fields dynamically - response = self.client.post(reverse('configure_google_sheets'), data, follow=True) - form = response.context['form'] - self.assertEqual(form.is_valid(), False) - - for field in form: - # do not consider the "protect" checkbox, leave them as is - if 'Protect' in field.html_name: - continue - # Select Hide (0) by default - data.update({field.html_name: 0}) - - data.update({ - # To regenerate the cassette, use non-revoked credentials - # The json file is a real json file, but the account is disabled and the key deleted - # The VCR does not recognize the stream otherwise, and will not match causing tests to fail :sob: :shrug: - # due to the bearer token having to remain in the vcr yaml - 'email_address': 'test-dojo-sheets@test-dojo-sheets.iam.gserviceaccount.com', - # needs to match ID in the cassette - 'drive_folder_ID': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', - 'enable_service': 'on', - 'cred_file': f - }) - # force use of specific submit button - data.update({ - 'update': 'Submit' - }) - - response = self.client.post(reverse('configure_google_sheets'), data, follow=True) - self.assertContains(response, "successfully") - self.assert_cassette_played() diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index dd984a5d9a3..92bcb0097d3 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -1,5 +1,6 @@ +import datetime from django.urls import reverse -from dojo.models import User, Test, Finding +from dojo.models import Test_Type, User, Test, Finding from rest_framework.authtoken.models import Token from rest_framework.test import APIClient from django.test.client import Client @@ -58,13 +59,13 @@ def __init__(self, *args, **kwargs): self.zap_sample2_filename = self.scans_path + 'zap/2_zap_sample_0_and_new_endpoint.xml' self.zap_sample3_filename = self.scans_path + 'zap/3_zap_sampl_0_and_different_severities.xml' - self.anchore_file_name = self.scans_path + 'anchore/one_vuln_many_files.json' + self.anchore_file_name = self.scans_path + 'anchore_engine/one_vuln_many_files.json' self.scan_type_anchore = 'Anchore Engine Scan' self.acunetix_file_name = self.scans_path + 'acunetix/one_finding.xml' self.scan_type_acunetix = 'Acunetix Scan' - self.gitlab_dep_scan_components_filename = self.scans_path + 'gitlab_dep_scan/gl-dependency-scanning-report-many-vuln.json' + self.gitlab_dep_scan_components_filename = f'{self.scans_path}gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v15.json' self.scan_type_gtlab_dep_scan = 'GitLab Dependency Scanning Report' self.sonarqube_file_name1 = self.scans_path + 'sonarqube/sonar-6-findings.html' @@ -75,10 +76,11 @@ def __init__(self, *args, **kwargs): self.veracode_same_hash_code_different_unique_id = self.scans_path + 'veracode/many_findings_same_hash_code_different_unique_id.xml' self.veracode_same_unique_id_different_hash_code = self.scans_path + 'veracode/many_findings_same_unique_id_different_hash_code.xml' self.veracode_different_hash_code_different_unique_id = self.scans_path + 'veracode/many_findings_different_hash_code_different_unique_id.xml' + self.veracode_mitigated_findings = self.scans_path + 'veracode/mitigated_finding.xml' self.scan_type_veracode = 'Veracode Scan' - self.clair_few_findings = self.scans_path + 'clair/few_vuln.json' - self.clair_empty = self.scans_path + 'clair/empty.json' + self.clair_few_findings = self.scans_path + 'clair/clair_few_vuln.json' + self.clair_empty = self.scans_path + 'clair/clair_empty.json' self.scan_type_clair = 'Clair Scan' self.generic_filename_with_file = self.scans_path + "generic/test_with_image.json" @@ -87,6 +89,14 @@ def __init__(self, *args, **kwargs): self.aws_prowler_file_name_plus_one = self.scans_path + 'aws_prowler/many_vuln_plus_one.json' self.scan_type_aws_prowler = 'AWS Prowler Scan' + self.nuclei_empty = self.scans_path + 'nuclei/empty.jsonl' + + self.gitlab_dast_file_name = f'{self.scans_path}gitlab_dast/gitlab_dast_one_vul_v15.json' + self.scan_type_gitlab_dast = 'GitLab DAST Report' + + self.anchore_grype_file_name = self.scans_path + 'anchore_grype/check_all_fields.json' + self.anchore_grype_scan_type = 'Anchore Grype' + # import zap scan, testing: # - import # - active/verifed = True @@ -127,8 +137,6 @@ def test_zap_scan_base_active_verified(self): # no notes expected self.assertEqual(notes_count_before, self.db_notes_count()) - return test_id - # import zap scan, testing: # - import # - active/verifed = False @@ -169,8 +177,6 @@ def test_zap_scan_base_not_active_not_verified(self): # no notes expected self.assertEqual(notes_count_before, self.db_notes_count()) - return test_id - # Test Scan_Date logic for Import. Reimport without a test_id cannot work for UI, so those tests are only in the API class below. # import zap scan without dates @@ -189,8 +195,6 @@ def test_import_default_scan_date_parser_not_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, str(timezone.localtime(timezone.now()).date())) - return test_id - # import acunetix scan with dates # - import # - no scan scan_date does not overrides date set by parser @@ -207,8 +211,6 @@ def test_import_default_scan_date_parser_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2018-09-24') - return test_id - # import zap scan without dates # - import # - set scan_date overrides date not set by parser @@ -225,8 +227,6 @@ def test_import_set_scan_date_parser_not_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2006-12-26') - return test_id - # import acunetix scan with dates # - import # - set scan_date overrides date set by parser @@ -243,8 +243,6 @@ def test_import_set_scan_date_parser_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2006-12-26') - return test_id - # Test Scan_Date for reimport in UI. UI can only rupload for existing tests, non UI tests are in API class below def test_import_reimport_no_scan_date_parser_no_date(self): @@ -335,8 +333,6 @@ def test_sonar_detailed_scan_base_active_verified(self): # no notes expected self.assertEqual(notes_count_before, self.db_notes_count()) - return test_id - # Test re-import with unique_id_from_tool_or_hash_code algorithm # import veracode scan, testing: # - import @@ -358,7 +354,42 @@ def test_veracode_scan_base_active_verified(self): # no notes expected self.assertEqual(notes_count_before, self.db_notes_count()) - return test_id + # import veracode and then reimport veracode again + # - reimport, findings stay the same, stay active + # - active = True, verified = True + # - existing findings with verified is true should stay verified + def test_import_veracode_reimport_veracode_active_verified_mitigated(self): + logger.debug('reimporting exact same original veracode mitigated xml report again') + + import_veracode_many_findings = self.import_scan_with_params(self.veracode_mitigated_findings, scan_type=self.scan_type_veracode, + verified=True, forceActive=True, forceVerified=True) + + test_id = import_veracode_many_findings['test'] + + notes_count_before = self.db_notes_count() + + # reimport exact same report + with assertTestImportModelsCreated(self, reimports=1, affected_findings=1, created=0, closed=1, reactivated=0, untouched=0): + reimport_veracode_mitigated_findings = self.reimport_scan_with_params(test_id, self.veracode_mitigated_findings, scan_type=self.scan_type_veracode) + + test_id = reimport_veracode_mitigated_findings['test'] + self.assertEqual(test_id, test_id) + + findings = self.get_test_findings_api(test_id) + self.log_finding_summary_json_api(findings) + + # reimported count must match count in veracode report + findings = self.get_test_findings_api(test_id, verified=True) + self.assert_finding_count_json(1, findings) + + # inversely, we should see no findings with verified=False + findings = self.get_test_findings_api(test_id, verified=False) + self.assert_finding_count_json(0, findings) + + # reimporting the exact same scan shouldn't create any notes, but there will be a new mitigated note + self.assertEqual(notes_count_before, self.db_notes_count() - 1) + mitigated_findings = self.get_test_findings_api(test_id, is_mitigated=True) + self.assert_finding_count_json(1, mitigated_findings) # import 0 and then reimport 0 again # - reimport, findings stay the same, stay active @@ -427,11 +458,11 @@ def test_import_0_reimport_0_active_not_verified(self): # reimported count must match count in xml report # we set verified=False in this reimport, but currently DD does not update this flag, so it's still True from previous import findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(4, findings) # reimporting the exact same scan shouldn't modify the number of endpoints self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -468,11 +499,11 @@ def test_import_sonar1_reimport_sonar1_active_not_verified(self): # reimported count must match count in sonar report # we set verified=False in this reimport but DD keeps true as per the previous import (reimport doesn't "unverify" findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(6, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(6, findings) # reimporting the exact same scan shouldn't create any notes self.assertEqual(notes_count_before, self.db_notes_count()) @@ -503,11 +534,11 @@ def test_import_veracode_reimport_veracode_active_not_verified(self): # reimported count must match count in sonar report # we set verified=False in this reimport but DD keeps true as per the previous import (reimport doesn't "unverify" findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(4, findings) # reimporting the exact same scan shouldn't create any notes self.assertEqual(notes_count_before, self.db_notes_count()) @@ -539,7 +570,7 @@ def test_import_sonar1_reimport_sonar2(self): # (reimport doesn't unverify findings that ware previously verified) # (the mitigated finding stays verified) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(6, findings) + self.assert_finding_count_json(0, findings) # one mitigated (the one previously imported which has changed unique_id_from_tool) findings = self.get_test_findings_api(test_id, is_mitigated=True) @@ -547,7 +578,7 @@ def test_import_sonar1_reimport_sonar2(self): # one verified False (the new one, as reimport was done with verified false) findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(1, findings) + self.assert_finding_count_json(7, findings) # one added note for mitigated finding self.assertEqual(notes_count_before + 1, self.db_notes_count()) @@ -577,11 +608,11 @@ def test_import_veracode_reimport_veracode_same_hash_code_different_unique_id(se # we set verified=False in this reimport but DD keeps true as per the previous import (reimport doesn't "unverify" findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(4, findings) # reimporting the exact same scan shouldn't create any notes self.assertEqual(notes_count_before, self.db_notes_count()) @@ -611,11 +642,11 @@ def test_import_veracode_reimport_veracode_same_unique_id_different_hash_code(se # we set verified=False in this reimport but DD keeps true as per the previous import (reimport doesn't "unverify" findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(4, findings) # reimporting the exact same scan shouldn't create any notes self.assertEqual(notes_count_before, self.db_notes_count()) @@ -646,11 +677,11 @@ def test_import_veracode_reimport_veracode_different_hash_code_different_unique_ # we set verified=False in this reimport but DD keeps true as per the previous import (reimport doesn't "unverify" findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) # The new finding has verified=false findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(1, findings) + self.assert_finding_count_json(5, findings) # 1 added note for the migitated finding self.assertEqual(notes_count_before + 1, self.db_notes_count()) @@ -683,7 +714,7 @@ def test_import_0_reimport_1_active_not_verified(self): test_id = reimport1['test'] self.assertEqual(test_id, test_id) - test = self.get_test_api(test_id) + self.get_test_api(test_id) findings = self.get_test_findings_api(test_id) self.log_finding_summary_json_api(findings) @@ -693,10 +724,10 @@ def test_import_0_reimport_1_active_not_verified(self): # verified findings must be equal to those in report 0 findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4, findings) + self.assert_finding_count_json(0, findings) findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(1, findings) + self.assert_finding_count_json(5, findings) # the updated scan report has # - 1 new finding @@ -723,7 +754,7 @@ def test_import_0_reimport_1_active_verified_reimport_0_active_verified(self): findings = self.get_test_findings_api(test_id) self.log_finding_summary_json_api(findings) - finding_count_before = self.db_finding_count() + self.db_finding_count() endpoint_count_before = self.db_endpoint_count() endpoint_status_count_before_active = self.db_endpoint_status_count(mitigated=False) endpoint_status_count_before_mitigated = self.db_endpoint_status_count(mitigated=True) @@ -739,12 +770,12 @@ def test_import_0_reimport_1_active_verified_reimport_0_active_verified(self): endpoint_status_count_before_mitigated = self.db_endpoint_status_count(mitigated=True) with assertTestImportModelsCreated(self, reimports=1, affected_findings=2, closed=1, reactivated=1, untouched=3): - reimport0 = self.reimport_scan_with_params(test_id, self.zap_sample0_filename) + self.reimport_scan_with_params(test_id, self.zap_sample0_filename) test_id = reimport1['test'] self.assertEqual(test_id, test_id) - test = self.get_test_api(test_id) + self.get_test_api(test_id) findings = self.get_test_findings_api(test_id) self.log_finding_summary_json_api(findings) @@ -767,10 +798,10 @@ def test_import_0_reimport_1_active_verified_reimport_0_active_verified(self): # verified findings must be equal to those in report 0 findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4 + 1, findings) + self.assert_finding_count_json(0, findings) findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(5, findings) self.assertEqual(endpoint_count_before, self.db_endpoint_count()) @@ -897,7 +928,7 @@ def test_import_0_reimport_3_active_verified(self): test_id = reimport1['test'] self.assertEqual(test_id, test_id) - test = self.get_test_api(test_id) + self.get_test_api(test_id) findings = self.get_test_findings_api(test_id) self.log_finding_summary_json_api(findings) self.assert_finding_count_json(4 + 2, findings) @@ -919,10 +950,11 @@ def test_import_0_reimport_3_active_verified(self): # verified findings must be equal to those in report 0 findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(4 + 2, findings) + self.assert_finding_count_json(0 + 0, findings) + # unverified findings must be equal to those in report 0 findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(4 + 2, findings) # the updated scan report has # - 2 new findings, 2 new endpoints, 2 + 2 new endpoint statuses active, 3 + 3 endpoint statues mitigated due to zap1+2 closed @@ -952,10 +984,10 @@ def test_import_reimport_without_closing_old_findings(self): self.assertEqual(test_id, test_id) findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(5, findings) findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(5, findings) + self.assert_finding_count_json(0, findings) mitigated = 0 not_mitigated = 0 @@ -966,7 +998,7 @@ def test_import_reimport_without_closing_old_findings(self): else: not_mitigated += 1 self.assertEqual(mitigated, 0) - self.assertEqual(not_mitigated, 5) + self.assertEqual(not_mitigated, 0) # some parsers generate 1 finding for each vulnerable file for each vulnerability # i.e @@ -991,7 +1023,7 @@ def test_import_0_reimport_0_anchore_file_path(self): # reimport exact same report with assertTestImportModelsCreated(self, reimports=1, affected_findings=0, untouched=4): - reimport0 = self.reimport_scan_with_params(test_id, self.anchore_file_name, scan_type=self.scan_type_anchore) + self.reimport_scan_with_params(test_id, self.anchore_file_name, scan_type=self.scan_type_anchore) active_findings_after = self.get_test_findings_api(test_id, active=True) self.log_finding_summary_json_api(active_findings_after) @@ -1120,7 +1152,7 @@ def test_import_6_reimport_6_gitlab_dep_scan_component_name_and_version(self): self.assert_finding_count_json(6, active_findings_before) with assertTestImportModelsCreated(self, reimports=1, affected_findings=0, created=0, untouched=6): - reimport0 = self.reimport_scan_with_params(test_id, + self.reimport_scan_with_params(test_id, self.gitlab_dep_scan_components_filename, scan_type=self.scan_type_gtlab_dep_scan, minimum_severity='Info') @@ -1132,27 +1164,27 @@ def test_import_6_reimport_6_gitlab_dep_scan_component_name_and_version(self): for finding in active_findings_after['results']: if 'v0.0.0-20190219172222-a4c6cb3142f2' == finding['component_version']: self.assertEqual("CVE-2020-29652: Nil Pointer Dereference", finding['title']) - self.assertEqual("CVE-2020-29652", finding['cve']) + self.assertEqual("CVE-2020-29652", finding['vulnerability_ids'][0]['vulnerability_id']) self.assertEqual("golang.org/x/crypto", finding['component_name']) count = count + 1 elif 'v0.0.0-20190308221718-c2843e01d9a2' == finding['component_version']: self.assertEqual("CVE-2020-29652: Nil Pointer Dereference", finding['title']) - self.assertEqual("CVE-2020-29652", finding['cve']) + self.assertEqual("CVE-2020-29652", finding['vulnerability_ids'][0]['vulnerability_id']) self.assertEqual("golang.org/x/crypto", finding['component_name']) count = count + 1 elif 'v0.0.0-20200302210943-78000ba7a073' == finding['component_version']: self.assertEqual("CVE-2020-29652: Nil Pointer Dereference", finding['title']) - self.assertEqual("CVE-2020-29652", finding['cve']) + self.assertEqual("CVE-2020-29652", finding['vulnerability_ids'][0]['vulnerability_id']) self.assertEqual("golang.org/x/crypto", finding['component_name']) count = count + 1 elif 'v0.3.0' == finding['component_version']: self.assertEqual("CVE-2020-14040: Loop With Unreachable Exit Condition (Infinite Loop)", finding['title']) - self.assertEqual("CVE-2020-14040", finding['cve']) + self.assertEqual("CVE-2020-14040", finding['vulnerability_ids'][0]['vulnerability_id']) self.assertEqual("golang.org/x/text", finding['component_name']) count = count + 1 elif 'v0.3.2' == finding['component_version']: self.assertEqual("CVE-2020-14040: Loop With Unreachable Exit Condition (Infinite Loop)", finding['title']) - self.assertEqual("CVE-2020-14040", finding['cve']) + self.assertEqual("CVE-2020-14040", finding['vulnerability_ids'][0]['vulnerability_id']) self.assertEqual("golang.org/x/text", finding['component_name']) count = count + 1 @@ -1311,11 +1343,105 @@ def test_import_reimport_generic(self): # reimported count must match count in xml report # we set verified=False in this reimport, but currently DD does not update this flag, so it's still True from previous import findings = self.get_test_findings_api(test_id, verified=True) - self.assert_finding_count_json(1, findings) + self.assert_finding_count_json(0, findings) # inversely, we should see no findings with verified=False findings = self.get_test_findings_api(test_id, verified=False) - self.assert_finding_count_json(0, findings) + self.assert_finding_count_json(1, findings) + + def test_import_nuclei_emptyc(self): + """This test do a basic import of Nuclei report with no vulnerability + + This test is useful because Nuclei use jsonl for his format so it can generate empty files. + It tests the condition limit of loading an empty file. + """ + + import0 = self.import_scan_with_params(self.nuclei_empty, scan_type="Nuclei Scan") + + test_id = import0['test'] + + reimport0 = self.reimport_scan_with_params(test_id, self.nuclei_empty, scan_type="Nuclei Scan") + + test_id2 = reimport0['test'] + self.assertEqual(test_id, test_id2) + + def test_import_reimport_endpoint_where_eps_date_is_different(self): + endpoint_count_before = self.db_endpoint_count() + endpoint_status_count_before_active = self.db_endpoint_status_count(mitigated=False) + endpoint_status_count_before_mitigated = self.db_endpoint_status_count(mitigated=True) + + with assertTestImportModelsCreated(self, imports=1, affected_findings=1, created=1): + import0 = self.import_scan_with_params(self.gitlab_dast_file_name, + self.scan_type_gitlab_dast, + active=True, + verified=True) + + test_id = import0['test'] + + findings = self.get_test_findings_api(test_id) + self.log_finding_summary_json_api(findings) + self.assert_finding_count_json(1, findings) + + test = self.get_test_api(test_id)['id'] + finding = Finding.objects.filter(test__engagement_id=1, test=test).first() + self.assertEqual(finding.status_finding.count(), 1) + + original_date = finding.status_finding.first().date + + self.assertEqual(endpoint_count_before + 1, self.db_endpoint_count()) + self.assertEqual(endpoint_status_count_before_active + 1, self.db_endpoint_status_count(mitigated=False)) + self.assertEqual(endpoint_status_count_before_mitigated, self.db_endpoint_status_count(mitigated=True)) + + reimport0 = self.reimport_scan_with_params(test_id, + self.gitlab_dast_file_name, + scan_type=self.scan_type_gitlab_dast) + test_id = reimport0['test'] + + findings = self.get_test_findings_api(test_id) + self.log_finding_summary_json_api(findings) + self.assert_finding_count_json(1, findings) + + finding = Finding.objects.filter(test__engagement_id=1, test=test).first() + self.assertEqual(finding.status_finding.count(), 1) + + reimported_date = finding.status_finding.first().date + self.assertEqual(original_date, reimported_date) + + self.assertEqual(endpoint_count_before + 1, self.db_endpoint_count()) + self.assertEqual(endpoint_status_count_before_active + 1, self.db_endpoint_status_count(mitigated=False)) + self.assertEqual(endpoint_status_count_before_mitigated, self.db_endpoint_status_count(mitigated=True)) + + # test handling of vulnerability ids with import + def test_import_reimport_vulnerability_ids(self): + + import0 = self.import_scan_with_params(self.anchore_grype_file_name, scan_type=self.anchore_grype_scan_type) + + test_id = import0['test'] + test = Test.objects.get(id=test_id) + findings = Finding.objects.filter(test=test) + self.assertEqual(4, len(findings)) + self.assertEqual('GHSA-v6rh-hp5x-86rv', findings[3].cve) + self.assertEqual(2, len(findings[3].vulnerability_ids)) + self.assertEqual('GHSA-v6rh-hp5x-86rv', findings[3].vulnerability_ids[0]) + self.assertEqual('CVE-2021-44420', findings[3].vulnerability_ids[1]) + + test_type = Test_Type.objects.get(name=self.anchore_grype_scan_type) + reimport_test = Test( + engagement=test.engagement, + test_type=test_type, + scan_type=self.anchore_grype_scan_type, + target_start=datetime.datetime.now(), + target_end=datetime.datetime.now(), + ) + reimport_test.save() + + self.reimport_scan_with_params(reimport_test.id, self.anchore_grype_file_name, scan_type=self.anchore_grype_scan_type) + findings = Finding.objects.filter(test=reimport_test) + self.assertEqual(4, len(findings)) + self.assertEqual('GHSA-v6rh-hp5x-86rv', findings[3].cve) + self.assertEqual(2, len(findings[3].vulnerability_ids)) + self.assertEqual('GHSA-v6rh-hp5x-86rv', findings[3].vulnerability_ids[0]) + self.assertEqual('CVE-2021-44420', findings[3].vulnerability_ids[1]) class ImportReimportTestAPI(DojoAPITestCase, ImportReimportMixin): @@ -1346,124 +1472,114 @@ def test_import_0_reimport_1_active_verified_reimport_0_active_verified_statisti import0 = self.import_scan_with_params(self.zap_sample0_filename) - self.assertEqual(import0['statistics'], - {'after': {'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4}}}) + self.assertEqual(import0['statistics'], { + 'after': { + 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4} + } + }) test_id = import0['test'] reimport1 = self.reimport_scan_with_params(test_id, self.zap_sample1_filename) - self.assertEqual(reimport1['statistics'], - { + self.assertEqual(reimport1['statistics'], { + 'after': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 4, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 4, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 5, 'verified': 0}}, 'before': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4} - }, + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 3, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 4, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 4, 'verified': 0}}, 'delta': { - 'created': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1} - }, 'closed': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 0, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 1}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 0, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 1} - }, - 'reactivated': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0} - }, + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}}, + 'created': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}}, 'left untouched': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, 'low': {'active': 2, 'verified': 2, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 2}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3} - } - }, - 'after': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 2, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 2, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 3, 'verified': 0}}, + 'reactivated': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}} } }) with assertTestImportModelsCreated(self, reimports=1, affected_findings=2, closed=1, reactivated=1, untouched=3): reimport0 = self.reimport_scan_with_params(test_id, self.zap_sample0_filename) - self.assertEqual(reimport0['statistics'], - { + self.assertEqual(reimport0['statistics'], { + 'after': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 4, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 4, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 5, 'verified': 0}}, 'before': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} - }, + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 4, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 4, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 5, 'verified': 0}}, 'delta': { - 'created': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0} - }, 'closed': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 0, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 1}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 0, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 1} - }, - 'reactivated': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'medium': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1} - }, + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 1, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}}, + 'created': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}}, 'left untouched': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 2, 'verified': 2, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 2}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3} - } - }, - 'after': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 2, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 2, 'verified': 0}, + 'medium': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'total': {'active': 3, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 3, 'verified': 0}}, + 'reactivated': { + 'critical': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'high': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'info': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'low': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}, + 'medium': {'active': 0, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 0, 'verified': 0}, + 'total': {'active': 1, 'duplicate': 0, 'false_p': 0, 'is_mitigated': 0, 'out_of_scope': 0, 'risk_accepted': 0, 'total': 1, 'verified': 0}} } }) @@ -1474,60 +1590,59 @@ def test_import_0_reimport_1_active_verified_reimport_0_active_verified_statisti import0 = self.import_scan_with_params(self.zap_sample0_filename) - self.assertEqual(import0['statistics'], - {'after': {'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4}}}) + self.assertEqual(import0['statistics'], { + 'after': { + 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4} + } + }) test_id = import0['test'] reimport1 = self.reimport_scan_with_params(test_id, self.zap_sample1_filename) - print(reimport1) - self.assertEqual(reimport1['statistics'], - { + self.assertEqual(reimport1['statistics'], { 'before': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 3, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4} + 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 3}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 4} }, 'after': { 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} } }) with assertTestImportModelsCreated(self, reimports=0, affected_findings=0, closed=0, reactivated=0, untouched=0): reimport0 = self.reimport_scan_with_params(test_id, self.zap_sample0_filename) - print(reimport0) - self.assertEqual(reimport0['statistics'], - { + self.assertEqual(reimport0['statistics'], { 'before': { - 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, - 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} + 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} }, 'after': { 'info': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'low': {'active': 3, 'verified': 4, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, - 'medium': {'active': 1, 'verified': 1, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, + 'low': {'active': 3, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 4}, + 'medium': {'active': 1, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 1}, 'high': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, 'critical': {'active': 0, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 0, 'risk_accepted': 0, 'total': 0}, - 'total': {'active': 4, 'verified': 5, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} + 'total': {'active': 4, 'verified': 0, 'duplicate': 0, 'false_p': 0, 'out_of_scope': 0, 'is_mitigated': 1, 'risk_accepted': 0, 'total': 5} } }) # Reimport tests to test Scan_Date logic (usecase not supported on UI) @@ -1549,8 +1664,6 @@ def test_reimport_default_scan_date_parser_not_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, str(timezone.localtime(timezone.now()).date())) - return test_id - # reimport acunetix scan with dates (non existing test, so import is called inside DD) # - reimport # - deafult scan_date (today) does not overrides date set by parser @@ -1568,8 +1681,6 @@ def test_reimport_default_scan_date_parser_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2018-09-24') - return test_id - # reimport zap scan without dates (non existing test, so import is called inside DD) # - reimport # - set scan_date overrides date not set by parser @@ -1587,8 +1698,6 @@ def test_reimport_set_scan_date_parser_not_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2006-12-26') - return test_id - # reimport acunetix scan with dates (non existing test, so import is called inside DD) # - reimport # - set scan_date overrides date set by parser @@ -1606,8 +1715,6 @@ def test_reimport_set_scan_date_parser_sets_date(self): date = findings['results'][0]['date'] self.assertEqual(date, '2006-12-26') - return test_id - class ImportReimportTestUI(DojoAPITestCase, ImportReimportMixin): fixtures = ['dojo_testdata.json'] @@ -1663,11 +1770,26 @@ def reimport_scan_ui(self, test, payload): test = Test.objects.get(id=response.url.split('/')[-1]) return {'test': test.id} - def import_scan_with_params_ui(self, filename, scan_type='ZAP Scan', engagement=1, minimum_severity='Low', active=True, verified=True, push_to_jira=None, endpoint_to_add=None, tags=None, close_old_findings=False, scan_date=None, service=None): + def import_scan_with_params_ui(self, filename, scan_type='ZAP Scan', engagement=1, minimum_severity='Low', active=True, verified=False, + push_to_jira=None, endpoint_to_add=None, tags=None, close_old_findings=False, scan_date=None, service=None, + forceActive=False, forceVerified=False): + + activePayload = "not_specified" + if forceActive: + activePayload = "force_to_true" + elif not active: + activePayload = "force_to_false" + + verifiedPayload = "not_specified" + if forceVerified: + verifiedPayload = "force_to_true" + elif not verified: + verifiedPayload = "force_to_false" + payload = { "minimum_severity": minimum_severity, - "active": active, - "verified": verified, + "active": activePayload, + "verified": verifiedPayload, "scan_type": scan_type, "file": open(get_unit_tests_path() + filename), "environment": 1, @@ -1692,11 +1814,19 @@ def import_scan_with_params_ui(self, filename, scan_type='ZAP Scan', engagement= return self.import_scan_ui(engagement, payload) - def reimport_scan_with_params_ui(self, test_id, filename, scan_type='ZAP Scan', minimum_severity='Low', active=True, verified=True, push_to_jira=None, tags=None, close_old_findings=True, scan_date=None): + def reimport_scan_with_params_ui(self, test_id, filename, scan_type='ZAP Scan', minimum_severity='Low', active=True, verified=False, push_to_jira=None, tags=None, close_old_findings=True, scan_date=None): + # Mimic old functionality for active/verified to avoid breaking tests + activePayload = "force_to_true" + if not active: + activePayload = "force_to_false" + verifiedPayload = "force_to_true" + if not verified: + verifiedPayload = "force_to_false" + payload = { "minimum_severity": minimum_severity, - "active": active, - "verified": verified, + "active": activePayload, + "verified": verifiedPayload, "scan_type": scan_type, "file": open(get_unit_tests_path() + filename), "version": "1.0.1", diff --git a/unittests/test_importers_closeold.py b/unittests/test_importers_closeold.py new file mode 100644 index 00000000000..d141a1bb3e4 --- /dev/null +++ b/unittests/test_importers_closeold.py @@ -0,0 +1,118 @@ +from .dojo_test_case import DojoTestCase, get_unit_tests_path +from django.utils import timezone +from dojo.importers.importer.importer import DojoDefaultImporter as Importer +from dojo.models import Development_Environment, Engagement, Product, Product_Type, User +import logging + + +logger = logging.getLogger(__name__) + + +class TestDojoCloseOld(DojoTestCase): + def test_close_old_same_engagement(self): + scan = get_unit_tests_path() + "/scans/acunetix/many_findings.xml" + scan_type = "Acunetix Scan" + + user, _ = User.objects.get_or_create(username="admin") + user_reporter, _ = User.objects.get_or_create(username="user_reporter") + + product_type, _ = Product_Type.objects.get_or_create(name="closeold") + product, _ = Product.objects.get_or_create( + name="TestDojoCloseOldImporter1", + prod_type=product_type, + ) + + engagement, _ = Engagement.objects.get_or_create( + name="Close Old Same Engagement", + product=product, + target_start=timezone.now(), + target_end=timezone.now(), + ) + importer = Importer() + scan_date = None + environment, _ = Development_Environment.objects.get_or_create(name="Development") + # Import first test + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None) + + self.assertEqual(4, len_new_findings) + self.assertEqual(0, len_closed_findings) + # Import same test, should close no findings + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=True, group_by=None, api_scan_configuration=None) + self.assertEqual(4, len_new_findings) + self.assertEqual(0, len_closed_findings) + # Import test with only one finding. Remaining findings should close + scan = open(get_unit_tests_path() + "/scans/acunetix/one_finding.xml") + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=True, group_by=None, api_scan_configuration=None) + self.assertEqual(1, len_new_findings) + # Dedupe is off and close old findings does not close old findings if they are the same finding. + # If this behaviour changes, or dedupe is on, the number of closed findings will be 4 + self.assertEqual(8, len_closed_findings) + + def test_close_old_same_product_scan(self): + scan = get_unit_tests_path() + "/scans/acunetix/many_findings.xml" + scan_type = "Acunetix Scan" + + user, _ = User.objects.get_or_create(username="admin") + user_reporter, _ = User.objects.get_or_create(username="user_reporter") + + product_type, _ = Product_Type.objects.get_or_create(name="test2") + product, _ = Product.objects.get_or_create( + name="TestDojoCloseOldImporter2", + prod_type=product_type, + ) + + engagement1, _ = Engagement.objects.get_or_create( + name="Close Old Same Product 1", + product=product, + target_start=timezone.now(), + target_end=timezone.now(), + ) + engagement2, _ = Engagement.objects.get_or_create( + name="Close Old Same Product 2", + product=product, + target_start=timezone.now(), + target_end=timezone.now(), + ) + engagement3, _ = Engagement.objects.get_or_create( + name="Close Old Same Product 3", + product=product, + target_start=timezone.now(), + target_end=timezone.now(), + ) + importer = Importer() + scan_date = None + environment, _ = Development_Environment.objects.get_or_create(name="Development") + # Import first test + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement1, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=False, close_old_findings_product_scope=True, group_by=None, api_scan_configuration=None) + + self.assertEqual(4, len_new_findings) + self.assertEqual(0, len_closed_findings) + # Import same test, should close no findings + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement2, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=True, close_old_findings_product_scope=True, group_by=None, api_scan_configuration=None) + self.assertEqual(4, len_new_findings) + self.assertEqual(0, len_closed_findings) + # Import test with only one finding. Remaining findings should close + scan = open(get_unit_tests_path() + "/scans/acunetix/one_finding.xml") + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement3, lead=None, environment=environment, + active=True, verified=False, tags=None, minimum_severity=None, + user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, + commit_hash=None, push_to_jira=None, close_old_findings=True, close_old_findings_product_scope=True, group_by=None, api_scan_configuration=None) + self.assertEqual(1, len_new_findings) + # Dedupe is off, and close old findings does not close old findings if they are the same finding. + # If this behaviour changes, or dedupe is on, the number of closed findings will be 4 + self.assertEqual(8, len_closed_findings) diff --git a/unittests/test_importers_importer.py b/unittests/test_importers_importer.py index 8dc3a6e347f..5318c64e165 100644 --- a/unittests/test_importers_importer.py +++ b/unittests/test_importers_importer.py @@ -5,20 +5,21 @@ from rest_framework.authtoken.models import Token from rest_framework.test import APIClient from dojo.importers.importer.importer import DojoDefaultImporter as Importer -from dojo.models import Development_Environment, Engagement, Product, Product_Type, Test, User +from dojo.models import Development_Environment, Engagement, Finding, Product, Product_Type, Test, User from dojo.tools.factory import get_parser from dojo.tools.sarif.parser import SarifParser from dojo.tools.gitlab_sast.parser import GitlabSastParser from .dojo_test_case import DojoAPITestCase from .test_utils import assertImportModelsCreated import logging +from dojo.importers.utils import handle_vulnerability_ids from dojo.utils import get_object_or_none logger = logging.getLogger(__name__) -NPM_AUDIT_NO_VULN_FILENAME = 'scans/npm_audit_sample/no_vuln.json' +NPM_AUDIT_NO_VULN_FILENAME = 'scans/npm_audit/no_vuln.json' NPM_AUDIT_SCAN_TYPE = 'NPM Audit Scan' ACUNETIX_AUDIT_ONE_VULN_FILENAME = 'scans/acunetix/one_finding.xml' @@ -58,8 +59,8 @@ def test_parse_findings(self): target_start=timezone.now(), target_end=timezone.now(), ) - lead = None - environment = None + lead, _ = User.objects.get_or_create(username="admin") + environment, _ = Development_Environment.objects.get_or_create(name="Development") # boot importer = Importer() @@ -111,10 +112,10 @@ def test_import_scan(self): target_start=timezone.now(), target_end=timezone.now(), ) - importer = Importer() scan_date = None - test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=None, + environment, _ = Development_Environment.objects.get_or_create(name="Development") + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, active=True, verified=True, tags=None, minimum_severity=None, user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None) @@ -125,7 +126,7 @@ def test_import_scan(self): def test_import_scan_without_test_scan_type(self): # GitLabSastParser implements get_tests but report has no scanner name - scan = open(get_unit_tests_path() + "/scans/gitlab_sast/gl-sast-report-1-vuln.json") + scan = open(f"{get_unit_tests_path()}/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json") scan_type = GitlabSastParser().get_scan_types()[0] user, _ = User.objects.get_or_create(username="admin") @@ -146,7 +147,8 @@ def test_import_scan_without_test_scan_type(self): importer = Importer() scan_date = None - test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=None, + environment, _ = Development_Environment.objects.get_or_create(name="Development") + test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, active=True, verified=True, tags=None, minimum_severity=None, user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None) @@ -206,7 +208,7 @@ def test_import_by_product_name_exists_engagement_name_exists(self, mock): def test_import_by_product_name_exists_engagement_name_not_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.import_scan_with_params(NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_DEFAULT, + self.import_scan_with_params(NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_DEFAULT, engagement=None, engagement_name=ENGAGEMENT_NAME_NEW, expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -225,7 +227,7 @@ def test_import_by_product_name_exists_engagement_name_not_exists_auto_create(se def test_import_by_product_name_not_exists_engagement_name(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.import_scan_with_params(NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_NEW, + self.import_scan_with_params(NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_NEW, engagement=None, engagement_name=ENGAGEMENT_NAME_NEW, expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -257,11 +259,11 @@ def test_import_by_product_type_name_not_exists_product_name_not_exists_engageme def test_endpoint_meta_import_by_product_name_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params(ENDPOINT_META_IMPORTER_FILENAME, product=None, product_name=PRODUCT_NAME_DEFAULT, expected_http_status_code=201) + self.endpoint_meta_import_scan_with_params(ENDPOINT_META_IMPORTER_FILENAME, product=None, product_name=PRODUCT_NAME_DEFAULT, expected_http_status_code=201) def test_endpoint_meta_import_by_product_name_not_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, endpoints=0): - import0 = self.endpoint_meta_import_scan_with_params(ENDPOINT_META_IMPORTER_FILENAME, product=None, product_name=PRODUCT_NAME_NEW, expected_http_status_code=400) + self.endpoint_meta_import_scan_with_params(ENDPOINT_META_IMPORTER_FILENAME, product=None, product_name=PRODUCT_NAME_NEW, expected_http_status_code=400) def test_import_with_invalid_parameters(self): with self.subTest('scan_date in the future'): @@ -377,7 +379,7 @@ def test_reimport_by_product_name_exists_engagement_name_exists_no_title(self): def test_reimport_by_product_name_exists_engagement_name_exists_scan_type_not_exsists_test_title_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type='Acunetix Scan', product_name=PRODUCT_NAME_DEFAULT, + self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type='Acunetix Scan', product_name=PRODUCT_NAME_DEFAULT, engagement=None, engagement_name=ENGAGEMENT_NAME_DEFAULT, test_title=TEST_TITLE_DEFAULT, expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -392,7 +394,7 @@ def test_reimport_by_product_name_exists_engagement_name_exists_scan_type_not_ex def test_reimport_by_product_name_exists_engagement_name_exists_scan_type_not_exsists_test_title_not_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type='Acunetix Scan', product_name=PRODUCT_NAME_DEFAULT, + self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type='Acunetix Scan', product_name=PRODUCT_NAME_DEFAULT, engagement=None, engagement_name=ENGAGEMENT_NAME_DEFAULT, test_title='bogus title', expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -417,7 +419,7 @@ def test_reimport_by_product_name_exists_engagement_name_exists_test_title_exist def test_reimport_by_product_name_exists_engagement_name_not_exists(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_DEFAULT, + self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_DEFAULT, engagement=None, engagement_name=ENGAGEMENT_NAME_NEW, expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -436,7 +438,7 @@ def test_reimport_by_product_name_exists_engagement_name_not_exists_auto_create( def test_reimport_by_product_name_not_exists_engagement_name(self): with assertImportModelsCreated(self, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - import0 = self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_NEW, + self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, product_name=PRODUCT_NAME_NEW, engagement=None, engagement_name=ENGAGEMENT_NAME_NEW, expected_http_status_code=400) @patch('dojo.jira_link.helper.get_jira_project') @@ -532,3 +534,65 @@ def test_reimport_with_invalid_parameters(self): import0 = self.reimport_scan_with_params(None, NPM_AUDIT_NO_VULN_FILENAME, scan_type=NPM_AUDIT_SCAN_TYPE, engagement=None, engagement_name=ENGAGEMENT_NAME_NEW, auto_create_context=True, expected_http_status_code=400) self.assertEqual(import0, ['product_name parameter missing']) + + +class TestImporterUtils(DojoAPITestCase): + @patch('dojo.importers.utils.Vulnerability_Id', autospec=True) + def test_handle_vulnerability_ids_references_and_cve(self, mock): + finding = Finding() + finding.cve = 'CVE' + finding.unsaved_vulnerability_ids = ['REF-1', 'REF-2'] + + handle_vulnerability_ids(finding) + + vulnerability_ids = ['CVE', 'REF-1', 'REF-2'] + + self.assertEqual(6, len(mock.mock_calls)) + self.assertEqual('CVE', mock.mock_calls[0].kwargs['vulnerability_id']) + self.assertEqual('CVE', mock.mock_calls[0].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[0].kwargs['finding'].unsaved_vulnerability_ids) + self.assertEqual('REF-1', mock.mock_calls[2].kwargs['vulnerability_id']) + self.assertEqual('CVE', mock.mock_calls[2].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[2].kwargs['finding'].unsaved_vulnerability_ids) + self.assertEqual('REF-2', mock.mock_calls[4].kwargs['vulnerability_id']) + self.assertEqual('CVE', mock.mock_calls[4].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[2].kwargs['finding'].unsaved_vulnerability_ids) + + @patch('dojo.importers.utils.Vulnerability_Id', autospec=True) + def test_handle_no_vulnerability_ids_references_and_cve(self, mock): + finding = Finding() + finding.cve = 'CVE' + + handle_vulnerability_ids(finding) + + vulnerability_ids = ['CVE'] + + self.assertEqual(2, len(mock.mock_calls)) + self.assertEqual('CVE', mock.mock_calls[0].kwargs['vulnerability_id']) + self.assertEqual('CVE', mock.mock_calls[0].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[0].kwargs['finding'].unsaved_vulnerability_ids) + + @patch('dojo.importers.utils.Vulnerability_Id', autospec=True) + def test_handle_vulnerability_ids_references_and_no_cve(self, mock): + finding = Finding() + finding.unsaved_vulnerability_ids = ['REF-1', 'REF-2'] + + handle_vulnerability_ids(finding) + + vulnerability_ids = ['REF-1', 'REF-2'] + + self.assertEqual(4, len(mock.mock_calls)) + self.assertEqual('REF-1', mock.mock_calls[0].kwargs['vulnerability_id']) + self.assertEqual('REF-1', mock.mock_calls[0].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[2].kwargs['finding'].unsaved_vulnerability_ids) + self.assertEqual('REF-2', mock.mock_calls[2].kwargs['vulnerability_id']) + self.assertEqual('REF-1', mock.mock_calls[2].kwargs['finding'].cve) + self.assertEqual(vulnerability_ids, mock.mock_calls[2].kwargs['finding'].unsaved_vulnerability_ids) + + @patch('dojo.importers.utils.Vulnerability_Id', autospec=True) + def test_no_handle_vulnerability_ids_references_and_no_cve(self, mock): + finding = Finding() + + handle_vulnerability_ids(finding) + + mock.assert_not_called() diff --git a/unittests/test_jira_config_engagement.py b/unittests/test_jira_config_engagement.py index aa514eb6b7e..f6922c19166 100644 --- a/unittests/test_jira_config_engagement.py +++ b/unittests/test_jira_config_engagement.py @@ -25,6 +25,7 @@ def get_new_engagement_with_jira_project_data(self): 'jira-project-form-jira_instance': 2, 'jira-project-form-project_key': 'IUNSEC', 'jira-project-form-product_jira_sla_notification': 'on', + 'jira-project-form-custom_fields': 'null', } def get_new_engagement_with_jira_project_data_and_epic_mapping(self): @@ -42,6 +43,7 @@ def get_new_engagement_with_jira_project_data_and_epic_mapping(self): 'jira-project-form-product_jira_sla_notification': 'on', 'jira-project-form-enable_engagement_epic_mapping': 'on', 'jira-epic-form-push_to_jira': 'on', + 'jira-project-form-custom_fields': 'null', } def get_new_engagement_without_jira_project_data(self): @@ -74,6 +76,7 @@ def get_engagement_with_jira_project_data(self, engagement): 'jira-project-form-jira_instance': 2, 'jira-project-form-project_key': 'ISEC', 'jira-project-form-product_jira_sla_notification': 'on', + 'jira-project-form-custom_fields': 'null', } def get_engagement_with_jira_project_data2(self, engagement): @@ -89,6 +92,7 @@ def get_engagement_with_jira_project_data2(self, engagement): 'jira-project-form-jira_instance': 2, 'jira-project-form-project_key': 'ISEC2', 'jira-project-form-product_jira_sla_notification': 'on', + 'jira-project-form-custom_fields': 'null', } def get_engagement_with_empty_jira_project_data(self, engagement): @@ -142,7 +146,7 @@ def add_engagement_jira(self, data, expect_redirect_to=None, expect_200=False): engagement = Engagement.objects.get(id=response.url.split('/')[-2]) except: raise ValueError('error parsing id from redirect uri: ' + response.url) - self.assertTrue(response.url == (expect_redirect_to % engagement.id)) + self.assertEqual(response.url, (expect_redirect_to % engagement.id)) else: self.assertEqual(response.status_code, 200) @@ -243,21 +247,21 @@ def test_add_jira_project_to_engagement_without_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method # TODO: add engagement also via API, but let's focus on JIRA here engagement = self.add_engagement_without_jira_project(expected_delta_jira_project_db=0) - response = self.edit_jira_project_for_engagement(engagement, expected_delta_jira_project_db=1) + self.edit_jira_project_for_engagement(engagement, expected_delta_jira_project_db=1) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_add_empty_jira_project_to_engagement_without_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method engagement = self.add_engagement_without_jira_project(expected_delta_jira_project_db=0) - response = self.empty_jira_project_for_engagement(engagement, expected_delta_jira_project_db=0) + self.empty_jira_project_for_engagement(engagement, expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 0) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_edit_jira_project_to_engagement_with_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method engagement = self.add_engagement_with_jira_project(expected_delta_jira_project_db=1) - response = self.edit_jira_project_for_engagement2(engagement, expected_delta_jira_project_db=0) + self.edit_jira_project_for_engagement2(engagement, expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 2) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -270,14 +274,14 @@ def test_edit_empty_jira_project_to_engagement_with_jira_project(self, jira_mock # - so prevent clearing out these values # response = self.empty_jira_project_for_engagement(Engagement.objects.get(id=3), -1) # expecting ValueError as we can't delete existing JIRA Projects - response = self.empty_jira_project_for_engagement(engagement, expected_delta_jira_project_db=0, expect_error=True) + self.empty_jira_project_for_engagement(engagement, expected_delta_jira_project_db=0, expect_error=True) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_add_jira_project_to_engagement_without_jira_project_invalid_project(self, jira_mock): jira_mock.return_value = False # cannot set return_value in decorated AND have the mock into the method # errors means it won't redirect to view_engagement, but returns a 200 and redisplays the edit engagement page - response = self.edit_jira_project_for_engagement(Engagement.objects.get(id=3), expected_delta_jira_project_db=0, expect_200=True) + self.edit_jira_project_for_engagement(Engagement.objects.get(id=3), expected_delta_jira_project_db=0, expect_200=True) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -286,7 +290,7 @@ def test_edit_jira_project_to_engagement_with_jira_project_invalid_project(self, engagement = self.add_engagement_with_jira_project(expected_delta_jira_project_db=1) jira_mock.return_value = False # jira key is changed, so jira project will be checked - response = self.edit_jira_project_for_engagement2(engagement, expected_delta_jira_project_db=0, expect_200=True) + self.edit_jira_project_for_engagement2(engagement, expected_delta_jira_project_db=0, expect_200=True) self.assertEqual(jira_mock.call_count, 2) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -325,8 +329,8 @@ def test_add_engagement_with_jira_project_to_engagement_jira_disabled(self, jira def test_edit_jira_project_to_engagement_with_jira_project_invalid_project_jira_disabled(self, jira_mock): self.system_settings(enable_jira=False) jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method - response = self.edit_jira_project_for_engagement(Engagement.objects.get(id=3), expected_delta_jira_project_db=0) - response = self.edit_jira_project_for_engagement2(Engagement.objects.get(id=3), expected_delta_jira_project_db=0) + self.edit_jira_project_for_engagement(Engagement.objects.get(id=3), expected_delta_jira_project_db=0) + self.edit_jira_project_for_engagement2(Engagement.objects.get(id=3), expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 0) diff --git a/unittests/test_jira_config_product.py b/unittests/test_jira_config_product.py index c7828bba656..150709574d1 100644 --- a/unittests/test_jira_config_product.py +++ b/unittests/test_jira_config_product.py @@ -81,11 +81,12 @@ def test_add_jira_instance_unknown_host(self): self.assertEqual(200, response.status_code) content = response.content.decode('utf-8') - self.assertTrue('Name or service not known' in content) + # debian throws 'Name or service not known' error and alpine 'Name does not resolve' + self.assertTrue(('Name or service not known' in content) or ('Name does not resolve' in content)) # test raw connection error with self.assertRaises(requests.exceptions.RequestException): - jira = jira_helper.get_jira_connection_raw(data['url'], data['username'], data['password']) + jira_helper.get_jira_connection_raw(data['url'], data['username'], data['password']) @patch('dojo.jira_link.views.jira_helper.get_jira_connection_raw') def test_add_jira_instance_invalid_credentials(self, jira_mock): @@ -101,29 +102,29 @@ def test_add_jira_instance_invalid_credentials(self, jira_mock): self.assertEqual(200, response.status_code) content = response.content.decode('utf-8') - self.assertTrue('Login failed' in content) - self.assertTrue('Unable to authenticate to JIRA' in content) + self.assertIn('Login failed', content) + self.assertIn('Unable to authenticate to JIRA', content) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_add_jira_project_to_product_without_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method # TODO: add product also via API, but let's focus on JIRA here product = self.add_product_without_jira_project(expected_delta_jira_project_db=0) - response = self.edit_jira_project_for_product(product, expected_delta_jira_project_db=1) + self.edit_jira_project_for_product(product, expected_delta_jira_project_db=1) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_add_empty_jira_project_to_product_without_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorater AND have the mock into the method product = self.add_product_without_jira_project(expected_delta_jira_project_db=0) - response = self.empty_jira_project_for_product(product, expected_delta_jira_project_db=0) + self.empty_jira_project_for_product(product, expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 0) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_edit_jira_project_to_product_with_jira_project(self, jira_mock): jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method product = self.add_product_with_jira_project(expected_delta_jira_project_db=1) - response = self.edit_jira_project_for_product2(product, expected_delta_jira_project_db=0) + self.edit_jira_project_for_product2(product, expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 2) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -136,14 +137,14 @@ def test_edit_empty_jira_project_to_product_with_jira_project(self, jira_mock): # - so prevent clearing out these values # response = self.empty_jira_project_for_product(Product.objects.get(id=3), -1) # errors means it won't redirect to view_product, but returns a 200 and redisplays the edit product page - response = self.empty_jira_project_for_product(product, expected_delta_jira_project_db=0, expect_200=True) + self.empty_jira_project_for_product(product, expected_delta_jira_project_db=0, expect_200=True) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') def test_add_jira_project_to_product_without_jira_project_invalid_project(self, jira_mock): jira_mock.return_value = False # cannot set return_value in decorated AND have the mock into the method # errors means it won't redirect to view_product, but returns a 200 and redisplays the edit product page - response = self.edit_jira_project_for_product(Product.objects.get(id=3), expected_delta_jira_project_db=0, expect_200=True) + self.edit_jira_project_for_product(Product.objects.get(id=3), expected_delta_jira_project_db=0, expect_200=True) self.assertEqual(jira_mock.call_count, 1) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -152,7 +153,7 @@ def test_edit_jira_project_to_product_with_jira_project_invalid_project(self, ji product = self.add_product_with_jira_project(expected_delta_jira_project_db=1) jira_mock.return_value = False # jira key is changed, so jira project will be checked - response = self.edit_jira_project_for_product2(product, expected_delta_jira_project_db=0, expect_200=True) + self.edit_jira_project_for_product2(product, expected_delta_jira_project_db=0, expect_200=True) self.assertEqual(jira_mock.call_count, 2) @patch('dojo.jira_link.views.jira_helper.is_jira_project_valid') @@ -191,8 +192,8 @@ def test_add_product_with_jira_project_to_product_jira_disabled(self, jira_mock) def test_edit_jira_project_to_product_with_jira_project_invalid_project_jira_disabled(self, jira_mock): self.system_settings(enable_jira=False) jira_mock.return_value = True # cannot set return_value in decorated AND have the mock into the method - response = self.edit_jira_project_for_product(Product.objects.get(id=3), expected_delta_jira_project_db=0) - response = self.edit_jira_project_for_product2(Product.objects.get(id=3), expected_delta_jira_project_db=0) + self.edit_jira_project_for_product(Product.objects.get(id=3), expected_delta_jira_project_db=0) + self.edit_jira_project_for_product2(Product.objects.get(id=3), expected_delta_jira_project_db=0) self.assertEqual(jira_mock.call_count, 0) diff --git a/unittests/test_jira_import_and_pushing_api.py b/unittests/test_jira_import_and_pushing_api.py index c128163b75e..dd50794c0a2 100644 --- a/unittests/test_jira_import_and_pushing_api.py +++ b/unittests/test_jira_import_and_pushing_api.py @@ -1,4 +1,3 @@ -from django.test.utils import override_settings from dojo.models import Finding_Group, User, Finding, JIRA_Instance from dojo.jira_link import helper as jira_helper from rest_framework.authtoken.models import Token @@ -66,203 +65,182 @@ def setUp(self): self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key) self.scans_path = '/scans/' self.zap_sample5_filename = self.scans_path + 'zap/5_zap_sample_one.xml' - self.npm_groups_sample_filename = self.scans_path + 'npm_audit_sample/many_vuln_with_groups.json' + self.npm_groups_sample_filename = self.scans_path + 'npm_audit/many_vuln_with_groups.json' def test_import_no_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - return test_id def test_import_with_push_to_jira_is_false(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=False) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=False, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - return test_id def test_import_with_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_push_to_jira(self): # 7 findings, 5 unique component_name+component_version - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True) + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True, verified=True) test_id = import0['test'] # all findings should be in a group, so no JIRA issues for individual findings self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_with_push_to_jira_epic_as_issue_type(self): jira_instance = JIRA_Instance.objects.get(id=2) - # we choose issue type Epic and test if it can be created succesfully. - # if yes, it means we have succesfully populated the Epic Name custom field which is mandatory in JIRA + # we choose issue type Epic and test if it can be created successfully. + # if yes, it means we have successfully populated the Epic Name custom field which is mandatory in JIRA jira_instance.default_issue_type = "Epic" jira_instance.save() - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_no_push_to_jira_but_push_all(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_no_push_to_jira_but_push_all(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_with_push_to_jira_is_false_but_push_all(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=False) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=False, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_with_push_to_jira_is_false_but_push_all(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=False) + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=False, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_no_push_to_jira_reimport_no_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, verified=True) self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - return test_id def test_import_no_push_to_jira_reimport_push_to_jira_false(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=False) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=False, verified=True) self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - return test_id def test_import_no_push_to_jira_reimport_with_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=True) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=True, verified=True) self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira(self): - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - reimport = self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True) + self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True, verified=True) self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, verified=True) self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) - reimport = self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - updated_map = self.get_jira_issue_updated_map(test_id) + self.get_jira_issue_updated_map(test_id) - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=False) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=False, verified=True) self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - self.assert_jira_updated_map_changed(test_id, updated_map) + # when sending in identical data to JIRA, JIRA does NOT update the updated timestamp.... + # self.assert_jira_updated_map_changed(test_id, updated_map) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) updated_map = self.get_jira_issue_updated_map(test_id) - reimport = self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=False) + self.reimport_scan_with_params(test_id, self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=False, verified=True) self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) # when sending in identical data to JIRA, JIRA does NOT update the updated timestamp.... @@ -270,46 +248,44 @@ def test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_p self.assert_jira_updated_map_unchanged(test_id, updated_map) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_push_to_jira_reimport_with_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) # Get one of the findings from the test finding_id = Finding.objects.filter(test__id=test_id).first().id - pre_jira_status = self.get_jira_issue_updated(finding_id) + self.get_jira_issue_updated(finding_id) # re-import and see status change - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=True) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, push_to_jira=True, verified=True) self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - post_jira_status = self.get_jira_issue_updated(finding_id) - self.assert_jira_updated_change(pre_jira_status, post_jira_status) + self.get_jira_issue_updated(finding_id) + # when sending in identical data to JIRA, JIRA does NOT update the updated timestamp.... + # self.assert_jira_updated_change(pre_jira_status, post_jira_status) # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() - return test_id def test_import_twice_push_to_jira(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - import1 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import1 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id1 = import1['test'] # duplicates shouldn't be sent to JIRA self.assert_jira_issue_count_in_test(test_id1, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) - @override_settings(FEATURE_FINDING_GROUPS=True) def test_import_with_groups_twice_push_to_jira(self): - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True) + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 3) - import1 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True) + import1 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', push_to_jira=True, verified=True) test_id1 = import1['test'] # duplicates shouldn't be sent to JIRA self.assert_jira_issue_count_in_test(test_id1, 0) @@ -317,19 +293,19 @@ def test_import_with_groups_twice_push_to_jira(self): def test_import_twice_push_to_jira_push_all_issues(self): self.set_jira_push_all_issues(self.get_engagement(1)) - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) - import1 = self.import_scan_with_params(self.zap_sample5_filename) + import1 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id1 = import1['test'] # duplicates shouldn't be sent to JIRA self.assert_jira_issue_count_in_test(test_id1, 0) self.assert_jira_group_issue_count_in_test(test_id1, 0) def test_create_edit_update_finding(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename) + import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) @@ -395,9 +371,8 @@ def test_create_edit_update_finding(self): self.assert_cassette_played() - @override_settings(FEATURE_FINDING_GROUPS=True) def test_groups_create_edit_update_finding(self): - import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version') + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type='NPM Audit Scan', group_by='component_name+component_version', verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) @@ -425,13 +400,11 @@ def test_groups_create_edit_update_finding(self): self.assert_jira_group_issue_count_in_test(test_id, 1) pre_jira_status = self.get_jira_issue_status(findings['results'][0]['id']) - # close both findings self.patch_finding_api(findings['results'][0]['id'], {"active": False, "is_mitigated": True, "push_to_jira": True}) - self.patch_finding_api(findings['results'][0]['id'], {"active": False, "is_mitigated": True, "push_to_jira": True}) + self.patch_finding_api(findings['results'][1]['id'], {"active": False, "is_mitigated": True, "push_to_jira": True}) post_jira_status = self.get_jira_issue_status(findings['results'][0]['id']) - # both findings inactive -> should update status in JIRA self.assertNotEqual(pre_jira_status, post_jira_status) @@ -486,7 +459,7 @@ def test_groups_create_edit_update_finding(self): self.assert_cassette_played() def test_import_with_push_to_jira_add_comment(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) @@ -495,15 +468,34 @@ def test_import_with_push_to_jira_add_comment(self): finding_id = findings['results'][0]['id'] - response = self.post_finding_notes_api(finding_id, 'testing note. creating it and pushing it to JIRA') + self.post_finding_notes_api(finding_id, 'testing note. creating it and pushing it to JIRA') self.patch_finding_api(finding_id, {"push_to_jira": True}) + # Make sure the number of comments match + self.assertEqual(len(self.get_jira_comments(finding_id)), 1) + # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() + def test_import_add_comments_then_push_to_jira(self): + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=False, verified=True) + test_id = import0['test'] + + findings = self.get_test_findings_api(test_id) + + finding_id = findings['results'][0]['id'] + + self.post_finding_notes_api(finding_id, 'testing note. creating it and pushing it to JIRA') + self.post_finding_notes_api(finding_id, 'testing second note. creating it and pushing it to JIRA') + self.patch_finding_api(finding_id, {"push_to_jira": True}) + + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 0) + # Make sure the number of comments match + self.assertEqual(len(self.get_jira_comments(finding_id)), 2) # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() - return test_id def test_import_with_push_to_jira_add_tags(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) @@ -513,7 +505,7 @@ def test_import_with_push_to_jira_add_tags(self): finding = Finding.objects.get(id=findings['results'][0]['id']) tags = ['tag1', 'tag2'] - response = self.post_finding_tags_api(finding.id, tags) + self.post_finding_tags_api(finding.id, tags) self.patch_finding_api(finding.id, {"push_to_jira": True}) # Connect to jira to get the new issue @@ -526,10 +518,9 @@ def test_import_with_push_to_jira_add_tags(self): # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() - return test_id def test_import_with_push_to_jira_update_tags(self): - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=True) test_id = import0['test'] self.assert_jira_issue_count_in_test(test_id, 2) self.assert_jira_group_issue_count_in_test(test_id, 0) @@ -539,7 +530,7 @@ def test_import_with_push_to_jira_update_tags(self): finding = Finding.objects.get(id=findings['results'][0]['id']) tags = ['tag1', 'tag2'] - response = self.post_finding_tags_api(finding.id, tags) + self.post_finding_tags_api(finding.id, tags) self.patch_finding_api(finding.id, {"push_to_jira": True}) # Connect to jira to get the new issue @@ -551,7 +542,7 @@ def test_import_with_push_to_jira_update_tags(self): self.assertEqual(issue.fields.labels, tags) tags_new = tags + ['tag3', 'tag4'] - response = self.post_finding_tags_api(finding.id, tags_new) + self.post_finding_tags_api(finding.id, tags_new) self.patch_finding_api(finding.id, {"push_to_jira": True}) # Connect to jira to get the new issue @@ -564,7 +555,6 @@ def test_import_with_push_to_jira_update_tags(self): # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() - return test_id def test_engagement_epic_creation(self): eng = self.get_engagement(3) @@ -580,7 +570,7 @@ def test_engagement_epic_mapping_enabled_create_epic_and_push_findings(self): # Set epic_mapping to true self.toggle_jira_project_epic_mapping(eng, True) self.create_engagement_epic(eng) - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3, verified=True) test_id = import0['test'] # Correct number of issues are pushed to jira self.assert_jira_issue_count_in_test(test_id, 2) @@ -597,7 +587,7 @@ def test_engagement_epic_mapping_enabled_no_epic_and_push_findings(self): eng = self.get_engagement(3) # Set epic_mapping to true self.toggle_jira_project_epic_mapping(eng, True) - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3, verified=True) test_id = import0['test'] # Correct number of issues are pushed to jira self.assert_jira_issue_count_in_test(test_id, 2) @@ -615,7 +605,7 @@ def test_engagement_epic_mapping_disabled_create_epic_and_push_findings(self): # Set epic_mapping to true self.toggle_jira_project_epic_mapping(eng, False) self.create_engagement_epic(eng) - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3, verified=True) test_id = import0['test'] # Correct number of issues are pushed to jira self.assert_jira_issue_count_in_test(test_id, 2) @@ -632,7 +622,7 @@ def test_engagement_epic_mapping_disabled_no_epic_and_push_findings(self): eng = self.get_engagement(3) # Set epic_mapping to true self.toggle_jira_project_epic_mapping(eng, False) - import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3) + import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, engagement=3, verified=True) test_id = import0['test'] # Correct number of issues are pushed to jira self.assert_jira_issue_count_in_test(test_id, 2) diff --git a/unittests/test_metrics_queries.py b/unittests/test_metrics_queries.py index 7c01417f774..6dde426e363 100644 --- a/unittests/test_metrics_queries.py +++ b/unittests/test_metrics_queries.py @@ -2,8 +2,9 @@ Tests for metrics database queries """ -from datetime import datetime, timezone +from datetime import date, datetime, timezone from unittest.mock import patch +import pytz from django.test import RequestFactory from django.urls import reverse @@ -48,7 +49,7 @@ def test_finding_queries(self, mock_timezone): mock_timezone.return_value = mock_datetime # Queries over Finding and Risk_Acceptance - with self.assertNumQueries(35): + with self.assertNumQueries(27): product_types = [] finding_queries = views.finding_querys( product_types, @@ -76,6 +77,7 @@ def test_finding_queries(self, mock_timezone): self.assertSequenceEqual( finding_queries['all'].qs.values(), [] + # [{'id': 226, 'title': 'Test Endpoint Mitigation - Finding F1 Without Endpoints', 'date': date(2022, 10, 15), 'sla_start_date': None, 'cwe': None, 'cve': None, 'cvssv3': None, 'cvssv3_score': None, 'url': None, 'severity': 'Info', 'description': 'vulnerability', 'mitigation': '', 'impact': '', 'steps_to_reproduce': '', 'severity_justification': '', 'references': '', 'test_id': 89, 'active': True, 'verified': True, 'false_p': False, 'duplicate': False, 'duplicate_finding_id': None, 'out_of_scope': False, 'risk_accepted': False, 'under_review': False, 'last_status_update': None, 'review_requested_by_id': None, 'under_defect_review': False, 'defect_review_requested_by_id': None, 'is_mitigated': False, 'thread_id': 0, 'mitigated': None, 'mitigated_by_id': None, 'reporter_id': 1, 'numerical_severity': 'S4', 'last_reviewed': None, 'last_reviewed_by_id': None, 'param': None, 'payload': None, 'hash_code': 'a6dd6bd359ff0b504a21b8a7ae5e59f1b40dd0fa1715728bd58de8f688f01b19', 'line': None, 'file_path': '', 'component_name': None, 'component_version': None, 'static_finding': False, 'dynamic_finding': True, 'created': datetime(2022, 10, 15, 23, 12, 52, 966000, tzinfo=pytz.UTC), 'scanner_confidence': None, 'sonarqube_issue_id': None, 'unique_id_from_tool': None, 'vuln_id_from_tool': None, 'sast_source_object': None, 'sast_sink_object': None, 'sast_source_line': None, 'sast_source_file_path': None, 'nb_occurences': None, 'publish_date': None, 'service': None, 'planned_remediation_date': None, 'test__engagement__product__prod_type__member': True, 'test__engagement__product__member': True, 'test__engagement__product__prod_type__authorized_group': False, 'test__engagement__product__authorized_group': False}] ) self.assertSequenceEqual( finding_queries['closed'].values(), @@ -167,7 +169,7 @@ def test_endpoint_queries_no_data(self): def test_endpoint_queries(self): # Queries over Finding and Endpoint_Status - with self.assertNumQueries(71): + with self.assertNumQueries(69): product_types = [] endpoint_queries = views.endpoint_querys( product_types, @@ -195,23 +197,12 @@ def test_endpoint_queries(self): self.assertSequenceEqual( endpoint_queries['all'].values(), [ - { - 'id': 1, - 'date': datetime(2020, 7, 1, 0, 0, tzinfo=timezone.utc), - 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=timezone.utc), - 'mitigated': False, - 'mitigated_time': None, - 'mitigated_by_id': None, - 'false_positive': False, - 'out_of_scope': False, - 'risk_accepted': False, - 'endpoint_id': 2, - 'finding_id': 2, - 'endpoint__product__prod_type__member': True, - 'endpoint__product__member': True, - 'endpoint__product__prod_type__authorized_group': False, - 'endpoint__product__authorized_group': False - } + {'id': 1, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': False, 'risk_accepted': False, 'endpoint_id': 2, 'finding_id': 2, 'endpoint__product__prod_type__member': False, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}, + {'id': 3, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': True, 'out_of_scope': False, 'risk_accepted': False, 'endpoint_id': 5, 'finding_id': 228, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}, + {'id': 4, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': True, 'risk_accepted': False, 'endpoint_id': 5, 'finding_id': 229, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}, + {'id': 5, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': False, 'risk_accepted': True, 'endpoint_id': 5, 'finding_id': 230, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}, + {'id': 7, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': False, 'risk_accepted': False, 'endpoint_id': 7, 'finding_id': 227, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}, + {'id': 8, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': False, 'risk_accepted': False, 'endpoint_id': 8, 'finding_id': 231, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False} ], ) self.assertSequenceEqual( @@ -220,11 +211,11 @@ def test_endpoint_queries(self): ) self.assertSequenceEqual( endpoint_queries['accepted'].values(), - [], + [{'id': 5, 'date': date(2020, 7, 1), 'last_modified': datetime(2020, 7, 1, 17, 45, 39, 791907, tzinfo=pytz.UTC), 'mitigated': False, 'mitigated_time': None, 'mitigated_by_id': None, 'false_positive': False, 'out_of_scope': False, 'risk_accepted': True, 'endpoint_id': 5, 'finding_id': 230, 'endpoint__product__prod_type__member': True, 'endpoint__product__member': True, 'endpoint__product__prod_type__authorized_group': False, 'endpoint__product__authorized_group': False}], ) self.assertSequenceEqual( list(endpoint_queries['accepted_count'].values()), - [None, None, None, None, None, None], + [1, 0, 0, 0, 0, 1], ) self.assertSequenceEqual( endpoint_queries['top_ten'].values(), diff --git a/unittests/test_migrations.py b/unittests/test_migrations.py index a7d82bb1639..d8bf5f77b8c 100644 --- a/unittests/test_migrations.py +++ b/unittests/test_migrations.py @@ -1,56 +1,14 @@ import datetime -import logging +from unittest import skip from django_test_migrations.contrib.unittest_case import MigratorTestCase -from django_test_migrations.migrator import Migrator -from django.test import TransactionTestCase from django.utils import timezone -logger = logging.getLogger(__name__) - -class TestEndpointMigrationBroken(TransactionTestCase): - migrate_from = ('dojo', '0104_endpoint_userinfo_creation') - migrate_to = ('dojo', '0105_endpoint_host_migration') - - def setUp(self): - super().setUp() - self.migrator = Migrator() - - self.old_state = self.migrator.apply_initial_migration(self.migrate_from) - - Endpoint = self.old_state.apps.get_model('dojo', 'Endpoint') - self.endpoints = { - 'empty': Endpoint.objects.create().pk, - 'empty_host': Endpoint.objects.create(host='').pk, - 'invalid_host': Endpoint.objects.create(host='foo bar').pk, - 'invalid_ip': Endpoint.objects.create(host='127.0.1').pk, - 'invalid_port_high': Endpoint.objects.create(host='127.0.0.1:66666').pk, - 'invalid_port_low': Endpoint.objects.create(host='127.0.0.1:-1').pk, - 'invalid_port_word': Endpoint.objects.create(host='127.0.0.1:port').pk, - 'protocol_mismatch': Endpoint.objects.create(protocol='http', host='https://foo.bar').pk, - 'port_mismatch': Endpoint.objects.create(host='https://foo.bar', port=80).pk, - 'path_mismatch': Endpoint.objects.create(host='https://foo.bar/path1', path='/path1').pk, - 'query_mismatch': Endpoint.objects.create(host='https://foo.bar/?key1=value&key2', query='?key1=value&' - 'key2=None').pk, - 'fragment_mismatch': Endpoint.objects.create(host='https://foo.bar/#fragment', fragment='#fragment').pk, - 'missing_host': Endpoint.objects.create(host='file:///etc/passwd').pk, - } - - def tearDown(self): - self.migrator.reset() - super().tearDown() - - def test_migration_endpoint_broken(self): - with self.assertLogs('dojo.endpoint.utils', 'ERROR') as cm: - self.migrator.apply_tested_migration(self.migrate_to) - self.assertIn('ERROR:dojo.endpoint.utils:It is not possible to migrate database because there is/are {} broken ' - 'endpoint(s). Please check logs.'.format(len(self.endpoints)), cm.output) - - -class TestEndpointMigration(MigratorTestCase): - migrate_from = ('dojo', '0104_endpoint_userinfo_creation') - migrate_to = ('dojo', '0105_endpoint_host_migration') +@skip("Outdated - this class was testing some version of migration; it is not needed anymore") +class TestOptiEndpointStatus(MigratorTestCase): + migrate_from = ('dojo', '0171_jira_labels_per_product_and_engagement') + migrate_to = ('dojo', '0172_optimize_usage_of_endpoint_status') def prepare(self): Product_Type = self.old_state.apps.get_model('dojo', 'Product_Type') @@ -60,22 +18,11 @@ def prepare(self): Finding = self.old_state.apps.get_model('dojo', 'Finding') Endpoint = self.old_state.apps.get_model('dojo', 'Endpoint') Endpoint_Status = self.old_state.apps.get_model('dojo', 'Endpoint_Status') - self.endpoints = { - 'valid_host': Endpoint.objects.create(host='foo.bar').pk, - 'valid_ip': Endpoint.objects.create(host='127.0.0.1').pk, - 'host_port': Endpoint.objects.create(host='foo.bar:22').pk, - 'ip_port': Endpoint.objects.create(host='127.0.0.1:22').pk, - 'url': Endpoint.objects.create(host='http://foo.bar/').pk, - 'url_existing_port': Endpoint.objects.create(host='https://foo.bar:4433/', port=4433).pk, - 'full_url': Endpoint.objects.create(host='https://alice@foo.bar:4433/path1/path2/?key1=value1&no_value_key' - '#fragmentX').pk, - 'path_with_slash': Endpoint.objects.create(host='bar.foo', path='/test').pk, - } self.prod_type = Product_Type.objects.create() self.product = Product.objects.create(prod_type=self.prod_type) self.engagement = Engagement.objects.create( - product=self.product, + product_id=self.product.pk, target_start=datetime.datetime(2020, 1, 1, tzinfo=timezone.utc), target_end=datetime.datetime(2022, 1, 1, tzinfo=timezone.utc) ) @@ -86,76 +33,131 @@ def prepare(self): test_type_id=1 ) from django.contrib.auth import get_user_model - User = get_user_model() - self.finding = Finding.objects.create(test=self.test, reporter_id=User.objects.create().pk).pk - self.endpoints_eps = { - 'short': Endpoint.objects.create(protocol='http', host='foo.bar.eps', product=self.product).pk, - 'long': Endpoint.objects.create(protocol='http', host='foo.bar.eps', port=80, product=self.product).pk, - } - self.endpoint_status = { - 'old': Endpoint_Status.objects.create( - last_modified=datetime.datetime(2020, 1, 1, tzinfo=timezone.utc), - mitigated=True, - finding_id=self.finding, - endpoint_id=self.endpoints_eps['short'] - ).pk, - 'new': Endpoint_Status.objects.create( - last_modified=datetime.datetime(2021, 1, 1, tzinfo=timezone.utc), - mitigated=False, + user = get_user_model().objects.create().pk + + self.finding = Finding.objects.create(test_id=self.test.pk, reporter_id=user).pk + self.endpoint = Endpoint.objects.create(host='foo.bar', product_id=self.product.pk).pk + self.endpoint_status = Endpoint_Status.objects.create( finding_id=self.finding, - endpoint_id=self.endpoints_eps['long'] - ).pk, - } + endpoint_id=self.endpoint + ).pk + Endpoint.objects.get(id=self.endpoint).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status) + ) + Finding.objects.get(id=self.finding).endpoint_status.add( + Endpoint_Status.objects.get(id=self.endpoint_status) + ) + Finding.objects.get(id=self.finding).endpoints.add( + Endpoint.objects.get(id=self.endpoint).pk + ) + + self.presudotest_before_migration() - def test_migration_endpoint(self): + def case_add_status_endpoint(self, endpoint, status): + endpoint.endpoint_status.add(status) + + def case_add_status_finding(self, finding, status): + finding.endpoint_status.add(status) + + def case_from_finding_get_endpoints(self, finding): + return finding.endpoints.all() + + def case_add_endpoint_finding(self, finding, endpoint): + finding.endpoints.add(endpoint) + + def case_list_with_status_finding(self, finding): + return finding.status_finding + + def case_list_with_status_endpoint(self, endpoint): + return endpoint.status_endpoint + + def presudotest_before_migration(self): + Finding = self.old_state.apps.get_model('dojo', 'Finding') + Endpoint = self.old_state.apps.get_model('dojo', 'Endpoint') + Endpoint_Status = self.old_state.apps.get_model('dojo', 'Endpoint_Status') + + with self.subTest('Old: Add existing EPS to endpoint'): + self.case_add_status_endpoint( + Endpoint.objects.get(id=self.endpoint), + Endpoint_Status.objects.get(id=self.endpoint_status), + ) + + with self.subTest('Old: Add existing EPS to finding'): + self.case_add_status_finding( + Finding.objects.get(id=self.finding), + Endpoint_Status.objects.get(id=self.endpoint_status), + ) + + with self.subTest('Old: From finding get endpoints'): + ep = self.case_from_finding_get_endpoints( + Finding.objects.get(id=self.finding), + ).all() + self.assertEqual(ep.all().count(), 1, ep) + + with self.subTest('Old: Add existing endpoint to finding'): + self.case_add_endpoint_finding( + Finding.objects.get(id=self.finding), + Endpoint.objects.get(id=self.endpoint).pk, + ) + + with self.subTest('Old: List EPS from finding'): + eps = self.case_list_with_status_finding( + Finding.objects.get(id=self.finding), + ) + self.assertEqual(eps.all().count(), 1, ep) + self.assertIsInstance(eps.all().first(), Endpoint_Status) + + with self.subTest('Old: List EPS from endpoint'): + with self.assertRaises(AttributeError) as exc: + eps = self.case_list_with_status_endpoint( + Endpoint.objects.get(id=self.endpoint), + ) + self.assertEqual(str(exc.exception), "'Endpoint' object has no attribute 'status_endpoint'") + + def test_after_migration(self): + Finding = self.new_state.apps.get_model('dojo', 'Finding') Endpoint = self.new_state.apps.get_model('dojo', 'Endpoint') Endpoint_Status = self.new_state.apps.get_model('dojo', 'Endpoint_Status') - endpoint = Endpoint.objects.get(pk=self.endpoints['valid_host']) - self.assertEqual(endpoint.host, 'foo.bar') - - endpoint = Endpoint.objects.get(pk=self.endpoints['valid_ip']) - self.assertEqual(endpoint.host, '127.0.0.1') - - endpoint = Endpoint.objects.get(pk=self.endpoints['host_port']) - self.assertEqual(endpoint.host, 'foo.bar') - self.assertEqual(endpoint.port, 22) - - endpoint = Endpoint.objects.get(pk=self.endpoints['ip_port']) - self.assertEqual(endpoint.host, '127.0.0.1') - self.assertEqual(endpoint.port, 22) - - endpoint = Endpoint.objects.get(pk=self.endpoints['url']) - self.assertEqual(endpoint.protocol, 'http') - self.assertEqual(endpoint.host, 'foo.bar') - self.assertEqual(endpoint.port, 80) - self.assertIsNone(endpoint.path) - - endpoint = Endpoint.objects.get(pk=self.endpoints['url_existing_port']) - self.assertEqual(endpoint.port, 4433) - - endpoint = Endpoint.objects.get(pk=self.endpoints['full_url']) - self.assertEqual(endpoint.protocol, 'https') - self.assertEqual(endpoint.userinfo, 'alice') - self.assertEqual(endpoint.host, 'foo.bar') - self.assertEqual(endpoint.port, 4433) - self.assertEqual(endpoint.path, 'path1/path2/') - self.assertEqual(endpoint.query, 'key1=value1&no_value_key') - self.assertEqual(endpoint.fragment, 'fragmentX') - - endpoint = Endpoint.objects.get(pk=self.endpoints['path_with_slash']) - self.assertEqual(endpoint.path, 'test') - - low_id = Endpoint.objects.filter(id=min(self.endpoints_eps.values())) - logger.debug("Low id: {}".format(list(low_id))) - self.assertEqual(low_id.count(), 1) - high_id = Endpoint.objects.filter(id=max(self.endpoints_eps.values())) - logger.debug("High id: {}".format(list(high_id))) - self.assertEqual(high_id.count(), 0) - - eps = Endpoint_Status.objects.filter( - finding_id=self.finding, - endpoint_id__in=self.endpoints_eps.values() - ) - self.assertEqual(eps.count(), 1) - self.assertFalse(eps[0].mitigated) + with self.subTest('New: Add existing EPS to endpoint'): + with self.assertRaises(AttributeError) as exc: + self.case_add_status_endpoint( + Endpoint.objects.get(id=self.endpoint), + Endpoint_Status.objects.get(id=self.endpoint_status), + ) + self.assertEqual(str(exc.exception), "'Endpoint' object has no attribute 'endpoint_status'") + + with self.subTest('New: Add existing EPS to finding'): + with self.assertRaises(AttributeError) as exc: + self.case_add_status_endpoint( + Finding.objects.get(id=self.finding), + Endpoint_Status.objects.get(id=self.endpoint_status), + ) + self.assertEqual(str(exc.exception), "'Finding' object has no attribute 'endpoint_status'") + + with self.subTest('New: From finding get endpoints'): + ep = self.case_from_finding_get_endpoints( + Finding.objects.get(id=self.finding), + ).all() + self.assertEqual(ep.all().count(), 1, ep) + + with self.subTest('New: Add existing endpoint to finding'): + # Yes, this method is still available. It could create Endpoint_Status with default values + self.case_add_endpoint_finding( + Finding.objects.get(id=self.finding), + Endpoint.objects.get(id=self.endpoint), + ) + + with self.subTest('New: List EPS from finding'): + eps = self.case_list_with_status_finding( + Finding.objects.get(id=self.finding), + ) + self.assertEqual(eps.all().count(), 1, ep) + self.assertIsInstance(eps.all().first(), Endpoint_Status) + + with self.subTest('New: List EPS from endpoint'): + eps = self.case_list_with_status_endpoint( + Endpoint.objects.get(id=self.endpoint), + ) + self.assertEqual(eps.all().count(), 1, ep) + self.assertIsInstance(eps.all().first(), Endpoint_Status) diff --git a/unittests/test_parsers.py b/unittests/test_parsers.py new file mode 100644 index 00000000000..9832b7f2b3e --- /dev/null +++ b/unittests/test_parsers.py @@ -0,0 +1,95 @@ +from .dojo_test_case import DojoTestCase, get_unit_tests_path +import os +import re + +basedir = os.path.join(get_unit_tests_path(), '..') + + +class TestParsers(DojoTestCase): + def test_file_existence(self): + for parser_dir in os.scandir(os.path.join(basedir, 'dojo', 'tools')): + + if parser_dir.is_file() or parser_dir.name == '__pycache__': + continue # this is not parser dir but some support file + + if parser_dir.name.startswith("api_"): + doc_name = parser_dir.name[4:] + category = 'api' + else: + doc_name = parser_dir.name + category = 'file' + + if doc_name not in [ + 'checkmarx_osa', # it is documented in 'checkmarx' + ]: + with self.subTest(parser=parser_dir.name, category='docs'): + doc_file = os.path.join(basedir, 'docs', 'content', 'en', 'integrations', 'parsers', category, f"{doc_name}.md") + self.assertTrue( + os.path.isfile(doc_file), + f"Documentation file '{doc_file}' is missing or using different name" + ) + + content = open(doc_file).read() + self.assertTrue(re.search("title:", content), + f"Documentation file '{doc_file}' does not contain a title" + ) + self.assertTrue(re.search("toc_hide: true", content), + f"Documentation file '{doc_file}' does not contain toc_hide: true" + ) + if category == "file": + self.assertTrue(re.search("### Sample Scan Data", content), + f"Documentation file '{doc_file}' does not contain ### Sample Scan Data" + ) + self.assertTrue(re.search("https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans", content), + f"Documentation file '{doc_file}' does not contain https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans" + ) + + if parser_dir.name not in [ + # there is not exception for now + ]: + with self.subTest(parser=parser_dir.name, category='parser'): + parser_test_file = os.path.join(basedir, 'unittests', 'tools', f"test_{parser_dir.name}_parser.py") + self.assertTrue( + os.path.isfile(parser_test_file), + f"Unittest of parser '{parser_test_file}' is missing or using different name" + ) + + if parser_dir.name not in [ + 'vcg', # content of the sample report is string the directly in unittest + ]: + with self.subTest(parser=parser_dir.name, category='testfiles'): + scan_dir = os.path.join(basedir, 'unittests', 'scans', parser_dir.name) + self.assertTrue( + os.path.isdir(scan_dir), + f"Test files for unittest of parser '{scan_dir}' are missing or using different name" + ) + + if category == 'api': + if parser_dir.name not in [ + 'api_blackduck', # TODO + 'api_vulners', # TODO + ]: + with self.subTest(parser=parser_dir.name, category='importer'): + importer_test_file = os.path.join(basedir, 'unittests', 'tools', f"test_{parser_dir.name}_importer.py") + self.assertTrue( + os.path.isfile(importer_test_file), + f"Unittest of importer '{importer_test_file}' is missing or using different name" + ) + for file in os.scandir(os.path.join(basedir, 'dojo', 'tools', parser_dir.name)): + if file.is_file() and file.name != '__pycache__' and file.name != "__init__.py": + f = os.path.join(basedir, 'dojo', 'tools', parser_dir.name, file.name) + read_true = False + for line in open(f, "r").readlines(): + if read_true is True: + if ('"utf-8"' in str(line) or "'utf-8'" in str(line) or '"utf-8-sig"' in str(line) or "'utf-8-sig'" in str(line)) and i <= 4: + read_true = False + i = 0 + elif i > 4: + self.assertTrue(False, "In file " + str(os.path.join('dojo', 'tools', parser_dir.name, file.name)) + " the test is failing because you don't have utf-8 after .read()") + i = 0 + read_true = False + else: + i += 1 + if ".read()" in str(line): + read_true = True + i = 0 diff --git a/unittests/test_pipeline.py b/unittests/test_pipeline.py deleted file mode 100644 index 201f56806fc..00000000000 --- a/unittests/test_pipeline.py +++ /dev/null @@ -1,35 +0,0 @@ -from .dojo_test_case import DojoTestCase -from unittest.mock import patch -from dojo.models import Dojo_User, System_Settings -from dojo.pipeline import modify_permissions - - -class TestPipeline(DojoTestCase): - - @classmethod - def setUpTestData(cls): - cls.user = Dojo_User() - cls.user.id = 1 - - cls.system_settings_email = System_Settings() - cls.system_settings_email.staff_user_email_pattern = '.*@example.com' - - @patch('dojo.models.System_Settings.objects') - def test_modify_permissions_user_is_staff(self, mock): - mock.get.return_value = self.system_settings_email - - self.user.email = 'user.user@example.com' - self.user.is_staff = False - modify_permissions(backend=None, uid=None, user=self.user, is_new=True) - - self.assertTrue(self.user.is_staff) - - @patch('dojo.models.System_Settings.objects') - def test_modify_permissions_user_not_staff(self, mock): - mock.get.return_value = self.system_settings_email - - self.user.email = 'user.user@partner.example.com' - self.user.is_staff = False - modify_permissions(backend=None, uid=None, user=self.user, is_new=True) - - self.assertFalse(self.user.is_staff) diff --git a/unittests/test_remote_user.py b/unittests/test_remote_user.py new file mode 100644 index 00000000000..d764358e11e --- /dev/null +++ b/unittests/test_remote_user.py @@ -0,0 +1,195 @@ +from django.test import Client, override_settings +from netaddr import IPSet +from dojo.models import User, Dojo_Group, Dojo_Group_Member +from .dojo_test_case import DojoTestCase + + +class TestRemoteUser(DojoTestCase): + + client1 = Client() + client2 = Client() + + def setUp(self): + self.user, _ = User.objects.get_or_create( + username='test_remote_user', + first_name='original_first', + last_name='original_last', + email='original@mail.com', + ) + self.group1, _ = Dojo_Group.objects.get_or_create(name="group1", social_provider=Dojo_Group.REMOTE) + self.group2, _ = Dojo_Group.objects.get_or_create(name="group2", social_provider=Dojo_Group.REMOTE) + + @override_settings(AUTH_REMOTEUSER_ENABLED=False) + def test_disabled(self): + resp = self.client1.get('/profile') + self.assertEqual(resp.status_code, 302) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + ) + def test_basic(self): + resp = self.client1.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + # headers={ + # "Remote-User": self.user.username + # } + ) + self.assertEqual(resp.status_code, 200) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_FIRSTNAME_HEADER="HTTP_REMOTE_FIRSTNAME", + AUTH_REMOTEUSER_LASTNAME_HEADER="HTTP_REMOTE_LASTNAME", + AUTH_REMOTEUSER_EMAIL_HEADER="HTTP_REMOTE_EMAIL", + ) + def test_update_user(self): + resp = self.client1.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_FIRSTNAME="new_first", + HTTP_REMOTE_LASTNAME="new_last", + HTTP_REMOTE_EMAIL="new@mail.com", + # headers = { + # "Remote-User": self.user.username, + # "Remote-Firstname": "new_first", + # "Remote-Lastname": "new_last", + # "Remote-Email": "new@mail.com", + # } + ) + self.assertEqual(resp.status_code, 200) + updated_user = User.objects.get(pk=self.user.pk) + self.assertEqual(updated_user.first_name, "new_first") + self.assertEqual(updated_user.last_name, "new_last") + self.assertEqual(updated_user.email, "new@mail.com") + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_GROUPS_HEADER="HTTP_REMOTE_GROUPS", + AUTH_REMOTEUSER_GROUPS_CLEANUP=True, + ) + def test_update_groups_cleanup(self): + resp = self.client1.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_GROUPS=self.group1.name, + # headers = { + # "Remote-User": self.user.username, + # "Remote-Groups": self.group1.name, + # } + ) + self.assertEqual(resp.status_code, 200) + dgms = Dojo_Group_Member.objects.filter(user=self.user) + self.assertEqual(dgms.count(), 1) + self.assertEqual(dgms.first().group.name, self.group1.name) + + resp = self.client2.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_GROUPS=self.group2.name, + # headers = { + # "Remote-User": self.user.username, + # "Remote-Groups": self.group2.name, + # } + ) + self.assertEqual(resp.status_code, 200) + dgms = Dojo_Group_Member.objects.all().filter(user=self.user) + self.assertEqual(dgms.count(), 1) + self.assertEqual(dgms.first().group.name, self.group2.name) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_GROUPS_HEADER="HTTP_REMOTE_GROUPS", + AUTH_REMOTEUSER_GROUPS_CLEANUP=True, + ) + def test_update_multiple_groups_cleanup(self): + resp = self.client1.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_GROUPS=f"{self.group1.name},{self.group2.name}", + # headers = { + # "Remote-User": self.user.username, + # "Remote-Groups": f"{self.group1.name},{self.group2.name}", + # } + ) + self.assertEqual(resp.status_code, 200) + dgms = Dojo_Group_Member.objects.filter(user=self.user) + self.assertEqual(dgms.count(), 2) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_GROUPS_HEADER="HTTP_REMOTE_GROUPS", + AUTH_REMOTEUSER_GROUPS_CLEANUP=False, + ) + def test_update_groups_no_cleanup(self): + resp = self.client1.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_GROUPS=self.group1.name, + # headers = { + # "Remote-User": self.user.username, + # "Remote-Groups": self.group1.name, + # } + ) + self.assertEqual(resp.status_code, 200) + + resp = self.client2.get('/profile', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + HTTP_REMOTE_GROUPS=self.group2.name, + # headers = { + # "Remote-User": self.user.username, + # "Remote-Groups": self.group2.name, + # } + ) + self.assertEqual(resp.status_code, 200) + dgms = Dojo_Group_Member.objects.filter(user=self.user) + self.assertEqual(dgms.count(), 2) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_TRUSTED_PROXY=IPSet(['192.168.0.0/24', '192.168.2.0/24']), + ) + def test_trusted_proxy(self): + resp = self.client1.get('/profile', + REMOTE_ADDR='192.168.0.42', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + # headers = { + # "Remote-User": self.user.username, + # } + ) + self.assertEqual(resp.status_code, 200) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_REMOTE_USER", + AUTH_REMOTEUSER_TRUSTED_PROXY=IPSet(['192.168.0.0/24', '192.168.2.0/24']), + ) + def test_untrusted_proxy(self): + with self.assertLogs('dojo.remote_user', level='DEBUG') as cm: + resp = self.client1.get('/profile', + REMOTE_ADDR='192.168.1.42', + # TODO - This can be replaced by following lines in the future + # Using of "headers" is supported since Django 4.2 + HTTP_REMOTE_USER=self.user.username, + # headers = { + # "Remote-User": self.user.username, + # } + ) + self.assertEqual(resp.status_code, 302) + self.assertIn('Requested came from untrusted proxy', cm.output[0]) diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py index aa315c802db..01d6ed27492 100644 --- a/unittests/test_rest_framework.py +++ b/unittests/test_rest_framework.py @@ -2,28 +2,36 @@ from drf_spectacular.drainage import GENERATOR_STATS # from drf_spectacular.renderers import OpenApiJsonRenderer from unittest.mock import MagicMock, call, patch, ANY -from dojo.models import Product, Engagement, Test, Finding, \ - JIRA_Issue, Tool_Product_Settings, Tool_Configuration, Tool_Type, \ +from dojo.models import Development_Environment, Product, Engagement, Test, Finding, \ + JIRA_Issue, Test_Type, Tool_Product_Settings, Tool_Configuration, Tool_Type, \ User, Stub_Finding, Endpoint, JIRA_Project, JIRA_Instance, \ Finding_Template, Note_Type, App_Analysis, Endpoint_Status, \ Sonarqube_Issue, Sonarqube_Issue_Transition, Product_API_Scan_Configuration, Notes, \ BurpRawRequestResponse, DojoMeta, FileUpload, Product_Type, Dojo_Group, \ - Role, Product_Type_Member, Product_Member, Product_Type_Group, \ + Role, Product_Type_Member, Product_Member, Product_Type_Group, Risk_Acceptance, \ Product_Group, Global_Role, Dojo_Group_Member, Language_Type, Languages, \ - Notifications, UserContactInfo -from dojo.api_v2.views import EndPointViewSet, EngagementViewSet, \ + Notifications, UserContactInfo, Cred_Mapping, Cred_User, \ + TextQuestion, ChoiceQuestion, TextAnswer, ChoiceAnswer, Engagement_Survey, \ + Answered_Survey, General_Survey, Announcement +from dojo.api_v2.views import DevelopmentEnvironmentViewSet, EndPointViewSet, EngagementViewSet, \ FindingTemplatesViewSet, FindingViewSet, JiraInstanceViewSet, \ JiraIssuesViewSet, JiraProjectViewSet, ProductViewSet, \ - StubFindingsViewSet, TestsViewSet, \ + StubFindingsViewSet, TestTypesViewSet, TestsViewSet, \ ToolConfigurationsViewSet, ToolProductSettingsViewSet, ToolTypesViewSet, \ UsersViewSet, ImportScanView, NoteTypeViewSet, AppAnalysisViewSet, \ EndpointStatusViewSet, SonarqubeIssueViewSet, NotesViewSet, ProductTypeViewSet, \ DojoGroupViewSet, RoleViewSet, ProductTypeMemberViewSet, ProductMemberViewSet, \ - ProductTypeGroupViewSet, ProductGroupViewSet, GlobalRoleViewSet, \ + ProductTypeGroupViewSet, ProductGroupViewSet, GlobalRoleViewSet, RiskAcceptanceViewSet, \ DojoGroupMemberViewSet, LanguageTypeViewSet, LanguageViewSet, ImportLanguagesView, \ - NotificationsViewSet, UserContactInfoViewSet, ProductAPIScanConfigurationViewSet + NotificationsViewSet, UserContactInfoViewSet, ProductAPIScanConfigurationViewSet, \ + ConfigurationPermissionViewSet, CredentialsMappingViewSet, \ + CredentialsViewSet, QuestionnaireQuestionViewSet, QuestionnaireAnswerViewSet, \ + QuestionnaireGeneralSurveyViewSet, QuestionnaireEngagementSurveyViewSet, QuestionnaireAnsweredSurveyViewSet, \ + AnnouncementViewSet from json import dumps +from enum import Enum from django.urls import reverse +from django.contrib.auth.models import Permission from rest_framework import status from rest_framework.authtoken.models import Token from rest_framework.test import APIClient @@ -32,6 +40,7 @@ from rest_framework.mixins import \ ListModelMixin, RetrieveModelMixin, CreateModelMixin, \ DestroyModelMixin, UpdateModelMixin +from dojo.api_v2.mixins import DeletePreviewModelMixin from dojo.api_v2.prefetch import PrefetchListMixin, PrefetchRetrieveMixin from drf_spectacular.settings import spectacular_settings import logging @@ -257,6 +266,12 @@ def _check(schema, obj): assert not self._has_failed, "\n" + '\n'.join(self._errors) + "\nFailed with " + str(len(self._errors)) + " errors" +class TestType(Enum): + STANDARD = 1 + OBJECT_PERMISSIONS = 2 + CONFIGURATION_PERMISSIONS = 3 + + class BaseClass(): class RESTEndpointTest(DojoAPITestCase): def __init__(self, *args, **kwargs): @@ -332,7 +347,7 @@ def test_list(self): self.assertEqual(len(check_for_tags), len(result.get('tags', None))) for tag in check_for_tags: # logger.debug('looking for tag %s in tag list %s', tag, result['tags']) - self.assertTrue(tag in result['tags']) + self.assertIn(tag, result['tags']) tags_found = True self.assertTrue(tags_found) @@ -354,7 +369,7 @@ def test_create(self): self.assertEqual(len(self.payload.get('tags')), len(response.data.get('tags', None))) for tag in self.payload.get('tags'): # logger.debug('looking for tag %s in tag list %s', tag, response.data['tags']) - self.assertTrue(tag in response.data['tags']) + self.assertIn(tag, response.data['tags']) self.check_schema_response('post', '201', response) @@ -366,9 +381,9 @@ def test_detail(self): self.assertEqual(200, response.status_code, response.content[:1000]) # sensitive data must be set to write_only so those are not returned in the response # https://github.com/DefectDojo/django-DefectDojo/security/advisories/GHSA-8q8j-7wc4-vjg5 - self.assertFalse('password' in response.data) - self.assertFalse('ssh' in response.data) - self.assertFalse('api_key' in response.data) + self.assertNotIn('password', response.data) + self.assertNotIn('ssh', response.data) + self.assertNotIn('api_key', response.data) self.check_schema_response('get', '200', response, detail=True) @@ -403,16 +418,16 @@ def test_update(self): response_data = response.data[key] self.assertEqual(value, response_data) - self.assertFalse('push_to_jira' in response.data) - self.assertFalse('ssh' in response.data) - self.assertFalse('password' in response.data) - self.assertFalse('api_key' in response.data) + self.assertNotIn('push_to_jira', response.data) + self.assertNotIn('ssh', response.data) + self.assertNotIn('password', response.data) + self.assertNotIn('api_key', response.data) if hasattr(self.endpoint_model, 'tags') and self.update_fields and self.update_fields.get('tags', None): self.assertEqual(len(self.update_fields.get('tags')), len(response.data.get('tags', None))) for tag in self.update_fields.get('tags'): logger.debug('looking for tag %s in tag list %s', tag, response.data['tags']) - self.assertTrue(tag in response.data['tags']) + self.assertIn(tag, response.data['tags']) response = self.client.put( relative_url, self.payload) @@ -422,6 +437,35 @@ def test_update(self): self.check_schema_response('put', '200', response, detail=True) + @skipIfNotSubclass(DeletePreviewModelMixin) + def test_delete_preview(self): + current_objects = self.client.get(self.url, format='json').data + relative_url = self.url + '%s/delete_preview/' % current_objects['results'][0]['id'] + response = self.client.get(relative_url) + # print('delete_preview response.data') + + self.assertEqual(200, response.status_code, response.content[:1000]) + + self.check_schema_response('get', '200', response, detail=True) + + self.assertNotIn('push_to_jira', response.data) + self.assertNotIn('password', response.data) + self.assertNotIn('ssh', response.data) + self.assertNotIn('api_key', response.data) + + self.assertIsInstance(response.data['results'], list) + self.assertGreater(len(response.data['results']), 0, "Length: {}".format(len(response.data['results']))) + + for obj in response.data['results']: + self.assertIsInstance(obj, dict) + self.assertEqual(len(obj), 3) + self.assertIsInstance(obj['model'], str) + if obj['id']: # It needs to be None or int + self.assertIsInstance(obj['id'], int) + self.assertIsInstance(obj['name'], str) + + self.assertEqual(self.deleted_objects, len(response.data['results']), response.content[:1000]) + @skipIfNotSubclass(PrefetchRetrieveMixin) def test_detail_prefetch(self): # print("=======================================================") @@ -435,18 +479,18 @@ def test_detail_prefetch(self): self.assertEqual(200, response.status_code) obj = response.data - self.assertTrue("prefetch" in obj) + self.assertIn("prefetch", obj) for field in prefetchable_fields: field_value = obj.get(field, None) if field_value is None: continue - self.assertTrue(field in obj["prefetch"]) - values = field_value if type(field_value) is list else [field_value] + self.assertIn(field, obj["prefetch"]) + values = field_value if isinstance(field_value, list) else [field_value] for value in values: - self.assertTrue(value in obj["prefetch"][field]) + self.assertIn(value, obj["prefetch"][field]) # TODO add schema check @@ -460,8 +504,8 @@ def test_list_prefetch(self): self.assertEqual(200, response.status_code) objs = response.data - self.assertTrue("results" in objs) - self.assertTrue("prefetch" in objs) + self.assertIn("results", objs) + self.assertIn("prefetch", objs) for obj in objs["results"]: for field in prefetchable_fields: @@ -469,13 +513,13 @@ def test_list_prefetch(self): if field_value is None: continue - self.assertTrue(field in objs["prefetch"]) - values = field_value if type(field_value) is list else [field_value] + self.assertIn(field, objs["prefetch"]) + values = field_value if isinstance(field_value, list) else [field_value] for value in values: - if type(value) is not int: + if not isinstance(value, int): value = value['id'] - self.assertTrue(value in objs["prefetch"][field]) + self.assertIn(value, objs["prefetch"][field]) # TODO add schema check @@ -498,8 +542,8 @@ def setUp_global_owner(self): self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key) @skipIfNotSubclass(ListModelMixin) - def test_list_not_authorized(self): - if not self.object_permission: + def test_list_object_not_authorized(self): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') self.setUp_not_authorized() @@ -509,8 +553,8 @@ def test_list_not_authorized(self): self.assertEqual(200, response.status_code, response.content[:1000]) @skipIfNotSubclass(RetrieveModelMixin) - def test_detail_not_authorized(self): - if not self.object_permission: + def test_detail_object_not_authorized(self): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') self.setUp_not_authorized() @@ -522,8 +566,8 @@ def test_detail_not_authorized(self): @skipIfNotSubclass(CreateModelMixin) @patch('dojo.api_v2.permissions.user_has_permission') - def test_create_not_authorized(self, mock): - if not self.object_permission: + def test_create_object_not_authorized(self, mock): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') mock.return_value = False @@ -536,23 +580,31 @@ def test_create_not_authorized(self, mock): @skipIfNotSubclass(DestroyModelMixin) @patch('dojo.api_v2.permissions.user_has_permission') - def test_delete_not_authorized(self, mock): - if not self.object_permission: + def test_delete_object_not_authorized(self, mock): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') mock.return_value = False current_objects = self.client.get(self.url, format='json').data relative_url = self.url + '%s/' % current_objects['results'][0]['id'] - response = self.client.delete(relative_url) + self.client.delete(relative_url) + + if self.endpoint_model == Endpoint_Status: + permission_object = Endpoint.objects.get(id=current_objects['results'][0]['endpoint']) + elif self.endpoint_model == JIRA_Issue: + permission_object = Finding.objects.get(id=current_objects['results'][0]['finding']) + else: + permission_object = self.permission_check_class.objects.get(id=current_objects['results'][0]['id']) + mock.assert_called_with(User.objects.get(username='admin'), - self.permission_check_class.objects.get(id=self.permission_check_id), + permission_object, self.permission_delete) @skipIfNotSubclass(UpdateModelMixin) @patch('dojo.api_v2.permissions.user_has_permission') - def test_update_not_authorized(self, mock): - if not self.object_permission: + def test_update_object_not_authorized(self, mock): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') mock.return_value = False @@ -560,18 +612,85 @@ def test_update_not_authorized(self, mock): current_objects = self.client.get(self.url, format='json').data relative_url = self.url + '%s/' % current_objects['results'][0]['id'] + if self.endpoint_model == Endpoint_Status: + permission_object = Endpoint.objects.get(id=current_objects['results'][0]['endpoint']) + elif self.endpoint_model == JIRA_Issue: + permission_object = Finding.objects.get(id=current_objects['results'][0]['finding']) + else: + permission_object = self.permission_check_class.objects.get(id=current_objects['results'][0]['id']) + response = self.client.patch(relative_url, self.update_fields) self.assertEqual(403, response.status_code, response.content[:1000]) mock.assert_called_with(User.objects.get(username='admin'), - self.permission_check_class.objects.get(id=self.permission_check_id), + permission_object, self.permission_update) response = self.client.put(relative_url, self.payload) self.assertEqual(403, response.status_code, response.content[:1000]) mock.assert_called_with(User.objects.get(username='admin'), - self.permission_check_class.objects.get(id=self.permission_check_id), + permission_object, self.permission_update) + @skipIfNotSubclass(ListModelMixin) + def test_list_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + response = self.client.get(self.url, format='json') + self.assertEqual(403, response.status_code, response.content[:1000]) + + @skipIfNotSubclass(RetrieveModelMixin) + def test_detail_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + current_objects = self.endpoint_model.objects.all() + relative_url = self.url + '%s/' % current_objects[0].id + response = self.client.get(relative_url) + self.assertEqual(403, response.status_code, response.content[:1000]) + + @skipIfNotSubclass(CreateModelMixin) + def test_create_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + response = self.client.post(self.url, self.payload) + self.assertEqual(403, response.status_code, response.content[:1000]) + + @skipIfNotSubclass(DestroyModelMixin) + def test_delete_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + current_objects = self.endpoint_model.objects.all() + relative_url = self.url + '%s/' % current_objects[0].id + response = self.client.delete(relative_url) + self.assertEqual(403, response.status_code, response.content[:1000]) + + @skipIfNotSubclass(UpdateModelMixin) + def test_update_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + current_objects = self.endpoint_model.objects.all() + relative_url = self.url + '%s/' % current_objects[0].id + + response = self.client.patch(relative_url, self.update_fields) + self.assertEqual(403, response.status_code, response.content[:1000]) + + response = self.client.put(relative_url, self.payload) + self.assertEqual(403, response.status_code, response.content[:1000]) + class MemberEndpointTest(RESTEndpointTest): def __init__(self, *args, **kwargs): BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -589,8 +708,8 @@ def test_update(self): @skipIfNotSubclass(UpdateModelMixin) @patch('dojo.api_v2.permissions.user_has_permission') - def test_update_not_authorized(self, mock): - if not self.object_permission: + def test_update_object_not_authorized(self, mock): + if not self.test_type == TestType.OBJECT_PERMISSIONS: self.skipTest('Authorization is not object based') mock.return_value = False @@ -601,9 +720,35 @@ def test_update_not_authorized(self, mock): response = self.client.put(relative_url, self.payload) self.assertEqual(403, response.status_code, response.content[:1000]) mock.assert_called_with(User.objects.get(username='admin'), - self.permission_check_class.objects.get(id=self.permission_check_id), + self.permission_check_class.objects.get(id=current_objects['results'][0]['id']), self.permission_update) + class AuthenticatedViewTest(RESTEndpointTest): + def __init__(self, *args, **kwargs): + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + @skipIfNotSubclass(ListModelMixin) + def test_list_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + response = self.client.get(self.url, format='json') + self.assertEqual(200, response.status_code, response.content[:1000]) + + @skipIfNotSubclass(RetrieveModelMixin) + def test_detail_configuration_not_authorized(self): + if not self.test_type == TestType.CONFIGURATION_PERMISSIONS: + self.skipTest('Authorization is not configuration based') + + self.setUp_not_authorized() + + current_objects = self.endpoint_model.objects.all() + relative_url = self.url + '%s/' % current_objects[0].id + response = self.client.get(relative_url) + self.assertEqual(200, response.status_code, response.content[:1000]) + class AppAnalysisTest(BaseClass.RESTEndpointTest): fixtures = ['dojo_testdata.json'] @@ -625,12 +770,12 @@ def __init__(self, *args, **kwargs): 'created': '2018-08-16T16:58:23.908Z' } self.update_fields = {'version': '9.0'} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product - self.permission_check_id = 1 self.permission_create = Permissions.Technology_Add self.permission_update = Permissions.Technology_Edit self.permission_delete = Permissions.Technology_Delete + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -644,22 +789,86 @@ def __init__(self, *args, **kwargs): self.viewset = EndpointStatusViewSet self.payload = { 'endpoint': 2, - 'finding': 2, + 'finding': 3, 'mitigated': False, 'false_positive': False, 'risk_accepted': False, 'out_of_scope': False, - "date": "2017-01-12T00:00", + "date": "2017-01-12", } self.update_fields = {'mitigated': True} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Endpoint - self.permission_check_id = 2 self.permission_create = Permissions.Endpoint_Edit self.permission_update = Permissions.Endpoint_Edit self.permission_delete = Permissions.Endpoint_Edit + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + def test_create_unsuccessful(self): + unsucessful_payload = self.payload.copy() + unsucessful_payload['finding'] = 2 + response = self.client.post(self.url, unsucessful_payload) + logger.debug('test_create_response:') + logger.debug(response) + logger.debug(response.data) + self.assertEqual(400, response.status_code, response.content[:1000]) + self.assertIn('This endpoint-finding relation already exists', response.content.decode("utf-8")) + + def test_create_minimal(self): + # This call should not fail even if there is not date defined + minimal_payload = { + 'endpoint': 1, + 'finding': 3, + } + response = self.client.post(self.url, minimal_payload) + logger.debug('test_create_response:') + logger.debug(response) + logger.debug(response.data) + self.assertEqual(201, response.status_code, response.content[:1000]) + + def test_update_patch_unsuccessful(self): + anoher_finding_payload = self.payload.copy() + anoher_finding_payload['finding'] = 3 + response = self.client.post(self.url, anoher_finding_payload) + + current_objects = self.client.get(self.url, format='json').data + + object1 = current_objects['results'][0] + object2 = current_objects['results'][1] + + unsucessful_payload = { + 'endpoint': object2['endpoint'], + 'finding': object2['finding'] + } + + relative_url = self.url + '%s/' % object1['id'] + + response = self.client.patch(relative_url, unsucessful_payload) + self.assertEqual(400, response.status_code, response.content[:1000]) + self.assertIn('This endpoint-finding relation already exists', response.content.decode("utf-8")) + + def test_update_put_unsuccessful(self): + anoher_finding_payload = self.payload.copy() + anoher_finding_payload['finding'] = 3 + response = self.client.post(self.url, anoher_finding_payload) + + current_objects = self.client.get(self.url, format='json').data + + object1 = current_objects['results'][0] + object2 = current_objects['results'][1] + + unsucessful_payload = { + 'endpoint': object2['endpoint'], + 'finding': object2['finding'] + } + + relative_url = self.url + '%s/' % object1['id'] + + response = self.client.put(relative_url, unsucessful_payload) + self.assertEqual(400, response.status_code, response.content[:1000]) + self.assertIn('This endpoint-finding relation already exists', response.content.decode("utf-8")) + class EndpointTest(BaseClass.RESTEndpointTest): fixtures = ['dojo_testdata.json'] @@ -679,12 +888,12 @@ def __init__(self, *args, **kwargs): "tags": ["mytag", "yourtag"] } self.update_fields = {'protocol': 'ftp', 'tags': ['one_new_tag']} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Endpoint - self.permission_check_id = 2 self.permission_create = Permissions.Endpoint_Add self.permission_update = Permissions.Endpoint_Edit self.permission_delete = Permissions.Endpoint_Delete + self.deleted_objects = 2 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -710,15 +919,61 @@ def __init__(self, *args, **kwargs): "tags": ["mytag"] } self.update_fields = {'version': 'latest'} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Engagement - self.permission_check_id = 1 self.permission_create = Permissions.Engagement_Add self.permission_update = Permissions.Engagement_Edit self.permission_delete = Permissions.Engagement_Delete + self.deleted_objects = 23 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) +class RiskAcceptanceTest(BaseClass.RESTEndpointTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Risk_Acceptance + self.endpoint_path = 'risk_acceptance' + self.viewname = 'risk_acceptance' + self.viewset = RiskAcceptanceViewSet + self.payload = { + "id": 1, + "recommendation": "Fix (The risk is eradicated)", + "decision": "Accept (The risk is acknowledged, yet remains)", + "path": "No proof has been supplied", + "name": "string", + "recommendation_details": "string", + "decision_details": "string", + "accepted_by": "string", + "expiration_date": "2023-09-15T17:16:52.989000Z", + "expiration_date_warned": "2023-09-15T17:16:52.989000Z", + "expiration_date_handled": "2023-09-15T17:16:52.989000Z", + "reactivate_expired": True, + "restart_sla_expired": True, + "created": "2020-11-09T23:13:08.520000Z", + "updated": "2023-09-15T17:17:39.462854Z", + "owner": 1, + "accepted_findings": [ + 4 + ], + "notes": [] + } + self.update_fields = {'name': 'newName'} + self.test_type = TestType.OBJECT_PERMISSIONS + self.permission_check_class = Risk_Acceptance + self.permission_create = Permissions.Risk_Acceptance + self.permission_update = Permissions.Risk_Acceptance + self.permission_delete = Permissions.Risk_Acceptance + self.deleted_objects = 3 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + def test_create_object_not_authorized(self): + self.setUp_not_authorized() + + response = self.client.post(self.url, self.payload) + self.assertEqual(403, response.status_code, response.content[:1000]) + + class FindingRequestResponseTest(DojoAPITestCase): fixtures = ['dojo_testdata.json'] @@ -744,41 +999,47 @@ def test_request_response_get(self): self.assertEqual(200, response.status_code, response.content[:1000]) -class FindingFilesTest(DojoAPITestCase): +class FilesTest(DojoAPITestCase): fixtures = ['dojo_testdata.json'] def setUp(self): testuser = User.objects.get(username='admin') token = Token.objects.get(user=testuser) self.client = APIClient() - self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key) + self.client.credentials(HTTP_AUTHORIZATION=f'Token {token.key}') + self.path = pathlib.Path(__file__).parent.absolute() + # model: file_id + self.url_levels = { + 'findings/7': 0, + 'tests/3': 0, + 'engagements/1': 0 + } - def test_request_response_post(self): - url_levels = [ - 'findings/7', - 'tests/3', - 'engagements/1' - ] - path = pathlib.Path(__file__).parent.absolute() - # print(path) - for level in url_levels: + def test_request_response_post_and_download(self): + # Test the creation + for level in self.url_levels.keys(): length = FileUpload.objects.count() payload = { "title": level, - "file": open(str(path) + '/scans/acunetix/one_finding.xml') + "file": open(f'{str(self.path)}/scans/acunetix/one_finding.xml', 'r') } - response = self.client.post('/api/v2/' + level + '/files/', payload) + response = self.client.post(f'/api/v2/{level}/files/', payload) self.assertEqual(201, response.status_code, response.data) self.assertEqual(FileUpload.objects.count(), length + 1) + # Save the ID of the newly created file object + self.url_levels[level] = response.data.get('id') + # Test the download + with open(f'{str(self.path)}/scans/acunetix/one_finding.xml', 'r') as file: + file_data = file.read() + for level, file_id in self.url_levels.items(): + response = self.client.get(f'/api/v2/{level}/files/download/{file_id}/') + self.assertEqual(200, response.status_code) + downloaded_file = b''.join(response.streaming_content).decode().replace('\\n', '\n') + self.assertEqual(file_data, downloaded_file) def test_request_response_get(self): - url_levels = [ - 'findings/7', - 'tests/3', - 'engagements/1' - ] - for level in url_levels: - response = self.client.get('/api/v2/' + level + '/files/') + for level in self.url_levels.keys(): + response = self.client.get(f'/api/v2/{level}/files/') self.assertEqual(200, response.status_code) @@ -824,12 +1085,12 @@ def __init__(self, *args, **kwargs): "tags": ['tag1', 'tag_2'], } self.update_fields = {'duplicate': False, 'active': True, "push_to_jira": "True", 'tags': ['finding_tag_new']} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Finding - self.permission_check_id = 3 self.permission_create = Permissions.Finding_Add self.permission_update = Permissions.Finding_Edit self.permission_delete = Permissions.Finding_Delete + self.deleted_objects = 2 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) def test_duplicate(self): @@ -858,6 +1119,37 @@ def test_duplicate(self): assert not result_json["duplicate"] assert result_json["duplicate_finding"] is None + def test_filter_steps_to_reproduce(self): + # Confirm initial data + result = self.client.get(self.url + '?steps_to_reproduce=lorem') + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not filter on steps_to_reproduce") + result_json = result.json() + assert result_json["count"] == 0 + + # Set steps to reproduce + result = self.client.patch(self.url + "2/", data={"steps_to_reproduce": "Lorem ipsum dolor sit amet"}) + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not patch finding with steps to reproduce") + assert result.json()["steps_to_reproduce"] == "Lorem ipsum dolor sit amet" + result = self.client.patch(self.url + "3/", data={"steps_to_reproduce": "Ut enim ad minim veniam"}) + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not patch finding with steps to reproduce") + assert result.json()["steps_to_reproduce"] == "Ut enim ad minim veniam" + + # Test + result = self.client.get(self.url + "?steps_to_reproduce=lorem") + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not filter on steps_to_reproduce") + result_json = result.json() + assert result_json["count"] == 1 + assert result_json["results"][0]["id"] == 2 + assert result_json["results"][0]["steps_to_reproduce"] == "Lorem ipsum dolor sit amet" + + # Set steps to reproduce + result = self.client.patch(self.url + "2/", data={"steps_to_reproduce": ""}) + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not patch finding with steps to reproduce") + assert result.json()["steps_to_reproduce"] == "" + result = self.client.patch(self.url + "3/", data={"steps_to_reproduce": ""}) + self.assertEqual(result.status_code, status.HTTP_200_OK, "Could not patch finding with steps to reproduce") + assert result.json()["steps_to_reproduce"] == "" + class FindingMetadataTest(BaseClass.RESTEndpointTest): fixtures = ['dojo_testdata.json'] @@ -868,7 +1160,8 @@ def __init__(self, *args, **kwargs): self.viewname = 'finding' self.viewset = FindingViewSet self.payload = {} - self.object_permission = False + self.test_type = TestType.STANDARD + self.deleted_objects = 3 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) def setUp(self): @@ -938,7 +1231,8 @@ def __init__(self, *args, **kwargs): "references": "", } self.update_fields = {'references': 'some reference'} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -967,7 +1261,8 @@ def __init__(self, *args, **kwargs): "global_jira_sla_notification": False } self.update_fields = {'epic_name_id': 1} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -985,12 +1280,12 @@ def __init__(self, *args, **kwargs): "finding": 2, } self.update_fields = {'jira_change': '2022-01-02T13:47:38.021481Z'} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Finding - self.permission_check_id = 5 self.permission_create = Permissions.Finding_Edit self.permission_update = Permissions.Finding_Edit self.permission_delete = Permissions.Finding_Edit + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1012,12 +1307,12 @@ def __init__(self, *args, **kwargs): "jira_instance": 2, } self.update_fields = {'jira_instance': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product - self.permission_check_id = 1 self.permission_create = Permissions.Product_Edit self.permission_update = Permissions.Product_Edit self.permission_delete = Permissions.Product_Edit + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1035,7 +1330,8 @@ def __init__(self, *args, **kwargs): "type": "VULNERABILITY" } self.update_fields = {'key': 'AREwS5n5TxsFUNm31CxP'} - self.object_permission = False + self.test_type = TestType.STANDARD + self.deleted_objects = 2 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1054,7 +1350,7 @@ def __init__(self, *args, **kwargs): "transitions": "confirm" } self.update_fields = {'sonarqube_status': 'CLOSED'} - self.object_permission = False + self.test_type = TestType.STANDARD BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1072,12 +1368,12 @@ def __init__(self, *args, **kwargs): "tool_configuration": 3 } self.update_fields = {'tool_configuration': 2} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_API_Scan_Configuration - self.permission_check_id = 1 self.permission_create = Permissions.Product_API_Scan_Configuration_Add self.permission_update = Permissions.Product_API_Scan_Configuration_Edit self.permission_delete = Permissions.Product_API_Scan_Configuration_Delete + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1099,12 +1395,12 @@ def __init__(self, *args, **kwargs): "tags": ["mytag, yourtag"] } self.update_fields = {'prod_type': 2} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product - self.permission_check_id = 1 self.permission_create = Permissions.Product_Type_Add_Product self.permission_update = Permissions.Product_Edit self.permission_delete = Permissions.Product_Delete + self.deleted_objects = 25 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1125,12 +1421,12 @@ def __init__(self, *args, **kwargs): "test": 3, } self.update_fields = {'severity': 'LOW'} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Stub_Finding - self.permission_check_id = 2 self.permission_create = Permissions.Finding_Add self.permission_update = Permissions.Finding_Edit self.permission_delete = Permissions.Finding_Delete + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1159,12 +1455,12 @@ def __init__(self, *args, **kwargs): "commit_hash": "1234567890abcdefghijkl", } self.update_fields = {'percent_complete': 100} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Test - self.permission_check_id = 3 self.permission_create = Permissions.Test_Add self.permission_update = Permissions.Test_Edit self.permission_delete = Permissions.Test_Delete + self.deleted_objects = 18 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1177,7 +1473,7 @@ def __init__(self, *args, **kwargs): self.endpoint_path = 'tool_configurations' self.viewset = ToolConfigurationsViewSet self.payload = { - "configuration_url": "http://www.example.com", + "url": "http://www.example.com", "name": "Tool Configuration", "description": "", "authentication_type": "API", @@ -1189,7 +1485,8 @@ def __init__(self, *args, **kwargs): "tool_type": 1, } self.update_fields = {'ssh': 'test string'} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 2 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1210,12 +1507,12 @@ def __init__(self, *args, **kwargs): "product": 2, } self.update_fields = {'tool_project_id': '2'} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product - self.permission_check_id = 1 self.permission_create = Permissions.Product_Edit self.permission_update = Permissions.Product_Edit self.permission_delete = Permissions.Product_Edit + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1232,7 +1529,8 @@ def __init__(self, *args, **kwargs): "description": "test tool type" } self.update_fields = {'description': 'changed description'} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 3 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1252,7 +1550,8 @@ def __init__(self, *args, **kwargs): "is_mandatory": False } self.update_fields = {'description': 'changed description'} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1271,7 +1570,7 @@ def __init__(self, *args, **kwargs): "editor": '{"username": "user1"}' } self.update_fields = {'entry': 'changed entry'} - self.object_permission = False + self.test_type = TestType.STANDARD BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1289,11 +1588,36 @@ def __init__(self, *args, **kwargs): "last_name": "user", "email": "example@email.com", "is_active": True, + "configuration_permissions": [217, 218] } - self.update_fields = {"first_name": "test changed"} - self.object_permission = False + self.update_fields = {"first_name": "test changed", "configuration_permissions": [219, 220]} + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 19 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + def test_create_user_with_non_configuration_permissions(self): + payload = self.payload.copy() + payload['configuration_permissions'] = [25, 26] # these permissions exist but user can not assign them becaause they are not "configuration_permissions" + response = self.client.post(self.url, payload) + self.assertEqual(response.status_code, 400) + self.assertIn('object does not exist', response.data['message']) + + def test_update_user_with_non_configuration_permissions(self): + payload = {} + payload['configuration_permissions'] = [25, 26] # these permissions exist but user can not assign them becaause they are not "configuration_permissions" + response = self.client.patch(self.url + '3/', payload) + self.assertEqual(response.status_code, 400) + self.assertIn('object does not exist', response.data['message']) + + def test_update_user_other_permissions_will_not_leak_and_stay_untouched(self): + payload = {} + payload['configuration_permissions'] = [217, 218, 219] + response = self.client.patch(self.url + '6/', payload) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.data['configuration_permissions'], payload['configuration_permissions']) + user_permissions = User.objects.get(username='user5').user_permissions.all().values_list('id', flat=True) + self.assertEqual(set(user_permissions), set(payload['configuration_permissions'] + [26, 28])) + class UserContactInfoTest(BaseClass.RESTEndpointTest): fixtures = ['dojo_testdata.json'] @@ -1311,7 +1635,8 @@ def __init__(self, *args, **kwargs): "twitter_username": "defectdojo", } self.update_fields = {"title": "Lady"} - self.object_permission = False + self.test_type = TestType.STANDARD + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1354,7 +1679,7 @@ def __init__(self, *args, **kwargs): "tags": ["ci/cd", "api"], "version": "1.0.0", } - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_create = Permissions.Import_Scan_Result BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -1959,14 +2284,14 @@ def __init__(self, *args, **kwargs): "critical_product": False } self.update_fields = {'description': "changed"} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_Type - self.permission_check_id = 1 self.permission_update = Permissions.Product_Type_Edit self.permission_delete = Permissions.Product_Type_Delete + self.deleted_objects = 25 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) - def test_create_not_authorized(self): + def test_create_object_not_authorized(self): self.setUp_not_authorized() response = self.client.post(self.url, self.payload) @@ -1996,22 +2321,23 @@ def __init__(self, *args, **kwargs): self.payload = { "name": "Test Group", "description": "Test", + "configuration_permissions": [217, 218], } - self.update_fields = {'description': "changed"} - self.object_permission = True + self.update_fields = {'description': "changed", "configuration_permissions": [219, 220]} + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Dojo_Group - self.permission_check_id = 1 self.permission_update = Permissions.Group_Edit self.permission_delete = Permissions.Group_Delete + self.deleted_objects = 4 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) - def test_list_not_authorized(self): + def test_list_object_not_authorized(self): self.setUp_not_authorized() response = self.client.get(self.url, format='json') self.assertEqual(403, response.status_code, response.content[:1000]) - def test_detail_not_authorized(self): + def test_detail_object_not_authorized(self): self.setUp_not_authorized() current_objects = self.endpoint_model.objects.all() @@ -2019,12 +2345,37 @@ def test_detail_not_authorized(self): response = self.client.get(relative_url) self.assertEqual(403, response.status_code, response.content[:1000]) - def test_create_not_authorized(self): + def test_create_object_not_authorized(self): self.setUp_not_authorized() response = self.client.post(self.url, self.payload) self.assertEqual(403, response.status_code, response.content[:1000]) + def test_create_group_with_non_configuration_permissions(self): + payload = self.payload.copy() + payload['configuration_permissions'] = [25, 26] # these permissions exist but user can not assign them becaause they are not "configuration_permissions" + response = self.client.post(self.url, payload) + self.assertEqual(response.status_code, 400) + self.assertIn('object does not exist', response.data['message']) + + def test_update_group_with_non_configuration_permissions(self): + payload = {} + payload['configuration_permissions'] = [25, 26] # these permissions exist but user can not assign them becaause they are not "configuration_permissions" + response = self.client.patch(self.url + '2/', payload) + self.assertEqual(response.status_code, 400) + self.assertIn('object does not exist', response.data['message']) + + def test_update_group_other_permissions_will_not_leak_and_stay_untouched(self): + Dojo_Group.objects.get(name='Group 1 Testdata').auth_group.permissions.set([218, 220, 26, 28]) # I was trying to set this in 'dojo_testdata.json' but it hasn't sucessful + payload = {} + payload['configuration_permissions'] = [217, 218, 219] + response = self.client.patch(self.url + '1/', payload) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.data['configuration_permissions'], payload['configuration_permissions']) + permissions = Dojo_Group.objects.get(name='Group 1 Testdata').auth_group.permissions.all().values_list('id', flat=True) + self.assertEqual(set(permissions), set(payload['configuration_permissions'] + [26, 28])) + Dojo_Group.objects.get(name='Group 1 Testdata').auth_group.permissions.clear() + class DojoGroupsUsersTest(BaseClass.MemberEndpointTest): fixtures = ['dojo_testdata.json'] @@ -2040,12 +2391,12 @@ def __init__(self, *args, **kwargs): "role": 4 } self.update_fields = {'role': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Dojo_Group_Member - self.permission_check_id = 1 self.permission_create = Permissions.Group_Manage_Members self.permission_update = Permissions.Group_Manage_Members self.permission_delete = Permissions.Group_Member_Delete + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2057,7 +2408,7 @@ def __init__(self, *args, **kwargs): self.endpoint_path = 'roles' self.viewname = 'role' self.viewset = RoleViewSet - self.object_permission = False + self.test_type = TestType.STANDARD BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2074,7 +2425,8 @@ def __init__(self, *args, **kwargs): "role": 2 } self.update_fields = {'role': 3} - self.object_permission = False + self.test_type = TestType.STANDARD + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2092,12 +2444,12 @@ def __init__(self, *args, **kwargs): "role": 2 } self.update_fields = {'role': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_Type_Member - self.permission_check_id = 1 self.permission_create = Permissions.Product_Type_Manage_Members self.permission_update = Permissions.Product_Type_Manage_Members self.permission_delete = Permissions.Product_Type_Member_Delete + self.deleted_objects = 1 BaseClass.MemberEndpointTest.__init__(self, *args, **kwargs) @@ -2115,12 +2467,12 @@ def __init__(self, *args, **kwargs): "role": 2 } self.update_fields = {'role': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_Member - self.permission_check_id = 1 self.permission_create = Permissions.Product_Manage_Members self.permission_update = Permissions.Product_Manage_Members self.permission_delete = Permissions.Product_Member_Delete + self.deleted_objects = 1 BaseClass.MemberEndpointTest.__init__(self, *args, **kwargs) @@ -2138,12 +2490,12 @@ def __init__(self, *args, **kwargs): "role": 2 } self.update_fields = {'role': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_Type_Group - self.permission_check_id = 1 self.permission_create = Permissions.Product_Type_Group_Add self.permission_update = Permissions.Product_Type_Group_Edit self.permission_delete = Permissions.Product_Type_Group_Delete + self.deleted_objects = 1 BaseClass.MemberEndpointTest.__init__(self, *args, **kwargs) @@ -2161,12 +2513,12 @@ def __init__(self, *args, **kwargs): "role": 2 } self.update_fields = {'role': 3} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Product_Group - self.permission_check_id = 1 self.permission_create = Permissions.Product_Group_Add self.permission_update = Permissions.Product_Group_Edit self.permission_delete = Permissions.Product_Group_Delete + self.deleted_objects = 1 BaseClass.MemberEndpointTest.__init__(self, *args, **kwargs) @@ -2184,7 +2536,8 @@ def __init__(self, *args, **kwargs): 'created': '2018-08-16T16:58:23.908Z' } self.update_fields = {'color': 'blue'} - self.object_permission = False + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 2 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2207,12 +2560,12 @@ def __init__(self, *args, **kwargs): 'created': '2018-08-16T16:58:23.908Z' } self.update_fields = {'code': 10} - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Languages - self.permission_check_id = 1 self.permission_create = Permissions.Language_Add self.permission_update = Permissions.Language_Edit self.permission_delete = Permissions.Language_Delete + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2228,7 +2581,7 @@ def __init__(self, *args, **kwargs): 'product': 1, 'file': open("unittests/files/defectdojo_cloc.json") } - self.object_permission = True + self.test_type = TestType.OBJECT_PERMISSIONS self.permission_check_class = Languages self.permission_create = Permissions.Language_Add BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2269,7 +2622,8 @@ def __init__(self, *args, **kwargs): 'product_type_added': ["alert", "msteams"] } self.update_fields = {'product_added': ["alert", "msteams"]} - self.object_permission = False + self.test_type = TestType.STANDARD + self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) @@ -2300,3 +2654,213 @@ def test_profile(self): self.assertEqual(1, data['product_type_member'][0]['product_type']) self.assertEqual(1, data['product_member'][1]['user']) self.assertEqual(3, data['product_member'][1]['product']) + + +class DevelopmentEnvironmentTest(BaseClass.AuthenticatedViewTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Development_Environment + self.endpoint_path = 'development_environments' + self.viewname = 'development_environment' + self.viewset = DevelopmentEnvironmentViewSet + self.payload = { + 'name': 'Test_1' + } + self.update_fields = {'name': 'Test_2'} + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 1 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + def test_delete(self): + current_objects = self.client.get(self.url, format='json').data + relative_url = self.url + '%s/' % current_objects['results'][-1]['id'] + response = self.client.delete(relative_url) + self.assertEqual(409, response.status_code, response.content[:1000]) + + +class TestTypeTest(BaseClass.AuthenticatedViewTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Test_Type + self.endpoint_path = 'test_types' + self.viewname = 'test_type' + self.viewset = TestTypesViewSet + self.payload = { + 'name': 'Test_1' + } + self.update_fields = {'name': 'Test_2'} + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 1 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class ConfigurationPermissionTest(BaseClass.RESTEndpointTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Permission + self.endpoint_path = 'configuration_permissions' + self.viewname = 'permission' + self.viewset = ConfigurationPermissionViewSet + self.test_type = TestType.STANDARD + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class CredentialMappingTest(BaseClass.RESTEndpointTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Cred_Mapping + self.endpoint_path = 'credential_mappings' + self.viewname = 'cred_mapping' + self.viewset = CredentialsMappingViewSet + self.payload = { + 'cred_id': 1, + 'product': 1, + 'url': 'https://google.com' + } + self.update_fields = {'url': 'https://bing.com'} + self.test_type = TestType.OBJECT_PERMISSIONS + self.permission_check_class = Product + self.permission_create = Permissions.Credential_Add + self.permission_update = Permissions.Credential_Edit + self.permission_delete = Permissions.Credential_Delete + self.deleted_objects = 1 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class CredentialTest(BaseClass.RESTEndpointTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Cred_User + self.endpoint_path = 'credentials' + self.viewname = 'cred_user' + self.viewset = CredentialsViewSet + self.payload = { + 'name': 'name', + 'username': 'usernmae', + 'password': 'password', + 'role': 'role', + 'url': 'https://some-url.com', + 'environment': 1, + } + self.update_fields = {'name': 'newname'} + self.test_type = TestType.STANDARD + self.deleted_objects = 2 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class TextQuestionTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = TextQuestion + self.endpoint_path = 'questionnaire_questions' + self.viewname = 'question' + self.viewset = QuestionnaireQuestionViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class ChoiceQuestionTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = ChoiceQuestion + self.endpoint_path = 'questionnaire_questions' + self.viewname = 'question' + self.viewset = QuestionnaireQuestionViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class TextAnswerTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = TextAnswer + self.endpoint_path = 'questionnaire_answers' + self.viewname = 'answer' + self.viewset = QuestionnaireAnswerViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class ChoiceAnswerTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = ChoiceAnswer + self.endpoint_path = 'questionnaire_answers' + self.viewname = 'answer' + self.viewset = QuestionnaireAnswerViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class GeneralSurveyTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = General_Survey + self.endpoint_path = 'questionnaire_general_questionnaires' + self.viewname = 'general_survey' + self.viewset = QuestionnaireGeneralSurveyViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class EngagementSurveyTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Engagement_Survey + self.endpoint_path = 'questionnaire_engagement_questionnaires' + self.viewname = 'engagement_survey' + self.viewset = QuestionnaireEngagementSurveyViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class AnsweredSurveyTest(BaseClass.RESTEndpointTest): + fixtures = ['questionnaire_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Answered_Survey + self.endpoint_path = 'questionnaire_answered_questionnaires' + self.viewname = 'answered_survey' + self.viewset = QuestionnaireAnsweredSurveyViewSet + self.test_type = TestType.STANDARD + self.deleted_objects = 5 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class AnnouncementTest(BaseClass.RESTEndpointTest): + fixtures = ['dojo_testdata.json'] + + def __init__(self, *args, **kwargs): + self.endpoint_model = Announcement + self.endpoint_path = 'announcements' + self.viewname = 'announcement' + self.viewset = AnnouncementViewSet + self.payload = { + "message": "Test template", + "style": "info", + "dismissable": True, + } + self.update_fields = {'style': 'warning'} + self.test_type = TestType.CONFIGURATION_PERMISSIONS + self.deleted_objects = 7 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + def test_create(self): + self.skipTest('Only one Announcement can exists') diff --git a/unittests/test_risk_acceptance.py b/unittests/test_risk_acceptance.py index 4de529721a3..e652fc132b7 100644 --- a/unittests/test_risk_acceptance.py +++ b/unittests/test_risk_acceptance.py @@ -128,7 +128,7 @@ def test_remove_risk_acceptance_findings_active(self): data = {'id': ra.id} - response = self.client.post(reverse('delete_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('delete_risk_acceptance', args=(1, ra.id, )), data) self.assert_all_active_not_risk_accepted(findings) self.assert_all_active_not_risk_accepted(Finding.objects.filter(test__engagement=1)) @@ -143,7 +143,7 @@ def test_expire_risk_acceptance_findings_active(self): data = {'id': ra.id} - response = self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) ra.refresh_from_db() self.assert_all_active_not_risk_accepted(findings) @@ -165,7 +165,7 @@ def test_expire_risk_acceptance_findings_not_active(self): data = {'id': ra.id} - response = self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) ra.refresh_from_db() # no reactivation on expiry @@ -188,7 +188,7 @@ def test_expire_risk_acceptance_sla_not_reset(self): data = {'id': ra.id} - response = self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) ra.refresh_from_db() @@ -204,7 +204,7 @@ def test_expire_risk_acceptance_sla_reset(self): data = {'id': ra.id} - response = self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('expire_risk_acceptance', args=(1, ra.id, )), data) ra.refresh_from_db() @@ -219,7 +219,7 @@ def test_reinstate_risk_acceptance_findings_accepted(self): data = {'id': ra.id} - response = self.client.post(reverse('reinstate_risk_acceptance', args=(1, ra.id, )), data) + self.client.post(reverse('reinstate_risk_acceptance', args=(1, ra.id, )), data) ra.refresh_from_db() expiration_delta_days = get_system_setting('risk_acceptance_form_default_days', 90) @@ -237,19 +237,19 @@ def create_multiple_ras(self): ra_data = copy.copy(self.data_risk_accceptance) ra_data['accepted_findings'] = [2] ra_data['return_url'] = reverse('view_finding', args=(2, )) - response = self.add_risk_acceptance(1, ra_data, 2) + self.add_risk_acceptance(1, ra_data, 2) ra1 = Risk_Acceptance.objects.last() ra_data = copy.copy(self.data_risk_accceptance) ra_data['accepted_findings'] = [7] ra_data['return_url'] = reverse('view_finding', args=(7, )) - response = self.add_risk_acceptance(1, ra_data, 7) + self.add_risk_acceptance(1, ra_data, 7) ra2 = Risk_Acceptance.objects.last() ra_data = copy.copy(self.data_risk_accceptance) ra_data['accepted_findings'] = [22] ra_data['return_url'] = reverse('view_finding', args=(22, )) - response = self.add_risk_acceptance(3, ra_data, 22) + self.add_risk_acceptance(3, ra_data, 22) ra3 = Risk_Acceptance.objects.last() return ra1, ra2, ra3 @@ -274,13 +274,13 @@ def test_expiration_handler(self): to_warn = ra_helper.get_almost_expired_risk_acceptances_to_handle(heads_up_days=heads_up_days) to_expire = ra_helper.get_expired_risk_acceptances_to_handle() - self.assertTrue(ra1 in to_warn) - self.assertFalse(ra2 in to_warn) - self.assertFalse(ra3 in to_warn) + self.assertIn(ra1, to_warn) + self.assertNotIn(ra2, to_warn) + self.assertNotIn(ra3, to_warn) - self.assertFalse(ra1 in to_expire) - self.assertFalse(ra2 in to_expire) - self.assertTrue(ra3 in to_expire) + self.assertNotIn(ra1, to_expire) + self.assertNotIn(ra2, to_expire) + self.assertIn(ra3, to_expire) # run job ra_helper.expiration_handler() diff --git a/unittests/test_swagger_schema.py b/unittests/test_swagger_schema.py index 620f88e0add..b1263359374 100644 --- a/unittests/test_swagger_schema.py +++ b/unittests/test_swagger_schema.py @@ -20,14 +20,14 @@ SonarqubeIssueTransitionViewSet, StubFindingsViewSet, SystemSettingsViewSet, \ TestTypesViewSet, TestsViewSet, ToolConfigurationsViewSet, ToolProductSettingsViewSet, \ ToolTypesViewSet, UsersViewSet, JiraIssuesViewSet, JiraProjectViewSet, AppAnalysisViewSet, \ - LanguageTypeViewSet, LanguageViewSet + LanguageTypeViewSet, LanguageViewSet, AnnouncementViewSet from dojo.models import \ Development_Environment, Endpoint_Status, Endpoint, Engagement, Finding_Template, \ Finding, JIRA_Instance, JIRA_Issue, DojoMeta, Note_Type, Notes, Product_Type, Product, Regulation, \ Sonarqube_Issue, Product_API_Scan_Configuration, Sonarqube_Issue_Transition, \ Stub_Finding, System_Settings, Test_Type, Test, Tool_Configuration, Tool_Product_Settings, \ - Tool_Type, Dojo_User, JIRA_Project, App_Analysis, Language_Type, Languages + Tool_Type, Dojo_User, JIRA_Project, App_Analysis, Language_Type, Languages, Announcement from dojo.api_v2.serializers import \ DevelopmentEnvironmentSerializer, EndpointStatusSerializer, EndpointSerializer, \ @@ -37,7 +37,7 @@ SonarqubeIssueSerializer, ProductAPIScanConfigurationSerializer, SonarqubeIssueTransitionSerializer, \ StubFindingSerializer, SystemSettingsSerializer, TestTypeSerializer, TestSerializer, ToolConfigurationSerializer, \ ToolProductSettingsSerializer, ToolTypeSerializer, UserSerializer, NoteSerializer, ProductTypeSerializer, \ - AppAnalysisSerializer, LanguageTypeSerializer, LanguageSerializer + AppAnalysisSerializer, LanguageTypeSerializer, LanguageSerializer, AnnouncementSerializer SWAGGER_SCHEMA_GENERATOR = OpenAPISchemaGenerator(Info("defectdojo", "v2")) BASE_API_URL = "/api/v2" @@ -356,6 +356,10 @@ def __init__(self, *args, **kwargs): self.model = Endpoint_Status self.serializer = EndpointStatusSerializer + # We can not simulate creating of the endpoint-finding relation with the same parameters as existing one. We will use another finding for this case + def test_post_endpoint(self): + super().test_post_endpoint(extra_data={"finding": "3"}) + class EndpointTest(BaseClass.SchemaTest): def __init__(self, *args, **kwargs): @@ -389,7 +393,7 @@ def test_accept_risks(self): data = [ { - "cve": 1, + "vulnerability_id": 1, "justification": "test", "accepted_by": "2" } @@ -781,6 +785,9 @@ def __init__(self, *args, **kwargs): self.viewset = ToolTypesViewSet self.model = Tool_Type self.serializer = ToolTypeSerializer + self.field_transformers = { + "name": lambda v: v + "_new" + } class UserTest(BaseClass.SchemaTest): @@ -814,3 +821,15 @@ def __init__(self, *args, **kwargs): def test_post_endpoint(self): super().test_post_endpoint(extra_data={"language": 2}) + + +class AnnouncementTest(BaseClass.SchemaTest): + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.viewname = "announcements" + self.viewset = AnnouncementViewSet + self.model = Announcement + self.serializer = AnnouncementSerializer + + def test_post_endpoint(self, extra_data=[], extra_args=None): + self.skipTest('Only one Announcement can exists') diff --git a/unittests/test_system_settings.py b/unittests/test_system_settings.py index a3277f1a20c..d643831fde8 100644 --- a/unittests/test_system_settings.py +++ b/unittests/test_system_settings.py @@ -14,19 +14,14 @@ def test_system_settings_update(self): system_settings.enable_jira = True system_settings.save() system_settings = System_Settings.objects.get() - self.assertEquals(system_settings.enable_jira, True) + self.assertEqual(system_settings.enable_jira, True) system_settings.enable_jira = False system_settings.save() system_settings = System_Settings.objects.get() - self.assertEquals(system_settings.enable_jira, False) + self.assertEqual(system_settings.enable_jira, False) system_settings.enable_jira = True system_settings.save() system_settings = System_Settings.objects.get(no_cache=True) - self.assertEquals(system_settings.enable_jira, True) - - system_settings.enable_google_sheets = True - system_settings.save() - system_settings = System_Settings.objects.get(no_cache=True) - self.assertEquals(system_settings.enable_google_sheets, True) + self.assertEqual(system_settings.enable_jira, True) diff --git a/unittests/test_tags.py b/unittests/test_tags.py index 895edd323eb..11259d582d0 100644 --- a/unittests/test_tags.py +++ b/unittests/test_tags.py @@ -1,5 +1,6 @@ -from dojo.models import Finding +from dojo.models import Test, Finding from .dojo_test_case import DojoAPITestCase +from dojo.product.helpers import propagate_tags_on_product_sync import logging import random @@ -35,14 +36,14 @@ def test_finding_get_tags(self): self.assertEqual(len(tags), len(response.get('tags', None))) for tag in tags: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_filter_tags(self): tags = ['tag1', 'tag2'] - finding_id = self.create_finding_with_tags(tags) + self.create_finding_with_tags(tags) tags2 = ['tag1', 'tag3'] - finding_id2 = self.create_finding_with_tags(tags2) + self.create_finding_with_tags(tags2) response = self.get_finding_api_filter_tags('tag1') self.assertEqual(response['count'], 2) @@ -68,7 +69,7 @@ def test_finding_post_tags(self): self.assertEqual(len(tags_merged), len(response.get('tags'))) for tag in tags_merged: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_post_tags_overlap(self): # create finding @@ -82,7 +83,7 @@ def test_finding_post_tags_overlap(self): self.assertEqual(len(tags_merged), len(response.get('tags'))) for tag in tags_merged: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_put_remove_tags(self): # create finding @@ -94,7 +95,7 @@ def test_finding_put_remove_tags(self): response = self.put_finding_remove_tags_api(finding_id, tags_remove) # for some reason this method returns just a message, not the remaining tags - self.assertEquals(response['success'], 'Tag(s) Removed') + self.assertEqual(response['success'], 'Tag(s) Removed') # retrieve finding and check tags_merged = list(set(tags) - set(tags_remove)) @@ -102,7 +103,7 @@ def test_finding_put_remove_tags(self): self.assertEqual(len(tags_merged), len(response.get('tags'))) for tag in tags_merged: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_put_remove_tags_all(self): # create finding @@ -114,7 +115,7 @@ def test_finding_put_remove_tags_all(self): response = self.put_finding_remove_tags_api(finding_id, tags_remove) # for some reason this method returns just a message, not the remaining tags - self.assertEquals(response['success'], 'Tag(s) Removed') + self.assertEqual(response['success'], 'Tag(s) Removed') # retrieve finding and check tags_merged = list(set(tags) - set(tags_remove)) @@ -122,7 +123,7 @@ def test_finding_put_remove_tags_all(self): self.assertEqual(len(tags_merged), len(response.get('tags'))) for tag in tags_merged: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_put_remove_tags_non_existent(self): # create finding @@ -134,7 +135,7 @@ def test_finding_put_remove_tags_non_existent(self): response = self.put_finding_remove_tags_api(finding_id, tags_remove, expected_response_status_code=400) # for some reason this method returns just a message, not the remaining tags - self.assertEquals(response['error'], '\'tag5\' is not a valid tag in list') + self.assertEqual(response['error'], '\'tag5\' is not a valid tag in list') # retrieve finding and check tags_merged = list(set(tags) - set(tags_remove)) @@ -142,7 +143,7 @@ def test_finding_put_remove_tags_non_existent(self): self.assertEqual(len(tags_merged), len(response.get('tags'))) for tag in tags_merged: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_finding_patch_remove_tags(self): # has same logic as PUT @@ -167,8 +168,8 @@ def test_finding_create_tags_with_commas(self): # self.assertEqual(2, len(response.get('tags'))) self.assertEqual(1, len(response.get('tags'))) # print("response['tags']:" + str(response['tags'])) - self.assertTrue('one' in str(response['tags'])) - self.assertTrue('two' in str(response['tags'])) + self.assertIn('one', str(response['tags'])) + self.assertIn('two', str(response['tags'])) def test_finding_create_tags_with_commas_quoted(self): tags = ['"one,two"'] @@ -180,8 +181,8 @@ def test_finding_create_tags_with_commas_quoted(self): for tag in tags: logger.debug('looking for tag %s in tag list %s', tag, response['tags']) # with django-tagging the quotes were stripped, with tagulous they remain - # self.assertTrue(tag.strip('\"') in response['tags']) - self.assertTrue(tag in response['tags']) + # self.assertIn(tag.strip('\"'), response['tags']) + self.assertIn(tag, response['tags']) def test_finding_create_tags_with_spaces(self): tags = ['one two'] @@ -194,8 +195,8 @@ def test_finding_create_tags_with_spaces(self): # tags with commas, so should be minor trouble # self.assertEqual(2, len(response.get('tags'))) self.assertEqual(1, len(response.get('tags'))) - self.assertTrue('one' in str(response['tags'])) - self.assertTrue('two' in str(response['tags'])) + self.assertIn('one', str(response['tags'])) + self.assertIn('two', str(response['tags'])) # finding.tags: [, ] def test_finding_create_tags_with_spaces_quoted(self): @@ -208,8 +209,8 @@ def test_finding_create_tags_with_spaces_quoted(self): for tag in tags: logger.debug('looking for tag %s in tag list %s', tag, response['tags']) # with django-tagging the quotes were stripped, with tagulous they remain - # self.assertTrue(tag.strip('\"') in response['tags']) - self.assertTrue(tag in response['tags']) + # self.assertIn(tag.strip('\"'), response['tags']) + self.assertIn(tag, response['tags']) # finding.tags: ]> @@ -221,7 +222,7 @@ def test_finding_create_tags_with_slashes(self): self.assertEqual(len(tags), len(response.get('tags', None))) for tag in tags: # logger.debug('looking for tag %s in tag list %s', tag, response['tags']) - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) def test_import_and_reimport_with_tags(self): tags = ['tag1', 'tag2'] @@ -232,16 +233,148 @@ def test_import_and_reimport_with_tags(self): self.assertEqual(len(tags), len(response.get('tags'))) for tag in tags: - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) # reimport, do not specify tags: should retain tags - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename) self.assertEqual(len(tags), len(response.get('tags'))) for tag in tags: - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) # reimport, specify tags others: currently reimport doesn't do anything with tags param and silently ignores them - reimport = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, tags=['tag3', 'tag4']) + self.reimport_scan_with_params(test_id, self.zap_sample5_filename, tags=['tag3', 'tag4']) self.assertEqual(len(tags), len(response.get('tags'))) for tag in tags: - self.assertTrue(tag in response['tags']) + self.assertIn(tag, response['tags']) + + +class InheritedTagsTests(DojoAPITestCase): + fixtures = ['dojo_testdata.json'] + + def setUp(self, *args, **kwargs): + super().setUp() + self.login_as_admin() + self.system_settings(enable_product_tag_inehritance=True) + self.product = self.create_product("Inherited Tags Test", tags=["inherit", "these", "tags"]) + self.scans_path = '/scans/zap/' + self.zap_sample5_filename = f'{self.scans_path}5_zap_sample_one.xml' + + def _convert_instance_tags_to_list(self, instance) -> list: + return [tag.name for tag in instance.tags.all()] + + def _import_and_return_objects(self, test_id=None, reimport=False, tags=None) -> dict: + # Import some findings to create all objects + engagement = self.create_engagement("Inherited Tags Engagement", self.product) + if reimport: + response = self.reimport_scan_with_params(test_id, self.zap_sample5_filename, tags=tags) + else: + response = self.import_scan_with_params(self.zap_sample5_filename, engagement=engagement.id, tags=tags) + + test_id = response['test'] + test = Test.objects.get(id=test_id) + finding = Finding.objects.filter(test=test).first() + endpoint = finding.endpoints.all().first() + return { + "engagement": engagement, + "endpoint": endpoint, + "test": test, + "finding": finding, + } + + def test_import_without_tags(self): + # Import some findings to create all objects + objects = self._import_and_return_objects() + # Check that the tags all match what the product has + product_tags = self._convert_instance_tags_to_list(self.product) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("test"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("finding"))) + + def test_import_with_tags_then_reimport_with_different_tag(self): + # Import some findings to create all objects + objects = self._import_and_return_objects(tags=["import_tag"]) + # Check that the tags all match what the product has + product_tags = self._convert_instance_tags_to_list(self.product) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(["import_tag"] + product_tags, self._convert_instance_tags_to_list(objects.get("test"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("finding"))) + # Reimport now + objects = self._import_and_return_objects(test_id=objects.get("test").id, reimport=True, tags=["reimport_tag"]) + # Check that the tags all match what the product has + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("finding"))) + # Make a copy of the list becase of the need for the lists to be exact (index for index) + product_tags_plus_reimport_tag = product_tags.copy() + product_tags_plus_reimport_tag.insert(1, "reimport_tag") + self.assertEqual(product_tags_plus_reimport_tag, self._convert_instance_tags_to_list(objects.get("test"))) + + def test_new_engagement_then_add_tag_to_engagement_then_remove_tag_to_engagement(self): + # Create the engagement + engagement = self.create_engagement("Inherited Tags Engagement", self.product) + test = self.create_test(engagement=engagement, scan_type="ZAP Scan") + # Check to see if tags match the product + product_tags = self._convert_instance_tags_to_list(self.product) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(engagement)) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(test)) + # Add a tag on the engagement) + engagement_tags_before_addition = self._convert_instance_tags_to_list(engagement) + engagement.tags.add("engagement_only_tag") + # Check to see that the update was successful + self.assertEqual(["engagement_only_tag"] + engagement_tags_before_addition, self._convert_instance_tags_to_list(engagement)) + # Check to see that tests were not impacted + self.assertEqual(product_tags, self._convert_instance_tags_to_list(test)) + # remove a tag on the engagement + engagement_tags_before_removal = self._convert_instance_tags_to_list(engagement) + engagement.tags.remove("engagement_only_tag") + # Check to see that the update was successful + engagement_tags_before_removal.remove("engagement_only_tag") + self.assertEqual(engagement_tags_before_removal, self._convert_instance_tags_to_list(engagement)) + # Check to see that tests were not impacted + self.assertEqual(product_tags, self._convert_instance_tags_to_list(test)) + + def test_new_engagement_then_remove_inherited_tag(self): + # Create the engagement + engagement = self.create_engagement("Inherited Tags Engagement", self.product) + # Check to see if tags match the product + product_tags = self._convert_instance_tags_to_list(self.product) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(engagement)) + # Remove an inherited tag + engagement_tags_before_removal = self._convert_instance_tags_to_list(engagement) + engagement.tags.remove("inherit") + # Check to see that the inherited tag could not be removed + self.assertEqual(engagement_tags_before_removal, self._convert_instance_tags_to_list(engagement)) + + def test_remove_tag_from_product_then_add_tag_to_product(self): + # Import some findings to create all objects + objects = self._import_and_return_objects() + # Check that the tags all match what the product has + product_tags = self._convert_instance_tags_to_list(self.product) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("test"))) + self.assertEqual(product_tags, self._convert_instance_tags_to_list(objects.get("finding"))) + # Remove a tag from the product + self.product.tags.remove("inherit") + # This triggers an async function with celery that will fail, so run it manually here + propagate_tags_on_product_sync(self.product) + # Save the tags post removal + product_tags_post_removal = self._convert_instance_tags_to_list(self.product) + # Check that the tags all match what the product has + self.assertEqual(product_tags_post_removal, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags_post_removal, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(product_tags_post_removal, self._convert_instance_tags_to_list(objects.get("test"))) + self.assertEqual(product_tags_post_removal, self._convert_instance_tags_to_list(objects.get("finding"))) + # Add a tag from the product + self.product.tags.add("more", "tags" "!") + # This triggers an async function with celery that will fail, so run it manually here + propagate_tags_on_product_sync(self.product) + # Save the tags post removal + product_tags_post_addition = self._convert_instance_tags_to_list(self.product) + # Check that the tags all match what the product has + self.assertEqual(product_tags_post_addition, self._convert_instance_tags_to_list(objects.get("engagement"))) + self.assertEqual(product_tags_post_addition, self._convert_instance_tags_to_list(objects.get("endpoint"))) + self.assertEqual(product_tags_post_addition, self._convert_instance_tags_to_list(objects.get("test"))) + self.assertEqual(product_tags_post_addition, self._convert_instance_tags_to_list(objects.get("finding"))) diff --git a/unittests/test_tool_config.py b/unittests/test_tool_config.py new file mode 100644 index 00000000000..8ddacc6726c --- /dev/null +++ b/unittests/test_tool_config.py @@ -0,0 +1,71 @@ +from .dojo_test_case import DojoTestCase +from dojo.tools.factory import get_api_scan_configuration_hints, PARSERS +from dojo.tool_config.factory import SCAN_APIS +from dojo.models import Tool_Configuration, Tool_Type + + +class TestApiScanConfigEntry(DojoTestCase): + + def setUp(self): + tool_type, _ = Tool_Type.objects.get_or_create(name='SonarQube') + Tool_Configuration.objects.get_or_create(name='SonarQube', tool_type=tool_type, authentication_type="API") + + def test_base(self): + acsh = get_api_scan_configuration_hints() + self.assertEqual(len(acsh), 6, acsh) + + i = 0 + with self.subTest('BlackDuck API'): + self.assertEqual(acsh[i]['name'], 'BlackDuck API') + self.assertEqual(acsh[i]['tool_type_name'], 'BlackDuck API') + self.assertEqual(acsh[i]['hint'], 'the field Service key 1 has to be set to ID of the project from which to import findings. Service key 2 has to be set to the version of the project') + + i += 1 + with self.subTest('Bugcrowd'): + self.assertEqual(acsh[i]['name'], 'Bugcrowd API Import') + self.assertEqual(acsh[i]['tool_type_name'], 'Bugcrowd API') + self.assertEqual(acsh[i]['hint'], 'the field Service key 1 has to be set with the Bugcrowd program code. Service key 2 can be set with the target in the Bugcrowd program (will be url encoded for the api call), if not supplied, will fetch all submissions in the program') + + i += 1 + with self.subTest('Cobalt.io'): + self.assertEqual(acsh[i]['name'], 'Cobalt.io API Import') + self.assertEqual(acsh[i]['tool_type_name'], 'Cobalt.io') + self.assertEqual(acsh[i]['hint'], 'the field Service key 1 has to be set with the Cobalt.io asset id. Service key 2 will be populated with the asset name while saving the configuration.') + + i += 1 + with self.subTest('Edgescan'): + self.assertEqual(acsh[i]['name'], 'Edgescan Scan') + self.assertEqual(acsh[i]['tool_type_name'], 'Edgescan') + self.assertEqual(acsh[i]['hint'], 'In the field Service key 1, provide the Edgescan asset ID(s). Leaving it blank will import all assets\' findings.') + + i += 1 + with self.subTest('SonarQube'): + self.assertEqual(acsh[i]['name'], 'SonarQube API Import') + self.assertEqual(acsh[i]['tool_type_name'], 'SonarQube') + self.assertEqual(acsh[i]['hint'], 'the field Service key 1 has to be set with the SonarQube project key. Service key 2 can be used for the Organization ID if using SonarCloud.') + + i += 1 + with self.subTest('Vulners'): + self.assertEqual(acsh[i]['name'], 'Vulners') + self.assertEqual(acsh[i]['tool_type_name'], 'Vulners') + self.assertEqual(acsh[i]['hint'], 'the field Service key 1 has to be set with the Vulners API key.') + + def test_counts(self): + acsh = get_api_scan_configuration_hints() + self.assertEqual(acsh[1]['tool_types'].count(), 0) + self.assertEqual(acsh[1]['tool_configurations'].count(), 0) + self.assertEqual(acsh[4]['tool_types'].count(), 1) + self.assertEqual(acsh[4]['tool_configurations'].count(), 1) + + def test_has_functions(self): + for parser_name, parser in PARSERS.items(): + if parser.__module__.startswith('dojo.tools.api_'): + with self.subTest(parser_name): + self.assertTrue(hasattr(parser, "requires_tool_type"), "All API parsers should have function 'requires_tool_type'") + + scan_type = parser.get_scan_types()[0] + tool_type = parser.requires_tool_type(scan_type) + + self.assertIn(tool_type, SCAN_APIS, "All API parsers should be defined in dojo.tool_config.factory.SCAN_APIS") + + self.assertTrue(hasattr(parser, "api_scan_configuration_hint"), "All API parsers should have function 'api_scan_configuration_hint'") diff --git a/unittests/test_user_queries.py b/unittests/test_user_queries.py new file mode 100644 index 00000000000..08dfb6468f4 --- /dev/null +++ b/unittests/test_user_queries.py @@ -0,0 +1,83 @@ +from unittest.mock import patch +from .dojo_test_case import DojoTestCase +from dojo.authorization.roles_permissions import Permissions +from dojo.models import Dojo_User, Global_Role, Role, Product_Type, Product, Product_Type_Member, Product_Member +from dojo.user.queries import get_authorized_users + + +class TestUserQueries(DojoTestCase): + + def setUp(self): + super().setUp() + + self.product_type_1 = Product_Type(name='product_type_1') + self.product_type_1.save() + self.product_1 = Product(name='product_1', prod_type=self.product_type_1) + self.product_1.save() + self.product_type_2 = Product_Type(name='product_type_2') + self.product_type_2.save() + self.product_2 = Product(name='product_2', prod_type=self.product_type_2) + self.product_2.save() + + self.admin_user = Dojo_User(username='admin_user', is_superuser=True) + self.admin_user.save() + + self.global_permission_user = Dojo_User(username='global_permission_user') + self.global_permission_user.save() + Global_Role(user=self.global_permission_user, role=Role.objects.get(name='Reader')).save() + + self.regular_user = Dojo_User(username='regular_user') + self.regular_user.save() + Product_Member(user=self.regular_user, product=self.product_1, role=Role.objects.get(name='Owner')).save() + Product_Type_Member(user=self.regular_user, product_type=self.product_type_2, role=Role.objects.get(name='Writer')).save() + + self.product_user = Dojo_User(username='product_user') + self.product_user.save() + Product_Member(user=self.product_user, product=self.product_1, role=Role.objects.get(name='Reader')).save() + + self.product_type_user = Dojo_User(username='product_type_user') + self.product_type_user.save() + Product_Member(user=self.product_type_user, product=self.product_2, role=Role.objects.get(name='Maintainer')).save() + + self.invisible_user = Dojo_User(username='invisible_user') + self.invisible_user.save() + + def tearDown(self): + super().tearDown() + self.product_type_1.delete() + self.product_type_2.delete() + self.admin_user.delete() + self.global_permission_user.delete() + self.regular_user.delete() + self.product_user.delete() + self.product_type_user.delete() + self.invisible_user.delete() + + @patch('dojo.user.queries.get_current_user') + def test_user_none(self, mock_current_user): + mock_current_user.return_value = None + + self.assertQuerysetEqual(Dojo_User.objects.none(), get_authorized_users(Permissions.Product_View)) + + @patch('dojo.user.queries.get_current_user') + def test_user_admin(self, mock_current_user): + mock_current_user.return_value = self.admin_user + + users = Dojo_User.objects.all().order_by('first_name', 'last_name', 'username') + self.assertQuerysetEqual(users, get_authorized_users(Permissions.Product_View)) + + @patch('dojo.user.queries.get_current_user') + def test_user_global_permission(self, mock_current_user): + mock_current_user.return_value = self.global_permission_user + + users = Dojo_User.objects.all().order_by('first_name', 'last_name', 'username') + self.assertQuerysetEqual(users, get_authorized_users(Permissions.Product_View)) + + @patch('dojo.user.queries.get_current_user') + @patch('dojo.product.queries.get_current_user') + def test_user_regular(self, mock_current_user_1, mock_current_user_2): + mock_current_user_1.return_value = self.regular_user + mock_current_user_2.return_value = self.regular_user + + users = Dojo_User.objects.exclude(username='invisible_user').order_by('first_name', 'last_name', 'username') + self.assertQuerysetEqual(users, get_authorized_users(Permissions.Product_View)) diff --git a/unittests/test_user_validators.py b/unittests/test_user_validators.py new file mode 100644 index 00000000000..06bdf953b55 --- /dev/null +++ b/unittests/test_user_validators.py @@ -0,0 +1,162 @@ +from dojo.forms import ChangePasswordForm +from .dojo_test_case import DojoTestCase +from dojo.models import System_Settings, Dojo_User + + +class TestUserValidators(DojoTestCase): + + def form_test( + self, + password, + confirm_password=None, + current_password=None): + if confirm_password is None: + confirm_password = password + if current_password is None: + current_password = self.current_password + return ChangePasswordForm({ + "current_password": current_password, + "new_password": password, + "confirm_password": confirm_password, + }, + user=self.user, + ) + + def set_policy( + self, + minimum_password_length=0, + maximum_password_length=50, + number_character_required=False, + special_character_required=False, + lowercase_character_required=False, + uppercase_character_required=False, + non_common_password_required=False, + ): + self.system_settings = System_Settings.objects.get() + self.system_settings.minimum_password_length = minimum_password_length + self.system_settings.maximum_password_length = maximum_password_length + self.system_settings.number_character_required = number_character_required + self.system_settings.special_character_required = special_character_required + self.system_settings.lowercase_character_required = lowercase_character_required + self.system_settings.uppercase_character_required = uppercase_character_required + self.system_settings.non_common_password_required = non_common_password_required + self.system_settings.save() + + def setUp(self): + super().setUp() + self.current_password = "Or1gina1P@ssw0rd" + self.user = Dojo_User.objects.create(username="password_tester") + self.user.set_password(self.current_password) + self.user.save() + + def test_validator_minimum_password_length(self): + with self.subTest(policy='minimum_password_length 1≥0'): + self.set_policy(minimum_password_length=0) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='minimum_password_length 1≥1'): + self.set_policy(minimum_password_length=1) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='minimum_password_length 1≱2'): + self.set_policy(minimum_password_length=2) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'Password must be at least 2 characters long.') + + def test_validator_maximum_password_length(self): + with self.subTest(policy='maximum_password_length 1≤2'): + self.set_policy(maximum_password_length=2) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='maximum_password_length 1≤1'): + self.set_policy(maximum_password_length=1) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='maximum_password_length 2≰1'): + self.set_policy(maximum_password_length=0) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'Password must be less than 0 characters long.') + + def test_validator_number_character_required(self): + with self.subTest(policy='number_character_required=False'): + self.set_policy(number_character_required=False) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='number_character_required=True'): + self.set_policy(number_character_required=True) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'Password must contain at least 1 digit, 0-9.') + + def test_validator_special_character_required(self): + with self.subTest(policy='special_character_required=False'): + self.set_policy(special_character_required=False) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='special_character_required=True'): + self.set_policy(special_character_required=True) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + '''The password must contain at least 1 special character, ()[]{}|`~!@#$%^&*_-+=;:'",<>./?.''') + + def test_validator_lowercase_character_required(self): + with self.subTest(policy='lowercase_character_required=False'): + self.set_policy(lowercase_character_required=False) + self.assertTrue(self.form_test('X').is_valid()) + with self.subTest(policy='lowercase_character_required=True'): + self.set_policy(lowercase_character_required=True) + form = self.form_test('X') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'Password must contain at least 1 lowercase letter, a-z.') + + def test_validator_uppercase_character_required(self): + with self.subTest(policy='uppercase_character_required=False'): + self.set_policy(uppercase_character_required=False) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='uppercase_character_required=True'): + self.set_policy(uppercase_character_required=True) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'Password must contain at least 1 uppercase letter, A-Z.') + + def test_validator_non_common_password_required(self): + with self.subTest(policy='non_common_password_required=False'): + self.set_policy(non_common_password_required=False) + self.assertTrue(self.form_test('x').is_valid()) + with self.subTest(policy='non_common_password_required=True'): + self.set_policy(non_common_password_required=True) + form = self.form_test('x') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['new_password'][0], + 'This password is too common.') + + def test_form_invalid_current_pass(self): + self.set_policy() + form = self.form_test('x', current_password='not current password') + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['__all__'][0], + 'Current password is incorrect.') + + def test_form_same_pass_as_before(self): + self.set_policy() + form = self.form_test(self.current_password) + self.assertFalse(form.is_valid()) + self.assertEqual( + form.errors['__all__'][0], + 'New password must be different from current password.') + + def test_form_diff_confirm_password(self): + self.set_policy() + form = self.form_test(password='x', confirm_password='y') + self.assertFalse(form.is_valid()) + self.assertEqual(form.errors['__all__'][0], 'Passwords do not match.') diff --git a/unittests/test_utils.py b/unittests/test_utils.py index 59cb932c747..30b47216217 100644 --- a/unittests/test_utils.py +++ b/unittests/test_utils.py @@ -1,132 +1,226 @@ -from dojo.models import IMPORT_CLOSED_FINDING, IMPORT_CREATED_FINDING, IMPORT_REACTIVATED_FINDING, IMPORT_UNTOUCHED_FINDING, \ - Engagement, Product, Test, Test_Import, Test_Import_Finding_Action, \ - Dojo_User, Dojo_Group, Dojo_Group_Member, Role, System_Settings, Notifications, \ - Product_Type, Endpoint -from contextlib import contextmanager -from .dojo_test_case import DojoTestCase -from unittest.mock import patch, Mock -from dojo.utils import dojo_crypto_encrypt, prepare_for_view, user_post_save -from dojo.authorization.roles_permissions import Roles -import logging - - -logger = logging.getLogger(__name__) - -TEST_IMPORT_ALL = Test_Import.objects.all() -TEST_IMPORTS = Test_Import.objects.filter(type=Test_Import.IMPORT_TYPE) -TEST_REIMPORTS = Test_Import.objects.filter(type=Test_Import.REIMPORT_TYPE) -TEST_IMPORT_FINDING_ACTION_ALL = Test_Import_Finding_Action.objects.all() -TEST_IMPORT_FINDING_ACTION_AFFECTED = TEST_IMPORT_FINDING_ACTION_ALL.filter( - action__in=[IMPORT_CREATED_FINDING, IMPORT_CLOSED_FINDING, IMPORT_REACTIVATED_FINDING]) -TEST_IMPORT_FINDING_ACTION_CREATED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_CREATED_FINDING) -TEST_IMPORT_FINDING_ACTION_CLOSED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_CLOSED_FINDING) -TEST_IMPORT_FINDING_ACTION_REACTIVATED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_REACTIVATED_FINDING) -TEST_IMPORT_FINDING_ACTION_UNTOUCHED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_UNTOUCHED_FINDING) - -TESTS = Test.objects.all() -ENGAGEMENTS = Engagement.objects.all() -PRODUCTS = Product.objects.all() -PRODUCT_TYPES = Product_Type.objects.all() -ENDPOINTS = Endpoint.objects.all() - - -class TestUtils(DojoTestCase): - def test_encryption(self): - test_input = "Hello World!" - encrypt = dojo_crypto_encrypt(test_input) - test_output = prepare_for_view(encrypt) - self.assertEqual(test_input, test_output) - - @patch('dojo.models.System_Settings.objects') - @patch('dojo.utils.Dojo_Group_Member') - @patch('dojo.utils.Notifications') - def test_user_post_save(self, mock_notifications, mock_member, mock_settings): - user = Dojo_User() - user.id = 1 - - group = Dojo_Group() - group.id = 1 - - role = Role.objects.get(id=Roles.Reader) - - system_settings_group = System_Settings() - system_settings_group.default_group = group - system_settings_group.default_group_role = role - - mock_settings.get.return_value = system_settings_group - save_mock_member = Mock(return_value=Dojo_Group_Member()) - mock_member.return_value = save_mock_member - save_mock_notifications = Mock(return_value=Notifications()) - mock_notifications.return_value = save_mock_notifications - - user_post_save(None, user, True) - - mock_member.assert_called_with(group=group, user=user, role=role) - save_mock_member.save.assert_called_once() - - mock_notifications.assert_called_with(user=user) - save_mock_notifications.save.assert_called_once() - - -class assertNumOfModelsCreated(): - def __init__(self, test_case, queryset, num): - self.test_case = test_case - self.queryset = queryset - self.num = num - - def __enter__(self): - self.initial_model_count = self.queryset.count() - # logger.debug('initial model count for %s: %i', self.queryset.query, self.initial_model_count) - return self - - def __exit__(self, exc_type, exc_value, exc_traceback): - self.final_model_count = self.queryset.count() - # logger.debug('final model count for %s: %i', self.queryset.query, self.final_model_count) - created_count = self.final_model_count - self.initial_model_count - self.test_case.assertEqual( - created_count, self.num, - "%i %s objects created, %i expected. query: %s, first 100 objects: %s" % ( - created_count, self.queryset.model, self.num, self.queryset.query, self.queryset.all().order_by('-id')[:100] - ) - ) - - -@contextmanager -def assertTestImportModelsCreated(test_case, imports=0, reimports=0, affected_findings=0, - created=0, closed=0, reactivated=0, untouched=0): - - with assertNumOfModelsCreated(test_case, TEST_IMPORTS, num=imports) as ti_import_count, \ - assertNumOfModelsCreated(test_case, TEST_REIMPORTS, num=reimports) as ti_reimport_count, \ - assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_AFFECTED, num=affected_findings) as tifa_count, \ - assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_CREATED, num=created) as tifa_created_count, \ - assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_CLOSED, num=closed) as tifa_closed_count, \ - assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_REACTIVATED, num=reactivated) as tifa_reactivated_count, \ - assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_UNTOUCHED, num=untouched) as tifa_untouched_count: - - yield ( - ti_import_count, - ti_reimport_count, - tifa_count, - tifa_created_count, - tifa_closed_count, - tifa_reactivated_count, - tifa_untouched_count - ) - - -@contextmanager -def assertImportModelsCreated(test_case, tests=0, engagements=0, products=0, product_types=0, endpoints=0): - - with assertNumOfModelsCreated(test_case, TESTS, num=tests) as test_count, \ - assertNumOfModelsCreated(test_case, ENGAGEMENTS, num=engagements) as engagement_count, \ - assertNumOfModelsCreated(test_case, PRODUCTS, num=products) as product_count, \ - assertNumOfModelsCreated(test_case, PRODUCT_TYPES, num=product_types) as product_type_count, \ - assertNumOfModelsCreated(test_case, ENDPOINTS, num=endpoints) as endpoint_count: - - yield ( - test_count, - engagement_count, - product_count, - product_type_count, - endpoint_count, - ) +from dojo.models import IMPORT_CLOSED_FINDING, IMPORT_CREATED_FINDING, IMPORT_REACTIVATED_FINDING, IMPORT_UNTOUCHED_FINDING, \ + Engagement, Product, Test, Test_Import, Test_Import_Finding_Action, \ + Dojo_User, Dojo_Group, Dojo_Group_Member, Role, System_Settings, Notifications, \ + Product_Type, Endpoint +from contextlib import contextmanager +from .dojo_test_case import DojoTestCase +from unittest.mock import patch, Mock +from dojo.utils import dojo_crypto_encrypt, prepare_for_view, user_post_save +from dojo.authorization.roles_permissions import Roles +import logging + + +logger = logging.getLogger(__name__) + +TEST_IMPORT_ALL = Test_Import.objects.all() +TEST_IMPORTS = Test_Import.objects.filter(type=Test_Import.IMPORT_TYPE) +TEST_REIMPORTS = Test_Import.objects.filter(type=Test_Import.REIMPORT_TYPE) +TEST_IMPORT_FINDING_ACTION_ALL = Test_Import_Finding_Action.objects.all() +TEST_IMPORT_FINDING_ACTION_AFFECTED = TEST_IMPORT_FINDING_ACTION_ALL.filter( + action__in=[IMPORT_CREATED_FINDING, IMPORT_CLOSED_FINDING, IMPORT_REACTIVATED_FINDING]) +TEST_IMPORT_FINDING_ACTION_CREATED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_CREATED_FINDING) +TEST_IMPORT_FINDING_ACTION_CLOSED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_CLOSED_FINDING) +TEST_IMPORT_FINDING_ACTION_REACTIVATED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_REACTIVATED_FINDING) +TEST_IMPORT_FINDING_ACTION_UNTOUCHED = TEST_IMPORT_FINDING_ACTION_ALL.filter(action=IMPORT_UNTOUCHED_FINDING) + +TESTS = Test.objects.all() +ENGAGEMENTS = Engagement.objects.all() +PRODUCTS = Product.objects.all() +PRODUCT_TYPES = Product_Type.objects.all() +ENDPOINTS = Endpoint.objects.all() + + +class TestUtils(DojoTestCase): + def test_encryption(self): + test_input = "Hello World!" + encrypt = dojo_crypto_encrypt(test_input) + test_output = prepare_for_view(encrypt) + self.assertEqual(test_input, test_output) + + @patch('dojo.models.System_Settings.objects') + @patch('dojo.utils.Dojo_Group_Member') + @patch('dojo.utils.Notifications') + def test_user_post_save_without_template(self, mock_notifications, mock_member, mock_settings): + user = Dojo_User() + user.id = 1 + + group = Dojo_Group() + group.id = 1 + + role = Role.objects.get(id=Roles.Reader) + + system_settings_group = System_Settings() + system_settings_group.default_group = group + system_settings_group.default_group_role = role + + mock_settings.get.return_value = system_settings_group + save_mock_member = Mock(return_value=Dojo_Group_Member()) + mock_member.return_value = save_mock_member + + save_mock_notifications = Mock(return_value=Notifications()) + mock_notifications.return_value = save_mock_notifications + mock_notifications.objects.get.side_effect = Exception("Mock no templates") + + user_post_save(None, user, True) + + mock_member.assert_called_with(group=group, user=user, role=role) + save_mock_member.save.assert_called_once() + + mock_notifications.assert_called_with(user=user) + save_mock_notifications.save.assert_called_once() + + @patch('dojo.models.System_Settings.objects') + @patch('dojo.utils.Dojo_Group_Member') + @patch('dojo.utils.Notifications') + def test_user_post_save_with_template(self, mock_notifications, mock_member, mock_settings): + user = Dojo_User() + user.id = 1 + + group = Dojo_Group() + group.id = 1 + + template = Mock(Notifications(template=False, user=user)) + + role = Role.objects.get(id=Roles.Reader) + + system_settings_group = System_Settings() + system_settings_group.default_group = group + system_settings_group.default_group_role = role + + mock_settings.get.return_value = system_settings_group + save_mock_member = Mock(return_value=Dojo_Group_Member()) + mock_member.return_value = save_mock_member + + mock_notifications.objects.get.return_value = template + + user_post_save(None, user, True) + + mock_member.assert_called_with(group=group, user=user, role=role) + save_mock_member.save.assert_called_once() + + mock_notifications.objects.get.assert_called_with(template=True) + template.save.assert_called_once() + + @patch('dojo.models.System_Settings.objects') + @patch('dojo.utils.Dojo_Group_Member') + @patch('dojo.utils.Notifications') + def test_user_post_save_email_pattern_matches(self, mock_notifications, mock_member, mock_settings): + user = Dojo_User() + user.id = 1 + user.email = 'john.doe@example.com' + + group = Dojo_Group() + group.id = 1 + + role = Role.objects.get(id=Roles.Reader) + + system_settings_group = System_Settings() + system_settings_group.default_group = group + system_settings_group.default_group_role = role + system_settings_group.default_group_email_pattern = '.*@example.com' + + mock_settings.get.return_value = system_settings_group + save_mock_member = Mock(return_value=Dojo_Group_Member()) + mock_member.return_value = save_mock_member + save_mock_notifications = Mock(return_value=Notifications()) + mock_notifications.return_value = save_mock_notifications + mock_notifications.objects.get.side_effect = Exception("Mock no templates") + + user_post_save(None, user, True) + + mock_member.assert_called_with(group=group, user=user, role=role) + save_mock_member.save.assert_called_once() + + @patch('dojo.models.System_Settings.objects') + @patch('dojo.utils.Dojo_Group_Member') + @patch('dojo.utils.Notifications') + def test_user_post_save_email_pattern_does_not_match(self, mock_notifications, mock_member, mock_settings): + user = Dojo_User() + user.id = 1 + user.email = 'john.doe@partner.example.com' + + group = Dojo_Group() + group.id = 1 + + role = Role.objects.get(id=Roles.Reader) + + system_settings_group = System_Settings() + system_settings_group.default_group = group + system_settings_group.default_group_role = role + system_settings_group.default_group_email_pattern = '.*@example.com' + save_mock_notifications = Mock(return_value=Notifications()) + mock_notifications.return_value = save_mock_notifications + mock_notifications.objects.get.side_effect = Exception("Mock no templates") + + mock_settings.get.return_value = system_settings_group + save_mock_member = Mock(return_value=Dojo_Group_Member()) + mock_member.return_value = save_mock_member + + user_post_save(None, user, True) + + mock_member.assert_not_called() + save_mock_member.save.assert_not_called() + + +class assertNumOfModelsCreated(): + def __init__(self, test_case, queryset, num): + self.test_case = test_case + self.queryset = queryset + self.num = num + + def __enter__(self): + self.initial_model_count = self.queryset.count() + # logger.debug('initial model count for %s: %i', self.queryset.query, self.initial_model_count) + return self + + def __exit__(self, exc_type, exc_value, exc_traceback): + self.final_model_count = self.queryset.count() + # logger.debug('final model count for %s: %i', self.queryset.query, self.final_model_count) + created_count = self.final_model_count - self.initial_model_count + self.test_case.assertEqual( + created_count, self.num, + "%i %s objects created, %i expected. query: %s, first 100 objects: %s" % ( + created_count, self.queryset.model, self.num, self.queryset.query, self.queryset.all().order_by('-id')[:100] + ) + ) + + +@contextmanager +def assertTestImportModelsCreated(test_case, imports=0, reimports=0, affected_findings=0, + created=0, closed=0, reactivated=0, untouched=0): + + with assertNumOfModelsCreated(test_case, TEST_IMPORTS, num=imports) as ti_import_count, \ + assertNumOfModelsCreated(test_case, TEST_REIMPORTS, num=reimports) as ti_reimport_count, \ + assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_AFFECTED, num=affected_findings) as tifa_count, \ + assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_CREATED, num=created) as tifa_created_count, \ + assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_CLOSED, num=closed) as tifa_closed_count, \ + assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_REACTIVATED, num=reactivated) as tifa_reactivated_count, \ + assertNumOfModelsCreated(test_case, TEST_IMPORT_FINDING_ACTION_UNTOUCHED, num=untouched) as tifa_untouched_count: + + yield ( + ti_import_count, + ti_reimport_count, + tifa_count, + tifa_created_count, + tifa_closed_count, + tifa_reactivated_count, + tifa_untouched_count + ) + + +@contextmanager +def assertImportModelsCreated(test_case, tests=0, engagements=0, products=0, product_types=0, endpoints=0): + + with assertNumOfModelsCreated(test_case, TESTS, num=tests) as test_count, \ + assertNumOfModelsCreated(test_case, ENGAGEMENTS, num=engagements) as engagement_count, \ + assertNumOfModelsCreated(test_case, PRODUCTS, num=products) as product_count, \ + assertNumOfModelsCreated(test_case, PRODUCT_TYPES, num=product_types) as product_type_count, \ + assertNumOfModelsCreated(test_case, ENDPOINTS, num=endpoints) as endpoint_count: + + yield ( + test_count, + engagement_count, + product_count, + product_type_count, + endpoint_count, + ) diff --git a/unittests/tools/test_acunetix360_parser.py b/unittests/tools/test_acunetix360_parser.py index 3a752d3fa6d..d491a1de2b1 100644 --- a/unittests/tools/test_acunetix360_parser.py +++ b/unittests/tools/test_acunetix360_parser.py @@ -1,6 +1,7 @@ from ..dojo_test_case import DojoTestCase from dojo.models import Test from dojo.tools.acunetix360.parser import Acunetix360Parser +from datetime import datetime class TestAcunetix360Parser(DojoTestCase): @@ -23,6 +24,48 @@ def test_parse_file_with_one_finding(self): self.assertEqual(1, len(finding.unsaved_endpoints)) endpoint = finding.unsaved_endpoints[0] self.assertEqual(str(endpoint), "http://php.testsparker.com/auth/login.php") + self.assertEqual(finding.date, datetime(2021, 6, 16, 12, 30)) + self.assertIn("https://online.acunetix360.com/issues/detail/735f4503-e9eb-4b4c-4306-ad49020a4c4b", finding.references) + + def test_parse_file_with_one_finding_false_positive(self): + testfile = open("unittests/scans/acunetix360/acunetix360_one_finding_false_positive.json") + parser = Acunetix360Parser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertEqual(16, finding.cwe) + self.assertIsNotNone(finding.description) + self.assertGreater(len(finding.description), 0) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C", finding.cvssv3) + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual(str(endpoint), "http://php.testsparker.com/auth/login.php") + self.assertTrue(finding.false_p) + + def test_parse_file_with_one_finding_risk_accepted(self): + testfile = open("unittests/scans/acunetix360/acunetix360_one_finding_accepted_risk.json") + parser = Acunetix360Parser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertEqual(16, finding.cwe) + self.assertIsNotNone(finding.description) + self.assertGreater(len(finding.description), 0) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C", finding.cvssv3) + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual(str(endpoint), "http://php.testsparker.com/auth/login.php") + self.assertTrue(finding.risk_accepted) def test_parse_file_with_multiple_finding(self): testfile = open("unittests/scans/acunetix360/acunetix360_many_findings.json") @@ -64,3 +107,22 @@ def test_parse_file_with_multiple_finding(self): self.assertEqual(1, len(finding.unsaved_endpoints)) endpoint = finding.unsaved_endpoints[0] self.assertEqual(str(endpoint), "http://php.testsparker.com") + + def test_parse_file_with_mulitple_cwe(self): + testfile = open("unittests/scans/acunetix360/acunetix360_multiple_cwe.json") + parser = Acunetix360Parser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertEqual(16, finding.cwe) + self.assertIsNotNone(finding.description) + self.assertGreater(len(finding.description), 0) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C", finding.cvssv3) + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual(str(endpoint), "http://php.testsparker.com/auth/login.php") diff --git a/unittests/tools/test_anchore_engine_parser.py b/unittests/tools/test_anchore_engine_parser.py index 926981f5d65..3d21797b2c1 100644 --- a/unittests/tools/test_anchore_engine_parser.py +++ b/unittests/tools/test_anchore_engine_parser.py @@ -5,27 +5,27 @@ class TestAnchoreEngineParser(DojoTestCase): def test_anchore_engine_parser_has_no_finding(self): - testfile = open("unittests/scans/anchore/no_vuln.json") + testfile = open("unittests/scans/anchore_engine/no_vuln.json") parser = AnchoreEngineParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) def test_anchore_engine_parser_has_one_finding(self): - testfile = open("unittests/scans/anchore/one_vuln.json") + testfile = open("unittests/scans/anchore_engine/one_vuln.json") parser = AnchoreEngineParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) def test_anchore_engine_parser_has_many_findings(self): - testfile = open("unittests/scans/anchore/many_vulns.json") + testfile = open("unittests/scans/anchore_engine/many_vulns.json") parser = AnchoreEngineParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(23, len(findings)) def test_anchore_engine_parser_has_many_findings_2_4_1(self): - testfile = open("unittests/scans/anchore/many_vulns_2.4.1.json") + testfile = open("unittests/scans/anchore_engine/many_vulns_2.4.1.json") parser = AnchoreEngineParser() findings = parser.get_findings(testfile, Test()) testfile.close() @@ -35,3 +35,5 @@ def test_anchore_engine_parser_has_many_findings_2_4_1(self): self.assertEqual('systemd-pam', finding.component_name) self.assertEqual('239-41.el8_3.1', finding.component_version) self.assertEqual(6.7, finding.cvssv3_score) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-13776", finding.unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_anchore_enterprise_parser.py b/unittests/tools/test_anchore_enterprise_parser.py index d3f2a2e4867..81a35caa956 100644 --- a/unittests/tools/test_anchore_enterprise_parser.py +++ b/unittests/tools/test_anchore_enterprise_parser.py @@ -1,7 +1,7 @@ from os import path from ..dojo_test_case import DojoTestCase from dojo.tools.anchore_enterprise.parser import AnchoreEnterpriseParser -from dojo.tools.anchore_enterprise.parser import extract_cve, search_filepath +from dojo.tools.anchore_enterprise.parser import extract_vulnerability_id, search_filepath from dojo.models import Test @@ -23,22 +23,25 @@ def test_anchore_policy_check_parser_has_multiple_findings(self): parser = AnchoreEnterpriseParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(57, len(findings)) + finding = findings[1] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-2992", finding.unsaved_vulnerability_ids[0]) def test_anchore_policy_check_parser_invalid_format(self): with open(path.join(path.dirname(__file__), "../scans/anchore_enterprise/invalid_checks_format.json")) as testfile: with self.assertRaises(Exception): parser = AnchoreEnterpriseParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) - def test_anchore_policy_check_extract_cve(self): - cve = extract_cve("CVE-2019-14540+openapi-generator-cli-4.0.0.jar:jackson-databind") - self.assertEqual("CVE-2019-14540", cve) - cve = extract_cve("RHSA-2020:0227+sqlite") - self.assertEqual("", cve) - cve = extract_cve("41cb7cdf04850e33a11f80c42bf660b3") - self.assertEqual("", cve) - cve = extract_cve("") - self.assertEqual("", cve) + def test_anchore_policy_check_extract_vulnerability_id(self): + vulnerability_id = extract_vulnerability_id("CVE-2019-14540+openapi-generator-cli-4.0.0.jar:jackson-databind") + self.assertEqual("CVE-2019-14540", vulnerability_id) + vulnerability_id = extract_vulnerability_id("RHSA-2020:0227+sqlite") + self.assertEqual(None, vulnerability_id) + vulnerability_id = extract_vulnerability_id("41cb7cdf04850e33a11f80c42bf660b3") + self.assertEqual(None, vulnerability_id) + vulnerability_id = extract_vulnerability_id("") + self.assertEqual(None, vulnerability_id) def test_anchore_policy_check_parser_search_filepath(self): file_path = search_filepath( diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py index f1f301a916e..d00a4835f5a 100644 --- a/unittests/tools/test_anchore_grype_parser.py +++ b/unittests/tools/test_anchore_grype_parser.py @@ -22,12 +22,16 @@ def test_parser_has_many_findings(self): self.assertEqual(1509, len(findings)) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertIsNotNone(finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertGreaterEqual(len(vulnerability_ids), 1) if finding.vuln_id_from_tool == "CVE-2011-3389": - self.assertEqual("CVE-2011-3389", finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2011-3389', vulnerability_ids[0]) self.assertEqual("Medium", finding.severity) self.assertEqual("libgnutls-openssl27", finding.component_name) self.assertEqual("3.6.7-4+deb10u5", finding.component_version) + self.assertEqual("/var/lib/dpkg/status", finding.file_path) found = True break self.assertTrue(found) @@ -41,9 +45,12 @@ def test_grype_parser_with_one_criticle_vuln_has_one_findings(self): self.assertEqual(1567, len(findings)) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertIsNotNone(finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertGreaterEqual(len(vulnerability_ids), 1) if finding.vuln_id_from_tool == "CVE-2019-9192": - self.assertEqual("CVE-2019-9192", finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2019-9192', vulnerability_ids[0]) self.assertEqual("libc6-dev", finding.component_name) self.assertEqual("2.28-10", finding.component_version) self.assertEqual("Info", finding.severity) @@ -60,9 +67,12 @@ def test_grype_parser_with_many_vulns3(self): self.assertEqual(327, len(findings)) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertIsNotNone(finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertGreaterEqual(len(vulnerability_ids), 1) if finding.vuln_id_from_tool == "CVE-2011-3389": - self.assertEqual("CVE-2011-3389", finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2011-3389', vulnerability_ids[0]) self.assertEqual("Medium", finding.severity) self.assertEqual("libgnutls30", finding.component_name) self.assertEqual("3.6.7-4+deb10u5", finding.component_version) @@ -79,11 +89,14 @@ def test_grype_parser_with_new_matcher_list(self): self.assertEqual(9, len(findings)) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertIsNotNone(finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertGreaterEqual(len(vulnerability_ids), 1) if finding.vuln_id_from_tool == "CVE-1999-1338": - self.assertEqual("CVE-1999-1338", finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-1999-1338', vulnerability_ids[0]) self.assertEqual("Medium", finding.severity) - self.assertTrue("javascript-matcher" in finding.description) + self.assertIn("javascript-matcher", finding.description) self.assertEqual("delegate", finding.component_name) self.assertEqual("3.2.0", finding.component_version) found = True @@ -98,13 +111,15 @@ def test_check_all_fields(self): finding = findings[0] self.assertEqual('CVE-2004-0971 in libgssapi-krb5-2:1.17-3+deb10u3', finding.title) - description = '''**Vulnerability Id:** CVE-2004-0971 -**Vulnerability Namespace:** debian:10 + description = '''**Vulnerability Namespace:** debian:10 **Related Vulnerability Description:** The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. **Matcher:** dpkg-matcher **Package URL:** pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u3?arch=amd64''' self.assertEqual(description, finding.description) - self.assertEqual('CVE-2004-0971', finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2004-0971', vulnerability_ids[0]) + self.assertEqual('CVE-2004-0971', vulnerability_ids[1]) self.assertEqual(1352, finding.cwe) self.assertIsNone(finding.cvssv3) self.assertIsNone(finding.cvssv3_score) @@ -130,15 +145,16 @@ def test_check_all_fields(self): finding = findings[1] self.assertEqual('CVE-2021-32626 in redis:4.0.2', finding.title) - description = '''**Vulnerability Id:** CVE-2021-32626 -**Vulnerability Namespace:** nvd + description = '''**Vulnerability Namespace:** nvd **Vulnerability Description:** Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. **Matchers:** - python-matcher - python2-matcher **Package URL:** pkg:pypi/redis@4.0.2''' self.assertEqual(description, finding.description) - self.assertEqual('CVE-2021-32626', finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2021-32626', vulnerability_ids[0]) self.assertEqual(1352, finding.cwe) self.assertEqual('CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H', finding.cvssv3) self.assertEqual('High', finding.severity) @@ -165,13 +181,15 @@ def test_check_all_fields(self): finding = findings[2] self.assertEqual('CVE-2021-33574 in libc-bin:2.28-10', finding.title) - description = '''**Vulnerability Id:** CVE-2021-33574 -**Vulnerability Namespace:** debian:10 + description = '''**Vulnerability Namespace:** debian:10 **Related Vulnerability Description:** The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. **Matcher:** dpkg-matcher **Package URL:** pkg:deb/debian/libc-bin@2.28-10?arch=amd64''' self.assertEqual(description, finding.description) - self.assertEqual('CVE-2021-33574', finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2021-33574', vulnerability_ids[0]) + self.assertEqual('CVE-2021-33574', vulnerability_ids[1]) self.assertEqual(1352, finding.cwe) self.assertEqual('CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', finding.cvssv3) self.assertEqual('Critical', finding.severity) @@ -194,13 +212,15 @@ def test_check_all_fields(self): finding = findings[3] self.assertEqual('CVE-2021-33574 in libc6:2.28-10', finding.title) - description = '''**Vulnerability Id:** CVE-2021-33574 -**Vulnerability Namespace:** debian:10 + description = '''**Vulnerability Namespace:** debian:10 **Related Vulnerability Description:** The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. **Matcher:** dpkg-matcher **Package URL:** pkg:deb/debian/libc6@2.28-10?arch=amd64''' self.assertEqual(description, finding.description) - self.assertEqual('CVE-2021-33574', finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2021-33574', vulnerability_ids[0]) + self.assertEqual('CVE-2021-33574', vulnerability_ids[1]) self.assertEqual(1352, finding.cwe) self.assertEqual('CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', finding.cvssv3) self.assertEqual('Critical', finding.severity) @@ -222,16 +242,17 @@ def test_check_all_fields(self): self.assertEqual(1, finding.nb_occurences) finding = findings[4] - self.assertEqual('CVE-2021-44420 in Django:3.2.9', finding.title) - description = '''**Vulnerability Id:** GHSA-v6rh-hp5x-86rv -**Vulnerability Namespace:** github:python + self.assertEqual('GHSA-v6rh-hp5x-86rv in Django:3.2.9', finding.title) + description = '''**Vulnerability Namespace:** github:python **Vulnerability Description:** Potential bypass of an upstream access control based on URL paths in Django -**Related Vulnerability Id:** CVE-2021-44420 **Related Vulnerability Description:** In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. **Matcher:** python-matcher **Package URL:** pkg:pypi/Django@3.2.9''' self.assertEqual(description, finding.description) - self.assertEqual('CVE-2021-44420', finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('GHSA-v6rh-hp5x-86rv', vulnerability_ids[0]) + self.assertEqual('CVE-2021-44420', vulnerability_ids[1]) self.assertEqual(1352, finding.cwe) self.assertEqual('CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L', finding.cvssv3) self.assertEqual('High', finding.severity) diff --git a/unittests/tools/test_anchorectl_policies_parser.py b/unittests/tools/test_anchorectl_policies_parser.py new file mode 100644 index 00000000000..a420802fc20 --- /dev/null +++ b/unittests/tools/test_anchorectl_policies_parser.py @@ -0,0 +1,29 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.anchorectl_policies.parser import AnchoreCTLPoliciesParser +from dojo.models import Test + + +class TestAnchoreCTLPoliciesParser(DojoTestCase): + def test_anchore_engine_parser_has_no_finding(self): + testfile = open("unittests/scans/anchorectl_policies/no_violation.json") + parser = AnchoreCTLPoliciesParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_anchore_engine_parser_has_one_finding_and_it_is_correctly_parsed(self): + testfile = open("unittests/scans/anchorectl_policies/one_violation.json") + parser = AnchoreCTLPoliciesParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + singleFinding = findings[0] + self.assertEqual(singleFinding.severity, 'Medium') + self.assertEqual(singleFinding.title, 'RootUser - gate|dockerfile - trigger|b2605c2ddbdb02b8e2365c9248dada5a') + self.assertEqual(singleFinding.description, 'User root found as effective user, which is not on the allowed list') + + def test_anchore_engine_parser_has_many_findings(self): + testfile = open("unittests/scans/anchorectl_policies/many_violations.json") + parser = AnchoreCTLPoliciesParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(3, len(findings)) diff --git a/unittests/tools/test_anchorectl_vulns_parser.py b/unittests/tools/test_anchorectl_vulns_parser.py new file mode 100644 index 00000000000..10b8a6dea85 --- /dev/null +++ b/unittests/tools/test_anchorectl_vulns_parser.py @@ -0,0 +1,29 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.anchorectl_vulns.parser import AnchoreCTLVulnsParser +from dojo.models import Test + + +class TestAnchoreCTLVulnsParser(DojoTestCase): + def test_anchore_engine_parser_has_no_finding(self): + testfile = open("unittests/scans/anchorectl_vulns/no_vuln.json") + parser = AnchoreCTLVulnsParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_anchore_engine_parser_has_one_finding_and_it_is_correctly_parsed(self): + testfile = open("unittests/scans/anchorectl_vulns/one_vuln.json") + parser = AnchoreCTLVulnsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + singleFinding = findings[0] + self.assertEqual(singleFinding.title, 'CVE-2011-3389 - libgnutls30-3.5.8-5+deb9u4(dpkg)') + self.assertEqual(singleFinding.severity, 'Medium') + self.assertEqual(singleFinding.description, '**Image hash**: None\n\n**Package**: libgnutls30-3.5.8-5+deb9u4\n\n**Package path**: None\n\n**Package type**: dpkg\n\n**Feed**: vulnerabilities/debian:9\n\n**CPE**: None\n\n**Description**: That test description\n\n') + + def test_anchore_engine_parser_has_many_findings(self): + testfile = open("unittests/scans/anchorectl_vulns/many_vulns.json") + parser = AnchoreCTLVulnsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(23, len(findings)) diff --git a/unittests/tools/test_api_blackduck_parser.py b/unittests/tools/test_api_blackduck_parser.py new file mode 100644 index 00000000000..f0365c0a0de --- /dev/null +++ b/unittests/tools/test_api_blackduck_parser.py @@ -0,0 +1,42 @@ + +from dojo.models import Test, SEVERITIES +from dojo.tools.api_blackduck.parser import ApiBlackduckParser + +from ..dojo_test_case import DojoTestCase + + +class TestApiBlackduckParser(DojoTestCase): + + def test_bandit_parser_has_many_findings(self): + testfile = open("unittests/scans/api_blackduck/many_vulns.json") + parser = ApiBlackduckParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + finding.clean() + self.assertIn(finding.severity, SEVERITIES) + self.assertEqual(43, len(findings)) + with self.subTest(i=0): + item = findings[0] + self.assertEqual("BDSA-2021-2909 in cdr/code-server:3.3.0-rc.27", item.title) + self.assertEqual("Medium", item.severity) + self.assertEqual("cdr/code-server", item.component_name) + self.assertEqual("3.3.0-rc.27", item.component_version) + self.assertEqual(400, item.cwe) + self.assertEqual("BDSA-2021-2909", item.unique_id_from_tool) + with self.subTest(i=20): + item = findings[20] + self.assertEqual("BDSA-2019-2252 in LibreOffice:6.0.0.3", item.title) + self.assertEqual("High", item.severity) + self.assertEqual("LibreOffice", item.component_name) + self.assertEqual("6.0.0.3", item.component_version) + self.assertEqual(749, item.cwe) + self.assertEqual("BDSA-2019-2252", item.unique_id_from_tool) + with self.subTest(i=42): + item = findings[42] + self.assertEqual("BDSA-2020-3620 in y18n:5.0.1", item.title) + self.assertEqual("Medium", item.severity) + self.assertEqual("y18n", item.component_name) + self.assertEqual("5.0.1", item.component_version) + self.assertEqual(668, item.cwe) + self.assertEqual("BDSA-2020-3620", item.unique_id_from_tool) diff --git a/unittests/tools/test_api_bugcrowd_importer.py b/unittests/tools/test_api_bugcrowd_importer.py new file mode 100644 index 00000000000..aceb037677e --- /dev/null +++ b/unittests/tools/test_api_bugcrowd_importer.py @@ -0,0 +1,134 @@ +from django.core.exceptions import ValidationError +from django.test import TestCase +from unittest.mock import patch + +from dojo.models import ( + Test, + Engagement, + Product, + Product_API_Scan_Configuration, + Tool_Type, + Tool_Configuration, +) +from dojo.tools.api_bugcrowd.importer import BugcrowdApiImporter + + +class TestBugcrowdApiImporter(TestCase): + @classmethod + def setUpTestData(cls): + + cls.tool_type = Tool_Type() + cls.tool_configuration = Tool_Configuration() + cls.tool_configuration.tool_type = cls.tool_type + cls.tool_configuration.authentication_type = "API" + cls.tool_configuration.api_key = "API_KEY" + cls.tool_configuration.extras = '{"extras": "EXTRAS"}' + + cls.product = Product() + cls.product.name = "Product" + cls.engagement = Engagement() + cls.engagement.product = cls.product + cls.test = Test() + cls.test.engagement = cls.engagement + + # This API Scan configuration is not connected to a test + cls.api_scan_configuration = Product_API_Scan_Configuration() + cls.api_scan_configuration.product = cls.product + cls.api_scan_configuration.tool_configuration = cls.tool_configuration + + cls.product_2 = Product() + cls.product_2.name = "Product_2" + cls.engagement_2 = Engagement() + cls.engagement_2.product = cls.product_2 + cls.test_2 = Test() + cls.test_2.engagement = cls.engagement_2 + + # This API Scan Configuration is connected with test_2 + cls.api_scan_configuration_2 = Product_API_Scan_Configuration() + cls.test_2.api_scan_configuration = cls.api_scan_configuration_2 + cls.api_scan_configuration_2.product = cls.product_2 + cls.api_scan_configuration_2.tool_configuration = cls.tool_configuration + cls.api_scan_configuration_2.service_key_1 = "SERVICE_KEY_1" + cls.api_scan_configuration_2.service_key_2 = "SERVICE_KEY_2" + + cls.findings = ["a", "b"] + + def test_prepare_client_do_not_match(self): + product_3 = Product() + engagement_3 = Engagement() + engagement_3.product = product_3 + test_3 = Test() + test_3.engagement = engagement_3 + api_scan_configuration_3 = Product_API_Scan_Configuration() + api_scan_configuration_3.product = self.product + test_3.api_scan_configuration = api_scan_configuration_3 + + with self.assertRaisesRegex( + ValidationError, + r'API Scan Configuration for Bugcrowd API and Product do not match. Product: "" \(None\), config\.product: "Product" \(None\)', + ): + bugrcrowd_api_importer = BugcrowdApiImporter() + bugrcrowd_api_importer.prepare_client(test_3) + + @patch("dojo.models.Product_API_Scan_Configuration.objects") + def test_prepare_client_more_than_one_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 2 + + with self.assertRaisesRegex( + ValidationError, + r'More than one Product API Scan Configuration has been configured, but none of them has been chosen\. Please specify at Test which one should be used\. Product: "Product" \(None\)', + ): + bugrcrowd_api_importer = BugcrowdApiImporter() + bugrcrowd_api_importer.prepare_client(self.test) + + mock_foo.filter.assert_called_with(product=self.product) + + @patch("dojo.models.Product_API_Scan_Configuration.objects") + def test_prepare_client_no_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 0 + + with self.assertRaisesRegex( + ValidationError, r'There are no API Scan Configurations for this Product\. Please add at least one API Scan Configuration for bugcrowd to this Product\. Product: "Product" \(None\)' + ): + bugrcrowd_api_importer = BugcrowdApiImporter() + bugrcrowd_api_importer.prepare_client(self.test) + + mock_foo.filter.assert_called_with(product=self.product) + + @patch("dojo.models.Product_API_Scan_Configuration.objects") + def test_prepare_client_one_product_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 1 + mock_foo.first.return_value = self.api_scan_configuration + + bugrcrowd_api_importer = BugcrowdApiImporter() + bugcrowd_api, api_scan_configuration = bugrcrowd_api_importer.prepare_client( + self.test + ) + + mock_foo.filter.assert_called_with( + product=self.product, tool_configuration__tool_type__name="Bugcrowd API" + ) + self.assertEqual(api_scan_configuration, self.api_scan_configuration) + self.assertEqual(bugcrowd_api.api_token, "API_KEY") + + def test_prepare_client_one_test_configuration(self): + bugrcrowd_api_importer = BugcrowdApiImporter() + bugcrowd_api, api_scan_configuration = bugrcrowd_api_importer.prepare_client( + self.test_2 + ) + + self.assertEqual(api_scan_configuration, self.api_scan_configuration_2) + self.assertEqual(bugcrowd_api.api_token, "API_KEY") + + @patch("dojo.tools.api_bugcrowd.importer.BugcrowdAPI.get_findings") + def test_get_findings(self, mock_foo): + mock_foo.return_value = self.findings + + bugrcrowd_api_importer = BugcrowdApiImporter() + my_findings, api_scan_config = bugrcrowd_api_importer.get_findings(self.test_2) + + mock_foo.assert_called_with("SERVICE_KEY_1", "SERVICE_KEY_2") + self.assertListEqual(my_findings, self.findings) diff --git a/unittests/tools/test_api_bugcrowd_parser.py b/unittests/tools/test_api_bugcrowd_parser.py new file mode 100644 index 00000000000..f692797a19e --- /dev/null +++ b/unittests/tools/test_api_bugcrowd_parser.py @@ -0,0 +1,156 @@ +import datetime + +from django.test import TestCase +from dojo.tools.api_bugcrowd.parser import ApiBugcrowdParser +from dojo.models import Test, Product_API_Scan_Configuration + + +class TestApiBugcrowdParser(TestCase): + def test_parse_file_with_no_vuln_has_no_findings(self): + with open("unittests/scans/api_bugcrowd/bugcrowd_empty.json") as testfile: + parser = ApiBugcrowdParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_findings(self): + with open("unittests/scans/api_bugcrowd/bugcrowd_one.json") as testfile: + + # description = """ + # Vulnerability Name: JWT alg none + + # Bugcrowd details: + # - Severity: P5 + # - Bug Url: https://example.com/ + + # Bugcrowd link: /submissions/a4201d47-62e1-4287-9ff6-30807ae9d36a""" + parser = ApiBugcrowdParser() + test = Test() + test.api_scan_configuration = Product_API_Scan_Configuration() + test.api_scan_configuration.service_key_1 = "example" + findings = parser.get_findings(testfile, test) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "JWT Alg none") + self.assertEqual( + datetime.datetime.date(finding.date), datetime.date(2002, 4, 1) + ) + self.assertEqual(str(finding.unsaved_endpoints[0]), "https://example.com") + self.assertEqual(finding.severity, "Info") + # self.assertEqual(finding.description, description) + self.assertEqual(finding.mitigation, "Properly do JWT") + self.assertEqual(finding.active, True) + self.assertEqual( + finding.unique_id_from_tool, "a4201d47-62e1-4287-9ff6-30807ae9d36a" + ) + self.assertIn( + "/submissions/a4201d47-62e1-4287-9ff6-30807ae9d36a", + finding.references + ) + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + def test_parse_file_with_multiple_vuln_has_multiple_finding(self): + with open("unittests/scans/api_bugcrowd/bugcrowd_many.json") as testfile: + parser = ApiBugcrowdParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) + finding_1 = findings[0] + finding_2 = findings[1] + finding_3 = findings[2] + + self.assertEqual(finding_1.title, "Big bad problem") + self.assertEqual(finding_2.title, "you did something wrong") + self.assertEqual(finding_3.title, "you did something wrong (returned)") + + self.assertEqual( + datetime.datetime.date(finding_1.date), datetime.date(2000, 1, 1) + ) + self.assertEqual( + datetime.datetime.date(finding_2.date), datetime.date(2000, 1, 2) + ) + self.assertEqual( + datetime.datetime.date(finding_3.date), datetime.date(2000, 1, 3) + ) + + self.assertEqual( + str(finding_1.unsaved_endpoints[0]), "https://example.com/1" + ) + self.assertEqual( + str(finding_2.unsaved_endpoints[0]), "https://example.com/2" + ) + self.assertEqual( + str(finding_3.unsaved_endpoints[0]), "https://example.com/3" + ) + for endpoint in finding_1.unsaved_endpoints: + endpoint.clean() + for endpoint in finding_2.unsaved_endpoints: + endpoint.clean() + for endpoint in finding_3.unsaved_endpoints: + endpoint.clean() + self.assertEqual(finding_1.severity, "Info") + self.assertEqual(finding_2.severity, "Critical") + self.assertEqual(finding_3.severity, "Info") + + self.assertEqual(finding_1.mitigation, "Do things properly1") + self.assertEqual(finding_2.mitigation, "Do things properly2") + self.assertEqual(finding_3.mitigation, "Do things properly3") + + self.assertEqual(finding_1.active, False) + self.assertEqual(finding_2.active, True) + self.assertEqual(finding_3.active, False) + + self.assertEqual(finding_1.is_mitigated, True) + self.assertEqual(finding_2.is_mitigated, False) + self.assertEqual(finding_3.is_mitigated, False) + self.assertEqual(finding_3.risk_accepted, False) + + self.assertEqual( + finding_1.unique_id_from_tool, "3b0e6b2a-c21e-493e-bd19-de40f525016e" + ) + self.assertEqual( + finding_2.unique_id_from_tool, "b2f1066a-6188-4479-bab8-39cc5434f06f" + ) + self.assertEqual( + finding_3.unique_id_from_tool, "335a7ba5-57ba-485a-b40e-2f9aa4e19786" + ) + + def test_parse_file_with_not_reproducible_finding(self): + with open( + "unittests/scans/api_bugcrowd/bugcrowd_not_reproducible.json" + ) as testfile: + + # description = """ + # Vulnerability Name: JWT alg none + + # Bugcrowd details: + # - Severity: P5 + # - Bug Url: https://example.com/ + + # Bugcrowd link: /submissions/a4201d47-62e1-4287-9ff6-30807ae9d36a""" + parser = ApiBugcrowdParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "JWT Alg none") + self.assertEqual( + datetime.datetime.date(finding.date), datetime.date(2002, 4, 1) + ) + self.assertEqual(str(finding.unsaved_endpoints[0]), "https://example.com") + self.assertEqual(finding.severity, "Info") + # self.assertEqual(finding.description, description) + self.assertEqual(finding.mitigation, "Properly do JWT") + self.assertEqual(finding.active, False) + self.assertEqual(finding.false_p, True) + self.assertEqual( + finding.unique_id_from_tool, "a4201d47-62e1-4287-9ff6-30807ae9d36a" + ) + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + def test_parse_file_with_broken_bug_url(self): + with open("unittests/scans/api_bugcrowd/bugcrowd_broken_bug_url.json") as testfile: + parser = ApiBugcrowdParser() + with self.assertLogs('dojo.tools.api_bugcrowd.parser', level='ERROR') as cm: + parser.get_findings(testfile, Test()) + self.assertEqual(cm.output, ['ERROR:dojo.tools.api_bugcrowd.parser:' + 'Error parsing bugcrowd bug_url : curl https://example.com/']) diff --git a/unittests/tools/test_cobalt_api_importer.py b/unittests/tools/test_api_cobalt_importer.py similarity index 84% rename from unittests/tools/test_cobalt_api_importer.py rename to unittests/tools/test_api_cobalt_importer.py index 781ab17874a..28211b6c58e 100644 --- a/unittests/tools/test_cobalt_api_importer.py +++ b/unittests/tools/test_api_cobalt_importer.py @@ -1,9 +1,10 @@ import json from ..dojo_test_case import DojoTestCase from unittest.mock import patch +from django.core.exceptions import ValidationError from dojo.models import Test, Engagement, Product, Product_API_Scan_Configuration, Tool_Type, Tool_Configuration -from dojo.tools.cobalt_api.importer import CobaltApiImporter +from dojo.tools.api_cobalt.importer import CobaltApiImporter class TestCobaltApiImporter(DojoTestCase): @@ -56,7 +57,7 @@ def test_prepare_client_do_not_match(self): api_scan_configuration_3.product = self.product test_3.api_scan_configuration = api_scan_configuration_3 - with self.assertRaisesRegex(Exception, 'API Scan Configuration for Cobalt.io and Product do not match.'): + with self.assertRaisesRegex(ValidationError, r'API Scan Configuration for Cobalt\.io and Product do not match\. Product: "" \(None\), config\.product: "Product" \(None\)'): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(test_3) @@ -65,7 +66,7 @@ def test_prepare_client_more_than_one_configuration(self, mock_foo): mock_foo.filter.return_value = mock_foo mock_foo.count.return_value = 2 - with self.assertRaisesRegex(Exception, 'More than one Product API Scan Configuration has been configured, but none of them has been chosen.'): + with self.assertRaisesRegex(ValidationError, r'More than one Product API Scan Configuration has been configured, but none of them has been chosen\. Please specify at Test which one should be used\. Product: "Product" \(None\)'): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(self.test) @@ -76,7 +77,7 @@ def test_prepare_client_no_configuration(self, mock_foo): mock_foo.filter.return_value = mock_foo mock_foo.count.return_value = 0 - with self.assertRaisesRegex(Exception, 'There are no API Scan Configurations for this Product.'): + with self.assertRaisesRegex(ValidationError, r'There are no API Scan Configurations for this Product\. Please add at least one API Scan Configuration for Cobalt\.io to this Product\. Product: "Product" \(None\)'): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(self.test) @@ -104,7 +105,7 @@ def test_prepare_client_one_test_configuration(self): self.assertEqual(cobalt_api.api_token, 'API_KEY') self.assertEqual(cobalt_api.org_token, 'EXTRAS') - @patch('dojo.tools.cobalt_api.importer.CobaltAPI.get_findings') + @patch('dojo.tools.api_cobalt.importer.CobaltAPI.get_findings') def test_get_findings(self, mock_foo): mock_foo.return_value = self.findings diff --git a/unittests/tools/test_cobalt_api_parser.py b/unittests/tools/test_api_cobalt_parser.py similarity index 89% rename from unittests/tools/test_cobalt_api_parser.py rename to unittests/tools/test_api_cobalt_parser.py index b59c6d1b10d..f9c8ad64fb6 100644 --- a/unittests/tools/test_cobalt_api_parser.py +++ b/unittests/tools/test_api_cobalt_parser.py @@ -3,22 +3,22 @@ from ..dojo_test_case import DojoTestCase, get_unit_tests_path from unittest.mock import patch -from dojo.tools.cobalt_api.parser import CobaltApiParser +from dojo.tools.api_cobalt.parser import ApiCobaltParser from dojo.models import Test, Test_Type -class TestCobaltApiParser(DojoTestCase): +class TestApiCobaltParser(DojoTestCase): def test_cobalt_api_parser_with_no_vuln_has_no_findings(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_zero_vul.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_zero_vul.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(0, len(findings)) def test_cobalt_api_parser_with_many_vuln_has_many_findings(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_many_vul.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_many_vul.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -27,8 +27,8 @@ def test_cobalt_api_parser_with_many_vuln_has_many_findings(self): self.assertEqual(3, len(findings)) def test_cobalt_api_parser_with_carried_over_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_carried_over.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_carried_over.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -55,8 +55,8 @@ def test_cobalt_api_parser_with_carried_over_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_check_fix_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_check_fix.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_check_fix.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -83,8 +83,8 @@ def test_cobalt_api_parser_with_check_fix_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_invalid_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_invalid.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_invalid.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -94,7 +94,7 @@ def test_cobalt_api_parser_with_invalid_finding(self): finding = findings[0] self.assertEqual("SQL Injection", finding.title) self.assertEqual("2021-01-01", finding.date) - self.assertEqual("Low", finding.severity) + self.assertEqual("Critical", finding.severity) self.assertIn("A SQL injection attack...", finding.description) self.assertEqual("Ensure this...", finding.mitigation) self.assertEqual("Do this than that...", finding.steps_to_reproduce) @@ -111,8 +111,8 @@ def test_cobalt_api_parser_with_invalid_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_need_fix_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_need_fix.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_need_fix.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -139,8 +139,8 @@ def test_cobalt_api_parser_with_need_fix_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_new_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_new.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_new.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -167,8 +167,8 @@ def test_cobalt_api_parser_with_new_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_out_of_scope_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_out_of_scope.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_out_of_scope.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -178,7 +178,7 @@ def test_cobalt_api_parser_with_out_of_scope_finding(self): finding = findings[0] self.assertEqual("SQL Injection", finding.title) self.assertEqual("2021-01-01", finding.date) - self.assertEqual("Low", finding.severity) + self.assertEqual("Info", finding.severity) self.assertIn("A SQL injection attack...", finding.description) self.assertEqual("Ensure this...", finding.mitigation) self.assertEqual("Do this than that...", finding.steps_to_reproduce) @@ -195,8 +195,8 @@ def test_cobalt_api_parser_with_out_of_scope_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_triaging_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_triaging.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_triaging.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -223,8 +223,8 @@ def test_cobalt_api_parser_with_triaging_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_valid_fix_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_valid_fix.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_valid_fix.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -251,8 +251,8 @@ def test_cobalt_api_parser_with_valid_fix_finding(self): self.assertTrue(finding.dynamic_finding) def test_cobalt_api_parser_with_wont_fix_finding(self): - testfile = open("unittests/scans/cobalt_api/cobalt_api_one_vul_wont_fix.json") - parser = CobaltApiParser() + testfile = open("unittests/scans/api_cobalt/cobalt_api_one_vul_wont_fix.json") + parser = ApiCobaltParser() findings = parser.get_findings(testfile, Test()) testfile.close() for finding in findings: @@ -278,9 +278,9 @@ def test_cobalt_api_parser_with_wont_fix_finding(self): self.assertFalse(finding.static_finding) self.assertTrue(finding.dynamic_finding) - @patch('dojo.tools.cobalt_api.importer.CobaltApiImporter.get_findings') + @patch('dojo.tools.api_cobalt.importer.CobaltApiImporter.get_findings') def test_cobalt_api_parser_with_api(self, mock): - with open(get_unit_tests_path() + '/scans/cobalt_api/cobalt_api_many_vul.json') as api_findings_file: + with open(get_unit_tests_path() + '/scans/api_cobalt/cobalt_api_many_vul.json') as api_findings_file: api_findings = json.load(api_findings_file) mock.return_value = api_findings @@ -289,7 +289,7 @@ def test_cobalt_api_parser_with_api(self, mock): test = Test() test.test_type = test_type - parser = CobaltApiParser() + parser = ApiCobaltParser() findings = parser.get_findings(None, test) mock.assert_called_with(test) diff --git a/unittests/tools/test_api_edgescan_importer.py b/unittests/tools/test_api_edgescan_importer.py new file mode 100644 index 00000000000..db23ea5709d --- /dev/null +++ b/unittests/tools/test_api_edgescan_importer.py @@ -0,0 +1,114 @@ +import json +from django.test import TestCase +from unittest.mock import patch +from django.core.exceptions import ValidationError + +from dojo.models import Test, Engagement, Product, Product_API_Scan_Configuration, Tool_Type, Tool_Configuration +from dojo.tools.api_edgescan.importer import EdgescanImporter + + +class TestEdgescanImporter(TestCase): + + @classmethod + def setUpTestData(cls): + + cls.tool_type = Tool_Type() + cls.tool_configuration = Tool_Configuration() + cls.tool_configuration.tool_type = cls.tool_type + cls.tool_configuration.authentication_type = 'API' + cls.tool_configuration.api_key = 'API_KEY' + cls.tool_configuration.extras = '{"extras": "EXTRAS"}' + + cls.product = Product() + cls.product.name = 'Product' + cls.engagement = Engagement() + cls.engagement.product = cls.product + cls.test = Test() + cls.test.engagement = cls.engagement + + # This API Scan configuration is not connected to a test + cls.api_scan_configuration = Product_API_Scan_Configuration() + cls.api_scan_configuration.product = cls.product + cls.api_scan_configuration.tool_configuration = cls.tool_configuration + + cls.product_2 = Product() + cls.product_2.name = 'Product_2' + cls.engagement_2 = Engagement() + cls.engagement_2.product = cls.product_2 + cls.test_2 = Test() + cls.test_2.engagement = cls.engagement_2 + + # This API Scan Configuration is connected with test_2 + cls.api_scan_configuration_2 = Product_API_Scan_Configuration() + cls.test_2.api_scan_configuration = cls.api_scan_configuration_2 + cls.api_scan_configuration_2.product = cls.product_2 + cls.api_scan_configuration_2.tool_configuration = cls.tool_configuration + cls.api_scan_configuration_2.service_key_1 = 'SERVICE_KEY_1' + + cls.findings = json.dumps({'a': 1, 'b': 2}) + + def test_prepare_client_do_not_match(self): + product_3 = Product() + engagement_3 = Engagement() + engagement_3.product = product_3 + test_3 = Test() + test_3.engagement = engagement_3 + api_scan_configuration_3 = Product_API_Scan_Configuration() + api_scan_configuration_3.product = self.product + test_3.api_scan_configuration = api_scan_configuration_3 + + with self.assertRaisesRegex(ValidationError, r'API Scan Configuration for Edgescan and Product do not match. Product: "" \(None\), config\.product: "Product" \(None\)'): + edgescan_importer = EdgescanImporter() + edgescan_importer.prepare_client(test_3) + + @patch('dojo.models.Product_API_Scan_Configuration.objects') + def test_prepare_client_more_than_one_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 2 + + with self.assertRaisesRegex(ValidationError, r'More than one Product API Scan Configuration has been configured, but none of them has been chosen\.\\nPlease specify at Test which one should be used\. Product: "Product" \(None\)'): + edgescan_importer = EdgescanImporter() + edgescan_importer.prepare_client(self.test) + + mock_foo.filter.assert_called_with(product=self.product) + + @patch('dojo.models.Product_API_Scan_Configuration.objects') + def test_prepare_client_no_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 0 + + with self.assertRaisesRegex(ValidationError, r'There are no API Scan Configurations for this Product\.\\nPlease add at least one API Scan Configuration for Edgescan to this Product\. Product: "Product" \(None\)'): + edgescan_importer = EdgescanImporter() + edgescan_importer.prepare_client(self.test) + + mock_foo.filter.assert_called_with(product=self.product) + + @patch('dojo.models.Product_API_Scan_Configuration.objects') + def test_prepare_client_one_product_configuration(self, mock_foo): + mock_foo.filter.return_value = mock_foo + mock_foo.count.return_value = 1 + mock_foo.first.return_value = self.api_scan_configuration + + edgescan_importer = EdgescanImporter() + edgescan_api, api_scan_configuration = edgescan_importer.prepare_client(self.test) + + mock_foo.filter.assert_called_with(product=self.product) + self.assertEqual(api_scan_configuration, self.api_scan_configuration) + self.assertEqual(edgescan_api.api_key, 'API_KEY') + + def test_prepare_client_one_test_configuration(self): + edgescan_importer = EdgescanImporter() + edgescan_api, api_scan_configuration = edgescan_importer.prepare_client(self.test_2) + + self.assertEqual(api_scan_configuration, self.api_scan_configuration_2) + self.assertEqual(edgescan_api.api_key, 'API_KEY') + + @patch('dojo.tools.api_edgescan.importer.EdgescanAPI.get_findings') + def test_get_findings(self, mock_foo): + mock_foo.return_value = self.findings + + edgescan_importer = EdgescanImporter() + my_findings = edgescan_importer.get_findings(self.test_2) + + mock_foo.assert_called_with('SERVICE_KEY_1') + self.assertEqual(my_findings, self.findings) diff --git a/unittests/tools/test_api_edgescan_parser.py b/unittests/tools/test_api_edgescan_parser.py new file mode 100644 index 00000000000..cb8903a937d --- /dev/null +++ b/unittests/tools/test_api_edgescan_parser.py @@ -0,0 +1,101 @@ +from django.test import TestCase + +from dojo.tools.api_edgescan.parser import ApiEdgescanParser +from dojo.models import Test + + +class TestApiEdgescanParser(TestCase): + + def test_get_scan_types(self): + parser = ApiEdgescanParser() + self.assertEqual(parser.get_scan_types(), ["Edgescan Scan"]) + + def test_get_label_for_scan_types(self): + scan_type = "Edgescan Scan" + parser = ApiEdgescanParser() + self.assertEqual(parser.get_label_for_scan_types(scan_type), "Edgescan Scan") + + def get_description_for_scan_types(self): + scan_type = "Edgescan Scan" + parser = ApiEdgescanParser() + self.assertEqual( + parser.get_description_for_scan_types(scan_type), + "Edgescan findings can be imported by API or JSON file." + ) + + def test_requires_file(self): + parser = ApiEdgescanParser() + self.assertEqual(parser.requires_file("scan_type"), False) + + def test_requires_tool_type(self): + parser = ApiEdgescanParser() + self.assertEqual(parser.requires_tool_type("scan_type"), "Edgescan") + + def test_parse_file_with_no_vuln_has_no_findings(self): + with open("unittests/scans/api_edgescan/no_vuln.json") as testfile: + parser = ApiEdgescanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_findings(self): + with open("unittests/scans/api_edgescan/one_vuln.json") as testfile: + parser = ApiEdgescanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "Cross-site scripting (reflected)") + self.assertEqual(finding.date, "2014-12-05") + self.assertEqual(finding.cwe, 75) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "CVE-2021-5300") + self.assertEqual(finding.cvssv3, "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N") + self.assertEqual(finding.url, "192.168.1.1") + self.assertEqual(finding.severity, "High") + self.assertEqual(finding.description, "Description Text") + self.assertEqual(finding.mitigation, "Remediation Text") + self.assertEqual(finding.active, True) + self.assertEqual(finding.tags, ["APPROVED", "Demo-Asset", "ABC Corporate", "test"]) + self.assertEqual(finding.unique_id_from_tool, 21581) + self.assertEqual(1, len(finding.unsaved_endpoints)) + self.assertEqual(finding.unsaved_endpoints[0].host, "192.168.1.1") + self.assertEqual(finding.unsaved_endpoints[0].protocol, None) + + def test_parse_file_with_multiple_vuln_has_multiple_finding(self): + with open("unittests/scans/api_edgescan/many_vulns.json") as testfile: + parser = ApiEdgescanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(2, len(findings)) + finding_1 = findings[0] + finding_2 = findings[1] + self.assertEqual(finding_1.title, "Cross-site scripting (reflected)") + self.assertEqual(finding_1.date, "2014-12-05") + self.assertEqual(finding_1.cwe, 75) + self.assertEqual(1, len(finding_1.unsaved_vulnerability_ids)) + self.assertEqual(finding_1.unsaved_vulnerability_ids[0], "CVE-2021-5300") + self.assertEqual(finding_1.cvssv3, None) + self.assertEqual(finding_1.url, "https://test.example.com") + self.assertEqual(finding_1.severity, "High") + self.assertEqual(finding_1.description, "Description Text") + self.assertEqual(finding_1.mitigation, "Remediation Text") + self.assertEqual(finding_1.active, True) + self.assertEqual(finding_1.tags, ["APPROVED", "Demo-Asset"]) + self.assertEqual(finding_1.unique_id_from_tool, 21581) + self.assertEqual(1, len(finding_1.unsaved_endpoints)) + self.assertEqual(finding_1.unsaved_endpoints[0].host, "test.example.com") + self.assertEqual(finding_1.unsaved_endpoints[0].protocol, "https") + self.assertEqual(finding_2.title, "Directory listing") + self.assertEqual(finding_2.date, "2014-09-05") + self.assertEqual(finding_2.cwe, 77) + self.assertEqual(1, len(finding_2.unsaved_vulnerability_ids)) + self.assertEqual(finding_2.unsaved_vulnerability_ids[0], "CVE-2021-4008") + self.assertEqual(finding_2.cvssv3, "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N") + self.assertEqual(finding_2.url, "example.test.com") + self.assertEqual(finding_2.severity, "Low") + self.assertEqual(finding_2.description, "Description Text 2") + self.assertEqual(finding_2.mitigation, "Remediation Text 2") + self.assertEqual(finding_2.active, False) + self.assertEqual(finding_2.tags, []) + self.assertEqual(finding_2.unique_id_from_tool, 21583) + self.assertEqual(1, len(finding_2.unsaved_endpoints)) + self.assertEqual(finding_2.unsaved_endpoints[0].host, "example.test.com") + self.assertEqual(finding_2.unsaved_endpoints[0].protocol, None) diff --git a/unittests/tools/test_sonarqube_importer.py b/unittests/tools/test_api_sonarqube_importer.py similarity index 64% rename from unittests/tools/test_sonarqube_importer.py rename to unittests/tools/test_api_sonarqube_importer.py index a6c93b0351e..ed646772707 100644 --- a/unittests/tools/test_sonarqube_importer.py +++ b/unittests/tools/test_api_sonarqube_importer.py @@ -1,55 +1,62 @@ import json from unittest import mock +from django.core.exceptions import ValidationError -from dojo.tools.sonarqube_api.importer import SonarQubeApiImporter +from dojo.tools.api_sonarqube.importer import SonarQubeApiImporter from ..dojo_test_case import DojoTestCase, get_unit_tests_path from dojo.models import Test, Engagement, Product, Product_API_Scan_Configuration def dummy_product(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/product.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/product.json') as json_file: data = json.load(json_file) return data def dummy_issues(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/issues.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/issues.json') as json_file: data = json.load(json_file) return data def dummy_rule(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/rule.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/rule.json') as json_file: data = json.load(json_file) return data def dummy_rule_wo_html_desc(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/rule_wo_html_desc.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/rule_wo_html_desc.json') as json_file: data = json.load(json_file) return data def dummy_no_hotspot(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/hotspots/no_vuln.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/no_vuln.json') as json_file: data = json.load(json_file) return data def dummy_one_hotspot(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/hotspots/one_vuln.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/one_vuln.json') as json_file: data = json.load(json_file) return data def dummy_many_hotspots(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/hotspots/many_vulns.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/many_vulns.json') as json_file: data = json.load(json_file) return data def dummy_hotspot_rule(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/hotspots/rule.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/rule.json') as json_file: + data = json.load(json_file) + return data + + +def dummy_hotspot_rule_wo_risk_description(self, *args, **kwargs): + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/rule_wo_risk_description.json') as json_file: data = json.load(json_file) return data @@ -71,7 +78,7 @@ def setUp(self): self.test = Test(engagement=engagement) def test_parser(self): - with self.assertRaisesRegex(Exception, 'No SonarQube tool is configured.'): + with self.assertRaisesRegex(ValidationError, r'There are no API Scan Configurations for this Product\.\\nPlease add at least one API Scan Configuration for SonarQube to this Product\. Product: "product" \(1\)'): SonarQubeApiImporter.prepare_client(self.test) @@ -88,15 +95,9 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): - parser = SonarQubeApiImporter() - findings = parser.get_findings(None, self.test) - self.assertEqual(2, len(findings)) + with self.assertRaisesRegex(ValidationError, r'There are no API Scan Configurations for this Product\.\\nPlease add at least one API Scan Configuration for SonarQube to this Product\. Product: "product" \(1\)'): + SonarQubeApiImporter.prepare_client(self.test) class TestSonarqubeImporterMultipleSQToolConfig(DojoTestCase): @@ -114,7 +115,7 @@ def setUp(self): self.test = Test(engagement=engagement) def test_parser(self): - with self.assertRaisesRegex(Exception, 'More than one Tool Configuration for SonarQube exists.'): + with self.assertRaisesRegex(ValidationError, r'There are no API Scan Configurations for this Product\.\\nPlease add at least one API Scan Configuration for SonarQube to this Product\. Product: "product" \(1\)'): SonarQubeApiImporter.prepare_client(self.test) @@ -133,11 +134,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -159,11 +160,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -187,7 +188,7 @@ def setUp(self): self.test = Test(engagement=engagement) def test_parser(self): - with self.assertRaisesRegex(Exception, 'More than one Product API Scan Configuration has been configured, but none of them has been chosen.'): + with self.assertRaisesRegex(ValidationError, r'More than one Product API Scan Configuration has been configured, but none of them has been chosen\. Please specify which one should be used\. Product: "product" \(1\)'): SonarQubeApiImporter.prepare_client(self.test) @@ -210,11 +211,11 @@ def setUp(self): api_scan_configuration=Product_API_Scan_Configuration.objects.all().first() ) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -246,18 +247,18 @@ def setUp(self): api_scan_configuration=Product_API_Scan_Configuration.objects.all().last() ) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) self.assertEqual(2, len(findings)) def test_product_mismatch(self): - with self.assertRaisesRegex(Exception, 'Product API Scan Configuration and Product do not match.'): + with self.assertRaisesRegex(ValidationError, r'Product API Scan Configuration and Product do not match\. Product: "other product" \(None\), config.product: "product" \(1\)'): SonarQubeApiImporter.prepare_client(self.other_test) @@ -281,11 +282,11 @@ def setUp(self): api_scan_configuration=Product_API_Scan_Configuration.objects.all().last() ) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule_wo_html_desc) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule_wo_html_desc) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -294,7 +295,7 @@ def test_parser(self): self.assertEqual('Remove this useless assignment to local variable "currentValue".', finding.title) self.assertEqual(None, finding.cwe) self.assertEqual('', finding.description) - self.assertEqual('', finding.references) + self.assertEqual('[Issue permalink](http://localhoproject/issues?issues=AWKWIl8pZpu0CyehMfc4&open=AWKWIl8pZpu0CyehMfc4&resolved=CONFIRMED&id=internal.dummy.project) \n', finding.references) self.assertEqual('Medium', finding.severity) self.assertEqual(242, finding.line) self.assertEqual('internal.dummy.project:src/main/javascript/TranslateDirective.ts', finding.file_path) @@ -305,6 +306,7 @@ class TestSonarqubeImporterTwoIssuesNoHotspots(DojoTestCase): fixtures = [ 'unit_sonarqube_toolType.json', 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', 'unit_sonarqube_product.json' ] @@ -313,11 +315,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -329,6 +331,7 @@ class TestSonarqubeImporterNoIssuesOneHotspot(DojoTestCase): fixtures = [ 'unit_sonarqube_toolType.json', 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', 'unit_sonarqube_product.json' ] @@ -337,11 +340,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', empty_list) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', dummy_one_hotspot) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', dummy_one_hotspot) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -353,6 +356,7 @@ class TestSonarqubeImporterNoIssuesTwoHotspots(DojoTestCase): fixtures = [ 'unit_sonarqube_toolType.json', 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', 'unit_sonarqube_product.json' ] @@ -361,11 +365,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', empty_list) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', dummy_many_hotspots) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', dummy_many_hotspots) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -377,6 +381,7 @@ class TestSonarqubeImporterTwoIssuesTwoHotspots(DojoTestCase): fixtures = [ 'unit_sonarqube_toolType.json', 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', 'unit_sonarqube_product.json' ] @@ -385,11 +390,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', dummy_many_hotspots) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', dummy_many_hotspots) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -401,6 +406,7 @@ class TestSonarqubeImporterValidateHotspotData(DojoTestCase): fixtures = [ 'unit_sonarqube_toolType.json', 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', 'unit_sonarqube_product.json' ] @@ -409,11 +415,11 @@ def setUp(self): engagement = Engagement(product=product) self.test = Test(engagement=engagement) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project', dummy_product) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule', dummy_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues', empty_list) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', dummy_one_hotspot) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', dummy_one_hotspot) def test_parser(self): parser = SonarQubeApiImporter() findings = parser.get_findings(None, self.test) @@ -432,8 +438,10 @@ def test_parser(self): '\n\n', findings[0].description ) - self.assertEqual(str(findings[0].severity), 'Info') + self.assertEqual(str(findings[0].severity), 'High') self.assertMultiLineEqual( + '[Hotspot permalink](http://localhosecurity_hotspots?id=internal.dummy.project&hotspots=AXgm6Z-ophPPY0C1qhRq) ' + '\n' '[CVE-2019-13466](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466)' '\n' '[CVE-2018-15389](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389)' @@ -462,3 +470,54 @@ def test_parser(self): self.assertEqual(findings[0].static_finding, True) self.assertEqual(findings[0].scanner_confidence, 1) self.assertEqual(str(findings[0].sonarqube_issue), 'AXgm6Z-ophPPY0C1qhRq') + + +class TestSonarqubeImporterHotspotRule_WO_Risk_Description(DojoTestCase): + # Testing case no 14. https://github.com/DefectDojo/django-DefectDojo/issues/6506 + fixtures = [ + 'unit_sonarqube_toolType.json', + 'unit_sonarqube_toolConfig1.json', + 'unit_sonarqube_sqcWithKey.json', + 'unit_sonarqube_product.json' + ] + + def setUp(self): + product = Product.objects.get(name='product') + engagement = Engagement(product=product) + self.test = Test(engagement=engagement) + + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project', dummy_product) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule', dummy_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues', empty_list) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule_wo_risk_description) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', dummy_one_hotspot) + def test_parser(self): + parser = SonarQubeApiImporter() + findings = parser.get_findings(None, self.test) + self.assertEqual(findings[0].title, '"password" detected here, make sure this is not a hard-coded credential.') + self.assertIsNone(findings[0].cwe) + self.assertMultiLineEqual( + '**Ask Yourself Whether**' + '\n\n ' + '* Credentials allows access to a sensitive component like a database, a file storage, an API or a service. ' + '\n ' + '* Credentials are used in production environments. ' + '\n ' + '* Application re-distribution is required before updating the credentials. ' + '\n\n' + 'There is a risk if you answered yes to any of those questions.' + '\n\n', + findings[0].description + ) + self.assertEqual(str(findings[0].severity), 'High') + self.assertEqual(findings[0].references, '[Hotspot permalink](http://localhosecurity_hotspots?id=internal.dummy.project&hotspots=AXgm6Z-ophPPY0C1qhRq) \n') + self.assertEqual(str(findings[0].file_path), 'internal.dummy.project:spec/support/user_fixture.rb') + self.assertEqual(findings[0].line, 9) + self.assertEqual(findings[0].active, True) + self.assertEqual(findings[0].verified, False) + self.assertEqual(findings[0].false_p, False) + self.assertEqual(findings[0].duplicate, False) + self.assertEqual(findings[0].out_of_scope, False) + self.assertEqual(findings[0].static_finding, True) + self.assertEqual(findings[0].scanner_confidence, 1) + self.assertEqual(str(findings[0].sonarqube_issue), 'AXgm6Z-ophPPY0C1qhRq') diff --git a/unittests/tools/test_sonarqube_api_parser.py b/unittests/tools/test_api_sonarqube_parser.py similarity index 56% rename from unittests/tools/test_sonarqube_api_parser.py rename to unittests/tools/test_api_sonarqube_parser.py index 7524c5595ab..15d936facd9 100644 --- a/unittests/tools/test_sonarqube_api_parser.py +++ b/unittests/tools/test_api_sonarqube_parser.py @@ -1,31 +1,31 @@ import json from unittest import mock -from dojo.tools.sonarqube_api.parser import SonarQubeAPIParser +from dojo.tools.api_sonarqube.parser import ApiSonarQubeParser from ..dojo_test_case import DojoTestCase -from dojo.models import Tool_Type, Tool_Configuration, Product_Type, Product, Engagement, Test +from dojo.models import Tool_Type, Tool_Configuration, Product_Type, Product, Engagement, Test, Product_API_Scan_Configuration def dummy_product(self, *args, **kwargs): - with open("unittests/scans/sonarqube_api/product.json") as json_file: + with open("unittests/scans/api_sonarqube/product.json") as json_file: data = json.load(json_file) return data def dummy_issues(self, *args, **kwargs): - with open("unittests/scans/sonarqube_api/issues.json") as json_file: + with open("unittests/scans/api_sonarqube/issues.json") as json_file: data = json.load(json_file) return data def dummy_rule(self, *args, **kwargs): - with open("unittests/scans/sonarqube_api/rule.json") as json_file: + with open("unittests/scans/api_sonarqube/rule.json") as json_file: data = json.load(json_file) return data def dummy_hotspot_rule(self, *args, **kwargs): - with open(get_unit_tests_path() + '/scans/sonarqube_api/hotspots/rule.json') as json_file: + with open(get_unit_tests_path() + '/scans/api_sonarqube/hotspots/rule.json') as json_file: data = json.load(json_file) return data @@ -34,24 +34,27 @@ def empty_list(self, *args, **kwargs): return list() -class TestSonarqubeApiParser(DojoTestCase): +class TestApiSonarQubeParser(DojoTestCase): def setUp(self): product_type, _ = Product_Type.objects.get_or_create(name="Fake unit tests") product, _ = Product.objects.get_or_create(name="product", prod_type=product_type) engagement = Engagement(product=product) - self.test = Test(engagement=engagement) # build Sonarqube conf (the parser need it) tool_type, _ = Tool_Type.objects.get_or_create(name="SonarQube") tool_conf, _ = Tool_Configuration.objects.get_or_create( - name="SQ1_unittests", authentication_type="API", tool_type=tool_type + name="SQ1_unittests", authentication_type="API", tool_type=tool_type, url='http://dummy.url.foo.bar/api' ) + pasc, _ = Product_API_Scan_Configuration.objects.get_or_create( + product=product, tool_configuration=tool_conf, service_key_1='ABCD' + ) + self.test = Test(engagement=engagement, api_scan_configuration=pasc) - @mock.patch("dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_project", dummy_product) - @mock.patch("dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_rule", dummy_rule) - @mock.patch("dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_issues", dummy_issues) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) - @mock.patch('dojo.tools.sonarqube_api.api_client.SonarQubeAPI.find_hotspots', empty_list) + @mock.patch("dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_project", dummy_product) + @mock.patch("dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_rule", dummy_rule) + @mock.patch("dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_issues", dummy_issues) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.get_hotspot_rule', dummy_hotspot_rule) + @mock.patch('dojo.tools.api_sonarqube.api_client.SonarQubeAPI.find_hotspots', empty_list) def test_get_findings(self): - parser = SonarQubeAPIParser() + parser = ApiSonarQubeParser() findings = parser.get_findings(None, self.test) self.assertEqual(2, len(findings)) diff --git a/unittests/tools/test_api_vulners_parser.py b/unittests/tools/test_api_vulners_parser.py new file mode 100644 index 00000000000..0f58c604f4a --- /dev/null +++ b/unittests/tools/test_api_vulners_parser.py @@ -0,0 +1,49 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.api_vulners.parser import ApiVulnersParser +from dojo.models import Test + + +class TestApiVulnersParser(DojoTestCase): + + def test_parse_many_findings(self): + testfile = open("unittests/scans/api_vulners/report_many_vulns.json") + parser = ApiVulnersParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) + finding = findings[2] + self.assertEqual("High", finding.severity) + self.assertEqual("223.234.234.123", finding.unsaved_endpoints[0].host) + self.assertEqual("VNS/CESA-2021:0348", finding.vuln_id_from_tool) + self.assertEqual("**CentOS Errata and Security Advisory** CESA-2021:0348", finding.description) + self.assertEqual(4, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/api_vulners/report_one_vuln.json") + parser = ApiVulnersParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual("12.34.56.78", finding.unsaved_endpoints[0].host) + self.assertEqual("VNS/RHSA-2018:2285", finding.vuln_id_from_tool) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + + def test_parse_no_finding(self): + testfile = open("unittests/scans/api_vulners/report_no_vulns.json") + parser = ApiVulnersParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_no_description(self): + testfile = open("unittests/scans/api_vulners/report_no_description.json") + parser = ApiVulnersParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual("12.34.56.78", finding.unsaved_endpoints[0].host) + self.assertEqual("VNS/RHSA-2018:2285", finding.vuln_id_from_tool) + self.assertEqual(finding.title, finding.description) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) diff --git a/unittests/tools/test_aqua_parser.py b/unittests/tools/test_aqua_parser.py index 383e8193212..ad2ea817813 100644 --- a/unittests/tools/test_aqua_parser.py +++ b/unittests/tools/test_aqua_parser.py @@ -17,6 +17,17 @@ def test_aqua_parser_has_one_finding(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual('CVE-2019-14697 - musl (1.1.20-r4) ', finding.title) + self.assertEqual('High', finding.severity) + self.assertEqual('CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', finding.cvssv3) + self.assertEqual('musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application\'s source code.', finding.description) + self.assertEqual('1.1.20-r5', finding.mitigation) + self.assertEqual('\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14697', finding.references) + self.assertEqual('musl', finding.component_name) + self.assertEqual('1.1.20-r4', finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual('CVE-2019-14697', finding.unsaved_vulnerability_ids[0]) def test_aqua_parser_has_many_findings(self): testfile = open("unittests/scans/aqua/many_vulns.json") @@ -30,6 +41,13 @@ def test_aqua_parser_v2_has_one_finding(self): parser = AquaParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual('CVE-2019-15601: curl', finding.title) + self.assertEqual('Medium', finding.severity) + self.assertEqual('CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue).', finding.description) + self.assertEqual('Upgrade to curl 7.68.0', finding.mitigation) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual('CVE-2019-15601', finding.unsaved_vulnerability_ids[0]) def test_aqua_parser_v2_has_many_findings(self): with open("unittests/scans/aqua/many_v2.json") as testfile: diff --git a/unittests/tools/test_arachni_parser.py b/unittests/tools/test_arachni_parser.py index f9eb448ad95..ea647fff380 100644 --- a/unittests/tools/test_arachni_parser.py +++ b/unittests/tools/test_arachni_parser.py @@ -4,7 +4,7 @@ from dojo.models import Test -class TestAquaParser(DojoTestCase): +class TestArachniParser(DojoTestCase): def test_parser_has_one_finding(self): with open("unittests/scans/arachni/arachni.afr.json") as testfile: diff --git a/unittests/tools/test_asff_parser.py b/unittests/tools/test_asff_parser.py new file mode 100644 index 00000000000..9426cd3fb61 --- /dev/null +++ b/unittests/tools/test_asff_parser.py @@ -0,0 +1,61 @@ +import os.path +import json +from datetime import datetime +from dojo.models import Test, Endpoint +from dojo.tools.asff.parser import AsffParser +from ..dojo_test_case import DojoTestCase, get_unit_tests_path + + +def sample_path(file_name): + return os.path.join(get_unit_tests_path(), "scans/asff", file_name) + + +class TestAsffParser(DojoTestCase): + def load_sample_json(self, file_name): + with open(sample_path(file_name), "r") as file: + return json.load(file) + + def common_check_finding(self, finding, data, index, guarddutydate=False): + self.assertEqual(finding.title, data[index]["Title"]) + self.assertEqual(finding.description, data[index]["Description"]) + if guarddutydate: + self.assertEqual(finding.date.date(), + datetime.strptime(data[0]["CreatedAt"], "%Y-%m-%dT%H:%M:%S.%fZ").date()) + else: + self.assertEqual(finding.date.date(), + datetime.strptime(data[0]["CreatedAt"], "%Y-%m-%dT%H:%M:%SZ").date()) + self.assertEqual(finding.severity.lower(), data[index]["Severity"]["Label"].lower()) + self.assertTrue(finding.active) + expected_ipv4s = data[0]["Resources"][0]["Details"]["AwsEc2Instance"][ + "IpV4Addresses" + ] + for endpoint in finding.unsaved_endpoints: + self.assertTrue(endpoint, expected_ipv4s) + endpoint.clean() + + def test_asff_one_vuln(self): + data = self.load_sample_json("one_vuln.json") + with open(sample_path("one_vuln.json"), "r") as file: + parser = AsffParser() + findings = parser.get_findings(file, Test()) + self.assertEqual(1, len(findings)) + self.common_check_finding(findings[0], data, 0) + + def test_asff_many_vulns(self): + data = self.load_sample_json("many_vulns.json") + with open(sample_path("many_vulns.json"), "r") as file: + parser = AsffParser() + findings = parser.get_findings(file, Test()) + self.assertEqual(len(findings), 5) + for index, finding in enumerate(findings): + self.common_check_finding(finding, data, index) + + def test_asff_guardduty(self): + data = self.load_sample_json("guardduty/Unusual Behaviors-User-Persistence IAMUser-NetworkPermissions.json") + with open(sample_path("guardduty/Unusual Behaviors-User-Persistence IAMUser-NetworkPermissions.json"), "r") as file: + parser = AsffParser() + findings = parser.get_findings(file, Test()) + self.assertEqual(len(findings), 1) + for index, finding in enumerate(findings): + self.common_check_finding(finding, data, index, guarddutydate=True) + self.assertEqual(finding.unsaved_endpoints[0], Endpoint(host="10.0.0.1")) diff --git a/unittests/tools/test_auditjs_parser.py b/unittests/tools/test_auditjs_parser.py index 0d03bc39ceb..8d012aec61b 100644 --- a/unittests/tools/test_auditjs_parser.py +++ b/unittests/tools/test_auditjs_parser.py @@ -53,7 +53,8 @@ def test_auditjs_parser_with_many_vuln_has_many_findings(self): findings[0].description) self.assertEqual("[CVE-2018-3717] connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vuln...", findings[0].title) - self.assertEqual("CVE-2018-3717", findings[0].cve) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-3717", findings[0].unsaved_vulnerability_ids[0]) self.assertEqual("https://ossindex.sonatype.org/vulnerability/7df31426-09a2-4b5f-a0ab-acc699023c57?component-type=npm&component-name=connect&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25", findings[0].references) self.assertEqual(400, findings[4].cwe) @@ -64,6 +65,15 @@ def test_auditjs_parser_empty_with_error(self): parser = AuditJSParser() parser.get_findings(testfile, Test()) testfile.close() - self.assertTrue( - "Invalid JSON format. Are you sure you used --json option ?" in str(context.exception) - ) + self.assertTrue( + "Invalid JSON format. Are you sure you used --json option ?" in str(context.exception) + ) + + def test_auditjs_parser_with_package_name_has_namespace(self): + testfile = open("unittests/scans/auditjs/auditjs_with_package_namespace.json") + parser = AuditJSParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(1, len(findings)) + self.assertEqual("%40next/env", findings[0].component_name) diff --git a/unittests/tools/test_aws_prowler_v3_parser.py b/unittests/tools/test_aws_prowler_v3_parser.py new file mode 100644 index 00000000000..9d155367c9f --- /dev/null +++ b/unittests/tools/test_aws_prowler_v3_parser.py @@ -0,0 +1,39 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.aws_prowler_v3.parser import AWSProwlerV3Parser +from dojo.models import Test + + +class TestAwsProwlerV3Parser(DojoTestCase): + def setup(self, testfile): + parser = AWSProwlerV3Parser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + return findings + + def test_aws_prowler_parser_with_no_vuln_has_no_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v3/no_vuln.json")) + self.assertEqual(0, len(findings)) + + def test_aws_prowler_parser_with_critical_vuln_has_one_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v3/one_vuln.json")) + self.assertEqual(1, len(findings)) + self.assertEqual("prowler-aws-acm_certificates_expiration_check-999999999999-us-east-1-api.sandbox.partner.teste.com", findings[0].unique_id_from_tool) + self.assertIn('Check if ACM Certificates are about to expire in specific days or less', findings[0].description) + self.assertEqual("arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000", findings[0].component_name) + self.assertIn('https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html', findings[0].references) + + def test_aws_prowler_parser_with_many_vuln_has_many_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v3/many_vuln.json")) + self.assertEqual(3, len(findings)) + with self.subTest(i=0): + self.assertEqual("prowler-aws-acm_certificates_expiration_check-999999999999-us-east-1-api.teste.teste.com", findings[0].unique_id_from_tool) + self.assertIn('Check if ACM Certificates are about to expire in specific days or less', findings[0].description) + with self.subTest(i=1): + self.assertEqual("prowler-aws-accessanalyzer_enabled-999999999999-us-east-1-999999999999", findings[1].unique_id_from_tool) + self.assertIn('Check if IAM Access Analyzer is enabled', findings[1].description) + with self.subTest(i=3): + self.assertEqual("prowler-aws-account_maintain_current_contact_details-999999999999-us-east-1-999999999999", findings[2].unique_id_from_tool) + self.assertIn('Maintain current contact details.', findings[2].description) diff --git a/unittests/tools/test_awssecurityhub_parser.py b/unittests/tools/test_awssecurityhub_parser.py index 266deef9f8a..6dd78605fd5 100644 --- a/unittests/tools/test_awssecurityhub_parser.py +++ b/unittests/tools/test_awssecurityhub_parser.py @@ -5,33 +5,99 @@ from dojo.models import Test -def sample_path(file_name): +def sample_path(file_name: str): return os.path.join("/scans/awssecurityhub", file_name) class TestAwsSecurityHubParser(DojoTestCase): def test_one_finding(self): - with open(get_unit_tests_path() + sample_path("one_finding.json")) as test_file: + with open(get_unit_tests_path() + sample_path("config_one_finding.json")) as test_file: parser = AwsSecurityHubParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Informational", finding.severity) + self.assertTrue(finding.is_mitigated) + self.assertFalse(finding.active) + self.assertEqual("https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation", finding.references) + + def test_one_finding_active(self): + with open(get_unit_tests_path() + sample_path("config_one_finding_active.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertFalse(finding.is_mitigated) + self.assertTrue(finding.active) def test_many_findings(self): - with open(get_unit_tests_path() + sample_path("many_findings.json")) as test_file: + with open(get_unit_tests_path() + sample_path("config_many_findings.json")) as test_file: parser = AwsSecurityHubParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(3, len(findings)) + finding = findings[0] + self.assertEqual(finding.component_name, "AwsAccount") def test_repeated_findings(self): - with open(get_unit_tests_path() + sample_path("repeated_findings.json")) as test_file: + with open(get_unit_tests_path() + sample_path("config_repeated_findings.json")) as test_file: parser = AwsSecurityHubParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(1, len(findings)) def test_unique_id(self): - with open(get_unit_tests_path() + sample_path("one_finding.json")) as test_file: + with open(get_unit_tests_path() + sample_path("config_one_finding.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual( + "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1", + findings[0].unique_id_from_tool + ) + + def test_inspector_ec2(self): + with open(get_unit_tests_path() + sample_path("inspector_ec2_cve.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(5, len(findings)) + finding = findings[0] + self.assertEqual("CVE-2022-3643 - kernel - Resource: i-11111111111111111", finding.title) + self.assertEqual("Resource: i-11111111111111111", finding.impact) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-3643", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("- Update kernel-4.14.301\n\t- yum update kernel\n", finding.mitigation) + + def test_inspector_ec2_with_no_vulnerabilities(self): + with open(get_unit_tests_path() + sample_path("inspector_ec2_cve_no_vulnerabilities.json")) as test_file: parser = AwsSecurityHubParser() findings = parser.get_findings(test_file, Test()) - self.assertEqual("arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1", - findings[0].unique_id_from_tool) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual(finding.component_name, "AwsEc2Instance") + + def test_inspector_ec2_ghsa(self): + with open(get_unit_tests_path() + sample_path("inspector_ec2_ghsa.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertFalse(finding.is_mitigated) + self.assertTrue(finding.active) + self.assertIn("GHSA-p98r-538v-jgw5", finding.title) + self.assertSetEqual({"CVE-2023-34256", "GHSA-p98r-538v-jgw5"}, set(finding.unsaved_vulnerability_ids)) + self.assertEqual("https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-p98r-538v-jgw5", finding.references) + + def test_inspector_ecr(self): + with open(get_unit_tests_path() + sample_path("inspector_ecr.json")) as test_file: + parser = AwsSecurityHubParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(7, len(findings)) + + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertFalse(finding.is_mitigated) + self.assertTrue(finding.active) + self.assertEqual("CVE-2023-2650 - openssl - Image: repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", finding.title) + self.assertIn("repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", finding.impact) + self.assertIn("Repository: repo-os", finding.impact) diff --git a/unittests/tools/test_blackduck_binary_analysis_parser.py b/unittests/tools/test_blackduck_binary_analysis_parser.py new file mode 100644 index 00000000000..cb4af869ac2 --- /dev/null +++ b/unittests/tools/test_blackduck_binary_analysis_parser.py @@ -0,0 +1,60 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.blackduck_binary_analysis.parser import BlackduckBinaryAnalysisParser +from dojo.models import Test +from pathlib import Path + + +class TestBlackduckBinaryAnalysisParser(DojoTestCase): + def test_parse_no_vulns(self): + testfile = Path(get_unit_tests_path() + "/scans/blackduck_binary_analysis/no_vuln.csv") + parser = BlackduckBinaryAnalysisParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_one_vuln(self): + testfile = Path(get_unit_tests_path() + "/scans/blackduck_binary_analysis/one_vuln.csv") + parser = BlackduckBinaryAnalysisParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + self.assertIsNotNone(finding.title) + self.assertEqual( + "instrument.dll: zlib 1.2.13 Vulnerable to CVE-2023-45853", + finding.title + ) + + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.severity) + self.assertEqual("Critical", finding.severity) + + self.assertIsNotNone(finding.component_name) + self.assertEqual("zlib", finding.component_name) + + self.assertIsNotNone(finding.component_version) + self.assertEqual("1.2.13", finding.component_version) + + self.assertIsNotNone(finding.file_path) + self.assertEqual( + "JRE.msi:JRE.msi-30276-90876123.cab:instrument.dll", + finding.file_path + ) + + self.assertIsNotNone(finding.vuln_id_from_tool) + self.assertEqual("CVE-2023-45853", finding.vuln_id_from_tool) + + self.assertIsNotNone(finding.unique_id_from_tool) + + def test_parse_many_vulns(self): + testfile = Path(get_unit_tests_path() + "/scans/blackduck_binary_analysis/many_vulns.csv") + parser = BlackduckBinaryAnalysisParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(5, len(findings)) + for finding in findings: + self.assertIsNotNone(finding.title) + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.severity) + self.assertIsNotNone(finding.component_name) + self.assertIsNotNone(finding.component_version) + self.assertIsNotNone(finding.file_path) + self.assertIsNotNone(finding.vuln_id_from_tool) + self.assertIsNotNone(finding.unique_id_from_tool) diff --git a/unittests/tools/test_blackduck_parser.py b/unittests/tools/test_blackduck_parser.py index bf138f7fa69..522b6f0bfd1 100644 --- a/unittests/tools/test_blackduck_parser.py +++ b/unittests/tools/test_blackduck_parser.py @@ -22,12 +22,24 @@ def test_blackduck_csv_parser_has_many_findings(self): parser = BlackduckParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(24, len(findings)) + findings = list(findings) + self.assertEqual(1, len(findings[10].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2007-3386", findings[10].unsaved_vulnerability_ids[0]) + self.assertEqual(findings[4].component_name, "Apache Tomcat") + self.assertEqual(findings[2].component_name, "Apache HttpComponents Client") + self.assertEqual(findings[4].component_version, "5.5.23") + self.assertEqual(findings[2].component_version, "4.5.2") def test_blackduck_csv_parser_new_format_has_many_findings(self): testfile = Path(get_unit_tests_path() + "/scans/blackduck/many_vulns_new_format.csv") parser = BlackduckParser() findings = parser.get_findings(testfile, Test()) + findings = list(findings) self.assertEqual(9, len(findings)) + self.assertEqual(findings[0].component_name, "kryo") + self.assertEqual(findings[2].component_name, "jackson-databind") + self.assertEqual(findings[0].component_version, "3.0.3") + self.assertEqual(findings[2].component_version, "2.9.9.3") def test_blackduck_enhanced_has_many_findings(self): testfile = Path( diff --git a/unittests/tools/test_bugcrowd_parser.py b/unittests/tools/test_bugcrowd_parser.py index bcb4cdbaed2..16bd45b76c6 100644 --- a/unittests/tools/test_bugcrowd_parser.py +++ b/unittests/tools/test_bugcrowd_parser.py @@ -1,6 +1,7 @@ from ..dojo_test_case import DojoTestCase from dojo.tools.bugcrowd.parser import BugCrowdParser from dojo.models import Test +from datetime import datetime, timezone class TestBugCrowdParser(DojoTestCase): @@ -22,6 +23,7 @@ def test_parse_file_with_one_vuln_has_one_findings(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].date, datetime(2020, 3, 1, 6, 15, 6, tzinfo=timezone.utc)) def test_parse_file_with_multiple_vuln_has_multiple_finding(self): testfile = open("unittests/scans/bugcrowd/BugCrowd-many.csv") diff --git a/unittests/tools/test_bundler_audit_parser.py b/unittests/tools/test_bundler_audit_parser.py index 8d7f915c4c3..b22a052e380 100644 --- a/unittests/tools/test_bundler_audit_parser.py +++ b/unittests/tools/test_bundler_audit_parser.py @@ -12,18 +12,20 @@ def test_get_findings(self): self.assertEqual(2, len(findings)) with self.subTest(i=0): finding = findings[0] - self.assertEquals("Gem rack: Possible XSS vulnerability in Rack [CVE-2018-16471]", finding.title) - self.assertEquals("Medium", finding.severity) - self.assertEquals("CVE-2018-16471", finding.cve) - self.assertEquals("rack", finding.component_name) - self.assertEquals("1.4.7", finding.component_version) + self.assertEqual("Gem rack: Possible XSS vulnerability in Rack [CVE-2018-16471]", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-16471", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("rack", finding.component_name) + self.assertEqual("1.4.7", finding.component_version) with self.subTest(i=1): finding = findings[1] - self.assertEquals("Gem sprockets: Path Traversal in Sprockets [CVE-2018-3760]", finding.title) - self.assertEquals("Medium", finding.severity) - self.assertEquals("CVE-2018-3760", finding.cve) - self.assertEquals("sprockets", finding.component_name) - self.assertEquals("2.2.3", finding.component_version) + self.assertEqual("Gem sprockets: Path Traversal in Sprockets [CVE-2018-3760]", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-3760", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("sprockets", finding.component_name) + self.assertEqual("2.2.3", finding.component_version) def test_get_findings_version9(self): with open(path.join(path.dirname(__file__), "../scans/bundler_audit/version_9.0.txt")) as testfile: @@ -32,22 +34,25 @@ def test_get_findings_version9(self): self.assertEqual(3, len(findings)) with self.subTest(i=0): finding = findings[0] - self.assertEquals("Gem rack: Directory traversal in Rack::Directory app bundled with Rack [CVE-2020-8161]", finding.title) - self.assertEquals("Medium", finding.severity) - self.assertEquals("CVE-2020-8161", finding.cve) - self.assertEquals("rack", finding.component_name) - self.assertEquals("1.6.13", finding.component_version) + self.assertEqual("Gem rack: Directory traversal in Rack::Directory app bundled with Rack [CVE-2020-8161]", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-8161", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("rack", finding.component_name) + self.assertEqual("1.6.13", finding.component_version) with self.subTest(i=1): finding = findings[1] - self.assertEquals("Gem rack: Percent-encoded cookies can be used to overwrite existing prefixed cookie names [CVE-2020-8184]", finding.title) - self.assertEquals("Medium", finding.severity) - self.assertEquals("CVE-2020-8184", finding.cve) - self.assertEquals("rack", finding.component_name) - self.assertEquals("1.6.13", finding.component_version) + self.assertEqual("Gem rack: Percent-encoded cookies can be used to overwrite existing prefixed cookie names [CVE-2020-8184]", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-8184", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("rack", finding.component_name) + self.assertEqual("1.6.13", finding.component_version) with self.subTest(i=2): finding = findings[2] - self.assertEquals("Gem sprockets: Path Traversal in Sprockets [CVE-2018-3760]", finding.title) - self.assertEquals("Medium", finding.severity) - self.assertEquals("CVE-2018-3760", finding.cve) - self.assertEquals("sprockets", finding.component_name) - self.assertEquals("2.2.3", finding.component_version) + self.assertEqual("Gem sprockets: Path Traversal in Sprockets [CVE-2018-3760]", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-3760", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("sprockets", finding.component_name) + self.assertEqual("2.2.3", finding.component_version) diff --git a/unittests/tools/test_burp_api_parser.py b/unittests/tools/test_burp_api_parser.py index 9f9232e219d..7006de7b7f5 100644 --- a/unittests/tools/test_burp_api_parser.py +++ b/unittests/tools/test_burp_api_parser.py @@ -49,7 +49,6 @@ def test_convert_severity(self): self.assertEqual("Info", convert_severity({})) def test_convert_confidence(self): - confidence = None with self.subTest(confidence="certain"): self.assertGreater(3, convert_confidence({"confidence": "certain"})) with self.subTest(confidence="firm"): @@ -61,3 +60,14 @@ def test_convert_confidence(self): self.assertIsNone(convert_confidence({"confidence": "undefined"})) with self.subTest(confidence=None): self.assertIsNone(convert_confidence({})) + + def test_fix_issue_9128(self): + testfile = get_unit_tests_path() + "/scans/burp_api/fix_issue_9128.json" + with open(testfile) as f: + parser = BurpApiParser() + findings = parser.get_findings(f, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + for item in findings: + self.assertIsNotNone(item.impact) diff --git a/unittests/tools/test_burp_enterprise_parser.py b/unittests/tools/test_burp_enterprise_parser.py new file mode 100644 index 00000000000..c180ca5ce2a --- /dev/null +++ b/unittests/tools/test_burp_enterprise_parser.py @@ -0,0 +1,41 @@ +from os import path + +from ..dojo_test_case import DojoTestCase +from dojo.models import Test +from dojo.tools.burp_enterprise.parser import BurpEnterpriseParser + + +class TestBurpEnterpriseParser(DojoTestCase): + + def test_burp_enterprise_with_multiple_vulns(self): + with open(path.join(path.dirname(__file__), "../scans/burp_enterprise/many_vulns.html")) as test_file: + parser = BurpEnterpriseParser() + findings = parser.get_findings(test_file, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(12, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("High", finding.severity) + self.assertTrue(finding.dynamic_finding) + self.assertEqual(942, finding.cwe) + self.assertEqual("Cross-origin resource sharing: arbitrary origin trusted", finding.title) + description = """**Issue detail:** +The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.The application allowed access from the requested origin https://llqvfwgbsdau.com + +""" + self.assertEqual(description, finding.description) + self.assertIn("An HTML5 cross-origin resource sharing (CORS) policy controls", finding.impact) + self.assertIn("(Web Security Academy: Cross-origin resource sharing (CORS))[https://portswigger.net/web-security/cors]", finding.references) + self.assertEqual(1, len(finding.unsaved_endpoints)) + self.assertEqual("example.com", finding.unsaved_endpoints[0].host) + + with self.subTest(i=5): + finding = findings[5] + self.assertEqual("Info", finding.severity) + self.assertTrue(finding.dynamic_finding) + self.assertIsNone(finding.cwe) + self.assertEqual("WAF Detected: redacted", finding.title) + self.assertIn("WAF tech. details : Cloud-based CDN, WAF & DDoS prevention", finding.description) diff --git a/unittests/tools/test_burp_graphql_parser.py b/unittests/tools/test_burp_graphql_parser.py index 671510c7b74..7c5dbb53072 100644 --- a/unittests/tools/test_burp_graphql_parser.py +++ b/unittests/tools/test_burp_graphql_parser.py @@ -22,7 +22,7 @@ def test_burp_one_finding(self): self.assertIn("remediation 1", findings[0].mitigation) self.assertIn("issue description 1", findings[0].impact) self.assertIn("issue remediation 1", findings[0].mitigation) - self.assertEquals('High', findings[0].severity) + self.assertEqual('High', findings[0].severity) self.assertEqual(1, len(findings[0].unsaved_endpoints)) self.assertEqual('www.test.com', findings[0].unsaved_endpoints[0].host) self.assertEqual('path', findings[0].unsaved_endpoints[0].path) @@ -60,7 +60,13 @@ def test_burp_null_title(self): with self.assertRaises(ValueError): parser = BurpGraphQLParser() - findings = parser.get_findings(test_file, Test()) + parser.get_findings(test_file, Test()) + + def test_burp_null_request_segments(self): + with open(path.join(path.dirname(__file__), "../scans/burp_graphql/null_request_segments.json")) as test_file: + parser = BurpGraphQLParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(1, len(findings)) def test_burp_null_data(self): with open(path.join(path.dirname(__file__), "../scans/burp_graphql/null_data.json")) as test_file: diff --git a/unittests/tools/test_cargo_audit_parser.py b/unittests/tools/test_cargo_audit_parser.py index f1928607347..b180dc82ca7 100644 --- a/unittests/tools/test_cargo_audit_parser.py +++ b/unittests/tools/test_cargo_audit_parser.py @@ -21,7 +21,6 @@ def test_parse_many_findings(self): finding = findings[0] self.assertEqual("[arc-swap 0.4.7] Dangling reference in `access::Map` with Constant", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2020-35711", finding.cve) self.assertIsNotNone(finding.description) self.assertEqual(["dangling reference"], finding.tags) self.assertEqual("arc-swap", finding.component_name) @@ -29,12 +28,14 @@ def test_parse_many_findings(self): self.assertEqual("RUSTSEC-2020-0091", finding.vuln_id_from_tool) self.assertEqual("2020-12-10", finding.publish_date) self.assertEqual(1, finding.nb_occurences) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("RUSTSEC-2020-0091", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2020-35711", finding.unsaved_vulnerability_ids[1]) with self.subTest(i=1): finding = findings[1] self.assertEqual("[hyper 0.13.9] Multiple Transfer-Encoding headers misinterprets request payload", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2021-21299", finding.cve) self.assertIsNotNone(finding.description) self.assertEqual(["http", "request-smuggling"], finding.tags) self.assertEqual("hyper", finding.component_name) @@ -42,12 +43,14 @@ def test_parse_many_findings(self): self.assertEqual("RUSTSEC-2021-0020", finding.vuln_id_from_tool) self.assertEqual("2021-02-05", finding.publish_date) self.assertEqual(1, finding.nb_occurences) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("RUSTSEC-2021-0020", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2021-21299", finding.unsaved_vulnerability_ids[1]) with self.subTest(i=2): finding = findings[2] self.assertEqual("[smallvec 0.6.13] Buffer overflow in SmallVec::insert_many", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2021-25900", finding.cve) self.assertIsNotNone(finding.description) self.assertEqual(["buffer-overflow", "heap-overflow", "unsound"], finding.tags) self.assertEqual("smallvec", finding.component_name) @@ -55,12 +58,14 @@ def test_parse_many_findings(self): self.assertEqual("RUSTSEC-2021-0003", finding.vuln_id_from_tool) self.assertEqual("2021-01-08", finding.publish_date) self.assertEqual(1, finding.nb_occurences) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("RUSTSEC-2021-0003", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2021-25900", finding.unsaved_vulnerability_ids[1]) with self.subTest(i=3): finding = findings[3] self.assertEqual("[smallvec 1.5.0] Buffer overflow in SmallVec::insert_many", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2021-25900", finding.cve) self.assertIsNotNone(finding.description) self.assertEqual(["buffer-overflow", "heap-overflow", "unsound"], finding.tags) self.assertEqual("smallvec", finding.component_name) @@ -68,3 +73,6 @@ def test_parse_many_findings(self): self.assertEqual("RUSTSEC-2021-0003", finding.vuln_id_from_tool) self.assertEqual("2021-01-08", finding.publish_date) self.assertEqual(1, finding.nb_occurences) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("RUSTSEC-2021-0003", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2021-25900", finding.unsaved_vulnerability_ids[1]) diff --git a/unittests/tools/test_ccvs_parser.py b/unittests/tools/test_ccvs_parser.py deleted file mode 100644 index 34fb8b66475..00000000000 --- a/unittests/tools/test_ccvs_parser.py +++ /dev/null @@ -1,25 +0,0 @@ -from ..dojo_test_case import DojoTestCase -from dojo.tools.ccvs.parser import CCVSParser -from dojo.models import Test - - -class TestCCVSParser(DojoTestCase): - def test_ccvs_parser_has_no_finding(self): - testfile = open("unittests/scans/ccvs/no_vuln.json") - parser = CCVSParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(0, len(findings)) - - def test_ccvs_parser_has_one_finding(self): - testfile = open("unittests/scans/ccvs/one_vuln_one_vendor.json") - parser = CCVSParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() - self.assertEqual(1, len(findings)) - - def test_ccvs_parser_has_many_findings(self): - testfile = open("unittests/scans/ccvs/many_vulns.json") - parser = CCVSParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() - self.assertEqual(18, len(findings)) diff --git a/unittests/tools/test_checkmarx_osa_parser.py b/unittests/tools/test_checkmarx_osa_parser.py index b40cd6ee118..2b5b0ead33a 100644 --- a/unittests/tools/test_checkmarx_osa_parser.py +++ b/unittests/tools/test_checkmarx_osa_parser.py @@ -56,8 +56,6 @@ def test_checkmarx_osa_parse_file_with_single_vulnerability_has_single_finding( self.assertEqual("com.fasterxml.jackson.core:jackson-databind 2.10.2 | CVE-2020-25649", item.title) self.assertEqual(int, type(item.cwe)) self.assertEqual(1035, item.cwe) - self.assertEqual(str, type(item.cve)) - self.assertEqual("CVE-2020-25649", item.cve) self.assertEqual(float, type(item.cvssv3_score)) self.assertEqual(7.5, item.cvssv3_score) self.assertEqual(datetime, type(item.publish_date)) @@ -86,6 +84,8 @@ def test_checkmarx_osa_parse_file_with_single_vulnerability_has_single_finding( self.assertEqual("A flaw was found in FasterXML Jackson Databind before 2.6.7.4, 2.7.0 through 2.9.10.6, and 2.10.0 through 2.10.5, where it did not have entity expansion secured properly. This flaw makes it vulnerable to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", item.description) self.assertEqual(int, type(item.scanner_confidence)) self.assertEqual(1, item.scanner_confidence) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-25649", item.unsaved_vulnerability_ids[0]) # ---------------------------------------------------------------------------- # single finding false positive @@ -188,6 +188,6 @@ def test_checkmarx_osa_parse_file_with_no_libraryId_raises_ValueError( parser = CheckmarxOsaParser() parser.get_findings(my_file_handle, test) self.teardown(my_file_handle) - self.assertTrue( - "Invalid format: missing mandatory field libraryId:" in str(context.exception) - ) + self.assertEqual( + "Invalid format: missing mandatory field libraryId", str(context.exception) + ) diff --git a/unittests/tools/test_checkmarx_parser.py b/unittests/tools/test_checkmarx_parser.py index e643038599f..c43e24fb572 100644 --- a/unittests/tools/test_checkmarx_parser.py +++ b/unittests/tools/test_checkmarx_parser.py @@ -1,9 +1,10 @@ -from ..dojo_test_case import DojoTestCase, get_unit_tests_path +import datetime from unittest.mock import patch -from dojo.models import Test, Engagement, Product +from dojo.models import Engagement, Product, Test from dojo.tools.checkmarx.parser import CheckmarxParser -import datetime + +from ..dojo_test_case import DojoTestCase, get_unit_tests_path class TestCheckmarxParser(DojoTestCase): @@ -329,7 +330,6 @@ def test_file_name_aggregated_parse_file_with_different_sourceFilename_same_sink self.teardown(my_file_handle) # aggregation is on sink filename so all vuln with different source filenames are aggregated self.assertEqual(1, len(findings)) - item = findings[0] # nb_occurences counts the number of aggregated vulnerabilities from tool self.assertEqual(2, findings[0].nb_occurences) mock.assert_called_with(product, 'Java', files=2) @@ -709,3 +709,117 @@ def test_file_with_empty_filename(self, mock): self.assertEqual(datetime.datetime(2021, 12, 24, 9, 12, 14), finding.date) self.assertEqual(bool, type(finding.static_finding)) self.assertEqual(True, finding.static_finding) + + @patch('dojo.tools.checkmarx.parser.add_language') + def test_file_with_many_aggregated_findings(self, mock): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/checkmarx/many_aggregated_findings.xml" + ) + parser = CheckmarxParser() + findings = parser.get_findings(my_file_handle, test) + self.teardown(my_file_handle) + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + # ScanStart + self.assertEqual("Insufficient Logging of Exceptions (filename3.cs)", finding.title) + self.assertEqual("Information", finding.severity) + self.assertEqual(185, finding.nb_occurences) + self.assertEqual("5273", finding.vuln_id_from_tool) + + @patch('dojo.tools.checkmarx.parser.add_language') + def test_file_with_many_findings_json(self, mock): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/checkmarx/multiple_findings.json" + ) + parser = CheckmarxParser() + findings = parser.get_findings(my_file_handle, Test()) + self.teardown(my_file_handle) + self.assertEqual(10, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("SQL Injection", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual(89, finding.cwe) + self.assertEqual("/diva-android-master/app/src/main/java/jakhar/aseem/diva/SQLInjectionActivity.java", finding.file_path) + self.assertEqual(70, finding.line) + self.assertEqual("/oiUUpBjigtUpTb1+haL9nypVaQ=", finding.unique_id_from_tool) + with self.subTest(i=5): + finding = findings[4] + self.assertEqual("CSRF", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(352, finding.cwe) + self.assertEqual("/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java", finding.file_path) + self.assertEqual(67, finding.line) + self.assertEqual("IJOkZAzX5emCOIeTESXgsNulW2w=", finding.unique_id_from_tool) + with self.subTest(i=9): + finding = findings[9] + self.assertEqual("Heap Inspection", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(244, finding.cwe) + self.assertEqual("/diva-android-master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage1Activity.java", finding.file_path) + self.assertEqual(54, finding.line) + self.assertEqual("udB1urKobWKTYYlRQbAAub1yRAc=", finding.unique_id_from_tool) + + @patch('dojo.tools.checkmarx.parser.add_language') + def test_file_issue6956(self, mock): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/checkmarx/sample_report.json" + ) + parser = CheckmarxParser() + findings = parser.get_findings(my_file_handle, Test()) + self.teardown(my_file_handle) + # in this report we have 817 + # "KICS": 31, + # "SAST": 669, + # "SCA": 117 + self.assertEqual(817, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Reflected XSS All Clients", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual(79, finding.cwe) + self.assertEqual("/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java", finding.file_path) + self.assertEqual(96, finding.line) + self.assertEqual("-1833874157", finding.unique_id_from_tool) + for finding in findings: + # test for SAST + if finding.unique_id_from_tool == "bEGSvBn40cp99etnudzTeskzJRQ=": + with self.subTest(i="bEGSvBn40cp99etnudzTeskzJRQ="): + self.assertEqual("SQL Injection", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual(89, finding.cwe) + self.assertEqual("/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java", finding.file_path) + self.assertEqual(61, finding.line) + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + if finding.unique_id_from_tool == "SYlu22e7ZQydKJFOlC/o1EsyixQ=": + with self.subTest(i="SYlu22e7ZQydKJFOlC/o1EsyixQ="): + self.assertEqual("SQL Injection", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual(89, finding.cwe) + self.assertEqual("/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java", finding.file_path) + self.assertEqual(72, finding.line) + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + # test one in SCA part + if finding.unique_id_from_tool == "GkVx1zoIKcd1EF72zqWrGzeVTmo=": + with self.subTest(i="GkVx1zoIKcd1EF72zqWrGzeVTmo="): + self.assertEqual("underscore:1.10.2 | CVE-2021-23358", finding.title) + self.assertIn("The package underscore from 1.13.0-0 and before 1.13.0-2", finding.description) + self.assertEqual("High", finding.severity) + self.assertEqual(94, finding.cwe) + self.assertEqual("underscore", finding.component_name) + self.assertEqual("1.10.2", finding.component_version) + self.assertTrue(finding.active) + self.assertFalse(finding.verified) + self.assertIsNone(finding.line) + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + # test one in KICS part + if finding.unique_id_from_tool == "eZrh18HAPbe2LbDAprSPrwncAC0=": + with self.subTest(i="eZrh18HAPbe2LbDAprSPrwncAC0="): + self.assertEqual("Dockerfile | IncorrectValue", finding.title) + self.assertIn("After using apt-get install, it is needed to delete apt-get lists", finding.description) + self.assertEqual("Info", finding.severity) + self.assertTrue(finding.active) + self.assertFalse(finding.verified) + self.assertEqual("/webgoat-server/Dockerfile", finding.file_path) + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) diff --git a/unittests/tools/test_checkov_parser.py b/unittests/tools/test_checkov_parser.py index a8716a7525d..29585978e6d 100644 --- a/unittests/tools/test_checkov_parser.py +++ b/unittests/tools/test_checkov_parser.py @@ -11,6 +11,12 @@ def test_parse_file_with_no_vuln_has_no_findings(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) + def test_parse_file_with_no_vuln_has_no_findings_v2(self): + testfile = open("unittests/scans/checkov/checkov2-report-0-vuln.json") + parser = CheckovParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + def test_parse_file_with_one_vuln_has_one_finding(self): testfile = open("unittests/scans/checkov/checkov-report-1-vuln.json") parser = CheckovParser() @@ -21,7 +27,7 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): testfile = open("unittests/scans/checkov/checkov-report-many-vuln.json") parser = CheckovParser() findings = parser.get_findings(testfile, Test()) - self.assertTrue(len(findings) > 2) + self.assertGreater(len(findings), 2) def test_parse_file_with_multiple_check_type_has_multiple_check_type(self): testfile = open("unittests/scans/checkov/checkov-report-multiple-check_type.json") @@ -72,3 +78,13 @@ def test_parse_file_with_multiple_check_type_has_multiple_check_type(self): 'https://docs.bridgecrew.io/docs/ensure-that-a-user-for-the-container-has-been-created', first_dockerfile_finding.references ) + + def test_parse_file_with_specified_severity(self): + testfile = open("unittests/scans/checkov/checkov-report-severity.json") + parser = CheckovParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(4, len(findings)) + self.assertEqual("Medium", findings[0].severity) + self.assertEqual("Medium", findings[1].severity) + self.assertEqual("Low", findings[2].severity) + self.assertEqual("High", findings[3].severity) diff --git a/unittests/tools/test_chefinspect_parser.py b/unittests/tools/test_chefinspect_parser.py new file mode 100644 index 00000000000..14a1bbb902e --- /dev/null +++ b/unittests/tools/test_chefinspect_parser.py @@ -0,0 +1,24 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.chefinspect.parser import ChefInspectParser +from dojo.models import Test + + +class TestChefInspectParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/chefinspect/no_finding.log") + parser = ChefInspectParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding(self): + testfile = open("unittests/scans/chefinspect/one_finding.log") + parser = ChefInspectParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + testfile = open("unittests/scans/chefinspect/many_findings.log") + parser = ChefInspectParser() + findings = parser.get_findings(testfile, Test()) + self.assertTrue(10, len(findings)) diff --git a/unittests/tools/test_choctaw_hog_parser.py b/unittests/tools/test_choctaw_hog_parser.py deleted file mode 100644 index a2046fa1c44..00000000000 --- a/unittests/tools/test_choctaw_hog_parser.py +++ /dev/null @@ -1,23 +0,0 @@ -from ..dojo_test_case import DojoTestCase -from dojo.tools.choctaw_hog.parser import ChoctawhogParser -from dojo.models import Test - - -class TestChoctawhogParser(DojoTestCase): - def test_parse_file_with_no_vuln_has_no_finding(self): - testfile = open("unittests/scans/choctaw_hog/no_vuln.json") - parser = ChoctawhogParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(0, len(findings)) - - def test_parse_file_with_one_vuln_has_one_finding(self): - testfile = open("unittests/scans/choctaw_hog/one_vuln.json") - parser = ChoctawhogParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(1, len(findings)) - - def test_parse_file_with_multiple_vuln_has_multiple_finding(self): - testfile = open("unittests/scans/choctaw_hog/many_vulns.json") - parser = ChoctawhogParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(13, len(findings)) diff --git a/unittests/tools/test_clair_klar_parser.py b/unittests/tools/test_clair_klar_parser.py deleted file mode 100644 index 6ed642a8c92..00000000000 --- a/unittests/tools/test_clair_klar_parser.py +++ /dev/null @@ -1,35 +0,0 @@ -from ..dojo_test_case import DojoTestCase -from dojo.tools.clair_klar.parser import ClairKlarParser - - -class TestFile(object): - def read(self): - return self.content - - def __init__(self, name, content): - self.name = name - self.content = content - - -class TestClairKlarParser(DojoTestCase): - - def test_parse_no_content_no_findings(self): - my_file_handle = open("unittests/scans/clair-klar/empty.json") - parser = ClairKlarParser() - findings = parser.get_findings(my_file_handle, None) - my_file_handle.close() - self.assertEqual(0, len(findings)) - - def test_high_findings(self): - my_file_handle = open("unittests/scans/clair-klar/high.json") - parser = ClairKlarParser() - findings = parser.get_findings(my_file_handle, None) - my_file_handle.close() - self.assertEqual(6, len(findings)) - - def test_mixed_findings(self): - my_file_handle = open("unittests/scans/clair-klar/mixed.json") - parser = ClairKlarParser() - findings = parser.get_findings(my_file_handle, None) - my_file_handle.close() - self.assertEqual(6, len(findings)) diff --git a/unittests/tools/test_clair_parser.py b/unittests/tools/test_clair_parser.py index 6577d320540..31297c4df7f 100644 --- a/unittests/tools/test_clair_parser.py +++ b/unittests/tools/test_clair_parser.py @@ -4,15 +4,22 @@ class TestClairParser(DojoTestCase): - def test_no_findings(self): - my_file_handle = open("unittests/scans/clair/empty.json") + def test_no_findings_clair(self): + my_file_handle = open("unittests/scans/clair/clair_empty.json") parser = ClairParser() findings = parser.get_findings(my_file_handle, None) my_file_handle.close() self.assertEqual(0, len(findings)) - def test_many_findings(self): - my_file_handle = open("unittests/scans/clair/many_vul.json") + def test_few_findings_clair(self): + my_file_handle = open("unittests/scans/clair/clair_few_vuln.json") + parser = ClairParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(4, len(findings)) + + def test_many_findings_clair(self): + my_file_handle = open("unittests/scans/clair/clair_many_vul.json") parser = ClairParser() findings = parser.get_findings(my_file_handle, None) my_file_handle.close() @@ -20,5 +27,27 @@ def test_many_findings(self): finding = findings[0] self.assertEqual("Medium", finding.severity) self.assertEqual("http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839", finding.references) - self.assertEqual("CVE-2018-20839", finding.cve) self.assertEqual("CVE-2018-20839 - (systemd, 237-3ubuntu10.29)", finding.title) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-20839", finding.unsaved_vulnerability_ids[0]) + + def test_parse_no_content_no_findings_clairklar(self): + my_file_handle = open("unittests/scans/clair/clairklar_empty.json") + parser = ClairParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(0, len(findings)) + + def test_high_findings_clairklar(self): + my_file_handle = open("unittests/scans/clair/clairklar_high.json") + parser = ClairParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(6, len(findings)) + + def test_mixed_findings_clairklar(self): + my_file_handle = open("unittests/scans/clair/clairklar_mixed.json") + parser = ClairParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(6, len(findings)) diff --git a/unittests/tools/test_codechecker_parser.py b/unittests/tools/test_codechecker_parser.py new file mode 100644 index 00000000000..23094751aa9 --- /dev/null +++ b/unittests/tools/test_codechecker_parser.py @@ -0,0 +1,99 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.codechecker.parser import CodeCheckerParser +from dojo.models import Test + + +class TestCodeCheckerParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_findings(self): + testfile = open( + get_unit_tests_path() + "/scans/codechecker/cc-report-0-vuln.json" + ) + parser = CodeCheckerParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding(self): + testfile = open( + get_unit_tests_path() + "/scans/codechecker/cc-report-1-vuln.json" + ) + parser = CodeCheckerParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("clang-diagnostic-sign-compare", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/push.c", finding.file_path) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/push.c", finding.sast_source_file_path) + self.assertEqual(576, finding.line) + self.assertEqual(576, finding.sast_source_line) + self.assertFalse(finding.verified) + self.assertFalse(finding.false_p) + self.assertFalse(finding.risk_accepted) + + def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + testfile = open( + get_unit_tests_path() + "/scans/codechecker/cc-report-many-vuln.json" + ) + parser = CodeCheckerParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(94, len(findings), str(len(findings))) + + self.assertEqual(sum(1 for f in findings if f.duplicate), 0) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'HIGH'), 20) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'INFO'), 6) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'CRITICAL'), 0) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'LOW'), 5) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'MEDIUM'), 63) + + finding = findings[0] + self.assertEqual("clang-diagnostic-sign-compare", finding.title) + self.assertEqual("Medium", finding.severity) + + finding = findings[22] + self.assertEqual("deadcode.DeadStores", finding.title) + self.assertEqual("Low", finding.severity) + + finding = findings[93] + self.assertEqual("core.NullDereference", finding.title) + self.assertEqual("High", finding.severity) + + def test_parse_file_with_various_review_statuses(self): + testfile = open( + get_unit_tests_path() + "/scans/codechecker/cc-report-review-status.json" + ) + parser = CodeCheckerParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 4) + + finding = findings[0] + self.assertTrue(finding.active) + self.assertFalse(finding.verified) + self.assertFalse(finding.risk_accepted) + self.assertFalse(finding.false_p) + self.assertEqual(576, finding.line) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/push.c", finding.file_path) + + finding = findings[1] + self.assertTrue(finding.active) + self.assertTrue(finding.verified) + self.assertFalse(finding.risk_accepted) + self.assertFalse(finding.false_p) + self.assertEqual(679, finding.line) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/push.c", finding.file_path) + + finding = findings[2] + self.assertFalse(finding.active) + self.assertFalse(finding.verified) + self.assertFalse(finding.risk_accepted) + self.assertTrue(finding.false_p) + self.assertEqual(402, finding.line) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/multi.h", finding.file_path) + + finding = findings[3] + self.assertFalse(finding.active) + self.assertFalse(finding.verified) + self.assertTrue(finding.risk_accepted) + self.assertFalse(finding.false_p) + self.assertEqual(91, finding.line) + self.assertEqual("/opt/_ga/openvpn/src/openvpn/vlan.c", finding.file_path) diff --git a/unittests/tools/test_coverity_api_parser.py b/unittests/tools/test_coverity_api_parser.py index 3da6f91fc81..3ec4423e621 100644 --- a/unittests/tools/test_coverity_api_parser.py +++ b/unittests/tools/test_coverity_api_parser.py @@ -7,10 +7,10 @@ class TestZapParser(DojoTestCase): def test_parse_wrong_file(self): - with self.assertRaises(ValueError) as ve: + with self.assertRaises(ValueError): testfile = open("unittests/scans/coverity_api/wrong.json") parser = CoverityApiParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) def test_parse_no_findings(self): testfile = open("unittests/scans/coverity_api/empty.json") diff --git a/unittests/tools/test_crashtest_security_parser.py b/unittests/tools/test_crashtest_security_parser.py index f1b0137126c..07fa57affd1 100644 --- a/unittests/tools/test_crashtest_security_parser.py +++ b/unittests/tools/test_crashtest_security_parser.py @@ -17,6 +17,11 @@ def test_crashtest_security_json_parser_full_file_has_many_findings(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(73, len(findings)) + finding = findings[0] + self.assertIsNone(finding.unsaved_vulnerability_ids) + finding = findings[4] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual('CVE-2016-4072', finding.unsaved_vulnerability_ids[0]) def test_crashtest_security_json_parser_extracted_data_file_has_many_findings(self): testfile = open( diff --git a/unittests/tools/test_cyclonedx_parser.py b/unittests/tools/test_cyclonedx_parser.py index 66e31358ef9..162a108aebc 100644 --- a/unittests/tools/test_cyclonedx_parser.py +++ b/unittests/tools/test_cyclonedx_parser.py @@ -5,27 +5,28 @@ from dojo.tools.cyclonedx.parser import CycloneDXParser -class TestParser(DojoTestCase): - +class TestCyclonedxParser(DojoTestCase): def test_grype_report(self): with open("unittests/scans/cyclonedx/grype_dd_1_14_1.xml") as file: parser = CycloneDXParser() findings = list(parser.get_findings(file, Test())) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(619, len(findings)) + self.assertEqual(312, len(findings)) with self.subTest(i=0): finding = findings[0] - self.assertEqual("Info", finding.severity) - self.assertEqual("Deprecated", finding.component_name) - self.assertEqual("1.2.12", finding.component_version) + self.assertEqual("Low", finding.severity) + self.assertEqual("Django", finding.component_name) + self.assertEqual("2.2.18", finding.component_version) self.assertEqual(datetime.date(2021, 4, 13), datetime.datetime.date(finding.date)) with self.subTest(i=200): finding = findings[200] - self.assertEqual("High", finding.severity) - self.assertEqual("jira", finding.component_name) - self.assertEqual("2.0.0", finding.component_version) - self.assertEqual("CVE-2019-8443", finding.cve) + self.assertEqual("Low", finding.severity) + self.assertEqual("libopenjp2-7", finding.component_name) + self.assertEqual("2.3.0-2+deb10u2", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2019-6988', vulnerability_ids[0]) self.assertEqual(datetime.date(2021, 4, 13), datetime.datetime.date(finding.date)) def test_spec1_report(self): @@ -35,20 +36,42 @@ def test_spec1_report(self): findings = list(parser.get_findings(file, Test())) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(2, len(findings)) + self.assertEqual(1, len(findings)) with self.subTest(i=0): finding = findings[0] - self.assertIsNone(finding.cve) - self.assertEqual("Info", finding.severity) - with self.subTest(i=1): - finding = findings[1] - self.assertEqual("CVE-2018-7489", finding.cve) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2018-7489', vulnerability_ids[0]) + self.assertEqual("Critical", finding.severity) + self.assertIn(finding.cwe, [184, 502]) # there is 2 CWE in the report + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + self.assertEqual("jackson-databind", finding.component_name) + self.assertEqual("2.9.9", finding.component_version) + self.assertEqual("CVE-2018-7489", finding.vuln_id_from_tool) + self.assertEqual("Upgrade\n", finding.mitigation) + self.assertEqual(finding.component_name + ":" + finding.component_version + " | " + vulnerability_ids[0], + finding.title) + + def test_spec1_report_low_first(self): + """Test a report from the spec itself""" + with open("unittests/scans/cyclonedx/spec1_lowfirst.xml") as file: + parser = CycloneDXParser() + findings = list(parser.get_findings(file, Test())) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2018-7489', vulnerability_ids[0]) self.assertEqual("Critical", finding.severity) self.assertIn(finding.cwe, [184, 502]) # there is 2 CWE in the report self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) self.assertEqual("jackson-databind", finding.component_name) self.assertEqual("2.9.9", finding.component_version) self.assertEqual("CVE-2018-7489", finding.vuln_id_from_tool) + self.assertEqual("Upgrade\n", finding.mitigation) def test_cyclonedx_bom_report(self): with open("unittests/scans/cyclonedx/cyclonedx_bom.xml") as file: @@ -56,12 +79,7 @@ def test_cyclonedx_bom_report(self): findings = parser.get_findings(file, Test()) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(73, len(findings)) - with self.subTest(i=0): - finding = findings[0] - self.assertEqual("Info", finding.severity) - self.assertEqual("asteval", finding.component_name) - self.assertEqual("0.9.23", finding.component_version) + self.assertEqual(0, len(findings)) def test_cyclonedx_jake_report(self): """Test a report generated by Jake""" @@ -70,12 +88,7 @@ def test_cyclonedx_jake_report(self): findings = parser.get_findings(file, Test()) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(204, len(findings)) - with self.subTest(i=0): - finding = findings[0] - self.assertEqual("Info", finding.severity) - self.assertEqual("yaspin", finding.component_name) - self.assertEqual("0.16.0", finding.component_version) + self.assertEqual(0, len(findings)) def test_cyclonedx_retirejs_report(self): """Test a report generated by RetireJS""" @@ -84,17 +97,7 @@ def test_cyclonedx_retirejs_report(self): findings = parser.get_findings(file, Test()) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(6, len(findings)) - with self.subTest(i=0): - finding = findings[0] - self.assertEqual("Info", finding.severity) - self.assertEqual("handlebars", finding.component_name) - self.assertEqual("3.0.0", finding.component_version) - with self.subTest(i=5): - finding = findings[5] - self.assertEqual("Info", finding.severity) - self.assertEqual("jquery", finding.component_name) - self.assertEqual("1.8.0", finding.component_version) + self.assertEqual(0, len(findings)) def test_cyclonedx_grype_11_report(self): """Test a report generated by Grype 0.11""" @@ -103,35 +106,269 @@ def test_cyclonedx_grype_11_report(self): findings = parser.get_findings(file, Test()) for finding in findings: self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual(689, len(findings)) + self.assertEqual(381, len(findings)) with self.subTest(i=0): finding = findings[0] - self.assertEqual("Info", finding.severity) - self.assertEqual("Deprecated", finding.component_name) - self.assertEqual("1.2.12", finding.component_version) + self.assertEqual("Low", finding.severity) + self.assertEqual("apt", finding.component_name) + self.assertEqual("1.8.2.1", finding.component_version) + self.assertFalse(finding.is_mitigated) + self.assertTrue(finding.active) with self.subTest(i=5): finding = findings[5] self.assertEqual("Info", finding.severity) - self.assertEqual("Jinja2", finding.component_name) - self.assertEqual("2.11.3", finding.component_version) - with self.subTest(i=640): - finding = findings[640] - self.assertEqual("High", finding.severity) - self.assertEqual("redis", finding.component_name) - self.assertEqual("3.5.3", finding.component_version) - self.assertEqual("CVE-2018-12326", finding.cve) - self.assertEqual("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) - self.assertIn("Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3", finding.description) - self.assertEqual("CVE-2018-12326", finding.vuln_id_from_tool) - with self.subTest(i=641): - finding = findings[641] + self.assertEqual("bind9-host", finding.component_name) + self.assertEqual("1:9.11.5.P4+dfsg-5.1+deb10u3", finding.component_version) + with self.subTest(i=379): + finding = findings[379] + self.assertEqual("Low", finding.severity) + self.assertEqual("tar", finding.component_name) + self.assertEqual("1.30+dfsg-6", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2019-9923', vulnerability_ids[0]) + self.assertIn("urn:uuid:be0e9032-5b6b-4ce4-9be4-e5956a0309c1", finding.description) + self.assertEqual("CVE-2019-9923", finding.vuln_id_from_tool) + with self.subTest(i=380): + finding = findings[380] + self.assertEqual("Low", finding.severity) + self.assertEqual("tar", finding.component_name) + self.assertEqual("1.30+dfsg-6", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('CVE-2021-20193', vulnerability_ids[0]) + self.assertIn("urn:uuid:17a8ccee-f13b-4d9d-abfc-f3964597df9a", finding.description) + self.assertEqual("CVE-2021-20193", finding.vuln_id_from_tool) + + def test_cyclonedx_1_4_xml(self): + """CycloneDX version 1.4 XML format""" + with open("unittests/scans/cyclonedx/valid-vulnerability-1.4.xml") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("jackson-databind:2.9.4 | SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("jackson-databind", finding.component_name) + self.assertEqual("2.9.4", finding.component_version) + self.assertIn(finding.cwe, [184, 502]) # there is 2 CWE in the report + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + self.assertIn( + "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution", + finding.description, + ) + self.assertIn( + "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + finding.mitigation, + ) + self.assertIn( + "An optional explanation of why the application is not affected by the vulnerable component.", + finding.mitigation, + ) + self.assertIn( + "GitHub Commit", + finding.references, + ) + self.assertIn( + "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", + finding.references, + ) + self.assertEqual("SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", finding.vuln_id_from_tool) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(3, len(vulnerability_ids)) + self.assertEqual('SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111', vulnerability_ids[0]) + self.assertEqual('CVE-2018-7489', vulnerability_ids[1]) + self.assertEqual('CVE-2018-7489', vulnerability_ids[2]) + self.assertTrue(finding.is_mitigated) + self.assertFalse(finding.active) + + def test_cyclonedx_1_4_json(self): + """CycloneDX version 1.4 JSON format""" + with open("unittests/scans/cyclonedx/valid-vulnerability-1.4.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("jackson-databind:2.9.4 | SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("jackson-databind", finding.component_name) + self.assertEqual("2.9.4", finding.component_version) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + self.assertIn( + "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution", + finding.description, + ) + self.assertIn( + "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + finding.mitigation, + ) + self.assertIn( + "An optional explanation of why the application is not affected by the vulnerable component.", + finding.mitigation, + ) + self.assertIn( + "GitHub Commit", + finding.references, + ) + self.assertIn( + "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", + finding.references, + ) + self.assertEqual("SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", finding.vuln_id_from_tool) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111', vulnerability_ids[0]) + self.assertEqual('CVE-2018-7489', vulnerability_ids[1]) + self.assertTrue(finding.is_mitigated) + self.assertFalse(finding.active) + + def test_cyclonedx_1_4_jake_json(self): + """CycloneDX version 1.4 JSON format produced by jake 1.4.1""" + with open("unittests/scans/cyclonedx/jake2.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + self.assertEqual(7, len(findings)) + for finding in findings: + finding.clean() + if "c7129ff8-08bc-4afe-82ec-7d97b9491741" == finding.vuln_id_from_tool: + with self.subTest(i="CVE-2021-33203"): + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Django:2.0 | c7129ff8-08bc-4afe-82ec-7d97b9491741", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual("Django", finding.component_name) + self.assertEqual("2.0", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2021-33203', vulnerability_ids[1]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", finding.cvssv3) + self.assertIn( + "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal", + finding.description, + ) + self.assertEqual(datetime.date(2022, 1, 28), datetime.datetime.date(finding.date)) + elif "c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0" == finding.vuln_id_from_tool: + with self.subTest(i="CVE-2018-7536"): + self.assertEqual("Django:2.0 | c9b6a6a5-01a4-4d4c-b480-b9d6825dc4d0", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("Django", finding.component_name) + self.assertEqual("2.0", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2018-7536', vulnerability_ids[1]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", finding.cvssv3) + self.assertIn( + "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19.", + finding.description, + ) + self.assertEqual(datetime.date(2022, 1, 28), datetime.datetime.date(finding.date)) + elif "90cfba6a-ddc9-4708-b131-5d875e8c558d" == finding.vuln_id_from_tool: + with self.subTest(i="CVE-2018-6188"): + self.assertEqual("High", finding.severity) + self.assertEqual("Django", finding.component_name) + self.assertEqual("2.0", finding.component_version) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(2, len(vulnerability_ids)) + self.assertEqual('CVE-2018-6188', vulnerability_ids[1]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", finding.cvssv3) + self.assertIn( + "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information", + finding.description, + ) + self.assertEqual(datetime.date(2022, 1, 28), datetime.datetime.date(finding.date)) + + def test_cyclonedx_json_cwe(self): + """CycloneDX version 1.4 JSON format""" + with open("unittests/scans/cyclonedx/cyclonedx_cwe.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] self.assertEqual("High", finding.severity) - self.assertEqual("redis", finding.component_name) - self.assertEqual("3.5.3", finding.component_version) - self.assertEqual("CVE-2018-12453", finding.cve) - self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3) - self.assertEqual( - "Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows" - " remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.", - finding.description) - self.assertEqual("CVE-2018-12453", finding.vuln_id_from_tool) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + self.assertEqual(20, finding.cwe) + + def test_cyclonedx_1_4_xml_cvssv31(self): + """CycloneDX version 1.4 XML format""" + with open("unittests/scans/cyclonedx/log4j.xml") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(8, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("log4j-core:2.13.2 | CVE-2021-44228", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("log4j-core", finding.component_name) + self.assertEqual("2.13.2", finding.component_version) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", finding.cvssv3) + + def test_cyclonedx_1_4_json_cvssv31(self): + """CycloneDX version 1.4 JSON format""" + with open("unittests/scans/cyclonedx/log4j.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(8, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("log4j-core:2.13.2 | CVE-2021-44228", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("log4j-core", finding.component_name) + self.assertEqual("2.13.2", finding.component_version) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", finding.cvssv3) + + def test_cyclonedx_1_4_json_nested_cvssv31(self): + """CycloneDX version 1.4 JSON format""" + with open("unittests/scans/cyclonedx/nested-component-log4j.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(8, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("log4j-core:2.13.2 | CVE-2021-44228", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("log4j-core", finding.component_name) + self.assertEqual("2.13.2", finding.component_version) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", finding.cvssv3) + + def test_cyclonedx_issue_9277(self): + """CycloneDX version 1.5 JSON format""" + with open("unittests/scans/cyclonedx/issue_9277.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(14, len(findings)) + with self.subTest(i=0): + finding = findings[1] + self.assertEqual("Description was not provided.", finding.description) + + def test_cyclonedx_issue_8022(self): + """CycloneDX version 1.4 JSON format""" + with open("unittests/scans/cyclonedx/issue_8022.json") as file: + parser = CycloneDXParser() + findings = parser.get_findings(file, Test()) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + finding.clean() + self.assertEqual(1, len(findings)) diff --git a/unittests/tools/test_dawnscanner_parser.py b/unittests/tools/test_dawnscanner_parser.py index 663548635c3..db83cdac1a1 100644 --- a/unittests/tools/test_dawnscanner_parser.py +++ b/unittests/tools/test_dawnscanner_parser.py @@ -21,7 +21,8 @@ def test_burp_with_one_vuln_has_one_finding(self): finding = findings[0] self.assertEqual("CVE-2016-6316", finding.title) self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-2016-6316", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2016-6316", finding.unsaved_vulnerability_ids[0]) self.assertEqual( 'Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack.', finding.description, @@ -35,7 +36,7 @@ def test_burp_with_one_vuln_has_one_finding(self): finding = findings[3] self.assertEqual("Owasp Ror CheatSheet: Security Related Headers", finding.title) self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) + self.assertIsNone(finding.unsaved_vulnerability_ids) self.assertEqual( 'To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.', finding.description, diff --git a/unittests/tools/test_dependency_check_parser.py b/unittests/tools/test_dependency_check_parser.py index 44e253b59ec..7963acdcd7a 100644 --- a/unittests/tools/test_dependency_check_parser.py +++ b/unittests/tools/test_dependency_check_parser.py @@ -1,8 +1,12 @@ -from ..dojo_test_case import DojoTestCase +from datetime import datetime, timezone +from os import path +from dateutil.tz import tzoffset, tzlocal from dojo.models import Test from dojo.tools.dependency_check.parser import DependencyCheckParser +from ..dojo_test_case import DojoTestCase + class TestFile(object): def read(self): @@ -14,1071 +18,288 @@ def __init__(self, name, content): class TestDependencyCheckParser(DojoTestCase): - - def test_parse_file_with_no_vulnerabilities_has_no_findings(self): - content = """ - - - - - Test Project - 2016-11-05T14:52:15.748-0400 - This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov - - - - component1.dll - C:\\Projectsestproject\\libraries\\component1.dll - ba5a6a10bae6ce2abbabec9facae23a4 - ae917bbce68733468b1972113e0e1fc5dc7444a0 - - - file - name - component1.dll - - - file - name - component1 - - - file - name - component1 - - - file - version - 1 - - - - - component2.dll - C:\\Projectsestproject\\libraries\\component2.dll - 21b24bc199530e07cb15d93c7f929f04 - a29f196740ab608199488c574f536529b5c21242 - - - file - name - component2 - - - file - name - component2 - - - - - - """ - testfile = TestFile("dependency-check-report.xml", content) + def test_parse_empty_file(self): + testfile = open("unittests/scans/dependency_check/single_dependency_with_related_no_vulnerability.xml") parser = DependencyCheckParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) def test_parse_file_with_single_vulnerability_has_single_finding(self): - content = """ - - - - - Test Project - 2016-11-05T14:52:15.748-0400 - This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov - - - - component1.dll - C:\\Projectsestproject\\libraries\\component1.dll - ba5a6a10bae6ce2abbabec9facae23a4 - ae917bbce68733468b1972113e0e1fc5dc7444a0 - - - file - name - component1.dll - - - file - name - component1 - - - file - name - component1 - - - file - version - 1 - - - - - component2.dll - C:\\Projectestproject\\libraries\\component2.dll - 21b24bc199530e07cb15d93c7f929f04 - a29f196740ab608199488c574f536529b5c21242 - - - file - name - component2 - - - file - name - component2 - - - - - org.owasp:library:6.7.8 - https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar - - - - - CVE-0000-0001 - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - Moderate - CWE-00 Bad Vulnerability - Description of a bad vulnerability. - - - Reference1 - http://localhost/badvulnerability.htm - Reference Name - - - MISC - http://localhost2/reference_for_badvulnerability.pdf - Reference for a bad vulnerability - - - - cpe:/a:component2:component2:1.0 - - - - - - - """ - testfile = TestFile("dependency-check-report.xml", content) + testfile = open("unittests/scans/dependency_check/single_vuln.xml") parser = DependencyCheckParser() findings = parser.get_findings(testfile, Test()) items = findings self.assertEqual(1, len(items)) - self.assertEqual(items[0].title, "library:6.7.8 | Description of a bad vulnerability.(in component2.dll)") - self.assertEqual(items[0].severity, "Medium") - self.assertEqual(items[0].component_name, "org.owasp:library") - self.assertEqual(items[0].component_version, "6.7.8") - self.assertEqual( - items[0].mitigation, - "Update org.owasp:library:6.7.8 to at least the version recommended in the description" - ) + i = 0 + with self.subTest(i=i): + self.assertEqual(items[i].title, "org.owasp:library:6.7.8 | CVE-0000-0001") + self.assertEqual(items[i].severity, "Medium") + self.assertEqual(items[i].component_name, "org.owasp:library") + self.assertEqual(items[i].component_version, "6.7.8") + self.assertEqual( + items[i].mitigation, + "Update org.owasp:library:6.7.8 to at least the version recommended in the description", + ) + self.assertEqual(items[i].date, datetime(2016, 11, 5, 14, 52, 15, 748000, tzinfo=tzoffset(None, -14400))) def test_parse_file_with_single_dependency_with_related_no_vulnerability(self): - content = """ - - - - - Test Project - 2016-11-05T14:52:15.748-0400 - This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov - - - - component1.dll - C:\\Projectsestproject\\libraries\\component1.dll - ba5a6a10bae6ce2abbabec9facae23a4 - ae917bbce68733468b1972113e0e1fc5dc7444a0 - - - adapter-ear8.ear: dom4j-2.1.1.jar - /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar - a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 - 080c5a481cd7abf27bfd4b48edf73b1cb214085e - add18b9f953221ff565cf7a34aac0ed9 - - - - - file - name - component1.dll - - - file - name - component1 - - - file - name - component1 - - - file - version - 1 - - - - - - """ - testfile = TestFile("dependency-check-report.xml", content) + testfile = open("unittests/scans/dependency_check/single_dependency_with_related_no_vulnerability.xml") parser = DependencyCheckParser() findings = parser.get_findings(testfile, Test()) items = findings self.assertEqual(0, len(items)) def test_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self): - content = """ - - - - - Test Project - 2016-11-05T14:52:15.748-0400 - This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov - - - - component1 - C:\\Projectestproject\\libraries\\component1.dll - ba5a6a10bae6ce2abbabec9facae23a4 - ae917bbce68733468b1972113e0e1fc5dc7444a0 - - - file - name - component1.dll - - - file - name - component1 - - - file - name - component1 - - - file - version - 1 - - - - - adapter-ear1.ear: dom4j-2.1.1.jar - /var/lib/adapter-ear1.ear/dom4j-2.1.1.jar - 21b24bc199530e07cb15d93c7f929f04 - a29f196740ab608199488c574f536529b5c21242 - - - adapter-ear8.ear: dom4j-2.1.1.jar - /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar - a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 - 080c5a481cd7abf27bfd4b48edf73b1cb214085e - add18b9f953221ff565cf7a34aac0ed9 - - - adapter-ear1.ear: dom4j-extensions-2.1.1.jar - /var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar - a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 - 080c5a481cd7abf27bfd4b48edf73b1cb214085e - add18b9f953221ff565cf7a34aac0ed9 - - - - - file - name - org.jdom - - - file - name - dom4j - - - - - - pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 - https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 - - - cpe:2.3:a:dom4j_project:dom4j:2.1.1.hat-00001:*:*:*:*:*:*:* - https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1.hat-00001 - - - - cpe:/a:apache:xalan-java:2.7.1 - https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Axalan-java%3A2.7.1 - - - xalan:serializer:2.7.1 - https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar - - - - - CVE-0000-0001 - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - High - CWE-00 Bad Vulnerability - Description of a bad vulnerability. - - - Reference1 - http://localhost/badvulnerability.htm - Reference Name - - - MISC - http://localhost2/reference_for_badvulnerability.pdf - Reference for a bad vulnerability - - - - cpe:/a:component2:component2:1.0 - - - - - - yargs-parser:5.0.0 - /var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser - - - - - - /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar - a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 - 080c5a481cd7abf27bfd4b48edf73b1cb214085e - add18b9f953221ff565cf7a34aac0ed9 - - - /var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar - a520752f350909c191db45a598a88fcca2fa5db17a340dee6b3d0e36f4122e11 - 080c5a481cd7abf27bfd4b48edf73b1cb214085e - add18b9f953221ff565cf7a34aac0ed9 - - - - package-lock.json: transitive - - - - package.json - name - yargs-parser - - - package.json - name - yargs-parser - - - package.json - version - 5.0.0 - - - - - pkg:npm/yargs-parser@5.0.0 - https://ossindex.sonatype.org/component/pkg:npm/yargs-parser@5.0.0 - - - - - 1500 - low - Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`. - - - Advisory 1500: Prototype Pollution - - [Snyk Report](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) - - - - cpe:2.3:a:*:yargs-parser:\\<13.1.2\\|\\|\\>\\=14.0.0\\<15.0.1\\|\\|\\>\\=16.0.0\\<18.1.2:*:*:*:*:*:*:* - - - - CVE-2020-7608 - HIGH - - 7.5 - N - L - N - N - U - N - H - N - HIGH - - yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. - - - OSSINDEX - https://ossindex.sonatype.org/vuln/b7740d41-fc85-4d22-8af5-5a3159e114ea?component-type=npm&component-name=yargs-parser - [CVE-2020-7608] yargs-parser could be tricked into adding or modifying properties of Object.prot... - - - - cpe:2.3:a:*:yargs-parser:5.0.0:*:*:*:*:*:*:* - - - - CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - HIGH - - 7.5 - N - L - N - N - U - N - N - H - HIGH - - - CWE-400 - - The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. - - - OSSINDEX - https://ossindex.sonatype.org/vuln/7ccaaed0-205b-4382-a963-8a30a0b151b1?component-type=npm&component-name=yargs-parser - CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - - - - cpe:2.3:a:*:yargs-parser:5.0.0:*:*:*:*:*:*:* - - - - - - adapter-ear2.ear: dom4j-2.1.1.jar - C:\\Projectestproject\\libraries\\component2.dll - 21b24bc199530e07cb15d93c7f929f04 - a29f196740ab608199488c574f536529b5c21242 - - - file - name - org.jdom - - - file - name - dom4j - - - - - - pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 - https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 - - - cpe:2.3:a:dom4j_project:dom4j:2.1.1.hat-00001:*:*:*:*:*:*:* - https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1.hat-00001 - - - - cpe:/a:apache:xalan-java:2.7.1 - https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aapache%3Axalan-java%3A2.7.1 - - - xalan:serializer:2.7.1 - https://search.maven.org/remotecontent?filepath=xalan/serializer/2.7.1/serializer-2.7.1.jar - - - - - CVE-0000-0001 - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - High - CWE-00 Bad Vulnerability - Description of a bad vulnerability. - - - Reference1 - http://localhost/badvulnerability.htm - Reference Name - - - MISC - http://localhost2/reference_for_badvulnerability.pdf - Reference for a bad vulnerability - - - - cpe:/a:component2:component2:1.0 - - - - - - adapter-ear3.ear: dom4j-2.1.1.jar - C:\\Projectestproject\\libraries\\component2.dll - 21b24bc199530e07cb15d93c7f929f04 - a29f196740ab608199488c574f536529b5c21242 - - - file - name - 2.1.1 - - - file - name - dom4j - - - - - CVE-0000-0001 - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - High - CWE-00 Bad Vulnerability - Description of a bad vulnerability. - - - Reference1 - http://localhost/badvulnerability.htm - Reference Name - - - MISC - http://localhost2/reference_for_badvulnerability.pdf - Reference for a bad vulnerability - - - - cpe:/a:component2:component2:1.0 - - - - - - adapter-ear4.ear: liquibase-core-3.5.3.jar: jquery.js - C:\\Projectestproject\\libraries\\component3.dll - 21b24bc199530e07cb15d93c7f929f03 - a29f196740ab608199488c574f536529b5c21243 - - - file - name - 3.1.1 - - - file - name - jquery - - - - - CVE-0000-0001 - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - High - CWE-00 Bad Vulnerability - Description of a bad vulnerability. - - - Reference1 - http://localhost/badvulnerability.htm - Reference Name - - - MISC - http://localhost2/reference_for_badvulnerability.pdf - Reference for a bad vulnerability - - - - cpe:/a:component3:component3:1.0 - - - - CVE-2019-7238 - - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - HIGH - 2.0 - 10.0 - 6.4 - - - 9.8 - NETWORK - LOW - NONE - NONE - UNCHANGED - HIGH - HIGH - HIGH - CRITICAL - 3.9 - 5.9 - 3.0 - - - NVD-CWE-noinfo - - Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. - - - MISC - https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019 - https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019 - - - - cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:* - - - - CVE-2017-1000487 - - 7.5 - NETWORK - LOW - NONE - PARTIAL - PARTIAL - PARTIAL - HIGH - 2.0 - 10.0 - 6.4 - true - - - 9.8 - NETWORK - LOW - NONE - NONE - UNCHANGED - HIGH - HIGH - HIGH - CRITICAL - 3.9 - 5.9 - 3.1 - - - CWE-78 - - Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. - This is our reason for not to upgrade it. - - - MLIST - https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html - [debian-lts-announce] 20180109 [SECURITY] [DLA 1237-1] plexus-utils2 security update - - - DEBIAN - https://www.debian.org/security/2018/dsa-4146 - DSA-4146 - - - - cpe:2.3:a:plexus-utils_project:plexus-utils:*:*:*:*:*:*:*:* - - - - - - - """ - testfile = TestFile("dependency-check-report.xml", content) + testfile = open("unittests/scans/dependency_check/multiple_vulnerabilities_has_multiple_findings.xml") parser = DependencyCheckParser() findings = parser.get_findings(testfile, Test()) items = findings - self.assertEqual(11, len(items)) # test also different component_name formats - # identifier -> package url java + 2 relateddependencies - self.assertEqual( - items[0].title, "dom4j:2.1.1.redhat-00001 | Description of a bad vulnerability.(in adapter-ear1.ear: dom4j-2.1.1.jar)" - ) - self.assertEqual(items[0].component_name, "org.dom4j:dom4j") - self.assertEqual(items[0].component_version, "2.1.1.redhat-00001") - self.assertEqual(items[0].description, "Description of a bad vulnerability.\nFilepath: /var/lib/adapter-ear1.ear/dom4j-2.1.1.jar") - self.assertEqual(items[0].severity, "High") - self.assertEqual(items[0].file_path, "adapter-ear1.ear: dom4j-2.1.1.jar") - self.assertEqual( - items[0].mitigation, - "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description" - ) + with self.subTest(i=0): + # identifier -> package url java + 2 relateddependencies + self.assertEqual(items[0].title, "org.dom4j:dom4j:2.1.1.redhat-00001 | CVE-0000-0001") + self.assertEqual(items[0].component_name, "org.dom4j:dom4j") + self.assertEqual(items[0].component_version, "2.1.1.redhat-00001") + self.assertIn( + "Description of a bad vulnerability.", + items[0].description, + ) + self.assertIn( + "/var/lib/adapter-ear1.ear/dom4j-2.1.1.jar", + items[0].description, + ) + self.assertEqual(items[0].severity, "High") + self.assertEqual(items[0].file_path, "adapter-ear1.ear: dom4j-2.1.1.jar") + self.assertEqual( + items[0].mitigation, + "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description", + ) + self.assertEqual( + items[0].date, datetime(2016, 11, 5, 14, 52, 15, 748000, tzinfo=tzoffset(None, -14400)) + ) # 2016-11-05T14:52:15.748-0400 + self.assertEqual(1, len(items[0].unsaved_vulnerability_ids)) + self.assertEqual('CVE-0000-0001', items[0].unsaved_vulnerability_ids[0]) - self.assertEqual( - items[1].title, "dom4j:2.1.1.redhat-00001 | Description of a bad vulnerability.(in adapter-ear8.ear: dom4j-2.1.1.jar)" - ) - self.assertEqual(items[1].component_name, "org.dom4j:dom4j") - self.assertEqual(items[1].component_version, "2.1.1.redhat-00001") - self.assertEqual(items[1].description, "Description of a bad vulnerability.\nFilepath: /var/lib/adapter-ear8.ear/dom4j-2.1.1.jar") - self.assertEqual(items[1].severity, "High") - self.assertEqual(items[1].file_path, "adapter-ear8.ear: dom4j-2.1.1.jar") - self.assertEqual( - items[1].mitigation, - "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description" - ) - self.assertEqual(items[1].tags, "related") + with self.subTest(i=1): + self.assertEqual(items[1].title, "org.dom4j:dom4j:2.1.1.redhat-00001 | CVE-0000-0001") + self.assertEqual(items[1].component_name, "org.dom4j:dom4j") + self.assertEqual(items[1].component_version, "2.1.1.redhat-00001") + self.assertIn( + "Description of a bad vulnerability.", + items[1].description, + ) + self.assertIn( + "/var/lib/adapter-ear8.ear/dom4j-2.1.1.jar", + items[1].description, + ) + self.assertEqual(items[1].severity, "High") + self.assertEqual(items[1].file_path, "adapter-ear8.ear: dom4j-2.1.1.jar") + self.assertEqual( + items[1].mitigation, + "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description", + ) + self.assertEqual(items[1].tags, "related") + self.assertEqual(1, len(items[1].unsaved_vulnerability_ids)) + self.assertEqual('CVE-0000-0001', items[1].unsaved_vulnerability_ids[0]) - self.assertEqual( - items[2].title, - "dom4j:2.1.1.redhat-00001 | Description of a bad vulnerability.(in adapter-ear1.ear: dom4j-extensions-2.1.1.jar)", - ) - self.assertEqual(items[2].component_name, "org.dom4j:dom4j") - self.assertEqual(items[2].component_version, "2.1.1.redhat-00001") - self.assertEqual(items[2].description, "Description of a bad vulnerability.\nFilepath: /var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar") - self.assertEqual(items[2].severity, "High") - self.assertEqual( - items[2].file_path, "adapter-ear1.ear: dom4j-extensions-2.1.1.jar" - ) - self.assertEqual( - items[2].mitigation, - "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description" - ) + with self.subTest(i=2): + self.assertEqual(items[2].title, "org.dom4j:dom4j:2.1.1.redhat-00001 | CVE-0000-0001") + self.assertEqual(items[2].component_name, "org.dom4j:dom4j") + self.assertEqual(items[2].component_version, "2.1.1.redhat-00001") + self.assertIn( + "Description of a bad vulnerability.", + items[2].description, + ) + self.assertIn( + "/var/lib/adapter-ear1.ear/dom4j-extensions-2.1.1.jar", + items[2].description, + ) + self.assertEqual(items[2].severity, "High") + self.assertEqual(items[2].file_path, "adapter-ear1.ear: dom4j-extensions-2.1.1.jar") + self.assertEqual( + items[2].mitigation, + "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description", + ) + self.assertEqual(1, len(items[2].unsaved_vulnerability_ids)) + self.assertEqual('CVE-0000-0001', items[2].unsaved_vulnerability_ids[0]) - # identifier -> package url javascript, no vulnerabilitids, 3 vulnerabilities, relateddependencies without filename (pre v6.0.0) - self.assertEqual(items[3].title, "yargs-parser:5.0.0 | 1500 Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.(in yargs-parser:5.0.0)") - self.assertEqual(items[3].component_name, "yargs-parser") - self.assertEqual(items[3].component_version, "5.0.0") - # assert fails due to special characters, not too important - # self.assertEqual(items[1].description, "Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.") - self.assertEqual(items[3].severity, "Low") - self.assertEqual(items[3].file_path, "yargs-parser:5.0.0") - self.assertEqual( - items[3].mitigation, - "Update yargs-parser:5.0.0 to at least the version recommended in the description" - ) + with self.subTest(i=3): + # identifier -> package url javascript, no vulnerabilitids, 3 vulnerabilities, relateddependencies without filename (pre v6.0.0) + self.assertEqual( + items[3].title, "yargs-parser:5.0.0 | 1500" + ) + self.assertEqual(items[3].component_name, "yargs-parser") + self.assertEqual(items[3].component_version, "5.0.0") + # assert fails due to special characters, not too important + # self.assertEqual(items[1].description, "Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.") + self.assertEqual(items[3].severity, "Low") + self.assertEqual(items[3].file_path, "yargs-parser:5.0.0") + self.assertEqual( + items[3].mitigation, "Update yargs-parser:5.0.0 to at least the version recommended in the description" + ) + self.assertIn( + "**Source:** NPM", + items[3].description, + ) + self.assertIsNone(items[3].unsaved_vulnerability_ids) - self.assertEqual(items[4].title, 'yargs-parser:5.0.0 | yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.(in yargs-parser:5.0.0)') - self.assertEqual(items[4].component_name, "yargs-parser") - self.assertEqual(items[4].component_version, "5.0.0") - self.assertEqual( - items[4].description, - 'yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.\nFilepath: /var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser', - ) - self.assertEqual(items[4].severity, "High") - self.assertEqual(items[4].file_path, "yargs-parser:5.0.0") - self.assertEqual( - items[4].mitigation, - "Update yargs-parser:5.0.0 to at least the version recommended in the description" - ) + with self.subTest(i=4): + self.assertEqual( + items[4].title, + "yargs-parser:5.0.0 | CVE-2020-7608", + ) + self.assertEqual(items[4].component_name, "yargs-parser") + self.assertEqual(items[4].component_version, "5.0.0") + self.assertIn( + 'yargs-parser could be tricked into adding or modifying properties\n of Object.prototype using a "__proto__" payload.\n**Source:** OSSINDEX\n**Filepath:** \n /var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser', + items[4].description, + ) + self.assertIn( + "/var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser", + items[4].description, + ) + self.assertEqual(items[4].severity, "High") + self.assertEqual(items[4].file_path, "yargs-parser:5.0.0") + self.assertEqual( + items[4].mitigation, "Update yargs-parser:5.0.0 to at least the version recommended in the description" + ) + self.assertEqual(1, len(items[4].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2020-7608', items[4].unsaved_vulnerability_ids[0]) - self.assertEqual( - items[5].title, - "yargs-parser:5.0.0 | Uncontrolled Resource Consumption ('Resource Exhaustion') (in yargs-parser:5.0.0)", - ) - self.assertEqual(items[5].component_name, "yargs-parser") - self.assertEqual(items[5].component_version, "5.0.0") - self.assertEqual( - items[5].description, - "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.\nFilepath: /var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser", - ) - self.assertEqual(items[5].severity, "High") - self.assertEqual(items[5].file_path, "yargs-parser:5.0.0") - self.assertEqual( - items[5].mitigation, - "Update yargs-parser:5.0.0 to at least the version recommended in the description" - ) + with self.subTest(i=5): + self.assertEqual( + items[5].title, + "yargs-parser:5.0.0 | CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')", + ) + self.assertEqual(items[5].component_name, "yargs-parser") + self.assertEqual(items[5].component_version, "5.0.0") + self.assertIn( + "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.", + items[5].description, + ) + # check that the filepath is in the description + self.assertIn( + "/var/lib/jenkins/workspace/nl-selfservice_-_metrics_develop/package-lock.json?yargs-parser", + items[5].description, + ) + self.assertEqual(items[5].severity, "High") + self.assertEqual(items[5].file_path, "yargs-parser:5.0.0") + self.assertEqual( + items[5].mitigation, "Update yargs-parser:5.0.0 to at least the version recommended in the description" + ) + self.assertIsNone(items[5].unsaved_vulnerability_ids) - # identifier -> cpe java - self.assertEqual( - items[6].title, "dom4j:2.1.1.redhat-00001 | Description of a bad vulnerability.(in adapter-ear2.ear: dom4j-2.1.1.jar)" - ) - self.assertEqual(items[6].component_name, "org.dom4j:dom4j") - self.assertEqual(items[6].component_version, "2.1.1.redhat-00001") - self.assertEqual(items[6].severity, "High") - self.assertEqual(items[6].file_path, "adapter-ear2.ear: dom4j-2.1.1.jar") - self.assertEqual( - items[6].mitigation, - "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description" - ) + with self.subTest(i=6): + # identifier -> cpe java + self.assertEqual(items[6].title, "org.dom4j:dom4j:2.1.1.redhat-00001 | CVE-0000-0001") + self.assertEqual(items[6].component_name, "org.dom4j:dom4j") + self.assertEqual(items[6].component_version, "2.1.1.redhat-00001") + self.assertEqual(items[6].severity, "High") + self.assertEqual(items[6].file_path, "adapter-ear2.ear: dom4j-2.1.1.jar") + self.assertEqual( + items[6].mitigation, + "Update org.dom4j:dom4j:2.1.1.redhat-00001 to at least the version recommended in the description", + ) + self.assertEqual(1, len(items[6].unsaved_vulnerability_ids)) + self.assertEqual('CVE-0000-0001', items[6].unsaved_vulnerability_ids[0]) - # identifier -> maven java - self.assertEqual( - items[7].title, "dom4j:2.1.1 | Description of a bad vulnerability.(in adapter-ear3.ear: dom4j-2.1.1.jar)" - ) - self.assertEqual(items[7].component_name, "dom4j") - self.assertEqual(items[7].component_version, "2.1.1") - self.assertEqual(items[7].severity, "High") - self.assertEqual( - items[7].mitigation, - "Update dom4j:2.1.1 to at least the version recommended in the description" - ) + with self.subTest(i=7): + # identifier -> maven java + self.assertEqual(items[7].title, "dom4j:2.1.1 | CVE-0000-0001") + self.assertEqual(items[7].component_name, "dom4j") + self.assertEqual(items[7].component_version, "2.1.1") + self.assertEqual(items[7].severity, "High") + self.assertEqual( + items[7].mitigation, "Update dom4j:2.1.1 to at least the version recommended in the description" + ) - # evidencecollected -> single product + single verison javascript - self.assertEqual( - items[8].title, - "jquery:3.1.1 | Description of a bad vulnerability.(in adapter-ear4.ear: liquibase-core-3.5.3.jar: jquery.js)", - ) - self.assertEqual(items[8].component_name, "jquery") - self.assertEqual(items[8].component_version, "3.1.1") - self.assertEqual(items[8].severity, "High") - self.assertEqual( - items[8].mitigation, - "Update jquery:3.1.1 to at least the version recommended in the description" - ) + with self.subTest(i=8): + # evidencecollected -> single product + single verison javascript + self.assertEqual( + items[8].title, + "jquery:3.1.1 | CVE-0000-0001", + ) + self.assertEqual(items[8].component_name, "jquery") + self.assertEqual(items[8].component_version, "3.1.1") + self.assertEqual(items[8].severity, "High") + self.assertEqual( + items[8].mitigation, "Update jquery:3.1.1 to at least the version recommended in the description" + ) - # Tests for two suppressed vulnerabilities, - # One for Suppressed with notes, the other is without. - self.assertEqual(items[9].active, False) - self.assertEqual(items[9].mitigation, - '**This vulnerability is mitigated and/or suppressed:** Document on why we are suppressing this vulnerability is missing!\nUpdate jquery:3.1.1 to at least the version recommended in the description') - self.assertEqual(items[9].tags, ["suppressed", "no_suppression_document"]) + with self.subTest(i=9): + # Tests for two suppressed vulnerabilities, + # One for Suppressed with notes, the other is without. + self.assertEqual(items[9].active, False) + self.assertEqual( + items[9].mitigation, + "**This vulnerability is mitigated and/or suppressed:** Document on why we are suppressing this vulnerability is missing!\nUpdate jquery:3.1.1 to at least the version recommended in the description", + ) + self.assertEqual(items[9].tags, ["suppressed", "no_suppression_document"]) + self.assertEqual(items[10].severity, "Critical") + self.assertEqual(items[10].is_mitigated, True) - self.assertEqual(items[10].active, False) - self.assertEqual(items[10].mitigation, - '**This vulnerability is mitigated and/or suppressed:** This is our reason for not to upgrade it.\nUpdate jquery:3.1.1 to at least the version recommended in the description') - self.assertEqual(items[10].tags, "suppressed") + with self.subTest(i=10): + self.assertEqual(items[10].active, False) + self.assertEqual( + items[10].mitigation, + "**This vulnerability is mitigated and/or suppressed:** This is our reason for not to upgrade it.\nUpdate jquery:3.1.1 to at least the version recommended in the description", + ) + self.assertEqual(items[10].tags, "suppressed") + self.assertEqual(items[10].severity, "Critical") + self.assertEqual(items[10].is_mitigated, True) - # evidencecollected -> multiple product + multiple version - # TODO? Seems like since v6.0.0 there's always a packageurl + def test_parse_java_6_5_3(self): + """Test with version 6.5.3""" + with open(path.join(path.dirname(__file__), "../scans/dependency_check/version-6.5.3.xml")) as test_file: + parser = DependencyCheckParser() + findings = parser.get_findings(test_file, Test()) + items = findings + self.assertEqual(1, len(items)) + i = 0 + with self.subTest(i=i): + self.assertEqual(items[i].component_name, "org.apache.logging.log4j:log4j-api") + self.assertEqual(items[i].component_version, "2.12.4") + self.assertIn( + "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.", + items[i].description, + ) + self.assertEqual(items[i].severity, "Low") + self.assertEqual(items[i].file_path, "log4j-api-2.12.4.jar") + self.assertEqual(items[i].date, datetime(2022, 1, 15, 14, 31, 13, 42600, tzinfo=timezone.utc)) + + def test_parse_file_pr6439(self): + testfile = open("unittests/scans/dependency_check/PR6439.xml") + parser = DependencyCheckParser() + findings = parser.get_findings(testfile, Test()) + items = findings + self.assertEqual(37, len(items)) + # test also different component_name formats -# example with multiple evidencecollected -# -# -# pom -# parent-groupid -# org.jboss -# -# -# Manifest -# specification-vendor -# JBoss by Red Hat -# -# -# pom -# artifactid -# dom4j -# -# -# file -# name -# dom4j -# -# -# Manifest -# os-arch -# amd64 -# -# -# Manifest -# os-name -# Linux -# -# -# Manifest -# Implementation-Vendor -# JBoss by Red Hat -# -# -# pom -# name -# dom4j -# -# -# Manifest -# java-vendor -# Oracle Corporation -# -# -# pom -# parent-artifactid -# jboss-parent -# -# -# jar -# package name -# dom4j -# -# -# Manifest -# implementation-url -# http://dom4j.github.io/ -# -# -# Manifest -# Implementation-Vendor-Id -# org.dom4j -# -# -# pom -# groupid -# dom4j -# -# -# hint analyzer -# vendor -# redhat -# -# -# pom -# url -# http://dom4j.github.io/ -# -# -# pom -# parent-groupid -# org.jboss -# -# -# Manifest -# Implementation-Title -# dom4j -# -# -# file -# name -# dom4j -# -# -# Manifest -# os-arch -# amd64 -# -# -# Manifest -# os-name -# Linux -# -# -# pom -# artifactid -# dom4j -# -# -# pom -# parent-artifactid -# jboss-parent -# -# -# pom -# name -# dom4j -# -# -# jar -# package name -# dom4j -# -# -# Manifest -# implementation-url -# http://dom4j.github.io/ -# -# -# jar -# package name -# io -# -# -# pom -# url -# http://dom4j.github.io/ -# -# -# pom -# groupid -# dom4j -# -# -# Manifest -# specification-title -# dom4j -# -# -# pom -# version -# 2.1.1.redhat-00001 -# -# -# Manifest -# Implementation-Version -# 2.1.1.redhat-00001 -# -# -# pom -# parent-version -# 2.1.1.redhat-00001 -# -# -# -# -# pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 -# https://ossindex.sonatype.org/component/pkg:maven/org.dom4j/dom4j@2.1.1.redhat-00001 -# -# -# cpe:2.3:a:dom4j_project:dom4j:2.1.1.hat-00001:*:*:*:*:*:*:* -# https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adom4j_project&cpe_product=cpe%3A%2F%3Adom4j_project%3Adom4j&cpe_version=cpe%3A%2F%3Adom4j_project%3Adom4j%3A2.1.1.hat-00001 -# -# + with self.subTest(i=0): + print(items[0]) + # identifier -> package url java + 2 relateddependencies + self.assertEqual(items[0].title, "org.apache.activemq:activemq-broker:5.16.5 | CVE-2015-3208") + self.assertEqual(items[0].component_name, "org.apache.activemq:activemq-broker") + self.assertEqual(items[0].component_version, "5.16.5") + self.assertIn( + "XML external entity (XXE) vulnerability in the XPath selector component in", + items[0].description, + ) + self.assertIn( + "**Source:** OSSINDEX", + items[0].description, + ) + self.assertEqual(items[0].severity, "Critical") + self.assertEqual(items[0].file_path, "activemq-broker-5.16.5.jar") + self.assertIn( + "**This vulnerability is mitigated and/or suppressed:** Ist eine Dependency vom CXF. Der im Finding erwähnte Bug ist seit Version 1.0", + items[0].mitigation, + ) + self.assertEqual( + items[0].date, datetime(2022, 12, 14, 1, 35, 43, 684166, tzinfo=tzlocal()) + ) # 2016-11-05T14:52:15.748-0400 + self.assertEqual(1, len(items[0].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2015-3208', items[0].unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_dependency_track_parser.py b/unittests/tools/test_dependency_track_parser.py index a85c82801ca..4e0d203fe75 100644 --- a/unittests/tools/test_dependency_track_parser.py +++ b/unittests/tools/test_dependency_track_parser.py @@ -9,7 +9,7 @@ def test_dependency_track_parser_with_empty_list_for_findings_key_has_no_finding self, ): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/no_findings_because_findings_key_is_empty_list.json" + get_unit_tests_path() + "/scans/dependency_track/no_findings_because_findings_key_is_empty_list.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) @@ -18,7 +18,7 @@ def test_dependency_track_parser_with_empty_list_for_findings_key_has_no_finding def test_dependency_track_parser_with_missing_findings_key_has_no_findings(self): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/no_findings_because_findings_key_is_missing.json" + get_unit_tests_path() + "/scans/dependency_track/no_findings_because_findings_key_is_missing.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) @@ -27,7 +27,7 @@ def test_dependency_track_parser_with_missing_findings_key_has_no_findings(self) def test_dependency_track_parser_with_null_findings_key_has_no_findings(self): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/no_findings_because_findings_key_is_null.json" + get_unit_tests_path() + "/scans/dependency_track/no_findings_because_findings_key_is_null.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) @@ -36,16 +36,26 @@ def test_dependency_track_parser_with_null_findings_key_has_no_findings(self): def test_dependency_track_parser_has_many_findings(self): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/many_findings.json" + get_unit_tests_path() + "/scans/dependency_track/many_findings.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(4, len(findings)) + self.assertIsNone(findings[0].unsaved_vulnerability_ids) + self.assertIsNone(findings[1].unsaved_vulnerability_ids) + self.assertEqual(1, len(findings[2].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2016-2097', findings[2].unsaved_vulnerability_ids[0]) + self.assertTrue(findings[2].false_p) + self.assertTrue(findings[2].is_mitigated) + self.assertFalse(findings[2].active) + self.assertEqual(1, len(findings[3].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2016-2097', findings[3].unsaved_vulnerability_ids[0]) + def test_dependency_track_parser_has_one_finding(self): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/one_finding.json" + get_unit_tests_path() + "/scans/dependency_track/one_finding.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) @@ -54,7 +64,7 @@ def test_dependency_track_parser_has_one_finding(self): def test_dependency_track_parser_v3_8_0(self): testfile = open( - get_unit_tests_path() + "/scans/dependency_track_samples/dependency_track_3.8.0_2021-01-18.json" + get_unit_tests_path() + "/scans/dependency_track/dependency_track_3.8.0_2021-01-18.json" ) parser = DependencyTrackParser() findings = parser.get_findings(testfile, Test()) @@ -62,3 +72,37 @@ def test_dependency_track_parser_v3_8_0(self): self.assertEqual(9, len(findings)) self.assertTrue(all(item.file_path is not None for item in findings)) self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings)) + + def test_dependency_track_parser_findings_with_alias(self): + testfile = open( + get_unit_tests_path() + "/scans/dependency_track/many_findings_with_alias.json" + ) + parser = DependencyTrackParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(12, len(findings)) + self.assertTrue(all(item.file_path is not None for item in findings)) + self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings)) + self.assertIn('CVE-2022-42004', findings[0].unsaved_vulnerability_ids) + + def test_dependency_track_parser_findings_with_empty_alias(self): + testfile = open( + get_unit_tests_path() + "/scans/dependency_track/many_findings_with_empty_alias.json" + ) + parser = DependencyTrackParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(12, len(findings)) + self.assertIn('CVE-2022-2053', findings[11].unsaved_vulnerability_ids) + + def test_dependency_track_parser_findings_with_cvssV3_score(self): + with open(f"{get_unit_tests_path()}/scans/dependency_track/many_findings_with_cvssV3_score.json") as testfile: + parser = DependencyTrackParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(12, len(findings)) + self.assertTrue(all(item.file_path is not None for item in findings)) + self.assertTrue(all(item.vuln_id_from_tool is not None for item in findings)) + self.assertIn('CVE-2022-42004', findings[0].unsaved_vulnerability_ids) + self.assertEqual(8.3, findings[0].cvssv3_score) diff --git a/unittests/tools/test_dockerbench_parser.py b/unittests/tools/test_dockerbench_parser.py new file mode 100644 index 00000000000..02466d04a8e --- /dev/null +++ b/unittests/tools/test_dockerbench_parser.py @@ -0,0 +1,66 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.dockerbench.parser import DockerBenchParser +from dojo.models import Test + + +class TestDockerBenchParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_findings(self): + testfile = open( + get_unit_tests_path() + "/scans/dockerbench/docker-bench-report-zero-vulns.json" + ) + parser = DockerBenchParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding(self): + testfile = open( + get_unit_tests_path() + "/scans/dockerbench/docker-bench-report-single-vuln.json" + ) + parser = DockerBenchParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("High", finding.severity) + self.assertEqual("2.11", finding.unique_id_from_tool) + self.assertIn("2.11 -", finding.title) + self.assertIn("some kind of remediation could be here", finding.mitigation) + self.assertIn("Ensure base device size is not changed until needed", finding.description) + + def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + testfile = open( + get_unit_tests_path() + "/scans/dockerbench/docker-bench-report-many-vulns.json" + ) + parser = DockerBenchParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 50) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'CRITICAL'), 0) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'HIGH'), 32) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'LOW'), 16) + self.assertEqual(sum(1 for f in findings if f.severity.upper() == 'INFO'), 2) + + finding = findings[3] + self.assertEqual("High", finding.severity) + self.assertEqual("1.1.4", finding.unique_id_from_tool) + self.assertIn("1.1.4 -", finding.title) + self.assertIn("Ensure auditing is configured for Docker files and directories -/run/containerd (Automated)", finding.description) + self.assertIn("Install auditd. Add -a exit,always -F path=/run/containerd -F perm=war -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart.", finding.mitigation) + self.assertIn("Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions.", finding.mitigation) + + finding = findings[27] + self.assertEqual("Low", finding.severity) + self.assertEqual("2.18", finding.unique_id_from_tool) + self.assertIn("2.18 -", finding.title) + self.assertIn("Ensure that experimental features are not implemented in production (Scored)", finding.description) + self.assertIn("You should not pass --experimental as a runtime parameter to the Docker daemon on production systems.", finding.mitigation) + self.assertIn("mitigation impact: None.", finding.mitigation) + + finding = findings[39] + self.assertEqual("Info", finding.severity) + self.assertEqual("4.5", finding.unique_id_from_tool) + self.assertIn("4.5 -", finding.title) + self.assertIn("Ensure Content trust for Docker is Enabled (Automated)", finding.description) + self.assertIn("Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo DOCKER_CONTENT_TRUST=1 | sudo tee -a /etc/environment.", finding.mitigation) + self.assertIn("This prevents users from working with tagged images unless they contain a signature.", finding.mitigation) diff --git a/unittests/tools/test_drheader_parser.py b/unittests/tools/test_drheader_parser.py index d3d1698eced..30dad246fd9 100644 --- a/unittests/tools/test_drheader_parser.py +++ b/unittests/tools/test_drheader_parser.py @@ -5,6 +5,13 @@ class TestDrHeaderParser(DojoTestCase): + def test_parse_file_has_no_findings(self): + testfile = open("unittests/scans/drheader/no_vulns.json") + parser = DrHeaderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + def test_parse_file_has_many_finding_one_tool(self): testfile = open("unittests/scans/drheader/scan.json") parser = DrHeaderParser() @@ -25,3 +32,18 @@ def test_parse_file_has_many_finding_one_tool3(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(11, len(findings)) + + def test_parse_file_has_many_finding_multiple_urls(self): + testfile = open("unittests/scans/drheader/multiple_urls.json") + parser = DrHeaderParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + testfile.close() + self.assertEqual(4, len(findings)) + with self.subTest(i=0): + finding = findings[0] + endpoint = finding.unsaved_endpoints[0] + self.assertEqual(443, endpoint.port) + self.assertEqual("example.com", endpoint.host) diff --git a/unittests/tools/test_dsop_parser.py b/unittests/tools/test_dsop_parser.py index fe6de79b851..a266f9a2556 100644 --- a/unittests/tools/test_dsop_parser.py +++ b/unittests/tools/test_dsop_parser.py @@ -9,13 +9,14 @@ def test_zero_findings(self): testfile = open("unittests/scans/dsop/zero_vuln.xlsx", "rb") parser = DsopParser() findings = parser.get_findings(testfile, Test()) - self.assertEquals(len(findings), 0) + self.assertEqual(len(findings), 0) def test_many_findings(self): testfile = open("unittests/scans/dsop/many_vuln.xlsx", "rb") parser = DsopParser() findings = parser.get_findings(testfile, Test()) - self.assertEquals(len(findings), 4) + self.assertEqual(len(findings), 4) finding = findings[0] - self.assertEqual("CVE-2019-15587", finding.cve) self.assertEqual("Low", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-15587", finding.unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_fortify_parser.py b/unittests/tools/test_fortify_parser.py index c2d74d2ec8f..edec7244853 100644 --- a/unittests/tools/test_fortify_parser.py +++ b/unittests/tools/test_fortify_parser.py @@ -1,7 +1,7 @@ -from ..dojo_test_case import DojoTestCase, get_unit_tests_path -from dojo.tools.fortify.parser import FortifyParser from dojo.models import Test -from datetime import datetime +from dojo.tools.fortify.parser import FortifyParser + +from ..dojo_test_case import DojoTestCase, get_unit_tests_path class TestFortifyParser(DojoTestCase): @@ -10,18 +10,68 @@ def test_fortify_many_findings(self): parser = FortifyParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(324, len(findings)) - self.assertEqual(datetime(2019, 12, 17), findings[0].date) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Poor Logging Practice: Use of a System Output Stream - XXE.java: 81", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual("src/main/java/org/joychou/controller/XXE.java", finding.file_path) + self.assertEqual(81, finding.line) def test_fortify_few_findings(self): testfile = get_unit_tests_path() + "/scans/fortify/fortify_few_findings.xml" parser = FortifyParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(2, len(findings)) - self.assertEqual(datetime(2019, 5, 7), findings[0].date) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Privilege Management: Unnecessary Permission - AndroidManifest.xml: 11", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual("app/build/intermediates/bundle_manifest/developDebug/processDevelopDebugManifest/bundle-manifest/AndroidManifest.xml", finding.file_path) + self.assertEqual(11, finding.line) + self.assertEqual('53C25D2FC6950554F16D3CEF9E41EF6F', finding.unique_id_from_tool) def test_fortify_few_findings_count_chart(self): testfile = get_unit_tests_path() + "/scans/fortify/fortify_few_findings_count_chart.xml" parser = FortifyParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(3, len(findings)) - self.assertEqual(datetime(2019, 5, 7), findings[0].date) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Privilege Management: Unnecessary Permission - AndroidManifest.xml: 11", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual("app/build/intermediates/bundle_manifest/developDebug/processDevelopDebugManifest/bundle-manifest/AndroidManifest.xml", finding.file_path) + self.assertEqual(11, finding.line) + self.assertEqual('53C25D2FC6950554F16D3CEF9E41EF6F', finding.unique_id_from_tool) + + def test_fortify_issue6260(self): + testfile = get_unit_tests_path() + "/scans/fortify/issue6260.xml" + parser = FortifyParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(16, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Command Injection - command.java: 40", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual("src/main/java/command.java", finding.file_path) + self.assertEqual(40, finding.line) + self.assertEqual('7A2F1C728BDDBB17C7CB31CEDF5D8F85', finding.unique_id_from_tool) + + def test_fortify_issue6082(self): + testfile = get_unit_tests_path() + "/scans/fortify/issue6082.xml" + parser = FortifyParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(2, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Privacy Violation: Autocomplete - login.html: 19", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual("login.html", finding.file_path) + self.assertEqual(19, finding.line) + self.assertEqual('F46C9EF7203D77D83D3486BCDC78565F', finding.unique_id_from_tool) + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("Unreleased Resource: Database - MyContextListener.java: 28", finding.title) + self.assertEqual("High", finding.severity) + self.assertEqual("src/adrui/MyContextListener.java", finding.file_path) + self.assertEqual(28, finding.line) + self.assertEqual('B5B15F27E10F4D7799BD0ED1E6D34C5D', finding.unique_id_from_tool) diff --git a/unittests/tools/test_gcloud_artifact_scan_parser.py b/unittests/tools/test_gcloud_artifact_scan_parser.py new file mode 100644 index 00000000000..6da293f3489 --- /dev/null +++ b/unittests/tools/test_gcloud_artifact_scan_parser.py @@ -0,0 +1,20 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.gcloud_artifact_scan.parser import GCloudArtifactScanParser +from dojo.models import Test + + +class TestGCloudArtifactScanParser(DojoTestCase): + def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + with open(f"{get_unit_tests_path()}/scans/gcloud_artifact_scan/many_vulns.json") as testfile: + parser = GCloudArtifactScanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(7, len(findings)) + finding = findings[0] + self.assertEqual("projects/goog-vulnz/notes/CVE-2023-29405", finding.title) + self.assertEqual("Critical", finding.severity) + finding = findings[1] + self.assertEqual("projects/goog-vulnz/notes/CVE-2023-29402", finding.title) + self.assertEqual("Critical", finding.severity) + finding = findings[2] + self.assertEqual("projects/goog-vulnz/notes/CVE-2023-29404", finding.title) + self.assertEqual("Critical", finding.severity) diff --git a/unittests/tools/test_generic_parser.py b/unittests/tools/test_generic_parser.py index ff6335e6c4d..de4b8252ece 100644 --- a/unittests/tools/test_generic_parser.py +++ b/unittests/tools/test_generic_parser.py @@ -26,7 +26,7 @@ def setUp(self): def test_parse_report1(self): file = open("unittests/scans/generic/generic_report1.csv") parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -47,14 +47,14 @@ def test_parse_no_csv_content_no_findings(self): findings = "" file = TestFile("findings.csv", findings) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(0, len(findings)) def test_parse_csv_with_only_headers_results_in_no_findings(self): content = "Date,Title,CweId,Url,Severity,Description,Mitigation,Impact,References,Active,Verified" file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(0, len(findings)) def test_parse_csv_with_single_vulnerability_results_in_single_finding( @@ -67,7 +67,7 @@ def test_parse_csv_with_single_vulnerability_results_in_single_finding( """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(1, len(findings)) def test_parse_csv_with_multiple_vulnerabilities_results_in_multiple_findings( @@ -84,7 +84,7 @@ def test_parse_csv_with_multiple_vulnerabilities_results_in_multiple_findings( """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(2, len(findings)) def test_parse_csv_with_duplicates_results_in_single_findings(self): @@ -100,7 +100,7 @@ def test_parse_csv_with_duplicates_results_in_single_findings(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(1, len(findings)) def test_parsed_finding_has_date(self): @@ -112,7 +112,7 @@ def test_parsed_finding_has_date(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(datetime.date(2015, 11, 7), findings[0].date) def test_parsed_finding_has_title(self): @@ -124,7 +124,7 @@ def test_parsed_finding_has_title(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual('Potential XSS Vulnerability', findings[0].title) @@ -137,8 +137,9 @@ def test_parsed_finding_has_cve(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) - self.assertEqual("CVE-2021-26919", findings[0].cve) + findings = parser.get_findings(file, self.test) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2021-26919", findings[0].unsaved_vulnerability_ids[0]) def test_parsed_finding_has_cwe(self): content = """Date,Title,CweId,Url,Severity,Description,Mitigation,Impact,References,Active,Verified @@ -149,7 +150,7 @@ def test_parsed_finding_has_cwe(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) self.assertEqual(79, findings[0].cwe) def test_parsed_finding_has_url(self): @@ -162,8 +163,9 @@ def test_parsed_finding_has_url(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: + finding.clean() for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(1, len(findings)) @@ -176,6 +178,8 @@ def test_parsed_finding_has_url(self): self.assertEqual('default.aspx', endpoint.path) self.assertIsNone(endpoint.query) self.assertIsNone(endpoint.fragment) + self.assertEqual(True, finding.active) + self.assertEqual(False, finding.verified) def test_parsed_finding_has_severity(self): content = """Date,Title,CweId,Url,Severity,Description,Mitigation,Impact,References,Active,Verified @@ -186,7 +190,7 @@ def test_parsed_finding_has_severity(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -201,7 +205,7 @@ def test_parsed_finding_with_invalid_severity_has_info_severity(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -216,7 +220,7 @@ def test_parsed_finding_has_description(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -233,7 +237,7 @@ def test_parsed_finding_has_mitigation(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -249,7 +253,7 @@ def test_parsed_finding_has_impact(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -265,7 +269,7 @@ def test_parsed_finding_has_references(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -280,7 +284,7 @@ def test_parsed_finding_has_positive_active_status(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -295,7 +299,7 @@ def test_parsed_finding_has_negative_active_status(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, None, None) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -325,7 +329,7 @@ def test_parsed_finding_has_negative_verified_status(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, None, None) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -340,7 +344,7 @@ def test_parsed_finding_has_positive_false_positive_status(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -355,7 +359,7 @@ def test_parsed_finding_has_negative_false_positive_status(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -370,7 +374,7 @@ def test_parsed_finding_is_duplicate_has_positive_value(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -385,7 +389,7 @@ def test_parsed_finding_is_duplicate_has_negative_value(self): """ file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + findings = parser.get_findings(file, self.test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -395,7 +399,7 @@ def test_missing_columns_is_fine(self): content = """Date,Title,Url,Severity,Description,References,Active,Verified""" file = TestFile("findings.csv", content) parser = GenericParser() - findings = parser.get_findings(file, self.test, True, True) + parser.get_findings(file, self.test) def test_column_order_is_flexible(self): content1 = """\ @@ -410,12 +414,12 @@ def test_column_order_is_flexible(self): file2 = TestFile("findings.csv", content2) parser1 = GenericParser() - findings1 = parser1.get_findings(file1, self.test, True, True) + findings1 = parser1.get_findings(file1, self.test) for finding in findings1: for endpoint in finding.unsaved_endpoints: endpoint.clean() parser2 = GenericParser() - findings2 = parser2.get_findings(file2, self.test, True, True) + findings2 = parser2.get_findings(file2, self.test) for finding in findings2: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -443,7 +447,8 @@ def test_parse_json(self): self.assertEqual(True, finding.verified) self.assertEqual(False, finding.duplicate) self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("CVE-2020-36234", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-36234", finding.unsaved_vulnerability_ids[0]) self.assertEqual(261, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3) self.assertIn("security", finding.tags) @@ -470,7 +475,8 @@ def test_parse_json2(self): finding = findings[0] self.assertEqual("test title3", finding.title) self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("CVE-2020-36234", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-36234", finding.unsaved_vulnerability_ids[0]) self.assertEqual(261, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3) self.assertEqual("Some mitigation", finding.mitigation) @@ -490,7 +496,8 @@ def test_parse_json3(self): finding.clean() self.assertEqual("test title with endpoints as dict", finding.title) self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("CVE-2020-36234", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-36234", finding.unsaved_vulnerability_ids[0]) self.assertEqual(261, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3) self.assertEqual("Some mitigation", finding.mitigation) @@ -517,7 +524,7 @@ def test_parse_json3(self): self.assertEqual(2345, endpoint.port) self.assertEqual("test-pest", endpoint.path) - def test_parse_host_json(self): + def test_parse_endpoints_and_vulnerability_ids_json(self): file = open("unittests/scans/generic/generic_report4.json") parser = GenericParser() findings = parser.get_findings(file, Test()) @@ -544,7 +551,11 @@ def test_parse_host_json(self): self.assertEqual("foo.bar", endpoint.host) self.assertEqual("path", endpoint.path) - def test_parse_host_csv(self): + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("GHSA-5mrr-rgp6-x4gr", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2015-9235", finding.unsaved_vulnerability_ids[1]) + + def test_parse_host_and_vulnerability_id_csv(self): file = open("unittests/scans/generic/generic_report4.csv") parser = GenericParser() findings = parser.get_findings(file, Test()) @@ -556,6 +567,8 @@ def test_parse_host_csv(self): endpoint = finding.unsaved_endpoints[0] endpoint.clean() self.assertEqual("www.example.com", endpoint.host) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-9235", finding.unsaved_vulnerability_ids[0]) finding = findings[1] finding.clean() @@ -563,6 +576,8 @@ def test_parse_host_csv(self): endpoint = finding.unsaved_endpoints[0] endpoint.clean() self.assertEqual("localhost", endpoint.host) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("GHSA-5mrr-rgp6-x4gr", finding.unsaved_vulnerability_ids[0]) finding = findings[2] finding.clean() @@ -571,6 +586,7 @@ def test_parse_host_csv(self): endpoint.clean() self.assertEqual("127.0.0.1", endpoint.host) self.assertEqual(80, endpoint.port) + self.assertIsNone(finding.unsaved_vulnerability_ids) finding = findings[3] finding.clean() @@ -579,6 +595,7 @@ def test_parse_host_csv(self): endpoint.clean() self.assertEqual("foo.bar", endpoint.host) self.assertEqual("path", endpoint.path) + self.assertIsNone(finding.unsaved_vulnerability_ids) def test_parse_json_with_image(self): file = open("unittests/scans/generic/test_with_image.json") @@ -592,3 +609,42 @@ def test_parse_json_with_image(self): image = finding.unsaved_files[0] self.assertEqual("Screenshot from 2017-04-10 16-54-19.png", image.get("title")) self.assertIn("data", image) + + def test_parse_json_custom_test(self): + file = open("unittests/scans/generic/generic_custom_test.json") + parser = GenericParser() + tests = parser.get_tests(parser.get_scan_types()[0], file) + self.assertEqual(1, len(tests)) + findings = tests[0].findings + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("test title", finding.title) + self.assertEqual(True, finding.active) + self.assertEqual(True, finding.verified) + self.assertEqual(False, finding.duplicate) + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("CVE-2020-36234", finding.cve) + self.assertEqual(261, finding.cwe) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3) + self.assertIn("security", finding.tags) + self.assertIn("network", finding.tags) + self.assertEqual("3287f2d0-554f-491b-8516-3c349ead8ee5", finding.unique_id_from_tool) + self.assertEqual("TEST1", finding.vuln_id_from_tool) + + def test_parse_json_empty_finding(self): + file = open("unittests/scans/generic/generic_empty.json") + parser = GenericParser() + with self.assertRaisesMessage(ValueError, + "Required fields are missing: ['description', 'severity', 'title']"): + parser.get_findings(file, Test()) + + def test_parse_json_invalid_finding(self): + file = open("unittests/scans/generic/generic_invalid.json") + parser = GenericParser() + with self.assertRaisesMessage(ValueError, + "Not allowed fields are present: ['invalid_field', 'last_status_update']"): + parser.get_findings(file, Test()) diff --git a/unittests/tools/test_ggshield_parser.py b/unittests/tools/test_ggshield_parser.py new file mode 100755 index 00000000000..99c0ddd9d28 --- /dev/null +++ b/unittests/tools/test_ggshield_parser.py @@ -0,0 +1,42 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.ggshield.parser import GgshieldParser +from dojo.models import Test + + +class TestGgshieldParser(DojoTestCase): + + def test_parse_empty(self): + testfile = open("unittests/scans/ggshield/no_finding.json") + parser = GgshieldParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/ggshield/one_finding.json") + parser = GgshieldParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("wapf/settings.py", finding.file_path) + self.assertEqual("Hard coded Django Secret Key found in wapf/settings.py", finding.title) + self.assertIsNotNone(finding.description) + self.assertEqual("2021-07-05", finding.date) + + def test_parse_many_finding(self): + testfile = open("unittests/scans/ggshield/many_findings.json") + parser = GgshieldParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(2, len(findings)) + finding = findings[0] + self.assertEqual("wapf/settings.py", finding.file_path) + self.assertEqual("Hard coded Django Secret Key found in wapf/settings.py", finding.title) + self.assertIsNotNone(finding.description) + self.assertEqual("2021-03-13", finding.date) + finding = findings[1] + self.assertEqual("wapf/settings.py", finding.file_path) + self.assertEqual("Hard coded Django Secret Key found in wapf/settings.py", finding.title) + self.assertIsNotNone(finding.description) + self.assertEqual("2021-07-05", finding.date) diff --git a/unittests/tools/test_github_vulnerability_parser.py b/unittests/tools/test_github_vulnerability_parser.py index 181e35012f8..1453c02a39b 100644 --- a/unittests/tools/test_github_vulnerability_parser.py +++ b/unittests/tools/test_github_vulnerability_parser.py @@ -1,3 +1,7 @@ +import datetime + +from dateutil.tz import tzlocal + from ..dojo_test_case import DojoTestCase from dojo.models import Test from dojo.tools.github_vulnerability.parser import GithubVulnerabilityParser @@ -28,7 +32,26 @@ def test_parse_file_with_one_vuln_has_one_findings(self): "This is a sample description for sample description from Github API.", ) self.assertEqual(finding.severity, "Critical") - self.assertIsNone(finding.cve) + self.assertEqual(finding.component_name, "package") + self.assertEqual(finding.unique_id_from_tool, "aabbccddeeff1122334401") + + def test_parse_file_with_one_vuln_has_one_finding_and_dependabot_direct_link(self): + """sample with one vulnerability""" + testfile = open("unittests/scans/github_vulnerability/github-1-vuln-repo-dependabot-link.json") + parser = GithubVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + finding.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual(finding.title, "Critical severity vulnerability that affects package") + self.assertEqual( + finding.description, + "[https://github.com/OWASP/test-repository/security/dependabot/1](https://github.com/OWASP/test-repository/security/dependabot/1)\nThis is a sample description for sample description from Github API.", + ) + self.assertEqual(finding.severity, "Critical") self.assertEqual(finding.component_name, "package") self.assertEqual(finding.unique_id_from_tool, "aabbccddeeff1122334401") @@ -51,19 +74,16 @@ def test_parse_file_issue2984(self): finding = findings[0] self.assertEqual(finding.title, "XXXXXXXXXXXXXXX") self.assertEqual(finding.severity, "Medium") - self.assertIsNone(finding.cve) self.assertEqual(finding.unique_id_from_tool, "xxxxxxxxx") with self.subTest(i=1): finding = findings[1] self.assertEqual(finding.title, "AMSVNASCMASNCADNNJSADC") self.assertEqual(finding.severity, "Medium") - self.assertIsNone(finding.cve) self.assertEqual(finding.unique_id_from_tool, "AFDSFSDAFSDASFDAFSDASFD=") with self.subTest(i=3): finding = findings[3] self.assertEqual(finding.title, "SDKPKÁSMNMKSDANJDOPASJOKNDOSAJ") self.assertEqual(finding.severity, "Medium") - self.assertIsNone(finding.cve) self.assertEqual(finding.unique_id_from_tool, "DASFMMFKLNKDSAKFSDLANJKKFDSNJSAKDFNJKDFS=") def test_parse_file_search(self): @@ -78,14 +98,18 @@ def test_parse_file_search(self): finding = findings[0] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQyMDg2Nzc5NzY=") with self.subTest(i=1): finding = findings[1] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQ1NTE5NTI2OTM=") @@ -102,14 +126,18 @@ def test_parse_file_search2(self): finding = findings[0] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQyMDg2Nzc5NzY=") with self.subTest(i=1): finding = findings[1] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQ1NTE5NTI2OTM=") @@ -126,7 +154,9 @@ def test_parse_file_search3(self): finding = findings[0] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") self.assertEqual(finding.file_path, "gogoph-crawler/pom.xml") @@ -135,8 +165,104 @@ def test_parse_file_search3(self): finding = findings[1] self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") self.assertEqual(finding.severity, "Critical") - self.assertEqual(finding.cve, "CVE-2019-17571") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") + self.assertEqual(finding.component_name, "log4j:log4j") + self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") + self.assertEqual(finding.file_path, "gogoph/pom.xml") + self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQ1NTE5NTI2OTM=") + + def test_parse_file_search4_null_cvss_vector(self): + """Search result with more data/attributes""" + testfile = open("unittests/scans/github_vulnerability/github_search4_null_cvss_vector.json") + parser = GithubVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(2, len(findings)) + for finding in findings: + finding.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") + self.assertEqual(finding.severity, "Critical") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") + self.assertEqual(finding.component_name, "log4j:log4j") + self.assertEqual(finding.cvssv3, None) + self.assertEqual(finding.file_path, "gogoph-crawler/pom.xml") + self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQyMDg2Nzc5NzY=") + with self.subTest(i=1): + finding = findings[1] + self.assertEqual(finding.title, "Deserialization of Untrusted Data in Log4j") + self.assertEqual(finding.severity, "Critical") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-2qrg-x229-3v8q") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2019-17571") self.assertEqual(finding.component_name, "log4j:log4j") self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") self.assertEqual(finding.file_path, "gogoph/pom.xml") self.assertEqual(finding.unique_id_from_tool, "MDI4OlJlcG9zaXRvcnlWdWxuZXJhYmlsaXR5QWxlcnQ1NTE5NTI2OTM=") + + def test_parse_cwe_and_date(self): + testfile = open("unittests/scans/github_vulnerability/github_h2.json") + parser = GithubVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + finding.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual(finding.title, "RCE in H2 Console") + self.assertEqual(finding.severity, "Critical") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-h376-j262-vhq6") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2021-42392") + self.assertEqual(finding.component_name, "com.h2database:h2") + self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") + self.assertEqual(finding.cvssv3_score, 9.8) + self.assertEqual(finding.cwe, 502) + self.assertEqual(datetime.datetime(2022, 5, 9, 9, 43, 40, tzinfo=tzlocal()), finding.date) + self.assertEqual(finding.file_path, "apache/cxf/syncope/cxf-syncope/pom.xml") + self.assertEqual(finding.active, True) + + def test_parse_state(self): + testfile = open("unittests/scans/github_vulnerability/github_shiro.json") + parser = GithubVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + finding.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual(finding.title, "Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass") + self.assertEqual(finding.severity, "Critical") + self.assertEqual(len(finding.unsaved_vulnerability_ids), 2) + self.assertEqual(finding.unsaved_vulnerability_ids[0], "GHSA-f6jp-j6w3-w9hm") + self.assertEqual(finding.unsaved_vulnerability_ids[1], "CVE-2021-41303") + self.assertEqual(finding.component_name, "org.apache.shiro:shiro-core") + self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") + self.assertEqual(finding.cvssv3_score, 9.8) + self.assertEqual(finding.cwe, 287) + self.assertEqual(datetime.datetime(2021, 9, 20, 20, 33, 13, tzinfo=tzlocal()), finding.date) + self.assertEqual(finding.file_path, "apache/cxf/cxf-shiro/pom.xml") + self.assertEqual(finding.active, False) + self.assertEqual(finding.is_mitigated, True) + + def test_parser_version(self): + testfile = open("unittests/scans/github_vulnerability/github-vuln-version.json") + parser = GithubVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + finding.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual(finding.title, "Pivotal Spring Framework contains unsafe Java deserialization methods") + self.assertEqual(finding.severity, "Critical") + self.assertEqual(finding.component_name, "org.springframework:spring-web") + self.assertEqual(finding.component_version, "5.3.29") diff --git a/unittests/tools/test_gitlab_api_fuzzing_parser.py b/unittests/tools/test_gitlab_api_fuzzing_parser.py index 0afe49a7132..311d3acf4f7 100644 --- a/unittests/tools/test_gitlab_api_fuzzing_parser.py +++ b/unittests/tools/test_gitlab_api_fuzzing_parser.py @@ -5,18 +5,14 @@ class TestGitlabAPIFuzzingParser(DojoTestCase): def test_gitlab_api_fuzzing_parser_with_no_vuln_has_no_findings(self): - with open( - get_unit_tests_path() + "/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_0_vuln.json" - ) as testfile: + with open(f"{get_unit_tests_path()}/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_0_vuln.json") as testfile: parser = GitlabAPIFuzzingParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(0, len(findings)) - def test_gitlab_api_fuzzing_parser_with_one_criticle_vuln_has_one_findings(self): - with open( - get_unit_tests_path() + "/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln.json" - ) as testfile: + def test_gitlab_api_fuzzing_parser_with_one_criticle_vuln_has_one_findings_v14(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v14.json") as testfile: parser = GitlabAPIFuzzingParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) @@ -31,10 +27,24 @@ def test_gitlab_api_fuzzing_parser_with_one_criticle_vuln_has_one_findings(self) "c83603d0befefe01644abdda1abbfaac842fccbabfbe336db9f370386e40f702", ) + def test_gitlab_api_fuzzing_parser_with_one_criticle_vuln_has_one_findings_v15(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_1_vuln_v15.json") as testfile: + parser = GitlabAPIFuzzingParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + first_finding = findings[0] + self.assertEqual(first_finding.title, "name") + self.assertEqual( + first_finding.description, + "\nIndex-out-of-range\ngo-fuzzing-example.ParseComplex.func6\ngo-fuzzing-example.ParseComplex\ngo-fuzzing-example.Fuzz\n", + ) + self.assertEqual( + first_finding.unique_id_from_tool, + "c83603d0befefe01644abdda1abbfaac842fccbabfbe336db9f370386e40f702", + ) + def test_gitlab_api_fuzzing_parser_with_invalid_json(self): - with open( - get_unit_tests_path() + "/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_invalid.json" - ) as testfile: + with open(f"{get_unit_tests_path()}/scans/gitlab_api_fuzzing/gitlab_api_fuzzing_invalid.json") as testfile: # Something is wrong with JSON file with self.assertRaises((KeyError, ValueError)): parser = GitlabAPIFuzzingParser() diff --git a/unittests/tools/test_gitlab_container_scan_parser.py b/unittests/tools/test_gitlab_container_scan_parser.py index 6b087a25926..9ba4910bb85 100644 --- a/unittests/tools/test_gitlab_container_scan_parser.py +++ b/unittests/tools/test_gitlab_container_scan_parser.py @@ -5,39 +5,132 @@ class TestGitlabContainerScanParser(DojoTestCase): - def test_gitlab_container_scan_parser_with_no_vuln_has_no_findings(self): - testfile = open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-0-vuln.json") - parser = GitlabContainerScanParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + with open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-0-vuln.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_gitlab_container_scan_parser_with_one_vuln_has_one_findings(self): - testfile = open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln.json") - parser = GitlabContainerScanParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + def test_gitlab_container_scan_parser_with_one_vuln_has_one_findings_v14(self): + with open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v14.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() + self.assertEqual(1, len(findings)) first_finding = findings[0] + self.assertEqual(datetime(2021, 4, 14, 19, 46, 18), first_finding.date) + self.assertEqual("CVE-2019-3462 in apt-1.4.8", first_finding.title) + self.assertEqual("apt", first_finding.component_name) + self.assertEqual("1.4.8", first_finding.component_version) + self.assertEqual(1, len(first_finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-3462", first_finding.unsaved_vulnerability_ids[0]) + self.assertEqual("High", first_finding.severity) + self.assertEqual("Upgrade apt from 1.4.8 to 1.4.9", first_finding.mitigation) + self.assertEqual("df52bc8ce9a2ae56bbcb0c4ecda62123fbd6f69b", first_finding.unique_id_from_tool) + + def test_gitlab_container_scan_parser_with_one_vuln_has_one_findings_v15(self): + with open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-1-vuln_v15.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() self.assertEqual(1, len(findings)) - self.assertEqual(datetime(2021, 4, 14, 19, 46, 18), finding.date) + first_finding = findings[0] + self.assertEqual(datetime(2021, 4, 14, 19, 46, 18), first_finding.date) self.assertEqual("CVE-2019-3462 in apt-1.4.8", first_finding.title) self.assertEqual("apt", first_finding.component_name) self.assertEqual("1.4.8", first_finding.component_version) - self.assertEqual("CVE-2019-3462", first_finding.cve) + self.assertEqual(1, len(first_finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-3462", first_finding.unsaved_vulnerability_ids[0]) self.assertEqual("High", first_finding.severity) self.assertEqual("Upgrade apt from 1.4.8 to 1.4.9", first_finding.mitigation) self.assertEqual("df52bc8ce9a2ae56bbcb0c4ecda62123fbd6f69b", first_finding.unique_id_from_tool) - def test_gitlab_container_scan_parser_with_five_vuln_has_five_findings(self): - testfile = open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln.json") - parser = GitlabContainerScanParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + def test_gitlab_container_scan_parser_with_five_vuln_has_five_findings_v14(self): + with open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v14.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(5, len(findings)) + + def test_gitlab_container_scan_parser_with_five_vuln_has_five_findings_v15(self): + with open("unittests/scans/gitlab_container_scan/gl-container-scanning-report-5-vuln_v15.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(5, len(findings)) + + def test_gitlab_container_scan_parser_with_fless_data_v14(self): + with open("unittests/scans/gitlab_container_scan/issue6639_v14.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(98, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertIsNone(finding.date) + self.assertEqual("busybox: remote attackers may execute arbitrary code if netstat is used", finding.title) + self.assertEqual("busybox", finding.component_name) + self.assertEqual("1.34.1-r4", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-28391", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("Critical", finding.severity) + self.assertEqual("Upgrade busybox to 1.34.1-r5", finding.mitigation) + self.assertEqual("CVE-2022-28391", finding.unique_id_from_tool) + + with self.subTest(i=50): + finding = findings[50] + self.assertIsNone(finding.date) + self.assertEqual( + "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", finding.title + ) + self.assertEqual("libretls", finding.component_name) + self.assertEqual("3.3.4-r2", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-0778", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("High", finding.severity) + self.assertEqual("Upgrade libretls to 3.3.4-r3", finding.mitigation) + self.assertEqual("CVE-2022-0778", finding.unique_id_from_tool) + + def test_gitlab_container_scan_parser_with_fless_data_v15(self): + with open("unittests/scans/gitlab_container_scan/issue6639_v15.json") as testfile: + parser = GitlabContainerScanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(98, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertIsNone(finding.date) + self.assertEqual("CVE-2022-28391 in busybox-1.34.1-r4", finding.title) + self.assertEqual("busybox", finding.component_name) + self.assertEqual("1.34.1-r4", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-28391", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("Critical", finding.severity) + self.assertEqual("Upgrade busybox to 1.34.1-r5", finding.mitigation) + self.assertEqual("CVE-2022-28391", finding.unique_id_from_tool) + + with self.subTest(i=50): + finding = findings[50] + self.assertIsNone(finding.date) + self.assertEqual("CVE-2022-0778 in libretls-3.3.4-r2", finding.title) + self.assertEqual("libretls", finding.component_name) + self.assertEqual("3.3.4-r2", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-0778", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("High", finding.severity) + self.assertEqual("Upgrade libretls to 3.3.4-r3", finding.mitigation) + self.assertEqual("CVE-2022-0778", finding.unique_id_from_tool) diff --git a/unittests/tools/test_gitlab_dast_parser.py b/unittests/tools/test_gitlab_dast_parser.py index 94102432692..353f7e73db5 100644 --- a/unittests/tools/test_gitlab_dast_parser.py +++ b/unittests/tools/test_gitlab_dast_parser.py @@ -10,8 +10,8 @@ def test_parse_file_with_no_vuln_has_no_findings(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_parse_file_with_one_vuln_has_one_finding(self): - testfile = open("unittests/scans/gitlab_dast/gitlab_dast_one_vul.json") + def test_parse_file_with_one_vuln_has_one_finding_v14(self): + testfile = open("unittests/scans/gitlab_dast/gitlab_dast_one_vul_v14.json") parser = GitlabDastParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) @@ -38,8 +38,36 @@ def test_parse_file_with_one_vuln_has_one_finding(self): self.assertEqual(359, finding.cwe) - def test_parse_file_with_multiple_vuln_has_multiple_findings(self): - testfile = open("unittests/scans/gitlab_dast/gitlab_dast_many_vul.json") + def test_parse_file_with_one_vuln_has_one_finding_v15(self): + testfile = open("unittests/scans/gitlab_dast/gitlab_dast_one_vul_v15.json") + parser = GitlabDastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + + # endpoint validation + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + self.assertEqual( + "5ec00bbc-2e53-44cb-83e9-3d35365277e3", finding.unique_id_from_tool + ) + self.assertEqual(None, finding.scanner_confidence) + # vulnerability does not have a name: fallback to using id as a title + self.assertEqual("5ec00bbc-2e53-44cb-83e9-3d35365277e3", finding.title) + self.assertIsInstance(finding.description, str) + + date = finding.date.strftime("%Y-%m-%dT%H:%M:%S.%f") + self.assertEqual("2021-04-23T15:46:40.615000", date) + self.assertIsNone(finding.references) # should be None as there are no links + + self.assertEqual("High", finding.severity) + self.assertEqual("", finding.mitigation) # no solution proposed + + self.assertEqual(359, finding.cwe) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_v14(self): + testfile = open("unittests/scans/gitlab_dast/gitlab_dast_many_vul_v14.json") parser = GitlabDastParser() findings = parser.get_findings(testfile, Test()) @@ -54,7 +82,45 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): finding = findings[1] # must-have fields self.assertEqual(3, finding.scanner_confidence) - self.assertTrue("Content Security Policy (CSP)" in finding.description) + self.assertIn("Content Security Policy (CSP)", finding.description) + self.assertEqual(False, finding.static_finding) + self.assertEqual(True, finding.dynamic_finding) + + # conditional fields + date = finding.date.strftime("%Y-%m-%dT%H:%M:%S.%f") + self.assertEqual("2021-04-23T15:46:40.644000", date) + self.assertEqual( + "87e98ddf-7d75-444a-be6d-45400151a0fe", finding.unique_id_from_tool + ) + # vulnerability does not have a name: fallback to using id as a title + self.assertEqual(finding.unique_id_from_tool, finding.title) + self.assertEqual(16, finding.cwe) + self.assertIn("http://www.w3.org/TR/CSP/", finding.references) + self.assertEqual("Medium", finding.severity) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual(str(endpoint), "http://api-server/v1/tree/10") + self.assertEqual(endpoint.host, "api-server") # host port path + self.assertEqual(endpoint.port, 80) + self.assertEqual(endpoint.path, "v1/tree/10") + self.assertIn("Ensure that your web server,", finding.mitigation) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_v15(self): + testfile = open("unittests/scans/gitlab_dast/gitlab_dast_many_vul_v15.json") + parser = GitlabDastParser() + findings = parser.get_findings(testfile, Test()) + + self.assertEqual(10, len(findings)) + + # endpoint validation + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + # the first one is done above + finding = findings[1] + # must-have fields + self.assertEqual(None, finding.scanner_confidence) + self.assertIn("Content Security Policy (CSP)", finding.description) self.assertEqual(False, finding.static_finding) self.assertEqual(True, finding.dynamic_finding) @@ -67,11 +133,11 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): # vulnerability does not have a name: fallback to using id as a title self.assertEqual(finding.unique_id_from_tool, finding.title) self.assertEqual(16, finding.cwe) - self.assertTrue("http://www.w3.org/TR/CSP/" in finding.references) + self.assertIn("http://www.w3.org/TR/CSP/", finding.references) self.assertEqual("Medium", finding.severity) endpoint = finding.unsaved_endpoints[0] self.assertEqual(str(endpoint), "http://api-server/v1/tree/10") self.assertEqual(endpoint.host, "api-server") # host port path self.assertEqual(endpoint.port, 80) self.assertEqual(endpoint.path, "v1/tree/10") - self.assertTrue("Ensure that your web server," in finding.mitigation) + self.assertIn("Ensure that your web server,", finding.mitigation) diff --git a/unittests/tools/test_gitlab_dep_scan_parser.py b/unittests/tools/test_gitlab_dep_scan_parser.py index dbbd136e555..7e1a7f43ede 100644 --- a/unittests/tools/test_gitlab_dep_scan_parser.py +++ b/unittests/tools/test_gitlab_dep_scan_parser.py @@ -7,23 +7,31 @@ class TestGitlabDepScanParser(DojoTestCase): def test_parse_file_with_no_vuln_has_no_findings(self): testfile = open( - get_unit_tests_path() + "/scans/gitlab_dep_scan/gl-dependency-scanning-report-0-vuln.json" + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-0-vuln.json" ) parser = GitlabDepScanParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_parse_file_with_one_vuln_has_one_finding(self): + def test_parse_file_with_one_vuln_has_one_finding_v14(self): testfile = open( - get_unit_tests_path() + "/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln.json" + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v14.json" ) parser = GitlabDepScanParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) - def test_parse_file_with_two_vuln_has_one_missing_component_(self): + def test_parse_file_with_one_vuln_has_one_finding_v15(self): testfile = open( - get_unit_tests_path() + "/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component.json" + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-1-vuln_v15.json" + ) + parser = GitlabDepScanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_two_vuln_has_one_missing_component__v14(self): + testfile = open( + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v14.json" ) parser = GitlabDepScanParser() findings = parser.get_findings(testfile, Test()) @@ -35,10 +43,38 @@ def test_parse_file_with_two_vuln_has_one_missing_component_(self): self.assertEqual("golang.org/x/crypto", finding.component_name) self.assertEqual("v0.0.0-20190308221718-c2843e01d9a2", finding.component_version) - def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + def test_parse_file_with_two_vuln_has_one_missing_component__v15(self): testfile = open( - get_unit_tests_path() + "/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln.json" + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-2-vuln-missing-component_v15.json" ) parser = GitlabDepScanParser() findings = parser.get_findings(testfile, Test()) - self.assertTrue(len(findings) > 2) + self.assertEqual(2, len(findings)) + finding = findings[0] + self.assertEqual(None, finding.component_name) + self.assertEqual(None, finding.component_version) + finding = findings[1] + self.assertEqual("golang.org/x/crypto", finding.component_name) + self.assertEqual("v0.0.0-20190308221718-c2843e01d9a2", finding.component_version) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_v14(self): + testfile = open( + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v14.json" + ) + parser = GitlabDepScanParser() + findings = parser.get_findings(testfile, Test()) + self.assertGreater(len(findings), 2) + + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-29652", findings[0].unsaved_vulnerability_ids[0]) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_v15(self): + testfile = open( + f"{get_unit_tests_path()}/scans/gitlab_dep_scan/gl-dependency-scanning-report-many-vuln_v15.json" + ) + parser = GitlabDepScanParser() + findings = parser.get_findings(testfile, Test()) + self.assertGreater(len(findings), 2) + + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-29652", findings[0].unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_gitlab_sast_parser.py b/unittests/tools/test_gitlab_sast_parser.py index 5ba526265d6..779675592c9 100644 --- a/unittests/tools/test_gitlab_sast_parser.py +++ b/unittests/tools/test_gitlab_sast_parser.py @@ -6,27 +6,34 @@ class TestGitlabSastParser(DojoTestCase): def test_parse_file_with_no_vuln_has_no_findings(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report-0-vuln.json") - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) + with open("unittests/scans/gitlab_sast/gl-sast-report-0-vuln.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_parse_file_with_one_vuln_has_one_finding(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json") - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) + def test_parse_file_with_one_vuln_has_one_finding_v14(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v14.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual("Password in URL", finding.title) self.assertEqual("Critical", finding.severity) - def test_parse_file_with_multiple_vuln_has_multiple_findings(self): - testfile = open( - get_unit_tests_path() + "/scans/gitlab_sast/gl-sast-report-many-vuln.json" - ) - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) - self.assertTrue(3, len(findings)) + def test_parse_file_with_one_vuln_has_one_finding_v15(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Password in URL", finding.title) + self.assertEqual("Critical", finding.severity) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_v14(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(219, len(findings)) finding = findings[0] self.assertEqual("Password in URL", finding.title) self.assertEqual("Critical", finding.severity) @@ -37,15 +44,29 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): self.assertEqual("PKCS8 key", finding.title) self.assertEqual("Critical", finding.severity) - def test_parse_file_with_various_confidences(self): - testfile = open( - get_unit_tests_path() + "/scans/gitlab_sast/gl-sast-report-confidence.json" - ) - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) - self.assertTrue(len(findings) == 8) + def test_parse_file_with_multiple_vuln_has_multiple_findings_v15(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(219, len(findings)) + finding = findings[0] + self.assertEqual("Password in URL", finding.title) + self.assertEqual("Critical", finding.severity) + finding = findings[1] + self.assertEqual("Password in URL", finding.title) + self.assertEqual("Critical", finding.severity) + finding = findings[2] + self.assertEqual("PKCS8 key", finding.title) + self.assertEqual("Critical", finding.severity) + + def test_parse_file_with_various_confidences_v14(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_sast/gl-sast-report-confidence_v14.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 8) for item in findings: - self.assertTrue(item.cwe is None or isinstance(item.cwe, int)) + if item.cwe: + self.assertIsInstance(item.cwe, int) finding = findings[3] self.assertEqual("Tentative", finding.get_scanner_confidence_text()) finding = findings[4] @@ -57,27 +78,63 @@ def test_parse_file_with_various_confidences(self): finding = findings[7] self.assertEqual("Certain", finding.get_scanner_confidence_text()) - def test_parse_file_with_various_cwes(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report-cwe.json") - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) - self.assertTrue(len(findings) == 3) + def test_parse_file_with_various_confidences_v15(self): + with open(f"{get_unit_tests_path()}/scans/gitlab_sast/gl-sast-report-confidence_v15.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 8) + for item in findings: + if item.cwe: + self.assertIsInstance(item.cwe, int) + finding = findings[3] + self.assertEqual("", finding.get_scanner_confidence_text()) + finding = findings[4] + self.assertEqual("", finding.get_scanner_confidence_text()) + finding = findings[5] + self.assertEqual("", finding.get_scanner_confidence_text()) + finding = findings[6] + self.assertEqual("", finding.get_scanner_confidence_text()) + finding = findings[7] + self.assertEqual("", finding.get_scanner_confidence_text()) + + def test_parse_file_with_various_cwes_v14(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-cwe_v14.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 3) + self.assertEqual(79, findings[0].cwe) + self.assertEqual(89, findings[1].cwe) + self.assertEqual(None, findings[2].cwe) + + def test_parse_file_with_various_cwes_v15(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-cwe_v15.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(len(findings), 3) self.assertEqual(79, findings[0].cwe) self.assertEqual(89, findings[1].cwe) self.assertEqual(None, findings[2].cwe) - def test_parse_file_issue4336(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report_issue4344.json") - parser = GitlabSastParser() - findings = parser.get_findings(testfile, Test()) + def test_parse_file_issue4336_v14(self): + with open("unittests/scans/gitlab_sast/gl-sast-report_issue4344_v14.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("[None severity] Potential XSS vulnerability", finding.title) + + def test_parse_file_issue4336_v15(self): + with open("unittests/scans/gitlab_sast/gl-sast-report_issue4344_v15.json") as testfile: + parser = GitlabSastParser() + findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual("[None severity] Potential XSS vulnerability", finding.title) - def test_without_scan(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json") - parser = GitlabSastParser() - tests = parser.get_tests(None, testfile) + def test_without_scan_v14(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v14.json") as testfile: + parser = GitlabSastParser() + tests = parser.get_tests(None, testfile) self.assertEqual(1, len(tests)) test = tests[0] self.assertIsNone(test.name) @@ -86,10 +143,34 @@ def test_without_scan(self): findings = test.findings self.assertEqual(1, len(findings)) - def test_with_scan(self): - testfile = open("unittests/scans/gitlab_sast/gl-sast-report-confidence.json") - parser = GitlabSastParser() - tests = parser.get_tests(None, testfile) + def test_without_scan_v15(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-1-vuln_v15.json") as testfile: + parser = GitlabSastParser() + tests = parser.get_tests(None, testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertIsNone(test.name) + self.assertIsNone(test.type) + self.assertIsNone(test.version) + findings = test.findings + self.assertEqual(1, len(findings)) + + def test_with_scan_v14(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-confidence_v14.json") as testfile: + parser = GitlabSastParser() + tests = parser.get_tests(None, testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual("njsscan", test.name) + self.assertEqual("njsscan", test.type) + self.assertEqual("0.1.9", test.version) + findings = test.findings + self.assertEqual(8, len(findings)) + + def test_with_scan_v15(self): + with open("unittests/scans/gitlab_sast/gl-sast-report-confidence_v15.json") as testfile: + parser = GitlabSastParser() + tests = parser.get_tests(None, testfile) self.assertEqual(1, len(tests)) test = tests[0] self.assertEqual("njsscan", test.name) diff --git a/unittests/tools/test_gitlab_secret_detection_report_parser.py b/unittests/tools/test_gitlab_secret_detection_report_parser.py index 7760cbd6a02..a9adff44122 100644 --- a/unittests/tools/test_gitlab_secret_detection_report_parser.py +++ b/unittests/tools/test_gitlab_secret_detection_report_parser.py @@ -8,23 +8,17 @@ class TestGitlabSecretDetectionReportParser(DojoTestCase): def test_gitlab_secret_detection_report_parser_with_no_vuln_has_no_findings(self): - testfile = open( - get_unit_tests_path() + "/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_0_vuln.json" - ) - parser = GitlabSecretDetectionReportParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + with open(f"{get_unit_tests_path()}/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_0_vuln.json") as testfile: + parser = GitlabSecretDetectionReportParser() + findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_gitlab_secret_detection_report_parser_with_one_vuln_has_one_findings( + def test_gitlab_secret_detection_report_parser_with_one_vuln_has_one_findings_v14( self, ): - testfile = open( - get_unit_tests_path() + "/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json" - ) - parser = GitlabSecretDetectionReportParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + with open(f"{get_unit_tests_path()}/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v14.json") as testfile: + parser = GitlabSecretDetectionReportParser() + findings = parser.get_findings(testfile, Test()) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() @@ -40,15 +34,44 @@ def test_gitlab_secret_detection_report_parser_with_one_vuln_has_one_findings( first_finding.unique_id_from_tool, ) - def test_gitlab_secret_detection_report_parser_with_many_vuln_has_many_findings( + def test_gitlab_secret_detection_report_parser_with_one_vuln_has_one_findings_v15( self, ): - testfile = open( - get_unit_tests_path() + "/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json" + with open(f"{get_unit_tests_path()}/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln_v15.json") as testfile: + parser = GitlabSecretDetectionReportParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + first_finding = findings[0] + self.assertEqual(1, len(findings)) + self.assertEqual(datetime(2021, 6, 2, 9, 13, 9), first_finding.date) + self.assertEqual(5, first_finding.line) + self.assertEqual("Critical", first_finding.severity) + self.assertEqual("README.md", first_finding.file_path) + self.assertEqual("AWS\nAKIAIOSFODNN7EXAMPLE", first_finding.description) + self.assertEqual( + "714ed3e4e289ad35a089e0a888e8d0120b6a6083b1090a189cbc6a3227396240", + first_finding.unique_id_from_tool, ) - parser = GitlabSecretDetectionReportParser() - findings = parser.get_findings(testfile, Test()) - testfile.close() + + def test_gitlab_secret_detection_report_parser_with_many_vuln_has_many_findings_v14( + self, + ): + with open(f"{get_unit_tests_path()}/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v14.json") as testfile: + parser = GitlabSecretDetectionReportParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(3, len(findings)) + + def test_gitlab_secret_detection_report_parser_with_many_vuln_has_many_findings_v15( + self, + ): + with open(f"{get_unit_tests_path()}/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln_v15.json") as testfile: + parser = GitlabSecretDetectionReportParser() + findings = parser.get_findings(testfile, Test()) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() diff --git a/unittests/tools/test_govulncheck_parser.py b/unittests/tools/test_govulncheck_parser.py new file mode 100644 index 00000000000..b098cd7ab37 --- /dev/null +++ b/unittests/tools/test_govulncheck_parser.py @@ -0,0 +1,132 @@ +from unittests.dojo_test_case import DojoTestCase +from dojo.tools.govulncheck.parser import GovulncheckParser +from dojo.models import Test + + +class TestGovulncheckParser(DojoTestCase): + + def test_parse_empty(self): + with self.assertRaises(ValueError) as exp: + testfile = open("unittests/scans/govulncheck/empty.json") + parser = GovulncheckParser() + parser.get_findings(testfile, Test()) + self.assertIn( + "Invalid JSON format", str(exp.exception) + ) + + def test_parse_no_findings(self): + testfile = open("unittests/scans/govulncheck/no_vulns.json") + parser = GovulncheckParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_many_findings(self): + testfile = open("unittests/scans/govulncheck/many_vulns.json") + parser = GovulncheckParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(3, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("GO-2022-1144", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual("CVE-2022-41717", finding.cve) + self.assertEqual("stdlib", finding.component_name) + self.assertEqual("v1.19.0", finding.component_version) + self.assertEqual("GO-2022-1144", finding.unique_id_from_tool) + self.assertEqual("https://pkg.go.dev/vuln/GO-2022-1144", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertEqual("https://go.dev/issue/56350", finding.references) + + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("GO-2022-1143", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual("CVE-2022-41720", finding.cve) + self.assertEqual("stdlib", finding.component_name) + self.assertEqual("v1.19.0", finding.component_version) + self.assertEqual("GO-2022-1143", finding.unique_id_from_tool) + self.assertEqual("https://pkg.go.dev/vuln/GO-2022-1143", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertEqual("https://go.dev/issue/56694", finding.references) + + with self.subTest(i=2): + finding = findings[2] + self.assertEqual("GO-2022-0969", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual("CVE-2022-27664", finding.cve) + self.assertEqual("stdlib", finding.component_name) + self.assertEqual("v1.19.0", finding.component_version) + self.assertEqual("GO-2022-0969", finding.unique_id_from_tool) + self.assertEqual("https://pkg.go.dev/vuln/GO-2022-0969", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertEqual("https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", finding.references) + + def test_parse_new_version_no_findings(self): + testfile = open("unittests/scans/govulncheck/no_vulns_new_version.json") + parser = GovulncheckParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_new_version_many_findings(self): + testfile = open("unittests/scans/govulncheck/many_vulns_new_version.json") + parser = GovulncheckParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(1, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("GO-2023-1840 - stdlib - runtime", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual("CVE-2023-29403", finding.cve) + self.assertEqual("stdlib", finding.component_name) + self.assertEqual("v1.20.1", finding.component_version) + self.assertEqual("GO-2023-1840", finding.unique_id_from_tool) + self.assertEqual("runtime", finding.file_path) + self.assertEqual("https://pkg.go.dev/vuln/GO-2023-1840", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.references) + + def test_parse_new_version_many_findings_custom_severity(self): + testfile = open("unittests/scans/govulncheck/many_vulns_new_version_custom_severity.json") + parser = GovulncheckParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(2, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual("GO-2021-0113 - golang.org/x/text - golang.org/x/text/language", finding.title) + self.assertEqual("CVE-2021-38561", finding.cve) + self.assertEqual("golang.org/x/text", finding.component_name) + self.assertEqual("v0.3.5", finding.component_version) + self.assertEqual("GO-2021-0113", finding.unique_id_from_tool) + self.assertEqual("golang.org/x/text/language", finding.file_path) + self.assertEqual("https://pkg.go.dev/vuln/GO-2021-0113", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.references) + + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("High", finding.severity) + self.assertEqual("GO-2022-1059 - golang.org/x/text - golang.org/x/text/language", finding.title) + self.assertEqual("CVE-2022-32149", finding.cve) + self.assertEqual("golang.org/x/text", finding.component_name) + self.assertEqual("v0.3.5", finding.component_version) + self.assertEqual("GO-2022-1059", finding.unique_id_from_tool) + self.assertEqual("golang.org/x/text/language", finding.file_path) + self.assertEqual("https://pkg.go.dev/vuln/GO-2022-1059", finding.url) + self.assertIsNotNone(finding.impact) + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.references) diff --git a/unittests/tools/test_harbor_vulnerability_parser.py b/unittests/tools/test_harbor_vulnerability_parser.py index c04fc35bf51..5f1048e1e43 100644 --- a/unittests/tools/test_harbor_vulnerability_parser.py +++ b/unittests/tools/test_harbor_vulnerability_parser.py @@ -27,7 +27,8 @@ def test_parse_file_with_one_vuln_has_one_findings(self): ) self.assertEqual(finding.severity, 'Info') self.assertEqual(finding.mitigation, 'Upgrade package to version unexploitable-version') - self.assertEqual(finding.cve, 'CVE-YYYY-NNN') + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual(finding.unsaved_vulnerability_ids[0], 'CVE-YYYY-NNN') self.assertEqual(finding.component_name, 'package') self.assertEqual(finding.component_version, 'exploitable-version') self.assertEqual(finding.references, 'https://github.com/goharbor/harbor\n') @@ -43,3 +44,24 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): self.assertEqual(finding.severity, 'High') self.assertIsNone(finding.mitigation) self.assertIsNone(finding.references) + + # Sample with Trivy Test + def test_parse_file_with_multiple_vuln_has_multiple_trivy_findings(self): + testfile = open("unittests/scans/harbor_vulnerability/harbor-trivy-vuln.json") + parser = HarborVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + + finding = findings[0] + self.assertEqual(finding.severity, 'High') + self.assertEqual(finding.cwe, '125') + + # Sample with harborapi pip + def test_parse_file_with_multiple_vuln_has_harborapi_pip_package(self): + testfile = open("unittests/scans/harbor_vulnerability/harborapipip.json") + parser = HarborVulnerabilityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(2, len(findings)) + + finding = findings[0] + self.assertEqual(finding.severity, 'Medium') + self.assertEqual(finding.cwe, '787') diff --git a/unittests/tools/test_hcl_appscan_parser.py b/unittests/tools/test_hcl_appscan_parser.py new file mode 100644 index 00000000000..daaf04f4a57 --- /dev/null +++ b/unittests/tools/test_hcl_appscan_parser.py @@ -0,0 +1,39 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.hcl_appscan.parser import HCLAppScanParser + + +class TestHCLAppScanParser(DojoTestCase): + + def test_no_findings(self): + my_file_handle = open("unittests/scans/hcl_appscan/no_findings.xml") + parser = HCLAppScanParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(0, len(findings)) + + def test_many_findings(self): + my_file_handle = open("unittests/scans/hcl_appscan/many_findings.xml") + parser = HCLAppScanParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(60, len(findings)) + self.assertEqual(findings[0].title, "Unencrypted Login Request_mani-virtual-machine_/dvja-1.0-SNAPSHOT/register.action") + self.assertEqual(findings[1].title, "Unencrypted Login Request_mani-virtual-machine_/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[9].severity, "Medium") + self.assertEqual(findings[1].description, "Issue-Type:attLoginNotOverSSL\nThreat-Class: catInsufficientTransLayerProtection\nEntity: 7521140967381157376\nSecurity-Risks: loginNotOverSSL\nCause-Id: sensitiveDataNotSSL\nIssue-Type-Name:Unencrypted Login Request\nLocation: http://mani-virtual-machine:9000/dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC\nDomain: mani-virtual-machine\nElement: password\nElementType: Parameter\nPath: /dvja-1.0-SNAPSHOT/login.action;jsessionid=AD12F9CF7835CC92885A381859462BAC\nScheme: http\nHost: mani-virtual-machine\nPort: 9000\n") + self.assertEqual(findings[5].mitigation, "Remediation: fix_61640\nAdvisory: GD_autocompleteInForm") + self.assertEqual(findings[9].cwe, 522) + + def test_issue_9279(self): + my_file_handle = open("unittests/scans/hcl_appscan/issue_9279.xml") + parser = HCLAppScanParser() + findings = parser.get_findings(my_file_handle, None) + my_file_handle.close() + self.assertEqual(18, len(findings)) + self.assertEqual(findings[0].title, "attUnnecessaryResponseHeaders_7089695691196187648_insecureWebAppConfiguration") + self.assertEqual(findings[1].title, "attHttpsToHttp_7089695691196187648_sensitiveDataNotSSL") + self.assertEqual(findings[0].severity, "Low") + self.assertEqual(findings[5].mitigation, "Remediation: fix_61771\nAdvisory: attReferrerPolicyHeaderExist") + self.assertEqual(findings[1].description, "Issue-Type:attHttpsToHttp\nThreat-Class: catInformationLeakage\nEntity: 7089695691196187648\nSecurity-Risks: sensitiveNotOverSSL\nCause-Id: sensitiveDataNotSSL\n") + self.assertEqual(findings[10].cwe, 1275) diff --git a/unittests/tools/test_horusec_parser.py b/unittests/tools/test_horusec_parser.py index ed3b3767a4f..8184224fc32 100644 --- a/unittests/tools/test_horusec_parser.py +++ b/unittests/tools/test_horusec_parser.py @@ -13,6 +13,7 @@ def test_get_findings(self): parser = HorusecParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(267, len(findings)) + self.assertEqual('2021-10-19', findings[0].date.strftime("%Y-%m-%d")) def test_get_tests(self): """Version 2.6.3 with big project in Python""" @@ -30,21 +31,21 @@ def test_get_tests(self): self.assertEqual("Critical", finding.severity) self.assertEqual("docker/entrypoint.sh", finding.file_path) self.assertEqual(20, finding.line) - self.assertEqual(datetime.datetime(2021, 10, 1), finding.date) + self.assertEqual(datetime.date(2021, 10, 19), finding.date.date()) with self.subTest(i=50): finding = findings[50] self.assertEqual("Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.", finding.title) self.assertEqual("Medium", finding.severity) self.assertEqual("dojo/tools/huskyci/parser.py", finding.file_path) self.assertEqual(55, finding.line) - self.assertEqual(datetime.datetime(2021, 10, 1), finding.date) + self.assertEqual(datetime.date(2021, 10, 19), finding.date.date()) with self.subTest(i=266): finding = findings[266] self.assertEqual("Try, Except, Pass detected.", finding.title) self.assertEqual("Low", finding.severity) self.assertEqual("tests/base_test_class.py", finding.file_path) self.assertEqual(191, finding.line) - self.assertEqual(datetime.datetime(2021, 10, 1), finding.date) + self.assertEqual(datetime.date(2021, 10, 19), finding.date.date()) def test_get_tests_ok(self): """Version 2.6.3 with big project in Python""" @@ -77,3 +78,58 @@ def test_get_tests_ok(self): self.assertEqual("tests/base_test_class.py", finding.file_path) self.assertEqual(191, finding.line) self.assertLessEqual(finding.scanner_confidence, 2) # "Certain" + + def test_get_tests_issue_6258(self): + """""" + with open(path.join(path.dirname(__file__), "../scans/horusec/issue_6258.json")) as testfile: + parser = HorusecParser() + tests = parser.get_tests("Horusec Scan", testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual(14, len(test.findings)) + findings = test.findings + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("No use eval", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-ui-1.9.1.custom.min.js", finding.file_path) + self.assertEqual(0, finding.line) + self.assertGreaterEqual(finding.scanner_confidence, 3) # "Firm" + self.assertLessEqual(finding.scanner_confidence, 5) # "Firm" + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + with self.subTest(i=10): + finding = findings[10] + self.assertEqual("Remote code injection Apache Log4j", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("resources-external/GetGestao/security/env.xml", finding.file_path) + self.assertEqual(35, finding.line) + self.assertGreaterEqual(finding.scanner_confidence, 3) # "Firm" + self.assertLessEqual(finding.scanner_confidence, 5) # "Firm" + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + with self.subTest(i=13): + finding = findings[13] + self.assertEqual("Base64 Encode", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("GetGestaoVisaoWeb/src/main/java/br/gov/dataprev/get/web/util/ErrorHandlingUtils.java", finding.file_path) + self.assertEqual(146, finding.line) + self.assertGreaterEqual(finding.scanner_confidence, 6) # "Tentative" + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) + + def test_get_tests_pr_6563(self): + """""" + with open(path.join(path.dirname(__file__), "../scans/horusec/pr_6563.json")) as testfile: + parser = HorusecParser() + tests = parser.get_tests("Horusec Scan", testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual(1, len(test.findings)) + findings = test.findings + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("No use eval", finding.title) + self.assertEqual("Critical", finding.severity) + self.assertEqual("GetGestaoVisaoWeb/src/main/webapp/js/jquery/jquery-ui-1.9.1.custom.min.js", finding.file_path) + self.assertEqual(None, finding.line) + self.assertGreaterEqual(finding.scanner_confidence, 3) # "Firm" + self.assertLessEqual(finding.scanner_confidence, 5) # "Firm" + self.assertEqual(datetime.date(2022, 5, 6), finding.date.date()) diff --git a/unittests/tools/test_humble_parser.py b/unittests/tools/test_humble_parser.py new file mode 100644 index 00000000000..ccd99d44373 --- /dev/null +++ b/unittests/tools/test_humble_parser.py @@ -0,0 +1,36 @@ +from dojo.tools.humble.parser import HumbleParser +from dojo.models import Test +from unittests.dojo_test_case import DojoTestCase + + +class TestHumbleParser(DojoTestCase): + def test_humble_parser_with_many_findings(self): + testfile = open("unittests/scans/humble/many_findings.json") + parser = HumbleParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + testfile.close() + self.assertEqual(9, len(findings)) + finding = findings[0] + self.assertEqual(finding.unsaved_endpoints[0].host, "asdf.asf.hs") + self.assertEqual("Missing header: Clear-Site-Data", finding.title) + finding = findings[7] + self.assertEqual("Deprecated header: Strict-Transport-Security (Recommended Values)", finding.title) + + def test_humble_parser_with_many_findings2(self): + testfile = open("unittests/scans/humble/many_findings2.json") + parser = HumbleParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + testfile.close() + self.assertEqual(16, len(findings)) + finding = findings[0] + self.assertEqual(finding.unsaved_endpoints[0].host, "testestset.com") + self.assertEqual("Missing header: Clear-Site-Data", finding.title) + finding = findings[7] + self.assertEqual("Missing header: Referrer-Policy", finding.title) + self.assertEqual("This security Header is missing: Referrer-Policy", finding.description) diff --git a/unittests/tools/test_hydra_parser.py b/unittests/tools/test_hydra_parser.py new file mode 100644 index 00000000000..3e7dfca34c5 --- /dev/null +++ b/unittests/tools/test_hydra_parser.py @@ -0,0 +1,144 @@ +from datetime import datetime, date + +from dojo.tools.hydra.parser import HydraParser +from dojo.models import Test, Finding +from unittests.dojo_test_case import DojoTestCase + + +class TestHydraParser(DojoTestCase): + __test_datetime = datetime(2019, 3, 1, 14, 44, 22) + + def test_invalid_json_format(self): + testfile = open("unittests/scans/hydra/invalid.json") + parser = HydraParser() + with self.assertRaises(ValueError): + parser.get_findings(testfile, Test()) + + def test_parser_ensures_data_is_for_hydra_before_parsing(self): + testfile = open("unittests/scans/hydra/oddly_familiar_json_that_isnt_us.json") + parser = HydraParser() + with self.assertRaises(ValueError): + parser.get_findings(testfile, Test()) + + def test_hydra_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/hydra/hydra_report_no_finding.json") + parser = HydraParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_hydra_parser_with_one_finding_has_one_finding(self): + testfile = open("unittests/scans/hydra/hydra_report_one_finding.json") + parser = HydraParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + + finding = findings[0] + + self.__assertFindingEquals( + finding, + self.__test_datetime, + "127.0.0.1", + "9999", + "bill@example.com", + "bill" + ) + + def test_hydra_parser_with_one_finding_and_missing_date_has_one_finding(self): + testfile = open("unittests/scans/hydra/hydra_report_one_finding_missing_date.json") + parser = HydraParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + + finding = findings[0] + + self.__assertFindingEquals( + finding, + date.today(), + "127.0.0.1", + "9999", + "bill@example.com", + "bill" + ) + + def test_hydra_parser_with_two_findings_with_one_incomplete_has_one_finding(self): + testfile = open("unittests/scans/hydra/hydra_report_two_findings_with_one_incomplete.json") + parser = HydraParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + + finding = findings[0] + + self.__assertFindingEquals( + finding, + self.__test_datetime, + "127.0.0.1", + "9999", + "bill@example.com", + "bill" + ) + + def test_hydra_parser_with_many_findings_has_many_findings(self): + testfile = open("unittests/scans/hydra/hydra_report_many_finding.json") + parser = HydraParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(3, len(findings)) + + self.__assertFindingEquals( + findings[0], + self.__test_datetime, + "127.0.0.1", + "9999", + "bill@example.com", + "bill" + ) + self.__assertFindingEquals( + findings[1], + self.__test_datetime, + "192.168.0.1", + "1234", + "joe@example.com", + "joe" + ) + self.__assertFindingEquals( + findings[2], + self.__test_datetime, + "something.bad.com", + "4321", + "jimmy@bad.com", + "somesimplepassword" + ) + + def __assertFindingEquals( + self, + actual_finding: Finding, + date: datetime, + finding_url, + finding_port, + finding_username, + finding_password + ): + self.assertEqual("Weak username / password combination found for " + finding_url, actual_finding.title) + self.assertEqual(date, actual_finding.date) + self.assertEqual("High", actual_finding.severity) + self.assertEqual(finding_url + " on port " + finding_port + " is allowing logins with easy to guess username " + finding_username + " and password " + finding_password, + actual_finding.description) + self.assertFalse(actual_finding.static_finding) + self.assertTrue(actual_finding.dynamic_finding) + # The following fields should be not be set from this parser. + self.assertIsNone(actual_finding.unique_id_from_tool) + self.assertEqual(actual_finding.unsaved_endpoints[0].host, finding_url) + self.assertEqual(str(actual_finding.unsaved_endpoints[0].port), finding_port) + + def __assertAllEndpointsAreClean(self, findings): + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() diff --git a/unittests/tools/test_ibm_app_parser.py b/unittests/tools/test_ibm_app_parser.py index 7d81290cdb7..e738f292acb 100644 --- a/unittests/tools/test_ibm_app_parser.py +++ b/unittests/tools/test_ibm_app_parser.py @@ -14,12 +14,12 @@ def test_parse_file(self): endpoint.clean() testfile.close() self.assertEqual(27, len(findings)) - finding = findings[0] - self.assertEqual('Low', finding.severity) - # FIXME manage CWE - # self.assertEqual(79, finding.cwe) + + finding = findings[15] + self.assertEqual('High', finding.severity) + self.assertEqual(79, finding.cwe) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual('CVE-2022-00001', finding.unsaved_vulnerability_ids[0]) + finding = findings[1] - # FIXME fix Info/Informational drama for this parser - self.assertEqual('Informational', finding.severity) - # FIXME manage CWE - # self.assertEqual(79, finding.cwe) + self.assertEqual('Info', finding.severity) diff --git a/unittests/tools/test_immuniweb_parser.py b/unittests/tools/test_immuniweb_parser.py index 2673d8270ca..74b9e12d232 100644 --- a/unittests/tools/test_immuniweb_parser.py +++ b/unittests/tools/test_immuniweb_parser.py @@ -27,4 +27,4 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() - self.assertTrue(len(findings) > 2) + self.assertGreater(len(findings), 2) diff --git a/unittests/tools/test_intsights_parser.py b/unittests/tools/test_intsights_parser.py index 01afc1a4b39..c091a00c2eb 100644 --- a/unittests/tools/test_intsights_parser.py +++ b/unittests/tools/test_intsights_parser.py @@ -4,19 +4,8 @@ class TestIntSightsParser(DojoTestCase): - def test_intsights_parser_with_no_vuln_has_no_findings_json(self): - with self.assertRaises(ValueError): - testfile = open("unittests/scans/intsights/intsights_zero_vul.json") - parser = IntSightsParser() - findings = parser.get_findings(testfile, Test()) - - def test_intsights_parser_with_no_vuln_has_no_findings_csv(self): - with self.assertRaises(ValueError): - testfile = open("unittests/scans/intsights/intsights_zero_vuln.csv") - parser = IntSightsParser() - findings = parser.get_findings(testfile, Test()) - - def test_intsights_parser_with_one_critical_vuln_has_one_findings_json(self): + def test_intsights_parser_with_one_critical_vuln_has_one_findings_json( + self): testfile = open("unittests/scans/intsights/intsights_one_vul.json") parser = IntSightsParser() findings = parser.get_findings(testfile, Test()) @@ -26,13 +15,19 @@ def test_intsights_parser_with_one_critical_vuln_has_one_findings_json(self): finding = list(findings)[0] - self.assertEqual('5c80dbf83b4a3900078b6be6', finding.unique_id_from_tool) - self.assertEqual('HTTP headers weakness in initech.com web server', finding.title) - self.assertEquals('Critical', finding.severity) - self.assertEquals("https://dashboard.intsights.com/#/threat-command/alerts?search=5c80dbf83b4a3900078b6be6", - finding.references) + self.assertEqual( + '5c80dbf83b4a3900078b6be6', + finding.unique_id_from_tool) + self.assertEqual( + 'HTTP headers weakness in initech.com web server', + finding.title) + self.assertEqual('Critical', finding.severity) + self.assertEqual( + "https://dashboard.intsights.com/#/threat-command/alerts?search=5c80dbf83b4a3900078b6be6", + finding.references) - def test_intsights_parser_with_one_critical_vuln_has_one_findings_csv(self): + def test_intsights_parser_with_one_critical_vuln_has_one_findings_csv( + self): testfile = open("unittests/scans/intsights/intsights_one_vuln.csv") parser = IntSightsParser() findings = parser.get_findings(testfile, Test()) @@ -41,8 +36,12 @@ def test_intsights_parser_with_one_critical_vuln_has_one_findings_csv(self): finding = list(findings)[0] - self.assertEqual("mn7xy83finmmth4ja363rci9", finding.unique_id_from_tool) - self.assertEqual("HTTP headers weakness in company-domain.com web server", finding.title) + self.assertEqual( + "mn7xy83finmmth4ja363rci9", + finding.unique_id_from_tool) + self.assertEqual( + "HTTP headers weakness in company-domain.com web server", + finding.title) def test_intsights_parser_with_many_vuln_has_many_findings_json(self): testfile = open("unittests/scans/intsights/intsights_many_vul.json") @@ -60,12 +59,21 @@ def test_intsights_parser_with_many_vuln_has_many_findings_csv(self): def test_intsights_parser_invalid_text_with_error_csv(self): with self.assertRaises(ValueError): - testfile = open("unittests/scans/intsights/intsights_invalid_file.txt") + testfile = open( + "unittests/scans/intsights/intsights_invalid_file.txt") parser = IntSightsParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) - def test_intsights_parser_empty_with_error_json(self): - with self.assertRaises(ValueError): - testfile = open("unittests/scans/intsights/empty_with_error.json") - parser = IntSightsParser() - findings = parser.get_findings(testfile, Test()) + def test_intsights_parser_with_no_alerts_json(self): + testfile = open("unittests/scans/intsights/intsights_zero_vuln.json") + parser = IntSightsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_intsights_parser_with_no_alerts_csv(self): + testfile = open("unittests/scans/intsights/intsights_zero_vuln.csv") + parser = IntSightsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) diff --git a/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py b/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py new file mode 100644 index 00000000000..c1ca0ec3417 --- /dev/null +++ b/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py @@ -0,0 +1,77 @@ +from ..dojo_test_case import DojoTestCase +from dojo.models import Test +from dojo.tools.jfrog_xray_api_summary_artifact.parser import ( + JFrogXrayApiSummaryArtifactParser, +) +import hashlib + + +class TestJFrogXrayApiSummaryArtifactParser(DojoTestCase): + def test_parse_file_with_no_vuln(self): + testfile = open("unittests/scans/jfrog_xray_api_summary_artifact/no_vuln.json") + parser = JFrogXrayApiSummaryArtifactParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln(self): + testfile = open("unittests/scans/jfrog_xray_api_summary_artifact/one_vuln.json") + parser = JFrogXrayApiSummaryArtifactParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + item = findings[0] + self.assertEqual("OpenSSL crypto", item.title[:14]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("XRAY-124116", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Critical", item.severity) + self.assertEqual( + "3.12:openssl:1.1.1k-r0 -> OpenSSL contains an overflow", + item.description[:54], + ) + self.assertEqual(" code.", item.description[-6:]) + self.assertIsNone(item.mitigation) + self.assertEqual("artifact1", item.component_name) + self.assertIsNotNone(item.tags) + print(item.tags) + self.assertEqual("1.0", item.component_version) + self.assertEqual("artifact_path/artifact1/1.0/", item.file_path[:28]) + self.assertIsNone(item.severity_justification) + self.assertIsNone(item.references) + self.assertIsNone(item.impact) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) + result = hashlib.sha256() + unique_id = ( + "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468" + + "3.12:openssl" + + "1.1.1k-r0" + + "XRAY-124116" + ) + result.update(unique_id.encode()) + self.assertEqual(result.hexdigest(), item.unique_id_from_tool) + + def test_parse_file_with_many_vulns(self): + testfile = open( + "unittests/scans/jfrog_xray_api_summary_artifact/many_vulns.json" + ) + parser = JFrogXrayApiSummaryArtifactParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(15, len(findings)) + finding = findings[0] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2021-42385", finding.unsaved_vulnerability_ids[0]) + + def test_parse_file_with_malformed_cvssv3_score(self): + testfile = open( + "unittests/scans/jfrog_xray_api_summary_artifact/malformed_cvssv3.json" + ) + parser = JFrogXrayApiSummaryArtifactParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + + finding = findings[0] + self.assertIsNone(finding.cvssv3) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("XRAY-523195", finding.unsaved_vulnerability_ids[1]) diff --git a/unittests/tools/test_jfrog_xray_on_demand_binary_scan_parser.py b/unittests/tools/test_jfrog_xray_on_demand_binary_scan_parser.py new file mode 100644 index 00000000000..0fd6712f07d --- /dev/null +++ b/unittests/tools/test_jfrog_xray_on_demand_binary_scan_parser.py @@ -0,0 +1,85 @@ +from ..dojo_test_case import DojoTestCase +from dojo.models import Test, Finding +from dojo.tools.jfrog_xray_on_demand_binary_scan.parser import \ + JFrogXrayOnDemandBinaryScanParser, get_component_name_version, clean_title + + +class TestJFrogXrayOnDemandBinaryScanParser(DojoTestCase): + + def test_parse_file_with_one_vuln(self): + testfile = open("unittests/scans/jfrog_xray_on_demand_binary_scan/one_vuln.json") + parser = JFrogXrayOnDemandBinaryScanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + item: Finding = findings[0] + self.assertEqual("gav://test", item.component_name) + self.assertEqual("CVE-2014-0114", item.unsaved_vulnerability_ids[0]) + self.assertEqual("High", item.severity) + + def test_parse_file_with_many_vulns(self): + testfile = open("unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns.json") + parser = JFrogXrayOnDemandBinaryScanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(3, len(findings)) + + def test_component_name_version(self): + with self.subTest(""): + self.assertEqual(("", ""), get_component_name_version("")) + with self.subTest("gav://org.yaml:snakeyaml:1.16"): + self.assertEqual(("gav://org.yaml:snakeyaml", "1.16"), get_component_name_version("gav://org.yaml:snakeyaml:1.16")) + with self.subTest("npm://desopmo:1.33.7"): + self.assertEqual(("npm://desopmo", "1.33.7"), get_component_name_version("npm://desopmo:1.33.7")) + with self.subTest("pypi://django:4.1.4"): + self.assertEqual(("pypi://django", "4.1.4"), get_component_name_version("pypi://django:4.1.4")) + with self.subTest("alpine://3.18:libcrypto3:3.1.1-r1"): + self.assertEqual(("alpine://3.18:libcrypto3", "3.1.1-r1"), get_component_name_version("alpine://3.18:libcrypto3:3.1.1-r1")) + with self.subTest("npm://desopmo"): + self.assertEqual(("npm://desopmo", ""), get_component_name_version("npm://desopmo")) + + def test_clean_title(self): + with self.subTest(""): + self.assertEqual("", clean_title("")) + with self.subTest("ABC"): + self.assertEqual("ABC", clean_title("ABC")) + with self.subTest("Garbage"): + self.assertEqual("Processing some specially crafted ASN.1 object identifiers or", clean_title("Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.")) + + def test_parse_file_with_many_vulns_docker(self): + testfile = open("unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_docker.json") + parser = JFrogXrayOnDemandBinaryScanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(4, len(findings)) + + def test_parse_file_with_many_vulns_pypi(self): + testfile = open("unittests/scans/jfrog_xray_on_demand_binary_scan/many_vulns_pypi.json") + parser = JFrogXrayOnDemandBinaryScanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(99, len(findings)) + + with self.subTest(finding=0): + self.assertIn("sqlparse is a non-validating SQL parser module for Python", findings[0].title) + self.assertIsNone(findings[0].severity_justification) + self.assertEqual("High", findings[0].severity) + self.assertIn("sqlparse is a non-validating SQL parser module for Python", findings[0].description) + self.assertIn("- [0.4.4]", findings[0].mitigation) + self.assertEqual("pypi://sqlparse", findings[0].component_name) + self.assertEqual("0.4.3", findings[0].component_version) + self.assertIn("pypi://django:4.1.4", findings[0].impact) + self.assertIn("https://github.com/andialbrecht/sqlparse/commit/", findings[0].references) + self.assertTrue(findings[0].static_finding) + self.assertFalse(findings[0].dynamic_finding) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", findings[0].cvssv3) + self.assertEqual("XRAY-515353", findings[0].vuln_id_from_tool) + self.assertEqual(['CVE-2023-30608'], findings[0].unsaved_vulnerability_ids) + + with self.subTest(finding=1): + self.assertIn("**Short description**\nA design problem in Django may lead to denial of service when processing multipart forms.\n", findings[1].severity_justification) + self.assertIn("**Full description**\n[Django](https://www.djangoproject.com/) is a popular Python web framework that provides functions, components, and tools for fast web development.\r\n\r\nA vulnerability has been discovered in the Multipart Request Parser in Django. By passing certain inputs (such as an excessive number of parts) to multipart forms, an attacker can trigger too many open files or memory exhaustion, which may lead to a denial-of-service attack. \r\n\r\nThe issue is only exploitable when the `MultiPartParser` class is used by the Django app/\n", findings[1].severity_justification) + self.assertIn("**JFrog research severity**\nHigh\n", findings[1].severity_justification) + self.assertIn("**JFrog research severity reasons**\nExploitation of the issue is only possible when the vulnerable component is used in a specific manner. The attacker has to perform per-target research to determine the vulnerable attack vector\n", findings[1].severity_justification) + self.assertIn("An attacker must find a multipart form that receives files in order to trigger this issue, although this does not require intimate per-target research and can be automated.\n", findings[1].severity_justification) + self.assertIn("_Is positive:_ true\n", findings[1].severity_justification) diff --git a/unittests/tools/test_jfrog_xray_unified_parser.py b/unittests/tools/test_jfrog_xray_unified_parser.py index 24f2cc29d73..d6dda8850b3 100644 --- a/unittests/tools/test_jfrog_xray_unified_parser.py +++ b/unittests/tools/test_jfrog_xray_unified_parser.py @@ -21,26 +21,27 @@ def test_parse_file_with_one_vuln(self): self.assertEqual(1, len(findings)) item = findings[0] - self.assertEquals("XRAY-139239 - This affects the package", item.title[:38]) - self.assertEquals(" memory.", item.title[-8:]) - self.assertEquals("CVE-2020-28493", item.cve) - self.assertEquals("Medium", item.severity) - self.assertEquals("This affects the package", item.description[:24]) - self.assertEquals(" memory.", item.description[-8:]) + self.assertEqual("XRAY-139239 - This affects the package", item.title[:38]) + self.assertEqual(" memory.", item.title[-8:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-28493", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Medium", item.severity) + self.assertEqual("This affects the package", item.description[:24]) + self.assertEqual(" memory.", item.description[-8:]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) - self.assertEquals("Jinja2", item.component_name) - self.assertEquals('"packagetype_pypi"', item.tags) - self.assertEquals("2.11.2", item.component_version) - self.assertEquals("pypi-remote/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl", item.file_path) + self.assertEqual("Jinja2", item.component_name) + self.assertEqual('"packagetype_pypi"', item.tags) + self.assertEqual("2.11.2", item.component_version) + self.assertEqual("pypi-remote/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", item.cvssv3) - self.assertEquals(datetime.date(2021, 1, 15), item.date.date()) - self.assertEquals("XRAY-139239", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", item.cvssv3) + self.assertEqual(datetime.date(2021, 1, 15), item.date.date()) + self.assertEqual("XRAY-139239", item.unique_id_from_tool) def test_parse_file_with_many_vulns(self): testfile = open("unittests/scans/jfrog_xray_unified/many_vulns.json") @@ -59,258 +60,281 @@ def test_parse_file_with_very_many_vulns(self): # blank cvss2 item = [i for i in findings if i.title[:11] == "XRAY-106730"][-1] - self.assertEquals("CVE-2018-10754", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-10754", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) # blank cvss3 item = [i for i in findings if i.title[:11] == "XRAY-100538"][-1] - self.assertEquals("CVE-2015-2716", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-2716", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) # 0 references item = [i for i in findings if i.title[:11] == "XRAY-100015"][-1] - self.assertEquals("CVE-2020-13790", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-13790", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.references) - self.assertEquals(len(item.references), 0) + self.assertEqual(len(item.references), 0) # 1 reference item = [i for i in findings if i.title[:11] == "XRAY-101489"][-1] - self.assertEquals("CVE-2020-14040", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-14040", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) # many references item = [i for i in findings if i.title[:11] == "XRAY-100092"][-1] - self.assertEquals("CVE-2020-12723", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-12723", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 50) # multiple cvss scores - all have cvss3 item = [i for i in findings if i.title[:10] == "XRAY-96518"][-1] - self.assertEquals("CVE-2016-10745", item.cve) - self.assertEquals("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", item.cvssv3) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2016-10745", item.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", item.cvssv3) # multiiple cvss scores, some cvss2 missing item = [i for i in findings if i.title[:11] == "XRAY-128854"][-1] - self.assertEquals("CVE-2019-17006", item.cve) - self.assertEquals("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-17006", item.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) # multiiple cvss scores, some cvss3 missing item = [i for i in findings if i.title[:11] == "XRAY-135206"][-1] - self.assertEquals("CVE-2019-17006", item.cve) - self.assertEquals("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-17006", item.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) # 0 fixed verisons item = [i for i in findings if i.title[:11] == "XRAY-100015"][-1] - self.assertEquals("CVE-2020-13790", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-13790", item.unsaved_vulnerability_ids[0]) self.assertIsNone(item.mitigation) # 1 fixed version item = [i for i in findings if i.title[:11] == "XRAY-100646"][-1] - self.assertEquals("CVE-2020-14062", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-14062", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) # multiple fixed versions item = [i for i in findings if i.title[:11] == "XRAY-127258"][-1] - self.assertEquals("CVE-2020-27216", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-27216", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 50) # fixed versions with weird characters item = [i for i in findings if i.title[:11] == "XRAY-128876"][-1] - self.assertEquals("CVE-2020-8623", item.cve) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-8623", item.unsaved_vulnerability_ids[0]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) # severity unknown item = [i for i in findings if i.title[:11] == "XRAY-119297"][-1] - self.assertEquals("CVE-2020-12403", item.cve) - self.assertEquals("Info", item.severity) - self.assertEquals("Info", item.impact) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-12403", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Info", item.severity) + self.assertEqual("Info", item.impact) # severity low item = [i for i in findings if i.title[:11] == "XRAY-100046"][-1] - self.assertEquals("CVE-2020-13871", item.cve) - self.assertEquals("Low", item.severity) - self.assertEquals("Low", item.impact) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-13871", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Low", item.severity) + self.assertEqual("Low", item.impact) # severity medium item = [i for i in findings if i.title[:11] == "XRAY-100757"][-1] - self.assertEquals("CVE-2020-14155", item.cve) - self.assertEquals("Medium", item.severity) - self.assertEquals("Medium", item.impact) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-14155", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Medium", item.severity) + self.assertEqual("Medium", item.impact) # severity high item = [i for i in findings if i.title[:11] == "XRAY-109517"][-1] - self.assertEquals("CVE-2019-5827", item.cve) - self.assertEquals("High", item.severity) - self.assertEquals("High", item.impact) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-5827", item.unsaved_vulnerability_ids[0]) + self.assertEqual("High", item.severity) + self.assertEqual("High", item.impact) # external severity in details item = [i for i in findings if i.title[:11] == "XRAY-111224"][-1] - self.assertEquals("CVE-2015-8385", item.cve) - self.assertEquals("Red Hat Severity: Important", item.description[-27:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-8385", item.unsaved_vulnerability_ids[0]) + self.assertEqual("Red Hat Severity: Important", item.description[-27:]) # **various packages** # alpine item = [i for i in findings if i.title[:11] == "XRAY-100301"][-1] - self.assertEquals("CVE-2020-13871", item.cve) - self.assertEquals("XRAY-100301 - SQLite 3.32.2 has a use", item.title[:37]) - self.assertEquals(" is too late.", item.title[-13:]) - self.assertEquals("Medium", item.severity) - self.assertEquals("SQLite 3.32.2 has a use", item.description[:23]) - self.assertEquals(" is too late.", item.description[-13:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-13871", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-100301 - SQLite 3.32.2 has a use", item.title[:37]) + self.assertEqual(" is too late.", item.title[-13:]) + self.assertEqual("Medium", item.severity) + self.assertEqual("SQLite 3.32.2 has a use", item.description[:23]) + self.assertEqual(" is too late.", item.description[-13:]) self.assertIsNone(item.mitigation) - self.assertEquals("3.12:sqlite-libs", item.component_name) - self.assertEquals('"packagetype_alpine"', item.tags) - self.assertEquals("3.32.1-r0", item.component_version) - self.assertEquals("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__7cba93c3dde21c78fe07ee3f8ed8d82d05bf00415392606401df8a7d72057b5b/", item.file_path) + self.assertEqual("3.12:sqlite-libs", item.component_name) + self.assertEqual('"packagetype_alpine"', item.tags) + self.assertEqual("3.32.1-r0", item.component_version) + self.assertEqual("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__7cba93c3dde21c78fe07ee3f8ed8d82d05bf00415392606401df8a7d72057b5b/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 5, 4), item.date.date()) - self.assertEquals("XRAY-100301", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 5, 4), item.date.date()) + self.assertEqual("XRAY-100301", item.unique_id_from_tool) # debian item = [i for i in findings if i.title[:11] == "XRAY-137237"][-1] - self.assertEquals("CVE-2020-1971", item.cve) - self.assertEquals("XRAY-137237 - The X.509 GeneralName", item.title[:35]) - self.assertEquals("(Affected 1.0.2-1.0.2w).", item.title[-24:]) - self.assertEquals("High", item.severity) - self.assertEquals("The X.509 GeneralName", item.description[:21]) - self.assertEquals("(Affected 1.0.2-1.0.2w).", item.description[-24:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-1971", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-137237 - The X.509 GeneralName", item.title[:35]) + self.assertEqual("(Affected 1.0.2-1.0.2w).", item.title[-24:]) + self.assertEqual("High", item.severity) + self.assertEqual("The X.509 GeneralName", item.description[:21]) + self.assertEqual("(Affected 1.0.2-1.0.2w).", item.description[-24:]) self.assertIsNone(item.mitigation) - self.assertEquals("ubuntu:bionic:libssl1.1", item.component_name) - self.assertEquals('"packagetype_debian"', item.tags) - self.assertEquals("1.1.1-1ubuntu2.1~18.04.6", item.component_version) - self.assertEquals("dockerhub-remote/library/mongo/sha256__31f6433f7cfcd2180483e40728cbf97142df1e85de36d80d75c93e5e7fe10405/", item.file_path) + self.assertEqual("ubuntu:bionic:libssl1.1", item.component_name) + self.assertEqual('"packagetype_debian"', item.tags) + self.assertEqual("1.1.1-1ubuntu2.1~18.04.6", item.component_version) + self.assertEqual("dockerhub-remote/library/mongo/sha256__31f6433f7cfcd2180483e40728cbf97142df1e85de36d80d75c93e5e7fe10405/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("High", item.impact) - self.assertEquals("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 3, 9), item.date.date()) - self.assertEquals("XRAY-137237", item.unique_id_from_tool) + self.assertEqual("High", item.impact) + self.assertEqual("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 3, 9), item.date.date()) + self.assertEqual("XRAY-137237", item.unique_id_from_tool) # go item = [i for i in findings if i.title[:10] == "XRAY-86054"][-1] - self.assertEquals("CVE-2014-0047", item.cve) - self.assertEquals("XRAY-86054 - Docker before 1.5 allows", item.title[:37]) - self.assertEquals("/tmp usage.", item.title[-11:]) - self.assertEquals("Medium", item.severity) - self.assertEquals("Docker before 1.5 allows", item.description[:24]) - self.assertEquals("/tmp usage.", item.description[-11:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2014-0047", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-86054 - Docker before 1.5 allows", item.title[:37]) + self.assertEqual("/tmp usage.", item.title[-11:]) + self.assertEqual("Medium", item.severity) + self.assertEqual("Docker before 1.5 allows", item.description[:24]) + self.assertEqual("/tmp usage.", item.description[-11:]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) - self.assertEquals("github.com/docker/docker", item.component_name) - self.assertEquals('"packagetype_go"', item.tags) - self.assertEquals("1.4.2-0.20200203170920-46ec8731fbce", item.component_version) - self.assertEquals("dockerhub-remote/fluxcd/helm-controller/sha256__27790f965d8965884e8dfc12cba0d1f609794a1abc69bc81a658bd76e463ffce/", item.file_path) + self.assertEqual("github.com/docker/docker", item.component_name) + self.assertEqual('"packagetype_go"', item.tags) + self.assertEqual("1.4.2-0.20200203170920-46ec8731fbce", item.component_version) + self.assertEqual("dockerhub-remote/fluxcd/helm-controller/sha256__27790f965d8965884e8dfc12cba0d1f609794a1abc69bc81a658bd76e463ffce/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 2, 2), item.date.date()) - self.assertEquals("XRAY-86054", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 2, 2), item.date.date()) + self.assertEqual("XRAY-86054", item.unique_id_from_tool) # maven item = [i for i in findings if i.title[:11] == "XRAY-126663"][-1] - self.assertIsNone(item.cve) # has cvss score but no cve?? - self.assertEquals("XRAY-126663 - FasterXML jackson", item.title[:31]) - self.assertEquals("Expansion Remote Issue", item.title[-22:]) - self.assertEquals("High", item.severity) - self.assertEquals("FasterXML jackson", item.description[:17]) - self.assertEquals("sensitive information.", item.description[-22:]) + self.assertIsNone(item.unsaved_vulnerability_ids) # has cvss score but no cve?? + self.assertEqual("XRAY-126663 - FasterXML jackson", item.title[:31]) + self.assertEqual("Expansion Remote Issue", item.title[-22:]) + self.assertEqual("High", item.severity) + self.assertEqual("FasterXML jackson", item.description[:17]) + self.assertEqual("sensitive information.", item.description[-22:]) self.assertIsNone(item.mitigation) - self.assertEquals("com.fasterxml.jackson.core:jackson-databind", item.component_name) - self.assertEquals('"packagetype_maven"', item.tags) - self.assertEquals("2.10.4", item.component_version) - self.assertEquals("elastic-docker-remote/elasticsearch/elasticsearch/7.9.1-amd64/", item.file_path) + self.assertEqual("com.fasterxml.jackson.core:jackson-databind", item.component_name) + self.assertEqual('"packagetype_maven"', item.tags) + self.assertEqual("2.10.4", item.component_version) + self.assertEqual("elastic-docker-remote/elasticsearch/elasticsearch/7.9.1-amd64/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("High", item.impact) - self.assertEquals("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 1, 14), item.date.date()) - self.assertEquals("XRAY-126663", item.unique_id_from_tool) + self.assertEqual("High", item.impact) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 1, 14), item.date.date()) + self.assertEqual("XRAY-126663", item.unique_id_from_tool) # npm item = [i for i in findings if i.title[:10] == "XRAY-97245"][-1] - self.assertEquals("CVE-2020-11023", item.cve) - self.assertEquals("XRAY-97245 - In jQuery versions great", item.title[:37]) - self.assertEquals("patched in jQuery 3.5.0.", item.title[-24:]) - self.assertEquals("Medium", item.severity) - self.assertEquals("In jQuery versions great", item.description[:24]) - self.assertEquals("patched in jQuery 3.5.0.", item.description[-24:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-11023", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-97245 - In jQuery versions great", item.title[:37]) + self.assertEqual("patched in jQuery 3.5.0.", item.title[-24:]) + self.assertEqual("Medium", item.severity) + self.assertEqual("In jQuery versions great", item.description[:24]) + self.assertEqual("patched in jQuery 3.5.0.", item.description[-24:]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) - self.assertEquals("jquery", item.component_name) - self.assertEquals('"packagetype_npm"', item.tags) - self.assertEquals("3.4.1", item.component_version) - self.assertEquals("pypi-remote/cc/94/5f7079a0e00bd6863ef8f1da638721e9da21e5bacee597595b318f71d62e/Werkzeug-1.0.1-py2.py3-none-any.whl", item.file_path) + self.assertEqual("jquery", item.component_name) + self.assertEqual('"packagetype_npm"', item.tags) + self.assertEqual("3.4.1", item.component_version) + self.assertEqual("pypi-remote/cc/94/5f7079a0e00bd6863ef8f1da638721e9da21e5bacee597595b318f71d62e/Werkzeug-1.0.1-py2.py3-none-any.whl", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", item.cvssv3) - self.assertEquals(datetime.date(2021, 1, 15), item.date.date()) - self.assertEquals("XRAY-97245", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", item.cvssv3) + self.assertEqual(datetime.date(2021, 1, 15), item.date.date()) + self.assertEqual("XRAY-97245", item.unique_id_from_tool) # pypi item = [i for i in findings if i.title[:10] == "XRAY-97724"][-1] - self.assertEquals("CVE-2018-20225", item.cve) - self.assertEquals("XRAY-97724 - An issue was discovered", item.title[:36]) - self.assertEquals("an arbitrary version number).", item.title[-29:]) - self.assertEquals("Medium", item.severity) - self.assertEquals("An issue was discovered", item.description[:23]) - self.assertEquals("an arbitrary version number).", item.description[-29:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-20225", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-97724 - An issue was discovered", item.title[:36]) + self.assertEqual("an arbitrary version number).", item.title[-29:]) + self.assertEqual("Medium", item.severity) + self.assertEqual("An issue was discovered", item.description[:23]) + self.assertEqual("an arbitrary version number).", item.description[-29:]) self.assertIsNotNone(item.mitigation) self.assertGreater(len(item.mitigation), 0) - self.assertEquals("pip", item.component_name) - self.assertEquals('"packagetype_pypi"', item.tags) - self.assertEquals("20.2.3", item.component_version) - self.assertEquals("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__4b5a25c8dbac9637f8e680566959fdccd1a98d74ce2f2746f9b0f9ff6b57d03b/", item.file_path) + self.assertEqual("pip", item.component_name) + self.assertEqual('"packagetype_pypi"', item.tags) + self.assertEqual("20.2.3", item.component_version) + self.assertEqual("dockerhub-remote/kiwigrid/k8s-sidecar/sha256__4b5a25c8dbac9637f8e680566959fdccd1a98d74ce2f2746f9b0f9ff6b57d03b/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertGreater(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 2, 12), item.date.date()) - self.assertEquals("XRAY-97724", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 2, 12), item.date.date()) + self.assertEqual("XRAY-97724", item.unique_id_from_tool) # rpm item = [i for i in findings if i.title[:11] == "XRAY-106044"][-1] - self.assertEquals("CVE-2019-19645", item.cve) - self.assertEquals("XRAY-106044 - CVE-2019-19645 sqlite: infinite", item.title[:45]) - self.assertEquals("TABLE statements", item.title[-16:]) - self.assertEquals("Medium", item.severity) - self.assertEquals("alter.c in SQLite", item.description[:17]) - self.assertEquals("TABLE statements.\n\nRed Hat Severity: Moderate", item.description[-45:]) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-19645", item.unsaved_vulnerability_ids[0]) + self.assertEqual("XRAY-106044 - CVE-2019-19645 sqlite: infinite", item.title[:45]) + self.assertEqual("TABLE statements", item.title[-16:]) + self.assertEqual("Medium", item.severity) + self.assertEqual("alter.c in SQLite", item.description[:17]) + self.assertEqual("TABLE statements.\n\nRed Hat Severity: Moderate", item.description[-45:]) self.assertIsNone(item.mitigation) - self.assertEquals("7:sqlite:0", item.component_name) + self.assertEqual("7:sqlite:0", item.component_name) self.assertIn('packagetype_rpm', item.tags) - self.assertEquals("3.7.17-8.el7_7.1", item.component_version) - self.assertEquals("elastic-docker-remote/elasticsearch/elasticsearch/7.9.1-amd64/", item.file_path) + self.assertEqual("3.7.17-8.el7_7.1", item.component_version) + self.assertEqual("elastic-docker-remote/elasticsearch/elasticsearch/7.9.1-amd64/", item.file_path) self.assertIsNotNone(item.severity_justification) self.assertGreater(len(item.severity_justification), 0) self.assertIsNotNone(item.references) self.assertEqual(len(item.references), 0) - self.assertEquals("Medium", item.impact) - self.assertEquals("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) - self.assertEquals(datetime.date(2021, 1, 14), item.date.date()) - self.assertEquals("XRAY-106044", item.unique_id_from_tool) + self.assertEqual("Medium", item.impact) + self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", item.cvssv3) + self.assertEqual(datetime.date(2021, 1, 14), item.date.date()) + self.assertEqual("XRAY-106044", item.unique_id_from_tool) # **finished various packages** def test_parse_file_with_another_report(self): diff --git a/unittests/tools/test_jfrogxray_parser.py b/unittests/tools/test_jfrogxray_parser.py index ec159954379..fb88ec30eb2 100644 --- a/unittests/tools/test_jfrogxray_parser.py +++ b/unittests/tools/test_jfrogxray_parser.py @@ -12,10 +12,11 @@ def test_parse_file_with_one_vuln(self): testfile.close() self.assertEqual(1, len(findings)) item = findings[0] - self.assertEquals("debian:stretch:libx11", item.component_name) - self.assertEquals("2:1.6.4-3", item.component_version) - self.assertEquals("CVE-2018-14600", item.cve) - self.assertEquals(787, item.cwe) + self.assertEqual("debian:stretch:libx11", item.component_name) + self.assertEqual("2:1.6.4-3", item.component_version) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-14600", item.unsaved_vulnerability_ids[0]) + self.assertEqual(787, item.cwe) def test_parse_file_with_many_vulns(self): testfile = open("unittests/scans/jfrogxray/many_vulns.json") @@ -30,20 +31,38 @@ def test_parse_file_with_many_vulns2(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(2, len(findings)) + item = findings[0] - self.assertEquals("pip", item.component_name) - self.assertEquals("9.0.1", item.component_version) + self.assertEqual("No CVE - pip:9.0.1", item.title) + description = '''pip PyPI (Python Packaging Index) PipXmlrpcTransport._download_http_url() Function Content-Disposition Header Path Traversal Arbitrary File Write Weakness +**Provider:** JFrog''' + self.assertEqual(description, item.description) + self.assertEqual("High", item.severity) + self.assertEqual("pip", item.component_name) + self.assertEqual("9.0.1", item.component_version) + self.assertIsNone(item.unsaved_vulnerability_ids) + self.assertIsNone(item.cwe) + self.assertEqual("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", item.cvssv3) + item = findings[1] - self.assertEquals("ubuntu:bionic:linux", item.component_name) - self.assertEquals("4.15.0-88.88", item.component_version) - self.assertEquals("CVE-2020-14386", item.cve) - self.assertEquals(787, item.cwe) - self.assertEquals("AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) + self.assertEqual("CVE-2020-14386 - ubuntu:bionic:linux:4.15.0-88.88", item.title) + description = '''A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. +**Versions that are vulnerable:** +< 4.15.0-117.118 +**Provider:** JFrog''' + self.assertEqual(description, item.description) + self.assertEqual("High", item.severity) + self.assertEqual("ubuntu:bionic:linux", item.component_name) + self.assertEqual("4.15.0-88.88", item.component_version) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-14386", item.unsaved_vulnerability_ids[0]) + self.assertEqual(787, item.cwe) + self.assertEqual("CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", item.cvssv3) def test_decode_cwe_number(self): with self.subTest(val="CWE-1234"): - self.assertEquals(1234, decode_cwe_number("CWE-1234")) + self.assertEqual(1234, decode_cwe_number("CWE-1234")) with self.subTest(val=""): - self.assertEquals(0, decode_cwe_number("")) + self.assertEqual(0, decode_cwe_number("")) with self.subTest(val="cwe-1"): - self.assertEquals(1, decode_cwe_number("cwe-1")) + self.assertEqual(1, decode_cwe_number("cwe-1")) diff --git a/unittests/tools/test_kiuwan_parser.py b/unittests/tools/test_kiuwan_parser.py index 26c24ccba84..2f7a25e0331 100644 --- a/unittests/tools/test_kiuwan_parser.py +++ b/unittests/tools/test_kiuwan_parser.py @@ -6,20 +6,31 @@ class TestKiuwanParser(DojoTestCase): def test_parse_file_with_no_vuln_has_no_findings(self): - - testfile = open("unittests/scans/kiuwan_sample/kiuwan_no_vuln.csv") + testfile = open("unittests/scans/kiuwan/kiuwan_no_vuln.csv") parser = KiuwanParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) def test_parse_file_with_two_vuln_has_two_findings(self): - testfile = open("unittests/scans/kiuwan_sample/kiuwan_two_vuln.csv") + testfile = open("unittests/scans/kiuwan/kiuwan_two_vuln.csv") parser = KiuwanParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(2, len(findings)) def test_parse_file_with_multiple_vuln_has_multiple_finding(self): - testfile = open("unittests/scans/kiuwan_sample/kiuwan_many_vuln.csv") + testfile = open("unittests/scans/kiuwan/kiuwan_many_vuln.csv") parser = KiuwanParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(131, len(findings)) + + def test_parse_file_with_defects(self): + testfile = open("unittests/scans/kiuwan/kiuwan_defects.csv") + parser = KiuwanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_issue_9308(self): + testfile = open("unittests/scans/kiuwan/issue_9308.csv") + parser = KiuwanParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(2, len(findings)) diff --git a/unittests/tools/test_kubeaudit_parser.py b/unittests/tools/test_kubeaudit_parser.py new file mode 100644 index 00000000000..b40db502d93 --- /dev/null +++ b/unittests/tools/test_kubeaudit_parser.py @@ -0,0 +1,17 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.kubeaudit.parser import KubeAuditParser +from dojo.models import Test + + +class TestKubeAuditParser(DojoTestCase): + + def test_parse_file_has_no_findings(self): + testfile = open("unittests/scans/kubeaudit/kubeaudit.json") + parser = KubeAuditParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(70, len(findings)) + self.assertEqual(findings[1].title, "DeprecatedAPIUsed_scheduler") + self.assertEqual(findings[5].mitigation, "hostNetwork is set to 'true' in PodSpec. It should be set to 'false'.") + self.assertEqual(findings[8].description, "AuditResultName: AllowPrivilegeEscalationNil\nResourceApiVersion: v1\nResourceKind: Pod\nResourceName: storage-provisioner\nlevel: error\nmsg: allowPrivilegeEscalation not set which allows privilege escalation. It should be set to 'false'.\nContainer: storage-provisioner\nResourceNamespace: kube-system\n") + self.assertEqual(findings[11].severity, "High") diff --git a/unittests/tools/test_kubebench_parser.py b/unittests/tools/test_kubebench_parser.py index 4b3751c9841..0494e92ff3a 100644 --- a/unittests/tools/test_kubebench_parser.py +++ b/unittests/tools/test_kubebench_parser.py @@ -27,7 +27,7 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): ) parser = KubeBenchParser() findings = parser.get_findings(testfile, Test()) - self.assertTrue(len(findings) == 4) + self.assertEqual(len(findings), 4) def test_parse_file_with_controls_tag(self): diff --git a/unittests/tools/test_kubehunter_parser.py b/unittests/tools/test_kubehunter_parser.py new file mode 100644 index 00000000000..6c0683364a0 --- /dev/null +++ b/unittests/tools/test_kubehunter_parser.py @@ -0,0 +1,55 @@ +from django.test import TestCase +from dojo.tools.kubehunter.parser import KubeHunterParser +from dojo.models import Test + + +class TestKubeHunterParser(TestCase): + + def test_kubehunter_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/kubehunter/kubehunter_zero_vul.json") + parser = KubeHunterParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_kubehunter_parser_with_one_criticle_vuln_has_one_findings(self): + testfile = open("unittests/scans/kubehunter/kubehunter_one_vul.json") + parser = KubeHunterParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("KHV044", findings[0].vuln_id_from_tool) + self.assertEqual("Privileged Container", findings[0].title) + self.assertEqual(True, finding.active) + + self.assertEqual(False, finding.duplicate) + self.assertEqual(finding.severity, 'High') + + def test_kubehunter_parser_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/kubehunter/kubehunter_many_vul.json") + parser = KubeHunterParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual(8, len(findings)) + + def test_kubehunter_parser_empty_with_error(self): + with self.assertRaises(ValueError) as context: + testfile = open("unittests/scans/kubehunter/empty.json") + parser = KubeHunterParser() + parser.get_findings(testfile, Test()) + testfile.close() + + self.assertEqual( + "Expecting value: line 1 column 1 (char 0)", str(context.exception) + ) + + def test_kubehunter_parser_dupe(self): + testfile = open("unittests/scans/kubehunter/dupe.json") + parser = KubeHunterParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) diff --git a/unittests/tools/test_kubescape_parser.py b/unittests/tools/test_kubescape_parser.py new file mode 100644 index 00000000000..74f03661c33 --- /dev/null +++ b/unittests/tools/test_kubescape_parser.py @@ -0,0 +1,32 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.kubescape.parser import KubescapeParser +from dojo.models import Test + + +class TestOrtParser(DojoTestCase): + def test_parse_file_has_many_findings(self): + testfile = open( + get_unit_tests_path() + "/scans/kubescape/many_findings.json" + ) + parser = KubescapeParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(710, len(findings)) + + def test_parse_file_has_many_results(self): + testfile = open( + get_unit_tests_path() + "/scans/kubescape/results.json" + ) + parser = KubescapeParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(20, len(findings)) + + def test_parse_file_with_a_failure(self): + testfile = open( + get_unit_tests_path() + "/scans/kubescape/with_a_failure.json" + ) + parser = KubescapeParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(18, len(findings)) diff --git a/unittests/tools/test_mend_parser.py b/unittests/tools/test_mend_parser.py new file mode 100644 index 00000000000..9a4e84d94da --- /dev/null +++ b/unittests/tools/test_mend_parser.py @@ -0,0 +1,37 @@ +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.mend.parser import MendParser +from dojo.models import Test + + +class TestMendParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/mend/okhttp_no_vuln.json") + parser = MendParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_findings(self): + testfile = open("unittests/scans/mend/okhttp_one_vuln.json") + parser = MendParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = list(findings)[0] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-9658", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", finding.cvssv3) + self.assertEqual(5.3, finding.cvssv3_score) + + def test_parse_file_with_multiple_vuln_has_multiple_finding(self): + testfile = open("unittests/scans/mend/okhttp_many_vuln.json") + parser = MendParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(6, len(findings)) + + def test_parse_file_with_multiple_vuln_cli_output(self): + testfile = open( + get_unit_tests_path() + "/scans/mend/cli_generated_many_vulns.json" + ) + parser = MendParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(20, len(findings)) diff --git a/unittests/tools/test_meterian_parser.py b/unittests/tools/test_meterian_parser.py index 354bd4991be..ff2cf5d43ac 100644 --- a/unittests/tools/test_meterian_parser.py +++ b/unittests/tools/test_meterian_parser.py @@ -9,7 +9,7 @@ def test_meterianParser_invalid_security_report_raise_ValueError_exception(self) with self.assertRaises(ValueError): testfile = open("unittests/scans/meterian/report_invalid.json") parser = MeterianParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) def test_meterianParser_report_has_no_finding(self): testfile = open("unittests/scans/meterian/report_no_vulns.json") @@ -57,16 +57,17 @@ def test_meterianParser_finding_has_fields(self): "expression involved in parsing which can be exploited to to cause a denial " + "of service. This is fixed in version 0.14.2.", finding.description) self.assertEqual("7be36211-b569-30c0-8851-26b4bb8740ca", finding.unique_id_from_tool) - self.assertEqual("CVE-2020-26289", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-26289", finding.unsaved_vulnerability_ids[0]) self.assertEqual(400, finding.cwe) self.assertTrue(finding.mitigation.startswith("## Remediation")) - self.assertTrue("Upgrade date-and-time to version 0.14.2 or higher." in finding.mitigation) - self.assertTrue("https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26289" in finding.references, "found " + finding.references) - self.assertTrue("https://nvd.nist.gov/vuln/detail/CVE-2020-26289" in finding.references, "found " + finding.references) - self.assertTrue("https://www.npmjs.com/package/date-and-time" in finding.references, "found " + finding.references) - self.assertTrue("https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g" in finding.references, "found " + finding.references) - self.assertTrue("https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a" in finding.references, "found " + finding.references) - self.assertTrue("Manifest file", finding.file_path) + self.assertIn("Upgrade date-and-time to version 0.14.2 or higher.", finding.mitigation) + self.assertIn("https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26289", finding.references, "found " + finding.references) + self.assertIn("https://nvd.nist.gov/vuln/detail/CVE-2020-26289", finding.references, "found " + finding.references) + self.assertIn("https://www.npmjs.com/package/date-and-time", finding.references, "found " + finding.references) + self.assertIn("https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g", finding.references, "found " + finding.references) + self.assertIn("https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a", finding.references, "found " + finding.references) + self.assertIn("Manifest file", finding.file_path) self.assertEqual(["nodejs"], finding.tags) def test_meterianParser_finding_has_no_remediation(self): @@ -78,8 +79,8 @@ def test_meterianParser_finding_has_no_remediation(self): finding = findings[0] self.assertTrue(finding.mitigation.startswith("We were not able to provide a safe version for this library.")) - self.assertTrue("You should consider replacing this component as it could be an " + - "issue for the safety of your application." in finding.mitigation) + self.assertIn("You should consider replacing this component as it could be an " + + "issue for the safety of your application.", finding.mitigation) def test_meterianParser_dual_language_report_has_two_findins(self): testfile = open("unittests/scans/meterian/report_multi_language.json") diff --git a/unittests/tools/test_microfocus_webinspect_parser.py b/unittests/tools/test_microfocus_webinspect_parser.py index 1f724f3f97b..40609f86783 100644 --- a/unittests/tools/test_microfocus_webinspect_parser.py +++ b/unittests/tools/test_microfocus_webinspect_parser.py @@ -115,3 +115,14 @@ def test_parse_file_version_18_20(self): endpoint = item.unsaved_endpoints[0] self.assertEqual("www.microfocus.com", endpoint.host) self.assertEqual(443, endpoint.port) + + def test_parse_file_issue7690(self): + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + testfile = open( + get_unit_tests_path() + "/scans/microfocus_webinspect/issue_7690.xml" + ) + parser = MicrofocusWebinspectParser() + findings = parser.get_findings(testfile, test) + self.assertEqual(30, len(findings)) diff --git a/unittests/tools/test_mobsf_parser.py b/unittests/tools/test_mobsf_parser.py index 85709c0fa8f..26036eeb244 100644 --- a/unittests/tools/test_mobsf_parser.py +++ b/unittests/tools/test_mobsf_parser.py @@ -14,22 +14,22 @@ def test_parse_file(self): parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() - self.assertEqual(18, len(findings)) + self.assertEqual(22, len(findings)) item = findings[0] - self.assertEquals('android.permission.WRITE_EXTERNAL_STORAGE', item.title) - self.assertEquals('High', item.severity) + self.assertEqual('android.permission.WRITE_EXTERNAL_STORAGE', item.title) + self.assertEqual('High', item.severity) item = findings[2] - self.assertEquals('android.permission.INTERNET', item.title) - self.assertEquals('Info', item.severity) + self.assertEqual('android.permission.INTERNET', item.title) + self.assertEqual('Info', item.severity) item = findings[10] - self.assertEquals('Symbols are stripped', item.title) - self.assertEquals('Info', item.severity) - self.assertEquals('lib/armeabi-v7a/libdivajni.so', item.file_path) - self.assertEquals(7, item.nb_occurences) + self.assertEqual('This shared object does not have RELRO enabled', item.title) + self.assertEqual('High', item.severity) + self.assertEqual('lib/armeabi-v7a/libdivajni.so', item.file_path) + self.assertEqual(7, item.nb_occurences) item = findings[17] - self.assertEquals('Loading Native Code (Shared Library)', item.title) - self.assertEquals('Info', item.severity) - self.assertEquals(1, item.nb_occurences) + self.assertEqual('Local File I/O Operations', item.title) + self.assertEqual('Info', item.severity) + self.assertEqual(1, item.nb_occurences) def test_parse_file2(self): test = Test() @@ -52,7 +52,7 @@ def test_parse_file_3_1_9_android(self): parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() - self.assertEqual(61, len(findings)) + self.assertEqual(77, len(findings)) # TODO add more checks dedicated to this file def test_parse_file_3_1_9_ios(self): @@ -66,3 +66,51 @@ def test_parse_file_3_1_9_ios(self): testfile.close() self.assertEqual(11, len(findings)) # TODO add more checks dedicated to this file + + def test_parse_file_mobsf_3_7_9(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/mobsf_3_7_9.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(2, len(findings)) + self.assertEqual(findings[0].title, "The binary may contain the following insecure API(s) _memcpy\n, _strlen\n") + self.assertEqual(findings[1].title, "The binary may use _malloc\n function instead of calloc") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[1].severity, "High") + + def test_parse_issue_9132(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/issue_9132.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(37, len(findings)) + + def test_parse_allsafe(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/allsafe.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(55, len(findings)) + + def test_parse_damnvulnrablebank(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/damnvulnrablebank.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(39, len(findings)) diff --git a/unittests/tools/test_mobsfscan_parser.py b/unittests/tools/test_mobsfscan_parser.py index 0de491211b0..76e805852a9 100644 --- a/unittests/tools/test_mobsfscan_parser.py +++ b/unittests/tools/test_mobsfscan_parser.py @@ -83,3 +83,75 @@ def test_parse_many_findings(self): self.assertIsNotNone(finding.description) self.assertEqual(200, finding.cwe) self.assertIsNotNone(finding.references) + + def test_parse_many_findings_cwe_lower(self): + testfile = open("unittests/scans/mobsfscan/many_findings_cwe_lower.json") + parser = MobsfscanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(7, len(findings)) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("android_certificate_transparency", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(295, finding.cwe) + self.assertIsNotNone(finding.references) + + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("android_kotlin_hardcoded", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(798, finding.cwe) + self.assertIsNotNone(finding.references) + self.assertEqual("app/src/main/java/com/routes/domain/analytics/event/Signatures.kt", finding.file_path) + self.assertEqual(10, finding.line) + + with self.subTest(i=2): + finding = findings[2] + self.assertEqual("android_prevent_screenshot", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(200, finding.cwe) + self.assertIsNotNone(finding.references) + + with self.subTest(i=3): + finding = findings[3] + self.assertEqual("android_root_detection", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(919, finding.cwe) + self.assertIsNotNone(finding.references) + + with self.subTest(i=4): + finding = findings[4] + self.assertEqual("android_safetynet", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(353, finding.cwe) + self.assertIsNotNone(finding.references) + + with self.subTest(i=5): + finding = findings[5] + self.assertEqual("android_ssl_pinning", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(295, finding.cwe) + self.assertIsNotNone(finding.references) + + with self.subTest(i=6): + finding = findings[6] + self.assertEqual("android_tapjacking", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertEqual(200, finding.cwe) + self.assertIsNotNone(finding.references) diff --git a/unittests/tools/test_mozilla_observatory_parser.py b/unittests/tools/test_mozilla_observatory_parser.py index ee5d08f794e..4df3f206581 100644 --- a/unittests/tools/test_mozilla_observatory_parser.py +++ b/unittests/tools/test_mozilla_observatory_parser.py @@ -12,6 +12,11 @@ def test_parse_file_with_no_vuln_has_no_findings(self): # test that all findings are not active for finding in findings: self.assertFalse(finding.active) + if "strict-transport-security" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertEqual("Preloaded via the HTTP Strict Transport Security (HSTS) preloading process", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIn("Preloaded via the HTTP Strict Transport Security (HSTS) preloading process", finding.description) def test_parse_file_with_two_vuln_has_two_findings(self): testfile = open("unittests/scans/mozilla_observatory/mozilla_gitlab_two_vuln.json") @@ -162,6 +167,71 @@ def test_parse_file_cli_nmap_scanme(self): self.assertEqual("Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS", finding.title) self.assertEqual("Low", finding.severity) self.assertIn("Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS", finding.description) + elif "referrer-policy-private" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("Referrer-Policy header not implemented", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIn("Referrer-Policy header not implemented", finding.description) + else: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertFalse(finding.active) + + def test_parse_file_cli_nmap_scanme_no_name_attribute(self): + """Test from the CLI""" + testfile = open("unittests/scans/mozilla_observatory/nmap_scanme_2022.json") + parser = MozillaObservatoryParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(12, len(findings)) + for finding in findings: + if "content-security-policy" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("Content Security Policy (CSP) header not implemented", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertIn("Content Security Policy (CSP) header not implemented", finding.description) + elif "strict-transport-security" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over HTTPS", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertIn("HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over HTTPS", finding.description) + elif "x-xss-protection" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("X-XSS-Protection header not implemented", finding.title) + self.assertEqual("Low", finding.severity) + self.assertIn("X-XSS-Protection header not implemented", finding.description) + elif "x-frame-options" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("X-Frame-Options (XFO) header not implemented", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertIn("X-Frame-Options (XFO) header not implemented", finding.description) + elif "x-content-type-options" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("X-Content-Type-Options header not implemented", finding.title) + self.assertEqual("Low", finding.severity) + self.assertIn("X-Content-Type-Options header not implemented", finding.description) + elif "subresource-integrity" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertFalse(finding.active) + self.assertEqual("Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIn("Subresource Integrity (SRI) not implemented", finding.description) + elif "redirection" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("Does not redirect to an HTTPS site", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertIn("Does not redirect to an HTTPS site", finding.description) + elif "referrer-policy-private" == finding.vuln_id_from_tool: + with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): + self.assertTrue(finding.active) + self.assertEqual("Referrer-Policy header not implemented", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIn("Referrer-Policy header not implemented", finding.description) else: with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool): self.assertFalse(finding.active) diff --git a/unittests/tools/test_ms_defender_parser.py b/unittests/tools/test_ms_defender_parser.py new file mode 100644 index 00000000000..c4f899e3ab8 --- /dev/null +++ b/unittests/tools/test_ms_defender_parser.py @@ -0,0 +1,70 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.ms_defender.parser import MSDefenderParser +from dojo.models import Test + + +class TestSDefenderParser(DojoTestCase): + + def test_parse_many_findings(self): + testfile = open("unittests/scans/ms_defender/report_many_vulns.json") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(4, len(findings)) + finding = findings[2] + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-5678-9887_wjeriowerjoiewrjoweirjeowij", finding.title) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/ms_defender/report_one_vuln.json") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual("CVE-1234-5678_fjweoifjewiofjweoifjeowifjowei", finding.title) + self.assertEqual("CVE-1234-5678", finding.cve) + + def test_parse_no_finding(self): + testfile = open("unittests/scans/ms_defender/report_no_vuln.json") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parser_defender_zip(self): + testfile = open("unittests/scans/ms_defender/defender.zip") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(4, len(findings)) + finding = findings[2] + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-5678-9887_None_Other_wjeriowerjoiewrjoweirjeowij", finding.title) + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual("1.1.1.1", finding.unsaved_endpoints[0].host) + + def test_parser_defender_wrong_machines_zip(self): + testfile = open("unittests/scans/ms_defender/defender_wrong_machines.zip") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(4, len(findings)) + finding = findings[2] + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-5678-9887_wjeriowerjoiewrjoweirjeowij", finding.title) + + def test_parser_defender_multiple_files_zip(self): + testfile = open("unittests/scans/ms_defender/defender_multiple_files.zip") + parser = MSDefenderParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(5, len(findings)) + finding = findings[4] + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-5678-8888_None_Other_wjeriowerjoiewrjoweirjeowij", finding.title) + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual("1.1.1.1", finding.unsaved_endpoints[0].host) diff --git a/unittests/tools/test_nessus_parser.py b/unittests/tools/test_nessus_parser.py deleted file mode 100644 index a3628412235..00000000000 --- a/unittests/tools/test_nessus_parser.py +++ /dev/null @@ -1,144 +0,0 @@ -from os import path -from ..dojo_test_case import DojoTestCase -from dojo.tools.nessus.parser import NessusXMLParser, NessusCSVParser, NessusParser -from dojo.models import Finding, Test, Engagement, Product - - -class TestNessusParser(DojoTestCase): - def create_test(self): - test = Test() - test.engagement = Engagement() - test.engagement.product = Product() - return test - - def test_parse_some_findings(self): - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln.xml")) - parser = NessusXMLParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(6, len(findings)) - finding = findings[5] - self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cwe) - print(finding.unsaved_endpoints) - endpoint = finding.unsaved_endpoints[0] - self.assertEqual("https", endpoint.protocol) - endpoint = finding.unsaved_endpoints[1] - self.assertEqual("tcp", endpoint.protocol) - - def test_parse_some_findings_csv(self): - """Test one report provided by a user""" - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln.csv")) - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(4, len(findings)) - for i in [0, 1, 2, 3]: - finding = findings[i] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("Medium", finding.severity) - self.assertEqual(0, finding.cwe) - # check some data - finding = findings[0] - self.assertEqual("CVE-2004-2761", finding.cve) - self.assertEqual(1, len(finding.unsaved_endpoints)) - self.assertEqual("10.1.1.1", finding.unsaved_endpoints[0].host) - self.assertEqual("AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", finding.cvssv3) - # TODO work on component attributes for Nessus CSV parser - self.assertIsNotNone(finding.component_name) - self.assertEqual("md5", finding.component_name) - # this vuln have 'CVE-2013-2566,CVE-2015-2808' as CVE - # current implementation return the first - finding = findings[3] - self.assertEqual("CVE-2013-2566", finding.cve) - - def test_parse_some_findings_csv2(self): - """Test that use default columns of Nessus Pro 8.13.1 (#257)""" - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln2-default.csv")) - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(29, len(findings)) - finding = findings[0] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) - self.assertEqual(0, finding.cwe) - self.assertEqual("HTTP Server Type and Version", finding.title) - finding = findings[25] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)", finding.title) - self.assertEqual("Info", finding.severity) - self.assertEqual("CVE-2004-2761", finding.cve) - - def test_parse_some_findings_csv2_all(self): - """Test that use a report with all columns of Nessus Pro 8.13.1 (#257)""" - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln2-all.csv")) - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(29, len(findings)) - finding = findings[0] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) - self.assertEqual(0, finding.cwe) - self.assertEqual("HTTP Server Type and Version", finding.title) - finding = findings[25] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)", finding.title) - self.assertEqual("Info", finding.severity) - self.assertEqual("CVE-2004-2761", finding.cve) - - def test_parse_some_findings_csv_bytes(self): - """This tests is designed to test the parser with different read modes""" - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln2-all.csv")) - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln2-all.csv"), "rt") - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_many_vuln2-all.csv"), "rb") - parser = NessusCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - - def test_parse_some_findings_samples(self): - """Test that come from samples repo""" - testfile = open(path.join(path.dirname(__file__), "../scans/nessus/nessus_v_unknown.xml")) - parser = NessusParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(32, len(findings)) - finding = findings[0] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) - self.assertEqual("Nessus Scan Information", finding.title) - finding = findings[25] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("Nessus SYN scanner", finding.title) - self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) - endpoint = finding.unsaved_endpoints[26] - self.assertEqual("http", endpoint.protocol) - endpoint = finding.unsaved_endpoints[37] - self.assertEqual("tcp", endpoint.protocol) diff --git a/unittests/tools/test_nessus_was_parser.py b/unittests/tools/test_nessus_was_parser.py deleted file mode 100644 index 10f57678469..00000000000 --- a/unittests/tools/test_nessus_was_parser.py +++ /dev/null @@ -1,91 +0,0 @@ -from ..dojo_test_case import DojoTestCase -from dojo.tools.nessus_was.parser import NessusWASXMLParser, NessusWASCSVParser -from dojo.models import Finding, Test, Engagement, Product - - -class TestNessusWASParser(DojoTestCase): - - def create_test(self): - test = Test() - test.engagement = Engagement() - test.engagement.product = Product() - return test - - def test_parse_many_findings_xml(self): - testfile = open("unittests/scans/nessus_was/nessus_was_many_vuln.xml") - parser = NessusWASXMLParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(5, len(findings)) - for i in [0, 1, 2, 3, 4]: - finding = findings[i] - self.assertEqual('http', finding.unsaved_endpoints[0].protocol) - self.assertIsNone(finding.cwe) - finding = findings[0] - self.assertEqual('High', finding.severity) - self.assertEqual('Cross-Site Scripting (XSS)', finding.title) - - def test_parse_one_findings_xml(self): - testfile = open("unittests/scans/nessus_was/nessus_was_one_vuln.xml") - parser = NessusWASXMLParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(1, len(findings)) - finding = findings[0] - self.assertEqual('http', finding.unsaved_endpoints[0].protocol) - self.assertIsNone(finding.cwe) - self.assertEqual('High', finding.severity) - self.assertEqual('Cross-Site Scripting (XSS)', finding.title) - - def test_parse_no_findings_xml(self): - testfile = open("unittests/scans/nessus_was/nessus_was_no_vuln.xml") - parser = NessusWASXMLParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(0, len(findings)) - - def test_parse_many_findings_csv(self): - testfile = open("unittests/scans/nessus_was/nessus_was_many_vuln.csv") - parser = NessusWASCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(5, len(findings)) - for i in [0, 1, 2, 3, 4]: - finding = findings[i] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual('google.com', finding.unsaved_endpoints[0].host) - self.assertIsNone(finding.cve) - finding = findings[0] - self.assertEqual('7.1', finding.cvssv3_score) - self.assertEqual('High', finding.severity) - self.assertEqual('http', finding.unsaved_endpoints[0].protocol) - - def test_parse_one_findings_csv(self): - testfile = open("unittests/scans/nessus_was/nessus_was_one_vuln.csv") - parser = NessusWASCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(1, len(findings)) - finding = findings[0] - self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual('google.com', finding.unsaved_endpoints[0].host) - self.assertIsNone(finding.cve) - self.assertEqual('7.1', finding.cvssv3_score) - self.assertEqual('High', finding.severity) - self.assertEqual('http', finding.unsaved_endpoints[0].protocol) - - def test_parse_no_findings_csv(self): - testfile = open("unittests/scans/nessus_was/nessus_was_no_vuln.csv") - parser = NessusWASCSVParser() - findings = parser.get_findings(testfile, self.create_test()) - self.assertEqual(0, len(findings)) diff --git a/unittests/tools/test_neuvector_compliance_parser.py b/unittests/tools/test_neuvector_compliance_parser.py new file mode 100644 index 00000000000..d5d22e6f2f5 --- /dev/null +++ b/unittests/tools/test_neuvector_compliance_parser.py @@ -0,0 +1,28 @@ +from os import path +from ..dojo_test_case import DojoTestCase +from dojo.models import Test +from dojo.tools.neuvector_compliance.parser import NeuVectorComplianceParser + + +class TestNeuVectorComplianceParser(DojoTestCase): + def test_parse_file_with_no_vuln(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector_compliance/no_vuln.json")) + parser = NeuVectorComplianceParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector_compliance/one_vuln.json")) + parser = NeuVectorComplianceParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + self.assertEqual("docker_D.1.1.11", findings[0].vuln_id_from_tool) + + def test_parse_file_with_many_vulns(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector_compliance/many_vulns.json")) + parser = NeuVectorComplianceParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(6, len(findings)) diff --git a/unittests/tools/test_neuvector_parser.py b/unittests/tools/test_neuvector_parser.py new file mode 100644 index 00000000000..ef7366d6826 --- /dev/null +++ b/unittests/tools/test_neuvector_parser.py @@ -0,0 +1,29 @@ +from os import path +from ..dojo_test_case import DojoTestCase +from dojo.models import Test +from dojo.tools.neuvector.parser import NeuVectorParser + + +class TestNeuVectorParser(DojoTestCase): + def test_parse_file_with_no_vuln(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector/no_vuln.json")) + parser = NeuVectorParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector/one_vuln.json")) + parser = NeuVectorParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-8356", findings[0].unsaved_vulnerability_ids[0]) + + def test_parse_file_with_many_vulns(self): + testfile = open(path.join(path.dirname(__file__), "../scans/neuvector/many_vulns.json")) + parser = NeuVectorParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(2, len(findings)) diff --git a/unittests/tools/test_nexpose_parser.py b/unittests/tools/test_nexpose_parser.py index f1b3beec673..41b9ddffdf8 100644 --- a/unittests/tools/test_nexpose_parser.py +++ b/unittests/tools/test_nexpose_parser.py @@ -1,3 +1,6 @@ +import datetime +from django.test import override_settings + from ..dojo_test_case import DojoTestCase from dojo.tools.nexpose.parser import NexposeParser from dojo.models import Test, Engagement, Product @@ -40,18 +43,19 @@ def test_nexpose_parser_has_many_finding(self): finding = findings[0] self.assertEqual("Medium", finding.severity) self.assertEqual("TCP Sequence Number Approximation Vulnerability", finding.title) - self.assertEqual("CVE-2004-0230", finding.cve) self.assertEqual(3, len(finding.unsaved_endpoints)) self.assertIn("https://www.securityfocus.com/bid/10183", finding.references) # BID: 10183 self.assertIn("https://www.kb.cert.org/vuls/id/415294.html", finding.references) # CERT-VN: 415294 self.assertIn("https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230", finding.references) # CVE: CVE-2004-0230 + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2004-0230", finding.unsaved_vulnerability_ids[0]) # vuln 2 finding = findings[2] self.assertEqual("Low", finding.severity) self.assertEqual("TCP timestamp response", finding.title) - self.assertIsNone(finding.cve) self.assertEqual(5, len(finding.unsaved_endpoints)) + self.assertIsNone(finding.unsaved_vulnerability_ids) # vuln 2 - endpoint endpoint = finding.unsaved_endpoints[0] @@ -145,22 +149,22 @@ def test_nexpose_parser_tests_outside_endpoint(self): finding = findings[0] self.assertEqual("High", finding.severity) self.assertEqual("ICMP redirection enabled", finding.title) - self.assertIsNone(finding.cve) self.assertEqual(4, len(finding.unsaved_endpoints)) + self.assertIsNone(finding.unsaved_vulnerability_ids) # vuln 1 finding = findings[1] self.assertEqual("Medium", finding.severity) self.assertEqual("No password for Grub", finding.title) - self.assertIsNone(finding.cve) self.assertEqual(4, len(finding.unsaved_endpoints)) + self.assertIsNone(finding.unsaved_vulnerability_ids) # vuln 2 finding = findings[2] self.assertEqual("Low", finding.severity) self.assertEqual("User home directory mode unsafe", finding.title) - self.assertIsNone(finding.cve) self.assertEqual(16, len(finding.unsaved_endpoints)) + self.assertIsNone(finding.unsaved_vulnerability_ids) def test_nexpose_parser_dns(self): testfile = open("unittests/scans/nexpose/dns.xml") @@ -201,3 +205,19 @@ def test_nexpose_parser_dns(self): self.assertEqual('dns', str(finding.unsaved_endpoints[0].protocol)) self.assertEqual('udp', str(finding.unsaved_endpoints[0].fragment)) self.assertEqual('dns://192.168.1.1#udp', str(finding.unsaved_endpoints[0])) + + @override_settings(USE_FIRST_SEEN=True) + def test_nexpose_parser_use_first_seen(self): + testfile = open("unittests/scans/nexpose/dns.xml") + parser = NexposeParser() + findings = parser.get_findings(testfile, Test()) + + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + self.assertEqual(6, len(findings)) + finding = findings[2] + self.assertEqual(datetime.datetime(2021, 2, 11, 16, 45, 6, 81000), finding.date, finding.title) + finding = findings[4] + self.assertEqual(datetime.datetime(2021, 2, 11, 16, 45, 6, 81000), finding.date, finding.title) diff --git a/unittests/tools/test_nikto_parser.py b/unittests/tools/test_nikto_parser.py index ae8612dc082..b7037fe364b 100644 --- a/unittests/tools/test_nikto_parser.py +++ b/unittests/tools/test_nikto_parser.py @@ -48,7 +48,7 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() - self.assertTrue(len(findings) == 10) + self.assertEqual(len(findings), 10) def test_parse_file_json_with_multiple_vuln_has_multiple_findings(self): testfile = open("unittests/scans/nikto/juice-shop.json") @@ -176,3 +176,12 @@ def test_parse_file_xml_another(self): self.assertEqual(443, endpoint.port) self.assertEqual("64.220.43.153", endpoint.host) self.assertIsNone(endpoint.path) + + def test_parse_file_issue_9274(self): + testfile = open("unittests/scans/nikto/issue_9274.json") + parser = NiktoParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(8, len(findings)) diff --git a/unittests/tools/test_nmap_parser.py b/unittests/tools/test_nmap_parser.py index ceca69b5852..0852a3d3df2 100644 --- a/unittests/tools/test_nmap_parser.py +++ b/unittests/tools/test_nmap_parser.py @@ -66,13 +66,15 @@ def test_parse_file_with_script_vulner(self): self.assertEqual(3, len(findings)) self.assertEqual("Medium", findings[0].severity) - self.assertEqual("CVE-2018-15919", findings[0].cve) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-15919", findings[0].unsaved_vulnerability_ids[0]) self.assertEqual("openssh", findings[0].component_name) self.assertEqual("7.4", findings[0].component_version) self.assertEqual(datetime.datetime(2020, 2, 17, 9, 7, 25), findings[0].date) self.assertEqual("Medium", findings[1].severity) - self.assertEqual("CVE-2017-15906", findings[1].cve) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2017-15906", findings[1].unsaved_vulnerability_ids[0]) self.assertEqual("openssh", findings[1].component_name) self.assertEqual("7.4", findings[1].component_version) self.assertEqual(datetime.datetime(2020, 2, 17, 9, 7, 25), findings[1].date) @@ -98,7 +100,8 @@ def test_parse_issue4406(self): with self.subTest(i=22): finding = findings[22] self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-2019-6111", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-6111", finding.unsaved_vulnerability_ids[0]) self.assertEqual("openssh", finding.component_name) self.assertEqual("7.4", finding.component_version) self.assertEqual(datetime.datetime(2021, 4, 29, 9, 26, 36), finding.date) diff --git a/unittests/tools/test_npm_audit_parser.py b/unittests/tools/test_npm_audit_parser.py index 1fc7790ef91..10149ca1c10 100644 --- a/unittests/tools/test_npm_audit_parser.py +++ b/unittests/tools/test_npm_audit_parser.py @@ -6,55 +6,86 @@ class TestNpmAuditParser(DojoTestCase): def test_npm_audit_parser_with_no_vuln_has_no_findings(self): - testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/no_vuln.json")) + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/no_vuln.json")) parser = NpmAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(0, len(findings)) def test_npm_audit_parser_with_one_criticle_vuln_has_one_findings(self): - testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/one_vuln.json")) + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/one_vuln.json")) parser = NpmAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) + self.assertEqual(94, findings[0].cwe) self.assertEqual("growl", findings[0].component_name) self.assertEqual("1.9.2", findings[0].component_version) def test_npm_audit_parser_with_many_vuln_has_many_findings(self): - testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln.json")) + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/many_vuln.json")) parser = NpmAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(5, len(findings)) for find in findings: - if find.cve == "CVE-2017-16138": - self.assertEqual(find.file_path, "censored_by_npm_audit>send>mime") - elif find.cve == "CVE-2017-16119": - self.assertEqual(find.file_path, "express>fresh") + if find.file_path == "censored_by_npm_audit>send>mime": + self.assertEqual(1, len(find.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2017-16138", find.unsaved_vulnerability_ids[0]) + if find.file_path == "express>fresh": + self.assertEqual(1, len(find.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2017-16119", find.unsaved_vulnerability_ids[0]) # TODO ordering seems to be different in ci compared to local, so disable for now # self.assertEqual('mime', findings[4].component_name) # self.assertEqual('1.3.4', findings[4].component_version) + def test_npm_audit_parser_multiple_cwes_per_finding(self): + # cwes formatted as escaped list: "cwe": "[\"CWE-346\",\"CWE-453\"]", + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/multiple_cwes.json")) + parser = NpmAuditParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(41, len(findings)) + self.assertEqual(400, findings[0].cwe) + self.assertEqual(359, findings[12].cwe) + + def test_npm_audit_parser_multiple_cwes_per_finding_list(self): + # cwes formatted as proper list: "cwe": ["CWE-918","CWE-1333"], + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/multiple_cwes2.json")) + parser = NpmAuditParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(6, len(findings)) + self.assertEqual(918, findings[0].cwe) + + def test_npm_audit_parser_with_one_criticle_vuln_has_null_as_cwe(self): + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/cwe_null.json")) + parser = NpmAuditParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + self.assertEqual(1035, findings[0].cwe) + self.assertEqual("growl", findings[0].component_name) + self.assertEqual("1.9.2", findings[0].component_version) + def test_npm_audit_parser_empty_with_error(self): with self.assertRaises(ValueError) as context: - testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/empty_with_error.json")) + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/empty_with_error.json")) parser = NpmAuditParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() - self.assertTrue("npm audit report contains errors:" in str(context.exception)) - self.assertTrue("ENOAUDIT" in str(context.exception)) + self.assertIn("npm audit report contains errors:", str(context.exception)) + self.assertIn("ENOAUDIT", str(context.exception)) def test_npm_audit_parser_many_vuln_npm7(self): with self.assertRaises(ValueError) as context: - testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln_npm7.json")) + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/many_vuln_npm7.json")) parser = NpmAuditParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) testfile.close() - self.assertTrue("npm7 with auditReportVersion 2 or higher not yet supported" in str(context.exception)) - self.assertEqual(findings, None) + self.assertIn("npm7 with auditReportVersion 2 or higher not yet supported", str(context.exception)) def test_npm_audit_censored_hash(self): path = "77d76e075ae87483063c4c74885422f98300f9fc0ecbd3b8dfb60152a36e5269>axios" @@ -64,3 +95,10 @@ def test_npm_audit_censored_hash(self): path = "7f888b06cc55dd893be344958d300da5ca1d84eebd0928d8bcb138b4029eff9f>c748e76b6a1b63450590f72e14f9b53ad357bc64632ff0bda73d00799c4a0a91>lodash" censored_path = censor_path_hashes(path) self.assertEqual(censored_path, "censored_by_npm_audit>censored_by_npm_audit>lodash") + + def test_npm_audit_parser_issue_7897(self): + testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit/issue_7897.json")) + parser = NpmAuditParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(5, len(findings)) diff --git a/unittests/tools/test_nsp_parser.py b/unittests/tools/test_nsp_parser.py index 81d661499eb..469b0b117de 100644 --- a/unittests/tools/test_nsp_parser.py +++ b/unittests/tools/test_nsp_parser.py @@ -27,12 +27,12 @@ def test_parse_ok(self): codeExec += 1 elif finding.title.startswith("Regular Expression Denial of Service"): self.assertEqual(findings[0].severity, "High") - self.assertTrue( - finding.references == "https://nodesecurity.io/advisories/106" or - finding.references == "https://nodesecurity.io/advisories/526" or - finding.references == "https://nodesecurity.io/advisories/534" or - finding.references == "https://nodesecurity.io/advisories/535" - ) + self.assertIn(finding.references, [ + "https://nodesecurity.io/advisories/106", + "https://nodesecurity.io/advisories/526", + "https://nodesecurity.io/advisories/534", + "https://nodesecurity.io/advisories/535", + ]) dos += 1 else: self.fail("Unexpected NSP finding.") diff --git a/unittests/tools/test_nuclei_parser.py b/unittests/tools/test_nuclei_parser.py index 218cd9e447c..432960dfb92 100644 --- a/unittests/tools/test_nuclei_parser.py +++ b/unittests/tools/test_nuclei_parser.py @@ -1,16 +1,34 @@ from ..dojo_test_case import DojoTestCase from dojo.tools.nuclei.parser import NucleiParser from dojo.models import Test +from datetime import datetime +from dateutil.tz import tzoffset class TestNucleiParser(DojoTestCase): + def test_parse_no_empty(self): + testfile = open("unittests/scans/nuclei/empty.jsonl") + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + def test_parse_no_findings(self): testfile = open("unittests/scans/nuclei/no_findings.json") parser = NucleiParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) + def test_parse_issue_9201(self): + testfile = open("unittests/scans/nuclei/issue_9201.json") + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual("example.com", finding.unsaved_endpoints[0].host) + def test_parse_many_findings(self): testfile = open("unittests/scans/nuclei/many_findings.json") parser = NucleiParser() @@ -19,8 +37,7 @@ def test_parse_many_findings(self): for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() - - self.assertEqual(7, len(findings)) + self.assertEqual(16, len(findings)) with self.subTest(i=0): finding = findings[0] @@ -65,7 +82,20 @@ def test_parse_many_findings(self): finding = findings[3] self.assertEqual("Wappalyzer Technology Detection", finding.title) self.assertEqual("Info", finding.severity) - self.assertEqual(11, finding.nb_occurences) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertIsNone(finding.references) + self.assertIsNone(finding.unsaved_tags) + self.assertEqual("WebGoat", finding.unsaved_endpoints[0].path) + self.assertEqual("127.0.0.1", finding.unsaved_endpoints[0].host) + self.assertEqual(8080, finding.unsaved_endpoints[0].port) + self.assertEqual("tech-detect", finding.vuln_id_from_tool) + + with self.subTest(i=4): + finding = findings[4] + self.assertEqual("Wappalyzer Technology Detection", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual(2, finding.nb_occurences) self.assertIsNotNone(finding.description) self.assertIsNone(finding.references) self.assertIsNone(finding.unsaved_tags) @@ -75,16 +105,13 @@ def test_parse_many_findings(self): self.assertEqual("WebWolf", finding.unsaved_endpoints[1].path) self.assertEqual("127.0.0.1", finding.unsaved_endpoints[1].host) self.assertEqual(9090, finding.unsaved_endpoints[1].port) - self.assertEqual(None, finding.unsaved_endpoints[2].path) - self.assertEqual("nuclei-example.com", finding.unsaved_endpoints[2].host) - self.assertEqual(443, finding.unsaved_endpoints[2].port) self.assertEqual("tech-detect", finding.vuln_id_from_tool) - with self.subTest(i=4): - finding = findings[4] + with self.subTest(i=12): + finding = findings[12] self.assertEqual("WAF Detection", finding.title) self.assertEqual("Info", finding.severity) - self.assertEqual(2, finding.nb_occurences) + self.assertEqual(1, finding.nb_occurences) self.assertIsNotNone(finding.description) self.assertIsNone(finding.references) self.assertIsNone(finding.unsaved_tags) @@ -93,8 +120,8 @@ def test_parse_many_findings(self): self.assertEqual(443, finding.unsaved_endpoints[0].port) self.assertEqual("waf-detect", finding.vuln_id_from_tool) - with self.subTest(i=5): - finding = findings[5] + with self.subTest(i=14): + finding = findings[14] self.assertEqual("phpMyAdmin Panel", finding.title) self.assertEqual("Info", finding.severity) self.assertEqual(1, finding.nb_occurences) @@ -106,8 +133,8 @@ def test_parse_many_findings(self): self.assertEqual(443, finding.unsaved_endpoints[0].port) self.assertEqual("phpmyadmin-panel", finding.vuln_id_from_tool) - with self.subTest(i=6): - finding = findings[6] + with self.subTest(i=15): + finding = findings[15] self.assertEqual("MySQL DB with enabled native password", finding.title) self.assertEqual("Info", finding.severity) self.assertEqual(1, finding.nb_occurences) @@ -121,3 +148,93 @@ def test_parse_many_findings(self): self.assertEqual("nuclei-example.com", finding.unsaved_endpoints[0].host) self.assertEqual(3306, finding.unsaved_endpoints[0].port) self.assertEqual("mysql-native-password-bruteforce", finding.vuln_id_from_tool) + + def test_parse_many_findings_new(self): + testfile = open("unittests/scans/nuclei/many_findings_new.json") + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + self.assertEqual(2, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("OpenSSH Username Enumeration v7.7", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertIsNotNone(finding.description) + self.assertIn("network", finding.unsaved_tags) + self.assertIn("openssh", finding.unsaved_tags) + self.assertIn("cve", finding.unsaved_tags) + self.assertIsNotNone(finding.references) + self.assertEqual("nuclei-example.com", finding.unsaved_endpoints[0].host) + self.assertEqual(22, finding.unsaved_endpoints[0].port) + self.assertEqual("CVE-2018-15473", finding.vuln_id_from_tool) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertIn('CVE-2018-15473', vulnerability_ids) + self.assertEqual(362, finding.cwe) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", finding.cvssv3) + self.assertEqual(5.3, finding.cvssv3_score) + + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("Exposed Prometheus metrics", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual(1, finding.nb_occurences) + self.assertEqual('', finding.description) + self.assertIn("config", finding.unsaved_tags) + self.assertIn("exposure", finding.unsaved_tags) + self.assertIn("prometheus", finding.unsaved_tags) + self.assertIsNotNone(finding.references) + self.assertEqual("prometheus-metrics", finding.vuln_id_from_tool) + + def test_parse_many_findings_third(self): + testfile = open("unittests/scans/nuclei/many_findings_third.json") + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + self.assertEqual(2, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("HTTP Missing Security Headers", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIsNotNone(finding.description) + self.assertIsNotNone(finding.unsaved_request) + self.assertIsNotNone(finding.unsaved_response) + self.assertIsNotNone(finding.steps_to_reproduce) + self.assertEqual(3, len(finding.unsaved_tags)) + self.assertEqual("example.com", finding.unsaved_endpoints[0].host) + self.assertEqual(443, finding.unsaved_endpoints[0].port) + self.assertEqual("http-missing-security-headers", finding.vuln_id_from_tool) + self.assertEqual("x-content-type-options", finding.component_name) + self.assertEqual(finding.date, + datetime(2023, 3, 13, 11, 2, 11, 829446, tzinfo=tzoffset(None, 10800))) + + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("favicon-detection", finding.title) + self.assertEqual("Info", finding.severity) + self.assertIsNotNone(finding.steps_to_reproduce) + self.assertEqual(4, finding.references.count("\n")) + self.assertEqual("favicon-detect", finding.vuln_id_from_tool) + self.assertEqual("asp.net-favicon", finding.component_name) + + def test_parse_many_findings_v3(self): + testfile = open("unittests/scans/nuclei/multiple_v3.json") + parser = NucleiParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(5, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Info", finding.severity) diff --git a/unittests/tools/test_openscap_parser.py b/unittests/tools/test_openscap_parser.py index f205a0598a0..013ad9970e1 100644 --- a/unittests/tools/test_openscap_parser.py +++ b/unittests/tools/test_openscap_parser.py @@ -21,6 +21,9 @@ def test_openscap_parser_with_one_criticle_vuln_has_one_findings(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2005-1038", finding.unsaved_vulnerability_ids[0]) def test_openscap_parser_with_many_vuln_has_many_findings(self): testfile = open("unittests/scans/openscap/many_vuln_rhsa.xml") @@ -34,7 +37,8 @@ def test_openscap_parser_with_many_vuln_has_many_findings(self): finding = findings[0] self.assertEqual("RHSA-2017:3315: kernel security and bug fix update (Moderate)", finding.title) self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-2017-1000380", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2017-1000380", finding.unsaved_vulnerability_ids[0]) self.assertEqual("oval-com.redhat.rhsa-def-20173315", finding.unique_id_from_tool) # endpoints self.assertEqual(7, len(finding.unsaved_endpoints)) @@ -58,7 +62,7 @@ def test_parser_from_spec_1_1_3(self): finding = findings[0] self.assertEqual("IOS 12 - no IP finger service", finding.title) self.assertEqual("Medium", finding.severity) - self.assertIsNone(finding.cve) + self.assertIsNone(finding.unsaved_vulnerability_ids) self.assertEqual("ios12-no-finger-service", finding.unique_id_from_tool) # endpoints self.assertEqual(3, len(finding.unsaved_endpoints)) diff --git a/unittests/tools/test_openvas_csv_parser.py b/unittests/tools/test_openvas_parser.py similarity index 53% rename from unittests/tools/test_openvas_csv_parser.py rename to unittests/tools/test_openvas_parser.py index ce964e5be36..a3fdf354534 100644 --- a/unittests/tools/test_openvas_csv_parser.py +++ b/unittests/tools/test_openvas_parser.py @@ -1,16 +1,15 @@ from ..dojo_test_case import DojoTestCase -from dojo.tools.openvas_csv.parser import OpenVASCsvParser +from dojo.tools.openvas.parser import OpenVASParser from dojo.models import Test, Engagement, Product -class TestOpenVASUploadCsvParser(DojoTestCase): - +class TestOpenVASParser(DojoTestCase): def test_openvas_csv_one_vuln(self): with open("unittests/scans/openvas/one_vuln.csv") as f: test = Test() test.engagement = Engagement() test.engagement.product = Product() - parser = OpenVASCsvParser() + parser = OpenVASParser() findings = parser.get_findings(f, test) for finding in findings: for endpoint in finding.unsaved_endpoints: @@ -31,7 +30,7 @@ def test_openvas_csv_many_vuln(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() - parser = OpenVASCsvParser() + parser = OpenVASParser() findings = parser.get_findings(f, test) for finding in findings: for endpoint in finding.unsaved_endpoints: @@ -48,3 +47,40 @@ def test_openvas_csv_many_vuln(self): self.assertEqual("LOGSRV", endpoint.host) self.assertEqual("tcp", endpoint.protocol) self.assertEqual(9200, endpoint.port) + + def test_openvas_xml_no_vuln(self): + with open("unittests/scans/openvas/no_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASParser() + findings = parser.get_findings(f, test) + self.assertEqual(0, len(findings)) + + def test_openvas_xml_one_vuln(self): + with open("unittests/scans/openvas/one_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASParser() + findings = parser.get_findings(f, test) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Mozilla Firefox Security Update (mfsa_2023-32_2023-36) - Windows_10.0.101.2_general/tcp", finding.title) + self.assertEqual("Critical", finding.severity) + + def test_openvas_xml_many_vuln(self): + with open("unittests/scans/openvas/many_vuln.xml") as f: + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + parser = OpenVASParser() + findings = parser.get_findings(f, test) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(44, len(findings)) diff --git a/unittests/tools/test_ossindex_devaudit_parser.py b/unittests/tools/test_ossindex_devaudit_parser.py index f57993a6057..841730dbf84 100644 --- a/unittests/tools/test_ossindex_devaudit_parser.py +++ b/unittests/tools/test_ossindex_devaudit_parser.py @@ -7,7 +7,7 @@ class TestOssIndexDevauditParser(DojoTestCase): def test_ossindex_devaudit_parser_with_no_vulns_has_no_findings(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_no_vuln.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_no_vuln.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) @@ -16,7 +16,7 @@ def test_ossindex_devaudit_parser_with_no_vulns_has_no_findings(self): def test_ossindex_devaudit_parser_with_one_critical_vuln_has_one_finding(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_one_vuln.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_one_vuln.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) @@ -25,25 +25,25 @@ def test_ossindex_devaudit_parser_with_one_critical_vuln_has_one_finding(self): def test_ossindex_devaudit_parser_with_multiple_vulns_has_multiple_finding(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_multiple_vulns.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_multiple_vulns.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() - self.assertTrue(len(findings) > 1) + self.assertGreater(len(findings), 1) def test_ossindex_devaudit_parser_with_no_cve_returns_info_severity(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_vuln_no_cvssscore.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_vuln_no_cvssscore.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() - self.assertTrue(len(findings) == 1) + self.assertEqual(len(findings), 1) def test_ossindex_devaudit_parser_with_reference_shows_reference(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_one_vuln.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_one_vuln.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) @@ -51,114 +51,114 @@ def test_ossindex_devaudit_parser_with_reference_shows_reference(self): if len(findings) > 0: for item in findings: - self.assertTrue(item.references != "") + self.assertNotEqual(item.references, "") def test_ossindex_devaudit_parser_with_empty_reference_shows_empty_reference(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_reference.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_empty_reference.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.references == "") + self.assertEqual(item.references, "") def test_ossindex_devaudit_parser_with_missing_reference_shows_empty(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_reference.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_missing_reference.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.references == "") + self.assertEqual(item.references, "") def test_ossindex_devaudit_parser_with_missing_cwe_shows_1035(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_missing_cwe.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_missing_cwe.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.cwe == 1035) + self.assertEqual(item.cwe, 1035) def test_ossindex_devaudit_parser_with_null_cwe_shows_1035(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_null_cwe.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_null_cwe.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.cwe == 1035) + self.assertEqual(item.cwe, 1035) def test_ossindex_devaudit_parser_with_empty_cwe_shows_1035(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_empty_cwe.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_empty_cwe.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.cwe == 1035) + self.assertEqual(item.cwe, 1035) def test_ossindex_devaudit_parser_get_severity_shows_info(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_info.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_severity_info.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.severity == "Info") + self.assertEqual(item.severity, "Info") def test_ossindex_devaudit_parser_get_severity_shows_critical(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_critical.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_severity_critical.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.severity == "Critical") + self.assertEqual(item.severity, "Critical") def test_ossindex_devaudit_parser_get_severity_shows_high(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_high.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_severity_high.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.severity == "High") + self.assertEqual(item.severity, "High") def test_ossindex_devaudit_parser_get_severity_shows_medium(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_medium.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_severity_medium.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.severity == "Medium") + self.assertEqual(item.severity, "Medium") def test_ossindex_devaudit_parser_get_severity_shows_low(self): testfile = open( - get_unit_tests_path() + "/scans/ossindex_devaudit_sample/ossindex_devaudit_severity_low.json" + get_unit_tests_path() + "/scans/ossindex_devaudit/ossindex_devaudit_severity_low.json" ) parser = OssIndexDevauditParser() findings = parser.get_findings(testfile, Test()) testfile.close() if len(findings) > 0: for item in findings: - self.assertTrue(item.severity == "Low") + self.assertEqual(item.severity, "Low") diff --git a/unittests/tools/test_outpost24_parser.py b/unittests/tools/test_outpost24_parser.py index 41a12dabc89..994977460c4 100644 --- a/unittests/tools/test_outpost24_parser.py +++ b/unittests/tools/test_outpost24_parser.py @@ -11,11 +11,14 @@ def assert_file_has_n_items(self, filename, item_count): for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() - self.assertEquals(item_count, len(findings)) + self.assertEqual(item_count, len(findings)) if item_count > 0: for item in findings: endpoint_count = len(item.unsaved_endpoints) self.assertGreater(endpoint_count, 0) + if item_count == 1: + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-9315", findings[0].unsaved_vulnerability_ids[0]) def test_parser_no_items(self): self.assert_file_has_n_items(get_unit_tests_path() + "/scans/outpost24/none.xml", 0) diff --git a/unittests/tools/test_php_symfony_security_check_parser.py b/unittests/tools/test_php_symfony_security_check_parser.py index 3f98b5ded88..e556d8144d4 100644 --- a/unittests/tools/test_php_symfony_security_check_parser.py +++ b/unittests/tools/test_php_symfony_security_check_parser.py @@ -7,7 +7,7 @@ class TestPhpSymfonySecurityCheckerParser(DojoTestCase): def test_php_symfony_security_check_parser_with_no_vuln_has_no_findings(self): testfile = open( - get_unit_tests_path() + "/scans/php_symfony_security_check_sample/php_symfony_no_vuln.json" + get_unit_tests_path() + "/scans/php_symfony_security_check/php_symfony_no_vuln.json" ) parser = PhpSymfonySecurityCheckParser() findings = parser.get_findings(testfile, Test()) @@ -19,7 +19,7 @@ def test_php_symfony_security_check_parser_with_one_criticle_vuln_has_one_findin self, ): testfile = open( - get_unit_tests_path() + "/scans/php_symfony_security_check_sample/php_symfony_one_vuln.json" + get_unit_tests_path() + "/scans/php_symfony_security_check/php_symfony_one_vuln.json" ) parser = PhpSymfonySecurityCheckParser() findings = parser.get_findings(testfile, Test()) @@ -28,7 +28,7 @@ def test_php_symfony_security_check_parser_with_one_criticle_vuln_has_one_findin def test_php_symfony_security_check_parser_with_many_vuln_has_many_findings(self): testfile = open( - get_unit_tests_path() + "/scans/php_symfony_security_check_sample/php_symfony_many_vuln.json" + get_unit_tests_path() + "/scans/php_symfony_security_check/php_symfony_many_vuln.json" ) parser = PhpSymfonySecurityCheckParser() findings = parser.get_findings(testfile, Test()) @@ -37,3 +37,5 @@ def test_php_symfony_security_check_parser_with_many_vuln_has_many_findings(self self.assertEqual(8, len(items)) self.assertEqual("symfony/cache", items[0].component_name) self.assertEqual("3.4.16", items[0].component_version) + self.assertEqual(1, len(items[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-10912", items[0].unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_pip_audit_parser.py b/unittests/tools/test_pip_audit_parser.py index d7baa493310..eb421f761a0 100644 --- a/unittests/tools/test_pip_audit_parser.py +++ b/unittests/tools/test_pip_audit_parser.py @@ -7,21 +7,21 @@ class TestPipAuditParser(DojoTestCase): def test_parser_empty(self): - testfile = open("unittests/scans/pip-audit/empty.json") + testfile = open("unittests/scans/pip_audit/empty.json") parser = PipAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(0, len(findings)) def test_parser_zero_findings(self): - testfile = open("unittests/scans/pip-audit/zero_vulns.json") + testfile = open("unittests/scans/pip_audit/zero_vulns.json") parser = PipAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(0, len(findings)) def test_parser_many_vulns(self): - testfile = open("unittests/scans/pip-audit/many_vulns.json") + testfile = open("unittests/scans/pip_audit/many_vulns.json") parser = PipAuditParser() findings = parser.get_findings(testfile, Test()) testfile.close() @@ -29,10 +29,12 @@ def test_parser_many_vulns(self): finding = findings[0] self.assertEqual('PYSEC-2021-76 in aiohttp:3.6.2', finding.title) - description = '''**Id:** PYSEC-2021-76 -**Description:** aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.''' + description = 'aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.' self.assertEqual(description, finding.description) self.assertEqual(1352, finding.cwe) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('PYSEC-2021-76', vulnerability_ids[0]) self.assertEqual('Medium', finding.severity) self.assertEqual('Upgrade to version: 3.7.4', finding.mitigation) self.assertEqual('aiohttp', finding.component_name) @@ -41,9 +43,11 @@ def test_parser_many_vulns(self): finding = findings[1] self.assertEqual('PYSEC-2021-439 in django:3.2.9', finding.title) - description = '''**Id:** PYSEC-2021-439 -**Description:** In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.''' + description = 'In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.' self.assertEqual(description, finding.description) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('PYSEC-2021-439', vulnerability_ids[0]) self.assertEqual(1352, finding.cwe) self.assertEqual('Medium', finding.severity) mitigation = '''Upgrade to version: @@ -57,9 +61,11 @@ def test_parser_many_vulns(self): finding = findings[2] self.assertEqual('PYSEC-2021-852 in lxml:4.6.4', finding.title) - description = '''**Id:** PYSEC-2021-852 -**Description:** lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.''' + description = 'lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.' self.assertEqual(description, finding.description) + vulnerability_ids = finding.unsaved_vulnerability_ids + self.assertEqual(1, len(vulnerability_ids)) + self.assertEqual('PYSEC-2021-852', vulnerability_ids[0]) self.assertEqual(1352, finding.cwe) self.assertEqual('Medium', finding.severity) self.assertIsNone(finding.mitigation) diff --git a/unittests/tools/test_popeye_parser.py b/unittests/tools/test_popeye_parser.py new file mode 100644 index 00000000000..df690532d4e --- /dev/null +++ b/unittests/tools/test_popeye_parser.py @@ -0,0 +1,38 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.popeye.parser import PopeyeParser +from dojo.models import Test + + +class TestPopeyeParser(DojoTestCase): + + def test_popeye_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/popeye/popeye_zero_vul.json") + parser = PopeyeParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_popeye_parser_with_one_warning_has_one_findings(self): + testfile = open("unittests/scans/popeye/popeye_one_vul.json") + parser = PopeyeParser() + findings = parser.get_findings(testfile, Test()) + finding_title = "pods test-namespace/6cff44dc94-d92km [POP-106] No resources requests/limits defined" + finding_description = "**Sanitizer** : pods" + "\n\n" + \ + "**Resource** : test-namespace/6cff44dc94-d92km" + "\n\n" + \ + "**Group** : test-group" + "\n\n" + \ + "**Severity** : Warning" + "\n\n" + \ + "**Message** : [POP-106] No resources requests/limits defined" + finding_vuln_id_from_tool = 'POP-106' + testfile.close() + self.assertEqual(1, len(findings)) + self.assertEqual("Low", findings[0].severity) + self.assertEqual(finding_title, findings[0].title) + self.assertEqual(finding_description, findings[0].description) + self.assertEqual(finding_vuln_id_from_tool, findings[0].vuln_id_from_tool) + + def test_popeye_parser_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/popeye/popeye_many_vul.json") + parser = PopeyeParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(229, len(findings)) diff --git a/unittests/tools/test_pwn_sast_parser.py b/unittests/tools/test_pwn_sast_parser.py new file mode 100644 index 00000000000..4c1a2e2e249 --- /dev/null +++ b/unittests/tools/test_pwn_sast_parser.py @@ -0,0 +1,42 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.pwn_sast.parser import PWNSASTParser +from dojo.models import Test + + +class TestPWNSASTParser(DojoTestCase): + + def test_parse_no_findings(self): + testfile = open("unittests/scans/pwn_sast/no_findings.json") + parser = PWNSASTParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/pwn_sast/one_finding.json") + parser = PWNSASTParser() + findings = parser.get_findings(testfile, Test()) + self.assertIsInstance(findings, list) + self.assertEqual(1, len(findings)) + + def test_parse_many_finding(self): + testfile = open("unittests/scans/pwn_sast/many_findings.json") + parser = PWNSASTParser() + findings = parser.get_findings(testfile, Test()) + self.assertIsInstance(findings, list) + self.assertEqual(3, len(findings)) + + def test_one_dup_finding(self): + testfile = open("unittests/scans/pwn_sast/one_dup_finding.json") + parser = PWNSASTParser() + findings = parser.get_findings(testfile, Test()) + self.assertIsInstance(findings, list) + self.assertEqual(1, len(findings)) + + def test_title_is_not_none(self): + testfile = open("unittests/scans/pwn_sast/one_finding.json") + parser = PWNSASTParser() + findings = parser.get_findings(testfile, Test()) + self.assertIsInstance(findings, list) + for finding in findings: + self.assertIsNotNone(finding.title) + self.assertIsNotNone(finding.unique_id_from_tool) diff --git a/unittests/tools/test_qualys_parser.py b/unittests/tools/test_qualys_parser.py index 86ba89506eb..bdce9d3e518 100644 --- a/unittests/tools/test_qualys_parser.py +++ b/unittests/tools/test_qualys_parser.py @@ -1,3 +1,6 @@ +import datetime +from django.test import override_settings + from ..dojo_test_case import DojoTestCase, get_unit_tests_path from dojo.models import Test from dojo.tools.qualys.parser import QualysParser @@ -5,7 +8,14 @@ class TestQualysParser(DojoTestCase): + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_no_vuln_has_no_findings_first_seen(self): + self.parse_file_with_no_vuln_has_no_findings() + def test_parse_file_with_no_vuln_has_no_findings(self): + self.parse_file_with_no_vuln_has_no_findings() + + def parse_file_with_no_vuln_has_no_findings(self): testfile = open( get_unit_tests_path() + "/scans/qualys/empty.xml" ) @@ -13,7 +23,16 @@ def test_parse_file_with_no_vuln_has_no_findings(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_multiple_vuln_has_multiple_findings_first_seen(self): + finding = self.parse_file_with_multiple_vuln_has_multiple_findings() + self.assertEqual(datetime.datetime(2019, 7, 31).date(), finding.date) + def test_parse_file_with_multiple_vuln_has_multiple_findings(self): + finding = self.parse_file_with_multiple_vuln_has_multiple_findings() + self.assertEqual(datetime.datetime(2019, 7, 31).date(), finding.date) + + def parse_file_with_multiple_vuln_has_multiple_findings(self): testfile = open( get_unit_tests_path() + "/scans/qualys/Qualys_Sample_Report.xml" ) @@ -46,9 +65,114 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): self.assertEqual( finding_cvssv3_score.severity, "High" ) + self.assertEqual(finding_cvssv3_vector.cvssv3, + "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H") self.assertEqual( - finding_cvssv3_vector.cvssv3, "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + finding_cvssv3_vector.severity, "Critical" + ) + return finding + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_no_vuln_has_no_findings_csv_first_seen(self): + self.parse_file_with_no_vuln_has_no_findings_csv() + + def test_parse_file_with_no_vuln_has_no_findings_csv(self): + self.parse_file_with_no_vuln_has_no_findings_csv() + + def parse_file_with_no_vuln_has_no_findings_csv(self): + testfile = open( + get_unit_tests_path() + "/scans/qualys/empty.csv" ) + parser = QualysParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_multiple_vuln_has_multiple_findings_csv_first_seen(self): + finding = self.parse_file_with_multiple_vuln_has_multiple_findings_csv() + self.assertEqual(datetime.datetime(2021, 5, 13).date(), finding.date) + + def test_parse_file_with_multiple_vuln_has_multiple_findings_csv(self): + finding = self.parse_file_with_multiple_vuln_has_multiple_findings_csv() + self.assertEqual(datetime.datetime(2021, 5, 25).date(), finding.date) + + def parse_file_with_multiple_vuln_has_multiple_findings_csv(self): + testfile = open( + get_unit_tests_path() + "/scans/qualys/Qualys_Sample_Report.csv" + ) + parser = QualysParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(3, len(findings)) + + finding = findings[0] self.assertEqual( - finding_cvssv3_vector.severity, "Critical" + finding.title, + "QID-105971 | EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected") + self.assertEqual( + finding.severity, "Critical" + ) + self.assertEqual( + finding.unsaved_endpoints[0].host, "ip-10-98-57-180.eu-west-1.compute.internal" + ) + + for finding in findings: + if finding.unsaved_endpoints[0].host == "ip-10-98-57-180.eu-west-1.compute.internal" and finding.title == "QID-105971 | EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected": + + self.assertEqual( + finding.severity, "Critical" + ) + self.assertEqual( + finding.cvssv3, + "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C") + self.assertEqual( + finding.severity, "Critical" + ) + + return findings[0] + + def test_parse_file_monthly_pci_issue6932(self): + testfile = open( + get_unit_tests_path() + "/scans/qualys/monthly_pci_issue6932.csv" + ) + parser = QualysParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_cvss_values_and_scores(self): + testfile = open( + get_unit_tests_path() + "/scans/qualys/Qualys_Sample_Report.xml" + ) + parser = QualysParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + if finding.unsaved_endpoints[0].host == "demo14.s02.sjc01.qualys.com" and finding.title == "QID-370876 | AMD Processors Multiple Security Vulnerabilities (RYZENFALL/MASTERKEY/CHIMERA-FW/FALLOUT)": + finding_cvssv3_score = finding + if finding.unsaved_endpoints[0].host == "demo13.s02.sjc01.qualys.com" and finding.title == "QID-370876 | AMD Processors Multiple Security Vulnerabilities (RYZENFALL/MASTERKEY/CHIMERA-FW/FALLOUT)": + finding_no_cvssv3_at_detection = finding + if finding.unsaved_endpoints[0].host == "demo14.s02.sjc01.qualys.com" and finding.title == "QID-121695 | NTP \"monlist\" Feature Denial of Service Vulnerability": + finding_no_cvssv3 = finding + # The CVSS Vector is not used from the Knowledgebase + self.assertEqual( + # CVSS_FINAL is defined without a cvssv3 vector + finding_cvssv3_score.cvssv3, None + ) + # Nevertheless the CVSSv3 Score should be set + self.assertEqual( + finding_cvssv3_score.cvssv3_score, 8.2 + ) + # If no cvss information is present in detection and not in knowledgebase values should be empty + self.assertEqual( + finding_no_cvssv3.cvssv3, None + ) + self.assertEqual( + finding_no_cvssv3.cvssv3_score, None + ) + # No CVSS Values available in detection and it uses the knowledgebase then + self.assertEqual(finding_no_cvssv3_at_detection.cvssv3, + "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H") + self.assertEqual( + finding_no_cvssv3_at_detection.cvssv3_score, 9.0 ) diff --git a/unittests/tools/test_redhatsatellite_parser.py b/unittests/tools/test_redhatsatellite_parser.py new file mode 100644 index 00000000000..5e05fc3994f --- /dev/null +++ b/unittests/tools/test_redhatsatellite_parser.py @@ -0,0 +1,24 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.redhatsatellite.parser import RedHatSatelliteParser +from dojo.models import Test + + +class TestRedHatSatelliteParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/redhatsatellite/no_findings.json") + parser = RedHatSatelliteParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_finding(self): + testfile = open("unittests/scans/redhatsatellite/one_finding.json") + parser = RedHatSatelliteParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_findingse(self): + testfile = open("unittests/scans/redhatsatellite/many_findings.json") + parser = RedHatSatelliteParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) diff --git a/unittests/tools/test_risk_recon_parser.py b/unittests/tools/test_risk_recon_parser.py index 62ec6306364..d2394d1dfa5 100644 --- a/unittests/tools/test_risk_recon_parser.py +++ b/unittests/tools/test_risk_recon_parser.py @@ -11,13 +11,13 @@ def test_api_with_bad_url(self): testfile = open("unittests/scans/risk_recon/bad_url.json") with self.assertRaises(Exception): parser = RiskReconParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) def test_api_with_bad_key(self): testfile = open("unittests/scans/risk_recon/bad_key.json") with self.assertRaises(Exception): parser = RiskReconParser() - findings = parser.get_findings(testfile, Test()) + parser.get_findings(testfile, Test()) def test_parser_without_api(self): testfile = open("unittests/scans/risk_recon/findings.json") diff --git a/unittests/tools/test_rubocop_parser.py b/unittests/tools/test_rubocop_parser.py new file mode 100644 index 00000000000..bcd86468c8e --- /dev/null +++ b/unittests/tools/test_rubocop_parser.py @@ -0,0 +1,79 @@ +from ..dojo_test_case import DojoTestCase + +from dojo.models import Test +from dojo.tools.rubocop.parser import RubocopParser + + +class TestRubocopParser(DojoTestCase): + def test_parser_empty(self): + testfile = open("unittests/scans/rubocop/empty.json") + parser = RubocopParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parser_zero_findings(self): + testfile = open("unittests/scans/rubocop/zero_vulns.json") + parser = RubocopParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parser_one_vuln(self): + testfile = open("unittests/scans/rubocop/one_finding.json") + parser = RubocopParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Avoid using `Marshal.load`.", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("app/controllers/password_resets_controller.rb", finding.file_path) + self.assertEqual(6, finding.line) + self.assertEqual("Security/MarshalLoad", finding.vuln_id_from_tool) + + def test_parser_many_vulns(self): + testfile = open("unittests/scans/rubocop/many_vulns.json") + parser = RubocopParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(7, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("`File.read` is safer than `IO.read`.", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("fake_app_unsecure/app/main.rb", finding.file_path) + self.assertEqual(12, finding.line) + self.assertEqual("Security/IoMethods", finding.vuln_id_from_tool) + with self.subTest(i=1): + finding = findings[1] + self.assertEqual("Medium", finding.severity) + self.assertEqual("fake_app_unsecure/app/main.rb", finding.file_path) + self.assertEqual(13, finding.line) + self.assertEqual("Security/IoMethods", finding.vuln_id_from_tool) + with self.subTest(i=2): + finding = findings[2] + self.assertEqual("Medium", finding.severity) + self.assertEqual("fake_app_unsecure/app/main.rb", finding.file_path) + self.assertEqual(19, finding.line) + self.assertEqual("Security/JSONLoad", finding.vuln_id_from_tool) + with self.subTest(i=3): + finding = findings[3] + self.assertEqual("Prefer using `YAML.safe_load` over `YAML.load`.", finding.title) + self.assertEqual("Medium", finding.severity) + with self.subTest(i=4): + finding = findings[4] + self.assertEqual("The use of `Kernel#open` is a serious security risk.", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("Security/Open", finding.vuln_id_from_tool) + with self.subTest(i=5): + finding = findings[5] + self.assertEqual("The use of `Kernel#open` is a serious security risk.", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("Security/Open", finding.vuln_id_from_tool) + with self.subTest(i=6): + finding = findings[6] + self.assertEqual("The use of `URI.open` is a serious security risk.", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("Security/Open", finding.vuln_id_from_tool) diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py new file mode 100644 index 00000000000..4cf17c7da66 --- /dev/null +++ b/unittests/tools/test_rusty_hog_parser.py @@ -0,0 +1,122 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.rusty_hog.parser import RustyhogParser +from dojo.models import Test + + +class TestRustyhogParser(DojoTestCase): + def test_parse_file_with_no_vuln_has_no_finding_choctawhog(self): + testfile = open("unittests/scans/rusty_hog/choctawhog_no_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Rusty Hog", Test()) # The outputfile is empty. A subscanner can't be classified + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding_choctawhog(self): + testfile = open("unittests/scans/rusty_hog/choctawhog_one_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Choctaw Hog", Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog(self): + testfile = open("unittests/scans/rusty_hog/choctawhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Choctaw Hog", Test()) + self.assertEqual(13, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog_content(self): + testfile = open("unittests/scans/rusty_hog/choctawhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Choctaw Hog", Test()) + self.assertEqual(findings[0].title, "Email address found in Git path .github/workflows/main.yml (a7bce96377c4ff2ac16cd51fb0da7fe7ea678829)") + self.assertIn("**This string was found:** ['dojo-helpers@this-repo.com']", findings[0].description) + self.assertIn("**Commit message:** removing action", findings[0].description) + self.assertIn("**Commit hash:** a7bce96377c4ff2ac16cd51fb0da7fe7ea678829", findings[0].description) + self.assertIn("**Parent commit hash:** d8b2f39e826321896a3c7c474fc40dfc0d1fc586", findings[0].description) + self.assertIn("**Old and new file IDs:** 2aba123d6e872777c8cf39ee34664d70e0b90ff0 - 0000000000000000000000000000000000000000", findings[0].description) + self.assertIn("**Date:** 2020-04-15 12:47:20", findings[0].description) + self.assertIn("Please ensure no secret material nor confidential information is kept in clear within git repositories.", findings[0].mitigation) + + def test_parse_file_with_no_vuln_has_no_finding_duorchog(self): + testfile = open("unittests/scans/rusty_hog/durochog_no_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Rusty Hog", Test()) # The outputfile is empty. A subscanner can't be classified + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding_durochog(self): + testfile = open("unittests/scans/rusty_hog/durochog_one_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Duroc Hog", Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_durochog(self): + testfile = open("unittests/scans/rusty_hog/durochog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Duroc Hog", Test()) + self.assertEqual(4, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_durochog_content(self): + testfile = open("unittests/scans/rusty_hog/durochog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Duroc Hog", Test()) + self.assertEqual(findings[0].title, "password (Password) found in path /scan_folder/unittests/scans/sonarqube/sonar-no-finding.html") + self.assertIn("**This string was found:** ['password = getEncryptedPass()']", findings[0].description) + self.assertIn("**Path of Issue:** /scan_folder/unittests/scans/sonarqube/sonar-no-finding.html", findings[0].description) + self.assertIn("**Linenum of Issue:** 7712", findings[0].description) + self.assertIn("**Diff:** $password = getEncryptedPass();", findings[0].description) + self.assertIn("Please ensure no secret material nor confidential information is kept in clear within directories, files, and archives.", findings[0].mitigation) + + def test_parse_file_with_no_vuln_has_no_finding_gottingenhog(self): + testfile = open("unittests/scans/rusty_hog/gottingenhog_no_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Rusty Hog", Test()) # The outputfile is empty. A subscanner can't be classified + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding_gottingenhog(self): + testfile = open("unittests/scans/rusty_hog/gottingenhog_one_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Gottingen Hog", Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_gottingenhog(self): + testfile = open("unittests/scans/rusty_hog/gottingenhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Gottingen Hog", Test()) + self.assertEqual(10, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_gottingenhog_content(self): + testfile = open("unittests/scans/rusty_hog/gottingenhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Gottingen Hog", Test()) + self.assertEqual(findings[0].title, "password found in Jira ID TEST-123 (Issue Description)") + self.assertIn("**This string was found:** ['password: jeans']", findings[0].description) + self.assertIn("**JIRA Issue ID:** TEST-123", findings[0].description) + self.assertIn("**JIRA location:** Issue Description", findings[0].description) + self.assertIn("**JIRA url:** [https://jira.com/browse/TEST-123](https://jira.com/browse/TEST-123)", findings[0].description) + self.assertIn("Please ensure no secret material nor confidential information is kept in clear within JIRA Tickets.", findings[0].mitigation) + + def test_parse_file_with_no_vuln_has_no_finding_essexhog(self): + testfile = open("unittests/scans/rusty_hog/essexhog_no_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Rusty Hog", Test()) # The outputfile is empty. A subscanner can't be classified + self.assertEqual(0, len(findings)) + + def test_parse_file_with_one_vuln_has_one_finding_essexhog(self): + testfile = open("unittests/scans/rusty_hog/essexhog_one_vuln.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Essex Hog", Test()) + self.assertEqual(1, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog(self): + testfile = open("unittests/scans/rusty_hog/essexhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Essex Hog", Test()) + self.assertEqual(3, len(findings)) + + def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog_content(self): + testfile = open("unittests/scans/rusty_hog/essexhog_many_vulns.json") + parser = RustyhogParser() + findings = parser.get_items(testfile, "Essex Hog", Test()) + self.assertEqual(findings[0].title, "SSH (EC) private key found in Confluence Page ID 12345") + self.assertIn("-----BEGIN EC PRIVATE KEY-----", findings[0].description) + self.assertIn("**Confluence URL:** [https://confluence.com/pages/viewpage.action?pageId=12345](https://confluence.com/pages/viewpage.action?pageId=12345)", findings[0].description) + self.assertIn("**Confluence Page ID:** 12345", findings[0].description) + self.assertIn("Please ensure no secret material nor confidential information is kept in clear within Confluence Pages.", findings[0].mitigation) diff --git a/unittests/tools/test_sarif_parser.py b/unittests/tools/test_sarif_parser.py index bdd4fc50e5b..8902f846306 100644 --- a/unittests/tools/test_sarif_parser.py +++ b/unittests/tools/test_sarif_parser.py @@ -1,17 +1,16 @@ -from os import path import datetime -from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from os import path -from dojo.models import Test, Finding -from dojo.tools.sarif.parser import SarifParser +from dojo.models import Finding, Test +from dojo.tools.sarif.parser import SarifParser, get_fingerprints_hashes + +from ..dojo_test_case import DojoTestCase, get_unit_tests_path class TestSarifParser(DojoTestCase): def common_checks(self, finding): self.assertLessEqual(len(finding.title), 250) self.assertIn(finding.severity, Finding.SEVERITIES) - if finding.cve: - self.assertIsInstance(finding.cve, str) if finding.cwe: self.assertIsInstance(finding.cwe, int) self.assertEqual(True, finding.static_finding) # by specification @@ -29,6 +28,19 @@ def test_example_report(self): for finding in findings: self.common_checks(finding) + def test_suppression_report(self): + """test report file having different suppression definitions""" + testfile = open(path.join(path.dirname(__file__), "../scans/sarif/suppression_test.sarif")) + parser = SarifParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + if finding.title == "Suppressed": + self.assertEqual(True, finding.false_p) + self.assertEqual(False, finding.active) + else: + self.assertEqual(False, finding.false_p) + self.assertEqual(True, finding.active) + def test_example2_report(self): testfile = open(path.join(path.dirname(__file__), "../scans/sarif/appendix_k.sarif")) parser = SarifParser() @@ -37,13 +49,19 @@ def test_example2_report(self): item = findings[0] self.assertEqual("collections/list.h", item.file_path) self.assertEqual(15, item.line) - self.assertEqual("Critical", item.severity) + self.assertEqual("High", item.severity) description = """**Result message:** Variable "ptr" was used without being initialized. It was declared [here](0). **Snippet:** ```add_core(ptr, offset, val); return;``` **Rule short description:** A variable was used without being initialized. -**Rule full description:** A variable was used without being initialized. This can result in runtime errors such as null reference exceptions.""" +**Rule full description:** A variable was used without being initialized. This can result in runtime errors such as null reference exceptions. +**Code flow:** +1. collections/list.h:L15\t-\tint *ptr; +\tVariable `ptr` declared. +2. collections/list.h:L15\t-\toffset = (y + z) * q + 1; +3. collections/list.h:L25\t-\tadd_core(ptr, offset, val) +\tUninitialized variable `ptr` passed to method `add_core`.""" self.assertEqual(description, item.description) self.assertEqual(datetime.datetime(2016, 7, 16, 14, 19, 1, tzinfo=datetime.timezone.utc), item.date) for finding in findings: @@ -66,7 +84,7 @@ def test_example_k2_report(self): self.assertEqual(15, item.line) description = """**Result message:** Variable "count" was used without being initialized. **Rule full description:** A variable was used without being initialized. This can result in runtime errors such as null reference exceptions.""" - self.assertEquals(description, item.description) + self.assertEqual(description, item.description) for finding in findings: self.common_checks(finding) @@ -138,8 +156,9 @@ def test_example_report_scanlift_dependency_check(self): "CVE-2019-11358 - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of [...]", item.title, ) - self.assertEqual("Critical", item.severity) - self.assertEqual("CVE-2019-11358", item.cve) + self.assertEqual("High", item.severity) + self.assertEqual(1, len(item.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-11358", item.unsaved_vulnerability_ids[0]) for finding in findings: self.common_checks(finding) @@ -154,16 +173,21 @@ def test_example_report_scanlift_bash(self): "file:///home/damien/dd/docker/setEnv.sh", item.file_path, ) - self.assertIsNone(item.cve) + self.assertIsNone(item.unsaved_vulnerability_ids) self.assertEqual(datetime.datetime(2021, 3, 8, 15, 39, 40, tzinfo=datetime.timezone.utc), item.date) # finding 6 - item = findings[6] - self.assertEqual( - "Decimals are not supported. Either use integers only, or use bc or awk to compare.", - item.title, - ) - self.assertEqual("Info", item.severity) - self.assertIsNone(item.cve) + with self.subTest(i=6): + finding = findings[6] + self.assertEqual( + "Decimals are not supported. Either use integers only, or use bc or awk to compare.", + finding.title, + ) + self.assertEqual("Info", finding.severity) + self.assertIsNone(finding.unsaved_vulnerability_ids) + self.assertEqual( + "scanFileHash:5b05533780915bfc|scanPrimaryLocationHash:4d655189c485c086", + finding.unique_id_from_tool, + ) for finding in findings: self.common_checks(finding) @@ -172,31 +196,41 @@ def test_example_report_taint_python(self): parser = SarifParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(11, len(findings)) - # finding 0 - item = findings[0] - self.assertEqual( - "file:///home/damien/dd/dojo/tools/veracode/parser.py", - item.file_path, - ) - self.assertIsNone(item.cve) - self.assertEqual(datetime.datetime(2021, 3, 8, 15, 46, 16, tzinfo=datetime.timezone.utc), item.date) - # finding 2 - item = findings[2] - self.assertEqual( - "file:///home/damien/dd/dojo/tools/qualys_infrascan_webgui/parser.py", - item.file_path, - ) - self.assertEqual(169, item.line) - # finding 6 - item = findings[6] - self.assertEqual( - "XML injection with user data from `filename in parser_helper.py:167` is used for parsing XML at `parser_helper.py:23`.", - item.title, - ) - self.assertEqual("Critical", item.severity) - self.assertIsNone(item.cve) for finding in findings: self.common_checks(finding) + # finding 0 + with self.subTest(i=0): + item = findings[0] + self.assertEqual( + "file:///home/damien/dd/dojo/tools/veracode/parser.py", + item.file_path, + ) + self.assertIsNone(item.unsaved_vulnerability_ids) + self.assertEqual(datetime.datetime(2021, 3, 8, 15, 46, 16, tzinfo=datetime.timezone.utc), item.date) + self.assertEqual( + "scanFileHash:4bc9f13947613303|scanPrimaryLocationHash:1a8bbb28fe7380df|scanTagsHash:21de8f8d0eb8d9b2", + finding.unique_id_from_tool, + ) + # finding 2 + with self.subTest(i=2): + item = findings[2] + self.assertEqual( + "file:///home/damien/dd/dojo/tools/qualys_infrascan_webgui/parser.py", + item.file_path, + ) + self.assertEqual(169, item.line) + # finding 6 + item = findings[6] + self.assertEqual( + "XML injection with user data from `filename in parser_helper.py:167` is used for parsing XML at `parser_helper.py:23`.", + item.title, + ) + self.assertEqual("High", item.severity) + self.assertIsNone(item.unsaved_vulnerability_ids) + self.assertEqual( + "scanFileHash:4bc9f13947613303|scanPrimaryLocationHash:1a8bbb28fe7380df|scanTagsHash:21de8f8d0eb8d9b2", + finding.unique_id_from_tool, + ) def test_njsscan(self): """Generated with opensecurity/njsscan (https://github.com/ajinabraham/njsscan)""" @@ -210,7 +244,7 @@ def test_njsscan(self): "file:///src/index.js", finding.file_path, ) - self.assertIsNone(finding.cve) + self.assertIsNone(finding.unsaved_vulnerability_ids) self.assertEqual(datetime.datetime(2021, 3, 23, 0, 10, 48, tzinfo=datetime.timezone.utc), finding.date) self.assertEqual(327, finding.cwe) # finding 1 @@ -236,7 +270,7 @@ def test_dockle(self): with self.subTest(i=0): finding = findings[0] self.assertEqual("CIS-DI-0010", finding.vuln_id_from_tool) - self.assertEqual("Critical", finding.severity) + self.assertEqual("High", finding.severity) description = """**Result message:** Suspicious ENV key found : DD_ADMIN_PASSWORD, Suspicious ENV key found : DD_CELERY_BROKER_PASSWORD, Suspicious ENV key found : DD_DATABASE_PASSWORD **Rule short description:** Do not store credential in ENVIRONMENT vars/files""" self.assertEqual(description, finding.description) @@ -339,7 +373,7 @@ def test_flawfinder(self): "random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).", finding.title, ) - self.assertEqual("Critical", finding.severity) + self.assertEqual("High", finding.severity) description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). **Snippet:** ``` is.setstate(std::ios::failbit);``` @@ -350,6 +384,9 @@ def test_flawfinder(self): self.assertEqual(29, finding.line) self.assertEqual(327, finding.cwe) self.assertEqual("FF1048", finding.vuln_id_from_tool) + self.assertEqual( + "e6c1ad2b1d96ffc4035ed8df070600566ad240b8ded025dac30620f3fd4aa9fd", finding.unique_id_from_tool + ) self.assertEqual("https://cwe.mitre.org/data/definitions/327.html", finding.references) with self.subTest(i=20): finding = findings[20] @@ -368,6 +405,9 @@ def test_flawfinder(self): self.assertEqual(31, finding.line) self.assertEqual(120, finding.cwe) self.assertEqual("FF1004", finding.vuln_id_from_tool) + self.assertEqual( + "327fc54b75ab37bbbb31a1b71431aaefa8137ff755acc103685ad5adf88f5dda", finding.unique_id_from_tool + ) self.assertEqual("https://cwe.mitre.org/data/definitions/120.html", finding.references) with self.subTest(i=52): finding = findings[52] @@ -375,7 +415,7 @@ def test_flawfinder(self): "buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).", finding.title, ) - self.assertEqual("Critical", finding.severity) + self.assertEqual("High", finding.severity) description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). **Snippet:** ``` if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {``` @@ -385,6 +425,9 @@ def test_flawfinder(self): self.assertEqual("src/cli_main.cc", finding.file_path) self.assertEqual(482, finding.line) self.assertEqual("FF1021", finding.vuln_id_from_tool) + self.assertEqual( + "ad8408027235170e870e7662751a01386beb2d2ed8beb75dd4ba8e4a70e91d65", finding.unique_id_from_tool + ) self.assertEqual("https://cwe.mitre.org/data/definitions/120.html", finding.references) def test_flawfinder_interfacev2(self): @@ -402,7 +445,7 @@ def test_flawfinder_interfacev2(self): "random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).", finding.title, ) - self.assertEqual("Critical", finding.severity) + self.assertEqual("High", finding.severity) description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). **Snippet:** ``` is.setstate(std::ios::failbit);``` @@ -431,11 +474,14 @@ def test_flawfinder_interfacev2(self): self.assertEqual(31, finding.line) self.assertEqual(120, finding.cwe) self.assertEqual("FF1004", finding.vuln_id_from_tool) - self.assertEqual('https://cwe.mitre.org/data/definitions/120.html', finding.references) + self.assertEqual("https://cwe.mitre.org/data/definitions/120.html", finding.references) with self.subTest(i=52): finding = findings[52] - self.assertEqual("buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).", finding.title) - self.assertEqual("Critical", finding.severity) + self.assertEqual( + "buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).", + finding.title, + ) + self.assertEqual("High", finding.severity) description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). **Snippet:** ``` if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {``` @@ -471,7 +517,7 @@ def test_codeql_snippet_report(self): item = findings[7] self.assertEqual("good/mod_user.py", item.file_path) self.assertEqual(33, item.line) - self.assertEqual("Critical", item.severity) + self.assertEqual("High", item.severity) description = """**Result message:** Keyword argument 'request' is not a supported parameter name of [function create](1). **Snippet:** ``` @@ -486,3 +532,39 @@ def test_codeql_snippet_report(self): self.assertEqual(description, item.description) for finding in findings: self.common_checks(finding) + + def test_severity_cvss_from_grype(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sarif/cxf-3.4.6.sarif")) + parser = SarifParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(22, len(findings)) + # finding 0 + item = findings[0] + self.assertEqual("Low", item.severity) + self.assertEqual(2.1, item.cvssv3_score) + # finding 6 + item = findings[6] + self.assertEqual("High", item.severity) + self.assertEqual(7.8, item.cvssv3_score) + + def test_get_fingerprints_hashes(self): + # example from 3.27.16 of the spec + data = {"fingerprints": {"stableResultHash/v2": "234567900abcd", "stableResultHash/v3": "34567900abcde"}} + self.assertEqual( + {"stableResultHash": {"version": 3, "value": "34567900abcde"}}, + get_fingerprints_hashes(data["fingerprints"]), + ) + + # example than reverse the order + data2 = {"fingerprints": {"stableResultHash/v2": "234567900abcd", "stableResultHash/v1": "34567900abcde"}} + self.assertEqual( + {"stableResultHash": {"version": 2, "value": "234567900abcd"}}, + get_fingerprints_hashes(data2["fingerprints"]), + ) + + def test_tags_from_result_properties(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sarif/taint-python-report.sarif")) + parser = SarifParser() + findings = parser.get_findings(testfile, Test()) + item = findings[0] + self.assertEqual(["Scan"], item.tags) diff --git a/unittests/tools/test_scantist_parser.py b/unittests/tools/test_scantist_parser.py index 55545ccaf9f..2be741c3ac1 100644 --- a/unittests/tools/test_scantist_parser.py +++ b/unittests/tools/test_scantist_parser.py @@ -18,7 +18,7 @@ def test_parse_file_with_one_vuln_has_one_finding(self): self.assertEqual(1, len(findings)) findings = findings[0] - self.assertEqual(findings.title, findings.cve + "|" + findings.component_name) + self.assertEqual(findings.title, findings.unsaved_vulnerability_ids[0] + "|" + findings.component_name) self.assertEqual( findings.description, "Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 " @@ -35,4 +35,5 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(17, len(findings)) finding = findings[0] - self.assertEqual("CVE-2018-12432", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-12432", finding.unsaved_vulnerability_ids[0]) diff --git a/unittests/tools/test_semgrep_parser.py b/unittests/tools/test_semgrep_parser.py index 472a8128a92..bfa6c822716 100644 --- a/unittests/tools/test_semgrep_parser.py +++ b/unittests/tools/test_semgrep_parser.py @@ -19,7 +19,7 @@ def test_parse_one_finding(self): testfile.close() self.assertEqual(1, len(findings)) finding = findings[0] - self.assertEqual("Low", finding.severity) + self.assertEqual("Medium", finding.severity) self.assertEqual("src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02194.java", finding.file_path) self.assertEqual(64, finding.line) self.assertEqual(696, finding.cwe) @@ -35,7 +35,7 @@ def test_parse_many_finding(self): testfile.close() self.assertEqual(3, len(findings)) finding = findings[0] - self.assertEqual("Low", finding.severity) + self.assertEqual("Medium", finding.severity) self.assertEqual("src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02194.java", finding.file_path) self.assertEqual(64, finding.line) self.assertEqual(696, finding.cwe) @@ -56,7 +56,7 @@ def test_parse_repeated_finding(self): testfile.close() self.assertEqual(1, len(findings)) finding = findings[0] - self.assertEqual("Low", finding.severity) + self.assertEqual("Medium", finding.severity) self.assertEqual("src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01150.java", finding.file_path) self.assertEqual(66, finding.line) self.assertEqual("java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle", finding.vuln_id_from_tool) @@ -77,12 +77,12 @@ def test_parse_many_vulns(self): self.assertIsNone(finding.mitigation) self.assertEqual("python.lang.correctness.tempfile.flush.tempfile-without-flush", finding.vuln_id_from_tool) finding = findings[2] - self.assertEqual("Low", finding.severity) + self.assertEqual("Medium", finding.severity) self.assertEqual("utils.py", finding.file_path) self.assertEqual(503, finding.line) self.assertEqual("python.lang.maintainability.useless-ifelse.useless-if-conditional", finding.vuln_id_from_tool) finding = findings[4] - self.assertEqual("Low", finding.severity) + self.assertEqual("Medium", finding.severity) self.assertEqual("tools/sslyze/parser_xml.py", finding.file_path) self.assertEqual(124, finding.line) self.assertEqual(327, finding.cwe) @@ -93,3 +93,38 @@ def test_parse_many_vulns(self): self.assertEqual(33, finding.line) self.assertEqual(1236, finding.cwe) self.assertEqual("python.lang.security.unquoted-csv-writer.unquoted-csv-writer", finding.vuln_id_from_tool) + + def test_parse_cwe_list(self): + testfile = open("unittests/scans/semgrep/cwe_list.json") + parser = SemgrepParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Info", finding.severity) + self.assertEqual("index.js", finding.file_path) + self.assertEqual(12, finding.line) + self.assertEqual(352, finding.cwe) + self.assertEqual("javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage", finding.vuln_id_from_tool) + self.assertIn("const app = express();", finding.description) + self.assertIn("A CSRF middleware was not detected in your express application. Ensure you are either using one such as `csurf` or `csrf` (see rule references) and/or you are properly doing CSRF validation in your routes with a token or cookies.", finding.description) + + def test_different_lines_same_fingerprint(self): + testfile = open("unittests/scans/semgrep/semgrep_version_1_30_0_line_26.json") + parser = SemgrepParser() + findings_first = parser.get_findings(testfile, Test()) + testfile.close() + testfile = open("unittests/scans/semgrep/semgrep_version_1_30_0_line_27.json") + parser = SemgrepParser() + findings_second = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(len(findings_first), len(findings_second)) + for first, second in zip(findings_first, findings_second): + self.assertEqual(first.unique_id_from_tool, second.unique_id_from_tool) + + def test_parse_issue_8435(self): + testfile = open("unittests/scans/semgrep/issue_8435.json") + parser = SemgrepParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) diff --git a/unittests/tools/test_snyk_parser.py b/unittests/tools/test_snyk_parser.py index 91097f9e7df..18018c95582 100644 --- a/unittests/tools/test_snyk_parser.py +++ b/unittests/tools/test_snyk_parser.py @@ -65,11 +65,14 @@ def test_snykParser_finding_has_fields(self): self.assertEqual( "SNYK-JAVA-ORGAPACHESANTUARIO-460281", finding.vuln_id_from_tool ) - self.assertEqual("CVE-2019-12400", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-12400", finding.unsaved_vulnerability_ids[0]) self.assertEqual(611, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", finding.cvssv3) self.assertEqual( - "## Remediation\nUpgrade `org.apache.santuario:xmlsec` to version 2.1.4 or higher.\n", + "## Remediation\nUpgrade `org.apache.santuario:xmlsec` to version 2.1.4 or higher.\n\n" + + "Upgrade Location: pom.xml\n" + + "Upgrade from org.apache.santuario:xmlsec@2.1.1 to org.apache.santuario:xmlsec@2.1.4 to fix this issue, as well as updating the following:\n - org.apache.santuario:xmlsec@2.1.1", finding.mitigation, ) self.assertEqual( @@ -85,6 +88,18 @@ def test_snykParser_finding_has_fields(self): "com.test:myframework > org.apache.santuario:xmlsec", finding.file_path ) + def test_snykParser_file_path_with_ampersand_is_preserved(self): + testfile = open("unittests/scans/snyk/single_project_one_vuln_with_ampersands.json") + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual( + "myproject > @angular/localize > @babel/core > lodash", + finding.file_path + ) + def test_snykParser_allprojects_issue4277(self): """Report to linked to issue 4277""" testfile = open("unittests/scans/snyk/all_projects_issue4277.json") @@ -98,7 +113,8 @@ def test_snykParser_allprojects_issue4277(self): self.assertEqual("Microsoft.AspNetCore", finding.component_name) self.assertEqual("2.2.0", finding.component_version) self.assertEqual("SNYK-DOTNET-MICROSOFTASPNETCORE-174184", finding.vuln_id_from_tool) - self.assertEqual("CVE-2019-0815", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2019-0815", finding.unsaved_vulnerability_ids[0]) self.assertEqual(200, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", finding.cvssv3) with self.subTest(i=40): @@ -107,7 +123,8 @@ def test_snykParser_allprojects_issue4277(self): self.assertEqual("lodash", finding.component_name) self.assertEqual("4.17.11", finding.component_version) self.assertEqual("SNYK-JS-LODASH-1040724", finding.vuln_id_from_tool) - self.assertEqual("CVE-2021-23337", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2021-23337", finding.unsaved_vulnerability_ids[0]) self.assertEqual(78, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", finding.cvssv3) with self.subTest(i=81): @@ -116,6 +133,52 @@ def test_snykParser_allprojects_issue4277(self): self.assertEqual("yargs-parser", finding.component_name) self.assertEqual("5.0.0", finding.component_version) self.assertEqual("SNYK-JS-YARGSPARSER-560381", finding.vuln_id_from_tool) - self.assertEqual("CVE-2020-7608", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-7608", finding.unsaved_vulnerability_ids[0]) self.assertEqual(400, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", finding.cvssv3) + + def test_snykParser_cvssscore_none(self): + with open("unittests/scans/snyk/single_project_None_cvss.json") as testfile: + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual( + "SNYK-SLES153-PERMISSIONS-2648113", finding.vuln_id_from_tool + ) + + def test_snykParser_target_file(self): + with open("unittests/scans/snyk/all_containers_target_output.json") as testfile: + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(40, len(findings)) + # Mobile-Security-Framework-MobSF@0.0.0: SQL Injection + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertIn('target_file:Mobile-Security-Framework-MobSF/requirements.txt', finding.unsaved_tags) + + def test_snykParser_update_libs_tag(self): + with open("unittests/scans/snyk/single_project_upgrade_libs.json") as testfile: + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(254, len(findings)) + # acme-review@1.0.0: Remote Code Execution (RCE) + finding = findings[227] + self.assertEqual("High", finding.severity) + self.assertIn('target_file:package-lock.json', finding.unsaved_tags) + self.assertIn('upgrade_to:react-scripts@5.0.0', finding.unsaved_tags) + self.assertIn('shell-quote@1.7.2', finding.mitigation) + + def test_snykcontainer_issue_9270(self): + with open("unittests/scans/snyk/snykcontainer_issue_9270.json") as testfile: + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(25, len(findings)) + + def test_snykcode_issue_9270(self): + with open("unittests/scans/snyk/snykcode_issue_9270.json") as testfile: + parser = SnykParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(39, len(findings)) diff --git a/unittests/tools/test_sonarqube_parser.py b/unittests/tools/test_sonarqube_parser.py index d505d025732..9474760f2e6 100644 --- a/unittests/tools/test_sonarqube_parser.py +++ b/unittests/tools/test_sonarqube_parser.py @@ -19,7 +19,7 @@ def init(self, reportFilename): # SonarQube Scan - no finding def test_file_name_aggregated_parse_file_with_no_vulnerabilities_has_no_findings( - self, + self, ): my_file_handle, product, engagement, test = self.init( get_unit_tests_path() + "/scans/sonarqube/sonar-no-finding.html" @@ -40,7 +40,7 @@ def test_detailed_parse_file_with_no_vulnerabilities_has_no_findings(self): # SonarQube Scan - report with one vuln def test_file_name_aggregated_parse_file_with_single_vulnerability_has_single_finding( - self, + self, ): my_file_handle, product, engagement, test = self.init( get_unit_tests_path() + "/scans/sonarqube/sonar-single-finding.html" @@ -134,50 +134,8 @@ def test_detailed_parse_file_with_single_vulnerability_has_single_finding(self): self.assertEqual(str, type(item.unique_id_from_tool)) self.assertEqual("AWK40IMu-pl6AHs22MnV", item.unique_id_from_tool) - def check_parse_file_with_single_vulnerability_has_single_finding(self): - self.assertEqual(1, len(findings)) - - # check content - item = findings[0] - self.assertEqual(str, type(findings[0].title)) - self.assertEqual("Credentials should not be hard-coded", item.title) - self.assertEqual(int, type(item.cwe)) - # This is only the first CWE in the list! - self.assertEqual(798, item.cwe) - self.assertEqual(bool, type(item.active)) - self.assertEqual(False, item.active) - self.assertEqual(bool, type(item.verified)) - self.assertEqual(False, item.verified) - self.assertEqual(str, type(item.severity)) - self.assertEqual("Critical", item.severity) - self.assertEqual(str, type(item.mitigation)) - self.assertEqual( - "'PASSWORD' detected in this expression, review this potentially hardcoded credential.", - item.mitigation, - ) - self.assertEqual(str, type(item.references)) - self.assertMultiLineEqual( - "squid:S2068\n" - "OWASP Top 10 2017 Category A2\n" - "MITRE, CWE-798\n" - "MITRE, CWE-259\n" - "CERT, MSC03-J.\n" - "SANS Top 25\n" - "Hard Coded Password", - item.references, - ) - self.assertEqual(str, type(item.file_path)) - self.assertEqual( - "modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/DataSourceFactory.java", - item.file_path, - ) - self.assertEqual(bool, type(item.static_finding)) - self.assertEqual(True, item.static_finding) - self.assertEqual(bool, type(item.dynamic_finding)) - self.assertEqual(False, item.dynamic_finding) - def test_detailed_parse_file_with_multiple_vulnerabilities_has_multiple_findings( - self, + self, ): my_file_handle, product, engagement, test = self.init( get_unit_tests_path() + "/scans/sonarqube/sonar-6-findings.html" @@ -189,7 +147,7 @@ def test_detailed_parse_file_with_multiple_vulnerabilities_has_multiple_findings self.assertEqual(6, len(findings)) def test_file_name_aggregated_parse_file_with_multiple_vulnerabilities_has_multiple_findings( - self, + self, ): my_file_handle, product, engagement, test = self.init( get_unit_tests_path() + "/scans/sonarqube/sonar-6-findings.html" @@ -220,7 +178,7 @@ def test_detailed_parse_file_with_table_in_table(self): self.assertEqual(bool, type(item.active)) self.assertEqual(True, item.active) self.assertEqual(bool, type(item.verified)) - self.assertEqual(True, item.verified) + self.assertEqual(False, item.verified) self.assertEqual(str, type(item.description)) self.assertMultiLineEqual( "Many consider clone and Cloneable broken in Java, largely because the rules for overriding clone are tricky\n" @@ -300,7 +258,7 @@ def test_detailed_parse_file_with_rule_undefined(self): self.assertEqual(bool, type(item.active)) self.assertEqual(True, item.active) self.assertEqual(bool, type(item.verified)) - self.assertEqual(True, item.verified) + self.assertEqual(False, item.verified) self.assertEqual(str, type(item.description)) self.assertEqual("No description provided", item.description) self.assertEqual(str, type(item.severity)) @@ -408,3 +366,184 @@ def test_detailed_parse_file_with_vuln_issue_3725(self): findings = parser.get_findings(my_file_handle, test) # specific verifications self.assertEqual(322, len(findings)) + + def test_detailed_parse_file_table_has_whitespace(self): + """ + from version 3.1.1: sonarqube-report has new template with some change. + see: https://github.com/soprasteria/sonar-report/commit/7dab559e7ecf9ed319345e9262a8b160bd3af94f + Data table will have some whitespaces, parser should strip it before compare or use these properties. + """ + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/sonarqube/sonar-table-in-table-with-whitespace.html" + ) + parser = SonarQubeParser() + parser.set_mode('detailed') + findings = parser.get_findings(my_file_handle, test) + self.assertEqual(1, len(findings)) + + # check content + item = findings[0] + self.assertEqual(str, type(findings[0].title)) + self.assertEqual('"clone" should not be overridden', item.title) + self.assertEqual(int, type(item.cwe)) + self.assertEqual(0, item.cwe) + self.assertEqual(bool, type(item.active)) + self.assertEqual(True, item.active) + self.assertEqual(bool, type(item.verified)) + self.assertEqual(False, item.verified) + self.assertEqual(str, type(item.description)) + self.assertMultiLineEqual( + "Many consider clone and Cloneable broken in Java, largely because the rules for overriding clone are tricky\n" + "and difficult to get right, according to Joshua Bloch:\n" + "\n" + " Object's clone method is very tricky. It's based on field copies, and it's \"extra-linguistic.\" It creates an object without calling a constructor.\n" + " There are no guarantees that it preserves the invariants established by the constructors. There have been lots of bugs over the years, both in and\n" + " outside Sun, stemming from the fact that if you just call super.clone repeatedly up the chain until you have cloned an object, you have a shallow\n" + " copy of the object. The clone generally shares state with the object being cloned. If that state is mutable, you don't have two independent objects.\n" + " If you modify one, the other changes as well. And all of a sudden, you get random behavior.\n" + "\n" + "A copy constructor or copy factory should be used instead.\n" + "This rule raises an issue when clone is overridden, whether or not Cloneable is implemented.\n" + "**Noncompliant Code Example**\n" + "\n" + "public class MyClass {\n" + " // ...\n" + "\n" + " public Object clone() { // Noncompliant\n" + " //...\n" + " }\n" + "}\n" + "\n" + "**Compliant Solution**\n" + "\n" + "public class MyClass {\n" + " // ...\n" + "\n" + " MyClass (MyClass source) {\n" + " //...\n" + " }\n" + "}", + item.description, + ) + self.assertEqual(str, type(item.severity)) + self.assertEqual("Critical", item.severity) + self.assertEqual(str, type(item.mitigation)) + self.assertEqual( + 'Remove this "clone" implementation; use a copy constructor or copy factory instead.', + item.mitigation, + ) + self.assertEqual(str, type(item.references)) + self.assertMultiLineEqual( + "squid:S2975\n" "Copy Constructor versus Cloning\n" "S2157\n" "S1182", + item.references, + ) + self.assertEqual(str, type(item.file_path)) + self.assertEqual( + "java/org/apache/catalina/util/URLEncoder.java", item.file_path + ) + self.assertEqual(str, type(item.line)) + self.assertEqual("190", item.line) + self.assertEqual(str, type(item.unique_id_from_tool)) + self.assertEqual("AWK40IMu-pl6AHs22MnV", item.unique_id_from_tool) + self.assertEqual(bool, type(item.static_finding)) + self.assertEqual(True, item.static_finding) + self.assertEqual(bool, type(item.dynamic_finding)) + self.assertEqual(False, item.dynamic_finding) + + def test_detailed_parse_json_file_with_no_vulnerabilities_has_no_findings(self): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/sonarqube/sonar-no-finding.json" + ) + parser = SonarQubeParser() + parser.set_mode('detailed') + findings = parser.get_findings(my_file_handle, test) + self.assertEqual(0, len(findings)) + + def test_detailed_parse_json_file_with_single_vulnerability_has_single_finding(self): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/sonarqube/sonar-single-finding.json" + ) + parser = SonarQubeParser() + parser.set_mode('detailed') + findings = parser.get_findings(my_file_handle, test) + # common verifications + self.assertEqual(1, len(findings)) + # specific verifications + item = findings[0] + self.assertEqual(str, type(item.description)) + self.maxDiff = None + self.assertMultiLineEqual('A cross-site request forgery (CSRF) attack occurs when a trusted user of a web ' + 'application can be forced, by an attacker, to perform sensitive\nactions that he ' + 'didn’t intend, such as updating his profile or sending a message, more generally ' + 'anything that can change the state of the\napplication.\nThe attacker can trick ' + 'the user/victim to click on a link, corresponding to the privileged action, ' + 'or to visit a malicious web site that embeds a\nhidden web request and as web ' + 'browsers automatically include cookies, the actions can be authenticated and ' + 'sensitive.\n**Ask Yourself Whether**\n\n The web application uses cookies to ' + 'authenticate users. \n There exist sensitive operations in the web application ' + 'that can be performed when the user is authenticated. \n The state / resources ' + 'of the web application can be modified by doing HTTP POST or HTTP DELETE requests ' + 'for example. \n\nThere is a risk if you answered yes to any of those ' + 'questions.\n**Recommended Secure Coding Practices**\n\n Protection against CSRF ' + 'attacks is strongly recommended:\n \n to be activated by default for all ' + 'unsafe HTTP\n methods. \n implemented, for example, with an unguessable ' + 'CSRF token \n \n Of course all sensitive operations should not be performed ' + 'with safe HTTP methods like GET which are designed to be\n used only for ' + 'information retrieval. \n\n**Sensitive Code Example**\nFor a Django application, ' + 'the code is sensitive when,\n\n django.middleware.csrf.CsrfViewMiddleware is not ' + 'used in the Django settings: \n\n\nMIDDLEWARE = [\n ' + '\'django.middleware.security.SecurityMiddleware\',' + '\n \'django.contrib.sessions.middleware.SessionMiddleware\',' + '\n \'django.middleware.common.CommonMiddleware\',' + '\n \'django.contrib.auth.middleware.AuthenticationMiddleware\',' + '\n \'django.contrib.messages.middleware.MessageMiddleware\',' + '\n \'django.middleware.clickjacking.XFrameOptionsMiddleware\',\n] # Sensitive: ' + 'django.middleware.csrf.CsrfViewMiddleware is missing\n\n\n the CSRF protection ' + 'is disabled on a view: \n\n\n@csrf_exempt # Sensitive\ndef example(request):\n ' + 'return HttpResponse("default")\n\nFor a Flask application, the code is sensitive ' + 'when,\n\n the WTF_CSRF_ENABLED setting is set to false: \n\n\napp = Flask(' + '__name__)\napp.config[\'WTF_CSRF_ENABLED\'] = False # Sensitive\n\n\n the ' + 'application doesn’t use the CSRFProtect module: \n\n\napp = Flask(__name__) # ' + 'Sensitive: CSRFProtect is missing\n\n@app.route(\'/\')\ndef hello_world():\n ' + 'return \'Hello, World!\'\n\n\n the CSRF protection is disabled on a view: ' + '\n\n\napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(' + 'app)\n\n@app.route(\'/example/\', methods=[\'POST\'])\n@csrf.exempt # ' + 'Sensitive\ndef example():\n return \'example \'\n\n\n the CSRF protection is ' + 'disabled on a form: \n\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n ' + ' csrf = False # Sensitive\n\n name = TextField(\'name\')\n submit = ' + 'SubmitField(\'submit\')\n\n**Compliant Solution**\nFor a Django application,' + '\n\n it is recommended to protect all the views with ' + 'django.middleware.csrf.CsrfViewMiddleware: \n\n\nMIDDLEWARE = [\n ' + '\'django.middleware.security.SecurityMiddleware\',' + '\n \'django.contrib.sessions.middleware.SessionMiddleware\',' + '\n \'django.middleware.common.CommonMiddleware\',' + '\n \'django.middleware.csrf.CsrfViewMiddleware\', # Compliant\n ' + '\'django.contrib.auth.middleware.AuthenticationMiddleware\',' + '\n \'django.contrib.messages.middleware.MessageMiddleware\',' + '\n \'django.middleware.clickjacking.XFrameOptionsMiddleware\',\n]\n\n\n and ' + 'to not disable the CSRF protection on specific views: \n\n\ndef example(request): ' + '# Compliant\n return HttpResponse("default")\n\nFor a Flask application,' + '\n\n the CSRFProtect module should be used (and not disabled further with ' + 'WTF_CSRF_ENABLED set to false):\n \n\n\napp = Flask(__name__)\ncsrf = ' + 'CSRFProtect()\ncsrf.init_app(app) # Compliant\n\n\n and it is recommended to not ' + 'disable the CSRF protection on specific views or forms: \n\n\n@app.route(' + '\'/example/\', methods=[\'POST\']) # Compliant\ndef example():\n return ' + '\'example \'\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n csrf = ' + 'True # Compliant\n\n name = TextField(\'name\')\n submit = SubmitField(' + '\'submit\')\n\n'.strip(), + item.description) + self.assertEqual(str, type(item.line)) + self.assertEqual(8, 8) + self.assertEqual(str, type(item.unique_id_from_tool)) + self.assertEqual("AYvNd32RyD1npIoQXyT1", item.unique_id_from_tool) + + def test_detailed_parse_json_file_with_multiple_vulnerabilities_has_multiple_findings(self): + my_file_handle, product, engagement, test = self.init( + get_unit_tests_path() + "/scans/sonarqube/sonar-6-findings.json" + ) + parser = SonarQubeParser() + parser.set_mode('detailed') + findings = parser.get_findings(my_file_handle, test) + # common verifications + # (there is no aggregation to be done here) + self.assertEqual(6, len(findings)) diff --git a/unittests/tools/test_sonatype_parser.py b/unittests/tools/test_sonatype_parser.py index 6e4a9509e65..a3bfcf2a13c 100644 --- a/unittests/tools/test_sonatype_parser.py +++ b/unittests/tools/test_sonatype_parser.py @@ -10,6 +10,8 @@ def test_parse_file_with_one_vuln(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2016-2402", findings[0].unsaved_vulnerability_ids[0]) def test_parse_file_with_many_vulns(self): testfile = open("unittests/scans/sonatype/many_vulns.json") diff --git a/unittests/tools/test_ssh_audit_parser.py b/unittests/tools/test_ssh_audit_parser.py new file mode 100644 index 00000000000..a7bbf222567 --- /dev/null +++ b/unittests/tools/test_ssh_audit_parser.py @@ -0,0 +1,44 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.ssh_audit.parser import SSHAuditParser +from dojo.models import Test + + +class TestSSHAuditParser(DojoTestCase): + + def test_parse_file_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/ssh_audit/many_vulns.json") + parser = SSHAuditParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(20, len(findings)) + self.assertEqual(findings[0].title, "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2_CVE-2021-41617") + self.assertEqual(findings[1].title, "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2_CVE-2020-15778") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[13].severity, "Medium") + + def test_parse_file_with_many_vuln_has_many_findings2(self): + testfile = open("unittests/scans/ssh_audit/many_vulns2.json") + parser = SSHAuditParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(12, len(findings)) + self.assertEqual(findings[0].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4_ecdh-sha2-nistp256") + self.assertEqual(findings[1].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4_ecdh-sha2-nistp384") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[9].severity, "Medium") + + def test_parse_file_with_many_vuln_bug_fix(self): + testfile = open("unittests/scans/ssh_audit/bug_fix.json") + parser = SSHAuditParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(13, len(findings)) + self.assertEqual(findings[0].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5_ecdh-sha2-nistp256") + self.assertEqual(findings[1].title, "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5_ecdh-sha2-nistp384") + self.assertEqual(findings[0].severity, "High") diff --git a/unittests/tools/test_ssl_labs_parser.py b/unittests/tools/test_ssl_labs_parser.py index 4591b58d718..807dc049917 100644 --- a/unittests/tools/test_ssl_labs_parser.py +++ b/unittests/tools/test_ssl_labs_parser.py @@ -22,7 +22,7 @@ def test_parse_ok(self): self.assertEqual(findings[0].unsaved_endpoints[0].host, "defectdojo.mevitae.com") self.assertEqual(findings[0].cwe, 310) self.assertEqual(findings[0].severity, "Info") - self.assertTrue("TLS" in findings[0].description) + self.assertIn("TLS", findings[0].description) def test_parse_dh1024(self): parser = SslLabsParser() @@ -37,7 +37,7 @@ def test_parse_dh1024(self): self.assertEqual(findings[0].unsaved_endpoints[0].host, "dh1024.badssl.com") self.assertEqual(findings[0].cwe, 310) self.assertEqual(findings[0].severity, "Medium") - self.assertTrue("TLS" in findings[0].description) + self.assertIn("TLS", findings[0].description) def test_parse_3des(self): parser = SslLabsParser() @@ -52,7 +52,7 @@ def test_parse_3des(self): self.assertEqual(findings[0].unsaved_endpoints[0].host, "3des.badssl.com") self.assertEqual(findings[0].cwe, 310) self.assertEqual(findings[0].severity, "High") - self.assertTrue("TLS" in findings[0].description) + self.assertIn("TLS", findings[0].description) def test_parse_revoked(self): parser = SslLabsParser() @@ -67,7 +67,7 @@ def test_parse_revoked(self): self.assertEqual(findings[0].unsaved_endpoints[0].host, "revoked.badssl.com") self.assertEqual(findings[0].cwe, 310) self.assertEqual(findings[0].severity, "Critical") - self.assertTrue("TLS" in findings[0].description) + self.assertIn("TLS", findings[0].description) def test_parse_multiple(self): parser = SslLabsParser() @@ -84,7 +84,7 @@ def test_parse_multiple(self): foundCritical = False for finding in findings: - self.assertTrue("TLS" in finding.description) + self.assertIn("TLS", finding.description) self.assertEqual(finding.cwe, 310) if finding.severity == "Info": self.assertEqual(finding.title, "TLS Grade 'A+' for defectdojo.mevitae.com") diff --git a/unittests/tools/test_sslyze_parser.py b/unittests/tools/test_sslyze_parser.py index 53552dd0de4..c15fbf5e232 100644 --- a/unittests/tools/test_sslyze_parser.py +++ b/unittests/tools/test_sslyze_parser.py @@ -1,51 +1,154 @@ from os import path + from ..dojo_test_case import DojoTestCase from dojo.tools.sslyze.parser import SslyzeParser from dojo.models import Test class TestSslyzeJSONParser(DojoTestCase): - def test_parse_file_with_one_target_has_one_vuln(self): - testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_one_vuln.json")) + def test_parse_json_file_with_one_target_has_zero_vuln_old(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_zero_vuln_old.json")) parser = SslyzeParser() findings = parser.get_findings(testfile, Test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() + self.assertEqual(0, len(findings)) + + def test_parse_json_file_with_one_target_has_one_vuln_old(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_one_vuln_old.json")) + parser = SslyzeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual('Problems in certificate deployments (www.example.com:443)', finding.title) + description = '''www.example.com:443 has problems in certificate deployments: + - certificate has expired for trust store Android, version 9.0.0_r9 + - certificate has expired for trust store Apple, version iOS 13, iPadOS 13, macOS 10.15, watchOS 6, and tvOS 13 + - certificate has expired for trust store Java, version jdk-13.0.2 + - certificate has expired for trust store Mozilla, version 2019-11-28 + - certificate has expired for trust store Windows, version 2020-05-04''' + self.assertEqual(description, finding.description) + self.assertEqual('Medium', finding.severity) + + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual('www.example.com', endpoint.host) + self.assertEqual(443, endpoint.port) + + def test_parse_json_file_with_one_target_has_four_vuln_old(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_many_vuln_old.json")) + parser = SslyzeParser() + findings = parser.get_findings(testfile, Test()) + + self.assertEqual(4, len(findings)) + + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2014-0160', findings[0].unsaved_vulnerability_ids[0]) + + self.assertEqual(1, len(findings[1].unsaved_vulnerability_ids)) + self.assertEqual('CVE-2014-0224', findings[1].unsaved_vulnerability_ids[0]) + + def test_parse_json_file_with_two_target_has_many_vuln_old(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/two_targets_two_vuln_old.json")) + parser = SslyzeParser() + findings = parser.get_findings(testfile, Test()) - def test_parse_json_file_with_one_target_has_zero_vuln(self): - testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_zero_vuln.json")) + self.assertEqual(2, len(findings)) + + def test_parse_json_file_with_one_target_has_zero_vuln_new(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_zero_vuln_new.json")) parser = SslyzeParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings)) - def test_parse_json_file_with_one_target_has_one_vuln(self): - testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_one_vuln.json")) + def test_parse_json_file_with_one_target_has_one_vuln_new(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_one_vuln_new.json")) parser = SslyzeParser() findings = parser.get_findings(testfile, Test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual('Unrecommended cipher suites for TLS 1.2 (example.com:443)', finding.title) + description = '''example.com:443 accepts unrecommended cipher suites for TLS 1.2: + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_RSA_WITH_AES_256_CCM_8 + - TLS_RSA_WITH_AES_256_CCM + - TLS_RSA_WITH_AES_256_CBC_SHA256 + - TLS_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_128_CCM_8 + - TLS_RSA_WITH_AES_128_CCM + - TLS_RSA_WITH_AES_128_CBC_SHA256 + - TLS_RSA_WITH_AES_128_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_DHE_RSA_WITH_AES_256_CCM_8 + - TLS_DHE_RSA_WITH_AES_256_CBC_SHA + - TLS_DHE_RSA_WITH_AES_128_CCM_8 + - TLS_DHE_RSA_WITH_AES_128_CBC_SHA''' + self.assertEqual(description, finding.description) + self.assertEqual('Medium', finding.severity) + self.assertEqual( + 'TLS recommendations of German BSI: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf?__blob=publicationFile&v=10', + finding.references + ) + + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual('example.com', endpoint.host) + self.assertEqual(443, endpoint.port) - def test_parse_json_file_with_one_target_has_four_vuln(self): - testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_many_vuln.json")) + def test_parse_json_file_with_one_target_has_three_vuln_new(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/one_target_many_vuln_new.json")) parser = SslyzeParser() findings = parser.get_findings(testfile, Test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(4, len(findings)) + self.assertEqual(3, len(findings)) - def test_parse_json_file_with_two_target_has_many_vuln(self): - testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/two_targets_two_vuln.json")) + def test_parse_json_file_with_two_target_has_many_vuln_new(self): + testfile = open(path.join(path.dirname(__file__), "../scans/sslyze/two_targets_many_vuln_new.json")) parser = SslyzeParser() findings = parser.get_findings(testfile, Test()) - for finding in findings: - for endpoint in finding.unsaved_endpoints: - endpoint.clean() - self.assertEqual(2, len(findings)) + self.assertEqual(5, len(findings)) + + # We look at 2 examplary findings, the others are similar and don't give more test coverage + finding = findings[0] + self.assertEqual('Unrecommended cipher suites for TLS 1.2 (example.com:443)', finding.title) + description = '''example.com:443 accepts unrecommended cipher suites for TLS 1.2: + - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_RSA_WITH_AES_256_CBC_SHA256 + - TLS_RSA_WITH_AES_256_CBC_SHA + - TLS_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_128_CBC_SHA256 + - TLS_RSA_WITH_AES_128_CBC_SHA + - TLS_RSA_WITH_3DES_EDE_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + - TLS_DHE_RSA_WITH_AES_256_CBC_SHA + - TLS_DHE_RSA_WITH_AES_128_CBC_SHA''' + self.assertEqual(description, finding.description) + self.assertEqual('Medium', finding.severity) + self.assertEqual( + 'TLS recommendations of German BSI: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf?__blob=publicationFile&v=10', + finding.references + ) + + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual('example.com', endpoint.host) + self.assertEqual(443, endpoint.port) + + finding = findings[1] + self.assertEqual('TLS 1.0 not recommended (example2.com:443)', finding.title) + self.assertEqual('example2.com:443 accepts TLS 1.0 connections', finding.description) + self.assertEqual('Medium', finding.severity) + self.assertEqual( + 'TLS recommendations of German BSI: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-2.pdf?__blob=publicationFile&v=10', + finding.references + ) + + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual('example2.com', endpoint.host) + self.assertEqual(443, endpoint.port) class TestSSLyzeXMLParser(DojoTestCase): diff --git a/unittests/tools/test_stackhawk_parser.py b/unittests/tools/test_stackhawk_parser.py new file mode 100644 index 00000000000..6b100b5aa14 --- /dev/null +++ b/unittests/tools/test_stackhawk_parser.py @@ -0,0 +1,260 @@ +import datetime + +from dojo.tools.stackhawk.parser import StackHawkParser +from dojo.models import Test, Finding +from unittests.dojo_test_case import DojoTestCase + + +class TestStackHawkParser(DojoTestCase): + __test_datetime = datetime.datetime(2022, 2, 16, 23, 7, 19, 575000, datetime.timezone.utc) + + def test_invalid_json_format(self): + testfile = open("unittests/scans/stackhawk/invalid.json") + parser = StackHawkParser() + with self.assertRaises(ValueError): + parser.get_findings(testfile, Test()) + + def test_parser_ensures_data_is_for_stackhawk_before_parsing(self): + testfile = open("unittests/scans/stackhawk/oddly_familiar_json_that_isnt_us.json") + parser = StackHawkParser() + with self.assertRaises(ValueError): + parser.get_findings(testfile, Test()) + + def test_stackhawk_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/stackhawk/stackhawk_zero_vul.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_stackhawk_parser_with_one_high_vuln_has_one_findings(self): + testfile = open("unittests/scans/stackhawk/stackhawk_one_vul.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + + finding = findings[0] + + self.__assertFindingEquals( + finding, + "Anti CSRF Tokens Scanner", + self.__test_datetime, + "Secured Application", + "Development", + "High", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012", + "20012", + "10", + False, + False + ) + + def test_stackhawk_parser_with_many_vuln_has_many_findings_and_removes_duplicates(self): + testfile = open("unittests/scans/stackhawk/stackhawk_many_vul.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(6, len(findings)) + + self.__assertFindingEquals( + findings[0], + "Cookie Slack Detector", + self.__test_datetime, + "Secured Application", + "Development", + "Low", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027", + "90027", + "10", + False, + False + ) + + self.__assertFindingEquals( + findings[1], + "Proxy Disclosure", + self.__test_datetime, + "Secured Application", + "Development", + "Medium", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025", + "40025", + "10", + False, + False + ) + + self.__assertFindingEquals( + findings[2], + "Anti CSRF Tokens Scanner", + self.__test_datetime, + "Secured Application", + "Development", + "High", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012", + "20012", + "10", + False, + False + ) + + self.__assertFindingEquals( + findings[3], + "Cross Site Scripting Weakness (Reflected in JSON Response)", + self.__test_datetime, + "Secured Application", + "Development", + "High", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012", + "40012", + "1", + False, + False + ) + + self.__assertFindingEquals( + findings[4], + "Content Security Policy (CSP) Header Not Set", + self.__test_datetime, + "Secured Application", + "Development", + "Medium", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038", + "10038", + "12", + False, + False + ) + + self.__assertFindingEquals( + findings[5], + "Permissions Policy Header Not Set", + self.__test_datetime, + "Secured Application", + "Development", + "Low", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063", + "10063", + "12", + False, + False + ) + + def test_that_a_scan_import_updates_the_test_description(self): + testfile = open("unittests/scans/stackhawk/stackhawk_zero_vul.json") + parser = StackHawkParser() + test = Test() + parser.get_findings(testfile, test) + testfile.close() + self.assertEqual( + test.description, + 'View scan details here: ' + + '[https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27]' + + '(https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27)' + ) + + def test_that_a_scan_with_all_false_positive_endpoints_on_a_finding_marks_as_false_positive(self): + testfile = open("unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_false_positive.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + self.__assertFindingEquals( + findings[0], + "Cookie Slack Detector", + self.__test_datetime, + "Secured Application", + "Development", + "Low", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027", + "90027", + "3", + True, + False + ) + + def test_that_a_scan_with_all_risk_accepted_endpoints_on_a_finding_marks_as_risk_accepted(self): + testfile = open("unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_risk_accepted.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + self.__assertFindingEquals( + findings[0], + "Cookie Slack Detector", + self.__test_datetime, + "Secured Application", + "Development", + "Low", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027", + "90027", + "3", + False, + True + ) + + def test_that_a_scan_with_endpoints_in_differing_statuses_does_not_mark_as_risk_accepted_or_false_positive(self): + testfile = open("unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_have_different_status.json") + parser = StackHawkParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.__assertAllEndpointsAreClean(findings) + self.assertEqual(1, len(findings)) + self.__assertFindingEquals( + findings[0], + "Cookie Slack Detector", + self.__test_datetime, + "Secured Application", + "Development", + "Low", + "https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027", + "90027", + "3", + False, + False + ) + + def __assertFindingEquals( + self, + actual_finding: Finding, + title, + date: datetime.datetime, + application_name, + environment, + severity, + finding_url, + finding_id, + count, + false_positive, + risk_accepted + ): + self.assertEqual(title, actual_finding.title) + self.assertEqual(date, actual_finding.date) + self.assertEqual(application_name, actual_finding.component_name) + self.assertEqual(environment, actual_finding.component_version) + self.assertEqual(severity, actual_finding.severity) + self.assertEqual("View this finding in the StackHawk platform at:\n[" + finding_url + '](' + finding_url + ')', + actual_finding.description) + self.assertRegex( + actual_finding.steps_to_reproduce, + "Use a specific message link and click 'Validate' to see the cURL!.*" + ) + self.assertFalse(actual_finding.static_finding) + self.assertTrue(actual_finding.dynamic_finding) + self.assertEqual(finding_id, actual_finding.vuln_id_from_tool) + self.assertEqual(count, actual_finding.nb_occurences) + self.assertEqual(application_name, actual_finding.service) + self.assertEqual(false_positive, actual_finding.false_p) + self.assertEqual(risk_accepted, actual_finding.risk_accepted) + # The following fields should be not be set from this parser. + self.assertIsNone(actual_finding.unique_id_from_tool) + + def __assertAllEndpointsAreClean(self, findings): + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() diff --git a/unittests/tools/test_sysdig_reports_parser.py b/unittests/tools/test_sysdig_reports_parser.py new file mode 100644 index 00000000000..98d30fcfc25 --- /dev/null +++ b/unittests/tools/test_sysdig_reports_parser.py @@ -0,0 +1,72 @@ +from django.test import TestCase +from dojo.tools.sysdig_reports.parser import SysdigReportsParser +from dojo.models import Test + + +class TestSysdigParser(TestCase): + + def test_sysdig_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_zero_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_sysdig_parser_with_one_criticle_vuln_has_one_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_one_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("com.fasterxml.jackson.core:jackson-databind", findings[0].component_name) + self.assertEqual("2.9.7", findings[0].component_version) + self.assertEqual("CVE-2018-19360", findings[0].cve) + + def test_sysdig_parser_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_many_vul.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(50, len(findings)) + + def test_sysdig_parser_missing_cve_field_id_from_csv_file(self): + with self.assertRaises(ValueError) as context: + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_missing_cve_field.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual( + "Number of fields in row (22) does not match number of headers (21)", str(context.exception) + ) + + def test_sysdig_parser_missing_cve_field_not_starting_with_cve(self): + with self.assertRaises(ValueError) as context: + testfile = open("unittests/scans/sysdig_reports/sysdig_reports_not_starting_with_cve.csv") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual( + "Number of fields in row (22) does not match number of headers (21)", str(context.exception) + ) + + def test_sysdig_parser_json_with_many_findings(self): + testfile = open("unittests/scans/sysdig_reports/sysdig.json") + parser = SysdigReportsParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(207, len(findings)) diff --git a/unittests/tools/test_talisman_parser.py b/unittests/tools/test_talisman_parser.py new file mode 100644 index 00000000000..1fb15a37dab --- /dev/null +++ b/unittests/tools/test_talisman_parser.py @@ -0,0 +1,44 @@ +from dojo.models import Test +from dojo.tools.talisman.parser import TalismanParser + +from ..dojo_test_case import DojoTestCase + + +class TestTalismanParser(DojoTestCase): + def test_parse_empty(self): + testfile = open("unittests/scans/talisman/no_finding.json") + parser = TalismanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/talisman/one_finding.json") + parser = TalismanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("password.html", finding.file_path) + self.assertEqual("Secret pattern found in password.html file", finding.title) + self.assertIsNotNone(finding.description) + + def test_parse_many_finding(self): + testfile = open("unittests/scans/talisman/many_findings.json") + parser = TalismanParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(3, len(findings)) + finding = findings[0] + self.assertEqual( + "talisman_report/talisman_reports/data/report.json", finding.file_path + ) + self.assertEqual( + "Secret pattern found in talisman_report/talisman_reports/data/report.json file", + finding.title, + ) + self.assertIsNotNone(finding.description) + finding = findings[1] + self.assertEqual("README.md", finding.file_path) + self.assertEqual("Secret pattern found in README.md file", finding.title) + self.assertIsNotNone(finding.description) diff --git a/unittests/tools/test_tenable_parser.py b/unittests/tools/test_tenable_parser.py new file mode 100644 index 00000000000..482d46cdad6 --- /dev/null +++ b/unittests/tools/test_tenable_parser.py @@ -0,0 +1,270 @@ +from os import path +from ..dojo_test_case import DojoTestCase +from dojo.tools.tenable.parser import TenableParser +from dojo.models import Finding, Test, Engagement, Product + + +class TestTenableParser(DojoTestCase): + def create_test(self): + test = Test() + test.engagement = Engagement() + test.engagement.product = Product() + return test + + def test_parse_some_findings_nessus_legacy(self): + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln.xml")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(6, len(findings)) + finding = findings[5] + self.assertEqual("Info", finding.severity) + self.assertIsNone(finding.cwe) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual("https", endpoint.protocol) + endpoint = finding.unsaved_endpoints[1] + self.assertEqual("tcp", endpoint.protocol) + + def test_parse_some_findings_csv_nessus_legacy(self): + """Test one report provided by a user""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln.csv")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(4, len(findings)) + for i in [0, 1, 2, 3]: + finding = findings[i] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Medium", finding.severity) + self.assertEqual(0, finding.cwe) + # check some data + finding = findings[0] + self.assertEqual(1, len(finding.unsaved_endpoints)) + self.assertEqual("10.1.1.1", finding.unsaved_endpoints[0].host) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", finding.cvssv3) + # TODO work on component attributes for Nessus CSV parser + self.assertIsNotNone(finding.component_name) + self.assertEqual("md5", finding.component_name) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2004-2761", finding.unsaved_vulnerability_ids[0]) + # this vuln have 'CVE-2013-2566,CVE-2015-2808' as CVE + finding = findings[3] + print(f"finding.unsaved_vulnerability_ids: {finding.unsaved_vulnerability_ids} - {type(finding.unsaved_vulnerability_ids)} - {type(finding.unsaved_vulnerability_ids[0])}") + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2013-2566", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2015-2808", finding.unsaved_vulnerability_ids[1]) + + def test_parse_some_findings_csv2_nessus_legacy(self): + """Test that use default columns of Nessus Pro 8.13.1 (#257)""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln2-default.csv")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(29, len(findings)) + finding = findings[0] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Info", finding.severity) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + self.assertEqual(0, finding.cwe) + self.assertEqual("HTTP Server Type and Version", finding.title) + finding = findings[25] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2004-2761", finding.unsaved_vulnerability_ids[0]) + + def test_parse_some_findings_csv2_all_nessus_legacy(self): + """Test that use a report with all columns of Nessus Pro 8.13.1 (#257)""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln2-all.csv")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(29, len(findings)) + finding = findings[0] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Info", finding.severity) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + self.assertEqual(0, finding.cwe) + self.assertEqual("HTTP Server Type and Version", finding.title) + finding = findings[25] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2004-2761", finding.unsaved_vulnerability_ids[0]) + + def test_parse_some_findings_csv_bytes_nessus_legacy(self): + """This tests is designed to test the parser with different read modes""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln2-all.csv")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln2-all.csv"), "rt") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_many_vuln2-all.csv"), "rb") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + def test_parse_some_findings_samples_nessus_legacy(self): + """Test that come from samples repo""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_v_unknown.xml")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(32, len(findings)) + + finding = findings[0] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Info", finding.severity) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("Nessus Scan Information", finding.title) + + finding = findings[25] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual("Nessus SYN scanner", finding.title) + self.assertEqual("Info", finding.severity) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + endpoint = finding.unsaved_endpoints[26] + self.assertEqual("http", endpoint.protocol) + endpoint = finding.unsaved_endpoints[37] + self.assertEqual("tcp", endpoint.protocol) + + finding = findings[9] + self.assertEqual(7, len(finding.unsaved_vulnerability_ids)) + for vulnerability_id in finding.unsaved_vulnerability_ids: + self.assertEqual('CVE-2005-1794', vulnerability_id) + + def test_parse_some_findings_with_cvssv3_nessus_legacy(self): + """test with cvssv3""" + testfile = open(path.join(path.dirname(__file__), "../scans/tenable/nessus/nessus_with_cvssv3.nessus")) + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(48, len(findings)) + finding = findings[3] + self.assertEqual("Medium", finding.severity) + self.assertIsNone(finding.cwe) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual("http", endpoint.protocol) + self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", finding.cvssv3) + + def test_parse_many_findings_xml_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_many_vuln.xml") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(5, len(findings)) + for i in [0, 1, 2, 3, 4]: + finding = findings[i] + self.assertEqual('http', finding.unsaved_endpoints[0].protocol) + self.assertIsNone(finding.cwe) + finding = findings[0] + self.assertEqual('High', finding.severity) + self.assertEqual('Cross-Site Scripting (XSS)', finding.title) + + def test_parse_one_findings_xml_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_one_vuln.xml") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual('http', finding.unsaved_endpoints[0].protocol) + self.assertIsNone(finding.cwe) + self.assertEqual('High', finding.severity) + self.assertEqual('Cross-Site Scripting (XSS)', finding.title) + + def test_parse_no_findings_xml_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_no_vuln.xml") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(0, len(findings)) + + def test_parse_many_findings_csv_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_many_vuln.csv") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(5, len(findings)) + for i in [0, 1, 2, 3, 4]: + finding = findings[i] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual('google.com', finding.unsaved_endpoints[0].host) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + finding = findings[0] + self.assertEqual('7.1', finding.cvssv3_score) + self.assertEqual('High', finding.severity) + self.assertEqual('http', finding.unsaved_endpoints[0].protocol) + + def test_parse_one_findings_csv_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_one_vuln.csv") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual('google.com', finding.unsaved_endpoints[0].host) + self.assertEqual(0, len(finding.unsaved_vulnerability_ids)) + self.assertEqual('7.1', finding.cvssv3_score) + self.assertEqual('High', finding.severity) + self.assertEqual('http', finding.unsaved_endpoints[0].protocol) + + def test_parse_no_findings_csv_nessus_was_legacy(self): + testfile = open("unittests/scans/tenable/nessus_was/nessus_was_no_vuln.csv") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + self.assertEqual(0, len(findings)) + + def test_parse_many_tenable_vulns(self): + testfile = open("unittests/scans/tenable/tenable_many_vuln.csv") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(9, len(findings)) + finding = findings[0] + self.assertIn(finding.severity, Finding.SEVERITIES) + self.assertEqual('High', finding.severity) + self.assertEqual('ip-127-0-0-1.us-west-2.compute.internal', finding.unsaved_endpoints[0].host) + self.assertEqual('Amazon Linux 2 : kernel (ALAS-2023-2050)', finding.title) + self.assertEqual('tcp', finding.unsaved_endpoints[0].protocol) + self.assertEqual(None, finding.unsaved_endpoints[0].port) + self.assertIn('https://alas.aws.amazon.com/AL2/ALAS-2023-2050.html', finding.references) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + for vulnerability_id in finding.unsaved_vulnerability_ids: + self.assertEqual('CVE-2023-32233', vulnerability_id) diff --git a/unittests/tools/test_testssl_parser.py b/unittests/tools/test_testssl_parser.py index 11842d14f9d..05a7e55ef9a 100644 --- a/unittests/tools/test_testssl_parser.py +++ b/unittests/tools/test_testssl_parser.py @@ -37,7 +37,11 @@ def test_parse_file_with_many_vuln_has_many_findings(self): finding = findings[50] self.assertEqual("Low", finding.severity) self.assertEqual(310, finding.cwe) - self.assertEqual("CVE-2013-0169", finding.cve) + self.assertEqual(4, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2013-0169", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2013-0169", finding.unsaved_vulnerability_ids[1]) + self.assertEqual("CVE-2013-0169", finding.unsaved_vulnerability_ids[2]) + self.assertEqual("CVE-2013-0169", finding.unsaved_vulnerability_ids[3]) self.assertEqual(310, finding.cwe) def test_parse_file_with_many_cves(self): @@ -51,12 +55,14 @@ def test_parse_file_with_many_cves(self): finding = findings[0] self.assertEqual("DROWN", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2016-0800", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2016-0800", finding.unsaved_vulnerability_ids[0]) self.assertEqual(310, finding.cwe) finding = findings[1] self.assertEqual("DROWN", finding.title) self.assertEqual("High", finding.severity) - self.assertEqual("CVE-2016-0703", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2016-0703", finding.unsaved_vulnerability_ids[0]) self.assertEqual(310, finding.cwe) def test_parse_file_with_31_version(self): @@ -76,3 +82,30 @@ def test_parse_file_with_31_version2(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(3, len(findings)) + + def test_parse_file_with_one_vuln_has_overall_medium(self): + testfile = open("unittests/scans/testssl/overall_medium.csv") + parser = TestsslParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(2, len(findings)) + + def test_parse_file_with_one_vuln_has_overall_critical(self): + testfile = open("unittests/scans/testssl/overall_critical.csv") + parser = TestsslParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(145, len(findings)) + + def test_parse_file_with_one_vuln_has_failed_target(self): + testfile = open("unittests/scans/testssl/failed_target.csv") + parser = TestsslParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) diff --git a/unittests/tools/test_threagile_parser.py b/unittests/tools/test_threagile_parser.py new file mode 100644 index 00000000000..396907be4d2 --- /dev/null +++ b/unittests/tools/test_threagile_parser.py @@ -0,0 +1,70 @@ +from dojo.models import Test +from dojo.tools.threagile.parser import ThreagileParser +from unittests.dojo_test_case import DojoTestCase + + +class TestThreAgileParser(DojoTestCase): + def test_non_threagile_file_raises_error(self): + with open("unittests/scans/threagile/bad_formatted_risks_file.json") as testfile: + parser = ThreagileParser() + with self.assertRaises(ValueError) as exc_context: + parser.get_findings(testfile, Test()) + exc = exc_context.exception + self.assertEqual("Invalid ThreAgile risks file", str(exc)) + + def test_empty_file_returns_no_findings(self): + with open("unittests/scans/threagile/empty_file_no_risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_file_with_vulnerabilities_returns_correct_findings(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(6, len(findings)) + finding = findings[0] + self.assertEqual("unguarded-direct-datastore-access", finding.title) + self.assertEqual("\u003cb\u003eUnguarded Direct Datastore Access\u003c/b\u003e of \u003cb\u003ePoliciesRegoStorage\u003c/b\u003e by \u003cb\u003eEnergon\u003c/b\u003e via \u003cb\u003eEnergonToPolicyRegoFileStorage\u003c/b\u003e", finding.description) + self.assertEqual("High", finding.severity) + self.assertEqual("unguarded-direct-datastore-access@energon-ta>energontopolicyregofilestorage@energon-ta@policies-rego-storage-ta", finding.unique_id_from_tool) + self.assertEqual(501, finding.cwe) + self.assertEqual("medium", finding.impact) + self.assertEqual("policies-rego-storage-ta", finding.component_name) + + def test_in_discussion_is_under_review(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[1] + self.assertTrue(finding.under_review) + + def test_accepted_finding_is_accepted(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[2] + self.assertTrue(finding.risk_accepted) + + def test_in_progress_is_verified(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[3] + self.assertTrue(finding.verified) + + def test_mitigated_is_mitigated(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[4] + self.assertTrue(finding.is_mitigated) + self.assertEqual("some-runtime", finding.component_name) + + def test_false_positive_is_false_positive(self): + with open("unittests/scans/threagile/risks.json") as testfile: + parser = ThreagileParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[5] + self.assertTrue(finding.false_p) + self.assertEqual("some-component\u003esome-traffic", finding.component_name) diff --git a/unittests/tools/test_trivy_operator_parser.py b/unittests/tools/test_trivy_operator_parser.py new file mode 100644 index 00000000000..60b012646cb --- /dev/null +++ b/unittests/tools/test_trivy_operator_parser.py @@ -0,0 +1,138 @@ +import os.path + +from ..dojo_test_case import DojoTestCase, get_unit_tests_path +from dojo.tools.trivy_operator.parser import TrivyOperatorParser +from dojo.models import Test + + +def sample_path(file_name): + return os.path.join(get_unit_tests_path() + "/scans/trivy_operator", file_name) + + +class TestTrivyOperatorParser(DojoTestCase): + + def test_configauditreport_no_vuln(self): + test_file = open(sample_path("configauditreport_no_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 0) + + def test_configauditreport_single_vulns(self): + test_file = open(sample_path("configauditreport_single_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("KSV014", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("KSV014 - Root file system is not read-only", finding.title) + + def test_configauditreport_many_vulns(self): + test_file = open(sample_path("configauditreport_many.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 13) + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("KSV014", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("KSV014 - Root file system is not read-only", finding.title) + finding = findings[1] + self.assertEqual("Low", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("KSV016", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("KSV016 - Memory requests not specified", finding.title) + + def test_vulnerabilityreport_no_vuln(self): + test_file = open(sample_path("vulnerabilityreport_no_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 0) + + def test_vulnerabilityreport_single_vulns(self): + test_file = open(sample_path("vulnerabilityreport_single_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2023-23914", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2023-23914 curl 7.87.0-r1", finding.title) + self.assertEqual("7.87.0-r2", finding.mitigation) + self.assertEqual(4.2, finding.cvssv3_score) + + def test_vulnerabilityreport_many(self): + test_file = open(sample_path("vulnerabilityreport_many.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 41) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2023-23914", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2023-23914 curl 7.87.0-r1", finding.title) + self.assertEqual("7.87.0-r2", finding.mitigation) + self.assertEqual(4.2, finding.cvssv3_score) + finding = findings[1] + self.assertEqual("High", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2023-23916", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2023-23916 curl 7.87.0-r1", finding.title) + self.assertEqual("7.87.0-r2", finding.mitigation) + self.assertEqual(6.5, finding.cvssv3_score) + + def test_exposedsecretreport_no_vuln(self): + test_file = open(sample_path("exposedsecretreport_no_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 0) + + def test_exposedsecretreport_single_vulns(self): + test_file = open(sample_path("exposedsecretreport_single_vuln.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("aws-secret-access-key", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("aws-secret-access-key", finding.references) + self.assertEqual("root/aws_secret.txt", finding.file_path) + self.assertEqual("Secret detected in root/aws_secret.txt - AWS Secret Access Key", finding.title) + + def test_exposedsecretreport_many(self): + test_file = open(sample_path("exposedsecretreport_many.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 2) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("aws-secret-access-key", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("aws-secret-access-key", finding.references) + self.assertEqual("root/aws_secret.txt", finding.file_path) + self.assertEqual("Secret detected in root/aws_secret.txt - AWS Secret Access Key", finding.title) + finding = findings[1] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("github-pat", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("github-pat", finding.references) + self.assertEqual("root/github_secret.txt", finding.file_path) + self.assertEqual("Secret detected in root/github_secret.txt - GitHub Personal Access Token", finding.title) + + def test_vulnerabilityreport_extended(self): + test_file = open(sample_path("vulnerabilityreport_extended.json")) + parser = TrivyOperatorParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 5) + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2024-0553", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2024-0553 libgnutls30 3.6.13-2ubuntu1.9", finding.title) + self.assertEqual("3.6.13-2ubuntu1.10", finding.mitigation) + self.assertEqual(5.9, finding.cvssv3_score) + self.assertEqual("ubuntu:20.04 (ubuntu 20.04)", finding.file_path) + self.assertEqual("os-pkgs, ubuntu", str(finding.tags)) diff --git a/unittests/tools/test_trivy_parser.py b/unittests/tools/test_trivy_parser.py index 70e0ee7db6c..33390be18ea 100644 --- a/unittests/tools/test_trivy_parser.py +++ b/unittests/tools/test_trivy_parser.py @@ -1,4 +1,5 @@ import os.path +import re from ..dojo_test_case import DojoTestCase, get_unit_tests_path from dojo.tools.trivy.parser import TrivyParser @@ -24,7 +25,8 @@ def test_legacy_many_vulns(self): self.assertEqual(len(findings), 93) finding = findings[0] self.assertEqual("Low", finding.severity) - self.assertEqual("CVE-2011-3374", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2011-3374", finding.unsaved_vulnerability_ids[0]) self.assertEqual(347, finding.cwe) self.assertEqual("apt", finding.component_name) self.assertEqual("1.8.2.2", finding.component_version) @@ -39,15 +41,15 @@ def test_scheme_2_many_vulns(self): test_file = open(sample_path("scheme_2_many_vulns.json")) parser = TrivyParser() findings = parser.get_findings(test_file, Test()) - self.assertEqual(len(findings), 5) - finding = findings[0] self.assertEqual("Medium", finding.severity) self.assertEqual('CVE-2020-15999 freetype 2.9.1-r2', finding.title) - self.assertEqual("CVE-2020-15999", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-15999", finding.unsaved_vulnerability_ids[0]) self.assertEqual(787, finding.cwe) self.assertEqual("freetype", finding.component_name) + self.assertEqual("app/libs/freetype-2.9.1-r2", finding.file_path) self.assertEqual("2.9.1-r2", finding.component_version) self.assertIsNotNone(finding.description) self.assertIsNotNone(finding.references) @@ -55,13 +57,14 @@ def test_scheme_2_many_vulns(self): self.assertEqual('CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', finding.cvssv3) self.assertTrue(finding.static_finding) self.assertFalse(finding.dynamic_finding) - finding = findings[1] self.assertEqual("High", finding.severity) self.assertEqual('CVE-2020-28196 krb5-libs 1.15.5-r0', finding.title) - self.assertEqual("CVE-2020-28196", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-28196", finding.unsaved_vulnerability_ids[0]) self.assertEqual(674, finding.cwe) self.assertEqual("krb5-libs", finding.component_name) + self.assertEqual("app/libs/krb5-libs-1.15.5-r0", finding.file_path) self.assertEqual("1.15.5-r0", finding.component_version) self.assertIsNotNone(finding.description) self.assertIsNotNone(finding.references) @@ -69,3 +72,156 @@ def test_scheme_2_many_vulns(self): self.assertIsNone(finding.cvssv3) self.assertTrue(finding.static_finding) self.assertFalse(finding.dynamic_finding) + + def test_misconfigurations_and_secrets(self): + test_file = open(sample_path("misconfigurations_and_secrets.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 5) + finding = findings[2] + self.assertEqual('DS002 - Image user should not be \'root\'', finding.title) + self.assertEqual('High', finding.severity) + description = '''**Target:** Dockerfile +**Type:** Dockerfile Security Check + +Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. +Specify at least 1 USER command in Dockerfile with non-root user as argument +''' + self.assertEqual(description, finding.description) + self.assertEqual('Add \'USER \' line to the Dockerfile', finding.mitigation) + references = '''https://avd.aquasec.com/misconfig/ds002 +https://docs.docker.com/develop/develop-images/dockerfile_best-practices/''' + self.assertEqual(references, finding.references) + self.assertEqual(['config', 'dockerfile'], finding.tags) + finding = findings[3] + self.assertEqual('Secret detected in Dockerfile - GitHub Personal Access Token', finding.title) + self.assertEqual('Critical', finding.severity) + description = '''GitHub Personal Access Token +**Category:** GitHub +**Match:** ENV GITHUB_PAT=***** +''' + self.assertEqual(description, finding.description) + self.assertEqual('Dockerfile', finding.file_path) + self.assertEqual(24, finding.line) + self.assertEqual(['secret'], finding.tags) + + def test_kubernetes(self): + test_file = open(sample_path("kubernetes.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 20) + finding = findings[0] + self.assertEqual('CVE-2020-27350 apt 1.8.2.1', finding.title) + self.assertEqual('Medium', finding.severity) + description = '''apt: integer overflows and underflows while parsing .deb packages +**Target:** gcr.io/google_samples/gb-redis-follower:v2 (debian 10.4) +**Type:** debian +**Fixed version:** 1.8.2.2 + +APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; +''' + self.assertEqual(description, finding.description) + self.assertEqual('1.8.2.2', finding.mitigation) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-27350", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(['debian', 'os-pkgs'], finding.tags) + self.assertEqual('apt', finding.component_name) + self.assertEqual('1.8.2.1', finding.component_version) + self.assertEqual('default / Deployment / redis-follower', finding.service) + self.assertEqual(finding.file_path, "gcr.io/google_samples/gb-redis-follower:v2 (debian 10.4)") + finding = findings[5] + self.assertEqual('CVE-2020-27350 apt 1.8.2.1', finding.title) + self.assertEqual('Medium', finding.severity) + description = '''apt: integer overflows and underflows while parsing .deb packages +**Target:** docker.io/redis:6.0.5 (debian 10.4) +**Type:** debian +**Fixed version:** 1.8.2.2 + +APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; +''' + self.assertEqual(description, finding.description) + self.assertEqual('1.8.2.2', finding.mitigation) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-27350", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(['debian', 'os-pkgs'], finding.tags) + self.assertEqual('apt', finding.component_name) + self.assertEqual('1.8.2.1', finding.component_version) + self.assertEqual('default / Deployment / redis-leader', finding.service) + finding = findings[10] + self.assertEqual('KSV001 - Process can elevate its own privileges', finding.title) + self.assertEqual('Medium', finding.severity) + description = '''**Target:** Deployment/redis-follower +**Type:** Kubernetes Security Check + +A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. +Container 'follower' of Deployment 'redis-follower' should set 'securityContext.allowPrivilegeEscalation' to false +Number Content +132 - image: gcr.io/google_samples/gb-redis-follower:v2 +133 imagePullPolicy: IfNotPresent +134 name: follower +135 ports: +136 - containerPort: 6379 +137 protocol: TCP +138 resources: +139 requests: +140 cpu: 100m +141''' + re_description = re.sub(r"\s+", " ", description) + re_finding_description = re.sub(r"\s+", " ", finding.description) + self.assertEqual(re_description.strip(), re_finding_description.strip()) + self.assertEqual('Set \'set containers[].securityContext.allowPrivilegeEscalation\' to \'false\'.', finding.mitigation) + self.assertIsNone(finding.unsaved_vulnerability_ids) + self.assertEqual(['config', 'kubernetes'], finding.tags) + self.assertIsNone(finding.component_name) + self.assertIsNone(finding.component_version) + self.assertEqual('default / Deployment / redis-follower', finding.service) + + def test_license_scheme(self): + test_file = open(sample_path("license_scheme.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 19) + finding = findings[0] + self.assertEqual("High", finding.severity) + self.assertEqual("", finding.file_path) + self.assertEqual(1, finding.scanner_confidence) + self.assertEqual("", finding.url) + description = '''GPL-2.0 +**Category:** restricted +**Package:** alpine-baselayout +''' + self.assertEqual(description, finding.description) + + def test_issue_9092(self): + test_file = open(sample_path("issue_9092.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(finding.file_path, "requirements.txt") + + def test_issue_9170(self): + test_file = open(sample_path("issue_9170.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 37) + finding = findings[0] + self.assertEqual("Low", finding.severity) + self.assertEqual("KSV116 - Runs with a root primary or supplementary GID", finding.title) + + def test_issue_9263(self): + test_file = open(sample_path("issue_9263.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) + finding = findings[0] + self.assertEqual("High", finding.severity) + + def test_issue_9333(self): + test_file = open(sample_path("issue_9333.json")) + parser = TrivyParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 13) + finding = findings[0] + self.assertEqual("Low", finding.severity) diff --git a/unittests/tools/test_trufflehog3_parser.py b/unittests/tools/test_trufflehog3_parser.py index 43482e5f3bd..0f1b2c20488 100644 --- a/unittests/tools/test_trufflehog3_parser.py +++ b/unittests/tools/test_trufflehog3_parser.py @@ -99,3 +99,9 @@ def test_many_vulns_current(self): self.assertEqual('env-file.txt', finding.file_path) self.assertEqual(10, finding.line) self.assertEqual(1, finding.nb_occurences) + + def test_issue_6999(self): + test_file = open(sample_path("issue_6999.json")) + parser = TruffleHog3Parser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 1) diff --git a/unittests/tools/test_trufflehog_parser.py b/unittests/tools/test_trufflehog_parser.py index 613cd3ec3b4..4790d16006f 100644 --- a/unittests/tools/test_trufflehog_parser.py +++ b/unittests/tools/test_trufflehog_parser.py @@ -11,8 +11,8 @@ def sample_path(file_name): class TestTruffleHogParser(DojoTestCase): - def test_many_vulns(self): - test_file = open(sample_path("many_vulns.json")) + def test_many_vulns_v2(self): + test_file = open(sample_path("v2_many_vulns.json")) parser = TruffleHogParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(len(findings), 18) @@ -20,3 +20,23 @@ def test_many_vulns(self): self.assertEqual("Medium", finding.severity) self.assertEqual(798, finding.cwe) self.assertEqual('test_all.py', finding.file_path) + + def test_many_vulns_git_v3(self): + test_file = open(sample_path("v3_git.json")) + parser = TruffleHogParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 3) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(798, finding.cwe) + self.assertEqual('keys', finding.file_path) + + def test_many_vulns_github_v3(self): + test_file = open(sample_path("v3_github.json")) + parser = TruffleHogParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 3) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(798, finding.cwe) + self.assertEqual('keys', finding.file_path) diff --git a/unittests/tools/test_trustwave_fusion_api_parser.py b/unittests/tools/test_trustwave_fusion_api_parser.py index c3179033dd3..7a289919ecf 100644 --- a/unittests/tools/test_trustwave_fusion_api_parser.py +++ b/unittests/tools/test_trustwave_fusion_api_parser.py @@ -23,16 +23,19 @@ def test_vuln_with_valid_cve(self): # first example finding = findings[0] - self.assertEqual("CVE-2017-7529", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2017-7529", finding.unsaved_vulnerability_ids[0]) self.assertEqual( - "Vulnerability/Missing Patch; CVEs: CVE-2017-7529", finding.description + "Vulnerability/Missing Patch", finding.description ) # second example finding = findings[1] - self.assertEqual("CVE-2013-2566", finding.cve) # We use the first cve + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2013-2566", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2015-2808", finding.unsaved_vulnerability_ids[1]) self.assertEqual( - "Cryptography/Weak Cryptography; CVEs: CVE-2013-2566, CVE-2015-2808", + "Cryptography/Weak Cryptography", finding.description, ) self.assertEqual(str(finding.unsaved_endpoints[0]), "https://google.com") @@ -55,12 +58,13 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings(self): self.assertEqual("0123456:id", finding.unique_id_from_tool) self.assertEqual("Website Detected", finding.title) self.assertEqual( - "Information/Service Discovery; CVEs: no match", finding.description + "Information/Service Discovery", finding.description ) + self.assertIsNone(finding.unsaved_vulnerability_ids) date = finding.date.strftime("%Y-%m-%dT%H:%M:%S.%f%z") self.assertEqual("2021-06-15T07:48:08.727000+0000", date) self.assertEqual("Info", finding.severity) - self.assertIsNone(finding.cve) # should be none since CVE is "CVE-NO-MATCH" + self.assertIsNone(finding.unsaved_vulnerability_ids) endpoint = finding.unsaved_endpoints[0] self.assertEqual(str(endpoint), "https://google.com") self.assertEqual(endpoint.host, "google.com") diff --git a/unittests/tools/test_trustwave_parser.py b/unittests/tools/test_trustwave_parser.py index 861d0cdc6b7..37022142d40 100644 --- a/unittests/tools/test_trustwave_parser.py +++ b/unittests/tools/test_trustwave_parser.py @@ -9,7 +9,7 @@ def sample_path(file_name): return os.path.join(get_unit_tests_path() + "/scans/trustwave", file_name) -class TestTrivyParser(DojoTestCase): +class TestTrustwaveParser(DojoTestCase): def test_no_vuln(self): test = Test() @@ -25,12 +25,14 @@ def test_no_vuln(self): # finding 0 finding = findings[0] self.assertEqual("High", finding.severity) - self.assertEqual("CVE-3011-123", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-3011-123", finding.unsaved_vulnerability_ids[0]) # finding 1 finding = findings[1] self.assertEqual("Tom and Jerry vulnerable to Mouse Traps", finding.title) self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-3011-321", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-3011-321", finding.unsaved_vulnerability_ids[0]) self.assertEqual(1, len(finding.unsaved_endpoints)) endpoint = finding.unsaved_endpoints[0] self.assertEqual("192.168.0.58", endpoint.host) @@ -39,11 +41,13 @@ def test_no_vuln(self): # finding 2 finding = findings[2] self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-3011-313", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-3011-313", finding.unsaved_vulnerability_ids[0]) # finding 3 finding = findings[3] self.assertEqual("Critical", finding.severity) - self.assertEqual("CVE-3011-32", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-3011-32", finding.unsaved_vulnerability_ids[0]) self.assertEqual("Tom and Jerry versions 4 and 5 is vulnerable to Denial of Service (DoS) remote attack via the ever so long running series the simpsons", finding.description) self.assertEqual("This vulnerability was addressed in Tom and Jerry Reboot 12.0 Affected users should upgrade to the latest stable version of Tom and Jerry.", finding.mitigation) self.assertEqual(1, len(finding.unsaved_endpoints)) diff --git a/unittests/tools/test_twistlock_parser.py b/unittests/tools/test_twistlock_parser.py index 2c68a13f973..f03b74f344a 100644 --- a/unittests/tools/test_twistlock_parser.py +++ b/unittests/tools/test_twistlock_parser.py @@ -18,6 +18,17 @@ def test_parse_file_with_one_vuln(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(1, len(findings)) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2013-7459", findings[0].unsaved_vulnerability_ids[0]) + + def test_parse_file_with_no_link(self): + testfile = open(path.join(path.dirname(__file__), "../scans/twistlock/one_vuln_no_link.json")) + parser = TwistlockParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(1, len(findings)) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("PRISMA-2021-0013", findings[0].unsaved_vulnerability_ids[0]) def test_parse_file_with_many_vulns(self): testfile = open(path.join(path.dirname(__file__), "../scans/twistlock/many_vulns.json")) @@ -50,6 +61,8 @@ def test_parse_file_prisma_twistlock_images_four_vulns(self): findings = parser.get_findings(testfile, Test()) testfile.close() self.assertEqual(4, len(findings)) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-24977", findings[0].unsaved_vulnerability_ids[0]) def test_parse_file_prisma_twistlock_images_long_package_name(self): testfile = open( diff --git a/unittests/tools/test_veracode_parser.py b/unittests/tools/test_veracode_parser.py index 574a079120f..55799e9cf83 100644 --- a/unittests/tools/test_veracode_parser.py +++ b/unittests/tools/test_veracode_parser.py @@ -1,19 +1,41 @@ import datetime +from django.test import override_settings -from django.test import SimpleTestCase +from ..dojo_test_case import DojoTestCase from dojo.tools.veracode.parser import VeracodeParser -from dojo.models import Test +from dojo.models import Test, Product_Type, Product, Engagement, Endpoint -class TestVeracodeScannerParser(SimpleTestCase): +class TestVeracodeScannerParser(DojoTestCase): + + def setUp(self): + product_type, _ = Product_Type.objects.get_or_create(name="Fake unit tests") + product, _ = Product.objects.get_or_create(name="product", prod_type=product_type) + engagement = Engagement(product=product) + + self.test = Test(engagement=engagement) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_one_finding_first_seen(self): + self.parse_file_with_one_finding() def test_parse_file_with_one_finding(self): + self.parse_file_with_one_finding() + + def parse_file_with_one_finding(self): testfile = open("unittests/scans/veracode/one_finding.xml") parser = VeracodeParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_many_findings_different_hash_code_different_unique_id_first_seen(self): + self.parse_file_many_findings_different_hash_code_different_unique_id() + def test_parse_file_many_findings_different_hash_code_different_unique_id(self): + self.parse_file_many_findings_different_hash_code_different_unique_id() + + def parse_file_many_findings_different_hash_code_different_unique_id(self): testfile = open("unittests/scans/veracode/many_findings_different_hash_code_different_unique_id.xml") parser = VeracodeParser() findings = parser.get_findings(testfile, Test()) @@ -32,11 +54,19 @@ def test_parse_file_many_findings_different_hash_code_different_unique_id(self): finding = findings[2] self.assertEqual("High", finding.severity) self.assertIsNone(finding.cwe) - self.assertEqual("CVE-1234-1234", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-1234-1234", finding.unsaved_vulnerability_ids[0]) self.assertEqual("Vulnerable component: library:1234", finding.title) self.assertFalse(finding.is_mitigated) + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_multiple_finding_first_seen(self): + self.parse_file_with_multiple_finding() + def test_parse_file_with_multiple_finding(self): + self.parse_file_with_multiple_finding() + + def parse_file_with_multiple_finding(self): testfile = open("unittests/scans/veracode/many_findings.xml") parser = VeracodeParser() findings = parser.get_findings(testfile, Test()) @@ -50,23 +80,38 @@ def test_parse_file_with_multiple_finding(self): self.assertEqual("sourcefilepathMyApp.java", finding.file_path) self.assertEqual(2, finding.line) self.assertEqual("app-1234_issue-1", finding.unique_id_from_tool) + self.assertIn('sast', finding.unsaved_tags) finding = findings[1] self.assertEqual("Medium", finding.severity) self.assertEqual(456, finding.cwe) self.assertTrue(finding.dynamic_finding) + self.assertIn('dast', finding.unsaved_tags) finding = findings[2] self.assertEqual("High", finding.severity) self.assertIsNone(finding.cwe) - self.assertEqual("CVE-1234-1234", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-1234-1234", finding.unsaved_vulnerability_ids[0]) self.assertEqual("Vulnerable component: library:1234", finding.title) self.assertFalse(finding.is_mitigated) + self.assertIn('sca', finding.unsaved_tags) finding = findings[3] self.assertEqual("High", finding.severity) - self.assertEqual("CVE-5678-5678", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-5678-5678", finding.unsaved_vulnerability_ids[0]) self.assertEqual("Vulnerable component: library1:1234", finding.title) self.assertFalse(finding.is_mitigated) + self.assertIn('sca', finding.unsaved_tags) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_multiple_finding2_first_seen(self): + finding = self.parse_file_with_multiple_finding2() + self.assertEqual(datetime.datetime(2018, 2, 17, 0, 35, 18), finding.date) # date_first_occurrence="2018-02-17 00:35:18 UTC" def test_parse_file_with_multiple_finding2(self): + finding = self.parse_file_with_multiple_finding2() + self.assertEqual(datetime.datetime.today().date(), finding.date) + + def parse_file_with_multiple_finding2(self): testfile = open("unittests/scans/veracode/veracode_scan.xml") parser = VeracodeParser() findings = parser.get_findings(testfile, Test()) @@ -75,7 +120,6 @@ def test_parse_file_with_multiple_finding2(self): self.assertEqual("Information Exposure Through Sent Data", finding.title) self.assertEqual("Low", finding.severity) self.assertEqual(201, finding.cwe) - self.assertEqual(datetime.datetime(2018, 2, 17, 0, 35, 18), finding.date) # date_first_occurrence="2018-02-17 00:35:18 UTC" finding = findings[1] self.assertEqual("Low", finding.severity) self.assertEqual(201, finding.cwe) @@ -86,24 +130,77 @@ def test_parse_file_with_multiple_finding2(self): # finding 6 finding = findings[6] self.assertEqual("Medium", finding.severity) - self.assertEqual("CVE-2012-6153", finding.cve) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2012-6153", finding.unsaved_vulnerability_ids[0]) self.assertEqual(20, finding.cwe) self.assertEqual("commons-httpclient", finding.component_name) self.assertEqual("3.1", finding.component_version) - self.assertEqual("CVE-2012-6153", finding.unique_id_from_tool) + self.assertEqual(4.3, finding.cvssv3_score) + return findings[0] + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_mitigated_finding_first_seen(self): + self.parse_file_with_mitigated_finding() def test_parse_file_with_mitigated_finding(self): + self.parse_file_with_mitigated_finding() + + def parse_file_with_mitigated_finding(self): testfile = open("unittests/scans/veracode/mitigated_finding.xml") parser = VeracodeParser() - findings = parser.get_findings(testfile, Test()) + findings = parser.get_findings(testfile, self.test) self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual("Medium", finding.severity) self.assertTrue(finding.is_mitigated) self.assertEqual(datetime.datetime(2020, 6, 1, 10, 2, 1), finding.mitigated) self.assertEqual("app-1234_issue-1", finding.unique_id_from_tool) + self.assertEqual(0, finding.sla_age) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_mitigated_fixed_finding_first_seen(self): + self.parse_file_with_mitigated_fixed_finding() + + def test_parse_file_with_mitigated_fixed_finding(self): + self.parse_file_with_mitigated_fixed_finding() + + def parse_file_with_mitigated_fixed_finding(self): + testfile = open("unittests/scans/veracode/mitigated_fixed_finding.xml") + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.is_mitigated) + self.assertEqual("app-1234_issue-1", finding.unique_id_from_tool) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_mitigated_sca_finding_first_seen(self): + self.parse_file_with_mitigated_sca_finding() + + def test_parse_file_with_mitigated_sca_finding(self): + self.parse_file_with_mitigated_sca_finding() + + def parse_file_with_mitigated_sca_finding(self): + testfile = open("unittests/scans/veracode/veracode_scan_sca_mitigated.xml") + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertTrue(finding.is_mitigated) + self.assertEqual(datetime.datetime(2022, 9, 12, 14, 29, 18), finding.mitigated) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_dynamic_finding_first_seen(self): + finding = self.parse_file_with_dynamic_finding() + self.assertEqual(datetime.datetime(2021, 9, 3, 10, 0, 0), finding.date) def test_parse_file_with_dynamic_finding(self): + finding = self.parse_file_with_dynamic_finding() + self.assertEqual(datetime.datetime.today().date(), finding.date) + + def parse_file_with_dynamic_finding(self): testfile = open("unittests/scans/veracode/dynamic_finding.xml") parser = VeracodeParser() findings = parser.get_findings(testfile, Test()) @@ -115,9 +212,290 @@ def test_parse_file_with_dynamic_finding(self): self.assertEqual("catname", finding.title) self.assertEqual("Description", finding.description) self.assertFalse(finding.is_mitigated) - self.assertEqual(datetime.datetime(2021, 9, 3, 10, 0, 0), finding.date) + self.assertIn('dast', finding.unsaved_tags) self.assertEqual(1, len(finding.unsaved_endpoints)) endpoint = finding.unsaved_endpoints[0] self.assertEqual('https', endpoint.protocol) self.assertEqual('www.example.com', endpoint.host) self.assertEqual('index.html', endpoint.path) + return finding + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_file_with_changed_severity_first_seen(self): + self.parse_file_with_changed_severity() + + def test_parse_file_with_changed_severity(self): + self.parse_file_with_changed_severity() + + def parse_file_with_changed_severity(self): + testfile = open("unittests/scans/veracode/veracode_scan_changed_severity.xml") + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(7, len(findings)) + # finding 6 + finding = findings[6] + self.assertEqual("Low", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2012-6153", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(20, finding.cwe) + self.assertEqual("commons-httpclient", finding.component_name) + self.assertEqual("3.1", finding.component_version) + self.assertEqual(4.3, finding.cvssv3_score) + + @override_settings(USE_FIRST_SEEN=True) + def test_maven_component_name_first_seen(self): + self.maven_component_name() + + def test_maven_component_name(self): + self.maven_component_name() + + def maven_component_name(self): + testfile = open("unittests/scans/veracode/veracode_maven.xml") + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + finding = findings[0] + self.assertEqual("Critical", finding.severity) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-41852", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("commons-jxpath", finding.component_name) + self.assertEqual("1.3", finding.component_version) + self.assertEqual(9.8, finding.cvssv3_score) + + def json_static_findings_test(self, file_name): + testfile = open(file_name) + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "Cross-Site Scripting (XSS)") + self.assertEqual(finding.severity, "Medium") + self.assertEqual(finding.cwe, 80) + self.assertEqual(finding.description, ( + '### Meta Information\n' + '**Exploitability Predication**: Likely\n' + '**Attack Vector**: page.html\n' + '**Module**: CoolProduct.jsa\n' + '### Details\n' + 'This call to page.html() contains a cross-site scripting ' + '(XSS) flaw. The application populates the HTTP response with ' + 'untrusted input, allowing an attacker to embed malicious ' + 'content, such as Javascript code, which will be executed in ' + "the context of the victim's browser. XSS vulnerabilities are " + 'commonly exploited to steal or manipulate cookies, modify ' + 'presentation of content, and compromise confidential ' + 'information, with new attack vectors being discovered on a ' + 'regular basis.' + )) + self.assertEqual(finding.mitigation, ( + 'Use contextual escaping on all untrusted data before using it ' + 'to construct any portion of an HTTP response. The escaping ' + 'method should be chosen based on the specific use case of the ' + 'untrusted data, otherwise it may not protect fully against the ' + 'attack. For example, if the data is being written to the body ' + 'of an HTML page, use HTML entity escaping; if the data is ' + 'being written to an attribute, use attribute escaping; etc. ' + 'Both the OWASP Java Encoder library and the Microsoft AntiXSS ' + 'library provide contextual escaping methods. For more details ' + 'on contextual escaping, see ' + 'https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. ' + 'In addition, as a best practice, always validate untrusted ' + 'input to ensure that it conforms to the expected format, using ' + 'centralized data validation routines when possible.' + )) + self.assertEqual(finding.references, ( + '- [CWE](https://cwe.mitre.org/data/definitions/79.html)\n' + '- [OWASP](https://owasp.org/www-community/attacks/xss/)\n' + '- [Supported Cleansers](https://docs.veracode.com/r/review_cleansers)\n' + )) + self.assertEqual(finding.line, 50) + self.assertEqual(finding.sast_source_line, 50) + self.assertEqual(finding.sast_sink_line, 50) + self.assertEqual(finding.file_path, "/WEB-INF/views/contact.jsp") + self.assertEqual(finding.sast_source_file_path, "/WEB-INF/views/contact.jsp") + self.assertEqual(finding.sast_sink_file_path, "/WEB-INF/views/contact.jsp") + self.assertEqual(finding.sast_source_object, "lambda_3") + self.assertEqual(finding.sast_sink_object, "lambda_3") + self.assertEqual(finding.unsaved_tags, ["policy-violation"]) + + @override_settings(USE_FIRST_SEEN=True) + def test_json_static_findings_list_format_first_seen(self): + self.json_static_findings_list_format() + + def test_json_static_findings_list_format(self): + self.json_static_findings_list_format() + + def json_static_findings_list_format(self): + self.json_static_findings_test("unittests/scans/veracode/static_findings_list_format.json") + + @override_settings(USE_FIRST_SEEN=True) + def test_json_static_embedded_format_first_seen(self): + self.json_static_embedded_format() + + def test_json_static_embedded_format(self): + self.json_static_embedded_format() + + def json_static_embedded_format(self): + self.json_static_findings_test("unittests/scans/veracode/static_embedded_format.json") + + def json_dynamic_findings_test(self, file_name): + testfile = open(file_name) + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "Code Injection") + self.assertEqual(finding.severity, "High") + self.assertEqual(finding.cwe, 74) + self.assertEqual(finding.description, ( + '### Meta Information\n' + '**Plugin**: Code Injection\n' + '**Attack Vector**: Improper Neutralization of Special ' + 'Elements in Output Used by a Downstream Component ' + "('Injection')\n" + '**Vulnerable Parameter**: api\n' + '### Details\n' + 'Injections happen when untrusted data is inserted into an ' + 'interpreted syntax and subsequently evaluated on the server ' + 'side. This syntax may be a SQL query, a parsed JSON or XML ' + 'document, an executed script or other syntax that may be in ' + 'use within the application. Although the target syntax has ' + 'not been identified, the application behavior demonstrates ' + 'that the input HTTP parameter may be inserted without proper ' + 'escaping. It was observed by sending valid and invalid ' + 'payloads that should throw or should not throw errors. By ' + 'inserting a proper and improper comments such as ``, `*/_/*`, ' + '`/*_*/` into the `api` parameter, the scanner was able to ' + 'spot a difference in the responses, which is a good indicator ' + 'of a potential vulnerability. Confidence: medium. Response ' + 'codes: `404`, `404`, `404`. Similarities: `` vs `*/_/*`: 0.0; ' + '`*/_/*` vs `/*_*/`: 0.0; `` vs `/*_*/`: 1.0.' + )) + self.assertEqual(finding.mitigation, ( + 'It is recommended to identify how the current parameter is ' + 'used in the application source code, and make sure it is ' + 'escaped before inserting into any syntax or query. You can add ' + 'valid values to an allowlist and invalid values to a ' + 'blocklist.' + )) + self.assertEqual(finding.references, ( + '- [CWE](http://cwe.mitre.org/cgi-bin/jumpmenu.cgi?id=74)\n' + )) + self.assertEqual(finding.unsaved_tags, ["policy-violation"]) + self.assertEqual(finding.unsaved_endpoints[0], Endpoint( + protocol="https", + host="application.insecure-company-alliance.com", + port=443, + path="api/*_*//new_user_sign_up", + query="param=wild-things" + )) + + @override_settings(USE_FIRST_SEEN=True) + def test_json_dynamic_findings_list_format_first_seen(self): + self.json_dynamic_findings_list_format() + + def test_json_dynamic_findings_list_format(self): + self.json_dynamic_findings_list_format() + + def json_dynamic_findings_list_format(self): + self.json_dynamic_findings_test("unittests/scans/veracode/dynamic_findings_list_format.json") + + @override_settings(USE_FIRST_SEEN=True) + def test_json_dynamic_embedded_format_first_seen(self): + self.json_dynamic_embedded_format() + + def test_json_dynamic_embedded_format(self): + self.json_dynamic_embedded_format() + + def json_dynamic_embedded_format(self): + self.json_dynamic_findings_test("unittests/scans/veracode/dynamic_embedded_format.json") + + def json_sca_findings_test(self, file_name): + testfile = open(file_name) + parser = VeracodeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(7, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "Uncontrolled Resource Consumption") + self.assertEqual(finding.severity, "High") + self.assertEqual(finding.cwe, 400) + self.assertEqual(finding.description, ( + '### Meta Information\n' + '**Product ID**: abc123-bca321\n' + '**Component ID**: efg456-gfe654\n' + '**Language**: JAVA\n' + '#### Component Locations\n' + '- path/to/alpha/spring-boot-autoconfigure-2.5.14.jar\n' + '- path/to/beta/spring-boot-autoconfigure-2.5.14.jar\n' + '- path/to/charlie/spring-boot-autoconfigure-2.5.14.jar\n' + '- path/to/delta/spring-boot-autoconfigure-2.5.14.jar\n' + '#### Licenses\n' + '- apache-2.0: Low\n' + ' - Low-risk licenses are typically permissive licenses ' + 'that require you to preserve the copyright and license ' + 'notices, but allow distribution under different terms without ' + 'disclosing source code.\n' + '### Details\n' + 'spring-boot-autoconfigure is vulnerable to Denial Of Service ' + '(DoS). The vulnerability is applicable when the application ' + 'has Spring MVC auto-configuration enabled and uses the Spring ' + 'Boot welcome page, which can be either static or templated, ' + 'and the application is deployed behind a proxy which caches ' + 'the 404 responses. An attacker can cause the application to ' + 'crash by submitting a request to the welcome page which the ' + 'server is unable to properly respond to.' + )) + self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H") + self.assertEqual(finding.component_name, "spring-boot-autoconfigure.jar") + self.assertEqual(finding.component_version, "2.5.14") + self.assertEqual(finding.unsaved_tags, ["policy-violation"]) + self.assertEqual(finding.unsaved_vulnerability_ids, ["CVE-2023-20883"]) + finding = findings[3] + self.assertEqual(finding.title, "inflight - SRCCLR-SID-41137") + self.assertEqual(finding.severity, "Medium") + self.assertEqual(finding.cwe, 0) + self.assertEqual(finding.description, ( + '### Meta Information\n' + '**Product ID**: abc123-bca321\n' + '**Component ID**: efg456-gfe654\n' + '**Language**: JAVASCRIPT\n' + '#### Component Locations\n' + '- path/to/alpha/node_modules:inflight\n' + '#### Licenses\n' + '- isc: Low\n' + ' - Low-risk licenses are typically permissive licenses ' + 'that require you to preserve the copyright and license ' + 'notices, but allow distribution under different terms without ' + 'disclosing source code.\n' + '### Details\n' + 'inflight is vulnerable to a Memory Leak. The vulnerability is ' + 'caused by improper memory management due to a lack of ' + 'resource freeing, which can result in Denial of Service ' + 'conditions.' + )) + self.assertEqual(finding.cvssv3, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H") + self.assertEqual(finding.component_name, "inflight") + self.assertEqual(finding.component_version, "1.0.6") + self.assertEqual(finding.unsaved_tags, ["policy-violation"]) + self.assertEqual(finding.unsaved_vulnerability_ids, ["SRCCLR-SID-41137"]) + + @override_settings(USE_FIRST_SEEN=True) + def test_json_sca_findings_list_format_first_seen(self): + self.json_sca_findings_list_format() + + def test_json_sca_findings_list_format(self): + self.json_sca_findings_list_format() + + def json_sca_findings_list_format(self): + self.json_sca_findings_test("unittests/scans/veracode/sca_findings_list_format.json") + + @override_settings(USE_FIRST_SEEN=True) + def test_json_sca_embedded_format_first_seen(self): + self.json_sca_embedded_format() + + def test_json_sca_embedded_format(self): + self.json_sca_embedded_format() + + def json_sca_embedded_format(self): + self.json_sca_findings_test("unittests/scans/veracode/sca_embedded_format.json") diff --git a/unittests/tools/test_veracode_sca_parser.py b/unittests/tools/test_veracode_sca_parser.py new file mode 100644 index 00000000000..ef453d9451d --- /dev/null +++ b/unittests/tools/test_veracode_sca_parser.py @@ -0,0 +1,111 @@ +import datetime +from django.test import override_settings + +from ..dojo_test_case import DojoTestCase +from dojo.tools.veracode_sca.parser import VeracodeScaParser +from dojo.models import Test + +from dateutil.tz import UTC + + +class TestVeracodeScaScannerParser(DojoTestCase): + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_csv_first_seen(self): + self.parse_csv() + + def test_parse_csv(self): + self.parse_csv() + + def parse_csv(self): + testfile = open("unittests/scans/veracode_sca/veracode_sca.csv") + parser = VeracodeScaParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(3, len(findings)) + + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.active) + self.assertFalse(finding.is_mitigated) + self.assertEqual("aws-java-sdk-s3", finding.component_name) + self.assertEqual("1.11.951", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-31159", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(6.4, finding.cvssv3_score) + self.assertEqual("127637430", finding.unique_id_from_tool) + self.assertEqual(datetime.datetime(2022, 7, 7, 9, 15, 0), finding.date) + + finding = findings[1] + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.active) + self.assertFalse(finding.is_mitigated) + self.assertEqual("spring-cloud-function-context", finding.component_name) + self.assertEqual("3.2.5", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-22979", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(5, finding.cvssv3_score) + self.assertEqual("122648496", finding.unique_id_from_tool) + self.assertEqual(datetime.datetime(2022, 6, 14, 11, 34, 0), finding.date) + + finding = findings[2] + self.assertEqual("High", finding.severity) + self.assertFalse(finding.active) + self.assertTrue(finding.is_mitigated) + self.assertEqual("commons-configuration2", finding.component_name) + self.assertEqual("2.1.1", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-33980", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(7.5, finding.cvssv3_score) + self.assertEqual("126041205", finding.unique_id_from_tool) + self.assertEqual(datetime.datetime(2022, 7, 2, 23, 19, 0), finding.date) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_json_first_seen(self): + self.parse_json() + + def test_parse_json(self): + self.parse_json() + + def parse_json(self): + testfile = open("unittests/scans/veracode_sca/veracode_sca.json") + parser = VeracodeScaParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + finding = findings[0] + self.assertEqual("High", finding.severity) + self.assertTrue(finding.active) + self.assertFalse(finding.is_mitigated) + self.assertEqual("avatica-core", finding.component_name) + self.assertEqual("1.11.0", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-36364", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3) + self.assertEqual(665, finding.cwe) + self.assertEqual("ddcc6e1b-3ed9-45c8-b77a-ead759fb5e2c", finding.unique_id_from_tool) + self.assertEqual(datetime.datetime(2022, 7, 29, 5, 13, 0, 924000).astimezone(UTC), finding.date) + + @override_settings(USE_FIRST_SEEN=True) + def test_parse_json_fixed_first_seen(self): + self.parse_json_fixed() + + def test_parse_json_fixed(self): + self.parse_json_fixed() + + def parse_json_fixed(self): + testfile = open("unittests/scans/veracode_sca/veracode_sca_fixed.json") + parser = VeracodeScaParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + finding = findings[0] + self.assertEqual("Medium", finding.severity) + self.assertFalse(finding.active) + self.assertTrue(finding.is_mitigated) + self.assertEqual("aws-java-sdk-s3", finding.component_name) + self.assertEqual("1.11.951", finding.component_version) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-31159", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", finding.cvssv3) + self.assertEqual(22, finding.cwe) + self.assertEqual(datetime.date.today(), finding.mitigated.date()) diff --git a/unittests/tools/test_wazuh_parser.py b/unittests/tools/test_wazuh_parser.py new file mode 100644 index 00000000000..1b64ed6dd83 --- /dev/null +++ b/unittests/tools/test_wazuh_parser.py @@ -0,0 +1,51 @@ +from ..dojo_test_case import DojoTestCase +from dojo.tools.wazuh.parser import WazuhParser +from dojo.models import Test + + +class TestWazuhParser(DojoTestCase): + + def test_parse_no_findings(self): + testfile = open("unittests/scans/wazuh/no_findings.json") + parser = WazuhParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_one_finding(self): + testfile = open("unittests/scans/wazuh/one_finding.json") + parser = WazuhParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-1234-123123", finding.unsaved_vulnerability_ids) + self.assertEqual("asdf", finding.component_name) + self.assertEqual("4.3.1", finding.component_version) + self.assertEqual(5.5, finding.cvssv3_score) + + def test_parse_many_finding(self): + testfile = open("unittests/scans/wazuh/many_findings.json") + parser = WazuhParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(6, len(findings)) + + def test_parse_one_finding_with_endpoint(self): + testfile = open("unittests/scans/wazuh/one_finding_with_endpoint.json") + parser = WazuhParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("Medium", finding.severity) + self.assertEqual("CVE-1234-1234", finding.unsaved_vulnerability_ids) + self.assertEqual(6.5, finding.cvssv3_score) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual("agent-1", endpoint.host) + self.assertEqual("asdf", finding.component_name) + self.assertEqual("1", finding.component_version) diff --git a/unittests/tools/test_wfuzz_parser.py b/unittests/tools/test_wfuzz_parser.py index ff34c93788b..ef826921f9d 100644 --- a/unittests/tools/test_wfuzz_parser.py +++ b/unittests/tools/test_wfuzz_parser.py @@ -37,3 +37,13 @@ def test_one_dup_finding(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(4, len(findings)) + + def test_issue_7863(self): + testfile = open("unittests/scans/wfuzz/issue_7863.json") + parser = WFuzzParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("Medium", findings[0].severity) diff --git a/unittests/tools/test_whispers_parser.py b/unittests/tools/test_whispers_parser.py new file mode 100644 index 00000000000..9a2da18ddea --- /dev/null +++ b/unittests/tools/test_whispers_parser.py @@ -0,0 +1,50 @@ +from django.test import TestCase +from dojo.tools.whispers.parser import WhispersParser +from dojo.models import Test + + +class TestWhispersParser(TestCase): + + def test_whispers_parser_severity_map(self): + fixtures = [ + "unittests/scans/whispers/whispers_one_vul.json", # v2.1 format + "unittests/scans/whispers/whispers_one_vul_v2.2.json", # v2.2 format + ] + expected_severity = "High" + + for fixture in fixtures: + testfile = open(fixture) + parser = WhispersParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(expected_severity, findings[0].severity) + + def test_whispers_parser_with_no_vuln_has_no_findings(self): + testfile = open("unittests/scans/whispers/whispers_zero_vul.json") + parser = WhispersParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + self.assertEqual(0, len(findings)) + + def test_whispers_parser_with_one_critical_vuln_has_one_findings(self): + testfile = open("unittests/scans/whispers/whispers_one_vul.json") + parser = WhispersParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(1, len(findings)) + self.assertEqual("src/pip.conf", findings[0].file_path) + self.assertEqual(2, findings[0].line) + self.assertEqual("pip.conf Password", findings[0].vuln_id_from_tool) + + def test_whispers_parser_with_many_vuln_has_many_findings(self): + testfile = open("unittests/scans/whispers/whispers_many_vul.json") + parser = WhispersParser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(5, len(findings)) diff --git a/unittests/tools/test_whitesource_parser.py b/unittests/tools/test_whitesource_parser.py deleted file mode 100644 index 9e0adda9b6a..00000000000 --- a/unittests/tools/test_whitesource_parser.py +++ /dev/null @@ -1,32 +0,0 @@ -from ..dojo_test_case import DojoTestCase, get_unit_tests_path -from dojo.tools.whitesource.parser import WhitesourceParser -from dojo.models import Test - - -class TestWhitesourceParser(DojoTestCase): - - def test_parse_file_with_no_vuln_has_no_findings(self): - testfile = open("unittests/scans/whitesource_sample/okhttp_no_vuln.json") - parser = WhitesourceParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(0, len(findings)) - - def test_parse_file_with_one_vuln_has_one_findings(self): - testfile = open("unittests/scans/whitesource_sample/okhttp_one_vuln.json") - parser = WhitesourceParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(1, len(findings)) - - def test_parse_file_with_multiple_vuln_has_multiple_finding(self): - testfile = open("unittests/scans/whitesource_sample/okhttp_many_vuln.json") - parser = WhitesourceParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(6, len(findings)) - - def test_parse_file_with_multiple_vuln_cli_output(self): - testfile = open( - get_unit_tests_path() + "/scans/whitesource_sample/cli_generated_many_vulns.json" - ) - parser = WhitesourceParser() - findings = parser.get_findings(testfile, Test()) - self.assertEqual(20, len(findings)) diff --git a/unittests/tools/test_wpscan_parser.py b/unittests/tools/test_wpscan_parser.py index 1012f0e7158..b001772ad44 100644 --- a/unittests/tools/test_wpscan_parser.py +++ b/unittests/tools/test_wpscan_parser.py @@ -74,15 +74,85 @@ def test_parse_file_with_multiple_vuln(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(6, len(findings)) - finding = findings[0] - self.assertEqual("7391118e-eef5-4ff8-a8ea-f6b65f442c63", finding.unique_id_from_tool) - self.assertNotEqual("Info", finding.severity) # it is a vulnerability so not 'Info' - self.assertEqual("Contact Form 7 < 5.3.2 - Unrestricted File Upload", finding.title) - self.assertEqual("CVE-2020-35489", finding.cve) - self.assertEqual(datetime.datetime(2021, 3, 17, 12, 21, 6), finding.date) - # - finding = findings[4] - self.assertIsNone(finding.unique_id_from_tool) # interesting findings are not vlunerability - self.assertEqual("Info", finding.severity) # it is not a vulnerability so severity should be 'Info' - self.assertEqual("Interesting finding: WordPress readme found: http://example/readme.html", finding.title) - self.assertEqual(datetime.datetime(2021, 3, 17, 12, 21, 6), finding.date) + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("7391118e-eef5-4ff8-a8ea-f6b65f442c63", finding.unique_id_from_tool) + self.assertNotEqual("Info", finding.severity) # it is a vulnerability so not 'Info' + self.assertEqual("Contact Form 7 < 5.3.2 - Unrestricted File Upload", finding.title) + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2020-35489", finding.unsaved_vulnerability_ids[0]) + self.assertEqual(datetime.datetime(2021, 3, 17, 12, 21, 6), finding.date) + self.assertEqual("", finding.get_scanner_confidence_text()) # data are => 100% + + with self.subTest(i=4): + finding = findings[4] + self.assertIsNone(finding.unique_id_from_tool) # interesting findings are not vlunerability + self.assertEqual("Info", finding.severity) # it is not a vulnerability so severity should be 'Info' + self.assertEqual("Interesting finding: WordPress readme found: http://example/readme.html", finding.title) + self.assertEqual(datetime.datetime(2021, 3, 17, 12, 21, 6), finding.date) + self.assertEqual("", finding.get_scanner_confidence_text()) # data are => "confidence": 100, + + def test_parse_file_with_multiple_vuln_in_version(self): + testfile = open("unittests/scans/wpscan/wordpress_vuln_version.json") + parser = WpscanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(11, len(findings)) + + with self.subTest(i=2): + finding = findings[2] + self.assertEqual("d40374cf-ee95-40b7-9dd5-dbb160b877b1", finding.unique_id_from_tool) + self.assertNotEqual("Info", finding.severity) # it is a vulnerability so not 'Info' + self.assertEqual("WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation", finding.title) + self.assertEqual("fixed in : 4.6.4", finding.mitigation) + self.assertEqual("", finding.get_scanner_confidence_text()) # data are => 100% + + def test_parse_file_issue5774(self): + testfile = open("unittests/scans/wpscan/issue5774.json") + parser = WpscanParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertEqual(59, len(findings)) + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("16353d45-75d1-4820-b93f-daad90c322a8", finding.unique_id_from_tool) + self.assertNotEqual("Info", finding.severity) + self.assertEqual("All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)", finding.title) + self.assertEqual("fixed in : 2.10", finding.mitigation) + self.assertEqual(7, finding.scanner_confidence) + self.assertEqual("Tentative", finding.get_scanner_confidence_text()) # data are at 30% + with self.subTest(i=19): + finding = findings[19] + self.assertEqual("WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)", finding.title) + self.assertEqual(2, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2018-5776", finding.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2016-9263", finding.unsaved_vulnerability_ids[1]) + with self.subTest(i=30): + finding = findings[0] + self.assertEqual("16353d45-75d1-4820-b93f-daad90c322a8", finding.unique_id_from_tool) + self.assertNotEqual("Info", finding.severity) + self.assertEqual("All in One SEO Pack <= 2.9.1.1 - Authenticated Stored Cross-Site Scripting (XSS)", finding.title) + self.assertEqual("fixed in : 2.10", finding.mitigation) + self.assertEqual("Tentative", finding.get_scanner_confidence_text()) # data are at 30% + + with self.subTest(i=50): + finding = findings[50] + self.assertEqual("6a3ec618-c79e-4b9c-9020-86b157458ac5", finding.unique_id_from_tool) + self.assertNotEqual("Info", finding.severity) + self.assertEqual("WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure", finding.title) + self.assertEqual("fixed in : 4.7.20", finding.mitigation) + self.assertEqual(0, finding.scanner_confidence) + finding.scanner_confidence = 1 + self.assertEqual("Certain", finding.get_scanner_confidence_text()) # data are => 100% + + def test_confidence(self): + parser = WpscanParser() + self.assertEqual(0, parser._get_scanner_confidence(100)) + self.assertEqual(5, parser._get_scanner_confidence(50)) + self.assertEqual(7, parser._get_scanner_confidence(30)) + self.assertEqual(10, parser._get_scanner_confidence(0)) diff --git a/unittests/tools/test_xanitizer_parser.py b/unittests/tools/test_xanitizer_parser.py index 135d4fc233d..d4d1b950595 100644 --- a/unittests/tools/test_xanitizer_parser.py +++ b/unittests/tools/test_xanitizer_parser.py @@ -22,6 +22,9 @@ def test_parse_file_with_multiple_findings(self): parser = XanitizerParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(9, len(findings)) + finding = findings[5] + self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2015-5211", finding.unsaved_vulnerability_ids[0]) def test_parse_file_with_multiple_findings_no_details(self): testfile = open( diff --git a/unittests/tools/test_yarn_audit_parser.py b/unittests/tools/test_yarn_audit_parser.py index 1864b2479a5..d8872259460 100644 --- a/unittests/tools/test_yarn_audit_parser.py +++ b/unittests/tools/test_yarn_audit_parser.py @@ -38,13 +38,48 @@ def test_yarn_audit_parser_with_many_vuln_has_many_findings(self): testfile.close() self.assertEqual(3, len(findings)) + def test_yarn_audit_parser_with_multiple_cwes_per_finding(self): + # cwes formatted as escaped list: "cwe": "[\"CWE-346\",\"CWE-453\"]", + testfile = open("unittests/scans/yarn_audit/yarn_audit_multiple_cwes.json") + parser = YarnAuditParser() + findings = parser.get_findings(testfile, self.get_test()) + testfile.close() + self.assertEqual(3, len(findings)) + self.assertEqual(findings[0].cwe, 1333) + self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2021-3803", findings[0].unsaved_vulnerability_ids[0]) + self.assertEqual(findings[1].cwe, 173) + self.assertEqual(1, len(findings[1].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2022-0235", findings[1].unsaved_vulnerability_ids[0]) + self.assertEqual(findings[2].cwe, 1035) + self.assertEqual(1, len(findings[2].unsaved_vulnerability_ids)) + self.assertEqual("CVE-2021-3807", findings[2].unsaved_vulnerability_ids[0]) + + def test_yarn_audit_parser_with_multiple_cwes_per_finding_list(self): + # cwes formatted as proper list: "cwe": ["CWE-918","CWE-1333"], + testfile = open("unittests/scans/yarn_audit/yarn_audit_multiple_cwes2.json") + parser = YarnAuditParser() + findings = parser.get_findings(testfile, self.get_test()) + testfile.close() + self.assertEqual(2, len(findings)) + self.assertEqual(findings[0].cwe, 918) + self.assertEqual(findings[1].cwe, 1035) + def test_yarn_audit_parser_empty_with_error(self): with self.assertRaises(ValueError) as context: testfile = open("unittests/scans/yarn_audit/empty_with_error.json") parser = YarnAuditParser() - findings = parser.get_findings(testfile, self.get_test()) + parser.get_findings(testfile, self.get_test()) testfile.close() self.assertTrue( "yarn audit report contains errors:" in str(context.exception) ) self.assertTrue("ECONNREFUSED" in str(context.exception)) + + def test_yarn_audit_parser_issue_6495(self): + testfile = open("unittests/scans/yarn_audit/issue_6495.json") + parser = YarnAuditParser() + findings = parser.get_findings(testfile, self.get_test()) + testfile.close() + self.assertEqual(3, len(findings)) + self.assertEqual(findings[0].cwe, "1321") diff --git a/unittests/tools/test_zap_parser.py b/unittests/tools/test_zap_parser.py index 29e904c3041..7167fb9c5e6 100644 --- a/unittests/tools/test_zap_parser.py +++ b/unittests/tools/test_zap_parser.py @@ -194,3 +194,34 @@ def test_parse_juicy(self): self.assertEqual("https", endpoint.protocol) self.assertEqual("juice-shop.herokuapp.com", endpoint.host) self.assertEqual("assets", endpoint.path) + + def test_parse_xml_plus_format(self): + testfile = open("unittests/scans/zap/zap-xml-plus-format.xml") + parser = ZapParser() + findings = parser.get_findings(testfile, Test()) + for finding in findings: + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + self.assertIsInstance(findings, list) + self.assertEqual(1, len(findings)) + for finding in findings: + self.assertIn(finding.severity, Finding.SEVERITIES) + for endpoint in finding.unsaved_endpoints: + endpoint.clean() + + with self.subTest(i=0): + finding = findings[0] + self.assertEqual("Insecure HTTP Method - PUT", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertEqual("90028", finding.vuln_id_from_tool) + self.assertEqual(1, len(finding.unsaved_endpoints)) + endpoint = finding.unsaved_endpoints[0] + self.assertEqual("http", endpoint.protocol) + self.assertEqual("localhost", endpoint.host) + self.assertEqual(8080, endpoint.port) + # Check request and response pair + request_pair = finding.unsaved_req_resp[0] + request = request_pair["req"] + response = request_pair["resp"] + self.assertEqual('HTTP/1.1 403 Forbidden\nServer: Apache-Coyote/1.1\nContent-Type: text/html;charset=utf-8\nContent-Language: en\nContent-Length: 1004\nDate: Fri, 30 Sep 2022 06:40:15 GMT\n\nApache Tomcat/8.0.37 - Error report

                HTTP Status 403 -

                type Status report

                message

                description Access to the specified resource has been forbidden.

                Apache Tomcat/8.0.37

                ', response) + self.assertEqual('PUT http://localhost:8080/bodgeit/js/qndto7n63d HTTP/1.1\nHost: localhost:8080\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\nAccept: */*\nAccept-Language: de,en-US;q=0.7,en;q=0.3\nConnection: keep-alive\nReferer: https://localhost:8080/bodgeit/\nCookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901\nSec-Fetch-Dest: script\nSec-Fetch-Mode: no-cors\nSec-Fetch-Site: same-origin\nContent-Length: 35\n\n"J0O0glajHdR0Mgp":"UToh9IpCY5zh3CB"', request) diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_create_edit_update_finding_no_push_to_jira.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_create_edit_update_finding_no_push_to_jira.yaml deleted file mode 100644 index 08ee6878a61..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_create_edit_update_finding_no_push_to_jira.yaml +++ /dev/null @@ -1,3613 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPTUvEMBCG/0uuttlJNmm3uYkeVGQV2j2JSNpOsJImpU2FZdn/boKL620+nmde - 5kRaveBhtkSRzxCmRW02PRrsQu+/PNXB6mUZtKMOA8nIN87L4F2EGQCjQCGv97ev9cNLc93u17GN - FVFvCcogg/eM9DhZfxzRheY4YTxwZ/3aR6ldB9v/KkQlQYrL8F6HBHLgLAee86JhTPFSbQUFgBuI - cPQXnGNuM4xXdpsDazgoIRSXdMflH9uNj874CIpCytIwYxDFrqqMFqlHzUpeyGjIksuuKqp/AcGm - hKdh1iS9Y/Rqw7PvdBqfiL1UBN3HoSbn8w8AAAD//wMA1fgHDFoBAAA= - headers: - ATL-TraceId: - - 2dbecacce9ef782f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1aaa4423-1406-4f1c-8898-7e71faf9ce23 - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 413bc5904dc2743b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bef02466-ce32-4656-9a48-968d5b9e5546 - x-envoy-upstream-service-time: - - '64' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - f2e1cbc38433fcbb - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cd1f8cdd-0d89-4671-82ee-9eea0ba288ce - x-envoy-upstream-service-time: - - '102' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 2", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/382]\n\n*Defect - Dojo link:* http://localhost:8080/finding/382\n\n*Severity:* Low \n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/110]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Defect - Dojo ID:* 382\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1690' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10606","key":"NTEST-454","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10606"}' - headers: - ATL-TraceId: - - d224fd91ab3f0fb3 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4ef87cd0-2a01-4338-b398-b6a51b816b66 - x-envoy-upstream-service-time: - - '322' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-454 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtmWy/2EldAMaSJ12VL08x2WmBJYdDSWWYtkQJJWfbS/vcd - SSlO0zprU+dDxCPv7bnnjrz1YFNSnnqxJ4GnICH9nUGeqg6nBaiOSpZQ0I4oQVLNBFcdSJkuQNNO - sqQ8g1xknTVIhXuQjqGUoIBrd9breMxYDoPD4BAXCvIFLpdalyr2/RQWkOhUfBA9qnOqFKO8x0H7 - aEP7tGR+5DOlKvBbAyvYov7FdDSZdge/DlCysMF68a2n0GmlEqohE3LrgktxhQpREIXdoN8NwmkU - xINBHB32Bs+HvwRhEJgYjQ+9LcGaeWKMRh/jDIJol7VbpKASyUqDCEqPiSponndIypRmPNGkZJAA - EQtSC7nqGe1E8CuZf0sUCpJKgr9mUNM11VT+pti/8KLAIlXFMyc6S1+EQT8cNsspBvpil3LHM4VG - X1OqVqZG1Vybr3hBcwUdr7XhxdbIp46nGRKjxCJ7Ma8wE6+U4gOG90T0Gm2Lna1Gi51Z3Cv4LtIr - zrRGA4ZfjbZJ6i97VomFrqk0iSlWlDlDhqQPskFwLWUGw81g+C3hNjA3zhqkS2aAxd99nAfBEXqO - Bpto8GTDtoSWJc9U8/8RX+HhJjz8MV+b1lnz8Yi3frTpRz/mrSGnaj/2evv0yfT35q2bLlix6/dY - wSyTkGFff0FD5JTIK9dmTpJUSovCjogZeoiO9m0Mv7ThRoeTmsa048+Lu2HHwzT1W+w4wyt3wLaT - 4bRkiQvg9guZYRwmpJaiytNTpsqcbhteorimGietG2Tf30NuSt7NRd9Zk6ZB7OeJqAxOoYn0nREw - nnmxlpVxnUjAXE3XfW1ORkdBOycfohbsgzPctxHtRgYTkuntE/Nt1X1zBXzHuGQFzUD5RkO1RhgK - clH31DrbjZhzUbejaOAZjB4k0m8TyekczDAx1HxwyHTlV2EI9/EwHBo8llSNSpacM76yV/EplOZm - 5klLF0ui2u7dSbjgI7yY6TyHMVDlKCibL+/y/OrV2cXs/OxkdDEZzUbj8Zsx5ocNpBAQPDBdArnE - qck1MX4JU0TwfEuwI1lujBItyJ9MUnIpocCuJZVCfvVsjz7M4jkaDD6yIOgPj2LPXRhYOwR/11Kf - tTGWIWOc5g8PNe+KBl5L8hyjaycB1jXjcHe6Kk3PfgOP3UvhidRzyne31eeX+/excUe3lzRZ4UOq - pVxr3Pk6aZ40PxRw+y7y2+dJ1F6uHAzVE5ELeeGimecVdDOJ42n3OBDkVLhii6LEpx7XTRUeq9/n - 4Nzw3d/BlOkcDmJybUl1XDIyRW0SfTSpYWa5SGi+FErHw2AY+AvGU5xZfn8Yvbf6pzZzDOqDIIYT - 8QH5X02rOAFkFY4OVMAmJ1Z28m6Ey2v81z0MBzYEg25SQ69gWkJPyMxHclEDOMPXhyGlj0d7S13k - NiBn562xc8VXXNSt7FKKtMLnzYhn2GoFAuebTI2/ibkiMRTyh6i7WuxJvWwMRO+JT65DBOnvikoN - kuxM7lGFnc/Qav9zfEkmCeV7zptHlR+GgYP4paQ8WfpTmmGwF1hzJ61Ynp6d3hediAJhIji3lvfF - k63SUCjMPC0FQ8JgufFn92yxDMYFZVwxDT3kFXZqf9/ePjmWRS3ngsq0ocUd4w7iG35MEiFWDExs - ZA7AiQJNaqbxEtZE49BzzxSyyGnWIfWSJUtSAOUKN6k70VhA1NACoUmCQxNSsmaUVNgHidyWOHXw - GOfgLvqeCWWMBMV5mkDcErOu656oqSotnZCWsOmVy9LSARk6Wwg5c87UjGp8NswrLMjspzfvjieX - 3cnrLt47PxvTV+NzZ/QxMF4DJpnG5NVoesNxtGMfI2diIsp1csNHa2ZuFAxuAv8BAAD//+xZbWvb - MBD+KyZQaEft2E6cl8HoQrfBPmyUFTboN8VWG7PYMpadbnT5731OkpXUjcPoRsmHQAhyJN1dpLvn - njtX7qXS2sz9o4IkS5MuBXpuj4JusbRileJb6jPqUvF8HdziC0L2TtWk5BU/FjwnFHCYvVyBkhVW - wB3IlHTFnTTHfWRqjyNKSogMs5LyEXLhT56fk3fkDhxfUzqHLe/Zb3Izp2DKRWqJa3XgN1tegrI0 - 50sPsSvJ76yXbfkh6SI3hX5jn2wMJHmyho/utFP53ZvPWcHiiv7nV+Gk6sEBhtBh6Ri5rnghKZ+X - XGML14tN2FrHlfSzwUQc2uz60g0GJso24KugoAFX1P+CoInQ7ZThtvMz5/TsD254WYm3gJXnLDLo - YpHBsJmgFFOVSJGKtRKJbi+NOmT4nROWm6mDV0x098IurubbmgGxyuIFoeyOCqWdEttSptaOOssY - JfleKyPSkRFDF+ULCQAxtQvgFtUAqK2iWzYcJMF8MvSjOUwYj6dBGI6Ib9hF0LBnGaf7nCUJdIAE - 9DY2uKbae29hjoTuLbm133tgG2qZAhk97EdBGAx54PNBmExH8SCOxkE8iZLEZ6PbgE8ukndKyslg - dhJ+wkfvczOWm6znuvon6dXSvceJuKFHLu8V9XyZxnRkbsGYpBPDfpXZQacx/HDljrwiJ/vbtfzh - W9zuCBy+xe2uwqFbDAhKdAVvKPM2Il6ZdhjFE0G0LrQ1jN0AZbH8Y12KgvdvgDzxYhN41MXCrI1k - 0mP6cYZtlwZgj1Dw+pd+hILXsPgIBZ1Q0OYOYE69hzXtaRgHbL/TofhAnXEz9qFQVGyJ0Q4pXc06 - 3zbr2hO2+dWesIyN56u0FLnmRKYXUJu3MfrxryxFXakkPDRDg4IvQL6t90j9Ru55L2O/vnFZL0nw - lm7VeSmrWaXtWInqv3VmtSwrE6pQmn4Xqm9le8GiVN0g0mjteGps+MRas0Gdznq9fgQAAP//AwB2 - REYY1BsAAA== - headers: - ATL-TraceId: - - ed248c375a190327 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fd5ebdd5-5c22-4d5c-9e8c-b1d411744f76 - x-envoy-upstream-service-time: - - '165' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10606 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtmWy/2EldAMaSJ12VL08x2WmBJYdDSWWYtkQJJWfbS/vcd - SSlO0zprU+dDxCPv/bmHvPVgU1KeerEngacgIf2dQZ6qDqcFqI5KllDQjihBUs0EVx1ImS5A006y - pDyDXGSdNUiFe5COoZSggGt31ut4zFgOg8PgEBcK8gUul1qXKvb9FBaQ6FR8ED2qc6oUo7zHQfto - Q/u0ZH7kM6Uq8FsDK9ii/sV0NJl2B78OULKwwXrxrafQaaUSqiETcuuCS3GFClEQhd2g3w3CaRTE - g0EcHfYGz4e/BGEQmBiND70twZp5YoxGH+MMgmiXtVukoBLJSlMRlB4TVdA875CUKc14oknJIAEi - FqQWctUz2ongVzL/ligUJJUEf82gpmuqqfxNsX/hRYFNqopnTnSWvgiDfjhsllMM9MUu5Y5nGo2+ - plStTI+quTZf8YLmCjpea8OLrZFPHU8zBEaJTfZiXmEmXinFBwzvidVrtG3tbDfa2pnFvYbvIr3i - TGs0YPDVaJuk/rJnlVjomkqTmGJFmTNESPogGyyuhcxguBkMvyXcpsyNs6bSJTOFxd/9Og+CI/Qc - DTbR4MmGbQstSp6p5v8jvsLDTXj4Y742rbPm4xFv/WjTj37MWwNO1X7s9fbpk5nvzVvHLtix6/fY - wSyTkOFcfwFDxJTIKzdmTpJUSovCUsQMPURH+zaGX9pw1OGkZjAt/XlxN2z4wiBYssS5u/1CZvCF - 4aulqPL0lKkyp9sGhSjGQum3OLMGmY0LqpFpHZF9/ww5lrzjRd9Zk2ZA7OeJqEydbOzvjIDxzIu1 - rEwwiQTM1Uzd13gyOgpannxYtWBfOcN9G9G+jf6OS5iQTG+fWIhW3Td3w3fwKCtoBso3Gqo1wlCQ - i7qn1tmOe85F3XLUwLOdnIMhEwPNB0mZqfxqtuE+HIZDk/aSqlHJknPGV/YqPoXS3Mw8aQFkYVXb - vTsJF3yEFzOd5zAGqhwoZfPlXZ5fvTq7mJ2fnYwuJqPZaDx+M8Y0cIAU5o0Hpksgl8iaXBPjlzBF - BM+3BCeS5cYo0YL8ySQllxIKnFpSKcRXz87owyyeo8HgIwuC/vAo9tyFgS3CGu9G6rMxxmpnjNP8 - 4aHmXdGU14I8x+haJsD2ZRzuTlelmdlvwLF7KTwRYU757rb6/HL/PtDtUPWSJit8SLXIao07XyfN - k+aHAm7fRX77PInay5WDQXQiciEvXDTzvIJuJpGwdo8DQU6Fa7YoSnzqcd104bH+fV6cG777O5gy - ncNBTK4tqI5LRqaoTaKPJjXMLBcJzZdC6XgYDAN/wXiKnOX3h9F7q39qM8egPghiMBEfkP/VtIoT - QFQhQ6ACzjKxspN3I1xe47/uYTiwIZjqJjX0CqYl9ITMfAQXNQVn+PowoPTxaG+pi9wG5Oy8NXau - +IqLupVdSpFW+LwZ8QxHrcDC+SZT429irkgMhfwh6q4We1IvGwPRe+KT6xCL9HdFpQZJdib3qMLO - Z2i1/zm+JJOE8j3nzaPKD8PAlfilpDxZ+lOaYbAX2HMnrVienp3eF52IAstEkLeW98WTrdJQKMw8 - LQVDwGC78Wf3bLNMjQvKuGIaeogrnNT+vr19cmyLWs4FlWkDizvEHcQ3/JgkQqwYmNjIHIATBZrU - TOO1rIlG0nPPFLLIadYh9ZIlS1IA5Qo3qTvRWMCqoQVCkwRJE1KyZpRUOAeJ3JbIOniMc3BXf8+E - MkaAIp8mELfArOu6J2qqSgsnhCVseuWytHBAhM4WQs6cMzWjGh8S8wobMvvpzbvjyWV38rqL9+TP - xvTV+NwZfawYrwGTTGPyajS94UjtOMeImZiIcp3c8NGamRsFg5vAfwAAAP//7Flta9swEP4rJlBo - R+3YTpyXwehCt8E+bJQVNug3xVYbM79h2elGlv/e5yRZSd04lHaUfAiEoFjS3Vm6e+65S2VfSq3N - 3CsVRGkcdSlQc3sUdIulFcsY30KdUZeKp+vgFt8QsneyJiWv+LXgGaGAxczl5ihZYQXcgUyJl9yK - M9xHKvdYeUkJkWFWUD5CLvzNs3PyjsyC4yuSZ7Hknv0lN7MKJl2kFrhWC36z5SUoSzOeOIhdQX5n - vGzLD0kXuSn0a/tEYyDJEzV8dKed0u/efU0LFlb0nt9zK5Y/LGAIHZaKkeuKF4LyeckVtnC1WIet - cVxBjzUm4tBm15e2N9BRtgFfCQUNuKL+zwmaCN1OGW47O7NOz/7hhpMqfw9YecoivS4W6Q2bCUox - VYkUKVkr0er20qBDhts50cXNXMPN5I1IJrp7oakZ2hPTnRynnRsR4SxcEDarPCrqNGWU5HutjEhH - Rgw9L19IAIipXQC3qAZAbRXcsuEg8uaToRvMYe94PPV8f0R8wyyChj3LON3nLIqgAySgt7HB1tXe - RwNzJHRvya383gHbkMskyKhhP/B8b8g9lw/8aDoKB2Ew9sJJEEUuG916fHIRfZBSTgazE/8LPmqf - nbJMZz3bVo+EUwv7Hidi+w65vFPU8yQO6cjsgjFBJ4b9MrODTmP46coeOUVG9rdr+cO3uN0ROHyL - 212FQ7cYEBSpml5T5m1EvNLtMIongmhVaCsYuwHKYvnnuswL3r8BwISLTeBRFwuzJpJJj+7HabZd - aoA9QsHbX/oRCt7C4iMUdEJBm2iAOfVWa9rTEA3YfqdCcUWdcT12oTCvWILRDildzTq3q1nnmmZd - e8IwNp4t4zLPFLvRvYBa/xujfj7H0mVe/beOqJJlZEIRSsKfuewXNV1ZuJayeNUMNeq+WL/836rf - yD3vpezPDy7qhARvvavs9JTVrFLvTe1m6gbRm5vnjzf7j3brDdLa9Xr9AAAA//8DADQjSGTUGwAA - headers: - ATL-TraceId: - - ac772963c3170a7f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 17d148a1-3552-432d-8b96-35254a1b5b79 - x-envoy-upstream-service-time: - - '128' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10606"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/333/add - response: - body: - string: '{"errorMessages":["Issue does not exist or you do not have permission - to see it."],"errors":{}}' - headers: - ATL-TraceId: - - 2a9841259d78dd69 - Connection: - - close - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a4ea4ea8-0ca3-4e18-8e1c-a9fc4b8710be - x-envoy-upstream-service-time: - - '24' - status: - code: 400 - message: Bad Request -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmrTb3EQPKrIK2z2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAH5fnf7un94aa/b3Tp1 - cSLyLUEZZPCekQFn444T2tAeZ4wH7oxbhxjq1tEMvxEiU0Dwi3mvQgIZMJoDy1nVUipZLUteAMAN - RDjmPS6xtx2nK1vmQFsGknNZsqKuxB/bT49WuwjySohaU60R+bZptOJJo6I1q8SWRcFE31TNv4Jg - UsPTuCiS3tFqNeHZ9SrZJ2IuE0H7cdiT8/kHAAD//wMADVfPl1oBAAA= - headers: - ATL-TraceId: - - 77482d9b01e86115 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 31a6c72e-5f75-43e6-9ba7-eafebe03c46f - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d43bfc5375e23b12 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7d4a3512-9ac5-4a3c-9134-84d62ed5dd14 - x-envoy-upstream-service-time: - - '68' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - a330c989a489811d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:33 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dd57f12d-1194-4d92-9c92-f4cfcff6b9e9 - x-envoy-upstream-service-time: - - '67' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 3", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/383]\n\n*Defect - Dojo link:* http://localhost:8080/finding/383\n\n*Severity:* Low \n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/110]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Defect - Dojo ID:* 383\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1690' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10607","key":"NTEST-455","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10607"}' - headers: - ATL-TraceId: - - ea7ddee25ffd85d7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:33 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2f423c94-163a-4d5c-9783-0f1c1710ab9e - x-envoy-upstream-service-time: - - '433' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-455 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtmW29u6goohjTx2mxpmtlOCywpDFo6S2wkUiApy16b/74j - JcWpW2dt6nyIeOS9PffckZ8cWJeUJ07kSOAJSEj+YJAnqsdpAaqn4gwK2hMlSKqZ4KoHCdMFaNqL - M8pTyEXaW4FUuAfJBEoJCrhuzjo9hxnLvnfoPcOFgnyJy0zrUkWum8ASYp2Ij2JAdU6VYpQPOGgX - bWiXlswNXKZUBW5n4AY2qH8+G09n/eHTpyhZ2mCd6JOj0GmlYqohFXLTBJfgChUCL/D7Xtj3/Fng - RcNhFIaDp+Hz3zzf80yMxofelGDNPDJGo49xel6wzbpZJKBiyUqDCEqPiCponvdIwpRmPNakZBAD - EUtSC3kzMNqx4Jcy/54oFMSVBHfFoKYrqqn8XbF/4UWBRaqKJ43oNHnhe6E/apczDPTFNuWeYwqN - vmZU3ZgaVQttvqIlzRX0nM6GE1kjtz1HMyRGiUV2Il5hJk4pxUcM75HotdoWO1uNDjuzuFfwbaSX - nGmNBgy/Wm2T1F/2rBJLXVNpElOsKHOGDEl2skFwLWWGo/Vw9D3htjC3zlqkS2aAxd99nIeWp8Fw - HQwfbdiW0LLkiWr/P+DLP1z7hz/na905az8e8BYG6zD4OW8tOVX3sdfb7a3p7/W7Zrpgxa4+YAXT - VEKKff0VDZFTIq+aNmskcaW0KOyImKOH4Nm+jdHXNprR0UhNY9rx50R9v+dgmvoddpzhVXuAapyT - zRj68Q5oZtzdVHMba9LQ234ei8pk6ZtJ9d4IGE+dSMsKbtvhZYxJFje5f/pKZgLDoyoTVZ6cMFXm - dNO2BIpjCZir6bpvzckgPOzm5C5q3j44/X0bwXZkMCGZ3jwSsU7dHf7YuGQFTUG5RkN1RhgKclEP - 1CrdjpgzUXejaOgYjHYSCbtEcroAM0wMNXcOma78Jgz+Ph76I4NHRtW4ZPEZ4zf2Kj6B0tzMPO5q - ZitZ2707CRd8jBczXeQwAaoaHsj2y7k4u3x1ej4/Oz0en0/H8/Fk8naC+WEDKQQED8wyIBc4Nbkm - xi9higiebwh2JMuNUaIF+ZNJSi4kFNi1pFLI0IHt0d0snqNB7zPzvHC0jJydlkXIU8ZpjsXEamx7 - zOztytp3RQuvZXWO0XWTAOuacrg7XZWmZ7+Dx81L4ZHUa5TvbqsvL/cfY+OWbi9pfIMPqY5ynfHG - 13H7pPmpgLt3kds9T4LucuVgqB6LXMjzJppFXkE/lTgjto8DQU5EU2xRlPjU47qtwkM1/RKca779 - O5gxncNBRK4sqY5KRmaoTcLPJjXMLBcxzTOhdDTyRp67ZDzBqeeGo/CD1T+xmWNQHwUxnIgOyP9q - WsUpIKtwdKACNjmxsuP3Y1xe4b/+oT+0IRh04xoGBdMSBkKmLpKLGsAZvj4MKV08Osh0kduAGjvv - jJ1LfsNF3ckupEgqfN6MeYqtViBwrsnU+JuaKxJDIa9F3ddiT+playD4QFxy5SNIf1dUapBka3KP - Kmx9+lb7n6MLMo0p33PePKpc3/caiF9KyuPMndEUgz3HmjfSiuXJ6cl90bEoECaCcyu7L55ulIZC - YeZJKRgSBsuNP7tni2UwLijjimkYIK+wU8N9e/vkWBaVLQSVSUuLO8YdRNf8iMRC3DAwsZEFACcK - NKmZxptQE41Dr3mmkGVO0x6pMxZnpADKFW7S5kRrAVFDC4TGMQ5NSMiKUVJhH8RyU+LUwWOcQ3Pb - DkwoEyQoztMYoo6YdV0PRE1VaemEtIT1oMxKSwdk6Hwp5LxxpuZU4929qLAg81/evj+aXvSnb/p4 - 7/xqTF9OzhqjD4HxBjDJJCKvxrNrjqMd+xg5ExFRruJrPl4xc6NgcFP4DwAA///sWW1r2zAQ/ism - UGhH7dhOnJfB6EK3wT5slBU26DfFVhszv2HZ6UaX/97nJFl1nTiMbpR8CITg+E66k3R67rlLZV9K - q43sHw1EaRz1GVCyPQb6pyWNdYxvofaoz8S2HsLiC67snaxJKSp+rHhGKGAxc7g5SlZ4gXAgV+I1 - t+IM55HKMVZeUkJkkArKR8iFP3l2TtGRWQh8xassltyz3xRmVsFkiNQCx2ohblpRgrI044mDuyso - 7kyUteKQbFGYwr72TzQO0nyiRozu9FPG3ZvPacHCitb5Nbdi+cMChtBmqTtyXfFCUD4vucIWrpT1 - tTWBK+i1xkRs2uL60vYUhrbBV0JBA66o/3OCJkK3U4bTzs6s07M/OOGkyt8CVrZZpNfHIr1xnyBo - c4aqRO6UhJgobkfVNapdQR83cw03kyciKepuRVMzdAXzRoBLzMIVwe+O0qWbK0WdpoyS/KCTEWnL - iKHn5QsJADG1C+AWVRGorYJbNh5F3nI2doMl/J1O557vT4hvGCVY2KPG6TwXUQQbIAGDJx9sXe29 - NzBHk+4tuVXcO2AbUk2CjHocBp7vjbnn8pEfzSfhKAymXjgLoshlk1uPzy6id3KWk9HixP+Ejxpn - pyzTWc+21Svh1MK+x47YvkMh7xT1MolD2jK7YEzQjmG8zOyg03j8cGVPnCIj/7u1/OF73O0IHL7H - 3a7CoXsMpIlUGa0pcxsRr3Q7jO4TQbQq1RVa3QBlof6xLvOCD28AMOHq6eJRFwtSc5PJju7HabZd - aoA9QsHrH/oRCl7D4yMU9EKB4Q9w8U7duAdqgOtnF/PmFUvwtIMJgWYNHjaDbUFfs841zbquwDS/ - ugLD2Hi2jss8U9RH9wJq/W+M+vk3S1jn1X/rqaq5zJwwhJLwey77RaYRijpWevzQPGrUfbF9+b/V - sJn3fJCyX9+4qBOauLVW2ekpq0Wl1k3tZuoG0crN++eD/Wej9QDp7WazeQQAAP//AwDHmaH11BsA - AA== - headers: - ATL-TraceId: - - 66dc0b4f7f3fb566 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:33 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d9ae875d-08ca-4914-819f-bbab48686027 - x-envoy-upstream-service-time: - - '123' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtmWy92U1dAMaSJ12VL08x2WmBJYdDSWWIjkQJJWfba/vcd - SSlO0zprU+dDxCPv/bmH/ODBpqI89WJPAk9BQvo7gyJVPU5LUD2V5FDSnqhAUs0EVz1ImS5B016S - U55BIbLeGqTCPUinUElQwLU76/U8ZiyHwWHwFBcKihUuc60rFft+CitIdCreiwHVBVWKUT7goH20 - oX1aMT/ymVI1+J2BG9ii/vl8Mpv3R0+eoGRlg/XiD55Cp7VKqIZMyK0LLsUVKkRBFPaDYT8I51EQ - j0bxcDh4Mnz2axAGgYnR+NDbCqyZR8Zo9DHOIIh2WbtFCiqRrDIVQekRUSUtih5JmdKMJ5pUDBIg - YkUaIW8GRjsR/FIW3xKFgqSW4K8ZNHRNNZW/KfYvPC+xSXX5kxOdps/DYBiO2+UcA32+S7nnmUaj - rzlVN6ZH9VKbr3hFCwU9r7PhxdbIp56nGQKjwiZ7Ma8xE6+S4j2G98jqtdq2drYbXe3M4k7Dd5Fe - cqY1GjD4arVNUn/Zs0qsdEOlSUyxsioYIiS9lw0W10JmNN6Mxt8Sblvm1llb6YqZwuLvbp1HFqfR - aBONHm3YttCi5CfV/n/AV3i4CQ9/zNemc9Z+POBtGG2G0Y95a8Gpuo+93j59MvO9eePYBTt29Q47 - mGUSMpzrL2CImBJF7cbMSZJaaVFailigh+jpvo3xlzYcdTipGUxLf17cD3FJNbKiI53vx7tjtFsO - 8501acBsP49FbXIKDS+9NQLGMy/WsgYsB9rUb3DYDaRdbNacMS9Z4nL/8IXMhIrKKhd1kZ4wVRV0 - 244EihMJmKuZuq/xZDQ87HjyftWCfeUM921E+zaGOy5hQjK9fWRxO3V/9H08ykqagfKNhuqMMBQU - ohmodbbjnjPRdBw18mxDlmDIxEDzXlJmKr+abbgPh+HYpJ1TNalYcsb4jb2KT6AyNzNPup7ZTjZ2 - 71bCBZ/gxUyXBUyBKocD2X55F2eXL0/PF2enx5Pz2WQxmU5fTzENHCCFeeOBeQ7kAlmTa2L8EqaI - 4MWW4ESywhglWpA/maTkQkKJU0tqhZgd2Bm9n8UzNBh8ZEEwHK9iz10Y2CKs8W6kPhtjrHbGOC3u - H2rfFW15LaoLjK5jAmxfxuH2dF2Zmf0GHLuXwiMR5pRvb6vPL/fvA90OVS9ocoMPqQ5ZnXHn67h9 - 0vxQwN27yO+eJ1F3uXIwiE5EIeS5i2ZZ1NDPJHLE7nEgyIlwzRZlhU89rtsuPNS/z4tzzXd/B3Om - CziIyZUF1VHFyBy1yfCjSQ0zK0RCi1woHY+DceCvGE+RB/3hePjO6p/YzDGo94IYTMQH5H81reIM - EFXIEKiAs0ys7PjtBJdX+K9/GI5sCKa6SQODkmkJAyEzH8FFTcEZvj4MKH08Osh1WdiAnJ03xs4l - v+Gi6WQXUqQ1Pm8mPMNRK7FwvsnU+JuZKxJDIX+Ipq/FntSr1kD0jvjkKsQi/V1TqUGSnck9qrDz - GVrtf44uyCyhfM9586jywzBwJX4hKU9yf04zDPYce+6kNSvS05O7omNRYpkI8lZ+VzzbKg2lwszT - SjAEDLYbf3bPNsvUuKSMK6ZhgLjCSR3u29snx7aofCmoTFtY3CLuIL7mRyQR4oaBiY0sAThRoEnD - NN6EmmgkPfdMIauCZj3S5CzJSQmUK9yk7kRrAauGFghNEiRNSMmaUVLjHCRyWyHr4DHOwd22AxPK - FAGKfJpA3AGzaZqBaKiqLJwQlrAZVHll4YAIXayEXDhnakE13t3LGhuy+Pn126PZRX/2qo/35C/G - 9OX0zBl9qBivAJNMY/JyMr/mSO04x4iZmIhqnVzzyZqZGwWDm8F/AAAA///sWW1r2zAQ/ismUGhH - 7dhOnJfB6EK3wT5slBU26DfFVhszv2HZ6UaW/97nJFlN3DiUdpR8CISgWCfdWbp77rlLZV9Krc3c - KxVEaRx1KVBzexR0b0sSyxjfQp1Rl4qncnCLbwjZO1mTklf8WvCMUMBi5nJzlKywAu5ApsRLbsUZ - 7iOVa6y8pITIMCsoHyEX/ubZOXlHZsHxFa+yWHLP/pKbWQWTLlILXKsFv9nwEpSlGU8cxK4gvzNe - tuGHpIvcFPq1faIxkPYTNXx0p53S7959TQsWVvSe33Mrlj8sYAgdloqR64oXgvJ5yRW2cCWsw9Y4 - rqDHGhNxaLPrS9tTGLoJvhIKGnBF/Z8TNBG6nTLcdnZmnZ79ww0nVf4esPKURXpdLNIbdk0EzQTl - nqpE7pQUmShuS9Q1ou2JLm7mGm4mb0Qy0d2CpmbYojLtFIhAZuGCIHgnR3SnRl2dpoySfK+VEenI - iKHn5QsJADG1C+AW1RWorYJbNhxE3nwydIM5TBiPp57vj4hvGCFo2CPG6T5nUQQdIAG9RxtsXe19 - NDBHm+4tuZXfO2AbUkyCjBr2A8/3htxz+cCPpqNwEAZjL5wEUeSy0a3HJxfRB7nLyWB24n/BR62z - U5bprGfb6pFwamHf40Rs3yGXd4p6nsQhHZldMCboxLBeZnbQaQw/Xdkjp8jI/nYtf/gWtzsCh29x - u6tw6BYDaSJVRmvKvImIV7odRvFEEK2Kd4VWN0BZiH+uy7zg/RsATLh4DDzqYmHWRDLp0f04zbZL - DbBHKHj7Sz9CwVtYfISCTihocwcwp95qTWsaBgLb71QorqgzrscuFOYVSzDasUtXs87tata5plnX - njCMjWfLuMwzRXt0L6DW/8aon8+xdJlX/63LqvYye0IRSsKfuewXmUYo6lhp8aoZatR9sX75v1W/ - 2fe8l7I/P7ioE9p4411lp6esZpV6b2o3UzeI3tw8317sb63WC6S16/X6AQAA//8DAEXmSonUGwAA - headers: - ATL-TraceId: - - 51e9d35920f6258d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 77ef2e14-a5e7-4b7a-9537-f4719628b200 - x-envoy-upstream-service-time: - - '170' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10607"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/333/add - response: - body: - string: '{"errorMessages":["Issue does not exist or you do not have permission - to see it."],"errors":{}}' - headers: - ATL-TraceId: - - 45dc0307e955b175 - Connection: - - close - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 75d3eb32-d4d2-4667-9ef9-083d98bf7402 - x-envoy-upstream-service-time: - - '27' - status: - code: 400 - message: Bad Request -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmrTb3EQPKrIK2z2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAH5fnf7un94aa/b3Tp1 - cSLyLUEZZPCekQFn444T2tAeZ4wH7oxbhxjq1tEMvxEiU0Dwi3mvQgIZMJoDy1nVUipZLUteAMAN - RDjmPS6xtx2nK1vmQFsGknNZiqKq2R/bT49WuwjySohaU60R+bZptOJJo6I1q8SWRcFE31TNv4Jg - UsPTuCiS3tFqNeHZ9SrZJ2IuE0H7cdiT8/kHAAD//wMAr5Ok2loBAAA= - headers: - ATL-TraceId: - - 341b965d9214138e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a5a92993-5837-4e58-8081-a61db3e2c04e - x-envoy-upstream-service-time: - - '29' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 661261de04a56ca8 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b4e4be39-0f8d-4a35-bc52-be57e488ce10 - x-envoy-upstream-service-time: - - '68' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtmW29u6goohjTx2mxpmtlOCywpDFo6S6wlUiApy16b/74j - JcVpWmdt6nyIeOS9PffckZ8c2JSUJ07kSOAJSEj+YJAnqsdpAaqn4gwK2hMlSKqZ4KoHCdMFaNqL - M8pTyEXaW4NUuAfJBEoJCrhuzjo9hxnLvnfoPcOFgnyJy0zrUkWum8ASYp2Ij2JAdU6VYpQPOGgX - bWiXlswNXKZUBW5nYAVb1D+fjaez/vDpU5QsbbBO9MlR6LRSMdWQCrltgktwhQqBF/h9L+x7/izw - ouEwCsPB0/D5b57veSZG40NvS7BmHhmj0cc4PS/YZd0sElCxZKVBBKVHRBU0z3skYUozHmtSMoiB - iCWphVwNjHYs+KXMvycKBXElwV0zqOmaaip/V+xfeFFgkariSSM6TV74XuiP2uUMA32xS7nnmEKj - rxlVK1OjaqHNV7SkuYKe09lwImvkpudohsQoschOxCvMxCml+IjhPRK9VttiZ6vRYWcWdwq+i/SS - M63RgOFXq22S+sueVWKpaypNYooVZc6QIcm9bBBcS5nhaDMcfU+4Lcytsxbpkhlg8XcX56HlaTDc - BMNHG7YltCx5otr/D/jyDzf+4c/52nTO2o8HvIXBJgx+zltLTtV97PV2c2P6e/OumS5YsasPWME0 - lZBiX39FQ+SUyKumzRpJXCktCjsi5ugheLZvY/S1jWZ0NFLTmHb8OVHf7zmYpn6HHWd41R6gGudk - M4Z+vAOaGXc71dzGmjT0tp/HojJZ+mZSvTcCxlMn0rKCm3Z4GWOSxU3un76SmcDwqMpElScnTJU5 - 3bYtgeJYAuZquu5bczIID7s5eR81bx+c/r6NYDcymJBMbx+JWKfuDn9sXLKCpqBco6E6IwwFuagH - ap3uRsyZqLtRNHQMRvcSCbtEcroAM0wMNe8dMl35TRj8fTz0RwaPjKpxyeIzxlf2Kj6B0tzMPO5q - ZitZ271bCRd8jBczXeQwAaoaHsj2y7k4u3x1ej4/Oz0en0/H8/Fk8naC+WEDKQQED8wyIBc4Nbkm - xi9higiebwl2JMuNUaIF+ZNJSi4kFNi1pFLI0IHt0ftZPEeD3mfmeeFoGTnNhYG1Q/B3LfVFG2MZ - UsZpfv9Q+65o4bWszjG6bhJgXVMOt6er0vTsd/C4eSk8knqN8u1t9eXl/mNs3NHtJY1X+JDqKNcZ - b3wdt0+anwq4exe53fMk6C5XDobqsciFPG+iWeQV9FOJM2L3OBDkRDTFFkWJTz2u2yo8VL8vwbnm - u7+DGdM5HETkypLqqGRkhtok/GxSw8xyEdM8E0pHI2/kuUvGE5x6bjgKP1j9E5s5BvVREMOJ6ID8 - r6ZVnAKyCkcHKmCTEys7fj/G5RX+6x/6QxuCQTeuYVAwLWEgZOoiuagBnOHrw5DSxaODTBe5Daix - 887YueQrLupOdiFFUuHzZsxTbLUCgXNNpsbf1FyRGAp5Leq+FntSL1sDwQfikisfQfq7olKDJDuT - e1Rh59O32v8cXZBpTPme8+ZR5fq+10D8UlIeZ+6MphjsOda8kVYsT05P7oqORYEwEZxb2V3xdKs0 - FAozT0rBkDBYbvzZPVssg3FBGVdMwwB5hZ0a7tvbJ8eyqGwhqExaWtwy7iC65kckFmLFwMRGFgCc - KNCkZhpvQk00Dr3mmUKWOU17pM5YnJECKFe4SZsTrQVEDS0QGsc4NCEha0ZJhX0Qy22JUwePcQ7N - bTswoUyQoDhPY4g6YtZ1PRA1VaWlE9ISNoMyKy0dkKHzpZDzxpmaU41396LCgsx/efv+aHrRn77p - 473zqzF9OTlrjD4ExhvAJJOIvBrPrjmOduxj5ExERLmOr/l4zcyNgsFN4T8AAAD//+xZbWvbMBD+ - KyZQaEft2E6cl8HoQrfBPmyUFTboN8VWGzO/YdnpRpb/3uckWU2dOJR2lHwIhCBb0t1JOj333Lmy - L6XWpu+VCqI0jroUqL49CrrF0ohljH+h9qhLxfY4uMU3XNk7mZOSV/xa8IxQwGLmcHOkrLAC7kCm - xEtuxRnOI5VzrLykgMjQKygeIRb+5tk5eUdmwfEVr7JYcs/+kptZBZMuUgscqwW/2fASpKUZTxzc - XUF+Z7xsww9JF7kp9Gv7RGMgyRM1fHSnndLv3n1NCxZWtM7vuRXLBwsYQpul7sh1xQtB8bzkClu4 - GqyvrXFcQa81JmLTZteXtqcwdBN8JRQ04Ir8PydoInQ7ZTjt7Mw6PfuHE06q/D1gZZtFel0s0hs2 - HRRiqhIhUvJeYrLtoUGHDLezo4ubuYabyRORFHX3QJMz4K6ycEEouyNDaYfEtpSpUVenKaMg32tF - RNoyYuh5+UICQEztArhFWQRyq+CWDQeRN58M3WAOE8bjqef7I+IbZhA07BnG6TxnUQQdIAG9Rxts - ne19NDBHQvem3MrvHbANOUyCjGr2A8/3htxz+cCPpqNwEAZjL5wEUeSy0a3HJxfRBynlZDA78b/g - p+bZKct01LNt9Uo4tbDvsSO275DLO0U9T+KQtswuGBO0Y5gvIzvoNJqfruyRU2RkfzuXP3yL2xWB - w7e4XVU4dIsBQZFKozVl3kTEK10Oo/tEEK1SdQVjN0BZDP9cl3nB+zcAmHDxePGoioVec5NJj67H - abZdaoA9QsHbH/oRCt7C4iMUdEKBIRYw8U7duBUVwHXbhdy8Ygla2xTJBc3qrda97Y6uYp1rinXt - DlP8ancYxsazZVzmmeJEuhZQ668x6vE5S1jm1X+rqSpZRiYUISX8mct6kSmEIo+VFq+apkbdF+uX - 3636jdzzXsr+/OCiTkjwxlplpaesZpVaN5WbqRpEKzfvn072n8zWE6S16/X6AQAA//8DAPUzWJrU - GwAA - headers: - ATL-TraceId: - - c16ebf975c2f7d1b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1823721e-a8b7-428f-88ec-b748369e6051 - x-envoy-upstream-service-time: - - '131' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1Jmma3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFKj4xbxXIYEMGM2B5Uy0lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DybksRSFK/sf206PVLoJcVNVWU60R+a6uteJJo6JbJqodi4JVfS3qfwXB - pIancVEkvaPVasKz61WyT8RcJoL249CQ8/kHAAD//wMAmEAYrVoBAAA= - headers: - ATL-TraceId: - - d5cd75e55bc411d0 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dfc55fc4-bb1c-4a63-8b95-640ed5e444f7 - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 74aa2e5de3acb368 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f7fae8d7-e261-40c7-aa96-208f6d45c96c - x-envoy-upstream-service-time: - - '65' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtmWy92U1dAMaSJ12VL08x2WmBJYdDSWWIjkQJJWfba/vcd - SSlO0zprU+dDxCPv/bmH/ODBpqI89WJPAk9BQvo7gyJVPU5LUD2V5FDSnqhAUs0EVz1ImS5B016S - U55BIbLeGqTCPUinUElQwLU76/U8ZiyHwWHwFBcKihUuc60rFft+CitIdCreiwHVBVWKUT7goH20 - oX1aMT/ymVI1+J2BG9ii/vl8Mpv3R0+eoGRlg/XiD55Cp7VKqIZMyK0LLsUVKkRBFPaDYT8I51EQ - j0bxcDh4Mnz2axAGgYnR+NDbCqyZR8Zo9DHOIIh2WbtFCiqRrDIVQekRUSUtih5JmdKMJ5pUDBIg - YkUaIW8GRjsR/FIW3xKFgqSW4K8ZNHRNNZW/KfYvPC+xSXX5kxOdps/DYBiO2+UcA32+S7nnmUaj - rzlVN6ZH9VKbr3hFCwU9r7PhxdbIp56nGQKjwiZ7Ma8xE6+S4j2G98jqtdq2drYbXe3M4k7Dd5Fe - cqY1GjD4arVNUn/Zs0qsdEOlSUyxsioYIiS9lw0W10JmNN6Mxt8Sblvm1llb6YqZwuLvbp1HFqfR - aBONHm3YttCi5CfV/n/AV3i4CQ9/zNemc9Z+POBtGG2G0Y95a8Gpuo+93j59MvO9eePYBTt29Q47 - mGUSMpzrL2CImBJF7cbMSZJaaVFailigh+jpvo3xlzYcdTipGUxLf17cD3FJNbKiI53vx7tjtFsO - 8501acBsP49FbXIKDS+9NQLGMy/WsgYsB9rUb3DYDaRdbNacMS9Z4nL/8IXMhIrKKhd1kZ4wVRV0 - 244EihMJmKuZuq/xZDQ87HjyftWCfeUM921E+zaGOy5hQjK9fWRxO3V/9H08ykqagfKNhuqMMBQU - ohmodbbjnjPRdBw18mxDlmDIxEDzXlJmKr+abbgPh+HYpJ1TNalYcsb4jb2KT6AyNzNPup7ZTjZ2 - 71bCBZ/gxUyXBUyBKocD2X55F2eXL0/PF2enx5Pz2WQxmU5fTzENHCCFeeOBeQ7kAlmTa2L8EqaI - 4MWW4ESywhglWpA/maTkQkKJU0tqhZgd2Bm9n8UzNBh8ZEEwHK9i797IYmUzxmmBPcOi72bM7N2X - te+KtrwW1QVG1zEBti/jcHu6rszMfgOO3UvhkQhzyre31eeX+/eBboeqFzS5wYdUh6zOuPN13D5p - fijg7l3kd8+TqLtcORhEJ6IQ8txFsyxq6GcSOWL3OBDkRLhmi7LCpx7XbRce6unnxbnmu7+DOdMF - HMTkyoLqqGJkjtpk+NGkhpkVIqFFLpSOx8E48FeMp8iD/nA8fGf1T2zmGNR7QQwm4gPyv5pWcQaI - KmQIVMBZJlZ2/HaCyyv81z8MRzYEU92kgUHJtISBkJmP4KKm4AxfHwaUPh4d5LosbEDOzhtj55Lf - cNF0sgsp0hqfNxOe4aiVWDjfZGr8zcwViaGQP0TT12JP6lVrIHpHfHIVYpH+rqnUIMnO5B5V2PkM - rfY/RxdkllC+57x5VPlhGLgSv5CUJ7k/pxkGe449d9KaFenpyV3RsSixTAR5K78rnm2VhlJh5mkl - GAIG240/u2ebZWpcUsYV0zBAXOGkDvft7ZNjW1S+FFSmLSxuEXcQX/Mjkghxw8DERpYAnCjQpGEa - b0JNNJKee6aQVUGzHmlyluSkBMoVblJ3orWAVUMLhCYJkiakZM0oqXEOErmtkHXwGOfgbtuBCWWK - AEU+TSDugNk0zUA0VFUWTghL2AyqvLJwQIQuVkIunDO1oBrv7mWNDVn8/Prt0eyiP3vVx3vyF2P6 - cnrmjD5UjFeASaYxeTmZX3OkdpxjxExMRLVOrvlkzcyNgsHN4D8AAAD//+xZbWvbMBD+KyZQaEft - 2E6cl8HoQrfBPmyUFTboN8VWGzO/YdnpRpf/3uckWXWcOoxulHwIhKBY0t35dHruuUtlX0qtzdw/ - KojSOOpToOb2KOgXSyvWMb6F8lGfit11CIsvuLJ3sialqPix4hmhgMXM4eYoWWEFwoFMidfcijOc - Ryr3WHlJCZFhVlA+Qi78ybNzio7MQuArXmWx5J79pjCzCiZDpBY4Vgtx04oSlKUZTxzcXUFxZ6Ks - FYeki8IU+rV9ojGQ5IkaMfqsnTLu3nxOCxZW9J5fcyuWPyxgCDlL3ZHriheC8nnJFbZwtVhfWxO4 - gh5rTITTFteXtqcwtA2+EgoacEX9nxM0EbqdMpx2dmadnv3BCSdV/hawsssivT4W6Y3b1KAqkSIl - EyYm210a9MhweycMN5OOl4Tz+YV9XM01NcMWvemmwO6uudlVVSxcETarPCrqNGWU5AedjEguI4ae - ly8kAMTULoBbVFegtgpu2XgUecvZ2A2WMGk6nXu+PyG+YRZBw55lnM5zEUXQARIweLLB1tXeewNz - JHRvya3i3gHbkMskyKjhMPB8b8w9l4/8aD4JR2Ew9cJZEEUum9x6fHYRvZNSTkaLE/8TPmqfnbJM - Zz3bVo+EUwv7Hh6xfYdC3inqZRKH5DK7YEyQx7BfZnbQaQw/XNkTp8jI/m4tf/gWdzsCh29xt6tw - 6BYDgiJVRmvK3EbEK90Oo/tEEK2KdwVjN0BZLP9Yl3nBhzdAnnD1dPGoi4VZc5NJj+7HabZdaoA9 - QsHrH/oRCl7D4iMU9EKBIRow8U7duAdqgOuxC7l5xRKMdimSC5o1eNgMdif6mnVuX7PONc267oRh - bDxbx2WeKXajewG1/jdG/fyrV0BdKSU8NEONgi9Avtb/SMNG7vkgZb++cVEnJLilW3ZeympRKTvW - efXfur1KlpEJVShNv+eyb9U0ZKndTN0g0mjs2DbW37JWb5De2Ww2jwAAAP//AwA9Yr321BsAAA== - headers: - ATL-TraceId: - - f3ebe62ab0146897 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4147329d-5ed3-4860-84de-574f554fac42 - x-envoy-upstream-service-time: - - '158' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - 2252e1c5458204d9 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 42559bf6-2098-41ad-805d-32fd599ea044 - x-envoy-upstream-service-time: - - '72' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/383]\n\n*Defect - Dojo link:* http://localhost:8080/finding/383\n\n*Severity:* Low \n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/110]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Defect - Dojo ID:* 383\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, - "summary": "Jira Api Test 3"}, "update": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1644' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: '' - headers: - ATL-TraceId: - - a31f872b1d66f9e9 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fa2fac17-82ce-4066-86d0-0339b14366ce - x-envoy-upstream-service-time: - - '90' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtmW29u6goohjTx2mxpmtlOCywpDFo6S2wkUiApy16b/74j - JcWpW2dt6nyIeOS9PffckZ8cWJeUJ07kSOAJSEj+YJAnqsdpAaqn4gwK2hMlSKqZ4KoHCdMFaNqL - M8pTyEXaW4FUuAfJBEoJCrhuzjo9hxnLvnfoPcOFgnyJy0zrUkWum8ASYp2Ij2JAdU6VYpQPOGgX - bWiXlswNXKZUBW5n4AY2qH8+G09n/eHTpyhZ2mCd6JOj0GmlYqohFXLTBJfgChUCL/D7Xtj3/Fng - RcNhFIaDp+Hz3zzf80yMxofelGDNPDJGo49xel6wzbpZJKBiyUqDCEqPiCponvdIwpRmPNakZBAD - EUtSC3kzMNqx4Jcy/54oFMSVBHfFoKYrqqn8XbF/4UWBRaqKJ43oNHnhe6E/apczDPTFNuWeYwqN - vmZU3ZgaVQttvqIlzRX0nM6GE1kjtz1HMyRGiUV2Il5hJk4pxUcM75HotdoWO1uNDjuzuFfwbaSX - nGmNBgy/Wm2T1F/2rBJLXVNpElOsKHOGDEl2skFwLWWGo/Vw9D3htjC3zlqkS2aAxd99nIeWp8Fw - HQwfbdiW0LLkiWr/P+DLP1z7hz/na905az8e8BYG6zD4OW8tOVX3sdfb7a3p7/W7Zrpgxa4+YAXT - VEKKff0VDZFTIq+aNmskcaW0KOyImKOH4Nm+jdHXNprR0UhNY9rx50R9v+dgmvoddpzhVXuAapyT - zRj68Q5oZtzdVHMba9LQ234ei8pk6ZtJ9d4IGE+dSMsKbtvhZYxJFje5f/pKZgLDoyoTVZ6cMFXm - dNO2BIpjCZir6bpvzckgPOzm5C5q3j44/X0bwXZkMCGZ3jwSsU7dHf7YuGQFTUG5RkN1RhgKclEP - 1CrdjpgzUXejaOgYjHYSCbtEcroAM0wMNXcOma78Jgz+Ph76I4NHRtW4ZPEZ4zf2Kj6B0tzMPO5q - ZitZ2707CRd8jBczXeQwAaoaHsj2y7k4u3x1ej4/Oz0en0/H8/Fk8naC+WEDKQQED8wyIBc4Nbkm - xi9higiebwh2JMuNUaIF+ZNJSi4kFNi1pFLI0IHt0d0snqNB7zPzvHC0jJydlkXIU8ZpjsXEamx7 - zOztytp3RQuvZXWO0XWTAOuacrg7XZWmZ7+Dx81L4ZHUa5TvbqsvL/cfY+OWbi9pfIMPqY5ynfHG - 13H7pPmpgLt3kds9T4LucuVgqB6LXMjzJppFXkE/lTgjto8DQU5EU2xRlPjU47qtwkM1/RKca779 - O5gxncNBRK4sqY5KRmaoTcLPJjXMLBcxzTOhdDTyRp67ZDzBqeeGo/CD1T+xmWNQHwUxnIgOyP9q - WsUpIKtwdKACNjmxsuP3Y1xe4b/+oT+0IRh04xoGBdMSBkKmLpKLGsAZvj4MKV08Osh0kduAGjvv - jJ1LfsNF3ckupEgqfN6MeYqtViBwrsnU+JuaKxJDIa9F3ddiT+playD4QFxy5SNIf1dUapBka3KP - Kmx9+lb7n6MLMo0p33PePKpc3/caiF9KyuPMndEUgz3HmjfSiuXJ6cl90bEoECaCcyu7L55ulIZC - YeZJKRgSBsuNP7tni2UwLijjimkYIK+wU8N9e/vkWBaVLQSVSUuLO8YdRNf8iMRC3DAwsZEFACcK - NKmZxptQE41Dr3mmkGVO0x6pMxZnpADKFW7S5kRrAVFDC4TGMQ5NSMiKUVJhH8RyU+LUwWOcQ3Pb - DkwoEyQoztMYoo6YdV0PRE1VaemEtIT1oMxKSwdk6Hwp5LxxpuZU4929qLAg81/evj+aXvSnb/p4 - 7/xqTF9OzhqjD4HxBjDJJCKvxrNrjqMd+xg5ExFRruJrPl4xc6NgcFP4DwAA///sWW1r2zAQ/ism - UGhH7dhOnJfB6EK3wT5slBU26DfFVhszv2HZ6UaW/97nJFl13TiMbpR8CISg+E66s3R67rlLZV9K - q43sHw1EaRz1GVCyPQb6lyWNdYxvofaoz8RzPYTFF1zZO1mTUlT8WPGMUMBi5nBzlKzwAuFArsRr - bsUZziOVc6y8pITIIBWUj5ALf/LsnKIjsxD4ildZLLlnvynMrILJEKkFjtVC3LSiBGVpxhMHd1dQ - 3Jkoa8Uh2aIwhX3tn2gcpPVEjRjd6aeMuzef04KFFb3n19yK5Q8LGEKbpe7IdcULQfm85ApbuFLW - 19YErqDHGhOxaYvrS9tTGNoGXwkFDbii/s8JmgjdThlOOzuzTs/+4ISTKn8LWHnOIr0+FumN+wRB - mzNUJXKnJMREcTuqrlHtCgw3kxsvmehuxT6u5pqaoSuYNwJcYhauCH53lC7dXCnqNGWU5AedjEhb - Rgw9L19IAIipXQC3qIpAbRXcsvEo8pazsRss4e90Ovd8f0J8wyjBwh41Tue5iCLYAAkYPPpg62rv - vYE5WnRvya3i3gHbkGoSZNRwGHi+N+aey0d+NJ+EozCYeuEsiCKXTW49PruI3slVTkaLE/8TPmqe - nbJMZz3bVo+EUwv7Hjti+w6FvFPUyyQOacvsgjFBO4b5MrODTmP44cqeOEVG/ndr+cP3uNsROHyP - u12FQ/cYSBOpMlpT5jYiXul2GN0ngmhVqiu0ugHKQv1jXeYFH94AecLV48WjLhak5iaTHd2P02y7 - 1AB7hILXP/QjFLyGx0co6IWCLtEAcxpstjSnIRbw/U5dxQ11xvXYhcG8YglGO1bpa9a5plnXFZjm - V1dgGBvP1nGZZ4r66F5Arf+NUT//xtN1Xv23nqpay6wJQygJv+eyX2QaoahjpcebZqhR98X25f9W - w2bd80HKfn3jok5o4da7yk5PWS0q9d7UbqZuEL25ef50sv9ktp4gvd1utw8AAAD//wMAWMUy6tQb - AAA= - headers: - ATL-TraceId: - - b1ca878cc9b140a7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d594ad87-7304-4f4e-aed8-69d5008d6c43 - x-envoy-upstream-service-time: - - '139' - status: - code: 200 - message: OK -- request: - body: '{"transition": {"id": 41}, "fields": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '40' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-455/transitions - response: - body: - string: '' - headers: - ATL-TraceId: - - 6945be83f4f17dca - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 54f87614-f446-4851-9772-34c8a3fcbb9c - x-envoy-upstream-service-time: - - '274' - status: - code: 204 - message: No Content -- request: - body: '{"issueKeys": ["10607"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/333/add - response: - body: - string: '{"errorMessages":["Issue does not exist or you do not have permission - to see it."],"errors":{}}' - headers: - ATL-TraceId: - - 57c92e809c768670 - Connection: - - close - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 129762cd-7854-484c-84b9-334528b54585 - x-envoy-upstream-service-time: - - '27' - status: - code: 400 - message: Bad Request -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmnS3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFBD8Yt6rkEAGjObAcla1lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DybnkZSEE/2P76dFqF0FeCbHVVGtEvqtrrXjSqOiWVWLHomCir6v6X0Ew - qeFpXBRJ72i1mvDsepXsEzGXiaD9ODTkfP4BAAD//wMAvhQqCloBAAA= - headers: - ATL-TraceId: - - 4f10713b5f691671 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:43 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dab05587-f4e4-4eb3-bf31-db0a62d3b1b7 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 15df051a90ce5389 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:43 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 14042b32-ade0-47e6-8bf7-e001e220b970 - x-envoy-upstream-service-time: - - '74' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10607 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPcNhD+Kxp/yIerOb/mcvVMpkPh2tIylMKRzJRkGGHv2Sqy5JFk7q4J/70r - 2ebgwtGEwAzYkna1++yzj/eTB6uGisLLPAWiAAXFLwx4oX1Ba9C+ziuoqS8bUNQwKbQPBTM1GOrn - FRUlcFn6t6A07kFxBo0CDcJ0Zz3fY9ZzFE7CN/iigS/wtTKm0VkQFLCA3BTyHzmmhlOtGRVjASZA - HyagDQvigGndQjA4uIE12p/MZ+fzvfT1a1xZuGC97JOn8dJW59RAKdW6C67ANzSIwzjaC5O9MJrH - YZamWRqNJ9PJD2EUhjZGe4dZN+DcvDBGa49xhmG8ybp7KUDnijUWEVzdJ7qmnPukYNowkRvSMMiB - yAVZSnUztta5FBeKf00UGvJWQXDLYElvqaHqJ83+hbc1FqmtX3VLR8XbKEyiaf86x0DfblL2PVto - vGtO9Y2tUXtt7FO2oFyD7w0+vMw5ufM9w5AYDRbZy0SLmXiNkv9geC9Er7d22LlqDNjZlwcF30R6 - IZgx6MDyq7e2Sf3hzmq5MEuqbGKa1Q1nyJBiKxsE11Emna7S6deE28PcX9Yj3TALLP48xDl1PI3T - VZy+2LEroWPJK93/f+auaLKKJt9312q4rH945rYkXiXx993Wk1MPDztvu7uz/b1616kLVuzyI1aw - LBWU2Ndf0BA5JXnbtdmLmLhx8DQZHzfye+xWUlFNrgEEySVyDQwURApiKqaJazHbzj1rD1EgPcwo - b7WRtdOtK/Qcvxni396YfpnYs3oWD3pmdcSptZftRb6H2Zp3KBC2DTqHS2pQ1jvV/HaYOkm+F+Gg - 86ZsN7rHA9naokRWWN/bBSZKLzOqhbtea60zxfKhVNtrNjA8qivZ8uKQ6YbTdd/BFj8FiIKtyxcw - JMk4Tu5lfRvPcBfQ0a6NeKNwTCpm1i9EbDAPUkupr1d3VtMSdGAt9OCE4QKXy7G+LTfcOpbLgazp - UxxLBhZfjbLRVeT+TtPJ9Gr0eWQPhPGDDYsdp9dgNdJ23JYzKzZPwhXtYnI0tbhhq8walh8zceMm - jENo7MAh8qG2ruJLt3e/IqSY4bxBrzmcAdUdX1T/5J0eX/x6dHJ1fHQwOzmfXc3Ozv48w+BRFzQC - hwfmFZBT/BgIQ+y92JPYnnxNUGgYt06JkeR3pig5VVCjGJFWI5PHTnq2s/gRHYafWRgm00Xmdd9B - rDEWyTZll/kjdcJylUxQvn2oH5d6eB37OUY3CBzWvxRwf7ptbNc/yXfX9q8HvncD0Asp2hnfDzCP - pe7bWLsleVvTUHfRQT+mfVe0w6wXJP0lyTAwFN3FueRSnXSxYF1AbIXmqozCjc/C9PA/V7jHqHwQ - m9/RnBkOo4xcOjbtN4zM0Zokn21amBWXOeWV1CabhtMwWDBRoCwGyTT56OwPXdbkENMmlgzZiPyv - pTM8B6QTagsaoAoQt3bwfoavl/hvbxKlLgSLbL6Ecc2MgrFUZYCsohZshtOUZWOAR8eVqbkLqPPz - zvq5EDdCLoe1UyWLFse1mSixx2oELrCZ2vvO7ScfQyG/yeWekTtSb3oH8UcSkMsIQfqrpcqAIhuX - O0xhc2fkrP/ePyXnORU7ztshMYiisIP4Z0VFXgVzWmKwJ1jzbrVlvDg6fLh0IGuEyX7bq4fL52tt - oNaYedFIhoTBcuOP23PFshjXlAnNDIyRV9iiya69XetYFl1dS6qKnhb3jBtlH8Q+zhnyhsFm7tBg - yJIZ/FQaHDuAdGMXWXBa+mRZsbwiNVChcZN2J3oPiBp6IDTP/wMAAP//7Fn/S9tAFP9XQkHQYWLS - b2phuOLcGOgm7TZBhHJNThtscyGXtIrr/77Pu7vcamzKcEP8QRC59i7vvdx97vM+7xVsCdkyj5lT - 4B6E2X1KMgb3PeE6HXsUygAABZGGvFcCc7FYeGLBZKrgBFjyOy+dpAoOQOjoWmQj7UyOWI7kPi5w - IKPtbxf94bk7PHNBCDtk+sfgVBvdtBlnHC8Z9ZzPJ9+vEnA6rjEw03NEOg+vkpN5TKkEwQ157h4r - r+XcPzqIZnFU50DPbXBQb5ZWzGP8l3qP6lw8XQdYnOHK3qgam1BxMeEJsYDD7OEKlOCIAnCgUOI5 - d+IE5zFTzzgio0zIMCspESEJ3vJkl9CROAC+Fl4Omy7YPcHMSZmCSCFxrA5ws4ISlNkJn3q4u5Jw - Z1G2gkPyRTCFfxOfLAMke7IARtfGqXD37sssZWFO7/lVOLH64IBDaLP0HRnmPJWUyDOuuYXrxeba - WuBK+tpwIjatPzx2A82hq+SrqKAk1wFPBVETsds2w2knO872zi+c8DQXPdDKU5kZ1MnMoF030Skn - KPfkGQtvlWImDVxZ6tul1QkrytTGK6m6fmGdSPNtuVGdOLTiJs9ZOCH6XVOKVXOlLGYzRgm+UcmI - tGUk4UX2zORPEu0IvEVlBmrFzjVrt6JgfND2O2PEu79/GDSbXVJEdhE8bFjG6Tz7UQQfksSDjcE1 - 1esHS3NkdGMLQePeu8n0MkUyerjXCZpBmwc+bzWjw27YCjv7QXjQiSKfda8DfnAUvVdWtlr9reYn - /Onn3BlLTNZzXf2V9ArpLrAjbtMjyHtpMZ7GIW2ZmzImacfwvMrs0NEYfjx3u16aUPzV3sTrj7ja - 4Xj9EVe7JK89YjBNpOtso5ZXGfHctPfoPhFF61pes9Ulyehe46TIRMr3LsE84eTPxaOuHGbtTSY/ - pr9o1HZmCPaNCl7+0N+o4CUifqOCWiqw+gEh3ugb90ANfTP2YVfkbIrRGiUEmdV4WDaeTtR183zb - zatOtOomrGLjyTzORKKlj+kFFObXJf3xr14BdaWy8FAODQs+g/lWfhfbK+3uNmbsbsBlMSXDK75V - 1yXL+7mOYy7y/9b81basTbhCafpTqIZV2bGlfvRUkKJdieNxsM1H0ZoH1O4sl8vfAAAA//8DAEhI - BSqkHAAA - headers: - ATL-TraceId: - - 4c6975e147e43d38 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:43 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aecc980f-5c2a-46bc-b08b-1fb6800b9e12 - x-envoy-upstream-service-time: - - '179' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJmrbb3EQPKrIK2z2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJDvd7ev+4eX9rrdrVMX - JyLfEpRBBu8ZGXA27jihDe1xxnjgzrh1iKFuHc3wGyEyBUpxMe9VSCAHznLgOa9axiSvZSEoANxA - hGPe4xJ723G6skUOrOUghZCipkXB/th+erTaRVBUZVlrpjWi2DaNViJpVKzmVbnlUfCyb6rmX0Ew - qeFpXBRJ72i1mvDsepXsEzGXiaD9OOzJ+fwDAAD//wMAwKBIfloBAAA= - headers: - ATL-TraceId: - - 9aa92c9a435493aa - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4e686dce-5f92-4ac1-9c24-499183a300ac - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - de7a7cd0e3194852 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 87c1f1a2-3c5e-41a1-9cbb-d60f9f6e6742 - x-envoy-upstream-service-time: - - '76' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - b5dff83910b72c86 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bf7f52a4-eb57-4307-a945-4a926b712958 - x-envoy-upstream-service-time: - - '105' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 4", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/384]\n\n*Defect - Dojo link:* http://localhost:8080/finding/384\n\n*Severity:* Low \n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/110]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Defect - Dojo ID:* 384\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1690' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10608","key":"NTEST-456","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10608"}' - headers: - ATL-TraceId: - - d39dd769d8569658 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6e70af9f-4674-482a-8a88-51143d00bc2d - x-envoy-upstream-service-time: - - '402' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-456 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtm681e4goohjTx2mxpmtlOCywpDFo6S2wkUiApy17b/74j - JcWpM2dt6nyIeOS9PffckZ8cWJeUJ07kSOAJSEh+Z5AnqsdpAaqn4gwK2hMlSKqZ4KoHCdMFaNqL - M8pTyEXaW4FUuAfJBEoJCrhuzjo9hxnLgX/oj3ChIF/iMtO6VJHnJbCEWCfio3CpzqlSjHKXg/bQ - hvZoybzQY0pV4HUGbmGD+hez8XTWH/56iJKlDdaJPjkKnVYqphpSITdNcAmuUCH0w6DvD/p+MAv9 - aDiMhiM3ODr6xQ9838RofOhNCdbME2M0+hin74fbrJtFAiqWrDSIoPSYqILmeY8kTGnGY01KBjEQ - sSS1kLeu0Y4Fv5L5t0ShIK4keCsGNV1RTeVviv0DLwosUlU8a0RnyYvAHwSjdjnDQF9sU+45ptDo - a0bVralRtdDmK1rSXEHP6Ww4kTXypedohsQoschOxCvMxCml+IjhPRG9VttiZ6vRYWcW9wq+jfSK - M63RgOFXq22S+tOeVWKpaypNYooVZc6QIclONgiupcxwtB6OviXcFubWWYt0yQyw+LuP89A/Qs/h - cB0On2zYltCy5Jlq/z/iKzhcB4c/5mvdOWs/HvE2CNeD8Me8teRU3cdeb1++mP5ev2umC1bs+gNW - ME0lpNjXD2iInBJ51bRZI4krpUVhR8QcPYRH+zZGD200o6ORmsa048+J+kE7LwyDJYsbd58eyAy/ - MHyViSpPTpkqc7ppWYhiBEq/w541zGxdUI2Tthlk399DzZS8m4teY02aBrGfJ6IyONnY3xsB46kT - aVmZYGIJmKvpuodz8sgdPQ+7ObmLmr8PzmDfRrgdGUxIpjdPzLdT94bfNy5ZQVNQntFQnRGGglzU - rlql2xFzLupuFA0dg9FOIoMukZwuwAwTQ82dQ6Yr/xOGYB8Pg5HBI6NqXLL4nPFbexWfQmluZh53 - BLK0qu3enYQLPsaLmS5ymABVDSll++Vcnl+9OruYn5+djC+m4/l4Mnk7wfywgRQCggdmGZBLnJpc - E+OXMEUEzzcEO5LlxijRgvzBJCWXEgrsWlIp5Jdre3Q3i+do0P/MfH8w4pGz07IIeco4zbGYWI1t - j5m9XVn7rmjhtSTPMbpuEmBdUw53p6vS9Ow38Lh5KTyReo3y3W319eX+fWzc0u0ljW/xIdVRrjPe - +DppnzQ/FHD3LvK650nYXa4cDNVjkQt50USzyCvopxIH1vZxIMipaIotihKfely3VXispl+Dc8O3 - fwczpnM4iMi1JdVxycgMtcnws0kNM8tFTPNMKB2N/JHvLRlPcGZ5g9Hwg9U/tZljUB8FMZyIDsj/ - alrFKSCrcHSgAjY5sbKT92NcXuO//mHQhGDQjWtwC6YluEKmHpKLGsAZvj4MKT086ma6yG1AjZ13 - xs4Vv+Wi7mSXUiQVPm/GPMVWKxA4z2Rq/E3NFYmhkNei7muxJ/WyNRB+IB65DhCkvyoqNUiyNblH - FbY+A6v99/ElmcaU7zlvHlVeEPgNxC8l5XHmzWiKwV5gzRtpxfLk7PS+6EQUCBPBuZXdF083SkOh - MPOkFAwJg+XGn92zxTIYF5RxxTS4yCvs1MG+vX1yLIvKFoLKpKXFHeMOoht+TGIhbhmY2MgCgBMF - mtRM47Wsicah1zxTyDKnaY/UGYszUgDlCjdpc6K1gKihBULjGIcmJGTFKKmwD2K5KXHq4DHOobn6 - XRPKBAmK8zSGqCNmXdeuqKkqLZ2QlrB2y6y0dECGzpdCzhtnak41PiQWFRZk/tPb98fTy/70TR/v - nZ+N6avJeWP0MTDeACaZROTVeHbDcbRjHyNnIiLKVXzDxytmbhQMbgr/AgAA///sWW1r2zAQ/ism - UGhH7dhOnJfB6EK3wT5slBU26DfFVhszv2HZ6UaW/97nJFlJnTiMbpR8CITgWNLdSbp77rlLZV9L - rc3YPyqI0jjqUqDGDijoFkszljG+hTqjLhW78+AWXxCyD7ImJa/4seAZoYDFzOXmKFlhBdyBTImX - 3Ioz3Ecq11h5SQmRYVRQPkIu/MmzS/KOzILjK5JnseSR/SY3swomXaQWuFYLfrPlJShLM544iF1B - fme8bMsPSRe5KfRr+0RjIMkTNXx0r53S7958TgsWVrTPr7kVyx8WMIQOS8XIbcULQfm85ApbuJqs - w9Y4rqDXGhNxaLPba9sb6CjbgK+EggZcUf/nBE2EbucMt51dWOcXf3DDSZW/Bazsskivi0V6w21q - UJVIkZK1Eq1uTw06ZLidA13czDXcTN6IpKj7J5qaAbHKwgWh7J4KpZ0S21KmRl2dpoySfK+VEenI - iKHn5QsJADG1K+AW1QCorYJ7NhxE3nwydIM5TBiPp57vj4hvmEnQcGAap/ucRRF0gAT0NjbYutp7 - b2COhB4suZXfO2AbcpoEGfXYDzzfG3LP5QM/mo7CQRiMvXASRJHLRvcen1xF76SUs8HszP+Ej1pn - pyzTWc+21Svh1MJ+xInYvkMu7xT1PIlDOjK7YEzQiWG9zOyg03j8cGOPnCIj+9u1/PFb3O4IHL/F - 7a7CsVsMCIpUTa8p8zYi3uh2GMUTQbQqtBWM3QFlMf1jXeYF798BYMLFJvCoi4VRE8mkR/fjNNsu - NcCeoOD1L/0EBa9h8QkKOqHAEAuY+KAibkUNcP3sQm5esQRPuxTJBc3qrda93YGuZp1rmnXtAdP8 - ag8YxsazZVzmmeJEuhdQ639j1M+/2cIyr/5bR1TJMjKhCCXh91z2i5quLFxLWbxqHjXqvli//N+q - 38i97KXs1zcu6oQEb+1VdnrKalapfVO7mbpBtHPz/vli/9lqvUBau16vnwAAAP//AwB6JN6n1BsA - AA== - headers: - ATL-TraceId: - - 7df9ec1e5ed29c58 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 44963ad8-3381-4805-8962-1cc7ec384507 - x-envoy-upstream-service-time: - - '158' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10608 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FFtm681e4goohjTx2mxpmtlOCywpDFo6S2wkUiApy17b/74j - JcWpM2dt6nyIeOS9PffckZ8cWJeUJ07kSOAJSEh+Z5AnqsdpAaqn4gwK2hMlSKqZ4KoHCdMFaNqL - M8pTyEXaW4FUuAfJBEoJCrhuzjo9hxnLgX/oj3ChIF/iMtO6VJHnJbCEWCfio3CpzqlSjHKXg/bQ - hvZoybzQY0pV4HUGbmGD+hez8XTWH/56iJKlDdaJPjkKnVYqphpSITdNcAmuUCH0w6DvD/p+MAv9 - aDiMhiM3ODr6xQ9838RofOhNCdbME2M0+hin74fbrJtFAiqWrDSIoPSYqILmeY8kTGnGY01KBjEQ - sSS1kLeu0Y4Fv5L5t0ShIK4keCsGNV1RTeVviv0DLwosUlU8a0RnyYvAHwSjdjnDQF9sU+45ptDo - a0bVralRtdDmK1rSXEHP6Ww4kTXypedohsQoschOxCvMxCml+IjhPRG9VttiZ6vRYWcW9wq+jfSK - M63RgOFXq22S+tOeVWKpaypNYooVZc6QIclONgiupcxwtB6OviXcFubWWYt0yQyw+LuP89A/Qs/h - cB0On2zYltCy5Jlq/z/iKzhcB4c/5mvdOWs/HvE2CNeD8Me8teRU3cdeb1++mP5ev2umC1bs+gNW - ME0lpNjXD2iInBJ51bRZI4krpUVhR8QcPYRH+zZGD200o6ORmsa048+J+kE7LwyDJYsbd58eyAy/ - MHyViSpPTpkqc7ppWYhiBEq/w541zGxdUI2Tthlk399DzZS8m4teY02aBrGfJ6IyONnY3xsB46kT - aVmZYGIJmKvpuodz8sgdPQ+7ObmLmr8PzmDfRrgdGUxIpjdPzLdT94bfNy5ZQVNQntFQnRGGglzU - rlql2xFzLupuFA0dg9FOIoMukZwuwAwTQ82dQ6Yr/xOGYB8Pg5HBI6NqXLL4nPFbexWfQmluZh53 - BLK0qu3enYQLPsaLmS5ymABVDSll++Vcnl+9OruYn5+djC+m4/l4Mnk7wfywgRQCggdmGZBLnJpc - E+OXMEUEzzcEO5LlxijRgvzBJCWXEgrsWlIp5Jdre3Q3i+do0P/MfH8w4pGz07IIeco4zbGYWI1t - j5m9XVn7rmjhtSTPMbpuEmBdUw53p6vS9Ow38Lh5KTyReo3y3W319eX+fWzc0u0ljW/xIdVRrjPe - +DppnzQ/FHD3LvK650nYXa4cDNVjkQt50USzyCvopxIH1vZxIMipaIotihKfely3VXispl+Dc8O3 - fwczpnM4iMi1JdVxycgMtcnws0kNM8tFTPNMKB2N/JHvLRlPcGZ5g9Hwg9U/tZljUB8FMZyIDsj/ - alrFKSCrcHSgAjY5sbKT92NcXuO//mHQhGDQjWtwC6YluEKmHpKLGsAZvj4MKT086ma6yG1AjZ13 - xs4Vv+Wi7mSXUiQVPm/GPMVWKxA4z2Rq/E3NFYmhkNei7muxJ/WyNRB+IB65DhCkvyoqNUiyNblH - FbY+A6v99/ElmcaU7zlvHlVeEPgNxC8l5XHmzWiKwV5gzRtpxfLk7PS+6EQUCBPBuZXdF083SkOh - MPOkFAwJg+XGn92zxTIYF5RxxTS4yCvs1MG+vX1yLIvKFoLKpKXFHeMOoht+TGIhbhmY2MgCgBMF - mtRM47Wsicah1zxTyDKnaY/UGYszUgDlCjdpc6K1gKihBULjGIcmJGTFKKmwD2K5KXHq4DHOobn6 - XRPKBAmK8zSGqCNmXdeuqKkqLZ2QlrB2y6y0dECGzpdCzhtnak41PiQWFRZk/tPb98fTy/70TR/v - nZ+N6avJeWP0MTDeACaZROTVeHbDcbRjHyNnIiLKVXzDxytmbhQMbgr/AgAA///sWW1r2zAQ/ism - UGhH7dhOnJfB6EK3wT5slBU26DfFVhszv2HZ6UaX/97nJFlJnDiMbpR8CITg+CTdSbp77rlLZV9L - rY3sHxVEaRx1KVCyAwq6l6URyxjfQp1Rl4rdcXCLLwjZB1mTklf8WPCMUMBi5nJzlKywAu5ApsRL - bsUZ7iOVc6y8pITIIBWUj5ALf/Lskrwjs+D4iuRZLHlkv8nNrIJJF6kFrtWC32x4CcrSjCcOYleQ - 3xkv2/BD0kVuCv3aPtEYSOuJGj66107pd28+pwULK9rn19yK5Q8LGEKHpWLktuKFoHxecoUtXA3W - YWscV9BrjYk4tNntte0NdJStwVdCQQOuqP9zgiZCt3OG284urPOLP7jhpMrfAlZ2WaTXxSK9YZcg - 2OQMVYncKeks8e3WUNcMbQu6uJlruJm8EUlR9w80NUNbMG0EW7ynnRsR4SxcEDarPCrqNGWU5Hut - jEhHRgw9L19IAIipXQG3qAZAbRXcs+Eg8uaToRvMYe94PPV8f0R8wwyChgPDON3nLIqgAySgt7bB - 1tXeewNztOjBklv5vQO2IYdJkFGP/cDzvSH3XD7wo+koHITB2AsnQRS5bHTv8clV9E6ucjaYnfmf - 8FHz7JRlOuvZtnolnFrYjzgR23fI5Z2inidxSEdmF4wJOjHMl5kddBqPH27skVNkZH+7lj9+i9sd - geO3uN1VOHaLgTSRquk1Zd5ExBvdDqN4IohWhbZCqzugLIZ/rMu84P07AEy4WAcedbEgNZFMenQ/ - TrPtUgPsCQpe/9JPUPAaFp+goBMKDJ+AiQ8q4p6oAa6fXaybVyzB0x4mBJrVe1r1dgVdzTrXNOva - AtP8agsMY+PZMi7zTLEb3Quo9b8x6uffbGGZV/+tI6rWMmtCEUrC77nsFzVdWbiWsvipedSo+2L9 - 8n+rfrPuZS9lv75xUSe08MZeZaenrGaV2je1m6kbRDs377cn+1uz9QRp7Wq1egYAAP//AwDkj+ow - 1BsAAA== - headers: - ATL-TraceId: - - d10bcc882c6da1a4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d8847344-5c08-4a3c-8353-22ba3a0a372d - x-envoy-upstream-service-time: - - '131' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10608"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/333/add - response: - body: - string: '{"errorMessages":["Issue does not exist or you do not have permission - to see it."],"errors":{}}' - headers: - ATL-TraceId: - - cf126688894dcaf1 - Connection: - - close - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b47567b6-5938-4ff8-87b7-149dcc9bfeda - x-envoy-upstream-service-time: - - '32' - status: - code: 400 - message: Bad Request -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPwWrDMBBE/0XX2s5KkexYt9Ie2lLSgp1TCUW2V9RFlowlF0LIv1eigfS2M/tm - hz2TTnk8LIZI8hXC7OVmM6DGPgzu2xUqGOX9qGxhMZCM/ODiR2cjTAFoAQXkzf7+vXl6a2/b/Tp1 - cSLyI0EZZHDMyICzcacJbWhPM8YDD8atQwx162iGvwiRKSD41XxUIYEMGM2B5axsKZWsklteAMAd - RDjmPS6xtx2nG7vNgbYMJOdSQFHRG9tPz1a7CPJSiEpTrRH5rq614kmjohUrxY5FwURfl/W/gmBS - w8u4KJLe0Wo14dX1KtlnYq4TQft5aMjl8gsAAP//AwByMRG7WgEAAA== - headers: - ATL-TraceId: - - 0589382028116d28 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1b56723b-71d0-4026-8c7e-5e5b3d462492 - x-envoy-upstream-service-time: - - '51' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 84499d46f8ba26c1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9bbb1f8c-cd6c-476e-8925-6f3098f7ae13 - x-envoy-upstream-service-time: - - '65' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10608 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtm68X2EldAMaSJ12VL08x2WmBJYdDSWWYtkQJJWfba/Pcd - SSlOkzlrU+dDxCPv/bmH/OTBpqQ89WJPAk9BQvobgzxVHU4LUB2VLKGgHVGCpJoJrjqQMl2App1k - SXkGucg6a5AK9yAdQylBAdfurNfxmLEchYfhEBcK8gUul1qXKg6CFBaQ6FR8FD7VOVWKUe5z0AHa - 0AEtWdALmFIVBK2BFWxR/2I6mky7g18OUbKwwXrxJ0+h00olVEMm5NYFl+IKFXphL+qG/W4YTXth - PBjEg6EfHR39HEZhaGI0PvS2BGvmmTEafYwzDHu7rN0iBZVIVpqKoPSYqILmeYekTGnGE01KBgkQ - sSC1kCvfaCeCX8n8a6JQkFQSgjWDmq6ppvJXxf6BlwU2qSp+cKKz9GUU9qNhs5xioC93KXc802j0 - NaVqZXpUzbX5ihc0V9DxWhtebI3cdjzNEBglNtmLeYWZeKUUHzG8Z1av0ba1s91oa2cW9xq+i/SK - M63RgMFXo22S+tOeVWKhaypNYooVZc4QIemDbLC4FjKD4WYw/JpwmzI3zppKl8wUFn/36zwIj9Bz - b7DpDZ5t2LbQouQH1fx/wld0uIkOv8/XpnXWfDzhrd/b9Hvf560Bp2o/9nq7vTXzvXnn2AU7dv0B - O5hlEjKc60cwREyJvHJj5iRJpbQoLEXM0EPvaN/G8LENRx1OagbT0p8Xd6OOh2nqdzhxBlfugB0n - g2nJEhfAp0cygzhMSC1FlaenTJU53Ta4RHFNNTKtI7JvnyHHkne8GDhr0gyI/TwRlalTZCJ9bwSM - Z16sZWVcJxIwVzN1j3nyyB++6LU8+bBq4b5yRvs2evs2+jsuYUIyvX1mIVr1YPBtPMoKmoEKjIZq - jTAU5KL21Trbcc+5qFuOGni3BgtzMGRioPkgKTOV/5lttA+H0dCkvaRqVLLknPGVvYpPoTQ3M09a - uFgQ1XbvTsIFH+HFTOc5jIEqB0HZfHmX51evzy5m52cno4vJaDYaj9+OMQ0cIIV544HpEsglsibX - xPglTBHB8y3BiWS5MUq0IH8wScmlhAKnllQK8eXbGX2YxQs0GH5mYdgf8thzFwa2CGu8G6kvxhir - nTFO84eHmndFU14L8hyja5kA25dxuDtdlWZmvwLH7qXwTIQ55bvb6svL/dtAt0PVK5qs8CHVIqs1 - 7nydNE+a7wq4fRcF7fOk116uHAyiE5ELeeGimecVdDOJ9LR7HAhyKlyzRVHiU4/rpgtP9e/L4tzw - 3d/BlOkcDmJybUF1XDIyRW0y+GxSw8xykdB8KZSOh+EwDBaMp8hZQX84+GD1T23mGNRHQQwm4gPy - v5pWcQKIKmQIVMBZJlZ28n6Ey2v81z2MXAimukkNfsG0BF/ILEBwUVNwhq8PA8oAj/pLXeQ2IGfn - nbFzxVdc1K3sUoq0wufNiGc4agUWLjCZGn8Tc0ViKOR3UXe12JN62RjofSABuY6wSH9VVGqQZGdy - jyrsfEZW++/jSzJJKN9z3jyqgigKXYlfScqTZTClGQZ7gT130orl6dnpfdGJKLBMBHlreV882SoN - hcLM01IwBAy2G392zzbL1LigjCumwUdc4aT29+3tk2Nb1HIuqEwbWNwh7iC+4cckEWLFwMRG5gCc - KNCkZhovYU00kp57ppBFTrMOqZcsWZICKFe4Sd2JxgJWDS0QmiRImpCSNaOkwjlI5LZE1sFjnIO7 - 6H0TyhgBinyaQNwCs65rX9RUlRZOCEvY+OWytHBAhM4WQs6cMzWjGp8N8wobMvvx7fvjyWV38qaL - 9+RPxvTV+NwZfaoYbwCTTGPyejS94UjtOMeImZiIcp3c8NGamRsFg5vAvwAAAP//7Flta9swEP4r - JlBoR+3YTpyXwehCt8E+bJQVNug3xVYbM79h2elGlv/e5yRZSdw4jG6UfAiEIEfS3UW6e+65c2Vf - S63N3D8qiNI46lKg5g4o6BZLK5YxvoU6oy4Vz9fBLb4gZB9kTUpe8WPBM0IBi5nLzVGywgq4A5kS - L7kVZ7iPVO6x8pISIsOsoHyEXPiTZ5fkHZkFx1eUzmLJI/tNbmYVTLpILXCtFvxmy0tQlmY8cRC7 - gvzOeNmWH5IuclPo1/aJxkCSJ2r46F47pd+9+ZwWLKzof37NrVg+WMAQOiwVI7cVLwTl85IrbOFq - sQ5b47iCftaYiEOb3V7b3kBH2QZ8JRQ04Ir6PydoInQ7Z7jt7MI6v/iDG06q/C1g5TmL9LpYpDds - JijFVCVSpGStRKLbS4MOGW7nhOFm8uAl4dy/sIuruaZm2KEy7RTY3jU1u6qKhQvCZpVHRZ2mjJJ8 - r5UR6ciIoeflCwkAMbUr4BbVAKitgns2HETefDJ0gzlMGo+nnu+PiG+YRdBwYBmn+5xFEXSABPQ2 - Nti62ntvYI6EHiy5ld87YBtymQQZNewHnu8NuefygR9NR+EgDMZeOAmiyGWje49PrqJ3UsrZYHbm - f8JH7bNTlumsZ9vqJ+HUwn7Eidi+Qy7vFPU8iUM6MrtgTNCJYb/M7KDTGH64sUdOkZH97Vr++C1u - dwSO3+J2V+HYLQYERaqC15R5GxFvdDuM4okgWhXaCsbugLJY/rEu84L374A84WITeNTFwqyJZNKj - +3GabZcaYE9Q8PqXfoKC17D4BAWdUNDmEmBOvdWa9jQMBLY/qFBcUWdcj10ozCuWYLRHSlezzu1q - 1rmmWdeeMIyNZ8u4zDPFbnQvoNZvY9TjX1mKulJKWDVDjYIvQL6t90j9Ru5lL2W/vnFRJyR4S7fs - vJTVrFJ2LPPqv3VmlSwjE6pQmn7PZd/K9ILzUnaDSKOxY9dYf8davUGeznq9fgIAAP//AwAkwxEQ - 1BsAAA== - headers: - ATL-TraceId: - - a5602597077838ab - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 008c7c90-8dee-497a-94be-16296e01cb06 - x-envoy-upstream-service-time: - - '184' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - cd881cbb94374b9e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 955ad119-d32b-48fe-86df-8603cf26b01b - x-envoy-upstream-service-time: - - '89' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/384]\n\n*Defect - Dojo link:* http://localhost:8080/finding/384\n\n*Severity:* Low \n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/110]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Defect - Dojo ID:* 384\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, - "summary": "Jira Api Test 4"}, "update": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1644' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10608 - response: - body: - string: '' - headers: - ATL-TraceId: - - 0487ebc78b052142 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a9644722-46a9-41fc-aafd-73733b3706d3 - x-envoy-upstream-service-time: - - '102' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10608 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtm681e4goohjTxumxpmtlOCywpDFo6S2wkUiApy16b/76j - KMWpM2dt6nyIeOS9P/eQnxxYl5QnTuRI4AlISH5jkCeqx2kBqqfiDAraEyVIqpngqgcJ0wVo2osz - ylPIRdpbgVS4B8kESgkKuLZnnZ7DjOXAP/RHuFCQL3GZaV2qyPMSWEKsE/FRuFTnVClGuctBe2hD - e7RkXugxpSrwOgO3sEH9i9l4OusPfzlEybIJ1ok+OQqdViqmGlIhNza4BFeoEPph0PcHfT+YhX40 - HEbDkRscHf3sB75vYjQ+9KaExswzYzT6GKfvh9us7SIBFUtWmoqg9JioguZ5jyRMacZjTUoGMRCx - JLWQt67RjgW/kvnXRKEgriR4KwY1XVFN5a+K/QMvC2xSVfxgRWfJy8AfBKN2OcNAX25T7jmm0ehr - RtWt6VG10OYrWtJcQc/pbDhRY+Su52iGwCixyU7EK8zEKaX4iOE9s3qtdlO7phtd7cziQcO3kV5x - pjUaMPhqtU1SfzZnlVjqmkqTmGJFmTNESLKTDRa3gcxwtB6Ovibctsyts7bSJTOFxd/DOg/9I/Qc - Dtfh8NmGmxY2KPlBtf+f8BUcroPD7/O17py1H094G4TrQfh93lpwqu5jr7e7OzPf63eWXbBj1x+w - g2kqIcW5fgRDxJTIKztmVhJXSouioYg5egiP9m2MHtuw1GGlZjAb+nOiftBzME39DifO4Ko9QDXy - pKWhb58Ay3H3rOZZa9LAu/k8EZXJMjBM9d4IGE+dSMsK7lryMsYki23unx7JTGB4VGWiypNTpsqc - btqRQHEsAXM1U/eYJ4/c0Yuw48ndqvn7yhns2wi3lMGEZHrzzIp16t7w2+iSFTQF5RkN1RlhKMhF - 7apVuqWYc1F3VDR0TI12Ehl0ieR0AYZMDDR3Dpmp/M8yBPtwGIxMPTKqxiWLzxm/ba7iUyjNzczj - rmdNJ+tm717CBR/jxUwXOUyAKosD2X45l+dXr88u5udnJ+OL6Xg+nkzeTjA/HCCFBcEDswzIJbIm - 18T4JUwRwfMNwYlkuTFKtCB/MEnJpYQCp5ZUChHqNjO6m8ULNOh/Zr4/GPHI2RlZLHnKOM2xmdiN - 7YyZvV1Z+65oy9ugOsfoOibAvqYc7k9XpZnZr8CxfSk8E3pW+f62+vJy/zY0buH2isa3+JDqINcZ - t75O2ifNdwXcvYu87nkSdpcrBwP1WORCXthoFnkF/VQiR2wfB4KcCttsUZT41OO67cJTPf2yODd8 - +3cwYzqHg4hcN6A6LhmZoTYZfjapYWa5iGmeCaWjkT/yvSXjCbKeNxgNPzT6p03mGNRHQQwmogPy - v5qN4hQQVUgdqIBDThrZyfsxLq/xX/8wsCGY6sY1uAXTElwhUw/BRU3BGb4+DCg9POpmusibgKyd - d8bOFb/lou5kl1IkFT5vxjzFUSuwcJ7J1PibmisSQyG/i7qvxZ7Uy9ZA+IF45DrAIv1VUalBkq3J - Paqw9Rk02n8fX5JpTPme8+ZR5QWBb0v8SlIeZ96MphjsBfbcSiuWJ2enD0UnosAyEeSt7KF4ulEa - CoWZJ6VgCBhsN/6avaZZpsYFZVwxDS7iCid1sG9vnxzborKFoDJpYXGPuIPohh+TWIhbBiY2sgDg - RIEmNdN4E2qikfTsM4Usc5r2SJ2xOCMFUK5wk9oTrQWsGlogNI6RNCEhK0ZJhXMQy02JrIPHOAd7 - 27omlAkCFPk0hqgDZl3XrqipKhs4ISxh7ZZZ2cABETpfCjm3ztScary7FxU2ZP7j2/fH08v+9E0f - 752fjOmrybk1+lQx3gAmmUTk9Xh2w5HacY4RMxER5Sq+4eMVMzcKBjeFfwEAAP//7Flta9swEP4r - JlBoR+3YTpyXwehCt8E+bJQVNug3xVYbs/gFy043svz3PifJiuvEYXSj5EMgBCUn312ku+eeu5T2 - tbRay/7RQJTEUZcBJTtgoFst7VjFeBfqjLpM7O5DWHxByj7InpSi4seCp4QCFjOXm6FlhRcIB3Il - XnErTnEfiXzGygoqiAxSQfUItfAnTy8pOlILga94lcWWj+w3hZmVMxkilcC1WoibRpSgLU350kHu - Coo7E2WNOCRbFKawr/0TtYOkT1SI0b1+yrh78znJWVjS7/yaWbH8YAFD6LBUjtyWPBdUzwuusIWr - zTptTeAK+lpjIg5tdnttewOdZVvwlVBQgyv6/4ygidDtnOG20wvr/OIPbnhZZm8BK7ss0utikd6w - SxA0OUNZoHZKQkwUt7XVNVvbgi5u5hpuJm9EUtT9G03P0BZMawGSmIULgt89rUu7VooqSRgV+V6r - ItKREUPPihcSAGJqV8At6iLQWwX3bDiIvPlk6AZz+DseTz3fHxHfMJtg4cA2Tvc5iyLYAAnobX2w - dbf33sAcKT3Ycqu4d8A25DYJMmrZDzzfG3LP5QM/mo7CQRiMvXASRJHLRvcen1xF76SWs8HszP+E - l3rOTliqq55tq6+EUwn7ESdi+w6FvJNX82Uc0pHZOWOCTgzPy8oOOo3lhxt75OQp+d/u5Y/f4/ZE - 4Pg9bk8Vjt1jIE2k2mhNmZuIeKPHYZRPBNGqVVdodQeUxfaPVZHlvH8HgAkX28SjKRakJpPJjp7H - abZdaIA9QcHrX/oJCl7D4xMUdEKB4Q9w8UFl3JoG4HrtQm9WsiVWe5gQaFZvventCrqGda4Z1rUF - ZvjVFhjGxtNVXGSpoj56FlDpf2PUx7/6CegrpYZ1vdQo+ALka/yP1K/1XvYS9usbF9WSFDdsy8lL - Uc5K5ccqK//bbFfpMjphCq3p90zOreqBLI2baRpEFo0fz531n3mrH5Cns9lsngAAAP//AwAOCeTN - 1BsAAA== - headers: - ATL-TraceId: - - 8005112ad93e8690 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3366f115-e63d-4174-9e1b-2f8abdae5805 - x-envoy-upstream-service-time: - - '143' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10608"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/333/add - response: - body: - string: '{"errorMessages":["Issue does not exist or you do not have permission - to see it."],"errors":{}}' - headers: - ATL-TraceId: - - f9fd5a977aa39c6e - Connection: - - close - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 60cb464b-fc2c-41e7-bad6-5c5ee34b522b - x-envoy-upstream-service-time: - - '36' - status: - code: 400 - message: Bad Request -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_creation.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_creation.yaml deleted file mode 100644 index cd0026b3b19..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_creation.yaml +++ /dev/null @@ -1,333 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNmm3uYkeVGQV2j2JSNpOsJImpU2FZdn/boKL623em+/N - Y06k1QseZksU+QxhWtRm06PBLvT+y1MdrF6WQTvqMJCMfOO8DN5FmAEwChTyen/7Wj+8NNftfh3b - OBH1lqAMMnjPSI+T9ccRXWiOE8YDd9avfQy162D73whRKSDFxbzXIYEcOMuB57xoGFO8VFtBAeAG - IhzzC86xtxnGK7vNgTUclBBKllSW1R/bjY/O+AiKQsrSMGMQxa6qjBZJo2YlL+SOR8FlVxXVv4Jg - U8PTMGuS3jF6teHZdzrZJ2IvE0H3cajJ+fwDAAD//wMAuJlt8FoBAAA= - headers: - ATL-TraceId: - - 8dcffcc6a754fc9e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1a76bf8e-3e58-495a-8a72-6f372804bc46 - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - cb219cde6f4f4394 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5dc2bab1-301c-4016-adf8-d3caf2893dac - x-envoy-upstream-service-time: - - '80' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "weekly engagement", - "description": "weekly engagement", "issuetype": {"name": "Epic"}, "customfield_10011": - "weekly engagement"}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '182' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10609","key":"NTEST-457","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10609"}' - headers: - ATL-TraceId: - - acb09249469fce19 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9c6874a2-5b29-4d90-a121-4631638739aa - x-envoy-upstream-service-time: - - '533' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-457 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RXbU8jNxD+K6uV7r40+5pXIiFKgatoKYd4uX6oKuSsJxtfdu2V7SVJKf+9Y3s3 - KZAgLkhIrMf2zHjmmWcmjz4sK8KpP/YlcAoS6BcGBVUdTkpQHZXNoCQdUYEkmgmuOkCZLkGTTjYj - PIdC5J0HkAr3gF5DJUEB1+6s3/GZ0ZzEg/gAFwqKKS5nWldqHEUUppBpKr6LkOiCKMUIDznoCHXo - iFQsSiOmVA1Rq2AOK7x/eXt2cxv0+kOUTK2z/vjRV2i0VhnRkAu5cs5RXOGFNE6TIO4GcXKbxuNe - b9wfhelo8FOcxLHx0djQqwqsmj19NPfRz9hpdK92Cwoqk6wyEUHpsTdhuVcrkJ7S6KinZ0R7HIAq - TwtvAt5Eijlwj4oFD70TCfgG6k1W3m9MEu9GTPWCSPACPOBxoT2TD09Ij0IBGkJjPRP8ThbveQUr - SQ4qMjfU5h0qgoploXrIUZvBAao6Q4lJYT3RRM398ZQUCp46vmYIkwpT7o95XRQdv5LiOxrbM5bN - 7e2R/F/6N47dcaY1KjBoa27f4ht+t2dVEy7jOSurgiFeaON8xycPRBOJobIA6o2WvdF73FWQ1RJa - V52So4rRQ+vnZyc4N8tebDCa9pZpb2/Fiv0Dh6okRfFZNf/fsJUMlsngY7aWrbHm4w1r3XTZTT9m - rUT81iVaaz52Wnt6MtW+/Oa4BjP219+YwTyXkGOFvIIhYkoUtSs6J8lqLLjSEsY9WkiHuzZGr3U4 - InHShZBzS4b+OEga9jAIlixz5h5fyQy+0H01E3VBT5mqCrLalBAGSn9jsDDIbEwQjbzraO3Ha8hx - 5polI6dNmgKxnyeiNnGyvv9pBIzn/ljL2jiTOcLZyprDcDRKWtZ8GbV4VziTXRvpro3uhkuYkEyv - 9gxEez3qfoAVGyUMBQ6iz3nxDytrmarr23xOwFCKAejLpw12vNkU7faNXTBNRiYqM6IMM18wPrd9 - +xQq08Z51uLLom5h99YSLvgZdg0yKeAaiHKYlc2Xf3Vx9+v55f3F+cnZ5c3Z/dn19ddrfB/Wl8Kw - 4IHbGXhXSKpce8aux5QneLHysGBZYZSaRma71ZWEEqNj250KbQm/fMUBKoz/ZXHcHT2MfddPMIOY - gk3FPatyTEbOOCleHmqGkCbutgYK9K4lCsxujl22PV1XpqTfAXM3VuwJQHd53cyeTwI/hskN4n4h - 2RynrhZyrXJn66SZfz7kcDtERWljJG17L4eFKX1RCHnpvJkUNQS5RD5bO3grvFPhki3KCudCrpss - vJW/58FZAMwRUsBzxFxpeP01dHYxTpK8U0G6Z5ScHltTX63DJsNYwQhCguFYh2CTIdzcgn3kOT+f - LQNLGEGyxcNe+0QTOS0x85arTTN5ebS/Ixrxzo1dlBOvKce2bcu/2w+uO+WzCn2ZWaI1yWY2B9s4 - ESf71lxdlsRgd3v2TGcScs+cGQo6Illmeh/OFP0p6XVpMhn14v4EnRgOD5I0HZhCWh9CC28cw59F - rDimFG0guv2ND0Ez5fwsFkRVoZCmVN8eNd14FGIZ2WMh1k3kPqN+kiY9SGLopvRgkHWz/jDJRn1K - YzKYJjA6oodWy6fu8af0C/65e0FJeBO6IHAiFdYqWGBEgjREF2lY1ZMCx/z/AAAA///sWLEOgjAQ - /Rd2tHFwcDPB3Tg4uBFtFGMoKYWYEP7dd71SBUJijFEGtkK56x1w7947vLIwi+Oc3hjsE/DpBH0C - y2gbLmdZSvF3Oez4I+4y4fFH3GXTY48YIHRiLut6QWRrAMh3VWj9LAOpnkxSSiaYDGQH9AQ8vim0 - gmg+AGKOl2fhkXrDrq9kOsfJTtdGtMyUNnKCgj989AkKfhHxBAWDUOCpBkI8c8VVNPhxawG/ysTg - 1KJPkkCUV0FVB/2NIZEqhkSq8CK1u+E5m0zLRKuUiY8juYWbSfLlOymUynxtEsC+vE8cBP24V1YI - NdMI/FoccdUsHep+fL6d3s4bv1CS8X0n8+JGjl9ytRJGm7XhvGnMQjKHMvf328aLlrUzsNHWdf0A - AAD//wMAaNHN2toWAAA= - headers: - ATL-TraceId: - - e2cdbed2397baf46 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d51fc54c-2332-4c22-977d-b59c036b3890 - x-envoy-upstream-service-time: - - '156' - status: - code: 200 - message: OK -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml deleted file mode 100644 index b366b3aaba7..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml +++ /dev/null @@ -1,1654 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPT0vEMBDFv0uutt1JmvRPbqIHFVmFdk8ikrYTrKRJaVNhWfa7m+Diepv35vfm - MSfSqRUPiyGSfHo/r3K3G1Bj7wf35TLljVrXUdnMoicJ+cZlHZ0NMAWgGWSQNvvb1+bhpb1u99vU - hYnItwglkMB7QgacjTtOaH17nDEcuDNuG0Ko20Yz/EaIjAHBL+a98hFkwGgKLGVFS6lkpcx5BgA3 - EOCQX3EJve04Xdk8BdoykJxLUWcir/7Yfnq02gWQF0KUmmqNyKu61opHjYqWrBAVC4KJvi7qfwXe - xIancVEkvqPVZvyz61W0T8RcJoL249CQ8/kHAAD//wMA52SJmloBAAA= - headers: - ATL-TraceId: - - aa37b90ef1d0f94d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 04a154db-7cd9-4159-8acd-9f319d1b4f5b - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 45cb6b35cec5ab73 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ae854b75-c35d-4824-8d14-4af1c5219bbd - x-envoy-upstream-service-time: - - '75' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - 27fe60f913a5e15f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:44:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb240bf7-e7fb-42ab-bff3-87d25cfc2c7e - x-envoy-upstream-service-time: - - '93' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/385]\n\n*Defect Dojo link:* http://localhost:8080/finding/385\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/111]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 385\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10610","key":"NTEST-458","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10610"}' - headers: - ATL-TraceId: - - 60c81e5f3e54c061 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 76455bd0-7e55-47fb-a061-e62248922157 - x-envoy-upstream-service-time: - - '413' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-458 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbXPaOBD+Kxp/6NzlANtAUuqZzk1KaC93aZoB0sw06TDCXoyKLXkkGcO1+e+3 - kuzQJiXXpuRDrJX2/dlH+uzBpqA88SJPAk9AQvKaQZaoFqc5qJaKl5DTlihAUs0EVy1ImM5B01a8 - pDyFTKStNUiFe5CMoZCggGt31mt5zFgOg6MwwIWCbIHLpdaFinw/gQXEOhGfRIfqjCrFKO9w0D7a - 0D4tmN/1mVIl+I2BFWxR/3w6mkzb/cMBShY2WC/67Cl0WqqYakiF3LrgElyhQjfohu2g1w7CaTeI - +odREHR63ed/BGFgrFofeluANfPEGI0+xhkE3V3WbpGAiiUrTEVQekxUTrOsRRKmNOOxJgWDGIhY - kErIVcdox4JfyuxHolAQlxL8NYOKrqmm8k/F/oWXOTapzJ850WnyMgx64aBeTjHQl7uUW55pNPqa - UrUyPSrn2nxFC5opaHmNDS+yRm5bnmYIjAKb7EW8xEy8QopPGN4Tq1dr29rZbjS1u9fwXaSXnGmN - Bgy+am2T1D/2rBILXVFpElMsLzKGCEnuZYPFtZDpDzb9wY+EW5e5dlZXumCmsPj7us794Dl67vY3 - 3f6TDdsWWpQ8U/X/R3yFR5vw6Nd8bRpn9ccj3nrdTa/7a95qcKrmY6+321sz35v3jl2wY9cfsYNp - KiHFuX4AQ8SUyEo3Zk4Sl0qL3FLEDD10n+/bGDy04ajDSc1gWvrzonbY8jBN/R4nzuCqPkA18qSj - oZ+fAMdxd6zmO2vSwNt+DkVpsgwNU10ZAeOpF2lZwm1NXsaYZLHL/fMDmQkMj6qlKLPkhKkio9t6 - JFAcS8BczdR9jyeD8LDhyftVC/aVM9y30d230dtxCROS6e0TS9mo+/2f41GW0xSUbzRUY4ShIBNV - R63THfeciarhqL53a7AwB0MmBpr3kjJT+d1sw304DAcm7SVVo4LFZ4yv7FV8AoW5mXnc9Mx2srJ7 - dxIu+AgvZjrPYAxUORzI+su7OLt8c3o+Ozsdjs4no9loPH43xjRwgBTmjQemSyAXyJpcE+OXMEUE - z7YEJ5JlxijRgvzNJCUXEnKcWlIqRGjHzuj9LF6gweALC4Lei17kuQsDW4Q13o3UN2OM1U4Zp9n9 - Q/W7oi6vRXWG0TVMgO1LOdydLgszsz+AY/dSeCLCnPLdbfXt5f5zoNuh6hWNV/iQapDVGHe+hvWT - 5pcCbt5FfvM86TaXKweD6FhkQp67aOZZCe1UIkfsHgeCnAjXbJEX+NTjuu7CY/37tjg3fPd3MGU6 - g4OIXH+gRRiRoRArBuSKaeQoTSb28iCvM5p+MbliqpmIabYUSkeDYBD4C8YTpEG/Nzj8aA2e2FJg - lJ8EMSCJDsj/alrFCSDMkDJQAYebWNnwaoTLS77iotrFPHz/QHpwIUVS4utlxFOcpBzr4k+xDHju - 2iaBhslfomprsSeRojbQ/Uh8cl0BrHDs4M7aHq3dAb9nFT8cX5BJTPme8+a55Idh6Gr1SlIeL/0p - TTHOc+ymk5YsS05PvhYNRZ4zTZCRll+LJ1ulIVeYdFIIhlDARuLP7tmqG2zmlHHFNHQQMVG/39u3 - t0/uJ+h1LqhM6v7eYekguuHHJHaQwdjIHIATBZpUNX400pl7gJAFYqhFqiWLlyQHyhVuUneitoBV - QwuExjHSISRkzSgpEeGx3BbIJ3iMc3D3aMeEMkakIVPGEDUIq6qqIyqqio6QqY/4gk2nWBYWCQi1 - 2ULImXOmZlTjrTwvsSGz395dHU8u2pO3bbwBfzemL8dnzuhjxXgLmGQSkTej6Q1H0sYJ1SAjIop1 - fMNHa2buCgxuArrt5qrZ+76D/wAAAP//7Flta9swEP4rJlBoR+3YTpyXwejC1sE+bJQVNug3xVYb - s/gFy043svz3PSfJquPEWSmj5EMgBCeS7i6nu+eeuzxbQZTEUZcCtXZAQbdY2rGK8S6Uj7pU7O6T - gfEFlfpB9psUFz8WPKWEtpi53gztKOxAQJAx8YpbcYobSeQZKyuo2DGsCqo1qHM/eXpJ8ZFaCH3F - mSy2fGS/KdCsnMkgqQQu1kLkNOIELWfKl451nQqKPBNnjUgkXRSo0K/tE7WBJE9UiNK9dsrIe/M5 - yVlY0u/8mlmx/GABQMhdKktuS54LqtUFV8DC1WaduCZ0BX0NlLNH3hBOm91+sL2BdmgTSSUc1EiJ - 7j4r6MoAbucMN55eWOcXf3DLyzJ7C2jZ5YheF0f0hl0LQb1AlaUsUBkl3SUC29rqmq3tBcO8pOsl - ndy/sYuJuaYj2CIq7QLXPjU1p8qShQvCZ1UlRZUkjEp471/1jnxIhDwrXljviZhdAcyoaUArFdyz - 4SDy5pOhG8xh43g89Xx/RPTCbIKGA9s4XfAsiqADNb/3ZIOtm7v3BvtI6MEOW6WCA3Iht0nkUY/9 - wPO9IfdcPvCj6SgchMHYCydBFLlsdO/xyVX0Tko5G8zO/E94qXN2wlJdCm1bfSWcStiP8IjtO5QF - Tl7Nl3FILrNzxgR5DOeRcmUM9ozHjzf2yMlTsr/duh+/xe0BwPFb3B4iHLvFgJ5Idc2aITch8kZP - vyifCLVVZ67g6w7Ai+3XVZHlvH8HKAoXT4lHQyusmkwmPXr8psl1oRH3BAWvf+knKHgNi09Q0AkF - hnnAxAeVcWuad+tnF3Kzki3xtIcagXf11pve7kLXbM7tms25ZjbXXjAUjqeruMhSRXd061/pP1/U - x2f9BDSbUsK6ftQo+ALka/xt1K/lXvYS9usbF9WSBDd0y0FLUc5KZccqK//bKFfJMjKhCv3q90yO - qer5K02XafhDGo0d28b6W9bqA9I7m83mLwAAAP//AwBzZoXkwxsAAA== - headers: - ATL-TraceId: - - b518808e667a6df4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f335bc10-eacc-4a71-b764-0193b2034472 - x-envoy-upstream-service-time: - - '200' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10610 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbXPaOBD+Kxp/6NzlANtAWuqZzk1KaC93aZoB0sw06TDCXoyKLXkkGcO1/e+3 - kuzQkpJrU/Ih1kr7/uwjffJgU1CeeJEngScgIXnFIEtUi9McVEvFS8hpSxQgqWaCqxYkTOegaSte - Up5CJtLWGqTCPUjGUEhQwLU767U8ZiyHwdMwwIWCbIHLpdaFinw/gQXEOhEfRYfqjCrFKO9w0D7a - 0D4tmN/1mVIl+I2BFWxR/2I6mkzb/eMBShY2WC/65Cl0WqqYakiF3LrgElyhQjfohu2g1w7CaTeI - +sdREHR63Wd/BGFgrFofeluANfPIGI0+xhkE3V3WbpGAiiUrTEVQekJUTrOsRRKmNOOxJgWDGIhY - kErIVcdox4JfyexHolAQlxL8NYOKrqmm8k/F/oUXOTapzJ840VnyIgx64aBeTjHQF7uUW55pNPqa - UrUyPSrn2nxFC5opaHmNDS+yRr60PM0QGAU22Yt4iZl4hRQfMbxHVq/WtrWz3Whqt9fwXaRXnGmN - Bgy+am2T1D/2rBILXVFpElMsLzKGCEn2ssHiWsj0B5v+4EfCrctcO6srXTBTWPx9Xed+8Aw9d/ub - bv/Rhm0LLUqeqPr/A77Cp5vw6a/52jTO6o8HvPW6m17317zV4FTNx0FvX76Y+d68c+yCHbv5gB1M - UwkpzvU9GCKmRFa6MXOSuFRa5JYiZuih++zQxuC+DUcdTmoG09KfF7XDmi8MgiWLnbtP92QGXxi+ - WooyS06ZKjK6rVGIYiyUfocza5BZu6AamdYR2c/PkGPJO170nTVpBsR+DkVp6mRjvzYCxlMv0rI0 - wcQSMFczdd/jySA8bnhyv2rBoXKGhza6O8pgQjK9fWS+jbrf/zm6ZDlNQflGQzVGGAoyUXXUOt1R - zLmoGirqe6ZGe4n0mkQyOgdDJgaae4fMVH63DOEhHIYDU48lVaOCxeeMr+xVfAqFuZl53ADIwqqy - e3cSLvgIL2Y6z2AMVDlQyvrLuzy/en12MTs/G44uJqPZaDx+O8b8cIAUFgQPTJdALpE1uSbGL2GK - CJ5tCU4ky4xRogX5m0lKLiXkOLWkVIivjp3R/Syeo8HgMwuC3vNe5LkLA3uHxd+N1DdjjG1IGafZ - /qH6XVGX14I8w+gaJsC+phzuTpeFmdkfwLF7KTwSek757rb69nL/OTTu4PaSxit8SDWQa4w7X8P6 - SfNLATfvIr95nnSby5WDgXosMiEvXDTzrIR2KpGwdo8DQU6Fa7bIC3zqcV134aH+fVucW777O5oy - ncFRRG7e0yKMyFCIFQNyzTQSpiYTe3mQVxlNP5tcMdVMxDRbCqWjQTAI/AXjCZKY3xscf7AGT20p - MMqPghiQREfkfzWt4gQQZsglqIBTT6xseD3C5RVfcVHtYh6+uyc9upQiKfH1MuIpTlKOdfGnWAY8 - d2OTQMPkL1G1tTiQSFEb6H4gPrmpAFY4dnBn7YDW7oDfs4rvTy7JJKb8wHnzXPLDMHS1eikpj5f+ - lKYY5wV200lLliVnp1+LhiLPmSbISMuvxZOt0pArTDopBEMoYCPxZ/ds1Q02c8q4Yho6iJio3+8d - 2jsk9xP0OhdUJnV/77B0FN3yExI7yGBsZA7AiQJNqho/GunMPUDIAjHUItWSxUuSA+UKN6k7UVvA - qqEFQuMY6RASsmaUlIjwWG4L5BM8xjm4S71jQhkj0pApY4gahFVV1REVVUVHyNRHfMGmUywLiwSE - 2mwh5Mw5UzOq8YkwL7Ehs9/eXp9MLtuTN228UX43pq/G587oQ8V4A5hkEpHXo+ktR9LGCdUgIyKK - dXzLR2tm7goMbgK67eaq2fu+g/8AAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFVboN8VW - GzO/YdnpRpb/vuckWU2dOC1llHwIhOD4JN1JunvuucuLFURpHHUpULI9CrqXpRHLGN9CnVGXiu1x - 0jG+IYXfy3qT/OJmwTMKaIuZ681RjsIOOAQZEy+5FWe4kVTOsfKSkh2DVFCuQZ77xbNz8o/Mgusr - Amex5IH9IUezCiadpBa4WAues+EnKDkznjjWZSbI84yfbXgi6SJHhX5tn2gMpPVEDS/daaf0vHdf - 04KFFe3ze27F8ocFAKHjUlFyXfFCUK4uuQIWrgbrwDWuK+g1UM4eeUMc2uz6k+0N9IFuIqmEgwYp - Ud3nJV0ZwO2U4cazM+v07C9uOany94CWbY7odXFEb9glCBoBZZaqRGaUZJXYdGuoa4a2BV3MyzXM - S96JJKC7B5qKoC2Y7mQw7cyHKGfhgvBZZUlRpymjFN57Lt/RGRIhz8tX5nsiZhcAM6L8KKWCOzYc - RN58MnSDOTYwHk893x8RvTCDoGHPME4XPIsi6EDO7z3aYOvi7qPBPlp0b4WtQsEBuZDDJPKox37g - +d6Qey4f+NF0FA7CYOyFkyCKXDa68/jkIvogVzkZzE78L/ioeXbKMp0KbVu9Ek4t7AeciO07FAVO - Uc+TOKQjswvGBJ0Y5iPkqhjsGY+fr+yRU2Rkf7t0P3yL2w2Aw7e43UQ4dIsBPZEq4TVD3oTIK939 - ongi1FZ1tYKvWwAvhl/WZV7w/i0QJ1w8Bh41rSA1kUx6dPtNk+tSI+4RCt7+0o9Q8BYWH6GgEwoM - wYCJ9yriVtTv1s8u1s0rluBpBzUC7+qt1r1tQVdvzjW9ubbA9LraAkPheLaMyzxTdEeX/rX+80X9 - fMkWlnn13xqgai2zJhShTvyZy/ZQ04SFaymLV82jRt1X65d/U/Wbdc97Kfv9g4s6oYU39iobO2U1 - q9S+qbtMzR/auXn/dLL/ZLaeIK1dr9f/AAAA//8DAEUaCT3DGwAA - headers: - ATL-TraceId: - - ef5b4cf7094ecf14 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 94f84062-dfc4-4499-9460-cbf908894f6b - x-envoy-upstream-service-time: - - '172' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQU/DMAyF/0uutJ2TJt2aG4IDIDSQ2p0QQmnriKI0qZoUaZr230nExLj52d/z - s0+kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut0v05d - rIh8S1AGGbxnZMDZuOOENrTHGeOCO+PWIZq6dTTDr4XIZBD80rxXIYEMGM2B5axqKZVsK0teAMAN - RDj6PS4xtx2nK1vmQFsGkgsZj+Ql+2P76dFqF0FeCbHVVGtEvqtrrXjSqOiWVWLHomCir6v6X0Aw - KeFpXBRJ72i1mvDsepXaJ2IuFUH7cWjI+fwDAAD//wMAgwTQ01oBAAA= - headers: - ATL-TraceId: - - 03c8d7c82e875e82 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 02b0ef99-24f8-476a-8756-0a7e9ef46c20 - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 27b7fdb2cf5a4d10 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4d92114e-4af4-410c-a54b-08cb80914b1b - x-envoy-upstream-service-time: - - '54' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - fec62189e8c73a4e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d14f3ccb-1503-4503-9eb9-e03dc055ad77 - x-envoy-upstream-service-time: - - '85' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/386]\n\n*Defect Dojo link:* http://localhost:8080/finding/386\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/111]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 386\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10611","key":"NTEST-459","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10611"}' - headers: - ATL-TraceId: - - 7a745b17a67486d7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7e8f6c04-4df1-44e8-af62-4366c2eb7b38 - x-envoy-upstream-service-time: - - '449' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-459 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlAbPdG4opD3uKGVIKDOFDqPYG0eNLXkkOU6O8t9v - JdmEQsO1NHzAWmnfn32kGw9WJeWpF3sSeAoS0rcM8lR1OC1AdVQyh4J2RAmSaia46kDKdAGadpI5 - 5RnkIussQSrcg/QMSgkKuHZnvY7HjOUw2A1DXCjIZ7ica12q2PdTmEGiU/FF9KjOqVKM8h4H7aMN - 7dOS+ZHPlKrAbw0sYI36J5PReNIdvNxDycwG68U3nkKnlUqohkzItQsuxRUqREEUdoN+NwgnURAP - XsZB1Iui8I8gDAITo/Gh1yVYM8+M0ehjnEEQbbJ2ixRUIllpKoLSfaIKmucdkjKlGU80KRkkQMSM - 1EIuekY7Efxc5j8ShYKkkuAvGdR0STWVfyr2L7wusElV8cKJjtLXYdAPh81ygoG+3qTc8Uyj0deE - qoXpUTXV5iue0VxBx2tteLE1ctvxNENglNhkL+YVZuKVUnzB8J5ZvUbb1s52o62dWdxr+CbSc860 - RgMGX422Seofe1aJma6pNIkpVpQ5Q4SkD7LB4lrIDIarwfBHwm3K3DhrKl0yU1j83a/zIHiFnqPB - Kho827BtoUXJC9X8f8JXuLsKd3/N16p11nw84a0frfrRr3lrwKnaj63ebm/NfK8+OnbBjl1+xg5m - mYQM5/oRDBFTIq/cmDlJUiktCksR1+gherVtY/jYhqMOJzWDaenPi7thwxcGwZIlzt3NI5nBF4av - 5qLK00OmypyuGxSiuKYaedXR1s9PjOPEOxb0nTVpxsF+HojKVMVGemEEjGderGVlXKNN/RHpwgxF - UwwJmKuZusc8Gfb2gqDlyYdVC7aVM9y2EW0ogwnJ9PqZFWjV/cHP0SUraAbKNxqqNcJQkIu6p5bZ - hmKORd1S0cC7fZxIv00kp1MwZGKg+eCQmcrvliHchsNwaOoxp2pUsuSY8YW9ig+hNDczT1oAWVjV - du9OwgUf4cVMpzmcAVUOlLL58k6Pz98dnVwfHx2MTsaj69HZ2YczzA8HSGFB8MBkDuQUWZNrYvwS - pojg+ZrgRLLcGCVakL+ZpORUQoFTSyqFiOvZGX2YxR4aDL6yIOjvTWPvwchiyTPGaY7NxG5sZszs - PZQ174qmvBb2OUbXMgH2NeNwd7oqzcz+AI7dS+GZ0HPKd7fVt5f7z6FxA7c3NFngQ6qFXGvc+Tpo - njS/FHD7LvLb50nUXq4cDNQTkQt54qKZ5hV0M4mEtXkcCHIoXLNFUeJTj+umC0/19NviXPHN386E - 6Rx2YnL5iZZRTA6EWDAgF0wjYWoytpcHeZvT7KvJFVPNRULzuVA6HgbDwJ8xniKt+f3h7mdr8NCW - AqP8IogBSbxD/lfTKo4BYYZcggo49cTKDi5GuDznCy7qTcwHHx9Jd06lSCt8vYx4hpNUYF38CZYB - z13aJNAw+UvUXS22JFI2BqLPxCeXNcACxw7urG3R2hzw+1bx0/4pGSeUbzlvnkt+GIauVm8k5cnc - n9AM4zzBbjppxfL06PC+6EAUBdMEGWl+XzxeKw2FwqTTUjCEAjYSf3bPVt1gs6CMK6ahh4iJB4P+ - tr1tcj9Fr1NBZdr09w5LO/EV3yeJgwzGRqYAnCjQpG7wo5HO3AOEzBBDHVLPWTInBVCucJO6E40F - rBpaIDRJkA4hJUtGSYUIT+S6RD7BY5yDu9R7JpQzRBoyZQJxi7C6rnuipqrsCZn5iC9Y9cp5aZGA - ULueCXntnKlrqvGJMK2wIde/fbjYH592x++7eKP8bkyfnx07o08V4z1gkmlM3o0mVxxJGydUg4yJ - KJfJFR8tmbkrMLgx6K6bq3bv+w7+AwAA///sWW1r2zAQ/ismUGhH7dhOnJfB6MLWwT5slBU26DfF - Vhuz2DKWnW50+e97TlJUx42zUkbJh0AITiTdXU53zz13ebaCJEuTLgV6bY+CbrG0Y5XiXWofdal4 - uk8FxheU8DvVb1Jc/FjwnBLaYfZ6BdpR2IGAIGPSFXfSHDeSqTOOKKnYMaxKqjWocz95fk7xkTsI - fU3gHLa8Z78p0JyCqSCpJS7WQeQ04gQtZ86XnnOZS4o8G2eNSCRdFKjQb+yTGwNJnqwRpTvtVJH3 - 5nNWsLii3/lVOKn64ABAyF06S64rXkiq1SXXwML1ZpO4NnQlfQ2Uc0fBEE6bXX9wg4FxaBNJFRxs - kBLdvSjpygBupww3np85p2d/cMvLSrwFtDzliEEXRwyGzcJflSiAiqUSaW5vjTpk+J0Llnkp1yue - uXtjFxPzbUewRV7aBa59ampPVRWLF4TPukrKOssYlfDev+od+ZAIuShfWO+JmF0AzKgJQCsV3bLh - IAnmk6EfzWHjeDwNwnBE9MJugoY92zhd8CxJoAM1v/dog2uau/cW+0jo3g5bp4IHcqG2KeTRj/0o - CIMhD3w+CJPpKB7E0TiIJ1GS+Gx0G/DJRfJOSTkZzE7CT3jpc27GclMKXVd/Jb1auvfwiBt6lAVe - Uc+XaUwucwvGJHkM55FyVQr2jMePV+7IK3Kyv926H77F7QHA4VvcHiIcusXApES38IYhNyHyyky/ - KJ8ItXWnrXHtBsCL7Zd1KQrevwEUxYvHxKOhFVZtJpMeM34z5Lo0iHuEgte/9CMUvIbFRyjohII2 - uQCV6j2s6cyGksD2O52KDzQIN88+FIqKLfG0Q0rXbM63s7n2gp11tRcsheP5Ki1FrumOaf1r8+eL - /vgsS9FsKgkPm0eDgi9AvsbfRv2N3PNexn5947JekuCGbjVoKatZpe1Yieq/jWa1LCsTqtCvfhdq - TGWHwaJUwx/SaO3YNjbcstYcUN5Zr9d/AQAA//8DANEYBuTDGwAA - headers: - ATL-TraceId: - - c444a4e58d8011c7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0d5ae827-d359-45bc-b35d-1665435b4d0e - x-envoy-upstream-service-time: - - '176' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10611 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlAbPdG4opD3uKGVIKDOFDqPYG0eNLXkkOU6O8t9v - JdmEQsO1NHzAWmnfn32kGw9WJeWpF3sSeAoS0rcM8lR1OC1AdVQyh4J2RAmSaia46kDKdAGadpI5 - 5RnkIussQSrcg/QMSgkKuHZnvY7HjOUw2A1DXCjIZ7ica12q2PdTmEGiU/FF9KjOqVKM8h4H7aMN - 7dOS+ZHPlKrAbw0sYI36J5PReNIdvNxDycwG68U3nkKnlUqohkzItQsuxRUqREEUdoN+NwgnURAP - XsZB1Iui8I8gDAITo/Gh1yVYM8+M0ehjnEEQbbJ2ixRUIllpKoLSfaIKmucdkjKlGU80KRkkQMSM - 1EIuekY7Efxc5j8ShYKkkuAvGdR0STWVfyr2L7wusElV8cKJjtLXYdAPh81ygoG+3qTc8Uyj0deE - qoXpUTXV5iue0VxBx2tteLE1ctvxNENglNhkL+YVZuKVUnzB8J5ZvUbb1s52o62dWdxr+CbSc860 - RgMGX422Seofe1aJma6pNIkpVpQ5Q4SkD7LB4lrIDIarwfBHwm3K3DhrKl0yU1j83a/zIHiFnqPB - Kho827BtoUXJC9X8f8JXuLsKd3/N16p11nw84a0frfrRr3lrwKnaj63ebm/NfK8+OnbBjl1+xg5m - mYQM5/oRDBFTIq/cmDlJUiktCksR1+gherVtY/jYhqMOJzWDaenPi7shLqlGVnSk8/N4d4x2x2G+ - syYNmO3ngahMTqHhpQsjYDzzYi0ruG2oyhiTLHGZ3jySmcDwqJqLKk8PmSpzum4GAMUYlf6IdGGG - oimGBMzVTN1jngx7e0HQ8uTDqgXbyhlu24i2bfQ3XMKEZHr9zOK26v7g53iUFTQD5RsN1RphKMhF - 3VPLbMM9x6JuOWrg2XJOwZCJgeaDpMxUfjfbcBsOw6FJe07VqGTJMeMLexUfQmluZp60XbS9re3e - nYQLPsKLmU5zOAOqHDJk8+WdHp+/Ozq5Pj46GJ2MR9ejs7MPZ5gGDpDCvPHAZA7kFFmTa2L8EqaI - 4Pma4ESy3BglWpC/maTkVEKBU0sqhZjt2Rl9mMUeGgy+siDo701jz10Y2CKs8WakvhljrHbGOM0f - HmreFU15Lc5zjK5lAmxfxuHudFWamf0BHLuXwjMR5pTvbqtvL/efA90GVW9ossCHVIus1rjzddA8 - aX4p4PZd5LfPk6i9XDkYRCciF/LERTPNK+hmEllj8zgQ5FC4ZouixKce100Xnurft8W54pu/nQnT - OezE5PITLaOYHAixYEAumEbW0mRsLw/yNqfZV5MrppqLhOZzoXQ8DIaBP2M8RWL0+8Pdz9bgoS0F - RvlFEAOSeIf8r6ZVHAPCDCkDFXC4iZUdXIxwec4XXNSbmA8+PpLunEqRVvh6GfEMJ6nAuvgTLAOe - u7RJoGHyl6i7WmxJpGwMRJ+JTy5rgAWOHdxZ26K1OeD3reKn/VMyTijfct48l/wwDF2t3kjKk7k/ - oRnGeYLddNKK5enR4X3RgSgKpgky0vy+eLxWGgqFSaelYAgFbCT+7J6tusFmQRlXTEMPERMPBv1t - e9vkfopep4LKtOnvHZZ24iu+TxIHGYyNTAE4UaBJ3eBHI525BwiZIYY6pJ6zZE4KoFzhJnUnGgtY - NbRAaJIgHUJKloySChGeyHWJfILHOAd3s/ZMKGeINGTKBOIWYXVd90RNVdkTMvMRX7DqlfPSIgGh - dj0T8to5U9dU4z09rbAh1799uNgfn3bH77t4A/5uTJ+fHTujTxXjPWCSaUzejSZXHEkbJ1SDjIko - l8kVHy2ZuSswuDHorpurdu/7Dv4DAAD//+xZbWvbMBD+KyZQaEft2E7sJIPRha2DfdgoK2zQb4qt - NmZ+w7LTjSz/fc9Jspq6cVbKKPkQCEGxTrqzdPfcc5dnK4izJO5ToOb2KOjfliRWCb6FOqM+FU/l - pGN8Qaa+k/Um+cWPJc8poC1mrrdAOQo74BBkTLLiVpLjRjK5xioqSnYMs4JyDfLcT56fk3/kFlxf - sSiLpffsNzmaVTLpJI3AxVrwnC0/QcmZ89SxLnNBnmf8bMsTSRc5KvRr+0RrIO0nGnjpTjul5735 - nJUsquk9vxZWIn9YABA6LhUl1zUvBeXqiitg4UpYB65xXUGPgXJ26I1xaPPrD7Y30ge6jaQSDlqk - RHVfVHRlALdThhvPz6zTsz+45bQu3gJannJEr48jeuO+iaCdoMxSV8iMkgATpe2Iuka0O2GYlzx6 - SSd3C/YxMddUBIhXFi0JaXeSPHe2k9F0M6FosoxRCh/8K9/RGRIhL6oX5nsiZhcAMyojUEoFt2w8 - ir3FdOwGCxg8mcw83w+JXhghaNgjxumC53EMHcj5gwcbbF3cvTfYR5vurbBVKDggF1JMIo8aDgPP - 98bcc/nIj2dhNIqCiRdNgzh2WXjr8elF/E7ucjKan/if8FHr7IzlOhXatnoknEbY9zgR23coCpyy - WaRJREdml4wJOjGsR8jVCdgzhh+v7NApc7K/W7ofvsXdBsDhW9xtIhy6xYCeWNXRmiFvQ+SV7n5R - PBFqq1pdwdcNgBfil01VlHx4AyiKlg+BR00rzJpIJj26/abJdaUR9wgFr3/pRyh4DYuPUNALBV2m - ASo1WG9oTcs0YPudCsU1NcL12IXComYpRjt26evNuX29Odf05roThsLxfJVURa5Iki79G/3ni/r5 - HEtXRf3fmqpqL7MnFKFO/F7I9lDbCYVrKYvX7VCj7ov1y7+phu2+54OM/frGRZPSxlvvKhs7VT2v - 1XtTd5maP/Tm5vnjxf6j1XqBtHaz2fwFAAD//wMAmyPt88MbAAA= - headers: - ATL-TraceId: - - bb78e6f9bf26d7d5 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c60f6a7d-92ef-4a07-83be-765867ab4f38 - x-envoy-upstream-service-time: - - '123' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPwWrDMBBE/0XX2s5KkexYt9Ie2lLSgp1TCUW2V9RFlowlF0LIv1eigfS2M/tm - hz2TTnk8LIZI8hXC7OVmM6DGPgzu2xUqGOX9qGxhMZCM/ODiR2cjTAFoAQXkzf7+vXl6a2/b/Tp1 - cSLyI0EZZHDMyICzcacJbWhPM8YDD8atQwx162iGvwiRKSD41XxUIYEMGM2B5axsKZWsklteAMAd - RDjmPS6xtx2nG7vNgbYMJBcSRMHqG9tPz1a7CPJSiEpTrRH5rq614kmjohUrxY5FwURfl/W/gmBS - w8u4KJLe0Wo14dX1KtlnYq4TQft5aMjl8gsAAP//AwA2dHzYWgEAAA== - headers: - ATL-TraceId: - - 5a5021dc239e53c9 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b3c2558f-ba74-4e3b-8f09-34f049d032fd - x-envoy-upstream-service-time: - - '26' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 91003b718a5f09d3 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 91de1c11-b83d-49fc-a447-375e614cac95 - x-envoy-upstream-service-time: - - '68' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJtmm3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvW7369TF - ici3BGWQwXtGBpyNO05oQ3ucMR64M24dYqhbRzP8RohMAVFczHsVEsiBsxx4zsuWMckruS0oANxA - hGPe4xJ723G6stscWMtBFkKCoKKs/th+erTaRbAohag00xqx2NW1VkXSqFjFS7HjUXDR12X9ryCY - 1PA0Loqkd7RaTXh2vUr2iZjLRNB+HBpyPv8AAAD//wMAZdHXP1oBAAA= - headers: - ATL-TraceId: - - ba9dfeceb6028a42 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3870b290-391c-472f-aa8d-2daa6d52ab03 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b9c23c8c35a02dba - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f128cd57-9b0a-4db4-bae6-17c2b6659bfb - x-envoy-upstream-service-time: - - '47' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b365171d3f3e9b06 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 43f057be-c90a-43cb-9beb-bbc4be775792 - x-envoy-upstream-service-time: - - '171' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-458 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSWwngaae6dxQSHvcUcokocwUOhnF3jhqbMkjyXFyLf/9 - VpJNKDRcoeED8kr7/uwjffVgXVCeeJEngScgIXnLIEtUi9McVEvFC8hpSxQgqWaCqxYkTOegaSte - UJ5CJtLWCqTCPUhGUEhQwLU767U8ZiyHwUEY4IeCbI6fC60LFfl+AnOIdSK+iA7VGVWKUd7hoH20 - oX1aMD+j2iyZUiX4jZUlbNDI2WQ4nrT7+wOUzG3EXvTVU+i5VDGqpUJuXIQJfqFCN+iG7aDXDsJJ - N4j6+1EQdHrdl38EYWCsWh96U4A189RAuy5Go49xBkF3m7r7SEDFkhWmLCg9JCqnWdYiCVOa8ViT - gkEMRMxJJeSyY7RjwS9k9jNRKIhLCf6KQUVXVFP5p2L/wuscO1XmL5zoJHkdBr1wUH9OMNDX25Rb - nuk2+ppQtTSNKmfarKI5zRS0vMaGF1kjNy1PM0RHgZ32Il5iJl4hxRcM75nVq7Vt7Ww3mtrda/g2 - 0gvOtAGHAVmtbZL6x55VYq4rKk1iiuVFxhAhyb1ssLgWMv3Buj/4mXDrMtfO6koXzBQWf3fr3A9e - ouduf93tP9uwbaFFyQtV/3/EV3iwDg9+zde6cVYvHvHW66573V/zVoNTNYud3m5uzHyvPzqKwY5d - fcYOpqmEFOf6AQwRUyIr3Zg5SVwqLXJLEVP00H25a2Pw0IajDic1g2k50IvaYc0XBsGSxc7d1wcy - gy8MXy1EmSXHTBUZ3dQoRHFFNZKro62nT4zjxFsW9J01acbBLo9EaapiI700AsZTL9KyNK7Rpv6I - dGGGoi6GBMzVTN2PeDII9xuevF+1YFc5w10b3S1lMCGZ3jyzAo26338aXbKcpqB8o6EaIwwFmag6 - apVuKeZUVA0V9b2bh4n0mkQyOgNDJgaa9w6ZqfxhGcJdOAwHph4LqoYFi08ZX9r7+BgKcz3zuAGQ - hVVl924lXPAh3s50lsEIqHKglPXKOz+9eHdyNj09ORqejYfT4Wj0YYT54QApLAgemCyAnCNrck2M - X8IUETzbEJxIlhmjRAvyN5OUnEvIcWpJqRBxHTuj97N4hQaDbywIeq96kecuDOwdFn87Ut+NMbYh - ZZxm9w/Vj4u6vBb2GUbXMAH2NeVwe7oszMz+BI7dS+GZ0HPKt7fV95f709C4hdsbGi/xNdVArjHu - fB3VT5pfCrh5F/nN86TbXK4cDNRjkQl55qKZZSW0U4mEtX0cCHIsXLNFXuB7j+u6C4/17/viXPPt - 396E6Qz2InL1iRZhRI6EWDIgl0wjYWoytpcHeZvR9JvJFVPNREyzhVA6GgSDwJ8zniCt+b3B/mdr - 8NiWAqP8IogBSbRH/lfTKo4BYYZcggo49cTKji6H+HnBl1xU25iPPj6Q7p1LkZT4ehnyFCcpx7r4 - EywDnruySaBh8peo2lrsSKSoDXQ/E59cVQBLHDu4tbZDa3vA71nFT4fnZBxTvuO8fUuHYehq9UZS - Hi/8CU0xzjPsppOWLEtOju+KjkSeM02QkRZ3xeON0pArTDopBEMoYCPxZ/ds1Q02c8q4Yho6iJio - 3+/t2tsl9xP0OhNUJnV/b7G0F13zQxI7yGBsZAbAiQJNqho/GunMPUDIHDHUItWCxQuSA+UKN6k7 - UVvAqqEFQuMY6RASsmKUlIjwWG4K5BM8xjm4S71jQhkh0pApY4gahFVV1REVVUVHyNRHfMG6UywK - iwSE2nQu5NQ5U1Oq8YkwK7Eh098+XB6Oz9vj9228UX43pi9Gp87oY8V4D5hkEpF3w8k1R9LGCdUg - IyKKVXzNhytm7goMbgy67eaq2bvr4D8AAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFTbo - N8VWGzO/YdnpRpb/3uckWU2dOBthlHwIhOBY0t1JunvuucsBCqI0jroUqLE9CrrF0oxljG+hzqhL - xfY86RhfkMIfZNFJfvFjwTMKaIuZ681Rk8IOOAQZEy+5FWe4kVSusfKSkh3DqKBcgzz3k2eX5B+Z - BddXBM5iySP7TY5mFUw6SS1wsRY8Z8NPUHJmPHGs60yQ5xk/2/BE0kWOCv3aPtEYSPJEDS/daaf0 - vDef04KFFe3za27F8ocFAKHjUlFyW/FCUK4uuQIWribrwDWuK+g1UM4eeUMc2uz2g+0N9IFuIqmE - gwYpUeLnJV0ZwO2c4cazC+v84g9uOanyt4CWbY7odXFEb9g1EDQDlFmqEplR0ldi062prpnaHuhi - Xq5hXvJOJAHdPdFUBIhXFi4IaXfUH+2E15YyNerqNGWUwnt/y3d0hkTI8/LAfE/E7ApgRkUASqng - ng0HkTefDN1gDpvG46nn+yOiF2YSNOyZxumCZ1EEHcj5vWcbbF3cvTfYR0L3VtgqFByQCzlNIo96 - 7Aee7w255/KBH01H4SAMxl44CaLIZaN7j0+uondSytlgduZ/wkets1OW6VRo2+qVcGphP+JEbN+h - KHCKep7EIR2ZXTAm6MSwHiFXxWDPePx4Y4+cIiP726X78VvcbgAcv8XtJsKxWwzoiVQJrxnyJkTe - 6O4XxROhtqq0FXzdAXgx/bou84L374A44eI58KhphVETyaRHt980uS414p6g4PUv/QQFr2HxCQo6 - ocAwDZj4oCJuRf1u/exCbl6xBE87qBF4V2+17m0PdPXmXNObaw+YXld7wFA4ni3jMs8USdKlf63/ - fFE//2ULy7z6by1RJcvIhCLUid9z2R5qmrBwLWXxqnnUqHuwfvk3Vb+Re9lL2a9vXNQJCd7Yq2zs - lNWsUvum7jI1f2jn5v3Lxf6L1XqBtHa9Xj8BAAD//wMAgr/UvcgbAAA= - headers: - ATL-TraceId: - - fabfa17f381d766a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 43d78ec4-e31f-4434-8a3f-c3745237c3ee - x-envoy-upstream-service-time: - - '187' - status: - code: 200 - message: OK -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml deleted file mode 100644 index c8fe89f0bac..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml +++ /dev/null @@ -1,1654 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNm23uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvW7369TF - ici3BGWQwXtGBpyNO05oQ3ucMR64M24dYqhbRzP8RohMgUJczHsVEsiBsxx4zsuWMckruRUUAG4g - wjHvcYm97Thd2W0OrOUgRSGhokKUf2w/PVrtIijKoqg00xpR7OpaK5E0KlbxstjxKHjR12X9ryCY - 1PA0Loqkd7RaTXh2vUr2iZjLRNB+HBpyPv8AAAD//wMA9PL8nVoBAAA= - headers: - ATL-TraceId: - - 148868023280185d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0cfd3c8d-f2a7-4d00-b0c6-3298146d3087 - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 29303b66815658c4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 951f9a6e-4a63-49f0-87cd-ce5c4a9665c8 - x-envoy-upstream-service-time: - - '47' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - 2322b48b4e6dc5fb - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6ae0b0c0-cea0-4be0-924e-ba654bac11c0 - x-envoy-upstream-service-time: - - '92' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/387]\n\n*Defect Dojo link:* http://localhost:8080/finding/387\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/112]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 387\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10612","key":"NTEST-460","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10612"}' - headers: - ATL-TraceId: - - 6dd2bbc561866e1a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c5843761-072d-4d3d-867a-dbe183b16a05 - x-envoy-upstream-service-time: - - '465' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-460 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtmWy/2EldAMaSJ22VL08B2GqBJYTDSWWYskQJJWfba/vcd - SSlOkzprU+dDxCPv/bmH/OTBuqQ89WJPAk9BQvqaQZ6qDqcFqI5KFlDQjihBUs0EVx1ImS5A006y - oDyDXGSdFUiFe5COoZSggGt31ut4zFgOg/0wwoWCfI7Lhdalin0/hTkkOhW3okd1TpVilPc4aB9t - aJ+WzI98plQFfmtgCRvUP5uOJtPuYD9AydwG68WfPIVOK5VQDZmQGxdciitUiIIo7Ab9bhBOoyAe - /BEHw14UDX8PwsDYsD70pgRr5pkxGn2MMwhMnE3WbpGCSiQrTUVQekhUQfO8Q1KmNOOJJiWDBIiY - k1rIZc9oJ4JfyPx7olCQVBL8FYOarqim8k/F/oWXBTapKn5xopP0ZRj0w2GznGKgL7cpdzzTaPQ1 - pWppelTdaPMVz2muoOO1NrzYGvnS8TRDYJTYZC/mFWbilVLcYnjPrF6jbWtnu9HWzizuNXwb6QVn - WqMBg69G2yT1jz2rxFzXVJrEFCvKnCFC0gfZYHEtZAbD9WD4PeE2ZW6cNZUumSks/u7XeRAcoOdo - sI4GzzZsW2hR8otq/j/hK9xfh/s/52vdOms+nvDWj9b96Oe8NeBU7cdOb1++mPlev3fsgh27+ogd - zDIJGc71IxgipkReuTFzkqRSWhSWImboITrYtTF8bMNRh5OawbT058XdsOELg2DJEufu0yOZwReG - rxaiytNjpsqcbhoUorimGnnV0daPT4zjxDsW9J01acbBfh6JylTFRnppBIxnXqxlZVyjTf0e6cIM - RVMMCZirmbrHPHnQG74IW558WLVgVznDXRvRro3+lkuYkExvnlmaVt0f/BiPsoJmoHyjoVojDAW5 - qHtqlW2551TULUcNPFvOGzBkYqD5ICkzld/MNtyFw3Bo0l5QNSpZcsr40l7Fx1Cam5knLYAsrGq7 - dyfhgo/wYqY3OYyBKgdK2Xx556cXb07OZqcnR6OzyWg2Go/fjTENHCCFeeOB6QLIObIm18T4JUwR - wfMNwYlkuTFKtCB/M0nJuYQCp5ZUChHXszP6MIsXaDD4zIKg/+I29tyFgS3CGm9H6qsxxmpnjNP8 - 4aHmXdGU18I+x+haJsD2ZRzuTlelmdnvwLF7KTwTYU757rb6+nL/MdBtUfWKJkt8SLXIao07X0fN - k+anAm7fRX77PInay5WDQXQiciHPXDQ3eQXdTCJhbR8HghwL12xRlPjU47rpwlP9+7o413z7tzdl - Ooe9mFx9oGUYkyMhlgzIJdNImJpM7OVBXuc0+2xyxVRzkdB8IZSOh8Ew8OeMp0hrfn948NEaPLal - wChvBTEgiffI/2paxQkgzJAyUAGHm1jZ0eUIlxd8yUW9jfno/SPp3rkUaYWvlxHPcJIKrIs/xTLg - uSubBBomf4m6q8WORMrGQPSR+OSqBlji2MGdtR1a2wN+3yp+ODwnk4TyHefNc8kPw8jV6pWkPFn4 - U5phnGfYTSetWJ6eHN8XHYmiYJogIy3uiycbpaFQmHRaCoZQwEbiz+7ZqhtsFpRxxTT0EDHxYNDf - tbdL7qfo9UZQmTb9vcPSXnzND0niIIOxkRsAThRoUjf40Uhn7gFC5oihDqkXLFmQAihXuEndicYC - Vg0tEJokSIeQkhWjpEKEJ3JTIp/gMc7BXeo9E8oYkYZMmUDcIqyu656oqSp7QmY+4gvWvXJRWiQg - 1GZzIWfOmZpRjU+EmwobMvv13eXh5Lw7edvFG/A3Y/pifOqMPlWMt4BJpjF5M5pecyRtnFANMiai - XCXXfLRi5q7A4Cagu26u2r1vO/gPAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFVboN8VW - GzO/YdnpRpb/vuckWU2dOC1llHwIhOBYJ91JunvuucuLFURpHHUpUGN7FHQvSxLLGN9CnVGXim05 - 6RjfkKnvZb1JfnGz4BkFtMXM9eYoR2EHHIKMiZfcijPcSCrnWHlJyY5hVFCuQZ77xbNz8o/Mgusr - Amex5IH9IUezCiadpBa4WAues+EnKDkznjjWZSbI84yfbXgi6SJHhX5tn2gMpPVEDS/daaf0vHdf - 04KFFe3ze27F8ocFAKHjUlFyXfFCUK4uuQIWroR14BrXFfQaKGePvCEObXb9yfYG+kA3kVTCQYOU - qO7zkq4M4HbKcOPZmXV69he3nFT5e0DLNkf0ujiiN+waCJoByixVicwo6Sux6Zaoa0TbA4Z5yaOX - dHK3YBcTc01FgHhl4YKQdifJc6c7GU07E4o6TRml8N5z+Y7OkAh5Xr4y3xMxuwCYURGAUiq4Y8NB - 5M0nQzeYw+DxeOr5vuydGCFo2CPG6YJnUQQdyPm9RxtsXdx9NNhHi+6tsFUoOCAXUkwij3rsB57v - Dbnn8oEfTUfhIAzGXjgJoshlozuPTy6iD3KVk8HsxP+Cj5pnpyzTqdC21Svh1MJ+wInYvkNR4BT1 - PIlDOjK7YEzQiWE+Qq6KwZ7x+PnKHjlFRva3S/fDt7jdADh8i9tNhEO3GNATqRJeM+RNiLzS3S+K - J0JtVWkr+LoF8EL8si7zgvdvAUXh4jHwqGmFURPJpEe33zS5LjXiHqHg7S/9CAVvYfERCjqhwBAK - mHivIm5F/W797GLdvGIJnnZQI/Cu3mrd2x7o6s25Xb051/Tm2gOGwvFsGZd5pkiSLv1r/eeL+vmS - LSzz6r+1RNVaZk0oQp34M5ftoaYJC9dSFq+aR426r9Yv/6bqN+ue91L2+wcXdUILb+xVNnbKalap - fVN3mZo/tHPz/ulk/8lsPUFau16v/wEAAP//AwDUTMFkwxsAAA== - headers: - ATL-TraceId: - - d23208d69d303fae - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4737814d-ecaa-4991-a84f-05eb9d59700c - x-envoy-upstream-service-time: - - '121' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10612 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySHKSe6dxQSFvuKGVIKDOFTkaxN46ILXkkGSfX8t9v - JdmEQsO1NHzAWmnfn32kLx6sSspTL/Yk8BQkpG8Y5KnqcFqA6qhkAQXtiBIk1Uxw1YGU6QI07SQL - yjPIRda5AalwD9IzKCUo4Nqd9ToeM5bDYDeMcKEgn+NyoXWpYt9PYQ6JTsW16FGdU6UY5T0O2kcb - 2qcl8yOfKVWB3xpYwhr1Tyaj8aQ72A1QMrfBevEXT6HTSiVUQybk2gWX4goVoiAKu0G/G4STKIgH - f8bBsBdFwz+CMDA2rA+9LsGaeWaMRh/jDAITZ5O1W6SgEslKUxGU7hNV0DzvkJQpzXiiSckgASLm - pBZy2TPaieDnMv+RKBQklQT/hkFNb6im8i/F/oVXBTapKl440VH6Kgz64bBZTjDQV5uUO55pNPqa - ULU0Papm2nzFc5or6HitDS+2Rm47nmYIjBKb7MW8wky8UoprDO+Z1Wu0be1sN9ramcW9hm8iPedM - azRg8NVom6T+sWeVmOuaSpOYYkWZM0RI+iAbLK6FzGC4Ggx/JNymzI2zptIlM4XF3/06D4I99BwN - VtHg2YZtCy1KXqjm/xO+wt1VuPtrvlats+bjCW/9aNWPfs1bA07Vfmz1dntr5nv10bELduzyM3Yw - yyRkONePYIiYEnnlxsxJkkppUViKmKKHaG/bxvCxDUcdTmoG09KfF3fDjodp6o84cQZXzQGqkScd - Df38BDiOu2M131mTBt7280BUJsvQMNWFETCeebGWFdw25GWMSZa43L88kpnA8KhaiCpPD5kqc7pu - RgLFiQTM1UzdY57c6w1fhi1PPqxasK2c4baNaNtGf8MlTEim188sZavuD36OR1lBM1C+0VCtEYaC - XNQ9dZNtuOdY1C1HDbxbg4UZGDIx0HyQlJnK72YbbsNhODRpL6galSw5Znxpr+JDKM3NzJO2Z7aT - td27k3DBR3gx01kOZ0CVw4FsvrzT4/O3RyfT46OD0cl4NB2dnX04wzRwgBTmjQcmCyCnyJpcE+OX - MEUEz9cEJ5LlxijRgvzNJCWnEgqcWlIpRGjPzujDLF6iweArC4L+y+vYcxcGtghrvBmpb8YYq50x - TvOHh5p3RVNei+oco2uZANuXcbg7XZVmZn8Ax+6l8EyEOeW72+rby/3nQLdB1WuaLPEh1SKrNe58 - HTRPml8KuH0X+e3zJGovVw4G0YnIhTxx0czyCrqZRI7YPA4EORSu2aIo8anHddOFp/r3bXGu+OZv - Z8J0DjsxufxEyzAmB0IsGZALppGjNBnby4O8yWn21eSKqeYioflCKB0Pg2HgzxlPkQb9/nDvszV4 - aEuBUV4LYkAS75D/1bSKY0CYIWWgAg43sbKDixEuz/mSi3oT88HHR9KdUynSCl8vI57hJBVYF3+C - ZcBzlzYJNEzeibqrxZZEysZA9Jn45LIGWOLYwZ21LVqbA37fKn7aPyXjhPIt581zyQ/DyNXqtaQ8 - WfgTmmGcJ9hNJ61Ynh4d3hcdiKJgmiAjLe6Lx2uloVCYdFoKhlDARuLP7tmqG2wWlHHFNPQQMfFg - 0N+2t03up+h1JqhMm/7eYWknvuL7JHGQwdjIDIATBZrUDX400pl7gJA5YqhD6gVLFqQAyhVuUnei - sYBVQwuEJgnSIaTkhlFSIcITuS6RT/AY5+Du0Z4J5QyRhkyZQNwirK7rnqipKntCZj7iC1a9clFa - JCDUpnMhp86ZmlKNt/KswoZMf/twsT8+7Y7fd/EG/N2YPj87dkafKsZ7wCTTmLwdTa44kjZOqAYZ - E1HeJFd8dMPMXYHBjUF33Vy1e9938B8AAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFVbo - N8VWGzO/YdnpRpb/vuckWU3cOC1llHwIhKBYJ91ZunvuucuLFURpHHUpUHN7FHRvSxLLGN9CnVGX - iqdy0jG+IVPfy3qT/OJmwTMKaIuZ681RjsIOOAQZEy+5FWe4kVSusfKSkh3DrKBcgzz3i2fn5B+Z - BddXnMliyQP7Q45mFUw6SS1wsRY8Z8NPUHJmPHGsy0yQ5xk/2/BE0kWOCv3aPtEYSPuJGl66007p - ee++pgULK3rP77kVyx8WAISOS0XJdcULQbm65ApYuBLWgWtcV9BjoJw98oY4tNn1J9sb6APdRFIJ - Bw1SorrPS7oygNspw41nZ9bp2V/cclLl7wEtTzmi18URvWHXRNBMUGapSmRGSXeJwLZEXSPanuhi - Xq5hXvJOJM/cLWgqgi2i0k5wCGYWLgiGdzJAd2rU1WnKKIX3nst3dIZEyPPylfmeiNkFwIyKBpRS - wR0bDiJvPhm6wRw2jcdTz/dl78QIQcMeMU4XPIsi6EDO7z3aYOvi7qPBPtp0b4WtQsEBuZBiEnnU - sB94vjfknssHfjQdhYMwGHvhJIgil43uPD65iD7IXU4GsxP/Cz5qnZ2yTKdC21aPhFML+wEnYvsO - RYFT1PMkDunI7IIxQSeG9Qi5KgZ7xvDzlT1yiozsb5fuh29xuwFw+Ba3mwiHbjGgJ1JVs2bImxB5 - pbtfFE+E2qoyV/B1C+CF+GVd5gXv3wJxwsVj4FHTCrMmkkmPbr9pcl1qxD1Cwdtf+hEK3sLiIxR0 - QkGbTIBK9VZrWtNQEth+r0JxRY1wPXahMK9YgtGOXbp6c25Xb841vbn2hKFwPFvGZZ4pHqRL/1r/ - +aJ+vsTSZV79txaq2svsCUWoE3/msj1k+p4obqXFq2aoUffV+uXfVP1m3/Neyn7/4KJOaOONd5WN - nbKaVeq9qbtMzR96c/N8e7G/tVovkNau1+t/AAAA//8DAAPUEHLDGwAA - headers: - ATL-TraceId: - - 45dfb24ece8c847a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d3bacfa2-7acd-4901-ba01-302ab8c20667 - x-envoy-upstream-service-time: - - '149' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNm23uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvW7369TF - ici3BGWQwXtGBpyNO05oQ3ucMR64M24dYqhbRzP8RohMgUJczHsVEsiBsxx4zsuWMckruRUUAG4g - wjHvcYm97Thd2W0OrOUgRSGhpkKUf2w/PVrtIijKoqg00xpR7OpaK5E0KlbxstjxKHjR12X9ryCY - 1PA0Loqkd7RaTXh2vUr2iZjLRNB+HBpyPv8AAAD//wMAww0SkFoBAAA= - headers: - ATL-TraceId: - - 0a29fef583d557ec - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 99892600-2f90-4b49-8fc9-c0c637044297 - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d71f7fe24cec7404 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5a44be4b-8e9b-4a83-a6f6-40f46baf004d - x-envoy-upstream-service-time: - - '72' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - e359c64f9d6e847d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a019f09b-78d1-4194-b032-d898f59c0702 - x-envoy-upstream-service-time: - - '92' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/388]\n\n*Defect Dojo link:* http://localhost:8080/finding/388\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/112]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 388\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10613","key":"NTEST-461","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10613"}' - headers: - ATL-TraceId: - - 87a8b32760854780 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 30d5b1e4-f52e-4fb3-a437-510b3f7bdad2 - x-envoy-upstream-service-time: - - '465' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-461 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlAbPMDc0pD3uKGWSADOFTkaxN44aW/JIcpwc5b/f - yrIJhYZrafiAtdK+P/tItw6sc8pjJ3Qk8BgkxO8YpLFqcZqBaqloARltiRwk1Uxw1YKY6Qw0bUUL - yhNIRdJagVS4B/EIcgkKuLZnnZbDjGXf2/e7uFCQznG50DpXoevGMIdIx+KL6FCdUqUY5R0O2kUb - 2qU5cwOXKVWA2xhYwgb1zybD8aTd2/dRMq+CdcJbR6HTQkVUQyLkxgYX4woVAi/w21637fmTwAt7 - r0Pf63T91394vueZGI0PvcmhMvPCGI0+xul5wTZru4hBRZLlpiIoPSIqo2naIjFTmvFIk5xBBETM - SSnksmO0I8EvZPojUSiICgnuikFJV1RT+adi/8Jhhk0qsldWdBIf+l7X79fLCQZ6uE255ZhGo68J - VUvTo2KmzVc4p6mCltPYcMLKyF3L0QyBkWOTnZAXmImTS/EFw3th9WrtqnZVN5ramcWDhm8jveBM - azRg8FVrm6T+qc4qMdcllSYxxbI8ZYiQ+FE2WNwKMr3+utf/kXDrMtfO6krnzBQWfw/r3PPeoOeg - tw56LzZctbBCyStV/3/Gl7+/9vd/zde6cVZ/POOtG6y7wa95q8Gpmo+d3u7uzHyvLy27YMeuP2MH - k0RCgnP9BIaIKZEWdsysJCqUFllFEVP0ELzZtdF/asNSh5WawazozwnbfsvBNPUlTpzBVX2AauRJ - S0M/PwGW4+5ZzbXWpIF39TkQhcnSN0x1ZQSMJ06oZQF3NXkZY5JFNvfbJzITGB5VC1Gk8TFTeUo3 - 9UigOJKAuZqpe8KT3kHn4CBoePJx1bxd5fR3bQS7NrpbLmFCMr15YSkbdbf3czzKMpqAco2Gaoww - FKSi7KhVsuWeU1E2HNVz7gwWZmDIxEDzUVJmKr+brb8Lh37fpL2gapiz6JTxZXUVH0NubmYeNT2r - OllWe/cSLvgQL2Y6S2EEVFkcyPrLOT+9eH9yNj09GQzPxsPpcDT6OMI0cIAU5o0HJgsg58iaXBPj - lzBFBE83BCeSpcYo0YL8zSQl5xIynFpSKERop5rRx1kcoEHvK/O87oEMnUcji5VNGKcp9gyLvp0x - s/dYVr8r6vJWqE4xuoYJsH0Jh/vTRW5m9gdwbF8KL0SYVb6/rb693H8OdFtUvaXREh9SDbIa49bX - oH7S/FLAzbvIbZ4nQXO5cjCIjkQq5JmNZpYW0E4kcsT2cSDIsbDNFlmOTz2u6y4819Nvi3PDt397 - E6ZT2AvJ9SeaByEZCLFkQK6YRo7SZFxdHuRdSpOvJldMNRURTRdC6bDv9T13zniMNOh2+/3PlcHj - qhQY5RdBDEjCPfK/mpXiGBBmSBmogMNNKtngaojLC77kotzGPLh8It07lyIu8PUy5AlOUoZ1cSdY - Bjx3XSWBhslfomxrsSORvDYQfCYuuS4Bljh2cG9th9b2gNutFD8dnZNxRPmO8+a55Pp+YGv1VlIe - LdwJTTDOM+ymlRYsjU+OH4oGIsuYJshIi4fi8UZpyBQmHeeCIRSwkfir9qqqG2xmlHHFNHQQMWGv - 1921t0vuxuh1JqiM6/7eY2kvvOFHJLKQwdjIDIATBZqUNX400pl9gJA5YqhFygWLFiQDyhVuUnui - toBVQwuERhHSIcRkxSgpEOGR3OTIJ3iMc7D3aMeEMkKkIVNGEDYIK8uyI0qq8o6QiYv4gnUnX+QV - EhBq07mQU+tMTanGW3lWYEOmv328Ohqft8cf2ngD/m5MX4xOrdHnivEBMMk4JO+HkxuOpI0TqkGG - ROSr6IYPV8zcFRjcGHTbzlWz930H/wEAAP//7Flta9swEP4rJlBoR+34Jc7LYHRh62AfNsoKG/Sb - YquNmd+w7HQjy3/fc5Kium6clTJKPgRCUCzp7izdPffc5dkK4iyJ+xSouT0K+sXSilWCb6HOqE/F - 03XSMb4gU9/JepP84seS5xTQFjPXW6AchR1wCDImWXEryXEjmdxjFRUlO4ZZQbkGee4nz8/JP3IL - rq84k8XSe/abHM0qmXSSRuBiLXhOy09QcuY8dazLXJDnGT9reSLpIkeFfm2f2BpI8kQDL91pp/S8 - N5+zkkU1vefXwkrkDwsAQselouS65qWgXF1xBSxcLdaBa1xX0GOgnD32Rji0+fUH2wv0gbaRVMLB - FilR3RcVXRnA7ZThxvMz6/TsD245rYu3gJanHNHr44jeqJ346woJULJa4qndpWGPDLd3wjAvefSS - Tu5e2MfEXFMRIF5ZtCSk3VF/dBNeV8rM2NFkGaMUPvhXvqMzJEJeVC/M90TMLgBmVDSglApv2SiI - vcV05IYL2DSZzDzfHxO9MIugYc8yThc8j2PoQM4fPNhg6+LuvcE+Erq3wlah4IBcyGUSedRwGHq+ - N+KeywM/no2jIAonXjQN49hl41uPTy/id1LKSTA/8T/ho/bZGct1KrRt9Ug4jbDvcSK271AUOGWz - SJOIjswuGRN0YtiPkKsTsGcMP17ZY6fMyf5u6X74FncbAIdvcbeJcOgWA5NiVTVrhtyGyCvd/aJ4 - ItRWlbnCtRsAL5ZfNlVR8uENoChaPgQeNa0wayKZ9Oj2mybXlUbcIxS8/qUfoeA1LD5CQS8UdMkE - qNRgvaE9WwoC2+9UKK6pEa7HLhQWNUsx2iGlrzfn9vXmXNOb604YCsfzVVIVuSJJuvRv9J8v6udz - LF0V9X9roSpZRiYUoU78Xsj2kOl7oriVFq+3Q426L9Yv/6YabuWeDzL26xsXTUqCW+8qGztVPa/V - e1N3mZo/9Obm+ePN/qPdeoO0drPZ/AUAAP//AwBXcvXKwxsAAA== - headers: - ATL-TraceId: - - ef3140568373ad21 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ad5e7ccc-527c-4a1f-849f-d6b13abb15f5 - x-envoy-upstream-service-time: - - '147' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10613 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlAbPdG4opD3uKGVIKDOFTkaxN44aW/JIMk6O8t9v - JdmEQsO1NHzAWmnfn32kGw9WJeWpF3sSeAoS0rcM8lR1OC1AdVSygIJ2RAmSaia46kDKdAGadpIF - 5RnkIutcg1S4B+kZlBIUcO3Oeh2PGcthsBv2caEgn+NyoXWpYt9PYQ6JTsUX0aM6p0oxynsctI82 - tE9L5kc+U6oCvzWwhDXqn0xG40l3sBuiZG6D9eIbT6HTSiVUQybk2gWX4goVoiAKu0G/G4STKIgH - L+Mw6PXDl38EYRCYGI0PvS7BmnlmjEYf4wyCaJO1W6SgEslKUxGU7hNV0DzvkJQpzXiiSckgASLm - pBZy2TPaieDnMv+RKBQklQT/mkFNr6mm8k/F/oXXBTapKl440VH6Ogz64bBZTjDQ15uUO55pNPqa - ULU0Papm2nzFc5or6HitDS+2Rm47nmYIjBKb7MW8wky8UoovGN4zq9do29rZbrS1M4t7Dd9Ees6Z - 1mjA4KvRNkn9Y88qMdc1lSYxxYoyZ4iQ9EE2WFwLmcFwNRj+SLhNmRtnTaVLZgqLv/t1HgSv0HM0 - WEWDZxu2LbQoeaGa/0/4CndX4e6v+Vq1zpqPJ7z1o1U/+jVvDThV+7HV2+2tme/VR8cu2LHLz9jB - LJOQ4Vw/giFiSuSVGzMnSSqlRWEpYooeolfbNoaPbTjqcFIzmJb+vLgbNnxhECxZ4tzdPJIZfGH4 - aiGqPD1kqszpukEhimuqkVcdbf38xDhOvGNB31mTZhzs54GoTFVspBdGwHjmxVpWxjXa1B+RLsxQ - NMWQgLmaqXvEk8Feb28vannyYdWCbeUMt21EG8pgQjK9fmYFWnV/8HN0yQqagfKNhmqNMBTkou6p - 62xDMceibqlo4N0+TqTfJpLTGRgyMdB8cMhM5XfLEG7DYTg09VhQNSpZcsz40l7Fh1Cam5knLYAs - rGq7dyfhgo/wYqazHM6AKgdK2Xx5p8fn745OpsdHB6OT8Wg6Ojv7cIb54QApLAgemCyAnCJrck2M - X8IUETxfE5xIlhujRAvyN5OUnEoocGpJpRBxPTujD7PYQ4PBVxYE/T0Zew9GFkueMU5zbCZ2YzNj - Zu+hrHlXNOW1sM8xupYJsK8Zh7vTVWlm9gdw7F4Kz4SeU767rb693H8OjRu4vaHJEh9SLeRa487X - QfOk+aWA23eR3z5PovZy5WCgnohcyBMXzSyvoJtJJKzN40CQQ+GaLYoSn3pcN114qqffFueKb/52 - JkznsBOTy0+0jGJyIMSSAblgGglTk7G9PMjbnGZfTa6Yai4Smi+E0vEwGAb+nPEUac3vD4efrcFD - WwqM8osgBiTxDvlfTas4BoQZcgkq4NQTKzu4GOHynC+5qDcxH3x8JN05lSKt8PUy4hlOUoF18SdY - Bjx3aZNAw+QvUXe12JJI2RiIPhOfXNYASxw7uLO2RWtzwO9bxU/7p2ScUL7lvHku+WEYuVq9kZQn - C39CM4zzBLvppBXL06PD+6IDURRME2SkxX3xeK00FAqTTkvBEArYSPzZPVt1g82CMq6Yhh4iJh4M - +tv2tsn9FL3OBJVp0987LO3EV3yfJA4yGBuZAXCiQJO6wY9GOnMPEDJHDHVIvWDJghRAucJN6k40 - FrBqaIHQJEE6hJRcM0oqRHgi1yXyCR7jHNyl3jOhnCHSkCkTiFuE1XXdEzVVZU/IzEd8wapXLkqL - BITadC7k1DlTU6rxiTCrsCHT3z5c7I9Pu+P3XbxRfjemz8+OndGnivEeMMk0Ju9GkyuOpI0TqkHG - RJTXyRUfXTNzV2BwY9BdN1ft3vcd/AcAAP//7Flta9swEP4rJlBoR+3YTpyXwejC1sE+bJQVNug3 - xVYbM79h2elGlv++5yRFdZw4K2WUfAiEoETnu4t099xzl2cbiNI46jKg9g4Y6FZLEssY70KdUZeJ - XTkZGF9Qwh9kv0lx8WPBM0poi5nrzdGOwg8EBDkTL7kVZ7iRVD5j5SUVO4ZdQbUGde4nzy4pPjIL - oa8InMWSR/abAs0qmAySWuBiLUROI07QcmY8cazrTFDkmThrRCLZokCFfe2f2DhI+kSNKN3rp4y8 - N5/TgoUV/c6vuRXLDxYAhI5LZcltxQtBtbrkCli4EtaJa0JX0NdAOXvkDXFos9sPtjfQB9pEUgkH - G6REd5+XdGUAt3OGG88urPOLP7jlpMrfAlp2OaLXxRG9YddG0GQEVYnKKOkrsemWqGtE2xtdzMs1 - zEveiSSg+wVNR7BFXtoFDsnMwgXB8F4G6E6NuTpNGZXw3r/qHZ0hEfK8fGG9J2J2BTCjJgCtVHDP - hoPIm0+GbjCHT+Px1PP9EdELIwQLB8Q4XfAsimADNb/35IOtm7v3BvtI6cEOW6WCA3IhxSTyqGU/ - 8HxvyD2XD/xoOgoHYTD2wkkQRS4b3Xt8chW9k1rOBrMz/xNe6jk7ZZkuhbatvhJOLexHnIjtO5QF - TlHPkzikI7MLxgSdGJ5HylUx2DOWH2/skVNk5H+7dT9+j9sDgOP3uD1EOHaPAT2RauE1Q25C5I2e - flE+EWqrTlvB1x2AF+LXdZkXvH8HxAkXT4lHQyvsmkwmO3r8psl1qRH3BAWvf+knKHgNj09Q0AkF - hnnAxQeVcSuad+u1C715xRKs9lAj8K7eat3b3eiazblmNtfeMLOu9oahcDxbxmWeKR6kW/9a//mi - Pj7rJ6DZlBpWm6VGwRcgX+Nvo/5G72UvZb++cVEnpLhhWw5aympWKT+WefXfRrNKl9EJU+hXv+dy - TGWGwXkphz9k0fix7ay/5a1+QJ7Oer3+CwAA//8DAGcUUHbDGwAA - headers: - ATL-TraceId: - - c93500b816695eaf - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d2e190ef-7877-4004-b113-6c80c5f17830 - x-envoy-upstream-service-time: - - '177' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmnS3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFBD8Yt6rkEAGjObAcla1lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DyYWkiS3/2H56tNpFkFdCbDXVGpHv6lornjQqumWV2LEomOjrqv5XEExq - eBoXRdI7Wq0mPLteJftEzGUiaD8ODTmffwAAAP//AwDx1msmWgEAAA== - headers: - ATL-TraceId: - - 0d456eb251566fc2 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ea7a622b-51e7-40e1-9558-15d24ee18935 - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 725f823c9025c5c5 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 491ace8d-200d-4010-bb37-b848b2753afe - x-envoy-upstream-service-time: - - '56' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNmm3uYkeVGQV2j2JSNpOsJImpU2FZdn/boKL623em+/N - Y06k1QseZksU+QxhWtRm06PBLvT+y1MdrF6WQTvqMJCMfOO8DN5FmAEwChTyen/7Wj+8NNftfh3b - OBH1lqAMMnjPSI+T9ccRXWiOE8YDd9avfQy162D73whRKSDFxbzXIYEcOMuB57xoGFO8VFtBAeAG - IhzzC86xtxnGK7vNgTUclJCKCcol/2O78dEZH0FRSFkaZgyi2FWV0SJp1KzkhdzxKLjsqqL6VxBs - angaZk3SO0avNjz7Tif7ROxlIug+DjU5n38AAAD//wMAFMQTploBAAA= - headers: - ATL-TraceId: - - 747af66ce977810f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 51f1ef3e-b3cb-43f0-9a6b-98847f87f094 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 35d7bc0eadf50b8f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 08544f6e-eb40-4807-9ef7-28d09c53c638 - x-envoy-upstream-service-time: - - '99' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d21efaa95a4d9866 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d0c169a4-0ec1-4a6f-a5a0-cab6dd200c51 - x-envoy-upstream-service-time: - - '60' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-460 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySHKSe6dxQSHvcUcqQUGYKnYxibxwRW/JIMk6u5b/f - SrIJhQtXaPiAtdK+P/tIXz1YlZSnXuxJ4ClISN8xyFPV4bQA1VHJAgraESVIqpngqgMp0wVo2kkW - lGeQi6xzA1LhHqRnUEpQwLU763U8ZiyHwW4Y4UJBPsflQutSxb6fwhwSnYpr0aM6p0oxynsctI82 - tE9L5udUm0+mVAV+a2UJazRyMhmNJ93BboCSuY3Yi796Cj1XKkG1TMi1izDFFSpEQRR2g343CCdR - EA9+j4NhL4qGvwVhYGxYH3pdgjXz3EAjF6PRxziDwMTZpO4WKahEstKUBaX7RBU0zzskZUoznmhS - MkiAiDmphVz2jHYi+LnMfyQKBUklwb9hUNMbqqn8Q7F/4E2BnaqKV050lL4Jg344bJYTDPTNJuWO - Z7qNviZULU2jqpk2X/Gc5go6XmvDi62R246nGaKjxE57Ma8wE6+U4hrDe2H1Gm1bO9uNtnZmca/h - m0jPOdMGHAZkjbZJ6m97Vom5rqk0iSlWlDlDhKQPssHiWsgMhqvB8EfCbcrcOGsqXTJTWPzdr/Mg - 2EPP0WAVDV5s2LbQouSVav4/4SvcXYW7P+dr1TprPp7w1o9W/ejnvDXgVO3HVm+3t2a+V58cxWDH - Lr9gB7NMQoZz/QiGiCmRV27MnCSplBaFpYgpeoj2tm0MH9tw1OGkZjAtB3pxN2z4wiBYssS5+/pI - ZvCF4auFqPL0kKkyp+sGhSiuqUZydbT1/IlxnHjHgr6zJs042M8DUZmq2EgvjIDxzIu1rIxrtKk/ - IV2YoWiKIQFzNVP3mCf3esPXYcuTD6sWbCtnuG0j2lAGE5Lp9Qsr0Kr7g+fRJStoBso3Gqo1wlCQ - i7qnbrINxRyLuqWigXf7OJF+m0hOZ2DIxEDzwSEzlf9ZhnAbDsOhqceCqlHJkmPGl/Y+PoTSXM88 - aQFkYVXbvTsJF3yEtzOd5XAGVDlQyubLOz0+f390Mj0+OhidjEfT0dnZxzPMDwdIYUHwwGQB5BRZ - k2ti/BKmiOD5muBEstwYJVqQv5ik5FRCgVNLKoWI69kZfZjFazQYfGNB0H99HXvuwsDeYfE3I/Xd - GGMbMsZp/vBQ87hoymthn2N0LRNgXzMOd6er0szsD+DYvRReCD2nfHdbfX+5Pw+NG7i9pckSX1Mt - 5FrjztdB86T5qYDbd5HfPk+i9nLlYKCeiFzIExfNLK+gm0kkrM3jQJBD4ZotihLfe1w3XXiqf98X - 54pv/nYmTOewE5PLz7QMY3IgxJIBuWAaCVOTsb08yLucZt9MrphqLhKaL4TS8TAYBv6c8RRpze8P - 975Yg4e2FBjltSAGJPEO+V9NqzgGhBlyCSrg1BMrO7gY4fKcL7moNzEffHok3TmVIq3w9TLiGU5S - gXXxJ1gGPHdpk0DD5E9Rd7XYkkjZGIi+EJ9c1gBLHDu4s7ZFa3PA71vFz/unZJxQvuW8fUuHYeRq - 9VZSniz8Cc0wzhPsppNWLE+PDu+LDkRRME2QkRb3xeO10lAoTDotBUMoYCPxZ/ds1Q02C8q4Yhp6 - iJh4MOhv29sm91P0OhNUpk1/77C0E1/xfZI4yGBsZAbAiQJN6gY/GunMPUDIHDHUIfWCJQtSAOUK - N6k70VjAqqEFQpME6RBScsMoqRDhiVyXyCd4jHNwl3rPhHKGSEOmTCBuEVbXdU/UVJU9ITMf8QWr - XrkoLRIQatO5kFPnTE2pxifCrMKGTH/5eLE/Pu2OP3TxRvnVmD4/O3ZGnyrGB8Ak05i8H02uOJI2 - TqgGGRNR3iRXfHTDzF2BwY1Bd91ctXv3HfwLAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyU - FTboN8VWGzO/YdnpRpf/3uckWXXdOBthlHwIhKBY0t1ZunvuucseCqI0jvoUqLkdCvrF0op1jG+h - zqhPxct10jG+IIXfyaKT/OLHimcU0BYz15ujJoUdcAgyJl5zK85wI6ncY+UlJTuGWUG5BnnuJ8/O - yT8yC66vCJzFknv2mxzNKph0klrgYi14TstPUHJmPHGsy0yQ5xk/a3ki6SJHhX5tn2gMJHmihpdu - tVN63pvPacHCit7za27F8ocFAKHjUlFyXfFCUK4uuQIWrhbrwDWuK+gxUM6eeGMc2uL6g+2N9IG2 - kVTCQYOUKPHzkq4M4HbKcOPZmXV69ge3nFT5W0DLS47o9XFEb9xMUAKpSiRAyVKJNHeXBj0y3N6J - PublGuYl70QS0O0LTUXQnZgbBlNVLFwRBG8pTLqZUNRpyiiFD/6W7+gMiZDn5Z75nojZBcCMigCU - UsEtG48ibzkbu8ESLzCdzj3fl70TswgadizjdMGLKIIO5PzBkw22Lu7eG+wjoTsrbBUKDsiFXCaR - Rw2Hged7Y+65fORH80k4CoOpF86CKHLZ5Nbjs4vonZRyMlqc+J/wUfvslGU6Fdq2eiScWtj3OBHb - dygKnKJeJnFIR2YXjAk6MexHyFUx2DOGH6/siVNkZH+3dD98i7sNgMO3uNtEOHSLgUmRKuE1Q25D - 5JXuflE8EWqrSlvh2g2AF8sv6zIv+PAGiBOungKPmlaYNZFMenT7TZPrUiPuEQpe/9KPUPAaFh+h - oBcKuswDVGrwsKE9DdOA7XcqFB+oEa7HLhTmFUsw2iKlrzfnmt5cd8L0uroThsLxbB2Xeaa4kC79 - a/3ni/r5T5ai2JQSHpqhRsE9kK/1t9GwkXs+SNmvb1zUCQlu6ZaNlrJaVMqOdV79t9askmVkQhXq - 1e+5bFOZZnBeyuYPaTR2PDfWf2at3iBPZ7PZPAIAAP//AwC9a8l0yBsAAA== - headers: - ATL-TraceId: - - ab4b398b1151fafc - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b149f686-a2a1-4e16-b710-46db3518daec - x-envoy-upstream-service-time: - - '205' - status: - code: 200 - message: OK -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml deleted file mode 100644 index 54e8cccf48a..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml +++ /dev/null @@ -1,2205 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJtmm3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623mzffe - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvV7369TF - ici3BGWQwXtGBpyNO05oQ3ucMQbcGbcO0dStoxl+LUQmgygu4r0KCeTAWQ4852XLmOSV3BYUAG4g - wtHvcYm97Thd2W0OrOUgCyGZoDHxj+2nR6tdBItSiEozrRGLXV1rVaQdFat4KXY8Llz0dVn/Kwgm - NTyNiyLpHa1WE55dr5J8IuYyEbQfh4aczz8AAAD//wMAQrbvqFoBAAA= - headers: - ATL-TraceId: - - e80a1c9833a375d6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 05c392d6-dd20-436d-ab1a-8ec981dadc6a - x-envoy-upstream-service-time: - - '27' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b977a2c3b5dc5490 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a086c4f6-5ec5-4c92-b487-a67006336964 - x-envoy-upstream-service-time: - - '69' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "weekly engagement", - "description": "weekly engagement", "issuetype": {"name": "Epic"}, "customfield_10011": - "weekly engagement"}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '182' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10614","key":"NTEST-462","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10614"}' - headers: - ATL-TraceId: - - 096b76ed5b7c162a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 186379d1-aa04-4ece-9bae-acd4e9a31157 - x-envoy-upstream-service-time: - - '354' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-462 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4KA9susV7/EMVBkWZIO7bo0SNLuwzAEtHiWWVOkQFK13a7/fUdS - shcnDlIHCBDx5V5499xz5+8hrGoiaDgJFQgKCuhbBpzqniAV6J4u5lCRnqxBEcOk0D2gzFRgSK+Y - E1ECl2XvKyiNZ0CvoVagQRh/N+yFzGrO0lE2wIUGPsPl3JhaT5KEwgwKQ+UXGRPDidaMiFiASVCH - SUjNkjxhWjeQdAoWsEb5y9uLm9toMMpxZ+acDSffQ41GG10QA6VUa+8cxRUK5GmeRWk/SrPbPJ0M - hpNsGA/z/Jc0S1Pro7Vh1jU4NQf6aOXRz9Rr9K/2Cwq6UKy2EcHd02DKyqDRoAJt0NHAzIkJBADV - gZHBFIKpkgsQAZVLEQdnCvANNJiug/dMkeBGzsySKAgivBAIaQKbj0CqgAIHA7G1XkjxSfHnvIJV - pASdWAm9fYdOoGZFrL+WqM3iAFVd4I5NYTM1RC/CyYxwDT96oWEIkxpTHk5Ew3kvrJX8gsYOjGUr - /Xgk/5f+rWOfBDMGFVi0tdK3+IY/3F3dhst6zqqaM8QLbZ3vheQrMURhqByABuPVYPwcdzUUjYLO - Va/kpGb0jfPztd94Z5eD9Agt54NVPjhYsWbf4I2uCOevdfv/CVvZaJWNXmZr1RlrP56w1s9X/fxl - 1irEb1OhtfZjr7UfP2y1rz57rsGM/f0PZrAsFZRYIQ9giJiSvPFF53eKBguucoRxhxbyo30H44c6 - PJH43aVUC0eG4STKWvawCFas8Oa+P9iz+EL39Vw2nJ4zXXOy3pYQBsp8ZrC0yGxNEIO862nt52vI - c+aGJROvTdkCcZ9nsrFxcr7/ZTeYKMOJUY11pvCEs4c18/GwY83dqKX7wpntO8i3lMGkYmZ94Hs7 - 8aT/AvJrlTDc8Ei8T39/ur2OkPqhjdTOc/r73jnqDjiZguUai9ydS7ZoH5XO9sE0G9twzYm2zPyB - iYXr2+dQ2zYuig5fDnVLd7bZEVJcYNcgUw7XQLTHrGq/wqsPn35/d3n34d3ZxeXNxd3F9fXHa3w4 - 1pfGeOGF2zkEV0iqwgTWbsB0IAVfB1iwjFultpG5bnWloMKwuXanY1fCu684RoXpvyxN+8ffJqHv - J5hazM224u5VOWapZILw3UvtENKG19UAR+86osC0l9hlu9tNbUv6GTD3Y8WByPTCm2Z2fxL4ObBu - ofgbKRY4dXVY7JR7W2ft/PMih7shKrETljWSd71XwNKWvuRSXXpvpryBqFTIZxsHb2VwLn2yZVXj - XChMm4Wn8nc/OEuABUIKRImYqyyvP4TOPsbJsmcqyA+Mktfjauqjc9hmGCsYQUgwHJsQbDOEh49g - HxkjLOeryPFCNH7Ew0H3RBs5ozDzjqttM9m9OtwTjXTvwT7KSTeU49q2I+bHL2465b0K3c3srtTx - RsoYUsxdchw8dFNVxGL38ezZziTVgTmzFHRCisL2PpwphjMy6NNsOh6kwyk6dXR0nOX5yBbS5hJa - eOIa/ixi/JRStIHoDrc+RO2U86tcEl3HUtlSfXrU9ONRjGXkrsVYN4n/TIZZng0gS6Gf0+NR0S+G - R1kxHlKaktEsg/EJfeO0vOqfvsrf4p+Xiyoi2tBFkd/ScaOjJUYkymN0kcZ1M+U45v8HAAD//+xY - sQ6CMBD9F3e0cXA3wd04OLARbRRjKCmFmBD+3Xe9UqWRxBijDGxFuOsreO/eO7yyqEjTkt4Y4jPo - 6Qx9Ast4G63mRU74Qw07fsShEh4/4lBNjx0xSOjIWtb1gtjWAJjvotD62QZSPZmsliwwmcgS9AQ8 - vqm0gmlOQDGH86PwyL3hrq9k2sfZTtdGtCyUNnKigj989IkKfoF4ooJBKgjVBFTgrGkpptMgwH7i - UmxoIuTWAhsqk0JsixdZhkyq8CY1vDFk94TXbDKvM61y1jdO5FZuJsmX7yCtlfnaJIBz+ZzYCP5x - r6wR6qYR+Gsx4qZbOtb9eH87vV10eeEk09tOltWVEj+d1VoYbdaGz01jFrI5dHL/ez942Yt2ARZt - 27Z3AAAA//8DAMhKk9XaFgAA - headers: - ATL-TraceId: - - ec7ebebc23d97d3d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 44a5d12c-f5bb-4e6f-9858-8aebd7d72bb2 - x-envoy-upstream-service-time: - - '176' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNum2uYkeVGQV2j2JSNpOsJImpU2FZdn/boKL623em+/N - Y06k1QseZksU+QxhWtRm06PBLvT+y1MdrF6WQTvqMJCMfOO8DN5FmAEwChTyen/7Wj+8NNftfh3b - OBH1lqAMMnjPSI+T9ccRXWiOE8YDd9avfQy162D73whRKSDFxbzXIYEcOMuB57xoGFN8p7aCAsAN - RDjmF5xjbzOMV3abA2s4KCEVK2hZln9sNz464yMoCil3hhmDKMqqMlokjZrteCFLHgWXXVVU/wqC - TQ1Pw6xJesfo1YZn3+lkn4i9TATdx6Em5/MPAAAA//8DAInjG9BaAQAA - headers: - ATL-TraceId: - - 824f98e427df1e63 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 82f8894f-2b9f-43ee-a2c3-51a23c2056db - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0bd53e3bf6129e39 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 280a3ef0-a06b-46e9-8c53-8ca8d92671c0 - x-envoy-upstream-service-time: - - '68' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - b3f3e3addc8bd5b7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b4bd784e-2ee2-436e-a2a1-ed0fecdb1587 - x-envoy-upstream-service-time: - - '76' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/389]\n\n*Defect Dojo link:* http://localhost:8080/finding/389\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/113]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 389\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10615","key":"NTEST-463","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10615"}' - headers: - ATL-TraceId: - - 03b530f8b6b59f13 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b4702b40-daf0-42e2-baaa-f07ceaf894f6 - x-envoy-upstream-service-time: - - '326' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-463 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWW2/bNhT+K4Qeii2zrYudxBVQDKnjdtnSNLCdBGhSGLR0LLOWSIGkLHtt/vsO - RSnOpc7a1HmIeMhz/85HfnVgnVMeO6EjgccgIX7HII1Vi9MMVEtFC8hoS+QgqWaCqxbETGegaSta - UJ5AKpLWCqTCPYhHkEtQwLU967QcZiz73oG/jwsF6RyXC61zFbpuDHOIdCy+iA7VKVWKUd7hoF20 - oV2aMzdwmVIFuI2BJWxQ/2wyHE/avYMuSuZVsE741VHotFAR1ZAIubHBxbhChcAL/LbXbXv+JPDC - 3n7oH3b2e6//8HzPMzEaH3qTQ2XmhTEafYzT84Jt1nYRg4oky01FUHpEVEbTtEVipjTjkSY5gwiI - mJNSyGXHaEeCX8j0R6JQEBUS3BWDkq6opvJPxf6FNxk2qcheWdFJ/Mb3un6/Xk4w0DfblFuOaTT6 - mlC1ND0qZtp8hXOaKmg5jQ0nrIzcthzNEBg5NtkJeYGZOLkUXzC8F1av1q5qV3WjqZ1Z3Gv4NtIL - zrRGAwZftbZJ6p/qrBJzXVJpElMsy1OGCIkfZYPFrSDT6697/R8Jty5z7ayudM5MYfF3v8497xA9 - B7110Hux4aqFFUpeqfr/M778g7V/8Gu+1o2z+uMZb91g3Q1+zVsNTtV87PR2e2vme31p2QU7dv0Z - O5gkEhKc6ycwREyJtLBjZiVRobTIKoqYoofgcNdG/6kNSx1Wagazoj8nbPu4pBpZ0ZLOz+PdMtod - h7nWmjRgrj4HojA5+YaXroyA8cQJtSzgtqYqY0yyyGb69YnMBIZH1UIUaXzMVJ7STT0AKMao9CXS - hRmKuhgSMFczdd/jyW7QbXjycdW8XeX0d20EW8pgQjK9eWENG3W393N0yTKagHKNhmqMMBSkouyo - VbKlmFNRNlTUc26fJtJtEknpDAyZGGg+OmSm8rtl8Hfh0O+beiyoGuYsOmV8WV3Fx5Cbm5lHTRer - 3pbV3p2ECz7Ei5nOUhgBVRYZsv5yzk8v3p+cTU9PBsOz8XA6HI0+jjA/HCCFBcEDkwWQc2RNronx - S5gigqcbghPJUmOUaEH+ZpKScwkZTi0pFGK2U83o4yxeo0HvG/O8Lj0MHXthYO+w+NuRejDG2IaE - cZo+PlS/K+ryVjhPMbqGCbCvCYe700VuZvYHcGxfCi+EnlW+u60eXu4/h8Yt3N7SaIkPqQZyjXHr - a1A/aX4p4OZd5DbPk6C5XDkYqEciFfLMRjNLC2gnEllj+zgQ5FjYZossx6ce13UXnuvfw+Lc8O3f - 3oTpFPZCcv2J5n5IBkIsGZArppG1NBlXlwd5l9Lkm8kVU01FRNOFUDrse33PnTMeIzG63f7rz5XB - 46oUGOUXQQxIwj3yv5qV4hgQZsglqIBTTyrZ4GqIywu+5KLcxjy4fCLdO5ciLvD1MuQJTlKGdXEn - WAY8d10lgYbJX6Jsa7Ejkbw2EHwmLrkuAZY4dnBnbYfW9oDbrRQ/HZ2TcUT5jvPmueT6ftfW6q2k - PFq4E5pgnGfYTSstWBqfHN8XDUSWMU2QkRb3xeON0pApTDrOBUMoYCPxV+1VVTfYzCjjimnoIGLC - Xq+7a2+X3I3R60xQGdf9vcPSXnjDj0hkIYOxkRkAJwo0KWv8aKQz+wAhc8RQi5QLFi1IBpQr3KT2 - RG0Bq4YWCI0ipEOIyYpRUiDCI7nJkU/wGOdgb9aOCWWESEOmjCBsEFaWZUeUVOUdIRMX8QXrTr7I - KyQg1KZzIafWmZpSjff0rMCGTH/7eHU0Pm+PP7TxRvndmL4YnVqjzxXjA2CScUjeDyc3HEkbJ1SD - DInIV9ENH66YuSswuDHotp2rZu/7Dv4DAAD//+xZbWvbMBD+KyZQaEft+CXOy2B0YetgHzbKChv0 - m2KrjZnfsOx0I8t/33OSrKZunJUySj4EQlAs6e4s3T333OXZCuIsifsUqLk9CvrF0opVgm+hzqhP - xdN10jG+IIXfyXqT/OLHkucU0BYz11ugHIUdcAgyJllxK8lxI5ncYxUVJTuGWUG5BnnuJ8/PyT9y - C66vWJTF0nv2mxzNKpl0kkbgYi14zpafoOTMeepYl7kgzzN+tuWJpIscFfq1faI1kOSJBl66007p - eW8+ZyWLanrPr4WVyB8WAISOS0XJdc1LQbm64gpYuFqsA9e4rqDHQDl77I1waPPrD7YX6APdRlIJ - By1SorovKroygNspw43nZ9bp2R/ccloXbwEtTzmi18cRvVHfRNhOUGapK2RGSYCJ0naWumZpd6KP - ebmGeck7kQR090JTESBeWbQkpN1Rf3QTXlfKzKhrsoxRCh/8K9/RGRIhL6oX5nsiZhcAMyojUEqF - t2wUxN5iOnLDBWyaTGae74+JXphF0LBnGacLnscxdCDnDx5ssHVx995gHwndW2GrUHBALuQyiTxq - OAw93xtxz+WBH8/GURCFEy+ahnHssvGtx6cX8Tsp5SSYn/if8FH77IzlOhXatnoknEbY9zgR23co - CpyyWaRJREdml4wJOjHsR8jVCdgzhh+v7LFT5mR/t3Q/fIu7DYDDt7jbRDh0iwE9saqjNUPehsgr - 3f2ieCLUVrW6gq8bAC+WXzZVUfLhDRAnWj4EHjWtMGsimfTo9psm15VG3CMUvP6lH6HgNSw+QkEv - FHTJBKjUYL2hPS0Fge13KhTX1AjXYxcKi5qlGO2Q0tebc01vrjthel3dCUPheL5KqiJXJEmX/o3+ - 80X9fI6lq6L+b01VJcvIhCLUid8L2R5qO6FwLWXxuh1q1H2xfvk31bCVez7I2K9vXDQpCd56V9nY - qep5rd6busvU/KE3N88fb/Yf7dYbpLWbzeYvAAAA//8DAEshkELDGwAA - headers: - ATL-TraceId: - - 8cc23f0ad8f92676 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - baf2fbae-2183-4f57-bdf0-f5ea1ea4fb1b - x-envoy-upstream-service-time: - - '161' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10615 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWW2/bNhT+K4Qeii2zrYudxBVQDKnjdtnSNLCdBGhSGLR0LLOWSIGkLHtt/vsO - RSnOpc7a1HmIeMhz/85HfnVgnVMeO6EjgccgIX7HII1Vi9MMVEtFC8hoS+QgqWaCqxbETGegaSta - UJ5AKpLWCqTCPYhHkEtQwLU967QcZiz73oG/jwsF6RyXC61zFbpuDHOIdCy+iA7VKVWKUd7hoF20 - oV2aMzdwmVIFuI2BJWxQ/2wyHE/avYMuSuZVsE741VHotFAR1ZAIubHBxbhChcAL/LbXbXv+JPDC - 3n7oH3b2e6//8HzPMzEaH3qTQ2XmhTEafYzT84Jt1nYRg4oky01FUHpEVEbTtEVipjTjkSY5gwiI - mJNSyGXHaEeCX8j0R6JQEBUS3BWDkq6opvJPxf6FNxk2qcheWdFJ/Mb3un6/Xk4w0DfblFuOaTT6 - mlC1ND0qZtp8hXOaKmg5jQ0nrIzcthzNEBg5NtkJeYGZOLkUXzC8F1av1q5qV3WjqZ1Z3Gv4NtIL - zrRGAwZftbZJ6p/qrBJzXVJpElMsy1OGCIkfZYPFrSDT6697/R8Jty5z7ayudM5MYfF3v8497xA9 - B7110Hux4aqFFUpeqfr/M778g7V/8Gu+1o2z+uMZb91g3Q1+zVsNTtV87PR2e2vme31p2QU7dv0Z - O5gkEhKc6ycwREyJtLBjZiVRobTIKoqYoofgcNdG/6kNSx1Wagazoj8nbPu4pBpZ0ZLOz+PdMtod - h7nWmjRgrj4HojA5+YaXroyA8cQJtSzgtqYqY0yyyGb69YnMBIZH1UIUaXzMVJ7STT0AKMao9CXS - hRmKuhgSMFczdd/jyW7QbXjycdW8XeX0d20EW8pgQjK9eWENG3W393N0yTKagHKNhmqMMBSkouyo - VbKlmFNRNlTUc26fJtJtEknpDAyZGGg+OmSm8rtl8Hfh0O+beiyoGuYsOmV8WV3Fx5Cbm5lHTRer - 3pbV3p2ECz7Ei5nOUhgBVRYZsv5yzk8v3p+cTU9PBsOz8XA6HI0+jjA/HCCFBcEDkwWQc2RNronx - S5gigqcbghPJUmOUaEH+ZpKScwkZTi0pFGK2U83o4yxeo0HvG/O8Lj0MHXthYO+w+NuRejDG2IaE - cZo+PlS/K+ryVjhPMbqGCbCvCYe700VuZvYHcGxfCi+EnlW+u60eXu4/h8Yt3N7SaIkPqQZyjXHr - a1A/aX4p4OZd5DbPk6C5XDkYqEciFfLMRjNLC2gnEllj+zgQ5FjYZossx6ce13UXnuvfw+Lc8O3f - 3oTpFPZCcv2J5n5IBkIsGZArppG1NBlXlwd5l9Lkm8kVU01FRNOFUDrse33PnTMeIzG63f7rz5XB - 46oUGOUXQQxIwj3yv5qV4hgQZsglqIBTTyrZ4GqIywu+5KLcxjy4fCLdO5ciLvD1MuQJTlKGdXEn - WAY8d10lgYbJX6Jsa7Ejkbw2EHwmLrkuAZY4dnBnbYfW9oDbrRQ/HZ2TcUT5jvPmueT6ftfW6q2k - PFq4E5pgnGfYTSstWBqfHN8XDUSWMU2QkRb3xeON0pApTDrOBUMoYCPxV+1VVTfYzCjjimnoIGLC - Xq+7a2+X3I3R60xQGdf9vcPSXnjDj0hkIYOxkRkAJwo0KWv8aKQz+wAhc8RQi5QLFi1IBpQr3KT2 - RG0Bq4YWCI0ipEOIyYpRUiDCI7nJkU/wGOdgb9aOCWWESEOmjCBsEFaWZUeUVOUdIRMX8QXrTr7I - KyQg1KZzIafWmZpSjff0rMCGTH/7eHU0Pm+PP7TxRvndmL4YnVqjzxXjA2CScUjeDyc3HEkbJ1SD - DInIV9ENH66YuSswuDHotp2rZu/7Dv4DAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFVbo - N8VWGzO/YdnpRpb/vuckWU2dOC1llHwIhOBY0t1JunvuucuLFURpHHUpUGN7FHSLpRnLGN9CnVGX - iu150jG+IYXfy3qT/OJmwTMKaIuZ681RjsIOOAQZEy+5FWe4kVSusfKSkh3DqKBcgzz3i2fn5B+Z - BddXLMpiyQP7Q45mFUw6SS1wsRY8Z8NPUHJmPHGsy0yQ5xk/2/BE0kWOCv3aPtEYSPJEDS/daaf0 - vHdf04KFFe3ze27F8ocFAKHjUlFyXfFCUK4uuQIWribrwDWuK+g1UM4eeUMc2uz6k+0N9IFuIqmE - gwYpUd3nJV0ZwO2U4cazM+v07C9uOany94CWbY7odXFEb9gMUAKpSiRAyXOJubanBh0y3M6BLubl - GuYl70QS0N0TTUWAeGXhgpB2J8lzpzsZTTsTijpNGaXw3nP5js6QCHlevjLfEzG7AJhRGYFSKrhj - w0HkzSdDN5jD4PF46vn+iOiFmQQNe6ZxuuBZFEEHcn7v0QZbF3cfDfaR0L0VtgoFB+RCTpPIox77 - ged7Q+65fOBH01E4CIOxF06CKHLZ6M7jk4vog5RyMpid+F/wUevslGU6Fdq2eiWcWtgPOBHbdygK - nKKeJ3FIR2YXjAk6MaxHyFUx2DMeP1/ZI6fIyP526X74FrcbAIdvcbuJcOgWA5MiVUdrhrwJkVe6 - +0XxRKitanWFa7cAXky/rMu84P1bIE64eAw8alph1EQy6dHtN02uS424Ryh4+0s/QsFbWHyEgk4o - MIQCJt6riFtRv1s/u5CbVyzB0zZncsG7eqt1b3ugqzfnmt5ce8D0utoDhsLxbBmXeaZIki79a/3n - i/r5ki0s8+q/NVWVLCMTilAn/sxle6jphMK1lMWr5lGj7qv1y7+p+o3c817Kfv/gok5I8MZeZWOn - rGaV2jd1l6n5Qzs3758u9p+s1guktev1+h8AAAD//wMAgLesoMMbAAA= - headers: - ATL-TraceId: - - 0b691838e80c52a0 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8c5adf3e-32d1-4037-80ff-cb6bccb90cf3 - x-envoy-upstream-service-time: - - '167' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10615"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/10614/add - response: - body: - string: '' - headers: - ATL-TraceId: - - 4c0b376d6f51123f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 89c0d16e-b628-4e26-bd06-d88fe46839ea - x-envoy-upstream-service-time: - - '274' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPzU7DMBCE32WvJOna+WntG4IDIFSQkp4QQk6yFkGOHSUOUlX13bFFRbntzH6z - oz1BqxY6zAYkfHo/LXKz6UlT53v35TLljVqWQdnMkocEvmleBmcDzBBZhhmm9f72tX54aa7b/Tq2 - YQL5FqEEE3xPoKfJuONI1jfHicKBO+PWPoTadTD9bwRkDJTFxbxXPoIcOUuRp7xqGJN8K/MiQ8Qb - DHDILzSH3mYYr2yeIms4yqKUTGQsF39sNz5a7QJYVGW51UxromInhFZF1KTYllfljgfBy05U4l+B - N7HhaZgVxHe0Wo1/dp2K9gnMZQKyH4cazucfAAAA//8DABzY+glaAQAA - headers: - ATL-TraceId: - - 74c6ababf6f2f3ef - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f9f826e7-1179-401f-ad49-b4aaaabc853d - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 44febe6f48fdbc0b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0c133041-d47b-4503-beb7-fcc64ddefc74 - x-envoy-upstream-service-time: - - '55' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - f4b4d81d2dd4514b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 558180df-c326-4e53-931e-cc92af652fac - x-envoy-upstream-service-time: - - '60' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/390]\n\n*Defect Dojo link:* http://localhost:8080/finding/390\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/113]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 390\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10616","key":"NTEST-464","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10616"}' - headers: - ATL-TraceId: - - 8da2b2ba91f6a740 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb32b4c1-b73f-4238-afce-f726dff6d265 - x-envoy-upstream-service-time: - - '414' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-464 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlKae6dxQSHvcUcokocwUOhlhbxw1tuSR5Di5lv9+ - K8kmFBqupeED1kr7/uwjffFgXVKeerEngacgIX3DIE9Vh9MCVEclCyhoR5QgqWaCqw6kTBegaSdZ - UJ5BLrLOCqTCPUjHUEpQwLU763U8ZiyHwX64jwsF+RyXC61LFft+CnNIdCo+ix7VOVWKUd7joH20 - oX1aMj/ymVIV+K2BJWxQ/3Q6mky7g/0BSuY2WC/+4il0WqmEasiE3LjgUlyhQhREYTfod4NwGgXx - 4HkcvuwNw+d/BGEQmBiND70pwZp5YoxGH+MMgmibtVukoBLJSlMRlB4QVdA875CUKc14oknJIAEi - 5qQWctkz2ong5zL/kSgUJJUEf8WgpiuqqfxTsX/hVYFNqopnTnScvgqDfjhsllMM9NU25Y5nGo2+ - plQtTY+qa22+4jnNFXS81oYXWyM3HU8zBEaJTfZiXmEmXinFZwzvidVrtG3tbDfa2pnFnYZvIz3n - TGs0YPDVaJuk/rFnlZjrmkqTmGJFmTNESHovGyyuhcxguB4MfyTcpsyNs6bSJTOFxd/dOg+CF+g5 - GqyjwZMN2xZalDxTzf9HfIX7a5yNX/K1bp01H49460frfvRr3hpwqvZjp7ebGzPf6w+OXbBjl5+w - g1kmIcO5fgBDxJTIKzdmTpJUSovCUsQMPUQvdm0MH9pw1OGkZjAt/XlxN+x4mKb+gBNncOUO2HEy - mJYscQF8eSAziMOE1EJUeXrEVJnTTYNLFNdUI9M6Ivv5GXIsecuLvrMmzYDYz0NRmTqFJtILI2A8 - 82ItK+M6kYC5mqn7Hk8+70ctT96vWrCrnOGujWjXRn/LJUxIpjdPLESr7pu74Sd4lBU0A+UbDdUa - YSjIRd1Tq2zLPSeibjlq4N0YLFyDIRMDzXtJman8brbhLhyGQ5P2gqpRyZITxpf2Kj6C0tzMPGnh - YkFU271bCRd8hBczvc5hDFQ5CMrmyzs7OX97fDo7OT4cnU5Gs9F4/H6MaeAAKcwbD0wXQM6QNbkm - xi9higiebwhOJMuNUaIF+ZtJSs4kFDi1pFKIr56d0ftZvESDwVcWBH06j717I4uVzRinOfYMi76d - MbN3X9a8K5ryWpDnGF3LBNi+jMPt6ao0M/sDOHYvhScizCnf3lbfXu4/B7otql7TZIkPqRZZrXHn - 67B50vxSwO27yG+fJ1F7uXIwiE5ELuSpi+Y6r6CbSaSn7eNAkCPhmi2KEp96XDddeKyn3xbnim// - 9qZM57AXk8uPtIxicijEkgG5YBrpUZOJvTzIm5xmX02umGouEpovhNLxMBgG/pzxFEnM778MPlmD - R7YUGOVnQQxI4j3yv5pWcQIIM6QMVMDhJlZ2eDHC5TlfclFvYz788EC6dyZFWuHrZcQznKQC6+JP - sQx47tImgYbJX6LuarEjkbIxEH0iPrmsAZY4dnBrbYfW9oDft4ofD87IJKF8x3nzXPLDsO9q9VpS - niz8Kc0wzlPsppNWLE+Pj+6KDkVRME2QkRZ3xZON0lAoTDotBUMoYCPxZ/ds1Q02C8q4Yhp6iJh4 - MOjv2tsl91P0ei2oTJv+3mJpL77iByRxkMHYyDUAJwo0qRv8aKQz9wAhc8RQh9QLlixIAZQr3KTu - RGMBq4YWCE0SpENIyYpRUiHCE7kpkU/wGOfgrvCeCWWMSEOmTCBuEVbXdU/UVJU9ITMf8QXrXrko - LRIQarO5kDPnTM2oxgfBdYUNmf32/uJgctadvOviDfi7MX0+PnFGHyvGO8Ak05i8HU2vOJI2TqgG - GRNRrpIrPloxc1dgcBPQXTdX7d73HfwHAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFTbo - N8VWGzO/YdnpRpb/vuckRXWcOCtllHwIhKBE57uLdPfcc5dnG4jSOOoyoPYOGOhWSxLLGO9CnVGX - iV05GRhfUKkfZL9JcfFjwTNKaIuZ683RjsIPBAQ5Ey+5FWe4kVQ+Y+UlFTuGXUG1BnXuJ88uKT4y - C6Gv6JrFkkf2mwLNKpgMklrgYi1ETiNO0HJmPHGs60xQ5Jk4a0Qi2aJAhX3tn9g4SPpEjSjd66eM - vDef04KFFf3Or7kVyw8WAISOS2XJbcULQbW65ApYuBLWiWtCV9DXQDl75A1xaLPbD7Y30AfaRFIJ - BxukRHefl3RlALdzhhvPLqzziz+45aTK3wJadjmi18URvWHXRtBkBFWJyijJKnHnlqhrRNsbXczL - NcxL3onkmfsFTUewRV7aBQ7JzMIFwfBeBuhOjbk6TRmV8N6/6h2dIRHyvHxhvSdidgUwI8qPViq4 - Z8NB5M0nQzeYw6fxeOr5/ojohRGChQNinC54FkWwgZrfe/LB1s3de4N9pPRgh61SwQG5kGISedSy - H3i+N+Seywd+NB2FgzAYe+EkiCKXje49PrmK3kktZ4PZmf8JL/WcnbJMl0LbVl8Jpxb2I07E9h3K - Aqeo50kc0pHZBWOCTgzPI+WqGOwZy4839sgpMvK/3bofv8ftAcDxe9weIhy7x4CeSDXsmiE3IfJG - T78onwi1VV+t4OsOwAvx67rMC96/A+KEi6fEo6EVdk0mkx09ftPkutSIe4KC17/0ExS8hscnKOiE - AsM84OKDyrgVzbv12oXevGIJVnuoEXhXb7Xu7W50zebcrtmca2Zz7Q1D4Xi2jMs8UzxIt/61/vNF - fXzWT0CzKTWsNkuNgi9AvsbfRv2N3steyn5946JOSHHDthy0lNWsUn4s8+q/DWKVLqMTptCvfs/l - mMqMfvNSDn/IovFj21l/y1v9gDyd9Xr9FwAA//8DADrJ0zvDGwAA - headers: - ATL-TraceId: - - 1485133a4244efd0 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9c0e66bc-8560-427b-ba90-8c1f67ee9ab6 - x-envoy-upstream-service-time: - - '167' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10616 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlKae6dxQSHvcUcokocwUOhlhbxw1tuSR5Di5lv9+ - K8kmFBqupeED1kr7/uwjffFgXVKeerEngacgIX3DIE9Vh9MCVEclCyhoR5QgqWaCqw6kTBegaSdZ - UJ5BLrLOCqTCPUjHUEpQwLU763U8ZiyHwX64jwsF+RyXC61LFft+CnNIdCo+ix7VOVWKUd7joH20 - oX1aMj/ymVIV+K2BJWxQ/3Q6mky7g/0BSuY2WC/+4il0WqmEasiE3LjgUlyhQhREYTfod4NwGgXx - 4HkcvuwNw+d/BGEQmBiND70pwZp5YoxGH+MMgmibtVukoBLJSlMRlB4QVdA875CUKc14oknJIAEi - 5qQWctkz2ong5zL/kSgUJJUEf8WgpiuqqfxTsX/hVYFNqopnTnScvgqDfjhsllMM9NU25Y5nGo2+ - plQtTY+qa22+4jnNFXS81oYXWyM3HU8zBEaJTfZiXmEmXinFZwzvidVrtG3tbDfa2pnFnYZvIz3n - TGs0YPDVaJuk/rFnlZjrmkqTmGJFmTNESHovGyyuhcxguB4MfyTcpsyNs6bSJTOFxd/dOg+CF+g5 - GqyjwZMN2xZalDxTzf9HfIX7a5yNX/K1bp01H49460frfvRr3hpwqvZjp7ebGzPf6w+OXbBjl5+w - g1kmIcO5fgBDxJTIKzdmTpJUSovCUsQMPUQvdm0MH9pw1OGkZjAt/XlxN+x4mKb+gBNncOUO2HEy - mJYscQF8eSAziMOE1EJUeXrEVJnTTYNLFNdUI9M6Ivv5GXIsecuLvrMmzYDYz0NRmTqFJtILI2A8 - 82ItK+M6kYC5mqn7Hk8+70ctT96vWrCrnOGujWjXRn/LJUxIpjdPLESr7pu74Sd4lBU0A+UbDdUa - YSjIRd1Tq2zLPSeibjlq4N0YLFyDIRMDzXtJman8brbhLhyGQ5P2gqpRyZITxpf2Kj6C0tzMPGnh - YkFU271bCRd8hBczvc5hDFQ5CMrmyzs7OX97fDo7OT4cnU5Gs9F4/H6MaeAAKcwbD0wXQM6QNbkm - xi9higiebwhOJMuNUaIF+ZtJSs4kFDi1pFKIr56d0ftZvESDwVcWBH06jz13YWCLsMbbkfpmjLHa - GeM0v3+oeVc05bUgzzG6lgmwfRmH29NVaWb2B3DsXgpPRJhTvr2tvr3cfw50W1S9pskSH1Itslrj - ztdh86T5pYDbd5HfPk+i9nLlYBCdiFzIUxfNdV5BN5NIT9vHgSBHwjVbFCU+9bhuuvBY/74tzhXf - /u1Nmc5hLyaXH2kZxeRQiCUDcsE00qMmE3t5kDc5zb6aXDHVXCQ0Xwil42EwDPw54ymSmN9/GXyy - Bo9sKTDKz4IYkMR75H81reIEEGZIGaiAw02s7PBihMtzvuSi3sZ8+OGBdO9MirTC18uIZzhJBdbF - n2IZ8NylTQINk79E3dViRyJlYyD6RHxyWQMscezg1toOre0Bv28VPx6ckUlC+Y7z5rnkh2Hf1eq1 - pDxZ+FOaYZyn2E0nrVieHh/dFR2KomCaICMt7oonG6WhUJh0WgqGUMBG4s/u2aobbBaUccU09BAx - 8WDQ37W3S+6n6PVaUJk2/b3F0l58xQ9I4iCDsZFrAE4UaFI3+NFIZ+4BQuaIoQ6pFyxZkAIoV7hJ - 3YnGAlYNLRCaJEiHkJIVo6RChCdyUyKf4DHOwV3hPRPKGJGGTJlA3CKsruueqKkqe0JmPuIL1r1y - UVokINRmcyFnzpmaUY0PgusKGzL77f3FweSsO3nXxRvwd2P6fHzijD5WjHeASaYxeTuaXnEkbZxQ - DTImolwlV3y0YuauwOAmoLturtq97zv4DwAA///sWW1r2zAQ/ismUGhH7dhOnJfB6MLWwT5slBU2 - 6DfFVhsz2zJ+STey/Pc9J8mq68ZZKaPkQyAEJ5LuLqe75567PFtBlMZRnwK1tkdBv1jasY7xXiof - 9al4uk8GxhdU6jvZb1Jc/FjxjBLaYuZ6BdpR2IGAIGPiNbfiDDeSyjOWKKjYMayWVGtQ537y7Jzi - I7MQ+oquWSy5Z78p0KycySCpS1yshchpxQlazownjnWZlRR5Js5akUi6KFChX9tXNgaSvLJGlO60 - U0bem89pzsKKfudXYcXygwUAIXepLLmueF5SrS64AhauNuvENaFb0tdAOXvijeG0xfUH2xtph7aR - VMJBg5To7kVBVwZwO2W48ezMOj37g1tOKvEW0PKUI3p9HNEbNwtUQKoCBVByUqLI3a1Bjwy3d8Ew - L+l6SSd3b+xjYq7pCJCvLFwR0u7oP7oFrytlbuyo05RRCR/8q96RD4mQi+KF9Z6I2QXAjCg/Wqng - lo1Hkbecjd1gCZum07nn+xOiF2YTNOzZxumCF1EEHaj5gwcbbN3cvTfYR0L3dtgqFRyQC7lNIo96 - HAae74255/KRH80n4SgMpl44C6LIZZNbj88uondSysloceJ/wkuds1OW6VJo2+qr0qlL+x4esX2H - ssDJ62USh+QyO2esJI/hPFKuisGe8fjxyp44eUb2d1v3w7e4OwA4fIu7Q4RDtxiYFKmGXTPkNkRe - 6ekX5ROhtuqrFa7dAHix/bIuRM6HN4CicPWQeDS0wqrJZNKjx2+aXBcacY9Q8PqXfoSC17D4CAW9 - UNAlE6BSg82WzjQUBLbfqVTc0CBcP7tQKCqW4GmHlL7ZnNs3m3PNbK67YCgcz9ZxITJFknTrX+s/ - X9THZ1mKZlNK2DSPGgVfgHytv42GjdzzQcp+feNlnZDglm45aCmqRaXsWIvqvw1ilSwjE6rQr34X - ckxlRr+ikMMf0mjseGys/8hafUB6Z7vd/gUAAP//AwB2hPjqwxsAAA== - headers: - ATL-TraceId: - - 48a5c1eeb36f395e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5313973c-b0d3-493a-b8f9-e0030fab6a38 - x-envoy-upstream-service-time: - - '183' - status: - code: 200 - message: OK -- request: - body: '{"issueKeys": ["10616"], "ignoreEpics": true}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '45' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/10614/add - response: - body: - string: '' - headers: - ATL-TraceId: - - 7ee0ce5f772f2c94 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c42f5ff9-8b7e-45f6-8421-40a022211528 - x-envoy-upstream-service-time: - - '193' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmnS3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFBD8Yt6rkEAGjObAcla1lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DyYVkkS3pH9tPj1a7CPJKiK2mWiPyXV1rxZNGRbesEjsWBRN9XdX/CoJJ - DU/jokh6R6vVhGfXq2SfiLlMBO3HoSHn8w8AAAD//wMAGD6lkloBAAA= - headers: - ATL-TraceId: - - 9855afc45fac5907 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 28c2c325-1ff2-4439-8f44-36994d106220 - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - ee7c4bd5061b770a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f6a477d2-60d6-4b3d-9934-8be191dd5db9 - x-envoy-upstream-service-time: - - '53' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/NTEST-462/issue - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6AcuxG8Bgmc6NzSkd9wxHAOhnSntMMLeOGpkySPJJDnKf7+V - bMc0kF6h4QPWStrXZx/tvQfLkorMSzydzqCgPUEL0F7P04Yqc2S8JOh5BV1egK640V6yh2sjDeVe - EvU8pnWFx5Pr+06RLEFRw6TQvTtQGj8gu4BSgQZhmg3ImCnA0F46oyIHLvOeApGBguw9A55ZD5hV - Fgb74Z51B/gUlzNjSp34fgZTSE0mv8o+NZxqzajoCzA+WjE+zRkHP+wHvvPPb5XMYYU6zibjy8nu - YD9GybQ2ltzbeE2lU2ogl2pVu5XhCi9EQRTuBvFuEE6iIBnsJeFBf29w+FsQBoH109owqxKcmhf5 - WTI/qn2099HPIIi6yOtFBjpVrLR5Q+kR0QXlvEcypg0TqSElgxSInJKFVPO+vZ1KcaX4z3ihIa0U - +HcMFvSOYsV/1+xfeFtgeariTS06yd6GQRwOm+UEHX3bhdzzLGDQ1oTqua1TdWvsVzKlXEPPa3V4 - iVPygOBhCLASoeAlosJIPF0q1q1KJb+is6/MZXPbZdLVps2kXTwqf+f3lWDGoAKLuOa2DfFvd1bL - qVlQZcPUrCg5Q7xkG7Fhqh2ABsPlYPgz7jZJb4w1eS+ZTTP+Hmd9EByg5WiwjAavVuwK6jDzRjf/ - f2Ar3F+G+79ma9kaaz5+YC2OlnH0a9YaqOr2Y6u1hwfb7csPNSNZyvqCFcxzBTl2+RNQIqYkr+qm - qyVppY0sHGHcoIXoYNvG8KmOmkhqqW1Tx49eshvikhok3pqCXo73mt/WjObX2pQFs/scycrGFFqW - +mgFTOReYlQFDw1xWWWKpXWk909k1jE8qmey4tkx0yWnq6YBUIxemQ9IHrYpmmQowFht1z3HmnEU - t6y5mbVgWzrDdgNKljoXHZnsh4NNQrds+bIcrt8Jq9s9E4OOGRYAc74iIHKaQ2GxYemtKKiyRp/b - TSWXyrpY++WWN0MPE5XhI9ilbTPEqCM/JhUzq1eiob3u2yhe8AywAmPQvr2hWyUMBVwu+vou71Jy - KhctqQ5sWJuBxG0gnN6CpUXbZBuHLL88W+lwW0eFQ5uPGdVjrNIpE3M3IhxDaScGkbZ4dChduL21 - REgxxlGD3nK4AKprjKvmyzs/vfrj5Ozm9GQ0Prsc34wvLv65wPiQCjQmBA9MZkDOkf+FIdYuYZpI - gVVHbmHcKiVGkr+YouRcQYH8QyqN3dd3bLMZxSEqDL6xIIjpQeJtkA+mPGeCciwmVqNjC7u3KWum - qia9rmM5etdyGtY1F7A+XZWWfZ7vyGE/CtcdWU9Ar4RefXn97n4/tLwMjR3c3tF0jqNhC7lWeW1r - 1Ixqv+RwO+/57dgVtaQiwELdtfBZ7c0tr2A3V8h/3dAjybGsiy2LEntc2BHZVuFHNf0+OZ9F97cz - YYbDTkKuP9EyTMhIyjkD8pEZ5F9DLt0zSN5zmn+zsWKoXKaUz6Q2yTAYBv6UiQwp3o+Hh1+cwmOX - CvTyqyQWJMkO+d+b7uIlIMyQS/ACdj1xstHHMS6vxFzIRefz6MMT6c65klmFc9h4TY/+BNOA565d - EKiY/CkXu0ZuCaRsFERfiE+un5DtllvdAT92Fz8dnZPLlIot5+3g54dhXOfqnaIinfkTmqOfZ1jN - Wloxnp0cPxaNZFEwQ5CRZo/FlyttoNAYdFZKHGk1FhJ/bs9l3WKzoExoZqCPiEkGg3jb3ja5n6HV - W0lV1tR3jaWd5LM4ImkNGfSN3AIIosGQRYMfg3RWj1Jkyv8DAAD//+xZbWvbMBD+KyJQaEftxHlr - Ehhd2LIxWLfSbCuUQlFtNTFLZOOXZKXLf99zkuw4Xpyt3Vb6oVCKE8l3l9Pdc8+d+OSQLae+O2Vz - wWWMRa53GAnwGiQw7rqAQ+Gxhc9Zigh3o9sQeIJtUgrNEWwy5QyRBqR0xSCLsOVyaQdLHod2EE3q - iC/x3Q6noYoEhNrVDaqjVhZf8QSM4zrFgVztfzofjk+t8YmFinJAor+cfdBCdznjROBHegP2bvT5 - UgK0kaGJiAYsCBfupRwtfKoVMG4sEkvnVbb2lwq8ue9VKdBrOxRUi6UdCx//Y+2jKhW/7lOBcYIS - PlHdNsXF+VRISmjG8+MN0IzDDgQEGeMvBPMlTmSu3mFBRMWOYzWmWoM6903IQ4oPyRD6mg8yPlvy - Wwo0FnIVJGmMg2WInEKcoJWWYmazkYwp8vI4K0Qi6aJAhX5jX5wZSPLiFFG61U4VeS/ez0PuJvQ7 - PwbMVx8YAITcpbNknIgwplodCQ0sQm82iZuHbkxfA+UsEEE4bTh+bTkt49Aikio4yJDyTIRBREcG - cNvnOHF5wPYPfuCUZ0kwALRQHSlxgSq261CjV+SzVEeSCHVQEXei4uU3OhWiGpULVQSskRMwdTSK - h27fmLc4SFvuThX93cb1Gv18Y5HslAsihcCk0FivWfbvyiC5ljoOTbsfQAOIrx0D46hPQq/YueHt - ludc99qNzjV+wNFR32k2u8Q68k3QsGOboHMfeh50gArU1jZYpnt9lUMiCd05QtAZYoNzqG0KkPRj - veM0nbZwGqLV9Ppdt+V2jhy31/G8Bu/eOKJ37L1UUvZaw73mW/zp96w5l6ZCWpb+KrbT2FrCI1bT - puSww/R65rvkMivkPCaP4X1kYuLjePD45tTq2qEk+8uziadvcXnC8fQtLk9JnrrF1O7qQYEhzkXk - PDXjPconAnM9jNA4d6Ga5NoojYJQ1C+AQO50nXg0lcNqnsmkx0wbDeeODBA/Q8HjH/ozFDyGxc9Q - UAkFZeYBhlW7W9E7GfOA7ROdinc06TfP6+usxhYp+fCxvJCP7MoL+QisvNDOFoRc+FEgNWkyE4HU - 3DXpj39kKXpQJeEuezQo+ADkK9yS1TO5m7d+Bd3Fq0HYsQiSfza91rJymVCFNvZroKZX2eyUxuc0 - EyKNuR2bxjY3rDUvKO+sVqvD/3lT2a3d1/9bbipJyOZgm8a5KpC0o+9zU9m3e05n603lTwAAAP// - Is2dozOVoG7RsJupBAAAAP//7NpLCoAwDATQG5UQ6yL3EVfefy1+aIU0oUqRinOBNNmUMC9+u0V2 - M4VNrwD3CkMq+5bKRWFfS7uMb9ulJ5USxoEhlXpEa+3J8vc1woRU6ikuUjlvUlnK7Kr0splUMoWY - L64glVNXUsleRGvQW/JGoadSKXSE+5BKSCWksuIBSOVPpfL8KXepXAEAAP//GpIzleAYwDMhiatB - hjRTiW8CkuhpTLwzlXirQVDQjs5UDtRANObYxOB3MfoIx+B3MfooyWB3Mai7S6fpidGZysES6aNF - AT1cPFoU4CwKKJqQhE9rokuMtJlKswGcqTShy0xlbC0AAAD//wMA+VRJOp45AAA= - headers: - ATL-TraceId: - - 38a7b181fc515e82 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 89b0d109-7cfd-438c-8475-7c36e127120b - x-envoy-upstream-service-time: - - '306' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPT0vEMBDFv0uuttlJmv7LTfSgIqvQ7klE0naClbQpTSosy353E1xcb/Pe/N48 - 5kQ65fCwGiLJp/eLk7vdgBp7P9gvS5U3yrlRzXRGTxLyjasb7RxgBsAoUEib/e1r8/DSXrf7berC - RORbhBJI4D0hAy7GHiecfXtcMBy4M3YbQqjbRjP8RoiMgVxczHvlI8iBsxR4youWMclLmQkKADcQ - 4JB3uIbedpyubJYCazlIkUsuaJFVf2w/Pc7aBlAUeV5qpjWiqOpaKxE1KlbyIq94EDzv66L+V+BN - bHgaV0XiO1ptxj/bXkX7RMxlIjh/HBpyPv8AAAD//wMAdr3Z7loBAAA= - headers: - ATL-TraceId: - - a5741abe4425118e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cd4c0191-c131-4d5d-9701-b0f09794e07e - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1a5129a03cf28df2 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2b734974-2046-4b9d-a080-4362f549af3b - x-envoy-upstream-service-time: - - '83' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 4950b193581d9850 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 88a00194-2abe-4f7a-9cdb-2aba14202e63 - x-envoy-upstream-service-time: - - '68' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-463 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySAKlnOjcU0h53lDIklJlChxH2xlFjSx5Jxsm1/e+3 - kuyEhoYrNHzAWmnfn32kLx4sSspTL/Yk8BQkpG8Y5KnqcFqA6qhkBgXtiBIk1Uxw1YGU6QI07SQz - yjPIRda5A6lwD9JzKCUo4Nqd9ToeM5bDYC/cxYWCfIrLmdalin0/hSkkOhWfRY/qnCrFKO9x0D7a - 0D4tmZ9TbT6ZUhX4rZU5LNHI6WQ0nnQHe32UTG3EXvzFU+i5UgmqZUIuXYQprlAhCqKwG/S7QTiJ - gniwG4f7vd3Byz+CMAhMoMaHXpZgzTw10MjFaPQxziCI1qm7RQoqkaw0ZUHpAVEFzfMOSZnSjCea - lAwSIGJKaiHnPaOdCH4h85+JQkFSSfDvGNT0jmoq/1TsX3hVYKeq4oUTHaevwqAfDpvlBAN9tU65 - 45luo68JVXPTqOpWm694SnMFHa+14cXWyLeOpxmio8ROezGvMBOvlOIzhvfM6jXatna2G23tzOJe - w9eRXnCmDTgMyBptk9Q/9qwSU11TaRJTrChzhghJN7LB4lrIDIaLwfBnwm3K3DhrKl0yU1j83a/z - INhHz9FgEQ2ebdi20KLkhWr+P+Ir3FuEe7/ma9E6az4e8daPFv3o17w14FTtx1Zv376Z+V58cBSD - Hbv6hB3MMgkZzvUDGCKmRF65MXOSpFJaFJYibtBDtL9tY/jQhqMOJzWDaTnQi7shLqlGanSk83S8 - O0ZbcZjvrEkDZvt5KCqTU2h46dIIGM+8WMsKsBxoU3/AYTeQdrFZc8a8ZInL/csDmQkVldVMVHl6 - xFSZ02UzEihOJGCuZup+xJP9qN/y5GbVgm3lDLdtRGvKYEIyvXxmDVt1f/A0umQFzUD5RkO1RhgK - clH31F22ppgTUbdUNPBMjTYS6beJ5PQWDJkYaG4cMlP5wzKE23AYDk09ZlSNSpacMD639/ERlOZ6 - 5knbM9vJ2u6tJFzwEd7O9DaHc6DK4UA2X97ZycXb49Obk+PD0el4dDM6P39/jvnhACksCB6YzICc - IWtyTYxfwhQRPF8SnEiWG6NEC/I3k5ScSShwakmlELM9O6ObWbxEg8FXFgR9uh97GyOLJc8Ypzk2 - E7uxnjGztylrHhdNeS2qc4yuZQLsa8Zhdboqzcz+GMfDXhSucOxeCs+EnlNe3VbfX+5PQ+Mabq9p - MsfXVAu51rjzddg8aX4p4PZd5LfPk6i9XDkYqCciF/LURXObV9DNJHLE+nEgyJFwzRZFie89rpsu - PNbT74tzzdd/OxOmc9iJydVHWoYxORRizoBcMo0cpcnYXh7kTU6zryZXTDUXCc1nQul4GAwDf8p4 - isTo94cvP1mDR7YUGOVnQQxI4h3yv5pWcQwIM+QSVMCpJ1Z2eDnC5QWfc1GvYz788EC6cyZFWuHr - ZcQznKQC6+JPsAx47somgYbJX6LuarElkbIxEH0iPrmqAeY4drCytkVrfcDvW8WPB2dknFC+5bx9 - S4dh39XqtaQ8mfkTmmGcp9hNJ61Ynh4f3RcdiqJgmiAjze6Lx0uloVCYdFoKhlDARuLP7tmqG2wW - lHHFNPQQMfFg0N+2t03up+j1VlCZNv1dYWknvuYHJHGQwdjILQAnCjSpG/xopDP3ACFTxFCH1DOW - zEgBlCvcpO5EYwGrhhYITRKkQ0jJHaOkQoQnclkin+AxzsHdoz0TyjkiDZkygbhFWF3XPVFTVfaE - zHzEFyx65ay0SECo3UyFvHHO1A3VeCvfVtiQm9/eXx6Mz7rjd128UX43pi/OT5zRx4rxDjDJNCZv - R5NrjqSNE6pBxkSUd8k1H90xc1dgcGPQXTdX7d59B/8BAAD//+xZbWvbMBD+KyZQaEft2E6cl8Ho - wtbBPmyUFTboN8VWGzO/YdnpRpb/3uckWU3dOC1hlHwIhOBY0t1JunvuucseCqI0jroUqLEdCrrF - 0oxljG+hzqhLxfN50jG+IYXfyaKT/OLXgmcU0BYz15ujJoUdcAgyJl5yK85wI6lcY+UlJTuGUUG5 - BnnuN8/OyT8yC66vOJPFknv2lxzNKph0klrgYi14zoafoOTMeOJYl5kgzzN+tuGJpIscFfq1faIx - kOSJGl661U7pee++pgULK9rn99yK5Q8LAELHpaLkuuKFoFxdcgUsXE3WgWtcV9BroJw98oY4tNn1 - J9sb6APdRFIJBw1SosTPS7oygNspw41nZ9bp2T/cclLl7wEtzzmi18URPSqPGhJMOYnySFUiD0q6 - S3S1vSLoEOV2DnQRMNcQMHk1kodun2gKg/bAtBlAPLNwQUi8pT5pJ0RRpymjTN57Ke3RURIvz8s9 - 0z7xswtgGlUTqKiCWzYcRN58MnSDOTYwHk893x8RyzCToGHHNE73PIsi6EDq7z3aYOsa76OBQBK6 - s9BWEeGAY8hpEoDUYz/wfG/IPZcP/Gg6CgdhMPbCSRBFLhvdenxyEX2QUk4GsxP/Cz5qnZ2yTGdE - 21avhFML+x4nYvsOBYNT1PMkDunI7IIxQSeG9Yi8KgaJxuPnK3vkFBnZ367gD9/idh/g8C1u9xIO - 3WJgUqSKZ02UN5HySjfBKJ4IvFXJrnDtBviL6Zd1mRe8fwPECRePgUe9K4yaSCY9ugunOXapgfcI - BW9/6UcoeAuLj1DQCQVt5gFG1VutaU3DNGD7nQrFFfXD9bMLhXnFEjxtkdLVonNNi649YFpe7YFh - M8CzZVzmmeJCugNQ6/9g1M/XWLrMq//WW1WyjEwoQrn4M5ddItP+RI0rLV41jxp199Yv/63qN3LP - eyn784OLOiHBG3uV/Z2ymlVq39Rkph4Q7dy8f7rYf7JaL5DWrtfrBwAAAP//AwD/mtUozxsAAA== - headers: - ATL-TraceId: - - f4805b423500f289 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ecfed33a-f686-4a1f-991e-7e1536870394 - x-envoy-upstream-service-time: - - '177' - status: - code: 200 - message: OK -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml deleted file mode 100644 index 8d4c32afe41..00000000000 --- a/unittests/vcr/jira/JIRAConfigAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml +++ /dev/null @@ -1,1654 +0,0 @@ -interactions: -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNm23uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvW7369TF - ici3BGWQwXtGBpyNO05oQ3ucMR64M24dYqhbRzP8RohMgUJczHsVEsiBsxx4zsuWMckruRUUAG4g - wjHvcYm97Thd2W0OrOUgRSF5Sfmu+mP76dFqF0FRFkWlmdaIYlfXWomkUbGKl8WOR8GLvi7rfwXB - pIancVEkvaPVasKz61WyT8RcJoL249CQ8/kHAAD//wMAxW9qC1oBAAA= - headers: - ATL-TraceId: - - 2fdb2ff1118aef46 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a9e11891-cfe2-4de8-a6b4-14643207b516 - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f74ed2f5912112aa - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d1acdb52-10fb-466e-b6b6-4015038af115 - x-envoy-upstream-service-time: - - '49' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - b9aab1b3e80f7b07 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cc372ef1-e852-4d0c-8e9d-3fd1f899a829 - x-envoy-upstream-service-time: - - '112' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/391]\n\n*Defect Dojo link:* http://localhost:8080/finding/391\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/114]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 391\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10617","key":"NTEST-465","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10617"}' - headers: - ATL-TraceId: - - b534b03332717b40 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fdfde70d-ac81-4ec1-8ac3-fcb4bbe3c716 - x-envoy-upstream-service-time: - - '360' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-465 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySlAbPdG5oSHvcUcokAWYKnYxibxw1tuSR5Dg5yn+/ - lWUTCoRrafiAtdK+P/tINw6sc8pjJ3Qk8BgkxO8ZpLFqcZqBaqloARltiRwk1Uxw1YKY6Qw0bUUL - yhNIRdJagVS4B/EIcgkKuLZnnZbDjGXf2/ff4EJBOsflQutcha4bwxwiHYuvokN1SpVilHc4aBdt - aJfmzA1cplQBbmNgCRvUP50Mx5N2b/81SuZVsE544yh0WqiIakiE3NjgYlyhQuAFftvrtj1/Enhh - 73UY7HcODrp/eL7nmRiND73JoTLzwhiNPsbpecE2a7uIQUWS5aYiKD0kKqNp2iIxU5rxSJOcQQRE - zEkp5LJjtCPBz2X6I1EoiAoJ7opBSVdUU/mnYv/C2wybVGSvrOg4fut7Xb9fLycY6Nttyi3HNBp9 - Tahamh4VM22+wjlNFbScxoYTVkZuW45mCIwcm+yEvMBMnFyKrxjeC6tXa1e1q7rR1M4s7jV8G+k5 - Z1qjAYOvWtsk9U91Vom5Lqk0iSmW5SlDhMQPssHiVpDp9de9/o+EW5e5dlZXOmemsPi7X+eeZ3Aa - 9NZB78WGqxZWKHml6v/P+PL31/7+r/laN87qj2e8dYN1N/g1bzU4VfOx09vtrZnv9YVlF+zY1Rfs - YJJISHCuH8EQMSXSwo6ZlUSF0iKrKGKKHoI3uzb6j21Y6rBSM5gV/Tlh2285mKa+wIkzuKoPUI08 - aWno5yfActwdq7nWmjTwrj4HojBZ+oapLo2A8cQJtSzgtiYvY0yyyOZ+80hmAsOjaiGKND5iKk/p - ph4JFEcSMFczdU/x5Jue3/Dkw6p5u8rp79oItpTBhGR688KKNepu7+fokmU0AeUaDdUYYShIRdlR - q2RLMSeibKio55gaPUik2ySS0hkYMjHQfHDITOWTZfB34dDvm3osqBrmLDphfFldxUeQm5uZR03P - qk6W1d6dhAs+xIuZzlIYAVUWB7L+cs5Ozj8cn05PjgfD0/FwOhyNPo0wPxwghQXBA5MFkDNkTa6J - 8UuYIoKnG4ITyVJjlGhB/maSkjMJGU4tKRQitFPN6MMsDtCg9415Xpfy0LEXBvYOi78dqe/GGNuQ - ME7Th4fqd0Vd3grVKUbXMAH2NeFwd7rIzcz+AI7tS+GF0LPKd7fV95f7z6FxC7d3NFriQ6qBXGPc - +hrUT5pfCrh5F7nN8yRoLlcOBuqRSIU8tdHM0gLaiUSO2D4OBDkSttkiy/Gpx3Xdhef6931xrvn2 - b2/CdAp7Ibn6THM/JAMhlgzIJdPIUZqMq8uDvE9p8s3kiqmmIqLpQigd9r2+584Zj5EG3e6B/6Uy - eFSVAqP8KogBSbhH/lezUhwDwgy5BBVw6kklG1wOcXnOl1yU25gHF4+ke2dSxAW+XoY8wUnKsC7u - BMuA566qJNAw+UuUbS12JJLXBoIvxCVXJcASxw7urO3Q2h5wu5Xi58MzMo4o33HePJdc3+/ZWr2T - lEcLd0ITjPMUu2mlBUvj46P7ooHIMqYJMtLivni8URoyhUnHuWAIBWwk/qq9quoGmxllXDENHURM - 2Ot1d+3tkrsxep0JKuO6v3dY2guv+SGJLGQwNjID4ESBJmWNH410Zh8gZI4YapFywaIFyYByhZvU - nqgtYNXQAqFRhHQIMVkxSgpEeCQ3OfIJHuMc7D3aMaGMEGnIlBGEDcLKsuyIkqq8I2TiIr5g3ckX - eYUEhNp0LuTUOlNTqvFWnhXYkOlvny4Px2ft8cc23ii/G9PnoxNr9LlifARMMg7Jh+HkmiNp44Rq - kCER+Sq65sMVM3cFBjcG3bZz1ew97eA/AAAA///sWW1r2zAQ/ismUGhH7dhOnJfB6MLWwT5slBU2 - 6DfFVhszv2HZ6UaX/77nJFl1nTgrZZR8CJSi5OS7s3T33HOXZxuI0jjqM6Bkewz0q6Ud6xj/hTqj - PhPb+2RgfEEJv5P9JsXFjxXPKKEtZq43RzsKPxAQ5Ey85lac4UZS+YyVl1TsGKSCag3q3E+enVN8 - ZBZCX3EmiyX37DcFmlUwGSS1wMVaiJxWnKDlzHjiWJeZoMgzcdaKRLJFgQr72j/ROEj6RI0o3emn - jLw3n9OChRW959fciuUHCwBCx6Wy5LrihaBaXXIFLFxt1olrQlfQ10A5e+KNcWiL6w+2N9IH2kZS - CQcNUqK7z0u6MoDbKcONZ2fW6dkf3HJS5W8BLdsc0evjiN64TxA0AqosVYnKKOkuEdjOVtds7Qr6 - mJdrmJe8E0lAd280HUFXMN/JYLqVD1nOwhXhs6qSok5TRiV88K96R2dIhDwvX1jviZhdAMyoaUAr - Fdyy8SjylrOxGyzxAtPp3PP9CdELswkW9mzjdMGLKIIN1PzBow+2bu7eG+wjpXs7bJUKDsiF3CaR - Ry2Hged7Y+65fORH80k4CoOpF86CKHLZ5Nbjs4vondRyMlqc+J/wp56zU5bpUmjb6ivh1MK+x4nY - vkNZ4BT1MolDOjK7YEzQieF5pFwVgz1j+fHKnjhFRv53W/fD97g7ADh8j7tDhEP3GNATqa5ZM+Q2 - RF7p6RflE6G26swVfN0AeLH9si7zgg9vgDjh6jHxaGgFqclksqPHb5pclxpxj1Dw+pd+hILX8PgI - Bb1QYAgGXLxTGfdA8269dqE3r1iC1Q5qBN41eNgMtgV9sznXzOa6AjPr6goMhePZOi7zTNEd3frX - +scX9fFZr4BmU2p4aJYaBV+AfK2fjYaN3vNByn5946JOSHHLthy0lNWiUn6s8+q/jXKVLqMTptCv - fs/lmKqZv9J0mYY/ZNH48dRZ/4m3+gF5OpvN5i8AAAD//wMAnG1KXsMbAAA= - headers: - ATL-TraceId: - - a7b529f6bb1b75f6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ffe16d27-1338-4a47-8a0c-1ad1fb1ba2f3 - x-envoy-upstream-service-time: - - '191' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10617 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbXPaOBD+Kxp/6NzlANtAU+KZzk1KaC93aZoB0sw06TDCXoyKLXkkGcO1/e+3 - kuyQJiXXpuRDrJX2/dlH+uzBpqA88SJPAk9AQvKaQZaoFqc5qJaKl5DTlihAUs0EVy1ImM5B01a8 - pDyFTKStNUiFe5CMoZCggGt31mt5zFgOg8PwBS4UZAtcLrUuVOT7CSwg1on4JDpUZ1QpRnmHg/bR - hvZpwfyuz5QqwW8MrGCL+ufT0WTa7h8+R8nCButFnz2FTksVUw2pkFsXXIIrVOgG3bAd9NpBOO0G - Uf951D3sHB31/gjCIDAxGh96W4A188QYjT7GGQTdXdZukYCKJStMRVB6TFROs6xFEqY047EmBYMY - iFiQSshVx2jHgl/K7EeiUBCXEvw1g4quqabyT8X+hZc5NqnMnznRafIyDHrhoF5OMdCXu5Rbnmk0 - +ppStTI9KufafEULmiloeY0NL7JGvrY8zRAYBTbZi3iJmXiFFJ8wvCdWr9a2tbPdaGpnFncavov0 - kjOt0YDBV61tkvrHnlVioSsqTWKK5UXGECHJvWywuBYy/cGmP/iRcOsy187qShfMFBZ/d+vcDwxO - u/1Nt/9kw7aFFiXPVP3/EV/h4SY8/DVfm8ZZ/fGIt1530+v+mrcanKr52Ovt61cz35v3jl2wY9cf - sYNpKiHFuX4AQ8SUyEo3Zk4Sl0qL3FLEDD10X+zbGDy04ajDSc1gWvrzonZY84VBsGSxc/f5gczg - C8NXS1FmyQlTRUa3NQpRjIXS73FmDTJrF1Qj0zoi+/kZcix5y4u+sybNgNjPoShNnWzsV0bAeOpF - WpYmmFgC5mqm7ns8+aIfNjx5v2rBvnKG+za6+zZ6Oy5hQjK9fWIhGnW//3M8ynKagvKNhmqMMBRk - ouqodbrjnjNRNRzV92wn52DIxEDzXlJmKr+bbbgPh+HApL2kalSw+Izxlb2KT6AwNzOPGwBZWFV2 - 71bCBR/hxUznGYyBKgdKWX95F2eXb07PZ2enw9H5ZDQbjcfvxpgGDpDCvPHAdAnkAlmTa2L8EqaI - 4NmW4ESyzBglWpC/maTkQkKOU0tKhfjq2Bm9n8URGgy+sCDoUR557sLAFmGNdyP1zRhjtVPGaXb/ - UP2uqMtrQZ5hdA0TYPtSDreny8LM7A/g2L0Unogwp3x7W317uf8c6HaoekXjFT6kGmQ1xp2vYf2k - +aWAm3eR3zxPus3lysEgOhaZkOcumnlWQjuVSFi7x4EgJ8I1W+QFPvW4rrvwWP++Lc4N3/0dTJnO - 4CAi1x9oEUZkKMSKAbliGglTk4m9PMjrjKZfTK6YaiZimi2F0tEgGAT+gvEESczvHYUfrcETWwqM - 8pMgBiTRAflfTas4AYQZUgYq4HATKxtejXB5yVdcVLuYh+8fSA8upEhKfL2MeIqTlGNd/CmWAc9d - 2yTQMPlLVG0t9iRS1Aa6H4lPriuAFY4d3Frbo7U74Pes4ofjCzKJKd9z3jyX/DDsu1q9kpTHS39K - U4zzHLvppCXLktOTu6KhyHOmCTLS8q54slUacoVJJ4VgCAVsJP7snq26wWZOGVdMQwcRE/X7vX17 - ++R+gl7ngsqk7u8tlg6iG35MYgcZjI3MAThRoElV40cjnbkHCFkghlqkWrJ4SXKgXOEmdSdqC1g1 - tEBoHCMdQkLWjJISER7LbYF8gsc4B3epd0woY0QaMmUMUYOwqqo6oqKq6AiZ+ogv2HSKZWGRgFCb - LYScOWdqRjU+EeYlNmT227ur48lFe/K2jTfg78b05fjMGX2sGG8Bk0wi8mY0veFI2jihGmRERLGO - b/hozcxdgcFNQLfdXDV733fwHwAAAP//7Flta9swEP4rJlBoR+3YTpyXwejC1sE+bJQVNug3xVYb - M79h2elGlv++5yRZdd04K2WUfAiEoFjS3Vm6e+65y7MVRGkc9SlQc3sU9IulFesY30KdUZ+Kp+uk - Y3xBpr6T9Sb5xY8VzyigLWauN0c5CjvgEGRMvOZWnOFGUrnHyktKdgyzgnIN8txPnp2Tf2QWXF8R - OIsl9+w3OZpVMOkktcDFWvCclp+g5Mx44liXmSDPM37W8kTSRY4K/do+0RhI8kQNL91pp/S8N5/T - goUVvefX3IrlDwsAQselouS64oWgXF1yBSxcLdaBa1xX0GOgnD3xxji0xfUH2xvpA20jqYSDBilR - 3eclXRnA7ZThxrMz6/TsD245qfK3gJanHNHr44jeuJmgBFKVSICSkxJp7i4NemS4vRN9zMs1zEve - ieSZuxeaiqA7Md/JYLqZD1HOwhXhs8qSok5TRil88K98R2dIhDwvX5jviZhdAMyI8qOUCm7ZeBR5 - y9nYDZZ4gel07vn+hOiFWQQNe5ZxuuBFFEEHcv7gwQZbF3fvDfaR0L0VtgoFB+RCLpPIo4bDwPO9 - MfdcPvKj+SQchcHUC2dBFLlscuvx2UX0Tko5GS1O/E/4qH12yjKdCm1bPRJOLex7nIjtOxQFTlEv - kzikI7MLxgSdGPYj5KoY7BnDj1f2xCkysr9buh++xd0GwOFb3G0iHLrFwKRIlfCaIbch8kp3vyie - CLVVXa1w7QbAi+WXdZkXfHgDxAlXD4FHTSvMmkgmPbr9psl1qRH3CAWvf+lHKHgNi49Q0AsFXeYB - KjXYbGlPwzxg+50KxQ01wvXYhcK8YglGO6T09ebcvt6ca3pz3QlD4Xi2jss8U3RHl/61/vNF/XyW - pSg2pYRNM9Qo+ALka/1tNGzkng9S9usbF3VCglu6ZaOlrBaVsmOdV/+tEatkGZlQhXr1ey7bVE0z - mLrL1PwhjcaOx8b6j6zVG+TpbLfbvwAAAP//AwCcC5yuwxsAAA== - headers: - ATL-TraceId: - - d7b8260181bb1205 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 94858309-d780-4abe-9907-f74ac704a71f - x-envoy-upstream-service-time: - - '175' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uuttlJNm23uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7clQFo7wflaUWA8nINy5+dDbCDIBRoJA3+9vX5uGlvW7369TF - ici3BGWQwXtGBpyNO05oQ3ucMR64M24dYqhbRzP8RohMgUJczHsVEsiBsxx4zsuWMckruRUUAG4g - wjHvcYm97Thd2W0OrOUgRSH5jnLG/th+erTaRVCURVFppjWi2NW1ViJpVKziZbHjUfCir8v6X0Ew - qeFpXBRJ72i1mvDsepXsEzGXiaD9ODTkfP4BAAD//wMAQOo2LFoBAAA= - headers: - ATL-TraceId: - - 0d8b8424a1696af1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bad42d1e-7bf0-4c36-a1b3-74da5cfe99d5 - x-envoy-upstream-service-time: - - '27' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 31d8218088333d76 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6d276756-e1ba-4b0c-854b-0c30ab58a4b0 - x-envoy-upstream-service-time: - - '61' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= - headers: - ATL-TraceId: - - 590ef0cdfcd66ae5 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fe29f784-e5d5-4eca-a984-b106580b86c3 - x-envoy-upstream-service-time: - - '69' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/392]\n\n*Defect Dojo link:* http://localhost:8080/finding/392\n\n*Severity:* - Low \n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/114]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n*Systems/Endpoints*: \n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Defect - Dojo ID:* 392\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": - "Task"}, "priority": {"name": "Low"}}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1673' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue - response: - body: - string: '{"id":"10618","key":"NTEST-466","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10618"}' - headers: - ATL-TraceId: - - 7ff81201c7215549 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a14d9cb7-3140-422e-9f97-68ff5a6a71cf - x-envoy-upstream-service-time: - - '521' - status: - code: 201 - message: Created -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-466 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DFtmWy/2UldAMaSJ22VL08B2GqBJYdDSWWYtkQJJWfba/vcd - SSlOkzprU+dDxCPv/bmH/OTBpqQ89WJPAk9BQvqKQZ6qDqcFqI5KllDQjihBUs0EVx1ImS5A006y - pDyDXGSdNUiFe5COoZSggGt31ut4zFgOg8NwiAsF+QKXS61LFft+CgtIdCo+ih7VOVWKUd7joH20 - oX1aMj/ymVIV+K2BFWxR/3w6mky7g8NDlCxssF78yVPotFIJ1ZAJuXXBpbhChSiIwm7Q7wbhNAri - wR9x9LwXDA5/D8IgMDEaH3pbgjXzxBiNPsYZBNEua7dIQSWSlaYiKD0iqqB53iEpU5rxRJOSQQJE - LEgt5KpntBPBL2X+PVEoSCoJ/ppBTddUU/mnYv/CiwKbVBW/ONFp+iIM+uGwWU4x0Be7lDueaTT6 - mlK1Mj2q5tp8xQuaK+h4rQ0vtka+dDzNEBglNtmLeYWZeKUUHzG8J1av0ba1s91oa2cWdxq+i/SS - M63RgMFXo22S+seeVWKhaypNYooVZc4QIem9bLC4FjKD4WYw/J5wmzI3zppKl8wUFn936zwInqHn - aLCJBk82bFtoUfKLav4/4is83ISHP+dr0zprPh7x1o82/ejnvDXgVO3HXm9fvpj53rxz7IIdu/6A - HcwyCRnO9QMYIqZEXrkxc5KkUloUliJm6CF6tm9j+NCGow4nNYNp6c+Lu2HDFwbBkiXO3acHMoMv - DF8tRZWnJ0yVOd02KEQxFkq/w5k1yGxcUI1M64jsx2fIseQtL/rOmjQDYj+PRWXqZGO/MgLGMy/W - sjLBJBIwVzN1D3ly2HsWBi1P3q9asK+c4b6NaN9Gf8clTEimt08sRKvuD36MR1lBM1C+0VCtEYaC - XNQ9tc523HMm6pajBp7t5BwMmRho3kvKTOU3sw334RDvOEx7SdWoZMkZ4yt7FZ9AaW5mnrQAsrCq - 7d6thAs+wouZznMYA1UOlLL58i7OLl+fns/OTo9H55PRbDQevx1jGjhACvPGA9MlkAtkTa6J8UuY - IoLnW4ITyXJjlGhB/maSkgsJBU4tqRTiq2dn9H4Wz9Fg8JkFQZ+uY+/eyGJlM8Zpjj3Dou9mzOzd - lzXviqa8FuQ5RtcyAbYv43B7uirNzH4Hjt1L4YkIc8q3t9XXl/uPgW6Hqpc0WeFDqkVWa9z5Om6e - ND8VcPsu8tvnSdRerhwMohORC3nuopnnFXQziYS1exwIciJcs0VR4lOP66YLj/X06+Lc8N3fwZTp - HA5icv2ellFMjoVYMSBXTCNhajKxlwd5ldPss8kVU81FQvOlUDoeBsPAXzCeIon5/efRB2vwxJYC - o/woiAFJfED+V9MqTgBhhpSBCjjcxMqOr0a4vOQrLupdzMfvHkgPLqRIK3y9jHiGk1RgXfwplgHP - Xdsk0DD5S9RdLfYkUjYGog/EJ9c1wArHDm6t7dHaHfD7VvH90QWZJJTvOW+eS34YDlytXkrKk6U/ - pRnGeY7ddNKK5enpyV3RsSgKpgky0vKueLJVGgqFSaelYAgFbCT+7J6tusFmQRlXTEMPERMPBv19 - e/vkfope54LKtOnvLZYO4ht+RBIHGYyNzAE4UaBJ3eBHI525BwhZIIY6pF6yZEkKoFzhJnUnGgtY - NbRAaJIgHUJK1oySChGeyG2JfILHOAd3qfdMKGNEGjJlAnGLsLque6KmquwJmfmIL9j0ymVpkYBQ - my2EnDlnakY1PhHmFTZk9uvbq6PJRXfypos34G/G9OX4zBl9rBhvAJNMY/J6NL3hSNo4oRpkTES5 - Tm74aM3MXYHBTUB33Vy1e9928B8AAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFTboN8VW - GzO/YdnpRpb/vuckRXWcOCtllHwIhOBYJ91JunvuucuzFURpHHUpUGMHFHQvSxLLGN9CnVGXil05 - 6RhfkKkfZL1JfvFjwTMKaIuZ681RjsIOOAQZEy+5FWe4kVTOsfKSkh3DqKBcgzz3k2eX5B+ZBddX - BM5iySP7TY5mFUw6SS1wsRY8p+EnKDkznjjWdSbI84yfNTyRdJGjQr+2T2wMpPVEDS/da6f0vDef - 04KFFe3za27F8ocFAKHjUlFyW/FCUK4uuQIWroR14BrXFfQaKGePvCEObXb7wfYG+kCbSCrhYIOU - qO7zkq4M4HbOcOPZhXV+8Qe3nFT5W0DLLkf0ujiiN+waCJqMoCqRGSVZJTbdEnWNaHugi3m5hnnJ - O5E8c7+gqQi2yEs7wSGYWbggGN7LAN2pUVenKaMU3vtXvqMzJEKely/M90TMrgBmRPlRSgX3bDiI - vPlk6AZz2DQeTz3fHxG9MELQcECM0wXPogg6kPN7TzbYurh7b7CPFj1YYatQcEAupJhEHvXYDzzf - G3LP5QM/mo7CQRiMvXASRJHLRvcen1xF7+QqZ4PZmf8JHzXPTlmmU6Ftq1fCqYX9iBOxfYeiwCnq - eRKHdGR2wZigE8N8hFwVgz3j8eONPXKKjOxvl+7Hb3G7AXD8FrebCMduMaAnUiW8ZshNiLzR3S+K - J0JtVVcr+LoD8EL8ui7zgvfvgDjh4inwqGmFURPJpEe33zS5LjXinqDg9S/9BAWvYfEJCjqhwDAP - mPigIm5F/W797GLdvGIJnvZQI/Cu3mrd2x3o6s25Xb051/Tm2gOGwvFsGZd5pniQLv1r/eeL+vmc - LSzz6r81QNVaZk0oQp34PZftoU0TFq6lLF5tHjXqvli//Juqv1n3speyX9+4qBNauLFX2dgpq1ml - 9k3dZWr+0M7N++3J/tZsPUFau16v/wIAAP//AwCUtKITwxsAAA== - headers: - ATL-TraceId: - - ded626374160dce9 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 890b0c9f-4487-4a01-86e6-5661cdeedf4c - x-envoy-upstream-service-time: - - '180' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/10618 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSfySHE0907mhIW25o5QhocwUOoxibxw1tuSR5Di5lv9+ - K8kmFBqupeED1kr7/uwjffFgXVKeerEngacgIX3NIE9Vh9MCVEclCyhoR5QgqWaCqw6kTBegaSdZ - UJ5BLrLOCqTCPUjPoJSggGt31ut4zFgOg/1wiAsF+RyXC61LFft+CnNIdCo+ix7VOVWKUd7joH20 - oX1aMj/ymVIV+K2BJWxQ/2Q6nky7g/19lMxtsF78xVPotFIJ1ZAJuXHBpbhChSiIwm7Q7wbhNAri - wZ9x9KIXDPb/CMIgMDEaH3pTgjXzxBiNPsYZBNE2a7dIQSWSlaYiKD0gqqB53iEpU5rxRJOSQQJE - zEkt5LJntBPBz2X+I1EoSCoJ/opBTVdUU/mXYv/CywKbVBXPnOgofRkG/XDYLKcY6Mttyh3PNBp9 - Talamh5VM22+4jnNFXS81oYXWyM3HU8zBEaJTfZiXmEmXinFZwzvidVrtG3tbDfa2pnFnYZvIz3n - TGs0YPDVaJuk/rFnlZjrmkqTmGJFmTNESHovGyyuhcxguB4MfyTcpsyNs6bSJTOFxd/dOg+C5+g5 - GqyjwZMN2xZalDxTzf9HfIX763D/13ytW2fNxyPe+tG6H/2atwacqv3Y6e3mxsz3+oNjF+zY5Sfs - YJZJyHCuH8AQMSXyyo2ZkySV0qKwFHGNHqLnuzaGD2046nBSM5iW/ry4GzZ8YRAsWeLcfXkgM/jC - 8NVCVHl6yFSZ002DQhTXVCOvOtr6+YlxnHjLgr6zJs042M+RqExVbKQXRsB45sVaVsY12tQfkC7M - UDTFkIC5mql7yJPD3vMwaHnyftWCXeUMd21EW8pgQjK9eWIFWnV/8HN0yQqagfKNhmqNMBTkou6p - VbalmGNRt1Q08G4eJtJvE8npDAyZGGjeO2Sm8rtlCHfhEO84rMeCqnHJkmPGl/YqPoTS3Mw8aQFk - YVXbvVsJF3yMFzOd5XAGVDlQyubLOz0+f3N0cn18NBqfTMbX47Oz92eYHw6QwoLggekCyCmyJtfE - +CVMEcHzDcGJZLkxSrQgfzNJyamEAqeWVAoR17Mzej+LF2gw+MqCoE9XsecuDOwdFn87Ut+MMbYh - Y5zm9w8174qmvBb2OUbXMgH2NeNwe7oqzcz+AI7dS+GJ0HPKt7fVt5f7z6FxC7dXNFniQ6qFXGvc - +Ro1T5pfCrh9F/nt8yRqL1cOBuqJyIU8cdHM8gq6mUTC2j4OBDkUrtmiKPGpx3XThcf6921xrvj2 - b2/KdA57Mbn8SMsoJiMhlgzIBdNImJpM7OVBXuc0+2pyxVRzkdB8IZSOh8Ew8OeMp0hrfv9F9Mka - PLSlwCg/C2JAEu+R/9W0ihNAmCGXoAJOPbGy0cUYl+d8yUW9jXn04YF071SKtMLXy5hnOEkF1sWf - Yhnw3KVNAg2Tt6LuarEjkbIxEH0iPrmsAZY4dnBrbYfW9oDft4ofD07JJKF8x3nzXPLDcOBq9UpS - niz8Kc0wzhPsppNWLE+PDu+KRqIomCbISIu74slGaSgUJp2WgiEUsJH4s3u26gabBWVcMQ09REw8 - GPR37e2S+yl6nQkq06a/t1jai6/4AUkcZDA2MgPgRIEmdYMfjXTmHiBkjhjqkHrBkgUpgHKFm9Sd - aCxg1dACoUmCdAgpWTFKKkR4Ijcl8gke4xzcpd4zoZwh0pApE4hbhNV13RM1VWVPyMxHfMG6Vy5K - iwSE2vVcyGvnTF1TjU+EWYUNuf7t/cXB5LQ7edfFG+V3Y/r87NgZfawY7wCTTGPyZjy94kjaOKEa - ZExEuUqu+HjFzF2BwU1Ad91ctXvfd/AfAAAA///sWW1r2zAQ/ismUGhH7fglzstgdGHrYB82ygob - 9Jtiq42Z37DsdCPLf99zkqymbpyVMko+BEJwLOnuJN0999zl2QriLIn7FKixPQr6xdKMVYJvoc6o - T8XTedIxviCF38l6k/zix5LnFNAWM9dboByFHXAIMiZZcSvJcSOZXGMVFSU7hlFBuQZ57ifPz8k/ - cguurwicxdJ79psczSqZdJJG4GIteM6Wn6DkzHnqWJe5IM8zfrbliaSLHBX6tX2iNZDkiQZeutNO - 6XlvPmcli2ra59fCSuQPCwBCx6Wi5LrmpaBcXXEFLFxN1oFrXFfQa6CcPfZGOLT59QfbC/SBbiOp - hIMWKVHdFxVdGcDtlOHG8zPr9OwPbjmti7eAlqcc0evjiN6oHaAEUldIgJKlEmnuTg17ZLi9A4Z5 - yaOXPHP3xD4m5pqKoDswMwymrlm0JAjeUZh0M6FosoxRCh/8K9/RGRIhL6oX5nsiZhcAMyoCUEqF - t2wUxN5iOnLDBTYwmcw83x8TvTCToGHPNE4XPI9j6EDOHzzYYOvi7r3BPhK6t8JWoeCAXMhpEnnU - 4zD0fG/EPZcHfjwbR0EUTrxoGsaxy8a3Hp9exO+klJNgfuJ/wketszOW61Ro2+qVcBph3+NEbN+h - KHDKZpEmER2ZXTIm6MSwHiFXJ2DPePx4ZY+dMif7u6X74VvcbQAcvsXdJsKhWwxMilUJrxnyNkRe - 6e4XxROhtqq0Fa7dAHgx/bKpipIPbwBF0fIh8KhphVETyaRHt980ua404h6h4PUv/QgFr2HxEQp6 - oaDLPEClBusNrWmZBmy/U6G4pka4fnahsKhZiqcdUvp6c67pzXUHTK+rO2AoHM9XSVXkigvp0r/R - f76on8+xdFXU/60lqmQZmVCEOvF7IdtDbRMWrqUsXrePGnVfrF/+TTVs5Z4PMvbrGxdNSoK39iob - O1U9r9W+qbtMzR/auXn/eLH/aLVeIK3dbDZ/AQAA//8DAHmRUxLDGwAA - headers: - ATL-TraceId: - - a3667b2dbfd3d482 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e41c55f2-0994-4000-a591-bc18949f009f - x-envoy-upstream-service-time: - - '173' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmnS3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFBD8Yt6rkEAGjObAcla1lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DyYUsWUFZ+cf206PVLoK8EmKrqdaIfFfXWvGkUdEtq8SORcFEX1f1v4Jg - UsPTuCiS3tFqNeHZ9SrZJ2IuE0H7cWjI+fwDAAD//wMAU45v3loBAAA= - headers: - ATL-TraceId: - - 7a1c37dca663fa6f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a2263fc8-8d16-4447-933a-96e8f537f29b - x-envoy-upstream-service-time: - - '43' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1d3cd243a5e77867 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5cf28ac9-734c-4950-bb7f-e69f90b82399 - x-envoy-upstream-service-time: - - '70' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA0yPQUvEMBCF/0uutt1JmnS3uYkeVGQV2j2JSNpOsJImpUmFZdn/boKL623em+/N - Y06kUx4PiyGSfIYwe7nZDKixD4P7coUKRnk/KltYDCQj37j40dkIUwBaQAF5s799bR5e2ut2v05d - nIh8S1AGGbxnZMDZuOOENrTHGeOBO+PWIYa6dTTDb4TIFBD8Yt6rkEAGjObAcla1lEq2lSUvAOAG - IhzzHpfY247TlS1zoC0DyYUsWcGh+mP76dFqF0FeCbHVVGtEvqtrrXjSqOiWVWLHomCir6v6X0Ew - qeFpXBRJ72i1mvDsepXsEzGXiaD9ODTkfP4BAAD//wMAGc942VoBAAA= - headers: - ATL-TraceId: - - 46cf5a320735f9ac - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d502e79e-4bbc-460d-a5d3-e5caff6212df - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b894a3c75fb556d1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4edbcbae-67ae-42ef-9a2d-2fc2fe18f146 - x-envoy-upstream-service-time: - - '65' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 19a959f477f3958a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c68cc3c1-274c-4e3b-b929-1d3f086e8439 - x-envoy-upstream-service-time: - - '66' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-465 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6NxxSWwnKQ2e6dxQSHvcUcokocwUOhnF3jhqbMkjyXFyLf/9 - VpJNKDRcoeED1kr7/uwjffVgXVCeeJEngScgIXnLIEtUi9McVEvFC8hpSxQgqWaCqxYkTOegaSte - UJ5CJtLWCqTCPUhGUEhQwLU767U8ZiyHwX74ChcKsjkuF1oXKvL9BOYQ60R8ER2qM6oUo7zDQfto - Q/u0YH5GtflkSpXgN1aWsEEjZ5PheNLu779EydxG7EVfPYWeSxWjWirkxkWY4AoVukE3bAe9dhBO - ukHUfxl19zsHB70/gjAITKDGh94UYM08NdCui9HoY5xB0N2m7hYJqFiywpQFpYdE5TTLWiRhSjMe - a1IwiIGIOamEXHaMdiz4hcx+JgoFcSnBXzGo6IpqKv9U7F94nWOnyvyFE50kr8OgFw7q5QQDfb1N - ueWZbqOvCVVL06hyps1XNKeZgpbX2PAia+Sm5WmG6Ciw017ES8zEK6T4guE9s3q1tq2d7UZTO7O4 - 0/BtpBecaQMOA7Ja2yT1jz2rxFxXVJrEFMuLjCFCknvZYHEtZPqDdX/wM+HWZa6d1ZUumCks/u7W - uR8YnHb7627/2YZtCy1KXqj6/yO+wv11uP9rvtaNs/rjEW+97rrX/TVvNThV87HT282Nme/1R0cx - 2LGrz9jBNJWQ4lw/gCFiSmSlGzMniUulRW4pYooeuq92bQwe2nDU4aRmMC0HelE7xCXVSI2OdJ6O - d8dotxzmO2vSgNl+HonS5BQaXro0AsZTL9KyhJuaqowxyWKX6dcHMhMYHlULUWbJMVNFRjf1AKAY - o9IfkS7MUNTFkIC5mqn7EU++6ocNT96vWrCrnOGuje6ujd6WS5iQTG+eWdxG3e8/jUdZTlNQvtFQ - jRGGgkxUHbVKt9xzKqqGo/qeLecMDJkYaN5LykzlD7MNd+EwHJi0F1QNCxafMr609/ExFOZ65nHT - Rdvbyu7dSrjgQ7yd6SyDEVDlkCHrL+/89OLdydn09ORoeDYeToej0YcRpoEDpDBvPDBZADlH1uSa - GL+EKSJ4tiE4kSwzRokW5G8mKTmXkOPUklIhZjt2Ru9ncYAGg28sCHqUR567MLBFWOPtSH03xljt - lHGa3T9UPy7q8lqcZxhdwwTYvpTD7emyMDP7Ezh2L4VnIswp395W31/uTwPdFlVvaLzE11SDrMa4 - 83VUP2l+KeDmXeQ3z5Nuc7lyMIiORSbkmYtmlpXQTiWyxvZxIMixcM0WeYHvPa7rLjzWv++Lc823 - f3sTpjPYi8jVJ1qEETkSYsmAXDKNrKXJ2F4e5G1G028mV0w1EzHNFkLpaBAMAn/OeILE6PcOws/W - 4LEtBUb5RRADkmiP/K+mVRwDwgwpAxVwuImVHV0OcXnBl1xU25iPPj6Q7p1LkZT4ehnyFCcpx7r4 - EywDnruySaBh8peo2lrsSKSoDXQ/E59cVQBLHDu4tbZDa3vA71nFT4fnZBxTvuO8fUuHYd/V6o2k - PF74E5pinGfYTSctWZacHN8VHYk8Z5ogIy3uiscbpSFXmHRSCIZQwEbiz+7Zqhts5pRxxTR0EDFR - v9/btbdL7ifodSaoTOr+3mJpL7rmhyR2kMHYyAyAEwWaVDV+NNKZe4CQOWKoRaoFixckB8oVblJ3 - oraAVUMLhMYx0iEkZMUoKRHhsdwUyCd4jHNwN2vHhDJCpCFTxhA1CKuqqiMqqoqOkKmP+IJ1p1gU - FgkItelcyKlzpqZU4z09K7Eh098+XB6Oz9vj9228AX83pi9Gp87oY8V4D5hkEpF3w8k1R9LGCdUg - IyKKVXzNhytm7goMbgy67eaq2bvr4D8AAAD//+xZbWvbMBD+KyZQaEft2E6cl8HowtbBPmyUFTbo - N8VWG7P4BctON7L89z4nyarrxNkIo+RDIAQlku8up7vnnrscoCBK4qhLgdrbo6BbLJ1YxXgXykdd - KrbPycD4gkr9IJtOiosfC55SQlvMXG+GnhR2ICDImHjFrTjFjSTyGSsrqNgx7AqqNahzP3l6SfGR - Wgh9xaIstnxkvynQrJzJIKkELtZC5DTiBC1nypeOdZ0KijwTZ41IJF0UqNCv7RO1gSRPVIjSnXbK - yHvzOclZWNLv/JpZsfxgAUDIXSpLbkueC6rVBVfAwtVhnbgmdAV9DZSzR94QTpvdfrC9gXZoE0kl - HNRIiRY/K+jKAG7nDDeeXljnF39wy8syewto2eaIXhdH9Ib1BhWQskABlDyXmGv7aNAhw+3cMMxL - ul7Syd0Hu5iYazoC5CsLF4S0O/qPdsFrS5kaO6okYVTCe3+rd+RDIuRZcWC9J2J2BTCjNgKtVHDP - hoPIm0+GbjCHTePx1PP9EdELcwga9hzjdMGzKIIO1Pzesw22bu7eG+wjoXs7bJUKDsiFPCaRRy37 - ged7Q+65fOBH01E4CIOxF06CKHLZ6N7jk6vonZRyNpid+Z/wUs/ZCUt1KbRt9ZVwKmE/wiO271AW - OHk1X8YhuczOGRPkMTyPlCtjsGcsP97YIydPyf526378FrcHAMdvcXuIcOwWA5Mi1UdrhtyEyBs9 - /aJ8ItRWvbrCtTsAL45fV0WW8/4doChcPCceDa2wazKZ9OjxmybXhUbcExS8/qWfoOA1LD5BQScU - GKYBEx9Uxq1p3q3XLuRmJVtitc2ZXPCu3nrT297oms25XbM518zm2huGwvF0FRdZqkiSbv0r/eeL - +vhPPwHNppSwrpcaBQ9AvsbfRv1a7mUvYb++cVEtSXBDtxy0FOWsVHassvK/DXeVLCMTqtCvfs/k - mKqeyNJ0mYY/pNHY8dJY/4W1+gHpnc1m8wQAAP//AwCZu5INyBsAAA== - headers: - ATL-TraceId: - - 14af3a17147227e1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Mon, 01 Mar 2021 19:45:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 109131f4-ffb4-420c-bdcb-f4f84f33b2fe - x-envoy-upstream-service-time: - - '137' - status: - code: 200 - message: OK -version: 1 diff --git a/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml b/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml index 57bdc893db1..38f217ff706 100644 --- a/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml +++ b/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,178 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttnJR0M3N9GDiqxCuycRSZoUK2myNKmwLPvfTXDx4za88zzz - MiekVbT7xSGJ3lM6RLnZGDvaIZnwEbBKTsU4KY+9TahCn3aJU/AZJgAEA4a6210/d3dP/e92t846 - T0i+FKiCCl4rZOzBheNsfeqPB5sP3LiwmizpdXLmW0GyCA2/hLcqFZACJTXQGpqetJIxSTkGgCvI - cPajXXJvP83/WNETIomQhGFO2x92mO/9GDKoNR+UEmPDmWbbduBGaMVaMwoqRMO5aajdcmr/FCRX - Gh6mRaHyzqhWlx7DoEp8Qu4yIevf9h06n78AAAD//wMAf9yx2FoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0ibd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5xQp6I5zA5J9J7SFOVmo401fdLhI2CVnIpxUB57k1CBPs0ch+AzTAAIBgzlfnf9vL97an+3u2Xs + 8oTkywoVUMBrgbSZXDiOxqf2OJl84MaFRWepWwanvxUks0ChvoS3Kq0gBUpLaEoiWmgkCElrDABX + mYTsRzPn3nYY/7HbFkAyLhnBgm9/2H689zZkkFdEWGatZaKhlANrAKpaUU56BZr3QlQGGP9bkNza + 8DDMCq3vWLW49Bh6tcYn5C4TMv7tsEfn8xcAAAD//wMAlf3vZFoBAAA= headers: - ATL-TraceId: - - c67074b25a118e73 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 06 Feb 2021 10:16:13 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - b0cc01e650d9c110 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f2c81149-7d8e-4fb8-a709-b63f9cb292a8 - x-envoy-upstream-service-time: - - '119' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 9cc848432d7f3bd6 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 06 Feb 2021 10:16:13 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:36:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bbf8bde8-75c1-4c79-b8df-4c3ed40008f4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '204' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9c104ac8-6276-41b9-85cd-4e2352c8160d - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -191,79 +80,83 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFwQB5NMqKljBz/adBH/fT2JE7vQ - ZbPlsgd6qWcyj28envFzDFVJeBZP4lKKR0i1igf+OLl99gJUKQN6XQKKKGC55c21LtUkSTLIrUIm - HsU+0YwoRQnf56ATCUonpKTJKHFWk+GB/VkTFI22xALWlrqYfbuaWYqTAix5zanW1gA6JEuiibyW - zKJ6jsfH1fi4j38FqZHQ+m6MnJQ0m9aO9xrGOZLjgy/WzWhcjcY7G1b0F0xVQRjbU+7/HV/Do2p4 - 9DFfVevMHd7xdjiqDkcf81ZARk1hvbnDH729DMJuwS7aoV86C3XHjMKOQSIDlUpaaiq45Z5GdQIG - UUaVpjzVUUkhhUjk0UrIxT5qp4Lb/umDwqVgSWG1Jf4g2MPhsSNnFui0g+x7eEbUwlKGa0m4YkRD - drHxRZl7jadJTpiCgb9vOQWWYeu7g217ZYqCyDUeJTwZKsEKammsmkrnUBD8UvufxEpLyh/QwVpp - KJDjtF86cFeO096/VmIQz4k6g5wYpm8IM9ChEyVIgjnHstqq6vguLHYvZGGWOnCe6eGdIy/CzHYI - Q91eGO/s6GBMrCCrhT67cVvPtTbiSW3kBWuaiqIUHDiugbCoTuVNVYmUBDuH2npaFa8fVjkw6sv8 - 1TPbMgdyPesckyxDT4D+JBRiCfGW2mNkRGuSzguEtlNkgX4QWsD1oZ2Gok1oG9q9QkPMG/3VB/Tb - 6x+a8AjPAm4LMZTsibEbBW5t9BoErWwAsmV5gJedUAPOK/0DsLeNsNMQ+NgTxmnj3fzRjFuR6xWR - 9RykRcmonfS+pJ8vnm2+/tcXTz0z64nLKF/sODMD/derseH6a/HT0pBF9Yr0c3PDADFa4GxloKHn - qnm98JKSpguQJzY/0k4sdxdt1HtqLlZX5h4XyiXBb1O85CFbNRynWgO1bT/lxlbtyYBcT3vfYZzt - mN+cVjcgVcPeJcHLRjvMbmjTp/c7rSIn7LMbivaF3iykZjn9ZS3ZMjxwgH6RGQUyDKPTDpZPy+pW - j2ds9sZvAAAA//+8l81uwjAMx19l6p1kHeUyaeI0aQf2CGgKKEoyAUVNGezQd5+dL1rSTe1ScXUT - +5fG8d8emxsYnFpvbLPj8IBYtZVL94BeTA0ce8dXAVFlpeqbJve33xBWdzTE2doiEpZ5FQmGCM+q - VQ9dfG//VBEbm+aYmcP7QLVngmuKO7R3osAglZDgnegv1Ht34jdrxAhGpOBnpMGalnca2JjUYz4l - Y86nwbT1vgv6bmwedZ6MWkyDChnZ5VyVZw9ZJEMuJoOMUnRlbB51kTVr7HPbLzEN/Z6pAKVme9J1 - uTfD+gf0CHkxrIKxAxYhuzkzkw85fl+UJqLi/CDLI9Qh8qkq9izkjIMez1DfwxY7tEG0a7F7hUUP - 2B9kYZyK0HrK3p9Vecc23DaiA050I7rxKOK8tboZa/C87nuaTOXkkVpHVJ8EXG29HClJfSNlg53e - uvkBAAD//wMAc91BljkVAAA= + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 6dcb3098ef29ad59 - Connection: - - keep-alive + Atl-Traceid: + - 48d321396cda1bba + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 06 Feb 2021 10:16:13 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:36:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 846df59e-5d73-438d-9345-a85e12ec5b55 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '247' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e513dfeb-b95e-4a10-8c9c-307f965f737c - x-envoy-upstream-service-time: - - '94' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -273,173 +166,62 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttnJR0Obm+hBRVah3ZOIJE2KlTQpTSosy/53U1xwvQ3vPM+8 - zAlpFe1hcUiiz5TmKHc7YwfbJxO+AlbJqRhH5bG3CRXo2y5xDD7DBIBgwFC2+9vX9uGl+9vu10nn - Ccm3DSqggPcCGTu7cJysT91xtvnAnQuryZJeR2d+FSQ3oeKX8F6lDaRASQm0hKojtWRMUo4B4AYy - nP1ol9zbjdM/VnSESCIkYbi5Yvvp0Q8hg1rzXikxVJxp1tQ9N0IrVptBUCEqzk1FbcOpvSpIbmt4 - GheFtncGtbr0HHq1xSfkLhOy/uPQovP5BwAA//8DAD+RhjNaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTpE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JLhALggTz3fbmZXf/3Pxut8vQ + pgnk6wplmOEhA20m54+DGWNznEw6cOv8opPULr3T3wrIJFCsLuGdiitIkdIc67wQDdYShaQVQcSr + RGLyg5lTb9MP/9jrBlEyLhklnFc/bDc8jNYnkJeFsMxay0RNKUdWI5aVorzoFGreCVEaZPxvQXRr + w2M/K1jfsWpx8cl3ao1P4C4TmPFtv4Pz+QsAAP//AwAW6AtAWgEAAA== headers: - ATL-TraceId: - - a44410a73ce72da8 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 06 Feb 2021 10:16:13 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 1403d316903ec3d1 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c67708ae-67c3-43bc-9adc-d23ce6513640 - x-envoy-upstream-service-time: - - '27' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - c76f97e84885b27d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 06 Feb 2021 10:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:36:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 651b707d-2b09-4d87-9c46-1b43505ab6e0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3292ebe9-4abc-401a-a4b0-d34735794057 - x-envoy-upstream-service-time: - - '61' status: code: 200 message: OK @@ -460,51 +242,55 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"10598","key":"NTEST-450","self":"https://defectdojo.atlassian.net/rest/api/2/issue/10598"}' + string: '{"id":"11823","key":"NTEST-1485","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11823"}' headers: - ATL-TraceId: - - a028ac3345683578 - Connection: - - keep-alive + Atl-Traceid: + - 20f9e5df98a5a95a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 06 Feb 2021 10:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:36:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dfe58a94-2020-4ddf-b61e-62b2adce0472 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '646' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - be7a1b6f-c1a0-489b-bbac-a3e04a2574e5 - x-envoy-upstream-service-time: - - '478' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -514,81 +300,85 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-450 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1485 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4SA9susV7/EMVB0XZoO3bq0SNPuwzAUtHiW2VCkQFK1vS7/fUdS - shcnDlIHCBCRvDfePfcc/T2CdUMli2aRBslAA3vDQTAzkLQGMzDlEmo6UA1oarmSZgCM2xosHZRL - KisQqhp8A23wDNglNBoMSBtko0HEneU8G59OcWFALHC5tLYxszRlsIDSMvVVJdQKagynMpFgU7Rh - U9rwtEi5MS2kvYFr2KD+xdX5x6t4NM5wZ+GDjWbfI4NOW1NSC5XSmxAcwxUqFFmRx1kRZ5OrPJ/l - k1k+Ssaj4qcsz5wN78NuGvBmjozR6WOcWbAYbh0WDEypeeMygruvyJxXpDWgibEYKLFLaokEYIZY - ReZA5lpdgyRMrWRCzjTgHRiZb8hvXFPyUS3simogMQoQqSxx9SBKEwYCLCTOe6nkJy0ecwte0wpM - 6jTM7h4mhYaXiflWoTWHAzR1jjuuhO3cUnMdzRZUGLgZRJYjTBoseTSTrRCDqNHqKzo7Mped9v2Z - /F/5d4F9ktxaNODQ1mlf4R1+97KmS5eLnNeN4IgX1gU/iOg3aqnGVHkAjabr0fQx4RooWw19qMHI - y4azFz7O52HjrVuOshP0XIzWxehow4b/Ay9MTYV4brr/D/jKJ+t88jRf695Z9/GAt2GxHhZP81Yj - ftsavXUfB73d3LhuX38OXIMV++tvrGBVaaiwQ+7AEDGlRBuaLuyULTZc7QnjC3ooTg4dTO/aCEQS - dldKX3syjGZx3rGHQ7DmZXD3/c6ewxeGb5aqFew1N42gm10LrahFlg0k9uMdExhyy4lpsKZdO/jP - M9W6rPhI/3QbXFbRzOrWuUab9jOHlWuKLhmBcA6wZpFPetbcz1p2KJ35oYNiRxlcaW43R2agV0+H - TyC/zgjHjYDE2/T3h9/rCWkY3dy9zrC/jqBzcJTiALovNDmQDNe09x8cgmk+delaUuOY+R2X135u - v4bGjXFZ9vjyqFv5s+2OVPIcpwadC7gEagJmdfcVfXj36de3F1/evT07v/h4/uX88vL9JV4c+8tg - vlDgagnkA5KqtMT5JdwQJcWGYMNy4Yy6Qean1QcNNabNjzuT+Bbev8UpGsz+5Vk2nCxmUZgnWFqs - za7jbnU5Vqnikop9oe4R0uXdd4XA6HqiwLJXOGV76bZxLf0ImIdnxZHIDMrbYXb7JfBjYN1B8Rda - XuOrq8dibzz4OuveP08KuH9EpUXnpOhnr4SVa30llL4I0cxFC3Glkc+2AV4p8lqFYqu6wXehtF0V - Hqrf7eSgIwKyQsDVjtTv4uYQ3eT5Y7SLI/MT7Phueu9DdbXF3kX4UUzE9vK72uDhPahHroiq5Tr2 - VBE73tqXGB2637g/cMm0GsHgCd3Nlz3RbCu6f7AlGz+XPfPeL3iIfLLtjLzVm/s13dc63WpZS8ul - L44HhmnrmjrU3lM6N5CUPrJgjnle0rJ0QxCfEuMFHQ1ZPp+OsvEcIzo5Oc2LYuL6ZyuEHh4Qw19D - XLxiDH0gqKNdDHH3uPlZrahpEqVdhz78wgyvogS7x4sl2C5p+EzHeZGPIM9gWLDTSTksxyd5OR0z - ltHJIofpS/bCW3k2fPWseIN/QS+uqexSF8dhyyStiVeYkbhIMESWNO1c4OseUxY3lJrkPwAAAP// - 7FixDoIwEP0XdpU4uJvgbhwc2Ig2ilGO1EJMCP/ua69UqJIYY5SBraT07lFy79473BjOp5DRKdoD - ltF6spjmmcbvS9fhI/YF8PAR+yJ66IhBNHuWsLYFRKYGQHsnQsdn96frSaWlYKXJZBWjFeD1VSEJ - XjkG8eyOj8LTpg27rpJ1Hus2bfeQIiepxEgFf/jpIxX8AvFIBb1U4HQGIB644io977HrEHFJJZDS - 4QshBLEYVHXwvNHnTUPnTf0N5/L8DSfYRFamkjIWN1bbFnYUyY9vfQJdOELVLC0LfsB8rSHqrIkL - Q5fcNuJanHXgVm7jJKRaKsZRkvraaIJjuZhIBfu6JePD3DCEpHE3OqPD0QU776C1B8zt1HV9BwAA - //8DAESGqmzRFgAA + H4sIAAAAAAAAA7xX224bNxD9FYKvlbQ3WZYFBEFqK4VbxzFsOX0oCoPaHa0YccktybWkuv73Dvem + WJfAVtG8aTnkXM+cGT1RWOVMJnRENcgENCQfOYjEdCTLwHRMPIeMdVQOmlmupOlAwm0GlnXiOZMp + CJV2HkEblEFyC7kGA9LWd+PCWJXNnMKHwPcDv6fhrwKMnaxzuNEstjwG2qHc2Q+CYRjhhwExw8+5 + tbkZeV4CM4htor6qHrOCGcOZ7EmwHlqyHsu5F3rcmAK8RsEC1vj+ejK+m3SD/vAEj0oXDB09UYO+ + FSZmFlKl11UMCX7hi9APw64/7AZnE98fRYNRFPWiQfSTH/q+c9IZseh4qeZIJ917D1NRaSzDrj8S + MLHmuUscnn4gU56SwoAmmEK9JnbOLJEAiSFWkSmQqVYLkCRRS9kj5xowhoRM1+RXrhm5UzO7ZBpI + Fy8QqSxxZSNKkwQEWOg567GS91q8JgqesRSM516YTRzGg5zHPfOYojYHF1Q1xhNXw2JqmVnQ0YwJ + Ax0654gfHc/XV/AIaDJ47lDLEWA5goWOZCFEh26hJfIPCYJGkGv1FT0+siD16/3l+AZEm+juJbcW + FRja2nZI/q28a+qcu/B5lguODidtBtgjs0xjvksU9oer/vCN7haSu0Zj4qHS5T1yWHoloJpIakHg + 9/1TdCPsr8L+/2vlveF/wzuTMSHQYDBYBYMfYXDVWIzCVRT+CIsZNlCR0efnXTiGDRxnfPWlokIs + 8h9/YtHTVEOKnbmDdXRHiaJq9r0gD08PCYaHBGe7yitmq06XSi9KEqejblDTmcuK5nHlx9POmcMq + BmzmqhDJBTe5YOsa0Xi8ZBanQ8Wqb+++irM3LO1V6rTrrfLnuSpcvkpXf3cHXKZ0ZHXhbKNS+wXL + 5jqszkZFgXt5POydnfoNj2+n7RDNhC3NbAvagm8Log0xcaW5XR+Zm+a558bZsTxdK+F4UIH3JVN/ + qgBd015Ey6ROwfGTg+52aIMDMbt+3y9AANO80LlwjLgtHLrMzJlx8+KKy8VHJ7mA3O0gMm5AVkJv + WcraE6nkGGcZmwq4BWYq4Or6F725uv/l8vrh6vJ8fH03fhjf3n6+RfPYfQZTgxcmcyA3yNLSEmeX + cEOUFGuCHc+FU+rGazlDbzRkmKFyCJvevs4PsOOo/w/3/aGZjehWv2PyUy6ZwLJiXTZ96GTbZ/UG + Vee+bA2B3jU0ghVOcfY3t4vc9fUroF4tO0eCsHrcTseX+8nbcLlB3c8sXuDK2MCuUV7ZOq+3sv/k + cLPaeWFtJGyGuYSlQ6ISSl9X3kxFAd1UI6m1Dk4UuVBVsVWW41IrbV2F79X0ZXLQEAGZIuAyR/m7 + uDlEOUHwmtfhkfmp9JTd9Ll01dUW+xfhxzARbfCb2qBwD+qR5Wg6X3VLuui6RWP7Rv9brFvc8xcl + d7tZsn315EAq/IOClnAMxEVFsvsvHpqg/qEJ6rcTlFnL4nmZ/91Bvl18U2QZc6jdUzo3lJQ+smCO + ed6zOHaD8DJ5dzJj/SgJpsO+fzJFd09Pz4IwHLj+aS+hhe9cw79yXHxIErSBoKaVD/8CAAD//+xY + TU+DQBT8NT3uuoBgPRhtUj0bDx56W2GtmJYlC7QmDf/d2Q/WFoMxxigHEg7Lx76dPPLmzTyNgTjh + cyP3vCqpVLpCv5asJvuConrMZxTl0smmOAiDcxEwEYXZZZJGaXwRpPM4yxhPngMxv86uTJRZtJiF + d7jsPrLlhUsdIfZRRZuK7JERElJAzGjZPG3gOZAyUnJe6Yxhfw5dnqM9YLm8JwktC42/L3/Hj7iv + n8ePuK+/x44YDJRZHetawNLUAGjvVaLjWzup66mGR7Bq07LYCq0An982SsInrEA86ctH4WkXiLe+ + kvU5zgO77qFEKVUtJir4h58+UcFfIJ6oYJAKvHwAxLWtuIMeILk1Q1xZc0hp9lkhsSEbyoZsKPM2 + tP/C6zJR7HIlCytwnIRt3BzU3n4LqdzaCIdu6cjuBwR3NMI96+LCt/G3B1E1Gx346GxjGFS9qC2O + nax/bwxhg/mgOAs29VEav+UnH1IZF6OP9EBO0YYncN0Gk562bd8BAAD//wMAWs/2JHYXAAA= headers: - ATL-TraceId: - - c321e3428472f87e - Connection: - - keep-alive + Atl-Traceid: + - dd000025791e2419 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 06 Feb 2021 10:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:36:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4ccb1d1f-ed6a-4e7a-be67-7c9bed4b8dca X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '274' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - micros-issuer: - - micros/edge-authenticator - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bf2c055c-d3f3-475b-afe9-acd07190a98d - x-envoy-upstream-service-time: - - '145' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml index 9d960609900..6e683304ed8 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJmm3W3EQPKrIK2z3JIkk6xUqalDYVlmX/uwkuftyGd55n - XuZEjJ5xPzmiyHuM46xWqxY7tLENH4Hq6PQ899pTj5EU5BOnuQ8+wQyAUaBQ7rY3L7v75+Z3u10G - kyaiXjNUQAGHgrQ4unAc0MfmOGI6cOvC0ibJLL1rvxWisrCWl/BOxwxy4KwEUXLZMKGAqUpQALgC - DpD8GafU2/TDP3bTMK4qppigtbj+Ye3w4LuQQMk3sl53RtsKK4012K6WtWmNltBZAC2ElAarPwXR - 5YbHftIkv9PpxcWnYHWOT8RdJoL+bb8j5/MXAAAA//8DAFqYqSVaAQAA - headers: - ATL-TraceId: - - 482041e3f4d6ef23 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdDElgRZ8cP244MzPoF1SbkpjDEFbxirsWgQy0qymvYSVd1zXmos6r8F0a4N + j8MsYX3HyMXGJ9/LNT6BvUyg3dt+B+fzFwAAAP//AwBmTRZAWgEAAA== + headers: + Atl-Traceid: + - 9c8ef7ef1550dec1 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e8f8ca87-06a8-4de1-af63-fc4d2892971c - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 570a9777f3a2441f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0411fcae-441f-4dee-a920-0fbbef7b132b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '197' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4c7f82d7-3b14-4dc0-af87-f4a99ae15a4e - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 6b6b18bd17b1611e - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 968ca150da832c2b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f1744162-15f4-43d0-be06-c5f1fb619177 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '316' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c4367296-f93b-452a-b71f-87e6d7678424 - x-envoy-upstream-service-time: - - '100' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 2", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/2806]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2806 (2806)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/681]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Reporter:* + "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/229]\n\n*Defect + Dojo link:* http://localhost:8080/finding/229 (229)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1683' + - '1257' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11065","key":"NTEST-876","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11065"}' + string: '{"id":"11759","key":"NTEST-1421","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11759"}' headers: - ATL-TraceId: - - 93bcdf17ca6f3140 - Connection: - - keep-alive + Atl-Traceid: + - 272a98e035a762d6 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7190d4f2-ddce-4840-aaba-2c83830ea7a4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '726' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 45ab5fd2-2e42-4f52-a499-3e303df77ccb - x-envoy-upstream-service-time: - - '469' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,95 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-876 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1421 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1m6y2q4wkohjTxumxpmtlOCywtDFo6S6wlUiCpyF7b/74j - JcVpWmdtmgCJeOS9PffckR8c2FSUp07sSOApSEh/Z1CkasBpCWqgkhxKOhAVSKqZ4GoAKdMlaDpI - csozKEQ2uAGpcA/SKVQSFHDdnnUGDjOWg8AfPcWFgmKFy1zrSsWel8IKEp2K98KluqBKMcpdDtpD - G9qjFfNCjylVg9cbWMMW9S/mk9l8OD4aoWRlg3XiD45Cp7VKqIZMyG0bXIorVAj9MBj60TAcz4Mw - Pgzi4Kn7NBr/4oe+b2I0PvS2AmvmkTEafS/wfT+8zbpbpKASySqDCEqPiSppUQxIypRmPNGkYpAA - ESvSCLl2jXYi+JUsviUKBUktwbth0NAbqqn8TbF/4VmJRarLn1rRWfos8A+DcbecY6DPdikPHFNo - 9DWnam1qVC+1+YpXtFAwcHobTmyNfBo4miExKiyyE/MaM3EqKd5jeI9Er9O22Nlq9NiZxZ2C7yK9 - 4kxrNGD41WmbpP6yZ5VY6YZKk5hiZVUwZEh6LxsE11ImGm+i8beE28HcOeuQrpgBFn/u4hz5R+g5 - jDZh9GjDtoSWJT+p7v8DvoLRJhj9mK9N76z7eMDbYbg5DH/MW0dO1X/s9fbpk+nvzet2umDFrt9h - BbNMQoZ9/QUNkVOiqNs2ayVJrbQo7YhYoIfwaN/G+Esb7ehopaYx7fhz4mHQzQvDYMmS1t2HL2SG - Xxi+ykVdpKdMVQXddixEcUM1ztV2bH1/x7Qz8XYKeq01adrBfp6I2qBiI31jBIxnTqxlbVyjTf0a - x4Vpig4MCZir6bqvzckwjPo5eR81fx+cwb6NcN/G4W6WMCGZ3j4Sml7di75vjrKSZqA8o6F6IwwF - hWhcdZPtZs+5aPoZFTkWziWYYWKoeS8p05VfzTbYx8NgbNLOqZpULDlnfG2v4lOozM3Mk55AllaN - 3buVcMEneDHTZQFToKolpey+nMvzqxdnF4vzs5PJxWyymEynr6aYBjaQwrzxwDwHcolTk2ti/BKm - iODFlmBHssIYJVqQP5mk5FJCiV1LaoWMc22P3s/iVzTof2S+Hx3J2GkvDCwRYrxrqc/aGNHOGKfF - /UPdu6KD19K+wOj6SYDlyzjcnq4r07PfwOP2pfBIhrXKt7fV55f795Fux6rnNFnjQ6pnVm+89XXS - PWl+KOD+XeT1z5Owv1w5GEYnohDyoo1mWdQwzCQOrN3jQJBT0RZblBU+9bjuqvBQ/T4H5y3f/R7M - mS7gICbXllTHFSNz1CbhR5MaZlaIhBa5UDoe+2PfWzGe4hTzwrE/emcNnNrUMar3ghhSxAfk/1XJ - E/P3Z2tgBkgvHBWoiE1tRSdvJri6xn/DURDZUAzKSQNuybQEV8jMQ5JRAzzDV4ghp4dH3VyXhY2r - tfPa2Lniay6aXnYpRVrjM2fCM2y5EgH0TMbG38xclRgJ+UM0Qy32QFB1BsJ3xCPXAYL1d02lBkl2 - Jveows5nYLX/Ob4ks4TyPefN48objYMW6eeS8iT35jTDYC+w9q20ZkV6dnpXdCJKhIng/MrviA3U - W6WhVJh7WgmG1DmIrdxWzCBcUsYV0+Aiu+IoOty3t0+ORVH5UlCZ9jW4rcXpjoPG6zFJhFgzMFGS - JQAnCjRpmMaLWhONY7B9uJBVQbMBaXKW5KQEyhVu0vZEZwHxQwuEJgmOUUjJDaOkxs5I5LbCOYTH - OIf2MeCaUKbIWJywCcQ9U5umcUVDVWWJhTyFjVvllSUGUnaxEnLROlMLqvFpsayxNIsnr94czy6H - s5dDvDktma+m563Rh4B5CZhkGpMXk/lbjsMeOxvZE5P/AAAA///sWW1r2zAQ/ismUGhLndhOnJfB - 6ELXwT5slAU2KPui2GpjZlvGb93I8t/3nCSrqRuH0Y2SD4EQ5OikO0t3zz13EVkdfE+v64hyDIxb - 8NK+klqbuX9UECZR2KVAze1R0L0tSdQRvgt1Rl0qnsvBLT4heO9llUpe8W3FU4IDi5nLFShiYQXc - gUyJam5FKe4jkWsskVOKZJgtKEMhO/7g6QV5R2ohBBTts1j8wH6Rm1kZky5SFbhWC36z5SUoVFMe - 9xHFBfmd8bItPyRd5KbQr+0rGgNpv6KCj+60U/rd+cckY0FJ7/lZWJF8sIAmdFjy7M8XJc8KyvA5 - VyjDlbCOa+O4Mm41OuLQ5osr2x1qkUwQFhGcnTJcanpmnZ79xkXGpXgDHHlOH90u+uiOuib8ZoKS - TpkjaUpmS0S7JeoY0faEIWXyfCXT3C3YRdIcUyy0J2Y7yU07KSKQWbAiMFYJtKiShFF277VSIR0Z - UXORvzDzE0W7BDxROYCiyr9jo2HoLqcjx1/C3slk5nremIiGEYKGPWKc7nMehtCB7N97tMHWZd47 - g2a06d5aW7l3HzRDikksUcOB73ruiLsOH3rhbBwMA3/iBlM/DB02vnP59DJ8K3c5Gc5PvA/4qHV2 - wlKd5mxb/VT0q8J+wInYXp88u59VyzgK6MjsjLGCTgzrZSoHj8bw/Y097mcp2d8u4g/f4nYr4PAt - brcTDt1iIE2oinnNlbdp6I3ug1E8ERKrmluh1S3AFOLXVS4yPrgF8gSrx8Cj9hVmTSSTHt2I0zQ7 - 1wB7hILXv/QjFLyGxUco6ISCNtEAc+qtN7SmIRqw/V6F4ppa4nrsQKEoWYzRjl26unROV5fOMV26 - 9oRhbDyto1ykit3oJkCl/4ZRj39jaS3K/9YcVXuZPaEIld9XIRtFTTsWrqUsXjdDjbov1i//sBo0 - +170EvbzCy+qmDbeelfZ4snLeanem/rM1AaiNze/P13sPVmtF0hrN5vNHwAAAP//AwC/FRsvzRsA - AA== - headers: - ATL-TraceId: - - 760716cef6deb1f2 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmst7iJI2AYstjd2mVZljgtsDQIaOosM6ZIjaRie23/+456 + sZu47pYMKwwk4svdPXf33PHee7Asqcy81NMgM9CQveQgMuNLWoDxDZtBQX1VgqaWK2l8yLgtwFKf + zajMQajcvwdt8AyyCyg1GJC2vcsqY1UxdQpv4yiKo0DDnxUYO16VcK4ps5yB53vc2Y/jwxdHuDAg + pricWVuaNAwzmAKzmbpTAbWCGsOpDCTYEC3ZkJY8TEJuTAVhp2AOK5Q/G48ux724n8S4VUMwXvre + M4itMoxayJVeNT5kuEKJJEqSXjToxUfjKErjwzR5ESSD6LsoiSIH0hmxCLxW80yQTj7EUETJ2u12 + kYFhmpcucLh7TExBhfBJxo3lkllScmBA1JQslJ4HTpopeaXFE1FUkrt0UXFL76mlOrznsAhrWBuA + 7VEc7ceDHwz/C74vMO1VgVYdLdDkmJq5y1U1se4rnVJhwPcawVfoVy3rezOOxNFstjqFe0Cs0Uff + sxyZVSJLvFRW6KP3iCb70a6DuDsotbpDV5+ZiVa6zkOd2S4PbvEJezbuXkluLSow3tq2o/Av9V2j + pnZBtSOy4UUpOALOHoUEE1XTrz9Y9gdPhPuFlHWerBPWjw4RRtJfJv3/10pDi5qkaDA+WMYHX8Pg + srO4nyz3k69hsWX+x4/bdEw6Ok758k3TAzHJ1zeY9DzXkGNb2eI6wlGiaqr8syRPDncdDHYdHG0r + b1pas+saRt29vbQX+x4Gx75Bxx1Hmwt14bs4ac4aZO+39hx7MQRmpiqRDbkpBV21HMftBbX4UDQN + 9un12LTvTcMOG3XaVVv9eaIqF8HYQX3rNrjMvdTqytlmGtBZV8LbDbwfDPrrBv44bLvaTLJuM48P + 1gkvNVea29UzHe7Ew/7T+jgvaA4mdBKmU8JxQ6hFYO7zTb86VYuur/W9beYm+50jgk7AdSZH2sev + 9cGOMMS7GBoPXDxm1IxKzk65nL90J0Mo3WQhWceXmkWL+my9I5Uc4WBBJwIugJqGg7r98s5Pr356 + dXZ7+upkdHY5uh1dXPx2gf5haRkMCF4Yz4CcYwuWlji7hBuipFgRLGcunFJiFXnNNSXnGgqsZ1IZ + 5FfwubKOsZy86AOPogEcpl7zXmHuMPibmnpQ4JiGnEsqHl9q56I2vDXLBaLregTmNZewvl2Vrmj/ + BY+bEeaZ1GuE10/fw6njaWzc0O1HyuY4CHaU65Q3tk7aWes/Ae4GtrCbm5LupZbgqM6UUPqsQTMR + FfRyjf1pM64oMlRNslVR4qgqbZuFL+XvYXDeyc1vb8ytgL2UXNekOi45GaM0ST4419AzoRgVM2Vs + OogGUTjlMsOeFSbJ0U0tP6w9R1B3ijhOpHvkHyXJN/jn21r8Eqcp10BQDEu9xTSsgAwRPm4OgQUk + PvCJo9Ia9MnbEZ5d47/eQdyvobossAUEBbcaAqXzEElIXWI4jjyOvCFeDWa2EDXwRs8bp+dKzqVa + fBqUc62yCh/RkcyxLAsMcuii4mxeAqscYPKzWvSs2hGmslWQ3JCQXMcY0N8rqi1oslG5QxQ2NuNa + +o/jc3LJqNxx301z4aDJxsPf3uXKWCgMupGViiNT9tJ6v86QC1hBuTTcQoBkwniZ2URRne26saV/ + uKGV03xMmFJzDgQbJ5kASGLAkgW3+NRaYrGzGRc8IFNBc58sZpzNSAFUGjykzY1WA7r7Tk6AUMaw + NUJG7jklFbKd6VWJvQXvSQnNex60aH79GwAA///sWW1r2zAQ/ismUEihdm0nTtpB6QLbYB/GQgsr + lEFQbKcJjSVj2XVHl//e5yRFddykjDJKPgTywYnku0ene3nugmu+U/0agbmZp5x8y2FWpkA7h9MA + BR0JDMpZ8JkoMvWOIwpKtgyrknId8ux9yk8IFIQvSkcTBocta/aHjufkTCGrJLzaYdxpgEMzxtOl + h8uWdF57On3+35wMQNrIPkBgEMo1RBIoKxhnK1Jz3sY9XCEGUTJgKjq5cZO6rj1RM5mrYEDwpY9e + Ps+VI0PBBPImRu+ElWBH0wquNOn+vBldj93rHy6qq4pRpSAX5L0UAF2WZAt+7HSP/8I5lqX4BNd7 + TUqCXaQk6O9aiNYLlMpKNNX3ih0RW2tt9e3W9oIt9crUiths37ir9PuWnG5UxnZGhcVYPKco3Uo5 + fMtkZZVljGpGp5VgyWRE+ETxznpChf8SAUKU8ntyEc1Yv5cEU9TXaAoIw+F5EIYDKl92EzS8sS2l + +xwlCXSgpnReMLimqfhs/YmEvtkOak/3ULzUNpVgTEsSBWHQTwM/7YXJ+SDuxdEwiM+iJPHZYBak + Z5fJhZJy1Bsdhd/w0e+5GeMmMbqu/kl6lXRrWMQNPcq4Xl5Nl4uYTObmjEmyGN5XBQDsDI9fxu7A + yznhb7eW+4+43ZvuP+J2b7vviJFpEt0RGgbWZDdjM6qheKKcrPs2na1uwcSw/WtVCPTgt8g88fwl + 8GjCglUbyaTHDJwMeStMgj2kgo+/9EMq+AjEh1SwMxVYogGIdzrinmg4a559yBUlMzPnNtHYNeLx + 7YinvWBHJu0FS8xS/rAoBNfsxnSQlflzQX/9J6Qi0xKe1o8m2b0jwTX+Fzldyz3pZOzxKpXVkgQ3 + dKt+vShHpcbxIMr/N9DTwqxQ6EKz80uocYedIYpCDRFIpQWyiTbcgGteUOZZrVbPAAAA//8DAHGh + df3LGgAA + headers: + Atl-Traceid: + - 2eec4697b5449596 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ca40873c-a993-4fe5-bb1d-4425e0fb31af X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '315' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 20d8828b-e8b0-4db9-8437-612e5f366412 - x-envoy-upstream-service-time: - - '151' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -440,95 +344,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11065 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11759 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy9RHE9AMaSJ12ZL08x2WmBpYdDSWWItkQJJRfba/vcd - KSlO3Tpr0wRIxCPv7bnnjvzowLqkPHEiRwJPQELyB4M8UT1OC1A9FWdQ0J4oQVLNBFc9SJguQNNe - nFGeQi7S3i1IhXuQTKCUoIDr5qzTc5ix7Pve8AgXCvIlLjOtSxW5bgJLiHUiPogB1TlVilE+4KBd - tKFdWjI3cJlSFbidgRVsUP9yNp7O+qPjIUqWNlgn+ugodFqpmGpIhdw0wSW4QoXAC/y+F/aD0cwP - okM/8o8GR+HoVy/wPBOj8aE3JVgzj4zR6Lu+53nBXdbtIgEVS1YaRFB6QlRB87xHEqY047EmJYMY - iFiSWsjVwGjHgl/L/HuiUBBXEtxbBjW9pZrK3xX7F54VWKSqeNKIzpNnvnfoj9rlDAN9tk2555hC - o68ZVStTo2qhzVe0pLmCntPZcCJr5HPP0QyJUWKRnYhXmIlTSvEBw3skeq22xc5Wo8POLO4VfBvp - NWdaowHDr1bbJPWXPavEUtdUmsQUK8qcIUOSnWwQXEuZcLQOR98Tbgtz66xFumQGWPy5j3PoHaPn - IFwH4aMN2xJaljxR7f8HfPnDtT/8OV/rzln78YC3w2B9GPyct5acqvvY6+3zZ9Pf6zfNdMGK3bzH - CqaphBT7+isaIqdEXjVt1kjiSmlR2BExRw/B8b6N0dc2mtHRSE1j2vHnRH2/52Ca+g12nOFVc8C2 - k+G0ZHETwMevZIZxmJDKRJUnZ0yVOd20vERxTTVO2maQ/XgPNVPybi66jTVpGsR+norK4OSbSN8a - AeOpE2lZGdexBMzVdN235mQQhN2c3EXN2wenv28j2I4MJiTTm0fm26m74Y+NS1bQFJRrNFRnhKEg - F/VA3abbEXMh6m4UhY7BaCeRwy6RnC7ADBNDzZ1Dpiu/CYO/j4f+yOCRUTUuWXzB+MpexWdQmpuZ - xx1dLIlqu3cn4YKP8WKmixwmQFVDQdl+OVcX1y/OL+cX56fjy+l4Pp5MXk8wP2wghYDggVkG5Aqn - JtfE+CVMEcHzDcGOZLkxSrQgfzJJyZWEAruWVAr5NbA9upvFb2jQ+8Q8LzyWkbPTsgh5yjjNsZhY - jW2Pmb1dWfuuaOG1JM8xum4SYF1TDnenq9L07HfwuHkpPJJ6jfLdbfXl5f5jbNzS7TmNV/iQ6ijX - GW98nbZPmp8KuHsXud3zJOguVw6G6rHIhbxsolnkFfRTieNp+zgQ5Ew0xRZFiU89rtsqPFTTL8F5 - x7e/BzOmcziIyI0l1UnJyAy1SfDJpIaZ5SKmeSaUjkbeyHOXjCc4s9xg5A3fWwNnNnWM6oMghhTR - Afl/VfLU/P3FGpgC0gtnCCpit1vR6dsxrm7wX3/ohzYUg3Jcw6BgWsJAyNRFklEDPMNXiCGni0cH - mS5yG1dj542xc81XXNSd7EqKpMJnzpin2HIFAuiajI2/qbkqMRLyUtR9LfZAULYGgvfEJTc+gvV3 - RaUGSbYm96jC1qdvtf85uSLTmPI9583jyh2O/Abp55LyOHNnNMVgL7H2jbRieXJ+dl90KgqEieD8 - yu6JDdQbpaFQmHtSCobUOYis3FbMIFxQxhXTMEB2RWF4uG9vnxyLorKFoDLpanBXi7MtB43XExIL - sWJgoiQLAE4UaFIzjdeyJhrHYPNwIcucpj1SZyzOSAGUK9ykzYnWAuKHFgiNYxyjkJBbRkmFnRHL - TYlzCI9xDs3VPzChTJCxOGFjiDqm1nU9EDVVpSUW8hTWgzIrLTGQsvOlkPPGmZpTjQ+JRYWlmT99 - /fZketWfvurjTWTJfD25aIw+BMwrwCSTiLwYz95xHPbY2cieiPwHAAD//+xZbWvbMBD+KyZQaEud - 2E6cl8HoQtfBPmyUBTYo+6LYamNmW8Zv3cjy3/ecpKiuG4fRjZIPgVKU6nR3le6ee+4isjr4nl7X - EdUYOLfgpX0lrW73/tFAmERhlwG1t8dAt1qSqCP8LtQddZl4Loew+ITkvZddKkXFtxVPCQ4sZh5X - oImFFwgHciWquRWleI9EnrFETiWSYbegCoXq+IOnFxQdqYUUUCTPYvED+0VhZmVMhkhV4FktxE0j - StCopjzuI4sLijsTZY04JFsUprCv/Su2DpK+okKM7vRTxt35xyRjQUn/52dhRfKDBTShy5J3f74o - eVZQhc+5QhmuhHVem8CVeavREZc2X1zZ7lCLZIKwiODslOFR0zPr9Ow3HjIuxRvgyHP66HbRR3fU - teE3yUKZo2hKHku0uiXqGNH2hiFl8n4lBd0t2EXSHNMsICVZsCJY3cn/nJkRbBKgdpEsqiRhVN17 - rVJIV0bUXOQvrPxE0S4BT0T+0VT5d2w0DN3ldOT4S/g3mcxczxsT0TBCsLBHjNN7zsMQNlD9e48+ - 2LrNe2fQjJTu7bVVePdBM6SYxBK1HPiu54646/ChF87GwTDwJ24w9cPQYeM7l08vw7dSy8lwfuJ9 - wI86Zycs1WXOttWfin5V2A+4EdvrU2T3s2oZRwFdmZ0xVtCN4bws5eDRWL6/scf9LCX/20384Xvc - HgUcvsftccKhewykCVXrrrlyk4be6DkY5RMhseqwFVrdAkwhfl3lIuODWyBPsHpMPBpfYddkMtnR - gzhNs3MNsEcoeP1HP0LBa3h8hIJOKGgTCzCn3npDZ7bEAr7fq1Rc00hcrx0YFCWLsdqhpWtK55gp - XXvDTL3aG4ax8bSOcpEqTqSHAJX+GkZ9/CtP0UhKDevtUqPgC5Cv8QXSYKv3opewn194UcWkuGFb - jlzycl4qP2pR/reRrNJldMIUOtCvQg6szBBY5HIMRBaNH0+d9Z54qw/I29lsNn8AAAD//wMAGuuD - hs0bAAA= - headers: - ATL-TraceId: - - 7303d1cc0f851871 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmst7iJI2AYstjd2mVZljgtsLQIaOoss6ZIjaRie23++456 + sVu77pYMKwwkEo/3/tyje+/BsqQy81JPg8xAQ/acg8iML2kBxjdsBgX1VQmaWq6k8SHjtgBLfTaj + Mgehcv8etEEZZFdQajAgbXuXVcaqYuoM3sVRFEeBhj8rMHa8KuFSU2Y5A8/3uPMfx8fPTvDFgJji + 68za0qRhmMEUmM3UOxVQK6gxnMpAgg3Rkw1pycMk5MZUEHYG5rBC/Yvx6Hrci/tJjEd1CMZL33sG + Y6sMoxZypVdNDhm+oUYSJUkvGvTik3EUpfFxmjwLkkH0XZREkQvSObEYeG3miUE6/RBLESXrtNuX + DAzTvHSFw9NTYgoqhE8ybiyXzJKSAwOipmSh9Dxw2kzJGy0eGUUluWsXFXf0nlqqw3sOi7AOaxNg + K4qjw3jwg+F/wfcFtr0q0KuDBbocUzN3vaom1j2lUyoM+F6j+ALzqnV9b8YROJrNVudwDxhr9OB7 + liOySkSJl8oKc/S2YHIY7RPEnaDU6h2m+sROtNp1H+rOdn1wLx+hZ5PujeTWogHjrX07CP9S3zVq + ahdUOyAbXpSCY8DZVkmwUTX8+oNlf/DIcL/Qsi6TdcP60TGGkfSXSf//9dLAogYpOoyPlvHR13C4 + 7DweJsvD5Gt4bJH/8LALx6SD45QvXzUciE2+fYtNz3MNOdLKDtYxHCWqZso/C/LkeJ9gsE9wsmu8 + obTm1BFGzd5e2ot9D4tjX2HiDqPtBWqR5ht6fPw0NeS7oduwMafdrNSPZ6py+ceOQl+7Ay5zL7W6 + goeWVZ01zVlTlfc7Zy4yvGpmqhLZkJtS0FU7X64rGjBZN8K7BN4PBv01gW+XbR/NJGua2RasG15q + rjS3qyeWrFMP+4/jcV7QHEzoNExnhOOBUIvA3OcbvjpXi47X+t4ucpPDLhFBJ+CYyYF2+2t9tKcM + 8T6ExgNXjxk1o5Kzcy7nz51kCKXbLCTrelZ3clHL1idSyREuFnQi4AqoaXCg2yfv8vzmpxcXd+cv + zkYX16O70dXVb1eYH46WwYLghfEMyCVSsLTE+SXcECXFiuA4c+GMEqvIS64pudRQ4DyTyiBCg8+N + dYzj5EUfeBQN4Dj1toYZS55zSQU2E7uxGTIn2z5r96K2vDWqBUbXcQT2NZewvl2Vbmj/BY6bFeaJ + 0GuU15++T7eOx6FxA7cfKZvjIthBrjPe+Dprd63/FHC3sIXd3pR0X2oJDupMCaUvmmgmooJerpEj + NuuKIkPVNFsVJa6q0rZd+FJPPy3OG7n5HYy5FXCQktsaVKclJ2PUJskHlxpmJhSjYqaMTQfRIAqn + XGbIemGSnLyt9Yd15hjUO0UcJtID8o+a5Bv8822tfo3blCMQVMNRb2MaVkCGGD4eDoEFJD7yiYPS + Ouiz1yOU3eK/3lHcr0N1XWALCApuNQRK5yGCkLrGcFx5HHhDvBrMbCHqwBs7r5ydGzmXavFxUS61 + yir8iI5kjmNZYJFDVxXn8xpY5QImP6tFz6o9ZSpbA8lbEpLbGAv6e0W1BU02JveowsZnXGv/cXpJ + rhmVe+67bS4cNN349HdwvTIWCoNpZKXiiJSDtD6vO+QKVlAuDbcQIJiwXmY2UVRn+27s2B9uYOUs + nxKm1JwDQeIkEwBJDFiy4BY/d5ZYZDbjigdkKmjuk8WMsxkpgEqDQtrcaC1gum/kBAhlDKkRMnLP + KakQ7UyvSuQWvCclNN/UoI3m178BAAD//+xZXWvbMBT9KyZQSKH2bCdO2kHpAttgD2OhhRXKICi2 + 04TGkrHsuqPLf++5kqKmWlJGGSUPgTw4lnR1rnQ/zr3GNd+qeo3AXM9zTrblMStToJyDNkBBKoFB + eQs+E1Wh1niiomDLMCop1iHO3uX8hEBB+KL2dNL22LJlv0k9r2QKWSNh1R7j3gY4FGM8Xwa4bEn6 + Wu20/r84HQDtRucDBAahXEMkgbLB4WxFavTduIdL+CBSBo6KNDdm0rZtIFomS+UMcL78ISjnpTJk + bDCBvInZd8JqMJRpA1OadH9cj67G/tV3H9lV+ajaoBRkveQAXZYVC37sdY//wDiWtfgI0/ublES7 + SEnU3zWQbKagGkX1neJXxJicqaGd6g7sSvWhTfXqDhTj2T7RklMcCkvn5IhbqLAbYV0plsnKpigY + 5YyOE2DpyIjwieqN+YQS/wUchEjpt+w8mbF+L4umyK/JFBCGw7MojgeUvuwk7PDKtJzuc5Rl2AM5 + pfOMwTdFxSdrTyT01XJQW3qA5KWmqQBjSpIkiqN+HoV5L87OBmkvTYZReppkWcgGsyg/vcjOlZSj + 3ugo/oqfXucXjJvA6Pv6lQwa6bc4ET8OKOIGZTNdLlI6Mr9kTNKJYb1KAGBnePw89gdByQm/W1ru + P2K3Nt1/xG5tu++IEWkyXZUZBrbJbsamVUP+RDFZV346Wt2AiWH6l6YSqMFvEGDS+bPjUYcFo9aT + aR/TcDLkrTIB9hAK3v/SD6HgPRAfQsHOUGCJBSDeao97pOaseQ4hV9TM9JxdorGrxRPaFo87YFsm + 7oAlZjm/X1SCa+pjKsjGfFzQf/8F6b2o/18rTguzQrETioyfQrUZbP9MFBry4/rRRNc3A1AfYj6s + 5Z50CvZwmctmSYI3lFUNgqoe1VpxalNSE4FUt+9fLo5frDYLFNrVavUEAAD//wMALTqNj8saAAA= + headers: + Atl-Traceid: + - c8e89d645d917337 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 32dafeca-7711-4da1-a1db-95945e91ca2e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '266' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6e0aa771-495b-4fd0-9a33-771dcf79cd00 - x-envoy-upstream-service-time: - - '140' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -538,174 +445,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2m2W3EQPKrIK7Z5EJEknWEmT0qTCsux/N8XFj9vwzvPM - y5yIVhEPsyOSvKc0RbnZ9GjRpD58BKqSUzEOylOPiRTkE+c4BJ9hBsAoUCjb/fVze/fU/W73y6jz - ROTLChVQwGtBepxcOI7oU3ecMB+4cWHps6SXwfXfCpGrsBWX8FalFeTAWQl1yUXHaglMVjUFgCvg - ANmPOOfebhj/sbuOcVkxyYHW1faHNeO9tyGDgu9Es7VamQorhQ0Y24hG91oJsAZA1bUQGqs/Bcmt - DQ/DrMj6jlWLS4/BqDU+EXeZCPq3Q0vO5y8AAAD//wMABHFArloBAAA= - headers: - ATL-TraceId: - - f2b10bc4c9d574af - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRNsJImpUmFZdn/boqLH7fhneeZ + lzlBq4LezxYkvMc4BbnZ9NroLvb+wxMVrQphUI44HSGDTz2HwbsEU0RKkGC+29687O6fm9/tdhnb + NIF8XaEMMzxk0OvJ+uOoXWyOk04Hbq1f+iS1y2D7bwVkEhhWl/BOxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8oOfU2wzjP/a6QZQ0sTXhovhhu/HBGZ9AXlJhCmNMIWrGOBY1YlkpxmmnsOedEKXGgv8tiHZt + eBxmBes7Ri02PvlOrfEJ7GUC7d72OzifvwAAAP//AwAw8rwQWgEAAA== + headers: + Atl-Traceid: + - 5e1db62fe936262f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e2017812-e2e8-4f05-9a49-3fe0f8971e8e - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 00bea1285e6ff4f0 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fe66fefc-4863-48d7-92ca-bdaa45e877de X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7b43d930-caaa-416b-84fb-03e4d94770da - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -715,93 +515,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - d4a27bc7c17b7047 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 8aa2f9060225669c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5759d82a-225e-47fd-a4d1-6332a738359c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '165' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2551af9d-e378-491f-8d59-2d37409e8b9b - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 3", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/2807]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2807 (2807)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/681]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Reporter:* + "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/230]\n\n*Defect + Dojo link:* http://localhost:8080/finding/230 (230)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -814,53 +615,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1683' + - '1257' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11066","key":"NTEST-877","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11066"}' + string: '{"id":"11760","key":"NTEST-1422","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11760"}' headers: - ATL-TraceId: - - 4ab4e8889680d206 - Connection: - - keep-alive + Atl-Traceid: + - 6459d8f79a3b772c + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:29 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 30aaf59e-8114-45c9-9c72-4b81d1f4201a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '510' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0b59231b-b7d5-4af3-97e9-b78322a8488d - x-envoy-upstream-service-time: - - '473' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -870,95 +677,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-877 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1422 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682G4woohjTxumxpmtlOCywtDFo6S6wlUiCpyG6b/74j - JcVpMmdtmgCJdCLv5bnnHvKLA5uS8sSJHAk8AQnJ7wzyRPU4LUD1VJxBQXuiBEk1E1z1IGG6AE17 - cUZ5CrlIe9cgFX6DZAqlBAVcN2udnsOM5yDwRyN8UZCv8DXTulSR5yWwglgn4pNwqc6pUoxyl4P2 - 0If2aMm80GNKVeB1Dtawxf3n88ls3h8fHqJlZZN1oi+OwqCViqmGVMhtk1yCb7gh9MOg7w/74Xge - hNEgiMLADUfBr37o+yZHE0NvS7Bunpij2e8Fvu+Ht1W3LwmoWLLSIILWI6IKmuc9kjClGY81KRnE - QMSK1EKuXbM7FvxS5t+ThYK4kuBdM6jpNdVU/qbYZ3hZYJOq4lljOk1eBv4gGLevc0z05a7knmMa - jbHmVK1Nj6qlNk/RiuYKek7nw4msk5ueoxkSo8QmOxGvsBKnlOITpvdE9NrdFjvbjQ4783Kn4btM - LznTGh0YfrW7TVF/2bVKrHRNpSlMsaLMGTIkuVcNgmspMxxvhuPvSbeFuQ3WIl0yAyz+3MV56BtW - hsNNOHyyY9tCy5Jnqv3/SKxgtAlGPxdr0wVrHx6JNgg3g/DnorXkVN3D3mg3N2a+N+8adcGOXX3E - DqaphBTn+gENkVMir5oxayxxpbQorEQsMEJ4uO/D+KGPRjoaqxlMK39O1A96Dpap3+HEGV61C6hG - nWxk6McnoNG4W1XzGm/S0Ns+HovKVBkYpXpvDIynTqRlBTeteBlnksVN7V8e2ExiuFRlosqTE6bK - nG7bkUBzLAFrNVP3UCd998XgRaeT91Hz98EZ7PsQ7iSDCcn09omIddu94Y/JJStoCsozO1TnhKEh - F7WrrtOdxJyJupOioWMwulfIoCskp0swYmKoeW+Rmcr/hCHYx8NgbPDIqJqULD5jfG2P4hMozcnM - 465ntpO1/XZr4YJP8GCmyxymQFXDA9k+ORdnl69Pzxdnp8eT89lkMZlO306xPhwghYDggnkG5AJV - k2ti4hKmiOD5luBEstw4JVqQP5mk5EJCgVNLKoUMde2M3q/iBTr0vzLfHx5+jpzmwMDeIfi7kfpm - jLENKeM0v7+ovVe08FpW55hdpwTY15TD7eqqNDP7HTxubgpPpF6z+fa0+vZw/zE27uj2isZrvEh1 - lOucN7GO2yvNTyXc3Yu87noSdocrB0P1WORCnjfZLPMK+qlEjdhdDgQ5EU2zRVHiVY/rtguP9e9b - cD7w3e/BnOkcDiJyZUl1VDIyx91k8NWUhpXlIqZ5JpSOxv7Y91aMJ6h6Xjj2Dz9aBye2dMzqkyCG - FNEB+f+t5Ln5+4t1MAOkF2oIbsRpt6bj9xN8u8J//VEwtKkYlOMa3IJpCa6QqYckowZ4hrcQQ04P - l7qZLnKbV+PnnfFzyddc1J3tQoqkwmvOhKc4cgUC6JmKTbyZOSoxE/KHqPta7IGgbB2EH4lHrgIE - 6++KSg2S7Fzu2Qq7mIHd/c/RBZnFlO9Zby5X3mgcNEi/kpTHmTenKSZ7jr1vrBXLk9OTu6ZjUSBM - BPUru2M2UG+VhkJh7UkpGFLnILJ22zGDcEEZV0yDi+yKhsPBvm/77NgUlS0FlUnXg9tenOw4aKIe - kViINQOTJVkCcKJAk5ppPBs10SiDzcWFrHKa9kidsTgjBVCu8CNtVrQeED/0QGgco4xCQq4ZJRVO - Riy3JeoQLuMcmvPXNalMkbGosDFEHVPrunZFTVVpiYU8hY1bZqUlBlJ2sRJy0QRTC6rxNF9W2JrF - 87fvj2YX/dmbPp5ElsyX07PG6WPAvAEsMonI68n8A0exx8lG9kTkXwAAAP//7Flta9swEP4rJlBo - S+3YTpyXwehC18E+bJQFNij7othqY2Zbxi/pRpb/vuckRU2cOIxulHwIlKJE0t1JunvuuYvIF+H3 - 7HYRU46BcVNe2TdS63ruHxVEaRy1KVBzBxS0i6UVixj/S3VHbSp218EtPiF4H2WVSl7xbc4zggOL - mccVKGJhBdyBTIkX3IozvEcq91iioBTJMFtShkJ2/MGzK/KOzEIIKKZlseSJ/SI3s3ImXaQu8awW - /GbDS1CoZjxxEMUl+Z3xsg0/JF3kptCv7SvXBpK8soaP7rVT+t3lxzRnYUXn/CysWH6wgCZ0WfLu - L6cVz0vK8AVXKMPVYh3XxnFl3Gp0xKVNpje219NLckFYRHB2zvCo2YV1fvEbD5lU4g1wZJc+em30 - 0euvJyi3VAVyoyS8RGGbS4MWGW7rhCFl8n4lBd2/sI2kuaZY2OIwzdyHeGXhnDB3Lzl0x8aOOk0Z - ZfdOIxXSlRE1F8ULMz9RtGvAE5UPKKqCB9bvRd5s1HeDGUwYDsee7w+IaJhF0HBgGaf3nEQRdCD7 - d55tsHWZ986gGQk9WGsr93ZAM+QyiSVq2A083+tzz+U9PxoPwl4YDL1wFESRywYPHh9dR2+llLPe - 5Mz/gD+1z05ZptOcbauvSqcu7SfciO075NlOXs+SOKQrs3PGSrox7JepHDwaw/d39sDJM7K/WcQf - v8XNVsDxW9xsJxy7xYCgSNXPmitv0tA73QejeCIkVjW6grF7gCmW39aFyHn3HsgTzp8Dj9pXmDWR - THp0I07T7EID7AkKXv/RT1DwGhafoKAVCgzRgImPKuKW1PnWYxdyRcUSjHYpkgua1VmuOrsTbV06 - 13TpmhOm69WcMIyNZ4u4EJmiPboJUOufYdTHvznCQlT/rZmqZBmZUITK76uQjSLTAUXhKi1eroca - dV+sX/5g1V3Lveqk7OcXXtYJCd44q2zxFNWkUuemPjO1gejk5vvtzf7Wbr1BWrtarf4AAAD//wMA - oNHOZc0bAAA= - headers: - ATL-TraceId: - - 51978c07cb8595da - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN3uJI2AYstjdumVZljgtsLQIaOossaZIjaRie23/+456 + sRsn7pYMKwqkFsm7e+7uuYd878GqpDL1Ek+DTEFD+oKDSE1P0gJMz7AcCtpTJWhquZKmBym3BVja + YzmVGQiV9e5AG9yD9BJKDQakbc+yylhVzJ3D2ygMo9DX8GcFxk7XJVxoyixn4PU87uJH0dFhiB8G + xBw/c2tLkwRBCnNgNlXvlE+toMZwKn0JNsBINqAlD+KAG1NB0DlYwBrtz6eTq2k/GsYxLtUQjJe8 + 9wxiqwyjFjKl100OKX6hRRzGcT8c9aPjaRgm0VESH/vfhkffhHHo3NZBLAKv3TwTpLMPsBShQ9Wk + 3X6kYJjmpSscrp4QU1AheiTlxnLJLCk5MCBqTpZKL3xnzZS81uKJKCrJXbuouKV31FId3HFYBjWs + LcB2KwoH0eh7w/+C7wpse1VgVEcLDDmlZuF6Vc2s+5XMqTDQ8xrDl5hXbdvzco7E0Sxfn8EdINbw + Y8+zHJlVIku8RFaYo7dDk0G4byPqNkqt3mGqz+xEa133oe5s14cd9mzTvZbcWnRgvE1sR+Ff6rNG + ze2Sakdkw4tScASc7pQEG1XTbzhaDUdPhPuZlnWZbBo2DI8QRjxcxcP/N0pDi5qkGDA6XEWHXyLg + qos4iFeD+EtEbJn/8eNDOsYdHed89arRQGzyzVtsepZpyFBWHnAd4ShRNVP+KMnjo30bo30bxw+d + N5LWrDrBqNXbS/pRq2OuKpqzBsf7B2uOq5iwyVUl0jE3paDrltG4vKQWr4VGTp8+fY1Yb+U5aNxp + N1v1z1NVuXrVUF+7BS4zL7G6crHRqX2FbXMT1lZDAybrRvgxAY+jqBPw3bLtk5l4IzO7G5uGl5or + ze36mSXozIPh03ScFzQDEzgL0znhuCDU0jd32VavztSy07Wh95C58aBLRNAZOGVypN29rQ/3lCHa + x9Bo5OqRUzMpOTvjcvHC7YyhdC8LyToG1bxa1nubFankBB8WdCbgEqhpWKnbX97F2fWPL89vz16e + Ts6vJreTy8vfLjE/HC2DBcED0xzIBUqwtMTFJdwQJcWa4Dhz4ZwSq8jPXFNyoaHAeSaVQcb5j411 + hOPkhR94GI5gnnjNfYW9w+JvZ+regGMbMi6p2D3Uvova8ta8F4iu0wjsayZhc7oq3dD+Cx43T5hn + Uq8x3lx9918dT2Pjlm4/ULbAh2BHuc55E+u0fWv9J8Ddgy3o3k1xd1NLcFRnSih93qCZiQr6mUbF + 2j5XFBmrptmqKPGpKm3bhc/1735x3sjtv4MptwIOEnJTk+qk5GSK1mTwwaWGmQnFqMiVsckoHIXB + nMsUVSyIB+Hb2n5cZ46g3iniOJEckH+0JF/hn69r8yt8TTkBQTMc9RbTuAIyRvi4OAbmk+iwRxyV + NqBPX09w7wb/6x9Gwxqq6wJbgl9wq8FXOguQhNQ1huOTx5E3wKN+bgtRA2/8vHJ+ruVCquWnRbnQ + Kq3wEp3IDMeywCIHriou5hWwygEmP6ll36o9ZSpbB/FbEpCbCAv6e0W1BU22LveYwjZmVFv/cXJB + rhiVe86711wwOt4k9UkaV2tjoTCYRloqjkw5SOr1ukOuYAXl0nALPpIJ62XymaI63Xfigf/xllbO + 8wlhSi04EBROMgOQxIAlS27x8rXEorIZVzwgc0GzHlnmnOWkACoNbtLmROsB030jZ0AoYyiNkJI7 + TkmFbGd6XaK24Dkpobnh/RbNr38DAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8ZCCyuUQVBs + pwmNJWPZdUeX/97nJEVNvLiMMko+BPLBieS7R6d7ee6Ca75T/RqBuVmknHzLYVamQDuH0wAFHQkM + ylnyuSgy9Y4jCkq2DKuSch3y7H3KzwgUhC9LR1MIh61q9puO5+RMIaskvNph3NkCh2aMpysPly3p + vPZ0+vy/OBmAtJF9gMAglBuIJFBWMM5epOa8W/dwhRhEyYCp6OTGTeq69kTNZK6CAcGXPnr5IleO + DAVTyJsavVNWgi/NKrjStPvjZnw9ca+/u6iuKkaVglyQ91IAdFmSLfmp0z39A+dYleIjXO9vUhK0 + kZKgv1mgjFWid75XtIhoWnNr1CLDb12wpV6ZWhGb/RvbSr9vySmMwuIFBeJeVuFbsrpTQpupV1ZZ + xqhmdBoJlkxGhE8Ub6wnVPgvESBEMr8lF9Gc9XtJMBv1/WgGfMPheRCGao5gN0HDK9tSus9xkkAH + akrnBYNrmopP1p9I6KvtoPZ0D8VLbVMJxrQkURAG/TTw016YnA/iXhwNg3gUJYnPBvMgHV0mF0rK + SW98En7FR7/nZoybxOi6+ifpVdKtYRE39Cjjenk1Wy1jMpmbMybJYnhfFQCwMzx+nrgDL+eEv9la + Hj7iZm96+Iibve2hI0YKSnSPaBjYNruZmFENxRPlZN3J6TR2CyaG7V+qQqAHv0XmiRcvgUcTFqza + SCY9ZuBkyFthEuwxFbz/pR9TwXsgPqaC1lRg+QMg3umIe6LhrHn2IVeUzMycmyykbcTj2xFPc8GO + TJoLlpil/GFZCK6pj+kgK/Pngv76T0hFpiU8bR5NsntDgtv6X+TDRu5ZJ2OPV6msViR4S7fq14ty + XGocD6L8fyM+LcwKhS40Oz+FGnfYqaIo1BCBVFogu2jDHbjmBWWe9Xr9DAAA//8DAFQSiN/LGgAA + headers: + Atl-Traceid: + - 3db187f275a354f2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:30 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 39cbfc32-6b10-408c-b1a2-38978aa3df0c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '292' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1df31c5d-7cf8-459d-b2d8-8e711ee60955 - x-envoy-upstream-service-time: - - '145' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -968,95 +778,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682G4woohjTxumxpmtlOCywtDFo6S2wkUiCpyG7a/74j - JcWpM2dtmgCJeOS9PffckbcOrEvKEydyJPAEJCS/M8gT1eO0ANVTcQYF7YkSJNVMcNWDhOkCNO3F - GeUp5CLt3YBUuAfJFEoJCrhuzjo9hxnLQeCPRrhQkK9wmWldqsjzElhBrBPxSbhU51QpRrnLQXto - Q3u0ZF7oMaUq8DoD17BB/fP5ZDbvjw8PUbKywTrRraPQaaViqiEVctMEl+AKFUI/DPr+sB+O50EY - DYIoDNxwFPzqh75vYjQ+9KYEa+aJMRp9L/B9P7zLul0koGLJSoMISo+IKmie90jClGY81qRkEAMR - K1ILee0a7VjwS5l/TxQK4kqCd8OgpjdUU/mbYp/hZYFFqopnjeg0eRn4g2DcLucY6Mttyj3HFBp9 - zam6NjWqltp8RSuaK+g5nQ0nska+9hzNkBglFtmJeIWZOKUUnzC8J6LXalvsbDU67MziXsG3kV5y - pjUaMPxqtU1Sf9mzSqx0TaVJTLGizBkyJNnJBsG1lBmO18Px94Tbwtw6a5EumQEWf+7jPPQNK8Ph - Ohw+2bAtoWXJM9X+f8RXMFoHo5/zte6ctR+PeBuE60H4c95acqruY6+3r19Nf6/fNdMFK3b1ESuY - phJS7OsHNEROibxq2qyRxJXSorAjYoEewsN9G+OHNprR0UhNY9rx50T9oOdgmvoddpzhVXPAtpPh - tGRxE8DtA5lhHCakMlHlyQlTZU43LS9RXFONk7YZZD/eQ82UvJuLXmNNmgaxn8eiMjgFJtL3RsB4 - 6kRaVsZ1LAFzNV33cE767ovBi25O7qLm74Mz2LcRbkcGE5LpzRPz7dS94Y+NS1bQFJRnNFRnhKEg - F7WrbtLtiDkTdTeKho7BaCeRQZdITpdghomh5s4h05X/CUOwj4fB2OCRUTUpWXzG+LW9ik+gNDcz - jzu6WBLVdu9OwgWf4MVMlzlMgaqGgrL9ci7OLl+fni/OTo8n57PJYjKdvp1ifthACgHBA/MMyAVO - Ta6J8UuYIoLnG4IdyXJjlGhB/mSSkgsJBXYtqRTyy7U9upvFCzTof2G+Pzz8HDk7LYuQp4zTHIuJ - 1dj2mNnblbXvihZeS/Ico+smAdY15XB3uipNz34Hj5uXwhOp1yjf3VbfXu4/xsYt3V7R+BofUh3l - OuONr+P2SfNTAXfvIq97noTd5crBUD0WuZDnTTTLvIJ+KnE8bR8HgpyIptiiKPGpx3Vbhcdq+i04 - H/j292DOdA4HEbmypDoqGZmjNhl8MalhZrmIaZ4JpaOxP/a9FeMJziwvHPuHH62BE5s6RvVJEEOK - 6ID8vyp5bv7+Yg3MAOmFMwQVsdut6Pj9BFdX+K8/CoY2FINyXINbMC3BFTL1kGTUAM/wFWLI6eFR - N9NFbuNq7Lwzdi75NRd1J7uQIqnwmTPhKbZcgQB6JmPjb2auSoyE/CHqvhZ7IChbA+FH4pGrAMH6 - u6JSgyRbk3tUYeszsNr/HF2QWUz5nvPmceWNxkGD9CtJeZx5c5pisOdY+0ZasTw5PbkvOhYFwkRw - fmX3xAbqjdJQKMw9KQVD6hxEVm4rZhAuKOOKaXCRXdFwONi3t0+ORVHZUlCZdDW4q8XJloPG6xGJ - hbhmYKIkSwBOFGhSM43XsiYax2DzcCGrnKY9UmcszkgBlCvcpM2J1gLihxYIjWMco5CQG0ZJhZ0R - y02JcwiPcQ7N1e+aUKbIWJywMUQdU+u6dkVNVWmJhTyFtVtmpSUGUnaxEnLROFMLqvEhsaywNIvn - b98fzS76szd9vIksmS+nZ43Rx4B5A5hkEpHXk/kHjsMeOxvZE5F/AQAA///sWW1r2zAQ/ismUGhL - ndhOnJfB6ELXwT5slAU2KPui2GpjZlvGL+lGlv++5yRZdd04jG6UfAiUolTS3fV099xzF5Gtg+/p - 9TqiGgPjFry0r6TWeu8fFYRJFHYpUHt7FHSLpRPrCL8L5aMuFc/PISw+IXnvZZdKUfFtxVOCA4uZ - xxVoYmEFwoFMidbcilK8RyLvWCKnEsmwW1CFQnX8wdMLio7UQgookmex+IH9ojCzMiZDpCrwrBbi - phElaFRTHveRxQXFnYmyRhySLgpT6Nf2FbWBJK+oEKM77ZRxd/4xyVhQ0v/5WViR/GABTchZ0vfn - i5JnBVX4nCuU4eqwzmsTuDJvNTrCafPFle0O9ZFMEBYRnJ0yPGp6Zp2e/cZDxqV4Axx5Th/dLvro - jpqcoMxRGyVdJfbcPup3yHA6N7pImWNImXS85Ka7D5pmob0xqzeQqyxYEd7u6FnaRbKokoRRde+1 - SiG5jKi5yF9Y+YmiXQKeiPyjqfLv2GgYusvpyPGXsHcymbmeNyaiYQ5Bw55jnN5zHobQgerfe7TB - 1m3eO4NmJHRvr63Cuw+aIY9JLFHLge967oi7Dh964WwcDAN/4gZTPwwdNr5z+fQyfCulnAznJ94H - /Kh7dsJSXeZsW/2p6FeF/QCP2F6fIrufVcs4CshldsZYQR7DfVnKwaOxfH9jj/tZSva3m/jDt7g9 - Cjh8i9vjhEO3GBAUqtZdc+UmDb3RczDKJ0Ji1WErGLsFmOL4dZWLjA9uATDB6jHxaHyFXZPJpEcP - 4jTNzjXAHqHg9R/9CAWvYfERCjqhoE00wJx6my3dqYkFbL9XqbihkbheO1AoShZjtUNK15TOMVO6 - 9oaZerU3DGPj6TrKRaqojx4CVPprGPXxryxFIyklbOqlRsEXIF/jC6RBLfeil7CfX3hRxSS4oVuO - XPJyXio71qL8byNZJcvIhCp0oF+FHFiZIbDI5RiINBo7nhrrPbFWX5De2W63fwAAAP//AwCUIRdg - zRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3uJI2AYstjdsmVZljgtsLQIaOoss6ZIjaRie23++456 + sVun7pYMKwqkFo/3/tzDe+fBqqQy81JPg8xAQ/aCg8iML2kBxjdsDgX1VQmaWq6k8SHjtgBLfTan + Mgehcv8etEEZZFdQajAgbXuXVcaqYuYM3sVRFEeBhj8rMHayLuFSU2Y5A8/3uPMfx0eHEX4YEDP8 + nFtbmjQMM5gBs5l6qwJqBTWGUxlIsCF6siEteZiE3JgKws7AAtaofzEZX0968SBJ8KgOwXjpO89g + bJVh1EKu9LrJIcMv1EiiJOlFw158PImiND5Kk+Pg2+jomyiJnNnaicXAazPPDNLph1iKyEXVpN1+ + ZGCY5qUrHJ6eEFNQIXyScWO5ZJaUHBgQNSNLpReB02ZK3mjxxCgqyV27qLij99RSHd5zWIZ1WNsA + W1Ec9ePh94b/Bd8V2PaqQK8OFuhyQs3C9aqaWvcrnVFhwPcaxTPMq9b1vTlH4Gg2X5/DPWCs0YPv + WY7IKhElXiorzNHbgUk/2ieIO0Gp1VtM9ZmdaLXrPtSd7fqwg55tujeSW4sGjLfx7SD8S33XqJld + Uu2AbHhRCo4BZzslwUbV8BsMV4PhE8P9TMu6TDYNG0RHGEYyWCWD/9dLA4sapOgwPlzFh1/C4arz + 2E9W/eRLeGyR//DwGI5JB8cZX71sOBCbfPsGm57nGnKklUdYx3CUqJop/yTIk6N9guE+wfFj4w2l + NaeOMGr29tJe7HtYHPsSE3cYbS7Ug+/qpDlrInv36MyhF0tg5qoS2YibUtB1i3E8XlKLD0VDsE+f + x4a+t4QdNua0m7b656mqXAVjF+ord8Bl7qVWV84304DJuhH+FIEncdwR+G7Z9tFMsqGZXcGm4buC + /paYuNLcrp9ZiU49HDyN4HlBczCh0zCdEY4HQi0Dc59viexcLTvCG3gPDgxTcMzkQLv7Wh/uyTbe + h9B46NKeUzMuOTvncvHCSUZQus1Csg4vNYqWtWxzIpUc42JBpwKugJoGg7r95V2e3/x4dnF3fnY6 + vrge342vrn67wjRwtAzmjRcmcyCXSMHSEueXcEOUFGuC48yFM0qsIj9zTcmlhgLnmVQG8RV8aqxj + HCcves+jaAiz1GveK2wR1ng7Ux8NOFY755KK3UvtXtSWt0a5wOg6jsD25RI2t6vSDe2/wHGzwjwT + YY3y5un7eOt4Gui2qPqBsgUugh2yOuONr9N21/pPAXcLW9jtTUn3UktwiGZKKH3RRDMVFfRyjfy0 + XVcUGamm2aoocVWVtu3C5/r3cXFey+2/gwm3Ag5ScluD6qTkZILapP/epYaZCcWomCtj02E0jMIZ + lxlyVpj0oze1/qjOHIN6q4jDRHpA/lGTfIV/vq7Vr3GbcjyBajjRbUyjCsgIw8fDEbCAxIc+cVDa + BH36aoyyW/yvdxgP6lBdF9gSgoJbDYHSeYggpK4xHFceB94QrwZzW4g68MbOS2fnRi6kWn5YlEut + sgof0bHMcSwLLHLoquJ8XgOrXMDkJ7XsWbWnTGVrIHlDQnIbY0F/r6i2oMnW5B5V2PqMa+0/Ti7J + NaNyz323zYXD401SH6RxvTYWCoNpZKXiiJSDtD6vO+QKVlAuDbcQIJiwXmY+VVRn+248sj/awspZ + PiFMqQUHgsRJpgCSGLBkyS0+tZZYZDbjigdkJmjuk+WcszkpgEqDQtrcaC1guq/lFAhlDKkRMnLP + KakQ7UyvS+QWvCclNO950Ebz698AAAD//+xZUWvbMBD+KyZQSKF2bSdO0kHpAttgD2OhhRXKICi2 + 04TGkrHsuqPLf+93kqKmblxGGSUPgTw4lnT67nR3+u6MY75V9RqBuV6knHzLYVamQDkHbYCCVAKD + cpZ8LopMrXFEQcmWYVRSrkOevUv5CYGC8GXpaMLgsFXN/pB6Ts4UskrCqx3GnS1wKMZ4uvJw2JL0 + tdpp/X9zMgDtRvYBAoNQbiCSQFnBODuRGn23zuESMYgrA6YizY2b1HXtiZrJXAUDgi998PJFrhwZ + G0whb2r2nbIS7GhWwZWm3Z/X46uJe/XDBRtQMao2yAV5LwVAlyXZkh873eO/cI5VKT7B9V6TkqCN + lAT9toFoM0CprERRfafYEbG1xlTfTm0O2KtemVrxl90T265+35JTGIXFCwrEHVS4mWGbUiyTlVWW + MbozOo0ESyYjwieKd94ndPFfIECIUn5PzqM56/eSYDbq+9EMEIbDsyAMVR/BTsIOb0xL6TzHSYI9 + cKd0njG4pqj4bP2JhL5ZDmpP93B5qWkqwZiSJArCoJ8GftoLk7NB3IujYRCPoiTx2WAepKOL5FxJ + OeqNj8Jv+Ol1bsa4SYyuq19Jr5JuDYu4oUcZ18ur2WoZk8ncnDFJFsN6dQGAneHxy8QdeDkn/M3S + cv8RN2vT/UfcrG33HTEyTaIrQsPAttnNxLRqKJ4oJ+u6TWerGzAxTP9aFQI1+A0yT7x4DjzqsGDU + RjLtYxpOhrwVJsEeUsHHH/ohFXwE4kMqaE0FllgA4q2OuEdqzppnH3JFyUzPuUk02lo8fluLx7ct + nuaAJWYpv18WgmvqYyrIynxc0H//Bem9KP9fI00Ls0KxE4qMX0K1GTa9O7iQhvy4eTTZ9d0A1IeY + 043ck07GHi5TWa1I8JayqkFQlONSK05tSmoikOr2/cvF4YvVZoFCu16vnwAAAP//AwC7wxA/yxoA + AA== headers: - ATL-TraceId: - - cd271fb49aca2b68 - Connection: - - keep-alive + Atl-Traceid: + - 95dc207e7bebf254 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:30 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ed085cb4-851a-4fe0-8eb0-78233f04de5f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '219' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 25fa9283-3a12-4502-92e5-7fb47473d861 - x-envoy-upstream-service-time: - - '163' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1066,174 +880,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtNssuYkeVGQV2j2JSD6mWEmT0qbCsux/N8WF1dvwzvPM - y5xAq5kOkwMJnzGOs9xsLHVkog1foVDRqXnulS88Rcjgm6a5Dz7BDJEVWGDe7G9fm4eX9rrdL4NO - E8i3Fcoww/cMLI0uHAfysT2OlA7cubDYJOmld/ZXAbkKW3EJ71VcQY6c5VjlXLSskshkWRWIeIMc - MfkzTam37Yd/7K5lXJZM8rLA+sqa4dF3IYGC70S97bQyJZWKajRdLWpttRLYGURVVUJoKv8URLc2 - PPWTgvWdTi0uPgej1vgE7jIB+Y9DA+fzDwAAAP//AwBuUfKyWgEAAA== - headers: - ATL-TraceId: - - c130c3f1dfebbfdc - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUVAuCkpYyX7YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwCkIH3qWgEAAA== + headers: + Atl-Traceid: + - 45e1d5a65fe763ee + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4d1d1cef-8d0f-4d92-bd36-2ada9b93b6b0 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - c5cadda8ed01f752 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3a499f60-bb8a-407b-be0a-a00defdef063 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '118' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bc3a7116-4ef2-46d1-94cf-1e92e2ccd45c - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1243,94 +950,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682G4woohjTxumxpmtlOCywtDFo6S6wlUiCpyG7a/74j - JcVpMmdtmgCJeOS9PffckTcObErKEydyJPAEJCS/M8gT1eO0ANVTcQYF7YkSJNVMcNWDhOkCNO3F - GeUp5CLtXYNUuAfJFEoJCrhuzjo9hxnLQeCPRrhQkK9wmWldqsjzElhBrBPxSbhU51QpRrnLQXto - Q3u0ZF7oMaUq8DoDa9ii/vl8Mpv3x4eHKFnZYJ3oxlHotFIx1ZAKuW2CS3CFCqEfBn1/2A/H8yCM - BkEUBm44Cn71Q983MRofeluCNfPEGI2+F/i+H95m3S4SULFkpUEEpUdEFTTPeyRhSjMea1IyiIGI - FamFXLtGOxb8UubfE4WCuJLgXTOo6TXVVP6m2Gd4WWCRquJZIzpNXgb+IBi3yzkG+nKXcs8xhUZf - c6rWpkbVUpuvaEVzBT2ns+FE1sjXnqMZEqPEIjsRrzATp5TiE4b3RPRabYudrUaHnVncKfgu0kvO - tEYDhl+ttknqL3tWiZWuqTSJKVaUOUOGJPeyQXAtZYbjzXD8PeG2MLfOWqRLZoDFn7s4D33DynC4 - CYdPNmxLaFnyTLX/H/EVjDbB6Od8bTpn7ccj3gbhZhD+nLeWnKr72Ovt61fT35t3zXTBil19xAqm - qYQU+/oBDZFTIq+aNmskcaW0KOyIWKCH8HDfxvihjWZ0NFLTmHb8OVE/aOeFYbBkcePu5oHM8AvD - V5mo8uSEqTKn25aFKEag9DvsWcPM1gXVOGmbQfbjPdRMydu56DXWpGkQ+3ksKoOTjf29ETCeOpGW - lQkmloC5mq57OCd998XgRTcn76Pm74Mz2LcR7tsY7GYJE5Lp7ROB6NS94Y/NUVbQFJRnNFRnhKEg - F7WrrtPd7DkTdTejho6t5BLMMDHUvJeU6cr/zDbYx8NgbNLOqJqULD5jfG2v4hMozc3M445Alla1 - 3buVcMEneDHTZQ5ToKohpWy/nIuzy9en54uz0+PJ+WyymEynb6eYBjaQwrzxwDwDcoFTk2ti/BKm - iOD5lmBHstwYJVqQP5mk5EJCgV1LKoX8cm2P3s/iBRr0vzDfHx5+jpzmwsASIca7lvqmjRHtlHGa - 3z/UvitaeC3Jc4yumwRYvpTD7emqND37HTxuXgpPZFijfHtbfXu5/xjpdqx6ReM1PqQ6ZnXGG1/H - 7ZPmpwLu3kVe9zwJu8uVg2F0LHIhz5tolnkF/VTiwNo9DgQ5EU2xRVHiU4/rtgqP1e9bcD7w3e/B - nOkcDiJyZUl1VDIyR20y+GJSw8xyEdM8E0pHY3/seyvGE5xZXjj2Dz9aAyc2dYzqkyCGFNEB+X9V - 8tz8/cUamAHSC0cFKmJTW9Hx+wmurvBffxQMbSgG5bgGt2Bagitk6iHJqAGe4SvEkNPDo26mi9zG - 1dh5Z+xc8jUXdSe7kCKp8Jkz4Sm2XIEAeiZj429mrkqMhPwh6r4WeyAoWwPhR+KRqwDB+ruiUoMk - O5N7VGHnM7Da/xxdkFlM+Z7z5nHljcZBg/QrSXmceXOaYrDnWPtGWrE8OT25KzoWBcJEcH5ld8QG - 6q3SUCjMPSkFQ+ocRFZuK2YQLijjimlwkV3RcDjYt7dPjkVR2VJQmXQ1uK3FyY6DxusRiYVYMzBR - kiUAJwo0qZnGi1oTjWOwebiQVU7THqkzFmekAMoVbtLmRGsB8UMLhMYxjlFIyDWjpMLOiOW2xDmE - xziH5jHgmlCmyFicsDFEHVPrunZFTVVpiYU8hY1bZqUlBlJ2sRJy0ThTC6rxabGssDSL52/fH80u - +rM3fbw5LZkvp2eN0ceAeQOYZBKR15P5B47DHjsb2RORfwEAAP//7Flta9swEP4rJlBoS+3YTpyX - wehC18E+bJQFNij7othqY2Zbxi/pRpf/vuckWU2dOIxulHwIhKBE8t3ldPfccxeRr8Lv2fUqphoD - 4+a8sq+k1mbvHxVEaRx1KVB7exR0i6UTqxjvpfJRl4rtcwiLT0jee9mlUlR8W/KM4MBi5nIFmlhY - gXAgU+IVt+IM95HKZyxRUIlk2C2pQqE6/uDZBUVHZiEFFO2zWPLAflGYWTmTIVKXuFYLcbMRJWhU - M544yOKS4s5E2UYcki4KU+jX9pWNgSSvrBGjO+2UcXf+Mc1ZWNHv/CysWH6wgCbkLOn783nF85Iq - fMEVynB1WOe1CVyZtxod4bTZ/Mr2BvpILgiLCM5OGS41O7NOz37jIpNKvAGObNNHr4s+esNmg2pL - VaA2SrpKfLp9NOiQ4XZuGFIm/SuZ5u6DXSTNNc0CUpKFS4LVHa1Juxa2pUyNHXWaMqruvVYpJJcR - NRfFCys/UbRLwBORfzRVwR0bDiJvMRm6wQImjMdTz/dHRDTMIWjYc4zTfc6iCDpQ/XtPNti6zXtn - 0IyE7u21VXg7oBnymMQStewHnu8NuefygR9NR+EgDMZeOAmiyGWjO49PLqO3UsrJYHbif8BLPWen - LNNlzrbVV6VTl/YDPGL7DkW2k9eLJA7JZXbOWEkew/OylINHY/n+xh45eUb2t5v4w7e4PQo4fIvb - 44RDtxgQFKlmXnPlTRp6o+dglE+ExKrDVjB2CzDF8eu6EDnv3wJ5wuVT4tH4Crsmk0mPHsRpml1o - gD1Cwetf+hEKXsPiIxR0QoEhFjDxXmXcI02+9dqFXFGxBKttiuSCZvUe173tja4pnds1pXPNlK69 - YRgbz1ZxITLFifQQoNZ/w6iPf/UT0EhKCY/NUqPgC5Bv4w+kfiP3opeyn194WSckeEO3HLkU1axS - dqxE9d9GskqWkQlV6EC/CjmwasbCNGemMRBpNHY8N9Z/Zq1+QHpnvV7/AQAA//8DALBD+BHNGwAA - headers: - ATL-TraceId: - - 11ff73b05e120324 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW8bNwz+K8J92jL73uwlzgHDkMXu1i3LssRpgaVFIOvoO9U66SbpYntt//uo + e7EbJ+6WDCsKpD5RJB+SDym+92BVUpl6iadBpqAhfcFBpKYnaQGmZ1gOBe2pEjS1XEnTg5TbAizt + sZzKDITKenegDcogvYRSgwFp27usMlYVc2fwNgrDKPQ1/FmBsdN1CReaMssZeD2PO/9RdHQY4ocB + McfP3NrSJEGQwhyYTdU75VMrqDGcSl+CDdCTDWjJgzjgxlQQdAYWsEb98+nkatqPhnGMRzUE4yXv + PYPYKsOohUzpdRNDil+oEYdx3A9H/eh4GoZJdJTEx/634dE3YRw6s7UTi8BrM88E6fQDTEXoUDVh + tx8pGKZ56RKHpyfEFFSIHkm5sVwyS0oODIiak6XSC99pMyWvtXgiikpyVy4qbukdtVQHdxyWQQ1r + C7AVReEgGn1v+F/wXYFlrwr06miBLqfULFytqpl1v5I5FQZ6XqP4EuOqdXtezpE4muXrM7gDxBp+ + 7HmWI7NKZImXyApj9HZoMgg7QanVO4zomQlvtet01wXs0r1Dkm1U15JbiwaMt/HtmPpLfdeouV1S + 7fhqeFEKjoDTncixHjXLhqPVcPREuJ+pTBfJpi7D8AhhxMNVPPx/vTTVr7mIDqPDVXT4JRyuOo+D + eDWIv4THluAfPz6kY7SPp3EnmPPVq2YGYvVv3iIbskxDhmPlAdcRpxJV0+WPWo2P9glG+wTHD403 + I605dQOjnt5e0o/aOebSpTlrcLx/cOZIjJkwuapEOuamFHTdUh2PMe/2FebU0b91QS0+FM2AfXqj + NuN7O7CDxpx2bVj/PFWVy2AN/rU74DLzEqsrh4ZpwGBdbz82wOMo6gb4bto2Y2ZXsK/g8abgpeZK + c7t+ZsCdejB82hznBc3ABE7DdEY4Hgi19M1dth1kZ2rZDbyh95DS8aALRNAZuJHlSLv7Wh/uSUO0 + j6HRyOUjp2ZScnbG5eKFk4yhdJuFZB2Dal4ta9nmRCo5wcWCzgRcAjUNK3X7y7s4u/7x5fnt2cvT + yfnV5HZyefnbJcaHrWUwIXhhmgO5wNksLXF+CTdESbEm2OdcOKPEKvIz15RcaCiw0UllkF/+Y/0e + YTt54QcehiOYJ17zXmHtMPnbnrrX4FiGjEsqdi+1e1Gb3prlAtF1MwLrmknY3K5K17T/gsfNCvNM + 6jXKmzfx/tbxNDZu6fYDZQtcBDvKdcYbX6ftrvWfAHcLW9DtTXH3hEtwVGdKKH3eoJmJCvqZxom1 + XVcUGaum2KoocVWVtq3C5+p3Pzlv5PbfwZRbAQcJualJdVJyMkVtMvjgQsPIhGJU5MrYZBSOwmDO + ZYozK4gH4dtaf1xHjqDeKeI4kRyQf9QkX+Gfr2v1K9ym3ABBNWz1FtO4AjJG+Hg4BuaT6LBHHJU2 + oE9fT1B2g//1D6NhDdVVgS3BL7jV4CudBUhC6grDcRdy5A3wqp/bQtTAGzuvnJ1ruZBq+WlSLrRK + K3xdJzLDtiwwyYHLivN5BaxygMlPatm3ak+aytZA/JYE5CbChP5eUW1Bk63JPaqw9RnV2n+cXJAr + RuWe+27NC0bHm6A+CeNqbSwUBsNIS8WRKQdJfV5XyCWsoFwabsFHMmG+TD5TVKf7bjywP97Sylk+ + IUypBQeCg5PMACQxYMmSW3x8LbE42YxLHpC5oFmPLHPOclIAlQaFtLnRWsBw38gZEMoYjkZIyR2n + pEK2M70ucbbgPSmheeH9Fs2vfwMAAP//7Flda9swFP0rJlBIofZsJ07SQekC22APY6GFFcogKLbT + hMaSsey6o8t/77mSrCZeUkYZJQ+BPDiWdHWudD/OvcY136l6jcDcLFJOtuUwK1OgnIM2QEEqgVo5 + Sz4XRabWOKKgYMswKinWIc7ep/yMQEH4snQ0hXDYqma/ST0nZwpZJWHVDuPOBjgUYzxdebhsSfpa + 7bT+vzgdAO1G5wMEBqFsIJJAWeFwdiI1+m7cwxV8ECkDR0WaGzOp69oTNZO5cgY4X/ro5YtcGTI2 + mELe1Ow7ZSX40qyCKU27P27G1xP3+ruL7Kp8VG2QC7JecoAuS7IlP3W6p39gHKtSfITp/U1Kgn2k + JOjvG4iaAQplJYrqe8WOiL+1pvp2antgX6r3bapXd6AYz+6JlpziUFi8IEfcySp8S1a3Umg79Moq + yxjljE4rwNKREeETxRvzCSX+SzgIUcpvyUU0Z/1eEsxGfT+aAd9weB6Eoeoj2EnY4ZVpKd3nOEmw + B3JK5wWDa6qNT9aeSOirdaK2dA/JS01TAcbUKlEQBv008NNemJwP4l4cDYN4FCWJzwbzIB1dJhdK + yklvfBJ+xU+vczPGTWB0Xf1KepV0a5yIG3oUcb28mq2WMR2ZmzMm6cSwXiUAsDM8fp64Ay/nhL9d + cx4+4nbReviI20XvoSNGpEl0jWgY2Ca7mZgeDvkTxWRdt+lodQsmhulfqkKgOL9FgIkXL45HrReM + Wk+mfUzDyZC3wgTYYyh4/0s/hoL3QHwMBXtDgeUPgHinPe6Jurbm2YdcUTLTc26zkH0tHt+2eNoD + tmXSHrDELOUPy0JwTX1MBVmZjwv6778gfRDl/2ukaWFWKHZCkfFTqDZD082DCWnIT82jia5vBqA+ + xHxo5J51MvZ4lcpqRYI3lFUNgqIcl1pxalNSE4FUt++3F4dbq80ChXa9Xj8DAAD//wMAUIU9ocsa + AAA= + headers: + Atl-Traceid: + - f419bda5911014f9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 61a3c6a0-d5b2-4f0c-abbc-be9725ee8206 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '269' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9fab015a-aa7f-4b69-a99c-5d4bfa22d577 - x-envoy-upstream-service-time: - - '153' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1340,174 +1052,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG3yVX2+wk6TY1N9GDiqxCuydZJGknWEmb0qbCsuy7m+DC6m345/vm - Z07E6AX3syOKfIYwLWqz6dBiGzr/5akOTi9Lr0c6YiAZ+cZ56f0YYQbAKFDI693dW/342ly3u3Uw - cSLqPUEZZHDISIeT88cBx9AcJ4wH7p1fuyiZtXfdr0JUErbyEj7okEAOnOVQ5Fw2rFDAlCgoANwA - B4j+gnPsbfrhH1s1jCvBFBf0trqy7fA0Wh9ByStZbq3RrUChsYTWlrI0ndESbAugi0JKg+JPQXCp - 4bmfNUnvWL268OJbneITcZeJ4Pixr8n5/AMAAP//AwB913PfWgEAAA== - headers: - ATL-TraceId: - - 177b8b9a0e54739d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTpG1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQzLS3in4goyZCzHOqeiwVqikKwkiHiV + SEx+MHPqbfrhH3vdIEoqJGeEC/rDdsPDaH0Cq4IKy621XNSMVchrxKJUrKKdQl11QhQGefW3ILq1 + 4bGfFazvWLW4+OQ7tcYncJcJzPi238H5/AUAAP//AwD1oQIQWgEAAA== + headers: + Atl-Traceid: + - 45ca701bd668f80f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - abe60dcf-53c6-4bde-9db7-815510633f55 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 794f06e7fe57fa37 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a6d74f91-2507-4664-83f5-c7595c74ac45 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b1b39a18-5a5d-4038-bb42-d85a8c0372b0 - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1517,95 +1122,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682G4woohjTxumxpmtlOCywtDFo6S6wlUiCpyG7a/74j - JcVpMmdtmgCJeOS9PffckTcObErKEydyJPAEJCS/M8gT1eO0ANVTcQYF7YkSJNVMcNWDhOkCNO3F - GeUp5CLtXYNUuAfJFEoJCrhuzjo9hxnLQeCPRrhQkK9wmWldqsjzElhBrBPxSbhU51QpRrnLQXto - Q3u0ZF7oMaUq8DoDa9ii/vl8Mpv3x4eHKFnZYJ3oxlHotFIx1ZAKuW2CS3CFCqEfBn1/2A/H8yCM - BkEUBm44Cn71Q983MRofeluCNfPEGI2+F/i+H95m3S4SULFkpUEEpUdEFTTPeyRhSjMea1IyiIGI - FamFXLtGOxb8UubfE4WCuJLgXTOo6TXVVP6m2Gd4WWCRquJZIzpNXgb+IBi3yzkG+nKXcs8xhUZf - c6rWpkbVUpuvaEVzBT2ns+FE1sjXnqMZEqPEIjsRrzATp5TiE4b3RPRabYudrUaHnVncKfgu0kvO - tEYDhl+ttknqL3tWiZWuqTSJKVaUOUOGJPeyQXAtZYbjzXD8PeG2MLfOWqRLZoDFn7s4D33DynC4 - CYdPNmxLaFnyTLX/H/EVjDbB6Od8bTpn7ccj3gbhZhD+nLeWnKr72Ovt61fT35t3zXTBil19xAqm - qYQU+/oBDZFTIq+aNmskcaW0KOyIWKCH8HDfxvihjWZ0NFLTmHb8OVE/6DmYpn6HHWd41Ryw7WQ4 - LVncBHDzQGYYhwmpTFR5csJUmdNty0sU11TjpG0G2Y/3UDMlb+ei11iTpkHs57GoDE6BifS9ETCe - OpGWlXEdS8BcTdc9nJO++2LwopuT91Hz98EZ7NsIdyODCcn09on5dure8MfGJStoCsozGqozwlCQ - i9pV1+luxJyJuhtFQ8dgdC+RQZdITpdghomh5r1Dpiv/E4ZgHw+DscEjo2pSsviM8bW9ik+gNDcz - jzu6WBLVdu9WwgWf4MVMlzlMgaqGgrL9ci7OLl+fni/OTo8n57PJYjKdvp1ifthACgHBA/MMyAVO - Ta6J8UuYIoLnW4IdyXJjlGhB/mSSkgsJBXYtqRTyy7U9ej+LF2jQ/8J8f3j4OXKaCwNrh+DvWuqb - NsYypIzT/P6h9l3RwmtJnmN03STAuqYcbk9XpenZ7+Bx81J4IvUa5dvb6tvL/cfYuKPbKxqv8SHV - Ua4z3vg6bp80PxVw9y7yuudJ2F2uHAzVY5ELed5Es8wr6KcSx9PucSDIiWiKLYoSn3pct1V4rH7f - gvOB734P5kzncBCRK0uqo5KROWqTwReTGmaWi5jmmVA6Gvtj31sxnuDM8sKxf/jRGjixqWNUnwQx - pIgOyP+rkufm7y/WwAyQXjhDUBG73YqO309wdYX/+qNgaEMxKMc1uAXTElwhUw9JRg3wDF8hhpwe - HnUzXeQ2rsbOO2Pnkq+5qDvZhRRJhc+cCU+x5QoE0DMZG38zc1ViJOQPUfe12ANB2RoIPxKPXAUI - 1t8VlRok2Zncowo7n4HV/ufogsxiyvecN48rbzQOGqRfScrjzJvTFIM9x9o30orlyenJXdGxKBAm - gvMruyM2UG+VhkJh7kkpGFLnILJyWzGDcEEZV0yDi+yKhsPBvr19ciyKypaCyqSrwW0tTnYcNF6P - SCzEmoGJkiwBOFGgSc00XsuaaByDzcOFrHKa9kidsTgjBVCucJM2J1oLiB9aIDSOcYxCQq4ZJRV2 - Riy3Jc4hPMY5NFe/a0KZImNxwsYQdUyt69oVNVWlJRbyFDZumZWWGEjZxUrIReNMLajGh8SywtIs - nr99fzS76M/e9PEmsmS+nJ41Rh8D5g1gkklEXk/mHzgOe+xsZE9E/gUAAP//7Flta9swEP4rJlBo - S+3YTpyXwehC18E+bJQFNij7othqY+Y3LDvd6PLf95wkq6kTh9GNkg+BUpTcSXeSTs89d8mLVfg9 - u17FlGPg3JxX9pW02sj+0UCUxlGXASXbY6B7WdJYxfgv1Bl1mdjWQ1h8wuO9l1UqRcW3Jc8IDixm - LjdHEQsvEA7kSrziVpzhPlI5x8pLSpEMUkEZCtnxB88uKDoyC09AkTyLJQ/sF4WZVTAZIrXAtVqI - m40oQaGa8cTBKxYUdybKNuKQbFGYwr72TzQO0nqiRozu9FPG3fnHtGBhRfv8nFux/GABTeiw5Nmf - zyteCMrwJVcow5WyftcmcOW71eiIQ5vNr2xvoFWKnLCI4OyU4VKzM+v07DcuMqnyN8CRbfroddFH - b9glCBoBJZ2qRNKUPJZodUvVNaptgSFl8nwlBd2t2EXSXFMstAXTneSmnRTxkFm4JDBWCVTUacoo - u/daqZCOjKh5Xr4w8xNFuwQ8EflHURXcseEg8haToRss4O94PPV8f0REwyjBwh41Tvc5iyLYQPbv - Pflg6zLvnUEzWnRvra3C2wHNkGoSS9SwH3i+N+Seywd+NB2FgzAYe+EkiCKXje48PrmM3spVTgaz - E/8D/tQ8O2WZTnO2rb4STi3sB5yI7TsU2U5RL5I4pCOzC8YEnRjmy1QOHo3h+xt75BQZ+d8u4g/f - 43Yr4PA9brcTDt1jIE2kSnfNlTdp6I3ug9F7IiRWFbZCq1uAKdSv6zIveP8WyBMunx4eta8gNS+Z - 7OhGnKbZpQbYIxS8/qUfoeA1PD5CQScUGD4BF+/Vi3ukzrceu1g3r1iC0Q4mBJrVe1z3tgVdXTrX - dOnaAtP1agsMY+PZKi7zTLEb3QSo9c8w6uPfbGGVV/+tFarWMmvCECq/r7lsFDXNV4SW8vixGWrU - fbF9+YNVv1n3opeyn1+4qBNaeGOvssVTVrNK7Zv6zNQGop2b759P9p/N1hOkt+v1+g8AAAD//wMA - Fan/Ys0bAAA= - headers: - ATL-TraceId: - - 24930cfa13074497 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN3uJI2AYstjdsmVZljgtsLQIaOossaZIjaRie23++456 + sVun7pYMKwqkFo/3/tzDe+fBqqQy9RJPg0xBQ/qCg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQRuUQXoFpQYD0rZ3WWWsKubO4F0UhlHoa/izAmOn6xIuNWWWM/B6Hnf+o+joMMQPA2KO + n7m1pUmCIIU5MJuqt8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGCN+hfTyfW0Hw3jGI/qEIyXvPMM + xlYZRi1kSq+bHFL8Qo04jON+OOpHx9MwTKKjJD72vw2Pvgnj0JmtnVgMvDbzzCCdfoClCF1UTdrt + RwqGaV66wuHpCTEFFaJHUm4sl8ySkgMDouZkqfTCd9pMyRstnhhFJblrFxV39J5aqoN7DsugDmsb + YCuKwkE0+t7wv+C7AtteFejVwQJdTqlZuF5VM+t+JXMqDPS8RvEM86p1e17OETia5etzuAeMNXzo + eZYjskpEiZfICnP0dmAyCPcJok5QavUWU31mJ1rtug91Z7s+7KBnm+6N5NaiAeNtfDsI/1LfNWpu + l1Q7IBtelIJjwOlOSbBRNfyGo9Vw9MRwP9OyLpNNw4bhEYYRD1fx8P/10sCiBik6jA5X0eGXcLjq + PA7i1SD+Eh5b5D88PIZj3MFxzlcvGw7EJt++waZnmYYMaeUR1jEcJapmyj8J8vhon2C0T3D82HhD + ac2pI4yavb2kH+EntUjqDRk+fXYaqt2Sa9CY024y6p+nqnLZRo4wX7kDLjMvsbqCh5ZDnTXNWVOD + d4/OXGR41eSqEumYm1LQdTtNeIxh2ZfYNjdhbTU0YLJuhD9F4HEUdQS+W7Z9NBNvaGZXsGn4rmCw + JSauNLfrZ1a3Uw+GTyN4XtAMTOA0TGeE44FQS9/cZ1siO1fLjvCGXl3OGThmcqDdfa0P92Qb7UNo + NHJp59RMSs7OuVy8cJIxlG6zkKzrYt3bZS3bnEglJ7hY0JmAK6CmQYZuf3mX5zc/nl3cnZ+dTi6u + J3eTq6vfrjANHC2DeeOFaQ7kEilYWuL8Em6IkmJNcJy5cEaJVeRnrim51FDgPJPKIGb9T411hOPk + he95GI5gnnjNe4UtwhpvZ+qjAcdqZ1xSsXup3Yva8tY4FxhdxxHYvkzC5nZVuqH9FzhuVphnIqxR + 3jx9H28dTwPdFlU/ULbARbBDVme88XXa7lr/KeBuYQu6vSnuXmoJDtFMCaUvmmhmooJ+ppE1tuuK + ImPVNFsVJa6q0rZd+Fz/Pi7Oa7n9dzDlVsBBQm5rUJ2UnExRmwzeu9QwM6EYFbkyNhmFozCYc5ki + DwbxIHxT64/rzDGot4o4TCQH5B81yVf45+ta/Rq3KccTqIYT3cY0roCMMXw8HAPzSXTYIw5Km6BP + X01Qdov/9Q+jYR2q6wJbgl9wq8FXOgsQhNQ1huPK48Ab4FU/t4WoA2/svHR2buRCquWHRbnUKq3w + EZ3IDMeywCIHrirO5zWwygVMflLLvlV7ylS2BuI3JCC3ERb094pqC5psTe5Rha3PqNb+4+SSXDMq + 99x321wwOt4k9UEa12tjoTCYRloqjkg5SOrzukOuYAXl0nALPoIJ62XymaI63Xfjkf3xFlbO8glh + Si04ECROMgOQxIAlS27xAbTEIrMZVzwgc0GzHlnmnOWkACoNCmlzo7WA6b6WMyCUMaRGSMk9p6RC + tDO9LpFb8J6U0LyyfhvNr38DAAD//+xZXWvbMBT9KyZQSKF2bSdO0kHpAttgD2OhhRXKICi204TG + krHsuqPLf++5kqImbl1GGSUPgTw4lnR1rnQ/zr3GNd+qeo3AXC9STrblMCtToJyDNkBBKoFBOUs+ + F0Wm1jiioGDLMCop1iHO3qX8hEBB+LJ0dBp32Kpmf0g9J2cKWSVh1Q7jzhY4FGM8XXm4bEn6Wu20 + /r85HQDtRucDBAah3EAkgbLC4byK1Oi7dQ+X8EGkDBwVaW7MpK5rT9RM5soZ4Hzpg5cvcmXI2GAK + eVOz75SV4CyzCqY07f68Hl9N3KsfLtiA8lG1QS7IeskBuizJlvzY6R7/hXGsSvEJpveSlARtpCTo + tw1EmwEKZSWK6jvFuIhDNab6dmpzoC3V+zbVqztQxOb1iZac7mTGZkRtrrLMFUfJ4gW5rw7Lssoy + Rjmj0wiwdGRE+ETxznxCif8CDkI09XtyHs1Zv5cEs1Hfj2aANByeBWGo+gh2EnZ4Y1pK9zlOEuyB + nNJ5xuCaouKztScS+mY5qC3dQ/JS01SAMSVJFIRBPw38tBcmZ4O4F0fDIB5FSeKzwTxIRxfJuZJy + 1Bsfhd/w0+vcjHETGF1Xv5JeJd0aJ+KGHkVcL69mq2VMR+bmjEk6MaxXCQDsDI9fJu7Ayznhb5aW + +4+4WZvuP+JmbbvviBFpEl2nGQa2zW4mplVD/kQxWdeCOlrdgIlh+teqEKjBbxBg4sWz41GHBaPW + k2kf03Ay5K0wAfYQCj7+0g+h4CMQH0JBayiwRAMQb7XHPVJz1jz7kCtKZnrOTeLR1uLx21o8vm3x + NAcsMUv5/bIQXJMYU0FW5uOC/vsvSO9F+f+ac1qYFYqdUGT8EqrNsOmowYQ05MfNo4mu7wagPsSc + buSedDL2cJnKakWCt5RVDYKiHJdacWpTUhOBVLfvdxeHO6vNAoV2vV4/AQAA//8DAM9vmu3LGgAA + headers: + Atl-Traceid: + - 5d126dd4e11394c3 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5cbcf973-2413-490a-9c58-26c03d5c0870 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '273' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 53744148-132a-4330-b04e-7a60ecb93f36 - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1615,92 +1223,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 3ad288648b9f8136 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 6ab3dd64d353ed87 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dc408be7-03cc-451e-b4eb-7ba4f23fa0e4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '180' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f80f5a44-056b-4329-9a07-c61241015640 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/2807]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2807 (2807)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/681]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Reporter:* + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/230]\n\n*Defect + Dojo link:* http://localhost:8080/finding/230 (230)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Jira Api Test 3"}, "update": {}}' headers: @@ -1713,204 +1322,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1637' + - '1211' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: '' headers: - ATL-TraceId: - - 730f95d76520cf53 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 81ba567d-660d-4ead-83a5-c095ba253cc9 - x-envoy-upstream-service-time: - - '129' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate + Atl-Traceid: + - c812a5e03c5fc24c Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682G4woohjTxumxpmtlOCywtDFo6S6wlUiCpyG6b/74j - JcVpMmdtmgCJdCLv5bnnHvKLA5uS8sSJHAk8AQnJ7wzyRPU4LUD1VJxBQXuiBEk1E1z1IGG6AE17 - cUZ5CrlIe9cgFX6DZAqlBAVcN2udnsOM5yDwRyN8UZCv8DXTulSR5yWwglgn4pNwqc6pUoxyl4P2 - 0If2aMm80GNKVeB1Dtawxf3n88ls3h8fHqJlZZN1oi+OwqCViqmGVMhtk1yCb7gh9MOg7w/74Xge - hNEgiMLADUfBr37o+yZHE0NvS7Bunpij2e8Fvu+Ht1W3LwmoWLLSIILWI6IKmuc9kjClGY81KRnE - QMSK1EKuXbM7FvxS5t+ThYK4kuBdM6jpNdVU/qbYZ3hZYJOq4lljOk1eBv4gGLevc0z05a7knmMa - jbHmVK1Nj6qlNk/RiuYKek7nw4msk5ueoxkSo8QmOxGvsBKnlOITpvdE9NrdFjvbjQ4783Kn4btM - LznTGh0YfrW7TVF/2bVKrHRNpSlMsaLMGTIkuVcNgmspMxxvhuPvSbeFuQ3WIl0yAyz+3MV56BtW - hsNNOHyyY9tCy5Jnqv3/SKxgtAlGPxdr0wVrHx6JNgg3g/DnorXkVN3D3mg3N2a+N+8adcGOXX3E - DqaphBTn+gENkVMir5oxayxxpbQorEQsMEJ4uO/D+KGPRjoaqxlMK39O1A/wlWpUxUZ0fpzvjaLd - apjXeJOGzPbxWFSmpsDo0ntjYDx1Ii0ruGmlyjiTLG4q/fLAZhLDpSoTVZ6cMFXmdNsOAJoxK/0O - 5cIMRQuGBKzVTN1DnfTdF4MXnU7eR83fB2ew70O4kwwmJNPbJ2LYbfeGPyaXrKApKM/sUJ0ThoZc - 1K66TncScybqToqGzs3DQgZdITldghETQ817i8xU/icMwT4eBmODR0bVpGTxGeNrexSfQGlOZh53 - XbS9re23WwsXfIIHM13mMAWqGmbI9sm5OLt8fXq+ODs9npzPJovJdPp2ivXhACkEBBfMMyAXqJpc - ExOXMEUEz7cEJ5LlxinRgvzJJCUXEgqcWlIp5KxrZ/R+FS/Qof+V+f7w8HPkNAcG9g7B343UN2OM - bUgZp/n9Re29ooXX8jzH7DolwL6mHG5XV6WZ2e/gcXNTeCL1ms23p9W3h/uPsXFHt1c0XuNFqqNc - 57yJddxeaX4q4e5e5HXXk7A7XDkYqsciF/K8yWaZV9BPJarG7nIgyIlomi2KEq96XLddeKx/34Lz - ge9+D+ZM53AQkStLqqOSkTnuJoOvpjSsLBcxzTOhdDT2x763YjxBHfTCsX/40To4saVjVp8EMaSI - Dsj/byXPzd9frIMZIL1QQ3AjTrs1Hb+f4NsV/uuPgqFNxaAc1+AWTEtwhUw9JBk1wDO8hRhyerjU - zXSR27waP++Mn0u+5qLubBdSJBVecyY8xZErEEDPVGzizcxRiZmQP0Td12IPBGXrIPxIPHIVIFh/ - V1RqkGTncs9W2MUM7O5/ji7ILKZ8z3pzufJG46BB+pWkPM68OU0x2XPsfWOtWJ6cntw1HYsCYSKo - X9kds4F6qzQUCmtPSsGQOgeRtduOGYQLyrhiGlxkVzQcDvZ922fHpqhsKahMuh7c9uJkx0ET9YjE - QqwZmCzJEoATBZrUTONpqYlGGWwuLmSV07RH6ozFGSmAcoUfabOi9YD4oQdC4xhlFBJyzSipcDJi - uS1Rh3AZ59CcyK5JZYqMRYWNIeqYWte1K2qqSkss5Cls3DIrLTGQsouVkIsmmFpQjef7ssLWLJ6/ - fX80u+jP3vTxJLJkvpyeNU4fA+YNYJFJRF5P5h84ij1ONrInIv8CAAD//+xZ22rbQBD9FWEIJCGS - JdnypVBSk6bQh5ZQQwuhL2tpE4vqhm5pcf3vPbO72tiyZUpagh8Mxsie2Znx7uyZM+M0q/3vyW0d - Uo1BcHNemjfCayP7RwdBHAZdDqTsgINus6RRh3gv5B51udjVQ1p8wuV9FF0qZcW3JU8IDgymDzdF - E4sokA4USlhzI0xwHrFYY6Q5lUgGaUEVCtXxB0+uKDsSA1dAci+DRU/sF6WZkTGRIlWBYzWQNxtZ - gkY14ZGFW1xQ3uks28hD8kVpCv8qvqIJkOwVFXJ0b5wi7y4/xhnzS/qdn1MjFB8MoAltltj7y3nJ - s4IqfM4lynCprO61TlxxbxU6YtNm8xvTGSiVLCUsIjg7ZzjU5MI4v/iNg4zK9A1wZJc+Ol300Rl2 - CbxGQEWnzFE0BTcmtttStbVqW9BFymxNysTGC266X1E3C1scpl372qumelVZMn9JYCwLaFHFMaPq - 3muVQtoyouZp/sLKTxTtGvBEDQWaKu+BDQeBs5gMbW+BkMbjqeO6IyIaWgkeDqhxOs9ZEMAHqn/v - OQZTtXnvNJqR0YO9tkxvCzRDqAkskY99z3GdIXdsPnCD6cgf+N7Y8SdeENhs9ODwyXXwVlg5G8zO - 3A94yXVmzBJV5kxTflVYVWE+YUdM16LMtrJqEYU+bZmZMVbQjmG9KOXg0Xh8f2eOrCyh+NtN/PFH - 3B4FHH/E7XHCsUcMpAlkR6248iYNvVNzMLpPhMSya5dodQ8whfptlacZ798DYPzl88Wj8RWk+iaT - HzWIUzQ7VwB7goLXP/QTFLxGxCco6IQCTTQQ4qO8cSuafKtnG3bTkkV42sOEQLN6q3VvV9A1pbP1 - lK4t0FOvtkAzNp7UYZ4mkt2oIUCl/oaRH//qJ6CRFBZWzaNCwRcg38YfSP3G7lUvZj+/8KKKyPCG - bzFyyctZKeOo0/K/jXmlLW0TrtCBfk3FwKqZzdKcmcZA5FHHsR2suxWtWiB2Z71e/wEAAP//AwBC - hDs1zRsAAA== - headers: - ATL-TraceId: - - f80bdd2f6e5a1099 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 54c06361-4eee-4185-8d97-4e3f402dac66 - x-envoy-upstream-service-time: - - '156' - status: - code: 200 - message: OK -- request: - body: '{"transition": {"id": 41}, "fields": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '40' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-877/transitions - response: - body: - string: '' - headers: - ATL-TraceId: - - eb507ba4b8ab54d6 - Connection: - - keep-alive + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fa278925-567e-4df6-86e5-0095780ac658 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '209' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a2c2c885-f067-461c-b910-3808a4a44dc7 - x-envoy-upstream-service-time: - - '216' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1920,61 +1382,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: !!binary | - H4sIAAAAAAAAA1SP20rEMBCG3yW3ttlJesiSO9ELFVmFdq9EJIcpVtJkaVJhWfbdTXHxcDf8833z - MyeiVcT97Igk7ykdotxsLA5okg0fgarkVIyj8tRjIgX5xDmOwWeYATAKFMpud/3c3T31v9vdMuk8 - EfmyQgUU8FoQiwcXjhP61B8PmA/cuLDYLOlldPZbIXIVGnEJb1VaQQ6clVCXXPSslsBkVVMAuAIO - kP2Ic+7tx+kfu+0Zl1VmgTZN88Oa6d4PIYOCb0XbDFqZCiuFLZihFa22WgkYDICqayE0Vn8Kklsb - HsZZkfWdQS0uPQaj1vhE3GUi6N/2HTmfvwAAAP//AwBSF6b8WgEAAA== - headers: - ATL-TraceId: - - a1224a39c429af7f - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN3uJI2AYstjdumVZljgtsLQIaOossZZIjaRie23/+46U + ZDdO3C0ZVhRILR7v7rm754733oNVRUXqJZ4CkYKC9AWHItU9QUvQPc1yKGlPVqCo4VLoHqTclGBo + j+VUZFDIrHcHSqMM0kuoFGgQpr3Lam1kObcGb6MwjEJfwZ81aDNdV3ChKDOcgdfzuPUfRUeHIX5o + KOb4mRtT6SQIUpgDM6l8J31qCqo1p8IXYAL0ZAJa8SAOuNY1BJ2BBaxR/3w6uZr2o2Ec45GDoL3k + vacRW60ZNZBJtW5iSPELNeIwjvvhqB8dT8MwiY6S+Nj/Njz6JoxDa9Y5MQjcmXkmSKsfYCpCi6oJ + u/1IQTPFK5s4PD0huqRF0SMp14YLZkjFgQGRc7KUauFbbSbFtSqeiKIW3JaLFrf0jhqqgjsOy8DB + 2gJsRVE4iEbfa/4XfFdi2esSvVpaoMsp1Qtbq3pm7K9kTgsNPa9RfIlxOd2el3MkjmL5+gzuALGG + H3ue4cisClniJaLGGL0dmgzCTlAp+Q4jembCW22XblfALt07JNlGdS24MWhAexvflqm/uLtazs2S + KstXzcuq4Ag43Ykc6+FYNhythqMnwv1MZbpINnUZhkcIIx6u4uH/66WpvuMiOowOV9Hhl3C46jwO + 4tUg/hIeW4J//PiQjtE+nsadYM5Xr5oZiNW/eYtsyDIFGY6VB1xHnLKomy5/1Gp8tE8w2ic4fmi8 + GWnNqR0Ybnp7ST9q55hNl+KswfH+wZklMWZC57Iu0jHXVUHXLdXxGPNuXmFOLf1bF9TgQ9EM2Kc3 + ajO+twM7aMwp24bu56msbQYd+Nf2gIvMS4yqLRqmAIO1vf3YAI+jqBvgu2nbjJldwb6Cx5uC7woG + 24nFpeJm/cxMdOrB8GkDnpc0Ax1YDd0Z4XhQyKWv77LthDuTy24SDj1XyhnYkWVJu/taH+6JNtrH + 0Ghkw86pnlScnXGxeGElY6jsZiFYxyDHq6WTbU6EFBNcLOisgEugumGlan95F2fXP748vz17eTo5 + v5rcTi4vf7vEMLC1NMaNF6Y5kAuczcIQ65dwTaQo1gT7nBfWKDGS/MwVJRcKSmx0Umvkl/9Yv0fY + Tl74gYfhCOaJ17xXWCLM8ban7jU4Zjvjgha7l9q9qE2vY3mB6LoZgeXLBGxu15Vt2n/B42aFeSbD + GuXNm3h/63ga6bas+oGyBS6CHbM6442v03bX+k+Au4Ut6PamuHvCBVhGM1lIdd6gmRU19DOFE2u7 + rkgylk2xZVnhqipMW4XP1e9+ct6I7b+DKTcFHCTkxpHqpOJkitpk8MGGhpEVktEil9oko3AUBnMu + UpxZQTwI3zr9sYscQb2TxHIiOSD/qEm+wj9fO/Ur3KbsnEA17OgW07gGMkb4eDgG5pPosEcslTag + T19PUHaD//UPo6GDaqvAluCX3CjwpcoCJCG1heG4C1nyBnjVz01ZOOCNnVfWzrVYCLn8NCkXSqY1 + vq4TkWFblpjkwGbF+rwCVlvA5Ce57Bu5J01VayB+SwJyE2FCf6+pMqDI1uQeVdj6jJz2HycX5IpR + see+XfOC0fEmqE/CuFprA6XGMNJKcmTKQeLOXYVswkrKheYGfCQT5kvnM0lVuu/GA/vjLa2s5RPC + pFxwIDg4yQxAEA2GLLnBx9cQg5NN2+QBmRc065FlzllOSqBCo5A2N1oLGO4bMQNCGcPRCCm545TU + yHam1hXOFrwnBDQvvN+i+fVvAAAA///sWWFr2zAQ/SsmUEihdm0nTtJB6QLbYB/GQgsrlEFQbKcJ + jSVj2XVHl//ed5Kipm5cRhklHwL54ETy3dNJ9/Tugm2+VfUagblepJzOlsOsTYFyDqsBCloSpJWz + 5HNRZOodRxREtgyjkrgOPHuX8hMCBePL0tESwmGrmv2h5Tk5U8gqiVPtMO5sgUMxxtOVh82WtF67 + Or3+35wCQN4oPkBgEMoNRDIoKwRnJ1Kz3q19uEQO4spAqGjl5pjUde2JmslcJQOSL33w8kWuDjIc + TGFvavxOWQm9NKtwlKbdn9fjq4l79cOFGlA5qhzkgk4vJUCXJdmSHzvd4784HKtSfMLRey1KgjZR + EvQ3A8RYJWrnOyWCSKY1p0YtNvzWgbar3rdXvdoDJWx2T7TiFEFh8YIScYcUbjJs04pVsrLKMkZ3 + RqdBsBQyEnyieOd9Qhf/BRKEJOX35Dyas34vCWajvh/NAGE4PAvCUPUR7CR4eGNaSvs5ThL4wJ3S + ecbgmmrjsz1PZPTNOlGfdA+Xl5qmCMbUKlEQBv008NNemJwN4l4cDYN4FCWJzwbzIB1dJOfKylFv + fBR+w0e/52aMG2J0Xf2T9Crp1oiIG3rEuF5ezVbLmELm5oxJihjeVxcA1Bkev0zcgZdzwt+sOfcf + cbNo3X/EzaJ33xGDghJdIxoFtq1uJqaHQ/lEnKzrNk1jN1BimP61KgSK8xsQTLx4TjxqvWDUZjL5 + MQ0nI94KQ7AHKvj4TT9QwUcgPlBBKxVYYQGItzrjHqlra5592BUlMz3nptBoa/H4bS0e37Z4mgNW + mKX8flkIrqWPqSAr8+eC/vpPSEWmLTxuHg3ZvYPgtv4XOd3YPelk7OEyldWKDG/5VvV6UY5LjeNe + lP+voaeNWaPwhWLnl1Dtjk1XkdqU1EQglxbIS7ThC7jmBRWe9Xr9BAAA//8DAGo1lDbLGgAA + headers: + Atl-Traceid: + - 5b78aa980d9ac0a5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 19e18137-02d8-453f-bb09-cf42a736aec1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '288' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7d13274b-91fc-4919-adfb-cec12787a88e - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{"transition": {"id": 41}, "fields": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -1984,110 +1483,58 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '40' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1422/transitions response: body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + string: '' headers: - ATL-TraceId: - - aac0e72ee90713ce - Connection: - - keep-alive + Atl-Traceid: + - 5b221b66e1321aaf + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: + - max-age=63072000; preload + Timing-Allow-Origin: - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 9af365da-0a98-40de-be19-b97e6a4b2bc3 - x-envoy-upstream-service-time: - - '72' + X-Arequestid: + - 91a1a5aa-802b-4a4d-b4dd-a756a2abc6fd + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '394' + X-Xss-Protection: + - 1; mode=block status: - code: 200 - message: OK + code: 204 + message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2097,96 +1544,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11066 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FJvnWC82HEdAMWSxt2ULsixxWmBZETDSWWIjkQJJxXbb/Pfd - UVKcuHXWpjZgi0fyXp577nQfPVhVXKZe7GmQKWhIfxVQpKYveQmmb5IcSt5XFWhuhZKmD6mwJVje - T3IuMyhU1r8DbXAP0nOoNBiQtjnr9T1BmsMwGI9xYaBY4DK3tjKx76ewgMSm6r0acFtwYwSXAwnW - Rx3W55XwI18YU4PfKbiFNd4/nc8u5nuT/X2ULJyzXvzRM2i0Ngm3kCm9bpxLcYUXoiAK94LRXjSZ - h1E8DOPoYBCE45+CKAjIR7Jh1xU4NS/0ke77YRAE0UPU7SIFk2hRESIoPWSm5EXRZ6kwVsjEskpA - Akwt2FLp2wHdTpS81MXXeGEgqTX4dwKW/I5brn824gO8LjFJdfmqER2nr8NgGE7a5Rwdfb0Jue9R - otHWnJtbylF9Y+kpXvDCQN/rdHixU3Lf96xAYlSYZC+WNUbiVVq9R/deiF5722HnstFhR4tHCd94 - eimFtaiA+NXepqD+dGeNWtgl1xSYEWVVCGRIuhUNgusoM5qsRpOvcbeFuTXWIl0JAhY/j3EeBcTK - aLSKRi9W7FLoWPLKtP/P2ArHq3D8fbZWnbH24Rlrw2g1jL7PWktO0z3stHZ/T/W9etN0F8zY1TvM - YJZpyLCuP6MhckoVdVNmL2LiRsGXyfi0kN9itbKcG3YDIFmikGtgIWVKMpsLw1yJUTm3rJ1ig/Qw - oqQ2VpWub12j5mi/8397Y/J5YM/2s6jrZ9RHXLf24r0Ql9xiE2965LeD0jTgh5brN9o01Z57PFI1 - pSCkNvqWBEJmXmx1DfdtZyVlWiRdYrZl5BgeNbmqi3QqTFXwdVuvKEav7BvsblTDLUwaEAXKy+cw - BIOD4UEHwzaewS6gw10b0a6NYceK617cuw7d7yQ42L/uferRgSB6tEG+VFooLez6hUnorvsj4uTX - vx5EyTMwPt0wnRKBgkItB+Yu25DzRC07to+IpAW/AeqRVHFbwVOz+SIq4S4mhxMKG0tlVonkRMhb - N2FMoaKBQyZdth0Hlm7vQSKVnOG8wW8KOAduGgbp9sk7O7n87fj0+uT4aHZ6MbuenZ//dY5hYF8w - GDcemOfAzvBlIC0ju1iTWJ7FmmGjEQUpZVaxP4Tm7ExDic2I1Qa5PXCtZzuKA1QYfBJBMNr/EHtb - nQiRzYTkBeYMQacqbaCgvW1ZOy618Lp6KNC7rsFh+jIJD6friqr+y3x/MsY0A9ALGdZcfhhgnra6 - byPdVsvbmoYaQ0ftmPZd3naznj9sjQy7gSFtDCeqUPq08QVzBXLLNZdlbNz4LG0L/3PJfIrKv3Lz - 7c2FLaAXsyvHpsNKsDneZsNPFBZGVaiEF7kyNp4Ek8BfCJlio/SjSbD/zimYurDZFONmxIa4x/7/ - KvuBfn90Ci4AeYU9Ai9iNTvR0dsZrq7wb28cjpwrhHCyhEEprIaB0pmP7OIEusCpiljp49FBbsvC - +dXoeUN6LuWtVMtOdqZVWuPYNpMZ1lqJAPoUMdm7oFc/esJ+V8s9q3ZAULUKonfMZ1chgvV3zbUF - zTYqd1yFjc3Q3f7n8IxdJFzuOE/Doj+ehA3Sv2guk9yf8wydPcXcN9JaFOnx9LHoSJUIE73j80di - gnptLJQGY08rJZA6vdjJXcYI4ZILaYSFAbIrHo2Gu/Z2yTEpJr9RXKddDh5yMd1wkKwe4uShbgVs - JhEDli2FxdepxUEEWDOIsUXBsz5b5iLJWQlcGtzk7sR/AAAA///sWf9L20AU/1dCQVAxMUm/qIXh - inNjsG5itwkilGty2mCbC7kkVVz/933e3SWrsSnDDfEHQST1Lu897z7v8z7vtbSA84MFiwUB+BNC - poiYlSMzgvQ+IWEDBoi5LtkOhXIOxIJaA94vkbpYLByxYDJRwAJO+Z2TTBMFDEB2fC3SsXYmxyyD - AJjkuJrx9reLwejMHg1tUIQC84/zL9ropoMZcvyTYd/6dPr9KgbLI7GBnr4lkiK4ik+LiIoLghvx - zD5RXsu1f3QQzqOwyYFe2+Cg2SztKCL8lvqMmlw83QdYDJG8N6rrJlRcTHlMdGCx6nIFmnJEAThQ - KFHBrSjGfczVO5ZIqTYyrEoqTSiLtzzeI3TEFlJAizOLzRbsnmBmJUxBJJe4Vgu4WUEJGu+Yzxxk - sSTcVShbwSH5IpjCv4lPlgGSPZkDo2vjVLjb/TxPWJDR//lVWJH6YIFN6LDU2e+OMp5IKu0p1yzD - 9WaT1xVwVd4adsShDUYnttc2WxJBXER0ts1wqfGOtb3zCxc5y0QfPPJUX3pN+tLrNC10V1VClrLg - VolnksO1rW61tb5QqTF1vkpirt/YpM7cqs+oLxyVC8hVFkyJb9f0YPUiKfP5nFFlb9VKIR0ZaXeR - PrPqkzY7Bj1Rx4EmsXvNOu3Qmxx23O4E8R4cHHm+3yMpVG2Chw3bON3nIAzhQ5JqqGKwTdv6vmIz - MrpxdqDh7dykepviEv243/V8r8M9l7f98KgXtIPugRccdsPQZb1rjx8eh++Ula32YMv/iB/9nj1n - sSlztq3/JJ1c2guciO07hGwnySezKKAjsxPGJJ0Y3lelHAIajx/O7J6TxBR/fSjx+iOujzZef8T1 - 8chrjxhME+qW28jkVRl6ZuZ6lE/ExLqt12x1Sfq53zrNU5Hw/UswTzD9k3g0jsNqlcnkxwwWjcxO - DcG+UcHLX/obFbxExG9U0EgFdaEB5dR6WNI7pbBA7Dc6FR9oxG+eXTgUGZvhaY2VpjGe2zTGc9tN - C5Vi43ERpSLW0scMAXLztZL++FeRopFUFh7KR8OCz2C+lS/E9ku7e605uzvnMp+R4RXfatySZoNM - x1GI7L/NgbWtyiZcoQP9KdSkqhze0iB6JkjRrsTxOFj/UbTmBXU6y+XyNwAAAP//AwCU2gE3nRwA - AA== - headers: - ATL-TraceId: - - 3b5434d5bb43ab53 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUVAuioqwkv6w/fjgjE9gXVJuCmNMwRvGaiwaxLKSrKa9RFX3nJcai/pvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwAzz1THWgEAAA== + headers: + Atl-Traceid: + - 2a1120498347fda7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3f6cdd48-79e0-4c2a-8843-a5d524786436 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '103' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8b84c97f-71b3-4e9d-8a87-4d5f89192208 - x-envoy-upstream-service-time: - - '151' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2196,61 +1614,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11760 response: body: string: !!binary | - H4sIAAAAAAAAA1SP20rEMBCG3yW3tt1pesiaO9ELFVmFdq9EJIcJVtKkNKmwLPvuprp4uBv++b75 - mSORIuB+toSTtxinwDcbjQZV1P7dFyJaEcIgXOEwkox84BwG7xJcApQFFJB3u6un7vax/93ullGm - ifDnFcogg5eMaJysP4zoYn+YMB24tn7RSZLLYPW3QvgqNOwc3oi4ghRomUOdU9aXNYeSV3UBABdA - AZIfcE69/TD+Y7d9SXn1xdLm8odV450zPoGMblnbGClUhZXAFpRpWSu1FAyMAhB1zZjE6k9BtGvD - /TALsr5jxGLjg1dijY/EnieC7nXfkdPpEwAA//8DAI8NcZdaAQAA - headers: - ATL-TraceId: - - 2d212f32716592e0 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW4W7bNhB+FUK/Nk+xRNlzbAHDUMTu1i7IssRJgWWFwUhnmY1EaiQV22v77jtS + kt0odbdkWBHAkXi8u+/uvjvdew82JROpF3sKRAoK0pcc8lT7ghWgfZ2soGC+LEExw6XQPqTcFGCY + n6yYyCCXmX8PSqMM0gsoFWgQprmbVNrIYmkNLmgY0rCv4M8KtJlvSzhXLDE8Ac/3uPVP6fEoxBcN + +RJfV8aUOg6CFJaQmFS+k31mcqY1Z6IvwAToyQSs5EEUcK0rCFoDd7BF/bP57HJ+RIdRhEcOgvbi + 955GbJVOmIFMqm0dQ4pvqBGFUXQUjo/oZB6GMT2OB8M+HY++C6PQmnVODAJ3Zp4J0uoHmIrQoqrD + bl5S0InipU0cnr4gumB57pOUa8NFYkjJIQEil2Qt1V3faidSXKn8iSgqwW25WL5g98wwFdxzWAcO + 1h5gI6LhgI5/1Pwv+KHAslcFerW0QJdzpu9srapbY5/iJcs1+F6t+Arjcrq+t+JIHJWstqdwD4g1 + /Oh7hiOzSmSJF4sKY/Q6NBmEhwS0FZRKvsNQn1mJRtvVwVW2rUOHPftwrwQ3Bg1ob+fbUvgXd1fL + pVkzZYmseVHmHAGnnZRgoRz9huPNcPxEuF8oWRvJrmDD8BhhRMNNNPx/vdS0cCRFh3S0oaOv4XDT + ehxEm0H0NTw2zP/48TEdo5aOS765rmcgFvnmLRY9yxRkOFYecR3hyLyqu/xZ5N0b+Dx/H86RNzgs + yIppcgsgSCKRnmAgJVIQs+KauJ6306Qh+hTHuPc41Oj4QEtG40OCyeOIvzRnjyftnLXzzX1svPiI + +h6mwVxjnWxL1QYdZpsRxZM2kd0z22wYhl7JKk+nXJc52zYticdrZvC7Vn8Pnl6B+muz/74EtTll + h4N7PJGVLTi1UN/YAy4yLzaqsr4TBZgGW7FHeYgm/YjSNg/dhB6aitFuKnYFO352BYOWL4te3FtQ + 9zucTEaL3oeevRBGnwgsllJxqbjZPjNjrXowtGz9998tXrAMdGA1dGuE40Eu1319n+1peyrXbR8M + LX1zdgt24Npe7C4howNZoYc4Tsc2bGyiWcmTUy7uXlrJFEq7MImk5ZVj29rJdidCihnuS+w2hwtg + uuaqap6889Orn16dLU5fnczOLmeL2cXFrxcYBk4MjXHjhfkKyDl+WYQh1i92KzZuviU4pXhujRIj + yWuuGDlXUOCYIpVGHvY/N60oNqQXfuBhOIZl7HVmFGY244LlWDNMum3TOhVW1j1r1r0mva4bckTX + jj4sXyZgd7sqbdt/lu9uv/q+5Xu9mT2TYbXybrN6OASfRrrOMOysabWjk2Z//E9o2yU0GDROBu32 + kdaOE5lLdVZjwVqB6EBzVcaRjs/CNOn/UjEfZuUPsf/rzbnJoReTG8emFyUnc9Qmgw82LIwqlwnL + V1KbeByOw2DJRYpDLYgG4VunP3VRkymGTSwZ4h75R03yDf5869QvcTu0AwLVsJUbTNMKyBTh4+EU + kj6hI59YDu1An7yZoewG/x2N6NBBtRVI1tAvuFHQlyoLkH3MFoXjCmdZG+DV/soUuQNe27m2dq7E + nZDrT5NyrmRa4VIwExn2Y4FJDmxWrM9LSCoLmPws10dGHkhT2RiI3pKA3FBM6G8VUwYU2Zs8oAp7 + n9Rp//7inFwmTBy4b7fTYDzZBfVJGJdbbaDQGEZaSo5M6cXu3FVIx38DAAD//+xZbUvkMBD+K0EQ + FGy37e76BuIteAf3QU4UThBhmW2z27JtUprWKp7//WaSGGu1csghfhD2Q3eTTp5MZp55JjsaFZAJ + ldXcx2BCf6l0IaFKhma8sH/yFFZkeYYyQ64z/iQ7FK9Zm9VYi2tUHRy/o/M4W+aw2mFtmsUpKzgI + hYNgZlgLuN1rseAM4hg5EWXLTQaswWiPq7uSZAxmteCm4PsWzSke80r3nwTmMuWCYouBsymxPcXd + IAraEipClomlrAr9DpMVsSzgqCKSQ4Jdc7FDoNB4VjOjKBjkLdzR9lgJGlmjMKoZCNYBh82l4LmP + h61ov253Zv/XghxAq5F/EIFFqB4hkkHVoHNeRWr32zmHc8xBrBXoKtq5DZO2bX3Zgip1MmDy8Vu/ + TEsdyLjAHO3N7bpzqFE+LRoMpfnWr8vZxZl3ceoh7ekc1QuUkqKXEmALkiIT22xr+w8GR17LQwy9 + l6olHFIt4WRoYNqtPXUF8VrLJ5JzvamBm9ofGKrxgavx+gy0onl9otO1z8pkn1H7bznRi66EOKX0 + NbSsmqIAqhcbPYIll5EilNU7awlV/GNMENKcP5Oj6RIm4yRc7E+C6QIh7e0dhFGk70XcJFzhjWmc + znOWJLiGolrkMHi2Sfrm4omMvtnemkj3V5WZpgnGtljTMAonPAz4OEoOduNxPN0L4/1pkgSwuwz5 + /nFypK1sjmeb0Q/8mPe8AoQlRs8zPym/UV6LHvEinxjXL5tFnsXkMq8EUOQxfF8XAJRl+Hhy5u36 + pSD8/Vb58yPu99qfH3G/V//siJFpEtMyWvHVVTdn9uqJ8ok42TR2hq2uSJUdbnxvKlny0RUSTJw+ + JR7dGOGoy2Rax16gWfFWWYL9ooKPP/QvKvgIxF9UMEgFTmggxJXJuHu6bLbPAdqVNdg79L7wGLoD + CobugILx0IATZlzcZJUURsTYDrKxf5aYr/+EVBbGwv3joyW7dxBc53+e0aPdnY0Cbs+5anIy3Flb + 9+pVPasNjhtZ/78bP2PMGcW1sNn5LfU9h7tklNU6l6RcO0Ceo42ewbUvaPc8PDz8BQAA//8DAJT3 + C8GbGwAA + headers: + Atl-Traceid: + - 3d643baa686a2c8d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a9d9d612-52cf-4cf7-9840-366ad69d56a6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '228' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f386509d-ce43-436a-829f-b943e41b109c - x-envoy-upstream-service-time: - - '35' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2260,110 +1717,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - c0651e86cdb34004 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+310/7++e2t/tbhm7 + NIF4WaEMM3zNQOnJ+uOoXWyPk04HbqxfVJK6ZbDqWwGRBIr1JbyVcQUpUppjkxe8xUYgF7QmiHiV + SEx+0HPqbYfxH7ttEUXBRcnJlrEfth/vnfEJZFXBTWmMKXlDKcOyQaxqSVnRS1Ss57zSWLK/BdGu + DQ/DLGF9x8jFxkffyzU+gb1MoN3bYQ/n8xcAAAD//wMApt6LAloBAAA= + headers: + Atl-Traceid: + - 300727f8becf2bd4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 934c119f-6b89-4fe4-a063-776a038b2c92 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '136' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fdc13abf-92c2-4507-a1e8-1681747ab8af - x-envoy-upstream-service-time: - - '71' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2373,93 +1787,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 7c97c6294f377125 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 4b7c18ec2fab3f64 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0a8750d0-e498-4c5b-b486-882302207011 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '203' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6018f81a-2880-492d-9998-03dddb971735 - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 4", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/2808]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2808 (2808)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/681]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Reporter:* + "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/231]\n\n*Defect + Dojo link:* http://localhost:8080/finding/231 (231)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -2472,53 +1887,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1683' + - '1257' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11067","key":"NTEST-878","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11067"}' + string: '{"id":"11761","key":"NTEST-1423","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11761"}' headers: - ATL-TraceId: - - c3384d5cbe9b969d - Connection: - - keep-alive + Atl-Traceid: + - c55ddf0de529294c + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 350f9b38-04fa-4063-bb01-cf960fc3b8fd X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '531' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ccf1d300-07aa-4941-984f-7fc8b8cd7b7e - x-envoy-upstream-service-time: - - '399' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2528,95 +1949,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-878 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1423 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/WEk9AMaSJ12VL08x2WmBpYdDSWWYtkQJJRfba/vcd - SSlOkzlr0wRIxCPv7bnnjvzowaaiPPMSTwLPQEL2G4MiUz1OS1A9la6gpD1RgaSaCa56kDFdgqa9 - dEV5DoXIezcgFe5BNoFKggKu3Vmv5zFjOQyDwyNcKCiWuFxpXanE9zNYQqoz8UEMqC6oUozyAQft - ow3t04r5kc+UqsHvDKxhi/oXs/F01h8djVCytMF6yUdPodNapVRDLuTWBZfhChWiIAr7QdyPRrMw - SoZhMvx5EITDn4IoCEyMxofeVmDNPDFGo++HQRBEt1m3iwxUKlllEEHpMVElLYoeyZjSjKeaVAxS - IGJJGiHXA6OdCn4li6+JQkFaS/BvGDT0hmoqf1XsH3heYpHq8gcnOsueh8EwHLXLGQb6fJdyzzOF - Rl8zqtamRvVCm69kSQsFPa+z4SXWyOeepxkSo8IiewmvMROvkuIDhvdE9Fpti52tRoedWdwp+C7S - K860RgOGX622SepPe1aJpW6oNIkpVlYFQ4Zk97JBcC1l4tEmHn1NuC3MrbMW6YoZYPHnLs5xYHga - xZsofrJhW0LLkh9U+/8RX+HhJjz8Pl+bzln78Yi3YbQZRt/nrSWn6j72evv82fT35o2bLlix6/dY - wTyXkGNfP6AhckoUtWszJ0lrpUVpR8QcPURH+zZGD2240eGkpjHt+POSftjzME39BjvO8ModsO1k - OC1Z6gL4+EBmGIcJqZWoi+yUqaqg25aXKG6oxknrBtm395Cbkrdz0XfWpGkQ+3kiaoNTaCJ9awSM - 516iZW1cpxIwV9N1D+dkPDiKD7s5eR+1YB+c4b6NaDcymJBMb5+Yb6fux982LllJc1C+0VCdEYaC - QjQDdZPvRsy5aLpRFHsGo3uJDLtECroAM0wMNe8dMl35nzCE+3gYjgweK6rGFUvPGV/bq/gUKnMz - 87SjiyVRY/duJVzwMV7MdFHABKhyFJTtl3d5fvXy7GJ+fnYyvpiO5+PJ5PUE88MGUggIHpitgFzi - 1OSaGL+EKSJ4sSXYkawwRokW5A8mKbmUUGLXklohvwa2R+9n8QsaDD6xIIhHR4nnLgysHYK/a6kv - 2hjLkDNOi/uH2ndFC68leYHRdZMA65pzuD1dV6Znv4LH7qXwROo55dvb6svL/dvYuKPbC5qu8SHV - Ua4z7nydtE+a7wq4exf53fMk6i5XDobqqSiEvHDRLIoa+rnE8bR7HAhyKlyxRVnhU4/rtgqP1e9L - cN7x3e/BjOkCDhJybUl1XDEyQ20SfzKpYWaFSGmxEkono2AU+EvGM5xZfoSr99bAqU0do/ogiCFF - ckD+X5U8M39/tAamgPTCGYKK2O1WdPJ2jKtr/Nc/DF0oBuW0gUHJtISBkLmPJKMGeIavEENOH48O - VrosbFzOzhtj54qvuWg62aUUWY3PnDHPseVKBNA3GRt/U3NVYiTkd9H0tdgDQdUaiN4Tn1yHCNZf - NZUaJNmZ3KMKO5+h1f77+JJMU8r3nDePK/9wFDqkX0jK05U/ozkGe4G1d9KaFdnZ6V3RiSgRJoLz - a3VHbKDeKg2lwtyzSjCkzkFi5bZiBuGSMq6YhgGyK4nj4b69fXIsilotBJVZV4PbWpzuOGi8HpNU - iDUDEyVZAHCiQJOGabyWNdE4Bt3DhSwLmvdIs2LpipRAucJN6k60FhA/tEBomuIYhYzcMEpq7IxU - biucQ3iMc3BX/8CEMkHG4oRNIemY2jTNQDRUVZZYyFPYDKpVZYmBlJ0vhZw7Z2pONT4kFjWWZv7s - 9dvj6WV/+qqPN5El89Xk3Bl9DJhXgElmCXk5nr3jOOyxs5E9CfkXAAD//+xZbWvbMBD+KyZQaEvt - 2E6cl8HoQtfBPmyUBTYo+6LYamNmW8Yv6UaX/77nJFlN3DiMbpR8CJSiVKe7q3T33HMXka/C79n1 - KqYaA+fmvLKvpNVm7x8NRGkcdRlQe3sMdKsliVWM36W6oy4Tz+UQFp+QvPeyS6Wo+LbkGcGBxczj - CjSx8ALhQK7EK27FGd4jlWcsUVCJZNgtqUKhOv7g2QVFR2YhBRTJs1jywH5RmFk5kyFSl3hWC3Gz - ESVoVDOeOMjikuLORNlGHJItClPY1/6VjYOkr6wRozv9lHF3/jHNWVjR//lZWLH8YAFN6LLk3Z/P - K56XVOELrlCGK2Gd1yZwZd5qdMSlzeZXtjfQIrkgLCI4O2V41OzMOj37jYdMKvEGOPKcPnpd9NEb - dm0EzQYVnapA0ZQ8lmh1S9Q1ou2NLlLmGlImL15y092CplnY4jDt2od8ZeGSMHcnOXSnxlydpoyq - e69VCunKiJqL4oWVnyjaJeCJyD+aquCODQeRt5gM3WABF8bjqef7IyIaRggW9ohxes9ZFMEGqn/v - yQdbt3nvDJqR0r29tgpvBzRDikksUct+4PnekHsuH/jRdBQOwmDshZMgilw2uvP45DJ6K7WcDGYn - /gf8qHN2yjJd5mxb/al06tJ+wI3YvkOR7eT1IolDujI7Z6ykG8N5WcrBo7F8f2OPnDwj/9tN/OF7 - 3B4FHL7H7XHCoXsMpIlU66658iYNvdFzMMonQmLVYSu0ugWYQvy6LkTO+7cAmHD5lHg0vsKuyWSy - owdxmmYXGmCPUPD6j36Egtfw+AgFnVDQ5g5gTr3HNZ1pGAh8v1ep+Egjcb12YVBULMFqh5auKZ1r - pnTtDTP1am8YxsazVVyITNEePQSo9dcw6uNfeYpGUmp4bJYaBV+AfBtfIPUbvRe9lP38wss6IcUb - tuXIpahmlfJjJar/NpJVuoxOmEIH+lXIgZUZAotCjoHIovFj21l/y1t9QN7Oer3+AwAA//8DAPKg - AyfNGwAA + H4sIAAAAAAAAA7xWa08jNxT9K9Z8amkyr6QQRqoqSrItLaUUAiuVXSHHczPjjcee2h6SdJf/3ut5 + JAtstoWqK6Qwftz3ucf3vQerksrUSzwNMgUN6SsOIjU9SQswPcNyKGhPlaCp5UqaHqTcFmBpj+VU + ZiBU1rsDbfAM0gsoNRiQtr3LKmNVMXcKb6MwjEJfw58VGDtdl3CuKbOcgdfzuLMfRQf7ES4MiDku + c2tLkwRBCnNgNlXvlE+toMZwKn0JNkBLNqAlD+KAG1NB0ClYwBrlz6aTy2k/GsYD3KpdMF7y3jPo + W2UYtZApvW5iSHGFEnEYx/1w1I8Op2GYRAfJYOQfhoffhHEYOiedEYuO12pe6KSTDzAVYbwJu12k + YJjmpUsc7h4RU1AheiTlxnLJLCk5MCBqTpZKL3wnzZS80uKZXlSSu3JRcUvvqKU6uOOwDGq3tg62 + R1E4iEbfG/4XfFdg2asCrTpYoMkpNQtXq2pm3Vcyp8JAz2sETzCuWrbn5RyBo1m+PoU7QF/D+55n + OSKrRJR4iawwRu8RTAZhd1Bq9Q4jemHCW+k63XUBu3S7xUcg2UZ1Jbm1qMB4G9sOqb/Ud42a2yXV + Dq+GF6Xg6HD6KHKsR42y4Wg1HD3T3c9UpotkU5dheIBuxMNVPPx/rTTVr7GIBqP9VbT/JQyuOouD + eDWIv4TFFuD390/hGO3CadwdzPnquuFArP7NW0RDlmnIkFaeYB39VKJquvyTWuODXQejXQeHT5U3 + lNbsOsKo2dtL+hEuqUVSb8jw+U3VUO2WXINGnXYtU38eq8pFGznCfO02uMy8xOoK7lsOddo0Z00O + 3j/Zc57hVZOrSqRjbkpB122b4Ta6Za+xnq712mxowGBdb3+KwL89HHUE/jhtG5p5fLCr4PGm4KXm + SnO7fmESO/Fg+Dwe5wXNwAROwnRKOG4ItfTNXbYlslO17Ahv6D2FNL6JbSCCzsBRlgPt49d6f0ca + ol0IjUYuHzk1k5KzUy4Xr9zJGEo3WUjWVbGu7bI+2+xIJSc4WNCZgAugpkGGbr+889OrH0/Obk9P + jidnl5PbycXFbxcYH7aWwYTghWkO5By5WVri7BJuiJJiTbDPuXBKiVXkZ64pOddQYKOTyiBm/U/1 + e4Tt5IUfeBiOQCZe815h7TD525560OBYhoxLKh5faueiNr01zgV613EE1jWTsLldla5p/wWOmxHm + hdBrhDdv4sOp43lo3MLtB8oWOAh2kOuUN7aO21nrPzncDWxBNzfF3RMuwUGdKaH0WePNTFTQzzSy + xnZcUWSsmmKrosRRVdq2Cp+r38PkvJHbv70ptwL2EnJTg+qo5GSK0mT4wYWGkQnFqMiVsckoHIXB + nMsUeTCIB9HbWn5cR45OvVPEYSLZI/8oSb7Cn69r8UucphyBoBi2euvTuAIyRvdxcwzMJ9F+jzgo + bZw+fj3Bsxv819+PGlddFdgS/IJbDb7SWYAgpK4wHGchB94Ar/q5LUTteKPn2um5kguplh8n5Vyr + tMLXdSIzbMsCkxy4rDibl8Aq5zD5SS37Vu1IU9kqiN+SgNxEmNDfK6otaLJVuUMUtjajWvqPo3Ny + yajccd+NecHocBPUR2Fcro2FwmAYaak4ImUvqffrCrmEFZRLwy34CCbMl8lniup0140n+sdbWDnN + R4QpteBAkDjJDEASA5YsucUH0BKLzGZc8oDMBc16ZJlzlpMCqDR4SJsbrQYM942cAaGMITVCSu44 + JRWinel1idyC96SE5pX1W29+/RsAAP//7Flta9swEP4rJlBIoXZtJ07SQekC22AfxkILK5RBUGyn + CY0lY9l1R5f/3uckRU3cuowySj4E8sGJpNNz57vnXoLXfKv6NQJzvUg5+ZbDrEyBdg7aAAWphNLK + WfK5KDJ1xhEFkS3DqiSuA8/epfyEQEH4snR0GnfYqmZ/SD0nZwpZJeHVDuPOFjg0YzxdeXjZkvS1 + 2mn9f3MyAN1G9gECg1BuIJJAWcE4ryI1+m69h0vEIFIGTEWaGzep69oTNZO5CgYEX/rg5YtcOTIu + mELe1Nw7ZSVqllkFV5p2f16Prybu1Q8X2VXFqLogF+S9FABdlmRLfux0j//COVal+ATXe1mUBG1F + SdDfLBBjleid71RhRaVSc2vUIsNvXbCpXplaFTavb2xL/X5bcerb4nQnZTapFqZk8YLCV9OyrLKM + Uc7oNAiWTEYFnyjemU8o8V8gQKhM/Z6cR3PW7yXBbNT3oxnwDodnQRgOKH3ZTbjhjW0pvc9xkuAO + 5JTOMwbXdBufrT+R0Df7RO3pHpKX2qYIxvQqURAG/TTw016YnA3iXhwNg3gUJYnPBvMgHV0k50rK + UW98FH7DR59zM8YNMbqu/kl6lXRrWMQNPWJcL69mq2VMJnNzxiRZDOdVAkB1hscvE3fg5ZzwN3vO + /UfcbFr3H3Gz6d13xKCgRPdppgLbrm4mZoZD8UScrHtBTWM3qMSw/WtVCDTnN2CeePEceDR6waqN + ZLrHDJxM8VYYgj1Qwce/9AMVfATiAxW0UoGtJwDxVkfcI01tzbMPuaJkZubcrEraRjy+HfE0F+zI + pLlgC7OU3y8LwXURYzrIyvy5oL/+C9J7Uf6/4ZwWZoXiJjQZv4QaM2wmanAhDflx82jY9d0A1B8x + pxu5J52MPVymslqR4C1l1YCgKMelVpzGlDREINXt77uHw53T5oBCu16vnwAAAP//AwCWaAJjyxoA + AA== headers: - ATL-TraceId: - - 7c49b5a9a00223b4 - Connection: - - keep-alive + Atl-Traceid: + - afcc59e5b64f6b8d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 99e1a6a5-9a20-4262-b211-efcd50664698 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '256' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fd91b0ea-2ec7-449b-b33e-a5e8117210cc - x-envoy-upstream-service-time: - - '159' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2626,94 +2051,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11067 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11761 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1m681a4gkohjTxumxpmtlOCywtDFo6S2wkUiCpyF7b/74j - JcWpM2dtmgCJeOS9PffckR8dWFeUp07sSOApSEh/Y1CkasBpCWqgkhxKOhAVSKqZ4GoAKdMlaDpI - csozKEQ2uAWpcA/SKVQSFHDdnnUGDjOWg8A/PMKFgmKFy1zrSsWel8IKEp2KD8KluqBKMcpdDtpD - G9qjFfNCjylVg9cbuIEN6l/MJ7P5cHw0RsnKBuvEHx2FTmuVUA2ZkJs2uBRXqBD6YTD0o2E4ngdh - PAri0c+uH4x+8kPfNzEaH3pTgTXzxBiNvhf4vh/eZd0tUlCJZJVBBKXHRJW0KAYkZUoznmhSMUiA - iBVphLxxjXYi+JUsviYKBUktwbtl0NBbqqn8VbF/4HmJRarLH1rRWfo88EfBuFvOMdDn25QHjik0 - +ppTdWNqVC+1+YpXtFAwcHobTmyNfB44miExKiyyE/MaM3EqKT5geE9Er9O22Nlq9NiZxb2CbyO9 - 4kxrNGD41WmbpP60Z5VY6YZKk5hiZVUwZEi6kw2CaykTjdfR+GvC7WDunHVIV8wAiz/3cY58w9Mw - WofRkw3bElqW/KC6/4/4Cg7XweH3+Vr3zrqPR7yNwvUo/D5vHTlV/7HX2+fPpr/Xb9rpghW7fo8V - zDIJGfb1Axoip0RRt23WSpJaaVHaEbFAD+HRvo3xQxvt6GilpjHt+HPiYdDNC8NgyZLW3ccHMsMv - DF/loi7SU6aqgm46FqIYgdJvsGcNMzsXVOOkbQfZt/dQOyXv5qLXWpOmQezniagNTjb2t0bAeObE - WtYmmEQC5mq67uGcjNyj6LCfk7uo+fvgDPZthNuRwYRkevPEfHt1L/q2cclKmoHyjIbqjTAUFKJx - 1W22HTHnoulHUeQYjHYSGfWJFHQJZpgYau4cMl35nzAE+3gYjA0eOVWTiiXnjN/Yq/gUKnMz86Qn - kKVVY/fuJFzwCV7MdFnAFKhqSSm7L+fy/Orl2cXi/OxkcjGbLCbT6esp5ocNpBAQPDDPgVzi1OSa - GL+EKSJ4sSHYkawwRokW5A8mKbmUUGLXklohv1zbo7tZ/IIG/U/M96PxUezstCxCnjFOCywmVmPb - Y2ZvV9a9Kzp4LckLjK6fBFjXjMPd6boyPfsVPG5fCk+kXqt8d1t9ebl/Gxu3dHtBkxt8SPWU6423 - vk66J813Bdy/i7z+eRL2lysHQ/VEFEJetNEsixqGmcSBtX0cCHIq2mKLssKnHtddFR6r6ZfgvOPb - 34M50wUcxOTakuq4YmSO2iT6ZFLDzAqR0CIXSsdjf+x7K8ZTnFleiKv31sCpTR2j+iCIIUV8QP5f - lTwzf3+0BmaA9MIZgorY7VZ08naCq2v8NzwM2lAMykkDbsm0BFfIzEOSUQM8w1eIIaeHR91cl4WN - q7Xzxti54jdcNL3sUoq0xmfOhGfYciUC6JmMjb+ZuSoxEvK7aIZa7IGg6gyE74lHrgME66+aSg2S - bE3uUYWtz8Bq/318SWYJ5XvOm8eVdzgOWqRfSMqT3JvTDIO9wNq30poV6dnpfdGJKBEmgvMrvyc2 - UG+UhlJh7mklGFLnILZyWzGDcEkZV0yDi+yKo2i0b2+fHIui8qWgMu1rcFeL0y0Hjddjkghxw8BE - SZYAnCjQpGEaL2pNNI7B9uFCVgXNBqTJWZKTEihXuEnbE50FxA8tEJokOEYhJbeMkho7I5GbCucQ - HuMc2seAa0KZImNxwiYQ90xtmsYVDVWVJRbyFNZulVeWGEjZxUrIRetMLajGp8WyxtIsnr1+ezy7 - HM5eDfEmsmS+mp63Rh8D5hVgkmlMXk7m7zgOe+xsZE9M/gUAAP//7FnbattAEP0VYQgkIZIl2fKl - UFKTptCHllBDC6Eva2kTi+qGbmlx/e89s7vaKIplSlqCHwwhrLOzM5PdmTNnxmlW+9+T6zqkGgPn - lrw0r4TVZu8fDQRxGPQZkHt7DPSrJYk6xO9C3lGfiedyCItPSN570aVSVHxb84TgwGD6cVM0sfAC - 4UCuhDU3wgTvEYszRppTiWTYLahCoTr+4MkFRUdiIAUk7TNY9MB+UZgZGRMhUhV4VgNx04oSNKoJ - jyxkcUFxp6OsFYdki8IU9pV/ReMg6SsqxOhOP0XcnX+MM+aX9H9+To1QfDCAJnRZ4u7PlyXPCqrw - OZcow6WwymsduCJvFTri0hbLK9MZKZEsJSwiODtleNTkzDg9+42HjMr0DXDkOX10+uijM+7b8Npk - ocxRNAWPJaLdEbW1aHejj5TZmpSJixfcdLegbhaQksxfE6zuaE26tbCrZa7NVXHMqLoPOqWQroyo - eZq/sPITRbsEPBH5R1Pl3bHxKHBWs7HtreDCdDp3XHdCREMLwcIeMU7vuQgC2ED1Hzz6YKo2751G - M1K6t9eW4W2BZggxgSVyOfQc1xlzx+YjN5hP/JHvTR1/5gWBzSZ3Dp9dBm+FlpPR4sT9gB95zoxZ - osqcaco/FVZVmA+4EdO1KLKtrFpFoU9XZmaMFXRjOC9KOXg0lu9vzImVJeR/t4k/fI+7o4DD97g7 - Tjh0j4E0gWzmFVdu09AbNQejfCIklh22RKtbgCnEr6s8zfjwFgDjrx8Tj8ZX2NWZTHbUIE7R7FwB - 7BEKXv/Rj1DwGh4foaAXCrrcAcxpsNnSmYZxwPd7mYobGomrtQ2DackirHZo6ZvS2XpK193QU6/u - hmZsPKnDPE0kJ1JDgEp9DSM//pWnaCSFhk2zVCj4AuRrfYE0bPReDGL28wsvqogUt2yLkUteLkrp - R52W/20kK3VpnTCFDvRrKgZWzViY5sw0BiKL2o+nzrpPvFUHxO1st9s/AAAA//8DACSWnm7NGwAA - headers: - ATL-TraceId: - - de4a2ecffa9babc9 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZmtl73EETAMWexu3bIsS5wUWFoENHUtsaZIjaRie23/+y71 + sFsn7pYMKwI44uO+zz287zxYlVSmXuJpkCloSF9wEKnpSVqA6RmWQ0F7qgRNLVfS9CDltgBLeyyn + MgOhst49aINnkF5CqcGAtO1dVhmrirlTeBeFYRT6Gv6swNjpuoQLTZnlDLyex539KDo6jHBhQMxx + mVtbmiQIUpgDs6l6q3xqBTWGU+lLsAFasgEteRAH3JgKgk7BAtYofz6dXE370TAe4FbtgvGSd55B + 3yrDqIVM6XUTQ4orlIjDOO6Ho350PA3DJDpKBiP/ODz+JozD0DnpjFh0vFbzTCedfICpCONN2O0i + BcM0L13icPeEmIIK0SMpN5ZLZknJgQFRc7JUeuE7aabktRZP9KKS3JWLijt6Ty3VwT2HZVC7tXWw + PYrCQTT63vC/4LsCy14VaNXBAk1OqVm4WlUz676SORUGel4j+BLjqmV7Xs4ROJrl6zO4B/Q1/NDz + LEdklYgSL5EVxujtwGQQdgelVm8xomcmvJWu010XsEu3W3wEkm1U15JbiwqMt7HtkPpLfdeouV1S + 7fBqeFEKjg6nO5FjPWqUDUer4eiJ7n6mMl0km7oMwyN0Ix6u4uH/a6Wpfo1FNBgdrqLDL2Fw1Vkc + xKtB/CUstgD/8OEhHKN9OI27gzlf3TQciNW/fYNoyDINGdLKA6yjn0pUTZc/qjU+2ncw2ndw/FB5 + Q2nNriOMmr29pB/hklok9YYMn95UDdVuyTVo1GnXMvXnqapctJEjzFdug8vMS6yuAFOLSu0NVsM1 + TuNcrc/p15w1WXn3YM/5isImV5VIx9yUgq7bxnPl0oDBut5+jMC/PR51BL6btg3N7B7sK3i8KXip + udLcrp+ZxE48GD6Nx3lBMzCBkzCdEo4bQi19c59tiexMLTvCG3oPIY1vYhuIoDNwlOVAu/taH+5J + Q7QPodHI5SOnZlJydsbl4oU7GUPpJgvJuprVlVzWZ5sdqeQEBws6E3AJ1DQ40O2Xd3F2/ePL87uz + l6eT86vJ3eTy8rdLjA9by2BC8MI0B3KB3CwtcXYJN0RJsSbY51w4pcQq8jPXlFxoKLDRSWUQs/5j + /R5hO3nhex6GI5CJt9PMmPKMSyqwmFiNbZO5s929di5q01ujWqB3HUdgXTMJm9tV6Zr2X+C4GWGe + Cb1GePMmfjp1PA2NW7j9QNkCB8EOcp3yxtZpO2v9J4e7gS3o5qa4e8IlOKgzJZQ+b7yZiQr6mUaO + 2I4rioxVU2xVlDiqSttW4XM1/TQ5r+X272DKrYCDhNzWoDopOZmiNBm+d6FhZEIxKnJlbDIKR2Ew + 5zJFHgziQfSmlh/XkaNTbxVxmEgOyD9Kkq/w5+ta/AqnKUcgKIat3vo0roCM0X3cHAPzSXTYIw5K + G6dPX03w7Bb/9Q+jxlVXBbYEv+BWg690FiAIqSsMx1nIgTfAq35uC1E73ui5cXqu5UKq5cdJudAq + rfB1ncgM27LAJAcuK87mFbDKOUx+Usu+VXvSVLYK4jckILcRJvT3imoLmmxV7hGFrc2olv7j5IJc + MSr33HdjXjA63gT1URhXa2OhMBhGWiqOSDlI6v26Qi5hBeXScAs+ggnzZfKZojrdd+OB/vEWVk7z + CWFKLTgQJE4yA5DEgCVLbvG5s8QisxmXPCBzQbMeWeac5aQAKg0e0uZGqwHDfS1nQChjSI2QkntO + SYVoZ3pdIrfgPSmheVP91ptf/wYAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfxkoLK5RBUGyn + CY0lY9l1R5f/3uckRXW9uIwySj4E8sGJ5LtHp3t57oJrvlX9GoG5XqacfMthVqZAO4fTAAUdCdTK + WfGFKDL1jiMKSrYMq5JyHfLsXcpPCBSEr0pHF22HrWv2m47n5EwhqyS82mHcaYBDM8bTtYfLlnRe + ezp9/l+cDEDayD5AYBDKLUQSKCsYZydSc97GPVwiBlEyYCo6uXGTuq49UTOZq2BA8KUPXr7MlSND + wQzyZkbvjJVgKPMKrjTr/7ieXl24V99dVFcVo0pBLsh7KQD6LMlW/NjpH/+Bc6xL8RGu9zcpCbpI + STBsVpoSvfOdIlZEjNpbow4ZfudCV6n3balXd6AYz+6NXeTUt+QU1mLxkiJ0B0dup15ZZRmjmtFr + JVgyGRE+UbyxnlDhP0eAEE39lpxFCzYcJMF8MvSjOfCOx6dBGI6ofNlN0PDKtpTuc5ok0IGa0nvG + 4Jpu45P1JxL6ap+oPd1D8VLbVIIxvUoUhMEwDfx0ECano3gQR+MgnkRJ4rPRIkgn58mZknI0mB6F + X/HR77kZ4yYxuq7+SXqVdGtYxA09yrheXs3Xq5hM5uaMSbIY3lcFAOwMj58v3JGXc8Lf7jn3H3G7 + ad1/xO2md98RIwUluiszDKzJbi7MDIfiiXKy7gV1GrsBE8P2L1Uh0JzfIMHEy+fAo9ELVm0kkx4z + cDLkrTAJ9pAK3v/SD6ngPRAfUkFnKrD8ARBvdcQ90tTWPPuQK0pmZs5tVtI14vHtiKe9YEcm7QVL + zFJ+vyoE1wzHdJCV+XNBf/0npCLTEh63jybZvSHBNf4X+bCVe9LL2MNlKqs1CW7oVv16UU5LjeNe + lP9vSKiFWaHQhWbnp1Djju0cj8aUNEQglRbIS7ThC7jmBWWezWbzBAAA//8DAEN1vl7LGgAA + headers: + Atl-Traceid: + - d906644ae181d35c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 84ca6929-6bbb-499c-ad90-af564e00a7fa X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '257' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 83bfcde6-5f0a-464d-9909-10ae03710dd0 - x-envoy-upstream-service-time: - - '151' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2723,174 +2152,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtNusuYkeVGQVtnuSRZJmipW0KU0qLMv+d1Nc/LgN7zzP - vMwJjA60nxwoeI9xDGq1stRSE63/8ExHp0Po9MAGipDBJ02h80OCOSJnyDDfbW9edvfP9e92O/cm - TaBeFyjDDA8ZWBqdP/Y0xPo4Ujpw6/xsk2TmztlvBdQirOUlvNNxAQUKnmOZC1nzUiFXRckQ8QoF - YvIDTam37vp/7KbmQhWJlay4lj9s0z8MrU+gFBtZrVujm4IKTRU2bSUrY42W2DaIuiylNFT8KYhu - aXjsJg3LO62eXXzyjV7iE7jLBDS87XdwPn8BAAD//wMAmOxbtFoBAAA= - headers: - ATL-TraceId: - - fe11a69db623d4c8 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUVAuSiRbRn/Yfrx3xiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4WGYJazvGLnY+Oh7ucYnsJcJtHs77OF8/gIAAP//AwDnJZaCWgEAAA== + headers: + Atl-Traceid: + - a15f51c91bd34ac2 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8cc869bc-3f36-4d06-be34-97db766af5ba - x-envoy-upstream-service-time: - - '39' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 70c6477b8f68a682 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fecbb7ec-baa9-436f-91f6-6e028ea6ed13 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f12e5e6c-886d-49e6-8620-f2c593f912dc - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2900,94 +2222,98 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11067 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11761 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1m681a4gkohjTxumxpmtlOCywtDFo6S6wlUiCpyF7b/74j - JcVpMmdtmgCJeOS9PffckR8d2FSUp07sSOApSEh/Y1CkasBpCWqgkhxKOhAVSKqZ4GoAKdMlaDpI - csozKEQ2uAGpcA/SKVQSFHDdnnUGDjOWg8A/PMKFgmKFy1zrSsWel8IKEp2KD8KluqBKMcpdDtpD - G9qjFfNCjylVg9cbWMMW9S/mk9l8OD4ao2Rlg3Xij45Cp7VKqIZMyG0bXIorVAj9MBj60TAcz4Mw - HgXx6GfXD0Y/+aHvmxiND72twJp5YoxG3wt83w9vs+4WKahEssoggtJjokpaFAOSMqUZTzSpGCRA - xIo0Qq5do50IfiWLr4lCQVJL8G4YNPSGaip/VewfeF5ikeryh1Z0lj4P/FEw7pZzDPT5LuWBYwqN - vuZUrU2N6qU2X/GKFgoGTm/Dia2RzwNHMyRGhUV2Yl5jJk4lxQcM74noddoWO1uNHjuzuFPwXaRX - nGmNBgy/Om2T1J/2rBIr3VBpElOsrAqGDEnvZYPgWspE4000/ppwO5g7Zx3SFTPA4s9dnCPf8DSM - NmH0ZMO2hJYlP6ju/yO+gsNNcPh9vja9s+7jEW+jcDMKv89bR07Vf+z19vmz6e/Nm3a6YMWu32MF - s0xChn39gIbIKVHUbZu1kqRWWpR2RCzQQ3i0b2P80EY7OlqpaUw7/px4GHTzwjBYsqR19/GBzPAL - w1e5qIv0lKmqoNuOhShGoPQb7FnDzM4F1Thp20H27T3UTsnbuei11qRpEPt5ImqDk439rREwnjmx - lrUJJpGAuZquezgnI/coOuzn5H3U/H1wBvs2wn0bo90sYUIyvX0iEL26F33bHGUlzUB5RkP1RhgK - CtG46ibbzZ5z0fQzKnJsJZdghomh5r2kTFf+Z7bBPh4GY5N2TtWkYsk542t7FZ9CZW5mnvQEsrRq - 7N6thAs+wYuZLguYAlUtKWX35VyeX708u1icn51MLmaTxWQ6fT3FNLCBFOaNB+Y5kEucmlwT45cw - RQQvtgQ7khXGKNGC/MEkJZcSSuxaUivkl2t79H4Wv6BB/xPz/Wh8FDv3WhaRzRinBdYMQd/1mNm7 - L+veFR28luQFRtdPAixfxuH2dF2Znv0KHrcvhScyrFW+va2+vNy/jXQ7Vr2gyRofUj2zeuOtr5Pu - SfNdAffvIq9/noT95crBMDoRhZAXbTTLooZhJnFg7R4HgpyKttiirPCpx3VXhcdq+iU47/ju92DO - dAEHMbm2pDquGJmjNok+mdQws0IktMiF0vHYH/veivEUZ5YX4uq9NXBqU8eoPghiSBEfkP9XJc/M - 3x+tgRkgvXBUoCI2tRWdvJ3g6hr/DQ+DNhSDctKAWzItwRUy85Bk1ADP8BViyOnhUTfXZWHjau28 - MXau+JqLppddSpHW+MyZ8AxbrkQAPZOx8TczVyVGQn4XzVCLPRBUnYHwPfHIdYBg/VVTqUGSnck9 - qrDzGVjtv48vySyhfM9587jyDsdBi/QLSXmSe3OaYbAXWPtWWrMiPTu9KzoRJcJEcH7ld8QG6q3S - UCrMPa0EQ+ocxFZuK2YQLinjimlwkV1xFI327e2TY1FUvhRUpn0NbmtxuuOg8XpMEiHWDEyUZAnA - iQJNGqbxotZE4xhsHy5kVdBsQJqcJTkpgXKFm7Q90VlA/NACoUmCYxRScsMoqbEzErmtcA7hMc6h - fQy4JpQpMhYnbAJxz9SmaVzRUFVZYiFPYeNWeWWJgZRdrIRctM7Ugmp8WixrLM3i2eu3x7PL4ezV - EG9OS+ar6Xlr9DFgXgEmmcbk5WT+juOwx85G9sTkXwAAAP//7FnbattAEP0VYQgkIZIl2fKlUFKT - ptCHllBDC6Eva2kTi+qGbmlJ/e89s7vayIplSlqCHwwhrLO7M5PZmTNnxmlW+9+T6zqkGgPjlrw0 - r4TWZu8fFQRxGPQpkHt7FPSLpRN1iN+F9FGfiufnEBafkLz3okulqPi25gnBgcH046ZoYmEFwoFM - CWtuhAneIxZ3jDSnEsmwW1CFQnX8wZMLio7EQApI2mew6IH9ojAzMiZCpCrwrAbiphUlaFQTHlnI - 4oLiTkdZKw5JF4Up9Cv7isZAkldUiNGddoq4O/8YZ8wv6f/8nBqh+GAATchZwvfny5JnBVX4nEuU - 4fKwymsduCJvFTrCaYvllemM1JEsJSwiODtleNTkzDg9+42HjMr0DXDkOX10+uijM25zgjJHbRR0 - lfh096jXI8Pu3dCkTPhXMM3dB/tImq2bhS1e0619yFfmrwlzd5JDe67tqOKYUXUfdEohuYyoeZq/ - sPITRbsEPBH5R1Pl3bHxKHBWs7HtrWDCdDp3XHdCREMfgoY9xzi95yIIoAPVf/Bkg6navHcazUjo - 3l5bhrcFmiGOCSyRy6HnuM6YOzYfucF84o98b+r4My8IbDa5c/jsMngrpJyMFifuB/zIe2bMElXm - TFP+qbCqwnyAR0zXosi2smoVhT65zMwYK8hjuC9KOXg0lu9vzImVJWR/t4k/fIu7o4DDt7g7Tjh0 - iwFBgWzmFVdu09AbNQejfCIklh22hLFbgCmOX1d5mvHhLZDHXz8lHo2vsKszmfSoQZyi2bkC2CMU - vP6jH6HgNSw+QkEvFHS5A5jT4HFDdxoGAtvvZSo+0khcrW0oTEsWYbVDSt+Uzu6b0tl6Stfd0IyN - J3WYp4mkPWoIUKmvYeTHv7IUjaSQ8NgsFQq+APlaXyANG7kXg5j9/MKLKiLBLd1i5JKXi1LaUafl - fxvJSllaJlShA/2aioFVMxamOTONgUijtmPbWHfLWnVBeGez2fwBAAD//wMAISWk+80bAAA= - headers: - ATL-TraceId: - - c07d61332af18203 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN3uJI2AYstjdumVZljgpsLQIaOossaZIjaRie23/+456 + sVsn7pYMKwI4Eo/3/tyje+fBqqQy9RJPg0xBQ/qCg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQRuUQXoJpQYD0rZ3WWWsKubO4F0UhlHoa/izAmOn6xIuNGWWM/B6Hnf+o+joMMIXA2KO + r7m1pUmCIIU5MJuqt8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGCN+ufTydW0Hw3jAR7VIRgveecZ + jK0yjFrIlF43OaT4hhpxGMf9cNSPjqdhmERHyWDkH4fH34RxGLognROLgddmnhmk0w+wFGG8Sbt9 + ScEwzUtXODw9IaagQvRIyo3lkllScmBA1JwslV74Tpspea3FE6OoJHftouKO3lNLdXDPYRnUYW0D + bEVROIhG3xv+F3xXYNurAr06WKDLKTUL16tqZt1TMqfCQM9rFF9iXrVuz8s5AkezfH0G94Cxhh96 + nuWIrBJR4iWywhy9HZgMwn2CqBOUWr3FVJ/ZiVa77kPd2a4P7uUj9GzTvZbcWjRgvI1vB+Ff6rtG + ze2Sagdkw4tScAw43SkJNqqG33C0Go6eGO5nWtZlsmnYMDzCMOLhKh7+v14aWNQgRYfR4So6/BIO + V53HQbwaxF/CY4v8Dx8ewjHu4Djnq5uGA7HJt2+w6VmmIUNaeYB1DEeJqpnyR0EeH+0TjPYJjh8a + byitOXWEUbO3l/QjfKUWSb0hw6fPTkO1W3INGnPaTUb9eKoql23kCPOVO+Ay8xKrK8AKolF7g0V3 + 89EEV9tz9jVnTVXePThzsaKyyVUl0jE3paDrdr5cVzRgsm6EHyPwb49HHYHvlm0fzcQbmtkVbBq+ + KxhsiYkrze36mdXt1IPh0wieFzQDEzgN0xnheCDU0jf32ZbIztSyI7yhVzdkBo6ZHGh3v9aHe7KN + 9iE0Grm0c2omJWdnXC5eOMkYSrdZSNb1rO7kspZtTqSSE1ws6EzAJVDT4EC3T97F2fWPL8/vzl6e + Ts6vJneTy8vfLjENHC2DeeOFaQ7kAilYWuL8Em6IkmJNcJy5cEaJVeRnrim50FDgPJPKIGb9x8Y6 + wnHywvc8DEcgE29nmLGyGZdUYM+w6Nshc7Lds3Yvastbo1pgdB1HYPsyCZvbVemG9l/guFlhnomw + Rnnz6ft063ga6Lao+oGyBS6CHbI6442v03bX+k8Bdwtb0O1NcfelluAQzZRQ+ryJZiYq6GcaOWK7 + rigyVk2zVVHiqipt24XP9fTT4ryW27+DKbcCDhJyW4PqpORkitpk+N6lhpkJxajIlbHJKByFwZzL + FHkwiAfRm1p/XGeOQb1VxGEiOSD/qEm+wp+va/Ur3KYcT6AaTnQb07gCMsbw8XAMzCfRYY84KG2C + Pn01Qdkt/usfRk2orgtsCX7BrQZf6SxAEFLXGI4rjwNvgFf93BaiDryxc+PsXMuFVMuPi3KhVVrh + R3QiMxzLAoscuKo4n1fAKhcw+Ukt+1btKVPZGojfkIDcRljQ3yuqLWiyNblHFbY+o1r7j5MLcsWo + 3HPfbXPB6HiT1EdpXK2NhcJgGmmpOCLlIKnP6w65ghWUS8Mt+AgmrJfJZ4rqdN+NB/bHW1g5yyeE + KbXgQJA4yQxAEgOWLLnFz50lFpnNuOIBmQua9cgy5ywnBVBpUEibG60FTPe1nAGhjCE1QkruOSUV + op3pdYncgvekhOab6rfR/Po3AAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/GSgsrlEFQbKcJ + jSVj2XVHl//e5yRFdby6jDJKPgTywYmlu0ene3nugmu+Vf0agbleppx8y2FWpkA7h9MABR0JDMpZ + 8YUoMrXHEQUlW4a3knId8uxdyk8IFISvSkcXbYeta/abjufkTCGrJLzaYdxpgEMzxtO1h8uWdF57 + On3+X5wMQNrIPkBgEMotRBIoKxjnRaTmvI17uEQMomTAVHRy4yZ1XXuiZjJXwYDgSx+8fJkrR4aC + GeTNjN4ZK8FQ5hVcadb/cT29unCvvrtgAypGlYJckPdSAPRZkq34sdM//gPnWJfiI1zvb1ISdJGS + YNisNCV65ztFrIgYtZdGHTL8zhe21CtTK/7y8sKu0u9bcrpTLdsZtb3LMleYksVLCl+dlmWVZYxq + Rq+VYMlkRPhE8cZ6QoX/HAFCNPVbchYt2HCQBPPJ0I/mgDQenwZhOKLyZRdBwyvLUrrPaZJAB2pK + 7xmDa5qKT9afSOir7aD2dA/FSy1TCca0JFEQBsM08NNBmJyO4kEcjYN4EiWJz0aLIJ2cJ2dKytFg + ehR+xUfvczPGTWJ0Xf2T9Crp1rCIG3qUcb28mq9XMZnMzRmTZDHsVwUA7AyPny/ckZdzwt9uLfcf + cbs33X/E7d523xEjBSW6KzMMrMluLsyohuKJcrLuBXUauwETw/IvVSHQg98g88TL58CjCQve2kgm + PWbgZMhbYRLsIRW8/6UfUsF7ID6kgs5UYIkGIN7qiHuk4ax59iFXlMzMnNvEo2vE43eNeHw74mm/ + sMQs5ferQnBNYkwHWZk/F/TXf0IqMi3hcftokt0bElzjf5EPW7knvYw9XKayWpPghm7VrxfltNQ4 + 7kX5/4aEWpgVCl1odn4KNe7YzvFoTElDBFJpgeyiDXfgmg3KPJvN5gkAAP//AwDIUSNUyxoAAA== + headers: + Atl-Traceid: + - e8fed8d5a904c62b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 243b4769-5738-45e1-95fa-250ffa9ac518 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '249' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7a7210ba-b345-4381-a764-ec8c0df4334c - x-envoy-upstream-service-time: - - '151' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2997,92 +2323,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 2afd80e108344baa - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 7e39aaea81ae2944 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e3210370-fb8d-4c53-b641-97eaeac85195 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '185' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2586218c-e500-4183-9294-2a6a47dfb9ba - x-envoy-upstream-service-time: - - '93' status: code: 200 message: OK - request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/2808]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2808 (2808)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/681]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then it should always be passed using an - encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n*Reporter:* + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/231]\n\n*Defect + Dojo link:* http://localhost:8080/finding/231 (231)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Jira Api Test 4"}, "update": {}}' headers: @@ -3095,51 +2422,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1637' + - '1211' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11067 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11761 response: body: string: '' headers: - ATL-TraceId: - - 112fbcbfb94c535d - Connection: - - keep-alive + Atl-Traceid: + - 07ae77d141c5ae86 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d1a5aa32-ef13-4392-8e71-6c9a5fdeea79 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9a4689ee-e149-4035-964c-a36ac8a57437 - x-envoy-upstream-service-time: - - '127' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3149,89 +2482,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11067 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11761 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1m681a4gkohjTxumxpmtlOCywtDFo6S6wlUiCpyF7b/74j - JcVpMmdtmgCJeOS9PffckR8d2FSUp07sSOApSEh/Y1CkasBpCWqgkhxKOhAVSKqZ4GoAKdMlaDpI - csozKEQ2uAGpcA/SKVQSFHDdnnUGDjOWg8A/PMKFgmKFy1zrSsWel8IKEp2KD8KluqBKMcpdDtpD - G9qjFfNCjylVg9cbWMMW9S/mk9l8OD4ao2Rlg3Xij45Cp7VKqIZMyG0bXIorVAj9MBj60TAcz4Mw - HgXx6GfXD0Y/+aHvmxiND72twJp5YoxG3wt83w9vs+4WKahEssoggtJjokpaFAOSMqUZTzSpGCRA - xIo0Qq5do50IfiWLr4lCQVJL8G4YNPSGaip/VewfeF5ikeryh1Z0lj4P/FEw7pZzDPT5LuWBYwqN - vuZUrU2N6qU2X/GKFgoGTm/Dia2RzwNHMyRGhUV2Yl5jJk4lxQcM74noddoWO1uNHjuzuFPwXaRX - nGmNBgy/Om2T1J/2rBIr3VBpElOsrAqGDEnvZYPgWspE4000/ppwO5g7Zx3SFTPA4s9dnCPf8DSM - NmH0ZMO2hJYlP6ju/yO+gsNNcPh9vja9s+7jEW+jcDMKv89bR07Vf+z19vmz6e/Nm3a6YMWu32MF - s0xChn39gIbIKVHUbZu1kqRWWpR2RCzQQ3i0b2P80EY7OlqpaUw7/px4GHTzwjBYsqR19/GBzPAL - w1e5qIv0lKmqoNuOhShuqMa52o6tb++YdibeTkGvtSZNO9jPE1EbVGykb42A8cyJtayNa7Sp3+C4 - ME3RgSEBczVd93BORu5RdNjPyfuo+fvgDPZthPs2RrtZwoRkevtEaHp1L/q2OcpKmoHyjIbqjTAU - FKJx1U22mz3noulnVORYOJdghomh5r2kTFf+Z7bBPh4GY5N2TtWkYsk542t7FZ9CZW5mnvQEsrRq - 7N6thAs+wYuZLguYAlUtKWX35VyeX708u1icn51MLmaTxWQ6fT3FNLCBFOaNB+Y5kEucmlwT45cw - RQQvtgQ7khXGKNGC/MEkJZcSSuxaUitknGt79H4Wv6BB/xPz/Wh8FDv3WhaRzRinBdYMQd/1mNm7 - L+veFR28lvYFRtdPAixfxuH2dF2Znv0KHrcvhScyrFW+va2+vNy/jXQ7Vr2gyRofUj2zeuOtr5Pu - SfNdAffvIq9/noT95crBMDoRhZAXbTTLooZhJnFg7R4HgpyKttiirPCpx3VXhcdq+iU47/ju92DO - dAEHMbm2pDquGJmjNok+mdQws0IktMiF0vHYH/veivEUp5gX4uq9NXBqU8eoPghiSBEfkP9XJc/M - 3x+tgRkgvXBUoCI2tRWdvJ3g6hr/DQ+DNhSDctKAWzItwRUy85Bk1ADP8BViyOnhUTfXZWHjau28 - MXau+JqLppddSpHW+MyZ8AxbrkQAPZOx8TczVyVGQn4XzVCLPRBUnYHwPfHIdYBg/VVTqUGSnck9 - qrDzGVjtv48vySyhfM9587jyDsdBi/QLSXmSe3OaYbAXWPtWWrMiPTu9KzoRJcJEcH7ld8QG6q3S - UCrMPa0EQ+ocxFZuK2YQLinjimlwkV1xFI327e2TY1FUvhRUpn0NbmtxuuOg8XpMEiHWDEyUZAnA - iQJNGqbxotZE4xhsHy5kVdBsQJqcJTkpgXKFm7Q90VlA/NACoUmCYxRScsMoqbEzErmtcA7hMc6h - fQy4JpQpMhYnbAJxz9SmaVzRUFVZYiFPYeNWeWWJgZRdrIRctM7Ugmp8WixrLM3i2eu3x7PL4ezV - EG9OS+ar6Xlr9DFgXgEmmcbk5WT+juOwx85G9sTkXwAAAP//7Flta9swEP4rJlBoS+3YTpyXwehC - 18E+bJQFNij7othqY2Zbxi/pRpf/vuckRXWdOIxulHwIhKBE57uLdPfccxeRr8Lv2fUqphoD5+a8 - sq+k1c3ePxqI0jjqMqD29hjoVksSqxjvpTqjLhPbcgiLT0jee9mlUlR8W/KM4MBi5nIFmlh4gXAg - V+IVt+IM95HKZyxRUIlk2C2pQqE6/uDZBUVHZiEFFO2zWPLAflGYWTmTIVKXuFYLcdOIEjSqGU8c - ZHFJcWeirBGHZIvCFPa1f+XGQdJX1ojRnX7KuDv/mOYsrOh3fhZWLD9YQBM6LHn25/OK5yVV+IIr - lOFKWOe1CVyZtxodcWiz+ZXtDbRILgiLCM5OGS41O7NOz37jIpNKvAGObNNHr4s+esOujaBJFqoC - RVMyWyLaLVHXiLY3DCmT5yuZ5m7BLpLmmmYBKcnCJcHqjtakXQvbWqbGjzpNGVX3XqsU0pERNRfF - Cys/UbRLwBO1A2iqgjs2HETeYjJ0gwVcGI+nnu+PiGgYIVjYI8bpPmdRBBuo/r0nH2zd5r0zaEZK - 9/baKrwd0AwpJrFELfuB53tD7rl84EfTUTgIg7EXToIoctnozuOTy+it1HIymJ34H/BSz9kpy3SZ - s231VenUpf2AE7F9hyLbyetFEod0ZHbOWEknhudlKQePxvL9jT1y8oz8bzfxh+9xexRw+B63xwmH - 7jGQJlLNvObKTRp6o+dglE+ExKrnVmh1CzCF+HVdiJz3b4E84fIp8Wh8hV2TyWRHD+I0zS40wB6h - 4PUv/QgFr+HxEQo6ocAQC7h4rzLukSbfeu1Cr6hYgtUOJgSa1Xtc97Y3uqZ0bteUzjVTuvaGYWw8 - W8WFyBQn0kOAWv8Noz7+1U9AIyk1PG6WGgVfgHyNP5D6G70XvZT9/MLLOiHFDdty5FJUs0r5sRLV - fxvSKl1GJ0yhA/0q5MDKjIVFIcdAZNH48dxZ/5m3+gF5Ouv1+g8AAAD//wMAjg8AM80bAAA= - headers: - ATL-TraceId: - - 41900379934665a4 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3uJI2AYstjdumVZljgtsLQIaOossaZIjaRie23/+456 + sduk7pYMKwqkFsm7e+7uuYd868G6ojLzUk+DzEBD9oyDyIwvaQnGN6yAkvqqAk0tV9L4kHFbgqU+ + K6jMQajcvwNtcA+yS6g0GJC2O8tqY1W5cA5v4yiKo0DDnzUYO9tUcKEps5yB53vcxY/jo8MYPwyI + BX4W1lYmDcMMFsBspt6ogFpBjeFUBhJsiJFsSCseJiE3poawd7CEDdqfz6ZXs0E8Soa41EAwXvrW + M4itNoxayJXetDlk+IUWSZQkg2g8iI9nUZTGR+lwHBxHx99ESRQ5kC6IReCNmyeCdPYhliJKtml3 + HxkYpnnlCoerJ8SUVAifZNxYLpklFQcGRC3ISull4KyZktdaPBJFLblrFxW39I5aqsM7DquwgbUD + 2G3F0TAef2/4X/BdiW2vS4zqaIEhZ9QsXa/quXW/0gUVBnyvNXyOeTW2vldwJI5mxeYM7gCxRu99 + z3JkVoUs8VJZY47ePZoMo30bcb9RafUGU31iJzrrpg9NZ/s+uI8P2LNL91pya9GB8baxHYV/ac4a + tbArqh2RDS8rwRFwdq8k2KiGfqPxejR+JNzPtKzPZNuwUXSEMJLROhn9v1FaWjQkxYDx4To+/BIB + 133EYbIeJl8iYsf89+8f0jHp6bjg6xetBmKTb15j0/NcQ46y8oDrCEeJup3yT5I8Odq3Md63cfzQ + eStp7aoTjEa9vXQQdzrmqqI5a3G8fbDmuIoJm0LVIptwUwm66RiNyytq8Vpo5fTx09eK9U6ew9ad + drPV/DxVtatXA/WlW+Ay91KraxcbndoX2DY3YV01NGCyboQ/JeDfHo97Ab9ftn0yk2xl5v7GtuGV + 5kpzu3liCXrzcPQ4HeclzcGEzsL0TjguCLUKzF2+06sztep1beQ9ZC7eiV0igs7BKZMj7f3b+nBP + GeJ9DI3Hrh4FNdOKszMul8/czgQq97KQrGdQw6tVs7ddkUpO8WFB5wIugZqWlbr75V2cXf/4/Pz2 + 7Pnp9Pxqeju9vPztEvPD0TJYEDwwK4BcoARLS1xcwg1RUmwIjjMXzimxivzMNSUXGkqcZ1IbZFzw + qbGOcZy86B2PojHI1GvvK+wdFn83Ux8NOLYh55KK+4e6d1FX3ob3AtH1GoF9zSVsT9eVG9p/weP2 + CfNE6rXG26vv41fH49i4o9sPlC3xIdhTrnfexjrt3lr/CXD/YAv7d1PS39QSHNWZEkqft2jmooZB + rlGxds8VRSaqbbYqK3yqStt14XP9+7g4r+Tu38GMWwEHKblpSHVScTJDazJ651LDzIRiVBTK2HQc + jaNwwWWGKhYmw/h1Yz9pMkdQbxRxnEgPyD9akq/wz9eN+RW+ppyAoBmOeodpUgOZIHxcnAALSHzo + E0elLejTl1Pcu8H/BodxC9V1ga0gKLnVECidh0hC6hrD8cnjyBvi0aCwpWiAt35eOD/XcinV6sOi + XGiV1XiJTmWOY1likUNXFRfzCljtAJOf1Gpg1Z4yVZ2D5DUJyU2MBf29ptqCJjuXe0xhFzNurP84 + uSBXjMo9591rLhwfb5P6II2rjbFQGkwjqxRHphykzXrTIVewknJpuIUAyYT1MsVcUZ3tO/HA/2RH + K+f5hDCllhwICieZA0hiwJIVt3j5WmJR2YwrHpCFoLlPVgVnBSmBSoObtD3RecB0X8k5EMoYSiNk + 5I5TUiPbmd5UqC14Tkpob/igQ/Pr3wAAAP//7Flha9swEP0rJlBIoXZtJ07SQekC22AfxkILK5RB + UGynCY0lY9l1R5f/3neSoiZuXUYZJR8C+eBE8unppHv37oJjvlX1GoG5XqSc7pbDrE2Bcg67AQra + EhSUs+RzUWTqHUcURLYMo5K4Djx7l/ITAgXjy9LREsJhq5r9oe05OVPIKolb7TDubIFDMcbTlYfD + lrRfuzu9/9+cHECrkX+AwCCUG4hkUFZwzqtIzX63zuESMYiUAVfRzs01qevaEzWTuQoGBF/64OWL + XF1kLDCFvalZd8pK6KVZhas07f68Hl9N3KsfLrKrilG1QC7o9lIAdFmSLfmx0z3+i8uxKsUnXL2X + oiRoEyVBv20g2gwQlZUoqu+UXiL91pjq26nNAZvqlauVsHl9Ylvq99vEqW/F6U7KbFItXMniBYWv + pmVZZRmjnNFpECy5jASfKN6ZTyjxXyBASGR+T86jOev3kmA26vvRDHiHw7MgDAeUvuwkrPDGtJTO + c5wkWAM5pfOMwTVFxWd7n8jom+WgvukekpeapgjGlCRREAb9NPDTXpicDeJeHA2DeBQlic8G8yAd + XSTnyspRb3wUfsNHv+dmjBtidF39k/Qq6dbwiBt6xLheXs1Wy5hc5uaMSfIY3lcJAOoMj18m7sDL + OeFvlpb7j7hZm+4/4mZtu++IwTSJrhGNAttWNxPTqqF4Ik7WlZxmqxsoMUz/WhUCNfgNmCdePAce + dVgwaiOZ1jENJyPeCkOwByr4+EM/UMFHID5QQSsVWD0BiLc64h6pOWuefdgVJTM956YqaWvx+LbF + 0xywLZPmgBVmKb9fFoJrEWMqyMr8uaC//hNSkWkLj5tHQ3bvILit/0VON3ZPOhl7uExltSLDW2ur + er0ox6XGcS/K/9fi08asUayFYueXUO0O21UUhWoi0JIWyC7acAeueUG5Z71ePwEAAP//AwC4n/nL + yxoAAA== + headers: + Atl-Traceid: + - 21db45af545e2e9f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:42 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0e7e68fb-31bd-4eae-8c42-8aa1128bab99 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 96503413-da58-4ef7-bcc5-6a921583a421 - x-envoy-upstream-service-time: - - '178' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml index d7acffd914e..10a0f352f32 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,169 +10,62 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPy07DMBBF/8VbEnf8aFy8Q7AAhApS0xWqkB1PRJATR4mDVFX9d2xR8diN7pwz - V3Mi1sy4nzzR5D3GcdarlcMWm+jCR6AmejPPnRnogJEU5BOnuQtDghkAo0Ch3G1vXnb3z/Xvdrv0 - Nk1Ev2aogAIOBXE4+nDscYj1ccR04NaHxSXJLp133wrRWVirS3hnYgY5cFaCLLmqmdTAtJAUAK6A - AyR/xin11l3/j93UjGvBtBT0WooftukfhjYkUPGNqtatNY1AYbCCpq1UZZ01CtoGwEiplEXxpyD6 - 3PDYTYbkd1qz+PgUGpPjE/GXieDwtt+R8/kLAAD//wMAQ0xmv1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUVAuyoKwsvph+/HBGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hsdhlrC+Y+Ri45Pv5RqfwF4m0O5tv4Pz+QsAAP//AwDLKGFKWgEAAA== headers: - ATL-TraceId: - - aa2205f7d85ac3c6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:43 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 73c3cbe710797461 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6952a905-f747-4004-a1cc-08a21961c53a - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b303b9614be68aaa - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8ce13f3e-11ab-4525-8061-73de81de9f82 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 50011165-4076-4ed5-90e0-2a2c6c4ef3d0 - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK @@ -194,49 +87,55 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11068","key":"NTEST-879","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11068"}' + string: '{"id":"11762","key":"NTEST-1424","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11762"}' headers: - ATL-TraceId: - - 67264e310e7b8a29 - Connection: - - keep-alive + Atl-Traceid: + - c84747c5500e157b + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d49932e7-f410-4292-9748-ca5ae3f26600 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '586' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b58e4ec5-3eb6-449b-9811-7ed4e3473754 - x-envoy-upstream-service-time: - - '475' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -246,79 +145,86 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-879 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1424 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4KA9susV8svMVB0XZIO2bq0SJzuwzAUtHiWWUukQFK1vS7/fUdS - shfHDlIHCBCRPN4d75577vzdh3VNOPUnvgROQQJ9z6CkqsdJBaqn8gVUpCdqkEQzwVUPKNMVaNLL - F4QXUIqi9w2kwjOgN1BLUMC1k/V7PjOakyQejnGhoJzjcqF1rSZRRGEOuabiqwiJLolSjPCQg45Q - h45IzaI0Yko1EHUKlrDB+9fTy9tpMB6d4c7cOutPvvsKjTYqJxoKITfOOYorvJDGaRLEWZCOp0k6 - 6SeTLAsHw/FPcRrHxkdjQ29qsGpO9NHcj5I4dhrtq9sFBZVLVpuI4O47b8YKr1EgPaXRUU8viPY4 - AFWeFt4MvJkUS+AeFSseeucS8A3Um22835gk3q2Y6xWR4AUo4HGhPZMPT0iPQgkaQmM9F/xOls95 - BatIASoyN9TuHSqCmuWh+lagNoMDVHWJOyaFzUwTtfQnc1IquO/5miFMaky5P+FNWfb8WoqvaOzE - WLa3D0fyf+nfOXbHmdaowKCtvT3FN/xuZVUbLuM5q+qSIV5o63zPJ9+IJhJDZQGUjdfZ+DnuKsgb - CZ2rTsnbmtE31s/XbuPKLLN4hJbTbJ1mJytW7B94oypSlq9V+/8JW8lwnQxfZmvdGWs/nrDWT9f9 - 9GXWKsRvU6G19uOotft7U+3rz45rMGN//Y0ZLAoJBVbIIxgipkTZuKJzO3mDBVdZwviCFtLRsYPx - Yx2OSNzuSsilJUN/EiQ9H5+pPzNYGVw5AVtHBtOS5c6B74/2DOLwQWohmpJeMFWXZLMrqhXRyLuO - 1n68hhxnblkyctqkKRD7eS4aE6fEePqn2WC88CdaNsZ07gjnCGumw7hjzf2oxcfCmRw7SI8d9Hdc - woRkenNiILrrUf8FrNgqYbjhIPqQF/+wex1T9f17g4gZGEoxAN1/2vDIm03RHj44BtNkbKKyIMow - 8wfGl7ZvX0Bt2jjPOzRZjK3s2XaHC36JXYPMSrgBohxCZfvlf/pw9+vV9ZcPV+eX17eXXy5vbj7e - 4PuwvhSGBQWmC/A+Ialy7Rm7HlOe4OXGw4JlpVFqGpntVp8kVBgd2+5UaEt4/xVnqDD+l8VxNp5P - fNdPMIOYgl3FPahyTEbBOCn3hdohpI27rYESveuIArNbYJftpJvalPQzYO7GihMB6C5vm9nDSeDH - MLlD3C8kX+LU1UGuU+5snbfzz4sc7oaoKG2NpF3v5bAypS9KIa+dN7OygaCQyF5bB6fCuxAu2aKq - cS7kus3CU/l7GJwVwBIhBbxAzFWG1x9D5xjjJMkzFaQnRsnpsTX10TpsMowVjCAkGI5tCHYZwsMD - 2Eee84vFOrCEEZhg70tkx5446A5MSLVESFgSNz1lTzTeiu4fHKOceEs5tm1b/j0suO2UDyp0P7NE - a5IvbA4OcWJ8tjXXVBUx2D2cPdOZhDwxZ4aC3pI8N70PZ4rBnGR9mszGWTyYoROj0VmSYtmjna0Q - WnhCDH8WsfIdpWgD0e3vfAjaKednsSKqDoU0pfr0qOnGoxDLyIqFWDeR+4wGSZpkkMTQT+nZMO/n - g1GSjweUxmQ4T2D8lr6xWl71371K3+OfuxdUhLehCwK3pcJGBSuMSJCG6CIN62ZW4pj/HwAAAP// - 7FixCsIwEP0Xd7U4uAu6i4ODW9GgFe2VmBah9N99l0tjGyyIiHbolpLk7pFy7947PNk4i+Mbvxju - J9DTCfoElsv1eD7JUsYfatj+Iw6VcP8Rh2q674jBNQdRrq4XLG0NgPnOhNYvNpDrySSFEoEpfLVD - T8DxVa4JpnkHitmfnoXH7g27vpI5j7Odro1olZE2aqCCP/z0gQp+gXiggk4qCNUDVOCorPhOrUGA - /SilWPJEyK0jJCQTQ2xHL6J0mdSoy6RG3qSGG16zqbRINKUifJzIzd1MUj7fQkpXiVDWS8eCHzBf - Y5o6rePC2cX3jbrlFw7cyG0thTYLIzgKMl+bSEgsHxOp4GO3ZA2Zn4GQtjaHM3ocbbCzFlp3wb5O - VVUPAAAA//8DALUJTVnaFgAA + H4sIAAAAAAAAA7xX227jNhD9FUKvta2LndgxsFhsE2+RNpsNHGf7UBQBLY1lrilSJSlfmubfOxQl + ufFlkXjRfbM4w7meOUM/ebDOqUi8oadAJKAg+ciAJ7olaAa6peM5ZLQlc1DUMCl0CxJmMjC0Fc+p + SIHLtLUEpVEGyRhyBRqEqXTjQhuZzazBxzAIwqCj4K8CtJlscrhTNDYsBq/lMes/DPvnEX5o4DP8 + nBuT66HvJzCD2CTyq+xQw6nWjIqOAOOjJ+PTnPmRz7QuwK8NLGCD928no/tJO+xFPTwqQ9De8MnT + GFuhY2oglWrjckjwC29EQRS1g0E7vJgEwTDsD3vdzmAQ/RREQWCDtE4MBl6aOTFIe9/HUjiLZdrV + RwI6Viy3hcPTD2TKUlJoUARLqDbEzKkhAiDRxEgyBTJVcgGCJHIlOuRSAeaQkOmG/MoUJfdyZlZU + AWmjAhHSENs2IhVJgIOBjvUeS/Gg+GuyYBlNQfv2ht7moX3IWdzRyxStWbigqRGe2B4WU0P1whvO + KNfQ8uYM8aPi+eYGloAuw+eWZxgCLEeweENRcN7ydtDSDY4JwlqQK/kVIz6xIdXtw+34D4i22T0I + Zgwa0F7j2yL5t1JXVzW36bMs5wwDTpoK0CU1VGG9SxT2Buve4I3hFoLZQaP80dnylwxWfgmoOpNK + EAa9oI9hRL01ov9/9fJes7/hnc4o5+gwPF+H5z/C4br22I3W3ehHeMxwgIrMe37eh2NUw3HG1l8c + FWKT//gTm56mClKczD2sYziSF27YD4I86h8TDI4JLvaNO2ZzpyupFiWJe8N22PKwOOYLJm4x6hTK + wbZ1Uix2kT3tnVn0Ygn0XBY8uWI653RTYRyPV9TgvnA8+/Z5dCy+5W3fmVN22sqfl7KwFQxtqL/b + AyZSb2hUYX3HjgKP8PhZ96Lm8d2yHaOZqKGZXUHT8F1Bd0tMTCpmNidWor7ud7+DpysjDA8ceF8y + 9ScH6Ir2ut4+sKPzOh1Op2CJy2J6d6c3SrsCBLCXULV4NEDtqO7KB7Y4c6rtyrhhYvHRSq4gt88Q + EdeoKrG2KmXNiZBihOuMTjmMgWqHVFX98u5uHn65vn28ub4c3d6PHkfj8ecxuscB1FgdVJjMgdwh + UQtDrF/CNJGCbwgOPePWqN2w5Rq9U5Bhkco9rDuHhj/EofOCf1gQDGA59NxWw0ZiJ7aT94IGsCcp + E5TvKlWPqKrK5SxwjK5mEmxyiuu/1i5yO9qvQLt775yIQ3e5WZAvnyhvg+YWeD/TeIGvxhp5tXHn + 67J6mH1XwPXrzrevQeskqve5gJVFouRS3bpopryAdqqQxZoAJ5JcSddsmeX4rhWm6sK3+veyOCuA + BUIKRIqYyyzx70PnGPGE4SsNRCdWydkpZ+pzGbDtMA4ygpBiOZoSbDuEwgPYR7rz0vm6XdJD++xA + hL1jKZ7VAltSg/8EFiWX292yoxo0qruChnk0xIVj28OKx1Zp0KzSFxO621lqDI3nZQ8OMWDQ7F1d + ZBm12D3cPbugpDqxZ5aC3tM4tivwOnl3NqO9bhJOB73gbIpB9PsXYRSd20FqlNDDN9Twbx3jH5JE + /QsAAP//7FjLTsMwEPyaHm3yIKEgIahUOCMOHHoziQtBbRw5TotU5d8ZP+K2EUEIIcihUg9uYq9H + G+3szIIXsXOPgTgRdCu2rK6okLpUv5av5gNwijIy2yjqppNQSRiF5zwMeBzll2kWZ8lFmE2TPA9Y + ugz59Ca/NlEm8WwS3eNnz5E1K13qCLGPatrUZIuMkIgCYk6r5nkF/4GUkYqxWmcM5wto9AJ9Asv5 + A0lpVWr8fSk8fsR9LT1+xH0tPnbE4JrcKljXC+amBsB8bwKt31pLXU8KfsHqTMtXC/QEbL9rpIBn + WIB7std94WlHiLe+kvU9zg+7NiJ5JaTiJyr4h49+ooK/QHyigkEq8FIDEF9sxe30MMmtA8QVCobp + KvhECw1Z0mDIkgbekvZfeGnGy00hRWn1jdOyjZuJ2r/fQirWNsKuWzqy+wHBHYxzz7q4MHDs/ZHX + zUoHPrjbOAepZsri2Aj1ewMIG8wHxV3wq0/CGC8/8xDS2Bl9pQdyjDY6gusOmPS0bfsBAAD//wMA + bTLGn4IXAAA= headers: - ATL-TraceId: - - f0a533262b69e696 - Connection: - - keep-alive + Atl-Traceid: + - 6d02dd4a5c4f9244 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5a0551d3-ce53-4f69-b2ed-bd3e19d50e7e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '236' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a82d18df-877a-4dd7-91a5-1ec99188beff - x-envoy-upstream-service-time: - - '135' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml index 4637e53eef5..8f9d52b8791 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2m2W3EQPKrIK7Z5EJEknWEmT0qbCsux/N8HFj9vwzvPM - y5yIVgseZkckeY9xWuRm06NFE/vwEaiKTi3LoDz1GElBPnFehuATzAAYBQplu79+bu+eut/tfh11 - moh8yVABBbwWpMfJheOIPnbHCdOBGxfWPkl6HVz/rRCZha24hLcqZpADZyXUJRcdqyUwWdUUAK6A - AyR/wTn1dsP4j911jMuKyXpLG9H8sGa89zYkUPCdaLZWK1NhpbABYxOne60EWAOg6loIjdWfguhy - w8MwK5LfsWp18TEYleMTcZeJoH87tOR8/gIAAP//AwAFo066WgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0EfZgsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsz3u9vX/cNLe93ulrFL + E4i3Fcoww/cMlJ6sP47axfY46XTgzvpFJalbBqt+FRBJYFhdwnsZV5AhYzk2OeUtNgK5YBVBxJtE + YvKDnlNvO4z/2G2LKCgXZUXo9sr246MzPoF1SbkpjDEFbxirsWgQy0qymvYSVd1zXmos6r8F0a4N + T8MsYX3HyMXGZ9/LNT6BvUyg3cdhD+fzDwAAAP//AwCpSDI5WgEAAA== headers: - ATL-TraceId: - - 9506fa3d48fa9cd9 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:45 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - dfe107917478323a + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5d0ae914-e438-4e4f-acf7-bcf9d24582c7 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 63e51aa01452129d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:45 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0d18ac66-f118-473d-8bd8-012a5488a9b0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 942a9436-6b11-4882-ac47-bf6f0e9ef0c3 - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - aec4ad861db1f8a0 - Connection: - - keep-alive + Atl-Traceid: + - c30cab22255545e5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:45 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dd9da0bc-3bbf-4cde-8ff9-f155dbf720a7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '188' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 02950585-e069-42c5-9c76-9bda6b2af371 - x-envoy-upstream-service-time: - - '88' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2809]\n\n*Defect Dojo link:* http://localhost:8080/finding/2809 - (2809)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/682]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/232]\n\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11069","key":"NTEST-880","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11069"}' + string: '{"id":"11763","key":"NTEST-1425","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11763"}' headers: - ATL-TraceId: - - 5d5083a536644497 - Connection: - - keep-alive + Atl-Traceid: + - 0164ad976e1ba299 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 47fd78a7-e3d9-4560-9968-b214861792a1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '510' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ffd3544f-615d-43ed-8c8f-4c8b69dee7e7 - x-envoy-upstream-service-time: - - '441' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-880 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1425 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xZb5RI6DS2wu1ujKntmMRAlZu8pqaJHdlO0x7wv9+z - nbRjozsYm7TFz37fP+9jf/ZgXVKeerEngacgIX3FIE9Vh9MCVEclCyhoR5QgqWaCqw6kTBegaSdZ - UJ5BLrLOCqTCPUhHUEpQwLU763U8ZiyHYXD0HBcK8jkuF1qXKvb9FOaQ6FR8Ej2qc6oUo7zHQfto - Q/u0ZH7kM6Uq8FsDS9ig/sVkOJ50B4MAJXMbrBd/9hQ6rVRCNWRCblxwKa5QIQqisBv0u9FgEkbx - YRj3j3r9P8LfgygwNqwPvSnBmnlkjEbfD4MgiLZZN4sUVCJZaSqC0mOiCprnHZIypRlPNCkZJEDE - nNRCLntGOxH8SuY/EoWCpJLgrxjUdEU1lX8q9i+8KLBJVfHEic7SF2FwGA6a5QQDfbFLueOZRqOv - CVVL06Nqps1XPKe5go7X2vBia+Rrx9MMgVFik72YV5iJV0rxCcN7ZPUabVs72422dmZxq+G7SK84 - 0xoNGHw12iapf+xZJea6ptIkplhR5gwRkt7JBotrIdMfrPuDHwm3KXPjrKl0yUxh8ed2nfvBM/Qc - 9ddR/9GGbQstSp6o5v8DvsKjdXj0a77WrbPm4wFvh9H6MPo1bw04Vfux19vXr2a+1+8cu2DHbj5i - B7NMQoZzfQ+GiCmRV27MnCSplBaFpYgpeoie7dsY3LfhqMNJzWBa+vPibtjwhUGwZIlz9/mezOAL - w1cLUeXpKVNlTjcNClFcU4286mjr5yfGceKWBX1nTZpxsJ8nojJVsZFeGwHjmRdrWRnXaFO/Q7ow - Q9EUQwLmaqbuezwZHgUtT96tWrCvnOG+jWjfxuGOS5iQTG8eWZpW3e//HI+ygmagfKOhWiMMBbmo - e2qV7bjnXNQtR/U9W84ZGDIx0LyTlJnK72Yb7sNhODBpL6galiw5Z3xpr+JTKM3NzJMWQBZWtd3b - SrjgQ7yY6SyHEVDlQCmbL+/y/Or12cX0/OxkeDEeToej0dsRpoEDpDBvPDBZALlE1uSaGL+EKSJ4 - viE4kSw3RokW5G8mKbmUUODUkkoh4np2Ru9m8RwNBl9YEPQHPPbchYEtwhrvRuqbMcZqZ4zT/O6h - 5l3RlNfCPsfoWibA9mUctqer0szsD+DYvRQeiTCnvL2tvr3cfw50O1S9pMkSH1ItslrjztdJ86T5 - pYDbd5HfPk+i9nLlYBCdiFzICxfNLK+gm0kkrN3jQJBT4ZotihKfelw3XXiof98W5wPf/R5MmM7h - ICY372kZxuREiCUDcs00EqYmY3t5kFc5zb6YXDHVXCQ0Xwil40GAnDdnPEVa86NB8PyjtXhqa4Fh - fhLEoCQ+IP+vSp6av79ZA2NAvCF3oCJOuRWdXA9xdcWXXNS72E/e3ZMeXEqRVviKGfIMJ6rA+vgT - LAeeu7HJoF3yl6i7WuxJqGwMRB+JT25qgCWOH2yt7dHaHfAPreL740syTijfc948m/yjQeRK9lJS - niz8Cc0wzgvsqpNWLE/PTm+LTkRRME2QmRa3xKZmG6WhUJh2WgqGoDiIrdyW3iC0oIwrpqGHuIn7 - /cN9e/vkfoo+Z4LKtC3/tg2nO3QZr8ckcSDCKMkMgBMFmtQNojQSnHuSkDmiqkPqBUsWpADKFW5S - d6KxgPVDC4QmCRIkpGTFKKkQ84nclMgweIxzcNd8z4QyQughdyYQt5Cr67onaqrKnpCZj4CDda9c - lBYTiL3pXMipc6amVOOjYVZha6ZP314fjy+74zddvBMtKq9G587oQ4V5A5hkGpPXw8kHjjSOM6tB - xkSUq+QDH66YuT0wuDHorpu0ds84+A8AAP//7Flta9swEP4rJlBoS+3YTuwkg9GFrYN92CgrbNBv - iq02ZrZl/JJuZPnvfU5S1MSNs9GNkg+BUpRKurue7p577vIPCuIsibsUqL09CrrF0olFgt+V8lGX - iufnZGB8Ru2+lx0oxcX3Oc8psy1mnlegQYUdCAgyJllwK8nxIpm8Y4mSyh/DbkXVB5XvB88vKD5y - C0mgKJ3F0gf2iwLNKpgMkqbCw1qInI04QROa89SxrvKKIs/E2UYkki4KVOjX9lVrA0le1SBKd9op - I+/8U1awqKb/84uwEvnBApSQu6T3z29qXlRUvUuuIIarwzqzTejKzAXe2aE3hNOmN+9tb6AdirZe - lPQyQLNThofNz6zTs994zLQWb4Alz8mh10UOveF6gypHXaLySXpKbLl9NOiQ4XZuGMolPSx55O6D - XRTMNa3AFkNpVzbkLIvmhLs7qZ87MXY0Wcaodvf+VOjIh8TERfnCQk+M7BKYRewfPVRwx4aD2JuN - h24wg02j0cTz/ZB4hTkEDXuOcXrgaRxDB4p978kGW3d17wzEkdC9rbWKeAesQh6TAKOW/cDzvSH3 - XD7w40kYDaJg5EXjII5dFt55fHwZv5VSTgbTE/8jftQ9O2O5rn22rf5UOU1lP8Ajtu9QsDtFM0uT - iFxmF4xV5DHcR2bVCWgzlh+u7dApcrK/3bMfvsXtzv/wLW5PDw7dYmBSrHp3TY03Sea1HntRPhE4 - qxZb4dot8BXHr5pSFLx/CyiK5k+JR9Mq7JpMJj167qZZdakR9wgFr//oRyh4DYuPUNAJBW0yASrV - W67ozpqSwPZ7lYpLmoDrtQuFomYpVjukdA3l3K6hnGuGcu0NQ+F4vkhKkSsepHv+Rn/roj7+laXo - LqWE5XqpUfAFyLfxfVF/Lfeil7GfX3nVpCR4Q7ecsJT1tFZ2LET932aySpaRCVVoS78JOZ8yU2BR - yqkPaTR2bBvrb1mrL0jvrFarRwAAAP//AwAkmbxgvBsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN7uOI2AYutjdsgVZkDgt0LQIaOossaZIjaRie23/+456 + sVun7pYMKwI4Eo/3/tyje+/BuqQy9RJPg0xBQ/qCg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQRuUQXoFpQYD0rZ3WWWsKhbO4F0UhlHoa/izAmNnmxIuNWWWM/B6Hnf+o+h4NMAXA2KB + r7m1pUmCIIUFMJuqd8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGGD+hez6fWsHw3jZ3hUh2C85L1n + MLbKMGohU3rT5JDiG2rEYRz3w3E/OpmFYRIdJ8ORHw6jH8I4DF2QzonFwGszTwzS6QdYijDept2+ + pGCY5qUrHJ4+J6agQvRIyo3lkllScmBA1IKslF76TpspeaPFI6OoJHftouKO3lNLdXDPYRXUYe0C + bEVROIjGPxn+F/xYYNurAr06WKDLGTVL16tqbt1TsqDCQM9rFM8wr1q35+UcgaNZvjmHe8BYw489 + z3JEVoko8RJZYY7eHkwGYScotXqHGT2x4K12Xe66gV253csnINlldSO5tWjAeFvfDqm/13eNWtgV + 1Q6vhhel4Bhwupc59qNG2XC8Ho4fGe5XOtNlsu3LMDzGMOLhOh7+v16a7tdYRIfRaB2NvoXDdedx + EK8H8bfw2AL848eHcIwO4TTuBAu+ftlwIHb/9i2iIcs0ZEgrD7COcSpRNVP+Ravx8SHB+JDg5KHx + htKaU0cYNXt7ST9qecyVS3PWxPH+wZkDMVbC5KoS6YSbUtBNC3U8xrrbl1hTB//WBbX4oWgI9vGD + 2tD3jrCDxpx2Y1g/nqrKVbAO/pU74DLzEqsrFw3TgMm62X5I4M/848FJR+D7ZdvSzL7gUMPjbcP3 + BYMdY3Glud08sRKdejB8HMHzgmZgAqdhOiMcD4Ra+eY+2zHcuVp1TDj06lbOwVGWA+3+13p0INvo + EEKjsUs7p2ZacnbO5fKFk0ygdJuFZB2Calytatn2RCo5xcWCzgVcATUNKnX75F2e3/xydnF3fnY6 + vbie3k2vrv64wjRwtAzmjRdmOZBL5GZpifNLuCFKig3BOefCGSVWkd+4puRSQ4GDTiqD+PK/NO8R + jpMXfuBhOF4MEm9vmLGyGZdUYM+w6Lshc7L9s3Yvastbo1xgdB1HYPsyCdvbVemG9l/guFlhnoiw + Rnn7Tfx863gc6Hao+pmyJS6CHbI6442v03bX+k8Bdwtb0O1NcfcJl+AQzZRQ+qKJZi4q6GcaGWu3 + rigyUU2zVVHiqipt24Wv9fTz4ryRu7+jGbcCjhJy+5qWUUJOlVpyIK+4Rca05BpYpYG8EDT74HLF + VIViVOTK2GQcjsNgwWWKJBbEg/htbXBSlwKjfKeIA0lyRP5Rk3yHP9/X6te4XjniQDUc8TbISQVk + gvng4QSYT6JRjzhsbbM4fTVF2S3+64+iYR2qawtbgV9wq8FXOgsQldR1iuNy5NAc4FU/t4WoA2/s + vHR2buRSqtWnVbrUKq3wczuVGc5pgVUPZlhk57MuEQZMflWrvlUHylS2BuK3JCC3K4AlDjVsrR3Q + 2l0IBrXi6+eX5JpReeC+W/mCk3CbzycZXG+MhcJgBmmpOKLmKKnP6+a4WhWUS8Mt+AgsLJXJ54rq + 9NCNB/YnO4g5y88Ja5CEJErmAJIYsGTVwsoiy5kGWguEVo+scs5yUgCVBoW0udFawHTfyDkQyhjS + JKTknlNSIfKZ3pTIM3hPSoQc/xsAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IF1sE+lIUWViiDoNhO + YxpLxj/qji7/+95Jiup6cTfKKPkQyAcnku+eTrqndxdsqdNAdIldvpP1GwG6WcWcjpbFjF2B8g4r + AhJaFqSWlfClyFP5jiVyIl+G0YK4D7x7H/MTAgbjSWkpSWGxdc1+0hKtjEl0VYFDbTFuNQCiOOPx + 2rEueEFrNitUMfjBKQjkjWIEBBphsYVIBosKAdqJtLHmxuqvkIa4RhAyWr0+LnVdO6JmRSbzAfkX + PzrZKpNnGU7msDnXvueshIZaVDhS8/63m+n1zL6+tKEQZJoaJ5nIyzinPOizKE34sdU//oWDsi7F + RxzDP8WK1yVWvGHXQNC8mkoU2/dSNZGua011zdT2gJEAMuRS1+ye2CUJXCNaERgWrigpd0jkNvO2 + rRiFW1Rpyugu6f2NeCmGpAxF/saLhxTCObKHtOfX6CxYsuEg8haToRssgGk8PvV8f0T3nJkED69M + i2mDp1EEH7h8es8YbF2WfDKHjIy+WlCqFHBwy8lpkn10URN4vjeMPTce+NHpKByEwdgLJ0EUuWy0 + 9OLJeXQmrRwNpkf+F3zUe3bKuGZN21Y/FU5V2DUiYvsOMbGTVYt1ElLI7IyxgiKG9+XFABmHx88z + e+RknPC3i9P9R9yubvcfcbs63nfEoJ5IFZNaqjVVz0w3eyifiKxVgafo6xaSDdMvqlygir8FFYWr + 58SjHg1GTSaTH92Z0iov14x7oIL33/QDFbwH4gMVdFKBURqAeKcy7onau/rZhV1RMt2cbiuPrl6Q + 29ULck0vqD1glFrMH5JccKWFdKlZ6X8h1Nd/QipSZeFp+6jJ7g0E1/gD5cPW7kkvZY9XcVGtyXDD + tyzs83JaKhwPovx/nT9lzBiFL1RC34Xsi2zbj9TPpG4DuTRAXqL1X8DVL8jwbDab3wAAAP//AwDa + fLIg9BoAAA== headers: - ATL-TraceId: - - 3cac6176086884d6 - Connection: - - keep-alive + Atl-Traceid: + - e807b31bc12d0746 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1a19827b-1169-451c-8303-769fdf8e95bb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '281' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1928d69c-888b-4467-8dc2-820c8a01f901 - x-envoy-upstream-service-time: - - '116' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11069 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11763 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/xUldAMaSJ22VL08B2GqBpYdDSWWYtkQJJWfba/vcd - SclOkzpr0wRIxCPv7bnnjvzswbqkPPViTwJPQUL6ikGeqg6nBaiOShZQ0I4oQVLNBFcdSJkuQNNO - sqA8g1xknRVIhXuQjqCUoIBrd9breMxYDsPg6DkuFORzXC60LlXs+ynMIdGp+CR6VOdUKUZ5j4P2 - 0Yb2acn8yGdKVeC3BpawQf2LyXA86Q4GAUrmNlgv/uwpdFqphGrIhNy44FJcoUIURGE36HejwSSM - 4sMw7h/1+n+EvwdRYGxYH3pTgjXzyBiNvh8GQRBts24WKahEstIggtJjogqa5x2SMqUZTzQpGSRA - xJzUQi57RjsR/ErmPxKFgqSS4K8Y1HRFNZV/KvYvvCiwSFXxxInO0hdhcBgOmuUEA32xS7njmUKj - rwlVS1OjaqbNVzynuYKO19rwYmvka8fTDIlRYpG9mFeYiVdK8QnDeyR6jbbFzlajxc4sbhV8F+kV - Z1qjAcOvRtsk9Y89q8Rc11SaxBQrypwhQ9I72SC4ljL9wbo/+JFwG5gbZw3SJTPA4s9tnPvBM/Qc - 9ddR/9GGbQktS56o5v8DvsKjdXj0a77WrbPm4wFvh9H6MPo1bw05Vfux19vXr6a/1+/cdMGK3XzE - CmaZhAz7+h4NkVMir1ybOUlSKS0KOyKm6CF6tm9jcN+GGx1OahrTjj8v7oa4pBqnohs6P893N9G2 - M8x31qQhs/08EZXJKTRz6doIGM+8WMsKEA60qd9hsxtKu9isOWNessTl/vmezISKymohqjw9ZarM - 6aZpCRQnEjBX03Xfm5PhUdDOybuoBfvgDPdtRLuRwYRkevNIDFt1v/9z45IVNAPlGw3VGmEoyEXd - U6tsN2LORd2Oor5nMLqTyGGbSE5nYIaJoeadQ6YrvwtDuI+H4cDgsaBqWLLknPGlvYpPoTQ3M0/a - mtlK1nZvK+GCD/FiprMcRkCV44FsvrzL86vXZxfT87OT4cV4OB2ORm9HmB82kEJA8MBkAeQSpybX - xPglTBHB8w3BjmS5MUq0IH8zScmlhAK7llQKOduzPXo3i+doMPjCgqA/4LHnLgysHYK/a6lv2hjL - kDFO87uHmndFA69ldY7RtZMA65px2J6uStOzP8Bj91J4JPWc8va2+vZy/zk27uj2kiZLfEi1lGuN - O18nzZPmlwJu30V++zyJ2suVg6F6InIhL1w0s7yCbiZxRuweB4KcCldsUZT41OO6qcJD9fsWnA98 - 93swYTqHg5jcvKdlGJMTIZYMyDXTOKM0GdvLg7zKafbF5Iqp5iKh+UIoHQ8CnJpzxlMcjH40CJ5/ - tBZPLRYY5idBDEviA/L/quSp+fubNTAG5BsOFVTE9reik+shrq74kot6F/vJu3vSg0sp0gpfMUOe - YUcViI8/QTjw3I1NBu2Sv0Td1WJPQmVjIPpIfHJTAyyx/WBrbY/W7oB/aBXfH1+ScUL5nvPm2eQf - DSIH2UtJebLwJzTDOC+wqk5asTw9O70tOhFFwTTBybS4JTaYbZSGQmHaaSkYkuIgtnILvWFoQRlX - TEMPeRP3+4f79vbJ/RR9zgSVaQv/tgynO3YZr8ckcSTCKMkMgBMFmtQNozQOOPckIXNkVYfUC5Ys - SAGUK9yk7kRjAfFDC4QmCQ5ISMmKUVIh5xO5KXHC4DHOwd2sPRPKCKmHszOBuKVcXdc9UVNV9oTM - fCQcrHvlorScQO5N50JOnTM1pRrv6VmFpZk+fXt9PL7sjt908Y6xrLwanTujDwHzBjDJNCavh5MP - HMc49qwGGRNRrpIPfLhi5vbA4Magu67T2j3j4D8AAAD//+xZbWvbMBD+KyZQaEvtWE6cl8HowtbB - PmyUFTboN8VWGzO/4Zd0I8t/73OSoiZOnJZulHwIlKJE0t1Junvuucs/KAiTKGxToOb2KGgXSyvm - Ef6X6o7aVGyvk47xFUn9Xlag5Bc/ZyKlyLa4ed4MBSrsgEOQMdFcWFGKF0nkHisrKP1xzJaUfZD5 - fon0gvwjtRAEikVZPH7gf8jRrJxLJ6lLPKwFz1nzExShqYgd6yotyfOMn615IukiR4V+bV+5MpDk - lTW8dKed0vPOvyQ5Dyo657fMiuQHC1BC1yVv//ymEnlJ2bsQCmKEWqwj27iujFzgnT1gfVza5Oaj - zXr6QlHWZwW9DNDslONh0zPr9OwvHjOusnfAkm1yyNrIIeuvJihzVAUynyS4RFCbS/0WGW7rRBvl - cg3lklcvmefuhaYU2GAozcyGmOXBjHB3J/Vzx0ZdnSSccnfnuURHd0hMPCtemeiJkV0Cs6h+QA3l - 3/F+L2TTUd/1p7BpOBwzzxsQrzCLoGHPMkEPPAlD6ECy7zzZYOuq7oOBOBK6t7RWHu+AVchlEmDU - sOszj/UFc0XPC8eDoBf4QxaM/DB0+eCOidFl+F5KOelNTrzP+FP77ISnOvfZtvqqdOrSfsCN2J5D - zu7k9TSOAroyO+e8pBvDfkRWFYE2Y/jp2h44eUr2N2v2w7e4WfkfvsXN7sGhWwxMClW5rKnxOsm8 - 1m0viicCZ1WkK1y7Bb5i+VVdZLno3gJxgtlT4FG3CrMmkkmP7rtpVl1oxD1Cwds/+hEK3sLiIxS0 - QoFhHjDxXkXcghrdeuxCblbxGKNtzuSCd3UWy872RFtTzjVNueaEaXI1JwyFE+k8KrJU8SBd89f6 - Vxf18SVHmGfVf+umKllGJhShHPyRyb6QaXiimpUWL1ZDjbqv1i9/n+qu5F50Ev77uyjrmASvnVV2 - dIpqUqlzU1uZuj50cvP95mZvY7feIK1dLpePAAAA//8DAIAXqsG8GwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN7uOI2AYutjdugVZkDgt0LQIaOoss6ZIjaRie23++456 + sVun7pYMKwI4Eo/3/tyj++DBuqQy81JPg8xAQ/aCg8iML2kBxjdsAQX1VQmaWq6k8SHjtgBLfbag + Mgehcv8OtEEZZJdQajAgbXuXVcaqYu4M3sZRFEeBhj8rMHa6KeFCU2Y5A8/3uPMfx8fDPr4YEHN8 + XVhbmjQMM5gDs5l6rwJqBTWGUxlIsCF6siEteZiE3JgKws7AEjaofz6dXE178SB5hkd1CMZLP3gG + Y6sMoxZypTdNDhm+oUYSJUkvGvXik2kUpfFxOhgG0SD+IUqiyAXpnFgMvDbzxCCdfoiliJJt2u1L + BoZpXrrC4elzYgoqhE8ybiyXzJKSAwOi5mSl9DJw2kzJay0eGUUluWsXFbf0jlqqwzsOq7AOaxdg + K4qjfjz6yfC/4McC214V6NXBAl1OqVm6XlUz657SORUGfK9RfIl51bq+t+AIHM0WmzO4A4w1uvc9 + yxFZJaLES2WFOXp7MOlHnaDU6j1m9MSCt9p1uesGduV2L5+AZJfVteTWogHjbX07pP5e3zVqbldU + O7waXpSCY8DZXubYjxplg9F6MHpkuF/pTJfJti+D6BjDSAbrZPD/emm6X2MRHcbDdTz8Fg7Xncd+ + su4n38JjC/D7+4dwjA/hNOkEc75+1XAgdv/mHaIhzzXkSCsPsI5xKlE1U/5Fq8nxIcHokODkofGG + 0ppTRxg1e3tpL/Y9rJp9hRVx4G0vUIs039Dj48esId8d3YaNOe2GqH48VZXLP3YU+todcJl7qdUV + 3Les6qxpzpqqfHhw5iLDq2ahKpGNuSkF3bSD59qlAZN1s/2QwJ8Fx/2TjsD3y7almX3BoYYn24bv + C/o7xuJKc7t5Yi079XDwOILnBc3BhE7DdEY4Hgi1CsxdvmO4M7XqmHDg3TswzMBRlgPt/td6eCDb + +BBC45FLe0HNpOTsjMvlCycZQ+k2C8m6ntWdXNWy7YlUcoKLBZ0JuARqGhzo9sm7OLv+5eX57dnL + 08n51eR2cnn5xyWmgaNlMG+8MF0AuUBulpY4v4QboqTYEJxzLpxRYhX5jWtKLjQUOOikMojQ4Evz + HuM4edFHHkWjeT/19oYZK5tzSQX2DIu+GzIn2z9r96K2vDWqBUbXcQS2L5ewvV2Vbmj/BY6bFeaJ + CGuUt9/Ez7eOx4Fuh6qfKVviItghqzPe+Dptd63/FHC3sIXd3pR0n3AJDtFMCaXPm2hmooJerpEj + duuKImPVNFsVJa6q0rZd+FpPPy/OW7n7O5pyK+AoJTdvaBmn5FSpJQfymlvkKEuugFUayAtB848u + V0xVKEbFQhmbjqJRFM65zJAGw6SfvKsNjutSYJTvFXEgSY/IP2qS7/Dn+1r9CtcrRxyohiPeBjmu + gIwxHzwcAwtIPPSJw9Y2i9PXE5Td4L/eMB7Uobq2sBUEBbcaAqXzEFFJXac4LkcOzSFeDRa2EHXg + jZ1Xzs61XEq1+rRKF1plFX5uJzLHOS2w6uEUi+x81iXCgMmvatWz6kCZytZA8o6E5GYFsMShhq21 + A1q7C2G/Vnzz/IJcMSoP3HcrX3gSbfP5JIOrjbFQGMwgKxVH1Byl9XndHFergnJpuIUAgYWlMouZ + ojo7dOOB/fEOYs7yc8IaJCGJkhmAJAYsWbWwsshypoHWHKHlk9WCswUpgEqDQtrcaC1gum/lDAhl + DGkSMnLHKakQ+UxvSuQZvCclQo7/DQAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gXWwT6UhRZWKIOg + 2E5jGkvGP+qOLv/73kmK6npxN8oo+RDIB8eWTu/Ouqd3Z7xSp4HoEm/5TtZvBOhmFXPaWhYzdgXK + O3gEJOQWpJaV8KXIUznHEjmRL8PTgrgPvHsf8xMCBuNJaalD3GLrmv0kF62MSXRVgU1tMW41AKI4 + 4/HasS54QT4bD1UMfnAKAq1GMQICjbDYQiSDRYUA7UTa8Lnh/RXSEMcIQkbe6+1S17UjalZkMh+Q + f/Gjk60yuZexyBw253rtOSuhWhYVttS8/+1mej2zry9tKASZpmaRTORlnFMe9FmUJvzY6h//wkZZ + l+IjtuGfYsXrEivesHkClaip76W8IsHUHhp02HA7HxgJIEMudc3ugV2SwDWiFYFh4YqScodEbjNv + 24pRuEWVpozOkt7fiJdiSMpQ5G88eEghnCN7SL1+jc6CJRsOIm8xGbrBApjG41PP90d0zplBWOGV + YTG94GkUYQ0cPr1nDLYuSz6ZTUZGXy0oVQo4OOXkMMk+uqgJPN8bxp4bD/zodBQOwmDshZMgilw2 + Wnrx5Dw6k1aOBtMj/wt+ap6dMq5Z07bVrcKpCrtGRGzfISZ2smqxTkIKmZ0xVlDEMF8eDJBxuPw8 + s0dOxgl/uzjdf8Tt6nb/Eber431HDE6KVPmmpVpT9cx0s4fyichalYiK124h2TD8osoFqvhbUFG4 + ek486tHgqclkWkd3prTKyzXjHqjg/V/6gQreA/GBCjqpwCgNQLxTGfdE7V197cKuKJluTreVR1cv + yO3qBbmmF9R+YJRazB+SXHClhXSpWemvEOrvvyB9EOX/69kpY8YoVkIF8l3IfoRptIlUQX7aXmp2 + fTMA+cXmw9buSS9lj1dxUa3JcMNZ2UnIy2mpHKd+JnUbyHVz/+Vk/8VsPUGi3Ww2vwEAAP//AwBp + LYp+9BoAAA== headers: - ATL-TraceId: - - dd98a41dd4d79899 - Connection: - - keep-alive + Atl-Traceid: + - f16efd0a640f29cd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 620aaffb-4d66-4021-9305-b8b89dbcbbfc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '217' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7f6af24a-bb64-42b8-81c6-4e900c7a4cc5 - x-envoy-upstream-service-time: - - '104' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1Jm22W3EQPKrIK7Z5EZJJMsZImpU2FZdn/boqLH7fhneeZ - lzkxjTMdJscUe49xnNVmY6kjE234CAVGh/Pcoy88RZaxT5rmPvgEcwBeQAF5s79+bu6e2t/tfhl0 - mph6WaEMMnjNmKXRheNAPrbHkdKBGxcWmyS99M5+K0ytwlZewluMK1hCyXMQeSlbLhRwVYkCAK6g - BEj+TFPqbfvhH7treakqroQsBK9/WDPc+y4kUJY7WW87jaaiCqkG09Wy1lajhM4AoBBSaqr+FES3 - Njz0E7L1nQ4XFx+DwTU+MXeZGPm3Q8PO5y8AAAD//wMALnjpwFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEoqZClIxdkP2w0Po/UJ5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w2M/K1jfsWpx8cl3ao1P4C4TmPFtv4Pz+QsAAP//AwCm2IsbWgEAAA== headers: - ATL-TraceId: - - 4b13bb5dd3cf9097 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - ad53f3673d245a80 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 08a3e441-c443-46cc-a75e-8c8aa4033aa4 - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - ca3c7b622a35240a - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 60565d4b-2a14-4b46-82f2-3158180ef44a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 68fd79ca-61bc-44da-9694-9986753c50fb - x-envoy-upstream-service-time: - - '83' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - ea2a7dda5ffb6a30 - Connection: - - keep-alive + Atl-Traceid: + - fc0056be914b422b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6c734d3e-7850-47a6-aba3-11c5658a8bdf X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '161' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2f2c8d99-6139-48e2-b008-46f47bf7913e - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2810]\n\n*Defect Dojo link:* http://localhost:8080/finding/2810 - (2810)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/682]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/233]\n\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11070","key":"NTEST-881","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11070"}' + string: '{"id":"11764","key":"NTEST-1426","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11764"}' headers: - ATL-TraceId: - - d6f3a1a8ee8fb52c - Connection: - - keep-alive + Atl-Traceid: + - 9926d2291c82b995 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0857781b-e85c-4ca9-840c-82d456e74398 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '489' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f4cda2f8-fd2f-4969-8b57-16170518cfcd - x-envoy-upstream-service-time: - - '379' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-881 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1426 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xZj4VI6DS6ArsbY2o7JjFQ5SavqWliR7bTtAf73+/Z - SVrorjsYm7TFz37fP+9jf3FgXVCeOJEjgScgIXnFIEtUh9McVEfFC8hpRxQgqWaCqw4kTOegaSde - UJ5CJtLOCqTCPUhGUEhQwHV91uk4zFj2fe/Ew4WCbI7LhdaFilw3gTnEOhGfRY/qjCrFKO9x0C7a - 0C4tmBu4TKkS3NbAEjaofzkZjifdMPRRMrfBOtEXR6HTUsVUQyrkpg4uwRUqBF7gd71+NwgnfhAd - +1E/7Pl/9H/3As9YtT70pgBr5pExGn3X9zwv2GbdLBJQsWSFqQhKT4nKaZZ1SMKUZjzWpGAQAxFz - Ugm57BntWPBrmf1IFAriUoK7YlDRFdVU/qnYP/AixyaV+ZNadJ688L1jP2yWEwz0xS7ljmMajb4m - VC1Nj8qZNl/RnGYKOk5rw4mskbuOoxkCo8AmOxEvMROnkOIzhvfI6jXatna2G23t9hq+i/SaM63R - gMFXo22S+tueVWKuKypNYorlRcYQIcleNlhcC5l+uO6HPxJuU+bGWVPpgpnC4s+3de57J+g56K+D - /qMN2xZalDxRzf8HfPnP1v6zX/O1bp01Hw94Ow7Wx8GveWvAqdqPg97u7sx8r9/X7IIdu/2EHUxT - CSnO9T0YIqZEVtZjVkviUmmRW4qYoofg5NBGeN9GTR211AympT8n6vq4pBpZsSadn8d7zWhbDnNr - a9KA2X4ORGly8g0v3RgB46kTaVnCXUNVxphkcZ3pl3syExgeVQtRZskZU0VGN80AoBij0u+RLsxQ - NMWQgLmaqbvPkye9MHze8uR+1bxD5fQPbQSHNo53XMKEZHrzyOK26m7/53iU5TQF5RoN1RphKMhE - 1VOrdMc9F6JqOarv2HLOwJCJgeZeUmYq/zNb/xAO/dCkvaBqWLD4gvGlvYrPoDA3M4/bLtreVnZv - K+GCD/FiprMMRkBVjQzZfDlXF9evzy+nF+eD4eV4OB2ORu9GmAYOkMK88cBkAeQKWZNrYvwSpojg - 2YbgRLLMGCVakL+YpORKQo5TS0qFmO3ZGd3P4jka9L4yz+uHq8jZG1msbMo4zbBnWPTdjJm9fVnz - rmjKa3GeYXQtE2D7Ug7b02VhZvYHcFy/FB6JsFp5e1t9f7n/HOh2qHpJ4yU+pFpktcZrX4PmSfNL - AbfvIrd9ngTt5crBIDoWmZCXdTSzrIRuKpE1do8DQc5E3WyRF/jU47rpwkM9/b44H/nu92jCdAZH - Ebn9QIsgIgMhlgzIDdPIWpqM7eVBXmU0/WpyxVQzEdNsIZSOQi/03DnjCRKjG4S+98laPLO1wDA/ - C2JQEh2R/1clT83f36yBMSDekDtQEafcigY3Q1xd8yUX1S72wft70qMrKZISXzFDnuJE5Vgfd4Ll - wHO3Nhm0S96IqqvFgYSKxkDwibjktgJY4vjB1toBrd0B99gqfji9IuOY8gPnzbPJfRYGdcleSsrj - hTuhKcZ5iV2tpSXLkvOzb0UDkedME2SmxTdiU7ON0pArTDspBENQHEVWbktvEJpTxhXT0EPcRP3+ - 8aG9Q3I3QZ8zQWXSln/bhrMduozXUxLXIMIoyQyAEwWaVA2iNBJc/SQhc0RVh1QLFi9IDpQr3KT1 - icYC1g8tEBrHSJCQkBWjpETMx3JTIMPgMc6hvmt7JpQRQg+5M4aohVxVVT1RUVX0hExdBByse8Wi - sJhA7E3nQk5rZ2pKNd7csxJbM3367uZ0fNUdv+3inWhReT26qI0+VJi3gEkmEXk9nHzkSOM4sxpk - RESxij/y4YqZ2wODG4Pu1pPW7hkH/wIAAP//7Flta9swEP4rJlBoS+3YTpyXwejC1sE+bJQVNug3 - xVYbM79h2elGlv/e5yRFdZ04G90o+RAoRYnku/Pp7rnnLv+gIErjqEuB2tujoFssnVjG+C+Uj7pU - bJ+TgfEZtftedqAUF98XPKPMtpi53hwNKuxAQJAx8ZJbcYYbSeUzVl5S+WPYFVR9UPl+8OyC4iOz - kASKV1kseWC/KNCsgskgqQUu1kLkNOIETWjGE8e6ygRFnomzRiSSLgpU6Nf2iY2BJE/UiNKddsrI - O/+UFiys6D2/5FYsP1iAEnKX9P75TcULQdW75ApiuDqsM9uErsxc4J098oZw2uzmve0NtEPR1ucl - 3QzQ7JThYrMz6/TsNy4zqfI3wJJtcuh1kUNv2LURNKlAVaIkSuZLXLZ11DVH2xtdlMs1lEu6XhLM - 3QdNK9DemG42kK8sXBDm7uhI2iVQ1GnKqHb3/lToyIfExPPyhYWeGNklMIv6B/RQwR0bDiJvPhm6 - wRwvMB5PPd8fEa8wh6BhzzFOFzyLIuhAse892WDrru6dgTgSure1VhHvgFXIYxJg1LIfeL435J7L - B340HYWDMBh74SSIIpeN7jw+uYzeSikng9mJ/xF/6jk7ZZmufbatvhJOLewHeMT2HQp2p6jnSRyS - y+yCMUEew/PIrCoGbcbyw7U9coqM7G/37IdvcbvzP3yL29ODQ7cY0BOpBlpT4ybJvNZjL8onAmfV - pCv4ugW+4vhVXeYF798CccLFU+LRtAq7JpNJj567aVZdasQ9QsHrX/oRCl7D4iMUdEKBIRQw8V5l - 3IoG3XrtQm5esQSrHdQIvKu3Wve2N7qGcm7XUM41Q7n2hqFwPFvGZZ4pLqR7/lr/6qI+/tUroLuU - ElabpUbBFyBf4/ei/kbuRS9lP79yUSckuKFbTljKalYpO5Z59d+mukqWkQlVaEu/5XI+tRnF0liZ - pj6k0djx3Fj/mbX6Aemd9Xr9CAAA//8DAAPKiCe8GwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhwXAHD0MXu1i3IgsRJgaZFQFNniTVFaiQV22vz33fU + i506dbdkWBHAkXi89+ce3UcP1iWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxcIZvI3CMAr7Gv6swNjZpoRzTZnlDDzf485/FB2PhvhiQCzw + Nbe2NEkQpLAAZlP1QfWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGlrBB/bPZ9HLWi4bxCI/qEIyXfPQM + xlYZRi1kSm+aHFJ8Q404jONeOO5FL2ZhmETHyXDcH4wGP4RxGLognROLgddmnhmk0w+wFGG8Tbt9 + ScEwzUtXODx9SUxBhfBJyo3lkllScmBA1IKslF72nTZT8kqLJ0ZRSe7aRcUtvaOW6uCOwyqow9oF + 2IqicBCNfzL8L/ixwLZXBXp1sECXM2qWrlfV3LqnZEGFAd9rFF9jXrWu7+UcgaNZvjmFO8BYw3vf + sxyRVSJKvERWmKO3B5NBeEgQdYJSqw+Y6jM70WrXfag72/XBvTxAzy7dK8mtRQPG2/p2EP69vmvU + wq6odkA2vCgFx4DTvZJgo2r4Dcfr4fiJ4X6lZV0m24YNw2MMIx6u4+H/66WBRQ1SdBiN1tHoWzhc + dx4H8XoQfwuPLfLv7x/DMe7guODr64YDsck377HpWaYhQ1p5hHUMR4mqmfIvgjw+PiQYHxK8eGy8 + obTm1BFGzd5e0ovwlVok9YYMnz47DdXuyDVozGk3GfXjiapctpEjzDfugMvMS6yu4L7lUGdNc9bU + 4OOjMxcZXjW5qkQ64aYUdNNOEx5jWPYa2+YmrK2GBkzWjfCXCDwcjzoC3y/bIZqJtzSzL9g2vNRc + aW43zyxipx64z9UTeJwXNAMTOA3TGeF4INSqb+6yHV+dqlXHa0PvMXLjQZeIoHNwzORAu/+1Hh0o + Q3QIodHY1SOnZlpydsrl8pWTTKB0m4VkXRfr3q5q2fZEKjnFxYLOBVwANQ0ydPvknZ9e/fL67Pb0 + 9cn07HJ6O724+OMC88PRMlgQvDDLgZwjBUtLnF/CDVFSbAiOMxfOKLGK/MY1JecaCpxnUhnEbP9L + Yx3hOHnhJx6G48U88faGGUuecUkFNhO7sRsyJ9s/a/eitrw1zgVG13EE9jWTsL1dlW5o/wWOmxXm + mdBrlLefvs+3jqehcQe3nylb4iLYQa4z3vg6aXet/xRwt7AF3d4Ud19qCQ7qTAmlz5po5qKCXqaR + NXbriiIT1TRbFSWuqtK2XfhaTz8vzju5+zuacSvgKCE3b2kZJ+REqSUH8oZbZC1LLoFVGsgrQbNP + LldMVShGRa6MTcbhOAwWXKZIjEE8GLyvDU7qUmCUHxRxIEmOyD9qku/w5/ta/RLXK8coqIaz3wY5 + qYBMMB88nADrk2jkE4etbRYnb6You8F/vVE0rEN1bWEr6BfcaugrnQWISuo6xXEHcmgO8Go/t4Wo + A2/sXDs7V3Ip1ephlc61Siv8qk5lhnNaYNWDGRbZ+axLhAGTX9WqZ9WBMpWtgfg9CcjNCmCJQw1b + awe0dheCQa349uU5uWRUHrjvNrvgRbjN50EGlxtjoTCYQVoqjqg5SurzujmuVgXl0nALfQQWlsrk + c0V1eujGI/uTHcSc5ZeENUhCEiVzAEkMWLJqYWWR5UwDrQVCyyernLOcFEClQSFtbrQWMN13cg6E + MoY0CSm545RUiHymNyXyDN6TEiHH/wYAAP//7Flta9swEP4rJlBIofZsJ07SQekC62AfykILK5RB + UGynMY0l45e6o8t/33OSorpe3I0ySj4E8sGxpNNzJ93dc2ccqdNAdIlTvpP1GwG6WcWcrpbFjFyB + 8g4aAQmpBUZlJXwp8lSusUROwZdhtKDYh7h7H/MTAgbhSWmptG6xdc1+kopWxiS6qsClthi3GgBR + nPF47VgXvCCdjYbKBj84GYF2IxsBgUZYbCGSwKKCgXYibejc0P4Kbog0ApOR9vq61HXtiJoVmfQH + +F/86GSrTN5lbDKHzLnee85K8JhFhSs173+7mV7P7OtLGxlXuqnZJBN5GefkB30WpQk/tvrHv3BR + 1qX4iGv4J1nxusiKN+waCJqpqUSxfS+ZGHGr1lTXTG0PdFEA11AAeRaSCe2e2EVaXUNaYTEWrshb + d3DndkguqjRllEt6fwu8ZENihiJ/Y+IhhnAO7yE++zU6C5ZsOIi8xWToBgsoMB6fer4/ojxnJmGH + V6bFdMDTKMIeSD69Zwy2rj4+mUtGQl+tG5ULOMhycpqMPrp2CTzfG8aeGw/86HQUDsJg7IWTIIpc + Nlp68eQ8OpNSjgbTI/8LfmqdnTKuo6Ztq1eFUxV2DYvYvkOR2MmqxToJyWR2xlhBFsN6mRhA4/D4 + eWaPnIwT/nYNuv+I20Xs/iNuF8H7jhihJ1IFnaZqTdYz0z0d8icK1qpoVOHrFpQN0y+qXKBYv0XE + CVfPjketGIwaT6Z9dGdKs7xcR9xDKHj/Qz+EgvdAfAgFnaHAEApAvFMe90RdXP3sQq4omW5Ot2lK + Vy/INb2g9oDprbQHDFOL+UOSC64ojy41K/0VQv39F6QPovx/XTwlzAjFTqhAvgvZj9i23nCFFOSn + 7aOOrm8GIL/YfNjKPeml7PEqLqo1CW4oKzsJeTktleLUz6RuA6lu3r9c7L9YrRdItJvN5jcAAAD/ + /wMApEOUN/QaAAA= headers: - ATL-TraceId: - - 9db423ae5b32bb3c - Connection: - - keep-alive + Atl-Traceid: + - 26d75a21cf8ad23b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a8246c69-bbcd-4c7a-a1f2-6388e7aef7b4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '282' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 57eab619-c42f-489f-b31d-16db31a720f1 - x-envoy-upstream-service-time: - - '89' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11070 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11764 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvlCb2SRphODbuOOMUTLkMamyk1eU6+JHdlO097G/37P - dkI3uHIbAwniZ7/vn/exv3iwrijPvMSTwDOQkL1iUGSqx2kJqqfSBZS0JyqQVDPBVQ8ypkvQtJcu - KM+hEHlvBVLhHmQXUElQwLU76/U8ZiyHYXAQ4EJBMcflQutKJb6fwRxSnYnPYkB1QZVilA84aB9t - aJ9WzI98plQNfmdgCRvUP5uMxpN+HIcomdtgveSLp9BprVKqIRdy44LLcIUKURCF/WDYj+JJGCX7 - YTKMB+Efw9+DKDBWrQ+9qcCaeWSMRt8PgyCIbrNuFxmoVLLKVASlh0SVtCh6JGNKM55qUjFIgYg5 - aYRcDox2KvilLH4kCgVpLcFfMWjoimoq/1TsH3hRYpPq8okTnWQvwmA/jNvlBAN9sU2555lGo68J - VUvTo3qmzVcyp4WCntfZ8BJr5KbnaYbAqLDJXsJrzMSrpPiM4T2yeq22rZ3tRle7Ow3fRnrJmdZo - wOCr1TZJ/W3PKjHXDZUmMcXKqmCIkOxONlhcC5lhvB7GPxJuW+bWWVvpipnC4s+3dR4GB+g5Gq6j - 4aMN2xZalDxR7f8HfIXP1uGzX/O17py1Hw9424/W+9GveWvBqbqPnd5ubsx8r987dsGOXX/CDua5 - hBzn+h4MEVOiqN2YOUlaKy1KSxFT9BAd7NqI79tw1OGkZjAt/XlJP+x5mKZ+jxNncOUO2HEymJYs - dQF8uScziMOE1ELURXbMVFXQTYtLFDdUI9M6Ivv5GXIsecuLvrMmzYDYzyNRmzqFJtIrI2A89xIt - a+M6lYC5mqm7z5MHgzh+3vHk3aoFu8oZ7tqIdm3sb7mECcn05pGF6NT94c/xKCtpDso3GqozwlBQ - iGagVvmWe05F03HU0LsxWJiBIRMDzTtJman8z2zDXTgMY5P2gqpRxdJTxpf2Kj6GytzMPO3gYkHU - 2L1bCRd8hBcznRVwAVQ5CMr2yzs/vXx9cjY9PTkanY1H09HFxbsLTAMHSGHeeGCyAHKOrMk1MX4J - U0TwYkNwIllhjBItyF9MUnIuocSpJbVCfA3sjN7N4jkaDL6yIBjGq8RzFwa2CGu8HanvxhirnTNO - i7uH2ndFW14L8gKj65gA25dzuD1dV2ZmfwDH7qXwSIQ55dvb6vvL/edAt0XVS5ou8SHVIasz7nwd - tU+aXwq4exf53fMk6i5XDgbRqSiEPHPRzIoa+rlEeto+DgQ5Fq7Zoqzwqcd124WH+vd9cT7y7e/e - hOkC9hJy/YFWUUKOhFgyIFdMIz1qMraXB3lV0PyryRVTLURKi4VQOomDOPDnjGdIYn4Uh8Ena/HY - 1gLD/CyIQUmyR/5flTw1f3+zBsaAeEPuQEWccis6uhrh6pIvuWi2sR+9vyfdO5ciq/EVM+I5TlSJ - 9fEnWA48d22TQbvkjWj6WuxIqGoNRJ+IT64bgCWOH9xa26G1PeDvW8UPh+dknFK+47x5NvnP4siV - 7KWkPF34E5pjnGfYVSetWZGdHH8rOhJlyTRBZlp8IzY12ygNpcK0s0owBMVeYuW29AahJWVcMQ0D - xE0yHO7v2tsl9zP0ORNUZl35b9twvEWX8XpIUgcijJLMADhRoEnTIkojwbknCZkjqnqkWbB0QUqg - XOEmdSdaC1g/tEBomiJBQkZWjJIaMZ/KTYUMg8c4B3epD0woFwg95M4Ukg5yTdMMRENVNRAy9xFw - sB5Ui8piArE3nQs5dc7UlGp8IsxqbM306burw/F5f/y2j3eiReXlxakz+lBh3gImmSXk9WjykSON - 48xqkAkR1Sr9yEcrZm4PDG4Muu8mrdszDv4FAAD//+xZbWvbMBD+KyZQaEvt2E7sJIPRha2Dfdgo - K2zQb4qtNma2ZfySbmT5731OUtTUibPRjZIPgRCUSL67nO6ee+7yDwriLIm7FKi9PQq6xdKJRYL3 - SvmoS8X2ORkYn1G772UHSnHxfc5zymyLmesVaFBhBwKCjEkW3Epy3Egmn7FESeWPYbei6oPK94Pn - FxQfuYUkUATOYukD+0WBZhVMBklT4WItRM5GnKAJzXnqWFd5RZFn4mwjEkkXBSr0a/uqtYEkr2oQ - pTvtlJF3/ikrWFTT7/wirER+sAAl5C7p/fObmhcVVe+SK4jh6rDObBO6MnOBd3boDeG06c172xto - h6KtFyXdDNDslOFi8zPr9Ow3LjOtxRtgyTY59LrIoTdcb1DlqEtUPklGiRu3jwYdMtzOjS7K5RrK - JV0vCebug6YVQFqyaE7QuqPxaFe6tpSJUddkGaPa3ftToSMfEhMX5QsLPTGyS2AWcX30UMEdGw5i - bzYeusEMNo1GE8/3Q+IV5hA07DnG6YKncQwdKPa9Jxts3dW9MxBHQve21iriHbAKeUwCjFr2A8/3 - htxz+cCPJ2E0iIKRF42DOHZZeOfx8WX8Vko5GUxP/I94qefsjOW69tm2+qpymsp+gEds36Fgd4pm - liYRucwuGKvIY3gemVUnoM1Yfri2Q6fIyf52z374Frc7/8O3uD09OHSLgUmx6tQ1Nd4kmdd67EX5 - ROCsGmqFa7fAVxy/akpR8P4tECeaPyUeTauwazKZ9Oi5m2bVpUbcIxS8/qUfoeA1LD5CQScUGKYB - E+9Vxi1p0K3XLuSKmqVYbXMmF7yrt1z1tje6hnJu11DONUO59oahcDxfJKXIFUnSPX+j/3VRH//q - J6C7lBKW66VGwRcg38b/Rf213Itexn5+5VWTkuAN3XLCUtbTWtmxEPV/m8AqWUYmVKEt/SbkfMrM - fEUppz6k0djx3Fj/mbX6Aemd1Wr1CAAA//8DAF0W15+8GwAA + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPWw4roBh6GJ36xZkQeKkQNMioKlriTVFaiQV20v733ep + h506dbdkWBHAER/3fe7hvfdgXVKZeomnQaagIX3FQaTGl7QA4xuWQ0F9VYKmlitpfEi5LcBSn+VU + ZiBU5t+BNngG6QWUGgxI295llbGqWDiFt1EYRmFfw58VGDvblHCuKbOcged73NmPouPREBcGxAKX + ubWlSYIghQUwm6oPqk+toMZwKvsSbICWbEBLHsQBN6aCoFOwhA3Kn82ml7NeNIxHuFW7YLzk3jPo + W2UYtZApvWliSHGFEnEYx71w3ItezMIwiY6T4bg/GA1+COMwdE46IxYdr9U800knH2AqwngbdrtI + wTDNS5c43H1JTEGF8EnKjeWSWVJyYEDUgqyUXvadNFPySosnelFJ7spFxS29o5bq4I7DKqjd2jnY + HkXhIBr/ZPhf8GOBZa8KtOpggSZn1Cxdraq5dV/JggoDvtcIvsa4alnfyzkCR7N8cwp3gL6Gn3zP + ckRWiSjxEllhjN4eTAZhd1Bq9QEjembCW+k63XUBu3S7xQOQ7KK6ktxaVGC8rW2H1N/ru0Yt7Ipq + h1fDi1JwdDjdixzrUaNsOF4Px0909yuV6SLZ1mUYHqMb8XAdD/9fK031ayyiwWi0jkbfwuC6sziI + 14P4W1hsAf7p02M4RodwGncHC76+bjgQq3/zHtGQZRoypJVHWEc/laiaLv+i1vj40MH40MGLx8ob + Smt2HWHU7O0lvQiX1CKpN2T49KZqqHZHrkGjTruWqT9PVOWijRxhvnEbXGZeYnUFmFpUaq+xGq5x + GudqfU6/5qzJyv2jPecrCptcVSKdcFMKumkbz5VLAwbrevtLBB6ORx2B76dtSzP7B4cKHm8Lvn8w + 2DEWV5rbzTOz24kH7h17AsHzgmZgAidhOiUcN4Ra9c1dtmO4U7XqmHDo1QWZg6MsB9r913p0INro + EEKjsQs7p2ZacnbK5fKVO5lA6SYLybqa1ZVc1WfbHankFAcLOhdwAdQ0ONDtl3d+evXL67Pb09cn + 07PL6e304uKPCwwDW8tg3HhhlgM5R26Wlji7hBuipNgQ7HMunFJiFfmNa0rONRTY6KQyiNn+l/o9 + wnbywo88DMeLeeI17xWWCHO866nPGhyznXFJxf6ldi5q01ujWqB3HUdg+TIJ29tV6Zr2X+C4GWGe + ibBGePsmfj51PA10O1T9TNkSB8EOWZ3yxtZJO2v9J4e7gS3o5qa4e8IlOEQzJZQ+a7yZiwp6mUaO + 2I0rikxUU2xVlDiqSttW4Wv1+zw57+Tu72jGrYCjhNy8pWWckBOllhzIG26Royy5BFZpIK8EzT66 + WDFUoRgVuTI2GYfjMFhwmSIxBvFg8L5WOKlTgV5+UMSBJDki/yhJvsOf72vxSxyvHHGgGLZ46+Sk + AjLBeHBzAqxPopFPHLa2UZy8meLZDf7rjaJh7aorC1tBv+BWQ1/pLEBUUlcpjsORQ3OAV/u5LUTt + eKPn2um5kkupVg+zdK5VWuFzO5UZ9mmBWQ9mmGRns04ROkx+VaueVQfSVLYK4vckIDcrgCU2NWy1 + HZDaXQgGteDbl+fkklF54L4b+YIX4TaeBxFcboyFwmAEaak4ouYoqffr4rhcFZRLwy30EViYKpPP + FdXpoRuP9E92EHOaXxLWIAlJlMwBJDFgyaqFlUWWMw20Fggtn6xyznJSAJUGD2lzo9WA4b6TcyCU + MaRJSMkdp6RC5DO9KZFn8J6UCDn+NwAAAP//7Fnva9swEP1XTKCQQu3aTpykg9IF1sE+lIUWViiD + oNhOExpLxj/qji7/+95Jiup4cTvKKPkQyAcnkk7vzrqndxe8UqeG6Apv+V7WbwTodhFzOloWM3YF + yjt4BCTkFqSWteRzkSVyjSUyIl+G0Zy4D7z7EPMTAgbjy8JSl7jFVhX7RS5aKZPoyhyH2mLcqgFE + ccbjlWNd8px8Nh6qGPzkFATajWIEBBphvoFIBvMSAdqJtOZzzftrpCGuEYSMvNfHpaoqR1QsT2U+ + IP/iJyddpPIsY5MpbE713lNWQLXMShypaff77fhmYt9c2VAIMk3NJqnIijijPOiyKFnyY6t7/BsH + ZVWITziGf4sVr02seP3NADFZgZr6QQouEkzNqUGLDbd1wEgAGXKpa3ZPbJMErhGtCAwLF5SUO9WG + a0Ts1tXapOS8TBJGd0nnLeKlGJIyFNk7Lx5SCBfIHtKz36LzYM76vcibjfpuMAPg4fDM8/0B3XNm + EnZ4ZVpML3gcRdgDl0/nBYOty5LP5pCR0VcLSpUCDm45OU2yjy5qAs/3+rHnxj0/OhuEvTAYeuEo + iCKXDeZePLqIzqWVo974yP+Kj1pnJ4xr1rRt9VPulLldISK27xATO2k5Wy1DCpmdMpZTxLBeXgyQ + cXj8MrEHTsoJf7M43X/Ezep2/xE3q+N9RwxOilT5pqVaXfVMdLOH8onIWhWNitfuINkw/bLMBKr4 + O1BRuHhJPOrRYNRkMu2jO1Na5WWacQ9U8PEv/UAFH4H4QAWtVGAEBSDeq4x7pvaufnZhVxRMN6eb + sqStF+S29YJc0wtqDhilFvPHZSa40kK61Cz1vxDq678gfRTF/+viKWPGKHZCBfJDyH6EabSJREF+ + 3jxqdn03APmPzenG7kknYU/XcV6uyHDNWdlJyIpxoRynfiZ1G8h18/v2Yn9rtV4g0a7X6z8AAAD/ + /wMApZnLAfQaAAA= headers: - ATL-TraceId: - - 36e9881589735b1c - Connection: - - keep-alive + Atl-Traceid: + - 8c49f6e91db2ba92 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c44bfbda-cfa5-40fd-b73b-ab4a50b85028 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '234' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 14b081a3-16ab-472a-886a-4449ad21c2a1 - x-envoy-upstream-service-time: - - '147' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SP20rEMBCG3yW3tt1JekjJneiFiqxCu1ciksMUK2lSmlRYln13U1w83A3/fN/8 - zIkoGfCwWCLIe4xzELudwQF1NP7DFzJaGcIoXeEwkox84hJG7xJMAWgBBeTd/vq5u3vqf7f7dVJp - IuJlgzLI4DUjBmfrjxO62B9nTAdurF9NktQ6WvOtELEJNb+EtzJuIANGc6hyxntaCaCirAoAuAIG - kPyAS+rtx+kf2/aUiZKKGoqWlT+snu7d4BPIWcubelBSl1hKbEAPDW+UUZLDoAFkVXGusPxTEO3W - 8DAukmzvDHK18dFrucUnYi8TQfd26Mj5/AUAAP//AwAMKeYDWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUVAuKkoqtv1h+/HeGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwB9Am8eWgEAAA== headers: - ATL-TraceId: - - dde3ed184196d24e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - d3ed9d57f87e99a9 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0e560c25-c1a5-4193-9c67-354e2a30acbd - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 7874a8f5dd635928 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a4b8be7f-6780-4f2c-a7bb-669efe36a385 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5bdce795-3f01-4899-92e5-73c4b353c0da - x-envoy-upstream-service-time: - - '82' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,174 +952,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m2W3EQPKrIK7Z5EZNJMsZI2pUmFZdn/boKLH7fhneeZ - lzkxjZ4Oi2WKvYcwe7XZGOqpC8Z9uAKDRe8HnIqJAsvYJy1+cFOEOQAvoIC82V8/N3dP7e92v446 - Tky9JCiDDF4zZmi27jjSFNrjTPHAjXWriZJeB2u+FaaSsJWX8BZDAgUInkOVC9nySgFXZVUAwBUI - gOh7WmJvO4z/2F3LhSq52vKCQ/3DduP91LsISrGT9bbX2JVUItXQ9bWstdEooe8AsKqk1FT+KQg2 - NTwMC7L0To+rDY+uwxSfmL1MjKa3Q8PO5y8AAAD//wMABXWLe1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUVAuKkaQNz9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwAqto++WgEAAA== headers: - ATL-TraceId: - - 77a06cc21ef41a03 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 30f4d27f87fac51f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3e7cda1d-a2e9-43c6-9d8f-dcaf2881a3a6 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 82de1d1d458af97c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7d9dc9a5-3dd6-45fd-b519-ad63e0fe846d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 87cc3d33-f0a3-45bc-86ad-bf066c3a8316 - x-envoy-upstream-service-time: - - '70' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1416,110 +1022,119 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/field response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA7RX3W6bMBR+FeTrECXsIhm3nSpVmqZprXYTRdMJMdQtGGSbqlHVp9n77JlmYxtM + aqOtDRdRxHdO/P34YMjuBZEjShEXIFqegcBFzU7ZPdACH+UVWqBHfJpuoFBh2XHbdURXpiW60j2y + IWu5qCuU5lByvEA1O2IGhxL3CIUnUmhEsFYCHAOTHA6SldBy/E1ScZTujBzLZai+KD17+evsHleA + 0hckTo2SpoQKUimx/MQFrqYMvb4uTCiE8xZ3S9gUXMTYvlFQdKexsFPt4v+Nuozdl8+f29QbHMDB + UQMMU9Hb6S+Nl+/2OuzjX3bM9Jw5MWT7XozaEd64elzESLqTUHRrsDlkDZy+ZGlbHTBzYx36h1i1 + rpzg8vhrvVp9WvWOfBV7v7SHigiBj1Fes4rLQksFA8pLOYVHpc/bZDPQ/i4wYVm+65Tt5eLndJOR + WCUoq6sliBI4J0CXD4TBsinbglC+bFitVoK4AgryBou7KHjaLR9zS6fhOMvNEOulb2S2nTRngFn9 + gDNngvtrO8I98LFh8UZl2XyxDEr6UbFQeFDWwUFRFWPpa509Tk/JWcdcI7JWIzLi8gVxwfkoO67p + 4ViH002C6aqKPWBqAeVUuOOGubJNVLYu1czRCkU1nWwyJJuT55+YcVJTlYHOdIyZNK/Jc/Q0oOF7 + 8L1xDazehIAxOEliIu9A2Y+MFuTcla7uwSEUBcOFeU8YP5W8JeP3z+9o7ieUz+bbx5JH5GBu/LbU + G3sD2yfT+E3uw7a8G3lGPrwWMMzrshV617TQEWRE/nCxsL73zplD6duAkaJ+Exw0eColm96Wr2JP + JWAFFpEMiamx8h1L446ZzqVk051LLpcvDvNPIHQsNXUqP7Eum0PnAByXhOJ47MAcPskmHOA2GKCq + jAPEVP0BCcen63OFt3XCU0yXjs5Vb4PbhoP7HAxOVUxwfwEAAP//tFnNbtswDH4Vv8ACLAECNLch + QLEBRVd0w3YwekgDJ9Hq2Iasrdnbj5Ipk7Iop+nim0XKoT7ys/iTr3B3jKXDQD+V426s45glyXFX + TIY1WBrNhfMb8ip95EGDHIn5PfVnqj44suoE1pzkMqkPHvwC4Xyt9YvegKKHyCWI7ieIskeUTYCP + TEp44jRI+wdtPMA0Wm2DtCIoKGhOmJlxXBHNccs5XBIY4TRhL891hA7obn6o4tUxrMMViBDRHciy + XphG9JZIiWUKtyrBk7jHXmG82xh4l+pMWnvOOYEery/fj6Ozp+VLhw5DlEMRITAH4GW1UWWPgUsQ + xZcj3EMTYaBiaqsLe3f3B6E1HmPdC/7vHBLLmTV8umhC599OJ7TknMVpEOG3RitXmwvJrNdNlci6 + qUpnRcI97Fd+tUE961Ja8/ek2hmU90V1qJum0C61rfaHD214fJ+s2Lxk6JfkwMFp0GO3JXQTLmyC + y0g5lc/cmIHM4FO+PhTbl+f6VLRPb3Jl3eAtGjhTrA9mHedmzCf2R9vV8Xdp1LY3HHk6PXyYJ4cP + ToOeztefPz1+f8rsd5HVu+xWabimIfs00J3aj0EIwNl3rh6XsxbHN+RevHNijWIbZYz4XI4ouxTG + YliczAzOr42q9itnw5sIamsfMzbWgM+n1spQR8wEGKEHkvgzxBfkex3bm5PQs7OwiSLK0rxbJHln + NQPeudmFqrKu4x/nW7R3Mp5FlmRFHi4ZnxYynzYVD+NZKlnqQe8QwvUsWvAK7LkoqV7pl+jrO7++ + Pn/QlIh1cBva0rHacy7hy2kmLZNMshqfXY39r++hhjyU4M9gx9VZgzFfukwb2uLL/N41CzIzLugl + k7liV9abOBcvk/79mPSv0wT+bSyEDOp/deyutKSfo52X+vsfAAAA//8iMrwNkcIbzU7iAxhHyyar + uFy3GGSyLthkjMxniCdQcY6ugWWggQqZs03Oz8kHOQlLWKIqoFUQgsfWkK3CFnLwjEtsyIH7irqo + bocFHMaoGgAAAP//tFrBTsMwDP2VijM77MoNwU4gIU3iyGFqM1RtbKMbE//D//BNpI4T2409ylhO + W510fu81tWNnJI/ZVYORmA3hDLd6bDcrXTg5oZRw0FfjrjThTkd7ra+WjsOlaHZHbWp21GAERZsv + LLVwpJRM0EUDHyP1MVaVrzTW7nM76TjcqA7rjPUJk0UeLH2lMWrisbQbv7CrWR6q8gQ5pgJVK+Gr + LjpifgQkTZq8ryRuIcbi1MXvzHx+WKwzCX6bhZp8f1VPOFhYlXGcT8MmEdh5X+DLDEjtdrl09WFf + 9mhwAU5c88/zwYSRGEJIXftAQxyFCVn2ocg1FUT0MhTBqx3xBuQERtlLDFa2kH1YfN04tmbJEJ8h + WS5PLLnTePmJcmHGyYT/Y9fXetTnomtE/5wMNvgx75OKnrzhtz/1ueLdxCbVHIFMukQuWQV2QSro + S8OeYCTkaGH5cfvmC28X9myYGLkJCdxxm03i3MWUXKo0hm8JzWbMGOpBGOhZiSAQDMjsAS5sSmOe + ixqyewTXwWH8JCQvIgVnoZqnYmUQoafcoxQPlyQSEQwScgZMe3Z5klJvpUfWuH3dtbETGGSQNmR/ + L4w273PXJHeqMcvrc36HvQM1W+AwguTm7t1npEP8l6q2E5UzSu1IoR0ufKlaNLgvd10X5sIAwRps + 5n16OLa184Ktbo67SVgOaXrcqNpd8anZFYcRFHG2a+sK5FIV5MOl5IPOODlStftLueg39s7/2qRv + Bf0AAAD//8SbTW6DMBCFr8IRiAIHqNJld+2uK0SRWgWaKCTtgXqfnql4bMMbM8NPK5elZyxsfx7b + 8Aab1BQHpovbO1XcJg8Cm1IWeYVY0OjPOmxKwiYnC2awydLgDgTmkM5e5WY8yO2gixPMH4vavqdm + W5Kg/SrWZGEC5NSQTKYyMx5kpssS6I5FLOuJ6S/oaz657crEPntYGf/k7kZbHu1EDOc8GB2iJ6OW + g9l3Y8EZ56rMkZCGHPSFndu9XZ/8XJ1843EjezR/kCUu2SPMPvPHmv7c6qHQ0lCgDJisPAe9CmWq + BbqzeUIXKkeQV32g5CrYVAVLHgf2QLdiEnf6CmR5hUhoU0LLm4LS8/3ldH45fb7LgOWdfR3itqrx + ToHDm07gVbV98nC8l7dW2bZ4hVh4ScnnTUFpO7yg8rdVeWOJWjD4TcBZkofqA15mFu1vC3nV9GSJ + gu+OrQHbXN9PPVTUjAV5glCpCvuDyESw+CqxwoWyFmFjrLxdyOj5jVTNb5CHY25nDhSpWizclOuQ + GhzZbD68KzdnGTyIT39AP3qKhw95kuJ6LcrXht2iQJPDfYe2Fet14fsItCm/9YdSEOvjIDcOVhgh + iuMjpUXzunF/fyX/lQCRhj1WUeT+6otJzXuRhy8mI6XVlVny8ytqXDfWsqLcmNqq7Nh6gUGqrb01 + TYFXefqyPw57gx5UDOEPAAAA//8iIQhhlmELAsxxLJhqpNQEWtgJ7gRC0xCcD0s5cAHcjicmR2B1 + Pcw2bK4vRZtpgKlFDvikksRipIkgJAF40CfpwoQocz/WHI2wEZsP0Is07HNAcCMAAAAA///EXMFu + gzAM/RWO2wGJc2/TusOkSaumbpdqB7QyVGkQBLSHSf33EePEDrG7CRXt0pI4wX7PlQmPUALWFo1p + e4A/AmMdCOyFenRcc39U3p2EapoXP1goyE1rhqOOMiRZqBBvqFMHNTtZEhgWRlyAvVEvvqrkCxZE + trYrUdPgtUyouPtgwFJlFgRf7koiRJBFxIrZQSNlp0sPdV+U8MJHnY6DVoMZS87Hpz+tK6G6CJyp + IjBYkNZtkVcyn2hZikiQftGH/drZD/kqdJHOfpjWrdoqhYNw/4vtihjTVeBMVYHBgow9t2VeH74h + RYoOPB2yFIegBIfORP6mWyfpcYRhk3WO+fMINjnlsyPZONNl40yVjcGCRN81Q+2wmxdkkrn56gTz + k/vj3etARLIBaSq5ga30w2oqsbW8u7WpwLRou3UnacBrgML5XxZWEII9jSyXZboInakiNFgwA49V + k8NNqUC/t12de2QR5GfvZTz4vxtxJlEX9enQmjq4GQz7kL6HoNPFFF+M5xLFnUp0xEtXPoMA7Y/h + XyNRG4Gsj8X09uV6KPawAcD5lHCga4/CjSUE0RIpXhktuywihxIAaYEkrYtMFfyoqI0Y7n2HDiFK + Aw75NQ/OmwQAbV3a5GWQCjeJQJxMX1AeXAsBvGFTD39+BkZXUvQuCB/12EEx25dsvww9b6I2xv1k + ysS+GXwx9LnMSyFPrxUUkQfhus7n9x8AAAD//wMAGZmL9PVMAAA= headers: - ATL-TraceId: - - 7756b4a1c1f8778f - Connection: - - keep-alive + Atl-Traceid: + - 97e8a888fa936876 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d96bf589-2258-4ca1-a179-2327ad4386e5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '151' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - de1cf2c2-828f-4079-a409-43f76265123b - x-envoy-upstream-service-time: - - '59' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1529,89 +1144,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-880 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1425 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH4hR1PPdG4opD3uKGVIKDOlnYxibxw1tuSRZJwc7X+/ - lWQnNDRcoTAD9lral2effaRbD5Yl5akXexJ4ChLSNwzyVHU4LUB1VDKHgnZECZJqJrjqQMp0AZp2 - kjnlGeQi69yAVPgN0gsoJSjg2q31Oh4znsMwOHiJLwryGb7OtS5V7PspzCDRqfgielTnVClGeY+D - 9tGH9mnJ/Jxq88iUqsBvvSxghU7OxsPRuDsYBGiZ2Yy9+NZTGLlSCW7LhFy5DFN8ww1REIXdoN+N - BuMwivfDuH/Q6/8R/h5EgfFhY+hVCdbNYxONXI5mvx8GQRCtS29eUlCJZKWBBa2HRBU0zzskZUoz - nmhSMkiAiBmphVz0zO5E8EuZ/0wWCpJKgn/DoKY3VFP5p2L/wqsCO1UVz5zpJH0VBvvhoHkdY6Kv - NiV3PNNtjDWmamEaVU21eYpnNFfQ8VofXmydfOt4miE7Suy0F/MKK/FKKb5gek9Er9ltsbPdaLEz - L3cavsn0kjNtyGFI1uw2Rf1j1yox0zWVpjDFijJnyJB0qxoE11KmP1j2Bz+TbgNzE6xBumQGWPy5 - i3M/eIGRo/4y6j/ZsW2hZckz1fx/IFZ4sAwPfi3Wsg3WPDwQbT9a7ke/Fq0hp2ofdkb79s3M9/KD - kxjs2PVn7GCWSchwru/REDkl8sqNmbMkldKisBIxwQjRi10fBvd9OOlwVjOYVgO9uBt2PCxTf8CJ - M7xyC+w4GU5LlrgEbu/ZDOOwIDUXVZ4eM1XmdNXwEs011Si3TsgeP0NOJde66Dtv0gyIfTwSlcEp - NJleGQPjmRdrWZnQiQSs1Uzdj3QyPAhandxGLdgFZ7jrQ7SRDCYk06sn1ttu9/uPk0tW0AyUb3ao - 1glDQy7qnrrJNhJzKupWivqewWirkP22kJxOwYiJoebWIjOVP4Qh3MXDcGDwmFM1LFlyyvjCnsfH - UJrjmSctXSyJavttbeGCD/F0ptMcLoAqR0HZPHnnp5dvT84mpydHw7PRcDK8uHh/gfXhACkEBBeM - 50DOUTW5JiYuYYoInq8ITiTLjVOiBfmbSUrOJRQ4taRSyK+endHtKl6iw+ArC4L+gMfe1sgi5Bnj - NMdmYjc2M2a+bduay0UDryV5jtm1SoB9zTisV1elmdmf4LG7KTyRem7z+rT6/nB/HBs3dHtNkwXe - plrKtc5drKPmSvNLCbf3Ir+9nkTt4crBUD0RuZBnLptpXkE3kyhPm8uBIMfCNVsUJd73uG668FBP - vwfnE9/87o2ZzmEvJtcfaRnG5EiIBQNyxTTKoyYje3iQNznNvppasdRcJDSfC6XjQYAKN2M8RRHz - o0Hw8rP1eGyxwDS/CGJYEu+R/99Knpu/v1kHI0C+oajgRhx/azq6GuLbJV9wUW9yP/pwz7p3LkVa - 4S1myDOcqALx8ccIB667tsWgX/KXqLta7CiobBxEn4lPrmuABY4frL3t2LVZ4O/bjR8Pz8kooXzH - enunPhhEDrLXkvJk7o9phnmeYVedtWJ5enJ813QkioJpgso0v2M2mK2UhkJh2WkpGJJiL7Z2C71h - aEEZV0xDD3kT9/v7u77tsvspxpwKKtMW/nUbjjfsMlEPSeJIhFmSKQAnCjSpG0ZpFDh3JSEzZFWH - 1HOWzEkBlCv8SN2KxgPihx4ITRIUSEjJDaOkQs4nclWiwuAyzsEd6j2TygVSD7UzgbilXF3XPVFT - VfaEzHwkHCx75by0nEDuTWZCTlwwNaEarwjTClszef7+6nB03h296+IZY1l5eXHqnD4EzDvAItOY - vB2OP3GUcZxZDTImorxJPvHhDTOnByY3At11kxaT/wAAAP//7Flta9swEP4rJlBoS+3YTpyXwejC - 1sE+bJQVNug3xVYbM79h2elGlv/e5yRZTdw4G90o+RAoRcmddKfTvTx3UbR/FBClcdQlQNH2COg+ - ljiWMf4LZaMuEc/5pGN8RlG/l20o+cX3Bc8osi1mnjdHlwo94BCkTLzkVpzhRVK5x8pLKn8MVEHV - B5XvB88uyD8yC0GgAJzFkgf2ixzNKph0klrgYS14zoafoAnNeOJYV5kgzzN+tuGJJIscFfK1fqJR - kM4TNbx0p57S884/pQULK7rnl9yK5QcLqYTMJa1/flPxQlD1LrlKMVwx68g2risjF/nOHnlDGG12 - 8972Btqg6O3zkl4G2eyU4WGzM+v07DceM6nyN8glz8Gh1wUOvWEXIdiEAlWJkihRKoHmFqtrWNsE - A7mkhSXA3M3YBcFc0wq0CdOGsAVn2iUPwczCBSVkVR5FnaaManfvT4WObEhIPC9fWOgJkV0iZxHW - Rw8V3LHhIPLmk6EbzHGB8Xjq+f6IcIVhgoQ9bJweeBZFkIFi33vSwdZd3TuT4ujQva218ngHqEKy - yQSjlv3A870h91w+8KPpKByEwdgLJ0EUuWx05/HJZfRWnnIymJ34H/Gn9tkpy3Tts231lXBqYT/A - IrbvkLM7RT1P4pBMZheMCbIY9iOyqhiwGcsP1/bIKTLSv92zH77G7c7/8DVuTw8OXWOknkh16hoa - b4LMaz32onii5KwaapW+bpFfwX5Vl3nB+7dIReHiKfBoWgWqiWSSo+duGlWXOuMeU8HrP/oxFbyG - xsdU0JkK2sgDUKq3WtOeBnlA93sViiuagOu1C4F5xRKsdpzSNZRzzVCuTTBDrjbBQDieLeMyzxTc - 0T1/rX91UR//RtNlXv23yac6y5wJQWgHv+VyLtTMWuFaSuNVs9RZ98Xy5e9T/ebci17Kfn7lok7o - 4I27yolOWc0qdW8aK9PUh25uvt/e7G/t1huktuv1+hEAAP//AwALEOK/wRsAAA== + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvdh1HAHD0MXuli3IgsRpgaZFQFNnmTVFaiQV2Wvz33fU + i906dbd0WBEgkXi89+ceXd57sC6oTL3E0yBT0JC+4CBS40uag/ENW0JOfVWAppYraXxIuc3BUp8t + qcxAqMy/B21QBukVFBoMSNveZaWxKl84g3dRGEZhX8OfJRg72xRwqSmznIHne9z5j6Lj0QBfDIgF + vi6tLUwSBCksgNlUvVN9agU1hlPZl2AD9GQDWvBAUOseuTElBJ2VFWzQyMVsej3rRcP4GR7VcRgv + ee8ZDLA0DPUypTdNIim+oUYcxnEvHPeik1kYJtFxMhz1w2H0QxiHoYvUObEYfW3mqZHGTZBOP8B6 + hPE29/YlBcM0L1z18PQ5MTkVwicpN5ZLZknBgQFRC1Ipveo7babkjRZPjKKU3PWMijt6Ty3VwT2H + KqjD2gXYiqJwEI1/Mvwv+DHH3pc5enXYQJczalauYeXcuqdkQYUB32sUzzCvWtf3lhzRo9lycw73 + gLGGD75nOcKrQKh4iSwxR28PK4OwExRavcOMvrLgrXZd7rqBXbndy0cg2WV1I7l1gDLe1reD6+/1 + XaMWtqLagdbwvBAcA073Msd+1CgbjtfD8RPD/UJnuky2fRmGxxhGPFzHw//XS9P9GovoMBqto9G3 + cLjuPA7i9SD+Fh5bgD88PIZjdAincSdY8PXLhgix+7dvEQ1ZpiFDWnmEdYxTibKZ8s9ajY8PCcaH + BCePjTeU1pw6wqgp3Et6ke9h1exLrIgDb3OhHnxXQM1ZE9n7R2cO1lgbs1SlSCfcFIJuWvDjcUUt + fi0agn36oDb0vSPsoDGn3RjWj6eqdBWMXKiv3AGXmZdYXTrfTAMm62b7MYE/6x8PTjoC3y/blmb2 + BYcaHm8bvi8Y7BiLK83t5isr0akHw6cRPM9pBiZwGqYzwvFAqKpv7rMdw52rqmPCoffgwDAHR1kO + tPuf7NGBbKNDCI3GLu0lNdOCs3MuVy+cZAKFWy8k6/BSo6iqZdsTqeQUtws6F3AF1DQY1O2Td3l+ + 88vZxd352en04np6N726+uMK08DRMpg3XpgtgVwiN0tLnF/CDVFSbAjOORfOKLGK/MY1JZcachx0 + UhrEV/9z8x7hOHnhBx6G48Ug8faGGSubcUkF9gyLvhsyJ9s/a5ejtrw1ygVG13EEti+TsL1dFm5o + /wWOmxXmKxHWKG+/iZ9uHU8D3Q5VP1O2wm2wQ1ZnvPF12u5a/yngbmELur0p7j7hEhyimRJKXzTR + zEUJvUwjP+3WFUUmqmm2ygvcV6Vtu/Clnn5anDdy93M041bAUUJuX9MiSsipUisO5BW3yI+WXAMr + NZAXgmYfXK6YqlCMiqUyNhmH4zBYcJkiiQXxIH5bG5zUpcAo3yniQJIckX/UJN/hr+9r9Wtcrxxx + oBqOeBvkpAQywXzwcAKsT6KRTxy2tlmcvpqi7Bb/9EbRsA7VtYVV0M+51dBXOgsQldR1iuNy5NAc + 4NX+0uaiDryx89LZuZErqaqPq3SpVVri53YqM5zTHKsezLDIzmddIgyY/KqqnlUHylS0BuK3JCC3 + FcAKhxq21g5o7S4Eg1rx9fNLcs2oPHC//h/iJNzm81EG1xtjITeYQVoojqg5SurzujmuVjnl0nAL + fQQWlsos54rq9NCNR/YnO4g5y88Ja5CEJErmAJIYsKRqYWWR5UwDrQVCyyfVkrMlyYFKg0La3Ggt + YLpv5BwIZQxpElJyzykpEflMbwoLfwMAAP//7FnbattAEP0VYQg4EKmSfE0hpIam0IfQkEADoWDW + 0jo2sXaFLlFK6n/vmd31RlattIQS/GDwgyztzp4ZzeXMKMY6Ibiu7V4N0SXe8r1q4gjQ7YILci2H + WbkSPR40AhJSC1TLWYq5zBK1x5EZJV+GpznlPuTdBy5OCBiELwtHEwiHrSr2k1R0UqbQlTmc2mHC + qQFEcyb4ynMuRE46Ww21DX4IMgKdRjYCAoMw30AkgXkJA+1EWtO5pv01whBlBCYj7Y27VFXlyYrl + qYoHxB9/8tJFqnwZh0whc2rOnrICjGlWwqWm3W+3k5sr9+bSBUNQYWoPSWVW8IzioMviZCmOne7x + LzjKqpAf4YZ/kpWgjawE/XoFKtBYPyhyRGStuXTQIsNvfdBGAXxLAdS7UIRn90JLWreqaDPTwmos + WlDE7qQivmW4eZkkjGpJ52+Jl2xIzFBmbyw8xBDOET3EPb/GZ4M56/fiYDbu+4MZMI1Gp0EYDqnO + 2UU44ZVlnF7wJI5xBopP5wWDa9qST9bJSOirDaUOAQ9VTi1T2cc0NYMgDPo88HkvjE+HUS8ajIJo + PIhjnw3nAR+fx2dKylFvchR+wU/vcxMmTNZ0XX0r98rcrWARN/QoE3tpOVstIzKZmzKWk8WwXxUG + 0Dhcfr5yh14qCH+zOd1/xM3udv8RN7vjfUeMnBTr1tFQtTrruTLDHoonSta6wdN57Q6UDcsvykyi + i79DxokWL4FHMxo8tZFM55jJlGF5mcm4h1Tw/i/9kAreA/EhFbSmAss8APFeR9wzjXfNtQ+5smBm + ON1kHm2zIL9tFuTbWVDzgWVqXDwuMyk03TGtZmm+Qui//4L0URb/b+KmhVmhOAkdyHep5hGbIR9c + SEN+3lya7PpmAOqLzYeN3JNOwp6ueV6uSHBNWTVJyIpJoRWneSZNG0h1e397c7i122xQaNfr9W8A + AAD//wMA8OubUPkaAAA= headers: - ATL-TraceId: - - 8ea9fd07340b6369 - Connection: - - keep-alive + Atl-Traceid: + - 06c01bdb13af6f1e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 17e7a12a-7372-4009-a893-ab67d38211a8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '213' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2b371e80-2532-401b-8ec2-f9a353805dd8 - x-envoy-upstream-service-time: - - '130' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml index d659008f6b0..bdc36399f8c 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SP20rEMBCG3yW3tt1JesiaO9ELFVmFdq9kkRwmWEmT0qbCsuy7m+Li4W745/vm - Z05EyRn3kyOCvMc4zmKzMWhRRxM+QiGjk/PcS194jCQjnzjNffAJpgC0gALydnfz0t4/d7/b3TKo - NBHxukIZZHDIiMHRheOAPnbHEdOBWxcWkyS19M58K0SsQs0v4Z2MK8iA0RyqnPGOVgKoKKsCAK6A - ASR/xin1dv3wj912lImSipoV1fb6h9XDg7chgZxteVNbJXWJpcQGtG14o4ySHKwGkFXFucLyT0F0 - a8NjP0myvmPl4uJT0HKNT8RdJoL+bd+S8/kLAAD//wMAA8nTTloBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEoqZFUQjvyH7YaH0foE8pIKW1hrC1EzxrGoEctKMU47hZp3QpQGC/63ILq1 + 4bGfFazvWLW4+OQ7tcYncJcJzPi238H5/AUAAP//AwC9L5BPWgEAAA== headers: - ATL-TraceId: - - e4d615a467d909f4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - f80876629b274c0a + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0c7c1f9b-2fb6-4d6f-ae94-a919e7d323e8 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a5d0feb1bf6b1257 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 321f1fed-9d59-4c6d-8045-3c92b543e026 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 254f828f-4b6d-432c-84e3-dc066c5004c9 - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - e38b43b3fabaa258 - Connection: - - keep-alive + Atl-Traceid: + - fc59804e370117a4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7de3869d-4096-41d8-bfcf-7eb641dda76f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '208' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d26814ba-a84f-4f61-b501-fc6fcfbf1a65 - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2811]\n\n*Defect Dojo link:* http://localhost:8080/finding/2811 - (2811)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/683]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/234]\n\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11071","key":"NTEST-882","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11071"}' + string: '{"id":"11765","key":"NTEST-1427","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11765"}' headers: - ATL-TraceId: - - 55dcd5fcac2c1a86 - Connection: - - keep-alive + Atl-Traceid: + - 110fcb94a4ea79ea + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:53 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 81d32e09-b2ae-40b0-a232-b79733285197 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '608' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 23c0fcc6-c676-4c97-8dc6-b50aba74d737 - x-envoy-upstream-service-time: - - '470' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-882 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1427 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/2UldAMaSJ22VL08B2GqBpYdDSWWYtkQJJWfba/Pcd - SSlOkzlr0wRIpBN5L88995BfPNiUlKde7EngKUhIXzPIU9XhtADVUckSCtoRJUiqmeCqAynTBWja - SZaUZ5CLrLMGqfAbpGMoJSjg2q31Oh4znsMweB7ii4J8ga9LrUsV+34KC0h0Kj6LHtU5VYpR3uOg - ffShfVoyP/KZUhX4rYMVbHH/+XQ0mXaHwwgtC5usF3/xFAatVEI1ZEJuXXIpvuGGKIjCbjDoRsNp - GMX9MP6934uG4W9BFAQmRxNDb0uwbp6Yo9nvh0EQmKxc1c1LCiqRrDSIoPWIqILmeYekTGnGE01K - BgkQsSC1kKue2Z0Ifinz78lCQVJJ8NcMarqmmso/FPsHXhbYpKr4xZlO05dh0A+HzesUE325K7nj - mUZjrClVK9Ojaq7NU7yguYKO1/rwYuvkpuNphsQosclezCusxCul+IzpPRG9ZrfFznajxc683Gn4 - LtNLzrRGB4ZfzW5T1N92rRILXVNpClOsKHOGDEnvVYPgWsoMhpvB8HvSbWBugjVIl8wAiz93cR4E - zzFyNNhEgyc7ti20LPlFNf8fiRUebsLDn4u1aYM1D49E60ebfvRz0RpyqvZhb7SbGzPfm/dOXbBj - 15+wg1kmIcO5fkBD5JTIKzdmzpJUSovCSsQMI0TP930YPvThpMNZzWBa+fPibtjohWGwZIkL9+WB - zfAL01dLUeXpCVNlTrcNC9FcU4266mTrxyfGaeKtCvrOmzTjYB+PRWVQsZleGQPjmRdrWZnQ6FO/ - R7kwQ9GAIQFrNVP3UCej3ovDoNXJ+6gF++AM932IdpLBhGR6+0QE2u3+4MfkkhU0A+WbHap1wtCQ - i7qn1tlOYs5E3UrRwLt5WEi/LSSnczBiYqh5b5GZyv+EIdzHw3Bo8FhSNSpZcsb4yh7FJ1Cak5kn - LYEsrWr77dbCBR/hwUznOYyBKkdK2Tx5F2eXb07PZ2enx6PzyWg2Go/fjbE+HCCFgOCC6RLIBaom - 18TEJUwRwfMtwYlkuXFKtCB/MUnJhYQCp5ZUChnXszN6v4oX6DD4yoJg8KIfe+7AwN4h+LuR+maM - sQ0Z4zS/v6i5VzTwWtrnmF2rBNjXjMPt6qo0M/sdPHY3hSdSz22+Pa2+Pdx/jI07ur2iyQovUi3l - Wucu1nFzpfmphNt7kd9eT6L2cOVgqJ6IXMhzl808r6CbSRSs3eVAkBPhmi2KEq96XDddeKx/34Lz - ke9+D6ZM53AQk+sPtAxjcizEigG5YhoFU5OJPTzI65xmX02tWGouEpovhdLxMBgG/oLxFGXNx2tc - +Ml6PLFYYJqfBTEsiQ/I/28lz8zfX62DCSDfUFRwI46/NR1fjfDtkq+4qHe5H79/YD24kCKt8BYz - 4hlOVIH4+FOEA9dd22LQL/lT1F0t9hRUNg6iT8Qn1zXACscPbr3t2bVb4Pftxg9HF2SSUL5nvbk2 - +YfDvoPslaQ8WfpTmmGe59hVZ61Ynp6e3DUdi6JgmqAyLe+YDWZbpaFQWHZaCoakOIit3UJvGFpQ - xhXT0EPexINBf9+3fXY/xZhzQWXawn/bhpMdu0zUI5I4EmGWZA7AiQJN6oZRGgXOXUnIAlnVIfWS - JUtSAOUKP1K3ovGA+KEHQpMEBRJSsmaUVMj5RG5LVBhcxjm4Y75nUhkj9VA7E4hbytV13RM1VWVP - yMxHwsGmVy5Lywnk3mwh5MwFUzOq8dIwr7A1s2fvro4mF93J2y6eMZaVl+Mz5/QxYN4CFpnG5M1o - +pGjjOPMapAxEeU6+chHa2ZOD0xuArrrJq39ZgL8CwAA///sWW1r2zAQ/ismUGhL7djO+2B0Yetg - HzbKChv0m2KrjZltGctON7r89z4nKWrixNnoRsmHQAhOdLq7nE7PPXf5BwNxlsRtBvTaHgPtakli - keBd6hi1mdiWU4nxGUX9XnWglBff5zynm+0we7wCDSr8QEKQM8mCO0mOE8nUHkeUVP4YViVVH1S+ - Hzy/oPzIHVwCTekclj6wX5RoTsFUktQSB+sgc9byBE1ozlPPucolZZ7Ns7VMJFuUqLBv/JMrB0mf - rJGlO/1UmXf+KStYVNHv/CKcRH1wACUULhX985uKF5Kqd8k1xHAtbG62TV11c4F37jDoI2jTm/du - 0DMBRVsvSjoZoNkpw8HmZ87p2W8cZlqJN8CSbXIYtJHDoN+2MFgtUEmpSpRExVuJRjdEfSvaXLCU - S0VYEczdgm0UzLetwAZDaVa25q6J3VVVLJoTIOvyKOssY1S7O38qdBRDYuKifGGhJ0Z2Ccwi9o8e - anDH+r04mI37/mAGH0ejSRCGQ+IVVggW9ohxOuBpHMMGin3n2QfXdHXvLMSR0r2ttc54D6xCiSmA - 0Y/dQRAGfR74vBfGk2HUiwajIBoP4thnw7uAjy/jt0rLSW96En7ES+9zM5ab2ue6+ivp1dJ9QETc - 0KNk94p6liYRhcwtGJMUMezHzaoS0GY8frh2h16Rk//Nnv3wPW52/ofvcXN6cOgeA3pi3bsbarxO - Mq/N2IvuE4GzbrE1fN0CXyF+VZei4N1bQFE0f754NK3Cqr3JZMfM3QyrLg3iHqHg9Q/9CAWv4fER - ClqhwDIPuHivb9wjDbrNsw+9omIpnnZQI/CuzuOys73QNpTz7VCuuWCHXM0FS+F4vkhKkWu6Y3r+ - 2vzroj/+1U9Ad6k0PK4eDQq+APnW/i/qrvRedDL28yuXdUqK12yrCUtZTSvtx0JU/20mq3VZnTCF - tvSbUPMpOwUWpZr6kEXrx6az4Ya3ZoOKznK5fAIAAP//AwDXj4ayvBsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IgsRJgaZFQFNniTFFaiQV22v733fU + i506dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+g1GBA2vYuq4xVxdwZvI3CMAr7Gv6swNjpuoRzTZnlDDzf485/FB0dvsAXA2KO + r7m1pUmCIIU5MJuqO9WnVlBjOJV9CTZATzagJQ/igBtTQdAZWMAa9c+mk8tpLxrGR3hUh2C85INn + MLbKMGohU3rd5JDiG2rEYRz3wlEvOp6GYRIdJS+G/RdHwx/COAxdkM6JxcBrM88M0ukHWIow3qTd + vqRgmOalKxyeviSmoEL4JOXGcsksKTkwIGpOlkov+k6bKXmlxROjqCR37aLilt5TS3Vwz2EZ1GFt + A2xFUTiIRj8Z/hf8WGDbqwK9Oligyyk1C9erambdUzKnwoDvNYqvMa9a1/dyjsDRLF+fwj1grOEn + 37MckVUiSrxEVpijtwOTQdgJSq3uMKNnFrzVrstdN7Art3t5AJJtVleSW4sGjLfx7ZD6e33XqLld + Uu3wanhRCo4BpzuZYz9qlA1Hq+HoieF+pTNdJpu+DEOH6ni4iof/r5em+zUW0WF0uIoOv4XDVedx + EK8G8bfw2AL806fHcIz24TTuBHO+um44ELt/8x7RkGUaMqSVR1jHOJWomin/olXkqz2C0T7B8WPj + DaU1p44wavb2kl6Er9QiqTdk+PShaqh2S65BY067kakfT1Tlso0cYb5xB1xmXmJ1BVhaNGqvsRtu + cJrganvOvuasqcqHR2cuVlQ2uapEOuamFHTdDp5rlwZM1s32lwg8Oj7uCHy3bBua2RXsa3i8afiu + YLBlLK40t+tnVrdTD4ZPI3he0AxM4DRMZ4TjgVDLvrnPtgx3qpYdEw69uiEzcJTlQLv7tT7ck220 + D6HRyKWdUzMpOTvlcvHKScZQus1Csq5ndSeXtWxzIpWc4GJBZwIugJoGB7p98s5Pr355fXZ7+vpk + cnY5uZ1cXPxxgWngaBnMGy9McyDnyM3SEueXcEOUFGuCc86FM0qsIr9xTcm5hgIHnVQGMdv/0rxH + OE5e+JGH4Wh+l3g7w4yVzbikAnuGRd8OmZPtnrV7UVveGtUCo+s4AtuXSdjcrko3tP8Cx80K80yE + Ncqbb+LnW8fTQLdF1c+ULXAR7JDVGW98nbS71n8KuFvYgm5virtPuASHaKaE0mdNNDNRQS/TyBHb + dUWRsWqarYoSV1Vp2y58raefF+ed3P4dTLkVcJCQm7e0jBJyotSCA3nDLXKUJZfAKg3klaDZR5cr + pioUoyJXxiajcBQGcy5TJMYgHgzf1wbHdSkwyjtFHEiSA/KPmuQ7/Pm+Vr/E9coRB6rhiLdBjisg + Y8wHD8fA+iQ69InD1iaLkzcTlN3gv95hNKxDdW1hS+gX3GroK50FiErqOsVxOXJoDvBqP7eFqANv + 7Fw7O1dyIdXyYZXOtUor/NxOZIZzWmDVgykW2fmsS4QBk1/VsmfVnjKVrYH4PQnIzRJggUMNG2t7 + tLYXgkGt+PblOblkVO6571a+4Dja5PMgg8u1sVAYzCAtFUfUHCT1ed0cV6uCcmm4hT4CC0tl8pmi + Ot1345H98RZizvJLwhokIYmSGYAkBixZtrCyyHKmgdYcoeWTZc5ZTgqg0qCQNjdaC5juOzkDQhlD + moSU3HNKKkQ+0+sSeQbvSYmQ438DAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBdbBPpSFFlYog6DY + TmMaS8Y/6o4u//veSYrqeHU3yij5EMgHJ5JO7866p3cXvFKngegSb/lO1m8E6GYVczpaFjN2Bco7 + eAQk5BaklpXwpchTucYSOZEvw2hB3AfevY/5CQGD8aS01CVusXXNfpKLVsYkuqrAobYYtxoAUZzx + eO1YF7wgn42HKgY/OAWBdqMYAYFGWGwhksGiQoBeRNrwueH9FdIQ1whCRt7r41LXtSNqVmQyH5B/ + 8aOTrTJ5lrHJHDbneu85K6FaFhWO1Lz/7WZ6PbOvL20oBJmmZpNM5GWcUx70WZQm/NjqH//CQVmX + 4iOO4Z9ixesSK96wayBoXk0liu17qcRISbWmumZqe8BIABlyqWtentglCdwu0eoa0bpzvbYpGOFk + 4YpSWdF1UaUpo7uk9zfipRiSMhT5Gy8eUgjnyB7Ss1+js2DJhoPIW0yGbrCAA+Pxqef7I7rnzCTs + 8Mq0mF7wNIqwBy6f3jMGW5cln8whI6OvFpQqBRzccnKaZB9d1ASe7w1jz40HfnQ6CgdhMPbCSRBF + LhstvXhyHp1JK0eD6ZH/BR+1zk4Z16xp2+qnwqkKu0ZEbN8hJnayarFOQgqZnTFWUMSwXl4MkHF4 + /DyzR07GCX+7ON1/xO3qdv8Rt6vjfUcM6olU+aalWlP1zHSzh/KJyFoVjYq+biHZMP2iygWq+FtQ + Ubh6Tjzq0WDUZDLtoztTWuXlmnEPVPD+L/1ABe+B+EAFnVRgBAYg3qmMe6L2rn52YVeUTDen2zKl + qxfkdvWCXNMLag8YpRbzhyQXXKkaXWpW+l8I9fVfkD6I8v918ZQxYxQ7oQL5LmQ/wjTaRKogP20f + Nbu+GYD8x+bD1u5JL2WPV3FRrclww1nZScjLaakcp34mdRvIdfP77mJ/Z7VeINFuNpvfAAAA//8D + ANbCAOb0GgAA headers: - ATL-TraceId: - - 7efa0bedeaa68c52 - Connection: - - keep-alive + Atl-Traceid: + - 20c6dafaa52f8a45 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:53 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8779c71e-1aa3-4e49-a9af-3c4ade3f2ebd X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '265' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b3f97a38-57a4-458e-b13a-1744af5fc64a - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11071 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11765 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xpb5RI6DS2ArsbY2o7JjFQ5SavqWliR7bTtAf87/ds - J+vYrjsYm7TFz37fP+9jf/FgU1KeerEngacgIX3FIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOGqTCPUjHUEpQwLU763U8ZiyHYfAsxIWCfIHLpdalin0/hQUkOhWfRY/qnCrFKO9x0D7a - 0D4tmR/5TKkK/NbACraofz4dTabd4TBCycIG68VfPIVOK5VQDZmQWxdciitUiIIo7AaDbjSchlHc - D+M/+r1oGP4eREFgYjQ+9LYEa+aRMRp9PwyCwETlsm4WKahEstJUBKVHRBU0zzskZUoznmhSMkiA - iAWphVz1jHYi+KXMfyQKBUklwV8zqOmaair/VOwfeFFgk6riiROdpi/CoB8Om+UUA32xS7njmUaj - rylVK9Ojaq7NV7yguYKO19rwYmvkW8fTDIFRYpO9mFeYiVdK8RnDe2T1Gm1bO9uNtnZmcavhu0gv - OdMaDRh8Ndomqb/tWSUWuqbSJKZYUeYMEZLeyQaLayEzGG4Gwx8Jtylz46ypdMlMYfHndp0HwTP0 - HA020eDRhm0LLUqeqOb/A77Cw014+Gu+Nq2z5uMBb/1o049+zVsDTtV+7PX27ZuZ7817xy7YsetP - 2MEsk5DhXN+DIWJK5JUbMydJKqVFYSlihh6iZ/s2hvdtOOpwUjOYlv68uBs2fGEQLFni3H25JzP4 - wvDVUlR5esJUmdNtg0IU11Qjrzra+vmJcZx4w4K+sybNONjPY1GZqthIr4yA8cyLtayMa7Sp3yNd - mKFoiiEBczVTd58no97zw6DlybtVC/aVM9y3Ee3b6O+4hAnJ9PaRpWnV/cHP8SgraAbKNxqqNcJQ - kIu6p9bZjnvORN1y1MCz5ZyDIRMDzTtJman8z2zDfTgMhybtJVWjkiVnjK/sVXwCpbmZedICyMKq - tns3Ei74CC9mOs9hDFQ5UMrmy7s4u3x9ej47Oz0enU9Gs9F4/G6MaeAAKcwbD0yXQC6QNbkmxi9h - igiebwlOJMuNUaIF+YtJSi4kFDi1pFKIuJ6d0btZPEeDwVcWBIPn/di7M7JY2YxxmmPPsOi7GTN7 - d2XNu6Ipr4V9jtG1TIDtyzjcnK5KM7M/gGP3UngkwpzyzW31/eX+c6DboeolTVb4kGqR1Rp3vo6b - J80vBdy+i/z2eRK1lysHg+hE5EKeu2jmeQXdTCJh7R4HgpwI12xRlPjU47rpwkM9/b44H/nu92DK - dA4HMbn+QMswJsdCrBiQK6aRMDWZ2MuDvMpp9tXkiqnmIqH5UigdD4Nh4C8YT5HWfHzGhZ+sxRNb - CwzzsyAGJfEB+X9V8tT8/c0amADiDbkDFXHKrej4aoSrS77iot7Ffvz+nvTgQoq0wlfMiGc4UQXW - x59iOfDctU0G7ZI3ou5qsSehsjEQfSI+ua4BVjh+cGNtj9bugN+3ih+OLsgkoXzPefNs8g+HfVey - l5LyZOlPaYZxnmNXnbRieXp6clt0LIqCaYLMtLwlNjXbKg2FwrTTUjAExUFs5bb0BqEFZVwxDT3E - TTwY9Pft7ZP7KfqcCyrTtvw3bTjZoct4PSKJAxFGSeYAnCjQpG4QpZHg3JOELBBVHVIvWbIkBVCu - cJO6E40FrB9aIDRJkCAhJWtGSYWYT+S2RIbBY5yDu+Z7JpQxQg+5M4G4hVxd1z1RU1X2hMx8BBxs - euWytJhA7M0WQs6cMzWjGh8N8wpbM3v67upoctGdvO3inWhReTk+c0YfKsxbwCTTmLweTT9ypHGc - WQ0yJqJcJx/5aM3M7YHBTUB33aS1e8bBvwAAAP//7Flta9swEP4rJlBoS+3YTpyXwejC1sE+bJQV - Nug3xVYbM79h2elGlv/e5yRZTd04Ld0o+RAoRYmku5N099xzl39QEKVx1KVAze1Q0C2WVixj/Bfq - jrpUPF0nHeMrcvetrEDJL34ueEaRbTHzvDkKVNgBhyBj4iW34gwvkso9Vl5S+mOYFZR9kPl+8eyM - /COzEASK0lksuWN/yNGsgkknqQUe1oLnbPgJitCMJ451kQnyPONnG55IushRoV/bJxoDSZ6o4aVb - 7ZSed/olLVhY0Tm/5VYsP1iAErouefunVxUvBGXvkiuI4WqxjmzjujJygXf2yBvi0mZXH21voC8U - ZX1e0ssAzY4ZHjY7sY5P/uIxkyp/Byx5Sg69LnLoDTczflUi80l6Smy5vTTokOF2ThjKJW9Y8sjt - C7somGtKgfbEtJlAvLJwQZi7pSJpp0BRpymj3N17LtHRHRITz8tXJnpiZOfALGL/qKGCGzYcRN58 - MnSDOQ4wHk893x8RrzCLoGHHMk4PPIsi6ECy7z3YYOuq7oOBOBK6s7RWHu+AVchlEmDUsB94vjfk - nssHfjQdhYMwGHvhJIgil41uPD45j95LKUeD2ZH/GX9qn52yTOc+21ZfCacW9h1uxPYdcnanqOdJ - HNKV2QVjgm4M+xFZVQzajOGnS3vkFBnZ367Z99/iduW//xa3uwf7bjEwKVK1u6bGmyTzUre9KJ4I - nFWJrXDtGviK5Rd1mRe8fw0oChcPgUfdKsyaSCY9uu+mWXWpEfcABW//6AcoeAuLD1DQCQVt5gEq - 1VutaU/DNGD7rQrFFXXA9diFwrxiCUZbpHQ15dyuppxrmnLtCUPheLaMyzxTXEjX/LX+1UV9fIml - y7z6b71QJcvIhCKUgz9y2Rdquq9wLWXxqhlq1H21fvn7VL+Re9ZL2e/vXNQJCd44q+zolNWsUuem - tjJ1fejk5vvHm/1Hu/UGae16vb4HAAD//wMAvCT1K7wbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IgsRJgaZFQFNniTFFaiQV22v733fU + i506dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+g1GBA2vYuq4xVxdwZvI3CMAr7Gv6swNjpuoRzTZnlDDzf485/FB0dvsAXA2KO + r7m1pUmCIIU5MJuqO9WnVlBjOJV9CTZATzagJQ/igBtTQdAZWMAa9c+mk8tpLxrGR3hUh2C85INn + MLbKMGohU3rd5JDiG2rEYRz3wlEvOp6GYRIdJS+G/RdHwx/COAxdkM6JxcBrM88M0ukHWIow3qTd + vqRgmOalKxyeviSmoEL4JOXGcsksKTkwIGpOlkov+k6bKXmlxROjqCR37aLilt5TS3Vwz2EZ1GFt + A2xFUTiIRj8Z/hf8WGDbqwK9Oligyyk1C9erambdUzKnwoDvNYqvMa9a1/dyjsDRLF+fwj1grOEn + 37MckVUiSrxEVpijtwOTQbhPEHWCUqs7TPWZnWi16z7Une364F4eoGeb7pXk1qIB4218Owj/Xt81 + am6XVDsgG16UgmPA6U5JsFE1/Iaj1XD0xHC/0rIuk03DhqGDezxcxcP/10sDixqk6DA6XEWH38Lh + qvM4iFeD+Ft4bJH/6dNjOMYdHOd8dd1wIDb55j02Pcs0ZEgrj7CO4ShRNVP+RZAjX+0RjPYJjh8b + byitOXWEUbO3l/SilsdcVTRnTRwfHp05rGLCJleVSMfclIKuW0TjMZbXXmPpHMpbF9Tih6Ih2KfP + Y0PfW8IOGnPaTVv9eKIqV8E6+DfugMvMS6yuXDRMAybrRvhLBB4dH3cEvlu2fTQTb2hmV7BpeKm5 + 0tyun5lwpx4Mn8bjvKAZmMBpmM4IxwOhln1zn2356lQtO14beo+RGw+6RASdgWMmB9rdr/XhnjJE + +xAajVw9cmomJWenXC5eOckYSrdZSNYhqMbVspZtTqSSE1ws6EzABVDToFK3T9756dUvr89uT1+f + TM4uJ7eTi4s/LjA/HC2DBcEL0xzIOVKwtMT5JdwQJcWa4Dhz4YwSq8hvXFNyrqHAeSaVQXz1vzTW + EY6TF37kYTia3yXezjBjyTMuqcBmYje2Q+Zku2ftXtSWt0a5wOg6jsC+ZhI2t6vSDe2/wHGzwjwT + eo3y5tP3+dbxNDRu4fYzZQtcBDvIdcYbXyftrvWfAu4WtqDbm+LuSy3BQZ0pofRZE81MVNDLNDLW + dl1RZKyaZquixFVV2rYLX+vp58V5J7d/B1NuBRwk5OYtLaOEnCi14EDecIuMacklsEoDeSVo9tHl + iqkKxajIlbHJKByFwZzLFEksiAfD97XBcV0KjPJOEQeS5ID8oyb5Dn++r9Uvcb1yjIJqOPttkOMK + yBjzwcMxsD6JDn3isLXJ4uTNBGU3+K93GA3rUF1b2BL6Bbca+kpnAaKSuk5x3IEcmgO82s9tIerA + GzvXzs6VXEi1fFilc63SCr+qE5nhnBZY9WCKRXY+6xJhwORXtexZtadMZWsgfk8CcrMEWOBQw8ba + Hq3thWBQK759eU4uGZV77rvNLjiONvk8yOBybSwUBjNIS8URNQdJfV43x9WqoFwabqGPwMJSmXym + qE733Xhkf7yFmLP8krAGSUiiZAYgiQFLli2sLLKcaaA1R2j5ZJlzlpMCqDQopM2N1gKm+07OgFDG + kCYhJfeckgqRz/S6RJ7Be1Ii5PjfAAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gXWwT6UhRZWKIOg + 2E5jGkvGP+qOLv/73kmK6nh1N8oo+RDIByeSTk9n3bt3F7xSp4HoEm/5TtZvBOhmFXO6WhYzdgXK + O5wISOhYUFRWwpciT+UaS+REvgyjBXEfePc+5icEDMaT0lKSwmLrmv2kI1oZk+iqApfaYtxqAERx + xuO1Y13wgs5sTqh88IOTE2g38hEQaITFFiIZLCo46EWkjTM3Tn+FMEQagcvo9Pq61HXtiJoVmYwH + xF/86GSrTN5lbDKHzbnee85KaKhFhSs173+7mV7P7OtLGxlXhqnZJBN5GecUB30WpQk/tvrHv3BR + 1qX4iGv4p1jxusSKN2xmoBI19b0URyTf2lODDhtu54CRANLlUvC8PLFLErhGtO5k0TbTtlcZRQt3 + snBFoazouqjSlFEu6f2NeMmHpAxF/sbEQwrhHNFD2vNrdBYs2XAQeYvJ0A0WwDgen3q+P6I8ZyZh + h1emxfSCp1GEPZB8es8YbF19fDKXjIy+WjeqEHCQ5eQ0yT66dgk83xvGnhsP/Oh0FA7CYOyFkyCK + XDZaevHkPDqTVo4G0yP/Cz5qnZ0yrlnTttVPhVMVdg2P2L5DTOxk1WKdhOQyO2OsII9hvUwMkHF4 + /DyzR07GCX+7Bt1/xO0idv8Rt4vgfUcMTopUMamlWlP1zHRPh+KJyFoVeIrXbiHZMP2iygWK9VtQ + Ubh6DjxqxWDURDLtoztTWuXlmnEPVPD+L/1ABe+B+EAFnVRglAcg3qmIe6Iurn52YVeUTDen20qk + qxfkml5Qe8D0VtoDRqnF/CHJBVeqRpealf4XQn39J6QiVRaeto+a7N5AcI0/UD5s7Z70UvZ4FRfV + mgw39paFfV5OS4XjQZT/r/OnjBmj2AuV0Hch+yLb9iP1M6nbQFsaILto/R24eoF0z2az+Q0AAP// + AwAnrBhQ9BoAAA== headers: - ATL-TraceId: - - 3cb77b93766454a7 - Connection: - - keep-alive + Atl-Traceid: + - 4532478719c52946 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:53 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 75a66cdf-bfe4-46e6-8b09-458160e3a8e9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '278' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 51ba7618-98bf-4d88-9257-7abc9a05ab33 - x-envoy-upstream-service-time: - - '120' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m2W3EQPKrIK7Z5EZJJOsJImpU2FZdn/boqLH7fhneeZ - lzkxjTMdJscUe49xnNVm05ElE7vwEQqMDue5R194iixjnzTNffAJ5gC8gALyZn/93Nw9tb/b/TLo - NDH1skIZZPCasY5GF44D+dgeR0oHblxYuiTppXfdt8LUKmzlJbzFuIICBM+hyoVseaWAq7IqAOAK - BEDyZ5pSb9sP/9hdy4UqudpWhZDihzXDvbchgVLsZL21Gk1JJVINxtay1p1GCdYAYFVJqan8UxDd - 2vDQT8jWdywuLj4Gg2t8Yu4yMfJvh4adz18AAAD//wMAuXpHZFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEoqZMUJUvrDdsPDaH0CeUmFLay1hagZ41jUiGWlGKedQs07IUqDBf9bEN3a + 8NjPCtZ3rFpcfPKdWuMTuMsEZnzb7+B8/gIAAP//AwBlsZHOWgEAAA== headers: - ATL-TraceId: - - 51c5269fead7ea6f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 3f556a4b5f8562c6 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 898aacb9-1e61-484d-9f1b-4bd6bca0dcd1 - x-envoy-upstream-service-time: - - '39' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 6f37b369c5737398 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 97939acb-9f0d-47ec-9103-0e5a417b45a7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '110' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 96c1d69c-12a8-4d9e-9971-535f7bbe1e93 - x-envoy-upstream-service-time: - - '62' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 3b680ac4ce74bb11 - Connection: - - keep-alive + Atl-Traceid: + - 8f616f3113e6aa3b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c5f6181f-7c49-4f12-b1f7-4a1c3e6e5959 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 03609802-6feb-45a9-a323-9184859fbfc5 - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2812]\n\n*Defect Dojo link:* http://localhost:8080/finding/2812 - (2812)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/683]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/235]\n\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11072","key":"NTEST-883","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11072"}' + string: '{"id":"11766","key":"NTEST-1428","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11766"}' headers: - ATL-TraceId: - - 5baad82a61ba7d85 - Connection: - - keep-alive + Atl-Traceid: + - b4cac69b4889dd47 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 74892970-a1fa-4f2d-b91a-bd324c667030 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '630' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2e4e8aa4-08ce-43e6-bd79-7806603c44e1 - x-envoy-upstream-service-time: - - '504' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-883 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1428 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xpYSUSOo2tcLsbY2o7JjFQ5SavqWliR7bTtAf87/ds - J+vYrjsYm7TFz37fP+9jf/FgU1KeerEngacgIX3NIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOGqTCPUjHUEpQwLU763U8ZiyHYXAY4UJBvsDlUutSxb6fwgISnYrPokd1TpVilPc4aB9t - aJ+WzI98plQFfmtgBVvUP5+OJtPucNhHycIG68VfPIVOK5VQDZmQWxdciitUiIIo7AaDbjSchlHc - D+Nnz3phNPg9iILAxGh86G0J1swjYzT6fhgEgYnTZd0sUlCJZKWpCEqPiCponndIypRmPNGkZJAA - EQtSC7nqGe1E8EuZ/0gUCpJKgr9mUNM11VT+odg/8LLAJlXFEyc6TV+GQT8cNsspBvpyl3LHM41G - X1OqVqZH1Vybr3hBcwUdr7XhxdbIt46nGQKjxCZ7Ma8wE6+U4jOG98jqNdq2drYbbe3M4lbDd5Fe - cqY1GjD4arRNUn/bs0osdE2lSUyxoswZIiS9kw0W10JmMNwMhj8SblPmxllT6ZKZwuLP7ToPgkP0 - HA020eDRhm0LLUqeqOb/A77C55vw+a/52rTOmo8HvPWjTT/6NW8NOFX7sdfbt29mvjfvHbtgx64/ - YQezTEKGc30PhogpkVduzJwkqZQWhaWIGXqIDvdtDO/bcNThpGYwLf15cTds+MIgWLLEuftyT2bw - heGrpajy9ISpMqfbBoUorqlGXnW09fMT4zjxhgV9Z02acbCfx6IyVbGRXhkB45kXa1kZ12hTv0e6 - MEPRFEMC5mqm7j5PDnqHw7DlybtVC/aVM9y3Ee3b6O+4hAnJ9PaRpWnV/cHP8SgraAbKNxqqNcJQ - kIu6p9bZjnvORN1y1MCz5ZyDIRMDzTtJman8z2zDfTgMhybtJVWjkiVnjK/sVXwCpbmZedICyMKq - tns3Ei74CC9mOs9hDFQ5UMrmy7s4u3xzej47Oz0enU9Gs9F4/G6MaeAAKcwbD0yXQC6QNbkmxi9h - igiebwlOJMuNUaIF+YtJSi4kFDi1pFKIuJ6d0btZvECDwVcWBIMX89hzFwa2CGu8G6nvxhirnTFO - 87uHmndFU14L+xyja5kA25dxuDldlWZmfwDH7qXwSIQ55Zvb6vvL/edAt0PVK5qs8CHVIqs17nwd - N0+aXwq4fRf57fMkai9XDgbRiciFPHfRzPMKuplEwto9DgQ5Ea7Zoijxqcd104WH+vd9cT7y3e/B - lOkcDmJy/YGWUUyOhVgxIFdMI2FqMrGXB3md0+yryRVTzUVC86VQOh4Gw8BfMJ4irfnRMIw+WYsn - thYY5mdBDEriA/L/quSp+fubNTABxBtyByrilFvR8dUIV5d8xUW9i/34/T3pwYUUaYWvmBHPcKIK - rI8/xXLguWubDNolf4q6q8WehMrGQPSJ+OS6Bljh+MGNtT1auwN+3yp+OLogk4TyPefNs8l/Puy7 - kr2SlCdLf0ozjPMcu+qkFcvT05PbomNRFEwTZKblLbGp2VZpKBSmnZaCISgOYiu3pTcILSjjimno - IW7iwaC/b2+f3E/R51xQmbblv2nDyQ5dxusRSRyIMEoyB+BEgSZ1gyiNBOeeJGSBqOqQesmSJSmA - coWb1J1oLGD90AKhSYIECSlZM0oqxHwityUyDB7jHNw13zOhjBF6yJ0JxC3k6rruiZqqsidk5iPg - YNMrl6XFBGJvthBy5pypGdX4aJhX2JrZ03dXR5OL7uRtF+9Ei8rL8Zkz+lBh3gImmcbkzWj6kSON - 48xqkDER5Tr5yEdrZm4PDG4Cuusmrd0zDv4FAAD//+xZbWvbMBD+KyZQaEvt2E6cl8HowtbBPmyU - FTboN8VWG7PYMpadbmT5731OUtTUibPRjZIPgVKUSL47n+6ee+7yDwqSLE3aFOi9PQraxdKJRYr/ - UvuoTcX2ORUYn1G771UHSnHxfcZzymyH2esVaFBhBwKCjEkX3Elz3EimnnFESeWPYVdS9UHl+8Hz - C4qP3EESaErnsPkD+0WB5hRMBUktcbEOImcjTtCE5nzuOVe5pMizcbYRiaSLAhX6jX1ybSDJkzWi - dKedKvLOP2UFiyt6zy/CSdUHB1BC7lLeP7+peCGpepdcQwzXh01m29BVmQu8cwdBH06b3Lx3g55x - KNp6UdLNAM1OGS42P3NOz37jMueVeAMs2SaHQRs5DPptG9F6g0pKVaIkKt5KNLpx1LdHmxuWcikP - Kx65+2AbBfNtK9DcGO+kLs2Sh2Rm8YwAWZdHWWcZo9rd+VOhIx8SExflCws9MbJLYBaxf/RQ0R3r - 95JgOur70RQvMByOgzAcEK+wh6BhzzFOFzxJEuhAse882eCaru6dhTgSure11hHvgVWoYwpg9LIb - BWHQ54HPe2EyHsS9OBoG8ShKEp8N7gI+ukzeKiknvclJ+BF/+jk3Y7mpfa6rv5JeLd0HeMQNPQp2 - r6in8zQml7kFY5I8hueRWVUK2ozlh2t34BU52d/s2Q/f4mbnf/gWN6cHh24xoCfRvbuhxpsk89qM - vSifCJx1i63h6xb4iuNXdSkK3r0FFMWzp8SjaRV2bSaTHjN3M6y6NIh7hILXv/QjFLyGxUcoaIUC - SzBg4r3OuCUNus3ah1xRsTlWO6gReFdnuepsb7QN5fy2oZxvh3LNDUvheL5IS5FrumN6/tr86qI/ - /tUroLtUEpbrpUHBFyDfxu9F3bXci07Gfn7lsp6T4A3dasJSVpNK27EQ1X+byWpZViZUoS39JtR8 - yk6BRammPqTR2vHc2PCZteYB5Z3VavUIAAD//wMA2fvVm7wbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvdh1HAHD0MXuli3IgsRpgaZFQFNniTVFaiQV2Wv733fU + i906dbdkWBHAkXi89+ce3XsP1gWViRd7GmQCGpIXHERiepLmYHqGZZDTnipAU8uVND1IuM3B0h7L + qExBqLR3D9qgDJIrKDQYkLa9y0pjVb50Bu/CIAiDgYY/SzB2vingUlNmOQOv53HnPwyPx2N8MSCW + +JpZW5jY9xNYArOJeqcG1ApqDKdyIMH66Mn6tOB+5HNjSvA7AyvYoP7FfHY974ejaIJHdQjGi997 + BmMrDaMWUqU3TQ4JvqFGFERRP5j0w5N5EMThcfxsPDgZT34IoiBwQTonFgOvzTwxSKfvYymCaJt2 + +5KAYZoXrnB4+pyYnArRIwk3lktmScGBAVFLUim9GjhtpuSNFo+MopTctYuKO3pPLdX+PYfKr8Pa + BdiKwmAYTn4y/C/4Mce2lzl6dbBAl3NqVq5X5cK6p3hJhYGe1yieYV61bs/LOAJHs2xzDveAsQYf + e57liKwCUeLFssQcvT2YDINOUGj1DjN6YsFb7brcdQO7cruXT0Cyy+pGcmvRgPG2vh1Sf6/vGrW0 + FdUOr4bnheAYcLKXOfajRtlosh5NHhnuVzrTZbLtyyg4xjCi0Toa/b9emu7XWESH4Xgdjr+Fw3Xn + cRith9G38NgC/OPHh3AMD+E06gRLvn7ZcCB2//YtoiFNNaRIKw+wjnEqUTZT/kWr0fEhweSQ4OSh + 8YbSmlNHGDV7e3E/bHnMlUtz1sTx/sGZAzFWwmSqFMmUm0LQTQt1PK6oxc9CQ6ePH8uGrHf07Dfm + tBu6+vFUla5edaiv3AGXqRdbXTrfaNS+xH660WuroQGTdbP9JQJ/Ng46At8v25Zm9gWHGh5tG74v + GO4YiyvN7eaJtenU/dHjCJ7nNAXjOw3TGeF4IFQ1MPfpjuHOVdUx4ciry7kAR1kOtPtf6/GBbMND + CA0nLu2MmlnB2TmXqxdOMoXCbRaSdQiqcVXVsu2JVHKGiwVdCLgCahpU6vbJuzy/+eXs4u787HR2 + cT27m11d/XGFaeBoGcwbL8wzIJfIzdIS55dwQ5QUG4JzzoUzSqwiv3FNyaWGHAedlAYRN/jSvIc4 + Tl7wgQfBZKljb2+YsbIpl1Rgz7DouyFzsv2zdi9qy1vjXmB0HUdg+1IJ29tl4Yb2X+C4WWGeiLBG + eftN/HzreBzodqj6mbIVLoIdsjrjja/Tdtf6TwF3C5vf7U1R9wmX4BDNlFD6oolmIUropxoZa7eu + KDJVTbNVXuCqKm3bha/19PPivJG7v6M5twKOYnL7mhZRTE6VWnEgr7hFxrTkGlipgbwQNP3gcsVU + hWJUZMrYeBJMAn/JZYK05kfDZ29rg9O6FBjlO0UcSOIj8o+a5Dv8+b5Wv8b1yhEHquGIt0FOSyBT + zAcPp8AGJBz3iMPWNovTVzOU3eK//jgc1aG6trAKBjm3GgZKpz6ikrpOcVyOHJp9vDrIbC7qwBs7 + L52dG7mSqvq0SpdaJSV+bmcyxTnNser+HIvsfNYlwoDJr6rqW3WgTEVrIHpLfHJbAaxwqGFr7YDW + 7oI/rBVfP78k14zKA/fdyuefhNt8PsngemMs5AYzSArFETVHcX1eN8fVKqdcGm5hgMDCUplsoahO + Dt14YH+6g5iz/JywBklIomQBIIkBS6oWVhZZzjTQWiK0eqTKOMtIDlQaFNLmRmsB030jF0AoY0iT + kJB7TkmJyGd6UyDP4D0pEXL8bwAAAP//7Flta9swEP4rJlBIoXZtJ07SQekC62AfykILK5RBUGyn + CY0l45e6o8t/33OSojpe3I4ySj4E8sGJpNNz53t57oJX6tQQXeEt38v+jQDdLmJOrmUxI1egvYNG + QEJqgWpZSz4XWSLPWCKj5MuwmlPuQ959iPkJAYPwZWEpSmGxVcV+kYpWyiS6ModTW4xbNYBozni8 + cqxLnpPORkNlg5+cjEC3kY2AQCPMNxBJYF7CQDuR1nSuaX+NMEQZgclIe+0uVVU5omJ5KuMB8Rc/ + Oekilb6MS6aQOdV3T1kBDjUr4VLT7vfb8c3EvrmywRBkmJpLUpEVcUZx0GVRsuTHVvf4NxxlVYhP + cMO/yYrXRla8fttCUC9NBZrtB8mjiNc1trpma3PBUABpcslrdm9sowSuIa0wDAsXFJQ72YZrSOxW + uW2m5LxMEka1pPNW4iUbEjMU2TsLDzGEC0QPsdFv0XkwZ/1e5M1GfTeYAfBweOb5/oDqnNmEG17Z + FtMLHkcR7kDx6bxgsHVb8tk4GQl9taFUIeCgysltMvvopibwfK8fe27c86OzQdgLg6EXjoIoctlg + 7sWji+hcSjnqjY/8r/ioc3bCuM6atq1+yp0ytytYxPYdysROWs5Wy5BMZqeM5WQxnJeFATQOj18m + 9sBJOeFvNqf7j7jZ3e4/4mZ3vO+IkXoi1UxqqlZnPRM97KF4omStWj6Vvu5A2bD9sswEuvg7pKJw + 8RJ4NKPBqolkukdPpjTLy3TGPaSCj3/ph1TwEYgPqaA1FRhCAYj3KuKeabyrn13IFQXTw+kmLWmb + BbltsyDXzIKaC4apxfxxmQmuuJBuNUv9L4T6+i9IH0Xx/2ZwSpgRipvQgfwQch6xGfvBhRTk582j + zq7vBiD/sTndyD3pJOzpOs7LFQmuKSsnCVkxLpTiNM+kaQOpbn7fPuxvndYHJNr1ev0HAAD//wMA + OTzQBfQaAAA= headers: - ATL-TraceId: - - c28855456b323636 - Connection: - - keep-alive + Atl-Traceid: + - 761313b1000948e8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9642e899-602b-48fc-beac-b2124223f3d4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '228' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aacd0930-eefc-46f7-835b-44a823af5e9c - x-envoy-upstream-service-time: - - '116' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11072 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11766 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH5JCqlnOjc0pD3uKGVIKDOlnYxibxw1tuSRZJxcy3+/ - lWQTCheupTAD9lral2effaSvHqxLylMv9iTwFCSkbxjkqepwWoDqqGQJBe2IEiTVTHDVgZTpAjTt - JEvKM8hF1rkGqfAbpOdQSlDAtVvrdTxmPIdhcBDhi4J8ga9LrUsV+34KC0h0Kr6IHtU5VYpR3uOg - ffShfVoyP/KZUhX4rYMVbHD/6XQ8mXaHwz5aFjZZL/7qKQxaqYRqyITcuORSfMMNURCF3WDQjYbT - MIr7YfziRS+MBr8HURCYHE0MvSnBunlijma/HwZBYPJ0VTcvKahEstIggtZDogqa5x2SMqUZTzQp - GSRAxILUQq56Znci+IXMfyQLBUklwb9mUNNrqqn8Q7F/4FWBTaqKZ850nL4Kg344bF6nmOirbckd - zzQaY02pWpkeVXNtnuIFzRV0vNaHF1snNx1PMyRGiU32Yl5hJV4pxRdM74noNbstdrYbLXbm5U7D - t5lecKY1OjD8anabov62a5VY6JpKU5hiRZkzZEh6rxoE11JmMFwPhj+SbgNzE6xBumQGWPy5i/Mg - OMDI0WAdDZ7s2LbQsuSZav4/EivcX4f7vxZr3QZrHh6J1o/W/ejXojXkVO3Dzmg3N2a+1x+cumDH - rj5jB7NMQoZz/YCGyCmRV27MnCWplBaFlYgZRogOdn0YPvThpMNZzWBa+fPibtjxsEz9ASfO8KpZ - QDXqpJOhn58Ap3G3quY7b9LQ2z6ORGWqDI1SXRoD45kXa1nBTSNexplkiav96wObSQyXqqWo8vSI - qTKnm2Yk0JxIwFrN1D3UyUHvYBi2OnkftWAXnOGuD9FWMpiQTG+eiFi73R/8nFyygmagfLNDtU4Y - GnJR99R1tpWYE1G3UjTwDEb3Cum3heR0DkZMDDXvLTJT+Z8whLt4GA4NHkuqxiVLThhf2aP4CEpz - MvOk7ZntZG2/3Vq44GM8mOk8h3OgyvFANk/e2cnF2+PT2cnxaHw6Gc/G5+fvz7E+HCCFgOCC6RLI - Gaom18TEJUwRwfMNwYlkuXFKtCB/MUnJmYQCp5ZUChnaszN6v4qX6DD4xoJg8HIee+7AwN4h+NuR - +m6MsQ0Z4zS/v6i5VzTwWlbnmF2rBNjXjMPt6qo0M/sDPHY3hSdSz22+Pa2+P9x/jo1bur2myQov - Ui3lWucu1qi50vxSwu29yG+vJ1F7uHIwVE9ELuSpy2aeV9DNJGrE9nIgyJFwzRZFiVc9rpsuPNa/ - 78H5xLe/e1Omc9iLydVHWkYxGQmxYkAumUaN0mRiDw/yJqfZN1MrlpqLhOZLoXQ8DIaBv2A8RRn0 - o2EYfbYejywWmOYXQQxL4j3y/1vJc/P3N+tgAsg3FBXciONvTaPLMb5d8BUX9Tb30YcH1r0zKdIK - bzFjnuFEFYiPP0U4cN2VLQb9kj9F3dViR0Fl4yD6THxyVQOscPzg1tuOXdsFft9u/Hh4RiYJ5TvW - m2uTvz/sO8heS8qTpT+lGeZ5il111orl6fHRXdNIFAXTBJVpecdsMNsoDYXCstNSMCTFXmztFnrD - 0IIyrpiGHvImHgz6u77tsvspxpwLKtMW/ts2HG3ZZaIeksSRCLMkcwBOFGhSN4zSKHDuSkIWyKoO - qZcsWZICKFf4kboVjQfEDz0QmiQokJCSa0ZJhZxP5KZEhcFlnIM7WXsmlXOkHmpnAnFLubque6Km - quwJmflIOFj3ymVpOYHcmy2EnLlgakY1ntPzClsze/7+8nBy1p286+IZY1l5cX7inD4GzDvAItOY - vB1PP3GUcZxZDTImorxOPvHxNTOnByY3Ad11k9Z+MwH+BQAA///sWW1r2zAQ/ismUGhL7dhO7CSD - 0YWtg33YKCts0G+KrTZmfsOy040s/73PSYqaOnE2ulHyIVCKkpN0p9Ppuecu/6AgzpK4S4GS7VHQ - vS3NWCT4L5SPulRsz5OB8RlJ/V5WoBQX3+c8p5dtMXO9BQpU2IGAIGOSBbeSHDeSyTVWUVH6Y5AK - yj7IfD94fkHxkVt4BIpFWSx9YL8o0KySySBpBC7WQuRsxAmK0JynjnWVC4o8E2cbkUi6KFChX9sn - 1gbSfqJBlO60U0be+aesZFFN5/xSWIn8YAFKyF3S++c3NS8FZe+KK4jharJ+2SZ05csF3tmhN4TT - pjfvbW+gHYqyvqjoZoBmpwwXm59Zp2e/cZlpXbwBlmyTQ6+LHHrDLkGwFlBKqSukRMlzibm2prpm - alvQRblcQ7mk6yXz3D3RlAJtwcRQl7pm0Zwwd0dF0k6BoskyRrm796dERz4kJl5UL0z0xMgugVlU - LaCGCu7YcBB7s/HQDWY4wGg08Xw/JF5hJkHDnmmcLngax9CBZN97ssHWVd07A3G06d7SWkW8A1Yh - p0mAUcN+4PnekHsuH/jxJIwGUTDyonEQxy4L7zw+vozfyl1OBtMT/yP+1Do7Y7nOfbatvhJOI+wH - eMT2HQp2p2xmaRKRy+ySMUEew3q8rDoBbcbww7UdOmVO9rdr9sO3uF35H77F7e7BoVsM6IlVuayp - 8SbJvNZtL3pPBM6qJFfwdQt8xfSrpipK3r8F4kTzp4dH3SpIzUsmPbrvpll1pRH3CAWvf+lHKHgN - i49Q0AkFhlDAxHv14pbU6NZjF/sWNUsx2kGNwLt6y1VvW9DVlHNNU64tME2utsBQOJ4vkqrIFRfS - NX+jf3VRH//mCIui/m+9U7WX2ROKUA5+K2RfyDQ8Uc1Ki5froUbdF+uXv0/11/te9DL28ysXTUob - b5xVdnSqelqrc1Nbmbo+dHLz/fPF/rPVeoG0drVaPQIAAP//AwD49JRVvBsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdh1HAHD0MXu1i3IgsRpgaZFQFNniTVFaiQV22vz33fU + i906dbdkWBHAkXi89+ce3QcP1iWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+h1GBA2vYuq4xVxcIZvI3CMAr7Gv6swNjZpoQLTZnlDDzf485/FB2PRvhiQCzw + Nbe2NEkQpLAAZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGlrBB/fPZ9GrWi4bxGI/qEIyXfPAM + xlYZRi1kSm+aHFJ8Q404jONeOO5FJ7MwTKLj5NmofzIa/xDGYeiCdE4sBl6beWKQTj/AUoTxNu32 + JQXDNC9d4fD0OTEFFcInKTeWS2ZJyYEBUQuyUnrZd9pMyWstHhlFJblrFxW39I5aqoM7DqugDmsX + YCuKwkE0/snwv+DHAtteFejVwQJdzqhZul5Vc+uekgUVBnyvUXyJedW6vpdzBI5m+eYM7gBjDe99 + z3JEVoko8RJZYY7eHkwGYScotXqPGT2x4K12Xe66gV253csnINlldS25tWjAeFvfDqm/13eNWtgV + 1Q6vhhel4Bhwupc59qNG2XC8Ho4fGe5XOtNlsu3LMDzGMOLhOh7+v16a7tdYRIfRaB2NvoXDdedx + EK8H8bfw2AL8/v4hHKNDOI07wYKvXzUciN2/eYdoyDINGdLKA6xjnEpUzZR/0Wp8fEgwPiQ4eWi8 + obTm1BFGzd5e0ovwlVok9YYMHz9UDdXuyDVozGk3MvXjqapctpEjzNfugMvMS6yu4L7lUGdNc9bU + 4MODMxcZXjW5qkQ64aYUdNOOGR5jWPYV9tONXlsNDZism+0vEfizUdgR+H7ZtjSzLzjU8Hjb8FJz + pbndPLGInXowfByP84JmYAKnYTojHA+EWvXNXbYjsjO16ghv6D2EdDzoEhF0Do6yHGj3v9ajA2WI + DiE0Grt65NRMS87OuFy+cJIJlG6zkKzrYt3bVS3bnkglp7hY0LmAS6CmQYZun7yLs+tfXp7fnr08 + nZ5fTW+nl5d/XGJ+OFoGC4IXZjmQC+RmaYnzS7ghSooNwTnnwhklVpHfuKbkQkOBg04qg5jtf2ne + IxwnL/zIw3C80Im3N8xY8oxLKrCZ2I3dkDnZ/lm7F7XlrXEuMLqOI7CvmYTt7ap0Q/svcNysME+E + XqO8/SZ+vnU8Do07uP1M2RIXwQ5ynfHG12m7a/2ngLuFLej2prj7hEtwUGdKKH3eRDMXFfQyjayx + W1cUmaim2aoocVWVtu3C13r6eXHeyt3f0YxbAUcJuXlDyzghp0otOZDX3CJrWXIFrNJAXgiafXS5 + YqpCMSpyZWwyDsdhsOAyRWIM4sGzd7XBSV0KjPK9Ig4kyRH5R03yHf58X6tf4XrlGAXVcPbbICcV + kAnmg4cTYH0SjXzisLXN4vT1FGU3+K83ioZ1qK4tbAX9glsNfaWzAFFJXac4LkcOzQFe7ee2EHXg + jZ1Xzs61XEq1+rRKF1qlFX5upzLDOS2w6sEMi+x81iXCgMmvatWz6kCZytZA/I4E5GYFsMShhq21 + A1q7C8GgVnzz/IJcMSoP3HcrX3ASbfP5JIOrjbFQGMwgLRVH1Bwl9XndHFergnJpuIU+AgtLZfK5 + ojo9dOOB/ckOYs7yc8IaJCGJkjmAJAYsWbWwsshypoHWAqHlk1XOWU4KoNKgkDY3WguY7ls5B0IZ + Q5qElNxxSipEPtObEnkG70mJkON/AwAA///sWWFr2zAQ/SsmUEih9mwnTtJB6QLrYB/KSgsrlEFQ + bKcJjSVj2XVHl/++d5KiOl7SjTJKPgTywYnk09NJ9+7dBUfqNRBd4pTvVf1GgG7nKaer5TBrV6C8 + w46AhLYFqeUs+EwUmXrHEQWRL8OoJO4D7z6k/ISAwfiidHRad9iyZj9pi07OFLpK4lI7jDsNgCjO + eLr0nAsuac92h9oHPzg5gVYjHwGBQSjXEMmgrOCgrUgbe27s/hphiDQCl9HuzXWp69oTNZO5igfE + X/rk5fNc3WUsMoHNiVl7wkromGmFKzXpfrsd31y5N5cuMq4KU7tILooyLSgOuizJFvzY6R7/wkVZ + luIjruGfYiXYJVaC/q6BqJmaShTbD0qJkbZqTfXt1PbALgngWwmgzkIpoe0TrWiFY1g8p6DcqjZ8 + K2I30m2bkmWVZYxySedvxEs+JGUoijcmHlII54ge0rNfk7Noxvq9JJiO+n40BeDh8DQIwwHlOTsJ + K7wyLaUDHicJ1kDy6bxgcE1Z8sleMjL6akGpQ8BDllPTFPuYoiYKwqCfBn7aC5PTQdyLo2EQj6Ik + 8dlgFqSj8+RMWTnqjY/CL/jo99yMccOarqt/kl4l3RoecUOPmNjLq+lyEZPL3JwxSR7D+yoxQMbh + 8fOVO/ByTvjbxen+I25Xt/uPuF0d7ztiUE+iCzoj1Zqq58o0eyieiKx10ajp6w6SDdMvqkKgir8D + 48Tzl8CjHg1GbSTTOqYzZVReYRj3QAXvf+gHKngPxAcq2EkFVlAA4r2OuGdq75pnH3ZFyUxzui1L + dvWCfNsLag/Y3kp7wCq1lD8uCsG1FjKlZmX+hdBf/wmpyLSF5/WjIbs3EFzjD5QPa7snnYw9Xaey + WpLhxtqqsC/KcalxPIry/3UTtTFrFGuhEvouVF9k3QKkfiZ1G2hJC2QTbbgB17yg3LNarX4DAAD/ + /wMA1IbrsfQaAAA= headers: - ATL-TraceId: - - 4427d4fddb0d5b15 - Connection: - - keep-alive + Atl-Traceid: + - ca6a960e1c694076 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:17:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 88adf8e9-292e-4f16-9b73-6feb03d2b539 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '285' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a393085a-5fae-472b-97c3-425ec4f4bb8c - x-envoy-upstream-service-time: - - '112' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1JmjZLbqIHFVmFdk8iMkmnWEmTpU2FZdn/boqLH7fhneeZ - lzkxgzPtJ8c0e4/xMOvNpqOebOzCRygwOpznAX3hKbKMfdI0D8EnmAPwAgrIm931c3P31P5ud8to - 0sT0ywplkMFrxjo6uHAcycf2eKB04MaFpUuSWQbXfStMr0KlLuEtxhUUIHgOMheq5VID16UsAOAK - BEDyZ5pSbzuM/9hty4Uuua5UUcvqh7Xjve9DApXYqrrqDdqSSqQabF+r2nQGFfQWAKVUylD5pyC6 - teFhmJCt7/S4uPgYLK7xibnLxMi/7Rt2Pn8BAAD//wMArDASU1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdCEI2k4+2H78cEZn8C6pNwUxpiCN4zVWDSIZSVZTXuJqu45LzUW9d+CaNeG + x2GWsL5j5GLjk+/lGp/AXibQ7m2/g/P5CwAA//8DAHL/0YJaAQAA headers: - ATL-TraceId: - - 8808a19cc70d0204 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 93106f40a40107ff + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3aa444d4-c4ef-43e9-82cd-7a20a507bf08 - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 668db6385fb1e504 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6ff6c4de-b49e-429a-a6b7-49cf0afba897 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e77f82ec-eacd-4122-ba72-7491ae04c294 - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,174 +952,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJmzZrbqIHFVmFdk+ySNJMsZI2pUmFZdn/boKLH7fhneeZ - lzkRrTzuF0skeQ9h9nKzMdhjF4z7cFQFq7wf1EQnDCQjn7j4wU0RZgCMAoW82d28NPfP7e92t446 - TkS+JiiDDA4ZMThbdxxxCu1xxnjg1rrVREmvgzXfCpFJqMQlvFMhgQUULAeeF6JlXAKTJacAcAUF - QPQ9LrG3HcZ/7LZlhSyZrAS95tsfthsfpt5FUBRbUVe9Vl2JpcIaur4WtTZaCeg7AMW5EBrLPwXB - pobHYVEkvdOr1YYn16kUn4i9TASnt31DzucvAAAA//8DAA2ZzHFaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdCEU1Ky8oftxwdnfALrknJTGGMK3jBWY9EglpVkNe0lqrrnvNRY1H8Lol0b + HodZwvqOkYuNT76Xa3wCe5lAu7f9Ds7nLwAAAP//AwAOjgdWWgEAAA== headers: - ATL-TraceId: - - 3e223658d803385f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - dc4103e1b904c895 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d4bd2e6b-77a4-4703-9373-1d2e98fc3dbb - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 3cd4bb4eb87791d3 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 16eb9ff2-e85a-4301-8c02-4cfbce96080c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '103' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3b0b7bc0-9668-4da9-8d46-0097984da277 - x-envoy-upstream-service-time: - - '62' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1416,110 +1022,119 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/field response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA7RX3W6bMBR+FeTrECXsIhm3nSpVmqZprXYTRdMJMdQtGGSbqlHVp9n77JlmYxtM + aqOtDRdRxHdO/P34YMjuBZEjShEXIFqegcBFzU7ZPdACH+UVWqBHfJpuoFBh2XHbdURXpiW60j2y + IWu5qCuU5lByvEA1O2IGhxL3CIUnUmhEsFYCHAOTHA6SldBy/E1ScZTujBzLZai+KD17+evsHleA + 0hckTo2SpoQKUimx/MQFrqYMvb4uTCiE8xZ3S9gUXMTYvlFQdKexsFPt4v+Nuozdl8+f29QbHMDB + UQMMU9Hb6S+Nl+/2OuzjX3bM9Jw5MWT7XozaEd64elzESLqTUHRrsDlkDZy+ZGlbHTBzYx36h1i1 + rpzg8vhrvVp9WvWOfBV7v7SHigiBj1Fes4rLQksFA8pLOYVHpc/bZDPQ/i4wYVm+65Tt5eLndJOR + WCUoq6sliBI4J0CXD4TBsinbglC+bFitVoK4AgryBou7KHjaLR9zS6fhOMvNEOulb2S2nTRngFn9 + gDNngvtrO8I98LFh8UZl2XyxDEr6UbFQeFDWwUFRFWPpa509Tk/JWcdcI7JWIzLi8gVxwfkoO67p + 4ViH002C6aqKPWBqAeVUuOOGubJNVLYu1czRCkU1nWwyJJuT55+YcVJTlYHOdIyZNK/Jc/Q0oOF7 + 8L1xDazehIAxOEliIu9A2Y+MFuTcla7uwSEUBcOFeU8YP5W8JeP3z+9o7ieUz+bbx5JH5GBu/LbU + G3sD2yfT+E3uw7a8G3lGPrwWMMzrshV617TQEWRE/nCxsL73zplD6duAkaJ+Exw0eColm96Wr2JP + JWAFFpEMiamx8h1L446ZzqVk051LLpcvDvNPIHQsNXUqP7Eum0PnAByXhOJ47MAcPskmHOA2GKCq + jAPEVP0BCcen63OFt3XCU0yXjs5Vb4PbhoP7HAxOVUxwfwEAAP//tFnNbtswDH4Vv8ACLAECNLch + QLEBRVd0w3YwekgDJ9Hq2Iasrdnbj5Ipk7Iop+nim0XKoT7ys/iTr3B3jKXDQD+V426s45glyXFX + TIY1WBrNhfMb8ip95EGDHIn5PfVnqj44suoE1pzkMqkPHvwC4Xyt9YvegKKHyCWI7ieIskeUTYCP + TEp44jRI+wdtPMA0Wm2DtCIoKGhOmJlxXBHNccs5XBIY4TRhL891hA7obn6o4tUxrMMViBDRHciy + XphG9JZIiWUKtyrBk7jHXmG82xh4l+pMWnvOOYEery/fj6Ozp+VLhw5DlEMRITAH4GW1UWWPgUsQ + xZcj3EMTYaBiaqsLe3f3B6E1HmPdC/7vHBLLmTV8umhC599OJ7TknMVpEOG3RitXmwvJrNdNlci6 + qUpnRcI97Fd+tUE961Ja8/ek2hmU90V1qJum0C61rfaHD214fJ+s2Lxk6JfkwMFp0GO3JXQTLmyC + y0g5lc/cmIHM4FO+PhTbl+f6VLRPb3Jl3eAtGjhTrA9mHedmzCf2R9vV8Xdp1LY3HHk6PXyYJ4cP + ToOeztefPz1+f8rsd5HVu+xWabimIfs00J3aj0EIwNl3rh6XsxbHN+RevHNijWIbZYz4XI4ouxTG + YliczAzOr42q9itnw5sIamsfMzbWgM+n1spQR8wEGKEHkvgzxBfkex3bm5PQs7OwiSLK0rxbJHln + NQPeudmFqrKu4x/nW7R3Mp5FlmRFHi4ZnxYynzYVD+NZKlnqQe8QwvUsWvAK7LkoqV7pl+jrO7++ + Pn/QlIh1cBva0rHacy7hy2kmLZNMshqfXY39r++hhjyU4M9gx9VZgzFfukwb2uLL/N41CzIzLugl + k7liV9abOBcvk/79mPSv0wT+bSyEDOp/deyutKSfo52X+vsfAAAA//8iMrwNkcIbzU7iAxhHyyar + uFy3GGSyLthkjMxniCdQcY6ugWWggQqZs03Oz8kHOQlLWKIqoFUQgsfWkK3CFnLwjEtsyIH7irqo + bocFHMaoGgAAAP//tFrBTsMwDP2VijM77MoNwU4gIU3iyGFqM1RtbKMbE//D//BNpI4T2409ylhO + W510fu81tWNnJI/ZVYORmA3hDLd6bDcrXTg5oZRw0FfjrjThTkd7ra+WjsOlaHZHbWp21GAERZsv + LLVwpJRM0EUDHyP1MVaVrzTW7nM76TjcqA7rjPUJk0UeLH2lMWrisbQbv7CrWR6q8gQ5pgJVK+Gr + LjpifgQkTZq8ryRuIcbi1MXvzHx+WKwzCX6bhZp8f1VPOFhYlXGcT8MmEdh5X+DLDEjtdrl09WFf + 9mhwAU5c88/zwYSRGEJIXftAQxyFCVn2ocg1FUT0MhTBqx3xBuQERtlLDFa2kH1YfN04tmbJEJ8h + WS5PLLnTePmJcmHGyYT/Y9fXetTnomtE/5wMNvgx75OKnrzhtz/1ueLdxCbVHIFMukQuWQV2QSro + S8OeYCTkaGH5cfvmC28X9myYGLkJCdxxm03i3MWUXKo0hm8JzWbMGOpBGOhZiSAQDMjsAS5sSmOe + ixqyewTXwWH8JCQvIgVnoZqnYmUQoafcoxQPlyQSEQwScgZMe3Z5klJvpUfWuH3dtbETGGSQNmR/ + L4w273PXJHeqMcvrc36HvQM1W+AwguTm7t1npEP8l6q2E5UzSu1IoR0ufKlaNLgvd10X5sIAwRps + 5n16OLa184Ktbo67SVgOaXrcqNpd8anZFYcRFHG2a+sK5FIV5MOl5IPOODlStftLueg39s7/2qRv + Bf0AAAD//8SbTW6DMBCFr8IRiAIHqNJld+2uK0SRWgWaKCTtgXqfnql4bMMbM8NPK5elZyxsfx7b + 8Aab1BQHpovbO1XcJg8Cm1IWeYVY0OjPOmxKwiYnC2awydLgDgTmkM5e5WY8yO2gixPMH4vavqdm + W5Kg/SrWZGEC5NSQTKYyMx5kpssS6I5FLOuJ6S/oaz657crEPntYGf/k7kZbHu1EDOc8GB2iJ6OW + g9l3Y8EZ56rMkZCGHPSFndu9XZ/8XJ1843EjezR/kCUu2SPMPvPHmv7c6qHQ0lCgDJisPAe9CmWq + BbqzeUIXKkeQV32g5CrYVAVLHgf2QLdiEnf6CmR5hUhoU0LLm4LS8/3ldH45fb7LgOWdfR3itqrx + ToHDm07gVbV98nC8l7dW2bZ4hVh4ScnnTUFpO7yg8rdVeWOJWjD4TcBZkofqA15mFu1vC3nV9GSJ + gu+OrQHbXN9PPVTUjAV5glCpCvuDyESw+CqxwoWyFmFjrLxdyOj5jVTNb5CHY25nDhSpWizclOuQ + GhzZbD68KzdnGTyIT39AP3qKhw95kuJ6LcrXht2iQJPDfYe2Fet14fsItCm/9YdSEOvjIDcOVhgh + iuMjpUXzunF/fyX/lQCRhj1WUeT+6otJzXuRhy8mI6XVlVny8ytqXDfWsqLcmNqq7Nh6gUGqrb01 + TYFXefqyPw57gx5UDOEPAAAA//8iIQhhlmELAsxxLJhqpNQEWtgJ7gRC0xCcD0s5cAHcjicmR2B1 + Pcw2bK4vRZtpgKlFDvikksRipIkgJAF40CfpwoQocz/WHI2wEZsP0Is07HNAcCMAAAAA///EXMFu + gzAM/RWO2wGJc2/TusOkSaumbpdqB7QyVGkQBLSHSf33EePEDrG7CRXt0pI4wX7PlQmPUALWFo1p + e4A/AmMdCOyFenRcc39U3p2EapoXP1goyE1rhqOOMiRZqBBvqFMHNTtZEhgWRlyAvVEvvqrkCxZE + trYrUdPgtUyouPtgwFJlFgRf7koiRJBFxIrZQSNlp0sPdV+U8MJHnY6DVoMZS87Hpz+tK6G6CJyp + IjBYkNZtkVcyn2hZikiQftGH/drZD/kqdJHOfpjWrdoqhYNw/4vtihjTVeBMVYHBgow9t2VeH74h + RYoOPB2yFIegBIfORP6mWyfpcYRhk3WO+fMINjnlsyPZONNl40yVjcGCRN81Q+2wmxdkkrn56gTz + k/vj3etARLIBaSq5ga30w2oqsbW8u7WpwLRou3UnacBrgML5XxZWEII9jSyXZboInakiNFgwA49V + k8NNqUC/t12de2QR5GfvZTz4vxtxJlEX9enQmjq4GQz7kL6HoNPFFF+M5xLFnUp0xEtXPoMA7Y/h + XyNRG4Gsj8X09uV6KPawAcD5lHCga4/CjSUE0RIpXhktuywihxIAaYEkrYtMFfyoqI0Y7n2HDiFK + Aw75NQ/OmwQAbV3a5GWQCjeJQJxMX1AeXAsBvGFTD39+BkZXUvQuCB/12EEx25dsvww9b6I2xv1k + ysS+GXwx9LnMSyFPrxUUkQfhus7n9x8AAAD//wMAGZmL9PVMAAA= headers: - ATL-TraceId: - - f125cc2d83b2718e - Connection: - - keep-alive + Atl-Traceid: + - fbb9a080a93ec823 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 012bc2c0-9fed-42b5-8f15-248c8d33615f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '165' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3c2859ea-8537-422c-8257-5a64f5bc34c6 - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1529,89 +1144,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-882 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1427 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSHusiTScG3cYdY6gtQxqbKpO8pl4TO7Kdpr2N//2e - 7YQyuHKDgQTxs9/3z/vY3zxYl5SnXuxJ4ClISN8wyFPV4bQA1VHJAgraESVIqpngqgMp0wVo2kkW - lGeQi6yzAqlwD9IxlBIUcO3Oeh2PGcthGLwIcaEgn+NyoXWpYt9PYQ6JTsVX0aM6p0oxynsctI82 - tE9L5udUm0+mVAV+a2UJGzRyOh1Npt3hMELJ3Ebsxd88hZ4rlaBaJuTGRZjiChWiIAq7waAbDadh - FPfD+I9+LxqGvwdREJhAjQ+9KcGaeWygkYvR6PthEAQmKpd6s0hBJZKVpiwoPSCqoHneISlTmvFE - k5JBAkTMSS3ksme0E8HPZf4zUShIKgn+ikFNV1RT+adi/8CrAjtVFc+c6Dh9FQb9cNgspxjoq23K - Hc90G31NqVqaRlVX2nzFc5or6HitDS+2Rq47nmaIjhI77cW8wky8UoqvGN4Tq9do29rZbrS1M4tb - Dd9Ges6ZNuAwIGu0TVJ/27NKzHVNpUlMsaLMGSIkvZMNFtdCZjBcD4Y/E25T5sZZU+mSmcLiz+06 - D4IX6DkarKPBkw3bFlqUPFPN/wd8hfvrcP/XfK1bZ83HA9760bof/Zq3Bpyq/djp7frazPf6o6MY - 7NjlF+xglknIcK7vwRAxJfLKjZmTJJXSorAUMUMP0YtdG8P7Nhx1OKkZTMuBXtwNcUk1UqMjncfj - 3THaDYf5zpo0YLafh6IyOYWGly6MgPHMi7Ws4LqhKmNMssRl+u2ezASGR9VCVHl6xFSZ000zACjG - qPRHpAszFE0xJGCuZuru82TUe7kftDx5t2rBrnKGuzaiXRv9LZcwIZnePLG4rbo/eByPsoJmoHyj - oVojDAW5qHtqlW2550TULUcNPFvOKzBkYqB5Jykzlf+ZbbgLh+HQpL2galSy5ITxpb2Pj6A01zNP - 2i7a3tZ270bCBR/h7UyvchgDVQ4Zsvnyzk7O3x6fzk6OD0enk9FsNB5/GGMaOEAK88YD0wWQM2RN - ronxS5gigucbghPJcmOUaEH+YpKSMwkFTi2pFGK2Z2f0bhYv0WDwnQXB4GU/9tyFgS3CGm9H6ocx - xmpnjNP87qHmcdGU1+I8x+haJsD2ZRxuTlelmdmfwLF7KTwRYU755rb68XJ/HOi2qHpNkyW+plpk - tcadr8PmSfNLAbfvIr99nkTt5crBIDoRuZCnLpqrvIJuJpE1to8DQY6Ea7YoSnzvcd104aH+/Vic - z3z7uzdlOoe9mFx+omUYk0MhlgzIBdPIWppM7OVB3uQ0+25yxVRzkdB8IZSOh8Ew8OeMp0iMPj7j - wi/W4pGtBYb5VRCDkniP/L8qeW7+/mYNTADxhtyBijjlVnR4McLVOV9yUW9jP/x4T7p3JkVa4Stm - xDOcqALr40+xHHju0iaDdsk7UXe12JFQ2RiIvhCfXNYASxw/uLG2Q2t7wO9bxU8HZ2SSUL7jvH1T - 7w/7rmSvJeXJwp/SDOM8xa46acXy9PjotuhQFAXTBJlpcUtsarZRGgqFaaelYAiKvdjKbekNQgvK - uGIaeoibeDDo79rbJfdT9HklqEzb8t+04WiLLuP1gCQORBgluQLgRIEmdYMojQTnniRkjqjqkHrB - kgUpgHKFm9SdaCxg/dACoUmCBAkpWTFKKsR8IjclMgwe4xzcXdszoYwResidCcQt5Oq67omaqrIn - ZOYj4GDdKxelxQRibzYXcuacqRnVeHNfVdia2fMPFweTs+7kfRfvRIvK8/GJM/pQYd4DJpnG5O1o - +pkjjePMapAxEeUq+cxHK2ZuDwxuArrrJi0m/wIAAP//7Flta9swEP4rJlBoS+3YTpyXwejC1sE+ - bJQVNug3xVYbM79h2elGlv/e5yRZTd04Ld0o+RAIwYlOd5fT6bnnLmrtHw1EaRx1GVBrOwx0qyWJ - ZYx3oWLUZeKpnEyMr6jdt7INpbz4ueAZ3WyLmePN0aXCDyQEORMvuRVnOJFU7rHyksofw6qg6oPK - 94tnZ5QfmYVLoHiVxZI79ocSzSqYTJJa4GAtZM5GnqAJzXjiWBeZoMwzebaRiWSLEhX2tX+icZD0 - iRpZutVPmXmnX9KChRX9zm+5FcsPFqCEwiWjf3pV8UJQ9S65ghiuhPXNNqkrby7wzh55QwRtdvXR - 9gY6oOjt85JOBmh2zHCw2Yl1fPIXh5lU+TtgyVNy6HWRQ2/YtRA0C1RSqhIlUTJf4rItUdeIthcM - 5ZIRljxyu2AXBXNNK9BemBrqUlUsXBDmbulI2iVQ1GnKqHb3nit0FENi4nn5ykJPjOwcmEX9A3qo - 4IYNB5E3nwzdYI4fMB5PPd8fEa8wQrCwQ4zTAc+iCDZQ7HsPPti6q/tgII6U7mytVcY7YBVSTAKM - euwHnu8NuefygR9NR+EgDMZeOAmiyGWjG49PzqP3UsvRYHbkf8ZL7bNTlunaZ9vqK+HUwr5DRGzf - oWR3inqexCGFzC4YExQx7MfNqmLQZjx+urRHTpGR/+2eff89bnf+++9xe3qw7x4DeiLVQGtqvEky - L/XYi+4TgbNq0hV8XQNfIX5Rl3nB+9eAonDxcPFoWoVVc5PJjp67aVZdasQ9QMHbH/oBCt7C4wMU - dEJBm3mASvVWa9rTMA34fquu4oom4PrZhcG8YgmetmjpGsq5XUM51wzl2guGwvFsGZd5priQ7vlr - /a+L+vgiT9FdSg2r5lGj4CuQb+P/on6j96yXst/fuagTUrxhW05YympWKT+WefXfprpKl9EJU2hL - f+RyPtWMYmmsTFMfsmj8eOys/8hbvUFGZ71e3wMAAP//AwB21fK6wRsAAA== + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IgsRpgKZFQFNniTFFaiQV22vz33fU + i506dbd0WBEgkXi89+ceXT54sCqpTL3E0yBT0JC+4iBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvPvQRuUQXoBpQYD0rZ3WWWsKubO4G0UhlHY1/BnBcZO1yWca8osZ+D5Hnf+o+jo8AW+GBBz + fM2tLU0SBCnMgdlU3ak+tYIaw6nsS7ABerIBLXkgqHWP3JgKgs7KAtZo5Gw6uZz2omF8hEd1HMZL + PngGA6wMQ71M6XWTSIpvqBGHcdwLR73oeBqGSXSUvBj2XxwNfwjjMHSROicWo6/NPDfSuAnS6QdY + jzDe5N6+pGCY5qWrHp6+JKagQvgk5cZyySwpOTAgak6WSi/6TpspeaXFM6OoJHc9o+KW3lNLdXDP + YRnUYW0DbEVROIhGPxn+F/xYYO+rAr06bKDLKTUL17BqZt1TMqfCgO81iq8xr1rX93KO6NEsX5/C + PWCs4YPvWY7wKhEqXiIrzNHbwcog7ASlVneY0VcWvNWuy103sCu3e3kEkm1WV5JbByjjbXw7uP5e + 3zVqbpdUO9AaXpSCY8DpTubYjxplw9FqOHpmuF/oTJfJpi/D0KE6Hq7i4f/rpel+jUV0GB2uosNv + 4XDVeRzEq0H8LTy2AH94eArHaB9O404w56s3DRFi92/eIxqyTEOGtPIE6xinElUz5Z+1iny1RzDa + Jzh+aryhtObUEUZN4V7Si/CVWmT2hgyfP1QN1W7JNWjMaTcy9eOJqly2kSPMa3fAZeYlVlfw0HKo + s6Y5a2rw4cmZiwyvmlxVIh1zUwq6bscMjzEs+wb76UavrYYGTNbN9ucIPDo+7gh8t2wbmtkV7Gt4 + vGl4qbnS3K6/soidejB8Ho/zgmZgAqdhOiMcD4Ra9s19tiWyU7XsCG/oPYV0POgSEXQGjrIcaHc/ + 2Yd7yhDtQ2g0cvXIqZmUnJ1yuXjlJGMo3XohWdfFurfLWrY5kUpOcLugMwEXQE2DDN0+eeenV7+8 + Prs9fX0yObuc3E4uLv64wPxwtAwWBC9McyDnyM3SEueXcEOUFGuCc86FM0qsIr9xTcm5hgIHnVQG + Mdv/3LxHOE5e+JGH4Wh+l3g7w4wlz7ikApuJ3dgOmZPtnrXLUVveGucCo+s4AvuaSdjcrko3tP8C + x80K85XQa5Q338RPt47noXELt58pW+A22EGuM974Oml3rf8UcLewBd3eFHefcAkO6kwJpc+aaGai + gl6mkTW264oiY9U0WxUl7qvStl34Uk8/Lc47uf05mHIr4CAhN29pGSXkRKkFB3LNLbKWJZfAKg3k + laDZR5crpioUoyJXxiajcBQGcy5TJMYgHgzf1wbHdSkwyjtFHEiSA/KPmuQ7/PV9rX6J65VjFFTD + 2W+DHFdAxpgPHo6B9Ul06BOHrU0WJ9cTlN3gn95hNKxDdW1hS+gX3GroK50FiErqOsVxOXJoDvBq + P7eFqANv7Lxxdq7kQqrl4yqda5VW+LmdyAzntMCqB1MssvNZlwgDJr+qZc+qPWUqWwPxexKQmyXA + AocaNtb2aG0vBINa8e3Lc3LJqNxzv/4f4jja5PMog8u1sVAYzCAtFUfUHCT1ed0cV6uCcmm4hT4C + C0tl8pmiOt1344n98RZizvJLwhokIYmSGYAkBixZtrCyyHKmgdYcoeWTZc5ZTgqg0qCQNjdaC5ju + OzkDQhlDmoSU3HNKKkQ+0+vSwt8AAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBdbBPpSVFlYog6DY + ShMaS8Y/6o4u//veSYrqeEk3yij5EOgHN5Lvni66d+8uCfYJwXXF9RqILvEt36smjgDdzrmgq+Uw + a1eix8OJgISOBanlLMRM5ql6x5E5kS/DakHcB9594OKEgMH4onR0WXfYsmY/6YhOxhS6qsCldphw + GgDRnAm+9JwLUdCZ7Ql1DH4ICgJ5oxgBgUFYrCGSwaJCgLYibZy5cfprpCHKCEJGpzfXpa5rT9as + yFQ+IP/4k5fNM3WX4WQCmxPje8JK6JhphSs16X67Hd9cuTeXLiquSlPrJJN5yXPKgy5L0oU4drrH + v3BRlqX8iGv4p1gJdomVoL9rIWqWphId94NSYqStWlt9u7W9YCWACrkSPNs37pIEvhWtCAyL55SU + W9WGb0XsRrltU3JRpSmjWtL5G/FSDEkZyvyNhYcUwjmyh/Ts1+QsmrF+Lwmmo74fTQF4ODwNwnBA + dc5ugodXtnH6gsdJAh8oPp0XDK5pSz7ZS0ZGX20odQp4qHJqm2If09REQRj0eeDzXpicDuJeHA2D + eBQlic8Gs4CPzpMzZeWoNz4Kv+BPv+emTBjWdF39UeFVhVsjIm7oERN7WTVdLmIKmZsxVlDE8L4q + DJBxePx85Q68TBD+dnO6/4jb3e3+I253x/uOGNST6IbOSLWm6rkywx7KJyJr3TRq+rqDZMP2iyqX + 6OLvQEXx/CXxaEaDVZvJ5MdMpozKyw3jHqjg/b/0AxW8B+IDFeykAisoAPFeZ9wzjXfNsw+7smRm + ON2WJbtmQb6dBbUX7GylvWCVGhePi1wKrYVMq1mZXyH0v/+EVKbawvP60ZDdGwiu8QPKh7Xdk07K + nq55US3JcMO3auzzclxqHI+y/H/TRG3MGoUvdELfpZqLrEeANM+kaQO5tEA20YYbcM0LKjyr1eo3 + AAAA//8DAAfBXN35GgAA headers: - ATL-TraceId: - - 7118877cc6dd78aa - Connection: - - keep-alive + Atl-Traceid: + - f87fcf7192e1e40c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 189c4d92-d8bf-4c3d-9e0e-4eec257d5f0a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '469' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7a8f6ee1-db9c-4410-ae82-c6ffeee76851 - x-envoy-upstream-service-time: - - '115' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml index 44e43ce3277..f868e7c1cfb 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,169 +10,62 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ+pGSm+hBRVah3ZOIJOkUK2lS2lRYlv3vJrj4cRveeZ55 - mRPRasXDYokk7yHMq9ztehzQhN5/eKqCVes6KkcdBpKRT1zW0bsIMwBGgULe7q+f27un7ne73yYd - JyJfEpRBBq8Z6XG2/jihC91xxnjgxvqtj5LeRtt/K0QmoRKX8FaFBHLgLIcy56JjpQQmi5ICwBVw - gOivuMTebpz+sU3HuCyYrBpas+qHNdO9G3wEBW9EXQ1amQILhTWYoRa17rUSMBgAVZZCaCz+FASb - Gh7GRZH0zqA2Gx69USk+EXuZCLq3Q0vO5y8AAAD//wMABn+iSVoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNtbqIHFVmFdk8ikrYJVtKkNKmwLPvfTXHx4za88zzz + MifopFeHxYCA9xBmL3a7QWnVh8F9OCKDkd6P0hKrAiTwqRY/OhthikgJEkyb/fVzc/fU/m7369TF + CcTLBiWY4GsCg5qNO07KhvY4q3jgxrh1iFK3jmb4VkBEgWFxCW9l2ECGjKVYpZS3WAnkghUEEa8i + idH3aom97Tj9Y+sWUdCIM1Jn9Q/bT/dWuwiWOeU601pnvGKsxKxCzAvJStpLHMqe81xhVv4tCGZr + eBgXCds7Wq4mPLpebvEJzGUCZd8ODZzPXwAAAP//AwA7NM19WgEAAA== headers: - ATL-TraceId: - - a957a0fd2ae53c1f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:31:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - bd6441e8c8b826e3 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 09e51177-dea6-4d3d-b285-43579fb15eb9 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 28fc1c3365a0f4ed - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5c01ea23-f3cb-4b9d-b085-35b9b0f7c08d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 484ce6cf-56c8-4fc7-ae3e-e61397f6603b - x-envoy-upstream-service-time: - - '67' status: code: 200 message: OK @@ -194,49 +87,55 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11073","key":"NTEST-884","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11073"}' + string: '{"id":"11767","key":"NTEST-1429","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11767"}' headers: - ATL-TraceId: - - a86750ba361deaa6 - Connection: - - keep-alive + Atl-Traceid: + - c5ebb66b64559a0b + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a726736a-e6cb-4126-acab-c62c140e5109 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '634' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e751882e-5825-420f-a01b-284841639cac - x-envoy-upstream-service-time: - - '385' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -246,84 +145,91 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-884 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1429 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4KA9susV9uJbaDosiQdumVpkabdh2EoaPEss6ZIgaRie1n++46k - ZC92HKQuECDi8Xh3vHvuOfo+hFVNBA0noQJBQQF9x4BT3ROkAt3TxRwq0pM1KGKYFLoHlJkKDOkV - cyJK4LLs3YHSuAf0BmoFGoTxumEvZNZylqWnfVxo4DNczo2p9SRJKMygMFR+kzExnGjNiIgFmARt - mITULMkTpnUDSWdgAWs8f317+ek2Go0GKJm5YMPJfajRaaMLYqCUau2Do7jCA3maZ1E6iPLRbZZP - +tlkOI6zUfZTmqepjdH6MOsanJkjY7TnkyxNvUV363ZBQReK1TYjKD0LpqwMGg0q0AYDDcycmEAA - UB0YGUwhmCq5ABFQuRRxcK4A70CD6Tr4jSkSfJIzsyQKgggVAiFNYOsRSBVQ4GAgtt4LKT4r/pJb - sIqUoBN7Qm/voROoWRHruxKtWRygqUuU2BI2U0P0IpzMCNfw0AsNQ5jUWPJwIhrOe2Gt5Dd0dmQu - 29NPZ/J/5d8G9lkwY9CARVt7+hbv8LvT1W26bOSsqjlDvNA2+F5I7oghClPlADQYrQajl4SroWgU - dKF6I29rRt+4OF97wXu7HKSn6DkfrPLB0YY1+wfe6Ipw/lq3/5/xlZ2sspMf87XqnLUfz3jr56t+ - /mPeKsRvU6G39uOgt4cH2+2rL55rsGJ//Y0VLEsFJXbIHgwRU5I3vum8pGiw4SpHGF/RQ356aGO0 - b8MTiZcupVo4MgwnUdayh0WwYoV3d78ns/jC8PVcNpxeMF1zst620JIYZFlPYt/fMZ4hN5yYeGvK - toP7PJeNzYqL9E8rYKIMJ0Y11jXaNF8YLG1TtMnwhPMka47icX/YseZu1tJD6cwObeSHNvpbLmFS - MbM+MjXd8cTOjmNZsTXCUOAh+pgX/3Cyjqn64cP+dU6663AyBcs1Frk7SrZpn0xGdgim2chmZU60 - ZeYrJhZubl9Abce4KDp8OdQt3d5GIqS4xKlBphxugGiPWdV+hR+vPv/6/vrr1fvzy+tPl18vb24+ - 3OD9sL80pgUVbucQfERSFSawfgOmAyn4OsCGZdwatYPMTauPCirMjht3OnYtvHuLMRpM/2VpOhh/ - m4R+nmAFsQTbjnvU5ViMkgnCd5XaR0ibXtcVHKPriAKrW+KU7bSb2rb0C2DunxVHAtAf3gyzxy+B - 78PkFnG/kGKBr64Ocp1x7+u8ff/8UMDdIyrJWyd5N3sFLG3rSy7VtY9myhuISoV8tgnwVgYX0hdb - VjW+C4Vpq/Bc/R4nZwmwQEiBKBFzleX1fegcYpwse6GB/MgseTuupz64gG2FsYMRhATTsUnBtkK4 - +QT2kefCcr6KHC9EGPa+yqC7o02dUVh6R992muyqDg+kIz24cYhz0g3nuLntCPhpxc2oJMaQYu7y - vD+Yd0u9a2W8cddUFbHgfbp8djRJdWTRLAe9JUVhxyE+KoYzMujTbDoapMMpBnF6Os7y/MR20kYJ - PTyjhr+LGD+jFH0gvMNtDFH7zPlZLomuY6lsrz7/1vTvoxj7yKnF2DiJ/0yGWZ4NIEuhn9PxSdEv - hqdZMRpSmpKTWQajt/SNs/Kqf/Yqf4d//lxUEdGmLoq8SMeNjpaYkSiPMUQa182Us+I/AAAA///s - WLEOgjAQ/Rd3tHFwN8HdODiwEW0UYygphZgQ/t13vVKlkcQYowxsRbjrK3jv3jt6ZVGRpiW9McRn - ENQZGgWW8TZazYuc8IcidvyIQyk8fsShnB47YpDQkcWsawaxrQFQ30Wh97MPpHoyWS1ZczKRJWgK - eHxTaQXXnIBiDudH4ZF9w11fybSP852uj2hZKG3kRAV/+OgTFfwC8UQFg1QQqgfIwFnTUkynOYD9 - xKXY0EjIrQU2VCaF2hYvsgy5VDHkUoV3qeENr9lkXmda5ayKnMqt3FCSL99BWivzteEA5/I5sREM - 5F5ZJ9SNI/DXYsRNt3Ss+/H+dny76PLCSqa3nSyrKyV+Oqv1MNqsDZ+b5izkc+jk/vd+8LIX7QIs - 2rZt7wAAAP//AwCwS0/X2xYAAA== + H4sIAAAAAAAAA7xXbXMaNxD+Kxp9LXAvYIyZyWRSm3TSOo7HxumHTscj7pZDQSddJZ2BuP7vXd0b + 8QEZm0zzjdOu9vXZZ8UjhXXGZEzHVIOMQUP8noOITUeyFEzHRAtIWUdloJnlSpoOxNymYFknWjCZ + gFBJ5wG0QRnEN5BpMCBtpRvlxqp07gzeB74f+D0N/+Rg7HSTwbVmkeUR0A7lzn8QnA5P8cOAmOPn + wtrMjD0vhjlENlZfVI9ZwYzhTPYkWA89WY9l3As9bkwOXm1gCRu8fzWd3E67wSA8w6MiBEPHj9Rg + bLmJmIVE6U2ZQ4xfeCP0w7Drj7rB2dT3x8Fo7Pd7w77/ix/6vgvSObEYeGHmyCDdfQ9LUVos0q4+ + YjCR5pkrHJ6+IzOekNyAJlhCvSF2wSyRALEhVpEZkJlWS5AkVivZI+caMIeYzDbkd64ZuVVzu2Ia + SBcViFSWuLYRpUkMAiz0nPdIyTstXpIFT1kCxnM3zDYP40HGo555SNCagwuamuCJ62E+s8ws6XjO + hIEOXXDEj44Wm0t4AHQZPHWo5QiwDMFCxzIXokNbaOn7tSDT6gsGdmTdq9v7q/4NVrZJ3EluLRow + tPHtAPtHoWuq0roseZoJjgHHTaLsgVmmsawF2Aaj9WD0ynBzyd08MXFf2vIeOKy8Ajd1JpUg8Ae+ + w3s4WIeD/9fLW8O/whuTMiHQYTBcB8Of4XBde+yH6374MzymOCd5Sp+eduEYHMJpWAvmfP25pELs + /l9/IxqSREOCk7mDdYxTibwc9r1Ww9NDgtEhwdmu8ZLZytOV0suCxOm4G+Ans8jtJSe+fqhKxt1y + rFea025kip/nKnfZBo43/3QHXCZ0bHUOTxWVOmuaR2UNHnfOXGSoahYqF/EFN5lgm2rM8BjDsp+x + n270qmqUFHiAx8PBsObxdtkammkLDjU8bBqeaa40t5sji1hf9/o/QMeVEY4HJXifE/LHEtAV7fXp + LrDDfp2OYDNwxOWg21YaHiiGI4L9AgQwnYncEWVbNHIFWzDjtsUll8v3TnIBmXuByKhuc9H8VSFr + TqSSE9xkbCbgBpgpoaOrX/T68u63D1f3lx/OJ1e3k/vJzc2nG3SPs2ewYqgwXQC5RvKWlji/hBui + pNgQJAIunFG3XIsNeq0hxcIVK9j09hFCgPNG/X+574/mX8e0Ne3Yk4RLJrDb2K7tFDpZ+6x6P1WV + LwZBYHQ1iWDjE9z8tXaeual+AdDLp86R2CwvN0vz+evkdXDdgvFXFi3xwVijsTZe+jqv3mQ/FHD9 + sPPCyklY73gJK4dEJZS+KqNx4OwmGmmlCXCqyIUqm63SDJ+00lZd+F5PnxdnBbBESIFMEHOp4/xd + 6BzinCB4oYHwyCqVdoqZ+lQE7DqMM4wgZG5W6xJsO4TCPdhHzqDJYt0tKKMb7OHVYHAox5NvZ8Hi + v4BlsRsc27dU/Ua1LWhYx0CUlxS8X/HQGvWbNfpsbNutbd9qdiyzlkWLojsFPkyepsyBd3/73HJS + +simOQ56y6LIrdQP8ZuTORv042A2GvgnMwzq9PQsCMOh60GjhB6+o4Z/6bh4F8fow9D/AAAA///s + WF1LwzAU/S/CHhP7YesURAfTZ/HBh73FJmpla0rabsLof/fko9lWnIiI9qGwh6xpbg633HPPuZcn + OwzEKaMbuWFVSaXStfq1pjUfQFDUkXmNonA6XZWEUXgmwkDEEb9IszhLzsNsmnAesPQ5FNNrfmWi + TOLZJLrDz54jK1a41BFiH1W0qcgGGSERBUROy+ZpCe+BlJGSsUpnDOdzCPccjQLL+T1JaVlo/H19 + PHzEfYE9fMR9gT50xOAabjWlawZzUwOgvjeJ3m/9pq6nGibC6lbLVws0Bbx+2ygJI7EA92Svu8LT + NhG7vpL1Pc4Luz6iRClVLUYq+IePPlLBXyAeqeAoFXipAYgvtuK2esLk1gHiyppBVAefaKFjdjTw + drS/4Y1df8NLM1GscyULK2OcmG3cPNT+/RZSubIRtt3Skd0PCG5vlHvaxYWDY+8PomqWOvDe3cY6 + qHpWWxxrWf/eQMMG80FxFwzrozTOq5tC6JGK9jP6Sg/kEG10ANcdMOlp2/YDAAD//wMAVlNGVn4X + AAA= headers: - ATL-TraceId: - - c3f4597935f58630 - Connection: - - keep-alive + Atl-Traceid: + - 17e3550a23ea2d18 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:31:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e52763f8-0db5-4a56-9b41-84ae98cafd6f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '229' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 84c50b4e-624a-436d-97c8-3463c7eb1ffc - x-envoy-upstream-service-time: - - '143' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -333,174 +239,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtNssuYkeVGQV2j2JSNJOsJImpU2FZdn/boqLH7fhneeZ - lzmB0TMdJgcK3mMcZ7XZdGSpjV34CExHp+e51555ipDBJ01zH3yCOSJnyDCv99fP9d1T87vdL4NJ - E6iXFcoww9cMOhpdOA7kY3McKR24cWHpkmSW3nXfCqhV2MpLeKvjCgoUPMcyF7LhpUKuipIh4hUK - xOTPNKXeph/+sbuGC1UIhchEJX/Ydrj3NiRQip2sttbotqBCU4WtrWRlOqMl2hZRl6WUhoo/BdGt - DQ/9pGF9x+rFxcfQ6jU+gbtMQP7tUMP5/AUAAP//AwCvVZ0aWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTpG1qbqIHFVmF7Z5kkbRNsJImpUmFZdn/boqLH7fhneeZ + lzlBq4LezxYkvMc4BbnZ9NroLvb+wxMVrQphUI44HSGDTz2HwbsEU0RKkGC+29687O6fm9/tdhnb + NIF8XaEMMzxk0OvJ+uOoXWyOk04Hbq1f+iS1y2D7bwVkEhiWl/BOxRVkyFiOdU5Fg7VEIVlJEPEq + kZj8oOfU2wzjP/a6QZQ04QWpOf9hu/HBGZ/AqqDCcGMMFzVjFfIasSgVq2insK86IQqNvPpbEO3a + 8DjMCtZ3jFpsfPKdWuMT2MsE2r3td3A+fwEAAP//AwC4AvLgWgEAAA== headers: - ATL-TraceId: - - 4fd1c664cdd4108a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 44651436c6485c20 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1efbb4b2-c93a-4b27-9f36-32edf943ed2e - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d4b6b7368b038ee6 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7f295bec-61be-48cb-9b95-143b1bdf4727 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '134' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1f4cfb26-0b1d-429f-b636-d5cefd8c2218 - x-envoy-upstream-service-time: - - '61' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -510,93 +309,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - f2e519cc4341a2fa - Connection: - - keep-alive + Atl-Traceid: + - 2bf9b2a97933ef16 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 89f63fa5-944c-4ab9-b71c-54ef8120174b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '166' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 77a84b0e-d28a-4549-a904-827b9ad42e38 - x-envoy-upstream-service-time: - - '65' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2813]\n\n*Defect Dojo link:* http://localhost:8080/finding/2813 - (2813)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/684]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 + (236)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -609,53 +409,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11074","key":"NTEST-885","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11074"}' + string: '{"id":"11768","key":"NTEST-1430","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11768"}' headers: - ATL-TraceId: - - 337a7d2db2e45048 - Connection: - - keep-alive + Atl-Traceid: + - e436f4bac88cbfde + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0aaf8847-f53c-4f9b-989e-583eff7c717e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '613' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 59c98ded-b051-4248-bc88-eb62c48cfbc6 - x-envoy-upstream-service-time: - - '410' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -665,94 +471,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-885 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1430 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2UkdAMaSO22VL08B2GqBpYdDSWWYtkQJJWfbS/vcd - KclOnTpr0wRIxCPv7bnnjrxzYJ1THjuhI4HHICF+zSCNVYvTDFRLRQvIaEvkIKlmgqsWxExnoGkr - WlCeQCqS1gqkwj2IR5BLUMB1ddZpOcxY9n3vRQ8XCtI5Lhda5yp03RjmEOlYfBYdqlOqFKO8w0G7 - aEO7NGdu4DKlCnAbA0vYoP7lZDietPv9P1Ayt8E64Z2j0GmhIqohEXJTBRfjChUCL/DbXq8d9Cd+ - EHaD0PM6Jyf+717geSZG40NvcrBmnhij0Xd9z/OCbdb1IgYVSZYbRFB6SlRG07RFYqY045EmOYMI - iJiTUshlx2hHgl/L9EeiUBAVEtwVg5KuqKbyT8X+hZcZFqnInlWi8/il73X9fr2cYKAvdym3HFNo - 9DWhamlqVMy0+QrnNFXQchobTmiNfG05miExciyyE/ICM3FyKT5jeE9Er9a22NlqNNiZxb2C7yK9 - 5kxrNGD4VWubpP6xZ5WY65JKk5hiWZ4yZEi8lw2CaynT6697/R8Jt4a5dlYjnTMDLP7cx7nnvUDP - QW8d9J5s2JbQsuSZqv8/4ss/XvvHv+Zr3TirPx7x1g3W3eDXvNXkVM3HQW9fv5r+Xr+vpgtW7PYT - VjBJJCTY1w9oiJwSaVG1WSWJCqVFZkfEFD0ELw5t9B/aqEZHJTWNacefE7b9el4YBksWVe7uHsgM - vzB8tRBFGp8xlad0U7MQxQiUfo89a5hZu6AaJ201yH6+h6opuZ2LbmVNmgaxnwNRGJxs7DdGwHji - hFoWJphIAuZquu57c/L45LiZk/uoeYfg9A9tBLuRwYRkevPEfBt111wKPzEuWUYTUK7RUI0RhoJU - lB21SnYj5kKUzSjqOQajvUS6TSIpnYEZJoaae4dMV34XBv8QD/2+wWNB1TBn0QXjS3sVn0FubmYe - NQSytCrt3lbCBR/ixUxnKYyAqoqUsv5yri6u35xfTi/OB8PL8XA6HI3ejTA/bCCFgOCByQLIFU5N - ronxS5gigqcbgh3JUmOUaEH+ZpKSKwkZdi0pFPKrY3t0P4sTNOh9YZ7XO5Ghs9eyCHnCOE2xmFiN - XY+ZvX1Z/a6o4bUkTzG6ZhJgXRMO29NFbnr2B3hcvRSeSL1KeXtbfXu5/xwbd3R7RaMlPqQayjXG - K1+D+knzSwE37yK3eZ4EzeXKwVA9EqmQl1U0s7SAdiJxYO0eB4KciarYIsvxqcd1XYXHavotOB/5 - 7vdownQKRyG5/UBzPyQDIZYMyA3TODA1GdvLg7xOafLF5IqppiKi6UIoHfa9vufOGY9xiLlB3+9+ - shbPLBYY5mdBDEvCI/L/quS5+fubNTAG5BsOFVTE9reiwc0QV9d8yUW5i33w/oH06EqKuMBXzJAn - 2FEZ4uNOEA48d2uTQbvkL1G2tTiQUF4bCD4Rl9yWAEtsP9haO6C1O+B2reKH0ysyjig/cN48m9zj - fq+C7JWkPFq4E5pgnJdY1UpasDQ+P7svGogsY5rgZFrcExvMNkpDpjDtOBcMSXEUWrmF3jA0o4wr - pqGDvAl7ve6hvUNyN0afM0Fl3MC/LcPZjl3G6ymJKhJhlGQGwIkCTcqaURoHXPUkIXNkVYuUCxYt - SAaUK9yk1YnaAuKHFgiNIhyQEJMVo6RAzkdyk+OEwWOcQ3XNd0woI6Qezs4IwoZyZVl2RElV3hEy - cZFwsO7ki9xyArk3nQs5rZypKdX4aJgVWJrp83c3p+Or9vhtG+8Yy8rr0UVl9DFg3gImGYfkzXDy - keMYx57VIEMi8lX0kQ9XzNweGNwYdLvqtGbPOPgPAAD//+xZbWvbMBD+KyZQaEvt2E7sJIPRha2D - fdgoK2zQb4qtNmZ+w7LTjSz/vc9Jipq4cTa6UfIhEIIcSXfn0+m55y7/oCDOkrhLgZrbo6BbLK1Y - JPgWykddKp6vk4HxGUn9XlagFBff5zynm20xc7wFClTYgYAgY5IFt5IcJ5LJPVZRUfpjmBWUfZD5 - fvD8guIjt3AJFKWzWPrAflGgWSWTQdIIHKyFyNmIExShOU8d6yoXFHkmzjYikXRRoEK/tk+sDSR5 - okGU7rRTRt75p6xkUU3v+aWwEvlgAUrIXdL75zc1LwVl74oriOFqsb7ZJnTlzQXe2aE3hNOmN+9t - b6AdirK+qOhkgGanDAebn1mnZ79xmGldvAGWPCeHXhc59IabGb+ukPkkGSW23F4adMhwOye6KJdr - KJd0vWSeuxeaUmCLtbQzW3vXxOyqaxbNCZBVehRNljHK3b0/JTryITHxonphoidGdgnMIq6PGiq4 - Y8NB7M3GQzeYwcbRaOL5fki8wiyChj3LOB3wNI6hA8m+92SDrau6dwbiSOje0lpFvANWIZdJgFHD - fuD53pB7Lh/48SSMBlEw8qJxEMcuC+88Pr6M30opJ4Ppif8RH7XPzliuc59tq5+E0wj7AR6xfYeC - 3SmbWZpE5DK7ZEyQx7AfN6tOQJsx/HBth06Zk/3tmv3wLW5X/odvcbt7cOgWA5NiVbtrarxJMq91 - 24vuE4GzKqgVrt0CX7H8qqmKkvdvgTjR/OniUbcKs+Ymkx7dd9OsutKIe4SC1z/0IxS8hsVHKOiE - gja5AJXqLVe0Z01JYPu9uopL6oDrsQuFRc1SjHZI6WrKuaYp154wTa72hKFwPF8kVZEruqNr/kb/ - 66Ie/8bSRVH/t86nkmVkQhHKwW+F7Autu68ILWXxcj3UqPti/fL/qf5a7kUvYz+/ctGkJHjjXWVH - p6qntXpvaitT14fe3Py+vdnf2q03SGtXq9UjAAAA//8DAKC/mmq8GwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdh1XAHD0MXu1i3IgsRJgaZFQFNnibVEaiQV22v733ek + JDt16m7JsCKAI/F47889ug8erCsqUi/xFIgUFKQvORSp9gUtQfua5VBSX1agqOFSaB9Sbkow1Gc5 + FRkUMvPvQGmUQXoBlQINwrR3Wa2NLBfW4G0UhlHYV/BnDdrMNhWcK8oMZ+D5Hrf+o+h4NMYXDcUC + X3NjKp0EQQoLYCaV72WfmoJqzanoCzABejIBrXgQB1zrGoLOwBI2qH82m17OetFwEOKRC0F7yQdP + Y2y1ZtRAJtWmySHFN9SIwzjuheNe9HwWhkk0TsJn/eNn0Q9hHFobzonBwJ2ZJwZp9QMsRRhv025f + UtBM8coWDk9fEF3SovBJyrXhghlScWBA5IKspFr2rTaT4koVj4yiFty2ixa39I4aqoI7DqvAhbUL + sBVF4SAa/6T5X/BjiW2vS/RqYYEuZ1Qvba/qubFPyYIWGnyvUXyFeTld38s5AkexfHMKd4Cxhp98 + z3BEVoUo8RJRY47eHkywYwcEUSeolHyPqT6xE62264PrbNcH+3IPPbt0rwQ3Bg1ob+vbQvh3d1fL + hVlRZYGseVkVHANO90qCjXLwG47Xw/Ejw/1Ky7pMtg0bhscYRjxcx8P/10sDCwdSdBiN1tHoWzhc + dx4H8XoQfwuPLfI/fXoIx7iD44KvrxsOxCbfvMOmZ5mCDGnlAdYxHFnUzZR/EeTx8SHB+JDg+UPj + DaU1p5YwHHt7SS9qecxWRXHWxPHhwZnFKiasc1kX6YTrqqCbFtF4jOU111g6i/LWBTX4oWgI9vHz + 2ND3jrCDxpyy0+YeT2RtK+iCf20PuMi8xKjaRsMUYLJ2hL9E4IPjLYHvl+0QzcRbmtkXbBu+Lxjs + iIlLxc3miZXo1IPh4wielzQDHVgN3RnheFDIVV/fZTsiO5WrjvCGnmvlHCwzWdDuf61HB7KNDiE0 + Gtu0c6qnFWenXCxfWskEKrtZCNYhyOFq5WTbEyHFFBcLOi/gAqhuUKnaJ+/89OqXV2e3p69OpmeX + 09vpxcUfF5gGjpbGvPHCLAdyjhQsDLF+CddEimJDcJx5YY0SI8lvXFFyrqDEeSa1Rnz1vzTWEY6T + F37kYTjOjhOv+V5hi7DGu5n6bMCx2hkXtNi/1O5FbXkdyguMruMIbF8mYHu7ruzQ/gscNyvMExHW + KG8/fZ9vHY8D3Q5VP1O2xEWwQ1ZnvPF10u5a/yngbmELur0p7r7UAiyimSykOmuimRc19DKFjLVb + VySZyKbZsqxwVRWm7cLX+vd5cd6K3d/RjJsCjhJy84ZWUUJOpFxyIK+5QcY05BJYrYC8LGj20eaK + qRaS0SKX2iTjcBwGCy5SJLEgHozeOYMTVwqM8r0kFiTJEflHTfId/nzv1C9xvbLEgWo44m2QkxrI + BPPBwwmwPolGPrHY2mZx8nqKshv81xtFQxeqbQtbQb/kRkFfqixAVFLbKY47kEVzgFf7uSkLF3hj + 59rauRJLIVf3q3SuZFrjV3UqMpzTEqsezLDI1qcrEQZMfpWrnpEHylS1BuJ3JCA3K4AlDjVsrR3Q + 2l0IBk7xzYtzcsmoOHDfbnbB83ibz70MLjfaQKkxg7SSHFFzlLhz1xxbq5JyobmBPgILS6XzuaQq + PXTjgf3JDmLW8gvCGiQhiZI5gCAaDFm1sDLIcrqB1gKh5ZNVzllOSqBCo5A2N1oLmO5bMQdCGUOa + hJTccUpqRD5Tmwp5Bu8JgZDjfwMAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IF1sE+lIUWViiDoNhO + ExpLxj/qji7/+95Jsup4dTfKKPkQyAcnku+eTrqndxdsqdNAdIldvpP1GwG6WcWcjpbFjF2B8g4r + AhJaFhSVteZLkSXyHUtkRL4MozlxH3j3PuYnBAzG14WlJIXFNhX7SUu0UibRlTkOtcW41QCI4ozH + G8e64Dmt2axQxeAHpyCQN4oREGiEeQ2RDOYlAvQi0saaG6u/QhriGkHIaPX6uFRV5YiK5anMB+Rf + /Oikq1SeZTiZw+Zc+56zAhpqUeJIzfvfbqbXM/v60oZCkGlqnKQiK+KM8qDPomTNj63+8S8clE0h + PuIY/ilWvC6x4g3rAWKyAjX1vRRHJN/aU4MOG27ngJEAMuRS17w8sUsSuF2i1TWidecqbVMwwsnC + FaWyouu8TBJGd0nvb8RLMSRlKLI3XjykEM6RPaQ9v0ZnwZINB5G3mAzdYIEFjMennu+P6J4zk+Dh + lWkxbfA0iuADl0/vGYOtq49P5pCR0VfrRpUCDm45OU2yj65dAs/3hrHnxgM/Oh2FgzAYe+EkiCKX + jZZePDmPzqSVo8H0yP+Cj3rPThjXrGnb6qfcKXO7QkRs3yEmdtJysVmHFDI7ZSyniOF9eTFAxuHx + 88weOSkn/O0adP8Rt4vY/UfcLoL3HTE4KVLFpJZqTdUz0z0dyicia1XgKV67hWTD9IsyEyjWb0FF + 4eo58agVg1GTyeRHd6a0yss04x6o4P03/UAF74H4QAWdVGAEBiDeqYx7oi6ufnZhVxRMN6fbMqWr + F+R29YJc0wtqDxilFvOHdSa4UjW61Cz1vxDq6z8hFYmy8FQ/arJ7A8E1/kD5UNs96SXs8SrOyw0Z + bviWhX1WTAuF40EU/6/zp4wZo/CFSui7kH2Ruv1I/UzqNpBLA2QXrb8DV78gw7Pdbn8DAAD//wMA + SMnkJPQaAAA= headers: - ATL-TraceId: - - 90e06f4a175c3c12 - Connection: - - keep-alive + Atl-Traceid: + - ada9414a7789ce57 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0fb8def1-e773-4c0f-b13a-0eee3ea4d706 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '220' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ba67598e-c1c2-41fe-8c82-3fe62e133d6a - x-envoy-upstream-service-time: - - '165' status: code: 200 message: OK - request: - body: '{"issueKeys": ["11074"], "ignoreEpics": true}' + body: '{"issues": ["11768"]}' headers: Accept: - application/json,*.*;q=0.9 @@ -763,51 +574,57 @@ interactions: Connection: - keep-alive Content-Length: - - '45' + - '21' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/11073/add + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/11767/issue response: body: string: '' headers: - ATL-TraceId: - - 3e3d1bb837eb87da - Connection: - - keep-alive + Atl-Traceid: + - d6f741b72d003518 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ebdf5005-b34f-4f75-b508-084815d813e9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '511' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9870cdd4-286a-4950-b156-c1646980a00f - x-envoy-upstream-service-time: - - '380' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -817,94 +634,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11074 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11768 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSjpVI04lBt3HHGKJlSGNT5SavqdfEjmyHtLftf79n - O2kZrNzGQIL42e/7533sLx6sSspTL/Yk8BQkpK8Y5KnqcFqA6qhkAQXtiBIk1Uxw1YGU6QI07SQL - yjPIRda5AalwD9ILKCUo4Nqd9ToeM5bDMHg+wIWCfI7Lhdalin0/hTkkOhWfRY/qnCrFKO9x0D7a - 0D4tmR/5TKkK/NbAEtaofzYZjSfd4fAZSuY2WC/+4il0WqmEasiEXLvgUlyhQhREYTcYdKPhJIzi - fhQHQe/gIPwziILAxGh86HUJ1swjYzT6fhgEQbTJulmkoBLJSlMRlB4SVdA875CUKc14oknJIAEi - 5qQWctkz2onglzL/mSgUJJUE/4ZBTW+opvIvxf6FFwU2qSqeONFJ+iIM+uGwWU4w0BfblDueaTT6 - mlC1ND2qZtp8xXOaK+h4rQ0vtka+dTzNEBglNtmLeYWZeKUUnzG8R1av0ba1s91oa2cWtxq+jfSS - M63RgMFXo22S+seeVWKuaypNYooVZc4QIemdbLC4FjKD4Wow/JlwmzI3zppKl8wUFn9u13kQPEfP - 0WAVDR5t2LbQouSJav4/4CvcX4X7v+dr1TprPh7w1o9W/ej3vDXgVO3HTm/fvpn5Xr137IIdu/6E - HcwyCRnO9T0YIqZEXrkxc5KkUloUliKm6CF6vmtjeN+Gow4nNYNp6c+Lu2HDFwbBkiXO3Zd7MoMv - DF8tRJWnx0yVOV03KERxTTXyqqOtX58Yx4kbFvSdNWnGwX4eicpUxUZ6ZQSMZ16sZWVco039HunC - DEVTDAmYq5m6H/Hk/sF+y5N3qxbsKme4ayPatdHfcgkTkun1I0vTqvvmtvgFHmUFzUD5RkO1RhgK - clH31E225Z5TUbccNfBsOWdgyMRA805SZip/mG24C4fh0KS9oGpUsuSU8aW9io+hNDczT1oAWVjV - dm8j4YKP8GKmsxwugCoHStl8eeenl69PzqanJ0ejs/FoOrq4eHeBaeAAKcwbD0wWQM6RNbkmxi9h - igierwlOJMuNUaIF+ZtJSs4lFDi1pFKIuJ6d0btZHKDB4CsLgsGBjD13YWCLsMbbkfpujLHaGeM0 - v3uoeVc05bWwzzG6lgmwfRmHzemqNDP7YxyHvWf9DY7dS+GRCHPKm9vq+8v910C3RdVLmizxIdUi - qzXufB01T5rfCrh9F/nt8yRqL1cOBtGJyIU8c9HM8gq6mUTC2j4OBDkWrtmiKPGpx3XThYf6931x - PvLt796E6Rz2YnL9gZZhTI6EWDIgV0wjYWoytpcHeZXT7KvJFVPNRULzhVA6HgbDwJ8zniKt+dEw - 7H+yFo9tLTDMz4IYlMR75P9VyVPz9w9rYAyIN+QOVMQpt6KjqxGuLvmSi3ob+9H7e9K9cynSCl8x - I57hRBVYH3+C5cBz1zYZtEveiLqrxY6EysZA9In45LoGWOL4wcbaDq3tAb9vFT8cnpNxQvmO8+bZ - 5O8PB65kLyXlycKf0AzjPMOuOmnF8vTk+LboSBQF0wSZaXFLbGq2VhoKhWmnpWAIir3Yym3pDUIL - yrhiGnqIm3gw6O/a2yX3U/Q5E1Smbfk3bTjeost4PSSJAxFGSWYAnCjQpG4QpZHg3JOEzBFVHVIv - WLIgBVCucJO6E40FrB9aIDRJkCAhJTeMkgoxn8h1iQyDxzgHd833TCgXCD3kzgTiFnJ1XfdETVXZ - EzLzEXCw6pWL0mICsTedCzl1ztSUanw0zCpszfTpu6vD8Xl3/LaLd6JF5eXFqTP6UGHeAiaZxuT1 - aPKRI43jzGqQMRHlTfKRj26YuT0wuDHorpu0ds84+A8AAP//7Flta9swEP4rJlBoS+3YTpyXwejC - 1sE+bJQVNug3xVYbM79h2elGlv/e5yRZTZw6G90o+RAoRYmku9Pp9Nxzl39QEKVx1KVAze1R0C2W - Vixj/BfKR10qdtfJwPiM3H0vK1CKi+8LntHLtpi53hwFKuxAQJAx8ZJbcYYbSeUeKy8p/THMCso+ - yHw/eHZB8ZFZeASK0lkseWC/KNCsgskgqQUu1kLkbMQJitCMJ451lQmKPBNnG5FIuihQoV/bJxoD - SZ6oEaXP2ikj7/xTWrCwonN+ya1YfrAAJeQu6f3zm4oXgrJ3yRXEcLVYv2wTuvLlAu/skTeE02Y3 - 721voB2Ksj4v6WaAZqcMF5udWadnv3GZSZW/AZbskkOvixx6VBc13JVYGiWQqkQClCyVSHN7R9Ah - yu2cMMxLOlrSyecXdjEx11QEW0SlneDau6ZmV1WxcEG4rLKkqNOUUQrv/SnfkSuJkOflC/M9EbNL - QBcVASilgjs2HETefDJ0gzlsHI+nnu+PiF6YRdCwZxmne55FEXQg5/eebLB1cffOIB0J3Vthq8B3 - QC7kMokzatgPPN8bcs/lAz+ajsJBGIy9cBJEkctGdx6fXEZvpZSTwezE/4g/tc9OWaZToG2rr4RT - C/sBHrF9h2LeKep5EofkMrtgTJDHsB8PrIrBnjH8cG2PnCIj+9ul++Fb3G4AHL7F7SbCoVsMTIpU - Ca8Z8ibXvNbdL3pPhNGq0la4dguYxfKruswL3r8FFIWLp4dHTSvMmpdMenT7TZPrUgPvEQpe/9KP - UPAaFh+hoBMKDPOAiffqxa2o363HLuTmFUsw2uVMLuhXb7Xu7U509ebcrt6ca3pz7YlhM8GzZVzm - maI7uvSv9Y8v6uPfHGGZV/+tJapkGZlQhKrwWy7bQ00TFqGlLF41Q426L9Yvf6bqN3Ivein7+ZWL - OiHBG2eVjZ2ymlXq3NRdpuYPndx8v73Z39qtN0hr1+v1IwAAAP//AwAx4JwDwxsAAA== + H4sIAAAAAAAAA8RX224iRxD9lda8ZmAuYMBIUZTYbLSJ41g23jxEkdXMFEMvPd2T7h4DcfzvqZoL + YGwi2d5s3pi+VFXXOXWqePBgXXCVemPPgErBQPpBgEytr3gO1rfJAnLu6wIMd0Ir60MqXA6O+8mC + qwykzvx7MBb3IL2GwoAF5ZqzSWmdzudk8C4KwyjsGvizBOummwKuDE+cSMDzPUH+o2g4GOGHBTnH + z4VzhR0HQQpzSFyqP+sud5JbK7jqKnABenIBL0QQB8LaEoLWwBI2eP9yOrmZdqJ+L8SlKgTrjR88 + i7GVNuEOMm029RtS/MIbcRjHnXDUiU6nYTiORuPwpDs8ib4J45BsVE4cBl6ZeWOQdD/AVITx9tnN + Rwo2MaKgxOHq98zmXEqfpcI6oRLHCgEJMD1nK22WXbqdaHVr5CujKJUguLi84/fccRPcC1gFVVi7 + AJutKOxFo++s+Au+zRH2MkevRAt0OeV2SViVM0e/xnMuLfheffEjvqu663sLgcQxyWJzAfeAsYaP + vldwpJqjLG5xHz6DLT59LxXI5h7uZZ5zQx5WAEu5YaAynkFOkfgNK94IbH25QpV48hTI1wG1S/AP + PFlibe2zhIzXvs4a+r4r4LYGgpaKcYuBghUuJVpqc1lHM5MldDLDN3sM0Oxce4+EpxHaCPfWaNrr + Qe91uRI54mcDumFbIwIXaqp27T0lrwn2l5a+VTJ73uOXLudKIPaBOiznmchYacEwVESzYW7BHVMA + qWVOsxmwmdFLUCzVK9VlZwYQnJTNNuwnYTi70XO3wqphHTzAlHaMVJhpw1KQ4OCVcvAkc9t32AAK + kTzN2wRXiHUHZX5Y1dEj8cAJ7BhFVdqqRO3yDuQflfjIRtRuFEZ/xpjfCElz+2VA9uRl975bJZxD + A9bb+qbW9HN11jZZpwSIvJACA04PpA4zXslGf7Tuj14Z7r9IcfuSrRD3Q5KzuL+O+/+tl1ruq+aD + DqPBOhp8DYfr1mMvXvfir+Gx6WhE3EM6xi0d52L9qZ5tEOTf/0DQs8xAhrX5jOsYjpZlXe4vkjwe + HtsYHds4fW68HlXqVRoEqqnMG3eiRtAoK0YkdRwPz9aIq/hgu9ClTM+FLSRKes1oXF5xh+PeW9tg + 3Xl3Y1dQmzNUW9XPM11SvqpQf6MFoTJv7ExJvtGo+4SwUYU12ahF0Ht5MOsNt4PZYdqOyUy8lZnD + jS3ghxu9nTB9mR7Xf4dS7/U4qVdPhfpCU8uuBK9P3U3yGZAyEWkPp/DBkddGxxgajejZC26pHVwI + tfxAO+dQ0D8GlbQMqni1qva2K0qrCbYqPpNwDdzWrDTNL+/q4vbHj5d3Fx/PJpc3k7vJ9fWv1/gM + LC2L78YD0wWwq2pcZOSXCcu0wuENy1lIMkrds2qRVwZyrOeqx9ruS2UdYTl54d8iDEfZcOzV/Qoh + whzvaupJgWO2M6G4PDzU/N9p0lvxXmJ0rUYgfBm29vZ0WVDRvszjQfdk0G95/D8Nof8AAAD//+xZ + f2vbSBD9KkuhkIRIluQfcQylZ+qUuz9KzbltIEkJa2kd6SrtCmkVXbh++Huz2siOEqWllJJCSIgd + a3Z2Znbm7ZvxPa3brPqNSGioshwtqNT2FB47v7vBuZDbn4MPiU7FwYydn/Hcn7E3Sn1JBDtNNBBT + s5UIK7Cwtym/+kq+wtVUhTyNValnU2/qDTaJjABrg2A4+WwULkwoYOU/ilGSzA7YN1eyPfzZN8tX + IFgEHFiGErdGLirBFvAHHy5E6DJ/csgot1ov3pye4Nk5XpyJPzKm0rGEtXCzRBfCVcXVAFnJ6aQS + cCDK5gFE3VhnqTG80fOJ9HyUXyRo6U6UloWKKtyqJ20PNfiAINOeJkQwmP2pakernjDlVkHwmQ3Y + +b2OrGfVVmAwNAvP5ku2CrnskSdmNzgOWn92PFjdlFpkJTyIcpUgaw5m5nNzOBSrjCeyTECtkVgI + VRmvFS+iPol7+hfbFCPNcxY2mQQQBdsH0S+FZrVNKw2UK5vU2iC1DlkdJ2HMMsFl2XQKJGE1wN0L + iYaBhyFgEk3CdcJZhcwPi5ucmgYUuhTNbe/uWPQOp3xl5jJk0GksJKUW461eJTV5BEvILTAqlsiN + KjKzhnoNgC/H05KwD7iLduWQDINy9CINpWA8rfkNuchybqyrSiQ145LtGBhzWJi67ESW5HPrYROD + C0lBoN0oRrDAWljemkgKywoBetDSHZ93vP8bZYhrBCEj72261HXtqpqXuakH1J/4183j3OQyNrmE + zku79yXX4FDrCil1uff+dL5aOqt3DhiCKdN2k1wVWhRUB3s8yhK5z/b2vyJRUq1mSMP7ZMXvIys+ + 8fw7w5CuwPh2JUGdLgDVhk8Rv+uIeq1o90EfFfBaKmDOxBCfhwVb8ooA8TA285SHWIfXktk7V2wX + mrdjmm8BMEWEGKIqfvACIqbwGlVErPSv6NV4w0fDyF9PR954DYOPjo79IJjQfdcKYYdHxAQd9DyK + sAcuoRdbGxzbhfzRJhspfbR/bErBxW1nxAwK2R5m7Af+SPieGAbR8SQchuMjP5yOo8jjk40vpq+j + V0bLy+H8ZfAWv806J+PSoqfjNB+VblU6NSLiBC4hsptX6zQJKWROznlJEcN6c0GAzuHtYulM3FyS + /d1e9Olb3G1mn77F3Wb4qVsM6ImaptJStl32s7SzHaonAu2m9Wvg6wzUDeInVaHQtJ8BccJ4W3g0 + ksHTtpJpHzuSsmyvsMj7DAW//tCfoeBXWPwMBb1Q0BIKmHjVVNx/NM217z3oVZrbL5+6tKRvJuT1 + zYS8dibUfTC6fSDkdVIo2XAh23JW9lvG5t/vsfRa6Z83i2uUtUqxEzqRT4rmEv8DAAD//4IP/wGT + EMTJ1TAmtHQl2wHgGVl9mLk6SrmJFUGpxaU5IIORPAseUSgqcSyBeBw0rgkadQB5HS6OqtkIRTdU + A9i1tbW1AAAAAP//AwAa1PR11B4AAA== headers: - ATL-TraceId: - - 6794c54437a52f94 - Connection: - - keep-alive + Atl-Traceid: + - b803fee87eea541b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 57e533a0-1cff-4732-b4e3-e07d645f92a3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '214' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9ffcbc43-2cfb-47c4-ad3d-be317a6f7b6c - x-envoy-upstream-service-time: - - '198' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -914,174 +739,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2m2W3EQPKrIK7Z5EJGmmWEmT0qTCsux/N8HFj9vwzvPM - y5yIVgEPiyWSvMc4B7nZGBywj8Z/eKqiVSGMylGHkRTkE5cwepdgBsAoUCjb/fVze/fU/W7366TT - RORLhgoo4LUgBmfrjxO62B1nTAdurF9NkvQ6WvOtEJmFrbiEtypmkANnJdQlFx2rJTBZ1RQAroAD - JD/gknq7cfrH7jrGZcUlcCoY/2H76d4NPoGC70SzHbTqK6wUNtAPjWi00UrA0AOouhZCY/WnINrc - 8DAuiuR3BrXa+Oh7leMTsZeJoHs7tOR8/gIAAP//AwBhp7LkWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2ibd3EQPKrIK2z2JSNokWEmT0qTCsux/N8HFj9vwzvPM + y5xQL4M+LBYJ9B7jHMRmo7TRQ1T+w2MZrQxhlA47HVGBPvUSRu8STAAIBgzlfnf9vL976n63u3Xq + 04TES4YKKOC1QErP1h8n7WJ3nHU6cGP9qpLUr6NV3woSSaDQXMJbGTNIgdIS2pLwDloBXNAGA8BV + IiH5QS+ptxunf+y2AxAk45hv2Q87TPfO+ASymnBTGWMq3lLKoGoB6kZSRgYJig2c1xoq9rcg2tzw + MC4S5XeMXG189IPM8QnZy4S0ezvs0fn8BQAA//8DAEy0s3ZaAQAA headers: - ATL-TraceId: - - bf1a2b9ec1aa0343 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 87d2f93ac96e2986 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a9e9c033-f893-4e62-8e29-2ba7f1322011 - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 9c5e4a7fe7038f68 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 57558d9c-4c02-40f0-b7b8-105953a5a84b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '134' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 694a7b47-e2d5-4358-9310-f1b4ca34cc88 - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1091,93 +809,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - ef12674449d7f4ee - Connection: - - keep-alive + Atl-Traceid: + - 4b3c53782187edc4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 54db6a45-dc6c-492c-bf77-4d5cd564b900 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '189' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 21ead456-677b-41a0-bf5b-b5945accd366 - x-envoy-upstream-service-time: - - '94' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2814]\n\n*Defect Dojo link:* http://localhost:8080/finding/2814 - (2814)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/684]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 + (237)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -1190,53 +909,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11075","key":"NTEST-886","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11075"}' + string: '{"id":"11769","key":"NTEST-1431","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11769"}' headers: - ATL-TraceId: - - 4a5b819dde79952d - Connection: - - keep-alive + Atl-Traceid: + - 3919525bfa3da5d5 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dfe6c968-87f5-4f38-8955-e3c067f7b94e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '676' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a0d1d7ed-92dc-4e17-88ba-60cb32c2021d - x-envoy-upstream-service-time: - - '518' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1246,94 +971,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-886 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1431 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH5JSoNnOjc0pD3uKGWSADOlnYxibxw1tuSR5Dhpy3+/ - lWwnFBqupTAD9lral2effaSvDqxzymMndCTwGCTEbxiksWpxmoFqqWgBGW2JHCTVTHDVgpjpDDRt - RQvKE0hF0lqBVPgN4hHkEhRwXa11Wg4znn3fe/kCXxSkc3xdaJ2r0HVjmEOkY/FZdKhOqVKM8g4H - 7aIP7dKcuYHLlCrAbRwsYYP7zyfD8aTd7x+iZW6TdcKvjsKghYqohkTITZVcjG+4IfACv+312kF/ - 4gdhNwi9bufF4dGfXuB5JkcTQ29ysG6emKPZ7/qe5wXbquuXGFQkWW4QQesxURlN0xaJmdKMR5rk - DCIgYk5KIZcdszsS/FKmP5OFgqiQ4K4YlHRFNZV/KfYFXmXYpCJ7VplO41e+1/X79esEE321K7nl - mEZjrAlVS9OjYqbNUzinqYKW0/hwQuvktuVohsTIsclOyAusxMml+IzpPRG9erfFznajwc683Gn4 - LtNLzrRGB4Zf9W5T1L92rRJzXVJpClMsy1OGDInvVYPgWsr0+ute/2fSrWGug9VI58wAiz93ce55 - LzFy0FsHvSc7ti20LHmm6v+PxPIP1/7h78VaN8Hqh0eidYN1N/i9aDU5VfOwN9rtrZnv9VWlLtix - m0/YwSSRkOBcP6AhckqkRTVmlSUqlBaZlYgpRghe7vvQf+ijko7KagbTyp8Ttv1aLwyDJYuqcF8f - 2Ay/MH21EEUanzCVp3RTsxDNJdWoq5Vs/frEVJq4VUG38ibNONjHgSgMKjbTa2NgPHFCLQsTGn3q - K5QLMxQ1GBKwVjN1P9LJIAganbyPmrcPTn/fh2AnGUxIpjdPRKDZ7vZ+TS5ZRhNQrtmhGicMDako - O2qV7CTmTJSNFPWc24eFdJtCUjoDIyaGmvcWman8IQz+Ph76fYPHgqphzqIzxpf2KD6B3JzMPGoI - ZGlV2m9bCxd8iAcznaUwAqoqUsr6ybk4u3x7ej49Ox0Mz8fD6XA0ej/C+nCAFAKCCyYLIBeomlwT - E5cwRQRPNwQnkqXGKdGC/MMkJRcSMpxaUihkXMfO6P0qjtCh9415Xu/oS+jcG1mEPGGcpthM7MZu - xsy3+7b6XlHDa2mfYnaNEmBfEw7b1UVuZvYneFzdFJ5IvWrz9rT6/nD/NTbu6PaaRku8SDWUa5xX - sQb1lea3Em7uRW5zPQmaw5WDoXokUiHPq2xmaQHtRKJg7S4HgpyIqtkiy/Gqx3Xdhcd6+j04H/nu - 92DCdAoHIbn5QPMgJAMhlgzINdMomJqM7eFB3qQ0+WZqxVJTEdF0IZQO+17fc+eMxyhrbtD3e5+s - xxOLBab5WRDDkvCA/P9W8tz8/cM6GAPyDUUFN+L4W9Pgeohvl3zJRbnLfXD1wHpwIUVc4C1myBOc - qAzxcScIB667scWgX/K3KNta7Ckorx0En4hLbkqAJY4fbL3t2bVb4Hbtxg/HF2QcUb5nvbk2uYf9 - GrLXkvJo4U5ognmeY1cra8HS+PTkrmkgsoxpgsq0uGM2mG2Uhkxh2XEuGJLiILR2C71haEYZV0xD - B3kT9nrdfd/22d0YY84ElXED/7YNJzt2majHJKpIhFmSGQAnCjQpa0ZpFLjqSkLmyKoWKRcsWpAM - KFf4kVYrag+IH3ogNIpQICEmK0ZJgZyP5CZHhcFlnEN1zHdMKiOkHmpnBGFDubIsO6KkKu8ImbhI - OFh38kVuOYHcm86FnFbB1JRqvDTMCmzN9Pn76+PxRXv8ro1njGXl5eiscvoYMO8Ai4xD8nY4+chR - xnFmNciQiHwVfeTDFTOnByY3Bt2uJq35ZgL8BwAA///sWW1r2zAQ/ismUGhL7dhOnJfB6MLWwT5s - lBU26DfFVhsz2zJ+STey/Pc+Jymq68Zp6UbJh0ApSiXdXU93zz13+QcFURpHXQrU3g4F3WLpxDLG - 71L5qEvF03MyML6iqN/KDpTi4ueCZ5TZFjPPK9Cgwg4EBBkTL7kVZ3iRVN6xREHlj2G3pOqDyveL - Z2cUH5mFJFCUzmLJHftDgWblTAZJXeJhLUROI07QhGY8cayLrKTIM3HWiETSRYEK/dq+cmMgyStr - ROlWO2XknX5JcxZW9H9+E1YsP1iAEnKX9P7pVcXzkqp3wRXEcHVYZ7YJXZm5wDt75A3htNnVR9sb - aIeirRcFvQzQ7JjhYbMT6/jkLx4zqcQ7YMlTcuh1kUNv2LURNKlAVaAkSt5KNLp11DVH2xuGckkP - S4K5/WAXBXNNK4C0ZOGCoHVL49GudG0pU2NHnaaManfvuUJHPiQmLopXFnpiZOfALGL/6KGCGzYc - RN58MnSDOWwaj6ee74+IV5hD0LDjGKcHnkURdKDY9x5ssHVX98FAHAnd2VqriHfAKuQxCTBq2Q88 - 3xtyz+UDP5qOwkEYjL1wEkSRy0Y3Hp+cR++llKPB7Mj/jB91z05Zpmufbas/lU5d2nfwiO07FOxO - Xs+TOCSX2TljJXkM95FZVQzajOWnS3vk5BnZ3+7Z99/idue//xa3pwf7bjGgJ1K9u6bGTZJ5qcde - lE8EzqrFVvB1DXzF8Yu6EDnvXwOKwsVD4tG0Crsmk0mPnrtpVl1oxD1Awds/+gEK3sLiAxR0QkGb - TIBK9VZrurOhILD9VqXiiibgeu1CoahYgtUWKV1DOdcM5dobZsjV3jAUjmfLuBCZIkm656/1ty7q - 44ssRXcpJaw2S42Cr0C+xvdF/Y3cs17Kfn/nZZ2Q4IZuOWEpqlml7FiK6r/NZJUsIxOq0Jb+EHI+ - ZabAopBTH9Jo7HhsrP/IWn1Beme9Xt8DAAD//wMANwTIC7wbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhLHAHD0MXu1i3IgsRpgKZBQFNniTVFqiQV22vz33fU + i50mcbdkWBHAkch7v+ce3ScPViWVqZd4GmQKGtLXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4taIN3kJ5BqcGAtK0sq4xVxdwZvInCMAr7Gj5WYOx0XcKppsxyBp7vcec/ig72D/HFgJjj + a25taZIgSGEOzKbqg+pTK6gxnMq+BBugJxvQkgdxwI2pIOgMLGCN+ifTyfm0Fw0HER7VIRgv+eQZ + jK0yjFrIlF43OaT4hhpxGMe9cNSLDqdhmESjJBz1Dw4HP4RxGLognROLgddmXhik0w+wFGG8Sbt9 + ScEwzUtXODx9RUxBhfBJyo3lkllScmBA1JwslV70nTZT8kKLZ0ZRSe7aRcUNvaWW6uCWwzKow9oG + 2F5F4SAa/Wz4X/BTgW2vCvTqYIEup9QsXK+qmXVPyZwKA77XKL7BvGpd38s5AkezfH0Mt4Cxhne+ + Zzkiq0SUeImsMEfvAUwGYXdRavUBM3phwVvtutx1A7tyu5d7INlmdSG5tWjAeBvfDql/1LJGze2S + aodXw4tScAw4fZA59qNG2XC0Go6eGe5XOtNlsunLMDzAMOLhKh7+v16a7tdYRIfR/ira/xYOV53H + QbwaxN/CYwvwu7vHcIx24TTuLuZ89bbhQOz+1TWiIcs0ZEgrj7COcSpRNVP+pNX4YNfFaNfF4WPj + DaU1p44wavb2kl6Er9QiqTdk+Pyhaqh2S65BY067kakfj1Tlso0cYV66Ay4zL7G6gruWQ501zVlT + g0+PzlxkKGpyVYl0zE0p6LodMzzGsOxb7KcbvbYaGjBZN9tPEfjgx2FH4A/LtqGZhxe7Gh5vGl5q + rjS36xcWsVMPhs/jcV7QDEzgNExnhOOBUMu+uc22RHaslh3hDb3HkI4HXSKCzsBRlgPtw6/1/o4y + RLsQGo1cPXJqJiVnx1wuXrubMZRus5Cs62Ld22V9tzmRSk5wsaAzAWdATYMM3T55p8cXv745uTl+ + czQ5OZ/cTM7O/jzD/HC0DBYEBaY5kFPkZmmJ80u4IUqKNcE558IZJVaR37mm5FRDgYNOKoOY7T81 + 7xGOkxd+5mE4yuaJ13yvsHdY/O1MfTHg2IaMSyoeCrV7UVveGucCo+s4AvuaSdhIV6Ub2n+B42aF + eSH0GuXNN/HLreN5aNzC7RfKFrgIdpDrjDe+jtpd6z8F3C1sQbc3xd0nXIKDOlNC6ZMmmpmooJdp + ZI3tuqLIWDXNVkWJq6q0bRe+1r8vi/Nebv/2ptwK2EvI1Ttaxgk5UmrBgVxyi6xlyTmwSgN5LWj2 + 2eWKqQrFqMiVsckoHIXBnMsUiTGIBwfXtcFxXQqM8oMiDiTJHvlHTfId/nxfq5/jeuUYBdVw9tsg + xxWQMeaDh2NgfRLt+8Rha5PF0eUE767wX28/GtahurawJfQLbjX0lc4CRCV1neK4HDk0Byjaz20h + 6sAbO2+dnQu5kGp5v0qnWqUVfm4nMsM5LbDqwRSL7HzWJcKAyW9q2bNqR5nK1kB8TQJytQRY4FDD + xtoOra1AMKgV3706JeeMyh3ybuULDuNNPvcyOF8bC4XBDNJScUTNXlKf181xtSool4Zb6COwsFQm + nymq010Sj+yPtxBzll8R1iAJSZTMACQxYMmyhZVFljMNtOYILZ8sc85yUgCVBi9pI9FawHTfyxkQ + yhjSJKTkllNSIfKZXpfIMygnJUKO/w0AAP//7Fnva9swEP1XTKCQQu3ZTpykg9IF1sE+lIUWViiD + oNhOExpLxj/qji7/+95Jsup6cTfKKPkQyAcnkk7vzrqndxe8UqeB6BJv+U7WbwToZhVzOloWM3YF + yjt4BCTkFqSWteZLkSVyjSUyIl+G0Zy4D7x7H/MTAgbj68JS17rFNhX7SS5aKZPoyhyH2mLcagBE + ccbjjWNd8Jx8Nh6qGPzgFATajWIEBBphXkMkg3mJAO1E2vC54f0V0hDXCEJG3uvjUlWVIyqWpzIf + kH/xo5OuUnmWsckcNud67zkroGMWJY7UvP/tZno9s68vbdy4Mk3NJqnIijijPOizKFnzY6t//AsH + ZVOIjziGf4oVr0useMN6gJisQE19LwUXSaj21KDDhts50CUBXCMB5LuQSmj3xC7R6hrRioixcEXZ + ukM7tyk5L5OE0V3S+xvxUgxJGYrsjRcPKYRzZA/p2a/RWbBkw0HkLSZDN1jAgfH41PP9Ed1zZhJ2 + eGVaTC94GkXYA5dP7xmDrcuST+aQkdFXC0qVAg5uOTlNso8uagLP94ax58YDPzodhYMwGHvhJIgi + l42WXjw5j86klaPB9Mj/go9aZyeMa9a0bfVT7pS5XSEitu8QEztpudisQwqZnTKWU8SwXl4MkHF4 + /DyzR07KCX+7ON1/xO3qdv8Rt6vjfUcMTopUQaelWlP1zHSzh/KJyFoVjYrXbiHZMP2izASq+Fsw + Trh6Tjzq0WDUZDLtoztTWuVlmnEPVPD+L/1ABe+B+EAFnVRgBAUg3qmMe6L2rn52YVcUTDen2zKl + qxfkml5Qe8D0VtoDRqnF/GGdCa4kjy41S/0vhPr6L0gfRPH/unjKmDGKnVCBfBeyH1G33nCEFOSn + +lGz65sByH9sPtR2T3oJe7yK83JDhhvOyk5CVkwL5Tj1M6nbQK6b318u9l+s1gsk2u12+xsAAP// + AwDGgrSL9BoAAA== headers: - ATL-TraceId: - - a1e13726419ea6ac - Connection: - - keep-alive + Atl-Traceid: + - b7333429dd6235c1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f698aca6-675e-4c91-9e28-7c41de3c5c70 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '221' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f94f5da5-87ee-4f55-a1c6-e4ca2b1acb0a - x-envoy-upstream-service-time: - - '139' status: code: 200 message: OK - request: - body: '{"issueKeys": ["11075"], "ignoreEpics": true}' + body: '{"issues": ["11769"]}' headers: Accept: - application/json,*.*;q=0.9 @@ -1344,51 +1074,57 @@ interactions: Connection: - keep-alive Content-Length: - - '45' + - '21' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/greenhopper/1.0/epics/11073/add + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/11767/issue response: body: string: '' headers: - ATL-TraceId: - - d5f9e226ff54495f - Connection: - - keep-alive + Atl-Traceid: + - b937ddf7b2408911 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 343e909e-393a-4682-9e95-a02230423a0c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '639' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 559046a0-6fc4-4aff-97cd-f45b8374bf9e - x-envoy-upstream-service-time: - - '312' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1398,94 +1134,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11075 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11769 response: body: string: !!binary | - H4sIAAAAAAAAA6RW227bOBD9FUIPRTdrWxe7qSOgWKSO281umga20wBNC4OWxjJriRRIyrLb5t93 - SEl2LnW2TRMgEYfkXM+c4TcH1jnlsRM6EngMEuI3DNJYtTjNQLVUtICMtkQOkmomuGpBzHQGmrai - BeUJpCJprUAq3IN4BLkEBVxXZ52Ww4xm3/devsCFgnSOy4XWuQpdN4Y5RDoWX0SH6pQqxSjvcNAu - 6tAuzZkbuEypAtxGwRI2eP98MhxP2v3+IUrm1lkn/OYoNFqoiGpIhNxUzsW4wguBF/htr9cO+hM/ - CLtB6HU7Lw6P/vQCzzM+Ght6k4NV80QfzX3X9zwv2EZdL2JQkWS5yQhKj4nKaJq2SMyUZjzSJGcQ - ARFzUgq57JjbkeCXMv0ZLxREhQR3xaCkK6qp/Euxr/AqwyIV2bNKdBq/8r2u36+XE3T01S7klmMK - jbYmVC1NjYqZNl/hnKYKWk6jwwmtkpuWoxkCI8ciOyEvMBInl+ILuvfE7NW3be5sNZrcmcWtgu88 - veRMa1Rg8FXfNkH9a88qMdcllSYwxbI8ZYiQ+F40mFwLmV5/3ev/jLt1mmtjdaZzZhKLP7fz3PNe - ouWgtw56T1ZsS2hR8kzV/x+x5R+u/cPfs7VujNUfj1jrButu8HvWanCq5mOvtZsb09/rDxW7YMWu - P2MFk0RCgn39AIaIKZEWVZtVkqhQWmSWIqZoIXi5b6P/UEdFHZXUNKalPyds+y0Hw9QfsOMMruoD - VCNPVjT06x1QcdyW1dxKmzTwtp8DUZgofcNUV0bAeOKEWhZwU5OXUSZZVMX+7YHMOIZH1UIUaXzC - VJ7STd0SKI4kYKym637Ek0EQNDx5P2vevnT6+zaCfRvdHZcwIZnePDGVzXW392s8yjKagHLNDdUo - YShIRdlRq2THPWeibDiq59wYLMzAkImB5r2gTFf+MFp/Hw79vgl7QdUwZ9EZ40s7ik8gN5OZR03N - bCVLu7eVcMGHOJjpLIURUFXhQNZfzsXZ5dvT8+nZ6WB4Ph5Oh6PR+xGGgQ2kMG48MFkAuUDW5JoY - u4QpIni6IdiRLDVKiRbkHyYpuZCQYdeSQiFCO7ZH70dxhAq978zzekdfQ6caGFgizPGupe60MWY7 - YZym9w/V74o6vRbVKXrXMAGWL+GwPV3kpmd/jONexwu28756KTwRYdXl7bS6O9x/DXQ7VL2m0RIf - Ug2yGuWVrUH9pPkth5t3kds8T4JmuHIwiI5EKuR55c0sLaCdSOSI3eNAkBNRFVtkOT71uK6r8Fj9 - 7ibnE9/9HkyYTuEgJNcfaR6EZCDEkgG5Yho5SpOxHR7kTUqT7yZWDDUVEU0XQumw7/U9d854jDTo - Bn2/99lqPLG5QDe/CGJQEh6Q/79Knpu/f1gFY0C8IXfgRexyKxpcDXF1yZdclDvfBx8eSA8upIgL - fMUMeYIdlWF+3AmmA89d22BQL/lblG0t9gSU1wqCz8Ql1yXAEtsPttr23NodcLv24sfjCzKOKN9z - 3jyb3MN+nbLXkvJo4U5ogn6eY1UracHS+PTktmggsoxpgsy0uCU2OdsoDZnCsONcMATFQWjlNvUG - oRllXDENHcRN2Ot19+3tk7sx2pwJKuMm/dsynOzQZawek6gCEXpJZgCcKNCkrBGlkeCqJwmZI6pa - pFywaEEyoFzhJq1O1Bowf6iB0ChCgoSYrBglBWI+kpscGQaPcQ7VZO0YV0YIPeTOCMIGcmVZdkRJ - Vd4RMnERcLDu5IvcYgKxN50LOa2MqSnVOKdnBZZm+vz91fH4oj1+18aZaFF5OTqrlD6WmHeAQcYh - eTucfOJI49izGmRIRL6KPvHhipnpgc6NQberTmv2jIH/AAAA///sWW1r2zAQ/ismUGhL7dhO7CSD - 0YWtg33YKCts0G+KrTZmfsOy040s/73PSYqaOHU2ulHyIVCKEkl3p9Ppuecu/6AgzpK4S4Ga26Og - WyytWCT4L5SPulTsrpOB8Rm5+15WoBQX3+c8p5dtMXO9BQpU2IGAIGOSBbeSHDeSyT1WUVH6Y5gV - lH2Q+X7w/ILiI7fwCBSLslj6wH5RoFklk0HSCFyshcjZiBMUoTlPHesqFxR5Js42IpF0UaBCv7ZP - rA0keaJBlD5rp4y8809ZyaKazvmlsBL5wQKUkLuk989val4Kyt4VVxDD1WL9sk3oypcLvLNDbwin - TW/e295AOxRlfVHRzQDNThkuNj+zTs9+4zLTungDLNklh14XOfSoLlpzXWJplEDqCglQslriqe0d - QYcot3PCMC/paEknn1/YxcRcUxFsEZV2gmvvmphddc2iOeGyypKiyTJGKbz3p3xHriRCXlQvzPdE - zC4BXVQ0oJQK7thwEHuz8dANZrBxNJp4vh8SvTCLoGHPMk73PI1j6EDO7z3ZYOvi7p1BOhK6t8JW - ge+AXMhlEmfUsB94vjfknssHfjwJo0EUjLxoHMSxy8I7j48v47dSyslgeuJ/xJ/aZ2cs1ynQttVX - wmmE/QCP2L5DMe+UzSxNInKZXTImyGPYjwdWJ2DPGH64tkOnzMn+dul++Ba3GwCHb3G7iXDoFgOT - YlU1a4a8yTWvdfeL3hNhtKrMFa7dAmax/KqpipL3bwFF0fzp4VHTCrPmJZMe3X7T5LrSwHuEgte/ - 9CMUvIbFRyjohALDPGDivXpxS+p367ELuUXNUox2OZML+tVbrnq7E129OberN+ea3lx7Yrie4Pki - qYpc0R1d+jf6xxf18W+OsCjq/9ZCVbKMTChCVfitkO0h0/dEUSstXq6HGnVfrF/+TNVfy73oZezn - Vy6alARvnFU2dqp6WqtzU3eZmj90cvP99mZ/a7feIK1drVaPAAAA//8DAJniZzHDGwAA + H4sIAAAAAAAAA8RX227jNhD9FUKvla2LvYljoCjaxFukTdMgcbYPRRHQ0ljmmiJVkortpvn3zuhi + O0pcIMl2+2bNkJzbmTPjBw/WBVepN/YMqBQMpB8FyNT6iudgfZssIOe+LsBwJ7SyPqTC5eC4nyy4 + ykDqzL8HY1EH6TUUBiwo15xNSut0PqcH76IwjMK+gT9LsG66KeDK8MSJBDzfE2Q/io6PTvDDgpzj + 58K5wo6DIIU5JC7Vn3WfO8mtFVz1FbgALbmAFyKIA2FtCUH7wBI2eP9yOrmZ9qLhIEJR5YL1xg+e + Rd9Km3AHmTabOoYUv/BGHMZxLxz1opNpGI6j0Tgc9Y9PBt+EcRiSk2TEoePVM290ku4HmIow3obd + fKRgEyMKShxKv2c251L6LBXWCZU4VghIgOk5W2mz7NPtRKtbI1/pRakElYvLO37PHTfBvYBVULm1 + c7BRReEgGn1nxV/wbY5lL3O0SrBAk1Nul1Srcubo13jOpQXfqy+eY1zVXd9bCASOSRabC7gH9DV8 + 9L2CI9QcZXFb9+NnZYvfDQV6c6/uZZ5zQxZWAEu5YaAynkFOnvgNKt5Y2PpyVVXCydNCvq5QuwT/ + wJMl9tY+Sujx2tZpA993Odz2QNBCMW5roGCFokRLbS5rb2ayhF5m+GYPAZqdae+R6mmENsK91Zv2 + ejB4Xa5EjvWzAd2w7SMCBTVU+/aektc4+0sL3yqZA+/xS7dzRRD7heq280xkrLRgGDKi2TC34I4p + gNQyp9kM2MzoJSiW6pXqs1MDWJyUzTbsJ2E4u9Fzt8KuYT08wJR2jFiYacNSkODglXTwJHPbOGwA + hUie5m2CEkJdp827XR09Eg6cwIlRVK2tSuQur0P/g/CQImoVhdGf0ec3lqS5/XJB9uhlF9+tEs7h + A9bb2qbR9HN11jZZpwSIvJACHU47VIcZr2hjOFoPR69091+ouI1kS8TDkOgsHq7j4X9rpab7avig + wehoHR19DYPr1uIgXg/ir2GxmWgE3C4c4xaOc7H+VO82WOTf/8CiZ5mBDHvzGdbRHS3Lut1fBHl8 + fEgxOqQ4ef54varUUloEqq3MG/ci38PkuE8YOGG0PlC1NuXJiKT27OGZjNCLKbALXcr0TNhCIsnX + GEfxijtcAN86GOtZvFvEgvo5Q91W/TzVJWUwIld/I4FQmTd2piTbSU2C3suL2eDDsF3Mumk7RDPx + lma6im3Bu4rBjpi+zIwbvoOp92ac1KunRH2haWRXhDek6Sb5DIiZCLTdLfzoQLTRIYRGIwp7wS2N + gwuhlh9JcwYF/WNQSYuXCkWrSreVKK0mOKr4TMI1cFtj0DS/vKuL2x/PL+8uzk8nlzeTu8n19a/X + GAa2lsW48cB0AeyqWhcZ2WXCMq1wecN2FpIepelZjcgrAzn2czVjbf+lto6wnbzwbxGGo2w+9jrN + jJnNhOISa4ZJ3zUZ6bqy5v9Ok94K5RK9azkCy5fhaG9PlwU17cs4Pul/GEUtjv+nJfQfAAAA///s + WX9v2zYQ/SrEgAJJEMmS/COOgaIz6hTbH0WNuWuAJEVAU3SkVSIFiYoWrB9+7yhWdu0qHYahyIAg + QexY5PHd8e7xHX1gdZtV/yMRKnReoAVVxu3CY3v6dXBu1Pbn5H1qMnkyY9dXvIhm7LXWn1LJLlMD + fjRsJUUNFfYm43efyVe4mmnBs0RXZjYNpsFgk6oYJDaIhmcfrcGFDQVQ/qEZJcnshH13JjvCn2M7 + fQWBRcSBaShxB3JRS7aAP/hwIYXPwskpo9zqvHh9eYFn13jxJuHIQqVtEY3089SU0tfl3QBZyWmn + UmggyuYBhvqJyTMLvLXzgez8rj4pyNKdKC1LHdc4VS+6HmrwHkGmNW2IAJj9ohvP6J4wFc5A9JEN + 2PVBR9YzaztgMLQTr+ZLthJc9YwnZTc4jzp/djxYPVRG5hU8iAudImtOZvZzuzkUq5ynqkohrZFY + CFWVrDUv474RB/YX2xQjy3Mm2kwCiULtQ+hX0rDGpZUBy1Vtam2QWqesSVKRsFxyVbWdAo1wFuDu + jULDwIUATaJJuE85q5H5onwoqGlAoSvZnu3+DqK32OU7ey9DgC4TqSi1GO/samXIIyAht6CoWKo2 + usztHOo1QL4cTyviPvAu2pVTAgbj6EVaAcF41vAHcpEV3KKrKyQ144rtAEw4EGY+u1AV+dx52Mbg + RlEQaDWKERA4hNUXiGSwqhGgbyLd8XnH+99QhjhGEDLy3qVL0zS+bnhV2HpA/ck//SIpbC5jkVvY + vHVr33IDxbSukVK3R+8u56ult3rrQSHYMu0WKXRpZEl1cMTjPFXH7Oj4MxIlM3qGNDwUK2GfWAlJ + 5391GUKMZkowshVJJNr2p4x7bAW9DzopYENv9c23B/ZJg6ATrwgQF4m9TzmUyvsMvG+lU7rba5rv + ETDFkhSiLv/lAURK4RWqiDTor/HL8YaPhnG4no6C8RqYzs7Owyia0HnXDcIKjwyTtNHzOMYaOIR+ + 2mLwXBfyc5dsZPTR/rEtBR+nnR1mWcj1MOMwCkcyDOQwis8nYijGZ6GYjuM44JNNKKev4pfWyovh + /EX0Br/tPC/nyrGn57UfVX5deQ0i4kU+MbJf1OssFRQyr+C8oohhvj0gIOfwdrH0Jn6hCP9+L/r0 + Ee83s08f8X4z/NQRg5PitoV0km1X/Szd3Q7VE5F22+i1vHYF6YbhF3Wp0bRfgYpEsi08upLB066S + aR13JeXUXumY95kKfvymP1PBj0D8TAW9VNApDUC8ayvuL7rNde8D2NWGuy+f9pVH351Q0HcnFHR3 + QvsPRl8eSHWfllq1Wsi1nLX7lrH9958gvdfmv7t5a411RrESOpEPmu4l/gYAAP//gg/2AZMQxMnV + MCa0dCXbAeAZWX2YuTpKuYkVQanFpTkgg5E8Cx5RKCpxLIF4HDSuCRp1AHkdLo6q2QhFN1QD2LW1 + tbUAAAAA//8DAEmVzBbUHgAA headers: - ATL-TraceId: - - 63c0515836b7fe29 - Connection: - - keep-alive + Atl-Traceid: + - 73ade59dff1c53d8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ad79701b-3426-4ecb-b4d5-b0e0bd01aa5b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '270' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1933f7f0-badf-4e22-896a-cb01eb84bcfc - x-envoy-upstream-service-time: - - '239' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1495,174 +1239,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp+pGSm+hBRVah3ZOIJOkEK2lSmlRYlv3vpriwehveeZ55 - mRNRMuBhsUSQzxjnIHa7AQ3qOPgvT2W0MoRROuowkox84xJG7xJcABQUKOTd/va1e3jpr9v9Oqk0 - EfG2QRlk8J6RAWfrjxO62B9nTAfurF+HJKl1tMOvQsQm1PwS3su4gQxYkUOVM94XlYBClBUFgBtg - AMkPuKTefpz+sW1fMFEyAQ1t6yurp0dnfAI5a3lTGyV1iaXEBrRpeKMGJTkYDSCrinOF5Z+CaLeG - p3GRZHvHyNXGZ6/lFp+IvUwE3cehI+fzDwAAAP//AwDHUZ+CWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEpaS8oIZ9UP2w0Po/UJ5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w2M/K1jfsWpx8cl3ao1P4C4TmPFtv4Pz+QsAAP//AwDZa+ZWWgEAAA== headers: - ATL-TraceId: - - 3069b5fce2a8f832 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 52fb33d4418a2011 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 42efc43d-04dd-4250-849c-18b8adde5ba1 - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 88400bfdd0da9971 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:12 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7ae6def7-c853-45de-aa14-2e9e5beff457 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '99' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4b4626e1-bdce-463d-92f6-012399c1abf1 - x-envoy-upstream-service-time: - - '65' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1672,102 +1309,108 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/NTEST-884/issue + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/NTEST-1429/issue response: body: string: !!binary | - H4sIAAAAAAAAA6RWbU/bSBD+Kyt/ON1xIX5JSoOl6kRDescd4hCEVipXocUenG3sXWt3TZKj/e83 - s7ZjGkivAEjgnd2d12eenTsPliWXqRd7JplBwXuSF2C8nmcs1/bAenHQ8wq+PANT5dZ48StcW2V5 - 7sVRzxPGVHg8vrzrFKkSNLdCSdO7BW3wA9IzKDUYkLbZgFTYAizvJTMuM8hV1tMgU9CQvhOQp+SB - IGVhGLwekjuQ3+ByZm1pYt9P4QYSm6rPqs9tzo0RXPYlWB+tWJ9nIgc/7Ae+889vlcxhhTpOppPz - 6e5o9AolN7Wx+I7itZVJuIVM6VXtVoorvBAFUbgbDHej0TSM4kEUB0F/fz/8NYiCgPwkG3ZVglPz - JD9L4Ue1j3TfD4MgiNaRN4sUTKJFSXlD6QEzBc/zHkuFsUImlpUCEmDqhi2UnvfpdqLkhc5/xAsD - SaXBvxWw4LccK/6bEf/CmwLLUxU/1aKj9E0YDMJRs5yio2+6kHseAQZtTbmZU52qa0tf8Q3PDfS8 - VocXOyVfETwCAVYiFLxYVhiJZ0otulWp1Wd09pm5bG67TLratJmkxb3yd35fSGEtKiDENbcpxL/c - WaNu7IJrCtOIoswF4iXdiA1T7QA0HC2Hox9xt0l6Y6zJeykozfhzP+vD4DVajobLaPhsxa6gDjM/ - meb/d2yFe8tw72W2lq2x5uM71gbRchC9zFoDVdN+bLX29St1+/J9zUhEWZ+wglmmIcMufwBKxJTK - q7rpaklSGasKRxhXaCF6vW1j9FBHTSS1lNrU8aMX74Y9D8O077H/CFf1AddchGktktqBuwcyQhwG - ZGaqytNDYcqcrxpconjBLZJ5TWtP76GaM9cs6dfaNDWI+xyrivIUkqcfSCBk5sVWV2Q60YCxUtc9 - xpp7+3sta25mLdiWzrDdgFIkLhdEJsjog01Cf8E7QbrdMzHomGEBMM9XDGTGMygIG0RvRcE1GX1s - N1G50uRi7ZdbXoWhh3lJ8RXsCrQZY9Sxn1Ba2NUzS9de9ykVT3gHRIFBGJ9umFaJQEGuFn1zm3U5 - OVaLllWHFNZmIIM2kJxfA/EiddnGISKYR0sdbmupcET5mHEzwTIdCzl3M8IhlDQyyKRFvuuHhdtb - S6SSE5w1+HUOZ8BN3U26+fJOjy9+Pzq5Oj4aT07OJ1eTs7O/zzA+5AKDCcED0xmwU3wApGVklwnD - lMSyI7mInJQyq9ifQnN2qqFAAmKVwVbpO7rZjGIfFQZfRBAM93Xs1S8h1g6T37HDN4yEZciE5Pnm - oWasatLr+jVH71pSw7pmEtanq5Lo5/GWDPuvBuuWrEegZ0Kvvrx+eL+dWp6Gxg5ub3kyx9mwhVyr - vLY1bma1FzncDnx+O3dFLatIIKi7Hj6pvbnOK9jNNDJtN/UodqjqYquixB6XNCNTFb5Xv2+T84/s - fnemwuawE7PLj7wMYzZWai6AfRAWmd6yc/cOsnc5z75QrBhqrhKez5Sx8SgYBf6NkCnysR+NwsEn - p/HQ5QLd/KwYoSTeYf9/lf1Mf39xCs4B8Yakghex/Z1o/GGCqws5l2rR+T5+/0C6c6pVWuFANlnz - pD/FdOC5SxcM6mV/qMWuVVsCKhsF0Sfms8sHrLvlVnfAH7iLHw9O2XnC5ZbzNAH6e6NhnbK3mstk - 5k95hn6eYFVraSXy9OjwvmisikJYhsw0uyemnK2MhcJg2GmpcLo1O7GTu9QTQgsupBEW+oibeDgc - bNvbJvdTtHmtuE7b9K/LcNihi6wesKQGEXrJrgEkM2DZQvwHAAD//+xZbWvbMBD+KyJQaEvtxHlr - Exhd2LIxWLfSbCuUQlFsJTFLZOOXZKXLf99zkqwkXpNt3Vb6oRCCE0mn8+m5u+dOGlEZApxmV2wE - VB2xxST0J2wmuEwxyPUMIwH2gwTGfR8BUgRsHnKWA/N+chsjwmCalELzE5dUuQD0EDt90S0gt1gs - 3GjB09iNknEVgBPf3HgSK0wAezcjJEy9WXrDM7CdYY6judn/eNkbnDuDMwc5RqHy88V7LXSXYc4E - XjLosrf9T9cSYRw+m4mky6J47l/L/jyk7AHlBiJztKcVY3+5QTALg20b6LEdG2wXSzPmIb5TbaNt - W/w8TwHjDEl9rApwwsXlREjybMbt8Uaoz6EHAEHKhHPBQokTmak1LEoo/XGMppR9kPm+CnlE+JAM - TqC5KOPTBb8loLGYK5DkKQ6WATlrOEF1LcXUZX2ZEvIsztaQSHsRULG/0S8tFCR5aQ6U3qunQt7h - u1nM/Yze80PEQvWDIZSQuZT1DweZiFPK3onQIUboycazLXSV5yLeOW2vCaP1Bq8cr2EMeiHiKKGT - QTTb5zhYecD2D77jMKdZ1EUsoQRSIgHbeK5HJd46ky2Pt4qFlFmyBJlR8W4qA0pTa3ZqecAyL2Vo - xTPvn7iNidVscbNBVMoJrryqY1dlGfcnii6rLEknPV4rqVf8+lf5jyxEtYYm3A/I/0TUThHKqJpB - ldga8WYj8IYnzVprCJ2Pjztevd4mumEnYYcd0wSdey8IsAc4QGWlg2Pq1pc28pHQnc0D7QguyIaa - puKOfqy2vLrXFF5NNOpBp+03/Nax55+0gqDG2yNPnJwGL5SUvUZvr/4GH73OmXFpUqLj6L9SN0+d - BSzi1F3yATfOh9PQJ5M5MecpWQzr4XBZiOPB4+tzp+3GkvQvdyWevsbl3sbT17jcH3nqGlOdq3sR - hjGvc89z09gjf6KYrVsGOpxdqeq40s+TKBbVK4Qmf7JyPOrHYdR6Mu1j+oyGbCcmED+Hgsc/9OdQ - 8BgaP4eCraGgTDbAsCp3S1pTUBToPtaueEc9fvO8usiq3SPFth3LA7ZXVx6wva/yQLMYEHIeJpHU - 9Me0AnJzy6R//o6m8yj7Z71dLcvKxEaoEr9Eql1km5UocpXGd8WjiboP3l/dx1ULuZv3i2vvun4J - udSNc2oG0Zvb/zcX1zdWmwVK2+VyefQ/7yjpMvHP7HHPHSUJ2WxptysPvqNsuK12Z8cd5Q8AAAD/ - /yLWnaNzlKD+0jCdowQAAAD//+zZUQqAIAwG4BtJzNEJOkqPnqDTRxIqzUkLA6P/WZjbnn72ae1W - wU21NRkBbIVhlGMbZU9PnG2eGF7g0ZZRekdEMEoZiLJRXh9S7vkaXsIo5RSFUW6HUd7yyNoJsJ9R - spsoBRkY5TqUUVLrRqtgWwGNJ7gtcRc2o+RolAyjhFHCKB98AKP8p1HuAAAA//8aMnOU6BLwlhc4 - BvBMXhI3R4k+FYluCnzOEu8cJd76DxRCo3OUAzUEjTkqMfhdjD62MfhdjD4+MthdDOrn0mliYnSO - crBE+mhRQA8XjxYFOIsC9MbFcJ+jTKbJnKEpyXOG1JsrNSNqrpTSOcrYWgAAAAD//wMA2iMAUpI5 - AAA= + H4sIAAAAAAAAA7xXbW/iRhD+Kyt/LeAXyIVYqqprwlVpc2lEyPVDVUWLPZg97F1rdx2gaf57Z9Y2 + EEJOIk3vG7vjnddnnhkePViVXKZe7JlkDgXvSF6A8TqesVzbj9aLg45X8NUYTJVb48UneLbK8tyL + o44njKnw8/jPx60iVYLmVihpOg+gDf6AdAylBgPSNgJIhS3A8k4y5zKDXGUdDTIFDeknAXlKHghS + FoanH4bkDuQzPM6tLU3s+ynMILGp+qp63ObcGMFlT4L10Yr1eSZy8MNe4Dv//FbJAtao43oyup10 + w0E/wKtZbS1+pIBtZRJuIVN6XfuV4glfREEUdYNhNzybBEEcDuPgpHd6Ev4QRAHpcEbsugSn5ihH + S+FHtZP03g+DIIg2oTeHFEyiRUmJw9uPzBQ8zzssFcYKmVhWCkiAqRlbKr3o0etEyTudH+lFJQWV + i+f3/IFj8f0HAUvfubV1sBGFQT8c/mTE3/BjgaWsCrRKwEGTE24WVK9qaulXPOO5gY5XP7zEuNzb + jjcXiBKdzNdX8ADoa/DU8UqOILCUxU3tT1+ULTo7Gg7bLDsokM6duldFwTVZWAIs8jUDmfEMCvLE + tQGi4o2FrR+7qhJOnhfyuEJtE/wzTxbYL7soIeW1rfMGvv/J4bYH/BaKUVsDCUu8SlSu9HXtzTSv + oJtpvt5BgGIXynuiemqhtLBv9aZ97vePy5UosH7GpxemVSLwooZqzzxQ8hpnP7fwdcnse0/v3c6O + IHYLtd/OU5GxyoBmxmLOmZ1zyyRAaphVbApsqtUCJEvVUvbYuQYsTsqma/ar0JzdqpldYtewLn7A + pLKMmJUpzVLIwcKRdPAsc5s4jA+lSJ7nbYQ3hLq9Nt/v6vCJcGAFzpTStbaskLs8g1XZnpIKQy9c + R95jlpCXG0Gp1Vd09I11aF4frsIOp2yDupPCWlRA06d5PcH4f3PfmibVFLUoylygw+kev2GaHVcM + hqvB8Eh3v8G/bSQb9h0ExGHRYBUN/l8rNce7iYMGww+r8MP3MLhqLfajVT/6HhabMUZo3Ydj+BpO + o1YwE6sv9aZDq9BfiIYs05Bhp75APvqp8qpu/oNao9PXBMPXBGcvldeLS31La4FbyLy4Gzb0RunS + Iqn9eHxxRyDGTJi5qvL0QpgyR4KvoY7XmHf7BXNK8G9McIvb41vHZD2Zt2uZX6vT1Ibu57mqKIPO + +T/oQsjMi62uyJukpkTv8JrWP92saftp29DMvmBTcKK9dhtxi8M77CKb1ZSUb9aRhoAObiDf3E/c + LCYfa8fcEYOgOZbi4r0t2n6QG/DuC/pb9n2f6T0g7n3jDNqZ3rlaPh9BV4qWEcfqA4o351Mg+qUG + 3AuKWOtgtOFr3RYOKew5NzToroRcfCLJBZT0L0UmbTe4Hlk62eZGKjnCIcynOYyBm7rDdPPLu7m6 + ++Xy+v7q8nx0fTu6H43Hv48xDKQJg3HjB5M5sBu3CDOyy4RhSmLZkbNETkppL3DD/0ZDgaTltgfT + O8RdIVKDF/wjgmCYncbeM2L6FwAA///sWV1r20gU/StDoZCESLJkW3EMpWvqlN2HsqbubiBJCWNp + bGkrzQiNtNqw/fE9dzSRVSVOYRdKHkJCYqQ7d+7nmXPHuUBkd6nkGXKGoO8Bg94Nn9lJzobXdGwG + 6+7xDunbgbTcS9cFAdDjPRm603By35Mv9Pp/0OtI5QV6XNJYTll4KqffB+dG7n9OPqVVJk7m7PqK + F/6cvVPqSyrYZVoB/Su2FlENfvk+47uv5CtczVTEs0Tpaj4bzUbeNpUxANkLxuFno3BpQgEr/1KM + imR+wn64kh3hz7FZvgZ1JODAMrS4NXJZC7aEP3i4FJHL/PCUUW11Xry7vMC7a/xzQn9iTKW0RI1w + 87QqhavKnYeq5JSpFESPqtmDqJtUeWYMb/X8SXr+kF8kCHcvSqtSxTWow0WHvt4nBJn2NCGCwexX + 1TiVOhCmwioIPjOPXT/A8gOr9gLe2Cy8WqzYOuLygDzRV+886PzpebC+05XINTyICwX6rU/m5rlJ + DsUq56nUKYYGFBZCpZON4mV8SOKB/uW+xEjzgkVtJQFEMcdghNGiYo0tqwoop9vS2qK0TlmTpFHC + csGlbmcgkrAa4O6NxCjEowgwifHn75SzGpUflXcFjUNodCla5uL2LPqALO/MjRMZdJkISaXFeKdX + yYo8giXkFmgjS+VWlblZQ1MUwJfjrSbsA+5iEDslw6AcU1ZLjxjPGn5HLrKCG+tqjaJmXLKegQmH + hZnLLqQmnzsP2xjcSAoC7UYxggXWQn1vIinUNQL0qKU9n3vef0Qb4hhByMh7Wy5N07iq4bow/YD+ + E/+4RVKYWsYmt9B5a/e+5RX44KZGSd0e/X65WK+c9QcHDMG0abdJocpKlNQHRzzOU3nMjo6/olCy + Ss1RhgRog0PpEPHyaZj5jloNBab9I6oqAdWGCRJXHYiOOtHhi44KmNAbfvO44CFqMDpExEcdEUfk + eJQYivZwHhhCM6V+1xsl94TvR4BMESL22zLA/3AgEXN4i64ifv1b/Ga65ZNx7G9mk9F0A4fOzs79 + IAjp/OuEsMMTYoISv4hj7IFD6dXeBseOXr90xUdKnxya29ZwcfoZMYNKdnCb+oE/Ef5IjIP4PIzG + 0fTMj2bTOB7xcOuL2dv4jdHyerx4HbzHb7vOybm0aOo47SPt1tppEBEncAmh3aLeZGlEIXMKzjVF + DOvNgYH04ONy5YRuIcn+4QD+/C0eTvDP3+LhDcBzt5gGr3ZgthSuz4ZW9kKL+olAvB1iWzi7MuPa + q4u6VIXwrgBNUbJvPLqHwtuuk2kfe/lm2V9pkfgFCn5+0l+g4GdY/AIFB6GgIxgwcdd23L90hW0/ + 77+zpa/ZWtryDQAA//9CNFtwDXAa4BojMoCPEaFLmMAkUvPKMovy8yBNIGgXtBQ6nwrhEuXS/FyI + CdUwJrSwI6OAQ5oK1oeZizq1jWQ3uMMPnf8GuqMsv4R6o5sQw+CGAu0C9pDC8sHjJbDROtCYLWgU + AmQl3CGorjVCcS5UAzh4QHMuRM7HAwAAAP//Ims+noJBT0QkgAxBm483VCJ7Pt5Cz9zSeHQ+fnQ+ + Hq+VI33AkFoj+qPz8aPz8aTHA1Q39lgYnY8nypbR+fhhNx+fgzGbjj4bD66ASZqhp+p8vCH15uMt + 9IxN4XN/6MGGa1h4dD4eVvpSp/YenY+3Ggzz8Wmg+Xhs8wFEzdGTPx8PAAAA//9Cz5OWeqYW8DUy + o81rCprXNJiPN8I3/YNjChgxq25O9ny8OWg+3nx0Ph5D1+h8/Oh8/Oh8PEzBIJuPxzvNjq4L3kpH + n6zHOx+Pt0AGhdDofPxATbdgdsAHv4vRe/CD38XoIwCD3cWgjhedJuFG5+MHS6SPFgX0cPFoUYCz + KBjE8/EAAAAA//+iZD6eivPghkTNg9NmAYAlyQsAKJ2Pj60FAAAA//8DADJTBlhqPwAA headers: - ATL-TraceId: - - efcdb6f5df16f987 - Connection: - - keep-alive + Atl-Traceid: + - 2bf64553a9c897e6 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e819ff54-eacc-4add-825d-23f910a12305 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '328' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aa11897b-815a-4d42-a197-1ae14d888dcc - x-envoy-upstream-service-time: - - '230' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1777,174 +1420,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG32Wuttlpmm2W3EQPKrIK7Z5EJGmnWEmb0qTCsuy7m+DC6m345/vm - Z05gtKfDYkHBZwizV5tNRz21oXNfjulgtfeDnthEATL4psUPbopwgVgwZJjX+9vX+uGluW7362ji - BOotQRlm+J5BR7N1x5Gm0BxnigfurFu7KJl1sN2vAioJW3kJ73VIIEde5ChyLptCKCxUKRgi3iBH - jL6nJfY2w/iP3TUFVyVXKJngV7YdH6feRVDynay2vdFtSaWmCtu+kpXpjJbYt4haCCkNlX8Kgk0N - T8OiIb3T69WGZ9fqFJ/AXiag6eNQw/n8AwAA//8DAPN4pGJaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CMxN9GDiqzCdk+ySNomWEmT0qTCsux/N8XFj9vwzvPM + y5ygVUHvZwsS3mOcgtxsem10F3v/4YmKVoUwKEecjpDBp57D4F2CKSIlSDDfbW9edvfPze92u4xt + mkC+rlCGGR4y6PVk/XHULjbHSacDt9YvfZLaZbD9twIyCQyrS3in4goyZCxHkVPeoJDIJasIIl4l + EpMf9Jx6m2H8x143iJIKSQtSifKH7cYHZ3wC65JyUxhjCi4Yq7EQiGWlWE07hX3dcV5qLOq/BdGu + DY/DrGB9x6jFxiffqTU+gb1MoN3bfgfn8xcAAAD//wMABAFrh1oBAAA= headers: - ATL-TraceId: - - b62dc737aaa5a6c7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - a0778b3a2006efc2 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8d30d01e-ae94-46ba-ae8e-a315520041d6 - x-envoy-upstream-service-time: - - '39' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 86289b10a5080d4e - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b5b05ae7-6a29-4fce-8dac-f45150bb525f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 062aec39-b83d-4aec-96f8-93c48da69501 - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1954,110 +1490,119 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/field response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA7RX3W6bMBR+FeTrECXsIhm3nSpVmqZprXYTRdMJMdQtGGSbqlHVp9n77JlmYxtM + aqOtDRdRxHdO/P34YMjuBZEjShEXIFqegcBFzU7ZPdACH+UVWqBHfJpuoFBh2XHbdURXpiW60j2y + IWu5qCuU5lByvEA1O2IGhxL3CIUnUmhEsFYCHAOTHA6SldBy/E1ScZTujBzLZai+KD17+evsHleA + 0hckTo2SpoQKUimx/MQFrqYMvb4uTCiE8xZ3S9gUXMTYvlFQdKexsFPt4v+Nuozdl8+f29QbHMDB + UQMMU9Hb6S+Nl+/2OuzjX3bM9Jw5MWT7XozaEd64elzESLqTUHRrsDlkDZy+ZGlbHTBzYx36h1i1 + rpzg8vhrvVp9WvWOfBV7v7SHigiBj1Fes4rLQksFA8pLOYVHpc/bZDPQ/i4wYVm+65Tt5eLndJOR + WCUoq6sliBI4J0CXD4TBsinbglC+bFitVoK4AgryBou7KHjaLR9zS6fhOMvNEOulb2S2nTRngFn9 + gDNngvtrO8I98LFh8UZl2XyxDEr6UbFQeFDWwUFRFWPpa509Tk/JWcdcI7JWIzLi8gVxwfkoO67p + 4ViH002C6aqKPWBqAeVUuOOGubJNVLYu1czRCkU1nWwyJJuT55+YcVJTlYHOdIyZNK/Jc/Q0oOF7 + 8L1xDazehIAxOEliIu9A2Y+MFuTcla7uwSEUBcOFeU8YP5W8JeP3z+9o7ieUz+bbx5JH5GBu/LbU + G3sD2yfT+E3uw7a8G3lGPrwWMMzrshV617TQEWRE/nCxsL73zplD6duAkaJ+Exw0eColm96Wr2JP + JWAFFpEMiamx8h1L446ZzqVk051LLpcvDvNPIHQsNXUqP7Eum0PnAByXhOJ47MAcPskmHOA2GKCq + jAPEVP0BCcen63OFt3XCU0yXjs5Vb4PbhoP7HAxOVUxwfwEAAP//tFnNbtswDH4Vv8ACLAECNLch + QLEBRVd0w3YwekgDJ9Hq2Iasrdnbj5Ipk7Iop+nim0XKoT7ys/iTr3B3jKXDQD+V426s45glyXFX + TIY1WBrNhfMb8ip95EGDHIn5PfVnqj44suoE1pzkMqkPHvwC4Xyt9YvegKKHyCWI7ieIskeUTYCP + TEp44jRI+wdtPMA0Wm2DtCIoKGhOmJlxXBHNccs5XBIY4TRhL891hA7obn6o4tUxrMMViBDRHciy + XphG9JZIiWUKtyrBk7jHXmG82xh4l+pMWnvOOYEery/fj6Ozp+VLhw5DlEMRITAH4GW1UWWPgUsQ + xZcj3EMTYaBiaqsLe3f3B6E1HmPdC/7vHBLLmTV8umhC599OJ7TknMVpEOG3RitXmwvJrNdNlci6 + qUpnRcI97Fd+tUE961Ja8/ek2hmU90V1qJum0C61rfaHD214fJ+s2Lxk6JfkwMFp0GO3JXQTLmyC + y0g5lc/cmIHM4FO+PhTbl+f6VLRPb3Jl3eAtGjhTrA9mHedmzCf2R9vV8Xdp1LY3HHk6PXyYJ4cP + ToOeztefPz1+f8rsd5HVu+xWabimIfs00J3aj0EIwNl3rh6XsxbHN+RevHNijWIbZYz4XI4ouxTG + YliczAzOr42q9itnw5sIamsfMzbWgM+n1spQR8wEGKEHkvgzxBfkex3bm5PQs7OwiSLK0rxbJHln + NQPeudmFqrKu4x/nW7R3Mp5FlmRFHi4ZnxYynzYVD+NZKlnqQe8QwvUsWvAK7LkoqV7pl+jrO7++ + Pn/QlIh1cBva0rHacy7hy2kmLZNMshqfXY39r++hhjyU4M9gx9VZgzFfukwb2uLL/N41CzIzLugl + k7liV9abOBcvk/79mPSv0wT+bSyEDOp/deyutKSfo52X+vsfAAAA//8iMrwNkcIbzU7iAxhHyyar + uFy3GGSyLthkjMxniCdQcY6ugWWggQqZs03Oz8kHOQlLWKIqoFUQgsfWkK3CFnLwjEtsyIH7irqo + bocFHMaoGgAAAP//tFrBTsMwDP2VijM77MoNwU4gIU3iyGFqM1RtbKMbE//D//BNpI4T2409ylhO + W510fu81tWNnJI/ZVYORmA3hDLd6bDcrXTg5oZRw0FfjrjThTkd7ra+WjsOlaHZHbWp21GAERZsv + LLVwpJRM0EUDHyP1MVaVrzTW7nM76TjcqA7rjPUJk0UeLH2lMWrisbQbv7CrWR6q8gQ5pgJVK+Gr + LjpifgQkTZq8ryRuIcbi1MXvzHx+WKwzCX6bhZp8f1VPOFhYlXGcT8MmEdh5X+DLDEjtdrl09WFf + 9mhwAU5c88/zwYSRGEJIXftAQxyFCVn2ocg1FUT0MhTBqx3xBuQERtlLDFa2kH1YfN04tmbJEJ8h + WS5PLLnTePmJcmHGyYT/Y9fXetTnomtE/5wMNvgx75OKnrzhtz/1ueLdxCbVHIFMukQuWQV2QSro + S8OeYCTkaGH5cfvmC28X9myYGLkJCdxxm03i3MWUXKo0hm8JzWbMGOpBGOhZiSAQDMjsAS5sSmOe + ixqyewTXwWH8JCQvIgVnoZqnYmUQoafcoxQPlyQSEQwScgZMe3Z5klJvpUfWuH3dtbETGGSQNmR/ + L4w273PXJHeqMcvrc36HvQM1W+AwguTm7t1npEP8l6q2E5UzSu1IoR0ufKlaNLgvd10X5sIAwRps + 5n16OLa184Ktbo67SVgOaXrcqNpd8anZFYcRFHG2a+sK5FIV5MOl5IPOODlStftLueg39s7/2qRv + Bf0AAAD//8SbTW6DMBCFr8IRiAIHqNJld+2uK0SRWgWaKCTtgXqfnql4bMMbM8NPK5elZyxsfx7b + 8Aab1BQHpovbO1XcJg8Cm1IWeYVY0OjPOmxKwiYnC2awydLgDgTmkM5e5WY8yO2gixPMH4vavqdm + W5Kg/SrWZGEC5NSQTKYyMx5kpssS6I5FLOuJ6S/oaz657crEPntYGf/k7kZbHu1EDOc8GB2iJ6OW + g9l3Y8EZ56rMkZCGHPSFndu9XZ/8XJ1843EjezR/kCUu2SPMPvPHmv7c6qHQ0lCgDJisPAe9CmWq + BbqzeUIXKkeQV32g5CrYVAVLHgf2QLdiEnf6CmR5hUhoU0LLm4LS8/3ldH45fb7LgOWdfR3itqrx + ToHDm07gVbV98nC8l7dW2bZ4hVh4ScnnTUFpO7yg8rdVeWOJWjD4TcBZkofqA15mFu1vC3nV9GSJ + gu+OrQHbXN9PPVTUjAV5glCpCvuDyESw+CqxwoWyFmFjrLxdyOj5jVTNb5CHY25nDhSpWizclOuQ + GhzZbD68KzdnGTyIT39AP3qKhw95kuJ6LcrXht2iQJPDfYe2Fet14fsItCm/9YdSEOvjIDcOVhgh + iuMjpUXzunF/fyX/lQCRhj1WUeT+6otJzXuRhy8mI6XVlVny8ytqXDfWsqLcmNqq7Nh6gUGqrb01 + TYFXefqyPw57gx5UDOEPAAAA//8iIQhhlmELAsxxLJhqpNQEWtgJ7gRC0xCcD0s5cAHcjicmR2B1 + Pcw2bK4vRZtpgKlFDvikksRipIkgJAF40CfpwoQocz/WHI2wEZsP0Is07HNAcCMAAAAA///EXMFu + gzAM/RWO2wGJc2/TusOkSaumbpdqB7QyVGkQBLSHSf33EePEDrG7CRXt0pI4wX7PlQmPUALWFo1p + e4A/AmMdCOyFenRcc39U3p2EapoXP1goyE1rhqOOMiRZqBBvqFMHNTtZEhgWRlyAvVEvvqrkCxZE + trYrUdPgtUyouPtgwFJlFgRf7koiRJBFxIrZQSNlp0sPdV+U8MJHnY6DVoMZS87Hpz+tK6G6CJyp + IjBYkNZtkVcyn2hZikiQftGH/drZD/kqdJHOfpjWrdoqhYNw/4vtihjTVeBMVYHBgow9t2VeH74h + RYoOPB2yFIegBIfORP6mWyfpcYRhk3WO+fMINjnlsyPZONNl40yVjcGCRN81Q+2wmxdkkrn56gTz + k/vj3etARLIBaSq5ga30w2oqsbW8u7WpwLRou3UnacBrgML5XxZWEII9jSyXZboInakiNFgwA49V + k8NNqUC/t12de2QR5GfvZTz4vxtxJlEX9enQmjq4GQz7kL6HoNPFFF+M5xLFnUp0xEtXPoMA7Y/h + XyNRG4Gsj8X09uV6KPawAcD5lHCga4/CjSUE0RIpXhktuywihxIAaYEkrYtMFfyoqI0Y7n2HDiFK + Aw75NQ/OmwQAbV3a5GWQCjeJQJxMX1AeXAsBvGFTD39+BkZXUvQuCB/12EEx25dsvww9b6I2xv1k + ysS+GXwx9LnMSyFPrxUUkQfhus7n9x8AAAD//wMAGZmL9PVMAAA= headers: - ATL-TraceId: - - e557c1e630c3befb - Connection: - - keep-alive + Atl-Traceid: + - 4466a9d15a47a4e3 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a441e214-3f30-45b7-af11-799a585ded12 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '149' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a7bbe3b6-64b9-44be-8e9e-e26defd3dad3 - x-envoy-upstream-service-time: - - '59' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2067,89 +1612,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-885 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1430 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH5JSoNnOjc0pC13lDJJKDOlnYxibxw1tuSR5Di5lv9+ - K9lOKDRcoTAD9lral2effaRvDqxzymMndCTwGCTEbxiksWpxmoFqqWgBGW2JHCTVTHDVgpjpDDRt - RQvKE0hF0lqBVPgN4hHkEhRwXa11Wg4znn3fe9nDFwXpHF8XWucqdN0Y5hDpWHwVHapTqhSjvMNB - u+hDuzRnbkq1eWRKFeA2XpawQSfnk+F40u73X6BlbjN2wm+OwsiFinBbIuSmyjDGN9wQeIHf9nrt - oD/xg7AbhJ7XOTry//QCzzOJmhh6k4N189hEgypHs9/1Pc8LtqXXLzGoSLLcwILWY6IymqYtEjOl - GY80yRlEQMSclEIuO2Z3JPilTH8lCwVRIcFdMSjpimoq/1LsX3iVYaeK7FllOo1f+V7X79evE0z0 - 1a7klmO6jbEmVC1No4qZNk/hnKYKWk7jwwmtk5uWoxmyI8dOOyEvsBInl+IrpvdE9OrdFjvbjQY7 - 83Kr4btMLznThhyGZPVuU9Q/dq0Sc11SaQpTLMtThgyJ71SD4FrK9PrrXv9X0q1hroPVSOfMAIs/ - t3HueS8xctBbB70nO7YttCx5pur/D8TyD9f+4e/FWjfB6ocHonWDdTf4vWg1OVXzsDfazY2Z7/XH - SmKwY9dfsINJIiHBub5HQ+SUSItqzCpLVCgtMisRU4wQvNz3oX/fRyUdldUMptVAJ2z7tV4YBksW - VeG+3bMZfmH6aiGKND5hKk/ppmYhmkuqUVwr2Xr8xFSauFVBt/ImzTjYx4EoDCo20ytjYDxxQi0L - Exp96o8oF2YoajAkYK1m6n6mk4dHh41O3kXN2wenv+9DsJMMJiTTmyci0Gx3zaHwCLlkGU1AuWaH - apwwNKSi7KhVspOYM1E2UtRzbu4X0m0KSekMjJgYat5ZZKbypzD4+3jo9w0eC6qGOYvOGF/a8/gE - cnM886ghkKVVab9tLVzwIZ7OdJbCCKiqSCnrJ+fi7PLt6fn07HQwPB8Pp8PR6MMI68MBUggILpgs - gFyganJNTFzCFBE83RCcSJYap0QL8jeTlFxIyHBqSaGQcR07o3erOEKH3nfmeb0jGTp3RhYhTxin - KTYTu7GbMfPtrq2+XNTwWtqnmF2jBNjXhMN2dZGbmf05j/3Oi+6Wx9VN4YnUqzZvT6sfD/fHsXFH - t9c0WuJtqqFc47yKNaivNL+VcHMvcpvrSdAcrhwM1SORCnleZTNLC2gnEgVrdzkQ5ERUzRZZjvc9 - rusuPNTTH8H5zHe/BxOmUzgIyfUnmvshGQixZECumEbB1GRsDw/yJqXJd1MrlpqKiKYLoXTY9/qe - O2c8Rllzg77f/WI9nlgsMM2vghiWhAfk/7eS5+bvH9bBGJBvKCq4EcffmgZXQ3y75Esuyl3ug4/3 - rAcXUsQF3mKGPMGJyhAfd4Jw4LprWwz6Je9E2dZiT0F57SD4QlxyXQIscfxg623Prt0Ct2s3fjq+ - IOOI8j3r7Z36sN+rIHstKY8W7oQmmOc5drWyFiyNT09umwYiy5gmqEyLW2aD2UZpyBSWHeeCISkO - Qmu30BuGZpRxxTR0kDdhr9fd922f3Y0x5kxQGTfwb9twsmOXiXpMoopEmCWZAXCiQJOyZpRGgauu - JGSOrGqRcsGiBcmAcoUfabWi9oD4oQdCowgFEmKyYpQUyPlIbnJUGFzGOVTHfMekMkLqoXZGEDaU - K8uyI0qq8o6QiYuEg3UnX+SWE8i96VzIaRVMTanGS8OswNZMn3+4Oh5ftMfv23jGWFZejs4qpw8B - 8x6wyDgkb4eTzxxlHGdWgwyJyFfRZz5cMXN6YHJj0O1q0kLyHwAAAP//7Flta9swEP4rJlBoS+3Y - TpyXwejC1sE+bJQVNug3xVYbM9syfkk3svz3PifJaurGaelGyYdAKUol3V1Pd889d1F7/6ggSuOo - S4Ha26GgWyydWMb4XSofdal4ek4GxlcU9VvZhlJc/FzwjDLbYuZ5BbpU2IGAIGPiJbfiDC+SyjuW - KKj8MeyWVH1Q+X7x7IziI7OQBIrSWSy5Y38o0KycySCpSzyshcjZiBM0oRlPHOsiKynyTJxtRCLp - okCFfm1f2RhI8soaUbrVThl5p1/SnIUV/Z/fhBXLDxaghNwlvX96VfG8pOpdcAUxXB3WmW1CV2Yu - 8M4eeUM4bXb10fYG2qHo7UVBLwM0O2Z42OzEOj75i8dMKvEOWPKUHHpd5NCjvqjhrkTfqIBUBQqg - ZKlEmts3gg5RbueGYV7S0ZJnbj/YxcRc0xEgO1m4IITd0n+0C15bytTYUacpoxLee67ekSuJkIvi - lfWeiNk5oIuaALRSwQ0bDiJvPhm6wRw2jcdTz/dHRC/MIWjYcYzTO8+iCDpQ83sPNti6uftgkI6E - 7uywVeA7IBfymMQZtewHnu8NuefygR9NR+EgDMZeOAmiyGWjG49PzqP3UsrRYHbkf8aPumenLNMl - 0LbVn0qnLu07eMT2HYp5J6/nSRySy+ycsZI8hvtIsCoGe8by06U9cvKM7G+37vtvcXsAsP8Wt4cI - +24xMClSLbxmyJtc81JPvyifCKNVp61w7Rowi+MXdSFy3r8GFIWLh8SjoRV2TSaTHj1+0+S60MB7 - gIK3f/QDFLyFxQco6ISCNpkAo+qt1nSnoSCw/Val4ooG4XrtQqGoWILVFildsznXzObaG2bW1d4Y - Nhs8W8aFyBRJ0q1/rb98UR9fZCmaTClh1Sw1Cr4C+Ta+Nuo3cs96Kfv9nZd1QoI3dMtBS1HNKmXH - UlT/bTSrZBmZUIXu9IeQYyozDBaFHP6QRmPHY2P9R9bqC9I76/X6HgAA//8DALGabDnIGwAA + H4sIAAAAAAAAA7xX227jNhD9FUKvla2LHccxUBRt4i22zaZB4mwfiiKgpbHMNUWqJBXbTfPvndHF + dpy4gLPbvEmkODM8c+bM6NGDVcFV6o08AyoFA+kHATK1vuI5WN8mc8i5rwsw3AmtrA+pcDk47idz + rjKQOvMfwFjcg/QGCgMWlGu+TUrrdD4jg/dRGEZh18BfJVg3WRdwbXjiRAKe7wnyH0WngyG+WJAz + fJ07V9hREKQwg8Sl+ovucie5tYKrrgIXoCcX8EIEkjt6FNaWELRWFrBGI1eT8e2kE/V7IS5VcVhv + 9OhZDLC0CZ7LtFnXF0nxDU/EYRx3wmEnOpuE4SgajsKT7ulJ9F0Yh2SjcuIw+srMsZHGdZB0PkA8 + wnhz9+YlBZsYURB6uPojszmX0mepsE6oxLFCQAJMz9hSm0WXTida3Rl5ZBSlEpQzLu/5A3fcBA8C + lkEV1jbAZisKe9HwByv+hu9zzH2Zo1fiBrqccLughJVTR0+jGZcWfK8++BHvVZ31vblA9phkvr6E + B8BYwyffKzjyzRGKm+SfvkhbfPYWPjQoV1Qgmzt5L/OcG/KwBFjINQOV8QxyisRvWPHGxNaHq6wS + T54n8rhEbQH+iScLLLBdlpDx2td5Q9+vCritgaClYtzmQMESlxIttbmqo5nKEjqZ4esdBmh2ob0n + yqcR2gj31mja40HvOKxEjvmzAZ2wrRGBCzVVu/aBwGuC/dTStwKz5z1963KuBGI3UfvlPBUZKy0Y + hrJo1szNuWMKILXMaTYFNjV6AYqleqm67NwAJidl0zX7RRjObvXMLbFqWAc/YEo7RlLMtGEpSHBw + pBw8Q25zDxtAIZLnuI1xhVi3V+b7VR09EQ+cwLZRVKWtStQub68HoBI3G4XRXzC0NyLfnH4d9x0V + 2V7jTglHjcJ6G9/Uhn6tvrUNuHRPkRdSYMDpnqIhsJU69Ier/vDIcP9DcdubbPS2H5Jqxf1V3P9/ + vdSqXvUYdBgNVtHgPRyuWo+9eNWL38Nj07iIn/t0jA7xNG43ZmL1uR5wMPt//IlsyDIDGdbmC65j + nFqWdbm/ajU+PbQxPLRx9tJ4ParUqzQIVKOZN+pEjaARXEYkdRyPL9aIxIiEnetSphfCFhIlvaY6 + Li+5w5nvrW2w7rzbsSuozRkquurxXJeEVxXq77QgVOaNnCnJNxp1nzGfVHoNGrUIeq8PZr3TzWC2 + D9tGZvY3DiU83iR8f6O3Vaxv0+P6X6HUOz1O6uVzob7U1LIrJexTd5N8CiRZRNr9UXxw4LbRIYZG + Q7r2nFtqB5dCLT7QzgUU9NugkpZBFa+W1d5mRWk1xlbFpxJugNualaZ58q4v737+eHV/+fF8fHU7 + vh/f3Px2g9fA0rJ4b/xgMgd2XY2LjPwyYZlWOLxhnQtJRql7Vi3y2kCOhV71WNt9rd4jLCcv/EeE + 4TA7HXl1v8IUIcbbmnpW4Ih2JhSX+x81Pz0NvBXvJUbXagSmL8PW3n5dFlS0r/N40D0Z9Fsev+sQ + +i8AAAD//+xZbWvcOBD+K+KgkITYa3tfslkovaWb0n4oXbq9CyQpQWtrY19tyVh23dD++HtGUrzb + TZ0e/VByEBKyzkoazYxmHj0zfkDqNqr+RyQ0VkWJOlTW7hQeOr/vnXMltz9HH7I6F0czdnnBy3DG + Xir1KRPsPKuBmDVbibgBC3uV85tvZCtMzVXM81TpejYNpsFgk8kEsDaIhpOPRuDCuAJa/qMYBcns + iP10JTvAn0OzfAWCRcCBZUhxp+SiEWwBe/DlQsQ+CyfHjGKrs+Ll+RnGLvHhTcKRUZWOJW6FX2R1 + JXxV3QwQlZxOKgM5omgeYKqf1kVuFLdy/iY5f8lPErR0x0vLSiUNrtuzroYafICTaU/jIijMXqvW + q1WPm0onIPrIBuzyXkXWs2o7YTA0Cy/mS7aKueyZb3oDp1Fnz44Fq1tdi0LDgqRUGaLmaGa+N4dD + vip4JnUGao3Agqt0ula8Svpm3JO/2IYYSZ6z2EYSQBRsH0Rfi5q1LqxqoJy2obVBaB2zNs3ilBWC + S20rBZrhJMDcK4mCgccxYBJFwueMswaRH1e3JRUNSHQp7G3v72j0Fqd8Y5ozpNB5KiSFFuOdXCVr + sgiakFmgWiyTG1UVZg3VGgBfjlFN2AfcRblyTIpBOGoRSykYz1t+SyaykhvtGo2gZlyyHQVTDg1z + n51JTTZ3FlofXElyAu1GPoIGTkN9pyIJ1A0c9ENNd2zesf490hDXCFxG1rtwadvWVy3XpckH5J/4 + 4pdpaWIZm1xD5rXb+5rX4FDrBiF1ffDufL5aequ3HhiCSdNuk1JVtagoDw54UmTykB0cfkOg5LWa + IQzvk5Wwj6yEVAB81wwhRKsrILKhTUTj9peMe2QFvQN9VCDoqIA5E0N8fjyxj7wGHXmF53icmkbL + fQ69D83bNs3PAJh8SQxRVb94ARFTeIEsIlb6Jnk+3vDRMAnX01EwXsOAk5PTMIomdN91k7DDA9ME + HfQ8SbAHLqE/tjp4rjz5sws2EvpgYWlTwcdtZ6YZFHLFzTiMwpEIAzGMktNJPIzHJ2E8HSdJwCeb + UExfJM+NlGfD+bPoFX7tOq/g0qGn59mvtN9or4VHvMgnRPbLZp1nMbnMKznX5DGsNxcE6BweF0tv + 4peS9N8vUh+/xvtV7uPXeL9KfuwaA5MSW1Q6yrbLfpau6UP5RKBtSz+Laxegbph+1lQK1fwFECdO + t4lHvRqMdplM+7iWlGN7lUPeJyj4/Yf+BAW/Q+MnKOiFgo5QQMUbm3Ffqc3rngPIVTV3L5/2aUpf + Tyjo6wkFXU9of2B0NyDk56xS0lIeV3I27i2j/fc/aaoKK+Hr3aMDu18AuJ0XpAMr7F8AAAD//wIF + fm5iRVBqcWkOyGAku8Ed/KISxxKIO8ryS6g3JggxDG4o0C5gjygsHzw+Ah+GzC8CjzqArIQ7BNW1 + RijOhWoAB09tbS0AAAD//wMAYSRMHdkeAAA= headers: - ATL-TraceId: - - 8192b6dddaaf6e38 - Connection: - - keep-alive + Atl-Traceid: + - e980f5ed6e72594e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5a3feb7c-d5a3-465a-a120-0c63267d7af9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '282' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e1562b0c-6503-475b-a28d-b072d67a1a90 - x-envoy-upstream-service-time: - - '219' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml index b1c1be5ba92..5b948599577 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m1qbqIHFVmFdk+yyKSdYiVtSpMKy7L/3QQXP27DO88z - L3NiGh3tF8MUe/d+dmqz6ain1nf2w2boDTo34JRN5FnCPmlxg50CzAF4Bhmk9e7mpb5/bn63u3XU - YWLqNUIJJHBIWEezsceRJt8cZwoHbo1duyDpdTDdt8JUFLbyEt6hj6AAwVMoUiEbXijgKi8yALgC - ARB8R0vobYbxH1s1XKhcKKiy6pr/sO34MPU2gFJUstz2GtuccqQS2r6Upe40SuhbACwKKTXlfwq8 - iQ2Pw4IsvtPjavyTbTHGJ2YuE6PpbV+z8/kLAAD//wMAUUq/oFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBG0IpQyn/YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwDjFByjWgEAAA== headers: - ATL-TraceId: - - c52d48adaf2a0974 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 46843a9196fee854 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b148270b-a752-4346-8db5-5b7537a5e89b - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - db2a1877094b459e - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a4831d1d-7da1-41db-ac8d-6c0de898c475 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 43e0ccd5-9f08-494c-9be7-c616c418a05f - x-envoy-upstream-service-time: - - '84' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - ab62e1a9e03f70a9 - Connection: - - keep-alive + Atl-Traceid: + - 0ed8f546cb5ce56b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1973c05d-6412-4912-8782-0095b0c91f1d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '171' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e2f74f01-e423-4c4d-8b32-18e42d287c8a - x-envoy-upstream-service-time: - - '80' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2815]\n\n*Defect Dojo link:* http://localhost:8080/finding/2815 - (2815)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/685]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 + (238)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11076","key":"NTEST-887","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11076"}' + string: '{"id":"11770","key":"NTEST-1432","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11770"}' headers: - ATL-TraceId: - - c8dea2ade73012e8 - Connection: - - keep-alive + Atl-Traceid: + - 6fa28f30a6052da4 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 64e832e9-b86b-4d98-812b-048d5bee6cae X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '501' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0c9096d5-ebe7-4a6f-b47e-b7e4dc4c4567 - x-envoy-upstream-service-time: - - '433' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-887 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1432 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH5JCqlnOjc0pC13lDJJKDOlnYxibxw1tuSR5Dg5yn+/ - lWwnFBqupTAD9lral2effaQbB9Y55bETOhJ4DBLiNwzSWLU4zUC1VLSAjLZEDpJqJrhqQcx0Bpq2 - ogXlCaQiaa1AKvwG8QhyCQq4rtY6LYcZz77vHR3ii4J0jq8LrXMVum4Mc4h0LL6KDtUpVYpR3uGg - XfShXZozN3CZUgW4jYMlbHD/+WQ4nrT7/SO0zG2yTnjjKAxaqIhqSITcVMnF+IYbAi/w216vHfQn - fhB2g9B72Tk8evGnF3ieydHE0JscrJsn5mj2u77necG26volBhVJlhtE0HpMVEbTtEVipjTjkSY5 - gwiImJNSyGXH7I4Ev5Tpz2ShICokuCsGJV1RTeVfiv0LrzJsUpE9q0yn8Svf6/r9+nWCib7aldxy - TKMx1oSqpelRMdPmKZzTVEHLaXw4oXVy23I0Q2Lk2GQn5AVW4uRSfMX0nohevdtiZ7vRYGde7jR8 - l+klZ1qjA8Overcp6h+7Vom5Lqk0hSmW5SlDhsT3qkFwLWV6/XWv/zPp1jDXwWqkc2aAxZ+7OPc8 - w8qgtw56T3ZsW2hZ8kzV/x+J5R+u/cPfi7VugtUPj0TrButu8HvRanKq5mFvtNtbM9/rj5W6YMeu - v2AHk0RCgnP9gIbIKZEW1ZhVlqhQWmRWIqYYITja96H/0EclHZXVDKaVPyds+y0Hy9QfceIMr+oF - VKNOVjL06xNQadxW1dzKmzT0to8DUZgqfaNUV8bAeOKEWhZwW4uXcSZZVNV+88BmEsOlaiGKND5h - Kk/pph4JNEcSsFYzdT/Sye5Rv9HJ+6h5++D0930IdpLBhGR680TEmu1u79fkkmU0AeWaHapxwtCQ - irKjVslOYs5E2UhRzzEY3Suk2xSS0hkYMTHUvLfITOUPYfD38dDvGzwWVA1zFp0xvrRH8Qnk5mTm - UdMz28nSfttauOBDPJjpLIURUFXxQNZPzsXZ5dvT8+nZ6WB4Ph5Oh6PRhxHWhwOkEBBcMFkAuUDV - 5JqYuIQpIni6ITiRLDVOiRbkbyYpuZCQ4dSSQiFDO3ZG71fxEh1635jn9ehR6FQHBvYOwd+N1Hdj - jG1IGKfp/UX1vaKG17I6xewaJcC+Jhy2q4vczOxP8Li6KTyRetXm7Wn1/eH+a2zc0e01jZZ4kWoo - 1zivYg3qK81vJdzci9zmehI0hysHQ/VIpEKeV9nM0gLaiUSN2F0OBDkRVbNFluNVj+u6C4/173tw - PvPd78GE6RQOQnL9ieZ+SAZCLBmQK6ZRozQZ28ODvElp8s3UiqWmIqLpQigd9r2+584Zj1EG3aDv - v/hiPZ5YLDDNr4IYloQH5P+3kufm7x/WwRiQbygquBHH35oGV0N8u+RLLspd7oOPD6wHF1LEBd5i - hjzBicoQH3eCcOC6a1sM+iXvRNnWYk9Bee0g+EJccl0CLHH8YOttz67dArdrN346viDjiPI96821 - yT3s15C9lpRHC3dCE8zzHLtaWQuWxqcnd00DkWVME1SmxR2zwWyjNGQKy45zwZAUB6G1W+gNQzPK - uGIaOsibsNfr7vu2z+7GGHMmqIwb+LdtONmxy0Q9JlFFIsySzAA4UaBJWTNKo8BVVxIyR1a1SLlg - 0YJkQLnCj7RaUXtA/NADoVGEAgkxWTFKCuR8JDc5Kgwu4xyqk7VjUhkh9VA7IwgbypVl2RElVXlH - yMRFwsG6ky9yywnk3nQu5LQKpqZU4zk9K7A10+cfro7HF+3x+zaeMZaVl6OzyuljwLwHLDIOydvh - 5DNHGceZ1SBDIvJV9JkPV8ycHpjcGHS7mrTmmwnwHwAAAP//7Flta9swEP4rJlBoS+3YTuwkg9GF - rYN92CgrbNBviq02Zn7DstONLP+9z0mKmrhxNrpR8iEQghyddOfT6bnnLv+gIM6SuEuBmtujoHtb - klgk+BbKR10qnsvJwPiMpH4vK1CKi+9zntPNtpg53gIFKuxAQJAxyYJbSY4TyeQaq6go/THMCso+ - yHw/eH5B8ZFbuASKRVksfWC/KNCskskgaQQO1kLkbMQJitCcp451lQuKPBNnG5FIuihQoV/bJ9YG - 0n6iQZTutFNG3vmnrGRRTe/5pbAS+WABSshd0vvnNzUvBWXviiuI4UpY32wTuvLmAu/s0BvCadOb - 97Y30A5FWV9UdDJAs1OGg83PrNOz3zjMtC7eAEuek0Ovixx6w66JYD1BKaWukBIlzyXm2hJ1jWh7 - wlAu6WFJMHcLdlEw15QCWwylndnaqyZmVV2zaE6ArNKjaLKMUe7u/SnRkQ+JiRfVCxM9MbJLYBZV - C6ihgjs2HMTebDx0gxlsHI0mnu+HxCuMEDTsEeN0wNM4hg4k+96TDbau6t4ZiKNN95bWKuIdsAop - JgFGDfuB53tD7rl84MeTMBpEwciLxkEcuyy88/j4Mn4rdzkZTE/8j/iodXbGcp37bFv9JJxG2A/w - iO07FOxO2czSJCKX2SVjgjyG9bhZdQLajOGHazt0ypzsb9fsh29xu/I/fIvb3YNDtxjQE6tyWVPj - TZJ5rdtedJ8InFVJruDrFvgK8aumKkrevwUURfOni0fdKsyam0x6dN9Ns+pKI+4RCl7/0I9Q8BoW - H6GgEwra5AJUqrdc0Zo1JYHt9+oqLqkDrscuFBY1SzHasUtXU841Tbn2hGlytScMheP5IqmKXNEd - XfM3+l8X9fg3li6K+r/1TtVeZk8oQjn4rZB9IdPwRDUrLV6uhxp1X6xf/j/VX+970cvYz69cNClt - vPGusqNT1dNavTe1lanrQ29uft9e7G+t1guktavV6hEAAP//AwCZMD+KvBsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvdhNHAHD0MXuli3IgsRJgKZFQFNniTVFaiQV2Wv733fU + i906dbdkWBHAkXi89+ce3XsPVgWViRd7GmQCGpJXHERiepLmYHqGZZDTnipAU8uVND1IuM3B0h7L + qExBqLT3ANqgDJJLKDQYkLa9y0pjVb5wBu/DIAiDgYY/SzB2ti7gQlNmOQOv53HnPwyPjgJ8MSAW + +JpZW5jY9xNYALOJeqcG1ApqDKdyIMH66Mn6tOB+5HNjSvA7A0tYo/75bHo164ejYYRHdQjGi997 + BmMrDaMWUqXXTQ4JvqFGFERRPxj3w+NZEMThOA5fDI5fDH8IosCZrZ1YDLw288wgnb6PpQhcVE3a + 7UsChmleuMLh6UticipEjyTcWC6ZJQUHBkQtSKX0cuC0mZLXWjwxilJy1y4q7ukDtVT7Dxwqvw5r + G2ArCoNhOP7J8L/gxxzbXubo1cECXc6oWbpelXPrnuIFFQZ6XqN4innVuj0v4wgczbL1GTwAxhp8 + 7HmWI7IKRIkXyxJz9HZgMgw6QaHVO8zomQVvtety1w3syr0Dkm1W15JbiwaMt/HtkPp7fdeoha2o + dng1PC8Ex4CTncyxHzXKRuPVaPzEcL/SmS6TTV9GwRGGEY1W0ej/9dJ0v8YiOgwPV+Hht3C46jwO + oxUO8Dfw2AL848fHcAz34TTqBAu+umk4ELt/9xbRkKYaUqSVR1jHOJUomyn/otXoaJ9gvE9w/Nh4 + Q2nNqSOMmr29uB+2PObKpTlr4nj/6MyBGCthMlWKZMJNIei6hToeV9TiZ6Gh06ePZUPWW3r2G3Pa + DV39eKJKV6861Ft3wGXqxVaXzjcatTfYTzd6bTU0YLJutr9E4IejcUfgu2Xb0MyuYF/Do03DdwXD + LWNxpbldP7M2nbo/ehrB85ymYHynYTojHA+EqgbmId0y3JmqOiYceXU55+Aoy4F292t9uCfbcB9C + w7FLO6NmWnB2xuXylZNMoHCbhWQdgmpcVbVscyKVnOJiQecCLoGaBpW6ffIuzq5/OT2/Pzs9mZ5f + Te+nl5d/XGIaOFoG88YLswzIBXKztMT5JdwQJcWa4Jxz4YwSq8hvXFNyoSHHQSelQcQNvjTvIY6T + F3zgQTBOZew13ytsEdZ4O1OfDThWO+WSit1L7V7UlrfGvcDoOo7A9qUSNrfLwg3tv8Bxs8I8E2GN + 8uab+PnW8TTQbVH1M2VLXAQ7ZHXGG18n7a71nwLuFja/25ui7hMuwSGaKaH0eRPNXJTQTzUy1nZd + UWSimmarvMBVVdq2C1/r3+fFeSO3fwczbgUcxOTuNS3CmJwoteRAbrlFxrTkClipgbwSNP3gcsVU + hWJUZMrYeByMA3/BZYK05kfD8dva4KQuBUb5ThEHkviA/KMm+Q5/vq/Vr3C9csSBajjibZCTEsgE + 88HDCbABCQ97xGFrk8XJ7RRld/ivfxiO6lBdW1gFg5xbDQOlUx9RSV2nOC5HDs0+Xh1kNhd14I2d + G2fnWi6lqj6t0oVWSYmf26lMcU5zrLo/wyI7n3WJMGDyq6r6Vu0pU9EaiN4Sn9xVAEscathY26O1 + veAPa8XXLy/IFaNyz3238vnHw00+n2RwtTYWcoMZJIXiiJqDuD6vm+NqlVMuDbcwQGBhqUw2V1Qn + +248sj/ZQsxZfklYgyQkUTIHkMSAJVULK4ssZxpoLRBaPVJlnGUkByoNCmlzo7WA6b6RcyCUMaRJ + SMgDp6RE5DO9LpBn8J6UCDn+NwAAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IF1sE+lIUWViiDoNhO + ExpLxj/qji7/+95Jsup4dTfKKPkQyAcnkk7vzrqndxe8UqeB6BJv+U7WbwToZhVzOloWM3YFyjt4 + BCTkFqSWteZLkSVyjSUyIl+G0Zy4D7x7H/MTAgbj68JSksJim4r9JBetlEl0ZY5DbTFuNQCiOOPx + xrEueE4+Gw9VDH5wCgLtRjECAo0wryGSwbxEgF5E2vC54f0V0hDXCEJG3uvjUlWVIyqWpzIfkH/x + o5OuUnmWsckcNud67zkroKEWJY7UvP/tZno9s68vbSgEmaZmk1RkRZxRHvRZlKz5sdU//oWDsinE + RxzDP8WK1yVWvGHXQFAPEMUVKLbvpY4iXdea6pqp7QEjAWTIpa55eWKXJHCNaN25MdtM215lFC3C + ycIVpbKi67xMEkZ3Se9vxEsxJGUosjdePKQQzpE9pEa/RmfBkg0HkbeYDN1gAYzj8ann+yO658wk + 7PDKtJhe8DSKsAcun94zBluXJZ/MISOjrxaUKgUc3HJymmQfXdQEnu8NY8+NB350OgoHYTD2wkkQ + RS4bLb14ch6dSStHg+mR/wUftc5OGNesadvqp9wpc7tCRGzfISZ20nKxWYcUMjtlLKeIYb28GCDj + 8Ph5Zo+clBP+dnG6/4jb1e3+I25Xx/uOGNQTqWJSS7Wm6pnpZg/lE5G1KvkUfd1CsmH6RZkJVPG3 + oKJw9Zx41KPBqMlk2kd3prTKyzTjHqjg/V/6gQreA/GBCjqpwCgPQLxTGfdE7V397MKuKJhuTreV + SFcvyO3qBbmmF9QeMEot5g/rTHClanSpWep/IdTXf0H6IIr/14NTxoxR7IQK5LuQ/Yi67YcjpCA/ + 1Y+aXd8MQP5j86G2e9JL2ONVnJcbMtxwVnYSsmJaKMepn0ndBnLd/L672N9ZrRdItNvt9jcAAAD/ + /wMAC3OK1PQaAAA= headers: - ATL-TraceId: - - 0cce1ef8165f2cd9 - Connection: - - keep-alive + Atl-Traceid: + - c093c6834c576642 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a3d33ef2-4120-46e3-8923-719476296d13 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '226' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - af99fdc2-b49a-4c32-89e4-89faa5b387f0 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11076 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11770 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4JH5JCqlnOjc0pC13lDJJKDOlnYxibxw1tuSR5Dg5yn+/ - lWwnFBqupTAD9lral2effaQbB9Y55bETOhJ4DBLiNwzSWLU4zUC1VLSAjLZEDpJqJrhqQcx0Bpq2 - ogXlCaQiaa1AKvwG8QhyCQq4rtY6LYcZz77vHR3ii4J0jq8LrXMVum4Mc4h0LL6KDtUpVYpR3uGg - XfShXZozN3CZUgW4jYMlbHD/+WQ4nrT7/SO0zG2yTnjjKAxaqIhqSITcVMnF+IYbAi/w216vHfQn - fhB2g9B72Tk8evGnF3ieydHE0JscrJsn5mj2u77necG26volBhVJlhtE0HpMVEbTtEVipjTjkSY5 - gwiImJNSyGXH7I4Ev5Tpz2ShICokuCsGJV1RTeVfiv0LrzJsUpE9q0yn8Svf6/r9+nWCib7aldxy - TKMx1oSqpelRMdPmKZzTVEHLaXw4oXVy23I0Q2Lk2GQn5AVW4uRSfMX0nohevdtiZ7vRYGde7jR8 - l+klZ1qjA8Overcp6h+7Vom5Lqk0hSmW5SlDhsT3qkFwLWV6/XWv/zPp1jDXwWqkc2aAxZ+7OPc8 - w8qgtw56T3ZsW2hZ8kzV/x+J5R+u/cPfi7VugtUPj0TrButu8HvRanKq5mFvtNtbM9/rj5W6YMeu - v2AHk0RCgnP9gIbIKZEW1ZhVlqhQWmRWIqYYITja96H/0EclHZXVDKaVPyds+y0Hy9QfceIMr+oF - VKNOVjL06xNQadxW1dzKmzT0to8DUZgqfaNUV8bAeOKEWhZwW4uXcSZZVNV+88BmEsOlaiGKND5h - Kk/pph4JNEcSsFYzdT/Sye5Rv9HJ+6h5++D0930IdpLBhGR680TEmu1u79fkkmU0AeWaHapxwtCQ - irKjVslOYs5E2UhRzzEY3Suk2xSS0hkYMTHUvLfITOUPYfD38dDvGzwWVA1zFp0xvrRH8Qnk5mTm - UdMz28nSfttauOBDPJjpLIURUFXxQNZPzsXZ5dvT8+nZ6WB4Ph5Oh6PRhxHWhwOkEBBcMFkAuUDV - 5JqYuIQpIni6ITiRLDVOiRbkbyYpuZCQ4dSSQiFDO3ZG71fxEh1635jn9ehR6FQHBvYOwd+N1Hdj - jG1IGKfp/UX1vaKG17I6xewaJcC+Jhy2q4vczOxP8Li6KTyRetXm7Wn1/eH+a2zc0e01jZZ4kWoo - 1zivYg3qK81vJdzci9zmehI0hysHQ/VIpEKeV9nM0gLaiUSN2F0OBDkRVbNFluNVj+u6C4/173tw - PvPd78GE6RQOQnL9ieZ+SAZCLBmQK6ZRozQZ28ODvElp8s3UiqWmIqLpQigd9r2+584Zj1EG3aDv - v/hiPZ5YLDDNr4IYloQH5P+3kufm7x/WwRiQbygquBHH35oGV0N8u+RLLspd7oOPD6wHF1LEBd5i - hjzBicoQH3eCcOC6a1sM+iXvRNnWYk9Bee0g+EJccl0CLHH8YOttz67dArdrN346viDjiPI96821 - yT3s15C9lpRHC3dCE8zzHLtaWQuWxqcnd00DkWVME1SmxR2zwWyjNGQKy45zwZAUB6G1W+gNQzPK - uGIaOsibsNfr7vu2z+7GGHMmqIwb+LdtONmxy0Q9JlFFIsySzAA4UaBJWTNKo8BVVxIyR1a1SLlg - 0YJkQLnCj7RaUXtA/NADoVGEAgkxWTFKCuR8JDc5Kgwu4xyqk7VjUhkh9VA7IwgbypVl2RElVXlH - yMRFwsG6ky9yywnk3nQu5LQKpqZU4zk9K7A10+cfro7HF+3x+zaeMZaVl6OzyuljwLwHLDIOydvh - 5DNHGceZ1SBDIvJV9JkPV8ycHpjcGHS7mrTmmwnwHwAAAP//7Flta9swEP4rJlBoS+3YTpyXwejC - 1sE+bJQVNug3xVYbM79h2elGlv/e5yRZTd04Ld0o+RAIwYmku8vp7rnnLv+gIErjqEuBWtuhoFss - 7VjGeBfKR10qnu6TgfEVRf1WdqAUFz8XPKPMtpi53hwNKuxAQJAx8ZJbcYYbSeUZKy+p/DGsCqo+ - qHy/eHZG8ZFZSALFoiyW3LE/FGhWwWSQ1AIXayFyNuIETWjGE8e6yARFnomzjUgkXRSo0K/tE42B - JE/UiNKtdsrIO/2SFiys6Hd+y61YfrAAJeQu6f3Tq4oXgqp3yRXEcLVZZ7YJXZm5wDt75A3htNnV - R9sbaIeirc9Luhmg2THDxWYn1vHJX1xmUuXvgCVPyaHXRQ69YddC0CxQSalKlETJc4m5tra6Zmt7 - wVAu6WFJMLdv7KJgrmkF2gvTrdSlXfKQzCxcECCr8ijqNGVUu3vPFTryITHxvHxloSdGdg7Mom4B - PVRww4aDyJtPhm4wxw8Yj6ee74+IV5hN0LBjG6cLnkURdKDY9x5ssHVX98FAHAnd2VqriHfAKuQ2 - CTDqsR94vjfknssHfjQdhYMwGHvhJIgil41uPD45j95LKUeD2ZH/GS91zk5ZpmufbauvhFML+w4e - sX2Hgt0p6nkSh+Qyu2BMkMdwHplVxaDNePx0aY+cIiP72z37/lvc7vz33+L29GDfLQb0RKpd1tR4 - k2Re6rEX5ROBs2rJFXxdA1+x/aIu84L3rwFF4eIh8WhahVWTyaRHz900qy414h6g4O0v/QAFb2Hx - AQo6oaDNPECleqs1nWmYB2y/Vam4ogm4fnahMK9YgqctUrqGcq4ZyrUXzJCrvWAoHM+WcZlniu7o - nr/W/7qojy+yFN2llLBqHjUKvgL5Nv4v6jdyz3op+/2dizohwRu65YSlrGaVsmOZV/9thqtkGZlQ - hbb0Ry7nU83glcbKNPUhjcaOx8b6j6zVB6R31uv1PQAAAP//AwCTP/g5vBsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXuli3IgsRJgKZFQFNniTVFaiQV22v733fU + i906dbdkWBHAkXi89+ce3XsPViWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4DaIMySC+h1GBA2vYuq4xVxdwZvI/CMAr7Gv6swNjpuoQLTZnlDDzf485/FB0dhfhiQMzx + Nbe2NEkQpDAHZlP1TvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGFrBG/fPp5Grai4aDGI/qEIyXvPcM + xlYZRi1kSq+bHFJ8Q404jONeOOpFx9MwTKJREr3oH78Y/BDGoTNbO7EYeG3mmUE6/QBLEbqomrTb + lxQM07x0hcPTl8QUVAifpNxYLpklJQcGRM3JUulF32kzJa+1eGIUleSuXVTc0wdqqQ4eOCyDOqxt + gK0oCgfR6CfD/4IfC2x7VaBXBwt0OaVm4XpVzax7SuZUGPC9RvEU86p1fS/nCBzN8vUZPADGGn70 + PcsRWSWixEtkhTl6OzAZhPsEUScotXqHqT6zE6123Ye6s10fdtCzTfdacmvRgPE2vh2Ef6/vGjW3 + S6odkA0vSsEx4HSnJNioGn7D0Wo4emK4X2lZl8mmYcPwCMOIh6t4+P96aWBRgxQdRoer6PBbOFx1 + HgfxCif7G3hskf/x42M4xh0c53x103AgNvnuLTY9yzRkSCuPsI7hKFE1U/5FkMdH+wSjfYLjx8Yb + SmtOHWHU7O0lvajlMVcVzVkTx/tHZw6rmLDJVSXSMTeloOsW0XiM5bU3WDqH8tYFtfihaAj26fPY + 0PeWsIPGnHbTVj+eqMpVsA7+1h1wmXmJ1ZWLhmnAZN0If4nAD4ejjsB3y7aPZuINzewKNg0vNVea + 2/UzE+7Ug+HTeJwXNAMTOA3TGeF4INSybx6yLV+dqWXHa0PvMXLjQZeIoDNwzORAu/u1PtxThmgf + QqORq0dOzaTk7IzLxSsnGUPpNgvJOgTVuFrWss2JVHKCiwWdCbgEahpU6vbJuzi7/uX0/P7s9GRy + fjW5n1xe/nGJ+eFoGSwIXpjmQC6QgqUlzi/hhigp1gTHmQtnlFhFfuOakgsNBc4zqQziq/+lsY5w + nLzwAw/DUSYTb2eYseQZl1RgM7Eb2yFzst2zdi9qy1ujXGB0HUdgXzMJm9tV6Yb2X+C4WWGeCb1G + efPp+3zreBoat3D7mbIFLoId5Drjja+Tdtf6TwF3C1vQ7U1x96WW4KDOlFD6vIlmJiroZRoZa7uu + KDJWTbNVUeKqKm3bha/19PPivJHbv4MptwIOEnL3mpZRQk6UWnAgt9wiY1pyBazSQF4Jmn1wuWKq + QjEqcmVsMgpHYTDnMkUSC+LB6G1tcFyXAqN8p4gDSXJA/lGTfIc/39fqV7heOUZBNZz9NshxBWSM + +eDhGFifRIc+cdjaZHFyO0HZHf7rHUbDOlTXFraEfsGthr7SWYCopK5THHcgh+YAr/ZzW4g68MbO + jbNzLRdSLT+t0oVWaYVf1YnMcE4LrHowxSI7n3WJMGDyq1r2rNpTprI1EL8lAblbAixwqGFjbY/W + 9kIwqBVfv7wgV4zKPffdZhccDzb5fJLB1dpYKAxmkJaKI2oOkvq8bo6rVUG5NNxCH4GFpTL5TFGd + 7rvxyP54CzFn+SVhDZKQRMkMQBIDlixbWFlkOdNAa47Q8sky5ywnBVBpUEibG60FTPeNnAGhjCFN + QkoeOCUVIp/pdYk8g/ekRMjxvwEAAP//7Flta9swEP4rJlBIofZsJ07SQekC62AfykILK5RBUGyl + CY0l45e6o8t/33OSojpe040ySj4E8sGxpNNzJ93dc2ccqddAdIlTvlP1GwG6WXBBV8thVq5EeQeN + gITUAqNylmIu81StcWROwZdhtKDYh7h7z8UJAYPwZeloSuGwVc1+kopOxhS6qsCldphwGgBRnAm+ + 8pwLUZDOVkNtgx+CjEC7kY2AwCAsNhBJYFHBQC8ibejc0P4Kbog0ApOR9ua61HXtyZoVmfIH+B9/ + 9LJFpu4yNplC5tTsPWUlONSswpWadr/djK8n7vWli4yr3NRuksm85Dn5QZcl6VIcO93jX7goq1J+ + xDX8k6wEu8hK0N81EDVTU4li+16xJuJ1ram+ndoe2EUBfEsB1FkoJvTyREtat7JoO9K2V1lGC3Oy + eEGurMN1UaUpo1zS+VvgJRsSM5T5GxMPMYRzeA9xz6/JWTRn/V4SzEZ9P5oB43B4GoThgPKcnYQd + XpnG6YDHSYI9kHw6zxhcU318speMhL5aN2oX8JDl1DQVfUztEgVh0OeBz3thcjqIe3E0DOJRlCQ+ + G8wDPjpPzpSUo974KPyCn17npkyYqOm6+lXhVYVbwyJu6FEk9rJqtlrGZDI3Y6wgi2G9SgygcXj8 + PHEHXiYIf7sG3X/E7SJ2/xG3i+B9R4zQk+hi0lC1JuuZmJ4O+RMFa13g6fB1C8qG6RdVLlGs3yLi + xItnx6NWDEatJ9M+pjNlWF5uIu4hFLz/oR9CwXsgPoSCnaHAMg9AvNMe90RdXPPsQ64smWlOt5nI + rl6Qb3tB7QHbW2kPWKbGxcMyl0KzGlNqVuYrhP77L0gfZPn/Om5amBWKnVCBfJeqH7Fp++EKachP + m0cTXd8MQH2x+bCRe9JJ2eMVL6oVCW4oqzoJeTkuteLUz6RuA6lu328vDrdWmwUK7Xq9/g0AAP// + AwDmi6ge9BoAAA== headers: - ATL-TraceId: - - 53793da3bc41fd5b - Connection: - - keep-alive + Atl-Traceid: + - ce420f17590b4f7f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9d832783-7a5b-4f68-bb4d-605e93f5c9ec X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '274' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 51ae3bb6-a730-4672-b06b-c0bff7d3c7f9 - x-envoy-upstream-service-time: - - '185' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPUUvDMBSF/8t9tc1u066ZeRN9UJEprHuSIUl6g5W0KW0qjLH/boKD6dvh3O+c - wz2BVjPtJwcSPkMYZ7latWTJhNZ/eaaCU/PcqYENFCCDb5rmzg8RLhALhgzz3fbubff42lyv26XX - UYF8T1CGGR4yaGl0/tjTEJrjSLHg3vmljSG9dK79jYBMgbW4mA8qJJAjL3Ksci6aopJYyLJiiHiD - HDHmZ5ribtP1/9hNU3BZ8ljIxO2VNf3TYH0EBd+Iem21MiWVimo0tha1brUSaA2iqiohNJV/BoJL - C8/dpCC9Y9Xiwos3KtkncBcFNHzsd3A+/wAAAP//AwAe5GG9WgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBGUE6Kqvxh+/HBGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hsdhlrC+Y+Ri45Pv5RqfwF4m0O5tv4Pz+QsAAP//AwDfp1aVWgEAAA== headers: - ATL-TraceId: - - 0133a10d039b8d09 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - f90e321becee7617 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8eb26a14-c108-472b-a5f2-12bb66a0b559 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f7aa83fccb642823 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fa670cae-a8d9-41c7-acb3-20ba32b11a19 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '116' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1c83f7fb-5bd0-49d2-8248-a526ea0cf2a4 - x-envoy-upstream-service-time: - - '81' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 7e0eec454515e371 - Connection: - - keep-alive + Atl-Traceid: + - 4bff7d79aab24e0d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 015e3f4f-250e-43f7-94eb-e8bc369cd9c0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '177' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8e6b36c2-cb4c-4d5a-82bb-2e4f9b830488 - x-envoy-upstream-service-time: - - '110' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2816]\n\n*Defect Dojo link:* http://localhost:8080/finding/2816 - (2816)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] - / [ZAP Scan|http://localhost:8080/test/685]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/239]\n\n*Defect Dojo link:* http://localhost:8080/finding/239 + (239)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1666' + - '1298' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11077","key":"NTEST-888","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11077"}' + string: '{"id":"11771","key":"NTEST-1433","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11771"}' headers: - ATL-TraceId: - - 3da0c9ea66d9566b - Connection: - - keep-alive + Atl-Traceid: + - ed6ac7a1e168731d + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1f46bc77-e423-46be-b3b9-ca368b669d1f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '642' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 191b3684-4b9a-471d-a66e-ef9d181f522f - x-envoy-upstream-service-time: - - '477' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-888 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1433 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2UldAMaSO22VL0yB2GqBpYdDSWWYtkQJJRfba/vcd - SclOkzpr0wRIxCPv7bnnjvzswbqkPPViTwJPQUL6ikGeqg6nBaiOSpZQ0I4oQVLNBFcdSJkuQNNO - sqQ8g1xknRuQCvcgvYBSggKu3Vmv4zFjOQyDZ89woSBf4HKpdali309hAYlOxSfRozqnSjHKexy0 - jza0T0vmRz5TqgK/NbCCDeqfTceTaXc4HKJkYYP14s+eQqeVSqiGTMiNCy7FFSpEQRR2g0E3Gk7D - KO5HcRj2DvvPfw+iIDAxGh96U4I188gYjb4fBkEQbbNuFimoRLLSIILSI6IKmucdkjKlGU80KRkk - QMSC1EKuekY7EfxS5j8ShYKkkuDfMKjpDdVU/qnYv/CiwCJVxRMnOklfhEE/HDbLKQb6YpdyxzOF - Rl9TqlamRtVcm694QXMFHa+14cXWyNeOpxkSo8QiezGvMBOvlOIThvdI9Bpti52tRoudWdwq+C7S - S860RgOGX422Seofe1aJha6pNIkpVpQ5Q4akd7JBcC1lBsP1YPgj4TYwN84apEtmgMWf2zgPAsPT - aLCOBo82bEtoWfJENf8f8BUersPDX/O1bp01Hw9460frfvRr3hpyqvZjr7evX01/r9+56YIVu/6I - FcwyCRn29T0aIqdEXrk2c5KkUloUdkTM0EP0bN/G8L4NNzqc1DSmHX9e3A07Hqap32HHGV65A7ad - DKclS1wAn+/JDOMwIbUUVZ4eM1XmdNPwEsU11Thp3SD7+R5yU3I7F31nTZoGsZ8jURmcQhPplREw - nnmxlpVxnUjAXE3XfW9O9qOgnZN3UQv2wRnu24h2I4MJyfTmkfm26v7g58YlK2gGyjcaqjXCUJCL - uqdust2IORV1O4oGnsHoTiL9NpGczsEME0PNO4dMV34XhnAfD8OhwWNJ1bhkySnjK3sVH0Npbmae - tHSxJKrt3lbCBR/jxUznOVwAVY6Csvnyzk8vX5+czU5PRuOzyXg2vrh4e4H5YQMpBAQPTJdAznFq - ck2MX8IUETzfEOxIlhujRAvyN5OUnEsosGtJpZBfPdujd7N4jgaDLywIBnQRe+7CwNoh+LuW+qaN - sQwZ4zS/e6h5VzTwWpLnGF07CbCuGYft6ao0PfsDPHYvhUdSzylvb6tvL/efY+OObi9pssKHVEu5 - 1rjzNWqeNL8UcPsu8tvnSdRerhwM1RORC3nmopnnFXQzieNp9zgQ5Fi4YouixKce100VHqrft+B8 - 4LvfgynTORzE5Po9LaOYjIRYMSBXTON41GRiLw/yKqfZF5MrppqLhOZLoXQ8DIaBv2A8xSHmR8Pw - 8KO1eGyxwDA/CWJYEh+Q/1clT83f36yBCSDfcKigIra/FY2uxri65Csu6l3so3f3pAfnUqQVvmLG - PMOOKhAff4pw4LlrmwzaJX+JuqvFnoTKxkD0kfjkugZYYfvB1toerd0Bv28V3x+dk0lC+Z7z5tnk - Hw7/cJC9lJQnS39KM4zzDKvqpBXL05Pj26KRKAqmCU6m5S2xwWyjNBQK005LwZAUB7GVW+gNQwvK - uGIaesibeDDo79vbJ/dT9DkXVKYt/NsyHO/YZbwekcSRCKMkcwBOFGhSN4zSOODck4QskFUdUi9Z - siQFUK5wk7oTjQXEDy0QmiQ4ICElN4ySCjmfyE2JEwaPcQ7uUu+ZUC6Qejg7E4hbytV13RM1VWVP - yMxHwsG6Vy5Lywnk3mwh5Mw5UzOq8Ykwr7A0s6dvr44m593Jmy7eMZaVlxenzuhDwLwBTDKNyevx - 9APHMY49q0HGRJQ3yQc+vmHm9sDgJqC7rtPaPePgPwAAAP//7Flta9swEP4rJlBoS+3YTpyXwejC - 1sE+bJQVNug3xVYbs9gylp1uZPnvfU5S1MSNs9GNkg+BUpTqdHc9nZ577vIPBpIsTdoM6L09BtrV - ksQixW+pY9Rm4rmcSozPKOr3qgOlvPg+4zm9bIfZ6xVoUOEHEoKcSRfcSXPcSKbOOKKk8sewK6n6 - oPL94PkF5Ufu4BFoAuew+QP7RYnmFEwlSS1xsQ4yZyNP0ITmfO45V7mkzLN5tpGJZIsSFfaNf3Lt - IOmTNbJ0p58q884/ZQWLK/o/vwgnVR8cQAmFS0X//KbihaTqXXINMVwLm5dtU1e9XOCdOwj6CNrk - 5r0b9ExA0daLkm4GaHbKcLH5mXN69huXOa/EG2DJc3IYtJHDoN+2Ea03qKRUJUqiYqlEmhuivhVt - brRRLt9SLhV6xTx3C9pWYIuhNCtb89TYnqoqFs8IkHV5lHWWMardnT8VOoohMXFRvrDQEyO7BGYR - 10cPFd2xfi8JpqO+H03h43A4DsJwQLzCCsHCHjFOFzxJEthAse88+eCaru6dhThSure11hnvgVUo - MQUwetmNgjDo88DnvTAZD+JeHA2DeBQlic8GdwEfXSZvlZaT3uQk/Igffc7NWG5qn+vqP0mvlu4D - IuKGHiW7V9TTeRpTyNyCMUkRw3m8rCoFbcbyw7U78Iqc/G/27IfvcbPzP3yPm9ODQ/cY0JPoTt1Q - 402SeW3GXvSeCJx1Q63h6xb4CvGruhQF794CceLZ08OjaRV27UsmO2buZlh1aRD3CAWvf+lHKHgN - j49Q0AoFTXIBKtVZrujMmpLA93v9FJc0ATdrHwZFxeZY7dDSNpTz7VCuuWGHXM0NS+F4vkhLkWu6 - Y3r+2nzroj/+lafoLpWG5XppUPAFyLfxfVF3rfeik7GfX7ms56R4w7aasJTVpNJ+LET13yawWpfV - CVNoS78JNZ+yM19RqqkPWbR+bDsbbnlrDqjorFarRwAAAP//AwAlFhmVvBsAAA== + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGW2XjYSR8AwdLG7dQuyIHFaoGkR0NRZYk2RGkn5sbb/+456 + 2K1dd0uGFQkSicd7f/fp3nuwLqlMvcTTIFPQkD7nIFLTk7QA0zMsh4L2VAmaWq6k6UHKbQGW9lhO + ZQZCZb0laIMySG+g1GBA2vYuq4xVxdwZfIjCMAp9DX9WYOx0U8K1psxyBl7P485/FJ2dRfhiQMzx + Nbe2NEkQpDAHZlP1TvnUCmoMp9KXYAP0ZANa8iAOuDEVBJ2BBWxQ/2o6uZ32o+FggEd1CMZL3nsG + Y6sMoxYypTdNDim+oUYcxnE/HPWj82kYJtEIf/1BdPpDGIehC9I5sRh4beaJQTr9AEsRxtu025cU + DNO8dIXD02fEFFSIHkm5sVwyS0oODIiak5XSC99pMyXvtHhkFJXkrl1UPNAltVQHSw6roA5rF2Ar + isJBNPrJ8L/gxwLbXhXo1cECXU6pWbheVTPrnpI5FQZ6XqP4AvOqdXtezhE4muWbS1gCxhp+7HmW + I7JKRImXyApz9PZgMgiPCaJOUGr1DlN9Yida7boPdWe7PriXT9CzS/dOcmvRgPG2vh2Ef6/vGjW3 + K6odkA0vSsEx4HSvJNioGn7D0Xo4emS4X2lZl8m2YcPwDMOIh+t4+P96aWBRgxQdRqfr6PRbOFx3 + HgfxehB/C48t8j9+PIRj3MFxztcvGw7EJt+/xaZnmYYMaeUA6xiOElUz5V8EeXx2TDA6Jjg/NN5Q + WnPqCKNmby/pRy2Puapozpo43h+cOaxiwiZXlUjH3JSCblpE4zGW177E0jmUty6oxQ9FQ7CPn8eG + vneEHTTmtJu2+vFCVa6CdfCv3AGXmZdYXblomAZM1o3wIYGf+edx1BH4ftmO0Uy8pZl9wbbhpeZK + c7t5YsKdejB8HI/zgmZgAqdhOiMcD4Ra+WaZ7fjqUq06Xht6h8iNB10igs7AMZMD7f7X+vRIGaJj + CI1Grh45NZOSs0suF8+dZAyl2ywk6xBU42pVy7YnUskJLhZ0JuAGqGlQqdsn7/ry7pcXVw+XLy4m + V7eTh8nNzR83mB+OlsGC4IVpDuQaKVha4vwSboiSYkNwnLlwRolV5DeuKbnWUOA8k8ogvvwvjXWE + 4+SFH3gYjrJl4u0NM5Y845IKbCZ2YzdkTrZ/1u5FbXlrlAuMruMI7GsmYXu7Kt3Q/gscNyvME6HX + KG8/fZ9vHY9D4w5uP1O2wEWwg1xnvPF10e5a/yngbmELur0p7r7UEhzUmRJKXzXRzEQF/UwjY+3W + FUXGqmm2KkpcVaVtu/C1nn5enDdy93My5VbASULuX9MyTsiFUgsO5BW3yJiW3AKrNJDngmYfXK6Y + qlCMilwZm4zCURjMuUyRxIJ4cP62NjiuS4FRvlPEgSQ5If+oSb7DP9/X6re4XjlGQTWc/TbIcQVk + jPng4RiYT6LTHnHY2mZx8WqCsnv81z+NhnWori1sBX7BrQZf6SxAVFLXKY47kENzgFf93BaiDryx + 89LZuZMLqVafVulaq7TCr+pEZjinBVY9mGKRnc+6RBgw+VWt+lYdKVPZGojfkoDcrwAWONSwtXZE + a3chGNSKr59dk1tG5ZH7brMLzgfbfD7J4HZjLBQGM0hLxRE1J0l9XjfH1aqgXBpuwUdgYalMPlNU + p8duHNgf7yDmLD8jrEESkiiZAUhiwJJVCyuLLGcaaM0RWj2yyjnLSQFUGhTS5kZrAdN9I2dAKGNI + k5CSJaekQuQzvSmRZ/CelAg5/jcAAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBdbBPpSFFlYog6DY + ShMaS8Y/6o4u//veSYrqeE03yij5EMgHJ5JOT2fdu3cXvFKvgegSb/lO1W8E6GbBBV0th1m7EuUd + TgQkdCwoKmcp5jJP1RpH5kS+DKMFcR94956LEwIG48vS0ZLCYaua/aQjOhlT6KoCl9phwmkARHEm + +MpzLkRBZ7Yn1D74IcgJtBv5CAgMwmIDkQwWFRz0ItLGmRunv0IYIo3AZXR6c13quvZkzYpMxQPi + jz962SJTdxmbTGFzavaeshIaalbhSk27327G1xP3+tJFxlVhajfJZF7ynOKgy5J0KY6d7vEvXJRV + KT/iGv4pVoJdYiXo7xqImqmpRLF9r1QT6brWVN9ObQ9YCaBcrgTPyxN3SQLfitatLNpm2vYqq2jh + ThYvKJQ1XRdVmjLKJZ2/ES/5kJShzN+YeEghnCN6SHt+Tc6iOev3kmA26vvRDBiHw9MgDAeU5+wk + 7PDKNE4veJwk2APJp/OMwTXVxyd7ycjoq3WjDgEPWU5NU+xjapcoCIM+D3zeC5PTQdyLo2EQj6Ik + 8dlgHvDReXKmrBz1xkfhF3z0OjdlwrCm6+qfCq8q3BoecUOPmNjLqtlqGZPL3IyxgjyG9SoxQMbh + 8fPEHXiZIPztGnT/EbeL2P1H3C6C9x0xqCfRxaSRak3VMzE9HYonImtd4Gn6uoVkw/SLKpco1m9B + RfHiOfCoFYNRG8m0j+lMGZWXG8Y9UMH7v/QDFbwH4gMV7KQCqzwA8U5H3BN1cc2zD7uyZKY53VYi + u3pBvu0FtQdsb6U9YJUaFw/LXAqtakypWZl/IfTXf0IqU23hafNoyO4NBNf4A+XDxu5JJ2WPV7yo + VmS4sbcq7PNyXGocD7L8f50/bcwaxV6ohL5L1RfZtB+pn0ndBtrSAtlGG27BNQuUe9br9W8AAAD/ + /wMAMIHCG/QaAAA= headers: - ATL-TraceId: - - d4e6ba2300c8654f - Connection: - - keep-alive + Atl-Traceid: + - 96686372cadd8d9c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 23171105-8e26-4607-874d-ad119bd2a2cf X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '217' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b4600337-6e66-42bc-9494-63f70b29cbab - x-envoy-upstream-service-time: - - '147' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11077 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11771 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2UldAMaSO22VL0yB2GqBpYdDSWWYtkQJJRfba/vcd - SclOkzpr0wRIxCPv7bnnjvzswbqkPPViTwJPQUL6ikGeqg6nBaiOSpZQ0I4oQVLNBFcdSJkuQNNO - sqQ8g1xknRuQCvcgvYBSggKu3Vmv4zFjOQyDZ89woSBf4HKpdali309hAYlOxSfRozqnSjHKexy0 - jza0T0vmRz5TqgK/NbCCDeqfTceTaXc4HKJkYYP14s+eQqeVSqiGTMiNCy7FFSpEQRR2g0E3Gk7D - KO5HcRj2DvvPfw+iIDAxGh96U4I188gYjb4fBkEQbbNuFimoRLLSIILSI6IKmucdkjKlGU80KRkk - QMSC1EKuekY7EfxS5j8ShYKkkuDfMKjpDdVU/qnYv/CiwCJVxRMnOklfhEE/HDbLKQb6YpdyxzOF - Rl9TqlamRtVcm694QXMFHa+14cXWyNeOpxkSo8QiezGvMBOvlOIThvdI9Bpti52tRoudWdwq+C7S - S860RgOGX422Seofe1aJha6pNIkpVpQ5Q4akd7JBcC1lBsP1YPgj4TYwN84apEtmgMWf2zgPAsPT - aLCOBo82bEtoWfJENf8f8BUersPDX/O1bp01Hw9460frfvRr3hpyqvZjr7evX01/r9+56YIVu/6I - FcwyCRn29T0aIqdEXrk2c5KkUloUdkTM0EP0bN/G8L4NNzqc1DSmHX9e3A1xSTVORTd0fp7vbqJt - Z5jvrElDZvs5EpXJKTRz6coIGM+8WMsKEA60qd9hsxtKu9isOWNessTl/vmezISKymopqjw9ZqrM - 6aZpCRQnEjBX03Xfm5P9KGjn5F3Ugn1whvs2ot3IYEIyvXkkhq26P/i5cckKmoHyjYZqjTAU5KLu - qZtsN2JORd2OooFnMLqTSL9NJKdzMMPEUPPOIdOV34Uh3MfDcGjwWFI1LllyyvjKXsXHUJqbmSdt - zWwla7u3lXDBx3gx03kOF0CV44Fsvrzz08vXJ2ez05PR+Gwyno0vLt5eYH7YQAoBwQPTJZBznJpc - E+OXMEUEzzcEO5LlxijRgvzNJCXnEgrsWlIp5GzP9ujdLJ6jweALC4IBXcSeuzCwdgj+rqW+aWMs - Q8Y4ze8eat4VDbyW1TlG104CrGvGYXu6Kk3P/gCP3UvhkdRzytvb6tvL/efYuKPbS5qs8CHVUq41 - 7nyNmifNLwXcvov89nkStZcrB0P1RORCnrlo5nkF3UzijNg9DgQ5Fq7Yoijxqcd1U4WH6vctOB/4 - 7vdgynQOBzG5fk/LKCYjIVYMyBXTOKM0mdjLg7zKafbF5Iqp5iKh+VIoHQ+DYeAvGE9xMPrRMDz8 - aC0eWywwzE+CGJbEB+T/VclT8/c3a2ACyDccKqiI7W9Fo6sxri75iot6F/vo3T3pwbkUaYWvmDHP - sKMKxMefIhx47tomg3bJX6LuarEnobIxEH0kPrmuAVbYfrC1tkdrd8DvW8X3R+dkklC+57x5NvmH - wz8cZC8l5cnSn9IM4zzDqjppxfL05Pi2aCSKgmmCk2l5S2ww2ygNhcK001IwJMVBbOUWesPQgjKu - mIYe8iYeDPr79vbJ/RR9zgWVaQv/tgzHO3YZr0ckcSTCKMkcgBMFmtQNozQOOPckIQtkVYfUS5Ys - SQGUK9yk7kRjAfFDC4QmCQ5ISMkNo6RCzidyU+KEwWOcg7tZeyaUC6Qezs4E4pZydV33RE1V2RMy - 85FwsO6Vy9JyArk3Wwg5c87UjGq8p+cVlmb29O3V0eS8O3nTxTvGsvLy4tQZfQiYN4BJpjF5PZ5+ - 4DjGsWc1yJiI8ib5wMc3zNweGNwEdNd1WrtnHPwHAAD//+xZbWvbMBD+KyZQaEvtWE6cl8HowtbB - PmyUFTboN8VWGzO/4Zd0I8t/73OSrKZunJZulHwIlKJU0t31dPfcc5d/UBAmUdilQO3tUNAtlk4s - I/wulY+6VDw9JwPjK4r6rexAKS5+LkRKmW1x87wZGlTYgYAgY6KlsKIUL5LIO1ZWUPnj2C2p+qDy - /RLpGcVHaiEJFIuyeHzH/1CgWTmXQVKXeFgLkbMRJ2hCUxE71kVaUuSZONuIRNJFgQr92r6yMZDk - lTWidKudMvJOvyQ5Dyr6P79lViQ/WIAScpf0/ulVJfKSqnchFMQIdVhntgldmbnAO3vEhnDa7Oqj - zQbaoWjrs4JeBmh2zPGw6Yl1fPIXjxlX2TtgyVNyyLrIIRt2bfjNBpWUqkBJlMyXmGvrqGuOtje6 - KJdrKJd0vWSe2w+aVgBpyYMFQeuWxqNd6dpSpkZdnSScanfvuUJHPiQmnhWvLPTEyM6BWdQ/oIfy - b/hwELL5ZOj6c9g0Hk+Z542IV5hD0LDjmKAHnoUhdKDY9x5ssHVX98FAHAnd2VqriHfAKuQxCTBq - 2feZx4aCuWLghdNRMAj8MQsmfhi6fHTDxOQ8fC+lHA1mR95n/Kh7dsJTXftsW/2pdOrSvoNHbM+h - YHfyeh5HAbnMzjkvyWO4j8yqItBmLD9d2iMnT8n+ds++/xa3O//9t7g9Pdh3iwE9oWqXNTXeJJmX - euxF+UTgrJp0BV/XwFccv6iLLBf9ayBOsHhIPJpWYddkMunRczfNqguNuAcoePtHP0DBW1h8gIJO - KGiTCVCp3mpNdxoKAttvVSquaAKu1y4UZhWPsdoipWso55qhXHvDDLnaG4bCiXQZFVmqSJLu+Wv9 - rYv6+CJL0V1KCatmqVHwFci38X1Rv5F71kv47++irGMSvKFbTliKalYpO5ZZ9d+mukqWkQlVaEt/ - ZHI+1QxeaaxMUx/SaOx4bKz3yFp9QXpnvV7fAwAA//8DAKdn/ly8GwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsNxuJI2AYutjdugVZkDgp0LQIaOossZZIjaQse23/+456 + sVOn7pYMKxIkEo/3/tyj++DAuqQicWJHgUhAQfKSQ55oV9ACtKtZBgV1ZQmKGi6FdiHhpgBDXZZR + kUIuU3cFSqMMkisoFWgQprvLKm1ksbAG78MgCANPwZ8VaDPblHCpKDOcgeM63PoPw5OTEF805At8 + zYwpdez7CSyAmUS+lx41OdWaU+EJMD56Mj4tuR/5XOsK/N7AEjaofzGbXs8G4Wg4xKMmBO3EHxyN + sVWaUQOpVJs2hwTfUCMKomgQjAfh6SwI4nCMv94wPP4hiILABmmdGAy8MfPMIK2+j6UIom3a3UsC + mile2sLh6QuiC5rnLkm4NlwwQ0oODIhckFqqpWe1mRQ3Kn9iFJXgtl00v6craqjyVxxqvwlrF2An + CoNhOP5J87/gxwLbXhXo1cICXc6oXtpeVXNjn+IFzTW4Tqv4CvNqdF0n4wgcxbLNOawAYw0+uY7h + iKwSUeLEosIcnT2YDINeUCr5HjN6ZsE77abcTQP7ctuXByDZZXUjuDFoQDtb3xapvzd3tVyYmiqL + V82LMucYcLKXOfajQdlovB6NnxjuVzrTZ7Ltyyg4wTCi0Toa/b9e2u43WESH4fE6PP4WDte9x2G0 + HkbfwmMH8E+fHsMxPITTqBcs+Pq25UDs/t07REOaKkiRVh5hHeOUedVO+RetRieHBONDgtPHxltK + a08tYTTs7cSDsOMxWy7FWRvHh0dnFsRYCZ3JKk8mXJc53XRQx+OaGvwstHT69LFsyXpHz35rTtmh + ax7PZGXr1YT62h5wkTqxUZX1jUbNLfbTjl5XDQWYrJ3txwR+4p1GYU/g+2Xb0sy+4FDDo23D9wXD + HWNxqbjZPLM2vbo/ehrB84KmoH2roXsjHA9yWXt6le4Y7lzWPROOnKacc7CUZUG7/7U+PpBteAih + 4dimnVE9LTk752L50komUNrNQrAeQQ2u6ka2PRFSTHGxoPMcroDqFpWqe3Iuz29+eXVxf/7qbHpx + Pb2fXl39cYVp4GhpzBsvzDIgl8jNwhDrl3BNpMg3BOec59YoMZL8xhUllwoKHHRSaUSc96V5D3Gc + nOAjD4JxuoqdvWHGyqZc0Bx7hkXfDZmV7Z91e1FX3gb3OUbXcwS2LxWwvV2Vdmj/BY7bFeaZCGuV + t9/Ez7eOp4Fuh6qfKVviItgjqzfe+jrrdq3/FHC/sPn93hT1n3ABFtFM5lJdtNHM8woGqULG2q0r + kkxk22xZlLiqCtN14Ws9/bw4b8Xu52jGTQ5HMbl7Q8soJmdSLjmQ19wgYxpyDaxSQF7mNP1oc8VU + c8lonklt4nEwDvwFFwnSmh8NT981BidNKTDK95JYkMRH5B81yXf45/tG/RrXK0scqIYj3gU5qYBM + MB88nADzSHjsEoutbRZnr6cou8N/g+Nw1IRq28Jq8ApuFHhSpT6iktpOcVyOLJp9vOplpsibwFs7 + t9bOjVgKWT+s0qWSSYWf26lIcU4LrLo/wyJbn02JMGDyq6wHRh4oU9kZiN4Rn9zVAEscathaO6C1 + u+APG8U3Ly7JNaPiwH278vmnw20+DzK43mgDhcYMklJyRM1R3Jw3zbG1KigXmhvwEFhYKp3NJVXJ + oRuP7E92ELOWXxDWIglJlMwBBNFgSN3ByiDL6RZaC4SWS+qMs4wUQIVGIW1vdBYw3bdiDoQyhjQJ + CVlxSipEPlObEnkG7wmBkON/AwAA///sWe9r2zAQ/VdMoJBC7dpOnKSD0gXWwT6UhRZWKIOg2E4T + GkvGP+qOLv/73kmK6nhxO8oo+RDIByeS755Ouqd3F2ypU0N0hV2+l/UbAbpdxJyOlsWMXYHyDisC + EloWpJa15HORJfIdS2REvgyjOXEfePch5icEDMaXhaUkhcVWFftFS7RSJtGVOQ61xbhVA4jijMcr + x7rkOa3ZrFDF4CenIJA3ihEQaIT5BiIZzEsEaCfS2pprq79GGuIaQcho9fq4VFXliIrlqcwH5F/8 + 5KSLVJ5lOJnC5lT7nrICGmpW4khNu99vxzcT++bKhkKQaWqcpCIr4ozyoMuiZMmPre7xbxyUVSE+ + 4Rj+LVa8NrHi9es3UIGa+kHKJZJvzalBiw23daBNArhGAsi9kIJn90QjWhEYFi4oKXeqDdeI2K3r + tknJeZkkjO6SzlvESzEkZSiyd148pBAukD2kRr9F58Gc9XuRNxv13WAGwMPhmef7A7rnzCR4eGVa + TBs8jiL4wOXTecFg67LkszlkZPTVglKlgINbTk6T7KOLmsDzvX7suXHPj84GYS8Mhl44CqLIZYO5 + F48uonNp5ag3PvK/4qPesxPGNWvatvopd8rcrhAR23eIiZ20nK2WIYXMThnLKWJ4X14MkHF4/DKx + B07KCX+zON1/xM3qdv8RN6vjfUcMTopUMamlWl31THSzh/KJyFqVfIrX7iDZMP2yzASq+DswTrh4 + STzq0WDUZDL50Z0prfIyzbgHKvj4TT9QwUcgPlBBKxUYQQGI9yrjnqm9q59d2BUF083ppixp6wW5 + bb0g1/SCmgNGqcX8cZkJrrSQLjVL/S+E+vpPSEWiLDxvHjXZvYPgan+gnG7snnQS9nQd5+WKDNd8 + y8I+K8aFwvEoiv/XC1TGjFH4QiX0Q8i+iGk/ikx2G8ilAbKN1t+Cq1+Q4Vmv138AAAD//wMADGvv + +PQaAAA= headers: - ATL-TraceId: - - d4e70f776be843b3 - Connection: - - keep-alive + Atl-Traceid: + - d9efb1632e18040a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5606b30b-5b22-48d3-bfd8-48285a4fa2c8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '251' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f7e3d250-a373-4e76-af48-379e3326dd44 - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0m3W3EQPKrIK2z3JIkkzwUralDYVlmX/uwkuftyGd55n - XuZEjJ5xP3miyHuM46xWK4sO22jDR6A6ej3PnR7ogJEU5BOnuQtDghkAo0Ch3G1vXnb3z83vdrv0 - Jk1EvWaogAIOBbE4+nDscYjNccR04NaHxSbJLJ233wpRWVjLS3inYwY5cFZCVXLZsEoBU6KiAHAF - HCD5M06pt+n6f+ymYVwJrlhFxbX4Ydv+YXAhgZJvZL12RrcChcYaWlfL2lijJbgWQFeVlAbFn4Lo - c8NjN2mS33F68fEptDrHJ+IvE8Hhbb8j5/MXAAAA//8DAPBUMOFaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBGMEpYWfyw/fjgjE9gXVJuCmNMwRvGaiwaxLKSrKa9RFX3nJcai/pvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwB2UUpQWgEAAA== headers: - ATL-TraceId: - - 2607283fe4ea37dc - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 8e773c05cbfb7567 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e45891d0-bfba-47ae-944f-a2ea28502a81 - x-envoy-upstream-service-time: - - '41' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 963f1a74ae75f62f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6ee20eaa-ae13-4404-9b04-69e28277170f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b55c4882-fef1-44d2-a66a-f7333df285bd - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,174 +952,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SP0UrDMBSG3yW3ttlJmjUzd6IXKjKFdVcyJGlOsJI2pUmFMfbupjiY3h3+833n - 55yI0RH3kyeKfKY0RrVaWXTYJhu+AtXJ6xg7PdABEynIN06xC0OGGQCjQKHcbe/edo+vzXW7nXuT - J6LeF6iAAg4FsTj6cOxxSM1xxHzg3ofZZsnMnbe/ClGLsJaX8EGnBeTAWQmi5LJhQgFTlaAAcAMc - IPsRp9zbdP0/dtMwriqumKD17ZVt+6fBhQxKvpH12hndVlhprKF1tayNNVqCawG0EFIarP4UJL80 - PHeTJss7Ts8+vYRWL/GJ+MtEcPjY78j5/AMAAP//AwDyTcrSWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBGMEoaVv2w/fjgjE9gXVJuCmNMwRvGaiwaxLKSrKa9RFX3nJcai/pvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwAU64maWgEAAA== headers: - ATL-TraceId: - - 74d35206a446b302 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - c2d410b54db77308 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c4f1050d-6b35-4912-818a-033263588332 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 98f14864b30b451d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 29e1fcf7-9d16-44be-a129-8beebf814838 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8d803ca7-684e-44f8-84b9-5d7298bad722 - x-envoy-upstream-service-time: - - '61' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1416,110 +1022,119 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/field response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA7RX3W6bMBR+FeTrECXsIhm3nSpVmqZprXYTRdMJMdQtGGSbqlHVp9n77JlmYxtM + aqOtDRdRxHdO/P34YMjuBZEjShEXIFqegcBFzU7ZPdACH+UVWqBHfJpuoFBh2XHbdURXpiW60j2y + IWu5qCuU5lByvEA1O2IGhxL3CIUnUmhEsFYCHAOTHA6SldBy/E1ScZTujBzLZai+KD17+evsHleA + 0hckTo2SpoQKUimx/MQFrqYMvb4uTCiE8xZ3S9gUXMTYvlFQdKexsFPt4v+Nuozdl8+f29QbHMDB + UQMMU9Hb6S+Nl+/2OuzjX3bM9Jw5MWT7XozaEd64elzESLqTUHRrsDlkDZy+ZGlbHTBzYx36h1i1 + rpzg8vhrvVp9WvWOfBV7v7SHigiBj1Fes4rLQksFA8pLOYVHpc/bZDPQ/i4wYVm+65Tt5eLndJOR + WCUoq6sliBI4J0CXD4TBsinbglC+bFitVoK4AgryBou7KHjaLR9zS6fhOMvNEOulb2S2nTRngFn9 + gDNngvtrO8I98LFh8UZl2XyxDEr6UbFQeFDWwUFRFWPpa509Tk/JWcdcI7JWIzLi8gVxwfkoO67p + 4ViH002C6aqKPWBqAeVUuOOGubJNVLYu1czRCkU1nWwyJJuT55+YcVJTlYHOdIyZNK/Jc/Q0oOF7 + 8L1xDazehIAxOEliIu9A2Y+MFuTcla7uwSEUBcOFeU8YP5W8JeP3z+9o7ieUz+bbx5JH5GBu/LbU + G3sD2yfT+E3uw7a8G3lGPrwWMMzrshV617TQEWRE/nCxsL73zplD6duAkaJ+Exw0eColm96Wr2JP + JWAFFpEMiamx8h1L446ZzqVk051LLpcvDvNPIHQsNXUqP7Eum0PnAByXhOJ47MAcPskmHOA2GKCq + jAPEVP0BCcen63OFt3XCU0yXjs5Vb4PbhoP7HAxOVUxwfwEAAP//tFnNbtswDH4Vv8ACLAECNLch + QLEBRVd0w3YwekgDJ9Hq2Iasrdnbj5Ipk7Iop+nim0XKoT7ys/iTr3B3jKXDQD+V426s45glyXFX + TIY1WBrNhfMb8ip95EGDHIn5PfVnqj44suoE1pzkMqkPHvwC4Xyt9YvegKKHyCWI7ieIskeUTYCP + TEp44jRI+wdtPMA0Wm2DtCIoKGhOmJlxXBHNccs5XBIY4TRhL891hA7obn6o4tUxrMMViBDRHciy + XphG9JZIiWUKtyrBk7jHXmG82xh4l+pMWnvOOYEery/fj6Ozp+VLhw5DlEMRITAH4GW1UWWPgUsQ + xZcj3EMTYaBiaqsLe3f3B6E1HmPdC/7vHBLLmTV8umhC599OJ7TknMVpEOG3RitXmwvJrNdNlci6 + qUpnRcI97Fd+tUE961Ja8/ek2hmU90V1qJum0C61rfaHD214fJ+s2Lxk6JfkwMFp0GO3JXQTLmyC + y0g5lc/cmIHM4FO+PhTbl+f6VLRPb3Jl3eAtGjhTrA9mHedmzCf2R9vV8Xdp1LY3HHk6PXyYJ4cP + ToOeztefPz1+f8rsd5HVu+xWabimIfs00J3aj0EIwNl3rh6XsxbHN+RevHNijWIbZYz4XI4ouxTG + YliczAzOr42q9itnw5sIamsfMzbWgM+n1spQR8wEGKEHkvgzxBfkex3bm5PQs7OwiSLK0rxbJHln + NQPeudmFqrKu4x/nW7R3Mp5FlmRFHi4ZnxYynzYVD+NZKlnqQe8QwvUsWvAK7LkoqV7pl+jrO7++ + Pn/QlIh1cBva0rHacy7hy2kmLZNMshqfXY39r++hhjyU4M9gx9VZgzFfukwb2uLL/N41CzIzLugl + k7liV9abOBcvk/79mPSv0wT+bSyEDOp/deyutKSfo52X+vsfAAAA//8iMrwNkcIbzU7iAxhHyyar + uFy3GGSyLthkjMxniCdQcY6ugWWggQqZs03Oz8kHOQlLWKIqoFUQgsfWkK3CFnLwjEtsyIH7irqo + bocFHMaoGgAAAP//tFrBTsMwDP2VijM77MoNwU4gIU3iyGFqM1RtbKMbE//D//BNpI4T2409ylhO + W510fu81tWNnJI/ZVYORmA3hDLd6bDcrXTg5oZRw0FfjrjThTkd7ra+WjsOlaHZHbWp21GAERZsv + LLVwpJRM0EUDHyP1MVaVrzTW7nM76TjcqA7rjPUJk0UeLH2lMWrisbQbv7CrWR6q8gQ5pgJVK+Gr + LjpifgQkTZq8ryRuIcbi1MXvzHx+WKwzCX6bhZp8f1VPOFhYlXGcT8MmEdh5X+DLDEjtdrl09WFf + 9mhwAU5c88/zwYSRGEJIXftAQxyFCVn2ocg1FUT0MhTBqx3xBuQERtlLDFa2kH1YfN04tmbJEJ8h + WS5PLLnTePmJcmHGyYT/Y9fXetTnomtE/5wMNvgx75OKnrzhtz/1ueLdxCbVHIFMukQuWQV2QSro + S8OeYCTkaGH5cfvmC28X9myYGLkJCdxxm03i3MWUXKo0hm8JzWbMGOpBGOhZiSAQDMjsAS5sSmOe + ixqyewTXwWH8JCQvIgVnoZqnYmUQoafcoxQPlyQSEQwScgZMe3Z5klJvpUfWuH3dtbETGGSQNmR/ + L4w273PXJHeqMcvrc36HvQM1W+AwguTm7t1npEP8l6q2E5UzSu1IoR0ufKlaNLgvd10X5sIAwRps + 5n16OLa184Ktbo67SVgOaXrcqNpd8anZFYcRFHG2a+sK5FIV5MOl5IPOODlStftLueg39s7/2qRv + Bf0AAAD//8SbTW6DMBCFr8IRiAIHqNJld+2uK0SRWgWaKCTtgXqfnql4bMMbM8NPK5elZyxsfx7b + 8Aab1BQHpovbO1XcJg8Cm1IWeYVY0OjPOmxKwiYnC2awydLgDgTmkM5e5WY8yO2gixPMH4vavqdm + W5Kg/SrWZGEC5NSQTKYyMx5kpssS6I5FLOuJ6S/oaz657crEPntYGf/k7kZbHu1EDOc8GB2iJ6OW + g9l3Y8EZ56rMkZCGHPSFndu9XZ/8XJ1843EjezR/kCUu2SPMPvPHmv7c6qHQ0lCgDJisPAe9CmWq + BbqzeUIXKkeQV32g5CrYVAVLHgf2QLdiEnf6CmR5hUhoU0LLm4LS8/3ldH45fb7LgOWdfR3itqrx + ToHDm07gVbV98nC8l7dW2bZ4hVh4ScnnTUFpO7yg8rdVeWOJWjD4TcBZkofqA15mFu1vC3nV9GSJ + gu+OrQHbXN9PPVTUjAV5glCpCvuDyESw+CqxwoWyFmFjrLxdyOj5jVTNb5CHY25nDhSpWizclOuQ + GhzZbD68KzdnGTyIT39AP3qKhw95kuJ6LcrXht2iQJPDfYe2Fet14fsItCm/9YdSEOvjIDcOVhgh + iuMjpUXzunF/fyX/lQCRhj1WUeT+6otJzXuRhy8mI6XVlVny8ytqXDfWsqLcmNqq7Nh6gUGqrb01 + TYFXefqyPw57gx5UDOEPAAAA//8iIQhhlmELAsxxLJhqpNQEWtgJ7gRC0xCcD0s5cAHcjicmR2B1 + Pcw2bK4vRZtpgKlFDvikksRipIkgJAF40CfpwoQocz/WHI2wEZsP0Is07HNAcCMAAAAA///EXMFu + gzAM/RWO2wGJc2/TusOkSaumbpdqB7QyVGkQBLSHSf33EePEDrG7CRXt0pI4wX7PlQmPUALWFo1p + e4A/AmMdCOyFenRcc39U3p2EapoXP1goyE1rhqOOMiRZqBBvqFMHNTtZEhgWRlyAvVEvvqrkCxZE + trYrUdPgtUyouPtgwFJlFgRf7koiRJBFxIrZQSNlp0sPdV+U8MJHnY6DVoMZS87Hpz+tK6G6CJyp + IjBYkNZtkVcyn2hZikiQftGH/drZD/kqdJHOfpjWrdoqhYNw/4vtihjTVeBMVYHBgow9t2VeH74h + RYoOPB2yFIegBIfORP6mWyfpcYRhk3WO+fMINjnlsyPZONNl40yVjcGCRN81Q+2wmxdkkrn56gTz + k/vj3etARLIBaSq5ga30w2oqsbW8u7WpwLRou3UnacBrgML5XxZWEII9jSyXZboInakiNFgwA49V + k8NNqUC/t12de2QR5GfvZTz4vxtxJlEX9enQmjq4GQz7kL6HoNPFFF+M5xLFnUp0xEtXPoMA7Y/h + XyNRG4Gsj8X09uV6KPawAcD5lHCga4/CjSUE0RIpXhktuywihxIAaYEkrYtMFfyoqI0Y7n2HDiFK + Aw75NQ/OmwQAbV3a5GWQCjeJQJxMX1AeXAsBvGFTD39+BkZXUvQuCB/12EEx25dsvww9b6I2xv1k + ysS+GXwx9LnMSyFPrxUUkQfhus7n9x8AAAD//wMAGZmL9PVMAAA= headers: - ATL-TraceId: - - d07cc302bc9a077c - Connection: - - keep-alive + Atl-Traceid: + - f1a4058ca01d1c2d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7411c577-6348-42e6-ac84-0841988efc07 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '157' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 48906fb9-2452-4f18-a7c1-ada9c9e5ea34 - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1529,89 +1144,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-887 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1432 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8cNpxbfOlHXSRphODbscdY4iWIY1NlZu8pl4TO7Kdpr1t//s9 - 2wllsHKDgQTxs9/3z/vYXzxYl5SnXuxJ4ClISF8zyFPV4bQA1VHJAgraESVIqpngqgMp0wVo2kkW - lGeQi6yzAqlwD9ILKCUo4Nqd9ToeM5bDMDjYx4WCfI7Lhdalin0/hTkkOhWfRY/qnCrFKO9x0D7a - 0D4tmZ9TbT6ZUhX4rZUlbNDI2WQ0nnSHwwOUzG3EXvzFU+i5UgmqZUJuXIQprlAhCqKwGwy60XAS - RnE/ioMXvf2D538EURCYQI0PvSnBmnlsoJGL0ej7YRAE0U3qzSIFlUhWmrKg9JCoguZ5h6RMacYT - TUoGCRAxJ7WQy57RTgS/lPnPRKEgqST4KwY1XVFN5Z+K/QsvC+xUVfzmRCfpyzDoh8NmOcFAX25T - 7nim2+hrQtXSNKqaafMVz2muoOO1NrzYGvnW8TRDdJTYaS/mFWbilVJ8xvCeWL1G29bOdqOtnVnc - avg20kvOtAGHAVmjbZL6x55VYq5rKk1iihVlzhAh6Z1ssLgWMoPhejD8mXCbMjfOmkqXzBQWf27X - eRAYVEaDdTR4smHbQouS31Tz/wFf4f463P81X+vWWfPxgLd+tO5Hv+atAadqP3Z6+/bNzPf6vaMY - 7Nj1J+xglknIcK7vwRAxJfLKjZmTJJXSorAUMUUP0cGujeF9G446nNQMpuVAL+6GuKQaqdGRzuPx - 7hjthsN8Z00aMNvPI1GZnELDS1dGwHjmxVpWgOVAm/o9DruBtIvNmjPmJUtc7l/uyUyoqKwWosrT - Y6bKnG6akUBxIgFzNVP3I57sHwxbnrxbtWBXOcNdG9Gujf6WS5iQTG+eWNxW3R88jkdZQTNQvtFQ - rRGGglzUPbXKttxzKuqWowaebcgMDJkYaN5JykzlD7MNd+EwHJq0F1SNSpacMr609/ExlOZ65knb - M9vJ2u7dSLjgI7yd6SyHC6DK4UA2X9756eWbk7Pp6cnR6Gw8mo4uLt5dYBo4QArzxgOTBZBzZE2u - ifFLmCKC5xuCE8lyY5RoQf5mkpJzCQVOLakUYrZnZ/RuFi/QYPCVBcGAHsSeuzCwRVjj7Uh9N8ZY - 7Yxxmt891DwumvJaVOcYXcsE2L6Mw83pqjQz+xM4di+FJyLMKd/cVt9f7o8D3RZVr2iyxNdUi6zW - uPN11Dxpfing9l3kt8+TqL1cORhEJyIX8sxFM8sr6GYSOWL7OBDkWLhmi6LE9x7XTRce6t/3xfnI - t797E6Zz2IvJ9QdahjE5EmLJgFwxjRylydheHuR1TrOvJldMNRcJzRdC6XgYDAN/zniKxOhHw/D5 - J2vx2NYCw/wsiEFJvEf+X5U8M39/twbGgHhD7kBFnHIrOroa4eqSL7mot7Efvb8n3TuXIq3wFTPi - GU5UgfXxJ1gOPHdtk0G75C9Rd7XYkVDZGIg+EZ9c1wBLHD+4sbZDa3vA71vFD4fnZJxQvuO8fVPv - D5uSvZKUJwt/QjOM8wy76qQVy9OT49uiI1EUTBNkpsUtsanZRmkoFKadloIhKPZiK7elNwgtKOOK - aeghbuLBoL9rb5fcT9HnTFCZtuW/acPxFl3G6yFJHIgwSjID4ESBJnWDKI0E554kZI6o6pB6wZIF - KYByhZvUnWgsYP3QAqFJggQJKVkxSirEfCI3JTIMHuMc3M3aM6FcIPSQOxOIW8jVdd0TNVVlT8jM - R8DBulcuSosJxN50LuTUOVNTqvGenlXYmumzd1eH4/Pu+G0X70SLysuLU2f0ocK8BUwyjcmb0eQj - RxrHmdUgYyLKVfKRj1bM3B4Y3Bh0101aTP4DAAD//+xZbWvbMBD+KyZQaEvt2E7sJIPRha2Dfdgo - K2zQb4qtNmZ+w7LTjSz/vc9Jipo4dTa6UfIhUIoSSXen0+m55y5q7h8VxFkSdylQc3sUdIulFYsE - /4XyUZeK3XUyMD4jd9/LMpTi4vuc5/SyLWaut0CVCjsQEGRMsuBWkuNGMrnHKipKfwyzgrIPMt8P - nl9QfOQWHoFiURZLH9gvCjSrZDJIGoGLtRA5G3GCIjTnqWNd5YIiz8TZRiSSLgpU6Nf2ibWBJE80 - iNJn7ZSRd/4pK1lU0zm/FFYiP1iAEnKX9P75Tc1LQdm74gpiuFqsX7YJXflygXd26A3htOnNe9sb - aIeiti8quhmg2SnDxeZn1unZb1xmWhdvgCW75NDrIofecD1BmaOukPkkwSWC2l4adMhwOycM5ZIe - ljzy+YVdFMw1pcAWQ2lntvauidlV1yyaEyCr9CiaLGOUu3t/SnTkQ2LiRfXCRE+M7BKYRfUDaqjg - jg0HsTcbD91gBhtHo4nn+yHxCrMIGvYs43TB0ziGDiT73pMNtq7q3hmII6F7S2sV8Q5YhVwmAUYN - +4Hne0PuuXzgx5MwGkTByIvGQRy7LLzz+PgyfiulnAymJ/5H/Kl9dsZynftsW30lnEbYD/CI7TsU - 7E7ZzNIkIpfZJWOCPIb9eFl1AtqM4YdrO3TKnOxv1+yHb3G78j98i9vdg0O3GJgUq3JZU+NNknmt - 2170ngicVZGucO0W+IrlV01VlLx/CyiK5k8Pj7pVmDUvmfTovptm1ZVG3CMUvP6lH6HgNSw+QkEn - FBjmARPv1YtbUqNbj13ILWqWYrTLmVzwrt5y1dud6GrKuV1NOdc05doThsLxfJFURa7ojq75G/2r - i/r4N0dYFPV/66YqWUYmFKEc/FbIvpBpeKKalRYv10ONui/WL3+f6q/lXvQy9vMrF01KgjfOKjs6 - VT2t1bmprUxdHzq5+X57s7+1W2+Q1q5Wq0cAAAD//wMAC9K2k8EbAAA= + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IgsRpgaZFQFNniTVFaiQV2Wv733fU + i906dbd0WBEgkch7v+ceXd55sC6pTL3E0yBT0JA+4yBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvPvQRu8g/QKSg0GpO1kWWWsKpbO4F0UhlE41PBnBcbONyVcasosZ+D5Hnf+o+jkJMQXA2KJ + r7m1pUmCIIUlMJuqt2pIraDGcCqHEmyAnmxASx4Iat0jN6aCoLeygg0auZjPrueDaDyK8aiJw3jJ + O89ggJVhqJcpvWkTSfENNeIwjgfhZBCdzsMwiSZJ9GR4+mT0QxiHzmzjxGL0jZnHRhq3QTr9AOsR + uqja3LuXFAzTvHTVw9OnxBRUCJ+k3FgumSUlBwZELUmt9GrotJmSN1o8MopKctczKu7oPbVUB/cc + 6qAJaxdgdxWFo2jyk+F/wY8F9r4q0KvDBrqcU7NyDasW1j0lSyoM+F6r+BzzanR9L+eIHs3yzTnc + A8YafvA9yxFeJULFS2SFOXp7WBmFhy6i/qLU6i2m+pWd6LSbPjSd7fuwh55dujeSW4c04219Oxz/ + 3sgatbQ11Q7Nhhel4BhwulcSbFQDv/FkPZ48MtwvtKzPZNuwcXiCYcTjdTz+f720sGhAig6j43V0 + /C0crnuPo3iNk/0NPHbI//DhIRzjHo5Lvn7REiE2+fYNNj3LNGRIKw+wjuEoUbVT/lmQxyeHLiaH + Lk4fGm8prT11hNFQuJcMIt/D4tgXmLjDaCvQDL6rk+asjezdgzOHXiyByVUl0ik3paCbDuN4XFOL + X4uWYB8/jy197wg7aM1pN23N45mqXAUjF+pLd8Bl5iVWV84304DJuhH+HIEfjyc9ge+X7RDNxFua + 2b/YNrzUXGluN1+ZcK8ejB/H47ygGZjAaZjeCMcDoeqhuc92fHWu6p7Xxt5D5MajPhFBF+CYyYF2 + /5N9fKAM0SGERhNXj5yaWcnZOZerZ+5mCqVbLyTr8dKgqG7utidSyRluF3Qh4AqoaTGouyfv8vzm + l+cXd+fPz2YX17O72dXVH1eYH46WwYKgwDwHcokULC1xfgk3REmxITjOXDijxCryG9eUXGoocJ5J + ZRBfw8+NdYTj5IXveRhOMpl47fcKe4fF383UJwOObci4pGJfqFuOuvI2KBcYXc8R2NdMwla6Kt3Q + /gsctyvMV0KvVd5++j7dOh6Hxh3cfqZshdtgD7neeOvrrNu1/lPA/cIW9HtT3H+pJTioMyWUvmij + WYgKBplGftqtK4pMVdtsVZS4r0rbdeFL/fu0OK/l7udozq2Ao4TcvqJllJAzpVYcyEtukR8tuQZW + aSDPBM3eu1wxVaEYFbkyNpmEkzBYcpkiiQXxaPKmMThtSoFRvlXEgSQ5Iv+oSb7DX9836te4XjlG + QTWc/S7IaQVkivng4RTYkETHPnHY2mZx9nKGd7f4Z3AcjZtQXVtYDcOCWw1DpbMAUUldpzjuQA7N + AYoOc1uIJvDWzgtn50aupKo/rtKlVmmFX9WZzHBOC6x6MMciO59NiTBg8quqB1YdKFPZGYjfkIDc + 1gArHGrYWjugtRMIRo3iq6eX5JpReUC++R/idLTN56MMrjfGQmEwg7RUHFFzlDTnTXNcrQrKpeEW + hggsLJXJF4rq9JDEA/vTHcSc5aeEtUhCEiULAEkMWFJ3sLLIcqaF1hKh5ZM65ywnBVBp8JK2Ep0F + TPe1XAChjCFNQkruOSUVIp/pTWnhbwAAAP//7Flda9swFP0rJlBIofZs57OD0gXWwR7KQgsrlEFQ + bKUJjSXjj7qjy3/fuZKiul7cjTJKHgJ5cCLp3qNr3aNzb2LME4Lru92rIbrEW75TRRwBullyQUfL + YdauRI2HHQEJbQuKylmJhcwStcaRGZEvw2hO3AfevefihIDB+KpwtIBw2LpiP2mLTsoUujLHoXaY + cGoAUZwJvvacC5HTnu0OdQx+CAoCeaMYAYFBmG8hksG8RIB2Iq3tubb7K6QhrhGEjHZvjktVVZ6s + WJ6qfED+8UcvXabqLMPJDDZnxveMFVBM8xJHatb9djO5nrrXly5uXJWm1kkqs4JnlAddFicrcex0 + j3/hoKwL+RHH8E+xErSJlaC/HSAmK1BY3ytxRGKtOXXQYsNvHbASQIVcCZ7dE9skgd8mWn0rWhEx + Fi0pW3do5yYl52WSMLpLOn8jXoohKUOZvfHiIYVwjuwh7fk1PhssWL8XB/Nx3x/MsYHR6DQIwyHd + c3YSPLwyjdMLnsQxfODy6TxjcE318ckeMjL6at2oU8DDLaemKfYxtcsgCIM+D3zeC+PTYdSLBqMg + Gg/i2GfDRcDH5/GZsnLUmxyFX/DR69yECcOarqt/yr0ydytExA09YmIvLefrVUQhc1PGcooY1quL + ATIOj5+n7tBLBeFv1qD7j7hZxO4/4mYRvO+IwUmxLh2NVKurnqnp6VA+EVnrAk/z2i0kG6ZflJlE + sX4LKoqWz4lHrRiM2kwmP6YzZVReZhj3QAXv/9IPVPAeiA9U0EoFVlAA4p3OuCfq4ppnH3ZlwUxz + uilT2npBvu0FNQdsb6U5YJUaFw+rTAoteUypWZp/IfTXf0IqE23haftoyO4NBFf7A+XD1u5JJ2GP + Vzwv12S45lsV9lkxKTSOB1n8v86fNmaNwhcqoe9S9UVss1FmqttALi2Ql2jDF3DNAhWezWbzGwAA + //8DAJtXyCr5GgAA headers: - ATL-TraceId: - - cf7a4cc24b7d6072 - Connection: - - keep-alive + Atl-Traceid: + - 9c937a35bac3fe44 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 129bed2e-b781-49a3-8d95-bb4da3038bc3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b928aff3-6a9f-419b-9339-b2fd5297a3e5 - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index cd2ba3019fb..fce8ef9e0e0 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtNvs5iZ6UJFV2O5JRJJ2gpW0KW0qLMv+dxNc/LgN7zzP - vMwJjJ7pMDlQ8B7COKvVqiVLTWj9h2c6OD3PnR7YQAEy+KRp7vwQYY7IGTLM97vr5/3dU/273S29 - iROolwRlmOFrBi2Nzh97GkJ9HCkeuHF+aaNkls613wqoJKzlJbzVIYECBc+xzIWseamQq6JkiHiF - AjH6M02xt+76f+ym5kIVQglkW9z+sE1/P1gfQSk2slpbo5uCCk0VNraSlWmNlmgbRF2WUhoq/hQE - lxoeuklDesfqxYVH3+gUn8BdJqDh7bCH8/kLAAD//wMAmU3aPVoBAAA= - headers: - ATL-TraceId: - - 39c7cf19c30821c4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2iYxN9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5xQp6LZzw5J9J7SFOVmo401fdLhI2CVnIpxUB57k1CBPs0ch+AzTAAIBgzlbnvzsrt/bn+322Xs + 8oTk6woVUMChQNpMLhxH41N7nEw+cOvCorPULYPT3wqSWaDQXMI7lVaQAqUliJLwFoQELmmDAeAq + k5D9aObc2w7jP/a6BZBESMowF9UP248P3oYMsppwW1lrKy4oZVAJgLpRlJFegWY957WBiv0tSG5t + eBxmhdZ3rFpcegq9WuMTcpcJGf+236Hz+QsAAP//AwB3suEhWgEAAA== + headers: + Atl-Traceid: + - 1a652be1412f97f2 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3aaf662a-3f43-4711-b9bb-cf1f1801c4d8 - x-envoy-upstream-service-time: - - '45' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 955571b6b1424e78 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 535a0fee-3244-4f69-90da-6a3c83f31c32 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - de309546-2d49-4013-963a-c8ef5159ec5d - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - c2d85440017dbded - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - a6c6f5c77cd0a4b9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dd9473ad-bd5b-4d2e-86fe-3e9827040e0d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '217' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6f9482e6-11bb-4955-a27f-2086781796a1 - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/219] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2818]\n*Defect Dojo - link:* http://localhost:8080/finding/2818 (2818)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/241]\n*Defect Dojo link:* http://localhost:8080/finding/241 + (241)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2817]\n*Defect - Dojo link:* http://localhost:8080/finding/2817 (2817)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '3307' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11078","key":"NTEST-889","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11078"}' + string: '{"id":"11772","key":"NTEST-1434","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11772"}' headers: - ATL-TraceId: - - 1e6ad75b3ca76ace - Connection: - - keep-alive + Atl-Traceid: + - b24fc5583f68a5b3 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e0d6b0cc-e53d-45bc-97da-dd33c81c8fcb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '636' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 73f66e05-8c8f-412b-8062-e9897bf308b0 - x-envoy-upstream-service-time: - - '411' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-889 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1434 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT2XqxA0YdJkPBSWhTSo2TfCAMc5YW+YJ8p7k72aaB/97d - k2QDwZSQmg+6t3179tm946sHy5LLzEs8DTIDDdkbAUVmfMlnYHyTTmHGfVWC5lYoaXzIhJ2B5X46 - 5TKHQuX+HLTBPchGUGowIG191vM9QZqjKNwe4MRAcYHTqbWlSYIggwtIbaa+qC63BTdGcNmVYAPU - YQNeiiAOhDEVBK2CS7hC+aPx8GTcGQx2cOXCOeslXz2DRiuTcgu50le1cxnOUCAO46gT9jvxYBzF - SS9O4qi7vb31SxiHIflINuxVCU7NM30k+SAKwzBeRd1MMjCpFiUhgqt7zMx4UfgsE8YKmVpWCkiB - qQu2UPqyS9Kpkh908RQvDKSVhmAuYMHn3HL92oh/YHeGSapmL+qlw2w3CnvRoJmO0dHddci+R4lG - W2NuLilH1cTSKLnghQHfa3V4iVNy43tWIDFKTLKXyAoj8UqtvqB7z0SvkXbYuWy02NHkVsLXnn6Q - wlpUQPxqpCmoP9xZoy7sgmsKzIhZWQhkSHYvGgTXUaY/WPYHT3G3gbkx1iBdCgIWf7dx7ofbaDnu - L+P+sxW7FDqWvDDN9xFb0dYy2voxW8vWWDN4xFovXvbiH7PWkNO0g43Wbm6ovpcf6+6CGTs9wwzm - uYYc6/obGiKnVFHVZVavpJWxauZaxDlaiLc3bQy+1VG3jnqVCtO1Py/pRL6HYdqPWHHEq/qAKyfi - tBZp7cDXb9aIcRiQmaqqyA6EKQt+1fASlxfcYqetG9n311DdJVd9Mai1aSoQN9xXFeEUkaefaEHI - 3Eusrsh0qgFjpap7qE++CqO2T95HLdwEZ7RpI9600Vv3EqG0sFfPBKIVD1wXfnofFTOegwlIwrRK - BC5MRT7tmnm+bj7vcKXtUrF3Q2yYALUTIue9sKguH4w32sTEaECBT7kZliJ9L+Slu4wPoKS7WaYt - YRyNFm5vtSKVHOLVzCcFjICbmoS6GXnH7z+8PTw6f3+4Pzw6GZ4PR6O/RhgGlpDByPHAeArsGPum - tIzsMmGYksUVw5oUBSllVrHfhebsWMMM65ZVBhnWdVV6P4odVBheizDsc5l49ZWBSUKU10V1p5AR - 71xIXtw/1LwsGngdzQv0ru0FmMBcwup0VVLVPoHJ9VvhmRyrhVf31d3r/ftot6bVbzy9xKdUy6xW - eW1rv3nU/JDD7cuoLg00ErfXq4QFVbcqlD6qvZkUFXRyjQ1q/TxQ7EDVyVazEh970jZZeCx/d8H5 - LG//7bFcq6qkl88bITNsSYYh89kEQLKyMlPIHOcOR3v0nQATck4GiDQZw0crw9sBsoSUTeMue0vq - PsuX7vsyYacrtUImTGL0VnCrdBJ2X3V71wQhIliolBdTZWwyCAdhcFHLnDvfgjjaOUNpdnpC1xk2 - FvZOLTpWPSx8xgJ2GhnL/q64tqDZUOZYXTPE6hGBo+M/2V6FpctOUi43HKwhu75mJ4A1QY7geP/j - 0H0+1Z82LzRpLk0ajoXF6iVRxwMcoSJGfYxds1PU0YmxYjv4vIsjZ514lc6hOxNWQ1fpPEhz0ZkI - SatEhy7OX9Ng9670GSnsheFay+K2FixOToQV+H6jog7waHdqZwXJrdODE5cgUhbjbwR5VXAEc0n/ - XLioDkAKXhBzTkDPBT6fO+yno5UGn70o7K+7qGarG/68AVFUv4cX8xx8Ass9E9lDyGxhbK96O89E - ppF2yPSfjkz/P5H5/1D5FwAA///sWetP2zAQ/1esSZOgWtImfaRUQowJJiENhPZgEvtSY7tNpjaJ - 8ihf9sfvd7bzoFDYKmBMQq3axL5zzvf4ne/yJ1pBVH3IeCzC7lc+n3TYGRzNjJbRQp4ctYfgh9gZ - hXLYGq4+oefW4a7v++5TmrmK564/9saIos6RBkxg2c+EUSqBiA8zsh363QV7FX5gIz+h7X4/xs0P - /DnbuD6tcGFWeMxIbBR+US5iFO+UwWuEaKMhdKqdquGAjmrU7gBdK0niBHBucdCNki6XqygH8itK - hgEAfUaqhcNUWZssN22eNGU4X7BVIw9QPbNWV43VZW313FqdFwXSY/6OXYeRCBlO1PM50LXEZljK - 8ax4zjhDMSDAiDOLyPiM5JgeCqHSwvnE43kJIJ6yUHEJzhVHgnPNbllLQaeJLBeqrZ2b81UpMml7 - HkjO9XlbVvOYnlfT3s0VQBmCHYOV3id268TCtbz68oYI5GP0Qx6GW9pWjlXS8moRCW2y00jnRWux - b/ogRPq1pjCiMFh7gYlMb71zsky5KIj+LGGRvmGo11aRVFITfClUmhsrYVyWQhliG+ifEUo4MEKW - v/ESzZgmlB/J63e4XEbxLtvZ/bXESbNIJrXv3gkVTw8TwbYwEWiYCB6EiW3ywC2YeJy01AT9M8HE - 6BUmngEmBv85TIws4wMwcbsn4W3qSXiDTRPDaoLqmCKDB+nmCPVq1kh7Nen6xKY6v1fX+dVWNxHW - HSjtxCGVDHe2FHp7d9bP63VXXi6XnArGN/fWQKRA6v4k2ZalJfUADuCO1F86kfvDGR/0pXc1HvSG - V5A2CPY83x9RJVsT4Qn3kCmy7qGU5OqgbGRwbCfxfXLN85RAjha9t51rWpAu6lhN5qJw7ZrL7tDz - vYHyeqrvy72R6Ith4InxUMoeH808NT6Q+3qVt/3Dt/5HfA2fs+SxLegcxwzlbpk719CI47vk/a6J - NlKZk3Kek8bArxGdL3JcHp07IzeNSf71PvHLl3i92/zyJV7vWL90iYE70nSHbTOmfRQ5t69aKJ6o - SjNNXINdlwBckB+XWZKq7iXgRlCn0gYevSHBbB3J9Bz7rsf2cTILt69Q8PxG/5dQ8BsAAP//ItfF - o0UBrV1Mh6IAAAAA//+CFQXozQxgO0qpuhakB9bMALo9HZIVq0GzrlC2AdDC/JLEHCALiym4JoIM - cE0EGcAngtAl4O231LyyzKL8PEgLCTrKXAqd6YdwiXFpWX4J1WbbIGbBzQRalJFYHJYPnomAze8B - kxbExdUwJrTUJdt+8JoIfZi5Okq5iRVBqcWlOSCDkfwKnkMoKnEsgfgbNJUJmmcA+RwujqrZCEU3 - VAPYtbW1tQAAAAD//wMAy/5xNzAiAAA= - headers: - ATL-TraceId: - - 9ef375539dcac6b3 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsdY9TJdCg4CS2l1DjJA2GYRTqWNki7yu7Klwb+e8+R + LDsxOBPoNPAgaXfP/TvfHn9yYFFymTiRo0EmoCF5KSBPTEfyAkzHxBkUvKNK0NwKJU0HEmELsLwT + Z1ymkKu0MwNtcA+SMZQaDEi7OhtXxqpiSgqvAt8PfFfDxwqMnSxLONM8tiIGp+MIsh8Ee3shfhjI + p/iZWVuayPMSmEJsE/VBudzm3BjBpSvBemjJerwUXugJYyrwWgU3sET508nofNIN+r0+LtUuGCf6 + 5Bj0rTIxt5AqvWxiSPALJUI/DLv+sBvsT3w/CoZRuOfuD4Y/+6Hvk5NkxKLjtZonOknyHqbCJ0eb + sFcfCZhYi5ISh6sHzBQ8zzssEcYKGVtWCoiBqSmbK33jknSs5BudP9KLSgoqF8+v+Ixbrr2ZgLlX + u7VxcLUV+L1g+KsR/8CLAsteFWiVYIEmJ9zcUK2qa0tv0ZTnBjpOI3iMcdWyHScTCBwdZ8sTmAH6 + 6t91HCsQWSWixIlkhTE6WzDp+e1GqdUHjOiJCV9J1+muC9immz4+A8kmqjdSWIsKjLO2TUj9oz5r + 1NTOuSa8GlGUuUCHk63IsR41yvrDRX/4SHe/Upk2knVd+v4euhH2F2H//7XSVL/GIhoMBotg8D0M + LlqLvXDRC7+HxRXA7+7uwzHYhdOw3ZiKxduGA7H6F5eIhjTVkCKt3MM6+qnyqunyB7WGe7s2hrs2 + 9u8rbyitWSXCqNnbibpBx8Gs2beYEQLv6gC3SPMNPT6+zRry3dCt16jT1ET166GqKP6AKPQdLQiZ + OpHVFdytWJW0aRE3Wfl0b408w6MmU1WeHAlT5ny5ajwqlwYMlnr7IQJ/PvRbAt9O25pmtjd2FTxc + F3x7o7dhLKG0sMsn5rIV9+rr4dsJXhQ8BeORhGmVCFzIRJq5ZpZuKO41rrRcGDp3BIdrINIi2G7f + 14Md8Qa7MBoMKfCMm1Ep4hMhb17SzhGUNFvIuK1aXct5vbdekUqOcLTg1zmMgZsGCXr15pydvHl1 + fHp1cnw4Oj0fXY3G47/GGAY2l8HI8cAkA3aG7CwtI7tMGKZkvmTY6SInpcwq9rvQnJ1pKLDVWWUQ + o+5DHR9gQzn+rfD9YdaLnK12xtymQvIcq4Zp37QZ7W2vrSajVXprXOfoXcsSWMBUwvp0VVLbfgOS + myHmiRhrhNe34pdzx+Ngt4HVbzy+wVGwRVarvLF1uJq2/pPD7cjWtAYaCdtLXMKculvlSp823lzn + FXRTjSyxGVgUO1JNsVVR4rAq7aoKX6vpl8l5Lz//P2CpVlVJI9lLIRMkNcMQ+ewaQLKyMhkkNeaO + xwf0vAYm5IwMEJAShkM3w3sDkoiUZaHLXpG69/JZ/XwWsYu1WiEjJjF6K7hVOvLd527vllKIGcxV + zPNMGRsN/aHvTRuZq9o3L7hEWXZxDnFFtMJeq3nXqodFL5nHLgJj2d8V1xY0G8kUe6vATH1F4PTs + T3ZQYeOy85jLHQebhN3esnOcAmtH8P3w7ah+vGsebVXoY3WZ0utEWOxdEq1RgG+oiBGLsVt2gTq6 + IfZrF8fNMKitE6rkLHElDs5uqmberMol4swiD3hfnr8kFT3fX8vFc3ALYTW4SqceNiMngAqcCqmJ + PTzqZrbISW5TDvyoC0LKQvwbQ1rlHNO3oB9DdRxHIAXPCSnnoGf4m4d12Y+naw0d9kNuf3mBagau + /9OOHKL6A7wNZ9Ch9NTDJ3soFwOM7Xlv/5tzMfgXAAD//+xZbW/aMBD+K9akThQ1IQ7hpUxVV4lV + qrROaNX2ofuCiQ1kAhLlpf3SH7/nHCdAystG1YpJFQiS+M4+38tzvktOr3Xh/b0uvL26eFs9IG4K + 5+rVtU7oGav3M8X6CDg8vFNRajPeOWMEr2w9movPlNtlOOv7pv2aZi3iteF6HGFS72s8BFT9Dhll + Coi9l4/V8HO6SQG7t8/qiD0M/MKfdVAYYE14kZ7iZYG4boP6XZjF0OZ1MFPAQZVr/OMk/SR8H7vQ + l0unW2HsL/G6DlwtxQgB5AYD7SBsCPkQJMB8RWmwAygfk9bhSEW+JpsOlysMGU4WjORHNWvOErHx + ByMd+YMs/SEx/iDSFIkxOWOP08CfMhxoJxMgawaoY5HAWosJEwwFgg9GnFb8WIxJjuGV3qj1VSwm + GUB4yKZKSHA+CKQ2O98t+7kU6DaU2UytZon18aI86a36JEgG+qwui3EMT4phvj4DKKdgx0N4uQ7y + 3n7DELr36If8C7e0rQSzRNloFvjGaLeBzonGZj/0IYg0bIyRC8MALjMMxGbz4LuZR8JPiedbyAJ9 + w1DgPQRSyTV3+o6gwskQS/+LUxjWKKRkSD5eE3IeLE5Z7fRpDh9Ow17ptxtR49URgxLrIYjhEGI4 + L0WMg5LFM8Q4NF2tGvitEaP9jhhvgBje/4UY7ZJ1D2I870TwbZ0I7m0baK1WnWkMl9FNFWqTVEid + krQ6UFb3xZ62EW6r9p2yI6W9dkqlwob+V7Woqs5Stq+SbD4XVCZ+2Fn5kAKp5xPGBxaUVPlfwv+o + L3UjL1pj4TUlH3U9pzWCQJ3OOXfdNtWvJRFW2EGmyLpXUpJvg3Ipg2Uajp/DR5FEBI406c5WsTaG + slG9ajIb5WrRrmxxl3uKO6rpyvO23/RbHe53W1I6oj3mqnspL/QsJ82rE/ca35zPmouFKeQsK3+U + 2FliPUIjlmtDRGnn4UUqsyIhEtIY+DWAi1mCy/7AatvRguSvtp2PX+Jq3/r4Ja72vY9dYuCOzBuz + pgWzeiwZmNc4FE9UueXN3xy77lH0g/xLFoeRatwDh3zqT5rAo7cvGC0jmdYx75xM9yY2cPsOBYca + /Q8AAAD//yI/0keLAnq4mKZFAQAAAP//ooGL6VgUwJsZQCemQ3JcNWjiFso2AJqbX5IInXZGb3bg + muUxwDXLYwCf5UGXgDfTUvPKMovy8yANIegQcil0fQGES4xLy/JLqDcbBzEMbijQpozE4rB88DwD + fAotPxfi5GoYE1q6ku0A8FoMfZi5Okq5iRVBqcWlOSCDkTwLniEoKnEsgXgcNFMJmkUAeR0ujqrZ + CEU3VAPYtbW1tQAAAAD//wMAVzc6tM4iAAA= + headers: + Atl-Traceid: + - c3f73b078d47a4f5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2369b67c-e415-44d8-81e4-b747e3bf2c5b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '232' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 993f0ea4-79f1-4010-9db7-4f311fd8cc78 - x-envoy-upstream-service-time: - - '151' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxAaMOk6HgJLQppcZJPhCGOUuLfEG609ydbNOQ/97d - k2QDwZSQmg+6O2nfnn12b/niwbLkMvViT4NMQUP6WkCemo7kBZiOSWZQ8I4qQXMrlDQdSIUtwPJO - MuMyg1xlnTlog+8gHUOpwYC09bdexxOkOQyDnSFuDOSXuJ1ZW5rY91O4hMSm6rPqcZtzYwSXPQnW - Rx3W56XwI18YU4HfKriCa5Q/noxOJ93hcBdPLp2zXvzFM2i0Mgm3kCl9XTuX4g4FoiAKu8GgGw0n - YRT3ozgKezs7278EURCQj2TDXpfg1DzTR5L3wyAIolXUzSYFk2hREiJ4us9MwfO8w1JhrJCJZaWA - BJi6ZAulr3oknSj5XudP8cJAUmnw5wIWfM4t16+M+Af2CkxSVbyoj47SvTDoh8NmO0FH99YhdzxK - NNqacHNFOaqmllbxJc8NdLxWhxc7JV87nhVIjBKT7MWywki8UqvP6N4z0WukHXYuGy12tLmV8LWn - 76WwFhUQvxppCuoP961Rl3bBNQVmRFHmAhmS3osGwXWUGQyXg+FT3G1gbow1SJeCgMXfbZwHwQ5a - jgbLaPBsxS6FjiUvTPN8xFa4vQy3f8zWsjXWLB6x1o+W/ejHrDXkNO1io7WvX6m+lx/q7oIZOzvH - DGaZhgzr+hsaIqdUXtVlVp8klbGqcC3iAi1EO5teDL/VUbeO+pQK07U/L+6GTb8gBmuR1Oa+fHNG - /EL3zUxVeXooTJnz64aFeIxA2Q9Ys8TMxgS32GnrRvb9NVR3yVVf9GttmgrELQ9URTg53z/SgZCZ - F1tdkTOJBoyVqu6hPrkVhG2fvI9asAnOcNOLaNOL/rqXCKWFvX4mEK2477rw0/uoKHgGxicJ0yoR - eDAT2axn5tm6+bzFk7ZLRZ7L5RSonRA574VFdflgvOEmJoZDCnzGzagUyTshr9xlfAgl3c0yaSnk - iLVw71YnUskRXs18msMYuKlpqZuVd/Lu/Zuj44t3Rwej49PRxWg8/muMYWAJGYwcP5jMgJ1g35SW - kV0mDFMyv2ZYkyInpcwq9rvQnJ1oKLBuWWWQYT1Xpfej2EWFwY0IggGXsVdfGZgkRHldVHcKGfHO - hOT5/Y+ayaKB19E8R+/aXoAJzCSsvq5KqtonMLmeFZ7JsVp4dV/dvd6/j3ZrWv3GkyscpVpmtcpr - WwfNUPNDDreTUV0aaCRqr1cJC6pulSt9XHszzSvoZhpb1no8UOxQ1clWRYnDnrRNFh7L311wPsnb - f/ss06oqafJ5LWSKLckwZD6bAkhWVmYGqePc0XifnlNgQs7JAJEmZTi0MrwdII1J2SzqsTek7pN8 - 6Z4vY3a2UitkzCRGbwW3SsdBb6vXvyEIEcFcJTyfKWPjYTAM/Mta5sL55kfh7jlKs7NTus6wsbC3 - atG16mHhc+azs9BY9nfFtQXNRjLD6ioQq0cEjk/+ZPsVli47Tbjc8GEN2c0NOwWsCXIE1wcfRu7x - sX60eaFNc2nSciIsVi+JOh7gChUx6mPshp2hjm6EFdvF8S4KnXXiVTKHXiGshp7SmZ9kojsVkk6J - Dj3cv6LF3l3pc1LYD4K1lsVtLVicnAgrcH6jovbx097MFjnJrdODG5cgUhbhbwxZlXMEc0n/XLio - DkEKnhNzTkHPBY7PXfbT8UpDh73I7a97qGa7F/y8AVFUv49X9Rw6BJYbE9lDyGxjbFv93Wci00g7 - ZAZPR2bwn8j8f6j8CwAA///sWetP2zAQ/1esSUhQLWmTPlIqIcYEk5AGQnswiX2pid0mU5tEebRf - +OP3O9t5EChsFTAmoVZtYt8553v8znf5E60gqj6mPPKD7jc+n3TYORxNjxbhQpweN4fgh9gZhXLQ - GC4/gWNX4a7u+/ZzmrmM5647dsaIos6xAkxg2a+YUSqBiI8zsl363QN7GX5gIz+h7f44wc1P/Fnb - uD6tcKlXeMpIrBV+WSwiFO+UwSuEaKIhdKqcquaAjirU7gBdS0miGHBucNAO4y4XqzAD8ktKhh4A - fUaqhcOUWZssN62fNGU4X7BVLQ9QPTVWl7XVRWX1zFid5znSY/aerYPQDxjO2PM50LXAZljC8axo - zjhDMeCDEWcWP+UzkmN65Psyya3PPJoXAOIpCyQX4FxxJDhb75Y1FHQWi2Ihm9q5PV+WIpOm54Hk - Qp23RTmP6Xk57dxeAZQB2DFY6n1itk4sXMmrLm+JQD5GP+RhuKVtZVglKa4Xoa9MdhaqvGgs9l0d - hEi/xhRaFAZrLzCRqq13TpcJ93OiP49ZqG4Y6rVVKKRQBF9zmWTaShgXhS81sQn0LwglHBghy994 - iWJMYsqP5PW7XCzDaI/t7t0scdLM40nlu/dCxfPDhLctTHgKJrxHYWKbPHAHJp4mLdVB/0IwMXqD - iReAicF/DhMjw/gITNztSTibehLOYNPEsJygOiZP4UGqOULdmxZpryJtT1R1frmjTYSb6v5e1YFS - ThxQyXBPv6tdXrVX2a/kKJZLTgXjuwdrIFIgdX/idMvSknoAh3BH6i+dioPhjA/6wrkeD3rDawjk - efuO646okq2I8IQHyCRZ90gIcnVQ1jJYppP4IV7zLCGQo0UfbOfqFqSNOlaR2Shcu/qyO3RcZyCd - nuy7Yn/k9/2h5/jjoRA9Ppo5cnwoDtQqO/2jHfcTvprPWvLIFHSWpYcyu8isNTRiuTZ5v62jjVRm - JZxnpDHwK0TniwyXxxfWyE4ikr/dJ379Ere7za9f4nbH+rVLDNwRul9smjHNo8iFedVC8URVmm7i - auy6AuCC/KRI40R2r4BDPnUqTeDRGxLMVpFMzzHvekwfJzVw+wYFL2/0fwkFvwEAAP//ItfFo0UB - rV1Mh6IAAAAA//+CFQXwZgbQiemQHFcNmlyFsg2A5uaXJOYAWVjaRcBGl1J1rRKmBK6JIANcE0EG - 8IkgdAl4+y01ryyzKD8P0kKCjjKXQmf6IVyivJCfCzGhGsaEloJklHxIaxT0YebqKOUmVgSlFpfm - gAxGshs8pl9U4lgCcUdZfgnVZv0gZsHNBFqVkVgclg+eEYHNPIKmMkHzDCAb4e5AdawRimuhGsCh - U1tbCwAAAP//AwDzVBjjMCIAAA== - headers: - ATL-TraceId: - - 71c306f8c4f6fa64 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsdY9TJdCg4CS2l1DjJA2GYRTqWNki7yu7Klwb+e8+R + LDsxOBPoNPAgaXfP/TvfHn9yYFFymTiRo0EmoCF5KSBPTEfyAkzHxBkUvKNK0NwKJU0HEmELsLwT + Z1ymkKu0MwNtcA+SMZQaDEi7OhtXxqpiSgqvAt8PfFfDxwqMnSxLONM8tiIGp+MIsh8Ee3shfhjI + p/iZWVuayPMSmEJsE/VBudzm3BjBpSvBemjJerwUXugJYyrwWgU3sET508nofNIN+r0+LtUuGCf6 + 5Bj0rTIxt5AqvWxiSPALJUI/DLv+sBvsT3w/CoZRuOfuD4Y/+6Hvk5NkxKLjtZonOknyHqbCJ0eb + sFcfCZhYi5ISh6sHzBQ8zzssEcYKGVtWCoiBqSmbK33jknSs5BudP9KLSgoqF8+v+Ixbrr2ZgLlX + u7VxcLUV+L1g+KsR/8CLAsteFWiVYIEmJ9zcUK2qa0tv0ZTnBjpOI3iMcdWyHScTCBwdZ8sTmAH6 + 6t91HCsQWSWixIlkhTE6WzDp+bs2gnaj1OoDhvrESqyk6zrUlW3rQB+foWcT7hsprEUFxlnbJgj/ + UZ81amrnXBOQjSjKXKDDyVZKsFA1/PrDRX/4SHe/UrI2knXB+v4euhH2F2H//7XSwKIGKRoMBotg + 8D0MLlqLvXDRC7+HxRXy7+7uwzFs4TgVi7cNB2KRLy6x6GmqIUVauYd1dEflVdPlD4I83Nu1Mdy1 + sX9feUNpzSoRRs3eTtQNOg4mx77FwAmjqwPcIs039Pj4bmrId0O3XqNOU6/Ur4eqovgDotB3tCBk + 6kRWV3C3YlXSpkXcZOXTvTXyDI+aTFV5ciRMmfPlqr+oKhowWGrhhwj8+dBvCXw7bbtoJlzTzPbG + uuDbG70NMQmlhV0+MZetuFdfD99O8KLgKRiPJEyrROBCJtLMNbN0w2SvcaWlvNC5IzhcA3ETwXb7 + vh7siDfYhdFgSIFn3IxKEZ8IefOSdo6gpNlCxm3V6lrO6731ilRyhKMFv85hDNw0SNCrN+fs5M2r + 49Ork+PD0en56Go0Hv81xjCwuQxGjgcmGbAzJGFpGdllwjAl8yXDhhY5KWVWsd+F5uxMQ4EdzSqD + GHUfauwAG8rxb4XvD7Ne5Gy1M+Y2FZLnWDVM+6bNaG97bTUZrdJb4zpH71qWwAKmEtanq5La9huQ + 3AwxT8RYI7y+/L6cOx4Huw2sfuPxDY6CLbJa5Y2tw9W09Z8cbke2pjXQSNje1RLm1N0qV/q08eY6 + r6CbamSJzcCi2JFqiq2KEodVaVdV+FpNv0zOe/n5/wFLtapKGsleCpkgqRmGyGfXAJKVlckgqTF3 + PD6g5zUwIWdkgICUMBy6Gd4bkESkLAtd9orUvZfP6ueziF2s1QoZMYnRW8Gt0pHvPnd7t5RCzGCu + Yp5nytho6A99b9rIXNW+ecElyrKLc4grohX2Ws27Vj0sesk8dhEYy/6uuLag2Uim2FsFZuorAqdn + f7KDChuXncdc7jjYJOz2lp3jFFg7gu+Hb0f1413zaKtCH6vLlF4nwmLvkmiNAnxDRYxYjN2yC9TR + DbFfuzhuhkFtnVAlZ4krcXB2UzXzZlUuEWcWecD78vwlqej5/lounoNbCKvBVTr1sBk5AVTg8EdN + 7OFRN7NFTnKbcuBHXRBSFuLfGNIq55i+Bf0YquM4Ail4Tkg5Bz3D3zysy348XWvosB9y+8sLVDNw + /Z925BDVH+BtOIMOpaeeMdlDuRhgbM97+9+ci8G/AAAA///sWVlr20AQ/itLISUxkaKV5SMuIQ24 + gUBTTEP7kL54rV1LKrYldCQv+fH9ZrWSj/hoHRJcCDa2pJ3ZnZ3jm51RSa914f29LrydunhbPSBu + KufqNbRO6Blr9AvF+gg4PLxTSW4z3jllBK9sOZqrT8jtOpz1fdN+TbNW8Xrmehxh0uhrPARU/Y4Z + ZQqIvZOPHePnZJ0Ctm+fNRB7GPiFP2uvMMCa8CI9xcsCcdkGjbu4SKHN62iigIOq1PjHIP8kfB+7 + 0Jdzp1tg7M/xugFcrcWIAeQGA+0oPhPyIcqA+YrSYAdQPiatw5GqfE02Hc5XGDKcLBjJj2rWnCVS + 4w9GOvIHWftDZvxB5DkSY3bKHsPIDxkOtEEAZC0AdSwRWGsWMMFQIPhgxGnFT8WY5Bhe6Y1aX8Us + KADCQxYqIcH5IJDa7HK37OdcoNtYFhO1mCWWx6vypLfokyAZ6LO6rMYxHFTDfHkGUIZgx0N4uQ7y + 3m7DELr36If8C7e0rQyzJMVoEvnGaLeRzonGZj/0IYg0bIxRCsMALhMMpGbz4LuZJsLPiedbzCJ9 + w1DHPURSySV3+o6gwskQS/+LUxjWJKZkSD5+LOQ0mp2w45OnKXw4j3u1365FjVdHDEqs+yCGQ4jh + vBQx9koWzxBj33S1aOC3Roz2O2K8AWJ4/xditGvWHYjxvBPBN3UiuLdYXOYpPEP3Tqgbskra2jCH + s3Ggru6rPW0i3FTtO3VHSnttSKXC2kaCU3eolirp1WorK6ZTQWXih62VDymQej5xumdBSZX/JfyP + +lI38qI1Fl5T8lHXc1ojSNvpnHPXbVP9WhNhhS1kiqx7JSX5NijnMlimr/g5fhRZQuBIk27tCGtj + KBvVqyazUa5WXckWd7mnuKOarjxv+02/1eF+tyWlI9pjrrqX8kLPctS8OnKv8S35rKmYmULOsspH + mV1k1iM0Yrk2RJR2GV6kMisRIiONgV8DuJhkuOwPrLadzEj+1e7y4Uu82p4+fIlX29uHLjEASZaN + WdOCWTyWDMzbGoonqtzK5m8Javco+kH+pUjjRJ3dA4d86k+awKOXLBitI5nWMe+cTPcmNXD7DgX7 + Gv0PAAAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMBbE0AnpkNyXDVofhbKNgCam1+SCJ12Rm+T + 4JrlMcA1y2MAn+VBl4A301LzyjKL8vMgDSHoEHIpdH0BhEuMS8vyS6g3GwcxDG4o0KaMxOKwfPA8 + A3wKLT8X4uRqGBNaupLtAPBaDH2YuTpKuYkVQanFpTkgg5E8C54hKCpxLIF4HDRTCZpFAHkdLo6q + 2QhFN1QD2LW1tbUAAAAA//8DADzDtmPOIgAA + headers: + Atl-Traceid: + - 0e16315200dca284 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 89e33d0b-44aa-4543-b2ae-b32e46b0ca75 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '256' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d323df09-97e5-40c8-af01-065b04370e8c - x-envoy-upstream-service-time: - - '107' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmm2W3EQPKrIK7Z5EJGknWEmT0qTCsux/N8HFj9vwzvPM - y5yIVgEPiyWSvMc4B7nZDGiwj4P/8FRFq0IYlaMOIynIJy5h9C7BFUBFgULZ7q+f27un7ne7Xyed - JiJfMlRAAa8FGXC2/jihi91xxnTgxvp1SJJeRzt8K0RmYSsu4a2KGWTAqhJ4yURXcQmVrDkFgCtg - AMkPuKTebpz+sbuuYrJmknHKmfhh++neGZ9AwXai2Rqt+hprhQ30phGNHrQSYHoAxbkQGus/BdHm - hodxUSS/Y9Rq46PvVY5PxF4mgu7t0JLz+QsAAP//AwAR38SDWgEAAA== - headers: - ATL-TraceId: - - 24eb53ee8e054395 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0HvZwsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsx327u33eNre91ul7FL + E4j3Fcoww0MGSk/WH0ftYnucdDpwb/2iktQtg1W/CogkMKwu4YOMK8iQsRybnPIWG4FcsIog4k0i + MflBz6m3HcZ/7G2LKGgjCiRldWX78ckZn8C6pNwUxpiCN4zVWDSIZSVZTXuJqu45LzUW9d+CaNeG + 52GWsL5j5GLji+/lGp/AXibQ7mO/g/P5BwAA//8DAAFK4ZdaAQAA + headers: + Atl-Traceid: + - 8ddfd7cacae8cb27 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 559f53d3-b510-49dd-915b-053444a9b59a - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f9b35df4e86db1ee - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:30 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1805a24e-d8f6-431d-8d89-455bd9182fab X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1e8e220d-fe2d-47af-a0cf-6d8bdd1a1591 - x-envoy-upstream-service-time: - - '82' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,98 +549,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6xXW1PbRhT+Kzt6yLSprJsdMOowGQpOQptSapzkgTDMWjrIG6Rdze7KNg38956j - iw0EU0JqHrS3c/vOd84uXx1YllymTuxokCloSN8IyFPjSl6AcU0yg4K7qgTNrVDSuJAKW4DlbjLj - MoNcZe4ctME9SMdQajAgbXPWcR1BmsMw2B7ixEB+gdOZtaWJfT+FC0hsqr4oj9ucGyO49CRYH3VY - n5fCj3xhTAV+p+ASrlD+aDI6mfSGwx1cuaiddeKvjkGjlUm4hUzpq8a5FGcoEAVR2AsGvWg4CaO4 - H8VR6G1vb/0SREFAPpINe1VCreaZPpK8HwZBEK2ibicpmESLkhDB1T1mCp7nLkuFsUImlpUCEmDq - gi2UvvRIOlHyg86f4oWBpNLgzwUs+Jxbrl8b8Q/sFpikqnjRLB2mu2HQD4ftdIKO7q5Ddh1KNNqa - cHNJOaqmlkbxBc8NuE6nw4lrJTeuYwUSo8QkO7GsMBKn1OoLuvdM9FrpGrs6Gx12NLmV8LWnH6Sw - FhUQv1ppCuqP+qxRF3bBNQVmRFHmAhmS3osGwa0pMxguB8OnuNvC3BprkS4FAYu/2zgPgm20HA2W - 0eDZiusU1ix5YdrvI7bCrWW49WO2lp2xdvCItX607Ec/Zq0lp+kGG63d3FB9Lz823QUzdnqGGcwy - DRnW9Tc0RE6pvGrKrFlJKmNVUbeIc7QQbW/aGH6ro2kdzSoVZt3+nLgXug6GaT9ixRGv2gPcYp9s - 2tD3V0DT41ZdzW+0aaJ3PdxXFUUZUqf6RAtCZk5sdQU3bfMiZVokTexfv1kjx/ComakqTw+EKXN+ - 1ZYELicaMFaquof65Ksg7PrkfdSCTXCGmzaiTRv9dS8RSgt79UwoO3G/7sJP76Oi4BkYnyRMp0Tg - wkxkM8/Ms3XzeYcrXZeKnBtiwxSonRA574VFdflgvOEmJoZDCnzGzagUyXshL+vL+ABKuptl0mWt - zuWi3lutSCVHeDXzaQ5j4KZhgm5HzvH7D28Pj87fH+6Pjk5G56Px+K8xhoElZDByPDCZATvGvikt - I7tMGKZkfsWwJkVOSplV7HehOTvWUGDdssogR726Su9HsYMKg2sRBAMuY6e5MjBJiPK6qO4UMuKd - Ccnz+4fal0ULb83rHL3regEmMJOwOl2VVLVPYHLzVngmxxrh1X1193r/PtqtafUbTy7xKdUxq1Pe - 2NpvHzU/5HD3MmpKA41E3fUqYUHVrXKljxpvpnkFvUxjl1g/DxQ7UE2yVVHiY0/aNguP5e8uOJ/l - 7b89lmlVlfTyeSNkik3NMGQ+mwJIVlZmBmnNucPxHn2nwISckwEiTcrw0crwdoA0JmWzyGNvSd1n - +bL+vozZ6UqtkDGTGL0V3CodB94rr39NECKCuUp4PlPGxsNgGPgXjcx57ZsfhTtnKM1OT+g6w8bC - 3qlFz6qHhc+Yz05DY9nfFdcWNBvJDKurQKweETg6/pPtVVi67CThcsPBBrLra3YCWBPkCI73P47q - z6fm0+WFJu2lScOJsFi9JFrzAEeoiFEfY9fsFHX0IqzYHj7vorC2TrxK5uAVwmrwlM78JBO9qZC0 - SnTwcP6aBrt3pc9IYT8I1loWt7VgcXIirMD3GxW1j0e9mS1yklunByd1gkhZhL8xZFXOEcwl/XNR - R3UAUvCcmHMCei7w+dxjPx2tNLjsRW5/3UU1W17w8wZEUf0e3o5zcAms+pnIHkJmC2N71d95JjKt - dI3M4OnIDP4Tmf8PlX8BAAD//+xZ62vbMBD/V8Sg0IbZiZ2H00DpOtpBYS1ljw66L1EtJfZIbONH - 8mV//H4nyY+4S7uFtuugJCS2dCef7vE73flPtIKoep/yyA+6X/h80mGXcDQ9WoQLcX7aHIIfYmcU - ykFjuPwEjl2Fu7rv209p5jKeu+7YGSOKOqcKMIFlP2JGqQQiPszI9un3AOxl+IGN/IS2++0MN9/x - Z+3i+rTCtV7hMSOxVvh1sYhQvFMGrxCiiYbQqXKqmgM6qlC7A3QtJYliwLnBQTuMu1yswgzILykZ - egD0GakWDlNmbbLctH7SlOF8wVa1PED11Fhd1lYXldUzY3We50iP2Vu2DkI/YDjWzudA1wKbYQnH - s6I54wzFgA9GnFn8lM9IjumJ78sktz7yaF4AiKcskFyAc8WR4Gy9W9ZQ0EUsioVsamdzvixFJk3P - A8mVOrGLch7T83La2VwBlAHYMVjqfWK2TixcyasuN0QgH6Mf8jDc0rYyrJIUt4vQVya7CFVeNBb7 - qg5CpF9jCi0Kg7UXmEjV1jvny4T7OdFfxixUNwz12ioUUiiCz7lMMm0ljIvCl5rYBPonhBIOjJDl - b7xEMSYx5Ufy+n0ulmF0wPYPfi5x0szjSeW7v4WKp4cJb1eY8BRMeA/CxC554A5MPE5aqoP+mWBi - 9AoTzwATg/8cJkaG8QGYuNuTcLb1JJzBtolhOUF1TJ7Cg1R7hRomLdJeRdqeqOr8ckfbCLfV/b2q - A7VRFrfLqTbXYcVFrh9QoaFrsqxYLjkVjG/urYFIgdT9idMdS0vqARzDHalDdS6OhjM+6Avndjzo - DW8hoOcdOq47okq2IsIT7iGTZN0TIcjVQVnLYJlO4rt4zbOEQI4Wvbedq1uQNupYRWajcO3qy+7Q - cZ2BdHqy74rDkd/3h57jj4dC9Pho5sjxsThSq+z1T/bcD/hqPmvJI1PQWZYeyuwis9bQiOXa5P22 - jjZSmZVwnpHGwK8QnS8yXJ5eWSM7iUj+dp/45Uvc7ja/fInbHeuXLjFwR+gWrWnGNI8iV+ZVC8UT - VWm6Dayx6waAC/KzIo0T2b0BDvnUqTSBR29IMFtFMj3HvOsxfZzUwO0rFDy/0f8lFPwCAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF8GYH0InpkBxXDZpchbINgObmlyTmAFlY2kXARpdSda0SpgSuiSAD - XBNBBvCJIHQJePstNa8ssyg/D9LWgY4yl0Jn+iFcYrxQll9Ctfk6iFlwM4EWZSQWh+WDZyLgk2z5 - uRAXV8OY0FKXbPvBayL0YebqKOUmVgSlFpfmgAxG8it4DqGoxLEE4m/QVCZongHkc7g4qmYjFN1Q - DWDX1tbWAgAAAP//AwAGgGuCMCIAAA== - headers: - ATL-TraceId: - - 2b82619cb9a49515 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsdY9TJdCg4CS2l1DjJA2GYRTqWtqx31d2VLw357z1H + suwEcCbQaeBB2su5f+fT8QcPliVXmZd4BlQGBrKXAmRmO4rPwHZsWsCMd3QJhjuhle1AJtwMHO+k + BVc5SJ135mAsnkE2htKABeXWd9PKOj2bksKrKAyj0DfwdwXWTVYlnBmeOpGC1/EE2Y+ivb0YFxbk + FJeFc6VNgiCDKaQu039pnzvJrRVc+QpcgJZcwEsRxIGwtoKgVXADK5Q/nYzOJ92o3+vjVu2C9ZIP + nkXfKptyB7k2qyaGDFcoEYdx3A2H3Wh/EoZJNEziPX9/MPwxjMOQnCQjDh2v1TzRSZIPMBUhOdqE + vV5kYFMjSkoc7h4wO+NSdlgmrBMqdawUkALTU7bQ5sYn6VSrN0Y+0otKCSoXl1d8zh03wVzAIqjd + 2jq4PorCXjT82Yp/4MUMy17N0CrBAk1OuL2hWlXXjt6SKZcWOl4jeIxx1bIdrxAIHJMWqxOYA/oa + fux4TiCySkSJl6gKY/TuwKQXtgel0X9hRE9M+Fq6TnddwDbdtPgEJNuo3ijhHCqw3sY2IfW3+q7V + U7fghvBqxayUAh3O7kSO9ahR1h8u+8NHuvuFyrSRbOrSD/fQjbi/jPv/r5Wm+jUW0WA0WEaDb2Fw + 2Vrsxcte/C0srgH+8eN9OEa7cBq3B1OxfNtwIFb/4hLRkOcGcqSVe1hHP7Wsmi5/UGu8t+tguOtg + /77yhtKaXSKMmr29pBvhkjsk9YYMH99UDdVuyTVo1Blqmfr1UFcUbUSE+Y42hMq9xJkKMLWo1L3F + alDjNM7V+ki/EWmTlQ/39shXFLaFrmR2JGwp+WrdeFQuAxgs9fZDBP58GLYEfjdtG5q5e7Cr4PGm + 4KUR2gi3emISW/Gg/gp8PY+LGc/BBiRhWyUCNwqRF76d51sme407LeXF3n1Qx702FMmvgUiLYHv3 + ez3YkYhoF0ajIWWk4HZUivREqJuXdHIEJc0WKm2rVtdyUZ9tdpRWIxwt+LWEMXDbIMGs37yzkzev + jk+vTo4PR6fno6vRePzHGOPD5rKYErwwKYCdITsrx8guE5ZpJVcMO11IUsqcZr8Kw9mZgRm2Oqss + otZ/qOMjbCgvvBVhOCx6iXennTHpuVBcYjmxHts2o7O7e+vJaJ3eGtcSvWtZAiubK9jcrkpq269A + cjPEPBF8jfDmq/j53PE4PG7x9gtPb3AUbCHXKm9sHa6nrf/kcDuyNT2DRuL2I65gQd2tpTanjTfX + soJubpAltgOLZke6KbaelTisKreuwpdq+nly3qtP/w9YbnRV0kj2UqgMac4yRD67BlCsrGwBWY25 + 4/EBPa+BCTUnAwSkjOHQzfC7AVlCyorYZ69I3Xv1rH4+S9jFRq1QCVMYvRPcaZOE/nO/d0spxAxK + nXJZaOuSYTgMg2kjc1X7FkSXKMsuziGtiG/Ya73oOv2w6CUL2EVkHfuz4saBYSOVY2/NMFNfEDg9 + +50dVNi47DzlasfFJmG3t+wcp8DaEXw/fDuqH++aR1sVWqw/pvQ6EQ57l0RrFOAbKmJEb+yWXaCO + boz92sVxM45q64QqNc98hYOzn+t5MK+kQpw55IHg8/uXpKIXhhu5dAH+TDgDvjZ5gM3ICaACp0Jq + 4gCv+oWbSZLblgMXdUFIWYx/Y8gryTF9S/oxVMdxBEpwSUg5BzPH3zysy74/3WjosO+k++kFqhn4 + 4Q87cojqD/BrOIcOpacePtlDuRhgbM97+1+di8G/AAAA///sWVtv2jAU/ivWpE4UNSEO4VKmqqvE + KlVaJ7Rqe+heMLGBTECiXNqX/vh9x3ECpAU2qiImVa2AxOfEx+fy2d9JLq994f29L7ydvjisH1A3 + RXL16tondI/V+5lifRQcbt6pKLUZ75wxgle2Xs3F35TbZTnr66b9lmEt6rXhehxlUu9rPARU/Q4Z + 7RQwe6ceq+Hj9CUHbF8+q6P2MPALX9ZeZYA5kUX6Ea8rxPUY1O/CLIY3r4OZAg6q3OMfJ+kn4ftY + hf65TLoVxf4Sr+vA1dKMEEBuMNAOwoaQD0ECzFe0DXYA5WPyOhKp2K8ppsPlDEOGkwUj+8FmzVki + NvlgrKN8kGU+JCYfRJpiY0zO2OM08KcMB9rJBMiaAepYJDDXYsIEA0HwoYjTih+LMdkxvNILtb6K + xSQDCA/ZVAkJzQeBrc3OV8t+Lg26DWU2U6u7xPp4QU96qzkJkYE+vctiHMOTYpivPwGSU6jjJrJc + F3lvd2AI3Xv0QfmFS1pWgqdE2WgW+CZot4HeE03MfuhDEHnYBCM3hgFcZhiIzeKhdzOPhJ+SzreQ + BfqCgeA9BFLJtXT6jqLCyRBT/0tSGNUopM2Qcrwm5DxYnLLa6dMcOZyGvTJvX0SNN0cM2lj3QQyH + EMN5LWLstVk8Q4x9t6vVAB8aMdrviHEAxPD+L8Rol6o7EON5J4Jv6kRwb9NAa5V1pjFSRrdZqE1S + EXVK0epAye6LNW0S3MT2nbIjtUaQqySqqlW2q3SuT4lg5EwsyeZzQTTxw1bmQw6knk8Y70koiflf + Iv+oU3UjL1pj4TUlH3U9pzWCgZ3OOXfdNvHXUggzbBFTFN0rKSm3Ibm0wTINx8/ho0giAkd66NZW + sQ6GssFetZgNulq0K1vc5Z7ijmq68rztN/1Wh/vdlpSOaI+56l7KC/2Uk+bViXuN/1zPmouFIXKW + ld9K7CyxHuERy7VhorTz8iKXWZEQCXkM+hrAxSzBz/7AatvRguyvtp2P3+Jq3/r4La72vY/dYuCO + zBuzpgWzeiwZmNc4VE/E3PJ2cI5d9yD9EP+SxWGkGvfAIZ8al6bw6O0LRstKpnnMOyfTvYkN3L5D + wb5B/wMAAP//Ij/SR4sCeriYpkUBAAAA//+igYvpWBTAmx1AJ6ZDclw1aOIWyjYAmptfkgiddkZv + huCa5TGAz/KgS8DnTNAl4M201LyyzKL8PEiTBjqEXApdXwDhEuPSsvwS6s3PQQyDGwq0KSOxOCwf + PM8An0LLz4U4uRrGhJauZDsAvBZDH2aujlJuYkVQanFpDshgJM+CZwiKShxLIB4HzVSCZhFAXoeL + o2o2QtEN1QB2bW1tLQAAAP//AwD+LAYIziIAAA== + headers: + Atl-Traceid: + - 2513bce9eceaab34 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c68cdd1a-a8d3-4d1d-bc69-a4d49758c4f4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '457' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c0314490-532b-4f09-bd1f-f74b661848c8 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -839,110 +656,116 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 479cad3de05eb027 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - b5f04aea20dade97 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8046aa38-23e7-4dde-87a6-23dec9f96055 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '229' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2a0ec853-695d-4676-8661-ba7e51946233 - x-envoy-upstream-service-time: - - '90' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: negotiator:0.5.3|http://localhost:8080/finding_group/219] in [Security How-to|http://localhost:8080] + in: negotiator:0.5.3|http://localhost:8080/finding_group/1] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] + | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2818]\n*Defect Dojo - link:* http://localhost:8080/finding/2818 (2818)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/241]\n*Defect Dojo link:* http://localhost:8080/finding/241 + (241)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2817]\n*Defect - Dojo link:* http://localhost:8080/finding/2817 (2817)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings in: negotiator:0.5.3"}, "update": {}}' headers: @@ -955,51 +778,57 @@ interactions: Connection: - keep-alive Content-Length: - - '3271' + - '3261' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: '' headers: - ATL-TraceId: - - 7c4623f333d77900 - Connection: - - keep-alive + Atl-Traceid: + - c948caffd1e1cf51 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6a673ecc-fb17-453c-88f7-2014d597bb6c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '213' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - efe435b1-76a1-410b-b789-d4c41c633bd5 - x-envoy-upstream-service-time: - - '93' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1009,98 +838,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxAaMOk6HgJLQppcZJPhCGOUuLfEG609ydbNOQ/97d - k2QDwZSQmg/3otu3Z5/dO754sCy5TL3Y0yBT0JC+FpCnpiN5AaZjkhkUvKNK0NwKJU0HUmELsLyT - zLjMIFdZZw7a4DdIx1BqMCBtfdbreII0h2GwM8SFgfwSlzNrSxP7fgqXkNhUfVY9bnNujOCyJ8H6 - qMP6vBR+5AtjKvBbBVdwjfLHk9HppDsc7uLOpXPWi794Bo1WJuEWMqWva+dSXKFAFERhNxh0o+Ek - jOJ+FEdhb2dn+5cgCgLykWzY6xKcmmf6SPJ+GARBtIq6WaRgEi1KQgR395kpeJ53WCqMFTKxrBSQ - AFOXbKH0VY+kEyXf6/wpXhhIKg3+XMCCz7nl+pUR/8BegUmqihf11lG6Fwb9cNgsJ+jo3jrkjkeJ - RlsTbq4oR9XU0iy+5LmBjtfq8GKn5GvHswKJUWKSvVhWGIlXavUZ3Xsmeo20w85lo8WOFrcSvvb0 - vRTWogLiVyNNQf3hzhp1aRdcU2BGFGUukCHpvWgQXEeZwXA5GD7F3QbmxliDdCkIWPzdxnkQ7KDl - aLCMBs9W7FLoWPLCNOMjtsLtZbj9Y7aWrbFm8oi1frTsRz9mrSGnaScbrX39SvW9/FB3F8zY2Tlm - MMs0ZFjX39AQOaXyqi6zeiepjFWFaxEXaCHa2fRh+K2OunXUu1SYrv15cTfseBim/YAVR7yqD7hy - Ik5rkdQOfPlmjxiHAZmZqvL0UJgy59cNL3F7wS122rqRfX8N1V1y1Rf9WpumAnHTA1URTiF5+pE2 - hMy82OqKTCcaMFaquof65FYQtn3yPmrBJjjDTR+idcsQSgt7/cx4W3HfNdunt0tR8AyMTxKmVSJw - YyayWc/Ms3WPeYs7bTOKPELpXij9NpScT4HaCZHz3iGqyweBCDcxMRwSIjNuRqVI3gl55S7jQyjp - bpZJSxhHo4X7ttqRSo7waubTHMbATU1C3cy8k3fv3xwdX7w7Ohgdn44uRuPxX2OMD0vIICR4YDID - doJ9U1pGdpkwTMn8mmFNipyUMqvY70JzdqKhwLpllUGG9VyV3o9iFxUGNyIIBlzGXn1lYPYQ/nVR - 3SlkTEQmJM/vH2peFg28juY5etf2AsxsJmF1uiqpap/A5Pqt8Ezy1cKr++ru9f59fFzz7TeeXOFT - qqVcq7y2ddA8an7I4fZlVNcMGona61XCgqpb5Uof195M8wq6mcYGtX4eKHao6mSrosTHnrRNFh7L - 311wPsnbf/ss06oq6eXzWsgUW5JhyHw2BZCsrMwMUse5o/E+jVNgQs7JAJEmZfhoZXg7QBqTslnU - Y29I3Sf50o0vY3a2UitkzCRGbwW3SsdBb6vXvyEIEcFcJTyfKWPjYTAM/Mta5sL55kfh7jlKs7NT - us6w47C3atG16mHhc+azs9BY9nfFtQXNRjLD6ioQq0cEjk/+ZPsVli47TbjccLCG7OaGnQLWBDmC - 84MPIzd8rIc2L7RoLk2aToTF6iVRxwOcoSJGDY7dsDPU0Y2wYrv4vItCZ514lcyhVwiroad05ieZ - 6E6FpF2iQw/Xr2iyd1f6nBT2g2CtZXFbCxYnJ8IKfL9RUft4tDezRU5y6/TgwiWIlEX4G0NW5RzB - XNI/Fy6qQ5CC58ScU9Bzgc/nLvvpeKWhw17k9tc9VLPdC37egCiq38eLeQ4dAss9E9lDyGxjbFv9 - 3Wci00g7ZAZPR2bwn8j8f6j8CwAA///sWetP2zAQ/1esSUhQLWmTPlIqIcYEk5AGQnswiX2pid0m - U5tEebRf+OP3O9t5EChsFTAmoVZt4rtzzvf42Xf5E6sgqz6mPPKD7jc+n3TYOQJNjxbhQpweN4cQ - h1gZpXLQGC4/gWNX6a7u+/ZzurnM5647dsbIos6xAkxg2a+Y0VYCFR8XZLv0uwfxMv0gRnFCy/1x - gpuf+LO2CX2a4VLP8JSZWBv8slhEKN5pB68QoomGsKkKqloCNqpQuwN0LTWJYsC5wUE7jLtcrMIM - yC9pM/QA6DMyLQKm3LXJc9P6SVOG8wVb1foA1VPjdVl7XVRez4zXeZ5je8zes3UQ+gHDiXo+B7oW - WAxLOJ4VzRlnKAZ8COLM4qd8RnpMj3xfJrn1mUfzAkA8ZYHkApIrjg3O1qtlDQOdxaJYyKZ1btPL - UmTSjDywXKjztijpIM9LsnN7BnAGEMdgafeJWTqJcKWvurylAsUY/VCE4ZaWlWGWpLhehL5y2Vmo - 9kXjse/qIET2Na7QqjB4ewFCqpbeOV0m3M+J/zxmobphqNdWoZBCMXzNZZJpL2FcFL7UzCbRvyCV - cGCELn8TJUowiWl/pKjf5WIZRntsd+9miZNmHk+q2L0XKp4fJrxtYcJTMOE9ChPb7AN3YOJptqU6 - 6V8IJkZvMPECMDH4z2FiZAQfgYm7PQlnU0/CGWwiDEsC1TF5ighSzRHq1bRYexVrm1DV+eWKNjFu - qvt7VQeqTdi/t15u11kq9AMqNHRNlhXLJaeC8d2DNRAZkLo/cbplaUk9gEOEI/WXTsXBcMYHfeFc - jwe94TW097x9x3VHVMlWTHjCA2ySvHskBIU6OGsdLNNJ/BCveZYQyNGkD7ZzdQvSRh2r2GwUrl19 - 2R06rjOQTk/2XbE/8vv+0HP88VCIHh/NHDk+FAdqlp3+0Y77CV8tZy15ZAo6y9JDmV1k1hoWsVyb - ot/W2UYmsxLOM7IY5BWi80WGy+MLa2QnEenf7hO/fo3b3ebXr3G7Y/3aNQbuCN0dNs2Y5lHkwrxq - oXyiKk03cTV2XQFwwX5SpHEiu1fAIZ9amCbx6A0JqFUm03PMux7Tx0kN3L5Bwcs7/V9CwW8AAAD/ - /yLXxaNFAa1dTIeiAAAAAP//ghUF6M0OYDtKqboWpAfW7AC6PR2SFatBs65QtgHQwvySxBwgC4sp - uCaCDOATQegS8GkVdAl4+y01ryyzKD8P0taBjjKXQmf6IVxiXFqWX0K12TaIWXAzgRZlJBaH5YNn - ImDze8CkBXFxNYwJLXXJth+8JkIfZq6OUm5iRVBqcWkOyGAkv4LnEIpKHEsg/gZNZYLmGUA+h4uj - ajZC0Q3VAHZtbW0tAAAA//8DAFNW3VIwIgAA - headers: - ATL-TraceId: - - f8cb833429d665af - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsdY9TJdCg4CS2l1DjJA2GYRTqWNki7yu7Kl4b8954j + WXYwOBPoNPAgrXbP/TvfHn9yYFFymTiRo0EmoCF5KSBPTEfyAkzHxBkUvKNK0NwKJU0HEmELsLwT + Z1ymkKu0MwNtcA+SMZQaDEi7OhtXxqpiSgqvAt8PfFfDxwqMnSxLONM8tiIGp+MIsh8Ee3shLgzk + U1xm1pYm8rwEphDbRH1QLrc5N0Zw6UqwHlqyHi+FF3rCmAq8VsENLFH+dDI6n3SDfq+Pn2oXjBN9 + cgz6VpmYW0iVXjYxJLhCidAPw64/7Ab7E9+PgmEU7rn7g+HPfuj75CQZseh4reaJTpK8h6nwydEm + 7NUiARNrUVLi8OsBMwXP8w5LhLFCxpaVAmJgasrmSt+4JB0r+Ubnj/SikoLKxfMrPuOWa28mYO7V + bm0cXG0Ffi8Y/mrEP/CiwLJXBVolWKDJCTc3VKvq2tJbNOW5gY7TCB5jXLVsx8kEAkfH2fIEZoC+ + +p87jhWIrBJR4kSywhidLZj0/F0bQbtRavUBQ31iJVbSdR3qyrZ1oMUX6NmE+0YKa1GBcda2CcJ/ + 1GeNmto51wRkI4oyF+hwspUSLFQNv/5w0R8+0t2vlKyNZF2wvr+HboT9Rdj/f600sKhBigaDwSIY + fA+Di9ZiL1z0wu9hcYX8z5/vwzFs4TgVi7cNB2KRLy6x6GmqIUVauYd1dEflVdPlD4I83Nu1Mdy1 + sX9feUNpzVcijJq9nagb4JJbJPWGDB/fOw3VbsjVa9Rp6oz69VBVFG1AhPmOPgiZOpHVFWAGUal9 + i0mn/micq/WRfi3iJiuf7n0jX1HYZKrKkyNhypwvV/1FVdGAwVILP0Tgz4d+S+DbadtFM+GaZrY3 + 1gXf3uhtiEkoLezyidltxb36evh2ghcFT8F4JGFaJQI/ZCLNXDNLN0z2Gr+0lBc6dUmugbiJYLt9 + Xw92xBvswmgwpMAzbkaliE+EvHlJO0dQ0mwh47ZqdS3n9d76i1RyhKMFv85hDNw0SNCrN+fs5M2r + 49Ork+PD0en56Go0Hv81xjCwuQxGjgcmGbAzJGFpGdllwjAl8yXDhhY5KWVWsd+F5uxMQ4EdzSqD + qHUfauwAG8rxb4XvD7Ne5DQ3FhYJs7zpqjstjvlOheT59qHVZLRKb43rHL1rWQILmEpYn65Kattv + QHIzxDwRY43w+vK7O3c8DnYbWP3G4xscBVtktcobW4eraes/OdyObE1roJGwvaslzKm7Va70aePN + dV5BN9XIEpuBRbEj1RRbFSUOq9KuqvC1+t1Nznv55f8BS7WqShrJXgqZIM0Zhshn1wCSlZXJIKkx + dzw+oOc1MCFnZIBAkzAcuhneG5BEpCwLXfaK1L2Xz+rns4hdrNUKGTGJ0VvBrdKR7z53e7eUQsxg + rmKeZ8rYaOgPfW/ayFzVvnnBJcqyi3OIK6IV9lrNu1Y9LHrJPHYRGMv+rri2oNlIpthbBWbqKwKn + Z3+ygwobl53HXO442CTs9pad4xRYO4Lvh29H9eNd82irQovVZUqvE2Gxd0m0RgG+oSJGLMZu2QXq + 6IbYr10cN8Ogtk6okrPElTg4u6maebMql4gzizzg3T1/SSp6vr+Wi+fgFsJqcJVOPWxGTgAVOPxR + E3t41M1skZPcphy4qAtCykL8G0Na5RzTt6AfQ3UcRyAFzwkp56Bn+JuHddmPp2sNHfZDbn95gWoG + rv/Tjhyi+gO8DWfQofTUMyZ7KBcDjO15b/+bczH4FwAA///sWdtq20AQ/ZWlkJKYSNHK8iUuIQ24 + gUBTTEP7kL54rV3LKrYldEle8vE9s1rJtuJL65DgQkiwLc2MdnYuZ3ZGBb+2hff3tvB22uJt7YC8 + KYOr19A2oXus0c8V6yPhcPNOxZnNeOeUEbyy1Wwu/ybcrtJZXzft13Rrma9nrseRJo2+xkNA1e+I + UaWA2jvl2DE+TtYZYPv2WQO5B8IvfFl7pQHWRBTpR7wsEVd90LiL8gTWvA6nCjioCot/DLJPwvex + C/1zEXRLgv0FXjeAq5UaEYDcYKAdRmdCPoQpMF9RGewAysdkdQRSWa/Jp8PFCkOGkwUj/dHNmrNE + YuLBaEfxIKt4SE08iCxDYUxP2eMk9CcMB9ogALLmgDoWC6w1D5hgaBB8COK04idiTHoMr/RGra9i + HuQA4SGbKCEh+SBQ2uxit+znQqHbSOZTtVwlVulle9JbjkmwDPTpXZZ0kIOSzFefAM4JxHETUa6T + vLfbMYTuPfqg+MIlbSvFU+J8NA1947TbUNdE47Mf+hBEFjbOKJRhAJcpCInZPORuZrHwM5L5FrFQ + XzD0cQ+hVHIlnL4jqXAyxNL/EhRGNI6oGFKMHws5C+cn7PjkaYYYzqJeFbdrUePVEYMK6z6I4RBi + OC9FjL2KxTPE2LdcLTv4rRGj/Y4Yb4AY3v+FGO1KdAdiPJ9E8E2TCO5tIrRKAnUvWYKQ0WMWGpPU + WJ2KtU7Y1N07VXdfbnYT46aJlFNNpHQ4T6iHWDMYq3dbaT6bCWoTP2ztfMiANPOJkj0bSur8LxF/ + NKm6kRetsfCako+6ntMaQftO55y7bpv614oJK2xhU+TdKykptsG50MEyc8XP0aNIYwJHeujWibC2 + ubLRvWo2G+1qOZVscZd7ijuq6crztt/0Wx3ud1tSOqI95qp7KS/0U46aV0fuNf4LOWsm5qaRs6zi + VmrnqfUIi1iuDRWlXaQXmcyKhUjJYpDXAC6mKX72B1bbjuekf326fPga18fTh69xfbx96BoDd2Qx + mDUjmOVjycC8raF8os6tGAcX2HWPph/sX/IkitXZPeDGp/mkSTx6yQJqlcm0jnnnZKY3iYHbdyjY + 1+l/AAAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMBbE0AnpkNyXDVofhbKNgCam1+SCJ12Rm+j + 4JrlMcA1y2MAn+VBl4A301LzyjKL8vMg7R3oEHIpdH0BhEuUS/NzISZUw5jQwo6MAg5paYQ+zFwd + pdzEiqDU4tIckMFIdoMH7ItKHEsg7ijLL6HePCHEMLihQLsyEovD8sHzHbCpPNBMJWgWAWQl3CGo + rjVCcS5UAzh4amtrAQAAAP//AwBqa7OBziIAAA== + headers: + Atl-Traceid: + - 58ceecd998ea09d9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d38f6366-435d-4383-8cb5-94c911d4be6d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '250' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 46c32d6d-6724-43d9-b567-24939e148999 - x-envoy-upstream-service-time: - - '174' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1110,61 +945,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPT0vEMBDFv0uuttlJ0m2W3EQPKrIK7Z5EJGknWEmb0qTCsux3N8HFPzCHx5vf - m8eciNEBD4sjirzHOAe12fRosYu9//BUR6dDGPREJ4ykIJ+4hMFPCWYAjAKFstlfPzd3T+3vdr+O - JimiXjJUQAGvBelxdv444hTb44zpwI3za59CZh1c/x0hKge28mLe6phBDpyVUJVctqxSwJSoKABc - AQdI+YBL6m2H8R+7axlXIg2jbCt+2G68n6xPoOQ7WW+t0Z1AobGGztayNr3REmwHoKtKSoPiT0F0 - ueFhWDTJ71i9uvjoO53tE3EXRXB6OzTkfP4CAAD//wMANpsnrVoBAAA= - headers: - ATL-TraceId: - - 5d984bb5123d9f9d - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jbZ3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5xQp6I5zA5J9J7SFOVmo401fdLhI2CVnIpxUB57k1CBPs0ch+AzTAAIBgzlfnf9vL97an+3u2Xs + 8oTkywoVUMBrgbSZXDiOxqf2OJl84MaFRWepWwanvxUks0ChvoS3Kq0gBUpLECXhLQgJXNIaA8BV + JiH70cy5tx3Gf+y2BZBESMawoNsfth/vvQ0ZbCrCLbPWMi4obYAJgKpWtCG9At30nFcGWPO3ILm1 + 4WGYFVrfsWpx6TH0ao1PyF0mZPzbYY/O5y8AAAD//wMAb+xOrVoBAAA= + headers: + Atl-Traceid: + - 518e38b66cdb1f3a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4fdb0ff7-81ad-45fe-8726-0c7929ffb41a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '110' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f3ae8a3c-a381-4025-a244-bbe720efa3f3 - x-envoy-upstream-service-time: - - '32' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1174,110 +1015,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 274c09e6438d514b - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GlTWW92jFEn06HgJLSUUuMkHwjDHNJauiLdqXcnvzTkv3dX + suwEcCbQaeCD7vZu35/dW39wYFlxmTqxo0GmoCF9KaBIjSt5CcY1SQ4ld1UFmluhpHEhFbYEy90k + 5zKDQmXuHLTBM0gnUGkwIO36blIbq8oZCbwKgyAMPA1/12DsdFXBmeaJFQk4riNIfxju7UW4MVDM + cJtbW5nY91OYQWJT9ZfyuC24MYJLT4L1UZP1eSX8yBfG1OB3Am5ghfyn0/H5tBcO+gMkNSYYJ/7g + GLStNgm3kCm9an1IcYccURBFvWDUC/enQRCHozja8/aHox+DKAjISFJi0fBGzBONJH4fQxGQoa3b + 600KJtGiosAh9YCZkheFy1JhrJCJZZWABJiasYXSNx5xJ0q+0cUjrailoHTx4orPueXanwtY+I1Z + WwPXR2HQD0c/G/EPvCgx7XWJWgkWqHLKzQ3lqr62tIpnvDDgOi3jMfrV8LpOLhA4OslXJzAHtDX4 + 6DpWILIqRIkTyxp9dO7ApB/sOgi7g0qrv9DVJ2Zizd3koclslwfafIKerbtvpLAWBRhno5sg/Ftz + 16iZXXBNQDairAqBBqd3QoKJauA3GC0Ho0ea+4WUdZ5sEjYI9tCMaLCMBv+vlhYWDUhRYThchsNv + oXDZaexHy370LTSukf/x4304Rh0cZ2L5tu2BmOSLS0x6lmnIsK3cwzqao4q6rfIHQR7t7ToY7TrY + vy+8bWktlRpG072duBe6DgbHvkXHCaPthabwKU5aJK1lH+7RCL0YApOrukiPhKkKvlpjHMkLbvGh + aBvs4+uxbd/bhu234jRVW7M8VDVFMCRT3xFByMyJra5Jd6IBnaUSfqiBPx8FXQO/G7ZdbSbatJm7 + B5uEV1ooLezqiQ537H7zCnx9Hxclz8D4xGE6IQIJuchyz8yzbcN6jZSus0XOfexG/c6Vgl8D9SaC + 7d33ergjEOEujIYjikjOzbgSyYmQNy/p5Agqmi1k0iGmwdGiOdtQpJJjHC34dQET4KZFoV6vnLOT + N6+OT69Ojg/Hp+fjq/Fk8scE/cPiMhgSvDDNgZ1hE5aWkV4mDFOyWDEsaFGQUGYV+1Vozs40lFjR + rDaIMO+hwg6xoJzgVgTBKO/Hzp1yxqBnQvIC04n52JYZnd2lrSejdXgbnBdoXdclMLOZhM3tuqKy + /Qokt0PME8HXMm8ev8/njsfhcYu3X3hyg6NgB7lOeKvrcD1t/SeDu5GtrRlUEnVvtYQFVbcqlD5t + rbkuauhlGjvUdmBR7Ei1yVZlhcOqtOssfCmnnwfnvfz0/4BlWtUVjWQvhUyxJRmGyGfXAJJVtckh + bTB3PDmg7zUwIeekgICUMhy6Gb4bkMYkLI889orEvZfPmu+zmF1sxAoZM4neW8Gt0nHgPff6txRC + jGChEl7kyth4FIwCf9byXDW2+eEl8rKLc0hq6jfstVr0rHqY9ZL57CI0lv1Zc21Bs7HMsLZKjNQX + GE7PfmcHNRYuO0+43HGxDdjtLTvHKbAxBNeHb8fN51376bJCm/VjSsupsFi7xNqgAFcoiFF7Y7fs + AmX0IqzXHo6bUdhoJ1TJeepJHJy9TM39eV1IxJnFPuB/fv+SRPSDYMOXLMArhdXgKZ35WIycACpw + +KMi9vGql9uyIL5tOnDTJISERfg3gawuOIZvST+GGj+OQApeEFLOQc/xNw/rse9PNxJc9l1hf3qB + YoZe8MOOGKL4A3yJ5+BSeJoZkz0UiyH69ry//9WxGP4LAAD//+xZbW/aMBD+K9akThQ1aRxCoExV + V4lVqrROaNX2ofuCiQ1kAhLlpf3SH7/nHCdAWmCjasWkqhWQ+C4+n++e83Mp5LUvvL/3hbfTF2/r + B+RNGVy9pvYJ3WPNfq5YHwmHm7cqzmzGOyeM4JWtZ3P5N+V2lc76umW/5raW+Xrqehxp0uxrPARU + /Y4YVQqYvVOPNfBx/JwDti+fNZF7GPiFL2uvNMCciCL9iJcl4voeNG+jPIE3r8KZAg6qwuMfJ9kn + EQRYhf65DLoVxf4Sr5vA1cqMCEBuMNAOo1Mh78MUmK+oDHYA5WPyOgKprNe0p8PlDEOGkwUj+8Fm + zVkiMfFgrKN4kFU8pCYeRJahMKYn7GEaBlOGw/RkAmTNAXUsFphrMWGCgSAEUMRpJUjEmOwYXuqF + Wl/FYpIDhIdsqoSE5r1AabOL1bKfS4NuIpnP1GqVWB8v6UlvNSYhMtAnbVmOY3hSDvP1J0ByCnXc + RJTrJO/t3hhC9x59UHzhkpaV4ilxPpqFgdm0m1DXRLNnP/QhiDxsNqMwhgFcZhhIzOKhdz2PRZCR + zreIhfqCgcfdh1LJtXD6jqTCyRBT/0tQGNU4omJIMd4Qch4ujlnj+HGOGM6iXhW3z6LGqyMGFdZ9 + EMMhxHBeihh7FYsniLFvuVrd4LdGDP8dMd4AMbz/CzH8SnUHYjztRPBNnQjubRpor7LOLEHI6JYI + tWhqok4lWh/YxO6dit2Xi90kuKkj5VQdqTXmXGdXOtanRDAKJpbm87kgmvhhK/MhB1LPJ0r2JJTE + /C8Qf9RVupbn7bHwWpKPup7THsH6TueMu65P/LUSwgxbxBTt7qWUFNuQXNpgmb7i5+hBpDGBIz10 + a0dY+1zZYK9azAZdLbuSbe5yT3FHtVx55getoN3hQbctpSP8MVfdC3mun3LUujxyr/Bf6FlzsTBE + zrKKW6mdp9YDPGK5NkyUdpFe5DIrFiIlj0FfA7iYpfjZH1i+HS/I/np3+fAtrrenD9/ienv70C0G + 7siiKWxaMKvHkoF5W0P5RMytaN0W2HUH0g/xL3kSxer0DnATUOPSJB69ZMFolck0j3nnZLo3iYHb + dyjYd9P/AAAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMBbF0AnpkNyXDVofhbKNgCam1+SCJ12 + Rm+j4JrlMYDP8qBLwOdM0CXgzbTUvLLMovw8SJMGOoRcCl1fAOES49Ky/BLqzaVBDIMbCrQpI7E4 + LB88zwCbvgMmIYiTq2FMaOlKtgPAazH0YebqKOUmVgSlFpfmgAxG8ix4hqCoxLEE4nHQTCVoFgHk + dbg4qmYjFN1QDWDX1tbWAgAAAP//AwDDwIRaziIAAA== + headers: + Atl-Traceid: + - ede293db88aa7057 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 887f97a1-c798-4826-a333-2d4782c87a40 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '229' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b1d1806f-76a4-41bb-88ae-38cc4756e63a - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1287,98 +1122,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxA0YdJkPBSWhTSo2TfCAMc5YW+YJ0p7k72aYh/727 - J8kmDqaE1HzQ3Un77O6zL7d89mBZcpl6sadBpqAhfSUgT01H8gJMxyQzKHhHlaC5FUqaDqTCFmB5 - J5lxmUGuss4ctMF3kI6h1GBA2vpbr+MJQg7DYHeIGwP5FW5n1pYm9v0UriCxqfqketzm3BjBZU+C - 9RHD+rwUfuQLYyrwW4BruEH5k8nobNIdDvfw5MoZ68WfPYNKK5NwC5nSN7VxKe5QIAqisBsMutFw - EkZxP4qjsLe7u/NLEAUB2Ug67E0JDuaJNpK8HwZBEK28bjYpmESLkhjB0wNmCp7nHZYKY4VMLCsF - JMDUFVsofd0j6UTJdzp/jBUGkkqDPxew4HNuuX5pxD+wX2CQquJZfXSc7odBPxw22wkaur92ueNR - oFHXhJtrilE1tbSKr3huoOO1GF7sQL50PCswMUoMshfLCj3xSq0+oXlPZK+Rdty5aLTc0eZOwNeW - vpPCWgSg/Gqkyak/3LdGXdkF1+SYEUWZC8yQdMMbJNelzGC4HAwfY25Dc6OsYboURCz+7vI8CHZR - czRYRoMnA7sQuix5ZprnA7rCnWW482O6lq2yZvGAtn607Ec/pq1JTtMutmr78oXqe/m+7i4YsfML - jGCWaciwrr9JQ8wplVd1mdUnSWWsKlyLuEQN0e62F8NvMerWUZ9SYbr258XdELfcYlesm87353vd - 0VY9zK/RNCWzWx6qinwKqS99oAMhMy+2ugKkAzHteyx2SunaNgdH8Fokte+fvzkjU1HYzFSVp0fC - lDm/aUoCjxMN6CtV3X198kUQtn1yk7VgG53hthfRumUIpYW9eSKHrbjvmu3j26UoeAbGJwnTggg8 - mIls1jPzbN1j3uBJ24wij1jacKXfupLzKVA7oeTc+Ijq8l4iwm2ZGA6JkRk3o1Ikb4W8dpfxEZR0 - N8ukjZqL5cK9W51IJUd4NfNpDmPgps4E3ay807fvXh+fXL49PhydnI0uR+PxX2P0D0vIICX4wWQG - 7BT7prSM9DJhmJL5DcOaFDmBMqvY70JzdqqhwLpllcGs7bkq3fRiDwGDWxEEAy5jb6NokfRMSJ5j - ODEe6yqjd5tnzWTR0OvyOkfr2l6Akc0krL6uSqraR2RyPSs8Mflq4dV99fX1/n35uM6333hyjaNU - m3IteK3rsBlqfsjgdjKqawaVRO31KmFB1a1ypU9qa6Z5Bd1MY5dYjweKHak62KoocdiTtonCQzH9 - mpyP8u7fAcu0qkqafF4JmWKbMwwzn00BJCsrM4PU5dzx+ICeU2BCzkkBJVLKcGhleDtAGhPYLOqx - 1wT3UT53z+cxO1/BChkzid5bwa3ScdB70evfEoXIYK4Sns+UsfEwGAb+VS1z6Wzzo3DvAqXZ+Rld - Z9hx2Bu16Fp1v/AF89l5aCz7u+LagmYjmWF1FcjVAwInp3+ygwpLl50lXG75sKbs9padAdYEGYLr - w/cj9/hQP9q40Ka5NGk5ERarl0RdHuAKgRg1OHbLzhGjG2HFdnG8i0KnnfIqmUOvEFZDT+nMTzLR - nQpJp5QOPdy/pMX+19IXBNgPgjXK4i4KFienhBU4v1FR+/hpb2aLnOTW4cGNCxCBRfgbQ1blHMlc - 0j8XzqsjkILnlDlnoOcCx+cu++lkhdBhz3L76z7C7PSCn7cwivAHeDvOoUNkuTGR3cfMDvr2or/3 - RGYaacfM4PHMDP6Tmf+PlX8BAAD//+xZ60/bMBD/V6xJSFAtaZM+UiohxgSTkAZCezCJfamJ3SZT - m0R5tF/44/c723kQKGwVMCahVm1i3znne/zOd/kTrSCqPqY88oPuNz6fdNg5HE2PFuFCnB43h+CH - 2BmFctAYLj+BY1fhru779nOauYznrjt2xoiizrECTGDZr5hRKoGIjzOyXfrdA3sZfmAjP6Ht/jjB - zU/8Wdu4Pq1wqVd4ykisFX5ZLCIU75TBK4RooiF0qpyq5oCOKtTuAF1LSaIYcG5w0A7jLherMAPy - S0qGHgB9RqqFw5RZmyw3rZ80ZThfsFUtD1A9NVaXtdVFZfXMWJ3nOdJj9p6tg9APGI618znQtcBm - WMLxrGjOOEMx4IMRZxY/5TOSY3rk+zLJrc88mhcA4ikLJBfgXHEkOFvvljUUdBaLYiGb2rk9X5Yi - k6bngeRCneFFOY/peTnt3F4BlAHYMVjqfWK2Tixcyasub4lAPkY/5GG4pW1lWCUprhehr0x2Fqq8 - aCz2XR2ESL/GFFoUBmsvMJGqrXdOlwn3c6I/j1mobhjqtVUopFAEX3OZZNpKGBeFLzWxCfQvCCUc - GCHL33iJYkxiyo/k9btcLMNoj+3u3Sxx0szjSeW790LF88OEty1MeAomvEdhYps8cAcmniYt1UH/ - QjAxeoOJF4CJwX8OEyPD+AhM3O1JOJt6Es5g08SwWX/mKTxINVyoYdIi7VWk7Ymqzi93tIlwU93f - qzpQyokDKhnu6Xe1y6v2KvuVHMVyyalgfPdgDUQKpO5PnG5ZWlIP4BDuSD2rU3EwnPFBXzjX40Fv - eA2BPG/fcd0RVbIVEZ7wAJkk6x4JQa4OyloGy3QSP8RrniUEcrTog+1c3YK0UccqMhuFa1dfdoeO - 6wyk05N9V+yP/L4/9Bx/PBSix0czR44PxYFaZad/tON+wlfzWUsemYLOsvRQZheZtYZGLNcm77d1 - tJHKrITzjDQGfoXofJHh8vjCGtlJRPK3+8SvX+J2t/n1S9zuWL92iYE7QrdoTTOmeRS5MK9aKJ6o - StONYY1dVwBckJ8UaZzI7hVwyKcWpgk8ekOC2SqS6TnmXY/p46QGbt+g4OWN/i+h4DcAAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF6C0JYDtKqboWpAfW/gC6PR2SFatBs65QtgHQwvySxBwgC4spuCaC - DOATQegS8GkVdAl4+y01ryyzKD8P0kKCjjKXQmf6IVxiXFqWX0K1GTyIWXAzgRZlJBaH5YNnIuCT - bPm5EBdXw5jQUpds+8FrIvRh5uoo5SZWBKUWl+aADEbyK3gOoajEsQTib9BUJmieAeRzuDiqZiMU - 3VANYNfW1tYCAAAA//8DALvIz18wIgAA - headers: - ATL-TraceId: - - d7e8b35e3929fc8b - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0iY1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5xQp6LZzw5J9J7SFOVmo401fdLhI2CVnIpxUB57k1CBPs0ch+AzTAAIBgzlbnvzsrt/bn+322Xs + 8oTk6woVUMChQNpMLhxH41N7nEw+cOvCorPULYPT3wqSWaBQX8I7lVaQAqUlNCURLTQShKQ1BoCr + TEL2o5lzbzuM/9jrFkCSRrIaV4z/sP344G3IIK+IsMxay0RDKQfWAFS1opz0CjTvhagMMP63ILm1 + 4XGYFVrfsWpx6Sn0ao1PyF0mZPzbfofO5y8AAAD//wMAZ+ENg1oBAAA= + headers: + Atl-Traceid: + - 7b04ccb060019d07 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 90760095-0b3c-4276-be0b-16af81a755cf X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e58c4abe-63a9-455c-8ce4-f644e94912d4 - x-envoy-upstream-service-time: - - '170' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1388,275 +1192,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA1SPT0vEMBDFv8tcbbuTtNssuYkeVGQV2j2JSJJOsZImpU2FZdnvboKLf2AOjze/ - N485gVYLHWYLEt5DmBa52XTUkwmd//CFClYty6Bc4ShABp80L4N3EWaIrMAC82Z//dzcPbW/2/06 - 6qhAviQowwxfM+hosv44kgvtcaJ44Mb6tYshvQ62+46ATIGtuJi3KiSQI2c5VjkXLaskMllWBSJe - IUeM+YXm2NsO4z921zIuyzQF4/UPa8Z71/sICr4T9bbXypRUKqrR9LWodaeVwN4gqqoSQlP5pyDY - 1PAwzArSO71abXj0RiX7BPaigNzboYHz+QsAAP//AwAHnACkWgEAAA== - headers: - ATL-TraceId: - - 7a46d685566b022b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dNpU4iVFltnJdFxbSdy6ris7yYPj8cDkikRMAgwA6mic/95d + HlJ8KBO709gPJAHs/e2H1ScHliWXiRM5GmQCGpKXAvLE9CQvwPRMnEHBe6oEza1Q0vQgEbYAy3tx + xmUKuUp7c9AG9yCZQqnBgLTt2bgyVhUzUngZ+H7guxo+VmDs2aqEE81jK2Jweo4g+0GwsxPih4F8 + hp+ZtaWJPC+BGcQ2UR+Uy23OjRFcuhKsh5asx0vhhZ4wpgKvU3ANK5Q/PpucnvWD4WCIS7ULxok+ + OQZ9q0zMLaRKr5oYEvxCidAPw74/7ge7Z74fBeMo3HF3R+Of/dD3yUkyYtHxWs0TnSR5D1Phk6NN + 2O1HAibWoqTE4eoeMwXP8x5LhLFCxpaVAmJgasYWSl+7JB0r+Ubnj/SikoLKxfNLPueWa28uYOHV + bm0cbLcCfxCMfzXiH3hRYNmrAq0SLNDkGTfXVKvqytJbNOO5gZ7TCB5iXLVsz8kEAkfH2eoI5oC+ + +p97jhWIrBJR4kSywhidOzAZ+Ns2gm6j1OoDhvrESrTSdR3qynZ1oI8v0LMJ940U1qIC46xtE4T/ + qM8aNbMLrgnIRhRlLtDh5E5KsFA1/Ibj5XD8SHe/UrIuknXBhv4OuhEOl+Hw/7XSwKIGKRoMRstg + 9D0MLjuLg3A5CL+HxRb5nz/fh2PYwXEmlm8bDsQin19g0dNUQ4q0cg/r6I7Kq6bLHwR5uLNtY7xt + Y/e+8obSmlUijJq9nagftDxGWdEibvz4dG+NsIoBm0xVeXIgTJnzVYtoXF5wi9dCQ6eP776GrDf0 + 7DXqNPVW/bqvKspX7eo7WhAydSKrK7KNSu1bLBt1WJsNDRgstfBDBP587HcEfjdt22gmXNPM3Y11 + wUstlBZ29cQUdOJefQt8O4+LgqdgPJIwnRKBC5lIM9fM0w1hvcaVjtlC5z52w0EXSs6vgLiJYHv3 + vh5tSUSwDaPBmDKScTMpRXwk5PVL2jmAkmYLGXcYqpG1qPfWK1LJCY4W/CqHKXDT4FK3b87J0ZtX + h8eXR4f7k+PTyeVkOv1rivFhcxlMCR44y4CdIAlLy8guE4Ypma8YNrTISSmziv0uNGcnGgrsaFYZ + xJz7UGMH2FCOfyN8f5wNIqe5sbB6mP5NV91qcSxEKiTP7x5qJ6M2vTXyc/SuYwmsbCphfboqqW2/ + AcnNEPNE8DXC68vv9tzxODxu8PYbj69xFOwg1ylvbO2309Z/crgb2ZqeQSNhd1dLWFB3q1zp48ab + q7yCfqqRszYDi2IHqim2KkocVqVtq/C1+t1Oznv55f8eS7WqShrJXgqZIEkZhshnVwCSlZXJIKkx + dzjdo+cVMCHnZIBAkzAcuhneG5BEpCwLXfaK1L2Xz+rns4idr9UKGTGJ0VvBrdKR7z53BzeUQsxg + rmKeZ8rYaOyPfW/WyFzWvnnBBcqy81OIK+Ib9lot+lY9LHrBPHYeGMv+rri2oNlEpthbBWbqKwLH + J3+yvQobl53GXG452CTs5oad4hRYO4Lv+28n9eNd8+iqQh/tZUqvZ8Ji75JojQJ8Q0WM6I3dsHPU + 0Q+xX/s4boZBbZ1QJeeJK3FwdlM19+ZVLhFnFnnAu33+glQMfH8tFy/ALYTV4CqdetiMnAAqcPij + JvbwqJvZIie5TTnwoy4IKQvxbwpplXNM35J+DNVxHIAUPCeknIKe428e1mc/Hq819NgPuf3lBaoZ + uf5PW3KI6vfwbp5Dj9JTz5jsoVyMMLbng91vzsXoXwAAAP//7FlbT9swFP4r1iSmEpEQp+mFTogh + dUhIY6qGtgf2Ujd220xNE+UCL/z4fcdx0gu03YpAnYRAbRP7xMfn8h1/J+V8bQv/723h77TF29oB + eVMFV8/SNqF7zOoXivWRcLh5q5LcYbxzwghe2Wo2V39T7tTprK+bzmu6tcrXU8/nSBOrr/EQUPU7 + ZlQpoPZOOdbAx/FzBti+fWYh9zDwC1/2XmmANRFF+hEvS8RVH1i3cZHCmlfhTAEHVWnxj5P8kwgC + 7EL/XATdkmB/gdcWcLVWIwaQGwx0wvhUyPswA+YrKoMdQPmYrI5Aquo1+XS4WGHIcLJgpD/YrDlL + pCYejHYUD7KOh8zEg8hzFMbshD1Mw2DKcLyeTICsBaCOJQJrzSdMMBCEAII4rQSpGJMew0u9Ufur + mE8KgPCQTZWQkLwXKG1OuVv2c6HQTSyLmVquEqvjFT3pLcckpgz02VtW4xieVMN89QmYOYU4biLK + dZL3djuG0L1HHxRfuKRtZXhKUoxmYWCcdhPqmmh89kMfgsjCxhmlMgzgMsNAajYPuesoEUFOMt9i + FuoLBh53H0olV8LpO5IKJ0Ms/S9BYUSTmIohxXhDyCicH7PG8WOEGM7jXh23z6LGqyMGFdZ9EMMl + xHBfihh7FYsniLFvuVp28FsjRvsdMd4AMfz/CzHategOxHjaieCbOhHcrwaIpOQpIkP3Qqg3sz61 + teEZ7saBmt1Xe9o0cRPbdzd1pNy6I7XCktfZlY71KRGMkollRRQJookftjIfMiD1fOJ0T0JJzP8C + 8Ud9pmt53hoLvyn5qOu7rRG073TOuOe1ib/Wk7DClmmKvHspJcU2Zi50sE1f8XP8ILKEwJEeurUj + rJ2hHLBXPc0BXa26ki3ucV9xVzU9edYOmkGrw4NuS0pXtMdcdS/kuX7KUfPyyLvCfylnR2JuiJxt + l7cyp8jsB1jE9hyoKJ0yvchkdiJERhaDvAZwMcvwsz+w204yJ/3Xu8uHr/F6e/rwNV5vbx+6xgAk + WbaJTQtm+VgyMG9rKJ+IuZXN3BLU7kD6Mf1LkcaJOr0DDgXUuDSJRy9ZMFpnMq1j3jmZ7k1q4PYd + CvZ1+h8AAAD//yI/0keLAnq4mKZFAQAAAP//ooGL6VgUwFsXQCemQ3JcNWh+Fso2AJqbX5IInXZG + b6PgmuUxgM/yoEvA50zQJeDNtNS8ssyi/DxIkwY6hFwKXV8A4RLj0rL8EurNrkEMgxsKtCkjsTgs + HzzPAJvQAyYhiJOrYUxo6Uq2A8BrMfRh5uoo5SZWBKUWl+aADEbyLHiGoKjEsQTicdBMJWgWAeR1 + uDiqZiMU3VANYNfW1tYCAAAA//8DAFGU3AbOIgAA + headers: + Atl-Traceid: + - b7a8aea4b7fd75aa + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e089779d-fbe3-4a24-b977-c791b67404b3 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a241be9cbb0d2fa9 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 3f790a75-67c9-4930-9961-a9e49706ddb5 - x-envoy-upstream-service-time: - - '73' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxAaMOk6HgJLQppcZJPhCGOUuLfEG609ydbNOQ/97d - k2QDwZSQmg/3otu3Z5/dO754sCy5TL3Y0yBT0JC+FpCnpiN5AaZjkhkUvKNK0NwKJU0HUmELsLyT - zLjMIFdZZw7a4DdIx1BqMCBtfdbreII0h2GwM8SFgfwSlzNrSxP7fgqXkNhUfVY9bnNujOCyJ8H6 - qMP6vBR+5AtjKvBbBVdwjfLHk9HppDsc7uLOpXPWi794Bo1WJuEWMqWva+dSXKFAFERhNxh0o+Ek - jOJ+FEdhb2dn+5cgCgLykWzY6xKcmmf6SPJ+GARBtIq6WaRgEi1KQgR395kpeJ53WCqMFTKxrBSQ - AFOXbKH0VY+kEyXf6/wpXhhIKg3+XMCCz7nl+pUR/8BegUmqihf11lG6Fwb9cNgsJ+jo3jrkjkeJ - RlsTbq4oR9XU0iy+5LmBjtfq8GKn5GvHswKJUWKSvVhWGIlXavUZ3Xsmeo20w85lo8WOFrcSvvb0 - vRTWogLiVyNNQf3hzhp1aRdcU2BGFGUukCHpvWgQXEeZwXA5GD7F3QbmxliDdCkIWPzdxnkQ7KDl - aLCMBs9W7FLoWPLCNOMjtsLtZbj9Y7aWrbFm8oi1frTsRz9mrSGnaScbrX39SvW9/FB3F8zY2Tlm - MMs0ZFjX39AQOaXyqi6zeiepjFWFaxEXaCHa2fRh+K2OunXUu1SYrv15cTfseBim/YAVR7yqD7hy - Ik5rkdQOfPlmjxiHAZmZqvL0UJgy59cNL3F7wS122rqRfX8N1V1y1Rf9WpumAnHTA1URTiF5+pE2 - hMy82OqKTCcaMFaquof65FYQtn3yPmrBJjjDTR+idcsQSgt7/cx4W3HfNdunt0tR8AyMTxKmVSJw - YyayWc/Ms3WPeYs7bTOKPELpXij9NpScT4HaCZHz3iGqyweBCDcxMRwSIjNuRqVI3gl55S7jQyjp - bpZJSxhHo4X7ttqRSo7waubTHMbATU1C3cy8k3fv3xwdX7w7Ohgdn44uRuPxX2OMD0vIICR4YDID - doJ9U1pGdpkwTMn8mmFNipyUMqvY70JzdqKhwLpllUGG9VyV3o9iFxUGNyIIBlzGXn1lYPYQ/nVR - 3SlkTEQmJM/vH2peFg28juY5etf2AsxsJmF1uiqpap/A5Pqt8Ezy1cKr++ru9f59fFzz7TeeXOFT - qqVcq7y2ddA8an7I4fZlVNcMGona61XCgqpb5Uof195M8wq6mcYGtX4eKHao6mSrosTHnrRNFh7L - 311wPsnbf/ss06oq6eXzWsgUW5JhyHw2BZCsrMwMUse5o/E+jVNgQs7JAJEmZfhoZXg7QBqTslnU - Y29I3Sf50o0vY3a2UitkzCRGbwW3SsdBb6vXvyEIEcFcJTyfKWPjYTAM/Mta5sL55kfh7jlKs7NT - us6w47C3atG16mHhc+azs9BY9nfFtQXNRjLD6ioQq0cEjk/+ZPsVli47TbjccLCG7OaGnQLWBDmC - 84MPIzd8rIc2L7RoLk2aToTF6iVRxwOcoSJGDY7dsDPU0Y2wYrv4vItCZ514lcyhVwiroad05ieZ - 6E6FpF2iQw/Xr2iyd1f6nBT2g2CtZXFbCxYnJ8IKfL9RUft4tDezRU5y6/TgwiWIlEX4G0NW5RzB - XNI/Fy6qQ5CC58ScU9Bzgc/nLvvpeKWhw17k9tc9VLPdC37egCiq38eLeQ4dAss9E9lDyGxjbFv9 - 3Wci00g7ZAZPR2bwn8j8f6j8CwAA///sWetP2zAQ/1esSZOgWtImfaRUQowJJiENhPZgEvtSY7tN - pjaJ8ihf9sfvd7bzoFDYKmBMQq3axL5zzvf4ne/yJ1pBVH3IeCzC7lc+n3TYGRzNjJbRQp4ctYfg - h9gZhXLYGq4+oefW4a7v++5TmrmK564/9saIos6RBkxg2c+EUSqBiA8zsh363QV7FX5gIz+h7X4/ - xs0P/DnbuD6tcGFWeMxIbBR+US5iFO+UwWuEaKMhdKqdquGAjmrU7gBdK0niBHBucdCNki6XqygH - 8itKhgEAfUaqhcNUWZssN22eNGU4X7BVIw9QPbNWV43VZW313FqdFwXSY/6OXYeRCBlO1PM50LXE - ZljK8ax4zjhDMSDAiDOLyPiM5JgeCqHSwvnE43kJIJ6yUHEJzhVHgnPNbllLQaeJLBeqrZ2b81Up - Mml7HkjO9XlbVvOYnlfT3s0VQBmCHYOV3id268TCtbz68oYI5GP0Qx6GW9pWjlXS8moRCW2y00jn - RWuxb/ogRPq1pjCiMFh7gYlMb71zsky5KIj+LGGRvmGo11aRVFITfClUmhsrYVyWQhliG+ifEUo4 - MEKWv/ESzZgmlB/J63e4XEbxLtvZ/bXESbNIJrXv3gkVTw8TwbYwEWiYCB6EiW3ywC2YeJy01AT9 - M8HE6BUmngEmBv85TIws4wMwcbsn4W3qSXiDaoLKlSKDo+geCLVk1kmHG9bobZyo6/xqR5sIN9X9 - vboDpZ04pJLhjn7Xenm1vspeLUe5XHIqGN/cWwORAqn7k2RblpbUAziAO1J/6UTuD2d80Jfe1XjQ - G15BoCDY83x/RJVsTYQn3EOmyLqHUpKrg7KRwbGdxPfJNc9TAjla9N52rmlBuqhjNZmLwrVrLrtD - z/cGyuupvi/3RqIvhoEnxkMpe3w089T4QO7rVd72D9/6H/E1fM6Sx7agcxwzlLtl7lxDI47vkve7 - JtpIZU7KeU4aA79GdL7IcXl07ozcNCb51/vEL1/i9W7zy5d4vWP90iUGIEnTHbbNmPZR5Ny+aqF4 - oirNNHENqF0CcEF+XGZJqrqXwCFBLUwbePSGBLN1JNNz7Lse28fJLNy+QsHzG/1fQsFvAAAA//8i - 18WjRQGtXUyHogAAAAD//4IVBfBmBtCJ6ZAcVw2aXIWyDYDm5pck5gBZmA0mA2CjS6m6VglTAtdE - kAF8IghdAj6tgi4Bb7+l5pVlFuXnQVpI0FHmUuhMP4RLjBfK8kuoNtsGMQtuJtCijMTisHzwTARs - fg+YtCAuroYxoaUu2faD10Tow8zVUcpNrAhKLS7NARmM5FfwHEJRiWMJxN+gqUzQPAPI53BxVM1G - KLqhGsCura2tBQAAAP//AwDwwBl1MCIAAA== - headers: - ATL-TraceId: - - 93ae857165e08ece - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + X-Arequestid: + - 6821d73b-5df3-4734-b72e-268212bffefa X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '284' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - da554257-9bdf-4392-84bb-400913be45f6 - x-envoy-upstream-service-time: - - '136' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1666,110 +1299,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 5d11d4748ea71f32 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - cb4a3ca20708f382 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - edfbd5ff-9ea9-4fc5-9963-83efc8a3c9f2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '191' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d992bbab-4ad5-4f7e-af68-73026e34a5b1 - x-envoy-upstream-service-time: - - '100' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: negotiator:0.5.3|http://localhost:8080/finding_group/219] in [Security How-to|http://localhost:8080] + in: negotiator:0.5.3|http://localhost:8080/finding_group/1] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2818]\n*Defect Dojo - link:* http://localhost:8080/finding/2818 (2818)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] + | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Inactive, Verified, Mitigated |\n| High + | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] + | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Active, Verified |\n\n*Severity:* High\n\n + *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2817]\n*Defect - Dojo link:* http://localhost:8080/finding/2817 (2817)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings in: negotiator:0.5.3"}, "update": {}}' headers: @@ -1782,51 +1422,57 @@ interactions: Connection: - keep-alive Content-Length: - - '3284' + - '3274' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: '' headers: - ATL-TraceId: - - 49fb64c0052ea79d - Connection: - - keep-alive + Atl-Traceid: + - c9f4e7f2240efbd3 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:33 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ac8dee4e-9559-40df-8c6a-93cb4db8d3c4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '394' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f9e3ceda-a6e8-4e43-a23a-6e5e2dc1a078 - x-envoy-upstream-service-time: - - '316' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1836,98 +1482,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6RXW1PbRhT+Kzt6yLSprJsNGHWYDAUnoU0oNU7yQBhmLR3LG+Rdze7KNg38956j - iw0EUwLmQXs7t+985+zy3YFlwWXqxI4GmYKG9K2APDWu5DMwrkmmMOOuKkBzK5Q0LqTCzsByN5ly - mUGuMncO2uAepEMoNBiQtj7ruI4gzWEY7PRxYiCf4HRqbWFi309hAolN1TflcZtzYwSXngTrow7r - 80L4kS+MKcFvFVzCFcofjwano06/v4srk8pZJ/7uGDRamoRbyJS+qp1LcYYCURCFnaDXifqjMIq7 - URyF3s7O9m9BFATkI9mwVwVUap7pI8n7YRAE0SrqZpKCSbQoCBFc3WdmxvPcZakwVsjEskJAAkxN - 2ELpS4+kEyU/6fwpXhhISg3+XMCCz7nl+o0R/8LeDJNUzl7VS0fpXhh0w34zHaGje+uQXYcSjbZG - 3FxSjsqxpVE84bkB12l1OHGl5MZ1rEBiFJhkJ5YlRuIUWn1D956JXiNdYVdlo8WOJrcSvvb0kxTW - ogLiVyNNQf1VnTVqYhdcU2BGzIpcIEPSe9EguBVlev1lr/8UdxuYG2MN0oUgYPF3G+desIOWo94y - 6j1bcZXCiiWvTPN9xFa4vQy3X2Zr2RprBo9Y60bLbvQyaw05TTvYaO3mhup7+bnuLpixs3PMYJZp - yLCuf6AhckrlZV1m9UpSGqtmVYu4QAvRzqaN/o866tZRr1JhVu3PiTuh62CY9jNWHPGqOcAt9sm6 - Df18BdQ9btXV/FqbJnpXwwNVUpQhdaovtCBk5sRWl3DTNC9SpkVSx/79hzVyDI+aqSrz9FCYIudX - TUngcqIBY6Wqe6hPbgVh2yfvoxZsgjPctBFt2uiue4lQWtirZ0LZivtVF356HxUznoHxScK0SgQu - TEU29cw8Wzef97jSdqnIuSE2jIHaCZHzXlhUlw/GG25iYtinwKfcDAqRfBDysrqMD6Ggu1kmbdaq - XC6qvdWKVHKAVzMf5zAEbmom6GbknHz49O7o+OLD0cHg+HRwMRgO/x5iGFhCBiPHA6MpsBPsm9Iy - ssuEYUrmVwxrUuSklFnF/hSasxMNM6xbVhrkqFdV6f0odlFhcC2CoMdl7NRXBiYJUV4X1Z1CRrwz - IXl+/1DzsmjgrXido3dtL8AEZhJWp8uCqvZBJncjr98PWibXb4VncqwWXt1Xd6/3n6PdmlZ/8OQS - n1Its1rlta2D5lHzIofbl1FdGmgkaq9XCQuqbpUrfVx7M85L6GQau8T6eaDYoaqTrWYFPvakbbLw - WP7ugvNV3v7bZ5lWZUEvn7dCptjUDEPmszGAZEVpppBWnDsa7tN3DEzIORkg0qQMH60MbwdIY1I2 - jTz2jtR9la+r7+uYna3UChkzidFbwa3SceBted1rghARzFXC86kyNu4H/cCf1DIXlW9+FO6eozQ7 - O6XrDBsLe68WHaseFj5nPjsLjWX/lFxb0GwgM6yuGWL1iMDxyUe2X2LpstOEyw0Ha8iur9kpYE2Q - Izg++DyoPl/qT5sXmjSXJg1HwmL1kmjFAxyhIkZ9jF2zM9TRibBiO/i8i8LKOvEqmYM3E1aDp3Tm - J5nojIWkVaKDh/M3NNi7K31OCrtBsNayuK0Fi5MTYQW+36iofTzqTe0sJ7l1enBSJYiURfgbQlbm - HMFc0j8XVVSHIAXPiTmnoOcCn88d9svxSoPLXuX29z1Us+0Fv25AFNUfSY734xxcgqt6KLrso2gJ - 9hBM2xjoVnf3mTA10hVMvafD1PtfmF4E0X8AAAD//+xZbWvbMBD+K2JQSMPsxM6L00DpMtpBYSth - Lx10X6JaSuyR2MaOky/78XtOkl+SNikLbeigJCS2dCef7uU53XmvikZbCiKtIMQ+pjzyg9Z3Phs2 - 2Q28To/m4VxcX9aH4JTYGcV1UBsuPoFjl7Gv7jv2S9q8CO6WO3AGCKnmpUJPANvvmFFegYhPM7IG - /Z6CvYhFsJGf0HZ/XuHmF/6sQ+KAVrjVKzxnWFYKv83nESp5SuclXNShETpVTlVxQEclhDcBtYUk - UQxsN6Boh3GLi1WYIQ1Iyowe0H1KqoXDFCmcLDepnjRhOGywVSUPID41VpeV1UVp9cxYnS+XyJXZ - e7YOQj9gOOPOZoDaHJthCcezohnjDJWBD0YcYPyUT0mOycj3ZbK0PvNolgOVJyyQXIBzxZHtbL1b - VlPQl1jkc1nXzuZ8UZcM654HkrE6votiHtOzYtrZXAGUAdgxWOh9aLZOLFzJqy43RCAfox/yMNzS - tjKskuT389BXJjMYZiz2Q52KSL/GFFoUBmvPMZGqrTevFwnAkOhvYhaqG4bibRUKKRTBt6VMMm0l - jIvcl5rYBPpXhBJOj5DlX7xEMSYxJUvy+gYXizA6ZY3TPwscO5fxsPTdR6Hi5WHCOxQmPAUT3pMw - cUgeeAATz5OWqqA/Ekz032DiCDDR/c9hom8Yn4CJhw0KZ1eDwukWE1S7LFM4imqpUJNkm7S3Y432 - zoldRX+7LPqLre4iLNtRGzXydm2lPDyg4uLR5kP7rHxcvlhwqh7f7S2ISIHUCorTA+tMaghcwB2p - XXUtzntT3u0I537QbffuIZDnnTmu26eytiTCE/aQSbLuSAhydVBWMlimrfghXvMsIZCjRff2dnU/ - 0kZRq8hsVLEtfdnqOa7TlU5bdlxx1vc7fs9z/EFPiDbvTx05uBDnapWTzujE/YSv5rMWPDLVnWXp - oczOM2sNjViuTd5v62gjlVkJ5xlpDPwK0fk8w+Xl2OrbSUTybzeNX7/E263n1y/xdvv6tUsMQBK6 - X2s6M/WjyNi8d6F4oipN94Q1qN0BcEF+ladxIlt3gBuf2pYm8Oh1CWbLSKbnmBc/pqmTGrh9g4Lj - G/3IUPAXAAD//6KKi0eLAlq7mDZFAQAAAP//wloUoLckgO0opepakB5YewTo9nRIVqwGTcFC2QZA - C/NLEnOALCym4JoVMsA1K2QAnxVCl4C331LzyjKL8vMgjSDokHMpdNofwiXGpWX5JVSbvIOYBTcT - aFFGYnFYPnhaAj7jlp8LcXE1jAktdcm2H7xAQh9mro5SbmJFUGpxaQ7IYCS/gicUikocSyD+Bs1r - giYdQD6Hi6NqNkLRDdUAdm1tbS0AAAD//wMAATh5FD0iAAA= - headers: - ATL-TraceId: - - eac970e7d62eae48 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJuNMepkOhSchJZQapzkgTDMIh1LW1a76u7Klwb+e8/q + YoeLmUKngQdpL+f+nU/HXxxYllSkTuwoECkoSN8w4Kl2BS1AuzrJoaCuLEFRw6TQLqTMFGCom+RU + ZMBl5s5BaTyDdAKlAg3CtHeTShtZzKzCyzAIwsBT8FcF2kxXJZwqmhiWgOM6zNoPw93dCBca+AyX + uTGljn0/hRkkJpV/So8aTrVmVHgCjI+WjE9L5kc+07oCv1NwDSuUP5mOz6a9cNAf4FbtgnbiL45G + 3yqdUAOZVKsmhhRXKBEFUdQLRr1wbxoEcTiKo11vbzj6MYiCwDppjRh0vFbzQietvI+pCKyjTdjt + IgWdKFbaxOHuPtEF5dwlKdOGicSQkkECRM7IQqprz0onUnxQ/JleVILZclF+SefUUOXPGSz82q2N + g+1RGPTD0c+a/Q2vCyx7VaBVCws0OaX62taqujL2LZ5RrsF1GsEjjKuWdZ2cIXBUkq+OYQ7oa3Dr + OoYhskpEiROLCmN07sGkH3QHpZJ/YkQvTHgrXae7LmCXbrv4CiSbqD4IZgwq0M7atkXqb/VdLWdm + QZXFq2ZFyRk6nN6LHOtRo2wwWg5Gz3T3icp0kazrMgh20Y1osIwG/6+Vpvo1FtFgOFyGw29hcNlZ + 7EfLfvQtLLYAv719CMdwG06j7mDGlh8bDsTqn18gGrJMQYa08gDr6KfkVdPlj2qNdrcdjLYd7D1U + 3lBas2sJo2ZvJ+6FuKQGSb0hw+c3VUO1G3L1G3XKtkz9eiArG21oCfOT3WAic2KjKrhtOdRqUyxp + cvDlwZ71DK/qXFY8PWS65HTVthluo1vmI9bTtl6bDQUYrO3txwh8ZxR0BH4/bWuauX+wreDRuuCl + YlIxs3phEjtxv/4K/HseZwXNQPtWQndKGG7kLMs9Pc82TPYOdzrKi5yHoI76XSicXoElLQvb+9/r + 4ZZEhNswGo5sRnKqxyVLjpm4fmNPDqG0s4VIujrW1V3UZ+sdIcUYRwt6xWECVDfYUO2bc3r84e3R + yeXx0cH45Gx8OZ5Mfp9gfNhcGlOCF6Y5kFNkZ2GItUuYJlLwFcFOZ9wqJUaSX5mi5FRBga1OKo2o + 9R7r+BAbygluWBCM8n7sNF8srB6mf9NVd1ocC5ExQfn9S+1k1Ka3RjpH7zqWwMpmAta3q9K27aNI + 7g+9neGgQ3IzxLwQfI3w+qt4d+54Hh43ePuFJtc4CnaQ65Q3tg7aaes/OdyNbE3PoJGo+4gLWNju + llyqk8abK15BL1PIG5uBRZJD2RRbFiUOq8K0VXiqfneT81l8/b9PMiWr0o5kb5hIkeY0QeSTKwBB + ykrnkNaYO5rs2+cVECbm1oAFTUpw6Cb43YA0tsryyCNvrbrP4lX9fBWT87VaJmIiMHrDqJEqDrwd + r39jU4gZ5DKhPJfaxKNgFPizRuay9s0PL1CWnJ9BUlm+Ie/komfk46IXxCfnoTbkj4oqA4qMRYa9 + VWCmnhA4OX1P9itsXHKWULHlYpOwmxtyhlNg7Qi+H3wc149PzaOril20H1P7OmUGe9eK1ijAN1RE + LL2RG3KOOnoR9msPx80orK1bVIl56gkcnL1Mzv15xQXizCAP+HfvX1gV/SBYyyUL8ApmFHhSZT42 + I7UAZTgV2ib28aqXm4JbuU05cFEXxCqL8G8CWcUppm9pfwzVcRyCYJRbpJyBmuNvHtIj35+sNbjk + O25+eo1qhl7ww5YcovojYX8xzcG1CarHT5e8Zx2gHkvMEAPd6e89mZh/AAAA///sWW1v2jAQ/ivW + pE4tatI4hJcyVR0Sq1Rpm6pV24fuC25sQiYgUULol/74Pec4IaQFVioqJlWtgMR38fl895zvSdUx + Rl47xvt3x3hbHbM/p/RrLiE/IImKSOs1tE/oHmsMMsUGcBZu3qp4bjPeOWWEtWw1tYu/MbfL3NbX + TXufe1wk75nrceRMY6DBEbj1J2JUNmD2Vj12jI+T5xywefmsgUTEwG98WTvlBOZEFOlHvC4rV/eg + cRtlCbx5FU4UQFHlHv8YzD8J38cq9M9l0FUUB0vwbgBkSzMioLoBRDuMzoRchCkKgKKa2AGuj8jr + CKSieNOeDpczDBmOGYzsR2trDhaJiQdjHcWDLOMhNfEg5nNUyfSUPYxDf8xw3g0CwGwG3GOxwFyz + gAmGbsGHIo4ufiJGZMewrxdqfRWzIAMiD9lYCQnNhUCds/PVsl9Lg75FMpuoaslYHS96lV41JiFy + o4/yshjHcFAM89UnQHIMddxElOsk723fGIL6Hn1QfOGSlpXiKXF2Pwl9s2kGz8ye/dQnIvKw2Yzc + GAZwmWAgMYuH3vU0BjiSzveIhfqCodtbhFLJlXD6gaTCMRFTvyQojGocUWWkGD8WchrOTtjxyeMU + MTyPemXcPosae0cMqrK7IIZDiOG8FjF2KhZPEGPXclXd4LdGjPY7YrwBYnj/F2K0S9UtiPGUluDr + aAnurRtoFQPUyswThIzmXIhFqYk6pWh9YF2r75StfrHYdYIlPaWjdkx9wzNkWL3Dqj+l5LLSbDoV + 1DN+2NgGkQOJAIqSHbtLogEuEX9EW13Li9ZIeE3J77ue07qHQZ3OOXfdNjWzpRBm2CCmaHf7UlJs + Q3Jpg2XYx8/Rg0hjAkd66EbeWPtc2WhltZiN3rXgLlvc5Z7ijmq68rztN/1Wh/vdlpSOaI+46l7K + C/2Uo2b/yL3Cf65nTcXMdHWWld9K7Sy1HuARy7VhorTz9CKXWbEQKXkM+hrAxSTFz8GN1bbjGdlf + 56AP3+I6iX34FtdJ8EO3GLgjc97W8DHVY8mNeadD+USdW84N59h1F81I/EuWRLE6uwPc+MRimsSj + VzEYLTOZ5jEvoAyVkxi4fYeCF2z6XwAAAP//olKkjxYF9HAxtYsCAAAAAP//orWL6VgUwJsZQCem + Q3JcNWgWF8o2AJqbX5IInYNGb3bgmvIxgE/5oEvAJ1DQJeDNtNS8ssyi/DxIQwg6nlwKXWwA4RLl + 0vxciAnVMCa0sCOjgENaJ6EPM1dHKTexIii1uDQHZDCS3eDR+6ISxxKIO8ryS6g3aQgxDG4o0K6M + xOKwfPDkB2ymDzRtCZpSAFkJdwiqa41QnAvVAA6e2tpaAAAAAP//AwDQ03962yIAAA== + headers: + Atl-Traceid: + - 25e7405dded7d795 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4fc454a4-3d3d-422a-b1dc-651198e60ea9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '275' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - af163e01-5881-43d8-9dbe-b718a53d5d52 - x-envoy-upstream-service-time: - - '148' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1937,174 +1589,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPzWrDMBCE30XX2s5KdqxUt9Ie2lLSQpxTCWUlr6mLLBlbLoSQd69EQ39gD8Ps - NzvsiWmcaT9Zpth7COOsVquWOjKh9R++wGBxnnt0haPAMvZJ09x7F2EOwAsoIN9tb15298/N73a7 - DDoqpl4TlEEGh4y1NFp/HMiF5jhSPHBr/dLGkF56235HmEqBtbyYdxgSKEDwHKpcyIZXCrgqqwIA - rkAAxPxMU+xt+uEfu2m4UGWc66IW8oc1w4PrfASl2Mh63Wk0JZVINZiulrVuNUroDABWlZSayj8F - waaGx35Clt7pcLHhyRtM9onZi2Lk3vY7dj5/AQAA//8DAN03GyBaAQAA - headers: - ATL-TraceId: - - c75a54a954759d93 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CMxN9GDiqzCdk+ySNomWEmT0qTCsux/N8XFj9vwzvPM + y5ygVUHvZwsS3mOcgtxsem10F3v/4YmKVoUwKEecjpDBp57D4F2CKSIlSDDfbW9edvfPze92u4xt + mkC+rlCGGR4y6PVk/XHULjbHSacDt9YvfZLaZbD9twIyCQyrS3in4goyZCxHkVPeoJDIJasIIl4l + EpMf9Jx6m2H8x143iJIKWQgiKvHDduODMz6BdUm5KYwxBReM1VgIxLJSrKadwr7uOC81FvXfgmjX + hsdhVrC+Y9Ri45Pv1BqfwF4m0O5tv4Pz+QsAAP//AwBp1up4WgEAAA== + headers: + Atl-Traceid: + - 99f59597db7ce744 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 66a4d414-7111-48c3-adba-66b6d7ba210b - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 17f03f6698c11052 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e668a02f-0693-47a4-98d4-347594514455 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ca0b2d30-75d6-40bb-bcd5-b2606c0a0c70 - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2114,98 +1659,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6RXW1PbRhT+Kzt6yLSprJsNGHWYDAUnoU0oNU7yQBhmLR3LG+Rdze7KNg38956j - iw0EUwLmQXs7t+985+zy3YFlwWXqxI4GmYKG9K2APDWu5DMwrkmmMOOuKkBzK5Q0LqTCzsByN5ly - mUGuMncO2uAepEMoNBiQtj7ruI4gzWEY7PRxYiCf4HRqbWFi309hAolN1TflcZtzYwSXngTrow7r - 80L4kS+MKcFvFVzCFcofjwano06/v4srk8pZJ/7uGDRamoRbyJS+qp1LcYYCURCFnaDXifqjMIq7 - URyF3s7O9m9BFATkI9mwVwVUap7pI8n7YRAE0SrqZpKCSbQoCBFc3WdmxvPcZakwVsjEskJAAkxN - 2ELpS4+kEyU/6fwpXhhISg3+XMCCz7nl+o0R/8LeDJNUzl7VS0fpXhh0w34zHaGje+uQXYcSjbZG - 3FxSjsqxpVE84bkB12l1OHGl5MZ1rEBiFJhkJ5YlRuIUWn1D956JXiNdYVdlo8WOJrcSvvb0kxTW - ogLiVyNNQf1VnTVqYhdcU2BGzIpcIEPSe9EguBVlev1lr/8UdxuYG2MN0oUgYPF3G+desIOWo94y - 6j1bcZXCiiWvTPN9xFa4vQy3X2Zr2RprBo9Y60bLbvQyaw05TTvYaO3mhup7+bnuLpixs3PMYJZp - yLCuf6AhckrlZV1m9UpSGqtmVYu4QAvRzqaN/o866tZRr1JhVu3PiTuh62CY9jNWHPGqOcAt9sm6 - Df18BdQ9btXV/FqbJnpXwwNVUpQhdaovtCBk5sRWl3DTNC9SpkVSx/79hzVyDI+aqSrz9FCYIudX - TUngcqIBY6Wqe6hPbgVh2yfvoxZsgjPctBFt2uiue4lQWtirZ0LZivtVF356HxUznoHxScK0SgQu - TEU29cw8Wzef97jSdqnIuSE2jIHaCZHzXlhUlw/GG25iYtinwKfcDAqRfBDysrqMD6Ggu1kmbdaq - XC6qvdWKVHKAVzMf5zAEbmom6GbknHz49O7o+OLD0cHg+HRwMRgO/x5iGFhCBiPHA6MpsBPsm9Iy - ssuEYUrmVwxrUuSklFnF/hSasxMNM6xbVhrkqFdV6f0odlFhcC2CoMdl7NRXBiYJUV4X1Z1CRrwz - IXl+/1DzsmjgrXido3dtL8AEZhJWp8uCqvZBJncjr98PWibXb4VncqwWXt1Xd6/3n6PdmlZ/8OQS - n1Its1rlta2D5lHzIofbl1FdGmgkaq9XCQuqbpUrfVx7M85L6GQau8T6eaDYoaqTrWYFPvakbbLw - WP7ugvNV3v7bZ5lWZUEvn7dCptjUDEPmszGAZEVpppBWnDsa7tN3DEzIORkg0qQMH60MbwdIY1I2 - jTz2jtR9la+r7+uYna3UChkzidFbwa3SceBted1rghARzFXC86kyNu4H/cCf1DIXlW9+FO6eozQ7 - O6XrDBsLe68WHaseFj5nPjsLjWX/lFxb0GwgM6yuGWL1iMDxyUe2X2LpstOEyw0Ha8iur9kpYE2Q - Izg++DyoPl/qT5sXmjSXJg1HwmL1kmjFAxyhIkZ9jF2zM9TRibBiO/i8i8LKOvEqmYM3E1aDp3Tm - J5nojIWkVaKDh/M3NNi7K31OCrtBsNayuK0Fi5MTYQW+36iofTzqTe0sJ7l1enBSJYiURfgbQlbm - HMFc0j8XVVSHIAXPiTmnoOcCn88d9svxSoPLXuX29z1Us+0Fv25AFNUfSY734xxcgqt6KLrso2gJ - 9hBM2xjoVnf3mTA10hVMvafD1PtfmF4E0X8AAAD//+xZbWvbMBD+K2JQSMPsxM6L00DpMtpBYSth - Lx10X6JaSuyR2MaOky/78XtOkl+SNikLbeigJCS2dCef7uU53XmvikZbCiKtIMQ+pjzyg9Z3Phs2 - 2Q28To/m4VxcX9aH4JTYGcV1UBsuPoFjl7Gv7jv2S9q8CO6WO3AGCKnmpUJPANvvmFFegYhPM7IG - /Z6CvYhFsJGf0HZ/XuHmF/6sQ+KAVrjVKzxnWFYKv83nESp5SuclXNShETpVTlVxQEclhDcBtYUk - UQxsN6Boh3GLi1WYIQ1Iyowe0H1KqoXDFCmcLDepnjRhOGywVSUPID41VpeV1UVp9cxYnS+XyJXZ - e7YOQj9gOOPOZoDaHJthCcezohnjDJWBD0YcYPyUT0mOycj3ZbK0PvNolgOVJyyQXIBzxZHtbL1b - VlPQl1jkc1nXzuZ8UZcM654HkrE6votiHtOzYtrZXAGUAdgxWOh9aLZOLFzJqy43RCAfox/yMNzS - tjKskuT389BXJjMYZiz2Q52KSL/GFFoUBmvPMZGqrTevFwnAkOhvYhaqG4bibRUKKRTBt6VMMm0l - jIvcl5rYBPpXhBJOj5DlX7xEMSYxJUvy+gYXizA6ZY3TPwscO5fxsPTdR6Hi5WHCOxQmPAUT3pMw - cUgeeAATz5OWqqA/Ekz032DiCDDR/c9hom8Yn4CJhw0KZ1eDwukWE1S7LFM4imqpUJNkm7S3Y432 - zoldRX+7LPqLre4iLNtRGzXydm2lPDyg4uLR5kP7rHxcvlhwqh7f7S2ISIHUCorTA+tMaghcwB2p - XXUtzntT3u0I537QbffuIZDnnTmu26eytiTCE/aQSbLuSAhydVBWMlimrfghXvMsIZCjRff2dnU/ - 0kZRq8hsVLEtfdnqOa7TlU5bdlxx1vc7fs9z/EFPiDbvTx05uBDnapWTzujE/YSv5rMWPDLVnWXp - oczOM2sNjViuTd5v62gjlVkJ5xlpDPwK0fk8w+Xl2OrbSUTybzeNX7/E263n1y/xdvv6tUsMQBK6 - X2s6M/WjyNi8d6F4oipN94Q1qN0BcEF+ladxIlt3gBuf2pYm8Oh1CWbLSKbnmBc/pqmTGrh9g4Lj - G/3IUPAXAAD//6KKi0eLAlq7mDZFAQAAAP//wloUoLckgO0opepakB5YewTo9nRIVqwGTcFC2QZA - C/NLEnOALCym4JoVMsA1K2QAnxVCl4C331LzyjKL8vMgjSDokHMpdNofwiXKpfm5EBOqYUxoKUhG - yYe0YEEfZq6OUm5iRVBqcWkOyGAku8ED/EUljiUQd5Tll1BtEhFiFtxMoFUZicVh+eDpEdjMH2he - EzTpALIR7g5UxxqhuBaqARw6tbW1AAAAAP//AwCPeSbdPSIAAA== - headers: - ATL-TraceId: - - 85c0919cdfaabf3c - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJuNMepkOhSchJZQapzkgTDMIh1LW1a76u7Klwb+e8/q + YoeLmUKngQdpL+f+nU/HXxxYllSkTuwoECkoSN8w4Kl2BS1AuzrJoaCuLEFRw6TQLqTMFGCom+RU + ZMBl5s5BaTyDdAKlAg3CtHeTShtZzKzCyzAIwsBT8FcF2kxXJZwqmhiWgOM6zNoPw93dCBca+AyX + uTGljn0/hRkkJpV/So8aTrVmVHgCjI+WjE9L5kc+07oCv1NwDSuUP5mOz6a9cNAf4FbtgnbiL45G + 3yqdUAOZVKsmhhRXKBEFUdQLRr1wbxoEcTiKo11vbzj6MYiCwDppjRh0vFbzQietvI+pCKyjTdjt + IgWdKFbaxOHuPtEF5dwlKdOGicSQkkECRM7IQqprz0onUnxQ/JleVILZclF+SefUUOXPGSz82q2N + g+1RGPTD0c+a/Q2vCyx7VaBVCws0OaX62taqujL2LZ5RrsF1GsEjjKuWdZ2cIXBUkq+OYQ7oa3Dr + OoYhskpEiROLCmN07sGkH2w7CLuDUsk/MdQXVqKVrutQV7arg118hZ5NuB8EMwYVaGdt20L4t/qu + ljOzoMoCWbOi5AwdTu+lBAtVw28wWg5Gz3T3iZJ1kawLNgh20Y1osIwG/6+VBhY1SNFgOFyGw29h + cNlZ7EfLfvQtLLbIv719CMeog+OMLT82HIhFPr/AomeZggxp5QHW0R3Jq6bLHwV5tLvtYLTtYO+h + 8obSml1LGDV7O3EvxCU1SOoNGT6/dxqq3ZCr36hTtjPq1wNZ2WhDS5if7AYTmRMbVcFty6FWm2JJ + k4MvD/asZ3hV57Li6SHTJaertptwG90yH7FstsPabCjAYG0LP0bgO6OgI/D7adtGM9GaZu4frAte + KiYVM6sXJrET9+uvwL/ncVbQDLRvJXSnhOFGzrLc0/NsQ1jvcKdjtsh5iN2o34XC6RVYbrKwvf+9 + Hm5JRLgNo+HIZiSnelyy5JiJ6zf25BBKO1uIpKtjXd1FfbbeEVKMcbSgVxwmQHWDDdW+OafHH94e + nVweHx2MT87Gl+PJ5PcJxofNpTEleGGaAzlFEhaGWLuEaSIFXxFsaMatUmIk+ZUpSk4VFNjRpNKI + Wu+xxg6xoZzghgXBKO/HTvPFwuph+jdddafFsRAZE5Tfv9RORm16a6Rz9K5jCaxsJmB9uypt2z6K + 5P7Q2xkOOiQ3Q8wLwdcIrz9+d+eO5+Fxg7dfaHKNo2AHuU55Y+ugnbb+k8PdyNb0DBqJum+1gIXt + bsmlOmm8ueIV9DKFvLEZWCQ5lE2xZVHisCpMW4Wn6nc3OZ/F1//7JFOyKu1I9oaJFGlOE0Q+uQIQ + pKx0DmmNuaPJvn1eAWFibg1Y0KQEh26C3w1IY6ssjzzy1qr7LF7Vz1cxOV+rZSImAqM3jBqp4sDb + 8fo3NoWYQS4TynOpTTwKRoE/a2Qua9/88AJlyfkZJJXlG/JOLnpGPi56QXxyHmpD/qioMqDIWGTY + WwVm6gmBk9P3ZL/CxiVnCRVbLjYJu7khZzgF1o7g+8HHcf341Dy6qthF+zG1r1NmsHetaI0CfENF + xNIbuSHnqKMXYb/2cNyMwtq6RZWYp57AwdnL5NyfV1wgzgzygH/3/oVV0Q+CtVyyAK9gRoEnVeZj + M1ILUIbDn21iH696uSm4lduUAxd1QayyCP8mkFWcYvqW9sdQHcchCEa5RcoZqDn+5iE98v3JWoNL + vuPmp9eoZugFP2zJIao/EvYX0xxcm6B6ynTJe9YB6rHEDDHQnf7ek4n5BwAA///sWW1v2jAQ/ivW + pE6AmhCH8FKmqkNilSptU7Vq+9B9wcQGMgGJEgJf+uP3nOMESAusVK2YVIEgie/s870857tsKsbQ + a8V4/64Y76BiXk8pvZJKSA8IotzTujWtE3rGav1UsT6UhYd3KlrYjLfPGWEt2w7t/DPhdhHb+r5h + v6aN8+Ctux5HzNT6GhyBW39CRmkDYh/kYxX8VJ9SwP7tsxoCEQO/8WcdFRNYE16kp3hZVG7boHYX + pjG0eR1MFUBRZRr/OF58Er6PXejLtdNtMPbX4F0DyBZihEB1A4h2ENaFXAYJEoCinNgGro9I63Ck + PHmTTQfrFQYMxwxG8qO0NQeL2PiDkY78QRb+kBh/EIsFsmRyzlaTwJ8wnHfHY8BsCtxjkcBa8zET + DNWCD0YcXfxYjEiOQU9v1Poq5uMUiDxgEyUkOJcCec7Odst+rQX6Fsp0qjZTxvZ4Xqt0N30SJLf6 + KC/zcQyP82G+PQMoJ2DHQ3i5DvLuYcMQ1Hfph/wLt7StBLNE6XAa+MZoBs+MzX7qExFp2BgjE4YB + XKYYiM3mwXcziwCOxPM9ZIG+YSjqloFUcsudfiCocEzE0s9xCsMahZQZyccrQs6CeZVVqg8z+PAi + 7BZ++yRqvDpiUJY9BjEcQgznpYhxVLJ4hBjHpqtNA781YrTeEeMNEMP7vxCjVbAeQIzHbQm+qy3B + vXyAKpZFDM/QrRVqlpRJmzvmcHYO7Cr1naLUzze7i7BoT21VxuWKqsxV9K60r0+o2sjKsiSdzQTV + jB/2lkGkQGoAhfGR1SW1Aa7gf9S2upGXzZHwGpIPO57THELAdvuCu26LitmCCCvsIVNk3Z6U5Nug + XMtgmSbj53AlkojAkSbd2x7WOlc2SllNZqN2zVuUTe5yT3FHNVx50fIbfrPN/U5TSke0Rlx1ruSl + nuWs0Ttzr/HN+KyZmJuqzrKyR4mdJtYKGrFcGyJKOwsvUpkVCZGQxsCvAVxME1z2b62WHc1J/nKr + +fQlLveqT1/icq/71CUGIMmsb2v6MZvHklvz6obiiSq3rDecgdp9OCfyL2kcRqp+D7jxqYtpAo/e + uGC0iGRax7yAMq2c2MDtOxQ8w+h/AQAA//+iUqSPFgX0cDG1iwIAAAAA//+itYvpWBTAmx1AJ6ZD + clw1aLIWyjYAmptfkgidg0ZvhuCa8jGAT/mgS8AnUNAl4M201LyyzKL8PEiTBjqeXApdbADhEuPS + svwS6k3WQQyDGwq0KSOxOCwfPOkAm2EDJiGIk6thTGjpSrYDwAsz9GHm6ijlJlYEpRaX5oAMRvIs + eLqgqMSxBOJx0LQlaEoB5HW4OKpmIxTdUA1g19bW1gIAAAD//wMAkqcA/NsiAAA= + headers: + Atl-Traceid: + - 0bce2baf59f2fc78 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fb800ded-bd8b-446e-bbf3-fa1743c9565c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '232' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 816c41f7-9842-49a1-9a86-dcd5cbb4b4b1 - x-envoy-upstream-service-time: - - '110' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2215,110 +1766,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - e2a41c754511f091 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 5f0b17d843b1dafc + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 11064d36-328e-45de-972d-a952c3e2a5cc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e7a8c296-f722-4383-bc5f-24ca122b44ff - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: negotiator:0.5.3|http://localhost:8080/finding_group/219] in [Security How-to|http://localhost:8080] + in: negotiator:0.5.3|http://localhost:8080/finding_group/1] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2818]\n*Defect Dojo - link:* http://localhost:8080/finding/2818 (2818)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] + | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Inactive, Verified, Mitigated |\n| High + | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] + | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Inactive, Verified, Mitigated |\n\n*Severity:* + High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. + [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2817]\n*Defect - Dojo link:* http://localhost:8080/finding/2817 (2817)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings in: negotiator:0.5.3"}, "update": {}}' headers: @@ -2331,51 +1889,57 @@ interactions: Connection: - keep-alive Content-Length: - - '3284' + - '3287' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: '' headers: - ATL-TraceId: - - 45c9a0512055c884 - Connection: - - keep-alive + Atl-Traceid: + - 8a5b47e9a3b73fae + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3c31e172-465c-4e1e-8cb9-1cf944d55889 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '408' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a349f563-9c29-45c4-b230-8af0bee371bf - x-envoy-upstream-service-time: - - '97' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2385,98 +1949,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbOBD+Kxp/6Nz1Er8lQPAN0+EgbblrOS6k7QfKMIq9cVQcySPJIVzpf79d - 2U4oJRyF8MGS7H179tnV8tWDZcll5iWeBpmBhuy1gCIzHcnnYDomncGcd1QJmluhpOlAJuwcLO+k - My5zKFTeWYA2+A6yEZQaDEhbf+t1PEGaoyjcGeDGQDHF7cza0iRBkMEUUpupL8rntuDGCC59CTZA - HTbgpQjiQBhTQdAquIRrlD8eD0/H3cFgF0+mzlkv+eoZNFqZlFvIlb6unctwhwJxGEfdsN+NB+Mo - TnpxEkf+zs72b2EchuQj2bDXJTg1T/SR5IMoDMN4FXWzycCkWpSECJ7uMzPnRdFhmTBWyNSyUkAK - TE3ZldKXPkmnSn7QxWO8MJBWGoKFgCu+4JbrV0b8C3tzTFI1f1EfHWV7UdiLBs12jI7urUPueJRo - tDXm5pJyVE0srZIpLwx0vFaHlzgl3zqeFUiMEpPsJbLCSLxSqy/o3hPRa6Qddi4bLXa0uZXwtacf - pLAWFRC/GmkK6i/3rVFTe8U1BWbEvCwEMiS7Ew2C6yjTHyz7g8e428DcGGuQLgUBi7/bOPfDHbQc - 95dx/8mKXQodS16Y5vmArWh7GW0/z9ayNdYsHrDWi5e9+HnWGnKadrHR2rdvVN/Lj3V3wYydnWMG - 81xDjnX9Aw2RU6qo6jKrT9LKWDV3LeICLcQ7m14MftRRt476lArTtT8v6UZNvyAGa5HW5r7+cEb8 - QvfNTFVFdihMWfDrhoV4jEDZj1izxMzGBLfYaetG9vM1VHfJVV8Mam2aCsQtD1RFODnfP9GBkLmX - WF2RM6kGjJWq7r4+uRVGbZ+8i1q4Cc5o04t43TKE0sJePzHeVjxwzfbx7VLMeQ4mIAnTKhF4MBP5 - zDeLfN1j3uJJ24xij1C6E0qvDaXgE6B2QuS88xHV5b1ARJuYGA0IkRk3w1Kk74S8dJfxIZR0N8u0 - pZAj1pV7tzqRSg7xauaTAkbATU1L3ay8k3cf3hwdX7w7Ohgenw4vhqPR3yOMD0vIICT4wXgG7AT7 - prSM7DJhmJLFNcOaFAUpZVaxP4Xm7ETDHOuWVQYZ5rsqvRvFLioMb0QY9rlMvDtFi6DnQvIC04n5 - WFcZvbt71kwWDbyO5gV61/YCzGwuYfV1VVLV3svkXuwPBmHL5HpWeCL5auHVffX99f5zfFzz7Q+e - XuIo1VKuVV7bOmiGmmc53E5Gdc2gkbi9XiVcUXWrQunj2ptJUUE319iy1uOBYoeqTraalzjsSdtk - 4aGcfg/OZ3n7b5/lWlUlTT6vhcywJRmGzGcTAMnKyswgc5w7Gu3TcwJMyAUZICJlDIdWhrcDZAkp - m8U+e0PqPsuX7vkyYWcrtUImTGL0VnCrdBL6W37vhiBEBAuV8mKmjE0G4SAMprXMhfMtiKPdc5Rm - Z6d0nWHHYW/VVdeq+4XPWcDOImPZPxXXFjQbyhyra45YPSBwfPKe7VdYuuw05XLDhzVkNzfsFLAm - yBFcH3wcusen+tHmhTbNpUnLsbBYvSTqeIArVMSowbEbdoY6ujFWbBfHuzhy1olX6QL8ubAafKXz - IM1FdyIknRIdfNy/osXe99LnpLAXhmstV7e1YHFyIqzA+Y2KOsBP/ZmdFyS3Tg9uXIJIWYy/EeRV - wRHMJf1z4aI6BCl4Qcw5Bb0QOD532S/HKw0d9qKwv++hmm0//HUDoqj+SHK8rBfQIbjcoNhh70VL - sPtg2sZAt3q7T4SpkXYw9R8PU/9/YXoWRP8BAAD//+xZbWvbMBD+K2JQaMPsxM6Lk0DpMtpBYStl - Lx10X6JYSuyR2MaO0y/78XtOkl/qNikLbeigJCS2dCef7uU53XmniiYNBZFWEGIfUx75Qfs7X4xb - 7Apep0fzcCkuz+tDcErsjOI6qA0Xn8Cxy9hX9137JW1eBHfbHTpDhFTrXKEngO13zCivQMSnGdkx - /Z6AvYhFsJGf0HZ/XuDmF/6sfeKAVrjRKzxnWFYKv8mXESp5SuclXNShETpVTlVxQEclhLcAtYUk - UQxsN6Boh3Gbi02YIQ1Iyowe0H1OqoXDFCmcLDetnjRlOGywTSUPID41VpeV1UVp9cxYna/XyJXZ - e3YXhH7AcOBeLAC1OTbDEo5nRQvGGSoDH4w4wPgpn5Mc04nvy2RtfebRIgcqT1kguQDnhiPb2Xq3 - rKagL7HIl7KunfvzRV0yrnseSK7V4VsU85heFNPO/RVAGYAdg4Xex2brxMKVvOryngjkY/RDHoZb - 2laGVZJ8tgx9ZTKDYcZiP9SpiPRrTKFFYbD2EhOp2nrrcpUADIn+KmahumEo3jahkEIRfFvLJNNW - wrjIfamJTaB/RSjh9AhZ/sVLFGMSU7Ikrz/mYhVGJ+z45M8Kx851PC5991GoeHmY8PaFCU/BhPck - TOyTBx7AxPOkpSroDwQTgzeYOABM9P5zmBgYxidg4mGDwtnWoHB69ZpzncJRVEOEOjZN0v6WNTpb - J7YV/Z2y6C+2uo2wbEc1J0bFhPLugAqLR7pizSIsy1crTtXju50FESmQWkFxumedSQ2BM7gjNZsu - xWl/zntd4cyGvU5/Buk9b+S47oDK2pIIT9hBJsm6EyHI1UFZyWCZtuKH+I5nCYEcLbqzt6v7kTaK - WkVmo4pt68t233GdnnQ6suuK0cDv+n3P8Yd9ITp8MHfk8EycqlWOupMj9xO+ms9a8chUd5alhzI7 - z6w7aMRybfJ+W0cbqcxKOM9IY+BXiM6XGS7Pr62BnUQkf7Np/PolbraeX7/Ezfb1a5cYgCR089h0 - ZupHkWvz3oXiiao03dHVoHYLwAX5RZ7GiWzfAm586meawKPXJZgtI5meY178mKZOauD2DQoOb/QD - Q8FfAAAA//+iiotHiwJau5g2RQEAAAD//8JaFKA3O4DtKKXqWpAeWDMD6PZ0SFasBk3BQtkGQAvz - SxJzgCwspuCaFTKAzwqhS8DnWNAl4O231LyyzKL8PEhDCDrkXAqd9odwiXJpfi7EhGoYE1oKklHy - IS1Y0IeZq6OUm1gRlFpcmgMyGMlu8AB/UYljCcQdZfklVJsChJgFNxNoVUZicVg+eHoENg0JmtcE - TTqAbIS7A9WxRiiuhWoAh05tbS0AAAD//wMAojRw5z0iAAA= - headers: - ATL-TraceId: - - 926348683039fa00 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJsdMOpkOhSchJZQapzkgTDMIh1LW6RddXflS0P+e8+R + LDtczBQ6DTxI2t1z/863x58dWFRcpk7saJApaEhfCyhS40pegnFNkkPJXVWB5lYoaVxIhS3BcjfJ + ucygUJk7A21wD9IxVBoMSLs6m9TGqnJKCi/DIAgDT8NfNRg7WVZwqnliRQKO6wiyH4a7uxF+GCim + +JlbW5nY91OYQmJT9afyuC24MYJLT4L10ZL1eSX8yBfG1OB3Cq5hifInk9HZpBcO+gNcalwwTvzZ + MehbbRJuIVN62caQ4hdKREEU9YJhL9ybBEEcDuNo19vbGf4YREFATpIRi443ap7pJMn7mIqAHG3D + Xn2kYBItKkocru4zU/KicFkqjBUysawSkABTUzZX+toj6UTJ97p4ohe1FFQuXlzyGbdc+zMBc79x + a+PgaisM+uHwZyP+hlcllr0u0SrBAk1OuLmmWtVXlt7iKS8MuE4reIRxNbKukwsEjk7y5THMAH0N + vriOFYisClHixLLGGJ07MOkH2zbCbqPS6k8M9ZmVWEk3dWgq29WBPr5Czybc91JYiwqMs7ZNEP6t + OWvU1M65JiAbUVaFQIfTOynBQjXwGwwXg+ET3X2kZF0k64INgl10IxososH/a6WFRQNSNBjuLMKd + b2Fw0VnsR4t+9C0srpD/5ct9OEYdHKdi8aHlQCzy+QUWPcs0ZEgr97CO7qiibrv8QZBHu9s2hts2 + 9u4rbymtXSXCaNjbiXuh62By7AcMnDDaHmgan/KkRdJ69vneGqEXU2ByVRfpoTBVwZcrjOPynFu8 + KFqCfXo/tvS9IWy/Vaep25rXA1VTBkNy9SMtCJk5sdU12U40YLDUwg8R+Mth0BH43bRto5loTTN3 + N9YFr7RQWtjlMwPuxP3mFvj3PC5KnoHxScJ0SgQu5CLLPTPLNoT1Flc6Zouc+9iN+l0oBb8C4iaC + 7d37emdLIsJtGA2HlJGcm1ElkmMhr1/TziFUNFvIpENMg6N5s7dekUqOcLTgVwWMgZsWhXr15pwe + v39zdHJ5fHQwOjkbXY7G49/HGB82l8GU4IFJDuwUSVhaRnaZMEzJYsmwoUVBSplV7FehOTvVUGJH + s9ogwryHGjvEhnKCGxEEw7wfO+2NhdXD9G+66laLYyEyIXlx99BqMlqlt8F5gd51LIGVzSSsT9cV + te2DSO7vecPBGsntEPNM8LXC68vv9tzxNDxu8PYLT65xFOwg1ylvbR2spq3/5HA3srU9g0ai7q6W + MKfuVoXSJ603V0UNvUwjQ20GFsUOVVtsVVY4rEq7qsJj9budnE/y6/99lmlVVzSSvRYyRUoyDJHP + rgAkq2qTQ9pg7mi8T88rYELOyACBJmU4dDO8NyCNSVkeeewNqfskXzTPFzE7X6sVMmYSo7eCW6Xj + wHvp9W8ohZjBQiW8yJWx8TAYBv60lblsfPPDC5Rl52eQ1MQ37K2a96x6WPSC+ew8NJb9UXNtQbOR + zLC3SszUIwInp+/Yfo2Ny84SLrccbBN2c8POcApsHMH3gw+j5vGxfXRVoY/VZUqvE2Gxd0m0QQG+ + oSJG9MZu2Dnq6EXYrz0cN6OwsU6okrPUkzg4e5ma+bO6kIgzizzg3z5/QSr6QbCWS+bglcJq8JTO + fGxGTgAVOPxRE/t41MttWZDcphz40RSElEX4N4asLjimb0E/hpo4DkEKXhBSzkDP8DcP67HvT9Ya + XPZdYX96hWp2vOCHLTlE9UeSfjHNwKUENVOmy96JDlAPJWYHA33Z33s0Mf8AAAD//+xZbW/aMBD+ + K9akToCaEIcEWqaqQ2KVKm0TWrV96L5gYgOZgEQJoV/64/ec44SX8rJRtWNS1QpIfBefz3fP+Z6s + OsbIa8d4f+4Y76Bj/qFTkFFF2LVr2kF0j9W6mWJdCOHmnYrnNuOtc0bAy9bzvPgbc7tMdH3dsF9y + w4tMrrseRwLVuhopAWK/IkY1BGYf1GMVfFS3OWD/8lkNWYmBn/iyjkoQzImQ0o94Xoqu70HtLsoS + ePMmnCggpMo9/n40/yCCAKvQP5cRuKLYXSJ5DYhbmhEB4g062mFUF3IRpqgGigpkCyA/JK8jkIpK + TnvaX87QZzhzMLIffa45ZSQmHox1FA+yjIfUxIOYz1Ey03P2MA6DMcMxezQC5mYAQRYLzDUbMcHQ + OgRQxDkmSMSQ7Oh39EKtz2I2ygDPfTZWQkJzIVD07Hy17MfSoC+RzCZqtX6sjxeNS3s1JiHS02dw + WYxjeFQM8/UnQHIMddxElOuMbx/eGML9Nn1QfOGSlpXiKXE2mISB2TSTx2bPvuvjEXnYbEZuDAPS + TDCQmMVD73YaAxRI52vEQn3B0OEtQqnkWjh9Q1LhzIip/yYojGocUZmkGK8IOQ1nVVapPk4Rw/Oo + XcbtVtR4ccSgknsMYjiEGM5zEeOoyvEEMY6tXasb/NqI0XxDjFdADO//QoxmqXoAMZ5yFHwXR8G9 + XQN+MUB9zTxByGiyhMibDVGnFN0c2NX3O2XfXyx2l2DJVa21yZvtlQ7pMXUYW/kHpyS20mw6FdRA + vtvbE5EDiQ2KkiNbTeIErhF/xDfdyit/KLyG5AO03v4ABrVal9x1m9TZlkKYYY+Yot3tSEmxDcml + DZZhHD9GDyKNCRzpoXu5Yu1zZaOv1WI2GtmCr/S5yz3FHdVw5WUzaAR+iwcXvpSOaA65uriWV/op + Z43OmXuD/1zPmoqZafEsK7+V2llqPcAjlmvDRGnn6UUus2IhUvIY9DWAi0mKn92e1bTjGdm/yTuf + vsWbxPXpW7xJfJ+6xcAdmdPFhpxZPZb0zHscyidq4nJSN8eu+2hG4p+yJIpV/R5wExClaRKPXr9g + tMxkmse8jTK8TmLg9g0K9m/6bwAAAP//okWkjxYF9HAxFYoCAAAAAP//oquL6VgUwJsdQCemQ3Jc + NWjmFso2AJqbX5IInZBGb3bgmv8xgM//oEvAZ1PQJeDNtNS8ssyi/DxIWwc6uFwKXXkA4RLj0rL8 + EurNskEMgxsKtCkjsTgsHzwDAZvYAyYhiJOrYUxo6Uq2A8CrNPRh5uoo5SZWBKUWl+aADEbyLHju + oKjEsQTicdAcJmh+AeR1uDiqZiMU3VANYNfW1tYCAAAA//8DAHEhFJ/oIgAA + headers: + Atl-Traceid: + - eff3a60dbd3ccfd0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 688796b8-c6f5-4b36-9790-d3ff2b26272c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '218' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bf37a027-53c7-46fa-8a53-c2a318b6d7d9 - x-envoy-upstream-service-time: - - '154' status: code: 200 message: OK - request: - body: null + body: '{"transition": {"id": 41}, "fields": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -2486,174 +2056,58 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '40' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1434/transitions response: body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2k2W3EQPKrIK7Z5EJEknWEmb0qTCsux/N8HFj9vwzvPM - y5yIVgEPiyOSvMc4B7nZ9GjRxN5/+EpFp0IY1FRNGElBPnEJg58STAFoBRWU7f76ub176n63+3XU - aSLyJUMFFPBakB5n548jTrE7zpgO3Di/9knS6+D6b4XILGzFJbxVMYMMGC2hKZnoaCOByrqpAOAK - GEDyAy6ptxvGf+yuo0zWTDa8qhn/Yc14P1mfQMF2gm+tVqbGWiEHY7ngutdKgDUAqmmE0Fj/KYgu - NzwMiyL5HatWFx+9UTk+EXeZCE5vh5acz18AAAD//wMAwep1KFoBAAA= + string: '' headers: - ATL-TraceId: - - 7ec75e834f1b2efd - Connection: - - keep-alive + Atl-Traceid: + - ae33d3fdd19b7ddb + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: + - max-age=63072000; preload + Timing-Allow-Origin: - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 34d32b16-e899-4d48-b285-6eac127c21d2 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - cf75d89703aa4aac - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + X-Arequestid: + - 65f63bde-9941-4474-a8b1-3787343e8ff5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '331' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 99a75bb7-f488-42e1-93a9-d42e8a832053 - x-envoy-upstream-service-time: - - '61' status: - code: 200 - message: OK + code: 204 + message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2663,98 +2117,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11078 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbOBD+Kxp/6Nz1Er8lQPAN0+EgbblrOS6k7QfKMIq9cVQcySPJIVzpf79d - 2U4oJRyF8MGS7H179tnV8tWDZcll5iWeBpmBhuy1gCIzHcnnYDomncGcd1QJmluhpOlAJuwcLO+k - My5zKFTeWYA2+A6yEZQaDEhbf+t1PEGaoyjcGeDGQDHF7cza0iRBkMEUUpupL8rntuDGCC59CTZA - HTbgpQjiQBhTQdAquIRrlD8eD0/H3cFgF0+mzlkv+eoZNFqZlFvIlb6unctwhwJxGEfdsN+NB+Mo - TnpxEkf+zs72b2EchuQj2bDXJTg1T/SR5IMoDMN4FXWzycCkWpSECJ7uMzPnRdFhmTBWyNSyUkAK - TE3ZldKXPkmnSn7QxWO8MJBWGoKFgCu+4JbrV0b8C3tzTFI1f1EfHWV7UdiLBs12jI7urUPueJRo - tDXm5pJyVE0srZIpLwx0vFaHlzgl3zqeFUiMEpPsJbLCSLxSqy/o3hPRa6Qddi4bLXa0uZXwtacf - pLAWFRC/GmkK6i/3rVFTe8U1BWbEvCwEMiS7Ew2C6yjTHyz7g8e428DcGGuQLgUBi7/bOPfDHbQc - 95dx/8mKXQodS16Y5vmArWh7GW0/z9ayNdYsHrDWi5e9+HnWGnKadrHR2rdvVN/Lj3V3wYydnWMG - 81xDjnX9Aw2RU6qo6jKrT9LKWDV3LeICLcQ7m14MftRRt476lArTtT8v6UZNvyAGa5HW5r7+cEb8 - QvfNTFVFdihMWfDrhoV4jEDZj1izxMzGBLfYaetG9vM1VHfJVV8Mam2aCsQtD1RFODnfP9GBkLmX - WF2RM6kGjJWq7r4+uRVGbZ+8i1q4Cc5o04t43TKE0sJePzHeVjxwzfbx7VLMeQ4mIAnTKhF4MBP5 - zDeLfN1j3uJJ24xij1C6E0qvDaXgE6B2QuS88xHV5b1ARJuYGA0IkRk3w1Kk74S8dJfxIZR0N8u0 - pZAj1pV7tzqRSg7xauaTAkbATU1L3ay8k3cf3hwdX7w7Ohgenw4vhqPR3yOMD0vIICT4wXgG7AT7 - prSM7DJhmJLFNcOaFAUpZVaxP4Xm7ETDHOuWVQYZ5rsqvRvFLioMb0QY9rlMvDtFi6DnQvIC04n5 - WFcZvbt71kwWDbyO5gV61/YCzGwuYfV1VVLV3svkXuwPBmHL5HpWeCL5auHVffX99f5zfFzz7Q+e - XuIo1VKuVV7bOmiGmmc53E5Gdc2gkbi9XiVcUXWrQunj2ptJUUE319iy1uOBYoeqTraalzjsSdtk - 4aGcfg/OZ3n7b5/lWlUlTT6vhcywJRmGzGcTAMnKyswgc5w7Gu3TcwJMyAUZICJlDIdWhrcDZAkp - m8U+e0PqPsuX7vkyYWcrtUImTGL0VnCrdBL6W37vhiBEBAuV8mKmjE0G4SAMprXMhfMtiKPdc5Rm - Z6d0nWHHYW/VVdeq+4XPWcDOImPZPxXXFjQbyhyra45YPSBwfPKe7VdYuuw05XLDhzVkNzfsFLAm - yBFcH3wcusen+tHmhTbNpUnLsbBYvSTqeIArVMSowbEbdoY6ujFWbBfHuzhy1olX6QL8ubAafKXz - IM1FdyIknRIdfNy/osXe99LnpLAXhmstV7e1YHFyIqzA+Y2KOsBP/ZmdFyS3Tg9uXIJIWYy/EeRV - wRHMJf1z4aI6BCl4Qcw5Bb0QOD532S/HKw0d9qKwv++hmm0//HUDoqj+SHK8rBfQIbjcoNhh70VL - sPtg2sZAt3q7T4SpkXYw9R8PU/9/YXoWRP8BAAD//+xZbWvbMBD+K2JQaMLsxM6Lk0DpMtpBYStl - Lx10X6JYSuyR2MaO0y/78XtOkl+aNgkLbeigJCS2dCef7uU53XmnisYbCiKtIMQ+pjzyg9Z3Ph81 - 2TW8To/m4UJcXdSH4JTYGcV1UBsuPoFjl7Gv7jv2S9q8CO6WO3AGCKnmhUJPANvvmFFegYj7Gdkp - /TbAXsQi2MhPaLs/L3HzC3/WIXFAK9zqFZ4zLCuF3+aLCJU8pfMSLurQCJ0qp6o4oKMSwpuA2kKS - KAa2G1C0w7jFxTrMkAYkZUYP6D4j1cJhihROlptUT5owHDbYupIHEJ8aq8vK6qK0emaszlcr5Mrs - PbsPQj9gOHDP54DaHJthCcezojnjDJWBD0YcYPyUz0iOydj3ZbKyPvNongOVJyyQXIBzzZHtbL1b - VlPQl1jkC1nXzsP5oi4Z1T0PJDfq8C2KeUzPi2nn4QqgDMCOwULvI7N1YuFKXnX5QATyMfohD8Mt - bSvDKkk+XYS+MpnBMGOxH+pURPo1ptCiMFh7gYlUbb15tUwAhkR/HbNQ3TAUb+tQSKEIvq1kkmkr - YVzkvtTEJtC/IpRweoQs/+IlijGJKVmS159ysQyjBjtt/Fni2LmKR6XvPgkVLw8T3qEw4SmY8PbC - xCF54BFMPE9aqoL+SDDRf4OJI8BE9z+Hib5h3AMTjxsUzrYGhdOt15yrFI6iGiLUsdkk7W1Zo711 - oiz6ix1tI9zWBGiX7SjlxAHVD0/2F9rDkrBeYG8WYVm+XHKqHt/tLIhIgdQKitMD60xqCJzDHanZ - dCXOejPe7QhnOui2e1NI63lDx3X7VNaWRHjCDjJJ1h0LQa4OykoGy7QVP8T3PEsI5GjRnb1d3Y+0 - UdQqMhtVbEtftnqO63Sl05YdVwz7fsfveY4/6AnR5v2ZIwfn4kytctIZn7if8NV81pJHprqzLD2U - 2Xlm3UMjlmuT99s62khlVsJ5RhoDv0J0vshweXFj9e0kIvk3m8avX+LN1vPrl3izff3aJQYgCd08 - Np2Z+lHkxrx3oXiiKk13dDWo3QFwQX6Zp3EiW3fAIZ/6mSbw6HUJZstIpueYFz+mqZMauH2DguMb - /chQ8BcAAP//ooqLR4sCWruYNkUBAAAA///CWhTAWxNAJ6ZDclw1aKYVyjYAmptfkpgDZGE2mAyA - jS6l6lolTAlcs0IG8FkhdAn4HAu6BLz9lppXllmUnwdpIUGHnEuh0/4QLjFeKMsvodrUG8QsuJlA - izISi8PywdMSsOk/YNKCuLgaxoSWumTbD14goQ8zV0cpN7EiKLW4NAdkMJJfwRMKRSWOJRB/g+Y1 - QZMOIJ/DxVE1G6HohmoAu7a2thYAAAD//wMAkyNG8D0iAAA= - headers: - ATL-TraceId: - - 46f5b2d837c6cc38 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBGlIwUyH7YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwDPm696WgEAAA== + headers: + Atl-Traceid: + - 9ea37d4a3995711f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f121ca48-8b71-41dc-a5f0-ecdba5c9ae40 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d71fc7cd-dc10-4f49-9e9c-eba2aa27b539 - x-envoy-upstream-service-time: - - '112' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2764,61 +2187,105 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11772 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1JmjZrbqIHFVmFdk+ySNJMsZImpUmFZdn/boqLH7fhneeZ - lzkRrQLuZ0skeY9xCnKzMdhjF43/8IWKVoUwKFc4jCQjnziHwbsEUwBaQAF5s7t5ae6f29/tbhl1 - moh8XaEMMjhkxOBk/XFEF9vjhOnArfWLSZJeBmu+FSJXoRKX8E7FFWTAaA48Z6KlXAKVJS8A4AoY - QPIDzqm3HcZ/7LalTJZM8usCqvqH7cYH1/sECrYVddVr1ZVYKqyh62tRa6OVgL4DUJwLobH8UxDt - 2vA4zIqs7/RqsfHJd2qNT8ReJoLubd+Q8/kLAAD//wMAmyeu6VoBAAA= - headers: - ATL-TraceId: - - 1d42004533b81813 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt6pLa0kp1gNNPpMMRJaCml4CQPhPEs0rG0Qd5Vd1e+NOS/9xxd + TDCYKXSaYQbt7dy/c/FXD1alUKkXewZUCgbStxKK1PaUmIPt2SSHuejpEoxwUivbg1S6OTjRS3Kh + Mih01luAsXgH6TmUBiwo175NKuv0fEYMpyHnIfcN/FWBdZN1CWdGJE4m4PU8SfLDcH8/wo2FYobb + 3LnSxkGQwgwSl+ov2heuENZKoXwFLkBJLhClDKJAWltB0DG4gTXSn07GF5N+OBwM8ahWwXrxV8+i + bpVNhINMm3VjQ4o7pIh4FPX5qB8eTDiPw1E85P6rg9FPPOKclCQhDhWv2bxQSaIP0BWcFG3Mbjcp + 2MTIkhyHp4fMzkVR9FgqrZMqcayUkADTM7bU5sYn6kSrD6Z4phaVkhQuUUzFQjhhgoWEZVCrdadg + exXyQTj6xcq/4ec5hr2ao1SCBYqcCHtDsaquHa3imSgs9LyG8Bjtqml7Xi4ROCbJ1yewANSVf+t5 + TiKySkSJF6sKbfS2YDLg3UVp9Be06IUOb6lrd9cB7NxNm+9AcmfVByWdQwbW28gmpP5Wv7V65pbC + EF6tnJeFRIXTLcsxHjXKhqPVcPRMdZ+ITGfJJi5Dvo9qRMNVNPx/pTTRr7GIAsPXq/D1jxC46iQO + otUg+hESW4B/+/YQjuEunEbdxUyuPjY1EKN/eYVoyDIDGZaVB1hHPXVRNVn+IlTfMXgc2PfryCcs + FiwXll0DKJZoxC04SJlWzOXSsjrnqZq0GfAGy7j30AfR/g4fRKNdFwcPLX6yzkZdnaX6VjcbL+6H + PQ/d4D5iACnXGoa1zuQRI5POkdtnlIVohs11VaRvpC0LsW5zFY+XwmFfa/rB8yPQdJu7/hI07AxV + jXp5pCsKeEiqfqIDqTIvdqYi2YkBdANF7IEfon3/1Yh3fth26KYqbl/swme0wWdppDbSrV9ocEce + 1E3r37cdORcZ2IAobMdE4kEus9y3i+wOdu/xpANy9Bj+Bh3Cp3vx3jRs/g8wfad7t3v0gkff3ZD7 + CnENVIwpHbfnkNc7PBbugnk4ItdhHo1LmZxIdfOWbt5ASTOTSjpo1YBb1nebE6XVGEcmcV3AOQjb + wNW0K+/s5MO749PpyfHR+PRiPB2fn/9xjspj0bDoO3wwyYGdYddRjpFcTFjM3WLNsILJgpgyp9mv + 0gh2ZmCOJYxVFqHoP1bJQsxJj99Kzkf5IPaaToxhxjhRYjaW3ytdGLFMKlFsP2onvta9dUIUqF1X + /RACmYLN66qkzH8U8vdHrGY4eyFKG+LNcHW/Dj4PuFv1cGtSawQdtSPkf9K2m0ODQStk0E0maSM4 + 0YU2p40uGBdQW6rVUcaqjmvlWvc/Fbj7Xvmsvv87ZJnRVUkz5lupUixa9q51lJXNsW8Q2I7PD+l7 + DUyqBQkgtKQMf0UwbISQxsQsj3z2jth9Vnv1dy9mlxu2UsVMoeVOCqdNjCDwB7fkPvReoRNR5Nq6 + eMRHPJg1NNNatyC8Qlp2eQFJRRWJvdfLvtOPk16xgF2G1rE/K2EcGDZWGSbVHD31BMHp2e/ssMKM + ZReJUDseNg67vWUXONbWiuD66OO4/nxqPl1UaNNOB7ScSIdJS6Q1AnCFjBgVQHbLLpFHP8JE7eP8 + HIW1dEKUWqS+wl8CfqYXwaIqFGLMYQEI7r+/IhYDzjd0yRL8uXQGfG2yALNQEDgljrmUvQE+9fN/ + AAAA///sWWtP2zAU/SsW0lCpmpCkaQpFiCF1SEgDIdD2gX2pid00WtpEeZR92I/fuY6TPuiDlcGY + NECliX2d6+tzj31P8nFEdrPlwIVaEBrMwc+tDIqII3w/qLpT8+jLScgjQsqdTKco4pjBGtf1CC22 + H+UnpxjGM62DNTHE8JcTKgGnskUBUufpFrsKK0CtCoyHiXbax88OjO6vAuM+PzDu1sD8xaAgoyrY + 9ZoqQHSPNfuFZH10ws07meQms7stRozLFvO8+h3ZZp3o6rptvuaCV5l86Lg2EqjZVyzJ+qBJRpsH + 3N5qxxr4OFgVgM3TZ01kJRq+4Z+xU4LgmYCUGuJlKbq4Bs27uEgRzYswkmBIWUZ8P8hPuO9jFurr + DIFzhv0ZkzfBuLUbMShes6MZxodcTMMMu4GknbELkh9S1AGkagunNR3MnjBgOGww8h+Fuz5epBoP + 2jvCg6jxkGk88Dzn/vesxR5HoT9iOIgHATi3AAmyhONZk4BxhlrIhyEOMH7Kh+TH4FxN1PjMJ0EB + eh6wkeQCllMeoTQpZ8u+zhy6ikURyfn9Y7G9qsR685hElxt1ShdVO5qDqtleHAE9RzDHTaBcZXxv + +8IQ7/fog/CFS5pWhlGS4iEKfb1oOo/1mn1R5yKKsF6M0hkGponQkOrJw+5ynIAUyOY6ZqG6YKhl + p6GQYgFOt0gqHBbx6N8BhTZNYtomCeMNLsbh5IA1Dn6OgeE87tW4Xckar84YtOXuwhgWMYb1UsbY + aed4whi77l3zC/zWjOH9Z4w3YAz332IMrzbdwhhPVQx7nYphu+saOlUD1TV5CsgoOYXknaWuVt11 + uWFdwW/VBX812XUda51LoXZERcRKbcGqda+FQnq5DsuK8ZhT8bi3sSaiAJJeFKc7lpkkBpwBf6RI + XYrTzpC7bWE/HLlW5wHedrvHtuN4VHvXnfCEDd0kre65EIRtKlNrHwytrX6MH3mWEDnSoBtVcRVz + aQZp2c1EIVspsx3bsV1pW7LtiGPPb/udru0fdYSwuDe05dGZOFWjfGiff3Au8FfaGWM+0SWeYZS3 + MrPIjEdExHBMuCjMMr0oZEbCeUYRg70icB5l+Nq/MTwzmZD/ywr7+/d4WaJ//x4vS/zv3WPwjigF + Za3LzB9LbvQbK8onKuJK2bfkrnsSbHp7n4o0TuThPejGJ9FTJx69aEJrncn0HP16Tes6qabbP0wF + vwAAAP//wszjo0UBRqQP16IAAAAA//8aXC4eLQpwFgXw1gTQiemQHFcNmqOGsg2A5uaXJEJn2NHb + JLhmiAzgM0ToEsa4JODNtNS8ssyi/DxIQwg6uFwKXUoB4RLl0vxciAnVMCa0sCOjgENaBaIPM1dH + KTexIii1uDQHZDCS3eBh/KISxxKIO8ryS6g3HwgxDG4o0K6MxOKwfPAUCHwKMr8oOycf1I5Fcgiq + a41QnAvVAA6e2tpaAAAAAP//AwBRLU5iuSMAAA== + headers: + Atl-Traceid: + - 0bc460bf23fd51a7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f09d2f2c-bcf8-4ad9-96c7-daefea1ed51b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '263' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 239966cb-2bfe-447b-be21-d868ccf7a916 - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2828,110 +2295,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a782ea1f0ad023f5 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRNsJImpUmFZdn/boqLH7fhneeZ + lzlBq4LezxYkvMc4BbnZ9NroLvb+wxMVrQphUI44HSGDTz2HwbsEU0RKkGC+29687O6fm9/tdhnb + NIF8XaEMMzxk0OvJ+uOoXWyOk04Hbq1f+iS1y2D7bwVkEhhWl/BOxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8oOfU2wzjP/a6QZS0lmVJeFH9sN344IxPIC+pMIUxphA1YxyLGrGsFOO0U9jzTohSY8H/FkS7 + NjwOs4L1HaMWG598p9b4BPYygXZv+x2cz18AAAD//wMA/oSjzloBAAA= + headers: + Atl-Traceid: + - 9cf13e98c0a186d4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b76a2e95-b8e2-4195-af94-ce11a59ef657 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '124' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c713a568-8f66-44c2-8db5-3d5cd6f7127a - x-envoy-upstream-service-time: - - '59' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2941,89 +2365,96 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - d9b12252ecbadf45 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 4a6903aff8b4da43 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 75fe01af-dd3e-4017-943c-9dd9d69693b2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '376' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - baab6b82-2b93-45d5-af5c-7ae2a871f875 - x-envoy-upstream-service-time: - - '99' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Jira Api Test 2", - "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/2823]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2823 (2823)\n\n*Severity:* High\n\n*CWE:* - [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n\n\n\n*CVE:* [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n*Product/Engagement/Test:* + "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/246]\n\n*Defect + Dojo link:* http://localhost:8080/finding/246 (246)\n\n*Severity:* High\n\n\n*Due + Date:* Sept. 17, 2022\n\n\n\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n\n\n\n*CVE:* + [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/686]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n\n\n\nVulnerable Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + / [NPM Audit Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -3036,53 +2467,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1432' + - '1444' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11079","key":"NTEST-890","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11079"}' + string: '{"id":"11773","key":"NTEST-1435","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11773"}' headers: - ATL-TraceId: - - ae11c28f2598fc4c - Connection: - - keep-alive + Atl-Traceid: + - 52a0e2af2491535a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3238e6fb-a12d-4959-858a-8f147b84f344 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '628' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 82618137-4233-4e58-a424-c025ce8d995e - x-envoy-upstream-service-time: - - '506' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3092,93 +2529,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-890 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1435 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbOBD+Kxp/6Nxxid+SQvAM06GQu3JHOQ5S+oF2irA3tooseSQ5Cdf2v99K - tnGgTY9SMkOstfb92UfKJw9WFRWZl3gKRAYKst8Z8EwPBC1BD3RaQEkHsgJFDZNCDyBjpgRDB2lB - RQ5c5oMFKI3vIDuDSoEGYZq93sBj1nIUhTu7uNDA57gsjKl0EgQZzCE1mfwofWo41ZpR4QswAdow - Aa1YEAdM6xqCzsAN3KL+yWx6PhtOdkOUzF2wXvLJ0+i01ik1kEt12wSX4QoV4jCOhuF4GE9mUZyM - 4mS86++OJr+FcWhtOB/mtgJn5okxWv0gCsMwvsu6XWSgU8UqWxGU7hNdUs4HJGPaMJEaUjFIgcg5 - WUp141vtVIo3ij8mCg1prSBYMFjSBTVUvdDsX9grsUl1+awRHWV7UTiKJu1yhoHu9SkPPNto9DWj - +sb2qL429imZU65h4HU2vMQZ+TLwDENgVNhkLxE1ZuJVSn7E8J5YvVbb1c51o6udXaw1vI/0jWDG - oAGLr1bbJvWX26vl3CypsolpVlacIUKyB9lgcR1kxpPVePKYcNsyt87aSlfMFhb/1us8DnfQczxe - xeMnG3YtdCh5ptvv7/iKtlfR9s/5WnXO2ofveBvFq1H8c95acOruYaO3L1/sfK8uGnbBjl2+xw7m - uYIc5/orGCKmJK+bMWskaa2NLB1FfEAP8c6mF5OvbTTU0UjtYDr685JhhEtqkBUb0vlxvDeMdsdh - QWNNWTC7xwNZ25wiy0tvrYCJ3EuMqgHLgTbNBQ67hXQTmzNnzSuWNrl/+kpmQ0VlXciaZ4dMV5ze - tiOB4lQB5mqn7ls8+Xx33PHkw6qFm8oZbXoR95TBpGLm9ok17NQDR7aPp0tW0hx0YDV0Z4ShoGB5 - 4etF3nPMK5R0ZBR7tkoPUhl1qXB6DZZOLDgfbLJz+c1CRJuQGE1sRQqqpxVLj5m4cYfxIVT2bBZp - 1zXXy6V7dycRUkzxaKbXHM6A6gYJqn3yTo/f/HF08uH46GB6cj79MD07+/sM88MR0lgS3DArgJwi - bwpDrF/CNJGC3xKcScatUWIk+ZMpSk4VlDi3pNaIWt9N6cMsdtFg+JmF4ZguEq85MrB7WP5+qO4N - MjYiZ4Lyh5vam0VbXodrjtF1XICdzQXc7a4rO7WPQHJzV3gi+Brlu/Pq/vH+Y3js8faSpjd4leog - 1xlvfB20l5qfCri7GTUzg07i7ngVsLTTLblUJ00017yGYa6QJfrrgSSHsmm2LCu87AnTduF7/btf - nHei/2zNmOGwlZBLB6r9ipEZapP4s00NM+MypbyQ2iSTcBIGcyYyZMIgnsSj987AoUsdo/ooiQVF - skX+X5X8Yv//6gycA8ILWQQV7bg72cHbKS4v8Ws4CkMXiy1zugS/ZEaBL1UeIMqorTzDi4hFZ4Bb - /cKU3AXW2Llo7FxMhzHOwxAvT3HUm1usm0tzNrxmwkptsX1cv7APe/e1W+Nbp0pmNV6YpiLH0S2x - EYGtnHV3bg9dzIi8ksuhkRtKWbUG4vckIJcRFv2fmioDivQmN6hC7zNy2ienr8l+jbxDzlMqNmjZ - y1qwPdlu+vZSUZEWwYzmGPIJIqmR1oxnR4frogNZYpEIsmGxJu4+FzUX+KPEMtNBh8iECMS4YdRI - RYYk9J/7o14DEXOHxq3knei6ISTCtK2cz2RAswXTiGiwQ77zTuzPLdAgIx0b2cv6Ve/piiBvkkUf - DzIlUlvNqSL46won0WoRJHBGudVF4lwwvPNTY3Ds9YAsC5YWBI/rPMcu1JgMqSj6EjmhBC85KSoi - F6eKzm0cV/tpCpUZHuNvnBr7cUUKoPjbjSwoDq7fZEvWCvQaG85hvTpr7/8DAAD//+xZbWvbMBD+ - KyHQ0Y7ZsZzYeRmlC2yDfdgIHduHflMsNTXEL9hyOsjy3/ecJHuJF5etjJIPgRBk3+l0ku7luTPo - NcSa9V6t1dtrHFzoemBZaGwiajrIq5rMDiWA8wHT8bI+95ndOk3hWl89PFCBvI3+yNfwSNsqISWv - lus40lf2GR620tUk3dg3HeDpfO1VGFV6uO01CIXe+utPSc4jRfxfsl6sH3qw+U0spNAMX5XMS3NL - xhekYbZ2d4vAgkQIXf7FSvTEPCM/Ile85CKJ06ve5dXPBBlUZTNY/58ginWBKDaqCRRfVQFD0UCQ - gFybNeiQ4XUSuoCJ1wCTeqtdjA1k1kb8QCHhKAbypkcTfjtRlFWScMpw/VY6oCMjgJoVz8x+BFNu - YIAEq1FaBPd8NBRsORl5wRL6jcdT5vshJduGCSs8wSbpPudCkHGD87cOji123mWPvMwptJPQJytO - UyW5SLWazUVuHZjhIGA+G0nmyaEvpmE0jIIxiyaBEB4P75mc3IhrLeViOL/wP+Jn5jkJT22Idhzz - qnSr0nnEiTi+S/buGv+iI3Nyzks6MczX2QxYEsP3Cyd085T0b5eyp69xuyA+fY3bRfWpa4wQJEwV - afHiPhRb2G4Q+ZOKN9LUriaM3SHEgv1DVWS5HNwhwERUZVnHoyYOqI0n0zq2HWWhZmED7DkUvPyl - n0PBS2h8DgWdoaANLICc+tsdzamBBXRfGVfcUmPYjj0smCmOgtw7IqWrV+U1vao2oen8tAkNYpPp - Ji6y1GAiWwhX9mOEefwrTVH+aAnbemij4DMi395nlEEt900/4T9uZVmtSfDe2rrtUKi5MnpsMvXf - mp1GViMTS6G6+57ppk3dj6RuK7VCaMVGj0Nl/QNt7QR9Orvd7hcAAAD//wMAGKUphdMaAAA= - headers: - ATL-TraceId: - - 7d95c359ea40f08e - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbXPbNgz+Kzx92G2ZrTc7iaPdbpfF7poty7LYTT+kvRwjwRIbidRIyi9r+98H + UpKVOHXXZLee72yJJIAHwAMQfu/AqqQ8cSJHAk9AQvKCQZ6oHqcFqJ6KMyhoT5QgqWaCqx4kTBeg + aS/OKE8hF2lvAVLhHiSXUEpQwHVzNq6UFsXcKLwJfD/wXQl/VaD0bF3ChaSxZjE4PYcZ+0FweDjA + FwX5HF8zrUsVeV4Cc4h1It4Jl+qcKsUodzloDy1pj5bMCz2mVAVeq+AO1ih/PptMZ/1gONjHJQtB + OdF7RyG2SsVUQyrkuvYhwTeUCP0w7PujfnA08/0oGEXDfXd0FHzvh75vQBojGoFbNc8EaeQ9DIUf + btxuXhJQsWSlCRyuHhNV0DzvkYQpzXisSckgBiLmZCnknWukY8FfyfyJKCrOTLpofkMXVFPpLRgs + PQurA9hsBf4gGP2k2N/wY4Fprwq0amiBJmdU3ZlcVbfaPEVzmivoObXgKfplZXtOxpA4Ms7WZ7AA + xOp/7DmaIbNKZIkT8Qp9dLZoMvDbjVKKd+jRMwPeSNtw2wS24TYv90jSefWKM61RgXI2tg1Tf7Nn + lZjrJZWGr4oVZc4QcLLlOebDsmw4Wg1HT4T7mcy0nmzyMvQPEUY4XIXD/9dKnX3LRTQYHKyCg69h + cNVaHISrQfg1LDYE//jxMR2DXTwN2405W13VPRCzf/0W2ZCmElJsK4+4jjhFXtVV/kmt4eGujdGu + jaPHyuuWVq+ahmG7txP1g6aPmXBJFtc43j9aMyTGSKhMVHkyZqrM6bqhOi5j3PUVxtTQvzFBNV4U + dYN9eqHW7btr2F6tTpoytI8nojIRtOBfmwXGUyfSsjJoYgnorKntTzXwff+gbeDbYdu0me2NXQkP + Nwnf3hh0HYsJyfT6mZFoxT17PXx5g2cFTUF5RkK1ShguZCzNXLVIuxb3ElfaXhg6Npm3YJqWoe32 + fX2ww99gF0eDkXE8o2pSsviM8bsXZmcMpZkteNxyyDJrafc2K1zwCY4W9DaHS6Cq5qVsnpyLs1e/ + nJ7fnJ2eTM6nk5vJ5eUfl+gGFpdCz/HALANygd2Za2LsEqaI4PmaYKWz3CglWpBfmaTkQkKBpU4q + hQxzP1XxARaU439gvj/KbiOnvrEwSRjlrqoelDjGO2Wc5tuHmsmoCa/leY7o2i6BCUw5bE5XpSnb + L2ByPcQ8k2O18OZWfDh3PI12Ha1+pvEdjoIts1rlta2TZtr6T4Dbka0uDTQStpc4h6WpbpELeV6j + uc0r6KcSe1Y3sAgyFnWyRVHisMp1k4XP5e9hcN7w7rM3YzqHvYhcW1Idl4zMUJqEH4xr6FkuYppn + Qulo5I98b854gl3LC4cHb6382HqOoN4JYjgR7ZF/lSTf4td3VnyK85TpFChmSroBNa6AjBE/rk6h + 1C4JDnvEkGkD++T1BDev8ac/8H0L1uQhXoJbMC3BFTL1kIbUpIbhPGTo6+FRN9NFbqHXeq5qPVeT + fogF08d5Lww26vgicTlOrm4qFt6iyjlq01iI3sPzG3Wo8EKKpMKrecJTrOgC8+OZgBojU4gr4yt5 + KZZ9LXZEuGwUhG+JR64DzMWfFZUaJOlU7hCFzmZgpc8vfifHFbYjMo0p3yFlJkXvaHjPifufvSt0 + G4df03pOWsohXziyWDOqhSR94rv77uCezFRUEqf8F8xSC/+aYRmob1L9A41jzKd97BTcExx3RN2L + 3vBNHgQyuImey4RHkwVTSHYw9X/4hh/P5/APAAAA///sWW1r2zAQ/iui0NFC7dpOnKQZoQtsg8I6 + QmH70E9RLMc22LHxSzLo8t/7nCQ7iTd3WxklHwKl2NaddNLpnnvu4gFyWA1UVGDMdyvMGSCVkQP1 + TgCiQL0q5nltHbQYsD3iMekCU9eo6RgvSyBCccU2YeSFDLwiCOCJCsfAMo61VgHjDMzIgyJg2sv5 + kuyYT+VGjS+oyyr4ZM5Cn6MsZWuOmDbVbtne0d7D6bG/f6yH4zUvG7N3cfl+ghMfmBZEZpJiiHoc + w0E9bB/OAMkQ6vhYO2z8Z8cwijP6R1GGV9pWgVmyahFHnnbaPaIrkKUy+eybRH86Ye0MZQzDRYkx + kOvNQ+8uyVA6k87XlEXyheH2ryPhi92dgOADMAYpEUv/y6XQqllKwUPxd8FFEq0u2cXlzwRBXKZj + 3PlfCZXdRajsfteAWw8QCJc5roxkdsQ9W6JWI9oe6CIpVkNS6s12CTbEWt7akHDgt3zIaoj2QfJv + J42iShJO2e6slRroyIispvkrMyFRllvcOKLDd2LiLnm/J+zFqG+5C9g3HN7YjjOgxNsIYYUXxHzy + 51QIus2Q3Nlg6ErpQ7rhRUZJgSZ9scaVp+ybSLtSzESeress13bsvm9bfs8RNwOv57lD2xu5Qlh8 + sLT90a2YyFnOe9Nz5zP+lJ6R8JXGZcNQnwqzKowNTsRwTAJ8UwUUHZmRcV7QiUFfJi7wSjx+nBkD + M1uR/e16+fgtbhfcx29xu2A/douBNELVt5o77vOyme4/UTyV0dpXNadCq0ckdIh/qvI0868fATAe + FVY68KhthNEmkmkd3SzTtDPXAHuCgrd3+gkK3sLiExR0QkHDH2BioCLuiTrO+tnCvGnJdb+8zUK6 + 2lNWV3vKatpT7YGGmPmrdZSnK0V9dO1b6R9G1OvfWLpOy//XBFSTNZNipZAX31PZIKk7kbhCyuSn + +lGj66sNkD8iXdfzXp0l/MeDX1QxTby3WdnayMtpqTZOLVZqf9DWm++Hys6BtlaQ1m6322cAAAD/ + /wMAQH3Zk4cbAAA= + headers: + Atl-Traceid: + - 027a946ca0ea84e5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f43ec11c-6c98-48ce-a4c1-2e7982c322d9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '287' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 07edfa84-9fa0-4817-a13a-678580e9445d - x-envoy-upstream-service-time: - - '163' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3188,93 +2632,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11079 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11773 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbOBD+Kxp/6Nxxid+SQvAM06GQu3JHOQ5S+oF2irA3tooseSQ5gWv577eS - bRyg6VFKZoi11r4/+0j54sF1RUXmJZ4CkYGC7HcGPNMDQUvQA50WUNKBrEBRw6TQA8iYKcHQQVpQ - kQOX+WABSuM7yE6gUqBBmGavN/CYtRxF4dY2LjTwOS4LYyqdBEEGc0hNJj9LnxpOtWZU+AJMgDZM - QCsWxAHTuoagM3AFN6h/NJuezoaT7RAlcxesl3zxNDqtdUoN5FLdNMFluEKFOIyjYTgexpNZFCej - OBlv+9ujyW9hHFobzoe5qcCZeWaMVj+IwjCM77JuFxnoVLHKVgSlu0SXlPMByZg2TKSGVAxSIHJO - llJd+VY7leKd4k+JQkNaKwgWDJZ0QQ1VrzT7F3ZKbFJdvmhEB9lOFI6iSbucYaA7fcoDzzYafc2o - vrI9qi+NfUrmlGsYeJ0NL3FGbgeeYQiMCpvsJaLGTLxKyc8Y3jOr12q72rludLWzi5WG95G+E8wY - NGDx1WrbpP5ye7WcmyVVNjHNyoozREj2IBssroPMeHI9njwl3LbMrbO20hWzhcW/1TqPwy30HI+v - 4/GzDbsWOpS80O33d3xFm9fR5s/5uu6ctQ/f8TaKr0fxz3lrwam7h7Xebm/tfF+fNeyCHTv/iB3M - cwU5zvUjGCKmJK+bMWskaa2NLB1FfEIP8da6F5PHNhrqaKR2MB39eckwwiU1yIoN6fw43htGu+Ow - oLGmLJjd456sbU6R5aX3VsBE7iVG1XDbUpU1pljaZPrlkcwGhlt1IWue7TNdcXrTDgCKMSpzhnRh - h6IthgLM1U7dt3jy5fa448mHVQvXlTNa9yLuKYNJxczNM2vYqQeObJ9Ol6ykOejAaujOCENBwfLC - 14u855g3KOnIKPZuH6cy6lLh9BIsnVhwPthk5/KbhYjWITGa2IoUVE8rlh4yceUO432o7Nks0q6P - rrtL9+5OIqSY4tFMLzmcANUNNlT75B0fvvvj4OjT4cHe9Oh0+ml6cvL3CeaHI6SxJLhhVgA5Rt4U - hli/hGkiBb8hOJOMW6PESPInU5QcKyhxbkmtEbW+m9KHWWyjwfArC8MxXSRec2Rg97D8/VDdG2Rs - RM4E5Q83tTeLtrwO6Ryj67gAO5sLuNtdV3Zqn4Dk5q7wTPA1ynfn1f3j/cfw2OPtNU2v8CrVQa4z - 3vjaay81PxVwdzNqZgadxN3xKmBpp1tyqY6aaC55DcNcIW/01wNJ9mXTbFlWeNkTpu3C9/p3vzgf - RP/ZmDHDYSMh5w5UuxUjM9Qm8VebGmbGZUp5IbVJJuEkDOZMZMiEQTyJRx+dgX2XOkb1WRILimSD - /L8q+cX+/9UZOAWEF7IIKtpxd7K991NcnuPXcBSGLhZb5nQJfsmMAl+qPECUUVt5hhcRi84At/qF - KbkLrLFz1tg5mw5jnIchXp7iqDe3WDWX5mx4yYSV2mL7uH5lH3bua7fGN46VzGq8ME1FjqNbYiMC - Wznr7tQeupgReSOXQyPXlLJqDcQfSUDOIyz6PzVVBhTpTa5Rhd5n5LSPjt+S3Rp5h5ymVKzRspe1 - YHOy2fTttaIiLYIZzTHkI0RSI60Zzw72V0V7ssQiEWTDYkXcfc5qLvBHiWWmvQ6RCRGIccOokYoM - Sei/9Ee9BiLmDo0byQfRdUNIhGlbOZ/JgGYLphHRYId864PYnVugQUY6NrKX9Yve0wVB3iSLPh5k - SqS2mlNF8NcVTqLVIkjgjHKri8S5YHjnp8bg2OsBWRYsLQge4HmOXagxGVJR9CVyQgleclJURC5O - FZ3bOC520xQqMzzE3zg19uOCFEDxtxtZUBxcv8mWrBToLTacw2p1Vt7/BwAA///sWVtr2zAU/ism - 0NGO2bGd2LmM0gW2wR42Qsf20DfFUlNDfMGXdJDlv/c7kqzFDi5bGSUPgRBkn6OjI+lcvnMMegOx - 5tabTfX+GgcXOi5YlhKb8IYO8rohe20J4HzAdLxszn2ut05TmNRXDlsqkLfRH/kaHmlbJaTk9WoT - R/LKvsLD1rKapBv7IQM8na++CqWKhdvegFDIrb/9kuQsqoj/W2bF8sGCzW9jLrhk+F6JvFS3pHxB - KGZtd7cILEiE0OVfrEROzDPyI3LFS8aTOL2yLq9+J8igVTaH9R+DKK8PRHnjhkDxtSpgKBIIErTr - sgY9MtxeQh8wcQ0wabbax2ggcyuPd+N/d9bMzCLTf6BAopJIWScJoww36KQDOjICqFnxwuxHMOUG - BkiwGqVFcM/GI+6tpmM3WEGlyWTm+X5IydYwYYVn2ATd54JzMm5w/tHB1sXOh+yRlTmFdhL6bMWp - qiQHqVayOcitQzUcBp7vjYXnipHPZ2E0ioKJF00Dzl0W3ntiesOvpZSL0eLC/4yfmmcnLNUh2rbV - q9KpS/sRJ2L7Dtm7o/yLjszOGSvpxDBfZjNgSQw/Lu3QyVPSv1vKnr7G3YL49DXuFtWnrjFCEFd1 - pcaLh1BsqbtB5E9VvBWqdlVh7A4hFuyf6iLLxfAOASaiKks7HjVxQDWeTOvodpSGmoUOsOdQ8PqX - fg4Fr6HxORT0hgIDNKDiWnncjvq/euxCblYx1N3uMURCMT0f7PaDY0Jfr8o1vaouwXR+ugSD2ES6 - jYssVehGF8K1/hihHv9qCyh/pIRdM9RR8AWR7+AzyrCR+26QsF+3oqw3JPhgbdl2KKpFpfTYZtV/ - a3YqWUYmlkJ19zOTTZumQ0ndVmqF0IpGj7ayfktbPUGezn6/fwIAAP//AwC2kYY30xoAAA== - headers: - ATL-TraceId: - - 7135834e774c1a36 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PjNhT+Kxo/dFqa+JYAwZ1Oh5LQpaWUkiz7wO4wwj6xBbLkSnIuZfnvPfIl + gbDZLnS6k5nElnSu33eOTu4dWBRUJE7kKBAJKEiOGfBEdwTNQXd0nEFOO7IARQ2TQncgYSYHQztx + RkUKXKadGSiNe5BcQKFAgzDN2bjURuZTq/A68P3AdxX8VYI2k2UB54rGhsXgdBxm7QfB/n4PXzTw + Kb5mxhQ68rwEphCbRN5KlxpOtWZUuAKMh5aMRwvmhR7TugSvVXAHS5Q/m4zGk27Q7+3iUuWCdqJ7 + R6NvpY6pgVSqZR1Dgm8oEfph2PUH3eBg4vtRMIj6u+7gIPjeD33fOmmNGHS8UvNKJ628h6nww1XY + zUsCOlassInD1UOic8p5hyRMGyZiQwoGMRA5JXOp7lwrHUvxVvEXelEKZuGi/JrOqKHKmzGYe5Vb + awebrcDvBYOfNPsbfswR9jJHq5YWaHJC9Z3Fqrwx9imaUq6h49SCJxhXJdtxMobEUXG2PIUZoK/+ + Q8cxDJlVIEucSJQYo7NBk57fbhRK3mJEr0x4I12luwKwTbd9eUSSdVRvBTMGFWhnZdsy9bfqrJZT + M6fK8lWzvOAMHU42Ikc8Kpb1B4v+4IXufgaZNpIVLn1/H90I+4uw//9aqdGvuIgGg71FsPc1DC5a + i71w0Qu/hsWG4A8Pz+kYbONp2G5M2eKy7oGI/tUHZEOaKkixrTzjOvopeVlX+Se1hvvbNgbbNg6e + K69bWr1qG0bVvZ2oGzR9zKZLsbj24/7ZmiUxZkJnsuTJkOmC02VDdVyeU4PXQt1OX16WdbNet2ev + Vqds0VWPR7K0+apcfWcXmEidyKjS2kal5hLxtKXXZEMBBmtr+1MNfNffaxv4ZtpWbWZzYxvg4Qrw + QjGpmFm+MgWtuFfdAl/ex1lOU9CeldCtEoYLGUszV8/SdSd7gyttywud56QOe20onN6AbVqWtpv3 + 9d6WRATbOBoMbEYyqkcFi0+ZuDu2O0Mo7Gwh4pZDFbPm1d5qRUgxwtGC3nC4AKprXqrmyTk/ffvL + ydn16cnR6Gw8uh5dXPxxgfFhcWlMCR6YZEDOsTsLQ6xdwjSRgi8JVjrjVikxkvzKFCXnCnIsdVJq + 5Jz7qYoPsKAc/yPz/UF2Ezkb5YxJT5mgHOFEPNZlZvc215rJqElvxXyO3rVdApFNBaxOl4Ut2y9g + cj3EvJJ8tfDqVnw6d7yMj2u+/UzjOxwFW8q1ymtbR8209Z8cbke2umbQSNhe4gLmtroll+qs9uaG + l9BNFfas9cAiyVDWYMu8wGFVmAaFz2H6NDnvxfqzM2GGw05EripSHRaMTFCahB9taBgZlzHlmdQm + GvgD35sykWAf88L+3odKflhFjk7dSmI5Ee2Qf5Uk3+LXd5X4GOcp20JQzNZ649SwBDJE/3F1DIVx + SbDfIZZMK7eP3o1w8wp/uj3fr5y1OMRzcHNmFLhSpR7SkFpoGM5Dlr4eHnUzk/PK9VrPZa3nctQN + sWC6OO+FwUqdmCWuwMnVTeXMm5VcoDaDheg9Pb9ShwrPlUxKvJpHIsWKzhEfzybUGhlDXNpYyRs5 + 7xq5JcNFoyD8QDxyFSAWf5ZUGVBkrXKLKKxtBpX02fnv5LDEdkTGMRVbpOyk6B30HwXx+LNziWHj + 8Gtbz1FLOeSLQBYbRo1UpEt8d9ftPZIZy1LhlH/MKmrhXzMsA/1Nan6gcYx4Vo9rBY8Eh2ui7kTv + xQoHiQxusucy6dFkxjSSHWz9778Xh9Mp/AMAAP//7Flta9swEP4rotDRQu3aTpykGaELbIPCOkJh + +9BPUSzHNvgNvySDrv99z0myk3i428oo+RAoxbbupJNO99xzFw+QwxqgogJjuVthyQCpjByodwIQ + BRLWMS8a66DFgO0Rj0kXmLpBTcd4VQERyiu2DSMvZOAVQQBP1DgGlnOslQaMMzAjD4qAaa/ga7Jj + OZcbNb6gLqvhkyULfY6ylG04YtpUu2V7R3sPp8f+/rEejje8bMrexdX7GU58ZFoQWUjSIZpxDAfN + sH04AyRDqONj47Dpnx3DKM7oH0UZXmlbJWbJ61Ucedpp94iuQJbK5LNvEv3phLUzlDEMFyXGQKE3 + D727JEfpTDpfMxbJF4bbv4mEL3Z3AoIPwBikRCz9L5dCq+YZBQ/F3wUXSZResovLnwmCuMqmuPO/ + Eyq7j1DZw74Bdz95VgWujOR6xD07olYr2h3oIylWS1KazfYJtsT6IM93c0FXq2Xd8q6HhB4qoZR1 + knDKdmed1EBHRmQ1K16ZCYmy3OLGEUG+EzN3zYcDYa8mQ8tdwaTx+MZ2nBEl3lYIK7wg5pM/50LQ + bYbkzgZDV0ofsi0vc0oKNOmLNa48Zd9E2pViJvJsU2e5tmMPfdvyB464GXkDzx3b3sQVwuKjte1P + bsVMznI+mJ87n/Gn9IyEpxqXDUN9Ks26NLY4EcMxCfBNFVB0ZEbOeUknBn2ZuMAr8fhxYYzMPCX7 + u/Xy8VvcLbiP3+JuwX7sFgNphKpvNXfc52UL3X+ieKqija+qUIVWj0joEP9UF1nuXz8CYDyquHTg + UdsIo20k0zq6WaZpZ6EB9gQFb+/0ExS8hcUnKOiFgpZowMRARdwTdZz1s4V5s4rrfnmXePS1p6y2 + PdUdaJs93YGWmPnpJiqyVJEYXfvW+ocR9fo3lm6y6v+1BdVk7aRYKeTl90w2SJpOJK6QMvmpedTo + +moD5I9I1828V2cJ//Hgl3VME+9tVrY2impeqY1Ti5XaH7T19vuhsnOgrRWktc/Pz78AAAD//wMA + lu48t4cbAAA= + headers: + Atl-Traceid: + - 8918d5dba96fb0d7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3e3b8304-ce53-4f36-8a0e-2df473687f6d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '256' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3783d932-4b32-4e8f-86bc-9b7ae4cf016d - x-envoy-upstream-service-time: - - '169' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3284,174 +2735,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m2W3EQPKrIK7Z5EZJJOsJImpU2FZdn/boqLH7fhneeZ - lzkxjTMdJscUe49xnNVm05ElE7vwEQqMDue5R194iixjnzTNffAJ5gC8gALyZn/93Nw9tb/b/TLo - NDH1skIZZPCasY5GF44D+dgeR0oHblxYuiTppXfdt8LUKmzlJbzFuIICBM+hyoVseaWAq7IqAOAK - BEDyZ5pSb9sP/9hdy4UqhdqKAmr+w5rh3tuQQCl2st5ajaakEqkGY2tZ606jBGsAsKqk1FT+KYhu - bXjoJ2TrOxYXFx+DwTU+MXeZGPm3Q8PO5y8AAAD//wMAzXWDMFoBAAA= - headers: - ATL-TraceId: - - 6ae3f71f70b33902 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:32:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CMxN9GDiqzCdk+ySNomWEmT0qTCsux/N8XFj9vwzvPM + y5ygVUHvZwsS3mOcgtxsem10F3v/4YmKVoUwKEecjpDBp57D4F2CKSIlSDDfbW9edvfPze92u4xt + mkC+rlCGGR4y6PVk/XHULjbHSacDt9YvfZLaZbD9twIyCQyrS3in4goyZCxHkVPeoJDIJasIIl4l + EpMf9Jx6m2H8x143iJIKWXIiBP9hu/HBGZ/AuqTcFMaYggvGaiwEYlkpVtNOYV93nJcai/pvQbRr + w+MwK1jfMWqx8cl3ao1PYC8TaPe238H5/AUAAP//AwATCsb+WgEAAA== + headers: + Atl-Traceid: + - 3952d477c7c5793d + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e10ba9bc-23ae-4ed1-a0a1-2feb993c5eca - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f46864fd707be57c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2f22923e-e689-4a8e-a961-2f70669a3636 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5806d184-4bf7-4580-a0c2-14df8e15084d - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3461,93 +2805,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11079 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11773 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbRhD+Kzf6kGmprTc7YDTDZAi4DS2hFBzygWTCIa2lC6c7zd3JhhL+e/dO - EnIgTgnBM1i30r4/+2h968F1RUXmJZ4CkYGC7HcGPNMDQUvQA50WUNKBrEBRw6TQA8iYKcHQQVpQ - kQOX+WABSuM9yE6gUqBBmOZZb+AxazmKwq1tPGjgczwWxlQ6CYIM5pCaTH6WPjWcas2o8AWYAG2Y - gFYsiAOmdQ1BZ+AKblD/aDY9nQ0n2yFK5i5YL7n1NDqtdUoN5FLdNMFleEKFOIyjYTgexpNZFCej - OBlv+9ujyW9hHFobzoe5qcCZeWaMVj+IwjCM77NuDxnoVLHKVgSlu0SXlPMByZg2TKSGVAxSIHJO - llJd+VY7leKd4k+JQkNaKwgWDJZ0QQ1VrzT7F3ZKbFJdvmhEB9lOFI6iSXucYaA7fcoDzzYafc2o - vrI9qi+NvUrmlGsYeJ0NL3FG7gaeYQiMCpvsJaLGTLxKyc8Y3jOr12q72rludLWzh5WG95G+E8wY - NGDx1WrbpP5yz2o5N0uqbGKalRVniJDsQTZYXAeZ8eR6PHlKuG2ZW2dtpStmC4t/q3Ueh1voOR5f - x+NnG3YtdCh5odvv7/iKNq+jzZ/zdd05ay++420UX4/in/PWglN3F2u93d3Z+b4+a9gFO3b+ETuY - 5wpynOtHMERMSV43Y9ZI0lobWTqK+IQe4q11NyaPbTTU0UjtYDr685Jh1PKFRbBiaePu9pHM4gvD - 14WsebbPdMXpTYtCFC+pQV5taOvHJ6bhxHsWDBpryo6Du9yTta2Ki/S9FTCRe4lRtXWNNs0Z0oUd - irYYCjBXO3Xf4smX2+OOJx9WLVxXzmjdjbinDCYVMzfPrECnHjiyfTpdspLmoAOroTsjDAUFywtf - L/KeY96gpCOj2Lt7nMqoS4XTS7B0YsH54CE7l98sRLQOidHEVqSgelqx9JCJK/cy3ofKvptF2kHI - AWvp7t1LhBRTfDXTSw4nQHUDS9VeeceH7/44OPp0eLA3PTqdfpqenPx9gvnhCGksCT4wK4AcI28K - Q6xfwjSRgt8QnEnGrVFiJPmTKUqOFZQ4t6TWiDnfTenDLLbRYPiFheGYLhLvwdBi0XMmKMd2Yj/6 - KbP3HsrazaItrwM+x+g6LsDO5gLun64rO7VPQHKzKzwTfI3y/fvq69f7j+Gxx9trml7hKtVBrjPe - +Nprl5qfCrjbjJqZQSdx93oVsLTTLblUR000l7yGYa6Qsvr1QJJ92TRblhUue8K0XfheT78uzgfR - fzZmzHDYSMi5A9VuxcgMtUn8xaaGmXGZUl5IbZJJOAmDORMZ8lgQT+LRR2dg36WOUX2WxIIi2SD/ - r0p+sf9/dQZOAeGFLIKKdtydbO/9FI/n+DUchaGLxZY5XYJfMqPAlyoPEGXUVp7hImLRGeCjfmFK - 7gJr7Jw1ds6mwxjnYYjLUxz15har5tKcDS+ZsFJbbB/Pr+zFztfarfGNYyWzGhemqchxdEtsRGAr - Z92d2pcuZkTeyOXQyDWlrFoD8UcSkPMIi/5PTZUBRXqTa1Sh9xk57aPjt2S3Rt4hpykVa7TsshZs - Tjabvr1WVKRFMKM5hnyESGqkNePZwf6qaE+WWCSCbFisiLvPWc0F/iixzLTXITIhAjFuGDVSkSEJ - /Zf+qNdAxNyjcSP5ILpuCIkwbSvnMxnQbME0IhrskG99ELtzCzTISMdGdlm/6D1dEORNsujjQaZE - uqs5VQR/XeEkWi2CBM4ot7pInAuGOz81BsdeD8iyYGlBcHfIc+xCjcmQiqIvkRNKcMlJURG5OFV0 - buO42E1TqMzwEH/j1NiPC1IAxd9uZEFxcP0mW7JSoLfYcA6r1Vm5/x8AAAD//+xZW2vbMBT+KyHQ - 0Y7ZsZ3YuYzSBbbBHjZCR/fQN8VSU0N8wZd0kOW/7zuSrCVqXbYySh4CIcg+R0dH0rl85xj0FmLN - em/W9ftLHFzkemBZSGTBWzrIq5bsH0oA5z2m42V77jO9dZrCpL5yeKACeRv9ka/hkbZVQUrRLNdJ - LK/sKzxsJatJurEbGeDpfPVVKFV6uO01CKXc+tsvacHimvi/5b1EPvRg85uECy4ZvteiqNQtKV8Q - ilnb3TUCCxIhdPkXK5ETi5z8iFzxnPE0yS565xe/UmTQOp/B+h+DKL8LRPmjLkK4nzDrEhYk8R3B - TYvVM6w2wQCTdkddjF1AxTOQWRrxPYWEJwC6nQ9sKVOjR5OmjDJc30oHdGQEUPPyhdmPYMoVDJBA - MUqL8I6NhtxfTkZeuIQK4/HUD4KIkq1hwgrPsAm6zznnZNzg/KODo4udD/kDqwoK7ST02YpTVUku - Uq1kc5FbB2o4CP3AHwnfE8OAT6N4GIdjP56EnHssuvPF5IpfSilnw/lZ8Bk/Nc9JWaZDtOOoV5Xb - VM4DTsQJXLJ3V/kXHZlTMFbRiWG+zGbAkhh+XDiRW2Skv13KHr/GdkF8/BrbRfWxa4xIw1VJq/Hi - PhRb6G4Q+VOdbISqPFW0ukWIBfunpswLMbhF5ImpytKOR00cUI0n0zq6HaWhZqkD7CkUvP6ln0LB - a2h8CgWdocDGDkBO/e2O5rSIA7qvlCtuqTGsxx4WzGuGgtx7QkpXr8ozvSqbYDo/NsEgNpFtkjLP - FCbShXCjP0aox7/RdJPX/61FqGQZmVgIVdWPXDZL2qYkTEtpvG2HOuq+eH352WbQyn3XT9nPa1E1 - axK8t1fZ5ijrea32Td1WaoXQzs37w8nBwWw9QWq72+1+AwAA//8DAHYCjo/TGgAA - headers: - ATL-TraceId: - - 85795fe4f1fb43de - Connection: - - keep-alive + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dFqX4iXZltnpdFxLady6rmvJzoOT8cDkikQMAiwA6miS/94F + D8mX0tidZjQjkQD2/L5drD44sCypSJ3YUSBSUJC+YsBT7QpagHZ1kkNBXVmCooZJoV1ImSnAUDfJ + qciAy8ydg9K4B+k5lAo0CNOeTSptZDGzCq/DIAgDT8FfFWgzXZVwpmhiWAKO6zBrPwz39/v4ooHP + 8DU3ptSx76cwg8Sk8r30qOFUa0aFJ8D4aMn4tGR+5DOtK/A7BbewQvnT6Xgy7YWD/i4u1S5oJ/7g + aPSt0gk1kEm1amJI8Q0loiCKesGwFx5MgyAOh/Fg1xsehN8HURBYJ60Rg47Xal7opJX3MRVBtA67 + fUlBJ4qVNnG4ekh0QTl3Scq0YSIxpGSQAJEzspDq1rPSiRQXij/Ti0owCxfl13RODVX+nMHCr93a + ONhuhUE/HP6k2d/wY4GwVwVatbRAk1Oqby1W1Y2xT/GMcg2u0wgeY1y1rOvkDImjknx1AnNAX4NP + rmMYMqtEljixqDBG5wFN+sG2jbDbKJV8j6G+EIlWusahRrbDwb7cYc8m3AvBjEEF2lnbthT+rT6r + 5cwsqLJE1qwoOUOH0wcpQaBq+g2Gy8Hwme5+BrIukjVgg2Af3YgGy2jw/1ppaFGTFA2Ge8tw72sY + XHYW+9GyH30Niy3zP316TMeoo+OMLS+bHoggX71D0LNMQYZt5RHX0R3Jq6bKnyR5tL9tY7ht4+Cx + 8qalNau2YdTd24l7oetgcswlBm452hyoC9/mSbGk8ezDozXLXkyBzmXF0xHTJaerluO4vKAGL4qm + wT6/Hpv2vWnYfqNO2WqrH49kZTMYWlff2AUmMic2qrK2EwUYrC3hpxr4brDXNfCHadvWZqJ1m3m4 + sQa8VEwqZlYvDLgT9+tb4Mv7OCtoBtq3ErpTwnAhZ1nu6Xm2aVivcaXrbJHzmLtRvwuF0xuwvcnS + 9uF9vbclEeE2joZDm5Gc6nHJkhMmbl/ZnRGUdrYQSceYmkeLem+9IqQY42hBbzicA9UNC1X75Jyd + XPxyfHp9cnw0Pp2Mr8fn53+cY3xYXBpTggemOZAzbMLCEGuXME2k4CuCBc24VUqMJL8yRcmZggIr + mlQaGeY9VdghFpQTfGRBMMxvYqe5sRA9TP+mqu6VOAKRMUH5w0PtZNSmt+Y5R++6LoHIZgLWp6vS + lu0XMLkZYl5IvkZ4ffndnzuex8cN336myS2Ogh3lOuWNraN22vpPDncjW1MzaCTq7moBC1vdkkt1 + 2nhzwyvoZQo71GZgkWQkG7BlUeKwKkyLwufwu5+ct2Lz2Zkyw2EnJlc1qQ5LRqYoTaKPNjSMjMuE + 8lxqEw+DYeDPmEixa/nRYO9dLT+qI0en3ktiORHvkH+VJN/i13e1+ATnKdtCUMzWeuvUqAIyQv9x + dQKl8Ui47xJLprXbR2/GuHmFP71+ENTOWhySBXgFMwo8qTIfaUgtNAzHHktfH496uSl47Xqj57LR + cznuRVgwPZz3onCtTsxTT+Dk6mVy7s8rLlCbwUL0759fq0OFZ0qmFd7AY5FhRReIj28Tao1MIKls + rOS1XPSM3JLhslUQvSM+uQoRiz8rqgwoslG5RRQ2NsNa+vTsd3JYYTsik4SKLVJ2IPQPBneCuPvZ + ucSwcfi1reeooxzyRSCLDaNGKtIjgbfr9e/ITGSlcMp/xWpq4V8zLAP9TWZ+oEmCeNaPGwV3BEcb + ou7Eb8UaB4kMbrPnMenTdM40kh1s/e+/FYezGfwDAAD//+xZbWvbMBD+K6LQ0ULt2k6cpBmhC2yD + wjpCYfvQT1EsxzbYsfFLMujy3/ucJDuJN3dbGSUfAqXYPp100umee+7iAXJYDVRUYMx3K8wZIJWR + A/VOAKJAvSrmeW0dtBiwPeIx6QJT16jpGC9LIEJxxTZh5IUMLCII4IkKx8AyjrVWAeMMzMiDImDa + y/mS7JhP5UaNL6jLKvhkzkKfoyxla46YNtVu2d7R3sPpsb9/rIfympeN2bu4fD/BiQ9MC0NmkmKI + Wg5xUIvtwxkwMoQ6PtYOG//ZMYzijP5RlOGVtlVglqxaxJGnnXaP6ApkqUw++ybRn05YO0MZw3BR + YghyvXno3SUZSmfS+ZqySL4w3P51JHyxuxMY+ACMQUrE0v9yKbRqllLwUPxdcJFEq0t2cfkzQRCX + 6Rh3/ldCZXcRKrvfJXBrAYFwmePKSGZHTLM11GqGtgVdJMVqSEq92a6BXcTaaoi1vM4hAcRv+H07 + aRRVknDKdmet1EBHRmQ1zV+ZCYmy3OLGER2+ExN3yfs9YS9GfctdwN7h8MZ2nAEl3mYQVnhhmE/+ + nApBtxkjdzYYuiD6kG54kVFSoElfLGXlKfsm0q4cZiLP1uWUazt237ctv+eIm4HX89yh7Y1cISw+ + WNr+6FZM5Cznvem58xl/Ss9I+ErjsmGoT4VZFcYGJ2I4JgG+qQKKjszIOC/oxKAvExd4JR4/zoyB + ma3I/nZZfPwWt+vq47e4XZcfu8VAGqGqWc0d93nZTLeZKJ7KaO2rmlOh1SMSOoZ/qvI0868fATAe + VVw68Kg7BGkTybSObpZp2plrgD1Bwds7/QQFb2HxCQo6oaDhDzAxUBH3RI1l/Wxh3rTkul/eZiVd + 7SmraU+1BU2zpy1oiJm/Wkd5ulIMR9e+lf5hRL3+jaXrtPx/TUA1WTMpVgp58T2VDZK674grpEx+ + qh81ur7aAPkj0nU979VZwn88+EUV08R7m5Wtjbyclmrj1GKl9gdtvfl+qOwcaGsFae12u30GAAD/ + /wMAIWiavYcbAAA= + headers: + Atl-Traceid: + - 62cefe9166bcc028 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 84c4bf9f-010f-4416-b8f3-511aed66ac6a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '259' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bdb28a37-4640-4b6f-9183-73d0aa0442ab - x-envoy-upstream-service-time: - - '142' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3557,88 +2908,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 35b9415b671edf42 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 3df74d8fc640cab5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7a84f609-f1b4-4567-a1c4-2fd8302b0906 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '180' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 53b32b04-5c19-4cd9-b8a4-3cf430b5a8b7 - x-envoy-upstream-service-time: - - '110' status: code: 200 message: OK - request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/2823]\n\n*Defect - Dojo link:* http://localhost:8080/finding/2823 (2823)\n\n*Severity:* High\n\n*CWE:* - [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n\n\n\n*CVE:* [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n*Product/Engagement/Test:* + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/246]\n\n*Defect + Dojo link:* http://localhost:8080/finding/246 (246)\n\n*Severity:* High\n\n\n*Due + Date:* Sept. 17, 2022\n\n\n\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n\n\n\n*CVE:* + [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/686]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n\n\n\nVulnerable Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + / [NPM Audit Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Jira Api Test 2"}, "update": {}}' headers: @@ -3651,51 +3009,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1386' + - '1398' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11079 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11773 response: body: string: '' headers: - ATL-TraceId: - - 933403f4b5426d17 - Connection: - - keep-alive + Atl-Traceid: + - a7e5be9ff66772a9 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 50dbbd9d-53b6-406c-a22f-5c743fb5177e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '176' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a74a8ea8-589c-4b09-947e-a85f83a3da4d - x-envoy-upstream-service-time: - - '127' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3705,93 +3069,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11079 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11773 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPbRhD+Kzf6kGmprTc7YDTDZAi4DS2hFBzygWTCIa2lC6c7zd3JNk3y37t3 - kpAhcUoInsHSSvv+7HPrTx6sKioyL/EUiAwUZL8z4JkeCFqCHui0gJIOZAWKGiaFHkDGTAmGDtKC - ihy4zAcLUBqfQXYGlQINwjTvegOPWctRFO7s4o0GPsfbwphKJ0GQwRxSk8mP0qeGU60ZFb4AE6AN - E9CKBXHAtK4h6AzcwC3qn8ym57PhZDdEydwF6yWfPI1Oa51SA7lUt01wGd6hQhzG0TAcD+PJLIqT - UZyMd/3d0eS3MA6tDefD3FbgzDwxRqsfRGEYxndZtzcZ6FSxylYEpftEl5TzAcmYNkykhlQMUiBy - TpZS3fhWO5XijeKPiUJDWisIFgyWdEENVS80+xf2SmxSXT5rREfZXhSOokl7O8NA9/qUB55tNPqa - UX1je1RfG3uVzCnXMPA6G17ijHwZeIYhMCpsspeIGjPxKiU/YnhPrF6r7WrnutHVzt6sNbyP9I1g - xqABi69W2yb1l3tXy7lZUmUT06ysOEOEZA+yweI6yIwnq/HkMeG2ZW6dtZWumC0s/q3XeRzuoOd4 - vIrHTzbsWuhQ8ky339/xFW2vou2f87XqnLUX3/E2ilej+Oe8teDU3cVGb1++2PleXTTsgh27fI8d - zHMFOc71VzBETEleN2PWSNJaG1k6iviAHuKdTQ8mX9toqKOR2sF09Oclw6jlC4tgxdLG3aevZBZf - GL4uZM2zQ6YrTm9bFKIYC2UucGYtMlsX1CDTNkT24zPUsOQdLwaNNWUHxF0eyNrWycX+1gqYyL3E - qNoGkyrAXO3UfYsnn++OO558WLVwUzmjTQ/iTQ9GPZcwqZi5fWIhOvXAsfDjeZSVNAcdWA3dGWEo - KFhe+HqR9+TzCiUdS8We6+U1WDqx4HyQlp3Lb+YbbUJiNLGJF1RPK5YeM3HjDuNDqOzZLNIOQg5Y - S/fsTiKkmOLRTK85nAHVDSxVe+WdHr/54+jkw/HRwfTkfPphenb29xmmgSOkMXN8YVYAOUXeFIZY - v4RpIgW/JTiTjFujxEjyJ1OUnCoocW5JrRFhvpvSh1nsosHwMwvDMV0kXnNkYJOwyv1Q3RtkrHfO - BOUPX2o3i7a8DuYco+u4ABuYC7h7u67s1D4Cyc2u8ESMNcp359X94/3HYNfD6iVNb3CV6pDVGW98 - HbRLzU8F3G1GzWigk7g7XgUs7XRLLtVJE801r2GYK6Ssfj2Q5FA2zZZlhcueMG0Xvte/+8V5J/rP - 1owZDlsJuXSg2q8YmaE2iT/b1DAzLlPKC6lNMgknYTBnIkPWCuJJPHrvDBy61DGqj5JYUCRb5P9V - yS/2/6/OwDkgvJAsUNFOtZMdvJ3i7SV+DUdh6GKxZU6X4JfMKPClygNEGbWVZ7iIWHQG+KpfmJK7 - wBo7F42di+kwxnkY4vIUR725xbq5NGfDayas1Bbbx/sX9mLvvnZrfOtUyazGhWkqchzdEhsR2MpZ - d+f20MWMyCu5HBq5oZRVayB+TwJyGWHR/6mpMqBIb3KDKvQ+I6d9cvqa7NfIO+Q8pWKDll3Wgu3J - dtO3l4qKtAhmNMeQTxBJjbRmPDs6XBcdyBKLRJANizVx97moucAfJZaZDjpEJkQgxg2jRioyJKH/ - 3B/1GoiYOzRuJe9E1w0hEaZt5XwmA5otmEZEgx3ynXdif26BBhnp2Mgu61e9pyuCvEkWfTzIlEht - NaeK4K8rnESrRZDAGeVWF4lzwXDnp8bg2OsBWRYsLQjuDnmOXagxGVJR9CVyQgkuOSkqIhenis5t - HFf7aQqVGR7jb5wa+3FFCqD4240sKA6u32RL1gr0GhvOYb06a8//AwAA///sWW1r2zAQ/ism0NGO - 2bGc2HkZpQtsg33YCB3bh35TLDU1xJbxSzrI8t/3nCR7jVeXrYySD4EQZN/pdJLu5bkz6A3Emjuv - NtXbSxxc5PlgWWocIRo6yOuGzA4lgPMO0/GyOfe53TpN4VpfPTxQgbyN/sjX8EjbKiElr1ebJNZX - 9hkettbVJN3YNx3g6XztVRhVHNz2BoRCb/31pzTncUX8X5ST6AcHNr9NhBSa4Wsl89LckvEFaZit - 3V0jsCARQpd/sRI9MVfkR+SK51ykSXbhnF/8TJFBKzWH9f8JolgfiGLjhkDxtSpgKBq0EarssoY9 - MvxeQgtMmh31MfYBFb+FzF3CrE3wZN13FCseQe7dRFHWacopww066YCOjACqKp6Z/QimXMEACQKj - tAhv+Xgk2Go69sMV9J1MZiwIIkq2LRNWeIJN0n0uhCDjBudvHVxb7LxT97zMKbST0CcrTlMleUi1 - ms1Dbh2a4TBkARtL5stRIGZRPIrDCYunoRA+j26ZnF6JSy3lbLQ4Cz7iZ+a5Kc9siHZd86r06tK9 - x4m4gUf27hn/oiNzc85LOjHM19kMWBLD90s38vKM9O+WssevcbcgPn6Nu0X1sWuMECRMSWvx4kMo - trTdIPKnKtlKU2eaMHaDEAv2D3Whcjm8QeSJqZiyjkdNHFBbT6Z1bDvKQs3CBthTKHj5Sz+FgpfQ - +BQKekNBF2gAOQ12e5rTAAvovjauuKPGsB37WFBVHAW5/4iUvl6V39er8tteVZfQIjaZbZNCZQb6 - 2EK4th8jzOPfaLpV1X9rCBpZrUwshKrqu9LNkqYpCdMyGu+aoY26z15ff7YZNnLfDFL+41qW9YYE - P9irbnMU1aIy+6ZuK7VCaOft+8PJwcFsO0Fru9/vfwEAAP//AwBrzNRC0xoAAA== - headers: - ATL-TraceId: - - 2d94c56943595693 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LTU1s0GjDqdDsVOQ0spxQ55IBlmkY6lDdKuurvypUn+e8+u + JAtMnAY6zTAD2su5ft85e3jvwKqkPHEiRwJPQELygkGeqB6nBaieijMoaE+UIKlmgqseJEwXoGkv + zihPIRdpbwFS4Rkkl1BKUMB1czeulBbF3Ci8CXw/8F0Jf1Wg9GxdwoWksWYxOD2HGftBcHg4wIWC + fI7LTOtSRZ6XwBxinYh3wqU6p0oxyl0O2kNL2qMl80KPKVWB1yq4gzXKn88m01k/GA72ccu6oJzo + vaPQt0rFVEMq5LqOIcEVSoR+GPb9UT84mvl+FIyi4b47Ogq+90PfN04aIxodt2qe6aSR9zAVfrgJ + u1kkoGLJSpM43D0mqqB53iMJU5rxWJOSQQxEzMlSyDvXSMeCv5L5E72oODNw0fyGLqim0lswWHrW + rc7B5ijwB8HoJ8X+hh8LhL0q0KqhBZqcUXVnsKputfmK5jRX0HNqwVOMy8r2nIwhcWScrc9gAeir + /7HnaIbMKpElTsQrjNHZosnA33UQtAelFO8w1Gci0UhbHCyyLQ5mcY89XbivONMaFShnY9tQ+Dd7 + V4m5XlJpiKxYUeYMHU62UoJAWfoNR6vh6InufgayNpINYEP/EN0Ih6tw+P9aqWlhSYoGg4NVcPA1 + DK5ai4NwNQi/hsWG+R8/PqZj2NJxzlZXdQ9EkK/fIuhpKiHFtvKI6+iOyKu6yj9J8vBw18Fo18HR + Y+V1S6t3TcOw3duJ+gEuqcamXjfDp9dO3Wq75urV6qSpDPt5IioTbWAa5muzwXjqRFpWgBlEpfoK + k27qo3bO6jP6JYvrrLx/tGd8RWGViSpPxkyVOV039WVQkYDBmhL+VAPf9w/aBr6dtl1tJty0me2D + DeDbB4OuMTEhmV4/M7utuGefhy9v8KygKSjPSKhWCcONjKWZqxZp18le4k7b8kLHQnILpjcZ2m6/ + 1wc74g12cTQYmcAzqiYli88Yv3thTsZQmtmCxy1qFsulPdvscMEnOFrQ2xwugaqaCbL5ci7OXv1y + en5zdnoyOZ9ObiaXl39cYhhYXAojxwuzDMgFNmGuibFLmCKC52uCBc1yo5RoQX5lkpILCQVWNKkU + stb9VGEHWFCO/4H5/ii7jZz6xUKQMMtdVT0occx3yjjNty81k1GTXsvrHL1ruwQCmHLY3K5KU7Zf + wOR6iHkmx2rhzeP3cO54Gu06Wv1M4zscBVtmtcprWyfNtPWfHG5Htro00EjYvtUclqa6RS7kee3N + bV5BP5XYJbqBRZCxqMEWRYnDKtcNCp/D72Fy3vDuZ2/GdA57Ebm2pDouGZmhNAk/mNAwslzENM+E + 0tHIH/nenPEEO6EXDg/eWvmxjRydeieI4US0R/5VknyLv76z4lOcp0ynQDFT0o1T4wrIGP3H3SmU + 2iXBYY8YMm3cPnk9wcNr/NMf+L511uAQL8EtmJbgCpl6SENqoGE49hj6enjVzXSRW9drPVe1nqtJ + P8SC6eO8FwYbdXyRuBwnVzcVC29R5Ry1aSxE7+H9jTpUeCFFUuELPOEpVnSB+HgmocbIFOLKxEpe + imVfix0ZLhsF4VvikesAsfizolKDJJ3KHaLQ2Qys9PnF7+S4wnZEpjHlO6TMQOgdDe8Fcf9n7wrD + xuHXtJ6TlnLIF44s1oxqIUmf+O6+O7gnMxWVxCn/BbPUwn/NsAzUN6n+gcYx4mk/OwX3BMcdUfei + N3yDg0AGN9lzmfBosmAKyQ6m/g/f8OP5HP4BAAD//+xZbWvbMBD+K6LQ0ULt2k6cpBmhC2yDwjpC + YfvQT1EsJzHzG37LoMt/73OS7CQe7rYySj4EQrAj6XS60z333MUD5LAaqKjAmO92mDNAKiMH6pMA + RIF6ZcizWjusYsD2gIe0FphaoaZjvCiACPkV26wDb82QyVcreKKEGVjKsVe8YpyBGXlYCJj2Mr4k + PeZTeVDjC+qyEj6Zs7XPUZayiiOmTXVatmfaezg99PfNejhe87IxexcW7yew+MC0MGUmaYuoxzG8 + qoftQwmYucZy/Fg7bPxnxzCKM/qiKMMrHSuHlLRchIGnnXaP6FrJUpl89k2iP1lYO0Mpw3BRQgxk + +vBYdxelKJ1pzdeEBfKF4fZXgfDF7k5g4gMwBikRW//LpdBL04SCh+LvgosoiC/ZxeWvCEFcJGPc + +d8Jld1FqOx+PUBYW6Du/yFJIZG69lS3Q4bVOdBFUqyGpNSH7ZrYRaythlgfJPt2kpB3fU3ooRJK + XkYRp2x31koNZDIiq0n2ykxIlOUWN44o9p2YuEve7wl7Mepb7gL6Doc3tuMMKPE2k7DDC9N88udU + CLrNmLnTwdAF0Ydkw/OUkgIJfbGUlVb2TaRdOc1Enq3LKdd27L5vW37PETcDr+e5Q9sbuUJYfLC0 + /dGtmEgp573pufMZH7XOiHiscdkw1E+5WebGBhYxHJMA31QBRSYzUs5zshjWy8QFXonHjzNjYKYx + 6d8ui49f43Zdffwat+vyY9cYECRURam54z4vm+k2E8VTEVS+qmMVjD0ioWP6pzJLUv/6EQDjUWGl + A4+6QxhtIpn20c0yTTszDbAnKHh7p5+g4C00PkFBJxQ0fAIqrlTEPVFjWT9bkJsUXPfL26ykqz1l + dbWnrKY91R5oiJkfV0GWxIrE6Nq31H+MqNe/0jSJlISn+lGD3SsAbu8/neta7tVZxH8++HkZkuC9 + vWWnISumhdKjSor/1+BUwhqh2GvN8++JbNTUPUhqsVL7g7ZsFDnU1jlQVy+Q5tlut88AAAD//wMA + +ELWGYcbAAA= + headers: + Atl-Traceid: + - b82240573fa75fda + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:32:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 797dc596-db43-4af2-abd3-5124d9505c63 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '235' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4c2d8249-fe07-4849-8342-2dc2d44707f3 - x-envoy-upstream-service-time: - - '153' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3801,174 +3172,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG32Wuttlp022W3EQPKrIK7Z5EJEmnWEmT0qbCsuy7m+DC6m345/vm - Z06g1UKH2YKEzxCmRW42HfVkQue/PFPBqmUZlGOOAmTwTfMyeBfhArFgyDBv9revzcNLe93u11HH - CeRbgjLM8D2DjibrjyO50B4nigfurF+7KOl1sN2vAjIJW3EJ71VIYIllkWOVl6ItKomF5BVDxBss - EaO/0Bx722H8x+7aopScR5xxcWXN+Oh6H0FR7kS97bUynLiiGk1fi1p3WgnsDaKqKiE08T8FwaaG - p2FWkN7p1WrDszcqxSewlwnIfRwaOJ9/AAAA//8DAOtrTSRaAQAA - headers: - ATL-TraceId: - - d28829bd07058d5d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUdBGVJTwqvxh+/HBGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hsdhlrC+Y+Ri45Pv5RqfwF4m0O5tv4Pz+QsAAP//AwDuE07bWgEAAA== + headers: + Atl-Traceid: + - 72913c2db47aeefe + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d939cdeb-2da1-4c13-990c-1358f1518a24 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 61561f5bb296068b - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e1884b99-6aca-46ea-99e2-ff2f8bf1dd77 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '109' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2d7fd94c-ba74-4ae9-80cc-67e5ed1eb442 - x-envoy-upstream-service-time: - - '64' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3978,112 +3242,119 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 11690d429a2f8a60 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - bb7df0ec224bd60d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 585768ef-10b6-4708-a421-bd7498d98e92 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 520c27fc-332d-4286-ad91-9289fa3af161 - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/220] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + |\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080] | Active, Verified |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] + Api Test 3|http://localhost:8080] | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2821]\n*Defect - Dojo link:* http://localhost:8080/finding/2821 (2821)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/244]\n*Defect + Dojo link:* http://localhost:8080/finding/244 (244)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -4093,40 +3364,41 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/2824]\n*Defect - Dojo link:* http://localhost:8080/finding/2824 (2824)\n*Severity:* High\n*CWE:* - [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: pg - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/247]\n*Defect + Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2819]\n*Defect Dojo link:* http://localhost:8080/finding/2819 - (2819)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + < 7.1.2)|http://localhost:8080/finding/242]\n*Defect Dojo link:* http://localhost:8080/finding/242 + (242)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -4136,13 +3408,13 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -4155,53 +3427,59 @@ interactions: Connection: - keep-alive Content-Length: - - '8334' + - '8321' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11080","key":"NTEST-891","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11080"}' + string: '{"id":"11774","key":"NTEST-1436","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11774"}' headers: - ATL-TraceId: - - 054295b63f1020fd - Connection: - - keep-alive + Atl-Traceid: + - 4b6993fb7137732b + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cdd61ca3-6c10-4168-ae4e-1b888179605a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '705' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 80246a95-0ce7-4d0c-b0e6-0f146a2b20d4 - x-envoy-upstream-service-time: - - '505' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4211,113 +3489,120 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-891 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1436 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iQnCH6XA0ben1OC6k7QfKMIqtOCq25JHkJFzhv9+u - bMcUGobSMIOllfb92dV+c9i6pCJ1YkcxkTLF0jec5anuCVow3dPJghW0J0umqOFS6B5LuSmYob1k - QUXGcpn1lkxpOGPphJWKaSZMfdfpORwlB4E/8mGjWT6H7cKYUseel7I5S0wqv0qXmpxqzalwBTMe - yDAeLbkXelzrinmtgCt2Dfwn0/HZtD/aD4Ayt8Y68TdHg9JKJ9SwTKrr2rgUdsAQ+mHQ96N+OJoG - YTwYxH7oDvzhH37oo1Srw1yXzIp5po3I7wW+74cbr5tNynSieIkRAeoh0QXN8x5JuTZcJIaUnCWM - yDlZSXXlIncixUeVP8UKzZJKMW/J2YouqaHqleb/sYMCklQVOzXpOD0I/EEwarZTMPSgc7nnYKJB - 15TqK8xRNTO4iuc016zntDKc2Aq57TmGAzBKSLITiwo8cUolv4J5z4xew21jZ7PRxu5ewjtLPwpu - DAhAfDXc6NRf9q6Wc7OiCh3TvChzDghJ73kDwbWQiUbraPQUc5swN8qaSJccAwu/u3GO/D3QHEbr - MHq2YJtCi5Id3Xwf0RUM18Hw13StW2XN4hFtg3A9CH9NWwNO3S62aru9xfpef6q7C2Ts/AIymGWK - ZVDXD2AImJJ5VZdZTUkqbWRhW8QlaAj3th2MHsqoW0dNxcK07c+J+0HPATfNJ6g4xFV9wZYTYlrx - pDbg2wMaIg4c0gtZ5elrrsucXje4BPKKGui0dSP7+Rqqu+SmL3q1NIUFYpdHssI4BWjpZyRwkTmx - URWqThQDX7HqHvbJwN2PRm2fvB81f1s4g20H4baDQddLuFTcXD8zEC27Z7vw0/soL2jGtIccuhXC - gbDg2cLVy6xrPu+A0nap0LlFNMwYthME5z23sC5/6G+wDYnBCB1fUD0uefKBiyv7GL9mJb7NImkB - Y2G0smcbipBiDE8zneVswqiuQaialXP64ePb45PLD8dH45Oz8eV4MvlnAm5ACWnwHC5MF4ycQt8U - hqBewjWRIr8mUJM8R6HESPKeK0pOFSugbkmlAWGurdL7XuyDQP+G+340G8TOvaKF2GZc0ByyBmHv - qgzP7tOayaIJr4V5Dta1vQASmAm2uV2VWLVPQHI9KzwTYzXz5r36/nn/Odh1sPqTJlcwSrXIaoXX - uo6aoeaXDG4no7o0QEnYPq+CrbC6ZS7VSW3NLK9YP1PQoLrxQJLXsk62LEoY9oRpsvBYTr8Pzhdx - 9++QZEpWJU4+b7hIoSVpAsgnM8YEKSu9YKnF3PHkEL8zRrhYogIEUkpgaCXwOrA0RmGL0CVvUdwX - 8cJ+X8TkfCOWi5iUWbzrBq5/g6GDyOUyoflCahOPYLj05vXdS2uTF4b+BXCR8zN8xqChkHdy1Tfy - x8wXxCPngTbk34oqwxQZiwyqqoAYPcJwcvo3OaygZMlZQsWWi3Wobm7IGYNaQENgffRpbD+f60+b - D9w0jyUup9xA1SKrzT+sQBDB/kVuyDnI6IdQqf1g6I9Cqx3xlCyZW3CjmCtV5iUZ78+4QCrCwIX9 - K1wcfM99gQL3o07I6q4QqEmKOOUwtmEte/uRuzBFjlxlBv9sWlBECL8JK6Rh4FTKyHgN0Uce0ie/ - nWY9spOblyR0g8ANCdnJzMsDMnB9YLYHA3foRqQ9iLqDyN1191r6bkffdUFWSx92dFzudnS0rqEH - 7rCjhx09vHt/0NEH7qCjRx096hzY6/Ti8g59oxeX4e9bEAKBO4QBY8l6mHw77pItmfYHYfAw0/8D - AAD//+xZ33PTOBD+V3amM0ySSx2aFHoXpg+90gdmgLmhBR7IzVjYqqPDsV1ZDjAc/zvfSrJqNwmU - 0kfaTn5otdLq29Xut+5tPc3a1tOzh+4S3cLVmNr3NYAFJFjElpKTStEFrjTNfvFwR78Uxl77vsL4 - dwjfTwgjlf+tRZEsJxcim4/oJbKcG21Unj572h1CEoSruH4sO8Pt7/IgCjXGfp9Fv7PNXVzVlsnJ - 9E8kA+D+1PIPUIP/SmJmBvB/rEgDfh1Cva1qUOMbzY58e4Yv7/C2//NXkfXfOP37LG/XgfSmyQup - LR0OZZepBULGXv/rmUAmUJ8RKEprQYFQs70xTh2pciLStapBn9BsPJpOwYouGVBcgJb6Mj+Kqywm - 0EojwEkEaRe1CUetDFG79rapnGmCWQpDZYKNavq4BKMyIPhekfF7L2pJpaYrNKmfCY10wveuxuqJ - FpdsAAhhsyrIIkN8JLQIWhJ6BDIfy1YloToBemiZmGZhK5UsCTcR/UOuPkh0EJfYRcDsqspVYh8M - ejrXGpxL4IMbyi1Id5Y7GmxqilpcIjlwx7FfNzwF9tVXud/OI1PTSkBZlSA7HePraFFMN1eHUgGk - azYG5qFB1uhisG5AhxlmsEF4pLQ0jS4QyfhUN7lhdDs2YN5WIyIGcG8PzVMJf+LvtCwSWZlFEcfx - ouC+09AXOsXJQOS+0jGWv2qUloMHe7O/nlSZfRu2MxM375jA3b3SgIX2U+SPxiOtAoN1TPH52fOz - 0ws6oJNzenDVlObJAj927cnIDYxpukU6miwWBf3Bx6zLXEboVQaVLhP0j5Es1sN/2RZQfmgUk4lT - ju32ziQL3gBWjGkgtR4zekM65uRDX7CyPxHWStnsr0MPDHVu3IsybRAruG798fYB0byXsUF8d+Rs - SHZl7aC0kbeDZCNzdyQ3cndHciN7dyQ38ndHciODB8lGDu9I+lkcOP1jHwWlLUhzP9OD5FHBeh24 - GCOPCW/UhYsx8qB4UQsXYxRA6Uja6tai0hMxSAGVnoRBCqj0JAxSQKUnYZACKh2JAymg0pM4kDrB - BLyWiCQOSZ/T51W2j1BfqVqylo0+rlL8ghqFbycJ3wMEZvMeV99m/xfK9qk++Y9CXzaNPkWf5vTa - Pqng1OPTfOsQ5MocEh11lWa7lJyvtuoc7tJxTtyq82iXjnPvVp3Hu3ScP4IODcDKeAbXpVDbbAiM - nb/HNuE6B3OREXldUuXCNyJmC2HTo12bWod+f1MfDqhPGxtgi2erSiSGffayJGW/EJy/VqlM7YRz - IytbM7TEeNok0k32PPQV+JCWSO31zxR9q1iV/OyAyctApCtVDGkw/H8lVG7KeaAgW5nsrXqpLgM7 - vCt1O7TU7fCH1O0uLeI28nYPHWuL3HfJm21Lr2fegbwdPDzaRd4KmZVGCVPq2Ab2Ne9xcZQ1udBg - Gvy/UxuhqSyUyFkXhGetEtwFY0TyoR57smG0yjKpqcEhEMHYC3xEOEomcnCulsPFnJoqs/9cFFkj - MhnTUooUmmuRN46ULL4BAAD//8JaxyLcjK+utQUGnBmo1YurmgFJG+IpYMHhbgX1OkhLIti9YCaK - E+AFLjC5EFPiYhYNYKcgl2EDkdvBqYTC3E7VPisAAAD//+yawWqDQBCG36WQ4xpnddU9hCRQCr31 - FTauaS8mog15/c64cRO33QhBaCkLHkRndBz1d375RtOP/Zj/V88K8kHhA0nCB3JS+GbwrPP8y7qK - 2R3Zm8Ozgk/2gmcNnjV41uBZf9bwkQe7VXH/MBE869Cv4FmDZ/1VzwqXxIkp9js0BD5oCFLfDnEL - iHy26IN6eolgKic0tqHuDh+IE1sQZ7hUX6BFxEYsi8s7uFnSZpGB+yAiwEAT3amuFREdT8N8P4IU - qHGEZR3bB5kPGjvWaKYI/HrVK7FXaaJhV6Sx2GFheS6B84zOY4PwDHfCKrqrW63JqGHktQbSGUL8 - Nsez6hqaUemgdzlLwwZG760Jw29/vTSrSwEc0griKuFaZmVSihzKQmgdq2wPVbHWq/4oi2S74C+4 - mDxWq8OFuGDMbOqiU8fO2BHGI3rqI6N01DLWKNVRxzC/n8fxrcLV5zeWRc2B6ncBzr9fsYuBTlf8 - BQAA///sm8EOgjAMht9lZxMW38CDV2M8eOC2iFETcWaCMVn27rRraQBdYjigB26DQfsD2Z8CX3+t - eIiS/rti8JuCsM2NiUhU9z1yyww0rif8k010JXlWDkYLh69rZ+/HLAebOSBCyAsP0WWYlZWMeRjC - ZsDKsc3OVjD9Q5+tYArFsxUkrUDKDZB4ohXnseuBxxri2spcYfShHoJiS/mg3idShLZOEdpaCO3h - hNRt8Ep9cfZGNQ7tKmpuwaHNry7BlhTBt0N2wRHO12keytq4C1Wa144+g/RyR9jWVauKdDyhBh9L - CA9xfIolMSHV2Tz2NqLK0gBgXQSAMaPo6Itd9tTyCfHuhBAaAAAA//8DAPBR+x/JNQAA - headers: - ATL-TraceId: - - 000800b898ae4aef - Connection: - - keep-alive + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJHOEhuJ1EjKjzX933cn + WXbzcNFkWGMgIo+89++O99mBZcll4kSOBpmAhuS1gDwxHckLMB0TZ1DwjipBcyuUNB1IhC3A8k6c + cZlCrtLOHLTBM0gmUGowIO36blwZq4oZCbwMfD/wXQ1/V2DsdFXCqeaxFTE4HUeQ/iDY2+vjxkA+ + w21mbWkiz0tgBrFN1CflcptzYwSXrgTroSbr8VJ4oSeMqcBrBVzDCvlPpuOzaTfo94ZIqk0wTvTZ + MWhbZWJuIVV61fiQ4A45Qj8Mu/6oG+xPfT8KRtEgdPeDwc9+6PtkJCmxaHgt5olGEr+HofDDjdvr + TQIm1qKkwCH1gJmC53mHJcJYIWPLSgExMDVjC6WvXeKOlXyn80daUUlB6eL5JZ9zy7U3F7DwarO2 + Bq6PAr8XjH4x4h94WWDaqwK1EixQ5ZSba8pVdWVpFc14bqDjNIxH6FfN23EygcDRcbY6hjmgrf6X + jmMFIqtElDiRrNBH5w5Men57UGr1CT16YsDX3HW46wS24abNVyDZevVOCmtRgHE2ugmpv9d3jZrZ + BdeEVyOKMhdocHLHc8xHjbL+aNkfPdLcb2Sm9WSTl76/h2aE/WXY/3+1NNmvsYgKg+EyGP4IhctW + Yy9c9sIfoXEN8C9f7sMx2IXTsD2YieX7pgdi9s8vEA1pqiHFtnIP62inyqumyh+UGu7tOhjtOti/ + L7xpaQ2VGkbdvZ2oG+CWW2zqTTN8fFE1rXbbXL1GnKaSqZeHqiJvA2qYH4ggZOpEVleAoUWh9j1m + gwqnMa6WR/K1iJuofL5HI1uR2WSqypNXwpQ5X60Lj9KlAZ2l2n6ogff3hm0Dvxu2TZu5e7Ar4eEm + 4XcPetuOJZQWdvXE6LbsXv08fH+DFwVPwXjEYVohAgmZSDPXzNNti3uLlLYXhk6dkiugpkWwvfte + D3f4G+zCaDAixzNuxqWIj4W8fk0nr6Ck2ULGbdbqXC7qsw1FKjnG0YJf5TABbhok6PXKOT1+9+bo + 5PL46HB8cja+HE8mf07QDSwug57jhWkG7BS7s7SM9DJhmJL5imGli5yEMqvYb0JzdqqhwFJnlUHU + ug9VfIAF5fg3wvdH2afIaV4sTBJGeVtVt0oc450KyfO7l9aT0Tq8Na5ztK7tEpjAVMLmdlVS2X4H + kpsh5okYa5g3r+LtueNxsNvC6lceX+Mo2CKrFd7oOlxPW//J4HZka0oDlYTtIy5hQdWtcqVPGmuu + 8gq6qcYusR1YFHulmmSrosRhVdp1Fr6Vv9vB+Si//h2wVKuqpJHstZAJtjnDEPnsCkCysjIZJDXm + jiYH9L0CJuScFBBoEoZDN8N3A5KIhGWhy96QuI/yef19HrHzjVghI1am0cANXP+GQoeRy1XM80wZ + G438ke/NmruXtU1eeIE87PwM4oraCXurFl2rHma9YB47D4xlf1VcW9BsLFOsqQIj9A2Gk9M/2EGF + BcvOYi53XGwCdXPDznD6qw3B9eH7cf350HzabNBm/YjScios1iyx1tnHFQpi1L3YDTtHGd0Q67Qb + DP1RWGsnNMl54kocmN1Uzb15lUvEl8X6927fvyAR+/0NW7wAtxBWg6t06mENcsKlwGGQatfb77uZ + LXLiKlP8V6eBRIT4N4FCWUA3EmDjJcabeFiX/XSadtiz3L5goRsEbsjYs9S+eMl6ro/M9UHPHbp9 + 1h70twd9d+DutfTBlj5wUVZLH27ptBxs6WTdmh64wy093NLDr+7/CwAA///sWVFv0zAQ/isnTUJp + 6FLWFioV7WHaeEAChBjwQpGapd4aSOMsTsbQ4L/zne24ztrA1u2RbdpSn88+f3e++y6LRuvxUTRa + j4/X4+P1ASbrffnRG3f78uOw1xETAO4IVf1K9NndmkRTh2/BsA7u41uer307emauyR2ci6lt7wJK + gIBFdLE4KlL6iEtLowceZ3LPULXzHytU/4fp44Qp0nOTy6ah9jGPUXhSCzpBXsfgqSiqiA4mfeIq + Tu2i0XwvDyJXNfTnUfQ/n+ziqKbwDYbjMepNeKIJBWr9N0lMteCQf+pRgF+9ba79u2MpRBGD4Av+ + 7O9wSbEjbrte4GH1rB1b4amsy0QgvjIRMnHYR9u7SpVgYIsLb+LJmt6EoCFuWwSfstQhSuUgXlyl + ChQJDcXz4RDM55wxxoVo6C1zoHlxMSdQR9iXU0ylieOE41i4OOYziDI+SzMmA9Uyrkgm2EjRjyVY + UwUSbxUZtbNYCZIlXaIb/ElooxO+hwqrJ2V8zgaA9NWrnJjjRfqmoQ0oBaEPoOqHbFQSUonIY7RF + TKWwVZosCcwFPUKWfhfoEs6xSwyziyJLE/3y0lK2xuBMAB/cWW4z/FnmaLCpzlV8jmTBXcW+qnkK + 7FOXmd3OIqNoFUM5laA0nvEqmuXDzdWhlANpxcbAPDTWJToVrOvQYRbpbIgtUqWo6jJHcONJ1VnF + 6Ho2YN5WIyIGcG8PDZKEP/FzLPMEMT/L5/P5LOfesqIbOsbJQNd+0yHx29y0FMGTvevhBKFl/vaa + uYmZeUhg6FYtYKF+iuzheKRRYLgOaX766s2r4490QEen9OSyltXLGb7M4oPQjOASbhOHgxnu5VM+ + qpKZiNCTBIj+BH1iJPKr3le2BtQeKvlgYLTn2gBjlAYwgB19CkRZ9hnBHh3yzaEbrGzPhLUWbPjv + ngWHPrtAobdyUSNeiK+aP968Ipq28jgobkcmh6QrlzuljWzuJBv53JPcyuie5FZO9yS3sronuZXX + nWQjs3uSdm4HTu/1a6RFA9LUzrQgWVSwngcXY2Qx4Y18uBgjC4oVNXAxRg4UT9LUvAaVlohBcqi0 + JAySQ6UlYZAcKi0Jg+RQ8SQGJIdKS2JA8oIJeC0RSRyS+4bmTTcTPTdZU/6F6oRPRwnfAwRmfYbr + b2vA21R3pLYEhK4HG0bX0fWUPul3EpyAbLJvXIKMmUFSRr7SqEvJeGurzrhLx7hxq87zLh3j4K06 + L7p0jEecDgX0jiuQrk6uwukg6BuP93XaNS7mUhNnSlJhAjgiJhJu00nXptqlf9/UBgSq1MYG1nev + V0WcVOy3d5JS/YEQAlfpQizWZR4TP4AVlQLZXN2nzlvVQvJrAaYpQbxYpXmPgt6vFWhIJaeOemwl + tHdqoTwmNtmRwU2YwU0eyuB26hq3cbid+lbfXxscTlzzP1YV3+s44ZqsH3NxIas0rmTpKd6b0/0B + AAD//9I3NDDH1aZD2JAATumI5hAoLRelppfmJBbBXAdKsimpeZmJOSC9wHZQWSbQB4klJYnJ2cU6 + 0DZISVFmenpqkUJpAVB1QSLQLmAzJRHSUkvMATbFYE27BFBpVVCi65OYl16amJ6aoJCRmpgC1FmW + mFMKaatgr3aRQwV39WsL7OgDy3zcNQ9I2hBPmQseJ7AiHDGIMhiYaIgrhDFLC7BjkIs1qD6KCwAA + AAAA///smk1ugzAQhe9SKUsjj8FAFlEaqarUXa/gYKfdkCBolOt3BmKXnxpUWnVliQXCYxgGeMyD + b/6muE9dLwDBzfbe4P2OZ9nNkqtbo4WCtFD8Vgv/ws2u/eTVv3EnSjhtclzgz5VPCvApX3Czwc0G + Nxvc7MCdDZR94M762u7vKYKbtfUKbja42f90s+CmLjSzU04IfJwQJL4BaQeILfio0f+0EBRBTKNQ + 7kLHA469sefkC/SxONzHi3HHi7Xe7J3+9H+DrY1ZiOZaloogjgfb5g+4BCockViXeiXmQb3GHk0U + 8WMveidPKok1HPOEyyNmnWVbECKl47ggPMJMmKGretCaDBpGfuVAwkIY4OPlppqK2lra6SzA2V4E + E73VXRi+7ksLEUoQkBjgJhZ6mxZxITMocqk1V+kJTL7Xu3Yvm/iwEc+4dPNYqc53zIKxblMTXRt2 + w4owEWGKOuqkjUrGKqUaqhjOb1tvfIhw9emVpVF1pvzHMOhixp8AAAD//+ybsQrCMBCG38VZaPAN + HNzFwaFbsKIObSSmIpS8u3e562EiAelQO2RLm+byh5KfS/vd3xWnNOnyFac06tIVg980hEsyGPV5 + ntwzXI37CX90E6RJnlWbDh/f9dbcz1UN/nNCapA3HjLR0Cs7GedhEpyZKss2W6xg/pderGAOxcUK + slYgWQRIvNCOG7CcgtsK4hqnuRgkzU1y7LXKsddK2Ou0Q9IzOCrfrOkoz6FbTc9VP3T5i9InZLRT + mdsvap6CSVCY6aofRxPoXwHbTUuSh7HJ7jpZQKiQqsa461WrXwf6phItNnC71m0dLRzrB5DtxaXL + /XjwJhrNA4Ja7/0bAAD//wMAj4UC+WQ2AAA= + headers: + Atl-Traceid: + - 533346ce189fe33d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 562cc2fc-95c3-4e01-89d3-eacbc46b78cb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '256' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bd353409-232e-4ccf-940b-45888c3b8505 - x-envoy-upstream-service-time: - - '164' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4327,108 +3612,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11080 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11774 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPcNhD+Kxp/yLTpnd/OwOEMk6HkmtCmlAJJPhCG0dmLT8GWPJIMR0P+e3dl - G/OSYwg5ZrC00r4/u9qvHixrLnMv9TTIHDTkfwgoczOSvAIzMtkCKj5SNWhuhZJmBLmwFVg+yhZc - FlCqYnQB2uAZ5AdQazAgbXvXG3mCJEdROA1xY6A8w+3C2tqkQZDDGWQ2V1+Uz23JjRFc+hJsgDJs - wGsRxIEwpoGgF3AOV8i/dzQ7PBpPNyOknDljvfSrZ1BpYzJuoVD6qjUuxx0yxGEcjcNkHE+Pojid - TNIw9ifh+m9hHJJUp8Ne1eDEPNNG4g+iMAzjG6+7TQ4m06KmiCB1m5mKl+WI5cJYITPLagEZMHXG - LpU+94k7U/KDLp9ihYGs0RBcCLjkF9xy/dqI/2CrwiQ11YuWtJtvReEkmnbbIzR0a3B55FGiUdcR - N+eUo2ZuaZWe8dLAyOtleKkT8m3kWYHAqDHJXiob9MSrtfqC5j0zeh23i53LRh+7ewkfLP0ghbUo - gPDVcZNTf7m7Rp3ZS67JMSOquhSIkPyeNxhcB5lkukymTzG3C3OnrIt0LSiw+Lsd5yTcQM1xsoyT - Zwt2KXQoeWG67yO6ovVltP5zupa9sm7xiLZJvJzEP6etA6fpFyu1fftG9b382HYXzNjxCWawKDQU - WNcPYIiYUmXTlllLyRpjVeVaxClqiDdWHUwfymhbR0ulwnTtz0vHUdcvCMFaZK26rw9ohC803yxU - U+ZvhKlLftWhEMkYKPsRa5aQ2angFjtt28h+vIbaLnnTF4NWmqYCccsd1VCcnO2fiCBk4aVWN2RM - pgF9pap72CcjfzOZ9n3yftTCVeGMVh3Eqw4mQy8RSgt79cxA9OyB68JP76Oi4gWYgDhML0QgYSGK - hW8uiqH5vENK36Viz+VyDtROCJz33KK6/K6/0SokRlNyfMHNrBbZeyHP3WP8Bmp6m2XWQ8gB69Kd - 3VCkkjN8mvm8hAPgpoWl7lbe/vsPb3f3Tt/v7sz2Dmens4ODfw7QDSwhg57jhaMFsH3sm9Iy0suE - YUqWVwxrUpQklFnF/hSas30NFdYtawwizHdVet+LTRQYXoswTOaT1GufDEwSRnkoqjuFjPEuhOTl - /UvdZNGF18G8ROv6XoAJLCTc3G5qqtonILmdFZ6JsZb55r26+7z/GOwGWP3Os3McpXpk9cJbXTvd - UPNTBveTUVsaqCTun1cJl1TdqlR6r7VmXjYwLjS2rGE8UOyNapOtqhqHPWm7LDyWv7vB+Sxv/22z - QqumpsnnDyFzbEmGIfLZHECyujELyB3mdg+26TsHJuQFKSDQ5AyHVoavA+QpCVvEPntL4j7Ll+77 - MmXHN2KFTFldpGt+5IfXFDqMXKkyXi6UsekUh8vgrL176mwK4jg8QS52fEjPGDYU9k5djq36PvMJ - C9hxZCz7t+HagmYzWWBVVRijRxj29v9m2w2WLDvMuFxxsQ3V9TU7BKwFMgTXOx9n7vOp/fT5oE33 - WNLySFisWmJ1+ccVCmLUv9g1O0YZ4xgrdRyth9PYaSc8ZRfgV8Jq8JUugqwQ47mQRCUY+Lh/TYut - u9wnJHAzGYRc3haCNckJpwLHNqrlYDPxF7Yqiasu8J9LC4mI8XcAlbKATuXAZkuMPvGwMftlvxix - F6V9xWI/ivyYsReFfbXFJn6IzO5g4q/7CesPkuEg8df8jZ6+NtDXfJTV09cHOi3XBjpZ19Ejf32g - xwM9vn1/MtAn/mSgJwM9GRzYGPTS8hb9Ri8t419XIAQDt40jxwWMKPlu3GUrMh1O4uhhpv8HAAD/ - /+xZ33PTOBD+V3amM0ySSx2aFHoXpg+90gdmgLmhBR7IzVjYqqPDsV1ZDjAc/zvfSrJqNwmU0kfa - Tn5otdLq29Xut+5tPc3a1tOzh+4S3cLVmNr3NYAFJFjElpKTStEFrjTNfvFwR78Uxl77vsL4dwjf - Twgjlf+tRZEsJxcim4/oJbKcG21Unj572h1CEoSruH4sO8Pt7/IgCjXGfp9Fv7PNXVzVlsnJ9E8k - A+D+1PIPUIP/SmJmBvB/rEgDfh1Cva1qUOMbzY58e4Yv7/C2//NXkfXfOP37LG/XgfSmyQupLR0O - ZZepBULGXv/rmUAmUJ8RKEprQYFQs70xTh2pciLStapBn9BsPJpOwYouGVBcgJb6Mj+Kqywm0Eoj - wEkEaRe1CUetDFG79rapnGmCWQpDZYKNavq4BKMyIPhekfF7L2pJpaYrtK2fCY10wveuxuqJFpds - AAhhsyrIIkN8JLQIWhJ6BDIfy1YloToBemiZmGZhK5UsCTcR/UOuPkh0EJfYRcDsqspVYh8MejrX - GpxL4IMbyi1Id5Y7GmxqilpcIjlwx7FfNzwF9tVXud/OI1PTSkBZlSA7HePraFFMN1eHUgGkazYG - 5qFB1uhisG5AhxlmsEF4pLQ0jS4QyfhUN7lhdDs2YN5WIyIGcG8PzVMJf+LvtCwSWZlFEcfxouC+ - 09AXOsXJQOS+0jGWv2qUloMHe7O/nlSZfRu2MxM375jA3b3SgIX2U+SPxiOtAoN1TPH52fOz0ws6 - oJNzenDVlObJAj927cnIDYxpukU6miwWBf3Bx6zLXEboVQaVLhP0j5Es1sN/2RZQfmgUk4lTju32 - ziQL3gBWjGkgtR4zekM65uRDX7CyPxHWStnsr0MPDHVu3IsybRAruG798fYB0byXsUF8d+RsSHZl - 7aC0kbeDZCNzdyQ3cndHciN7dyQ38ndHciODB8lGDu9I+lkcOP1jHwWlLUhzP9OD5FHBeh24GCOP - CW/UhYsx8qB4UQsXYxRA6Uja6tai0hMxSAGVnoRBCqj0JAxSQKUnYZACKh2JAymg0pM4kDrBBLyW - iCQOSZ/T51W2j1BfqVqylo0+rlL8ghqFbycJ3wMEZvMeV99m/xfK9qk++Y9CXzaNPkWf5vTaPqng - 1OPTfOsQ5MocEh11lWa7lJyvtuoc7tJxTtyq82iXjnPvVp3Hu3ScP4IODcDKeAbXpVDbbAiMnb/H - NuE6B3OREXldUuXCNyJmC2HTo12bWod+f1MfDqhPGxtgi2erSiSGffayJGW/EJy/VqlM7YRzIytb - M7TEeNok0k32PPQV+JCWSO31zxR9q1iV/OyAyctApCtVDGkw/H8lVG7KeaAgW5nsrXqpLgM7vCt1 - O7TU7fCH1O0uLeI28nYPHWuL3HfJm21Lr2fegbwdPDzaRd4KmZVGCVPq2Ab2Ne9xcZQ1udBgGvy/ - UxuhqSyUyFkXhGetEtwFY0TyoR57smG0yjKpqcEhEMHYC3xEOEomcnCulsPFnJoqs/9cFFkjMhnT - UooUmmuRN46ULL4BAAD//8JaxyLcjK+utQUGnBmo1YurmgFJG+IpYMHhbgX1OkhLIti9YCaKE+AF - LjC5EFPiYhYNYKcgl2EDkdvBqYTC3E7VPisAAAD//+yaUWuDMBDHv8ugj7G5aNQ8lLYwBnvbV0iN - 3V5sRVf69XdnajpdU6EIGyPgg5iLnqf+vb/+Bt2Pe5n/V88K6kHhA0XCB2pS+GbwrPN8y7qK2R3Z - m8Ozgk/2gmcNnjV41uBZb2v4wIN9V3F/MxE8a1+v4FmDZ/1VzwqXiRNd7E9oCHzQECS+AdkPEGjw - 2aAP6uglwqtGodyFjgcciNOfkS/QB+Zwh4gNuJUx79D5tA/68X8TCOLK5XGqKk1Ex1Pf3w8gBSoc - YVnH5kHmg9qONZopAr9ezUrudRIb2OUJlztMJMsUCJHScVwQHuFOWElXdWsMGTWMvOZAOkOI3+Z4 - 1m1NPSrt9C5nadnA6L2xYfjur5Z2dSlBQFICL2NhVFrEhcygyKUxXKd7KPO1WXV7WcTbhXjBxc5j - lT5ciAvG7KY2OrXsjBVhIqK7PrJKRyVjtdYtVQznd/04PlW4+vzG0qg+UP5jgPPvZzzGQKcz/gIA - AP//GmgXoy8lHewuBpY3KZCFnH6J4CVRyP3IAOgaaFB+As1kQ1ZXQsqsKGBBC1TuWlqUX5CqHwUs - f5JBSwihGQ+0dBkoC8/JIHugi7ChC6yKoMXsaFFA/0gfLQro4eLRogBnUQBvbgCdmA7JcdWgXQ9Q - tgHQ3PySxBwgC0t7CNjYUqquVcKUwLVC2wDXCm0D+AptdAl4uw3Ypc4sys+DNH4gQiml0C04EC4x - XigDtn3JXZmLvgweYhbcTKBFGYnFYfngJcKwpfjApAVxcTWMCS11ybYfvFlJH2aujlJuYkUQZNgF - xa/gxb1FJY4lEH+D9hiAFgCDfA4XR9VshKIbqgHs2traWgAAAAD//wMAiw/vb8k1AAA= - headers: - ATL-TraceId: - - 70e60964178353de - Connection: - - keep-alive + H4sIAAAAAAAAA7xW61PbRhD/V270IdNJbb38wCiT6VDiJLSUUuMkHwjDHNJauiDdqXcnYxr437ur + h50YyAQ6DZ5Bp93b929X+9mBVcll4kSOBpmAhuS1gDwxPckLMD0TZ1DwnipBcyuUND1IhC3A8l6c + cZlCrtLeErRBHiQzKDUYkLa9G1fGqmJBCs8D3w98V8PfFRg7vy7hWPPYihicniPIfhDs7AzxxUC+ + wNfM2tJEnpfAAmKbqE/K5TbnxgguXQnWQ0vW46XwQk8YU4HXKbiEa5Q/mk9P5v1gOBgjqXbBONFn + x6BvlYm5hVTp6yaGBN9QIvTDsO9P+sHu3PejYBKNQnc3GP3sh75PTpIRi47Xap7oJMl7mAo/XIfd + viRgYi1KShxS95gpeJ73WCKMFTK2rBQQA1MLdqX0pUvSsZLvdP5ILyopqFw8P+dLbrn2lgKuvNqt + jYMtK/AHweQXI/6BlwWWvSrQKsECTc65uaRaVReWTtGC5wZ6TiN4gHHVsj0nEwgcHWfXh7AE9NW/ + 7TlWILJKRIkTyQpjdLZgMvAfYgQdo9TqE4b6xEq00nUd6sp2daCXL9CzCfedFNaiAuOsbROEf6/v + GrWwV1wTkI0oylygw8lWSrBQNfyGk9Vw8kh3v1GyLpJ1wYb+DroRDlfh8P+10sCiBikaDMarYPwj + DK46i4NwNQh/hMUW+be3d+EYdnBciNX7ZgZikU/PsOhpqiHFsXIH6+iOyqumy+8FebjzEGPyEGP3 + rvJmpDVUGhj19HaiftBzMDn2PQZOGG0vcItjvhmPj++mZvhuxq3XqNPUK/VxX1UUf0Aj9AMRhEyd + yOoKbtupStq0iJusfL5DI8/wqslUlSevhClzft32F1VFAwZLLXzfAB/ujLsBvp22h8ZMuB4z24x1 + wbcZg81gEkoLe/3EXHbiXv15+P4BLwqegvFIwnRKBBIykWauWaabSfYWKd3IC51bgsMF0Gwi2G5/ + r8cPxBs8hNFgQoFn3ExLER8KefmaOK+gpN1Cxl3V6lpe1bw1RSo5xdWCX+QwA24aJOj25Bwfvntz + cHR+eLA/PTqZnk9nsz9nGAY2l8HI8cI8A3aMQ1haRnaZMEzJ/JphQ4uclDKr2G9Cc3asocCOZpVB + jLr3NXaADeX4N8L3J9mnyNlqZ8xtKiTPsWqY9k2bEW+b1m5GbXprXOfoXTclsICphPXtqqS2/Q4k + N0vMEzHWCK8/fl/vHY+D3QZWv/L4ElfBDlmd8sbWfrtt/SeHu5WtaQ00EnbfaglX1N0qV/qo8eYi + r6CfapwSm4VFsVeqKbYqSlxWpW2r8K2afp2cj/LL3x5LtapKWsleC5ngUDMMkc8uACQrK5NBUmPu + YLZHzwtgQi7JAAEpYbh0M/xuQBKRsix02RtS91E+r5/PI3a6VitkxMo0GrmB699Q6jBzuYp5nilj + o4k/8b1Fc/e89skLz1CGnZ5AXNE4YW/VVd+q+0XPmMdOA2PZXxXXFjSbyhR7qsAMfUPg6PgPtldh + w7KTmMsHLjaJurlhJ7j91Y7gef/9tH58aB5dNeil/YjScS4s9iyJ1tXHEypiNL3YDTtFHf0Q+7Qf + jP1JWFsnNMll4kpcmN1ULb1llUvEl8X+976+f0YqdodrsfgK3EJYDa7SqYc9yAmXAnc+6l1vd+hm + tshJqkzxX10GUhHi3wwKZQHDSIBNV5hvkmF99tNx2mPPcvuChW4QuCFjz1L74iUbuD4K14yBO3aH + rGMMN4yhO3J3OvpoQx+5qKujjzd0Oo42dPKupQfueEMPN/Twi/v/AgAA///sWVFv0zAQ/isnTUJp + 6FLWFioV7WHaeEAChBjwQpGapd4aSOMsTsbQ4L/zne24ztrA1u2RbdpSn88+f3e++y6LRuvxUTRa + j4/X4+P1ASbrffnRG3f78uOw1xETAO4IVf1K9NndmitTh2/BsA7u41uer307emauyR2ci6lt7wJK + gIBFdLE4KlL6iEtLowceZ3LPULXzHytU/4fp44Qp0nOTy6ah9jGPUXhSCzpBXsfgqSiqiA4mfeIq + Tu2i0XwvDyJXNfTnUfQ/n+ziqKbwDYbjMepNeKIJBWr9N0lMteCQf+pRgF+9ba79u2MpRBGD4Av+ + 7O9wSbEjbrte4GH1rB1b4amsy0QgvjIRMnHYR3e7SpVgYIsLb+LJmt6EoCFuWwSfstQhSuUgXlyl + ChQJDcXz4RDM55wxxoVo6C1zoHlxMSdQR9iXU0ylieOE41i4OOYziDI+SzMmA9Uyrkgm2EjRjyVY + UwUSbxUZtbNYCZIlXaIb/ElooxO+hwqrJ2V8zgaA9NWrnJjjRfqmoQ0oBaEPoOqHbFQSUonIY7RF + TKWwVZosCcwFPUKWfhfoEs6xSwyziyJLE/3y0lK2xuBMAB/cWW4z/FnmaLCpzlV8jmTBXcW+qnkK + 7FOXmd3OIqNoFUM5laA0nvEqmuXDzdWhlANpxcbAPLTRJToVrOvQYRbpbIgtUqWo6jJHcONJ1VnF + 6Ho2YN5WIyIGcG8PDZKEP/FzLPMEMT/L5/P5LOfesqIbOsbJQNd+0yHx29y0FMGTvevhBKFl/vaa + uYmZeUhg6FYtYKF+iuzheKRRYLgOaX766s2r4490QEen9OSyltXLGb7M4oPQjOASbhOHgxnu5VM+ + qpKZiNCTBIj+BH1iJPKr3le2BtQeKvlgYLTn2gBjlAYwgB19CkRZ9hnBHh3yzaEbrGzPhLUWbPjv + ngWHPrtAobdyUSNeiK+aP968Ipq28jgobkcmh6QrlzuljWzuJBv53JPcyuie5FZO9yS3sronuZXX + nWQjs3uSdm4HTu/1S6NFA9LUzrQgWVSwngcXY2Qx4Y18uBgjC4oVNXAxRg4UT9LUvAaVlohBcqi0 + JAySQ6UlYZAcKi0Jg+RQ8SQGJIdKS2JA8oIJeC0RSRyS+4bmTTcTPTdZU/6F6oRPRwnfAwRmfYbr + b2vA21R3pLYEhK4HG0bX0fWUPul3EpyAbLJvXIKMmUFSRr7SqEvJeGurzrhLx7hxq87zLh3j4K06 + L7p0jEecDgX0jiuQrk6uwukg6BuP93XaNS7mUhNnSlJhAjgiJhJu00nXptqlf9/UBgSq1MYG1nev + V0WcVOy3d5JS/YEQAlfpQizWZR4TP4AVlQLZXN2nzlvVQvJrAaYpQbxYpXmPgt6vFWhIJaeOemwl + tHdqoTwmNtmRwU2YwU0eyuB26hq3cbid+lbfXxscTlzzP1YV3+s44ZqsH3NxIas0rmTpKd6b0/0B + AAD//9I3NDDH1aZD2JAATumI5hAoLRelppfmJBbBXAdKsimpeZmJOSC9wHZQWSbQB4klJYnJ2cU6 + 0DZISVFmenpqkUJpAVB1QSLQLmAzJRHSUkvMATbFYE27BFBpVVCi65OYl16amJ6aoJCRmpgC1FmW + mFMKaatgr3aRQwV39WsL7OgDy3zcNQ9I2hBPmQseJ7AiHDGIMhiYaIgrhDFLC7BjkIs1qD6KCwAA + AAAA///smk1ugzAQhe9SKUtbHoOBLKI0UlWpu17BwaTdkCBolOt3xgSXnxpUWnVliQWCsRkGeMyD + b/6muA9dLwDBzfbe4P2OZ9nNkqtbo4WStFD+Vgv/ws2u/eTVv3EnSjhtclzgz5VPSfApX3Czwc0G + Nxvc7MCdDZR94M762u7vKYKb7eoV3Gxws//pZsENXWhmp5wQ+DghiPvox0eNNseSTcQqjUOVZw7h + 3eFjb4Rjb7qT9QX6eDHheDHrzd7pT/832NqYhWiuZakJ4njo2vwBl0CFIxLrUq/EPKjX2KOJIlrs + xezUSceRgWMWC3XErNN0C1ImdBwXhEeYCSvoqh6MIYOGkV85kLAQ7fd4uemmoraWJp3lNG2tC/5W + t2H4ui87VlCBhLgAUUTSbJM8ylUKeaaMETo5QZHtzc7OsokOG/mMSzuOlfp8xywYazc1/NqwG1aE + SY4pGt5KG5WMVVo3VDEcb1tvfIhw9emVJbw6U/5j5nMx408AAAD//+ybsQ6CMBCG38XZhMY3cHA3 + Dg5sjRh0gJpajAnpu3vXuza0polhQIZuhcLdH0j/XOG7vytOodH1K06h07UrBiNqCJdkMGq6nzwy + Q43rCX90E5JJZlarHi8/DFo9rlUNNnNBapAXHqLPMBtWMuZhEpyZKs02W6xg+ZderGAJxcUKslYQ + qgiQ2NKKG7FrgscC4iojuRkkrU1y7LXIsdcisNfpRCjPYKt816qnOodONQN3/dDhT0pVRxFGP2Sz + m2Fwk4alysfdbjr5PtEnjii3w2i12RvS8YLKei77+8XqU7AQFHLd5POsHIXsAXvsH0C2F1MGIbHa + XSSXb3CPx1r7AQAA//8DALeDHM5kNgAA + headers: + Atl-Traceid: + - 3ef0725513a38ac2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:18:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 632ad27e-13c2-474c-8cc2-264adb1cd19b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '220' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bdf5e507-0540-4770-b5ad-4030b5b40259 - x-envoy-upstream-service-time: - - '165' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml new file mode 100644 index 00000000000..40837c8d772 --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml @@ -0,0 +1,891 @@ +interactions: +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CMxN9GDiqzCdk+ySNomWEmT0qTCsux/N8XFj9vwzvPM + y5ygVUHvZwsS3mOcgtxsem10F3v/4YmKVoUwKEecjpDBp57D4F2CKSIlSDDfbW9edvfPze92u4xt + mkC+rlCGGR4y6PVk/XHULjbHSacDt9YvfZLaZbD9twIyCQyrS3in4goyZCxHkVPeoJDIJasIIl4l + EpMf9Jx6m2H8x143iJIKWQlSCPrDduODMz6BdUm5KYwxBReM1VgIxLJSrKadwr7uOC81FvXfgmjX + hsdhVrC+Y9Ri45Pv1BqfwF4m0O5tv4Pz+QsAAP//AwDY1f+HWgEAAA== + headers: + Atl-Traceid: + - 8fb68a7e30ca9180 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:18:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fcea6f39-dc1e-4de2-80b3-01ad2a7c0895 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - e3bf74642be0b812 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:18:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - af548c7d-8546-4f65-9a28-aa2b202bb316 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '184' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without + Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure + Flag|http://localhost:8080/finding/248]\n\n*Defect Dojo link:* http://localhost:8080/finding/248 + (248)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": + "Low"}}}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1303' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"11775","key":"NTEST-1437","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11775"}' + headers: + Atl-Traceid: + - 0caab83aa89ca19f + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:18:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8b6a367d-f487-4ade-abf7-f76dd477a20e + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '606' + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1437 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IssRJgKZFQFNniTVFqiQV22v733fU + i906dbdkWBHAkXi89+ce3XsPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+g1GBA2vYuq4xVxdwZvIvCMAr7Gt5VYOx0XcK5psxyBp7vcec/io6OnuGLATHH + 19za0iRBkMIcmE3VW9WnVlBjOJV9CTZATzagJQ/igBtTQdAZWMAa9c+mk8tpLxoOjvCoDsF4yXvP + YGyVYdRCpvS6ySHFN9SIwzjuhaNedDwNwyQaJc+O+4PR4Q9hHIYuSOfEYuC1mScG6fQDLEUYb9Ju + X1IwTPPSFQ5PnxNTUCF8knJjuWSWlBwYEDUnS6UXfafNlLzS4pFRVJK7dlFxR++ppTq457AM6rC2 + AbaiKBxEo58M/wt+LLDtVYFeHSzQ5ZSahetVNbPuKZlTYcD3GsWXmFet63s5R+Bolq9P4R4w1vCj + 71mOyCoRJV4iK8zR24HJINwniDpBqdVbTPWJnWi16z7Une364F4+Qc823SvJrUUDxtv4dhD+vb5r + 1NwuqXZANrwoBceA052SYKNq+A1Hq+HokeF+pWVdJpuGDUMH93i4iof/r5cGFjVI0WF0uIoOv4XD + VedxEK8G8bfw2CL/48eHcIw7OM756rrhQGzy7RtsepZpyJBWHmAdw1Giaqb8iyCPj/YJRvsExw+N + N5TWnDrCqNnbS3qR72Fx7DUm7jDaXKgH39VJc9ZE9v7BmUMvlsDkqhLpmJtS0HWLcTxeUosfioZg + Hz+PDX1vCTtozGk3bfXjiapcBSMX6o074DLzEqsr55tpwGTdCH+JwMNoQ+C7ZdtHM/GGZnYFm4aX + mivN7fqJCXfqwfBxPM4LmoEJnIbpjHA8EGrZN/fZlq9O1bLjtaH3ELnxoEtE0Bk4ZnKg3f1aH+4p + Q7QPodHI1SOnZlJydsrl4oWTjKF0m4VkHV5qFC1r2eZEKjnBxYLOBFwANQ0GdfvknZ9e/fLy7O70 + 5cnk7HJyN7m4+OMC88PRMlgQvDDNgZwjBUtLnF/CDVFSrAmOMxfOKLGK/MY1JecaCpxnUhnEV/9L + Yx3hOHnhBx6Go1wn3s4wY8kzLqnAZmI3tkPmZLtn7V7UlrdGucDoOo7AvmYSNrer0g3tv8Bxs8I8 + EXqN8ubT9/nW8Tg0buH2M2ULXAQ7yHXGG18n7a71nwLuFrag25vi7kstwUGdKaH0WRPNTFTQyzTy + 03ZdUWSsmmarosRVVdq2C1/r6efFeS23fwdTbgUcJOT2FS2jhJwoteBAbrhFfrTkElilgbwQNPvg + csVUhWJU5MrYZBSOwmDOZYokFsTD0Zva4LguBUb5VhEHkuSA/KMm+Q5/vq/VL3G9coyCajj7bZDj + CsgY88HDMbA+iQ594rC1yeLkZoKyW/zXO4yGdaiuLWwJ/YJbDX2lswBRSV2nOO5ADs0BXu3nthB1 + 4I2da2fnSi6kWn5apXOt0gq/qhOZ4ZwWWPVgikV2PusSYcDkV7XsWbWnTGVrIH5DAnIbGUv+rKi2 + oMnW5B5V2PqMau1Xz8/JJaNyz3233gXHzzZJfZLG5dpYKAymkZaKI3QOkvq87pArWEG5NNxCH9GF + 9TL5TFGd7rvxwP54izNn+TlhDZyQSckMQBIDlixbbFmkOtPga4748sky5ywnBVBpUEibG60FTPe1 + nAGhjCFXQkruOSUVwp/pdYlkg/fk3wAAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfykILK5RB + UGynMY0l45e6o8t/73OSojpe3Y0ySj4E8sGJpNNz53t57sJjVeCdBqILvOpb2cQRoOtVzMm/LGbk + CvR40AhISC3QKivhS5Gn8owlcsrADKsFJUAk37uYnxAwCE9KS7EIi61r9otUtDIm0VUFPNti3GoA + RIfG47WDF16QzkZDZYOfnIxAt5GNgEAjLLYQSWBRwUAvIm3o3ND+ErGIWgKTkfbaXeq6dkTNikwG + BYIwfnCyVSYdGpfMIXOu756zErRpUcGl5v3v19OrmX11YaPsylg1l2SCPJmCoc+iNOHHVv/4Nxxl + XYqPcMM/GYvXxVi8YddC0KxPJTruO0mdiMq1trpma3uhiwe4hgfIdyHp0Msbu5ira5jrTo1t52GY + k4UrCmWVs4sqTRkVlN7fsi/ZkOihyN9YfYgmnCN6iIB+i86CJRsOIm8xGbrBAgqMx6ee74+o2JlN + uOGVbTG94GkU4Q5UoN4zBlu3IJ+Mk5HQV5tHFQIOSp3cJrOPbmACz/eGsefGAz86HYWDMBh74SSI + IpeNll48OY/OpJSjwfTI/4qPOmenjOusadvqp8KpCruGRWzfoXTsZNVinYRkMjtjrCCL4bysDuBy + ePw8s0dOxgl/uxHdf8TtTnb/Ebc74X1HjNQTqf5R87Um9ZnpwQ7FEyVr1eWp9HUD3obtX6pcoGO/ + QcYJV8+BR/MYrJpIpnv0eEpTvVxn3EMqeP+XfkgF74H4kAo6U4EhGIB4qyLukUa5+tmFXFEyPaFu + 05SugZBrBkLtBTNgaS8Yphbz+yQXXLEa3W9W+q8I9fVfkN6L8v+N3ZQwIxQ3oQP5IeRQYjvpgwsp + yI/bR51d3wxA/m3zYSv3pJeyh8u4qNYkuKGsHCfk5bRUitNQk0YOpLr5ffewv3NaH5BoN5vNEwAA + AP//AwDNKLQt+RoAAA== + headers: + Atl-Traceid: + - ac421e976fbffd94 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:18:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5fc13615-ef3b-49a0-88b8-8eeb5c364608 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '257' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11775 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IssRJgaZFQFNniTVFqiQV22v733fU + i904dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxdwZvI3CMAr7Gt5XYOx0XcK5psxyBp7vcec/io6OnuGLATHH + 19za0iRBkMIcmE3VO9WnVlBjOJV9CTZATzagJQ/igBtTQdAZWMAa9c+mk8tpLxoOjvCoDsF4yQfP + YGyVYdRCpvS6ySHFN9SIwzjuhaNedDwNwyQaJc+O+4PR4Q9hHIYuSOfEYuC1mScG6fQDLEUYb9Ju + X1IwTPPSFQ5PnxNTUCF8knJjuWSWlBwYEDUnS6UXfafNlLzS4pFRVJK7dlFxS++opTq447AM6rC2 + AbaiKBxEo58M/wt+LLDtVYFeHSzQ5ZSahetVNbPuKZlTYcD3GsWXmFet63s5R+Bolq9P4Q4w1vCT + 71mOyCoRJV4iK8zR24HJIOwEpVbvMKMnFrzVrstdN7Art3v5DCTbrK4ktxYNGG/j2yH19/quUXO7 + pNrh1fCiFBwDTncyx37UKBuOVsPRI8P9Sme6TDZ9GYYO1fFwFQ//Xy9N92ssosPocBUdfguHq87j + IF4N4m/hsQX4p08P4Rjtw2ncCeZ8dd1wIHb/5i2iIcs0ZEgrD7COcSpRNVP+Ravx0T7BaJ/g+KHx + htKaU0cYNXt7SS9qecyVS3PWxPHhwZkDMVbC5KoS6ZibUtB1C3U8xrrba6ypg3/rglr8UDQE+/hB + beh7S9hBY067MawfT1TlKlgH/8odcJl5idWVi4ZpwGTdbH+JwMNoQ+C7ZdvQzK5gX8PjTcN3BYMt + Y3GluV0/sRKdejB8HMHzgmZgAqdhOiMcD4Ra9s1dtmW4U7XsmHDo1a2cgaMsB9rdr/XhnmyjfQiN + Ri7tnJpJydkpl4sXTjKG0m0WknUIqnG1rGWbE6nkBBcLOhNwAdQ0qNTtk3d+evXLy7Pb05cnk7PL + ye3k4uKPC0wDR8tg3nhhmgM5R26Wlji/hBuipFgTnHMunFFiFfmNa0rONRQ46KQyiK/+l+Y9wnHy + wo88DEe5Trzme4UtwhpvZ+regGO1My6p2L3U7kVteWuUC4yu4whsXyZhc7sq3dD+Cxw3K8wTEdYo + b76J97eOx4Fui6qfKVvgItghqzPe+Dppd63/FHC3sAXd3hR3n3AJDtFMCaXPmmhmooJeppGxtuuK + ImPVNFsVJa6q0rZd+Fr/7hfnjdz+HUy5FXCQkJvXtIwScqLUggN5xS0ypiWXwCoN5IWg2UeXK6Yq + FKMiV8Ymo3AUBnMuUySxIB6O3tYGx3UpMMp3ijiQJAfkHzXJd/jzfa1+ieuVIw5UwxFvgxxXQMaY + Dx6OgfVJdOgTh61NFievJii7wX+9w2hYh+rawpbQL7jV0Fc6CxCV1HWK43Lk0Bzg1X5uC1EH3ti5 + dnau5EKq5edVOtcqrfBzO5EZzmmBVQ+mWGTnsy4RBkx+VcueVXvKVLYG4rckIDeRseTPimoLmmxN + 7lGFrc+o1n79/JxcMir33Hd7X3D8bJPUZ2lcro2FwmAaaak4Qucgqc/rDrmCFZRLwy30EV1YL5PP + FNXpvhsP7I+3OHOWnxPWwAmZlMwAJDFgybLFlkWqMw2+5ogvnyxzznJSAJUGhbS50VrAdN/IGRDK + GHIlpOSOU1Ih/Jlel0g2eE/+DQAA///sWe9r2zAQ/VdMoJBC7dpOnKSD0gW2wT6UhRZWKIOg2E4T + GkvGP+qOLv9730mK6rhxN8oo+RDIByeS755Ouqd3Fx6rK9+pIbrEVt/JIo4A3SxiTufLYsauQI2H + FQEJLQt6y1ryucgS+Y4lMmJghtGcCBDkex/zEwIG48vCUrrCYquK/aYlWimT6MocJ9ti3KoBRIXG + 45WDDc9pzWaFKga/OAWBvFGMgEAjzDcQyWBeIkA7kdbWXFv9FXIRdwlCRqvXx6WqKkdULE9lUiAJ + 40cnXaTyQMPJFDan2veUFRBSsxJHatr9cTO+ntjXlzZkgsxV4yQVdJIpGbosSpb82Ooe/8FBWRXi + E47ha8XitSkWr78ZIDorUFjfS4VEGq45NWix4bYOtOkA1+gAuRdS9eyeaJTr1rXZpFtEjYULytid + esQ1Mjcvk4TRhdL5G/tSDEkeiuydtw/JhAtkDwnQ79F5MGf9XuTNRn03mAHTcHjm+f6ALjszCR7e + mBbTBo+jCD5wA3VeMNi6NvlsDhkZfbOqVCng4KqT0yT76Mom8HyvH3tu3POjs0HYC4OhF46CKHLZ + YO7Fo4voXFo56o2P/G/4qPfshHHNmratfsqdMrcrRMT2HaJjJy1nq2VIIbNTxnKKGN6XtwO0HB6/ + TOyBk3LC36xQ9x9xs8Tdf8TNEnnfEYOTIlVRar1Wlz4T3fGhfCKyVlWe4rVb6DZM/1pmAqX8LRgn + XLwkHjVqMGoymfzo9pSWeplm3AMVfPymH6jgIxAfqKCVCozyAMQ7lXFP1OPVzy7sioLpDnVTebQ1 + hNy2hpBrGkLNAaPUYv6wzARXckfXm6X+K0J9/SekIlEWnjaPmuzeQXC1f1FON3ZPOgl7vIrzckWG + a75ldZ8V40LheBDF/2v/KWPGKHyhEvopZHNk04Okpia1HMilAbKN1t+Cq1+Q4Vmv188AAAD//wMA + FDuIffkaAAA= + headers: + Atl-Traceid: + - ea5efeb890e31021 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 94b991a8-43db-4c9d-aea9-aed79e57bc1e + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '328' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNtbqIHFVmFdk8ikrYJVtKkNKmwLPvfTXHx4za88zzz + MifopFeHxYCA9xBmL3a7QWnVh8F9OCKDkd6P0hKrAiTwqRY/OhthikgJEkyb/fVzc/fU/m7369TF + CcTLBiWY4GsCg5qNO07KhvY4q3jgxrh1iFK3jmb4VkBEgWFxCW9l2ECGjKVYpZS3WAnkghUEEa8i + idH3aom97Tj9Y+sWUdBaIJKK1j9sP91b7SJY5pTrTGud8YqxErMKMS8kK2kvcSh7znOFWfm3IJit + 4WFcJGzvaLma8Oh6ucUnMJcJlH07NHA+fwEAAP//AwATHzAFWgEAAA== + headers: + Atl-Traceid: + - 058c64fa47ac375d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - de3f3717-6884-4110-8690-52b87fe97df9 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"body": "((admin)): testing note. creating it and pushing it to JIRA"}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '71' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment + response: + body: + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment/10203","id":"10203","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2022-08-19T00:19:01.060+0200","updated":"2022-08-19T00:19:01.060+0200","jsdPublic":true}' + headers: + Atl-Traceid: + - 984c457ca0ff3fa7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Location: + - https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment/10203 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - daee035b-2950-4179-8f0c-4bec13e983eb + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '294' + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA1SPzWrDMBCE32WvtZ2V/CNHt9Ic2lLSgp1TKUW2JOIiS8aSCyHk3SvTQNrbMPvN + zu4ZOuHVYTbA4RjC5PlmI5VWfZDuy2UiGOH9IGxmVYAEvtXsB2cjTBBJhhmmzf7+rXl8bW/T/TJ2 + UQF/X6EEE/xIQKrJuNOobGhPk4oLHoxbZAx1y2DkbwR4DFAsr+ZOhBWkSGmKdUpYizVHxmmZIeJd + JDHmvZpjbzuM/9hti8jJlscj6+LG9uOT1S6CVUGYzrXWOasprTCvEYtS0Ir0AmXVM1YozKu/BcGs + Dc/DLGB9R4vFhBfXi9U+g7kqUPbz0MDl8gMAAP//AwAF327KWgEAAA== + headers: + Atl-Traceid: + - f6e5077ebec60b5f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 30dd9655-9538-4917-8344-ba5dc99439cd + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '109' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"body": "((admin)): testing second note. creating it and pushing it to + JIRA"}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '78' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment + response: + body: + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment/10204","id":"10204","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing second note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2022-08-19T00:19:02.073+0200","updated":"2022-08-19T00:19:02.073+0200","jsdPublic":true}' + headers: + Atl-Traceid: + - 45cdce1298018f66 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Location: + - https://defectdojo.atlassian.net/rest/api/2/issue/11775/comment/10204 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c50acf84-8237-48f9-a2c3-886f38bab21a + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '281' + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTpG26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8IWMVoYwSFc4HSGDTz2HwbsEE0RSYIH5fnf9vL97an+3u2Xs + 0gTiZYUyzPA1A6Un64+jdrE9TjoduLF+UUnqlsGqbwVEEihWl/BWxhWkSGmOTU54i41ALmhVIOJV + IjH5Qc+ptx3Gf+y2RRRkK5AVFeM/bD/eO+MTWJeEG2aMYbyhtEbWIJaVpDXpJaq657zUyOq/BdGu + DQ/DLGF9x8jFxkffyzU+gb1MoN3bYQ/n8xcAAAD//wMAIHFhUFoBAAA= + headers: + Atl-Traceid: + - 5b3b3c673dd70107 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - effa712b-5e9a-4a38-8b1c-85853e0f5766 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '110' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{}' + headers: + Accept: + - application/json,*.*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2' + Content-Type: + - application/json + User-Agent: + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11775 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtN7uJI2AYutjdugVZljgp0LQIaOossaZIjaRie23/+456 + sVMn7pAMKwI4Eo/3/tyj++jBqqQy9RJPg0xBQ/qKg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQBuUQXoBpQYD0rZ3WWWsKubO4G0UhlHoa/irAmOn6xLONWWWM/B6Hnf+o+jo6AW+GBBz + fM2tLU0SBCnMgdlUfVA+tYIaw6n0JdgAPdmAljyIA25MBUFnYAFr1D+bTi6n/Wg4OMKjOgTjJR89 + g7FVhlELmdLrJocU31AjDuO4H4760fE0DJNolLw49gejwx/COAxdkM6JxcBrM88M0ukHWIow3qTd + vqRgmOalKxyeviSmoEL0SMqN5ZJZUnJgQNScLJVe+E6bKXmlxROjqCR37aLilt5RS3Vwx2EZ1GFt + A2xFUTiIRj8Z/jf8WGDbqwK9Oligyyk1C9erambdUzKnwkDPaxRfY161bs/LOQJHs3x9CneAsYaf + e57liKwSUeIlssIcvR2YDMJOUGr1ATN6ZsFb7brcdQO7cruXeyDZZnUlubVowHgb3w6pv9d3jZrb + JdUOr4YXpeAYcLqTOfajRtlwtBqOnhjuVzrTZbLpyzB0qI6Hq3j4/3ppul9jER1Gh6vo8Fs4XHUe + B/FqEH8Ljy3AP39+CMdoH07jTjDnq+uGA7H7N+8RDVmmIUNaeYB1jFOJqpnyR63GR/sEo32C44fG + G0prTh1h1OztJf0IX6lFUm/I8OlD1VDtllyDxpx2I1M/nqjKZRs5wnzjDrjMvMTqCrC0aNReYzfc + 4DTB1facfc1ZU5WPD85crKhsclWJdMxNKei6HTzXLg2YrJvtxwg8jDYEvlu2Dc3sCvY1PN40fFcw + 2DIWV5rb9TOr26kHw6cRPC9oBiZwGqYzwvFAqKVv7rItw52qZceEQ69uyAwcZTnQ7n6tD/dkG+1D + aDRyaefUTErOTrlcvHKSMZRus5Cs61ndyWUt25xIJSe4WNCZgAugpsGBbp+889OrX16f3Z6+Ppmc + XU5uJxcXf1xgGjhaBvPGC9McyDlys7TE+SXcECXFmuCcc+GMEqvIb1xTcq6hwEEnlUHM+o/Ne4Tj + 5IWfeBiOcp14zfcKW4Q13s7UFwOO1c64pGL3UrsXteWtUS0wuo4jsH2ZhM3tqnRD+wiOj5Mw9sOj + QYfjZoV5JsIa5c038cut42mg26LqZ8oWuAh2yOqMN75O2l3rPwXcLWxBtzfF3SdcgkM0U0Lpsyaa + maign2nkiO26oshYNc1WRYmrqrRtF77Wvy+L805u/w6m3Ao4SMjNW1pGCTlRasGBvOEWOcqSS2CV + BvJK0OyTyxVTFYpRkStjk1E4CoM5lykSYxAPR+9rg+O6FBjlB0UcSJID8q+a5Dv8+b5Wv8T1yhEH + quGIt0GOKyBjzAcPx8B8Eh32iMPWJouTNxOU3eC//mE0rEN1bWFL8AtuNfhKZwGikrpOcVyOHJoD + vOrnthB14I2da2fnSi6kWt6v0rlWaYWf24nMcE4LrHowxSI7n3WJMGDyq1r2rdpTprI1EL8nAbmJ + jCV/VlRb0GRrco8qbH1Gtfbbl+fkklG5577b+4LjF5uk7qVxuTYWCoNppKXiCJ2DpD6vO+QKVlAu + DbfgI7qwXiafKarTfTce2B9vceYsvySsgRMyKZkBSGLAkmWLLYtUZxp8zRFfPbLMOctJAVQaFNLm + RmsB030nZ0AoY8iVkJI7TkmF8Gd6XSLZ4D35DwAAAP//7Fnva9swEP1XTKGQwuzaTpykg9IFtsE+ + lIUVViiFoNhOYxpLxj/qje6P3ztJUT037sY20nww5IMTyaenk+7duwuPVZJ1GogucdR3sogjQNfr + mNP9spixK1DjYUdAQtuC3rISvhJ5Kt+xRE4MzDBaEAGCfO9j/oaAwXhSWiqTW2xTs++0RStjEl1V + 4GZbjFsNgKjQeLxxcOAF7dnsUPnglpMTaDXyERBohMUWIhksKjhoJ9LGnhu7/4JYRC6By2j3+rrU + de2ImhWZDAoEYfzNydaZvNBYZAGbC732gpWQLssKV2ox+Hw9u5rbV5c2ZIKMVbNIJugmUzAMWJQm + /MQanPzARdmU4i2u4XPF4nUpFm/UNRBsB4jnSlTc91KOkZxqTXXN1PZAlw5wjQ6QZyFVz+6JRrnC + MSxcU1DulByuUbK/5Nc2LxdVmjJKKEe/Y1/yIclDkf9l9iGZcIHoIVH7KToPVmw0jLzldOQGSwCe + TM483x9TsjOTsMIL02I64FkUYQ1koKMnDLauTd6ZS0ZGX6wqVQg4SHVymmQfXdkEnu+NYs+Nh350 + Ng6HYTDxwmkQRS4br7x4ehGdSyvHw9mx/xEf9Z6dMq5Z07bVT4VTFXYNj9i+Q3TsZNVyk4TkMjtj + rCCP4X2ZHaDl8Ph+bo+djBP+doV6+IjbJe7hI26XyIeOGNQTqRpO67Wm9Jnrjg/FE5G1qhwVfd1A + t2H6hyoXKOVvwDjh+inwqFGDURPJtI5uT2mpl2vG7alg/4feU8E+EPdU0EkFRlAA4p2KuEfq8epn + F3ZFyXSHui1LuhpCbldDyDUNofaAUWoxf0hywZUW0vVmpf+KUF//BOmDKP9fK08ZM0axEiqQr0I2 + JUy3TaQK8uP2kdj1H9aX/9qcalunnuvDd6aPoL6wCsKup+1XCNCetveB+HVp+ycAAAD//yLdxXQs + tpPyU0D9PA1oD1nTSgE0TgPq1OcByyU9BXDvDsTNLFFIzEtRKCgtBk04gLigEV/PIEcl2Miq42gp + gpleAAAAAP//okt6GS1F6OHi0VIEZymCc4rQ0srAUM/AzAA2tYJvDgZFYVZxSgDYp9CpTQAAAAD/ + /9Ihq1TB1QICz/7BWkAgzmgLaKBS6WjZRQ8Xj5ZdOMsu3C0gYCDlA5s8ow2hIZNsRgsTerh4tDDB + WZjgawihrDHB1xBCUYjeEAIAAAD//4qldAEvrCEENDs3sSIotbg0BzTEZAQf9jICLywpKnEsgQyB + gZa3gRafgMozuDiaZqRBM7gG0LhVbG1tLQAAAP//AwBIss5UAy0AAA== + headers: + Atl-Traceid: + - 90e1cc6a1f010a0a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Thu, 18 Aug 2022 22:19:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' + Server: + - globaledge-envoy + Strict-Transport-Security: + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f04795f1-d6f1-4ecf-b380-8814a9199be1 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '235' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml index cb1708c4c2b..b354b0ff5fa 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp0m3W3EQPKrIK2z3JIkk6wUqalCYVlmX/uykuftyGd55n - XuZEtIq4nxyR5D2lMcrVqkOLJnXhI1CVnIqxV556TKQgnzjFPvgMVwAVBQrlbnvzsrt/bn+323nQ - eSLydYEKKOBQkA5HF44D+tQeR8wHbl2YuyzpuXfdt0LkIqzFJbxTaQEZsKqEumSirWoJleQ1BYAr - YADZjzjl3rYf/rGbtmKScwnXtObND2uGB29DBgXbiGZttTIcucIGjG1EozutBFgDoOpaCI38T0Fy - S8NjPymyvGPV7NJTMGqJT8RdJoL+bb8j5/MXAAAA//8DACrhOnlaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE26uYkeVGQVtnsSkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4I5zA4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8v7t+3t89Nb/b3TK0 + aQL5skIZZviagTaT88fBjLE5TiYduHF+0Ulql97pbwVkEhhWl/BWxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8YObU2/TDP3bbIEq6lciJQPrDdsP9aH0CeUmFLay1hagZ41jUiGWlGKedQs07IUqDBf9bEN3a + 8NDPCtZ3rFpcfPSdWuMTuMsEZnw77OF8/gIAAP//AwCPOiVqWgEAAA== headers: - ATL-TraceId: - - 92c05143f5794fda - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 151c8052281cd77d + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 43941b0b-715c-4108-979e-306e4fd82c1d - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 2bc74b8acf8e8743 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1fde12e5-a13f-4c4d-b7e4-91e1a584b147 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 04e6d19b-4b9a-44c0-b4e1-7129ec3b28fe - x-envoy-upstream-service-time: - - '63' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 475fdfed73e8153d - Connection: - - keep-alive + Atl-Traceid: + - 1e815b5f2e6e4cb2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dbaf2381-c425-4313-b5e8-b29fe43fb63e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '167' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c3f14a5b-ec51-4f92-a580-4951426e0f24 - x-envoy-upstream-service-time: - - '115' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2827]\n\n*Defect Dojo link:* http://localhost:8080/finding/2827 - (2827)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/688]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 + (252)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/97]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1303' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11081","key":"NTEST-892","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11081"}' + string: '{"id":"11776","key":"NTEST-1438","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11776"}' headers: - ATL-TraceId: - - 555d1f15d7bd12f8 - Connection: - - keep-alive + Atl-Traceid: + - ac61e11fc8a66d4a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5f897f8f-eee9-432a-a4d8-dca6232e06f3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '618' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ff414c4a-96b3-42c0-91e0-dab1d0233587 - x-envoy-upstream-service-time: - - '531' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-892 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1438 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xZNUokdBpd4XY3xq7tmMRAlZu8pqaJHdlO0x7wv9+z - naxjozsYm7TFz37fP+9jf/ZgU1KeerEngacgIX3FIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOGqTCPUjHUEpQwLU763U8ZiyHYTAIcaEgX+ByqXWpYt9PYQGJTsUn0aM6p0oxynsctI82 - tE9L5kc+U6oCvzWwgi3qn09Hk2l38DxCycIG68WfPYVOK5VQDZmQWxdciitUiIIo7Ab9bjSYhlF8 - eBiHQa8fPPs9iILAxGh86G0J1swjYzT6fhgEgYnKZd0sUlCJZKWpCEqPiSponndIypRmPNGkZJAA - EQtSC7nqGe1E8EuZ/0gUCpJKgr9mUNM11VT+odi/8KLAJlXFEyc6TV+EwWE4aJZTDPTFLuWOZxqN - vqZUrUyPqrk2X/GC5go6XmvDi62Rrx1PMwRGiU32Yl5hJl4pxScM75HVa7Rt7Ww32tqZxa2G7yK9 - 5ExrNGDw1WibpP62Z5VY6JpKk5hiRZkzREh6JxssroVMf7DpD34k3KbMjbOm0iUzhcWf23VGWKHn - qL+J+o82bFtoUfJENf8f8BUebcKjX/O1aZ01Hw94O4w2h9GveWvAqdqPvd6+fjXzvXnn2AU7dv0R - O5hlEjKc63swREyJvHJj5iRJpbQoLEXM0EP0bN/G4L4NRx1OagbT0p8Xd8OGLwyCJUucu8/3ZAZf - GL5aiipPT5gqc7ptUIjimmrkVUdbPz8xjhNvWNB31qQZB/s5FJWpio30yggYz7xYy8q4Rpv6HdKF - GYqmGBIwVzN13+NJ7ETLk3erFuwrZ7hvI9q3cbjjEiYk09tHlqZV9/s/x6OsoBko32io1ghDQS7q - nlpnO+45E3XLUX3PlnMOhkwMNO8kZabyu9mG+3AYDkzaS6pGJUvOGF/Zq/gESnMz86QFkIVVbfdu - JFzwEV7MdJ7DGKhyoJTNl3dxdvn69Hx2djocnU9Gs9F4/HaMaeAAKcwbD0yXQC6QNbkmxi9higie - bwlOJMuNUaIF+YtJSi4kFDi1pFKIuJ6d0btZPEeDwRcWBP35PPbujCxWNmOc5tgzLPpuxszeXVnz - rmjKa2GfY3QtE2D7Mg43p6vSzOwP4Ni9FB6JMKd8c1t9e7n/HOh2qHpJkxU+pFpktcadr2HzpPml - gNt3kd8+T6L2cuVgEJ2IXMhzF808r6CbSSSs3eNAkBPhmi2KEp96XDddeKin3xbnA9/9HkyZzuEg - JtfvaRnGZCjEigG5YhoJU5OJvTzIq5xmX0yumGouEpovhdLxIBgE/oLxFGnNjwbRs4/W4omtBYb5 - SRCDkviA/L8qeWr+/mYNTADxhtyBijjlVjS8GuHqkq+4qHexD9/dkx5cSJFW+IoZ8QwnqsD6+FMs - B567tsmgXfKnqLta7EmobAxEH4lPrkOlyT8VlRok2Zncowo7n6HVfn98QSYJ5XvOm7eTfzQYuLq9 - lJQnS39KMwz2HFvrpBXL09OT26KhKAqmCdLT8pbYFG6rNBQKc09LwRAZB7GV2/obmBaUccU09BA8 - cb9/uG9vn9xP0edcUJm2PbjpxckOYsbrMUkckjBKMgfgRIEmdQMrjSzn3iVkgdDqkHrJkiUpgHKF - m9SdaCxg/dACoUmCLAkpWTNKKgR+Ircl0gwe4xzcXd8zoYwRf0igCcQt7uq67omaqrInZOYj6mDT - K5elBQYCcLYQcuacqRnV+HKYV9ia2dO3V8eTi+7kTRcvRgvNy/GZM/pQYd4AJpnG5PVo+oEjl+Pg - InpiIsp18oGP1sxcIRjcBHTXjVuz9x8AAAD//+xZbWvbMBD+KyZQaEvtWE6cl8Howl5gHzbKChv0 - m2KrjZnfsOx0o8t/33OSoqZOnI1ulHwIlKJE0t1Junvuucu/KoizJO5SoOf2KOgWSyuWCf5LfUdd - KrbXKcf4hAR+p8pQ8otvC5FTeDvcPm+BKhV2wCHImGQpnCTHi2Rqj1NUlAM5ZiWlIKS/7yK/IP/I - HQSB5nUOT+/5T3I0p+TKSRqJh3XgORt+gko0F6mHOJbkedbPNjyRdJGjQr+xT64NJHmygZfutFN5 - 3vnHrORRTef8XDiJ+uAAT+i61O2fX9eilJTCK6FxRujFJrKt66rIBei5IzbEpc2u37psYC4UtX1B - eESQdsrxsPmZc3r2C4+Z1sUrYMk2Q2RdDJENN9N+XSH9KY5KlLm9NOyQ4XdOdPEu3/IudfWKZe5e - aOuB9sR0PYF45dGCMHdHWdLOg7LJMk4JvPenbEd3SHS8qJ6Z7YmWXQKzqARAIRXe8uEgZvPJ0A/n - OMB4PGVBMCJyYRdBw55lgh54FsfQgYzfe7TBNaXdGwtxJHRvfa093gO1UMsUwOhhP2QBGwrmi0EQ - T0fRIArHLJqEcezz0S0Tk8v4tZJyMpidBB/wp/e5Gc9N7nNd/ZX0Gune40bcwCNn98pmniYRXZlb - ci7pxrAfkVUn4M4YvrtyR16Zk/3twv3wLW6X/4dvcbuFcOgWA5NiXcAbfrzJNK9M74viicBZ19ka - 126Ar1j+vqmKUvRvgDjR4jHwqGWFWRvJpMc03wy1rgziHqHg5R/9CAUvYfERCjqhwBIKmHinI+6B - ut1m7ENuUfMUo23O5IN39R5Wve2Jrs6c39WZ821nrj1hKZzIl0lV5JoLmcK/MT+96I9/c4RlUf+3 - hqiWZWVCEcrBr4VqDq1bsHAtbfHDemhQ99n61Y9U/bXci17Gf3wRsklJ8MZZVVunqme1Pjf1lqn1 - Qye33z/dHDzZbTYoa1er1W8AAAD//wMAJrZDfcEbAAA= + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YjrOAKGoYvdLVuQZYnTAk2DgKbOEmuK1Egqtpv2f99R + DztN6m7JsCKAIz7u9d13x7vzYFVSmXqJp0GmoCF9xUGkxpe0AOMblkNBfVWCppYraXxIuS3AUp/l + VGYgVObfgjZ4Buk5lBoMSNveZZWxqpg7hTdRGEZhX8NfFRg7XZdwpimznIHne9zZj6KDgyEuDIg5 + LnNrS5MEQQpzYDZV71WfWkGN4VT2JdgALdmAljyIA25MBUGnYAFrlD+dTi6mvWiwP8Kt2gXjJXee + Qd8qw6iFTOl1E0OKK5SIwzjuhaNedDgNwyQ6TMKD/nAQ/hDGYeicdEYsOl6reaaTTj5AKMJ4E3a7 + SMEwzUsHHO6+JKagQvgk5cZyySwpOTAgak6WSi/6TpopeanFE72oJHfpouKG3lJLdXDLYRnUbm0d + bI+icD8a/WT4B/ixwLRXBVp1tECTU2oWLlfVzLqvZE6FAd9rBI8xrlrW93KOxNEsX5/ALaCv4Sff + sxyZVSJLvERWGKP3gCb7YXdQavUeI3om4K10DXedwA5ut7hHkm1Ul5JbiwqMt7HtmPp7fdeouV1S + 7fhqeFEKjg6nDyLHfNQsG4xWg9ET3f1KZrpINnkZhAfoRjxYxYP/10qT/ZqLaDAarqLhtzC46izu + x6v9+FtYbAn+6dNjOka7eBp3B3O+et30QMz+1TWyIcs0ZNhWHnEd/VSiaqr8i1rjg10Ho10Hh4+V + Ny2t2XUNo+7eXtKLfA9Rs68REUfe5kJd+A5AzVnj2d2jPUdrxMbkqhLpmJtS0HVLftxeUosPRdNg + n16oTfveNuygUaddGdafR6pyCEbO1Tdug8vMS6yunG2mAYN1tf2lBh6/GHUN/CFsmzbz8GBXwuNN + wkvNleZ2/cyAO/Fg8LQ+zguagQmchOmUcNwQatk3t9m2kZ2oZdfwBt5jSsf7XSCCzsC1LEfah6/1 + cAcM0S6GRiOHR07NpOTshMvFK3cyhtJNFpJ1fKlZtKzPNjtSyQkOFnQm4ByoaTio2y/v7OTyl+PT + m5Pjo8npxeRmcn7+xznGh6VlEBC8MM2BnGFvlpY4u4QboqRYE6xzLpxSYhX5jWtKzjQUWOikMsiv + /pfqPcJy8sKPPAxH+YfEa94rzB2Cv62pzwoc05BxScXDS+1c1MJbs1ygd12PwLxmEja3q9IV7b/g + cTPCPJN6jfDmTfx86ngaG7d0+5myBQ6CHeU65Y2to3bW+k8OdwNb0M1NcfeES3BUZ0oofdp4MxMV + 9DKN/Wk7rigyVk2yVVHiqCptm4Wv5e9zcN7J7d/elFsBewm5ekvLKCFHSi04kDfcYn+05AJYpYG8 + EjT76GLFUIViVOTK2GQUjsJgzmWKTSyIX8TXtcJxDQV6+V4RR5Jkj/yjJPkOf76vxS9wvHIdBcWw + 9lsnxxWQMcaDm2NgfRINfeK4tYni6M0Ez67wX28YDWpXXVrYEvoFtxr6SmcBspK6THEcjhybA7za + z20hascbPa+dnku5kGp5H6UzrdIKn9uJzLBOC0Q9mCLIzmYNETpMflXLnlU7YCpbBfE1CchVZCz5 + s6LagiZblTtEYWszqqXfvjwjF4zKHffd3BccHmyCuhfGxdpYKAyGkZaKI3X2knq/zpADrKBcGm6h + j+xCvEw+U1Snu2480j/e8sxpfklYQyfspGQGIIkBS5Yttyy2OtPwa4788sky5ywnBVBp8JA2N1oN + GO47OQNCGcNeCSm55ZRUSH+m1yU2G7wn/wYAAP//7Flha9swEP0rJlBIofZsJ07SQekC22AfykIL + K5RBUGynCY0lY9l1R5f/3neSojpe040ySj4E8sGJpNPTWffu3YWnOsF7DUQXeNW3qogjQNeLlNP9 + cpi1K1Dj4URAQseC3nKWfC6KTK1xREEMzDAqiQBBvncpPyFgML4sHa0iHLaq2S86opMzha6SuNkO + 404DICo0nq48vHBJZ7Yn1D74yckJtBv5CAgMQrmBSAZlBQe9iLRx5sbpLxGLyCVwGZ3eXJe6rj1R + M5mroEAQpg9evsjVhcYmU9icmr2nrIRsmlW4UtPu9+vx1cS9unCRdlWs2k1yQTeZgqHLkmzJj53u + 8W9clFUpPuIa/qlYgl2KJejvGog2A8RzJSruOyWdSMq1pvp2anvA6gDlcqV6Xp64Sxf4Vrlupc02 + 3bZXWVkLd7J4QaGsOVtWWcYooXT+xr7kQ5KHonhj9iGZcI7oIQH6LTmL5qzfS4LZqO9HM2AcDk+D + MBxQsrOTsMMr01J6weMkwR7IQJ1nDK6pTT7ZS0ZGX60qdQh4SHVqmmIfU9lEQRj008BPe2FyOoh7 + cTQM4lGUJD4bzIN0dJ6cKStHvfFR+BUfvc7NGDes6br6J+lV0q3hETf0iI69vJqtljG5zM0Zk+Qx + rFfZAVoOj58n7sDLOeFvV6j7j7hd4u4/4naJvO+IQT2Jrh+NXmtKn4np+FA8EVnrKk/T1w10G6Z/ + qQqBUv4GVBQvngOPGjUYtZFM+5j2lJF6hWHcAxW8/0s/UMF7ID5QwU4qsMoDEG91xD1Sj9c8+7Ar + SmY61G0lsqsh5NuGUHvANljaA1appfx+WQiuVY2pNyvzV4T++k9IRaYtPG4eDdm9geAa/6J82Ng9 + 6WTs4TKV1YoMN/ZW1X1RjkuN416U/6/9p41Zo9gLldAPoZojtuMoCtVyoC0tkG204RZcs0C5Z71e + PwEAAP//AwCgdpLe+RoAAA== headers: - ATL-TraceId: - - 957bdf6a8bc18b5a - Connection: - - keep-alive + Atl-Traceid: + - bb6eb10fd3881b22 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7c2cf651-82d2-4a84-bb0c-8589309272f1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '464' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 53fac7c6-a97c-476d-9391-59ba37d9b9d7 - x-envoy-upstream-service-time: - - '110' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11081 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11776 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xZBSUSOo2ucLsbY9d2TGKgyk1eU9PEjmynaQ/2v9+z - naxjozsYm7TFz37fP+9jf/FgU1KeerEngacgIX3NIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOGqTCPUjHUEpQwLU763U8ZiyHYTAIcaEgX+ByqXWpYt9PYQGJTsVn0aM6p0oxynsctI82 - tE9L5kc+U6oCvzWwgi3qn01Hk2l38CJCycIG68VfPIVOK5VQDZmQWxdciitUiIIo7Ab9bjSYhlF8 - eBiHQa8fPP89iILAxGh86G0J1swjYzT6fhgEgYnKZd0sUlCJZKWpCEqPiCponndIypRmPNGkZJAA - EQtSC7nqGe1E8AuZ/0gUCpJKgr9mUNM11VT+odi/8LLAJlXFEyc6SV+GwWE4aJZTDPTlLuWOZxqN - vqZUrUyPqrk2X/GC5go6XmvDi62R646nGQKjxCZ7Ma8wE6+U4jOG98jqNdq2drYbbe3M4lbDd5Fe - cKY1GjD4arRNUn/bs0osdE2lSUyxoswZIiS9kw0W10KmP9j0Bz8SblPmxllT6ZKZwuLP7TojrNBz - 1N9E/Ucbti20KHmimv8P+AqfbcJnv+Zr0zprPh7wdhhtDqNf89aAU7Ufe71dX5v53rx37IIdu/qE - HcwyCRnO9T0YIqZEXrkxc5KkUloUliJm6CF6vm9jcN+Gow4nNYNp6c+Lu2HHwzT1e5w4gyt3wI6T - wbRkiQvgyz2ZQRwmpJaiytNjpsqcbhtcorimGpnWEdnPz5BjyRte9J01aQbEfg5FZeoUmkgvjYDx - zIu1rIzrRALmaqbuezyJnWh58m7Vgn3lDPdtRPs2DndcwoRkevvIQrTqfv/neJQVNAPlGw3VGmEo - yEXdU+tsxz2nom45qu9dGyzMwZCJgeadpMxUfjfbcB8Ow4FJe0nVqGTJKeMrexUfQ2luZp60cLEg - qu3ejYQLPsKLmc5zGANVDoKy+fLOTy/enJzNTk+Go7PJaDYaj9+NMQ0cIIV544HpEsg5sibXxPgl - TBHB8y3BiWS5MUq0IH8xScm5hAKnllQK8dWzM3o3ixdoMPjKgqA/n8eeuzCwRVjj3Uh9M8ZY7Yxx - mt891LwrmvJakOcYXcsE2L6Mw83pqjQz+wM4di+FRyLMKd/cVt9e7j8Huh2qXtFkhQ+pFlmtcedr - 2Dxpfing9l3kt8+TqL1cORhEJyIX8sxFM88r6GYS6Wn3OBDkWLhmi6LEpx7XTRce6t+3xfnId78H - U6ZzOIjJ1QdahjEZCrFiQC6ZRnrUZGIvD/I6p9lXkyummouE5kuhdDwIBoG/YDxFEvOjQfT8k7V4 - bGuBYX4WxKAkPiD/r0qemr+/WQMTQLwhd6AiTrkVDS9HuLrgKy7qXezD9/ekB+dSpBW+YkY8w4kq - sD7+FMuB565sMmiX/CnqrhZ7EiobA9En4pOrUGnyT0WlBkl2Jveows5naLU/HJ2TSUL5nvPm7eQ/ - Gwxc3V5JypOlP6UZBnuGrXXSiuXpyfFt0VAUBdME6Wl5S2wKt1UaCoW5p6VgiIyD2Mpt/Q1MC8q4 - Yhp6CJ643z/ct7dP7qfocy6oTNse3PTieAcx4/WIJA5JGCWZA3CiQJO6gZVGlnPvErJAaHVIvWTJ - khRAucJN6k40FrB+aIHQJEGWhJSsGSUVAj+R2xJpBo9xDu5m75lQxog/JNAE4hZ3dV33RE1V2RMy - 8xF1sOmVy9ICAwE4Wwg5c87UjGp8J8wrbM3s6bvLo8l5d/K2ixejhebF+NQZfagwbwGTTGPyZjT9 - yJHLcXARPTER5Tr5yEdrZq4QDG4CuuvGrdn7DwAA///sWW1r2zAQ/ismUGhL7dhOnJfB6MJeYB82 - ygob9Jtiq42ZbRnLTje6/Pc9Jylq6sTZ6EbJh0AISiTfXU53zz13+VcFSZ4mXQr03h4F3WLpxDLF - u9Q+6lKxfU4FxicU8DvVhlJcfFvwgtLbYfZ6BbpU2IGAIGPSJXfSAjeSq2ccUVENZNiVVIJQ/r7z - 4oLio3CQBJrFOSy7Zz8p0JySqSBpJC7WQeRsxAk60YJnHvJYUuTZONuIRNJFgQr9xj65NpDkyQZR - utNOFXnnH/OSxTX9zs/CSdUHB3hC7lLeP7+ueSmphFdc4wzXh01m29BVmQvQc0fBEE6bXb91g4Fx - KHp7QXhEkHbKcLHFmXN69guXmdXiFbBkmyEGXQwxGK43qHzUFcqfYqREkNtHow4ZfueG5V3Kw4pM - 7j7YxcN82w8gLVm8IGjdSfH86U4+066DsslzRgW896dqRz4kOi6qZ1Z7omWXwCwi/Gikols2HCTB - fDL0ozkMHo+nQRiOiFzYQ9Cw5xinC54lCXSg4vcebXBNa/fGQhwJ3dtf64j3QC3UMQUwetmPgjAY - 8sDngzCZjuJBHI2DeBIlic9GtwGfXCavlZSTwewk/ICXfs7NWWFqn+vqr6TXSPceHnFDj4LdK5t5 - lsbkMrdkTJLH8Dwyq07BnbF8d+WOvLIg+9uN++Fb3G7/D9/i9gjh0C0GJiW6XTf8eJNpXpnZF+UT - gbPuqjWu3QBfcfx9U4mS928ARfHiMfFoZIVdm8mkxwzfDLWuDOIeoeDlL/0IBS9h8REKOqHAEgqY - eKcz7oGm3WbtQ66oWYbVNmfywbt6D6ve9kbXZM7vmsz5djLX3rAUjhfLtBKFJkmm8W/MXy/641/9 - BHSXSsLDemlQ8BnIt/GnUX8t96KXsx9fuGwyEryhW41ZqnpWazuWov5vY1gty8qEKrSlX4UaUtnB - r6jU6Ic0WjueGhs+sdY8oLyzWq1+AwAA//8DAEdG3vDBGwAA + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPeI6joBh6GJ3yxZkWeI0QNMioKlriTVFaiQV223z33ep + h90kdbdkWBHAER/3fe7h/ejBqqQy9RJPg0xBQ/qKg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozL8FbfAM0nMoNRiQtr3LKmNVMXcKb6IwjMK+hr8qMHa6LuFMU2Y5A8/3uLMfRQcHQ1wYEHNc + 5taWJgmCFObAbKreqz61ghrDqexLsAFasgEteRAH3JgKgk7BAtYofzqdXEx70WB/hFu1C8ZLPnoG + fasMoxYypddNDCmuUCIO47gXjnrR4TQMk+gwCQ/6w0H4QxiHoXPSGbHoeK3mmU46+QBTEcabsNtF + CoZpXrrE4e5LYgoqhE9SbiyXzJKSAwOi5mSp9KLvpJmSl1o80YtKclcuKm7oLbVUB7cclkHt1tbB + 9igK96PRT4Z/gB8LLHtVoFUHCzQ5pWbhalXNrPtK5lQY8L1G8BjjqmV9L+cIHM3y9QncAvoa3vme + 5YisElHiJbLCGL0HMNkPdx1E3UGp1XsM9ZmVaKXrOtSV7ergFp+hZxvupeTWogLjbWw7CP9e3zVq + bpdUOyAbXpSCo8Ppg5RgoWr4DUarweiJ7n6lZF0km4INwgN0Ix6s4sH/a6WBRQ1SNBgNV9HwWxhc + dRb349V+/C0stsi/u3sMx7iD45yvXjcciEW+fodFzzINGdLKI6yjO0pUTZd/EeTxwa6D0a6Dw8fK + G0prdh1h1OztJb0Il9QiqTdk+PTeaah2S65Bo067zqg/j1Tloo0cYV65DS4zL7G6gruWQ502zVmT + g4+P9pxneNXkqhLpmJtS0HXbTbiNbtnXWDbXYW02NGCwroW/RODxi1FH4A/Ttotm4g3NPDzYFLzU + XGlu189MYiceDJ7G47ygGZjASZhOCccNoZZ9c5tt+epELTteG3iPkRvvd4EIOgPHTA60D1/r4Y40 + RLsQGo1cPnJqJiVnJ1wuXrmTMZRuspCsq2Jd22V9ttmRSk5wsKAzAedATYMM3X55ZyeXvxyf3pwc + H01OLyY3k/PzP84xPmwtgwnBC9McyBlSsLTE2SXcECXFmmA7c+GUEqvIb1xTcqahwH4mlUHM9r/U + 1hG2kxd+4mE4yj8kXvNeYe0w+dueutfgWIaMSyoeXmrnoja9Nc4FetdxBNY1k7C5XZWuaf8FjpsR + 5pnQa4Q3T9/9qeNpaNzC7WfKFjgIdpDrlDe2jtpZ6z853A1sQTc3xd1LLcFBnSmh9GnjzUxU0Ms0 + ssZ2XFFkrJpiq6LEUVXatgpfq9/95LyV27+9KbcC9hJy/YaWUUKOlFpwIFfcImtZcgGs0kBeCZp9 + crFiqEIxKnJlbDIKR2Ew5zJFYgziF/G7WuG4TgV6+V4RB5Jkj/yjJPkOf76vxS9wvHKMgmLY+62T + 4wrIGOPBzTGwPomGPnHY2kRxdDXBs2v81xtGg9pVVxa2hH7BrYa+0lmAqKSuUhxnIIfmAK/2c1uI + 2vFGz2un51IupFp+nqUzrdIKX9WJzLBPC8x6MMUkO5t1itBh8qta9qzakaayVRC/IwG5jowlf1ZU + W9Bkq3KHKGxtRrX0m5dn5IJRueO+G++Cw4NNUJ+FcbE2FgqDYaSl4gidvaTeryvkElZQLg230Ed0 + Yb5MPlNUp7tuPNI/3uLMaX5JWAMnZFIyA5DEgCXLFlsWqc40+JojvnyyzDnLSQFUGjykzY1WA4b7 + Vs6AUMaQKyElt5ySCuHP9LpEssF78m8AAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8pCCyuU + QVBspwmNJeOXuqPLf+9zkqy6XtyNMko+BPLBiaTTc+d7ee7CY1V2nQaiC7zqW9nEEaDrVczJvyxm + 5Ar0eNAISEgt0CprzZciS+QZS2SUgRlWc0qASL53MT8hYBC+LixV2y22qdgvUtFKmURX5vBsi3Gr + ARAdGo83Dl54TjobDZUNfnIyAt1GNgICjTCvIZLAvISBdiJt6NzQ/hKxiFoCk5H22l2qqnJExfJU + BgWCMH5w0lUqHRqXzCFzru+eswJkZlHCpeb979fTq5l9dWGj7MpYNZekgjyZgqHPomTNj63+8W84 + yqYQH+GGfzIWr4uxeMN6gdJZgcb6TrIu4lHtrUGHDLdzoYsHuIYHyHch6dDujV3M1TXMFRZj4Yqi + dQeBbuflvEwSRgWl97fsSzYkeiiyN1YfognniB4itd+is2DJhoPIW0yGbrCAAuPxqef7Iyp2ZhNu + eGVbTC94GkW4AxWo94zB1i3IJ+NkJPTV5lGFgINSJ7fJ7KMbmMDzvWHsufHAj05H4SAMxl44CaLI + ZaOlF0/OozMp5WgwPfK/4qPO2QnjOmvatvopd8rcrmAR23coHTtpudisQzKZnTKWk8VwXlYHcDk8 + fp7ZIyflhL/diO4/4nYnu/+I253wviNGTopUV6f5WpP6zPRgh+KJkrXqHFVeuwFvw/YvZSbQsd8g + 44Sr58CjeQxWTSTTPXo8palepjPuIRW8/0s/pIL3QHxIBZ2pwBAKQLxVEfdIo1z97EKuKJieULdp + StdAyDUDofaCGbC0FwxTi/n9OhNcUR7db5b6rwj19V+Q3ovi/43ylDAjFDehA/kh5FCinr/BhRTk + x/pRZ9c3A5B/23yo5Z70EvZwGeflhgQ3lJXjhKyYFkpxGmrSyIFUN7+/POy/OK0PSLTb7fYJAAD/ + /wMAS44SffkaAAA= headers: - ATL-TraceId: - - adee57a4a449128d - Connection: - - keep-alive + Atl-Traceid: + - 17d3af74d6708e8e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b951f1e4-a69a-47e1-ac2b-e46d90f2b9b3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '243' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0fc85576-764b-4e72-8c7e-89f451bc7176 - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2m2W3EQPKrIK7Z5EJEknWEmT0qbCsux/N8HFj9vwzvPM - y5yIVgseZkckeY9xWuRm06NFE/vwEaiKTi3LoDz1GElBPnFehuATzAAYBQplu79+bu+eut/tfh11 - moh8yVABBbwWpMfJheOIPnbHCdOBGxfWPkl6HVz/rRCZha24hLcqZpADZyXUJRcdqyUwWdUUAK6A - AyR/wTn1dsP4j911jMuqkozRLfAf1oz33oYECr4TzdZqZSqsFDZgbCMa3WslwBoAVddCaKz+FESX - Gx6GWZH8jlWri4/BqByfiLtMBP3boSXn8xcAAAD//wMAHvbzDFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNtbqIHFVmFdk8ikrYJVtKkNKmwLPvfTXHx4za88zzz + MifopFeHxYCA9xBmL3a7QWnVh8F9OCKDkd6P0hKrAiTwqRY/OhthikgJEkyb/fVzc/fU/m7369TF + CcTLBiWY4GsCg5qNO07KhvY4q3jgxrh1iFK3jmb4VkBEgWFxCW9l2ECGjKVYpZS3WAnkghUEEa8i + idH3aom97Tj9Y+sWUdBaYE3yrP5h++neahfBMqdcZ1rrjFeMlZhViHkhWUl7iUPZc54rzMq/BcFs + DQ/jImF7R8vVhEfXyy0+gblMoOzboYHz+QsAAP//AwA2hfQUWgEAAA== headers: - ATL-TraceId: - - 43379a2c897a6078 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 415d19b8659cd542 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f28b3c15-ad36-4808-b4a4-db74f1be1b7a - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b354539f342b3f93 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f95b8ed2-4c48-44d3-beb4-5be225855be0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5834f672-07b6-419e-87d3-973274d6da44 - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 9506ec794da015b5 - Connection: - - keep-alive + Atl-Traceid: + - f94b93cf84eef6f2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8f57f89c-be29-4d43-a636-8cc753ec3285 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '188' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c34b7fb0-be85-4bd6-8b60-8572c75f4ad9 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2828]\n\n*Defect Dojo link:* http://localhost:8080/finding/2828 - (2828)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/688]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/253]\n\n*Defect Dojo link:* http://localhost:8080/finding/253 + (253)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/97]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1303' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11082","key":"NTEST-893","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11082"}' + string: '{"id":"11777","key":"NTEST-1439","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11777"}' headers: - ATL-TraceId: - - c532abb7dacaf6af - Connection: - - keep-alive + Atl-Traceid: + - 40ff168a7443b9ff + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0070c794-b411-4a9a-a3b3-7a22d8f94e9b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '587' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5e3b1316-7dfa-4e5a-a1a1-4ea31faf26c2 - x-envoy-upstream-service-time: - - '392' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-893 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1439 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xpBSUSOo2ucLsbY9d2TGKgyk1eU2+JHdlO0x7wv9+z - naxjozsYm7TFz37fP+9jf/ZgU1KeerEngacgIX3NIE9Vh9MCVEclKyhoR5QgqWaCqw6kTBegaSdZ - UZ5BLrLOGqTCPUgnUEpQwLU763U8ZiyHYTCMcKEgX+JypXWpYt9PYQmJTsWV6FGdU6UY5T0O2kcb - 2qcl8yOfKVWB3xq4hi3qn87G01l3+KKPkqUN1os/ewqdViqhGjIhty64FFeoEAVR2A0G3Wg4C6O4 - 34/DqNcP+r8HURCYGI0PvS3BmnlkjEbfD4MgMHG6rJtFCiqRrDQVQekhUQXN8w5JmdKMJ5qUDBIg - YklqIa97RjsR/FzmPxKFgqSS4K8Z1HRNNZV/KPYvvCywSVXxxImO05dh0A+HzXKGgb7cpdzxTKPR - 14yqa9OjaqHNV7ykuYKO19rwYmvka8fTDIFRYpO9mFeYiVdKcYXhPbJ6jbatne1GWzuzuNXwXaTn - nGmNBgy+Gm2T1N/2rBJLXVNpElOsKHOGCEnvZIPFtZAZDDeD4Y+E25S5cdZUumSmsPhzu86D4Dl6 - jgabaPBow7aFFiVPVPP/AV/hs0347Nd8bVpnzccD3vrRph/9mrcGnKr92Ovt61cz35v3jl2wY5ef - sINZJiHDub4HQ8SUyCs3Zk6SVEqLwlLEHD1Ez/dtDO/bcNThpGYwLf15cTfEJdXIio50fh7vjtFu - OMx31qQBs/0cicrkFBpeujACxjMv1rICLAfa1O9x2A2kXWzWnDEvWeJy/3xPZkJFZbUSVZ4eMVXm - dNuMBIoTCZirmbrv8WQQvWh58m7Vgn3lDPdtRPs2+jsuYUIyvX1kcVt1f/BzPMoKmoHyjYZqjTAU - 5KLuqXW2454TUbccNfBsQxZgyMRA805SZiq/m224D4fh0KS9ompcsuSE8Wt7FR9BaW5mnrQ9s52s - 7d6NhAs+xouZLnKYAFUOB7L58s5Ozt8cn85Pjkfj0+l4Pp5M3k0wDRwghXnjgdkKyBmyJtfE+CVM - EcHzLcGJZLkxSrQgfzFJyZmEAqeWVAox27MzejeLF2gw+MKCYLC4ir07I4uVzRinOfYMi76bMbN3 - V9a8K5ryWlTnGF3LBNi+jMPN6ao0M/sDOHYvhUcizCnf3FbfXu4/B7odql7R5BofUi2yWuPO16h5 - 0vxSwO27yG+fJ1F7uXIwiE5ELuSpi2aRV9DNJHLE7nEgyJFwzRZFiU89rpsuPNTTb4vzke9+D2ZM - 53AQk8sPtIxiMhLimgG5YBo5SpOpvTzI65xmX0yumGouEpqvhNLxMBgG/pLxFInRj4bR8JO1eGRr - gWFeCWJQEh+Q/1clT83f36yBKSDekDtQEafcikYXY1yd82su6l3so/f3pAdnUqQVvmLGPMOJKrA+ - /gzLgecubTJol/wp6q4WexIqGwPRJ+KTy1Bp8k9FpQZJdib3qMLOZ2i1PxyekWlC+Z7z5u3kPxs2 - dXslKU9W/oxmGOwpttZJK5anx0e3RSNRFEwTpKfVLbEp3FZpKBTmnpaCITIOYiu39TcwLSjjimno - IXjiwaC/b2+f3E/R50JQmbY9uOnF0Q5ixushSRySMEqyAOBEgSZ1AyuNLOfeJWSJ0OqQesWSFSmA - coWb1J1oLGD90AKhSYIsCSlZM0oqBH4ityXSDB7jHNz12jOhTBB/SKAJxC3u6rruiZqqsidk5iPq - YNMrV6UFBgJwvhRy7pypOdV4WS8qbM386buLw+lZd/q2ixejheb55MQZfagwbwGTTGPyZjz7yJHL - cXARPTER5Tr5yMdrZq4QDG4KuuvGrdn7DwAA///sWdtq20AQ/RVhCCQhkiXZ8qVQUtML9KElNNBC - 3tbSJhbVDa3ktLj+957ZXW0UxXJLWoIfDMbI3t2Z8ezMmTPjf1UQpXHUp0Ct7VHQL5Z2rGO8C+Wj - PhVP98nA+IQCfifbUIqLbyueUXpbzFxvji4VdiAgyJh4za04w42k8oyVl1QDGVYFlSCUv+88u6D4 - yCwkgaJSFkvu2U8KNKtgMkhqgYu1EDmtOEEnmvHEQR4LijwTZ61IJF0UqNCv7RONgSRP1IjSnXbK - yDv/mBYsrOh3fs6tWH6wgCfkLun98+uKF4JKeMkVznC1WWe2CV2ZuQA9e+KN4bTF9VvbG2mHorfP - CY8I0k4ZLjY7s07PfuEykyp/BSx5yhC9PobojfsWgjYfqErURUl/ib52trpma3ehj3e5hndJ10uW - uXuj6Qe6C/NmAfnKwhVh7o62pFsHRZ2mjAr44E/VjnxIdDwvn1ntiZZdArOoiUAjFdyy8SjylrOx - GyzxA6bTuef7EyIXZhM07NnG6YIXUQQdqPiDBxts3dq9MRBHQvf21yriHVALuU0CjHocBp7vjbnn - 8pEfzSfhKAymXjgLoshlk1uPzy6j11LKyWhx4n/AS52zU5bp2mfb6ivh1MK+h0ds36Fgd4p6mcQh - ucwuGBPkMZxHZlUxuDMe313ZE6fIyP5u4374Fnfb/8O3uDtCOHSLAT2R6pk1P24zzSs9+6J8InBW - nbqCrxvgK7a/r8u84MMbIE64ekg8Gllh1WQy6dHDN02tS424Ryh4+Us/QsFLWHyEgl4o6DIPUKnB - ZktnGqYB2+9UKm5oDK6fXSjMK5bgaYeUvsmc2zeZc81krrtgKBzP1nGZZ4oL6ca/1n+9qI9/ZSm6 - Sylh0zxqFHwG8rX+NBo2ci8GKfvxhYs6IcEt3XLMUlaLStmxzqv/NtpVsoxMqEJb+jWXQ6pm+kqz - ZRr9kEZjx2Nj/UfW6gPSO9vt9jcAAAD//wMAgZwFhcEbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdiLHQHD0MXu1i3IssRpgaZFQFNniTVFaiQV22vz33fU + i906dbdkWBHAkXi89+ce3XsP1iWVqZd4GmQKGtLnHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+h1GBA2vYuq4xVxcIZvI3CMAr7Gv6swNjZpoQLTZnlDDzf485/FI1GI3wxIBb4 + mltbmiQIUlgAs6l6p/rUCmoMp7IvwQboyQa05EEccGMqCDoDS9ig/vlsejXrRcPBCR7VIRgvee8Z + jK0yjFrIlN40OaT4hhpxGMe9cNyLTmZhmEQnCcY7GA2/C+MwdEE6JxYDr808MUinH2ApwnibdvuS + gmGal65wePqMmIIK4ZOUG8sls6TkwICoBVkpvew7babktRaPjKKS3LWLilt6Ry3VwR2HVVCHtQuw + FUXhIBr/aPhf8EOBba8K9OpggS5n1Cxdr6q5dU/JggoDvtcovsC8al3fyzkCR7N8cwZ3gLGG975n + OSKrRJR4iawwR28PJoOwE5RavcOMnljwVrsud93Artzu5SOQ7LK6ltxaNGC8rW+H1N/qu0Yt7Ipq + h1fDi1JwDDjdyxz7UaNsOF4Px48M9wud6TLZ9mUYOqDHw3U8/H+9NN2vsYgOo+N1dPw1HK47j4N4 + PYi/hscW4Pf3D+EYHcJp3AkWfP2y4UDs/s1bREOWaciQVh5gHeNUomqm/LNW49EhwfiQ4OSh8YbS + mlNHGDV7e0kv8j2smn2JFXHgbS9QizTf0OPjx6wh3x3dBo057YaofjxVlcs/chT6yh1wmXmJ1RXc + t6zqrGnOmqq8f3DmIsOrJleVSCfclIJu2sFz7dKAybrZ/hyBh+GWwPfLtqWZfcGhhsfbhpeaK83t + 5okl69SD4eN4nBc0AxM4DdMZ4Xgg1Kpv7rIdkZ2pVUd4Q+8hpONBl4igc3CU5UC7/7U+PlCG6BBC + o7GrR07NtOTsjMvlcyeZQOk2C8m6ntWdXNWy7YlUcoqLBZ0LuARqGhzo9sm7OLv++cX57dmL0+n5 + 1fR2enn5+yXmh6NlsCB4YZYDuUBulpY4v4QboqTYEJxzLpxRYhX5lWtKLjQUOOikMojQ/ufmPcJx + 8sIPPAzHfJR4e8OMJc+4pAKbid3YDZmT7Z+1e1Fb3hrVAqPrOAL7mknY3q5KN7T/AsfNCvNE6DXK + 22/ip1vH49C4g9tPlC1xEewg1xlvfJ22u9Z/Crhb2IJub4q7T7gEB3WmhNLnTTRzUUEv08gRu3VF + kYlqmq2KEldVadsufKmnnxbnjdz9Hc24FXCUkJvXtIwTcqrUkgN5xS1ylCVXwCoN5Lmg2QeXK6Yq + FKMiV8Ym43AcBgsuU6TBIP5+8LY2OKlLgVG+U8SBJDki/6hJvsGfb2v1K1yvHKOgGs5+G+SkAjLB + fPBwAqxPomOfOGxtszh9NUXZDf7rHUfDOlTXFraCfsGthr7SWYCopK5THJcjh+YAr/ZzW4g68MbO + S2fnWi6lWn1cpQut0go/t1OZ4ZwWWPVghkV2PusSYcDkF7XqWXWgTGVrIH5LAnITGUv+qKi2oMnO + 5AFV2PmMau3Xzy7IFaPywH239wUno21SH6VxtTEWCoNppKXiCJ2jpD6vO+QKVlAuDbfQR3RhvUw+ + V1Snh248sD/Z4cxZfkZYAydkUjIHkMSAJasWWxapzjT4WiC+fLLKOctJAVQaFNLmRmsB030j50Ao + Y8iVkJI7TkmF8Gd6UyLZ4D35NwAAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfykILK5RBUGyl + CY0l45e6o8t/73OSojpe040ySj4E8sGxpNNzJ93dc2fBdZL1GogucNS3qogjQNcLLuh+OczKlajx + oBGQkFrgW85SzGWeqjWOzCkCM4wWFAARfO+4OCFgEL4sHZ3JHbaq2S9S0cmYQlcVuNkOE04DICo0 + wVceDrwgna2G2gY/BRmBdiMbAYFBWGwgksCigoFeRNrQuaH9JXwRuQQmI+3Ndanr2pM1KzLlFHBC + /uBli0xdaGwyhcyp2XvKSlCXWYUrNe1+vx5fTdyrCxdpV/mq3SSTdJPJGbosSZfi2Oke/8ZFWZXy + I67hn4wl2MVYgv6ugaiZn0pU3HeKfBGdak317dT2wC4e4FseoM5C0aGXJ1rmupVK2+G2vcrSWpiT + xQtyZR2ziypNGSWUzt+iL9mQ6KHM35h9iCacw3uIwn5LzqI56/eSYDbq+9EMGIfD0yAMB5Ts7CTs + 8Mo0Tgc8ThLsgQzUecbgmtrkk71kJPTVqlK7gIdUp6ap6GMqmygIgz4PfN4Lk9NB3IujYRCPoiTx + 2WAe8NF5cqakHPXGR+FX/PQ6N2XCRE3X1a8KryrcGhZxQ4/CsZdVs9UyJpO5GWMFWQzrVXYAl8Pj + 54k78DJB+NsV6v4jbpe4+4+4XSLvO2KEnkTXcIavNanPxHR8yJ8oWOs6UYevG/A2TP9S5RKl/A0i + Trx4djxq1GDUejLtY9pThurlJuIeQsH7H/ohFLwH4kMo2BkKLPMAxFvtcY/U4zXPPuTKkpkOdZuJ + 7GoI+bYh1B6wDZb2gGVqXNwvcyk0qzH1ZmU+Rei//4L0Xpb/r3GnhVmh2AkVyA+pmhK22yZTDflx + 82ii65sBqM82HzZyTzope7jkRbUiwQ1lVTshL8elVpyamtRyINXt++3F4dZqs0ChXa/XTwAAAP// + AwCwE2yw+RoAAA== headers: - ATL-TraceId: - - 50c65dab66f87988 - Connection: - - keep-alive + Atl-Traceid: + - 74bf8eed45eff45e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4beeac6f-42a3-46e6-9554-bf6d7fe43bac X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '222' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4a612b9e-761f-42ef-bf07-93b929f187f3 - x-envoy-upstream-service-time: - - '105' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,89 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11082 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11777 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSinWR0ImVbscdY1xbQBqbKjd5TU0TO7Kdpr2N//2e - nYSysnIbAwniZ7/vn/exvziwzimPndCRwGOQEL9lkMaqxWkGqqWiBWS0JXKQVDPBVQtipjPQtBUt - KE8gFUlrBVLhHsQjyCUo4Lo667QcZiz7vtcPcKEgneNyoXWuQteNYQ6RjsWt6FCdUqUY5R0O2kUb - 2qU5cwOXKVWA2xhYwgb1zyfD8aTdf91FydwG64RfHIVOCxVRDYmQmyq4GFeoEHiB3/Z67aA/8YOw - 2w39oNP1ur97geeZGI0PvcnBmnlmjEbf9T3PM3FWWdeLGFQkWW4qgtJjojKapi0SM6UZjzTJGURA - xJyUQi47RjsS/FKmPxKFgqiQ4K4YlHRFNZV/KPYvHGXYpCJ7UYlO4yPf6/r9ejnBQI+2Kbcc02j0 - NaFqaXpUzLT5Cuc0VdByGhtOaI3ctRzNEBg5NtkJeYGZOLkUtxjeM6tXa9va2W40tTOLBw3fRnrJ - mdZowOCr1jZJ/W3PKjHXJZUmMcWyPGWIkHgnGyyuhUyvv+71fyTcusy1s7rSOTOFxZ+Hde55r9Bz - 0FsHvWcbti20KHmh6v9P+PIP1/7hr/laN87qjye8dYN1N/g1bzU4VfOx19vdnZnv9VXFLtixm8/Y - wSSRkOBcP4IhYkqkRTVmlSQqlBaZpYgpeghe7dvoP7ZRUUclNYNp6c8J237LwTT1FU6cwVV9gGrk - yYqGfn4CKo67ZzW3siYNvO3nQBQmS98w1bURMJ44oZYF3NXkZYxJFlW5f3kkM4HhUbUQRRqfMJWn - dFOPBIojCZirmbrv8aQXvG54crdq3r5y+vs2gi1lMCGZ3jyzYo262/s5umQZTUC5RkM1RhgKUlF2 - 1CrZUsyZKBsq6jmmRjuJdJtEUjoDQyYGmjuHzFR+twz+Phz6fVOPBVXDnEVnjC/tVXwCubmZedT0 - zHaytHv3Ei74EC9mOkthBFRVOJD1l3Nxdvnu9Hx6djoYno+H0+Fo9GGE+eEAKSwIHpgsgFwga3JN - jF/CFBE83RCcSJYao0QL8heTlFxIyHBqSaEQoR07o7tZvEaD3lfmeb3ZbejsjCyWPGGcpthM7MZ2 - xszerqx+V9TltahOMbqGCbCvCYf700VuZvYHcFy9FJ4JvUr5/rb69nL/OTRu4faGRkt8SDWQa4xX - vgb1k+aXAm7eRW7zPAmay5WDgXokUiHPq2hmaQHtRCJHbB8HgpyIqtkiy/Gpx3Xdhad6+m1xPvHt - 78GE6RQOQnLzkeZBSAZCLBmQa6aRozQZ28uDvE1p8tXkiqmmIqLpQigd9r2+584Zj5EG3aAf9D9b - iye2FhjmrSAGJeEB+X9V8tL8/c0aGAPiDUkFFXH8rWhwPcTVJV9yUW5jH1w9kh5cSBEX+IoZ8gQn - KsP6uBMsB567scmgXfKnKNta7Ekorw0En4lLbnylyT8FlRok2Zrcowpbn77V/nh8QcYR5XvOm7eT - e9iv6/ZGUh4t3AlNMNhzbG0lLVgan548FA1EljFNkJ4WD8SmcBulIVOYe5wLhsg4CK3c1t/ANKOM - K6ahg+AJe73uvr19cjdGnzNBZdz04L4XJ1uIGa/HJKqQhFGSGQAnCjQpa1hpZLnqXULmCK0WKRcs - WpAMKFe4SasTtQWsH1ogNIqQJSEmK0ZJgcCP5CZHmsFjnEN1vXZMKCPEHxJoBGGDu7IsO6KkKu8I - mbiIOlh38kVugYEAnM6FnFbO1JRqvKxnBbZm+vLD9fH4oj1+38aLxkLzcnRWGX2qMO8Bk4xD8m44 - +cSRy3FwET0hEfkq+sSHK2auEAxuDLpdjVu99x8AAAD//+xZbWvbMBD+KyZQaEvtWE6cNIPRhb3A - PmyUFTboN8VWGzO/YdnpRpb/vuckRU3cOBvdKPkQKEWJXu50unvuucu/CoizJO4SoOf2COg+llYs - EvyX2kZdIp6uU47xCZn9XpWh5Bff5iKn8Ha4fd4CVSr0gEOQMslCOEmOF8nUHqeoKAdyzEpKQUh/ - 30V+Qf6ROwgCTaUcnj7wn+RoTsmVkzQSD+vAczb8BJVoLlIPcSzJ86yfbXgiySJHhXyjn1wrSOfJ - Bl66U0/leecfs5JHNd3zc+Ek6oMDPCFzKeuf39SilJTCK6FxRujFJrKt66rIBei5IzaE0aY3b102 - MAZFbV8QHhGknXI8bH7mnJ79wmOmdfEKWPKUIbIuhsiGXRPhJh+oK+RFRXaJvraW+nZpe8LyLmVh - xTJ3L+ziYb6tB9oTk/XEFqdp5z0EM4/mBMg6R8omyzgl8N6fsh3ZkOh4UT0z2xMtuwJmUcmAQiq8 - 48NBzGaXQz+c4QLj8YQFwYjIhV0ECXuWCXrgaRxDBjJ+71EH15R2byzE0aF762vt8R6ohVqmAEYP - +yEL2FAwXwyCeDKKBlE4ZtFlGMc+H90xcXkVv1annAymJ8EH/Ol9bsZzk/tcV38lvUa6D7CIG3jk - 7F7ZzNIkIpO5JeeSLIb9iKw6AXfG8N21O/LKnPRvF+6Hr3G7/D98jdsthEPXGNAT65rZ8ONNpnlt - el8UTwTOui7X8HULfMXy901VlKJ/CyiK5o+BRy0rzNpIJjmm+WaodWUQ9wgFL//oRyh4CY2PUNAJ - BW3mASrVW65oz5p5QPd7HYpLaoObsQ+BRc1TjHac0tWZ821nrj1hO13tCUvhRL5IqiLXdMcU/o35 - 6UV//BtNF0X93xqo+ix7JgShHPxaqOaQ7XqimlUaL9dDg7rPlq9+pOqvz73oZfzHFyGblA7euKtq - 61T1tNb3pt4ytX7o5vb77c3B1m6zQWm7Wq1+AwAA//8DABlShPjBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdiLHQHD0MXuli3IssRpgaZFQFNniTVFaiQV22v733fU + i906dbdkWBHAkXi89+ce3TsP1iWVqZd4GmQKGtLnHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySK+g1GBA2vYuq4xVxcIZvIvCMAr7Gv6swNjZpoRLTZnlDDzf485/FI1GI3wxIBb4 + mltbmiQIUlgAs6l6q/rUCmoMp7IvwQboyQa05EEccGMqCDoDS9ig/sVsej3rRcPBCR7VIRgveecZ + jK0yjFrIlN40OaT4hhpxGMe9cNyLTmZhmEQnCcY7GA2/C+MwdEE6JxYDr808MUinH2ApwnibdvuS + gmGal65wePqMmIIK4ZOUG8sls6TkwICoBVkpvew7babkjRaPjKKS3LWLijt6Ty3VwT2HVVCHtQuw + FUXhIBr/aPhf8EOBba8K9OpggS5n1Cxdr6q5dU/JggoDvtconmFeta7v5RyBo1m+OYd7wFjDD75n + OSKrRJR4iawwR28PJoPwkCDqBKVWbzHVJ3ai1a77UHe264N7+Qg9u3RvJLcWDRhv69tB+Lf6rlEL + u6LaAdnwohQcA073SoKNquE3HK+H40eG+4WWdZlsGzYM3QTEw3U8/H+9NLCoQYoOo+N1dPw1HK47 + j4N4PYi/hscW+R8+PIRj3MFxwdcvGg7EJt++waZnmYYMaeUB1jEcJapmyj8L8nh0SDA+JDh5aLyh + tObUEUbN3l7Si1oec1XRnDVxvHtw5rCKCZtcVSKdcFMKumkRjccravGz0NDp46evIesdPQeNOe1m + q348VZWrVx3qS3fAZeYlVlfONxq1L7BtbsLaamjAZN0If47Aw3BL4PtlO0Qz8ZZm9gXbhu8LBjti + 4kpzu3libTr1YPg4gucFzcAETsN0RjgeCLXqm/tsR2TnatUR3tCryzkHx0wOtPtf6+MD2UaHEBqN + Xdo5NdOSs3Mul8+dZAKl2ywk6xBU42pVy7YnUskpLhZ0LuAKqGlQqdsn7/L85uezi7vzs9PpxfX0 + bnp19fsVpoGjZTBvvDDLgVwiBUtLnF/CDVFSbAiOMxfOKLGK/Mo1JZcaCpxnUhlEXP9zYx3hOHnh + ex6GYz5KvL1hxspmXFKBPcOi74bMyfbP2r2oLW+Ne4HRdRyB7cskbG9XpRvaf4HjZoV5IsIa5e2n + 79Ot43Gg26HqJ8qWuAh2yOqMN75O213rPwXcLWxBtzfF3ZdagkM0U0Lpiyaauaigl2lkrN26oshE + Nc1WRYmrqrRtF77U00+L81ru/o5m3Ao4SsjtK1rGCTlVasmBvOQWGdOSa2CVBvJc0Oy9yxVTFYpR + kStjk3E4DoMFlynSWhB/P3hTG5zUpcAo3yriQJIckX/UJN/gz7e1+jWuV444UA1HvA1yUgGZYD54 + OAHWJ9GxTxy2tlmcvpyi7Bb/9Y6jYR2qawtbQb/gVkNf6SxAVFLXKY47kENzgFf7uS1EHXhj54Wz + cyOXUq0+rtKlVmmFX9WpzHBOC6x6MMMiO591iTBg8ota9aw6UKayNRC/IQG5jYwlf1RUW9BkZ/KA + Kux8RrX2q2eX5JpReeC+W++Ck9E2qY/SuN4YC4XBNNJScYTOUVKf1x1yBSsol4Zb6CO6sF4mnyuq + 00M3Htif7HDmLD8jrIETMimZA0hiwJJViy2LVGcafC0QXz5Z5ZzlpAAqDQppc6O1gOm+lnMglDHk + SkjJPaekQvgzvSmRbPCe/BsAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfykILK5RBUGynMY0l + 45e6o8t/73OSojpe3Y0ySj4E8sGJpNNz53t57sJjVfKdBqILvOpb2cQRoOtVzMm/LGbkCvR40AhI + SC3QKivhS5Gn8owlcsrADKsFJUAk37uYnxAwCE9KS/EKi61r9otUtDIm0VUFPNti3GoARIfG47WD + F16QzkZDZYOfnIxAt5GNgEAjLLYQSWBRwUAvIm3o3ND+ErGIWgKTkfbaXeq6dkTNikwGBYIwfnCy + VSYdGpfMIXOu756zEkRqUcGl5v3v19OrmX11YYMmyFg1l2SCPJmCoc+iNOHHVv/4NxxlXYqPcMM/ + GYvXxVi8YddC0KxPJTruO0mmiNy1trpma3uhiwe4hgfIdyFZz8sbDXPdKaXtdNs+ZWgtzMnCFYWy + ytlFlaaMCkrvb9mXbEj0UORvrD5EE84RPURJv0VnwZINB5G3mAzdYAGM4/Gp5/sjKnZmE254ZVtM + L3gaRbgDFaj3jMHWLcgn42Qk9NXmUYWAg1Int8nsoxuYwPO9Yey58cCPTkfhIAzGXjgJoshlo6UX + T86jMynlaDA98r/io87ZKeM6a9q2+qlwqsKuYRHbdygdO1m1WCchmczOGCvIYjgvqwO4HB4/z+yR + k3HC325E9x9xu5Pdf8TtTnjfESP1RKqj1HytSX1merBD8UTJWvV9Kn3dgLdh+5cqF+jYb5BxwtVz + 4NE8BqsmkukePZ7SVC/XGfeQCt7/pR9SwXsgPqSCzlRgmAcg3qqIe6RRrn52IVeUTE+o20ykayDk + dg2EXDMQai8Yphbz+yQXXLEa3W9W+q8I9fVfkN6L8v8N4pQwIxQ3oQP5IeRQYjv7gwspyI/bR51d + 3wxA/m3zYSv3pJeyh8u4qNYkuKGsHCfk5bRUitNQk0YOpLr5ffewv3NaH5BoN5vNEwAAAP//AwBY + ChMD+RoAAA== headers: - ATL-TraceId: - - c052571d9c6bea0e - Connection: - - keep-alive + Atl-Traceid: + - 3e13aed1ba176957 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 725d4a99-4349-4b8a-95ec-0888180a0094 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '255' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a461fa29-5ffa-4d47-9b08-211c478b17d9 - x-envoy-upstream-service-time: - - '141' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml index 318cbe351d2..72f6b708ada 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0m2W3EQPKrIK7Z5EJGmnWEmT0qTCsux/N8HFj9vwzvPM - y5yI0QEPiyWKvMc4B7XZ9DhgF3v/4amOVocwakcdRlKQT1zC6F2CGQCjQKFs9tfPzd1T+7vdr5NJ - E1EvGSqggNeC9Dhbf5zQxfY4YzpwY/3aJ8mso+2/FaKysJWX8FbHDHLgrISq5LJllQKmREUB4Ao4 - QPIDLqm3Had/7K5lXAmhOKdQsR+2m+7d4BMo+U7W28HoTqDQWEM31LI2vdEShg5AV5WUBsWfgmhz - w8O4aJLfGfRq46PvdI5PxF4mgu7t0JDz+QsAAP//AwCC0jB8WgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE26uYkeVGQVtnsSkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4I5zA4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8v7t+3t89Nb/b3TK0 + aQL5skIZZviagTaT88fBjLE5TiYduHF+0Ulql97pbwVkEhhWl/BWxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8YObU2/TDP3bbIEq6lVSQklc/bDfcj9YnkJdU2MJaW4iaMY5FjVhWinHaKdS8E6I0WPC/BdGt + DQ/9rGB9x6rFxUffqTU+gbtMYMa3wx7O5y8AAAD//wMA/s7l11oBAAA= headers: - ATL-TraceId: - - c3cb85c250dfc7a6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 827a9effa5e25b78 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d4bf828e-a878-4591-aa22-3612ae4e6c18 - x-envoy-upstream-service-time: - - '53' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 6b85e064e8172bed - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1de5c9b8-3807-4893-8cbd-4bb5d3cdf285 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 95eb91a7-6780-4a84-8817-d96389236769 - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 9c2330c334bcc723 - Connection: - - keep-alive + Atl-Traceid: + - 3d52455d5322b73f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8e743a91-6ad5-4682-a37b-edb48de8f5a1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '385' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d199324b-d03d-4c20-9a98-556e421ec1aa - x-envoy-upstream-service-time: - - '138' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2831]\n\n*Defect Dojo link:* http://localhost:8080/finding/2831 - (2831)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/690]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/256]\n\n*Defect Dojo link:* http://localhost:8080/finding/256 + (256)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1303' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11083","key":"NTEST-894","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11083"}' + string: '{"id":"11778","key":"NTEST-1440","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11778"}' headers: - ATL-TraceId: - - 7626f8ab005c2311 - Connection: - - keep-alive + Atl-Traceid: + - 1cf3ec8fd30de603 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 55c1869b-1d23-4733-be4e-7af27428487b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '592' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1b87d74a-852f-487b-9aee-70d9d024cfd9 - x-envoy-upstream-service-time: - - '521' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-894 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1440 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF0mWy/2EldAMaSO22VL08x2GqBpYdDSWWYtkQJJWfba/Pcd - KSlOkzlr0wRIxCPv/bmH/OLApqA8cSJHAk9AQvKaQZYol9MclKviJeTUFQVIqpngyoWE6Rw0deMl - 5SlkInXXIBXuQTKGQoICruuzjuswYzkI/EEPFwqyBS6XWhcq8rwEFhDrRHwWXaozqhSjvMtBe2hD - e7RgXugxpUrwWgMr2KL++XQ0mXYGL/ooWdhgneiLo9BpqWKqIRVyWweX4AoVQj8MOn6/Ew6mQRj1 - elHY6/rB0a9+6PsmRuNDbwuwZp4Yo9H3At/3w9usm0UCKpasMBVB6TFROc0ylyRMacZjTQoGMRCx - IJWQq67RjgW/lNn3RKEgLiV4awYVXVNN5e+K/QMvc2xSmT+rRafJy8DvBYNmOcVAX+5Sdh3TaPQ1 - pWplelTOtfmKFjRT4DqtDSeyRm5cRzMERoFNdiJeYiZOIcVnDO+J1Wu0be1sN9ramcWdhu8iveRM - azRg8NVom6T+smeVWOiKSpOYYnmRMURIci8bLK6FTH+w6Q++J9ymzI2zptIFM4XFn7t17vtH6Dns - b8L+kw3bFlqUPFPN/0d8BYeb4PDnfG1aZ83HI9564aYX/py3Bpyq/djr7ebGzPfmfc0u2LHrT9jB - NJWQ4lw/gCFiSmRlPWa1JC6VFrmliBl6CI/2bQwe2qipo5aawbT050SdwHUwTf0eJ87gqjlANfJk - TUM/PgE1x92ymldbkwbe9nMoSpNlYJjqyggYT51IyxJuGvIyxiSL69y/PJCZwPCoWooyS06YKjK6 - bUYCxbEEzNVM3UOeDLuHvx22PHm/av6+cgb7NsJ9G70dlzAhmd4+sZStumfuhh/gUZbTFJRnNFRr - hKEgE1VXrdMd95yJquWovnNjsDAHQyYGmveSMlP5n9kG+3AYDEzaS6pGBYvPGF/Zq/gECnMz87jt - me1kZfduJVzwEV7MdJ7BGKiqcSCbL+fi7PLN6fns7HQ4Op+MZqPx+N0Y08ABUpg3HpgugVwga3JN - jF/CFBE82xKcSJYZo0QL8ieTlFxIyHFqSakQoV07o/ezeIEG/a/M9/tzGTn3RhYrmzJOM+wZFn03 - Y2bvvqx5VzTltajOMLqWCbB9KYfb02VhZvY7cFy/FJ6IsFr59rb69nL/MdDtUPWKxit8SLXIao3X - vobNk+anAm7fRV77PAnby5WDQXQsMiHP62jmWQmdVCJH7B4HgpyIutkiL/Cpx3XThcd6+m1xPvLd - 78GU6QwOInL9gRZBRIZCrBiQK6aRozSZ2MuDvM5o+tXkiqlmIqbZUigdDfyB7y0YT5AGvXDQCz5Z - iye2FhjmZ0EMSqID8v+q5Ln5+4s1MAHEG3IHKuKUW9HwaoSrS77iotrFPnz/QHpwIUVS4itmxFOc - qBzr402xHHju2iaDdskfouposSehojEQfiIeuQ6UJn+XVGqQZGdyjyrsfAZW+8PxBZnElO85b95O - 3uELv67bK0l5vPSmNMVgz7G1tbRkWXJ6clc0FHnONEF6Wt4Rm8JtlYZcYe5JIRgi4yCyclt/A9Oc - Mq6Yhi6CJ+r3e/v29sm9BH3OBZVJ24PbXpzsIGa8HpO4RhJGSeYAnCjQpGpgpZHl6ncJWSC0XFIt - WbwkOVCucJPWJxoLWD+0QGgcI0tCQtaMkhKBH8ttgTSDxziH+nrtmlDGiD8k0BiiFndVVXVFRVXR - FTL1EHWw6RbLwgIDAThbCDmrnakZ1XhZz0tszez5u6vjyUVn8raDF6OF5uX4rDb6WGHeAiaZROTN - aPqRI5fj4CJ6IiKKdfyRj9bMXCEY3AR0px63Zu9fAAAA///sWdtq20AQ/RVhCCQhkrWy5UuhpKYX - 6ENLaKCFvK2lTSyqG1rJaXH97z2zu944iuWWtAQ/GEJYey8zOztz5sz4XwXEWRJ3CdBzewR0H0sr - lgn+S22jLhFP1ynH+IQEfqfKUPKLbwuRU3g73D5vgSoVesAhSJlkKZwkx4tkao9TVJQDOWYlpSCk - v+8ivyD/yB0EgaZSDk/v+U9yNKfkykkaiYd14DlbfoJKNBephziW5HnWz7Y8kWSRo0K+0U9uFKTz - ZAMv3amn8rzzj1nJo5ru+blwEvXBAZ6QuZT1z69rUUpK4ZXQOCP0YhPZ1nVV5AL03BEbwmiz67cu - GxiDorYvCI8I0k45HjY/c07PfuEx07p4BSx5yhBZF0Nkw66JcJsP1BXyoiK7RF9bS327tD1heZey - sCKTuxd28TDf1gPtielmAvHKowVh7o6ypJ0HZZNlnBJ470/ZjmxIdLyonpntiZZdArOoZEAhFd7y - 4SBm88nQD+e4wHg8ZUEwInJhF0HCnmWCHngWx5CBjN970ME1pd0bC3F06N76Wnu8B2qhlimA0cN+ - yAI2FMwXgyCejqJBFI5ZNAnj2OejWyYml/FrdcrJYHYSfMCf3udmPDe5z3X1V9JrpHsPi7iBR87u - lc08TSIymVtyLsli2I/IqhNwZwzfXbkjr8xJ/3bhfvgat8v/w9e43UI4dI0BPbGumQ0/3maaV6b3 - RfFE4Kzrcg1fN8BXLH/fVEUp+jeAomjxEHjUssKsjWSSY5pvhlpXBnGPUPDyj36EgpfQ+AgFnVBg - CQVUvNMRt6Jutxn7OLeoeYrRDmoE3tVbrXtPJ7o6c35XZ863nbn2hKVwIl8mVZFrLmQK/8b89KI/ - /s0VlkX93xqo+ix7JgShHPxaqOaQ7XqimlUarzZDg7rPlq9+pOpvzr3oZfzHFyGblA7euqtq61T1 - rNb3pt4ytX7o5vb7x5uDR7vNBqXter3+DQAA//8DACeSGKHBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvcRNHAHD0MXu1i3IssRpgaZFQFNniTVFqiQV22v733ek + JLt16m7JsCKAI/F47889uvcBrCoqsyANNMgMNGTPOIjM9CQtwfQMK6CkPVWBppYraXqQcVuCpT1W + UJmDUHnvDrRBGWSXUGkwIG17l9XGqnLuDN7GURRHAw3vajB2uq7gQlNmOYOgF3DnP46Pj0f4YkDM + 8bWwtjJpGGYwB2Yz9VYNqBXUGE7lQIIN0ZMNacXDJOTG1BB2BhawRv3z6eRq2o+HwwiPfAgmSN8H + BmOrDaMWcqXXTQ4ZvqFGEiVJPxr145NpFKXxSRqPBsfJkx+iJHI2vBOLgXszjwzS6YdYiijZpN2+ + ZGCY5pUrHJ4+JaakQvRIxo3lkllScWBA1JwslV4MnDZT8lqLB0ZRS+7aRcUtvaOW6vCOwzL0YW0D + bEVxdBiPfjL8L/ixxLbXJXp1sECXU2oWrlf1zLqndE6FgV7QKD7HvLxuLyg4AkezYn0Gd4CxRh97 + geWIrApREqSyxhyDHZgcRp2g0uotZvTIgrfavty+gV253csnINlmdS25tWjABBvfDqm/+7tGze2S + aodXw8tKcAw428kc++FRNhythqMHhvuVznSZbPoyjI4xjGS4Sob/r5em+x6L6DA+WsVH38LhqvN4 + mKwOk2/hsQX4x4/34Rjvw2nSCeZ89aLhQOz+zRtEQ55ryJFW7mEd41Sibqb8i1aT432C0T7ByX3j + DaU1p44wPHsHaT/GV2qR1BsyfPhQNVS7JdewMafdyPjHU1W7bGNHmC/dAZd5kFpdA5YWjdoX2A03 + OE1w3p6zrzlrqvL+3pmLFZVNoWqRjbmpBF23g+fapQGTdbP9JQI/PI46At8t24ZmdgX7Gp5sGr4r + ONwyFlea2/Ujq9uph8OHETwvaQ4mdBqmM8LxQKjlwNzlW4Y7U8uOCYeBb8gMHGU50O5+rY/2ZBvv + Q2g8cmkX1Ewqzs64XDxzkjFUbrOQrOuZ7+TSyzYnUskJLhZ0JuASqGlwoNun4OLs+pfn57dnz08n + 51eT28nl5R+XmAaOlsG88cK0AHKB3CwtcX4JN0RJsSY451w4o8Qq8hvXlFxoKHHQSW0Qs4MvzXuM + 4xREH3gUjfg8DXaGGSubc0kF9gyLvh0yJ9s9a/eitrwe1QKj6zgC25dL2NyuKze0/wLHzQrzSIQ1 + yptv4udbx8NAt0XVz5QtcBHskNUZb3ydtrvWfwq4W9jCbm9Kuk+4BIdopoTS5000M1FDP9fIEdt1 + RZGxapqtygpXVWnbLnytp58X57Xc/h1MuRVwkJKbV7SKU3Kq1IIDecktcpQlV8BqDeSZoPkHlyum + KhSjolDGpqNoFIVzLjMkxjB5cvTGGxz7UmCUbxVxIEkPyD9qku/w53uvfoXrlSMOVMMRb4Mc10DG + mA8ejoENSHzUIw5bmyxOX05QdoP/+kfx0Ifq2sKWMCi51TBQOg8RldR1iuNy5NAc4tVBYUvhA2/s + vHB2ruVCquWnVbrQKqvxczuROc5piVUPp1hk59OXCAMmv6pl36o9ZapaA8kbEpKb2FjyZ021BU22 + JveowtZn7LVfPb0gV4zKPffd3heenGyS+iSNq7WxUBpMI6sUR+gcpP7cd8gVrKRcGm5hgOjCepli + pqjO9t24Z3+8xZmz/JSwBk7IpGQGIIkBS5YttixSnWnwNUd89ciy4KwgJVBpUEibG60FTPe1nAGh + jCFXQkbuOCU1wp/pdYVkg/fk3wAAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+lIUWViiDoNhO + YxpLxj/qji7/e99Jiup4dTfKKPkQ6Ic0lk7vzrp37y48VkXWaSC6wKu+lU0cAbpexZzul8WMXYEe + Dx4BCbkFvWUlfCnyVO6xRE4MzPC0IAIE+d7F/ISAwXhSWqqSW2xds1/kopUxia4qcLMtxq0GQHRo + PF47eOEF+Ww8VDH4ySkIdBrFCAg0wmILkQwWFQL0ItKGzw3vL5GLqCUIGXmvr0td146oWZHJpEAS + xg9OtsrkhcYhc9ic67PnrIR0WVS4UvP+9+vp1cy+urAhE2SumkMyQTeZkqHPojThx1b/+DcuyroU + H3EN/1QsXpdi8YbNMlSisb6TqotUU3tp0GHD7XxgdIAMuRQ3Ly/s0gVul3J1jXLdqbFtHkY4Wbii + VFacXVRpyqig9P7GvhRDkocif2P1IZlwjuwhUfstOguWbDiIvMVk6AYLODAen3q+P6JiZxbhhFeW + xfSCp1GEM1CBes8YbN2bfDKXjIy+2lWqFHBQ6uQyyT66swk83xvGnhsP/Oh0FA7CYOyFkyCKXDZa + evHkPDqTVo4G0yP/K/7UPjtlXLOmbauvCqcq7BoRsX2H6NjJqsU6CSlkdsZYQRHDflkdoOXw8fPM + HjkZJ/ztDnX/Ebdb3P1H3G6R9x0xOClSPZzWa03pM9MTH8onImvVOSpeu4Fuw/IvVS7Qyt+AisLV + c+LRoAZPTSbTOXo8paVerhn3QAXv/9IPVPAeiA9U0EkFRmAA4q3KuEea8erPLuyKkukJdVumdA2E + 3K6BkGsGQu0HRqnF/D7JBVeqRveblf4pQv37L0jvRfn/RnnKmDGKk9CB/BByKGGmbSJVkB+3HzW7 + vhmA/Nnmw9buSS9lD5dxUa3JcMNZOU7Iy2mpHKehJo0cyHXz/e5mf2e33iDRbjabJwAAAP//AwDk + NSTJ+RoAAA== headers: - ATL-TraceId: - - 2921449b7463af63 - Connection: - - keep-alive + Atl-Traceid: + - 581816c83cebb3ea + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0c85f2e3-6d47-4130-b465-00e0e42b4641 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '231' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1e5e1bdd-58e5-43a6-a949-033bb918d525 - x-envoy-upstream-service-time: - - '281' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11083 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11778 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2EldAMKSO22VL08x2EqBpYdDSWWYtkQJJWfba/Pcd - KSlOnTlr0wRIxCPv/bmH/OLAOqc8dkJHAo9BQvyGQRqrFqcZqJaKFpDRlshBUs0EVy2Imc5A01a0 - oDyBVCStFUiFexCPIJeggOvqrNNymLHs+16/iwsF6RyXC61zFbpuDHOIdCw+iw7VKVWKUd7hoF20 - oV2aMzdwmVIFuI2BJWxQ/2IyHE/a/Vc9lMxtsE74xVHotFAR1ZAIuamCi3GFCoEX+G2v1w76Ez8I - u90w6HY8/+hXL/A8E6PxoTc5WDPPjNHou77necF91vUiBhVJlpuKoPSEqIymaYvETGnGI01yBhEQ - MSelkMuO0Y4Ev5Lp90ShICokuCsGJV1RTeXviv0Dxxk2qcheVKKz+Nj3un6/Xk4w0ONtyi3HNBp9 - Tahamh4VM22+wjlNFbScxoYTWiN3LUczBEaOTXZCXmAmTi7FZwzvmdWrtW3tbDea2pnFg4ZvI73i - TGs0YPBVa5uk/rJnlZjrkkqTmGJZnjJESLyTDRbXQqbXX/f63xNuXebaWV3pnJnC4s/DOve8I/Qc - 9NZB79mGbQstSl6o+v8TvvzDtX/4c77WjbP64wlv3WDdDX7OWw1O1Xzs9XZ3Z+Z7fV2xC3bs9hN2 - MEkkJDjXj2CImBJpUY1ZJYkKpUVmKWKKHoKjfRv9xzYq6qikZjAt/Tlh2285mKa+xokzuKoPUI08 - WdHQj09AxXH3rOZW1qSBt/0ciMJk6RumujECxhMn1LKAu5q8jDHJoir3L49kJjA8qhaiSONTpvKU - buqRQHEkAXM1U/eYJ4PO4W+HDU/uVs3bV05/30awpQwmJNObZ1asUXfNFfADdMkymoByjYZqjDAU - pKLsqFWypZhzUTZU1HNMjXYS6TaJpHQGhkwMNHcOman8zzL4+3Do9009FlQNcxadM760V/Ep5OZm - 5lHTM9vJ0u7dS7jgQ7yY6SyFEVBV4UDWX87l+dXbs4vp+dlgeDEeToej0fsR5ocDpLAgeGCyAHKJ - rMk1MX4JU0TwdENwIllqjBItyJ9MUnIpIcOpJYVChHbsjO5m8QoNel+Z5/VmMnR2RhZLnjBOU2wm - dmM7Y2ZvV1a/K+ryWlSnGF3DBNjXhMP96SI3M/sdOK5eCs+EXqV8f1t9e7n/GBq3cHtNoyU+pBrI - NcYrX4P6SfNTATfvIrd5ngTN5crBQD0SqZAXVTSztIB2IpEjto8DQU5F1WyR5fjU47ruwlM9/bY4 - H/n292DCdAoHIbn9QHM/JAMhlgzIDdPIUZqM7eVB3qQ0+WpyxVRTEdF0IZQO+17fc+eMx0iDbtDv - +p+sxVNbCwzzsyAGJeEB+X9V8tL8/cUaGAPiDUkFFXH8rWhwM8TVFV9yUW5jH1w/kh5cShEX+IoZ - 8gQnKsP6uBMsB567tcmgXfKHKNta7Ekorw0En4hLbn2lyd8FlRok2Zrcowpbn77V/nByScYR5XvO - m7eTe/jKq+r2WlIeLdwJTTDYC2xtJS1YGp+dPhQNRJYxTZCeFg/EpnAbpSFTmHucC4bIOAit3Nbf - wDSjjCumoYPgCXu97r69fXI3Rp8zQWXc9OC+F6dbiBmvJySqkIRRkhkAJwo0KWtYaWS56l1C5git - FikXLFqQDChXuEmrE7UFrB9aIDSKkCUhJitGSYHAj+QmR5rBY5xDdb12TCgjxB8SaARhg7uyLDui - pCrvCJm4iDpYd/JFboGBAJzOhZxWztSUarysZwW2Zvry/c3J+LI9ftfGi8ZC82p0Xhl9qjDvAJOM - Q/J2OPnIkctxcBE9IRH5KvrIhytmrhAMbgy6XY1bvfcvAAAA///sWW1r2zAQ/ismUGhL7dhO7CSD - 0YW9wD5slBU26DfFVhszv2HZ6UaW/77nJEVNnDgb3Sj5EChFyUm6k3T33HOXf1UQZ0ncpUDJDijo - 3pZmLBL8F+qOulTszpOO8QmZ/UGWoeQX3+Y8p/C2mHneAlUq7IBDkDHJgltJjhfJ5BqrqCgHMkgF - pSCkv+88vyL/yC0EgaJSFksf2U9yNKtk0kkagYe14DkbfoJKNOepgzgW5HnGzzY8kXSRo0K/tk+s - DaT9RAMv3Wun9LzLj1nJoprO+bmwEvnBAp7Qdcnbv7yteSkohVdc4QxXk3VkG9eVkQvQs0NviEub - 3r61vYG+UNT2BeERQdo5w8PmF9b5xS88ZloXr4AluwzR62KI3rBLEGzygbpCXpRkl+hra6prprYF - XbzLNbxLXr2kn/snmnqgLZisBVucpp33EMwsmhMgqxwpmixjlMB7f8p2dIdEx4vqmdmeaNk1MItK - BhRSwT0bDmJvNh66wQwHGI0mnu+HRC7MJGg4MI3TA0/jGDqQ8XtPNti6tHtjII42PVhfK493QC3k - NAkwatgPPN8bcs/lAz+ehNEgCkZeNA7i2GXhvcfH1/FrucvZYHrmf8CfWmdnLNe5z7bVV8JphP2I - G7F9h5zdKZtZmkR0ZXbJmKAbw3pEVp2AO2P47sYOnTIn+9uF+/Fb3C7/j9/idgvh2C0G9MSqZtb8 - eJNp3ujeF8UTgbOqyxV83QFfMf19UxUl798BcaL5U+BRywpSE8mkRzffNLWuNOKeoODlH/0EBS9h - 8QkKOqHAEAyY+KAibkndbj12sW9RsxSjPdQIvKu3XPV2BV2dOdd05toC0+lqCwyF4/kiqYpc0R1d - +Df6pxf18W+OsCjq/9ZAVXuZPaEI5eDXQjaHTNcT1ay0eLkeatR9tn75I1V/ve9VL2M/vnDRpLTx - xlllW6eqp7U6N/WWqfVDJzffby/2t1brBdLa1Wr1GwAA//8DAMnksQzBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRNHAHD0MXuli3IssRpgKZFQFNniTVFqiQV22vz33fU + i906cbdkWBHAkXi89+ce3UcPliWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxcwZvI3CMAr7Gj5UYOxkVcK5psxyBp7vcec/ig4Ph/hiQMzw + Nbe2NEkQpDADZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQG5rBC/bPJ+HLSiwaDEI/qEIyXfPQM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJBr2D+MXP4Rx6GzUTiwGXpt5ZpBOP8BShPE67fYl + BcM0L13h8PQlMQUVwicpN5ZLZknJgQFRM7JQet532kzJKy2eGEUluWsXFbf0jlqqgzsOi6AOaxNg + K4rC/Wj4k+F/wY8Ftr0q0KuDBbqcUDN3vaqm1j0lMyoM+F6jeIJ51bq+l3MEjmb56hTuAGMN733P + ckRWiSjxEllhjt4WTPbDTlBq9R4zembBW+263HUDu3K7l89AssnqSnJr0YDx1r4dUn+v7xo1swuq + HV4NL0rBMeB0K3PsR42ywXA5GD4x3K90pstk3ZdBeIhhxINlPPh/vTTdr7GIDqODZXTwLRwuO4/7 + 8XI//hYeW4Df3z+EY7QLp3EnmPHl64YDsfs37xANWaYhQ1p5gHWMU4mqmfJHrcaHuwTDXYKjh8Yb + SmtOHWHU7O0lvcj3sGr2NVbEgbe9QC3SfEOPTx+zhnw3dBs05rQbovrxWFUu/8hR6LU74DLzEqsr + uG9Z1VnTnDVV+fjgzEWGV02uKpGOuCkFXbWD59qlAZN1s/0Yge8fhh2Bb5dtTTPbgl0Nj9cN3xbs + bxiLK83t6pm17NSDwdMInhc0AxM4DdMZ4Xgg1KJv7rINw52qRceEA+/egWEKjrIcaLe/1gc7so12 + ITQaurRzasYlZ6dczl85yQhKt1lI1vWs7uSilq1PpJJjXCzoVMAFUNPgQLdP3vnp1S8nZ7enJ8fj + s8vx7fji4o8LTANHy2DeeGGSAzlHbpaWOL+EG6KkWBGccy6cUWIV+Y1rSs41FDjopDKI0P5j8x7h + OHnhJx6GQz5LvK1hxspmXFKBPcOib4bMybbP2r2oLW+NaoHRdRyB7cskrG9XpRvaf4HjZoV5JsIa + 5fU38cut42mg26DqZ8rmuAh2yOqMN76O213rPwXcLWxBtzfF3SdcgkM0U0Lpsyaaqaigl2nkiM26 + oshINc1WRYmrqrRtF77W0y+L81Zu/vYm3ArYS8jNG1pGCTlWas6BXHOLHGXJJbBKA3klaPbJ5Yqp + CsWoyJWxyTAchsGMyxRpMIhfHLyrDY7qUmCU7xVxIEn2yD9qku/w5/ta/RLXK0ccqIYj3gY5qoCM + MB88HAHrk+jAJw5b6yyOr8cou8F/vYNoUIfq2sIW0C+41dBXOgsQldR1iuNy5NAc4NV+bgtRB97Y + ee3sXMm5VIvPq3SuVVrh53YsM5zTAqseTLDIzmddIgyY/KoWPat2lKlsDcTvSEBuImPJnxXVFjTZ + mNyhChufUa395uU5uWRU7rjv9r7g6Gid1GdpXK6MhcJgGmmpOEJnL6nP6w65ghWUS8Mt9BFdWC+T + TxXV6a4bD+yPNjhzll8S1sAJmZRMASQxYMmixZZFqjMNvmaIL58scs5yUgCVBoW0udFawHTfyikQ + yhhyJaTkjlNSIfyZXpVINnhP/g0AAP//7Flda9tAEPwrwhBwIFIl2bKdQkgNbaEPoSaBBkLBnCU5 + FrHuhD6ilNT/PbN354usRmkJJfjB4AfZOu3OrW5nZ9c8VkXWaSC6wKu+lU0cAbpexZzOl8WMXYEe + DzsCEtoW9JaV8KXIU/mMJXJiYIa7BREgyPcu5icEDMaT0lKV3GLrmv2iLVoZk+iqAifbYtxqAESH + xuO1gxde0J7NDlUMfnIKAnmjGAGBRlhsIZLBokKAXkTa2HNj95fIRdQShIx2r49LXdeOqFmRyaRA + EsYPTrbK5IGGkzlszrXvOSshXRYVjtS8//16ejWzry5syASZq8ZJJugkUzL0WZQm/NjqH//GQVmX + 4iOO4Z+KxetSLN6w60bQrE8lOu47Kb5ITrWWumZp+4bRATLkUty8vLBLF7hdytU1ynWnxrZ5GOFk + 4YpSWXF2UaUpo4LS+xv7UgxJHor8jdWHZMI5sock7LfoLFiy4SDyFpOhGyywgfH41PP9ERU7swge + XlkW0wueRhF8oAL1njHYujf5ZA4ZGX21q1Qp4KDUyWWSfXRnE3i+N4w9Nx740ekoHITB2AsnQRS5 + bLT04sl5dCatHA2mR/5XfNRzdsq4Zk3bVj8VTlXYNSJi+w7RsZNVi3USUsjsjLGCIobnZXWAlsPl + 55k9cjJO+Nsd6v4jbre4+4+43SLvO2JQT6R6OK3XmtJnpic+lE9E1qpPVPR1A92G5V+qXKCVvwEV + havnxKNBDe6aTCY/ejylpV6uGfdABe//0g9U8B6ID1TQSQVGYADircq4R5rx6msXdkXJ9IS6LVO6 + BkJu10DINQOh9g2j1GJ+n+SCK1Wj+81K/xWhvv4TUpEqC4/bS012byC4xr8oH7Z2T3ope7iMi2pN + hhu+ZXefl9NS4bgX5f8bICpjxih8oRP6IeRwZDv1o6EmjRzIpQGyi9bfgasfkOHZbDZPAAAA//8D + ALkWel35GgAA headers: - ATL-TraceId: - - 848923d8093b1566 - Connection: - - keep-alive + Atl-Traceid: + - dab15988cd07cbe1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 36ef8642-445d-4dc7-acc5-bc349ec2833a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '208' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b1e19ace-6b23-41c5-aea1-ba88166ce088 - x-envoy-upstream-service-time: - - '121' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPy07DMBBF/8VbEnf8aFy8Q7AAhApS0xWqkJ2MRZBjR4mDVFX9dxxR8diN7pwz - V3Mi1ky4Hz3R5D2lYdKrVYsOm9TGj0hN8maaOhNowEQK8onj1MWQYQbAKFAod9ubl939c/273c69 - zRPRrwtUQAGHgrQ4+HjsMaT6OGA+cOvj3GbJzp1vvxWiF2GtLuGdSQvIgbMSZMlVzaQGpoWkAHAF - HCD7E465t+76f+ymZlwLobmk7Jr9sE3/EFzMoOIbVa2dNY1AYbCCxlWqsq01ClwDYKRUyqL4U5D8 - 0vDYjYYs7zgz+/QUG7PEJ+IvE8Hwtt+R8/kLAAD//wMAIy5noloBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUdCtYEgqLH7Yfrx3xiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4WGYJazvGLnY+Oh7ucYnsJcJtHs77OF8/gIAAP//AwDEAprPWgEAAA== headers: - ATL-TraceId: - - cc250319f54703cc - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 68a0340ee5761b12 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 57f8e820-991e-45fb-bf02-4012a42e1119 - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - eb322606d8fcb867 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e23a5dcc-6c07-4c1d-bd2e-c8ab97ae42c9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '118' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ec0dc5b3-5991-4e6e-aa7a-596fde5abd69 - x-envoy-upstream-service-time: - - '79' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 5e91fd7516524d0d - Connection: - - keep-alive + Atl-Traceid: + - 2b5f7682dc0c7117 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ffe7c8ce-810b-4c6c-90f7-2a5ce3673fe1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '166' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c1a5f20b-3973-4bfd-a43c-f78e79c08d67 - x-envoy-upstream-service-time: - - '90' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2832]\n\n*Defect Dojo link:* http://localhost:8080/finding/2832 - (2832)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/690]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/257]\n\n*Defect Dojo link:* http://localhost:8080/finding/257 + (257)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1303' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11084","key":"NTEST-895","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11084"}' + string: '{"id":"11779","key":"NTEST-1441","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11779"}' headers: - ATL-TraceId: - - df4065acd0138325 - Connection: - - keep-alive + Atl-Traceid: + - 80c082338f0cd90a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2e3dc6f4-ae93-4cfc-b780-e20fb3234482 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '482' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c47f26be-ca37-4819-8783-b2a458713487 - x-envoy-upstream-service-time: - - '431' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-895 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1441 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw+7rSugGFLH7bKlaWY7DdC0MGjpWmYjkQJJWXYf/32X - pBSnyZy1aQIk4iXv+9xDfvFgU1KeerEngacgIX3FIE9Vh9MCVEclKyhoR5QgqWaCqw6kTBegaSdZ - UZ5BLrLOGqTCPUgnUEpQwLU763U8ZiyHYTAc4EJBvsTlSutSxb6fwhISnYpPokd1TpVilPc4aB9t - aJ+WzI98plQFfmvgCraofzobT2fd4fMnKFnaYL34i6fQaaUSqiETcuuCS3GFClEQhd1g0I2GszCK - +/04etILgsHvQRQEJkbjQ29LsGYeGKPR98MgCKLrrJtFCiqRrDQVQekhUQXN8w5JmdKMJ5qUDBIg - YklqIa96RjsR/FzmPxKFgqSS4K8Z1HRNNZV/KPYZXhTYpKp45ETH6Ysw6IfDZjnDQF/sUu54ptHo - a0bVlelRtdDmK17SXEHHa214sTXyreNphsAosclezCvMxCul+IThPbB6jbatne1GWzuzuNHwXaTn - nGmNBgy+Gm2T1N/2rBJLXVNpElOsKHOGCElvZYPFtZAZDDeD4Y+E25S5cdZUumSmsPhzs86D4Bl6 - jgabaPBgw7aFFiWPVPP/Hl/h00349Nd8bVpnzcc93vrRph/9mrcGnKr92Ovt2zcz35t3jl2wY5cf - sYNZJiHDub4DQ8SUyCs3Zk6SVEqLwlLEHD1Ez/ZtDO/acNThpGYwLf15cTds+MIgWLLEuftyR2bw - heGrlajy9IipMqfbBoUorqlGXnW09fMT4zjxmgV9Z02acbCfI1GZqthIL4yA8cyLtayMa7Sp3yFd - mKFoiiEBczVTd5cnB71nQdTy5O2qBfvKGe7biPZt9HdcwoRkevvA0rTqvrktfoJHWUEzUL7RUK0R - hoJc1D21znbccyLqlqMGni3nAgyZGGjeSspM5X9mG+7DYTg0aa+oGpcsOWH8yl7FR1Cam5knLYAs - rGq7dy3hgo/xYqaLHCZAlQOlbL68s5Pz18en85Pj0fh0Op6PJ5O3E0wDB0hh3nhgtgJyhqzJNTF+ - CVNE8HxLcCJZbowSLchfTFJyJqHAqSWVQsT17IzezuI5Ggy+MrxhF59j79bIYmUzxmmOPcOi72bM - 7N2WNe+KprwW9jlG1zIBti/jcH26Ks3M/gCO3UvhgQhzyte31feX+8+BboeqlzS5wodUi6zWuPM1 - ap40vxRw+y7y2+dJ1F6uHAyiE5ELeeqiWeQVdDOJhLV7HAhyJFyzRVHiU4/rpgv39fT74nzgu9+D - GdM5HMTk8j0to5iMhLhiQC6YRsLUZGovD/Iqp9lXkyummouE5iuhdDwMhoG/ZDxFWvOjYT/6aC0e - 2VpgmJ8EMSiJD8j/q5LH5u9v1sAUEG/IHaiIU25Fo4sxrs75FRf1LvbRuzvSgzMp0gpfMWOe4UQV - WB9/huXAc5c2GbRL/hR1V4s9CZWNgegj8cllqDT5p6JSgyQ7k3tUYecztNrvD8/INKF8z3nzdvKf - Pg9c3V5KypOVP6MZBnuKrXXSiuXp8dFN0UgUBdME6Wl1Q2wKt1UaCoW5p6VgiIyD2Mpt/Q1MC8q4 - Yhp6CJ54MOjv29sn91P0uRBUpm0PrntxtIOY8XpIEockjJIsADhRoEndwEojy7l3CVkitDqkXrFk - RQqgXOEmdScaC1g/tEBokiBLQkrWjJIKgZ/IbYk0g8c4B3fX90woE8QfEmgCcYu7uq57oqaq7AmZ - +Yg62PTKVWmBgQCcL4WcO2dqTjW+HBYVtmb++O3F4fSsO33TxYvRQvN8cuKM3leYN4BJpjF5PZ59 - 4MjlOLiInpiIcp184OM1M1cIBjcF3XXj1uz9CwAA///sWdtq20AQ/RVhCCQhkiXZ8qVQUtML9KEl - NNBC3tbSJhbVDa3ktLj+957ZXW9k2XJLWoIfDMbI3t2Z8ezMmTPjf1UQpXHUpUCtHVDQLZZ2LGO8 - C+WjLhW7+2RgfEIBf5BtKMXFtwXPKL0tZq43R5cKOxAQZEy85Fac4UZSecbKS6qBDKuCShDK33ee - XVF8ZBaSQPE6iyWP7CcFmlUwGSS1wMVaiJxGnKATzXjiII8FRZ6Js0Ykki4KVOjX9omNgSRP1IjS - vXbKyLv8mBYsrOh3fs6tWH6wgCfkLun9y9uKF4JKeMkVznC1WWe2CV2ZuQA9e+QN4bTZ7VvbG2iH - orfPCY8I0s4ZLja7sM4vfuEykyp/BSzZZYheF0P0hl0LQZMPVCXqoiSvxKVbW12ztb1geJf0sCST - +zd28TDX9ANb1KVd3tqnpuZUVbFwQYCsaqSo05RRAe/9qdqRD4mO5+Uzqz3RsmtgFrUAaKSCezYc - RN58MnSDOWwcj6ee74+IXJhN0HBgG6cLnkURdKDi955ssHVr98ZAHAk92F+riHdALeQ2CTDqsR94 - vjfknssHfjQdhYMwGHvhJIgil43uPT65jl5LKWeD2Zn/AS91zk5ZpmufbauvhFML+xEesX2Hgt0p - 6nkSh+Qyu2BMkMdwHplVxeDOeHx3Y4+cIiP724378Vvcbv+P3+L2COHYLQb0RKqB1/y4yTRv9OyL - 8onAWfXZCr7ugK/Y/r4u84L37wBF4eIp8WhkhVWTyaRHD980tS414p6g4OUv/QQFL2HxCQo6ocAw - D5j4oDJuRdNu/exCbl6xBE97qBF4V2+17u0udE3m3K7JnGsmc+0FQ+F4tozLPFN0Rzf+tf7rRX38 - q5+A7lJKWG0eNQo+A/kafxr1N3Kvein78YWLOiHBDd1yzFJWs0rZscyr/zaYVbKMTKhCW/o1l0Mq - MwrOSzn6IY3Gjm1j/S1r9QHpnfV6/RsAAP//AwBdJSVxwRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRLHAHD0MXuli3IssRpgKZFQFNniTVFaiQV20vz33fU + i906cbdkWBHAkXi89+ce3b0Hy5LK1Es8DTIFDelrDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8OtEEZpBdQajAgbXuXVcaqYuYM3kZhGIV9DX9WYOxkVcK5psxyBp7vcec/ig4Pj/DFgJjh + a25taZIgSGEGzKbqg+pTK6gxnMq+BBugJxvQkgdxwI2pIOgMzGGF+meT8eWkFw0GER7VIRgvufcM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJI76+1H4XRiHoQvSObEYeG3mhUE6/QBLEcbrtNuX + FAzTvHSFw9NXxBRUCJ+k3FgumSUlBwZEzchC6XnfaTMlr7R4ZhSV5K5dVNzSO2qpDu44LII6rE2A + rSgK96Phj4b/BT8U2PaqQK8OFuhyQs3c9aqaWveUzKgw4HuN4gnmVev6Xs4ROJrlq1O4A4w1fPA9 + yxFZJaLES2SFOXpbMNkPO0Gp1QfM6IUFb7XrctcN7MrtXj4BySarK8mtRQPGW/t2SP2tvmvUzC6o + dng1vCgFx4DTrcyxHzXKBsPlYPjMcL/QmS6TdV8G4SGGEQ+W8eD/9dJ0v8YiOowOltHB13C47Dzu + x8v9+Gt4bAH+8PAYjtEunMadYMaXbxoOxO7fvEc0ZJmGDGnlEdYxTiWqZsqftBof7hIMdwmOHhtv + KK05dYRRs7eX9KKWx1y5NGdNHPePzhyIsRImV5VIR9yUgq5aqOPxglr8LDR0+vyxbMh6Q89BY067 + oasfj1Xl6lWHeu0OuMy8xOrK+Uaj9g32041eWw0NmKyb7acIHNmkI/Dtsq1pZluwq+HxuuGl5kpz + u3phCTr1YPA8HucFzcAETsN0RjgeCLXom7tsQ2SnatER3sB7DOl4v0tE0Ck4ynKg3f5aH+woQ7QL + odHQ1SOnZlxydsrl/LWTjKB0m4VkHYJqXC1q2fpEKjnGxYJOBVwANQ0qdfvknZ9e/Xxydnt6cjw+ + uxzfji8ufr/A/HC0DBYEL0xyIOfIzdIS55dwQ5QUK4JzzoUzSqwiv3JNybmGAgedVAYR139q3iMc + Jy/8yMNwyGXibQ0zljzjkgpsJnZjM2ROtn3W7kVteWvcC4yu4wjsayZhfbsq3dD+Cxw3K8wLodco + r7+Jn28dz0PjBm4/UTbHRbCDXGe88XXc7lr/KeBuYQu6vSnuPuESHNSZEkqfNdFMRQW9TCNjbdYV + RUaqabYqSlxVpW278KWefl6cd3LztzfhVsBeQm7e0jJOyLFScw7kmltkTEsugVUayGtBs48uV0xV + KEZFroxNhuEwDGZcpkhrQfz94fva4KguBUb5QREHkmSP/KMm+QZ/vq3VL3G9coyCajj7bZCjCsgI + 88HDEbA+iQ584rC1zuL4eoyyG/zXO4gGdaiuLWwB/YJbDX2lswBRSV2nOC5HDs0BXu3nthB14I2d + N87OlZxLtfi0SudapRV+bscywzktsOrBBIvsfNYlwoDJL2rRs2pHmcrWQPyeBOQmMpb8UVFtQZON + yR2qsPEZ1dpvX52TS0bljvtu7wuOjtZJfZLG5cpYKAymkZaKI3T2kvq87pArWEG5NNxCH9GF9TL5 + VFGd7rrxyP5ogzNn+RVhDZyQSckUQBIDlixabFmkOtPga4b48ski5ywnBVBpUEibG60FTPednAKh + jCFXQkruOCUVwp/pVYlkg/fk3wAAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfykILK5RBUGyn + CY0lY9l1R5f/3uckRXW8phtllHwI5IMTSafnzvfy3IWnuuR7DUQXeNW3qokjQNeLlJN/OczKFejx + oBGQkFrgW86Sz0WRqTOOKCgDM6xKSoBIvncpPyFgEL4sHc0rHLaq2S9S0cmZQldJeLbDuNMAiA6N + pysPL1ySzlZDbYOfnIxAt5GNgMAglBuIJFBWMNCLSBs6N7S/RCyilsBkpL1xl7quPVEzmaugQBCm + D16+yJVD45IpZE7N3VNWgkjNKrjUtPv9enw1ca8uXJRdFav2klyQJ1MwdFmSLfmx0z3+DUdZleIj + 3PBPxhLsYixBf9dC1KxPJTruO0WmiNy1tvp2a3thFw/wLQ9Q70LRoZc3Wua6VUrb6bZ9ytJamJPF + CwplnbNllWWMCkrnb9mXbEj0UBRvrD5EE84RPURJvyVn0Zz1e0kwG/X9aAaMw+FpEIYDKnZ2E254 + ZVtKL3icJLgDFajzjME1vckn62Qk9NWuUoeAh1KntqnsYzqbKAiDfhr4aS9MTgdxL46GQTyKksRn + g3mQjs6TMyXlqDc+Cr/io8+5GeMma7qu/kl6lXRrWMQNPUrHXl7NVsuYTObmjEmyGM6r6gAuh8fP + E3fg5ZzwtzvU/UfcbnH3H3G7Rd53xEg9ie4oDV9rUp+JmfhQPFGy1n2fTl834G3Y/qUqBFr5G2Sc + ePEceDSowaqNZLrHjKcM1StMxj2kgvd/6YdU8B6ID6lgZyqwzAMQb3XEPdKM1zz7kCtKZibUbSay + ayDk24FQe8EOWNoLlqml/H5ZCK5Zjek3K/NXhP76L0jvRfn/BnFamBWKm9CB/BBqKLGZ/cGFNOTH + zaPJrm8GoP62+bCRe9LJ2MNlKqsVCW4oq8YJRTkuteI01KSRA6luf98+HG6dNgcU2vV6/QQAAP// + AwBT90Dy+RoAAA== headers: - ATL-TraceId: - - fb9cd7f1717aef69 - Connection: - - keep-alive + Atl-Traceid: + - bcd1962df030770a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9696b5ee-c111-4fbd-a27f-3c049c7a9d64 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '285' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 80367d11-8064-45b5-bf50-9fac92b9dce1 - x-envoy-upstream-service-time: - - '157' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11084 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11779 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw+7rSugGFLH7bKlaWY7DdC0MGjpWmYjkQJJWXYf/32X - pBSnyZy1aQIk0hV5H+eee8gvHmxKylMv9iTwFCSkrxjkqepwWoDqqGQFBe2IEiTVTHDVgZTpAjTt - JCvKM8hF1lmDVPgN0gmUEhRw7dZ6HY8Zz2EYDAf4oiBf4utK61LFvp/CEhKdik+iR3VOlWKU9zho - H31on5bMj3ymVAV+6+AKtrj/dDaezrrD50/QsrTJevEXT2HQSiVUQybk1iWX4htuiIIo7AaDbjSc - hVHc78fRk14QDH4PoiAwOZoYeluCdfPAHM1+PwyCILquunlJQSWSlQYRtB4SVdA875CUKc14oknJ - IAEilqQW8qpndieCn8v8R7JQkFQS/DWDmq6ppvIPxT7DiwKbVBWPnOk4fREG/XDYvM4w0Re7kjue - aTTGmlF1ZXpULbR5ipc0V9DxWh9ebJ1863iaITFKbLIX8wor8UopPmF6D0Sv2W2xs91osTMvNxq+ - y/ScM63RgeFXs9sU9bddq8RS11SawhQrypwhQ9Jb1SC4ljKD4WYw/JF0G5ibYA3SJTPA4s9NnAfB - M4wcDTbR4MGObQstSx6p5v89scKnm/Dpr8XatMGah3ui9aNNP/q1aA05VfuwN9q3b2a+N++cumDH - Lj9iB7NMQoZzfYeGyCmRV27MnCWplBaFlYg5Roie7fswvOvDSYezmsG08ufF3bDRC8NgyRIX7ssd - m+EXpq9WosrTI6bKnG4bFqIZgdLvcGYNM5sQVKPSOiH7+RlyKnmti77zJs2A2MeRqAxONvcLY2A8 - 82ItK5NMIgFrNVN3VycHvWdB1OrkbdSCfXCG+z5EO8lgQjK9fWC97XbfHAo/IZesoBko3+xQrROG - hlzUPbXOdhJzIupWigaewehWIf22kJwuwIiJoeatRWYq/xOGcB8Pw6HBY0XVuGTJCeNX9ig+gtKc - zDxpCWRpVdtv1xYu+BgPZrrIYQJUOVLK5sk7Ozl/fXw6PzkejU+n4/l4Mnk7wfpwgBQCggtmKyBn - qJpcExOXMEUEz7cEJ5LlxinRgvzFJCVnEgqcWlIp5FfPzujtKp6jw+ArwxN28Tn23IGBvUPwdyP1 - 3RhjGzLGaX57UXOvaOC1JM8xu1YJsK8Zh+vVVWlm9gd47G4KD6Se23x9Wn1/uP8cG3d0e0mTK7xI - tZRrnbtYo+ZK80sJt/civ72eRO3hysFQPRG5kKcum0VeQTeTKFi7y4EgR8I1WxQlXvW4brpwX/++ - B+cD3/0ezJjO4SAml+9pGcVkJMQVA3LBNAqmJlN7eJBXOc2+mlqx1FwkNF8JpeNhMAz8JeMpipgf - DfvRR+vxyGKBaX4SxLAkPiD/v5U8Nn9/sw6mgHxDUcGNOP7WNLoY49s5v+Ki3uU+enfHenAmRVrh - LWbMM5yoAvHxZwgHrru0xaBf8qeou1rsKahsHEQfiU8uQ6XJPxWVGiTZudyzFXYxQ7v7/eEZmSaU - 71lv7k7+0+eBw+2lpDxZ+TOaYbKn2FpnrVieHh/dNI1EUTBNUJ5WN8wGuK3SUCisPS0FQ2YcxNZu - 8Tc0LSjjimnoIXniwaC/79s+u59izIWgMm17cN2Lox3FTNRDkjgmYZZkAcCJAk3qhlYaVc7dS8gS - qdUh9YolK1IA5Qo/Urei8YD4oQdCkwRVElKyZpRUSPxEbkuUGVzGObizvmdSmSD/UEATiFve1XXd - EzVVZU/IzEfWwaZXrkpLDCTgfCnk3AVTc6rx5rCosDXzx28vDqdn3embLh40lprnkxPn9D5g3gAW - mcbk9Xj2gaOW4+Aie2IiynXygY/XzBwhmNwUdNeNW/PtXwAAAP//7FnbattAEP0VYQgkIZK1suVL - oaSmF+hDS2iggbytpU0sqhu6OC2u/71ndlcbW7GckpbgB0MI6+zuzGR25syZ8b8qCJMo7FKg9vYo - 6BZLJ5YRfpfKR10qnp6TgfEFlf1etqEUFzcLkVJ6W9w8b4YuFXYgIMiYaCmsKMWLJPKOlRVUAzl2 - SypBKH8/RHpB8ZFaSALF6yweP/BfFGhWzmWQ1CUe1kLkbMQJOtFUxA7yuKTIM3G2EYmkiwIV+rV9 - ZWMgyStrROlOO2XknX9Och5U9H9+zaxIfrCAJ+Qu6f3z60rkJZXwQiicEeqwzmwTujJzAXr2iA3h - tNn1e5sNtEPR22eERwRppxwPm55Zp2e/8Zhxlb0BljxliKyLIbJhs0HloypQ/iQjJcrcPup3yHA7 - Nwzvkh6WLHP3wS4e5pp+YIumtMsbcpYHC8LdnfzPnRo76iThVMB7z1U78iHR8ax4YbUnWnYJzCLC - j0bKv+PDQcjmk6Hrz2HTeDxlnjcicmEOQcOeY4IeeBaG0IGK33u0wdat3TsDcSR0b3+tIt4BtZDH - JMCoZd9nHhsK5oqBF05HwSDwxyyY+GHo8tEdE5PL8K2UcjKYnXif8KPu2QlPde2zbfWn0qlL+wEe - sT2Hgt3J63kcBeQyO+e8JI/hPjKrisCdsfxwZY+cPCX724374Vvcbv8P3+L2COHQLQYmhaqB1/x4 - k2le6dkX5ROBs+qqFa7dAl9x/GNdZLno3wKKgsVj4tHICrsmk0mPHr5pal1oxD1Cwes/+hEKXsPi - IxR0QkGbTIBK9VZrutNQEth+r1JxRWNwvXahMKt4jNUOKV2TOddM5tobZtLV3jAUTqTLqMhSxYN0 - 41/rr17Ux7+yFN2llLBqlhoFX4B8G18a9Ru5F72E//wmyjomwRu65ZilqGaVsmOZVf9tDKtkGZlQ - hbb0eyaHVM0omGbLNPohjcaObWO9LWv1Bemd9Xr9BwAA//8DALLoXc/BGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRLHAHD0MXuli3IssRpgKZFQFNniTVFaiQV20vz33fU + i906cbdkWBHAkXi89+ce3b0Hy5LK1Es8DTIFDelrDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8OtEEZpBdQajAgbXuXVcaqYuYM3kZhGIV9DX9WYOxkVcK5psxyBp7vcec/ig4Pj/DFgJjh + a25taZIgSGEGzKbqg+pTK6gxnMq+BBugJxvQkgdxwI2pIOgMzGGF+meT8eWkFw0GER7VIRgvufcM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJI76+1H4XRiHoQvSObEYeG3mhUE6/QBLEcbrtNuX + FAzTvHSFw9NXxBRUCJ+k3FgumSUlBwZEzchC6XnfaTMlr7R4ZhSV5K5dVNzSO2qpDu44LII6rE2A + rSgK96Phj4b/BT8U2PaqQK8OFuhyQs3c9aqaWveUzKgw4HuN4gnmVev6Xs4ROJrlq1O4A4w1fPA9 + yxFZJaLES2SFOXpbMNkPdwmiTlBq9QFTfWEnWu26D3Vnuz64l0/Qs0n3SnJr0YDx1r4dhH+r7xo1 + swuqHZANL0rBMeB0qyTYqBp+g+FyMHxmuF9oWZfJumGD8BDDiAfLePD/emlgUYMUHUYHy+jgazhc + dh734+V+/DU8tsh/eHgMx7iD44wv3zQciE2+eY9NzzINGdLKI6xjOEpUzZQ/CfL4cJdguEtw9Nh4 + Q2nNqSOMmr29pBe1POaqojlr4rh/dOawigmbXFUiHXFTCrpqEY3HC2rxs9DQ6fOnryHrDT0HjTnt + Zqt+PFaVq1cd6rU74DLzEqsr5xuN2jfYNjdhbTU0YLJuhJ8icGSTjsC3y7aLZuI1zWwL1g0vNVea + 29ULS9CpB4Pn8TgvaAYmcBqmM8LxQKhF39xlG746VYuO1wbeY+TG+10igk7BMZMD7fbX+mBHGaJd + CI2Grh45NeOSs1Mu56+dZASl2ywk6xBU42pRy9YnUskxLhZ0KuACqGlQqdsn7/z06ueTs9vTk+Px + 2eX4dnxx8fsF5oejZbAgeGGSAzlHCpaWOL+EG6KkWBEcZy6cUWIV+ZVrSs41FDjPpDKIuP5TYx3h + OHnhRx6GQy4Tb2uYseQZl1RgM7EbmyFzsu2zdi9qy1vjXmB0HUdgXzMJ69tV6Yb2X+C4WWFeCL1G + ef3p+3zreB4aN3D7ibI5LoId5Drjja/jdtf6TwF3C1vQ7U1x96WW4KDOlFD6rIlmKiroZRoZa7Ou + KDJSTbNVUeKqKm3bhS/19PPivJObv70JtwL2EnLzlpZxQo6VmnMg19wiY1pyCazSQF4Lmn10uWKq + QjEqcmVsMgyHYTDjMkVaC+LvD9/XBkd1KTDKD4o4kCR75B81yTf4822tfonrlWMUVMPZb4McVUBG + mA8ejoD1SXTgE4etdRbH12OU3eC/3kE0qEN1bWEL6BfcaugrnQWISuo6xXEHcmgO8Go/t4WoA2/s + vHF2ruRcqsWnVTrXKq3wqzqWGc5pgVUPJlhk57MuEQZMflGLnlU7ylS2BuL3JCA3kbHkj4pqC5ps + TO5QhY3PqNZ+++qcXDIqd9x3611wdLRO6pM0LlfGQmEwjbRUHKGzl9TndYdcwQrKpeEW+ogurJfJ + p4rqdNeNR/ZHG5w5y68Ia+CETEqmAJIYsGTRYssi1ZkGXzPEl08WOWc5KYBKg0La3GgtYLrv5BQI + ZQy5ElJyxympEP5Mr0okG7wn/wYAAP//7Flda9tAEPwrwhBwIFIl2bKdQkgNbaEPoSaBBkLBnCU5 + FrHuhD6ilNT/PbN354uiWmkJJfjB4AfZOu3OrW5nZ9c8ViXfaSC6wKu+lU0cAbpexZzOl8WMXYEe + DzsCEtoWZJWV8KXIU/mMJXJiYIa7BREgyPcu5icEDMaT0lK6wmLrmv2iLVoZk+iqAifbYtxqAESH + xuO1gxde0J7NDlUMfnIKAnmjGAGBRlhsIZLBokKAdiJt7Lmx+0vkImoJQka718elrmtH1KzIZFIg + CeMHJ1tl8kDDyRw259r3nJUQUosKR2re/349vZrZVxc2yq7MVeMkE3SSKRn6LEoTfmz1j3/joKxL + 8RHH8E/F4nUpFm/YLEMlGus7qZlIw7WXBh023M4bRgfIkEvVs3thly5wjXJFYFi4oqTcoZPb9Nu2 + YmRuUaUpo4LS+xv7UgxJHor8jdWHZMI5sock6bfoLFiy4SDyFpOhGyyAaTw+9Xx/RMXOLIKHV5bF + 9IKnUQQfqEC9Zwy2bkE+mUNGRl9tHlUKOCh1cplkH93ABJ7vDWPPjQd+dDoKB2Ew9sJJEEUuGy29 + eHIenUkrR4Ppkf8VH/WcnTKuWdO21U+FUxV2jYjYvkN07GTVYp2EFDI7Y6ygiOF5WR2g5XD5eWaP + nIwT/nYjuv+I253s/iNud8L7jhicFKmOUuu1pvSZ6cEO5RORter7FK/dQLdh+ZcqF+jYb0BF4eo5 + 8Wgeg7smk8mPHk9pqZdrxj1Qwfu/9AMVvAfiAxV0UoFRGoB4qzLukUa5+tqFXVEyPaFuK4+ugZBr + BkLtG2bA0r5hlFrM75NccKWFdL9Z6b8i1Nd/QipSZeFxe6nJ7g0E1/gX5cPW7kkvZQ+XcVGtyXDD + t+zu83JaKhz3ovx/A0FlzBiFL3RCP4QcjpgZpMjlyIFcGiAv0fov4OoHZHg2m80TAAAA//8DADsQ + Be/5GgAA headers: - ATL-TraceId: - - 300131cb2c4b7690 - Connection: - - keep-alive + Atl-Traceid: + - b7a6034fa843f8ce + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c1ebfa4a-824e-40b3-a57b-403bd54d1440 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '223' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a4f97cef-d13a-425f-81aa-6368835d37a3 - x-envoy-upstream-service-time: - - '141' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jZrbqIHFVmFdk+ySNJMsZI2pU2FZdn/boKLH7fhneeZ - lzkRoxfcz44o8h7CtKjNxmKHbbD+w1MdnF6WXo90xEAy8onz0vsxwgyAUaCQ17ubl/r+ufnd7tbB - xImo1wRlkMEhIxYn548DjqE5ThgP3Dq/2iiZtXf2WyEqCaW8hHc6JJADZzkUOZcNKxQwJQoKAFfA - AaK/4Bx7m374x24bxpUQim9pKa5/2HZ4GDsfQcm3sio7o1uBQmMFbVfJylijJXQtgC4KKQ2KPwXB - pYbHftYkvdPp1YUn3+oUn4i7TATHt31NzucvAAAA//8DAPBtnIZaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0EfZgsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsz3u9vX/cNLe93ulrFL + E4i3Fcoww/cMlJ6sP47axfY46XTgzvpFJalbBqt+FRBJYFhdwnsZV5AhYzk2OeUtNgK5YBVBxJtE + YvKDnlNvO4z/2G2LKOhWsJKU7Mr246MzPoF1SbkpjDEFbxirsWgQy0qymvYSVd1zXmos6r8F0a4N + T8MsYX3HyMXGZ9/LNT6BvUyg3cdhD+fzDwAAAP//AwA/w9zsWgEAAA== headers: - ATL-TraceId: - - 4b4c1bff5c102a1a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 9cfbd6aef4f2bb67 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 260c68a9-3912-43b3-9215-b4ce6e58827f - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0ff4101cf56f55f6 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4abe2598-aeb5-4e73-aa86-46c6abc90f75 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aa44e28d-645f-446f-9ebd-94a3b924f59e - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,94 +952,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11083 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11778 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2UldAMaSO22VL08x2GqBpYdDSWWYjkQJJWfba/vcd - SSlOkzlr0wRIxCPv7bnnjvzswaakPPViTwJPQUL6ikGeqg6nBaiOSlZQ0I4oQVLNBFcdSJkuQNNO - sqI8g1xknTVIhXuQTqCUoIBrd9breMxYDsNg2MeFgnyJy5XWpYp9P4UlJDoVn0SP6pwqxSjvcdA+ - 2tA+LZkf+UypCvzWwDVsUf9sNp7OusPnA5QsbbBe/NlT6LRSCdWQCbl1waW4QoUoiMJuMOhGw1kY - xf1+HPV7Qfjs1yAKAhOj8aG3JVgzj4zR6PthEATRTdbNIgWVSFYaRFB6RFRB87xDUqY044kmJYME - iFiSWsjrntFOBL+Q+fdEoSCpJPhrBjVdU03l74r9Ay8KLFJVPHGik/RFGPTDYbOcYaAvdil3PFNo - 9DWj6trUqFpo8xUvaa6g47U2vNga+drxNENilFhkL+YVZuKVUnzC8B6JXqNtsbPVaLEzi1sF30V6 - wZnWaMDwq9E2Sf1lzyqx1DWVJjHFijJnyJD0TjYIrqXMYLgZDL8n3AbmxlmDdMkMsPhzG+dB8Aw9 - R4NNNHi0YVtCy5Inqvn/gK/wcBMe/pyvTeus+XjAWz/a9KOf89aQU7Ufe719/Wr6e/POTRes2NVH - rGCWSciwr+/REDkl8sq1mZMkldKisCNijh6iZ/s2hvdtuNHhpKYx7fjz4m6IS6pxKrqh8+N8dxPt - Zob5zpo0ZLafI1GZnEIzly6NgPHMi7WsAOFAm/odNruhtIvNmjPmJUtc7p/vyUyoqKxWosrTY6bK - nG6blkBxIgFzNV13f05GvcPfDts5eRe1YB+c4b6NaDcymJBMbx+JYavumyvgB8YlK2gGyjcaqjXC - UJCLuqfW2W7EnIq6HUUDz2B0J5F+m0hOF2CGiaHmnUOmK/8ThnAfD8OhwWNF1bhkySnj1/YqPobS - 3Mw8aWtmK1nbvRsJF3yMFzNd5DABqhwPZPPlnZ9evD45m5+ejMZn0/F8PJm8nWB+2EAKAcEDsxWQ - c5yaXBPjlzBFBM+3BDuS5cYo0YL8ySQl5xIK7FpSKeRsz/bo3Syeo8HgCwuCwULGnrswsHYI/q6l - vmljLEPGOM3vHmreFQ28ltU5RtdOAqxrxuHmdFWanv0OHruXwiOp55RvbqtvL/cfY+OObi9pco0P - qZZyrXHna9Q8aX4q4PZd5LfPk6i9XDkYqiciF/LMRbPIK+hmEmfE7nEgyLFwxRZFiU89rpsqPFS/ - b8H5wHe/BzOmcziIydV7WoYxGQlxzYBcMo0zSpOpvTzIq5xmX0yumGouEpqvhNLxMBgG/pLxFAej - Hw374Udr8dhigWF+EsSwJD4g/69Knpq/v1gDU0C+4VBBRWx/KxpdjnF1wa+5qHexj97dkx6cS5FW - +IoZ8ww7qkB8/BnCgeeubDJol/wh6q4WexIqGwPRR+KTq1Bp8ndFpQZJdib3qMLOZ2i13x+dk2lC - +Z7z5u3kHz4PHG4vJeXJyp/RDIM9w9I6acXy9OT4tmgkioJpguNpdUtsgNsqDYXC3NNSMGTGQWzl - Fn9D04IyrpiGHpInHgz6+/b2yf0UfS4ElWlbg5taHO8oZrwekcQxCaMkCwBOFGhSN7TSOOXcu4Qs - kVodUq9YsiIFUK5wk7oTjQXEDy0QmiQ4JSEla0ZJhcRP5LbEMYPHOAd3vfZMKBPkHw7QBOKWd3Vd - 90RNVdkTMvORdbDplavSEgMJOF8KOXfO1JxqvKwXFZZm/vTt5dH0vDt908WLxlLzYnLqjD4EzBvA - JNOYvB7PPnCc5di4yJ6YiHKdfODjNTNXCAY3Bd117dbs/QsAAP//7Flta9swEP4rJlBoS+3YTpyX - wejCXmAfNsoKG/SbYquNmW0Zy043uvz3PScpaurE2ehGyYdAKUok3Z2ku+eeu/yrgiRPky4Fem6P - gm6xtGKZ4r/Ud9SlYnudcoxPyOx3qgwlv/i24AWFt8Ps8wpUqbADDkHGpEvupAVeJFd7HFFRDmSY - lZSCkP6+8+KC/KNwEASaSjksu2c/ydGckiknaSQe1oHnbPgJKtGCZx7iWJLnWT/b8ETSRY4K/cY+ - uTaQ5MkGXrrTTuV55x/zksU1nfOzcFL1wQGe0HWp2z+/rnkpKYVXXOMM14tNZFvXVZEL0HNHwRCX - Nrt+6wYDc6Go7QXhEUHaKcPDFmfO6dkvPGZWi1fAkm2GGHQxxGC4nqD0UVdIf4rlEkttL406ZPid - E128y7e8S129op+7F9p6AGHJ4gVB606K50938pl2HpRNnjNK4L0/ZTu6Q6LjonpmtidadgnMoiIC - hVR0y4aDJJhPhn40h8Hj8TQIwxGRC7sIGvYs4/TAsySBDmT83qMNrint3liII6F762vt8R6ohVqm - AEYP+1EQBkMe+HwQJtNRPIijcRBPoiTx2eg24JPL5LWScjKYnYQf8Kf3uTkrTO5zXf2V9Brp3uNG - 3NAjZ/fKZp6lMV2ZWzIm6cawH5FVp+DOGL67ckdeWZD97cL98C1ul/+Hb3G7hXDoFgOTEl0zG368 - yTSvTO+L4onAWVfqGtdugK9Y/r6pRMn7N0CcePEYeNSywqyNZNJjmm+GWlcGcY9Q8PKPfoSCl7D4 - CAWdUGAJBUy80xH3QN1uM/YhV9Qsw2ibM/ngXb2HVW97oqsz59vOXHvCdrraE5bC8WKZVqLQJMkU - /o356UV//JsjLEX931qqWpaVCUUoB78K1RyyXU9Us8rih/XQoO6z9asfqfpruRe9nP34wmWTkeCN - s6q2TlXPan1u6i1T64dObr9/ujl8sttsUNauVqvfAAAA//8DAN1xxKPBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRNHAHD0MXuli3IssRpgKZFQFNniTVFqiQV22vz33fU + i906cbdkWBHAkXi89+ce3UcPliWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxcwZvI3CMAr7Gj5UYOxkVcK5psxyBp7vcec/ig4Ph/hiQMzw + Nbe2NEkQpDADZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQG5rBC/bPJ+HLSiwaDEI/qEIyXfPQM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJBr2D+MXP4Rx6GzUTiwGXpt5ZpBOP8BShPE67fYl + BcM0L13h8PQlMQUVwicpN5ZLZknJgQFRM7JQet532kzJKy2eGEUluWsXFbf0jlqqgzsOi6AOaxNg + K4rC/Wj4k+F/wY8Ftr0q0KuDBbqcUDN3vaqm1j0lMyoM+F6jeIJ51bq+l3MEjmb56hTuAGMN733P + ckRWiSjxEllhjt4WTPbDXYKoE5RavcdUn9mJVrvuQ93Zrg/u5TP0bNK9ktxaNGC8tW8H4d/ru0bN + 7IJqB2TDi1JwDDjdKgk2qobfYLgcDJ8Y7lda1mWybtggPMQw4sEyHvy/XhpY1CBFh9HBMjr4Fg6X + ncf9eLkffwuPLfLv7x/CMe7gOOPL1w0HYpNv3mHTs0xDhrTyAOsYjhJVM+WPgjw+3CUY7hIcPTTe + UFpz6gijZm8v6UW+h8WxrzFxh9HmQj34rk6asyayjw/OHHqxBCZXlUhH3JSCrlqM4/GCWvxQNAT7 + 9Hls6HtD2EFjTrtpqx+PVeUqGLlQr90Bl5mXWF0530wDJutG+DEC3z8MOwLfLtsumonXNLMtWDd8 + W7C/ISauNLerZ1aiUw8GTyN4XtAMTOA0TGeE44FQi765yzZEdqoWHeENvHsHhik4ZnKg3f5aH+zI + NtqF0Gjo0s6pGZecnXI5f+UkIyjdZiFZh5caRYtatj6RSo5xsaBTARdATYNB3T5556dXv5yc3Z6e + HI/PLse344uLPy4wDRwtg3njhUkO5BwpWFri/BJuiJJiRXCcuXBGiVXkN64pOddQ4DyTyiC++o+N + dYTj5IWfeBgO+SzxtoYZK5txSQX2DIu+GTIn2z5r96K2vDXKBUbXcQS2L5Owvl2Vbmj/BY6bFeaZ + CGuU15++L7eOp4Fug6qfKZvjItghqzPe+Dpud63/FHC3sAXd3hR3X2oJDtFMCaXPmmimooJeppGf + NuuKIiPVNFsVJa6q0rZd+FpPvyzOW7n525twK2AvITdvaBkl5FipOQdyzS3yoyWXwCoN5JWg2SeX + K6YqFKMiV8Ymw3AYBjMuUySxIH5x8K42OKpLgVG+V8SBJNkj/6hJvsOf72v1S1yvHHGgGo54G+So + AjLCfPBwBKxPogOfOGytszi+HqPsBv/1DqJBHaprC1tAv+BWQ1/pLEBUUtcpjjuQQ3OAV/u5LUQd + eGPntbNzJedSLT6v0rlWaYVf1bHMcE4LrHowwSI7n3WJMGDyq1r0rNpRprI1EL8jAbmJjCV/VlRb + 0GRjcocqbHxGtfabl+fkklG5475b74Kjo3VSn6VxuTIWCoNppKXiCJ29pD6vO+QKVlAuDbfQR3Rh + vUw+VVSnu248sD/a4MxZfklYAydkUjIFkMSAJYsWWxapzjT4miG+fLLIOctJAVQaFNLmRmsB030r + p0AoY8iVkJI7TkmF8Gd6VSLZ4D35NwAAAP//7Fnva+JAEP1XglCw0KRJNGoPSk+4O7gP5aSFK5QD + WZNYpWY35EfTo+f/3je76zampneUo/hB8EM0m5m3k503b0YeqwLv1BBd4lXfySaOAN0sYk7ny2LG + rkCPhx0BCW0Lsspa8rnIEvmMJTJiYIa7OREgyPc+5icEDMaXhaVUhMVWFftNW7RSJtGVOU62xbhV + A4gOjccrBy88pz2bHaoY/OIUBPJGMQICjTDfQCSDeYkA7URa23Nt91fIRdQShIx2r49LVVWOqFie + yqRAEsaPTrpI5YGGkylsTrXvKSsgm2YljtS0++NmfD2xry9tyASZq8ZJKugkUzJ0WZQs+bHVPf6D + g7IqxCccw9eKxWtTLF6/XoYKNNb3UiGRYmsuDVpsuK03jA6QIZfiZvfCNl3gGuW6VUqbdIuosXBB + GbtTj7hG5uZlkjAqKJ2/sS/FkOShyN5ZfUgmXCB7SIB+j86DOev3Im826rvBDJiGwzPP9wdU7Mwi + eHhjWUwveBxF8IEK1HnBYOsW5LM5ZGT0zeZRpYCDUieXSfbRDUzg+V4/9ty450dng7AXBkMvHAVR + 5LLB3ItHF9G5tHLUGx/53/BRz9kJ45o1bVv9lDtlbleIiO07RMdOWs5Wy5BCZqeM5RQxPC+rA7Qc + Lr9M7IGTcsLfbET3H3Gzk91/xM1OeN8Rg5Mi1T9qvVaXPhM92KF8IrJWXZ7itVvoNiz/WmYCHfst + qChcvCQezWNw12Qy+dHjKS31Ms24Byr4+Jd+oIKPQHygglYqMMoDEO9Uxj3RKFdfu7ArCqYn1E3l + 0TYQctsGQq4ZCDVvGKUW84dlJriSO7rfLPVfEerrPyEVibLwtLnUZPcOgqv9i3K6sXvSSdjjVZyX + KzJc8y27+6wYFwrHgyj+3/hPGTNG4Qud0E8hhyNm4igyOXIglwbINlp/C65+QIZnvV4/AwAA//8D + AHrqGcH5GgAA headers: - ATL-TraceId: - - ed2321a25d89ef5a - Connection: - - keep-alive + Atl-Traceid: + - bfbf1114836338e7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 60494c9d-0eec-4927-a9c1-b9da5e6257d5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '232' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f246d3d5-9ae3-48f1-b791-f81bb67e22d4 - x-envoy-upstream-service-time: - - '146' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1336,92 +1054,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 81ffe601f0c59070 - Connection: - - keep-alive + Atl-Traceid: + - bd9243efb397d6e5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5f5c6fbb-50f6-475e-ac6b-d9145c53dc7b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '193' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2635e943-09e6-4d40-afb5-bf65653ad656 - x-envoy-upstream-service-time: - - '83' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without - Secure Flag|http://localhost:8080/finding/2831]\n\n*Defect Dojo link:* http://localhost:8080/finding/2831 - (2831)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/690]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Secure Flag|http://localhost:8080/finding/256]\n\n*Defect Dojo link:* http://localhost:8080/finding/256 + (256)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -1434,51 +1153,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1675' + - '1257' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11083 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11778 response: body: string: '' headers: - ATL-TraceId: - - 0e84db3ed72f3506 - Connection: - - keep-alive + Atl-Traceid: + - 1832bf40e0f88fd1 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e926a059-b904-4007-86e1-23aa81f0f65a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '183' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3862af50-f1cf-4750-b5e2-51155fec77c5 - x-envoy-upstream-service-time: - - '296' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1488,95 +1213,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11083 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11778 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4xG/J0eCZzg2F9ModpVwSyky5DqPYG0fFljySjJNr+e+3 - kmxCoeFaCjNgraR9efbZ1X72YFVRnnmJJ4FnICF7zaDIVI/TElRPpUsoaU9UIKlmgqseZEyXoGkv - XVKeQyHy3jVIhXuQTaCSoIBrd9brecxojqJwNMCFgmKBy6XWlUqCIIMFpDoTn4RPdUGVYpT7HHSA - OnRAKxbEAVOqhqBTcAVrvH8yG09n/dHeECUL66yXfPYUGq1VSjXkQq6dcxmu8EIcxlE/HPbj0SyK - k8EgiQd+GL34NYzD0PhobOh1BVbNE30094MoDMP4Nup2kYFKJasMIijdJ6qkRdEjGVOa8VSTikEK - RCxII+SVb26ngp/J4nu8UJDWEoJrBg29pprK3xX7F16WmKS6fOZER9nLKBxEo3Y5Q0dfbkLueSbR - aGtG1ZXJUT3X5itZ0EJBz+t0eIlVctPzNENiVJhkL+E1RuJVUnxC956IXnvbYmez0WFnFncSvvH0 - jDOtUYHhV3vbBPWXPavEQjdUmsAUK6uCIUOye9EguJYyw9FqOPoed1uYW2Mt0hUzwOLPXZyH4Qu0 - HA9X8fDJim0KLUueqfb/I7ai3VW0+3O2Vp2x9uMRa4N4NYh/zlpLTtV9bLV2c2Pqe/XedRfM2MVH - zGCeS8ixrh/QEDklitqVmZOktdKitC3iEi3EL7ZtjB7qcK3DSU1h2vbnJf2o52GY+j1WnOGVO2DL - yXBastQ58PmBzDAOA1JLURfZIVNVQdctL1HcUI2d1jWyH68h1yVv+2LgtElTIPbzQNQGp8h4em4E - jOdeomVtTKcSMFZTdQ/7ZOzv/rbb9cn7qIXb4Iy2bcTbNgabXsKEZHr9RCC664F5G36gj7KS5qAC - c0N1ShgKCtH46jrf9J5j0XQ9aujdGC7MwTQTQ817QZmq/Ga00TYeRiMT9pKqccXSY8av7FN8CJV5 - mXna0cWSqLF7txIu+BgfZjovYAJUOQrK9ss7PT774+jk8vjoYHwyHV+OJ5N3EwwDC0hh3HhgtgRy - il2Ta2LsEqaI4MWaYEWywiglWpA/maTkVEKJVUtqhfzybY3ej2IPFYZfWBgO5zLx3IOBKUKMNyX1 - VRkj2jnjtLh/qJ0rWngtyQv0rusEmL6cw+3pujI1+20e7/nxYNTx2E0KT2SYu3z7Wn39uP8Y6Tas - ekXTKxykOmZ1yp2tg3ak+SmHu7ko6MaTuHtcORhGp6IQ8sR5My9q6OcS29NmOBDkULhki7LCUY/r - NguP5e9rcP7hm9+dGdMF7CTk4gOtooQcCHHFgJwzje1Rk6l9PMjrguZfTKwYaiFSWiyF0skoHIXB - gvEMm1gQjwbRR6vx0GKBbn4SxLAk2SH/f5U8N39/sQqmgHzD3oEXscqt6OB8jKsL/NffjYbWFQN7 - 2oBfMi3BFzIPkHXUZILhWGLYGuBRf6nLwvrl9Lw3es74FRdNJzuVIqtx7hnzHGuwRESDGQJo7Nnw - 0RPyRjR9LbZAULUK4o8kIBeR0uTvmkoNkmxUbrkKG5uRvf1h/5RMU8q3nDfTVrC7FzqkX0nK02Uw - ozk6e4JkcNKaFdnR4V3RgSgRJoINbXlHbKBeKw2lwtizSjDk0k5i5TZjBuGSMq6YBh/plgyHg217 - 2+SYFLWcCyqzLge3uTjckNJY3Sep4x56SeYAnCjQpGmJqLEvukmGLJCMPdIsWbokJVCucJO6E60G - xA81EJqm2FchI9eMkhpLJZXrChsTHuMc3CzgG1cmyFhsuSkkHVObpvFFQ1VliYU8hZVfLStLDKTs - 5ULIS2dMXVKNk8W8xtRcPn93vj897U/f9vEptWQ+mxw7pY8B8xYwyCz5DwAA///sWW1r2zAQ/ism - UGhL7djOe2F0YevGPmyUZmxQ+kWx1cbMb/itK1n++56TZDVx6mx0o+RDoBQlku5O0t1zz12Mj5df - b2OgP0Id3nNuJGnl3caXVUBJB8bNeGHKAK3n/lGBHwV+mwI5t0NBu1haUQX4n8s7alOxvU44xmeE - 770oXMkvvi94TIBgMP28Cepa2AGHIGOCihtBjBeJxB4jyShrMszmlLSQMH/w+Iz8IzYQBJL3GSx8 - YI/kaEbKhJOUOR7WgOes+Qlq15iHFuI4J8/TfrbmiaSLHBX6lX15bSDJy0t46bN2Cs87/RSlzCvo - nF8SIxAfDOAJXZe4/dNZwdOckn7GJc5wuVhFtnZdEbkKH3Fp09k70+mpC73maUJ4RJB2zPCw8Ylx - fPILjxkWyTmwZJtTOm2c0unXE5RwigwJU3BYotTNpYMWGXbrRBtTszVTE1cveOnzC3UFsUFsmgmx - uWuidxUF8xYEyDKr5mUUMUr5nT/lR7pDIvBJ9kJ+QETuAphFJQJKr8Ed6/d8Zz7u24M5bByNJo7r - DomO6EXQsGMZpwee+j50gCN0nmwwVTH4VkMcCd1ZkUuPt0BGxDIBMHLYHTiu0+eOzXuuPxl6PW8w - crzxwPdtNrxz+PjCfyOkHPWmR+4H/Ml9ZsRilftMU36VW2VuPuBGTNciZ7fSch4GHl2ZmTKW041h - v8jvYNsYvr8yh1Yak/3NUn//LW42DPbf4mbTYd8tBib5ssBXjHqdm16pbhnFE4GzrMMlrt0AX7H8 - ssySlHdvgDje4inwqMmFWR3JpEe16xQZzxTiHqDg9R/9AAWvYfEBClqhQDMPmHgvI25J/XE1tiE3 - KViI0TZnssG7OstVZ3uirZdnt/XybN3La05oCsfjKsiSWNId1Soo1Y818uPfHKFKiv/WMJWytEwo - Qjn4LRHtpLpFC9eSFi/roULdF+sXP2t1a7lnnYj9vOZ5GZLgtbOKRlBWTAt5bupGU7OITq6/39zs - buxWG4S1q9XqNwAAAP//AwAbMSXn8xsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRNHAHD0MXuli3IssRpgKZFQFNniTVFqiQV22vz33fU + i906cbdkWBHAkXi89+ce3UcPliWVqZd4GmQKGtJXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxcwZvI3CMAr7Gj5UYOxkVcK5psxyBp7vcec/ig4Ph/hiQMzw + Nbe2NEkQpDADZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQG5rBC/bPJ+HLSiwaDEI/qEIyXfPQM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJBr2D+MXP4Rx6GzUTiwGXpt5ZpBOP8BShPE67fYl + BcM0L13h8PQlMQUVwicpN5ZLZknJgQFRM7JQet532kzJKy2eGEUluWsXFbf0jlqqgzsOi6AOaxNg + K4rC/Wj4k+F/wY8Ftr0q0KuDBbqcUDN3vaqm1j0lMyoM+F6jeIJ51bq+l3MEjmb56hTuAGMN733P + ckRWiSjxEllhjt4WTPbDTlBq9R4zembBW+263HUDu3K7l89AssnqSnJr0YDx1r4dUn+v7xo1swuq + HV4NL0rBMeB0K3PsR42ywXA5GD4x3K90pstk3ZdBeIhhxINlPPh/vTTdr7GIDqODZXTwLRwuO4/7 + 8XI//hYeW4Df3z+EY7QLp3EnmPHl64YDsfs37xANWaYhQ1p5gHWMU4mqmfJHrcaHuwTDXYKjh8Yb + SmtOHWHU7O0lvQhfqUVSb8jw6UPVUO2GXIPGnHYjUz8eq8plGznCvHYHXGZeYnUF9y2HOmuas6YG + Hx+cucjwqslVJdIRN6Wgq3bM8BjDsq+xn2702mpowGTdbD9G4PuHYUfg22Vb08y2YFfD43XDS82V + 5nb1zCJ26sHgaTzOC5qBCZyG6YxwPBBq0Td32YbITtWiI7yB9xDS8X6XiKBTcJTlQLv9tT7YUYZo + F0KjoatHTs245OyUy/krJxlB6TYLybou1r1d1LL1iVRyjIsFnQq4AGoaZOj2yTs/vfrl5Oz29OR4 + fHY5vh1fXPxxgfnhaBksCF6Y5EDOkZulJc4v4YYoKVYE55wLZ5RYRX7jmpJzDQUOOqkMYrb/2LxH + OE5e+ImH4ZDPEm9rmLHkGZdUYDOxG5shc7Lts3Yvastb41xgdB1HYF8zCevbVemG9l/guFlhngm9 + Rnn9Tfxy63gaGjdw+5myOS6CHeQ6442v43bX+k8Bdwtb0O1NcfcJl+CgzpRQ+qyJZioq6GUaWWOz + rigyUk2zVVHiqipt24Wv9fTL4ryVm7+9CbcC9hJy84aWUUKOlZpzINfcImtZcgms0kBeCZp9crli + qkIxKnJlbDIMh2Ew4zJFYgziFwfvaoOjuhQY5XtFHEiSPfKPmuQ7/Pm+Vr/E9coxCqrh7LdBjiog + I8wHD0fA+iQ68InD1jqL4+sxym7wX+8gGtShurawBfQLbjX0lc4CRCV1neK4HDk0B3i1n9tC1IE3 + dl47O1dyLtXi8yqda5VW+LkdywzntMCqBxMssvNZlwgDJr+qRc+qHWUqWwPxOxKQm8hY8mdFtQVN + NiZ3qMLGZ1Rrv3l5Ti4ZlTvuu70vODpaJ/VZGpcrY6EwmEZaKo7Q2Uvq87pDrmAF5dJwC31EF9bL + 5FNFdbrrxgP7ow3OnOWXhDVwQiYlUwBJDFiyaLFlkepMg68Z4ssni5yznBRApUEhbW60FjDdt3IK + hDKGXAkpueOUVAh/plclkg3ek38DAAD//+xZYWvbMBD9KyZQSKH2bCdO0kHpAttgH8pCCyuUQVBs + pwmNJWPZdUeX/953kqI6XtONMko+BPLBieTT00n37t2Fpzrteg1EFzjqW1XEEaDrRcrpfjnM2hWo + 8bAjIKFtQW85Sz4XRabecURBDMwwKokAQb53KT8hYDC+LB2d2x22qtkv2qKTM4WukrjZDuNOAyAq + NJ6uPBy4pD3bHWof/OTkBFqNfAQEBqHcQCSDsoKDXkTa2HNj95eIReQSuIx2b65LXdeeqJnMVVAg + CNMHL1/k6kJjkSlsTs3aU1ZCzMwqXKlp9/v1+GriXl24SLsqVu0iuaCbTMHQZUm25MdO9/g3Lsqq + FB9xDf9ULMEuxRL0dw1EzfxUouK+U3KMBFZrqm+ntgd26QDf6gB1FkoOvTzRKtetVNqm2/ZbVtbC + nSxeUChrzpZVljFKKJ2/sS/5kOShKN6YfUgmnCN6SNR+S86iOev3kmA26vvRDBiHw9MgDAeU7Owk + rPDKtJQOeJwkWAMZqPOMwTW1ySd7ycjoq1WlDgEPqU5NU+xjKpsoCIN+GvhpL0xOB3EvjoZBPIqS + xGeDeZCOzpMzZeWoNz4Kv+Kj33Mzxg1ruq7+SXqVdGt4xA09omMvr2arZUwuc3PGJHkM76vsAC2H + x88Td+DlnPC3K9T9R9wucfcfcbtE3nfEoJ5EV3VGrzWlz8R0fCieiKx15ajp6wa6DdO/VIVAKX8D + xokXz4FHjRqM2kimdUx7yki9wjDugQre/9APVPAeiA9UsJMKrPIAxFsdcY/U4zXPPuyKkpkOdVuJ + 7GoI+bYh1B6wDZb2gFVqKb9fFoJrVWPqzcr8FaG//hNSkWkLj5tHQ3ZvILjGvygfNnZPOhl7uExl + tSLDjbVVdV+U41LjuBfl/2spamPWKNZCJfRDqObIpg9ITU1qOdCSFsg22nALrnlBuWe9Xj8BAAD/ + /wMAN37QSvkaAAA= headers: - ATL-TraceId: - - 441411800810b17e - Connection: - - keep-alive + Atl-Traceid: + - ca015502da5bc8df + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:33 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0ca95f72-e806-4a94-9ff8-43f1e49116c0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 36b6ffb4-b5b1-4a1d-a475-b3ea1c83edb4 - x-envoy-upstream-service-time: - - '159' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1586,174 +1315,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J022W3EQPKrIK7Z5EZJJOsZImpU2FZdn/boKLH7fhneeZ - lzkxjQsdZssUew9hWtRm01FPJnT+wxcYLC7LgK5wFFjGPmleBu8izAF4AQXkzf76ubl7an+3+3XU - cWLqJUEZZPCasY4m648judAeJ4oHbqxfuyjpdbDdt8JUErbyEt5iSGAJJc+hykvZ8koBV6IqAOAK - SoDoLzTH3nYY/7G7lpdKiMSKSvywZrx3vY+gLHey3vYajSCBVIPpa1nrTqOE3gBgVUmpSfwpCDY1 - PAwzsvROj6sNj95gik/MXiZG7u3QsPP5CwAA//8DAERyiNdaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+310/7++e2t/tbhm7 + NIF4WaEMM3zNQOnJ+uOoXWyPk04HbqxfVJK6ZbDqWwGRBIr1JbyVcQUpUppjkxe8xUYgF7QmiHiV + SEx+0HPqbYfxH7ttEUWxFZQRiuUP24/3zvgEsqrgpjTGlLyhlGHZIFa1pKzoJSrWc15pLNnfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwAcp9kGWgEAAA== headers: - ATL-TraceId: - - 63cd2160ff7b421c - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 1cceff29d07dd78f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3931307f-e6fe-4fde-aa02-5b2ee37734ed - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a74c4c8a796fec10 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 408c76c5-692b-4e3d-9baa-d5af74703774 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '104' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 30cf6654-99fa-4498-b0f5-0aef7ed98ba2 - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1763,94 +1385,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11084 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11779 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy92U1dAMaSO22VL08x2GqBpYdDSWWYtkQJJ+aVt/vuO - pBSnyZy1aQIk4pG81+ee41cPNiXlqRd7EngKEtLXDPJUtTgtQLVUsoCCtkQJkmomuGpBynQBmraS - BeUZ5CJrrUAq3IN0BKUEBVy7s17LY0ZzGAb9Hi4U5HNcLrQuVez7Kcwh0an4LDpU51QpRnmHg/ZR - h/ZpyfzIZ0pV4DcKlrDF+2eT4XjS7r94hpK5ddaLv3oKjVYqoRoyIbfOuRRXeCEKorAd9NpRfxJG - cbcbR886QdD7PYiCwPhobOhtCVbNI3009/0wCILoJup6kYJKJCtNRlB6RFRB87xFUqY044kmJYME - iJiTtZDLjrmdCH4h8x/xQkFSSfBXDNZ0RTWVfyj2BV4WWKSqeOJEJ+nLMOiG/Xo5QUdf7kJueabQ - aGtC1dLUqJpp8xXPaa6g5TU6vNgquW55miEwSiyyF/MKI/FKKT6je4/MXn3b5s5Wo8mdWdwq+M7T - C860RgUGX/VtE9Tf9qwSc72m0gSmWFHmDBGS3okGk2sh0+tvev0fcbdOc22sznTJTGLx53aee8Fz - tBz1NlHv0YptCS1Knqj6/wO2wsNNePhrtjaNsfrjAWvdaNONfs1aDU7VfOy1dn1t+nvz3rELVuzq - E1YwyyRk2Nf3YIiYEnnl2sxJkkppUViKmKKF6Pm+jf59HY46nNQ0pqU/L26HuKQaWdGRzs/j3THa - DYf5Tps0YLafA1GZmELDS5dGwHjmxVpWcF1TlVEmWeIi/XpPZhzDo2ohqjw9ZqrM6bZuABSjV/o9 - 0oVpijoZEjBW03X3ebLXeR5EDU/ezVqwL53hvo1o30Z3xyVMSKa3j0xuc9030+IneJQVNAPlmxuq - UcJQkIt1R62yHfecinXDUT3PpnMGhkwMNO8EZbryP6MN9+Ew7JuwF1QNS5acMr60o/gYSjOZedJU - 0dZ2bfduJFzwIQ5mOsthBFQ5ZMj6yzs/vXhzcjY9PRkMz8bD6XA0ejfCMLCBFMaNByYLIOfImlwT - Y5cwRQTPtwQ7kuVGKdGC/MUkJecSCuxaUinEbMf26N0oXqDC4BvDCTv7Ent3WhYzmzFOc6wZJn3X - Y2bvrqx+V9TptTjP0buGCbB8GYeb01VpevYHcOxeCo9EmLt8M62+H+4/B7odql7RZIkPqQZZjXJn - a1A/aX7J4eZd5DfPk6gZrhwMohORC3nmvJnlFbQziayxexwIcixcsUVR4lOP67oKD9X0++R85Lvf - gwnTORzE5OoDLaOYDIRYMiCXTCNraTK2w4O8zmn2zcSKoeYioflCKB33g37gzxlPkRj9qN+NPlmN - xzYX6OZnQQxK4gPy/1fJU/P3N6tgDIg35A68iF1uRYPLIa4u+JKL9c73wft70oNzKdIKXzFDnmFH - FZgff4LpwHNXNhjUS/4U67YWewIqawXRJ+KTq1Bp8k9FpQZJdir3XIWdzdDe/nB0TsYJ5XvOm7eT - f/gicHl7JSlPFv6EZujsGZbWSSuWpyfHt0UDURRME6SnxS2xSdxWaSgUxp6WgiEyDmIrt/k3MC0o - 44pp6CB44l6vu29vn9xP0eZMUJk2NbipxfEOYsbqEUkcktBLMgPgRIEm6xpWGlnOvUvIHKHVIusF - SxakAMoVblJ3otaA+UMNhCYJsiSkZMUoqRD4idyWSDN4jHNwA7djXBkh/pBAE4gb3K3X645YU1V2 - hMx8RB1sOuWitMBAAE7nQk6dMTWlGsf3rMLSTJ++uzwan7fHb9s4GC00L0anTulDiXkLGGQakzfD - yUeOXI6Ni+iJiShXyUc+XDEzQtC5Mei2a7d6718AAAD//+xZ22rbQBD9FWEIJCGSJdmS7UJJTS/Q - h5bQQAt5W0ubWFQ3tJLT4vrfe2Z3vbFlyy1pCX4whLD2XmZ2dubMmfG/CoizJO4SoOYOCOg+llYs - EvwXykZdInbXScf4hAT+IMtQ8otvc55TeFvMPG+BKhV6wCFImWTBrSTHi2Ryj1VUlAMZZgWlIKS/ - 7zy/Iv/ILQSBIlcWSx/ZT3I0q2TSSRqBh7XgORt+gko056mDOBbkecbPNjyRZJGjQr7WT6wVpPNE - Ay/dq6f0vMuPWcmimu75ubAS+cECnpC5pPUvb2teCkrhFVc4w9ViHdnGdWXkAvTs0BvCaNPbt7Y3 - 0AZFbV8QHhGknTM8bH5hnV/8wmOmdfEKWLLLEL0uhugNuyaCTT5QV8iLkv4SoW0tdc3S9oThXdLC - kkzuX9jFw1xTD2xRl3Z6Q8yyaE64u5f/uROjR5NljBJ470/ZjmxIdLyonpntiZZdA7OoiEAhFdyz - 4SD2ZuOhG8yg02g08Xw/JHJhFkHCgWWcHngax5CBjN970sHWpd0bA3F06MH6Wnm8A2ohl0mAUcN+ - 4PnekHsuH/jxJIwGUTDyonEQxy4L7z0+vo5fy1POBtMz/wP+1D47Y7nOfbatvhJOI+xHWMT2HXJ2 - p2xmaRKRyeySMUEWw35EVp2AO2P47sYOnTIn/duF+/Fr3C7/j1/jdgvh2DUG9MSqitb8eJNp3uje - F8UTgbOq1BV83QFfsfx9UxUl798BiqL5U+BRywqzJpJJjm6+aWpdacQ9QcHLP/oJCl5C4xMUdEKB - YR5Q8UFF3JK63Xrs4tyiZilGe6gReFdvuertTnR15tyuzpxrOnPtCUPheL5IqiJXPEgX/o3+6UV9 - /JsrLIr6v7VU1VnmTAhCOfi1kM2hdR8UrqU0Xq6HGnWfLV/+SNVfn3vVy9iPL1w0KR28cVfZ1qnq - aa3uTb1lav3Qzc3325v9rd16g9R2tVr9BgAA//8DALu2Hy/BGwAA + H4sIAAAAAAAAA7xWa08jNxT9K9Z8aukk8yCFMFJVUZJtaRGlEEBaFiHHczPjjcee2h6SdHf/e6/n + kSyPbAtVV0hh/Ljvc4/vBw+WJZWpl3gaZAoa0jccRGp8SQswvmE5FNRXJWhquZLGh5TbAiz1WU5l + BkJl/j1og2eQnkOpwYC07V1WGauKmVN4F4VhFPY1/FmBsZNVCWeaMssZeL7Hnf0o2t8/wIUBMcNl + bm1pkiBIYQbMpuq96lMrqDGcyr4EG6AlG9CSB3HAjakg6BTMYYXyp5PxxaQXDQYRbtUuGC/54Bn0 + rTKMWsiUXjUxpLhCiTiM41447EUHkzBMooMkjvq7UfhdGIehc9IZseh4reaVTjr5AFMRxuuw20UK + hmleusTh7iExBRXCJyk3lktmScmBAVEzslB63nfSTMlLLV7oRSW5KxcVd/SeWqqDew6LoHZr42B7 + FIW70fBHw/+CHwose1WgVQcLNDmhZu5qVU2t+0pmVBjwvUbwGOOqZX0v5wgczfLVCdwD+hp+8j3L + EVklosRLZIUxeo9gshtuO4i6g1Kr9xjqKyvRStd1qCvb1cEtPkPPJtxLya1FBcZb23YQ/q2+a9TM + Lqh2QDa8KAVHh9NHKcFC1fAbDJeD4Qvd/ULJukjWBRuE++hGPFjGg//XSgOLGqRoMNpbRntfw+Cy + s7gbL3fjr2GxRf6nT0/hGHdwnPHlVcOBWOSbWyx6lmnIkFaeYB3dUaJquvxZkMf72w6G2w4Onipv + KK3ZdYRRs7eX9CJcUouk3pDhy3unodoNuQaNOu06o/48UpWLNnKEee02uMy8xOoKMIOo1F5h0l1/ + NM7V+px+zVmTlQ9P9pyvKGxyVYl0xE0p6KrtL1cVDRisa+HnCBzZpCPwx2nbRjPxmmYeH6wLXmqu + NLerVyaxEw8GL+NxXtAMTOAkTKeE44ZQi765zzZ8daIWHa8NvKfIjXe7QASdgmMmB9rHr/XeljRE + 2xAaDV0+cmrGJWcnXM7fuJMRlG6ykKyrWV3JRX223pFKjnGwoFMB50BNgwPdfnlnJ5c/H5/enRwf + jU8vxnfj8/PfzzE+bC2DCcELkxzIGVKwtMTZJdwQJcWKYDtz4ZQSq8ivXFNypqHAfiaVQcz2n2vr + CNvJCz/yMBxymXjNe4W1w+RveupBg2MZMi6peHypnYva9NaoFuhdxxFY10zC+nZVuqb9FzhuRphX + Qq8RXj99D6eOl6FxA7efKJvjINhBrlPe2DpqZ63/5HA3sAXd3BR3L7UEB3WmhNKnjTdTUUEv08gR + m3FFkZFqiq2KEkdVadsqfKl+D5PzTm7+dibcCthJyM1bWsYJOVJqzoFcc4scZckFsEoDeSNo9tHF + iqEKxajIlbHJMByGwYzLFIkxiL/fv60VjupUoJfvFXEgSXbIP0qSb/Dn21r8Ascrxygohr3fOjmq + gIwwHtwcAeuTaM8nDlvrKI6ux3h2g/96e9GgdtWVhS2gX3Croa90FiAqqasUxxnIoTnAq/3cFqJ2 + vNFz5fRcyrlUi8+zdKZVWuGrOpYZ9mmBWQ8mmGRns04ROkx+UYueVVvSVLYK4lsSkJvIWPJHRbUF + TTYqt4jCxmZUS789PCMXjMot9914FxwcrIP6LIyLlbFQGAwjLRVH6Owk9X5dIZewgnJpuIU+ogvz + ZfKpojrdduOJ/tEGZ07zIWENnJBJyRRAEgOWLFpsWaQ60+BrhvjyySLnLCcFUGnwkDY3Wg0Y7js5 + BUIZQ66ElNxzSiqEP9OrEskG78m/AQAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6nh1N8oo+RDIByeSTk9n3bt3Fx6rJOs0EF3gVd/KIo4AXa9iTvfLYsau + QI2HEwEJHQuyylrzpcgSucYSGTEww2hOBAjyvYv5CQGD8XVhqUxusU3FftERrZRJdGWOm20xbjUA + okLj8cbBC8/pzOaEygc/OTmBdiMfAYFGmNcQyWBewkEvIm2cuXH6S8QicglcRqfX16WqKkdULE9l + UCAI4wcnXaXyQmOTOWzO9d5zVkC6LEpcqXn/+/X0amZfXdhIuzJWzSapoJtMwdBnUbLmx1b/+Dcu + yqYQH3EN/1QsXpdi8Yb1ANFZgcL6TqouUk3tqUGHDbdzwOgA6XKpel6e2KULXKNcd9Jmm27bq4ys + hTtZuKJQVpydl0nCKKH0/sa+5EOShyJ7Y/YhmXCO6CFR+y06C5ZsOIi8xWToBgtgHI9PPd8fUbIz + k7DDK9NiesHTKMIeyEC9Zwy2LkE+mUtGRl8tHlUIOEh1cppkH13ABJ7vDWPPjQd+dDoKB2Ew9sJJ + EEUuGy29eHIenUkrR4Ppkf8VH7XOThjXrGnb6qfcKXO7gkds3yE6dtJysVmH5DI7ZSwnj2G9zA7Q + cnj8PLNHTsoJf7sQ3X/E7Up2/xG3K+F9RwxOilQNp/VaU/rMdGOH4onIWlWOitduoNsw/UuZCVTs + N6CicPUceNSPwaiJZNpHt6e01Ms04x6o4P1f+oEK3gPxgQo6qcAoD0C8VRH3SK1c/ezCriiY7lC3 + lUhXQ8g1DaH2gGmwtAeMUov5/ToTXKkaXW+W+q8I9fWfkIpEWXisHzXZvYHgGv+ifKjtnvQS9nAZ + 5+WGDDf2ltV9VkwLheNeFP+vpaiMGaPYC5XQDyGbI3XXj5qa1HKgLQ2QXbT+Dly9QLpnu90+AQAA + //8DAMFH4Rb5GgAA headers: - ATL-TraceId: - - c7990bf5e2e8bd62 - Connection: - - keep-alive + Atl-Traceid: + - 9dc1a53da676a2ec + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3966aa72-aee0-4428-905f-cd55791fbdbd X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '260' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8c43e662-e3f7-474a-8475-cc5345c563ad - x-envoy-upstream-service-time: - - '170' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1860,92 +1487,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 001280f1a35be155 - Connection: - - keep-alive + Atl-Traceid: + - 7a24b378be57fbb0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7176962b-d9b9-4bb0-a0da-51e0e43df2a3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 310197f3-b73c-4311-821e-289ec21bb85b - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without - Secure Flag|http://localhost:8080/finding/2832]\n\n*Defect Dojo link:* http://localhost:8080/finding/2832 - (2832)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/690]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Secure Flag|http://localhost:8080/finding/257]\n\n*Defect Dojo link:* http://localhost:8080/finding/257 + (257)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap2: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -1958,51 +1586,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1675' + - '1257' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11084 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11779 response: body: string: '' headers: - ATL-TraceId: - - 9aff4d2846875fb7 - Connection: - - keep-alive + Atl-Traceid: + - b762aef0a88a050b + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3c7f14ee-ae86-4d62-ad15-12e709d9d84b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '172' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 85568feb-6ce6-40d2-a063-d0bcb3c9c166 - x-envoy-upstream-service-time: - - '241' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2012,90 +1646,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11084 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11779 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4xG8JNPVM54ZCeuWOUi4JZaZcJ6PYG1uNLXkkGSd9+e+3 - km1CoeFaCjNgraR9efbZ1X52YF1SnjiRI4EnICF5xSBPVI/TAlRPxRkUtCdKkFQzwVUPEqYL0LQX - Z5SnkIu0dw1S4R4kEyglKOC6Oev0HGY0B4E/GuJCQb7EZaZ1qSLPS2AJsU7ER+FSnVOlGOUuB+2h - Du3Rknmhx5SqwOsUrGCD989m4+msP3q+j5KlddaJPjsKjVYqphpSITeNcwmu8ELoh0HfH/bD0SwI - o8EgCvdd3x/+7oe+b3w0NvSmBKvmkT6a+17g+354E3W7SEDFkpUGEZQeElXQPO+RhCnNeKxJySAG - IpakFnLlmtux4Bcy/xEvFMSVBO+aQU2vqabyD8U+wYsCk1QVTxrRSfIi8AfBqF3O0NEX25B7jkk0 - 2ppRtTI5qhbafEVLmivoOZ0OJ7JKvvYczZAYJSbZiXiFkTilFB/RvUei19622NlsdNiZxa2Ebz29 - 4ExrVGD41d42Qf1tzyqx1DWVJjDFijJnyJDkTjQIrqXMcLQejn7E3Rbm1liLdMkMsPhzG+eh/wwt - h8N1OHy0YptCy5Inqv3/gK3gYB0c/JqtdWes/XjA2iBcD8Jfs9aSU3UfO619/Wrqe/2u6S6YsasP - mME0lZBiXd+jIXJK5FVTZo0krpQWhW0Rc7QQPtu1Mbqvo2kdjdQUpm1/TtQP2n5hGCxZ3Jj7fE9m - +IXuq0xUeXLMVJnTTctCFNdUY19t2tbPV0zTE2+6oNdok6Yc7OeRqAwq1tNLI2A8dSItK2Madep3 - 2C5MUbRgSMBYTdXd75ND95kfdn3yLmr+LjiDXRvhro3BtpcwIZnePBKa7rpnXouf6KOsoCkoz9xQ - nRKGglzUrrpOt73nVNRdjxo6Fs4FmGZiqHknKFOV34022MXDYGTCzqgalyw+ZXxln+JjKM3LzOOO - QJZWtd27kXDBx/gw00UOE6CqIaVsv5zz04s/T87mpydH47PpeD6eTN5OMAwsIIVx44FZBuQcuybX - xNglTBHB8w3BimS5UUq0IH8xScm5hAKrllQKGefaGr0bxXNU6H9h+MIuPkXOnZJFZFPGaY45Q9C3 - NWb27srauaKF19I+R++6ToDpSzncnK5KU7Pf5fFg3w22730zKTySYc3lm9fq28f950i3ZdVLGq9w - kOqY1SlvbB21I80vOdzNRV43noTd48rBMDoWuZBnjTeLvIJ+KrFhbYcDQY5Fk2xRlDjqcd1m4aGc - fgvOv3z7uzdjOoe9iFy9p2UYkSMhVgzIJdPYMDWZ2seDvMpp+sXEiqHmIqZ5JpSORv7I95aMJ9jW - vHA0CD9YjccWC3TzoyCGJdEe+f+r5Kn5+5tVMAXkG/YOvIhVbkVHl2NcXeG//kEwtK4Y2OMa3IJp - Ca6QqYesoyYTDMcSw1YPj7qZLnLrV6PnndFzwVdc1J3sXIqkwrlnzFOswQIR9WYIoLFnw0dPyGtR - 97XYAUHZKgg/EI9cBUqTfyoqNUiyVbnjKmxtBvb2+8NzMo0p33HeTFvewXO/QfqlpDzOvBlN0dkz - JEMjrVienBzfFh2JAmEi2NCyW2ID9UZpKBTGnpSCIZf2Iiu3GTMIF5RxxTS4SLdoOBzs2tslx6So - bCGoTLoc3OTieEtKY/WQxA330EuyAOBEgSZ1S0SNfbGZZMgSydgjdcbijBRAucJN2pxoNSB+qIHQ - OMa+Cgm5ZpRUWCqx3JTYmPAY59BMB65xZYKMxZYbQ9Qxta5rV9RUlZZYyFNYu2VWWmIgZedLIeeN - MTWnGmeNRYWpmT99e3k4Pe9P3/TxKbVkvpicNkofAuYNYJBJ9B8AAAD//+xZbWvbMBD+KyZQaEud - 2M57YXRh68Y+bJRmbFD6RbHVxsy2jN+6kuW/7zlJURM3zkY3Sj4ESlEq6e56unvuuYv18fLrbQL0 - R6ojes4tkVb+bXJZhVR0YNyUF7ZK0NXePyoI4jBoUqD2dihoFksnqhC/c+WjJhXPz8nA+Iz0vZeN - K8XF9zlPCBAsZp5XoK+FHQgIMiasuBUmeJFY3rFERlWTYTenooWC+YMnZxQfiYUkUEzQYtEDe6RA - s1Img6TM8bAWImctTtC7JjxqI49zijwTZ2uRSLooUKFf25evDCR5eYko3WqnjLzTT3HK/IL+zy/C - CuUHC3hC7pLeP50WPM2p6Gdc4QxXh3Vmm9CVmavxEU6bTN/Zblc79JqngvCIIO2Y4WGTE+v45Bce - MyrEObDkOad0mzil22va6K8ziCJDJZV0l9h37ahjjtY3mpiaY5iadL3kpdsPmg5ig+zUCyJylvlz - wt2tjNEZG3VlHDMq+a0/1UfyIRF4kb2QHxCRuwBmUdOA1qt/x3rdwJ2Nek5/BpuGw7HreQOiI+YQ - NOw4xumBJ0EAHeAIrScbbN0MvjUQR0J3duQq4tsgI/KYBBi17PRdz+1x1+FdLxgP/K7fH7r+qB8E - DhvcuXx0EbyRUo66kyPvA37UPTtmia59tq3+lLfL3H6AR2yvTcHeTstZFPrkMjtlLCeP4b6s72Db - WL6/sgftNCH7663+/ltcHxjsv8X1ocO+WwzoCVTLrxn1Oje90tMyyicCZ9WZK/i6Ab7i+GWZiZR3 - boA4/vwp8WjIhV2TyaRHj+s0Gc804h6g4PUf/QAFr2HxAQoaoaBOJkClWosl3VlREth+r1JxQYNz - vXagUBQswmqLlKZZntM0y3PMLK++YSgcT6owE4niQXpUUOova9THv7IU3aWUsFgtNQq+APnWvmbq - rOSetWL285rnZUSC13TLwUxWTAplRyWK/zbKVbKMTKhCW/pNyLGWGR6LTA6LSKOxY9NYb8NafUF6 - Z7lc/gYAAP//AwCNtMWW8xsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRLHAHD0MXuli3IssRpgKZFQFNniTVFaiQV20vz33fU + i906cbdkWBHAkXi89+ce3b0Hy5LK1Es8DTIFDelrDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8OtEEZpBdQajAgbXuXVcaqYuYM3kZhGIV9DX9WYOxkVcK5psxyBp7vcec/ig4Pj/DFgJjh + a25taZIgSGEGzKbqg+pTK6gxnMq+BBugJxvQkgdxwI2pIOgMzGGF+meT8eWkFw0GER7VIRgvufcM + xlYZRi1kSq+aHFJ8Q404jONeOOxFR5MwTKKjJI76+1H4XRiHoQvSObEYeG3mhUE6/QBLEcbrtNuX + FAzTvHSFw9NXxBRUCJ+k3FgumSUlBwZEzchC6XnfaTMlr7R4ZhSV5K5dVNzSO2qpDu44LII6rE2A + rSgK96Phj4b/BT8U2PaqQK8OFuhyQs3c9aqaWveUzKgw4HuN4gnmVev6Xs4ROJrlq1O4A4w1fPA9 + yxFZJaLES2SFOXpbMNkPO0Gp1QfM6IUFb7XrctcN7MrtXj4BySarK8mtRQPGW/t2SP2tvmvUzC6o + dng1vCgFx4DTrcyxHzXKBsPlYPjMcL/QmS6TdV8G4SGGEQ+W8eD/9dJ0v8YiOowOltHB13C47Dzu + x8v9+Gt4bAH+8PAYjtEunMadYMaXbxoOxO7fvEc0ZJmGDGnlEdYxTiWqZsqftBof7hIMdwmOHhtv + KK05dYRRs7eX9KKWx1y5NGdNHPePzhyIsRImV5VIR9yUgq5aqOPxglr8LDR0+vyxbMh6Q89BY067 + oasfj1Xl6lWHeu0OuMy8xOrK+Uaj9g32041eWw0NmKyb7acIHNmkI/Dtsq1pZluwq+HxuuHbgv0N + Y3GluV29sDadejB4HsHzgmZgAqdhOiMcD4Ra9M1dtmG4U7XomHDg1eWcgqMsB9rtr/XBjmyjXQiN + hi7tnJpxydkpl/PXTjKC0m0WknUIqnG1qGXrE6nkGBcLOhVwAdQ0qNTtk3d+evXzydnt6cnx+Oxy + fDu+uPj9AtPA0TKYN16Y5EDOkZulJc4v4YYoKVYE55wLZ5RYRX7lmpJzDQUOOqkMIq7/1LxHOE5e + +JGH4ZDLxNsaZqxsxiUV2DMs+mbInGz7rN2L2vLWuBcYXccR2L5Mwvp2Vbqh/Rc4blaYFyKsUV5/ + Ez/fOp4Hug2qfqJsjotgh6zOeOPruN21/lPA3cIWdHtT3H3CJThEMyWUPmuimYoKeplGxtqsK4qM + VNNsVZS4qkrbduFLPf28OO/k5m9vwq2AvYTcvKVlnJBjpeYcyDW3yJiWXAKrNJDXgmYfXa6YqlCM + ilwZmwzDYRjMuEyR1oL4+8P3tcFRXQqM8oMiDiTJHvlHTfIN/nxbq1/ieuWIA9VwxNsgRxWQEeaD + hyNgfRId+MRha53F8fUYZTf4r3cQDepQXVvYAvoFtxr6SmcBopK6TnFcjhyaA7zaz20h6sAbO2+c + nSs5l2rxaZXOtUor/NyOZYZzWmDVgwkW2fmsS4QBk1/UomfVjjKVrYH4PQnITWQs+aOi2oImG5M7 + VGHjM6q13746J5eMyh333d4XHB2tk/okjcuVsVAYTCMtFUfo7CX1ed0hV7CCcmm4hT6iC+tl8qmi + Ot1145H90QZnzvIrwho4IZOSKYAkBixZtNiySHWmwdcM8eWTRc5ZTgqg0qCQNjdaC5juOzkFQhlD + roSU3HFKKoQ/06sSyQbvyb8BAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8pCCyuUQVBspzGN + JeOXuqPLf+9zkqI6Xt2NMko+BPLBiaTTc+d7ee7CY1XynQaiC7zqW9nEEaDrVczJvyxm5Ar0eNAI + SEgt8C0r4UuRp/KMJXLKwAyrBSVAJN+7mJ8QMAhPSkvxCouta/aLVLQyJtFVBTzbYtxqAESHxuO1 + gxdekM5GQ2WDn5yMQLeRjYBAIyy2EElgUcFALyJt6NzQ/hKxiFoCk5H22l3qunZEzYpMBgWCMH5w + slUmHRqXzCFzru+esxJEalHBpeb979fTq5l9dWGDJshYNZdkgjyZgqHPojThx1b/+DccZV2Kj3DD + PxmL18VYvGHXQtCsTyU67jtJpojctba6Zmt7wfAAaXJJbl7e2MULXMNcd0ppO922TxlaC3OycEWh + rHJ2UaUpo4LS+1v2JRsSPRT5G6sP0YRzRA9R0m/RWbBkw0HkLSZDN1gA43h86vn+iIqd2YQbXtkW + 0wueRhHuQAXqPWOwdW/yyTgZCX21q1Qh4KDUyW0y++jOJvB8bxh7bjzwo9NROAiDsRdOgihy2Wjp + xZPz6ExKORpMj/yv+Khzdsq4zpq2rX4qnKqwa1jE9h1Kx05WLdZJSCazM8YKshjOy+oALofHzzN7 + 5GSc8Lc71P1H3G5x9x9xu0Xed8RIPZHqKDVfa1KfmZ74UDxRslZ9n0pfN+Bt2P6lygVa+RukonD1 + HHg0qMGqiWS6R4+nNNXLdcY9pIL3f+mHVPAeiA+poDMVGOYBiLcq4h5pxqufXcgVJdMT6jYT6RoI + uV0DIdcMhNoLhqnF/D7JBVesRveblf4rQn39F6T3ovx/gzglzAjFTehAfgg5lNjO/uBCCvLj9lFn + 1zcDkH/bfNjKPeml7OEyLqo1CW4oK8cJeTktleI01KSRA6luft897O+c1gck2s1m8wQAAP//AwB1 + DcEE+RoAAA== headers: - ATL-TraceId: - - 2b2f36740d3d5471 - Connection: - - keep-alive + Atl-Traceid: + - 4b36d5d884929964 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e0ce1161-7ce7-4910-bd1d-97665b00375a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '223' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ab584377-5b3b-4506-9d9f-c6a43e9924a6 - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml index 07fb4cbff03..21bf304634d 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J221qbqIHFVmFdk+ySNJMsJImpUmFZdn/boKLH7fhneeZ - lzkRKTzuF0M4eQ9h9nyzUahxCMp9uEIEI7wfhS0sBpKRT1z86GyEKQAtoIC82928dPfP/e92t04y - ToS/JiiDDA4ZUTgbd5zQhv44Yzxwa9yqoiTX0ahvhfAkbNklvBMhgSWUNIc6L1lPaw6UV3UBAFdQ - AkTf4xJ7+3H6x7Y9LXlV8fq6aCn7YYfpwWoXQVa2rNlqKYYKK4ENDLphjVRSMNADgKhrxiRWfwqC - SQ2P4yJIekeL1YQnN4gUn4i5TATt274j5/MXAAAA//8DAJRhUhhaAQAA - headers: - ATL-TraceId: - - 2457184441a7c39b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jZtbqIHFVmFdk8ikjYJVtKkNKmwLPvfTXHx4za88zzz + MifUy6APi0UCvcc4B7HbKW30EJX/8FhGK0MYpcNOR5ShT72E0bsEEwCCAUPe7q+f27un7ne7X6c+ + TUi8bFAGGbxmSOnZ+uOkXeyOs04HbqxfVZL6dbTqW0EiCRTKS3gr4wZSoDSHOie8g1oAF7TEAHCV + SEh+0Evq7cbpH9t0AII0gjFc0uaHHaZ7Z3wCq4Jww4wxjNeUVsBqgKKUtCKDBFUNnBcaWPW3INqt + 4WFcJNreMXK18dEPcotPyF4mpN3boUXn8xcAAAD//wMAP6FCIFoBAAA= + headers: + Atl-Traceid: + - 54b17e22f0a43c71 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 448dbc40-777f-4bfd-9435-82c6e092e3bb - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0b2ce7f0c53ab07d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f0a5baff-26b5-4872-9efd-b0a9a49c55fb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 84a78703-0525-4ad2-a05a-608efa51e242 - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 9d3af5ec76c6345c - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 59bd873bc3713c4d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 06460730-f594-44ff-8ddc-69be6193639c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '201' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 05a27662-bcda-4b75-b601-1acbbb1edab3 - x-envoy-upstream-service-time: - - '110' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2835]\n\n*Defect Dojo link:* http://localhost:8080/finding/2835 - (2835)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/692]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/260]\n\n*Defect Dojo link:* http://localhost:8080/finding/260 + (260)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11085","key":"NTEST-896","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11085"}' + string: '{"id":"11780","key":"NTEST-1442","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11780"}' headers: - ATL-TraceId: - - 4fb61454c5eeecf3 - Connection: - - keep-alive + Atl-Traceid: + - 97e4f14660ff1293 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9c45c10d-4230-479c-9c72-021448b6e0a3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '519' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 448eeb05-92c7-4869-821f-1d39ada055b7 - x-envoy-upstream-service-time: - - '526' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-896 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1442 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSAiXSdGKl23HHGNeWIY1NlZu8ph6JHdlO0x7jf79n - J2kZrNzGQIL42e/7533sWwdWOeWxEzoSeAwS4jcM0li1OM1AtVS0gIy2RA6Saia4akHMdAaatqIF - 5QmkImktQSrcg3gEuQQFXFdnnZbDjGXf9/r7uFCQznG50DpXoevGMIdIx+KL6FCdUqUY5R0O2kUb - 2qU5cwOXKVWA2xi4gTXqn0+G40m7f3SAkrkN1glvHYVOCxVRDYmQ6yq4GFeoEHiB3/Z67aA/8YOw - 2w33vc7h/tHvXuB5JkbjQ69zsGaeGaPRd33P84JN1vUiBhVJlpuKoPSYqIymaYvETGnGI01yBhEQ - MSelkDcdox0JfinTH4lCQVRIcJcMSrqkmso/FPsXXmXYpCJ7UYlO41e+1/X79XKCgb7aptxyTKPR - 14SqG9OjYqbNVzinqYKW09hwQmvkruVohsDIsclOyAvMxMml+ILhPbN6tbatne1GUzuzuNfwbaSX - nGmNBgy+am2T1N/2rBJzXVJpElMsy1OGCIkfZIPFtZDp9Ve9/o+EW5e5dlZXOmemsPhzv8497xA9 - B71V0Hu2YdtCi5IXqv7/hC//YOUf/JqvVeOs/njCWzdYdYNf81aDUzUfO73d3Zn5Xn2o2AU7dv0Z - O5gkEhKc60cwREyJtKjGrJJEhdIisxQxRQ/B4a6N/mMbFXVUUjOYlv6csO3jkmpkxYp0fh7vFaNt - OMytrEkDZvs5EIXJyTe8dGUEjCdOqGUBdzVVGWOSRVWmt49kJjA8qhaiSOMTpvKUrusBQDFGpT8g - XZihqIshAXM1U/c9nuwebnjyYdW8XeX0d20EW8pgQjK9fmYNG3W393N0yTKagHKNhmqMMBSkouyo - ZbKlmDNRNlTUc+4eJ9JtEknpDAyZGGg+OGSm8rtl8Hfh0O+beiyoGuYsOmP8xl7FJ5Cbm5lHTRdt - b0u7t5FwwYd4MdNZCiOgqkKGrL+ci7PLt6fn07PTwfB8PJwOR6P3I8wPB0hhQfDAZAHkAlmTa2L8 - EqaI4Oma4ESy1BglWpC/mKTkQkKGU0sKhZjt2Bl9mMURGvS+Ms/rRYeh82BkseQJ4zTFZmI3tjNm - 9h7K6ndFXV6L8xSja5gA+5pw2JwucjOzP4Dj6qXwTOhVypvb6tvL/efQuIXbaxrd4EOqgVxjvPI1 - qJ80vxRw8y5ym+dJ0FyuHAzUI5EKeV5FM0sLaCcSWWP7OBDkRFTNFlmOTz2u6y481dNvi/OJb3/3 - JkynsBeS648090MyEOKGAbliGllLk7G9PMiblCZfTa6Yaioimi6E0mHf63vunPEYidEN+t39z9bi - ia0FhvlFEIOScI/8vyp5af7+Zg2MAfGGpIKKOP5WNLga4uqS33BRbmMffHgk3buQIi7wFTPkCU5U - hvVxJ1gOPHdtk0G75E9RtrXYkVBeGwg+E5dc+0qTfwoqNUiyNblDFbY+fav98fiCjCPKd5w3byf3 - 4Cio6vZaUh4t3AlNMNhzbG0lLVgan57cFw1EljFNkJ4W98SmcGulIVOYe5wLhsjYC63c1t/ANKOM - K6ahg+AJe73urr1dcjdGnzNBZdz0YNOLky3EjNdjElVIwijJDIATBZqUNaw0slz1LiFzhFaLlAsW - LUgGlCvcpNWJ2gLWDy0QGkXIkhCTJaOkQOBHcp0jzeAxzqG6cDsmlBHiDwk0grDBXVmWHVFSlXeE - TFxEHaw6+SK3wEAATudCTitnako1Xt+zAlszffn+6nh80R6/a+NFY6F5OTqrjD5VmHeAScYheTuc - fOLI5Ti4iJ6QiHwZfeLDJTNXCAY3Bt2uxq3e+w8AAP//7Flta9swEP4rJlBoS+3YTpw0g9GFvcA+ - bJQVNug3xVYbM79h2elGlv++5yRZddw4G90o+RAIwYmku8vp7rnnLv+qIErjqE+BWtujoF8s7VjF - eBfKR30qnu6TgfEJlf1etqEUF9+WPKP0tpi53hxdKuxAQJAx8YpbcYYbSeUZKy+pBjKsCipBKH/f - eXZB8ZFZSAJFriyWPLCfFGhWwWSQ1AIXayFyWnGCTjTjiYM8FhR5Js5akUi6KFChX9snGgNJnqgR - pTvtlJF3/jEtWFjR7/ycW7H8YAFPyF3S++c3FS8ElfCSK5zharPObBO6MnMBevbEG8Np85u3tjfS - DkVvnxMeEaSdMlxsdmadnv3CZSZV/gpY8pQhen0M0Rv3LQRtPlCVqIuS/hKh7Wx1zdbuQh/vcg3v - kq6X9HP3RtMPdBdmzcIWp+nWPSQzC5cEyKpGijpNGRXwwZ+qHfmQ6HhePrPaEy27AmZRE4FGKrhj - 41HkLS7HbrDAD5hOZ57vT4hcmE3QsGcbpwueRxF0oOIPHm2wdWv3xkAcCd3bX6uId0At5DYJMOpx - GHi+N+aey0d+NJuEozCYeuFlEEUum9x5/PIqei2lnIzmJ/4HvNQ5O2WZrn22rb4STi3sB3jE9h0K - dqeoF0kcksvsgjFBHsN5ZFYVgzvj8d21PXGKjOzvNu6Hb3G3/T98i7sjhEO3GNATqS5a8+M207zW - sy/KJwJn1akr+LoFvmL7+7rMCz68BeKEy8fEo5EVVk0mkx49fNPUutSIe4SCl7/0IxS8hMVHKOiF - gi7zAJUarDd0pmEesP1epeKaxuD62YXCvGIJnnZI6ZvMuWYy110wk67ugqFwPFvFZZ4puqMb/1r/ - 9aI+/pWl6C6lhHXzqFHwGcjX+tNo2Mi9GKTsxxcu6oQEt3TLMUtZzStlxyqv/ttoV8kyMqEKbenX - XA6pmnkszZZp9EMajR3bxvpb1uoD0jubzeY3AAAA//8DAG5Oz6fBGwAA - headers: - ATL-TraceId: - - 1a09c3dfdd779531 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YiXuAKGIYvdLVuQZYnTAk2LgKbOEmuK1EjKj6X933fU + w26duFsyrAjgSDze+7tPd+/BqqQy9RJPg0xBQ/qSg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozF+ANiiD9ApKDQakbe+yylhVzJzBuygMo7Cv4c8KjJ2sS7jUlFnOwPM97vxH0fEwxBcDYoav + ubWlSYIghRkwm6r3qk+toMZwKvsSbICebEBLHsQBN6aCoDMwhzXqX0zG15NeNBjEeFSHYLzk3jMY + W2UYtZApvW5ySPENNeIwjnvhsBe9mIRhEr1IDgf9QRx+F8ahM1s7sRh4beaZQTr9AEsRuqiatNuX + FAzTvHSFw9MTYgoqhE9SbiyXzJKSAwOiZmSp9LzvtJmSN1o8MYpKctcuKu7oglqqgwWHZVCHtQ2w + FUXhYTT80fC/4IcC214V6NXBAl1OqJm7XlVT656SGRUGfK9RPMO8al3fyzkCR7N8fQ4LwFjDj75n + OSKrRJR4iawwR28HJofhPkHUCUqt3mOqz+xEq133oe5s14cd9GzTvZHcWjRgvI1vB+Hf6rtGzeyS + agdkw4tScAw43SkJNqqG32C4GgyfGO4XWtZlsmnYIDzGMOLBKh78v14aWNQgRYfR0So6+hoOV53H + w3h1GH8Njy3yP358CMe4g+OMr141HIhNvn2HTc8yDRnSygOsYzhKVM2UPwry+HifYLhP8OKh8YbS + mlNHGDV7e0kvannMVUVz1sRx/+DMYRUTNrmqRDriphR03SIaj5fU4mehodOnT19D1lt6Dhpz2s1W + /XiqKlevOtTX7oDLzEusrpxvNGpfYdvchLXV0IDJuhF+jMCj6PuOwHfLto9m4g3N7Ao2DS81V5rb + 9TNL0KkHg6fxOC9oBiZwGqYzwvFAqGXfLLItX52rZcdrA+8hcuPDLhFBp+CYyYF292t9tKcM0T6E + RkNXj5yaccnZOZfzl04ygtJtFpJ1CKpxtaxlmxOp5BgXCzoVcAXUNKjU7ZN3eX7z89nF3fnZ6fji + enw3vrr6/Qrzw9EyWBC8MMmBXCIFS0ucX8INUVKsCY4zF84osYr8yjUllxoKnGdSGURc/7GxjnCc + vPADD8MhXyTezjBjyTMuqcBmYje2Q+Zku2ftXtSWt8a9wOg6jsC+ZhI2t6vSDe2/wHGzwjwTeo3y + 5tP3+dbxNDRu4fYTZXNcBDvIdcYbX6ftrvWfAu4WtqDbm+LuSy3BQZ0pofRFE81UVNDLNDLWdl1R + ZKSaZquixFVV2rYLX+rp58V5K7d/BxNuBRwk5PYNLaOEnCo150Bec4uMack1sEoDeSlo9sHliqkK + xajIlbHJMByGwYzLFGktiI/Cd7XBUV0KjPK9Ig4kyQH5R03yDf58W6tf43rlGAXVcPbbIEcVkBHm + g4cjYH0SHfnEYWuTxenrMcpu8V/vKBrUobq2sCX0C2419JXOAkQldZ3iuAM5NAd4tZ/bQtSBN3Ze + OTs3ci7V8tMqXWqVVvhVHcsM57TAqgcTLLLzWZcIAya/qGXPqj1lKlsD8TsSkNvIWPJHRbUFTbYm + 96jC1mdUa785uSTXjMo99916h2MRbbL6JI/rtbFQGMwjLRVH7Bwk9XndIlexgnJpuIU+wgsLZvKp + ojrdd+OB/dEWaM7yCWENnpBKyRRAEgOWLFtwWeQ60wBshgDzyTLnLCcFUGlQSJsbrQXM962cAqGM + IVlCShackgrxz/S6RLbBe38DAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSFFlYog6DYShMa + S8Y/6o4u/3vfSYrqeE03yij5EMgHJ5JOT2fdu3cXIbjO+V4D0QXe9a2q4gjQ9YILumAOs3Ylijyc + CEjoWNBVzlLMZZ6qNY7MiYIZRgtiQLDvHRcnBAzGl6WjhYXDVjX7RUd0MqbQVQWutsOE0wCIEk3w + lYc3XtCZ7Qm1D34KcgLtRj4CAoOw2EAkg0UFB72ItHHmxukvEYxIJnAZnd7cl7quPVmzIlNRgSjk + D162yNSNxiZT2JyavaeshJKaVbhT0+736/HVxL26cJF3VbDaTTJJV5miocuSdCmOne7xb1yUVSk/ + 4hr+KVmCXZIl6O8aiJoJqkTJfafUFKm71lTfTm0PWCGgXK5kz8sTdwkD30rXrVza5tv2Kqtr4U4W + LyiWNWkXVZoyyiidv9Ev+ZD0oczfmH5IJ5wjekiTfkvOojnr95JgNur70QwYh8PTIAQLk0zYTMIO + r0zj9ILHSYI9kII6zxhcU4N8speMjL5aPeoQ8JDr1DTFPqaCiYIw6PPA570wOR3EvTgaBvEoShKf + DeYBH50nZ8rKUW98FH7FR69zUyYMbbqu/qnwqsKt4RE39IiPvayarZYxuczNGCvIY1iv0gPEHB4/ + T9yBlwnC365E9x9xu5Tdf8TtUnjfEYN6El1SGsHW1D4T09mheCKy1oWfpq8bCDdM/1LlEiX7Dago + XjwHHjVkMGojmfYx/Smj9XLDuAcqeP+XfqCC90B8oIKdVGCVByDe6oh7pF6uefZhV5bMtKjbSmRX + R8i3HaH2gO2wtAesUuPifplLoVWNKTgr81+E/vpPSGWqLTxuHg3ZvYHgGn+jfNjYPemk7OGSF9WK + DDf2VuV9Xo5LjeNelv+vI6iNWaPYC5XQD6m6I7YJKXPVc6AtLZBttOEWXLNAuWe9Xj8BAAD//wMA + IWL7NvoaAAA= + headers: + Atl-Traceid: + - 0101293d24264ec4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8bae9d72-66f9-4e2c-ba71-9cdc4db88945 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '255' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 435ef34a-f15f-443a-a852-15fba627aa76 - x-envoy-upstream-service-time: - - '101' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11780 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSAiXSdGKl23HHGNeWIY1NlZu8ph6JHdlO0x7jf79n - J2kZrNzGQIL42e/7533sWwdWOeWxEzoSeAwS4jcM0li1OM1AtVS0gIy2RA6Saia4akHMdAaatqIF - 5QmkImktQSrcg3gEuQQFXFdnnZbDjGXf9/r7uFCQznG50DpXoevGMIdIx+KL6FCdUqUY5R0O2kUb - 2qU5cwOXKVWA2xi4gTXqn0+G40m7f3SAkrkN1glvHYVOCxVRDYmQ6yq4GFeoEHiB3/Z67aA/8YOw - 2w33vc7h/tHvXuB5JkbjQ69zsGaeGaPRd33P84JN1vUiBhVJlpuKoPSYqIymaYvETGnGI01yBhEQ - MSelkDcdox0JfinTH4lCQVRIcJcMSrqkmso/FPsXXmXYpCJ7UYlO41e+1/X79XKCgb7aptxyTKPR - 14SqG9OjYqbNVzinqYKW09hwQmvkruVohsDIsclOyAvMxMml+ILhPbN6tbatne1GUzuzuNfwbaSX - nGmNBgy+am2T1N/2rBJzXVJpElMsy1OGCIkfZIPFtZDp9Ve9/o+EW5e5dlZXOmemsPhzv8497xA9 - B71V0Hu2YdtCi5IXqv7/hC//YOUf/JqvVeOs/njCWzdYdYNf81aDUzUfO73d3Zn5Xn2o2AU7dv0Z - O5gkEhKc60cwREyJtKjGrJJEhdIisxQxRQ/B4a6N/mMbFXVUUjOYlv6csO23HExTf8CJM7iqD1CN - PFnR0M9PQMVxG1ZzK2vSwNt+DkRhsvQNU10ZAeOJE2pZwF1NXsaYZFGV++0jmQkMj6qFKNL4hKk8 - pet6JFAcScBczdR9jye7hxuefFg1b1c5/V0bwa6N7pZLmJBMr59Zykbd7f0cj7KMJqBco6EaIwwF - qSg7aplsuedMlA1H9Zw7g4UZGDIx0HyQlJnK72br78Kh3zdpL6ga5iw6Y/zGXsUnkJubmUdNz2wn - S7u3kXDBh3gx01kKI6CqwoGsv5yLs8u3p+fTs9PB8Hw8nA5Ho/cjTAMHSGHeeGCyAHKBrMk1MX4J - U0TwdE1wIllqjBItyF9MUnIhIcOpJYVChHbsjD7M4ggNel+Z5/Wiw9CpLgxsEdZ4O1LfjDFWO2Gc - pg8P1e+KurwW1SlG1zABti/hsDld5GZmfwDH1UvhmQirlDe31beX+8+Bbouq1zS6wYdUg6zGeOVr - UD9pfing5l3kNs+ToLlcORhERyIV8ryKZpYW0E4kcsT2cSDIiaiaLbIcn3pc1114qn/fFucT3/7u - TZhOYS8k1x9p7odkIMQNA3LFNHKUJmN7eZA3KU2+mlwx1VRENF0IpcO+1/fcOeMx0qAb9Lv7n63F - E1sLDPOLIAYl4R75f1Xy0vz9zRoYA+INuQMVccqtaHA1xNUlv+Gi3MY++PBIunchRVzgK2bIE5yo - DOvjTrAceO7aJoN2yZ+ibGuxI6G8NhB8Ji659pUm/xRUapBka3KHKmx9+lb74/EFGUeU7zhv3k7u - wVFQ1e21pDxauBOaYLDn2NpKWrA0Pj25LxqILGOaID0t7olN4dZKQ6Yw9zgXDJGxF1q5rb+BaUYZ - V0xDB8ET9nrdXXu75G6MPmeCyrjpwaYXJ1uIGa/HJKqQhFGSGQAnCjQpa1hpZLnqXULmCK0WKRcs - WpAMKFe4SasTtQWsH1ogNIqQJSEmS0ZJgcCP5DpHmsFjnEN1vXZMKCPEHxJoBGGDu7IsO6KkKu8I - mbiIOlh18kVugYEAnM6FnFbO1JRqvKxnBbZm+vL91fH4oj1+18aL0ULzcnRWGX2qMO8Ak4xD8nY4 - +cSRy3FwET0hEfky+sSHS2auEAxuDLpdjVu99x8AAAD//+xZbWvbMBD+KyZQaEvt2E6cl8Howl5g - HzbKChv0m2KrjZltGctON7L89z0nKWrqxtnoRsmHQClOJN2dT3fPPXf5VwVJniZdCvTaHgXdYmnH - MsV/qX3UpeLpPhUYn1DA71QbSnHxbcELSm+H2esV6FJhBwKCjEmX3EkL3EiuzjiiohrIsCqpBKH8 - fefFBcVH4SAJNJVyWHbPflKgOSVTQdJIXKyDyNmKE3SiBc885LGkyLNxthWJpIsCFfqNfXJjIMmT - DaJ0p50q8s4/5iWLa3rPz8JJ1QcHeELuUt4/v655KamEV1zjDNebTWbb0FWZC9BzR8EQTptdv3WD - gXEoentBeESQdspwscWZc3r2C5eZ1eIVsOQpQwy6GGIw3CxQ+agrlD/FaYmltrdGHTL8zgXLu5SH - FZncvbGLh/m2H0BasnhB0Lqj+2iXu7aUqbWjyXNGBbz3p2pHPiQ6LqpnVnuiZZfALGoZ0EhFt2w4 - SIL5ZOhHc9g0Hk+DMBwRubCboGHPNk4XPEsS6EDF7z3Y4JrW7o2FOBK6t7/WEe+BWqhtCmD0Yz8K - wmDIA58PwmQ6igdxNA7iSZQkPhvdBnxymbxWUk4Gs5PwA/70OTdnhal9rqu/kl4j3Xt4xA09Cnav - bOZZGpPL3JIxSR7DeWRWnYI74/HdlTvyyoLsbzfuh29xu/0/fIvbI4RDtxiYlOie2fDjbaZ5ZWZf - lE8Ezrov17h2A3zF9vdNJUrevwEUxYuHxKORFVZtJpMeM3wz1LoyiHuEgpe/9CMUvITFRyjohII2 - mQCV6q3WdGZDQWD7nU7FFY3BzbMPhaJmGZ52SOmazPldkznfTubaC5bC8WKZVqLQJMk0/o356UV/ - /BtLl6L+bwNULcvKhCK0g1+FGg7ZqSe6WWXxavNoUPfZ+tWPVP2N3Itezn584bLJSPDWu6qxTlXP - av3eNFum0Q+9uf3+8eHw0WlzQFm7Xq9/AwAA//8DAL38R13BGwAA - headers: - ATL-TraceId: - - 81070ca85969a9f0 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YiXuAKGoYvdLVuQZYnTAE2LgKbOEmuK1EjKj6X933fU + w26duFsyrAjgSDze+7tPd+/BqqQy9RJPg0xBQ/qKg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozF+ANiiD9BJKDQakbe+yylhVzJzBuygMo7Cv4c8KjJ2sS7jQlFnOwPM97vxH0fEwxBcDYoav + ubWlSYIghRkwm6r3qk+toMZwKvsSbICebEBLHsQBN6aCoDMwhzXqn0/GV5NeNBjEeFSHYLzk3jMY + W2UYtZApvW5ySPENNeIwjnvhsBe9mIRhEr1IDgf9QRx+F8ahM1s7sRh4beaZQTr9AEsRuqiatNuX + FAzTvHSFw9OXxBRUCJ+k3FgumSUlBwZEzchS6XnfaTMlr7V4YhSV5K5dVNzRBbVUBwsOy6AOaxtg + K4rCw2j4o+F/wQ8Ftr0q0KuDBbqcUDN3vaqm1j0lMyoM+F6jeIp51bq+l3MEjmb5+gwWgLGGH33P + ckRWiSjxEllhjt4OTA7DTlBq9R4zembBW+263HUDu3LvgGSb1bXk1qIB4218O6T+Vt81amaXVDu8 + Gl6UgmPA6U7m2I8aZYPhajB8Yrhf6EyXyaYvg/AYw4gHq3jw/3ppul9jER1GR6vo6Gs4XHUeD+PV + Yfw1PLYA//jxIRyjfTiNO8GMr143HIjdv32HaMgyDRnSygOsY5xKVM2UP2o1Pt4nGO4TvHhovKG0 + 5tQRRs3eXtKLWh5z5dKcNXHcPzhzIMZKmFxVIh1xUwq6bqGOx1h3+xpr6uDfuqAWPxQNwT59UBv6 + 3hJ20JjTbgzrxxNVuQrWwd+4Ay4zL7G6ctEwDZism+3HCDyKvu8IfLdsG5rZFexreLxpeKm50tyu + n5lwpx4MnsbjvKAZmMBpmM4IxwOhln2zyLZEdqaWHeENvIeQjg+7RASdgqMsB9rdr/XRnjJE+xAa + DV09cmrGJWdnXM5fOckISrdZSNYhqMbVspZtTqSSY1ws6FTAJVDToFK3T97F2fXPp+d3Z6cn4/Or + 8d348vL3S8wPR8tgQfDCJAdygdwsLXF+CTdESbEmOOdcOKPEKvIr15RcaChw0EllEF/9x+Y9wnHy + wg88DId8kXjN9wp7h8XfztRnA45tyLikYvdSuxe15a1RLjC6jiOwr5mEze2qdEP7L3DcrDDPhF6j + vPkmfr51PA2NW7j9RNkcF8EOcp3xxtdJu2v9p4C7hS3o9qa4+4RLcFBnSih93kQzFRX0Mo2MtV1X + FBmpptmqKHFVlbbtwpf693lx3srt38GEWwEHCbl9Q8soISdKzTmQG26RMS25AlZpIK8EzT64XDFV + oRgVuTI2GYbDMJhxmSKJBfFR+K42OKpLgVG+V8SBJDkg/6hJvsGfb2v1K1yvHKOgGs5+G+SoAjLC + fPBwBKxPoiOfOGxtsji5GaPsFv/1jqJBHaprC1tCv+BWQ1/pLEBUUtcpjsuRQ3OAV/u5LUQdeGPn + tbNzLedSLT+t0oVWaYWf27HMcE4LrHowwSI7n3WJMGDyi1r2rNpTprI1EL8jAbmNjCV/VFRb0GRr + co8qbH1GtfablxfkilG5577b+3Asok1Wn+RxtTYWCoN5pKXiiJ2DpD6vW+QqVlAuDbfQR3hhwUw+ + VVSn+248sD/aAs1ZfklYgyekUjIFkMSAJcsWXBa5zjQAmyHAfLLMOctJAVQaFNLmRmsB830rp0Ao + Y0iWkJIFp6RC/DO9LpFt8N7fAAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg2E4T + GkvGP+qOLv9730my6nh1N8oo+RDIByeS755Ouqd3F85jdec7DUQX2OtbWcURoOtVzOmAWczYFSjy + sCIgoWVBcFlrvhRZIt+xREYUzDCaEwOCfe9ifkLAYHxdWEpYWGxTsV+0RCtlEl2Z42hbjFsNgCjR + eLxxsOM5rdmsUMXgJ6cgkDeKERBohHkNkQzmJQL0ItLGmhurv0Qy4jJByGj1+rxUVeWIiuWpzApk + YfzgpKtUnmg4mcPmXPueswJKalHiTM3736+nVzP76sLGvSuT1ThJBR1lyoY+i5I1P7b6x79xUDaF + +Ihj+Kdk8bokizfsGgjqASK6AiX3ndROpO5aU10ztT3QJQRcIwTkXkg99PLELunqGum6c6G2iRjh + ZOGKclmRdl4mCaMbpfc3+qUYkj4U2RuvH9IJ58geUqDforNgyYaDyFtMhm6wwALG41PPBwvDj5kE + D69Mi2mDp1EEH7iCes8YbF2cfDKHjIy+WlaqFHBw18lpkn10aRN4vjeMPTce+NHpKByEwdgLJ0EU + uWy09OLJeXQmrRwNpkf+V3zUe3bCuKZN21Y/5U6Z2xUiYvsO8bGTlovNOqSQ2SljOUUM78vrAWIO + j59n9shJOeFvl6j7j7hd4+4/4naNvO+IQT2RKim1YGtqn5lu+VA+EVmrMk/R1w2EG6Z/KTOBWv4G + jBOunhOPOjUYNZlMfnR/Smu9TDPugQref9MPVPAeiA9U0EkFRmAA4q3KuEdq8upnF3ZFwXSLui1T + ujpCrukItQdMh6U9YJRazO/XmeBK1eiCs9T/Raiv/4RUJMrCY/2oye4NBNf4G+VDbfekl7CHyzgv + N2S44VuW91kxLRSOe1H8v/6fMmaMwhcqoR9CdkfqJiR1NannQC4NkF20/g5c/YIMz3a7fQIAAP// + AwCJuxUU+hoAAA== + headers: + Atl-Traceid: + - 6d82997e8433caee + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1f94c60a-2e14-45ec-83dd-60a8bf8dacc1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '260' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 92185235-fe0c-49b2-80c7-369a6bc6ed40 - x-envoy-upstream-service-time: - - '137' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,61 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jYlN9GDiqxCuycRSdIpVtKmtKmwLPvfTXDx4za88zzz - Midi9IqHxRFF3kOYV7XbddijDZ3/8FQHp9d10BOdMJCMfOKyDn6KMANgFCjkzf76ubl7an+3+200 - cSLqJUEZZPCakQ5n548jTqE9zhgP3Di/dVEy2+C6b4WoJJTyEt7qkEAOnOVQ5Fy2rFDAlCgoAFwB - B4j+ikvsbYfxH1u3jCshVMloLesf1o73U+8jKHktq7I32goUGiuwfSUr0xktobcAuiikNCj+FASX - Gh6GRZP0Tq83Fx691Sk+EXeZCE5vh4acz18AAAD//wMAKf5loloBAAA= - headers: - ATL-TraceId: - - a2cea876d471a64f - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jZtbqIHFVmFdk8ikjYJVtKkNKmwLPvfTXHx4za88zzz + MifUy6APi0UCvcc4B7HbKW30EJX/8FhGK0MYpcNOR5ShT72E0bsEEwCCAUPe7q+f27un7ne7X6c+ + TUi8bFAGGbxmSOnZ+uOkXeyOs04HbqxfVZL6dbTqW0EiCRTKS3gr4wZSoDSHOie8g1oAF7TEAHCV + SEh+0Evq7cbpH9t0AII0gpW4Zs0PO0z3zvgEVgXhhhljGK8prYDVAEUpaUUGCaoaOC80sOpvQbRb + w8O4SLS9Y+Rq46Mf5BafkL1MSLu3Q4vO5y8AAAD//wMAmKqD7FoBAAA= + headers: + Atl-Traceid: + - 155b926424d3fd75 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3aae15da-f063-4c35-aee3-d934da106e59 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b7a31467-dfde-44c6-9115-e4473f702b8d - x-envoy-upstream-service-time: - - '31' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -600,110 +516,96 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0a2269a75373f6a4 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - d33ea284403b612c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d9f50318-ccad-4130-a183-90e3675d7ccc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '169' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c3adad01-7aca-424a-867f-ca99c428d88e - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without + Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure + Flag|http://localhost:8080/finding/261]\n\n*Defect Dojo link:* http://localhost:8080/finding/261 + (261)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": + "Low"}}}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,95 +615,60 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + string: '{"id":"11781","key":"NTEST-1443","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11781"}' headers: - ATL-TraceId: - - 4c0355770022aca8 - Connection: - - keep-alive + Atl-Traceid: + - cb934e7c85f603de + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 053e12d9-7be9-451c-b571-5cf252edeca3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '610' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7bf49c86-5bc8-4f90-b4ca-9c0452eb52f5 - x-envoy-upstream-service-time: - - '107' status: - code: 200 - message: OK + code: 201 + message: Created - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2836]\n\n*Defect Dojo link:* http://localhost:8080/finding/2836 - (2836)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/692]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": - "Low"}}}' + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -812,53 +679,98 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1443 response: body: - string: '{"id":"11086","key":"NTEST-897","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11086"}' - headers: - ATL-TraceId: - - f41d77c7fa2896c7 - Connection: - - keep-alive + string: !!binary | + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhzXAHD0MXuli3IssRpgaZFQFNniTFFaiQV22v733fU + i906dbdkWGEgkXi89+ce3TsP1iWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+h1GBA2vYuq4xVxcIZvI3CMAr7Gv6swNjZpoQLTZnlDDzf485/FB2PI3wxIBb4 + mltbmiQIUlgAs6m6U31qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BJWxQ/3w2vZr1ouFwgEd1CMZL3nkG + Y6sMoxYypTdNDim+oUYcxnEvHPeiZ7MwTKJnyWDUPx5//10Yh6EL0jmxGHht5olBOv0ASxHG27Tb + lxQM07x0hcPT58QUVAifpNxYLpklJQcGRC3ISull32kzJa+1eGQUleSuXVTc0ntqqQ7uOayCOqxd + gK0oCgfR+EfD/4IfCmx7VaBXBwt0OaNm6XpVza17ShZUGPC9RvEU86p1fS/nCBzN8s0Z3APGGn7w + PcsRWSWixEtkhTl6ezAZhJ2g1OoOM3piwVvtutx1A7tyu5ePQLLL6lpya9GA8ba+HVJ/q+8atbAr + qh1eDS9KwTHgdC9z7EeNsuF4PRw/MtwvdKbLZNuXYXiMYcTDdTz8f7003a+xiA6j0ToafQ2H687j + IF4P4q/hsQX4hw8P4RgdwmncCRZ8/bLhQOz+zVtEQ5ZpyJBWHmAd41Siaqb8s1bj40OC8SHBs4fG + G0prTh1h1OztJb0IX6lFUm/I8PFD1VDtjlyDxpx2I1M/nqjKZRs5wnzlDrjMvMTqCrC0aNS+xG64 + wWmCq+05+5qzpirvHpy5WFHZ5KoS6YSbUtBNO3iuXRowWTfbnyPwYRR3BL5fti3N7AsONTzeNnxf + MNgxFlea280Tq9upB8PHETwvaAYmcBqmM8LxQKhV39xnO4Y7U6uOCYde3ZA5OMpyoN3/Wo8OZBsd + Qmg0dmnn1ExLzs64XL5wkgmUbrOQrOtZ3clVLdueSCWnuFjQuYBLoKbBgW6fvIuz659Pz2/PTk+m + 51fT2+nl5e+XmAaOlsG88cIsB3KB3CwtcX4JN0RJsSE451w4o8Qq8ivXlFxoKHDQSWUQs/3PzXuE + 4+SF73kYju8Gibc3zFjZjEsqsGdY9N2QOdn+WbsXteWtUS0wuo4jsH2ZhO3tqnRD+y9w3KwwT0RY + o7z9Jn66dTwOdDtU/UTZEhfBDlmd8cbXSbtr/aeAu4Ut6PamuPuES3CIZkoofd5EMxcV9DKNHLFb + VxSZqKbZqihxVZW27cKXevppcd7I3e9oxq2Ao4TcvKZlnJATpZYcyCtukaMsuQJWaSAvBM3eu1wx + VaEYFbkyNhmH4zBYcJkiMQbxKHpbG5zUpcAo7xRxIEmOyD9qkm/wz7e1+hWuV444UA1HvA1yUgGZ + YD54OAHWJ9HIJw5b2yxOXk1RdoP/eqNoWIfq2sJW0C+41dBXOgsQldR1iuNy5NAc4NV+bgtRB97Y + eensXMulVKuPq3ShVVrh53YqM5zTAqsezLDIzmddIgyY/KJWPasOlKlsDcRvSUBuImPJHxXVFjTZ + mTygCjufUa39+vkFuWJUHrjv9j4ci6Ydn/6OrjbGQmEwj7RUHLFzlNTndYtcxQrKpeEW+ggvLJjJ + 54rq9NCNB/YnO6A5y88Ja/CEVErmAJIYsGTVgssi15kGYAsEmE9WOWc5KYBKg0La3GgtYL5v5BwI + ZQzJElJyzympEP9Mb0pkG7z3NwAAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+lIUWViiDoNhO + YxpLxj/qji7/e99Jiup4dTfKKPkQyAcnkk9PJ927dxfOY5VlnQaiC5z1raziCND1KuZ0wSxm7AoU + edgRkNC2ILishC9Fnsp3LJETBTOMFsSAYN+7mJ8QMBhPSkulcouta/aLtmhlTKKrClxti3GrARAl + Go/XDk68oD2bHSof/OTkBFqNfAQEGmGxhUgGiwoOehFpY8+N3V8iGJFM4DLavb4vdV07omZFJqMC + URg/ONkqkzcai8xhc67XnrMS2mVR4U7N+9+vp1cz++rChk6QwWoWyQRdZYqGPovShB9b/ePfuCjr + UnzENfxTsnhdksUbdg0EzQRVouS+k3qM9FRrqmumtge6hIBrhIA8Cyl7Xp5opOtOLm3zbfsto2vh + ThauKJYVaRdVmjLKKL2/0S/5kPShyN+YfkgnnCN6SNV+i86CJRsOIm8xGbrBAhjH41PP90eU7cwk + rPDKtJgOeBpFWAMpqPeMwdbFySdzycjoq2WlCgEHuU5Ok+yjS5vA871h7LnxwI9OR+EgDMZeOAmi + yGWjpRdPzqMzaeVoMD3yv+Kj3rNTxjVt2rb6qXCqwq7hEdt3iI+drFqsk5BcZmeMFeQxvC/TA8Qc + Hj/P7JGTccLfLlH3H3G7xt1/xO0aed8Rg3oiVcRpwdbUPjPd8qF4IrJWpaOirxsIN0z/UuUCtfwN + GCdcPQcedWowaiKZ1tH9Ka31cs24Byp4/0M/UMF7ID5QQScVGOUBiLcq4h6pyaufXdgVJdMt6rYS + 6eoIuV0dIdd0hNoDRqnF/D7JBVeqRheclf4vQn39J6QiVRYet4+a7N5AcI2/UT5s7Z70UvZwGRfV + mgw31pblfV5OS4XjXpT/r6eojBmjWAuV0A8huyPbth91NannQEsaILto/R24+gXpns1m8wQAAP// + AwCEnNS5+hoAAA== + headers: + Atl-Traceid: + - 1646b15b15a835d9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 67c031b9-4f33-4d95-ba92-6940a0695685 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '463' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 04fbbdff-aefe-403f-8e7f-a093aa001238 - x-envoy-upstream-service-time: - - '494' status: - code: 201 - message: Created + code: 200 + message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-897 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11781 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8cNpxbfOlPegiTScG3Y47xri2DGlsqtzkNfVI7Mh2mvY2/vd7 - thPKYOU2BhLEz37fP+9jf/ZgXVKeerEngacgIX3FIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOCqTCPUjHUEpQwLU763U8ZiyHYTDcx4WCfIHLpdalin0/hQUkOhWfRI/qnCrFKO9x0D7a - 0D4tmR/5TKkK/NbANWxQ/2w6mky7w+cHKFnYYL34s6fQaaUSqiETcuOCS3GFClEQhd1g0I2G0zCK - +/3496h3sH/wWxAFgYnR+NCbEqyZJ8Zo9P0wCILoNutmkYJKJCtNRVB6SFRB87xDUqY044kmJYME - iFiQWsjrntFOBL+Q+fdEoSCpJPgrBjVdUU3lH4r9Cy8KbFJV/OJEJ+mLMOiHw2Y5xUBfbFPueKbR - 6GtK1bXpUTXX5ite0FxBx2tteLE1ctPxNENglNhkL+YVZuKVUnzC8J5YvUbb1s52o62dWdxp+DbS - C860RgMGX422Sepve1aJha6pNIkpVpQ5Q4Sk97LB4lrIDIbrwfB7wm3K3DhrKl0yU1j8uVvnQWBQ - GQ3W0eDJhm0LLUp+Uc3/R3yF++tw/+d8rVtnzccj3vrRuh/9nLcGnKr92Ont5sbM9/qdYxfs2NVH - 7GCWSchwrh/AEDEl8sqNmZMkldKisBQxQw/Rwa6N4UMbjjqc1AympT8v7oYdD9PU73DiDK7cATtO - BtOSJS6Azw9kBnGYkFqKKk+PmSpzumlwieKaamRaR2Q/PkOOJW950XfWpBkQ+3kkKlOn0ER6aQSM - Z16sZWVcJxIwVzN13+LJQb/f8uT9qgW7yhnu2oh2bfS3XMKEZHrzxEK06v7gx3iUFTQD5RsN1Rph - KMhF3VOrbMs9p6JuOWrg3RgszMGQiYHmvaTMVH4z23AXDsOhSXtJ1ahkySnj1/YqPobS3Mw8aeFi - QVTbvVsJF3yEFzOd5zAGqhwEZfPlnZ9evD45m52eHI3OJqPZaDx+O8Y0cIAU5o0Hpksg58iaXBPj - lzBFBM83BCeS5cYo0YL8xSQl5xIKnFpSKcRXz87o/Syeo8HgCwuCQbKIvXsji5XNGKc59gyLvp0x - s3df1rwrmvJakOcYXcsE2L6Mw+3pqjQz+x04di+FJyLMKd/eVl9f7j8Gui2qXtLkGh9SLbJa487X - UfOk+amA23eR3z5PovZy5WAQnYhcyDMXzTyvoJtJpKft40CQY+GaLYoSn3pcN114rKdfF+cD3/7u - TZnOYS8mV+9pGcXkSIhrBuSSaaRHTSb28iCvcpp9MbliqrlIaL4USsfDYBj4C8ZTJDE/Gvb3P1qL - x7YWGOYnQQxK4j3y/6rkmfn7qzUwAcQbcgcq4pRb0dHlCFcX/JqLehv70bsH0r1zKdIKXzEjnuFE - FVgff4rlwHNXNhm0S/4UdVeLHQmVjYHoI/HJVag0+aeiUoMkW5M7VGHrM7Ta7w/PySShfMd583by - 959Hrm4vJeXJ0p/SDIM9w9Y6acXy9OT4ruhIFAXTBOlpeUdsCrdRGgqFuaelYIiMvdjKbf0NTAvK - uGIaegieeDDo79rbJfdT9DkXVKZtD257cbyFmPF6SBKHJIySzAE4UaBJ3cBKI8u5dwlZILQ6pF6y - ZEkKoFzhJnUnGgtYP7RAaJIgS0JKVoySCoGfyE2JNIPHOAd3s/dMKGPEHxJoAnGLu7que6KmquwJ - mfmIOlj3ymVpgYEAnC2EnDlnakY1vhPmFbZm9uzt5eHkvDt508WL0ULzYnzqjD5WmDeASaYxeT2a - fuDI5Ti4iJ6YiHKVfOCjFTNXCAY3Ad1149bs/QcAAP//7Flta9swEP4rJlBoS+3YTpyXwejCXmAf - NsoKK/SbYquNmd+w7HQjy3/fc5KsJm6cjm6UfAiUokTS3Um6e+65y78qiNI46lKg5vYo6BZLK5Yx - /gt1R10qnq6TjvEFCfxelqHkFzcLnlF4W8w8b44qFXbAIciYeMmtOMOLpHKPlZeUAxlmBaUgpL8f - PLsg/8gsBIFicRZLHtgvcjSrYNJJaoGHteA5G36CSjTjiYM4FuR5xs82PJF0kaNCv7ZPNAaSPFHD - S3faKT3v/HNasLCic37NrVh+sIAndF3y9s+vK14ISuElVzjD1WId2cZ1ZeQC9OyRN8Slza7f295A - Xyhq+5zwiCDtlOFhszPr9Ow3HjOp8jfAkqcM0etiiN5wM+1XJdKfZKREkNtLgw4ZbudEF+9yDe+S - Vy9Z5u6Fph5oT0ybiS1O0857CGYWLgiQVY4UdZoySuC957Id3SHR8bx8YbYnWnYJzCLCj0IquGPD - QeTNJ0M3mOMA4/HU8/0RkQuzCBr2LOP0wLMogg5k/N6jDbYu7d4ZiCOhe+tr5fEOqIVcJgFGDfuB - 53tD7rl84EfTUTgIg7EXToIoctnozuOTy+itlHIymJ34n/Cn9tkpy3Tus231lXBqYT/gRmzfIWd3 - inqexCFdmV0wJujGsB+RVcXgzhh+uLJHTpGR/e3C/fAtbpf/h29xu4Vw6BYDkyJVrmt+vMk0r3Tv - i+KJwFlV1QrXboGvWP6xLvOC92+BOOHiMfCoZYVZE8mkRzffNLUuNeIeoeD1H/0IBa9h8REKOqGg - zTxApXqrNe1pmAdsv1ehuKI2uB67UJhXLMFoh5Suzpzb1ZlzTWeuPWEoHM+WcZlniu7owr/WP72o - j39j6TKv/lv7U8kyMqEI5eD3XDaHmoYrXEtZvGqGGnVfrF/+SNVv5F70UvbzGxd1QoI3zirbOmU1 - q9S5qbdMrR86ufl+e7O/tVtvkNau1+s/AAAA//8DAD6NoB7BGwAA - headers: - ATL-TraceId: - - d2e6adfefeb7ff8b - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhzXAHD0MXuli3IssRpgaZFQFNniTFFaiQV22v733fU + i906dbdkWGEgkXi89+ce3TsP1iWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+h1GBA2vYuq4xVxcIZvI3CMAr7Gv6swNjZpoQLTZnlDDzf485/FB2PI3wxIBb4 + mltbmiQIUlgAs6m6U31qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BJWxQ/3w2vZr1ouFwgEd1CMZL3nkG + Y6sMoxYypTdNDim+oUYcxnEvHPeiZ7MwTKJnyWDUPx5//10Yh6EL0jmxGHht5olBOv0ASxHG27Tb + lxQM07x0hcPT58QUVAifpNxYLpklJQcGRC3ISull32kzJa+1eGQUleSuXVTc0ntqqQ7uOayCOqxd + gK0oCgfR+EfD/4IfCmx7VaBXBwt0OaNm6XpVza17ShZUGPC9RvEU86p1fS/nCBzN8s0Z3APGGn7w + PcsRWSWixEtkhTl6ezAZhIcEUScotbrDVJ/YiVa77kPd2a4P7uUj9OzSvZbcWjRgvK1vB+Hf6rtG + LeyKagdkw4tScAw43SsJNqqG33C8Ho4fGe4XWtZlsm3YMDzGMOLhOh7+v14aWNQgRYfRaB2NvobD + dedxEK8H8dfw2CL/w4eHcIw7OC74+mXDgdjkm7fY9CzTkCGtPMA6hqNE1Uz5Z0EeHx8SjA8Jnj00 + 3lBac+oIo2ZvL+lFLY+5qmjOmjjePThzWMWETa4qkU64KQXdtIjG4xW1+Flo6PTx09eQ9Y6eg8ac + drNVP56oytWrDvWVO+Ay8xKrK+cbjdqX2DY3YW01NGCyboQ/R+DDKO4IfL9sh2gm3tLMvmDb8H3B + YEdMXGluN0+sTaceDB9H8LygGZjAaZjOCMcDoVZ9c5/tiOxMrTrCG3p1OefgmMmBdv9rPTqQbXQI + odHYpZ1TMy05O+Ny+cJJJlC6zUKyDkE1rla1bHsilZziYkHnAi6BmgaVun3yLs6ufz49vz07PZme + X01vp5eXv19iGjhaBvPGC7McyAVSsLTE+SXcECXFhuA4c+GMEqvIr1xTcqGhwHkmlUHE9T831hGO + kxe+52E4vhsk3t4wY2UzLqnAnmHRd0PmZPtn7V7UlrfGvcDoOo7A9mUStrer0g3tv8Bxs8I8EWGN + 8vbT9+nW8TjQ7VD1E2VLXAQ7ZHXGG18n7a71nwLuFrag25vi7kstwSGaKaH0eRPNXFTQyzQy1m5d + UWSimmarosRVVdq2C1/q6afFeSN3v6MZtwKOEnLzmpZxQk6UWnIgr7hFxrTkClilgbwQNHvvcsVU + hWJU5MrYZByOw2DBZYq0FsSj6G1tcFKXAqO8U8SBJDki/6hJvsE/39bqV7heOeJANRzxNshJBWSC + +eDhBFifRCOfOGxtszh5NUXZDf7rjaJhHaprC1tBv+BWQ1/pLEBUUtcpjjuQQ3OAV/u5LUQdeGPn + pbNzLZdSrT6u0oVWaYVf1anMcE4LrHowwyI7n3WJMGDyi1r1rDpQprI1EL8lAbmJjCV/VFRb0GRn + 8oAq7HxGtfbr5xfkilF54L5b73AsmnZ8+ju62hgLhcE80lJxxM5RUp/XLXIVKyiXhlvoI7ywYCaf + K6rTQzce2J/sgOYsPyeswRNSKZkDSGLAklULLotcZxqALRBgPlnlnOWkACoNCmlzo7WA+b6RcyCU + MSRLSMk9p6RC/DO9KZFt8N7fAAAA///sWe9r4kAQ/VeCULDQpEk0ag9KT7g7uA/lpIUrlANZk1il + ZjfkR9Oj5//eN7vrNqamd5Sj+EHwQzSbmbeTnTdvRs5jVfOdGqJLvOs72cURoJtFzOmAWczYFWjy + sCMgoW1BV1lLPhdZIp+xREYUzHA3JwYE+97H/ISAwfiysJSwsNiqYr9pi1bKJLoyx9G2GLdqANGi + 8Xjl4I3ntGezQxWDX5yCQN4oRkCgEeYbiGQwLxGgnUhre67t/grJiGKCkNHu9XmpqsoRFctTmRXI + wvjRSRepPNFwMoXNqfY9ZQWU1KzEmZp2f9yMryf29aUNnSCT1ThJBR1lyoYui5IlP7a6x39wUFaF + +IRj+FqyeG2SxevX61CBzvpeiiYScc2lQYsNt/WGEQIy5FLd7F7YJgxcI10RGBYuKCt3ag7XSNmt + otsk5rxMEkYVpfM3+qUYkj4U2TvLD+mEC2QPadLv0XkwZ/1e5M1GfTeYAfBweOb5/oCqnVkED28s + i+kFj6MIPlCCOi8YbN2DfDaHjIy+2T2qFHBQ6+QyyT66gwk83+vHnhv3/OhsEPbCYOiFoyCKXDaY + e/HoIjqXVo564yP/Gz7qOTthXNOmbaufcqfM7QoRsX2H+NhJy9lqGVLI7JSxnCKG52V5gJjD5ZeJ + PXBSTvibnej+I262svuPuNkK7zticFKkWkot2OraZ6InO5RPRNaq8VO8dgvhhuVfy0ygZb8FFYWL + l8SjgQzumkwmP3o+pbVephn3QAUf/9IPVPARiA9U0EoFRlAA4p3KuCea5eprF3ZFwfSIuilL2iZC + bttEyDUToeYNo9Ri/rDMBFdaSDecpf4vQn39J6QiURaeNpea7N5BcLW/UU43dk86CXu8ivNyRYZr + vmV7nxXjQuF4EMX/mwgqY8YofKET+inkdMQMIUUmZw7k0gDZRutvwdUPyPCs1+tnAAAA//8DADtc + A+76GgAA + headers: + Atl-Traceid: + - 535c623ca26edbdb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:52 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1505c2f0-293a-4acc-ae46-e20e739b9f38 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '220' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6a4b46eb-c204-448d-a6ef-472466092d18 - x-envoy-upstream-service-time: - - '122' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSHnSRphMr3cYdY1xbhjQ2VW7ymnpN7Mh2mvYY//s9 - OwllZeU2BhLEz37fP+9j3ziwzimPndCRwGOQEL9mkMaqxWkGqqWiBWS0JXKQVDPBVQtipjPQtBUt - KE8gFUlrBVLhHsQjyCUo4Lo667QcZiz7vtc/xIWCdI7Lhda5Cl03hjlEOhZfRIfqlCrFKO9w0C7a - 0C7NmRu4TKkC3MbAEjaofz4Zjift/osjlMxtsE544yh0WqiIakiE3FTBxbhChcAL/LbXawf9iR+E - 3W74R9A5Ojz63Qs8z8RofOhNDtbME2M0+q7veV5wl3W9iEFFkuWmIig9JiqjadoiMVOa8UiTnEEE - RMxJKeSyY7QjwS9l+iNRKIgKCe6KQUlXVFP5p2L/wssMm1RkzyrRafzS97p+v15OMNCX25Rbjmk0 - +ppQtTQ9KmbafIVzmipoOY0NJ7RGbluOZgiMHJvshLzATJxcii8Y3hOrV2vb2tluNLUzi3sN30Z6 - yZnWaMDgq9Y2Sf1tzyox1yWVJjHFsjxliJB4JxssroVMr7/u9X8k3LrMtbO60jkzhcWf+3XueQaV - QW8d9J5s2LbQouSZqv8/4ss/XPuHv+Zr3TirPx7x1g3W3eDXvNXgVM3HXm+3t2a+1x8qdsGOXX/G - DiaJhATn+gEMEVMiLaoxqyRRobTILEVM0UNwtG+j/9BGRR2V1AympT8nbPstB9PUH3DiDK7qA1Qj - T1Y09PMTUHHcHau5lTVp4G0/B6IwWfqGqa6MgPHECbUs4LYmL2NMsqjK/eaBzASGR9VCFGl8wlSe - 0k09EiiOJGCuZuq+x5O9brfhyd2qefvK6e/bCLaUwYRkevPEijXqbu/n6JJlNAHlGg3VGGEoSEXZ - UatkSzFnomyoqOeYGu0k0m0SSekMDJkYaO4cMlP53TL4+3Do9009FlQNcxadMb60V/EJ5OZm5lHT - M9vJ0u7dSbjgQ7yY6SyFEVBV4UDWX87F2eWb0/Pp2elgeD4eToej0fsR5ocDpLAgeGCyAHKBrMk1 - MX4JU0TwdENwIllqjBItyF9MUnIhIcOpJYVChHbsjO5m8QINel+Z5/WieejsjCyWPGGcpthM7MZ2 - xszerqx+V9TltahOMbqGCbCvCYe700VuZvYHcFy9FJ4IvUr57rb69nL/OTRu4faKRkt8SDWQa4xX - vgb1k+aXAm7eRW7zPAmay5WDgXokUiHPq2hmaQHtRCJHbB8HgpyIqtkiy/Gpx3Xdhcd6+m1xPvHt - 78GE6RQOQnL9keZBSAZCLBmQK6aRozQZ28uDvE5p8tXkiqmmIqLpQigd9r2+584Zj5EG3aDfPfxs - LZ7YWmCYXwQxKAkPyP+rkufm72/WwBgQb0gqqIjjb0WDqyGuLvmSi3Ib++DDA+nBhRRxga+YIU9w - ojKsjzvBcuC5a5sM2iVvRdnWYk9CeW0g+Exccu0rTf4pqNQgydbkHlXY+vSt9sfjCzKOKN9z3ryd - 3MMXQVW3V5LyaOFOaILBnmNrK2nB0vj05L5oILKMaYL0tLgnNoXbKA2ZwtzjXDBExkFo5bb+BqYZ - ZVwxDR0ET9jrdfft7ZO7MfqcCSrjpgd3vTjZQsx4PSZRhSSMkswAOFGgSVnDSiPLVe8SMkdotUi5 - YNGCZEC5wk1anagtYP3QAqFRhCwJMVkxSgoEfiQ3OdIMHuMcquu1Y0IZIf6QQCMIG9yVZdkRJVV5 - R8jERdTBupMvcgsMBOB0LuS0cqamVONlPSuwNdPn76+Oxxft8bs2XjQWmpejs8roY4V5B5hkHJI3 - w8knjlyOg4voCYnIV9EnPlwxc4VgcGPQ7Wrc6r3/AAAA///sWW1r2zAQ/ismUGhL7dhOnJfB6MJe - YB82ygor9Jtiq42Z37DsdCPLf99zkqI6bpyObpR8CJSiVNLd9XT33HOXf1UQpXHUpUDt7VHQLZZO - LGP8FspHXSqenpOB8QWV/V62oRQXNwueUXpbzDxvji4VdiAgyJh4ya04w4uk8o6Vl1QDGXYFlSCU - vx88u6D4yCwkgaJSFkse2C8KNKtgMkhqgYe1EDmNOEEnmvHEQR4LijwTZ41IJF0UqNCv7RMbA0me - qBGlO+2UkXf+OS1YWNH/+TW3YvnBAp6Qu6T3z68rXggq4SVXOMPVYZ3ZJnRl5gL07JE3hNNm1+9t - b6Adit4+JzwiSDtleNjszDo9+43HTKr8DbDkKUP0uhiiN2yW/apE+ZOcllhq+2jQIcPt3OjiXa7h - XdL1kn7uPmj6gS3q0i5v7VtTc6uqWLggQFY1UtRpyqiA956rduRDouN5+cJqT7TsEphFLQMaqeCO - DQeRN58M3WAOG8fjqef7IyIX5hA07DnG6YFnUQQdqPi9Rxts3dq9MxBHQvf21yriHVALeUwCjFr2 - A8/3htxz+cCPpqNwEAZjL5wEUeSy0Z3HJ5fRWynlZDA78T/hR92zU5bp2mfb6k/CqYX9AI/YvkPB - 7hT1PIlDcpldMCbIY7iPzKpicGcsP1zZI6fIyP524374Frfb/8O3uD1COHSLgUmR6pk1P24yzSs9 - +6J8InBWfbnCtVvgK45/rMu84P1bIE64eEw8Gllh12Qy6dHDN02tS424Ryh4/Uc/QsFrWHyEgk4o - aJMLUKneak13NpQEtt+rVFzRGFyvXSjMK5ZgtUNK12TONZO59oaZdLU3DIXj2TIu80zRHd341/qr - F/XxryxFdyklrDZLjYIvQL7Gl0b9jdyLXsp+fuOiTkhwQ7ccs5TVrFJ2LPPqvw1ylSwjE6rQln7P - 5ZBqM32l2TKNfkijsWPbWH/LWn1Beme9Xv8BAAD//wMA/4FKUsEbAAA= - headers: - ATL-TraceId: - - 5fcbcb5a9cf21a91 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUdCtKJFQyn/Yfrx3xiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4WGYJazvGLnY+Oh7ucYnsJcJtHs77OF8/gIAAP//AwBZvk+TWgEAAA== + headers: + Atl-Traceid: + - 096d4173e16edcac + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:53 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7c68dd6f-27e6-4558-a084-bb9d783b0cde X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f33aa09c-677b-40f7-b3f4-5ae5b03611ec - x-envoy-upstream-service-time: - - '136' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,61 +952,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11780 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0zZrbqIHFVmFdk+ySNJOsJImpUmFZdn/boKLH7fhneeZ - lzkRJT3uF0MEeQ9h9mKzGVBjHwb34QoZjPR+lLawGEhGPnHxo7MRpgC0gALydnfz0t4/d7/b3Tqp - OBHxmqAMMjhkZMDZuOOENnTHGeOBW+PWIUpqHc3wrRCRhJpfwjsZElhCSXOo8pJ3tBJABasKALiC - EiD6HpfY243TP3bb0VIwJuq64NfND9tPD1a7CPJyy5taK9kzZBIb6HXDGzUoyUH3ALKqOFfI/hQE - kxoex0WS9I6WqwlPrpcpPhFzmQjat31LzucvAAAA//8DALDWYUhaAQAA - headers: - ATL-TraceId: - - 16e38acb15a83586 - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvcRLXQHD0MXuli3IssRpgaZFQFNniTVFaiTll7X97ztS + kt06dbdkWBHAkXi89+ce3bsA1hWVWZAGGmQGGrLnHERmepKWYHqGFVDSnqpAU8uVND3IuC3B0h4r + qMxBqLy3BG1QBtkVVBoMSNveZbWxqpw7g3dxFMXRQMOfNRg73VRwqSmznEHQC7jzH8dPRhG+GBBz + fC2srUwahhnMgdlMvVUDagU1hlM5kGBD9GRDWvEwCbkxNYSdgQVsUP9iOrme9uPhMMEjH4IJ0neB + wdhqw6iFXOlNk0OGb6iRREnSj0b9+Ok0itL4aXo8HAyT6LsoiZxZ78Ri4N7MI4N0+iGWInJRNWm3 + LxkYpnnlCoenz4gpqRA9knFjuWSWVBwYEDUnK6UXA6fNlLzR4oFR1JK7dlFxR5fUUh0uOaxCH9Yu + wFYUR8fx6EfD/4IfSmx7XaJXBwt0OaVm4XpVz6x7SudUGOgFjeIZ5uV1e0HBETiaFZtzWALGGn3o + BZYjsipESZDKGnMM9mByHHWCSqu3mNEjC95q+3L7Bnbl3gPJLqsbya1FAybY+nZI/c3fNWpuV1Q7 + vBpeVoJjwNle5tgPj7LhaD0cPTDcL3Smy2Tbl2H0BMNIhutk+P96abrvsYgO45N1fPI1HK47j8fJ + +jj5Gh5bgH/4cB+O8SGcJp1gztcvGg7E7t++QTTkuYYcaeUe1jFOJepmyj9rNXlySDA6JHh633hD + ac2pIwzP3kHaj1sec+XSnDVxvLt35kCMlTCFqkU25qYSdNNCHY+x7vYF1tTBv3VBLX4oGoJ9+KA2 + 9L0j7LAxp90Y+sdTVbsK+uBfugMu8yC1unbRMA2YrJvtzxF4HH/fEfh+2bY0sy841PBk2/B9wfGO + sbjS3G4eWYlOPRw+jOB5SXMwodMwnRGOB0KtBmaZ7xjuXK06JhwGvpUzcJTlQLv/tT45kG18CKHx + yKVdUDOpODvncvHcScZQuc1Csg5BHlcrL9ueSCUnuFjQmYAroKZBpW6fgsvzm5/PLu7Oz04nF9eT + u8nV1e9XmAaOlsG88cK0AHKJ3CwtcX4JN0RJsSE451w4o8Qq8ivXlFxqKHHQSW0QX4PPzXuM4xRE + 73kUjfgyDfaGGSubc0kF9gyLvhsyJ9s/a/eitrwe5QKj6zgC25dL2N6uKze0/wLHzQrzSIQ1yttv + 4qdbx8NAt0PVT5QtcBHskNUZb3ydtrvWfwq4W9jCbm9Kuk+4BIdopoTSF000M1FDP9fIWLt1RZGx + apqtygpXVWnbLnypp58W57Xc/R1NuRVwlJLbV7SKU3Kq1IIDecktMqYl18BqDeS5oPl7lyumKhSj + olDGpqNoFIVzLjMksTA5id54g2NfCozyrSIOJOkR+UdN8g3+fOvVr3G9csSBajjibZDjGsgY88HD + MbABiU96xGFrm8XpywnKbvFf/yQe+lBdW9gKBiW3GgZK5yGikrpOcVyOHJpDvDoobCl84I2dF87O + jVxItfq4SpdaZTV+bicyxzktserhFIvsfPoSYcDkF7XqW3WgTFVrIHlDQnIbG0v+qKm2oMnO5AFV + 2PmMvfarZ5fkmlF54L7b+3As4m1WH+VxvTEWSoN5ZJXiiJ2j1J/7FrmKlZRLwy0MEF5YMFPMFNXZ + oRv37I93QHOWnxHW4AmplMwAJDFgyaoFl0WuMw3A5giwHlkVnBWkBCoNCmlzo7WA+b6WMyCUMSRL + yMiSU1Ij/pneVMg2eO9vAAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg2E4TGkvG + P+qOLv9730my6npxN8oo+RDIByeSTu/Ouqd3F85jdec7DUQXeNe3soojQNermNMBs5ixK1DkwSMg + IbcguKw1X4oskWsskREFM4zmxIBg37uYnxAwGF8XlhIWFttU7Be5aKVMoitzHG2LcasBECUajzcO + 3nhOPhsPVQx+cgoC7UYxAgKNMK8hksG8RIB2Im343PD+EsmIywQhI+/1eamqyhEVy1OZFcjC+MFJ + V6k80dhkDptzvfecFVBSixJnat7/fj29mtlXFzZ0gkxWs0kq6ChTNvRZlKz5sdU//o2DsinERxzD + PyWL1yVZvGHXQNC8oAqU3HdSO5G6a011zdT2gBECMuRS3eye2CUMXCNdERgWrigrdwjlNv+2rRid + m5dJwuhG6f2NfimGpA9F9sbrh3TCObKHFOi36CxYsuEg8haToRssgGk8PvV8sDDJhHoSdnhlWkwv + eBpF2ANXUO8Zg62Lk0/mkJHRV8tKlQIO7jo5TbKPLm0Cz/eGsefGAz86HYWDMBh74SSIIpeNll48 + OY/OpJWjwfTI/4qPWmcnjGvatG31U+6UuV0hIrbvEB87abnYrEMKmZ0yllPEsF5eDxBzePw8s0dO + ygl/u0Tdf8TtGnf/Ebdr5H1HDOqJVEmpBVtT+8x0y4fyichalXmKvm4g3DD9S5kJ1PI3oKJw9Zx4 + 1KnBqMlk2kf3p7TWyzTjHqjg/V/6gQreA/GBCjqpwCgNQLxVGfdITV797MKuKJhuUbeVR1dHyO3q + CLmmI9QeMEot5vfrTHClhXTBWer/ItTXf0F6L4r/13dTxoxR7IQK5IeQXYm6+YcjpCA/1o+aXd8M + QP5v86G2e9JL2MNlnJcbMtxwVvYTsmJaKMepq0k9B3Ld/P5ysf9itV4g0W632ycAAAD//wMAKwS0 + GPoaAAA= + headers: + Atl-Traceid: + - 6934a68cdf6b04ca + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e7538176-b004-44eb-aab7-ae92ea1305b5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '273' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 40066477-fbf1-4c16-ba74-951c0b74f34a - x-envoy-upstream-service-time: - - '34' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1126,110 +1054,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1cc3763bc9739f7e - Connection: - - keep-alive + H4sIAAAAAAAAA1SPzWrDMBCE32WvtZ2V/CNHt9Ic2lLSgp1TKUW2JOIiS8aSCyHk3SvTQNrbMPvN + zu4ZOuHVYTbA4RjC5PlmI5VWfZDuy2UiGOH9IGxmVYAEvtXsB2cjTBBJhhmmzf7+rXl8bW/T/TJ2 + UQF/X6EEE/xIQKrJuNOobGhPk4oLHoxbZAx1y2DkbwR4DFAsr+ZOhBWkSGmKdUpYizVHxmmZIeJd + JDHmvZpjbzuM/9hti8jJlhfxyOLG9uOT1S6CVUGYzrXWOasprTCvEYtS0Ir0AmXVM1YozKu/BcGs + Dc/DLGB9R4vFhBfXi9U+g7kqUPbz0MDl8gMAAP//AwDMikMQWgEAAA== + headers: + Atl-Traceid: + - 07ffe888d9bbeaac + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:33:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b3766d68-d2aa-44aa-8398-e52f4bc855ed X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 04a95a7f-a32f-4a71-bf8f-99d7194a8076 - x-envoy-upstream-service-time: - - '67' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,892 +1124,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11781 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSAiXSdGKl23HHGNeWIY1NlZu8ph6JHdlO0x7jf79n - J2kZrNzGQIL42e/7533sWwdWOeWxEzoSeAwS4jcM0li1OM1AtVS0gIy2RA6Saia4akHMdAaatqIF - 5QmkImktQSrcg3gEuQQFXFdnnZbDjGXf9/r7uFCQznG50DpXoevGMIdIx+KL6FCdUqUY5R0O2kUb - 2qU5cwOXKVWA2xi4gTXqn0+G40m7f3SAkrkN1glvHYVOCxVRDYmQ6yq4GFeoEHiB3/Z67aA/8YOw - 2w33vc7h/tHvXuB5JkbjQ69zsGaeGaPRd33P84JN1vUiBhVJlpuKoPSYqIymaYvETGnGI01yBhEQ - MSelkDcdox0JfinTH4lCQVRIcJcMSrqkmso/FPsXXmXYpCJ7UYlO41e+1/X79XKCgb7aptxyTKPR - 14SqG9OjYqbNVzinqYKW09hwQmvkruVohsDIsclOyAvMxMml+ILhPbN6tbatne1GUzuzuNfwbaSX - nGmNBgy+am2T1N/2rBJzXVJpElMsy1OGCIkfZIPFtZDp9Ve9/o+EW5e5dlZXOmemsPhzv8497xA9 - B71V0Hu2YdtCi5IXqv7/hC//YOUf/JqvVeOs/njCWzdYdYNf81aDUzUfO73d3Zn5Xn2o2AU7dv0Z - O5gkEhKc60cwREyJtKjGrJJEhdIisxQxRQ/B4a6N/mMbFXVUUjOYlv6csO23HExTf8CJM7iqDthx - MpiWLKoCuH0kM4jDhNRCFGl8wlSe0nWNSxSXVCPTVkT28zNUseSGF93KmjQDYj8HojB18k2kV0bA - eOKEWhbGdSQBczVT9z2e7B5uePJh1bxd5fR3bQS7NrpbLmFCMr1+ZiEadbf3czzKMpqAco2Gaoww - FKSi7KhlsuWeM1E2HNVz7gwWZmDIxEDzQVJmKr+brb8Lh37fpL2gapiz6IzxG3sVn0BubmYeNXCx - ICrt3kbCBR/ixUxnKYyAqgqCsv5yLs4u356eT89OB8Pz8XA6HI3ejzANHCCFeeOByQLIBbIm18T4 - JUwRwdM1wYlkqTFKtCB/MUnJhYQMp5YUCvHVsTP6MIsjNOh9ZZ7Xiw5D58HIYmUTxmmKPcOib2fM - 7D2U1e+KurwW5ClG1zABti/hsDld5GZmfwDH1UvhmQirlDe31beX+8+Bbouq1zS6wYdUg6zGeOVr - UD9pfing5l3kNs+ToLlcORhERyIV8ryKZpYW0E4k0tP2cSDIiaiaLbIcn3pc1114qqffFucT3/7u - TZhOYS8k1x9p7odkIMQNA3LFNNKjJmN7eZA3KU2+mlwx1VRENF0IpcO+1/fcOeMxkpgb9Lv7n63F - E1sLDPOLIAYl4R75f1Xy0vz9zRoYA+INuQMVccqtaHA1xNUlv+Gi3MY++PBIunchRVzgK2bIE5yo - DOvjTrAceO7aJoN2yZ+ibGuxI6G8NhB8Ji659pUm/xRUapBka3KHKmx9+lb74/EFGUeU7zhv3k7u - wVFQ1e21pDxauBOaYLDn2NpKWrA0Pj25LxqILGOaID0t7olN4dZKQ6Yw9zgXDJGxF1q5rb+BaUYZ - V0xDB8ET9nrdXXu75G6MPmeCyrjpwaYXJ1uIGa/HJKqQhFGSGQAnCjQpa1hpZLnqXULmCK0WKRcs - WpAMKFe4SasTtQWsH1ogNIqQJSEmS0ZJgcCP5DpHmsFjnEN1s3dMKCPEHxJoBGGDu7IsO6KkKu8I - mbiIOlh18kVugYEAnM6FnFbO1JRqfCfMCmzN9OX7q+PxRXv8ro0Xo4Xm5eisMvpUYd4BJhmH5O1w - 8okjl+PgInpCIvJl9IkPl8xcIRjcGHS7Grd67z8AAAD//+xZbWvbMBD+KyZQaEvt2E6cl8Howl5g - HzbKCiv0m2KrjZltGb+kG1n++56TFNVx43R0o+RDoBSlku6up7vnnrv8q4IojaMuBWpvj4JusXRi - GeN3qXzUpeLpORkYX1DA72UbSnFxs+AZpbfFzPMKdKmwAwFBxsRLbsUZXiSVdyxRUA1k2C2pBKH8 - /eDZBcVHZiEJFIuzWPLAflGgWTmTQVKXeFgLkdOIE3SiGU8c5HFJkWfirBGJpIsCFfq1feXGQJJX - 1ojSnXbKyDv/nOYsrOj//CqsWH6wgCfkLun98+uK5yWV8IIrnOHqsM5sE7oycwF69sgbwmmz6/e2 - N9AORW8vCI8I0k4ZHjY7s07PfuMxk0q8AZY8ZYheF0P0hl0bQZMPVAXqoqSqxJxbR11ztL1heJf0 - sCSTuw928TDX9ANb1KVd3pCzLFwQ7u7kf+7U2FGnKaMC3nuu2pEPiY6L4oXVnmjZJTCLCD8aqeCO - DQeRN58M3WAOm8bjqef7IyIX5hA07DnG6YFnUQQdqPi9Rxts3dq9MxBHQvf21yriHVALeUwCjFr2 - A8/3htxz+cCPpqNwEAZjL5wEUeSy0Z3HJ5fRWynlZDA78T/hR92zU5bp2mfb6k+lU5f2Azxi+w4F - u5PX8yQOyWV2zlhJHsN9ZFYVgztj+eHKHjl5Rva3G/fDt7jd/h++xe0RwqFbDOiJVLuu+XGTaV7p - 2RflE4Gz6qoVfN0CX3H8Y12InPdvAUXh4jHxaGSFXZPJpEcP3zS1LjTiHqHg9R/9CAWvYfERCjqh - oE0mQKV6qzXd2VAS2H6vUnFFY3C9dqFQVCzBaoeUrsmc2zWZc81krr1hKBzPlnEhMsWDdONf669e - 1Me/shTdpZSw2iw1Cr4A+RpfGvU3ci96Kfv5jZd1QoIbuuWYpahmlbJjKar/NoZVsoxMqEJb+l3I - IZUZ/IpCjn5Io7Fj21h/y1p9QXpnvV7/AQAA//8DAOX0/YfBGwAA - headers: - ATL-TraceId: - - 1186f331f4c2c0b7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cd63ec12-461c-4992-8742-5cd9442b7f02 - x-envoy-upstream-service-time: - - '170' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG32Wutt1J0m2W3EQPKrIK7Z5EJEmnWEmT0qbCsuy7m+LC6m345/vm - Z05g9EyHyYGCzxjHWW02LXVkYxu+QqGj0/Pca194ipDBN01zH3yCGSIrsMC83t++1g8vzXW7XwaT - JlBvK5Rhhu8ZtDS6cBzIx+Y4Ujpw58LSJsksvWt/FVCrsJWX8F7HFeTIWY5lzmXDSoVMibJAxBvk - iMmfaUq9TT/8Y3cN40oIta0Kwa+sHR59FxIo+U5W285oK0hoqtB2laxMa7TEziLqspTSkPhTEN3a - 8NRPGtZ3Or24+BysXuMTuMsE5D8ONZzPPwAAAP//AwBAiCCZWgEAAA== - headers: - ATL-TraceId: - - 1f29d936e531307a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6560bbe8-5307-4907-942d-29b0982702be - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 6fcee3ceccb9dfce - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb41d3a7-4208-4c31-be92-7b5c38e278f1 - x-envoy-upstream-service-time: - - '78' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8cNpxbfOlPegiTScG3Y47xri2DGlsqtzkNfVI7Mh2mvY2/vd7 - thPKYOU2BhLEz37fP+9jf/ZgXVKeerEngacgIX3FIE9Vh9MCVEclSyhoR5QgqWaCqw6kTBegaSdZ - Up5BLrLOCqTCPUjHUEpQwLU763U8ZiyHYTDcx4WCfIHLpdalin0/hQUkOhWfRI/qnCrFKO9x0D7a - 0D4tmR/5TKkK/NbANWxQ/2w6mky7w+cHKFnYYL34s6fQaaUSqiETcuOCS3GFClEQhd1g0I2G0zCK - +/3496h3sH/wWxAFgYnR+NCbEqyZJ8Zo9P0wCILoNutmkYJKJCtNRVB6SFRB87xDUqY044kmJYME - iFiQWsjrntFOBL+Q+fdEoSCpJPgrBjVdUU3lH4r9Cy8KbFJV/OJEJ+mLMOiHw2Y5xUBfbFPueKbR - 6GtK1bXpUTXX5ite0FxBx2tteLE1ctPxNENglNhkL+YVZuKVUnzC8J5YvUbb1s52o62dWdxp+DbS - C860RgMGX422Sepve1aJha6pNIkpVpQ5Q4Sk97LB4lrIDIbrwfB7wm3K3DhrKl0yU1j8uVvnQWBQ - GQ3W0eDJhm0LLUp+Uc3/R3yF++tw/+d8rVtnzccj3vrRuh/9nLcGnKr92Ont5sbM9/qdYxfs2NVH - 7GCWSchwrh/AEDEl8sqNmZMkldKisBQxQw/Rwa6N4UMbjjqc1AympT8v7oYdD9PU73DiDK7cATtO - BtOSJS6Azw9kBnGYkFqKKk+PmSpzumlwieKaamRaR2Q/PkOOJW950XfWpBkQ+3kkKlOn0ER6aQSM - Z16sZWVcJxIwVzN13+LJQb/f8uT9qgW7yhnu2oh2bfS3XMKEZHrzxEK06v7gx3iUFTQD5RsN1Rph - KMhF3VOrbMs9p6JuOWrg3RgszMGQiYHmvaTMVH4z23AXDsOhSXtJ1ahkySnj1/YqPobS3Mw8aeFi - QVTbvVsJF3yEFzOd5zAGqhwEZfPlnZ9evD45m52eHI3OJqPZaDx+O8Y0cIAU5o0Hpksg58iaXBPj - lzBFBM83BCeS5cYo0YL8xSQl5xIKnFpSKcRXz87o/Syeo8HgCwuCQbKIPXdhYIuwxtuR+mqMsdoZ - 4zS/f6h5VzTltSDPMbqWCbB9GYfb01VpZvY7cOxeCk9EmFO+va2+vtx/DHRbVL2kyTU+pFpktcad - r6PmSfNTAbfvIr99nkTt5crBIDoRuZBnLpp5XkE3k0hP28eBIMfCNVsUJT71uG668Fj/vi7OB779 - 3ZsyncNeTK7e0zKKyZEQ1wzIJdNIj5pM7OVBXuU0+2JyxVRzkdB8KZSOh8Ew8BeMp0hifjTs73+0 - Fo9tLTDMT4IYlMR75P9VyTPz91drYAKIN+QOVMQpt6KjyxGuLvg1F/U29qN3D6R751KkFb5iRjzD - iSqwPv4Uy4HnrmwyaJf8KequFjsSKhsD0Ufik6tQafJPRaUGSbYmd6jC1mdotd8fnpNJQvmO8+bt - 5O8/j1zdXkrKk6U/pRkGe4atddKK5enJ8V3RkSgKpgnS0/KO2BRuozQUCnNPS8EQGXuxldv6G5gW - lHHFNPQQPPFg0N+1t0vup+hzLqhM2x7c9uJ4CzHj9ZAkDkkYJZkDcKJAk7qBlUaWc+8SskBodUi9 - ZMmSFEC5wk3qTjQWsH5ogdAkQZaElKwYJRUCP5GbEmkGj3EO7mbvmVDGiD8k0ATiFnd1XfdETVXZ - EzLzEXWw7pXL0gIDAThbCDlzztSManwnzCtszezZ28vDyXl38qaLF6OF5sX41Bl9rDBvAJNMY/J6 - NP3AkctxcBE9MRHlKvnARytmrhAMbgK668at2fsPAAD//+xZbWvbMBD+KyZQaEvt2E6cNIPRhb3A - PmyUFTboN8VWGzPbMpadbmT573tOUtTEjbPRjZIPgVKUSrq7nu6ee+7yrwqSPE26FOi9PQq6xdKJ - RYrfUvuoS8XTcyowPqGA36s2lOLi25wXlN4Os88r0KXCDgQEGZMuuJMWeJFc3XFERTWQYVdSCUL5 - +86LC4qPwkESaBbnsOyB/aRAc0qmgqSReFgHkbMRJ+hEC555yGNJkWfjbCMSSRcFKvQb++TaQJIn - G0TpTjtV5J1/zEsW1/R/fhZOqj44wBNyl/L++U3NS0klvOIaZ7g+bDLbhq7KXICeOwqGcNr05q0b - DIxD0dsLwiOCtFOGhy3OnNOzX3jMrBavgCVPGWLQxRCD4XqDykddofwpRkoEuX006pDhd2508S7f - 8i7lesUydx+0/cAWTWmXt/atib1V1yyeEyDrGimbPGdUwHt/qnbkQ6LjonpmtSdadgXMIsKPRiq6 - Y8NBEswuh340g43j8SQIwxGRC3sIGvYc4/TA0ySBDlT83qMNrmnt3liII6F7+2sd8R6ohTqmAEYv - +1EQBkMe+HwQJpNRPIijcRBfRknis9FdwC+vktdKyslgehJ+wI++5+asMLXPdfWfpNdI9wEecUOP - gt0rm1mWxuQyt2RMksdwH5lVp+DOWL67dkdeWZD97cb98C1ut/+Hb3F7hHDoFgOTEt2uG368yTSv - zeyL8onAWXfVGtduga84/r6pRMn7t0CceP6YeDSywq7NZNJjhm+GWlcGcY9Q8PKPfoSCl7D4CAWd - UNAmF6BSveWK7qwpCWy/16m4pDG4WftQKGqWYbVDStdkzu+azPl2MtfesBSOF4u0EoWmO6bxb8xX - L/rjX1mK7lJJWK6XBgWfgXwbXxr113Ivejn78YXLJiPBG7rVmKWqp7W2YyHq/zaG1bKsTKhCW/pV - qCGVHfyKSo1+SKO1Y9vYcMtac0F5Z7Va/QYAAP//AwB4Fx/awRsAAA== - headers: - ATL-TraceId: - - bca35b7707c0aff7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4107580b-f468-4e51-ab72-ea0d166ad898 - x-envoy-upstream-service-time: - - '133' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0zZrbqIHFVmFdk+ySD6mWEmT0qTCsux/N8XFj9vwzvPM - y5yIkgH3syWCvMc4BbHZGOxRR+M/fCGjlSEM0hUOI8nIJ85h8C7BFIAWUEDe7m5e2vvn7ne7W0aV - JiJeVyiDDA4ZMThZfxzRxe44YTpwa/1ikqSWwZpvhYhVqPklvJNxBUsoaQ5VXvKOVgKoYFUBAFdQ - AiQ/4Jx6u2H8x247WgrGRM0LRq9/WD0+uN4nkJdb3tS9kpohk9iA7hveKKMkh14DyKriXCH7UxDt - 2vA4zJKs7/RysfHJa7nGJ2IvE0H3tm/J+fwFAAD//wMAMMBJ+1oBAAA= - headers: - ATL-TraceId: - - 82a9e93d0726c027 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c7652c48-544a-4780-8385-4e343d515855 - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1249f757c1505146 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 00680a7e-dcaa-4d40-8898-fe07e6f40f22 - x-envoy-upstream-service-time: - - '80' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy92EkdAMaSO22VL08x2GqBpYdDSWWYtkQJJWfba/vcd - KclOkzpr0wRIxCPv7bnnjvzswDqnPHZCRwKPQUL8ikEaqxanGaiWihaQ0ZbIQVLNBFctiJnOQNNW - tKA8gVQkrRVIhXsQjyCXoIDr6qzTcpix7Pte/xAXCtI5Lhda5yp03RjmEOlYfBIdqlOqFKO8w0G7 - aEO7NGdu4DKlCnAbA0vYoP7lZDietPsnRyiZ22Cd8LOj0GmhIqohEXJTBRfjChUCL/DbXq8d9Cd+ - EHa74aHXOT48+d0LPM/EaHzoTQ7WzBNjNPqu73lesM26XsSgIslygwhKT4nKaJq2SMyUZjzSJGcQ - ARFzUgq57BjtSPBrmf5IFAqiQoK7YlDSFdVU/qHYv/AiwyIV2bNKdB6/8L2u36+XEwz0xS7llmMK - jb4mVC1NjYqZNl/hnKYKWk5jwwmtka8tRzMkRo5FdkJeYCZOLsUnDO+J6NXaFjtbjQY7s7hT8F2k - 15xpjQYMv2ptk9Tf9qwSc11SaRJTLMtThgyJ72WD4FrK9PrrXv9Hwq1hrp3VSOfMAIs/d3Huecfo - Oeitg96TDdsSWpY8U/X/R3z5R2v/6Nd8rRtn9ccj3rrBuhv8mreanKr52Ovt61fT3+t31XTBit1+ - xAomiYQE+/oBDZFTIi2qNqskUaG0yOyImKKH4HjfRv+hjWp0VFLTmHb8OWHbr+eFYbBkUeXu8wOZ - 4ReGrxaiSOMzpvKUbmoWohiB0u+wZw0zaxdU46StBtnP91A1Jbdz0a2sSdMg9nMgCoOTjf3GCBhP - nFDLwgQTScBcTdd9b052j7dz8j5q3j44/X0bwW5kMCGZ3jwx30bd7f3cuGQZTUC5RkM1RhgKUlF2 - 1CrZjZgLUTajqOcYjO4l0m0SSekMzDAx1Lx3yHTld2Hw9/HQ7xs8FlQNcxZdML60V/EZ5OZm5lFD - IEur0u5tJVzwIV7MdJbCCKiqSCnrL+fq4vr1+eX04nwwvBwPp8PR6O0I88MGUggIHpgsgFzh1OSa - GL+EKSJ4uiHYkSw1RokW5C8mKbmSkGHXkkIhvzq2R+9ncYIGvS/M83rRcejca1mEPGGcplhMrMau - x8zefVn9rqjhtSRPMbpmEmBdEw7b00VuevYHeFy9FJ5IvUp5e1t9e7n/HBt3dHtJoyU+pBrKNcYr - X4P6SfNLATfvIrd5ngTN5crBUD0SqZCXVTSztIB2InFg7R4HgpyJqtgiy/Gpx3Vdhcdq+i04H/ju - 92DCdAoHIbl9T3M/JAMhlgzIDdM4MDUZ28uDvEpp8sXkiqmmIqLpQigd9r2+584Zj3GIuUG/e/jR - WjyzWGCYnwQxLAkPyP+rkufm72/WwBiQbzhUUBHb34oGN0NcXfMlF+Uu9sG7B9KDKyniAl8xQ55g - R2WIjztBOPDcrU0G7ZI/RdnWYk9CeW0g+EhccusrTf4pqNQgyc7kHlXY+fSt9vvTKzKOKN9z3ryd - 3KOToMLtpaQ8WrgTmmCwl1jaSlqwND4/uysaiCxjmuB4WtwRG+A2SkOmMPc4FwyZcRBaucXf0DSj - jCumoYPkCXu97r69fXI3Rp8zQWXc1GBbi7MdxYzXUxJVTMIoyQyAEwWalDWtNE656l1C5kitFikX - LFqQDChXuEmrE7UFxA8tEBpFOCUhJitGSYHEj+QmxzGDxziH6q7vmFBGyD8coBGEDe/KsuyIkqq8 - I2TiIutg3ckXuSUGEnA6F3JaOVNTqvHlMCuwNNPnb29Ox1ft8Zs2XjSWmteji8roY8C8AUwyDsnr - 4eQDx1mOjYvsCYnIV9EHPlwxc4VgcGPQ7ard6r3/AAAA///sWW1r2zAQ/ismUGhL7dhOnDSD0YW9 - wD5slBU26DfFVhszv2HZ6UaW/77nJFl13Dgb3Sj5EAjBiaS7y+nuuecu/6ogSuOoT4Fa26OgXyzt - WMV4F8pHfSqe7pOB8QmV/V62oRQX35Y8o/S2mLneHF0q7EBAkDHxiltxhhtJ5RkrL6kGMqwKKkEo - f995dkHxkVlIAsXrLJY8sJ8UaFbBZJDUAhdrIXJacYJONOOJgzwWFHkmzlqRSLooUKFf2ycaA0me - qBGlO+2UkXf+MS1YWNHv/JxbsfxgAU/IXdL75zcVLwSV8JIrnOFqs85sE7oycwF69sQbw2nzm7e2 - N9IORW+fEx4RpJ0yXGx2Zp2e/cJlJlX+CljylCF6fQzRG7fLflWi/ElGSpS5uzXokeH2LvTxLtfw - Lul6ST93bzT9QHdh1ixscZpu3UMys3BJgKxqpKjTlFEBH/yp2pEPiY7n5TOrPdGyK2AWEX40UsEd - G48ib3E5doMFfsB0OvN8f0LkwmyChj3bOF3wPIqgAxV/8GiDrVu7NwbiSOje/lpFvANqIbdJgFGP - w8DzvTH3XD7yo9kkHIXB1Asvgyhy2eTO45dX0Wsp5WQ0P/E/4KXO2SnLdO2zbfWVcGphP8Ajtu9Q - sDtFvUjikFxmF4wJ8hjOI7OqGNwZj++u7YlTZGR/t3E/fIu77f/hW9wdIRy6xcCkSDXwmh+3mea1 - nn1RPhE4q65a4dot8BXb39dlXvDhLRAnXD4mHo2ssGoymfTo4Zum1qVG3CMUvPylH6HgJSw+QkEv - FHSZB6jUYL2hMw3zgO33KhXXNAbXzy4U5hVL8LRDSt9kzjWTue6CmXR1FwyF49kqLvNM0R3d+Nf6 - rxf18a8sRXcpJaybR42Cz0C+1p9Gw0buxSBlP75wUSckuKVbjlnKal4pO1Z59d/GsEqWkQlVaEu/ - 5nJI1YyCabZMox/SaOzYNtbfslYfkN7ZbDa/AQAA//8DADfIbujBGwAA - headers: - ATL-TraceId: - - a00689f5431c8c65 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 21dddfb4-b60a-4bec-bb7b-858fbab8de7a - x-envoy-upstream-service-time: - - '98' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 1f2dea9f296f6e65 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 00b0cc8e-2cf5-4d76-8380-a7ed7e1c5ced - x-envoy-upstream-service-time: - - '158' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without - Secure Flag|http://localhost:8080/finding/2835]\n\n*Defect Dojo link:* http://localhost:8080/finding/2835 - (2835)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/692]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie - Without Secure Flag"}, "update": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '1675' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 - response: - body: - string: '' - headers: - ATL-TraceId: - - e9b727448fddc143 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:33:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8642a667-7590-4ef9-aab5-764fc84af594 - x-envoy-upstream-service-time: - - '255' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhzXAHD0MXu1i3IssRpgaZFQFNniTFFaiQV22v733fU + i904dbdkWGEgkXi89+ce3XsP1iWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxcIZvInCMAr7Gv6swNjZpoRzTZnlDDzf485/FB2PI3wxIBb4 + mltbmiQIUlgAs6m6VX1qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BJWxQ/2w2vZz1ouFwgEd1CMZL3nsG + Y6sMoxYypTdNDim+oUYcxnEvHPeiZ7MwTKJnyWDUPx5//10Yh6EL0jmxGHht5olBOv0ASxHG27Tb + lxQM07x0hcPT58QUVAifpNxYLpklJQcGRC3ISull32kzJa+0eGQUleSuXVTc0DtqqQ7uOKyCOqxd + gK0oCgfR+EfD/4IfCmx7VaBXBwt0OaNm6XpVza17ShZUGPC9RvEl5lXr+l7OETia5ZtTuAOMNfzo + e5YjskpEiZfICnP09mAyCA8Jok5QanWLqT6xE6123Ye6s10f3Msn6NmleyW5tWjAeFvfDsK/1XeN + WtgV1Q7Ihhel4BhwulcSbFQNv+F4PRw/MtwvtKzLZNuwYXiMYcTDdTz8f700sKhBig6j0ToafQ2H + 687jIF4P4q/hsUX+x48P4Rh3cFzw9auGA7HJ1++w6VmmIUNaeYB1DEeJqpnyz4I8Pj4kGB8SPHto + vKG05tQRRs3eXtKLWh5zVdGcNXG8f3DmsIoJm1xVIp1wUwq6aRGNxytq8bPQ0Onjp68h6x09B405 + 7WarfjxRlatXHeprd8Bl5iVWV843GrWvsG1uwtpqaMBk3Qh/jsCHUdwR+H7ZDtFMvKWZfcG24fuC + wY6YuNLcbp5Ym049GD6O4HlBMzCB0zCdEY4HQq365i7bEdmpWnWEN/Tqcs7BMZMD7f7XenQg2+gQ + QqOxSzunZlpydsrl8oWTTKB0m4VkHYJqXK1q2fZEKjnFxYLOBVwANQ0qdfvknZ9e/fzy7Ob05cn0 + 7HJ6M724+P0C08DRMpg3XpjlQM6RgqUlzi/hhigpNgTHmQtnlFhFfuWaknMNBc4zqQwirv+5sY5w + nLzwAw/D8e0g8ZrvFbYIa7ybqXsDjtXOuKRi/1K7F7XlrXEvMLqOI7B9mYTt7ap0Q/svcNysME9E + WKO8/fTd3zoeB7odqn6ibImLYIesznjj66Tdtf5TwN3CFnR7U9x9qSU4RDMllD5ropmLCnqZRsba + rSuKTFTTbFWUuKpK23bhS/27X5y3cvc7mnEr4Cgh129oGSfkRKklB/KaW2RMSy6BVRrIC0GzDy5X + TFUoRkWujE3G4TgMFlymSGtBPIre1QYndSkwyltFHEiSI/KPmuQb/PNtrX6J65UjDlTDEW+DnFRA + JpgPHk6A9Uk08onD1jaLk9dTlF3jv94oGtahurawFfQLbjX0lc4CRCV1neK4Azk0B3i1n9tC1IE3 + dl45O1dyKdXq0yqda5VW+FWdygzntMCqBzMssvNZlwgDJr+oVc+qA2UqWwPxOxKQ68hY8kdFtQVN + diYPqMLOZ1Rrv3l+Ti4ZlQfuu/UOx6Jpx/3f0eXGWCgM5pGWiiN2jpL6vG6Rq1hBuTTcQh/hhQUz + +VxRnR668cD+ZAc0Z/k5YQ2ekErJHEASA5asWnBZ5DrTAGyBAPPJKucsJwVQaVBImxutBcz3rZwD + oYwhWUJK7jglFeKf6U2JbIP3/gYAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+lIUWViiDoNhO + ExpLxj/qji7/e99Jsup6cTfKKPkQyAcnkk7vzrqndxfOY3XnOw1EF3jXt7KKI0DXq5jTAbOYsStQ + 5MEjICG3oKusNV+KLJFrLJERBTOM5sSAYN+7mJ8QMBhfF5YSFhbbVOwXuWilTKIrcxxti3GrARAl + Go83Dt54Tj4bD1UMfnIKAu1GMQICjTCvIZLBvESAdiJt+Nzw/hLJiMsEISPv9XmpqsoRFctTmRXI + wvjBSVepPNHYZA6bc733nBVQUosSZ2re/349vZrZVxc2dIJMVrNJKugoUzb0WZSs+bHVP/6Ng7Ip + xEccwz8li9clWbxhPUB8VqCyvpOiiURce2rQYcPtHDBCQIZcqpvdE7uEgdslXV0jXRExFq4oXXco + 6DYx52WSMLpRen+jX4oh6UORvfH6IZ1wjuwhTfotOguWbDiIvMVk6AYLODAen3q+P6LbzkzCDq9M + i+kFT6MIe+AK6j1jsHUN8skcMjL6avWoUsDBXSenSfbRFUzg+d4w9tx44Eeno3AQBmMvnARR5LLR + 0osn59GZtHI0mB75X/FR6+yEcU2btq1+yp0ytytExPYd4mMnLRebdUghs1PGcooY1svrAWIOj59n + 9shJOeFvV6L7j7hdyu4/4nYpvO+IwUmRKim1YGtqn5nu7FA+EVmrwk/x2g2EG6Z/KTOBkv0GVBSu + nhOPGjIYNZlM++j+lNZ6mWbcAxW8/0s/UMF7ID5QQScVGEEBiLcq4x6pl6ufXdgVBdMt6rZM6eoI + uV0dIdd0hNoDRqnF/H6dCa4kjy44S/1fhPr6L0jvRfH/OnHKmDGKnVCB/BCyK1E3/3CEFOTH+lGz + 65sByP9tPtR2T3oJe7iM83JDhhvOyn5CVkwL5Th1NannQK6b318u9l+s1gsk2u12+wQAAP//AwCD + 3CjR+hoAAA== + headers: + Atl-Traceid: + - 329f93c49f08352e Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6PS4xG8JEDzTuaGQ3nFHKZeEMlOuk1HsjaPGljySjJNr+e+3 - ku2EQsO1FGbAXkv78uyzj/TZgVVBeeJEjgSegITkDYMsUR1Oc1AdFS8gpx1RgKSaCa46kDCdg6ad - eEF5CplIO7cgFX6DZASFBAVc12udjsOM5yDwB/v4oiCb4+tC60JFnpfAHGKdiE/CpTqjSjHKXQ7a - Qx/aowXzQo8pVYLXOljCGvdfTIbjSXdwdICWuU3WiT47CoOWKqYaUiHXdXIJvuGG0A+Drt/vhoNJ - EEa9XrTvu4f7R7/6oe+bHE0MvS7Aunlmjma/F/i+H26qbl4SULFkhUEErcdE5TTLOiRhSjMea1Iw - iIGIOamEXLpmdyz4lcy+JwsFcSnBu2VQ0VuqqfxNsX/hVY5NKvMXtekseRX4vWDQvE4w0VfbkjuO - aTTGmlC1ND0qZ9o8RXOaKeg4rQ8nsk7uOo5mSIwCm+xEvMRKnEKKT5jeM9FrdlvsbDda7MzLvYZv - M73iTGt0YPjV7DZF/WXXKjHXFZWmMMXyImPIkORBNQiupUx/sOoPvifdBuYmWIN0wQyw+HMf575/ - iJHD/irsP9uxbaFlyQvV/H8iVnCwCg5+LtaqDdY8PBGtF6564c9Fa8ip2oed0e7uzHyv3tfqgh27 - +YgdTFMJKc71Ixoip0RW1mNWW+JSaZFbiZhihPBw14fBYx+1dNRWM5hW/pyoG+Ar1aiKtej8ON9r - RdtomFd7k4bM9vFElKamwOjStTEwnjqRliXcNVJlnEkW15V+fmQzieFStRBllpwyVWR03QwAmjEr - /R7lwgxFA4YErNVM3bd0sne40cmHqPm74Ax2fQh3fehttYQJyfT6meC2273+j+koy2kKyjM7VOuE - oSETlatu0632nIuq1ai+Y+GcgRETQ80HRZmp/Ga1wS4eBgNT9oKqYcHic8aX9ig+hcKczDxuu2h7 - W9lvGwsXfIgHM51lMAKqambI5sm5PL/6/exien52MrwYD6fD0ejdCMvAAVJYNy6YLIBcompyTUxc - whQRPFsTnEiWGadEC/Ink5RcSshxakmpkLOundGHVRyhQ/8L8/1+fBg59YGBLUKMtyP11Rgj2inj - NHu4qLlXNPBanmeYXasE2L6Uw2Z1WZiZ/TaPB65/ELQ8rm8Kz2RYvXlzWn19uP8Y6basek3jJV6k - Wma1zutYJ82V5qcSbu9FXns9CdvDlYNhdCwyIS/qbGZZCd1UompsLweCnIq62SIv8KrHddOFp/r3 - NTj/8O3v3oTpDPYicvOBFkFEToRYMiDXTKNqaTK2hwd5k9H0i6kVS81ETLOFUDoa+APfmzOeoDB6 - 4aC3/9F6PLVYYJqfBDEsifbI/28lL83fX6yDMSDfUDtwI065NZ1cD/HtBv91D4K+TcXAHlfg5kxL - cIVMPWQdNZ1geC0xbPVwqbvQeWbzqv28N36u+JKLqrVdSpGUeO8Z8hRnMEdEvQkCaOLZ8jET8oeo - ulrsgKBoHIQfiUduAqXJ3yWVGiTZutyxFbYxA7v7w/ElGceU71hvblvewVFYI/1aUh4vvAlNMdkL - JENtLVmWnJ3eN52IHGEiKGiLe2YD9VppyBXWnhSCIZf2Imu3HTMI55RxxTS4SLeo3+/t+rbLjk1R - i5mgMml7sOnF6ZaUJuoxiWvuYZZkBsCJAk2qhogadbG+yZA5krFDqgWLFyQHyhV+pPWKxgPihx4I - jWPUVUjILaOkxFGJ5bpAYcJlnEN9RLsmlREyFiU3hqhlalVVrqioKiyxkKewcotFYYmBlJ3OhZzW - wdSUajzwZyW2Zvry3fXx+LI7ftvFo9SS+Wp0Xjt9Cpi3gEUm0X8AAAD//+xZ22rbQBD9FWEIJCGS - JdnyJVBS07qlDy0hLi2EvKylTSyqG7o4Da7/vWd2VxtHsdySluAHQwjr7O7MZHbmzJmx8XH69SYB - +iPVET3nRpot/Ztkugyp6MC4GS9NmaD13j8qCOIwaFMg93YoaBdLJ5YhfhfSR20qnp8TgfEZ6Xsn - GleKi+8LnhAgGEw/b4q+FnYgIMiYcMmNMMGLxOKOkeZUNRl2CypaKJg/eHJG8ZEYSAJJxwwW3bMH - CjQjYyJIqgIPayByNuIEvWvCIwt5XFDk6TjbiETSRYEK/cq+ojaQ5BUVonSrnSLyTj/FGfNL+j+/ - pEYoPhjAE3KX8P7prORZQUU/5xJnuDysMluHrshchY9w2mT2znR6yqFXPEsJjwjSjhkeNjkxjk9+ - 4TGjMj0HljznlE4bp3T6bRtevUGVqMxRSQVhJgrcOGrro80NzdSEhwX93H6wjbnZuoNAWjJ/QdC6 - pV9pFsimlLG2o4pjRiW/86f6SD4kAp/mL+QHROQugFnUdqD18m5Zvxc481Hf9uawaTgcO647IDqi - D0HDjmOcHngSBNABjtB5tMFUzeBbDXEkdGdHLiPeAhkRxwTAyGXXc1ynzx2b99xgPPB7vjd0/JEX - BDYb3Dp8dBG8EVKOepMj9wN+5D0zZomqfaYp/1RYVWHewyOma1GwW1k1j0KfXGZmjBXkMdwX9R1s - G8v3l+bAyhKyv9nq77/FzYHB/lvcHDrsu8WAnkD23YpRb3LTSzUto3wicJa9vYSva+Arjk+rPM14 - 9xpQ5C8eE4+GXNjVmUx61LhOkfFcIe4BCl7/0Q9Q8BoWH6CgFQqaZAJUqrNa052agsD2O5mKKxqc - q7UNhWnJIqy2SGmb5dltszxbz/KaG5rC8WQZ5mkiSZIaFVTqyxr58a8sRXcpJKzqpULBFyDfxtdM - 3VruWSdmP694UUUkeEO3GMzk5aSUdizT8r8Ng6UsLROq0JZ+S8VYq57g0jSahkWkUdvx1Fj3ibXq - gvDOer3+DQAA//8DAJETYYTzGwAA - headers: - ATL-TraceId: - - 984d2a672af0e5c0 - Connection: - - keep-alive + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a6125a1f-67df-4b5e-9d35-9a74de6c040b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3b266ad5-8f9a-4354-816e-5543e9c303cf - x-envoy-upstream-service-time: - - '118' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2134,174 +1226,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m2W3EQPKrIK7Z5EJEknWEmT0qTCsux/N8HFj9vwzvPM - y5yIkgEPiyWCvMc4B7HZDGhQx8F/+EpGK0MYpascRlKQT1zC6F2CKQCtoIKy218/d3dP/e92v04q - TUS8ZKiAAl4LMuBs/XFCF/vjjOnAjfXrkCS1jnb4VojIwpZfwlsZM8iA0RKakvGeNgKoqJsKAK6A - ASQ/4JJ6+3H6x+56yhIooE4s+2H1dO+MTyBnO95ujZK6xlpiC9q0vFWDkhyMBpBNw7nC+k9BtLnh - YVwkye8Yudr46LXM8YnYy0TQvR06cj5/AQAA//8DACxbrxdaAQAA - headers: - ATL-TraceId: - - 6e33e77e5dba2e96 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0EfZgsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsz3u9vX/cNLe93ulrFL + E4i3Fcoww/cMlJ6sP47axfY46XTgzvpFJalbBqt+FRBJYFhdwnsZV5AhYzk2OeUtNgK5YBVBxJtE + YvKDnlNvO4z/2G2LKOhWlIwU1ZXtx0dnfALrknJTGGMK3jBWY9EglpVkNe0lqrrnvNRY1H8Lol0b + noZZwvqOkYuNz76Xa3wCe5lAu4/DHs7nHwAAAP//AwAWz9VzWgEAAA== + headers: + Atl-Traceid: + - b52236d92c4728b6 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f7dd3bbf-211f-4955-a743-75d6ebb6d424 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 82b6a3cf1fda0790 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a89ac6f7-d272-414b-96a1-c5ca6cf8a4bb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 989b5467-1d8d-42dc-9e9a-02c6d4564725 - x-envoy-upstream-service-time: - - '59' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2311,94 +1296,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11780 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+DF1mWw97iSugGFLH7bKlaWY7DdC0MGjpWmYtkQJJ+bE2/32X - pBSnSZ21aQIk4iXv+9xDfvZgU1KeerEngacgIX3FIE9Vi9MCVEslCyhoS5QgqWaCqxakTBegaStZ - UJ5BLrLWCqTCPUhHUEpQwLU767U8ZiyHYdA/xIWCfI7Lhdalin0/hTkkOhWfRIfqnCrFKO9w0D7a - 0D4tmR/5TKkK/MbAEraofz4Zjift/vMjlMxtsF782VPotFIJ1ZAJuXXBpbhChSiIwnbQa0f9SRjF - 3W78e9Q5Ojz6LYiCwMRofOhtCdbME2M0+n4YBEF0m3W9SEElkpWmIig9Jqqged4iKVOa8USTkkEC - RMzJWshlx2gngl/K/HuiUJBUEvwVgzVdUU3lH4r9Cy8KbFJV/OJEp+mLMOiG/Xo5wUBf7FJueabR - 6GtC1dL0qJpp8xXPaa6g5TU2vNgauWl5miEwSmyyF/MKM/FKKT5heE+sXq1ta2e70dTOLO40fBfp - JWdaowGDr1rbJPW3PavEXK+pNIkpVpQ5Q4Sk97LB4lrI9PqbXv97wq3LXDurK10yU1j8uVvnXmBQ - GfU2Ue/Jhm0LLUp+UfX/R3yFh5vw8Od8bRpn9ccj3rrRphv9nLcanKr52Ovt5sbM9+adYxfs2PVH - 7GCWSchwrh/AEDEl8sqNmZMkldKisBQxRQ/R0b6N/kMbjjqc1AympT8vboe4pBpZ0ZHOj+PdMdot - h/nOmjRgtp8DUZmcQsNLV0bAeObFWlZwU1OVMSZZ4jL9/EBmAsOjaiGqPD1hqszpth4AFGNU+h3S - hRmKuhgSMFczdd/iyV632/Dk/aoF+8oZ7tuI9m10d1zChGR6+8TiNup+78d4lBU0A+UbDdUYYSjI - xbqjVtmOe87EuuGonmfLOQNDJgaa95IyU/nNbMN9OAz7Ju0FVcOSJWeML+1VfAKluZl50nTR9nZt - 924lXPAhXsx0lsMIqHLIkPWXd3F2+fr0fHp2Ohiej4fT4Wj0doRp4AApzBsPTBZALpA1uSbGL2GK - CJ5vCU4ky41RogX5i0lKLiQUOLWkUojZjp3R+1k8R4PBFxYEvWQee+7CwBZhjXcj9dUYY7Uzxml+ - /1D9rqjLa3GeY3QNE2D7Mg63p6vSzOx34Ni9FJ6IMKd8e1t9fbn/GOh2qHpJkyU+pBpkNcadr0H9 - pPmpgJt3kd88T6LmcuVgEJ2IXMhzF80sr6CdSWSN3eNAkBPhmi2KEp96XNddeKx/XxfnA9/9HkyY - zuEgJtfvaRnFZCDEkgG5YhpZS5OxvTzIq5xmX0yumGouEpovhNJxP+gH/pzxFInRj/rdw4/W4omt - BYb5SRCDkviA/L8qeWb+/moNjAHxhtyBijjlVjS4GuLqki+5WO9iH7x7ID24kCKt8BUz5BlOVIH1 - 8SdYDjx3bZNBu+RPsW5rsSehsjYQfSQ+uQ6VJv9UVGqQZGdyjyrsfIZW+/3xBRknlO85b95O/uHz - yNXtpaQ8WfgTmmGw59haJ61Ynp6e3BUNRFEwTZCeFnfEpnBbpaFQmHtaCobIOIit3NbfwLSgjCum - oYPgiXu97r69fXI/RZ8zQWXa9OC2Fyc7iBmvxyRxSMIoyQyAEwWarGtYaWQ59y4hc4RWi6wXLFmQ - AihXuEndidoC1g8tEJokyJKQkhWjpELgJ3JbIs3gMc7BXbgdE8oI8YcEmkDc4G69XnfEmqqyI2Tm - I+pg0ykXpQUGAnA6F3LqnKkp1Xh9zypszfTZ26vj8UV7/KaNF6OF5uXozBl9rDBvAJNMY/J6OPnA - kctxcBE9MRHlKvnAhytmrhAMbgy67cat3vsPAAD//+xZbWvbMBD+KyZQaEvtWE6cl8Howl5gHzbK - Chv0m2KrjZnfsOx0o8t/33OSoqZOnI1ulHwIlKJE8t35dPfcc5d/VRBnSdylQO/tUdAtlk4sE/yX - 2kddKrbPqcD4hAJ+p9pQiotvC5FTejvcXm+BLhV2ICDImGQpnCTHjWTqGaeoqAZy7EoqQSh/30V+ - QfGRO0gCTa4cnt7znxRoTslVkDQSF+sgcjbiBJ1oLlIPeSwp8mycbUQi6aJAhX5jn1wbSPJkgyjd - aaeKvPOPWcmjmt7zc+Ek6oMDPCF3Ke+fX9eilFTCK6FxRujDJrNt6KrMBei5IzaE02bXb102MA5F - b18QHhGknXJcbH7mnJ79wmWmdfEKWLLNEFkXQ2TD9QaVj7pC+VMsl3hr+2jYIcPv3OjiXb7lXcr1 - imXuPmj7gfbG1PKXuubRgjB3R1vSroOyyTJOBbz3p2pHPiQ6XlTPrPZEyy6BWdREoJEKb/lwELP5 - ZOiHc7zAeDxlQTAicmEPQcOeY4IueBbH0IGK33u0wTWt3RsLcSR0b3+tI94DtVDHFMDoZT9kARsK - 5otBEE9H0SAKxyyahHHs89EtE5PL+LWScjKYnQQf8KefczOem9rnuvor6TXSvYdH3MCjYPfKZp4m - EbnMLTmX5DE8j8yqE3BnLN9duSOvzMn+duN++Ba32//Dt7g9Qjh0i4FJse6iDT/eZJpXZvZF+UTg - rDt1jWs3wFccf99URSn6N0CcaPGYeDSywq7NZNJjhm+GWlcGcY9Q8PKXfoSCl7D4CAWdUGAJBUy8 - 0xn3QNNus/Yht6h5itU2Z/LBu3oPq972Rtdkzu+azPl2MtfesBRO5MukKnLNhUzj35ifXvTHv3oF - dJdKwsN6aVDwGci38aNRfy33opfxH1+EbFISvKFbjVmqelZrO5ZF/d9Gu1qWlQlVaEu/FmpItZ7H - 0myZRj+k0drx1NjgibXmAeWd1Wr1GwAA//8DAJkpTt7BGwAA - headers: - ATL-TraceId: - - 5841042a3bbbe73b - Connection: - - keep-alive + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YiXuAKGoYvdLVuQZYnTAE2LgKbOEmuK1EjKj6X933fU + w26duFsyrAjgSDze+7tPd+/BqqQy9RJPg0xBQ/qKg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozF+ANiiD9BJKDQakbe+yylhVzJzBuygMo7Cv4c8KjJ2sS7jQlFnOwPM97vxH0fEwxBcDYoav + ubWlSYIghRkwm6r3qk+toMZwKvsSbICebEBLHsQBN6aCoDMwhzXqn0/GV5NeNBjEeFSHYLzk3jMY + W2UYtZApvW5ySPENNeIwjnvhsBe9mIRhEr1IDgf9QRx+F8ahM1s7sRh4beaZQTr9AEsRuqiatNuX + FAzTvHSFw9OXxBRUCJ+k3FgumSUlBwZEzchS6XnfaTMlr7V4YhSV5K5dVNzRBbVUBwsOy6AOaxtg + K4rCw2j4o+F/wQ8Ftr0q0KuDBbqcUDN3vaqm1j0lMyoM+F6jeIp51bq+l3MEjmb5+gwWgLGGH33P + ckRWiSjxEllhjt4OTA7DTlBq9R4zembBW+263HUDu3LvgGSb1bXk1qIB4218O6T+Vt81amaXVDu8 + Gl6UgmPA6U7m2I8aZYPhajB8Yrhf6EyXyaYvg/AYw4gHq3jw/3ppul9jER1GR6vo6Gs4XHUeD+PV + Yfw1PLYA//jxIRyjfTiNO8GMr143HIjdv32HaMgyDRnSygOsY5xKVM2UP2o1Pt4nGO4TvHhovKG0 + 5tQRRs3eXtKLWh5z5dKcNXHcPzhzIMZKmFxVIh1xUwq6bqGOx0tq8bPQ0OnTx7Ih6y09B4057Yau + fjxRlatXHeqNO+Ay8xKrK+cbjdrX2E83em01NGCybrYfI/Ao+r4j8N2ybWhmV7Cv4fGm4aXmSnO7 + fmYJOvVg8DQe5wXNwAROw3RGOB4IteybRbYlsjO17Ahv4D2EdHzYJSLoFBxlOdDufq2P9pQh2ofQ + aOjqkVMzLjk743L+yklGULrNQrIOQTWulrVscyKVHONiQacCLoGaBpW6ffIuzq5/Pj2/Ozs9GZ9f + je/Gl5e/X2J+OFoGC4IXJjmQC+RmaYnzS7ghSoo1wTnnwhklVpFfuabkQkOBg04qg4jrPzbvEY6T + F37gYTjki8RrvlfYOyz+dqY+G3BsQ8YlFbuX2r2oLW+Ne4HRdRyBfc0kbG5XpRvaf4HjZoV5JvQa + 5c038fOt42lo3MLtJ8rmuAh2kOuMN75O2l3rPwXcLWxBtzfF3SdcgoM6U0Lp8yaaqaigl2lkrO26 + oshINc1WRYmrqrRtF77Uv8+L81Zu/w4m3Ao4SMjtG1pGCTlRas6B3HCLjGnJFbBKA3klaPbB5Yqp + CsWoyJWxyTAchsGMyxRpLYiPwne1wVFdCozyvSIOJMkB+UdN8g3+fFurX+F65RgF1XD22yBHFZAR + 5oOHI2B9Eh35xGFrk8XJzRhlt/ivdxQN6lBdW9gS+gW3GvpKZwGikrpOcVyOHJoDvNrPbSHqwBs7 + r52dazmXavlplS60Siv83I5lhnNaYNWDCRbZ+axLhAGTX9SyZ9WeMpWtgfgdCchtZCz5o6LagiZb + k3tUYeszqrXfvLwgV4zKPffd3odjEW2y+iSPq7WxUBjMIy0VR+wcJPV53SJXsYJyabiFPsILC2by + qaI63Xfjgf3RFmjO8kvCGjwhlZIpgCQGLFm24LLIdaYB2AwB5pNlzllOCqDSoJA2N1oLmO9bOQVC + GUOyhJQsOCUV4p/pdYlsg/f+BgAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg2EoT + GkvGP+qOLv9730mK6npJN8oo+RDIByeSTu/Ouqd3FyG4vvO9BqILvOtbVcURoOsFF3TAHGbtShR5 + 8AhIyC0ILmcp5jJP1RpH5kTBDKMFMSDY946LEwIG48vS0cLCYaua/SIXnYwpdFWBo+0w4TQAokQT + fOXhjRfks/VQx+CnoCDQbhQjIDAIiw1EMlhUCNBWpA2fG95fIhlxmSBk5L05L3Vde7JmRaayAlnI + H7xskakTjU2msDk1e09ZCSU1q3Cmpt3v1+OriXt14eLeVclqN8kkHWXKhi5L0qU4drrHv3FQVqX8 + iGP4p2QJdkmWoL9rINoMENGVKLnvlJoiddea6tup7QErBFTIlezZPnGXMPCtdEVgWLygrNwilNv8 + 27ZidW5RpSmjG6XzN/qlGJI+lPkbrx/SCefIHtKk35KzaM76vSSYjfp+NAOm4fA0CMHC2MdOwg6v + TOP0gsdJgj1wBXWeMbimOPlkDxkZfbWs1Cng4a5T0xT7mNImCsKgzwOf98LkdBD34mgYxKMoSXw2 + mAd8dJ6cKStHvfFR+BUfvc5NmTC06br6p8KrCrdGRNzQIz72smq2WsYUMjdjrKCIYb26HiDm8Ph5 + 4g68TBD+dom6/4jbNe7+I27XyPuOGNST6JLSCLam9pmYlg/lE5G1Lvw0fd1AuGH6lyqXqOVvQEXx + 4jnxqFODUZvJtI/pTxmtlxvGPVDB+7/0AxW8B+IDFeykAqs0APFWZ9wjNXnNsw+7smSmRd1WHrs6 + Qr7tCLUHbIelPWCVGhf3y1wKrYVMwVmZ/yL0139Bei/L/9eJ08asUeyECuSHVF2JTfMPR0hDftw8 + GnZ9MwD1v82Hjd2TTsoeLnlRrchww1nVT8jLcakdp64m9RzIdfv7y8Xhi9VmgUK7Xq+fAAAA//8D + ALXAvy36GgAA + headers: + Atl-Traceid: + - 56b32e43b333c996 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ac906488-06bb-41c1-bdd0-5bf705908e43 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '252' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 404a4ba0-1164-4f19-8177-03f9a430262f - x-envoy-upstream-service-time: - - '175' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2408,93 +1398,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - b3ff93196bcee34a - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 2b072ffee8a8a222 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6e101cef-b62d-46b5-9c72-7aba50c47bab X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '167' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d681994c-e4df-4edf-b257-2d04fa491cfa - x-envoy-upstream-service-time: - - '95' status: code: 200 message: OK - request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without - Secure Flag|http://localhost:8080/finding/2836]\n\n*Defect Dojo link:* http://localhost:8080/finding/2836 - (2836)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/692]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap2: Cookie + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without + Secure Flag|http://localhost:8080/finding/260]\n\n*Defect Dojo link:* http://localhost:8080/finding/260 + (260)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: Accept: @@ -2506,51 +1497,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1675' + - '1258' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11780 response: body: string: '' headers: - ATL-TraceId: - - 450cf825dbce60cb - Connection: - - keep-alive + Atl-Traceid: + - 40859695560781a8 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 090053f9-17cb-41d0-a357-8422eb7ddfcb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '190' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6a9880de-e0ca-464d-a03d-316b77731de8 - x-envoy-upstream-service-time: - - '271' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2560,95 +1557,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11780 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m682a4woohjRx12xpmtlOAzQrDFo6y2wkUiCpyF7b/74j - JdlpWmdtmgCJeCTv5bnnjvfRgXVJeerEjgSegoT0JYM8VT1OC1A9laygoD1RgqSaCa56kDJdgKa9 - ZEV5BrnIercgFe5BOoFSggKum7NOz2FGcxD4oyEuFORLXK60LlXseSksIdGp+CBcqnOqFKPc5aA9 - 1KE9WjIv9JhSFXidghvY4P3z2Xg664+eHaJkaZ114o+OQqOVSqiGTMhN41yKK7wQ+mHQ96N+OJoF - YTwYxL+F7uHw8Fc/9H3jo7GhNyVYNY/00dz3At/3w23U7SIFlUhWGkRQekRUQfO8R1KmNOOJJiWD - BIhYklrIG9fcTgS/lPn3eKEgqSR4twxqeks1lb8r9i88LzBJVfGkEZ2mzwN/EIza5Qwdfb4LueeY - RKOtGVU3JkfVQpuveElzBT2n0+HEVsnnnqMZEqPEJDsxrzASp5TiA7r3SPTa2xY7m40OO7O4k/Cd - p5ecaY0KDL/a2yaov+xZJZa6ptIEplhR5gwZkt6LBsG1lIlG62j0Pe62MLfGWqRLZoDFn7s4R75h - ZRitw+jRim0KLUueqPb/A7aC4ToY/pytdWes/XjA2iBcD8Kfs9aSU3Ufe619/mzqe/226S6Ysev3 - mMEsk5BhXX9FQ+SUyKumzBpJUiktCtsi5mghPNy3MfpaR9M6GqkpTNv+nLgftP3CMFiypDH38SuZ - 4Re6r1aiytMTpsqcbloWorimGvtq07Z+vGKanrjtgl6jTZpysJ/HojKoWE+vjIDxzIm1rIxp1Knf - YrswRdGCIQFjNVX3rT4ZDQZdn7yPmr8PzmDfRrhvY7DrJUxIpjePhKa77kU/1kdZQTNQnrmhOiUM - BbmoXXWb7XrPmai7HhU5Fs4FmGZiqHkvKFOV34w22MfDYGTCXlE1LllyxviNfYpPoDQvM086Alla - 1XZvK+GCj/FhposcJkBVQ0rZfjkXZ5d/nJ7Pz06Px+fT8Xw8mbyZYBhYQArjxgOzFZAL7JpcE2OX - MEUEzzcEK5LlRinRgvzJJCUXEgqsWlIpZJxra/R+FM9Qof+J+X6ULGPnXskishnjNMecIei7GjN7 - 92XtXNHCa2mfo3ddJ8D0ZRy2p6vS1Ow3eBzF/sA9DLbvfTMpPJJhzeXta/Xl4/5jpNux6gVNbnCQ - 6pjVKW9sHbcjzU853M1FXjeehN3jysEwOhG5kOeNN4u8gn4msWHthgNBTkSTbFGUOOpx3WbhoZx+ - Cc4/fPd7MGM6h4OYXL+jZRiTYyFuGJArprFhajK1jwd5mdPsk4kVQ81FQvOVUDoe+SPfWzKeYlvz - wtFg+N5qPLFYoJsfBDEsiQ/I/18lT83fX6yCKSDfsHfgRaxyKzq+GuPqGv/1h0FkXTGwJzW4BdMS - XCEzD1lHTSYYjiWGrR4edVe6yK1fjZ63Rs8lv+Gi7mQXUqQVzj1jnmENFoioN0MAjT0bPnpCXom6 - r8UeCMpWQfieeOQ6UJr8XVGpQZKdyj1XYWczsLffHV2QaUL5nvNm2vKGz8IG6ReS8mTlzWiGzp4j - GRppxfL09OSu6FgUCBPBhra6IzZQb5SGQmHsaSkYcukgtnKbMYNwQRlXTIOLdIujaLBvb58ck6JW - C0Fl2uVgm4uTHSmN1SOSNNxDL8kCgBMFmtQtETX2xWaSIUskY4/UK5asSAGUK9ykzYlWA+KHGghN - EuyrkJJbRkmFpZLITYmNCY9xDs104BpXJshYbLkJxB1T67p2RU1VaYmFPIW1W65KSwyk7Hwp5Lwx - puZU46yxqDA186dvro6mF/3p6z4+pZbMl5OzRulDwLwGDDKN/wMAAP//7FnbattAEP0VYQgkIZIl - 2fIlUFLTuqUPLSEuLYS8rKVNLKobujgNrv+9Z3ZXG1uJ3JKW4AdDCGvvZWZnZ86cGRsfp19vEqA/ - Qh3ec26k2dK/SabLkJIOlJvx0pQBWs/9o4AgDoM2AXJuh4D2Y2nFMsT/QtqoTcTTdcIxPiN870Th - Sn7xfcETAgSD6edNUddCDzgEKRMuuREmeJFY7DHSnLImw2xBSQsJ8wdPzsg/EgNBIJmgwaJ79kCO - ZmRMOElV4GENeM6Gn6B2TXhkIY4L8jztZxueSLLIUSFf6VfUCtJ5RQUvfVZP4Xmnn+KM+SXd80tq - hOKDATwhcwnrn85KnhWU9HMucYbLxSqyteuKyFX4CKNNZu9Mp6cMesWzlPCIIO2Y4WGTE+P45Bce - MyrTc2DJU07ptHFKp9824W0yiDJHJhV0l9h3Y6mtlzYnNFMTFhb08/mFbczN1hVEc2JcT2yxoGam - RDAzf0GALLNqUcUxo5Tf+VN+JBsSgU/zF/IDInIXwCwqGlB6ebes3wuc+ahve3NcYDgcO647IDqi - F0HCjmWcHngSBJABjtB51MFUxeBbDXF06M6KXHq8BTIilgmAkcOu57hOnzs277nBeOD3fG/o+CMv - CGw2uHX46CJ4I0456k2O3A/4k/vMmCUq95mm/KqwqsK8h0VM1yJnt7JqHoU+mczMGCvIYtgv8jvY - NobvL82BlSWkf7PU33+Nmw2D/de42XTYd40BPYEs+RWj3uSml6pbRvFE4Cwrcwlf18BXLJ9WeZrx - 7jWgyF88Bh41uTCrI5nkqHadIuO5QtwDFLz+ox+g4DU0PkBBKxQ0mQeoVGe1pj0184DudzIUV9Q4 - V2MbAtOSRRg9c0pbL89u6+XZupfXnNAUjifLME8TSXdUq6BSP9bIj3+j6TIt/1sLVZ6lz4QglIPf - UtFOqpu2cC2p8aoeKtR9sXzxs1a3PvesE7OfV7yoIjp4466iEZSXk1Lem7rR1Cyim+vvtze7W7vV - BqHter3+DQAA//8DAOTbMG3zGwAA - headers: - ATL-TraceId: - - 2b59c20da46f12ef - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvcRLXQHD0MXuli3IssRpgaZFQFNniTVFaiTll7X97ztS + kt06dbdkWBHAkXi89+ce3bsA1hWVWZAGGmQGGrLnHERmepKWYHqGFVDSnqpAU8uVND3IuC3B0h4r + qMxBqLy3BG1QBtkVVBoMSNveZbWxqpw7g3dxFMXRQMOfNRg73VRwqSmznEHQC7jzH8dPRhG+GBBz + fC2srUwahhnMgdlMvVUDagU1hlM5kGBD9GRDWvEwCbkxNYSdgQVsUP9iOrme9uPhMMEjH4IJ0neB + wdhqw6iFXOlNk0OGb6iRREnSj0b9+Ok0itL4aXo8HAyT6LsoiZxZ78Ri4N7MI4N0+iGWInJRNWm3 + LxkYpnnlCoenz4gpqRA9knFjuWSWVBwYEDUnK6UXA6fNlLzR4oFR1JK7dlFxR5fUUh0uOaxCH9Yu + wFYUR8fx6EfD/4IfSmx7XaJXBwt0OaVm4XpVz6x7SudUGOgFjeIZ5uV1e0HBETiaFZtzWALGGn3o + BZYjsipESZDKGnMM9mByHB0SxJ2g0uotpvrITrTavg++s10f9tCzS/dGcmvRgAm2vh2Ef/N3jZrb + FdUOyIaXleAYcLZXEmyUh99wtB6OHhjuF1rWZbJt2DB6gmEkw3Uy/H+9NLDwIEWH8ck6PvkaDted + x+NkfZx8DY8t8j98uA/HpIPjnK9fNByITb59g03Pcw050so9rGM4StTNlH8W5MmTQ4LRIcHT+8Yb + SmtOHWF49g7Sfoyv1CKpN2T48NlpqHZHrmFjTrvJ8I+nqnbZxo4wX7oDLvMgtboGrCAatS+w6G4+ + muC8PWdfc9ZU5d29MxcrKptC1SIbc1MJumnny3VFAybrRvhzBB7H33cEvl+2QzSTbGlmX7Bt+L7g + eEdMXGluN4+sbqceDh9G8LykOZjQaZjOCMcDoVYDs8x3RHauVh3hDQPfkBk4ZnKg3f9anxzINj6E + 0Hjk0i6omVScnXO5eO4kY6jcZiFZ1zPfyZWXbU+kkhNcLOhMwBVQ0+BAt0/B5fnNz2cXd+dnp5OL + 68nd5Orq9ytMA0fLYN54YVoAuUQKlpY4v4QboqTYEBxnLpxRYhX5lWtKLjWUOM+kNojZwefGOsZx + CqL3PIpGfJkGzfcKW4Q13s3UJwOO1c65pGL/UrsXteX1qBYYXccR2L5cwvZ2Xbmh/Rc4blaYRyKs + Ud5++j7dOh4Guh2qfqJsgYtgh6zOeOPrtN21/lPA3cIWdntT0n2pJThEMyWUvmiimYka+rlGjtit + K4qMVdNsVVa4qkrbduFL/fu0OK/l7u9oyq2Ao5TcvqJVnJJTpRYcyEtukaMsuQZWayDPBc3fu1wx + VaEYFYUyNh1Foyicc5khMYbJSfTGGxz7UmCUbxVxIEmPyD9qkm/w51uvfo3rlSMOVMMRb4Mc10DG + mA8ejoENSHzSIw5b2yxOX05Qdov/+ifx0Ifq2sJWMCi51TBQOg8RldR1iuMO5NAc4tVBYUvhA2/s + vHB2buRCqtXHVbrUKqvxqzqROc5piVUPp1hk59OXCAMmv6hV36oDZapaA8kbEpLb2FjyR021BU12 + Jg+ows5n7LVfPbsk14zKA/fdeodjEW+z+iiP642xUBrMI6sUR+wcpf7ct8hVrKRcGm5hgPDCgpli + pqjODt24Z3+8A5qz/IywBk9IpWQGIIkBS1YtuCxynWkANkeA9ciq4KwgJVBpUEibG60FzPe1nAGh + jCFZQkaWnJIa8c/0pkK2wXt/AwAA///sWe9r2zAQ/VdMoJBC7dpOnKSD0gW2wT6UhRZWKIOg2E4T + GkvGP+qOLv9730mK6rhxN8oo+RDIByeSTu/Ouqd3F85jdcs6NUSXeNd3soojQDeLmNMBs5ixK1Dk + wSMgIbegq6wln4sskWsskREFM4zmxIBg3/uYnxAwGF8WlrrKLbaq2G9y0UqZRFfmONoW41YNIEo0 + Hq8cvPGcfDYeqhj84hQE2o1iBAQaYb6BSAbzEgHaibTmc837KyQjLhOEjLzX56WqKkdULE9lViAL + 40cnXaTyRGOTKWxO9d5TVkC7zEqcqWn3x834emJfX9rQCTJZzSapoKNM2dBlUbLkx1b3+A8OyqoQ + n3AMX0sWr02yeP3NAPFZgcr6Xsoukk3NqUGLDbd1wAgBGXKpbnZPbBMGrpGuCAwLF5SVOzWHa6Ts + 1gXbJOa8TBJGN0rnb/RLMSR9KLJ3Xj+kEy6QPaRqv0fnwZz1e5E3G/XdYAbAw+GZ54OFsY+ZhB3e + mBbTCx5HEfbAFdR5wWDrGuSzOWRk9M3qUaWAg7tOTpPsoyuYwPO9fuy5cc+PzgZhLwyGXjgKoshl + g7kXjy6ic2nlqDc+8r/ho9bZCeOaNm1b/ZQ7ZW5XiIjtO8THTlrOVsuQQmanjOUUMayX1wPEHB6/ + TOyBk3LC36xE9x9xs5Tdf8TNUnjfEYOTIlXEacFW1z4T3dmhfCKyVqWj4rVbCDdM/1pmAiX7Lago + XLwkHjVkMGoymfbR/Smt9TLNuAcq+PiXfqCCj0B8oIJWKjCCAhDvVMY9US9XP7uwKwqmW9RNWdLW + EXLbOkKu6Qg1B4xSi/nDMhNcaSFdcJb6vwj19V+QPoji//XylDFjFDuhAvkpZFfCtNtEoiA/bR41 + u74bgPzf5nRj96STsMerOC9XZLjmrOwnZMW4UI5TV5N6DuS6+X17sb+1Wi+QaNfr9TMAAAD//wMA + 9p/1h/oaAAA= + headers: + Atl-Traceid: + - d018e6ff14e6de36 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 32ebf31b-44bc-4226-ba78-dc969e68486a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '213' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - feedae9a-0262-4b34-90cb-73c69a266ad2 - x-envoy-upstream-service-time: - - '135' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2658,61 +1659,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPS0/DMBCE/4uvJO7aebjkhuAACBWkpCdUoXW8FkFOHCUOUlX1v+OIisdtNPvN - jPbENM60nxyr2HsI41xtNoYstcH4D88xOJznDgc+UGAJ+6Rp7vwQYQEgOHBI693NS33/3Pxed0uv - o2LV6wolkMAhYYZG5489DaE5jhQLbp1fTAzppXPmO8KqNVCoi3mHYQUlSJFCnkrViLwCUWU5B4Ar - kAAxP9MUd5uu/8duGyEjGAv5daF+2LZ/GKyPoJJbVRZWY5tRhlRCa0tVaqNRgW0BMM+V0pT9GQhu - XXjsJmTrOxYXF558i6t9Yu6iGA1v+5qdz18AAAD//wMA/XREZ1oBAAA= - headers: - ATL-TraceId: - - c542b9c976e794c2 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUdCtKEtS0OqH7cd7Z3wC65JyUxhjCt4wVmPRIJaVZDXtJaq657zUWNR/C6Jd + Gx6GWcL6jpGLjY++l2t8AnuZQLu3wx7O5y8AAAD//wMAfg+yxVoBAAA= + headers: + Atl-Traceid: + - 636f471bc817acf5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0f67facc-67d4-4aab-bf50-b6785e0efd53 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '127' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0f2de099-8548-446d-9f76-af2c07063520 - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2722,110 +1729,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11781 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 16483448b670957d - Connection: - - keep-alive + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhzXAHD0MXuli3IssRJgKZFQFNnmTFFaiQV22vz33fU + i904dbdkWGEgkXi89+ce3QcPVgWVqZd4GmQKGtI3HERqfElzML5hc8iprwrQ1HIljQ8ptzlY6rM5 + lRkIlfn3oA3KID2HQoMBaZu7rDRW5TNn8DYKwyjsavizBGMn6wLONGWWM/B8jzv/UXQ4jPDFgJjh + 69zawiRBkMIMmE3VnepSK6gxnMquBBugJxvQggdxwI0pIWgNLGCN+qeT8cWkE/X7PTyqQjBe8sEz + GFtpGLWQKb2uc0jxDTXiMI474bATvZqEYRK9SnqD7uHw++/COAxdkM6JxcArMy8M0ukHWIow3qTd + vKRgmOaFKxyeviYmp0L4JOXGcsksKTgwIGpGlkovuk6bKXmpxTOjKCV37aLilt5TS3Vwz2EZVGFt + A2xEUdiLhj8a/hf8kGPbyxy9Oligywk1C9ercmrdUzKjwoDv1YrHmFel63tzjsDRbL4+gXvAWMMH + 37MckVUgSrxElpijtwOTXtgKCq3uMKMXFrzRrspdNbAtt3v5BCTbrC4ltxYNGG/j2yH1t+quUTO7 + pNrh1fC8EBwDTncyx35UKOsPV/3hM8P9QmfaTDZ96YeHGEbcX8X9/9dL3f0Ki+gwGqyiwddwuGo9 + 9uJVL/4aHhuAPzw8hWO0D6dxK5jx1VXNgdj9m/eIhizTkCGtPME6xqlEWU/5Z63Gh/sEw32CV0+N + 15RWnzrCqNjbSzqR72HV7BVWxIG3vlANviug5qyO7MOTMwdrrI2Zq1KkI24KQdcN+PF4SS1+KGqC + ff6g1vS9JeygNqfdGFaPR6p0FYxcqNfugMvMS6wunW+mAZN1s/05Au9HcUvgu2Xb0MyuYF/D403D + dwW9LWNxpbldv7ASrXrQfx7B85xmYAKnYVojHA+EWnbNfbZluBO1bJmw7z04MEzBUZYD7e7XerAn + 22gfQqOhS3tOzbjg7ITLxRsnGUHhNgvJWrxUKFpWss2JVHKMiwWdCjgHamoM6ubJOzu5/Pn49Pbk + +Gh8ejG+HZ+f/36OaeBoGcwbL0zmQM6Qm6Ulzi/hhigp1gTnnAtnlFhFfuWakjMNOQ46KQ3iq/u5 + eY9wnLzwIw/D4V0v8ervFbYIa7ydqUcDjtXOuKRi91KzFzXlrVAuMLqWI7B9mYTN7bJwQ/svcFyv + MC9EWK28+SY+3jqeB7otqn6ibIGLYIus1njt66jZtf5TwO3CFrR7U9x+wiU4RDMllD6to5mKEjqZ + Rn7ariuKjFTdbJUXuKpK23ThS/17XJx3cvs7mHAr4CAhN29pESfkSKkFB3LNLfKjJRfASg3kjaDZ + R5crpioUo2KujE2G4TAMZlymSGJBPIjeVwZHVSkwyjtFHEiSA/KPmuQb/PNtpX6B65UjDlTDEW+C + HJVARpgPHo6AdUk08InD1iaLo+sxym7wX2cQ9atQXVvYEro5txq6SmcBopK6TnFcjhyaA7zandtc + VIHXdq6cnUu5kGr5aZXOtEpL/NyOZYZzmmPVgwkW2fmsSoQBk1/UsmPVnjIVjYH4PQnITWQs+aOk + 2oImW5N7VGHrM6q0374+IxeMyj333d6HY1G34/Hv4GJtLOQG80gLxRE7B0l1XrXIVSynXBpuoYvw + woKZ+VRRne678cT+aAs0Z/k1YTWekErJFEASA5YsG3BZ5DpTA2yGAPPJcs7ZnORApUEhrW80FjDf + d3IKhDKGZAkpueeUlIh/ptcFsg3e+xsAAP//7Flta9swEP4rJlBIoXZtJ07SQekC22AfykILK5RB + UGynCY0l45e6o8t/73OSojpu3I0ySj4E8sGxpNNzp7vTc2fOY3XDOzVElzjrO1nFEaCbRczJwSxm + 5AoUedAISEgtEC5ryeciS+QaS2SUghlGc8qAyL73MT8hYBC+LCxFIyy2qthvUtFKmURX5nBti3Gr + BhAlGo9XDk48J52NhsoGvzgZgXYjGwGBRphvIJLAvISBdiKt6VzT/grBiMsEJiPttb9UVeWIiuWp + jApEYfzopItUejQ2mULmVO89ZQV406yET027P27G1xP7+tIGT5DBajZJBbkyRUOXRcmSH1vd4z9w + lFUhPsENX1MWr42yeP22gWAzQImuQMl9L7kTcbnGVNdMbQ60EQHXEAF5FpL27J5oqOvWvdnMt7Aa + CxcUsjsJiWt4bl4mCaMbpfO39Es2JH4osndeP8QTLhA9xEC/R+fBnPV7kTcb9d1gBkzD4Znn+wO6 + 7cwk7PDGtJgOeBxF2ANXUOcFg62Lk8/GyUjom2WlCgEHd52cJrOPLm0Cz/f6sefGPT86G4S9MBh6 + 4SiIIpcN5l48uojOpZSj3vjI/4afWmcnjOu0advqVe6UuV3BIrbvUD520nK2WoZkMjtlLCeLYb28 + HkDm8PhlYg+clBP+Zom6/4ibNe7+I27WyPuOGKknUgWkJmx17jPRLR+KJ0rWqsxT6esWxA3Tv5aZ + QC1/i4wTLl4Cjzo1GDWRTPvo/pTmepnOuIdU8PGHfkgFH4H4kApaU4FhHoB4pyLuiZq8+tmFXFEw + 3aJuMo+2jpDb1hFyTUeoOWCYWswflpngiu7ogrPU3yLU339B+iCK/9d3U8KMUOyECuSnkF2JTasP + LqQgP20edXZ9NwD53eZ0I/ekk7DHqzgvVyS4pqzsJ2TFuFCKU1eTeg6kunm/vdjfWq0XSLTr9foZ + AAD//wMAcXdmVfoaAAA= + headers: + Atl-Traceid: + - e1aeaae130d27920 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 437ce540-93f5-4be7-a030-320b2b2b4920 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '223' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7e5f37d3-3af2-4fda-97a5-7879d91a2100 - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2835,95 +1831,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11085 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy92EkdAMaSJu2VL08x2GqBZYdDSWWYjkQJJRfba/vcd - SclO0zpr0wRIxCPv7bnnjvzowaqkPPViTwJPQUL6ikGeqg6nBaiOSpZQ0I4oQVLNBFcdSJkuQNNO - sqQ8g1xknTuQCvcgHUMpQQHX7qzX8ZixHIbBcB8XCvIFLpdalyr2/RQWkOhUfBA9qnOqFKO8x0H7 - aEP7tGR+5DOlKvBbA7ewRv2L6Wgy7Q6PDlCysMF68UdPodNKJVRDJuTaBZfiChWiIAq7waAbDadh - FPf78X7QO9w/+jWIgsDEaHzodQnWzBNjNPp+GARBtMm6WaSgEslKgwhKj4kqaJ53SMqUZjzRpGSQ - ABELUgt52zPaieBXMv+eKBQklQT/jkFN76im8jfF/oUXBRapKp450Vn6Igz64bBZTjHQF9uUO54p - NPqaUnVralTNtfmKFzRX0PFaG15sjXzueJohMUosshfzCjPxSik+YHhPRK/RttjZarTYmcW9gm8j - veJMazRg+NVom6T+smeVWOiaSpOYYkWZM2RI+iAbBNdSZjBcDYbfE24Dc+OsQbpkBlj8uY/zIDhE - z9FgFQ2ebNiW0LLkmWr+P+IrPFiFBz/na9U6az4e8daPVv3o57w15FTtx05vnz+b/l69ddMFK3bz - HiuYZRIy7OuvaIicEnnl2sxJkkppUdgRMUMP0eGujeHXNtzocFLTmHb8eXE3xCXVOBXd0PlxvruJ - tplhvrMmDZnt54moTE6hmUvXRsB45sVaVoBwoE39FpvdUNrFZs0Z85IlLvePX8lMqKislqLK01Om - ypyum5ZAcSIBczVd96052T/czMmHqAW74Ax3bUS7NvrbWcKEZHr9RHBbdX/wY3OUFTQD5RsN1Rph - KMhF3VN32Xb2nIu6nVEDzxZkDmaYGGo+SMp05TezDXfxMByatJdUjUqWnDN+a6/iUyjNzcyTtma2 - krXd20i44CO8mOk8hzFQ5Xggmy/v8vzq97OL2fnZyehiMpqNxuM3Y0wDG0hh3nhgugRyiVOTa2L8 - EqaI4PmaYEey3BglWpA/maTkUkKBXUsqhZzt2R59mMURGgw+sSAYJIex5y4MLBFivG2pL9oY0c4Y - p/nDQ827ooHXsjrH6NpJgOXLOGxOV6Xp2W/zeNgLDsKWx+6l8ESGOeXNbfXl5f5jpNuy6iVNbvEh - 1TKrNe58nTRPmp8KuH0X+e3zJGovVw6G0YnIhbxw0czzCrqZxBmxfRwIcipcsUVR4lOP66YKj9Xv - S3D+4dvfvSnTOezF5OYdLcOYnAhxy4BcM40zSpOJvTzIq5xmn0yumGouEpovhdLxMBgG/oLxFAej - Hw37+++txVOLBYb5QRDDkniP/L8qeW7+/mINTAD5hrMDFbHLrejkeoSrG/zXPQgHNhQDe1JDr2Ba - Qk/IzEfWUVMJhs8Sw1Yfj/aWushtXM7OW2Pnit9yUbeySynSCt89I55hDxaIqD9FAI0/mz5GQv4Q - dVeLHRCUjYHoPfHJTag0+buiUoMkW5M7VGHrM7Ta744vySShfMd589ryD44ih/RLSXmy9Kc0w2Av - kAxOWrE8PTu9LzoRBcJEcKAt74kN1GuloVCYe1oKhlzai63cVswgXFDGFdPQQ7rFg0F/194uORZF - LeeCyrStwaYWp1tSGq/HJHHcwyjJHIATBZrUDRE1zkX3kiELJGOH1EuWLEkBlCvcpO5EYwHxQwuE - JgnOVUjJHaOkwlZJ5LrEwYTHOAd3IfdMKGNkLI7cBOKWqXVd90RNVWmJhTyFVa9clpYYSNnZQsiZ - c6ZmVOP1Pq+wNLPnb66PJ5fdyesuXqWWzFfjc2f0MWBeAyaZxv8BAAD//+xZ22rbQBD9FWEIJCGS - JfkeKKlp09KHlhCXFkJe1tImFtUN3dLg+t97Zne1seXILWkJfjAYI3t3Z8azM2fOjI2Pl19vY6A/ - Uh3Rc24kaeXdxpdVQEUHxs14YcoErdf+UYEfBX6bArm2Q0G7WNpRBXjPpY/aVGzvE4HxGel7LxpX - iovvCx4TIBhMX2+CvhZ2ICDImKDiRhDjRiJxxkgyqpoMqzkVLRTMHzw+o/iIDSSBJF8GCx/YIwWa - kTIRJGWOizUQOWtxgt415qGFPM4p8nScrUUi6aJAhX5lX14bSPLyElH6rJ0i8k4/RSnzCvqdXxIj - EB8M4Am5S3j/dFbwNKein3GJM1xuVpmtQ1dkrsJHOG06e2c6PeXQa54mhEcEaccMFxufGMcnv3CZ - YZGcA0u2OaXTximdfr1ABafIUDAFLyZe29w6aJFhty60MTVbMzXhesFLn9+oO4gNYtMsiM1TE32q - KJi3IECWVTUvo4hRye/8qT6SD4nAJ9kL+QERuQtgFrUdaL0Gd6zf8535uG8P5rBxNJo4rjskOqI3 - QcOObZwueOr70AGO0HmywVTN4FsNcSR0Z0cuI94CGRHbBMDIx+7AcZ0+d2zec/3J0Ot5g5HjjQe+ - b7PhncPHF/4bIeWoNz1yP+Alz5kRi1XtM035VW6VufkAj5iuRcFupeU8DDxymZkylpPHcF7Ud7Bt - PL6/ModWGpP9zVZ//y1uDgz23+Lm0GHfLQYm+bLLVox6nZteqWkZ5ROBs+ztJa7dAF+x/bLMkpR3 - b4A43uIp8WjIhVWdyaRHjesUGc8U4h6g4PUv/QAFr2HxAQpaoUAzD5h4LzNuSfNx9WxDblKwEE/b - nMkG7+osV53thbZZnt02y7P1LK+5oCkcj6sgS2JJd9SooFR/1siPf/UT0F0KCcv6UaHgC5Bv7W+m - bi33rBOxn9c8L0MSvKZbDGayYlpIO6qk+G/DYClLy4QqtKXfEjHWque1NI2mYRFp1HZsGutuWKsO - CO+sVqvfAAAA//8DAKcrfbTzGwAA - headers: - ATL-TraceId: - - 7866ee18320290cf - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 29aa180549c93fda + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 00d443cf-3c71-429e-b97d-27687d81a302 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '186' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 82f87ade-27ea-469e-be8d-044f3b1ca692 - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without + Secure Flag|http://localhost:8080/finding/261]\n\n*Defect Dojo link:* http://localhost:8080/finding/261 + (261)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap2: Cookie + Without Secure Flag"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -2933,174 +1929,58 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1258' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + - python-requests/2.28.1 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11781 response: body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ2m2W3EQPKrIK7Z5EJEknWEmT0qbCsux/N8HFj9vwzvPM - y5yIVgseZkckeY9xWuRm06NFE/vwEaiKTi3LoDz1GElBPnFehuATzAAYBQplu79+bu+eut/tfh11 - moh8yVABBbwWpMfJheOIPnbHCdOBGxfWPkl6HVz/rRCZha24hLcqZpADZyXUJRcdqyUwWdUUAK6A - AyR/wTn1dsP4j911jCdQMkZrqH5YM957GxIo+E40W6uVqbBS2ICxjWh0r5UAawBUXQuhsfpTEF1u - eBhmRfI7Vq0uPgajcnwi7jIR9G+HlpzPXwAAAP//AwDWscBfWgEAAA== + string: '' headers: - ATL-TraceId: - - 6c478faa2b86baef - Connection: - - keep-alive + Atl-Traceid: + - 947568ce88f1ce86 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: + - max-age=63072000; preload + Timing-Allow-Origin: - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 55c5622f-f11b-4031-926d-397d6bc0020a - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1c560ba910dccfcd - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + X-Arequestid: + - 1682abb9-70eb-456f-a8c2-f4bdf6798a33 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '208' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ba2b6ea2-3ce0-4ba3-98cc-290f2c5b71e0 - x-envoy-upstream-service-time: - - '65' status: - code: 200 - message: OK + code: 204 + message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3110,90 +1990,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11086 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11781 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2HFdAMaSJu2ZL08x2GqBZYdDSWWYjkQJJRfba/vcd - SclO0zpr0wRIxCPv7bnnjvzowbqkPPViTwJPQUL6kkGeqg6nBaiOSlZQ0I4oQVLNBFcdSJkuQNNO - sqI8g1xknVuQCvcgnUApQQHX7qzX8ZixHIbBaIgLBfkSlyutSxX7fgpLSHQqPoge1TlVilHe46B9 - tKF9WjI/8plSFfitgRvYoP75bDyddUfPDlGytMF68UdPodNKJVRDJuTGBZfiChWiIAq7waAbjWZh - FPf78W9R73B4+GsQBYGJ0fjQmxKsmUfGaPT9MAiCaJt1s0hBJZKVBhGUHhFV0DzvkJQpzXiiSckg - ASKWpBbypme0E8EvZf49UShIKgn+LYOa3lJN5e+K/QvPCyxSVTxxotP0eRj0w1GznGGgz3cpdzxT - aPQ1o+rG1KhaaPMVL2muoOO1NrzYGvnc8TRDYpRYZC/mFWbilVJ8wPAeiV6jbbGz1WixM4s7Bd9F - esmZ1mjA8KvRNkn9Zc8qsdQ1lSYxxYoyZ8iQ9F42CK6lzGC0Hoy+J9wG5sZZg3TJDLD4cxfnQWBY - GQ3W0eDRhm0JLUueqOb/A77C4Toc/pyvdeus+XjAWz9a96Of89aQU7Ufe719/mz6e/3WTRes2PV7 - rGCWSciwr7+iIXJK5JVrMydJKqVFYUfEHD1Eh/s2Rl/bcKPDSU1j2vHnxd0Ql1TjVHRD58f57iba - dob5zpo0ZLafx6IyOYVmLl0ZAeOZF2tZAcKBNvVbbHZDaRebNWfMS5a43D9+JTOhorJaiSpPT5gq - c7ppWgLFiQTM1XTdt+bkoN9v5+R91IJ9cIb7NqLdyGBCMr15JIatuj/4sXHJCpqB8o2Gao0wFOSi - 7qnbbDdizkTdjqKBZzC6l0i/TSSnCzDDxFDz3iHTld+EIdzHw3Bk8FhRNS5Zcsb4jb2KT6A0NzNP - 2prZStZ2byvhgo/xYqaLHCZAleOBbL68i7PLP07P52enx+Pz6Xg+nkzeTDA/bCCFgOCB2QrIBU5N - ronxS5gigucbgh3JcmOUaEH+ZJKSCwkFdi2pFHK2Z3v0fhbP0GDwiQXBIFnGnrswsHYI/q6lvmhj - LEPGOM3vH2reFQ28ltU5RtdOAqxrxmF7uipNz36Dx4M46PcOw+19714Kj6SeU97eVl9e7j/Gxh3d - XtDkBh9SLeVa487XcfOk+amA23eR3z5PovZy5WConohcyHMXzSKvoJtJnBG7x4EgJ8IVWxQlPvW4 - bqrwUP2+BOcfvvs9mDGdw0FMrt/RMorJsRA3DMgV0zijNJnay4O8zGn2yeSKqeYioflKKB2PglHg - LxlPcTD60ag/fG8tnlgsMMwPghiWxAfk/1XJU/P3F2tgCsg3HCqoiO1vRcdXY1xd47/uMBzYUAzs - SQ29gmkJPSEzH1lHTSUYPksMW3082lvpIrdxOTtvjZ1LfsNF3coupEgrfPeMeYY9WCCi/gwBNP5s - +hgJeSXqrhZ7ICgbA9F74pPrUGnyd0WlBkl2Jveows5naLXfHV2QaUL5nvPmteUPn0UO6ReS8mTl - z2iGwZ4jGZy0Ynl6enJXdCwKhIngQFvdERuoN0pDoTD3tBQMuXQQW7mtmEG4oIwrpqGHdIsHg/6+ - vX1yLIpaLQSVaVuDbS1OdqQ0Xo9I4riHUZIFACcKNKkbImqci+4lQ5ZIxg6pVyxZkQIoV7hJ3YnG - AuKHFghNEpyrkJJbRkmFrZLITYmDCY9xDu5C7plQJshYHLkJxC1T67ruiZqq0hILeQrrXrkqLTGQ - svOlkHPnTM2pxut9UWFp5k/fXB1NL7rT1128miyZLydnzuhDwLwGTDKN/wMAAP//7Flta9swEP4r - JlBoS+3YTpyXwujClo192CjN2KD0i2KrjZnf8FtXsvz3PScpaurU2ehGyYdAKUok3Z2ku+eeuxgf - p19vEqA/Qh3ec26kWe3fJNM6pKQD42a8NGWAruf+UUEQh0GbAjm3Q0G7WFpRh/hfyDtqU7G9TjjG - Z4TvnShcyS++L3hCgGAw/bwp6lrYAYcgY8KaG2GCF4nFHiPNKWsyzBaUtJAwf/DkjPwjMRAEknwZ - LLpnD+RoRsaEk1QFHtaA52z4CWrXhEcW4rggz9N+tuGJpIscFfqVfcXaQJJXVPDSZ+0Unnf6Kc6Y - X9I5v6RGKD4YwBO6LnH7p7OSZwUl/ZxLnOFysYps7boichU+4tIms3em01MXesWzlPCIIO2Y4WGT - E+P45BceMyrTc2DJNqd02jil019PUMIpcyRMwYuJ1zaXei0y7NYJzdTEDQte+vzCNuZm6wqiOTF+ - lvE0MyWCmfkLAmSZVYsqjhml/M6f8iPdIRH4NH8hPyAidwHMorIDpZd3y/q9wJmP+rY3xwGGw7Hj - ugOiI3oRNOxYxumBJ0EAHeAInUcbTFUMvtUQR0J3VuTS4y2QEbFMAIwcdj3HdfrcsXnPDcYDv+d7 - Q8cfeUFgs8Gtw0cXwRsh5ag3OXI/4E/uM2OWqNxnmvKrwqoK8x43YroWObuVVfMo9OnKzIyxgm4M - +0V+B9vG8P2lObCyhOxvlvr7b3GzYbD/FjebDvtuMTApkFW2YtSb3PRSdcsongicZW0vce0a+Irl - 0ypPM969BhT5i8fAoyYXZnUkkx7VrlNkPFeIe4CC13/0AxS8hsUHKGiFAk0wYOKdjLgl9cfV2Ibc - tGQRRtucyQbv6ixXne2Jtl6erXt5zQndG2tOaArHkzrM00TSHdUqqNSPNfLj3xyhTsv/1oSVsrRM - KEI5+C0V7STdJ0U1KyxerocKdV+sX/ys1V3LPevE7OcVL6qIBG+cVTSC8nJSynNTN5qaRXRy/f3T - ze6T3WqDsHa1Wv0GAAD//wMAf0/Fb/MbAAA= - headers: - ATL-TraceId: - - 58d8f411d08b5e9f - Connection: - - keep-alive + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPew5joBh6GJ36xZkWeK0QNMioKlriTFFaiQV22vz33ep + h90kdbdkWGEgER/3fe7h/eDBuqQy9RJPg0xBQ/qSg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozL8FbfAM0nMoNRiQtr3LKmNVsXAKr6MwjMK+hj8rMHa2KeFMU2Y5A8/3uLMfRYfjCBcGxAKX + ubWlSYIghQUwm6ob1adWUGM4lX0JNkBLNqAlD+KAG1NB0ClYwgblT2fTi1kvGg4HuFW7YLzkg2fQ + t8owaiFTetPEkOIKJeIwjnvhuBcdzcIwiY6Swah/OP7+uzAOQ+ekM2LR8VrNM5108gGmIoy3YbeL + FAzTvHSJw90XxBRUCJ+k3FgumSUlBwZELchK6WXfSTMlL7V4oheV5K5cVFzTW2qpDm45rILarZ2D + 7VEUDqLxj4b/BT8UWPaqQKsOFmhyRs3S1aqaW/eVLKgw4HuN4CuMq5b1vZwjcDTLNydwC+hreOd7 + liOySkSJl8gKY/QewGQQdgelVjcY0TMT3krX6a4L2KXbLT4ByS6qS8mtRQXG29p2SP2tvmvUwq6o + dng1vCgFR4fTB5FjPWqUDcfr4fiJ7n6hMl0k27oMw0N0Ix6u4+H/a6Wpfo1FNBiN1tHoaxhcdxYH + 8XoQfw2LLcDv7h7DMdqH07g7WPD164YDsfpX7xENWaYhQ1p5hHX0U4mq6fLPao0P9x2M9x0cPVbe + UFqz6wijZm8v6UW4pBZJvSHDpzdVQ7U7cg0addq1TP15rCoXbeQI843b4DLzEqsrwNSiUvsaq+Ea + p3Gu1uf0a86arHx4tOd8RWGTq0qkE25KQTdt47lyacBgXW9/jsCHUdwR+MO0bWnm4cG+gsfbgpea + K83t5plJ7MSD4dN4nBc0AxM4CdMp4bgh1KpvbrMdkZ2oVUd4Q+8xpONBF4igc3CU5UD78LUe7UlD + tA+h0djlI6dmWnJ2wuXypTuZQOkmC8m6mtWVXNVn2x2p5BQHCzoXcA7UNDjQ7Zd3dnL586vT65NX + x9PTi+n19Pz893OMD1vLYELwwiwHcobcLC1xdgk3REmxIdjnXDilxCryK9eUnGkosNFJZRCz/c/1 + e4Tt5IUfeRiObwaJ17xXWDtM/q6n7jU4liHjkoqHl9q5qE1vjWqB3nUcgXXNJGxvV6Vr2n+B42aE + eSb0GuHtm3h/6ngaGndw+4myJQ6CHeQ65Y2t43bW+k8OdwNb0M1NcfeES3BQZ0oofdp4MxcV9DKN + HLEbVxSZqKbYqihxVJW2rcKX6nc/Oe/k7ncw41bAQUKu3tIyTsixUksO5A23yFGWXACrNJCXgmYf + XawYqlCMilwZm4zDcRgsuEyRGIN4FL2vFU7qVKCXN4o4kCQH5B8lyTf459ta/ALHK8coKIa93zo5 + qYBMMB7cnADrk2jkE4etbRTHb6Z4doX/eqNoWLvqysJW0C+41dBXOgsQldRViuNw5NAc4NV+bgtR + O97oee30XMqlVKtPs3SmVVrhczuVGfZpgVkPZphkZ7NOETpMflGrnlV70lS2CuL3JCBXkbHkj4pq + C5rsVO4RhZ3NqJZ+++KMXDAq99x3cx+2RVOO+7+Di42xUBiMIy0VR+wcJPV+XSKXsYJyabiFPsIL + E2byuaI63Xfjkf7JDmhO8wvCGjwhlZI5gCQGLFm14LLIdaYB2AIB5pNVzllOCqDS4CFtbrQaMN53 + cg6EMoZkCSm55ZRUiH+mNyWyDd77GwAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6nh1N8oo+RDIByeST08n3bt3F85jlWWdBqILnPWtrOII0PUq5nTBLGbs + ChR52BGQ0LYguKw1X4oske9YIiMKZhjNiQHBvncxPyFgML4uLJXKLbap2C/aopUyia7McbUtxq0G + QJRoPN44OPGc9mx2qHzwk5MTaDXyERBohHkNkQzmJRz0ItLGnhu7v0QwIpnAZbR7fV+qqnJExfJU + RgWiMH5w0lUqbzQWmcPmXK89ZwW0y6LEnZr3v19Pr2b21YWNvCuD1SySCrrKFA19FiVrfmz1j3/j + omwK8RHX8E/J4nVJFm9YDxCfFais76TsItnUnhp02HA7B7qEgGuEgDwLqYdentglXV0jXXcSapuI + 4U4WriiWFWnnZZIwyii9v9Ev+ZD0ocjemH5IJ5wjekjVfovOgiUbDiJvMRm6wQIbGI9PPd8fUbYz + k7DCK9NiOuBpFGENpKDeMwZbFyefzCUjo6+WlSoEHOQ6OU2yjy5tAs/3hrHnxgM/Oh2FgzAYe+Ek + iCKXjZZePDmPzqSVo8H0yP+Kj3rPThjXtGnb6qfcKXO7gkds3yE+dtJysVmH5DI7ZSwnj+F9mR4g + 5vD4eWaPnJQT/naJuv+I2zXu/iNu18j7jhicFKkiTgu2pvaZ6ZYPxRORtSodFa/dQLhh+pcyE6jl + b8A44eo58KhTg1ETybSO7k9prZdpxj1Qwfsf+oEK3gPxgQo6qcAIDEC8VRH3SE1e/ezCriiYblG3 + ZUpXR8g1HaH2gOmwtAeMUov5/ToTXKkaXXCW+r8I9fWfkIpEWXisHzXZvYHgGn+jfKjtnvQS9nAZ + 5+WGDDfWluV9VkwLheNeFP+vp6iMGaNYC5XQDyG7I3Xbj7qa1HOgJQ2QXbT+Dlz9gnTPdrt9AgAA + //8DABIkjVP6GgAA + headers: + Atl-Traceid: + - 0cdeb7c12f9b0142 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 21dc6800-dfe6-4232-b73e-3329e869c45e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '271' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9af2b475-221c-4f6e-91bb-9b8ef2678b48 - x-envoy-upstream-service-time: - - '147' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml index 532763447a3..1559831288e 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtNssuYkeVGQV2j2JSNJMsZI2pUmFZdn/boKLH7fhneeZ - lzmBVp4OiwUJ7yHMXm42hnrqgnEfrlDBKu8HNRUTBcjgkxY/uCnCDJEVWGDe7K+fm7un9ne7X0cd - J5AvCcoww9cMDM3WHUeaQnucKR64sW41UdLrYM23AjIJW3EJb1VIIEfOcqxyLlpWSWSyrApEvEKO - GH1PS+xth/Efu2sZj6BkdYHb8oftxvupdxEUfCfqba9VV1KpqMaur0WtjVYC+w5RVZUQmso/BcGm - hodhUZDe6dVqw6PrVIpPYC8T0PR2aOB8/gIAAP//AwBBXls+WgEAAA== + H4sIAAAAAAAAA1SPW0vEMBCF/8u82nYn6SVt3kQfVGQV2n0SkbRJsJImpUmFZdn/boqLl7fDme/M + mTlBL7w6LAY4vIcwe77bSaXVEKT7cJkIRng/CptZFSCBT7X40dkIE0SSYYZpu79+bu+eut/pfp36 + qIC/bFCCCb4mINVs3HFSNnTHWcUFN8atMob6dTTyOwI8BiiWF/NWhA2kSGmKdUpYhzVHxmmZIeJV + JDHmvVpibzdO/9imQ+Sk4WU8EZsfdpjurXYRrArCdK61zllNaYV5jViUglZkECirgbFCYV79LQhm + a3gYFwHbO1qsJjy6QWz2CcxFgbJvhxbO5y8AAAD//wMAtU44eFoBAAA= headers: - ATL-TraceId: - - 6cfef13897ab2083 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 4430a072b115c436 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5c16816a-b461-4f08-a55c-ef14ef7af292 - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 812bd19491648928 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:50 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 03596c7a-f6d9-42cb-a2eb-6ceb14e12af9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '112' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 741779d8-f30e-4e12-af6f-45066f7d9e2e - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 658301ba497e7c33 - Connection: - - keep-alive + Atl-Traceid: + - 9da545ba2fa641b1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:50 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 06ce3437-fb81-4bad-bb49-e94fbe310ea1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '184' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 083afb7a-189e-458c-910a-482563dfffac - x-envoy-upstream-service-time: - - '101' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2837]\n\n*Defect Dojo link:* http://localhost:8080/finding/2837 - (2837)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/693]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/262]\n\n*Defect Dojo link:* http://localhost:8080/finding/262 + (262)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/102]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1721' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11087","key":"NTEST-898","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11087"}' + string: '{"id":"11782","key":"NTEST-1444","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11782"}' headers: - ATL-TraceId: - - 7d0eff1e89583b79 - Connection: - - keep-alive + Atl-Traceid: + - 92b9926fb2131fd7 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:50 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ddb704e7-650b-4772-a2fb-dbbe7882bc90 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '581' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d656ab25-a528-4eba-a5db-97509af7af16 - x-envoy-upstream-service-time: - - '383' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,95 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-898 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1444 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/WUldAMaSJu2VL08x2GqBZYdDSWWYtkQJJRfba/vcd - SSlO0zpr0wRIxCN5L889d7wPHmwqyjMv8STwDCRkLxkUmepxWoLqqXQFJe2JCiTVTHDVg4zpEjTt - pSvKcyhE3rsBqXAPsglUEhRw7c56PY8ZzWEYjJ7iQkGxxOVK60olvp/BElKdifdiQHVBlWKUDzho - H3Von1bMj3ymVA1+p2ANW7x/PhtPZ/3RsxFKltZZL/ngKTRaq5RqyIXcOucyXOGFKIjCfhD3o9Es - jJJhnISHg1EU/xJEQWB8NDb0tgKr5pE+mvt+GARBdBt1u8hApZJVBhGUHhFV0qLokYwpzXiqScUg - BSKWpBFyPTC3U8EvZfEtXihIawn+DYOG3lBN5W+K/QvPS0xSXf7kRKfZ8zAYhqN2OUNHn+9C7nkm - 0WhrRtXa5KheaPOVLGmhoOd1OrzEKvnU8zRDYlSYZC/hNUbiVVK8R/ceiV5722Jns9FhZxZ3Er7z - 9JIzrVGB4Vd72wT1lz2rxFI3VJrAFCurgiFDsnvRILiWMvFoE4++xd0W5tZYi3TFDLD4cxfnODA8 - jeJNFD9asU2hZclPqv3/gK3wcBMe/pitTWes/XjA2jDaDKMfs9aSU3Ufe619+mTqe/PGdRfM2PU7 - zGCeS8ixrr+gIXJKFLUrMydJa6VFaVvEHC1ET/dtjL7U4VqHk5rCtO3PS/phz8Mw9RusOMMrd8CW - k+G0ZKlz4MMXMsM4DEitRF1kJ0xVBd22vERxQzV2WtfIvr+GXJe87Yu+0yZNgdjPY1EbnELj6ZUR - MJ57iZa1MZ1KwFhN1X2tT/56GHZ98j5qwT44w30b0a5lMCGZ3j4y3u66H39fu2QlzUH55obqlDAU - FKIZqJt812LORNO1otgzGN0LZNgFUtAFmGZiqHnvkKnKr8IQ7uNhODJ4rKgaVyw9Y3xtn+ITqMzL - zNOOLpZEjd27lXDBx/gw00UBE6DKUVC2X97F2eXvp+fzs9Pj8fl0PB9PJq8nGB8WkEJA8MBsBeQC - uybXxNglTBHBiy3BimSFUUq0IH8yScmFhBKrltQK+TWwNXo/imeoMPjIgiBOeeK5BwNzh+DvSuqz - MsY05IzT4v6hdq5o4bUkL9C7rhNgXnMOt6frytTsN/DYTQqPpJ67fPtaff64fx8bd3R7QdM1DlId - 5TrlztZxO9L8kMPdXOR340nUPa4cDNVTUQh57rxZFDX0c4ntaTccCHIiXLJFWeGox3WbhYfy9zk4 - //Dd78GM6QIOEnL9llZhQo6FWDMgV0xje9Rkah8P8rKg+UcTK4ZaiJQWK6F0MgpGgb9kPMMm5kej - 4dN3VuOJxQLdfC+IYUlyQP7/Knli/v5sFUwB+YZNBS9i+VvR8dUYV9f4r38YxtYVA3vawKBkWsJA - yNxH1lGTCYZjiWGrj0cHK10W1i+n543Rc8nXXDSd7EKKrMa5Z8xzrMESEfVnCKCxZ8NHT8gfoulr - sQeCqlUQvSM+uQ6VJn/XVGqQZKdyz1XY2Qzt7bdHF2SaUr7nvJm2/MNnQ4f0C0l5uvJnNEdnz5EM - TlqzIjs9uSs6FiXCRLChre6IDdRbpaFUGHtWCYZcOkis3GbMIFxSxhXTMEC6JXE83Le3T45JUauF - oDLrcnCbi5MdKY3VI5I67qGXZAHAiQJNmpaIGvuim2TIEsnYI82KpStSAuUKN6k70WpA/FADoWmK - fRUycsMoqbFUUrmtsDHhMc7BzQID48oEGYstN4WkY2rTNAPRUFVZYiFPYTOoVpUlBlJ2vhRy7oyp - OdU4WSxqTM38yeuro+lFf/qqj0+TJfPl5MwpfQiYV4BBZsl/AAAA///sWW1r2zAQ/ismUGhL7dhO - nJfC6MKWjX3YKM3YoPSLYquNWfyCX9KVLP99z0mymjhxNrpR8iFQipKTdCfp7rnnLsbH8de7GOiP - UIf3XBpJuvDv4vEipKQD4ya8MGWAVrJ/VBBEYdCkQMr2KGjelmYsQvzP5R01qdieJxzjM8L3QRSu - 5BffZzwmQDCYft4EdS3sgEOQMeGCG2GMF4nEGiPJKGsySHNKWkiYP3h8Qf4RGwgCyfsMNn9kT+Ro - RsqEk5Q5HtaA56z5CWrXmM8txHFOnqf9bM0TSRc5KvQr+/LKQNovL+GlO+0Unnf+KUqZX9A5vyRG - KD4YwBO6LnH755OCpzkl/YxLnOFysops7boichU+4tJGk3em01EXesPThPCIIO2U4WHjM+P07Bce - c14kl8CSbU7pNHFKp9sk8CoBZaIiQyYV5Ja4dm2qrafWBU1MzdZMTVy9IKy7J+oKYoPY1BNifdVQ - ryoK5s8IkGVWzcsoYpTyW3/Kj3SHROCT7IX8gIjcFTCLSgSUXt4963YCZzro2t4UNvb7Q8d1e0RH - 9CRo2DON0wOPggA6wBFazzaYqhh8qyGONt1bkUuPt0BGxDQBMHLY9hzX6XLH5h03GPb8ju/1HX/g - BYHNevcOH1wFb8QuJ53RifsBf3KdGbFY5T7TlF/lVpmbj7gR07XI2a20nM5Dn67MTBnL6cawXuR3 - sG0M31+bPSuNyf56qX/4FtcbBodvcb3pcOgWA3oCWeArRr3OTa9Vt4ziicBZ1uESvm6Br5g+LrMk - 5e1bII4/ew48anJBqiOZ9Kh2nSLjmULcIxS8/qMfoeA1LD5CQSMUaOYBEx9kxC2pP67GNvZNCjbH - aAc1Au9qLVetbUFTL8/Wvby6QPfG6gJN4Xi8CLMklnRHtQpK9WON/Pg3R1gkxX9rmMq99J5QhHLw - WyLaSVWLFq4lLV5WQ4W6L9YvftZqV/tetCL284bn5Zw2XjuraARlxaiQ56ZuNDWL6OT6+83F7sZq - tUBYu1qtfgMAAP//AwDy5Fyi8xsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcR1HAHD0MXuli3IssRpgaZFQFNniTFFqiQV22v733fU + i906dbdkWGEgkXi89+ce3XsPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+h1GBA2vYuq4xVxdwZvI3CMAr7Gt5VYOx0XcKFpsxyBp7vcec/io5GMb4YEHN8 + za0tTRIEKcyB2VTdqT61ghrDqexLsAF6sgEteRAH3JgKgs7AAtaofz6dXE170WAwwKM6BOMl7z2D + sVWGUQuZ0usmhxTfUCMO47gXjnrR8TQMk+g4eRb2jw+f/RDGYeiCdE4sBl6beWKQTj/AUoQu0Cbt + 9iUFwzQvXeHw9DkxBRXCJyk3lktmScmBAVFzslR60XfaTMlrLR4ZRSW5axcVt/SeWqqDew7LoA5r + G2ArisLDaPST4X/BjwW2vSrQq4MFupxSs3C9qmbWPSVzKgz4XqN4innVur6XcwSOZvn6DO4BYw0/ + +p7liKwSUeIlssIcvR2YHIadoNTqDjN6YsFb7brcdQO7cruXT0CyzepacmvRgPE2vh1Sf6/vGjW3 + S6odXg0vSsEx4HQnc+xHjbLBaDUYPTLcr3Smy2TTl0F4hGHEg1U8+H+9NN2vsYgOo+EqGn4Lh6vO + 42G8Ooy/hccW4B8/PoRjtA+ncSeY89XLhgOx+zdvEQ1ZpiFDWnmAdYxTiaqZ8i9ajY/2CUb7BMcP + jTeU1pw6wqjZ20t6UctjrlyasyaO9w/OHIixEiZXlUjH3JSCrluo4zHW3b7Emjr4ty6oxQ9FQ7CP + H9SGvreEHTTmtBvD+vFEVa6CdfCv3AGXmZdYXblomAZM1s32lwj82fCoI/Ddsm1oZlewr+HxpuG7 + gsMtY3GluV0/sRKdeuA+Wo8geF7QDEzgNExnhOOBUMu+uc+2DHemlh0TDry6lTNwlOVAu/u1Hu7J + NtqH0Gjk0s6pmZScnXG5eOEkYyjdZiFZh6AaV8tatjmRSk5wsaAzAZdATYNK3T55F2fXv5ye356d + nkzOrya3k8vLPy4xDRwtg3njhWkO5AK5WVri/BJuiJJiTXDOuXBGiVXkN64pudBQ4KCTyiC++l+a + 9wjHyQs/8DAc3c0Sb2eYsbIZl1Rgz7Do2yFzst2zdi9qy1ujXGB0HUdg+zIJm9tV6Yb2X+C4WWGe + iLBGefNN/HzreBzotqj6mbIFLoIdsjrjja+Tdtf6TwF3C1vQ7U1x9wmX4BDNlFD6vIlmJiroZRoZ + a7uuKDJWTbNVUeKqKm3bha/19PPivJHb38GUWwEHCbl5TcsoISdKLTiQV9wiY1pyBazSQF4Imn1w + uWKqQjEqcmVsMgpHYTDnMkUSC+Jh/LY2OK5LgVHeKeJAkhyQf9Qk3+Gf72v1K1yvHHGgGo54G+S4 + AjLGfPBwDKxPoqFPHLY2WZy8mqDsBv/1htGgDtW1hS2hX3Croa90FiAqqesUx+XIoTnAq/3cFqIO + vLHz0tm5lguplp9W6UKrtMLP7URmOKcFVj2YYpGdz7pEGDD5VS17Vu0pU9kaiN+SgNxExpI/K6ot + aLI1uUcVtj6jWvv18wtyxajcc9/tfTgWTTs+/x1crY2FwmAeaak4Yucgqc/rFrmKFZRLwy30EV5Y + MJPPFNXpvhsP7I+3QHOWnxPW4AmplMwAJDFgybIFl0WuMw3A5ggwnyxzznJSAJUGhbS50VrAfN/I + GRDKGJIlpOSeU1Ih/plel8g2eO9vAAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsrlEFQ + bKcxjSXjl7qjy3/vc5Kiul7cjTJKPgTywbGk03Onu9NzZ85jdec7DUQXOOtbWcURoOtVzMnBLGbk + ChR50AhISC0QLivhS5Gnco0lckrBDKMFZUBk37uYnxAwCE9KSxELi61r9otUtDIm0VUFXNti3GoA + RInG47WDEy9IZ6OhssFPTkag3chGQKARFluIJLCoYKCdSBs6N7S/RDDiMoHJSHvtL3VdO6JmRSaj + AlEYPzjZKpMejU3mkDnXe89ZCSa1qOBT8/736+nVzL66sMETZLCaTTJBrkzR0GdRmvBjq3/8G46y + LsVHuOGflMXroizesGsgaF5QJUruO8mdiN21prpmanugiwi4hgjIs5C0Z/dEQ11hGBauKCp3EOV2 + /m1LMTy3qNKU0Y3S+1v6JRsSPxT5G68f4gnniB5ioN+is2DJhoPIW0yGbrAApvH41PP9Ed12ZhJ2 + eGVaTAc8jSLsgSuo94zB1sXJJ+NkJPTVslKFgIO7Tk6T2UeXNoHne8PYc+OBH52OwkEYjL1wEkSR + y0ZLL56cR2dSytFgeuR/xU+ts1PGddq0bfWqcKrCrmER23coHztZtVgnIZnMzhgryGJYL68HkDk8 + fp7ZIyfjhL9dou4/4naNu/+I2zXyviNG6olUSakJW5P7zHTLh+KJkrUq81T6ugFxw/QvVS5Qy98g + 44Sr58CjTg1GTSTTPro/pblerjPuIRW8/6EfUsF7ID6kgs5UYJgGIN6qiHukJq9+diFXlEy3qNvM + o6sj5HZ1hFzTEWoPGKYW8/skF1xxIV1wVvpbhPr7L0jvRfn/+m5KmBGKnVCB/BCyK7Ft/sGFFOTH + 7aPOrm8GIL/bfNjKPeml7OEyLqo1CW4oK/sJeTktleLU1aSeA6lu3r9c7L9YrRdItJvN5gkAAP// + AwBn3RG6+hoAAA== headers: - ATL-TraceId: - - 67d6b9998519a099 - Connection: - - keep-alive + Atl-Traceid: + - 85b8545b6d3d2a41 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 18564033-bc3d-41fd-a9dc-f1f5164409c6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '217' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b60293e3-27f6-49a9-a5a5-74fff76545b2 - x-envoy-upstream-service-time: - - '169' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -440,95 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11087 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11782 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/WUldAMaSJu2VL08x2GqBZYdDSWWYjkQJJRfba/vcd - SSlO3Tpr0wRIxCPv7bnnjvzgwbqiPPMSTwLPQEL2kkGRqR6nJaieSldQ0p6oQFLNBFc9yJguQdNe - uqI8h0LkvVuQCvcgm0AlQQHX7qzX85ixHIbB6CkuFBRLXK60rlTi+xksIdWZeC8GVBdUKUb5gIP2 - 0Yb2acX8yGdK1eB3Bm5gg/rns/F01h89G6FkaYP1kg+eQqe1SqmGXMiNCy7DFSpEQRT2g7gfjWZh - lAzjJDwcjKL4lyAKAhOj8aE3FVgzj4zR6PthEATRXdbtIgOVSlYZRFB6RFRJi6JHMqY046kmFYMU - iFiSRsibgdFOBb+UxbdEoSCtJfi3DBp6SzWVvyn2LzwvsUh1+ZMTnWbPw2AYjtrlDAN9vk2555lC - o68ZVTemRvVCm69kSQsFPa+z4SXWyKeepxkSo8IiewmvMROvkuI9hvdI9Fpti52tRoedWdwr+DbS - S860RgOGX622Seove1aJpW6oNIkpVlYFQ4ZkO9kguJYy8Wgdj74l3Bbm1lmLdMUMsPhzH+c4MDyN - 4nUUP9qwLaFlyU+q/f+Ar/BwHR7+mK9156z9eMDbMFoPox/z1pJTdR97vX36ZPp7/cZNF6zY9Tus - YJ5LyLGvv6AhckoUtWszJ0lrpUVpR8QcPURP922MvrThRoeTmsa0489L+iEuqcap6IbO9/PdTbS7 - GeY7a9KQ2X4ei9rkFJq5dGUEjOdeomUNCAfa1G+w2Q2lXWzWnDEvWepy//CFzISKymol6iI7Yaoq - 6KZtCRSnEjBX03Vfm5O/HobdnNxFLdgHZ7hvI9qODCYk05tHYtip+/H3jUtW0hyUbzRUZ4ShoBDN - QN3m2xFzJppuFMWewWgnkWGXSEEXYIaJoebOIdOVX4Uh3MfDcGTwWFE1rlh6xviNvYpPoDI3M0+7 - mtlKNnbvTsIFH+PFTBcFTIAqxwPZfnkXZ5e/n57Pz06Px+fT8Xw8mbyeYH7YQAoBwQOzFZALnJpc - E+OXMEUELzYEO5IVxijRgvzJJCUXEkrsWlIr5OzA9uhuFs/QYPCRBUGc8sTbaVmEPGecFlhMrMa2 - x8zerqx9V7TwWlYXGF03CbCuOYe703VlevYbeOxeCo+knlO+u60+v9y/j41bur2g6Q0+pDrKdcad - r+P2SfNDAXfvIr97nkTd5crBUD0VhZDnLppFUUM/lzgjto8DQU6EK7YoK3zqcd1W4aGafg7OP3z7 - ezBjuoCDhFy/pVWYkGMhbhiQK6ZxRmkytZcHeVnQ/KPJFVMtREqLlVA6GQWjwF8ynuFg9KPR8Ok7 - a/HEYoFhvhfEsCQ5IP+vSp6Yvz9bA1NAvuFQQUVsfys6vhrj6hr/9Q/D2IZiYE8bGJRMSxgImfvI - OmoqwfBZYtjq49HBSpeFjcvZeWPsXPIbLppOdiFFVuO7Z8xz7MESEfVnCKDxZ9PHSMgfoulrsQeC - qjUQvSM+uQ6VJn/XVGqQZGtyjypsfYZW++3RBZmmlO85b15b/uGzoUP6haQ8XfkzmmOw50gGJ61Z - kZ2e3BcdixJhIjjQVvfEBuqN0lAqzD2rBEMuHSRWbitmEC4p44ppGCDdkjge7tvbJ8eiqNVCUJl1 - NbirxcmWlMbrEUkd9zBKsgDgRIEmTUtEjXPRvWTIEsnYI82KpStSAuUKN6k70VpA/NACoWmKcxUy - cssoqbFVUrmpcDDhMc7BXcgDE8oEGYsjN4WkY2rTNAPRUFVZYiFPYT2oVpUlBlJ2vhRy7pypOdV4 - vS9qLM38yeuro+lFf/qqj1eTJfPl5MwZfQiYV4BJZsl/AAAA///sWW1r2zAQ/ismUGhL7dhOnJfC - 6MKWjX3YKM3YoPSLYquNmd/wS7qS5b/vOUlWUzfORjdKPgRKUSLp7iTdPffcxfg4/XqTAP0R6vCe - cyPNlv5NMl2GlHRg3IyXpgzQeu4fFQRxGLQpkHM7FLSLpRXLEP8LeUdtKp6vE47xGeF7JwpX8ovv - C54QIBhMP2+KuhZ2wCHImHDJjTDBi8Rij5HmlDUZZgtKWkiYP3hyRv6RGAgCSb4MFt2zB3I0I2PC - SaoCD2vAczb8BLVrwiMLcVyQ52k/2/BE0kWOCv3KvqI2kOQVFbx0q53C804/xRnzSzrnl9QIxQcD - eELXJW7/dFbyrKCkn3OJM1wuVpGtXVdErsJHXNpk9s50eupCr3iWEh4RpB0zPGxyYhyf/MJjRmV6 - Dix5zimdNk7p9DeJQpkjYQpeTLy2udRrkWG3TmimJm5Y8NLtC9uYm60riObEuJ5AvDJ/QZi7pZBp - Zs6iimNGKb/zp/xId0gEPs1fyA+IyF0As6jsQOnl3bJ+L3Dmo77tzXGA4XDsuO6A6IheBA07lnF6 - 4EkQQAc4QufRBlMVg281xJHQnRW59HgLZEQsEwAjh13PcZ0+d2zec4PxwO/53tDxR14Q2Gxw6/DR - RfBGSDnqTY7cD/iT+8yYJSr3mab8qrCqwrzHjZiuRc5uZdU8Cn26MjNjrKAbw36R38G2MXx/aQ6s - LCH7m6X+/lvcbBjsv8XNpsO+WwxMCmSVrRj1Jje9VN0yiicCZ1nbS1y7Br5i+bTK04x3rwFF/uIx - 8KjJhVkdyaRHtesUGc8V4h6g4PUf/QAFr2HxAQpaoaDJPEClOqs17amZBmy/k6G4osa5GttQmJYs - wmiLlLZenq17ec0J3RtrTmgKx5NlmKeJ5EKqVVCpH2vkx7+xdJmW/60JK2VpmVCEcvBbKtpJuk+K - alZYvKqHCnVfrF/8rNWt5Z51YvbzihdVRII3zioaQXk5KeW5qRtNzSI6uf7+6Wb3yW61QVi7Xq9/ - AwAA//8DAFQvYrfzGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcR1HAHD0MXu1i3IssRpgaZFQFNniTFFqiQV22vz33fU + i906dbdkWGEgkXi89+ce3QcPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxdwZvInCMAr7Gt5XYOx0XcK5psxyBp7vcec/io5GMb4YEHN8 + za0tTRIEKcyB2VTdqj61ghrDqexLsAF6sgEteRAH3JgKgs7AAtaofzadXE570WAwwKM6BOMlHzyD + sVWGUQuZ0usmhxTfUCMO47gXjnrR8TQMk+g4eRb2jw+f/RDGYeiCdE4sBl6beWKQTj/AUoQu0Cbt + 9iUFwzQvXeHw9DkxBRXCJyk3lktmScmBAVFzslR60XfaTMkrLR4ZRSW5axcVN/SOWqqDOw7LoA5r + G2ArisLDaPST4X/BjwW2vSrQq4MFupxSs3C9qmbWPSVzKgz4XqP4EvOqdX0v5wgczfL1KdwBxhre + +57liKwSUeIlssIcvR2YHIb7BFEnKLW6xVSf2IlWu+5D3dmuD+7lE/Rs072S3Fo0YLyNbwfh3+u7 + Rs3tkmoHZMOLUnAMON0pCTaqht9gtBqMHhnuV1rWZbJp2CA8wjDiwSoe/L9eGljUIEWH0XAVDb+F + w1Xn8TBeHcbfwmOL/Pv7h3CMOzjO+epVw4HY5Ot32PQs05AhrTzAOoajRNVM+RdBHh/tE4z2CY4f + Gm8orTl1hFGzt5f0InylFkm9IcPHz05DtVtyDRpz2k1G/XiiKpdt5AjztTvgMvMSqyu4bznUWdOc + NTX48ODMRYZXTa4qkY65KQVdt9OExxiWfYVtcxPWVkMDJutG+EsE/mx41BH4btn20Uy8oZldwabh + u4LDLTFxpbldP7G6nXrgPlqPIHhe0AxM4DRMZ4TjgVDLvrnLtkR2qpYd4Q28upwzcMzkQLv7tR7u + yTbah9Bo5NLOqZmUnJ1yuXjhJGMo3WYhWdfFurfLWrY5kUpOcLGgMwEXQE2DDN0+eeenV7+8PLs5 + fXkyObuc3EwuLv64wDRwtAzmjRemOZBzpGBpifNLuCFKijXBcebCGSVWkd+4puRcQ4HzTCqDmO1/ + aawjHCcv/MjDcHQ7S7ydYcbKZlxSgT3Dom+HzMl2z9q9qC1vjXOB0XUcge3LJGxuV6Ub2n+B42aF + eSLCGuXNp+/zreNxoNui6mfKFrgIdsjqjDe+Ttpd6z8F3C1sQbc3xd2XWoJDNFNC6bMmmpmooJdp + ZI3tuqLIWDXNVkWJq6q0bRe+1tPPi/NWbn8HU24FHCTk+g0to4ScKLXgQF5zi6xlySWwSgN5IWj2 + 0eWKqQrFqMiVsckoHIXBnMsUiTGIh/G72uC4LgVGeauIA0lyQP5Rk3yHf76v1S9xvXLEgWo44m2Q + 4wrIGPPBwzGwPomGPnHY2mRx8nqCsmv81xtGgzpU1xa2hH7BrYa+0lmAqKSuUxx3IIfmAK/2c1uI + OvDGzitn50oupFp+WqVzrdIKv6oTmeGcFlj1YIpFdj7rEmHA5Fe17Fm1p0xlayB+RwJyHRlL/qyo + tqDJ1uQeVdj6jGrtN8/PySWjcs99t97hWDTt+Px3cLk2FgqDeaSl4oidg6Q+r1vkKlZQLg230Ed4 + YcFMPlNUp/tuPLA/3gLNWX5OWIMnpFIyA5DEgCXLFlwWuc40AJsjwHyyzDnLSQFUGhTS5kZrAfN9 + K2dAKGNIlpCSO05Jhfhnel0i2+C9vwEAAP//7Flta9swEP4rJlBIofZsJ07SQekC22AfykILK5RB + UGynMY0l45e6o8t/73OSojpe3Y0ySj4E8sGJpdNzp3t57sJ5rOqu00B0gbu+lV0cAbpexZwczGJG + rkCTB42AhNQCr7ISvhR5KvdYIqcUzPC2oAyI7HsX8xMCBuFJaanibrF1zX6RilbGJLqqgGtbjFsN + gGjReLx2cOMF6Ww0VDb4yckIdBrZCAg0wmILkQQWFQz0ItKGzg3tLxGMKCYwGWmv/aWua0fUrMhk + VCAK4wcnW2XSo3HIHDLn+uw5K8FmFhV8at7/fj29mtlXFzZ4ggxWc0gmyJUpGvosShN+bPWPf8NR + 1qX4CDf8k7J4XZTFGzbrUInO+k7SLiJS7aVBhwy380UXEXANEZB3IWnPywsNdd2ppe18295leC3M + ycIVxbJK2kWVpowqSu9v6ZdsSPxQ5G8sP8QTzhE9xGq/RWfBkg0HkbeYDN1gAYzj8ann+yOqdmYR + TnhlWUwXPI0inIES1HvGYOse5JNxMhL6aveoQsBBrZPLZPbRHUzg+d4w9tx44Eeno3AQBmMvnARR + 5LLR0osn59GZlHI0mB75X/FR++yUcZ02bVv9VDhVYdewiO07lI+drFqsk5BMZmeMFWQx7JflAWQO + j59n9sjJOOFvd6L7j7jdyu4/4nYrvO+IkZMi1dZpwtbkPjM92aF4omStWkeV125A3LD8S5ULtOw3 + yDjh6jnwaCCDtyaS6Rw9n9JcL9cZ95AK3v/SD6ngPRAfUkFnKjDMAxBvVcQ90ixXP7uQK0qmR9Rt + JtI1EXK7JkKumQi1XximFvP7JBdcsRrdcFb6vwj19V+Q3ovy/83ylDAjFCehA/kh5FRiO4CDCynI + j9tHnV3fDED+b/NhK/ekl7KHy7io1iS4oaycJ+TltFSK01STZg6kuvl9d7O/s1tvkGg3m80TAAAA + //8DAN2GcOf6GgAA headers: - ATL-TraceId: - - 30b0b1ba17e52f4e - Connection: - - keep-alive + Atl-Traceid: + - d668d01ee7b4d23f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 773b6baf-a7df-4f21-bb6b-720bce3c21eb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '208' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a02ab3f7-9645-4055-ad87-0d9401da7f27 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -538,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtNssuYkeVGQV2j2JSNJMsZI2pUmFZdn/boqLH7fhneeZ - lzmB0YEOswMF7zFOQW02ljpqo/UfnunodAi9HtlIETL4pDn0fkwwR+QMGeb1/vq5vntqfrf7ZTBp - AvWyQhlm+JqBpcn540BjbI4TpQM3zi82SWbpnf1WQK3CVl7CWx1XUKDgOZa5kA0vFXJVlAwRr1Ag - Jj/QnHqbfvjH7houEqi4ZDspf9h2uB87n0ApdrLadka3BRWaKmy7SlbGGi2xaxF1WUppqPhTEN3a - 8NDPGtZ3Or24+OhbvcYncJcJaHw71HA+fwEAAP//AwAqpmSCWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0EfZgsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsz3u9vX/cNLe93ulrFL + E4i3Fcoww/cMlJ6sP47axfY46XTgzvpFJalbBqt+FRBJYFhdwnsZV5AhYzk2OeUtNgK5YBVBxJtE + YvKDnlNvO4z/2G2LKOhWVIwUzZXtx0dnfALrknJTGGMK3jBWY4KwrCSraS9R1T3npcai/lsQ7drw + NMwS1neMXGx89r1c4xPYywTafRz2cD7/AAAA//8DAPTd7lVaAQAA headers: - ATL-TraceId: - - 02a7f8f3c5b8ea2c - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 8a780769990b6eb0 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 96e74186-fa6f-44bd-b783-b0d348b20786 - x-envoy-upstream-service-time: - - '42' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1b2a799df40835dd - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - eadc6579-3ccd-4c23-bba9-c127642a14ce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 54b7bcde-5806-4b14-86bf-93b7c9eda775 - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -715,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 0254d5e4c5547122 - Connection: - - keep-alive + Atl-Traceid: + - 3f723f470caef3e4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cb51977b-e738-4658-a791-6c75ccdbc034 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '212' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 25f24132-bbd8-4a7d-84ec-c4183c64e309 - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2838]\n\n*Defect Dojo link:* http://localhost:8080/finding/2838 - (2838)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/693]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/263]\n\n*Defect Dojo link:* http://localhost:8080/finding/263 + (263)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/102]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -814,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1721' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11088","key":"NTEST-899","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11088"}' + string: '{"id":"11783","key":"NTEST-1445","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11783"}' headers: - ATL-TraceId: - - 27b719acf87d67f8 - Connection: - - keep-alive + Atl-Traceid: + - 66ddc4a6f132ddc9 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a23b37c2-be01-4014-93eb-d86b8d246fae X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '623' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e0b3af08-0bd2-4c58-91d9-83f104fabeef - x-envoy-upstream-service-time: - - '520' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -870,95 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-899 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1445 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/WUkVAMaSJu2VL08x2GqBZYdDSWWIjkQJJRfba/Pcd - KSlO0zpr0wRIxCPv/bmH/OjAuqI8dWJHAk9BQvqKQZGqAaclqIFKcijpQFQgqWaCqwGkTJeg6SDJ - Kc+gENngBqTCPUinUElQwHV71hk4zFj2fS+KcKGgWOEy17pSseumsIJEp+KDGFFdUKUY5SMO2kUb - 2qUVcwOXKVWD2xu4hg3qn80ns/kwOjhAycoG68QfHYVOa5VQDZmQmza4FFeoEHiBP/TCYRDN/SAe - h7EfjZ4f/PqLF3ieidH40JsKrJknxmj0Xd/zvOAu626Rgkokq0xFUHpIVEmLYkBSpjTjiSYVgwSI - WJFGyOuR0U4Ev5DFt0ShIKkluDcMGnpDNZW/KfYvvCixSXX5Uys6SV/43tiPuuUcA32xTXngmEaj - rzlV16ZH9VKbr3hFCwUDp7fhxNbI7cDRDIFRYZOdmNeYiVNJ8QHDe2L1Om1bO9uNvnZmca/h20gv - ONMaDRh8ddomqb/sWSVWuqHSJKZYWRUMEZI+yAaLayETRusw+pZwuzJ3zrpKV8wUFn/u1zn0nqPn - IFwH4ZMN2xZalPykuv+P+PL31/7+j/la9866j0e8jYP1OPgxbx04Vf+x09vtrZnv9duWXbBjV++x - g1kmIcO5/gKGiClR1O2YtZKkVlqUliIW6CF4vmsj+tJGSx2t1AympT8nHvoDB9PUb3HiDK66A1Qj - T7Y09P0T0HLcHau5rTVp4G0/j0RtsvQNU10aAeOZE2tZw21HXsaYZEmb+8cvZCYwPKpyURfpMVNV - QTfdSKA4kYC5mqn7Gk+G4X7Pkw+r5u0qp79rI9i1Md5yCROS6c0TS9mru+H38SgraQbKNRqqN8JQ - UIhmpG6yLfeciqbnqNC5NVhYgiETA80HSZmp/Gq2/i4c+pFJO6dqUrHklPFrexUfQ2VuZp70PbOd - bOzenYQLPsGLmS4LmAJVLQ5k9+Wcn178fnK2OD05mpzNJovJdPpmimngACnMGw/McyDnyJpcE+OX - MEUELzYEJ5IVxijRgvzJJCXnEkqcWlIrROjIzujDLA7QoPeJeV6Y3MTOg5HFymaM0wJ7hkXfzpjZ - eyjr3hVdeS2qC4yuZwJsX8bh7nRdmZn9Bhy3L4UnIqxVvrutPr/cvw90W1S9pMk1PqR6ZPXGW19H - 3ZPmhwLu30Vu/zwJ+suVg0F0Igohz9polkUNw0wiR2wfB4Ici7bZoqzwqcd114XHevp5cf7h29+9 - OdMF7MXk6h2tgpgcCXHNgFwyjRylycxeHuRVQbNPJldMtRAJLXKhdBx5keeuGE+RBt0gGkfvrcVj - WwsM84MgBiXxHvl/VfLM/P3ZGpgB4g25AxVxyq3o6HKCqyv8N9z3QxuKKXvSwKhkWsJIyMxF1FHT - CYbPEoNWF4+Ocl0WNq7Wzltj54Jfc9H0snMp0hrfPROe4QyWWFF3jgU0/mz6GAn5QzRDLXaUoOoM - BO+JS658pcnfNZUaJNma3KEKW5++1X53eE5mCeU7zpvXlrt/MG4r/VJSnuTunGYY7BmCoZXWrEhP - ju+LjkSJZSJIaPk9sSn1RmkoFeaeVoIhlvZiK7cdMxUuKeOKaRgh3OIwHO/a2yXHpqh8KahM+x7c - 9eJ4C0rj9ZAkLfYwSrIE4ESBJk0HRI282L5kyArBOCBNzpKclEC5wk3anugsYP3QAqFJgrwKKblh - lNQ4KoncVEhMeIxzaC/kkQlliohFyk0g7pHaNM1INFRVFliIU1iPqryywEDILlZCLlpnakE1Xu/L - GluzePbm8nB2Ppy9HuJVasF8MT1tjT5WmNeASabxfwAAAP//7FnbattAEP0VYQgkIZIl2fIlUFLT - uqUPLSEuLYS8rKVNLKobuqXB9b/3zO56o9iRW9IS/GAwZu1dzYxnZ86cGRsfp19vEqA/Uh3Rc26k - We3fJNM6pKID42a8NGWCrvf+UUEQh0GbArm3Q0G7WDpRh3gvpI/aVGyfE4HxGel7JxpXiovvC54Q - IBhMX2+KvhZ2ICDImLDmRpjgRmLxjJHmVDUZdgsqWiiYP3hyRvGRGEgCSb4MFt2zBwo0I2MiSKoC - F2sgchpxgt414ZGFPC4o8nScNSKRdFGgQr+yr1gbSPKKClH6rJ0i8k4/xRnzS/qdX1IjFB8M4Am5 - S3j/dFbyrKCin3OJM1weVpmtQ1dkrsJHOG0ye2c6PeXQK56lhEcEaccMF5ucGMcnv3CZUZmeA0u2 - OaXTximdfpMolDkKpmDBxGs3j3otMuzWjTamZmumJlwveOnzB3UHgbRk/oKg9VlSaI/1wSYr2qyc - RRXHjEp+50/1kXxIBD7NX8gPiMhdALOoyUDr5d2yfi9w5qO+7c1h8HA4dlx3QHREH4KGHcc4XfAk - CKADHKHzaIOpmsG3GuJI6M6OXEa8BTIijgmAkcuu57hOnzs277nBeOD3fG/o+CMvCGw2uHX46CJ4 - I6Qc9SZH7ge85HNmzBJV+0xTflVYVWHewyOma1GwW1k1j0KfXGZmjBXkMTwv6jvYNpbvL82BlSVk - /2arv/8Wbw4M9t/izaHDvlsMTApkl60YdZObXqppGeUTgbPs5CWuXQNfcXxa5WnGu9dAHH/xmHg0 - 5MKuzmTSo8Z1ioznCnEPUPD6l36Agtew+AAFrVCgCQVMvJMZt6T5uFrbkJuWLMJqmzPZ4F2d5aqz - vdE2y7PbZnm2nuVtbmgKx5M6zNNEkiQ1KqjUnzXy41/9BHSXQsJyvVQo+ALka/zN1F3LPevE7OcV - L6qIBDd0i8FMXk5KaUedlv9t9CtlaZlQhbb0WyrGWut5LU2jaVhEGrUdT411n1irHhDeWa1WvwEA - AP//AwCvzWmW8xsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IssRpgaZFQFNniTFFqiQV22vz33fU + i906dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxdwZvInCMAr7Gt5XYOx0XcK5psxyBp7vcec/io5GA3wxIOb4 + mltbmiQIUpgDs6m6VX1qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BBaxR/2w6uZz2ouHwGR7VIRgv+eAZ + jK0yjFrIlF43OaT4hhpxGMe9cNSLjqdhmETHybNBf3g0+CGMw9AF6ZxYDLw288QgnX6ApQjjTdrt + SwqGaV66wuHpc2IKKoRPUm4sl8ySkgMDouZkqfSi77SZkldaPDKKSnLXLipu6B21VAd3HJZBHdY2 + wFYUhYNo9JPhf8GPBba9KtCrgwW6nFKzcL2qZtY9JXMqDPheo/gS86p1fS/nCBzN8vUp3AHGGt77 + nuWIrBJR4iWywhy9HZgMwk5QanWLGT2x4K12Xe66gV253csnINlmdSW5tWjAeBvfDqm/13eNmtsl + 1Q6vhhel4BhwupM59qNG2XC0Go4eGe5XOtNlsunLMDzCMOLhKh7+v16a7tdYRIfR4So6/BYOV53H + QbwaxN/CYwvw+/uHcIz24TTuBHO+etVwIHb/+h2iIcs0ZEgrD7COcSpRNVP+Ravx0T7BaJ/g+KHx + htKaU0cYNXt7SS/CV2qR1BsyfPxQNVS7JdegMafdyNSPJ6py2UaOMF+7Ay4zL7G6AiwtGrWvsBtu + cJrganvOvuasqcqHB2cuVlQ2uapEOuamFHTdDp5rlwZM1s32lwg8HMUdge+WbUMzu4J9DY83Dd8V + DLaMxZXmdv3E6nbqwfBxBM8LmoEJnIbpjHA8EGrZN3fZluFO1bJjwqFXN2QGjrIcaHe/1od7so32 + ITQaubRzaiYlZ6dcLl44yRhKt1lI1vWs7uSylm1OpJITXCzoTMAFUNPgQLdP3vnp1S8vz25OX55M + zi4nN5OLiz8uMA0cLYN544VpDuQcuVla4vwSboiSYk1wzrlwRolV5DeuKTnXUOCgk8ogZvtfmvcI + x8kLP/IwHN3eJl7zvcIWYY23M/XZgGO1My6p2L3U7kVteWtUC4yu4whsXyZhc7sq3dD+Cxw3K8wT + EdYob76Jn28djwPdFlU/U7bARbBDVme88XXS7lr/KeBuYQu6vSnuPuESHKKZEkqfNdHMRAW9TCNH + bNcVRcaqabYqSlxVpW278LX+fV6ct3L7dzDlVsBBQq7f0DJOyIlSCw7kNbfIUZZcAqs0kBeCZh9d + rpiqUIyKXBmbjMJRGMy5TJEYg/hw8K42OK5LgVHeKuJAkhyQf9Qk3+HP97X6Ja5XjjhQDUe8DXJc + ARljPng4BtYn0aFPHLY2WZy8nqDsGv/1DqNhHaprC1tCv+BWQ1/pLEBUUtcpjsuRQ3OAV/u5LUQd + eGPnlbNzJRdSLT+t0rlWaYWf24nMcE4LrHowxSI7n3WJMGDyq1r2rNpTprI1EL8jAbmOjCV/VlRb + 0GRrco8qbH1Gtfab5+fkklG5577b+3As4k1Wn+RxuTYWCoN5pKXiiJ2DpD6vW+QqVlAuDbfQR3hh + wUw+U1Sn+248sD/eAs1Zfk5YgyekUjIDkMSAJcsWXBa5zjQAmyPAfLLMOctJAVQaFNLmRmsB830r + Z0AoY0iWkJI7TkmF+Gd6XSLb4L2/AQAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6npxN8oo+RDIByeS755Ouqd3F85jdcs6DUQX2OtbWcURoOtVzOmAWczY + FSjysCIgoWVBcFlrvhRZIt+xREYUzDCaEwOCfe9ifkLAYHxdWOoqt9imYr9oiVbKJLoyx9G2GLca + AFGi8XjjYMdzWrNZoYrBT05BIG8UIyDQCPMaIhnMSwRoJ9LGmhurv0Qy4jJByGj1+rxUVeWIiuWp + zApkYfzgpKtUnmg4mcPmXPueswLaZVHiTM3736+nVzP76sKGTpDJapykgo4yZUOfRcmaH1v94984 + KJtCfMQx/FOyeF2SxRvWA8RnBSrrOym7SDa1pwYdNtzOgS4h4BohIPdCyp7dE410RWBYuKKs3CGU + 2/zbtmJ0bl4mCaMbpfc3+qUYkj4U2RuvH9IJ58geUrXforNgyYaDyFtMhm6wAKbx+NTz/RHddmYS + PLwyLaYNnkYRfOAK6j1jsHVx8skcMjL6almpUsDBXSenSfbRpU3g+d4w9tx44Eeno3AQBmMvnARR + 5LLR0osn59GZtHI0mB75X/FR79kJ45o2bVv9lDtlbleIiO07xMdOWi4265BCZqeM5RQxvC+vB4g5 + PH6e2SMn5YS/XaLuP+J2jbv/iNs18r4jBidFqojTgq2pfWa65UP5RGStSkfFazcQbpj+pcwEavkb + ME64ek486tRg1GQy+dH9Ka31Ms24Byp4/00/UMF7ID5QQScVGKUBiLcq4x6pyaufXdgVBdMt6rby + 6OoIuV0dIdd0hNoDRqnF/H6dCa60kC44S/1fhPr6T0hFoiw81o+a7N5AcI2/UT7Udk96CXu4jPNy + Q4YbvmV5nxXTQuG4F8X/6ykqY8YofKES+iFkd6Ru+1FXk3oO5NIAeYnWfwFXvyDDs91unwAAAP// + AwAePxDz+hoAAA== headers: - ATL-TraceId: - - 00012873cdc44fe6 - Connection: - - keep-alive + Atl-Traceid: + - cc5b8ad5991444bd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9279dd60-76f8-4095-a65d-3a9e4fa437ce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '270' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 35548150-264a-4f00-b7f4-bf864ed1d90f - x-envoy-upstream-service-time: - - '144' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -968,90 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11088 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11783 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/WUkVAMaSJu2VL08x2GqBZYdDSWWIjkQJJRfba/Pcd - KSlO0zpr0wRIxCPv7bnnjvzowLqiPHViRwJPQUL6ikGRqgGnJaiBSnIo6UBUIKlmgqsBpEyXoOkg - ySnPoBDZ4Aakwj1Ip1BJUMB1e9YZOMxY9n0vinChoFjhMte6UrHrprCCRKfigxhRXVClGOUjDtpF - G9qlFXMDlylVg9sbuIYN6p/NJ7P5MDo4QMnKBuvEHx2FTmuVUA2ZkJs2uBRXqBB4gT/0wmEQzf0g - HoexH42eH/z6ixd4nonR+NCbCqyZJ8Zo9F3f87zgLutukYJKJKsMIig9JKqkRTEgKVOa8USTikEC - RKxII+T1yGgngl/I4luiUJDUEtwbBg29oZrK3xT7F16UWKS6/KkVnaQvfG/sR91yjoG+2KY8cEyh - 0decqmtTo3qpzVe8ooWCgdPbcGJr5HbgaIbEqLDITsxrzMSppPiA4T0RvU7bYmer0WNnFvcKvo30 - gjOt0YDhV6dtkvrLnlVipRsqTWKKlVXBkCHpg2wQXEuZMFqH0beE28HcOeuQrpgBFn/u4xx6z9Fz - EK6D8MmGbQktS35S3f9HfPn7a3//x3yte2fdxyPexsF6HPyYt46cqv/Y6e321vT3+m07XbBiV++x - glkmIcO+/oKGyClR1G2btZKkVlqUdkQs0EPwfNdG9KWNdnS0UtOYdvw58dDHJdU4Fduh8/18byfa - 3QxzW2vSkNl+Hona5OSbuXRpBIxnTqxlDbfdqDLGJEvaTD9+ITOB4VGVi7pIj5mqCrrpGgDFGJV+ - i+PCNEUHhgTM1XTd1+ZkGO73c/Ihat4uOP1dG8GujfF2ljAhmd48Edxe3Q2/b46ykmagXKOheiMM - BYVoRuom286eU9H0Myp0LJxLMMPEUPNBUqYrv5qtv4uHfmTSzqmaVCw5ZfzaXsXHUJmbmSd9FW1t - G7t3J+GCT/BipssCpkBVywzZfTnnpxe/n5wtTk+OJmezyWIynb6ZYhrYQArzxgPzHMg5Tk2uifFL - mCKCFxuCHckKY5RoQf5kkpJzCSV2LakVcnZke/RhFgdo0PvEPC9MbmLnQcsishnjtMCaIejbHjN7 - D2Xdu6KD1/K8wOj6SYDlyzjcna4r07PfwOP2pfBEhrXKd7fV55f795Fuy6qXNLnGh1TPrN546+uo - e9L8UMD9u8jtnydBf7lyMIxORCHkWRvNsqhhmEmcGtvHgSDHoi22KCt86nHdVeGxmn4Ozj98+7s3 - Z7qAvZhcvaNVEJMjIa4ZkEumcWppMrOXB3lV0OyTyRVTLURCi1woHUde5LkrxlMcjG4QjaP31uKx - xQLD/CCIYUm8R/5flTwzf3+2BmaAfMPZgYrY5VZ0dDnB1RX+G+77oQ3FwJ40MCqZljASMnORddRU - guGzxLDVxaOjXJeFjau189bYueDXXDS97FyKtMZ3z4Rn2IMlIurOEUDjz6aPkZA/RDPUYgcEVWcg - eE9ccuUrTf6uqdQgydbkDlXY+vSt9rvDczJLKN9x3ry23P2DcYv0S0l5krtzmmGwZ0iGVlqzIj05 - vi86EiXCRHCg5ffEBuqN0lAqzD2tBEMu7cVWbitmEC4p44ppGCHd4jAc79rbJceiqHwpqEz7GtzV - 4nhLSuP1kCQt9zBKsgTgRIEmTUdEjXOxfcmQFZJxQJqcJTkpgXKFm7Q90VlA/NACoUmCcxVScsMo - qbFVErmpcDDhMc6hvaJHJpQpMhZHbgJxz9SmaUaioaqyxEKewnpU5ZUlBlJ2sRJy0TpTC6rxwl/W - WJrFszeXh7Pz4ez1EK9SS+aL6Wlr9DFgXgMmmcb/AQAA///sWdtq20AQ/RVhCCQhkiXZ8iVQUtOm - pQ8tIS4thLyspU0sqhu6OA2u/71ndtcbRbbckpbgB4Mxa+9oZzw7c+bM2Ph4+fU2Afoj1RE950aa - Lfzb5HIRUtGBcVNemjJB13v/qCCIw6BNgdzboaD9WJJYhHgvpI/aVGzKicD4jPS9F40rxcX3OU8I - EAymrzdFXws7EBBkTLjgRpjgRmLxjJHmVDUZdgsqWiiYP3hyRvGRGEgCSccMFj2wRwo0I2MiSKoC - F2sgcmpxgt414ZGFPC4o8nSc1SKRdFGgQr+yr1gbSOcVFaJ0q50i8k4/xRnzS/qdX1IjFB8M4Am5 - S3j/dFryrKCin3OJM1wKq8zWoSsyV+EjnDaZvjOdnnLoNc9SwiOCtGOGi01OjOOTX7jMqEzPgSWb - nNJp45ROv23DqzOIMkclFYSZKHBD1NaizY02pmZrpiZcL3jpdkHdQSAtmT8naN1KCu2xFqyzombl - LKo4ZlTyO3+qj+RDIvBp/kJ+QETuAphFbQdaL++O9XuBMxv1bW8Gg4fDseO6A6IjWggadohxuuBJ - EEAHOELnyQZTNYNvNcTRoTs7chnxFsiIEBMAI5ddz3GdPnds3nOD8cDv+d7Q8UdeENhscOfw0UXw - Rpxy1JscuR/wks+ZMUtU7TNN+VVhVYX5AI+YrkXBbmXVLAp9cpmZMVaQx/C8qO9g21i+vzIHVpaQ - /c1Wf/8tbg4M9t/i5tBh3y0G9ASy71aMus5Nr9S0jPKJwFn29hK+boCvEL+s8jTj3Rsgjj9/Sjwa - cmFXZzLpUeM6RcZzhbgHKHj9Sz9AwWtYfICCVijQhAIm3suMW9J8XK1tnJuWLMJqCzUC7+osV53N - jbZZnt02y7P1LK+5oSkcTxZhniaSJKlRQaX+rJEf/+onoLsUJyzXS4WCL0C+2t9M3fW5Z52Y/bzm - RRXRwTXdYjCTl5NS2rFIy/82DJZn6TOhCm3pt1SMtdYTXJpG07CINGo7nhvrPrNWPSC8s1qtfgMA - AP//AwDzmksr8xsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNHAHD0MXu1i3IssRpgaZFQFNniTFFqiQV22vz33fU + i906dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtIXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxdwZvInCMAr7Gt5XYOx0XcK5psxyBp7vcec/io5GA3wxIOb4 + mltbmiQIUpgDs6m6VX1qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BBaxR/2w6uZz2ouHwGR7VIRgv+eAZ + jK0yjFrIlF43OaT4hhpxGMe9cNSLjqdhmETHybNBf3g0+CGMw9AF6ZxYDLw288QgnX6ApQjjTdrt + SwqGaV66wuHpc2IKKoRPUm4sl8ySkgMDouZkqfSi77SZkldaPDKKSnLXLipu6B21VAd3HJZBHdY2 + wFYUhYNo9JPhf8GPBba9KtCrgwW6nFKzcL2qZtY9JXMqDPheo/gS86p1fS/nCBzN8vUp3AHGGt77 + nuWIrBJR4iWywhy9HZgMwk5QanWLGT2x4K12Xe66gV253csnINlmdSW5tWjAeBvfDqm/13eNmtsl + 1Q6vhhel4BhwupM59qNG2XC0Go4eGe5XOtNlsunLMDzCMOLhKh7+v16a7tdYRIfR4So6/BYOV53H + QbwaxN/CYwvw+/uHcIz24TTuBHO+etVwIHb/+h2iIcs0ZEgrD7COcSpRNVP+Ravx0T7BaJ/g+KHx + htKaU0cYNXt7SS/CV2qR1BsyfPxQNVS7JdegMafdyNSPJ6py2UaOMF+7Ay4zL7G6AiwtGrWvsBtu + cJrganvOvuasqcqHB2cuVlQ2uapEOuamFHTdDp5rlwZM1s32lwg8HMUdge+WbUMzu4J9DY83Dd8V + DLaMxZXmdv3E6nbqwfBxBM8LmoEJnIbpjHA8EGrZN3fZluFO1bJjwqFXN2QGjrIcaHe/1od7so32 + ITQaubRzaiYlZ6dcLl44yRhKt1lI1vWs7uSylm1OpJITXCzoTMAFUNPgQLdP3vnp1S8vz25OX55M + zi4nN5OLiz8uMA0cLYN544VpDuQcuVla4vwSboiSYk1wzrlwRolV5DeuKTnXUOCgk8ogZvtfmvcI + x8kLP/IwHN3eJl7zvcIWYY23M/XZgGO1My6p2L3U7kVteWtUC4yu4whsXyZhc7sq3dD+Cxw3K8wT + EdYob76Jn28djwPdFlU/U7bARbBDVme88XXS7lr/KeBuYQu6vSnuPuESHKKZEkqfNdHMRAW9TCNH + bNcVRcaqabYqSlxVpW278LX+fV6ct3L7dzDlVsBBQq7f0DJOyIlSCw7kNbfIUZZcAqs0kBeCZh9d + rpiqUIyKXBmbjMJRGMy5TJEYg/hw8K42OK5LgVHeKuJAkhyQf9Qk3+HP97X6Ja5XjjhQDUe8DXJc + ARljPng4BtYn0aFPHLY2WZy8nqDsGv/1DqNhHaprC1tCv+BWQ1/pLEBUUtcpjsuRQ3OAV/u5LUQd + eGPnlbNzJRdSLT+t0rlWaYWf24nMcE4LrHowxSI7n3WJMGDyq1r2rNpTprI1EL8jAbmOjCV/VlRb + 0GRrco8qbH1Gtfab5+fkklG5577b+3As4k1Wn+RxuTYWCoN5pKXiiJ2DpD6vW+QqVlAuDbfQR3hh + wUw+U1Sn+248sD/eAs1Zfk5YgyekUjIDkMSAJcsWXBa5zjQAmyPAfLLMOctJAVQaFNLmRmsB830r + Z0AoY0iWkJI7TkmF+Gd6XSLb4L2/AQAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6nh1N8oo+RDIByeST08n3bt3F85jlWWdBqILnPWtrOII0PUq5nTBLGbs + ChR52BGQ0LYguKw1X4oske9YIiMKZhjNiQHBvncxPyFgML4uLJXKLbap2C/aopUyia7McbUtxq0G + QJRoPN44OPGc9mx2qHzwk5MTaDXyERBohHkNkQzmJRz0ItLGnhu7v0QwIpnAZbR7fV+qqnJExfJU + RgWiMH5w0lUqbzQWmcPmXK89ZwW0y6LEnZr3v19Pr2b21YUNnSCD1SySCrrKFA19FiVrfmz1j3/j + omwK8RHX8E/J4nVJFm/YNRDUA0R0BUruO6nHSE+1prpmanugSwi4RgjIs5Cy5+WJXdLVNdJ1J6G2 + iRjuZOGKYlmRdl4mCaOM0vsb/ZIPSR+K7I3ph3TCOaKHVO236CxYsuEg8haToRsssIHx+NTz/RFl + OzMJK7wyLaYDnkYR1kAK6j1jsHVx8slcMjL6almpQsBBrpPTJPvo0ibwfG8Ye2488KPTUTgIg7EX + ToIoctlo6cWT8+hMWjkaTI/8r/io9+yEcU2btq1+yp0ytyt4xPYd4mMnLRebdUgus1PGcvIY3pfp + AWIOj59n9shJOeFvl6j7j7hd4+4/4naNvO+IQT2RKuK0YGtqn5lu+VA8EVmr0lHR1w2EG6Z/KTOB + Wv4GjBOungOPOjUYNZFM6+j+lNZ6mWbcAxW8/6EfqOA9EB+ooJMKjMAAxFsVcY/U5NXPLuyKgukW + dVumdHWE3K6OkGs6Qu0Bo9Rifr/OBFeqRhecpf4vQn39J6QiURYe60dNdm8guMbfKB9quye9hD1c + xnm5IcONtWV5nxXTQuG4F8X/6ykqY8Yo1kIl9EPI7kjd9qOuJvUcaEkDZBetvwNXvyDds91unwAA + AP//AwBPJgIB+hoAAA== headers: - ATL-TraceId: - - a0aad0cd86f8e01a - Connection: - - keep-alive + Atl-Traceid: + - 2df902e1344920f7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - aa424d73-0b1c-498f-a022-d6f620d32653 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '220' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0b0a11c0-8d66-4ceb-9501-9e584a49a8ba - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml index bab0c4e6bc2..5b39a6c48a9 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp+pGSm+hBRVah3ZOIJOkEK2lS2lRYlv3vJrj4cRveeZ55 - mRNRcsXDYokg7yHMq9jtBjSow+A/PJXBynUdpaMOA8nIJy7r6F2EC4CCAoW8218/d3dP/e92v00q - TkS8JCiDDF4zMuBs/XFCF/rjjPHAjfXbECW1jXb4VohIQs0v4a0MCWTAihyqnPG+qAQUoqwoAFwB - A4j+ikvs7cfpH9v2BYugYIzWLf9h9XTvjI8gZy1vaqOkLrGU2IA2DW/UoCQHowFkVXGusPxTEGxq - eBgXSdI7Rm42PHotU3wi9jIRdG+HjpzPXwAAAP//AwD4DrUhWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8IWMVoYwSFc4HSGDTz2HwbsEE0RSYIH5fnf9vL97an+3u2Xs + 0gTiZYUyzPA1A6Un64+jdrE9TjoduLF+UUnqlsGqbwVEEijWl/BWxhWkSGmOTU54i41ALmhdIOJV + IjH5Qc+ptx3Gf+y2RRRkK2pWcOQ/bD/eO+MTyCrCTWmMKXlDKcOyQaxqSRnpJSrWc15pLNnfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwCgSauXWgEAAA== headers: - ATL-TraceId: - - bbcba6a5a96e3e73 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - c190bc0dfabc4382 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b14c86b7-ea88-44d1-8799-7e17e6e4c13b - x-envoy-upstream-service-time: - - '43' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 9021b031ddb3c3a4 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 12a32ddd-fe43-442e-9185-0f3816226087 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 618da6c0-5eed-4f05-8def-cf568a468314 - x-envoy-upstream-service-time: - - '86' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - f483a1ad24c76733 - Connection: - - keep-alive + Atl-Traceid: + - 08509b1a7979417d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c502a2a3-03dc-4129-aca4-77b681892bdf X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '168' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8ae81fac-4b05-4a88-a624-f790de3d209f - x-envoy-upstream-service-time: - - '105' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2839]\n\n*Defect Dojo link:* http://localhost:8080/finding/2839 - (2839)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/694]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/264]\n\n*Defect Dojo link:* http://localhost:8080/finding/264 + (264)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11089","key":"NTEST-900","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11089"}' + string: '{"id":"11784","key":"NTEST-1446","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11784"}' headers: - ATL-TraceId: - - 353257285ab96dfd - Connection: - - keep-alive + Atl-Traceid: + - d63f1f096b4474ce + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - abd19c2b-16fc-4cbc-bab3-95751ec95a57 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '632' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 791e4436-5860-4a53-a0a0-785360684c4a - x-envoy-upstream-service-time: - - '503' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-900 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1446 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw8LrSOgGFLH7bKlaWY7DdC0MGjpWmYjkQJJ+bG2/32X - pBSnSZ21aQIk4iXv+9xDfvZgU1GeeYkngWcgIXvFoMhUh9MSVEelSyhpR1QgqWaCqw5kTJegaSdd - Up5DIfLOCqTCPcjGUElQwLU763U8ZiyHYTA4xIWCYoHLpdaVSnw/gwWkOhOfRI/qgirFKO9x0D7a - 0D6tmB/5TKka/NbANWxR/2w6mky7h0GAkoUN1ks+ewqd1iqlGnIhty64DFeoEAVR2A3ibjSYhlHS - j5Oo34sP49+DyNqwPvS2AmvmkTEafT8MgiC6ybpZZKBSySpTEZQeEVXSouiQjCnNeKpJxSAFIhZk - LeR1z2ingl/I4keiUJDWEvwVgzVdUU3lH4r9Cy9KbFJdPnGik+xFGPTDQbOcYqAvdil3PNNo9DWl - 6tr0qJ5r85UsaKGg47U2vMQa+drxNENgVNhkL+E1ZuJVUnzC8B5ZvUbb1s52o62dWdxq+C7SC860 - RgMGX422Sepve1aJhV5TaRJTrKwKhgjJ7mSDxbWQiQebePAj4TZlbpw1la6YKSz+3K5zHDxHz1G8 - ieJHG7YttCh5opr/D/gKn23CZ7/ma9M6az4e8NaPNv3o17w14FTtx15vX7+a+d68c+yCHbv6iB3M - cwk5zvU9GCKmRFG7MXOStFZalJYiZugher5vY3DfhqMOJzWDaenPS7ohLqlGVnSk8/N4d4x2w2G+ - syYNmO3nUNQmp9Dw0qURMJ57iZY1YDnQpn6Hw24g7WKz5ox5yVKX++d7MhMqKqulqIvsmKmqoNtm - JFCcSsBczdR9jyfD+HnLk3erFuwrZ7hvI9q30d9xCROS6e0ji9uq+/HP8SgraQ7KNxqqNcJQUIh1 - T63yHfecinXLUbFnGzIHQyYGmneSMlP53WzDfTgMBybtJVWjiqWnjF/bq/gYKnMz87Ttme3k2u7d - SLjgI7yY6byAMVDlcCCbL+/89OL1ydns9GQ4OpuMZqPx+O0Y08ABUpg3HpgugZwja3JNjF/CFBG8 - 2BKcSFYYo0QL8heTlJxLKHFqSa0Qsz07o3ezOESDwRcWBHHWTzx3YWCLsMa7kfpmjLHaOeO0uHuo - eVc05bWoLjC6lgmwfTmHm9N1ZWb2B3DsXgqPRJhTvrmtvr3cfw50O1S9pOk1PqRaZLXGna9h86T5 - pYDbd5HfPk+i9nLlYBCdikLIMxfNvKihm0vkiN3jQJBj4Zotygqfelw3XXiof98W5wPf/R5MmS7g - ICFX72kVJmQoxDUDcsk0cpQmE3t5kFcFzb+YXDHVQqS0WAqlk0EwCPwF4xkSox8N+ocfrcVjWwsM - 85MgBiXJAfl/VfLU/P3NGpgA4g25AxVxyq1oeDnC1QW/5mK9i3347p704FyKrMZXzIjnOFEl1sef - Yjnw3JVNBu2SP8W6q8WehKrGQPSR+OQqVJr8U1OpQZKdyT2qsPMZWu33R+dkklK+57x5O/nPDmNX - t5eS8nTpT2mOwZ5ha520ZkV2cnxbNBRlyTRBelreEpvCbZWGUmHuWSUYIuMgsXJbfwPTkjKumIYe - gieJ4/6+vX1yP0Ofc0Fl1vbgphfHO4gZr0ckdUjCKMkcgBMFmqwbWGlkOfcuIQuEVoeslyxdkhIo - V7hJ3YnGAtYPLRCapsiSkJEVo6RG4KdyWyHN4DHOwV2vPRPKGPGHBJpC0uJuvV73xJqqqidk7iPq - YNOrlpUFBgJwthBy5pypGdV4Wc9rbM3s6dvLo8l5d/KmixejhebF+NQZfagwbwCTzBLyejT9wJHL - cXARPQkR1Sr9wEcrZq4QDG4CuuvGrdn7DwAA///sWW1r2zAQ/ismUGhL7dhO7CSD0YW9wD5slBU2 - 6DfFVhszv2HZ6UaW/77nJFlN3Tgb3Sj5EChFqaS76+nuuecu/6ogzpK4T4Ha26OgXyydWCX4LZSP - +lQ8PScD4xMK+J1sQykuvi15TultMfO8BbpU2IGAIGOSFbeSHC+SyTtWUVENZNgVVIJQ/r7z/ILi - I7eQBIpKWSy9Zz8p0KySySBpBB7WQuRsxQk60ZynDvJYUOSZONuKRNJFgQr92j7RGkjyRIMo3Wmn - jLzzj1nJopr+z8+FlcgPFvCE3CW9f35d81JQCa+4whmuDuvMNqErMxegZ4feGE6bX7+1vZF2KHr7 - gvCIIO2U4WHzM+v07BceM62LV8CSpwzR62OI3rjdoPJRVyh/kuUSS+0eDXpkuL0bhndJD0syuftg - Hw9zTT+AtGTRkqB1J8VzZzv5TLcOiibLGBXwwZ+qHfmQ6HhRPbPaEy27BGZRE4FGKrhl41HsLaZj - N1jA4Mlk5vl+SOTCHIKGPcc4PfA8jqEDFX/wYIOtW7s3BuJI6N7+WkW8A2ohj0mAUcth4PnemHsu - H/nxLIxGUTDxomkQxy4Lbz0+vYxfSykno/mJ/wE/6p6dsVzXPttWfxJOI+x7eMT2HQp2p2wWaRKR - y+ySMUEew31kVp2AO2P57soOnTIn+7uN++Fb3G3/D9/i7gjh0C0GJsWqZ9b8eJtpXunZF+UTgbPq - 1BWu3QBfcfx9UxUlH94AiqLlQ+LRyAq7JpNJjx6+aWpdacQ9QsHLP/oRCl7C4iMU9EJBl2mASg3W - G7rTMg3YfqdScU1jcL12obCoWYrVDil9kzm3bzLnmslcd8NQOJ6vkqrIFUnSjX+jv3pRH//KUnSX - UsK6XWoUfAbybX1pNGzlXgwy9uMLF01Kgrd0yzFLVc9rZceqqP/baFfJMjKhCm3p10IOqdrpK82W - afRDGo0dj431H1mrL0jvbDab3wAAAP//AwAQmNW5wRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRzHAHD0MXuli3IssRJgaZFQFNniTFFaiQV22v733fU + i906dbdkWFEgtXi89+ce3jsPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4DaIMySC+h1GBA2vYuq4xVxdwZvIvCMAr7Gv6swNjpuoQLTZnlDDzf485/FB2NBvhhQMzx + M7e2NEkQpDAHZlN1r/rUCmoMp7IvwQboyQa05EEccGMqCDoDC1ij/vl0cjXtRYPBEI/qEIyXvPMM + xlYZRi1kSq+bHFL8Qo04jONeOOpFx9MwTKLj5Puj/nAUfhfGYeiCdE4sBl6beWaQTj/AUoTxJu32 + IwXDNC9d4fD0BTEFFcInKTeWS2ZJyYEBUXOyVHrRd9pMyWstnhhFJblrFxV39IFaqoMHDsugDmsb + YCuKwsNo9KPhf8EPBba9KtCrgwW6nFKzcL2qZtb9SuZUGPC9RvEU86p1fS/nCBzN8vUZPADGGn7w + PcsRWSWixEtkhTl6OzA5DPcJok5QanWPqT6zE6123Ye6s10f3MdH6Nmmey25tWjAeBvfDsK/1XeN + mtsl1Q7Ihhel4BhwulMSbFQNv8FoNRg9MdwvtKzLZNOwQXiEYcSDVTz4f700sKhBig6j4Soafg2H + q87jYbw6jL+Gxxb5Hz48hmPcwXHOVzcNB2KTb99i07NMQ4a08gjrGI4SVTPlnwV5fLRPMNonOH5s + vKG05tQRRs3eXtKLWh5zVdGcNXG8e3TmsIoJm1xVIh1zUwq6bhGNx0tq8Vlo6PTp09eQ9Zaeg8ac + drNV/zxRlatXHeord8Bl5iVWV843GrU32DY3YW01NGCyboQ/R+Dx6LAj8N2y7aOZeEMzu4JNw3cF + h1ti4kpzu35mbTr1wL1jTyB4XtAMTOA0TGeE44FQy755yLZEdqaWHeENvLqcM3DM5EC7+1oP92Qb + 7UNoNHJp59RMSs7OuFy8dJIxlG6zkKxDUI2rZS3bnEglJ7hY0JmAS6CmQaVuf3kXZ9c/n57fnZ2e + TM6vJneTy8vfLzENHC2DeeOFaQ7kAilYWuL8Em6IkmJNcJy5cEaJVeRXrim50FDgPJPKIOL6nxvr + CMfJC9/zMBzd68Rr3itsEdZ4O1OfDDhWO+OSit1L7V7UlrfGvcDoOo7A9mUSNrer0g3tv8Bxs8I8 + E2GN8ubp+3TreBrotqj6ibIFLoIdsjrjja+Tdtf6TwF3C1vQ7U1x91JLcIhmSih93kQzExX0Mo2M + tV1XFBmrptmqKHFVlbbtwpf692lx3sjtv4MptwIOEnL7mpZRQk6UWnAgr7hFxrTkClilgbwUNHvv + csVUhWJU5MrYZBSOwmDOZYq0FsTDwdva4LguBUZ5r4gDSXJA/lGTfIN/vq3Vr3C9csSBajjibZDj + CsgY88HDMbA+iYY+cdjaZHHyaoKyW/yvN4wGdaiuLWwJ/YJbDX2lswBRSV2nOO5ADs0BXu3nthB1 + 4I2dG2fnWi6kWn5cpQut0gpf1YnMcE4LrHowxSI7n3WJMGDyi1r2rNpTprI1EL8lAbmNjCV/VFRb + 0GRrco8qbH1GtfbrFxfkilG5575b79zGu8nqozyu1sZCYTCPtFQcsXOQ1Od1i1zFCsql4Rb6CC8s + mMlniup0341H9sdboDnLLwhr8IRUSmYAkhiwZNmCyyLXmQZgcwSYT5Y5ZzkpgEqDQtrcaC1gvm/k + DAhlDMkSUvLAKakQ/0yvS2QbvPc3AAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E5jGkvGP+qOLv9730mK6npxN8oo+RDIByeS755Ouqd3F85jdec7DUQX2OtbWcURoOtVzOmAWczY + FSjysCIgoWVBV1kJX4o8le9YIicKZhgtiAHBvncxPyFgMJ6UlhIWFlvX7Bct0cqYRFcVONoW41YD + IEo0Hq8d7HhBazYrVDH4ySkI5I1iBAQaYbGFSAaLCgHaibSx5sbqL5GMuEwQMlq9Pi91XTuiZkUm + swJZGD842SqTJxpO5rA5177nrISSWlQ4U/P+9+vp1cy+urChE2SyGieZoKNM2dBnUZrwY6t//BsH + ZV2KjziGf0oWr0uyeMOugWA7QERXouS+k2qK1F1rqmumtgeMEJAhl+pm98QuYeB2SVfXSFdEjIUr + StcdCrpNzEWVpoxulN7f6JdiSPpQ5G+8fkgnnCN7SJN+i86CJRsOIm8xGbrBAgsYj0893x/RbWcm + wcMr02La4GkUwQeuoN4zBlvXIJ/MISOjr1aPKgUc3HVymmQfXcEEnu8NY8+NB350OgoHYTD2wkkQ + RS4bLb14ch6dSStHg+mR/xUf9Z6dMq5p07bVT4VTFXaNiNi+Q3zsZNVinYQUMjtjrKCI4X15PUDM + 4fHzzB45GSf87Up0/xG3S9n9R9wuhfcdMagnUiWlFmxN7TPTnR3KJyJrVfgp+rqBcMP0L1UuULLf + gIrC1XPiUUMGoyaTyY/uT2mtl2vGPVDB+2/6gQreA/GBCjqpwAgKQLxVGfdIvVz97MKuKJluUbdl + SldHyO3qCLmmI9QeMEot5vdJLriSPLrgrPR/EerrPyEVqbLwuH3UZPcGgmv8jfJha/ekl7KHy7io + 1mS44VuW93k5LRWOe1H+v46gMmaMwhcqoR9CdkdME1LksudALg2Ql2j9F3D1CzI8m83mCQAA//8D + AIM12LD6GgAA headers: - ATL-TraceId: - - 11fb9fee2494ea63 - Connection: - - keep-alive + Atl-Traceid: + - ace03ee6ecee3073 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c93e9a6c-98b2-4a78-b318-93e0a44ae6c0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '226' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8cf8ea27-07f3-4686-bd19-6b3274e3296b - x-envoy-upstream-service-time: - - '162' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSiJVI04mVbscdY1xbhjQ2VW7ymnokdmQ7TXsb//s9 - OwllZeU2BhLEz37fP+9jf3FgXVCeOJEjgScgIXnNIEtUh9McVEfFS8hpRxQgqWaCqw4kTOegaSde - Up5CJtLOCqTCPUjGUEhQwHV91uk4zFj2fW9whAsF2QKXS60LFbluAguIdSI+ix7VGVWKUd7joF20 - oV1aMDdwmVIluK2BG9ig/vl0NJl2jzwPJQsbrBN9cRQ6LVVMNaRCburgElyhQuAFftcLu8Fg6gdR - P4yCfi88Cn/3AmvD+tCbAqyZJ8Zo9F3f87zgLutmkYCKJStMRVB6TFROs6xDEqY047EmBYMYiFiQ - SsibntGOBb+U2Y9EoSAuJbgrBhVdUU3lH4r9Cy9zbFKZP6tFp8lL3+v7g2Y5xUBfblPuOKbR6GtK - 1Y3pUTnX5ita0ExBx2ltOJE1cttxNENgFNhkJ+IlZuIUUnzG8J5YvUbb1s52o62dWdxr+DbSS860 - RgMGX422Sepve1aJha6oNIkplhcZQ4QkO9lgcS1kwsE6HPxIuE2ZG2dNpQtmCos/9+scei/QcxCu - g/DJhm0LLUqeqeb/I778w7V/+Gu+1q2z5uMRb/1g3Q9+zVsDTtV+7PV2e2vme/2+Zhfs2PUn7GCa - Skhxrh/AEDElsrIes1oSl0qL3FLEDD0EL/ZtDB7aqKmjlprBtPTnRF2/42Ca+j1OnMFVc4Bq5Mma - hn5+AmqOu2M1t7YmDbzt51CUJkvfMNWVETCeOpGWJdw25GWMSRbXuX95IDOB4VG1FGWWnDBVZHTT - jASKYwmYq5m67/GkH75oeXK3at6+cvr7NoItZTAhmd48sWKtuhv+HF2ynKagXKOhWiMMBZmoemqV - binmTFQtFYWOqdFOIv02kYzOwZCJgebOITOV3y2Dvw+H/sDUY0nVqGDxGeM39io+gcLczDxue2Y7 - Wdm9OwkXfIQXM51nMAaqahzI5su5OLt8c3o+Ozsdjs4no9loPH43xvxwgBQWBA9Ml0AukDW5JsYv - YYoInm0ITiTLjFGiBfmLSUouJOQ4taRUiNCendHdLI7QoPeVeV6Y9CNnZ2Sx5CnjNMNmYje2M2b2 - dmXNu6Ipr0V1htG1TIB9TTncnS4LM7M/gOP6pfBE6NXKd7fVt5f7z6FxC7dXNL7Bh1QLudZ47WvY - PGl+KeD2XeS2z5OgvVw5GKjHIhPyvI5mnpXQTSVyxPZxIMiJqJst8gKfelw3XXisp98W5yPf/h5M - mc7gICLXH2jhR2QoxA0DcsU0cpQmE3t5kNcZTb+aXDHVTMQ0Wwqlo4E38NwF4wnSoBsM+kefrMUT - WwsM87MgBiXRAfl/VfLc/P3NGpgA4g1JBRVx/K1oeDXC1SW/4aLaxj58/0B6cCFFUuIrZsRTnKgc - 6+NOsRx47tomg3bJn6LqarEnoaIxEHwiLrn2lSb/lFRqkGRrco8qbH36VvvD8QWZxJTvOW/eTu7h - UVjX7ZWkPF66U5pisOfY2lpasiw5PbkvGoo8Z5ogPS3viU3hNkpDrjD3pBAMkXEQWbmtv4FpThlX - TEMPwROFYX/f3j65m6DPuaAyaXtw14uTLcSM12MS10jCKMkcgBMFmlQNrDSyXP0uIQuEVodUSxYv - SQ6UK9yk9YnGAtYPLRAax8iSkJAVo6RE4MdyUyDN4DHOob5eeyaUMeIPCTSGqMVdVVU9UVFV9IRM - XUQdrHvFsrDAQADOFkLOamdqRjVe1vMSWzN7/u7qeHLRnbzt4kVjoXk5PquNPlaYt4BJJhF5M5p+ - 5MjlOLiInoiIYhV/5KMVM1cIBjcB3a3Hrdn7DwAA///sWW1r2zAQ/ismUGhL7dhOnJfB6MJeYB82 - ygor9Jtiq42Z37DsdCPLf99zkqI6bpyObpR8CJSiVNLd9XT33HOXf1UQpXHUpUDt7VHQLZZOLGP8 - FspHXSqenpOB8QWV/V62oRQXNwueUXpbzDxvji4VdiAgyJh4ya04w4uk8o6Vl1QDGXYFlSCUvx88 - u6D4yCwkgaJSFkse2C8KNKtgMkhqgYe1EDmNOEEnmvHEQR4LijwTZ41IJF0UqNCv7RMbA0meqBGl - O+2UkXf+OS1YWNH/+TW3YvnBAp6Qu6T3z68rXggq4SVXOMPVYZ3ZJnRl5gL07JE3hNNm1+9tb6Ad - it4+JzwiSDtleNjszDo9+43HTKr8DbDkKUP0uhiiN2yW/apE+ZOcllhq+2jQIcPt3DC8S3pYsszd - B7t4mGv6gS3q0i5v7VtTc6uqWLggQFY1UtRpyqiA956rduRDouN5+cJqT7TsEphFLQMaqeCODQeR - N58M3WAOG8fjqef7IyIX5hA07DnG6YFnUQQdqPi9Rxts3dq9MxBHQvf21yriHVALeUwCjFr2A8/3 - htxz+cCPpqNwEAZjL5wEUeSy0Z3HJ5fRWynlZDA78T/hR92zU5bp2mfb6k/CqYX9AI/YvkPB7hT1 - PIlDcpldMCbIY7iPzKpicGcsP1zZI6fIyP524374Frfb/8O3uD1COHSLgUmR6pk1P24yzSs9+6J8 - InBWfbnCtVvgK45/rMu84P1bQFG4eEw8Gllh12Qy6dHDN02tS424Ryh4/Uc/QsFrWHyEgk4oaJML - UKneak13NpQEtt+rVFzRGFyvXSjMK5ZgtUNK12TONZO59oaZdLU3DIXj2TIu80zRHd341/qrF/Xx - ryxFdyklrDZLjYIvQL7Gl0b9jdyLXsp+fuOiTkhwQ7ccs5TVrFJ2LPPqvw1ylSwjE6rQln7P5ZBq - M32l2TKNfkijsWPbWH/LWn1Beme9Xv8BAAD//wMAgyeFTMEbAAA= + H4sIAAAAAAAAA7xWa08jNxT9K9Z8aukk8yAN2ZGqipJsS4sohbArLbtCjudmxsRjT20PScry33s9 + j2QXyLZQdYUUxo/7Pvf43nmwKqlMvcTTIFPQkL7mIFLjS1qA8Q3LoaC+KkFTy5U0PqTcFmCpz3Iq + MxAq829BGzyD9BxKDQakbe+yylhVzJ3C6ygMo7Cv4c8KjJ2uSzjTlFnOwPM97uxH0cFogAsDYo7L + 3NrSJEGQwhyYTdWN6lMrqDGcyr4EG6AlG9CSB3HAjakg6BQsYI3yp9PJxbQXDQZD3KpdMF5y5xn0 + rTKMWsiUXjcxpLhCiTiM41446kWvpmGYRK+S7w/6w1H4XRiHoXPSGbHoeK3mhU46+QBTEcabsNtF + CoZpXrrE4e4hMQUVwicpN5ZLZknJgQFRc7JUetF30kzJSy2e6UUluSsXFdf0llqqg1sOy6B2a+tg + exSF+9HoR8P/gh8KLHtVoFUHCzQ5pWbhalXNrPtK5lQY8L1G8BjjqmV9L+cIHM3y9QncAvoa3vue + 5YisElHiJbLCGL0HMNkPdx1E3UGp1Q2G+sJKtNJ1HerKdnVwi0/Qsw33UnJrUYHxNrYdhH+r7xo1 + t0uqHZANL0rB0eH0QUqwUDX8BqPVYPRMd79Qsi6STcEG4QG6EQ9W8eD/tdLAogYpGoyGq2j4NQyu + Oov78Wo//hoWW+Tf3z+GY9zBcc5XbxoOxCJffcCiZ5mGDGnlEdbRHSWqpsufBHl8sOtgtOvg1WPl + DaU1u44wavb2kl6ES2qR1BsyfH7vNFS7JdegUaddZ9SfR6py0UaOMN+6DS4zL7G6AswgKrVvMOmu + Pxrnan1Ov+asycrdoz3nKwqbXFUiHXNTCrpu+8tVRQMG61r4KQKPR/sdgT9M2y6aiTc08/BgU/BS + c6W5Xb8wiZ144J6rZ/A4L2gGJnASplPCcUOoZd/cZlu+OlHLjtcG3mPkxvtdIILOwDGTA+3D13q4 + Iw3RLoRGI5ePnJpJydkJl4vX7mQMpZssJOtqVldyWZ9tdqSSExws6EzAOVDT4EC3X97ZyeXPx6fX + J8dHk9OLyfXk/Pz3c4wPW8tgQvDCNAdyhhQsLXF2CTdESbEm2M5cOKXEKvIr15ScaSiwn0llELP9 + p9o6wnbywo88DEc3OvGa9wprh8nf9tRnDY5lyLik4uGldi5q01ujWqB3HUdgXTMJm9tV6Zr2X+C4 + GWFeCL1GePP0fT51PA+NW7j9RNkCB8EOcp3yxtZRO2v9J4e7gS3o5qa4e6klOKgzJZQ+bbyZiQp6 + mUaO2I4rioxVU2xVlDiqSttW4Uv1+zw57+X2b2/KrYC9hFy9o2WUkCOlFhzIW26Royy5AFZpIK8F + zT66WDFUoRgVuTI2GYWjMJhzmSIxBvFw8KFWOK5TgV7eKOJAkuyRf5Qk3+DPt7X4BY5XjlFQDHu/ + dXJcARljPLg5BtYn0dAnDlubKI7eTvDsCv/1htGgdtWVhS2hX3Croa90FiAqqasUxxnIoTnAq/3c + FqJ2vNHzxum5lAuplp9m6UyrtMJXdSIz7NMCsx5MMcnOZp0idJj8opY9q3akqWwVxB9IQK4iY8kf + FdUWNNmq3CEKW5tRLf3u8IxcMCp33HfjnZt4N1F9EsfF2lgoDMaRloojdvaSer8ukctYQbk03EIf + 4YUJM/lMUZ3uuvFI/3gLNKf5kLAGT0ilZAYgiQFLli24LHKdaQA2R4D5ZJlzlpMCqDR4SJsbrQaM + 972cAaGMIVlCSm45JRXin+l1iWyD9/4GAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8pCCyuU + QVBspzGNJeOXuqPLf+9zkqK6XtyNMko+BPLBsaTTcyfd3XNnzmOVZZ0Goguc9a2s4gjQ9SrmdMEs + ZuQKFHnQCEhILfAqK+FLkadyjSVyCsEMowVFQETfu5ifEDAIT0pLpXKLrWv2i1S0MibRVQWutsW4 + 1QCIEo3HawcnXpDORkNlg5+cjEC7kY2AQCMsthBJYFHBQDuRNnRuaH8JZ0QygclIe31f6rp2RM2K + THoFvDB+cLJVJm80NplD5lzvPWcluMuiwp2a979fT69m9tWFjbwrndVskgm6yuQNfRalCT+2+se/ + cVHWpfiIa/gnZfG6KIs37BoItgMU6EqU3HeSjxGfak11zdT2QBcRcA0RkGch+dDuiV3U1TXUFRZj + 4YrcdQeDbgfmokpTRhml97fwSzYkfijyN6Yf4gnn8B5itd+is2DJhoPIW0yGbrCAAuPxqef7I8p2 + ZhJ2eGVaTAc8jSLsgRTUe8Zg6xrkk7lkJPTV6lG5gINcJ6fJ6KMrmMDzvWHsufHAj05H4SAMxl44 + CaLIZaOlF0/OozMp5WgwPfK/4qfW2SnjOmzatnpVOFVh17CI7TsUj52sWqyTkExmZ4wVZDGsl+kB + ZA6Pn2f2yMk44W9XovuPuF3K7j/idim874gReiJVxGnC1uQ+M93ZIX+iYK1KRxW+bkDcMP1LlQuU + 7DeIOOHq2fGoIYNR48m0j+5Paa6X64h7CAXvf+iHUPAeiA+hoDMUGEIBiLfK4x6pl6ufXcgVJdMt + 6jZN6eoIuaYj1B4wHZb2gGFqMb9PcsEV5dEFZ6W/Rai//4L0XpT/r5enhBmh2AkVyA8huxKm3SZS + Bflx+6ij65sByO82H7ZyT3ope7iMi2pNghvKyn5CXk5LpTh1NannQKqb9y8X+y9W6wUS7WazeQIA + AP//AwCoLAxV+hoAAA== headers: - ATL-TraceId: - - fe4c3cdc5d6444f4 - Connection: - - keep-alive + Atl-Traceid: + - 1fe3be5cf5ab199b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 87e7abf4-4cda-4169-9145-c53bde1fac01 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2792e61c-4c18-4078-9295-55e2c68285b7 - x-envoy-upstream-service-time: - - '142' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,61 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp2m2W3EQPKrIK7Z5EJB8TrKRNaVJhWfa/m+Dix21453nm - ZU5EyYCHxRFB3mOcg9hsDFrU0fgPT2V0MoRBTnTCSAryiUsY/JTgCqCiQKHs9tfP3d1T/7vdr6NK - ExEvGSqggNeCGJydP444xf44Yzpw4/xqkqTWwZlvhYgsbPklvJUxgwxYVUJTMt5XjYBK1A0FgCtg - AMkPuKTefhj/sbu+YgkUrKFtzX9YPd5P1ieQsx1vt1ZJXWMtsQVtW94qoyQHqwFk03CusP5TEF1u - eBgWSfI7Vq4uPnotc3wi7jIRnN4OHTmfvwAAAP//AwCj1tGHWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jZtbqIHFVmFdk8ikjYJVtKkNKmwLPvfTXHx4za88zzz + MifUy6APi0UCvcc4B7HbKW30EJX/8FhGK0MYpcNOR5ShT72E0bsEEwCCAUPe7q+f27un7ne7X6c+ + TUi8bFAGGbxmSOnZ+uOkXeyOs04HbqxfVZL6dbTqW0EiCRTKS3gr4wZSoDSHOie8g1oAF7TEAHCV + SEh+0Evq7cbpH9t0AII0omwwZeyHHaZ7Z3wCq4Jww4wxjNeUVsBqgKKUtCKDBFUNnBcaWPW3INqt + 4WFcJNreMXK18dEPcotPyF4mpN3boUXn8xcAAAD//wMAKEUG7VoBAAA= headers: - ATL-TraceId: - - 019fa83f6a8d1309 - Connection: - - keep-alive + Atl-Traceid: + - f3f7da3ee91e6705 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 97766003-17b5-4c27-8090-15ff41f4c77f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d97f6634-4314-40bc-81ef-f79f70a2aee2 - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -600,110 +516,96 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 64954a9cc3995052 - Connection: - - keep-alive + Atl-Traceid: + - 9a4a86b4c523872c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:19:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dc5d7b8f-07f1-4ae3-a37b-cdc33684e43d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6ab52450-49e2-4390-a7b9-462a67a480cf - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without + Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure + Flag|http://localhost:8080/finding/265]\n\n*Defect Dojo link:* http://localhost:8080/finding/265 + (265)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": + "Low"}}}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,95 +615,60 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + string: '{"id":"11785","key":"NTEST-1447","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11785"}' headers: - ATL-TraceId: - - ef6396297fdb2303 - Connection: - - keep-alive + Atl-Traceid: + - 80410bb17a44df25 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 09d98fdd-b9f1-47d2-a5c9-8a7e4adf4e01 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '635' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb36f2dc-2c5a-428a-bd1c-2a41f049ab40 - x-envoy-upstream-service-time: - - '73' status: - code: 200 - message: OK + code: 201 + message: Created - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without - Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2840]\n\n*Defect Dojo link:* http://localhost:8080/finding/2840 - (2840)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/694]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": - "Low"}}}' + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -812,53 +679,98 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1447 response: body: - string: '{"id":"11090","key":"NTEST-901","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11090"}' + string: !!binary | + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN7uJI2AYutjdsgVZljgt0LQIaOosM6ZIjaRiu23++456 + sZuk7pYMKwI4Ennv99yj++jBqqQy81JPg8xAQ/aKg8iML2kBxjdsDgX1VQmaWq6k8SHjtgBLfTan + Mgehcv8WtME7yM6h1GBA2laWVcaqYuYMXsdRFEeBhr8qMHayLuFMU2Y5A8/3uPMfxwfDF/hiQMzw + dW5tadIwzGAGzGbqRgXUCmoMpzKQYEP0ZENa8jAJuTEVhJ2BBaxR/3Qyvpj04sHgAI/qEIyXfvQM + xlYZRi3kSq+bHDJ8Q40kSpJeNOzFh5MoSpMojaIgSfo/REkUuSCdE4uB12aeGaTTD7EUUbJJu33J + wDDNS1c4PH1JTEGF8EnGjeWSWVJyYEDUjCyVXgROmyl5qcUTo6gkd+2i4preUkt1eMthGdZhbQNs + r+KoHw9/MvwD/Fhg26sCvTpYoMsJNQvXq2pq3VM6o8KA7zWKx5hXret7c47A0Wy+PoFbwFijO9+z + HJFVIkq8VFaYo/cAJv2ouyi1usGMnlnwVrsud93Artzu5TOQbLO6lNxaNGC8jW+H1N9rWaNmdkm1 + w6vhRSk4Bpw9yBz7UaNsMFwNhk8M9yud6TLZ9GUQOVQng1Uy+H+9NN2vsYgO4/1VvP8tHK46j/1k + 1U++hccW4Hd3j+EY78Jp0l3M+Op1w4HY/av3iIY815AjrTzCOsapRNVM+RetJge7Loa7Lg4fG28o + rTl1hFGzt5f2Yt/DqtnXWBEH3laAWqT5hh6fPmYN+W7pNmzMaTdE9eORqlz+saPQN+6Ay9xLra7g + rmVVZ01z1lTl46MzFxmKmrmqRDbiphR03Q6ea5cGTNbN9n0Cjw/TF4fBsH/QEfjDsm1o5uHFroYn + m4aXmivN7fqZJevUw8HTeJwXNAcTOg3TGeF4INQyMLf5lshO1LIjvIH3GNJJv0tE0Ck4ynKgffi1 + 3t9RhngXQuOhq8ecmnHJ2QmXi1fuZgSl2ywk63pWd3JZ321OpJJjXCzoVMA5UNPgQLdP3tnJ5S/H + p9cnx0fj04vx9fj8/I9zzA9Hy2BBUGAyB3KG3CwtcX4JN0RJsSY451w4o8Qq8hvXlJxpKHDQSWUQ + ocGX5j3GcfKiTzyKhjcfUq/5XmHvsPjbmbo34NiGnEsqHgq1e1Fb3hrVAqPrOAL7mkvYSFelG9p/ + geNmhXkm9BrlzTfx/tbxNDRu4fYzZQtcBDvIdcYbX0ftrvWfAu4WtrDbm5LuEy7BQZ0pofRpE81U + VNDLNXLEdl1RZKSaZquixFVV2rYLX+vf/eK8k9u/vQm3AvZScvWWlklKjpRacCBvuEWOsuQCWKWB + vBI0/+RyxVSFYlTMlbHpMBpG4YzLDGkwTPZfvK8NjupSYJQ3ijiQpHvkHzXJd/jzfa1+geuVYxRU + w9lvgxxVQEaYDx6OgAUk3veJw9Ymi6M3Y7y7wn+9/XhQh+rawpYQFNxqCJTOQ0QldZ3iuBw5NIco + GsxtIerAGzuvnZ1LuZBq+XmVzrTKKvzcjmWOc1pg1cMJFtn5rEuEAZNf1bJn1Y4yla2B5D0JyVVs + LPmzotqCJluTO1Rh6zOutd++PCMXjMod8m7vcxvvJqvP8rhYGwuFwTyyUnHEzl5an9ctchUrKJeG + WwgQXlgwM58qqrNdEo/sj7ZAc5ZfEtbgCamUTAEkMWDJsgWXRa4zDcBmCDCfLOeczUkBVBq8pI1E + awHzfSenQChjSJaQkVtOSYX4Z3pdItug3N8AAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSF + FlYog6DYThMaS8Y/6o4u/3vfSbLqeHU3yij5EMgHJ5JPTyfdu3cXzmOVZZ0Goguc9a2s4gjQ9Srm + dMEsZuwKFHnYEZDQtiC4rDVfiiyR71giIwpmGM2JAcG+dzE/IWAwvi4slcottqnYL9qilTKJrsxx + tS3GrQZAlGg83jg48Zz2bHaofPCTkxNoNfIREGiEeQ2RDOYlHPQi0saeG7u/RDAimcBltHt9X6qq + ckTF8lRGBaIwfnDSVSpvNBaZw+Zcrz1nBbTLosSdmve/X0+vZvbVhY28K4PVLJIKusoUDX0WJWt+ + bPWPf+OibArxEdfwT8nidUkWb1gPEJ8VqKzvpMgi2dSeGnTYcDsHuoSAa4SAPAuph16eaKTrTt5s + 8237LaNr4U4WriiWFWnnZZIwyii9v9Ev+ZD0ocjemH5IJ5wjekjDfovOgiUbDiJvMRm6wQIYx+NT + z/dHlO3MJKzwyrSYDngaRVgDKaj3jMHWxcknc8nI6KtlpQoBB7lOTpPso0ubwPO9Yey58cCPTkfh + IAzGXjgJoshlo6UXT86jM2nlaDA98r/io96zE8Y1bdq2+il3ytyu4BHbd4iPnbRcbNYhucxOGcvJ + Y3hfpgeIOTx+ntkjJ+WEv12i7j/ido27/4jbNfK+IwYnRaqI04KtqX1muuVD8URkrQpFxWs3EG6Y + /qXMBGr5GzBOuHoOPOrUYNREMq2j+1Na62WacQ9U8P6HfqCC90B8oIJOKjDKAxBvVcQ9UpNXP7uw + KwqmW9RtJdLVEXJNR6g9YDos7QGj1GJ+v84EV6pGF5yl/i9Cff0npCJRFh7rR012byC4xt8oH2q7 + J72EPVzGebkhw421ZXmfFdNC4bgXxf/rICpjxijWQiX0Q8juSN32o64m9RxoSQNkF62/A1e/IN2z + 3W6fAAAA//8DAFGRu8f6GgAA headers: - ATL-TraceId: - - 771655cad9917010 - Connection: - - keep-alive + Atl-Traceid: + - 9934136e0263ce73 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f462801e-8939-4522-97e2-0c2dcc12ec81 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '261' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0d546315-4027-4d66-876e-bc7564a0c10b - x-envoy-upstream-service-time: - - '479' status: - code: 201 - message: Created + code: 200 + message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-901 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11785 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy9RU0dAMaSO22VL08x2GqBpYdDSWWYtkQJJWfba/Pcd - KSlunTpr0wRIpBN5L88995CfHVgXlCdO5EjgCUhIXjHIEtXhNAfVUfECctoRBUiqmeCqAwnTOWja - iReUp5CJtLMCqfAbJCMoJCjgul7rdBxmPPu+d+zhi4Jsjq8LrQsVuW4Cc4h1Ij6JHtUZVYpR3uOg - XfShXVowN3CZUiW4rYMlbHD/xWQ4nnSPPR8tc5usE312FAYtVUw1pEJu6uQSfMMNgRf4XS/sBv2J - H0SHYRQ86z3zwt+9wDNebQy9KcC6eWSOZr/re54X3FXdvCSgYskKgwhaT4jKaZZ1SMKUZjzWpGAQ - AxFzUgm57JndseBXMvuRLBTEpQR3xaCiK6qp/EOxf+FFjk0q8ye16Sx54XuHfr95nWCiL7YldxzT - aIw1oWppelTOtHmK5jRT0HFaH05kndx2HM2QGAU22Yl4iZU4hRSfML1HotfsttjZbrTY7TR8m+kV - Z1qjA8OvZrcp6m+7Vom5rqg0hSmWFxlDhiQ71SC4ljJhfx32fyTdBuYmWIN0wQyw+PM1zqH3HCMH - 4ToIH+3YttCy5Ilq/j8Qyz9a+0e/FmvdBmseHoh2GKwPg1+L1pBTtQ97o93emvlev6vVBTt28xE7 - mKYSUpzrezRETomsrMestsSl0iK3EjHFCMHzfR/6933U0lFbzWBa+XOirt/ohWGwZHEd7vM9m+EX - pq8WosySU6aKjG4aFqK5ohp1tZatn5+YWhPvVNCtvUkzDvZxIEqDis302hgYT51Iy9KERp/6HcqF - GYoGDAlYq5m67+mk/zxodXIXNW8fnP6+D8FWMpiQTG8eiUC73Q1/Ti5ZTlNQrtmhWicMDZmoemqV - biXmXFStFIXO7f1CDttCMjoDIyaGmjuLzFR+FwZ/Hw/9vsFjQdWwYPE540t7FJ9CYU5mHrcEsrSq - 7Lc7Cxd8iAcznWUwAqpqUsrmybk8v3p9djE9PxsML8bD6XA0ejvC+nCAFAKCCyYLIJeomlwTE5cw - RQTPNgQnkmXGKdGC/MUkJZcScpxaUipkXM/O6G4Vx+jQ+8I8L0xmkbMzsgh5yjjNsJnYje2MmW+7 - tuZe0cBraZ9hdq0SYF9TDnery8LM7A/wuL4pPJJ69ea70+rbw/3n2Lil20saL/Ei1VKudV7HGjRX - ml9KuL0Xue31JGgPVw6G6rHIhLyos5llJXRTiYK1vRwIcirqZou8wKse100XHurpt+B84NvfgwnT - GRxE5OY9LYKIDIRYMiDXTKNgajK2hwd5ldH0i6kVS81ETLOFUDrqe33PnTOeoKy5QT/0PlqPpxYL - TPOTIIYl0QH5/63kqfn7m3UwBuQbigpuxPG3psH1EN+u+JKLapv74N0968GlFEmJt5ghT3GicsTH - nSAcuO7GFoN+yZ+i6mqxp6CicRB8JC658ZUm/5RUapBk63LPVtjG9O3u9yeXZBxTvme9uTu5R8dh - jdtLSXm8cCc0xWQvsLW1tWRZcnb6tWkg8pxpgvK0+MpsgNsoDbnC2pNCMGTGQWTtFn9D05wyrpiG - HpInCsPDfd/22d0EY84ElUnbg7tenG4pZqKekLhmEmZJZgCcKNCkamilUeXqewmZI7U6pFqweEFy - oFzhR1qvaDwgfuiB0DhGlYSErBglJRI/lpsCZQaXcQ71Wd8zqYyQfyigMUQt76qq6omKqqInZOoi - 62DdKxaFJQYScDoXcloHU1Oq8eYwK7E106dvr0/Gl93xmy4eNJaaV6Pz2ulDwLwBLDKJyOvh5ANH - LcfBRfZERBSr+AMfrpg5QjC5MehuPW7Nt/8AAAD//+xZbWvbMBD+KyZQaEvt2E6cNIPRhb3APmyU - FTboN8VWG7PYMpadbmT573tOUlTHjbPRjZIPgVKUSrq7nu6ee+7yrwqSLE26FOi9PQq6xdKJZYrf - UvuoS8XTcyowPqGy36s2lOLi25znlN4Os88r0KXCDgQEGZMuuZPmeJFM3XFESTWQYVdSCUL5+87z - C4qP3EESaF7nsMUD+0mB5hRMBUkt8bAOIqcRJ+hEc77wkMeSIs/GWSMSSRcFKvQb++TGQJIna0Tp - TjtV5J1/zAoWV/R/fhZOqj44wBNyl/L++U3FC0klvOQaZ7g+bDLbhq7KXICeOwqGcNr05q0bDIxD - 0dsLwiOCtFOGh83PnNOzX3jMRSVeAUueMsSgiyEGw66NqMkHqhJ1UZFX4tKto7492t7o4l2+5V3K - 9Yp+7j5o+4Et6tIub+1bE3urqlg8J0DWNVLWWcaogPf+VO3Ih0THRfnMak+07AqYRS0AGqnojg0H - STBDkYtmsHE8ngRhOCJyYQ9Bw55jnB54miTQgYrfe7TBNa3dGwtxJHRvf60j3gO1UMcUwOhlPwrC - YMgDnw/CZDKKB3E0DuLLKEl8NroL+OVV8lpJORlMT8IP+NH33Izlpva5rv6T9GrpPsAjbuhRsHtF - PVukMbnMLRiT5DHcR2ZVKbgzlu+u3ZFX5GR/u3E/fIvb7f/hW9weIRy6xYCeRDfwhh83mea1mX1R - PhE46z5bw9ct8BXH39elKHj/FogTzx8Tj0ZW2LWZTHrM8M1Q69Ig7hEKXv7Rj1DwEhYfoaATCtrk - AlSqt1rTnQ0lge33OhVXNAY3ax8KRcUWWO2Q0jWZ8+1krr1hJ13tDUvheL5MS5FrumMa/9p89aI/ - /pWl6C6VhNVmaVDwGcjX+NKov5F70cvYjy9c1gsS3NCtxixlNa20HUtR/bfBrJZlZUIV2tKvQg2p - 7ChYlGr0QxqtHdvGhlvWmgvKO+v1+jcAAAD//wMAQ51rQcEbAAA= + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWyXnYTR8AwdLG7ZQuyLHFaoGkR0NRZZkyRGknFdh//+456 + 2K1Td0uGFQEcicd7f/fp3nuwKqnMvNTTIDPQkL3gIDLjS1qA8Q2bQ0F9VYKmlitpfMi4LcBSn82p + zEGo3L8HbVAG2SWUGgxI295llbGqmDmDt3EUxVGg4a8KjJ2sS7jQlFnOwPM97vzH8dHwGb4YEDN8 + nVtbmjQMM5gBs5m6UwG1ghrDqQwk2BA92ZCWPExCbkwFYWdgAWvUP5+Mrya9eDA4wqM6BOOl7z2D + sVWGUQu50usmhwzfUCOJkqQXDXvx8SSK0iRKoyhIkv4PURJFLkjnxGLgtZknBun0QyxFlGzSbl8y + MEzz0hUOT58TU1AhfJJxY7lklpQcGBA1I0ulF4HTZkpea/HIKCrJXbuouKX31FId3nNYhnVY2wBb + URz14+FPhr+DHwtse1WgVwcLdDmhZuF6VU2te0pnVBjwvUbxFPOqdX1vzhE4ms3XZ3APGGv00fcs + R2SViBIvlRXm6O3ApB91glKrO8zoiQVvtety1w3syu1ePgHJNqtrya1FA8bb+HZI/b2+a9TMLql2 + eDW8KAXHgLOdzLEfNcoGw9Vg+Mhwv9KZLpNNXwaRQ3UyWCWD/9dL0/0ai+gwPlzFh9/C4arz2E9W + /eRbeGwB/vHjQzjG+3CadIIZX71sOBC7f/MW0ZDnGnKklQdYxziVqJop/6LV5GifYLhPcPzQeENp + zakjjJq9vbQXtzzmyqU5a+J4/+DMgRgrYeaqEtmIm1LQdQt1PF5Si5+Fhk4fP5YNWW/pOWzMaTd0 + 9eOJqly96lBfuQMucy+1unK+0ah9if10o9dWQwMm62b7cwKPj9Nnx8Gwf9QR+G7ZNjSzK9jX8GTT + 8FJzpbldP7EEnXo4eByP84LmYEKnYTojHA+EWgbmPt8S2ZladoQ38B5COul3iQg6BUdZDrS7X+vD + PWWI9yE0Hrp6zKkZl5ydcbl44SQjKN1mIVmHoBpXy1q2OZFKjnGxoFMBl0BNg0rdPnkXZ9e/nJ7f + np2ejM+vxrfjy8s/LjE/HC2DBcELkzmQC+RmaYnzS7ghSoo1wTnnwhklVpHfuKbkQkOBg04qg4gL + vjTvMY6TF33gUTS8e5d6O8OMJc+5pAKbid3YDpmT7Z61e1Fb3hr3AqPrOAL7mkvY3K5KN7T/AsfN + CvNE6DXKm2/i51vH49C4hdvPlC1wEewg1xlvfJ20u9Z/Crhb2MJub0q6T7gEB3WmhNLnTTRTUUEv + 18hY23VFkZFqmq2KEldVadsufK2nnxfnjdz+HUy4FXCQkpvXtExScqLUggN5xS0ypiVXwCoN5IWg + +QeXK6YqFKNiroxNh9EwCmdcZkhrYXL47G1tcFSXAqO8U8SBJD0g/6hJvsOf72v1K1yvHKOgGs5+ + G+SoAjLCfPBwBCwg8aFPHLY2WZy8GqPsBv/1DuNBHaprC1tCUHCrIVA6DxGV1HWK43Lk0Bzi1WBu + C1EH3th56excy4VUy0+rdKFVVuHndixznNMCqx5OsMjOZ10iDJj8qpY9q/aUqWwNJG9JSG5iY8mf + FdUWNNma3KMKW59xrf36+QW5YlTuue/2PrfxbrL6JI+rtbFQGMwjKxVH7Byk9XndIlexgnJpuIUA + 4YUFM/Opojrbd+OB/dEWaM7yc8IaPCGVkimAJAYsWbbgssh1pgHYDAHmk+WcszkpgEqDQtrcaC1g + vm/kFAhlDMkSMnLPKakQ/0yvS2QbvPc3AAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsr + lEFQbKcxjSXjl7qjy3/vc5KiOl7djTJKPgTywYmk03Pne3nuwnmsar7TQHSBd30ruzgCdL2KOTmY + xYxcgSYPGgEJqQXCZSV8KfJUnrFETimYYbWgDIjsexfzEwIG4UlpKWJhsXXNfpGKVsYkuqqAa1uM + Ww2AaNF4vHbwxgvS2WiobPCTkxHoNrIREGiExRYiCSwqGOhFpA2dG9pfIhhRTGAy0l77S13XjqhZ + kcmoQBTGD062yqRH45I5ZM713XNWgkktKvjUvP/9eno1s68ubNRdGazmkkyQK1M09FmUJvzY6h// + hqOsS/ERbvgnZfG6KIs37FoImgWqRMt9J9kUsbvWVtdsbS90EQHXEAH5LiQfenljF3V1DXXdKbLt + RAxzsnBFsaySdlGlKaOK0vtb+iUbEj8U+RvLD/GEc0QPcdJv0VmwZMNB5C0mQzdYQIHx+NTz/RFV + O7MJN7yyLaYXPI0i3IES1HvGYOvm5JNxMhL6alupQsBBrZPbZPbRrU3g+d4w9tx44Eeno3AQBmMv + nARR5LLR0osn59GZlHI0mB75X/FR5+yUcZ02bVv9VDhVYdewiO07lI+drFqsk5BMZmeMFWQxnJfl + AWQOj59n9sjJOOFvt6j7j7jd4+4/4naPvO+IkXoi1VJqwtbkPjM98qF4omStGj+Vvm5A3LD9S5UL + 9PI3yDjh6jnwaFKDVRPJdI+eT2mul+uMe0gF7//SD6ngPRAfUkFnKjAEAxBvVcQ90pBXP7uQK0qm + R9RtmtI1EXLNRKi9YCYs7QXD1GJ+n+SCK1ajG85K/xehvv4L0ntR/r9JnBJmhOImdCA/hJxKbId/ + cCEF+XH7qLPrmwHI/20+bOWe9FL2cBkX1ZoEN5SV84S8nJZKcZpq0syBVDe/7x72d07rAxLtZrN5 + AgAA//8DALTE88P6GgAA headers: - ATL-TraceId: - - 4660f1033c0df6bd - Connection: - - keep-alive + Atl-Traceid: + - 859a34233d005eb8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a6684a63-ab72-4c06-bc8d-f88e188ef541 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '249' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7c7a48a4-7944-4c7b-a59f-f11d9e03057a - x-envoy-upstream-service-time: - - '143' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,94 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11090 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy9RU0dAMaSO22VL08x2GqBpYdDSWWYtkQJJWfba/Pcd - KSlunTpr0wRIpBN5L88995CfHVgXlCdO5EjgCUhIXjHIEtXhNAfVUfECctoRBUiqmeCqAwnTOWja - iReUp5CJtLMCqfAbJCMoJCjgul7rdBxmPPu+d+zhi4Jsjq8LrQsVuW4Cc4h1Ij6JHtUZVYpR3uOg - XfShXVowN3CZUiW4rYMlbHD/xWQ4nnSPPR8tc5usE312FAYtVUw1pEJu6uQSfMMNgRf4XS/sBv2J - H0SHYRQ86z3zwt+9wDNebQy9KcC6eWSOZr/re54X3FXdvCSgYskKgwhaT4jKaZZ1SMKUZjzWpGAQ - AxFzUgm57JndseBXMvuRLBTEpQR3xaCiK6qp/EOxf+FFjk0q8ye16Sx54XuHfr95nWCiL7YldxzT - aIw1oWppelTOtHmK5jRT0HFaH05kndx2HM2QGAU22Yl4iZU4hRSfML1HotfsttjZbrTY7TR8m+kV - Z1qjA8OvZrcp6m+7Vom5rqg0hSmWFxlDhiQ71SC4ljJhfx32fyTdBuYmWIN0wQyw+PM1zqH3HCMH - 4ToIH+3YttCy5Ilq/j8Qyz9a+0e/FmvdBmseHoh2GKwPg1+L1pBTtQ97o93emvlev6vVBTt28xE7 - mKYSUpzrezRETomsrMestsSl0iK3EjHFCMHzfR/6933U0lFbzWBa+XOirt9xsEz9DifO8KpZQDXq - ZC1DPz8BtcbdqZpbe5OG3vZxIEpTpW+U6toYGE+dSMsSbhvxMs4ki+vaP9+zmcRwqVqIMktOmSoy - umlGAs2xBKzVTN33dNJ/HrQ6uYuatw9Of9+HYCsZTEimN49ErN3uhj8nlyynKSjX7FCtE4aGTFQ9 - tUq3EnMuqlaKQsdgtFPIYVtIRmdgxMRQc2eRmcrvwuDv46HfN3gsqBoWLD5nfGmP4lMozMnM47Zn - tpOV/XZn4YIP8WCmswxGQFXNA9k8OZfnV6/PLqbnZ4PhxXg4HY5Gb0dYHw6QQkBwwWQB5BJVk2ti - 4hKmiODZhuBEssw4JVqQv5ik5FJCjlNLSoUM7dkZ3a3iGB16X5jnhckscuoDA3uH4G9H6psxxjak - jNNsd1Fzr2jgtazOMLtWCbCvKYe71WVhZvYHeFzfFB5JvXrz3Wn17eH+c2zc0u0ljZd4kWop1zqv - Yw2aK80vJdzei9z2ehK0hysHQ/VYZEJe1NnMshK6qUSN2F4OBDkVdbNFXuBVj+umCw/171twPvDt - 78GE6QwOInLznhZBRAZCLBmQa6ZRozQZ28ODvMpo+sXUiqVmIqbZQigd9b2+584ZT1AG3aAfeh+t - x1OLBab5SRDDkuiA/P9W8tT8/c06GAPyDUUFN+L4W9PgeohvV3zJRbXNffDunvXgUoqkxFvMkKc4 - UTni404QDlx3Y4tBv+RPUXW12FNQ0TgIPhKX3PhKk39KKjVIsnW5ZytsY/p29/uTSzKOKd+z3tyd - 3KPjsMbtpaQ8XrgTmmKyF9ja2lqyLDk7/do0EHnONEF5WnxlNsBtlIZcYe1JIRgy4yCydou/oWlO - GVdMQw/JE4Xh4b5v++xugjFngsqk7cFdL063FDNRT0hcMwmzJDMAThRoUjW00qhy9b2EzJFaHVIt - WLwgOVCu8COtVzQeED/0QGgco0pCQlaMkhKJH8tNgTKDyziH+njtmVRGyD8U0BiilndVVfVERVXR - EzJ1kXWw7hWLwhIDCTidCzmtg6kp1XhYz0pszfTp2+uT8WV3/KaLB42l5tXovHb6EDBvAItMIvJ6 - OPnAUctxcJE9ERHFKv7AhytmjhBMbgy6W49b8+0/AAAA///sWW1r2zAQ/ismUGhL7dhOnDSD0YW9 - wD5slBVW6DfFVhsz2zKWnW5k+e97TlLU1I3T0Y2SD4FSlOjlTqe75567/KuAJE+TLgF6boeA7mNp - xSLFf6lt1CXi6TrlGF+Q2e9UGUp+cT3nBYW3w+zzClSp0AMOQcqkC+6kBV4kV3scUVEOZJiVlIKQ - /n7w4oz8o3AQBJpKOSy7Z7/I0ZySKSdpJB7Wgeds+Akq0YJnHuJYkudZP9vwRJJFjgr5Rj+5VpDO - kw28dKueyvNOP+cli2u651fhpOqDAzwhcynrn17VvJSUwiuucYbrxSayreuqyAXouaNgCKNNr967 - wcAYFLW9IDwiSDtmeNjixDk++Y3HzGrxBljylCEGXQwxGHZNROsJyit1hbyoyC7R19ZS3y5tT1je - pSysWOb2hV08zLf1QHtispW/tPMegpnFcwJknSNlk+eMEnjvuWxHNiQ6LqoXZnuiZRfALCoZUEhF - t2w4SIIZklw0wwXG40kQhiMiF3YRJOxYxumBp0kCGcj4vQcdXFPavbMQR4furK+1x3ugFmqZAhg9 - 7EdBGAx54PNBmExG8SCOxkF8HiWJz0a3AT+/SN6qU44G06PwE/70Pjdnhcl9rqu/kl4j3XtYxA09 - cnavbGZZGpPJ3JIxSRbDfkRWnYI7Y/jh0h15ZUH6twv3/de4Xf7vv8btFsK+awzoSXTNbPjxJtO8 - NL0viicCZ12Xa/i6Ab5i+cemEiXv3wCK4vlD4FHLCrM2kkmOab4Zal0ZxD1Awes/+gEKXkPjAxR0 - QkGbeYBK9ZYr2rNmHtD9TofiktrgZuxDoKhZhtGWU7o6c77tzLUnbKerPWEpHC8WaSUKTXdM4d+Y - n170x7/RdCHq/9ZA1WfZMyEI5eB3oZpDtuuJalZpvFwPDeq+WL76kaq/Pvesl7Of37hsMjp4466q - rVPV01rfm3rL1Pqhm9vvH28OH+02G5S2q9XqDwAAAP//AwDB9IYEwRsAAA== + H4sIAAAAAAAAA1SPS0vEMBSF/0u2tpnT9JGanehCRUZhOisZJG0SrKRJaVNhGOa/m+LgY3c59/vu + 4Z5IK2e9nywR5D2EcRabjdJGd0H5D09lsHKee+mo04Ek5FNPc+9dhDMgo6BId9ubl939c/O73S5D + GyciXlcoQYJDQpQerT8O2oXmOOp44Nb6RUWpXXqrvhUiosBQXsI7GVaQgbEUdZrxBrUAF6ykAK4i + iejPeoq9TT/8Y68bQDAI5LQsix+2Gx6c8RGsioyb3BiT85qxCnkNFKVkVdZJqKrjvNDIq78Fwa4N + j/0kyfqOkYsNT76Ta3wi9jIR7d72O3I+fwEAAP//AwDebsfsWgEAAA== headers: - ATL-TraceId: - - 7f143eec05c72ca5 - Connection: - - keep-alive + Atl-Traceid: + - b175208e5e1b73a8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 58a0bbf5-fc69-47fa-8b7a-d67719a636b0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c2c21461-3015-4b1c-82d2-d4d84858fb97 - x-envoy-upstream-service-time: - - '142' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1062,61 +952,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m1KbqIHFVmFdk8iMkknWEmTpU2FZdn/boqLH7fhneeZ - lzkxjTPtJ8cUe4/xMKvNpidLJvbhIxQYHc7zgL7wFFnGPmmah+ATzAF4AQXk7e76ub176n63u2XU - aWLqZYUyyOA1Yz0dXDiO5GN3PFA6cOPC0idJL4PrvxWmVmErL+EtxhUUIHgOVS5kxysFXJVVAQBX - IACSP9OUerth/Mc2HRcJVKIpqob/sGa89zYkUIpG1lur0ZRUItVgbC1r3WuUYA0AVpWUmso/BdGt - DQ/DhGx9x+Li4mMwuMYn5i4TI/+2b9n5/AUAAP//AwBJePATWgEAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRzHAHD0MXuli3IssRpgaZFQFNniTFFaiQV22v733fU + i506dbdkWBHAkXi89+ce3XsPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+h1GBA2vYuq4xVxdwZvI3CMAr7Gv6swNjpuoQLTZnlDDzf485/FB2NBvhiQMzx + Nbe2NEkQpDAHZlN1p/rUCmoMp7IvwQboyQa05EEccGMqCDoDC1ij/vl0cjXtRYPBEI/qEIyXvPcM + xlYZRi1kSq+bHFJ8Q404jONeOOpFx9MwTKLj5Puj/nAUfhfGYeiCdE4sBl6beWaQTj/AUoTxJu32 + JQXDNC9d4fD0BTEFFcInKTeWS2ZJyYEBUXOyVHrRd9pMyWstnhhFJblrFxW39J5aqoN7DsugDmsb + YCuKwsNo9KPhf8EPBba9KtCrgwW6nFKzcL2qZtY9JXMqDPheo3iKedW6vpdzBI5m+foM7gFjDT/6 + nuWIrBJR4iWywhy9HZgchvsEUScotbrDVJ/ZiVa77kPd2a4P7uUBerbpXktuLRow3sa3g/Bv9V2j + 5nZJtQOy4UUpOAac7pQEG1XDbzBaDUZPDPcLLesy2TRsEB5hGPFgFQ/+Xy8NLGqQosNouIqGX8Ph + qvN4GK8O46/hsUX+x4+P4Rh3cJzz1auGA7HJN++w6VmmIUNaeYR1DEeJqpnyz4I8PtonGO0THD82 + 3lBac+oIo2ZvL+lFvofFsa8wcYfR5kI9+K5OmrMmsvePzhx6sQQmV5VIx9yUgq5bjOPxklr8UDQE + +/R5bOh7S9hBY067aasfT1TlKhi5UF+7Ay4zL7G6cr6ZBkzWjfDnCDweHXYEvlu2fTQTb2hmV7Bp + eKm50tyun5lwpx64z9UTeJwXNAMTOA3TGeF4INSyb+6zLV+dqWXHawPvMXLjwy4RQWfgmMmBdvdr + PdxThmgfQqORq0dOzaTk7IzLxUsnGUPpNgvJOrzUKFrWss2JVHKCiwWdCbgEahoM6vbJuzi7/vn0 + /Pbs9GRyfjW5nVxe/n6J+eFoGSwIXpjmQC6QgqUlzi/hhigp1gTHmQtnlFhFfuWakgsNBc4zqQzi + q/+5sY5wnLzwAw/D0Z1OvJ1hxpJnXFKBzcRubIfMyXbP2r2oLW+NcoHRdRyBfc0kbG5XpRvaf4Hj + ZoV5JvQa5c2n79Ot42lo3MLtJ8oWuAh2kOuMN75O2l3rPwXcLWxBtzfF3ZdagoM6U0Lp8yaamaig + l2nkp+26oshYNc1WRYmrqrRtF77U00+L81Zu/w6m3Ao4SMjNG1pGCTlRasGBvOYW+dGSK2CVBvJS + 0OyDyxVTFYpRkStjk1E4CoM5lymSWBAPB+9qg+O6FBjlnSIOJMkB+UdN8g3+fFurX+F65RgF1XD2 + 2yDHFZAx5oOHY2B9Eg194rC1yeLk9QRlN/ivN4wGdaiuLWwJ/YJbDX2lswBRSV2nOO5ADs0BXu3n + thB14I2dV87OtVxItXxYpQut0gq/qhOZ4ZwWWPVgikV2PusSYcDkF7XsWbWnTGVrIH5HAnITGUv+ + qKi2oMnW5B5V2PqMau03Ly7IFaNyz3233rmNd5PVgzyu1sZCYTCPtFQcsXOQ1Od1i1zFCsql4Rb6 + CC8smMlniup0341H9sdboDnLLwhr8IRUSmYAkhiwZNmCyyLXmQZgcwSYT5Y5ZzkpgEqDQtrcaC1g + vm/lDAhlDMkSUnLPKakQ/0yvS2QbvPc3AAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsr + lEFQbKcxjSXjl7qjy3/vc5Kiul7cjTJKPgTywYnku+dOurvnLpzHqsI7DUQXOOtb2cURoOtVzOmC + WczIFWjyYBGQkFngVVbClyJP5TuWyCkFM6wWlAGRfe9ifkLAIDwpLUUjLLau2S8y0cqYRFcVuNoW + 41YDIFo0Hq8dnHhBNhsLlQ9+cnICaSMfAYFGWGwhksCigoN2Im3Y3LD+EsGIYgKXkfX6vtR17Yia + FZmMCkRh/OBkq0zeaCiZQ+Zc656zErxpUeFOzfvfr6dXM/vqwkbdlcFqlGSCrjJFQ59FacKPrf7x + b1yUdSk+4hr+SVm8LsriDZt1qERnfScpElG29tagQ4bbudBFBFxDBORZSD60e2MXdXUNdYXHWLii + cN3BoNuJuajSlFFF6f0t/ZIPiR+K/I3lh3jCOaKHGOi36CxYsuEg8haToRssYMB4fOr5/oiqndkE + Da9si+mAp1EEHShBvWcMtu5BPplLRkJf7R5VCDiodXKbzD66gwk83xvGnhsP/Oh0FA7CYOyFkyCK + XDZaevHkPDqTUo4G0yP/Kz7qPTtlXKdN21Y/FU5V2DU8YvsO5WMnqxbrJCSX2RljBXkM78vyADKH + x88ze+RknPC3O9H9R9xuZfcfcbsV3nfEyEmRaiA1YWtyn5me7FA8UbJWbZ7Kazcgbtj+pcoFWvYb + ZJxw9Rx4NJDBqolk0qPnU5rr5TrjHlLB+x/6IRW8B+JDKuhMBYZQAOKtirhHmuXqZxdyRcn0iLpN + U7omQq6ZCLUXzISlvWCYWszvk1xwRXl0w1np/yLU139CKlIl4XH7qJPdGxJc42+UD1u5J72UPVzG + RbUmwQ3dsr3Py2mpcNyL8v/N/5QwIxS60An9EHI6YkaOIpczB1JpgLxE67+Aq1+Q7tlsNk8AAAD/ + /wMAb3ByUPoaAAA= headers: - ATL-TraceId: - - 0d23f5634cb488c9 - Connection: - - keep-alive + Atl-Traceid: + - 1db93781d9e34947 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5b97c7e5-7cb9-4673-914b-86c3f64c00d0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '269' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b99d335d-69f6-481e-8f88-51ae034432b3 - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1126,110 +1054,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA1SPS0vEMBSF/0u2tpnT9JGanehCRUZhOisZJG0SrKRJaVNhGOa/m+LgY3c59/vu + 4Z5IK2e9nywR5D2EcRabjdJGd0H5D09lsHKee+mo04Ek5FNPc+9dhDMgo6BId9ubl939c/O73S5D + GyciXlcoQYJDQpQerT8O2oXmOOp44Nb6RUWpXXqrvhUiosBQXsI7GVaQgbEUdZrxBrUAF6ykAK4i + iejPeoq9TT/8Y68bQDAIFJQX+Q/bDQ/O+AhWRcZNbozJec1YhbwGilKyKuskVNVxXmjk1d+CYNeG + x36SZH3HyMWGJ9/JNT4Re5mIdm/7HTmfvwAAAP//AwCuUCoeWgEAAA== headers: - ATL-TraceId: - - 20af2c6646c5b6ef - Connection: - - keep-alive + Atl-Traceid: + - 456f93ea88c7c4b9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a14890df-c2bb-4f2f-8755-f0a5d682de31 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c5b56c27-32e6-4433-a46b-fe9c73e5f37a - x-envoy-upstream-service-time: - - '85' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1239,94 +1124,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSaCuRphODbscdY1xbhjQ2VSZ5TT0SO7Kdpr1t//s9 - 2wllsHIbAwniZ7/vn/exP3uwrijPvMSTwDOQkL1iUGSqx2kJqqfSJZS0JyqQVDPBVQ8ypkvQtJcu - Kc+hEHlvBVLhHmQTqCQo4Nqd9XoeM5bDMBjt40JBscDlUutKJb6fwQJSnYlPYkB1QZVilA84aB9t - aJ9WzI98plQNfmfgGjaofzobT2f9/SBAycIG6yWfPYVOa5VSDbmQGxdchitUiIIo7AdxPxrNwigZ - xkk0HMT78e9BZG1YH3pTgTXzyBiNvh8GQRDdZN0uMlCpZJWpCEoPiCppUfRIxpRmPNWkYpACEQvS - CHk9MNqp4Oey+JEoFKS1BH/FoKErqqn8Q7F/4UWJTarLJ050nL0Ig2E4apczDPTFNuWeZxqNvmZU - XZse1VfafCULWijoeZ0NL7FGvvY8zRAYFTbZS3iNmXiVFJ8wvEdWr9W2tbPd6GpnFrcavo30nDOt - 0YDBV6ttkvrbnlVioRsqTWKKlVXBECHZnWywuBYy8Wgdj34k3LbMrbO20hUzhcWf23WOg+foOYrX - Ufxow7aFFiVPVPv/AV/hs3X47Nd8rTtn7ccD3obRehj9mrcWnKr72Ont61cz3+t3jl2wY5cfsYN5 - LiHHub4HQ8SUKGo3Zk6S1kqL0lLEHD1Ez3dtjO7bcNThpGYwLf15ST/seZimfocTZ3DlDthxMpiW - LHUBfL4nM4jDhNRS1EV2xFRV0E2LSxQ3VCPTOiL7+RlyLHnDi76zJs2A2M9DUZs6hSbSCyNgPPcS - LWvjOpWAuZqp+x5PhvHzjifvVi3YVc5w10a0pQwmJNObR+bbqfvxz9ElK2kOyjcaqjPCUFCIZqBW - +ZZiTkTTUVHsmRrdSWTYJVLQKzBkYqB555CZyu+WIdyFw3Bk6rGkalyx9ITxa3sVH0FlbmaednCx - IGrs3o2ECz7Gi5leFTABqhwEZfvlnZ2cvz4+nZ8cH45Pp+P5eDJ5O8H8cIAUFgQPzJZAzpA1uSbG - L2GKCF5sCE4kK4xRogX5i0lKziSUOLWkVoivgZ3Ru1nso8HgCwuCOBsmnrswsHdY/O1IfTPG2Iac - cVrcPdS+K9ryWpAXGF3HBNjXnMPN6boyM/sDOHYvhUdCzynf3FbfXu4/h8Yt3F7S9BofUh3kOuPO - 12H7pPmlgLt3kd89T6LucuVgoJ6KQshTF81VUUM/l0hP28eBIEfCNVuUFT71uG678FD/vi3OB779 - 3ZsxXcBeQi7f0ypMyKEQ1wzIBdNIj5pM7eVBXhU0/2JyxVQLkdJiKZRORsEo8BeMZ0hifjQa7n+0 - Fo9sLTDMT4IYlCR75P9VyVPz9zdrYAqINyQVVMTxt6LDizGuzvk1F8029sN396R7Z1JkNb5ixjzH - iSqxPv4My4HnLm0yaJf8KZq+FjsSqloD0Ufik8tQafJPTaUGSbYmd6jC1mdotd8fnJFpSvmO8+bt - 5D/bj13dXkrK06U/ozkGe4qtddKaFdnx0W3RoShLpgnS0/KW2BRuozSUCnPPKsEQGXuJldv6G5iW - lHHFNAwQPEkcD3ft7ZL7Gfq8ElRmXQ9uenG0hZjxekBShySMklwBcKJAk6aFlUaWc+8SskBo9Uiz - ZOmSlEC5wk3qTrQWsH5ogdA0RZaEjKwYJTUCP5WbCmkGj3EO7mYfmFAmiD8k0BSSDndN0wxEQ1U1 - EDL3EXWwHlTLygIDAThfCDl3ztScanwnXNXYmvnTtxcH07P+9E0fLxoLzfPJiTP6UGHeACaZJeT1 - ePaBI5fj4CJ6EiKqVfqBj1fMXCEY3BR0341bu/cfAAAA///sWW1r2zAQ/ismUGhL7VhOnJfB6MJe - YB82ygob9Jtiq42Z37DsdKPLf99zkqKmTpyNbpR8CJSiRNLdSbp77rnLvyqIsyTuUqDn9ijoFksr - lgn+S31HXSq21ynH+ITMfqfKUPKLbwuRU3g73D5vgSoVdsAhyJhkKZwkx4tkao9TVJQDOWYlpSCk - v+8ivyD/yB0EgWZxDk/v+U9yNKfkykkaiYd14DkbfoJKNBephziW5HnWzzY8kXSRo0K/sU+uDSR5 - soGX7rRTed75x6zkUU3n/Fw4ifrgAE/outTtn1/XopSUwiuhcUboxSayreuqyAXouSM2xKXNrt+6 - bGAuFLV9QXhEkHbK8bD5mXN69guPmdbFK2DJNkNkXQyRDdcTlD7qCulPMVIiyO2lYYcMv3PC8i51 - w4pl7l7YxcN8Ww8gLHm0IGjdSfH86U4+086DsskyTgm896dsR3dIdLyonpntiZZdArOI8KOQCm/5 - cBCz+WToh3MYPB5PWRCMiFzYRdCwZ5mgB57FMXQg4/cebXBNaffGQhwJ3Vtfa4/3QC3UMgUwetgP - WcCGgvliEMTTUTSIwjGLJmEc+3x0y8TkMn6tpJwMZifBB/zpfW7Gc5P7XFd/Jb1Guve4ETfwyNm9 - spmnSURX5pacS7ox7Edk1Qm4M4bvrtyRV+Zkf7twP3yL2+X/4VvcbiEcusXApFiX64YfbzLNK9P7 - ongicNZVtca1G+Arlr9vqqIU/RtAUbR4DDxqWWHWRjLpMc03Q60rg7hHKHj5Rz9CwUtYfISCTiiw - hAIm3umIe6Butxn7kFvUPMVomzP54F29h1Vve6KrM+fbzlx7wna62hOWwol8mVRFrkmSKfwb89OL - /vg3R1gW9X9rf2pZViYUoRz8Wqjm0LrhCtfSFj+shwZ1n61f/UjVX8u96GX8xxchm5QEb5xVtXWq - elbrc1NvmVo/dHL7/dPNwZPdZoOydrVa/QYAAP//AwDzbaimwRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRzHAHD0MXu1i3IssRJgaZFQFNniTFFaiQV22vz33fU + i906dbdkWFEgtXi89+ce3nsPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+g1GBA2vYuq4xVxdwZvI3CMAr7Gv6swNjpuoRzTZnlDDzf485/FB2NBvhhQMzx + M7e2NEkQpDAHZlN1p/rUCmoMp7IvwQboyQa05EEccGMqCDoDC1ij/tl0cjntRYPBEI/qEIyXvPcM + xlYZRi1kSq+bHFL8Qo04jONeOOpFx9MwTKLj5Puj/nAUfhfGYeiCdE4sBl6beWaQTj/AUoTxJu32 + IwXDNC9d4fD0BTEFFcInKTeWS2ZJyYEBUXOyVHrRd9pMySstnhhFJblrFxW39J5aqoN7DsugDmsb + YCuKwsNo9KPhf8EPBba9KtCrgwW6nFKzcL2qZtb9SuZUGPC9RvEV5lXr+l7OETia5etTuAeMNXzw + PcsRWSWixEtkhTl6OzA5DPcJok5QanWHqT6zE6123Ye6s10f3MdH6NmmeyW5tWjAeBvfDsK/1XeN + mtsl1Q7Ihhel4BhwulMSbFQNv8FoNRg9MdwvtKzLZNOwQXiEYcSDVTz4f700sKhBig6j4Soafg2H + q87jYbw6jL+Gxxb5Dw+P4Rh3cJzz1XXDgdjkm3fY9CzTkCGtPMI6hqNE1Uz5Z0EeH+0TjPYJjh8b + byitOXWEUbO3l/Qi38Pi2GtM3GG0uVAPvquT5qyJ7P2jM4deLIHJVSXSMTeloOsW43i8pBYfioZg + nz6PDX1vCTtozGk3bfXPE1W5CkYu1NfugMvMS6yunG+mAZN1I/w5Ao9Hhx2B75ZtH83EG5rZFWwa + vis43BITV5rb9TMr0akH7h17AsHzgmZgAqdhOiMcD4Ra9s19tiWyU7XsCG/gPTgwzMAxkwPt7ms9 + 3JNttA+h0cilnVMzKTk75XLx0knGULrNQrIOLzWKlrVscyKVnOBiQWcCLoCaBoO6/eWdn179/Ors + 9vTVyeTscnI7ubj4/QLTwNEymDdemOZAzpGCpSXOL+GGKCnWBMeZC2eUWEV+5ZqScw0FzjOpDOKr + /7mxjnCcvPADD8PRnU685r3CFmGNtzP1yYBjtTMuqdi91O5FbXlrlAuMruMIbF8mYXO7Kt3Q/gsc + NyvMMxHWKG+evk+3jqeBbouqnyhb4CLYIasz3vg6aXet/xRwt7AF3d4Udy+1BIdopoTSZ000M1FB + L9PIT9t1RZGxapqtihJXVWnbLnypf58W563c/juYcivgICE3b2gZJeREqQUH8ppb5EdLLoFVGshL + QbMPLldMVShGRa6MTUbhKAzmXKZIYkE8HLyrDY7rUmCUd4o4kCQH5B81yTf459ta/RLXK0ccqIYj + 3gY5roCMMR88HAPrk2joE4etTRYnrycou8H/esNoUIfq2sKW0C+41dBXOgsQldR1iuMO5NAc4NV+ + bgtRB97YuXZ2ruRCquXHVTrXKq3wVZ3IDOe0wKoHUyyy81mXCAMmv6hlz6o9ZSpbA/E7EpCbyFjy + R0W1BU22JveowtZnVGu/eXFOLhmVe+679c5tvJusPsrjcm0sFAbzSEvFETsHSX1et8hVrKBcGm6h + j/DCgpl8pqhO9914ZH+8BZqz/IKwBk9IpWQGIIkBS5YtuCxynWkANkeA+WSZc5aTAqg0KKTNjdYC + 5vtWzoBQxpAsISX3nJIK8c/0ukS2wXt/AwAA///sWW1r2zAQ/ismUEihdm0nTtJB6QLbYB/KQgsr + lEFQbKcJjSXjl7qjy3/vc5KiOm7cjTJKPgTywbGk03Onu9NzZ85jdcM7NUSXOOs7WcURoJtFzMnB + LGbkChR50AhISC3wKmvJ5yJL5BpLZJSCGUZzyoDIvvcxPyFgEL4sLEUjLLaq2G9S0UqZRFfmcG2L + casGECUaj1cOTjwnnY2Gyga/OBmBdiMbAYFGmG8gksC8hIF2Iq3pXNP+CsGIywQmI+21v1RV5YiK + 5amMCkRh/Oiki1R6NDaZQuZU7z1lBXjTrIRPTbs/bsbXE/v60gZPkMFqNkkFuTJFQ5dFyZIfW93j + P3CUVSE+wQ1fUxavjbJ4/c0A5bMClfW9pEhE2ZpTgxYZbutAGxFwDRGQZyFpz+6JhrrCMCxcUFTu + 5ByuobJbF2wzMedlkjC6UTp/S79kQ+KHInvn9UM84QLRQwz0e3QezFm/F3mzUd8NZgA8HJ55vj+g + 285Mwg5vTIvpgMdRhD1wBXVeMNi6BvlsnIyEvlk9qhBwcNfJaTL76Aom8HyvH3tu3POjs0HYC4Oh + F46CKHLZYO7Fo4voXEo56o2P/G/4qXV2wrhOm7atXuVOmdsVLGL7DuVjJy1nq2VIJrNTxnKyGNbL + 6wFkDo9fJvbASTnhb1ai+4+4WcruP+JmKbzviJGTIlVAasJW5z4T3dmheKJkrco8ldduQdww/WuZ + CZTst8g44eIl8Kghg1ETybSP7k9prpfpjHtIBR9/6IdU8BGID6mgNRUYQgGIdyrinqiXq59dyBUF + 0y3qJi1p6wi5bR0h13SEmgOGqcX8YZkJrriQLjhL/S1C/f0XpA+i+H99NyXMCMVOqEB+CtmV2LT6 + 4EIK8tPmUWfXdwOQ321ON3JPOgl7vIrzckWCa8rKfkJWjAulOHU1qedAqpv324v9rdV6gUS7Xq+f + AQAA//8DANESwnr6GgAA headers: - ATL-TraceId: - - f189b2dd58485522 - Connection: - - keep-alive + Atl-Traceid: + - 41f8da96645feb00 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1ab0df40-3cfe-4221-916f-1cc36394bf58 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '230' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c131eada-cafa-4918-aa8f-45de23e45b40 - x-envoy-upstream-service-time: - - '104' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1336,366 +1226,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1JmjZrbqIHFVmFdk+ySD6mWEmT0qbCsux/N8XFj9vwzvPM - y5yIVjPuJ0ckeY9xnOVmY7FDE234CIWKTs1zr3zhMZKMfOI098EnmALQAgrIm93NS3P/3P5ud8ug - 00Tk6wplkMEhIxZHF44D+tgeR0wHbl1YbJL00jv7rRC5CpW4hHcqriADRnPgORMt5RKoLHkBAFfA - AJI/45R62374x25byhIo2XVRMf7DmuHBdyGBgm1FXXVamRJLhTWYrha1tloJ6AyA4lwIjeWfgujW - hsd+UmR9p1OLi0/BqDU+EXeZCPq3fUPO5y8AAAD//wMAe3ypwVoBAAA= + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - d9e00d98819ae9f5 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 80554141-a26e-408a-9d1d-77ccd4e71c6a - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate + Atl-Traceid: + - e24c7ffd58e44140 Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d9b0d276cc13c16a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 41a595b1-e400-4c17-b155-f4294a42ced1 - x-envoy-upstream-service-time: - - '67' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSiJVI04mVbscdY1xbhjQ2VW7ymnpN7Mh2mvY2/vd7 - dhLKYOU2BhLEz37fP+9jf3FgU1CeOJEjgScgIXnNIEtUh9McVEfFS8hpRxQgqWaCqw4kTOegaSde - Up5CJtLOGqTCPUjGUEhQwHV91uk4zFj2fW9whAsF2QKXS60LFbluAguIdSI+ix7VGVWKUd7joF20 - oV1aMDdwmVIluK2BFWxR/3w6mky7R56HkoUN1om+OAqdliqmGlIht3VwCa5QIfACv+uF3WAw9YOo - H0ZBvxcehb97gbVhfehtAdbME2M0+q7veV5wm3WzSEDFkhWmIig9JiqnWdYhCVOa8ViTgkEMRCxI - JeSqZ7RjwS9l9iNRKIhLCe6aQUXXVFP5h2L/wsscm1Tmz2rRafLS9/r+oFlOMdCXu5Q7jmk0+ppS - tTI9KufafEULminoOK0NJ7JGbjqOZgiMApvsRLzETJxCis8Y3hOr12jb2tlutLUzizsN30V6yZnW - aMDgq9E2Sf1tzyqx0BWVJjHF8iJjiJDkXjZYXAuZcLAJBz8SblPmxllT6YKZwuLP3TqH3gv0HISb - IHyyYdtCi5Jnqvn/iC//cOMf/pqvTeus+XjEWz/Y9INf89aAU7Ufe73d3Jj53ryv2QU7dv0JO5im - ElKc6wcwREyJrKzHrJbEpdIitxQxQw/Bi30bg4c2auqopWYwLf05UdfHJdXIijXp/Dzea0a75TC3 - tiYNmO3nUJQmJ9/w0pURMJ46kZYl3DRUZYxJFteZfnkgM4HhUbUUZZacMFVkdNsMAIoxKv0e6cIM - RVMMCZirmbrv8aQfvmh58n7VvH3l9PdtBDvKYEIyvX1iDVt1N/w5umQ5TUG5RkO1RhgKMlH11Drd - UcyZqFoqCp2bh4n020QyOgdDJgaa9w6ZqfxuGfx9OPQHph5LqkYFi88YX9mr+AQKczPzuO2i7W1l - 924lXPARXsx0nsEYqKqRIZsv5+Ls8s3p+ezsdDg6n4xmo/H43RjzwwFSWBA8MF0CuUDW5JoYv4Qp - Ini2JTiRLDNGiRbkLyYpuZCQ49SSUiFme3ZG72dxhAa9r8zzwqQfOfWFgb3D4u9G6psxxjakjNPs - /qHmXdGU1+I8w+haJsC+phxuT5eFmdkfwHH9Ungi9Grl29vq28v959C4g9srGq/wIdVCrjVe+xo2 - T5pfCrh9F7nt8yRoL1cOBuqxyIQ8r6OZZyV0U4mssXscCHIi6maLvMCnHtdNFx7r37fF+ch3vwdT - pjM4iMj1B1r4ERkKsWJArphG1tJkYi8P8jqj6VeTK6aaiZhmS6F0NPAGnrtgPEFidINB/+iTtXhi - a4FhfhbEoCQ6IP+vSp6bv79ZAxNAvCGpoCKOvxUNr0a4uuQrLqpd7MP3D6QHF1IkJb5iRjzFicqx - Pu4Uy4Hnrm0yaJf8KaquFnsSKhoDwSfikmtfafJPSaUGSXYm96jCzqdvtT8cX5BJTPme8+bt5B4e - hXXdXknK46U7pSkGe46traUly5LTk7uiochzpgnS0/KO2BRuqzTkCnNPCsEQGQeRldv6G5jmlHHF - NPQQPFEY9vft7ZO7CfqcCyqTtge3vTjZQcx4PSZxjSSMkswBOFGgSdXASiPL1e8SskBodUi1ZPGS - 5EC5wk1an2gsYP3QAqFxjCwJCVkzSkoEfiy3BdIMHuMc6gu3Z0IZI/6QQGOIWtxVVdUTFVVFT8jU - RdTBplcsCwsMBOBsIeSsdqZmVOP1PS+xNbPn766OJxfdydsuXjQWmpfjs9roY4V5C5hkEpE3o+lH - jlyOg4voiYgo1vFHPlozc4VgcBPQ3Xrcmr3/AAAA///sWW1r2zAQ/ismUGhL7VhOnJfB6MJeYB82 - ygob9Jtiq42Z37DsdKPLf99zkqKmTpyNbpR8CJSiRNLdSbp77rnLvyqIsyTuUqDn9ijoFksrlgn+ - S31HXSq21ynH+ITMfqfKUPKLbwuRU3g73D5vgSoVdsAhyJhkKZwkx4tkao9TVJQDOWYlpSCkv+8i - vyD/yB0EgSZXDk/v+U9yNKfkykkaiYd14DkbfoJKNBephziW5HnWzzY8kXSRo0K/sU+uDSR5soGX - 7rRTed75x6zkUU3n/Fw4ifrgAE/outTtn1/XopSUwiuhcUboxSayreuqyAXouSM2xKXNrt+6bGAu - FLV9QXhEkHbK8bD5mXN69guPmdbFK2DJNkNkXQyRDdcTlD7qCulPsVzire2lYYcMv3PC8i51w4pl - 7l7YxcN8Ww+0J6Y7+Us77yGYebQgQNY5UjZZximB9/6U7egOiY4X1TOzPdGyS2AWFREopMJbPhzE - bD4Z+uEcBxiPpywIRkQu7CJo2LNM0APP4hg6kPF7jza4prR7YyGOhO6tr7XHe6AWapkCGD3shyxg - Q8F8MQji6SgaROGYRZMwjn0+umVichm/VlJOBrOT4AP+9D4347nJfa6rv5JeI9173IgbeOTsXtnM - 0ySiK3NLziXdGPYjsuoE3BnDd1fuyCtzsr9duB++xe3y//AtbrcQDt1iYFKsq2jDjzeZ5pXpfVE8 - ETjrSl3j2g3wFcvfN1VRiv4NoChaPAYetawwayOZ9Jjmm6HWlUHcIxS8/KMfoeAlLD5CQScUWIIB - E+90xD1Qt9uMfcgtap5itM2ZfPCu3sOqtz3R1ZnzbWeuPWE7Xe0JS+FEvkyqItd0xxT+jfnpRX/8 - myMsi/q/tVS1LCsTilAOfi1Uc2jdB4VraYsf1kODus/Wr36k6q/lXvQy/uOLkE1KgjfOqto6VT2r - 9bmpt0ytHzq5/f7p5uDJbrNBWbtarX4DAAD//wMADtsEY8EbAAA= - headers: - ATL-TraceId: - - 17916a4a3bbdba09 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 24873932-1b2d-4112-8238-2d063f66ed8a - x-envoy-upstream-service-time: - - '141' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - daa4c59cdb5b342a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + X-Arequestid: + - 67a7af19-b015-476a-8610-3d5ea85a256d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '187' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - faf529bd-c7a5-4844-b51d-7ed01a2a4405 - x-envoy-upstream-service-time: - - '120' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without - Secure Flag|http://localhost:8080/finding/2839]\n\n*Defect Dojo link:* http://localhost:8080/finding/2839 - (2839)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/694]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Secure Flag|http://localhost:8080/finding/264]\n\n*Defect Dojo link:* http://localhost:8080/finding/264 + (264)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -1708,51 +1325,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1675' + - '1258' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: '' headers: - ATL-TraceId: - - 542f1fcce3d1f0ae - Connection: - - keep-alive + Atl-Traceid: + - f26c118ff4910713 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 131ea60e-145f-4c6b-aa6e-3bd44c489418 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '207' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9b007de7-0823-4983-9fdf-c13549caebb5 - x-envoy-upstream-service-time: - - '319' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1762,95 +1385,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy8WEkdAMaSJu2VL08x2GqBZYdDSWWYjkQJJRfba/vcd - SSlO0zpr0wRIxCPv7bnnjvzowbqiPPMSTwLPQEL2ikGRqR6nJaieSldQ0p6oQFLNBFc9yJguQdNe - uqI8h0LkvVuQCvcgm0AlQQHX7qzX85ixHIbB6BAXCoolLldaVyrx/QyWkOpMfBADqguqFKN8wEH7 - aEP7tGJ+5DOlavA7AzewQf3z2Xg66x8GAUqWNlgv+egpdFqrlGrIhdy44DJcoUIURGE/iPvRaBZG - yTBOouEgPox/DSJrw/rQmwqsmSfGaPT9MAiC6C7rdpGBSiWrDCIoPSKqpEXRIxlTmvFUk4pBCkQs - SSPkzcBop4JfyuJ7olCQ1hL8WwYNvaWayt8U+xdelFikunzmRKfZizAYhqN2OcNAX2xT7nmm0Ohr - RtWNqVG90OYrWdJCQc/rbHiJNfK552mGxKiwyF7Ca8zEq6T4gOE9Eb1W22Jnq9FhZxb3Cr6N9JIz - rdGA4VerbZL6y55VYqkbKk1iipVVwZAh2YNsEFxLmXi0jkffE24Lc+usRbpiBlj8uY9zHByg5yhe - R/GTDdsSWpY8U+3/R3yF++tw/+d8rTtn7ccj3obRehj9nLeWnKr72Ont82fT3+u3brpgxa7fYwXz - XEKOff0VDZFToqhdmzlJWistSjsi5ughOti1MfrahhsdTmoa044/L+mHuKQap6IbOj/OdzfR7maY - 76xJQ2b7eSxqk1No5tKVETCee4mWNSAcaFO/xWY3lHaxWXPGvGSpy/3jVzITKiqrlaiL7ISpqqCb - tiVQnErAXE3XfWtOhvFBNycfohbsgjPctRHt2hhuZwkTkunNE8Ht1P34x+YoK2kOyjcaqjPCUFCI - ZqBu8+3sORNNN6NizxZkAWaYGGo+SMp05TezDXfxMByZtFdUjSuWnjF+Y6/iE6jMzczTrma2ko3d - u5Nwwcd4MdNFAROgyvFAtl/exdnl76fn87PT4/H5dDwfTyZvJpgGNpDCvPHAbAXkAqcm18T4JUwR - wYsNwY5khTFKtCB/MknJhYQSu5bUCjk7sD36MItDNBh8YkEQZ8PEcxcGlggx3rbUF22MaOeM0+Lh - ofZd0cJrWV1gdN0kwPLlHO5O15Xp2W/yeBgMotGw47F7KTyRYU757rb68nL/MdJtWfWSpjf4kOqY - 1Rl3vo7bJ81PBdy9i/zueRJ1lysHw+hUFEKeu2gWRQ39XOKM2D4OBDkRrtiirPCpx3Vbhcfq9yU4 - //Dt796M6QL2EnL9jlZhQo6FuGFArpjGGaXJ1F4e5FVB808mV0y1ECktVkLpZBSMAn/JeIaD0cey - Hr63Fk8sFhjmB0EMS5I98v+q5Ln5+4s1MAXkG84OVMQut6LjqzGurvFffz+MbSgG9rSBQcm0hIGQ - uY+so6YSDJ8lhq0+Hh2sdFnYuJydt8bOJb/houlkF1JkNb57xjzHHiwRUX+GABp/Nn2MhPwhmr4W - OyCoWgPRe+KT61Bp8ndNpQZJtiZ3qMLWZ2i13x1dkGlK+Y7z5rXl7x/GDumXkvJ05c9ojsGeIxmc - tGZFdnpyX3QsSoSJ4EBb3RMbqDdKQ6kw96wSDLm0l1i5rZhBuKSMK6ZhgHRL4ni4a2+XHIuiVgtB - ZdbV4K4WJ1tSGq9HJHXcwyjJAoATBZo0LRE1zkX3kiFLJGOPNCuWrkgJlCvcpO5EawHxQwuEpinO - VcjILaOkxlZJ5abCwYTHOAd3IQ9MKBNkLI7cFJKOqU3TDERDVWWJhTyF9aBaVZYYSNn5Usi5c6bm - VOP1vqixNPPnb66Ophf96es+XqWWzJeTM2f0MWBeAyaZJf8BAAD//+xZ22rbQBD9FWEIJCGSJdny - JVBS06alDy0hLi2EvKylTSyqG7o4Da7/vWd2VxtHttySluAHQwhr72pmNDtz5szY+Hj59TYB+iPV - ET3nRpot/NvkchFS0YFxU16aMkHrvX9UEMRh0KZA7u1Q0C6WTixC/C+kj9pUbJ4TgfEZ6XsvGleK - i+9znhAgGExfb4q+FnYgIMiYcMGNMMGNxOIZI82pajLsFlS0UDB/8OSM4iMxkASSfBksemCPFGhG - xkSQVAUu1kDkrMUJeteERxbyuKDI03G2FomkiwIV+pV9RW0gySsqROlWO0XknX6KM+aX9J5fUiMU - HwzgCblLeP90WvKsoKKfc4kzXB5Wma1DV2Suwkc4bTJ9Zzo95dBrnqWERwRpxwwXm5wYxye/cJlR - mZ4DSzY5pdPGKZ1+24ZXb1AlKnNUUkGYifA2jtr6aHOjjanZmqkJ1wteuv2g7iCaG+OtjKdZKZHM - zJ8TIMuqWlRxzKjkd/5UH8mHRODT/IX8gIjcBTCL2g60Xt4d6/cCZzbq294MLzAcjh3XHRAd0Yeg - YccxThc8CQLoAEfoPNlgqmbwrYY4ErqzI5cRb4GMiGMCYOSy6zmu0+eOzXtuMB74Pd8bOv7ICwKb - De4cProI3ggpR73JkfsBf/I5M2aJqn2mKb8qrKowH+AR07Uo2K2smkWhTy4zM8YK8hieF/UdbBvL - 91fmwMoSsr/Z6u+/xc2Bwf5b3Bw67LvFgJ5AdtmKUa9z0ys1LaN8InCWvb2ErxvgK45fVnma8e4N - EMefPyUeDbmwqzOZ9KhxnSLjuULcAxS8/qUfoOA1LD5AQSsUaIIBE+9lxi1pPq7WNuSmJYuw2kKN - wLs6y1Vnc6Ntlme3zfJsPctrbmgKx5NFmKeJpDtqVFCpH2vkx796BXSXQsKyXioUfAHyrf3M1K3l - nnVi9vOaF1VEgtd0i8FMXk5KacciLf/bMFjK0jKhCm3pt1SMtep5LU2jaVhEGrUdz411n1mrHhDe - Wa1WvwEAAP//AwBwqwEm8xsAAA== + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPeI5joBh6GJ3yxZkWeKkQNMioKlriTFFaiQV22v733ep + h906dbdkWBHAER/3fe7hfefBqqQy9RJPg0xBQ/qSg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozH8AbfAM0ksoNRiQtr3LKmNVMXcK76IwjMK+hj8rMHa6LuFCU2Y5A8/3uLMfRUejAS4MiDku + c2tLkwRBCnNgNlX3qk+toMZwKvsSbICWbEBLHsQBN6aCoFOwgDXKn08nV9NeNBgMcat2wXjJO8+g + b5Vh1EKm9LqJIcUVSsRhHPfCUS86noZhEh0n3x/1h6PwuzAOQ+ekM2LR8VrNM5108gGmIow3YbeL + FAzTvHSJw90XxBRUCJ+k3FgumSUlBwZEzclS6UXfSTMlr7V4oheV5K5cVNzRB2qpDh44LIPara2D + 7VEUHkajHw3/C34osOxVgVYdLNDklJqFq1U1s+4rmVNhwPcawVOMq5b1vZwjcDTL12fwAOhr+MH3 + LEdklYgSL5EVxujtwOQw7A5Kre4xomcmvJWu010XsEu3W3wEkm1U15JbiwqMt7HtkPpbfdeouV1S + 7fBqeFEKjg6nO5FjPWqUDUarweiJ7n6hMl0km7oMwiN0Ix6s4sH/a6Wpfo1FNBgNV9HwaxhcdRYP + 49Vh/DUstgD/8OExHKN9OI27gzlf3TQciNW/fYtoyDINGdLKI6yjn0pUTZd/Vmt8tO9gtO/g+LHy + htKaXUcYNXt7SS/CJbVI6g0ZPr2pGqrdkmvQqNOuZerPE1W5aCNHmK/cBpeZl1hdAaYWldobrIZr + nMa5Wp/TrzlrsvLu0Z7zFYVNriqRjrkpBV23jefKpQGDdb39OQKPR4cdge+mbUMzuwf7Ch5vCr57 + cLhlLK40t+tnZrcTD9w79gSC5wXNwAROwnRKOG4Iteybh2zLcGdq2THhwKsLMgNHWQ60u6/1cE+0 + 0T6ERiMXdk7NpOTsjMvFS3cyhtJNFpJ1NasruazPNjtSyQkOFnQm4BKoaXCg2y/v4uz659Pzu7PT + k8n51eRucnn5+yWGga1lMG68MM2BXCA3S0ucXcINUVKsCfY5F04psYr8yjUlFxoKbHRSGcRs/3P9 + HmE7eeF7Hoaje514zXuFJcIcb3vqkwbHbGdcUrF7qZ2L2vTWqBboXccRWL5MwuZ2Vbqm/Rc4bkaY + ZyKsEd68iZ9OHU8D3RZVP1G2wEGwQ1anvLF10s5a/8nhbmALurkp7p5wCQ7RTAmlzxtvZqKCXqaR + I7bjiiJj1RRbFSWOqtK2VfhS/T5Nzhu5/TuYcivgICG3r2kZJeREqQUH8opb5ChLroBVGshLQbP3 + LlYMVShGRa6MTUbhKAzmXKZIjEE8HLytFY7rVKCX94o4kCQH5B8lyTf4820tfoXjlSMOFMMWb50c + V0DGGA9ujoH1STT0icPWJoqTVxM8u8V/vWE0qF11ZWFL6BfcaugrnQWISuoqxXE4cmgO8Go/t4Wo + HW/03Dg913Ih1fLjLF1olVb43E5khn1aYNaDKSbZ2axThA6TX9SyZ9WeNJWtgvgtCchtZCz5o6La + giZblXtEYWszqqVfv7ggV4zKPffd3Ocm3k1UH8VxtTYWCoNxpKXiiJ2DpN6vS+QyVlAuDbfQR3hh + wkw+U1Sn+2480j/eAs1pfkFYgyekUjIDkMSAJcsWXBa5zjQAmyPAfLLMOctJAVQaPKTNjVYDxvtG + zoBQxpAsISUPnJIK8c/0ukS2wXt/AwAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6npxN8oo+RDIByeS755Ouqd3F85jdcs6DUQX2OtbWcURoOtVzOmAWczY + FSjysCIgoWVBcFlrvhRZIt+xREYUzDCaEwOCfe9ifkLAYHxdWOoqt9imYr9oiVbKJLoyx9G2GLca + AFGi8XjjYMdzWrNZoYrBT05BIG8UIyDQCPMaIhnMSwRoJ9LGmhurv0Qy4jJByGj1+rxUVeWIiuWp + zApkYfzgpKtUnmg4mcPmXPueswLaZVHiTM3736+nVzP76sKGTpDJapykgo4yZUOfRcmaH1v94984 + KJtCfMQx/FOyeF2SxRt2DQT1ABFdgZL7Tuox0lOtqa6Z2h4wQkCGXKqb3RO7hIHbJV1dI10RMRau + KF13KOg2MedlkjC6UXp/o1+KIelDkb3x+iGdcI7sIVX7LToLlmw4iLzFZOgGCyxgPD71fH9Et52Z + BA+vTItpg6dRBB+4gnrPGGxdnHwyh4yMvlpWqhRwcNfJaZJ9dGkTeL43jD03HvjR6SgchMHYCydB + FLlstPTiyXl0Jq0cDaZH/ld81Ht2wrimTdtWP+VOmdsVImL7DvGxk5aLzTqkkNkpYzlFDO/L6wFi + Do+fZ/bISTnhb5eo+4+4XePuP+J2jbzviEE9kSritGBrap+ZbvlQPhFZq9JR0dcNhBumfykzgVr+ + BlQUrp4Tjzo1GDWZTH50f0prvUwz7oEK3n/TD1TwHogPVNBJBUZQAOKtyrhHavLqZxd2RcF0i7ot + U7o6Qm5XR8g1HaH2gFFqMb9fZ4IryaMLzlL/F6G+/hNSkSgLj/WjJrs3EFzjb5QPtd2TXsIeLuO8 + 3JDhhm9Z3mfFtFA47kXx/3qKypgxCl+ohH4I2R2p237U1aSeA7k0QF6i9V/A1S/I8Gy32ycAAAD/ + /wMA/TixaPoaAAA= headers: - ATL-TraceId: - - f6f0f4a25327d35d - Connection: - - keep-alive + Atl-Traceid: + - 74c8fbf860467ec0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:34 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ca57f86f-0b75-4fd5-8535-db7df5a801b9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '248' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5df8c4be-6239-45a4-aabd-4475d7738c79 - x-envoy-upstream-service-time: - - '174' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1860,174 +1487,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0m2W3EQPKrIK7Z5EJB9TrKRJaVNhWfa/m+Dix21453nm - ZU5EqwUPsyOSvMc4LXKzsdijiTZ8hEpFp5ZlUL7yGElBPnFehuATTAFoBRWU7f76ub176n63+3XU - aSLyJUMFFPBaEIuTC8cRfeyOE6YDNy6sNkl6HZz9VojMwlZcwlsVM8iA0RLqkomO1hKo5HUFAFfA - AJK/4Jx6u2H8x+46yhIo+baqKf9hzXjv+5BAwXai2fZaGY5cYQOmb0SjrVYCegOg6loIjfxPQXS5 - 4WGYFcnv9Gp18TEYleMTcZeJoH87tOR8/gIAAP//AwDYhEmZWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+310/7++e2t/tbhm7 + NIF4WaEMM3zNQOnJ+uOoXWyPk04HbqxfVJK6ZbDqWwGRBIr1JbyVcQUpUppjkxe8xUYgF7QmiHiV + SEx+0HPqbYfxH7ttEQVFgYxsm+KH7cd7Z3wCWVVwUxpjSt5QyrBsEKtaUlb0EhXrOa80luxvQbRr + w8MwS1jfMXKx8dH3co1PYC8TaPd22MP5/AUAAP//AwD8FvxdWgEAAA== headers: - ATL-TraceId: - - 1ed7862fc1ad7357 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 4bce999698c66ab8 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5027060f-fc7c-4416-9bcf-6fd154cafe54 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f804d28a45224b2e - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d0a13de7-ff01-4926-9c2a-ec10470c6763 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c6fdbdd6-3b80-4f44-b2f5-0774f1c9dc08 - x-envoy-upstream-service-time: - - '67' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2037,94 +1557,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11785 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/2/TOBT/V6z8gLhd23xZGF0kdBpd4XY3xq7tmMRAlZu8pqaJHdlO0x7sf79n - J1mhozsYm7TFz37fP+9jf3ZgXVCeOJEjgScgIXnFIEtUh9McVEfFC8hpRxQgqWaCqw4kTOegaSde - UJ5CJtLOCqTCPUhGUEhQwHV91uk4zFj2fe/Yw4WCbI7LhdaFilw3gTnEOhGfRI/qjCrFKO9x0C7a - 0C4tmBu4TKkS3NbAEjaofzEZjifdY89HydwG60SfHYVOSxVTDamQmzq4BFeoEHiB3/XCbtCf+EF0 - GEbBs94zL/zdCzxj1frQmwKsmUfGaPRd3/O84C7rZpGAiiUrTEVQekJUTrOsQxKmNOOxJgWDGIiY - k0rIZc9ox4JfyexHolAQlxLcFYOKrqim8g/F/oUXOTapzJ/UorPkhe8d+v1mOcFAX2xT7jim0ehr - QtXS9KicafMVzWmmoOO0NpzIGrntOJohMApsshPxEjNxCik+YXiPrF6jbWtnu9HWbqfh20ivONMa - DRh8Ndomqb/tWSXmuqLSJKZYXmQMEZLsZIPFtZAJ++uw/yPhNmVunDWVLpgpLP58XefQe46eg3Ad - hI82bFtoUfJENf8f8OUfrf2jX/O1bp01Hw94OwzWh8GveWvAqdqPvd5ub818r9/V7IIdu/mIHUxT - CSnO9T0YIqZEVtZjVkviUmmRW4qYoofg+b6N/n0bNXXUUjOYlv6cqOvjkmpkxZp0fh7vNaPdcZhb - W5MGzPZzIEqTk2946doIGE+dSMsSbhuqMsYki+tMP9+TmcDwqFqIMktOmSoyumkGAMUYlX6HdGGG - oimGBMzVTN33eNJ/HrQ8uVs1b185/X0bwZYymJBMbx5Zw1bdDX+OLllOU1Cu0VCtEYaCTFQ9tUq3 - FHMuqpaKQuf2fiKHbSIZnYEhEwPNnUNmKr9bBn8fDv2+qceCqmHB4nPGl/YqPoXC3Mw8brtoe1vZ - vTsJF3yIFzOdZTACqmpkyObLuTy/en12MT0/GwwvxsPpcDR6O8L8cIAUFgQPTBZALpE1uSbGL2GK - CJ5tCE4ky4xRogX5i0lKLiXkOLWkVIjZnp3R3SyO0aD3hXlemMwiZ2dkseQp4zTDZmI3tjNm9nZl - zbuiKa/FeYbRtUyAfU053J0uCzOzP4Dj+qXwSOjVyne31beX+8+hcQu3lzRe4kOqhVxrvPY1aJ40 - vxRw+y5y2+dJ0F6uHAzUY5EJeVFHM8tK6KYSWWP7OBDkVNTNFnmBTz2umy481NNvi/OBb38PJkxn - cBCRm/e0CCIyEGLJgFwzjaylydheHuRVRtMvJldMNRMxzRZC6ajv9T13zniCxOgG/dD7aC2e2lpg - mJ8EMSiJDsj/q5Kn5u9v1sAYEG9IKqiI429Fg+shrq74kotqG/vg3T3pwaUUSYmvmCFPcaJyrI87 - wXLguRubDNolf4qqq8WehIrGQPCRuOTGV5r8U1KpQZKtyT2qsPXpW+33J5dkHFO+57x5O7lHx2Fd - t5eS8njhTmiKwV5ga2tpybLk7PRr0UDkOdME6WnxldgUbqM05ApzTwrBEBkHkZXb+huY5pRxxTT0 - EDxRGB7u29sndxP0ORNUJm0P7npxuoWY8XpC4hpJGCWZAXCiQJOqgZVGlqvfJWSO0OqQasHiBcmB - coWbtD7RWMD6oQVC4xhZEhKyYpSUCPxYbgqkGTzGOdQXbs+EMkL8IYHGELW4q6qqJyqqip6QqYuo - g3WvWBQWGAjA6VzIae1MTanG63tWYmumT99en4wvu+M3XbxoLDSvRue10YcK8wYwySQir4eTDxy5 - HAcX0RMRUaziD3y4YuYKweDGoLv1uDV7/wEAAP//7Flta9swEP4rJlBoS+34JU6awejCXmAfNsoK - G/SbYquNmd+w7HQjy3/fc5Kiuk6cjW6UfAiUokTS3Um6e+65y78qiLMk7lOg5vYo6BdLK5YJ/gt1 - R30qttdJx/iEzH4vy1Dyi28LnlN4W8w8b4EqFXbAIciYZMmtJMeLZHKPVVSUAxlmBaUgpL/vPL8g - /8gtBIEiVxZLH9hPcjSrZNJJGoGHteA5LT9BJZrz1EEcC/I842ctTyRd5KjQr+0TGwNJnmjgpTvt - lJ53/jErWVTTOT8XViI/WMATui55++c3NS8FpfCKK5zharGObOO6MnIBevbYG+HSZjdvbS/QF4ra - viA8Ikg7ZXjY/Mw6PfuFx0zr4hWwZJshen0M0Ru1035dIf1Jlku8tbs07JHh9k4Y3iVvWLLM3Qv7 - eJhr6gGEJYsWBK07KZ47NQvbHKebB0WTZYwS+OBP2Y7ukOh4UT0z2xMtuwJmURGBQiq8Y6Mg9uZI - cuEcBk8mU8/3x0QuzCJo2LOM0wPP4hg6kPEHjzbYurR7YyCOhO6tr5XHO6AWcpkEGDUchp7vjbjn - 8sCPp+MoiMKJF12Gceyy8Z3HL6/i11LKSTA78T/gT+2zM5br3Gfb6ivhNMJ+wI3YvkPO7pTNPE0i - ujK7ZEzQjWE/IqtOwJ0xfHdtj50yJ/u7hfvhW9wt/w/f4m4L4dAtBibFqorW/LjNNK9174viicBZ - VeoK126Br1j+vqmKkg9vAUXR4jHwqGWFWRPJpEc33zS1rjTiHqHg5R/9CAUvYfERCnqhwBAKmHiv - Im5F3W49diG3qFmK0TZncsG7Bqv1YHuirzPnms5cd8J0uroThsLxfJlURa5Iki78G/3Ti/r4N0dY - FvV/a6kqWUYmFKEc/FrI5tCmDwrXUhavNkONus/WL3+kGm7kXgwy9uMLF01KgltnlW2dqp7V6tzU - W6bWD53cfP90s/9kt94grV2v178BAAD//wMAt9q2jcEbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN7uJI2AYutjdsgVZljgt0LQIaOosM6ZIjaRiu23++456 + sZuk7pYMKwI4Ennv99yj++jBqqQy81JPg8xAQ/aKg8iML2kBxjdsDgX1VQmaWq6k8SHjtgBLfTan + Mgehcv8WtME7yM6h1GBA2laWVcaqYuYMXsdRFEeBhr8qMHayLuFMU2Y5A8/3uPMfxwfDF/hiQMzw + dW5tadIwzGAGzGbqRgXUCmoMpzKQYEP0ZENa8jAJuTEVhJ2BBaxR/3Qyvpj04sHgAI/qEIyXfvQM + xlYZRi3kSq+bHDJ8Q40kSpJeNOzFh5MoSpMojaIgSfo/REkUuSCdE4uB12aeGaTTD7EUUbJJu33J + wDDNS1c4PH1JTEGF8EnGjeWSWVJyYEDUjCyVXgROmyl5qcUTo6gkd+2i4preUkt1eMthGdZhbQNs + r+KoHw9/MvwD/Fhg26sCvTpYoMsJNQvXq2pq3VM6o8KA7zWKx5hXret7c47A0Wy+PoFbwFijO9+z + HJFVIkq8VFaYo/cAJv2ouyi1usGMnlnwVrsud93Artzu5TOQbLO6lNxaNGC8jW+H1N9rWaNmdkm1 + w6vhRSk4Bpw9yBz7UaNsMFwNhk8M9yud6TLZ9GUQOVQng1Uy+H+9NN2vsYgO4/1VvP8tHK46j/1k + 1U++hccW4Hd3j+EY78Jp0l3M+Op1w4HY/av3iIY815AjrTzCOsapRNVM+RetJge7Loa7Lg4fG28o + rTl1hFGzt5f2Yt/DqtnXWBEH3laAWqT5hh6fPmYN+W7pNmzMaTdE9eORqlz+saPQN+6Ay9xLra7g + rmVVZ01z1lTl46MzFxmKmrmqRDbiphR03Q6ea5cGTNbN9n0Cjw/TF4fBsH/QEfjDsm1o5uHFroYn + m4aXmivN7fqZJevUw8HTeJwXNAcTOg3TGeF4INQyMLf5lshO1LIjvIH3GNJJv0tE0Ck4ynKgffi1 + 3t9RhngXQuOhq8ecmnHJ2QmXi1fuZgSl2ywk63pWd3JZ321OpJJjXCzoVMA5UNPgQLdP3tnJ5S/H + p9cnx0fj04vx9fj8/I9zzA9Hy2BBUGAyB3KG3CwtcX4JN0RJsSY451w4o8Qq8hvXlJxpKHDQSWUQ + ocGX5j3GcfKiTzyKhjcfUq/5XmHvsPjbmbo34NiGnEsqHgq1e1Fb3hrVAqPrOAL7mkvYSFelG9p/ + geNmhXkm9BrlzTfx/tbxNDRu4fYzZQtcBDvIdcYbX0ftrvWfAu4WtrDbm5LuEy7BQZ0pofRpE81U + VNDLNXLEdl1RZKSaZquixFVV2rYLX+vf/eK8k9u/vQm3AvZScvWWlklKjpRacCBvuEWOsuQCWKWB + vBI0/+RyxVSFYlTMlbHpMBpG4YzLDGkwTPZfvK8NjupSYJQ3ijiQpHvkHzXJd/jzfa1+geuVYxRU + w9lvgxxVQEaYDx6OgAUk3veJw9Ymi6M3Y7y7wn+9/XhQh+rawpYQFNxqCJTOQ0QldZ3iuBw5NIco + GsxtIerAGzuvnZ1LuZBq+XmVzrTKKvzcjmWOc1pg1cMJFtn5rEuEAZNf1bJn1Y4yla2B5D0JyVVs + LPmzotqCJluTO1Rh6zOutd++PCMXjMod8m7vcxvvJqvP8rhYGwuFwTyyUnHEzl5an9ctchUrKJeG + WwgQXlgwM58qqrNdEo/sj7ZAc5ZfEtbgCamUTAEkMWDJsgWXRa4zDcBmCDCfLOeczUkBVBq8pI1E + awHzfSenQChjSJaQkVtOSYX4Z3pdItug3N8AAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSF + FlYog6DYThMaS8Y/6o4u/3vfSbLqeHU3yij5EOiHNJLvns66d+8unMeqyjoNRBd417eyiyNA16uY + 0wWzmLEr0OThREBCx4LgstZ8KbJEPmOJjCiYYTUnBgT73sX8hIDB+LqwVCm32KZiv+iIVsokujLH + 1bYYtxoA0aLxeOPgjed0ZnNCFYOfnIJA3ihGQKAR5jVEMpiXCNCLSBtnbpz+EsmIYoKQ0en1famq + yhEVy1OZFcjC+MFJV6m80XAyh8259j1nBbTLosSdmve/X0+vZvbVhY26K5PVOEkFXWXKhj6LkjU/ + tvrHv3FRNoX4iGv4p2TxuiSLN6wXiM8KdNZ3UmSRbGpvDTpsuJ0LRgjIkEvZ8/LGLmHgdklX10jX + nYLaJmKEk4UrymVF2nmZJIwqSu9v9EsxJH0osjeWH9IJ58ge0rDforNgyYaDyFtMhm6wwAHG41PP + 90dU7cwmeHhlW0wveBpF8IES1HvGYOvm5JO5ZGT01bZSpYCDWie3SfbRrU3g+d4w9tx44Eeno3AQ + BmMvnARR5LLR0osn59GZtHI0mB75X/GnnrMTxjVt2rb6KnfK3K4QEdt3iI+dtFxs1iGFzE4Zyyli + eF6WB4g5fPw8s0dOygl/u0Xdf8TtHnf/Ebd75H1HDE6KVBOnBVtT+8z0yIfyichaNYqK124g3LD9 + S5kJ9PI3oKJw9Zx4NKnBqslk8qPnU1rrZZpxD1Tw/i/9QAXvgfhABZ1UYAQGIN6qjHukIa/+7MKu + KJgeUbdlStdEyDUTofaCmbC0F4xSi/n9OhNcqRrdcJb6twj17z8hFYmy8Fh/1GT3BoJr/IzyobZ7 + 0kvYw2Wclxsy3PAt2/usmBYKx70o/t8EURkzRuELndAPIacj9diPppo0cyCXBsguWn8Hrn5Ahme7 + 3T4BAAD//wMAKiBAYfoaAAA= headers: - ATL-TraceId: - - 41ba8f55ca520ac2 - Connection: - - keep-alive + Atl-Traceid: + - fd7e85eb3008384d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b639a9f9-6150-4133-8f7a-de4325cdc652 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 03cf36c8-14f7-4cfe-8771-096ac96f2a21 - x-envoy-upstream-service-time: - - '164' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2134,92 +1659,93 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - a70e2a83641048c7 - Connection: - - keep-alive + Atl-Traceid: + - 0c061aa43a43f186 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d5687efe-2bb1-4eaa-b102-778275b661d6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5411801c-2e3b-408a-a111-c62df5f78582 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without - Secure Flag|http://localhost:8080/finding/2840]\n\n*Defect Dojo link:* http://localhost:8080/finding/2840 - (2840)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/694]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com:443\n* https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Secure Flag|http://localhost:8080/finding/265]\n\n*Defect Dojo link:* http://localhost:8080/finding/265 + (265)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap2: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -2232,51 +1758,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1675' + - '1258' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11785 response: body: string: '' headers: - ATL-TraceId: - - 261705a3daed514f - Connection: - - keep-alive + Atl-Traceid: + - b4a6c121582539c0 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - faaff8e0-a3f6-4b9d-ab06-208d5967f0bc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 08d3c45e-fcbf-4d7c-b8d9-d948e5beeaf3 - x-envoy-upstream-service-time: - - '265' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2286,95 +1818,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11785 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m681q4ggohjRxt2xpmtlOAzQrDFo6y2wkUiCpyF6b/74j - JdltUmdtmgCJdCLv5bnnHvKTA6uS8tSJHQk8BQnpawZ5qnqcFqB6KllCQXuiBEk1E1z1IGW6AE17 - yZLyDHKR9W5BKvwG6RhKCQq4btY6PYcZz0HgH/r4oiBf4OtS61LFnpfCAhKdio/CpTqnSjHKXQ7a - Qx/aoyXzQo8pVYHXObiBNe4/n44m0/6hH6BlYZN14k+OwqCVSqiGTMh1k1yKb7gh9MOg70f9cDgN - wngQxeEL94Uf/eqHvvFqY+h1CdbNE3M0+73A9/1wU3X7koJKJCsNImg9Iqqged4jKVOa8USTkkEC - RCxILeSNa3Yngl/K/HuyUJBUErxbBjW9pZrK3xT7F14W2KSqeNaYTtOXgT8Ihu3rFBN9uS2555hG - Y6wpVTemR9Vcm6d4QXMFPafz4cTWyV3P0QyJUWKTnZhXWIlTSvER03sieu1ui53tRofdvYZvM73k - TGt0YPjV7jZF/WXXKrHQNZWmMMWKMmfIkPReNQiupUw0XEXD70m3hbkN1iJdMgMs/nyJc+QfYOQw - WoXRkx3bFlqWPFPt/0diBfurYP/nYq26YO3DI9EG4WoQ/ly0lpyqe9gZ7e7OzPfqXaMu2LHrD9jB - LJOQ4Vw/oCFySuRVM2aNJamUFoWViBlGCA92fRg+9NFIR2M1g2nlz4n7QasXhsGSJU24Tw9shl+Y - vlqKKk9PmCpzum5ZiOaaatTVRrZ+fGIaTdyooNd4k2Yc7OOxqAwqNtMrY2A8c2ItKxMafep3KBdm - KFowJGCtZuq+pZPBQdjp5H3U/F1wBrs+hFvJYEIyvX4iAt12L/oxuWQFzUB5ZofqnDA05KJ21W22 - lZgzUXdSFDl3DwsZdIXkdA5GTAw17y0yU/lNGIJdPAyGBo8lVaOSJWeM39ij+ARKczLzpCOQpVVt - v20sXPARHsx0nsMYqGpIKdsn5+Ls8vfT89nZ6fHofDKajcbjt2OsDwdIISC4YLoEcoGqyTUxcQlT - RPB8TXAiWW6cEi3In0xSciGhwKkllULGuXZG71dxiA79z8z3o3QeO82Bgb1D8Lcj9dUYYxsyxml+ - f1F7r2jhtbTPMbtOCbCvGYfN6qo0M/tNHg/23SDc8Li5KTyRes3mzWn19eH+Y2zc0u0VTW7wItVR - rnPexDpurzQ/lXB3L/K660nYHa4cDNUTkQt53mQzzyvoZxIFa3s5EORENM0WRYlXPa7bLjzWv6/B - +Ydvf/emTOewF5Pr97QMY3IsxA0DcsU0CqYmE3t4kNc5zT6bWrHUXCQ0Xwql46E/9L0F4ynKmhcO - I/+D9XhiscA0PwpiWBLvkf/fSp6bv79YBxNAvqGo4EYcf2s6vhrh2zX+6+8HkU3FwJ7U4BZMS3CF - zDxkHTWdYHgtMWz1cKm71EVu82r8vDN+LvkNF3Vnu5AirfDeM+IZzmCBiHpTBNDEs+VjJuQPUfe1 - 2AFB2ToIPxCPXAdKk78rKjVIsnW5YytsYwZ29/ujCzJJKN+x3ty2vP3DqEH6laQ8WXpTmmGy50iG - xlqxPD09+dJ0LAqEiaCgLb8wG6jXSkOhsPa0FAy5tBdbu+2YQbigjCumwUW6xVE02PVtlx2bopZz - QWXa9WDTi5MtKU3UI5I03MMsyRyAEwWa1C0RNepic5MhCyRjj9RLlixJAZQr/EibFa0HxA89EJok - qKuQkltGSYWjksh1icKEyziH5nbgmlTGyFiU3ATijql1Xbuipqq0xEKewsotl6UlBlJ2thBy1gRT - M6rxrjGvsDWz52+vjiYX/cmbPh5NlsyX47PG6WPAvAEsMo3/AwAA///sWW1r2zAQ/ismUGhL7dhJ - kzSF0YUtG/uwUZqxQekXxVYbM9syfutKlv++5yRZTd04G90o+RAoRamku+vp7rnnLtbH6debBOiP - VEf0nFsirfybZFqFVHRg3IwXtkrQeu8fFQRxGLQpUHtbFLSLpRNViN+58lGbiufnZGB8RvreycaV - 4uL7gicECBYzzyvQ18IOBAQZE1bcChO8SCzvWCKjqsmwm1PRQsH8wZMTio/EQhIoJmix6J49UKBZ - KZNBUuZ4WAuRsxYn6F0THjnI45wiz8TZWiSSLgpU6Nf25bWBJC8vEaUb7ZSRd/wpTplf0P/5RVih - /GABT8hd0vvHs4KnORX9jCuc4eqwzmwTujJzNT7CaZPZO9vra4de8VQQHhGkHTI8bHJkHR79wmNG - hTgHljznlF4bp/RO6w0qOEWGgilZLZHs5tFBiwy3daONqbmGqUnXS8K6+aDpIJCWzF8QtG7oV5oF - sillbNSVccyo5Hf+VB/Jh0TgRfZCfkBE7gKYRU0DWq/BLTvtB94cZXEwh02j0RjUaUh0xByChi3H - OD3wJAigAxyh82iDrZvBtwbiSOjWjlxFvAMyIo9JgFHL7sDreafcc3m/F4yHft8fjDz/bBAELhve - evzsIngjpRz0Jwe9D/hR9+yYJbr22bb6U+6UuX0Pj9g9h4LdSct5FPrkMjtlLCeP4b6s72DbWL6/ - tIdOmpD9zVZ/9y1uDgx23+Lm0GHXLQYmBarl14x6nZte6mkZ5ROBs+rMFa5dA19xfFpmIuXdayCO - v3hMPBpyYddkMunR4zpNxjONuHsoeP1H30PBa1i8h4JWKGiSCVCpznJFd2oKAtvvVCouaXCu1y4U - ioJFWG2Q0jbLc80sr7lhZmPNDUPheFKFmUgUSdKjglJ/WaM+/pWl6C6lhGW91Cj4AuRb+5qpW8s9 - 6cTs5xXPy4gEr+mWg5msmBTKjkoU/22Uq2QZmVCFtvSbkGMtMzwWmRwWkUZjx1Nje0+s1Rekd1ar - 1W8AAAD//wMA1SJervMbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN7uJI2AYutjdsgVZljgp0LQIaOosMZZIjaRiu23++456 + sROn7pYMKwI4Eo/3/tyj++TAsqQicWJHgUhAQfKGQ55oV9ACtKtZBgV1ZQmKGi6FdiHhpgBDXZZR + kUIuU/cOlEYZJOdQKtAgTHuXVdrIYmYN3oRBEAaegr8q0GayKuFMUWY4A8d1uPUfhgfDV/iiIZ/h + a2ZMqWPfT2AGzCTyVnrU5FRrToUnwPjoyfi05H7kc60r8DsDc1ih/ulkfDHphYPBAR7VIWgn/uRo + jK3SjBpIpVo1OST4hhpREEW9YNgLDydBEEdBHAReFPV/CKIgsEFaJwYDr828MEir72MpgmiddvuS + gGaKl7ZwePqa6ILmuUsSrg0XzJCSAwMiZ2Qh1dyz2kyKS5U/M4pKcNsumt/QO2qo8u84LPw6rE2A + rSgM+uHwJ80/wo8Ftr0q0KuFBbqcUD23vaqmxj7FM5prcJ1G8RjzqnVdJ+MIHMWy1QncAcYa3LuO + 4YisElHixKLCHJ0tmPSDXYKwE5RK3mKqL+xEq133oe5s1wf78gA9m3QvBTcGDWhn7dtC+Pf6rpYz + s6DKAlnzosw5BpxslQQbVcNvMFwOhs8M9yst6zJZN2wQWLhHg2U0+H+9NLCoQYoOw/1luP8tHC47 + j/1o2Y++hccW+ff3T+EYdXCc8eVVw4HY5OsP2PQ0VZAirTzBOoYj86qZ8i+CPDrYJRjuEhw+Nd5Q + WnNqCaNmbyfuha6DxTFXmLjFaHOhHnxbJ8VZE9mnJ2cWvVgCnckqT0ZclzldtRjH4wU1+KFoCPb5 + 89jQ94aw/cacstNWPx7JylYwtKG+tQdcpE5sVGV9MwWYrB3hxwQeHsavDr1h/6Aj8O2y7aKZaE0z + 24J1w7cF/Q0xcam4Wb2wEp26P3gewfOCpqB9q6E7IxwPcrnw9F26IbITuegIb+DcWzBMwTKTBe32 + 13p/R7bhLoSGQ5t2RvW45OyEi/kbKxlBaTcLwTq81Cha1LL1iZBijIsFneZwDlQ3GFTtk3N2cvnL + 8enNyfHR+PRifDM+P//jHNPA0dKYN16YZEDOkIKFIdYv4ZpIka8IjjPPrVFiJPmNK0rOFBQ4z6TS + iC/vS2Md4jg5wWceBMPbj7HTfK+wRVjjzUw9GnCsdsoFzbcvtXtRW94a5TlG13EEti8VsL5dlXZo + /wWOmxXmhQhrlNefvsdbx/NAt0HVz5TNcRHskNUZb3wdtbvWfwq4W9j8bm+Kui+1AItoJnOpTpto + pnkFvVQhP23WFUlGsmm2LEpcVYVpu/C1/j0uznux+dubcJPDXkyu39EyismRlHMO5C03yI+GXACr + FJA3OU0/21wx1VwymmdSm3gYDAN/xkWCJOZH+68+1AZHdSkwyltJLEjiPfKPmuQ7/Pm+Vr/A9coS + B6rhiLdBjiogI8wHD0fAPBLuu8Ria53F0dsxyq7xX28/HNSh2rawBXgFNwo8qVIfUUltpzjuQBbN + Pl71MlPkdeCNnStr51LMhVw8rNKZkkmFX9WxSHFOC6y6P8EiW591iTBg8qtc9IzcUaayNRB9ID65 + DrUhf1ZUGVBkY3KHKmx8hrX2u9dn5IJRseO+Xe/sxrvO6kEeFyttoNCYR1JKjtjZi+vzukW2YgXl + QnMDHsILC6azqaQq2XXjif3RBmjW8mvCGjwhlZIpgCAaDFm04DLIdboB2AwB5pJFxllGCqBCo5A2 + N1oLmO97MQVCGUOyhITccUoqxD9TqxLZBu/9DQAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6U + hRZWKIOg2E5jGkvGP+qOLv9730mK6npxN8oo+RDIByeS755Ouqd3F85jdcM7DUQX2OtbWcURoOtV + zOmAWczYFSjysCIgoWVBV1kJX4o8le9YIicKZhgtiAHBvncxPyFgMJ6UlpIRFlvX7Bct0cqYRFcV + ONoW41YDIEo0Hq8d7HhBazYrVDH4ySkI5I1iBAQaYbGFSAaLCgHaibSx5sbqL5GMuEwQMlq9Pi91 + XTuiZkUmswJZGD842SqTJxpO5rA5177nrIRuWlQ4U/P+9+vp1cy+urChE2SyGieZoKNM2dBnUZrw + Y6t//BsHZV2KjziGf0oWr0uyeMPtAPFZicr6TkokkmztqUGHDbdzoEsIuEYIyL2Qsmf3xC7p6hrp + ioixcEXpukNBt4m5qNKU0Y3S+xv9UgxJH4r8jdcP6YRzZA8p0G/RWbBkw0HkLSZDN1hgAePxqef7 + I7rtzCR4eGVaTBs8jSL4wBXUe8Zg6xrkkzlkZPTV6lGlgIO7Tk6T7KMrmMDzvWHsufHAj05H4SAM + xl44CaLIZaOlF0/OozNp5WgwPfK/4qPes1PGNW3atvqpcKrCrhER23eIj52sWqyTkEJmZ4wVFDG8 + L68HiDk8fp7ZIyfjhL9die4/4nYpu/+I26XwviMGJ0WqgNSCral9ZrqzQ/lEZK3KPMVrNxBumP6l + ygVK9hswTrh6TjxqyGDUZDL50f0prfVyzbgHKnj/TT9QwXsgPlBBJxUYQQGItyrjHqmXq59d2BUl + 0y3qtkzp6gi5XR0h13SE2gNGqcX8PskFV5JHF5yV/i9Cff0npCJVFh63j5rs3kBwjb9RPmztnvRS + 9nAZF9WaDDd8y/I+L6elwnEvyv/X/1PGjFH4QiX0Q8juiGk5ilz2HMilAfISrf8Crn5Bhmez2TwB + AAD//wMA9Z/gXvoaAAA= headers: - ATL-TraceId: - - 902bbd995b18d1a8 - Connection: - - keep-alive + Atl-Traceid: + - cb1d89927c7226da + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e5b2c17b-764d-4aa1-8c54-e47c4b3f769f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '468' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f878ead5-b746-481a-a27e-096255cdb03e - x-envoy-upstream-service-time: - - '157' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2384,174 +1920,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmm2W3EQPKrIK7Z5EJGkmWEmT0qbCsux/N8HFj9vwzvPM - y5yIVgseZkckeY9xWuRmY9BiH034CFRFp5ZlUJ56jKQgnzgvQ/AJrgAqChTKdn/93N49db/b/Trq - NBH5kqECCngtiMHJheOIPnbHCdOBGxdWkyS9Ds58K0RmYSsu4a2KGWTAqhJ4yURXcQmVrDkFgCtg - AMlfcE693TD+Y3ddxRIoOaMC+A/bj/fehgQKthPN1mrV11grbKC3jWi00UqA7QEU50JorP8URJcb - HoZZkfyOVauLj6FXOT4Rd5kI+rdDS87nLwAAAP//AwAeyX5dWgEAAA== + H4sIAAAAAAAAA1SPS2vDMBCE/8teaytr+SFXt9Ic2lLSgp1TCUW2JOIiS8aSCyHkv1emoY/bMPvN + DHuGTni1nw1wOIYweb7ZSKVVH6T7cEQEI7wfhCVWBUjgU81+cDbCGWJGkGDa7O5em4eX9ve6W8Yu + KuBvK5RggocEpJqMO43KhvY0qVhwb9wiY6hbBiO/I8BjgGJ5NbcirCBFSlOs04y1WHNknJYEEW8i + iTHv1Rx322H8x962iJxiLCRFWfyw/fhotYtgVWRM51rrnNWUVpjXiEUpaJX1AmXVM1YozKu/A8Gs + C0/DLGB9R4vFhGfXi9U+g7kqUPZ938Dl8gUAAP//AwD3g3D9WgEAAA== headers: - ATL-TraceId: - - 25c3c1762e2d97e7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:42 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - b79b4c05c252aac2 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9301169e-de36-4e75-9b4f-f8b48727cd27 - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 4c4e3f0a248eff6c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:42 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6b15e769-3ca4-4e14-9ea9-5f4e759c2782 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '116' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - be0eb55d-88f4-42b0-a566-328299e168d1 - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2561,90 +1990,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11784 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1m681C4ggohjRxt2xpmtlOAzQrDFo6S2wkUiCpyF7b/74j - JcVpWmdtmgCJeCTv5bnnjvfRgXVFeerEjgSegoT0FYMiVQNOS1ADleRQ0oGoQFLNBFcDSJkuQdNB - klOeQSGywS1IhXuQTqGSoIDr9qwzcJjRHAT++BAXCooVLnOtKxV7XgorSHQqPgiX6oIqxSh3OWgP - dWiPVswLPaZUDV6v4AY2eP98PpnNh4e+j5KVddaJPzoKjdYqoRoyITetcymu8ELoh8HQj4bheB6E - 8SiKw5EbHUa/+qHVYW3oTQVWzRN9NPe9wPf98C7qbpGCSiSrDCIoPSKqpEUxIClTmvFEk4pBAkSs - SCPkjWtuJ4JfyuJ7vFCQ1BK8WwYNvaWayt8U+xdelJikunzWik7TF4E/Csbdco6OvtiGPHBMotHW - nKobk6N6qc1XvKKFgoHT63Biq+TzwNEMiVFhkp2Y1xiJU0nxAd17InrdbYudzUaPnVncS/jW00vO - tEYFhl/dbRPUX/asEivdUGkCU6ysCoYMSR9Eg+BaykTjdTT+Hnc7mDtjHdIVM8Diz32cI/8ALYfR - OoyerNim0LLkmer+P2Ir2F8H+z9na90b6z4esTYK16Pw56x15FT9x05rnz+b+l6/bbsLZuz6PWYw - yyRkWNdf0RA5JYq6LbNWktRKi9K2iAVaCA92bYy/1tG2jlZqCtO2PyceBl2/MAyWLGnNffxKZviF - 7qtc1EV6wlRV0E3HQhQjUPot1qxhZmeCauy0bSP78Rpqu+RdX/RabdIUiP08FrXByfp+ZQSMZ06s - ZW2cSSRgrKbqvtUng+ig75MPUfN3wRns2gi3LYMJyfTmifH2173ox9olK2kGyjM3VK+EoaAQjatu - s22LORNN34oix2D0IJBRH0hBl2CaiaHmg0OmKr8JQ7CLh8HY4JFTNalYcsb4jX2KT6AyLzNPegJZ - WjV2707CBZ/gw0yXBUyBqpaUsvtyLs4ufz89X5ydHk/OZ5PFZDp9M8X4sIAUAoIH5jmQC+yaXBNj - lzBFBC82BCuSFUYp0YL8ySQlFxJKrFpSK+SXa2v0YRSHqND/xHw/Skex0z4YmDsEf1tSX5QxpiFj - nBYPD3VzRQevJXmB3vWdAPOacbg7XVemZr/J45HvhuNRz+N2Ungi9drLd6/Vl4/7j7FxS7eXNLnB - QaqnXK+8tXXcjTQ/5XA/F3n9eBL2jysHQ/VEFEKet94sixqGmcSGtR0OBDkRbbJFWeGox3WXhcfy - 9yU4//Dt796c6QL2YnL9jlZBTI6FuGFArpjGhqnJzD4e5FVBs08mVgy1EAktcqF0PPbHvrdiPMUm - 5mFaD99bjScWC3TzgyCGJfEe+f+r5Ln5+4tVMAPkGzYVvIjlb0XHVxNcXeO/4X4QWVcM7EkDbsm0 - BFfIzEPWUZMJhmOJYauHR91cl4X1q9Xz1ui55DdcNL3sQoq0xrlnwjOswRIR9eYIoLFnw0dPyB+i - GWqxA4KqUxC+Jx65DpQmf9dUapBkq3LHVdjaDOztd0cXZJZQvuO8mba8/cOoRfqlpDzJvTnN0Nlz - JEMrrVmRnp7cFx2LEmEi2NDye2ID9UZpKBXGnlaCIZf2Yiu3GTMIl5RxxTS4SLc4ika79nbJMSkq - Xwoq0z4Hd7k42ZLSWD0iScs99JIsAThRoEnTEVFjX2wnGbJCMg5Ik7MkJyVQrnCTtic6DYgfaiA0 - SbCvQkpuGSU1lkoiNxU2JjzGObTTgWtcmSJjseUmEPdMbZrGFQ1VlSUW8hTWbpVXlhhI2cVKyEVr - TC2oxlljWWNqFs/fXB3NLoaz10N8miyZL6dnrdLHgHkNGGQa/wcAAP//7FnbattAEP0VYQgkIZIl - 2fIlUFLTuqUPLSEuLYS8rKVNLGpd0MVpcP3vPbO72tiy5Za0BD8YjJG9uzPj2ZkzZ8bGx/HXuxjo - j1RH9FwaSbrw7+LxIqSiA+MmvDBlglZr/6ggiMKgSYFc26OgWSztWIR4z6WPmlRs7xOB8Rnp+yAa - V4qL7zMeEyAYTF9vgr4WdiAgyJhwwY0wxo1E4oyRZFQ1GVZzKloomD94fEHxERtIAskEDTZ/ZE8U - aEbKRJCUOS7WQOSsxQl615jPLeRxTpGn42wtEkkXBSr0K/vyykCSl5eI0p12isg7/xSlzC/od35J - jFB8MIAn5C7h/fNJwdOcin7GJc5wuVlltg5dkbkKH+G00eSd6XSUQ294mhAeEaSdMlxsfGacnv3C - Zc6L5BJYss0pnSZO6XSbFrxqgSpRkaGSCnJL7Lu21dZb6wuaqQkPC166e2MTc7N1B7FBbOoFsX5q - qE8VBfNnBMiyquZlFDEq+a0/1UfyIRH4JHshPyAidwXMohYBrZd3z7qdwJkOurY3hY39/tBx3R7R - Eb0JGvZs43TBoyCADnCE1rMNpmoG32qII6F7O3IZ8RbIiNgmAEY+tj3HdbrcsXnHDYY9v+N7fccf - eEFgs969wwdXwRsh5aQzOnE/4CXPmRGLVe0zTflVbpW5+QiPmK5FwW6l5XQe+uQyM2UsJ4/hvKjv - YNt4fH9t9qw0Jvvrrf7hW1wfGBy+xfWhw6FbDOgJZMuvGPU6N71W0zLKJwJn2YdL+LoFvmL7uMyS - lLdvAUX+7DnxaMiFVZ3JpEeN6xQZzxTiHqHg9S/9CAWvYfERChqhQDMPmPggM25J83H1bENuUrA5 - nnZQI/Cu1nLV2l5omuXZepZXX9CzsfqCpnA8XoRZEku6o0YFpfqzRn78q5+A7lJIWFaPCgVfgHxr - fzO1K7kXrYj9vOF5OSfBa7rFYCYrRoW0Y5EU/21wK2VpmVCFtvRbIsZa1fCYptE0LCKN2o5NY90N - a9UB4Z3VavUbAAD//wMAwj/nt/MbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRzXAHDkMXuli3IssRpgaZFQFNniTFFaiQV20vz33fU + i90mcbdkWBHAkch7v+ce3Z0Hq5LK1Es8DTIFDelrDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8WtME7SM+h1GBA2laWVcaqYu4MXkdhGIV9DX9WYOx0XcKZpsxyBp7vcec/ig5GA3wxIOb4 + mltbmiQIUpgDs6m6UX1qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BBaxR/3Q6uZj2osFgiEd1CMZL7jyD + sVWGUQuZ0usmhxTfUCMO47gXjnrRq2kYJtGr5PuD/nAUfhfGYeiCdE4sBl6beWGQTj/AUoTxJu32 + JQXDNC9d4fD0kJiCCuGTlBvLJbOk5MCAqDlZKr3oO22m5KUWz4yikty1i4prekst1cEth2VQh7UN + sL2Kwv1o9KPhf8EPBba9KtCrgwW6nFKzcL2qZtY9JXMqDPheo3iMedW6vpdzBI5m+foEbgFjDe99 + z3JEVoko8RJZYY7eA5jsh91FqdUNZvTCgrfadbnrBnbldi+fgGSb1aXk1qIB4218O6T+VssaNbdL + qh1eDS9KwTHg9EHm2I8aZYPRajB6Zrhf6EyXyaYvg/AAw4gHq3jw/3ppul9jER1Gw1U0/BoOV53H + /Xi1H38Njy3A7+8fwzHahdO4u5jz1ZuGA7H7Vx8QDVmmIUNaeYR1jFOJqpnyJ63GB7suRrsuXj02 + 3lBac+oIo2ZvL+lFvodVs2+wIg68rQC1SPMNPT5/zBry3dJt0JjTbojqxyNVufwjR6Fv3QGXmZdY + XcF9y6rOmuasqcrdozMXGYqaXFUiHXNTCrpuB8+1SwMm62b7KQKPR/sdgT8s24ZmHl7sani8aXip + udLcrl9Ysk49cJ+rZ/A4L2gGJnAapjPC8UCoZd/cZlsiO1HLjvAG3mNIx/tdIoLOwFGWA+3Dr/Vw + RxmiXQiNRq4eOTWTkrMTLhev3c0YSrdZSNb1rO7ksr7bnEglJ7hY0JmAc6CmwYFun7yzk8ufj0+v + T46PJqcXk+vJ+fnv55gfjpbBgqDANAdyhtwsLXF+CTdESbEmOOdcOKPEKvIr15ScaShw0EllEKH9 + p+Y9wnHywo88DEc3OvGa7xX2Dou/nanPBhzbkHFJxUOhdi9qy1ujWmB0HUdgXzMJG+mqdEP7L3Dc + rDAvhF6jvPkmfr51PA+NW7j9RNkCF8EOcp3xxtdRu2v9p4C7hS3o9qa4+4RLcFBnSih92kQzExX0 + Mo0csV1XFBmrptmqKHFVlbbtwpf693lx3svt396UWwF7Cbl6R8soIUdKLTiQt9wiR1lyAazSQF4L + mn10uWKqQjEqcmVsMgpHYTDnMkUaDOLh4ENtcFyXAqO8UcSBJNkj/6hJvsGfb2v1C1yvHKOgGs5+ + G+S4AjLGfPBwDKxPoqFPHLY2WRy9neDdFf7rDaNBHaprC1tCv+BWQ1/pLEBUUtcpjsuRQ3OAov3c + FqIOvLHzxtm5lAuplp9W6UyrtMLP7URmOKcFVj2YYpGdz7pEGDD5RS17Vu0oU9kaiD+QgFxFxpI/ + KqotaLI1uUMVtj6jWvvd4Rm5YFTukHd7n9t4N1l9ksfF2lgoDOaRloojdvaS+rxukatYQbk03EIf + 4YUFM/lMUZ3uknhkf7wFmrN8SFiDJ6RSMgOQxIAlyxZcFrnONACbI8B8ssw5y0kBVBq8pI1EawHz + fS9nQChjSJaQkltOSYX4Z3pdItug3N8AAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8pKCyuU + QVBspQmNJeOXuqPLf+9zkqI6XtKNMko+BPLBsaTTcyfd3XNnIbjOsl4D0QXO+k5VcQToZs4FXTCH + WbkSRR40AhJSC4TLWYiZzFO1xpE5hWCG0YIiIKLvPRcnBAzCF6WjU7nDljX7RSo6GVPoqgJX22HC + aQBEiSb40sOJF6Sz1VDb4KcgI9BuZCMgMAiLNUQSWFQw0FakDZ0b2l/BGZFMYDLS3tyXuq49WbMi + U14BL+SPXjbP1I3GJhPInJi9J6wEd5lWuFOT7veb8fWle33hIu8qZ7WbZJKuMnlDlyXpQhw73ePf + uCjLUn7ENfyTsgS7KEvQ3zUQrQco0JUoue8V+yI+1Zrq26ntgV1EwLdEQJ2F4kPbJ1rqupE32/EW + VmPxnFx2KyHxLc8tqjRllFE6fwu/ZEPihzJ/Y/ohnnAO7yEO+y05i2as30uC6ajvR1NgGg5PgzAc + ULazk7DDK9M4HfA4SbAHUlDnBYNripNP9pKR0FfLSu0CHnKdmqaijyltoiAM+jzweS9MTgdxL46G + QTyKksRng1nAR+fJmZJy1BsfhV/x0+vclAkTNl1Xvyq8qnBrWMQNPYrHXlZNl4uYTOZmjBVkMaxX + 6QFkDo+fL92BlwnC3y5R9x9xu8bdf8TtGnnfESP0JLqIM4StyX0uTcuH/ImCtS4Udfi6BXHD9C9V + LlHL3yLixPMXx6NODUatJ9M+pj9luF5uIu4hFLz/oR9CwXsgPoSCnaHAMg9AvNMe90RNXvPsQ64s + mWlRt5nHro6QbztC7QHbYWkPWKbGxcMil0LTHVNwVuZbhP77L0gfZPn/OndamBWKnVCB/JCqK2Hb + bTLVkJ/Wjya6vhmA+m7zYS33pJOyxyteVEsS3FBW9RPyclxqxamrST0HUt2+31wcbqw2CxTa1Wr1 + DAAA//8DAPY0/h/6GgAA headers: - ATL-TraceId: - - 8560c65d2b467149 - Connection: - - keep-alive + Atl-Traceid: + - 8790c69bba632214 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:43 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5d25e117-42a6-4070-b35a-24b90c8e80cc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '278' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cbbd859c-83df-414b-8416-84064df6b161 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml index 5c2a92e5658..696a5c2189c 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG32Wutt1Jmm2W3EQPKrIK7Z5EJGmmWEmb0qbCsuy7m+DC6m345/vm - Z05g9EKH2YGCzxCmRW02ljpqg/VfvtDB6WXp9ViMFCCDb5qX3o8RZoiswALzen/7Wj+8NNftfh1M - nEC9JSjDDN8zsDQ5fxxoDM1xonjgzvnVRsmsvbO/CqgkbOUlvNchgRw5y1HkXDZMKGSqFAUi3iBH - jP5Cc+xt+uEfu2sYj6ASkRVXth0ex85HUPKdrLad0W1JpaYK266SlbFGS+xaRC2ElIbKPwXBpYan - ftaQ3un06sKzb3WKT+AuE9D4cajhfP4BAAD//wMA8V43i1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEqGklLCi/KH7YaH0foE8pIKW1hrC1EzxrGoEctKMU47hZp3QpQGC/63ILq1 + 4bGfFazvWLW4+OQ7tcYncJcJzPi238H5/AUAAP//AwDFW7FpWgEAAA== headers: - ATL-TraceId: - - 69202c824126f741 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - ed83c6dfa8946e7b + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f4ea5d87-0f03-447d-8c23-11d48323b7af - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 3487c1aab5c76b34 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 85397224-4522-4f79-b74c-13a1b36ec8d3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f6f7551a-6b18-4705-8a00-5d1499bd9ea8 - x-envoy-upstream-service-time: - - '65' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 0e484d442c26ffcd - Connection: - - keep-alive + Atl-Traceid: + - a4b76932b2c8a1a6 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cf89ac31-851c-4522-b213-cb8c9ae9614e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ee545df0-6b03-4d39-b1fa-5a9d8e516941 - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2841]\n\n*Defect Dojo link:* http://localhost:8080/finding/2841 - (2841)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/695]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/266]\n\n*Defect Dojo link:* http://localhost:8080/finding/266 + (266)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11091","key":"NTEST-902","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11091"}' + string: '{"id":"11786","key":"NTEST-1448","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11786"}' headers: - ATL-TraceId: - - b18269b09bda5fbb - Connection: - - keep-alive + Atl-Traceid: + - ed6a2edaf286537c + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:44 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:12 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5f4598be-6acb-4767-ac7d-26c080968325 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '634' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 78bdc1e3-35dc-485d-892a-0a1d6a7f147a - x-envoy-upstream-service-time: - - '520' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-902 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1448 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa1PbOBT9Kxp/6HTZJH6Q0uCZzg4NaZddStkklJnSTkaxbxwRW/JIch5L+9/3 - SrIJhYZtKcyAdaX7PvdINx6sS8pTL/Yk8BQkpG8Y5KlqcVqAaqlkDgVtiRIk1Uxw1YKU6QI0bSVz - yjPIRdZaglS4B+kQSgkKuHZnvZbHjOUwDA5DXCjIZ7ica12q2PdTmEGiU3EtOlTnVClGeYeD9tGG - 9mnJ/MhnSlXgNwYWsEH9s/FgNG4fBhFKZjZYL77xFDqtVEI1ZEJuXHAprlAhCqKwHXTbUW8cRvF+ - N+52O4cHwe9BFAQmRuNDb0qwZp4Yo9H3wyCwUbms60UKKpGsNBVB6RFRBc3zFkmZ0ownmpQMEiBi - RlZCLjpGOxH8QuY/EoWCpJLgLxms6JJqKv9Q7F94VWCTquKZE52kr8JgP+zVyzEG+mqbcsszjUZf - Y6oWpkfVVJuveEZzBS2vseHF1sjXlqcZAqPEJnsxrzATr5TiGsN7YvVqbVs7242mdmZxp+HbSC84 - 0xoNGHzV2iapv+1ZJWZ6RaVJTLGizBkiJL2XDRbXQqbbW3d7PxJuXebaWV3pkpnC4s/dOneDl+g5 - 6q6j7pMN2xZalDxT9f9HfIUH6/Dg13ytG2f1xyPe9qP1fvRr3mpwquZjp7evX818rz84dsGOXX3G - DmaZhAzn+gEMEVMir9yYOUlSKS0KSxET9BC93LXRe2jDUYeTmsG09OfF7bDmC4NgyRLn7uaBzOAL - w1dzUeXpMVNlTjc1ClGMhdIfcGYNMmsXVCPTOiL7+RlyLHnLi76zJs2A2M++qEydbOyXRsB45sVa - ViaYRALmaqbuezz54jBqePJ+1YJd5Qx3bUS7Nva3XMKEZHrzxEI06n7353iUFTQD5RsN1RhhKMjF - qqOW2ZZ7TsWq4aiuZzs5BUMmBpr3kjJT+d1sw104DHsm7TlVg5Ilp4wv7FV8DKW5mXnSAMjCamX3 - biVc8AFezHSawxCocqCU9Zd3fnrx9uRscnrSH5yNBpPBcPh+iGngACnMGw+M50DOkTW5JsYvYYoI - nm8ITiTLjVGiBfmLSUrOJRQ4taRSiK+OndH7WRyiweALC4Jueh177sLAFmGNtyP1zRhjtTPGaX7/ - UP2uqMtrQZ5jdA0TYPsyDrenq9LM7A/g2L0Unogwp3x7W317uf8c6Laoek2TBT6kGmQ1xp2vfv2k - +aWAm3eR3zxPouZy5WAQnYhcyDMXzTSvoJ1JJKzt40CQY+GaLYoSn3pc1114rH/fFucT3/7ujZnO - YS8mVx9pGcakL8SCAblkGglTk5G9PMibnGZfTK6Yai4Sms+F0nEv6AX+jPEUScyPet3ws7V4bGuB - YV4LYlAS75H/VyXPzd/frIERIN6QO1ARp9yK+pcDXF3wBRerbez9Dw+ke+dSpBW+YgY8w4kqsD7+ - GMuB565sMmiX/ClWbS12JFTWBqLPxCdXodLkn4pKDZJsTe5Qha3P0Gp/PDono4TyHefN28k/OHzh - 6vZaUp7M/THNMNgzbK2TVixPT47vivqiKJgmSE/zO2JTuI3SUCjMPS0FQ2TsxVZu629gWlDGFdPQ - QfDgLO7v2tsl91P0ORVUpk0PbntxvIWY8XpEEockjJJMAThRoMmqhpVGlnPvEjJDaLXIas6SOSmA - coWb1J2oLWD90AKhSYIsCSlZMkoqBH4iNyXSDB7jHNxd3zGhDBF/SKAJxA3uVqtVR6yoKjtCZj6i - Dtadcl5aYCAAJzMhJ86ZmlCNL4dpha2ZPH9/eTQ6b4/etfFitNC8GJ46o48V5h1gkmlM3g7Gnzhy - OQ4uoicmolwmn/hgycwVgsGNQLfduNV7/wEAAP//7Flta9swEP4rJlBoS+3YTuwkg9GFvcA+bJQV - Nug3xVYbM79h2elGlv++5yRZTd04G90o+RAoRYmku5N099xzl39VEGdJ3KdAze1R0C+WVqwS/Bfq - jvpUPF0nHeMTEvidLEPJL74teU7hbTHzvAWqVNgBhyBjkhW3khwvksk9VlFRDmSYFZSCkP6+8/yC - /CO3EASK11ksvWc/ydGskkknaQQe1oLnbPkJKtGcpw7iWJDnGT/b8kTSRY4K/do+0RpI8kQDL91p - p/S8849ZyaKazvm5sBL5wQKe0HXJ2z+/rnkpKIVXXOEMV4t1ZBvXlZEL0LNDb4xLm1+/tb2RvlDU - 9gXhEUHaKcPD5mfW6dkvPGZaF6+AJU8ZotfHEL1xO0Hpo66Q/iQjJcrcXRr0yHB7JwzvkjcsyeTu - hX08zDX1QHdiZvhLXbNoSZi7oyzp5kHRZBmjBD74U7ajOyQ6XlTPzPZEyy6BWUT4UUgFt2w8ir3F - dOwGCxxgMpl5vh8SuTCLoGHPMk4PPI9j6EDGHzzYYOvS7o2BOBK6t75WHu+AWshlEmDUcBh4vjfm - nstHfjwLo1EUTLxoGsSxy8Jbj08v49dSyslofuJ/wJ/aZ2cs17nPttVXwmmEfY8bsX2HnN0pm0Wa - RHRldsmYoBvDfkRWnYA7Y/juyg6dMif7u4X74VvcLf8P3+JuC+HQLQYmxaqA1/x4m2le6d4XxROB - s6qqFa7dAF+x/H1TFSUf3gCKouVD4FHLCrMmkkmPbr5pal1pxD1Cwcs/+hEKXsLiIxT0QkGXeYBK - DdYb2tMyDdh+p0JxTW1wPXahsKhZitEOKX2dObevM+eazlx3wlA4nq+SqsgVF9KFf6N/elEf/8bS - VVH/t/ankmVkQhHKwa+FbA61LVi4lrJ43Q416j5bv/yRatjKvRhk7McXLpqUBG+dVbZ1qnpeq3NT - b5laP3Ry8/3jzf6j3XqDtHaz2fwGAAD//wMA0gY62sEbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRwXAHDkMXu1i7IssRpgKZBQFNniTVFaiQV22v733fU + i906cbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+g1GBA2vYuq4xVxdwZvIvCMAr7Gv6swNjpuoRzTZnlDDzf485/FB2NhvhiQMzx + Nbe2NEkQpDAHZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGFrBG/bPp5HLaiwaDER7VIRgv+eAZ + jK0yjFrIlF43OaT4hhpxGMe9cNSLXkzDMInDJIr7wyj6IYzD0AXpnFgMvDbzzCCdfoClCONN2u1L + CoZpXrrC4ekxMQUVwicpN5ZLZknJgQFRc7JUetF32kzJKy2eGEUluWsXFXf0nlqqg3sOy6AOaxtg + K4rCw2j0k+F/wY8Ftr0q0KuDBbqcUrNwvapm1j0lcyoM+F6j+ArzqnV9L+cIHM3y9SncA8YafvI9 + yxFZJaLES2SFOXo7MDkMO0Gp1XvM6JkFb7XrctcN7MrtXj4DyTarK8mtRQPG2/h2SP2tvmvU3C6p + dng1vCgFx4DTncyxHzXKBqMV4u5p4X6lM10mm74MwiMMIx6s4sH/66Xpfo1FdBgNV9HwWzhcdR4P + 49Vh/C08tgD/9OkhHKN9OI07wZyv3jQciN2/uUU0ZJmGDGnlAdYxTiWqZsoftRof7ROM9glePDTe + UFpz6gijZm8v6UX4Si2SekOGTx+qhmq35Bo05rQbmfrxRFUu28gR5rU74DLzEqsrwNKiUfsGu+EG + pwmutufsa86aqnx4cOZiRWWTq0qkY25KQdft4Ll2acBk3Ww/RuBxNOoIfLdsG5rZFexreLxpeKm5 + 0tyun1nETj0YPI3HeUEzMIHTMJ0RjgdCLfvmPtsS2aladoQ38B5COj7sEhF0Bo6yHGh3v9bDPWWI + 9iE0Grl65NRMSs5OuVy8dJIxlG6zkKzrWd3JZS3bnEglJ7hY0JmAC6CmwYFun7zz06tfXp3dnb46 + mZxdTu4mFxe/X2B+OFoGC4IXpjmQc+RmaYnzS7ghSoo1wTnnwhklVpHXXFNyrqHAQSeVQcz2H5v3 + CMfJCz/yMBwtjhJvZ5ix5BmXVGAzsRvbIXOy3bN2L2rLW6NaYHQdR2BfMwmb21XphvZf4LhZYZ4J + vUZ58038cut4Ghq3cPuZsgUugh3kOuONr5N21/pPAXcLW9DtTXH3CZfgoM6UUPqsiWYmKuhlGjli + u64oMlZNs1VR4qoqbduFr/X0y+K8k9u/gym3Ag4ScvOWllFCTpRacCDX3CJHWXIJrNJAXgqafXS5 + YqpCMSpyZWwyCkdhMOcyRWIM4uHwtjY4rkuBUb5XxIEkOSD/qEm+w5/va/VLXK8co6Aazn4b5LgC + MsZ88HAMrE+ioU8ctjZZnFxPUHaD/3rDaFCH6trCltAvuNXQVzoLEJXUdYrjcuTQHODVfm4LUQfe + 2Hnj7FzJhVTLz6t0rlVa4ed2IjOc0wKrHkyxyM5nXSIMmPyqlj2r9pSpbA3EtyQgN5Gx5I+Kagua + bE3uUYWtz6jWfnt8Ti4ZlXvuu73PLQSbrD7L43JtLBQG80hLxRE7B0l9XrfIVaygXBpuoY/wwoKZ + fKaoTvfdeGB/vAWas3xMWIMnpFIyA5DEgCXLFlwWuc40AJsjwHyyzDnLSQFUGhTS5kZrAfN9J2dA + KGNIlpCSe05Jhfhnel0i2+C9vwEAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+lIUWViiDoNhO + YxpLxj/qji7/e99Jiup4dTfKKPkQyAcnkk9PJ927dxfOY5VlnQaiC5z1raziCND1KuZ0wSxm7AoU + edgRkNC2ILishC9Fnsp3LJETBTOMFsSAYN+7mJ8QMBhPSkulcouta/aLtmhlTKKrClxti3GrARAl + Go/XDk68oD2bHSof/OTkBFqNfAQEGmGxhUgGiwoOehFpY8+N3V8iGJFM4DLavb4vdV07omZFJqMC + URg/ONkqkzcai8xhc67XnrMS2mVR4U7N+9+vp1cz++rCRt6VwWoWyQRdZYqGPovShB9b/ePfuCjr + UnzENfxTsnhdksUbNvNQicr6Tsoukk3tqUGHDbdzoEsIuEYIyLOQeujliUa67uTSNt+23zK6Fu5k + 4YpiWZF2UaUpo4zS+xv9kg9JH4r8jemHdMI5oodU7bfoLFiy4SDyFpOhGyyAcTw+9Xx/RNnOTMIK + r0yL6YCnUYQ1kIJ6zxhsXZx8MpeMjL5aVqoQcJDr5DTJPrq0CTzfG8aeGw/86HQUDsJg7IWTIIpc + Nlp68eQ8OpNWjgbTI/8rPuo9O2Vc06Ztq58KpyrsGh6xfYf42MmqxToJyWV2xlhBHsP7Mj1AzOHx + 88weORkn/O0Sdf8Rt2vc/UfcrpH3HTE4KVJFnBZsTe0z0y0fiicia1U6Kl67gXDD9C9VLlDL34Bx + wtVz4FGnBqMmkmkd3Z/SWi/XjHuggvc/9AMVvAfiAxV0UoFRHoB4qyLukZq8+tmFXVEy3aJuK5Gu + jpBrOkLtAdNhaQ8YpRbz+yQXXKkaXXBW+r8I9fWfkIpUWXjcPmqyewPBNf5G+bC1e9JL2cNlXFRr + MtxYW5b3eTktFY57Uf6/nqIyZoxiLVRCP4TsjmzbftTVpJ4DLWmA7KL1d+DqF6R7NpvNEwAAAP// + AwAX9ycG+hoAAA== headers: - ATL-TraceId: - - 3948bcc6099454ee - Connection: - - keep-alive + Atl-Traceid: + - e57046f2fe14a3fe + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:45 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:12 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9bc180ec-6cca-4777-80a9-5a88dde3be18 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '251' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ee72197b-0f39-4bd7-a904-5b7fb6e1d484 - x-envoy-upstream-service-time: - - '138' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11091 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11786 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbU8bORD+K9Z+qHpckn0hpWGl6kRD2uOOUi4JRSqtImd3sjHZtVe2Ny9H+99v - bO8SCg3XUpBgPfa8PfPM2DcerEvKUy/2JPAUJKRvGOSpanFagGqpZA4FbYkSJNVMcNWClOkCNG0l - c8ozyEXWWoJUuAfpEEoJCrh2Z72Wx4zlMAwOQ1woyGe4nGtdqtj3U5hBolNxLTpU51QpRnmHg/bR - hvZpyfzIZ0pV4DcGFrBB/bPxYDRuHwYRSmY2WC++8RQ6rVRCNWRCblxwKa5QIQqisB1021FvHEbx - fjfudjuHB8HvQRQEJkbjQ29KsGaeGKPR98MgsFG5rOtFCiqRrDSIoPSIqILmeYukTGnGE01KBgkQ - MSMrIRcdo50IfiHzH4lCQVJJ8JcMVnRJNZV/KPYvvCqwSFXxzIlO0ldhsB/26uUYA321TbnlmUKj - rzFVC1OjaqrNVzyjuYKW19jwYmvka8vTDIlRYpG9mFeYiVdKcY3hPRG9WttiZ6vRYGcWdwq+jfSC - M63RgOFXrW2S+tueVWKmV1SaxBQrypwhQ9J72SC4ljLd3rrb+5Fwa5hrZzXSJTPA4s9dnLvBS/Qc - dddR98mGbQktS56p+v8jvsKDdXjwa77WjbP64xFv+9F6P/o1bzU5VfOx09vXr6a/1x/cdMGKXX3G - CmaZhAz7+gENkVMir1ybOUlSKS0KOyIm6CF6uWuj99CGGx1OahrTjj8vboe4pBqnohs6P893N9Fu - Z5jvrElDZvvZF5XJKTRz6dIIGM+8WMsKEA60qT9gsxtKu9isOWNessTlfvNAZkJFZTUXVZ4eM1Xm - dFO3BIoTCZir6brvzckXh1EzJ++jFuyCM9y1EW1HBhOS6c0TMWzU/e7PjUtW0AyUbzRUY4ShIBer - jlpm2xFzKlbNKOp6BqN7iew3ieR0CmaYGGreO2S68rswhLt4GPYMHnOqBiVLThlf2Kv4GEpzM/Ok - qZmt5Mru3Uq44AO8mOk0hyFQ5Xgg6y/v/PTi7cnZ5PSkPzgbDSaD4fD9EPPDBlIICB4Yz4Gc49Tk - mhi/hCkieL4h2JEsN0aJFuQvJik5l1Bg15JKIWc7tkfvZ3GIBoMvLAi66XXsuQsDa4fgb1vqmzbG - MmSM0/z+ofpdUcNrWZ1jdM0kwLpmHG5PV6Xp2R/gsXspPJF6Tvn2tvr2cv85Nm7p9pomC3xINZRr - jDtf/fpJ80sBN+8iv3meRM3lysFQPRG5kGcummleQTuTOCO2jwNBjoUrtihKfOpxXVfhsfp9C84n - vv3dGzOdw15Mrj7SMoxJX4gFA3LJNM4oTUb28iBvcpp9MbliqrlIaD4XSse9oBf4M8ZTHIx+1OuG - n63FY4sFhnktiGFJvEf+X5U8N39/swZGgHzDoYKK2P5W1L8c4OqCL7hYbWPvf3gg3TuXIq3wFTPg - GXZUgfj4Y4QDz13ZZNAu+VOs2lrsSKisDUSfiU+uQqXJPxWVGiTZmtyhClufodX+eHRORgnlO86b - t5N/cPjC4fZaUp7M/THNMNgzLK2TVixPT47vivqiKJgmOJ7md8QGuI3SUCjMPS0FQ2bsxVZu8Tc0 - LSjjimnoIHmwF/d37e2S+yn6nAoq06YGt7U43lLMeD0iiWMSRkmmAJwo0GRV00rjlHPvEjJDarXI - as6SOSmAcoWb1J2oLSB+aIHQJMEpCSlZMkoqJH4iNyWOGTzGObjrtWNCGSL/cIAmEDe8W61WHbGi - quwImfnIOlh3ynlpiYEEnMyEnDhnakI1XtbTCkszef7+8mh03h69a+NFY6l5MTx1Rh8D5h1gkmlM - 3g7GnzjOcmxcZE9MRLlMPvHBkpkrBIMbgW67dqv3/gMAAP//7Flta9swEP4rJlBoS+3YTpyXwejC - XmAfNsoKK/SbYquNmd+w7HQjy3/fc5KsJm6cjm6UfAiUolTS3fV099xzl39VEKVx1KVA7e1R0C2W - Tixj/BbKR10qnp6TgfEFlf1etqEUFzcLnlF6W8w8b44uFXYgIMiYeMmtOMOLpPKOlZdUAxl2BZUg - lL8fPLug+MgsJIGiUhZLHtgvCjSrYDJIaoGHtRA5G3GCTjTjiYM8FhR5Js42IpF0UaBCv7ZPNAaS - PFEjSnfaKSPv/HNasLCi//NrbsXygwU8IXdJ759fV7wQVMJLrnCGq8M6s03oyswF6Nkjbwinza7f - 295AOxS9fU54RJB2yvCw2Zl1evYbj5lU+RtgyVOG6HUxRG/YbFD5qEqUP8lyiaW2jwYdMtzOjS7e - 5RreJV0v6efug6Yf2KIp7fLWvjU1t6qKhQsCZFUjRZ2mjAp477lqRz4kOp6XL6z2RMsugVnURKCR - Cu7YcBB588nQDeawcTyeer4/InJhDkHDnmOcHngWRdCBit97tMHWrd07A3EkdG9/rSLeAbWQxyTA - qGU/8HxvyD2XD/xoOgoHYTD2wkkQRS4b3Xl8chm9lVJOBrMT/xN+1D07ZZmufbat/iScWtgP8Ijt - OxTsTlHPkzgkl9kFY4I8hvvIrCoGd8byw5U9coqM7G837odvcbv9P3yL2yOEQ7cYmBSpnlnz402m - eaVnX5RPBM6qU1e4dgt8xfGPdZkXvH8LxAkXj4lHIyvsmkwmPXr4pql1qRH3CAWv/+hHKHgNi49Q - 0AkFbXIBKtVbrelOQ0lg+71KxRWNwfXahcK8YglWO6R0TeZcM5lrb5hJV3vDUDieLeMyzxTd0Y1/ - rb96UR//ylJ0l1LCqllqFHwB8m18adRv5F70UvbzGxd1QoI3dMsxS1nNKmXHMq/+22hXyTIyoQpt - 6fdcDqma6SvNlmn0QxqNHdvG+lvW6gvSO+v1+g8AAAD//wMA8DZ7/MEbAAA= + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPWI4roBhyGJ3axdkWeIkQNMgoKlriTVFaiQV22v733ep + h9083C0ZVgRwxMd9n3t4P3qwKqlMvcTTIFPQkL7mIFLjS1qA8Q3LoaC+KkFTy5U0PqTcFmCpz3Iq + MxAq8+9AGzyD9AxKDQakbe+yylhVzJ3C2ygMo7Cv4c8KjJ2uSzjVlFnOwPM97uxH0cFoiAsDYo7L + 3NrSJEGQwhyYTdUH1adWUGM4lX0JNkBLNqAlD+KAG1NB0ClYwBrlT6aT82kvGgxGuFW7YLzko2fQ + t8owaiFTet3EkOIKJeIwjnvhqBe9moZhEodJFPeHUfRDGIehc9IZseh4reaFTjr5AFMRxpuw20UK + hmleusTh7iExBRXCJyk3lktmScmBAVFzslR60XfSTMkLLZ7pRSW5KxcVt/SOWqqDOw7LoHZr62B7 + FIX70egnw/+CHwsse1WgVQcLNDmlZuFqVc2s+0rmVBjwvUbwDcZVy/pezhE4muXrY7gD9DX87HuW + I7JKRImXyApj9B7AZD/sDkqtPmBEL0x4K12nuy5gl263+AIk26guJLcWFRhvY9sh9bf6rlFzu6Ta + 4dXwohQcHU4fRI71qFE2GK0Qd89z9yuV6SLZ1GUQHqAb8WAVD/5fK031ayyiwWi4iobfwuCqs7gf + r/bjb2GxBfjnz4/hGO3CadwdzPnqsuFArP71DaIhyzRkSCuPsI5+KlE1Xf6k1vhg18Fo18Grx8ob + Smt2HWHU7O0lvajlMZcuzVnjx8dHew7EmAmTq0qkY25KQdct1HEb824vMacO/q0JavGhaAj2+Y3a + 0PeWsINGnXZtWH8eqcplsHb+ym1wmXmJ1ZXzhmnAYF1vP0XgcTTqCPxh2jY08/BgV8HjTcFLzZXm + dv3CgDvxYPA8HucFzcAETsJ0SjhuCLXsm7tsS2THatkR3sB7DOl4vwtE0Bk4ynKgffhaD3ekIdqF + 0Gjk8pFTMyk5O+Zy8dqdjKF0k4VkHYJqXC3rs82OVHKCgwWdCTgDahpU6vbLOz2++OXNye3xm6PJ + yfnkdnJ29vsZxoetZTAheGGaAzlFbpaWOLuEG6KkWBPscy6cUmIVecs1JacaCmx0UhnEV/+pfo+w + nbzwEw/D0eIg8Zr3CmuHyd/21L0GxzJkXFLx8FI7F7XprVEu0LuOI7CumYTN7ap0TfsvcNyMMC+E + XiO8eRPvTx3PQ+MWbj9TtsBBsINcp7yxddTOWv/J4W5gC7q5Ke6ecAkO6kwJpU8ab2aigl6mkbG2 + 44oiY9UUWxUljqrStlX4Wv3uJ+e93P7tTbkVsJeQ63e0jBJypNSCA7niFhnTknNglQbyWtDsk4sV + QxWKUZErY5NROAqDOZcpklgQD4c3tcJxnQr08oMiDiTJHvlHSfId/nxfi5/jeOUYBcWw91snxxWQ + McaDm2NgfRINfeKwtYni6GqCZ9f4rzeMBrWrrixsCf2CWw19pbMAUUldpTgORw7NAV7t57YQteON + nkun50IupFp+maVTrdIKn9uJzLBPC8x6MMUkO5t1itBh8qta9qzakaayVRDfkIBcR8aSPyqqLWiy + VblDFLY2o1r63eEpOWdU7rjv5j43EGyi+iKO87WxUBiMIy0VR+zsJfV+XSKXsYJyabiFPsILE2by + maI63XXjkf7xFmhO8yFhDZ6QSskMQBIDlixbcFnkOtMAbI4A88ky5ywnBVBp8JA2N1oNGO97OQNC + GUOyhJTccUoqxD/T6xLZBu/9DQAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsrlEFQbKcJ + jSXjl7qjy3/vc5KsOl7djTJKPgTywYmk03Pne3nuwnmsar7TQHSBd30ruzgCdL2KOTmYxYxcgSYP + GgEJqQXCZa35UmSJPGOJjFIww2pOGRDZ9y7mJwQMwteFpYiFxTYV+0UqWimT6Mocrm0xbjUAokXj + 8cbBG89JZ6OhssFPTkag28hGQKAR5jVEEpiXMNCLSBs6N7S/RDCimMBkpL32l6qqHFGxPJVRgSiM + H5x0lUqPxiVzyJzru+esAJNalPCpef/79fRqZl9d2Ki7MljNJakgV6Zo6LMoWfNjq3/8G46yKcRH + uOGflMXroizesF6gfFags76TFIlIXHtr0CHD7VzoIgKuIQLyXUg+9PLGLurqGuq6U1DbiRjmZOGK + Ylkl7bxMEkYVpfe39Es2JH4osjeWH+IJ54geYqDforNgyYaDyFtMhm6wgALj8ann+yOqdmYTbnhl + W0wveBpFuAMlqPeMwdbNySfjZCT01bZShYCDWie3yeyjW5vA871h7LnxwI9OR+EgDMZeOAmiyGWj + pRdPzqMzKeVoMD3yv+KjztkJ4zpt2rb6KXfK3K5gEdt3KB87abnYrEMymZ0ylpPFcF6WB5A5PH6e + 2SMn5YS/3aLuP+J2j7v/iNs98r4jRk6KVEupCVuT+8z0yIfiiZK1avNUXrsBccP2L2Um0MvfIOOE + q+fAo0kNVk0k0z16PqW5XqYz7iEVvP9LP6SC90B8SAWdqcAQDEC8VRH3SENe/exCriiYHlG3aUrX + RMg1E6H2gpmwtBcMU4v5/ToTXLEa3XCW+r8I9fVfkN6L4v/N3ZQwIxQ3oQP5IeRUoh7+wYUU5Mf6 + UWfXNwOQ/9t8qOWe9BL2cBnn5YYEN5SV84SsmBZKcZpq0syBVDe/7x72d07rAxLtdrt9AgAA//8D + AIiCP+76GgAA headers: - ATL-TraceId: - - 5a8bcf8159bd383b - Connection: - - keep-alive + Atl-Traceid: + - aa74c7784f0385c2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:45 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cf3f5155-4e20-4a43-9d7c-e5d17cb5d45e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '258' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c28d7b1a-182f-45b4-a25f-94905e994eaf - x-envoy-upstream-service-time: - - '150' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG32WuttlJ2m2W3EQPKrIK7Z5EJEmnWEmT0qbCsuy7m+LC6m345/vm - Z05g9EyHyYGCzxjHWW02LXVkYxu+AtPR6XnutWeeImTwTdPcB59gjsgZMszr/e1r/fDSXLf7ZTBp - AvW2Qhlm+J5BS6MLx4F8bI4jpQN3LixtkszSu/ZXAbUKW3kJ73VcQYGC51jmQja8VMhVUTJEvEGB - mPyZptTb9MM/dtdwkUBVVgzllbXDo+9CAqXYyWrbGW0LKjRVaLtKVqY1WmJnEXVZSmmo+FMQ3drw - 1E8a1nc6vbj4HKxe4xO4ywTkPw41nM8/AAAA//8DABNlON9aAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAUtCTYlD9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwCwiUk6WgEAAA== headers: - ATL-TraceId: - - f8670d4409f07cd3 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - daa2bd995df0f42f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 46371d02-cb90-4c40-9d00-2cb2a280750c - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1d246a7ab2344e1f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d2c89726-b48c-436a-81ac-023c3d9d160f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '116' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ba0f1b9a-0769-4727-97fe-489e76e83e90 - x-envoy-upstream-service-time: - - '62' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - c6d7f95e0a7c99ed - Connection: - - keep-alive + Atl-Traceid: + - 2b60a7cbecf84389 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c8754c5e-0251-49e1-8230-5e61d1d1853c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '175' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f277eea1-dc74-4c00-b6db-afcb3c86d483 - x-envoy-upstream-service-time: - - '80' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2842]\n\n*Defect Dojo link:* http://localhost:8080/finding/2842 - (2842)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/695]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/267]\n\n*Defect Dojo link:* http://localhost:8080/finding/267 + (267)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11092","key":"NTEST-903","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11092"}' + string: '{"id":"11787","key":"NTEST-1449","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11787"}' headers: - ATL-TraceId: - - b486dd0c7cd13192 - Connection: - - keep-alive + Atl-Traceid: + - f3e273e6db15d222 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 619980c4-ef05-4b8b-a326-e161a06e4bf4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '650' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 32b6543d-5e9a-4d95-8598-abc14cf883f9 - x-envoy-upstream-service-time: - - '493' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-903 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1449 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw+7qSOgGFLH7bKlaWY7DdC0MGjpWmYtkQJJ+bG2/32X - pBSnSZ21aQIk0hV5H+eee8jPHmxKylMv9iTwFCSkrxjkqWpxWoBqqWQBBW2JEiTVTHDVgpTpAjRt - JQvKM8hF1lqBVPgN0hGUEhRw7dZ6LY8Zz2EYHEX4oiCf4+tC61LFvp/CHBKdik+iQ3VOlWKUdzho - H31on5bMj3ymVAV+42AJW9x/PhmOJ+2joIuWuU3Wiz97CoNWKqEaMiG3LrkU33BDFERhO+i1o/4k - jOJuL+4ddo6eBb8HURCYHE0MvS3Bunlkjma/HwZBYPJ0VdcvKahEstIggtZjogqa5y2SMqUZTzQp - GSRAxJyshVx2zO5E8EuZ/0gWCpJKgr9isKYrqqn8Q7F/4UWBTaqKJ850mr4Ig27Yr18nmOiLXckt - zzQaY02oWpoeVTNtnuI5zRW0vMaHF1snX1ueZkiMEpvsxbzCSrxSik+Y3iPRq3db7Gw3GuzMy62G - 7zK95ExrdGD4Ve82Rf1t1yox12sqTWGKFWXOkCHpnWoQXEuZXn/T6/9IujXMdbAa6ZIZYPHnNs69 - 4DlGjnqbqPdox7aFliVPVP3/gVjh4SY8/LVYmyZY/fBAtG606Ua/Fq0mp2oe9kb7+tXM9+adUxfs - 2PVH7GCWSchwru/REDkl8sqNmbMkldKisBIxxQjR830f+vd9OOlwVjOYVv68uB3WemEYLFniwn2+ - ZzP8wvTVQlR5esJUmdNtzUI0I1D6Hc6sYWYdgmpUWidkPz9DTiVvdNF33qQZEPs4EJXByeZ+ZQyM - Z16sZWWSSSRgrWbqvqeTh1HY6ORd1IJ9cIb7PkQ7yWBCMr19ZL3Ndr/3c3LJCpqB8s0O1ThhaMjF - uqNW2U5izsS6kaKeZzC6U0i3KSSnMzBiYqh5Z5GZyu/CEO7jYdg3eCyoGpYsOWN8aY/iEyjNycyT - hkCWVmv77cbCBR/iwUxnOYyAKkdKWT95F2eXr0/Pp2eng+H5eDgdjkZvR1gfDpBCQHDBZAHkAlWT - a2LiEqaI4PmW4ESy3DglWpC/mKTkQkKBU0sqhfzq2Bm9W8UROgy+sCDopTL23IGBvUPwdyP1zRhj - GzLGaX53UX2vqOG1JM8xu0YJsK8Zh5vVVWlm9gd47G4Kj6Se23xzWn17uP8cG3d0e0mTJV6kGso1 - zl2sQX2l+aWEm3uR31xPouZw5WConohcyHOXzSyvoJ1JFKzd5UCQE+GaLYoSr3pc1114qH/fgvOB - 734PJkzncBCT6/e0jGIyEGLJgFwxjYKpydgeHuRVTrMvplYsNRcJzRdC6bgf9AN/zniKIuZH/V70 - 0Xo8sVhgmp8EMSyJD8j/byVPzd/frIMxIN9QVHAjjr81Da6G+HbJl1ysd7kP3t2zHlxIkVZ4ixny - DCeqQHz8CcKB665tMeiX/CnWbS32FFTWDqKPxCfXodLkn4pKDZLsXO7ZCruYod39/viCjBPK96w3 - dyf/8OiZw+2lpDxZ+BOaYbLn2FpnrVienp7cNg1EUTBNUJ4Wt8wGuK3SUCisPS0FQ2YcxNZu8Tc0 - LSjjimnoIHniXq+779s+u59izJmgMm16cNOLkx3FTNRjkjgmYZZkBsCJAk3WNa00qpy7l5A5UqtF - 1guWLEgBlCv8SN2K2gPihx4ITRJUSUjJilFSIfETuS1RZnAZ5+DO+o5JZYT8QwFNIG54t16vO2JN - VdkRMvORdbDplIvSEgMJOJ0LOXXB1JRqvDnMKmzN9Onbq+PxRXv8po0HjaXm5ejMOX0ImDeARaYx - eT2cfOCo5Ti4yJ6YiHKVfODDFTNHCCY3Bt1241Z/+w8AAP//7Flta9swEP4rJlBoS+1YTuwkg9GF - vcA+bJQVNug3xVYbM7/hl3Qjy3/fc5KiJk6cjW6UfAiUokTS3Um6e+65y78qiNI46lKg5g4o6BZL - KxYx/lfqjrpU7K6TjvEJmf1BlqHkF9/mIqPwtrh53hxVKuyAQ5Ax8UJYcYYXSeUeKy8pB3LMVpSC - kP6+i+yK/COzEASK11k8eeQ/ydGsgksnaSo8rAXP2fATVKKZSBzEcUWeZ/xswxNJFzkq9Gv7qrWB - JK9q4KV77ZSed/kxLXhY0zk/51YsP1jAE7ouefuXt7UoKkrhpVA4I9RiHdnGdWXkAvTsgA1xadPb - tzYb6AtFbZ8THhGknXM8bHZhnV/8wmMmdf4KWLLLEFkXQ2TD9QSlj7pE+pOMlChze6nfIcPtnDC8 - S96wZJn7F3bxMNfUA1s0pZ3eELM8nBPu7uV/7sTY0aQppwTe+1O2ozskOp6Xz8z2RMuugVlE+FFI - +fd8OIjYbDx0/RlsGo0mzPMCIhdmETQcWCbogadRBB3I+L0nG2xd2r0xEEdCD9bXyuMdUAu5TAKM - GvZ95rGhYK4YeNEkCAehP2Lh2I8ilwf3TIyvo9dSytlgeuZ9wJ/aZ6c807nPttVXldNU9iNuxPYc - cnanaGZJHNKV2QXnFd0Y9iOy6hjcGcN3N3bgFBnZ3y7cj9/idvl//Ba3WwjHbjEwKVIFvObHm0zz - Rve+KJ4InFVVrXDtDviK5e+bMi9E/w5QFM6fAo9aVpg1kUx6dPNNU+tSI+4JCl7+0U9Q8BIWn6Cg - EwoM84CJDyriltTt1mMXcvOaJxjtciYXvKu3XPV2J7o6c67pzLUnTKerPWEonMgWcZlnigfpwr/R - P72oj39zhEVe/7f2p5JlZEIRysGvuWwOrVuwcC1l8XI91Kj7bP3yR6r+Wu5VL+U/voiqSUjwxlll - W6esp7U6N/WWqfVDJzffb2/2tnbrDdLa1Wr1GwAA//8DAPjThkTBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmtt7iOI2AYutjdugVZljgt0LQIaOossaZIlaRie23++456 + sVOn7pYMKwI4Eo/3/tyj++jBqqQy9RJPg0xBQ/qCg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfVuQRuUQXoBpQYD0rZ3WWWsKubO4E0UhlHoa/hQgbHTdQnnmjLLGXg9jzv/UXQ0OsIXA2KO + r7m1pUmCIIU5MJuq98qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGCN+mfTyeW0Hw0Gx3hUh2C85KNn + MLbKMGohU3rd5JDiG2rEYRz3w1E/Op6GYRKHSfTMDwfPfgjjMHRBOicWA6/NPDFIpx9gKcJ4k3b7 + koJhmpeucHj6nJiCCtEjKTeWS2ZJyYEBUXOyVHrhO22m5JUWj4yikty1i4obekst1cEth2VQh7UN + sBVF4WE0+snwv+DHAtteFejVwQJdTqlZuF5VM+uekjkVBnpeo/gS86p1e17OETia5etTuAWMNbzr + eZYjskpEiZfICnP0dmByGO4TRJ2g1Oo9pvrETrTadR/qznZ9cC/30LNN90pya9GA8Ta+HYR/r+8a + NbdLqh2QDS9KwTHgdKck2KgafoPRajB6ZLhfaVmXyaZhg9BNQDxYxYP/10sDixqk6DAarqLht3C4 + 6jwexqvD+Ft4bJF/d/cQjnEHxzlfvWo4EJt8/Q6bnmUaMqSVB1jHcJSomin/Isjjo32C0T7B8UPj + DaU1p44wavb2kn6Er9QiqTdk+PjZaah2S65BY067yagfT1Tlso0cYb52B1xmXmJ1BXcthzprmrOm + Bh8fnLnI8KrJVSXSMTeloOt2mvAYw7KvsG1uwtpqaMBk3Qg/JPCBPxwedQS+W7Z9NBNvaGZXsGn4 + ruBwS0xcaW7XT6xupx4MHkfwvKAZmMBpmM4IxwOhlr65zbZEdqqWHeENvLqcM3DM5EC7+7Ue7sk2 + 2ofQaOTSzqmZlJydcrl44SRjKN1mIVnXxbq3y1q2OZFKTnCxoDMBF0BNgwzdPnnnp1e/vDy7OX15 + Mjm7nNxMLi7+uMA0cLQM5o0XpjmQc6RgaYnzS7ghSoo1wXHmwhklVpHfuKbkXEOB80wqg5j1vzTW + EY6TF37iYThazBNvZ5ixshmXVGDPsOjbIXOy3bN2L2rLW+NcYHQdR2D7Mgmb21XphvZf4LhZYZ6I + sEZ58+n7fOt4HOi2qPqZsgUugh2yOuONr5N21/pPAXcLW9DtTXH3pZbgEM2UUPqsiWYmKuhnGllj + u64oMlZNs1VR4qoqbduFr/X08+K8ldu/gym3Ag4Scv2GlnFCTpRacCCvuUXWsuQSWKWBvBA0++Ry + xVSFYlTkythkFI7CYM5lisQYxMOjd7XBcV0KjPK9Ig4kyQH5R03yHf58X6tf4nrliAPVcMTbIMcV + kDHmg4djYD6Jhj3isLXJ4uT1BGXX+K8/jAZ1qK4tbAl+wa0GX+ksQFRS1ymOO5BDc4BX/dwWog68 + sfPK2bmSC6mW96t0rlVa4Vd1IjOc0wKrHkyxyM5nXSIMmPyqln2r9pSpbA3E70hAriNjyZ8V1RY0 + 2Zrcowpbn1Gt/eb5OblkVO6579Y7993fZHUvj8u1sVAYzCMtFUfsHCT1ed0iV7GCcmm4BR/hhQUz + +UxRne678cD+eAs0Z/k5YQ2ekErJDEASA5YsW3BZ5DrTAGyOAOuRZc5ZTgqg0qCQNjdaC5jvWzkD + QhlDsoSU3HJKKsQ/0+sS2Qbv/Q0AAP//7Flda9tAEPwrwhBwIFIl2bKdQkgNbaEPoSaBBkLBnCU5 + FrHuhD6ilNT/PbN354uiWmkJJfjB4AfZOu3OrW5nZ9ecx6ruOg1EF3jXt7KLI0DXq5jTAbOYsSvQ + 5GFHQELbgq6yEr4UeSqfsUROFMxwtyAGBPvexfyEgMF4UlqquFtsXbNftEUrYxJdVeBoW4xbDYBo + 0Xi8dvDGC9qz2aGKwU9OQSBvFCMg0AiLLUQyWFQI0E6kjT03dn+JZEQxQcho9/q81HXtiJoVmcwK + ZGH84GSrTJ5oOJnD5lz7nrMSamZR4UzN+9+vp1cz++rChk6QyWqcZIKOMmVDn0Vpwo+t/vFvHJR1 + KT7iGP4pWbwuyeINm3WoRGd9J2UXCan20qDDhtt5o0sIuEYIyHchZc/uhUa6IjAsXFFW7hDKbf5t + WzE6t6jSlFFF6f2NfimGpA9F/sbyQzrhHNlDqvZbdBYs2XAQeYvJ0A0WwDQen3q+P6JqZxbBwyvL + YnrB0yiCD5Sg3jMGW/cgn8whI6Ovdo8qBRzUOrlMso/uYALP94ax58YDPzodhYMwGHvhJIgil42W + Xjw5j86klaPB9Mj/io96zk4Z17Rp2+qnwqkKu0ZEbN8hPnayarFOQgqZnTFWUMTwvCwPEHO4/Dyz + R07GCX+7E91/xO1Wdv8Rt1vhfUcMTopUW6cFW1P7zPRkh/KJyFq1jorXbiDcsPxLlQu07DdgnHD1 + nHg0kMFdk8nkR8+ntNbLNeMeqOD9X/qBCt4D8YEKOqnAKA1AvFUZ90izXH3twq4omR5Rt5VH10TI + 7ZoIuWYi1L5hlFrM75NccKWFdMNZ6f8i1Nd/QipSZeFxe6nJ7g0E1/gb5cPW7kkvZQ+XcVGtyXDD + t2zv83JaKhz3ovx/M0VlzBiFL3RCP4ScjmwHgTTVpJkDuTRAXqL1X8DVD8jwbDabJwAAAP//AwBz + peQR+hoAAA== headers: - ATL-TraceId: - - e7642b360b5368f5 - Connection: - - keep-alive + Atl-Traceid: + - a17d498c40db0e54 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 280dcf16-827f-4546-b1db-edc1c4de723a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '240' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6e65cf11-03c3-49cf-a758-1cea50930b3a - x-envoy-upstream-service-time: - - '121' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,89 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11092 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11787 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy92U0dAMaSO22VL08x2GqBpYdDSWWYtkQJJ+WVt//uO - pBSnSZ21aQIk4pH39txzR372YFNSnnqxJ4GnICF9xSBPVYvTAlRLJQsoaEuUIKlmgqsWpEwXoGkr - WVCeQS6y1gqkwj1IR1BKUMC1O+u1PGYsh2FwFOFCQT7H5ULrUsW+n8IcEp2KT6JDdU6VYpR3OGgf - bWiflsyPfKZUBX5jYAlb1D+fDMeT9lHQRcncBuvFnz2FTiuVUA2ZkFsXXIorVIiCKGwHvXbUn4RR - 3O3FvcPO0bPg9yAKAhOj8aG3JVgzj4zR6PthEAQmTpd1vUhBJZKVBhGUHhNV0DxvkZQpzXiiSckg - ASLmZC3ksmO0E8EvZf4jUShIKgn+isGarqim8g/F/oUXBRapKp440Wn6Igy6Yb9eTjDQF7uUW54p - NPqaULU0Napm2nzFc5oraHmNDS+2Rr62PM2QGCUW2Yt5hZl4pRSfMLxHoldrW+xsNRrszOJWwXeR - XnKmNRow/Kq1TVJ/27NKzPWaSpOYYkWZM2RIeicbBNdSptff9Po/Em4Nc+2sRrpkBlj8uY1zL3iO - nqPeJuo92rAtoWXJE1X/f8BXeLgJD3/N16ZxVn884K0bbbrRr3mryamaj73evn41/b1556YLVuz6 - I1YwyyRk2Nf3aIicEnnl2sxJkkppUdgRMUUP0fN9G/37NtzocFLTmHb8eXE7xCXVOBXd0Pl5vruJ - djPDfGdNGjLbz4GoTE6hmUtXRsB45sVaVoBwoE39DpvdUNrFZs0Z85IlLvfP92QmVFRWC1Hl6QlT - ZU63dUugOJGAuZqu+96cPIzCZk7eRS3YB2e4byPajQwmJNPbR2LYqPu9nxuXrKAZKN9oqMYIQ0Eu - 1h21ynYj5kysm1HU8wxGdxLpNonkdAZmmBhq3jlkuvK7MIT7eBj2DR4LqoYlS84YX9qr+ARKczPz - pKmZreTa7t1IuOBDvJjpLIcRUOV4IOsv7+Ls8vXp+fTsdDA8Hw+nw9Ho7QjzwwZSCAgemCyAXODU - 5JoYv4QpIni+JdiRLDdGiRbkLyYpuZBQYNeSSiFnO7ZH72ZxhAaDLywIeqmMPXdhYO0Q/F1LfdPG - WIaMcZrfPVS/K2p4LatzjK6ZBFjXjMPN6ao0PfsDPHYvhUdSzynf3FbfXu4/x8Yd3V7SZIkPqYZy - jXHna1A/aX4p4OZd5DfPk6i5XDkYqiciF/LcRTPLK2hnEmfE7nEgyIlwxRZFiU89rusqPFS/b8H5 - wHe/BxOmcziIyfV7WkYxGQixZECumMYZpcnYXh7kVU6zLyZXTDUXCc0XQum4H/QDf854ioPRj/q9 - 6KO1eGKxwDA/CWJYEh+Q/1clT83f36yBMSDfcKigIra/FQ2uhri65Esu1rvYB+/uSQ8upEgrfMUM - eYYdVSA+/gThwHPXNhm0S/4U67YWexIqawPRR+KT61Bp8k9FpQZJdib3qMLOZ2i13x9fkHFC+Z7z - 5u3kHx49c7i9lJQnC39CMwz2HEvrpBXL09OT26KBKAqmCY6nxS2xAW6rNBQKc09LwZAZB7GVW/wN - TQvKuGIaOkieuNfr7tvbJ/dT9DkTVKZNDW5qcbKjmPF6TBLHJIySzAA4UaDJuqaVxinn3iVkjtRq - kfWCJQtSAOUKN6k7UVtA/NACoUmCUxJSsmKUVEj8RG5LHDN4jHNw12vHhDJC/uEATSBueLderzti - TVXZETLzkXWw6ZSL0hIDCTidCzl1ztSUarysZxWWZvr07dXx+KI9ftPGi8ZS83J05ow+BMwbwCTT - mLweTj5wnOXYuMiemIhylXzgwxUzVwgGNwbddu1W7/0HAAD//+xZ22rbQBD9FWEIJCGStbLlS6Gk - phfoQ0tooIW8raVNLKobWslpcf3vPbO73jiK5Za0BD8YQlh7LzM7O3PmzPhfBcRZEncJ0HN7BHQf - SyuWCf5LbaMuEU/XKcf4hMx+p8pQ8otvC5FTeDvcPm+BKhV6wCFImWQpnCTHi2Rqj1NUlAM5ZiWl - IKS/7yK/IP/IHQSBplIOT+/5T3I0p+TKSRqJh3XgOVt+gko0F6mHOJbkedbPtjyRZJGjQr7RT24U - pPNkAy/dqafyvPOPWcmjmu75uXAS9cEBnpC5lPXPr2tRSkrhldA4I/RiE9nWdVXkAvTcERvCaLPr - ty4bGIOiti8IjwjSTjkeNj9zTs9+4THTungFLHnKEFkXQ2TDrolwM0F5pa6QFxX9JfraWurbpe0J - y7uUhRXL3L2wi4f5th5AWPJoQdC6k+L50518pp0HZZNlnBJ470/ZjmxIdLyonpntiZZdArOoiEAh - Fd7y4SBm88nQD+dQeDyesiAYEbmwiyBhzzJBDzyLY8hAxu896OCa0u6NhTg6dG99rT3eA7VQyxTA - 6GE/ZAEbCuaLQRBPR9EgCscsmoRx7PPRLROTy/i1OuVkMDsJPuBP73Mznpvc57r6K+k10r2HRdzA - I2f3ymaeJhGZzC05l2Qx7Edk1Qm4M4bvrtyRV+akf7twP3yN2+X/4WvcbiEcusaAnljXzIYfbzPN - K9P7ongicNaVuoavG+Arlr9vqqIU/RtAUbR4CDxqWWHWRjLJMc03Q60rg7hHKHj5Rz9CwUtofISC - TiiwhAIq3umIW1G324x9nFvUPMVoBzUC7+qt1r2nE12dOd925toTttPVnrAUTuTLpCpyTZJM4d+Y - n170x7+5wrKo/1tLVZ9lz4QglINfC9Ucsl1PVLNK49VmaFD32fLVj1T9zbkXvYz/+CJkk9LBW3dV - bZ2qntX63tRbptYP3dx+/3hz8Gi32aC0Xa/XvwEAAP//AwDcynHZwRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmst7iOK2AYutjdugVZljgt0LQIaOossaZIjaRie23/+456 + sVun7pYMGwqkFo/3/tzDe+/BuqIy81JPg8xAQ/acg8iML2kJxjesgJL6qgJNLVfS+JBxW4KlPiuo + zEGo3L8DbVAG2SVUGgxI291ltbGqXDiDt3EUxVGg4Y8ajJ1tKrjQlFnOwPM97vzH8cn4BD8MiAV+ + FtZWJg3DDBbAbKbeqYBaQY3hVAYSbIiebEgrHiYhN6aGsDewhA3qn8+mV7NBPBw+xaMmBOOl7z2D + sdWGUQu50ps2hwy/UCOJkmQQjQfx01kUpUmUxk+CaPjkuyiJIhekc2Ix8MbMI4N0+iGWIkq2aXcf + GRimeeUKh6fPiCmpED7JuLFcMksqDgyIWpCV0svAaTMlr7V4YBS15K5dVNzSO2qpDu84rMImrF2A + nSiOjuPxD4b/Cd+X2Pa6RK8OFuhyRs3S9aqeW/crXVBhwPdaxReYV6PrewVH4GhWbM7gDjDW6KPv + WY7IqhAlXiprzNHbg8lxdEgQ94JKq3eY6iM70Wk3fWg62/fBfXyCnl2615JbiwaMt/XtIPxrc9eo + hV1R7YBseFkJjgFneyXBRjXwG47Xw/EDw/1Ky/pMtg0bRm4CkuE6Gf63XlpYNCBFh/FoHY/+D4fr + 3uNxsj5O/g+PHfI/frwPx6SH44KvX7YciE2+eYtNz3MNOdLKPaxjOErU7ZR/EeTJySHB+JDg6X3j + LaW1p44wGvb20kHc8ZiriuasjeP9vTOHVUzYFKoW2YSbStBNh2g8XlGLz0JLpw+fvpasd/Qctua0 + m63m56mqXb2aUF+5Ay5zL7W6dr7RqH2JbXMT1lVDAybrRvg+gQ+D0eikJ/D9sh2imWRLM/uCbcP3 + Bcc7YuJKc7t5ZG169XD4MILnJc3BhE7D9EY4Hgi1CsxdviOyM7XqCW/oNeWcg2MmB9r913p0INv4 + EELjsUu7oGZacXbG5fK5k0ygcpuFZD2CGlytGtn2RCo5xcWCzgVcAjUtKnX3y7s4u/7pxfnt2YvT + 6fnV9HZ6efnbJaaBo2Uwb7wwK4BcIAVLS5xfwg1RUmwIjjMXziixivzCNSUXGkqcZ1IbRFzwpbGO + cZy86AOPovFykXrte4UtwhrvZuqzAcdq51xSsX+p24u68ja4FxhdzxHYvlzC9nZduaH9BzhuV5hH + IqxV3j59n28dDwPdDlU/UrbERbBHVm+89XXa7Vr/KuB+YQv7vSnpX2oJDtFMCaXP22jmooZBrpGx + duuKIhPVNluVFa6q0nZd+Fr/Pi/OG7n7dzTjVsBRSm5e0ypJyalSSw7kFbfImJZcAas1kOeC5h9c + rpiqUIyKQhmbjqNxFC64zJDWwmR08rYxOGlKgVG+U8SBJD0if6tJvsE/3zbqV7heOeJANRzxLshJ + DWSC+eDhBFhA4pFPHLa2WZy+mqLsBv8bjOJhE6prC1tBUHKrIVA6DxGV1HWK4w7k0Bzi1aCwpWgC + b+28dHau5VKq1adVutAqq/FVncoc57TEqoczLLLz2ZQIAyY/q9XAqgNlqjoDyVsSkpvYWPJ7TbUF + TXYmD6jCzmfcaL9+dkGuGJUH7rv1zr3726w+yeNqYyyUBvPIKsURO0dpc960yFWspFwabiFAeGHB + TDFXVGeHbtyzP9kBzVl+RliLJ6RSMgeQxIAlqw5cFrnOtABbIMB8sio4K0gJVBoU0vZGZwHzfSPn + QChjSJaQkTtOSY34Z3pTIdvgvb8AAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSFFlYog6DY + TmMaS8Y/6o4u/3vfSYrqeHU3yij5EMgHJ5Luns66p3cXzmN15zsNRBd417eyiiNA16uY0wGzmLEr + UORhR0BC24KushK+FHkq11giJwpmGC2IAcG+dzE/IWAwnpSWEhYWW9fsF23RyphEVxU42hbjVgMg + SjQerx288YL2bHaoYvCTUxDIG8UICDTCYguRDBYVAvQi0saeG7u/RDLiMkHIaPf6vNR17YiaFZnM + CmRh/OBkq0yeaDiZw+Zc+56zEkpqUeFMzfvfr6dXM/vqwoZOkMlqnGSCjjJlQ59FacKPrf7xbxyU + dSk+4hj+KVm8LsniDbcDxGclKus7KZpIxLWnBh023M4BIwRkyKW6eXlilzBwjXTduTfbfNteZXQt + wsnCFeWyIu2iSlNGN0rvb/RLMSR9KPI3Xj+kE86RPaRJv0VnwZINB5G3mAzdYAGM4/Gp5/sjuu3M + JHh4ZVpML3gaRfCBK6j3jMHWNcgnc8jI6KvVo0oBB3ednCbZR1cwged7w9hz44EfnY7CQRiMvXAS + RJHLRksvnpxHZ9LK0WB65H/FR62zU8Y1bdq2+qlwqsKuERHbd4iPnaxarJOQQmZnjBUUMayX1wPE + HB4/z+yRk3HC365E9x9xu5Tdf8TtUnjfEYOTIlVSasHW1D4z3dmhfCKyVoWf4rUbCDdM/1LlAiX7 + DagoXD0nHjVkMGoymfzo/pTWerlm3AMVvP9LP1DBeyA+UEEnFRjlAYi3KuMeqZern13YFSXTLeq2 + EunqCLldHSHXdITaA0apxfw+yQVXqkYXnJX+L0J9/SekIlUWHrePmuzeQHCNv1E+bO2e9FL2cBkX + 1ZoMN3zL8j4vp6XCcS/K/9cRVMaMUfhCJfRDyO6IaUKKXPYcyKUBsovW34GrF8jwbDabJwAAAP// + AwAwQEnv+hoAAA== headers: - ATL-TraceId: - - f8516743a77be9eb - Connection: - - keep-alive + Atl-Traceid: + - d40aa6d9c11d3b87 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e23d62a2-a088-40f9-af90-46beffcc649f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '266' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bdf46bf6-a73e-409a-acc2-78401a697f14 - x-envoy-upstream-service-time: - - '158' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml index a06459b05e9..7ddc9497781 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJmjZLbqIHFVmFdk8ikqRTrKTJ0qbCsux/N8HFj9vwzvPM - y5yI0QvuZ0cUeY/xsKjNpscBbezDR6A6Or0so/bUYyQF+cR5GYNPMANgFCiU7e76ub176n63u3Uy - aSLqJUMFFPBakB4PLhwn9LE7HjAduHFh7ZNk1tH13wpRWajlJbzVMYMcOCtBlFx2TChgqhIUAK6A - AyR/wTn1duP0j912jCdQ1YLWUP2wdrr3Q0ig5FvZ1IPRtsJKYwN2aGRjeqMlDBZACyGlwepPQXS5 - 4WGcNcnvDHp18TFYneMTcZeJoH/bt+R8/gIAAP//AwDJD0TkWgEAAA== + H4sIAAAAAAAAA1SPW0vEMBCF/8u82mYn6SXdvIk+qMgqbPdJRNImwUqalCYVlmX/uykuXmAeDme+ + M4c5QSeDPswWBLzHOAWx2ShtdB+V//BERitDGKQjTkfI4FPPYfAuwRSREiSY73fXz/u7p/Z3u1vG + LikQLyuUYYavGSg9WX8ctYvtcdLpwI31i0qhbhms+o6ASAGG1cW8lXEFGTKWY5NT3mIjkAtWEUS8 + SiSmfNBz6m2H8R+7bREFS0NJsaU/bD/eO+MTWJeUm8IYU/CGsRqLBrGsJKtpL1HVPeelxqL+WxDt + 2vAwzBLWd4xcbHz0vVztE9iLAu3eDns4n78AAAD//wMAhTLnQloBAAA= headers: - ATL-TraceId: - - 9f530377f3b06559 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 77d1be96d05f1a09 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9c383d5c-a2c9-41ef-b671-a808edd7d1cb - x-envoy-upstream-service-time: - - '44' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - e2e6810361c7a223 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 98321aa9-5268-4b39-826f-b9c780b6d053 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '326' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4eeae92e-6290-4e7b-9692-a21375f791ab - x-envoy-upstream-service-time: - - '74' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - f0f3f321774104cb - Connection: - - keep-alive + Atl-Traceid: + - ca6d912e4d6794d5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:54 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a4bb1547-9c6a-44f2-afc9-21c7f50dac91 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '205' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 115bc6d2-fb2e-4d93-a07d-f06f6f455d8a - x-envoy-upstream-service-time: - - '80' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2845]\n\n*Defect Dojo link:* http://localhost:8080/finding/2845 - (2845)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/697]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/270]\n\n*Defect Dojo link:* http://localhost:8080/finding/270 + (270)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11093","key":"NTEST-904","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11093"}' + string: '{"id":"11788","key":"NTEST-1450","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11788"}' headers: - ATL-TraceId: - - 123c4e66831a88fc - Connection: - - keep-alive + Atl-Traceid: + - cdcf6254406785ff + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1d5242ec-5d61-4b53-a454-8a6e84bdd858 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '523' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb53df0a-0b23-47e6-a415-173320127afc - x-envoy-upstream-service-time: - - '473' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-904 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1450 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvnSwkqk6cRKt3HHGNeWIY1NlZu8pl4TO7Kdph3jf79n - J6EMVm5jIEH87Pf98z72tQPrnPLYCR0JPAYJ8WsGaaxanGagWipaQEZbIgdJNRNctSBmOgNNW9GC - 8gRSkbRWIBXuQTyCXIICrquzTsthxrLve4ddXChI57hcaJ2r0HVjmEOkY/FFdKhOqVKM8g4H7aIN - 7dKcuYHLlCrAbQwsYYP6Z5PheNI+9HoomdtgnfDaUei0UBHVkAi5qYKLcYUKgRf4ba/XDvoTPwi7 - vXB/v9MNun96geeZGI0PvcnBmnlijEbf9T3PC26zrhcxqEiy3FQEpUdEZTRNWyRmSjMeaZIziICI - OSmFXHaMdiT4hUx/JgoFUSHBXTEo6YpqKv9S7Cu8zLBJRfasEp3EL32v6/fr5QQDfblNueWYRqOv - CVVL06Nips1XOKepgpbT2HBCa+Sm5WiGwMixyU7IC8zEyaX4guE9sXq1tq2d7UZTO7O40/BtpBec - aY0GDL5qbZPUP/asEnNdUmkSUyzLU4YIie9lg8W1kOn1173+z4Rbl7l2Vlc6Z6aw+HO3zj3vBXoO - euug92TDtoUWJc9U/f8RX/7B2j/4PV/rxln98Yi3brDuBr/nrQanaj52eru5MfO9/lCxC3bs6jN2 - MEkkJDjXD2CImBJpUY1ZJYkKpUVmKWKKHoIXuzb6D21U1FFJzWBa+nPCtt9yME39ASfO4Ko+QDXy - ZEVDvz4BFcfdsppbWZMG3vZzIAqTpW+Y6tIIGE+cUMsCbmryMsYki6rcrx/ITGB4VC1EkcbHTOUp - 3dQjgeJIAuZqpu5HPOntHzQ8eb9q3q5y+rs2gl0b3S2XMCGZ3jyxlI26a+6GX+BRltEElGs0VGOE - oSAVZUetki33nIqy4aiec2OwMANDJgaa95IyU/nDbP1dOPT7Ju0FVcOcRaeML+1VfAy5uZl51PTM - drK0e7cSLvgQL2Y6S2EEVFU4kPWXc3568ebkbHp6MhiejYfT4Wj0foRp4AApzBsPTBZAzpE1uSbG - L2GKCJ5uCE4kS41RogX5m0lKziVkOLWkUIjQjp3R+1kcokHvG/O8Xvw1dO6NLFY2YZym2DMs+nbG - zN59Wf2uqMtrUZ1idA0TYPsSDreni9zM7E/guHopPBFhlfLtbfX95f5roNui6hWNlviQapDVGK98 - DeonzW8F3LyL3OZ5EjSXKweD6EikQp5V0czSAtqJRI7YPg4EORZVs0WW41OP67oLj/X0++J84tvf - vQnTKeyF5Oojzf2QDIRYMiCXTCNHaTK2lwd5ndLkm8kVU01FRNOFUDrse33PnTMeIw26Qb+3/9la - PLa1wDC/CGJQEu6R/1clz83fP6yBMSDekDtQEafcigaXQ1xd8CUX5Tb2wYcH0r1zKeICXzFDnuBE - ZVgfd4LlwHNXNhm0S96Ksq3FjoTy2kDwmbjkylea/FtQqUGSrckdqrD16Vvtj0fnZBxRvuO8eTu5 - B4cvqrq9kpRHC3dCEwz2DFtbSQuWxifHd0UDkWVME6SnxR2xKdxGacgU5h7ngiEy9kIrt/U3MM0o - 44pp6CB4wl6vu2tvl9yN0edMUBk3PbjtxfEWYsbrEYkqJGGUZAbAiQJNyhpWGlmuepeQOUKrRcoF - ixYkA8oVbtLqRG0B64cWCI0iZEmIyYpRUiDwI7nJkWbwGOdQXa8dE8oI8YcEGkHY4K4sy44oqco7 - QiYuog7WnXyRW2AgAKdzIaeVMzWlGi/rWYGtmT5/f3k0Pm+P37XxYrTQvBidVkYfK8w7wCTjkLwZ - Tj5x5HIcXERPSES+ij7x4YqZKwSDG4NuV+NW7/0HAAD//+xZ22rbQBD9FWEIJCGSJdnypVBS0wv0 - oSU00ELe1tImFtUNreS0uP73ntldb2TZcktagh8Mxqy9q5nx7MyZM+N/VRClcdSlQO0dUNAtlk4s - Y7wL5aMuFbvnZGB8QgF/kG0oxcW3Bc8ovS1mrjdHlwo7EBBkTLzkVpzhRlL5jJWXVAMZdgWVIJS/ - 7zy7ovjILCSBolIWSx7ZTwo0q2AySGqBi7UQOY04QSea8cRBHguKPBNnjUgkXRSo0K/tExsDSZ6o - EaV77ZSRd/kxLVhY0e/8nFux/GABT8hd0vuXtxUvBJXwkiuc4eqwzmwTujJzAXr2yBvCabPbt7Y3 - 0A5Fb58THhGknTNcbHZhnV/8wmUmVf4KWLLLEL0uhugNuzaCJh+oStRFSXaJvraOuuZoe6OLd7mG - d0nXS5a5/6DpB7aoS7u8IWdZuCDc3cv/3KlRV6cpowLe+1O1Ix8SHc/LZ1Z7omXXwCxqGdBIBfds - OIi8+WToBnPYNB5PPd8fEbkwh6DhwDFOFzyLIuhAxe892WDr1u6NgTgSerC/VhHvgFrIYxJg1LIf - eL435J7LB340HYWDMBh74SSIIpeN7j0+uY5eSylng9mZ/wEv9ZydskzXPttWXwmnFvYjPGL7DgW7 - U9TzJA7JZXbBmCCP4XlkVhWDO2P57sYeOUVG9rcb9+O3uN3+H7/F7RHCsVsM6IlUz6z5cZNp3ujZ - F+UTgbPqyxV83QFfcfx9XeYF798BccLFU+LRyAq7JpNJjx6+aWpdasQ9QcHLX/oJCl7C4hMUdEKB - YR4w8UFl3Iqm3XrtQm5esQSrPdQIvKu3Wvd2N7omc27XZM41k7n2hqFwPFvGZZ4pHqQb/1r/9aI+ - /tVPQHcpJaw2S42Cz0C+xp9G/Y3cq17Kfnzhok5IcEO3HLOU1axSdizz6r8NcpUsIxOq0JZ+zeWQ - ajN9pdkyjX5Io7Fj21h/y1r9gPTOer3+DQAA//8DAIALNhzBGwAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRJXAHDkMXuli3IssRpgaZBQFNniTVFqiQV20v733fU + i906dbdkWJEgkXi89+ce3YMHy5LK1Es8DTIFDelLDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8etEEZpJdQajAgbXuXVcaqYuYM3kVhGIV9De8rMHayKuFCU2Y5A8/3uPMfRUfDIb4YEDN8 + za0tTRIEKcyA2VS9U31qBTWGU9mXYAP0ZANa8iAOuDEVBJ2BOaxQ/3wyvpr0osFBiEd1CMZLHjyD + sVWGUQuZ0qsmhxTfUCMO47gXDnvRi0kYJjH+xv3Bwf4PYRw6G7UTi4HXZp4ZpNMPsBRhvE67fUnB + MM1LVzg8PSamoEL4JOXGcsksKTkwIGpGFkrP+06bKXmtxROjqCR37aLijt5TS3Vwz2ER1GFtAmxF + UbgfDX8y/C/4scC2VwV6dbBAlxNq5q5X1dS6p2RGhQHfaxRPMa9a1/dyjsDRLF+dwT1grOFH37Mc + kVUiSrxEVpijtwWT/XCXIOoEpVbvMNVndqLVrvtQd7brg3v5BD2bdK8ltxYNGG/t20H49/quUTO7 + oNoB2fCiFBwDTrdKgo2q4TcYLgfDJ4b7lZZ1mawbNgiPMIx4sIwH/6+XBhY1SNFhdLiMDr+Fw2Xn + cT9e7sffwmOL/I8fH8Mx7uA448tXDQdik29uselZpiFDWnmEdQxHiaqZ8i+CPD7aJRjuErx4bLyh + tObUEUbN3l7Si3wPi2NfYeIOo82FevBdnTRnTWQPj84cerEEJleVSEfclIKuWozj8YJa/FA0BPv0 + eWzoe0PYQWNOu2mrH09U5SoYuVBfuwMuMy+xunK+mQZM1o3wlwg8Oog7At8u2y6aidc0sy1YN7zU + XGluV89MuFMPBk/jcV7QDEzgNExnhOOBUIu+uc82fHWmFh2vDbzHyI33u0QEnYJjJgfa7a/14Y4y + RLsQGg1dPXJqxiVnZ1zOXzrJCEq3WUjW4aVG0aKWrU+kkmNcLOhUwCVQ02BQt0/exdn1L6fnd2en + J+Pzq/Hd+PLyj0vMD0fLYEHwwiQHcoEULC1xfgk3REmxIjjOXDijxCryG9eUXGgocJ5JZRBf/S+N + dYTj5IUfeBgO5zLxtoYZS55xSQU2E7uxGTIn2z5r96K2vDXKBUbXcQT2NZOwvl2Vbmj/BY6bFeaZ + 0GuU15++z7eOp6FxA7efKZvjIthBrjPe+Dppd63/FHC3sAXd3hR3X2oJDupMCaXPm2imooJeppGf + NuuKIiPVNFsVJa6q0rZd+FpPPy/OW7n52ZtwK2AvITdvaBkl5ESpOQfymlvkR0uugFUayEtBsw8u + V0xVKEZFroxNhuEwDGZcpkhiQXwU3tYGR3UpMMp3ijiQJHvkHzXJd/jn+1r9CtcrxyiohrPfBjmq + gIwwHzwcAeuT6NAnDlvrLE5ej1F2g/96h9GgDtW1hS2gX3Croa90FiAqqesUxx3IoTnAq/3cFqIO + vLHzytm5lnOpFp9W6UKrtMKv6lhmOKcFVj2YYJGdz7pEGDD5VS16Vu0oU9kaiG9JQG4iY8mfFdUW + NNmY3KEKG59Rrf3m+IJcMSp33HfrHY7F4TqrT/K4WhkLhcE80lJxxM5eUp/XLXIVKyiXhlvoI7yw + YCafKqrTXTce2R9tgOYsHxPW4AmplEwBJDFgyaIFl0WuMw3AZggwnyxyznJSAJUGhbS50VrAfN/K + KRDKGJIlpOSeU1Ih/plelcg2eO9vAAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsrlEFQ + bKcxjSXjl7qjy3/vc5Kiul7cjTJKPgTywYnku0ene3nuwnmsKrzTQHSBu76VXRwBul7FnBzMYkau + QJOHEwEJHQu8ykr4UuSpfMcSOaVghtWCMiCy713MTwgYhCelpWiExdY1+0VHtDIm0VUFXNti3GoA + RIvG47WDGy/ozOaEygY/ORmBtJGNgEAjLLYQSWBRwUA7kTbO3Dj9JYIRxQQmo9Nrf6nr2hE1KzIZ + FYjC+MHJVpn0aCiZQ+Zc656zErxpUcGn5v3v19OrmX11YaPuymA1SjJBrkzR0GdRmvBjq3/8G46y + LsVHuOGflMXroizesFmHSnTWd5IiEWVrbw06ZLidC11EwDVEQN6F5EO7NxrqCsOwcEVRuYMot/Nv + W4rhuUWVpowqSu9v6ZdsSPxQ5G8sP8QTzhE9xEC/RWfBkg0HkbeYDN1gAUzj8ann+yOqdmYTNLyy + LaYLnkYRdKAE9Z4x2LoH+WScjIS+2j2qEHBQ6+Q2mX10BxN4vjeMPTce+NHpKByEwdgLJ0EUuWy0 + 9OLJeXQmpRwNpkf+V3zUe3bKuE6btq1+KpyqsGtYxPYdysdOVi3WSUgmszPGCrIY3pflAWQOj59n + 9sjJOOFvd6L7j7jdyu4/4nYrvO+IkZMi1UBqwtbkPjM92aF4omSt2jyV125A3LD9S5ULtOw3yDjh + 6jnwaCCDVRPJpEfPpzTXy3XGPaSC97/0Qyp4D8SHVNCZCgzTAMRbFXGPNMvVzy7kipLpEXWbeXRN + hFwzEWovmAlLe8EwtZjfJ7ngigvphrPS/0Wor/+EVKRKwuP2USe7NyS4xt8oH7ZyT3ope7iMi2pN + ghu6ZXufl9NS4bgX5f+b/ylhRih0oRP6IeR0xIwcRS5nDqTSAHmJ1n8BV78gzbPZbJ4AAAD//wMA + nnlhOfoaAAA= headers: - ATL-TraceId: - - 82217f0d2f34126a - Connection: - - keep-alive + Atl-Traceid: + - a9a10123c3362265 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5cc988ba-7468-4cf9-9246-85836c7da7c0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0e271e09-21c2-4408-8910-ab22ebcbb9f7 - x-envoy-upstream-service-time: - - '159' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11093 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11788 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbU8bORD+K9Z+OPW4JPuSQMNK1YmGtMcdpVwSilRaRc7uZOOya69sb17a8t9v - bO8SCg3XUpBgPbbn9Zln/MWDdUl56sWeBJ6ChPQVgzxVLU4LUC2VLKCgLVGCpJoJrlqQMl2Apq1k - QXkGuchaS5AK9yAdQSlBAdfurNfymNEchsFhFxcK8jkuF1qXKvb9FOaQ6FR8Eh2qc6oUo7zDQfuo - Q/u0ZH7kM6Uq8BsF17DB+2eT4XjSPgx6KJlbZ734i6fQaKUSqiETcuOcS3GFF6IgCttBrx31J2EU - d3vx/n6nG3X/CKIgMD4aG3pTglXzRB/NfT8MgiC6jbpepKASyUqTEZQeEVXQPG+RlCnNeKJJySAB - IuZkJeR1x9xOBL+Q+Y94oSCpJPhLBiu6pJrKPxX7DC8KLFJV/OZEJ+mLMOiG/Xo5QUdfbENueabQ - aGtC1bWpUTXT5iue01xBy2t0eLFVctPyNENglFhkL+YVRuKVUnxC956Yvfq2zZ2tRpM7s7hT8K2n - F5xpjQoMvurbJqh/7Fkl5npFpQlMsaLMGSIkvRcNJtdCptdf9/o/4m6d5tpYnemSmcTiz90894Ln - aDnqraPekxXbElqU/Kbq/4/YCg/W4cGv2Vo3xuqPR6x1o3U3+jVrNThV87HT2s2N6e/1O8cuWLGr - j1jBLJOQYV8/gCFiSuSVazMnSSqlRWEpYooWoue7NvoPdTjqcFLTmJb+vLgdtjwMU7/DjjO4qg9Q - jTzpaOjnO8Bx3C2r+U6bNPC2nwNRmShDw1SXRsB45sVaVnBTk5dRJlniYv/yQGYcw6NqIao8PWaq - zOmmbgkUJxIwVtN13+PJYP+g4cn7WQt2pTPctRFtKYMJyfTmiRlrrvtmBPwEXbKCZqB8c0M1ShgK - crHqqGW2pZhTsWqoqOeZHN0LpNsEktMZGDIx0Lx3yHTld9MQ7sJh2Df5WFA1LFlyyvi1HcXHUJrJ - zJOmZraSK7t3K+GCD3Ew01kOI6DK4UDWX9756cXrk7Pp6clgeDYeToej0dsRxocNpDAheGCyAHKO - rMk1MXYJU0TwfEOwI1lulBItyN9MUnIuocCuJZVChHZsj96P4hAVBl9ZEPTSz7HnBgbWDpO/balv - 2hjLkDFO8/uH6ndFnV6L6hy9a5gA65pxuD1dlaZnfwDH7qXwROi5y7fT6tvh/nNo3MLtJU2u8SHV - QK5R7mwN6ifNLzncvIv85nkSNcOVg4F6InIhz5w3s7yCdiaRI7aPA0GOhSu2KEp86nFdV+Gx+n2b - nA98+7s3YTqHvZhcvadlGJOBENcMyCXTyFGajO3wIK9ymn01sWKouUhovhBKx/2gH/hzxlOkQT/q - 9/Y/Wo3HNhfo5idBDEriPfL/V8kz8/d3q2AMiDckFbyI7W9Fg8shri74NRerre+Ddw+ke+dSpBW+ - YoY8w44qMD/+BNOB565sMKiX/CVWbS12BFTWCqKPxCdXodLk34pKDZJsVe64Clubob39/uicjBPK - d5w3byf/4PC5y9tLSXmy8Cc0Q2fPsLROWrE8PTm+KxqIomCaID0t7ohN4jZKQ6Ew9rQUDJGxF1u5 - zb+BaUEZV0xDB8ET93rdXXu75H6KNmeCyrSpwW0tjrcQM1aPSOKQhF6SGQAnCjRZ1bDSyHLuXULm - CK0WWS1YsiAFUK5wk7oTtQbMH2ogNEmQJSElS0ZJhcBP5KZEmsFjnIMbrx3jygjxhwSaQNzgbrVa - dcSKqrIjZOYj6mDdKRelBQYCcDoXcuqMqSnVOKxnFZZm+uzt5dH4vD1+08ZBY6F5MTp1Sh9LzBvA - INOYvB5OPnDkcmxcRE9MRLlMPvDhkpkRgs6NQbddu9V7/wEAAP//7FnbattAEP0VYQgkIZIl2ZLt - QklNL9CHltBAC3lbS5tYVDe0ktPi+t97Zne9sWXLLWkJfjCEsPZeZnZ25syZ8b8KiLMk7hKg5g4I - 6D6WViwS/BfKRl0idtdJx/iEzP4gy1Dyi29znlN4W8w8b4EqFXrAIUiZZMGtJMeLZHKPVVSUAxlm - BaUgpL/vPL8i/8gtBIGiUhZLH9lPcjSrZNJJGoGHteA5G36CSjTnqYM4FuR5xs82PJFkkaNCvtZP - rBWk80QDL92rp/S8y49ZyaKa7vm5sBL5wQKekLmk9S9va14KSuEVVzjD1WId2cZ1ZeQC9OzQG8Jo - 09u3tjfQBkVtXxAeEaSdMzxsfmGdX/zCY6Z18QpYsssQvS6G6A27JoL1BOWVukJelGSX6GtrqWuW - tie6eJdreJc0vaSf+xeaemCLprTTW3vXxOyqaxbNCZBVjhRNljFK4L0/ZTuyIdHxonpmtidadg3M - opIBhVRwz4aD2JuNh24wg46j0cTz/ZDIhVkECQeWcXrgaRxDBjJ+70kHW5d2bwzE0aEH62vl8Q6o - hVwmAUYN+4Hne0PuuXzgx5MwGkTByIvGQRy7LLz3+Pg6fi1PORtMz/wP+FP77IzlOvfZtvpKOI2w - H2ER23fI2Z2ymaVJRCazS8YEWQz7EVl1Au6M4bsbO3TKnPRvF+7Hr3G7/D9+jdsthGPXGNATq5pZ - 8+NNpnmje18UTwTOqi5X8HUHfMXy901VlLx/B8SJ5k+BRy0rzJpIJjm6+aapdaUR9wQFL//oJyh4 - CY1PUNAJBYZ5QMUHFXFL6nbrsYtzi5qlGO2hRuBdveWqtzvR1ZlzTWeuPWE6Xe0JQ+F4vkiqIld0 - Rxf+jf7pRX38myssivq/NVDVWeZMCEI5+LWQzSHT9UQ1KzVerocadZ8tX/5I1V+fe9XL2I8vXDQp - HbxxV9nWqeppre5NvWVq/dDNzffbm/2t3XqD1Ha1Wv0GAAD//wMAFAKOtsEbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvcRJXAHDkMXuli3IssRpgaZBQFNniTVFqiQV22vz33fU + i906dbdkWJEgkXi89+ce3QcPliWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf49aIMySC+h1GBA2vYuq4xVxcwZvIvCMAr7Gt5XYOxkVcKFpsxyBp7vcec/io6GQ3wxIGb4 + mltbmiQIUpgBs6l6p/rUCmoMp7IvwQboyQa05EEccGMqCDoDc1ih/vlkfDXpRYODEI/qEIyXfPAM + xlYZRi1kSq+aHFJ8Q404jONeOOxFLyZhmMT4G/cHB/s/hHHobNROLAZem3lmkE4/wFKE8Trt9iUF + wzQvXeHw9JiYggrhk5QbyyWzpOTAgKgZWSg97zttpuS1Fk+MopLctYuKO3pPLdXBPYdFUIe1CbAV + ReF+NPzJ8L/gxwLbXhXo1cECXU6ombteVVPrnpIZFQZ8r1E8xbxqXd/LOQJHs3x1BveAsYYPvmc5 + IqtElHiJrDBHbwsm+2EnKLV6hxk9s+Ctdl3uuoFdud3LJyDZZHUtubVowHhr3w6pv9d3jZrZBdUO + r4YXpeAYcLqVOfajRtlguBwMnxjuVzrTZbLuyyA8wjDiwTIe/L9emu7XWESH0eEyOvwWDpedx/14 + uR9/C48twB8eHsMx2oXTuBPM+PJVw4HY/ZtbREOWaciQVh5hHeNUomqm/ItW46NdguEuwYvHxhtK + a04dYdTs7SW9CF+pRVJvyPDpQ9VQ7YZcg8acdiNTP56oymUbOcJ87Q64zLzE6goeWg511jRnTQ0+ + PDpzkeFVk6tKpCNuSkFX7ZjhMYZlX2E/3ei11dCAybrZ/hKBRwdxR+DbZVvTzLZgV8PjdcNLzZXm + dvXMInbqweBpPM4LmoEJnIbpjHA8EGrRN/fZhsjO1KIjvIH3GNLxfpeIoFNwlOVAu/21PtxRhmgX + QqOhq0dOzbjk7IzL+UsnGUHpNgvJui7WvV3UsvWJVHKMiwWdCrgEahpk6PbJuzi7/uX0/O7s9GR8 + fjW+G19e/nGJ+eFoGSwIXpjkQC6Qm6Ulzi/hhigpVgTnnAtnlFhFfuOakgsNBQ46qQxitv+leY9w + nLzwIw/D4Vwm3tYwY8kzLqnAZmI3NkPmZNtn7V7UlrfGucDoOo7AvmYS1rer0g3tv8Bxs8I8E3qN + 8vqb+PnW8TQ0buD2M2VzXAQ7yHXGG18n7a71nwLuFrag25vi7hMuwUGdKaH0eRPNVFTQyzSyxmZd + UWSkmmarosRVVdq2C1/r6efFeSs3P3sTbgXsJeTmDS2jhJwoNedAXnOLrGXJFbBKA3kpaPbR5Yqp + CsWoyJWxyTAchsGMyxSJMYiPwtva4KguBUb5ThEHkmSP/KMm+Q7/fF+rX+F65RgF1XD22yBHFZAR + 5oOHI2B9Eh36xGFrncXJ6zHKbvBf7zAa1KG6trAF9AtuNfSVzgJEJXWd4rgcOTQHeLWf20LUgTd2 + Xjk713Iu1eLTKl1olVb4uR3LDOe0wKoHEyyy81mXCAMmv6pFz6odZSpbA/EtCchNZCz5s6LagiYb + kztUYeMzqrXfHF+QK0bljvtu78OxOFxn9UkeVytjoTCYR1oqjtjZS+rzukWuYgXl0nALfYQXFszk + U0V1uuvGI/ujDdCc5WPCGjwhlZIpgCQGLFm04LLIdaYB2AwB5pNFzllOCqDSoJA2N1oLmO9bOQVC + GUOyhJTcc0oqxD/TqxLZBu/9DQAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsrlEFQbKcx + jSXjl7qjy3/vc5KiOl7djTJKPgTywYmk03Pne3nuwnms6q7TQHSBd30ruzgCdL2KOTmYxYxcgSYP + GgEJqQXCZSV8KfJUnrFETimYYbWgDIjsexfzEwIG4UlpqeJusXXNfpGKVsYkuqqAa1uMWw2AaNF4 + vHbwxgvS2WiobPCTkxHoNrIREGiExRYiCSwqGOhFpA2dG9pfIhhRTGAy0l77S13XjqhZkcmoQBTG + D062yqRH45I5ZM713XNWgs0sKvjUvP/9eno1s68ubNRdGazmkkyQK1M09FmUJvzY6h//hqOsS/ER + bvgnZfG6KIs3bNahEp31naRdRKTaW4MOGW7ngiEC0uSS9ry8sYsYuIa67tTSdr5tnzK8FuZk4Ypi + WSXtokpTRhWl97f0SzYkfijyN5Yf4gnniB5itd+is2DJhoPIW0yGbrAAxvH41PP9EVU7swk3vLIt + phc8jSLcgRLUe8Zg6+bkk3EyEvpqW6lCwEGtk9tk9tGtTeD53jD23HjgR6ejcBAGYy+cBFHkstHS + iyfn0ZmUcjSYHvlf8VHn7JRxnTZtW/1UOFVh17CI7TuUj52sWqyTkExmZ4wVZDGcl+UBZA6Pn2f2 + yMk44W+3qPuPuN3j7j/ido+874iRkyLV1mnC1uQ+Mz3yoXiiZK1aR5XXbkDcsP1LlQv08jdIReHq + OfBoUoNVE8l0j55Paa6X64x7SAXv/9IPqeA9EB9SQWcqMMwDEG9VxD3SkFc/u5ArSqZH1G0m0jUR + cs1EqL1gJiztBcPUYn6f5IIrVqMbzkr/F6G+/gvSe1H+v1meEmaE4iZ0ID+EnEpsB3BwIQX5cfuo + s+ubAcj/bT5s5Z70UvZwGRfVmgQ3lJXzhLyclkpxmmrSzIFUN7/vHvZ3TusDEu1ms3kCAAD//wMA + CmbG7foaAAA= headers: - ATL-TraceId: - - 8ce95e8574a84f4a - Connection: - - keep-alive + Atl-Traceid: + - 7a814bef8bf2fd18 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b9ac4401-d6c5-4c38-a1ea-182a1bcd0ace X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '223' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d6bdb0b3-61bf-412a-b7a0-4e3faafa2d7c - x-envoy-upstream-service-time: - - '165' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1JmzZrbqIHFVmFdk+ySD6mWEmT0qTCsux/N8XFj9vwzvPM - y5yIkgH3syWCvMc4BbHZGOxRR+M/fCGjlSEM0hUOI8nIJ85h8C7BFIAWUEDe7m5e2vvn7ne7W0aV - JiJeVyiDDA4ZMThZfxzRxe44YTpwa/1ikqSWwZpvhYhVqPklvJNxBUsoaQ4sL3lHmQAqKlYAwBWU - AMkPOKfebhj/sduOlgkUdVOwa/bD6vHB9T6BvNzypu6V1BVWEhvQfcMbZZTk0GsAyRjnCqs/BdGu - DY/DLMn6Ti8XG5+8lmt8IvYyEXRv+5acz18AAAD//wMAyC4wCFoBAAA= + H4sIAAAAAAAAA1SPS2vDMBCE/8teaytr+SFHt5Ie2lLSgp1TKUW2JOIiS8aSCyHkv1emoQ/YwzD7 + zQ57hk54dZgNcDiGMHm+2UilVR+k+3BEBCO8H4QlVgVI4FPNfnA2whliRpBg2uxvX5r75/Z3u1/G + LirgryuUYIJvCUg1GXcalQ3taVLxwM64RcZQtwxGfkeAxwDF8mreibCCFClNsU4z1mLNkXFaEkS8 + iSTGvFdz7G2H8R+7bRE5jZOTLZY/bD8+WO0iWBUZ07nWOmc1pRXmNWJRClplvUBZ9YwVCvPqb0Ew + a8PjMAtY39FiMeHJ9WK1z2CuCpR9PzRwuXwBAAD//wMAkUfl21oBAAA= headers: - ATL-TraceId: - - 4da7c5a2df9a4647 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:34:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 81f6faa8e9737d32 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6a50ad64-0a34-4d90-b11c-fbffd0657b57 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 36d69b2668d58384 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3530794d-ae21-4197-afa1-7cb93f77a443 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '127' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e313be49-4b6e-49d1-9cf2-f2eaea4c3649 - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 59852250d0b77c28 - Connection: - - keep-alive + Atl-Traceid: + - 379525ba802ec805 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 69ba81b7-6a83-4821-83ba-a1bb74877f9e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '168' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b719a6f1-498c-4175-9ebe-94ce8869ef90 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2846]\n\n*Defect Dojo link:* http://localhost:8080/finding/2846 - (2846)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/697]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/271]\n\n*Defect Dojo link:* http://localhost:8080/finding/271 + (271)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11094","key":"NTEST-905","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11094"}' + string: '{"id":"11789","key":"NTEST-1451","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11789"}' headers: - ATL-TraceId: - - def176de59bdfc23 - Connection: - - keep-alive + Atl-Traceid: + - c31c54258f3a4b33 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 19ead459-bbf4-43eb-ab80-1232f1ffb3f4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '669' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9478518c-9243-4953-8ce0-645bf42c9a99 - x-envoy-upstream-service-time: - - '497' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-905 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1451 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw+riSOgGFLH7bKlaWY7DdC0MGjpWmYtkQJJ+bE2/32X - lGSnSZ21aQIk4iXv+9xDfnFgXVCeOJEjgScgIXnNIEtUi9McVEvFc8hpSxQgqWaCqxYkTOegaSue - U55CJtLWEqTCPUiGUEhQwHV11mk5zFj2fe84xIWCbIbLudaFilw3gRnEOhGfRYfqjCrFKO9w0C7a - 0C4tmBu4TKkS3MbAAjaofzEejMbtY+8FSmY2WCf64ih0WqqYakiF3FTBJbhChcAL/LYXtoPe2A+i - bhi9OOp0D8PfvcDzTIzGh94UYM08MUaj7/qe5wXbrOtFAiqWrDAVQekJUTnNshZJmNKMx5oUDGIg - YkZWQi46RjsW/EpmPxKFgriU4C4ZrOiSair/UOxfeJljk8r8WSU6S176Xtfv1csxBvpyl3LLMY1G - X2OqFqZH5VSbr2hGMwUtp7HhRNbIbcvRDIFRYJOdiJeYiVNI8RnDe2L1am1bO9uNpnZmcafhu0iv - ONMaDRh81domqb/tWSVmekWlSUyxvMgYIiS5lw0W10Im7K3D3o+EW5e5dlZXumCmsPhzt86hd4Se - g3AdhE82bFtoUfJM1f8f8eUfrv3DX/O1bpzVH4946wbrbvBr3mpwquZjr7fbWzPf6/cVu2DHbj5h - B9NUQopz/QCGiCmRldWYVZK4VFrkliIm6CE42rfRe2ijoo5KagbT0p8TtX1cUo2sWJHOz+O9YrQt - h7mVNWnAbD/7ojQ5+YaXro2A8dSJtCzhtqYqY0yyuMr0ywOZCQyPqrkos+SUqSKjm3oAUIxR6fdI - F2Yo6mJIwFzN1H2PJ71gy5P3q+btK6e/byPYUQYTkunNE2vYqLvmUvgJumQ5TUG5RkM1RhgKMrHq - qGW6o5hzsWqoKHRuHybSbRLJ6BQMmRho3jtkpvK7ZfD34dDvmXrMqRoULD5nfGGv4lMozM3M46aL - trcru7eVcMEHeDHTaQZDoKpChqy/nMvzqzdnF5Pzs/7gYjSYDIbDd0PMDwdIYUHwwHgO5BJZk2ti - /BKmiODZhuBEsswYJVqQv5ik5FJCjlNLSoWY7dgZvZ/FMRr0vjLPC+Eocu6NLJY8ZZxm2Ezsxm7G - zN59Wf2uqMtrcZ5hdA0TYF9TDtvTZWFm9gdwXL0Ungi9Snl7W317uf8cGndwe0XjBT6kGsg1xitf - /fpJ80sBN+8it3meBM3lysFAPRaZkBdVNNOshHYqkTV2jwNBTkXVbJEX+NTjuu7CYz39tjgf+e73 - YMx0BgcRuflAiyAifSEWDMg108hamozs5UFeZzT9anLFVDMR02wulI56Xs9zZ4wnSIxu0AsPP1mL - p7YWGOZnQQxKogPy/6rkufn7mzUwAsQbkgoq4vhbUf96gKsrvuBitYu9//6B9OBSiqTEV8yApzhR - OdbHHWM58NyNTQbtkj/Fqq3FnoSK2kDwibjkxlea/FNSqUGSnck9qrDz6VvtDyeXZBRTvue8eTu5 - h8dHVd1eScrjuTumKQZ7ga2tpCXLkrPTu6K+yHOmCdLT/I7YFG6jNOQKc08KwRAZB5GV2/obmOaU - ccU0dBA8URh29+3tk7sJ+pwKKpOmB9tenO4gZryekLhCEkZJpgCcKNBkVcNKI8tV7xIyQ2i1yGrO - 4jnJgXKFm7Q6UVvA+qEFQuMYWRISsmSUlAj8WG4KpBk8xjlUF27HhDJE/CGBxhA1uFutVh2xoqro - CJm6iDpYd4p5YYGBAJzMhJxUztSEary+pyW2ZvL83fXJ6LI9etvGi8ZC82p4Xhl9rDBvAZNMIvJm - MP7IkctxcBE9ERHFMv7IB0tmrhAMbgS6XY1bvfcfAAAA///sWW1r2zAQ/ismUGhL7dhOnDSD0YW9 - wD5slBU26DfFVhszv2HJ6UaW/77nJEVN3Dgb3Sj5ECjFiU668+nuuecu/6ogydOkS4Fe26Og+1iS - WKT4L7SPulQ8lVOB8QmV/V61oRQX3+a8oPR2mL3eEl0q7EBAkDHpgjtpgRvJ1R6nrKkGMqwKKkEo - f995cUHxUThIAk2uHJY9sJ8UaE7FVJA0AhfrIHI24gSdaMEzD3ksKPJsnG1EIumiQIV+Y59YG0jn - iQZRutNOFXnnH/OKxZLe83PppOqDAzwhdynvn99IXgkq4TXXOMO1sMlsG7oqcwF67igYwmnTm7du - MDAORW9fEh4RpJ0yXGxx5pye/cJlZrJ8BSx5yhCDLoYYDLsWok0+IGvURUV/idC2RH0r2l6wvEt5 - WLHM3YJdPMy3/cAWdWmXt/auid0lJYvnBMi6RoomzxkV8N6fqh35kOh4WT+z2hMtuwJmUROBRiq6 - Y8NBEswuh340g43j8SQIwxGRCysEDXvEOF3wNEmgAxW/92iDa1q7Nxbi6NC9/bWOeA/UQokpgNGP - /SgIgyEPfD4Ik8koHsTROIgvoyTx2egu4JdXyWt1yslgehJ+wJ/e5+asMLXPdfVXwmuE+wCPuKFH - we5VzSxLY3KZWzEmyGPYj8ySKbgzHt9duyOvKsj+duN++Ba32//Dt7g9Qjh0iwE9ie6iDT/eZJrX - ZvZF+UTgrDt1DV+3wFeIv2/qsuL9W0BRPH9MPBpZYdVmMukxwzdDrWuDuEcoePlLP0LBS1h8hIJO - KGiTC1Cp3nJFe9aUBLbf61Rc0hjcPPtQWEqW4WnHKV2TOd9O5toLdtLVXrAUjheLtC4LTXdM49+Y - n170x7+xdFHK/zZS1WfZM6EI7eDXUg2H1nNQhJa2eLl+NKj7bP3qR6r++tyLXs5+fOGiyejgjXdV - Y51aTqV+b5ot0+iH3tx+v7053NptNihrV6vVbwAAAP//AwAmcHv0wRsAAA== + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YiXKAKGoYvdrVuQZYmTAk2LgKbOMmuK1EjKj7X533fU + w26culsyrEiQSDze+7tP98GDVUll5qWeBpmBhuwlB5EZX9ICjG/YDArqqxI0tVxJ40PGbQGW+mxG + ZQ5C5f4CtEEZZJdQajAgbXuXVcaqYuoM3kVhGIV9DX9WYOx4XcKFpsxyBp7vcec/io6TE3wxIKb4 + OrO2NGkQZDAFZjP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQG5rBG/fPx6GrciwbfR3hUh2C89INn + MLbKMGohV3rd5JDhG2rEYRz3wqQXnYzDMI3xd9BPTpLvwjgMXZDOicXAazPPDNLpB1iKMN6k3b5k + YJjmpSscnr4gpqBC+CTjxnLJLCk5MCBqSpZKz/tOmyl5rcUTo6gkd+2i4o4uqKU6WHBYBnVY2wBb + URQeRsmPhv8FPxTY9qpArw4W6HJMzdz1qppY95ROqTDge43iK8yr1vW9GUfgaDZbn8ECMNbw3vcs + R2SViBIvlRXm6O3A5DDsBKVW7zGjZxa81a7LXTewK7d7+QQk26yuJbcWDRhv49sh9bf6rlFTu6Ta + 4dXwohQcA852Msd+1CgbJKtB8sRwv9CZLpNNXwbhMYYRD1bx4P/10nS/xiI6jI5W0dHXcLjqPB7G + q8P4a3hsAX5//xiO0T6cxp1gylc3DQdi92/fIRryXEOOtPII6xinElUz5Z+1Gh/vEyT7BCePjTeU + 1pw6wqjZ20t7ke9h1ewNVsSBt71ALdJ8Q49PH7OGfLd0GzTmtBui+vFUVS7/yFHoa3fAZe6lVldw + 37Kqs6Y5a6ry4dGZiwyvmpmqRDbkphR03Q6ea5cGTNbN9ucIfJAcdgS+W7YNzewK9jU83jR8V3C4 + ZSyuNLfrZ9ayUw8GTyN4XtAcTOA0TGeE44FQy75Z5FuGO1PLjgkH3r0DwwQcZTnQ7n6tj/ZkG+1D + aJS4tGfUjErOzricv3SSIZRus5Cs61ndyWUt25xIJUe4WNCJgEugpsGBbp+8i7Prn1+d3529Oh2d + X43uRpeXv19iGjhaBvPGC+MZkAvkZmmJ80u4IUqKNcE558IZJVaRX7mm5EJDgYNOKoMI7X9u3iMc + Jy/8yMMwmS9Sr/leYYuwxtuZejDgWO2cSyp2L7V7UVveGtUCo+s4AtuXS9jcrko3tP8Cx80K80yE + Ncqbb+LDreNpoNui6ifK5rgIdsjqjDe+Tttd6z8F3C1sQbc3xd0nXIJDNFNC6fMmmomooJdr5Ijt + uqLIUDXNVkWJq6q0bRe+1L+HxXkrtz8HY24FHKTk9g0t45ScKjXnQF5zixxlyRWwSgN5KWj+0eWK + qQrFqJgpY9MkTMJgymWGNBjEx9G72uCwLgVG+V4RB5L0gPyjJvkG/3xbq1/heuWIA9VwxNsghxWQ + IeaDh0NgfRId+cRha5PF6esRym7xX+8oGtShurawJfQLbjX0lc4DRCV1neK4HDk0B3i1P7OFqANv + 7Nw4O9dyLtXy0ypdaJVV+LkdyRzntMCqB2MssvNZlwgDJr+oZc+qPWUqWwPxOxKQ28hY8kdFtQVN + tib3qMLWZ1Rrv3lxQa4YlXvuu70Px+Jok9UneVytjYXCYB5ZqThi5yCtz+sWuYoVlEvDLfQRXlgw + M5soqrN9Nx7ZH26B5iy/IKzBE1IpmQBIYsCSZQsui1xnGoBNEWA+Wc44m5ECqDQopM2N1gLm+1ZO + gFDGkCwhIwtOSYX4Z3pdItvgvb8BAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSFFlYog6DY + ThMaS8Y/6o4u/3vfSbLqeHU3yij5EMgHJ5JPTyfdu3cXzmOVZZ0Goguc9a2s4gjQ9SrmdMEsZuwK + FHnYEZDQtiC4rDVfiiyR71giIwpmGM2JAcG+dzE/IWAwvi4slcottqnYL9qilTKJrsxxtS3GrQZA + lGg83jg48Zz2bHaofPCTkxNoNfIREGiEeQ2RDOYlHPQi0saeG7u/RDAimcBltHt9X6qqckTF8lRG + BaIwfnDSVSpvNBaZw+Zcrz1nBbTLosSdmve/X0+vZvbVhQ2dIIPVLJIKusoUDX0WJWt+bPWPf+Oi + bArxEdfwT8nidUkWb9g1ENQDRHQFSu47qb5IT7WmumZqe6BLCLhGCMizkLLn5Yld0tU10nUnobaJ + GO5k4YpiWZF2XiYJo4zS+xv9kg9JH4rsjemHdMI5ooc07LfoLFiy4SDyFpOhGyywgfH41PP9EWU7 + MwkrvDItpgOeRhHWQArqPWOwdXHyyVwyMvpqWalCwEGuk9Mk++jSJvB8bxh7bjzwo9NROAiDsRdO + gihy2WjpxZPz6ExaORpMj/yv+Kj37IRxTZu2rX7KnTK3K3jE9h3iYyctF5t1SC6zU8Zy8hjel+kB + Yg6Pn2f2yEk54W+XqPuPuF3j7j/ido2874hBPZEq4rRga2qfmW75UDwRWatCUdHXDYQbpn8pM4Fa + /gaME66eA486NRg1kUzr6P6U1nqZZtwDFbz/oR+o4D0QH6igkwqMwADEWxVxj9Tk1c8u7IqC6RZ1 + W6Z0dYTcro6QazpC7QGj1GJ+v84EV6pGF5yl/i9Cff0npCJRFh7rR012byC4xt8oH2q7J72EPVzG + ebkhw421ZXmfFdNC4bgXxf/rICpjxijWQiX0Q8juSN32o64m9RxoSQNkF62/A1e/IN2z3W6fAAAA + //8DAAY0pHb6GgAA headers: - ATL-TraceId: - - 576299f0968580ba - Connection: - - keep-alive + Atl-Traceid: + - 4f99547e034978c5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 56586efc-2584-4816-b156-db197487fcf9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '288' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3d7c90be-4ebf-44e8-b77f-8b0d69290ed4 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,89 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11094 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11789 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+FF1mWw+riSOgGFLH7bKlaWY7DdC0MGjpWmYtkQJJ+bG0/32X - lGSnSZ21aQIk0hV5H+eee8hbB9YF5YkTORJ4AhKS1wyyRLU4zUG1VDyHnLZEAZJqJrhqQcJ0Dpq2 - 4jnlKWQibS1BKvwGyRAKCQq4rtY6LYcZz77vHYf4oiCb4etc60JFrpvADGKdiM+iQ3VGlWKUdzho - F31olxbMDVymVAlu42ABG9x/MR6Mxu1j7wVaZjZZJ7p1FAYtVUw1pEJuquQSfMMNgRf4bS9sB72x - H0TdMHpx1Okehr97geeZHE0MvSnAunlijma/63ueF2yrrl8SULFkhUEErSdE5TTLWiRhSjMea1Iw - iIGIGVkJueiY3bHgVzL7kSwUxKUEd8lgRZdUU/mHYv/CyxybVObPKtNZ8tL3un6vfh1joi93Jbcc - 02iMNaZqYXpUTrV5imY0U9ByGh9OZJ18bTmaITEKbLIT8RIrcQopPmN6T0Sv3m2xs91osDMvdxq+ - y/SKM63RgeFXvdsU9bddq8RMr6g0hSmWFxlDhiT3qkFwLWXC3jrs/Ui6Ncx1sBrpghlg8ecuzqF3 - hJGDcB2ET3ZsW2hZ8kzV/x+J5R+u/cNfi7VugtUPj0TrButu8GvRanKq5mFvtK9fzXyv31fqgh27 - +YQdTFMJKc71Axoip0RWVmNWWeJSaZFbiZhghOBo34feQx+VdFRWM5hW/pyo7dd6YRgsWVyFu31g - M/zC9NVclFlyylSR0U3NQjQjUPo9zqxhZh2CalTaSsh+foYqldzqolt5k2ZA7GNflAYnm/u1MTCe - OpGWpUkmloC1mqn7nk56wVYn76Pm7YPT3/ch2EkGE5LpzRPrbba75lD4CblkOU1BuWaHapwwNGRi - 1VHLdCcx52LVSFHoGIzuFdJtCsnoFIyYGGreW2Sm8rsw+Pt46PcMHnOqBgWLzxlf2KP4FApzMvO4 - IZCl1cp+21q44AM8mOk0gyFQVZFS1k/O5fnVm7OLyflZf3AxGkwGw+G7IdaHA6QQEFwwngO5RNXk - mpi4hCkieLYhOJEsM06JFuQvJim5lJDj1JJSIb86dkbvV3GMDr0vzPNCOIqc6sDA3iH4u5H6Zoyx - DSnjNLu/qL5X1PBakmeYXaME2NeUw3Z1WZiZ/QEeVzeFJ1Kv2rw9rb493H+OjTu6vaLxAi9SDeUa - 51Wsfn2l+aWEm3uR21xPguZw5WCoHotMyIsqm2lWQjuVKFi7y4Egp6JqtsgLvOpxXXfhsf59C85H - vvs9GDOdwUFEbj7QIohIX4gFA3LNNAqmJiN7eJDXGU2/mFqx1EzENJsLpaOe1/PcGeMJipgb9MLD - T9bjqcUC0/wsiGFJdED+fyt5bv7+Zh2MAPmGooIbcfytqX89wLcrvuBitcu9//6B9eBSiqTEW8yA - pzhROeLjjhEOXHdji0G/5E+xamuxp6CidhB8Ii658ZUm/5RUapBk53LPVtjF9O3uDyeXZBRTvme9 - uTu5h8dHFW6vJOXx3B3TFJO9wNZW1pJlydnpXVNf5DnTBOVpfsdsgNsoDbnC2pNCMGTGQWTtFn9D - 05wyrpiGDpInCsPuvm/77G6CMaeCyqTpwbYXpzuKmagnJK6YhFmSKQAnCjRZ1bTSqHLVvYTMkFot - spqzeE5yoFzhR1qtqD0gfuiB0DhGlYSELBklJRI/lpsCZQaXcQ7VWd8xqQyRfyigMUQN71arVUes - qCo6QqYusg7WnWJeWGIgASczISdVMDWhGm8O0xJbM3n+7vpkdNkevW3jQWOpeTU8r5w+BsxbwCKT - iLwZjD9y1HIcXGRPRESxjD/ywZKZIwSTG4FuV+NWf/sPAAD//+xZbWvbMBD+KyZQaEvtWE6cl8Ho - wl5gHzbKChv0m2KrjZnfsOx0o8t/33OSoiZOnY1ulHwIlKJE0t1Junvuucu/KoizJO5SoOf2KOgW - SyuWCf5LfUddKnbXKcf4hMx+p8pQ8otvC5FTeDvcPm+BKhV2wCHImGQpnCTHi2Rqj1NUlAM5ZiWl - IKS/7yK/IP/IHQSB5nUOT+/5T3I0p+TKSRqJh3XgORt+gko0F6mHOJbkedbPNjyRdJGjQr+xT64N - JHmygZc+aafyvPOPWcmjms75uXAS9cEBntB1qds/v65FKSmFV0LjjNCLTWRb11WRC9BzR2yIS5td - v3XZwFwoavuC8Igg7ZTjYfMz5/TsFx4zrYtXwJJdhsi6GCIbricofdQV0p9ipESZ20vDDhl+54Tl - XeqGFct8emEXD/NtPbBFU9rprb1ranfVNY8WBMg6R8omyzgl8N6fsh3dIdHxonpmtidadgnMIsKP - Qiq85cNBzOaToR/OYeN4PGVBMCJyYRdBw55lgh54FsfQgYzfe7TBNaXdGwtxJHRvfa093gO1UMsU - wOhhP2QBGwrmi0EQT0fRIArHLJqEcezz0S0Tk8v4tZJyMpidBB/wp/e5Gc9N7nNd/ZX0Gune40bc - wCNn98pmniYRXZlbci7pxrAfkVUn4M4YvrtyR16Zk/3twv3wLW6X/4dvcbuFcOgWA5NiXcAbfrzJ - NK9M74viicBZV9Ua126Ar1j+vqmKUvRvAEXR4jHwqGWFWRvJpMc03wy1rgziHqHg5R/9CAUvYfER - CjqhwDIPmHinI+6But1m7ENuUfMUo13O5IN39R5Wvd2Jrs6cbztz7Qnb6WpPWAon8mVSFbmmO6bw - b8xPL/rj3xxhWdT/rf2pZVmZUIRy8GuhmkPrFixcS1v8sB4a1H22fvUjVX8t96KX8R9fhGxSErxx - VtXWqepZrc9NvWVq/dDJ7ffbm4Ot3WaDsna1Wv0GAAD//wMAmDcLN8EbAAA= + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWy9YiXKAKGoYvdLVuQZYmTAk2LgKbOMmuK1EjKj7X933fU + w06dulsyrEiQSDze+7tP996DVUll5qWeBpmBhuwlB5EZX9ICjG/YDArqqxI0tVxJ40PGbQGW+mxG + ZQ5C5f4CtEEZZFdQajAgbXuXVcaqYuoM3kdhGIV9DX9WYOx4XcKlpsxyBp7vcec/io6TE3wxIKb4 + OrO2NGkQZDAFZjP1TvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQG5rBG/Yvx6HrciwbfR3hUh2C89L1n + MLbKMGohV3rd5JDhG2rEYRz3wqQXnYzDMI3xd9BPTpLvwjgMXZDOicXAazPPDNLpB1iKMN6k3b5k + YJjmpSscnr4gpqBC+CTjxnLJLCk5MCBqSpZKz/tOmyl5o8UTo6gkd+2i4p4uqKU6WHBYBnVY2wBb + URQeRsmPhv8FPxTY9qpArw4W6HJMzdz1qppY95ROqTDge43iGeZV6/rejCNwNJutz2EBGGv40fcs + R2SViBIvlRXm6O3A5DDsBKVW7zCjZxa81a7LXTewK7d7eQCSbVY3kluLBoy38e2Q+lt916ipXVLt + 8Gp4UQqOAWc7mWM/apQNktUgeWK4X+hMl8mmL4PwGMOIB6t48P96abpfYxEdRker6OhrOFx1Hg/j + 1WH8NTy2AP/48TEco304jTvBlK9uGw7E7t+9RTTkuYYcaeUR1jFOJapmyj9rNT7eJ0j2CU4eG28o + rTl1hFGzt5f2It/DqtlbrIgDb3OhHnxXQM1ZE9n7R2cO1lgbM1OVyIbclIKuW/Dj8ZJa/FA0BPv0 + QW3oe0vYQWNOuzGsH09V5SoYuVBfuQMucy+1unK+mQZM1s325wh8kBx2BL5btg3N7Ar2NTzeNLzU + XGlu189MuFMPBk/jcV7QHEzgNExnhOOBUMu+WeRbIjtXy47wBt5jSMeHXSKCTsBRlgPt7tf6aE8Z + on0IjRJXjxk1o5Kzcy7nL51kCKXbLCTr8FKjaFnLNidSyREuFnQi4AqoaTCo2yfv8vzm57OL+/Oz + 09HF9eh+dHX1+xXmh6NlsCB4YTwDconcLC1xfgk3REmxJjjnXDijxCryK9eUXGoocNBJZRBf/c/N + e4Tj5IUfeBgm80Xq7QwzljznkgpsJnZjO2ROtnvW7kVteWuUC4yu4wjsay5hc7sq3dD+Cxw3K8wz + odcob76Jn24dT0PjFm4/UTbHRbCDXGe88XXa7lr/KeBuYQu6vSnuPuESHNSZEkpfNNFMRAW9XCM/ + bdcVRYaqabYqSlxVpW278KWeflqcN3L7czDmVsBBSu5e0zJOyalScw7kFbfIj5ZcA6s0kJeC5h9c + rpiqUIyKmTI2TcIkDKZcZkhiQXwcva0NDutSYJTvFHEgSQ/IP2qSb/DPt7X6Na5XjlFQDWe/DXJY + ARliPng4BNYn0ZFPHLY2WZy+GqHsDv/1jqJBHaprC1tCv+BWQ1/pPEBUUtcpjsuRQ3OAV/szW4g6 + 8MbOrbNzI+dSLR9W6VKrrMLP7UjmOKcFVj0YY5Gdz7pEGDD5RS17Vu0pU9kaiN+SgNxFxpI/Kqot + aLI1uUcVtj6jWvv1i0tyzajcc9/tfTgWR5usHuRxvTYWCoN5ZKXiiJ2DtD6vW+QqVlAuDbfQR3hh + wcxsoqjO9t14ZH+4BZqz/IKwBk9IpWQCIIkBS5YtuCxynWkANkWA+WQ542xGCqDSoJA2N1oLmO8b + OQFCGUOyhIwsOCUV4p/pdYlsg/f+BgAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E5jGkvGP+qOLv9730mK6nh1N8oo+RDIByeST08n3bt3F85jleGdBqILnPWtrOII0PUq5nTBLGbs + ChR52BGQ0LYguKyEL0WeyncskRMFM4wWxIBg37uYnxAwGE9KS8kIi61r9ou2aGVMoqsKXG2LcasB + ECUaj9cOTrygPZsdKh/85OQEWo18BAQaYbGFSAaLCg56EWljz43dXyIYkUzgMtq9vi91XTuiZkUm + owJRGD842SqTNxqLzGFzrteesxK6aVHhTs3736+nVzP76sJG3pXBahbJBF1lioY+i9KEH1v949+4 + KOtSfMQ1/FOyeF2SxRs281CJyvpOSiSSbO2pQYcNt3OgSwi4RgjIs5B66OWJRrru5NI237bfMroW + 7mThimJZkXZRpSmjjNL7G/2SD0kfivyN6Yd0wjmihxTot+gsWLLhIPIWk6EbLIBxPD71fH9E2c5M + wgqvTIvpgKdRhDWQgnrPGGxdnHwyl4yMvlpWqhBwkOvkNMk+urQJPN8bxp4bD/zodBQOwmDshZMg + ilw2Wnrx5Dw6k1aOBtMj/ys+6j07ZVzTpm2rnwqnKuwaHrF9h/jYyarFOgnJZXbGWEEew/syPUDM + 4fHzzB45GSf87RJ1/xG3a9z9R9yukfcdMTgpUgWkFmxN7TPTLR+KJyJrVeYpXruBcMP0L1UuUMvf + gHHC1XPgUacGoyaSaR3dn9JaL9eMe6CC9z/0AxW8B+IDFXRSgVEegHirIu6Rmrz62YVdUTLdom4r + ka6OkGs6Qu0B02FpDxilFvP7JBdcqRpdcFb6vwj19Z+QilRZeNw+arJ7A8E1/kb5sLV70kvZw2Vc + VGsy3Fhblvd5OS0VjntR/r/+nzJmjGItVEI/hOyOmJajyGXPgZY0QHbR+jtw9QvSPZvN5gkAAP// + AwDm989w+hoAAA== headers: - ATL-TraceId: - - 766fae7e6a3be00a - Connection: - - keep-alive + Atl-Traceid: + - 2f8f2826bcda07a9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:34:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 36e7accc-662a-4ad7-9441-ff56d84d8fdb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '217' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9ea66a3c-dc56-4dd9-bf35-1682d5c3fe1c - x-envoy-upstream-service-time: - - '145' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml index 5b0ce6f0bfd..e9163b71c54 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNrbqIHFVmFdk+ySNJOsZImpU2FZdn/boqLH7fhneeZ - lzmB0TPtJwsK3kMYZ7XZtNRRE1r/4ZkOVs9zrx1zFCCBT5rm3rsIc0TOkGFa7W5eqvvn+ne7WwYT - J1CvK5RggocEWhqtPw7kQn0cKR64tX5po2SW3rbfCqhVKOQlvNNhBQUKnmKeClnzXCFXWc4Q8QoF - YvRnmmJv3Q//2G3NhcoKhQWT1/KHbYYH1/kISrGVZdEZ3WSUaSqx6UpZmtZoiV2DqPNcSkPZn4Jg - 14bHftKwvtPpxYYn3+g1PoG9TEDubV/B+fwFAAD//wMA5m5YqFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTpG1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQzLS3in4goyZCzHOqeiwVqikKwkiHiV + SEx+MHPqbfrhH3vdIEqGklNCOfthu+FhtD6BVUGF5dZaLmrGKuQ1YlEqVtFOoa46IQqDvPpbEN3a + 8NjPCtZ3rFpcfPKdWuMTuMsEZnzb7+B8/gIAAP//AwC5qJkGWgEAAA== headers: - ATL-TraceId: - - b1e037b70c316ee1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 9ae4805aa0bd13f2 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 48f44e23-66c5-4016-a36b-e7afc6b93934 - x-envoy-upstream-service-time: - - '40' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 009105339e99951f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8fd01b15-1ae7-4d23-a4af-d81f4841f3c9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '145' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ab09c39a-e8b8-4259-8b43-fb0336f1590b - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,96 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 5fda354b50d02109 - Connection: - - keep-alive + Atl-Traceid: + - 5ffd9f7988144ea7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c964cc0e-dcf1-4457-a6d6-019b1f5da5e6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '214' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3f4e1333-0c2e-4ca7-a166-375b84fe54a5 - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/224] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2852]\n*Defect Dojo link:* - http://localhost:8080/finding/2852 (2852)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/275]\n*Defect Dojo link:* http://localhost:8080/finding/275 + (275)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]\n*Defect + Dojo link:* http://localhost:8080/finding/274 (274)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -289,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '3307' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11095","key":"NTEST-906","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11095"}' + string: '{"id":"11790","key":"NTEST-1452","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11790"}' headers: - ATL-TraceId: - - ae3c37d845715f11 - Connection: - - keep-alive + Atl-Traceid: + - 00920670c347c1f9 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2259e168-04b2-4273-94ef-4a895d38a91b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '516' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8823b140-42a8-4505-a38f-094d03af7bba - x-envoy-upstream-service-time: - - '514' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -345,96 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-906 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1452 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcEGnzDdDhIW+56HAdp+4EyjLA3toojeSQ5CVf6329X - tsNLG47Sgxksrb1vzz67El88WFZcZl7iaZAZaMheCygz05N8BqZn0gJmvKcq0NwKJU0PMmFnYHkv - LbjMoVR5bw7a4DvIjqHSYEDa5luv5wmyHEXh9iZuDJRT3BbWViYJggymkNpMfVY+tyU3RnDpS7AB - 2rABr0QQB8KYGoLOwCVcof7hZHwy6W+HWyiZumC95Itn0GltUm4hV/qqCS7DHSrEYRz1w2E/Hk2i - OBlsJuGW/zKOfwnjMKQYyYe9qsCZeWKMpB9EYRjGq6zbTQYm1aIiRFC6y8yMl2WPZcJYIVPLKgEp - MDVlC6UvfdJOlXyvy8dEYSCtNQRzAQs+55brV0b8AzszLFI9e9aIDrKdKBxEo3Y7wUB3blLueVRo - 9DXh5pJqVF9YWiVTXhroeZ0NL3FGvvY8K5AYFRbZS2SNmXiVVp8xvCei12o77Fw1Ouxoc6vgN5G+ - l8JaNED8arUpqT/ct0ZN7YJrSsyIWVUKZEh2LxsE11FmOFoOR48Jt4W5ddYiXQkCFn9u4zwMX6Ln - eLiMh0827EroWPLMtM8HfEVby2jr53wtO2ft4gFvg3g5iH/OW0tO0y3Wevv6lfp7+aGZLlix0zOs - YJ5ryLGvv6EhckqVddNmjSStjVUzNyLO0UP8ct2L0bc2mtHRSKkx3fjzkn7UzgtisBZp4+7LNzLi - F4ZvClWX2b4wVcmvWhaieMEtztVmbP14xzQzcTUFg8aapnZwyz1VEyou0o8kEDL3Eqtrco027Qcc - F9QULRgaMFfquu/NycHWak7eRy1cB2e07kW87sXgZpYIpYW9eiI0nXrgpvDj56iY8RxMQBqmMyJQ - UIi88M08vxk+b1HSTanYc4BeAI0TIue9tKgvv5tvtI6J0YgSL7gZVyJ9J+SlO4z3oaKzWaYdhRyx - Fu7dSiKVHOPRzC9KOAZuGlrqduUdvXv/5uDw/N3B3vjwZHw+Pj7+6xjTwBYymDl+MCmAHeHclJaR - XyYMU7K8YtiToiSjzCr2u9CcHWmYYd+y2iDnfNel97PYRoPhtQjDIUwTrzkysEiI8k1T3WlkxDsX - kpf3P2pvFi28jvglRtfNAixgLmH1dV1R1z6Cyc1d4Ykca5RX59Xd4/3HaHdDq994eolXqY5ZnfHG - 1157qfmpgLubUdMa6CTujlcJC+puVSp92ERzUdbQzzWOrJvrgWL7qim2mlV42ZO2rcJD9bsLzid5 - +3eX5VrVFd18XguZ4ZAyDJnPLgAkq2pTQOY4d3C8S88LYELOyQGRJmN4aWV4OkCWkLEi9tkbMvdJ - brjnRsJOV2aFTNgUESmS0B/44TWhh+CVKuVloYxNRuEoDKbN5+curCCOh2eoyE5P6CTDmcLeqkXf - qu8rn7GAnUbGsr9rri1oNpY5NtYMYXpA4fDoT7ZbY9eyk5TLNR82aF1fsxPAdqBAcL33YeweH5tH - VxLatOclLSfCYuOSqqMArtAQoxHGrtkp2ujHOIv60VYUbTvvRKl0Dv5MWA2+0nmQ5qJ/ISRJiQk+ - 7l/RYueu9hkZHIYNtM7K4rYV7EtOXBV4daN+DvBTv7CzkvRcZfDpakN2jiGvS44YLunfCZfMPkjB - S+LKCei5wAtznz1/TYo99qy0v6Lyph+/WAMhGt3FY3kOPULHXQnZNaG68ZvmMi2CCc+TDXaIGDbS - WpTZwf5tEUKM6RBBi1vi7reI/BWJ3X7g//9pdAQN4tFmjLTY2HfNj335WTEaixjYfyuy5/T3Baq3 - fPoXAAD//+xZbU/bMBD+KxESEkwkTdKmlE6IVRqT9oEJMY1JbB8wdgqRmjjKG5tY//uesx23DQRt - CCE+IKGS+M7ns+9899zlN6aRS9Amvx/j5Qf+uU+xJUk41xKe07VWx3xeLzIUopSNrMubm42DVP6z - Ysbx2ODzDkGiVSKTiErmTnuJHDDRJCUCGNJ9FI4Rl+Z0qvCQNvmQuS7VIpcOMqTTrLRAXCqMleOV - lYW1cmmsfHtDMY1BXnbtALVy0JFcecHmtBKlUsSavK68n5mztssTKepFbLa4SWph8XTNccBxqsCg - aMmgXlfvDy15TQA4bzAbg+3ZTc0eaIpacW9tAGW96CEUTexSkkn4fUZNnbOG0qIdxqLka/RDnobX - GeeQN0Xgv1okXNnvJFGx3pjvm0rudOLGLnpPjiycBQiFp+Z8TnPGK+L/Ip1EvTioQZpExEIxfK3i - vNR2w7ioeayZzTU/w5UCCIIu/+MyamIuKfCT9+8wkSbZrrOz+ycFeqrkFD58H0AHfQA6GPURopZA - SbcqABoUtqdSo8PqW9YuoQ+U+haUtlvtY7TlUpdwYMFdVTF+Q9nvgaqtCxLKOk0ZoZutvoRNZ0dV - iiyeCIHogh0xzqkyQn0ZzdloKIKryciPrqD4/v5BEIZjWscyYYVH2GIy7EwIugTgXOngmor3g7xl - ZU5xjoQ+2nbQpbIHvKXYPACsgX4cREEYjOLAj4ehOBjzIY/2Az6JhPDZeB7EkyNxqKRsD2fb4Sf8 - 6XluyjKDPlxXD5VeXbq3OBE39MjxPX3R6MjcnLGSTgzzVVBHQYHHj6fu2Msz0r/bz3j9Gne7Iq9f - 425n5bVrjJAjdF/DFA3raOTUtATpPhHu0u0HHbYuEGvBflwXMo8HF4g0nCpqc/Gokweqvcm0julJ - mnqjMJH2LRS8vNHfQsFLaPwWCnpDQRdxAEJt3S1pToswoPu1vop39HXAPPtYUFZsgacHpPQ1LP2+ - hqVvG5ZdgoVucdYkhcw0BjLdkNp8kdKv/6JpI6tn6xNrWVYmFkI1ey5Vx6ztTMO1tMZ37aOJuk9e - X327G7Ry97ZS9ussLusFCV7bq+p1FdWs0vumljv1w2jndnxzcrgx20xQ2i6Xy78AAAD//wMAi2I6 - 0tgcAAA= + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SZZkdnJdFxbSdy6risryYPj8cDkikQMAiwA6tI4/94F + KEq1bHlidxr7gSSAvZ89WH32YFFRkXmJp0BkoCB7zYBnuiNoCbqj0wJK2pEVKGqYFLoDGTMlGNpJ + Cypy4DLvzEBp3INsDJUCDcKszqa1NrKcWoVXURhGoa/grxq0mSwrOFM0NSwFr+Mxaz+KXu6H+KGB + T/GzMKbSSRBkMIXUZPKT9KnhVGtGhS/ABGjJBLRiQRwwrWsIWgU3sET508nofNKN+nsxLjkXtJd8 + 9jT6VuuUGsilWjYxZPiFEnEYx91w2I32J2GYxGHSi/1oMPwxjEOr1hkx6LhT80wnrXyAqQitV03Y + q48MdKpYZROHqwdEl5TzDsmYNkykhlQMUiBySuZS3fhWOpXineJP9KIWzJaL8is6o4aqYMZgHji3 + Ng6utqKwFw1/1uxveFVi2esSrVpYoMkJ1Te2VvW1sW/JlHINHa8RPMa4nGzHKxgCR6XF8gRmgL6G + XzqeYYisClHiJaLGGL0tmPTCdqNS8hNG9MyEr6Rdul0B23RvgWQT1TvBjEEF2lvbtkj9zZ3Vcmrm + VFm8alZWnKHD2VbkWA+Hsv5w0R8+0d1HKtNGsq5LP3yJbsT9Rdz/f6001XdYRIPRYBENvoXBRWux + Fy968bewuAL4ly/34RjtwmncbkzZ4n3DgVj9i0tEQ54ryJFW7mEd/ZS8brr8Qa3xy10bw10b+/eV + N5TWrFrCcOztJd0IP6lBUm/I8OlN1VDthlyDRp2yLeNeD2Vto40sYX6wC0zkXmJUDZhaVGreYzVs + 4zTOOX1Wv2Jpk5XP99asryisC1nz7IjpitPlqvFsuRRgsLa37xN45A8Hey2Bb6dtTTPbG7sKHq8L + XikmFTPLZyaxFQ/cLfD1PM5KmoMOrIRulTBcKFhe+HqWb5jsLa60lBd790Ed99pQOL0GS1oWttv3 + 9WBHIqJdGI2GNiMF1aOKpSdM3Ly2O0dQ2dlCpG3VXC3nbm+9IqQY4WhBrzmMgeoGCWr15p2dvHtz + fHp1cnw4Oj0fXY3G4z/GGB82l8aU4IFJAeQM2VkYYu0SpokUfEmw0xm3SomR5FemKDlTUGKrk1oj + av2HOj7ChvLCWxaGQ95LvObGwuph+jdddafFsRA5E5RvH1pNRqv0Olxz9K5lCaxsLmB9uq5s234F + kpsh5pnga4TXt+LdueNpeNzg7Rea3uAo2EKuVd7YOlxNW//J4XZka3oGjcTtJS5gbrtbcqlOG2+u + eQ3dXCFLbAYWSY5kU2xZVjisCrOqwmP1u5ucj+Lf/wckV7Ku7Ej2mokMaU4TRD65BhCkqnUBmcPc + 8fjAPq+BMDGzBixoMoJDN8F7A7LEKitin7yx6j6KF+75IiEXa7VMJERg9IZRI1US+nt+79amEDPI + ZUp5IbVJhuEwDKaNzJXzLehfoiy5OIe0tnxD3sp518iHRS9JQC4ibcifNVUGFBmJHHurxEw9InB6 + 9js5qLFxyXlKxY6DTcJub8k5ToHOEXw/fD9yjw/No62K/VhdpvZ1wgz2rhV1KMA3VEQsvZFbcoE6 + ujH2axfHzThy1i2qxCzzBQ7Ofi5nwazmAnFmkAeCu+cvrYpeGK7l0jn4JTMKfKnyAJuRWoAynApt + Ewd41C9Mya3cphz44QpilcX4N4a85hTTt7A/hlwcRyAY5RYp56Bm+JuHdMn3p2sNHfIdNz+9QjUD + P/xhRw5R/QHehjPo2PS44ZM8lIsBxrbX2//qXAz+AQAA///sWdtu2kAQ/ZVVpVSAYoONbQhVlCLR + SJGaCjVqH9IXFu8CrgBbvpCXfHzPrNfmEi4tURCVokSAPTPe2bmc2Rnn/MoWzt/bwjloi9PaAXlT + BFenpmxC91itl0nWQ8Lh5oOMUpNZrUtG8MrWs7n4m1hmmc7qumm+pVuLfK3bLRdpUuspPARU/Q4Z + VQqofVCOVfBR3WaA/dtnNeQeCL/wZRyVBlgTUaQe8bpEXPdB7SHMYljzNphK4KDMLf5xnH7ivo9d + qJ/LoFsR7C3xugZcLdUIAeQaA80grHOxCBJgvqQy2AKUj8jqCKSiXpNPB8sVBgwnC0b6o5vVZ4lY + x4PWjuJBlPGQ6HjgaYrCmFyyp0ngTxgOtOMxkDUD1LGIY635mHGGBsGHIE4rfsxHpMegqzZqfOXz + cQYQHrCJ5AKSC47SZua7ZT+XCt2HIpvK1SqxTi/ak85qTIKlr07voqCDPC7I1voTwDmBOG4iylWS + dw47htC9Qx8UX7ikbSV4SpQNp4GvnXYfqJqoffZDHYLIwtoZuTIM4DIFIdabh9zdLOJ+SjLfQhao + C4YGbxEIKdbC6TuSCidDLP0vQaFFo5CKIcV4hYtZMK+ySvV5hhhOw04Zt1tR480RwzkSMRxCDOe1 + iHFUsXiBGMeWq1UHnxoxvHfEOAFiOP8XYnil6AHEeDmJsHZNIixnF8EtCNS9pDFCRo1ZaEyywdoo + WTcJZXdf7GkX465uv1FOpNaa4c0mSoX0hPqIrVOGRjm+SrLZjFOb+GFv50MGpJlPGB/ZUFLnf4P4 + o0nVnbh2R9xpCmvYdhruEAq1WleWbXvUv5ZMWGEPmyTvdoWg2AbnUgdDDxw/h088iQgc6aF7R8XK + GdJE96rYTLSrxbjStWzLkVZDNm1x5flN321ZftsVosG9kSXbN+JaPeWi2b2wb/GfyxkzPteNnGHk + txIzS4wnWMSwTagozDy9yGRGxHlCFoO8AnA+TfCz1zc8M5qT/ptj5/PXeHNuff4ab869z11j4I7I + B7N6BLN6LOnr1ziUT9S55ePgHLse0fSD/UsWh5GsPwKHfBpc6sSjty+glplM6+h3Tnp6E2u4fYeC + Y53+BwAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMCbHUAnpkNyXDVo4hbKNgCam1+SCJ12Rm92 + 4JrlMYDP8qBLwOdM0CXgzbTUvLLMovw8SFsHOoRcCl1fAOES5dL8XIgJ1TAmtLAjo4BDWhqhDzNX + Ryk3sSIotbg0B2Qwkt3gAfuiEscSiDvK8kuoN08IMQxuKNCujMTisHzwfAdsKg80UwmaRQBZCXcI + qmuNUJwL1QAOntraWgAAAAD//wMAa462Ks4iAAA= headers: - ATL-TraceId: - - d38779e99a660306 - Connection: - - keep-alive + Atl-Traceid: + - 77090bf7172554d2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cbbca192-889a-4b64-bdad-859b1186d5a8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '273' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 609007b3-4df3-448e-84a8-3636a61c6f9c - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -444,96 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11095 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11790 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcEGnzDdCikLb0ex0HafqAMI+yNreJIHkkO4Qr//XZl - O7y04Sg9mEEv1r49++xKfPNgUXGZeYmnQWagIXsjoMxMT/IZmJ5JC5jxnqpAcyuUND3IhJ2B5b20 - 4DKHUuW9OWiD3yA7hEqDAWmbs17PE6Q5isLNdVwYKKe4LKytTBIEGUwhtZn6qnxuS26M4NKXYAPU - YQNeiSAOhDE1BJ2Cc7hE+f3J+GjS3ww3cGfqnPWSb55Bo7VJuYVc6cvGuQxXKBCHcdQPh/14NIni - ZLCehBv+yzj+LYzDkHwkG/ayAqfmiT6SfBCFYRgvo24XGZhUi4oQwd1tZma8LHssE8YKmVpWCUiB - qSm7UPrcJ+lUyY+6fIwXBtJaQzAXcMHn3HL9yoh/YGuGSapnz5qtvWwrCgfRqF1O0NGtm5B7HiUa - bU24Oacc1WeWZsmUlwZ6XqfDS5yS655nBRKjwiR7iawxEq/S6iu690T0WmmHnctGhx0tbiX8xtOP - UliLCohfrTQF9Yc7a9TUXnBNgRkxq0qBDMnuRYPgOsoMR4vh6DHutjC3xlqkK0HA4s9tnIfhS7Qc - Dxfx8MmKXQodS56ZdnzAVrSxiDZ+zdaiM9ZOHrA2iBeD+NesteQ03WSltetrqu/Fp6a7YMaOTzCD - ea4hx7r+jobIKVXWTZk1O2ltrJq5FnGKFuKXqz6MvtfRtI5mlwrTtT8v6Uc9D8O0n7DiiFftAW6x - TzZt6OcroOlxy64WNNo00dtNd1RNUUbUqT7ThpC5l1hdw3XbvEiZFmkT+7fv9sgxPGoKVZfZrjBV - yS/bksDtVAPGSlX3oz452Fj2yfuohavgjFZ9iFd9GNz0EqG0sJdPhLITD1wXfnwfFTOegwlIwnRK - BG4UIi98M89vms873Om6VOxdExvOgNoJkfNeWFSXP4w3WsXEaESBF9yMK5F+EPLcXca7UNHdLNMu - ay6XF+7bckcqOcarmZ+VcAjcNEzQ7cw7+PDx7d7+6Ye9nfH+0fh0fHj41yGGgSVkMHI8MCmAHWDf - lJaRXSYMU7K8ZFiToiSlzCr2XmjODjTMsG5ZbZCjvqvS+1FsosLwSoThEKaJ11wZmCRE+aao7hQy - 4p0Lycv7h9qXRQuv43WJ3nW9ABOYS1ieriuq2kcwuXkrPJFjjfDyvrp7vf8c7W5o9Zqn5/iU6pjV - KW9s7bSPml9yuHsZNaWBRuLuepVwQdWtSqX3G2/Oyhr6ucYucfM8UGxXNclWswofe9K2WXgof3fB - +SJv/26zXKu6opfPGyEzbGqGIfPZGYBkVW0KyBzn9g63aTwDJuScDBBpMoaPVoa3A2QJKStin70l - dV/kmhvXEna8VCtkwqaISJGE/sAPrwg9BK9UKS8LZWwyCkdhMG2Onzq3gjgenqAgOz6imwx7Cnun - LvpW/Vj4hAXsODKW/V1zbUGzscyxsGYI0wMC+wd/su0aq5YdpVyuONigdXXFjgDLgRzB+c6nsRs+ - N0OXElq09yVNJ8Ji4ZKoowDOUBGjFsau2DHq6MfYi/rRRhRtOutEqXQO/kxYDb7SeZDmon8mJO0S - E3xcv6LJ1l3pE1I4DBtonZaL21qwLjlxVeDTjeo5wKN+YWclybnM4OhyQ3oOIa9Ljhgu6N8JF8wu - SMFL4soR6LnAB3OfPX9Dgj32rLS/o/C6H79YASEq3cabcA49Qsc9CdkVobr2WnOZFsGE58ka20cM - m91alNne7u0thBjDIYIWt7a73yLylyR264H//4fRETSIR+sx0mJt1xU/1uVXxagtomP/Lcie098X - KN7y6V8AAAD//+xZbU/bMBD+K1ElJJhImqRNgU6IVRqT9oEJMY1JbB8wdgqRmjjKSxli/e97znbc - kC5oQwjxAWliSe58Ptvn55673mEYhQQt8vsxXn7gP/cpZ0kWzrWF5wyt9Taf14sMhShlIxvy5mZj - I1X8rJWxPRZ83gEkGicyCVQyd9pL5JCJZVICwJDuo3ACXJrTriJCmuRDx3WpJrl0kCGd5doL4FJh - Tjlen7Kwp1yaU769IUxjsJddO2CtHHIkV16wOc1EqRRYk9eV9zNzWqs8kaJexGaJD0UNLZ62Agca - p4o8ikYM6XX1/tCKWwageYPR+Njs3dSsgYaoGXdbH1DWix5BsYxdSjIJ31TU0jlbUlq0nzEpxRr9 - oUjD64xz2JsC+K8WCVfnd5IorDfH900ld9pxcy56TY4snAUEhafGfE5zxivS/yKdRL04qEGWiYiF - UvhaxXmpzw3fRc1jrWyu+RmuFEgQfPmfkFEDc0nAT9G/zUSaZDvO9s7vFOypklPE8CaBDvoIdDBu - BJRbqwLcQFF+IvFd1ajHht8r6COlviWlzVL7FG251BUcWHJXVYzfUPb7S9XWJQllnaaM2M2gL2HT - 3lGVIosnUiC6YEeMc6qkUF9GczYeieBqf+xHV3B8b+8gCMMJzWOVMMMjajEd7EwIugTQXPvgmor3 - g7xlZU44R0YfbTvoUtkD31JqHgjWUD8OoyAMxnHgx6NQHEz4iEd7Ad+PhPDZZB7E+0fiUFnZGs22 - wk/4p8e5KcsM+3Bd/an06tK9xY64oUeB7+mLRlvm5oyVtGMYr0AdBQUeP566Ey/PyP9uP+P1e9zt - irx+j7udldfuMbBI6FaCKRrabOTUtATpPhHv0u0KjWcXwFqoH9eFzOPhBZCGU0VtLh518iC1N5nm - MT1JU28UBmnfoODlD/0NCl7C4zco6IUCSyTg4rW+cff0I4B59mFXVmyBp02u5INvDe5Xg01BX8PS - 72tY+rZh2RVY6hZny6SQmeZAphtSm1+k9Os/LQFlp7Jw3zwaFHwC8rV+Sxs2dncHKft1Fpf1ggy3 - 5la9p6KaVdqPpayerb+tbVmbmApV9blUnbumKU0td+qH0YzWj4fOhg+8NQPU7qxWqz8AAAD//wMA - GP6cmdgcAAA= + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SZZkdnJdFxbSdy6ris7yYPj8cDkikQMAiwA6tI4/94F + SEqNbGVidxr7gSSAvZ09u1h99GBZUZF5iadAZKAge8mAZ7onaAm6p9MCStqTFShqmBS6BxkzJRja + SwsqcuAy781BadyDbAqVAg3CtGfTWhtZzqzC6ygMo9BX8FcN2lysKjhTNDUsBa/nMWs/ip7vh/ih + gc/wszCm0kkQZDCD1GTyg/Sp4VRrRoUvwARoyQS0YkEcMK1rCDoFt7BC+dOLyflFPxruxbjkXNBe + 8tHT6FutU2ogl2rVxJDhF0rEYRz3w3E/2r8IwyQOk0HsR6Pxj2EcWrXOiEHHnZonOmnlA4QitF41 + YbcfGehUscoCh6sHRJeU8x7JmDZMpIZUDFIgckYWUt36VjqV4o3ij/SiFsymi/JrOqeGqmDOYBE4 + tzYOtltROIjGP2v2N7woMe11iVYtLdDkBdW3Nlf1jbFvyYxyDT2vETzGuJxszysYEkelxeoE5oC+ + hp96nmHIrApZ4iWixhi9LZoMwm6jUvIDRvREwFtpB7dLYAf3Fkk2Ub0RzBhUoL21bcvU39xZLWdm + QZXlq2ZlxRk6nG1FjvlwLBuOl8PxI939Qma6SNZ5GYbP0Y14uIyH/6+VJvuOi2gwGi2j0bcwuOws + DuLlIP4WFluCf/p0n47RLp7G3caMLd82PRCzf3mFbMhzBTm2lXtcRz8lr5sqf1Br/HzXxnjXxv59 + 5U1La1Ztw3Dd20v6UdvHLFyKpY0fH++tWRIjErqQNc+OmK44XbVUx+UFNXgtNO308WXZNOtNew4a + dcoWnXs9lLXFy7n6zi4wkXuJUbW1jUrNW8ynLb0WDQUYrK3t+w088sejva6Bb8O2bjPbG7sSHq8T + vr0x2HQsJhUzqydi04kH7nr4+gbPSpqDDqyE7pQwXChYXvh6nm9a3Gtc6Xph7DlAb8A2LUvb7ft6 + tCPeaBdHo7ENvKB6UrH0hInbl3bnCCo7W4i045Bj1sLtrVeEFBMcLegNhylQ3fBStW/e2cmbV8en + 1yfHh5PT88n1ZDr9Y4phYHFpjBwPXBRAzrA7C0OsXcI0kYKvCFY641YpMZL8yhQlZwpKLHVSa+Sc + /1DFR1hQXnjHwnDMB4m3Vc6Ibc4E5Zg1hH1TZnZve62djFp4HfM5etd1CUxgLmB9uq5s2X4Fk5sh + 5okca4TXt+Lnc8fjaLeh1S80vcVRsGNWp7yxddhOW//J4W5ka0oDjcTdJS5gYatbcqlOG29ueA39 + XGHP2gwskhzJJtmyrHBYFabNwpdy+jk478W//w9IrmRd2ZHsJRMZNilNkPnkBkCQqtYFZI5zx9MD + +7wBwsTcGrBEyggO3QTvDcgSq6yIffLKqnsvnrnns4RcrtUykRCB0RtGjVRJ6O/5gzsLISLIZUp5 + IbVJxuE4DGaNzLXzLRheoSy5PIe0tm2FvJaLvpEPi16RgFxG2pA/a6oMKDIROdZWiUh9QeD07Hdy + UGPhkvOUih0HG8Du7sg5ToHOEXw/fDtxj3fNo8uK/WgvU/t6wQzWrhV1LMA3VERsFyN35BJ19GOs + 1z6Om3HkrFtWiXnmCxyc/VzOg3nNBfLMYB8IPj9/ZVUMwnAtly7AL5lR4EuVB1iM1BKU4VRoizjA + o35hSm7lNunAD5cQqyzGvynkNacI39L+GHJxHIFglFumnIOa428e0iffn6419Mh33Pz0AtWM/PCH + HRii+gO8m+fQs/C44ZM8hMUIY9sb7H81FqN/AAAA///sWdtu2kAQ/ZVVpVSAYoONbQhVlCLRSJGa + CjVqH9IXFu8CrgBbvpCXfHzPrNfmEi4tURCVIhDY3pnd2bmc2Rnn9EoXzt/rwjmoi9PqAXFTOFen + pnRCz1itl0nWQ8Dh4YOMUpNZrUtG8MrWo7n4TCyzDGd13zTf0qxFvNbtloswqfUUHgKqfoeMMgXE + PsjHKvipblPA/u2zGmIPA7/wZxwVBlgTXqSmeF0grtug9hBmMbR5G0wlcFDmGv84Tj9x38cu1OXS + 6VYYe0u8rgFXSzFCALnGQDMI61wsggSYLykNtgDlI9I6HKnI12TTwXKFAcPJgpH8qGb1WSLW/qCl + I38QpT8k2h94miIxJpfsaRL4E4bj9XgMZM0AdSziWGs+ZpyhQPDBiNOKH/MRyTHoqo0aX/l8nAGE + B2wiuQDngiO1mflu2c+lQPehyKZyNUusjxflSWfVJ0HSV2dvUYxjeFwMW+szgHICdjyEl6sg7xw2 + DKF7h37Iv3BL20owS5QNp4GvjXYfqJyobfZDHYJIw9oYuTAM4DLFQKw3D767WcT9lHi+hSxQNwwF + 3iIQUqy503cEFU6GWPpfnEKzRiElQ/LxChezYF5llerzDD6chp3Sb7eixpsjhnMkYjiEGM5rEeOo + ZPECMY5NV6sGPjVieO+IcQLEcP4vxPBK1gOI8bITYe3qRFjOanGZxvAM1Quh3swmqbtjjsbOgV3V + faOs7ovN7iIsO1JrBfJmEaVcekJ1xNYuQ6NsXyXZbMapTPywt/IhBVLPJ4yPLCip8r+B/1Gf6U5c + uyPuNIU1bDsNdwiBWq0ry7Y9ql9LIqywh0ySdbtCkG+DcimDoRuOn8MnnkQEjjTp3lax0rk0Ub0q + MhPlatGudC3bcqTVkE1bXHl+03dblt92hWhwb2TJ9o24VrNcNLsX9i2+OZ8x43NdyBlG/igxs8R4 + gkYM24SIwszDi1RmRJwnpDHwKwDn0wSXvb7hmdGc5N9sO5+/xJt96/OXeLPvfe4SA5BE3ibWLZjV + Y0lfv8aheKLKLW/m5qD2iKIf5F+yOIxk/RFw41N/UgcevX3BaBnJtI5+56S7N7GG23coONbofwAA + AP//Ij/SR4sCeriYpkUBAAAA//+igYvpWBTAmx1AJ6ZDclw1aOIWyjYAmptfkgiddkZvduCa5THA + NctjAJ/lQZeAN9NS88oyi/LzIG0d6BByKXR9AYRLjEvL8kuoN7sGMQxuKNCmjMTisHzwPANsQg+Y + hCBOroYxoaUr2Q4Ar8XQh5mro5SbWBGUWlyaAzIYybPgGYKiEscSiMdBM5WgWQSQ1+HiqJqNUHRD + NYBdW1tbCwAAAP//AwDm08InziIAAA== headers: - ATL-TraceId: - - 0fa69d886811af94 - Connection: - - keep-alive + Atl-Traceid: + - 788167e8267ccbd6 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0ba60784-1f4f-4b08-94a3-630ae67fa542 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '261' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7f0acd13-96a0-4dde-874f-294ac42387ae - x-envoy-upstream-service-time: - - '137' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -543,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m2W3EQPKrIK7Z5EZJJOsJImpU2FZdn/boqLH7fhneeZ - lzkxjTMdJscUe49xnNVm05ElE7vwEQqMDue5R194iixjnzTNffAJ5gC8gALyZn/93Nw9tb/b/TLo - NDH1skIZZPCasY5GF44D+dgeR0oHblxYuiTppXfdt8LUKmzlJbzFuIICBM+hyoVseaWAq7IqAOAK - BEDyZ5pSb9sP/9hdy4UqtwpkUYH4Yc1w721IoBQ7WW+tRlNSiVSDsbWsdadRgjUAWFVSair/FES3 - Njz0E7L1HYuLi4/B4BqfmLtMjPzboWHn8xcAAAD//wMAYgH4F1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTpG1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+29687O6f29/tdhm7 + NIF4XaEMMzxkoPRk/XHULrbHSacDt9YvKkndMlj1rYBIAsXqEt7JuIIUKc2xyQveYiOQC1oRRLxK + JCY/6Dn1tsP4j71uEQVFwRipGPth+/HBGZ/Auiy4YcYYxhtKa2QNYllJWhe9RFX3nJcaWf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwA9+qXbWgEAAA== headers: - ATL-TraceId: - - 78658d7a0d88cde7 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - e363c95b9ed19632 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a75b8ae5-6901-4d75-9941-732e47747149 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 1bf8e08672f60b95 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e5475c95-3dab-4533-8169-07defa585fd6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fe0c3e3f-e792-45ca-aa6b-5aa6e1288ca4 - x-envoy-upstream-service-time: - - '61' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -720,110 +549,166 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 1b1012dc95c05988 - Connection: - - keep-alive + Atl-Traceid: + - 11dbce7d5b89dba9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7f58fc21-a13f-41d3-a194-abb549743c29 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '190' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a057267c-4dae-448f-9e66-fa8c83a553ec - x-envoy-upstream-service-time: - - '105' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/222] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2850]\n*Defect Dojo - link:* http://localhost:8080/finding/2850 (2850)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2849]\n*Defect - Dojo link:* http://localhost:8080/finding/2849 (2849)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]\n*Defect + Dojo link:* http://localhost:8080/finding/278 (278)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/276]\n*Defect Dojo link:* http://localhost:8080/finding/276 + (276)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -836,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '7089' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11096","key":"NTEST-907","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11096"}' + string: '{"id":"11791","key":"NTEST-1453","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11791"}' headers: - ATL-TraceId: - - c5d6e664eae7cfc6 - Connection: - - keep-alive + Atl-Traceid: + - 817bc2812c1346b5 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 86943710-92d7-401a-b459-c6104a121156 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '673' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5011faae-5cfe-4199-9eb3-a82a6ff1669c - x-envoy-upstream-service-time: - - '523' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -892,98 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-907 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1453 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW282xKjDZCg4CW1KqXGSD4RhztIiX5DvNHcn2zTkv3f3 - JNnExJSQwgfd2749++ze+bMHy5LLzEs8DTIDDdkrAUVmOpLPwHRMOoUZ76gSNLdCSdOBTNgZWN5J - p1zmUKi8MwdtcA+yEZQaDEhbn/U6niDNURTu7eLEQHGF06m1pUmCIIMrSG2mPimf24IbI7j0JdgA - ddiAlyKIA2FMBUGr4BpuUP5kPDwbd/fCF7hy5Zz1ks+eQaOVSbmFXOmb2rkMZygQh3HUDfvdeDCO - 4qS3k4QDv7cT/xLGYUg+kg17U4JT80QfST6IwjCMV1E3kwxMqkVJiODqATMzXhQdlgljhUwtKwWk - wNQVWyh97ZN0quQ7XTzGCwNppSGYC1jwObdcvzTiH9ifYZKq2bN66Tjbj8JeNGimY3R0fx1yx6NE - o60xN9eUo2piaZRc8cJAx2t1eIlT8qXjWYHEKDHJXiIrjMQrtfqE7j0RvUbaYeey0WJHkzsJX3v6 - TgprUQHxq5GmoP5wZ426sguuKTAjZmUhkCHZRjQIrqNMf7DsDx7jbgNzY6xBuhQELP7dxbnvWBn3 - l3H/yYpdCh1Lnpnm+4CtaHcZ7f6YrWVrrBk8YK0XL3vxj1lryGnawVZrX75QfS/f190FM3Z+gRnM - cw051vU9GiKnVFHVZVavpJWxauZaxCVaiF9s2xjc11G3jnqVCtO1Py/pRh0Pw7TvseKIV/UBV07E - aS3S2oHP99aIcRiQmaqqyI6EKQt+0/ASlxfcYqetG9n311DdJVd9Mai1aSoQNzxUFeEUkacfaEHI - 3Eusrsh0qgFjpaq73ydf+HuDftsnN1ELt8EZbduI1y1DKC3szRPjbcUD12wf3y7FjOdgApIwrRKB - C1ORT30zz9c95g2utM0o9giljVB6bSgFnwC1EyLnxiGqy28CEW1jYjQgRKbcDEuRvhXy2l3GR1DS - 3SzTljCORgu3t1qRSg7xauaTAkbATU1C3Yy807fvXh+fXL49PhyenA0vh6PRXyOMD0vIICR4YDwF - dop9U1pGdpkwTMnihmFNioKUMqvY70JzdqphhnXLKoMM812VbkaxhwrDWxGGfZCJt1G0CHouJC8w - nZiPdZXR3uZa87Jo4HU0L9C7thdgZnMJq9NVSVX7CCbXb4Unkq8WXt1XX1/v38fHNd9+4+k1PqVa - yrXKa1uHzaPmhxxuX0Z1zaCRuL1eJSyoulWh9EntzaSooJtrbFDr54FiR6pOtpqV+NiTtsnCQzn9 - GpyP8u7/Acu1qkp6+bwSMsOWZBgyn00AJCsrM4XMce54dEDfCTAh52SAiJQxfLQyvB0gS0jZNPbZ - a1L3UT533+cJO1+pFTJhEqO3glulk9Df8Xu3BCEiWKiUF1NlbDIIB2FwVctcOt+COI4vUJqdn9F1 - hh2HvVGLrlXfFr5gATuPjGV/V1xb0Gwoc6yuGWL1gMDJ6Z/soMLSZWcpl1sO1pDd3rIzwJogR3B8 - +H7oPh/qT5sXmjSXJg3HwmL1kqjjAY5QEaMGx27ZOeroxlixXXzexZGzTrxK5+DPhNXgK50HaS66 - EyFplejg4/wlDfa/lr4ghb0wXGtZ3NWCxcmJsALfb1TUAR71p3ZWkNw6PThxCSJliH88grwqOIK5 - pB8XLqojkIIXxJwz0HOBz+cu++lkpaHDnhX2131Us+uHP29BFNUf4MU8hw6B5Z6J7FvI7GJsO729 - JyLTSDtk+o9Hpv+fyPx/qPwLAAD//+xZ62vbMBD/V8Sg0IbZiR07LyhdRzsorKXs0UH3JaqlxB6J - bfxIv+yP3+8k+ZF0abfQdh2UhMSW7uTTPX6nO/+JVhBV7zMeB2H3C59POuwCjqZHy2ghzk7aQ/BD - 7IxCOWwNV5/QsetwV/d9+ynNXMVz1x35FEWdEwWYwLIfCaNUAhEfZmT79HsA9ir8wEZ+Qtv9doqb - 7/izdnF9WuFKr/CYkdgo/KpcxCjeKYPXCNFGQ+hUOVXDAR3VqN0BulaSxAng3OCgHSVdLlZRDuSX - lAyHAPQZqRYOU2Vtsty0edKU4XzBVo08QPXMWF02Vhe11XNjdV4USI/5W3YbRkHIcKKez4GuJTbD - Uo5nxXPGGYqBAIw4swQZn5Ec0+MgkGlhfeTxvAQQT1kouQDniiPB2Xq3rKWg80SUC9nWzvp8VYpM - 2p4Hkkt13hbVPKbn1bSzvgIoQ7BjsNL7xGydWLiSV12uiUA+Rj/kYbilbeVYJS1vFlGgTHYeqbxo - LPZVHYRIv8YUWhQGay8wkamtd86WKQ8Kor9IWKRuGOq1VSSkUASfC5nm2koYF2UgNbEJ9E8IJRwY - IcvfeIliTBPKj+T1+1wso/iA7R/8XOKkWSST2nd/CxVPDhPeeEeY8MYEE974QZjYJQ/cgYnHSUtN - 0D8TTAxeYeIZYML7z2FiYBgfgIm7PQlnW0/C8dplZpHBUVQPhFoym6T+ljV6WyfqOr/a0TbCbXV/ - r+5ArZXKm+XUJte45iLXD6nQ0DVZXi6XnArGN/fWQKRA6v4k2Y6lJfUAjuCO1F86E4f+jHt94dyM - vJ5/AwGHw7HjugOqZGsiPOEeMknWPRaCXB2UjQyW6SS+S255nhLI0aL3tnN1C9JGHavIbBSuXX3Z - 9R3X8aTTk31XjAdBP/CHTjDyhejxwcyRoyNxqFbZ6x/vuR/w1XzWksemoLMsPZTbZW7dQiOWa5P3 - 2zraSGVWynlOGgO/QnS+yHF5cmkN7DQm+Tf7xC9f4s1u88uXeLNj/dIlBiAJ3R02zZj2UeTSvGqh - eKIqTTdxNahdA3BBflpmSSq718ChgFqYJvDoDQlm60im55h3PaaPkxm4fYWC5zf6v4SCXwAAAP// - ItfFo0UBrV1Mh6IAAAAA//+CFQXwZgfQiemQHFcNmlyFsg2A5uaXJOYAWZgNJgNgo0upulYJUwLX - RJABfCIIXQI+rYIuAW+/peaVZRbl50HaOtBR5lLoTD+ES5QX8nMhJlTDmNBSkIySD2mNgj7MXB2l - 3MSKoNTi0hyQwUh2g8f0i0ocSyDuKMsvodqsH8QsuJlAqzISi8PywTMi8HnG/CLwPAPIRrg7UB1r - hOJaqAZw6NTW1gIAAAD//wMAmWTtQTAiAAA= + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUucNluWZY7bfkiDgJbOEhuJ1EjKjyX533fU + w2qcuGgyrDEQkUfe+3fHu7VglVMeWYElgUcgITpmkEaqw2kGqqPCBDLaETlIqpngqgMR0xlo2gkT + ymNIRdxZgFR4BtEEcgkKuK7vhoXSIpsbgdee63quLeHvApSernM4lzTULASrYzGj3/P29j3cKEjn + uE20zlXgOBHMIdSR+CJsqlOqFKPc5qAd1KQdmjPHd5hSBTiNgBtYI//ZdHwx7Xr9QQ9JpQnKCm4t + hbYVKqQaYiHXlQ8R7pDDd32/64663v7UdQPfDXp9e7g3+Nn1XdcYaZRoNLwU80IjDb+DoXD9jdv1 + JgIVSpabwCH1gKiMpmmHRExpxkNNcgYhEDEnSyFvbMMdCv5Bps+0ouDMpIum13RBNZXOgsHSKc1q + DayPPLfnjX5R7B94m2Haiwy1GligyilVNyZXxUybVTCnqYKOVTGeoF8lb8dKGAJHhsn6FBaAtrr3 + HUszRFaOKLECXqCP1hZMeu6uA685yKX4gq6+MBM1d5mHMrNNHszmK/S07n7gTGsUoKyNbgPh38u7 + Ssz1kkoDZMWyPGVocLQVEkxUCb/+aNUfPdPcb6Ss8WSTsL67h2b4/ZXf/3+1VLAoQYoKveHKG/4I + hatGY89f9fwfobFG/v39Yzj6DRznbPWx6oGY5MsrTHocS4ixrTzCOpoj0qKq8idB7u/tOhjtOth/ + LLxqaRXVNIyye1tB16v7mImKZGFlx+0jmsEqOqwSUaTREVN5Stc1opG8pBqfhaqdPr/6qmbdtmen + EidNbZXLQ1GYeJWmfjIExmMr0LIwulGo/ohpMxVWR0MCOmtK+KkG7g/3mga+HbZdbcbftJntg03C + tw96bWNiQjK9fmFsGnanfB6+v8GzjMagHMOhGiEMCQmLE1st4raTvUdK0/J8qwzoDExvMrDdfq+H + O/z1dmHUGxnHE6rGOQtPGb85NidHkJvZgocNhkpkLcuzDYULPsbRgs5SmABVFS5lvbLOTz+8Ozm7 + Pj05HJ9djK/Hk8mfE3QDi0uh53hhmgA5xybMNTF6CVNE8HRNsKBZaoQSLchvTFJyLiHDiiaFQszZ + TxW2hwVluXfMdUfpLLCqFwuThFFuq+pBiWO8Y8Zpun2pnozq8JbIT9G6pktgAmMOm9tFbsr2O5Bc + DTEvxFjFvHn8Hs4dz4NdC6tfaXiDo2CDrEZ4peuwnrb+k8HNyFaVBirxm7eaw9JUt0iFPKusmaUF + dGOJPasdWAQ5ElWyRZbjsMp1nYVv5e9hcD7zr38HJJaiyM1Idsx4hE1KEUQ+mQFwkhcqgajE3Mnk + wHxnQBhfGAUGNBHBoZvguwFRYIQlvk3eGXGf+evy+zoglxuxjAckj4OB7dnunQkdRi4VIU0ToXQw + ckeuM6/uXpc2OYMr5CGXFxAWpp2Q92LZ1eJp1ivikEtPafJXQaUGScY8xprKMELfYDg7/4McFFiw + 5CKkfMfFKlB3d+QCp7/SEFwffhyXn0/Vp8mG2dSPqFlOmcaaNaxl9nGFgojpXuSOXKKMro912vWG + 7sgvtRs08UVkcxyY7VgsnEWRcsSXxvp3Ht6/MiL2+xu2cAl2xrQEW8jYwRqkBpcMZz5Tu85+3050 + lhquPMZ/ZRqMCB//JpAJDehGBGS8wngbHtIlP53HHfIq1W+Ib3ue7RPyKtZv3pKe7SJzedCzh3af + NAf99qBvD+y9hj5o6QMbZTX0YUs3y0FLN9bVdM8etnS/pftf3f8XAAD//+xYXU/bMBT9K1dCmtKs + TUUL7dSJBwQ8TBpoWre9rJMaUkOzpUmJE2Bi/PedazuuQ1MQHQ97AFBJfX3t63O/jhP0V+P9oL8a + 31uN760OMFzty4/OuN2XH3utDTEB4A7BMa5Fm92tuDI1+Xb4TN+a+S/l21e/voxfUc+q5B/5ysc8 + Rv5xKegYhRCDY7EsAtodtonbHtWrbPU73w1smVXf+8FrAm7jqKpTdHvDdyjQ/rHqwGiOPzNibgKH + PKlHHj5aTa593LHko+pD8B3/OlskKXZEtqsF/q0B1GPLH2dlHgnEVyJ87rQdXAcXsRQM7PLSmXi8 + 4gM++rbdFsEnTa8N4qwbzq5jCU4BBr7f64EqXDDGSIiKDzJpmC4vpwSuBftSCinXcRxxHAsbx3wG + kYfnccLds5iHBWURNpJ0MwfNKMB6jSKjdh5KQVlOV7jM/SbcOyPOQ4nVozy8YAPAkspFSkyKApVp + 4M25IBBnKm6ySiUiGYk0xD2CuQe2iqM5odWDVCfxLwFafYFdQpi9XCZxpN72GY5TGZwI4IOcZV7u + ztJHg01lKsMLFAum4R1Z8hTYJ68Ss51BRhIu/HEUZ+AAjvEymKS99dWhlAJpycbAPNwjc1B7rGvR + YdplbQgNUrkoyjxFcONJlknB6Do2YF6jEQEDuLODG0UGf+LvKEsjxPwknU6nk5QvYwXd0RFOBn5z + TwfErz/jXHhvdm57Q4SW/t+q5kZ65gGB0ho1j4XqKTCH45FKgeE6oOn45OPJ0RfapcMxvbkqs+L9 + BD968a6vR5CETWK/O0FevuWjyiwRAUi8h+iPcLEKRHrd+sHWgAtDJe12tfZUGaCNUgB6sKNNnsjz + NiPYogPOHLrDyuZMWGvGht+3DDj0zQYKnWazEvFCnGruePVOZVSr4+CEGyo5JJtquVVaq+ZWslbP + HcmDiu5IHtR0R/KgqjuSB3XdStYquyOp13bg9Em9NZlVII3MTAOSQQXrOXAxRgYT3siFizEyoBhR + BRdjZEFxJFXPq1CpiRgki0pNwiBZVGoSBsmiUpMwSBYVR6JBsqjUJBokJ5iA1xyRxCHZ0TRvtF7o + +VYy4g90J3w7jDgPEJjlOdLf9IDTWF3hTAvw7aWlF9wGtyP6qi7xXIBMsa9cgoqZQJIHrlJ/k5L2 + VqPO3iYd7cZGnf1NOtrBjTqDTTraI1aHPDrjDqS6k+1wKgja2uNtVXa1i7nVhInMaKkDOCAmEnbT + 4aZNlUsf39QEBLrU2gbGdx8WyzAq2G9nGcXqCyEEruOZmK3aPCZ+BivKBaq5fE6fN6rLjO/RTFO8 + cLaI0xZ5rT8L0JAiG1nq0UhoX8msk8BuwXuazA62JLMDJrOD/4HMbnvjdQN3CzL7FwAA//8iqTFr + ONqYHVaNWQAAAAD//+yaX2uDMBTFv8ugj3EmGrUPpStsg731uW9pYjcY/sEo/fq710Rn3NLBHoYw + oQ+luUluIzk95fxWM7ua2ak5czTdMWeOqjvmzNF1x5w5yu6Ys6m2r2Z2OK/VzK5mdhlmlo5TfzCz + X3N16svVaTwMYOTWNkK+98k+kgbzUu5ZI/QO+LLqcMyqhy/rK/TxFeHIVziZ7zwrFG0r5BvGZiZX + 1F1RCAw9777N8fDgkFyoml/Goug19kJKpCVe1I5fRBwpes7ikJ+h6zTdUsYS3Gcsgh1ulOX4VA9K + wR4aKj97QGFBOuahugpdo63FRW9yTf1Z58FrY8rg574Y2BpOGY1zGuYRU9tERpKnVGZcqVAkF5pn + e7XrV9lEhw17hpeZRwpR2liSEPORDjpNrnAihAXQogqMtOGRkVoIjScG83vrDZcI3j4eSRLUJfY/ + Z6SW3/Ecslp+x3NIa+kdgxApAztZkGD6f/JomUO8T5hzGSTJiNmpKrH8qWuqOr8/gcxIpGzsxUNU + EEbHm4z7WHLSMgiNldlVCv7+of9XKfgAAAD//6Kvi0eLApxFAbxVAXRiOiTHVYNWGUPZBkBz80sS + oYun0dsmuNYqGuBaq2gAX6uILgFvngG7yplF+XmQpgxEKKUUukoewiXGpWXAFi25a9Qw1ohCDIMb + CrQpI7E4LB+8Wg62LBWYhCBOroYxoaUr2Q4A7yjQh5mro5SbWBEEGVNB8Sx4nVtRiWMJxOOg9bag + tXAgr8PFUTUboeiGagC7tra2FgAAAP//AwBW3VgBlDEAAA== headers: - ATL-TraceId: - - 69e05da3b7933fd6 - Connection: - - keep-alive + Atl-Traceid: + - 54bc1f1d591e641a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 25bd1b68-1c41-4b63-af2c-cad5d4946503 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '235' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3212023a-b172-4776-8ad8-81ef48ca95a9 - x-envoy-upstream-service-time: - - '116' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -993,98 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11096 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11791 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW282xKjDZCg4CS2l1DjJB8IwZ2mRL8h3mruTbRr47909 - STaBmBJS+KC7k/bt2Wf31l88WJZcZl7iaZAZaMjeCCgy05F8BqZj0inMeEeVoLkVSpoOZMLOwPJO - OuUyh0LlnTlog+8gG0GpwYC09bdexxOkOYrCnW3cGCgucTu1tjRJEGRwCanN1Gflc1twYwSXvgQb - oA4b8FIEcSCMqSBoFVzBNcofj4en4+5O+ApPLp2zXvLFM2i0Mim3kCt9XTuX4Q4F4jCOumG/Gw/G - UZz0tpJw4Pe24l/COAzJR7Jhr0twap7pI8kHURiG8SrqZpOBSbUoCRE83WNmxouiwzJhrJCpZaWA - FJi6ZAulr3ySTpV8r4uneGEgrTQEcwELPueW69dG/AO7M0xSNXtRHx1mu1HYiwbNdoyO7q5D7niU - aLQ15uaKclRNLK2SS14Y6HitDi9xSm47nhVIjBKT7CWywki8UqvP6N4z0WukHXYuGy12tLmT8LWn - 76WwFhUQvxppCuoP961Rl3bBNQVmxKwsBDIkuxcNguso0x8s+4OnuNvA3BhrkC4FAYt/d3HuO1bG - /WXcf7Zil0LHkhemeT5iK9peRts/ZmvZGmsWj1jrxcte/GPWGnKadrHR2u0t1ffyQ91dMGNn55jB - PNeQY10/oCFyShVVXWb1SVoZq2auRVyghfjVpheDhzrq1lGfUmG69ucl3ajpF8RgLdLa3JcHZ8Qv - dN9MVVVkB8KUBb9uWIjHC26xr9Zt6/srpu6Jqy4Y1No0lYNb7quKUHGefqQDIXMvsboi06jTfsB2 - QUXRgKEBY6Wqe9gnX/k7g37bJ++jFm6CM9r0Il63DKG0sNfPRKAVD1yzfXq7FDOegwlIwrRKBB5M - RT71zTxf95h3eNI2o9i7fRhKrw2l4BOgdkLkvPcR1eU3gYg2MTEaECJTboalSI+EvHKX8QGUdDfL - tKWQI9bCvVudSCWHeDXzSQEj4KampW5W3snR+7eHxxdHh/vD49PhxXA0+muE8WEJGYQEPxhPgZ1g - 35SWkV0mDFOyuGZYk6Igpcwq9rvQnJ1omGHdssog53xXpfej2EGF4Y0Iwz7IxLtXtAh6LiQvMJ2Y - j3WV0bv7Z81k0cDriF+gd20vwMzmElZfVyVV7ROYXM8KzyRfLby6r76+3r+Pj2u+/cbTKxylWsq1 - ymtb+81Q80MOt5NRXTNoJG6vVwkLqm5VKH1cezMpKujmGlvWejxQ7EDVyVazEoc9aZssPJbTr8H5 - JO/+77Fcq6qkyeeNkBk2KcOQ+WwCIFlZmSlkjnOHoz16ToAJOScDRKSM4dDK8HaALCFl09hnb0nd - J/nSPV8m7GylVsiESYzeCm6VTkJ/y+/dEISIYKFSXkyVsckgHITBZS1z4XwL4jg+R2l2dkrXGXYc - 9k4tulZ9W/icBewsMpb9XXFtQbOhzLG6ZojVIwLHJ3+yvQpLl52mXG74sIbs5oadAtYEOYLr/Q9D - 9/hYP9q80Ka5NGk5Fharl0QdD3CFihg1OHbDzlBHN8aK7eJ4F0fOOvEqnYM/E1aDr3QepLnoToSk - U6KDj/vXtNj9WvqcFPbCcK1lcVcLFicnwgqc36ioA/zUn9pZQXLr9ODGJYiUIf7xCPKq4Ajmkn5c - uKgOQApeEHNOQc8Fjs9d9tPxSkOHvSjsr7uoZtsPf96AKKrfw6t6Dh0Cy42J7FvIbGNsW72dZyLT - SDtk+k9Hpv+fyPx/qPwLAAD//+xZWWvbQBD+K0sh4JhKtmTJF4Q0JSkEmhB6pJC+eKOVLRVbEjqc - l/74frO7OqzUcWuSNIVgY0u7M6vZOb7ZGf2JVhBV71MeeUHvC19Mu+wSjqZGi3Apzk+bQ/BD7IxC - OWgMl5/AMqtwl/cD8ynNXMZzzx67FEXdUwmYwLIfMaNUAhF3M7IO/R6CvQw/sJGf0Ha/neHmO/6M - fVyfVrhWKzxmJNYKvy6WEYp3yuAVQjTREDqVTlVzQEcVaneBrqUkUQw41zhohnGPi3WYAfl9SoYj - APqcVAuHKbM2WW5WP2nGcL5g61oeoHqqre7XVheV1TNtdZ7nSI/ZW3YXhF7AcMZeLICuBTbDEo5n - RQvGGYoBD4w4s3gpn5McsxPP85Pc+MijRQEgnrHA5wKca44EZ6rdsoaCLmJRLP2mdjbny1Jk2vQ8 - kFzJE7go5zG9KKetzRVAGYAdg6Xep3rrxMKlvPJyQwTyMfohD8MtbSvDKklxuww9abKLUOZFbbGv - 8iBE+tWmUKIwWHuJiVRuvXu+SriXE/1lzEJ5w1CvrUPhC0nwOfeTTFkJ46LwfEWsA/0TQgkHRsjy - N14iGZOY8iN5fYeLVRgdss7hzxVOmnk8rXz3t1Dx5DDhTPaECWdCMOFMdsLEPnngHkw8Tlqqg/6Z - YGL4ChPPABPOfw4TQ824Aybu9ySsbT0Jy9k24TbrzzyFB8l2CXVvWqT9irQ9UdX55Y62EW6r+/tV - B2qjVG6XU22uScVFrh9QoaFqsqxYrTgVjG8erIFIgdT9idM9S0vqARzDHanjdC6O3Dl3BsK6HTt9 - 9xYCjkYTy7aHVMlWRHjCA2Q+WfdECHJ1UNYyGLqT+C6+41lCIEeLPtjOVS1IE3WsJDNRuPbUZc+1 - bMvxrb4/sMVk6A08d2R5Y1eIPh/OLX98LI7kKgeDkwP7A76Kz1jxSBd0hqGGMrPIjDtoxLBN8n5T - RRupzEg4z0hj4JeIzpcZLk+vjKGZRCR/u0/88iVud5tfvsTtjvVLlxi4I1S/WDdjmkeRK/2qheKJ - qjTV1lXYdQPABflZkcaJ37sBDnnUwtSBR29IMFtFMj1Hv+vRfZxUw+0rFDy/0f8lFPwCAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF6C0LYDtKqboWpAfWHgG6PR2SFatBs65QtgHQwvySxBwgC4spuCaC - DOATQegS8GkVdAl4+y01ryyzKD8P0taBjjKXQmf6IVyiXJqfCzGhGsaEloJklHxIaxT0YebqKOUm - VgSlFpfmgAxGshs8pl9U4lgCcUdZfgnV5gEhZsHNBFqVkVgclg+eEYHPPOYXgecZQDbC3YHqWCMU - 10I1gEOntrYWAAAA//8DAM+tYFEwIgAA + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJbOMhuJ1EjKjzX933cn + WXbjxEWTYY2BiDzy3r873mcHlgWXiRM5GmQCGpLXArLEtCTPwbRMPIOct1QBmluhpGlBImwOlrfi + GZcpZCptzUEbPINkBIUGA9Ku78alsSqfksDrwPcD39XwdwnGjlcFnGseWxGD03IE6Q+Cg8MANway + KW5n1hYm8rwEphDbRH1SLrcZN0Zw6UqwHmqyHi+EF3rCmBK8RsANrJD/bDy8GLeDbq+DpMoE40Sf + HYO2lSbmFlKlV7UPCe6QI/TDsO0P2sHh2Pej0I86Xbd/0PvZD32fjCQlFg2vxDzRSOL3MBR+uHF7 + vUnAxFoUFDikHjGT8yxrsUQYK2RsWSEgBqambKH0jUvcsZLvdPZIK0opKF08u+Zzbrn25gIWXmXW + 1sD1UeB3gsEvRvwDL3NMe5mjVoIFqhxzc0O5KieWVtGUZwZaTs14gn5VvC1nJhA4Op6tTmEOaKv/ + peVYgcgqECVOJEv00dmBScffdxA0B4VWn9DVJ2ZizV3locpskwfafIWerbvvpLAWBRhno5sg/Ht1 + 16ipXXBNQDYiLzKBBic7IcFEVfDrDpbdwSPN/UbKGk82Cev6B2hG2F2G3f9XSw2LCqSoMOgvg/6P + ULhsNHbCZSf8ERrXyP/y5T4cwwaOU7F8X/dATPLlFSY9TTWk2FbuYR3NUVlZV/mDIA8P9h0M9h0c + 3hdet7SaSg2j6t5O1A5wyy029boZPr526la7ba5eLU5TZVTLY1WStwE1zA9EEDJ1IqtLwAiiUPse + g071URtXySP5WsR1VD7fo5GtyGxmqsySV8IUGV+t64uyogGdpRJ+qIGH/YOmge+GbV+bCTdtZvdg + k/Ddg862MQmlhV09MboNu1c9D9/f4EXOUzAecZhGiEDCTKQz18zTbSd7i5Sm5YVOlZIJUG8i2O6+ + 1/09/gb7MBoMyPEZN8NCxKdC3rymk1dQ0Gwh4yZrVS4X1dmGIpUc4mjBJxmMgJsaCXq9cs5P3705 + Obs+PTkenl0Mr4ej0Z8jdAOLy6DneGE8A3aOTVhaRnqZMEzJbMWwoEVGQplV7DehOTvXkGNFs9Ig + at2HCjvAgnL8W+H7g2wSOfWLhUnCKG+r6k6JY7xTIXm2e2k9Ga3DW+E6Q+uaLoEJTCVsbpcFle13 + ILkeYp6IsZp58/jdnTseB7strH7l8Q2Ogg2yGuG1ruP1tPWfDG5Gtro0UEnYvNUSFlTdKlP6rLZm + kpXQTjV2ie3AotgrVSdb5QUOq9Kus/Ct/N0Nzkf59e+IpVqVBY1kr4VMsM0ZhshnEwDJitLMIKkw + dzI6ou8EmJBzUkCgSRgO3QzfDUgiEjYLXfaGxH2Uz6vv84hdbsQKGbEijXpu4Pq3FDqMXKZins2U + sdHAH/jetL57Xdnk9a6Qh11eQFxSO2Fv1aJt1cOsV8xjl4Gx7K+SawuaDWWKNZVjhL7BcHb+Bzsq + sWDZRczlnot1oG5v2QVOf5UhuD5+P6w+H+pPkw3arB9RWo6FxZol1ir7uEJBjLoXu2WXKKMdYp22 + g74/CCvthCY5T1yJA7Obqrk3LzOJ+LJY/97d+1ck4rC7YYsX4ObCanCVTj2sQU64FDjzUe16h113 + ZvOMuIoU/1VpIBEh/o0gVxbQjQTYcInxJh7WZj+dpy32LLMvWOgGgRsy9iy1L16yjusjc3XQcftu + lzUH3e1B1+25Bw29t6X3XJTV0PtbOi17WzpZt6YHbn9LD7f08Kv7/wIAAP//7FhdT9swFP0rV0Ka + 0qxNRQvt1IkHBDxMGmhat72skxpSQ7OlSYkTYGL8951rO65DUxAdD3sAUEl9fe3rc7+OE/RX4/2g + vxrfW43vrQ4wXO3Lj8643Zcfe60NMQHgDtHVr0Wb3a24MjX5dvhM35r5L+XbV7++jF9Rz6rkH/nK + xzxG/nEp6BiFEINjsSwC2h22idse1ats9TvfDWyZVd/7wWsCbuOoqlN0e8N3KND+serAaI4/M2Ju + Aoc8qUcePlpNrn3cseSj6kPwHf86WyQpdkS2qwX+rQHUY8sfZ2UeCcRXInzutB1cBxexFAzs8tKZ + eLziAz76tt0WwSdNrw3irBvOrmMJTgEGvt/rgSpcMMZIiIoPMmmYLi+nBK4F+1IKKddxHHEcCxvH + fAaRh+dxwt2zmIcFZRE2knQzB80owHqNIqN2HkpBWU5XuD79Jtw7I85DidWjPLxgA8CSykVKTIoC + lWngzbkgEGcqbrJKJSIZiTTEPYK5B7aKozmh1YNUJ/EvAVp9gV1CmL1cJnGk3vYZjlMZnAjgg5xl + Xu7O0keDTWUqwwsUC6bhHVnyFNgnrxKznUFGEi78cRRn4ACO8TKYpL311aGUAmnJxsA83ERzUHus + a9Fh2mVtCA1SuSjKPEVw40mWScHoOjZgXqMRAQO4s4MbRQZ/4u8oSyPE/CSdTqeTlC9jBd3REU4G + fnNPB8SvP+NceG92bntDhJb+36rmRnrmAYHSGjWPheopMIfjkUqB4Tqg6fjk48nRF9qlwzG9uSqz + 4v0EP3rxrq9HkIRNYr87QV6+5aPKLBEBSLyH6I9wsQpEet36wdaAC0Ml7Xa19lQZoI1SAHqwo02e + yPM2I9iiA84cusPK5kxYa8aG37cMOPTNBgqdZrMS8UKcau549U5lVKvj4IQbKjkkm2q5VVqr5lay + Vs8dyYOK7kge1HRH8qCqO5IHdd1K1iq7I6nXduD0Sb13mVUgjcxMA5JBBes5cDFGBhPeyIWLMTKg + GFEFF2NkQXEkVc+rUKmJGCSLSk3CIFlUahIGyaJSkzBIFhVHokGyqNQkGiQnmIDXHJHEIdnRNG+0 + Xuj5VjLiD3QnfDuMOA8QmOU50t/0gNNYXeFMC/DtpaUX3Aa3I/qqLvFcgEyxr1yCiplAkgeuUn+T + kvZWo87eJh3txkad/U062sGNOoNNOtojVoc8OuMOpLqT7XAqCNra421VdrWLudWEicxoqQM4ICYS + dtPhpk2VSx/f1AQEutTaBsZ3HxbLMCrYb2cZxeoLIQSu45mYrdo8Jn4GK8oFqrl8Tp83qsuM79FM + U7xwtojTFnmtPwvQkCIbWerRSGhfyayTwG7Be5rMDrYkswMms4P/gcxue+N1A3cLMvsXAAD//yKp + MWs42pgdVo1ZAAAAAP//7Jpda8IwFIb/y8DLdE3btHohTtgGu/Pau5hUB6Mf9AP//s5p0qzJrINd + jMICXog5aY4JeX3lfbyZ9WZ2as4sTbfMmaXqljmzdN0yZ5ayW+Zsqu3ezI775c2sN7PLMLPUTP3B + zH7P1elcrk6TuQE2DmAW1zVcfAzQAIb+TmloSt0Bk1WP32mucC67Dg1fwbuOi3cMwG7QHG5E6D7F + wBhtXxQcQ8+HmzkebhySC1Xzy1gUvcaOC4G8xZvcsjNPYklP6yRkJ2gkyzY0ilJcxxTBCnfKcjzV + vZSwRguVXz2gsCAd81RdeVujrcWH3uWahkPIg0ujyuDnvhjZGkYjmuQ0zONIblIRC5ZRsWZShjw9 + 03y9k9vhKat4v4pe4aXmkYKXOpYkRH3UBn1LrrAjJAqgRRkoacMtIzXnLe4YzB+sN1wiePt8IGlQ + l9i/y0gtv2MXslp+xy6ktfSOQW+kwos0SDD9P3nQzCHeJ8y5FNSkNOtYlVj+0jdVnT8eQX8EUjb6 + 4iEqCKPmJuM6mpzUDEKjZdZLwd8f+n+Vgk8AAAD//6Kvi0eLApxFAbx5AXRiOiTHVYNWGUPZBkBz + 80sSoYun0ZsbuNYqGuBaq2gAX6uILgFvngG7yplF+XmQBhBEKKUUukoewiXKpfm5EBOqYUxoYUdG + AYe0wF8fZq6OUm5iRRBkiAPFbvCys6ISxxKIO8qALWty18phrHaFGAY3FGhXRmJxWD541R5sQSpo + vS1oLRzISrhDUF1rhOJcqAZw8NTW1gIAAAD//wMAyhvF5ZQxAAA= headers: - ATL-TraceId: - - bcd52343189d51c1 - Connection: - - keep-alive + Atl-Traceid: + - 562f3288ebdb8cc5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fdbd3331-0024-43e3-8f99-524ac8bcd81d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '233' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b02fe857-81b0-42f7-ab04-43d6592aba5a - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1094,174 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0jZrbqIHFVmFdk+ySJJOsZImpU2FZdn/boKLH7fhneeZ - lzkRrRbcz5ZI8h7CtMjNpsMeTej8hy9UsGpZBuUKh4Fk5BPnZfAuwhSAFlBA3uxuXpr75/Z3u1tH - HSciXxOUQQaHjHQ4WX8c0YX2OGE8cGv92kVJr4PtvhUik1CJS3inQgIZMJpDmTPR0lIClbwsAOAK - GED0F5xjbzuM/9htS5nklYTrAir+w5rxwfU+goJtRV31WhmOXGENpq9FrTutBPQGQJWlEBr5n4Jg - U8PjMCuS3unVasOTNyrFJ2IvE0H3tm/I+fwFAAD//wMAVR8SPloBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEqGsuCEUfrDdsPDaH0CeUmFLay1hagZ41jUiGWlGKedQs07IUqDBf9bEN3a + 8NjPCtZ3rFpcfPKdWuMTuMsEZnzb7+B8/gIAAP//AwDHxr0eWgEAAA== headers: - ATL-TraceId: - - c4e44140ddd64b55 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - ef8cf52736e6f877 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d8e3a6e8-1606-4ea6-831e-098c13df6935 - x-envoy-upstream-service-time: - - '24' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 250338c7b8028229 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2304db41-859a-468b-a1f1-ae26d612e7e4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d7337723-9c0d-4f62-968b-cd1c0571c18e - x-envoy-upstream-service-time: - - '63' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1271,159 +1089,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 69c85eeb546abfab - Connection: - - keep-alive + Atl-Traceid: + - ad696811cbc4a01a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 40b93fd1-ef98-45e9-8675-9f042fa99191 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '169' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c075453b-3163-4510-863a-14fc1347a6c8 - x-envoy-upstream-service-time: - - '101' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/223] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2853]\n*Defect - Dojo link:* http://localhost:8080/finding/2853 (2853)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2851]\n*Defect Dojo link:* http://localhost:8080/finding/2851 - (2851)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/277]\n*Defect + Dojo link:* http://localhost:8080/finding/277 (277)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -1436,53 +1197,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '1931' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11097","key":"NTEST-908","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11097"}' + string: '{"id":"11792","key":"NTEST-1454","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11792"}' headers: - ATL-TraceId: - - 937acfb4ecc0618f - Connection: - - keep-alive + Atl-Traceid: + - a02e84e26c6f97e6 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - afa342f3-1985-44b3-8d3c-6ce105dcca20 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '486' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 44c306c8-6e4f-49fa-93c4-a286bbe4662e - x-envoy-upstream-service-time: - - '427' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1492,109 +1259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-908 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1454 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6Nz1Er8lQOIO0+ForuWux3FA2w+UYYS9OCq25JHkJFzpf79d - 2cZACUNpmMHSSvv+7Gq/erCquMy8xNMgM9CQ/SGgyMxA8hLMwKRzKPlAVaC5FUqaAWTClmD5IJ1z - mUOh8sECtMEzyA6h0mBA2uauN/AESY6icLqFGwPFBW7n1lYmCYIMLiC1mfqifG4Lbozg0pdgA5Rh - A16JIA6EMTUEnYBLuEL+/ePZ0fFwGk6QcuGM9ZKvnkGltUm5hVzpq8a4DHfIEIdxNAzHw3hyHMXJ - aCMJp/40mv4WxmFINpIOe1WBE/NMG4k/iMIwjG+8bjcZmFSLiiKC1B1mSl4UA5YJY4VMLasEpMDU - BVsqfekTd6rkB108xQoDaa0hWAhY8gW3XL824j/YLjFJdfmiIe1l21E4iibt9hgN3e5dHniUaNR1 - zM0l5ag+t7RKLnhhYOB1MrzECfk28KxAYFSYZC+RNXriVVp9QfOeGb2W28XOZaOLHW1uJby39IMU - 1qIAwlfLTU795e4adWGXXJNjRpRVIRAh2T1vMLgOMuPJajx5irltmFtlbaQrQYHF3+04j0PCaTxe - xeNnC3YpdCh5YdrvI7qizVW0+XO6Vp2ydvGItlG8GsU/p60Fp+kWa7V9+0b1vfrYdBfM2MkpZjDP - NeRY19/BEDGlirops4aS1saq0rWIM9QQb607mHwvo2kdDZUK07U/LxlGbb8gBGuRNuq+fkcjfKH5 - Zq7qInsjTFXwqxaFSF5yi321aVs/XjFNT7zpgkEjTVM5uOWuqikqztJPRBAy9xKra1KNMu1HbBdU - FG0wNKCvVHUP9cnNaKPrk/ejFq4LZ7TuIF53MOp7iVBa2KtnhqZjD1wXfnofFSXPwQTEYTohAglz - kc99s8j75vMOKV2Xij0X0HOgdkLgvOcW1eWD/kbrkBhNyPE5N7NKpO+FvHSP8Ruo6G2WaQchB6yl - O7uhSCVn+DTz8wIOgZsGlrpdeQfvP7zd2z97v7c72z+anc0OD/85RDewhAx6jheO58AOsG9Ky0gv - E4YpWVwxrElRkFBmFftTaM4ONJRYt6w2iDnfVel9L6YoMLwWYTiGReI1TwYmCaPcF9WdQsZ450Ly - 4v6ldrJow+uAX6B1XS/ABOYSbm7XFVXtE5DczArPxFjDfPNe3X3efwx2Pax+5+kljlIdsjrhja7d - dqj5KYO7yagpDVQSd8+rhCVVtyqU3m+sOS9qGOYaW1Y/Hij2RjXJVmWFw560bRYey9/d4HyWt/92 - WK5VXdHk84eQGTYpwxD57BxAsqo2c8gc5vYOd+h7DkzIBSkg0GQMh1aGrwNkCQmbxz57S+I+y5fu - +zJhJzdihUxYlScbfuSH1xQ6jFyhUl7MlbHJJJyEwUVz98zZFMTx6BS52MkRPWPYUNg7tRxa9TDz - KQvYSWQs+7fm2oJmM5ljVZUYo0cY9g/+Zjs1liw7Srlcc7EJ1fU1OwKsBTIE17sfZ+7zqfl0+aBN - +1jS8lhYrFpidfnHFQpi1L/YNTtBGcMYK3UYbYaT2GknPKUL8EthNfhK50Gai+G5kEQlGPi4f02L - 7bvcpyRwOu6FLG8LwZrkhFOBYxvVcjAd+3NbFsRV5fjPpYVExPg7hFJZQKcyYLMVRp942JD9cpAP - 2IvCvmKxH0V+zNiL3L7aZiM/RGZ3MPI3/THrDsb9wdjf8Lc6+kZP3/BRVkff7Om03OjpZF1Lj/zN - nh739Pj2/VFPH/mjnj7u6ePega1eLy1v0W/00jL+dQ1CMHA7OHIsYEDJd+MueyjTW+sy/T8AAAD/ - /+xY207bQBD9lZGQkJMGR0lKL0F5oMADUkFVofShqRRjbxK3jm18CVSUf++Z3fWyzqUFlFZ9gKAk - 9uzsjs/MnjmbB2Vae28q089Z3kyWwXbvMi/2p+1zb9Jv0imIQN0twyg4PrRvgSeQKqbYqXW7ek07 - rqFhed1znzfkU1JVdZJ2981uD/zdPJQtGt3zW0IsXgD+nx3J4fcG3CvihxvvaE7k5yNcfMHHzuO3 - IvtfKP9NdoD7Qrooo1hkUjGazsTdFyUjt//9SCBj1EETXbyKIEapyeMjntoNk7YXzMMcCgN6fLfb - hXAYM6DYAJU6ZAkxSicjgvIqPLRtjzJVtT5XrTBVO9exhRF30mLqFZT4WCin6ylERwENrB0Zv0sv - F5RkdIWT3Q/CWdPnfZdjdj/zxhwANFM5i0kiQ/xIUNGZIMhoKq6TysWn3Ad6OFWwEsFSoT8l7ERI - 7Cj8LiCyx1jFQ9hpGoW+/O1MK54q4EgAH+xQVun2KPVoiKmMc28McmBRvpOXPATx5VeRXk4jkxMO - +KEfJtADVvC5O4y7y7PDKQbSOQeD8HCqzCD0Ma9Bh0WYicHTSGWiKLMYlYxveRkVjK4VA8atDMJl - ALe2cL5IkE/8HySxL9JiGI9Go2HMR7OCbukATwatc0cDTH9Vhplwtrd6b/fSifxoVCN9NW5AkLfa - yWGj/ObqR+M7lQODNaDR2dH7o4Nz6tD+GW1flUmxN8SfnLvdVDda1F1hbbaHw5he8GPmSSRcyHkn - zRIfRyxXxPPGV44FqhgecbutnEdyeRWSBM9BFC1yRJa1GL0GDZh86BYz6yfCXAGHfdfQwJC1406S - oEStYLvV71e/ofRrjA1tuIazYVnH2sZpibeNZYm5LcsCd1uWBfa2LAv8bVkWGNxYljjcstRZHDh9 - kL+fBBVIfT1Sg6RRwXwWXIyRxoQXsuFijDQo2lTBxRgZUCxL1d0qVGomBsmgUrMwSAaVmoVBMqjU - LAySQcWyKJAMKjWLAskqJuA1RSVxSWpO76eTHZT6LMwFe8nq4y7Fb+hRuNr3eR+gMMtLbH3J/ieh - PMpp8m+ao0vXvXFv+vRJHuaZejTNVwkBV0awZK7t1FvnpHK10uflOh+VxJU+u+t8VHpX+rxa56Py - YXzIgSrjEdyXTG+TJdBS+W5JwlUJ5ibjRXlCqSpfl1gtmEVfr1tUJvT3i+pyQH9aWgBLHM9Szy84 - Z6cJhfKCkPx5GIhADjgrRCp7RiZwPyh9oQZrHfoReigToPb8MU1fOqYJH69ZvDheMAvjBjmNnzMv - jIqkbyTISiX7rGKt/Wzz3wNUbOepKrYjVWznX6jYzZxuqxL66yq28x+p2F8AAAD//xptxY7gViwA - AAD//+xay26DMBD8l0o5GjBvDlEaqa3UW865OTZppYqAeCi/311sKHYglVop4mCJg8Wu8bLgYdDM - TdSy2Ckt05BbY2UadmusTENvjZVp+K2xMg3BNVamYbjGyqYoblns0C/LYoc5lsX2r8N6WCxVE39h - sbdKO11S2mm4FIiGAKpzbc34V28CQE+CkeqNqWZgSb32RvV6uNWlxNFXwdqW8U8UxGaFci+bVYVN - NbHpioKhDPo0q+xh49DLUNZ/FEqRduwY5+ifeBfb6MzCQNBTGnrRCapMkoz6fozrjEmwwp20HJ/q - XghYo4HMnxoQZ9AX81xeWVMhR8WL3jUnSUON81HLNPj2F64cuhH1aZhTLw98kcU84FFCeRoJ4bH4 - TPN0J7b9VTbBfuO/wSHnkYJdlExJiDzVOF1DrtAR4jv41jsS6bBlpGKswY7B/J6Pw66C4cuBxE51 - wfpN19P6Kza9U+uv2PRfrb1iwBsh3U/KWjD9jzwo4yDuJ9S2pElJYtYRgBbSX7u6rHL3CDDD0Xej - Nh76/SA67mRcRzkXlSuhVjBroeDxD91CwSMq/i8UfAMAAP//oreL6VgUwFsRQCemQ3JcNWipMJRt - ADQ3vyQxB8jC0h4CNraUqmuVMCVwLWs0wLWs0QC+rBFdAt5uA3apM4vy8yAtI4hQSil03TqES5QX - 8nMhJlTDmNBSkIySD2nFvT7MXB2l3MSKIMgwCIrd4BVqRSWOJRB3lAHb4OQuq0Nf1QoxC24m0KqM - xOKwfPD6Pvg62vwi8Ko5kI1wd6A61gjFtVAN4NCpra0FAAAA//8DAPbHtQ3+MAAA + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDc7YNTpdCiYhJZSCk7ygTDMIa2lC+c79e5kTEP+e3cl + yw4mzgQ6zfiD7m1f7tln99YfPJhXXOVe6hlQORjIDwXI3PqKT8H6Nithyn1dgeFOaGV9yIWbguN+ + VnJVgNSFPwNjcQ/yM6gMWFBucTarrdPTCSm8iqMojgIDf9dg3fiuglPDMycy8HxPkP043tlNcGJB + TnBaOlfZNAxzmEDmcv1eB9xJbq3gKlDgQrTkQl6JMAmFtTWEnYIbuEP5k/HofNyLBy8GuNS4YL30 + g2fRt9pm3EGhzV17hxxnKJFESdKLhr14dxxFaRKl/Z0gjnZ+jJIoIifJiEPHGzXPdJLkQ4QiIkfb + ay8mOdjMiIqAw9U9ZqdcSp/lwjqhMscqARkwPWG32twEJJ1p9drIJ3pRK0Hh4vKKz7jjJpwJuA0b + t1YOLrbiqB8Pf7HiH/h5imGvp2iVaIEmx9zeUKzqa0ejdMKlBd9rBY/wXo2s75UCiWOy8u4YZoC+ + Rh99zwlkVoUs8VJV4x29NZr0o00bcbdRGf0er/rMSCykmzg0ke3iQJNP2LO67mslnEMF1lvaJgr/ + 3py1euJuuSEiWzGtpECH8zVIMFAN/QbD+WD4RHe/ELLuJsuADaIddCMZzJPB/2ulpUVDUjQYb8/j + 7W9hcN5Z7CfzfvItLC6Y//HjYzomHR0nYv6mrYEY5ItLDHpRGCiwrDziOrqjZd1m+WdJnuxs2hhu + 2th9rLwtae0qFYymentpL17UMULFiKz148OjNeIqXtiWupb5gbCV5HcLRuMywuveIHTE8oUJ7vCh + aAvs0/OxLd+rgh226gxlWzPc1zUh2Dj/lhaEKrzUmZq8yQzgZSmFHxfw7WCY9LsCvg7bpjKTLMvM + +sYy4JUR2gh398wLd+Jh8wp8fR0XU16ADUnCdkoELpSiKAM7K1YF6xWudJUt8R5zN+l3V5H8Gqg2 + EW3X3+vtDUDEmzgaDwmRkttRJbJjoW4OaecAKuotVNZxqGHWbbO3XFFajbC14NcSzoDblpdmMfJO + j1+/PDq5Oj7aH52cj65GZ2d/nuH9MLksQoIHxiWwUyzCyjGyy4RlWsk7hgktJCllTrPfhOHs1MAU + M5rVFhkWfC6xY0woL7oXUTSU71NvLZ0R9EIoLjGcGI9VmtHe+tqiM1rA2/BconddlcDIFgqWp+uK + 0vYrmNw2Mc8kXyu8fPwe9h1P4+OKb7/y7AZbwY5ynfLW1v6i2/pPDnctW5szaCTp3moFt5TdWmpz + 0npzLWvoFQZr1qph0exAt8HW0wqbVeUWUfhSTB+C8059+ttjhdF1RS3ZoVA5liTLkPnsGkCxqrYl + 5A3njs726HsNTKgZGSAi5QybbobvBuQpKSuTgL0kde/UVvPdStnFUq1QKZsgImUaBf0guif0EDyp + My5LbV06jIZROGmPXzVuhduXKMYuziGrqdSwV/q25/TnRS9ZyC5i69hfNTcODBupAtNqiiB9QeDk + 9A+2V2POsvOMqw0HW6zu79k5NoCNIzjefzNqPm/bTxcQmizeURqOhcO0JdGGADhCRYwqG7tnF6ij + l2Al6sXbcbzbWCdCqVkeKOyZg0LPwlktFVLMYQkIH56/JBWDqIWS5LJbCKbCGQi0KULMQ07cFNj3 + Uf6GeDQo3VSSXBMJ/DaxID1nUNSSI2pz+vvTuH8ASnBJ3DgHM8N/OazHvj8kQZ99J91PKPwiSH7Y + ABoq3cN3eAY+4dH0k+yecNzqUEy3GiBojW0d1MAOkFS4eA6VC1i84zMqIewhY7tfGQdLyr5T/wIA + AP//7FltT9swEP4rERITVCRN0qaFTohVYkh8YEJM4wP7grFTmqmpo7yUSYz/vudsx6SBsI0hxAck + VJre+Xy+Nz93wfPAe/lD1OHYD8djREHvUGU6kvCHdKgGQtk/rnO28LH92LGfPrTTQ2iB8B3/3Gd5 + GXsiYJSI/4uzdcv3vsoqhx2PkkWMDI+1rT9clx9VUDUYD+8rTw8Vwm4rUZJMSnuJ7DOxSgpUL4CA + KByhKM3IygiX+uYh710q4ZcOrkeHVEVLZi7E3DjdKEJOF9bphXH6zZwKGoO85bUDMMtBx83Kczaj + negeRanJqtKD5c/v5Z9IUS1iU7nWSTVanjTiCBynCveJmgwqLLNvyQ0B4JxjNX5ETKpEnLSNudP4 + oQD+6CDkq9ilGybhDxk1dcZWdCc2vESVa0IfFFx4nHIOeRNU/atFwo0HTxJV6o0Dv6m7nWxuPKNP + 5cjcWYCQe9bzx2nGeElrvkgnUQ8O2pNVImKxFktnyCgAHmz9LxFilmaSCj0F+BYTabLcdra2f6UI + 4FJOELQP4XLQBZeDYRchakKjMgdEULidOosWq29Z2wQLQeszdTF2QVK/q23ybdvEypLxOd12j3Rv + bUhQVGnKCMtsdF3PZDvqSWT+TMBDGXXAOKeu51jsRzM2HIjganfoR1dQfDzeC8JwRPtYJuzwBFtM + jp0KQVEPznsdXNP3fpI3rMioKJLQJycWyg+xB3Sl2DzAqbprjoIwGMaBHw9CsTfiAx6NA74bCeGz + 0SyIdw/EvpKyOZhuhkf40+vclC0N2nBd/VPhVYV7A4u4oQcVhaczi0zmZowVZDGsV4Ub7QO+Hp66 + Iy9bkv7t6cfb17g9Pnn7GrfHL29dY5QcoccYpkVowpFTM02kfCLUpUcLumxdAJmC/XOVyyzuX6AE + cWqsTeLREBBUm8m0j5mJmu4iN5X2vRS8vtPfS8FraPxeCjpLgQUSUPFaZ9wtvT8w333IlSUzr0Xa + 8KRrCunbKWSbYGd6bYJFaPFyleRyqaGOGXFU5v2XfvwbTVeyfLlZrxZmhWKnOSvOpZqD1QNnhJBW + +bb+aqrrsxVQ7wr7tdydjZT9PIuLakGCG4dVE6y8nJb64DRJpykXHd3+vr44XFttFiht7+7ufgMA + AP//AwBIRP2obh0AAA== headers: - ATL-TraceId: - - 0a3fe6ecdd594890 - Connection: - - keep-alive + Atl-Traceid: + - 9c57c1b734e78509 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6e160ddc-8e18-4eb8-b15c-20aa4e5f4f5d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '261' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 87c9cf70-e8c9-44c1-ae59-7a20b8b57431 - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1604,104 +1364,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11097 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11792 response: body: string: !!binary | - H4sIAAAAAAAAA6RW61PbOBD/VzT+wNz1Er+SQOIO0+Fo2tLrcVyg7QfKMMJeHBVb8khyCFf432/X - j5hXGErDDF6ttO/frvTDgWXBZeJEjgaZgIbknYAsMT3JczA9E88h5z1VgOZWKGl6kAibg+W9eM5l - CplKewvQBvcgmUGhwYC09Vmn5wjSHAT+ZAsXBrJzXM6tLUzkeQmcQ2wT9V253GbcGMGlK8F6qMN6 - vBBe6AljSvBaBRdwhfL7R9PDo/7EHyPnvHLWiX44Bo2WJuYWUqWvaucSXKFA6IdB3x/2w/FREEaD - UeRP3Ekw+cMPfZ98JBv2qoBKzQt9JHkv8H0/XEXdLBIwsRYFZQS5O8zkPMt6LBHGChlbVgiIgalz - dqn0hUvSsZKfdfYcLwzEpQZvIeCSL7jl+o0R/8F2jkUq842atZdsB/4gGDfLI3R0uwu551Ch0dYR - NxdUo/LMEhWd88xAz2l1OFGl5KbnWIHAKLDITiRLjMQptPqO7r0we410lbuqGm3uaHGr4J2nn6Ww - FhUQvhppCuqv6qxR5/aSawrMiLzIBCIkuRcNJreCzHC8HI6f426T5sZYk+lCUGLxdzvPQ59wGg6X - 4fDFiqsSVijZMM33CVvB5jLY/DVby9ZYQzxhbRAuB+GvWWvAaVpirbWbG+rv5Zd6umDFjk+wgmmq - IcW+fgBDxJTKyrrNak5cGqvyakScooVwa93G+KGOenTUXGrMavw5UT/AJbc4Feuh8/N4ryfaaoZ5 - tTZNYK7IXVVSTAHNpa/EEDJ1IqtLuGlGFSnTIq4j/fGAR47hUTNXZZa8FabI+FXTAMhGr+wXHBfU - FE0yNGCs1HWPzcnNYNTOyftZ89elM1i3EXYjQygt7NULc9iKe9Wwff64FDlPwXgkYVolAhlzkc5d - s0i7GfMBOe0wCp2bh6EM2lAyfgY0Tgic9w5RXz6aiGAdEoMxZWTOzbQQ8SchL6rL+C0UdDfLuK1j - Vd3Lam/FkUpO8WrmZxnMgJsaG7qhnINPn9/v7Z9+2tud7h9OT6ez2T8zjA9byGBK8MDRHNgBzk1p - GdllwjAlsyuGPSkyUsqsYh+F5uxAQ459y0qDqHWrLr0fxQQV+tfC94ewiJz6ysDqYfq7prrTyFiI - VEie3T/UvCya9FZIz9C7dhZgZVMJq9NlQV37DCTXb4UXgq8WXt1Xd6/3n8Njh7c/eXyBT6kWcq3y - 2tZu86j5JYfbl1HdM2gkbK9XCZfU3SpTer/25iwroZ9qnBvd80Cxt6outsoLfOxJ21ThqfrdTc43 - eftvh6ValQW9fN4JmeCYMwyRz84AJCtKM4ekwtzebIe+Z8CEXJABAk3C8NHK8HaAJCJl89Bl70nd - N/mq+r6K2PFKrZARK9Jo5Aauf02pw8xlKubZXBkbjf2x753XZ08rn7wwHJygFDs+pGsMJw37oC77 - Vj0ufMI8dhwYy/4tubag2VSm2FU55ugJgf2Dv9lOiS3LDmMu1xysU3V9zQ4Be4EcQXr3y7T6fK0/ - bT1o0VyWRB4Ji11LolX9kUJFjAYbu2bHqKMfYqf2g01/HFbWCU/xAtxcWA2u0qkXp6J/JiRxCQYu - rt8QsX1X+oQUToadksvbSrAnOeFU4LONetmbDN25zTOSKlL8V5WFVIT4m0GuLGBQCbDpErNPMqzP - fjtIe2wjs69Z6AaBGzK2kdrX22zg+ihcbQzcTXfI2o1htzF0R+5Wyx91/JGLulr+ZscnctTxybuG - H7ibHT/s+OHt84OOP3AHHX/Y8YddAFudXSJv8Vd2iQx/X4MQTNwO3vsL6FHxq+cue6zSW+sq/T8A - AAD//+xY207bQBD9lZGQkJMGR0lKL0F5oMADUkFVofShqRRjbxK3jm18CVSUf++Z3fWyzqUFlFZ9 - gKAk9uzsjs/MnjmbB2Vae28q089Z3kyWwXbvMi/2p+1zb9Jv0imIQN0twyg4PrRvgSeQKqbYqXW7 - ek07rqFhed1znzfkU1JVdZJ2981uD/zdPJQtGt3zW0IsXgD+nx3J4fcG3CvihxvvaE7k5yNcfMHH - zuO3IvtfKP9NdoD7Qrooo1hkUjGazsTdFyUjt//9SCBj1EETXbyKIEapyeMjntoNk7YXzMMcCgNC - fbfbhXAYM6DYAJU6ZAkxSicjgvIqPLRtjzJVtT5XrTBVO9exhRF30mLqFZT4WCin6ylERwENrB0Z - v0svF5RkdIXj1Q/CWdPnfZdjdj/zxhwANFM5i0kiQ/xIUNGZIMhoKq6TysWn3Ad6OG6wEsFSoT8l - 7ERI7Cj8LiCyx1jFQ9hpGoW+/O1MK54q4EgAH+xQVun2KPVoiKmMc28McmBRvpOXPATx5VeRXk4j - kxMO+KEfJtADVvC5O4y7y7PDKQbSOQeD8HAuzSD0Ma9Bh0WYicHTSGWiKLMYlYxveRkVjK4VA8at - DMJlALe2cL5IkE/8HySxL9JiGI9Go2HMZ7aCbukATwatc0cDTH9Vhplwtrd6b/fSifxoVCN9NW5A - kLfayWGj/ObqR+M7lQODNaDR2dH7o4Nz6tD+GW1flUmxN8SfnLvdVDda1F1hbbaHw5he8GPmSSRc - yHknzRIfRyxXxPPGV44FqhgecbutnEdyeRWSBM9BFC1yRJa1GL0GDZh86BYz6yfCXAGHfdfQwJC1 - 406SoEStYLvV71e/ofRrjA1tuIazYVnH2sZpibeNZYm5LcsCd1uWBfa2LAv8bVkWGNxYljjcstRZ - HDh9kL/ABBVIfT1Sg6RRwXwWXIyRxoQXsuFijDQo2lTBxRgZUCxL1d0qVGomBsmgUrMwSAaVmoVB - MqjULAySQcWyKJAMKjWLAskqJuA1RSVxSWpO76eTHZT6LMwFe8nq4y7Fb+hRuNr3eR+gMMtLbH3J - /iehPMpp8m+ao0vXvXFv+vRJHuaZejTNVwkBV0awZK7t1FvnpHK10uflOh+VxJU+u+t8VHpX+rxa - 56PyYXzIgSrjEdyXTG+TJdBS+W5JwlUJ5ibjRXlCqSpfl1gtmEVfr1tUJvT3i+pyQH9aWgBLHM9S - zy84Z6cJhfKCkPx5GIhADjgrRCp7RiZwPyh9oQZrHfoReigToPb8MU1fOqYJH69ZvDheMAvjBjmN - nzMvjIqkbyTISiX7rGKt/Wzz3wNUbOepKrYjVWznX6jYzZxuqxL66yq28x+p2F8AAAD//xptxY7g - ViwAAAD//+xay26DMBD8l0o5GjDPcIjSSG2l3nLOzbFJK1UExEP5/e5i42InpFIrRRwscbDYNV4W - PAyauYo6FjulZQZyG6zMwG6DlRnobbAyA78NVmYguMHKDAw3WNkUxR2LHfvlWOw4x7HY4XVYDoul - auIvLPZaaadzSjuN5wLJGEB1rmsY/xpsBGgMsFIDnWoHtHo93tFc4pyaHWhfhR3ItQrcdYx/olJ2 - w95hq4ltX5YMZdCnm8oeNg69DFXzR6EUaceWcY4OjHexSU4sjgQ9ruMgOULVWZbTMExxHZ0EK9xJ - K/Cp7oSANVrI/KkBcQZ9Mc/VhbU1clS86F1zkjTUeB+NTINvf+nLoZ/QkMYFDYooFHnKI55klK8T - IQKWnmix3orNcJVVtFuFb3DIeaRkZyVTEiJPtV7fkgt0hIQevvWeRDpsGakZa7FjMH/g47CrYPiy - J6lXn7F+2/W0/Ipt79TyK7b9V0uvGPBGSAuSshZM/yP3yjiI+wm1LWlzkph1AKCF9Ne+qerCPwD+ - cDTkqI2Hfj+I6p2M6yjnonIlNApmHRQ8/qE7KHhExf+Fgm8AAAD//6K3i+lYFMBbEUAnpkNyXDVo - qTCUbQA0N78kMQfIwtIeAja2lKprlTAlcC1rNIAva0SXgC8SRJeAt9uAXerMovw8SAMIIpRSCl23 - DuES5YX8XIgJ1TAmtBQko+RDWnGvDzNXRyk3sSIIMgyCYjd4hVpRiWMJxB1lwDY4ucvq0NfFQsyC - mwm0KiOxOCwfvL4PtpgVtDAXtGoOZCPcHaiONUJxLVQDOHRqa2sBAAAA//8DAIecn9v+MAAA + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDc7YNTpdCiYhJZSiknygTDMIa2lC+c79e5km4b89+5K + lh0gzgQ6zfiD7m1f7tln99YfPFhUXOVe6hlQORjIDwXI3PqKT8H6Nithyn1dgeFOaGV9yIWbguN+ + VnJVgNSFPwNjcQ/yM6gMWFBueTarrdPTCSm8iqMojgIDf9dg3fltBaeGZ05k4PmeIPtxvLOb4MSC + nOC0dK6yaRjmMIHM5fq9DriT3FrBVaDAhWjJhbwSYRIKa2sIOwU3cIvyJ+ej8XkvHrwY4FLjgvXS + D55F32qbcQeFNrftHXKcoUQSJUkvGvbi3fMoSpMo7e8EcbTzY5REETlJRhw63qh5ppMkHyIUETna + Xns5ycFmRlQEHK7uMTvlUvosF9YJlTlWCciA6Qmba3MTkHSm1Wsjn+hFrQSFi8srPuOOm3AmYB42 + bq0dXG7FUT8e/mLFP/DzFMNeT9Eq0QJNnnN7Q7Gqrx2N0gmXFnyvFTzCezWyvlcKJI7JyttjmAH6 + Gn30PSeQWRWyxEtVjXf0HtCkH23aiLuNyuj3eNVnRmIp3cShiWwXB5p8wp71dV8r4RwqsN7KNlH4 + 9+as1RM354aIbMW0kgIdzh9AgoFq6DcYLgbDJ7r7hZB1N1kFbBDtoBvJYJEM/l8rLS0akqLBeHsR + b38Lg4vOYj9Z9JNvYXHJ/I8fH9Mx6eg4EYs3bQ3EIF9cYtCLwkCBZeUR19EdLes2yz9L8mRn08Zw + 08buY+VtSWtXqWA01dtLe7HvITjuDV6cONoeaBKfcDIiaz378GiN2IsQ2FLXMj8QtpL8dslxXJ5z + hw9FW2Cfno9t+V4X7LBVZyjbmuG+rgnBmFx9SwtCFV7qTE22MwN4WUrhxwV8Oxgm/a6AP4RtU5lJ + VmXm4cYq4JUR2gh3+8wLd+Jh8wp8fR0XU16ADUnCdkoELpSiKAM7K9YF6xWudJUt8R5zN+l3V5H8 + Gqg2EW0fvtfbG4CIN3E0HhIiJbejSmTHQt0c0s4BVNRbqKxjTMOjebO3WlFajbC14NcSzoDbloVm + OfJOj1+/PDq5Oj7aH52MR1ejs7M/z/B+mFwWIcED5yWwUyzCyjGyy4RlWslbhgktJCllTrPfhOHs + 1MAUM5rVFhkWfC6xY0woL7oTUTSU71OvfbEwegj/OqvupTgGohCKy4eHlp3REt6G5xK966oERrZQ + sDpdV5S2X8Hktol5Jvla4dXjd7/veBof13z7lWc32Ap2lOuUt7b2l93Wf3K4a9nanEEjSfdWK5hT + dmupzUnrzbWsoVcYrFDrhkWzA90GW08rbFaVW0bhS/G7D8479elvjxVG1xW1ZIdC5ViSLEPms2sA + xaralpA3nDs626PvNTChZmSASJMzbLoZvhuQp6SsTAL2ktS9U1vNdytlFyu1QqVsgoiUaRT0g+iO + 0EPwpM64LLV16TAaRuGkPX7VuBVuX6IYuxhDVlOpYa/0vOf050UvWcguYuvYXzU3DgwbqQLTaoog + fUHg5PQPtldjzrJxxtWGgy1Wd3dsjA1g4wiO99+Mms/b9tMFhCbLd5SG58Jh2pJoQwAcoSJGlY3d + sQvU0UuwEvXi7TjebawTodQsDxT2zEGhZ+Gslgop5rAEhPfPX5KKQdRCSXLZHIKpcAYCbYoQ85AT + NwX2fZS/IR4NSjeVJNdEAr9NLEjPGRS15Ijagv7+NO4fgBJcEjfGYGb4L4f12PeHJOiz76T7CYVf + BMkPG0BDpXv46s7AJzyafpLdEY5bHYrpVgMErbGtgxrYAZIKF8dQuYDFOz6jEsLuM7b7lXGwouw7 + 9S8AAAD//+xZ30/bMBD+VyIkJqhImqRNC50Qq8SQeGBCTOOBvWDslGZq6ig/yiTG/77vbMekgbCN + IcQDEipN73w+353vvrvgeeC9/CHqcOyH4zGioHeobjou4Q/pUA6Esn9c52zhY/uxYz99aKeH0ALh + O/65z/Iy9kTAKBH/F2frlu99lVUOOx4lixg3PNa2/nBdflRB1WA8vM88PWQIu61ESjJX2ktkn4lV + UiB7AQRE4QhJaUZWRrjUlYe8d6mEXzoojw6pipbMFMTcON0oQk4X1umFcfrNnBIag7zltQMwy0FH + ZeU5m9FOVEeRarKq9GD583v5J1JUi9hkrnVSjZYnjTgCx6nCfaImgwrL7FtyQwA451iNHxGT6iJO + 2sbcafxQAH90EPJV7FKFSfhDRk2dsRXVxIaXKHNN6IOCC49TziFvgqx/tUi48eBJolK9ceA3VdvJ + 5sYz+lSOzJ0FCLlnPX+cZoyXtOaLdBL14KA9WSUiFmuxdIYbBcCDrf8lQszSTFKipwDfYiJNltvO + 1vavFAFcygmC9iFcDrrgcjDsIkQ1gUpsmQMiKNxOfUSL1besbUIXBPUtBK0P28Vo26Y1xNau9Kws + GZ9TxXsUCvu2xyqqNGWEZTa6yjPZjnoSmT8T8NCNOmCcU9dzLPajGRsORHC1O/SjK+gyHu8FYTii + fSwTdniCLSbHToWgqAfnvQ6u6Xs/yRtWZJQUSeiTEwtl7tgDulJsHuBU3TVHQRgM48CPB6HYG/EB + j8YB342E8NloFsS7B2JfSdkcTDfDI/zpdW7KlgZtuK7+qfCqwr2BRdzQg4rC0zeLTOZmjBVkMaxX + iRvtA74enrojL1uS/u3px9vXuD0+efsat8cvb11jpByhhxamRWjCkVMzTaT7RKhLjxZ02roAMgX7 + 5yqXWdy/QKbh1Fibi0dDQFDtTaZ9zEzUdBe5ybTvqeD1nf6eCl5D4/dU0JkKLOKAitf6xt3S+wPz + 3YdcWTLzWqSNOLqmkL6dQrYJdqbXJliEFi9XSS6XGuaYEUdl3n/px7/RdCXLl5v1amFWKHaas+Jc + qjlYPV5GCGmVb+uvJrs+WwH1rrBfy93ZSNnPs7ioFiS4cVg1wcrLaakPTpN0mnLR0e3v64vDtdVm + gdL27u7uNwAAAP//AwBYKQURbh0AAA== headers: - ATL-TraceId: - - 0f00b12a6be684f3 - Connection: - - keep-alive + Atl-Traceid: + - b07ed8cbc7990b7e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d53fce8b-cf7f-42a6-9dd8-5a787b41c3af X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '240' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 52a9b637-c991-4420-98cc-0ed4d89787e2 - x-envoy-upstream-service-time: - - '165' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml index 2fad763869e..7986a9281de 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2iZrbqIHFVmFdk+ySNJMsJImpU2FZdn/boqLH7fhneeZ - lzkRrWbcT45I8h7jOMvNxqDFLprwEQoVnZrnXvnCYyQZ+cRp7oNPMAWgBRSQN7ubl+b+uf3d7pZB - p4nI1xXKIINDRgyOLhwH9LE9jpgO3LqwmCTppXfmWyFyFWpxCe9UXEEGjOZQ5Uy0tJJAZVkVAHAF - DCD5M06pt+2Hf+y2pUyWtaS8KK/5D9sND96GBAq2Fby2WnUllgo5dJYLro1WAmwHoKpKCI3ln4Lo - 1obHflJkfceqxcWn0Kk1PhF3mQj6t31DzucvAAAA//8DANR4xQxaAQAA - headers: - ATL-TraceId: - - 63eec62d99262412 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJImpU2FZdn/boqLH7fhneeZ + lzlBq2aznxxIeI9xnOVmo401XdThIxAVnZrnXnniTYQMPs0098EnmCJSggTz3fbmZXf/3Pxut8vQ + pgnk6wplmOEhA21GF46D8bE5jiYduHVh0Ulql97pbwVkEhhWl/BOxRVkyFiOdU5Fg7VEIVlFEPEq + kZj82Uypt+mHf+x1gygZypIRyssfthsevA0J5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w2M/KVjfsWpx8Sl0ao1P4C4TGP+238H5/AUAAP//AwBn4gsfWgEAAA== + headers: + Atl-Traceid: + - 127649e841670240 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ebe3a6bd-fa43-425f-b0e3-34251eafb7a3 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 93cecec7375a936c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ddf370f7-72ff-46f1-afa6-68e5691a3821 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 54cc6b57-f322-44a4-9219-a3424c303a8a - x-envoy-upstream-service-time: - - '65' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,166 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 3c92d102dff8dad1 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - e07f4ef8e45bd217 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 73e1b9c8-9588-4f50-b801-4b2d93d0130f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '182' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e6e46cbc-f63b-420e-a354-9a74b9d6670f - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/225] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/8] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2855]\n*Defect Dojo - link:* http://localhost:8080/finding/2855 (2855)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2854]\n*Defect - Dojo link:* http://localhost:8080/finding/2854 (2854)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/283]\n*Defect + Dojo link:* http://localhost:8080/finding/283 (283)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/281]\n*Defect Dojo link:* http://localhost:8080/finding/281 + (281)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +252,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '7089' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11098","key":"NTEST-909","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11098"}' + string: '{"id":"11793","key":"NTEST-1455","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11793"}' headers: - ATL-TraceId: - - e8d4d6876435bbf6 - Connection: - - keep-alive + Atl-Traceid: + - b7bcfbd011c918cc + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6bac0647-c4ae-4b2a-9508-66c173f6dbe7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '646' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6c22008e-2d68-4e36-bf53-116cdeeb8cad - x-envoy-upstream-service-time: - - '389' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +314,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-909 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1455 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW282xKjDZCg4CW1KqXGSD4RhDmktX5DvNHcn2zTkv3f3 - JNnEwZSQmg+6O2nfnn12b/nswbLkMvMST4PMQEP2SkCRmY7kMzAdk05hxjuqBM2tUNJ0IBN2BpZ3 - 0imXORQq78xBG3wH2QhKDQakrb/1Op4gzVEU7g1wY6CY4HZqbWmSIMhgAqnN1Cflc1twYwSXvgQb - oA4b8FIEcSCMqSBoFVzDDcqfjIdn4+5euIcnE+esl3z2DBqtTMot5Erf1M5luEOBOIyjbtjvxoNx - FCe9nSR64feinV/COAzJR7Jhb0pwap7oI8kHURiG8SrqZpOBSbUoCRE8PWBmxouiwzJhrJCpZaWA - FJiasIXS1z5Jp0q+08VjvDCQVhqCuYAFn3PL9Usj/oH9GSapmj2rj46z/SjsRYNmO0ZH99chdzxK - NNoac3NNOaquLK2SCS8MdLxWh5c4JV86nhVIjBKT7CWywki8UqtP6N4T0WukHXYuGy12tLmT8LWn - 76SwFhUQvxppCuoP961RE7vgmgIzYlYWAhmSbUSD4DrK9AfL/uAx7jYwN8YapEtBwOLvLs798AVa - jvvLuP9kxS6FjiXPTPN8wFa0u4x2f8zWsjXWLB6w1ouXvfjHrDXkNO1iq7UvX6i+l+/r7oIZO7/A - DOa5hhzr+hsaIqdUUdVlVp+klbFq5lrEJVqIX2x7MfhWR9066lMqTNf+vKQbNf2CGKxFWpv7/M0Z - 8QvdN1NVFdmRMGXBbxoW4jECZd9jzRIzGxPcYqetG9n311DdJVd9Mai1aSoQtzxUFeHkfP9AB0Lm - XmJ1Rc6kGjBWqrr7+mTYj9s+uYlauA3OaNuLeN0yhNLC3jwx3lY8cM328e1SzHgOJiAJ0yoReDAV - +dQ383zdY97gSduMYo9Q2gil14ZS8CugdkLk3PiI6vJeIKJtTIwGhMiUm2Ep0rdCXrvL+AhKuptl - 2lLIEWvh3q1OpJJDvJr5VQEj4KampW5W3unbd6+PTy7fHh8OT86Gl8PR6K8RxoclZBAS/GA8BXaK - fVNaRnaZMEzJ4oZhTYqClDKr2O9Cc3aqYYZ1yyqDDPNdlW5GsYcKw1sRhv1JL/E2ihZBz4XkBaYT - 87GuMnq3edZMFg28juYFetf2AsxsLmH1dVVS1T6CyfWs8ETy1cKr++rr6/37+Ljm2288vcZRqqVc - q7y2ddgMNT/kcDsZ1TWDRuL2epWwoOpWhdIntTdXRQXdXGPLWo8Hih2pOtlqVuKwJ22ThYdy+jU4 - H+XdvwOWa1WVNPm8EjLDlmQYMp9dAUhWVmYKmePc8eiAnlfAhJyTASJSxnBoZXg7QJaQsmnss9ek - 7qN87p7PE3a+UitkwiRGbwW3Siehv+P3bglCRLBQKS+mythkEA7CYFLLXDrfgjjeuUBpdn5G1xl2 - HPZGLbpW3S98wQJ2HhnL/q64tqDZUOZYXTPE6gGBk9M/2UGFpcvOUi63fFhDdnvLzgBrghzB9eH7 - oXt8qB9tXmjTXJq0HAuL1Uuijge4QkWMGhy7ZeeooxtjxXZxvIsjZ514lc7BnwmrwVc6D9JcdK+E - pFOig4/7l7TY/1r6ghT2wnCtZXFXCxYnJ8IKnN+oqAP81J/aWUFy6/TgxiWIlMX4G0FeFRzBXNI/ - Fy6qI5CCF8ScM9BzgeNzl/10stLQYc8K++s+qtn1w5+3IIrqD/CqnkOHwHJjIrsPmV2Mbae390Rk - GmmHTP/xyPT/E5n/D5V/AQAA///sWW1r2zAQ/itiUGjD7MSOnaSB0mW0g8Jayl466L5EsZzYI7GN - X5Iv+/F7TpJf4i7tFtqug5KQ2NKdfLqX53TnP9EKoup9yiMv6H7hi3GHXcHR1GgRLsXFWXMIfoid - USgHjeHyE1hmFe7yvm8+pZnLeO7aI9dFFHXOJGACy37EjFIJRHyYkR3S7xHYy/ADG/kJbffbOW6+ - 48/Yx/VphRu1wmNGYq3wm2IZoXinDF4hRBMNoVPpVDUHdFShdgfoWkoSxYBzjYNmGHe5WIcZkN+n - ZDgEoM9JtXCYMmuT5ab1k6YM5wu2ruUBqqfa6n5tdVFZPdNW53mO9Ji9ZZsg9AKGM/ZiAXQtsBmW - cDwrWjDOUAx4YMSZxUv5nOSYTjzPT3LjI48WBYB4ygKfC3CuORKcqXbLGgq6jEWx9Jva2Z4vS5Fx - 0/NAci3P26Kcx/SinLa2VwBlAHYMlnof660TC5fyysstEcjH6Ic8DLe0rQyrJMVsGXrSZJehzIva - Yl/lQYj0q02hRGGw9hITqdx652KVcC8n+quYhfKGoV5bh8IXkuBz7ieZshLGReH5ilgH+ieEEg6M - kOVvvEQyJjHlR/L6Qy5WYXTEDo9+rnDSzONx5bu/hYqnhwlnX5hwJEw4D8LEPnngDkw8Tlqqg/6Z - YGLwChPPABPOfw4TA834AEzc7UlYu3oSlrNrwm3Wn3kKD5LNEeretEh7FWl7oqrzyx3tItxV9/eq - DtRWqdwup9pcxxUXuX5AhYaqybJiteJUML65twYiBVL3J073LC2pB3AKd6T+0oU4cefc6QtrNnJ6 - 7gwCDofHlm0PqJKtiPCEe8h8su5ECHJ1UNYyGLqT+C7e8CwhkKNF723nqhakiTpWkpkoXLvqsuta - tuX4Vs/v2+J44PU9d2h5I1eIHh/MLX90Kk7kKgf9yYH9AV/FZ6x4pAs6w1BDmVlkxgYaMWyTvN9U - 0UYqMxLOM9IY+CWi82WGy7NrY2AmEcnf7hO/fInb3eaXL3G7Y/3SJQbuCNUv1s2Y5lHkWr9qoXii - Kk01cRV23QJwQX5epHHid2+BQx61MHXg0RsSzFaRTM/R73p0HyfVcPsKBc9v9H8JBb8AAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF6C0LYDtKqboWpAfWHgG6PR2SFatBs65QtgHQwvySxBwgC4spuCaC - DOATQegS8GkVdAl4+y01ryyzKD8P0taBjjKXQmf6IVxiXFqWX0K12TaIWXAzgRZlJBaH5YNnImAz - fsCkBXFxNYwJLXXJth+8JkIfZq6OUm5iRVBqcWkOyGAkv4LnEIpKHEsg/gZNZYLmGUA+h4ujajZC - 0Q3VAHZtbW0tAAAA//8DAPm/CZwwIgAA - headers: - ATL-TraceId: - - 7227c14f66057b6d - Connection: - - keep-alive + H4sIAAAAAAAAA7xW61PbRhD/V270IdNJbb38wCiT6VDiJLSUUuMkHwjDHNJaviDdqXcnPwr8793V + w05MyAQ6DZ5Bp93b929Xe+PAquAycSJHg0xAQ/JaQJaYjuQ5mI6J55DzjipAcyuUNB1IhM3B8k48 + 5zKFTKWdBWiDPEgmUGgwIG1zNy6NVfmMFF4Gvh/4roa/SzB2ui7gVPPYihicjiPIfhDs7ffwxUA2 + w9e5tYWJPC+BGcQ2UZ+Uy23GjRFcuhKsh5asxwvhhZ4wpgSvVXANa5Q/mY7Ppt2gPxggqXLBONGN + Y9C30sTcQqr0uo4hwTeUCP0w7PqjbrA/9f0o9KN+zw0HvZ/90PfJSTJi0fFKzROdJHkPU+GHm7Cb + lwRMrEVBiUPqATM5z7IOS4SxQsaWFQJiYGrGlkpfuyQdK/lOZ4/0opSCysWzS77glmtvIWDpVW5t + HWxYgd8LRr8Y8Q+8zLHsZY5WCRZocsrNNdWqvLJ0imY8M9BxasEjjKuS7ThzgcDR8Xx9DAtAX/27 + jmMFIqtAlDiRLDFGZwcmPb9lFFp9woiemPBGukp3VcA23fTyGUi2Ub2TwlpUYJyNbULq79Vdo2Z2 + yTXh1Yi8yAQ6nOxEjvWoUNYfrfqjR7r7jcq0kWzq0vf30I2wvwr7/6+VuvoVFtFgMFwFwx9hcNVa + 7IWrXvgjLDYAv7u7D8fgIZyGLWMmVu/rGYjVP79ANKSphhTHyj2so58qK+su/6rWcO8hxughxv59 + 5fVIq6k0MKrp7UTdAF+5xaFeD8PHN1U9arfD1avVaWqZ6nioSoo2oIH5gQhCpk5kdQl3zQwlbVrE + dQ5u7tHIM7xq5qrMklfCFBlfN22GZHTLvsd6Uus12dCAwVJv3x/goTsa+O0A303bZszsMh4qeLgp + +C6jt51YQmlh10/MbivuVZ+H7x/wIucpGI8kTKtEIGEu0rlrFul2xL1FSjsLQ6dK6BXQ0CLY7n6v + hw/EGzyE0WBEgc+5GRciPhby+jVxXkFBu4WM2zpW1V1WvA1FKjnG1YJfZTABbmps6ObknB6/e3N0 + cnl8dDg+ORtfjieTPycYBjaXwcjxwnQO7BSns7SM7DJhmJLZmmGni4yUMqvYb0Jzdqohx1ZnpUHU + ul/r+AAbyvFvhe+PMh05O+2MuU2F5BlWDdO+bTPi7dKazahJb4X0DL1rpwQWMJWwuV0W1LbfgeR6 + iXkixmrhzVfxy73jcbDbwupXHl/jKtgiq1Ve2zpstq3/5HC7stWtgUbC9iMuYUndrTKlT2pvrrIS + uqnGubFdWBR7pepiq7zAZVXapgrfqumXyfkoP/8dsFSrsqCV7LWQCY45wxD57ApAsqI0c0gqzB1N + Duh5BUzIBRkgICUMl26G3w1IIlI2D132htR9lM+r5/OInW/UChmxIo0GbuD6t5Q6zFymYp7NlbHR + yB/53qy+e1n55I0uUIadn0Fc0jhhb9Wya9XXRS+Yx84DY9lfJdcWNBvLFHsqxwx9Q+Dk9A92UGLD + srOYywcu1om6vWVnuP1VjuD58P24enyoH2016KX5iNJxKiz2LIlW1ccTKmI0vdgtO0cd3RD7tBsM + /VFYWSc0yUXiSlyY3VQtvEWZScSXxf73vrx/QSr2+xuxeAluLqwGV+nUwx7khEuByyD1rrffd+c2 + z0iqSPFfVQZSEeLfBHJlAcNIgI1XmG+SYV3202naYc8y+4KFbhC4IWPPUvviJeu5PgpXjJ47dPus + ZfS3jL47cPda+mBLH7ioq6UPt3Q6DrZ08q6hB+5wSw+39PCz+/8CAAD//+xYXU/bMBT9K1dCQmlW + UrWFderEA6I8TBpoGtte1kkNqaHZ0qTESWFi/PedazuuQxsQHQ97AFBJfX3t63O/jhP0V+P9oL8a + 31+N768OMFjty4/OuN2XH3uthpgAcEfo80vRZncrEk2bfDt4pm/N/Jfy7atfX8avqGdV8g995WMe + I39UChqhEGLwXCyKgLqDNnHbo3qVrX5n3cCWWfW9H7wm4DaOqjpFp/eujwLtj1QHRnP8mRFzEzjk + ST3y8NHa5NrHHUs+qj4E3/Fvb4skxY7IdrXAvzWAemz551mZRwLxlQifO+0e7onzWAoGdnHlTByt + +ICPvm23RfBJ02uDOOuE02UswSnAwA96PVCFS8YYCVHxQSYNk8XVhMC1YF9KIeU6jiOOY2HjmM8g + 8vAiTrh7FrOwoCzCRpJuZqAZBVivUWTULkIpKMvpGheq34R7Z8R5KLF6lIeXbABYUjlPiUlRoDIN + vDkXBOJMxU1WqUQkI5GGuEcw98BWcTQjtHqQ6iT+JUCrL7FLCLMXiySO1Ns+w3EqgxMBfJCzzMvd + WfposKlMZXiJYsE0fE+WPAX2yevEbGeQkTQPoRxn4ACO8TIYp7311aGUAmnJxsA83ERzUHusa9Fh + 2mVtCA1SuSjKPEVw40mWScHoOjZg3kYjAgZwZwc3igz+xN9xlkaI+XE6mUzGKV/GCrqjY5wM/Oae + Dolff8a58HZ3bnsDhJb+36rmRnrmIYHSGjWPheopMIfjkUqB4TqkyfnJx5PjL9Slo3PavS6z4v0Y + P3rxjq9HkISbxH5njLx8w0eVWSICkHgP0R/hYhWIdNn6wdaAC0Ml7XS09kQZoI1SAHqwo02eyPM2 + I9iiQ84cusPK5kxYa8qG37cMOPTNBgqdZtMS8UKcau549U5lWKvj4IQNlRySplpuldaquZWs1XNH + 8qCiO5IHNd2RPKjqjuRBXbeStcruSOq1HTh9Uu9dphVIQzPTgGRQwXoOXIyRwYQ3cuFijAwoRlTB + xRhZUBxJ1fMqVGoiBsmiUpMwSBaVmoRBsqjUJAySRcWRaJAsKjWJBskJJuA1QyRxSO5pmjdcL/R8 + KxnyB7oTvh1FnAcIzPIC6W96wGmsrnCmBfj20tILboPbIX1Vl3guQKbYVy5BxUwgyQNXqd+kpL21 + UWe/SUe7caPOQZOOdvBGnbdNOtojVoc8OuMOpLqT7XAqCNra421VdrWLudWEicxooQM4ICYSdtNB + 06bKpY9vagICXWptA+O7D/NFGBXst7OMYvWFEALLeCqmqzaPiZ/BinKBai6f0+eN6iLjezTTFC+c + zuO0RV7rzxw0pMiGlnpsJLSvZNZJYLfgPU1mu1uS2S6T2e7/QGa3vfG6gbsFmf0LAAD//yKpMWs4 + 2pgdVo1ZAAAAAP//7JrLasMwEEX/pZClXMm27GQR0kBb6C7r7BTJSaH4gR/k9ztjyarlxil0UQwV + ZBHikTUZo5sb7vFm1pvZsTlzNN0xZ46qO+bM0XXHnDnK7pizsbZ7MzvMy5tZb2aXYWaZXfqDmf2e + q7O5XJ3F46i0rYX86NkATPunpXzmHnT2wlxWTW1WPXzZuULLVzhx7zQSFG0r5DumYzczc2phjKbL + c4Gh58PNHA8Hh+RCWf8yFkWvsRNSIm/xprb8LOJIsdM6pvwEjaTphoVhgvvYItjhTlmGT3WvFOzR + QOVXDygsiM08lVfRVGhr8aZ3gad+1llwqXUZ/NznA3TDWcjijNEsCtUmkZHkKZNrrhQVyZll653a + 9ndZRftV+AovvY7kojCxJCH6oyboGnKFiZAwgBZVoKUNR0YqIRqcGKzvrTccInj7fCBJUBXY/xSe + Wn7HU/pq+R1P6a2ldwxCpDRwZECC8f/Jg4ER8TxhzqWhJi1mx7LA8peuLqvs8QgyI5GyMQcPGUK4 + ak8y7mPIScMg1EZmvRT8/UP/r1LwCQAA//+ir4tHiwKcRQG8uQF0Yjokx1WDlh9D2QZAc/NLEqGL + p9GbG7jWKhrgWqtoAF+riC4Bb54Bu8qZRfl5kDYORCilFLpKHsIlxqVlwBYtuWvUMFaZQgyDGwq0 + KSOxOCwfvFoOtjQUmIQgTq6GMaGlK9kOAO8o0IeZq6OUm1gRBBlTQfEseJ1bUYljCcTjoPW2oLVw + IK/DxVE1G6HohmoAu7a2thYAAAD//wMA5wPS1JQxAAA= + headers: + Atl-Traceid: + - a10b731092b82e3f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0dcc9605-3b0e-4071-bf41-549db64ed220 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '222' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9f3c6d92-1e7d-4ee8-8157-9eedf565cbd9 - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +432,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11098 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11793 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxIUYdJkPBSWgppcZJPhCGOaS1fEG609ydbNOQ/97d - k2QDwZSQmg+6O2nfnn12b/niwbLkMvViT4NMQUP6RkCemo7kBZiOSWZQ8I4qQXMrlDQdSIUtwPJO - MuMyg1xlnTlog+8gHUOpwYC09bdexxOkOQyDnSFuDORT3M6sLU3s+ylMIbGp+qx63ObcGMFlT4L1 - UYf1eSn8yBfGVOC3Cq7gGuWPJ6PTSXcn2MGTqXPWi794Bo1WJuEWMqWva+dS3KFAFERhNxh0o+Ek - jOL+Vhy+6vXDrV+CKAjIR7Jhr0twap7pI8n7YRAE0SrqZpOCSbQoCRE83WOm4HneYakwVsjEslJA - AkxN2ULpqx5JJ0q+1/lTvDCQVBr8uYAFn3PL9Wsj/oHdApNUFS/qo8N0Nwz64bDZTtDR3XXIHY8S - jbYm3FxRjqpLS6t4ynMDHa/V4cVOydeOZwUSo8Qke7GsMBKv1OozuvdM9Bpph53LRosdbW4lfO3p - eymsRQXEr0aagvrDfWvU1C64psCMKMpcIEPSe9EguI4yg+FyMHyKuw3MjbEG6VIQsPi7jfMgeIWW - o8EyGjxbsUuhY8kL0zwfsRVuL8PtH7O1bI01i0es9aNlP/oxaw05TbvYaO3rV6rv5Ye6u2DGzs4x - g1mmIcO6/oaGyCmVV3WZ1SdJZawqXIu4QAvRq00vht/qqFtHfUqF6dqfF3dD3HKLXbFuOt/P97qj - rXqYX2vTRGa33FcVxRRSX/pIB0JmXmx1BQgH6rQfsNiJ0rVvTh2p1yKpY//yzRm5isJmpqo8PRCm - zPl1UxJ4nGjAWKnqHuqTwSBq++R91IJNcIabXkSbXvTXvUQoLez1M8FtxX3XhZ/eR0XBMzA+SZhW - icCDmchmPTPP1s3nHZ60XSryXEougdoJkfNeWFSXD8YbbmJiOKTAZ9yMSpEcCXnlLuMDKOlulkmb - NZfLhXu3OpFKjvBq5pc5jIGbmgm6WXknR+/fHh5fHB3uj45PRxej8fivMYaBJWQwcvxgMgN2gn1T - WkZ2mTBMyfyaYU2KnJQyq9jvQnN2oqHAumWVQdb2XJXej2IHFQY3IggG037s1VcGJglRXhfVnUJG - vDMheX7/o2ayaOB1vM7Ru7YXYAIzCauvq5Kq9glMrmeFZ3KsFl7dV3ev9++j3ZpWv/HkCkepllmt - 8trWfjPU/JDD7WRUlwYaidrrVcKCqlvlSh/X3lzmFXQzjV1iPR4odqDqZKuixGFP2iYLj+XvLjif - 5O2/PZZpVZU0+bwRMsU2Zxgyn10CSFZWZgap49zheI+el8CEnJMBIk3KcGhleDtAGpOyWdRjb0nd - J/nSPV/G7GylVsiYSYzeCm6VjoPeVq9/QxAigrlKeD5TxsbDYBj401rmwvnmR9HWOUqzs1O6zrCx - sHdq0bXqYeFz5rOz0Fj2d8W1Bc1GMsPqKhCrRwSOT/5kexWWLjtNuNzwYQ3ZzQ07BawJcgTX+x9G - 7vGxfrR5oU1zadJyIixWL4k6HuAKFTHqY+yGnaGOboQV28XxLgqddeJVModeIayGntKZn2Sieykk - nRIderh/TYvdu9LnpLAfBGsti9tasDg5EVbg/EZF7eOnvZktcpJbpwc3LkGkLMLfGLIq5wjmkv65 - cFEdgBQ8J+acgp4LHJ+77KfjlYYOe5HbX3dRzXYv+HkDoqh+D2/HOXQILDcmsoeQ2cbYtvo7z0Sm - kXbIDJ6OzOA/kfn/UPkXAAD//+xZbU/bMBD+K9YkJKiWtEmTtlRCjAkmIQ2E9sIk9qXGTptMbRLl - pf3Cj99ztvNCobBVwJiEWrWJfeec7+U53+VPtIKo+pjxWITdb3w27rBzOJoeLaO5PD1uD8EPsTMK - 5bA1XH1Cx67DXd337ec0cxXPXXfk+4iizrECTGDZr4RRKoGIjzOyXfrdA3sVfmAjP6Ht/jjBzU/8 - Wdu4Pq1wqVd4ykhsFH5ZzmMU75TBa4RooyF0qpyq4YCOatTuAF0rSeIEcG5w0I6SLpfLKAfyB5QM - hwD0KakWDlNlbbLcpHnShOF8wZaNPED1zFg9aKwua6vnxuq8KJAe8/dsFUYiZDjWzmZA1xKbYSnH - s+IZ4wzFgAAjziwi41OSY3IkRJAW1mcez0oA8YSFAZfgXHIkOFvvlrUUdJbIch60tXN7vipFxm3P - A8mFOsPLah7Ts2raub0CKEOwY7DS+9hsnVi4kldd3hKBfIx+yMNwS9vKsUpaXs8joUx2Fqm8aCz2 - XR2ESL/GFFoUBmvPMZGprXdOFykXBdGfJyxSNwz12jKSgVQEX4sgzbWVMC5LEWhiE+hfEEo4MEKW - v/ESxZgmlB/J63e5XETxHtvdu1ngpFkk49p374WK54cJb1uY8BRMeI/CxDZ54A5MPE1aaoL+hWBi - 8AYTLwAT3n8OEwPD+AhM3O1JOJt6Eo63acKvJqiOKTJ4kGq4UMNkjbRXk65PbKrze3WdX211E2Hd - gVJOHFLJcG9Lobd/b/28Xnfl5WLBqWB892ANRAqk7k+SbVlaUg/gEO5IPatTeeBPudeXzvXI6/nX - kHY43Hdcd0CVbE2EJzxAFpB1j6QkVwdlI4NlOokfkhXPUwI5WvTBdq5uQdqoYxWZjcK1qy+7vuM6 - XuD0gr4r9weiL/yhI0a+lD0+mDrB6FAeqFV2+kc77id8NZ+14LEp6CxLD+V2mVsraMRybfJ+W0cb - qcxKOc9JY+BXiM7nOS6PL6yBncYk/3qf+PVLvN5tfv0Sr3esX7vEwB2pW7SmGdM+ilyYVy0UT1Sl - 6cawxq4rAC7IT8osSYPuFeBGUKfSBB69IcFsHcn0HPOux/RxMgO3b1Dw8kb/l1DwGwAA//8i18Wj - RQGtXUyHogAAAAD//4IVBejNDGA7Sqm6FqQH1swAuj0dkhWrQbOuULYB0ML8ksQcIAuLKbgmggxw - TQQZwCeC0CXg7bfUvLLMovw8SAsJOspcCp3ph3CJcWlZfgnVZvAgZsHNBFqUkVgclg+eiYBPsuXn - QlxcDWNCS12y7QevidCHmaujlJtYEZRaXJoDMhjJr+A5hKISxxKIv0FTmaB5BpDP4eKomo1QdEM1 - gF1bW1sLAAAA//8DAPjI36UwIgAA - headers: - ATL-TraceId: - - 998e56d764a5862c - Connection: - - keep-alive + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJHOEhuJ1EjKjyX933ek + JKtxmqLJsMZARB55798d78aBdUl54kSOBJ6AhOQ1gzxRPU4LUD0VZ1DQnihBUs0EVz1ImC5A016c + UZ5CLtLeEqTCM0hmUEpQwHVzN66UFsXCCLwMfD/wXQl/V6D0fFPCqaSxZjE4PYcZ/UGwtz/AjYJ8 + gdtM61JFnpfAAmKdiE/CpTqnSjHKXQ7aQ03aoyXzQo8pVYHXCriGDfKfzKdn834wHI2QZE1QTnTj + KLStUjHVkAq5qX1IcIccoR+GfX/SD/bnvh+FfjQcuOFo8LMf+r4x0ijRaLgV80QjDb+HofDDrdvN + JgEVS1aawCH1gKiC5nmPJExpxmNNSgYxELEgKyGvXcMdC/5O5o+0ouLMpIvml3RJNZXeksHKs2Z1 + BjZHgT8IJr8o9g+8LDDtVYFaDSxQ5Zyqa5Or6kqbVbSguYKeUzMeoV+Wt+dkDIEj42xzDEtAW/3P + PUczRFaJKHEiXqGPzg5MBn57UErxCT16YsAbbhtum8A23GbzBUg6r95xpjUKUM5Wt0Hq7/auEgu9 + otLgVbGizBkanOx4jvmwKBtO1sPJI839RmZaT7Z5Gfp7aEY4XIfD/1dLnX2LRVQYjNfB+EcoXLca + B+F6EP4IjQ3AP3++D8fgIZyG7cGCrd/XPRCzf36BaEhTCSm2lXtYRztFXtVV/lWp4d5DB5OHDvbv + C69bWk01DcN2byfqB00fM+GSLK7tuLlHMyDGSKhMVHnyiqkyp5sG6kjGuOv3GFMD/0YF1fhQ1A32 + 8YVat++uYXu1OGnK0C4PRWUiaI3/YAiMp06kZWWsiSWgs6a27zfw0J2M/LaB74Zt22Z2Dx5KeLhN + +O7BoOtYTEimN0+MRMvu2efh+xs8K2gKyjMcqhXCkJCxNHPVMu1a3FuktL0wdGwyr8A0LQPb3fd6 + /IC/wUMYDSbG8YyqacniY8avX5uTV1Ca2YLHLYYsslb2bEvhgk9xtKBXOcyAqhqXslk5p8fv3hyd + XB4fHU5PzqaX09nszxm6gcWl0HO8MM+AnGJ35poYvYQpIni+IVjpLDdCiRbkNyYpOZVQYKmTSiHC + 3K9VfIAF5fi3zPcnuYyc+sXCJGGUu6q6U+IY75Rxmu9eaiajJrwW5zla13YJTGDKYXu7Kk3ZfgeS + 6yHmiRirmbev4t2543Gw62D1K42vcRRskdUKr3UdNtPWfzK4Hdnq0kAlYfuIc1iZ6ha5kCe1NVd5 + Bf1UYs/qBhZBXok62aIocVjlusnCt/J3Nzgf+Ze/A5JKUZVmJHvNeIItSRFEPrkC4KSsVAaJxdzR + 7MB8r4AwvjQKDGgSgkM3wXcDksgIy0KXvDHiPvLn9vs8IudbsYxHpEyjkRu4/q0JHUYuFzHNM6F0 + NPEnvreo715am7zJBfKQ8zOIK9NOyFux6mvxddYL4pHzQGnyV0WlBkmmPMWaKjBC32A4Of2DHFRY + sOQspvyBi3Wgbm/JGU5/1hBcH76f2s+H+tNmw2yaR9Qs50xjzRpWm31coSBiuhe5Jecoox9infaD + sT8JrXaDJr5MXI4Ds5uKpbesco740lj/3t37F0bE/nDLFq/ALZiW4AqZeliD1OCS4TBoatfbH7qZ + LnLDVab4z6bBiAjxbwaF0IBuJECma4y34SF98tNp2iPPcv2ChG4QuCEhz1L94iUZuD4y24OBO3aH + pD0YdgdDd+TutfRRRx+5KKuljzu6WY46urGuoQfuuKOHHT384v6/AAAA///sWF1P2zAU/StXQkJp + VlK1hXXqxAOiPEwaaBrbXtZJDamh2dKkxElhYvz3nWs7rkMbEB0PewBQSX197etzv44T9Ffj/aC/ + Gt9fje+vDjBY7cuPzrjdlx97rYaYAHBH4BhL0WZ3KxJNm3w7eKZvzfyX8u2rX1/Gr6hnVfIPfeVj + HiN/VAoaoRBi8FwsioC6gzZx26N6la1+Z93Alln1vR+8JuA2jqo6Raf3ro8C7Y9UB0Zz/JkRcxM4 + 5Ek98vDR2uTaxx1LPqo+BN/xb2+LJMWOyHa1wL81gHps+edZmUcC8ZUInzvtHu6J81gKBnZx5Uwc + rfiAj75tt0XwSdNrgzjrhNNlLMEpwMAPej1QhUvGGAlR8UEmDZPF1YTAtWBfSiHlOo4jjmNh45jP + IPLwIk64exazsKAswkaSbmagGQVYr1Fk1C5CKSjL6RqXud+Ee2fEeSixepSHl2wAWFI5T4lJUaAy + Dbw5FwTiTMVNVqlEJCORhrhHMPfAVnE0I7R6kOok/iVAqy+xSwizF4skjtTbPsNxKoMTAXyQs8zL + 3Vn6aLCpTGV4iWLBNHxPljwF9snrxGxnkJE0D6EcZ+AAjvEyGKe99dWhlAJpycbAPNwac1B7rGvR + YdplbQgNUrkoyjxFcONJlknB6Do2YN5GIwIGcGcHN4oM/sTfcZZGiPlxOplMxilfxgq6o2OcDPzm + ng6JX3/GufB2d257A4SW/t+q5kZ65iGB0ho1j4XqKTCH45FKgeE6pMn5yceT4y/UpaNz2r0us+L9 + GD968Y6vR5CEm8R+Z4y8fMNHlVkiApB4D9Ef4WIViHTZ+sHWgAtDJe10tPZEGaCNUgB6sKNNnsjz + NiPYokPOHLrDyuZMWGvKht+3DDj0zQYKnWbTEvFCnGruePVOZVir4+CEDZUckqZabpXWqrmVrNVz + R/KgojuSBzXdkTyo6o7kQV23krXK7kjqtR04fVLvSKYVSEMz04BkUMF6DlyMkcGEN3LhYowMKEZU + wcUYWVAcSdXzKlRqIgbJolKTMEgWlZqEQbKo1CQMkkXFkWiQLCo1iQbJCSbgNUMkcUjuaZo3XC/0 + fCsZ8ge6E74dRZwHCMzyAulvesBprK5wpgX49tLSC26D2yF9VZd4LkCm2FcuQcVMIMkDV6nfpKS9 + tVFnv0lHu3GjzkGTjnbwRp23TTraI1aHPDrjDqS6k+1wKgja2uNtVXa1i7nVhInMaKEDOCAmEnbT + QdOmyqWPb2oCAl1qbQPjuw/zRRgV7LezjGL1hRACy3gqpqs2j4mfwYpygWoun9Pnjeoi43s00xQv + nM7jtEVe688cNKTIhpZ6bCS0r2TWSWC34D1NZrtbktkuk9nu/0Bmt73xuoG7BZn9CwAA//8iqTFr + ONqYHVaNWQAAAAD//+yaX2uDMBTFv8ugj3EmGrUPpStsg731uW9pYjcY/sEo/fq710RnstnBHoYw + oQ+luUluIzk95fxWM7ua2ak5czTdMWeOqjvmzNF1x5w5yu6Ys6m2r2Z2OK/VzK5mdhlmlo5TfzCz + X3N1Oper03gYwMitbYR873N8JA38Uj6zRjg7MJdVh2NWPXzZucKRr3CiXT8S9GeN8IVoWyHfMDYz + uaLuikJg6Hn3bY6HB4fkQtX8MhZFr7EXUiIb8aJ2/CLiSNFzFof8DI2l6ZYyluA+YxHscKMsx6d6 + UAr20FD52QMKC2IzD9VV6BptLS56E3jqzzoPXhtTBj/3xQDdcMponNMwj5jaJjKSPKUy40qFIrnQ + PNurXb/KJjps2DO8zDxSiNLGkoSYj3TQaXKFEyEsgBZVYKQNj4zUQmg8MZjfW2+4RPD28UiSoC6x + fx+eWn7HPn21/I59emvpHYMQKQM7WZBg+n/yaGFEvE+YcxkAyYjZqSqx/Klrqjq/P4HMSKRs7MVD + hhBGx5uM+1hy0jIIjZXZVQr+/qH/Vyn4AAAA//+ir4tHiwKcRQG8uQF0Yjokx1WDlh9D2QZAc/NL + EqGLp9GbH7jWKhrgWqtoAF+riC4Bb54Bu8qZRfl5kKYMRCilFLpKHsIlxqVlwBYtuWvUMFaEQgyD + Gwq0KSOxOCwfvFoOtiwVmIQgTq6GMaGlK9kOAO8o0IeZq6OUm1gRBBlTQfEseJ1bUYljCcTjoPW2 + oLVwIK/DxVE1G6HohmoAu7a2thYAAAD//wMAkXb1kJQxAAA= + headers: + Atl-Traceid: + - d71f06360a581d55 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 83bb2ddc-9398-4463-81f4-cf48246f99ed X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 25f5768d-41ee-4ce5-9d28-ec595b966898 - x-envoy-upstream-service-time: - - '158' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +550,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1Jv7LmJnpQkVVo9ySLTJoJVtKmtKmwLPvfTXDx4za88zzz - MiemcKH9bJlk795Pi9xsNBnqvHYfLkNvcVl6HLORPEvYJ81L78YAcwCeQQZps7t5ae6f29/tbh1U - mJh8jVACCRwSpmmy7jjQ6NvjROHArXWrDpJae6u/FSajUIlLeIc+gjnkPIUyzUXLSwlcFmUGAFeQ - AwR/oTn0tv3wj922PJdFJbnIrrf1D9sND6NxART5VtSVUdgVVCDV0Jla1EorFGA6ACxLIRQVfwq8 - jQ2P/YwsvmNwtf7JdRjjE7OXidH4tm/Y+fwFAAD//wMAYyq15VoBAAA= - headers: - ATL-TraceId: - - 1a5d4a895b29f6b1 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAUZUk45T9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwCzNYsLWgEAAA== + headers: + Atl-Traceid: + - 445f5d25f65b3003 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d07b20e7-9c1b-481d-9a2d-87143d3ef2ca - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 78cbf72397b9480b - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3ddbdf7a-7e8a-406e-9b8e-f635559f6f4d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cd702624-43c2-4956-adbd-4cca8c42f9fe - x-envoy-upstream-service-time: - - '73' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,159 +620,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 73e9cafc8375f82b - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 11ec3542ec12a8ef + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7d8664a8-9881-418f-a2a5-189e8c4e7e41 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5bfd14ff-1bce-443d-8a61-daf4fe91bfd9 - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/226] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/9] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2858]\n*Defect - Dojo link:* http://localhost:8080/finding/2858 (2858)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2856]\n*Defect Dojo link:* http://localhost:8080/finding/2856 - (2856)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/282]\n*Defect + Dojo link:* http://localhost:8080/finding/282 (282)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -903,53 +728,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '1931' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11099","key":"NTEST-910","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11099"}' + string: '{"id":"11794","key":"NTEST-1456","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11794"}' headers: - ATL-TraceId: - - 2f4c36f2d2f43425 - Connection: - - keep-alive + Atl-Traceid: + - 880196c5f5a6497a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b80ffa42-5c68-43d7-b613-7800f6c21fbe X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '600' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f88e516a-ff95-4595-81cd-6e03e661d992 - x-envoy-upstream-service-time: - - '395' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -959,285 +790,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-910 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1456 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id8SQnCH6XA013LX4zig7QfKMIq9cVRsySPJEK70v9+u - bGNKCUNpmMHSSvv+7Gq/eLCquMy8xNMgM9CQ/SGgyMxA8hLMwKRLKPlAVaC5FUqaAWTClmD5IF1y - mUOh8sElaINnkB1BpcGAtM1db+AJkhxF4fY2bgwUC9wura1MEgQZLCC1mfqsfG4Lbozg0pdgA5Rh - A16JIA6EMTUEnYALuEb+g5PZ8clwOwqRsnDGeskXz6DS2qTcQq70dWNchjtkiMM4GobjYTw9ieJk - tJlEU386CX8L45BkOB32ugIn5pk2En8QhWEY33rdbjIwqRYVRQSpu8yUvCgGLBPGCplaVglIgakF - u1L6wifuVMn3uniKFQbSWkNwKeCKX3LL9Ssj/oOdEpNUlxsNaT/bicJRNG23J2joTu/ywKNEo64T - bi4oR/Xc0ipZ8MLAwOtkeIkT8nXgWYHAqDDJXiJr9MSrtPqM5j0zei23i53LRhc72txJeG/peyms - RQGEr5abnPrL3TVqYa+4JseMKKtCIEKye95gcB1kxtPVePoUc9swt8raSFeCAou/u3Eeh1uoOR6v - 4vGzBbsUOpRsmPb7iK5osoomP6dr1SlrF49oG8WrUfxz2lpwmm6xVtvXr1Tfqw9Nd8GMnZ5hBvNc - Q451/R0MEVOqqJsyayhpbawqXYs4Rw3x1rqD6fcymtbRUKkwXfvzkmHU9gtCsBZpo+7LdzTCF5pv - lqoustfCVAW/blGIZAyU/YA1S8hsVXCLnbZpZD9eQ02XvO2LQSNNU4G45Z6qKU7O9o9EEDL3Eqtr - MibVgL5S1T3UJzen212fvB+1cF04o3UH8bqDUd9LhNLCXj8zEB174Lrw0/uoKHkOJiAO0wkRSFiK - fOmby7xvPm+R0nWp2HO5nAO1EwLnPbeoLh/0N1qHxGhKji+5mVUifSfkhXuMX0NFb7NMOwg5YF25 - s1uKVHKGTzOfF3AE3DSw1O3KO3z3/s3+wfm7/b3ZwfHsfHZ09M8RuoElZNBzvHCyBHaIfVNaRnqZ - MEzJ4pphTYqChDKr2J9Cc3aoocS6ZbVBhPmuSu97sY0CwxsRhuPFPPHuFS3GNheSF5g1DHtfZXR2 - n9ZOFm14HcwLtK7rBZjAXMLt7bqiqn0CkptZ4ZkYa5hv36tvn/cfg10Pq995eoGjVIesTnija68d - an7K4G4yakoDlcTd8yrhiqpbFUofNNbMixqGucaW1Y8Hir1WTbJVWeGwJ22bhcdy+m1wPsm7f7ss - 16quaPL5Q8gMW5JhiHw2B5Csqs0SMoe5/aNd+s6BCXlJCghIGcOhleHrAFlCwpaxz96QuE/yhfu+ - SNjprVghE1blyaYf+eENhQ4jV6iUF0tlbDINp2GwaO6eO5uCOJ6cIRc7PaZnDBsKe6uuhlY9zHzG - AnYaGcv+rbm2oNlM5lhVJcboEYaDw7/Zbo0ly45TLtdcbEJ1c8OOAWuBDMH13oeZ+3xsPl0+aNM+ - lrQ8ERarllhd/nGFghj1L3bDTlHGMMZKHUaTcBo77YSn9BL8UlgNvtJ5kOZiOBeSqAQDH/evaLHz - LfcZCdwe90Ku7grBmuSEU4FjG9VysD32l7YsiKvK8Z9LC4mI8XcEpbKATmXAZiuMPvGwIfvlMB+w - jcK+ZLEfRX7M2EZuX+6wkR8iszsY+RN/zLqDcX8w9jf9rY6+2dM3fZTV0Sc9nZabPZ2sa+mRP+np - cU+P794f9fSRP+rp454+7h3Y6vXS8g79Vi8t41/XIAQDt4sjxyUMKPlu3GUPZXprXab/BwAA///s - WNtO20AQ/ZWRkJCTBkeEktKgPFDgAamgqlD60FSKsTeJW8c2vgQqyr/3zO56WefSAkqrPkBQEnt2 - dsdnZs+czaMyrb3XlemXLK8ny2C7d5kX+5P2hTfuNekMRKDulmEUnBzZt8ATSBVT7MS6Xb0m266h - YXm9475syOekquok7c7e7h74u3kkWzS657eEWLwA/D87ksPvDbhXxA833tGcyM/HuPiCj62nb0X2 - v1T+6+wAD4V0WUaxyKRiNJ2Juy9KRm7/h5FAxqiDJrp4FUGMUpPHRzy1GyZtL5iFORQG9PhupwPh - MGJAsQEqdcgSYpiOhwTlVXho2x5lqmp9rlphqnamYwsj7qTFxCso8bFQTjcTiI4CGlg7Mn5XXi4o - yegaJ7sfhLOmz/sux+x+5o04AGimchqTRIb4kaCiM0GQ0VTcJJWLT7kP9HCqYCWCpUJ/QtiJkNhR - +F1AZI+wioew0zQKffnbmVY8VcCRAD7YoazS7VHq0RBTGefeCOTAonwrL3kI4suvI72cRiYnHPBD - P0ygB6zgc3cQdxZnh1MMpHMOBuHhDJlB6GNegw6LMBODp5HKRFFmMSoZ3/IyKhhdKwaMWxqEywBu - bOB8kSCf+D9MYl+kxSAeDoeDmI9mBd3RIZ4MWuee+pj+ugwz4Wxu7LzdT8fyo1GN9NW4PkHeaieH - jfKbqx+N71QODFafhufH748PL2ibDs5p87pMiv0B/uTc7aa60aLOEmuzPRjE9IofM08i4ULOO2mW - +DhiuSKeNb5yLFDF8IjbbeU8lMurkCR4DqJokSOyrMXoNajP5EN3mFk/EeYKOOz7hgaGrB13mgQl - agXbrX6/+g2lV2NsaMMVnA3LKtY2Tgu8bSwLzG1Z5rjbssyxt2WZ42/LMsfgxrLA4ZalzuLA6YP8 - tSSoQOrpkRokjQrms+BijDQmvJANF2OkQdGmCi7GyIBiWaruVqFSMzFIBpWahUEyqNQsDJJBpWZh - kAwqlkWBZFCpWRRIVjEBrwkqiUtSc3ovHW+h1KdhLthLVh93KX5Dj8LVgc/7AIVZXmHrS/Y/DeVR - TpN/0xxdOu6te9ujT/Iwz9Sjab5KCLgygiVzbaedVU4qV0t9Xq/yUUlc6rO7ykeld6lPd5WPyofx - IQeqjEdwXzK9TZZAS+W7JQlXJZibjBflCaWqfF1itWAWfbNqUZnQ3y+qywH9aWEBLHEyTT2/4Jyd - JRTKC0LyZ2EgAjngvBCp7BmZwP2g9IUarHXoR+ihTIDa86c0femYJny8ZvHieME0jBvkNH5OvTAq - kp6RIEuV7IuKtfazzX+PULHd56rYrlSx3X+hYtdzuq1K6K+r2O3/SMX+AgAA//8abcWO4FYsAAAA - ///sWl1rgzAU/S+DPkZN/KoPpStsg731uW9pYjcYVjFK//7uNdEZWzvYoPgQ8CGYm+R6Y45Hzrnq - dSx2TMss5LZYmYXdFiuz0NtiZRZ+W6zMQnCLlVkYbrGyMYo7FtvXy7HYfoxjsd3rsBwWS83AX1js - tdJO55R2Go3F06bm4qtT9tF6MA2NZ+YIZjvm1OtgUK/7R50LHHwVvGm4+ERB7KZQHmRD4FgpnqqJ - qi0KjjLo001lDwuHXoay/qNQirRjy4VAt8S73MQnHoWSHtdREB8hyzTNKGMJrjMEwQp3wnLc1Z2U - sIaCyJ8cEGfQF/NcXriqkKPipHfNSdpQ433UOgy+/YWvm35MGY1yGuQhk1kiQhGnVKxjKQOenGi+ - 3spNN8sq3K3YG1x6HCn42ciUhOhbymsVuUBFCPPwrfc00mHJSMW5worB+I6Pw6mC5sueJF51xvyn - rqflZzz1Ti0/46n/aukZAxBJ7X4y1oLxf+TeGAfxPKG2pS1JGswOALQQ/trWZZX7B4AZgb4bc/DQ - 7we9w0nGdYxz0bgSagOzDgoev+kOCh6R8X+h4BsAAP//oreL6VgUwFsRQCemQ3JcNWipMJRtADQ3 - vyQxB8jCbCgZABtbStW1SpgSuJY1GuBa1mgAX9aILgFvtwG71JlF+XmQlhFEKKUUum4dwiXKC/m5 - EBOqYUxoKUhGyYe04l4fZq6OUm5iRRBkGATFbvAKtaISxxKIO8qAbXByl9Whr2GFmAU3E2hVRmJx - WD54fR9sHS1oYS5o1RzIRrg7UB1rhOJaqAZw6NTW1gIAAAD//wMAThcegP4wAAA= - headers: - ATL-TraceId: - - bea001c627765d0d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprTcMGHU6HQomoaWUYpJ8IAxzSGvpyulOvTvZJiH/vbuS + ZYcXZwKdZvxB97Yvt/vsc+uPHswrrjIv8QyoDAxkhwJkZnuKl2B7Ni2g5D1dgeFOaGV7kAlXguO9 + tOAqB6nz3hSMxT3IzqAyYEG5xdm0tk6XE1J4FYVhFPoG/qnBuvPbCk4NT51Iwet5guxH0c7uACcW + 5ASnhXOVTYIggwmkLtN/a587ya0VXPkKXICWXMArEcSBsLaGoFNwA7cof3I+Gp/3o8HWNi41Llgv + +ehZ9K22KXeQa3Pb3iHDGUrEYRz3w2E/2j0PwyQOk8GWv7M1+DGMw5CcJCMOHW/UvNBJkg8wFGG8 + vPZikoFNjagocLi6x2zJpeyxTFgnVOpYJSAFpidsps2NT9KpVm+MfKYXtRKULi6v+JQ7boKpgFnQ + uLVycLEVhZvR8BcrPsDPJaa9LtEqwQJNnnN7Q7mqrx2NkgmXFnpeK3iE92pke14hEDgmLW6PYQro + a/ip5zmByKoQJV6iaryj9wAmm+G6jajbqIz+G6/6wkwspJs8NJnt8kCTz9Czuu4bJZxDBdZb2iYI + /96ctXriZtwQkK0oKynQ4exBSDBRDfwGw/lg+Ex3v5Cy7ibLhA3CHXQjHszjwf9rpYVFA1I0GG3P + o+1vYXDeWdyM55vxt7C4QP6nT4/hGHdwnIj525YDMckXl5j0PDeQI608wjq6o2XdVvmTII931m0M + 123sPlbeUlq7SoTRsLeX9COccoek3pLh82unpdoVuQatOkOV0Qz3dU23jYgw39GCULmXOFMDRhCV + urcYdKqP1rlGH+k3Im2j8vHRGvmKwrbQtcwOhK0kv13UF2XFAF6WSvgpAt/cjTsCfxi2dTQTL2nm + 4cYy4ZUR2gh3+8IgduJB8wp8PY+LkudgA5KwnRKBC4XIC99O8xVhvcaVjtli7zF2483uKpJfA3ET + wfbhe729JhDROoxGQ4pIwe2oEumxUDeHtHMAFfUWKu2y1uRy1uwtV5RWI2wt+LWEM+C2RYJZjLzT + 4zevjk6ujo/2Ryfj0dXo7OzPM7wfFpfFkOCB8wLYKZKwcozsMmGZVvKWYUELSUqZ0+w3YTg7NVBi + RbPaImr9pwo7woLywjsRhkP5IfHaFwuzh+FfVdW9EsdE5EJx+fDQojNahLfBtUTvOpbAzOYKlqfr + isr2K5DcNjEvBF8rvHz87vcdz8PjCm+/8vQGW8EOcp3y1tb+otv6Tw53LVtbM2gk7t5qBTOqbi21 + OWm9uZY19HODLLFqWDQ70G2ydVlhs6rcIgtfyt/94LxXn//2WG50XVFLdihUhjRnGSKfXQMoVtW2 + gKzB3NHZHn2vgQk1JQMEmoxh083w3YAsIWVF7LNXpO692mi+Gwm7WKoVKmETjEiRhP6mH95R9DB4 + UqdcFtq6ZBgOw2DSHr9q3Ap2L1GMXYwhrYlq2Gs96zv9tOglC9hFZB37q+bGgWEjlWNZlRikLwic + nP7B9mqsWTZOuVpzsI3V3R0bYwPYOILj/bej5vOu/XQJocniHaXhuXBYtiTaAABHqIgRs7E7doE6 + +jEyUT/ajqLdxjoBSk0zX2HP7Od6GkxrqRBiDikguH/+klQMwjaUJJfOwC+FM+BrkwdYh5ywKbDv + o/oN8KhfuFKSXJMJ/Da5ID1nkNeSY9Tm9Pencf8AlOCSsDEGM8V/OazPvj8kwR77TrqfUHjLj39Y + EzRUuocv3xR6FI+mn2R3FMeNLorJRhMIWmMbBzWwAwQVLo6hcj6LdnqMKITdR2z3KyJ/Cdn36l8A + AAD//+xZ30/bMBD+VyIkJqhImqRNKZ0Qq8SQeGBCTOOBvWDslGZq6ig/yiTgf993tmPSsLCNIcQD + EipN73w+353vvrvgeeC9/CHqcOyH4xBR0DtUNx2X8Id0KAdC2T+uc7bwsf27Yz99aKeH0ALhO/65 + z/Iy9kTAKBH/F2frlu99lVUOOx4lixg3PNa2/nBdflRB1WA8fMg8PWQIu61ESjJX2ktkn4lVUiB7 + AQRE4QhJaUZWRrjUlYe8d6mEXzoojw6pipbMFMTcON0oQk4X1umFcfrNnBIag7zltQMwy0FHZeU5 + m9FOVEeRarKq9GD58wf5J1JUi9hkrnVSjZYnjTgCx6nCkqImgwrL7FtyQwA451iNHxGT6iJO2sbc + afxQAH90EPJV7FKFSfhjRk2dsRXVxIaXKHNN6IOCC49TziFvgqx/tUi48eBJolK9ceA3VdvJ5sYz + +lSOzJ0FCLlnPX+cZoyXtOaLdBL14KA9WSUiFmuxdIYbBcCDrf8lQszSTFKipwDfYiJNltvO1vZd + igAu5QRB+xguB11wORh2EaKaQCW2zAERVC9AWL7F6lvWNqELgvoWgtaH7WK0bdMaYmtX+vYq21Ox + smR8TqVQw4WiSlNGWGajqzyT7agnkfkzAQ/dqAPGOXVSx2I/mrHhQARX46EfXUG33d29IAxHtI9l + wg5PsMXk2KkQFPXgfNDBNX3vJ3nDioySIgl9cmKhzB17QFeKzQOcqrvmKAiDYRz48SAUeyM+4NFu + wMeRED4bzYJ4fCD2lZTNwXQzPMKfXuembGnQhuvqnwqvKtwbWMQNPagoPH2zyGRuxlhBFsN6lbjR + PuDr4ak78rIl6d+efrx9jdvjk7evcXv88tY1RsoRenBgWoQmHDk100S6T4S69LhCp60LIFOwf65y + mcX9C2QaTo21uXg0BATV3mTax8xETXeRm0z7ngpe3+nvqeA1NH5PBZ2pwCIOqHitb9wtvT8w333I + lSUzr0XaCKRrCunbKWSbYGd6bYJFaPFyleRyqdGMGXFU5v2XfvwbTVeyfLn5sRZmhWKnOSvOpZqD + 2RGvTLXKt/VXk12frYB6V9iv5e5spOznWVxUCxLcOKyaYOXltNQHp0k6Tbno6Pb39cXh2mqzQGl7 + f3//CwAA//8DAGHTTVFuHQAA + headers: + Atl-Traceid: + - 2cd791982cd65b34 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aab23886-3111-47ef-8fc9-264cfda7ddf8 - x-envoy-upstream-service-time: - - '154' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11099 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/6Nz1Er8lhOAO0+ForuWux3FA2w+UYRR746jYkkeSIVzpf79d - 2cZACUNpmMHSSvv+7Gq/erCquMy8xNMgM9CQ/SGgyMxA8hLMwKRLKPlAVaC5FUqaAWTClmD5IF1y - mUOh8sEFaINnkB1CpcGAtM1db+AJkhxF4dYWbgwUC9wura1MEgQZLCC1mfqifG4Lbozg0pdgA5Rh - A16JIA6EMTUEnYBzuEL+/ePZ0fFwKwqRsnDGeslXz6DS2qTcQq70VWNchjtkiMM4GobjYTw9juJk - tJFEU386CX8L45BkOB32qgIn5pk2En8QhWEY33jdbjIwqRYVRQSpO8yUvCgGLBPGCplaVglIgakF - u1T63CfuVMkPuniKFQbSWkNwIeCSX3DL9Wsj/oPtEpNUly8a0l62HYWjaNpuj9HQ7d7lgUeJRl3H - 3JxTjuq5pVWy4IWBgdfJ8BIn5NvAswKBUWGSvUTW6IlXafUFzXtm9FpuFzuXjS52tLmV8N7SD1JY - iwIIXy03OfWXu2vUwl5yTY4ZUVaFQIRk97zB4DrIjKer8fQp5rZhbpW1ka4EBRZ/t+M8DjdRczxe - xeNnC3YpdCh5YdrvI7qiySqa/JyuVaesXTyibRSvRvHPaWvBabrFWm3fvlF9rz423QUzdnKKGcxz - DTnW9XcwREypom7KrKGktbGqdC3iDDXEm+sOpt/LaFpHQ6XCdO3PS4ZR2y8IwVqkjbqv39EIX2i+ - Waq6yN4IUxX8qkUhkjFQ9iPWLCGzVcEtdtqmkf14DTVd8qYvBo00TQXilruqpjg52z8RQcjcS6yu - yZhUA/pKVfdQn9yYbnV98n7UwnXhjNYdxH3LEEoLe/VMfzv2wDXbp7dLUfIcTEAcphMikLAU+dI3 - F3nfY94hpWtGsUdRuufKqHOl4HOgdkLgvHeJ6vLBQETrkBhNKSJLbmaVSN8Lee4e4zdQ0dss0w5C - DliX7uyGIpWc4dPM5wUcAjcNLHW78g7ef3i7t3/2fm93tn80O5sdHv5ziP5hCRkMCV44XgI7wL4p - LSO9TBimZHHFsCZFQUKZVexPoTk70FBi3bLaIMJ8V6X3vdhCgeG1CMPxYp54zZOB2cPw90V1p5Ax - EbmQvLh/qZ0s2vA6mBdoXdcLMLO5hJvbdUVV+wQkN7PCM8HXMN+8V3ef9x/DY4+333l6jqNUB7lO - eKNrtx1qfsrgbjJqagaVxN3zKuGSqlsVSu831syLGoa5xpbVjweKvVFNslVZ4bAnbZuFx/J3Nzif - 5e2/HZZrVVc0+fwhZIYtyTBEPpsDSFbVZgmZw9ze4Q5958CEvCAFBJqM4dDK8HWALCFhy9hnb0nc - Z/nSfV8m7ORGrJAJq/Jkw4/88JpCh5ErVMqLpTI2mYbTMFg0d8+cTUEcT06Ri50c0TOGnYa9U5dD - qx5mPmUBO4mMZf/WXFvQbCZzrKoSY/QIw/7B32ynxpJlRymXay42obq+ZkeAtUCG4Hr348x9PjWf - Lh+0aR9LWh4Li1VLrC7/uEJBjBobu2YnKGMYY6UOo0k4jZ12wlN6AX4prAZf6TxIczGcC0lUgoGP - +9e02L7LfUoCt8a9kMvbQrAmOeFU4NhGtRxsjf2lLQviqnL859JCImL8HUKpLKBTGbDZCqNPPGzI - fjnIB+xFYV+x2I8iP2bsRW5fbbORHyKzOxj5E3/MuoNxfzD2N/zNjr7R0zd8lNXRJz2dlhs9naxr - 6ZE/6elxT49v3x/19JE/6unjnj7uHdjs9dLyFv1GLy3jX9cgBAO3gyPHBQwo+W7cZQ9lenNdpv8H - AAD//+xY207bQBD9lZGQkJMGR4SS0qA8UOABqaCqUPrQVIqxN4lbxza+BCrKv/fM7npZ59ICSqs+ - QFASe3Z2x2dmz5zNozKtvdeV6ZcsryfLYLt3mRf7k/aFN+416QxEoO6WYRScHNm3wBNIFVPsxLpd - vSbbrqFheb3jvmzI56Sq6iTtzt7uHvi7eSRbNLrnt4RYvAD8PzuSw+8NuFfEDzfe0ZzIz8e4+IKP - radvRfa/VP7r7AAPhXRZRrHIpGI0nYm7L0pGbv+HkUDGqIMmungVQYxSk8dHPLUbJm0vmIU5FAaE - +m6nA+EwYkCxASp1yBJimI6HBOVVeGjbHmWqan2uWmGqdqZjCyPupMXEKyjxsVBONxOIjgIaWDsy - fldeLijJ6Bonux+Es6bP+y7H7H7mjTgAaKZyGpNEhviRoKIzQZDRVNwklYtPuQ/0cNxgJYKlQn9C - 2ImQ2FH4XUBkj7CKh7DTNAp9+duZVjxVwJEAPtihrNLtUerREFMZ594I5MCifCsveQjiy68jvZxG - Jicc8EM/TKAHrOBzdxB3FmeHUwykcw4G4eEMmUHoY16DDoswE4OnkcpEUWYxKhnf8jIqGF0rBoxb - GoTLAG5s4HyRIJ/4P0xiX6TFIB4Oh4OYz2wF3dEhngxa5576mP66DDPhbG7svN1Px/KjUY301bg+ - Qd5qJ4eN8purH43vVA4MVp+G58fvjw8vaJsOzmnzukyK/QH+5NztprrRos4Sa7M9GMT0ih8zTyLh - Qs47aZb4OGK5Ip41vnIsUMXwiNtt5TyUy6uQJHgOomiRI7Ksxeg1qM/kQ3eYWT8R5go47PuGBoas - HXeaBCVqBdutfr/6DaVXY2xowxWcDcsq1jZOC7xtLAvMbVnmuNuyzLG3ZZnjb8syx+DGssDhlqXO - 4sDpg/y1JKhA6umRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwM - kkGlZmGQDCqWRYFkUKlZFEhWMQGvCSqJS1Jzei8db6HUp2Eu2EtWH3cpfkOPwtWBz/sAhVleYetL - 9j8N5VFOk3/THF067q1726NP8jDP1KNpvkoIuDKCJXNtp51VTipXS31er/JRSVzqs7vKR6V3qU93 - lY/Kh/EhB6qMR3BfMr1NlkBL5bslCVclmJuMF+UJpap8XWK1YBZ9s2pRmdDfL6rLAf1pYQEscTJN - Pb/gnJ0lFMoLQvJnYSACOeC8EKnsGZnA/aD0hRqsdehH6KFMgNrzpzR96ZgmfLxm8eJ4wTSMG+Q0 - fk69MCqSnpEgS5Xsi4q19rPNf49Qsd3nqtiuVLHdf6Fi13O6rUror6vY7f9Ixf4CAAD//xptxY7g - ViwAAAD//+xay26DMBD8l0o5GrB5hUOURmor9ZZzbo5NWqkiIB7K73cXG8qSkEqtFHFA4mDhtb2s - 8TBo5qp3YbFDWkaQm7Aygt2ElRH0JqyM4DdhZQTBCSsjGE5Y2RDFFxbb1Wthsd2YhcW2r8N8WCy3 - A39hsddKO59S2nnQdaAIV5dSfbXKPloPxqHhxBzeZEevXndPNBU4pWZ7va+CiL1jkVDWtVSfqJbd - VNG9pM+jyTKJMujTTWUPC4dehrz8o1CKtGMrlUK3xLvehCcZ+Jof14EXHiGROE64EBGu0wfBCnfC - UtzVndawRgWRPzkgzqAv5jm/yKpAjoqT3jUnGUON81GaMPj2Z65puiEXPEi5l/pCJ5HyVRhztQ61 - 9mR04ul6qzftLCt/txJvcJlxLJNnK1MyZm5VTlOxC1SECQffescgHZaMFVJWWDEY3/JxOFXQfNmz - yCnOmP/Y9TT/jMfeqflnPPZfzT1jACJt3E/WWjD8j9xb4yCeJ9S2jCXJgNkBgBbCX5syL1L3APij - 0JBjDx76/aC3P8m4jnUuWldCaWF2gYLHb/oCBY/I+L9Q8A0AAP//oreL6VgUoLcggO0npepakB5Y - OwTo9nRIVqwGrSGGsg2AFuaXJOYAWVhMwbWs0QC+rBFdAr5IEF0C3m4Ddqkzi/LzII0fiFBKKXTd - OoRLjEvLgG1fcpezoa8dhZgFNxNoUUZicVg+eF0dbP0qMGlBXFwNY0JLXbLtB6/w14eZq6OUm1gR - BBl2QfEreEVcUYljCcTfoIW5oFVzIJ/DxVE1G6HohmoAu7a2thYAAAD//wMA8HaBv/4wAAA= - headers: - ATL-TraceId: - - aad664a6e8d1ecab - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 1cb6c0a7-58eb-4961-a42b-11afd1cafd91 - x-envoy-upstream-service-time: - - '121' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J+pE1N9GDiqxCuydZJGkmWEmT0qTCsux/N8XFj9vwzvPM - y5yIkgH3syWCvMc4BbHZaDTYR+0/fCGjlSEM0hUOI8nIJ85h8C7BFIAWUEDe7m5e2vvn7ne7W0aV - JiJeVyiDDA4Z0ThZfxzRxe44YTpwa/2ik6SWwepvhYhVqPklvJNxBRkwmkOVM97RSgAVZVUAwBUw - gOQHnFNvN4z/2G1HmShrQa+Lumx+2H58cMYnkLMtb2qjZF9iKbGB3jS8UVpJDqYHkFXFucLyT0G0 - a8PjMEuyvmPkYuOT7+Uan4i9TATd274l5/MXAAAA//8DACUWjGVaAQAA - headers: - ATL-TraceId: - - f5a9d13117b19544 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + X-Arequestid: + - 33dea897-e7d6-46fb-a662-d43925f55bb4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4bcbbac6-2d1f-4df2-930c-f4bb25596fc8 - x-envoy-upstream-service-time: - - '31' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1247,110 +895,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11794 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - caa7cea80c5d18a8 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDcMGHU6HQomoaWUGpJ8IAxzSGvpgnSn3J2MncB/765k + 2cHgTKDTjD9Iurt9f/a59WcHphWXqRM7GmQKGtJDAUVqXMlLMK5Jcii5qyrQ3AoljQupsCVY7iY5 + lxkUKnMnoA3uQTqCSoMBaednk9pYVY5J4VUYBGHgafhYg7HnswpONU+sSMBxHUH2w3Bnt48fBoox + fubWVib2/RTGkNhUfVAetwU3RnDpSbA+WrI+r4Qf+cKYGvxOwQ3MUP7kfHh23gv7W9u41LhgnPiz + Y9C32iTcQqb0rI0hxS+UiIIo6gWDXrh7HgRxFMT9LW9nq/9zEAUBOUlGLDreqHmhkyTvYyqCaBH2 + /CMFk2hRUeJwdY+ZkheFy1JhrJCJZZWABJgas1ulbzySTpR8o4tnelFLQeXixRWfcMu1PxFw6zdu + LR2cb4XBZjj4zYhP8GuJZa9LtEqwQJPn3NxQreprS2/xmBcGXKcVPMK4GlnXyQUCRyf57BgmgL4G + 965jBSKrQpQ4sawxRmcFJpvBuo2w26i0+oChvrASc+mmDk1luzrQxxfoWYb7RgprUYFxFrYJwn82 + Z40a21uuCchGlFUh0OF0JSVYqAZ+/cG0P3imu18pWRfJomD9YAfdiPrTqP//Wmlh0YAUDYbb03D7 + exicdhY3o+lm9D0szpF/f/8YjlEHx7GYvm05EIt8cYlFzzINGdLKI6yjO6qo2y5/EuTRzrqNwbqN + 3cfKW0prV4kwGvZ24l7oOpgc+xYDJ4zOD3CLNN/S4/O7qSXfJd36rTpNvdK87qua4g+JQt/RgpCZ + E1tdw/2cVUmbFkmblc+P1sgzPGpyVRfpgTBVwWfz/qKqaMBgqYWfIvDN3agj8NW0raOZaEEzqxuL + gq9ubC6JSSgt7OyFuezE/eZ6+HaCFyXPwPgkYTolAhdykeWemWRLJnuNKx3lRc49weEaiJsItqv3 + 9faaeMN1GA0HFHjOzbASybGQN4e0cwAVzRYy6arW1PK22VusSCWHOFrw6wJGwE2LBD1/c06P37w6 + Ork6PtofnpwNr4aj0d8jDAOby2DkeOA8B3aKJCwtI7tMGKZkMWPY0KIgpcwq9ofQnJ1qKLGjWW0Q + o95TjR1iQznBnQiCQfEpdlbaGXObCckLrBqmfdlmtLe6Np+M5ultcF2gdx1LYAEzCYvTdUVt+w1I + boeYF2KsFV5cfg/njufBbgmr33lyg6Ngh6xOeWtrfz5t/SeHu5GtbQ00EnV3tYRb6m5VKH3SenNd + 1NDLNLLEcmBR7EC1xVZlhcOqtPMqfK2mD5PzXn7522OZVnVFI9mhkCmSmmGIfHYNIFlVmxzSBnNH + oz16XgMTckIGCEgpw6Gb4b0BaUzK8shjr0jde7nRPDdidrFQK2TMxpiRPA68TS+4o+xh8gqV8CJX + xsaDYBD44/b4VeOWv3uJYuziDJKaGIW9Vrc9q54WvWQ+uwiNZf/UXFvQbCgzbKsSk/QVgZPTv9he + jT3LzhIu1xxsc3V3x85wAGwcwff9t8Pm8a59dAWhj/k9Sq/nwmLbkmgDAHxDRYwIjN2xC9TRi5CJ + euF2GO421glQcpJ6EmdmL1MTf1IXEiFmkQL8h+cvSUU/aFNJcskteKWwGjylMx/7kBM2Bc591L8+ + HvVyWxYk11QCn00tSM8IsrrgmLUp/f1p3D8AKXhB2DgDPcF/OazHfjwkQZf9UNhfUHjLi35akzRU + uoc33wRcykczT7I7yuNGl8V4o0kErbGNgxrYAYIKF8+gsh4Ld1xGFMIeIrb75aG3gOx7+S8AAAD/ + /+xZ30/bMBD+VyIkJqhImqRNKZ0Qq8SQeGBCTOOBvWDslGZq6ig/yiTgf993tmPSsLCNIcQDEipJ + 7ny+3J0/f77gfuC9/EvU5dgPxyGqoHeoVjoW4Q/pEAbC2T+Oc7bws/271376pZ0eSguC7/jnPivL + mBMFo0z8X52tR773VVY54niULGKs8FjH+sN1+VEVVUPx8AF5ekAIO60EJJkl7SWyz8QqKYBe2Ouj + cARQmlGUUS71zkPZu1TGLx1sjw65iiOZ2RBzk3TjCCVd2KQXJuk3cwI0BnvLawdklkOOnZXnbEYz + 0T4KqMmq0kPkzx/sn0hRLWKDXOuimi1PGnUEjVPFHEUthhSR2bfihgFozjEaD1GTaiFO2sHcaTwo + wD86BPkqdmmHSfhjRS2dsRXtiY0sEXJN6IeKC7dTzmFvAtS/WiTcZPAkUVBvEvhN7e0Uc5MZ/VaO + zJ0FBLlnM3+cZoyXNOaLdBJ14+B4skpELNZq6QwrCoQHU/9LhZihmSSgpwLfYiJNltvO1vZdigIu + 5QRF+5guB110ORh2CaImNSpzUATF/InLt1R9q9oWWApav1OXYhcl9buOTb49Nq3RuzYFYGXJ+Jy2 + Qk0XiipNGXGZja7tmWJHZxKZP5Pw0Io6YJzTuelY7EczNhyI4Go89KMrOL67uxeE4YjmsUqY4Qm1 + mBI7FYKqHpoPPrjm3PtJ3rAiI1Ako092LFQeYg/sSql5oFP1qTkKwmAYB348CMXeiA94tBvwcSSE + z0azIB4fiH1lZXMw3QyP8KfHuSlbGrbhuvpR4VWFe4OIuKEHF4WnVxaFzM0YKyhiGK+AG8cHXB6e + uiMvW5L/7e7H2/e43T55+x632y9v3WNAjtCNA3NEaNKRU9NNpPVErEs3JzRsXYCZQv1zlcss7l8A + gjidn83CoyYgpHYl0zymJ2pOF7lB2ncoeP2kv0PBa3j8DgWdUGCJBVy81ivulr4fmGsfdmXJzGeR + Nj3p6kL6XV1I33Yh2wLL0OLlKsnlUrMZ0+KozPcvfftXnspUW7itLw3YPQPgGp/u+rXdnY2U/TyL + i2pBhhtzq4ZSXk5L7cdKli/XtdbGrFHMNWfFuVT9uLrVTJ106nLRlNaRdW/DNXfNABWe+/v7XwAA + AP//AwDkarhBbh0AAA== + headers: + Atl-Traceid: + - e906af3ad54772b0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c6985f5e-9304-42c6-b753-6f3b9d636ed0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '276' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a07135ee-c9b6-4a36-b385-864bf330f3b9 - x-envoy-upstream-service-time: - - '71' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1360,98 +1000,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 1d831ce57b5e8099 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPy2rDMBBF/2W2tZWx/JCrXWkWbSlpwc6qhCJbEnGRJWPJhRDy75Vp6GM33Dln + LnOGTni1nw1wOIYweb7ZSKVVH6T7cEQEI7wfhCVWBUjgU81+cDbCGWJGkGDa7O5em4eX9ne7W8Yu + TsDfVijBBA8JSDUZdxqVDe1pUvHAvXGLjFK3DEZ+K8CjQLG8hlsRVpAipSnWacZarDkyTkuCiDeR + xOh7Ncfedhj/sbctIqfIC0bKvPhh+/HRahfBqsiYzrXWOasprTCvEYtS0CrrBcqqZ6xQmFd/C4JZ + G56GWcD6jhaLCc+uF2t8BnOdQNn3fQOXyxcAAAD//wMAIfIEfFoBAAA= + headers: + Atl-Traceid: + - 91ee90484215d565 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 2a996376-7cb9-4074-b7d9-084215e2ba3e - x-envoy-upstream-service-time: - - '97' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", - "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/227] - in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] - / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2857]\n*Defect Dojo link:* - http://localhost:8080/finding/2857 (2857)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* - [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": - "High"}}}' + X-Arequestid: + - 4cfbc346-2727-494f-ac3e-0886275fae2d + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1462,53 +1071,118 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: - string: '{"id":"11100","key":"NTEST-911","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11100"}' - headers: - ATL-TraceId: - - 3f0dee183b277eb4 - Connection: - - keep-alive + string: !!binary | + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - acb21196ed5da32b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dc829adb-f8d1-4e1f-9a13-4447a6a9f706 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 167a7dad-026e-4e07-a71a-75027ba2a144 - x-envoy-upstream-service-time: - - '390' status: - code: 201 - message: Created + code: 200 + message: OK - request: - body: null + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", + "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/7] + in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] + / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/280]\n*Defect Dojo link:* http://localhost:8080/finding/280 + (280)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/279]\n*Defect + Dojo link:* http://localhost:8080/finding/279 (279)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": + "High"}}}' headers: Accept: - application/json,*.*;q=0.9 @@ -1518,95 +1192,60 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '3307' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-911 + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jdSSH3DdCikLb0ex4W0/UAZRtgbW+BIHklOwpX+99uV - baBpw1F6MIOltfft2WdX4osHy4rLzEs8DTIDDdlrAWVmepLPwPRMWsCM91QFmluhpOlBJuwMLO+l - BZc5lCrvzUEbfAfZGCoNBqRtvvV6niDLURSFIW4MlFPcFtZWJgmCDKaQ2kxdKJ/bkhsjuPQl2ABt - 2IBXIogDYUwNQWfgEq5Q/3AyOp70X0QRSqYuWC/54hl0WpuUW8iVvmqCy3CHCnEYR/1w0I+HkyhO - Np8ncehvboe/hbGz6nzYqwqcmUfGSPoBRhnGN1m3mwxMqkVFiKB0l5kZL8sey4SxQqaWVQJSYGrK - Fkpf+qSdKvlBlw+JwkBaawjmAhZ8zi3XL434B3ZmWKR69qQRHWQ7UbgZDdvtBAPduU2551Gh0deE - m0uqUX1uaZVMeWmg53U2vMQZ+drzrEBiVFhkL5E1ZuJVWl1geI9Er9V22LlqdNitFPw20g9SWIsG - iF+tNiX1h/vWqKldcE2JGTGrSoEMyVayQXAdZQbD5WD4kHBbmFtnLdKVIGDx5y7Og3AbPceDZTx4 - tGFXQseSJ6Z93uMr2lpGW7/ma9k5axf3eNuMl5vxr3lryWm6xVpvX79Sfy8/NtMFK3ZyihXMcw05 - 9vV3NEROqbJu2qyRpLWxauZGxBl6iLfXvRh+b6MZHY2UGtONPy/pR+28IAZrkTbuvnwnI35h+KZQ - dZntC1OV/KplIYoRKPsRe5aY2brgFidtM8h+voeaKXkzF4PGmqYGccs9VRNOLvZPJBAy9xKrawom - 1YC5Utf9aE5G4VY3J1dRC9fBGa17Ea97sXk7S4TSwl49EohOPXBT+OFzVMx4DiYgDdMZESgoRF74 - Zp7fDp+3KOmmVOy5Wp4DjRMi50pa1Jc/zDdax8RoSIkX3Iwqkb4X8tIdxvtQ0dks045CjlgL9+5G - IpUc4dHMz0sYAzcNLXW78o7ef3hzcHj2/mBvdHg8OhuNx3+NMQ1sIYOZ4weTAtgRzk1pGfllwjAl - yyuGPSlKMsqsYu+E5uxIwwz7ltUGGea7Ll3N4gUaDK9FGA6mF4m30rSIbS4kL7FqCPttl9G7VVl7 - s2jhdTQvMbpuFmABcwk3X9cVde0DmNzcFR7JsUb55rz69nj/Odrd0uoVTy/xKtUxqzPe+NprLzW/ - FHB3M2paA53E3fEqYUHdrUqlD5tozssa+rnGkXV7PVBsXzXFVrMKL3vStlW4r6bfgvNZ3v3dZblW - dUU3n9dCZjiSDEPms3MAyaraFJA5zh2Md+l5DkzIOTkgImUML60MTwfIEjJWxD57Q+Y+yw333EjY - yY1ZIRM2RUSKBC9+fnhN6CF4pUp5WShjk2E4DINp8/mZCyuI4+1TVGQnx3SS4Uxhb9Wib9WPlU9Z - wE4iY9nfNdcWNBvJHBtrhjDdo3B49CfbrbFr2XHK5ZoPG7Sur9kxYDtQILje+zhyj0/NoysJbdrz - kpYTYbFxSdVRAFdoiNEIY9fsBG30Y5xF/Wgril4470SpdA7+TFgNvtJ5kOaify4kSYkJPu5f0mLn - W+1TMjgIG2idlcVdK9iXnLgq8OpG/Rzgp35hZyXpucrg09WG7Iwhr0uOGC7p3wmXzD5IwUviyjHo - ucALc589fU2KPfaktL+j8nM/frYGQjS6i8fyHHqEjrsSsmtCdeOV5jItggnPkw12iBg20lqU2cH+ - XRFCjOkQQYs74u63iPwbErv9pv//p9ERNIiHz7eRFhv7rvmxLy8Uo7GIgf23IntKf5+hesunfwEA - AP//7FltT9swEP4rUSUkmEiapE2BTohVGpP2gQkxjUlsHzB2CpGaOMpL2cT63/ec7bhpqqANIcQH - JFQS3/l89r34uctvTCOXoE1+P8XLD/xzn2JLknCpJTyna62P+bJeZChE6TayLm8iGwep/GfNjOOx - yecdkkSjRCaRlUxMe4kcMrFMSiQwXPdROEFemtOpwkOay4fMda0WuXZwQzrLtRbIS4Wxcry2srBW - Lo2V7+8opzHIy24doFYOOi5XXrA5rURXKXJNXlfez8xp7fJMinoRmy1ukhpYPG05DjjOFfQTDRnU - 2+r9sSW3BIDzDrMx2Jzd1OyBpqgV91sDKOtFD6FYxi5dMgnfZtTUOVvStWiHsSj5Gv2Qp+F1xjnk - TZH4bxYJV/Y7S1SuN+b7pi53OnFjF70nRxbOAoTCU3M+pznjFfF/kU6iXhzUIMtExEIxfK3ivNR2 - w7ioeayZTZhfIKQAgqDL/7iMmphLSvzk/btMpEm25+zu/UmBnio5hQ9vA+igD0AH4zYmqgpgAwXY - qaLoskY9MvxeQh8o9S0obbbax2jLpS7hqCFsAL4uKGBVxfgdXY0aQJR1mjJCN4O+C5vOjqoUWTwR - AlGAnTDOqQ5CfRnN2XgkgpvDsR/dQPGDg6MgDCe0jmXCCo+wxWTYmRAUBOBc6+CaiveDvGdlTnmO - hD7adtClsge8pdg8AKyhfhxGQRiM48CPR6E4mvARjw4CfhgJ4bPJPIgPT8SxkrIzmu2En/Cn57kp - ywz6cF09VHp16d7jRNzQI8f3dKDRkbk5YyWdGOarpI6CAo8fz92Jl2ekf7ef8fo17nZFXr/G3c7K - a9cYuUjovoYpGtpo5Ny0BCmeCHfpZoPOZ1fItWA/rQuZx8MrZBpOFbUJPOrkgWojmdYxPUlTbxQm - 076lgpc3+lsqeAmN31JBbyqwwAIq3uqIe6CPAObZh1xZsQWetrGSD7w1eFgNtgl9DUu/r2Hp24Zl - l2ChW5wtk0JmGuaYbkhtvkjp13/ZwlJWz9YV1rKsTCyEavZSqo5Z05mGa2mNH5pHk3WfvL76djds - 5O4PUvbrIi7rBQlu7VX1uopqVul9U8ud+mG0czu+OTncmG0mKG1Xq9VfAAAA//8DAE2aOM/YHAAA + string: '{"id":"11795","key":"NTEST-1457","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11795"}' headers: - ATL-TraceId: - - b0f3077a3588dc78 - Connection: - - keep-alive + Atl-Traceid: + - e837e466d4759e38 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5f3af8c4-67c8-456f-84b7-308e29265149 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '597' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8ad45d45-5cc2-4d2f-9b77-ec0d989fd96b - x-envoy-upstream-service-time: - - '108' status: - code: 200 - message: OK + code: 201 + message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1616,96 +1255,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11100 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1457 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jdSSH3DdCikLb0ex4W0/UAZRtgbW+BIHklOwhX+++3K - Nm9tOEoPZrC81r49++xKfPNgWXGZeYmnQWagIXsroMxMT/IZmJ5JC5jxnqpAcyuUND3IhJ2B5b20 - 4DKHUuW9OWiD3yAbQ6XBgLTNXq/nCbIcRVEY4ouBcoqvhbWVSYIggymkNlNnyue25MYILn0JNkAb - NuCVCOJAGFND0Bk4hwvU35+MDif9V1GEkqkL1ku+eQad1iblFnKlL5rgMnxDhTiMo3446MfDSRQn - 6y+TOPTXN8PfwthZdT7sRQXOzBNjJP0Aowzj66zblwxMqkVFiKB0m5kZL8sey4SxQqaWVQJSYGrK - Fkqf+6SdKvlJl4+JwkBaawjmAhZ8zi3Xr434B7ZmWKR69qwR7WVbUbgeDdvXCQa6dZNyz6NCo68J - N+dUo/rU0iqZ8tJAz+tseIkzctXzrEBiVFhkL5E1ZuJVWp1heE9Er9V22LlqdNjdK/hNpJ+ksBYN - EL9abUrqD7fXqKldcE2JGTGrSoEMye5lg+A6ygyGy8HwMeG2MLfOWqQrQcDiz22cB+Emeo4Hy3jw - ZMOuhI4lz0z7fMBXtLGMNn7N17Jz1i4e8LYeL9fjX/PWktN0i5Xerq6ov5efm+mCFTs6xgrmuYYc - +/o7GiKnVFk3bdZI0tpYNXMj4gQ9xJurPgy/t9GMjkZKjenGn5f0o56HadrP2HHEq2aDayfitBZp - E8C372TEOEzIFKous11hqpJftLxE8YJbnLTNIPv5Hmqm5PVcDBprmhrELXdUTThFFOkXEgiZe4nV - NblONWCu1HU/mpNRuNHNyfuohavgjFZ9iFd9WL+ZJUJpYS+eCESnHrgp/Pg5KmY8BxOQhumMCBQU - Ii98M89vhs97lHRTKvauiA2nQOOEyHkvLerLH+YbrWJiNKTEC25GlUg/CnnuDuNdqOhslmlHGEej - hft2LZFKjvBo5qcljIGbhoS6XXkHHz+929s/+bi3M9o/HJ2MxuO/xpgGtpDBzHHDpAB2gHNTWkZ+ - mTBMyfKCYU+Kkowyq9gHoTk70DDDvmW1QYb5rkvvZ/EKDYaXIgwH07PEa44MLBKifNNUdxoZ8c6F - 5OX9Te3NooXX0bzE6LpZgAXMJVzvrivq2kcwubkrPJFjjfL1eXX3eP852t3Q6g1Pz/Eq1TGrM974 - 2mkvNb8UcHczaloDncTd8SphQd2tSqX3m2hOyxr6ucYBdXM9UGxXNcVWswove9K2VXiofnfB+Spv - /26zXKu6opvPWyEzHEmGIfPZKYBkVW0KyBzn9sbb9DwFJuScHBBpMoaXVoanA2QJGStin70jc1/l - mnuuJezo2qyQCZsiIkWCFz8/vCT0ELxSpbwslLHJMByGwbTZfuLCCuJ48xgV2dEhnWQ4U9h7tehb - 9WPlYxawo8hY9nfNtQXNRjLHxpohTA8o7B/8ybZr7Fp2mHK5YmOD1uUlOwRsBwoE1zufR+7xpXl0 - JaGX9ryk5URYbFxSdRTAFRpiNMLYJTtCG/0YZ1E/2oiiV847USqdgz8TVoOvdB6kueifCklSYoKP - 769psXVX+5gMDsIGWmdlcdsK9iUnrgq8ulE/B7jVL+ysJD1XGXy62pCdMeR1yRHDJf074ZLZBSl4 - SVw5BD0XeGHus+dvSbHHnpX2d1R+6ccvVkCIRrfxEJ5Dj9BxV0J2SaiuvdFcpkUw4XmyxvYRw0Za - izLb270tQogxHSJocUvc/RaRf01i977u//9pdAQN4uHLTaTF2q5rfuzLM8VoLGJg/63IntPfF6je - 8ulfAAAA///sWW1P2zAQ/isREhJMJE3SppROiFUak/aBCTGNSWwfMHYKkZo4yhubWP/7nrMdtw0E - bQghPiChkvjO57PvfPfc5TemkUvQJr8f4+UH/rlPsSVJONcSntO1Vsd8Xi8yFKKUjazLm5uNg1T+ - s2LG8djg8w5BolUik4hK5k57iRww0SQlAhjSfRSOEZfmdKrwkDb5kLku1SKXDjKk06y0QFwqjJXj - lZWFtXJprHx7QzGNQV527QC1ctCRXHnB5rQSpVLEmryuvJ+Zs7bLEynqRWy2uElqYfF0zXHAcaqg - n2jJoF5X7w8teU0AOG8wG4Pt2U3NHmiKWnFvbQBlveghFE3sUpJJ+H1GTZ2zhtKiHcai5Gv0Q56G - 1xnnkDdF4L9aJFzZ7yRRsd6Y75tK7nTixi56T44snAUIhafmfE5zxivi/yKdRL04qEGaRMRCMXyt - 4rzUdsO4qHmsmc01P8OVAgiCLv/jMmpiLinwk/fvMJEm2a6zs/snBXqq5BQ+fB9AB30AOhi1BMqt - VQFsoAA71Q9d1qhHht9LsKC03VEfYx9I9W251CUcWHBXVYzfUPZ7oGrrgoSyTlNG6GarL2HT2VGV - IosnQiC6YEeMc6qDUF9GczYaiuBqMvKjKyi+v38QhOGY1rFMWOERtpgMOxOCLgE4Vzq4puL9IG9Z - mVOcI6GPth10qewBbyk2DwBroB8HURAGozjw42EoDsZ8yKP9gE8iIXw2ngfx5EgcKinbw9l2+Al/ - ep6bssygD9fVQ6VXl+4tTsQNPXJ8T180OjI3Z6ykE8N8FdRRUODx46k79vKM9O/2M16/xt2uyOvX - uNtZee0aIxYJ3cUwRcM6Gjk1LUG6T4S7dLNBx7MLxFqwH9eFzOPBBUIQp4raXDzq5IFqbzKtY3qS - pt4oTKR9CwUvb/S3UPASGr+Fgt5Q0EUcgFBbd0ua0yIM6H6tr+IdfR0wzz4WlBVb4OkBKX0NS7+v - YenbhmWXYKFbnDVJITONgUw3pDZfpPTrv2jayOrZusJalpWJhVDNnkvVMWv70HAtrfFd+2ii7pPX - V9/uBq3cva2U/TqLy3pBgtf2qnpdRTWr9L6p5U79MNq5Hd+cHG7MNhOUtsvl8i8AAAD//wMAz/yi - MNgcAAA= - headers: - ATL-TraceId: - - 7b5610153e1b9721 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsNNupkOhSchJZSapzkgTDMIh3LW6RddXflS0P+e8/R + xQ4GZwKdBh4k7e65f+fb448OLAsuEydyNMgENCSvBGSJ6Uieg+mYeAY576gCNLdCSdOBRNgcLO/E + My5TyFTamYM2uAfJGAoNBqRtzsalsSqfksLrwPcD39XwdwnGTlYFnGseWxGD03EE2Q+CwcEefhjI + pvg5s7YwkeclMIXYJuov5XKbcWMEl64E66El6/FCeKEnjCnBaxXcwgrlzyaji0k36O8NcKlywTjR + R8egb6WJuYVU6VUdQ4JfKBH6Ydj1h93gYOL7UehH/aG7Nxj86Ie+T06SEYuOV2qe6STJe5gKP1yH + 3XwkYGItCkocrh4yk/Ms67BEGCtkbFkhIAampmyh9K1L0rGSb3X2RC9KKahcPLvmc2659uYCFl7l + 1sbBZivwe8HwZyP+gZc5lr3M0SrBAk1OuLmlWpU3lt6iKc8MdJxa8ATjqmQ7zkwgcHQ8W53CHNBX + /1PHsQKRVSBKnEiWGKOzBZOev2sjaDcKrf7CUJ9ZiUa6qkNV2bYO9PEZejbhvpXCWlRgnLVtgvBv + 1VmjpnbBNQHZiLzIBDqcbKUEC1XBrz9c9odPdPcLJWsjWRes7xPcw/4y7P+/VmpYVCBFg8H+Mtj/ + FgaXrcVeuOyF38Jig/xPnx7CMWzhOBXLdzUHYpEvr7DoaaohRVp5gHV0R2Vl3eWPgjwc7NoY7to4 + eKi8prR6lQijYm8n6gYNj1FWtIhrPz4+WCOsYsBmpsosORamyPiqQTQuL7jFa6Gm06d3X03WG3r2 + anWaeqt6PVIl5aty9T0tCJk6kdUl2Ual9h2WjTqsyYYGDJZa+DECD4OwJfDttO2imXBNM9sb64Jv + b/Q2xCSUFnb1zNy04l51PXw9wYucp2A8kjCtEoELM5HOXDNPN0z2BldaygudKqE3QNxEsN2+r/d3 + xBvswmgwpMBn3IwKEZ8KefuKdo6hoNlCxi2GKmQtqr31ilRyhKMFv8lgDNzUuNTNm3N++vb1ydn1 + 6cnR6OxidD0aj/8YYxjYXAYjxwOTGbBzJGFpGdllwjAlsxXDhhYZKWVWsV+F5uxcQ44dzUqDmHMf + a+wAG8rx74TvD/NB5NQ3FhYJs7zpqnstjvlOheTZ9qFmMmrSWyE/Q+9alsACphLWp8uC2vYrkFwP + Mc/EWC28vvzuzx1Pg90GVr/w+BZHwRZZrfLa1lEzbf0nh9uRrW4NNBK2d7WEBXW3ypQ+q725yUro + pho5azOwKHas6mKrvMBhVdqmCl+q3/3kfJCf/x+yVKuyoJHslZAJkpRhiHx2AyBZUZoZJBXmTsaH + 9LwBJuScDBBoEoZDN8N7A5KIlM1Cl70mdR/ki+r5ImKXa7VCRkxi9FZwq3Tku3tu745SiBnMVMyz + mTI2GvpD35vWMteVb97gCmXZ5QXEJdEKe6MWXaseF71iHrsMjGV/llxb0GwkU+ytHDP1BYGz89/Z + YYmNyy5iLnccrBN2d8cucAqsHMH3o3ej6vG+frRVoY/mMqXXibDYuyRaoQDfUBEjFmN37BJ1dEPs + 1y6Om2FQWSdUyXniShyc3VTNvXmZScSZRR7w7p+/IhU931/LxQtwc2E1uEqnHjYjJ4AKHP6oiT08 + 6s5snpHcphz4URWElIX4N4a0zDimb0k/hqo4jkEKnhFSLkDP8TcP67Lvz9YaOuy7zP70EtXsu/4P + O3KI6g/xbp5Dh9JTzZjssVzsY2x7vYOvzsX+vwAAAP//7FnbbtpAEP2VVaVUgGKDjcFAFaVINFKk + pkKN2of0hcW7gCvAli/wko/vmfXaXMKlJQqiUpQIsGfGOzuXMzvjjF/Zwvl7WzhHbXFeOyBv8uDq + VJRN6B6r9FLJekg43HyUYWIyy71mBK9sM5vzv4llFumsruvmW7o1z9eqrdKk0lN4CKj6HTCqFFD7 + qBwr4aO8ywCHt88qyD0QfuHLOCkNsCaiSD3idYm46YPKY5BGsOadP5XAQZlZ/OM4+cQ9D7tQP1dB + tybYW+F1BbhaqBEAyDUGmn5Q5WLhx8B8SWXQBZSPyOoIpLxek08HqxUGDCcLRvqjm9VniUjHg9aO + 4kEU8RDreOBJgsIYX7PlxPcmDMfr8RjImgLqWMix1nzMOEOD4EEQpxUv4iPSY9BVGzW+8vk4BQgP + 2ERyAckFR2kzs92ynyuFHgKRTuV6ldik5+1JZz0mwdJXZ2+R00Ee52Rr8wngnEAcNxHlKsk7xx1D + 6N6hD4ovXNK2YjwlTIdT39NOe/BVTdQ++6EOQWRh7YxMGQZwmYIQ6c1D7n4Wci8hmW8B89UFQx+3 + 8IUUG+H0HUmFkyGW/peg0KJhQMWQYrzExcyfl1mp/DxDDCdBp4jbnajx1ojhtk9DDLcNxHDbr0WM + k4rFC8Q4tVytO/jciNF8R4wzIIbzfyFGsxA9ghgvJxHWvkmE5ewjNHICdS9JhJBRQxIa2myx1grW + bcK+7r5WdPf5ZvcxFhOpjWZ4u4lSIT2hPmLnlKFWjK/idDbj1CZ+ONj5kAFp5hNEJzaU1PnfIv5o + znQvbhoj7tSFNWw5tcYQCrlu27LtJvWvBRNWOMAmybtdISi2wbnSwdBzxc/BkschgSM99OBEWNlc + muheFZuJdjWfSjYs23KkVZN1W7SbXt1ruJbXaghR482RJVu34kY95arevbLv8J/JGTM+142cYWS3 + YjONjSUsYtgmVBRmll5kMiPkPCaLQV4BOJ/G+NnrG00znJP+29Ply9d4ezx9+Rpvj7cvXWPgjsjG + xHoEs34s6eu3NZRP1Lllw9wMu57Q9IP9SxoFoaw+AW48mk/qxKOXLKAWmUzr6HdOenoTabh9h4JT + nf4HAAD//yI/0keLAnq4mKZFAQAAAP//ooGL6VgUwJsdQCemQ3JcNWh+Fso2AJqbX5IInXZGb3bg + muUxwDXLYwCf5UGXgDfTUvPKMovy8yBtHegQcil0fQGES4xLy/JLqDe7BjEMbijQpozE4rB88DwD + bEIPmIQgTq6GMaGlK9kOAK/F0IeZq6OUm1gRlFpcmgMyGMmz4BmCohLHEojHQTOVoFkEkNfh4qia + jVB0QzWAXVtbWwsAAAD//wMAX1aBXM4iAAA= + headers: + Atl-Traceid: + - 8236eed86b05b4fb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fdf7e961-ac74-4313-ad05-fc0e9d32fd40 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '261' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0c0c06b8-f269-4508-81d4-dfc035804878 - x-envoy-upstream-service-time: - - '166' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1715,61 +1362,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11795 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtJssuYkeVGQV2j2JSJJOsZImpU2FZdn/boqLH7fhneeZ - lzmB0TMdJgcK3mMcZ7XZtNSRjW34CIWOTs9zr33hKUIGnzTNffAJZoiswALzen/9XN89Nb/b/TKY - NIF6WaEMM3zNoKXRheNAPjbHkdKBGxeWNklm6V37rYBaha28hLc6riBHznKsci4bVilkqqwKRLxC - jpj8mabU2/TDP3bXMK7KreKiYEz8sHa4911IoOQ7Kbad0bakUpNA2wkpTGu0xM4i6qqS0lD5pyC6 - teGhnzSs73R6cfExWL3GJ3CXCci/HWo4n78AAAD//wMAQvyA9VoBAAA= - headers: - ATL-TraceId: - - a7f212cc1fe5ed70 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJsNNupkOhSchJZSapzkgTDMIh3LW6RddXflSwP/vedI + lp0YnAl0GniQtLvn/p1vjz86sCi5TJ3Y0SBT0JC+EpCnxpW8AOOaZAoFd1UJmluhpHEhFbYAy91k + ymUGucrcGWiDe5COoNRgQNrV2aQyVhUTUngdBkEYeBr+rsDY8bKEc80TKxJwXEeQ/TDsH+zhh4F8 + gp9Ta0sT+34KE0hsqv5SHrc5N0Zw6UmwPlqyPi+FH/nCmAr8VsEtLFH+bDy8GHfC3l4fl2oXjBN/ + dAz6VpmEW8iUXjYxpPiFElEQRZ1g0AkPxkEQR0HcG3h7/f6PQRQE5CQZseh4reaZTpK8j6kIonXY + q48UTKJFSYnD1UNmCp7nLkuFsUImlpUCEmBqwuZK33oknSj5VudP9KKSgsrF82s+45ZrfyZg7tdu + bRxcbYVBNxz8bMQ/8LLAslcFWiVYoMkxN7dUq+rG0ls84bkB12kETzCuWtZ1pgKBo5Pp8hRmgL4G + 965jBSKrRJQ4sawwRmcLJt2g3Si1+gsjembCV9J1uusCtummj09AsonqrRTWogLjrG0TUn+rzxo1 + sXOuCa9GFGUu0OF0K3KsR42y3mDRGzzR3S9Upo1kXZdeQKiOeouo9/9aaapfYxENhvuLcP9bGFy0 + FrvRoht9C4srgN/fP4RjuAunUbsxEYt3DQdi9S+vEA1ZpiFDWnmAdfRT5VXT5Y9qjfq7Nga7Ng4e + Km8orVklwqjZ24k7oetg1uw7zAiBd3WAW6T5hh6f3mYN+W7o1m/UaWqi+vVIVRR/SBT6nhaEzJzY + 6gruV6xK2rRImqx8fLBGnuFRM1VVnh4LU+Z8uWo8KpcGDJZ6+zECj8KoJfDttK1pZntjV8GjdcFL + LZQWdvnMlLXifn0LfD2Pi4JnYHySMK0SgQtTkU09M8s2TPYGV1rKi5yHoI66bSg5vwEiLYLt9n29 + vyMR4S6MhgPKyJSbYSmSUyFvX9HOMZQ0W8ikrVpdy3m9t16RSg5xtOA3OYyAmwYJevXmnJ++fX1y + dn16cjQ8uxheD0ejP0YYHzaXwZTggfEU2Dmys7SM7DJhmJL5kmGni5yUMqvYr0Jzdq6hwFZnlUGM + eo91fIgN5QR3IggGRT92ttoZk54JyXMsJ9Zj02a0t722moxW6a1xnaN3LUtgZTMJ69NVSW37FUhu + hphngq8RXt+Kn88dT8PjBm+/8OQWR8EWcq3yxtbRatr6Tw63I1vTM2gkai9xCXPqbpUrfdZ4c5NX + 0Mk0ssRmYFHsWDXFVkWJw6q0qyp8qaafJ+eD/PT/kGVaVSWNZK+ETJHUDEPksxsAycrKTCGtMXcy + OqTnDTAhZ2SAgJQyHLoZ3huQxqRsGnnsNan7IF/Uzxcxu1yrFTJmEqO3glul48Db87p3lELMYK4S + nk+VsfEgGAT+pJG5rn3z+1coyy4vIKmIb9gbNe9Y9bjoFfPZZWgs+7Pi2oJmQ5lhbxWYqS8InJ3/ + zg4rbFx2kXC542CTsLs7doFTYO0Ivh+9G9aP982jrQp9rC5Teh0Li71LojUK8A0VMaI3dscuUUcn + wn7t4LgZhbV1QpWcpZ7EwdnL1MyfVblEnFnkAf/z81ekohsEa7lkDl4hrAZP6czHZuQEUIFTITWx + j0e9qS1yktuUAz/qgpCyCP9GkFU5x/Qt6MdQHccxSMFzQsoF6Bn+5mEd9v3ZWoPLvsvtTy9Rzb4X + /LAjh6j+EG/DGbiUnnr4ZI/lYh9j2+sefHUu9v8FAAD//+xZ227aQBD9lVWlVIBig43BQBWlSDRS + pKZCjdqH9IXFu4ArwJYv8JKP75n12lzCpSUKolIEAts7szs7lzM744xe6cL5e104R3VxXj0gbnLn + 6lSUTugZq/RSyXoIODx8lGFiMsu9ZgSvbDOa88/EMotwVvd18y3Nmsdr1VZhUukpPARU/Q4YZQqI + fZSPlfBT3qWAw9tnFcQeBn7hzzgpDLAmvEhN8bpA3LRB5TFII2jzzp9K4KDMNP5xnHzinoddqMuV + 060x9lZ4XQGuFmIEAHKNgaYfVLlY+DEwX1IadAHlI9I6HCnP12TTwWqFAcPJgpH8qGb1WSLS/qCl + I38QhT/E2h94kiAxxtdsOfG9CcOBdjwGsqaAOhZyrDUfM85QIHhgxGnFi/iI5Bh01UaNr3w+TgHC + AzaRXIBzwZHazGy37OdKoIdApFO5niU2x/PypLPukyDpq7O6yMcxPM6Hrc0ZQDkBOx7Cy1WQd44b + htC9Qz/kX7ilbcWYJUyHU9/TRnvwVU7UNvuhDkGkYW2MTBgGcJliINKbB9/9LOReQjzfAuarG4YC + b+ELKTbc6TuCCidDLP0vTqFZw4CSIfl4iYuZPy+zUvl5Bh9Ogk7htztR460Rw22fhhhuG4jhtl+L + GCclixeIcWq6WjfwuRGj+Y4YZ0AM5/9CjGbBegQxXnYirH2dCMtZLy6TCJ6heifUDdkmbeyZo7Z3 + YF91Xyuq+3yz+wiLjpTy2gmVCjv6X9tF1fYsRfsqTmczTmXih4OVDymQej5BdGJBSZX/LfyP+lL3 + 4qYx4k5dWMOWU2sMIZDrti3bblL9WhBhhQNkkqzbFYJ8G5QrGQzdcPwcLHkcEjjSpAdbxUrn0kT1 + qshMlKt5u7Jh2ZYjrZqs26Ld9Opew7W8VkOIGm+OLNm6FTdqlqt698q+wzfjM2Z8rgs5w8gexWYa + G0toxLBNiCjMLLxIZUbIeUwaA78CcD6NcdnrG00znJP8223ny5d4u299+RJv970vXWIAksgas7oF + s34s6evXOBRPVLllzd8M1J5Q9IP8SxoFoaw+AW48alzqwKO3LxgtIpnW0e+cdPcm0nD7DgWnGv0P + AAAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMCbGUAnpkNyXDVo4hbKNgCam1+SCJ12Rm924Jrl + MYDP8qBLwOdM0CXgzbTUvLLMovw8SEMIOoRcCl1fAOES49Ky/BLqzcZBDIMbCrQpI7E4LB88zwCf + QsvPhTi5GsaElq5kOwC8FkMfZq6OUm5iRVBqcWkOyGAkz4JnCIpKHEsgHgfNVIJmEUBeh4ujajZC + 0Q3VAHZtbW0tAAAA//8DAMCi87fOIgAA + headers: + Atl-Traceid: + - cb5d6d3fb04c97e0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 23541118-bacc-44bf-9b53-68127fbb2fd8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '222' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a903f41a-84e9-4cd6-a100-e6877527943b - x-envoy-upstream-service-time: - - '34' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1779,110 +1469,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 403326264e3af0d0 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTpG1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+29687O6f29/tdhm7 + NIF4XaEMMzxkoPRk/XHULrbHSacDt9YvKkndMlj1rYBIAsXqEt7JuIIUKc2xyQveYiOQC1oRRLxK + JCY/6Dn1tsP4j71uEQVFUTHCKv7D9uODMz6BdVlww4wxjDeU1sgaxLKStC56iaruOS81svpvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwBL3jXNWgEAAA== + headers: + Atl-Traceid: + - 0dc3083023d4a3da + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a5675322-a759-47f0-aeb7-73b693cba44f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e835a8b1-836c-4156-9de1-ee4f86122aff - x-envoy-upstream-service-time: - - '71' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1892,98 +1539,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11098 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11793 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxIUYdJkPBSWgppcZJPhCGOaS1fEG609ydbNOQ/97d - k2QDwZSQmg+6O2nfnn12b/niwbLkMvViT4NMQUP6RkCemo7kBZiOSWZQ8I4qQXMrlDQdSIUtwPJO - MuMyg1xlnTlog+8gHUOpwYC09bdexxOkOQyDnSFuDORT3M6sLU3s+ylMIbGp+qx63ObcGMFlT4L1 - UYf1eSn8yBfGVOC3Cq7gGuWPJ6PTSXcn2MGTqXPWi794Bo1WJuEWMqWva+dS3KFAFERhNxh0o+Ek - jOL+Vhy+6vXDrV+CKAjIR7Jhr0twap7pI8n7YRAE0SrqZpOCSbQoCRE83WOm4HneYakwVsjEslJA - AkxN2ULpqx5JJ0q+1/lTvDCQVBr8uYAFn3PL9Wsj/oHdApNUFS/qo8N0Nwz64bDZTtDR3XXIHY8S - jbYm3FxRjqpLS6t4ynMDHa/V4cVOydeOZwUSo8Qke7GsMBKv1OozuvdM9Bpph53LRosdbW4lfO3p - eymsRQXEr0aagvrDfWvU1C64psCMKMpcIEPSe9EguI4yg+FyMHyKuw3MjbEG6VIQsPi7jfMgeIWW - o8EyGjxbsUuhY8kL0zwfsRVuL8PtH7O1bI01i0es9aNlP/oxaw05TbvYaO3rV6rv5Ye6u2DGzs4x - g1mmIcO6/oaGyCmVV3WZ1SdJZawqXIu4QAvRq00vht/qqFtHfUqF6dqfF3fDpl8Qg7VIanNfvjkj - fqH7ZqaqPD0Qpsz5dcNCPEag7AesWWJmY4Jb7LR1I/v+Gqq75Kov+rU2TQXilvuqIpyc7x/pQMjM - i62uyJlEA8ZKVfdQnwwGUdsn76MWbIIz3PQi2vSiv+4lQmlhr58JRCvuuy789D4qCp6B8UnCtEoE - HsxENuuZebZuPu/wpO1SkedyeQnUToic98Kiunww3nATE8MhBT7jZlSK5EjIK3cZH0BJd7NMWgo5 - Yi3cu9WJVHKEVzO/zGEM3NS01M3KOzl6//bw+OLocH90fDq6GI3Hf40xDCwhg5HjB5MZsBPsm9Iy - ssuEYUrm1wxrUuSklFnFfheasxMNBdYtqwwyrOeq9H4UO6gwuBFBMJj2Y6++MjBJiPK6qO4UMuKd - Ccnz+x81k0UDr6N5jt61vQATmElYfV2VVLVPYHI9KzyTY7Xw6r66e71/H+3WtPqNJ1c4SrXMapXX - tvaboeaHHG4no7o00EjUXq8SFlTdKlf6uPbmMq+gm2lsWevxQLEDVSdbFSUOe9I2WXgsf3fB+SRv - /+2xTKuqpMnnjZAptiTDkPnsEkCysjIzSB3nDsd79LwEJuScDBBpUoZDK8PbAdKYlM2iHntL6j7J - l+75MmZnK7VCxkxi9FZwq3Qc9LZ6/RuCEBHMVcLzmTI2HgbDwJ/WMhfONz+Kts5Rmp2d0nWGjYW9 - U4uuVQ8LnzOfnYXGsr8rri1oNpIZVleBWD0icHzyJ9ursHTZacLlhg9ryG5u2ClgTZAjuN7/MHKP - j/WjzQttmkuTlhNhsXpJ1PEAV6iIUR9jN+wMdXQjrNgujndR6KwTr5I59AphNfSUzvwkE91LIemU - 6NDD/Wta7N6VPieF/SBYa1nc1oLFyYmwAuc3KmofP+3NbJGT3Do9uHEJImUR/saQVTlHMJf0z4WL - 6gCk4Dkx5xT0XOD43GU/Ha80dNiL3P66i2q2e8HPGxBF9Xt4Vc+hQ2C5MZE9hMw2xrbV33kmMo20 - Q2bwdGQG/4nM/4fKvwAAAP//7FltT9swEP4r1iQkqJa0SZO2VEKMCSYhDYT2wiT2pcZOm0xtEuWl - /cKP33O280KhsFXAmIRatYl955zv5Tnf5U+0gqj6mPFYhN1vfDbusHM4mh4to7k8PW4PwQ+xMwrl - sDVcfULHrsNd3fft5zRzFc9dd+T7iKLOsQJMYNmvhFEqgYiPM7Jd+t0DexV+YCM/oe3+OMHNT/xZ - 27g+rXCpV3jKSGwUflnOYxTvlMFrhGijIXSqnKrhgI5q1O4AXStJ4gRwbnDQjpIul8soB/IHlAyH - APQpqRYOU2VtstykedKE4XzBlo08QPXMWD1orC5rq+fG6rwokB7z92wVRiJkOGPPZkDXEpthKcez - 4hnjDMWAACPOLCLjU5JjciREkBbWZx7PSgDxhIUBl+BcciQ4W++WtRR0lshyHrS1c3u+KkXGbc8D - yYU6b8tqHtOzatq5vQIoQ7BjsNL72GydWLiSV13eEoF8jH7Iw3BL28qxSlpezyOhTHYWqbxoLPZd - HYRIv8YUWhQGa88xkamtd04XKRcF0Z8nLFI3DPXaMpKBVARfiyDNtZUwLksRaGIT6F8QSjgwQpa/ - 8RLFmCaUH8nrd7lcRPEe2927WeCkWSTj2nfvhYrnhwlvW5jwFEx4j8LENnngDkw8TVpqgv6FYGLw - BhMvABPefw4TA8P4CEzc7Uk4m3oSjldNULlSZHAU1QOhJs06qb9hjd7GibrOr3a0iXBT3d+rO1DK - iUMqGe7pd62XV+ur7NdylIsFp4Lx3YM1ECmQuj9JtmVpST2AQ7gj9ZdO5YE/5V5fOtcjr+dfQ6Dh - cN9x3QFVsjURnvAAWUDWPZKSXB2UjQyW6SR+SFY8TwnkaNEH27m6BWmjjlVkNgrXrr7s+o7reIHT - C/qu3B+IvvCHjhj5Uvb4YOoEo0N5oFbZ6R/tuJ/w1XzWgsemoLMsPZTbZW6toBHLtcn7bR1tpDIr - 5TwnjYFfITqf57g8vrAGdhqT/Ot94tcv8Xq3+fVLvN6xfu0SA5Ck7hebZkz7KHJhXrVQPFGVppu4 - GtSuALggPymzJA26V8AhQZ1KE3j0hgSzdSTTc8y7HtPHyQzcvkHByxv9X0LBbwAAAP//ItfFo0UB - rV1Mh6IAAAAA//+CFQXoLQlgO0qpuhakB9b+ALo9HZIVq0GzrlC2AdDC/JLEHCALiym4JoIMcE0E - GcAngtAl4O231LyyzKL8PEgLCTrKXAqd6YdwiXJpfi7EhGoYE1oKklHyIa1R0IeZq6OUm1gRlFpc - mgMyGMlu8Jh+UYljCcQdZfklVJv1g5gFNxNoVUZicVg+eEYENvMImsoEzTOAbIS7A9WxRiiuhWoA - h05tbS0AAAD//wMAXYbU6DAiAAA= - headers: - ATL-TraceId: - - 84c9e6bac51d98b0 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJHOMhuJ1EjKjzX933en + h906ddFkWGMgIu94D9797ngfHVgVXCZO5GiQCWhIXgrIEtORPAfTMfEcct5RBWhuhZKmA4mwOVje + iedcppCptLMAbZAHyQQKDQakbc7GpbEqn5HC68D3A9/V8HcJxk7XBZxrHlsRg9NxBNkPgoPDHm4M + ZDPczq0tTOR5Ccwgton6oFxuM26M4NKVYD20ZD1eCC/0hDEleK2CW1ij/Nl0fDHtBv3BAEmVC8aJ + PjoGfStNzC2kSq/rOyS4Q4nQD8OuP+oGh1Pfj0I/6vfccND72Q99n5wkIxYdr9Q80kmS9zAUfri5 + drNJwMRaFBQ4pB4xk/Ms67BEGCtkbFkhIAamZmyp9K1L0rGSb3T2QC9KKShdPLvmC2659hYCll7l + 1tbBhhX4vWD0ixH/wPMc017maJVggSan3NxSrsobS6toxjMDHacWPMF7VbIdZy4QODqer09hAeir + /6njWIHIKhAlTiRLvKOzA5Oe3zIKrT7gjR4Z8Ea6CneVwDbctPkMJNtbvZHCWlRgnI1tQurv1Vmj + ZnbJNeHViLzIBDqc7Nwc81GhrD9a9UcPdPcbmWlvsslL3z9AN8L+Kuz/v1bq7FdYRIPBcBUMf4TB + VWuxF6564Y+w2AD806f7cAz24TRsGTOxelv3QMz+5RWiIU01pNhW7mEd/VRZWVf5V7WGB/sYo32M + w/vK65ZWU6lhVN3bibpB08coXFrEtR8f79EIxBgJM1dllrwQpsj4uoE6kjHu9i3GlODfmOAWH4q6 + wT68UOv2vW3YXq1OUxlWy2NVUgQr598RQcjUiawuyZtYA16Wavt+Aw/d0cBvG/hu2DZtZpexL+Hh + JuGFFkoLu37khVtxr3oFvr+Pi5ynYDySMK0SgYS5SOeuWaTbTvYaKW3LC537oA577VUyfgPUtAi2 + u+/1cE8ggn0YDUYUkTk340LEp0LeviTOCyhotpBxi6EKWcuKt6FIJcc4WvCbDCbATY1L3ayc89M3 + r07Ork9PjsdnF+Pr8WTy5wTvh8VlMCR4YDoHdo7dWVpGdpkwTMlszbDSRUZKmVXsN6E5O9eQY6mz + 0iDC3K9VfIAF5fh3wvdHmY6cnXLGoKdC8gzTifnYlhnxdmnNZNSEt8J5ht61XQIzm0rYnC4LKtvv + QHI9xDwSfLXw5lX8cu54GB63ePuVx7c4CraQa5XXto6baes/OdyObHXNoJGwfcQlLKm6Vab0We3N + TVZCN9XYs7YDi2IvVJ1slRc4rErbZOFbOf0yOO/l578jlmpVFjSSvRQywZZkGCKf3QBIVpRmDkmF + uZPJEX1vgAm5IAMEpITh0M3w3YAkImXz0GWvSN17+bT6Po3Y5UatkBEr0mjgBq5/R6HDyGUq5tlc + GRuN/JHvzeqz15VP3ugKZdjlBcQl9Rn2Wi27Vn1d9Ip57DIwlv1Vcm1Bs7FMsaZyjNA3BM7O/2BH + JRYsu4i53HOwDtTdHbvA6a9yBNfHb8fV5139abNBm+YRpeVUWKxZEq2yjytUxKitsTt2iTq6IdZp + Nxj6o7CyTmiSi8SVODC7qVp4izKTiC+L9e99ef6KVBz2N2LxEtxcWA2u0qmHNcgJlwKHQapd77Dv + zm2ekVSR4r8qDaQixL8J5MoCXiMBNl5hvEmGddlP52mHPcnsMxa6QeCGjD1J7bPnrOf6KFwxeu7Q + 7bOW0d8y+u7APWjpgy194KKulj7c0mk52NLJu4YeuMMtPdzSw8/O/wsAAP//7FhdT9swFP0rV0JC + aVZStYV16sQDojxMGmga217WSQ2podnSpMRJYWL8951rO65DGxAdD3sAUEl9fe3rc7+OE/RX4/2g + vxrfX43vrw4wWO3Lj8643Zcfe62GmABwR+AYS9FmdysSTZt8O3imb838l/Ltq19fxq+oZ1XyD33l + Yx4jf1QKGqEQYvBcLIqAuoM2cdujepWtfmfdwJZZ9b0fvCbgNo6qOkWn966PAu2PVAdGc/yZEXMT + OORJPfLw0drk2scdSz6qPgTf8W9viyTFjsh2tcC/NYB6bPnnWZlHAvGVCJ877R7uifNYCgZ2ceVM + HK34gI++bbdF8EnTa4M464TTZSzBKUDND3o9UIVLxhgJUfFBJg2TxdWEwLVgX0oh5TqOI45jYeOY + zyDy8CJOuHsWs7CgLMJGkm5moBkFWK9RZNQuQikoy+kal7nfhHtnxHkosXqUh5dsAFhSOU+JSVGg + Mg28ORcE4kzFTVapRCQjkYa4YDD3wFZxNCO0epDqJP4lQKsvsUsIsxeLJI7U2z7DcSqDEwF8kLPM + y91Z+miwqUxleIliwTR8T5Y8BfbJ68RsZ5CRNA+hHGfgAI7xMhinvfXVoZQCacnGwDzcGnNQe6xr + 0WHaZW0IDVK5KMo8RXDjSZZJweg6NmDeRiMCBnBnBzeKDP7E33GWRoj5cTqZTMYp39IKuqNjnAz8 + 5p4OiV9/xrnwdnduewOElv7fquZGeuYhgdIaNY+F6ikwh+ORSoHhOqTJ+cnHk+Mv1KWjc9q9LrPi + /Rg/evGOr0eQhJvEfmeMvHzDR5VZIgKQeA/RH+FiFYh02frB1oALQyXtdLT2RBmgjVIAerCjTZ7I + 8zYj2KJDzhy6w8rmTFhryobftww49M0GCp1m0xLxQpxq7nj1TmVYq+PghA2VHJKmWm6V1qq5lazV + c0fyoKI7kgc13ZE8qOqO5EFdt5K1yu5I6rUdOH1S70imFUhDM9OAZFDBeg5cjJHBhDdy4WKMDChG + VMHFGFlQHEnV8ypUaiIGyaJSkzBIFpWahEGyqNQkDJJFxZFokCwqNYkGyQkm4DVDJHFI7mmaN1wv + 9HwrGfIHuhO+HUWcBwjM8gLpb3rAaayucKYF+PbS0gtug9shfVWXeC5ApthXLkHFTCDJA1ep36Sk + vbVRZ79JR7txo85Bk4528Eadt0062iNWhzw64w6kupPtcCoI2trjbVV2tYu51YSJzGihAzggJhJ2 + 00HTpsqlj29qAgJdam0D47sP80UYFey3s4xi9YUQAst4KqarNo+Jn8GKcoFqLp/T543qIuN7NNMU + L5zO47RFXuvPHDSkyIaWemwktK9k1klgt+A9TWa7W5LZLpPZ7v9AZre98bqBuwWZ/QsAAP//Iqkx + azjamB1WjVkAAAAA///smstqwzAQRf+lkKVcybbsZBHSQFvoLuvsFMlJofiBH+T3O2PJquXGKXRR + DBVkEeKRNRmjmxvu8WbWm9mxOXM03TFnjqo75szRdcecOcrumLOxtnszO8zLm1lvZpdhZpld+oOZ + /Z6rs7lcncXjqLSthfzoc3wkDaalfOYedPbCXFZNbVY9fNm5QstXOHHvNBIUbSvkO6ZjNzNzamGM + pstzgaHnw80cDweH5EJZ/zIWRa+xE1IiG/Gmtvws4kix0zqm/ASNpOmGhWGC+9gi2OFOWYZPda8U + 7NFA5VcPKCyIzTyVV9FUaGvxpneBp37WWXCpdRn83OcDdMNZyOKM0SwK1SaRkeQpk2uuFBXJmWXr + ndr2d1lF+1X4Ci+9juSiMLEkIfqjJugacoWJkDCAFlWgpQ1HRiohGpwYrO+tNxwiePt8IElQFdj/ + FJ5afsdT+mr5HU/praV3DEKkNOxkQILx/8mDgRHxPGHOpQEkLWbHssDyl64uq+zxCDIjEb8xBw8Z + QrhqTzLuY8hJwyDURma9FPz9Q/+vUvAJAAD//6Kvi0eLApxFAby5AXRiOiTHVYOWH0PZBkBz80sS + oYun0ZsbuNYqGsDXKqJLwFf+oUvAm2fArnJmUX4epI0DEUopha6Sh3CJcml+LsSEahgTWtiRUcAh + LfDXh5mro5SbWBEEGeJAsRu87KyoxLEE4o4yYMua3LVyGCtTIYbBDQXalZFYHJYPXrUHWx4LWm8L + WgsHshLuEFTXGqE4F6oBHDy1tbUAAAAA//8DADpAuneUMQAA + headers: + Atl-Traceid: + - a9079ecb92bc465d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bf4ca41c-3afc-4a31-8be9-1203261aef0a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '263' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f6ca152d-8fea-48ca-8aef-c9e9109a4601 - x-envoy-upstream-service-time: - - '163' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1993,112 +1657,167 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - a647a746f5daa21a - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - d8ec58873bb108ac + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 60ca98a2-9c4b-4194-898e-0c9c5ca39c5f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '195' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4c21f553-3585-4d2e-afc8-21bd7aa5e227 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: negotiator:0.5.3|http://localhost:8080/finding_group/225] in [Security How-to|http://localhost:8080] + in: pg:5.1.0|http://localhost:8080/finding_group/8] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2855]\n*Defect Dojo - link:* http://localhost:8080/finding/2855 (2855)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2854]\n*Defect - Dojo link:* http://localhost:8080/finding/2854 (2854)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] + | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] + | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/283]\n*Defect + Dojo link:* http://localhost:8080/finding/283 (283)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/281]\n*Defect Dojo link:* http://localhost:8080/finding/281 + (281)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: negotiator:0.5.3"}, "update": {}}' + in: pg:5.1.0"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -2109,51 +1828,57 @@ interactions: Connection: - keep-alive Content-Length: - - '3271' + - '7043' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11098 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11793 response: body: string: '' headers: - ATL-TraceId: - - d8c9cf0e9e2de2d0 - Connection: - - keep-alive + Atl-Traceid: + - 475f9320efcfbe86 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f4071751-f6a2-45c7-8ed6-211f3a52d3b9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '205' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2c31303b-05f6-4cca-a02c-a0d2351e9402 - x-envoy-upstream-service-time: - - '128' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2163,162 +1888,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11098 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11793 response: body: string: !!binary | - H4sIAAAAAAAAA6xXW1PbRhT+Kzt6yLSprJsNMeowGQpOQkspNU7yQBhmkY7lDdKuZndlmwb+e8/R - xSYEU0JqHrS3c/vOd84uXxxYllymTuxokCloSN8IyFPjSl6AcU0yg4K7qgTNrVDSuJAKW4DlbjLj - MoNcZe4ctME9SMdQajAgbXPWcR1BmsMw2BnixEA+xenM2tLEvp/CFBKbqs/K4zbnxgguPQnWRx3W - 56XwI18YU4HfKbiCa5Q/noxOJ72dYAdXprWzTvzFMWi0Mgm3kCl93TiX4gwFoiAKe8GgFw0nYRT3 - t+LwldcPt34JoiAgH8mGvS6hVvNMH0neD4MgiFZRt5MUTKJFSYjg6h4zBc9zl6XCWCETy0oBCTA1 - ZQulrzySTpR8r/OneGEgqTT4cwELPueW69dG/AO7BSapKl40S4fpbhj0w2E7naCju+uQXYcSjbYm - 3FxRjqpLS6N4ynMDrtPpcOJaya3rWIHEKDHJTiwrjMQptfqM7j0TvVa6xq7ORocdTe4kfO3peyms - RQXEr1aagvqjPmvU1C64psCMKMpcIEPSe9EguDVlBsPlYPgUd1uYW2Mt0qUgYPF3F+dB8AotR4Nl - NHi24jqFNUtemPb7iK1wexlu/5itZWesHTxirR8t+9GPWWvJabrBRmu3t1Tfyw9Nd8GMnZ1jBrNM - Q4Z1/Q0NkVMqr5oya1aSylhV1C3iAi1ErzZtDL/V0bSOZpUKs25/TtwLXQfDtB+w4ohX7QFusU82 - bej7K6Dpcauu5jfaNNG7Hu6riqIMqVN9pAUhMye2uoLbtnmRMi2SJvYv36yRY3jUzFSVpwfClDm/ - bksClxMNGCtV3UN9MhhEXZ+8j1qwCc5w00a0aaO/7iVCaWGvnwllJ+7XXfjpfVQUPAPjk4TplAhc - mIls5pl5tm4+73Cl61KRc0tsuARqJ0TOe2FRXT4Yb7iJieGQAp9xMypFciTkVX0ZH0BJd7NMuqzV - uVzUe6sVqeQIr2Z+mcMYuGmYoNuRc3L0/u3h8cXR4f7o+HR0MRqP/xpjGFhCBiPHA5MZsBPsm9Iy - ssuEYUrm1wxrUuSklFnFfheasxMNBdYtqwxy1Kur9H4UO6gwuBFBMJj2Y+de0SK2mZA8x6wh7Osq - o737a+3LooW35nWO3nW9ABOYSVidrkqq2icwuXkrPJNjjfDqvvr6ev8+2q1p9RtPrvAp1TGrU97Y - 2m8fNT/kcPcyakoDjUTd9SphQdWtcqWPG28u8wp6mcYusX4eKHagmmSrosTHnrRtFh7L6dfgfJJ3 - //ZYplVV0svnjZApNjXDkPnsEkCysjIzSGvOHY736HsJTMg5GSAipQwfrQxvB0hjUjaLPPaW1H2S - L+vvy5idrdQKGTOJ0VvBrdJx4G15/RuCEBHMVcLzmTI2HgbDwJ82Mhe1b34UbZ2jNDs7pesMGwt7 - pxY9qx4WPmc+OwuNZX9XXFvQbCQzrK4CsXpE4PjkT7ZXYemy04TLDQcbyG5u2ClgTZAjON7/MKo/ - H5tPlxeatJcmDSfCYvWSaM0DHKEiRn2M3bAz1NGLsGJ7+LyLwto68SqZg1cIq8FTOvOTTPQuhaRV - ooOH89c02P1a+pwU9oNgrWVxVwsWJyfCCny/UVH7eNSb2SInuXV6cFIniJRF+BtDVuUcwVzSPxd1 - VAcgBc+JOaeg5wKfzz320/FKg8te5PbXXVSz7QU/b0AU1e/h7TgHl8Cqn4nsIWS2Mbat/s4zkWml - a2QGT0dm8J/I/H+o/AsAAP//7Flta9swEP4rYlBow+zEjp2kgdJ1tIPCWspeOui+RLWU2COxjV+S - L/vxe06SX5Iu7RbaroOSkNjSnXy6l+d05z/RCqLqfcbjIOx+4bNxh13C0fRoGc3F+Wl7CH6InVEo - h63h6hM6dh3u6r5vP6WZq3juuiPfRxR1ThVgAst+JIxSCUR8mJHt0+8B2KvwAxv5CW332xluvuPP - 2sX1aYVrvcJjRmKj8OtyHqN4pwxeI0QbDaFT5VQNB3RUo3YH6FpJEieAc4ODdpR0uVhGOZBfUjIc - AtCnpFo4TJW1yXKT5kkThvMFWzbyANUzY3XZWF3UVs+N1XlRID3mb9kqjIKQ4Vg7mwFdS2yGpRzP - imeMMxQDARhxZgkyPiU5JidBINPC+sjjWQkgnrBQcgHOJUeCs/VuWUtBF4ko57KtnfX5qhQZtz0P - JFfqxC6qeUzPqmlnfQVQhmDHYKX3sdk6sXAlr7pcE4F8jH7Iw3BL28qxSlrezqNAmewiUnnRWOyr - OgiRfo0ptCgM1p5jIlNb75wvUh4URH+ZsEjdMNRry0hIoQg+FzLNtZUwLspAamIT6J8QSjgwQpa/ - 8RLFmCaUH8nr97lYRPEB2z/4ucBJs0jGte/+FiqeHia8XWHCUzDhPQgTu+SBOzDxOGmpCfpngonB - K0w8A0x4/zlMDAzjAzBxtyfhbOtJOF67zCwyOIrqolBfZJPU37JGb+tEXedXO9pGuK3u79UdqM2J - w2pirYberLOU64dUaOiaLC8XC04F45t7ayBSIHV/kmzH0pJ6AMdwR+pQnYsjf8q9vnBuR17Pv4X0 - w+Gh47oDqmRrIjzhHjJJ1j0RglwdlI0MlukkvktWPE8J5GjRe9u5ugVpo45VZDYK166+7PqO63jS - 6cm+Kw4HQT/wh04w8oXo8cHUkaNjcaRW2euf7Lkf8NV81oLHpqCzLD2U22VuraARy7XJ+20dbaQy - K+U8J42BXyE6n+e4PL2yBnYak/ybfeKXL/Fmt/nlS7zZsX7pEgOQhG7RmmZM+yhyZV61UDxRlabb - wBrUbgC4ID8rsySV3RvgUECdShN49IYEs3Uk03PMux7Tx8kM3L5CwfMb/V9CwS8AAAD//yLXxaNF - Aa1dTIeiAAAAAP//ghUF8NYF0InpkBxXDZpchbINgObmlyTmAFmYDSYDYKNLqbpWCVMC10SQAa6J - IAP4RBC6BLz9lppXllmUnwdp60BHmUuhM/0QLjFeKMsvodp8HcQsuJlAizISi8PywTMR8Em2/FyI - i6thTGipS7b94DUR+jBzdZRyEyuCUotLc0AGI/kVPIdQVOJYAvE3aCoTNM8A8jlcHFWzEYpuqAaw - a2trawEAAAD//wMAzPnXOTAiAAA= - headers: - ATL-TraceId: - - ccef55d1ba33893b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA7xWWW/bRhD+Kws+BEUq8dJhmUFQuI6SuHVdV1aSB8cw1uSI2pjcZXeXOhrnv3eG + h5TIURC7aCzAJGd27m9m56MDq4LLxIkcDTIBDclLAVliOpLnYDomnkPOO6oAza1Q0nQgETYHyzvx + nMsUMpV2FqAN8iCZQKHBgLTN2bg0VuUzUngd+H7guxr+LsHY6bqAc81jK2JwOo4g+0FwcNjDDwPZ + DD/n1hYm8rwEZhDbRH1QLrcZN0Zw6UqwHlqyHi+EF3rCmBK8VsEtrFH+bDq+mHaD/mCApMoF40Qf + HYO+lSbmFlKl13UMCX6hROiHYdcfdYPDqe9HoR/1e2446P3sh75PTpIRi45Xah7pJMl7mAo/3ITd + fCRgYi0KShxSj5jJeZZ1WCKMFTK2rBAQA1MztlT61iXpWMk3OnugF6UUVC6eXfMFt1x7CwFLr3Jr + 62DDCvxeMPrFiH/geY5lL3O0SrBAk1NubqlW5Y2lt2jGMwMdpxY8wbgq2Y4zFwgcHc/Xp7AA9NX/ + 1HGsQGQViBInkiXG6OzApOfvYwQto9DqA4b6yEo00lUdqsq2daCPz9CzDfeNFNaiAuNsbBOEf6/O + GjWzS64JyEbkRSbQ4WQnJVioCn790ao/eqC73yhZG8mmYH3/AN0I+6uw//9aqWFRgRQNBsNVMPwR + BletxV646oU/wmKD/E+f7sMxbOE4E6u39QzEIl9eYdHTVEOKY+Ue1tEdlZV1l38V5OHBPsZoH+Pw + vvJ6pNVUGhjV9HaibtDMMcqKFnHtx8d7NMIqBmzmqsySF8IUGV83iEbyklu8Fupx+vDuq4f1djx7 + tTpNvVW9HquS8lW5+o4IQqZOZHVJtlGpfYtlow5rsqEBg6UWvj/AQ3c08NsBvpu2fWMm3IyZXcam + 4LuM3nYwCaWFXT8yN624V10P3z/gRc5TMB5JmFaJQMJcpHPXLNLtJHuNlHbkhU6V0Bug2USw3b2v + h3viDfZhNBhR4HNuxoWIT4W8fUmcF1DQbiHjFkMVspYVb0ORSo5xteA3GUyAmxqXunlzzk/fvDo5 + uz49OR6fXYyvx5PJnxMMA5vLYOR4YDoHdo5DWFpGdpkwTMlszbChRUZKmVXsN6E5O9eQY0ez0iDm + 3K81doAN5fh3wvdHmY6cnXbG3KZC8gyrhmnfthnxdmnNZtSkt0J+ht61UwILmErYnC4LatvvQHK9 + xDwSY7Xw5vL7cu94GOy2sPqVx7e4CrbIapXXto6bbes/OdyubHVroJGwvaslLKm7Vab0We3NTVZC + N9U4s7YLi2IvVF1slRe4rErbVOFbNf0yOe/l578jlmpVFrSSvRQywSFlGCKf3QBIVpRmDkmFuZPJ + ET1vgAm5IAMEpITh0s3w3oAkImXz0GWvSN17+bR6Po3Y5UatkBEr0mjgBq5/R6nDzGUq5tlcGRuN + /JHvzeqz15VP3ugKZdjlBcQljRP2Wi27Vn1d9Ip57DIwlv1Vcm1Bs7FMsadyzNA3BM7O/2BHJTYs + u4i53HOwTtTdHbvA7a9yBN+P346rx7v60VaDPppLlF6nwmLPkmhVfXxDRYymF7tjl6ijG2KfdoOh + Pwor64QmuUhciQuzm6qFtygzifiy2P/el+evSMVhfyMWL8HNhdXgKp162IOccClw56Pe9Q777tzm + GUkVKf6rykAqQvybQK4sYBgJsPEK800yrMt+Ok877Elmn7HQDQI3ZOxJap89Zz3XR+GK0XOHbp+1 + jP6W0XcH7kFLH2zpAxd1tfThlk6vgy2dvGvogTvc0sMtPfzs/L8AAAD//+xYXU/bMBT9K1dCQmlW + UrWFderEA6I8TBpoGtte1kkNqaHZ0qTESWFi/PedazuuQxsQHQ97AFBJfX3t63O/jhP0V+P9oL8a + 31+N768OMFjty4/OuN2XH3uthpgAcEfgGEvRZncrrkybfDt4pm/N/Jfy7atfX8avqGdV8g995WMe + I39UChqhEGLwXCyKgLqDNnHbo3qVrX5n3cCWWfW9H7wm4DaOqjpFp/eujwLtj1QHRnP8mRFzEzjk + ST3y8NHa5NrHHUs+qj4E3/Fvb4skxY7IdrXAvzWAemz551mZRwLxlQifO+0eroPzWAoGdnHlTByt + +ICPvm23RfBJ02uDOOuE02UswSnAwA96PVCFS8YYCVHxQSYNk8XVhMC1YF9KIeU6jiOOY2HjmM8g + 8vAiTrh7FrOwoCzCRpJuZqAZBVivUWTULkIpKMvpGpe534R7Z8R5KLF6lIeXbABYUjlPiUlRoDIN + vDkXBOJMxU1WqUQkI5GGuEcw98BWcTQjtHqQ6iT+JUCrL7FLCLMXiySO1Ns+w3EqgxMBfJCzzMvd + WfposKlMZXiJYsE0fE+WPAX2yevEbGeQkYQLfxzFGTiAY7wMxmlvfXUopUBasjEwD/fIHNQe61p0 + mHZZG0KDVC6KMk8R3HiSZVIwuo4NmLfRiIAB3NnBjSKDP/F3nKURYn6cTiaTccqXsYLu6BgnA7+5 + p0Pi159xLrzdndveAKGl/7equZGeeUigtEbNY6F6CszheKRSYLgOaXJ+8vHk+At16eicdq/LrHg/ + xo9evOPrESThJrHfGSMv3/BRZZaIACTeQ/RHuFgFIl22frA14MJQSTsdrT1RBmijFIAe7GiTJ/K8 + zQi26JAzh+6wsjkT1pqy4fctAw59s4FCp9m0RLwQp5o7Xr1TGdbqODhhQyWHpKmWW6W1am4la/Xc + kTyo6I7kQU13JA+quiN5UNetZK2yO5J6bQdOn9Rbk2kF0tDMNCAZVLCeAxdjZDDhjVy4GCMDihFV + cDFGFhRHUvW8CpWaiEGyqNQkDJJFpSZhkCwqNQmDZFFxJBoki0pNokFyggl4zRBJHJJ7muYN1ws9 + 30qG/IHuhG9HEecBArO8QPqbHnAaqyucaQG+vbT0gtvgdkhf1SWeC5Ap9pVLUDETSPLAVeo3KWlv + bdTZb9LRbtyoc9Ckox28Uedtk472iNUhj864A6nuZDucCoK29nhblV3tYm41YSIzWugADoiJhN10 + 0LSpcunjm5qAQJda28D47sN8EUYF++0so1h9IYTAMp6K6arNY+JnsKJcoJrL5/R5o7rI+B7NNMUL + p/M4bZHX+jMHDSmyoaUeGwntK5l1EtgteE+T2e6WZLbLZLb7P5DZbW+8buBuQWb/AgAA//8iqTFr + ONqYHVaNWQAAAAD//+yaX2uDMBTFv8ugj3EmGrUPpStsg731uW9pYjcY/sEo/fq710Rn3NLBHoYw + oQ+l3iS3CTk95fxWM7ua2ak5czTdMWeOqjvmzNF1x5w5yu6Ys6m2r2Z22K/VzK5mdhlmlo5DfzCz + X3N16svVaTyNSttGyPc+2UfSYF7KPXOE3gdjVj18J1+hL7sOfXxFOPIVTg48zwpF2wr5hrGZyRV1 + VxQCQ8+7b3M83DgkF6rml7Eoeo29kBJpiRe14xcRR4qeszjkZ+g6TbeUsQTXGYtghRtlOZ7qQSlY + Q0PlZw8oLEjHPFRXoWu0tTjpTa6pP4Q8eG1MGfzcFwNbwymjcU7DPGJqm8hI8pTKjCsViuRC82yv + dv0sm+iwYc/wMuNIIUobSxJiPtJBp8kVdoSwAFpUgZE23DJSC6Fxx2B8b73hEsHbxyNJgrrE/ueM + 1PI7nkNWy+94DmktvWMQImVgJwsSTP9PHi1ziPcJcy6DJBkxO1Ullj91TVXn9yfQH4mUjb14iArC + 0/Em4zqWnLQMQmNldpWCvz/0/yoFHwAAAP//oq+LR4sCnEUBvFUBdGI6JMdVg1YZQ9kGQHPzSxKh + i6fR2ya41ioa4FqraABfq4guAW+eAbvKmUX5eZCmDEQopRS6Sh7CJcql+bkQE6phTGhhR0YBh7TA + Xx9mro5SbmJFEGSIA8Vu8LKzohLHEog7yoAta3LXymGsVYUYBjcUaFdGYnFYPnjVHnx5bH4ReC0c + yEq4Q1Bda4TiXKgGcPDU1tYCAAAA//8DAFjy7jyUMQAA + headers: + Atl-Traceid: + - ae75d96885852c1c + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 03b61280-6b49-4bb8-ae64-e2da0003115d - x-envoy-upstream-service-time: - - '103' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0zYlN9GDiqxCuycRyccUK2lSmlRYlv3vprj4cRveeZ55 - mRNRMuBhsUSQ9xjnIHY7gwPqaPyHL2S0MoRRusJhJBn5xCWM3iWYAtACCsi7/fVzd/fU/27366TS - RMTLBmWQwWtGDM7WHyd0sT/OmA7cWL+aJKl1tOZbIWITan4Jb2XcwBJKmkOVl7ynlQAqWFUAwBWU - AMkPuKTefpz+sW1PS8FqwWjB6vaH1dO9G3wCednyph6U1AyZxAb00PBGGSU5DBpAVhXnCtmfgmi3 - hodxkWR7Z5CrjY9eyy0+EXuZCLq3Q0fO5y8AAAD//wMAkkaSsVoBAAA= - headers: - ATL-TraceId: - - 88814a235cd0bf84 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 220515bb-c655-4565-9338-ba68f0c583fb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '256' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 371e2dff-987e-4ea0-b1a0-e6bd1b869e28 - x-envoy-upstream-service-time: - - '32' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2328,110 +2006,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 78cd61f9bb59fe74 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPy2rDMBBF/2W2tZWx/JCrXWkWbSlpwc6qhCJbEnGRJWPJhRDy75Vp6GM33Dln + LnOGTni1nw1wOIYweb7ZSKVVH6T7cEQEI7wfhCVWBUjgU81+cDbCGWJGkGDa7O5em4eX9ne7W8Yu + TsDfVijBBA8JSDUZdxqVDe1pUvHAvXGLjFK3DEZ+K8CjQLG8hlsRVpAipSnWacZarDkyTkuCiDeR + xOh7Ncfedhj/sbctIqfIy5LktPhh+/HRahfBqsiYzrXWOasprTCvEYtS0CrrBcqqZ6xQmFd/C4JZ + G56GWcD6jhaLCc+uF2t8BnOdQNn3fQOXyxcAAAD//wMAevrJfVoBAAA= + headers: + Atl-Traceid: + - 98370f8b5f492f0b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7c6382eb-670d-4c7f-b770-c9ba385b268a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 13057558-ed00-42d0-aab6-35428af066cd - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2441,109 +2076,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11099 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11794 response: body: string: !!binary | - H4sIAAAAAAAAA6RW61PbOBD/VzT+wNz1Er/yIHGH6XA0ben1OC7Q9gNlGMXeOCq25JFkCFf432/X - D0wpYSgNM3i10r5/u9I3B9YFl4kTORpkAhqSNwKyxPQkz8H0TLyCnPdUAZpboaTpQSJsDpb34hWX - KWQq7V2ANrgHyRwKDQakrc86PUeQ5iDwp1NcGMiWuFxZW5jI8xJYQmwT9VW53GbcGMGlK8F6qMN6 - vBBe6AljSvBaBedwhfIHx7Oj4/408JGzrJx1om+OQaOlibmFVOmr2rkEVygQ+mHQ94f9cHIchNFg - FAUTdzL2//BDn3RUNuxVAZWaZ/pI8l7g+354G3WzSMDEWhSUEeTuMpPzLOuxRBgrZGxZISAGppbs - Uulzl6RjJT/q7CleGIhLDd6FgEt+wS3Xr4z4D3ZyLFKZb9Ws/WQn8AfBpFkeo6M7Xcg9hwqNto65 - OacalQtLVLTkmYGe0+pwokrJTc+xAoFRYJGdSJYYiVNo9RXde2b2Gukqd1U12tzR4k7BO08/SmEt - KiB8NdIU1F/VWaOW9pJrCsyIvMgEIiS5Fw0mt4LMcLIeTp7ibpPmxliT6UJQYvF3N89Dfxsth8N1 - OHy24qqEFUq2TPN9xFYwXgfjX7O1bo01xCPWBuF6EP6atQacpiU2Wru5of5ef6qnC1bs5BQrmKYa - UuzrH2CImFJZWbdZzYlLY1VejYgztBBub9qY/KijHh01lxqzGn9O1A96DoZpP2HHEa6aA9zinKzH - 0M93QD3jbqeaV2vTBO+K3FMlRRnQpPpMDCFTJ7K6hJtmeJEyLeI69m8/8MgxPGpWqsyS18IUGb9q - WgLZsQaMlbruoTk5mkzbOXk/a/6mdAabNsJuZAilhb16ZsZaca8atk8flyLnKRiPJEyrRCBjJdKV - ay7Sbsa8Q047jEKHsnQvlEEbSsYXQOOEwHnvEPXlg4kINiExmFBGVtzMChF/EPK8uoxfQ0F3s4zb - qlW1vKz2bjlSyRlezXyRwRy4qZGgG8o5/PDx7f7B2Yf9vdnB0exsNp//M8f4sIUMpgQPHK+AHeLc - lJaRXSYMUzK7YtiTIiOlzCr2XmjODjXk2LesNIhRt+rS+1FMUaF/LXx/uFxEzr2mxaSnQvIMy4n1 - 6LqM9u7zmpdFk94K1xl6184CrGwq4fZ0WVDXPgHJ9VvhmeCrhW/vq++v95/DY4e3P3l8jk+pFnKt - 8trWXvOo+SWH25dR3TNoJGyvVwmX1N0qU/qg9maRldBPNU6J7nmg2GtVF1vlBT72pG2q8FhNv0/O - F3n3b5elWpUFvXzeCJngUDMMkc8WAJIVpVlBUmFuf75L3wUwIS/IAAEpYfhoZXg7QBKRslXosrek - 7ot8UX1fROzkVq2QESvSaOQGrn9NqcPMZSrm2UoZG038ie8t67NnlU9eGI5PUYqdHNE1hpOGvVOX - faseFj5lHjsJjGX/llxb0GwmU+yqHHP0iMDB4d9st8SWZUcxlxsO1qm6vmZHgL1AjiC992lWfT7X - n7YetGguSyKPhcWuJdGq/kihIkaDjV2zE9TRD7FT+8HYn4SVdcJTfAFuLqwGV+nUi1PRXwhJXIKB - i+tXROx8L31KCqfDTsnlXSXYk5xwKvDZRr3sTYfuyuYZSRUp/qvKQipC/M0hVxYwqATYbI3ZJxnW - Z78dpj22ldmXLHSDwA0Z20rtyx02cH0UrjYG7tgdsnZj2G0M3ZG73fJHHX/koq6WP+74RI46PnnX - 8AN33PHDjh/ePT/o+AN30PGHHX/YBbDd2SXyDv/WLpHh7xsQgonbxVv+AnpU/Oq5yx6q9PamSv8P - AAD//+xY207bQBD9lZGQkJMGR4SS0qA8UOABqaCqUPrQVIqxN4lbxza+BCrKv/fM7npZ59ICSqs+ - QFASe3Z2x2dmz5zNozKtvdeV6ZcsryfLYLt3mRf7k/aFN+416QxEoO6WYRScHNm3wBNIFVPsxLpd - vSbbrqFheb3jvmzI56Sq6iTtzt7uHvi7eSRbNLrnt4RYvAD8PzuSw+8NuFfEDzfe0ZzIz8e4+IKP - radvRfa/VP7r7AAPhXRZRrHIpGI0nYm7L0pGbv+HkUDGqIMmungVQYxSk8dHPLUbJm0vmIU5FAaE - +m6nA+EwYkCxASp1yBJimI6HBOVVeGjbHmWqan2uWmGqdqZjCyPupMXEKyjxsVBONxOIjgIaWDsy - fldeLijJ6BqHqR+Es6bP+y7H7H7mjTgAaKZyGpNEhviRoKIzQZDRVNwklYtPuQ/0cNxgJYKlQn9C - 2ImQ2FH4XUBkj7CKh7DTNAp9+duZVjxVwJEAPtihrNLtUerREFMZ594I5MCifCsveQjiy68jvZxG - Jicc8EM/TKAHrOBzdxB3FmeHUwykcw4G4eEUmkHoY16DDoswE4OnkcpEUWYxKhnf8jIqGF0rBoxb - GoTLAG5s4HyRIJ/4P0xiX6TFIB4Oh4OYz2wF3dEhngxa5576mP66DDPhbG7svN1Px/KjUY301bg+ - Qd5qJ4eN8purH43vVA4MVp+G58fvjw8vaJsOzmnzukyK/QH+5NztprrRos4Sa7M9GMT0ih8zTyLh - Qs47aZb4OGK5Ip41vnIsUMXwiNtt5TyUy6uQJHgOomiRI7Ksxeg1qM/kQ3eYWT8R5go47PuGBoas - HXeaBCVqBdutfr/6DaVXY2xowxWcDcsq1jZOC7xtLAvMbVnmuNuyzLG3ZZnjb8syx+DGssDhlqXO - 4sDpg/y9JahA6umRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwM - kkGlZmGQDCqWRYFkUKlZFEhWMQGvCSqJS1Jzei8db6HUp2Eu2EtWH3cpfkOPwtWBz/sAhVleYetL - 9j8N5VFOk3/THF067q1726NP8jDP1KNpvkoIuDKCJXNtp51VTipXS31er/JRSVzqs7vKR6V3qU93 - lY/Kh/EhB6qMR3BfMr1NlkBL5bslCVclmJuMF+UJpap8XWK1YBZ9s2pRmdDfL6rLAf1pYQEscTJN - Pb/gnJ0lFMoLQvJnYSACOeC8EKnsGZnA/aD0hRqsdehH6KFMgNrzpzR96ZgmfLxm8eJ4wTSMG+Q0 - fk69MCqSnpEgS5Xsi4q19rPNf49Qsd3nqtiuVLHdf6Fi13O6rUror6vY7f9Ixf4CAAD//xptxY7g - ViwAAAD//+xaTWuDQBD9L4UcV931Kx5CGmgLveWc22bXtFCM4gf5+51xV+uYmEILwYPgQdzZnXF0 - n0/euxpdWOyQlhHkJqyMYDdhZQS9CSsj+E1YGUFwwsoIhhNWNkTxhcV2/VpYbDdnYbHt6zAfFsvt - xF9Y7LXSzqeUdh4MxdO6lOqr9Qag2j8ODSfW8CYHptRrr1evu1udCux9FUQAHouEsq6l+kS17KaK - 7iV9uibLJMqgTzeVPWwcehny8o9CKdKOrVQK/RbvehOeZOBrflwHXniEQuI44UJEmKcPggx3wlJ8 - qjutIUcFkT81IM6gL+Y5v8iqQI6Ki941JxlDjfNRmjD49meuOXVDLniQci/1hU4i5asw5modau3J - 6MTT9VZv2lVW/m4l3uAw81gmz1amZMxcqpymYhfoCBMOvvWOQTpsGSukrLBjML/l47Cr4PRlzyKn - OGP9Y9fT/Csee6fmX/HYfzX3igGItDEcWWvB8D9yb42DuJ9Q2zKmJgNmBwBaCH9tyrxI3QPAjEJD - jt146PeD0X4nYx7rXLSuhNLC7AIFj3/oCxQ8ouL/QsE3AAAA//+it4vpWBTAmxtAJ6ZDclw1aKkw - lG0ANDe/JDEHyMJsKBkAG1tK1bVKmBK4ljUawJc1okvAFwmiS8DbbcAudWZRfh6k8QMRSimFrluH - cInxQhmw7Uvucjb01acQs+BmAi3KSCwOywevq4MvGc3Phbi4GsaElrpk2w9e4a8PM1dHKTexIggy - 7ILiV/CKuKISxxKIv0ELc0Gr5kA+h4ujajZC0Q3VAHZtbW0tAAAA//8DAEns81n+MAAA - headers: - ATL-TraceId: - - 6cebc77f0418b35c - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprTcMGHU6HQomoaWUAkk+EIY5pLV0RbpT7062Sch/7+7J + soPBmUCnGX+QdHf7/uxz648ezGouMy/xNMgMNGSHAsrM9CSvwPRMWkDFe6oGza1Q0vQgE7YCy3tp + wWUOpcp7E9AG9yA7g1qDAWnnZ9PGWFWNSeF1FIZR6Gv4pwFjL+5qONU8tSIFr+cJsh9FO7sD/DBQ + jvGzsLY2SRBkMIbUZupv5XNbcmMEl74EG6AlG/BaBHEgjGkg6BTcwh3Kn1yMzi/60WBrG5ecC8ZL + PnoGfWtMyi3kSt+1MWT4hRJxGMf9cNiPdi/CMInDZLDl72wNfgzjMCQnyYhFx52aFzpJ8gGmIowX + Yc8/MjCpFjUlDlf3mKl4WfZYJowVMrWsFpACU2M2VfrWJ+lUyTe6fKYXjRRULl5e8wm3XAcTAdPA + ubV0cL4VhZvR8BcjPsDPFZa9qdAqwQJNXnBzS7Vqbiy9JWNeGuh5reARxuVke14hEDg6Le6OYQLo + a/ip51mByKoRJV4iG4zRW4HJZtht1Fr9jRG9MOFzaZduV8Au3fTxGUiWUb2RwlpUYLyFbULq7+6s + UWM75ZrwakRVlwIdzlYix3o4lA2Gs8Hwme5+oTJdJIu6DMIddCMezOLB/2ulrb7DIhqMtmfR9rcw + OOssbsazzfhbWJwD/NOnx3CM1uE07jbGYva25UCs/uUVoiHPNeRIK4+wjn6qsmm7/Emt8c66jeG6 + jd3HyltKa1eJMBx7e0k/wk9ukdRbMnx+U7VUuyTXoFWnqWXc675qKNqICPMdLQiZe4nVDWBqUal9 + i9Wgxmmdc/pIvxZpm5WPj9bIVxQ2hWrK7ECYuuR388ajcmnAYKm3nyLwzd24I/DVtC1oZnVjXcHj + RcFXNzaXjCWUFvbuhdntxAN3PXw9wYuK52ACkjCdEoELhcgL30zyJcW9xpWOC2PPleQGiLQItqv3 + 9faaeKN1GI2GFHjBzagW6bGQt4e0cwA1zRYy7armajl1e4sVqeQIRwt+U8IZcNMiQc/fvNPjN6+O + Tq6Pj/ZHJ+ej69HZ2Z9nGAY2l8HI8cBFAewU2VlaRnaZMEzJ8o5hp4uSlDKr2G9Cc3aqocJWZ41B + 1PpPdXyEDeWF9yIMh+WHxGtvLCwSZnnZVQ9aHPOdC8nL1UPzyWieXofrEr3rWAILmEtYnG5qatuv + QHI7xLwQY63w4lZ8OHc8D3ZLWP3K01scBTtkdcpbW/vzaes/OdyNbG1roJG4u8QlTKm7Van0SevN + TdlAP9fIEsuBRbED1RZbVTUOq9LOq/Cl+j1Mznv5+W+P5Vo1NY1kh0JmSHOGIfLZDYBkdWMKyBzm + js726HkDTMgJGSDQZAyHbob3BmQJKStin70ide/lhntuJOxyoVbIhI0xI0US+pt+eE/Zw+SVKuVl + oYxNhuEwDMbt8WvnVrB7hWLs8hzShhiFvVbTvlVPi16xgF1GxrK/Gq4taDaSObZVhUn6gsDJ6R9s + r8GeZecpl2sOtrm6v2fnOAA6R/B9/+3IPd61j64g9DG/R+n1QlhsWxJ1AMA3VMSIwNg9u0Qd/RiZ + qB9tR9Gus06AkpPMlzgz+7maBJOmlAgxixQQPDx/RSoGYZtKkkun4FfCavCVzgPsQ07YFDgQUv8G + eNQvbFWSnKsEPl0tSM8Z5E3JMWsz+vvj3D8AKXhJ2DgHPcF/OazPvj8kwR77rrQ/ofCWH/+wJmmo + dA9vvgn0KB9u0GT3lMeNLovJhksErbGNgwbYAYIKF8+htj6LdnqMKIQ9RGz3KyJ/Adn38l8AAAD/ + /+xZbU/bMBD+KxESE1QkTdKmlE6IVWJIfGBCTOMD+4KxU5qpqaO8lEnAf99ztmPSsLCNIcQHJFSa + nn0+3+tzFzwPvJe/RO2O/XAcwgt6hyrSEYQ/pEM5EML+cZ+zhY/t31376Us7PbgWCN/xz32WlXEm + HEax+D8/W9d876uscujxKFnEiPBY6/rDdflROVVj4eFD5ukhQ9hjJVKSCWkvkX0mVkmB7IVaH4Uj + JKUZaRnuUlcest6lYn7poDw6JCpaMlMQc2N0IwgZXVijF8boN3NKaAz8ltcOwCwHHZWV52xGJ1Ed + RarJqtKD5s8f+J9IUS1ik7nWSTVanjT8CCtOFZYUNRlUaGbfkhsMsHKO3fgRPqkCcdJW5k7jhwL4 + o4OQr2KXKkzCHy/U1BlbUU1sWIky14Q+yLnwOOUc/CbI+leLhBsLniQq1RsDflO1nXRuLKNv5cjc + WYCQe9byx2nGeEl7vkgnUQ8O+pZVImKx5ktniCgAHhz9Lx5itmaSEj05+BYTabLcdra271I4cCkn + cNrHcDnogsvBsCZQJS1zIAEF+Qmyt5dGHTz8TkIXBPUtBK0v27Wwq23ybdu0BuXaEICVJeNzKoUa + LhRVmjLCMhtd5Zl0Rz2JzJ8JeCiiDhjn1Ekdi/1oxoYDEVyNh350BcF3d/eCMBzROXYRTnhiWUyG + nQpBXo+VDzK4piH+JG9YkVFSJKZPjjKUumMP6Eot8wCn6nY6CsJgGAd+PAjF3ogPeLQb8HEkhM9G + syAeH4h9xWVzMN0Mj/Cn97kpWxq04br6p8KrCvcGGnFDDyIKT0cWqczNGCtIY9ivEjfaB3w9PHVH + XrYk+dtjkbcvcXuu8vYlbs9l3rrEyEVCDw5Mi9CEI6dmzEjxRKhLjyt0PrsAMsXyz1Uus7h/gUzD + qX82gUfTQVBtJNM5ZiZquovcZNr3VPD6Rn9PBa8h8Xsq6EwFFlhAxGsdcbf0YsF898FXlsy8FmnD + k64ppN81hfTtFLJNsAgtXq6SXC41mjEjjsq8/9KPfyPpSpYvNz/WzCxTnDRnxblUczA74pWpFvm2 + /mqy67MFUO8K+zXfnY2U/TyLi2pBjBuXVROsvJyW+uI0SacpF13d/r6+OVzbbTYoae/v738BAAD/ + /wMASYYUvW4dAAA= + headers: + Atl-Traceid: + - 14f09708302bf02b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 461ff4f5-1b45-40fe-9e76-3c08c7ed7e6b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '266' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dd10af1e-c878-4f3f-989d-6e393aefb76f - x-envoy-upstream-service-time: - - '99' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2553,161 +2181,103 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - d9e49d4109a65bb5 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 6449a3ce7a140b30 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 93d07d0e-c435-40d7-8d91-e3161a46e86f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '185' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0d2e0944-29dd-4567-8331-744067e63e89 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: pg:5.1.0|http://localhost:8080/finding_group/226] in [Security How-to|http://localhost:8080] + in: fresh:0.3.0|http://localhost:8080/finding_group/9] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2858]\n*Defect - Dojo link:* http://localhost:8080/finding/2858 (2858)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2856]\n*Defect Dojo link:* http://localhost:8080/finding/2856 - (2856)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] | [400|https://cwe.mitre.org/data/definitions/400.html] + | fresh | 0.3.0 | [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/282]\n*Defect + Dojo link:* http://localhost:8080/finding/282 (282)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: pg:5.1.0"}, "update": {}}' + in: fresh:0.3.0"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -2718,51 +2288,57 @@ interactions: Connection: - keep-alive Content-Length: - - '7061' + - '1885' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11099 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11794 response: body: string: '' headers: - ATL-TraceId: - - 767235793f4485e4 - Connection: - - keep-alive + Atl-Traceid: + - 53cf7ee1d815269e + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b20e6ad6-7cd3-463f-91f3-51466f62109b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '202' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e5122b2c-5539-4479-903e-dc9f8ea19694 - x-envoy-upstream-service-time: - - '125' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2772,109 +2348,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11099 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11794 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/yQuIO0+Fo2tLrcVxI2w+UYRRbcVRsySPJSbjCf79d - 2Y4pJQylYQZLK+37s6v95rBNQUXiRI5iImGKJW84yxLdETRnuqPjJctpRxZMUcOl0B2WcJMzQzvx - koqUZTLtrJjScMaSKSsU00yY6q7TcThKDgJ/PIaNZtkCtktjCh15XsIWLDaJ/CpdajKqNafCFcx4 - IMN4tOBe6HGtS+Y1Aq7YNfCfzCZns+448IGysMY60TdHg9JSx9SwVKrryrgEdsAQ+mHQ9fvdcDQL - wqg3iIKROxr6f/ihjzKsDnNdMCvmmTYivxf4vh9uva43CdOx4gVGBKiHROc0yzok4dpwERtScBYz - IhdkLdWVi9yxFB9V9hQrNItLxbwVZ2u6ooaqV5r/xw5ySFKZ71Wk4+Qg8HvBqN7OwNCD1uWOg4kG - XTOqrzBH5dzgKlrQTLOO08hwIivktuMYDsAoIMlOJErwxCmU/ArmPTN6NbeNnc1GEzvc3El4a+lH - wY0BAYivmhud+sve1XJh1lShY5rnRcYBIck9byC4FjL90aY/eoq5dZhrZXWkC46Bhd/dOPf9fdAc - 9jdh/9mCbQotSvZ0/X1EVzDcBMNf07VplNWLR7T1wk0v/DVtNTh1s9ip7fYW63vzqeoukLHzC8hg - miqWQl3/AEPAlMzKqswqSlxqI3PbIi5BQ7i/62D0o4yqdVRULEzb/pyoG3QccNN8gopDXFUXbDkh - phWPKwO+/UBDxIFDeinLLHnNdZHR6xqXQF5TA522amQ/X0NVl9z2Ra+SprBA7PJIlhinAC39jAQu - UicyqkTVsWLgK1bdQ31yMBo3ffJ+1Pxd4Qx2HYS7DnptL+FScXP9zEA07J7twk/vozynKdMecuhG - CAfCkqdLV6/Stvm8A0rTpULnFtEwZ9hOEJz33MK6fNDfYBcSgxE6vqR6UvD4AxdX9jF+zQp8m0Xc - AMbCaG3PthQhxQSeZjrP2JRRXYFQ1Svn9MPHt8cnlx+OjyYnZ5PLyXT6zxTcgBLS4DlcmC0ZOYW+ - KQxBvYRrIkV2TaAmeYZCiZHkPVeUnCqWQ92SUgPCXFul970Yg0D/hvt+fzGPnHtFC7FNuaAZZA3C - 3lYZnt2n1ZNFHV4L8wysa3oBJDAVbHu7LLBqn4DkalZ4JsYq5u179f3z/nOwa2H1J42vYJRqkNUI - r3Qd1UPNLxncTEZVaYCSsHleBVtjdctMqpPKmnlWsm6qoEG144Ekr2WVbJkXMOwJU2fhsZx+H5wv - 4u7fIUmVLAucfN5wkUBL0gSQT+aMCVKUeskSi7nj6SF+54xwsUIFCKSEwNBK4HVgSYTClqFL3qK4 - L+KF/b6IyPlWLBcRKdJo4Aauf4Ohg8hlMqbZUmoTjfyR7y2qu5fWJi8MhxfARc7P8BmDhkLeyXXX - yIeZL4hHzgNtyL8lVYYpMhEpVFUOMXqE4eT0b3JYQsmSs5iKHRerUN3ckDMGtYCGwPro08R+Plef - Jh+4qR9LXM64gapFVpt/WIEggv2L3JBzkNENoVK7wdAfhVY74ileMTfnRjFXqtSLU96dc4FUhIEL - +1e4OPie+wIFjvutkPVdIVCTFHHKYWzDWvbGfXdp8gy5ihT+2bSgiBB+U5ZLw8CphJHJBqKPPKRL - fjtNO2QvMy9J6AaBGxKyl5qXB6Tn+sBsD3ru0O2T5qDfHvTdgbvf0ActfeCCrIY+bOm4HLR0tK6m - B+6wpYctPbx7v9fSe26vpfdber91YL/Vi8s79K1eXIa/70AIBO4QBowV62Dy7bhLHsr0/q5M/w8A - AP//7FjbTttAEP2VkZCQkwZHhJLSoDxQ4AGpoKpQ+tBUirE3iVvHNr4EKsq/98zuelnn0gJKqz5A - UBJ7dnbHZ2bPnM2jMq2915XplyyvJ8tgu3eZF/uT9oU37jXpDESg7pZhFJwc2bfAE0gVU+zEul29 - JtuuoWF5veO+bMjnpKrqJO3O3u4e+Lt5JFs0uue3hFi8APw/O5LD7w24V8QPN97RnMjPx7j4go+t - p29F9r9U/uvsAA+FdFlGscikYjSdibsvSkZu/4eRQMaogya6eBVBjFKTx0c8tRsmbS+YhTkUBvT4 - bqcD4TBiQLEBKnXIEmKYjocE5VV4aNseZapqfa5aYap2pmMLI+6kxcQrKPGxUE43E4iOAhpYOzJ+ - V14uKMnoGue4H4Szps/7LsfsfuaNOABopnIak0SG+JGgojNBkNFU3CSVi0+5D/RwqmAlgqVCf0LY - iZDYUfhdQGSPsIqHsNM0Cn3525lWPFXAkQA+2KGs0u1R6tEQUxnn3gjkwKJ8Ky95COLLryO9nEYm - JxzwQz9MoAes4HN3EHcWZ4dTDKRzDgbh4QyZQehjXoMOizATg6eRykRRZjEqGd/yMioYXSsGjFsa - hMsAbmzgfJEgn/g/TGJfpMUgHg6Hg5iPZgXd0SGeDFrnnvqY/roMM+Fsbuy83U/H8qNRjfTVuD5B - 3monh43ym6sfje9UDgxWn4bnx++PDy9omw7OafO6TIr9Af7k3O2mutGizhJrsz0YxPSKHzNPIuFC - zjtplvg4YrkinjW+cixQxfCI223lPJTLq5AkeA6iaJEjsqzF6DWoz+RDd5hZPxHmCjjs+4YGhqwd - d5oEJWoF261+v/oNpVdjbGjDFZwNyyrWNk4LvG0sC8xtWea427LMsbdlmeNvyzLH4MaywOGWpc7i - wOmD/LUkqEDq6ZEaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAyS - QaVmYZAMKpZFgWRQqVkUSFYxAa8JKolLUnN6Lx1vodSnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5h60v2 - Pw3lUU6Tf9McXTrurXvbo0/yMM/Uo2m+Sgi4MoIlc22nnVVOKldLfV6v8lFJXOqzu8pHpXepT3eV - j8qH8SEHqoxHcF8yvU2WQEvluyUJVyWYm4wX5QmlqnxdYrVgFn2zalGZ0N8vqssB/WlhASxxMk09 - v+CcnSUUygtC8mdhIAI54LwQqewZmcD9oPSFGqx16EfooUyA2vOnNH3pmCZ8vGbx4njBNIwb5DR+ - Tr0wKpKekSBLleyLirX2s81/j1Cx3eeq2K5Usd1/oWLXc7qtSuivq9jt/0jF/gIAAP//Gm3FjuBW - LAAAAP//7Fpda4MwFP0vgz5GjRqtD6UrbIO99blvaWI3GFbxg/793WtiZtLawQbFB8EHMTe516s5 - HjnnanRhsWNaZiG3xcos7LZYmYXeFiuz8NtiZRaCW6zMwnCLlY1RfGGxQ78WFjvMWVhs/zrMh8VS - PfEXFnuttNMppZ3GUwNsrKq2NRdfveSPDgQnNDCh7sCUeh0Y9Xq41alA46vgbcvFJwpiN1wcrmjo - rpKZdF1RcJRBn24qe9g49DKU9R+FUqQdWy4EuiXe5YadeBxJelzHATtCIWma0TBMMI8Jggx3wnJ8 - qjspIUcDkT81IM6gL+a5vPCmQo6Ki941JylDjfdRqzD49he+OvUZDWmc0yCPQpklIhIspWLNpAx4 - cqL5eis3/SqraLcK3+BQ80jBz1qmJERdaryuIRfoCAk9fOs9hXTYMlJx3mDHYH7Px2FXwenLniRe - dcb6XdfT/Ct2vVPzr9j1X829YsAbqbxO2low/o/ca+Mg7ifUtpQlSWHWAYAWwl+7uqxy/wAwI9B3 - ozce+v1g1OxkzKOdi9qVUGuYXaDg8Q99gYJHVPxfKPgGAAD//6K3i+lYFKC3IIDtJ6XqWpAeWLsD - 6PZ0SFasBq0hhrINgBbmlyTmAFlYTMG1rNEA17JGA/iyRnQJeLsN2KXOLMrPg7SMIEIppdB16xAu - US7Nz4WYUA1jQktBMko+pBX3+jBzdZRyEyuCIMMgKHaDV6gVlTiWQNxRBmyDk7usDn0NK8QsuJlA - qzISi8Pywev74Ktm84vAq+ZANsLdgepYIxTXQjWAQ6e2thYAAAD//wMAkBH5d/4wAAA= - headers: - ATL-TraceId: - - 0febea9207f2a9c4 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDcMGHU6HQomoaWUGpJ8IAxzSGvpwvlOuTvZJoH/3l3J + MuHFmUCnGX/Qve3LPfvs3vqzB/OKq9xLPQMqBwP5vgCZW1/xCVjfZiVMuK8rMNwJrawPuXATcNzP + Sq4KkLrwp2As7kE+gsqABeUWZ7PaOj0Zk8KLOIriKDDwsQbrTq8rODY8cyIDz/cE2Y/jre0+TizI + MU5L5yqbhmEOY8hcrj/ogDvJrRVcBQpciJZcyCsRJqGwtoawU3AF1yh/dDo8Oe3F/Y1NXGpcsF76 + 2bPoW20z7qDQ5rq9Q44zlEiiJOlFg168fRpFaRKl/Y1ga6P/c5REETlJRhw63qh5oZMkHyIUUbK8 + 9mKSg82MqAg4XN1hdsKl9FkurBMqc6wSkAHTYzbT5iog6UyrN0Y+04taCQoXlxd8yh034VTALGzc + unNwsRVH6/HgNys+wa8TDHs9QatECzR5yu0Vxaq+dDRKx1xa8L1W8ADv1cj6XimQOCYrrw9hCuhr + dOt7TiCzKmSJl6oa7+g9oMl61G1URn/AG70Q8IV0A3cTwA5umnxBkrtbvVHCOVRgvaVtYuqfzVmr + x27GDfHVikklBTqcP7g5xqNhWX8w7w+e6e5XItPdZBmXfrSFbiT9edL/f6200W+4iAbjzXm8+T0M + zjuL68l8PfkeFhcEv719TMd4FU+TbmMs5m/bGojRPztHNhSFgQLLyiOuo59a1m2WP6k12Vq1MVi1 + sf1YeVvS2lUqGE319tJejFPusKi3xfD5SdWW2rviGrbqDKVMM9zVNd02poL5jhaEKrzUmRpuFzWU + tBmRtRh8frRGnuFRW+pa5nvCVpJfL9IMl9Et9xbjSam3QMMAXpZy+6kCvr6ddAX8IWzLMvNwY1XA + k2XAKyO0Ee76hSB24mHzCnx7HRcTXoANScJ2SgQulKIoAzst7irZa1zpSl7iPSZ1st5dRfJLoKJF + tH34Xm+uACJexdF4QIiU3A4rkR0KdbVPO3tQUW+hsi6OTXRnzd5yRWk1xNaCX0oYAbctN8xi5B0f + vnl1cHRxeLA7PDoZXgxHo79HeD9MLouQ4IHTEtgxVmflGNllwjKt5DXDTBeSlDKn2R/CcHZsYIKp + zmqLrA2eyvgYE8qLbkQUDeSn1GtfLIwewn+XVfdSHANRCMXlw0OLzmgBb8N0id51VQIjWyhYnq4r + SttvYHLbxLyQfK3w8lW833c8j493fPudZ1fYCnaU65S3tnYX3dZ/crhr2dqcQSNJ94grmFF2a6nN + UevNpayhVxisG3cNi2Z7ug22nlTYrCq3iMLX4ncfnPfqy98OK4yuK2rJ9oXKscxZhsxnlwCKVbUt + IW84dzDaoe8lMKGmZIBIkzNsuhm+G5CnpKxMAvaK1L1Xa813LWVnS7VCpWyMiJRpFKwH0Q2hh+BJ + nXFZauvSQTSIwnF7/KJxK9w+RzF2dgJZTaWGvdazntNPi56zkJ3F1rF/am4cGDZUBabVBEH6isDR + 8V9sp8acZScZVysOtljd3LATbAAbR3C8+3bYfN61ny4gNFm8ozQ8FQ7TlkQbAuAIFTGqbOyGnaGO + XoKVqBdvxvF2Y50IpaZ5oLBnDgo9Dae1VEgxhyUgvH/+nFT0oxZKkstmEEyEMxBoU4SYh5y4KbAh + pPwN8WhQuokkuSYS+G1iQXpGUNSSI2pz+vvTuL8HSnBJ3DgBM8V/OazHftwnQZ/9IN0vKLwRJD+t + AA2V7uBbOAWf8GgaTXZDOK51KKZrDRC0xtb2amB7SCpcPIHKBSze8hmVEHafsd2vjIMlZd+rfwEA + AP//7FnfT9swEP5XIiQmqEiapE0pnRCrxJB4YEJM44G9YOyUZmrqKD/KJMb/vu9sx6SBsI0hxAMS + KknOPl/uzp+/u+B+4L38S9Tp2A/HIbKgd6h2OjbhD+kQBsLYP85ztvCz/dhrP/3STg+pBcF3/HOf + FWWsiYRRKv4vz9Y93/sqqxx+PEoWMXZ4rH394br8qJKqMfDwHnl6QAi7rAQkmS3tJbLPxCopgF4g + AVE4AijNyMtIl/rkoehdKuWXDo5Hh0xFSWYOxNwE3RhCQRc26IUJ+s2cAI1B3/LaAZnlkONk5Tmb + 0Up0jgJqsqr04Pnze/0nUlSL2CDXuqhmy5NGHmHEqeKSohZDCs/sW3FDAUbOMRsPkZNqI07aztxp + PCjAPzoE+Sp26YRJ+MOBWjpjKzoTG1Ei5JrQDyUXbqecQ98EqH+1SLiJ4EmioN4E8Js628nnJjL6 + rRyZOwsIcs9G/jjNGC9pzhfpJOrGQd2ySkQs1nLpDDsKhAdL/0uGmKmZJKCnBN9iIk2W287W9q8U + CVzKCZL2IV0OuuhyMOwSRLWAjtgyB0VQtQCx+9ZQ3w5tCywFrd+pa2AXJfW7yibflk2sLBmf02n3 + SPXWpgRFlaaMuMxG1/FMvqOaRObPJDy0ow4Y51RJHYv9aMaGAxFcjYd+dAXDd3f3gjAc0Tp2EFZ4 + YlhMgZ0KQVmPkfc2uKYg/iRvWJERKJLSJ1sZKg6xB3alhnmgU3U5HQVhMIwDPx6EYm/EBzzaDfg4 + EsJno1kQjw/EvtKyOZhuhkf40/PclC0N23Bd/ajwqsK9gUfc0IOJwtM7i1zmZowV5DHMV8CN8gGX + h6fuyMuWZH+7LfL2LW73Vd6+xe2+zFu3GJAjdCvBlAhNOnJq2oy0n4h16XaFhq0LMFMM/1zlMov7 + F4AgToW12XjUHYTU7mRax/RETXWRG6R9h4LXD/o7FLyGxe9Q0AkFlkjAxGu9427pw4K59qFXlsx8 + FmnTk64upG+7kG2B7em1BZahxctVksulpjqmxVGZ71/69q8slanWcFtfGrB7BsA1Pt31a707Gyn7 + eRYX1YIUN9ZWDaW8nJbajpUsX66PrZVZpVhrzopzqfpxdfOZOunU5aIlrSHr1oZr5poJyj13d3e/ + AQAA//8DAJViUqFuHQAA + headers: + Atl-Traceid: + - 297386c1de07c3ea + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9e5c1014-2483-4903-b199-61a7141345b2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '219' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bfd212e1-cdef-4514-ad3b-53ce5ad4bf90 - x-envoy-upstream-service-time: - - '134' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2884,174 +2453,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0zYlN9GDiqxCuycRyccUK2lSmlRYlv3vprj4cRveeZ55 - mRNRMuBhsUSQ9xjnIHY7gwPqaPyHL2S0MoRRusJhJBn5xCWM3iWYAtACCsi7/fVzd/fU/27366TS - RMTLBmWQwWtGDM7WHyd0sT/OmA7cWL+aJKl1tOZbIWITan4Jb2XcwBJKmkOVl7ynlQAqWFUAwBWU - AMkPuKTefpz+sW1PS8FqwZqiZu0Pq6d7N/gE8rLlTT0oqRkyiQ3ooeGNMkpyGDSArCrOFbI/BdFu - DQ/jIsn2ziBXGx+9llt8IvYyEXRvh46cz18AAAD//wMAqsGWU1oBAAA= - headers: - ATL-TraceId: - - c556f21993fbb065 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+29687O6f29/tdhm7 + NIF4XaEMMzxkoPRk/XHULrbHSacDt9YvKkndMlj1rYBIAsX6Et7JuIIUKc2xyQveYiOQC1oTRLxK + JCY/6Dn1tsP4j71uEQVFUXNSUvbD9uODMz6BrCq4KY0xJW8oZVg2iFUtKSt6iYr1nFcaS/a3INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwCy5435WgEAAA== + headers: + Atl-Traceid: + - b6d7ae4b9650caee + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2c3c86e1-ffce-4624-9cd3-a7d5740f25ed - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b8f2560a022813e5 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 64c1ccca-ab3d-435c-9bd4-6b34153f2ffb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e83d58df-083f-4366-b4ed-223cec08fd87 - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3061,96 +2523,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11100 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11795 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jdSSH3DdDhIW+56HBfS9gNlGGFvbIEjeSQ5CVf6329X - tsNLG47Sgxksr7Vvzz67El88WFZcZl7iaZAZaMjeCCgz05N8BqZn0gJmvKcq0NwKJU0PMmFnYHkv - LbjMoVR5bw7a4DfIxlBpMCBts9freYIsR1EUhvhioJzia2FtZZIgyGAKqc3UhfK5Lbkxgktfgg3Q - hg14JYI4EMbUEHQGLuEK9Q8no+NJ/1UUoWTqgvWSL55Bp7VJuYVc6asmuAzfUCEO46gfDvrxcBLF - yebLJA79ze3wlzB2Vp0Pe1WBM/PEGEk/wCjDeJV1+5KBSbWoCBGU7jIz42XZY5kwVsjUskpACkxN - 2ULpS5+0UyU/6PIxURhIaw3BXMCCz7nl+rUR/8DODItUz541ooNsJwo3o2H7OsFAd25S7nlUaPQ1 - 4eaSalSfW1olU14a6HmdDS9xRr72PCuQGBUW2UtkjZl4lVYXGN4T0Wu1HXauGh129wp+E+kHKaxF - A8SvVpuS+sPtNWpqF1xTYkbMqlIgQ7J72SC4jjKD4XIwfEy4LcytsxbpShCw+HMb50G4jZ7jwTIe - PNmwK6FjyTPTPh/wFW0to62f87XsnLWLB7xtxsvN+Oe8teQ03WKtt69fqb+XH5vpghU7OcUK5rmG - HPv6Gxoip1RZN23WSNLaWDVzI+IMPcTb6z4Mv7XRjI5GSo3pxp+X9KN2XhCDtUgbd1++kRG/MHxT - qLrM9oWpSn7VshDFCJT9iD1LzGxdcIuTthlkP95DzZRczcWgsaapQdxyT9WEk4v9EwmEzL3E6pqC - STVgrtR135uTUbjVzcn7qIXr4IzWfYjXfdi8mSVCaWGvnghEpx64Kfz4OSpmPAcTkIbpjAgUFCIv - fDPPb4bPO5R0Uyr2XC3PgcYJkfNeWtSX3803WsfEaEiJF9yMKpG+F/LSHcb7UNHZLNOOQo5YC/dt - JZFKjvBo5ucljIGbhpa6XXlH7z+8PTg8e3+wNzo8Hp2NxuO/xpgGtpDBzHHDpAB2hHNTWkZ+mTBM - yfKKYU+Kkowyq9jvQnN2pGGGfctqgwzzXZfez+IVGgyvRRgOpheJ1xwZWCRE+aap7jQy4p0Lycv7 - m9qbRQuvo3mJ0XWzAAuYS1jtrivq2kcwubkrPJFjjfLqvLp7vP8Y7W5o9RtPL/Eq1TGrM9742msv - NT8VcHczaloDncTd8SphQd2tSqUPm2jOyxr6ucaRdXM9UGxfNcVWswove9K2VXiofnfB+Sxv/+6y - XKu6opvPGyEzHEmGIfPZOYBkVW0KyBznDsa79DwHJuScHBBpMoaXVoanA2QJGStin70lc5/lhntu - JOxkZVbIhE0RkSLBi58fXhN6CF6pUl4WythkGA7DYNpsP3NhBXG8fYqK7OSYTjKcKeydWvSt+r7y - KQvYSWQs+7vm2oJmI5ljY80QpgcUDo/+ZLs1di07Trlcs7FB6/qaHQO2AwWC672PI/f41Dy6ktBL - e17SciIsNi6pOgrgCg0xGmHsmp2gjX6Ms6gfbUXRK+edKJXOwZ8Jq8FXOg/SXPTPhSQpMcHH99e0 - 2LmrfUoGB2EDrbOyuG0F+5ITVwVe3aifA9zqF3ZWkp6rDD5dbcjOGPK65Ijhkv6dcMnsgxS8JK4c - g54LvDD32fM3pNhjz0r7Kyq/9OMXayBEo7t4LM+hR+i4KyG7JlQ3ftNcpkUw4XmywQ4Rw0ZaizI7 - 2L8tQogxHSJocUvc/RaRvyKxe9/0//80OoIG8fDlNtJiY981P/blhWI0FjGw/1Zkz+nvC1Rv+fQv - AAAA///sWW1P2zAQ/isREhJMJE3SppROiFUak/aBCTGNSWwfMHYKkZo4yhubWP/7nrMdtw0EbQgh - PiChkvjO57PvfPfc5TemkUvQJr8f4+UH/rlPsSVJONcSntO1Vsd8Xi8yFKKUjazLm5uNg1T+s2LG - 8djg8w5BolUik4hK5k57iRww0SQlAhjSfRSOEZfmdKrwkDb5kLku1SKXDjKk06y0QFwqjJXjlZWF - tXJprHx7QzGNQV527QC1ctCRXHnB5rQSpVLEmryuvJ+Zs7bLEynqRWy2uElqYfF0zXHAcaqgn2jJ - oF5X7w8teU0AOG8wG4Pt2U3NHmiKWnFvbQBlveghFE3sUpJJ+H1GTZ2zhtKiHcai5Gv0Q56G1xnn - kDdF4L9aJFzZ7yRRsd6Y75tK7nTixi56T44snAUIhafmfE5zxivi/yKdRL04qEGaRMRCMXyt4rzU - dsO4qHmsmc01P8OVAgiCLv/jMmpiLinwk/fvMJEm2a6zs/snBXqq5BQ+fB9AB30AOhi1BMqtVQFs - oAA7VRRd1qhHht9LsKC03VEfYx9I9W251CUcWHBXVYzfUPZ7oGrrgoSyTlNG6GarL2HT2VGVIosn - QiC6YEeMc6qDUF9GczYaiuBqMvKjKyi+v38QhOGY1rFMWOERtpgMOxOCLgE4Vzq4puL9IG9ZmVOc - I6GPth10qewBbyk2DwBroB8HURAGozjw42EoDsZ8yKP9gE8iIXw2ngfx5EgcKinbw9l2+Al/ep6b - ssygD9fVQ6VXl+4tTsQNPXJ8T180OjI3Z6ykE8N8FdRRUODx46k79vKM9O/2M16/xt2uyOvXuNtZ - ee0aIxYJ3dcwRcM6Gjk1LUG6T4S7dLNBx7MLxFqwH9eFzOPBBUIQp4raXDzq5IFqbzKtY3qSpt4o - TKR9CwUvb/S3UPASGr+Fgt5Q0EUcgFBbd0ua0yIM6H6tr+IdfR0wzz4WlBVb4OkBKX0NS7+vYenb - hmWXYKFbnDVJITONgUw3pDZfpPTrv2jayOrZusJalpWJhVDNnkvVMWs703AtrfFd+2ii7pPXV9/u - Bq3cva2U/TqLy3pBgtf2qnpdRTWr9L6p5U79MNq5Hd+cHG7MNhOUtsvl8i8AAAD//wMA8l49atgc - AAA= - headers: - ATL-TraceId: - - 160408fd799d8b1c - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsNNupkOhSchJZSapzkgTDMIh1LW6RddXflS0P+e8+R + LDsYnAl0GniQVrvn/p1vjz86sCi5TJzI0SAT0JC8EpAnpiN5AaZj4gwK3lElaG6FkqYDibAFWN6J + My5TyFXamYE2uAfJGEoNBqRdnY0rY1UxJYXXge8Hvqvh7wqMnSxLONc8tiIGp+MIsh8Eg4M9XBjI + p7jMrC1N5HkJTCG2ifpLudzm3BjBpSvBemjJerwUXugJYyrwWgW3sET5s8noYtIN+nsD/FS7YJzo + o2PQt8rE3EKq9LKJIcEVSoR+GHb9YTc4mPh+FPpRf+juDQY/+qHvk5NkxKLjtZpnOknyHqbCD9dh + rxYJmFiLkhKHXw+ZKXied1gijBUytqwUEANTUzZX+tYl6VjJtzp/oheVFFQunl/zGbdcezMBc692 + a+Pgaivwe8HwZyP+gZcFlr0q0CrBAk1OuLmlWlU3lt6iKc8NdJxG8ATjqmU7TiYQODrOlqcwA/TV + /9RxrEBklYgSJ5IVxuhswaTn79oI2o1Sq78w1GdWYiVd16GubFsHWnyGnk24b6WwFhUYZ22bIPxb + fdaoqZ1zTUA2oihzgQ4nWynBQtXw6w8X/eET3f1CydpI1gXr+wT3sL8I+/+vlQYWNUjRYLC/CPa/ + hcFFa7EXLnrht7C4Qv6nTw/hGLZwnIrFu4YDsciXV1j0NNWQIq08wDq6o/Kq6fJHQR4Odm0Md20c + PFTeUFrzlQijZm8n6ga45BZJvSHDp/dOQ7UbcvUadZo6o349UhVFGxBhvqcPQqZOZHUFmEFUat9h + 0qk/GudqfaRfi7jJyscH38hXFDaZqvLkWJgy58tVf1FVNGCw1MKPEXgYhC2Bb6dtF82Ea5rZ3lgX + fHujtyEmobSwy2dmtxX36uvh6wleFDwF45GEaZUI/JCJNHPNLN0w2Rv80lJe6NQluQHiJoLt9n29 + vyPeYBdGgyEFnnEzKkV8KuTtK9o5hpJmCxm3VatrOa/31l+kkiMcLfhNDmPgpkGCXr0556dvX5+c + XZ+eHI3OLkbXo/H4jzGGgc1lMHI8MMmAnSMJS8vILhOGKZkvGTa0yEkps4r9KjRn5xoK7GhWGUSt + +1hjB9hQjn8nfH9YDCKnubGwSJjlTVfda3HMdyokz7cPrSajVXprXOfoXcsSWMBUwvp0VVLbfgWS + myHmmRhrhNeX3/2542mw28DqFx7f4ijYIqtV3tg6Wk1b/8nhdmRrWgONhO1dLWFO3a1ypc8ab27y + CrqpRpbYDCyKHaum2KoocViVdlWFL9XvfnI+yM//D1mqVVXSSPZKyARpzjBEPrsBkKysTAZJjbmT + 8SE9b4AJOSMDBJqE4dDN8N6AJCJlWeiy16Tug3xRP19E7HKtVsiISYzeCm6Vjnx3z+3dUQoxg7mK + eZ4pY6OhP/S9aSNzXfvmDa5Qll1eQFwRrbA3at616nHRK+axy8BY9mfFtQXNRjLF3iowU18QODv/ + nR1W2LjsIuZyx8EmYXd37AKnwNoRfD96N6of75tHWxVarC5Tep0Ii71LojUK8A0VMWIxdscuUUc3 + xH7t4rgZBrV1QpWcJa7EwdlN1cybVblEnFnkAe/++StS0fP9tVw8B7cQVoOrdOphM3ICqMDhj5rY + w6NuZouc5DblwEVdEFIW4t8Y0irnmL4F/Riq4zgGKXhOSLkAPcPfPKzLvj9ba+iw73L700tUs+/6 + P+zIIao/xNtwBh1KTz1jssdysY+x7fUOvjoX+/8CAAD//+xZ227aQBD9lVWlVIBig43BQBWlSDRS + pKZCjdqH9IXFu4ArwJYv8JKP75n12lzCpSUKolKUCLBnxjs7lzM744xf2cL5e1s4R21xXjsgb/Lg + 6lSUTegeq/RSyXpIONx8lGFiMsu9ZgSvbDOb87+JZRbprK7r5lu6Nc/Xqq3SpNJTeAio+h0wqhRQ + +6gcK+GjvMsAh7fPKsg9EH7hyzgpDbAmokg94nWJuOmDymOQRrDmnT+VwEGZWfzjOPnEPQ+7UD9X + Qbcm2FvhdQW4WqgRAMg1Bpp+UOVi4cfAfEll0AWUj8jqCKS8XpNPB6sVBgwnC0b6o5vVZ4lIx4PW + juJBFPEQ63jgSYLCGF+z5cT3JgwH2vEYyJoC6ljIsdZ8zDhDg+BBEKcVL+Ij0mPQVRs1vvL5OAUI + D9hEcgHJBUdpM7Pdsp8rhR4CkU7lepXYpOftSWc9JsHSV6d3kdNBHudka/MJ4JxAHDcR5SrJO8cd + Q+jeoQ+KL1zStmI8JUyHU9/TTnvwVU3UPvuhDkFkYe2MTBkGcJmCEOnNQ+5+FnIvIZlvAfPVBUMf + t/CFFBvh9B1JhZMhlv6XoNCiYUDFkGK8xMXMn5dZqfw8QwwnQaeI252o8daI4bZPQwy3DcRw269F + jJOKxQvEOLVcrTv43IjRfEeMMyCG838hRrMQPYIYLycR1r5JhOXsIzRyAnUvSYSQUWMWGpNssdYK + 1m1C0d3ne9rHuK/brxUTqY1meLuJUiE9oT5i55ShVoyv4nQ249QmfjjY+ZABaeYTRCc2lNT53yL+ + aFJ1L24aI+7UhTVsObXGEAq5btuy7Sb1rwUTVjjAJsm7XSEotsG50sHQc8XPwZLHIYEjPfTgRFg5 + Q5roXhWbiXY1n0o2LNtypFWTdVu0m17da7iW12oIUePNkSVbt+JGPeWq3r2y7/CfyRkzPteNnGFk + t2IzjY0lLGLYJlQUZpZeZDIj5Dwmi0FeATifxvjZ6xtNM5yT/tvT5cvXeHs8ffkab4+3L11j4I7I + BrN6BLN+LOnrtzWUT9S5ZePgDLue0PSD/UsaBaGsPgGHPJpP6sSjlyygFplM6+h3Tnp6E2m4fYeC + U53+BwAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMCbHUAnpkNyXDVofhbKNgCam1+SCJ12Rm92 + 4JrlMcA1y2MAn+VBl4A301LzyjKL8vMgbR3oEHIpdH0BhEuUS/NzISZUw5jQwo6MAg5paYQ+zFwd + pdzEiqDU4tIckMFIdoMH7ItKHEsg7ijLL6HePCHEMLihQLsyEovD8sHzHbCpPNBMJWgWAWQl3CGo + rjVCcS5UAzh4amtrAQAAAP//AwCepF1xziIAAA== + headers: + Atl-Traceid: + - 7ac28e19f2129399 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 644d75c3-b772-440a-8273-9bbffbfab3bc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '275' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dfc2df39-1112-491b-b0ae-442837b2260e - x-envoy-upstream-service-time: - - '156' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3160,98 +2630,118 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - f6bc308af3373428 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 064f5a772e6e0384 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a77e7930-3595-4d36-82ee-446f9ae5e1d1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '378' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 12a09e2e-4207-4600-b9e1-3a0c119ae388 - x-envoy-upstream-service-time: - - '84' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: fresh:0.3.0|http://localhost:8080/finding_group/227] in [Security How-to|http://localhost:8080] + in: negotiator:0.5.3|http://localhost:8080/finding_group/7] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2857]\n*Defect Dojo link:* - http://localhost:8080/finding/2857 (2857)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] + | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/280]\n*Defect Dojo link:* http://localhost:8080/finding/280 + (280)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/279]\n*Defect + Dojo link:* http://localhost:8080/finding/279 (279)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: fresh:0.3.0"}, "update": {}}' + in: negotiator:0.5.3"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -3262,51 +2752,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1903' + - '3261' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11100 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11795 response: body: string: '' headers: - ATL-TraceId: - - 8731cd01a1e4897b - Connection: - - keep-alive + Atl-Traceid: + - f08badf418cd64a0 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f14c622d-405c-404d-9e21-401c9a6f61f6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '211' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6e678242-8a72-4d3f-8296-e816f39e7136 - x-envoy-upstream-service-time: - - '120' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -3316,91 +2812,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11100 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11795 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jdSSH3DdCikLb0ex0HafqAMI+yNLXAkjyQn4Ur/++3K - NqFpw1F6MIPltfbt2WdX4osHi4rLzEs8DTIDDdlrAWVmepJPwfRMWsCU91QFmluhpOlBJuwULO+l - BZc5lCrvzUAb/AbZMVQaDEjb7PV6niDLURSFIb4YKCf4WlhbmSQIMphAajN1qXxuS26M4NKXYAO0 - YQNeiSAOhDE1BJ2BK7hG/cPx6GTcfxFFKJm4YL3ki2fQaW1SbiFX+roJLsM3VIjDOOqHg348HEdx - svk8iUN/czv8LYydVefDXlfgzDwyRtIPMMowvs26fcnApFpUhAhKd5mZ8rLssUwYK2RqWSUgBaYm - bK70lU/aqZIfdPmQKAyktYZgJmDOZ9xy/dKIf2BnikWqp08a0UG2E4Wb0bB9HWOgO8uUex4VGn2N - ubmiGtUXllbJhJcGel5nw0ucka89zwokRoVF9hJZYyZepdUlhvdI9Fpth52rRofdSsGXkX6Qwlo0 - QPxqtSmpP9xeoyZ2zjUlZsS0KgUyJFvJBsF1lBkMF4PhQ8JtYW6dtUhXgoDFn7s4D8Jt9BwPFvHg - 0YZdCR1Lnpj2eY+vaGsRbf2ar0XnrF3c420zXmzGv+atJafpFmu9ff1K/b342EwXrNjpGVYwzzXk - 2Nff0RA5pcq6abNGktbGqqkbEefoId5e92H4vY1mdDRSakw3/rykH7XzghisRdq4+/KdjPiF4ZtC - 1WW2L0xV8uuWhShGoOxH7FliZuuCW5y0zSD7+R5qpuTtXAwaa5oaxC33VE04udg/kUDI3EusrimY - VAPmSl33ozkZhVvdnFxFLVwHZ7TuQ7wcGUJpYa8fmW+nHrhh+/BxKaY8BxOQhumMCBQUIi98M8uX - M+YtSrphFHuE0koqm10qJb8AGidEzpVN1Jc/BCJax8RoSIgU3Iwqkb4X8sodxvtQ0dks045Cjlhz - 9+1WIpUc4dHML0o4Bm4aWup25R29//Dm4PD8/cHe6PBkdD46Pv7rGPPDFjIICW4YF8COcG5Ky8gv - E4YpWV4z7ElRklFmFXsnNGdHGqbYt6w2yDDfdelqFi/QYHgjwnAwuUy8laZF0HMheYnlxHosu4y+ - rcram0ULr6N5idF1swArm0u43V1X1LUPYHJzV3gk+Rrl2/Pq2+P95/i45Nsrnl7hVaqjXGe88bXX - Xmp+KeDuZtT0DDqJu+NVwpy6W5VKHzbRXJQ19HONI2t5PVBsXzXFVtMKL3vStlW4r6bfgvNZ3v3d - ZblWdUU3n9dCZjiSDEPmswsAyaraFJA5zh0c79LzApiQM3JARMoYXloZng6QJWSsiH32hsx9lhvu - uZGw01uzQiZsgogUCV78/PCG0EPwSpXyslDGJsNwGAaTZvu5CyuI4+0zVGSnJ3SS4bBhb9W8b9WP - lc9YwE4jY9nfNdcWNBvJHBtrijDdo3B49CfbrbFr2UnK5ZqNDVo3N+wEsB0oEFzvfRy5x6fm0ZWE - XtrzkpZjYbFxSdVRAFdoiNFsYzfsFG30Y5xF/Wgril4470SpdAb+VFgNvtJ5kOaifyEkSYkJPr6/ - pMXOt9pnZHAQNtA6K/O7VrAvOXFV4NWN+jnArX5hpyXpucrg09WG7BxDXpccMVzQvxMumX2QgpfE - lRPQM4EX5j57+poUe+xJaX9H5ed+/GwNhGh0F4/lGfQIHXclZDeE6sYrzWVaBGOeJxvsEDFspLUo - s4P9uyKEGNMhghZ3xN1vEfm3JHbvm/7/n0ZH0CAePt9GWmzsu+bHvrxUjMYiBvbfiuwp/X2G6i2f - /gUAAP//7FltS9xAEP4rQShoMbkkdzn1itiDWugHi1hqwfaD625OA5dsyJst9v57n9nd7OViI62I - +EGQM9mZnZ3dedlnJr8wjVyCNvntGC/f8c99jC1JwrmW8JSutT7m83qZoRCl28i6vIlsHKTynzUz - jscmn7dIEq0SmURWMjHtJXLERJOUSGDAAVE4RV5a0KnCQ9rLh8x1qRa5dHBDOs1aC+Slwlg5XltZ - WCuXxsq3N5TTGORl1w5QKwcdlysv2IJWoqsUuSavK+9H5nR2eSJFvYzNFjdJLSyedRwHHKcK+omW - DOp19e7QkjsCwHmD2Rhsz25m9kBT1Iq7nQGU9WKAUDSxS5dMwu8zauqCNXQt2mEsSr5GP+RpeJ1z - DnkzJP6rZcKV/U4SleuN+b6qy51O3NhF78mRhbMEofDUnE9pznhF/J+lk6gXBzVIk4hYKIYvVZyX - 2m4YFzWPNbMJ8zOEFEAQdPkfl1ETc0mJn7x/m4k0yXac7Z3fKdBTJWfw4fsAOhgC0MFkiBB1wVJV - ADQoJE+lRo/Vt6x9whAo9S0obbc6xGjLpT7hoCVsAL4+KGBVxfgNXY0aQJR1mjJCN1tDFzadHVUp - sngkBKIAO2KcUx2E+jJasMlYBFf7Ez+6guJ7ewdBGE5pHcuEFR5gi8mwcyEoCMC51sE1Fe97ecvK - nPIcCX2w7aBLZQ94S7F5AFgj/TiKgjCYxIEfj0NxMOVjHu0FfD8SwmfTRRDvH4lDJeXNeP4m/Ig/ - Pc9NWWbQh+vqodKrS/cWJ+KGHjm+pwONjszNGSvpxDBfJXUUFHj8cOpOvTwj/fv9jJevcb8r8vI1 - 7ndWXrrGSDlC9zVM0dBFI6emJUjxRLhLNxt02rpArgX7cV3IPB5dINNwKrVN4FEnD1QbybSO6Uma - eqMwmfY1FTy/0V9TwXNo/JoKBlNBH3EAQm3drWhOizig+7UOxTv6OmCefSwoK7bE01+kDDUsfduw - 7BNs+69PsNAtzpqkkJmGOaYbUpsvUvr1XzRtZPVkXWEty8rEQqhmz6XqmLWdabiW1viufTRZ99Hr - q293o1bu7lbKfp7FZb0kwZ29ql5XUc0rvW9quVM/jHZuxzcnhxuzzQSl7Wq1+gMAAP//AwBmiCi1 - 2BwAAA== - headers: - ATL-TraceId: - - 6e7e8f52ab3250dc - Connection: - - keep-alive + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm1K8SbZktnJdFxbSdy6ris7yYPj8cDkikRNAiwA6tI4/95d + UpTiizKxO439QBLA3s6eXaw+OrCouEyd2NEgU9CQvhJQpMaVvATjmiSHkruqAs2tUNK4kApbguVu + knOZQaEydwba4B6kE6g0GJB2dTapjVXllBRehUEQBp6Gv2sw9nxZwanmiRUJOK4jyH4YDvd28MNA + McXP3NrKxL6fwhQSm6q/lMdtwY0RXHoSrI+WrM8r4Ue+MKYGv1NwA0uUPzkfn533wsHOEJcaF4wT + f3QM+labhFvIlF62MaT4hRJREEW9YNQL986DII6CeDDydobDH4MoCMhJMmLR8UbNM50keR+hCKJ1 + 2KuPFEyiRUXA4eo+MyUvCpelwlghE8sqAQkwNWVzpW88kk6UfKuLJ3pRS0Hp4sUVn3HLtT8TMPcb + tzYOrrbCoB+OfjbiH3hZYtrrEq0SLdDkOTc3lKv62tJbPOWFAddpBY8wrkbWdXKBxNFJvjyGGaCv + wSfXsQKZVSFLnFjWGKNzjyb9oNuotPoLI3om4CvpBu4mgR3c9PEZSTZRvZXCWlRgnLVtYupvzVmj + pnbONfHViLIqBDqc3osc89GwbDBaDEZPdPcLmekiWedlEBCro8EiGvy/VtrsN1xEg+HuItz9FgYX + ncV+tOhH38LiiuCfPj2kY7iNp1G3MRWLd20PxOxfXCIbskxDhm3lAdfRT1XUbZU/qjUabtsYbdvY + e6i8bWntKjWMpns7cS90HUTNvkNEiLztgabwCUAtktazjw/WiNaIjclVXaSHwlQFX67Ij8tzbvGi + aBvs0wu1bd+bhu236jSVYfN6oGpCMCRX39OCkJkTW12T7UQDBku1/VgDj8Koa+D3YVu3mfsb2xIe + rRNeaaG0sMtnBtyJ+80t8PV9XJQ8A+OThOmUCFzIRZZ7ZpZtOtkbXOlaXuQ8JHXU70Ip+DVQ0yLa + 3r+vd7cAEW7jaDgiRHJuxpVIjoW8eUU7h1DRbCGTjjENj+bN3npFKjnG0YJfFzABbloW6tWbc3r8 + 9vXRydXx0cH45Gx8NZ5M/phgfFhcBiHBA+c5sFPsztIyssuEYUoWS4aVLgpSyqxivwrN2amGEkud + 1QYZ5j1W8SEWlBPciiAYlcPYaW8szB7Cv6mqOyWOiciE5MX9Q6vJaAVvw/MCveu6BGY2k7A+XVdU + tl/B5HaIeSb5WuH1rXh37ngaHzd8+4UnNzgKdpTrlLe2DlbT1n9yuBvZ2ppBI1F3iUuYU3WrQumT + 1pvrooZeprFDbQYWxQ5Vm2xVVjisSrvKwpfydxecD/Lz/32WaVVXNJK9EjLFlmQYMp9dA0hW1SaH + tOHc0WSfntfAhJyRASJNynDoZnhvQBqTsjzy2GtS90G+aJ4vYnaxVitkzCRGbwW3SseBt+P1bwlC + RLBQCS9yZWw8CkaBP21lrhrf/OElyrKLM0hq6jfsjZr3rHpc9JL57CI0lv1Zc21Bs7HMsLZKROoL + Aienv7P9GguXnSVcbjnYAnZ7y85wCmwcwfeDd+Pm8b59dFmhj9VlSq/nwmLtkmjDAnxDRYzaG7tl + F6ijF2G99nDcjMLGOrFKzlJP4uDsZWrmz+pCIs8s9gH/7vlLUtEPgrVcMgevFFaDp3TmYzFyIqjA + qZCK2MejXm7LguQ26cCPJiGkLMK/CWR1wRG+Bf0YauI4BCl4QUw5Az3D3zysx74/WWtw2XeF/ekl + qtn1gh+2YIjq9/EmnoFL8DTDJ3sMi12Mbae/99VY7P4LAAD//+xZbWvbMBD+K2LQ0YbajR0nTjJK + V8gKhXWEle1D9yWqpdgeSWz80n7pj99zsuwkbl42l5YMSkJi++6k07080p0LfmUL5+9t4ey1xdva + AXlTBtewpWxCz1hrlEs2QsLh4a2MM5NZ7ikjeGXr2Vx+Asus0lndd8zXdGuZr2e2SpPWSOEhoOp3 + xGingNp75dgxfk42GWD38lkLuQfCL/wZjdIAcyKK1BAvS8R1H7RuozyBNa/CmQQOysLiH/3sE/c8 + rEJdLoNuRXC0xOsWcLVSIwKQaww0w+iMi4cwBeZL2gZdQPmUrI5AKvdr8ulkOcOE4WTBSH9Us/os + keh40NpRPIgqHlIdDzzLsDGmp+wxCL2A4TDt+0DWHFDHYo65Fj7jDAWCB0GcVryET0mPyaVaqPGV + L/wcIDxhgeQCkg8cW5tZrJb9XCp0E4l8Jld3iXV6WZ4MV2MSLGN10hYlHWS/JFvrI4AzgDgeIspV + kg/3O4bQfUg/FF+4pWWlGCXO72ehp512E6o9UfvshzoEkYW1MwplGMBlBkKiFw+563nMvYxkvkUs + VDcMBd5DKKRYC6fvSCqcDDH1vwSFFo0j2gwpxo+5mIeLE3Z88jRHDGfRsIrbjajx2ojhDpohhjsA + YriDlyJGo83iGWI03a5WHfzWiNF7R4w3QAzn/0KMXiW6BzGedyKsbZ0Iy9lG6JYEql6yBCGjWiLU + oqmxtivWOqGq7ss1bWPcVu23q46UitqASoUN/a96UVUfpWpfpfl8zqlM/LCz8iEDUs8nShoWlFT5 + XyD+qKt0Lc67U+50hHXfd9rdeyjkugPLtntUv1ZMmGEHmyTvXgpBsQ3OpQ6Gbjh+jh55GhM40qA7 + W8XKGdJE9arYTJSrZbuya9mWI6227Nhi0PM6Xte1vH5XiDbvTS3ZvxDnapSjzuWRfYVvIWfM+UIX + coZRPErNPDUeYRHDNqGiMIv0IpMZMecpWQzyCsD5LMXlaGz0zHhB+tfbzoevcb1vffga1/veh64x + cEcUTWHdglk9loz1axzKJ6rcitZtgV13KPrB/iVPolie3QGHPGpc6sSjty+gVplM8+h3Trp7k2i4 + fYeCpk7/AwAA//8iP9JHiwJ6uJimRQEAAAD//6KBi+lYFMCbGUAnpkNyXDVo4hbKNgCam1+SCJ12 + Rm924JrlMYDP8qBLwOdM0CXgzbTUvLLMovw8SEMIOoRcCl1fAOES49Ky/BLqzaVBDIMbCrQpI7E4 + LB88zwCbvgMmIYiTq2FMaOlKtgPAazH0YebqKOUmVgSlFpfmgAxG8ix4hqCoxLEE4nHQTCVoFgHk + dbg4qmYjFN1QDWDX1tbWAgAAAP//AwC9H+09ziIAAA== + headers: + Atl-Traceid: + - cd2d7090d83fae52 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:20:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0f59e5ca-cd71-428a-ab88-0cd6e49e401e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c6713a73-a29a-4b79-a3c9-7a67a832ab35 - x-envoy-upstream-service-time: - - '161' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml index 637a4eefb8c..851095b8d61 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmk2W3EQPKrIK7Z5EJEknWEmb0qbCsux/N8HFj9vwzvPM - y5yI0QseZk8UeY9xWtRm06FDG7vwEaiOXi9Lr0c6YiQF+cR56cOY4AqgokChbPbXz83dU/u73a+D - SRNRLxkqoIDXgnQ4+XAccIztccJ04MaHtUuSWXvffStEZWErL+GtjhlkwKoSeMlkW3EFlao5BYAr - YADJX3BOvW0//GN3bcVUvVVcUMHrH9YO96MLCZRsJ8XWGW1rrDUKsE5IYTqjJTgLoDmX0mD9pyD6 - 3PDQz5rkd5xefXwMVuf4RPxlIji+HRpyPn8BAAD//wMAZbjZcVoBAAA= - headers: - ATL-TraceId: - - 958b7ed8dcc66b99 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqkJEK+Q/bjw/O+ATWJeWmMMYUvGGsxqJBLCvJatpLVHXPeamxqP8WRLs2 + PA6zhPUdIxcbn3wv1/gE9jKBdm/7HZzPXwAAAP//AwDjNJ+nWgEAAA== + headers: + Atl-Traceid: + - c59205fd9dd3976b + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 410fb8bd-aa49-4ab0-b33e-f2e93b3b4957 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - e8ded09b017ba62f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7c9284fb-e1fa-43bd-9b5a-27b4385c4d00 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '124' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6ab05284-68dd-4ea4-9cde-75047df5ece9 - x-envoy-upstream-service-time: - - '70' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 3c3a33e0585f03f2 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 800ccb36930151ac + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0a8a6301-5092-4971-8452-6c21116168e8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '196' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 15379b74-a329-41af-aa18-8e5453a0bd75 - x-envoy-upstream-service-time: - - '121' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/228] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2860]\n*Defect Dojo - link:* http://localhost:8080/finding/2860 (2860)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/285]\n*Defect Dojo link:* http://localhost:8080/finding/285 + (285)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2859]\n*Defect - Dojo link:* http://localhost:8080/finding/2859 (2859)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]\n*Defect + Dojo link:* http://localhost:8080/finding/284 (284)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '3308' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11101","key":"NTEST-912","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11101"}' + string: '{"id":"11796","key":"NTEST-1458","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11796"}' headers: - ATL-TraceId: - - d2e359df7136c901 - Connection: - - keep-alive + Atl-Traceid: + - cb5a4141c00d5485 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b42eab04-9c5b-4fb9-9f20-6c64f8c98c5b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '615' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0adcb97f-3622-4f76-b65c-409d0a43099c - x-envoy-upstream-service-time: - - '554' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-912 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1458 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW292HEcdJkPBSWhTSo2TfCAMc0hr+YJ0p7k72aYh/727 - JwkTgikhNR90d9K+Pfvs3vLZg3XFZeYlngaZgYbslYAiMz3JSzA9ky6g5D1VgeZWKGl6kAlbguW9 - dMFlDoXKe0vQBt9BNoVKgwFpm2+9nidIcxRFYYQbA8UctwtrK5MEQQZzSG2mPimf24IbI7j0JdgA - ddiAVyKIA2FMDUGn4AIuUf5wNjme9V9EMZ7MnbNe8tkzaLQ2KbeQK33ZOJfhDgXiMI764bAfj2dR - nAyeJcPn/mg0/iWMw5B8JBv2sgKn5pE+knwQhWFIXjVRt5sMTKpFRYjg6S4zJS+KHsuEsUKmllUC - UmBqzlZKX/gknSr5ThcP8cJAWmsIlgJWfMkt1y+N+Ad2SkxSXT5pjg6ynSgcRON2O0NHdzYh9zxK - NNqacXNBOarPLa2SOS8M9LxOh5c4JV96nhVIjAqT7CWyxki8SqtP6N4j0WulHXYuGx12tLmR8I2n - 76SwFhUQv1ppCuoP961Rc7vimgIzoqwKgQzJbkWD4DrKDMfr4fgh7rYwt8ZapCtBwOLvJs7D8Dla - jofrePhoxS6FjiVPTPu8x1Y0WkejH7O17oy1i3usDeL1IP4xay05TbfYau3LF6rv9fumu2DGTk4x - g3muIce6/oaGyClV1E2ZNSdpbawqXYs4Qwvx820vxt/qaFpHc0qF6dqfl/Sjtl8Qg7VIG3Ofvzkj - fqH7ZqHqItsXpir4ZctCPF5xi321aVvfXzFNT7zugkGjTVM5uOWeqgkV5+kHOhAy9xKrazKNOu17 - bBdUFC0YGjBWqrq7+mQ8iro+eRu1cBuc0bYX8bYXg00vEUoLe/lIaDrxwHXhh/dRUfIcTEASplMi - 8GAh8oVvlvmm+bzBk65LxZ4D9ByonRA5b4VFdXlnvNE2JkZjCnzBzaQS6VshL9xlvA8V3c0y7Sjk - iLVy765PpJITvJr5eQFT4KahpW5X3tHbd68PDs/eHuxNDo8nZ5Pp9K8phoElZDBy/GC2AHaEfVNa - RnaZMEzJ4pJhTYqClDKr2O9Cc3akocS6ZbVBzvmuSm9H8QIVhlciDIdznXi3ihaxzYXkBWYNYd9U - Gb27fdZOFi28jvgFetf1AkxgLuH667qiqn0Ak5tZ4ZEca4Sv76uvr/fvo92GVr/x9AJHqY5ZnfLG - 1l471PyQw91k1JQGGom761XCiqpbFUofNt6cFzX0c40tazMeKLavmmSrssJhT9o2C/fl9GtwPsqb - f7ss16quaPJ5JWSGTcowZD47B5Csqs0CMse5g+kuPc+BCbkkA0SkjOHQyvB2gCwhZYvYZ69J3Uf5 - 1D2fJuzkWq2QCZMYvRXcKp2E/jN/cEUQIoKFSnmxUMYm43AcBvNG5sz5FsTx+BSl2ckxXWfYWNgb - tepbdbfwKQvYSWQs+7vm2oJmE5ljdZWI1T0Ch0d/st0aS5cdp1xu+bCB7OqKHQPWBDmC6733E/f4 - 0Dy6vNCmvTRpORMWq5dEHQ9whYoY9TF2xU5QRz/Giu3jeBdHzjrxKl2CXwqrwVc6D9Jc9M+FpFOi - g4/7l7TY+Vr6lBQOwnCjZXVTCxYnJ8IKnN+oqAP81F/YsiC5TXpw4xJEymL8TSGvC45grumfCxfV - PkjBC2LOMeilwPG5z346vNbQY08K++sOqhn54c9bEEX1u3hVL6FHYLkxkd2FzAhjezZ48UhkWmmH - zPDhyAz/E5n/D5V/AQAA///sWetP2zAQ/1esSUhQLWmTNulDQowJJiENhPZgEvtSY6dNpjaJ8ihf - +OP3O9t5UChsFTAmoVZtYt8553v8znf5E60gqj5mPBZh9xufTzrsDI6mR8toIU+O2kPwQ+yMQjls - DVef0LHrcFf3ffs5zVzFc9cd+RRFnSMFmMCyXwmjVAIRH2dku/S7B/Yq/MBGfkLb/XGMm5/4s7Zx - fVrhQq/wlJHYKPyiXMQo3imD1wjRRkPoVDlVwwEd1ajdAbpWksQJ4NzgoB0lXS5XUQ7kDygZDgHo - M1ItHKbK2mS5afOkKcP5gq0aeYDqmbF60Fhd1lbPjdV5USA95u/ZdRiJkOGMPZ8DXUtshqUcz4rn - jDMUAwKMOLOIjM9IjumhEEFaWJ95PC8BxFMWBlyCc8WR4Gy9W9ZS0Gkiy0XQ1s7t+aoUmbQ9DyTn - 6gQuq3lMz6tp5/YKoAzBjsFK7xOzdWLhSl51eUsE8jH6IQ/DLW0rxyppebWIhDLZaaTyorHYd3UQ - Iv0aU2hRGKy9wESmtt45WaZcFER/lrBI3TDUa6tIBlIRfC2CNNdWwrgsRaCJTaB/QSjhwAhZ/sZL - FGOaUH4kr9/lchnFe2x372aJk2aRTGrfvRcqnh0mvPGWMOGNCSa88aMwsU0euAMTT5OWmqB/IZjw - 32DiBWBi8J/DhG8YH4GJuz0JZ1NPwhlsmvDa9WeRwYNUu4S6N2ukvZp0faKu86sdbSLcVPf36g6U - cuKQSoZ7Wwq9cU3YrqnX6668XC45FYzvHqyBSIHU/UmyLUtL6gEcwB2p43Qi970ZH/SlczUa9Lwr - SDscjh3X9amSrYnwhAfIArLuoZTk6qBsZLBMJ/FDcs3zlECOFn2wnatbkDbqWEVmo3Dt6suu57jO - IHB6Qd+VY1/0hTd0xMiTssf9mROMDuS+WmWnf7jjfsJX81lLHpuCzrL0UG6XuXUNjViuTd5v62gj - lVkp5zlpDPwK0fkix+XRueXbaUzyr/eJX7/E693m1y/xesf6tUsM3JG6X2yaMe2jyLl51ULxRFWa - butq7LoE4IL8uMySNOheAocEdSpN4NEbEszWkUzPMe96TB8nM3D7BgUvb/R/CQW/AQAA//8i18Wj - RQGtXUyHogAAAAD//4IVBejNDGA7Sqm6FqQH1swAuj0dkhWrQbOuULYB0ML8ksQcIAuLKbgmggxw - TQQZwCeC0CXg7bfUvLLMovw8SAsJOspcCp3ph3CJcml+LsSEahgTWgqSUfIhrVHQh5mro5SbWBGU - WlyaAzIYyW7wmH5RiWMJxB1l+SVUmweEmAU3E2hVRmJxWD54RgQ+85hfBJ5nANkIdweqY41QXAvV - AA6d2tpaAAAAAP//AwC8AoqdMCIAAA== - headers: - ATL-TraceId: - - c5d25eca8d1d9071 - Connection: - - keep-alive + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SZbkdnJdFxbSdy6risryYPj8cDkikQMAgwA6tI4/94F + SErxRZnYncZ+IAlgb2fPLlafPFhWVGRe4ikQGSjIXjLgme4JWoLu6bSAkvZkBYoaJoXuQcZMCYb2 + 0oKKHLjMe3NQGvcgm0ClQIMw7dm01kaWM6vwMgrDKPQVfKxBm+mqglNFU8NS8Hoes/aj6PneED80 + 8Bl+FsZUOgmCDGaQmkx+kD41nGrNqPAFmAAtmYBWLIgDpnUNQafgGlYofzIdn0370c7uCJecC9pL + Pnkafat1Sg3kUq2aGDL8Qok4jON+OOpHe9MwTOIoCQf+7nD35zAOQ+ukNWLQcafmiU5a+QChCON1 + 2O1HBjpVrLLA4eo+0SXlvEcypg0TqSEVgxSInJGFVNe+lU6leKP4I72oBbPpovySzqmhKpgzWATO + rY2D7VYUDqLRr5r9Ay9KTHtdolVLCzQ5pfra5qq+MvYtmVGuoec1gkcYl5PteQVD4qi0WB3DHNDX + 8HPPMwyZVSFLvETUGKN3hyaDsNuolPyAET0R8Fbawe0S2MFtP74gySaqN4IZgwq0t7ZtmfqHO6vl + zCyosnzVrKw4Q4ezO5FjPhzLdkbLndEj3f1KZrpI1nnZCZ+jG/HOMt75f6002XdcRIPRcBkNv4fB + ZWdxEC8H8few2BL88+f7dIy28TTuNmZs+bbpgZj98wtkQ54ryLGt3OM6+il53VT5g1rj59s2Rts2 + 9u4rb1pas2obhuveXtKP2j5m4VIsbfz4dG/NkhiR0IWseXbIdMXpqqU6LiPu5i1iaunfmqAGL4qm + wT6+UJv2vWnYQaNO2TJ0rweytgg659/ZBSZyLzGqtt6kCjBYW9sPNfBoL+wa+F3Y1m3m7sa2hMfr + hN/dGGw6FpOKmdUTkejEA3c9fHuDZyXNQQdWQndKGC4ULC98Pc83Le41rnS9MPZcMq/ANi1L27v3 + 9XBLvNE2jkYjG3hB9bhi6TET1y/tziFUdrYQacchx6yF21uvCCnGOFrQKw4ToLrhpWrfvNPjN6+O + Ti6Pjw7GJ2fjy/Fk8tcEw8Di0hg5HpgWQE6xOwtDrF3CNJGCrwhWOuNWKTGS/M4UJacKSix1Umtk + mP9QxUdYUF54w8JwVM4Sr7mxMEmI8qaqbpU44p0zQfndQ+1k1MLreM7Ru65LYAJzAevTdWXL9huY + 3AwxT+RYI7y+FW/PHY+j3YZWv9H0GkfBjlmd8sbWQTtt/SeHu5GtKQ00EneXuICFrW7JpTppvLni + NfRzhT1rM7BIciibZMuywmFVmDYLX8vfbXDeiy//90muZF3ZkewlExm2JE2Q+eQKQJCq1gVkjnNH + k337vALCxNwasKTJCA7dBO8NyBKrrIh98sqqey+eueezhJyv1TKREIHRG0aNVEno7/qDGwshIshl + SnkhtUlG4SgMZo3MpfMNk3yBwuT8DNLa9hXyWi76Rj4se0ECch5pQ/6uqTKgyFjkWFwlQvUVgZPT + P8l+jZVLzlIqthxsELu5IWc4BjpH8P3g7dg93jWPLi32o71N7euUGSxeK+pogG+oiNg2Rm7IOero + x1iwfZw348hZt7QS88wXODn7uZwH85oLJJrBRhDcPn9hVQzCcC2XLsAvmVHgS5UHWI3UMpThWGir + OMCjfmFKbuU2+cAPlxGrLMa/CeQ1pwjf0v4acnEcgmCUW6qcgZrjjx7SJz+erDX0yA/c/PIC1Qz9 + 8KctGKL6fbyc59Cz8LjpkzyExRBj2x3sfTMW/wIAAP//7FnbbtpAEP2VVaVUgGKDjW0IVZQi0UiR + mgo1ah/SFxbvAq4AW76Ql3x8z6zX5hIuLVEQlSIQ2N6Z3dm5nNkZa3qlC+fvdeEc1MVp9YDAKZyr + U1M6oWes1ssk6yHi8PBBRqnJrNYlI3xl6+FcfCaWWcazum+ab2nWImDrdttFmNR6ChCBVb9DRqkC + Yh/kYxX8VLcpYP/2WQ2xh4Ff+DOOCgOsCS9SU7wuENdtUHsIsxjavA2mEkAoc41/HKefuO9jF+py + 6XQrjL0lYNcArKUYIZBcY6AZhHUuFkEC0JeUB1vA8hFpHY5UJGyy6WC5woDhaMFIfpSz+jARa3/Q + 0pE/iNIfEu0PPE2RGZNL9jQJ/AnD+Xo8BrJmgDoWcaw1HzPOUCH4YMRxxY/5iOQYdNVGja98Ps4A + wgM2kVyAc8GR28x8t+znUqD7UGRTuZom1seL+qSz6pMg6aujtijGMTwuhq31GUA5ATsewstVkHcO + G4bQvUM/5F+4pW0lmCXKhtPA10a7D1RS1Db7oU5BpGFtjFwYBnCZYiDWmwff3Szifko830IWqBuG + Cm8RCCnW3Ok7ggpHQyz9L06hWaOQkiH5eIWLWTCvskr1eQYfTsNO6bdbUePNEcM5EjEcQgzntYhx + VLJ4gRjHpqtVA58aMbx3xDgBYjj/F2J4JesBxHjZirB2tSIspxigKiWN4Rmq9UHNmU1Sd8ccjZ0D + ZXlf7GkX4a5yv7GrJdUoW1LKnSdUQ2zpjG2WW0k2m3GqEz/sLX1IgdT0CeMjK0oq/W/gf9RWuhPX + 7og7TWEN207DHUL6VuvKsm2PCtiSCCvsIZNk3a4Q5NugXMpg6I7j5/CJJxGBI026t1esjCFNlK+K + zES9WvQrXcu2HGk1ZNMWV57f9N2W5bddIRrcG1myfSOu1SwXze6FfYtvzmfM+FwXcoaRP0rMLDGe + oBHDNiGiMPPwIpUZEecJaQz8CsD5NMFlr294ZjQn+Tf7zucv8Wbj+vwl3mx8n7vEACSR94l1D2b1 + WNLX73Eonqhyy3u3Oag9ougH+ZcsDiNZfwQO+dSg1IFHr18wWkYyraNfOun2Tazh9h0KjjT6HwAA + AP//oiDSR4sCeriYlkUBAAAA//+ihYvpWBTAWxNAJ6ZDclw1aOYWyjYAmptfkgidd0Zvo+Ca5jHA + Nc1jAJ/mQZeAN9NS88oyi/LzIO0d6BhyKXSBAYRLjEvL8kuoN5kGMQxuKNCmjMTisHzwRANsRg+Y + hCBOroYxoaUr2Q4AL8bQh5mro5SbWBGUWlyaAzIYybPgKYKiEscSiMdBU5WgaQSQ1+HiqJqNUHRD + NYBdW1tbCwAAAP//AwBnmQ4azyIAAA== + headers: + Atl-Traceid: + - 1f2a7941a49a4f11 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 93bc79fb-83d6-4325-a133-3829cac9c511 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '279' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e4df47a2-75c2-44ce-b42a-1df1cad0d4d2 - x-envoy-upstream-service-time: - - '144' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW292HEcdJkPBSWhTSo2TfCAMc5bW8gX5TnN3sk0D/727 - JwkTwJSQmg+6O2nfnn12b/nqwbrkMvMST4PMQEP2RkCRmY7kCzAdk85hwTuqBM2tUNJ0IBN2AZZ3 - 0jmXORQq7yxBG3wH2RhKDQakrb/1Op4gzVEUhRFuDBQz3M6tLU0SBBnMILWZ+qJ8bgtujODSl2AD - 1GEDXoogDoQxFQStgnO4QPnDyeh40n0VxXgyc856yVfPoNHKpNxCrvRF7VyGOxSIwzjqhv1uPJxE - cdJ7kfRf+oPB8JcwDkPykWzYixKcmif6SPJBFIYheVVH3WwyMKkWJSGCp7vMLHhRdFgmjBUytawU - kAJTM7ZS+twn6VTJD7p4jBcG0kpDsBSw4ktuuX5txD+ws8AkVYtn9dFBthOFvWjYbCfo6M4m5I5H - iUZbE27OKUfV1NIqmfHCQMdrdXiJU3LV8axAYpSYZC+RFUbilVp9QfeeiF4j7bBz2Wixo82NhG88 - /SCFtaiA+NVIU1B/uG+NmtkV1xSYEYuyEMiQ7FY0CK6jTH+47g8f424Dc2OsQboUBCz+buLcD1+i - 5bi/jvtPVuxS6FjyzDTPB2xFg3U0+DFb69ZYs3jAWi9e9+Ifs9aQ07SLrdaurqi+1x/r7oIZOznF - DOa5hhzr+g4NkVOqqOoyq0/Syli1cC3iDC3EL7e9GN7VUbeO+pQK07U/L+lGTb8gBmuR1ua+3jkj - fqH7Zq6qItsXpiz4RcNCPF5xi321blvfXzF1T7zugkGtTVM5uOWeqggV5+knOhAy9xKrKzKNOu1H - bBdUFA0YGjBWqrr7+mQ8iNo+eRu1cBuc0bYX8aZlCKWFvXgiAq144Jrt49ulWPAcTEASplUi8GAu - 8rlvlvmmx7zDk7YZxd7V3VB6bSgFnwK1EyLnrY+oLu8FItrGxGhIiMy5GZUifS/kubuM96Gku1mm - LYUcsVbu3fWJVHKEVzOfFjAGbmpa6mblHb3/8Pbg8Oz9wd7o8Hh0NhqP/xpjfFhCBiHBDyZzYEfY - N6VlZJcJw5QsLhjWpChIKbOK/S40Z0caFli3rDLIOd9V6e0oXqHC8FKEYX+mE+9W0SLouZC8wHRi - PjZVRu9unzWTRQOvI36B3rW9ADObS7j+uiqpah/B5HpWeCL5auHr++rb6/37+Ljh2288PcdRqqVc - q7y2tdcMNT/kcDsZ1TWDRuL2epWwoupWhdKHtTfTooJurrFlbcYDxfZVnWy1KHHYk7bJwkM5/Rac - z/Lm3y7LtapKmnzeCJlhkzIMmc+mAJKVlZlD5jh3MN6l5xSYkEsyQETKGA6tDG8HyBJSNo999pbU - fZbP3fN5wk6u1QqZMInRW8Gt0knov/B7lwQhIliolBdzZWwyDIdhMKtlzpxvQRwPT1GanRzTdYYd - h71Tq65V9wufsoCdRMayvyuuLWg2kjlW1wKxekDg8OhPtlth6bLjlMstH9aQXV6yY8CaIEdwvfdx - 5B6f6kebF9o0lyYtJ8Ji9ZKo4wGuUBGjBscu2Qnq6MZYsV0c7+LIWSdepUvwF8Jq8JXOgzQX3amQ - dEp08HH/mhY730qfksJeGG60rG5qweLkRFiB8xsVdYCf+nO7KEhukx7cuASRshh/Y8irgiOYa/rn - wkW1D1LwgphzDHopcHzusp8OrzV02LPC/rqDagZ++PMWRFH9Ll7VS+gQWG5MZPchM8DYXvRePRGZ - Rtoh0388Mv3/ROb/Q+VfAAAA///sWetP2zAQ/1esSUhQLWmTNulDQowJJiENhPZgEvtSE7tNpjaJ - 8ihf+OP3O9t5UChsFTAmoVZtYt8553v8znf5E60gqj5mPA7C7jc+n3TYGRxNj5bRQpwctYfgh9gZ - hXLYGq4+oWPX4a7u+/ZzmrmK56478imKOkcKMIFlvxJGqQQiPs7Idul3D+xV+IGN/IS2++MYNz/x - Z23j+rTChV7hKSOxUfhFuYhRvFMGrxGijYbQqXKqhgM6qlG7A3StJIkTwLnBQTtKulysohzILykZ - DgHoM1ItHKbK2mS5afOkKcP5gq0aeYDqmbG6bKwuaqvnxuq8KJAe8/fsOoyCkOGMPZ8DXUtshqUc - z4rnjDMUAwEYcWYJMj4jOaaHQSDTwvrM43kJIJ6yUHIBzhVHgrP1bllLQaeJKBeyrZ3b81UpMml7 - HkjO1QlcVPOYnlfTzu0VQBmCHYOV3idm68TClbzq8pYI5GP0Qx6GW9pWjlXS8moRBcpkp5HKi8Zi - 39VBiPRrTKFFYbD2AhOZ2nrnZJnyoCD6s4RF6oahXltFQgpF8LWQaa6thHFRBlITm0D/glDCgRGy - /I2XKMY0ofxIXr/LxTKK99ju3s0SJ80imdS+ey9UPDtMeOMtYcIbE0x440dhYps8cAcmniYtNUH/ - QjDhv8HEC8DE4D+HCd8wPgITd3sSzqaehDNol5lFBkdRXRFq0qyTehvW6G2c2FTn9+o6v9rqJsK6 - A7U+Ma4mlHeHVEvc0whbr7vycrnkVDC+e7AGIgVS9yfJtiwtqQdwAHekjtOJ2PdmfNAXztVo0POu - IP1wOHZc16dKtibCEx4gk2TdQyHI1UHZyGCZTuKH5JrnKYEcLfpgO1e3IG3UsYrMRuHa1Zddz3Gd - gXR6su+KsR/0A2/oBCNPiB73Z44cHYh9tcpO/3DH/YSv5rOWPDYFnWXpodwuc+saGrFcm7zf1tFG - KrNSznPSGPgVovNFjsujc8u305jkX+8Tv36J17vNr1/i9Y71a5cYgCR0v9g0Y9pHkXPzqoXiiao0 - 3dbVoHYJwAX5cZklqexeAm4CamGawKM3JJitI5meY971mD5OZuD2DQpe3uj/Egp+AwAA//8i18Wj - RQGtXUyHogAAAAD//4IVBfDWBNCJ6ZAcVw2aXIWyDYDm5pck5gBZmA0mA2CjS6m6VglTAtdEkAF8 - IghdAj6tgi4Bb7+l5pVlFuXnQRpC0FHmUuhMP4RLlBfycyEmVMOY0FKQjJIPaY2CPsxcHaXcxIqg - 1OLSHJDBSHaDx/SLShxLIO4oyy+h2jwgxCy4mUCrMhKLw/LBMyLwmcf8IvA8A8hGuDtQHWuE4lqo - BnDo1NbWAgAAAP//AwClzCdWMCIAAA== - headers: - ATL-TraceId: - - d7c9d805c3b0b0ca - Connection: - - keep-alive + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SZbkdnJdFxbSdy6risryYPj8cDkikRNAiwA6tI4/95d + XqREtjKxO439QBLA3s6eXaw+OLAsuUycyNEgE9CQvBSQJ6YneQGmZ+IMCt5TJWhuhZKmB4mwBVje + izMuU8hV2puDNrgHyQRKDQakbc/GlbGqmJHC68D3A9/V8HcFxk5XJZxrHlsRg9NzBNkPgucHQ/ww + kM/wM7O2NJHnJTCD2CbqL+Vym3NjBJeuBOuhJevxUnihJ4ypwOsU3MIK5c+m44tpP9jbH+FS7YJx + og+OQd8qE3MLqdKrJoYEv1Ai9MOw74/6wcHU96MwiPyBuz/c/9EPfZ+cJCMWHa/VPNFJkvcQCj9c + h91+JGBiLUoCDlcPmSl4nvdYIowVMrasFBADUzO2UPrWJelYyTc6f6QXlRSULp5f8zm3XHtzAQuv + dmvjYLsV+INg9LMR/8CLAtNeFWiVaIEmp9zcUq6qG0tv0YznBnpOI3iCcdWyPScTSBwdZ6tTmAP6 + 6n/sOVYgs0pkiRPJCmN0tmgy8LuNUqu/MKInAt5K13DXCezgpo9PSLKJ6o0U1qIC46xtE1N/q88a + NbMLromvRhRlLtDhZCtyzEfNsr3Rcm/0SHe/kJkuknVe9vzn6Ea4twz3/l8rTfZrLqLBYLgMht/C + 4LKzOAiXg/BbWGwJ/vHjfToGu3gadhszsXzb9EDM/uUVsiFNNaTYVu5xHf1UedVU+YNaw+e7Nka7 + Ng7uK29aWrNKDaPu3k7UD9o+RnBpETd+fLi3RiRGJEymqjw5FqbM+aqlOi4vuMVroWmnjy/Lpllv + 2rPXqNNUdPXrkaoIr9rVd7QgZOpEVldkG5Xat5hPKr0WDQ0YLNX2Qw08OPC7Br4N27rNbG/sSni4 + Tvj2xmDTsYTSwq6eiE0n7tXXw9c3eFHwFIxHEqZTInAhE2nmmnm6aXGvcaXrhaFTA3oD1LSIttv3 + 9XBHvMEujgYjCjzjZlyK+FTI25e0cwwlzRYy7jhUM2tR761XpJJjHC34TQ4T4KbhpW7fnPPTN69O + zq5PT47GZxfj6/Fk8scEw8DiMhg5HphmwM6xO0vLyC4ThimZrxhWushJKbOK/So0Z+caCix1Vhnk + nPtQxQdYUI5/J3x/VMwiZ6ucEdtUSJ5j1hD2TZnR3vZaOxm18NbMz9G7rktgAlMJ69NVSWX7FUxu + hpgncqwRXt+Kn88dj6Pdhla/8PgWR8GOWZ3yxtZRO239J4e7ka0pDTQSdpe4hAVVt8qVPmu8uckr + 6Kcae9ZmYFHsWDXJVkWJw6q0bRa+lNPPwXkvP/0/ZKlWVUkj2UshE2xShiHz2Q2AZGVlMkhqzp1M + Dul5A0zIORkgIiUMh26G9wYkESnLQpe9InXv5bP6+Sxil2u1QkZMYvRWcKt05Lv77uCOIEQEcxXz + PFPGRiN/5HuzRua69g2TfIXC7PIC4or6CnutFn2rHpa9Yh67DIxlf1ZcW9BsLFMsrgKh+oLA2fnv + 7LDCymUXMZc7DjaI3d2xCxwDa0fw/ejtuH68ax5dWuijvU3pdSosFi+J1jTAN1TEqI2xO3aJOvoh + Fmwf580wqK0TreQ8cSVOzm6q5t68yiUSzWIj8D4/f0UqBr6/losX4BbCanCVTj2sRk4MFTgWUhV7 + eNTNbJGT3CYf+FFnhJSF+DeBtMo5wrekX0N1HMcgBc+JKheg5/ijh/XZ92drDT32XW5/eoFqhq7/ + ww4MUf0hXs5z6BE89fTJHsJiiLHtDw6+Got/AQAA///sWdtu2kAQ/ZVVpVSAYoONbQhVlCLRSJGa + CjVqH9IXFu8CrgBbvpCXfHzPrNfmEi4tURCVIhDY3pnd2bmc2RlreqUL5+914RzUxWn1gMApnKtT + UzqhZ6zWyyTrIeLw8EFGqcms1iUjfGXr4Vx8JpZZxrO6b5pvadYiYOt220WY1HoKEIFVv0NGqQJi + H+RjFfxUtylg//ZZDbGHgV/4M44KA6wJL1JTvC4Q121QewizGNq8DaYSQChzjX8cp5+472MX6nLp + dCuMvSVg1wCspRghkFxjoBmEdS4WQQLQl5QHW8DyEWkdjlQkbLLpYLnCgOFowUh+lLP6MBFrf9DS + kT+I0h8S7Q88TZEZk0v2NAn8CcP5ejwGsmaAOhZxrDUfM85QIfhgxHHFj/mI5Bh01UaNr3w+zgDC + AzaRXIBzwZHbzHy37OdSoPtQZFO5mibWx4v6pLPqkyDpq8O3KMYxPC6GrfUZQDkBOx7Cy1WQdw4b + htC9Qz/kX7ilbSWYJcqG08DXRrsPVFLUNvuhTkGkYW2MXBgGcJliINabB9/dLOJ+SjzfQhaoG4YK + bxEIKdbc6TuCCkdDLP0vTqFZo5CSIfl4hYtZMK+ySvV5Bh9Ow07pt1tR480RwzkSMRxCDOe1iHFU + sniBGMemq1UDnxoxvHfEOAFiOP8XYngl6wHEeNmKsHa1IixntbpMY3iGaoZQc2aT1N0xR2PnwK7y + vlGW98VmdxGWLSnltRMqFbY0wDarqs1Zyv5Vks1mnOrED3tLH1IgNX3C+MiKkkr/G/gfNZruxLU7 + 4k5TWMO203CHEKjVurJs26MCtiTCCnvIJFm3KwT5NiiXMhi64/g5fOJJROBIk+7tFSudSxPlqyIz + Ua8W/UrXsi1HWg3ZtMWV5zd9t2X5bVeIBvdGlmzfiGs1y0Wze2Hf4pvzGTM+14WcYeSPEjNLjCdo + xLBNiCjMPLxIZUbEeUIaA78CcD5NcNnrG54ZzUn+zb7z+Uu82bg+f4k3G9/nLjEASeR9Yt2DWT2W + 9PV7HIonqtzybm4Oao8o+kH+JYvDSNYfATc+NSh14NHrF4yWkUzr6JdOun0Ta7h9h4Ijjf4HAAD/ + /6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwJsZQCemQ3JcNWjmFso2AJqbX5IInXdGb3bgmuYxwDXN + YwCf5kGXgDfTUvPKMovy8yANIegYcil0gQGES4xLy/JLqDe9BjEMbijQpozE4rB88EQDbEYPmIQg + Tq6GMaGlK9kOAC/G0IeZq6OUm1gRlFpcmgMyGMmz4CmCohLHEojHQVOVoGkEkNfh4qiajVB0QzWA + XVtbWwsAAAD//wMA2AGd788iAAA= + headers: + Atl-Traceid: + - 2a872e24a49a6ffb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 424d74b8-aae2-4c33-a43d-3bec69645965 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '436' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 39705638-cbff-4c30-88de-a39399f414a8 - x-envoy-upstream-service-time: - - '156' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmzYlN9GDiqxCuycRSdIpVtKkNKmwLPvfTXDx4za88zzz - MieipMfDaogg7yEsXux2A46ow+A+HJXBSO8naanFQDLyiaufnI1wAVBQoJB3++vn7u6p/93ut1nF - iYiXBGWQwWtGBlyMO85oQ39cMB64MW4boqS2yQzfChFJqPklvJUhgSWURQ4sL3lfMAGFqBgFgCso - AaLvcY29/TT/Y9u+KEVVC9ZSBuyH1fO9HV0Eednyph6V1BVWEhvQY8MbNSjJYdQAkjHOFVZ/CoJJ - DQ/TKkl6Z5SbCY9OyxSfiLlMBO3boSPn8xcAAAD//wMAzMk5nloBAAA= - headers: - ATL-TraceId: - - 1a96397eee4725bb - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqsCKMVz9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwCdu7+bWgEAAA== + headers: + Atl-Traceid: + - 30a557dc93ece58a + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1b3ad3a5-f712-4e45-9cc2-5f3fac7b8c82 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a61811b5f764c1e2 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - daac94d6-b605-4ca8-a157-5dfd02d8f654 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d40aca3f-7221-4208-ba40-2e80a576363c - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,110 +549,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 45f277d6d16ec2bd - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 036e50c049ffff2c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 35a938a6-15be-4b9e-a2b3-c568ba762911 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '188' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - da5cf67f-d345-4660-b20e-95d3ad82882a - x-envoy-upstream-service-time: - - '98' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/229] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2863]\n*Defect - Dojo link:* http://localhost:8080/finding/2863 (2863)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]\n*Defect + Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -851,30 +669,30 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2861]\n*Defect Dojo link:* http://localhost:8080/finding/2861 - (2861)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + < 7.1.2)|http://localhost:8080/finding/286]\n*Defect Dojo link:* http://localhost:8080/finding/286 + (286)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -884,13 +702,13 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -903,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '7090' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11102","key":"NTEST-913","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11102"}' + string: '{"id":"11797","key":"NTEST-1459","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11797"}' headers: - ATL-TraceId: - - aaa654d3d8bb4dec - Connection: - - keep-alive + Atl-Traceid: + - 8474a1336ee726c6 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3f0991ec-bf40-4944-a63e-373087767457 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '662' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d7e29fcd-99c7-4cd9-b90d-f8c0aed20d9d - x-envoy-upstream-service-time: - - '524' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -959,109 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-913 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1459 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iILjDdDiattxxHBdo+4EyjLA3jooteSSZhBb+++36 - BVMgDKVhBq9W2vdnV/ruwLLkMnViR4NMQUP6TkCemoHkBZiBSeZQ8IEqQXMrlDQDSIUtwPJBMucy - g1xlg0vQBvcgnUKpwYC0zVln4AjSHASBH+LCQD7D5dza0sSel8IMEpuqr8rlNufGCC5dCdZDHdbj - pfBCTxhTgdcpuIArlD84nhwdD7eCEXJmtbNO/N0xaLQyCbeQKX3VOJfiCgVCPwyGfjQMx8dBGI/W - 42jLHa1v/OGHvk8+kg17VUKt5oU+krwX+H7tZxN1u0jBJFqUlBHk7jBT8DwfsFQYK2RiWSkgAaZm - bKH0hUvSiZIfdf4cLwwklQbvUsCCX3LL9RsjvsF2gUWqirWGtZduB/4oGLfLY3R0uw954FCh0dYx - NxdUo+rcEhXPeG5g4HQ6nLhWcjNwrEBglFhkJ5YVRuKUWn1F916YvVa6zl1djS53tLhT8N7Tj1JY - iwoIX600BfV3fdaomV1wTYEZUZS5QISk96LB5NaQicbLaPwcd9s0t8baTJeCEou/u3mO/E20HEbL - MHqx4rqENUrWTPt9wlawsQw2fs3WsjPWEk9YG4XLUfhr1lpwmo5Yae3mhvp7+amZLlixk1OsYJZp - yLCvH8AQMaXyqmmzhpNUxqqiHhFnaCHcXLUxfqijGR0NlxqzHn9OPAxwyS1OxWbo/Dzem4l2O8O8 - RpsmMNfkrqoopoDm0mdiCJk5sdUV3LSjipRpkTSRfn/AI8fwqJmrKk/fClPm/KptAGSjV/YTjgtq - ijYZGjBW6rrH5iTWpZuT97Pmr0pnsGoj7EeGUFrYqxfmsBP36mH7/HEpCp6B8UjCdEoEMuYim7vm - MutnzAfkdMModG4ehjLqQsn5OdA4IXDeO0R9+WgiglVIDMaUkTk3k1Ik+0Je1JfxWyjpbpZJV8e6 - uot675YjlZzg1czPc5gCNw02dEs5h/sf3+8dnO3v7U4OjiZnk+n03ynGhy1kMCV44HgO7BDnprSM - 7DJhmJL5FcOeFDkpZVaxv4Tm7FBDgX3LKoOodesuvR/FFir0r4XvR7NvsXOvaTHpmZA8x3JiPfou - o737vPZl0aa3RnqO3nWzACubSbg9XZXUtc9AcvNWeCH4GuHb++rH6/3n8Njj7U+eXOBTqoNcp7yx - tds+an7J4e5l1PQMGgm761XCgrpb5UofNN6c5xUMM41zo38eKPZWNcVWRYmPPWnbKjxV0x+T80Xe - /dthmVZVSS+fd0KmOOYMQ+SzcwDJysrMIa0xtzfdoe85MCEvyQABKWX4aGV4O0Aak7J56LL3pO6L - fFV/X8Xs5FatkDErs3jdDVz/mlKHmctVwvO5MjYe+2PfmzVnz2qfvDDcOkUpdnJE1xhOGvZBLYZW - PS58yjx2EhjL/qu4tqDZRGbYVQXm6AmBg8N/2E6FLcuOEi5XHGxSdX3NjgB7gRxBevfTpP58bj5d - PWjRXpZEHguLXUuidf2RQkWMBhu7ZieoYxhipw6DDX8c1tYJT8kluIWwGlylMy/JxPBcSOISDFxc - vyFi+0fpU1K4FfVKFneVYE9ywqnAZxv1srcVuXNb5CRVZvivLgupCPE3hUJZwKBSYJMlZp9k2JD9 - dpgN2FpuX7PQDQI3ZGwts6+32cj1UbjeGLkbbsS6jajfiNx1d7Pjr/f8dRd1dfyNnk/kes8n71p+ - 4G70/LDnh3fPj3r+yB31/KjnR30Am71dIu/wb+0SGf6+AiGYuB289y9hQMWvn7vssUpvrqr0/wAA - AP//7FjbTttAEP2VkZCQkwZHSQptg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQWvUB - gpLYs7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn1u3q - Ne24hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3HxBR87 - j9+K7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3MoDAj1 - 3W4XwmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSwdmT8 - Lr1cUJLRFY5XPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhuMFKBEuF/pSw - EyGxo/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6OY1M - Tjjgh36YQA9YwefuMO4uzw6nGEjnHAzCw7k0g9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYMGLcy - CJcB3NrC+SJBPvF/mMS+SIthPBqNhjGf2Qq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTVuAFB - 3monh43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5knkXAh - 5500S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMDQ9aO - e58EJWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGWpc7i - wOmD/AUmqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAyS - QaVmYZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i60v2 - fx/Ko5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXelz946 - H5UP40MOVBmP4L5kepssgZbKd0sSrkowNxkvyhNKVfm6xGrBLPpq3aIyob9fVJcD+tPSAljiZJZ6 - fsE5O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3yGn8 - nHlhVCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3FjuBW - LAAAAP//7Jpfa4MwFMW/y6CPUaNG60PpCttgb33uW5rYDYZV/EO//u41MTNp7WCD4oPQB2luzG1s - Tk85v6vRxcWObZml3JYrs7TbcmWWeluuzNJvy5VZCm65MkvDLVc2VvHFxQ77tbjYYc7iYvuvw3xc - LNUTf3Gx10k7nUraaTw1wMapaltz8dVjBAgGOKWBKXUHTHo9fKKpwqk0OzBcBW9bLj4xELtBcbih - oXuXzPTRFQXHGPTpZrKHG4csQ1n/MShF27HlQiCB8S437MTjSNLjOg7YERpJ04yGYYLrmCJY4U5Z - jk91JyWs0UDlTw+oM8jFPJcX3lToUfGmd+EkBdR4H7Uqg9/+wleXPqMhjXMa5FEos0REgqVUrJmU - AU9ONF9v5aa/yyrarcI3eKl5pOBnHVMSot5qvK4hF9gREnr4rfeU0uGWkYrzBncM5vd+HE4VXL7s - SeJVZ+zfpZ7m37HLTs2/Y5e/mnvHoDdSIUgaLRj/j9xrcBDPE2ZbCnNSmnUAoYXy164uq9w/gP4I - BHL0wUPeD0bNScZ1NLmoqYRay+wiBY9/6IsUPKLj/0rBNwAAAP//oreL6VgUoLcggO0npepakB5Y - uwPo9nRIVqwGrSGGsg2AFuaXJOYAWVhMwbWs0QC+rBFdAr5IEF0C3m4Ddqkzi/LzIC0jiFBKKXTd - OoRLjEvLgG1fcpezoa9HhZgFNxNoUUZicVg+eF0dbBEpMGlBXFwNY0JLXbLtB6/w14eZq6OUm1gR - BBl2QfEreEVcUYljCcTfoIW5oFVzIJ/DxVE1G6HohmoAu7a2thYAAAD//wMAqwKyH/4wAAA= - headers: - ATL-TraceId: - - 0b92633ef032e4e4 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW61PcNhD/VzT+kOmkd37dgztnMh1KLgktpRRI8oEwjLD3fAq25EryPQr87931 + 45xAyAQ6DTeDpV3tQ7u/Xe21A+uCy8SJHA0yAQ3JawFZYnqS52B6Jl5AznuqAM2tUNL0IBE2B8t7 + 8YLLFDKV9pagDfIgOYZCgwFpm7NxaazK56TwIvD9wHc1/F2CsaebAo40j62Iwek5guwHwc50BzcG + sjluF9YWJvK8BOYQ20R9Ui63GTdGcOlKsB5ash4vhBd6wpgSvFbBFWxQ/vB0dnLaD4ajKZIqF4wT + XTsGfStNzC2kSm/qOyS4Q4nQD8O+P+kH01Pfj8Ig8sfuYCf82Q99n5wkIxYdr9Q80UmS9zAUfri9 + drNJwMRaFBQ4pO4yk/Ms67FEGCtkbFkhIAam5myl9JVL0rGS73T2SC9KKShdPLvgS2659pYCVl7l + Vudgwwr8QTD5xYh/4GWOaS9ztEqwQJOn3FxRrspLS6tozjMDPacW3Md7VbI9ZyEQODpebA5gCeir + f9tzrEBkFYgSJ5Il3tG5A5OB3zIKrT7hjZ4Y8Ea6CneVwDbctPkMJN2t3klhLSowztY2IfX36qxR + c7vimvBqRF5kAh1O7twc81GhbDhZDyePdPcbmWlvss3L0Cegh8N1OPx/rdTZr7CIBoPxOhj/CIPr + 1uIgXA/CH2GxAfjt7X04Bg/hNGwZc7F+X/dAzP7ZOaIhTTWk2FbuYR39VFlZV/lXtYY7DzEmDzGm + 95XXLa2mUsOourcT9QPccotNvW6Gjy+qutV2zdWr1WkqmWq5p0q6bUAN8wMRhEydyOoSbpseStq0 + iOsYXN+jkWd41CxUmSWvhCkyvmnKDMnoln2P+aTSa6KhAS9LtX2/gY/c6Y7fNvC7Ydu2mbuMhxIe + bhNeaKG0sJsnBrEV96pX4Pv7uMh5CsYjCdMqEUhYiHThmmXadbK3SGlbXujcB3U4aK+S8UugpkWw + vftejx8IRPAQRoMJRWTBzawQ8YGQV6+J8woKmi1k3Oaxyu6q4m0pUskZjhb8MoNj4KbGhm5WztHB + uzf7hxcH+3uzw5PZxez4+M9jvB8Wl8GQ4IHTBbAj7M7SMrLLhGFKZhuGlS4yUsqsYr8JzdmRhhxL + nZUGUet+reIDLCjHvxG+P8ll5NwpZwx6KiTPMJ2Yj67MiHeX1kxGTXgrpGfoXdslMLOphO3psqCy + /Q4k10PME8FXC29fxS/njsfhscPbrzy+wlGwhVyrvLa110xb/8nhdmSrawaNhO0jLmFF1a0ypQ9r + by6zEvqpxr7RDSyKvVJ1slVe4LAqbZOFb+X0y+B8lJ//dlmqVVnQSPZayATbnGGIfHYJIFlRmgUk + Feb2j3fpewlMyCUZICAlDIduhu8GJBEpW4Que0PqPsrn1fd5xM62aoWMWJFGIzdw/RsKHUYuUzHP + FsrYaOJPfG9en72ofMJR+ByF2NkJxCU1GvZWrfpWfV32nHnsLDCW/VVybUGzmUyxqHIM0TcEDo/+ + YLslViw7ibl84GAdqZsbdoLjX+UIrvfez6rPh/rTpoM2zStKy1NhsWhJtEo/rlARo77GbtgZ6uiH + WKj9YOxPwso6wUkuE1fixOymaukty0wiwCw2AO/L8+ekYjrcisUrcHNhNbhKpx4WISdgCpwGqXi9 + 6dBd2DwjqSLFf1UeSEWIf8eQKwt4jQTYbI3xJhnWZz8dpT32LLMvWOgGgRsy9iy1L16ygeujcMUY + uGN3yFrGsGMM3ZG709JHHX3koq6WPu7otBx1dPKuoQfuuKOHHT3szv8LAAD//+xYXU/bMBT9K1dC + QmnWpqJAizr1AQEPkwaa1m0v66SG1NBsaVLipDAx/vvOtR3XoS2Ijoc9AKikvr729blfx8ElZzm+ + H+wvxw+W4wfLA/SW+/KjM2735cdOY0NMALhjNPqFaLK7FYumdb7tvdC3Zv5r+fbNr6/jVxS0Kvn7 + vvIxj5F/Wgo6RSXE4FDMi4D2ek3ivkf1Mlv9TvcCW2fV9/3gLQG3cVTVKtqdoyMUaP9UtWB0x58Z + MTmBQ57VIw8fjXWufdqx5KPqQ/Ad/1pbJCl2RLarBf6tAdRjyx9mZR4JxFcifG61LVwUZ7EUDOz8 + 2pl4uiQEPhq33RbBJ02vDeKsHU4WsQSpADc/7HTAFa4YYyRERQiZNYzn12MC2YJ9KYWU6ziOOI6F + jWM+g8jDyzjh7llMw4KyCBtJup2CZxSgvUaRUbsMpaAspxvcqH4TLp4R56HE6lEeXrEBoEnlLCVm + RYHKNBDnXBCYMxW3WaUSkYxEGuKGweQDW8XRlNDqwaqT+JcAr77CLiHMns+TOFKv+wzJqQxOBPBB + zjIxd2fpo8GmMpXhFYoF8/CWLHkK7JM3idnOICNpFkI5zsABHONlMEo7q6tDKQXSko2BebiK5uD2 + WNeiw7zL2hAapHJRlHmK4MaTLJOC0XVswLy1RgQM4M4OrhQZ/Im/kyyNEPOjdDwej1K+phV0Tyc4 + GfjNAw2I33/GufB2d+46PYSW/t+o5kZ65oDAaY2ax0L1FJjD8UilwHANaDw8+3h28oX26HhIuzdl + Vrwf4Ucv3vb1CJJwndhvj5CX7/ioMktEABbvIfoj3KwCkS4aP9gakGGopO221h4rA7RRCkAPdjTJ + E3neZAQbNODMoXusbM6EtSZs+EPDgEPfbKDQeTYpES/EqeaOVy9V+rU6Dk64oZJDsqmWW6WVam4l + K/XckTyq6I7kUU13JI+quiN5VNetZKWyO5J6bQdOn9SLl0kFUt/MNCAZVLCeAxdjZDDhjVy4GCMD + ihFVcDFGFhRHUvW8CpWaiEGyqNQkDJJFpSZhkCwqNQmDZFFxJBoki0pNokFyggl4TRFJHJItTfP6 + q4WebyV9/kB3wrfjiPMAgVleIv1NDziP1R3OtADfXlo6wV1w16ev6hbPBcgU+8olqJgJJHngKu1v + UtLeWqtzsElHu3GtzuEmHe3gtTrdTTraI1aHPLrgDqS6k+1wKgia2uNNVXa1i7nVhInMaK4DOCAm + EnbT3qZNlUuf3tQEBLrUygbGdx9m8zAq2G8XGcXqCyEEFvFETJZtHhM/gxXlAtVcvqTPG9V5xvdo + pileOJnFaYO8xp8ZaEiR9S31WEto38isk8BuwXuezHa3JLNdJrPd/4HMbnvjdQP35WT2LwAAAP// + Iq0xazjamB1OjVkAAAAA///sml1rwjAUhv/LwMt0TfqlF+KEbbA7r72LSXUw+kHT4t/fOU2aNZ11 + sItRWMALMSfNMSGvr7yPN7PezDrmzNF0x5w5qu6YM0fXHXPmKLtjzsba7s3ssF/ezHozuwwzS+3U + H8zs92CdzgXrNJ4bSMYhattw8dFTA8gBTEpDWzodsGH18J3mCufC69ACFk7eO80Eedty8Y7p2M3Q + PLQ0huqKgmPq+XAzyMONQ3Shan6Zi6LX2HEhELh4k9vkzONI0tM6DpMTNJJlG8pYiuvYIljhTlmO + p7qXEtZQUPnVAwoLcjNP1ZWrGm0tPvQu8dQfQh5cGl0GP/fFQN0klNE4p2EeMblJRSSSjIp1ImXI + 0zPN1zu57Z+yivYr9govPY8UvDSxJCH6IxV0ilxhRwgLoEUZaGnDLSM15wp3DOb31hsuEbx9PpA0 + qEvsf0pPLb/jKX61/I6n+NbSOwa9kZo4MiTB+P/kwdCIeJ8w59JUk9asY1Vi+UvXVHX+eAT9Ecjf + mIuHECGM2puM6xh00kAIjZFZLwV/f+j/VAo+AQAA//+is4tHiwKcRQG8uQF0Yjokx1WD1h9D2QZA + c/NLEqGrp9GbG7gWKxrAFyuiS8CX/qFLwJtnwK5yZlF+HqSNAxFKKYUuk4dwiXJpfi7EhGoYE1rY + kVHAIa3w14eZq6OUm1gRBBniQLEbvO6sqMSxBOKOMmDLmtzFchjLXSGGwQ0F2pWRWByWD162B1uj + ClpwC1oMB7IS7hBU1xqhOBeqARw8tbW1AAAAAP//AwD7Ap5llTEAAA== + headers: + Atl-Traceid: + - 064beca1d239c9e3 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7e4b2f8c-3e96-4191-87e6-1465605e1592 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '221' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8a8c16a0-28ea-4d13-b078-1d9210bb792f - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1071,109 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/ihOAO0+Fo2nLX47iQth8owyi24qjYkkeSk9DCf79d - 2caUEobSMIOllfb92dV+c9impCJ1YkcxkTLF0jec5anuCVow3dPJkhW0J0umqOFS6B5LuSmYob1k - SUXGcpn1VkxpOGPplJWKaSZMfdfpORwlB0Hgh7DRLF/AdmlMqWPPS9mCJSaVX6RLTU615lS4ghkP - ZBiPltwLPa51xbxWwCW7Av7j2eR01t8LBkBZWGOd+JujQWmlE2pYJtVVbVwKO2AI/TDo+1E/HM+C - MB4M42jPHQxHf/ih76ONqMNclcyKeaaNyO8Fvm/trL1uNinTieIlRgSoB0QXNM97JOXacJEYUnKW - MCIXZC3VpYvciRQfVP4UKzRLKsW8FWdruqKGqleaf2X7BSSpKnZq0lG6H/iDYNxsZ2Dofudyz8FE - g64Z1ZeYo2pucBUvaK5Zz2llOLEVctNzDAdglJBkJxYVeOKUSn4B854ZvYbbxs5mo40dbu4kvLP0 - g+DGgADEV8ONTv1t72q5MGuq0DHNizLngJD0njcQXAuZaLyJxk8xtwlzo6yJdMkxsPC7G+fI3wXN - YbQJo2cLtim0KNnRzfcRXcFoE4x+TdemVdYsHtE2CDeD8Ne0NeDU7WKrtpsbrO/Nx7q7QMbOziGD - WaZYBnX9AwwBUzKv6jKrKUmljSxsi7gADeHutoPxjzLq1lFTsTBt+3PiftBzwE3zESoOcVVfsOWE - mFY8qQ349gMNEQcO6aWs8vQ112VOrxpcAnlNDXTaupH9fA3VXfK2L3q1NIUFYpeHssI4BWjpJyRw - kTmxURWqThQDX7HqHuqTkJe2T96Pmr8tnMG2g3DbwaDrJVwqbq6eGYiW3bNd+Ol9lBc0Y9pDDt0K - 4UBY8mzp6lXWNZ93QGm7VOjcIBrmDNsJgvOeW1iXD/obbENiMEbHl1RPSp685+LSPsavWYlvs0ha - wFgYre3ZLUVIMYGnmc5zNmVU1yBUzco5ef/h7dHxxfujw8nx6eRiMp3+OwU3oIQ0eA4XZktGTqBv - CkNQL+GaSJFfEahJnqNQYiT5iytKThQroG5JpQFhrq3S+17sgUD/mvt+tPgaO/eKFmKbcUFzyBqE - vasyPLtPayaLJrwW5jlY1/YCSGAm2O3tqsSqfQKS61nhmRirmW/fq++f95+DXQerP2lyCaNUi6xW - eK3rsBlqfsngdjKqSwOUhO3zKtgaq1vmUh3X1szzivUzBQ2qGw8keS3rZMuihGFPmCYLj+X0++B8 - Fnf/DkimZFXi5POGixRakiaAfDJnTJCy0kuWWswdTQ/wO2eEixUqQCClBIZWAq8DS2MUtgxd8hbF - fRYv7PdFTM5uxXIRkzKLh27g+tcYOohcLhOaL6U28dgf+96ivnthbfLCcO8cuMjZKT5j0FDIO7nu - G/kw8znxyFmgDfmvosowRSYig6oqIEaPMByf/EMOKihZcppQseViHarra3LKoBbQEFgffpzYz6f6 - 0+YDN81jicsZN1C1yGrzDysQRLB/kWtyBjL6IVRqPxj549BqRzwlK+YW3CjmSpV5Scb7cy6QijBw - Yf8KF/vfc5+jwL2oE7K+KwRqkiJOOYxtWMveXuQuTZEjV5nBP5sWFBHCb8oKaRg4lTIy2UD0kYf0 - yW8nWY/s5OYlCd0gcENCdjLzcp8MXB+Y7cHAHbkRaQ+i7iByh+5uSx929KELslr6qKPjctjR0bqG - Hrijjh529PDu/UFHH7iDjh519KhzYLfTi8s79Fu9uAx/34IQCNwBDBgr1sPk23GXPJTp3W2Z/h8A - AP//7FjbTttAEP2VkZCQkwZHSQptg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQWvUB - gpLYs7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn1u3q - Ne24hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3HxBR87 - j9+K7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3MoDOjx - 3W4XwmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSwdmT8 - Lr1cUJLRFc5xPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhVMFKBEuF/pSw - EyGxo/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6OY1M - Tjjgh36YQA9YwefuMO4uzw6nGEjnHAzCwxkyg9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYMGLcy - CJcB3NrC+SJBPvF/mMS+SIthPBqNhjEfzQq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTVuAFB - 3monh43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5knkXAh - 5500S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMDQ9aO - e58EJWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGWpc7i - wOmD/LUkqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAyS - QaVmYZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i60v2 - fx/Ko5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXelz946 - H5UP40MOVBmP4L5kepssgZbKd0sSrkowNxkvyhNKVfm6xGrBLPpq3aIyob9fVJcD+tPSAljiZJZ6 - fsE5O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3yGn8 - nHlhVCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3FjuBW - LAAAAP//7FpNa4NAEP0vhRxX3fUrHkIaaAu95ZzbZte0UIziB/n7nXFX65iYQgvBg+BB3NmdcXSf - T967Gl1Y7JCWEeQmrIxgN2FlBL0JKyP4TVgZQXDCygiGE1Y2RPGFxXb9WlhsN2dhse3rMB8Wy+3E - X1jstdLOp5R2HgzF07qU6qtV9tFoMA4NJ9bwJgem1GuvV6+7W50K7H0VRAAei4SyrqX6RLXsporu - JX26JsskyqBPN5U9bBx6GfLyj0Ip0o6tVArdEu96E55k4Gt+XAdeeIRC4jjhQkSYpw+CDHfCUnyq - O60hRwWRPzUgzqAv5jm/yKpAjoqL3jUnGUON81GaMPj2Z645dUMueJByL/WFTiLlqzDmah1q7cno - xNP1Vm/aVVb+biXe4DDzWCbPVqZkzFyqnKZiF+gIEw6+9Y5BOmwZK6SssGMwv+XjsKvg9GXPIqc4 - Y/1j19P8Kx57p+Zf8dh/NfeKAYi08TpZa8HwP3JvjYO4n1DbMpYkA2YHAFoIf23KvEjdA8CMQt+N - 3Xjo94PRfidjHutctK6E0sLsAgWPf+gLFDyi4v9CwTcAAAD//6K3i+lYFMCbG0AnpkNyXDVoqTCU - bQA0N78kMQfIwmwoGQAbW0rVtUqYEriWNRrgWtZoAF/WiC4Bb7cBu9SZRfl5kMYPRCilFLpuHcIl - ygv5uRATqmFMaClIRsmHtOJeH2aujlJuYkUQZBgExW7wCrWiEscSiDvKgG1wcpfVoa9hhZgFNxNo - VUZicVg+eH0ffNVsfhF41RzIRrg7UB1rhOJaqAZw6NTW1gIAAAD//wMAuDPmh/4wAAA= - headers: - ATL-TraceId: - - 6316bd0b816782ac - Connection: - - keep-alive + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJHOMhuJ1EjKdpb0f9+d + HlaTNEWTYY2BiDzy3r873rUDm4LLxIkcDTIBDclrAVliepLnYHomXkLOe6oAza1Q0vQgETYHy3vx + kssUMpX2VqANnkEyg0KDAWmbu3FprMoXJPA88P3AdzX8XYKx86sCjjWPrYjB6TmC9AfBzu4Obgxk + C9wurS1M5HkJLCC2ifqkXG4zbozg0pVgPdRkPV4IL/SEMSV4rYBLuEL+o/n0ZN4PhqNdJFUmGCe6 + dgzaVpqYW0iVvqp9SHCHHKEfhn1/0g92574fhUHkj93BTvizH/o+GUlKLBpeiXmikcTvYSj8cOt2 + s0nAxFoUFDik7jGT8yzrsUQYK2RsWSEgBqYWbK30pUvcsZLvdPZIK0opKF08O+crbrn2VgLWXmVW + Z2BzFPiDYPKLEf/AyxzTXuaolWCBKufcXFKuygtLq2jBMwM9p2Y8QL8q3p6zFAgcHS+vDmEFaKv/ + uedYgcgqECVOJEv00bkDk4HfHhRafUKPnhjwhrsKd5XANty0+QIknVfvpLAWBRhnq5uQ+nt116iF + XXNNeDUiLzKBBid3PMd8VCgbTjbDySPN/UZmWk+2eRn6BPRwuAmH/6+WOvsVFlFhMN4E4x+hcNNq + HISbQfgjNDYA//z5PhyDh3AatgcLsXlf90DM/ukZoiFNNaTYVu5hHe1UWVlX+VelhjsPHUweOti9 + L7xuaTWVGkbVvZ2oHzR9jMKlRVzbcX2PRiDGSJilKrPklTBFxq8aqCN5zS0+C3U7fXxZ1s26a89e + LU5T0VXLfVVSvCpTPxBByNSJrC5JNwq17zGfVHpNNDSgs1Tb9xv4yN3d8dsGfjds2zZz9+ChhIfb + hN89GHQdSygt7NUTY9Oye9Xz8P0NXuQ8BeMRh2mFCCQsRbp0zSrtWtxbpLS9MHSqgF4ANS2C7d33 + evyAv8FDGA0m5PiSm2kh4kMhL1/TySsoaLaQcYuhClnr6mxLkUpOcbTgFxnMgJsal7pZOceH794c + HJ0fHuxPj06m59PZ7M8ZuoHFZdBzvDBfAjvG7iwtI71MGKZkdsWw0kVGQplV7DehOTvWkGOps9Ig + 5tyvVXyABeX4N8L3J7mMnPrFwiRhlLuqulXiGO9USJ7dvdRMRk14K+RnaF3bJTCBqYTt7bKgsv0O + JNdDzBMxVjNvX8Xbc8fjYNfB6lceX+Io2CKrFV7r2m+mrf9kcDuy1aWBSsL2EZewpupWmdJHtTUX + WQn9VGPP6gYWxV6pOtkqL3BYlbbJwrfydzs4H+WXvz2WalUWNJK9FjLBJmUYIp9dAEhWlGYJSYW5 + g9kefS+ACbkiBQSahOHQzfDdgCQiYcvQZW9I3Ef5vPo+j9jpVqyQESvSaOQGrn9DocPIZSrm2VIZ + G038ie8t6rvnlU04Cp8hEzs9gbikfsLeqnXfqq/znjGPnQbGsr9Kri1oNpUpFlWOIfoGw9HxH2yv + xIplJzGXD1ysI3Vzw05w/KsMwfX++2n1+VB/2nTQpnlFaTkXFouWWKv04woFMWpf7Iadoox+iIXa + D8b+JKy0E5zkKnElTsxuqlbeqswkAsxiA/Bu3z8jEbvDLVu8BjcXVoOrdOphEXICpsBpkIrX2x26 + S5tnxFWk+K/KA4kI8W8GubKAbiTAphuMN/GwPvvpOO2xZ5l9wUI3CNyQsWepffGSDVwfmauDgTt2 + h6w9GHYHQ3fk7rT0UUcfuSirpY87Oi1HHZ2sa+iBO+7oYUcPu/v/AgAA///sWF1P2zAU/StXQkJp + 1qaiQIs69QEBD5MGmtZtL+ukhtTQbGlS4qQwMf77zrUd16EtiI6HPQCopL6+9vW5X8fBJWc5vh/s + L8cPluMHywP0lvvyozNu9+XHTmNDTAC4Y5CMhWiyuxWLpnW+7b3Qt2b+a/n2za+v41cUtCr5+77y + MY+Rf1oKOkUlxOBQzIuA9npN4r5H9TJb/U73Altn1ff94C0Bt3FU1SranaMjFGj/VLVgdMefGTE5 + gUOe1SMPH411rn3aseSj6kPwHf9aWyQpdkS2qwX+rQHUY8sfZmUeCcRXInxutS1cFGexFAzs/NqZ + eLokBD4at90WwSdNrw3irB1OFrEEqQAFP+x0wBWuGGMkREUImTWM59djAtmCfSmFlOs4jjiOhY1j + PoPIw8s44e5ZTMOCsggbSbqdgmcUoL1GkVG7DKWgLKcb3OZ+Ey6eEeehxOpRHl6xAaBJ5SwlZkWB + yjQQ51wQmDMVt1mlEpGMRBriIsHkA1vF0ZTQ6sGqk/iXAK++wi4hzJ7PkzhSr/sMyakMTgTwQc4y + MXdn6aPBpjKV4RWKBfPwlix5CuyTN4nZziAjaRZCOc7AARzjZTBKO6urQykF0pKNgXm4SObg9ljX + osO8y9oQGqRyUZR5iuDGkyyTgtF1bMC8tUYEDODODq4UGfyJv5MsjRDzo3Q8Ho9Svo0VdE8nOBn4 + zQMNiN9/xrnwdnfuOj2Elv7fqOZGeuaAwGmNmsdC9RSYw/FIpcBwDWg8PPt4dvKF9uh4SLs3ZVa8 + H+FHL9729QiScJ3Yb4+Ql+/4qDJLRAAW7yH6I9ysApEuGj/YGpBhqKTtttYeKwO0UQpAD3Y0yRN5 + 3mQEGzTgzKF7rGzOhLUmbPhDw4BD32yg0Hk2KREvxKnmjlcvVfq1Og5OuKGSQ7KpllullWpuJSv1 + 3JE8quiO5FFNdySPqrojeVTXrWSlsjuSem0HTp/Ua5NJBVLfzDQgGVSwngMXY2Qw4Y1cuBgjA4oR + VXAxRhYUR1L1vAqVmohBsqjUJAySRaUmYZAsKjUJg2RRcSQaJItKTaJBcoIJeE0RSRySLU3z+quF + nm8lff5Ad8K344jzAIFZXiL9TQ84j9UdzrQA315aOsFdcNenr+oWzwXIFPvKJaiYCSR54Crtb1LS + 3lqrc7BJR7txrc7hJh3t4LU63U062iNWhzy64A6kupPtcCoImtrjTVV2tYu51YSJzGiuAzggJhJ2 + 096mTZVLn97UBAS61MoGxncfZvMwKthvFxnF6gshBBbxREyWbR4TP4MV5QLVXL6kzxvVecb3aKYp + XjiZxWmDvMafGWhIkfUt9VhLaN/IrJPAbsF7nsx2tySzXSaz3f+BzG5743UD9+Vk9i8AAAD//yKt + MWs42pgdTo1ZAAAAAP//7Jpda8IwFIb/y8DLdE366YU4YRvszmvvYlIdjH7QtPj3d06TZqazDnYx + Cgt4IeY0OSbk9ZX38WbWm1nHnDma7pgzR9Udc+boumPOHGV3zNm1tnszO+6XN7PezC7DzFL76A9m + 9nuwTueCdRqPA5i5dS0XH0O0j6jBtDSZmSOcHbBh9fid5grnwuvQAha867h4xwDsBs4xzQins1ga + Q/VlyTH1fLgZ5OHGIbpQt7/MRdFrbLkQiEu8yU1y4nEk6TGPw+QIjWTZmjKW4jq2CFa4U1bgqe6k + hDUUVH71gMKC3MxTfeGqQVuLk94lnoZDKIJzq8vg574cqZuEMhoXNCwiJtepiESSUZEnUoY8PdEi + 38rNMMsq2q3YK7z0c6TklYklCdEfqaBX5AI7QlgALcpASxtuGWk4V7hj8PxgveESwdvnPUmDpsL+ + p/TU8jue4lfL73iKby29YxAiqWknQxJc/5/cGxoR7xPmXJpJ0mJ2qCssf+nbuikeD6A/AjEbc/EQ + IoRRe5NxHYNOGgihNTLrpeDvD/2fSsEnAAAA//+is4tHiwKcRQG8eQF0Yjokx1WD1h9D2QZAc/NL + EqGrp9GbG7gWKxrgWqxoAF+siC4Bb54Bu8qZRfl5kAYQRCilFLpMHsIlyqX5uRATqmFMaGFHRgGH + tMJfH2aujlJuYkUQZIgDxW7wurOiEscSiDvKgC1rchfLYSxWhRgGNxRoV0ZicVg+eNkefH1sfhF4 + MRzISrhDUF1rhOJcqAZw8NTW1gIAAAD//wMAxs/hRZUxAAA= + headers: + Atl-Traceid: + - 26a51a991929c942 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4f9f5abb-ee0a-4b85-99c3-defd7d19862c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '286' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a3dd3ce0-9d93-4e65-9025-56a0f14babd6 - x-envoy-upstream-service-time: - - '155' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1183,61 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1JmjZLbqIHFVmFdk8iMkmnWEmTpU2FZdn/boqLH7fhneeZ - lzkxgzPtJ8c0e4/xMOvNpqOebOzCRygwOpznAX3hKbKMfdI0D8EnmAPwAgrIm931c3P31P5ud8to - 0sT0ywplkMFrxjo6uHAcycf2eKB04MaFpUuSWQbXfStMr0KlLuEtxhUUIHgOMheq5VID16UsAOAK - BEDyZ5pSbzuM/9hty4UuK11Bwbn8Ye147/uQQCW2qq56g7akEqkG29eqNp1BBb0FQCmVMlT+KYhu - bXgYJmTrOz0uLj4Gi2t8Yu4yMfJv+4adz18AAAD//wMA0Du1KFoBAAA= - headers: - ATL-TraceId: - - 3a0f190a7e9f5b77 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNtbqIHFVmFdk8ikrYJVtKkNKmwLPvfTXHx4za88zzz + MifopFeHxYCA9xBmL3a7QWnVh8F9OCKDkd6P0hKrAiTwqRY/OhthikgJEkyb/fVzc/fU/m7369TF + CcTLBiWY4GsCg5qNO07KhvY4q3jgxrh1iFK3jmb4VkBEgWFxCW9l2ECGjKVYpZS3WAnkghUEEa8i + idH3aom97Tj9Y+sWUTAacVLV9Q/bT/dWuwiWOeU601pnvGKsxKxCzAvJStpLHMqe81xhVv4tCGZr + eBgXCds7Wq4mPLpebvEJzGUCZd8ODZzPXwAAAP//AwBZeCzrWgEAAA== + headers: + Atl-Traceid: + - b097e0c6f757fb12 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 429ac73b-c1b5-4f58-8390-5c30273050a9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0642a446-6906-4f39-8784-a6a2c60b27f5 - x-envoy-upstream-service-time: - - '35' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1247,110 +1089,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 7d5650020021a34a - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - 749448d8855eb829 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 71690405-04f6-48ca-aedf-331cba5d8702 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '325' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 57e79da6-ad59-4a11-a7e0-2975f7a6fcec - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", + "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] + in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] + / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/287]\n*Defect + Dojo link:* http://localhost:8080/finding/287 (287)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": + "High"}}}' headers: Accept: - application/json,*.*;q=0.9 @@ -1360,98 +1196,60 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1932' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + string: '{"id":"11798","key":"NTEST-1460","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11798"}' headers: - ATL-TraceId: - - 877ea5d0bbd14eb6 - Connection: - - keep-alive + Atl-Traceid: + - 77d03907559eb1c2 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 910dcfef-fabc-4093-819f-6c67b7904666 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '633' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3ade140f-d432-41a1-9afc-2e4704714250 - x-envoy-upstream-service-time: - - '90' status: - code: 200 - message: OK + code: 201 + message: Created - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", - "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/230] - in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] - / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2862]\n*Defect Dojo link:* - http://localhost:8080/finding/2862 (2862)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* - [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": - "High"}}}' + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1462,53 +1260,101 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1460 response: body: - string: '{"id":"11103","key":"NTEST-914","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11103"}' - headers: - ATL-TraceId: - - 261e81d1d6251c26 - Connection: - - keep-alive + string: !!binary | + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprTc7YNTpdCiYhJZSCiT5QBjmkNbSBelOvTv5pSH/vbsn + ywQTZwKdZvxB97Yv9+yze+sPHsxrLjMv8TTIDDRkhwLKzPQkr8D0TFpAxXuqBs2tUNL0IBO2Ast7 + acFlDqXKe1PQBvcgO4NagwFpl2fTxlhVTUjhdRSGUehr+LsBYy8WNZxqnlqRgtfzBNmPop3dEU4M + lBOcFtbWJgmCDCaQ2ky9Vz63JTdGcOlLsAFasgGvRRAHwpgGgk7BLSxQ/uRifH7Rj4bbIS45F4yX + fPAM+taYlFvIlV60d8hwhhJxGMf9cNSPdi/CMImjJNz1o8Huj2Eckg5nxKLjTs0znST5AKEI49W1 + l5MMTKpFTcDh6h4zFS/LHsuEsUKmltUCUmBqwmZK3/oknSr5WpdP9KKRgsLFy2s+5ZbrYCpgFji3 + 7h1cbkXhIBr9YsQ/8HOFYW8qtEq0QJMX3NxSrJobS6NkwksDPa8VPMJ7OdmeVwgkjk6LxTFMAX0N + P/Y8K5BZNbLES2SDd/TWaDIIN21E3Uat1Xu86jMjsZR2cXCR7eJAk0/Yc3/d11JYiwqMt7JNFP7d + nTVqYmdcE5GNqOpSoMPZGiQYKEe/4Wg+HD3R3S+ErLvJKmDDcAfdiIfzePj/Wmlp4UiKBqPtebT9 + LQzOO4uDeD6Iv4XFJfM/fnxMx7ij40TM37Q1EIN8eYVBz3MNOZaVR1xHd1TZtFn+WZLHO5s2Rps2 + dh8rb0tau0oFw1VvL+lHyzpGqGiRtn58eLRGXMULm0I1ZXYgTF3yxZLRuDzjFp+Ftpw+PfvaYn1f + noNWnabccsN91RBeztW3tCBk7iVWN2Qbldo3GDbKsCUaGvCylMKPC/jI33kRdgV8HbZNZSZelZn1 + jVXAay2UFnbxTAg68cC9Al9fx0XFczABSZhOicCFQuSFb6b5fcF6hStdZYu9x9yNB91VSn4DVJuI + tuvv9fYGIKJNHI1GhEjBzbgW6bGQt4e0cwA19RYy7TjkmDVze6sVqeQYWwt+U8IZcNPyUi9H3unx + 65dHJ9fHR/vjk/Px9fjs7M8zvB8ml0FI8MBFAewUi7C0jOwyYZiS5YJhQouSlDKr2G9Cc3aqocKM + Zo1BzvmfS+wIE8oL70QYjqpp4q2lM4KeC8lLDCfG4z7NaG99bdkZLeF1zC/Ru65KYGRzCavTTU1p + +xVMbpuYZ5KvFV49fg/7jqfx8Z5vv/L0FlvBjnKd8tbW/rLb+k8Ody1bmzNoJO7eagkzym5VKn3S + enNTNtDPNdas+4ZFsQPVBltVNTar0i6j8KWYPgTnnfz0t8dyrZqaWrJDITMsUoYh89kNgGR1YwrI + HOeOzvboewNMyCkZICJlDJtuhu8GZAkpK2KfvSR17+SW+24l7HKlVsiETRCRIgn9gR/eEXoIXqlS + XhbK2GQUjsJg0h6/dm4FUXyFcuzyHNKGag17pWZ9qz4ve8UCdhkZy/5quLag2VjmmFcVovQFgZPT + P9heg0nLzlMuNxxswbq7Y+fYATpHcLz/Zuw+b9tPFxGaLB9SGl4Ii3lLoo4BOEJFjEobu2OXqKMf + YynqR9tRtOusE6PkNPMlNs1+rqbBtCklcsxiDQgenr8iFcOwxZLk0hn4lbAafKXzABOREzkFNn6U + wAEe9QtblSTnQoFfFwzScwZ5U3JEbU7/f5z7ByAFL4kc56Cn+DeH9dn3hyTYY9+V9icUfuHHP2wA + DZXu4UM8hR7h4RpKdkc4bnUoJlsOCFpjWwcNsANkFS6eQ219Fu30GNUQ9pCy3a+I/BVn3/0LAAD/ + /+xZbU/bMBD+KxESE1QkTdKmLZ0Qq8SQ+MCEmMYH9gVjpzRTU1d5KZMY/33P2Y5JA2FbhxAfkFBJ + cufL+d783IXue97Lb6KKx244GiIKOkcq1ZGFP6RDRRDK/nGds4Of3ae2/fymnQ5CC4Tv+Odu5GW8 + EwGjRPxfnK1bvvNVlhnseJzMY6R4rG394ab4qIKqxnj0UHo6KBH2tRI1yaS0l8guE6skR/kCCojC + AarSlKyMcKmOHvLelRJ+5eB8dEhV9GTmRMyM040i5HRhnZ4bp9/OqKIxyFvcOECzHHQcrTxjU3oT + HaQoNcuy8GD5iwf5p1KU89iUrnVSBZfHtTgCx5mCgqIigwrLHFhyTQA4Z1iNh4hJlYjjpjH3ag9y + AJAWQraKXTpiEv6YUVOnbEWHYs1LVLnG9EPBhdsJ55A3Rtm/nifcePA0UbXeOPCbOtzJ5sYzeleO + zJw5CJlnPX+SLhkvaM0X6STqxkF/skpELNZi6RwZBcSDV/9LhJilS0mFngJ8h4k0Wew6O7u/UgRw + IccI2sd4OWjDy0G/jRDVsVGRASMoKE+tRYPVt6xNQhsG9S0GrTbbxmj7JlYUjM/oUHuiS2se/U0p + tsnKyzRlBGa22s5nsh01JTLbEPFQRh0yzqkROhEH0ZT1eyK4HvX96Bq6DIf7QRiqwZZlwhueYYvJ + sRMhKOrB+aCDaxrfT/KW5UsqiiT02ZGFMnfsAV4pNg94qmqboyAM+nHgx71Q7A94j0fDgI8iIXw2 + mAbx6FAcKCnbvcl2eIw/vc5N2cKgDdfVj3KvzN1bWMQNPagoPJ1ZZDJ3yVhOFsN6VbjRP+Dy6Mwd + eMsF6d8cf7x9jZvzk7evcXP+8tY1RskReo5heoQ6HDkz40TKJ0Jdetqgy9YlkCnYP5eZXMbdS1Qa + Tp21STyaAoJqM5neY4aipr3ITKV9LwWv7/T3UvAaGr+XgtZSYBEGVLzRGXdHHxDMtQ+5smDmu0gT + cbSNIX07hmwS7FCvSbAILV6skkwuNAYyM47SfADTt3+j6UoWLzf+1cKsULxpxvILqQZh1cQZIaRV + vqsuTXXdWAH1sbBbyd3bStnP8zgv5yS4tlk1wsqKSaE3TqN0GnPR1u3z9cXh2mqzQGl7f3//GwAA + //8DABGqJERvHQAA + headers: + Atl-Traceid: + - be357f8287f96ca2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:09 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 30c603d4-3f4c-4167-8bd3-362a281d4703 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '289' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e07b7064-d88a-4741-bb99-44c67b10f4e4 - x-envoy-upstream-service-time: - - '409' status: - code: 201 - message: Created + code: 200 + message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1518,96 +1364,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-914 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhykLXc9joO0/UAZRtgbW8WRPJIcwpX+99uV - 7YTShqP0YAZLa+/bs8+uxGcPFhWXmZd4GmQGGrJXAsrM9CSfgemZtIAZ76kKNLdCSdODTNgZWN5L - Cy5zKFXem4M2+A6yE6g0GJC2+dbreYIsR1EUDnBjoJzitrC2MkkQZDCF1Gbqk/K5Lbkxgktfgg3Q - hg14JYI4EMbUEHQGruAG9Y8m49NJfycaomTqgvWSz55Bp7VJuYVc6ZsmuAx3qBCHcdQPh/14NIni - ZLCZbIb+zub2L2EchhQj+bA3FTgzT4yR9IMoDMN4mXW7ycCkWlSECEr3mJnxsuyxTBgrZGpZJSAF - pqbsWukrn7RTJd/p8jFRGEhrDcFcwDWfc8v1SyP+gd0ZFqmePWtEh9kuoheN2u0EA91dpdzzqNDo - a8LNFdWovrS0Sqa8NNDzOhte4ox86XlWIDEqLLKXyBoz8SqtPmF4T0Sv1XbYuWp02NHmTsFXkb6T - wlo0QPxqtSmpP9y3Rk3tNdeUmBGzqhTIkOxeNgiuo8xwtBiOHhNuC3PrrEW6EgQs/tzFeRhuo+d4 - uIiHTzbsSuhY8sy0zwd8RVuLaOvnfC06Z+3iAW+DeDGIf85bS07TLdZ6+/KF+nvxvpkuWLGzc6xg - nmvIsa+/oSFySpV102aNJK2NVTM3Ii7QQ7y97sXoWxvN6Gik1Jhu/HlJP8IttzgVm6Hz43xvJtpy - hgWNNU1kdst9VVNOEc2lDyQQMvcSq2tAONCmfY/NTpRuYnPmyLwWaZP7529kFCoqm0LVZXYgTFXy - m7YlUJxqwFyp6743J7dGm92cvI9auA7OaN2LeN2LwWqWCKWFvXkiuJ164Kbw4+eomPEcTEAapjMi - UFCIvPDNPF8Nnzco6aZU7LmSXAKNEyLnvbSoL7+bb7SOidGIEi+4GVcifSvklTuMD6Cis1mmXdVc - La/du6VEKjnGo5lflnAC3DRM0O3KO3777vXh0cXbw/3x0en4Ynxy8tcJpoEtZDBz/GBSADvGuSkt - I79MGKZkecOwJ0VJRplV7HehOTvWMMO+ZbVB1vquS+9nsYMGw1sRhsN8O/HuNS1imwvJS6wawr7q - Mnp3X9beLFp4Ha9LjK6bBVjAXMLy67qirn0Ek5u7whM51igvz6uvj/cfo92KVr/x9AqvUh2zOuON - r/32UvNTAXc3o6Y10EncHa8Srqm7Van0URPNZVlDP9c4JVbXA8UOVFNsNavwsidtW4WHavo1OB/l - 3d89lmtVV3TzeSVkhmPOMGQ+uwSQrKpNAZnj3OHJHj0vgQk5JwdEpIzhpZXh6QBZQsaK2GevydxH - ueGeGwk7W5oVMmFTRKRIQn/gh7eEHoJXqpSXhTI2GYWjMJg2n1+4sIJ4EJ6jIjs7pZMMZwp7o677 - Vn1f+ZwF7Cwylv1dc21Bs7HMsbFmCNMDCkfHf7K9GruWnaZcrvmwQev2lp0CtgMFguv992P3+NA8 - upLQpj0vaTkRFhuXVB0FcIWGGI0wdsvO0EY/xlnUj7aiaMd5J0qlc/Bnwmrwlc6DNBf9SyFJSkzw - cf+SFrtfa5+TwWHYQOusXN+1gn3JiasCr27UzwF+6hd2VpKeqww+XW3IzgnkdckRwwX9O+GSOQAp - eElcOQU9F3hh7rPnr0ixx56V9ldU3vTjF2sgRKN7eBLOoUfouCshuyVUN37TXKZFMOF5ssGOEMNG - WosyOzy4K0KIMR0iaHFH3P0Wkb8ksdsP/P8/jY6gQTzaipEWGweu+bEvPylGYxED+29F9pz+vkD1 - lk//AgAA///sWW1P2zAQ/itRJSSYSJqkTYFOiFUak/aBCTGNSWwfMHYKkZo4yksZYv3ve8523DQs - aEMI8QFpYknufD77zo+fu95hGKUELfL7MV5+4D/3KbEkC+fawnOm1nqbz+tFhkKUbiOb8uZkYyNV - /qyVsT0WfN4BJBonMglUMmfaS+SQiWVSAsBw3UfhBLg0p11FhjSXD4XrUk1y6eCGdJZrL4BLhYly - vI6ysFEuTZRvbwjTGOxl1w5YK4cclysv2JxmoqsUWJPXlfczc1qrPJGiXsRmiZuihhZPW4kDjVNF - J0UjhvS6en9oxS0D0LzBaHxs9m5q1kBD1Iy7rQ8o60WPoFjGLl0yCX+oqKVztqRr0X7GpJRr9Icy - Da8zzmFvCuC/WiRcxe8kUVhvwvdNXe604yYuek2OLJwFBIWnxnxOc8Yr0v8inUS9OKhBlomIhVL4 - WsV5qeOG76LmsVY2x/wMRwokCL78T8qogbkk4Kfs32YiTbIdZ3vndwr2VMkpcvghgQ76CHQw7hNE - bbJUFSANqjogdt9R9a1qV9BHSn1LSpul9inacqkrOGgEG4SvSwpYVTF+Q1ejJhBlnaaM2M2g78Km - vaMqRRZPpEB0wI4Y51Rbob6M5mw8EsHV/tiPruD43t5BEIYTmscqYYZH1GIK7EwIOgTQXPvgmor3 - g7xlZU44R0YfbTvoUtkD31JqHgjWUD8OoyAMxnHgx6NQHEz4iEd7Ad+PhPDZZB7E+0fiUFnZGs22 - wk/4p8e5KcsM+3Bd/an06tK9xY64oUeJ7+mDRlvm5oyVtGMYr0AdBQUeP566Ey/PyP9uP+P1e9zt - irx+j7udldfuMSBH6FaCKRrabOTUtATpPBHv0g0MDVsXwFqoH9eFzOPhBZCGU0VtDh518iC1J5nm - MT1JU28UBmnfoODlg/4GBS/h8RsU9EKBJRZw8VqfuHv6EcA8+7ArK7bA018oEfjW4H41eCjoa1j6 - fQ1L3zYsuwJL3eJsmRQy0zTHdENq84uUfv2nJaDsVBbum0eDgk9AvtZvacPG7u4gZb/O4rJekOHW - 3Kr3VFSzSvuxlNWzdby1LWsTU6GqPpeqc9c0panlTv0wmtH6selsuOGtGaB2Z7Va/QEAAP//AwBO - sm912BwAAA== - headers: - ATL-TraceId: - - ca19cd6b93b15494 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LRU1s0OGHU6HQomoaWUgpM8EIZZpGNpg7Sr7q6MKfDfe44u + doA4E+g04wdJu3vu3/n2+NaBRcVl6sSOBpmChnRfQJEaV/ISjGuSHEruqgo0t0JJ40IqbAmWu0nO + ZQaFytw5aIN7kJ5ApcGAtN3ZpDZWlTNSeBEGQRh4Gv6uwdjpTQXHmidWJOC4jiD7Ybi1PcYPA8UM + P3NrKxP7fgozSGyqPiqP24IbI7j0JFgfLVmfV8KPfGFMDX6v4ApuUP5oOjmdDsLRZoBLjQvGiW8d + g77VJuEWMqVv2hhS/EKJKIiiQTAehNvTIIijMA62vXC4/WMQBaSjMWLR8UbNC50keR9TEUTLsLuP + FEyiRUWJw9UdZkpeFC5LhbFCJpZVAhJgasaulb7ySDpR8q0unulFLQWVixcXfM4t1/5cwLXfuLVy + sNsKg2E4/sWIf+DnEstel2iVYIEmp9xcUa3qS0tv8YwXBlynFTzAuBpZ18kFAkcn+c0hzAF9De5d + xwpEVoUocWJZY4zOI5gMg36j0uojRvTChHfSTbqbAvbppo9PQLKK6q0U1qIC4yxtE1J/b84aNbPX + XBNejSirQqDD6aPIsR4NykbjxWj8THe/UJk+kmVdRsEWuhGNFtHo/7XSVr/BIhoMNxfh5rcwuOgt + DqPFMPoWFjuA398/hWO4DqdRvzETi3ctB2L1z84RDVmmIUNaeYJ19FMVddvln9Uaba3bGK/b2H6q + vKW0dpUIo2FvJx6EroNZs+8wIwTe7gC3SPMtPT6/zVryXdGt36rT1ETN666qKf6QKPQ9LQiZObHV + Ndx3rEratEjarNw+WSPP8KjJVV2ke8JUBb/pGo/KpQGDpd5+SuBjb+tV0BP447QtaebxxrqCR8uC + P94YrhhLKC3szQtz2Yv7zfXw9QQvSp6B8UnC9EoELuQiyz0zz1YU9wZXei6MnHuCwyUQaRFsH9/X + m2viDddhNBxT4Dk3k0okh0Je7dPOHlQ0W8ikr1pTy+tmb7kilZzgaMEvCzgBblok6O7NOT58+/rg + 6OLwYHdydDq5mJyc/HmCYWBzGYwcD0xzYMfIztIyssuEYUoWNww7XRSklFnFfhOas2MNJbY6qw1i + 1Ptcx4fYUE5wJ4JgXM5jp72xsEiY5VVXPWhxzHcmJC8eH+omoy69Da4L9K5nCSxgJmF5uq6obb8C + ye0Q80KMtcLLW/Hh3PE82K1g9StPrnAU7JHVK29t7XbT1n9yuB/Z2tZAI1F/iUu4pu5WhdJHrTeX + RQ2DTCNLrAYWxfZUW2xVVjisSttV4Uv1e5icD/LT3w7LtKorGsn2hUyR1AxD5LNLAMmq2uSQNpg7 + ONmh5yUwIedkgECTMhy6Gd4bkMakLI889prUfZAbzXMjZmdLtULGbIYZyePAG3rBHWUPk1eohBe5 + MjYeB+PAn7XHLxq3/DA6Rzl2dgpJTZTC3qjrgVWflz1nPjsLjWV/1Vxb0GwiM+yrErP0BYGj4z/Y + To1Ny04TLtccbJN1d8dOcQJsHMH33XeT5vG+ffQVoY/uIqXXqbDYtyTaIADfUBEjBmN37Ax1DCKk + okG4GYbbjXVClJynnsSh2cvU3J/XhUSMWeQA/+H5c1IxCtpcklxyDV4prAZP6czHRuQEToETITWw + j0e93JYFyTWlwGdTDNJzAlldcMzagv7/NO7vgRS8IHCcgp7j3xw2YN/vk6DLvivsTyj8yot+WJM0 + VLqDV98cXMpHM2myO8rjRp/FeKNJBK2xjb0a2B6iChdPobIeC7dcRhzCHkK2/+Wht8Tsh38BAAD/ + /+xZbU/bMBD+KxESE1QkTdKmLZ0Qq8SQ+MCEmMYH9gVjpzRTU1d5KZMY/33P2Y5JA2FbhxAfkFBJ + cvblfK/PXei+5738ISp/7IajIbygc6RCHVH4QzqUBCHsH/c5O/jZferYzx/a6cC1QPiOf+5GVsY7 + 4TCKxf/52brmO19lmUGPx8k8RojHWtcfboqPyqlqC48eUk8HKcK+ViInmZD2EtllYpXkSF8o9lE4 + QFaakpbhLlXpIetdKeZXDuqjQ6KiJzMVMTNGN4KQ0YU1em6MfjujjMbAb3HjAM1y0FFaecam9CYq + pEg1y7LwoPmLB/6nUpTz2KSudVIFl8c1P8KKMwUdRUUGFZo5sOQaA6ycYTcewidVII6bytyrPcgB + QFoI2Sp2qcQk/PFCTZ2yFRXFmpUoc43ph5wLtxPOwW+MtH89T7ix4Gmicr0x4DdV3EnnxjL6VI7M + nDkImWctf5IuGS9ozxfpJOrGQeOySkQs1nzpHBEFxINX/4uHmK1LSYmeHHyHiTRZ7Do7u79SOHAh + x3Dax3g5aMPLQb8iUCktMkABhfAJszeXRi08/FaCxaDVmdoWtmFS3/ZNrCgYn1FRe6JLa5b+Jhfb + ZOVlmjICM1tt9Zl0R02JzDZEPBRRh4xzapxOxEE0Zf2eCK5HfT+6hizD4X4QhmqwZRfhDc8si8mw + EyHI67HyQQbXdMSf5C3Ll5QUiemzswxlh9gDvFLLPOCpqp+OgjDox4Ef90KxP+A9Hg0DPoqE8Nlg + GsSjQ3GguGz3JtvhMf70PjdlC4M2XFc/yr0yd2+hETf0IKLwdGSRytwlYzlpDPtV4kb/gMujM3fg + LRckf3Mu8vYlbg5W3r7EzcHMW5cYuUjoyYHpEepw5MzMGSmeCHXp6YTOZ5dAplj+uczkMu5eIgVx + aqBN4NF4EFQbyfQeMxQ17UVmMu17Knh9o7+ngteQ+D0VtKYCizAg4o2OuDv6smCuffCVBTPfRZqI + o20M6beNIX07hmwSLEKLF6skkwuNgcyMozQfwPTt30i6ksXLjYs1M8sUb5qx/EKqQZid8cpUi3xX + XZrsurEA6mNht+K7t5Wyn+dxXs6Jce2waoSVFZNCH5xG6TTmoqPb5+ubw7XdZoOS9v7+/jcAAAD/ + /wMAUhObjW8dAAA= + headers: + Atl-Traceid: + - ecc709ea25f49350 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:10 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 64fcdef6-3d31-416f-9fa6-86fed2863b95 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '260' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8adbc52c-6f08-4371-9d20-18ac689f7ee5 - x-envoy-upstream-service-time: - - '156' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1617,96 +1469,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhTSll6P4yBtP1CGEfbGVnEkjyQn4Ur/++3K - Nm9tOEoPZrC09r49++xKfPVgWXGZeYmnQWagIXstoMxMT/IZmJ5JC5jxnqpAcyuUND3IhJ2B5b20 - 4DKHUuW9OWiD7yA7gkqDAWmbb72eJ8hyFEXhADcGyiluC2srkwRBBlNIbaa+KJ/bkhsjuPQl2ABt - 2IBXIogDYUwNQWfgAi5R/2AyPp70t6IhSqYuWC/56hl0WpuUW8iVvmyCy3CHCnEYR/1w2I9HkyhO - BuvJeuhvrW/+FsZhSDGSD3tZgTPzxBhJP4jCMIyvs243GZhUi4oQQekOMzNelj2WCWOFTC2rBKTA - 1JQtlL7wSTtV8oMuHxOFgbTWEMwFLPicW65fGvEPbM+wSPXsWSPaz7YRvWjUbicY6PZNyj2PCo2+ - JtxcUI3qc0urZMpLAz2vs+Elzsi3nmcFEqPCInuJrDETr9LqC4b3RPRabYedq0aHHW1uFfwm0g9S - WIsGiF+tNiX1h/vWqKldcE2JGTGrSoEMye5lg+A6ygxHy+HoMeG2MLfOWqQrQcDiz22ch+Emeo6H - y3j4ZMOuhI4lz0z7fMBXtLGMNn7N17Jz1i4e8DaIl4P417y15DTdYqW3b9+ov5cfm+mCFTs5xQrm - uYYc+/o7GiKnVFk3bdZI0tpYNXMj4gw9xJurXoy+t9GMjkZKjenGn5f0I9xyi1OxGTo/z/dmol3P - sKCxponMbrmrasoporn0iQRC5l5idQ0IB9q0H7HZidJNbM4cmdcibXL/+p2MQkVlU6i6zPaEqUp+ - 2bYEilMNmCt13Y/m5MZovZuT91ELV8EZrXoRr3oxuJklQmlhL58IbqceuCn8+DkqZjwHE5CG6YwI - FBQiL3wzz2+Gz1uUdFMq9lxJzoHGCZHzXlrUlz/MN1rFxGhEiRfcjCuRvhfywh3Ge1DR2SzTrmqu - lgv37loilRzj0czPSzgCbhom6HblHb7/8Gb/4Oz9/u744Hh8Nj46+usI08AWMpg5fjApgB3i3JSW - kV8mDFOyvGTYk6Iko8wq9k5ozg41zLBvWW2Qtb7r0vtZbKHB8EqE4TDfTLzmyMAiIco3TXWnkRHv - XEhe3v+ovVm08DpelxhdNwuwgLmE66/rirr2EUxu7gpP5FijfH1e3T3ef452N7R6xdMLvEp1zOqM - N75220vNLwXc3Yya1kAncXe8SlhQd6tS6YMmmvOyhn6ucUrcXA8U21NNsdWswsuetG0VHqrfXXA+ - y9u/OyzXqq7o5vNayAzHnGHIfHYOIFlVmwIyx7n9ox16ngMTck4OiDQZw0srw9MBsoSMFbHP3pC5 - z3LNPdcSdnJtVsiETRGRIgn9gR9eEXoIXqlSXhbK2GQUjsJg2nx+5sIK4kF4iors5JhOMpwp7K1a - 9K36sfIpC9hJZCz7u+bagmZjmWNjzRCmBxQODv9kOzV2LTtOuVzxYYPW1RU7BmwHCgTXux/H7vGp - eXQloU17XtJyIiw2Lqk6CuAKDTEaYeyKnaCNfoyzqB9tRNGW806USufgz4TV4CudB2ku+udCkpSY - 4OP+JS2272qfksFh2EDrrCxuW8G+5MRVgVc36ucAP/ULOytJz1UGn642ZOcI8rrkiOGS/p1wyeyB - FLwkrhyDngu8MPfZ89ek2GPPSvs7Kq/78YsVEKLRHTwJ59AjdNyVkF0RqmuvNJdpEUx4nqyxA8Sw - kdaizPb3bosQYkyHCFrcEne/ReRfk9jtB/7/n0ZH0CAebcRIi7U91/zYl18Uo7GIgf23IntOf1+g - esunfwEAAP//7FltS9xAEP4r4UDQYnJJ7nKeV8Qe1EI/WMRSC7YfXHdzGrhkQ95ssfff+8zuZu/N - SCsifhDkTHZmZ2d3ZmeemfzGNHIJ2uT3E7z8wD/3KbYkCRdawnO61vKYL+p5hkKUspF1eXOzcZDK - f5bMOB4bfN4hSLRKZBJRydxpL5F9JpqkRABDuo/CEeLSjE4VHtImHzLXlVrkykGGdJqlFohLhbFy - vLSysFYujZXvbimmMcjLbhygVg46kisv2IxWolSKWJPXlfczc1Z2eSpFPY/NFtdJLSyerDgOOM4U - nBQtGdSb6v2RJa8IAOctZmOwPbuJ2QNNUSvurwygrBcdhKKJXUoyCd9m1NQZaygt2mEsSr5GP+Rp - eJ1yDnkTBP7recKV/U4TFeuN+b6p5E4nbuyi9+TIwpmDUHhqzuc0Z7wi/i/SSdSLgxqkSUQsFMPX - Ks5LbTeMi5rHmtlc83NcKYAg6PI/LqMm5pICP3n/LhNpku05u3t/UqCnSk7gw9sAOugC0MGwJVBu - rQpgA1UEEIjfZI06ZPidhC5Q6ltQ2m61i9GWS6yqGL+lJPcg/vUPHwR7myChrNOUEbrpdSVsOjuq - UmTxRAhEF+yYcU61FerLaMaGAxFcj4d+dA1FDw4OgzAc0TqWCSs8whaTYadC0CUA51IH11S8H+Qd - K3OKcyT00baDLpU94C3F5gFg9fVjPwrCYBgHfjwIxeGID3h0EPBxJITPRrMgHh+LIyVlZzDdCT/h - T89zU5YZ9OG6eqj06tK9w4m4oUeO7+mLRkfm5oyVdGKYr4I6Cgo8fjxzR16ekf6b/YzXr/FmV+T1 - a7zZWXntGiMWCd1KMEXDKho5My1Buk+Eu3QDQ8ezS8RasJ/Uhczj/iUiDaeK2lw86uSBam8yrWN6 - kqbeKEykfQsFL2/0t1DwEhq/hYLOUGCBBFS80Tfunj4CmGcfcmXF5njaxko+8FbvftHbJnQ1LP2u - hqVvG5abBAvd4qxJCplpcGS6IbX5IqVf/2ULjayerdOsZVmZWAjV7IVUHTPbDEaZqzS+bx9N1H3y - +urbXb+Vu99L2a/zuKznJHhlr6rXVVTTSu+bWu7UD6Od2/H1yeHabDNBabtYLP4CAAD//wMA7i1h - J9gcAAA= - headers: - ATL-TraceId: - - 1668e87fd179af13 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPwUrEMBCG32WuttlJ2iY1N9GDiqzCdk+ySNokWEmb0qTCsuy7m+LC6m345/vm + Z07QqmD2swMJnzFOQW422ljTRe2/PFHRqRB6NZLRRMjg28yh92OCKSIlSDDfbe/edo+vzXW7XYY2 + TSDfVyjDDA8ZaDM5fxzMGJvjZNKBe+cXnaR26Z3+VUAmgWF1CR9UXEGGjOVY51Q0WEsUklUEEW8S + ickPZk69TT/8Y28bRMmopAXh/Mp2w9NofQJ5SYUtrLWFqBnjWNSIZaUYp51CzTshSoMF/1sQ3drw + 3M8K1nesWlx88Z1a4xO4ywRm/Njv4Hz+AQAA//8DAKfQXzJaAQAA + headers: + Atl-Traceid: + - 9c771b3e63314a8c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:51 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e372c725-c42c-4f76-ab8c-b77943570174 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '130' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 0a213a6d-d47f-4d51-bcdf-62aeade815fc - x-envoy-upstream-service-time: - - '153' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1716,61 +1539,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J+pElN9GDiqxCuycRmTQTrKTJ0qbCsux/N8WF1dvwzvPM - y5yYxpn2k2OKfcZ4mNVmY8hSH034CgVGh/M8oC88RZaxb5rmIfgEcwBeQAF5u7t9bR9euut2t4w6 - TUy9rVAGGbxnzNDBheNIPnbHA6UDdy4sJkl6GZz5VZhahVpewnuMKyhA8ByqXMiOVwq4KqsCAG5A - ACR/pin1dsP4j912XKiyVnVdNOLK9uOjtyGBUmxlU1uNfUklUgO9bWSjjUYJtgfAqpJSU/mnILq1 - 4WmYkK3vWFxcfA49rvGJucvEyH/sW3Y+/wAAAP//AwBRm9uPWgEAAA== - headers: - ATL-TraceId: - - 441bbbaccd083144 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZvBGHUyHQpOQkspNU7yQBhmkY6lDdKusrvypYH/3nMk + yw4GZwKdBh6k1e65f+fb488OzEsuEydyNMgENCSvBOSJ6UhegOmYOIOCd1QJmluhpOlAImwBlnfi + jMsUcpV2pqAN7kEyglKDAWmXZ+PKWFVMSOFV4PuB72r4VIGx40UJZ5rHVsTgdBxB9oNgb7+PCwP5 + BJeZtaWJPC+BCcQ2UR+Vy23OjRFcuhKsh5asx0vhhZ4wpgKvVXADC5Q/HQ/Px91gZ3eAn2oXjBN9 + dgz6VpmYW0iVXjQxJLhCidAPw64/6Ab7Y9+PwiDye+5uf/dnP/R9cpKMWHS8VvNMJ0new1T44Srs + 5SIBE2tRUuLw6wEzBc/zDkuEsULGlpUCYmBqwmZK37gkHSv5VudP9KKSgsrF8ys+5ZZrbypg5tVu + rR1cbgV+Lxj8asQ/8LLAslcFWiVYoMkxNzdUq+ra0ls04bmBjtMIHmNctWzHyQQCR8fZ4gSmgL76 + dx3HCkRWiShxIllhjM4GTHp+u1Fq9REjembCl9J1uusCtummxRcgWUf1VgprUYFxVrYJqX/UZ42a + 2BnXhFcjijIX6HCyETnWo0bZzmC+M3iiu1+pTBvJqi47/h66Ee7Mw53/10pT/RqLaDDoz4P+9zA4 + by32wnkv/B4WlwC/u3sIx2AbTsN2YyLm7xoOxOpfXCIa0lRDirTyAOvop8qrpssf1RrubdsYbNvY + f6i8obTmKxFGzd5O1A1wyS2SekOGT2+qhmrX5Oo16jS1TP16qCqKNiDCfE8fhEydyOoKMLWo1L7D + alDjNM7V+ki/FnGTlc8PvpGvKGwyVeXJkTBlzhfLxqNyacBgqbcfI/Bg328JfDNtK5rZ3NhW8HBV + 8M2N3pqxhNLCLp6Z3Vbcq6+Hbyd4UfAUjEcSplUi8EMm0sw103RNcW/wS8uFoVOX5BqItAi2m/d1 + f0u8wTaMBgMKPONmWIr4RMibV7RzBCXNFjJuq1bXclbvrb5IJYc4WvDrHEbATYMEvXxzzk7evj4+ + vTo5Phyeng+vhqPRXyMMA5vLYOR4YJwBO0N2lpaRXSYMUzJfMOx0kZNSZhX7XWjOzjQU2OqsMoha + 97GOD7ChHP9W+P6gmEROc2NhkTDL66661+KY71RInm8eWk5Gy/TWuM7Ru5YlsICphNXpqqS2/QYk + N0PMMzHWCK9uxftzx9Ngt4bVbzy+wVGwRVarvLF1uJy2/pPD7cjWtAYaCdtLXMKMulvlSp823lzn + FXRTjSyxHlgUO1JNsVVR4rAq7bIKX6vf/eR8kF/+H7BUq6qkkeyVkAnSnGGIfHYNIFlZmQySGnPH + owN6XgMTckoGCDQJw6Gb4b0BSUTKstBlr0ndB/mifr6I2MVKrZARkxi9FdwqHfnurtu7pRRiBnMV + 8zxTxkYDf+B7k0bmqvYNi3yJwuziHOKKeIW9UbOuVY/LXjKPXQTGsr8rri1oNpQpNleBqfqKwOnZ + n+ygws5l5zGXWw42Gbu9Zec4BtaO4Pvhu2H9eN882rLQYnmb0utYWGxeEq1hgG+oiBGNsVt2gTq6 + ITZsF+fNMKitE6zkNHElTs5uqqbetMolAs0iEXj3z1+Sip7vr+TiGbiFsBpcpVMPu5ETQgWOhdTF + Hh51M1vkJLeuBy7qipCyEP9GkFY5x/TN6ddQHccRSMFzgso56Cn+6GFd9uPpSkOH/ZDbX16imr7r + /7Qlh6j+AK/DKXQoPfX0yR7LRR9j2+3tf3Mu/gUAAP//7FnbbtpAEP2VVaVUgGKDjW0IVZQi0UiR + mgo1ah/SFxbvAq4AW76Ql3x8z6zX5hIuLVEQlSIQ2N6Z3dm5nNkZa3qlC+fvdeEc1MVp9YDAKZyr + U1M6oWes1ssk6yHi8PBBRqnJrNYlI3xl6+FcfCaWWcazum+ab2nWImDrdttFmNR6ChCBVb9DRqkC + Yh/kYxX8VLcpYP/2WQ2xh4Ff+DOOCgOsCS9SU7wuENdtUHsIsxjavA2mEkAoc41/HKefuO9jF+py + 6XQrjL0lYNcArKUYIZBcY6AZhHUuFkEC0JeUB1vA8hFpHY5UJGyy6WC5woDhaMFIfpSz+jARa3/Q + 0pE/iNIfEu0PPE2RGZNL9jQJ/AnDiXY8BrJmgDoWcaw1HzPOUCH4YMRxxY/5iOQYdNVGja98Ps4A + wgM2kVyAc8GR28x8t+znUqD7UGRTuZom1seL+qSz6pMg6avjuyjGMTwuhq31GUA5ATsewstVkHcO + G4bQvUM/5F+4pW0lmCXKhtPA10a7D1RS1Db7oU5BpGFtjFwYBnCZYiDWmwff3Szifko830IWqBuG + Cm8RCCnW3Ok7ggpHQyz9L06hWaOQkiH5eIWLWTCvskr1eQYfTsNO6bdbUePNEcM5EjEcQgzntYhx + VLJ4gRjHpqtVA58aMbx3xDgBYjj/F2J4JesBxHjZirB2tSIspxigKiWN4RmqnULtkE1Sd8ccjZ0D + ZXlf7GkX4a5yv1G2pJTXTqhU2NpJaJQtqrWyebPcSrLZjFOd+GFv6UMKpKZPGB9ZUVLpfwP/o1bV + nbh2R9xpCmvYdhruENK2WleWbXtUwJZEWGEPmSTrdoUg3wblUgZDdxw/h088iQgcadK9vWJlDGmi + fFVkJurVol/pWrblSKshm7a48vym77Ysv+0K0eDeyJLtG3GtZrlodi/sW3xzPmPG57qQM4z8UWJm + ifEEjRi2CRGFmYcXqcyIOE9IY+BXAM6nCS57fcMzoznJv9l3Pn+JNxvX5y/xZuP73CUGIIm8M6t7 + MKvHkr5+j0PxRJVb3g/OQe0RRT/Iv2RxGMn6I3DIpwalDjx6/YLRMpJpHf3SSbdvYg2371BwpNH/ + AAAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMBbE0AnpkNyXDVo5hbKNgCam1+SCJ13Rm+T4Jrm + McA1zWMAn+ZBl4A301LzyjKL8vMgDSHoGHIpdIEBhEuUS/NzISZUw5jQwo6MAg5pbYQ+zFwdpdzE + iqDU4tIckMFIdoNH7ItKHEsg7ijLL6HeRCHEMLihQLsyEovD8sETHrC5PNBUJWgaAWQl3CGorjVC + cS5UAzh4amtrAQAAAP//AwDFVguwzyIAAA== + headers: + Atl-Traceid: + - 432fcf73e0d3cb27 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 57e17db9-a827-4e41-9bb9-58a1544b7053 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '229' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a3da6c4c-884f-4aae-a220-2bf203d5dd5a - x-envoy-upstream-service-time: - - '36' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1780,110 +1646,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 2ea986178f21e79c - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqaEmqiv2w/fjgjE9gXVJuCmNMwRvGaiwaxLKSrKa9RFX3nJcai/pvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwDk8N22WgEAAA== + headers: + Atl-Traceid: + - 4976d77ef5e1334a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 283007d0-ceaa-42f2-ad51-25c020ecdd65 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 887ce97e-2f12-4577-90ec-a09f0230977e - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1893,98 +1716,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW292HEcdJkPBSWhTSo2TfCAMc5bW8gX5TnN3sk0D/727 - JwkTwJSQmg+6O2nfnn12b/nqwbrkMvMST4PMQEP2RkCRmY7kCzAdk85hwTuqBM2tUNJ0IBN2AZZ3 - 0jmXORQq7yxBG3wH2RhKDQakrb/1Op4gzVEUhRFuDBQz3M6tLU0SBBnMILWZ+qJ8bgtujODSl2AD - 1GEDXoogDoQxFQStgnO4QPnDyeh40n0VxXgyc856yVfPoNHKpNxCrvRF7VyGOxSIwzjqhv1uPJxE - cdJ7kfRf+oPB8JcwDkPykWzYixKcmif6SPJBFIYheVVH3WwyMKkWJSGCp7vMLHhRdFgmjBUytawU - kAJTM7ZS+twn6VTJD7p4jBcG0kpDsBSw4ktuuX5txD+ws8AkVYtn9dFBthOFvWjYbCfo6M4m5I5H - iUZbE27OKUfV1NIqmfHCQMdrdXiJU3LV8axAYpSYZC+RFUbilVp9QfeeiF4j7bBz2Wixo82NhG88 - /SCFtaiA+NVIU1B/uG+NmtkV1xSYEYuyEMiQ7FY0CK6jTH+47g8f424Dc2OsQboUBCz+buLcD1+i - 5bi/jvtPVuxS6FjyzDTPB2xFg3U0+DFb69ZYs3jAWi9e9+Ifs9aQ07SLrdaurqi+1x/r7oIZOznF - DOa5hhzr+g4NkVOqqOoyq0/Syli1cC3iDC3EL7e9GN7VUbeO+pQK07U/L+lGTb8gBmuR1ua+3jkj - fqH7Zq6qItsXpiz4RcNCPF5xi321blvfXzF1T7zugkGtTVM5uOWeqggV5+knOhAy9xKrKzKNOu1H - bBdUFA0YGjBWqrr7+mQ8iNo+eRu1cBuc0bYX8aZlCKWFvXgiAq144Jrt49ulWPAcTEASplUi8GAu - 8rlvlvmmx7zDk7YZxd7V3VB6bSgFnwK1EyLnrY+oLu8FItrGxGhIiMy5GZUifS/kubuM96Gku1mm - LYUcsVbu3fWJVHKEVzOfFjAGbmpa6mblHb3/8Pbg8Oz9wd7o8Hh0NhqP/xpjfFhCBiHBDyZzYEfY - N6VlZJcJw5QsLhjWpChIKbOK/S40Z0caFli3rDLIOd9V6e0oXqHC8FKEYX+mE+9W0SLouZC8wHRi - PjZVRu9unzWTRQOvI36B3rW9ADObS7j+uiqpah/B5HpWeCL5auHr++rb6/37+Ljh2288PcdRqqVc - q7y2tdcMNT/kcDsZ1TWDRuL2epWwoupWhdKHtTfTooJurrFlbcYDxfZVnWy1KHHYk7bJwkM5/Rac - z/Lm3y7LtapKmnzeCJlhkzIMmc+mAJKVlZlD5jh3MN6l5xSYkEsyQETKGA6tDG8HyBJSNo999pbU - fZbP3fN5wk6u1QqZMInRW8Gt0knov/B7lwQhIliolBdzZWwyDIdhMKtlzpxvQRwPT1GanRzTdYYd - h71Tq65V9wufsoCdRMayvyuuLWg2kjlW1wKxekDg8OhPtlth6bLjlMstH9aQXV6yY8CaIEdwvfdx - 5B6f6kebF9o0lyYtJ8Ji9ZKo4wGuUBGjBscu2Qnq6MZYsV0c7+LIWSdepUvwF8Jq8JXOgzQX3amQ - dEp08HH/mhY730qfksJeGG60rG5qweLkRFiB8xsVdYCf+nO7KEhukx7cuASRshh/Y8irgiOYa/rn - wkW1D1LwgphzDHopcHzusp8OrzV02LPC/rqDagZ++PMWRFH9Ll7VS+gQWG5MZPchM8DYXvRePRGZ - Rtoh0388Mv3/ROb/Q+VfAAAA///sWetP2zAQ/1esSUhQLWmTNulDQowJJiENhPZgEvtSY6dNpjaJ - 8ihf+OP3O9t5UChsFTAmoVZtYt8553v8znf5E60gqj5mPBZh9xufTzrsDI6mR8toIU+O2kPwQ+yM - QjlsDVef0LHrcFf3ffs5zVzFc9cd+RRFnSMFmMCyXwmjVAIRH2dku/S7B/Yq/MBGfkLb/XGMm5/4 - s7ZxfVrhQq/wlJHYKPyiXMQo3imD1wjRRkPoVDlVwwEd1ajdAbpWksQJ4NzgoB0lXS5XUQ7kDygZ - DgHoM1ItHKbK2mS5afOkKcP5gq0aeYDqmbF60Fhd1lbPjdV5USA95u/ZdRiJkOGMPZ8DXUtshqUc - z4rnjDMUAwKMOLOIjM9IjumhEEFaWJ95PC8BxFMWBlyCc8WR4Gy9W9ZS0Gkiy0XQ1s7t+aoUmbQ9 - DyTn6gQuq3lMz6tp5/YKoAzBjsFK7xOzdWLhSl51eUsE8jH6IQ/DLW0rxyppebWIhDLZaaTyorHY - d3UQIv0aU2hRGKy9wESmtt45WaZcFER/lrBI3TDUa6tIBlIRfC2CNNdWwrgsRaCJTaB/QSjhwAhZ - /sZLFGOaUH4kr9/lchnFe2x372aJk2aRTGrfvRcqnh0mvPGWMOGNCSa88aMwsU0euAMTT5OWmqB/ - IZjw32DiBWBi8J/DhG8YH4GJuz0JZ1NPwhlsmvDa9WeRwYNUu4S6N2ukvZp0faKu86sdbSLcVPf3 - 6g6UcuKQSoZ7Wwq9cU3YrqnX6668XC45FYzvHqyBSIHU/UmyLUtL6gEcwB2p43Qi970ZH/SlczUa - 9LwrSDscjh3X9amSrYnwhAfIArLuoZTk6qBsZLBMJ/FDcs3zlECOFn2wnatbkDbqWEVmo3Dt6suu - 57jOIHB6Qd+VY1/0hTd0xMiTssf9mROMDuS+WmWnf7jjfsJX81lLHpuCzrL0UG6XuXUNjViuTd5v - 62gjlVkp5zlpDPwK0fkix+XRueXbaUzyr/eJX7/E693m1y/xesf6tUsM3JG6X2yaMe2jyLl51ULx - RFWabutq7LoE4IL8uMySNOheAocEtTBN4NEbEszWkUzPMe96TB8nM3D7BgUvb/R/CQW/AQAA//8i - 18WjRQGtXUyHogAAAAD//4IVBejNDGA7Sqm6FqQH1swAuj0dkhWrQbOuULYB0ML8ksQcIAuLKbgm - ggzgE0HoEvBpFXQJePstNa8ssyg/D9JCgo4yl0Jn+iFcYlxall9Ctfk3iFlwM4EWZSQWh+WDZyJg - M37ApAVxcTWMCS11ybYfvCZCH2aujlJuYkVQanFpDshgJL+C5xCKShxLIP4GTWWC5hlAPoeLo2o2 - QtEN1QB2bW1tLQAAAP//AwAQz+I4MCIAAA== - headers: - ATL-TraceId: - - 6b36dbf603a23394 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW60/cRhD/V1b+EFXpnV/34HAUVZRcElpKKZDkA0FosefsDfauu7u+R4H/vTP2 + +ZwcIQpUDSdhe2bn/ZvZuXFgWXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7Q3B22QB8kJlBoMSLs+G1fGqmJGCi8D3w98V8PfFRh7tirhWPPYihicniPIfhDs7O7gh4F8 + hp+ZtaWJPC+BGcQ2UZ+Uy23OjRFcuhKsh5asx0vhhZ4wpgKvVXANK5Q/OpuenvWD4WgXSbULxolu + HIO+VSbmFlKlV00MCX6hROiHYd+f9IPdM9+PwiDyx+5gJ/zZD32fnCQjFh2v1TzRSZL3MBV+uAl7 + /ZGAibUoKXFI3WOm4HneY4kwVsjYslJADEzN2ELpa5ekYyXf6fyRXlRSULl4fsnn3HLtzQUsvNqt + zsE1K/AHweQXI/6BlwWWvSrQKsECTZ5xc021qq4svUUznhvoOY3gAcZVy/acTCBwdJytDmEO6Kt/ + 13OsQGSViBInkhXG6GzBZOC3jFKrTxjRExO+lq7TXRewTTd9fAaSLqp3UliLCoyzsU1I/b0+a9TM + LrgmvBpRlLlAh5OtyLEeNcqGk+Vw8kh3v1GZNpJNXYY+AT0cLsPh/2ulqX6NRTQYjJfB+EcYXLYW + B+FyEP4Ii2uA393dh2PwEE7DljETy/fNDMTqn18gGtJUQ4pj5R7W0U+VV02Xf1VruPMQY/IQY/e+ + 8makNVQaGPX0dqJ+0HMwa/Y9ZoTA2xyoG58SqEXceHZzj0awxtyYTFV58kqYMuerNfiRvOAWL4pm + wD6+UZvx3Q1sr1GnqQ3r131VUQYDcvUDEYRMncjqimzHGjBY6u37A3zk7u747QDfTttmzGwzHip4 + uCn4NmPQTSyhtLCrJ2aiFffq6+H7B7woeArGIwnTKhFIyESauWaediPuLVLaWRg6dwSHK6ChRbDd + vq/HD8QbPITRYEKBZ9xMSxEfCnn9mjivoKTdQsYtYmocLWrehiKVnOJqwa9yOAFuGhTq9ZtzfPju + zcHR5eHB/vTodHo5PTn58wTDwOYyGDkeOMuAHeN0lpaRXSYMUzJfMex0kZNSZhX7TWjOjjUU2Oqs + Mogw92sdH2BDOf6t8P1JISNnq50xt6mQPMeqYdq7NiPeNm29Ga3TW+M8R+/aKYEFTCVsTlclte13 + ILlZYp6IsUZ4cyt+uXc8DnYdrH7l8TWugi2yWuWNrf31tvWfHG5XtqY10EjYXuISFtTdKlf6qPHm + Kq+gn2qcUN3Cotgr1RRbFSUuq9Kuq/Ctmn6ZnI/y898eS7WqSlrJXguZ4EgyDJHPrgAkKyuTQVJj + 7uBkj55XwISckwECUsJw6WZ4b0ASkbIsdNkbUvdRPq+fzyN2vlErZMTKNBq5gevfUuowc7mKeZ4p + Y6OJP/G9WXP2svYJV+ELFGLnpxBXNE/YW7XoW/V12QvmsfPAWPZXxbUFzaYyxaYqMEXfEDg6/oPt + Vdix7DTm8oGDTaZub9kprn+1I/i+/35aPz40j7Yc9LG+Ren1TFhsWhKty49vqIjR+GK37Bx19ENs + 1H4w9idhbZ3gJOeJK3FjdlM19+ZVLhFgFgeA9+X5C1KxO9yIxQtwC2E1uEqnHjYhJ2AK3Aapeb3d + oZvZIiepMsV/dR1IRYh/J1AoCxhGAmy6xHyTDOuzn47THnuW2xcsdIPADRl7ltoXL9nA9VG4Zgzc + sTtkLWPYMYbuyN1p6aOOPnJRV0sfd3R6HXV08m5ND9xxRw87etid/xcAAP//7FhdT9swFP0rV0JC + adamokCLOvUBAQ+TBprWbS/rpIbU0GxpUuKkMDH++861HdehLYiOhz0AqKS+vvb1uV/HwSVnOb4f + 7C/HD5bjB8sD9Jb78qMzbvflx05jQ0wAuGNQioVosrsVi6Z1vu290Ldm/mv59s2vr+NXFLQq+fu+ + 8jGPkX9aCjpFJcTgUMyLgPZ6TeK+R/UyW/1O9wJbZ9X3/eAtAbdxVNUq2p2jIxRo/1S1YHTHnxkx + OYFDntUjDx+Nda592rHko+pD8B3/WlskKXZEtqsF/q0B1GPLH2ZlHgnEVyJ8brUtXBRnsRQM7Pza + mXi6JAQ+GrfdFsEnTa8N4qwdThaxBKkABT/sdMAVrhhjJERFCJk1jOfXYwLZgn0phZTrOI44joWN + Yz6DyMPLOOHuWUzDgrIIG0m6nYJnFKC9RpFRuwyloCynG9zdfhMunhHnocTqUR5esQGgSeUsJWZF + gco0EOdcEJgzFbdZpRKRjEQa4iLB5ANbxdGU0OrBqpP4lwCvvsIuIcyez5M4Uq/7DMmpDE4E8EHO + MjF3Z+mjwaYyleEVigXz8JYseQrskzeJ2c4gI2kWQjnOwAEc42UwSjurq0MpBdKSjYF5uDbm4PZY + 16LDvMvaEBqkclGUeYrgxpMsk4LRdWzAvLVGBAzgzg6uFBn8ib+TLI0Q86N0PB6PUr6NFXRPJzgZ + +M0DDYjff8a58HZ37jo9hJb+36jmRnrmgMBpjZrHQvUUmMPxSKXAcA1oPDz7eHbyhfboeEi7N2VW + vB/hRy/e9vUIknCd2G+PkJfv+KgyS0QAFu8h+iPcrAKRLho/2BqQYaik7bbWHisDtFEKQA92NMkT + ed5kBBs04Myhe6xszoS1Jmz4Q8OAQ99soNB5NikRL8Sp5o5XL1X6tToOTrihkkOyqZZbpZVqbiUr + 9dyRPKrojuRRTXckj6q6I3lU161kpbI7knptB06f1EuSSQVS38w0IBlUsJ4DF2NkMOGNXLgYIwOK + EVVwMUYWFEdS9bwKlZqIQbKo1CQMkkWlJmGQLCo1CYNkUXEkGiSLSk2iQXKCCXhNEUkcki1N8/qr + hZ5vJX3+QHfCt+OI8wCBWV4i/U0POI/VHc60AN9eWjrBXXDXp6/qFs8FyBT7yiWomAkkeeAq7W9S + 0t5aq3OwSUe7ca3O4SYd7eC1Ot1NOtojVoc8uuAOpLqT7XAqCJra401VdrWLudWEicxorgM4ICYS + dtPepk2VS5/e1AQEutTKBsZ3H2bzMCrYbxcZxeoLIQQW8URMlm0eEz+DFeUC1Vy+pM8b1XnG92im + KV44mcVpg7zGnxloSJH1LfVYS2jfyKyTwG7Be57Mdrcks10ms93/gcxue+N1A/flZPYvAAAA//8i + rTFrONqYHU6NWQAAAAD//+yaX2uDMBTFv8ugj3EmGrUPpStsg731uW9pYjcY/sEo/fq710Rn3NLB + HoYwoQ+l3iS3CTk95fxWM7uaWcecOZrumDNH1R1z5ui6Y84cZXfM2VTbVzM77NdqZlczuwwzS8eh + P5jZr8E69QXrNJ5mpW0j5Hsf5CNYMC/lnjlC74MxrB6+k6/QF16HPsAiHAELJwieh4WibYV8w9jM + BIu6KwqBqefdt0EebhyiC1Xzy1wUvcZeSIlwxIva8YuII0XPWRzyM3SdplvKWILrjEWwwo2yHE/1 + oBSsoaHyswcUFuRmHqqr0DXaWpz0JvHUH0IevDamDH7ui4G64ZTROKdhHjG1TWQkeUplxpUKRXKh + ebZXu36WTXTYsGd4mXGkEKWNJQkxH+mg0+QKO0JYAC2qwEgbbhmphdC4YzC+t95wieDt45EkQV1i + /3N6avkdz/Gr5Xc8x7eW3jEIkTJskyUJpv8nj5ZGxPuEOZchkIyYnaoSy5+6pqrz+xPoj0TMxl48 + hAjh6XiTcR2LTloIobEyu0rB3x/6P5WCDwAAAP//orOLR4sCnEUBvFUBdGI6JMdVg9YfQ9kGQHPz + SxKhq6fR2ya4Fisa4FqsaABfrIguAW+eAbvKmUX5eZCmDEQopRS6TB7CJcalZcAWLbmL1DCWhEIM + gxsKtCkjsTgsH7xcDrYKFZiEIE6uhjGhpSvZDgBvKdCHmaujlJtYEQQZU0HxLHihW1GJYwnE46AF + t6DFcCCvw8VRNRuh6IZqALu2trYWAAAA//8DAH9EYyeVMQAA + headers: + Atl-Traceid: + - 670390168f814553 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:55 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8cb83fc2-c5b6-4b54-b691-cf7267fb564b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '273' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9c89a84e-5f97-4021-91ba-32443e5f6405 - x-envoy-upstream-service-time: - - '142' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1994,61 +1834,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2iZLbqIHFVmFdk8iMkmnWEmTpU2FZdn/boqLH7fhneeZ - lzkxgzPtJ8c0e4/xMOvNpqOebOzCRygwOpznAX3hKbKMfdI0D8EnmAPwAgrIm931c3P31P5ud8to - 0sT0ywplkMFrxjo6uHAcycf2eKB04MaFpUuSWQbXfStMr0KtLuEtxhUUIHgOVS5UyysNXJdVAQBX - IACSP9OUetth/MduWy50WetaFlzIH9aO974PCVRiq2TdG7QllUgSbC+VNJ1BBb0FwKpSylD5pyC6 - teFhmJCt7/S4uPgYLK7xibnLxMi/7Rt2Pn8BAAD//wMAiR1D/1oBAAA= - headers: - ATL-TraceId: - - 73dadde873bcb1de - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEpGJa1IJfgP2w0Po/UJ5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w2M/K1jfsWpx8cl3ao1P4C4TmPFtv4Pz+QsAAP//AwB9thLoWgEAAA== + headers: + Atl-Traceid: + - 5b092e34bb97a039 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - df213387-e18c-4fb2-9122-09ecb1170585 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '115' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - aa301128-aa3d-4aab-b807-508635b448dc - x-envoy-upstream-service-time: - - '41' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2058,110 +1904,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - cf47dcf0baca8fae - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDcIGHU6HQomoaWU2k7ygTDMIa2lC9KdencydoH/3l3J + soOJM4FOM/4g6e72/dnn1ncOzCouUyd2NMgUNKTHAorUuJKXYFyT5FByV1WguRVKGhdSYUuw3E1y + LjMoVOZOQRvcg3QIlQYD0i7OJrWxqpyQwqswCMLA0/B3DcaO5xWca55YkYDjOoLsh+Hefh8/DBQT + /MytrUzs+ylMILGp+qg8bgtujODSk2B9tGR9Xgk/8oUxNfidghuYo/zZeDAa98Kd3QCXGheME985 + Bn2rTcItZErP2xhS/EKJKIiiXtDvhfvjIIijMA72vXB7/8cgCkhHY8Si442aFzpJ8j6mIoiWYS8+ + UjCJFhUlDlcPmCl5UbgsFcYKmVhWCUiAqQm7VfrGI+lEybe6eKYXtRRULl5c8Sm3XPtTAbd+49bK + wcVWGGyH/V+M+Ad+LrHsdYlWCRZocszNDdWqvrb0Fk94YcB1WsETjKuRdZ1cIHB0ks9PYQroa/Dg + OlYgsipEiRPLGmN01mCyHWzaCLuNSquPGOoLK7GQburQVLarA318gp5VuG+lsBYVGGdpmyD8e3PW + qIm95ZqAbERZFQIdTtdSgoVq4LfTn+30n+nuF0rWRbIs2E6wh25EO7No5/+10sKiASkaDHdn4e63 + MDjrLG5Hs+3oW1hcIP/h4Skcow6OEzF713IgFvniEoueZRoypJUnWEd3VFG3Xf5ZkEd7mzb6mzb2 + nypvKa1dJcJo2NuJe6HrYHLsOwycMLo4wC3SfEuPz++mlnxXdOu36jT1SvN6qGqKPyQKfU8LQmZO + bHUNDwtWJW1aJG1W7p6skWd41OSqLtIjYaqCzxf9RVXRgMFSCz8l8L639yroCHw9bZtoJlrSzPrG + suDrG9srYhJKCzt/YS47cb+5Hr6e4EXJMzA+SZhOicCFXGS5Z6bZisne4EpHeZHzQHC4BuImgu36 + fb27Id5wE0bDPgWeczOoRHIq5M0x7RxBRbOFTLqqNbW8bfaWK1LJAY4W/LqAIXDTIkEv3pzz07ev + T86uTk8OB2ejwdVgOPxziGFgcxmMHA+Mc2DnSMLSMrLLhGFKFnOGDS0KUsqsYr8Jzdm5hhI7mtUG + Mep9rrFDbCgnuBdB0C+nsbPWzpjbTEheYNUw7as2o731tcVktEhvg+sCvetYAguYSVieritq269A + cjvEvBBjrfDy8ns8dzwPditY/cqTGxwFO2R1yltbh4tp6z853I1sbWugkai7qyXcUnerQumz1pvr + ooZeppElVgOLYkeqLbYqKxxWpV1U4Us1fZycD/LT3wHLtKorGsmOhUyR1AxD5LNrAMmq2uSQNpg7 + GR7Q8xqYkFMyQEBKGQ7dDO8NSGNSlkcee03qPsit5rkVs4ulWiFjNsGM5HHgbXvBPWUPk1eohBe5 + MjbuB/3An7THrxq3/DC6RDl2MYKkJkphb9Rtz6rPy14yn12ExrK/aq4taDaQGfZViVn6gsDZ+R/s + oMamZaOEyw0H22Td37MRToCNI/h++G7QPN63j64i9LG4SOl1LCz2LYk2CMA3VMSIwdg9u0AdvQip + qBfuhuF+Y50QJaepJ3Fo9jI19ad1IRFjFjnAf3z+klTsBG0uSS65Ba8UVoOndOZjI3ICp8DBjxrY + x6NebsuC5JpS4LMpBukZQlYXHLM2o/8/jftHIAUvCBwj0FP8m8N67PtjEnTZd4X9CYVfedEPG5KG + Sg/w6puCS/loBkp2T3nc6rIYbzWJoDW2dVQDO0JU4eIIKuuxcM9lxCHsMWS7Xx56S8x++BcAAP// + 7FltT9swEP4rERITVCRN0qYtnRCrxJD4wISYxgf2BWOnNFNTV3kpkxj/fc/ZjkkDYVuHEB+QUEly + 58vZ9/bche573stvovLHbjgawgs6RyrUEYU/pENJEMr+cZ2zg5/dp7b9/KadDlwLhO/4525kZbwT + DqNE/J+frZ9856ssM5zjcTKPEeKxPusPN8VH5VQ1xqOH1NNBirCvlchJJqS9RHaZWCU50heKfRQO + kJWmdMpwl6r0kPWulPArB/XRIVXRk5mKmBmjG0XI6MIaPTdGv51RRmOQt7hxgGY56CitPGNTehMV + UqSaZVl4OPmLB/mnUpTz2KSudVIFl8c1PwLHmYKOoiKDipM5sOSaAHDOsBoP4ZMqEMfNw9yrPcgB + QFoI2Sp2qcQk/DGjpk7ZiopizUqUucb0Q86F2wnnkDdG2r+eJ9xY8DRRud4Y8Jsq7nTmxjJ6V47M + nDkImWctf5IuGS9ozRfpJOrGQX+ySkQs1nzpHBEFxINX/4uHmKVLSYmeHHyHiTRZ7Do7u79SOHAh + x3Dax3g5aMPLQb+NENWxUZEBIyjoT2C+wepb1ibBYtBqT22MbZjUt33TGoxrlnpWFIzPqOI9iYV9 + 22TlZZoyAjNbbfWZzo6aEpltiHgoog4Z59Q4nYiDaMr6PRFcj/p+dA1dhsP9IAzVYMsy4Q3PsMVk + 2IkQ5PXgfNDBNY3vJ3nL8iUlRRL67MhC2SH2AK8Umwc8VbXNURAG/Tjw414o9ge8x6NhwEeRED4b + TIN4dCgOlJTt3mQ7PMafXuembGHQhuvqR7lX5u4tTsQNPagoPB1ZdGTukrGcTgzrVeJG/4DLozN3 + 4C0XpH9z/PH2NW7OT96+xs35y1vXGClH6MmB6RHqcOTMjBMpngh16emETluXQKZg/1xmchl3L5GC + ODXQJvBoCgiqjWR6jxmKmvYiM5n2PRW8vtHfU8FraPyeClpTgUUcUPFGR9wdfUAw1z7kyoKZ7yJN + xNE2hvTbxpC+HUM2CRahxYtVksmFhjlmxlGaD2D69m80Xcni5cbFWpgVijfNWH4h1SDMznhlqlW+ + qy5Ndt1YAfWxsFvJ3dtK2c/zOC/nJLi2WTXCyopJoTdOo3Qac9HW7fP1xeHaarNAaXt/f/8bAAD/ + /wMAO3tnWm8dAAA= + headers: + Atl-Traceid: + - 14e5610a1ba1c13b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 022ecd82-8870-4f85-a9dc-21685bfc3029 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '267' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1aad2b83-1832-44ad-9e28-34aae2425380 - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2171,109 +2009,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/ihOAO0+Fo2nLX47iQth8owyi24qjYkkeSk9DS/367 - so2BEobSMIOllfb92dV+c9impCJ1YkcxkTLF0jec5anuCVow3dPJkhW0J0umqOFS6B5LuSmYob1k - SUXGcpn1VkxpOGPplJWKaSZMfdfpORwlB0Hgh7DRLF/AdmlMqWPPS9mCJSaVX6RLTU615lS4ghkP - ZBiPltwLPa51xbxWwCW7Av7j2eR01t8LBkBZWGOd+JujQWmlE2pYJtVVbVwKO2AI/TDo+1E/HM+C - MB4M42jPHQxHf/ih76ONqMNclcyKeaaNyO8Fvm/trL1uNinTieIlRgSoB0QXNM97JOXacJEYUnKW - MCIXZC3VpYvciRQfVP4UKzRLKsW8FWdruqKGqleaf2X7BSSpKnZq0lG6H/iDYNxsZ2Dofudyz8FE - g64Z1ZeYo2pucBUvaK5Zz2llOLEV8r3nGA7AKCHJTiwq8MQplfwC5j0zeg23jZ3NRhs73NxKeGfp - B8GNAQGIr4Ybnfrb3tVyYdZUoWOaF2XOASHpPW8guBYy0XgTjZ9ibhPmRlkT6ZJjYOF3O86Rvwua - w2gTRs8WbFNoUbKjm+8juoLRJhj9mq5Nq6xZPKJtEG4G4a9pa8Cp28VWbd+/Y31vPtbdBTJ2dg4Z - zDLFMqjrH2AImJJ5VZdZTUkqbWRhW8QFaAh3tx2Mf5RRt46aioVp258T94OmXyCCFU9qdd9+oCG+ - wHy9lFWevua6zOlVg0IgQ6DMR6hZRGajghrotHUj+/kaqrvkTV/0amkKC8QuD2WFcbK2f0ICF5kT - G1WhMYli4CtW3UN9EvLS9sn7UfO3hTPYdhBuOxh0vYRLxc3VMwPRsnu2Cz+9j/KCZkx7yKFbIRwI - S54tXb3KuubzDihtlwodm8s5w3aC4LznFtblg/4G25AYjNHxJdWTkifvubi0j/FrVuLbLJIWQhZY - a3t2QxFSTOBppvOcTRnVNSxVs3JO3n94e3R88f7ocHJ8OrmYTKf/TsENKCENnsOF2ZKRE+ibwhDU - S7gmUuRXBGqS5yiUGEn+4oqSE8UKqFtSaUCYa6v0vhd7INC/5r4fLb7GTv1kQJIgyl1R3SlkiHfG - Bc3vX2omiya8FuY5WNf2AkhgJtjN7arEqn0CkutZ4ZkYq5lv3qu7z/vPwa6D1Z80uYRRqkVWK7zW - ddgMNb9kcDsZ1aUBSsL2eRVsjdUtc6mOa2vmecX6mYKW1Y0HkryWdbJlUcKwJ0yThcfydzc4n8Xt - vwOSKVmVOPm84SKFlqQJIJ/MGROkrPSSpRZzR9MD/M4Z4WKFChA0KYGhlcDrwNIYhS1Dl7xFcZ/F - C/t9EZOzG7FcxKTM4qEbuP41hg4il8uE5kupTTz2x763qO9eWJu8MNw7By5ydorPGDQU8k6u+0Y+ - zHxOPHIWaEP+q6gyTJGJyKCqCojRIwzHJ/+QgwpKlpwmVGy5WIfq+pqcMqgFNATWhx8n9vOp/rT5 - wE3zWOJyxg1ULbLa/MMKBBHsX+SanIGMfgiV2g9G/ji02hFPyYq5BTeKuVJlXpLx/pwLpCIMXNi/ - wsX+Xe5zFLgXdULWt4VATVLEKYexDWvZ24vcpSly5Coz+GfTgiJC+E1ZIQ0Dp1JGJhuIPvKQPvnt - JOuRndy8JKEbBG5IyE5mXu6TgesDsz0YuCM3Iu1B1B1E7tDdbenDjj50QVZLH3V0XA47OlrX0AN3 - 1NHDjh7evj/o6AN30NGjjh51Dux2enF5i36jF5fh71sQAoE7gJFjxXqYfDvukocyvbst0/8DAAD/ - /+xY207bQBD9lZGQkJMGR0kKbYPyQIEHpBZVhdKHplKMvUncOrbxJVBR/r1ndtfLOpcWUFr1AYKS - 2LOzOz4ze+ZsHpRp7b2pTD9neTNZBtu9zbzYn7bPvUm/SacgAnW3DKPg5Mi+BZ5Aqphip9bt6jXt - uIaG5XXPfd6QT0lV1Una3dd7PfB380i2aHTPbwmxeAH4f3Ykh98bcK+IH268ozmRn49x8QUfO4/f - iux/ofw32QHuC+mijGKRScVoOhN3X5SM3P73I4GMUQdNdPEqghilJo+PeGo3TNpeMA9zKAzo8d1u - F8JhzIBiA1TqkCXEKJ2MCMqr8NC2PcpU1fpctcJU7VzHFkbcSYupV1DiY6GcrqcQHQU0sHZk/C69 - XFCS0RVOdj8IZ02f912O2f3MG3MA0EzlLCaJDPEjQUVngiCjqbhOKhefch/o4VTBSgRLhf6UsBMh - saPwu4DIHmMVD2GnaRT68rczrXiqgCMBfLBDWaXbo9SjIaYyzr0xyIFF+U5e8hDEl19FejmNTE44 - 4Id+mEAPWMHn7jDuLs8OpxhI5xwMwsMZMoPQx7wGHRZhJgZPI5WJosxiVDK+5WVUMLpWDBi3MgiX - AdzawvkiQT7xf5jEvkiLYTwajYYxH80KuqVDPBm0zh0NMP1VGWbC2d7qvdlPJ/KjUY301bgBQd5q - J4eN8purH43vVA4M1oBGZ8fvjg/PqUMHZ7R9VSbF/hB/cu52U91oUXeFtdkeDmN6wY+ZJ5FwIeed - NEt8HLFcEc8bXzkWqGJ4xO22ch7J5VVIEjwHUbTIEVnWYvQaNGDyoVvMrJ8IcwUc9l1DA0PWjnuf - BCVqBdutfr/6DaVfY2xowzWcDcs61jZOS7xtLEvMbVkWuNuyLLC3ZVngb8uywODGssThlqXO4sDp - g/y1JKhA6uuRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwMkkGl - ZmGQDCqWRYFkUKlZFEhWMQGvKSqJS1Jzej+d7KDUZ2Eu2EtWH3cpfkOPwtWBz/sAhVleYutL9n8f - yqOcJv+mObp03Rv3pk+f5GGeqUfTfJUQcGUES+baTr11TipXK31ervNRSVzps7vOR6V3pc/eOh+V - D+NDDlQZj+C+ZHqbLIGWyndLEq5KMDcZL8oTSlX5usRqwSz6at2iMqG/X1SXA/rT0gJY4mSWen7B - OTtNKJQXhOTPw0AEcsBZIVLZMzKB+0HpCzVY69CP0EOZALXnj2n60jFN+HjN4sXxglkYN8hp/Jx5 - YVQkfSNBVirZZxVr7Web/x6gYjtPVbEdqWI7/0LFbuZ0W5XQX1exnf9Ixf4CAAD//xptxY7gViwA - AAD//+xaTWuDQBD9L4UcV931M4eQBtpCbznnttk1KRSj+EH+fmfc1TqmptBC8CB4EHdmdxzd55P3 - bkYXFjukZQS5CSsj2E1YGUFvwsoIfhNWRhCcsDKC4YSVDVF8YbFdvxYW2+UsLLZ9HebDYrlN/IXF - 3irtfEpp50E3gCJcXUr12Sr7aD0Yh4YTc3iTA1Pqtder192tTgX2vgoi9o5FwnHWus+qa6k+UEYz - SmPVZJlEGfTpR2UPG4dehrz8o1CKtGMrlUK3xLvehCcZ+Jofk8ALj1BYHK+5EBGu0wfBCnfCUnyq - O61hjQoiv2tAnEFfzHN+lVWBHBUnvWtOMoYa51yaMPj2Z645dUMueJByL/WFXkfKV2HMVRJq7cno - xNNkqzftLCt/txJvcJg8lsmLlSkZM5cqp6nYFTrChINvvWOQDlvGCikr7Bjkt3wcdhWcvuxZ5BQX - rH/sepp/xWPv1PwrHvuv5l4xAJE27idrLRj+R+6tcRD3E2pbxpJkwOwAQAvhr02ZF6l7AJhR6Lux - Gw/9fjDa72RcxzoXrSuhtDC7QMHjH/oCBY+o+L9Q8AUAAP//oreL6VgUwJsbQCemQ3JcNWipMJRt - ADQ3vyQxB8jCbCgZABtbStW1SpgSuJY1GuBa1mgAX9aILgFvtwG71JlF+XmQNg5EKKUUum4dwiXG - C2XAti+5y9nQ145CzIKbCbQoI7E4LB+8rg62fhWYtCAuroYxoaUu2faDV/jrw8zVUcpNrAiCDLug - +BW8Iq6oxLEE4m/QwlzQqjmQz+HiqJqNUHRDNYBdW1tbCwAAAP//AwDf/Shx/jAAAA== - headers: - ATL-TraceId: - - efc72a08054278ef - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8IWMVoYwSFc4HSGDTz2HwbsEE0RSYIH5fnf9vL97an+3u2Xs + 0gTiZYUyzPA1A6Un64+jdrE9TjoduLF+UUnqlsGqbwVEEijWl/BWxhWkSGmOTU54i41ALmhdIOJV + IjH5Qc+ptx3Gf+y2RRSUCMKKbVn/sP1474xPIKsIN6UxpuQNpQzLBrGqJWWkl6hYz3mlsWR/C6Jd + Gx6GWcL6jpGLjY++l2t8AnuZQLu3wx7O5y8AAAD//wMAnrQmdFoBAAA= + headers: + Atl-Traceid: + - 618df16634e11ae5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d9cf63de-0786-4ff1-a03c-9565528f6dde X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cd572f9e-81a1-41f9-ba60-9b8dcb1c0189 - x-envoy-upstream-service-time: - - '129' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2283,61 +2079,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0jYlN9GDiqxCuycRSZoJVtKmtKmwLPvfTXDx4za88zzz - Miei1YqHxRFJ3kOYV7nbGbTYB+M/fKGCU+s6qKmYMJCMfOKyDn6KMAWgBRSQt/vr5/buqfvd7rdR - x4nIlwRlkMFrRgzOzh9HnEJ3nDEeuHF+M1HS2+DMt0JkEipxCW9VSCADRnMocyY6WkqgkpcFAFwB - A4j+ikvs7YbxH9t0lEleyaouat78sP14P1kfQcEaUVdWq54jV1hDb2tRa6OVANsDqLIUQiP/UxBc - angYFkXSO1ZtLjz6XqX4RNxlIji9HVpyPn8BAAD//wMA/qYbJVoBAAA= - headers: - ATL-TraceId: - - d504ab0c34386623 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dNpUIkHKVmR2Mh3XVhK3ruvKSvLgeDwwuSJRgwALgDoa+793 + wUOKD2Vidxr7gbj2wO63H1afPFiWTKZe7GmQKWhIX3MQqelJVoDpmSSHgvVUCZpZrqTpQcptAZb1 + kpzJDITKenPQBvcgnUCpwYC07dmkMlYVM6fwMqQ0pL6Gvyswdroq4VSzxPIEvJ7Hnf0wfLk3xIkB + McNpbm1p4iBIYQaJTdVfymdWMGM4k74EG6AlG7CSB1HAjakg6BRcwwrlT6bjs2k/3Nkd4VLtgvHi + T55B3yqTMAuZ0qvmDinOUCKiUdSno364N6U0jsKYDvzd4e6PNKLUOemMWHS8VvNMJ518gKGg0fra + 7SQFk2heusDh6j4xBROiR1JuLJeJJSWHBIiakYXS176TTpR8p8UTvagkd+li4pLNmWU6mHNYBLVb + GwfbrZAOwtHPhv8DrwpMe1WgVQcLNDll5trlqrqybhTPmDDQ8xrBI7xXLdvzco7A0Um+OoY5oK/0 + tudZjsgqESVeLCu8o3cPJgO6bSPsNkqt/sKrPjMTrXSdhzqzXR7c5DP0bK77TnJrUYHx1rYdhH+r + zxo1swumHZANL0rB0eH0XkgwUTX8dkbLndET3f1CyrqbrBO2Q1+iG9HOMtr5f600sKhBigbD4TIc + fguDy87iIFoOom9hsUX+7e1DOEYdHGd8+b7hQEzy+QUmPcs0ZEgrD7CO7ihRNVX+KMijl9s2Rts2 + 9h4qbyitWXWEUbO3F/dDnDKLpN6Q4dNrp6HaDbkGjTrtKqMeHqjK3TZ0hPnBLXCZebHVFdy2HOq0 + aZ40Mfj0YM15hkdNriqRHnJTCrZqqwmX0S37HtPmKqyNhga8rCvhxwg83KMdgd8P2zaaidY0c39j + nfBSc6W5XT0ziJ14UL8CX8/jvGAZmMBJmE4Jx4WcZ7lv5tmGsN7iSsdskfcQu9Ggu4pgV+C4ycH2 + /ns93BKIcBtGw5GLSM7MuOTJMZfXr93OIZSut5BJl8c6u4t6b70ilRxja8GuBEyAmQYbuh15p8fv + 3hydXB4fHYxPzsaX48nkjwneD4vLYEjwwDQHcookLC1xdgk3REmxIljQXDilxCryK9eMnGoosKJJ + ZRC1/mOFHWJBefSGUzoqZrHXvFiYPQz/pqrulDgmIuOSifuH2s6oDW+NdIHedSyBmc0krE9XpSvb + r0By08Q8E3yN8Prxu9t3PA2PG7z9wpJrbAU7yHXKG1sHbbf1nxzuWramZtBI1L3VEhauupVQ+qTx + 5kpU0M808samYVHkUDXJVkWJzaq0bRa+lL+7wfkoP//fJ5lWVelastdcpkhzhiDyyRWAJGVlckhr + zB1N9t33CgiXc2fAgSYl2HQTfDcgjZ2yPPLJG6fuo3xRf1/E5HytlsuYSLy95cwqHVN/1x/cuBBi + BIVKmMiVsfGIjmgwa2Qua98wyRcoTM7PIKkc4ZC3atG36nHZCxKQ89BY8mfFtAVNxjLD4iowVF8Q + ODn9nexXWLnkLGFyy8EmYjc35AzbwNoRHB+8H9efD82nS4ubtK+pG065xeJ1ojUMcISKiOM3ckPO + UUc/woLtY78ZhbV1Bys5T32JnbOfqXkwr4REoFkkguDu+QunYkDpWi5ZgF9wq8FXOguwGplDKMfu + z1VxgEf93BbCyW3ygZM6I05ZhH8TyCrBMHxL92uovschSM6Eg8oZ6Dn+6CF98v3JWkOPfCfsT69Q + zdCnP2yJIarfxwdyDj0XnrrJJI/FYoh32x3sfXUs/gUAAP//7FnbbtpAEP2VVaVUgGKDjW0IVZQi + 0UiRmgo1ah/SFxbvAq4AW76Ql3x8z6zX5hIuLVEQlSIQ2N6Z3dm5nNkZa3qlC+fvdeEc1MVp9YDA + KZyrU1M6oWes1ssk6yHi8PBBRqnJrNYlI3xl6+FcfCaWWcazum+ab2nWImDrdttFmNR6ChCBVb9D + RqkCYh/kYxX8VLcpYP/2WQ2xh4Ff+DOOCgOsCS9SU7wuENdtUHsIsxjavA2mEkAoc41/HKefuO9j + F+py6XQrjL0lYNcArKUYIZBcY6AZhHUuFkEC0JeUB1vA8hFpHY5UJGyy6WC5woDhaMFIfpSz+jAR + a3/Q0pE/iNIfEu0PPE2RGZNL9jQJ/AnDGXc8BrJmgDoWcaw1HzPOUCH4YMRxxY/5iOQYdNVGja98 + Ps4AwgM2kVyAc8GR28x8t+znUqD7UGRTuZom1seL+qSz6pMg6avjuyjGMTwuhq31GUA5ATsewstV + kHcOG4bQvUM/5F+4pW0lmCXKhtPA10a7D1RS1Db7oU5BpGFtjFwYBnCZYiDWmwff3Szifko830IW + qBuGQm4RCCnW3Ok7ggpHQyz9L06hWaOQkiH5eIWLWTCvskr1eQYfTsNO6bdbUePNEcM5EjEcQgzn + tYhxVLJ4gRjHpqtVA58aMbx3xDgBYjj/F2J4JesBxHjZirB2tSIspxigKiWN4RmqnUINkk1Sd8cc + jZ0DZXlf7GkX4a5yv1G2pJTXTqhU2NIA26yqNmcp+1dJNptxqhM/7C19SIHU9AnjIytKKv1v4H/U + qroT1+6IO01hDdtOwx1CoFbryrJtjwrYkggr7CGTZN2uEOTboFzKYOjG4ufwiScRgSNNurclrIwh + TZSvisxEvVq0JV3LthxpNWTTFlee3/TdluW3XSEa3BtZsn0jrtUsF83uhX2Lb85nzPhcF3KGkT9K + zCwxnqARwzYhojDz8CKVGRHnCWkM/ArA+TTBZa9veGY0J/k328vnL/Fmf/r8Jd7sb5+7xAAkkfdq + dQ9m9VjS169rKJ6ocsv7wTmoPaLoB/mXLA4jWX8EDvnUudSBR29ZMFpGMq2jXzrp9k2s4fYdCo40 + +h8AAAD//6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwJsZQCemQ3JcNWiCFso2AJqbX5IInXdGb3bg + muYxgE/zoEvAJ03QJeDNtNS8ssyi/DxIQwg6hlwKXWAA4RLl0vxciAnVMCa0sCOjgENaG6EPM1dH + KTexIii1uDQHZDCS3eAR+6ISxxKIO8ryS6g3UQgxDG4o0K6MxOKwfPCEB2x2DzRVCZpGAFkJdwiq + a41QnAvVAA6e2tpaAAAAAP//AwAk/EQJzyIAAA== + headers: + Atl-Traceid: + - 8eb6df7ef8afd515 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5995da19-58f1-4ca9-854c-2c788a183db3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '279' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 92333b4a-994f-46d8-95e9-71c89d181b44 - x-envoy-upstream-service-time: - - '36' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2347,110 +2186,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 27b65907b7c98375 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8WF1dvwzvPM + y5ygk0EfZgsCPmOcgthslDa6j8p/eSKjlSEM0hGnI2TwrecweJdgikgJEsz3u9vX/cNLe93ulrFL + E4i3Fcoww/cMlJ6sP47axfY46XTgzvpFJalbBqt+FRBJYFhdwnsZV5AhYzk2OeUtNgK5YBVBxJtE + YvKDnlNvO4z/2G2LKBgVlJNteWX78dEZn8C6pNwUxpiCN4zVWDSIZSVZTXuJqu45LzUW9d+CaNeG + p2GWsL5j5GLjs+/lGp/AXibQ7uOwh/P5BwAA//8DAH5MlX9aAQAA + headers: + Atl-Traceid: + - 43935fe367636a1d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 53acf194-879a-460d-9ae0-712312e3d9ce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - db2d77d8-29bd-420f-8f69-debd613fff9d - x-envoy-upstream-service-time: - - '61' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2460,96 +2256,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhTSll6P4yBtP1CGEfbGVnEkjyQn4Ur/++3K - Nm9tOEoPZrC09r49++xKfPVgWXGZeYmnQWagIXstoMxMT/IZmJ5JC5jxnqpAcyuUND3IhJ2B5b20 - 4DKHUuW9OWiD7yA7gkqDAWmbb72eJ8hyFEXhADcGyiluC2srkwRBBlNIbaa+KJ/bkhsjuPQl2ABt - 2IBXIogDYUwNQWfgAi5R/2AyPp70t6IhSqYuWC/56hl0WpuUW8iVvmyCy3CHCnEYR/1w2I9HkyhO - BuvJeuhvrW/+FsZhSDGSD3tZgTPzxBhJP4jCMIyvs243GZhUi4oQQekOMzNelj2WCWOFTC2rBKTA - 1JQtlL7wSTtV8oMuHxOFgbTWEMwFLPicW65fGvEPbM+wSPXsWSPaz7YRvWjUbicY6PZNyj2PCo2+ - JtxcUI3qc0urZMpLAz2vs+Elzsi3nmcFEqPCInuJrDETr9LqC4b3RPRabYedq0aHHW1uFfwm0g9S - WIsGiF+tNiX1h/vWqKldcE2JGTGrSoEMye5lg+A6ygxHy+HoMeG2MLfOWqQrQcDiz22ch+Emeo6H - y3j4ZMOuhI4lz0z7fMBXtLGMNn7N17Jz1i4e8DaIl4P417y15DTdYqW3b9+ov5cfm+mCFTs5xQrm - uYYc+/o7GiKnVFk3bdZI0tpYNXMj4gw9xJurXoy+t9GMjkZKjenGn5f0I9xyi1OxGTo/z/dmol3P - sKCxponMbrmrasoporn0iQRC5l5idQ0IB9q0H7HZidJNbM4cmdcibXL/+p2MQkVlU6i6zPaEqUp+ - 2bYEilMNmCt13Y/m5MZovZuT91ELV8EZrXoRr3oxuJklQmlhL58IbqceuCn8+DkqZjwHE5CG6YwI - FBQiL3wzz2+Gz1uUdFMq9lxJzoHGCZHzXlrUlz/MN1rFxGhEiRfcjCuRvhfywh3Ge1DR2SzTrmqu - lgv37loilRzj0czPSzgCbhom6HblHb7/8Gb/4Oz9/u744Hh8Nj46+usI08AWMpg5fjApgB3i3JSW - kV8mDFOyvGTYk6Iko8wq9k5ozg41zLBvWW2Qtb7r0vtZbKHB8EqE4TDfTLzmyMAiIco3TXWnkRHv - XEhe3v+ovVm08DpelxhdNwuwgLmE66/rirr2EUxu7gpP5FijfH1e3T3ef452N7R6xdMLvEp1zOqM - N75220vNLwXc3Yya1kAncXe8SlhQd6tS6YMmmvOyhn6ucUrcXA8U21NNsdWswsuetG0VHqrfXXA+ - y9u/OyzXqq7o5vNayAzHnGHIfHYOIFlVmwIyx7n9ox16ngMTck4OiDQZw0srw9MBsoSMFbHP3pC5 - z3LNPdcSdnJtVsiETRGRIgn9gR9eEXoIXqlSXhbK2GQUjsJg2nx+5sIK4kF4iors5JhOMpwp7K1a - 9K36sfIpC9hJZCz7u+bagmZjmWNjzRCmBxQODv9kOzV2LTtOuVzxYYPW1RU7BmwHCgTXux/H7vGp - eXQloU17XtJyIiw2Lqk6CuAKDTEaYeyKnaCNfoyzqB9tRNGW806USufgz4TV4CudB2ku+udCkpSY - 4OP+JS2272qfksFh2EDrrCxuW8G+5MRVgVc36ucAP/ULOytJz1UGn642ZOcI8rrkiOGS/p1wyeyB - FLwkrhyDngu8MPfZ89ek2GPPSvs7Kq/78YsVEKLRHTwJ59AjdNyVkF0RqmuvNJdpEUx4nqyxA8Sw - kdaizPb3bosQYkyHCFrcEne/ReRfk9jtB/7/n0ZH0CAebcRIi7U91/zYl18Uo7GIgf23IntOf1+g - esunfwEAAP//7Flta9swEP4rJjBoR+3YTpy2GaULrIN96Cgd66Dbh6qS0xpiy/itG13++56TZMVJ - 5rKVUvqhMDrbdzqdpNNzz11+YRiFBC3y2wlevuM/9zFnSRYutIWnDK3VNl/UiwyFKGUjG/LmZmMj - VfyslLE9FnzeAiRaJzIJVDJ32kvkkIkmKQFgSPdROAEuzWlXESFt8qHjulKTXDnIkE6z8gK4VJhT - jlenLOwpl+aU724J0xjsZTcOWCuHHMmVF2xOM1EqBdbkdeX9yJzOKk+lqBexWeK6qKXF007gQONM - 0UnRiiG9qd4dWXHHADRvMRof272bmjXQEDXjXucDynrRIyia2KUkk/BtRS2ds4bSov2MSSnW6A9F - Gl5nnMPeFMB/vUi4Or/TRGG9Ob6vKrnTjptz0WtyZOEsICg8NeZTmjNekf5n6STqxUEN0iQiFkrh - SxXnpT43fBc1j7WyuebnuFIgQfDlf0JGDcwlAT9F/w4TaZLtOju7v1Owp0pOEcPbBDroI9DBuBVQ - bq0KcANVBBCJ31SNemz4vQJLStsV9Sn2kVTflktrHG4z97OqYvyWMuBfybF/aP2o05QRuxn0JWza - O6pSZPFICkQX7JhxTrUV6stozsYjEVwfjP3oGr7s7x8GYTiheawSZnhALaaDnQlBlwCaKx9cU/G+ - l3eszAnnyOiDbQddKnvgW0rNA8Ea6sdhFITBOA78eBSKwwkf8Wg/4AeRED6bzIP44FgcKStvRrM3 - 4Uf80+PclGWGfbiu/lR6deneYUfc0KPA9/RFoy1zc8ZK2jGMV6COggKPH87ciZdn5P9mP+Ple7zZ - FXn5Hm92Vl66x8AioVsJpmjospEz0xKk+0S8SzcwNJ5dAmuhflIXMo+Hl4AgThW1uXjUyYPU3mSa - x/QkTb1RGKR9hYLnP/RXKHgOj1+hoBcKLOOAizf6xt3TjwDm2YddWbEFnra5kg++NbhfDrYFfQ1L - v69h6duG5abAUrc4a5JCZpr/mG5IbX6R0q//tASUncrCfftoUPARyNf5LW3Y2t0bpOzneVzWCzLc - mVv1nopqVmk/Glk9Wcdb27I2MRWq6gupOndtU5pa7tQPoxmtH+vOhmvemgFqd5bL5R8AAAD//wMA - 0uceMdgcAAA= - headers: - ATL-TraceId: - - 8eefa78ee5d1599c - Connection: - - keep-alive + H4sIAAAAAAAAA7xW60/cRhD/V1b+EFXpnV/34HAUVZRcElpKKZDkA0FosefsDfauu7u+R4H/vTP2 + +ZwcIQpUDSdhe2bn/ZvZuXFgWXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7Q3B22QB8kJlBoMSLs+G1fGqmJGCi8D3w98V8PfFRh7tirhWPPYihicniPIfhDs7O7gh4F8 + hp+ZtaWJPC+BGcQ2UZ+Uy23OjRFcuhKsh5asx0vhhZ4wpgKvVXANK5Q/OpuenvWD4WgXSbULxolu + HIO+VSbmFlKlV00MCX6hROiHYd+f9IPdM9+PwiDyx+5gJ/zZD32fnCQjFh2v1TzRSZL3MBV+uAl7 + /ZGAibUoKXFI3WOm4HneY4kwVsjYslJADEzN2ELpa5ekYyXf6fyRXlRSULl4fsnn3HLtzQUsvNqt + zsE1K/AHweQXI/6BlwWWvSrQKsECTZ5xc021qq4svUUznhvoOY3gAcZVy/acTCBwdJytDmEO6Kt/ + 13OsQGSViBInkhXG6GzBZOC3jFKrTxjRExO+lq7TXRewTTd9fAaSLqp3UliLCoyzsU1I/b0+a9TM + LrgmvBpRlLlAh5OtyLEeNcqGk+Vw8kh3v1GZNpJNXYY+AT0cLsPh/2ulqX6NRTQYjJfB+EcYXLYW + B+FyEP4Ii2uA393dh2PwEE7DljETy/fNDMTqn18gGtJUQ4pj5R7W0U+VV02Xf1VruPMQY/IQY/e+ + 8makNVQaGPX0dqJ+0HMwa/Y9ZoTA2xyoG58SqEXceHZzj0awxtyYTFV58kqYMuerNfiRvOAWL4pm + wD6+UZvx3Q1sr1GnqQ3r131VUQYDcvUDEYRMncjqimzHGjBY6u37A3zk7u747QDfTttmzGwzHip4 + uCn4NmPQTSyhtLCrJ2aiFffq6+H7B7woeArGIwnTKhFIyESauWaediPuLVLaWRg6dwSHK6ChRbDd + vq/HD8QbPITRYEKBZ9xMSxEfCnn9mjivoKTdQsYtYmocLWrehiKVnOJqwa9yOAFuGhTq9ZtzfPju + zcHR5eHB/vTodHo5PTn58wTDwOYyGDkeOMuAHeN0lpaRXSYMUzJfMex0kZNSZhX7TWjOjjUU2Oqs + Mogw92sdH2BDOf6t8P1JISNnq50xt6mQPMeqYdq7NiPeNm29Ga3TW+M8R+/aKYEFTCVsTlclte13 + ILlZYp6IsUZ4cyt+uXc8DnYdrH7l8TWugi2yWuWNrf31tvWfHG5XtqY10EjYXuISFtTdKlf6qPHm + Kq+gn2qcUN3Cotgr1RRbFSUuq9Kuq/Ctmn6ZnI/y898eS7WqSlrJXguZ4EgyDJHPrgAkKyuTQVJj + 7uBkj55XwISckwECUsJw6WZ4b0ASkbIsdNkbUvdRPq+fzyN2vlErZMTKNBq5gevfUuowc7mKeZ4p + Y6OJP/G9WXP2svYJV+ELFGLnpxBXNE/YW7XoW/V12QvmsfPAWPZXxbUFzaYyxaYqMEXfEDg6/oPt + Vdix7DTm8oGDTaZub9kprn+1I/i+/35aPz40j7Yc9LG+Ren1TFhsWhKty49vqIjR+GK37Bx19ENs + 1H4w9idhbZ3gJOeJK3FjdlM19+ZVLhFgFgeA9+X5C1KxO9yIxQtwC2E1uEqnHjYhJ2AK3Aapeb3d + oZvZIiepMsV/dR1IRYh/J1AoCxhGAmy6xHyTDOuzn47THnuW2xcsdIPADRl7ltoXL9nA9VG4Zgzc + sTtkLWPYMYbuyN1p6aOOPnJRV0sfd3R6HXV08m5ND9xxRw87etid/xcAAP//7FhdT9swFP0rV0JC + adamokCLOvUBAQ+TBprWbS/rpIbU0GxpUuKkMDH++861HdehLYiOhz0AqKS+vvb1uV/HwSVnOb4f + 7C/HD5bjB8sD9Jb78qMzbvflx05jQ0wAuGNQioVosrsVi6Z1vu290Ldm/mv59s2vr+NXFLQq+fu+ + 8jGPkX9aCjpFJcTgUMyLgPZ6TeK+R/UyW/1O9wJbZ9X3/eAtAbdxVNUq2p2jIxRo/1S1YHTHnxkx + OYFDntUjDx+Nda592rHko+pD8B3/WlskKXZEtqsF/q0B1GPLH2ZlHgnEVyJ8brUtXBRnsRQM7Pza + mXi6JAQ+GrfdFsEnTa8N4qwdThaxBKkABT/sdMAVrhhjJERFCJk1jOfXYwLZgn0phZTrOI44joWN + Yz6DyMPLOOHuWUzDgrIIG0m6nYJnFKC9RpFRuwyloCynG9zdfhMunhHnocTqUR5esQGgSeUsJWZF + gco0EOdcEJgzFbdZpRKRjEQa4iLB5ANbxdGU0OrBqpP4lwCvvsIuIcyez5M4Uq/7DMmpDE4E8EHO + MjF3Z+mjwaYyleEVigXz8JYseQrskzeJ2c4gI2kWQjnOwAEc42UwSjurq0MpBdKSjYF5uDbm4PZY + 16LDvMvaEBqkclGUeYrgxpMsk4LRdWzAvLVGBAzgzg6uFBn8ib+TLI0Q86N0PB6PUr6NFXRPJzgZ + +M0DDYjff8a58HZ37jo9hJb+36jmRnrmgMBpjZrHQvUUmMPxSKXAcA1oPDz7eHbyhfboeEi7N2VW + vB/hRy/e9vUIknCd2G+PkJfv+KgyS0QAFu8h+iPcrAKRLho/2BqQYaik7bbWHisDtFEKQA92NMkT + ed5kBBs04Myhe6xszoS1Jmz4Q8OAQ99soNB5NikRL8Sp5o5XL1X6tToOTrihkkOyqZZbpZVqbiUr + 9dyRPKrojuRRTXckj6q6I3lU161kpbI7knptB06f1EuSSQVS38w0IBlUsJ4DF2NkMOGNXLgYIwOK + EVVwMUYWFEdS9bwKlZqIQbKo1CQMkkWlJmGQLCo1CYNkUXEkGiSLSk2iQXKCCXhNEUkcki1N8/qr + hZ5vJX3+QHfCt+OI8wCBWV4i/U0POI/VHc60AN9eWjrBXXDXp6/qFs8FyBT7yiWomAkkeeAq7W9S + 0t5aq3OwSUe7ca3O4SYd7eC1Ot1NOtojVoc8uuAOpLqT7XAqCJra401VdrWLudWEicxorgM4ICYS + dtPepk2VS5/e1AQEutTKBsZ3H2bzMCrYbxcZxeoLIQQW8URMlm0eEz+DFeUC1Vy+pM8b1XnG92im + KV44mcVpg7zGnxloSJH1LfVYS2jfyKyTwG7Be57Mdrcks10ms93/gcxue+N1A/flZPYvAAAA//8i + rTFrONqYHU6NWQAAAAD//+yay2rDMBBF/6WQpVxLfiWLkAbaQndZZ6dITgrFDyyb/H5nLFm13DiF + LoqhgixCNLYmY3Rzwz3ezHoz65gzR9Mdc+aoumPOHF13zJmj7I45G2u7N7PDvLyZ9WZ2GWaW2kt/ + MLPfg3U6F6zTeG4hGYeobcPFR5/wI3EwKQ1t6XRhLqwObVg9fNm5QgtYOHnvNBPkbcvFO6ZjN0Pz + 0NIYqisKjqnnw80gDweH6ELV/DIXRa+x40IgHPEmt8mZx5Gkp3UcJidoJMs2lLEU97FFsMOdshyf + 6l5K2ENB5VcPKCzIzTxVV65qtLV407vEUz/rPLg0ugx+7ouBukkoo3FOwzxicpOKSCQZFetEypCn + Z5qvd3Lb32UV7VfsFV76OlLw0sSShOiPVNApcoWJEBZAizLQ0oYjIzXnCicG1/fWGw4RvH0+kDSo + S+x/Sk8tv+MpfrX8jqf41tI7Br2Rmm0yJMH4/+TB0Ih4njDn0gSS1qxjVWL5S9dUdf54BJkRiNmY + g4cQIazak4z7GHTSQAiNkVkvBX//0P+pFHwCAAD//6Kzi0eLApxFAby5AXRiOiTHVYPWH0PZBkBz + 80sSoaun0ZsbuBYrGuBarGgAX6yILgFvngG7yplF+XmQNg5EKKUUukwewiXGpWXAFi25i9QwloRC + DIMbCrQpI7E4LB+8XA62ChWYhCBOroYxoaUr2Q4AbynQh5mro5SbWBEEGVNB8Sx4oVtRiWMJxOOg + BbegxXAgr8PFUTUboeiGagC7tra2FgAAAP//AwB/aKr7lTEAAA== + headers: + Atl-Traceid: + - 254ef2c23956ec24 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:56 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bae4c97e-642d-4967-961f-af98e587e8d4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '218' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 217e4343-0b3d-42d2-a12c-f474917a1fc2 - x-envoy-upstream-service-time: - - '157' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2559,61 +2374,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J+pElN9GDiqxCuycRmaQTrKTJ0qbCsux/N8XFj9vwzvPM - y5yYxpn2k2OKvcd4mNVm05MlE/vwEQqMDud5QF94iixjnzTNQ/AJ5gC8gALydnf93N49db/b3TLq - NDH1skIZZPCasZ4OLhxH8rE7HigduHFh6ZOkl8H13wpTq1DLS3iLcQUFCJ5DlQvZ8UoBV2VVAMAV - CIDkzzSl3m4Y/7HbjgtV1qqWBa/ED2vGe29DAqXYyqa2Gk1JJVIDxjay0b1GCdYAYFVJqan8UxDd - 2vAwTMjWdywuLj4Gg2t8Yu4yMfJv+5adz18AAAD//wMAVKtWaFoBAAA= - headers: - ATL-TraceId: - - 712513d093bba650 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUTAq6Jawqvlh+/HeGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwDfyatrWgEAAA== + headers: + Atl-Traceid: + - 4798ae77d06df8ca + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1e234257-3ac5-48eb-ad17-5d4b0856e57d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '127' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1e96715f-e900-4cff-b1ac-69c10e88702c - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2623,110 +2444,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 22d8e6c8df1505ba - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GlTWW8Gx6iT6VBwElpKqSHJB8Iwh7SWLkh3yt3JLw389+5K + lp0YnAl0Gvgg6e727dln99afHJhXXKZO7GiQKWhIXwooUuNKXoJxTZJDyV1VgeZWKGlcSIUtwXI3 + ybnMoFCZOwVtcA/SMVQaDEi7PJvUxqpyQgqvwiAIA0/DxxqMPV9UcKp5YkUCjusIsh+Gz/cG+GGg + mOBnbm1lYt9PYQKJTdUH5XFbcGMEl54E66Ml6/NK+JEvjKnB7xTcwALlT85HZ+e9cGd3iEuNC8aJ + PzkGfatNwi1kSi/aGFL8QokoiKJeMOyFe+dBEEdhHPS93cHuz0EUBOQkGbHoeKPmiU6SvI9QBNEq + 7OVHCibRoiLgcHWfmZIXhctSYayQiWWVgASYmrCZ0jceSSdKvtHFI72opaB08eKKT7nl2p8KmPmN + W2sHl1th0A+HvxrxD7woMe11iVaJFmjynJsbylV9bektnvDCgOu0gkcYVyPrOrlA4ugkXxzDFNDX + 4M51rEBmVcgSJ5Y1xuhs0KQfdBuVVh8woicCvpRu4G4S2MFNH5+RZB3VGymsRQXGWdkmpv7RnDVq + YmdcE1+NKKtCoMPpRuSYj4ZlO8P5zvCR7n4lM10kq7zsBM/RjWhnHu38v1ba7DdcRIPhYB4OvofB + eWexH8370fewuCT43d19OobbeBp1GxMxf9v2QMz+xSWyIcs0ZNhW7nEd/VRF3Vb5g1qj59s2hts2 + 9u4rb1tau0oNo+neTtwLXQdRs28RESJve6ApfAJQi6T17NO9NaI1YmNyVRfpoTBVwRdL8uPyjFu8 + KNoG+/hCbdv3umH7rTpNZdi8HqiaEAzJ1Xe0IGTmxFbXZDvRgMFSbT/UwMO9oGvgm7Ct2szmxraE + R6uEb2701x1LKC3s4olIdOJ+cz18e4MXJc/A+CRhOiUCF3KR5Z6ZZusW9xpXul4YOXdEh2ugpkW0 + 3byvB1viDbdxNBxS4Dk3o0okx0LevKSdQ6hotpBJx5iGR7Nmb7UilRzhaMGvCxgDNy0L9fLNOT1+ + 8+ro5Or46GB0cja6Go3Hf40xDCwug5HjgfMc2Cl2Z2kZ2WXCMCWLBcNKFwUpZVax34Xm7FRDiaXO + aoMM8x6q+BALygluRRAMy0nsbJQzYpsJyQvMGsK+LjPa21xbTkZLeBueF+hd1yUwgZmE1em6orL9 + Bia3Q8wTOdYKr27FL+eOx9FuTavfeHKDo2DHrE55a+tgOW39J4e7ka0tDTQSdZe4hBlVtyqUPmm9 + uS5q6GUaO9R6YFHsULXJVmWFw6q0yyx8LadfgvNefv6/zzKt6opGspdCptiSDEPms2sAyara5JA2 + nDsa79PzGpiQUzJAREoZDt0M7w1IY1KWRx57Rerey2fN81nMLlZqhYyZxOit4FbpOPB2vf4tQYgI + FirhRa6MjYfBMPAnrcxV4xsm+RKF2cUZJDX1FfZazXpWPSx7yXx2ERrL/q65tqDZSGZYXCVC9RWB + k9M/2X6NlcvOEi63HGwRu71lZzgGNo7g+8HbUfN41z66tNDH8jal13NhsXhJtKEBvqEiRm2M3bIL + 1NGLsGB7OG9GYWOdaCWnqSdxcvYyNfWndSGRaBYbgf/l+UtS0Q+ClVwyA68UVoOndOZjNXJiqMCx + kKrYx6NebsuC5Nb5wI8mI6Qswr8xZHXBEb45/Rpq4jgEKXhBVDkDPcUfPazHfjxZaXDZD4X95QWq + GXjBT1swRPX7eBVPwSV4mumTPYTFAGPb7e99Mxb/AgAA///sWdtu2kAQ/ZVVpVSAYoONbQhVlCLR + SJGaCjVqH9IXFu8CrgBbvpCXfHzPrNfmEi4tURCVokSAvTPe2bmc3TPW8soXzt/7wjnoi9P6AYVT + JFenpnxC91itl0nWQ8Xh5oOMUpNZrUtG+MrWy7n4m1hmWc/qumm+ZViLgq3bbRdlUuspQARW/Q4Z + bRUw+6Aeq+Cjus0B+5fPaqg9DPzCl3FUGWBOZJF6xOsKcT0GtYcwi+HN22AqAYQy9/jHcfqJ+z5W + oX4uk25FsbcE7BqAtTQjBJJrDDSDsM7FIkgA+pL2wRawfEReRyIVGzbFdLCcYcBwtGBkP+isPkzE + Oh+0dZQPosyHROcDT1PsjMkle5oE/oThND0eA1kzQB2LOOaajxlnYAg+FHFc8WM+IjsGXbVQ4yuf + jzOA8IBNJBfQXHDsbWa+WvZzadB9KLKpXN0m1scLftJZzUmI9NVRWxTjGB4Xw9b6EyA5gTpuIstV + kXcOB4bQvUMflF+4pGUleEqUDaeBr4N2H6hNUcfshzoFkYd1MHJjGMBlioFYLx56d7OI+ynpfAtZ + oC4YGN4iEFKspdN3FBWOhpj6X5JCq0YhbYaU4xUuZsG8yirV5xlyOA07Zd5uRY03RwznSMRwCDGc + 1yLGUZvFC8Q4drtaDfCpEcN7R4wTIIbzfyGGV6oeQIyXrQhrVyvCcnYNuKu0M42RMqonQj2aDdFG + Kbo5sIveN0p6Xyx2l2DZklJZOyGqsLWT0ChbVGtUepNuJdlsxoknfthLfciB1PQJ4yMZJVH/G+Qf + tZXuxLU74k5TWMO203CHsLbVurJs2yMCWwphhj1ikqLbFYJyG5JLGwzdcfwcPvEkInCkh+7tFSuf + SxP0VYmZ4KtFv9K1bMuRVkM2bXHl+U3fbVl+2xWiwb2RJds34lo95aLZvbBv8Z/rGTM+10TOMPJb + iZklxhM8YtgmTBRmXl7kMiPiPCGPQV8BOJ8m+NnrG54Zzcn+zb7z+Vu82bg+f4s3G9/nbjFwR+Rd + Yd2DWT2W9PV7HKonYm557zbHrkeQfoh/yeIwkvVHwI1PDUpdePT6BaNlJdM8+qWTbt/EGm7foeDI + oP8BAAD//6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwFsTQCemQ3JcNWjmFso2AJqbX5IInXdGb5Pg + muYxwDXNYwCf5kGXgDfTUvPKMovy8yANIegYcil0gQGES4xLy/JLqDeZBjEMbijQpozE4rB88EQD + bP4OmIQgTq6GMaGlK9kOAC/G0IeZq6OUm1gRlFpcmgMyGMmz4CmCohLHEojHQVOVoGkEkNfh4qia + jVB0QzWAXVtbWwsAAAD//wMA+Z1K0M8iAAA= + headers: + Atl-Traceid: + - eb79200b29b96e1b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 454d5e14-33df-4976-bf15-d784c57bbbf0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '262' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - dd58fc2e-dcf8-4618-9fea-d0861b360657 - x-envoy-upstream-service-time: - - '74' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2736,1389 +2551,118 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxcRx1mAwFJ6FNKTVO8oEwzFlayxekO83dyTYN+e/d - PUkYCKaE1HzQ3Un79uyze8sXD9Yll6kXexpkChrS1wLy1HQkL8B0TLKAgndUCZpboaTpQCpsAZZ3 - kgWXGeQq6yxBG3wH6QRKDQakrb/1Op4gzWEYBiFuDORz3C6sLU3s+ynMIbGp+qx63ObcGMFlT4L1 - UYf1eSn8yBfGVOC3Ci7gEuWPpuOTafdlGOHJ3DnrxV88g0Yrk3ALmdKXtXMp7lAgCqKwGwy60Wga - RnF/Jx686A2Ho1+CKAjIR7JhL0twap7oI8n7YRAE5FUddbNJwSRalIQInu4xU/A877BUGCtkYlkp - IAGm5myl9EWPpBMl3+v8MV4YSCoN/lLAii+55fqVEf/AboFJqopn9dFhuhsG/XDUbKfo6O4m5I5H - iUZbU24uKEfVzNIqnvPcQMdrdXixU/K141mBxCgxyV4sK4zEK7X6jO49Eb1G2mHnstFiR5sbCd94 - +l4Ka1EB8auRpqD+cN8aNbcrrikwI4oyF8iQ9E40CK6jzGC0Howe424Dc2OsQboUBCz+buI8CF6g - 5WiwjgZPVuxS6FjyzDTPB2yFw3U4/DFb69ZYs3jAWj9a96Mfs9aQ07SLrda+fqX6Xn+ouwtm7PQM - M5hlGjKs629oiJxSeVWXWX2SVMaqwrWIc7QQvdj2YvStjrp11KdUmK79eXE3bPoFMViLpDb35Zsz - 4he6bxaqytMDYcqcXzYsxGMEyn7AmiVmNia4xU5bN7Lvr6G6S173Rb/WpqlA3HJfVYST8/0jHQiZ - ebHVFTmTaMBYqeru65PRMGz75F3Ugm1whtteRNte9De9RCgt7OUTgWjFfdeFH99HRcEzMD5JmFaJ - wIOFyBY9s8w2zectnrRdKvJcLmdA7YTIeScsqst74w23MTEcUeALbsalSN4JeeEu4wMo6W6WSUsh - R6yVe3d9IpUc49XMZzlMgJualrpZecfv3r85PDp/d7g/PjoZn48nk78mGAaWkMHI8YPpAtgx9k1p - GdllwjAl80uGNSlyUsqsYr8LzdmxhgLrllUGGdZzVXo3ipeoMLgSQTCY69irrwxMEqK8KapbhYx4 - Z0Ly/O5HzWTRwOtonqN3bS/ABGYSrr+uSqraRzC5nhWeyLFa+Pq+un29fx/tNrT6jScXOEq1zGqV - 17b2m6HmhxxuJ6O6NNBI1F6vElZU3SpX+qj2ZpZX0M00tqzNeKDYgaqTrYoShz1pmyw8lL/b4HyS - N//2WKZVVdLk81rIFFuSYch8NgOQrKzMAlLHucPJHj1nwIRckgEiTcpwaGV4O0Aak7JF1GNvSN0n - +dw9n8fs9FqtkDGTGL0V3CodB72dXv+KIEQEc5XwfKGMjUfBKPDntcy5882PotEZSrPTE7rOsLGw - t2rVtep+4TPms9PQWPZ3xbUFzcYyw+oqEKsHBI6O/2R7FZYuO0m43PJhDdnVFTsBrAlyBNf7H8bu - 8bF+tHmhTXNp0nIqLFYviToe4AoVMepj7Iqdoo5uhBXbxfEuCp114lWyhF4hrIae0pmfZKI7E5JO - iQ493L+ixe5t6TNS2A+CjZbVTS1YnJwIK3B+o6L28dPewhY5yW3SgxuXIFIW4W8CWZVzBHNN/1y4 - qA5ACp4Tc05ALwWOz13209G1hg57lttfd1HNsBf8vAVRVL+HV/USOgSWGxPZfcgMMbad/ssnItNI - O2QGj0dm8J/I/H+o/AsAAP//7FlZa9tAEP4rSyGQmEq2ZEs+IKQpSSHQhNAjhfTFG61sqdiS0OG8 - 5Mf3m93VESW2W5OkKQQbW9qZWc3O8e3O6E+sgqz6mPLIC7rf+HzSYRcINDVahAtxdtIcQhxiZZTK - QWO4/ASWWaW7vO+bz+nmMp+79silLOqcSMAElv2KGW0lUHG7INun3wOIl+kHMYoTWu6PU9z8xJ+x - S+jTDFdqhqfMxNrgV8UiQvFOO3iFEE00hE1lUNUSsFGF2h2ga6lJFAPONQ6aYdzlYhVmQH6fNsMh - AH1GpkXAlLs2eW5aP2nKcL5gq1ofoHqqve7XXheV1zPtdZ7n2B6z9+w2CL2A4Yw9nwNdCyyGJRzP - iuaMMxQDHgRxZvFSPiM9psee5ye58ZlH8wJAPGWBzwUkVxwbnKlWyxoGOo9FsfCb1rlPL0uRSTPy - wHIpz9uipIM8L8nW/RnAGUAcg6XdJ3rpJMKlvvLyngoUY/RDEYZbWlaGWZLiZhF60mXnodwXtce+ - y4MQ2Ve7QqnC4O0FCKlceudsmXAvJ/6LmIXyhqFeW4XCF5Lha+4nmfISxkXh+YpZJ/oXpBIOjNDl - b6JECiYx7Y8U9ftcLMPogO0f3C1x0szjSRW7j0LFs8OEM94RJpwxwYQz3goTu+wDD2DiabalOulf - CCbcN5h4AZgY/Ocw4WrBLTDxsCdhretJWIN1BKckUB2Tp4gg2Ryh7k2LtVextgnr6vxeVeeXS13H - WHWg2oTxo/Vyu86SoR9QoaFqsqxYLjkVjO821kBkQOr+xOmOpSX1AI4QjtRfOhOHzowP+sK6GQ16 - zg20Hw7Hlm27VMlWTHjCBjafvHssBIU6OGsdDN1J/BDf8iwhkKNJN7ZzVQvSRB0r2UwUrl112XUs - 2xr4Vs/v22Lsen3PGVreyBGix92Z5Y+OxKGcZa9/vGd/wlfJGUse6YLOMNRQZhaZcQuLGLZJ0W+q - bCOTGQnnGVkM8hLR+SLD5cml4ZpJRPq3+8SvX+N2t/n1a9zuWL92jYE7QvWLdTOmeRS51K9aKJ+o - SlNNXIVd1wBcsJ8WaZz43WvAjUedSp149IYE1CqT6Tn6XY/u46Qabt+g4OWd/i+h4DcAAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF8NYF0InpkBxXDZpchbINgObmlyTmAFlY2kXARpdSda0SpgSuiSAD - XBNBBvCJIHQJePstNa8ssyg/D9LWgY4yl0Jn+iFcYrxQll9Ctdk2iFlwM4EWZSQWh+WDZyJgM37A - pAVxcTWMCS11ybYfvCZCH2aujlJuYkVQanFpDshgJL+C5xCKShxLIP4GTWWC5hlAPoeLo2o2QtEN - 1QB2bW1tLQAAAP//AwD1wov6MCIAAA== - headers: - ATL-TraceId: - - 23ebc33be5d8f778 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f0a27dc4-6d13-45af-83bf-fc04b0454efd - x-envoy-upstream-service-time: - - '149' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J+pElN9GDiqxCuycRmTQTrKTJ0qbCsux/N8XFj9vwzvPM - y5yYxpn2k2OKvcd4mNVmY8hSH034CAVGh/M8oC88RZaxT5rmIfgEcwBeQAF5u7t+bu+eut/tbhl1 - mph6WaEMMnjNmKGDC8eRfOyOB0oHblxYTJL0MjjzrTC1CrW8hLcYV1CA4DlUuZAdrxRwVVYFAFyB - AEj+TFPq7YbxH7vtuFBlrWpZNEL+sP14721IoBRb2dRWY19SidRAbxvZaKNRgu0BsKqk1FT+KYhu - bXgYJmTrOxYXFx9Dj2t8Yu4yMfJv+5adz18AAAD//wMAxrafc1oBAAA= - headers: - ATL-TraceId: - - 0aab29b671fc34f5 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 32cba3e4-e74e-4545-8d40-4e224c4263d5 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - c37e79d1a7503c09 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 701b4ba4-a9d8-4aeb-b019-367794aa969a - x-envoy-upstream-service-time: - - '49' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/iQHCH6XA0bbnrcVyg7QfKMMLeOCq25JHkEFr477fr - F0wpYSgNM3i10r4/u9I3B1Yll6kTOxpkChrSNwLy1AwkL8AMTLKAgg9UCZpboaQZQCpsAZYPkgWX - GeQqGyxBG9yDdAalBgPSNmedgSNIcxAEfogLA/kclwtrSxN7XgpzSGyqviiX25wbI7h0JVgPdViP - l8ILPWFMBV6n4AKuUP7geHp0PNwORsiZ18468TfHoNHKJNxCpvRV41yKKxQI/TAY+tEwnBwHYTwa - x9G2Oxpv/uGHvk8+kg17VUKt5pk+krwX+H7tZxN1u0jBJFqUlBHk7jJT8DwfsFQYK2RiWSkgAabm - 7FLpC5ekEyU/6PwpXhhIKg3eUsAlX3LL9SsjvsJOgUWqio2GtZ/uBP4omLTLY3R0pw954FCh0dYx - NxdUo+rcEhXPeW5g4HQ6nLhWcjNwrEBglFhkJ5YVRuKUWn1B956ZvVa6zl1djS53tLhT8N7TD1JY - iwoIX600BfV3fdaoub3kmgIzoihzgQhJ70WDya0hE01W0eQp7rZpbo21mS4FJRZ/d/Mc+VtoOYxW - YfRsxXUJa5RsmPb7iK1gcxVs/pqtVWesJR6xNgpXo/DXrLXgNB2x1trNDfX36mMzXbBiJ6dYwSzT - kGFf/wBDxJTKq6bNGk5SGauKekScoYVwa93G5EcdzehouNSY9fhz4mGAS25xKjZD5+fx3ky02xnm - Ndo0gbkm91RFMQU0lz4RQ8jMia2u4KYdVaRMi6SJ9NsPPHIMj5qFqvL0tTBlzq/aBkA2emU/4rig - pmiToQFjpa57aE5iXbo5eT9r/rp0Bus2wnUbo36WCKWFvXpmcjtxr57CT5+jouAZGI8kTKdEIGMh - soVrllk/fN4hp5tSoVMn9BxonBA474VFfflgvME6JAYTCnzBzbQUyXshL+rL+DWUdDfLpKtjXd3L - eu+WI5Wc4tXMz3OYATcNNnRLOYfvP7zdPzh7v783PTiank1ns39nGAa2kMHI8cDxAtghzk1pGdll - wjAl8yuGPSlyUsqsYn8JzdmhhgL7llUGUevWXXo/im1U6F8L34/mX2PnXtNibjMheY5Vw7T3XUZ7 - 93nty6JNb430HL3rZgEWMJNwe7oqqWufgOTmrfBMjDXCt/fV99f7z8Guh9WfPLnAp1SHrE55Y2uv - fdT8ksPdy6hpDTQSdterhEvqbpUrfdB4c55XMMw0zo3+eaDYa9UUWxUlPvakbavwWE2/T85nefdv - l2VaVSW9fN4ImeKYMwyRz84BJCsrs4C0xtz+bJe+58CEXJIBAlLK8NHK8HaANCZli9Blb0ndZ/mi - /r6I2cmtWiFjVmbx2A1c/5pSh5nLVcLzhTI2nvgT35s3Z89qn7ww3D5FKXZyRNcYDhT2Tl0OrXpY - +JR57CQwlv1XcW1Bs6nMsKsKzNEjAgeH/7DdCluWHSVcrjnYpOr6mh0B9gI5gvTex2n9+dR8unrQ - or0siTwWFruWROv6I4WKGM0vds1OUMcwxE4dBpv+JKytE56SJbiFsBpcpTMvycTwXEjiEgxcXL8i - Yud76VNSuB31Si7vKsGe5IRTgc826mVvO3IXtshJqszwX10WUhHibwaFsoBBpcCmK8w+ybAh++0w - G7CN3L5koRsEbsjYRmZf7rCR66NwvTFyN92IdRtRvxG5Y3er4497/thFXR1/s+cTOe755F3LD9zN - nh/2/PDu+VHPH7mjnh/1/KgPYKu3S+Qd/q1dIsPf1yAEE7eL9/4SBlT8+rnLHqr01rpK/w8AAP// - 7FjbTttAEP2VkZCQkwZHSQptg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQWvUBgpLY - s7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn1u3qNe24 - hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3HxBR87j9+K - 7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3MoDOjx3W4X - wmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSwdmT8Lr1c - UJLRFY5XPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhVMFKBEuF/pSwEyGx - o/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6OY1MTjjg - h36YQA9YwefuMO4uzw6nGEjnHAzCw7k0g9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYMGLcyCJcB - 3NrC+SJBPvF/mMS+SIthPBqNhjEfzQq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTVuAFB3mon - h43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5knkXAh5500 - S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMDQ9aOe58E - JWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGWpc7iwOmD - /AUmqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAySQaVm - YZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i60v2fx/K - o5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXelz946H5UP - 40MOVBmP4L5kepssgZbKd0sSrkowNxkvyhNKVfm6xGrBLPpq3aIyob9fVJcD+tPSAljiZJZ6fsE5 - O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3yGn8nHlh - VCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3FjuBWLAAA - AP//7FpNa4NAEP0vhRxXXb9zCGmgLfSWc26bXZNCMYof5O93xl2ts6kptBA8CB4Wd8YdR/f55L2b - 2YXFjmkZQW7Cygh2E1ZG0JuwMoLfhJURBCesjGA4YWVjFF9YbN+vhcX2OQuL7V6H+bBYbhJ/YbG3 - SjufUtp5ODURjVXVphLys7MRoDHACvWGUHtiUK/7O5oKnFKzvcFXQQRgWyS0s9ZDVtMI+YEymlYa - 6zbPBcqgTz8qe9g49DIU1R+FUqQdWyElOjDe1SY6iTBQ/JiGXnSEwpJkzX0/xnWGIFjhTliGT3Wn - FKxRQ+R3DYgz6It5Lq6iLpGj4kXvmpO0ocY5VzoMvv25q4duxH0eZtzLAl+tYxnIKOEyjZTyRHzi - WbpVm+4qq2C38t/g0HksFxcjUzKmT9VOW7MrdIT5Dr71jkY6bBkrhaixY5Df8XHYVTB82bPYKS9Y - v+16mn/Ftndq/hXb/qu5Vwx4o7QFyVgLxv+Re2McxP2E2pa2OWnMOgDQQvhrWxVl5h4AfyT6bszG - Q78fzA47GdcxzkXjSqgMzC5Q8PiHvkDBIyr+LxR8AQAA//+it4vpWBSgtyiA7Sel6lqQHlg7BOj2 - dEhWrAatIYayDYAW5pck5gBZWEzBtazRANeyRgP4skZ0CXi7DdilzizKz4O0cSBCKaXQdesQLlEu - zc+FmFANY0JLQTJKPqQV9/owc3WUchMrgiDDICh2g1eoFZU4lkDcUQZsg5O7rA59XSzELLiZQKsy - EovD8sHr+2CLWUELc0Gr5kA2wt2B6lgjFNdCNYBDp7a2FgAAAP//AwCAmgbr/jAAAA== - headers: - ATL-TraceId: - - 27db878c3f3e1061 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 26dc05ef-c773-4927-b2a3-b2a998c75970 - x-envoy-upstream-service-time: - - '115' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTfmXNTfSgIqvQ7kkWSZoJVtKktKmwLPvfTXHx4za88zzz - MidQcqb9ZEHAewjjLDYbTYa6oP2Hz2Swcp576TJHARL4pGnuvYswQ2QZZpg2u5uX5v65/d3ulkHF - CcTrCiWY4CEBTaP1x4FcaI8jxQO31i86Smrprf5WQKxCxS/hnQwrmGPOUizTnLesFMhEUWaIeIU5 - YvRnmmJv2w//2G3LclFUorrOGGM/bDc8OOMjyPMtryujZFdQIanGztS8VlpJjqZDlGXJuaLiT0Gw - a8NjP0lY3zFyseHJd3KNT2AvE5B72zdwPn8BAAD//wMAAwgUtloBAAA= - headers: - ATL-TraceId: - - 09cbaf76ac20fbf6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fb8a950c-e89e-48ec-ad48-06d75ff4b3fc - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a6e5ca4b9ab487fd - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8c1a5961-3edd-427f-a5b4-66bb8f260abc - x-envoy-upstream-service-time: - - '70' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxcRx1mAwFJ6FNKTVO8oEwzFlayxekO83dyTYN/Pfu - niRMCKaE1HzQve3bs8/uHV88WJdcpl7saZApaEhfC8hT05G8ANMxyQIK3lElaG6FkqYDqbAFWN5J - FlxmkKusswRtcA/SCZQaDEhbn/U6niDNYRgGIU4M5HOcLqwtTez7Kcwhsan6rHrc5twYwWVPgvVR - h/V5KfzIF8ZU4LcKLuAS5Y+m45Np92UY4crcOevFXzyDRiuTcAuZ0pe1cynOUCAKorAbDLrRaBpG - cX8nHrzoDYejX4IoCMhHsmEvS3BqnugjyfthEATkVR11M0nBJFqUhAiu7jFT8DzvsFQYK2RiWSkg - AabmbKX0RY+kEyXf6/wxXhhIKg3+UsCKL7nl+pUR/8BugUmqimf10mG6Gwb9cNRMp+jo7ibkjkeJ - RltTbi4oR9XM0iie89xAx2t1eLFTct3xrEBilJhkL5YVRuKVWn1G956IXiPtsHPZaLGjya2Ebzx9 - L4W1qID41UhTUH+4s0bN7YprCsyIoswFMiS9Ew2C6ygzGK0Ho8e428DcGGuQLgUBi7/bOA+CF2g5 - GqyjwZMVuxQ6ljwzzfcBW+FwHQ5/zNa6NdYMHrDWj9b96MesNeQ07WCrtetrqu/1h7q7YMZOzzCD - WaYhw7r+hobIKZVXdZnVK0llrCpcizhHC9GLbRujb3XUraNepcJ07c+LuyFOucWuWDed7+d73dFu - ephfa9NEZjfcVxXFFFJf+kgLQmZebHUF102rImVaJHWkX75ZI8fwqFmoKk8PhClzftkUAC6jV/YD - tgsqigYMDRgrVd19fTIahm2fvItasA3OcNtGtG2jv+klQmlhL58Ibivuuy78+D4qCp6B8UnCtEoE - LixEtuiZZbZpPm9xpe1SkecAnQG1EyLnnbCoLu+NN9zGxHBEgS+4GZcieSfkhbuMD6Cku1kmbR5d - dldu72ZFKjnGq5nPcpgANzU3dDPyjt+9f3N4dP7ucH98dDI+H08mf00wDCwhg5HjgekC2DH2TWkZ - 2WXCMCXzS4Y1KXJSyqxivwvN2bGGAuuWVQZZ23NVejeKl6gwuBJBMJjr2LtTtIhtJiTPMWsI+6bK - aO/uWvOyaOB1TM/Ru7YXYAIzCTenq5Kq9hFMrt8KT+RYLXxzX319vX8f7Ta0+o0nF/iUapnVKq9t - 7TePmh9yuH0Z1aWBRqL2epWwoupWudJHtTezvIJuprFvbJ4Hih2oOtmqKPGxJ22ThYdy+jU4n+Tt - vz2WaVWV9PJ5LWSKbc4wZD6bAUhWVmYBqePc4WSPvjNgQi7JABEpZfhoZXg7QBqTskXUY29I3Sf5 - 3H2fx+z0Rq2QMZMYvRXcKh0HvZ1e/4ogRARzlfB8oYyNR8Eo8Oe1zLnzzY+i0RlKs9MTus6wsbC3 - atW16n7hM+az09BY9nfFtQXNxjLD6ioQqwcEjo7/ZHsVli47SbjccrCG7OqKnQDWBDmC4/0PY/f5 - WH/avNCkuTRpOBUWq5dEHQ9whIoY9TF2xU5RRzfCiu3i8y4KnXXiVbKEXiGshp7SmZ9kojsTklaJ - Dj2cv6LB7tfSZ6SwHwQbLavbWrA4ORFW4PuNitrHo72FLXKS26QHJy5BpCzC3wSyKucI5pr+uXBR - HYAUPCfmnIBeCnw+d9lPRzcaOuxZbn/dRTXDXvDzFkRR/R7el0voEFjumcjuQ2aIse30Xz4RmUba - ITN4PDKD/0Tm/0PlXwAAAP//7FlZa9tAEP4rSyGQmEq2ZEs+IKQpSSHQhNAjhfTFG61sqdiS0OG8 - 5Mf3m93VESW2W5OkKQQbW9qZWc3O8e3O6E+sgqz6mPLIC7rf+HzSYRcINDVahAtxdtIcQhxiZZTK - QWO4/ASWWaW7vO+bz+nmMp+79silLOqcSMAElv2KGW0lUHG7INun3wOIl+kHMYoTWu6PU9z8xJ+x - S+jTDFdqhqfMxNrgV8UiQvFOO3iFEE00hE1lUNUSsFGF2h2ga6lJFAPONQ6aYdzlYhVmQH6fNsMh - AH1GpkXAlLs2eW5aP2nKcL5gq1ofoHqqve7XXheV1zPtdZ7n2B6z9+w2CL2A4aA7nwNdCyyGJRzP - iuaMMxQDHgRxZvFSPiM9psee5ye58ZlH8wJAPGWBzwUkVxwbnKlWyxoGOo9FsfCb1rlPL0uRSTPy - wHIpz/CipIM8L8nW/RnAGUAcg6XdJ3rpJMKlvvLyngoUY/RDEYZbWlaGWZLiZhF60mXnodwXtce+ - y4MQ2Ve7QqnC4O0FCKlceudsmXAvJ/6LmIXyhqFeW4XCF5Lha+4nmfISxkXh+YpZJ/oXpBIOjNDl - b6JECiYx7Y8U9ftcLMPogO0f3C1x0szjSRW7j0LFs8OEM94RJpwxwYQz3goTu+wDD2DiabalOulf - CCbcN5h4AZgY/Ocw4WrBLTDxsCdhretJWIN1BKdZf+YpIkg2XKiF0mLtVaxtQlXnlytax7iu7u9V - Hag2YVwSZHQHVEs80ghr111ZsVxyKhjfbayByIDU/YnTHUtL6gEcIRypZ3UmDp0ZH/SFdTMa9Jwb - aD8cji3bdqmSrZjwhA1sPnn3WAgKdXDWOhi6k/ghvuVZQiBHk25s56oWpIk6VrKZKFy76rLrWLY1 - 8K2e37fF2PX6njO0vJEjRI+7M8sfHYlDOcte/3jP/oSvkjOWPNIFnWGoocwsMuMWFjFsk6LfVNlG - JjMSzjOyGOQlovNFhsuTS8M1k4j0b/eJX7/G7W7z69e43bF+7RoDd4Rq2upmTPMocqlftVA+UZWm - GsMKu64BuGA/LdI48bvXwCGPOpU68egNCahVJtNz9Lse3cdJNdy+QcHLO/1fQsFvAAAA//8i18Wj - RQGtXUyHogAAAAD//4IVBejNDmA7Sqm6FqQH1swAuj0dkhWrQbOuULYB0ML8ksQcIAuLKbgmggxw - TQQZwCeC0CXg7bfUvLLMovw8SEMIOspcCp3ph3CJcWlZfgnVZvAgZsHNBFqUkVgclg+eiYBNuwGT - FsTF1TAmtNQl237wmgh9mLk6SrmJFUGpxaU5IIOR/AqeQygqcSyB+Bs0lQmaZwD5HC6OqtkIRTdU - A9i1tbW1AAAAAP//AwD3pudgMCIAAA== - headers: - ATL-TraceId: - - 4dd416d320bdcc13 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a7713ccb-811f-4bce-abda-d3cb7daacc7d - x-envoy-upstream-service-time: - - '164' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields - response: - body: - string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 7eeb81369883911a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b36ec5a0-576b-4641-bfdb-f5533f6258bb - x-envoy-upstream-service-time: - - '102' - status: - code: 200 - message: OK -- request: - body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been - pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: negotiator:0.5.3|http://localhost:8080/finding_group/228] in [Security How-to|http://localhost:8080] - / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2860]\n*Defect Dojo - link:* http://localhost:8080/finding/2860 (2860)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2859]\n*Defect - Dojo link:* http://localhost:8080/finding/2859 (2859)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: negotiator:0.5.3"}, "update": {}}' - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '3271' - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 - response: - body: - string: '' - headers: - ATL-TraceId: - - 6d9131b728823825 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:35:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 03939e9b-968e-4a9c-a9eb-a9dc30c7bc8b - x-envoy-upstream-service-time: - - '99' - status: - code: 204 - message: No Content -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxcRx1mAwFJ6FNKTVO8oEwzFlayxekO83dyTYN+e/d - PUkYCKaE1HzQ3Un79uyze8sXD9Yll6kXexpkChrS1wLy1HQkL8B0TLKAgndUCZpboaTpQCpsAZZ3 - kgWXGeQq6yxBG3wH6QRKDQakrb/1Op4gzWEYBiFuDORz3C6sLU3s+ynMIbGp+qx63ObcGMFlT4L1 - UYf1eSn8yBfGVOC3Ci7gEuWPpuOTafdlGOHJ3DnrxV88g0Yrk3ALmdKXtXMp7lAgCqKwGwy60Wga - RnF/Jx686A2Ho1+CKAjIR7JhL0twap7oI8n7YRAE5FUddbNJwSRalIQInu4xU/A877BUGCtkYlkp - IAGm5myl9EWPpBMl3+v8MV4YSCoN/lLAii+55fqVEf/AboFJqopn9dFhuhsG/XDUbKfo6O4m5I5H - iUZbU24uKEfVzNIqnvPcQMdrdXixU/K141mBxCgxyV4sK4zEK7X6jO49Eb1G2mHnstFiR5sbCd94 - +l4Ka1EB8auRpqD+cN8aNbcrrikwI4oyF8iQ9E40CK6jzGC0Howe424Dc2OsQboUBCz+buI8CF6g - 5WiwjgZPVuxS6FjyzDTPB2yFw3U4/DFb69ZYs3jAWj9a96Mfs9aQ07SLrda+fqX6Xn+ouwtm7PQM - M5hlGjKs629oiJxSeVWXWX2SVMaqwrWIc7QQvdj2YvStjrp11KdUmK79eXE3bPoFMViLpDb35Zsz - 4he6bxaqytMDYcqcXzYsxGMEyn7AmiVmNia4xU5bN7Lvr6G6S173Rb/WpqlA3HJfVYST8/0jHQiZ - ebHVFTmTaMBYqeru65PRMGz75F3Ugm1whtteRNte9De9RCgt7OUTgWjFfdeFH99HRcEzMD5JmFaJ - wIOFyBY9s8w2zectnrRdKvJcLmdA7YTIeScsqst74w23MTEcUeALbsalSN4JeeEu4wMo6W6WSUsh - R6yVe3d9IpUc49XMZzlMgJualrpZecfv3r85PDp/d7g/PjoZn48nk78mGAaWkMHI8YPpAtgx9k1p - GdllwjAl80uGNSlyUsqsYr8LzdmxhgLrllUGGdZzVXo3ipeoMLgSQTCY69irrwxMEqK8KapbhYx4 - Z0Ly/O5HzWTRwOtonqN3bS/ABGYSrr+uSqraRzC5nhWeyLFa+Pq+un29fx/tNrT6jScXOEq1zGqV - 17b2m6HmhxxuJ6O6NNBI1F6vElZU3SpX+qj2ZpZX0M00tqzNeKDYgaqTrYoShz1pmyw8lL/b4HyS - N//2WKZVVdLk81rIFFuSYch8NgOQrKzMAlLHucPJHj1nwIRckgEiTcpwaGV4O0Aak7JF1GNvSN0n - +dw9n8fs9FqtkDGTGL0V3CodB72dXv+KIEQEc5XwfKGMjUfBKPDntcy5882PotEZSrPTE7rOsLGw - t2rVtep+4TPms9PQWPZ3xbUFzcYyw+oqEKsHBI6O/2R7FZYuO0m43PJhDdnVFTsBrAlyBNf7H8bu - 8bF+tHmhTXNp0nIqLFYviToe4AoVMepj7Iqdoo5uhBXbxfEuCp114lWyhF4hrIae0pmfZKI7E5JO - iQ493L+ixe5t6TNS2A+CjZbVTS1YnJwIK3B+o6L28dPewhY5yW3SgxuXIFIW4W8CWZVzBHNN/1y4 - qA5ACp4Tc05ALwWOz13209G1hg57lttfd1HNsBf8vAVRVL+HV/USOgSWGxPZfcgMMbad/ssnItNI - O2QGj0dm8J/I/H+o/AsAAP//7FlZa9tAEP4rSyGQmEq2ZEs+IKQpSSHQhNAjhfTFG61sqdiS0OG8 - 5Mf3m93VESW2W5OkKQQbW9qdWc3O8c3O6E+0gqj6mPLIC7rf+HzSYRdwNDVahAtxdtIcgh9iZxTK - QWO4/ASWWYW7vO+bz2nmMp679silKOqcSMAElv2KGaUSiLidke3T7wHYy/ADG/kJbffHKW5+4s/Y - xfVphSu1wlNGYq3wq2IRoXinDF4hRBMNoVPpVDUHdFShdgfoWkoSxYBzjYNmGHe5WIUZkN+nZDgE - oM9ItXCYMmuT5ab1k6YM5wu2quUBqqfa6n5tdVFZPdNW53mO9Ji9Z7dB6AUMZ+z5HOhaYDMs4XhW - NGecoRjwwIgzi5fyGckxPfY8P8mNzzyaFwDiKQt8LsC54khwptotayjoPBbFwm9q5/58WYpMmp4H - kkt53hblPKbn5bR1fwVQBmDHYKn3id46sXApr7y8JwL5GP2Qh+GWtpVhlaS4WYSeNNl5KPOitth3 - eRAi/WpTKFEYrL3ARCq33jlbJtzLif4iZqG8YajXVqHwhST4mvtJpqyEcVF4viLWgf4FoYQDI2T5 - Gy+RjElM+ZG8fp+LZRgdsP2DuyVOmnk8qXz3Uah4dphwxjvChDMmmHDGW2FilzzwACaeJi3VQf9C - MOG+wcQLwMTgP4cJVzNugYmHPQlrXU/CGqybcMoJqmPyFB4kmyPUvWmR9irS9sS6Or9X1fnlVtcR - Vh0o6cQBlQyP9Lva5VV7lXH1uGK55FQwvttYA5ECqfsTpzuWltQDOII7Un/pTBw6Mz7oC+tmNOg5 - NxBoOBxbtu1SJVsR4QkbyHyy7rEQ5OqgrGUwdCfxQ3zLs4RAjhbd2M5VLUgTdawkM1G4dtVl17Fs - a+BbPb9vi7Hr9T1naHkjR4ged2eWPzoSh3KVvf7xnv0JX8VnLHmkCzrDUEOZWWTGLTRi2CZ5v6mi - jVRmJJxnpDHwS0TniwyXJ5eGayYRyd/uE79+idvd5tcvcbtj/dolBu4I1S/WzZjmUeRSv2qheKIq - TTVxFXZdA3BBflqkceJ3rwE3HnUqdeDRGxLMVpFMz9HvenQfJ9Vw+wYFL2/0fwkFvwEAAP//ItfF - o0UBrV1Mh6IAAAAA//+CFQXoLQlgO0qpuhakB9b+ALo9HZIVq0GzrlC2AdDC/JLEHCALiym4JoIM - cE0EGcAngtAl4O231LyyzKL8PEgLCTrKXAqd6YdwiXJpfi7EhGoYE1oKklHyIa1R0IeZq6OUm1gR - lFpcmgMyGMlu8Jh+UYljCcQdZfklVJv1g5gFNxNoVUZicVg+eEYENvMImsoEzTOAbIS7A9WxRiiu - hWoAh05tbS0AAAD//wMAXAHjbTAiAAA= - headers: - ATL-TraceId: - - 2b931ae76a74e67e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 04e82174-f278-4695-a439-90b464303959 - x-envoy-upstream-service-time: - - '171' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo - response: - body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmm2W3EQPKrIK7Z5EJB8TrKRNaVNhWfa/m+Dix21453nm - ZU5EqwUPsyeSvMc4LXKzsejQRBs+AlXRq2Xp1UhHjKQgnzgvfRgTXAFUFCiU7f76ub176n63+3XQ - aSLyJUMFFPBaEIuTD8cBx9gdJ0wHbnxYbZL02nv7rRCZha24hLcqZpABq0rgJRNdxSVUsuYUAK6A - ASR/wTn1dv3wj911FZN1I4FTDuKHNcP96EICBduJZuu0MjXWChswrhGNtloJcAZAcS6ExvpPQfS5 - 4aGfFcnvOLX6+BiMyvGJ+MtEcHw7tOR8/gIAAP//AwCbPZUdWgEAAA== - headers: - ATL-TraceId: - - 567c732366fc93cd - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3e2c9efc-e084-48b5-8b5a-13869d898859 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f59556959a0d67ff - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 59b26213-c42b-4008-88c7-70d874ec1d9a - x-envoy-upstream-service-time: - - '66' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 - response: - body: - string: !!binary | - H4sIAAAAAAAAA6RWbU/cOBD+K1Y+VHe93bxtgCUVqji6bbnrcRzQ9gNFyCSzWZfEjmwHlpb+95tx - EkIpiyhdJDIee96fGfurB8uay9xLPQ0yBw35awFlbkaSV2BGJltAxUeqBs2tUNKMIBe2AstH2YLL - AkpVjC5AG9yD/ABqDQakbc96I0+Q5iiKwhgXBso5LhfW1iYNghzmkNlcfVY+tyU3RnDpS7AB6rAB - r0UQB8KYBoJewTlcofze0ezwaLwZTZAzd8566VfPoNHGZNxCofRV61yOKxSIwzgah8k4nh5FcTpZ - S5NNf7K2/kcYhyH5SDbsVQ1OzRN9JPkgCkPnZxt1t8jBZFrUlBHkbjNT8bIcsVwYK2RmWS0gA6bm - 7FLpc5+kMyXf6/IxXhjIGg3BhYBLfsEt1y+N+AJbFRapqZ61rN18Kwon0bRbHqGjW0PII48KjbaO - uDmnGjVnlqh0zksDI6/X4aVOybeRZwUCo8Yie6lsMBKv1uozuvfE7HXSLneuGn3uaHGr4IOn76Ww - FhUQvjppCupvd9aoub3kmgIzoqpLgQjJ70SDyXWQSabLZPoYd7s0d8a6TNeCEou/23lOwg20HCfL - OHmyYldCh5Jnpvs+YCtaX0brv2Zr2RvriAesTeLlJP41ax04TU+stPbtG/X38kM7XbBixydYwaLQ - UGBf/wBDxJQqm7bNWk7WGKsqNyJO0UK8sWpj+qOOdnS0XGpMN/68dBzhkluciu3Q+Xm8txPtZoYF - rTZNYHbkjmoopojm0kdiCFl4qdUNYDpQp/2AzU6Qbn1z6ki9Flkb+9cfeOQqCpuFasr8lTB1ya+6 - lkB2pgFjpa67b05iXfo5eTdr4ap0Rqs24mFkCKWFvXpiDnvxwA3bx49LUfECTEASplcikLEQxcI3 - F8UwY94ipx9GsUdZuhPKpA+l5GdA44TAeecQ9eW9iYhWITGaUkYW3Mxqkb0T8txdxq+gprtZZn3V - XC0v3d4NRyo5w6uZn5VwANy0SNAd5e2/e/9md+/03e7ObO9wdjo7OPj3AOPDFjKYEjxwtAC2j3NT - WkZ2mTBMyfKKYU+KkpQyq9hfQnO2r6HCvmWNQdT6rkvvRrGJCsNrEYbJ/Evq3WlaTHohJC+xnFiP - octo7y6ve1l06XW4LtG7fhZgZQsJN6ebmrr2EUhu3wpPBF8rfHNffX+9/xweB7z9ybNzfEr1kOuV - t7Z2ukfNLzncv4zankEjcX+9Srik7lal0nutN2dlA+NC45QYngeKvVJtsVVV42NP2q4KD9X0++R8 - krf/tlmhVVPTy+e1kDmOOcMQ+ewMQLK6MQvIHeZ2D7bpewZMyAsyQEDKGT5aGd4OkKekbBH77A2p - +ySfu+/zlB3fqBUyZXWRrvmRH15T6jBzpcp4uVDGptNwGgbz9uyp8ymI480TlGLHh3SN4aRhb9Xl - 2Kr7hU9YwI4jY9l/DdcWNJvJAruqwhw9ILC3/w/bbrBl2WHG5YqDbaqur9khYC+QI0jvfJi5z8f2 - 09eDFt1lSeSRsNi1JOrqjxQqYjTY2DU7Rh3jGDt1HK2H09hZJzxlF+BXwmrwlS6CrBDjMyGJSzDw - cf2SiK3vpU9I4WYyKLm8rQR7khNOBT7bqJeDzcRf2KokqbrAf64spCLG3wFUygIGlQObLTH7JMPG - 7Lf9YsSelfYFi/0o8mPGnhX2xRab+CEKu42Jv+4nrN9Iho3EX/M3ev7awF/zUVfPXx/4RK4NfPKu - 40f++sCPB358+/xk4E/8ycBPBn4yBLAx2CXyFv/GLpHx7ysQgonbxlv+AkZUfPfcZfdVemNVpf8H - AAD//+xY207bQBD9lZGQkJMGR0kKbYPyQIEHpBZVhdKHplKMvUncOrbxJVBR/r1ndtfLOpcWUFr1 - AYKS2LOzOz4ze+ZsHpRp7b2pTD9neTNZBtu9zbzYn7bPvUm/SacgAnW3DKPg5Mi+BZ5Aqphip9bt - 6jXtuIaG5XXPfd6QT0lV1Una3dd7PfB380i2aHTPbwmxeAH4f3Ykh98bcK+IH268ozmRn49x8QUf - O4/fiux/ofw32QHuC+mijGKRScVoOhN3X5SM3P73I4GMUQdNdPEqghilJo+PeGo3TNpeMA9zKAwI - 9d1uF8JhzIBiA1TqkCXEKJ2MCMqr8NC2PcpU1fpctcJU7VzHFkbcSYupV1DiY6GcrqcQHQU0sHZk - /C69XFCS0RUOUz8IZ02f912O2f3MG3MA0EzlLCaJDPEjQUVngiCjqbhOKhefch/o4bjBSgRLhf6U - sBMhsaPwu4DIHmMVD2GnaRT68rczrXiqgCMBfLBDWaXbo9SjIaYyzr0xyIFF+U5e8hDEl19FejmN - TE444Id+mEAPWMHn7jDuLs8OpxhI5xwMwsO5NIPQx7wGHRZhJgZPI5WJosxiVDK+5WVUMLpWDBi3 - MgiXAdzawvkiQT7xf5jEvkiLYTwajYYxn9kKuqVDPBm0zh0NMP1VGWbC2d7qvdlPJ/KjUY301bgB - Qd5qJ4eN8purH43vVA4M1oBGZ8fvjg/PqUMHZ7R9VSbF/hB/cu52U91oUXeFtdkeDmN6wY+ZJ5Fw - IeedNEt8HLFcEc8bXzkWqGJ4xO22ch7J5VVIEjwHUbTIEVnWYvQaNGDyoVvMrJ8IcwUc9l1DA0PW - jnufBCVqBdutfr/6DaVfY2xowzWcDcs61jZOS7xtLEvMbVkWuNuyLLC3ZVngb8uywODGssThlqXO - 4sDpg/wFJqhA6uuRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwM - kkGlZmGQDCqWRYFkUKlZFEhWMQGvKSqJS1Jzej+d7KDUZ2Eu2EtWH3cpfkOPwtWBz/sAhVleYutL - 9n8fyqOcJv+mObp03Rv3pk+f5GGeqUfTfJUQcGUES+baTr11TipXK31ervNRSVzps7vOR6V3pc/e - Oh+VD+NDDlQZj+C+ZHqbLIGWyndLEq5KMDcZL8oTSlX5usRqwSz6at2iMqG/X1SXA/rT0gJY4mSW - en7BOTtNKJQXhOTPw0AEcsBZIVLZMzKB+0HpCzVY69CP0EOZALXnj2n60jFN+HjN4sXxglkYN8hp - /Jx5YVQkfSNBVirZZxVr7Web/x6gYjtPVbEdqWI7/0LFbuZ0W5XQX1exnf9Ixf4CAAD//xptxY7g - ViwAAAD//+xaXWuDMBT9L4M+Rk38qg+lK2yDvfW5b2liNxhWMUr//u410Zm0drBB8UHwQbw3yfVq - jkfOuYouLHZMyyzktliZhd0WK7PQ22JlFn5brMxCcIuVWRhusbIxii8stu/XwmL7MQuL7V6H+bBY - agb+wmKvlXY6pbTTaCyeNjUXX51bANV+NzWemCOYDEyp18GgXve3OpU4+CrcQNYHeNNw8YlK2Q17 - h6smqrYoOMqgTzeVPWwcehnK+o9CKdKOLRcCHRjvchOfeBRKelxHQXyEqtM0o4wluM6QBCvcScvx - qe6khDUUZP7UgDiDvpjn8sJVhRwVJ71rTtKGGu+j1mnw7S98ferHlNEop0EeMpklIhRxSsU6ljLg - yYnm663cdLOswt2KvcGhx5GCn41MSYi+pLxWkQt0hDAP33pPIx22jFScK+wYjO/4OOwqOH3Zk8Sr - zli/63qaf8Wud2r+Fbv+q7lXDEAkteHIWAvG/5F7YxzE/YTalrY5aTA7ANBC+mtbl1XuHwBmBBpy - zMZDvx9Eh52M6xjnonEl1AZmFyh4/ENfoOARFf8XCr4BAAD//6K3i+lYFMBbEUAnpkNyXDVoqTCU - bQA0N78kMQfIwmwoGQAbW0rVtUqYEriWNRrAlzWiS8AXCaJLwNttwC51ZlF+HqQBBBFKKYWuW4dw - ifFCGbDtS+5yNvT1qBCz4GYCLcpILA7LB6+rgy8Zzc+FuLgaxoSWumTbD17hrw8zV0cpN7EiCDLs - guJX8Iq4ohLHEoi/QQtzQavmQD6Hi6NqNkLRDdUAdm1tbS0AAAD//wMAPZCjjP4wAAA= - headers: - ATL-TraceId: - - 6880543888e56f64 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6269fda9-8a0f-4e71-9017-4a371422dace - x-envoy-upstream-service-time: - - '159' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - fecf7d7fcac25070 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - b908d2ad04fffc67 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 14e17dc4-5b1d-40aa-8e44-a8487cda752c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '187' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6ee7d903-4acf-4f49-8378-c39602d71414 - x-envoy-upstream-service-time: - - '94' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: pg:5.1.0|http://localhost:8080/finding_group/229] in [Security How-to|http://localhost:8080] + in: negotiator:0.5.3|http://localhost:8080/finding_group/10] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2863]\n*Defect - Dojo link:* http://localhost:8080/finding/2863 (2863)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2861]\n*Defect Dojo link:* http://localhost:8080/finding/2861 - (2861)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] + | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)|http://localhost:8080] | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/285]\n*Defect Dojo link:* http://localhost:8080/finding/285 + (285)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]\n*Defect + Dojo link:* http://localhost:8080/finding/284 (284)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: pg:5.1.0"}, "update": {}}' + in: negotiator:0.5.3"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -4129,51 +2673,57 @@ interactions: Connection: - keep-alive Content-Length: - - '7061' + - '3262' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: '' headers: - ATL-TraceId: - - 866d09e6778e9910 - Connection: - - keep-alive + Atl-Traceid: + - bfa8c50cca7df5e1 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 066d76be-e829-47e9-9288-29eed8c52dd1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '383' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4e429f6d-7335-4702-b129-04caa577ea27 - x-envoy-upstream-service-time: - - '101' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4183,109 +2733,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/iQHCH6XA0bbnrcVyg7QfKMMLeOCq25JHkEFr632/X - LxgoYSgNM3i10r4/u9I3B1Yll6kTOxpkChrSNwLy1AwkL8AMTLKAgg9UCZpboaQZQCpsAZYPkgWX - GeQqGyxBG9yDdAalBgPSNmedgSNIcxAEfogLA/kclwtrSxN7XgpzSGyqviiX25wbI7h0JVgPdViP - l8ILPWFMBV6n4AKuUP7geHp0PNwORsiZ18468TfHoNHKJNxCpvRV41yKKxQI/TAY+tEwnBwHYTwa - x9G2Oxpv/uGHvk8+kg17VUKt5pk+krwX+H7tZxN1u0jBJFqUlBHk7jJT8DwfsFQYK2RiWSkgAabm - 7FLpC5ekEyU/6PwpXhhIKg3eUsAlX3LL9SsjvsJOgUWqio2GtZ/uBP4omLTLY3R0pw954FCh0dYx - NxdUo+rcEhXPeW5g4HQ6nLhW8n3gWIHAKLHITiwrjMQptfqC7j0ze610nbu6Gl3uaHGr4L2nH6Sw - FhUQvlppCurv+qxRc3vJNQVmRFHmAhGS3osGk1tDJpqsoslT3G3T3BprM10KSiz+buc58rfQchit - wujZiusS1ijZMO33EVvB5irY/DVbq85YSzxibRSuRuGvWWvBaTpirbXv36m/Vx+b6YIVOznFCmaZ - hgz7+gcYIqZUXjVt1nCSylhV1CPiDC2EW+s2Jj/qaEZHw6XGrMefEw8DXHKLU7EZOj+P92ai3cww - r9GmCcw1uacqiimgufSJGEJmTmx1BZgO1Gk/YrMTpBvfanWkXoukif3bDzxyFYXNQlV5+lqYMudX - bUsgO9GAsVLXPTQnsS7dnLyfNX9dOoN1G2E/MoTSwl49M4eduFcP26ePS1HwDIxHEqZTIpCxENnC - NcusnzHvkNMNo9ChLN0LZdSFkvNzoHFC4Lx3iPrywUQE65AYTCgjC26mpUjeC3lRX8avoaS7WSZd - 1epaXtZ7Nxyp5BSvZn6ewwy4aZCgW8o5fP/h7f7B2fv9venB0fRsOpv9O8P4sIUMpgQPHC+AHeLc - lJaRXSYMUzK/YtiTIielzCr2l9CcHWoosG9ZZRC1bt2l96PYRoX+tfD9aP41dporA6uH6e+b6k4j - YyEyIXl+/1D7smjTW+M6R++6WYCVzSTcnK5K6tonILl5KzwTfI3wzX1193r/OTz2ePuTJxf4lOog - 1ylvbO21j5pfcrh7GTU9g0bC7nqVcEndrXKlDxpvzvMKhpnGKdE/DxR7rZpiq6LEx560bRUeq9/d - 5HyWt/92WaZVVdLL542QKY45wxD57BxAsrIyC0hrzO3Pdul7DkzIJRkg0KQMH60MbwdIY1K2CF32 - ltR9li/q74uYndyoFTJmZRaP3cD1ryl1mLlcJTxfKGPjiT/xvXlz9qz2yQvD7VOUYidHdI3hpGHv - 1OXQqoeFT5nHTgJj2X8V1xY0m8oMu6rAHD0icHD4D9utsGXZUcLlmoNNqq6v2RFgL5AjSO99nNaf - T82nqwct2suSyGNhsWtJtK4/UqiI0WBj1+wEdQxD7NRhsOlPwto64SlZglsIq8FVOvOSTAzPhSQu - wcDF9Ssidu5Kn5LC7ahXcnlbCfYkJ5wKfLZRL3vbkbuwRU5SZYb/6rKQihB/MyiUBQwqBTZdYfZJ - hg3Zb4fZgG3k9iUL3SBwQ8Y2Mvtyh41cH4XrjZG76Uas24j6jcgdu1sdf9zzxy7q6vibPZ/Icc8n - 71p+4G72/LDnh7fPj3r+yB31/KjnR30AW71dIm/xb+wSGf6+BiGYuF285ZcwoOLXz132UKW31lX6 - fwAAAP//7FjbTttAEP2VkZCQkwZHSQptg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQ - WvUBgpLYs7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn - 1u3qNe24hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3Hx - BR87j9+K7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3Mo - DAj13W4XwmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSw - dmT8Lr1cUJLRFQ5TPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhuMFKBEuF - /pSwEyGxo/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6 - OY1MTjjgh36YQA9YwefuMO4uzw6nGEjnHAzCw7k0g9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYM - GLcyCJcB3NrC+SJBPvF/mMS+SIthPBqNhjGf2Qq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTV - uAFB3monh43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5kn - kXAh5500S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMD - Q9aOe58EJWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGW - pc7iwOmD/AUmqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjU - LAySQaVmYZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i - 60v2fx/Ko5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXel - z946H5UP40MOVBmP4L5kepssgZbKd0sSrkowNxkvyhNKVfm6xGrBLPpq3aIyob9fVJcD+tPSAlji - ZJZ6fsE5O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3 - yGn8nHlhVCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3F - juBWLAAAAP//7Fpda4MwFP0vgz5GTTRaH0pX2AZ763Pf0sRuMKziB/37u9dEZ9LawQbFB8EH8d4k - 16s5HjnnKrqw2DEts5DbYmUWdluszEJvi5VZ+G2xMgvBLVZmYbjFysYovrDYvl8Li+3HLCy2ex3m - w2KpGfgLi71W2umU0k6jPoAiXFMJ+dW5BVDtd1P5xBzBZGBKvQ4G9bq/1anEwVfhBtJBBW4aIT9R - Kbth73DVxLrNc4Ey6NNNZQ8bh16GovqjUIq0YyukRAfGu9rwk4hCRY/rKOBHqDpJUspYjOsMSbDC - nbQMn+pOKVijhsyfGhBn0BfzXFxEXSJHxUnvmpO0ocb7qHQafPtzX5/6nDIaZTTIQqbSWIaSJ1Su - uVKBiE80W2/VpptlFe5W7A0OPY7k4mxkSkL0pdpra3KBjhDm4VvvaaTDlpFSiBo7BuM7Pg67Ck5f - 9iT2yjPW77qe5l+x652af8Wu/2ruFQMQKW04MtaC8X/k3hgHcT+htqVtThrMDgC0kP7aVkWZ+QeA - GYmGHLPx0O8H0WEn4zrGuWhcCZWB2QUKHv/QFyh4RMX/hYJvAAAA//+it4vpWBSgNzeA7Sel6lqQ - HljzAuj2dEhWrAatIYayDYAW5pck5gBZWEzBtazRAL6sEV0CvkgQXQLebgN2qTOL8vMgDSCIUEop - dN06hEuUS/NzISZUw5jQUpCMkg9pxb0+zFwdpdzEiiDIMAiK3eAVakUljiUQd5QB2+DkLqtDXxcL - MQtuJtCqjMTisHzw+j7Y0lXQwlzQqjmQjXB3oDrWCMW1UA3g0KmtrQUAAAD//wMAUnyhBP4wAAA= - headers: - ATL-TraceId: - - db395165070f06d0 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dNqU4iVbkdnJdFxbSdy6risryYPj8cDkikJNAiwA6mjs/95d + HlJ8KBO709gPJAHs/e2H1ScHliWXqRM7GmQKGtLXAvLUuJIXYFyTzKDgripBcyuUNC6kwhZguZvM + uMwgV5k7B21wD9IxlBoMSNueTSpjVTElhZdhEISBp+HvCoydrEo41TyxIgHHdQTZD8OXewP8MJBP + 8XNmbWli309hColN1V/K4zbnxgguPQnWR0vW56XwI18YU4HfKbiGFcqfTEZnk164szvEpdoF48Sf + HIO+VSbhFjKlV00MKX6hRBREUS8Y9sK9SRDEURgHfW93sPtjEAUBOUlGLDpeq3mmkyTvYyqCaB12 + +5GCSbQoKXG4us9MwfPcZakwVsjEslJAAkxN2ULpa4+kEyXf6fyJXlRSULl4fsnn3HLtzwUs/Nqt + jYPtVhj0w+HPRvwDrwose1WgVYIFmpxwc021qq4svcVTnhtwnUbwCOOqZV1nJhA4OpmtjmEO6Gtw + 6zpWILJKRIkTywpjdO7BpB90G6VWf2FEz0x4K12nuy5gl276+Awkm6jeSWEtKjDO2jYh9bf6rFFT + u+Ca8GpEUeYCHU7vRY71qFG2M1zuDJ/o7hcq00WyrstO8BLdiHaW0c7/a6Wpfo1FNBgOluHgWxhc + dhb70bIffQuLLcBvbx/CMdyG06jbmIrl+4YDsfrnF4iGLNOQIa08wDr6qfKq6fJHtUYvt20Mt23s + PVTeUFqzSoRRs7cT90LXwazZ95gRAm97gFuk+YYen95mDflu6NZv1Glqovr1QFUUf0gU+oEWhMyc + 2OoKbltWJW1aJE1WPj1YI8/wqJmpKk8PhSlzvmobj8qlAYOl3n6MwMO9oCPw+2lb08z9jW0Fj9YF + v7/R3zCWUFrY1TNz2Yn79fXw9QQvCp6B8UnCdEoELsxENvPMPNtQ3Ftc6bgwcm4JDldApEWwvX9f + D7bEG27DaDikwGfcjEqRHAt5/Zp2DqGk2UImXdXqWi7qvfWKVHKEowW/ymEM3DRI0O2bc3r87s3R + yeXx0cHo5Gx0ORqP/xhjGNhcBiPHA5MZsFNkZ2kZ2WXCMCXzFcNOFzkpZVaxX4Xm7FRDga3OKoMY + 9R7r+BAbygluRBAMi2nsNDcWFgmzvOmqOy2O+c6E5Pn9Q+1k1Ka3xnWO3nUsgQXMJKxPVyW17Vcg + uRlinomxRnh9K96dO54Guw2sfuHJNY6CHbI65Y2tg3ba+k8OdyNb0xpoJOoucQkL6m6VK33SeHOV + V9DLNLLEZmBR7FA1xVZFicOqtG0VvlS/u8n5KD//32eZVlVJI9lrIVMkNcMQ+ewKQLKyMjNIa8wd + jffpeQVMyDkZINCkDIduhvcGpDEpm0Uee0PqPsoX9fNFzM7XaoWMmcToreBW6Tjwdr3+DaUQM5ir + hOczZWw8DIaBP21kLmvfsMgXKMzOzyCpiFfYW7XoWfW47AXz2XloLPuz4tqCZiOZYXMVmKovCJyc + /s72K+xcdpZwueVgk7GbG3aGY2DtCL4fvB/Vjw/NoysLfbS3Kb1OhMXmJdEaBviGihjRGLth56ij + F2HD9nDejMLaOsFKzlNP4uTsZWruz6tcItAsEoF/9/wFqegHwVouWYBXCKvBUzrzsRs5IVTgWEhd + 7ONRb2aLnOQ29cCPuiKkLMK/MWRVzjF9S/o1VMdxCFLwnKByBnqOP3pYj31/stbgsu9y+9MrVDPw + gh+25BDV7+N1OAeX0lNPn+yxXAwwtt3+3lfn4l8AAAD//+xZ227aQBD9lVWlVIBig41tCFWUItFI + kZoKNWof0hcW7wKuAFu+kJd8fM+s1+YSLi1REJUiENjemd3ZuZzZGWt6pQvn73XhHNTFafWAwCmc + q1NTOqFnrNbLJOsh4vDwQUapyazWJSN8ZevhXHwmllnGs7pvmm9p1iJg63bbRZjUegoQgVW/Q0ap + AmIf5GMV/FS3KWD/9lkNsYeBX/gzjgoDrAkvUlO8LhDXbVB7CLMY2rwNphJAKHONfxynn7jvYxfq + cul0K4y9JWDXAKylGCGQXGOgGYR1LhZBAtCXlAdbwPIRaR2OVCRssulgucKA4WjBSH6Us/owEWt/ + 0NKRP4jSHxLtDzxNkRmTS/Y0CfwJw4l2PAayZoA6FnGsNR8zzlAh+GDEccWP+YjkGHTVRo2vfD7O + AMIDNpFcgHPBkdvMfLfs51Kg+1BkU7maJtbHi/qks+qTIOmrw7ooxjE8Loat9RlAOQE7HsLLVZB3 + DhuG0L1DP+RfuKVtJZglyobTwNdGuw9UUtQ2+6FOQaRhbYxcGAZwmWIg1psH390s4n5KPN9CFqgb + hgpvEQgp1tzpO4IKR0Ms/S9OoVmjkJIh+XiFi1kwr7JK9XkGH07DTum3W1HjzRHDORIxHEIM57WI + cVSyeIEYx6arVQOfGjG8d8Q4AWI4/xdieCXrAcR42YqwdrUiLKcYoColjeEZqnlC7ZBNUnfHHI2d + A2V5X+xpF+Gucr9RtqSU106oVNjSANusqjZnKftXSTabcaoTP+wtfUiB1PQJ4yMrSir9b+B/1Ji6 + E9fuiDtNYQ3bTsMdQqBW68qybY8K2JIIK+whk2TdrhDk26BcymDojuPn8IknEYEjTbq3V6yMIU2U + r4rMRL1a9Ctdy7YcaTVk0xZXnt/03Zblt10hGtwbWbJ9I67VLBfN7oV9i2/OZ8z4XBdyhpE/Ssws + MZ6gEcM2IaIw8/AilRkR5wlpDPwKwPk0wWWvb3hmNCf5N/vO5y/xZuP6/CXebHyfu8QAJJF3ZnUP + ZvVY0tfvcSieqHLLu785qD2i6Af5lywOI1l/BA751KDUgUevXzBaRjKto1866fZNrOH2HQqONPof + AAAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMCbGUAnpkNyXDVo5hbKNgCam1+SCJ13Rm924Jrm + McA1zWMAn+ZBl4A301LzyjKL8vMgDSHoGHIpdIEBhEuUS/NzISZUw5jQwo6MAg5pbYQ+zFwdpdzE + iqDU4tIckMFIdoNH7ItKHEsg7ijLL6HetCDEMLihQLsyEovD8sETHrC5PNBUJWgaAWQl3CGorjVC + cS5UAzh4amtrAQAAAP//AwBdJZ7KzyIAAA== + headers: + Atl-Traceid: + - cc04e57880541bdb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 84d7f53d-9f87-4241-9ae7-d9d638877ed8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '263' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9e607e69-dd33-44c0-a692-6fe666fe3ab2 - x-envoy-upstream-service-time: - - '163' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4295,174 +2840,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J201qbqIHFVmFdk+ySJJOsJImpU2FZdn/boKLH7fhneeZ - lzkRJRfcz5YI8h7CtIjNpkeDOvT+wxcyWLksg3SFw0Ay8onzMngXYQpACyggb3c3L+39c/e73a2j - ihMRrwnKIINDRnqcrD+O6EJ3nDAeuLV+7aOk1sH23woRSdjyS3gnQwJLKGkOdV7yjtYCqKjqAgCu - oASI/oJz7O2G8R/bdLQUFRNwXbCm/mH1+OCMjyAvG862RkldYSWRgTaMM9UrycFoAFnXnCus/hQE - mxoeh1mS9I6Rqw1PXssUn4i9TATd274l5/MXAAAA//8DANWb3UtaAQAA - headers: - ATL-TraceId: - - 7f414d921da7bce6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + H4sIAAAAAAAAA1SPT0vEMBDFv8tcbbOTtE1rbqIHFVmF7Z5kkbRJsJImpUmFZdnvboqLf2AOjze/ + N485QSeD3s8WBLzHOAWx2ShtdB+V//BERitDGKQjTkfI4FPPYfAuwRSREiSY77Y3L7v75/Z3u13G + LikQryuUYYaHDJSerD+O2sX2OOl04Nb6RaVQtwxWfUdApADD6mLeybiCDBnLsclp3WIjsBasIoh4 + lUhM+aDn1NsO4z/2ukUUjKYhnLEfth8fnPEJ5CWtTWGMKeqGMY5Fg1hWknHaS1S8r+tSY8H/FkS7 + NjwOs4T1HSMXG598L1f7BPaiQLu3/Q7O5y8AAAD//wMA6PNEG1oBAAA= + headers: + Atl-Traceid: + - 19bf490299c3965f + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 22a8211a-2a14-4bbb-87ed-d08eaa600fc2 - x-envoy-upstream-service-time: - - '28' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 04a10aff7909f287 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:09 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bb016008-16cd-492f-a8da-1466a2b9e432 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6314a0fd-c1d2-448b-bbd6-b1ee80e3ee78 - x-envoy-upstream-service-time: - - '71' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4472,96 +2910,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhykLXc9joO0/UAZRtgbW8WRPJKchCv977cr - 20DThqP0YAbLa+3bs8+uxGcPlhWXmZd4GmQGGrJXAsrM9CSfgemZtIAZ76kKNLdCSdODTNgZWN5L - Cy5zKFXem4M2+A2yE6g0GJC22ev1PEGWoygKB/hioJzia2FtZZIgyGAKqc3UJ+VzW3JjBJe+BBug - DRvwSgRxIIypIegMXME16h9NxqeT/k40RMnUBeslnz2DTmuTcgu50tdNcBm+oUIcxlE/HPbj0SSK - k8Fmshn6O5vbv4RxGFKM5MNeV+DMPDFG0g+iMAzj26zblwxMqkVFiKB0j5kZL8sey4SxQqaWVQJS - YGrKFkpf+aSdKvlOl4+JwkBaawjmAhZ8zi3XL434B3ZnWKR69qwRHWa7iF40al8nGOjuXco9jwqN - vibcXFGN6ktLq2TKSwM9r7PhJc7Il55nBRKjwiJ7iawxE6/S6hOG90T0Wm2HnatGhx293Cv4XaTv - pLAWDRC/Wm1K6g+316ipXXBNiRkxq0qBDMlWskFwHWWGo+Vw9JhwW5hbZy3SlSBg8ec+zsNwGz3H - w2U8fLJhV0LHkmemfT7gK9paRls/52vZOWsXD3gbxMtB/HPeWnKabrHW25cv1N/L9810wYqdnWMF - 81xDjn39DQ2RU6qsmzZrJGltrJq5EXGBHuLtdR9G39poRkcjpcZ0489L+lHPwzTte+w44lWzwbUT - cVqLtAng8zcyYhwmZApVl9mBMFXJr1teonjBLU7aZpD9eA81U/J2LgaNNU0N4pb7qiacIor0AwmE - zL3E6ppcpxowV+q6783JrdFmNydXUQvXwRmt+xDfjQyhtLDXT8y3Uw/csH38uBQznoMJSMN0RgQK - CpEXvpnndzPmDUq6YRR7hNJKKoMulZJfAo0TIufKJurL7wIRrWNiNCJECm7GlUjfCnnlDuMDqOhs - lmlHGEejhft2K5FKjvFo5pclnAA3DQl1u/KO3757fXh08fZwf3x0Or4Yn5z8dYL5YQsZhAQ3TApg - xzg3pWXklwnDlCyvGfakKMkos4r9LjRnxxpm2LesNsgw33XpahY7aDC8EWE4zLcTb6VpEfRcSF5i - ObEed11G31Zl7c2ihdfRvMToulmAlc0l3O6uK+raRzC5uSs8kXyN8u159fXx/mN8vOPbbzy9wqtU - R7nOeONrv73U/FTA3c2o6Rl0EnfHq4QFdbcqlT5qorksa+jnGgfU3fVAsQPVFFvNKrzsSdtW4aGa - fg3OR3n/d4/lWtUV3XxeCZnhSDIMmc8uASSralNA5jh3eLJHz0tgQs7JAREpY3hpZXg6QJaQsSL2 - 2Wsy91FuuOdGws5uzQqZsCkiUiShP/DDG0IPwStVystCGZuMwlEYTJvtFy6sIB6E56jIzk7pJMNh - w96oRd+q7yufs4CdRcayv2uuLWg2ljk21gxhekDh6PhPtldj17LTlMs1Gxu0bm7YKWA7UCC43n8/ - do8PzaMrCb205yUtJ8Ji45KqowCu0BCj2cZu2Bna6Mc4i/rRVhTtOO9EqXQO/kxYDb7SeZDmon8p - JEmJCT6+v6TF7tfa52RwGDbQOiuL+1awLzlxVeDVjfo5wK1+YWcl6bnK4NPVhuycQF6XHDFc0r8T - LpkDkIKXxJVT0HOBF+Y+e/6KFHvsWWl/ReVNP36xBkI0uoeH8Bx6hI67ErIbQnXjN81lWgQTnicb - 7AgxbKS1KLPDg/sihBjTIYIW98TdbxH5tyR27wP//0+jI2gQj7ZipMXGgWt+7MtPitFYxMD+W5E9 - p78vUL3l078AAAD//+xZbWvbMBD+KyZQaEft2E6cthmlC6yDfegoHeug24eqktMaYsv4Jd3o8t/3 - nCQrjoPLVkrph8LobN/pdNKdHj13+Y1hlBK0yO+nePmB/9ynxJIsXGoLz5la622+rBcZClG6jWzK - m5ONjVT5s1bG9ljweQeQaJzIJFDJnGkvkUMmlkkJAAMPiMIJcGlOu4oMaS4fCte1muTawQ3pLNde - AJcKE+V4HWVho1yaKN/fEaYx2MtuHbBWDjkuV16wOc1EVymwJq8r72fmtFZ5JkW9iM0SN0UNLZ62 - Egca54r6iUYM6W31/tiKWwageYfR+Njs3dSsgYaoGfdbH1DWix5BsYxdumQSvq2opXO2pGvRfsak - lGv0hzINrzPOYW8K4L9ZJFzF7yxRWG/C901d7rTjJi56TY4snAUEhafGfE5zxivS/yKdRL04qEGW - iYiFUvhaxXmp44bvouaxVjbH/AJHCiQIvvxPyqiBuSTgp+zfZSJNsj1nd+9PCvZUySlyeJtAB30E - Ohi3OVFVgBsowk71Q1c16rHh9wr6SKlvSWmz1D5FWy5t8Lru3d8ddWRHVRXjd3Q1agJR1mnKiN0M - +i5s2juqUmTxRApEB+yEcU51EOrLaM7GIxHcHI796Aa+HRwcBWE4oXmsEmZ4RC2mwM6EoEMAzbUP - rql4P8h7VuaEc2T00baDLpU98C2l5oFgDfXjMArCYBwHfjwKxdGEj3h0EPDDSAifTeZBfHgijpWV - ndFsJ/yEf3qcm7LMsA/X1Z9Kry7de+yIG3qU+J4+aLRlbs5YSTuG8QrUUVDg8eO5O/HyjPzv9jNe - v8fdrsjr97jbWXntHgOLhO5imKKhzUbOTUuQzhPxLt1s0Hh2BayF+mldyDweXgFpOJXa5uBRJw9S - e5JpHtOTNPVGYZD2DQpePuhvUPASHr9BQS8UWMYBF2/1iXugHwHMsw+7smILPG1zJR98a/CwGmwL - +hqWvm1YdgW2/dcVWOoWZ8ukkJmmOaYbUptfpPTrPy0BZaey8NA8GhR8AvK1fksbNnb3Byn7dRGX - 9YIMt+ZWvaeimlXaj6Wsnq07rW1Zm5gKVfWlVJ072w+XheqH0YzWj01nww1vzQC1O6vV6i8AAAD/ - /wMA6LCEN9gcAAA= - headers: - ATL-TraceId: - - e06d926ce31cff07 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW60/cRhD/V1b+EFXpnV/34HAUVZRcElpKKZDkA0FosefsDfauu7u+Oxryv3fG + j3NyhChQNZyE7Zmd929m56MD65LLxIkcDTIBDclLAXliBpIXYAYmzqDgA1WC5lYoaQaQCFuA5YM4 + 4zKFXKWDJWiDPEhOoNRgQNr2bFwZq4oFKbwMfD/wXQ1/V2Ds2U0Jx5rHVsTgDBxB9oNgZ3cHPwzk + C/zMrC1N5HkJLCC2ifqgXG5zbozg0pVgPbRkPV4KL/SEMRV4nYJruEH5o7P56dkwGE92kVS7YJzo + o2PQt8rE3EKq9E0TQ4JfKBH6YTj0Z8Ng98z3ozCI/Kk72gl/9kPfJyfJiEXHazWPdJLkPUyFH27C + bj8SMLEWJSUOqXvMFDzPBywRxgoZW1YKiIGpBVspfe2SdKzkG50/0ItKCioXzy/5kluuvaWAlVe7 + 1TvYsgJ/FMx+MeIfeF5g2asCrRIs0OQZN9dUq+rK0lu04LmBgdMIHmBctezAyQQCR8fZzSEsAX31 + Pw0cKxBZJaLEiWSFMTpbMBn5HaPU6gNG9MiEt9J1uusCdummj89A0kf1RgprUYFxNrYJqb/XZ41a + 2BXXhFcjijIX6HCyFTnWo0bZeLYezx7o7jcq00WyqcvYJ6CH43U4/n+tNNWvsYgGg+k6mP4Ig+vO + 4ihcj8IfYbEF+KdPd+EY3IfTsGMsxPptMwOx+ucXiIY01ZDiWLmDdfRT5VXT5V/VGu7cx5jdx9i9 + q7wZaQ2VBkY9vZ1oGLRzjNKlRdz48fEOjUCMmTCZqvLkhTBlzm9aqCMZ827fYk4J/q0JbvGiaAbs + wxu1Gd/9wPYadZrasH7dVxVlsHb+HRGETJ3I6oq8iTVgsNTbdwf4xN3d8bsBvp22zZjZZtxX8HBT + 8G3GqJ9YQmlhbx6ZiU7cq6+H7x/wouApGI8kTKdEICETaeaaZdqPuNdI6WZh6NTFvAIaWgTb7ft6 + ek+8wX0YDWYUeMbNvBTxoZDXL4nzAkraLWTcYahG1qrmbShSyTmuFvwqhxPgpsGlbt+c48M3rw6O + Lg8P9udHp/PL+cnJnycYBjaXwcjxwFkG7Bins7SM7DJhmJL5DcNOFzkpZVax34Tm7FhDga3OKoMI + c7/W8QE2lOPfCt+fFTJyttoZc5sKyXOsGqa9bzPibdPazahNb43zHL3rpgQWMJWwOV2V1LbfgeRm + iXkkxhrhza345d7xMNj1sPqVx9e4CnbI6pQ3tvbbbes/OdytbE1roJGwu8QlrKi7Va70UePNVV7B + MNU4s/qFRbEXqim2KkpcVqVtq/Ctmn6ZnPfy898eS7WqSlrJXgqZ4EgyDJHPrgAkKyuTQVJj7uBk + j55XwIRckgECUsJw6WZ4b0ASkbIsdNkrUvdePq2fTyN2vlErZMTKNJq4gevfUuowc7mKeZ4pY6OZ + P/O9RXP2svYJV+ELFGLnpxBXNE/Ya7UaWvV12QvmsfPAWPZXxbUFzeYyxaYqMEXfEDg6/oPtVdix + 7DTm8p6DTaZub9kprn+1I/i+/3ZeP941j64c9NHeovR6Jiw2LYnW5cc3VMRofLFbdo46hiE26jCY + +rOwtk5wksvElbgxu6laessqlwgwiwPA+/L8BanYHW/E4hW4hbAaXKVTD5uQEzAFboPUvN7u2M1s + kZNUmeK/ug6kIsS/EyiUBQwjATZfY75Jhg3ZT8fpgD3J7TMWukHghow9Se2z52zk+ihcM0bu1B2z + jjHuGWN34u509ElPn7ioq6NPezq9Tno6edfSA3fa08OeHvbn/wUAAP//7FhdT9swFP0rV0JCadam + okCLOvUBAQ+TBprWbS/rpIbU0GxpUuKkMDH++861HdehLYiOhz0AqKS+vvb1uV/HwSVnOb4f7C/H + D5bjB8sD9Jb78qMzbvflx05jQ0wAuGOQjIVosrsVi6Z1vu290Ldm/mv59s2vr+NXFLQq+fu+8jGP + kX9aCjpFJcTgUMyLgPZ6TeK+R/UyW/1O9wJbZ9X3/eAtAbdxVNUq2p2jIxRo/1S1YHTHnxkxOYFD + ntUjDx+Nda592rHko+pD8B3/WlskKXZEtqsF/q0B1GPLH2ZlHgnEVyJ8brUtXBRnsRQM7PzamXi6 + JAQ+GrfdFsEnTa8N4qwdThaxBKkABT/sdMAVrhhjJERFCJk1jOfXYwLZgn0phZTrOI44joWNYz6D + yMPLOOHuWUzDgrIIG0m6nYJnFKC9RpFRuwyloCynG9zmfhMunhHnocTqUR5esQGgSeUsJWZFgco0 + EOdcEJgzFbdZpRKRjEQa4iLB5ANbxdGU0OrBqpP4lwCvvsIuIcyez5M4Uq/7DMmpDE4E8EHOMjF3 + Z+mjwaYyleEVigXz8JYseQrskzeJ2c4gI2kWQjnOwAEc42UwSjurq0MpBdKSjYF5uDbm4PZY16LD + vMvaEBqkclGUeYrgxpMsk4LRdWzAvLVGBAzgzg6uFBn8ib+TLI0Q86N0PB6PUr6NFXRPJzgZ+M0D + DYjff8a58HZ37jo9hJb+36jmRnrmgMBpjZrHQvUUmMPxSKXAcA1oPDz7eHbyhfboeEi7N2VWvB/h + Ry/e9vUIknCd2G+PkJfv+KgyS0QAFu8h+iPcrAKRLho/2BqQYaik7bbWHisDtFEKQA92NMkTed5k + BBs04Myhe6xszoS1Jmz4Q8OAQ99soNB5NikRL8Sp5o5XL1X6tToOTrihkkOyqZZbpZVqbiUr9dyR + PKrojuRRTXckj6q6I3lU161kpbI7knptB06f1EuSSQVS38w0IBlUsJ4DF2NkMOGNXLgYIwOKEVVw + MUYWFEdS9bwKlZqIQbKo1CQMkkWlJmGQLCo1CYNkUXEkGiSLSk2iQXKCCXhNEUkcki1N8/qrhZ5v + JX3+QHfCt+OI8wCBWV4i/U0POI/VHc60AN9eWjrBXXDXp6/qFs8FyBT7yiWomAkkeeAq7W9S0t5a + q3OwSUe7ca3O4SYd7eC1Ot1NOtojVoc8uuAOpLqT7XAqCJra401VdrWLudWEicxorgM4ICYSdtPe + pk2VS5/e1AQEutTKBsZ3H2bzMCrYbxcZxeoLIQQW8URMlm0eEz+DFeUC1Vy+pM8b1XnG92imKV44 + mcVpg7zGnxloSJH1LfVYS2jfyKyTwG7Be57Mdrcks10ms93/gcxue+N1A/flZPYvAAAA//8irTFr + ONqYHU6NWQAAAAD//+yaX2vCMBTFv8vAx3RJ27T6IE7YBnvz2beYVAejf2ha/Pq7t0m7prMO9jAK + C/gg9ia5JuR45Py8mfVm1jFnjqY75sxRdcecObrumDNH2R1zNtZ2b2b7/fJm1pvZZZhZNgz9wcx+ + D9bZXLDO4nFW2tRCfnRBPqIG01I+MwedfTCE1f13miucC6/pHGBBB8BCNI2Q75iM3eA8puGhbvNc + YOr5cDPIw41DdKGsf5mLotfYCSkRjnhTW34WcaTYaR1TfoKu03TDwjDBdYYiWOFOWYanulcK1tBQ + +dUDCgtyM0/lVegKbS1Oepd46g4hCy61KYOf+7ynbjgLWZwxmkWh2iQykjxlcs2VoiI5s2y9U9tu + llW0X4Wv8DLjSC4KG0sSYj7SQavJFXaEhAG0qAIjbbhlpBJC447B+M56wyWCt88HkgRVgf1P6anl + dzzFr5bf8RTfWnrHIETK0E6WJBj/nzxYGhHvE+ZchkAyYnYsCyx/aeuyyh6PoD8SMRt78RAihKfD + TcZ1LDppIYTayqyXgr8/9H8qBZ8AAAD//6Kzi0eLApxFAbwVAXRiOiTHVYPWH0PZBkBz80sSoaun + 0dsmuBYrGuBarGgAX6yILgFvngG7yplF+XmQdg5EKKUUukwewiXGpWXAFi25i9QwloRCDIMbCrQp + I7E4LB+8XA62LhWYhCBOroYxoaUr2Q4AbynQh5mro5SbWBEEGVNB8Sx4oVtRiWMJxOOgBbegxXAg + r8PFUTUboeiGagC7tra2FgAAAP//AwC5XV54lTEAAA== + headers: + Atl-Traceid: + - f8d4da771a7329d9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 760b9972-ecd7-44af-b552-fb9fb40b1cce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '271' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5ff73864-6169-4606-a0b2-f4a80aee5e9b - x-envoy-upstream-service-time: - - '137' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4571,98 +3028,167 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== - headers: - ATL-TraceId: - - 62e9dfacea10861b - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - b46c59e3e146395e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9d8bd398-3560-4ec7-96c1-83197f989d14 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '167' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1eec6fb3-ebc0-439f-9fca-44e7739ef077 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings - in: fresh:0.3.0|http://localhost:8080/finding_group/230] in [Security How-to|http://localhost:8080] + in: pg:5.1.0|http://localhost:8080/finding_group/11] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2862]\n*Defect Dojo link:* - http://localhost:8080/finding/2862 (2862)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] + | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] + | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]\n*Defect + Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/286]\n*Defect Dojo link:* http://localhost:8080/finding/286 + (286)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings - in: fresh:0.3.0"}, "update": {}}' + in: pg:5.1.0"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -4673,51 +3199,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1903' + - '7044' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: '' headers: - ATL-TraceId: - - bdad14929f1d254d - Connection: - - keep-alive + Atl-Traceid: + - 54c54a940f5f83ed + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 53822271-24aa-471a-abe0-7cf5d919752e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '214' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cc26a4d0-999b-4362-af7c-7f9af371b71e - x-envoy-upstream-service-time: - - '114' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4727,96 +3259,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhykLXc9joO0/UAZRtgbW8WRPJKchCv899uV - bd7acJQezKAXa9+efXYlvnqwrLjMvMTTIDPQkL0RUGamJ/kMTM+kBcx4T1WguRVKmh5kws7A8l5a - cJlDqfLeHLTBb5AdQaXBgLTNWa/nCdIcRVE4wIWBcorLwtrKJEGQwRRSm6kvyue25MYILn0JNkAd - NuCVCOJAGFND0Cm4gEuUP5iMjyf9rWiIO1PnrJd89QwarU3KLeRKXzbOZbhCgTiMo3447MejSRQn - g/VkPfS31jd/CeMwJB/Jhr2swKl5po8kH0RhGMY3UbeLDEyqRUWI4O4OMzNelj2WCWOFTC2rBKTA - 1JQtlL7wSTpV8oMun+KFgbTWEMwFLPicW65fG/EPbM8wSfXsRbO1n20jetGoXU7Q0e3bkHseJRpt - Tbi5oBzV55ZmyZSXBnpep8NLnJLrnmcFEqPCJHuJrDESr9LqC7r3TPRaaYedy0aHHS3uJPzW0w9S - WIsKiF+tNAX1hztr1NQuuKbAjJhVpUCGZA+iQXAdZYaj5XD0FHdbmFtjLdKVIGDx5y7Ow3ATLcfD - ZTx8tmKXQseSF6YdH7EVbSyjjZ+zteyMtZNHrA3i5SD+OWstOU03WWnt+prqe/mx6S6YsZNTzGCe - a8ixrr+hIXJKlXVTZs1OWhurZq5FnKGFeHPVh9G3OprW0exSYbr25yX9qOdhmPYjVhzxqj3ALfbJ - pg39eAU0Pe6mqwWNNk30dtNdVVOUEXWqT7QhZO4lVtdw3TYvUqZF2sT+9Zs9cgyPmkLVZbYnTFXy - y7YkcDvVgLFS1X2vT26M1rs++RC1cBWc0aoP8aoPg9teIpQW9vKZUHbigevCT++jYsZzMAFJmE6J - wI1C5IVv5vlt83mHO12Xir1rYsM5UDshcj4Ii+ryu/FGq5gYjSjwgptxJdL3Ql64y3gPKrqbZdpl - zeVy4b7d7Eglx3g18/MSjoCbhgm6nXmH7z+83T84e7+/Oz44Hp+Nj47+OsIwsIQMRo4HJgWwQ+yb - 0jKyy4RhSpaXDGtSlKSUWcV+F5qzQw0zrFtWG+So76r0YRRbqDC8EmE4zDcTr7kyMEmI8m1R3Stk - xDsXkpcPD7UvixZex+sSvet6ASYwl3Bzuq6oap/A5Oat8EyONcI399X96/3HaHdLq994eoFPqY5Z - nfLG1m77qPkph7uXUVMaaCTurlcJC6puVSp90HhzXtbQzzV2idvngWJ7qkm2mlX42JO2zcJj+bsP - zmd593eH5VrVFb183giZYVMzDJnPzgEkq2pTQOY4t3+0Q+M5MCHnZIBIkzF8tDK8HSBLSFkR++wt - qfss19y4lrCTG7VCJmyKiBRJ6A/88IrQQ/BKlfKyUMYmo3AUBtPm+JlzK4gH4SkKspNjusmwp7B3 - atG36vvCpyxgJ5Gx7O+aawuajWWOhTVDmB4RODj8k+3UWLXsOOVyxcEGrasrdgxYDuQIznc/jt3w - qRm6lNCivS9pOhEWC5dEHQVwhooYtTB2xU5QRz/GXtSPNqJoy1knSqVz8GfCavCVzoM0F/1zIWmX - mODj+jVNtu9Ln5LCYdhA67Qs7mrBuuTEVYFPN6rnAI/6hZ2VJOcyg6PLDek5grwuOWK4pH8nXDB7 - IAUviSvHoOcCH8x99vINCfbYi9L+isLrfvxqBYSodAdvwjn0CB33JGRXhOrab5rLtAgmPE/W2AFi - 2OzWosz29+5uIcQYDhG0uLPd/RaRf0Nitx74/38YHUGDeLQRIy3W9lzxY11+UYzaIjr234LsJf19 - heItn/4FAAD//+xZbWvbMBD+KyYwaEft2E6cthmlC6yDfegoHeug24eqktMaYsv4rRtd/vuek2TF - SeaylVL6oTA623c6naTTc89dfmEYhQQt8tsJXr7jP/cxZ0kWLrSFpwyt1TZf1IsMhShlIxvy5mZj - I1X8rJSxPRZ83gIkWicyCVQyd9pL5JCJJikBYEj3UTgBLs1pVxEhbfKh47pSk1w5yJBOs/ICuFSY - U45XpyzsKZfmlO9uCdMY7GU3DlgrhxzJlRdsTjNRKgXW5HXl/ciczipPpagXsVniuqilxdNO4EDj - TJFH0YohvaneHVlxxwA0bzEaH9u9m5o10BA1417nA8p60SMomtilJJPwbUUtnbOG0qL9jEkp1ugP - RRpeZ5zD3hTAf71IuDq/00RhvTm+ryq5046bc9FrcmThLCAoPDXmU5ozXpH+Z+kk6sVBDdIkIhZK - 4UsV56U+N3wXNY+1srnm57hSIEHw5X9CRg3MJQE/Rf8OE2mS7To7u79TsKdKThHD2wQ66CPQwbgV - UG6tCnADRfmJxG+qRj02/F6BJaXtivoU+0iqb8ulNQ63mftZVTF+Sxnwr+TYP7R+1GnKiN0M+hI2 - 7R1VKbJ4JAWiC3bMOKdKCvVlNGfjkQiuD8Z+dA1f9vcPgzCc0DxWCTM8oBbTwc6EoEsAzZUPrql4 - 38s7VuaEc2T0wbaDLpU98C2l5oFgDfXjMArCYBwHfjwKxeGEj3i0H/CDSAifTeZBfHAsjpSVN6PZ - m/Aj/ulxbsoywz5cV38qvbp077AjbuhR4Hv6otGWuTljJe0YxitQR0GBxw9n7sTLM/J/s5/x8j3e - 7Iq8fI83Oysv3WNgkdCtBFM0dNnImWkJ0n0i3qXbFRrPLoG1UD+pC5nHw0tAEKeK2lw86uRBam8y - zWN6kqbeKAzSvkLB8x/6KxQ8h8evUNALBZZxwMUbfePu6UcA8+zDrqzYAk/bXMkH3xrcLwfbgr6G - pd/XsPRtw3JTYKlbnDVJITPNf0w3pDa/SOnXf1oCyk5l4b59NCj4COTr/JY2bO3uDVL28zwu6wUZ - 7sytek9FNau0H42snqy/rW1Zm5gKVfWFVJ27tilNLXfqh9GM1o91Z8M1b80AtTvL5fIPAAAA//8D - AIxXDI7YHAAA - headers: - ATL-TraceId: - - 81d1f6c2247dc81c - Connection: - - keep-alive + H4sIAAAAAAAAA7xW61PbRhD/V270IdNJbb38wCiT6VDiJLSUUuMkHwjDHNJaviDdqXcnYwr8793V + w0pMyAQ6DZ5Bp93b929Xe+PAuuAycSJHg0xAQ/JaQJaYnuQ5mJ6Jl5DznipAcyuUND1IhM3B8l68 + 5DKFTKW9FWiDPEhmUGgwIG1zNy6NVfmCFJ4Hvh/4roa/SzB2fl3AseaxFTE4PUeQ/SDY2d3BFwPZ + Al+X1hYm8rwEFhDbRH1SLrcZN0Zw6UqwHlqyHi+EF3rCmBK8VsElXKP80Xx6Mu8Hw9EukioXjBPd + OAZ9K03MLaRKX9cxJPiGEqEfhn1/0g92574fhUHkj93BTvizH/o+OUlGLDpeqXmikyTvYSr8cBN2 + 85KAibUoKHFI3WMm51nWY4kwVsjYskJADEwt2JXSly5Jx0q+09kjvSiloHLx7JyvuOXaWwm48iq3 + OgcbVuAPgskvRvwDL3Mse5mjVYIFmpxzc0m1Ki8snaIFzwz0nFrwAOOqZHvOUiBwdLy8PoQVoK/+ + Xc+xApFVIEqcSJYYo7MFk4H/ECNoGYVWnzDUJ1aika7qUFW2rQO9fIaeLtx3UliLCoyzsU0Q/r26 + a9TCXnFNQDYiLzKBDidbKcFCVfAbTtbDySPd/UbJ2kg2BRv61AHhcB0O/18rNSwqkKLBYLwOxj/C + 4Lq1OAjXg/BHWGyQf3d3H45hC8eFWL+vZyAW+fQMi56mGlIcK/ewju6orKy7/KsgD3ceYkweYuze + V16PtJpKA6Oa3k7UD3oOJse+x8AJo80FbnHM1+Px8d1UD99u3Hq1Ok29Uh33VUnxBzRCPxBByNSJ + rC7hrpmqpE2LuM7KzT0aeYZXzVKVWfJKmCLj101/UVU0YLDUwvcH+Mjd3fHbAb6dtofGTLgZM9uM + TcG3GYNuMAmlhb1+Yi5bca/6PHz/gBc5T8F4JGFaJQIJS5EuXbNKu0n2FintyAudO4LDBdBsIthu + f6/HD8QbPITRYEKBL7mZFiI+FPLyNXFeQUG7hYzbqlW1vKp4G4pUcoqrBb/IYAbc1EjQzck5Pnz3 + 5uDo/PBgf3p0Mj2fzmZ/zjAMbC6DkeOF+RLYMQ5haRnZZcIwJbNrhg0tMlLKrGK/Cc3ZsYYcO5qV + BjHqfq2xA2wox78Vvj/JZeRstTPmNhWSZ1g1THvXZsTbpjWbUZPeCtcZetdOCSxgKmFzuyyobb8D + yfUS80SM1cKbj9+Xe8fjYNfB6lceX+Iq2CKrVV7b2m+2rf/kcLuy1a2BRsL2Wy3hirpbZUof1d5c + ZCX0U41ToltYFHul6mKrvMBlVdqmCt+q6ZfJ+Sg//+2xVKuyoJXstZAJDjXDEPnsAkCyojRLSCrM + Hcz26HkBTMgVGSAgJQyXbobfDUgiUrYMXfaG1H2Uz6vn84idbtQKGbEijUZu4Pq3lDrMXKZini2V + sdHEn/jeor57XvmEq/AZCrHTE4hLmifsrbrqW/V12TPmsdPAWPZXybUFzaYyxabKMUXfEDg6/oPt + ldix7CTm8oGLdaZub9kJrn+VI3jefz+tHh/qR1sOemm+onScC4tNS6JV+fGEihiNL3bLTlFHP8RG + 7QdjfxJW1glOcpW4EjdmN1Urb1VmEgFmcQB4X94/IxW7w41YfAVuLqwGV+nUwybkBEyBSx81r7c7 + dJc2z0iqSPFfVQdSEeLfDHJlAcNIgE3XmG+SYX3203HaY88y+4KFbhC4IWPPUvviJRu4PgpXjIE7 + doesZQw7xtAduTstfdTRRy7qaunjjk7HUUcn7xp64I47etjRw+7+vwAAAP//7FjfT9swEP5XTkJC + adamogWKOvGAKA+TBprGtpd1UkPq0mxpUuIEmBj/+76zHdfpDxAdD3sAUEl9Pvv83fnuu6DJWYx3 + g+5ifH8xvr84QG+xLz8643Zffuw0NsQEgDtBWb8VTXa3Isu0zre9F/rWzH8t37759XX8ioRWXf6+ + r3zMY+QPSkEDZEIMXop5EdBer0lc96ieZqvf6V5g86z63g3eLuA2jqpKRbtzdIQE7Q9UCUZ1/JkR + kxM45Fk98vDRWOfapx1LPrI+BN/xr7XFJcWOuO1qgX8rAPXY8i+zMo8E4isRPpfaFvrBWSwFAzu/ + diYOFoTAR+G22yL4pKm1QZy1w/FtLEEqQMEPOh1whQljjAtREUJmDaP59YhAtmBfSiHlOo4jjmNh + 45jPIPLwKk64ehbTsKAswkaS7qbgGQVor1Fk1K5CKSjL6Qb9029C4xnxPZRYPcrDCRsAmlTOUmJW + FKibBuKcCwJzpuIuq1QikpFIQzQSTD6wVRxNCaUerDqJfwnw6gl2CWH2fJ7EkXrdZ0hOZXAigA/u + LBNzd5Y+GmwqUxlOkCyYh7dkyVNgn7xJzHYGGUno+OMozsABHONlMEw7q6tDKQXSko2BeWg8c3B7 + rGvRYd5lbQgNUrkoyjxFcONJlknB6Do2YN5aIwIGcGcHLUUGf+LvNEsjxPwwHY1Gw5S7sYIe6BQn + A795pGPi959xLrzdnftOD6Gl/zequZGeeUzgtEbNY6F6CszheKRSYLiOaXR59vHs9Avt0ckl7d6U + WfF+iB+9eNvXI7iE68R+e4h7+Y6PKrNEBGDxHqI/QmcViPS28YOtARmGStpua+2RMkAbpQD0YEeT + PJHnTUawQcd8c+gBK5szYa0xG/7YMODQNxsodJ6NS8QL8VVzx6uXKv1aHgcn3JDJIdmUy63SSja3 + kpV87kiWMrojWcrpjmQpqzuSpbxuJSuZ3ZHUcztw+qRes4wrkPpmpgHJoIL1HLgYI4MJb+TCxRgZ + UIyogosxsqA4kqrmVajURAySRaUmYZAsKjUJg2RRqUkYJIuKI9EgWVRqEg2SE0zAa4pI4pBsaZrX + X0303JX0+QPVCd9OIr4HCMzyCtff1IDzWPVwpgT4tmnpBPfBfZ++qi6eE5BJ9pVLkDETSPLAVepu + UtLeWquzv0lHu3GtzsEmHe3gtTqHm3S0R6wOeXTBFUhVJ1vhVBA0tcebKu1qF3OpCROZ0VwHcEBM + JOymvU2bKpc+vakJCFSplQ2M7z7M5mFUsN8uMorVF0II3MZjMV6UeUz8DFaUC2Rz+ZI6b1TnGffR + TFO8cDyL0wZ5jT8z0JAi61vqsZbQvpFZ5wK7Ce95Mnu4JZk9ZDJ7+D+Q2W07XjdwX05m/wIAAP// + Iq0xazjamB1OjVkAAAAA///sml9rwjAUxb/LwMd0Tdq0+iBO2AZ789m3mFQHo39oWvz6u7dJu6az + DvYwCgv4IPYmuSbkeOT8vJn1ZtYxZ46mO+bMUXXHnDm67pgzR9kdczbWdm9m+/3yZtab2WWYWToM + /cHMfg/W6VywTuNxVtrUQn50KACG+9NSPjNHOPtgCKv77zRXOBdehwNg4eS900xQNI2Q75iO3QzN + w4HG0G2eC0w9H24GebhxiC6U9S9zUfQaOyEl4hVvasvPIo4UPa3jkJ+gkTTdUMYSXGcoghXulGV4 + qnulYA0NlV89oLAgHvNUXoWu0NbipHfBpu4QsuBSmzL4uc97uIZTRuOMhlnE1CaRkeQplWuuVCiS + M83WO7XtZllF+xV7hZcZR3JR2FiSEPORDlpNrrAjhAXQogqMtOGWkUoIjTsG4zvrDZcI3j4fSBJU + BfY/haSW3/GUslp+x1NKa+kdgxApwxdZkmD8f/JgoUO8T5hzGYbJiNmxLLD8pa3LKns8gv5IxGzs + xUNWEJ4ONxnXseikhRBqK7NeCv7+0P+pFHwCAAD//6Kzi0eLApxFAby5AXRiOiTHVYOWGUPZBkBz + 80sSoaun0ZsbuBYrGuBarGgAX6yILgFvngG7yplF+XmQNg5EKKUUukwewiXGpWXAFi25i9QwFpVC + DIMbCrQpI7E4LB+8XA6+EjQ/F+LkahgTWrqS7QDwlgJ9mLk6SrmJFUGQMRUUz4IXuhWVOJZAPA5a + cAtaDAfyOlwcVbMRim6oBrBra2trAQAAAP//AwAEV8lDlTEAAA== + headers: + Atl-Traceid: + - 382797a76f695196 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: + - max-age=63072000; preload + Timing-Allow-Origin: - '*' - vary: + Transfer-Encoding: + - chunked + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 72ca9d33-5847-4238-b490-1701c626e8ca - x-envoy-upstream-service-time: - - '166' + X-Arequestid: + - 850de488-178a-4812-b3a0-094c54833c55 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '274' + X-Xss-Protection: + - 1; mode=block status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4826,61 +3377,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ+pGSm+hBRVah3ZOI5GOKlTQpbSosy/53U1xYvQ3vPM+8 - zIloteBhdkSSzxinRe52Fns00YavQFV0alkG5anHSDLyjfMyBJ9gBsAoUMjb/e1r+/DSXbf7ddRp - IvJtgzLI4D0jFicXjiP62B0nTAfuXFhtkvQ6OPurELkJlbiE9ypuIAfOcihzLjpWSmCyKCkA3AAH - SP6Cc+rthvEf23SMy6KWrKGsurJmfPR9SKDgjairXitTYKGwBtPXotZWKwG9AVBlKYTG4k9BdFvD - 0zArsr3Tq9XF52DUFp+Iu0wE/cehJefzDwAAAP//AwAnEjqZWgEAAA== - headers: - ATL-TraceId: - - 2b9b9cc6fb893138 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUTAqWEGqavvD9uO9Mz6BdUm5KYwxBW8Yq7FoEMtKspr2ElXdc15qLOq/BdGu + DQ/DLGF9x8jFxkffyzU+gb1MoN3bYQ/n8xcAAAD//wMADlDHZ1oBAAA= + headers: + Atl-Traceid: + - ee19a318b29fc558 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a090999f-47a4-4f1c-8e3c-b3fd16c3dd30 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '118' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6359fc0f-d55f-4053-9453-26eb588c0c2e - x-envoy-upstream-service-time: - - '36' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -4890,110 +3447,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f5a965a7f7c00372 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXWVPcRhD+K1N6SCVEq4s1LEqlUgQWm4QQsmD7AVPUIPVKY6QZZWa0R4D/nm4d + iwGvy5CKax80Vx/z9dc9vTcOLCouUyd2NMgUNKQHAorUuJKXYFyT5FByV1WguRVKGhdSYUuw3E1y + LjMoVObOQBvcg3QClQYD0nZnk9pYVU5J4WUYBGHgafi7BmPPlhWcaJ5YkYDjOoLsh+H2zggnBoop + TnNrKxP7fgpTSGyqPiqP24IbI7j0JFgfLVmfV8KPfGFMDX6v4BqWKH98Nj49G4TDrQCXGheME984 + Bn2rTcItZEov2zukOEOJKIiiQTAahDtnQRBHYRzseOHmzo9BFJCOxohFxxs1L3SS5H2EIohW1+4m + KZhEi4qAw9VdZkpeFC5LhbFCJpZVAhJgasrmSl97JJ0o+VYXz/SiloLCxYtLPuOWa38mYO43bt07 + 2G2FwWY4+sWIf+DnEsNel2iVaIEmz7i5pljVV5ZG8ZQXBlynFTzEezWyrpMLJI5O8uURzAB9De5c + xwpkVoUscWJZ4x2dRzTZDPqNSquPeKMXAt5JN3A3AezhpsknJLm/1VsprEUFxlnZJqb+3pw1amrn + XBNfjSirQqDD6aObYzwalg1Hi+Home5+ITL9TVZxGQbb6EY0XETD/9dKG/2Gi2gw3FqEW9/C4KK3 + uBktNqNvYbEj+N3dUzqG63ga9RtTsXjX1kCM/vkFsiHLNGRYVp5wHf1URd1m+We1RtvrNkbrNnae + Km9LWrtKBaOp3k48CF0HUbPvEBEib3eAWyzzbXl8fpq1xfe+3PqtOk1J1Az3VE33D6mEvqcFITMn + trqGu66qkjYtkhaVmydr5BkeNbmqi3RfmKrgyy7xKFwa8LKU208L+MjbfhX0BfwxbKsy83hjXcCj + VcArLZQWdvlCyHpxv3kFvr6Oi5JnYHySML0SgQu5yHLPzLL7SvYGV/qSFzlPSR1t9lcp+BVQ0SLa + Pn6vt9YAEa7jaDgiRHJuxpVIjoS8PqCdfaiot5BJH7UmlvNmb7UilRxja8GvCpgANy0TdDdyTo7e + vj48vjw63Bsfn44vx5PJnxO8HyaXQUjwwFkO7ASrs7SM7DJhmJLFkmGmi4KUMqvYb0JzdqKhxFRn + tUGOep/L+BATygluRRCMylnsPEpnBD0TkhcYTozHfZrR3uO1rjPq4G14XaB3fZXAyGYSVqfritL2 + K5jcNjEvJF8rvHoVH/Ydz+PjPd9+5ck1toI95Xrlra29rtv6Tw73LVubM2gk6h9xCXPKblUofdx6 + c1XUMMg0Von7hkWxfdUGW5UVNqvSdlH4UkwfgvNBfvrbZZlWdUUt2YGQKRY1w5D57ApAsqo2OaQN + 5w4nu/S9AibkjAwQkVKGTTfDdwPSmJTlkcdek7oPcqP5bsTsfKVWyJhNEZE8DrxNL7gl9BC8QiW8 + yJWx8SgYBf60PX7ZuOWH0QXKsfNTSGqqNeyNmg+s+rzsBfPZeWgs+6vm2oJmY5lhXpWI0hcEjk/+ + YLs1Ji07Tbhcc7AF6/aWnWIH2DiC47134+bzvv30EaFJ95DS8ExYzFsSbRiAI1TEqLSxW3aOOgYR + lqJBuBWGO411YpScpZ7EptnL1Myf1YVEjlmsAf7D8xekYhi0WJJcMgevFFaDp3TmYyJyIqfAjpAS + 2MejXm7LguSaUOC3CQbpmUBWFxxRW9D/n8b9fZCCF0SOU9Az/JvDBuz7AxJ02XeF/QmFX3nRD2tA + Q6W7+PTNwCU8mk6T3RKOGz2K8UYDBK2xjf0a2D6yChdPobIeC7ddRjWEPaRs/8tDb8XZD/8CAAD/ + /+xZ30/bMBD+VyIkJqhImqRNWzohVokh7YEJMY0H9oKxU5qpqaP8KJMY//u+sx2ThoVtDCEekFBJ + cufz5e78+fOF7gfe879EXY/9cDJGFfSO1FLHKvwuHQJBOPvHcc4OfnZ/99qPv7TTQ2lB8A3/3Cdl + GXOiYJSJ/6uzzcj3vsgqRxyPk2WMJR7rWL+7Lt+romooHt1DTw8QYaeVwCSzpL1E9plYJwXgCywg + CkdApTlFGeVSbz2UvUtl/NLB/uiQqziTmR0xN0k3jlDShU16YZJ+syBEY7C3unbAZjnk2Fp5zuY0 + E22kgJqsKj1E/vze/okU1TI20LUpqunytFFH0DhV1FHUYkgRmQMrbhiA5gKj8RA1qRbitB3MvcaD + AgSkQ5CvY5e2mIQ/VNTSOVvTptjIEiHXlH6ouHA74xz2poD9q2XCTQZPEoX1JoFf1eZOMTeZ0W/l + yNxZQpB7NvOf0ozxksZ8lk6ibhwcXNaJiMVGLZ1hRYHxYOp/qRAzNJME9FTgO0ykyWrX2dn9maKA + SzlF0T7ky0EXXw6GXYKoyY3KHBxBUX8i8y1V36q2BV0c1LcctH7ZLkV7btqgce2tvj3KHqpYWTK+ + oK1Q84WiSlNGZGara3+m2NGhROZPZDy0og4Z53Rw+iQOojkbDkRwNRn60RV8G4/3gzBUjS2rhBke + UYspsTMhqOqhee+Da07EH+QNKzICRTL6aC9DhTv2QK+Umgc+VZ+noyAMhnHgx4NQ7I/4gEfjgE8i + IXw2mgfx5FAcKCvbg9l2eIw/Pc5N2cqwDdfVjwqvKtwbRMQNPbgoPL2yKGRuxlhBEcN4Bdw4P+Dy + 6NQdedmK/G/3RV6/x+3Gyuv3uN2Yee0eA3KE7hyYM0KTjpyaPiOtJ2JdujuhYesCzBTqH6tcZnH/ + AkjD6WRtFh61ByG1K5nmMU1Rc7zIDdK+QcHLJ/0NCl7C4zco6IQCyzjg4rVecbf0ZcFc+7ArS2a+ + i7QZSFcb0rdtyLbANvXaAsvQ4tU6yeVKsxnT46jMBzB9+1eeylRbuK0vDdg9AeAa3+76td29rZT9 + OIuLakmGG3OrjlJezkrtx1qWz9e21sasUcy1YMW5VA25utdMrXRqc9GU1pFNb8MNd80AFZ67u7tf + AAAA//8DAAp502tvHQAA + headers: + Atl-Traceid: + - e0443b962a9f0964 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0c3e90b6-57bf-47a2-937a-2d467450a7f1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '224' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4e254c6e-9ec1-4111-b389-89a7657ecca3 - x-envoy-upstream-service-time: - - '65' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5003,98 +3552,103 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxcRx1mAwFJ6FNKTVO8oEwzFlayxekO83dyTYN+e/d - PUkYCKaE1HzQ3Un79uyze8sXD9Yll6kXexpkChrS1wLy1HQkL8B0TLKAgndUCZpboaTpQCpsAZZ3 - kgWXGeQq6yxBG3wH6QRKDQakrb/1Op4gzWEYBiFuDORz3C6sLU3s+ynMIbGp+qx63ObcGMFlT4L1 - UYf1eSn8yBfGVOC3Ci7gEuWPpuOTafdlGOHJ3DnrxV88g0Yrk3ALmdKXtXMp7lAgCqKwGwy60Wga - RnF/Jx686A2Ho1+CKAjIR7JhL0twap7oI8n7YRAE5FUddbNJwSRalIQInu4xU/A877BUGCtkYlkp - IAGm5myl9EWPpBMl3+v8MV4YSCoN/lLAii+55fqVEf/AboFJqopn9dFhuhsG/XDUbKfo6O4m5I5H - iUZbU24uKEfVzNIqnvPcQMdrdXixU/K141mBxCgxyV4sK4zEK7X6jO49Eb1G2mHnstFiR5sbCd94 - +l4Ka1EB8auRpqD+cN8aNbcrrikwI4oyF8iQ9E40CK6jzGC0Howe424Dc2OsQboUBCz+buI8CF6g - 5WiwjgZPVuxS6FjyzDTPB2yFw3U4/DFb69ZYs3jAWj9a96Mfs9aQ07SLrda+fqX6Xn+ouwtm7PQM - M5hlGjKs629oiJxSeVWXWX2SVMaqwrWIc7QQvdj2YvStjrp11KdUmK79eXE3bPoFMViLpDb35Zsz - 4he6bxaqytMDYcqcXzYsxGMEyn7AmiVmNia4xU5bN7Lvr6G6S173Rb/WpqlA3HJfVYST8/0jHQiZ - ebHVFTmTaMBYqeru65PRMGz75F3Ugm1whtteRNte9De9RCgt7OUTgWjFfdeFH99HRcEzMD5JmFaJ - wIOFyBY9s8w2zectnrRdKvJcLmdA7YTIeScsqst74w23MTEcUeALbsalSN4JeeEu4wMo6W6WSUsh - R6yVe3d9IpUc49XMZzlMgJualrpZecfv3r85PDp/d7g/PjoZn48nk78mGAaWkMHI8YPpAtgx9k1p - GdllwjAl80uGNSlyUsqsYr8LzdmxhgLrllUGGdZzVXo3ipeoMLgSQTCY69irrwxMEqK8KapbhYx4 - Z0Ly/O5HzWTRwOtonqN3bS/ABGYSrr+uSqraRzC5nhWeyLFa+Pq+un29fx/tNrT6jScXOEq1zGqV - 17b2m6HmhxxuJ6O6NNBI1F6vElZU3SpX+qj2ZpZX0M00tqzNeKDYgaqTrYoShz1pmyw8lL/b4HyS - N//2WKZVVdLk81rIFFuSYch8NgOQrKzMAlLHucPJHj1nwIRckgEiTcpwaGV4O0Aak7JF1GNvSN0n - +dw9n8fs9FqtkDGTGL0V3CodB72dXv+KIEQEc5XwfKGMjUfBKPDntcy5882PotEZSrPTE7rOsLGw - t2rVtep+4TPms9PQWPZ3xbUFzcYyw+oqEKsHBI6O/2R7FZYuO0m43PJhDdnVFTsBrAlyBNf7H8bu - 8bF+tHmhTXNp0nIqLFYviToe4AoVMepj7Iqdoo5uhBXbxfEuCp114lWyhF4hrIae0pmfZKI7E5JO - iQ493L+ixe5t6TNS2A+CjZbVTS1YnJwIK3B+o6L28dPewhY5yW3SgxuXIFIW4W8CWZVzBHNN/1y4 - qA5ACp4Tc05ALwWOz13209G1hg57lttfd1HNsBf8vAVRVL+HV/USOgSWGxPZfcgMMbad/ssnItNI - O2QGj0dm8J/I/H+o/AsAAP//7FnrT9swEP9XrElIUC1pkzbpQ0KMCSYhDYT2YBL7UhO7TaY2ifIo - X/jj9zvbeVAobBUwJqFWbWLfOed7/M53+ROtIKo+ZjwOwu43Pp902BkcTY+W0UKcHLWH4IfYGYVy - 2BquPqFj1+Gu7vv2c5q5iueuO/IpijpHCjCBZb8SRqkEIj7OyHbpdw/sVfiBjfyEtvvjGDc/8Wdt - 4/q0woVe4SkjsVH4RbmIUbxTBq8Roo2G0KlyqoYDOqpRuwN0rSSJE8C5wUE7SrpcrKIcyC8pGQ4B - 6DNSLRymytpkuWnzpCnD+YKtGnmA6pmxumysLmqr58bqvCiQHvP37DqMgpDhjD2fA11LbIalHM+K - 54wzFAMBGHFmCTI+Izmmh0Eg08L6zON5CSCeslByAc4VR4Kz9W5ZS0GniSgXsq2d2/NVKTJpex5I - ztV5W1TzmJ5X087tFUAZgh2Dld4nZuvEwpW86vKWCORj9EMehlvaVo5V0vJqEQXKZKeRyovGYt/V - QYj0a0yhRWGw9gITmdp652SZ8qAg+rOEReqGoV5bRUIKRfC1kGmurYRxUQZSE5tA/4JQwoERsvyN - lyjGNKH8SF6/y8UyivfY7t7NEifNIpnUvnsvVDw7THjjLWHCGxNMeONHYWKbPHAHJp4mLTVB/0Iw - 4b/BxAvAxOA/hwnfMD4CE3d7Es6mnoQzqCaoXCkyOIrqgVCTZp3U27BGb+NEXedXO9pEuKnu79Ud - qPWJcV0vk3eHVEvc0whbr7vycrnkVDC+e7AGIgVS9yfJtiwtqQdwAHek/tKJ2PdmfNAXztVo0POu - IP1wOHZc16dKtibCEx4gk2TdQyHI1UHZyGCZTuKH5JrnKYEcLfpgO1e3IG3UsYrMRuHa1Zddz3Gd - gXR6su+KsR/0A2/oBCNPiB73Z44cHYh9tcpO/3DH/YSv5rOWPDYFnWXpodwuc+saGrFcm7zf1tFG - KrNSznPSGPgVovNFjsujc8u305jkX+8Tv36J17vNr1/i9Y71a5cYgCR0v9g0Y9pHkXPzqoXiiao0 - 3cTVoHYJwAX5cZklqexeAocC6lSawKM3JJitI5meY971mD5OZuD2DQpe3uj/Egp+AwAA//8i18Wj - RQGtXUyHogAAAAD//4IVBfDWBNCJ6ZAcVw2aXIWyDYDm5pck5gBZmA0mA2CjS6m6VglTAtdEkAGu - iSAD+EQQugS8/ZaaV5ZZlJ8HaQhBR5lLoTP9EC5RXsjPhZhQDWNCS0EySj6kNQr6MHN1lHITK4JS - i0tzQAYj2Q0e0y8qcSyBuKMsv4Rqs34Qs+BmAq3KSCwOywfPiMBmHkFTmaB5BpCNcHegOtYIxbVQ - DeDQqa2tBQAAAP//AwA4mTSiMCIAAA== - headers: - ATL-TraceId: - - 7c877e0266d4ab02 - Connection: - - keep-alive + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= + headers: + Atl-Traceid: + - b3a76cbb9bbe9dd5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 75527db6-d138-4d35-acbb-08580f406543 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '164' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 36392db9-d5ab-49b6-8dfb-bc597e8d88a1 - x-envoy-upstream-service-time: - - '146' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"description": "\n\n\n\n\n\n\nA group of Findings has been + pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: [Findings + in: fresh:0.3.0|http://localhost:8080/finding_group/12] in [Security How-to|http://localhost:8080] + / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n| High + | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] | [400|https://cwe.mitre.org/data/definitions/400.html] + | fresh | 0.3.0 | [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/287]\n*Defect + Dojo link:* http://localhost:8080/finding/287 (287)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}, "summary": "Findings + in: fresh:0.3.0"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -5104,61 +3658,58 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1886' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + - python-requests/2.28.1 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: - string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J+pGSm+hBRVah3ZOIJM0EK2lTmlRYlv3vJrj4cRveeZ55 - mRNR0uNhtUSQ9xAWL3Y7jQaHoN2HK2Sw0vtRzsWMgWTkE1c/ujnCFIAWUEDe7a+fu7un/ne73yYV - JyJeEpRBBq8Z0bhYd5xwDv1xwXjgxrpNR0lto9XfChFJqPklvJUhgQwYzaHKGe9pJYCKsioA4AoY - QPQ9rrG3H6d/bNtTJspG0LZoWP3DDtP9bFwEOWt5UxslhxJLiQ0MpuGN0kpyMAOArCrOFZZ/CoJN - DQ/jKkl6x8jNhkc3yBSfiL1MBOe3Q0fO5y8AAAD//wMApLOFsFoBAAA= + string: '' headers: - ATL-TraceId: - - b4680816f5bd1ffa - Connection: - - keep-alive + Atl-Traceid: + - ff4dc054a9096c3f + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: + - max-age=63072000; preload + Timing-Allow-Origin: - '*' - vary: + Vary: - Accept-Encoding - x-aaccountid: + X-Aaccountid: - 5fa43d1b8405b10077912260 - x-arequestid: - - 84f7ec09-0a14-429f-b1db-fcdde77f63d3 - x-envoy-upstream-service-time: - - '25' + X-Arequestid: + - 1e78214e-b267-43fb-9eaf-7577b2e2fb01 + X-Content-Type-Options: + - nosniff + X-Envoy-Upstream-Service-Time: + - '205' + X-Xss-Protection: + - 1; mode=block status: - code: 200 - message: OK + code: 204 + message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5168,110 +3719,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 76cf16ad3d1b03c1 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprTc7YNTpdCiYhJZSCiT5QBjmkNbSBelOvTv5pSH/vbsn + ywQTZwKdZvxB97Yv9+yze+sPHsxrLjMv8TTIDDRkhwLKzPQkr8D0TFpAxXuqBs2tUNL0IBO2Ast7 + acFlDqXKe1PQBvcgO4NagwFpl2fTxlhVTUjhdRSGUehr+LsBYy8WNZxqnlqRgtfzBNmPop3dEU4M + lBOcFtbWJgmCDCaQ2ky9Vz63JTdGcOlLsAFasgGvRRAHwpgGgk7BLSxQ/uRifH7Rj4bbIS45F4yX + fPAM+taYlFvIlV60d8hwhhJxGMf9cNSPdi/CMImjJNz1o8Huj2Eckg5nxKLjTs0znST5AKEI49W1 + l5MMTKpFTcDh6h4zFS/LHsuEsUKmltUCUmBqwmZK3/oknSr5WpdP9KKRgsLFy2s+5ZbrYCpgFji3 + 7h1cbkXhIBr9YsQ/8HOFYW8qtEq0QJMX3NxSrJobS6NkwksDPa8VPMJ7OdmeVwgkjk6LxTFMAX0N + P/Y8K5BZNbLES2SDd/TWaDIIN21E3Uat1Xu86jMjsZR2cXCR7eJAk0/Yc3/d11JYiwqMt7JNFP7d + nTVqYmdcE5GNqOpSoMPZGiQYKEe/4Wg+HD3R3S+ErLvJKmDDcAfdiIfzePj/Wmlp4UiKBqPtebT9 + LQzOO4uDeD6Iv4XFJfM/fnxMx7ij40TM37Q1EIN8eYVBz3MNOZaVR1xHd1TZtFn+WZLHO5s2Rps2 + dh8rb0tau0oFw1VvL+lHyzpGqGiRtn58eLRGXMULm0I1ZXYgTF3yxZLRuDzjFp+Ftpw+PfvaYn1f + noNWnabccsN91RBeztW3tCBk7iVWN2Qbldo3GDbKsCUaGvCylMKPC/jI33kRdgV8HbZNZSZelZn1 + jVXAay2UFnbxTAg68cC9Al9fx0XFczABSZhOicCFQuSFb6b5fcF6hStdZYu9x9yNB91VSn4DVJuI + tuvv9fYGIKJNHI1GhEjBzbgW6bGQt4e0cwA19RYy7TjkmDVze6sVqeQYWwt+U8IZcNPyUi9H3unx + 65dHJ9fHR/vjk/Px9fjs7M8zvB8ml0FI8MBFAewUi7C0jOwyYZiS5YJhQouSlDKr2G9Cc3aqocKM + Zo1BzvmfS+wIE8oL70QYjqpp4q2lM4KeC8lLDCfG4z7NaG99bdkZLeF1zC/Ru65KYGRzCavTTU1p + +xVMbpuYZ5KvFV49fg/7jqfx8Z5vv/L0FlvBjnKd8tbW/rLb+k8Ody1bmzNoJO7eagkzym5VKn3S + enNTNtDPNdas+4ZFsQPVBltVNTar0i6j8KWYPgTnnfz0t8dyrZqaWrJDITMsUoYh89kNgGR1YwrI + HOeOzvboewNMyCkZICJlDJtuhu8GZAkpK2KfvSR17+SW+24l7HKlVsiETRCRIgn9gR/eEXoIXqlS + XhbK2GQUjsJg0h6/dm4FUXyFcuzyHNKGag17pWZ9qz4ve8UCdhkZy/5quLag2VjmmFcVovQFgZPT + P9heg0nLzlMuNxxswbq7Y+fYATpHcLz/Zuw+b9tPFxGaLB9SGl4Ii3lLoo4BOEJFjEobu2OXqKMf + YynqR9tRtOusE6PkNPMlNs1+rqbBtCklcsxiDQgenr8iFcOwxZLk0hn4lbAafKXzABOREzkFNn6U + wAEe9QtblSTnQoFfFwzScwZ5U3JEbU7/f5z7ByAFL4kc56Cn+DeH9dn3hyTYY9+V9icUfuHHP2wA + DZXu4UM8hR7h4RpKdkc4bnUoJlsOCFpjWwcNsANkFS6eQ219Fu30GNUQ9pCy3a+I/BVn3/0LAAD/ + /+xZ30/bMBD+VyIkJqhImqRNWzohVokh7YEJMY0H9oKxU5qpqaP8KJMY//u+sx2ThoVtDCEekFBJ + cvb5cnf+/N2F7gfe879EnY/9cDJGFvSO1FbHLvwuHQJBGPvHec4OfnZ/99qPv7TTQ2pB8A3/3CdF + GWsiYZSK/8uzTc/3vsgqhx+Pk2WMLR5rX7+7Lt+rpGoMPLqHnh4gwi4rgUlmS3uJ7DOxTgrAF1hA + FI6ASnPyMtKlPnooepdK+aWD89EhU1GTmRMxN0E3hlDQhQ16YYJ+syBEY9C3unbAZjnkOFp5zua0 + Eh2kgJqsKj14/vxe/4kU1TI20LUpqunytJFHGHGqqKCoxZDCMwdW3FCAkQvMxkPkpNqI07Yz9xoP + ChCQDkG+jl06YhL+cKCWztmaDsVGlAi5pvRDyYXbGefQNwXsXy0TbiJ4kiisNwH8qg538rmJjH4r + R+bOEoLcs5H/lGaMlzTns3QSdeOgPlknIhYbuXSGHQXGg6X/JUPM1EwS0FOC7zCRJqtdZ2f3Z4oE + LuUUSfuQLwddfDkYdgmiJjcqc3AEReWptGgN9e3QtsBy0PqdugZ2cVLf1k0bNK591Ldn2aKKlSXj + CzoKNV8oqjRlRGa2us5n8h0VJTJ/IuOhHXXIOKdC6JM4iOZsOBDB1WToR1ewbTzeD8JQNbbsIKzw + yLCYAjsTgrIeI+9tcE3h+0HesCIjUCSlj7YsVBxiD/RKDfPAp+qyOQrCYBgHfjwIxf6ID3g0Dvgk + EsJno3kQTw7FgdKyPZhth8f40/PclK0M23Bd/ajwqsK9gUfc0IOJwtM7i1zmZowV5DHMV8CN+gGX + R6fuyMtWZH+7/fH6LW73T16/xe3+y2u3GJAjdB/D1AhNOnJq2om0n4h16W6Dhq0LMFMM/1jlMov7 + F4AgTpW12XjUBYTU7mRaxzRFTXmRG6R9g4KXD/obFLyExW9Q0AkFlnHAxGu9427pA4K59qFXlsx8 + F2kzkK42pG/bkG2Bbeq1BZahxat1ksuVZjOmx1GZD2D69q8slanWcFtfGrB7AsA1vt31a717Wyn7 + cRYX1ZIUN9ZWHaW8nJXajrUsn68NrZVZpVhrwYpzqRpytvMtc9XmoiWtIZvWhhvmmgnKPXd3d78A + AAD//wMAcKURYG8dAAA= + headers: + Atl-Traceid: + - 29fa5f1c6b2adcba + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0df0f1e4-ab10-4c42-b42b-127ab738f446 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '213' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b670e514-4b08-49a0-b093-d185a6fa68ed - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5281,109 +3824,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iILjDdDiattxxHBdo+4EyjLA3jooteSSZhBb+++36 - BVMgDKVhBq9W2vdnV/ruwLLkMnViR4NMQUP6TkCemoHkBZiBSeZQ8IEqQXMrlDQDSIUtwPJBMucy - g1xlg0vQBvcgnUKpwYC0zVln4AjSHASBH+LCQD7D5dza0sSel8IMEpuqr8rlNufGCC5dCdZDHdbj - pfBCTxhTgdcpuIArlD84nhwdD7eCEXJmtbNO/N0xaLQyCbeQKX3VOJfiCgVCPwyGfjQMx8dBGI/W - 42jLHa1v/OGHvk8+kg17VUKt5oU+krwX+H7tZxN1u0jBJFqUlBHk7jBT8DwfsFQYK2RiWSkgAaZm - bKH0hUvSiZIfdf4cLwwklQbvUsCCX3LL9RsjvsF2gUWqirWGtZduB/4oGLfLY3R0uw954FCh0dYx - NxdUo+rcEhXPeG5g4HQ6nLhWcjNwrEBglFhkJ5YVRuKUWn1F916YvVa6zl1djS53tLhT8N7Tj1JY - iwoIX600BfV3fdaomV1wTYEZUZS5QISk96LB5NaQicbLaPwcd9s0t8baTJeCEou/u3mO/E20HEbL - MHqx4rqENUrWTPt9wlawsQw2fs3WsjPWEk9YG4XLUfhr1lpwmo5Yae3mhvp7+amZLlixk1OsYJZp - yLCvH8AQMaXyqmmzhpNUxqqiHhFnaCHcXLUxfqijGR0NlxqzHn9OPAxwyS1OxWbo/Dzem4l2O8O8 - RpsmMNfkrqoopoDm0mdiCJk5sdUV3LSjipRpkTSRfn/AI8fwqJmrKk/fClPm/KptAGSjV/YTjgtq - ijYZGjBW6rrH5iTWpZuT97Pmr0pnsGoj7EeGUFrYqxfmsBP36mH7/HEpCp6B8UjCdEoEMuYim7vm - MutnzAfkdMModG4ehjLqQsn5OdA4IXDeO0R9+WgiglVIDMaUkTk3k1Ik+0Je1JfxWyjpbpZJV8e6 - uot675YjlZzg1czPc5gCNw02dEs5h/sf3+8dnO3v7U4OjiZnk+n03ynGhy1kMCV44HgO7BDnprSM - 7DJhmJL5FcOeFDkpZVaxv4Tm7FBDgX3LKoOodesuvR/FFir0r4XvR7NvsXOvaTHpmZA8x3JiPfou - o737vPZl0aa3RnqO3nWzACubSbg9XZXUtc9AcvNWeCH4GuHb++rH6/3n8Njj7U+eXOBTqoNcp7yx - tds+an7J4e5l1PQMGgm761XCgrpb5UofNN6c5xUMM41zo38eKPZWNcVWRYmPPWnbKjxV0x+T80Xe - /dthmVZVSS+fd0KmOOYMQ+SzcwDJysrMIa0xtzfdoe85MCEvyQABKWX4aGV4O0Aak7J56LL3pO6L - fFV/X8Xs5FatkDErs3jdDVz/mlKHmctVwvO5MjYe+2PfmzVnz2qfvDDcOkUpdnJE1xhOGvZBLYZW - PS58yjx2EhjL/qu4tqDZRGbYVQXm6AmBg8N/2E6FLcuOEi5XHGxSdX3NjgB7gRxBevfTpP58bj5d - PWjRXpZEHguLXUuidf2RQkWMBhu7ZieoYxhipw6DDX8c1tYJT8kluIWwGlylMy/JxPBcSOISDFxc - vyFi+0fpU1K4FfVKFneVYE9ywqnAZxv1srcVuXNb5CRVZvivLgupCPE3hUJZwKBSYJMlZp9k2JD9 - dpgN2FpuX7PQDQI3ZGwts6+32cj1UbjeGLkbbsS6jajfiNx1d7Pjr/f8dRd1dfyNnk/kes8n71p+ - 4G70/LDnh3fPj3r+yB31/KjnR30Am71dIu/wb+0SGf6+AiGYuB289y9hQMWvn7vssUpvrqr0/wAA - AP//7FjbTttAEP2VkZCQkwZHSQptg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQWvUB - gpLYs7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn1u3q - Ne24hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3HxBR87 - j9+K7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3MoDAj1 - 3W4XwmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSwdmT8 - Lr1cUJLRFY5XPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhuMFKBEuF/pSw - EyGxo/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6OY1M - Tjjgh36YQA9YwefuMO4uzw6nGEjnHAzCw7k0g9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYMGLcy - CJcB3NrC+SJBPvF/mMS+SIthPBqNhjGf2Qq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTVuAFB - 3monh43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5knkXAh - 5500S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMDQ9aO - e58EJWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGWpc7i - wOmD/AUmqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAyS - QaVmYZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i60v2 - fx/Ko5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXelz946 - H5UP40MOVBmP4L5kepssgZbKd0sSrkowNxkvyhNKVfm6xGrBLPpq3aIyob9fVJcD+tPSAljiZJZ6 - fsE5O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3yGn8 - nHlhVCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3FjuBW - LAAAAP//7FpNa4NAEP0vhRxXXb9zCGmgLfSWc26bXZNCMYof5O93xl2ts6kptBA8CB4Wd8YdR/f5 - 5L2b2YXFjmkZQW7Cygh2E1ZG0JuwMoLfhJURBCesjGA4YWVjFF9YbN+vhcX2OQuL7V6H+bBYbhJ/ - YbG3SjufUtp5ODURjVXVphLys7MRoDHACvWGUHtiUK/7O5oKnFKzvcFXQQRgWyS0s9ZDVtMI+YEy - mlYa6zbPBcqgTz8qe9g49DIU1R+FUqQdWyElOjDe1SY6iTBQ/JiGXnSEwpJkzX0/xnWGIFjhTliG - T3WnFKxRQ+R3DYgz6It5Lq6iLpGj4kXvmpO0ocY5VzoMvv25q4duxH0eZtzLAl+tYxnIKOEyjZTy - RHziWbpVm+4qq2C38t/g0HksFxcjUzKmT9VOW7MrdIT5Dr71jkY6bBkrhaixY5Df8XHYVTB82bPY - KS9Yv+16mn/Ftndq/hXb/qu5Vwx4o7QFyVgLxv+Re2McxP2E2pa2OWnMOgDQQvhrWxVl5h4AfyQa - cszGQ78fzA47GdcxzkXjSqgMzC5Q8PiHvkDBIyr+LxR8AQAA//+it4vpWBSgtyiA7Sel6lqQHlg7 - BOj2dEhWrAatIYayDYAW5pck5gBZWEzBtazRAL6sEV0CvkgQXQLebgN2qTOL8vMgbRyIUEopdN06 - hEuMS8uAbV9yl7Ohr0eFmAU3E2hRRmJxWD54XR1sESkwaUFcXA1jQktdsu0Hr/DXh5mro5SbWBEE - GXZB8St4RVxRiWMJxN+ghbmgVXMgn8PFUTUboeiGagC7tra2FgAAAP//AwChs7Hp/jAAAA== - headers: - ATL-TraceId: - - 5f137027e0c0ca79 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNtbqIHFVmFdk8ikrYJVtKkNKmwLPvfTXHx4za88zzz + MifopFeHxYCA9xBmL3a7QWnVh8F9OCKDkd6P0hKrAiTwqRY/OhthikgJEkyb/fVzc/fU/m7369TF + CcTLBiWY4GsCg5qNO07KhvY4q3jgxrh1iFK3jmb4VkBEgWFxCW9l2ECGjKVYpZS3WAnkghUEEa8i + idH3aom97Tj9Y+sWUTAqGCdVXf+w/XRvtYtgmVOuM611xivGSswqxLyQrKS9xKHsOc8VZuXfgmC2 + hodxkbC9o+VqwqPr5RafwFwmUPbt0MD5/AUAAP//AwDkDvoaWgEAAA== + headers: + Atl-Traceid: + - a44aee8d1307e963 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d2bd106d-29cb-4a51-aacb-71fae35ec193 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '124' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 986a7c96-8144-4c8f-8599-cc8ca742ecda - x-envoy-upstream-service-time: - - '149' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5393,61 +3894,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m1qbqIHFVmFdk+yyKSZYiVNSpsKy7L/3RQXP27DO88z - L3NiGmfaT5Yp9h7COKvNxlBHbTD+w2cYLM5zjy5zFFjCPmmae+8izAF4Bhmk9e7mpb5/bn63u2XQ - cWLqdYUSSOCQMEOj9ceBXGiOI8UDt9YvJkp66a35Vphaha28hHcYVlCA4CkUqZANLxRwlRcZAFyB - AIj+TFPsbfrhH1s1XKi8VPw646L6YdvhwXU+glJUstx2GtuccqQS2q6UpTYaJXQtABaFlJryPwXB - rg2P/YRsfafDxYYn3+Ian5i9TIzc275m5/MXAAAA//8DAD9YWZxaAQAA - headers: - ATL-TraceId: - - 1091b6a8ecdc79bc - Connection: - - keep-alive + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SZbkdnJdFxbSdy6risryYPj8cDkikQMAgwA6tI4/94F + SErxRZnYncZ+IAlgb2fPLlafPFhWVGRe4ikQGSjIXjLgme4JWoLu6bSAkvZkBYoaJoXuQcZMCYb2 + 0oKKHLjMe3NQGvcgm0ClQIMw7dm01kaWM6vwMgrDKPQVfKxBm+mqglNFU8NS8Hoes/aj6PneED80 + 8Bl+FsZUOgmCDGaQmkx+kD41nGrNqPAFmAAtmYBWLIgDpnUNQafgGlYofzIdn0370c7uCJecC9pL + Pnkafat1Sg3kUq2aGDL8Qok4jON+OOpHe9MwTOIoCQf+7nD35zAOQ+ukNWLQcafmiU5a+QChCON1 + 2O1HBjpVrLLA4eo+0SXlvEcypg0TqSEVgxSInJGFVNe+lU6leKP4I72oBbPpovySzqmhKpgzWATO + rY2D7VYUDqLRr5r9Ay9KTHtdolVLCzQ5pfra5qq+MvYtmVGuoec1gkcYl5PteQVD4qi0WB3DHNDX + 8HPPMwyZVSFLvETUGKN3hyaDsNuolPyAET0R8Fbawe0S2MFtP74gySaqN4IZgwq0t7ZtmfqHO6vl + zCyosnzVrKw4Q4ezO5FjPhzLdkbLndEj3f1KZrpI1nnZCZ+jG/HOMt75f6002XdcRIPRcBkNv4fB + ZWdxEC8H8few2BL88+f7dIy28TTuNmZs+bbpgZj98wtkQ54ryLGt3OM6+il53VT5g1rj59s2Rts2 + 9u4rb1pas2obhuveXtKP2j5m4VIsbfz4dG/NkhiR0IWseXbIdMXpqqU6LiPu5i1iaunfmqAGL4qm + wT6+UJv2vWnYQaNO2TJ0rweytgg659/ZBSZyLzGqtt6kCjBYW9sPNfBoL+wa+F3Y1m3m7sa2hMfr + hN/dGGw6FpOKmdUTkejEA3c9fHuDZyXNQQdWQndKGC4ULC98Pc83Le41rnS9MPZcMq/ANi1L27v3 + 9XBLvNE2jkYjG3hB9bhi6TET1y/tziFUdrYQacchx6yF21uvCCnGOFrQKw4ToLrhpWrfvNPjN6+O + Ti6Pjw7GJ2fjy/Fk8tcEw8Di0hg5HpgWQE6xOwtDrF3CNJGCrwhWOuNWKTGS/M4UJacKSix1Umtk + mP9QxUdYUF54w8JwVM4Sr7mxMEmI8qaqbpU44p0zQfndQ+1k1MLreM7Ru65LYAJzAevTdWXL9huY + 3AwxT+RYI7y+FW/PHY+j3YZWv9H0GkfBjlmd8sbWQTtt/SeHu5GtKQ00EneXuICFrW7JpTppvLni + NfRzhT1rM7BIciibZMuywmFVmDYLX8vfbXDeiy//90muZF3ZkewlExm2JE2Q+eQKQJCq1gVkjnNH + k337vALCxNwasKTJCA7dBO8NyBKrrIh98sqqey+eueezhJyv1TKREIHRG0aNVEno7/qDGwshIshl + SnkhtUlG4SgMZo3MpfMNk3yBwuT8DNLa9hXyWi76Rj4se0ECch5pQ/6uqTKgyFjkWFwlQvUVgZPT + P8l+jZVLzlIqthxsELu5IWc4BjpH8P3g7dg93jWPLi32o71N7euUGSxeK+pogG+oiNg2Rm7IOero + x1iwfZw348hZt7QS88wXODn7uZwH85oLJJrBRhDcPn9hVQzCcC2XLsAvmVHgS5UHWI3UMpThWGir + OMCjfmFKbuU2+cAPlxGrLMa/CeQ1pwjf0v4acnEcgmCUW6qcgZrjjx7SJz+erDX0yA/c/PIC1Qz9 + 8KctGKL6fbyc59Cz8LjpkzyExRBj2x3sfTMW/wIAAP//7FnbbtpAEP2VVaVUgGKDjW0IVZQi0UiR + mgo1ah/SFxbvAq4AW76Ql3x8z6zX5hIuLVEQlSIQ2N6Z3dm5nNkZa3qlC+fvdeEc1MVp9YDAKZyr + U1M6oWes1ssk6yHi8PBBRqnJrNYlI3xl6+FcfCaWWcazum+ab2nWImDrdttFmNR6ChCBVb9DRqkC + Yh/kYxX8VLcpYP/2WQ2xh4Ff+DOOCgOsCS9SU7wuENdtUHsIsxjavA2mEkAoc41/HKefuO9jF+py + 6XQrjL0lYNcArKUYIZBcY6AZhHUuFkEC0JeUB1vA8hFpHY5UJGyy6WC5woDhaMFIfpSz+jARa3/Q + 0pE/iNIfEu0PPE2RGZNL9jQJ/AnD+Xo8BrJmgDoWcaw1HzPOUCH4YMRxxY/5iOQYdNVGja98Ps4A + wgM2kVyAc8GR28x8t+znUqD7UGRTuZom1seL+qSz6pMg6aujtijGMTwuhq31GUA5ATsewstVkHcO + G4bQvUM/5F+4pW0lmCXKhtPA10a7D1RS1Db7oU5BpGFtjFwYBnCZYiDWmwff3Szifko830IWqBuG + Cm8RCCnW3Ok7ggpHQyz9L06hWaOQkiH5eIWLWTCvskr1eQYfTsNO6bdbUePNEcM5EjEcQgzntYhx + VLJ4gRjHpqtVA58aMbx3xDgBYjj/F2J4JesBxHjZirB2tSIspxigKiWN4Rmq9UHNmU1Sd8ccjZ0D + ZXlf7GkX4a5yv1G2pJTXTqhU2NIA26yqNmcp+1dJNptxqhM/7C19SIHU9AnjIytKKv1v4H/UVroT + 1+6IO01hDdtOwx1CoFbryrJtjwrYkggr7CGTZN2uEOTboFzKYOiO4+fwiScRgSNNurdXrIwhTZSv + isxEvVr0K13LthxpNWTTFlee3/TdluW3XSEa3BtZsn0jrtUsF83uhX2Lb85nzPhcF3KGkT9KzCwx + nqARwzYhojDz8CKVGRHnCWkM/ArA+TTBZa9veGY0J/k3+87nL/Fm4/r8Jd5sfJ+7xAAkkfeJdQ9m + 9VjS1+9xKJ6ocst7tzmoPaLoB/mXLA4jWX8EDvnUoNSBR69fMFpGMq2jXzrp9k2s4fYdCo40+h8A + AAD//6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwJsZQCemQ3JcNWjmFso2AJqbX5IInXdGb3bgmuYx + wDXNYwCf5kGXgDfTUvPKMovy8yANIegYcil0gQGES4xLy/JLqDeZBjEMbijQpozE4rB88EQDbEYP + mIQgTq6GMaGlK9kOAC/G0IeZq6OUm1gRlFpcmgMyGMmz4CmCohLHEojHQVOVoGkEkNfh4qiajVB0 + QzWAXVtbWwsAAAD//wMAANAX988iAAA= + headers: + Atl-Traceid: + - 725347f0a799eaef + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bf4ab120-e7e6-48fc-a8da-d89372c79210 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '270' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ab23e5cf-e556-432e-a6ae-6e2c6c6781ed - x-envoy-upstream-service-time: - - '33' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5457,110 +4001,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - dea6bd1f33b9e19e - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqWEMaTn/YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwAT4cVoWgEAAA== + headers: + Atl-Traceid: + - cfd649106c9355d8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 63fb7661-54e7-4584-a13d-62ad001a0e4d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '110' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c0dc2fd7-e218-4d70-a18b-ce56af80252c - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5570,96 +4071,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11103 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rcECL5hOhykLXc9jgtp+4EyjLA3toojeSQ5CVf477cr - 20ChcJQezCBprX3Rs8+uxFcPVhWXmZd4GmQGGrI3AsrM9CSfg+mZtIA576kKNLdCSdODTNg5WN5L - Cy5zKFXeW4A2+A2yCVQaDEjb7PV6niDLURSFA1wYKGe4LKytTBIEGcwgtZn6onxuS26M4NKXYAO0 - YQNeiSAOhDE1BJ2Bc7hA/YPp+Gja34qGKJm5YL3kq2fQaW1SbiFX+qIJLsMVKsRhHPXDYT8eTaM4 - Gawn66G/tb75SxiHIcVIPuxFBc7MM2Mk/SAKwzC+PnW7yMCkWlSECEp3mJnzsuyxTBgrZGpZJSAF - pmZsqfS5T9qpkh90+ZQoDKS1hmAhYMkX3HL92oh/YHuOSarnLxrRfraN6EWjdjnFQLdvjtzzKNHo - a8rNOeWoPrM0S2a8NNDzOhte4oxc9TwrkBgVJtlLZI0n8SqtvmB4z0Sv1XbYuWx02NHiVsJvIv0g - hbVogPjVatOh/nB7jZrZJdd0MCPmVSmQIdmd0yC4jjLD0Wo4ekq4LcytsxbpShCw+HMb52G4iZ7j - 4SoePtuwS6FjyQvTjo/4ijZW0cbP+Vp1ztrJI94G8WoQ/5y3lpymmzzo7eqK6nv1sekumLHjE8xg - nmvIsa7v0RA5pcq6KbNGktbGqrlrEafoId586MPovo2mdTRSKkzX/rykH7X9ghisRdq4+3pPRvzC - 8E2h6jLbE6Yq+UXLQhQvucW+2rStH6+Ypided8GgsaapHNx0V9WEiov0EwmEzL3E6ppco037EdsF - FUULhgY8K1Xd9/rkxmi965N3UQsfgjN66EN80zKE0sJePBOBTj1wzfbp7VLMeQ4mIA3TGREoKERe - +GaR3/SYdyjpmlHsXd0/yqA7SsnPgNoJkfPOJqrL7wIRPcTEaESIFNyMK5G+F/LcXcZ7UNHdLNOO - Qo5YS/ftWiKVHOPVzM9KmAA3DS11O/MO3394u39w+n5/d3xwND4dTyZ/TfB8WEIGIcEN0wLYIfZN - aRn5ZcIwJcsLhjUpSjLKrGK/C83ZoYY51i2rDXLOd1V69xRbaDC8FGE4zDcT707RIui5kLzEdGI+ - bqqMvt2VtS+LFl5H/BKj63oBZjaXcL27rqhqn8Dk5q3wTPI1ytf31bfX+4/x8YZvv/H0HJ9SHeU6 - 442v3fZR81MBdy+jpmbQSdxdrxKWVN2qVPqgieasrKGfa2xZN88DxfZUk2w1r/CxJ22bhcdy+i04 - n+Xt3x2Wa1VX9PJ5I2SGTcowZD47A5Csqk0BmePc/mSHxjNgQi7IAREpY/hoZXg7QJaQsSL22Vsy - 91muuXEtYcfXZoVM2AwRKZLQH/jhJaGH4JUq5WWhjE1G4SgMZs32UxdWEA/CE1Rkx0d0k2GzYe/U - sm/V95VPWMCOI2PZ3zXXFjQbyxwLa44wPaJwcPgn26mxatlRyuUDGxu0Li/ZEWA5UCA43/04dsOn - ZuhSQov2vqTpVFgsXFJ1FMAZGmLU29glO0Yb/Rh7UT/aiKIt550olS7AnwurwVc6D9Jc9M+EJCkx - wcf1a5psf6t9QgaHYQOts7K8bQXrkhNXBT7dqJ4D3OoXdl6SnssMji43ZGcCeV1yxHBF/064w+yB - FLwkrhyBXgh8MPfZyzek2GMvSvsrKq/78asHIESjO3gtL6BH6LgnIbskVNd+01ymRTDlebLGDhDD - RlqLMtvfuy1CiPE4RNDilrj7LSL/msRuPfD//2N0BA3i0UaMtFjbc8WPdflFMWqLGNh/K7KX9PcV - qrd8+hcAAP//7FltT9swEP4rUSUkmEiapE2BTohVGpP2gQkxjUlsHzB2CpGaOMpLGWL973vOdtyQ - LmhDCPEBCZXEdz6ffS9+7nKHaeQStMnvx3j5gX/uU2xJEs61hOd0rfUxn9eLDIUo3UbW5U1k4yCV - /6yZcTw2+bxDkmiUyCSykolpL5FDJpZJiQQGHBCFE+SlOZ0qPKS5fMhcl2qRSwc3pLNca4G8VBgr - x2srC2vl0lj59oZyGoO87NoBauWg43LlBZvTSnSVItfkdeX9zJzWLk+kqBex2eJDUgOLpy3HAcep - AoOiIYN6Xb0/tOSWAHDeYDYGm7Obmj3QFLXibmsAZb3oIRTL2KVLJuGbjJo6Z0u6Fu0wFiVfox/y - NLzOOIe8KRL/1SLhyn4nicr1xnzf1OVOJ27sovfkyMJZgFB4as7nNGe8Iv4v0knUi4MaZJmIWCiG - r1Wcl9puGBc1jzWzCfMzhBRAEHT5H5dRE3NJiZ+8f5uJNMl2nO2d3ynQUyWn8OFNAB30Aehg3MZE - VQFsoCA8VRRd1qhHht9L6AOlvgWlzVb7GG251CUcNARWVYzf0O33l6qtCxLKOk0ZoZtB34VNZ0dV - iiyeCIEowI4Y51QZob6M5mw8EsHV/tiPrqD43t5BEIYTWscyYYVH2GIy7EwICgJwrnVwTcX7Qd6y - Mqc8R0IfbTvoUtkD3lJsHgDWUD8OoyAMxnHgx6NQHEz4iEd7Ad+PhPDZZB7E+0fiUEnZGs22wk/4 - 0/PclGUGfbiuHiq9unRvcSJu6JHjezrQ6MjcnLGSTgzzVVJHQYHHj6fuxMsz0r/bz3j9Gne7Iq9f - 425n5bVrjFwkdF/DFA1tNHJqWoIUT4S7dPtB57ML5FqwH9eFzOPhBTINp1LbBB518kC1kUzrmJ6k - qTcKk2nfUsHLG/0tFbyExm+poDcVWCABFa91xN3TRwDz7EOurNgCT5tYyQfeGtyvBpuEvoalbxuW - XYJt/3UJFrrF2TIpZKYxkOmG1OaLlH79ly0sZfVsfWIty8rEQqhmz6XqmDWdabiW1vi+eTRZ98nr - q293w0bu7iBlv87isl6Q4NZeVa+rqGaV3je13KkfRju34w8nhw9mmwlK29Vq9QcAAP//AwCSQpKI - 2BwAAA== - headers: - ATL-TraceId: - - 28e6db7a7aae2717 - Connection: - - keep-alive + H4sIAAAAAAAAA7xW60/cRhD/V1b+EFXpnV/34HAUVZRcElpKKZDkA0FosefsDfauu7u+R4H/vTP2 + +ZwcIQpUDSdhe2bn/ZvZuXFgWXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7Q3B22QB8kJlBoMSLs+G1fGqmJGCi8D3w98V8PfFRh7tirhWPPYihicniPIfhDs7O7gh4F8 + hp+ZtaWJPC+BGcQ2UZ+Uy23OjRFcuhKsh5asx0vhhZ4wpgKvVXANK5Q/OpuenvWD4WgXSbULxolu + HIO+VSbmFlKlV00MCX6hROiHYd+f9IPdM9+PwiDyx+5gJ/zZD32fnCQjFh2v1TzRSZL3MBV+uAl7 + /ZGAibUoKXFI3WOm4HneY4kwVsjYslJADEzN2ELpa5ekYyXf6fyRXlRSULl4fsnn3HLtzQUsvNqt + zsE1K/AHweQXI/6BlwWWvSrQKsECTZ5xc021qq4svUUznhvoOY3gAcZVy/acTCBwdJytDmEO6Kt/ + 13OsQGSViBInkhXG6GzBZOC3jFKrTxjRExO+lq7TXRewTTd9fAaSLqp3UliLCoyzsU1I/b0+a9TM + LrgmvBpRlLlAh5OtyLEeNcqGk+Vw8kh3v1GZNpJNXYY+AT0cLsPh/2ulqX6NRTQYjJfB+EcYXLYW + B+FyEP4Ii2uA393dh2PwEE7DljETy/fNDMTqn18gGtJUQ4pj5R7W0U+VV02Xf1VruPMQY/IQY/e+ + 8makNVQaGPX0dqJ+0HMwa/Y9ZoTA2xyoG58SqEXceHZzj0awxtyYTFV58kqYMuerNfiRvOAWL4pm + wD6+UZvx3Q1sr1GnqQ3r131VUQYDcvUDEYRMncjqimzHGjBY6u37A3zk7u747QDfTttmzGwzHip4 + uCn4NmPQTSyhtLCrJ2aiFffq6+H7B7woeArGIwnTKhFIyESauWaediPuLVLaWRg6dwSHK6ChRbDd + vq/HD8QbPITRYEKBZ9xMSxEfCnn9mjivoKTdQsYtYmocLWrehiKVnOJqwa9yOAFuGhTq9ZtzfPju + zcHR5eHB/vTodHo5PTn58wTDwOYyGDkeOMuAHeN0lpaRXSYMUzJfMex0kZNSZhX7TWjOjjUU2Oqs + Mogw92sdH2BDOf6t8P1JISNnq50xt6mQPMeqYdq7NiPeNm29Ga3TW+M8R+/aKYEFTCVsTlclte13 + ILlZYp6IsUZ4cyt+uXc8DnYdrH7l8TWugi2yWuWNrf31tvWfHG5XtqY10EjYXuISFtTdKlf6qPHm + Kq+gn2qcUN3Cotgr1RRbFSUuq9Kuq/Ctmn6ZnI/y898eS7WqSlrJXguZ4EgyDJHPrgAkKyuTQVJj + 7uBkj55XwISckwECUsJw6WZ4b0ASkbIsdNkbUvdRPq+fzyN2vlErZMTKNBq5gevfUuowc7mKeZ4p + Y6OJP/G9WXP2svYJV+ELFGLnpxBXNE/YW7XoW/V12QvmsfPAWPZXxbUFzaYyxaYqMEXfEDg6/oPt + Vdix7DTm8oGDTaZub9kprn+1I/i+/35aPz40j7Yc9LG+Ren1TFhsWhKty49vqIjR+GK37Bx19ENs + 1H4w9idhbZ3gJOeJK3FjdlM19+ZVLhFgFgeA9+X5C1KxO9yIxQtwC2E1uEqnHjYhJ2AK3Aapeb3d + oZvZIiepMsV/dR1IRYh/J1AoCxhGAmy6xHyTDOuzn47THnuW2xcsdIPADRl7ltoXL9nA9VG4Zgzc + sTtkLWPYMYbuyN1p6aOOPnJRV0sfd3R6HXV08m5ND9xxRw87etid/xcAAP//7FhdT9swFP0rV0JC + adamokCLOvUBAQ+TBprWbS/rpIbU0GxpUuKkMDH++861HdehLYiOhz0AqKS+vvb1uV/HwSVnOb4f + 7C/HD5bjB8sD9Jb78qMzbvflx05jQ0wAuGNQioVosrsVi6Z1vu290Ldm/mv59s2vr+NXFLQq+fu+ + 8jGPkX9aCjpFJcTgUMyLgPZ6TeK+R/UyW/1O9wJbZ9X3/eAtAbdxVNUq2p2jIxRo/1S1YHTHnxkx + OYFDntUjDx+Nda592rHko+pD8B3/WlskKXZEtqsF/q0B1GPLH2ZlHgnEVyJ8brUtXBRnsRQM7Pza + mXi6JAQ+GrfdFsEnTa8N4qwdThaxBKkABT/sdMAVrhhjJERFCJk1jOfXYwLZgn0phZTrOI44joWN + Yz6DyMPLOOHuWUzDgrIIG0m6nYJnFKC9RpFRuwyloCynG9zdfhMunhHnocTqUR5esQGgSeUsJWZF + gco0EOdcEJgzFbdZpRKRjEQa4iLB5ANbxdGU0OrBqpP4lwCvvsIuIcyez5M4Uq/7DMmpDE4E8EHO + MjF3Z+mjwaYyleEVigXz8JYseQrskzeJ2c4gI2kWQjnOwAEc42UwSjurq0MpBdKSjYF5uDbm4PZY + 16LDvMvaEBqkclGUeYrgxpMsk4LRdWzAvLVGBAzgzg6uFBn8ib+TLI0Q86N0PB6PUr6NFXRPJzgZ + +M0DDYjff8a58HZ37jo9hJb+36jmRnrmgMBpjZrHQvUUmMPxSKXAcA1oPDz7eHbyhfboeEi7N2VW + vB/hRy/e9vUIknCd2G+PkJfv+KgyS0QAFu8h+iPcrAKRLho/2BqQYaik7bbWHisDtFEKQA92NMkT + ed5kBBs04Myhe6xszoS1Jmz4Q8OAQ99soNB5NikRL8Sp5o5XL1X6tToOTrihkkOyqZZbpZVqbiUr + 9dyRPKrojuRRTXckj6q6I3lU161kpbI7knptB06f1EuSSQVS38w0IBlUsJ4DF2NkMOGNXLgYIwOK + EVVwMUYWFEdS9bwKlZqIQbKo1CQMkkWlJmGQLCo1CYNkUXEkGiSLSk2iQXKCCXhNEUkcki1N8/qr + hZ5vJX3+QHfCt+OI8wCBWV4i/U0POI/VHc60AN9eWjrBXXDXp6/qFs8FyBT7yiWomAkkeeAq7W9S + 0t5aq3OwSUe7ca3O4SYd7eC1Ot1NOtojVoc8uuAOpLqT7XAqCJra401VdrWLudWEicxorgM4ICYS + dtPepk2VS5/e1AQEutTKBsZ3H2bzMCrYbxcZxeoLIQQW8URMlm0eEz+DFeUC1Vy+pM8b1XnG92im + KV44mcVpg7zGnxloSJH1LfVYS2jfyKyTwG7Be57Mdrcks10ms93/gcxue+N1A/flZPYvAAAA//8i + rTFrONqYHU6NWQAAAAD//+yaX2vCMBTFv8vAx3RN2rT6IE7YBnvz2beYVAejf2ha/Pq7t0m7prMO + 9jAKC/gg9ia5JuR45Py8mfVm1jFnjqY75sxRdcecObrumDNH2R1zNtZ2b2b7/fJm1pvZZZhZOgz9 + wcx+D9bpXLBO43FW2tRCfnRBPoIF01I+M0c4+2AIq/vvNFc4F16HA2Dh5L3TTFA0jZDvmI7dDM3D + gcbQbZ4LTD0fbgZ5uHGILpT1L3NR9Bo7ISXCEW9qy88ijhQ9reOQn6CRNN1QxhJcZyiCFe6UZXiq + e6VgDQ2VXz2gsCA381Reha7Q1uKkd4mn7hCy4FKbMvi5z3vqhlNG44yGWcTUJpGR5CmVa65UKJIz + zdY7te1mWUX7FXuFlxlHclHYWJIQ85EOWk2usCOEBdCiCoy04ZaRSgiNOwbjO+sNlwjePh9IElQF + 9j+lp5bf8RS/Wn7HU3xr6R2DECnDNlmSYPx/8mBpRLxPmHMZAsmI2bEssPylrcsqezyC/kjEbOzF + Q4gQng43Gdex6KSFEGors14K/v7Q/6kUfAIAAP//orOLR4sCnEUBvLkBdGI6JMdVg9YfQ9kGQHPz + SxKhq6fRmxu4Fisa4FqsaABfrIguAW+eAbvKmUX5eZA2DkQopRS6TB7CJcql+bkQE6phTGhhR0YB + h7TCXx9mro5SbmJFEGSIA8Vu8LqzohLHEog7yoAta3IXy2EsTYUYBjcUaFdGYnFYPnjZHnw1bH4R + eDEcyEq4Q1Bda4TiXKgGcPDU1tYCAAAA//8DAGhgLt6VMQAA + headers: + Atl-Traceid: + - 026923d0919162f2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:29 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 38cd3b31-486b-4c57-97ed-644bbc038342 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '241' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d56c67ac-d965-43bf-b55d-4e7c46768392 - x-envoy-upstream-service-time: - - '134' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5669,61 +4189,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtJusuYkeVGQVtnuSRZJ2ipW0KW0qLMv+dxNc/LgN7zzP - vMwJrJlpPznQ8B7COOvVqqGW6tD4D89McGaeOzOwgQJk8EnT3PkhwhyRM2SY77Y3L7v75+p3u116 - GyfQrwnKMMNDBg2Nzh97GkJ1HCkeuHV+aaJkl8413wroJKzVJbwzIYECBc+xzIWqeKmR66JkiHiF - AjH6M02xt+r6f+ym4kIXUvNrJoX8Yev+YWh9BJXYKLlurakLKgxJrFuppG2sUdjWiKYslbJU/CkI - LjU8dpOB9E5rFheefG1SfAJ3mYCGt/0OzucvAAAA//8DAFlfd3RaAQAA - headers: - ATL-TraceId: - - f25e64b82560d222 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE26uYkeVGQVtnsSkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4I5zA4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8v7t+3t89Nb/b3TK0 + aQL5skIZZviagTaT88fBjLE5TiYduHF+0Ulql97pbwVkEhhWl/BWxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8YObU2/TDP3bbIEpGJdsSTukP2w33o/UJ5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w0M/K1jfsWpx8dF3ao1P4C4TmPHtsIfz+QsAAP//AwCq2IxvWgEAAA== + headers: + Atl-Traceid: + - de28a8cf1040d138 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:29 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 07c08bd7-070d-4443-ba64-b7c480aea7dd X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '124' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a3ea4a1e-20bf-4565-8c60-c09f89604a58 - x-envoy-upstream-service-time: - - '39' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5733,110 +4259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11798 response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 2e4c5634621b011e - Connection: - - keep-alive + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDcIGHU6HQpOQkspBZJ8IAxzSGvpgnSn3p1s08B/7+7J + soOJM4FOM/4g6e727dln99YfPZg1XOZe6mmQOWjIXwqocuNLXoPxTVZCzX3VgOZWKGl8yIWtwXI/ + K7ksoFKFPwFtcA/yU2g0GJB2fjZrjVX1mBRexVEUR4GGv1sw9vy2gRPNMysy8HxPkP043tkd4oeB + aoyfpbWNScMwhzFkNlcfVMBtxY0RXAYSbIiWbMgbESahMKaFsFdwA7cof3w+OjsfxFvbES45F4yX + fvQM+taajFsolL7tYsjxCyWSKEkG0XAQ755HUZrEabQbxJu7P0ZJRDqcEYuOOzXPdJLkQ4QiShZh + zz9yMJkWDQGHq3vM1LyqfJYLY4XMLGsEZMDUmE2VvglIOlPyja6e6EUrBaWLV1d8wi3X4UTANHRu + LR2cb8XRZjz8xYh/4Oca097WaJVogSbPubmhXLXXlt7SMa8M+F4neIhxOVnfKwUSR2fl7RFMAH2N + 7n3PCmRWgyzxUtlijN4KTTajfqPR6gNG9EzA59IObpfAHm76+IQky6jeSGEtKjDewjYx9Xd31qix + nXJNfDWibiqBDucrkWM+HMu2hrOt4RPd/UJm+kgWedmKdtCNZGuWbP2/VrrsOy6iwXh7Fm9/C4Oz + 3uJmMttMvoXFOcHv7x/TMV7H06TfGIvZ264HYvYvLpENRaGhwLbyiOvop6rarso/qzXZWbcxXLex + +1h519K6VWoYrnt76SD2PUTNvkVEiLzdAVf4BKAWWefZx0drRGvExpSqrfIDYZqK387Jj8tTbvGi + 6Brs0wu1a9/Lhh126jSVoXvdVy0hGJOr72hByMJLrW7JdqYBg6XaftzAh8HOi6hv4KuwLdrM6sa6 + hCeLhK9ubC47llBa2NtnItGLh+56+PoGL2pegAlJwvRKBC6UoigDMymWLe41rvS9MPHuiQ7XQE2L + aLt6X2+viTdex9F4SIGX3IwakR0JefOSdg6godlCZj1jHI+mbm+xIpUc4WjBrys4BW46Fur5m3dy + 9ObV4fHV0eH+6PhsdDU6Pf3zFMPA4jIYOR44L4GdYHeWlpFdJgxTsrplWOmiIqXMKvab0JydaKix + 1FlrkGHB5yo+xoLyojsRRcN6knor5YzYFkLyCrOGsC/LjPZW1+aT0Rxex/MKveu7BCawkLA43TZU + tl/B5G6IeSbHOuHFrfhw7nga7Za0+pVnNzgK9szqlXe29ufT1n9yuB/ZutJAI0l/iUuYUnWrSunj + zpvrqoVBobFDLQcWxQ5Ul2xVNzisSjvPwpdy+hCc9/LT3x4rtGobGsleCpljSzIMmc+uASRrWlNC + 7jh3eLpHz2tgQk7IABEpZzh0M7w3IE9JWZkE7BWpey833HMjZRcLtUKmbIyIlGkUbAbRHaGH4FUq + 41WpjE2H0TAKx93xK+dWGCeXKMcuziBrqaWw12o6sOrzspcsZBexseyvlmsLmo1kgXVVI0pfEDg+ + +YPttVi07Czjcs3BDqy7O3aGE6BzBN/3347c41336DNCH/OLlF7PhcW6JVHHAHxDRYw6GLtjF6hj + kGArGsTbcbzrrBOj5CQPJA7NQaEm4aStJHLMYg8IH56/JBVbUYclyWVTCGphNQRKFyEWIidyCpwI + qYBDPBqUtq5IzqUCny4ZpOcUirbiiNqM/v849w9ACl4ROc5AT/BvDhuw71+SoM++q+xPKPwiSH5Y + Axoq3cNrdwI+4eEmTXZHOG70KKYbDghaYxsHLbADZBUunkFjAxbv+Ix6CHtI2f5XxsGCs+//BQAA + ///sWd9P2zAQ/lciJCaoSJqkTVs6IVaJIfHAhJjGA3vB2CnN1NRVfpRJjP9939mOSQNhW4cQD0io + JDn7fLk7f/7uQvc97+VfosrHbjgaIgs6R2qrYxf+kA6BIIz94zxnBz+7T7328y/tdJBaEHzHP3ej + KGNNJIxS8X95tu75zldZZvDjcTKPscVj7esPN8VHlVS1gUcP0NMBRNhlJTDJbGkvkV0mVkkO+MJh + H4UDoNKUvIx0qY4eit6VUn7l4Hx0yFTUZOZEzEzQjSEUdGGDnpug384I0Rj0LW4csFkOOY5WnrEp + rUQHKaBmWRYePH/xoP9UinIeG+haF1V0eVzLI4w4U8RPVGJI4ZkDK64pwMgZZuMhclJtxHHTmXu1 + BzkISIsgW8UuHTEJfzxQS6dsRYdiLUqEXGP6oeTC7YRz6BsD9q/nCTcRPE0U1psAflOHO/ncREa/ + lSMzZw5B5tnIn6RLxgua80U6ibpxULisEhGLtVw6x44C48HS/5IhZupSEtBTgu8wkSaLXWdn91eK + BC7kGEn7mC8HbXw56NcpUJGBCih+TvVCc2jUosNvFVgOWr1T28A2Tuq31U2+rZtYUTA+o9PuifKt + yQnyMk0ZkZmttvOZfEdFicw2ZDy0ow4Z51T2nIiDaMr6PRFcj/p+dA3Dh8P9IAxVY8sOwgrPDIsp + sBMhKOsx8sEG11TEn+Qty5cEiqT02V6GikPsgV6pYR74VFVPR0EY9OPAj3uh2B/wHo+GAR9FQvhs + MA3i0aE4UFq2e5Pt8Bh/ep6bsoVhG66rH+Vembu38IgbejBReHpnkcvcJWM5eQzzFXCjfsDl0Zk7 + 8JYLsr/ZF3n7FjcbK2/f4mZj5q1bDCwSumthaoQ6HTkzfUbaT8S6dG9B49klmCmGfy4zuYy7l4Ag + TgW02XjUHoTU7mRaxzRFTXmRGaR9h4LXD/o7FLyGxe9Q0AoFlkjAxBu94+7oy4K59qFXFsx8F2nS + k7Y2pN/WhvRtG7IpsAwtXqySTC401TE9jtJ8ANO3f2WpTLWGu+rSgN0GAFf7dtet9O5tpezneZyX + c1JcW1t1lLJiUmg7VrJ4uaazVmaVYq0Zyy+kasjZPrfMVJuLlrSGrFsbrplrJij33N/f/wYAAP// + AwCwpeYebx0AAA== + headers: + Atl-Traceid: + - 765a6a77176c2aae + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:30 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ed1075c6-681c-4d1d-9f34-2c83a15e298f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '407' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8358292b-ea5d-467b-9897-807fd6098928 - x-envoy-upstream-service-time: - - '67' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5846,98 +4364,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11101 + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlTW292HEcdJkPBSWhTSo2TfCAMc0hr+YJ0p7k72aYh/727 - JwkTgikhNR90d9K+Pfvs3vLZg3XFZeYlngaZgYbslYAiMz3JSzA9ky6g5D1VgeZWKGl6kAlbguW9 - dMFlDoXKe0vQBt9BNoVKgwFpm2+9nidIcxRFYYQbA8UctwtrK5MEQQZzSG2mPimf24IbI7j0JdgA - ddiAVyKIA2FMDUGn4AIuUf5wNjme9V9EMZ7MnbNe8tkzaLQ2KbeQK33ZOJfhDgXiMI764bAfj2dR - nAyeJcPn/mg0/iWMw5B8JBv2sgKn5pE+knwQhWFIXjVRt5sMTKpFRYjg6S4zJS+KHsuEsUKmllUC - UmBqzlZKX/gknSr5ThcP8cJAWmsIlgJWfMkt1y+N+Ad2SkxSXT5pjg6ynSgcRON2O0NHdzYh9zxK - NNqacXNBOarPLa2SOS8M9LxOh5c4JV96nhVIjAqT7CWyxki8SqtP6N4j0WulHXYuGx12tLmR8I2n - 76SwFhUQv1ppCuoP961Rc7vimgIzoqwKgQzJbkWD4DrKDMfr4fgh7rYwt8ZapCtBwOLvJs7D8Dla - jofrePhoxS6FjiVPTPu8x1Y0WkejH7O17oy1i3usDeL1IP4xay05TbfYau3LF6rv9fumu2DGTk4x - g3muIce6/oaGyClV1E2ZNSdpbawqXYs4Qwvx820vxt/qaFpHc0qF6dqfl/Sjtl8Qg7VIG3Ofvzkj - fqH7ZqHqItsXpir4ZctCPEag7HusWWJma4Jb7LRNI/v+Gmq65HVfDBptmgrELfdUTTg53z/QgZC5 - l1hdkzOpBoyVqu6uPhmPoq5P3kYt3AZntO1FvO3FYNNLhNLCXj4SiE48cF344X1UlDwHE5CE6ZQI - PFiIfOGbZb5pPm/wpOtSsedyeQ7UToict8Kiurwz3mgbE6MxBb7gZlKJ9K2QF+4y3oeK7maZdhRy - xFq5d9cnUskJXs38vIApcNPQUrcr7+jtu9cHh2dvD/Ymh8eTs8l0+tcUw8ASMhg5fjBbADvCvikt - I7tMGKZkccmwJkVBSplV7HehOTvSUGLdstogw3xXpbejeIEKwysRhsO5TrxbRYvY5kLyArOGsG+q - jN7dPmsnixZeR/MCvet6ASYwl3D9dV1R1T6Ayc2s8EiONcLX99XX1/v30W5Dq994eoGjVMesTnlj - a68dan7I4W4yakoDjcTd9SphRdWtCqUPG2/Oixr6ucaWtRkPFNtXTbJVWeGwJ22bhfty+jU4H+XN - v12Wa1VXNPm8EjLDlmQYMp+dA0hW1WYBmePcwXSXnufAhFySASJSxnBoZXg7QJaQskXss9ek7qN8 - 6p5PE3ZyrVbIhEmM3gpulU5C/5k/uCIIEcFCpbxYKGOTcTgOg3kjc+Z8C+J4fIrS7OSYrjNsLOyN - WvWtulv4lAXsJDKW/V1zbUGzicyxukrE6h6Bw6M/2W6NpcuOUy63fNhAdnXFjgFrghzB9d77iXt8 - aB5dXmjTXpq0nAmL1Uuijge4QkWM+hi7Yieoox9jxfZxvIsjZ514lS7BL4XV4CudB2ku+udC0inR - wcf9S1rsfC19SgoHYbjRsrqpBYuTE2EFzm9U1AF+6i9sWZDcJj24cQkiZTH+ppDXBUcw1/TPhYtq - H6TgBTHnGPRS4PjcZz8dXmvosSeF/XUH1Yz88OctiKL6Xbyql9AjsNyYyO5CZoSxPRu8eCQyrbRD - ZvhwZIb/icz/h8q/AAAA///sWetP2zAQ/1esSUhQLWmTNulDQowJJiENhPZgEvtSY6dNpjaJ8ihf - +OP3O9t5UChsFTAmoVZtYt8553v8znf5E60gqj5mPBZh9xufTzrsDI6mR8toIU+O2kPwQ+yMQjls - DVef0LHrcFf3ffs5zVzFc9cd+RRFnSMFmMCyXwmjVAIRH2dku/S7B/Yq/MBGfkLb/XGMm5/4s7Zx - fVrhQq/wlJHYKPyiXMQo3imD1wjRRkPoVDlVwwEd1ajdAbpWksQJ4NzgoB0lXS5XUQ7kDygZDgHo - M1ItHKbK2mS5afOkKcP5gq0aeYDqmbF60Fhd1lbPjdV5USA95u/ZdRiJkOGMPZ8DXUtshqUcz4rn - jDMUAwKMOLOIjM9IjumhEEFaWJ95PC8BxFMWBlyCc8WR4Gy9W9ZS0Gkiy0XQ1s7t+aoUmbQ9DyTn - 6rwtq3lMz6tp5/YKoAzBjsFK7xOzdWLhSl51eUsE8jH6IQ/DLW0rxyppebWIhDLZaaTyorHYd3UQ - Iv0aU2hRGKy9wESmtt45WaZcFER/lrBI3TDUa6tIBlIRfC2CNNdWwrgsRaCJTaB/QSjhwAhZ/sZL - FGOaUH4kr9/lchnFe2x372aJk2aRTGrfvRcqnh0mvPGWMOGNCSa88aMwsU0euAMTT5OWmqB/IZjw - 32DiBWBi8J/DhG8YH4GJuz0JZ1NPwhm0y8wig6OoHgg1adZJvQ1r9DZObKrze3WdX211E2HdgVJO - HFLJcE+/a728Wl9lXD+uXC45FYzvHqyBSIHU/UmyLUtL6gEcwB2pv3Qi970ZH/SlczUa9LwrCDQc - jh3X9amSrYnwhAfIArLuoZTk6qBsZLBMJ/FDcs3zlECOFn2wnatbkDbqWEVmo3Dt6suu57jOIHB6 - Qd+VY1/0hTd0xMiTssf9mROMDuS+WmWnf7jjfsJX81lLHpuCzrL0UG6XuXUNjViuTd5v62gjlVkp - 5zlpDPwK0fkix+XRueXbaUzyr/eJX7/E693m1y/xesf6tUsMQJK6X2yaMe2jyLl51ULxRFWabuJq - ULsE4IL8uMySNOheAm4EdSpN4NEbEszWkUzPMe96TB8nM3D7BgUvb/R/CQW/AQAA//8i18WjRQGt - XUyHogAAAAD//4IVBfBmBtCJ6ZAcVw2aXIWyDYDm5pck5gBZmA0mA2CjS6m6VglTAtdEkAGuiSAD - +EQQugS8/ZaaV5ZZlJ8HaSFBR5lLoTP9EC4xXijLL6HabBvELLiZQIsyEovD8sEzEbAZP2DSgri4 - GsaElrpk2w9eE6EPM1dHKTexIii1uDQHZDCSX8FzCEUljiUQf4OmMkHzDCCfw8VRNRuh6IZqALu2 - trYWAAAA//8DAAsULJowIgAA - headers: - ATL-TraceId: - - 37efa3f1c2f90c29 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqCiScsR+2Hx+c8QmsS8pNYYwpeMNYjUWDWFaS1bSXqOqe81JjUf8tiHZt + eBxmCes7Ri42PvlervEJ7GUC7d72OzifvwAAAP//AwAQ4WcIWgEAAA== + headers: + Atl-Traceid: + - a067fd937f1e295f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:30 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 55957dd1-2681-4e77-b75f-c13486186f95 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '113' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1fe0980f-4def-46b3-af9b-6e66769db16b - x-envoy-upstream-service-time: - - '140' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -5947,61 +4434,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11796 response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtNssuYkeVGQV2j2JSD6mWEmT0qbCsux/N8WF1dvwzvPM - y5xAq5kOkwMJnzGOs9xsLHVkog1foVDRqXnulS88Rcjgm6a5Dz7BDJEVWGDe7G9fm4eX9rrdL4NO - E8i3Fcoww/cMLI0uHAfysT2OlA7cubDYJOmld/ZXAbkKW3EJ71VcQY6c5VjlXLSskshkWRWIeIMc - MfkzTam37Yd/7K5lXJa15FgwfmXN8Oi7kEDBd6LedlqZkkpFNZquFrW2WgnsDKKqKiE0lX8Kolsb - nvpJwfpOpxYXn4NRa3wCd5mA/MehgfP5BwAA//8DANcXrWhaAQAA - headers: - ATL-TraceId: - - 830b882f37ab2977 - Connection: - - keep-alive + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZvBMepkOhSchJZSapzkgTDMIh1LW6RddXflS0P+e8/R + xU4MzgQ6DTxI2t1z/863xx8cWJZcJk7kaJAJaEheCsgT05O8ANMzcQYF76kSNLdCSdODRNgCLO/F + GZcp5CrtzUEb3INkAqUGA9K2Z+PKWFXMSOF14PuB72r4uwJjp6sSzjWPrYjB6TmC7AfB84MhfhjI + Z/iZWVuayPMSmEFsE/WXcrnNuTGCS1eC9dCS9XgpvNATxlTgdQpuYYXyZ9PxxbQf7O2PcKl2wTjR + B8egb5WJuYVU6VUTQ4JfKBH6Ydj3R/3gYOr7URhE/sDdH+7/6Ie+T06SEYuO12qe6CTJe5gKP1yH + 3X4kYGItSkocrh4yU/A877FEGCtkbFkpIAamZmyh9K1L0rGSb3T+SC8qKahcPL/mc2659uYCFl7t + 1sbBdivwB8HoZyP+gRcFlr0q0CrBAk1OubmlWlU3lt6iGc8N9JxG8ATjqmV7TiYQODrOVqcwB/TV + /9hzrEBklYgSJ5IVxuhswWTg79oIuo1Sq78w1CdWopWu61BXtqsDfXyCnk24b6SwFhUYZ22bIPxb + fdaomV1wTUA2oihzgQ4nWynBQtXw2xst90aPdPcLJesiWRdsz3+OboR7y3Dv/7XSwKIGKRoMhstg + +C0MLjuLg3A5CL+FxRb5Hz/eh2PYwXEmlm8bDsQiX15h0dNUQ4q0cg/r6I7Kq6bLHwR5+HzXxmjX + xsF95Q2lNatEGDV7O1E/aHmMsqJF3Pjx4d4aYRUDNpmq8uRYmDLnqxbRuIzptW8xdYTy1gS3eFE0 + BPv4fmzoe0PYXqNOU7fVr0eqogzWzr+jBSFTJ7K6Im9iDRgstfBDBB4c+B2Bb6dtF82Ea5rZ3lgX + vNRCaWFXTwy4E/fqW+DreVwUPAXjkYTplAhcyESauWaebgjrNa50zBY697EbDrpQcn4DxE0E2+37 + ergjEcEujAYjykjGzbgU8amQty9p5xhKmi1k3GGoRtai3luvSCXHOFrwmxwmwE2DS92+Oeenb16d + nF2fnhyNzy7G1+PJ5I8JxofNZTAleGCaATtHEpaWkV0mDFMyXzFsaJGTUmYV+1Vozs41FNjRrDKI + MPehxg6woRz/Tvj+qJhFzlY7Y9JTIXmO5cR6bNqM9rbX2smoTW+N8xy961gCK5tKWJ+uSmrbr0By + M8Q8EXyN8Pry+3zueBweN3j7hce3OAp2kOuUN7aO2mnrPzncjWxNz6CRsLurJSyou1Wu9FnjzU1e + QT/VyFmbgUWxY9UUWxUlDqvStlX4Uk0/T857+en/IUu1qkoayV4KmSAlGYbIZzcAkpWVySCpMXcy + OaTnDTAh52SAgJQwHLoZ3huQRKQsC132itS9l8/q57OIXa7VChkxidFbwa3Ske/uu4M7SiFmMFcx + zzNlbDTyR743a2Sua9+wyFcozC4vIK6IcNhrtehb9bDsFfPYZWAs+7Pi2oJmY5licxWYqi8InJ3/ + zg4r7Fx2EXO542CTsbs7doFjYO0Ivh+9HdePd82jKwt9tLcpvU6FxeYl0RoG+IaKGPEbu2OXqKMf + YsP2cd4Mg9o6wUrOE1fi5Oymau7Nq1wi0CwSgff5+StSMfD9tVy8ALcQVoOrdOphN3JCqMDpj7rY + w6NuZouc5Db1wI+6IqQsxL8JpFXOMX1L+jVUx3EMUvCcoHIBeo4/eliffX+21tBj3+X2pxeoZuj6 + P+zIIao/xMt5Dj1KTz1ksodyMcTY9gcHX52LfwEAAP//7FnbbtpAEP2VVaVUgGKDjW0IVZQi0UiR + mgo1ah/SFxbvAq4AW76Ql3x8z6zX5hIuLVEQlaJEgL0z3tm5nN0z1vLKF87f+8I56IvT+gGFUyRX + p6Z8QvdYrZdJ1kPF4eaDjFKTWa1LRvjK1su5+JtYZlnP6rppvmVYi4Kt220XZVLrKUAEVv0OGW0V + MPugHqvgo7rNAfuXz2qoPQz8wpdxVBlgTmSResTrCnE9BrWHMIvhzdtgKgGEMvf4x3H6ifs+VqF+ + LpNuRbG3BOwagLU0IwSSaww0g7DOxSJIAPqS9sEWsHxEXkciFRs2xXSwnGHAcLRgZD/orD5MxDof + tHWUD6LMh0TnA09T7IzJJXuaBP6E4Xw9HgNZM0Adizjmmo8ZZ2AIPhRxXPFjPiI7Bl21UOMrn48z + gPCATSQX0Fxw7G1mvlr2c2nQfSiyqVzdJtbHC37SWc1JiPTVUVsU4xgeF8PW+hMgOYE6biLLVZF3 + DgeG0L1DH5RfuKRlJXhKlA2nga+Ddh+oTVHH7Ic6BZGHdTByYxjAZYqBWC8eeneziPsp6XwLWaAu + GIjcIhBSrKXTdxQVjoaY+l+SQqtGIW2GlOMVLmbBvMoq1ecZcjgNO2XebkWNN0cM50jEcAgxnNci + xlGbxQvEOHa7Wg3wqRHDe0eMEyCG838hhleqHkCMl60Ia1crwnJ2DbirtDONkTKqJ0Jdmw3RRim6 + ObCL3jdKel8sdpdg2ZJaY8ibLEql9IR4xNY2Q6PsXyXZbMaJJ37YS33IgdT0CeMjGSVR/xvkH7WV + 7sS1O+JOU1jDttNwhzCo1bqybNsjAlsKYYY9YpKi2xWCchuSSxsM3Vj8HD7xJCJwpIfubQkrn0sT + 9FWJmeCrRVvStWzLkVZDNm1x5flN321ZftsVosG9kSXbN+JaPeWi2b2wb/Gf6xkzPtdEzjDyW4mZ + JcYTPGLYJkwUZl5e5DIj4jwhj0FfATifJvjZ6xueGc3J/s328vlbvNmfPn+LN/vb524xcEfkfWLd + g1k9lvT16xqqJ2Juee82x65HkH6If8niMJL1R8CNT51LXXj0lgWjZSXTPPqlk27fxBpu36HgyKD/ + AQAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMCbHUAnpkNyXDVoghbKNgCam1+SCJ13Rm924Jrm + MYBP86BLwCdN0CXgzbTUvLLMovw8SFsHOoZcCl1gAOES49Ky/BLqTaZBDIMbCrQpI7E4LB880QCb + 0QMmIYiTq2FMaOlKtgPAizH0YebqKOUmVgSlFpfmgAxG8ix4iqCoxLEE4nHQVCVoGgHkdbg4qmYj + FN1QDWDX1tbWAgAAAP//AwAwC6fQzyIAAA== + headers: + Atl-Traceid: + - 258997bd1e9c2e0e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1937a798-be50-47c7-b06e-11f28fdcc3dc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '258' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f32c3a56-b2a2-43ef-aa2d-dd182944e057 - x-envoy-upstream-service-time: - - '38' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -6011,110 +4541,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 99279f28abe35676 - Connection: - - keep-alive + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTpG1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQzLS3in4goyZCzHOqeiwVqikKwkiHiV + SEx+MHPqbfrhH3vdIEpGJadEcP7DdsPDaH0Cq4IKy621XNSMVchrxKJUrKKdQl11QhQGefW3ILq1 + 4bGfFazvWLW4+OQ7tcYncJcJzPi238H5/AUAAP//AwDlUzN4WgEAAA== + headers: + Atl-Traceid: + - 174c6ba7ebd5ca42 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b0fb93bb-a81b-4439-8f4e-f5c0c9a3b33f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 784d8e78-493d-48a2-a80b-50b3b69682cf - x-envoy-upstream-service-time: - - '59' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -6124,104 +4611,110 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11102 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11797 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iILjDdDiattxxHBdo+4EyjLA3jooteSw5hBb+++3K - NgZKGErDDF6ttO/PrvTdgWXJZerETgUyhQrSdwLyVA8kL0APdDKHgg9UCRU3Qkk9gFSYAgwfJHMu - M8hVNlhApXEP0imUFWiQpjnrDBxBmoMg8ENcaMhnuJwbU+rY81KYQWJS9VW53ORca8GlK8F4qMN4 - vBRe6Amta/A6BRdwhfIHx5Oj4+FWMELOzDrrxN8djUZrnXADmaquGudSXKFA6IfB0I+G4fg4COPR - ehxtuaP1jT/80PfJR7Jhrkqwal7oI8l7ge9bP5uo20UKOqlESRlB7g7TBc/zAUuFNkImhpUCEmBq - xi5VdeGSdKLkxyp/jhcakroCbyHgki+44dUbLb7BdoFFqou1hrWXbgf+KBi3y2N0dLsPeeBQodHW - MdcXVKP63BAVz3iuYeB0OpzYKrkZOEYgMEosshPLGiNxykp9RfdemL1W2ubOVqPLHS3uFLz39KMU - xqACwlcrTUH9bc9qNTOXvKLAtCjKXCBC0gfRYHItZKLxMho/x902za2xNtOloMTi726eI38TLYfR - MoxerNiW0KJkTbffJ2wFG8tg49dsLTtjLfGEtVG4HIW/Zq0Fp+6IldZubqi/l5+a6YIVOznFCmZZ - BRn29Q8wREypvG7arOEktTaqsCPiDC2Em6s2xj/qaEZHw6XGtOPPiYcBLrnBqdgMnZ/HezPRbmeY - 12irCMyW3FU1xRTQXPpMDCEzJzZVDTftqCJllUiaSL//wCPH8KieqzpP3wpd5vyqbQBko1fmE44L - aoo2GRVgrNR1j81JrEs3Jx9mzV+VzmDVRrhqY9TPEqEqYa5emNxO3LNT+PlzVBQ8A+2RhO6UCGTM - RTZ39SLrh88H5HRTKnRsQs+BxgmB80FY1JePxhusQmIwpsDnXE9KkewLeWEv47dQ0t0sk66OtrqX - du+WI5Wc4NXMz3OYAtcNNqqWcg73P77fOzjb39udHBxNzibT6b9TDANbSGPkeOB4DuwQ56Y0jOwy - oZmS+RXDnhQ5KWVGsb9ExdlhBQX2Las1ota1Xfowii1U6F8L349m32KnuTKwSJjlvqnuNTLmOxOS - 5w8PtS+LNr0W6Tl6180CLGAm4fZ0XVLXPgPJzVvhhRhrhG/vq/vX+8/BrofVnzy5wKdUh6xOeWNr - t33U/JLD3cuoaQ00EnbXq4RL6m6Vq+qg8eY8r2GYVTg3+ueBYm9VU2xVlPjYk6atwlP1u5+cL/Lu - 3w7LKlWX9PJ5J2SKY04zRD47B5CsrPUcUou5vekOfc+BCbkgAwSalOGjleHtAGlMyuahy96Tui/y - lf2+itnJrVohY1Zm8bobuP41pQ4zl6uE53OlTTz2x743a86eWZ+8MNw6RSl2ckTXGA4U9kFdDo16 - XPiUeewk0Ib9V/PKQMUmMsOuKjBHTwgcHP7DdmpsWXaUcLniYJOq62t2BNgL5AjSu58m9vO5+XT1 - oEV7WRJ5LAx2LYna+iOFihjNL3bNTlDHMMROHQYb/ji01glPyQLcQpgKXFVlXpKJ4bmQxCUYuLh+ - Q8T2felTUrgV9Uou7yrBnuSEU4HPNuplbyty56bISarM8J8tC6kI8TeFQhnAoFJgkyVmn2TYkP12 - mA3YWm5es9ANAjdkbC0zr7fZyPVR2G6M3A03Yt1G1G9E7rq72fHXe/66i7o6/kbPJ3K955N3LT9w - N3p+2PPDu+dHPX/kjnp+1POjPoDN3i6Rd/i3dokMf1+BEEzcDt77CxhQ8e1zlz1W6c1Vlf4fAAD/ - /+xY207bQBD9lZGQkJMGR0kKbYPyQIEHpBZVhdKHplKMvUncOrbxJVBR/r1ndtfLOpcWUFr1AYKS - 2LOzOz4ze+ZsHpRp7b2pTD9neTNZBtu9zbzYn7bPvUm/SacgAnW3DKPg5Mi+BZ5Aqphip9bt6jXt - uIaG5XXPfd6QT0lV1Una3dd7PfB380i2aHTPbwmxeAH4f3Ykh98bcK+IH268ozmRn49x8QUfO4/f - iux/ofw32QHuC+mijGKRScVoOhN3X5SM3P73I4GMUQdNdPEqghilJo+PeGo3TNpeMA9zKAzo8d1u - F8JhzIBiA1TqkCXEKJ2MCMqr8NC2PcpU1fpctcJU7VzHFkbcSYupV1DiY6GcrqcQHQU0sHZk/C69 - XFCS0RWOVz8IZ02f912O2f3MG3MA0EzlLCaJDPEjQUVngiCjqbhOKhefch/o4VTBSgRLhf6UsBMh - saPwu4DIHmMVD2GnaRT68rczrXiqgCMBfLBDWaXbo9SjIaYyzr0xyIFF+U5e8hDEl19FejmNTE44 - 4Id+mEAPWMHn7jDuLs8OpxhI5xwMwsO5NIPQx7wGHRZhJgZPI5WJosxiVDK+5WVUMLpWDBi3MgiX - AdzawvkiQT7xf5jEvkiLYTwajYYxH80KuqVDPBm0zh0NMP1VGWbC2d7qvdlPJ/KjUY301bgBQd5q - J4eN8purH43vVA4M1oBGZ8fvjg/PqUMHZ7R9VSbF/hB/cu52U91oUXeFtdkeDmN6wY+ZJ5FwIeed - NEt8HLFcEc8bXzkWqGJ4xO22ch7J5VVIEjwHUbTIEVnWYvQaNGDyoVvMrJ8IcwUc9l1DA0PWjnuf - BCVqBdutfr/6DaVfY2xowzWcDcs61jZOS7xtLEvMbVkWuNuyLLC3ZVngb8uywODGssThlqXO4sDp - g/wFJqhA6uuRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwMkkGl - ZmGQDCqWRYFkUKlZFEhWMQGvKSqJS1Jzej+d7KDUZ2Eu2EtWH3cpfkOPwtWBz/sAhVleYutL9n8f - yqOcJv+mObp03Rv3pk+f5GGeqUfTfJUQcGUES+baTr11TipXK31ervNRSVzps7vOR6V3pc/eOh+V - D+NDDlQZj+C+ZHqbLIGWyndLEq5KMDcZL8oTSlX5usRqwSz6at2iMqG/X1SXA/rT0gJY4mSWen7B - OTtNKJQXhOTPw0AEcsBZIVLZMzKB+0HpCzVY69CP0EOZALXnj2n60jFN+HjN4sXxglkYN8hp/Jx5 - YVQkfSNBVirZZxVr7Web/x6gYjtPVbEdqWI7/0LFbuZ0W5XQX1exnf9Ixf4CAAD//xptxY7gViwA - AAD//+xaXWuDMBT9L4M+Rk38qg+lK2yDvfW5b2liNxhWMUr//u410RlbO9ig+BDwQbw3yfVqjkfO - uYo6FjumZRZyW6zMwm6LlVnobbEyC78tVmYhuMXKLAy3WNkYxR2L7fvlWGw/xrHY7nVYDoulZuAv - LPZaaadzSjuN+gCKcE3NxVfnFkD9f5oaz8wRzAbm1OtgUK/7W51LHHwV00B2UwWeqoe8abj4RBlN - K42qLQqOMujTTWUPG4dehrL+o1CKtGPLhUAHxrvcxCcehZIe11EQH6HqNM0oYwmuMyTBCnfScnyq - OylhDQWZPzUgzqAv5rm8cFUhR8VJ75qTtKHG+6h1Gnz7C1+f+jFlNMppkIdMZokIRZxSsY6lDHhy - ovl6KzfdLKtwt2JvcOhxpOBnI1MSoi8pr1XkAh0hzMO33tNIhy0jFecKOwbjOz4OuwpOX/Yk8aoz - 1j91PS2/4ql3avkVT/1XS68YgEhqC5KxFoz/I/fGOIj7CbUtbXPSYHYAoIX017Yuq9w/AMwI9N2Y - jYd+P4gOOxnXMc5F40qoDcw6KHj8Q3dQ8IiK/wsF3wAAAP//oreL6VgUwFsVQCemQ3JcNWipMJRt - ADQ3vyQxB8jCbCgZABtbStW1SpgSuJY1GuBa1mgAX9aILgFvtwG71JlF+XmQNg5EKKUUum4dwiXG - C2XAti+5y9nQ16NCzIKbCbQoI7E4LB+8rg62iBSYtCAuroYxoaUu2faDV/jrw8zVUcpNrAiCDLug - +BW8Iq6oxLEE4m/QwlzQqjmQz+HiqJqNUHRDNYBdW1tbCwAAAP//AwC745nv/jAAAA== - headers: - ATL-TraceId: - - e96a0133519e49ae - Connection: - - keep-alive + H4sIAAAAAAAAA7xW60/cRhD/V1b+EFXpnV/34HAUVZRcElpKKZDkA0FosefsDfauu7u+Oxryv3fG + j3NyhChQNZyE7Zmd929m56MD65LLxIkcDTIBDclLAXliBpIXYAYmzqDgA1WC5lYoaQaQCFuA5YM4 + 4zKFXKWDJWiDPEhOoNRgQNr2bFwZq4oFKbwMfD/wXQ1/V2Ds2U0Jx5rHVsTgDBxB9oNgZ3cHPwzk + C/zMrC1N5HkJLCC2ifqgXG5zbozg0pVgPbRkPV4KL/SEMRV4nYJruEH5o7P56dkwGE92kVS7YJzo + o2PQt8rE3EKq9E0TQ4JfKBH6YTj0Z8Ng98z3ozCI/Kk72gl/9kPfJyfJiEXHazWPdJLkPUyFH27C + bj8SMLEWJSUOqXvMFDzPBywRxgoZW1YKiIGpBVspfe2SdKzkG50/0ItKCioXzy/5kluuvaWAlVe7 + 1TvYsgJ/FMx+MeIfeF5g2asCrRIs0OQZN9dUq+rK0lu04LmBgdMIHmBctezAyQQCR8fZzSEsAX31 + Pw0cKxBZJaLEiWSFMTpbMBn5HaPU6gNG9MiEt9J1uusCdummj89A0kf1RgprUYFxNrYJqb/XZ41a + 2BXXhFcjijIX6HCyFTnWo0bZeLYezx7o7jcq00WyqcvYJ6CH43U4/n+tNNWvsYgGg+k6mP4Ig+vO + 4ihcj8IfYbEF+KdPd+EY3IfTsGMsxPptMwOx+ucXiIY01ZDiWLmDdfRT5VXT5V/VGu7cx5jdx9i9 + q7wZaQ2VBkY9vZ1oGLRzjNKlRdz48fEOjUCMmTCZqvLkhTBlzm9aqCMZ827fYk4J/q0JbvGiaAbs + wxu1Gd/9wPYadZrasH7dVxVlsHb+HRGETJ3I6oq8iTVgsNTbdwf4xN3d8bsBvp22zZjZZtxX8HBT + 8G3GqJ9YQmlhbx6ZiU7cq6+H7x/wouApGI8kTKdEICETaeaaZdqPuNdI6WZh6NTFvAIaWgTb7ft6 + ek+8wX0YDWYUeMbNvBTxoZDXL4nzAkraLWTcYahG1qrmbShSyTmuFvwqhxPgpsGlbt+c48M3rw6O + Lg8P9udHp/PL+cnJnycYBjaXwcjxwFkG7Bins7SM7DJhmJL5DcNOFzkpZVax34Tm7FhDga3OKoMI + c7/W8QE2lOPfCt+fFTJyttoZc5sKyXOsGqa9bzPibdPazahNb43zHL3rpgQWMJWwOV2V1LbfgeRm + iXkkxhrhza345d7xMNj1sPqVx9e4CnbI6pQ3tvbbbes/OdytbE1roJGwu8QlrKi7Va70UePNVV7B + MNU4s/qFRbEXqim2KkpcVqVtq/Ctmn6ZnPfy898eS7WqSlrJXgqZ4EgyDJHPrgAkKyuTQVJj7uBk + j55XwIRckgECUsJw6WZ4b0ASkbIsdNkrUvdePq2fTyN2vlErZMTKNJq4gevfUuowc7mKeZ4pY6OZ + P/O9RXP2svYJV+ELFGLnpxBXNE/Ya7UaWvV12QvmsfPAWPZXxbUFzeYyxaYqMEXfEDg6/oPtVdix + 7DTm8p6DTaZub9kprn+1I/i+/3ZeP941j64c9NHeovR6Jiw2LYnW5cc3VMRofLFbdo46hiE26jCY + +rOwtk5wksvElbgxu6laessqlwgwiwPA+/L8BanYHW/E4hW4hbAaXKVTD5uQEzAFboPUvN7u2M1s + kZNUmeK/ug6kIsS/EyiUBQwjATZfY75Jhg3ZT8fpgD3J7TMWukHghow9Se2z52zk+ihcM0bu1B2z + jjHuGWN34u509ElPn7ioq6NPezq9Tno6edfSA3fa08OeHvbn/wUAAP//7FhdT9swFP0rV0JCadam + okCLOvUBAQ+TBprWbS/rpIbU0GxpUuKkMDH++861HdehLYiOhz0AqKS+vvb1uV/HwSVnOb4f7C/H + D5bjB8sD9Jb78qMzbvflx05jQ0wAuGOQjIVosrsVi6Z1vu290Ldm/mv59s2vr+NXFLQq+fu+8jGP + kX9aCjpFJcTgUMyLgPZ6TeK+R/UyW/1O9wJbZ9X3/eAtAbdxVNUq2p2jIxRo/1S1YHTHnxkxOYFD + ntUjDx+Nda592rHko+pD8B3/WlskKXZEtqsF/q0B1GPLH2ZlHgnEVyJ8brUtXBRnsRQM7PzamXi6 + JAQ+GrfdFsEnTa8N4qwdThaxBKkABT/sdMAVrhhjJERFCJk1jOfXYwLZgn0phZTrOI44joWNYz6D + yMPLOOHuWUzDgrIIG0m6nYJnFKC9RpFRuwyloCynG9zmfhMunhHnocTqUR5esQGgSeUsJWZFgco0 + EOdcEJgzFbdZpRKRjEQa4iLB5ANbxdGU0OrBqpP4lwCvvsIuIcyez5M4Uq/7DMmpDE4E8EHOMjF3 + Z+mjwaYyleEVigXz8JYseQrskzeJ2c4gI2kWQjnOwAEc42UwSjurq0MpBdKSjYF5uDbm4PZY16LD + vMvaEBqkclGUeYrgxpMsk4LRdWzAvLVGBAzgzg6uFBn8ib+TLI0Q86N0PB6PUr6NFXRPJzgZ+M0D + DYjff8a58HZ37jo9hJb+36jmRnrmgMBpjZrHQvUUmMPxSKXAcA1oPDz7eHbyhfboeEi7N2VWvB/h + Ry/e9vUIknCd2G+PkJfv+KgyS0QAFu8h+iPcrAKRLho/2BqQYaik7bbWHisDtFEKQA92NMkTed5k + BBs04Myhe6xszoS1Jmz4Q8OAQ99soNB5NikRL8Sp5o5XL1X6tToOTrihkkOyqZZbpZVqbiUr9dyR + PKrojuRRTXckj6q6I3lU161kpbI7knptB06f1EuSSQVS38w0IBlUsJ4DF2NkMOGNXLgYIwOKEVVw + MUYWFEdS9bwKlZqIQbKo1CQMkkWlJmGQLCo1CYNkUXEkGiSLSk2iQXKCCXhNEUkcki1N8/qrhZ5v + JX3+QHfCt+OI8wCBWV4i/U0POI/VHc60AN9eWjrBXXDXp6/qFs8FyBT7yiWomAkkeeAq7W9S0t5a + q3OwSUe7ca3O4SYd7eC1Ot1NOtojVoc8uuAOpLqT7XAqCJra401VdrWLudWEicxorgM4ICYSdtPe + pk2VS5/e1AQEutTKBsZ3H2bzMCrYbxcZxeoLIQQW8URMlm0eEz+DFeUC1Vy+pM8b1XnG92imKV44 + mcVpg7zGnxloSJH1LfVYS2jfyKyTwG7Be57Mdrcks10ms93/gcxue+N1A/flZPYvAAAA//8irTFr + ONqYHU6NWQAAAAD//+yay2rDMBBF/6WQpVzLtmxnEdJAW+gu6+wUSWmh+IEf5Pc7Y8mqpdYpdFEM + NWQR4pE1GaObG+5ZzexqZh1z5mi6Y84cVXfMmaPrjjlzlN0xZ1NtX83sOK/VzK5mdhlmltqlP5jZ + r8E6nQvWaTLNSruGi/chyEfUwC9lM/cIZy/MhdWhDavHLztXaAELJ+/1M0F/laUveNdx8YaxmQ4W + 274oOKaed98GeTg4RBeq5pe5KHqNPRcC4YgXuWMXnsSSnvMkZGdoLMu2NIpS3McWwQ43yhQ+1YOU + sEcLlZ89oLAgN/NQXXlbo63Fm94knoZZq+C10WXwc1+M1A2jEU0UDVUcyW0qYsEyKnImZcjTC1X5 + Xu6Gu2ziwyZ6hpdeRwpemliSEP1RG/QtucJESBRAizLQ0oYjIzXnLU4M1g/WGw4RvH08kjSoS+zf + p6eW37GPXy2/Yx/fWnrHIERS006GJJj+nzwaGhHPE+ZcmkDSYnaqSix/6puqVvcnkBmBmI05eAgR + wlV7knEfg04aCKExMrtKwd8/9H8qBR8AAAD//6Kzi0eLApxFAby5AXRiOiTHVYPWH0PZBkBz80sS + oaun0ZsfuBYrGuBarGgAX6yILgFvngG7yplF+XmQpgxEKKUUukwewiXKpfm5EBOqYUxoYUdGAYe0 + wl8fZq6OUm5iRRBkiAPFbvC6s6ISxxKIO8qALWtyF8thLE2FGAY3FGhXRmJxWD542R5sfSxowS1o + MRzISrhDUF1rhOJcqAZw8NTW1gIAAAD//wMAszD1jJUxAAA= + headers: + Atl-Traceid: + - 940b5d91dde87758 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:20 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9855cec3-5e87-49e3-9901-e036bd445dc1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '268' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 46562ae7-2d90-4474-8fd9-43f9cd20e117 - x-envoy-upstream-service-time: - - '107' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml index f8532dacaff..8efe1b00358 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1p0k2W3EQPKrIK7Z5EJGkmWEmT0qbCsux/N8HFj9vwzvPM - y5yIVgseZkckeY9xWuRmY9BiH034CJWKTi3LoHzlMZKCfOK8DMEnuAaoK6igbPfXz+3dU/e73a+j - ThORLxkqoIDXghicXDiO6GN3nDAduHFhNUnS6+DMt0JkFrbiEt6qmEEKtC6hKano6kZCLVlTAcAV - UIDkLzin3m4Y/7G7rqaScUl5xdjuh+3He29DAgXdCb61WvUMmUIOveWCa6OVANsDqKYRQiP7UxBd - bngYZkXyO1atLj6GXuX4RNxlIujfDi05n78AAAD//wMAjoWy/loBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtE1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8IWMVoYwSFc4HSGDTz2HwbsEE0RSYIH5bnvzsrt/bn+322Xs + 0gTidYUyzPCQgdKT9cdRu9geJ50O3Fq/qCR1y2DVtwIiCRTrS3gn4wpSpDTHJie8xUYgF7QuEPEq + kZj8oOfU2w7jP/a6RRSUiJIltvlh+/HBGZ9AVhFuSmNMyRtKGZYNYlVLykgvUbGe80pjyf4WRLs2 + PA6zhPUdIxcbn3wv1/gE9jKBdm/7HZzPXwAAAP//AwBUXMlVWgEAAA== headers: - ATL-TraceId: - - 3efa7717422dbd4b - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 96167b8ff74487a6 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c862566f-b146-407d-a37d-e7d0eb050f51 - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - c968531d1067128f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 95a30a99-de4e-444d-9c8d-023c8f349523 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '111' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c4152626-75c0-4944-bfb2-704ef0f26972 - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,159 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - a3ab448c2d7f49a3 - Connection: - - keep-alive + Atl-Traceid: + - 41ed6cf14fe4fb50 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:36 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ba58dac6-2c9e-4ee6-9e64-28cc41b99ca6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 406542e9-e12e-465d-a39b-903295c9f873 - x-envoy-upstream-service-time: - - '112' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/232] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2868]\n*Defect - Dojo link:* http://localhost:8080/finding/2868 (2868)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2866]\n*Defect Dojo link:* http://localhost:8080/finding/2866 - (2866)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || - >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || - >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 - < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 - < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/290]\n*Defect Dojo link:* http://localhost:8080/finding/290 + (290)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/289]\n*Defect + Dojo link:* http://localhost:8080/finding/289 (289)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -352,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '3308' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11104","key":"NTEST-915","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11104"}' + string: '{"id":"11799","key":"NTEST-1461","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11799"}' headers: - ATL-TraceId: - - 315b88699800498e - Connection: - - keep-alive + Atl-Traceid: + - 15190b377f1920d4 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2d6284ad-291b-409c-b988-3e55729b6db1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '679' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f0ecb2f2-23fe-4ebb-99bb-5c7de1967f85 - x-envoy-upstream-service-time: - - '534' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -408,109 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-915 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1461 response: body: string: !!binary | - H4sIAAAAAAAAA6RW61PbOBD/VzT+wNz1Er9iQnCH6XA0ben1OC7Q9gNlGGFvHBVb8kgyCVf6v9+u - H5hHw1AaZrC00r5/u9pvDqxKLlMndjTIFDSkbwTkqRlIXoAZmGQBBR+oEjS3QkkzgFTYAiwfJAsu - M8hVNrgEbfAM0hmUGgxI29x1Bo4gyUEQ+BFuDORz3C6sLU3seSnMIbGp+qpcbnNujODSlWA9lGE9 - Xgov9IQxFXidgAu4Qv6D4+nR8XA72ETKvDbWib85BpVWJuEWMqWvGuNS3CFD6IfB0I+G4eQ4COPR - OA633NHm+A8/9H2ykXTYqxJqMc+0kfi9wPf98MbrdpOCSbQoKSJI3WWm4Hk+YKkwVsjEslJAAkzN - 2VLpC5e4EyU/6vwpVhhIKg3epYAlv+SW61dG/Ac7BSapKjYa0n66E/ijYNJuj9HQnd7lgUOJRl3H - 3FxQjqpzS6t4znMDA6eT4cS1kO8DxwoERolJdmJZoSdOqdVXNO+Z0Wu569jV2ehiR5tbCe8t/SiF - tSiA8NVyk1N/1XeNmtsl1+SYEUWZC0RIes8bDG4NmWiyiiZPMbcNc6usjXQpKLD4ux3nyN9CzWG0 - CqNnC65TWKNkw7TfR3QF41Uw/jVdq05Zu3hE2yhcjcJf09aC03SLtdq+f6f6Xn1qugtm7OQUM5hl - GjKs6wcwREypvGrKrKEklbGqqFvEGWoIt9YdTB7KaFpHQ6XCrNufEw+Dtl8QgrVIGnXfHtAIX2i+ - WagqT18LU+b8qkUhkjFQ9hPWLCGzVcEtdtqmkf18DTVd8qYveo00TQVSL/dURXGqbf9MBCEzJ7a6 - ImMSDegrVd3DPjl2t7eDrk/ej5q/LpzBuoOwbxlCaWGvnulvx+7Vzfbp7VIUPAPjEYfphAgkLES2 - cM1l1veYd0jpmlHoUJTuuTLqXMn5OVA7IXDeu0R1+cNABOuQGEwoIgtupqVIPgh5UT/Gr6Gkt1km - HYRqYC3rsxuKVHKKTzM/z2EG3DSw1O3KOfzw8e3+wdmH/b3pwdH0bDqb/TND/7CEDIYELxwvgB1i - 35SWkV4mDFMyv2JYkyInocwq9l5ozg41FFi3rDKIMLeu0vtebKNA/1r4fpTNY6d5MjB7GP6+qO4U - MiYiE5Ln9y+1k0Ub3hrmOVrX9QLMbCbh5nZVUtU+AcnNrPBM8DXMN+/V3ef95/DY4+1PnlzgKNVB - rhPe6Nprh5pfMribjJqaQSVh97xKWFJ1q1zpg8aa87yCYaaxZfXjgWKvVZNsVZQ47EnbZuGx/N0N - zhd5+2+XZVpVJU0+b4RMsSUZhshn5wCSlZVZQFpjbn+2S99zYEJekgICTcpwaGX4OkAak7BF6LK3 - JO6LfFF/X8Ts5EaskDErs3jTDVz/mkKHkctVwvOFMjae+BPfmzd3z2qbvHAUniIXOzmiZww7DXun - lkOrfsx8yjx2EhjL/q24tqDZVGZYVQXG6BGGg8O/2W6FJcuOEi7XXGxCdX3NjgBrgQzB9d6naf35 - 3Hy6fNCmfSxpeSwsVi2x1vnHFQpi1NjYNTtBGcMQK3UYjP1JWGsnPCWX4BbCanCVzrwkE8NzIYlK - MHBx/4oWO3e5T0ngdtQLWd4WgjXJCacCxzaqZW87che2yImrzPBfnRYSEeJvBoWygE6lwKYrjD7x - sCH77TAbsI3cvmShGwRuyNhGZl/usJHrI3N9MHLHbsS6g6g/iNxNd6ujb/b0TRdldfRxT6flZk8n - 61p64I57etjTw9v3Rz195I56etTTo96BrV4vLW/Rb/TSMvx9DUIwcLs4clzCgJJfj7vsR5neWpfp - /wEAAP//7FjbTttAEP2VkZCQkwZHhJLSoDxQ4AGpoKpQ+tBUirE3iVvHNr4EKsq/98zuelnn0gJK - qz5AUBJ7dnbHZ2bPnM2jMq2915XplyyvJ8tgu3eZF/uT9oU37jXpDESg7pZhFJwc2bfAE0gVU+zE - ul29JtuuoWF5veO+bMjnpKrqJO3OXncP/N08ki0a3fNbQixeAP6fHcnh9wbcK+KHG+9oTuTnY1x8 - wcfW07ci+18q/3V2gIdCuiyjWGRSMZrOxN0XJSO3/8NIIGPUQRNdvIogRqnJ4yOe2g2TthfMwhwK - A0J9t9OBcBgxoNgAlTpkCTFMx0OC8io8tG2PMlW1PletMFU707GFEXfSYuIVlPhYKKebCURHAQ2s - HRm/Ky8XlGR0jZPdD8JZ0+d9l2N2P/NGHAA0UzmNSSJD/EhQ0ZkgyGgqbpLKxafcB3o4brASwVKh - PyHsREjsKPwuILJHWMVD2Gkahb787UwrnirgSAAf7FBW6fYo9WiIqYxzbwRyYFG+lZc8BPHl15Fe - TiOTEw74oR8m0ANW8Lk7iDuLs8MpBtI5B4PwcIbMIPQxr0GHRZiJwdNIZaIosxiVjG95GRWMrhUD - xi0NwmUANzZwvkiQT/wfJrEv0mIQD4fDQcxntoLu6BBPBq1zT31Mf12GmXA2N3be7qdj+dGoRvpq - XJ8gb7WTw0b5zdWPxncqBwarT8Pz4/fHhxe0TQfntHldJsX+AH9y7nZT3WhRZ4m12R4MYnrFj5kn - kXAh5500S3wcsVwRzxpfORaoYnjE7bZyHsrlVUgSPAdRtMgRWdZi9BrUZ/KhO8ysnwhzBRz2fUMD - Q9aOO02CErWC7Va/X/2G0qsxNrThCs6GZRVrG6cF3jaWBea2LHPcbVnm2NuyzPG3ZZljcGNZ4HDL - Umdx4PRB/loSVCD19EgNkkYF81lwMUYaE17Ihosx0qBoUwUXY2RAsSxVd6tQqZkYJINKzcIgGVRq - FgbJoFKzMEgGFcuiQDKo1CwKJKuYgNcElcQlqTm9l463UOrTMBfsJauPuxS/oUfh6sDnfYDCLK+w - 9SX7n4byKKfJv2mOLh331r3t0Sd5mGfq0TRfJQRcGcGSubbTzionlaulPq9X+agkLvXZXeWj0rvU - p7vKR+XD+JADVcYjuC+Z3iZLoKXy3ZKEqxLMTcaL8oRSVb4usVowi75ZtahM6O8X1eWA/rSwAJY4 - maaeX3DOzhIK5QUh+bMwEIEccF6IVPaMTOB+UPpCDdY69CP0UCZA7flTmr50TBM+XrN4cbxgGsYN - cho/p14YFUnPSJClSvZFxVr72ea/R6jY7nNVbFeq2O6/ULHrOd1WJfTXVez2f6RifwEAAP//Gm3F - juBWLAAAAP//7Fpda4MwFP0vgz5GTfyqD6UrbIO99blvaWI3GFYxSv/+7jXRGVs72KD4EPBBvDfJ - 9WqOR865ijoWO6ZlFnJbrMzCbouVWehtsTILvy1WZiG4xcosDLdY2RjFHYvt++VYbD/GsdjudVgO - i6Vm4C8s9lppp3NKO436AIpwTc3FV6fso/VgmhrPzBHMBgb1ur+jucQ5NTsYfBXTQHZTBZ6qh7xp - uPhEGU0rjaotCo4y6NNNZQ8bh16Gsv6jUIq0Y8uFQLfEu9zEJx6Fkh7XURAfoeo0zShjCa4zJMEK - d9JyfKo7KWENBZk/NSDOoC/mubxwVSFHxUnvmpO0ocb7qHUafPsLX5/6MWU0ymmQh0xmiQhFnFKx - jqUMeHKi+XorN90sq3C3Ym9w6HGk4GcjUxKiLymvVeQCHSHMw7fe00iHLSMV5wo7BuM7Pg67Ck5f - 9iTxqjPWP3U9Lb/iqXdq+RVP/VdLrxiASGr3k7EWjP8j98Y4iPsJtS1tSdJgdgCghfTXti6r3D8A - /gg05JiNh34/iA47GdcxzkXjSqgNzDooePxDd1DwiIr/CwXfAAAA//+it4vpWBTAWxVAJ6ZDclw1 - aKkwlG0ANDe/JDEHyMJsKBkAG1tK1bVKmBK4ljUawJc1okvAFwmiS8DbbcAudWZRfh6kjQMRSimF - rluHcInyQn4uxIRqGBNaCpJR8iGtuNeHmaujlJtYEQQZBkGxG7xCrajEsQTijjJgG5zcZXXoa1gh - ZsHNBFqVkVgclg9e3wdbRwtamAtaNQeyEe4OVMcaobgWqgEcOrW1tQAAAAD//wMA40iVbv4wAAA= + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dNqU4iVHltnJdFxbSdy6risryYPj8cDkikRNASwA6mjs/95d + HlJ8KBO709gPJAHs/e2H1ScHliWXqRM7GmQKGtLXAorUuJLPwLgmyWHGXVWC5lYoaVxIhZ2B5W6S + c5lBoTJ3DtrgHqRjKDUYkLY9m1TGqtmUFF6GQRAGnoa/KzB2sirhVPPEigQc1xFkPwx39/bww0Ax + xc/c2tLEvp/CFBKbqr+Ux23BjRFcehKsj5asz0vhR74wpgK/U3ANK5Q/mYzOJr1wZxDiUu2CceJP + jkHfKpNwC5nSqyaGFL9QIgqiqBcMe+HeJAjiKIz7u14YDH8MoiAgJ8mIRcdrNc90kuR9TEUQrcNu + P1IwiRYlJQ5X95mZ8aJwWSqMFTKxrBSQAFNTtlD62iPpRMl3uniiF5UUVC5eXPI5t1z7cwELv3Zr + 42C7FQb9cPizEf/AqxmWvZqhVYIFmpxwc021qq4svcVTXhhwnUbwCOOqZV0nFwgcneSrY5gD+hrc + uo4ViKwSUeLEssIYnXsw6QfbNsJuo9TqLwz1mZVopes61JXt6kAfn6FnE+47KaxFBcZZ2yYI/1af + NWpqF1wTkI2YlYVAh9N7KcFC1fDbGS53hk909wsl6yJZF2wn2EU3op1ltPP/WmlgUYMUDYaDZTj4 + FgaXncV+tOxH38Jii/zb24dwjDo4TsXyfcOBWOTzCyx6lmnIkFYeYB3dUUXVdPmjII92t20Mt23s + PVTeUFqzSoRRs7cT90LXweTY9xg4YbQ9wC3SfEOPT++mhnw3dOs36jT1Sv16oCqKPyQK/UALQmZO + bHUFty2rkjYtkiYrnx6skWd41OSqKtJDYcqCr9r+oqpowGCphR8S+MAbvNztCPx+2rbRTLSmmfsb + 64Lf3+hviEkoLezqmbnsxP36evh6ghcznoHxScJ0SgQu5CLLPTPPNkz2Flc6youcW4LDFRA3EWzv + 39eDLfGG2zAaDinwnJtRKZJjIa9f084hlDRbyKSrWl3LRb23XpFKjnC04FcFjIGbBgm6fXNOj9+9 + OTq5PD46GJ2cjS5H4/EfYwwDm8tg5HhgkgM7RRKWlpFdJgxTslgxbGhRkFJmFftVaM5ONcywo1ll + EKPeY40dYkM5wY0IgqHsx05zY2GRMMubrrrT4pjvTEhe3D/UTkZtemtcF+hdxxJYwEzC+nRVUtt+ + BZKbIeaZGGuE15ff3bnjabDbwOoXnlzjKNghq1Pe2Dpop63/5HA3sjWtgUai7q6WsKDuVoXSJ403 + V0UFvUwjS2wGFsUOVVNsNStxWJW2rcKX6nc3OR/l5//7LNOqKmkkey1kiqRmGCKfXQFIVlYmh7TG + 3NF4n55XwISckwECTcpw6GZ4b0Aak7I88tgbUvdRvqifL2J2vlYrZMwkRm8Ft0rHgffS699QCjGD + hUp4kStj42EwDPxpI3NZ++aH/QsUZudnkFTEK+ytWvSselz2gvnsPDSW/VlxbUGzkcywuWaYqi8I + nJz+zvYr7Fx2lnC55WCTsZsbdoZjYO0Ivh+8H9WPD82jKwt9tLcpvU6ExeYl0RoG+IaKGNEYu2Hn + qKMXYcP2cN6Mwto6wUrOU0/i5Oxlau7Pq0Ii0CwSgX/3/AWp6AfBWi5ZgDcTVoOndOZjN3JCqMDp + j7rYx6NebmcFyW3qgR91RUhZhH9jyKqCY/qW9GuojuMQpOAFQeUM9Bx/9LAe+/5krcFl3xX2p1eo + ZuAFP2zJIarfx+twDi6lpx4y2WO5GGBsL/t7X52LfwEAAP//7FnbbtpAEP2VVaVUgGKDjQGbKkqR + aKRITYUatQ/pC4t3AVeALV/ISz6+Z9Zrc0mAliiISlEiwN4Z7+xczu4Za3nlC+fvfeEc9MVp/YDC + KZKrW1M+oXus1s8k66PicPNeRqnJrM4lI3xlm+Vc/E0ts6xndd003zKsRcHWbY/KpNZXgAis+h0y + 2ipg9kE9VsFH9SUH7F8+q6H2MPALX8ZRZYA5kUXqEa8rxM0Y1O7DLIY3b4KZBBDK3OMfJ+kn7vtY + hfq5Sro1xf4KsGsA1tKMEEiuMdAMwjoXyyAB6EvaBzvA8jF5HYlUbNgU0+FqhiHD0YKR/aCz+jAR + 63zQ1lE+iDIfEp0PPE2xMyaX7HEa+FOGE+1kAmTNAHUs4phrMWGcgSH4UMRxxY/5mOwY9tRCja98 + MckAwkM2lVxAc8mxt5n5atnPlUF3ochmcn2b2Bwv+El3PSchMlCHdVGMY3hSDFubT4DkFOq4iSxX + Rd49HBhC9y59UH7hkpaV4ClRNpoFvg7aXaA2RR2zH+oURB7WwciNYQCXGQZivXjo3c4j7qek8y1k + gbpgIHLLQEixkU7fUVQ4GmLqf0kKrRqFtBlSjle4mAeLKqtUn+bI4TTslnn7Imq8NWK43nGI4XpA + DNd7LWIctVk8Q4xjt6v1AJ8aMdrviHECxHD+L8Rol6oHEON5K8La1YqwnF0DrWKA6EsaI2VUV4X6 + JFuijVJ0e6Ck98WadgnuovuNXS2pRtmS2qDJ2/RK5fqUCEZOxZJsPufEEz/spT7kQGr6hPGRjJKo + /zXyjxpTt+KqNeZOU1gj12m0RrC+0/Es224TgS2FMMMeMUnR7QlBuQ3JlQ2Gbix+Dh95EhE40kP3 + toRVMKQJ+qrETPDVoi3ZsmzLkVZDNm3htf2m3+pYvtsSosHbY0u61+JKPeWi2buwb/Cf6xlzvtBE + zjDyW4mZJcYjPGLYJkwUZl5e5DIj4jwhj0FfATifJfjZHxhtM1qQ/dvt5fO3eLs/ff4Wb/e3z91i + 4I7IO7O6B7N+LBno1zVUT8Tc8u5vjl0PIP0Q/5LFYSTrD8AhnxqUuvDoLQtGy0qmefRLJ92+iTXc + vkPBkUH/AwAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMBbF0AnpkNyXDVoghbKNgCam1+SCJ13 + Rm+j4JrmMcA1zWMAn+ZBl4A301LzyjKL8vMgTRroGHIpdIEBhEuUS/NzISZUw5jQwo6MAg5pbYQ+ + zFwdpdzEiqDU4tIckMFIdoNH7ItKHEsg7ijLL6HetCDEMLihQLsyEovD8sETHrC5PNBUJWgaAWQl + 3CGorjVCcS5UAzh4amtrAQAAAP//AwC8eKi4zyIAAA== headers: - ATL-TraceId: - - ded4842c2081c44b - Connection: - - keep-alive + Atl-Traceid: + - 52ebc535afd3ff7d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b7e496ac-b934-4079-933b-470345d86f0f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - de18b075-2487-4934-8ea1-40c4b36b9356 - x-envoy-upstream-service-time: - - '155' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -520,109 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11104 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11799 response: body: string: !!binary | - H4sIAAAAAAAAA6RW61PbOBD/VzT+wNz1Er9iQnCH6XA0ben1OC7Q9gNlGGFvHBVb8kgyCVf6v9+u - H5hHw1AaZvBqpX3/dqVvDqxKLlMndjTIFDSkbwTkqRlIXoAZmGQBBR+oEjS3QkkzgFTYAiwfJAsu - M8hVNrgEbXAP0hmUGgxI25x1Bo4gzUEQ+BEuDORzXC6sLU3seSnMIbGp+qpcbnNujODSlWA91GE9 - Xgov9IQxFXidggu4QvmD4+nR8XA72ETOvHbWib85Bo1WJuEWMqWvGudSXKFA6IfB0I+G4eQ4COPR - OA633NHm+A8/9H3ykWzYqxJqNc/0keS9wPf98CbqdpGCSbQoKSPI3WWm4Hk+YKkwVsjEslJAAkzN - 2VLpC5ekEyU/6vwpXhhIKg3epYAlv+SW61dG/Ac7BRapKjYa1n66E/ijYNIuj9HRnT7kgUOFRlvH - 3FxQjapzS1Q857mBgdPpcOJayfeBYwUCo8QiO7GsMBKn1OoruvfM7LXSde7qanS5o8WtgveefpTC - WlRA+GqlKai/6rNGze2SawrMiKLMBSIkvRcNJreGTDRZRZOnuNumuTXWZroUlFj83c5z5G+h5TBa - hdGzFdclrFGyYdrvI7aC8SoY/5qtVWesJR6xNgpXo/DXrLXgNB2x1tr379Tfq0/NdMGKnZxiBbNM - Q4Z9/QCGiCmVV02bNZykMlYV9Yg4Qwvh1rqNyUMdzehouNSY9fhz4mGAS25xKjZD5+fx3ky0mxnm - Ndo0gbkm91RFMQU0lz4TQ8jMia2uANOBOu0nbHaCdONbrY7Ua5E0sX97wCNXUdgsVJWnr4Upc37V - tgSyEw0YK3Xdwzk5dre3g25O3s+avy6dwbqNcN3GqJ8lQmlhr56Z3E7cq6fw0+eoKHgGxiMJ0ykR - yFiIbOGay6wfPu+Q002p0KlLcg40Tgic98KivvxhvME6JAYTCnzBzbQUyQchL+rL+DWUdDfLpKta - XctlvXfDkUpO8Wrm5znMgJsGCbqlnMMPH9/uH5x92N+bHhxNz6az2T8zDANbyGDkeOB4AewQ56a0 - jOwyYZiS+RXDnhQ5KWVWsfdCc3aoocC+ZZVB1Lp1l96PYhsV+tfC96NsHjvNlYFFwiz3TXWnkTHf - mZA8v3+ofVm06a1xnaN33SzAAmYSbk5XJXXtE5DcvBWeibFG+Oa+unu9/xzselj9yZMLfEp1yOqU - N7b22kfNLzncvYya1kAjYXe9SlhSd6tc6YPGm/O8gmGmcUr0zwPFXqum2Koo8bEnbVuFx+p3Nzlf - 5O2/XZZpVZX08nkjZIpjzjBEPjsHkKyszALSGnP7s136ngMT8pIMEGhSho9WhrcDpDEpW4Que0vq - vsgX9fdFzE5u1AoZszKLN93A9a8pdZi5XCU8Xyhj44k/8b15c/as9skLR+EpSrGTI7rGcKCwd2o5 - tOrHwqfMYyeBsezfimsLmk1lhl1VYI4eETg4/JvtVtiy7Cjhcs3BJlXX1+wIsBfIEaT3Pk3rz+fm - 09WDFu1lSeSxsNi1JFrXHylUxGh+sWt2gjqGIXbqMBj7k7C2TnhKLsEthNXgKp15SSaG50ISl2Dg - 4voVETt3pU9J4XbUK1neVoI9yQmnAp9t1MveduQubJGTVJnhv7ospCLE3wwKZQGDSoFNV5h9kmFD - 9tthNmAbuX3JQjcI3JCxjcy+3GEj10fhemPkjt2IdRtRvxG5m+5Wx9/s+Zsu6ur4455P5GbPJ+9a - fuCOe37Y88Pb50c9f+SOen7U86M+gK3eLpG3+Dd2iQx/X4MQTNwu3vKXMKDi189d9qNKb62r9P8A - AAD//+xY207bQBD9lZGQkJMGR4SS0qA8UOABqaCqUPrQVIqxN4lbxza+BCrKv/fM7npZ59ICSqs+ - QFASe3Z2x2dmz5zNozKtvdeV6ZcsryfLYLt3mRf7k/aFN+416QxEoO6WYRScHNm3wBNIFVPsxLpd - vSbbrqFheb3jvmzI56Sq6iTtzl53D/zdPJItGt3zW0IsXgD+nx3J4fcG3CvihxvvaE7k52NcfMHH - 1tO3IvtfKv91doCHQroso1hkUjGazsTdFyUjt//DSCBj1EETXbyKIEapyeMjntoNk7YXzMIcCgN6 - fLfTgXAYMaDYAJU6ZAkxTMdDgvIqPLRtjzJVtT5XrTBVO9OxhRF30mLiFZT4WCinmwlERwENrB0Z - vysvF5RkdI3D1A/CWdPnfZdjdj/zRhwANFM5jUkiQ/xIUNGZIMhoKm6SysWn3Ad6OFWwEsFSoT8h - 7ERI7Cj8LiCyR1jFQ9hpGoW+/O1MK54q4EgAH+xQVun2KPVoiKmMc28EcmBRvpWXPATx5deRXk4j - kxMO+KEfJtADVvC5O4g7i7PDKQbSOQeD8HAuzSD0Ma9Bh0WYicHTSGWiKLMYlYxveRkVjK4VA8Yt - DcJlADc2cL5IkE/8HyaxL9JiEA+Hw0HMR7OC7ugQTwatc099TH9dhplwNjd23u6nY/nRqEb6alyf - IG+1k8NG+c3Vj8Z3KgcGq0/D8+P3x4cXtE0H57R5XSbF/gB/cu52U91oUWeJtdkeDGJ6xY+ZJ5Fw - IeedNEt8HLFcEc8aXzkWqGJ4xO22ch7K5VVIEjwHUbTIEVnWYvQa1GfyoTvMrJ8IcwUc9n1DA0PW - jjtNghK1gu1Wv1/9htKrMTa04QrOhmUVaxunBd42lgXmtixz3G1Z5tjbsszxt2WZY3BjWeBwy1Jn - ceD0Qf4CE1Qg9fRIDZJGBfNZcDFGGhNeyIaLMdKgaFMFF2NkQLEsVXerUKmZGCSDSs3CIBlUahYG - yaBSszBIBhXLokAyqNQsCiSrmIDXBJXEJak5vZeOt1Dq0zAX7CWrj7sUv6FH4erA532AwiyvsPUl - +5+G8iinyb9pji4d99a97dEneZhn6tE0XyUEXBnBkrm2084qJ5WrpT6vV/moJC712V3lo9K71Ke7 - ykflw/iQA1XGI7gvmd4mS6Cl8t2ShKsSzE3Gi/KEUlW+LrFaMIu+WbWoTOjvF9XlgP60sACWOJmm - nl9wzs4SCuUFIfmzMBCBHHBeiFT2jEzgflD6Qg3WOvQj9FAmQO35U5q+dEwTPl6zeHG8YBrGDXIa - P6deGBVJz0iQpUr2RcVa+9nmv0eo2O5zVWxXqtjuv1Cx6zndViX011Xs9n+kYn8BAAD//xptxY7g - ViwAAAD//+xaXWuDMBT9L4M+Ro0arQ+lK2yDvfW5b2liNxhW8YP+/d1rojNp7WCD4kPAh+C9Mder - OR455yrqWOyUlhnIbbAyA7sNVmagt8HKDPw2WJmB4AYrMzDcYGVTFHcsduiXY7HDHMdi+9dhOSyW - 6om/sNhrpZ3OKe00nguwIYDqXFtz8dXbCNAGYKUGY6odGNXr4Y7mEufU7GD0VdiB7KYKbKuHvG25 - +EQZTSmNTVcUHGXQp5vKHjYOvQxl/UehFGnHlguBDox3uWEnHkeSHtdxwI5QdZpmNAwTXGdMghXu - pOX4VHdSwhoNZP7UgDiDvpjn8sKbCjkqXvSuOUkZaryPWqXBt7/w1dBnNKRxToM8CmWWiEiwlIo1 - kzLgyYnm663c9FdZRbtV+AaHmkcKftYyJSHqVON1DblAR0jo4VvvKaTDlpGK8wY7BvN7Pg67CoYv - e5J41Rnrt11Py6/Y9k4tv2Lbf7X0igFvpDIcaWvB9D9yr42DuJ9Q21I2J4VZBwBaSH/t6rLK/QPg - j0Dfjd546PeD6LiTcR3tXNSuhFrDrIOCxz90BwWPqPi/UPANAAD//6K3i+lYFKA3N4DtJ6XqWpAe - WHMD6PZ0SFasBq0hhrINgBbmlyTmAFlYTMG1rNEA17JGA/iyRnQJeLsN2KXOLMrPg7RxIEIppdB1 - 6xAuMS4tA7Z9yV3Ohr4eFWIW3EygRRmJxWH54HV18CWj+bkQF1fDmNBSl2z7wSv89WHm6ijlJlYE - QYZdUPwKXhFXVOJYAvE3aGEuaNUcyOdwcVTNRii6oRrArq2trQUAAAD//wMAjsNkU/4wAAA= + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJuJMepkOhSchJZSapzkgTDMIh1LW6RddXflSwP/vedI + lh0uzgQ6DTxI2t1z/863x58cWFRcpk7saJApaEhfCyhS40pegnFNkkPJXVWB5lYoaVxIhS3BcjfJ + ucygUJk7A21wD9IxVBoMSLs6m9TGqnJKCi/DIAgDT8PfNRg7WVZwqnliRQKO6wiyH4a7e3v4YaCY + 4mdubWVi309hColN1V/K47bgxgguPQnWR0vW55XwI18YU4PfKbiGJcqfTEZnk164MwhxqXHBOPEn + x6BvtUm4hUzpZRtDil8oEQVR1AuGvXBvEgRxFMb9XS8Mhj8GURCQk2TEouONmmc6SfI+piKI1mGv + PlIwiRYVJQ5X95kpeVG4LBXGCplYVglIgKkpmyt97ZF0ouQ7XTzRi1oKKhcvLvmMW679mYC537i1 + cXC1FQb9cPizEf/AqxLLXpdolWCBJifcXFOt6itLb/GUFwZcpxU8wrgaWdfJBQJHJ/nyGGaAvga3 + rmMFIqtClDixrDFG5x5M+sG2jbDbqLT6C0N9ZiVW0k0dmsp2daCPz9CzCfedFNaiAuOsbROEf2vO + GjW1c64JyEaUVSHQ4fReSrBQDfx2houd4RPd/ULJukjWBdsJdtGNaGcR7fy/VlpYNCBFg+FgEQ6+ + hcFFZ7EfLfrRt7C4Qv7t7UM4Rh0cp2LxvuVALPL5BRY9yzRkSCsPsI7uqKJuu/xRkEe72zaG2zb2 + HipvKa1dJcJo2NuJe6HrYHLsewycMLo6wC3SfEuPT++mlnw3dOu36jT1SvN6oGqKPyQK/UALQmZO + bHUNtytWJW1aJG1WPj1YI8/wqMlVXaSHwlQFX676i6qiAYOlFn5I4ANv8HK3I/D7adtGM9GaZu5v + rAteaaG0sMtnpqwT95tb4Ot5XJQ8A+OThOmUCFzIRZZ7ZpZtCOstrnTMFjkPsRv1u1AKfgXETQTb + +/f1YEsiwm0YDYeUkZybUSWSYyGvX9POIVQ0W8ikq1pTy3mzt16RSo5wtOBXBYyBmxYJevXmnB6/ + e3N0cnl8dDA6ORtdjsbjP8YYHzaXwZTggUkO7BRJWFpGdpkwTMliybChRUFKmVXsV6E5O9VQYkez + 2iBGvccaO8SGcoIbEQRD2Y+d9sbC6mH6N111p8WxEJmQvLh/aDUZrdLb4LpA7zqWwMpmEtan64ra + 9iuQ3A4xzwRfK7y+/O7OHU/D4wZvv/DkGkfBDnKd8tbWwWra+k8OdyNb2zNoJOruaglz6m5VKH3S + enNV1NDLNLLEZmBR7FC1xVZlhcOqtKsqfKl+d5PzUX7+v88yreqKRrLXQqZIaoYh8tkVgGRVbXJI + G8wdjffpeQVMyBkZINCkDIduhvcGpDEpyyOPvSF1H+WL5vkiZudrtULGTGL0VnCrdBx4L73+DaUQ + M1iohBe5MjYeBsPAn7Yyl41vfti/QGF2fgZJTYTD3qp5z6rHZS+Yz85DY9mfNdcWNBvJDJurxFR9 + QeDk9He2X2PnsrOEyy0H24zd3LAzHAMbR/D94P2oeXxoH11Z6GN1m9LrRFhsXhJtYIBvqIgRv7Eb + do46ehE2bA/nzShsrBOs5Cz1JE7OXqZm/qwuJALNIhH4d89fkIp+EKzlkjl4pbAaPKUzH7uRE0IF + Tn/UxT4e9XJbFiS3qQd+NBUhZRH+jSGrC47pW9CvoSaOQ5CCFwSVM9Az/NHDeuz7k7UGl31X2J9e + oZqBF/ywJYeofh+vwxm4lJ5myGSP5WKAsb3s7311Lv4FAAD//+xZWW/aQBD+K6tKqQDFBhtzVlGK + RCNFairUqH1IX1i8C7gCbPmAl/z4frNemyMcraMgKkUgsL0zu7NzfLMz1vRKF87f68I5qYvz6gGB + kzlXt6J0Qs9YpZ9I1kfE4eGjDGKTWa1rRvjKtsM5+0wtM49ndV8339KsWcBW7Q6FSaWvABFY9dtn + lCog9kk+VsJPeZ8Cjm+fVRB7GPiFP6NQGGBNeJGa4nWBuG2DyqOfhNDmnTeTAEKZavzjJP7EXRe7 + UJdrp9tg7K8BuwJgzcXwgeQaA03Pr3Kx9CKAvqQ82AKWj0nrcKQsYZNNh+sVhgxHC0byo5zVh4lQ + +4OWjvxB5P4QaX/gcYzMGF2z1dRzpwwn2skEyJoA6ljAsdZiwjhDheCCEccVN+RjkmPYUxs1vvLF + JAEID9lUcgHOJUduM9Pdsp9rgR58kczkZprYHs/qk+6mT4JkoA7rIhvH8CQbtrZnAOUU7HgIL1dB + 3j1tGEL3Lv2Qf+GWthVhliAZzTxXG+3BU0lR2+yHOgWRhrUxUmEYwGWGgVBvHnz384C7MfF885mn + bhgKuaUnpNhyp+8IKhwNsfS/OIVmDXxKhuTjJS7m3qLMSuXnOXw49ru53+5FjbdGjHanGGK0O0CM + due1iFEoWbxAjKLpatPA50aM5jtinAExnP8LMZo56wnEeNmKsA61IiwnG6AqJQ7hGap5Qu2QXdLG + gTlqBwfy8j7b0yHCQ+V+7VBLqpa3pJQ7T6mG2NMZ2y23omQ+51Qnfjha+pACqenjhwUrSir9b+F/ + 1Ji6FzeNMXfqwhq1nVpjBOlbrY5l200qYHMirHCETJJ1e0KQb4NyLYOhG4uf/RWPAgJHmvRoS1gZ + Q5ooXxWZiXo1a0s2LNtypFWTdVt0mm7dbbQst90QosabY0u2b8WNmuWq3ruy7/BN+Yw5X+hCzjDS + R5GZRMYKGjFsEyIKMw0vUpkRcB6RxsCvAJzPIlz2B0bTDBYk/257+fIl3u1PX77Eu/3tS5cYgCTS + zqzuwWweSwb6dQ3FE1Vuafc3BbUnFP0g/5KEfiCrT8AhlzqXOvDoLQtG80imdfRLJ92+CTXcvkNB + QaP/AQAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMBbE0AnpkNyXDVoghbKNgCam1+SCJ13Rm+j + 4JrmMYBP86BLwCdN0CXgzbTUvLLMovw8SHsHOoZcCl1gAOES5dL8XIgJ1TAmtLAjo4BDWhuhDzNX + Ryk3sSIotbg0B2Qwkt3gEfuiEscSiDvK8kuoNy0IMQxuKNCujMTisHzwhAdsLg80VQmaRgBZCXcI + qmuNUJwL1QAOntraWgAAAAD//wMAVpWTdM8iAAA= headers: - ATL-TraceId: - - ec3e9b5637fa216b - Connection: - - keep-alive + Atl-Traceid: + - 13eec4dcfeaaa462 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:37 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 55c68c05-28a7-4961-bc15-7361558f8d68 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '232' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ff1d68ca-8c3e-4565-aff9-f4770c96b643 - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -632,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPy0rEQBBF/6W2JpnqzqND70QXKjIKyaxEpB8VjHTSIekIwzD/bgcHH7vi1jl1 - qRNotdBhdiDhPYRpkbudpY5MsP7DZyo4tSy9GrORAiTwSfPS+zHCDJFlmGHa7K+fm7un9ne7Xwcd - J5AvG5Rggq8JWJqcPw40hvY4UTxw4/xqo6TX3tlvBeQmlOIS3qqwgRw5S7FIuWhZIZHJvMgQ8Qo5 - YvQXmmNv2w//2LplXOaV5HWGZfnDmuF+7HwEBa9FVXZamZxyRRWarhKVtloJ7AyiKgohNOV/CoLb - Gh76WcH2TqdWFx69UVt8AneZgMa3QwPn8xcAAAD//wMA9bo971oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqioZwxn7YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwBUHjQCWgEAAA== headers: - ATL-TraceId: - - c2dae2d6bfa28f9d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 78048417f72e133b + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a00293ed-04ff-4913-bf68-f205cc5d85fc - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 9d1ab74a27f7eb7f - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8f06cd17-c025-4594-a5ba-c3ba0691540b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '119' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 638bc36d-7015-48b6-a5ff-ec550dfcfaab - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -809,96 +549,166 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 7dca6903abb1dd52 - Connection: - - keep-alive + Atl-Traceid: + - f7434815dd7ad13a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 493004c5-ba04-4bd3-940e-1fc2885891e8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '192' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 607c48e5-e758-4af6-b748-9f682a7a15df - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/233] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2867]\n*Defect Dojo link:* - http://localhost:8080/finding/2867 (2867)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 + (291)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -911,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '7090' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11105","key":"NTEST-916","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11105"}' + string: '{"id":"11800","key":"NTEST-1462","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11800"}' headers: - ATL-TraceId: - - 18ae57d889515483 - Connection: - - keep-alive + Atl-Traceid: + - e9798cbf5472d87b + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bd65b8ed-6b1d-4dbb-bed5-c6d51e1fe882 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '671' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c0c4c858-db3f-4e17-be21-05212c80b9d1 - x-envoy-upstream-service-time: - - '454' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -967,96 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-916 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1462 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rekIfiG6XCQttz1OC6k7QfKMMLe2CqO5JHkJFzpf79d - 2eathaP0YAa9WPv27LMr8cWDdcVl5iWeBpmBhuy1gDIzPckXYHomLWDBe6oCza1Q0vQgE3YBlvfS - gsscSpX3lqANfoNsCpUGA9I2Z72eJ0hzFEXhS1wYKOe4LKytTBIEGcwhtZn6rHxuS26M4NKXYAPU - YQNeiSAOhDE1BJ2Cc7hA+YPZ5GjW34pGuDN3znrJF8+g0dqk3EKu9EXjXIYrFIjDOOqHw348nkVx - Mhgl8djfGmz+EsZhSD6SDXtRgVPzRB9JPojCMIyvom4XGZhUi4oQwd0dZha8LHssE8YKmVpWCUiB - qTlbKX3uk3Sq5HtdPsYLA2mtIVgKWPElt1y/MuIf2F5gkurFs2ZrP9uOwkE0bpczdHT7OuSeR4lG - WzNuzilH9ZmlWTLnpYGe1+nwEqfka8+zAolRYZK9RNYYiVdp9RndeyJ6rbTDzmWjw44WNxJ+7el7 - KaxFBcSvVpqC+sOdNWpuV1xTYEYsqlIgQ7I70SC4jjLD8Xo4foy7LcytsRbpShCw+HMT52G4iZbj - 4ToePlmxS6FjyTPTjg/YikZrrISfsrXujLWTB6wN4vUg/jlrLTlNN7nX2tevVN/rD013wYwdn2AG - 81xDjnX9DQ2RU6qsmzJrdtLaWLVwLeIULcSb930Yf6ujaR3NLhWma39e0o9wyS12xabp/Djfm452 - 1cOCRpsmMrvprqoppoj60kfaEDL3EqtrQDhQp/2AxU6Ubnxz6ki9FmkT+5dv9shVFDaFqstsT5iq - 5BdtSeB2qgFjpar7Xp8cxaOuT95FLbwPzui+D/F1yxBKC3vxRAw78cA128e3S7HgOZiAJEynROBG - IfLCN8v8use8xZ2uGcUeoXQnlEEXSsnPgNoJkfPOIarL7wIR3cfEaEyIFNxMKpG+E/LcXcZ7UNHd - LNMuay6XK/ftakcqOcGrmZ+VMAVuGiboduYdvnv/Zv/g9N3+7uTgaHI6mU7/mmJ8WEIGIcEDswLY - IfZNaRnZZcIwJcsLhjUpSlLKrGK/C83ZoYYF1i2rDbLWd1V6N4otVBheijAc5jLxmisDs4fwXxfV - rULGRORC8vLuofZl0cLreF2id10vwMzmEq5O1xVV7SOY3LwVnki+Rvjqvrp9vf8YH6/59htPz/Ep - 1VGuU97Y2m0fNT/lcPcyamoGjcTd9SphRdWtSqUPGm/Oyhr6ucYucf08UGxPNclWiwofe9K2WXgo - f7fB+SRv/u6wXKu6opfPayEzbHOGIfPZGYBkVW0KyBzn9qc7NJ4BE3JJBog0GcNHK8PbAbKElBWx - z96Quk9yw40bCTu+UitkwuaISJGE/sAPLwk9BK9UKS8LZWwyDsdhMG+Onzq3gngwOEFBdnxENxk2 - G/ZWrfpWfV/4hAXsODKW/V1zbUGzicyxsBYI0wMCB4d/sp0aq5YdpVzec7BB6/KSHQGWAzmC890P - Ezd8bIYuJbRo70uazoTFwiVRRwGcoSJGvY1dsmPU0Y+xF/WjURRtOetEqXQJ/kJYDb7SeZDmon8m - JO0SE3xcv6LJ9m3pE1I4DBtonZbVTS1Yl5y4KvDpRvUc4FG/sIuS5FxmcHS5IT1TyOuSI4Zr+nfC - BbMHUvCSuHIEeinwwdxnz1+TYI89K+2vKPzSj1/cAyEq3cGbcAk9Qsc9Cdklobrxm+YyLYIZz5MN - doAYNru1KLP9vZtbCDGGQwQtbmx3v0XkX5HYrQf+/x9GR9AgHo82kRYbe674sS4/K0ZtER37b0H2 - nP6+QPGWT/8CAAD//+xZbU/bMBD+K1ElJJhImqRNgU6IVRqT9oEJMY1JbB8wdgqRmjjKG5tY//ue - sx23pARtCCE+IKGS+M7ns+/Fz11+Yxq5BG3y+zFefuCf+xRbkoRzLeE5XWt1zOf1IkMhSreRdXkT - 2ThI5T8rZhyPTT7vkCRaJTKJrGRi2kvkkIkmKZHAgAOicIK8NKdThYe0lw+Z61ItcunghnSalRbI - S4WxcryysrBWLo2Vb28opzHIy64doFYOOi5XXrA5rURXKXJNXlfez8xZ2+WJFPUiNlu8T2ph8XTN - ccBxquCkaMmgXlfvDy15TQA4bzAbg+3ZTc0eaIpacXdtAGW96CEUTezSJZPwTUZNnbOGrkU7jEXJ - 1+iHPA2vM84hb4rEf7VIuLLfSaJyvTHfN3W504kbu+g9ObJwFiAUnprzOc0Zr4j/i3QS9eKgBmkS - EQvF8LWK81LbDeOi5rFmNmF+hpACCIIu/+MyamIuKfGT928zkSbZjrO98ycFeqrkFD68CaCDPgAd - jFsC3a1VAWygigAC8V3WqEeG30voA6W+BaXtVvsYbbnEqorxG7rkHsS//sGDYK8LEso6TRmhm0Hf - hU1nR1WKLJ4IgSjAjhjnVFuhvozmbDwSwdX+2I+uoOje3kEQhhNaxzJhhUfYYjLsTAgKAnCudHBN - xftB3rIypzxHQh9tO+hS2QPeUmweANZQPw6jIAzGceDHo1AcTPiIR3sB34+E8NlkHsT7R+JQSdka - zbbCT/jT89yUZQZ9uK4eKr26dG9xIm7okeN7OtDoyNycsZJODPNVUkdBgcePp+7EyzPSv9vPeP0a - d7sir1/jbmfltWuMXCR0K8EUDeto5NS0BCmeCHfpBobOZxfItWA/rguZx8MLZBpOpbYJPOrkgWoj - mdYxPUlTbxQm076lgpc3+lsqeAmN31JBbyqwQAIqXuuIu6OPAObZh1xZsQWeNrGSD7w1uFsONgl9 - DUvfNiy7BNv+6xIsdIuzJilkpsGR6YbU5ouUfv2XLTSyerZOs5ZlZWIhVLPnUnXMbDMYZa7S+K59 - NFn3yeurb3fDVu7uIGW/zuKyXpDgtb2qXldRzSq9b2q5Uz+Mdm7H708O7802E5S2y+XyLwAAAP// - AwASzYZA2BwAAA== + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suKq6gohix112xZljlu+yENAlo6S2wkUiMpP9b0f99R + D2tx4qLJsMZARN7xHrz73fE+W7AuKU+syJLAE5CQvGGQJ2rAaQFqoOIMCjoQJUiqmeBqAAnTBWg6 + iDPKU8hFOliCVMiDZAqlBAVct2fjSmlRLIzCa891PdeW8FcFSs82JZxLGmsWgzWwmLHveaHr4kZB + vsBtpnWpIsdJYAGxTsQnYVOdU6UY5TYH7aAl7dCSOb7DlKrA6RTcwAblz2aTi9nQC8Y+kmoXlBV9 + thT6VqmYakiF3DR3SHCHEr7r+0M3HHqHM9eNfC8aHdph4P3o+rXa2ohGx2s1T3TSyDsYCtd41Vy7 + 3SSgYslKEzikHhFV0DwfkIQpzXisSckgBiIWZCXkjW2kY8HfyfyRXlScmXTR/JouqabSWTJYObVb + vYMty3NHXviTYn/DqwLTXhVo1cACTc6oujG5qubarKIFzRUMrEbwBO9Vyw6sjCFwZJxtTmEJ6Kv7 + ZWBphsgqESVWxCu8o7UDk5G7j+F1jFKKT3jVJ2aila7zUGe2y8MOevrrvuNMa1SgrK1tA+Hf6rNK + LPSKSgNkxYoyZ+hwshMSTFQNvyBcB+Ej3f1KyrqbbBMWuC/QDT9Y+8H/a6WBRQ1SNOiN1974exhc + dxZH/nrkfw+LLfK/fLkPR7+D44Kt3zc9EJN8eYVJT1MJKbaVe1hHd0ReNVX+IMj9F/sY4T7G4X3l + TUtrqKZh1N3bioZe28dMVCSLGz8+36MZrOKFVSaqPHnNVJnTTYtoJK+oxmehaaePr76mWfft2WnU + SVNb9fJYVCZetasfDIHx1Iq0rIxtVKrfY9pMhbXRkICXNSX8UAMPvLBr4Lth29dm/G2b2WVsE15K + JiTTmyeGoBN36lfg2/s4K2gKyjESqlPCkJCxNLPVMu0b1lukdJ3Nt+5j1x91V8npHExvMrDdfa/H + ewLh7cOoF5qIZFRNShafMn7zxnBeQ2lmCx53GKqRtap5WwoXfIKjBZ3nMAWqGlzKdmWdn7775eTs + +vTkeHJ2MbmeTKd/TPF+WFwKQ4IHZhmQc2zCXBNjlzBFBM83BAua5UYp0YL8yiQl5xIKrGhSKcSc + /VBhe1hQlnvLXDfk88hqXizMHoa/r6o7JY6JSBmn+e6hdjJqw1sjP0fvui6BmU05bE9XpSnbb0By + M8Q8EXyN8Pbxuzt3PA6PPd5+pvENjoId5Drlja3jdtr6Tw53I1tTM2jE795qDitT3SIX8qzxZp5X + MEwl9qx+YBHktWiSLYoSh1Wu2yx8LX93g/OR//t3RFIpqtKMZG8YT7BJKYLIJ3MATspKZZDUmDuZ + HpnvHAjjS2PAgCYhOHQTfDcgiYyyzLfJL0bdR/68/j6PyOVWLeMRKdPowPZs99aEDiOXi5jmmVA6 + Ct3QdRbN2evaJ8cLrlCIXF5AXJlGQ96K1VCLh2WviEMuPaXJnxWVGiSZ8BSLqsAQfUXg7Px3clRh + xZKLmPI9B5tI3d6SCxz/akdwffx+Un8+NJ8uHWbTvqJmOWMai9aI1unHFSoipq+RW3KJOoY+FurQ + G7uhX1s3cOLLxOY4MdupWDrLKucIMI0NwLl7/sqoOAy2YvEK7IJpCbaQqYNFSA0wGQ59pnidw8DO + dJEbqTLFf3UejAof/6ZQCA14jQTIZI3xNjJkSH44TwfkWa5fEt/2PNsn5FmqX74iI9tF4Zoxssd2 + QDpG0DMC+8B+0dEPevqBjbo6+rinm+VBTzfetXTPHvd0v6f7/fl/AAAA///sWF1P2zAU/StXQprS + rKRqC1TrxAOiPEwaaFq3vayTGlJDs6VJiZPCxPjvO9d2XIemIBgPewBQSX197etzv45zEPTX4/2g + vx7fW4/vrQ8wWO/Lj8643Zcfe60tMQHgjkAyVqLN7lZkmZp8O3iib838l/Ltq19fxq8oaFXyD33l + Yx4jf1QKGqESYnAslkVA3UGbuO9RvcxWv/NuYOus+t4PXhPwOY6qWkWn966PAu2PVAtGd/yZEZMT + OORRPfLw0Wpy7cOOJR9VH4Lv+Lf7jCTFjsh2tcC/NYB6bPnjrMwjgfhKhM+tdhf3wUUsBQO7vHQm + jtaEwEfjttsi+KTptUGcdcLZKpYgFeDm+70euMIFY4yEqAghs4bp8nJKIFuwL6WQch3HEcexsHHM + ZxB5eB4n3D2LeVhQFmEjSddz8IwCtNcoMmrnoRSU5XSF29xvwsUz4jyUWD3Kwws2ADSpXKTErChQ + mQbinAsCc6biOqtUIpKRSEPcMJh8YKs4mhNaPVh1Ev8S4NUX2CWE2ctlEkfqdZ8hOZXBiQA+yFkm + 5u4sfTTYVKYyvECxYB6+K0ueAvvkVWK2M8hIwo0/juIMHMAxXgaTtLe5OpRSIC3ZGJiHi2QObo91 + LTrMu6wNoUEqF0WZpwhuPMkyKRhdxwbMazQiYAB3dnClyOBP/B1naYSYn6TT6XSS8jWtoFs6xsnA + b+7okPj9Z5wL783OTW+A0NL/W9XcSM88JHBao+axUD0F5nA8UikwXIc0HZ98PDn+Ql06GtObqzIr + 3k/woxfv+HoESdgk9jsT5OVbPqrMEhGAxXuI/gg3q0Ckq9YPtgZkGCppp6O1p8oAbZQC0IMdbfJE + nrcZwRYdcubQLVY2Z8JaMzb8rmXAoW82UOg0m5WIF+JUc8erlyrDWh0HJ9xSySHZVsut0kY1t5KN + eu5I7lV0R3KvpjuSe1Xdkdyr61ayUdkdSb22A6dP6rXJrAJpaGYakAwqWM+BizEymPBGLlyMkQHF + iCq4GCMLiiOpel6FSk3EIFlUahIGyaJSkzBIFpWahEGyqDgSDZJFpSbRIDnBBLzmiCQOyV1N84ab + hZ5vJUP+QHfCt6OI8wCBWZ4j/U0POI3VHc60AN9eWnrBTXAzpK/qFs8FyBT7yiWomAkkeeAq9bcp + aW816uxt09FubNTZ36ajHdyoc7BNR3vE6pBHZ9yBVHeyHU4FQVt7vK3KrnYxt5owkRktdQAHxETC + bjrYtqly6cObmoBAl9rYwPjuw2IZRgX77SyjWH0hhMAqnonZus1j4mewolygmsun9Hmjusz4Hs00 + xQtnizhtkdf6swANKbKhpR6NhPaVzDoJ7Ba8x8ls95lktstktvs/kNnn3njdwH06mf0LAAD//yKt + MWs42pgdTo1ZAAAAAP//7Jpda8IwFIb/y8DLdE366YU4YRvszmvvYlIdjH7QtPj3d06TZqazDnYx + Cgt4IeakOSbk9ZX38WbWm1nHnDma7pgzR9Udc+boumPOHGV3zNm1tnszO+6XN7PezC7DzFI79Qcz + +z1Yp3PBOo3HAczcupaLjyHaR9RgWprMPCOcHbBh9fid5grnwuvQAha867h4xwDsZi4eWuDCCYGn + 4aHqy5Jj6vlwM8jDjUN0oW5/mYui19hyIRCXeJOb5MTjSNJjHofJEbrMsjVlLMV1bBGscKeswFPd + SQlrKKj86gGFBfGYp/rCVYO2Fh96F2waDqEIzq0ug5/7coRrEspoXNCwiJhcpyISSUZFnkgZ8vRE + i3wrN8NTVtFuxV7hpeeRklcmliREf6SCXpEL7AhhAbQoAy1tuGWk4VzhjsH8wXrDJYK3z3uSBk2F + /U8hqeV3PKWslt/xlNJaescgRFLTToYkuP4/uTfQId4nzLk0k6TF7FBXWP7St3VTPB5AfwTyN+bi + ISsIo/Ym4zoGnTQQQmtk1kvB3x/6P5WCTwAAAP//orOLR4sCnEUBvBUBdGI6JMdVg5YZQ9kGQHPz + SxKhq6fR2yK4FisawBcrokvAl/6hS8CbZ8CucmZRfh6kAQQRSimFLpOHcIlyaX4uxIRqGBNa2JFR + wCGt8NeHmaujlJtYEQQZ4kCxG7zurKjEsQTijjJgy5rcxXIYi1UhhsENBdqVkVgclg9etgdfH5tf + BF4MB7IS7hBU1xqhOBeqARw8tbW1AAAAAP//AwCAd9iQlTEAAA== headers: - ATL-TraceId: - - ed4c3621d1dbc9a0 - Connection: - - keep-alive + Atl-Traceid: + - 9dae00a89a2d46b9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 641099cf-c383-4b55-8523-3c41bed9f5d8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '229' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 48b423db-49ba-4214-8499-30ddf75daff2 - x-envoy-upstream-service-time: - - '150' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1066,96 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11105 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11800 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rekIfiG6VBIW3o9joO0/UAZRtgbW8WRPJIcwhX+++3K - Nm9tOEoPZtCLtW/PPrsS3zxYVlxmXuJpkBloyN4IKDPTk3wOpmfSAua8pyrQ3AolTQ8yYedgeS8t - uMyhVHlvAdrgN8gOoNJgQNrmrNfzBGmOoih8iQsD5QyXhbWVSYIggxmkNlNflc9tyY0RXPoSbIA6 - bMArEcSBMKaGoFNwBhcovzedHE77G9EId2bOWS/55hk0WpuUW8iVvmicy3CFAnEYR/1w2I/H0yhO - BqMkHvsbg/XfwjgMyUeyYS8qcGqe6CPJB1EYhvF11O0iA5NqUREiuLvFzJyXZY9lwlghU8sqASkw - NWPnSp/5JJ0q+VGXj/HCQFprCBYCzvmCW65fGfEPbM4xSfX8WbO1m21G4SAat8spOrp5E3LPo0Sj - rSk3Z5Sj+tTSLJnx0kDP63R4iVNy1fOsQGJUmGQvkTVG4lVafUX3noheK+2wc9nosKPFrYTfePpR - CmtRAfGrlaag/nBnjZrZc64pMCPmVSmQIdm9aBBcR5nheDkcP8bdFubWWIt0JQhY/LmN8zBcR8vx - cBkPn6zYpdCx5JlpxwdsRaMlVsIv2Vp2xtrJA9YG8XIQ/5q1lpymm6y0dnVF9b381HQXzNjRMWYw - zzXkWNff0RA5pcq6KbNmJ62NVXPXIk7QQry+6sP4ex1N62h2qTBd+/OSftTzMEz7CSuOeNUe4Bb7 - ZNOGfr4Cmh533dWCRpsmervptqopyog61WfaEDL3EqtruGqbFynTIm1i//bdHjmGR02h6jLbEaYq - +UVbEridasBYqep+1CdH8ajrk/dRC1fBGa36EK/6MLjpJUJpYS+eCGUnHrgu/Pg+KuY8BxOQhOmU - CNwoRF74ZpHfNJ93uNN1qdi7IjacArUTIue9sKgufxhvtIqJ0ZgCL7iZVCL9IOSZu4x3oKK7WaZd - 1lwuz9236x2p5ASvZn5awgFw0zBBtzNv/8PHt7t7Jx92tyd7h5OTycHBXwcYBpaQwcjxwLQAto99 - U1pGdpkwTMnygmFNipKUMqvYe6E529cwx7pltUGO+q5K70exgQrDSxGGw1wmXnNlYJIQ5ZuiulPI - iHcuJC/vH2pfFi28jtcletf1AkxgLuH6dF1R1T6Cyc1b4Ykca4Sv76u71/vP0e6GVq95eoZPqY5Z - nfLG1nb7qPklh7uXUVMaaCTurlcJ51TdqlR6r/HmtKyhn2vsEjfPA8V2VJNsNa/wsSdtm4WH8ncX - nC/y9u8Wy7WqK3r5vBEyw6ZmGDKfnQJIVtWmgMxxbvdgi8ZTYEIuyACRJmP4aGV4O0CWkLIi9tlb - UvdFrrlxLWFH12qFTNgMESmS0B/44SWhh+CVKuVloYxNxuE4DGbN8RPnVhAPBscoyI4O6SbDnsLe - qfO+VT8WPmYBO4qMZX/XXFvQbCJzLKw5wvSAwN7+n2yrxqplhymXKw42aF1eskPAciBHcL79aeKG - z83QpYQW7X1J06mwWLgk6iiAM1TEqIWxS3aEOvox9qJ+NIqiDWedKJUuwJ8Lq8FXOg/SXPRPhaRd - YoKP61c02bwrfUwKh2EDrdNyflsL1iUnrgp8ulE9B3jUL+y8JDmXGRxdbkjPAeR1yRHDJf074YLZ - ASl4SVw5BL0Q+GDus+dvSLDHnpX2dxR+6ccvVkCISrfwJlxAj9BxT0J2SaiuvdZcpkUw5XmyxvYQ - w2a3FmW2u3N7CyHGcIigxa3t7reI/GsSu/XA///D6AgaxOPROtJibccVP9blV8WoLaJj/y3IntPf - Fyje8ulfAAAA///sWW1P2zAQ/isREhJMJE3SppROiFUak/aBCTGNSWwfMHYKkZo4yhubWP/7nrMd - tw0EbQghPiChkvjO57PvfPfc5TemkUvQJr8f4+UH/rlPsSVJONcSntO1Vsd8Xi8yFKKUjazLm5uN - g1T+s2LG8djg8w5BolUik4hK5k57iRww0SQlAhjSfRSOEZfmdKrwkDb5kLku1SKXDjKk06y0QFwq - jJXjlZWFtXJprHx7QzGNQV527QC1ctCRXHnB5rQSpVLEmryuvJ+Zs7bLEynqRWy2uElqYfF0zXHA - carAo2jJoF5X7w8teU0AOG8wG4Pt2U3NHmiKWnFvbQBlveghFE3sUpJJ+H1GTZ2zhtKiHcai5Gv0 - Q56G1xnnkDdF4L9aJFzZ7yRRsd6Y75tK7nTixi56T44snAUIhafmfE5zxivi/yKdRL04qEGaRMRC - MXyt4rzUdsO4qHmsmc01P8OVAgiCLv/jMmpiLinwk/fvMJEm2a6zs/snBXqq5BQ+fB9AB30AOhi1 - BMqtVQFsoCA/gfgua9Qjw+8l9IFS34LSdqt9jLZc6hIOHgR3XVDAqorxG0qNGkCUdZoyQjdbfQmb - zo6qFFk8EQLRBTtinFMlhfoymrPRUARXk5EfXUHx/f2DIAzHtI5lwgqPsMVk2JkQdAnAudLBNRXv - B3nLypziHAl9tO2gS2UPeEuxeQBYA/04iIIwGMWBHw9DcTDmQx7tB3wSCeGz8TyIJ0fiUEnZHs62 - w0/40/PclGUGfbiuHiq9unRvcSJu6JHje/qi0ZG5OWMlnRjmq6COggKPH0/dsZdnpH+3n/H6Ne52 - RV6/xt3OymvXGLFI6FaCKRrW0cipaQnSfSLcpdsVOp5dINaC/bguZB4PLhBpOFXU5uJRJw9Ue5Np - HdOTNPVGYSLtWyh4eaO/hYKX0PgtFPSGgi7iAITaulvSnBZxQPdrfRXv6OuAefaxoKzYAk8PSOlr - WPp9DUvfNiy7BAvd4qxJCplpmGO6IbX5IqVf/0XTRlbP1lfWsqxMLIRq9lyqjpltBqPMVRrftY8m - 6j55ffXtbtDK3dtK2a+zuKwXJHhtr6rXVVSzSu+bWu7UD6Od2/HNyeHGbDNBabtcLv8CAAD//wMA - R37nZdgcAAA= + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suK66gohixx22xZljlu+iENAlo6S2wkUiUpP9bkf99R + D2tx4qLJsMZARB55798d76sFq4Ly2AotCTwGCfFbBlmsepzmoHoqSiGnPVGApJoJrnoQM52Dpr0o + pTyBTCS9BUiFZxBPoJCggOvmblQqLfK5EXjtua7n2hK+lKD0dF3AmaSRZhFYPYsZ/Z43cl3cKMjm + uE21LlToODHMIdKx+CxsqjOqFKPc5qAd1KQdWjDHd5hSJTitgBtYI//pdHw+7XvB0EdSZYKywq+W + QttKFVENiZDr2ocYd8jhu77fd0d9b3/quqHvhYN9exR4P7t+JbZSotHwSswzjTT8DobCNVbVbjeb + GFQkWWECh9QDonKaZT0SM6UZjzQpGERAxJwshbyxDXck+AeZPdGKkjOTLppd0wXVVDoLBkunMqsz + sDny3IE3+kWxv+FNjmkvc9RqYIEqp1TdmFyVM21W4ZxmCnpWzXiMflW8PStlCBwZpesTWADa6t71 + LM0QWQWixAp5iT5aWzAZuO1BIcVn9OiZAW+4q3BXCWzDvQWSzqsPnGmNApS10W2Q+nt1V4m5XlJp + 8KpYXmQMDY63PMd8VCgLRqtg9ERzv5GZ1pNNXgL3FZrhBys/+H+11NmvsIgKveHKG/4IhatW48Bf + DfwfobEB+N3dQzh6u3DqtwdztrqoeyBm//IK0ZAkEhJsKw+wjnaKrKyr/FGp/qtdB6NdB/sPhdct + raaahlF1byvse7ilGpt63QyfXlR1q+2aq1OLk6ZkquWhKI23nmmYHw2B8cQKtSzhrumhRppkUR2D + rw9oxjK8qlJRZvERU0VG102ZIRnN0heYT1N6TTQkoLOmth9r4IE3ahv4dtg2bWb7YFfC/U3CC8mE + ZHr9zCC27E71Cnx/H2c5TUA5hkO1QhgSUpaktlokXSd7j5S25fnWQ1D7g9aVjM7ANC0D2+33ergj + EN4ujHojE5GUqnHBohPGb96akyMozGzBozaPVXaX1dmGwgUf42hBZxlMgKoaG7JZWWcnH94dn16f + HB+OT8/H1+PJ5M8J+ofFpTAkeGGaAjnD7sw1MXoJU0TwbE2w0llmhBItyG9MUnImIcdSJ6VC1NqP + VbyHBWW5t8x1R3wWWvWLhdnD8HdVda/EMREJ4zTbvtRMRk14K6RnaF3bJTCzCYfN7bIwZfsdSK6H + mGeCr2bevIr3546n4bHD2680usFRsIVcK7zWddhMW//J4HZkq2sGlfjtI85haapbZEKe1tbMshL6 + icS+0Q0sghyJOtkiL3BY5brJwrfydz84n/i/fwckkaIszEj2lvEY25wiiHwyA+CkKFUKcYW548mB + +c6AML4wCgxoYoJDN8F3A+LQCEt9m7wz4j7xl9X3ZUguN2IZD0mRhHu2Z7u3JnQYuUxENEuF0uHI + HbnOvL57XdnkeMEVMpHLc4hK02jIe7Hsa/E47xVxyKWnNPmrpFKDJGOeYFHlGKJvMJye/UEOSqxY + ch5RvuNiHanbW3KO419lCK4PL8bV52P9adNhNs0rapZTprFoDWuVflyhIGL6Grkllyij72Oh9r2h + O/Ir7QZOfBHbHCdmOxELZ1FmHAGmsQE49+9fGRH7wYYtWoKdMy3BFjJxsAipASbDadAUr7Mf2KnO + M8NVJPivyoMR4ePfBHKhAd2IgYxXGG/DQ/rkp7OkR15k+jXxbc+zfUJeJPr1GzKwXWSuDgb20A5I + exB0B4G9Z79q6Xsdfc9GWS192NHNcq+jG+saumcPO7rf0f3u/j8AAAD//+xYXU/bMBT9K1dCmtKs + pGoLVOvEA6I8TBpoWre9rJMaUkOzpUmJk8LE+O8713Zch6YgGA97AFBJfX3t63O/jnMQ9Nfj/aC/ + Ht9bj++tDzBY78uPzrjdlx97rS0xAeCO0OhXos3uViyamnw7eKJvzfyX8u2rX1/GryhoVfIPfeVj + HiN/VAoaoRJicCyWRUDdQZu471G9zFa/825g66z63g9eE/A5jqpaRaf3ro8C7Y9UC0Z3/JkRkxM4 + 5FE98vDRanLtw44lH1Ufgu/4t/uMJMWOyHa1wL81gHps+eOszCOB+EqEz612FxfFRSwFA7u8dCaO + 1oTAR+O22yL4pOm1QZx1wtkqliAV4Ob7vR64wgVjjISoCCGzhunyckogW7AvpZByHccRx7Gwccxn + EHl4HifcPYt5WFAWYSNJ13PwjAK01ygyauehFJTldIUb1W/CxTPiPJRYPcrDCzYANKlcpMSsKFCZ + BuKcCwJzpuI6q1QikpFIQ9wwmHxgqziaE1o9WHUS/xLg1RfYJYTZy2USR+p1nyE5lcGJAD7IWSbm + 7ix9NNhUpjK8QLFgHr4rS54C++RVYrYzyEhahFCOM3AAx3gZTNLe5upQSoG0ZGNgHq6iObg91rXo + MO+yNoQGqVwUZZ4iuPEky6RgdB0bMK/RiIAB3NnBlSKDP/F3nKURYn6STqfTScrXtIJu6RgnA7+5 + o0Pi959xLrw3Oze9AUJL/29VcyM985DAaY2ax0L1FJjD8UilwHAd0nR88vHk+At16WhMb67KrHg/ + wY9evOPrESRhk9jvTJCXb/moMktEABbvIfoj3KwCka5aP9gakGGopJ2O1p4qA7RRCkAPdrTJE3ne + ZgRbdMiZQ7dY2ZwJa83Y8LuWAYe+2UCh02xWIl6IU80dr16qDGt1HJxwSyWHZFstt0ob1dxKNuq5 + I7lX0R3JvZruSO5VdUdyr65byUZldyT12g6cPqkXL7MKpKGZaUAyqGA9By7GyGDCG7lwMUYGFCOq + 4GKMLCiOpOp5FSo1EYNkUalJGCSLSk3CIFlUahIGyaLiSDRIFpWaRIPkBBPwmiOSOCR3Nc0bbhZ6 + vpUM+QPdCd+OIs4DBGZ5jvQ3PeA0Vnc40wJ8e2npBTfBzZC+qls8FyBT7CuXoGImkOSBq9TfpqS9 + 1aizt01Hu7FRZ3+bjnZwo87BNh3tEatDHp1xB1LdyXY4FQRt7fG2KrvaxdxqwkRmtNQBHBATCbvp + YNumyqUPb2oCAl1qYwPjuw+LZRgV7LezjGL1hRACq3gmZus2j4mfwYpygWoun9Lnjeoy43s00xQv + nC3itEVe688CNKTIhpZ6NBLaVzLrJLBb8B4ns91nktkuk9nu/0Bmn3vjdQP36WT2LwAAAP//Iq0x + azjamB1OjVkAAAAA///sml1rwjAUhv/LwMt0TfrphThhG+zOa+9iUh2MftC0+Pd3TpNmprMOdjEK + C3gh5iQ5puT1lffxZtabWcecOZrumDNH1R1z5ui6Y84cZXfM2bW2ezM7npc3s97MLsPMUjv1BzP7 + PVinc8E6jccBzNy6louPAQ7AuH9amsysEc4OzIXVoQ2rxy87V2gBCyfbnWaCvOu4eMd07GZoHloa + Q/VlyTH1fLgZ5OHBIbpQt7/MRdFrbLkQCFy8yU1y4nEk6TGPw+QIjWTZmjKW4j62CHa4U1bgU91J + CXsoqPzqAYUFuZmn+sJVg7YWF71LPA1nXQTnVpfBz305UjcJZTQuaFhETK5TEYkkoyJPpAx5eqJF + vpWbYZVVtFuxV3jpeaTklYklCdEfqaBX5AInQlgALcpASxseGWk4V3hiMH+w3nCJ4O3znqRBU2H/ + U3pq+R1P8avldzzFt5beMQiR1MSRIQmu/0/uDY2I9wlzLk01aTE71BWWv/Rt3RSPB5AZgfyNuXgI + EcKovcm4j0EnDYTQGpn1UvD3D/2fSsEnAAAA//+is4tHiwKcRQG8uQF0Yjokx1WD1h9D2QZAc/NL + EqGrp9GbG7gWKxrAFyuiS8CX/qFLwJtnwK5yZlF+HqSNAxFKKYUuk4dwiXJpfi7EhGoYE1rYkVHA + Ia3w14eZq6OUm1gRBBniQLEbvO6sqMSxBOKOMmDLmtzFchjLXSGGwQ0F2pWRWByWD162B1ujClpw + C1oMB7IS7hBU1xqhOBeqARw8tbW1AAAAAP//AwBGsZ3xlTEAAA== headers: - ATL-TraceId: - - 87b0b6a00d0823c8 - Connection: - - keep-alive + Atl-Traceid: + - 80b849f93224dce9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e70cc1b9-077e-4672-bedb-396119a13dc2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '222' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fe989c16-fa6b-417a-b1ea-a42c8927c0f8 - x-envoy-upstream-service-time: - - '107' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1165,174 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp0k3W3EQPKrIK2z3JIkk6wUqalDYVlmX/uykuftyGd55n - XuZEjJ5wP3qiyHtKw6RWqxYd2tTGj0h18nqaOh1owEQK8onj1MWQ4QqgokCh3G1vXnb3z83vdjv3 - Jk9EvS5QAQUcCtLi4OOxx5Ca44D5wK2Pc5slM3e+/VaIWoS1vIR3Oi0gA1aVUJdMNlWtoFK8pgBw - BQwg+xOOubfp+n/spqmY4kKxayqA/7C2fwguZlCyjRRrZ7TlyDUKsE5IYVqjJTgLoOtaSoP8T0Hy - S8NjN2qyvOP07NNTtHqJT8RfJoLhbb8j5/MXAAAA//8DAOfZHwxaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqSkpYTX/YfnxwxiewLik3hTGm4A1jNRYNYlnJxPYSVd1zXmos6r8F0a4N + j8MsYX3HyMXGJ9/LNT6BvUyg3dt+B+fzFwAAAP//AwBm0e1CWgEAAA== headers: - ATL-TraceId: - - dbbe880164d707f3 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 0d3d3eec6f71378e + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cc68c82b-2ca0-4ef3-a076-6eefdbaedc26 - x-envoy-upstream-service-time: - - '26' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 22390495c479ecab - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 10001913-974e-4ecb-abd6-d17bf0135a88 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '158' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d063333b-7c42-4b40-ad57-50e5b806d76a - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1342,110 +1089,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - f59319a6beae2998 - Connection: - - keep-alive + Atl-Traceid: + - 120fbfc8b6a46b0d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c70e456f-29e9-4574-bf9a-f3cbf062eb0d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '193' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6a6534de-6257-4d6a-afbc-566f780c6c02 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", + body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/231] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2865]\n*Defect Dojo - link:* http://localhost:8080/finding/2865 (2865)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2864]\n*Defect - Dojo link:* http://localhost:8080/finding/2864 (2864)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -1458,53 +1197,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '1932' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11106","key":"NTEST-917","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11106"}' + string: '{"id":"11801","key":"NTEST-1463","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11801"}' headers: - ATL-TraceId: - - 2e4ad4c5de4324f4 - Connection: - - keep-alive + Atl-Traceid: + - 332da55934010430 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 01091800-be64-4948-af8b-62b9fcc835af X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '485' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2365c824-2490-46dc-a6da-0aebffd47d66 - x-envoy-upstream-service-time: - - '407' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1514,98 +1259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-917 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1463 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxQxx1mAwFJ6GllBon+UAY5iyt5QvSnebuZJuG/Pfu - niQbCKaE1HzQ3Un79uyze8sXD1Yll6kXexpkChrSNwLy1HQkL8B0TDKHgndUCZpboaTpQCpsAZZ3 - kjmXGeQq6yxAG3wH6RhKDQakrb/1Op4gzWEYBju4MZDPcDu3tjSx76cwg8Sm6rPqcZtzYwSXPQnW - Rx3W56XwI18YU4HfKriEK5Q/noxOJ91X4Us8mTlnvfiLZ9BoZRJuIVP6qnYuxR0KREEUdoNBNxpO - wiju78T9oDcY9H8JoiAgH8mGvSrBqXmijyTvh0EQROuom00KJtGiJETwdI+Zgud5h6XCWCETy0oB - CTA1Y0ulL3sknSj5XueP8cJAUmnwFwKWfMEt16+N+Ad2C0xSVTyrjw7T3TDoh8NmO0FHdzchdzxK - NNqacHNJOaqmllbxjOcGOl6rw4udkq8dzwokRolJ9mJZYSReqdVndO+J6DXSDjuXjRY72txI+MbT - 91JYiwqIX400BfWH+9aomV1yTYEZUZS5QIakd6JBcB1lBsPVYPgYdxuYG2MN0qUgYPF3E+dBQKyM - Bqto8GTFLoWOJc9M83zAVrizCnd+zNaqNdYsHrDWj1b96MesNeQ07WKrta9fqb5XH+rughk7O8cM - ZpmGDOv6Gxoip1Re1WVWnySVsapwLeICLUQvt70Yfqujbh31KRWma39e3A1xyy12xbrpfD/f6462 - 7mF+rU0Tmd1yX1UUU0h96SMdCJl5sdUVIByo037AYidK1745daRei6SO/cs3Z+QqCpu5qvL0QJgy - 51dNSeBxogFjpaq7r0+GL4dtn7yLWrANznDbi2jbi/6mlwilhb16IrituO+68OP7qCh4BsYnCdMq - EXgwF9m8ZxbZpvm8w5O2S0WeS8kUqJ0QOe+ERXV5b7zhNiaGQwp8zs2oFMmRkJfuMj6Aku5mmbRZ - c7lcunfrE6nkCK9mPs1hDNzUTNDNyjs5ev/28Pji6HB/dHw6uhiNx3+NMQwsIYOR4weTObAT7JvS - MrLLhGFK5lcMa1LkpJRZxX4XmrMTDQXWLasMsrbnqvRuFK9QYXAtgmCQLWKvvjIwSYjypqhuFTLi - nQnJ87sfNZNFA6/jdY7etb0AE5hJWH9dlVS1j2ByPSs8kWO18Pq+un29fx/tNrT6jSeXOEq1zGqV - 17b2m6HmhxxuJ6O6NNBI1F6vEpZU3SpX+rj2ZppX0M00donNeKDYgaqTrYoShz1pmyw8lL/b4HyS - N//2WKZVVdLk80bIFNucYch8NgWQrKzMHFLHucPxHj2nwIRckAEiTcpwaGV4O0Aak7J51GNvSd0n - +dw9n8fsbK1WyJhJjN4KbpWOg96LXv+aIEQEc5XwfK6MjYfBMPBntcyF882P+uE5SrOzU7rOsLGw - d2rZtep+4XPms7PQWPZ3xbUFzUYyw+oqEKsHBI5P/mR7FZYuO0243PJhDdn1NTsFrAlyBNf7H0bu - 8bF+tHmhTXNp0nIiLFYviToe4AoVMepj7JqdoY5uhBXbxfEuCp114lWygF4hrIae0pmfZKI7FZJO - iQ493L+mxe5t6XNS2A+CjZblTS1YnJwIK3B+o6L28dPe3BY5yW3SgxuXIFIW4W8MWZVzBHNF/1y4 - qA5ACp4Tc05BLwSOz1320/FaQ4c9y+2vu6hmpxf8vAVRVL+Ht+MCOgSWGxPZfcjsYGwv+q+eiEwj - 7ZAZPB6ZwX8i8/+h8i8AAAD//+xZbWvbMBD+K2JQaMPsxI7tpIHSdbSDwlrKXjrovkS1nNgjsY1f - ki/78XtOkl/iLu0W2q6DkpDY0p18upfndOc/0Qqi6n3GYz/sf+HzSY9dwtHUaBktxPlpewh+iJ1R - KIet4eoTWmYd7vJ+aD6lmat47ttjz0UU9U4lYALLfiSMUglEfJiR7dPvAdir8AMb+Qlt99sZbr7j - z9jF9WmFa7XCY0Zio/DrchGjeKcMXiNEGw2hU+lUDQd0VKN2D+haSRIngHONg2aU9LlYRTmQP6Bk - OAKgz0i1cJgqa5Plps2TpgznC7Zq5AGqZ9rqQWN1UVs911bnRYH0mL9l6zDyQ4Zj7XwOdC2xGZZy - PCueM85QDPhgxJnFz/iM5Jie+H6QFsZHHs9LAPGUhQEX4FxxJDhT7Za1FHSRiHIRtLWzOV+VIpO2 - 54HkSp7hRTWP6Xk1bW2uAMoQ7Bis9D7RWycWLuWVlxsikI/RD3kYbmlbOVZJy9tF5EuTXUQyL2qL - fZUHIdKvNoUShcHaC0xkcuu982XK/YLoLxMWyRuGem0ViUBIgs9FkObKShgXpR8oYh3onxBKODBC - lr/xEsmYJpQfyev3uVhG8QHbP/i5xEmzSCa17/4WKp4eJpxdYcKRMOE8CBO75IE7MPE4aakJ+meC - Ce8VJp4BJpz/HCY8zfgATNztSVjbehKWs23CrSaojikyeJBsuFDDpEM6qEm7E9vq/EFd51db3UZY - d6A2yuJuOdXlOqy5yPVDKjRUTZaXyyWngvHNvTUQKZC6P0m2Y2lJPYBjuCP1rM7FkTvjzlBYt2Nn - 4N5CwNHo0LJtjyrZmghPuIcsIOueCEGuDspGBkN3Et8la56nBHK06L3tXNWCNFHHSjIThWtfXfZd - y7acwBoEQ1scev7Qd0eWP3aFGHBvZgXjY3EkV9kbnuzZH/BVfMaSx7qgMww1lJtlbqyhEcM2yftN - FW2kMiPlPCeNgV8iOl/kuDy9MjwzjUn+bp/45Uvc7Ta/fIm7HeuXLjFwR6gWrW7GtI8iV/pVC8UT - VWmqMayw6waAC/KzMkvSoH8DuPGpU6kDj96QYLaOZHqOftej+ziZhttXKHh+o/9LKPgFAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF8GYH0InpkBxXDZpchbINgObmlyTmAFlY2kXARpdSda0SpgSuiSAD - XBNBBvCJIHQJePstNa8ssyg/D9LWgY4yl0Jn+iFcYrxQll9CtRk8iFlwM4EWZSQWh+WDZyLgk2z5 - uRAXV8OY0FKXbPvBayL0YebqKOUmVgSlFpfmgAxG8it4DqGoxLEE4m/QVCZongHkc7g4qmYjFN1Q - DWDX1tbWAgAAAP//AwAkLIKsMCIAAA== + H4sIAAAAAAAAA7xX23LbNhD9FQwfOq1L8SbFkdnpdFxbTty6rispyYPj8cDkikRMASwA6lI7/95d + UpRiOcrE7jSjB+K2F5w9u1jdObAouUyd2NEgU9CQnggoUuNKPgXjmiSHKXdVCZpboaRxIRV2Cpa7 + Sc5lBoXK3Blog3uQDqHUYEDa1dmkMlZNJ6TwOgyCMPA0/F2BseNlCReaJ1Yk4LiOIPth2A9CnBgo + JjjNrS1N7PspTCCxqfqgPG4Lbozg0pNgfbRkfV4KP/KFMRX4rYJbWKL8+XgwGnfC3n4Xl2oXjBPf + OQZ9q0zCLWRKL5s7pDhDiSiIok7Q74QH4yCIozDuRV7YP/gxiIKAnCQjFh2v1TzTSZL3EYogWl97 + NUnBJFqUBByuHjIz5UXhslQYK2RiWSkgAaYmbK70rUfSiZJvdPFELyopKFy8uOYzbrn2ZwLmfu3W + xsHVVhh0w/4vRvwDP08x7NUUrRIt0OSYm1uKVXVjaRRPeGHAdRrBU7xXLes6uUDi6CRfnsEM0Nfg + o+tYgcwqkSVOLCu8o7NFk26wayNsN0qtPuBVnxmJlXQdhzqybRxo8gl7Ntd9I4W1qMA4a9tE4d/r + s0ZN7JxrIrIR07IQ6HC6BQkGqqZfr7/o9Z/o7hdC1t5kHbBe8BLdiHqLqPf/WmloUZMUDYb7i3D/ + WxhctBa70aIbfQuLK+Z//PiYjlFLx4lYvG1qIAb58gqDnmUaMiwrj7iO7qiiarL8sySPXu7a6O/a + OHisvClpzSoVjLp6O3EnXNUxQkWLpPHj7tEacRUvbHJVFemxMGXBlytG4zLCa98idMTylQlu8aFo + CuzT87Ep35uC7TfqNGVbPTxSFSFYO/+OFoTMnNjqirxJNOBlKYUfF/DQOwiitoBvw7arzETrMrO9 + sQ54qYXSwi6feeFW3K9fga+v42LKMzA+SZhWicCFXGS5Z2bZpmC9xpW2skXOY+5G3fYqBb8Bqk1E + 2+33en8HEOEujoZ9QiTnZlCK5EzI2xPaOYaSeguZtByqmTWv99YrUskBthb8poAhcNPwUq9GzsXZ + m1en59dnp0eD89HgejAc/jnE+2FyGYQED4xzYBdYhKVlZJcJw5QslgwTWhSklFnFfhOaswsNU8xo + VhlkmPe5xA4xoZzgXgRBX36Ina10RtAzIXmB4cR4bNKM9rbXVp3RCt6a5wV611YJjGwmYX26Kilt + v4LJTRPzTPI1wuvH72Hf8TQ+bvj2K09usRVsKdcqb2wdrbqt/+Rw27I1OYNGovatljCn7FaF0ueN + NzdFBZ1MY83aNCyKHasm2GpaYrMq7SoKX4rpQ3Dey09/hyzTqiqpJTsRMsWSZBgyn90ASFZWJoe0 + 5tzp8JC+N8CEnJEBIlLKsOlm+G5AGpOyPPLYK1L3Xu7V372YXa7VChmzCSKSx4HX9YJ7Qg/BK1TC + i1wZG/eDfuBPmuPXtVt++OIK5djlCJKKag17reYdqz4ve8V8dhkay/6quLag2UBmmFdTROkLAucX + f7DDCpOWjRIudxxswLq/ZyPsAGtHcHz0dlB/3jWfNiI0WT2kNBwLi3lLojUDcISKGJU2ds8uUUcn + wlLUCffD8KC2ToySs9ST2DR7mZr5s6qQyDGLNcB/eP6KVPSCBkuSS+bgTYXV4Cmd+ZiInMgpsPGj + BPbxqJfbaUFydSjwWweD9AwhqwqOqC3o/0/t/jFIwQsixwj0DP/msA77/oQEXfZdYX9C4Rde9MMO + 0FDpIT7EM3AJj7qhZPeE416LYrxXA0FrbO+4AnaMrMLFEZTWY+FLl1ENYQ8p2/7y0Ftz9v2/AAAA + ///sWd9P2zAQ/lciJCaoSJqkTYFOiFViSDwwIabxwF4wdkozNXWUH2US9H/fd7Zj0rCwjSHEAxIq + Sc4+X+7On7+70P3Ae/mXqPOxH+6HyILekdrq2IU/pEMgCGP/OM/Zws/271776Zd2ekgtCL7jn/us + KGNNJIxS8X95tu753ldZ5fDjcTKPscVj7esPN+VHlVSNgUcP0NMDRNhlJTDJbGkvkX0mlkkB+AIL + iMIRUGlKXka61EcPRe9KKb9ycD46ZCpqMnMi5iboxhAKurBBL0zQb2eEaAz6FjcO2CyHHEcrz9mU + VqKDFFCTVaUHz1886D+VoprHBrrWRTVdHjfyCCPOFPETtRhSeObAihsKMHKG2XiInFQbcdx25k7j + QQEC0iHIl7FLR0zCHw/U0ilb0qHYiBIh15h+KLlwO+Ec+saA/et5wk0ETxOF9SaA39ThTj43kdFv + 5cjcmUOQezbyJ2nGeElzvkgnUTcO6pNlImKxlkvn2FFgPFj6XzLETM0kAT0l+BYTabLYdra271Mk + cCnHSNrHfDno4svBsEmByhxUQPFzqiDaQ6MOHX6noIuD+paD1i/bNdDWTWs0rn3Ut2fZooqVJeMz + Ogo1XyiqNGVEZja6zmfyHRUlMn8m46Eddcg4p7LnRBxEUzYciOB6b+hH17Btd3c/CMMRrWMHYYUn + hsUU2IkQlPUY+WCDawrfT/KWFRmBIil9smWh3B17oFdqmAc+VZfNURAGwzjw40Eo9kd8wKPdgO9F + QvhsNA3ivUNxoLRsDiab4TH+9Dw3ZQvDNlxXPyq8qnBv4RE39GCi8PTOIpe5GWMFeQzzFXCjfsDl + 0Zk78rIF2d9uf7x9i9v9k7dvcbv/8tYtBhYJ3ccwNUKTjpyZdiLtJ2Jdureg8ewSzBTDP1e5zOL+ + JZCGU2VtNh51ASG1O5nWMU1RU17kBmnfoeD1g/4OBa9h8TsUdEKBZRww8UbvuDv6gGCufeiVJTPf + RdoMpKsN6ds2ZFtgm3ptgWVo8WKZ5HKh2YzpcVTmA5i+/StLZao13NWXBuyeAXCNb3f9Wu/ORsp+ + nsdFNSfFjbVVRykvJ6W2YynLl2s6a2VWKdaaseJCqoZc3fmmVjq1uWhJa8i6teGauWaCcs9qtfoF + AAD//wMAej/yCm8dAAA= headers: - ATL-TraceId: - - e00e840db1da8f21 - Connection: - - keep-alive + Atl-Traceid: + - c18aa023a42b330b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0a71783e-acef-4481-b0d8-d3a70bb7cb35 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '221' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 867852ba-5aea-4910-9725-aa945d65cf37 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1615,93 +1364,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11106 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11801 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxQxx1mAwFJ6FNKTVO8oEwzFlayxekO83dyTYN/Pfu - niQbCKaE1HzQve3bs8/uHV89WJVcpl7saZApaEjfCMhT05G8ANMxyRwK3lElaG6FkqYDqbAFWN5J - 5lxmkKusswBtcA/SMZQaDEhbn/U6niDNYRgGOzgxkM9wOre2NLHvpzCDxKbqi+pxm3NjBJc9CdZH - HdbnpfAjXxhTgd8quIBLlD+ajE4m3VfhS1yZOWe9+Ktn0GhlEm4hU/qydi7FGQpEQRR2g0E3Gk7C - KO7vxP2gNxj0fwmiICAfyYa9LMGpeaKPJO+HQRBE66ibSQom0aIkRHB1j5mC53mHpcJYIRPLSgEJ - MDVjS6UveiSdKPlB54/xwkBSafAXApZ8wS3Xr434B3YLTFJVPKuXDtPdMOiHw2Y6QUd3NyF3PEo0 - 2ppwc0E5qqaWRvGM5wY6XqvDi52S645nBRKjxCR7sawwEq/U6gu690T0GmmHnctGix1NbiR84+kH - KaxFBcSvRpqC+sOdNWpml1xTYEYUZS6QIemdaBBcR5nBcDUYPsbdBubGWIN0KQhY/N3EeRAQK6PB - Kho8WbFLoWPJM9N8H7AV7qzCnR+ztWqNNYMHrPWjVT/6MWsNOU072Grt+prqe/Wx7i6YsdMzzGCW - aciwrr+hIXJK5VVdZvVKUhmrCtciztFC9HLbxvBbHXXrqFepMF378+JuiFNusSvWTef7+V53tHUP - 82ttmsjshvuqophC6kufaEHIzIutruC6aVWkTIukjvTrN2vkGB41c1Xl6YEwZc4vmwLAZfTKfsR2 - QUXRgKEBY6Wqu69Phi+HbZ+8i1qwDc5w20a0baO/6SVCaWEvnwhuK+67Lvz4PioKnoHxScK0SgQu - zEU275lFtmk+73Cl7VKR5wCdArUTIuedsKgu74033MbEcEiBz7kZlSJ5L+SFu4wPoKS7WSZtHl12 - l25vvSKVHOHVzKc5jIGbmhu6GXnH7z+8PTw6f3+4Pzo6GZ2PxuO/xhgGlpDByPHAZA7sGPumtIzs - MmGYkvklw5oUOSllVrHfhebsWEOBdcsqg6ztuSq9G8UrVBhciSAYZIvYq68MTBKivCmqW4WMeGdC - 8vzuoeZl0cDrmJ6jd20vwARmEtanq5Kq9hFMrt8KT+RYLby+r25f799Huw2tfuPJBT6lWma1ymtb - +82j5occbl9GdWmgkai9XiUsqbpVrvRR7c00r6Cbaewbm+eBYgeqTrYqSnzsSdtk4aH83Qbns7z5 - t8cyraqSXj5vhEyxzRmGzGdTAMnKyswhdZw7HO/RdwpMyAUZINKkDB+tDG8HSGNSNo967C2p+yyf - u+/zmJ2u1QoZM4nRW8Gt0nHQe9HrXxGEiGCuEp7PlbHxMBgG/qyWOXe++VE/PENpdnpC1xk2FvZO - LbtW3S98xnx2GhrL/q64tqDZSGZYXQVi9YDA0fGfbK/C0mUnCZdbDtaQXV2xE8CaIEdwvP9x5D6f - 6k+bF5o0lyYNJ8Ji9ZKo4wGOUBGjPsau2Cnq6EZYsV183kWhs068ShbQK4TV0FM685NMdKdC0irR - oYfz1zTYvS19Rgr7QbDRsrypBYuTE2EFvt+oqH082pvbIie5TXpw4hJEyiL8jSGrco5gruifCxfV - AUjBc2LOCeiFwOdzl/10tNbQYc9y++suqtnpBT9vQRTV7+F9uYAOgeWeiew+ZHYwthf9V09EppF2 - yAwej8zgP5H5/1D5FwAA///sWW1r2zAQ/itiUGjD7MSO7aSB0nW0g8Jayl466L5EtZzYI7GNX5Iv - +/F7TpJf4i7tFtqug5KQ2NKdfLqX53TnP9EKoup9xmM/7H/h80mPXcLR1GgZLcT5aXsIfoidUSiH - reHqE1pmHe7yfmg+pZmreO7bY89FFPVOJWACy34kjFIJRHyYke3T7wHYq/ADG/kJbffbGW6+48/Y - xfVphWu1wmNGYqPw63IRo3inDF4jRBsNoVPpVA0HdFSjdg/oWkkSJ4BzjYNmlPS5WEU5kD+gZDgC - oM9ItXCYKmuT5abNk6YM5wu2auQBqmfa6kFjdVFbPddW50WB9Ji/Zesw8kOGg+58DnQtsRmWcjwr - njPOUAz4YMSZxc/4jOSYnvh+kBbGRx7PSwDxlIUBF+BccSQ4U+2WtRR0kYhyEbS1szlflSKTtueB - 5Eqe4UU1j+l5NW1trgDKEOwYrPQ+0VsnFi7llZcbIpCP0Q95GG5pWzlWScvbReRLk11EMi9qi32V - ByHSrzaFEoXB2gtMZHLrvfNlyv2C6C8TFskbhnptFYlASILPRZDmykoYF6UfKGId6J8QSjgwQpa/ - 8RLJmCaUH8nr97lYRvEB2z/4ucRJs0gmte/+FiqeHiacXWHCkTDhPAgTu+SBOzDxOGmpCfpnggnv - FSaeASac/xwmPM34AEzc7UlY23oSlrNtwq0mqI4pMniQbLhQC6VDOqhJuxN1nV/taBvhtrp/UHeg - NsribjnV5Tqsucj1Qyo0VE2Wl8slp4Lxzb01ECmQuj9JtmNpST2AY7gj9azOxZE7485QWLdjZ+De - QsDR6NCybY8q2ZoIT7iHLCDrnghBrg7KRgZDdxLfJWuepwRytOi97VzVgjRRx0oyE4VrX132Xcu2 - nMAaBENbHHr+0HdHlj92hRhwb2YF42NxJFfZG57s2R/wVXzGkse6oDMMNZSbZW6soRHDNsn7TRVt - pDIj5TwnjYFfIjpf5Lg8vTI8M41J/m6f+OVL3O02v3yJux3rly4xcEeopq1uxrSPIlf6VQvFE1Vp - qjGssOsGgAvyszJL0qB/AxzyqVOpA4/ekGC2jmR6jn7Xo/s4mYbbVyh4fqP/Syj4BQAA//8i18Wj - RQGtXUyHogAAAAD//4IVBfBmB9CJ6ZAcVw2aXIWyDYDm5pck5gBZWNpFwEaXUnWtEqYErokgA1wT - QQbwiSB0CXj7LTWvLLMoPw/S1oGOMpdCZ/ohXKK8kJ8LMaEaxoSWgmSUfEhrFPRh5uoo5SZWBKUW - l+aADEayGzymX1TiWAJxR1l+CdVmEiFmwc0EWpWRWByWD54RgU3/gaYyQfMMIBvh7kB1rBGKa6Ea - wKFTW1sLAAAA//8DALrPXQwwIgAA + H4sIAAAAAAAAA7xX23LbNhD9FQwfOq1L8SbFkdnpdFxbTty6rispyYPj8cDkikRMASwA6tLY/95d + UpRiOcrE7jSjB+K2F+yePVh9dGBRcpk6saNBpqAhPRFQpMaVfArGNUkOU+6qEjS3QknjQirsFCx3 + k5zLDAqVuTPQBvcgHUKpwYC0q7NJZayaTkjhdRgEYeBp+LsCY8fLEi40T6xIwHEdQfbDsB+EODFQ + THCaW1ua2PdTmEBiU/VBedwW3BjBpSfB+mjJ+rwUfuQLYyrwWwW3sET58/FgNO6Evf0uLtUuGCf+ + 6Bj0rTIJt5ApvWzukOIMJaIgijpBvxMejIMgjsK4F3lh/+DHIAoCcpKMWHS8VvNMJ0nex1AE0fra + q0kKJtGipMDh6iEzU14ULkuFsUImlpUCEmBqwuZK33oknSj5RhdP9KKSgtLFi2s+45ZrfyZg7tdu + bRxcbYVBN+z/YsQ/8PMU015N0SrBAk2OubmlXFU3lkbxhBcGXKcRPMV71bKukwsEjk7y5RnMAH0N + 7l3HCkRWiShxYlnhHZ0tmHSDXRthu1Fq9QGv+sxMrKTrPNSZbfNAk0/Qs7nuGymsRQXGWdsmCP9e + nzVqYudcE5CNmJaFQIfTrZBgomr49fqLXv+J7n4hZe1N1gnrBS/Rjai3iHr/r5UGFjVI0WC4vwj3 + v4XBRWuxGy260bewuEL+/f1jOEYtHCdi8bbhQEzy5RUmPcs0ZEgrj7CO7qiiaqr8syCPXu7a6O/a + OHisvKG0ZpUIo2ZvJ+6EOOUWSb0hw6fXTkO1G3L1G3WaKqMeHqmKbhsSYb6jBSEzJ7a6gvsVh5I2 + LZImBh8frZFneNTkqirSY2HKgi9X1YTL6JZ9i2mjCltFQwNelkr4MYGH3kEQtQS+HbZdNBOtaWZ7 + Y53w7Y3uhpiE0sIunxndVtyvn4evJ3gx5RkYnyRMq0TgQi6y3DOzbMNkr3GlpbzIqQN6A8RNBNvt + 93p/x33DXRgN+3TxnJtBKZIzIW9PaOcYSuotZNLmsc7uvN5br0glB9ha8JsChsBNgw29GjkXZ29e + nZ5fn50eDc5Hg+vBcPjnEK+BxWXw5nhgnAO7QBKWlpFdJgxTslgyLGhRkFJmFftNaM4uNEyxolll + ELXe5wo7xIJygjsRBH35IXaaFwuThFHeVNWDEsd4Z0LyYvvQqjNahbdGeoHetSyBCcwkrE9XJZXt + VyC5aWKeibFGeP34Pew7nga7Dax+5ckttoItslrlja2jVbf1nxxuW7amNNBI1L7VEuZU3apQ+rzx + 5qaooJNp5I1Nw6LYsWqSraYlNqvSrrLwpfw9DM57+envkGVaVSW1ZCdCpkhzhiHy2Q2AZGVlckhr + zJ0OD+l7A0zIGRkg0KQMm26G7wakMSnLI4+9InXv5V793YvZ5VqtkDGbYETyOPC6XnBH0cPgFSrh + Ra6MjftBP/AnzfHr2i0/fHGFcuxyBElFlMJeq3nHqs/LXjGfXYbGsr8qri1oNpAZ1tUUo/QFgfOL + P9hhhUXLRgmXOw42wbq7YyPsAGtHcHz0dlB/3jWfNiM0WT2kNBwLi3VLojUCcISKGDEYu2OXqKMT + IRV1wv0wPKitE6LkLPUkNs1epmb+rCokYswiB/gPz1+Ril7QxJLkkjl4U2E1eEpnPhYiJ3AKbPyo + gH086uV2WpBcnQr81skgPUPIqoJj1Bb0/6d2/xik4AWBYwR6hn9zWId9f0KCLvuusD+h8Asv+mFH + 0FDpIT6GM3ApHnVDye4ojnttFOO9OhC0xvaOK2DHiCpcHEFpPRa+dBlxCHsI2faXh94as+//BQAA + ///sWVtP2zAU/isREhNUJE3SpkAnxCoxJB6YENN4YC8YO6WZmjrKpUyC/vd9x3ZMGha2MYR4QEIl + ybGPT87lO5fQ/cB7+Zeo/bEf7ofwgt6RCnVE4Q/pEAhC2D/uc7bws/271376pZ0eXAuE7/jnPsvK + OBMOo1j8n5+ta773VVY59HiczGOEeKx1/eGm/KicqrHw6AF6eoAIe6wEJpmQ9hLZZ2KZFIAvJPso + HAGVpqRluEudesh6V4r5lYP86JCo6MlMRsyN0Y0gZHRhjV4Yo9/OCNEY+C1uHFSzHHSkVp6zKZ1E + iRRQk1WlB81fPPA/laKaxwa61kl1uTxu+BFWnKliUtRkUKGZA0tuMMDKGXbjIXxSBeK4rcydxoMC + BUgHIV/GLqWYhD9eqKlTtqSk2LASIdeYfsi5cDvhHPzGgP3recKNBU8ThfXGgN9UciedG8vot3Jk + 7sxByD1r+ZM0Y7ykPV+kk6gbB/3JMhGxWPOlc0QUKh4c/S8eYrZmkoCeHHyLiTRZbDtb2/cpHLiU + Yzjt43o56KqXg2EXIaoJlGPLHDWCagaovG8t9e3SNsHWoPU7dS3sqkl92zetlWztVN/eZZsqVpaM + zygV6nqhqNKUUTGz0ZWfSXfUlMj8mRUPRdQh45xaqRNxEE3ZcCCC672hH11Dtt3d/SAMR3SOXYQT + nlgWk2EnQpDXY+WDDK5pfD/JW1ZkBIrE9MmRhbJD7KG8Uss81FN12xwFYTCMAz8ehGJ/xAc82g34 + XiSEz0bTIN47FAeKy+Zgshke40/vc1O2MNWG6+pHhVcV7i004oYeRBSejixSmZsxVpDGsF8BN/oH + XB6duSMvW5D87fHH25e4PT95+xK35y9vXWJAjtCzBNMjNMuRMzNOpHiiqkvPKzRsXaIyxfLPVS6z + uH8JCOLUQJvAoykgqDaS6RwzFDXtRW6Q9h0KXt/o71DwGhK/Q0EnFNiKAyLe6Ii7ow8I5toHX1ky + 812kXYF0jSH9rjGkb8eQbYKt0OLFMsnlQlczZsZRmQ9g+vavJJWp5nBXXxqwewbANb7d9Wu+Oxsp + +3keF9WcGDfOVhOlvJyUWo6lLF9ukK2ZWaY4a8aKC6kGcvX0mUbpNOaiI60g69KGa+KaDUo9q9Xq + FwAAAP//AwAwpY5ubx0AAA== headers: - ATL-TraceId: - - 7ee446488fc51faf - Connection: - - keep-alive + Atl-Traceid: + - 94ce10925e2659fd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - eda13e7e-d684-4499-81dd-7b449b796015 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '231' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5334dd4b-ec70-476d-83b4-d0896ee525e0 - x-envoy-upstream-service-time: - - '132' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml index 03e088cec63..12d036d64e9 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPzWrDMBCE32WvtZ2V7FipbqU9tKWkhTinEookr6mLLBlbLoSQd69EQ39gD8Ps - NzvsCbSaaT9ZkPAewjjL1aqljkxo/YcvVLBqnnvlCkcBMvikae69izBDZAUWmO+2Ny+7++fmd7td - Bh0VyNcEZZjhIYOWRuuPA7nQHEeKB26tX9oY0ktv2+8IyBRYi4t5p0ICOXKWY5Vz0bBKIpNlVSDi - FXLEmJ9pir1NP/xjNw3jsqzjFLy+/mHN8OA6H0HBN6Jed1qZkkpFNZquFrVutRLYGURVVUJoKv8U - BJsaHvtJQXqnU4sNT96oZJ/AXhSQe9vv4Hz+AgAA//8DAMfVH1RaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRNsJImpUmFZdn/boqLH7fhneeZ + lzlBq4LezxYkvMc4BbnZ9NroLvb+wxMVrQphUI44HSGDTz2HwbsEU0RKkGC+29687O6fm9/tdhnb + NIF8XaEMMzxk0OvJ+uOoXWyOk04Hbq1f+iS1y2D7bwVkEhhWl/BOxRVkyFiOdU5Fg7VEIVlFEPEq + kZj8oOfU2wzjP/a6QZSMypKTmhc/bDc+OOMTyEsqTGGMKUTNGMeiRiwrxTjtFPa8E6LUWPC/BdGu + DY/DrGB9x6jFxiffqTU+gb1MoN3bfgfn8xcAAAD//wMAqt2GGFoBAAA= headers: - ATL-TraceId: - - 42691d8f5fb600cf - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 544b499685f74169 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8e02ba69-1c42-4d27-9210-3f41479a47f6 - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 69e5a2ceaa73ae29 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a0d044a1-a94e-4f50-b935-f3317b27e98f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 071bb074-d563-4072-ba35-8c3adec6be8d - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - ff6d09cfb00a00b9 - Connection: - - keep-alive + Atl-Traceid: + - 78d7a5952137e8d4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 471aab56-dcd6-448b-8428-a073b9df4f5e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '183' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7414036b-b31b-4575-a87f-7e2582e926c8 - x-envoy-upstream-service-time: - - '95' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/234] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/16] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2870]\n*Defect Dojo - link:* http://localhost:8080/finding/2870 (2870)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2869]\n*Defect - Dojo link:* http://localhost:8080/finding/2869 (2869)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '3308' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11107","key":"NTEST-918","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11107"}' + string: '{"id":"11802","key":"NTEST-1464","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11802"}' headers: - ATL-TraceId: - - 04ff73dd36e23a70 - Connection: - - keep-alive + Atl-Traceid: + - a4a5988e193721fe + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - badbb84a-0359-4b85-9036-1a636712ff92 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '525' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8a570c30-9d10-49c1-bdf3-92d5a0006c7a - x-envoy-upstream-service-time: - - '420' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-918 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1464 response: body: string: !!binary | - H4sIAAAAAAAAA6xXW1PbRhT+Kzt6yLSprZsdcNRhMhSchJZSapzkgTDMWjrIG+Rdze7KNg38956z - kmwuMSWk5kF7O7fvfOfs8tWDZcll5iWeBpmBhuytgCIzHclnYDomncKMd1QJmluhpOlAJuwMLO+k - Uy5zKFTemYM2uAfZCEoNBqStz3odT5DmKIrCbZwYKC5wOrW2NEkQZHABqc3UF+VzW3BjBJe+BBug - DhvwUgRxIIypIGgVXMIVyh+Nhyfj7utogCsXzlkv+eoZNFqZlFvIlb6qnctwhgJxGEfdsN+NB+Mo - TnpbSW/bj+LeL2EchuQj2bBXJTg1z/SR5IMoDMN4FXUzycCkWpSECK7uMjPjRdFhmTBWyNSyUkAK - TF2whdKXPkmnSn7QxVO8MJBWGoK5gAWfc8v1GyP+gZ0ZJqmavaiXDrKdKOxFg2Y6Rkd31iF3PEo0 - 2hpzc0k5qiaWRskFLwx0vFaHlzglNx3PCiRGiUn2EllhJF6p1Rd075noNdIOO5eNFjua3Er42tMP - UliLCohfjTQF9Yc7a9SFXXBNgRkxKwuBDMnuRYPgOsr0B8v+4CnuNjA3xhqkS0HA4u82zn3H07i/ - jPvPVuxS6FjywjTfR2xFW8to68dsLVtjzeARa7142Yt/zFpDTtMONlq7uaH6Xn6suwtm7PQMM5jn - GnKs6wc0RE6poqrLrF5JK2PVzLWIc7QQb2/aGDzUUbeOepUK07U/L+lGHQ/DtB+x4ohXzQFusU/W - bej7K6DucauuFtTaNNHbDfdURVFG1Kk+0YKQuZdYXcFN07xImRZpHfvXB2vkGB41U1UV2b4wZcGv - mpLA5VQDxkpV97BPbvmDeLvtk/dRCzfBGW3aiDdt9Na9RCgt7NUzoWzFA9eFn95HxYznYAKSMK0S - gQtTkU99M8/Xzec9rrRdKvZuiA0ToHZC5LwXFtXlN+ONNjER7zQMfMrNsBTpoZCX7jLeh5LuZpm2 - WXO5XLi91YpUcohXM58UMAJuaiboZuQdH354d3B0fniwNzw6GZ4PR6O/RhgGlpDByPHAeArsGPum - tIzsMmGYksUVw5oUBSllVrHfhebsWMMM65ZVBjnquyq9H8VrVBheizDsT3uJV18ZmCREeV1UdwoZ - 8c6F5MX9Q83LooHX8bpA79pegAnMJaxOVyVV7ROYXL8VnsmxWnh1X9293r+Pdmta/cbTS3xKtcxq - lde29ppHzQ853L6M6tJAI3F7vUpYUHWrQumj2ptJUUE319gl1s8DxfZVnWw1K/GxJ22Thcfydxec - z/L23y7LtapKevm8FTLDpmYYMp9NACQrKzOFzHHuYLRL3wkwIedkgEiTMXy0MrwdIEtI2TT22TtS - 91m+dN+XCTtdqRUyYRKjt4JbpZPQf+X3rglCRLBQKS+mythkEA7C4KKWOXe+BXGvf4bS7PSErjNs - LOy9WnSt+rbwGQvYaWQs+7vi2oJmQ5ljdc0Qq0cEjo7/ZLsVli47SbnccLCG7PqanQDWBDmC472P - Q/f5VH/avNCkuTRpOBYWq5dEHQ9whIoY9TF2zU5RRzfGiu3i8y6OnHXiVToHfyasBl/pPEhz0Z0I - SatEBx/nb2iwc1f6jBT2wnCtZXFbCxYnJ8IKfL9RUQd41J/aWUFy6/TgxCWIlMX4G0FeFRzBXNI/ - Fy6qfZCCF8ScE9Bzgc/nLvvpaKWhw14U9tcdVLPlhz9vQBTV7+LtOIcOgeWeiexbyGxhbK96r5+J - TCPtkOk/HZn+fyLz/6HyLwAAAP//7FnrT9swEP9XrElIUC1pk7bpQ0KMCSYhDYT2YBL7UhO7TaY2 - ifIoX/jj9zvbeRAobBUwJqFWbeK7c873+Nl3+ROrIKs+pjzyg+43vph22BkCTY8W4VKcHDWHEIdY - GaVy0BguP4FjV+mu7vv2c7q5zOeuOx5RFnWOFGACy37FjLYSqPi4INul3z2Il+kHMYoTWu6PY9z8 - xJ+1TejTDBd6hqfMxNrgF8UyQvFOO3iFEE00hE1VUNUSsFGF2h2ga6lJFAPODQ7aYdzlYh1mQH5J - m+EIgD4n0yJgyl2bPDernzRjOF+wda0PUD01Xpe110Xl9cx4nec5tsfsPbsOQj9gONYuFkDXAoth - CcezogXjDMWAD0GcWfyUz0mP2aHvyyS3PvNoUQCIZyyQXEByzbHB2Xq1rGGg01gUS9m0zm16WYpM - m5EHlnN1YhclHeRFSXZuzwDOAOIYLO0+NUsnEa70VZe3VKAYox+KMNzSsjLMkhRXy9BXLjsN1b5o - PPZdHYTIvsYVWhUGby9BSNXSOyerhPs58Z/FLFQ3DPXaOhRSKIavuUwy7SWMi8KXmtkk+hekEg6M - 0OVvokQJJjHtjxT1u1yswmiP7e7drHDSzONpFbv3QsWzw4Q32RImvAnBhDd5FCa22QfuwMTTbEt1 - 0r8QTHhvMPECMDH4z2HCM4KPwMTdnoSzqSfhDDYRhiWB6pg8RQSp9go1TFqsvYq1TdhU5/eqOr9c - 6ibGqgPVJkzurZfbdZYK/YAKDV2TZcVqxalgfPdgDUQGpO5PnG5ZWlIP4ADhSB2qE7E/nPNBXzhX - 40FveAXtR6OJ47oeVbIVE57wAJsk7x4KQaEOzloHy3QSP8TXPEsI5GjSB9u5ugVpo45VbDYK166+ - 7A4d1xlIpyf7rph4ft8fjhx/PBSix725I8cHYl/NstM/3HE/4avlrBWPTEFnWXoos4vMuoZFLNem - 6Ld1tpHJrITzjCwGeYXofJnh8ujc8uwkIv3bfeLXr3G72/z6NW53rF+7xsAdoVu0phnTPIqcm1ct - lE9Upek2sMauSwAu2I+LNE5k9xJw41On0iQevSEBtcpkeo5512P6OKmB2zcoeHmn/0so+A0AAP// - ItfFo0UBrV1Mh6IAAAAA//+CFQXozQ5gO0qpuhakB9bsALo9HZIVq0GzrlC2AdDC/JLEHCALiym4 - JoIMcE0EGcAngtAl4O231LyyzKL8PEhbBzrKXAqd6YdwiXFpWX4J1ebrIGbBzQRalJFYHJYPnomA - T7Ll50JcXA1jQktdsu0Hr4nQh5mro5SbWBGUWlyaAzIYya/gOYSiEscSiL9BU5mgeQaQz+HiqJqN - UHRDNYBdW1tbCwAAAP//AwDHtLs2MCIAAA== + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dNpU4iVFUdjJdFxbSdy6risryYPj8cDkikIMAgwA6mic/95d + UpTiQ5nYncZ+IK49sN+3i9UnD5YlV5mXeAZUBgaylwJkZjuKF2A7Np1BwTu6BMOd0Mp2IBOuAMc7 + 6YyrHKTOO3MwFvcgG0NpwIJy67NpZZ0upqTwIgrDKPQNfKzAusmqhBPDUydS8DqeIPtRNAxjnFiQ + U5zOnCttEgQZTCF1mf6gfe4kt1Zw5StwAVpyAS9FEAfC2gqCVsEVrFD+eDI6nXSj/qCPS7UL1ks+ + eRZ9q2zKHeTarJo7ZDhDiTiM42447EbPJ2GYxFHSf+YPe9HPYRyG5CQZceh4reaRTpJ8gKGoHW2u + vZ5kYFMjSgocru4xW3ApOywT1gmVOlYKSIHpKVtoc+WTdKrVGyMf6EWlBMHF5QWfc8dNMBewCGq3 + tg6ut6KwFw1/teIfeFEg7FWBVokWaHLC7RVhVV06GiVTLi10vEbwEO9Vy3a8mUDimHS2OoI5oK/h + 547nBDKrRJZ4iarwjt4tmvTCXRtRu1Ea/QGv+kgk1tI1DjWyLQ40+YI92+u+UcI5VGC9jW2i8B/1 + WaunbsENEdmKopQCHc5uhQSBqunXHy77wwe6+xXI2ptsAOuHz9CNuL+M+/+vlYYWNUnRYDRYRoPv + YXDZWuzFy178PSyumf/58106xi0dp2L5tqmBCPLZOYKe5wZyLCt3uI7uaFk1WX4vyeNnuzaGuzae + 31XelLRmlQpGXb29pBvhlDss6k0xfHjuNKV2W1yDRp2hzKiH+7qi20ZUMN/RglC5lzhTAUYQlbq3 + GHTKj8a5Wh/pNyJtovLpzhr5isJ2piuZHQhbSr5a5xehYgAvSyl8XwF/GvXbAn47bLvKTLwpM7c3 + NoCXRmgj3OqRQWzFg/oV+PY6Lgqegw1IwrZKBC7MRD7z7TzfFqzXuNJWtti7y924115F8kug2kS0 + vf1eD3YEItrF0WhIEZlxOypFeiTU1UvaOYCSeguVtqjVWC7qvc2K0mqErQW/lDAGbhsmmPXIOzl6 + 8+rw+OLocH90fDq6GI3Hf43xfphcFkOCByYzYCdYhJVjZJcJy7SSK4YJLSQpZU6z34Xh7MRAgRnN + Kous9e9L7AgTyguvRRgOlUm85sVC9DD826y6keIIRC4Ul7cPrTujdXhrXkv0rq0SiGyuYHO6Kilt + v4HJTRPzSPI1wpvH72bf8TA+bvn2G0+vsBVsKdcqb2ztr7ut/+Rw27I1OYNG4vatVrCg7NZSm+PG + m0tZQTc3WCW2DYtmB7oBWxclNqvKrVH4Gn43g/Neffm/x3Kjq5JaspdCZVjmLEPms0sAxcrKziCr + OXc43qPvJTCh5mSASJMxbLoZvhuQJaRsFvvsFal7r57U3ycJO9uoFSphCm/vBHfaJKH/1O9dUwgx + glKnXM60dckwHIbBtJG5qH0LosE5CrOzU0grKjjstV50nb5f9pwF7Cyyjv1dcePAsJHKMbkKDNVX + BI5P/mR7FWYuO0252nGwidj1NTvFNrB2BMf7b0f1513zaWGhyfo1peFEOExeEq1pgCNUxKi+sWt2 + hjq6MSZsF/vNOKqtE63UPPMVds5+rufBvJIKieawEAQ3z5+Til4YbuTSBfiFcAZ8bfIAs5ETQwV2 + f5TFAR71Z66QJLfFAyc1IqQsxr8x5JXkGL4l/Rqq73EASnBJVDkFM8cfPazLfjzeaOiwH6T75QWq + GfjhTztiiOr38DmcQ4fCUzeZ7L5YDPBuT3vPvzkW/wIAAP//7Flbb9owFP4r1qROgJpAQhIuU9Uh + sUqV1gmt2h66F0xsIBOQKBf60h+/7zhOuLTARlXEpAoESexjH5/LZ38nur+yhfP3tnAO2uK0dkDi + FMHVrSmb0DNW62eS9ZFxeHgvo9RkVuuSEb6yzXQuPlPLLPNZ3TfNt3RrkbB1u+MiTWp9BYjAqt8h + o60Cah+UYxX8VF8ywP7lsxpyDw2/8GcclQaYE1GkhnhdIm76oHYfZjGseRPMJIBQ5hb/OEk/cd/H + KtTlKujWBPsrwK4BWEs1QiC5xkAzCOtcLIMEoC9pH2wBy8dkdQRSsWGTT4erGYYMRwtG+oPO6sNE + rONBa0fxIMp4SHQ88DTFzphcssdp4E8ZTrSTCZA1A9SxiGOuxYRxBobgQxDHFT/mY9Jj2FMLNb7y + xSQDCA/ZVHIBySXH3mbmq2U/VwrdhSKbyfVtYrO94Cfd9ZhEl4E6vouiHc2TotnaHAE9pxDHQ0S5 + SvLuYccQunfph+ILt7SsBKNE2WgW+Nppd4HaFLXPfqhTEFlYOyNXhgFcZmiI9eIhdzuPuJ+SzLeQ + BeqGgcgtAyHFRjh9R1LhaIip/yUotGgU0mZIMV7hYh4sqqxSfZojhtOwW8bti6jx5ojhHIkYDiGG + 81rEOGqzeIYYx25X6w4+NWJ474hxAsRw/i/E8ErRA4jxvBRh7SpFWE7RQCwljREZqpxC5ZDtru6O + MRo7G3bR+0ZJ74vF7upYlqQ22PA2i9qWKutVKtanRDByKpZk8zknnvhhL/UhA1LRJ4yPZJRE/a8R + f1SquhVX7pg7TWGN2k7DHUHBVqtj2bZHBLbshBn2dJPk3Z4QFNvoudLB0IXFz+EjTyICRxp0b0lY + 2VyaoK+qmwm+WpQlXcu2HGk1ZNMWHc9v+m7L8tuuEA3ujS3ZvhZXapSLZu/CvsE3lzPmfKGJnGHk + jxIzS4xHWMSwTagozDy9yGRGxHlCFoO8AnA+S3DZHxieGS1I/+3y8vlrvF2fPn+Nt+vb564xAEnk + lVldg1k/lgz06xrKJ2JueT04B7UHkH50/5LFYSTrD4AbnyqXOvHoLQtay0ymefRLJ12+iTXcvkPB + kU7/AwAA//+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMCbHUAnpkNyXDVoghbKNgCam1+SCJ13Rm+G + 4JrmMYBP86BLwCdN0CXgzbTUvLLMovw8SJMGOoZcCl1gAOES5dL8XIgJ1TAmtLAjo4BDWhuhDzNX + Ryk3sSIotbg0B2Qwkt3gEfuiEscSiDvK8kuoN1EIMQxuKNCujMTisHzwhAdsLg80VQmaRgBZCXcI + qmuNUJwL1QAOntraWgAAAAD//wMAzS21S88iAAA= headers: - ATL-TraceId: - - 22c4a68429fa0937 - Connection: - - keep-alive + Atl-Traceid: + - d331f50ae53b2095 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9453eea7-0aaf-473f-b048-1e8986d947a3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '287' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d9ef06c3-496e-4620-9b54-77c9bcc1173e - x-envoy-upstream-service-time: - - '112' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11107 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11802 response: body: string: !!binary | - H4sIAAAAAAAAA6xXW1PbRhT+Kzt6yLSprZsdcNRhMhSchJZSapzkgTDMWjrIG+Rdze7KNg38956z - kmwuMSWk5kF7O7fvfOfs8tWDZcll5iWeBpmBhuytgCIzHclnYDomncKMd1QJmluhpOlAJuwMLO+k - Uy5zKFTemYM2uAfZCEoNBqStz3odT5DmKIrCbZwYKC5wOrW2NEkQZHABqc3UF+VzW3BjBJe+BBug - DhvwUgRxIIypIGgVXMIVyh+Nhyfj7utogCsXzlkv+eoZNFqZlFvIlb6qnctwhgJxGEfdsN+NB+Mo - TnpbSW/bj+LeL2EchuQj2bBXJTg1z/SR5IMoDMN4FXUzycCkWpSECK7uMjPjRdFhmTBWyNSyUkAK - TF2whdKXPkmnSn7QxVO8MJBWGoK5gAWfc8v1GyP+gZ0ZJqmavaiXDrKdKOxFg2Y6Rkd31iF3PEo0 - 2hpzc0k5qiaWRskFLwx0vFaHlzglNx3PCiRGiUn2EllhJF6p1Rd075noNdIOO5eNFjua3Er42tMP - UliLCohfjTQF9Yc7a9SFXXBNgRkxKwuBDMnuRYPgOsr0B8v+4CnuNjA3xhqkS0HA4u82zn3H07i/ - jPvPVuxS6FjywjTfR2xFW8to68dsLVtjzeARa7142Yt/zFpDTtMONlq7uaH6Xn6suwtm7PQMM5jn - GnKs6wc0RE6poqrLrF5JK2PVzLWIc7QQb2/aGDzUUbeOepUK07U/L+lGHQ/DtB+x4ohXzQFusU/W - bej7K6DucauuFtTaNNHbDfdURVFG1Kk+0YKQuZdYXcFN07xImRZpHfvXB2vkGB41U1UV2b4wZcGv - mpLA5VQDxkpV97BPbvmDeLvtk/dRCzfBGW3aiDdt9Na9RCgt7NUzoWzFA9eFn95HxYznYAKSMK0S - gQtTkU99M8/Xzec9rrRdKvZuiA0ToHZC5LwXFtXlN+ONNjER7zQMfMrNsBTpoZCX7jLeh5LuZpm2 - WXO5XLi91YpUcohXM58UMAJuaiboZuQdH354d3B0fniwNzw6GZ4PR6O/RhgGlpDByPHAeArsGPum - tIzsMmGYksUVw5oUBSllVrHfhebsWMMM65ZVBjnquyq9H8VrVBheizDsT3uJV18ZmCREeV1UdwoZ - 8c6F5MX9Q83LooHX8bpA79pegAnMJaxOVyVV7ROYXL8VnsmxWnh1X9293r+Pdmta/cbTS3xKtcxq - lde29ppHzQ853L6M6tJAI3F7vUpYUHWrQumj2ptJUUE319gl1s8DxfZVnWw1K/GxJ22Thcfydxec - z/L23y7LtapKevm8FTLDpmYYMp9NACQrKzOFzHHuYLRL3wkwIedkgEiTMXy0MrwdIEtI2TT22TtS - 91m+dN+XCTtdqRUyYRKjt4JbpZPQf+X3rglCRLBQKS+mythkEA7C4KKWOXe+BXGvf4bS7PSErjNs - LOy9WnSt+rbwGQvYaWQs+7vi2oJmQ5ljdc0Qq0cEjo7/ZLsVli47SbnccLCG7PqanQDWBDmC472P - Q/f5VH/avNCkuTRpOBYWq5dEHQ9whIoY9TF2zU5RRzfGiu3i8y6OnHXiVToHfyasBl/pPEhz0Z0I - SatEBx/nb2iwc1f6jBT2wnCtZXFbCxYnJ8IKfL9RUQd41J/aWUFy6/TgxCWIlMX4G0FeFRzBXNI/ - Fy6qfZCCF8ScE9Bzgc/nLvvpaKWhw14U9tcdVLPlhz9vQBTV7+LtOIcOgeWeiexbyGxhbK96r5+J - TCPtkOk/HZn+fyLz/6HyLwAAAP//7Fnra9swEP9XxKDQhtmJncR5QOk62kFhLWWPDrovUS0l9khs - 40f6pX/8fifJj6ZJuoW266AkJLZ0J5/u8Tvd+U+0gqj6mPLID9rf+GzcYhdwND1ahHNxdtIcgh9i - ZxTKQWO4/ASOXYW7uu/az2nmMp7b7nBAUdQ6UYAJLPsVM0olEPFxRrZPvwdgL8MPbOQntN0fp7j5 - iT9rF9enFa70Ck8ZibXCr4p5hOKdMniFEE00hE6VU9Uc0FGF2i2gaylJFAPODQ7aYdzmYhlmQH5J - yXAAQJ+SauEwZdYmy03qJ00YzhdsWcsDVE+N1WVtdVFZPTNW53mO9Ji9Z7dB6AcMx9rZDOhaYDMs - 4XhWNGOcoRjwwYgzi5/yKckxOfZ9meTWZx7NCgDxhAWSC3AuORKcrXfLGgo6j0Uxl03t3J8vS5Fx - 0/NAcqlO7KKcx/SsnHburwDKAOwYLPU+NlsnFq7kVZf3RCAfox/yMNzStjKskhQ389BXJjsPVV40 - FvuuDkKkX2MKLQqDteeYSNXWW2eLhPs50V/ELFQ3DPXaMhRSKIKvuUwybSWMi8KXmtgE+heEEg6M - kOVvvEQxJjHlR/L6fS4WYXTA9g/uFjhp5vG48t21UPHsMOGNdoQJb0Qw4Y0ehYld8sADmHiatFQH - /QvBhPcGEy8AE73/HCY8w/gITDzsSTibehJOr5ygciVP4Siqi0J9kVXS/oY1Ohsnqjq/3NEmwk11 - f6fqQCknDqhkWNtS6IzW1s+rdVdWLBacCsZ3W2sgUiB1f+J0x9KSegBHcEfqUJ2Jw/6U97rCuRn2 - Ov0bSDsYjBzX9aiSrYjwhC1kkqx7LAS5OihrGSzTSfwQ3/IsIZCjRbe2c3UL0kYdq8hsFK5tfdnu - O67Tk05Hdl0x8vyu3x84/rAvRId7U0cOj8ShWmWve7znfsJX81kLHpmCzrL0UGYXmXULjViuTd5v - 62gjlVkJ5xlpDPwK0fk8w+XJpeXZSUTyr/aJX7/Eq93m1y/xasf6tUsMQBK6RWuaMc2jyKV51ULx - RFWabgNrULsG4IL8tEjjRLavgUM+dSpN4NEbEsxWkUzPMe96TB8nNXD7BgUvb/R/CQW/AQAA//8i - 18WjRQGtXUyHogAAAAD//4IVBejNDGA7Sqm6FqQH1swAuj0dkhWrQbOuULYB0ML8ksQcIAuLKbgm - ggxwTQQZwCeC0CXg7bfUvLLMovw8SAsJOspcCp3ph3CJcml+LsSEahgTWgqSUfIhrVHQh5mro5Sb - WBGUWlyaAzIYyW7wmH5RiWMJxB1l+SVUmzeEmAU3E2hVRmJxWD54RgQ22QeaygTNM4BshLsD1bFG - KK6FagCHTm1tLQAAAP//AwC5m2L7MCIAAA== + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprJsdx1En06HgJLSUUuMkD4RhFulY3iLtqrsrYzfw33uO + LnYwOBPoNPAgaXfP/TvfHn9yYFlymTqxo0GmoCF9LSBPjSt5AcY1yRwK7qoSNLdCSeNCKmwBlrvJ + nMsMcpW5C9AG9yCdQKnBgLTt2aQyVhUzUngRBkEYeBr+rsDY6aqEE80TKxJwXEeQ/TAcBRF+GMhn + +Dm3tjSx76cwg8Sm6i/lcZtzYwSXngTroyXr81L4kS+MqcDvFFzBCuWPp+PTaS8cDAe4VLtgnPiT + Y9C3yiTcQqb0qokhxS+UiIIo6gWjXvhyGgRxFMaDF96oH/4YREFATpIRi47Xap7oJMn7mIra0Sbs + 9iMFk2hRUuJwdY+Zgue5y1JhrJCJZaWABJiasWulrzySTpR8p/NHelFJQeXi+QVfcMu1vxBw7ddu + bRxst8KgH45+NuIfeFVg2asCrRIs0OSUmyuqVXVp6S2e8dyA6zSChxhXLes6c4HA0cl8dQQLQF+D + W9exApFVIkqcWFYYo7MFk37QbZRa/YURPTHhrXSd7rqAXbrp4zOQbKJ6J4W1qMA4a9uE1N/qs0bN + 7DXXhFcjijIX6HC6FTnWo0bZYLQcjB7p7hcq00WyrssgeIFuRINlNPh/rTTVr7GIBsPhMhx+C4PL + zmI/Wvajb2GxBfjt7X04hrtwGnUbM7F833AgVv/sHNGQZRoypJV7WEc/VV41Xf6g1ujFro3Rro2X + 95U3lNasEmHU7O3EvdB1MGv2PWaEwNse4BZpvqHHx7dZQ74buvUbdZqaqH7dVxXFHxKFfqAFITMn + trqC25ZVSZsWSZOVT/fWyDM8auaqytMDYcqcr9rGo3JpwGCptx8i8OfhoCPw7bStaWZ7Y1fBo3XB + tzf6G8YSSgu7emIuO3G/vh6+nuBFwTMwPkmYTonAhbnI5p5ZZBuKe4srHRdGzi3B4RKItAi22/f1 + cEe84S6MhiMKfM7NuBTJkZBXr2nnAEqaLWTSVa2u5XW9t16RSo5xtOCXOUyAmwYJun1zTo7evTk8 + vjg63B8fn44vxpPJHxMMA5vLYOR4YDoHdoLsLC0ju0wYpmS+YtjpIielzCr2q9CcnWgosNVZZRCj + 3kMdH2JDOcGNCIKR1LHT3FhYJMzypqvutDjmOxOS59uH2smoTW+N6xy961gCC5hJWJ+uSmrbr0By + M8Q8EWON8PpWvDt3PA52G1j9wpMrHAU7ZHXKG1v77bT1nxzuRramNdBI1F3iEq6pu1Wu9HHjzWVe + QS/TyBKbgUWxA9UUWxUlDqvStlX4Uv3uJuej/Px/j2VaVSWNZK+FTJHUDEPks0sAycrKzCGtMXc4 + 2aPnJTAhF2SAQJMyHLoZ3huQxqRsHnnsDan7KJ/Vz2cxO1urFTJmEqO3glul48B77vVvKIWYwVwl + PJ8rY+NRMAr8WSNzUfvmh8NzFGZnp5BUxCvsrbruWfWw7Dnz2VloLPuz4tqCZmOZYXMVmKovCByf + /M72KuxcdppwueNgk7GbG3aKY2DtCL7vvx/Xjw/NoysLfbS3Kb1OhcXmJdEaBviGihjRGLthZ6ij + F2HD9nDejMLaOsFKLlJP4uTsZWrhL6pcItAsEoF/9/w5qegHwVouuQavEFaDp3TmYzdyQqjAsZC6 + 2Mej3twWOclt6oEfdUVIWYR/E8iqnGP6lvRrqI7jAKTgOUHlFPQCf/SwHvv+eK3BZd/l9qdXqGbo + BT/syCGq38PrcAEupaeePtlDuRhibM/7L786F/8CAAD//+xZWW/aQBD+K6tKqQDFBhubq4pSJBop + UlOhRu1D+sLiXcAVYMsHvOTH95v12hzhaImCqBSBwPbO7M7O8c3OWNMrXTh/rwvnqC7OqwcETu5c + nYrSCT1jlV4qWQ8Rh4ePMkxMZjWvGeEr2wzn/DOxzCKe1X3dfEuz5gFbtdsuwqTSU4AIrPodMEoV + EPsoHyvhp7xLAYe3zyqIPQz8wp9xUhhgTXiRmuJ1gbhpg8pjkEbQ5p0/lQBCmWn84zj5xD0Pu1CX + K6dbY+ytALsCYC3ECIDkGgNNP6hysfBjgL6kPNgElo9I63CkPGGTTQerFQYMRwtG8qOc1YeJSPuD + lo78QRT+EGt/4EmCzBhfs+XE9yYMJ9rxGMiaAupYyLHWfMw4Q4XggRHHFS/iI5Jj0FUbNb7y+TgF + CA/YRHIBzgVHbjOz3bKfK4EeApFO5Xqa2BzP65POuk+CpK8O6yIfx/A4H7Y2ZwDlBOx4CC9XQd45 + bhhC9w79kH/hlrYVY5YwHU59TxvtwVdJUdvshzoFkYa1MTJhGMBlioFIbx5897OQewnxfAuYr24Y + KryFL6TYcKfvCCocDbH0vziFZg0DSobk4yUuZv68zErl5xl8OAk6hd/uRI03RwznRMRwCDGc1yLG + ScniBWKcmq7WDXxuxGi8I8YZEMP5vxCjUbAeQYyXrQhrXyvCcvIBqlKSCJ6hmifUDtkmdffMUds7 + UJT3+Z72Ee4r92tFS0p57YRKhR0NsO2qanuWon8Vp7MZpzrxw8HShxRITZ8gOrGipNL/Fv5Hjal7 + ceOOuFMX1rDl1NwhBGo225ZtN6iALYiwwgEySdbtCkG+DcqVDIbuOH4OljwOCRxp0oO9YmUMaaJ8 + VWQm6tW8X+latuVIqybrtmg3vLrnNi2v5QpR442RJVu34kbNclXvXtl3+GZ8xozPdSFnGNmj2Exj + YwmNGLYJEYWZhRepzAg5j0lj4FcAzqcxLnt9o2GGc5J/u+98+RJvN64vX+LtxvelSwxAEllnVvdg + 1o8lff0eh+KJKres+5uB2hOKfpB/SaMglNUn4JBHDUodePT6BaNFJNM6+qWTbt9EGm7foeBEo/8B + AAD//6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwJsZQCemQ3JcNWjmFso2AJqbX5IInXdGb3bgmuYx + wDXNYwCf5kGXgDfTUvPKMovy8yANIegYcil0gQGES5RL83MhJlTDmNDCjowCDmlthD7MXB2l3MSK + oNTi0hyQwUh2g0fsi0ocSyDuKMsvod60IMQwuKFAuzISi8PywRMesLk80FQlaBoBZCXcIaiuNUJx + LlQDOHhqa2sBAAAA//8DAMuOywzPIgAA headers: - ATL-TraceId: - - 90650024593a4943 - Connection: - - keep-alive + Atl-Traceid: + - 33c9728f7df05456 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:48 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8ce67b10-9fc0-4f59-bc96-760506cd2128 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '239' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a08e72c8-ea08-4414-ad72-1fcc98101134 - x-envoy-upstream-service-time: - - '134' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG3yVX2+4k7TZLbqIHFVmFdk8iMkmmWEmT0qbCsuy7m+KC62345/vm - Z05M40yHyTHFPmMcZ7XZWOrIRBu+QoHR4Tz36AtPkWXsm6a5Dz7BHIAXUEDe7G9fm4eX9m+7Xwad - JqbeViiDDN4zZml04TiQj+1xpHTgzoXFJkkvvbO/ClOrsJWX8B7jCgoQPIcqF7LllQKuyqoAgBsQ - AMmfaUq9bT/8Y3ctF6qsVSmL3RVrhkffhQRKsZP1ttNoSiqRajBdLWttNUroDABWlZSayquC6NaG - p35Ctr7T4eLiczC4xifmLhMj/3Fo2Pn8AwAA//8DAIzDLvpaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUTAqyi0pGPth+/HeGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwAdmObDWgEAAA== headers: - ATL-TraceId: - - c0b7b132bbe11566 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - d112df9123eb824a + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 73e4c93b-1cf6-4608-ba4f-63781da00519 - x-envoy-upstream-service-time: - - '29' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0e79bb049a3a700c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1493bef7-3776-4f07-8d15-a804a32ec47f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 33501fbb-14a5-4699-84cc-c109b627ab92 - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,110 +549,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - e643abf673b6cc23 - Connection: - - keep-alive + Atl-Traceid: + - 9ffda99a611db055 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:49 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 58312f9b-5977-4fb3-bee3-3d71555f8d5a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '178' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 05b4e777-d6c3-4935-be2e-e4a7673c2627 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/235] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/17] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2873]\n*Defect - Dojo link:* http://localhost:8080/finding/2873 (2873)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/298]\n*Defect + Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -851,30 +669,30 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2871]\n*Defect Dojo link:* http://localhost:8080/finding/2871 - (2871)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + < 7.1.2)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 + (296)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -884,13 +702,13 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -903,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '7090' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11108","key":"NTEST-919","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11108"}' + string: '{"id":"11803","key":"NTEST-1465","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11803"}' headers: - ATL-TraceId: - - 96154cf32cd6c13e - Connection: - - keep-alive + Atl-Traceid: + - 049a0c03b014d6d6 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:50 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - be3aab07-cbb8-4368-bf30-b05069242d51 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '668' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cc4cf452-2a56-4f46-a7d2-cd4f09bb5b92 - x-envoy-upstream-service-time: - - '539' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -959,109 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-919 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1465 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iQnCH6XA013LX47hA2w+UYRR7cVRsySPJEK7w32/X - LzEFwlAaZvBqpX1/dqVvDixLLlMndjTIFDSkfwjIUzOQvAAzMMkCCj5QJWhuhZJmAKmwBVg+SBZc - ZpCrbHAJ2uAepDMoNRiQtjnrDBxBmoMg8Ce4MJCf43JhbWliz0vhHBKbqq/K5TbnxgguXQnWQx3W - 46XwQk8YU4HXKbiAa5Q/OJ4eHQ+3g23knNfOOvE3x6DRyiTcQqb0deNciisUCP0wGPrRMJwcB2E8 - GsejiTvxg9/80PfJR7Jhr0uo1bzQR5L3At/3w1XU7SIFk2hRUkaQu8tMwfN8wFJhrJCJZaWABJg6 - Z1dKX7gknSj5UefP8cJAUmnwLgVc8UtuuX5jxH+wU2CRqmKjYe2nO4E/Cibt8hgd3elDHjhUaLR1 - zM0F1aiaW6Lic54bGDidDieuldwOHCsQGCUW2YllhZE4pVZf0b0XZq+VrnNXV6PLHS3uFLz39KMU - 1qICwlcrTUH9VZ816txecU2BGVGUuUCEpPeiweTWkIkmy2jyHHfbNLfG2kyXghKLv7t5jvwttBxG - yzB6seK6hDVKNkz7fcJWMF4G45+zteyMtcQT1kbhchT+nLUWnKYj1lq7vaX+Xn5qpgtW7OQUK5hl - GjLs6wcwREypvGrarOEklbGqqEfEGVoIt9ZtTB7qaEZHw6XGrMefEw8DXHKLU7EZOj+O92airWaY - 12jTBOaa3FMVxRTQXPpMDCEzJ7a6gtt2VJEyLZIm0m8PeOQYHjULVeXpW2HKnF+3DYBs9Mp+wnFB - TdEmQwPGSl332JyMwqibk/ez5q9LZ7BuI+xHhlBa2OsX5rAT9+ph+/xxKQqegfFIwnRKBDIWIlu4 - 5jLrZ8x75HTDKHRuH4Yy6kLJ+RxonBA47x2ivnw0EcE6JAYTysiCm2kpkg9CXtSX8Vso6W6WSVfH - urpX9d6KI5Wc4tXM5znMgJsGG7qlnMMPH9/tH5x92N+bHhxNz6az2T8zjA9byGBK8MDxAtghzk1p - GdllwjAl82uGPSlyUsqsYn8KzdmhhgL7llUGUevWXXo/im1U6N8I348W89i517SY9ExInmM5sR59 - l9HefV77smjTWyM9R++6WYCVzSSsTlclde0zkNy8FV4IvkZ4dV99f73/GB57vP3Okwt8SnWQ65Q3 - tvbaR81POdy9jJqeQSNhd71KuKLuVrnSB40387yCYaZxbvTPA8XeqqbYqijxsSdtW4Wnavp9cr7I - u3+7LNOqKunl84eQKY45wxD5bA4gWVmZBaQ15vZnu/SdAxPykgwQkFKGj1aGtwOkMSlbhC57R+q+ - yFf191XMTlZqhYxZmcWbbuD6N5Q6zFyuEp4vlLHxxJ/43nlz9qz2yQtHm6coxU6O6BrDScPeq6uh - VY8LnzKPnQTGsn8rri1oNpUZdlWBOXpC4ODwb7ZbYcuyo4TLNQebVN3csCPAXiBHkN77NK0/n5tP - Vw9atJclkcfCYteSaF1/pFARo8HGbtgJ6hiG2KnDYOxPwto64Sm5BLcQVoOrdOYlmRjOhSQuwcDF - 9Rsidr6XPiWF21Gv5OquEuxJTjgV+GyjXva2I3dhi5ykygz/1WUhFSH+ZlAoCxhUCmy6xOyTDBuy - Xw6zAdvI7WsWukHghoxtZPb1Dhu5PgrXGyN37Eas24j6jcjddLc6/mbP33RRV8cf93wiN3s+edfy - A3fc88OeH949P+r5I3fU86OeH/UBbPV2ibzDX9klMvx1DUIwcbt471/CgIpfP3fZY5XeWlfp/wEA - AP//7FjbTttAEP2VkZCQkwZHSUppg/JAgQekFlWF0oemUoy9Sdw6tvElUFH+vWd218s6lxZQWvUB - gpLYs7M7PjN75mwelGntvalMP2d5M1kG273NvNifts+9Sb9JpyACdbcMo+DkyL4FnkCqmGKn1u3q - Ne24hobldc993pBPSVXVSdrd13s98HfzSLZodM9vCbF4Afh/diSH3xtwr4gfbryjOZGfj3HxBR87 - j9+K7H+h/DfZAe4L6aKMYpFJxWg6E3dflIzc/vcjgYxRB0108SqCGKUmj494ajdM2l4wD3MoDAj1 - 3W4XwmHMgGIDVOqQJcQonYwIyqvw0LY9ylTV+ly1wlTtXMcWRtxJi6lXUOJjoZyupxAdBTSwdmT8 - Lr1cUJLRFY5XPwhnTZ/3XY7Z/cwbcwDQTOUsJokM8SNBRWeCIKOpuE4qF59yH+jhuMFKBEuF/pSw - EyGxo/C7gMgeYxUPYadpFPrytzOteKqAIwF8sENZpduj1KMhpjLOvTHIgUX5Tl7yEMSXX0V6OY1M - Tjjgh36YQA9YwefuMO4uzw6nGEjnHAzCw7k0g9DHvAYdFmEmBk8jlYmizGJUMr7lZVQwulYMGLcy - CJcB3NrC+SJBPvF/mMS+SIthPBqNhjGf2Qq6pUM8GbTOHQ0w/VUZZsLZ3uq92U8n8qNRjfTVuAFB - 3monh43ym6sfje9UDgzWgEZnx++OD8+pQwdntH1VJsX+EH9y7nZT3WhRd4W12R4OY3rBj5knkXAh - 5500S3wcsVwRzxtfORaoYnjE7bZyHsnlVUgSPAdRtMgRWdZi9Bo0YPKhW8ysnwhzBRz2XUMDQ9aO - e58EJWoF261+v/oNpV9jbGjDNZwNyzrWNk5LvG0sS8xtWRa427IssLdlWeBvy7LA4MayxOGWpc7i - wOmD/AUmqEDq65EaJI0K5rPgYow0JryQDRdjpEHRpgouxsiAYlmq7lahUjMxSAaVmoVBMqjULAyS - QaVmYZAMKpZFgWRQqVkUSFYxAa8pKolLUnN6P53soNRnYS7YS1Yfdyl+Q4/C1YHP+wCFWV5i60v2 - fx/Ko5wm/6Y5unTdG/emT5/kYZ6pR9N8lRBwZQRL5tpOvXVOKlcrfV6u81FJXOmzu85HpXelz6t1 - PiofxoccqDIewX3J9DZZAi2V75YkXJVgbjJelCeUqvJ1idWCWXRv3aIyob9fVJcD+tPSAljiZJZ6 - fsE5O00olBeE5M/DQARywFkhUtkzMoH7QekLNVjr0I/QQ5kAteePafrSMU34eM3ixfGCWRg3yGn8 - nHlhVCR9I0FWKtlnFWvtZ5v/HqBiO09VsR2pYjv/QsVu5nRbldBfV7Gd/0jF/gIAAP//Gm3FjuBW - LAAAAP//7Fpda4MwFP0vgz5GTfyqD6UrbIO99blvaWI3GFYxSv/+7jXRGVs72KD4EPAhmJvkemOO - R8656nUsdkzLLOS2WJmF3RYrs9DbYmUWfluszEJwi5VZGG6xsjGKOxbb18ux2H6MY7Hd67AcFkvN - wF9Y7LXSTueUdhqNxdOm5uKrcwug/j8NjWfmCGY7BvW6f6K5wDk1Oxh8FbxpuPhEQeymUB5kQ+BY - KZ6qiaotCo4y6NNNZQ8Lh16Gsv6jUIq0Y8uFQAfGu9zEJx6Fkh7XURAfIcs0zShjCa4zBMEKd8Jy - 3NWdlLCGgsifHBBn0BfzXF64qpCj4qR3zUnaUON91DoMvv2Fr5t+TBmNchrkIZNZIkIRp1SsYykD - npxovt7KTTfLKtyt2Btcehwp+NnIlIToW8prFblARQjz8K33NNJhyUjFucKKwfiOj8OpgubLniRe - dcb8p66n5Wc89U4tP+Op/2rpGQMQSW1BMtaC8X/k3hgH8TyhtqVtThrMDgC0EP7a1mWV+wfAH4GG - HHPw0O8HvcNJxnWMc9G4EmoDsw4KHr/pDgoekfF/oeAbAAD//6K3i+lYFKA3L4DtJ6XqWpAeWPMC - 6PZ0SFasBq0hhrINgBbmlyTmAFlYTMG1rNEAvqwRXQK+SBBdAt5uA3apM4vy8yAtI4hQSil03TqE - S5RL83MhJlTDmNBSkIySD2nFvT7MXB2l3MSKIMgwCIrd4BVqRSWOJRB3lAHb4OQuq0NfFwsxC24m - 0KqMxOKwfPD6PthiVtDCXNCqOZCNcHegOtYIxbVQDeDQqa2tBQAAAP//AwDG6ZZJ/jAAAA== + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1suPOCqKIUvdNluWZY7bfkiDgJHOEhuKVEnKdtrkf99R + D6t5uGgyrDEQkXe8B+9+d7yvDqwLKhInchSIBBQkrxnwRPcEzUH3dJxBTnuyAEUNk0L3IGEmB0N7 + cUZFClymvSUojTxIZlAo0CBMczYutZH5wio8D3w/8F0Fn0vQZn5VwLGisWExOD2HWftBMPEHuNHA + F7jNjCl05HkJLCA2ifwkXWo41ZpR4QowHloyHi2YF3pM6xK8VsElXKH80Xx6Mu8Hw/EISZUL2om+ + Ohp9K3VMDaRSXdV3SHCHEqEfhn1/0g92574fhUE08t3haPSrH/q+ddIaMeh4peaJTlp5D0Phh5tr + N5sEdKxYYQOH1D2ic8p5jyRMGyZiQwoGMRC5ICupLl0rHUvxTvFHelEKZtNF+TldUkOVt2Sw8iq3 + OgcbVuAPgslvmn2BlzmmvczRqoUFmpxTfWlzVV4Yu4oWlGvoObXgAd6rku05GUPgqDi7OoQloK/+ + Tc8xDJFVIEqcSJR4R+cOTAb+NkbQMgolP+FVn5iJRrrKQ5XZNg928w16uuu+E8wYVKCdjW0L4T+r + s1ouzIoqC2TN8oIzdDi5ExJMVAW/4WQ9nDzS3e+krL3JJmFDfwfdCIfrcPj/WqlhUYEUDQbjdTD+ + GQbXrcVBuB6EP8Nig/ybm/twDFs4Ltj6fd0DMcmnZ5j0NFWQYlu5h3V0R/KyrvIHQR7ubGNMtjF2 + 7yuvW1pNtQ2j6t5O1A9wSw029boZPr526lbbNVevVqdsZVTLfVna2wa2YX6wBCZSJzKqhJumh1pt + isV1DL7eo1nP8KjOZMmTV0wXnF411YRkdMu8x7TZCmuioQAva0v4oQbuh0HbwO+GbVubCTdt5i5j + k/BCMamYuXpiEFtxr3oFfryPs5ymoD0roVslDAkZSzNXL9OuYb1FStvZQuc+dsNBexVOL8D2Jgvb + u+/1eEsggm0YDSY2IhnV04LFh0xcvracV1DY2ULEbR6r7K4q3oYipJjiaEEvOMyA6hobqlk5x4fv + 3hwcnR8e7E+PTqbn09ns7xneD4tLY0jwwDwDcoxNWBhi7RKmiRT8imBBM26VEiPJH0xRcqwgx4om + pUbUug8VdoAF5fjXzPcn4kvk1C8WZg/D31XVrRLHRKRMUH73UDMZNeGtkM7Ru7ZLYGZTAZvTZWHL + 9geQXA8xTwRfLbx5/G7PHY/DY4e332l8iaNgC7lWeW1rv5m2/pPD7chW1wwaCdu3WsDKVrfkUh3V + 3lzwEvqpwr7RDSySvJJ1smVe4LAqTJOF7+XvdnA+im9/eyRVsizsSPaaiQTbnCaIfHIBIEhR6gyS + CnMHsz37vQDCxNIasKBJCA7dBN8NSCKrLAtd8saq+yieV9/nETndqGUiIkUajdzA9a9t6DByXMaU + Z1KbaOJPfG9Rnz2vfPKCnTMUIqcnEJe20ZC3ctU38mHZM+KR00Ab8k9JlQFFpiLFosoxRN8RODr+ + i+yVWLHkJKZiy8E6UtfX5ATHv8oRXO+/n1afD/WnTYfdNK+oXc6ZwaK1olX6cYWKiO1r5Jqcoo5+ + iIXaD8b+JKysWziJZeIKnJjdVC69ZckFAsxgA/Bunz+zKnaHG7F4BW7OjAJXqtTDIqQWmAyHPlu8 + 3u7QzUzOrVSR4r8qD1ZFiH8zyKUBvEYCZLrGeFsZ0ie/HKc98oybFyR0g8ANCXmWmhcvycDFUq4Z + A3fsDknLGHaMoTtyd1r6qKOPXNTV0scd3S5HHd1619ADd9zRw44eduf/BQAA///sWF1P2zAU/StX + QkJp1qaihXbrxAOiPEwaaFq3vayTGlJDs6VJiZPCxPjvO9d2XIe2IBgPewBQSX197etzv47TC7qr + 8W7QXY3vr8b3Vwfor/blR2fc7suPncaWmABwR2j0S9FkdyuyTJt823+ib838l/Ltq19fxq8oaFXy + D3zlYx4jf1gKGqISYnAkFkVAe/0mcd+jepmtfmd7ga2z6ns3eE3A5ziqahXtzru3KND+ULVgdMef + GTE5gUMe1SMPH41Nrn3YseSj6kPwHf9az0hS7IhsVwv8WwOox5Y/yso8EoivRPjcalu4D85jKRjY + xaUzcbgiBD4at90WwSdNrw3irB1Ol7EEqQA3P+h0wBUuGGMkREUImTVMFpcTAtmCfSmFlOs4jjiO + hY1jPoPIw/M44e5ZzMKCsggbSbqegWcUoL1GkVE7D6WgLKcr3Kh+Ey6eEeehxOpRHl6wAaBJ5Twl + ZkWByjQQ51wQmDMV11mlEpGMRBrihsHkA1vF0YzQ6sGqk/iXAK++wC4hzF4skjhSr/sMyakMTgTw + Qc4yMXdn6aPBpjKV4QWKBfPwlix5CuyTV4nZziAjCTf+OIozcADHeBmM08766lBKgbRkY2AerqI5 + uD3Wtegw77I2hAapXBRlniK48STLpGB0HRswb6MRAQO4s4MrRQZ/4u84SyPE/DidTCbjlK9pBd3S + MU4GfnNHh8TvP+NceLs7N50+Qkv/b1RzIz3zkMBpjZrHQvUUmMPxSKXAcB3SZHTy8eT4C+3R0Yh2 + r8qseD/Gj1687esRJOEmsd8eIy/f8FFllogALN5D9Ee4WQUiXTZ+sDUgw1BJ222tPVEGaKMUgB7s + aJIn8rzJCDbokDOHbrGyORPWmrLhdw0DDn2zgUKn2bREvBCnmjtevVQZ1Oo4OOGWSg7Jtlpuldaq + uZWs1XNHcq+iO5J7Nd2R3KvqjuReXbeStcruSOq1HTh9Ui9ephVIAzPTgGRQwXoOXIyRwYQ3cuFi + jAwoRlTBxRhZUBxJ1fMqVGoiBsmiUpMwSBaVmoRBsqjUJAySRcWRaJAsKjWJBskJJuA1QyRxSLY0 + zRusF3q+lQz4A90J344izgMEZnmO9Dc94DRWdzjTAnx7aekEN8HNgL6qWzwXIFPsK5egYiaQ5IGr + 1N2mpL21UWd/m45240adg2062sEbdXrbdLRHrA55dMYdSHUn2+FUEDS1x5uq7GoXc6sJE5nRQgdw + QEwk7Kb9bZsqlz68qQkIdKm1DYzvPswXYVSw384yitUXQggs46mYrto8Jn4GK8oFqrl8Sp83qouM + 79FMU7xwOo/TBnmNP3PQkCIbWOqxkdC+klkngd2C9ziZ7T2TzPaYzPb+BzL73BuvG7hPJ7N/AQAA + //8irTFrONqYHU6NWQAAAAD//+yaXWvCMBSG/8vAy3RN2rT1QpywDXbntXcxqQ5GP+gH/v2d06SZ + yayDXYzCCl6IOWmOCXl95X0WM7uYWcecOZrumDNH1R1z5ui6Y84cZXfM2bW2L2Z23K/FzC5mdh5m + ltqpP5jZ78E6nQrWaTw1wMcBDOO6RsiPgRpADsArDW2pP2DD6vE7TRVOhdehBSycbNfPBEXXCfmO + 6djN0Dy0NEbbF4XA1PPhZpCHG4foQtX8MhdFr7EVUiJw8aY2/CTiSNFjFof8CI2k6ZoyluA6tghW + uFOW46nulII1Wqj86gGFBfGYp+oi2hptLT70Ltg0HEIenBtdBj/3xQjXcMponNMwj5haJzKSPKUy + 40qFIjnRPNuqzfCUVbRbsVd46XmkEKWJJQnRH7VB35IL7AhhAbSoAi1tuGWkFqLFHYP5g/WGSwRv + n/ckCeoS+/chqfl37FNW8+/Yp7Tm3jHojdLEkSEJrv9P7g10iPcJcy5NNWnNOlQllr/0TVXnjwfQ + H4n8jbl4yArCqL3JuI5BJw2E0BiZXaTg7w/9n0rBJwAAAP//orOLR4sCnEUBvLkBdGI6JMdVg5YZ + Q9kGQHPzSxKhq6fRmxu4FisawBcrokvAl/6hS8CbZ8CucmZRfh6kjQMRSimFLpOHcIlyaX4uxIRq + GBNa2JFRwCGt8NeHmaujlJtYEQQZ4kCxG7zurKjEsQTijjJgy5rcxXIYy10hhsENBdqVkVgclg9e + tgdbowpacAtaDAeyEu4QVNcaoTgXqgEcPLW1tQAAAAD//wMADT7bvpUxAAA= headers: - ATL-TraceId: - - f2bd7d7ee8bcae34 - Connection: - - keep-alive + Atl-Traceid: + - 16067d8477eba35a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:50 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c0a8050c-12b9-4b8d-a094-253fca18efe3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '271' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 34ee5074-1a3d-4a88-b306-04b3b4dc1ef0 - x-envoy-upstream-service-time: - - '128' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1071,109 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11108 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11803 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iQnCH6XA013LX4zhI2w+UYRR7cVRsySPJJFzpf79d - v8SUEobSMINXK+37syt9cWBVcpk6saNBpqAh/UNAnpqB5AWYgUkWUPCBKkFzK5Q0A0iFLcDyQbLg - MoNcZYNr0Ab3ID2BUoMBaZuzzsARpDkIAn+CCwP5JS4X1pYm9rwULiGxqfqsXG5zbozg0pVgPdRh - PV4KL/SEMRV4nYIruEH5o9n0dDbcDXaRc1k768RfHINGK5NwC5nSN41zKa5QIPTDYOhHw3AyC8J4 - NI5HE3fiB7/5oe+Tj2TD3pRQq3mmjyTvBb7vh+uo20UKJtGipIwgd5+Zguf5gKXCWCETy0oBCTB1 - yZZKX7kknSj5XudP8cJAUmnwrgUs+TW3XL8y4j/YK7BIVbHVsA7TvcAfBZN2OUNH9/qQBw4VGm3N - uLmiGlVzS1R8yXMDA6fT4cS1kq8DxwoERolFdmJZYSROqdVndO+Z2Wul69zV1ehyR4s7Be89fS+F - taiA8NVKU1B/1WeNurRLrikwI4oyF4iQ9F40mNwaMtFkFU2e4m6b5tZYm+lSUGLxdzfPkb+DlsNo - FUbPVlyXsEbJlmm/j9gKxqtg/HO2Vp2xlnjE2ihcjcKfs9aC03TERmtfv1J/rz400wUrdnaOFcwy - DRn29XcwREypvGrarOEklbGqqEfEBVoIdzZtTL7X0YyOhkuNWY8/Jx4GuOQWp2IzdH4c781EW88w - r9GmCcw1eaAqiimgufSRGEJmTmx1BZgO1Gk/YLMTpBvfanWkXoukif3LdzxyFYXNQlV5+lqYMuc3 - bUsgO9GAsVLXPTQnozDq5uT9rPmb0hls2gj7kSGUFvbmmTnsxL162D59XIqCZ2A8kjCdEoGMhcgW - rrnO+hnzFjndMAodytK9UEZdKDmfA40TAue9Q9SXDyYi2ITEYEIZWXAzLUXyTsir+jJ+DSXdzTLp - qlbXclnvrTlSySlezXyewwlw0yBBt5Rz/O79m8Oji3eHB9Oj0+nF9OTknxOMD1vIYErwwGwB7Bjn - prSM7DJhmJL5DcOeFDkpZVaxP4Xm7FhDgX3LKoOodesuvR/FLir0b4XvR4t57NxrWkx6JiTPsZxY - j77LaO8+r31ZtOmtcZ2jd90swMpmEtanq5K69glIbt4KzwRfI7y+r7693n8Mjz3efufJFT6lOsh1 - yhtbB+2j5qcc7l5GTc+gkbC7XiUsqbtVrvRR4808r2CYaZwS/fNAsdeqKbYqSnzsSdtW4bGafpuc - T/Lu3z7LtKpKevn8IWSKY84wRD6bA0hWVmYBaY25w5N9+s6BCXlNBghIKcNHK8PbAdKYlC1Cl70h - dZ/ki/r7ImZna7VCxqzM4m03cP1bSh1mLlcJzxfK2HjiT3zvsjl7UfvkhaPtc5RiZ6d0jeGkYW/V - cmjVw8LnzGNngbHs34prC5pNZYZdVWCOHhE4Ov6b7VfYsuw04XLDwSZVt7fsFLAXyBGkDz5M68/H - 5tPVgxbtZUnkTFjsWhKt648UKmI02NgtO0MdwxA7dRiM/UlYWyc8JdfgFsJqcJXOvCQTw7mQxCUY - uLh+RcTet9LnpHA36pUs7yrBnuSEU4HPNuplbzdyF7bISarM8F9dFlIR4u8ECmUBg0qBTVeYfZJh - Q/bLcTZgW7l9yUI3CNyQsa3MvtxjI9dH4Xpj5I7diHUbUb8RudvuTsff7vnbLurq+OOeT+R2zyfv - Wn7gjnt+2PPDu+dHPX/kjnp+1POjPoCd3i6Rd/hru0SGv25ACCZuH2/5axhQ8evnLnuo0jubKv0/ - AAAA///sWNtO20AQ/ZWRkJCTBkdJSmmD8kCBB6QWVYXSh6ZSjL1J3Dq28SVQUf69Z3bXyzqXFlBa - 9QGCktizszs+M3vmbB6Uae29qUw/Z3kzWQbbvc282J+2z71Jv0mnIAJ1twyj4OTIvgWeQKqYYqfW - 7eo17biGhuV1z33ekE9JVdVJ2t3Xez3wd/NItmh0z28JsXgB+H92JIffG3CviB9uvKM5kZ+PcfEF - HzuP34rsf6H8N9kB7gvpooxikUnFaDoTd1+UjNz+9yOBjFEHTXTxKoIYpSaPj3hqN0zaXjAPcygM - CPXdbhfCYcyAYgNU6pAlxCidjAjKq/DQtj3KVNX6XLXCVO1cxxZG3EmLqVdQ4mOhnK6nEB0FNLB2 - ZPwuvVxQktEVDlM/CGdNn/ddjtn9zBtzANBM5SwmiQzxI0FFZ4Igo6m4TioXn3If6OG4wUoES4X+ - lLATIbGj8LuAyB5jFQ9hp2kU+vK3M614qoAjAXywQ1ml26PUoyGmMs69MciBRflOXvIQxJdfRXo5 - jUxOOOCHfphAD1jB5+4w7i7PDqcYSOccDMLDuTSD0Me8Bh0WYSYGTyOViaLMYlQyvuVlVDC6VgwY - tzIIlwHc2sL5IkE+8X+YxL5Ii2E8Go2GMZ/ZCrqlQzwZtM4dDTD9VRlmwtne6r3ZTyfyo1GN9NW4 - AUHeaieHjfKbqx+N71QODNaARmfH744Pz6lDB2e0fVUmxf4Qf3LudlPdaFF3hbXZHg5jesGPmSeR - cCHnnTRLfByxXBHPG185FqhieMTttnIeyeVVSBI8B1G0yBFZ1mL0GjRg8qFbzKyfCHMFHPZdQwND - 1o57nwQlagXbrX6/+g2lX2NsaMM1nA3LOtY2Tku8bSxLzG1ZFrjbsiywt2VZ4G/LssDgxrLE4Zal - zuLA6YP8BSaoQOrrkRokjQrms+BijDQmvJANF2OkQdGmCi7GyIBiWaruVqFSMzFIBpWahUEyqNQs - DJJBpWZhkAwqlkWBZFCpWRRIVjEBrykqiUtSc3o/neyg1GdhLthLVh93KX5Dj8LVgc/7AIVZXmLr - S/Z/H8qjnCb/pjm6dN0b96ZPn+RhnqlH03yVEHBlBEvm2k69dU4qVyt9Xq7zUUlc6bO7zkeld6XP - q3U+Kh/GhxyoMh7Bfcn0NlkCLZXvliRclWBuMl6UJ5Sq8nWJ1YJZdG/dojKhv19UlwP609ICWOJk - lnp+wTk7TSiUF4Tkz8NABHLAWSFS2TMygftB6Qs1WOvQj9BDmQC1549p+tIxTfh4zeLF8YJZGDfI - afyceWFUJH0jQVYq2WcVa+1nm/8eoGI7T1WxHaliO/9CxW7mdFuV0F9XsZ3/SMX+AgAA//8abcWO - 4FYsAAAA///sWl1rgzAU/S+DPkaNGq0PpStsg731uW9pYjcYVvGD/v3da2Jm0trBBsUHwQcxN7nX - qzkeOedqdGGxY1pmIbfFyizstliZhd4WK7Pw22JlFoJbrMzCcIuVjVF8YbFDvxYWO8xZWGz/OsyH - xVI98RcWe6200ymlncZTA2ysqrY1F1+9jQBtAE5oYELdgSn1OjDq9XCrU4HGV8HblotPFMRuuDhc - 0dBdJTPpuqLgKIM+3VT2sHHoZSjrPwqlSDu2XAh0YLzLDTvxOJL0uI4DdoRC0jSjYZhgHhMEGe6E - 5fhUd1JCjgYif2pAnEFfzHN54U2FHBUXvWtOUoYa76NWYfDtL3x16jMa0jinQR6FMktEJFhKxZpJ - GfDkRPP1Vm76VVbRbhW+waHmkYKftUxJiLrUeF1DLtAREnr41nsK6bBlpOK8wY7B/J6Pw66C05c9 - SbzqjPW7rqf5V+x6p+Zfseu/mnvFgDdSGY60tWD8H7nXxkHcT6htKZuTwqwDAC2Ev3Z1WeX+AWBG - oCFHbzz0+8Go2cmYRzsXtSuh1jC7QMHjH/oCBY+o+L9Q8A0AAP//oreL6VgUwJsXQCemQ3JcNWip - MJRtADQ3vyQxB8jC0h4CNraUqmuVMCVwLWs0gC9rRJeALxJEl4C324Bd6syi/DxIywgilFIKXbcO - 4RLlhfxciAnVMCa0FCSj5ENaca8PM1dHKTexIggyDIJiN3iFWlGJYwnEHWXANji5y+rQ18VCzIKb - CbQqI7E4LB+8vg+2dBW0MBe0ag5kI9wdqI41QnEtVAM4dGprawEAAAD//wMA+VdrJf4wAAA= + H4sIAAAAAAAAA7xWbVPbRhD+Kzf6kOmktt78glEm06HEaWgppcZJPhCGOaS1fEG6U+9Otkngv3dX + sqzE4Eyg0+AZJO3evj+7t58dWBVcJk7kaJAJaEheC8gS05E8B9Mx8Rxy3lEFaG6FkqYDibA5WN6J + 51ymkKm0swBtkAfJBAoNBqRdn41LY1U+I4WXge8HvqvhnxKMnd4UcKp5bEUMTscRZD8IRn4PPwxk + M/ycW1uYyPMSmEFsE/VRudxm3BjBpSvBemjJerwQXugJY0rwGgXXcIPyJ9Px2bQb9IcDJFUuGCf6 + 7Bj0rTQxt5AqfVPHkOAXSoR+GHb9UTfYn/p+FAbRwHf7g8HPfuj75CQZseh4peaJTpK8h6nww03Y + 648ETKxFQYlD6gEzOc+yDkuEsULGlhUCYmBqxpZKX7skHSv5VmeP9KKUgsrFs0u+4JZrbyFg6VVu + tQ6uWYHfC0a/GPEJXuZY9jJHqwQLNDnl5ppqVV5ZeotmPDPQcWrBI4yrku04c4HA0fH85hgWgL76 + dx3HCkRWgShxIllijM4WTHp+wyi0+ogRPTHha+kq3VUBm3TTxxcgaaN6K4W1qMA4G9uE1D+qs0bN + 7JJrwqsReZEJdDjZihzrUaGsP1r1R4909xuVaSLZ1KXv76EbYX8V9v9fK3X1KyyiwWC4CoY/wuCq + sdgLV73wR1hcA/zu7j4cg104DRvGTKze1TMQq39+gWhIUw0pjpV7WEc/VVbWXf6g1nBvF2O0i7F/ + X3k90moqDYxqejtRN+g4mDX7DjNC4K0PVI1PCdQirj37fI9GsMbcmLkqs+SVMEXGb9bgR/KSW7wo + 6gH7+Eatx3c7sL1anaY2rF4PVUkZDMjV90QQMnUiq0uyHWvAYKm3Hxrgfhg0A3w7bZsxs83YVfBw + U/BtRq+dWEJpYW+emIlG3Kuuh+8f8CLnKRiPJEyjRCBhLtK5axZpO+LeIKWZhaFzR3C4AhpaBNvt + +3q4I95gF0aDEQU+52ZciPhYyOvXxHkFBe0WMm4QU+FoWfE2FKnkGFcLfpXBBLipUajXb87p8dvf + jk4uj48Oxydn48vxZPLXBMPA5jIYOR6YzoGd4nSWlpFdJgxTMrth2OkiI6XMKva70Jydasix1Vlp + EGHuQx0fYEM5/q3w/ZH8FDlb7Yy5TYXkGVYN0962GfG2aevNaJ3eCucZetdMCSxgKmFzuiyobb8D + yfUS80SM1cKbW/HrveNxsGth9SuPr3EVbJDVKK9tHa63rf/kcLOy1a2BRsLmEpewpO5WmdIntTdX + WQndVOOEahcWxV6putgqL3BZlXZdhW/V9OvkfJBf/g5YqlVZ0Er2WsgER5JhiHx2BSBZUZo5JBXm + jiYH9LwCJuSCDBCQEoZLN8N7A5KIlM1Dl/1G6j7I59XzecTON2qFjFiRRgM3cP1bSh1mLlMxz+bK + 2Gjkj3xvVp+9rHzygr0LFGLnZxCXNE/YG7XsWvWw7AXz2HlgLPu75NqCZmOZYlPlmKJvCJyc/skO + SuxYdhZzueNgnanbW3aG61/lCL4fvhtXj/f1oykHfaxvUXqdCotNS6JV+fENFTEaX+yWnaOOboiN + 2g2G/iisrBOc5CJxJW7MbqoW3qLMJALM4gDwvj5/QSr2+xuxeAluLqwGV+nUwybkBEyB2yA1r7ff + d+c2z0iqSPFfVQdSEeLfBHJlAcNIgI1XmG+SYV3202naYc8y+4KFbhC4IWPPUvviJeu52Mo1o+cO + 3T5rGP2W0XcH7l5DH7T0gYu6GvqwpdProKWTd2t64A5betjSw/b8vwAAAP//7FhdT9swFP0rV0JC + adamooV268QDojxMGmhat72skxpSQ7OlSYmTwsT47zvXdlyHtiAYD3sAUEl9fe3rc7+O0wu6q/Fu + 0F2N76/G91cH6K/25Udn3O7Lj53GlpgAcEegFEvRZHcrFk2bfNt/om/N/Jfy7atfX8avKGhV8g98 + 5WMeI39YChqiEmJwJBZFQHv9JnHfo3qZrX5ne4Gts+p7N3hNwOc4qmoV7c67tyjQ/lC1YHTHnxkx + OYFDHtUjDx+NTa592LHko+pD8B3/Ws9IUuyIbFcL/FsDqMeWP8rKPBKIr0T43GpbuCjOYykY2MWl + M3G4IgQ+GrfdFsEnTa8N4qwdTpexBKkABT/odMAVLhhjJERFCJk1TBaXEwLZgn0phZTrOI44joWN + Yz6DyMPzOOHuWczCgrIIG0m6noFnFKC9RpFROw+loCynK9zdfhMunhHnocTqUR5esAGgSeU8JWZF + gco0EOdcEJgzFddZpRKRjEQa4iLB5ANbxdGM0OrBqpP4lwCvvsAuIcxeLJI4Uq/7DMmpDE4E8EHO + MjF3Z+mjwaYyleEFigXz8JYseQrsk1eJ2c4gI2keQjnOwAEc42UwTjvrq0MpBdKSjYF5uDbm4PZY + 16LDvMvaEBqkclGUeYrgxpMsk4LRdWzAvI1GBAzgzg6uFBn8ib/jLI0Q8+N0MpmMU76NFXRLxzgZ + +M0dHRK//4xz4e3u3HT6CC39v1HNjfTMQwKnNWoeC9VTYA7HI5UCw3VIk9HJx5PjL7RHRyPavSqz + 4v0YP3rxtq9HkISbxH57jLx8w0eVWSICsHgP0R/hZhWIdNn4wdaADEMlbbe19kQZoI1SAHqwo0me + yPMmI9igQ84cusXK5kxYa8qG3zUMOPTNBgqdZtMS8UKcau549VJlUKvj4IRbKjkk22q5VVqr5lay + Vs8dyb2K7kju1XRHcq+qO5J7dd1K1iq7I6nXduD0Sb0kmVYgDcxMA5JBBes5cDFGBhPeyIWLMTKg + GFEFF2NkQXEkVc+rUKmJGCSLSk3CIFlUahIGyaJSkzBIFhVHokGyqNQkGiQnmIDXDJHEIdnSNG+w + Xuj5VjLgD3QnfDuKOA8QmOU50t/0gNNY3eFMC/DtpaUT3AQ3A/qqbvFcgEyxr1yCiplAkgeuUneb + kvbWRp39bTrajRt1DrbpaAdv1Olt09EesTrk0Rl3INWdbIdTQdDUHm+qsqtdzK0mTGRGCx3AATGR + sJv2t22qXPrwpiYg0KXWNjC++zBfhFHBfjvLKFZfCCGwjKdiumrzmPgZrCgXqObyKX3eqC4yvkcz + TfHC6TxOG+Q1/sxBQ4psYKnHRkL7SmadBHYL3uNktvdMMttjMtv7H8jsc2+8buA+ncz+BQAA//8i + rTFrONqYHU6NWQAAAAD//+yay2rDMBBF/6WQpVzJtmxnEdJAW+gu6+wUyWmh+IEf5Pc7Y8mqpdYp + dFEMNWQRorE1GaObG+5ZzexqZh1z5mi6Y84cVXfMmaPrjjlzlN0xZ1NtX83sOK/VzK5mdhlmltlL + fzCzX4N1Nhess3hugU9D1K4R8n1I+JE48EqpLfUX5sJqasPq8cvOFc4BFtQCFk4Q7IeFouuEfMPY + TAeLbV8UAlPPu2+DPBwcogtV88tcFL3GXkiJcMSL2vGLiCPFzllM+Rm6TtMtC8ME97FFsMONshyf + 6kEp2KOFys8eUFiQm3morqKt0dbiTW8ST8Os8+C10WXwc1+M1A1nIYtzRvMoVNtERpKnTGZcKSqS + C8uzvdoNd9lEh034DC99HSlEaWJJQvRHbdC35AoTIWEALapASxuOjNRCtDgxuH6w3nCI4O3jkSRB + XWL/Pj21/I59/Gr5Hfv41tI7Br1Rmm0yJMH0/+TR0Ih4njDn0gSS1qxTVWL5U99UdX5/ApmRiNmY + g4cQIazak4z7GHTSQAiNkdlVCv7+of9TKfgAAAD//6Kzi0eLApxFAbxVAXRiOiTHVYPWH0PZBkBz + 80sSoaun0dsmuBYrGuBarGgAX6yILgFvngG7yplF+XmQpgxEKKUUukwewiXKpfm5EBOqYUxoYUdG + AYe0wl8fZq6OUm5iRRBkiAPFbvC6s6ISxxKIO8qALWtyF8thLE2FGAY3FGhXRmJxWD542R58NWx+ + EXgxHMhKuENQXWuE4lyoBnDw1NbWAgAAAP//AwCCtBWFlTEAAA== headers: - ATL-TraceId: - - 1accf1a44609a9ad - Connection: - - keep-alive + Atl-Traceid: + - beee91858650dc89 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6c94bbbc-5ea8-4a47-90d9-ab9476ec3e84 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '258' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 78e494c2-87d2-4e8b-be36-193742b89b57 - x-envoy-upstream-service-time: - - '146' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1183,174 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0zZrbqIHFVmFdk+ySJJOsZImpU2FZdn/boKLH7fhneeZ - lzkRrRbcz5ZI8h7CtMjNpsMeTej8h6cqWLUsg3LUYSAZ+cR5GbyLMANgFCjkze7mpbl/bn+3u3XU - cSLyNUEZZHDISIeT9ccRXWiPE8YDt9avXZT0OtjuWyEyCZW4hHcqJLCAguVQ5oVoWSmBSV5SALiC - AiD6C86xtx3Gf+y2ZYXkteTXtILqhzXjg+t9BEWxFXXVa2U4coU1mL4Wte60EtAbAFWWQmjkfwqC - TQ2Pw6xIeqdXqw1P3qgUn4i9TATd274h5/MXAAAA//8DACG7ynZaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAqKkoaZD9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwAl431lWgEAAA== headers: - ATL-TraceId: - - 54be7e9592d1928a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 5bcfb2ada0b634ca + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 00441633-07cf-4765-a854-83068c41e35b - x-envoy-upstream-service-time: - - '38' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 15f0d6e199e4e518 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 808156f4-0f2b-4114-b62f-52c0968709f4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4e30bf43-bd13-4342-afe6-342dc1e5b10b - x-envoy-upstream-service-time: - - '197' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1360,96 +1089,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 2b10a374cff87bdb - Connection: - - keep-alive + Atl-Traceid: + - aa7248326861a33b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b90cb1fe-735f-499d-b1ca-b91b88d97c7a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '178' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d599e4fc-2b93-4a43-95b8-1bbd6862601f - x-envoy-upstream-service-time: - - '79' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/236] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/18] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2872]\n*Defect Dojo link:* - http://localhost:8080/finding/2872 (2872)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/297]\n*Defect + Dojo link:* http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -1462,53 +1197,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '1932' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11109","key":"NTEST-920","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11109"}' + string: '{"id":"11804","key":"NTEST-1466","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11804"}' headers: - ATL-TraceId: - - 959c12792c9ee3ce - Connection: - - keep-alive + Atl-Traceid: + - 4b9b2848dcbcf2fc + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e008e96e-f7dd-41c9-ac36-0b39040f7912 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '616' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a88879d9-6ce9-4cdf-a428-aeb71fc15d1e - x-envoy-upstream-service-time: - - '425' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1518,96 +1259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-920 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1466 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rfkIPiG6VBIW+56HAdp+4EyjGJvbIEjeSQ5hCv977cr - 24HShqP0YAZLa+/bs8+uxGcPlhWXmZd4GmQGGrLXAsrM9CSfg+mZtIA576kKNLdCSdODTNg5WN5L - Cy5zKFXeW4A2+A6yY6g0GJC2+dbreYIsR1EUbuPGQDnDbWFtZZIgyGAGqc3UhfK5Lbkxgktfgg3Q - hg14JYI4EMbUEHQGLuEa9Q8n45NJfzsOUTJzwXrJZ8+g09qk3EKu9HUTXIY7VIjDOOqHw348mkRx - MthMhqE/HEW/hHFINpwPe12BM/PEGEk/iMIwjFdZt5sMTKpFRYigdJeZOS/LHsuEsUKmllUCUmBq - xq6UvvRJO1XyvS4fE4WBtNYQLARc8QW3XL804h/YmWOR6vmzRnSQ7UThIBq12wkGunObcs+jQqOv - CTeXVKN6ammVzHhpoOd1NrzEGfnS86xAYlRYZC+RNWbiVVpdYHhPRK/Vdti5anTY0eZOwW8jfS+F - tWiA+NVqU1J/uG+NmtkrrikxI+ZVKZAh2b1sEFxHmeFoORw9JtwW5tZZi3QlCFj8uYvzMNxCz/Fw - GQ+fbNiV0LHkmWmfD/iKNpfR5s/5WnbO2sUD3gbxchD/nLeWnKZbrPX25Qv19/JDM12wYqdnWME8 - 15BjX39DQ+SUKuumzRpJWhur5m5EnKOHeGvdi9G3NprR0UipMd3485J+hFtucSo2Q+fH+d5MtNUM - CxprmsjslnuqppwimksfSSBk7iVW14BwoE37AZudKN3E5syReS3SJvfP38goVFQ2harLbF+YquTX - bUugONWAuVLXfW9ORltxNyfvoxaugzNa9yJe92JwO0uE0sJePxHcTj1wU/jxc1TMeQ4mIA3TGREo - KERe+GaR3w6ftyjpplTsuZJMgcYJkfNeWtSX3803WsfEaESJF9yMK5G+E/LSHcb7UNHZLNOuaq6W - V+7dSiKVHOPRzKclHAM3DRN0u/KO3r1/c3B4/u5gb3x4Mj4fHx//dYxpYAsZzBw/mBTAjnBuSsvI - LxOGKVleM+xJUZJRZhX7XWjOjjTMsW9ZbZC1vuvS+1lso8HwRoThsLhIvHtNi9jmQvISq4aw33YZ - vbsva28WLbyO1yVG180CLGAuYfV1XVHXPoLJzV3hiRxrlFfn1dfH+4/R7pZWr3h6iVepjlmd8cbX - Xnup+amAu5tR0xroJO6OVwlX1N2qVPqwiWZa1tDPNU6J2+uBYvuqKbaaV3jZk7atwkM1/RqcT/Lu - 7y7Ltaoruvm8FjLDMWcYMp9NASSralNA5jh3cLxLzykwIRfkgIiUMby0MjwdIEvIWBH77A2Z+yQ3 - 3HMjYacrs0ImbIaIFEnoD/zwhtBD8EqV8rJQxiajcBQGs+bzcxdWEA82z1CRnZ7QSYYzhb1VV32r - vq98xgJ2GhnL/q65tqDZWObYWHOE6QGFw6M/2W6NXctOUi7XfNigdXPDTgDbgQLB9d6HsXt8bB5d - SWjTnpe0nAiLjUuqjgK4QkOMRhi7Yadoox/jLOpHm1G07bwTpdIF+HNhNfhK50Gai/5USJISE3zc - v6TFztfaZ2RwGDbQOitXd61gX3LiqsCrG/VzgJ/6hZ2XpOcqg09XG7JzDHldcsRwSf9OuGT2QQpe - EldOQC8EXpj77PlrUuyxZ6X9DZV/9eMXayBEo7t4Ei6gR+i4KyG7IVQ3Xmku0yKY8DzZYIeIYSOt - RZkd7N8VIcSYDhG0uCPufovIX5HY7Qf+/59GR9AgHm3FSIuNfdf82JcXitFYxMD+W5E9p78vUL3l - 078AAAD//+xZbU/bMBD+K1ElJJhImqRNgU6IVRqT9oEJMY1JbB8wdgqRmjjKSxli/e97znbcNCxo - QwjxAQmVxPfis32+e+5yBzFyCVrk92O8/MA/9ylnSRrOtYbndK31Np/XiwyFKGUj6/LmZmMjlf+s - mbE9Nvi8Q5BojMgkopK5014ih0wskxIBDOk+CieIS3PaVXhIk3zouC7VJJcOMqSzXFuBuFSYU47X - pyzsKZfmlG9vKKYx6MuuHaBWDjqSKy/YnGaiVIpYk9eV9zNzWqs8kaJexGaJm6QGFk9bjgOOUwUn - RUMG9bp6f2jJLQXgvIE0Bpu9m5o1kIiacbc1gLJe9BCKZexSkkn4Q0ZNnbMlpUU7jEnJ1+iHPA2v - M86hb4rAf7VIuDq/k0TFenN831Rypx0356LX5MjCWYBQeErmc5ozXhH/F+kk6sVBDbJMRCwUw9cq - zkt9bhgXNY81s7nmZ7hSAEGw5X9cRgnmkgI/ef82E2mS7TjbO79ToKdKTuHDDwF00Aegg3EfIWqD - paoAaFDVAaH7DqtvWbsEC0qbFfUx9oFU35ZLG7ium/u7UgdWqqoYv6HUqAFEWacpI3Qz6EvYtHdU - pcjiiRCILtgR45xqK9SX0ZyNRyK42h/70RVs29s7CMJwQvNYJszwCFtMBzsTgi4BONc2uKbi/SBv - WZlTnCOlj7YddKnsAW8pNg8Aa6gfh1EQBuM48ONRKA4mfMSjvYDvR0L4bDIP4v0jcai0bI1mW+En - /Gk5N2WZQR+uq4dKry7dW+yIG3rk+J6+aLRlbs5YSTsGeRXUUVDg8eOpO/HyjOzv9jNev8Xdrsjr - t7jbWXntFiPkCN1KMEVDG42cmpYg3SfCXbqBocPWBWIt2I/rQubx8AIhiFNFbS4edfJAtTeZ5jE9 - SVNvFCbSvoWClz/0t1DwEha/hYLeUGARB0y81jfunj4CmGcfemXFFnj6CyQC3hrcrwYPCX0NS7+v - YenbhmWXYKFbnC2TQmYa5phuSG2+SOnXf1nCUlbP1mnWuqxOTIRq9lyqjpltBqPMVRbfN48m6j55 - fvXtbtjo3R2k7NdZXNYLUtxaq+p1FdWs0uumljv1w2jldnxTONyQNgLK2tVq9QcAAP//AwC2QZ45 - 2BwAAA== + H4sIAAAAAAAAA7xX23LbNhD9FQwfOq1L8WZFVtjpdFxbTty6rispyYPj8cDkikRMASwA6lLb/95d + UpTiizKxO83ogSSAvZ89WN04sCi5TJ3Y0SBT0JAeCShS40o+BeOaJIcpd1UJmluhpHEhFXYKlrtJ + zmUGhcrcGWiDe5AOodRgQNrV2aQyVk0npPAyDIIw8DT8XYGx42UJZ5onViTguI4g+2HYD7r4YaCY + 4GdubWli309hAolN1SflcVtwYwSXngTroyXr81L4kS+MqcBvFVzDEuVPx4PRuBN2ez1cql0wTnzj + GPStMgm3kCm9bGJI8QsloiCKOkG/E74eB0EchfGryOtHvR+DKAjISTJi0fFazQudJHkfUxFE67BX + HymYRIuSEoer+8xMeVG4LBXGCplYVgpIgKkJmyt97ZF0ouQ7XTzTi0oKKhcvLvmMW679mYC5X7u1 + cXC1FQa7Yf8XI/6Bn6dY9mqKVgkWaHLMzTXVqrqy9BZPeGHAdRrBY4yrlnWdXCBwdJIvT2AG6Gtw + 5zpWILJKRIkTywpjdB7AZDfYthG2G6VWnzDUF1ZiJV3Xoa5sWwf6+Aw9m3DfSWEtKjDO2jZB+Pf6 + rFETO+eagGzEtCwEOpw+SAkWqoZft7/o9p/p7hdK1kayLlg32EM3ou4i6v6/VhpY1CBFg2FvEfa+ + hcFFa3E3WuxG38LiCvl3d4/hGLVwnIjF+4YDscjnF1j0LNOQIa08wjq6o4qq6fInQR7tbdvob9t4 + /Vh5Q2nNKhFGzd5O3AldB5Nj32PghNHmQN34lCctksazm0drhF5MgclVVaSHwpQFX64wjstzbvGi + aAj2+f3Y0PeGsP1GnaZuq18PVEUZDMnVD7QgZObEVldkO9GAwVILP0Xg3W7YEvjDtG2jmWhNMw83 + 1gV/uLG7ISahtLDLF2aiFffr6+HrCV5MeQbGJwnTKhG4kIss98ws2zDZW1xpKS9y7ggOV0DcRLB9 + eF/3tsQbbsNo2KfAc24GpUhOhLw+op1DKGm2kEmLmBpH83pvvSKVHOBowa8KGAI3DQr16s05O3n3 + 5vj08uT4YHA6GlwOhsM/hxgGNpfByPHAOAd2hiQsLSO7TBimZLFk2NCiIKXMKvab0JydaZhiR7PK + IMK8pxo7xIZyglsRBH21FzvNjYVFwixvuupei2O+MyF58fDQajJapbfGeYHetSyBBcwkrE9XJbXt + VyC5GWJeiLFGeH353Z87nge7Dax+5ck1joItslrlja2D1bT1nxxuR7amNdBI1N7VEubU3apQ+rTx + 5qqooJNpZKjNwKLYoWqKraYlDqvSrqrwpfrdT85H+flvn2VaVSWNZEdCpkhJhiHy2RWAZGVlckhr + zB0P9+l5BUzIGRkg0KQMh26G9wakMSnLI4+9IXUf5U793InZ+VqtkDGbYEbyOPB2veCWsofJK1TC + i1wZG/eDfuBPmuOXtVt+2L9AOXY+gqQiSmFv1bxj1dOyF8xn56Gx7K+KawuaDWSGfTXFLH1B4PTs + D7ZfYdOyUcLlloNNsm5v2QgnwNoRfD94P6gfH5pHWxH6WF2k9DoWFvuWRGsE4BsqYsRg7Jado45O + hFTUCXth+Lq2ToiSs9STODR7mZr5s6qQiDGLHODfP39BKrpBk0uSS+bgTYXV4Cmd+diInMApcPCj + BvbxqJfbaUFydSnwWReD9AwhqwqOWVvQ/5/a/UOQghcEjhHoGf7NYR32/REJuuy7wv6Ewq+86Ict + SUOl+3jtzsClfNQDJbulPO60WYx36kTQGts5rIAdIqpwcQSl9Vi45zLiEHYfsu0vD701Zj/+CwAA + ///sWW1P2zAQ/isREhNUJE3SpoVOiFViSHxgQkzjA/uCsVOaqamjvJRJjP++52zHpIGwjSHEByRU + mt75fPbdPfcSeh54L3+I2h/74d4YXtA7VKGOKPwhHQJBKPvHdc4WPrYfO/bTh3Z6cC0QvuOf+ywr + Y084jBLxf362fvO9r7LKcY9HySJGiMf6rj9clx+VUzUYD++hpweIsNtKYJIJaS+RfSZWSQH4QrKP + whFQaUa3DHepUw9Z71IJv3SQHx1SFT2ZyYi5MbpRhIwurNELY/SbOSEag7zltYNqloOO1MpzNqOd + KJECarKq9HDz5/fyT6SoFrGBrnVSXS5PGn4EjlNV+ImaDCpuZt+SGwLAOcdq/AifVIE4aV/mTuOH + AgVIByFfxS6lmIQ/ZNTUGVtRUmxYiZBrQh/kXHiccg55E8D+1SLhxoInicJ6Y8BvKrnTnRvL6FM5 + MncWIOSetfxxmjFe0pov0knUg4P+ZJWIWKz50hkiChUPtv4XDzFLM0lATw6+xUSaLLedre1fKRy4 + lBM47cN6Oeiql4NhFyGqCZRjyxw1gircqZFosfqWtU2wNWh9pi7GrprUt30TK0vG55TUHunS2qm/ + LcU2WUWVpoyKmY2u/Ex3R02JzJ9Z8VBEHTDOqe05FvvRjA0HIrjaHfrRFXQZj/eCMBzRPpYJOzzB + FpNhp0KQ14PzXgfXNL6f5A0rMgJFEvrkyELZIfZQXik2D/VU3TZHQRgM48CPB6HYG/EBj8YB342E + 8NloFsS7B2JfSdkcTDfDI/zpdW7KlqbacF39U+FVhXuDG3FDDyoKT0cWXZmbMVbQjWG9Am70D/h6 + eOqOvGxJ+rfHH29f4/b85O1r3J6/vHWNATlCTy1Mj9AsR07NOJHiiaouPVvQsHWByhTsn6tcZnH/ + AhDEqYE2gUdTQFBtJNM+Zihq2ovcIO07FLy+0d+h4DU0foeCTiiwFQZUvNYRd0svEMx3H3Jlycx7 + kXbF0TWG9LvGkL4dQ7YJtkKLl6skl0tdA5kZR2VegOnHv9F0JcuXG/ZqYVYodpqz4lyqQVg9X4YL + aZVv668GXZ+tgHpZ2K/l7myk7OdZXFQLEtw4rBph5eW01AenUTqNuejo9vf1xeHaarNAaXt3d/cb + AAD//wMA2W0gym8dAAA= headers: - ATL-TraceId: - - f5fe7dc01942c075 - Connection: - - keep-alive + Atl-Traceid: + - 997422388c65cb89 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4ce039d7-bba7-434f-8fb8-34cb48c87ced X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '240' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 330d0776-b376-4eb1-83a8-c2ea0b92ebfb - x-envoy-upstream-service-time: - - '149' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1617,91 +1364,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11109 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11804 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rfkIPiG6VBIW+56HAdp+4EyjLA3tsCRPJKchCv899uV - bd7acJQezKAXa9+efXYlvnqwrLjMvMTTIDPQkL0VUGamJ/kMTM+kBcx4T1WguRVKmh5kws7A8l5a - cJlDqfLeHLTBb5AdQqXBgLTNWa/nCdIcRVG4iQsD5RSXhbWVSYIggymkNlPnyue25MYILn0JNkAd - NuCVCOJAGFND0Cm4gEuU35+Mjyb9zTjEnalz1ku+egaN1iblFnKlLxvnMlyhQBzGUT8c9uPRJIqT - wXoyDP3hKPoljEPS4WzYywqcmmf6SPJBFIZhfBN1u8jApFpUhAjubjMz42XZY5kwVsjUskpACkxN - 2ULpC5+kUyU/6vIpXhhIaw3BXMCCz7nl+rUR/8DWDJNUz140W3vZVhQOolG7nKCjW7ch9zxKNNqa - cHNBOarPLM2SKS8N9LxOh5c4Jdc9zwokRoVJ9hJZYyRepdU5uvdM9Fpph53LRocdLe4k/NbTj1JY - iwqIX600BfWHO2vU1C64psCMmFWlQIZkD6JBcB1lhqPlcPQUd1uYW2Mt0pUgYPHnLs7DcAMtx8Nl - PHy2YpdCx5IXph0fsRWtL6P1n7O17Iy1k0esDeLlIP45ay05TTdZae36mup7+anpLpix4xPMYJ5r - yLGuv6EhckqVdVNmzU5aG6tmrkWcooV4Y9WH0bc6mtbR7FJhuvbnJf2o52GY9hNWHPGqPcAt9smm - Df14BTQ97qarBY02TfR20x1VU5QRdarPtCFk7iVW13DdNi9SpkXaxP71mz1yDI+aQtVltitMVfLL - tiRwO9WAsVLVfa9PRhtx1ycfohaugjNa9SFe9WFw20uE0sJePhPKTjxwXfjpfVTMeA4mIAnTKRG4 - UYi88M08v20+73Gn61Kxd01sOANqJ0TOB2FRXX433mgVE6MRBV5wM65E+kHIC3cZ70JFd7NMu6y5 - XC7ct5sdqeQYr2Z+VsIhcNMwQbcz7+DDx3d7+6cf9nbG+0fj0/Hh4V+HGAaWkMHI8cCkAHaAfVNa - RnaZMEzJ8pJhTYqSlDKr2O9Cc3agYYZ1y2qDHPVdlT6MYhMVhlciDIfFeeI1VwYmCVG+Lap7hYx4 - 50Ly8uGh9mXRwut4XaJ3XS/ABOYSbk7XFVXtE5jcvBWeybFG+Oa+un+9/xjtbmn1hqcX+JTqmNUp - b2zttI+an3K4exk1pYFG4u56lbCg6lal0vuNN2dlDf1cY5e4fR4otquaZKtZhY89adssPJa/++B8 - kXd/t1muVV3Ry+etkBk2NcOQ+ewMQLKqNgVkjnN7h9s0ngETck4GiDQZw0crw9sBsoSUFbHP3pG6 - L3LNjWsJO75RK2TCpohIkYT+wA+vCD0Er1QpLwtlbDIKR2EwbY6fOreCeLB+goLs+IhuMuwp7L1a - 9K36vvAJC9hxZCz7u+bagmZjmWNhzRCmRwT2D/5k2zVWLTtKuVxxsEHr6oodAZYDOYLznU9jN3xu - hi4ltGjvS5pOhMXCJVFHAZyhIkYtjF2xY9TRj7EX9aP1KNp01olS6Rz8mbAafKXzIM1F/0xI2iUm - +Lh+TZOt+9InpHAYNtA6LYu7WrAuOXFV4NON6jnAo35hZyXJuczg6HJDeg4hr0uOGC7p3wkXzC5I - wUviyhHoucAHc5+9fEuCPfaitL+h8K9+/GoFhKh0G2/COfQIHfckZFeE6tobzWVaBBOeJ2tsHzFs - dmtRZnu7d7cQYgyHCFrc2e5+i8i/IbFbD/z/P4yOoEE82oiRFmu7rvixLs8Vo7aIjv23IHtJf1+h - eMunfwEAAP//7FltS9xAEP4rQRC0mFySu5x6RexBLfSDRSy1YPvBdTengUs25M0We/+9z+xu9mI0 - 0oqIHwQ5k8zs7GRn9tlnJr8xjFKCXvL7EW5+4J/7lFiShTNt4TlTa73MZ/UyQyFKp5FNebOzsZAq - f9bKWB4LPu8AEq0TmQQqmT3tJXLERJOUADAc91E4BS4taFWRIe3hQ+G6UJNcODghnWbtBXCpMFGO - 11EWNsqlifLNNWEag73sygFr5ZDjcOUFW9BMdJQCa/K68n5mTuctj6Wol7F5xbuilhbPOokDjRNF - HkUrhvSqen9gxR0D0LzGaDxs125m3oGGqBl3Og9Q1osBQdHELh0yCb+vqKUL1tCxaB9jUso1+qFM - w+2cc9ibAfgvlwlX8TtOFNab8H1ThzutuImLfidHFs4SgsJTYz6nOeMV6X+RTqJuHNQgTSJioRS+ - VnFe6rjhuah5rJXNNj/FlgIJgi//kzJqYC4J+Cn7t5hIk2zb2dr+k4I9VXKGHL5PoIMhAh1MhgRR - K6BDtypAGlQtQOy+p+pb1b7AktL2jYYUh0iqb8slVlWMX9Mh9yD/9fcfJHt9klDWacqI3WwMHdi0 - dlSlyOKJFIg22CHjnCop1JfRgk3GIrjcm/jRJRzd3d0PwnBK81glzPCIWkyBnQtBmwCaax9cU/F+ - kDeszAnnyOijbQddKnvgW0rNA8Ea6ctRFITBJA78eByK/Skf82g34HuRED6bLoJ471AcKCub4/lm - +Al/epybssywD9fVj0qvLt0brIgbepT4nt5otGRuzlhJK4bxCtRRUODy44k79fKM/O/3M16/x/2u - yOv3uN9Zee0eA3KEbiWYoqHLRk5MS5D2E/Eu3a7QsHUOrIX6UV3IPB6dA4I4VdRm41EnD1K7k2ke - 05M09UZhkPYNCl4+6G9Q8BIev0HBIBT0GQYo1Mbtisa0DAO+X+mteEtfB8y1jwllxZa4esDKUMPS - H2pY+rZh2RdY6hZnTVLITJMj0w2pzRcpfftPnqLsVBZu20uDgk9Avs63tFFrd2cjZb9O47JekuHO - 3Kr3VFTzSvvRyOrZ+tvalrWJqVBVn0nVuWub0tRyp34YzWj9uOtseMdbM0Ctzmq1+gsAAP//AwBJ - aSPD2BwAAA== + H4sIAAAAAAAAA7xX23LbNhD9FQwfOq1L8WZFVtjpdFxbTty6rispyYPj8cDkikRMASwA6lLb/95d + UpTiizKxO83ogSSAvZ09u1jdOLAouUyd2NEgU9CQHgkoUuNKPgXjmiSHKXdVCZpboaRxIRV2Cpa7 + Sc5lBoXK3Blog3uQDqHUYEDa1dmkMlZNJ6TwMgyCMPA0/F2BseNlCWeaJ1Yk4LiOIPth2A+6+GGg + mOBnbm1pYt9PYQKJTdUn5XFbcGMEl54E66Ml6/NS+JEvjKnAbxVcwxLlT8eD0bgTdns9XKpdME58 + 4xj0rTIJt5ApvWxiSPELJaIgijpBvxO+HgdBHIXxq8jrR70fgygIyEkyYtHxWs0LnSR5H6EIonXY + q48UTKJFScDh6j4zU14ULkuFsUImlpUCEmBqwuZKX3sknSj5ThfP9KKSgtLFi0s+45ZrfyZg7tdu + bRxcbYXBbtj/xYh/4Ocppr2aolWiBZocc3NNuaquLL3FE14YcJ1G8BjjqmVdJxdIHJ3kyxOYAfoa + 3LmOFcisElnixLLCGJ0HNNkN2o1Sq08Y0QsBX0nXcNcJbOGmj89IsonqnRTWogLjrG0TU3+vzxo1 + sXOuia9GTMtCoMPpg8gxHzXLuv1Ft/9Md7+QmTaSdV66wR66EXUXUff/tdJkv+YiGgx7i7D3LQwu + Wou70WI3+hYWVwS/u3tMx3AbT6N2YyIW75seiNk/v0A2ZJmGDNvKI66jn6qomip/Umu0t22jv23j + 9WPlTUtrVqlh1N3biTuh6yBq9j0iQuRtDtSFTwBqkTSe3TxaI1ojNiZXVZEeClMWfLkiPy7PucWL + ommwzy/Upn1vGrbfqNNUhvXrgaoIwZBc/UALQmZObHVFthMNGCzV9lMNvNsN2wb+ELZ1m3m4sS3h + 0TrhDzd2Nx1LKC3s8oVItOJ+fT18fYMXU56B8UnCtEoELuQiyz0zyzYt7i2utL0wcu6IDldATYto + +/C+7m2JN9zG0bBPgefcDEqRnAh5fUQ7h1DSbCGTljE1j+b13npFKjnA0YJfFTAEbhoW6tWbc3by + 7s3x6eXJ8cHgdDS4HAyHfw4xDCwug5HjgXEO7Ay7s7SM7DJhmJLFkmGli4KUMqvYb0JzdqZhiqXO + KoMM856q+BALygluRRD01V7sNDcWJglR3lTVvRJHvDMhefHw0GoyWsFb87xA79ougQnMJKxPVyWV + 7VcwuRliXsixRnh9K96fO55Huw2tfuXJNY6CLbNa5Y2tg9W09Z8cbke2pjTQSNRe4hLmVN2qUPq0 + 8eaqqKCTaexQm4FFsUPVJFtNSxxWpV1l4Uv5uw/OR/n5b59lWlUljWRHQqbYkgxD5rMrAMnKyuSQ + 1pw7Hu7T8wqYkDMyQKRJGQ7dDO8NSGNSlkcee0PqPsqd+rkTs/O1WiFjNkFE8jjwdr3gltBD8AqV + 8CJXxsb9oB/4k+b4Ze2WH/YvUI6djyCpqKWwt2resepp2Qvms/PQWPZXxbUFzQYyw7qaIkpfEDg9 + +4PtV1i0bJRwueVgA9btLRvhBFg7gu8H7wf140PzaDNCH6uLlF7HwmLdkmjNAHxDRYw6GLtl56ij + E2Er6oS9MHxdWydGyVnqSRyavUzN/FlVSOSYxR7g3z9/QSq6QYMlySVz8KbCavCUznwsRE7kFDgR + UgH7eNTL7bQguToV+KyTQXqGkFUFR9QW9P+ndv8QpOAFkWMEeoZ/c1iHfX9Egi77rrA/ofArL/ph + C2iodB+v3Rm4hEc9abJbwnGnRTHeqYGgNbZzWAE7RFbh4ghK67Fwz2XUQ9h9yra/PPTWnP34LwAA + AP//7FltT9swEP4rERITVCRN0qaFTohVYkh8YEJM4wP7grFTmqmpo7yUSYz/vudsx6SBsI0hxAck + VJre+Xz2vT13oeeB9/KHqP2xH+6N4QW9QxXqiMIf0qEkCGX/uM7Zwsf2Y8d++tBOD64Fwnf8c59l + ZewJh1Ei/s/P1m++91VWOe7xKFnECPFY3/WH6/KjcqoG4+F96ukhRdhtJXKSCWkvkX0mVkmB9IVi + H4UjZKUZ3TLcpS49ZL1LJfzSQX10SFX0ZKYi5sboRhEyurBGL4zRb+aU0RjkLa8doFkOOkorz9mM + dqJCilSTVaWHmz+/l38iRbWITepaJ9VwedLwI3CcKuAnajKouJl9S24IAOccq/EjfFIF4qR9mTuN + HwoAkA5CvopdKjEJf8ioqTO2oqLYsBJlrgl9kHPhcco55E2Q9q8WCTcWPElUrjcG/KaKO925sYw+ + lSNzZwFC7lnLH6cZ4yWt+SKdRD04aFxWiYjFmi+dIaKAeLD1v3iIWZpJSvTk4FtMpMly29na/pXC + gUs5gdM+xMtBF14Ohl2EqCZQjS1zYAQF3KmRaLH6lrVNsBi0PlMXYxcm9W3ftAbZ2qWelSXjc6p4 + j2Jh3zZZRZWmjMDMRld9prujpkTmz0Q8FFEHjHNqe47FfjRjw4EIrnaHfnQFXcbjvSAMR7SPZcIO + T7DFZNipEOT14LzXwTUd8Sd5w4qMkiIJfXKWoewQe4BXis0Dnqr76SgIg2Ec+PEgFHsjPuDROOC7 + kRA+G82CePdA7Cspm4PpZniEP73OTdnSoA3X1T8VXlW4N7gRN/SgovB0ZNGVuRljBd0Y1qvEjf4B + Xw9P3ZGXLUn/9lzk7WvcHqy8fY3bg5m3rjFSjtBTC9MjNOHIqZkzUjwR6tKzBZ22LoBMwf65ymUW + 9y+Qgjg10CbwaDwIqo1k2scMRU17kZtM+54KXt/o76ngNTR+TwWdqcAiDqh4rSPult4smO8+5MqS + mfcibcTRNYb0u8aQvh1DtgkWocXLVZLLpYY5ZsZRmRdg+vFvNF3J8uWGvVqYFYqd5qw4l2oQVs+X + 4UJa5dv6q8muz1ZAvSzs13J3NlL28ywuqgUJbhxWjbDyclrqg9MoncZcdHT7+/ricG21WaC0vbu7 + +w0AAP//AwDq8lXFbx0AAA== headers: - ATL-TraceId: - - 11bcc2312fe0d9b2 - Connection: - - keep-alive + Atl-Traceid: + - 21ef8db8d8167ff9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:53 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c474e043-f772-4009-8da0-27466d5282ce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 967aa848-dbce-4b11-8849-6fb07107ff2e - x-envoy-upstream-service-time: - - '143' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml index 02650914bfc..3098dd56427 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlpmiZLbqIHFVmFdk8ikjQTrKTJ0qbCsux/N8XFj9vwzvPM - y5yI0TPuJ08UeU/pMKvNxqLDPtn4EalOXs/zoAMNmEhBPnGahxgyXAFUFCiU7e76ub176n63u2U0 - eSLqZYUKKOC1IBYPPh5HDKk7HjAfuPFxsVkyy+Dtt0LUKjTyEt7qtIIMWFUCL5nsKq6gUjWnAHAF - DCD7M065txvGf+y2q5iqheKCNo38YfvxPriYQcm2UjTO6L7GWqOA3gkpjDVagusBNOdSGqz/FCS/ - NjwMkybrO04vPj3GXq/xifjLRDC87VtyPn8BAAD//wMAajPytloBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIEpGZVUT5PyH7YaH0foE8pIKW1hrC1EzxrGoEctKMU47hZp3QpQGC/63ILq1 + 4bGfFazvWLW4+OQ7tcYncJcJzPi238H5/AUAAP//AwBOFMsaWgEAAA== headers: - ATL-TraceId: - - 0ae465e9a896116f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 847b2dc585c4ff83 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fa0a45a9-e8d2-43d0-929d-d6509129c16e - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 124ee2c0bafd5028 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f2759cd2-d550-4199-befd-d2c5a9ac3568 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ca9fbc9e-9491-41e0-a3cd-91bad2e05cc3 - x-envoy-upstream-service-time: - - '83' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - e9d81f5e3642c22e - Connection: - - keep-alive + Atl-Traceid: + - 899781844d946723 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:46 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a7fc2b79-539d-487d-adea-c8db083aa5fc X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '174' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f3813c74-1998-4eb5-9ec3-509b9b10dc61 - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/237] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/19] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2875]\n*Defect Dojo - link:* http://localhost:8080/finding/2875 (2875)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/300]\n*Defect Dojo link:* http://localhost:8080/finding/300 + (300)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2874]\n*Defect - Dojo link:* http://localhost:8080/finding/2874 (2874)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/299]\n*Defect + Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '3308' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11110","key":"NTEST-921","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11110"}' + string: '{"id":"11805","key":"NTEST-1467","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11805"}' headers: - ATL-TraceId: - - 2cdec142d6cb64e7 - Connection: - - keep-alive + Atl-Traceid: + - 5628fb95e3ec7a74 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 93040284-efdc-4432-82b3-e1a174b12ed5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '648' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 14dcffd2-aab3-4633-b3f8-aef5a012e906 - x-envoy-upstream-service-time: - - '404' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-921 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1467 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6Nz1kvglAVLfMB0O0pa7HseFtP1AGUaxF0fFljySnIQr/Pfb - le2kvISj9MIHy7L22dWzz67EVw+WJZepF3saZAoa0jcC8tR0JC/AdEwyg4J3VAmaW6Gk6UAqbAGW - d5IZlxnkKuvMQRv8BukYSg0GpK3Xeh1PEHKIvwBfDOQX+DqztjSx76dwAYlN1RfV4zbnxgguexKs - jxjW56XwI18YU4HfAlzCFdofTUYnk+6rKMSZCxesF3/1DDqtTMItZEpf1cGl+IYGURCF3WDQjYaT - MIr72/FgpzfYin4JooBQnQ97VYKDeWaMZO+HQRBEq103LymYRIuSGMHZPWYKnucdlgpjhUwsKwUk - wNQFWyh92SPrRMkPOn9KFAaSSoM/F7Dgc265fm3EP7BbYJKq4kU9dZjuhkE/HDavEwx0d73ljkeJ - Rl8Tbi4pR9XU0ii+4LmBjtdieLEDuel4VqAwSkyyF8sKd+KVWn3B8J7JXmPtuHPZaLm7k/B1pB+k - sBYBSF+NNW3qD7fWqAu74Jo2ZkRR5gIVkt7ZDZLrJDMYLgfDp4Tb0Nw4a5guBRGLv295HgQ76Dka - LKPBs4FdCp1KXpjm+YivcHsZbv+Yr2XrrBk84q0fLfvRj3lrxGnawUZvNzdU38uPdXfBjJ2eYQaz - TEOGdX1PhqgplVd1mdUzSWWsKlyLOEcP0c6mD8P7GHXrqGepMF378+Ju2PQLUrAWSe3u67050heG - b2aqytMDYcqcXzUqxOkFt9hX67b1/RVT98RVF/RrNE3l4Ib7qiJWXKSfaELIzIutrsg1YtqP2C6o - KBoyNOBeqeoe6pPhznbbJ++yFmyiM9z0IVq3DKG0sFfPZKA1912zfXq7FAXPwPhkYVoQgRMzkc16 - Zp6te8w7nGmbUeTd3N9Kv91KzqdA7YTEeWcR1eWDRISblBgOiZEZN6NSJO+FvHSH8QGUdDbLpJWQ - E9bCfVvNSCVHeDTzaQ5j4KaWpW5G3vH7D28Pj87fH+6Pjk5G56Px+K8x7g9LyCAluGAyA3aMfVNa - Rn6ZMEzJ/IphTYqcQJlV7HehOTvWUGDdssqg5nquSu/u4hUCBtciCAYzHXv1kYHZQ/rXRXWrkDER - mZA8v7uouVk09Drh5xhd2wsws5mE1eqqpKp9gpLru8IzxVcbr86r28f79+lxrbffeHKJV6lWci14 - 7Wu/udT8UMDtzaiuGXQStcerhAVVt8qVPqqjmeYVdDONLWt9PVDsQNXJVkWJlz1pmyw8lr/b5HyW - 3/7tsUyrqqSbzxshU2xShqHy2RRAsrIyM0id5g7He/ScAhNyTg5INCnDSyvD0wHSmMBmUY+9JbjP - 8qV7vozZ6QpWyJhJ3L0V3CodB72tXv+aKEQGc5XwfKaMjYfBMPAvaptzF5sf9XfO0JqdntBxhh2H - vVOLrlUPG58xn52GxrK/K64taDaSGVZXgVw9YnB0/Cfbq7B02UnC5YaFNWXX1+wEsCYoEBzvfxy5 - x6f60eaFXppDk4YTYbF6ydTpAEcIxKjBsWt2ihjdCCu2i9e7KHTeSVfJHHqFsBp6Smd+konuVEia - JTn08P01DXZvW58RYD8I1iiLb1GwODkJVuD9jYrax6W9mS1yslunB19cgggswt8YsirnSOaS/rlw - uzoAKXhOyjkBPRd4fe6yn45WCB32Ire/7iLMdi/4eQOjCL+HR/UcOkSWuyayh5jZxr1t9V89k5nG - 2jEzeDozg/9k5v9j5V8AAAD//+xZbU/bMBD+K9YkJKiWtEmTtlRCjAkmIQ2E9sIk9qXGTptMbRLl - pf3Cj99ztvNCobBVwJiEWrWJfeec7+U53+VPtIKo+pjxWITdb3w27rBzOJoeLaO5PD1uD8EPsTMK - 5bA1XH1Cx67DXd337ec0cxXPXXc09BFFnWMFmMCyXwmjVAIRH2dku/S7B/Yq/MBGfkLb/XGCm5/4 - s7ZxfVrhUq/wlJHYKPyynMco3imD1wjRRkPoVDlVwwEd1ajdAbpWksQJ4NzgoB0lXS6XUQ7kDygZ - DgHoU1ItHKbK2mS5SfOkCcP5gi0beYDqmbF60Fhd1lbPjdV5USA95u/ZKoxEyHDGns2AriU2w1KO - Z8UzxhmKAQFGnFlExqckx+RIiCAtrM88npUA4gkLAy7BueRIcLbeLWsp6CyR5Txoa+f2fFWKjNue - B5ILdQKX1TymZ9W0c3sFUIZgx2Cl97HZOrFwJa+6vCUC+Rj9kIfhlraVY5W0vJ5HQpnsLFJ50Vjs - uzoIkX6NKbQoDNaeYyJTW++cLlIuCqI/T1ikbhjqtWUkA6kIvhZBmmsrYVyWItDEJtC/IJRwYIQs - f+MlijFNKD+S1+9yuYjiPba7d7PASbNIxrXv3gsVzw8T3rYw4SmY8B6FiW3ywB2YeJq01AT9C8HE - 4A0mXgAmvP8cJgaG8RGYuNuTcDb1JByvmqBypcjgKKorQk2adVJ/wxq9jROb6vxeXedXW91EWHeg - 1if2762X1+ss5fohFRq6JsvLxYJTwfjuwRqIFEjdnyTbsrSkHsAh3JE6TqfywJ9yry+d65HX868h - /XC477jugCrZmghPeIAsIOseSUmuDspGBst0Ej8kK56nBHK06IPtXN2CtFHHKjIbhWtXX3Z9x3W8 - wOkFfVfuD0Rf+ENHjHwpe3wwdYLRoTxQq+z0j3bcT/hqPmvBY1PQWZYeyu0yt1bQiOXa5P22jjZS - mZVynpPGwK8Qnc9zXB5fWAM7jUn+9T7x65d4vdv8+iVe71i/dokBSFL3i00zpn0UuTCvWiieqErT - bV0NalcAXJCflFmSBt0rwI2gFqYJPHpDgtk6kuk55l2P6eNkBm7foODljf4voeA3AAAA//8i18Wj - RQGtXUyHogAAAAD//4IVBfDWBdCJ6ZAcVw2aXIWyDYDm5pck5gBZmA0mA2CjS6m6VglTAtdEkAF8 - IghdAj6tgi4Bb7+l5pVlFuXnQdo60FHmUuhMP4RLjBfK8kuoNv8GMQtuJtCijMTisHzwTARsxg+Y - tCAuroYxoaUu2faD10Tow8zVUcpNrAhKLS7NARmM5FfwHEJRiWMJxN+gqUzQPAPI53BxVM1GKLqh - GsCura2tBQAAAP//AwBTMm/DMCIAAA== + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsNMepkOhSchJZSapzkgTDMIh1LG6RdZXdl7Ab+e8/R + xU4MzgQ6DTxIezn373w6/uTAouQycSJHg0xAQ/JSQJ6YnuQFmJ6JMyh4T5WguRVKmh4kwhZgeS/O + uEwhV2lvDtrgGSQTKDUYkLa9G1fGqmJGCi8D3w98V8PHCoydLks41Ty2Igan5wiyHwQjfwcXBvIZ + LjNrSxN5XgIziG2iPiiX25wbI7h0JVgPLVmPl8ILPWFMBV6n4BqWKH8yHZ9N+8Fw9zlu1S4YJ/rk + GPStMjG3kCq9bGJIcIUSoR+GfX/UD/amvh+FQbSz56L8z37o++QkGbHoeK3miU6SvIep8MNV2O0i + ARNrUVLicHefmYLneY8lwlghY8tKATEwNWM3Sl+7JB0r+Ubnj/SikoLKxfNLPueWa28u4Mar3Vo7 + 2B4F/iAY/WrEP/CiwLJXBVolWKDJKTfXVKvqytJbNOO5gZ7TCB5hXLVsz8kEAkfH2fIY5oC++nc9 + xwpEVokocSJZYYzOBkwGfndQavUBI3piwlvpOt11Abt00+IzkKyjeiOFtajAOCvbhNQ/6rtGzewN + 14RXI4oyF+hwshE51qNG2XC0GI4e6e5XKtNFsqrL0CdUh8NFOPx/rTTVr7GIBoPdRbD7PQwuOouD + cDEIv4fFFuB3d/fhGGzDadgdzMTibcOBWP3zC0RDmmpIkVbuYR39VHnVdPmDWsPn2w5G2w727itv + KK3ZJcKo2duJ+gEuuUVSb8jw8U3VUO2aXL1GnaaWqV8PVEXRBkSY72hDyNSJrK7gruVQ0qZF3OTg + 07098gyvmkxVeXIoTJnzZdtmuI1u2bdYT2q9NhsaMFjq7fsEPnKfD4cdgW+mbUUzmwfbCh6uCr55 + MFgzllBa2OUTs9uJe/Xn4dsJXhQ8BeORhOmUCNzIRJq5Zp6uKe417nRcGDp1Qq+ASItgu/m93t0S + b7ANo8GIAs+4GZciPhby+iWdHEJJs4WMuzrW1b2pz1Y7Uskxjhb8KocJcNNgQ7dvzunxm1dHJ5fH + Rwfjk7Px5Xgy+WuCYWBzGYwcL0wzYKfIztIyssuEYUrmS4adLnJSyqxivwvN2amGAludVQZR6z7U + 8QE2lOPfCt8fqVnkbLQz5jYVkudYNUz7us3obHOvnYza9NZIz9G7jiWwgKmE1e2qpLb9BiQ3Q8wT + MdYIr76KX84dj4PdGla/8fgaR8EOWZ3yxtZBO239J4e7ka1pDTQSdh9xCTfU3SpX+qTx5iqvoJ9q + 5I31wKLYoWqKrYoSh1Vp2yp8raZfJue9/Px/n6VaVSWNZC+FTJDmDEPksysAycrKZJDUmDua7NPz + CpiQczJAQEoYDt0MvxuQRKQsC132itS9l8/q57OIna/UChkxidFbwa3Ske/uuINbSiFmMFcxzzNl + bDTyR743a2Qua9+8YO8Chdn5GcQV8Qp7rW76Vj0se8E8dh4Yy/6uuLag2Vim2FwFpuorAienf7L9 + CjuXncVcbrnYZOz2lp3hGFg7gu8Hb8f1413z6MpCi/ZrSq9TYbF5SbSGAb6hIkY0xm7ZOeroh9iw + fZw3w6C2TrCS88SVODm7qZp78yqXCDSLROB9ef+CVAx8fyUX34BbCKvBVTr1sBs5IVTgWEhd7OFV + N7NFTnLreuCirggpC/FvAmmVc0zfgn4N1XEcghQ8J6icgZ7jjx7WZz+erDT02A+5/eUFqtl1/Z+2 + 5BDV7+MHcg49Sk89fbKHcrGLse0M9r45F/8CAAD//+xZW2/aMBT+K9akToCalIRwnaoOiVWqtE5o + 1fbQvWBiA5mARLnAS3/8vuM4IdAGNqoiJlWgQGIf+/hcPvs70f2VLZy/t4Vz0BantQMSJwuuXk3Z + hJ6x2iCRbICMw8MHGcQms9qXjPCVbadz9plZZp7P6r5hvqVbs4Sl2EKa1AYKEIFVv31GWwXUPijH + KrhUXzLA/uWzGnIPDb/wYxyVBpgTUaSGeF0ibvug9uAnIax5680lgFCmFv84jT9x18Uq1N9N0BUE + BxvArgFYczV8ILnGQNPzr7hYeRFAX9I+2AaWT8jqCKRswyafjjYzjBiOFoz0B53Vh4lQx4PWjuJB + 5PEQ6XjgcYydMbpk65nnzhjOuNMpkDUB1LGAY67llHEGhuBCEMcVN+QT0mPUVws1vvLlNAEIj9hM + cgHJFcfeZqarZT83Ct37IpnL4jax3Z7xk14xJtFlqI7vImtH8zRrtrZHQM8ZxPEQUa6SvHfYMYTu + PbpQfOGWlhVhlCAZzz1XO+3eU5ui9tkPdQoiC2tnpMowgMscDaFePOTuFgF3Y5L55jNP3TAwvJUn + pNgKp+9IKhwNMfW/BIUWDXzaDCnGK1wsvGWVVapPC8Rw7PfyuH0RNd4YMexu9yjEgByr4PJaxDhq + s3iGGMduV0UHnxoxWu+IcQLEcP4vxGjlogcQ43kpwiorRVhOkV3GISJDlVOoQLLbtVkyRr20oYze + 13N6ny22rGNZSaqel6S2qPMuvVKxPiOCkVKxKFksOPHED3upDxmQij5+eCSjJOp/g/ijUtWduG5O + uNMQ1rjj1JtjaN9udy3bbhGBzTthhj3dJHm3LwTFNnpudDB0xfGzv+ZRQOBIg+6tFSubSxP0VXUz + wVezemXTsi1HWnXZsEW35TbcZttyO00h6rw1sWTnRlyrUS4a/Qv7Ft9UzljwpSZyhpE+iswkMtaw + iGGbUFGYaXqRyYyA84gsBnkF4Hwe4e9gaLTMYEn679adz1/j3cL1+Wu8W/g+d40BSCKt1eoaTPFY + MtTvcSifiLml9eAU1B5B+tH9SxL6gbx6BNy4VKDUiUevX9CaZzLNo1866fJNqOH2HQqOdPofAAAA + //+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMBbF0AnpkNyXDVo5hbKNgCam1+SCJ13Rm+j4JrmMcA1 + zWMAn+ZBl4A301LzyjKL8vMgTRroGHIpdIEBhEuUS/NzISZUw5jQwo6MAg5pbYQ+zFwdpdzEiqDU + 4tIckMFIdoNH7ItKHEsg7ijLL6HeRCHEMLihQLsyEovD8sETHrDZPdBUJWgaAWQl3CGorjVCcS5U + Azh4amtrAQAAAP//AwDV8BXAzyIAAA== headers: - ATL-TraceId: - - bd60aed11a5c43d2 - Connection: - - keep-alive + Atl-Traceid: + - 65dd9550196d9ecd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:21:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1a953a62-f7cd-401e-90ab-04e80b30f8e7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3b9ac77f-1921-4338-942d-0750c28e9390 - x-envoy-upstream-service-time: - - '98' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11110 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11805 response: body: string: !!binary | - H4sIAAAAAAAAA6xX23LbNhD9FQwfMm0q8SbFVtjxZFxbSdymrisryYPj8UDkmkJMARwAlOTG/vfu - gqSUyJbrOKUeCIDYs7tnL4C+eLAsucy8xNMgM9CQvRZQZKYj+QxMx6RTmPGOKkFzK5Q0HciEnYHl - nXTKZQ6Fyjtz0Aa/QTaCUoMBaeu9XscThBzhE+LEQHGJ06m1pUmCIINLSG2mPiuf24IbI7j0JdgA - MWzASxHEgTCmgqAFuIJrlD8eD0/H3ZdxhCuXzlgv+eIZVFqZlFvIlb6ujctwhgJxGEfdsN+NB+Mo - Tno7SX/X77+IfwnjkFCdDntdgoN5oo0kH0RhGMYrr5tJBibVoiRGcHWfmRkvig7LhLFCppaVAlJg - 6pItlL7ySTpV8r0uHmOFgbTSEMwFLPicW65fGfEP7M0wSNXsWb10lO1FYS8aNNMxGrq3drnjUaBR - 15ibK4pRNbE0Si55YaDjtRhe4kBuO54VmBglBtlLZIWeeKVWn9G8J7LXSDvuXDRa7jYCvrb0vRTW - IgDlVyNNTv3h9hp1aRdck2NGzMpCYIZkG94guS5l+oNlf/AYcxuaG2UN06UgYvH5mud+uIua4/4y - 7j8Z2IXQZckz07wf0BXtLKOdH9O1bJU1gwe09eJlL/4xbU1ymnawVdvtLdX38kPdXTBiZ+cYwTzX - kGNd30lDzClVVHWZ1StpZayauRZxgRri3W0fBncx6tZRr1JhuvbnJd0Ip9xiV6ybzvfne93RVj0s - qNE0JbMbHqiKfIqoL32kBSFzL7G6gtumVRGYFmnt6Zc7a2QYbjVTVRXZoTBlwa+bAsBltMp+wHZB - RdGQoQF9paq7r09Guzttn9xkLdxGZ7TtQ7xuGUJpYa+fyGErHrhm+/h2KWY8BxOQhGlBBC5MRT71 - zTxf95i3uNI2o9i7vetKr3Wl4BOgdkLJubGJ6vJeIqJtmRgNiJEpN8NSpO+EvHKH8SGUdDbLtI2j - i+7CfVutSCWHeDTzSQEj4KbODd2MvJN3798cHV+8OzoYHp8OL4aj0V8j9A9LyCAluGE8BXaCfVNa - RnqZMEzJ4pphTYqCQJlV7HehOTvRMMO6ZZXBrPVdlW568RIBwxsRhv2pTryNokXScyF5geHEeKyr - jL5trjU3i4Zel+kFWtf2AoxsLmG1uyqpah+RyfVd4YnJVwuvzqtvj/fvy8d1vv3G0yu8SrUp14LX - ug6aS80PGdzejOqaQSVxe7xKWFB1q0Lp49qaSVFBN9fYN9bXA8UOVR1sNSvxsidtE4WHYvotOZ/k - 1799lmtVlXTzeS1khm3OMMx8NgGQrKzMFDKXc0ejfXpPgAk5JwWUSBnDSyvD0wGyhMCmsc/eENwn - +dy9nyfsbAUrZMIkem8Ft0onof/C790QhchgoVJeTJWxySAchMFlLXPhbAvi3u45SrOzUzrOsOOw - t2rRtep+4XMWsLPIWPZ3xbUFzYYyx+qaIVcPCByf/Mn2KyxddppyuWVjTdnNDTsFrAkyBMcHH4bu - 9bF+tXGhSXNo0nAsLFYvibo8wBECMWpw7IadIUY3xort4vUujpx2yqt0Dv5MWA2+0nmQ5qI7EZJW - KR18nL+iwd630ucE2AvDNcriaxQsTk4JK/D+RkUd4FZ/amcFya3DgxMXIAKL8RlBXhUcyVzSnwvn - 1SFIwQvKnFPQc4HX5y776XiF0GHPCvvrHsLs+OHPWxhF+H08L+fQIbLcNZHdx8wO+vai9/KJzDTS - jpn+45np/ycz/x8r/wIAAP//7Flta9swEP4rYlBow+zEjp2kgdJ1tIPCWspeOui+RJWc2COxjV+S - L/vxe06SX5Iu7RbaroOSkNjSnXy6l+d05z/RCqLqfcZjEXa/8Nm4wy7haHq0jOby/LQ9BD/EziiU - w9Zw9Qkduw53dd+3n9LMVTx33dHQRxR1ThVgAst+JIxSCUR8mJHt0+8B2KvwAxv5CW332xluvuPP - 2sX1aYVrvcJjRmKj8OtyHqN4pwxeI0QbDaFT5VQNB3RUo3YH6FpJEieAc4ODdpR0uVxGOZA/oGQ4 - BKBPSbVwmCprk+UmzZMmDOcLtmzkAapnxupBY3VZWz03VudFgfSYv2WrMBIhw0F3NgO6ltgMSzme - Fc8YZygGBBhxZhEZn5IckxMhgrSwPvJ4VgKIJywMuATnkiPB2Xq3rKWgi0SW86CtnfX5qhQZtz0P - JFfqDC+reUzPqmlnfQVQhmDHYKX3sdk6sXAlr7pcE4F8jH7Iw3BL28qxSlreziOhTHYRqbxoLPZV - HYRIv8YUWhQGa88xkamtd84XKRcF0V8mLFI3DPXaMpKBVASfiyDNtZUwLksRaGIT6J8QSjgwQpa/ - 8RLFmCaUH8nr97lcRPEB2z/4ucBJs0jGte/+FiqeHia8XWHCUzDhPQgTu+SBOzDxOGmpCfpngonB - K0w8A0x4/zlMDAzjAzBxtyfhbOtJOF67zCwyOIrqq1CnZJPU37JGb+tEXedXO9pGuK3u79UdqLVS - ebOc2uQ6rLnI9UMqNHRNlpeLBaeC8c29NRApkLo/SbZjaUk9gGO4I/WszuWRP+VeXzq3I6/n30LA - 4fDQcd0BVbI1EZ5wD1lA1j2RklwdlI0MlukkvktWPE8J5GjRe9u5ugVpo45VZDYK166+7PqO63iB - 0wv6rjwciL7wh44Y+VL2+GDqBKNjeaRW2euf7Lkf8NV81oLHpqCzLD2U22VuraARy7XJ+20dbaQy - K+U8J42BXyE6n+e4PL2yBnYak/ybfeKXL/Fmt/nlS7zZsX7pEgOQpG7ammZM+yhyZV61UDxRlaYb - wxrUbgC4ID8rsyQNujfAIUEtTBN49IYEs3Uk03PMux7Tx8kM3L5CwfMb/V9CwS8AAAD//yLXxaNF - Aa1dTIeiAAAAAP//ghUF6C0LYDtKqboWpAfWHgG6PR2SFatBs65QtgHQwvySxBwgC4spuCaCDOAT - QegS8GkVdAl4+y01ryyzKD8P0taBjjKXQmf6IVxiXFqWX0K1GTyIWXAzgRZlJBaH5YNnImDTbsCk - BXFxNYwJLXXJth+8JkIfZq6OUm5iRVBqcWkOyGAkv4LnEIpKHEsg/gZNZYLmGUA+h4ujajZC0Q3V - AHZtbW0tAAAA//8DAKJpul0wIgAA + H4sIAAAAAAAAA7xXW1PbRhT+Kzt66LSprZsNMepkOhSchJZSapzkgTDMIh1LW6RddXflS0P+e8/R + xU4MzgQ6DTxI2t1z/863xx8cWJZcJk7kaJAJaEheCsgT05O8ANMzcQYF76kSNLdCSdODRNgCLO/F + GZcp5CrtzUEb3INkAqUGA9K2Z+PKWFXMSOF14PuB72r4uwJjp6sSzjWPrYjB6TmC7AfByN/DDwP5 + DD8za0sTeV4CM4htov5SLrc5N0Zw6UqwHlqyHi+FF3rCmAq8TsEtrFD+bDq+mPaD4f5zXKpdME70 + wTHoW2VibiFVetXEkOAXSoR+GPb9UT84mPp+FAbR3oGL8j/6oe+Tk2TEouO1mic6SfIepsIP12G3 + HwmYWIuSEoerh8wUPM97LBHGChlbVgqIgakZWyh965J0rOQbnT/Si0oKKhfPr/mcW669uYCFV7u1 + cbDdCvxBMPrZiH/gRYFlrwq0SrBAk1NubqlW1Y2lt2jGcwM9pxE8wbhq2Z6TCQSOjrPVKcwBffU/ + 9hwrEFklosSJZIUxOlswGfi7NoJuo9TqLwz1iZVopes61JXt6kAfn6BnE+4bKaxFBcZZ2yYI/1af + NWpmF1wTkI0oylygw8lWSrBQNfyGo+Vw9Eh3v1CyLpJ1wYY+wT0cLsPh/2ulgUUNUjQY7C+D/W9h + cNlZHITLQfgtLLbI//jxPhzDDo4zsXzbcCAW+fIKi56mGlKklXtYR3dUXjVd/iDIw+e7Nka7Ng7u + K28orVklwqjZ24n6QctjlBUt4saPD/fWCKsYsMlUlSfHwpQ5X7WIxuUFt3gtNHT6+O5ryHpDz16j + TlNv1a9HqqJ81a6+owUhUyeyuiLbqNS+xbJRh7XZ0IDBUgvfJ/CR+3w47Ah8O227aCZc08z2xrrg + 2xuDDTEJpYVdPTE3nbhXXw9fT/Ci4CkYjyRMp0TgQibSzDXzdMNkr3Glo7zQqRN6A8RNBNvt+3p/ + R7zBLowGIwo842ZcivhUyNuXtHMMJc0WMu4wVCNrUe+tV6SSYxwt+E0OE+CmwaVu35zz0zevTs6u + T0+OxmcX4+vxZPLHBMPA5jIYOR6YZsDOkYSlZWSXCcOUzFcMG1rkpJRZxX4VmrNzDQV2NKsMYs59 + qLEDbCjHvxO+P1KzyNlqZ8xtKiTPsWqY9k2b0d72WjsZtemtkZ+jdx1LYAFTCevTVUlt+xVIboaY + J2KsEV5ffp/PHY+D3QZWv/D4FkfBDlmd8sbWUTtt/SeHu5GtaQ00EnZ3tYQFdbfKlT5rvLnJK+in + GjlrM7AodqyaYquixGFV2rYKX6rp58l5Lz/9P2SpVlVJI9lLIRMkKcMQ+ewGQLKyMhkkNeZOJof0 + vAEm5JwMEJAShkM3w3sDkoiUZaHLXpG69/JZ/XwWscu1WiEjJjF6K7hVOvLdPXdwRynEDOYq5nmm + jI1G/sj3Zo3Mde2bFxxcoTC7vIC4Il5hr9Wib9XDslfMY5eBsezPimsLmo1lis1VYKq+IHB2/js7 + rLBz2UXM5Y6DTcbu7tgFjoG1I/h+9HZcP941j64s9NHepvQ6FRabl0RrGOAbKmJEY+yOXaKOfogN + 28d5Mwxq6wQrOU9ciZOzm6q5N69yiUCzSATe5+evSMXA99dy8QLcQlgNrtKph93ICaECpz/qYg+P + upktcpLb1AM/6oqQshD/JpBWOcf0LenXUB3HMUjBc4LKBeg5/uhhffb92VpDj32X259eoJp91/9h + Rw5R/SFeznPoUXrqIZM9lIt9jG1vcPDVufgXAAD//+xZW2/aMBT+K9akToCalIRwnaoOiVWqtE5o + 1fbQvWBiA5mARLnAS3/8vuM4IdAGNqoiJlWgQGIf+/hcPvs70f2VLZy/t4Vz0BantQMSJwuuXk3Z + hJ6x2iCRbICMw8MHGcQms9qXjPCVbadz9plZZp7P6r5hvqVbs4Sl2EKa1AYKEIFVv31GWwXUPijH + KrhUXzLA/uWzGnIPDb/wYxyVBpgTUaSGeF0ibvug9uAnIax5680lgFCmFv84jT9x18Uq1N9N0BUE + BxvArgFYczV8ILnGQNPzr7hYeRFAX9I+2AaWT8jqCKRswyafjjYzjBiOFoz0B53Vh4lQx4PWjuJB + 5PEQ6XjgcYydMbpk65nnzhjO19MpkDUB1LGAY67llHEGhuBCEMcVN+QT0mPUVws1vvLlNAEIj9hM + cgHJFcfeZqarZT83Ct37IpnL4jax3Z7xk14xJtFlqA7fImtH8zRrtrZHQM8ZxPEQUa6SvHfYMYTu + PbpQfOGWlhVhlCAZzz1XO+3eU5ui9tkPdQoiC2tnpMowgMscDaFePOTuFgF3Y5L55jNP3TAQuZUn + pNgKp+9IKhwNMfW/BIUWDXzaDCnGK1wsvGWVVapPC8Rw7PfyuH0RNd4YMexu9yjEgByr4PJaxDhq + s3iGGMduV0UHnxoxWu+IcQLEcP4vxGjlogcQ43kpwiorRVhOkV3GISJDFUOoOLPbtVkyRr20oYze + 13N6ny22rGNZSaqel6S2qPMuvVKxPiOCkVKxKFksOPHED3upDxmQij5+eCSjJOp/g/ijQtOduG5O + uNMQ1rjj1JtjaN9udy3bbhGBzTthhj3dJHm3LwTFNnpudDB0YfGzv+ZRQOBIg+4tCSubSxP0VXUz + wVezsmTTsi1HWnXZsEW35TbcZttyO00h6rw1sWTnRlyrUS4a/Qv7Ft9UzljwpSZyhpE+iswkMtaw + iGGbUFGYaXqRyYyA84gsBnkF4Hwe4e9gaLTMYEn675aXz1/j3fr0+Wu8W98+d40BSCKtE+saTPFY + MtSvayifiLml1dwU1B5B+tH9SxL6gbx6BNy4VKDUiUdvWdCaZzLNo1866fJNqOH2HQqOdPofAAAA + //+iINJHiwJ6uJiWRQEAAAD//6KFi+lYFMBbF0AnpkNyXDVoghbKNgCam1+SCJ13Rm+j4JrmMcA1 + zWMAn+ZBl4A301LzyjKL8vMgTRroGHIpdIEBhEuMS8vyS6g3vQYxDG4o0KaMxOKwfPBEA2xGD5iE + IE6uhjGhpSvZDgAvxtCHmaujlJtYEZRaXJoDMhjJs+ApgqISxxKIx0FTlaBpBJDX4eKomo1QdEM1 + gF1bW1sLAAAA//8DAJbIC8zPIgAA headers: - ATL-TraceId: - - f5c988496836e693 - Connection: - - keep-alive + Atl-Traceid: + - bf52a38119b126d4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:47 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4700215a-7dec-4943-8976-d1d9e95ca02c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '255' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b6785e35-c48b-4a3e-8ac0-259fefd7f3a5 - x-envoy-upstream-service-time: - - '92' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J2m1qbqIHFVmFdk+ySD6mWEmT0qbCsux/N8GF1dvwzvPM - y5yIkgvuZ0sE+QxhWsRmY7BHHYz/8oUMVi7LIF3hMJCMfOO8DN5FmALQAgrI293dW/v42l23u3VU - cSLiPUEZZHDIiMHJ+uOILnTHCeOBe+tXEyW1Dtb8KkQkYcsv4YMMCWTAaA5VznhHKwFUlFUBADfA - AKK/4Bx7u2H8xzYdZaKsRdUUcHtl9fjkeh9Bzhpeb3sldYmlxBp0X/NaGSU59BpAVhXnCss/BcGm - hudhliS908vVhhevZYpPxF4mgu5j35Lz+QcAAP//AwChASjfWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+29687O6f29/tdhm7 + NIF4XaEMMzxkoPRk/XHULrbHSacDt9YvKkndMlj1rYBIAsX6Et7JuIIUKc2xyQveYiOQC1oTRLxK + JCY/6Dn1tsP4j71uEQWlApGwpvxh+/HBGZ9AVhXclMaYkjeUMiwbxKqWlBW9RMV6ziuNJftbEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwDlGpIYWgEAAA== headers: - ATL-TraceId: - - 3305045c061a2314 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - fd976d680236c294 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 22c66948-3737-4c37-938a-1d2d48bc7f04 - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 68964f6410031033 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:00 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fb230c9e-7ce7-4143-8945-9d301a203b46 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ef7762e3-1db4-494f-8095-7cb0ddf065f3 - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,110 +549,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - aa4961174a68a6d6 - Connection: - - keep-alive + Atl-Traceid: + - 868755ecb7967f48 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:48 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 68f6a193-224b-4ddd-af3e-b69e44f95462 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '197' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 521390a6-379d-4ba8-a297-5f373b47b364 - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/238] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/20] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2878]\n*Defect - Dojo link:* http://localhost:8080/finding/2878 (2878)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/303]\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -851,30 +669,30 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2876]\n*Defect Dojo link:* http://localhost:8080/finding/2876 - (2876)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + < 7.1.2)|http://localhost:8080/finding/301]\n*Defect Dojo link:* http://localhost:8080/finding/301 + (301)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -884,13 +702,13 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -903,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '7090' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11111","key":"NTEST-922","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11111"}' + string: '{"id":"11806","key":"NTEST-1468","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11806"}' headers: - ATL-TraceId: - - abdbeb7fe9371645 - Connection: - - keep-alive + Atl-Traceid: + - 52598fb34b8ee441 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:01 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bc08e042-5643-4382-aec5-307c05945637 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '682' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - cf87b982-8530-4263-b9fb-4665d95b603d - x-envoy-upstream-service-time: - - '466' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -959,109 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-922 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1468 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iQnCH6XA0bbnjOA5o+4EyjLAXR8WWPJKchBb+++36 - BVMgDKVhBksr7YuefXal7w4sSy5TJ3Y0yBQ0pO8E5KkZSF6AGZhkBgUfqBI0t0JJM4BU2AIsHyQz - LjPIVTaYgza4BukhlBoMSNvsdQaOIMsB/XBiIL/A6cza0sSel8IFJDZVX5XLbc6NEVy6EqyHNqzH - S+GFnjCmAq8zcAlXqL9/PD06Hm6GIUou6mCd+Ltj0GllEm4hU/qqCS7FGSqEfhgM/WgYTo6DMB6N - 42jibk4mf/ih71OM5MNelVCbeWGMpO8Fvu9TVM2p20kKJtGiJERQus1MwfN8wFJhrJCJZaWABJi6 - YAulL13STpT8qPPnRGEgqTR4cwELPueW6zdGfIOtApNUFWuNaDfdCvxRMGmnxxjoVn/kgUOJRl/H - 3FxSjqpzS6P4gucGBk5nw4lrIzcDxwokRolJdmJZ4UmcUquvGN4L0Wu1a+zqbHTY0eROwvtIP0ph - LRogfrXadKi/671GXdgF13QwI4oyF8iQ9N5pENyaMtFkGU2eE24Lc+usRboUBCz+7uIc+RvoOYyW - YfRiw3UKa5asmfb7hK9gvAzGv+Zr2TlrB094G4XLUfhr3lpymm6w0tvNDdX38lPTXTBjJ6eYwSzT - kGFdP6AhckrlVVNmjSSpjFVF3SLO0EO4sWph8tBG0zoaKRVm3f6ceBi0/YIYrEXSuPv+QEb8wvDN - TFV5+laYMudXLQtRvOAW+2rTtn6+YpqeeNsFvcaapnKohzuqIlTqSD+TQMjMia2uyDXatJ+wXVBR - tGBowLNS1T3WJ8fro65P3kfNXwVnsGoh7FuGUFrYqxci0Kl7dbN9frsUBc/AeKRhOiMCBTORzVwz - z/oe8wElXTMKnZuHRxl1R8n5OVA7IXLe20R1+SgQwSomBhNCZMbNtBTJnpCX9WX8Fkq6m2XSUagm - 1qJeu5VIJad4NfPzHA6Bm4aWuh05B3sf3+/un+3t7kz3j6Zn08PDfw/xfFhCBiHBDcczYAfYN6Vl - 5JcJw5TMrxjWpMjJKLOK/SU0ZwcaCqxbVhnknFtX6f1TbKJB/1r4fjT7Fjv3ihZBz4TkOaYT89FX - Ga3dl7Uvixbemvg5Rtf1AsxsJuF2d1VS1T6Dyc1b4YXka5Rv76sfr/ef42PPtz95colPqY5ynfHG - 1077qPmlgLuXUVMz6CTsrlcJC6pulSu930RznlcwzDS2rP55oNhb1SRbFSU+9qRts/BUTn8E54u8 - +7fNMq2qkl4+74RMsUkZhsxn5wCSlZWZQVpzbvdwm77nwISckwMiUsrw0crwdoA0JmOz0GXvydwX - +ar+vorZya1ZIWNWZvG6G7j+NUGHyOUq4flMGRtP/InvXTR7z+qYvHA0OUUtdnJE1xh2GvZBLYZW - Pa58yjx2EhjL/qu4tqDZVGZYVQVi9ITC/sE/bLvCkmVHCZcrNjZQXV+zI8BaoEBwvPNpWn8+N58u - HzRpL0saHguLVUuqdf5xhIYYNTZ2zU7QxjDESh0GY38S1t6JT8kc3EJYDa7SmZdkYnguJEmJBi7O - 39Bg60ftUzK4GfVGFneNYE1y4qnAZxvVsrcZuTNb5KRVZvivTguZCPF3CIWygIdKgU2XiD7psCH7 - 7SAbsLXcvmahGwRuyNhaZl9vsZHro3K9MHLHbsS6hahfiNx1d6OTr/fydRdtdfJxL6fhei+n6Fp5 - 4I57edjLw7v7R7185I56edTLo/4AG71fGt6R3/qlYfj7CoYgcNv45JjDgJJfP3fZY5neWJXp/wEA - AP//7FjbTttAEP2VkZCQkwZHhBJoUB4o8IDUoqpQ+tBUirE3iVvHNr4EKsq/98zuelnn0gJKqz5A - UBJ7dnbHZ2bPnM2jMq2915XplyyvJ8tgu7eZF/uT9oU37jXpDESg7pZhFJwe27fAE0gVU+zEul29 - JtuuoWF5veO+bMjnpKrqJO3O/t4++Lt5LFs0uue3hFi8APw/O5LD7w24V8QPN97RnMjPJ7j4go+t - p29F9r9U/uvsAA+FdFlGscikYjSdibsvSkZu/4eRQMaogya6eBVBjFKTx0c8tRsmbS+YhTkUBoT6 - bqcD4TBiQLEBKnXIEmKYjocE5VV4aNseZapqfa5aYap2pmMLI+6kxcQrKPGxUE43E4iOAhpYOzJ+ - V14uKMnoGie7H4Szps/7LsfsfuaNOABopnIak0SG+JGgojNBkNFU3CSVi0+5D/Rw3GAlgqVCf0LY - iZDYUfhdQGSPsIqHsNM0Cn3525lWPFXAkQA+2KGs0u1R6tEQUxnn3gjkwKJ8Ky95COLLryO9nEYm - JxzwQz9MoAes4HN3EHcWZ4dTDKRzDgbh4VSZQehjXoMOizATg6eRykRRZjEqGd/yMioYXSsGjFsa - hMsAbmzgfJEgn/g/SmJfpMUgHg6Hg5jPbAXd0RGeDFrnnvqY/roMM+Fsbuy8OUjH8qNRjfTVuD5B - 3monh43ym6sfje9UDgxWn4bnJ+9Oji5omw7PafO6TIqDAf7k3O2mutGizhJrsz0YxPSKHzNPIuFC - zjtplvg4YrkinjW+cixQxfCI223lPJTLq5AkeA6iaJEjsqzF6DWoz+RDd5hZPxHmCjjs+4YGhqwd - 9z4JStQKtlv9fvUbSq/G2NCGKzgbllWsbZwWeNtYFpjbssxxt2WZY2/LMsfflmWOwY1lgcMtS53F - gdMH+ftJUIHU0yM1SBoVzGfBxRhpTHghGy7GSIOiTRVcjJEBxbJU3a1CpWZikAwqNQuDZFCpWRgk - g0rNwiAZVCyLAsmgUrMokKxiAl4TVBKXpOb0XjreQqlPw1ywl6w+7lL8hh6Fq0Of9wEKs7zC1pfs - /z6URzlN/k1zdOm4t+5tjz7JwzxTj6b5KiHgygiWzLWddlY5qVwt9Xm9ykclcanP7iofld6lPt1V - PiofxoccqDIewX3J9DZZAi2V75YkXJVgbjJelCeUqvJ1idWCWXRv1aIyob9fVJcD+tPCAljidJp6 - fsE5O0solBeE5M/CQARywHkhUtkzMoH7QekLNVjr0I/QQ5kAtedPafrSMU34eM3ixfGCaRg3yGn8 - nHphVCQ9I0GWKtkXFWvtZ5v/HqFiu89VsV2pYrv/QsWu53RbldBfV7Hb/5GK/QUAAP//Gm3FjuBW - LAAAAP//7FpNa4NAEP0vhRxXXb9zCGmgLfSWc26bXZNCMYqr5O93xl2tY2oKLQQPggdxZnfH0X0+ - ee8murDYIS0jyE1YGcFuwsoIehNWRvCbsDKC4ISVEQwnrGyI4guL7fq1sNhuzMJi29dhPiyW24G/ - sNhbpZ1PKe08HIqndSXkZ6v1o/VgnBpNzOFNBqbUa69Xr7tbnUrsfRXjwLoLEGV4rB6KuhbyA2U0 - ozTqJs8FyqBPPyp72Dj0MhTVH4VSpB1bISX6J97VJjqJMFD8mIZedISqk2TNfT/GdfokWOFOWoZP - dacUrKEh87sGxBn0xTwXV6FL5Kg46V1zkjHUOOfKpMG3P3fNqRtxn4cZ97LAV+tYBjJKuEwjpTwR - n3iWbtWmnWUV7Fb+GxxmHMvFxcqUjJlL2mk0u0JHmO/gW+8YpMOWsVIIjR2D8S0fh10Fpy97Fjvl - Besfu57mX/HYOzX/isf+q7lXDECkjPvJWguG/5F7axzE/YTaljEpGTA7ANBC+mtTFWXmHgBmJBpy - 7MZDvx9E+52M61jnonUlVBZmFyh4/ENfoOARFf8XCr4AAAD//6K3i+lYFMBbFUAnpkNyXDVoqTCU - bQA0N78kMQfIwmwoGQAbW0rVtUqYEriWNRrAlzWiS8AXCaJLwNttwC51ZlF+HqSNAxFKKYWuW4dw - ifJCfi7EhGoYE1oKklHyIa2414eZq6OUm1gRBBkGQbEbvEKtqMSxBOKOMmAbnNxldeirWiFmwc0E - WpWRWByWD17fB19Hm18EXjUHshHuDlTHGqG4FqoBHDq1tbUAAAAA//8DAINX0Oj+MAAA + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1oN2HEVFMWSp22bLssxx2w9pEDDSWWYjkRpJ+bEm//uO + elitExdNhjUGIuqO9/7d6T47sCqYSJzIUSASUJC85pAluidYDrqn4znkrCcLUMxwKXQPEm5yMKwX + z5lIIZNpbwFKIw+SCRQKNAjT3I1LbWQ+swqvAt8PfFfB3yVoM10XcKZYbHgMTs/h1n4QhP4IXzRk + M3ydG1PoyPMSmEFsEvlJusxkTGvOhCvAeGjJeKzgHvW41iV4rYIbWKP86XR8Pu0Hw1GIpMoF7USf + HY2+lTpmBlKp1nUMCb6hBPUp7fthPziY+n5EaeQHbkj9n33q+9ZJa8Sg45WaJzpp5T1MhU83YTcv + CehY8cImDqmHROcsy3ok4dpwERtScIiByBlZSnXjWulYincqe6QXpeC2XCy7YgtmmPIWHJZe5Vbn + YMMK/EEQ/qL5P/Ayx7KXOVq1sECTU6ZvbK3Ka2NP0YxlGnpOLXiMcVWyPWfOETgqnq9PYAHoq3/X + cwxHZBWIEicSJcbobMFk4LeMQslPGNETE95IV+muCtim2758AZIuqneCG4MKtLOxbZH6e3VXy5lZ + MmXxqnleZBwdTrYix3pUKBuGq2H4SHe/UZk2kk1dhv4+ukGHKzr8f63U1a+wiAaD0SoY/QiDq9bi + gK4G9EdYbAB+d3cfjsEunNKWMeOr9/UMxOpfXCIa0lRBimPlHtbRT5mVdZc/qJXu72KEuxgH95XX + I62m2oFRTW8n6gf4ygwO9XoYPr6p6lHbDVevVqdsy1THI1naaAM7MD9YAhepExlVwl0zQ602xeM6 + B5/v0axneFXPZZklr7guMrZu2gzJ6JZ5j/W0rddkQwEGa3v7oQE+CA/aAb6dts2Y2WbsKjjdFHyb + MegmFpeKm/UTs9uKe9Xn4fsHPM9ZCtqzErpVwpEw5+nc1Yu0G3FvkdLOQupUCb0GO7QsbLe/16Md + 8Qa7MBqENvA50+OCxydc3Ly2nFdQ2N1CxG0dq+ouK96GIqQY42rBrjOYANM1NlRzcs5O3r05Pr06 + OT4an56Pr8aTyZ8TDAObS2PkeGE6B3KG01kYYu0SrokU2Zpgp/PMKiVGkt+4YuRMQY6tTkqNqHUf + 6vgAG8rxb7nvh1JEzlY7Y25TLliGVcO0d21medu0ZjNq0lshPUPv2imBBUwFbG6XhW3b70ByvcQ8 + EWO18Oar+PXe8TjYdbD6lcU3uAq2yGqV17aOmm3rPzncrmx1a6AR2n7EBSxtd8tMqtPam+ushH6q + cG50C4skr2RdbJkXuKwK01ThWzX9OjkfxZe/Q5IqWRZ2JXvNRYJjThNEPrkGEKQo9RySCnPHk0P7 + vAbCxcIasEBKCC7dBL8bkERW2Zy65I1V91E8r57PI3KxUctFRIo02nMD17+1qcPMZTJm2VxqE4V+ + 6Huz+u5V5ZNH/UsUIhfnEJd2npC3ctk38mHZS+KRi0Ab8lfJlAFFxiLFpsoxRd8QOD37gxyW2LHk + PGZix8U6U7e35BzXv8oRPB+9H1ePD/WjLYd9ab6i9jjlBpvWilblxxMqInZ8kVtygTr6FBu1H4z8 + kFbWLZzEInEFbsxuKhfeoswEAszgAPC+vn9pVRwMN2LxEtycGwWuVKmHTcgsMDlug7Z5vYOhOzd5 + ZqWKFP9VdbAqKP5NIJcGMIwEyHiF+bYypE9+Okt75FlmXhDqBoFLCXmWmhcvycD1UbhiDNyROyQt + Y9gxhu6eu9/S9zr6nou6Wvqoo9vjXke33jX0wB11dNrRaXf/XwAAAP//7FhdT9swFP0rV0Ka0qyk + awtU6sQDojxMGmhat72skxpSQ7OlSYmTwsT47zvXdlyHNiAYD3sAUEl9fe3rc7+OcxD01+P9oL8e + 31uP760PMFjvy4/OuN2XH3uthpgAcEdo9CvRZncrFk3bfDt4om/N/Jfy7atfX8avKGhV8g995WMe + I39UChqhEmJwLJZFQN1Bm7jvUb3MVr/zbmDrrPreD14T8DmOqlpFp/+ujwLtj1QLRnf8mRGTEzjk + UT3y8NHa5tqHHUs+qj4E3/Fv9xlJih2R7WqBf2sA9djyx1mZRwLxlQifW+0uLoqLWAoGdnnpTByt + CYGPxm23RfBJ02uDOOuEs1UsQSpAwfd7PXCFC8YYCVERQmYN0+XllEC2YF9KIeU6jiOOY2HjmM8g + 8vA8Trh7FvOwoCzCRpKu5+AZBWivUWTUzkMpKMvpCjeq34SLZ8R5KLF6lIcXbABoUrlIiVlRoDIN + xDkXBOZMxXVWqUQkI5GGuEgw+cBWcTQntHqw6iT+JcCrL7BLCLOXyySO1Os+Q3IqgxMBfJCzTMzd + WfposKlMZXiBYsE8fFeWPAX2yavEbGeQkbQIoRxn4ACO8TKYpL3N1aGUAmnJxsA8XEVzcHusa9Fh + 3mVtCA1SuSjKPEVw40mWScHoOjZg3lYjAgZwZwdXigz+xN9xlkaI+Uk6nU4nKd/GCrqlY5wM/OaO + Donff8a58N7s3PQGCC39v1XNjfTMQwKnNWoeC9VTYA7HI5UCw3VI0/HJx5PjL9SlozG9uSqz4v0E + P3rxjq9HkITbxH5ngrx8y0eVWSICsHgP0R/hZhWIdNX6wdaADEMl7XS09lQZoI1SAHqwo02eyPM2 + I9iiQ84cusXK5kxYa8aG37UMOPTNBgqdZrMS8UKcau549VJlWKvj4IQNlRySplpulTaquZVs1HNH + cq+iO5J7Nd2R3KvqjuReXbeSjcruSOq1HTh9Ui9eZhVIQzPTgGRQwXoOXIyRwYQ3cuFijAwoRlTB + xRhZUBxJ1fMqVGoiBsmiUpMwSBaVmoRBsqjUJAySRcWRaJAsKjWJBskJJuA1RyRxSO5qmjfcLPR8 + KxnyB7oTvh1FnAcIzPIc6W96wGms7nCmBfj20tILboKbIX1Vt3guQKbYVy5BxUwgyQNXqd+kpL21 + VWevSUe7cavOfpOOdvBWnYMmHe0Rq0MenXEHUt3JdjgVBG3t8bYqu9rF3GrCRGa01AEcEBMJu+mg + aVPl0oc3NQGBLrWxgfHdh8UyjAr221lGsfpCCIFVPBOzdZvHxM9gRblANZdP6fNGdZnxPZppihfO + FnHaIq/1ZwEaUmRDSz22EtpXMusksFvwHiez3WeS2S6T2e7/QGafe+N1A/fpZPYvAAAA//8irTFr + ONqYHU6NWQAAAAD//+yay2rDMBBF/6WQpVzLtuxkEdJAW+gu6+wUSUmh+IEf5Pc7Y8mupcYpdFEM + FWQRorE1GaObG+7xZtabWcucWZpumTNL1S1zZum6Zc4sZbfM2VTbvZkd5uXNrDezyzCzdLz0BzP7 + PVinc8E6TeYW2DREbWsuPnpqADkApzQcS92FubA6HMPq4cvOFc4BFuEIWPC25eIdk7EbnIcbHjZd + nnNMPR9uBnk4OEQXyvqXuSh6jR0XAoGLN7llZ57Ekp7WSchO0HWWbWgUpbjPWAQ73ClT+FT3UsIe + DVR+9YDCgtzMU3nlTYW2Fm96l3jqZ62CS63L4Oc+H6gbRiOaKBqqOJKbVMSCZVSsmZQhT89UrXdy + 299lFe9X0Su89HUk54WJJQnRHzVB15ArTIREAbQoAy1tODJScd7gxOD63nrDIYK3zweSBlWB/bv0 + 1PI7dvGr5Xfs4ltL7xj0RmriyJAE0/+TB0Mj4nnCnEtTTVqzjmWB5S9dXVbq8QgyIxCzMQcPIUJY + HU8y7mPQSQMh1EZmvRT8/UP/p1LwCQAA//+is4tHiwKcRQG8FQF0Yjokx1WD1h9D2QZAc/NLEqGr + p9HbJrgWKxrgWqxoAF+siC4Bb54Bu8qZRfl5kHYORCilFLpMHsIlxqVlwBYtuYvUMJaZQgyDGwq0 + KSOxOCwfvFwOtjYUmIQgTq6GMaGlK9kOAG8p0IeZq6OUm1gRBBlTQfEseKFbUYljCcTjoAW3oMVw + IK/DxVE1G6HohmoAu7a2thYAAAD//wMA8mjOJJUxAAA= headers: - ATL-TraceId: - - 6b931fbfe0bacf9d - Connection: - - keep-alive + Atl-Traceid: + - f4fcbb0bfadce392 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 31fdcb3c-eda1-4362-81cc-754caf0fe824 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '287' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8fd266ff-3282-453d-9ca4-2c01f8c92271 - x-envoy-upstream-service-time: - - '137' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1071,109 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11111 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11806 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iQnCH6XA0bbnjOA5o+4EyjLAXR8WWPJKchBb+++36 - BVMgDKVhBksr7YuefXal7w4sSy5TJ3Y0yBQ0pO8E5KkZSF6AGZhkBgUfqBI0t0JJM4BU2AIsHyQz - LjPIVTaYgza4BukhlBoMSNvsdQaOIMsB/XBiIL/A6cza0sSel8IFJDZVX5XLbc6NEVy6EqyHNqzH - S+GFnjCmAq8zcAlXqL9/PD06Hm6GIUou6mCd+Ltj0GllEm4hU/qqCS7FGSqEfhgM/WgYTo6DMB6N - 42jibk4mf/ih71OM5MNelVCbeWGMpO8Fvu9TVM2p20kKJtGiJERQus1MwfN8wFJhrJCJZaWABJi6 - YAulL13STpT8qPPnRGEgqTR4cwELPueW6zdGfIOtApNUFWuNaDfdCvxRMGmnxxjoVn/kgUOJRl/H - 3FxSjqpzS6P4gucGBk5nw4lrIzcDxwokRolJdmJZ4UmcUquvGN4L0Wu1a+zqbHTY0eROwvtIP0ph - LRogfrXadKi/671GXdgF13QwI4oyF8iQ9N5pENyaMtFkGU2eE24Lc+usRboUBCz+7uIc+RvoOYyW - YfRiw3UKa5asmfb7hK9gvAzGv+Zr2TlrB094G4XLUfhr3lpymm6w0tvNDdX38lPTXTBjJ6eYwSzT - kGFdP6AhckrlVVNmjSSpjFVF3SLO0EO4sWph8tBG0zoaKRVm3f6ceBi0/YIYrEXSuPv+QEb8wvDN - TFV5+laYMudXLQtRvOAW+2rTtn6+YpqeeNsFvcaapnKohzuqIlTqSD+TQMjMia2uyDXatJ+wXVBR - tGBowLNS1T3WJ8fro65P3kfNXwVnsGoh7FuGUFrYqxci0Kl7dbN9frsUBc/AeKRhOiMCBTORzVwz - z/oe8wElXTMKnZuHRxl1R8n5OVA7IXLe20R1+SgQwSomBhNCZMbNtBTJnpCX9WX8Fkq6m2XSUagm - 1qJeu5VIJad4NfPzHA6Bm4aWuh05B3sf3+/un+3t7kz3j6Zn08PDfw/xfFhCBiHBDcczYAfYN6Vl - 5JcJw5TMrxjWpMjJKLOK/SU0ZwcaCqxbVhnknFtX6f1TbKJB/1r4fjT7Fjv3ihZBz4TkOaYT89FX - Ga3dl7Uvixbemvg5Rtf1AsxsJuF2d1VS1T6Dyc1b4YXka5Rv76sfr/ef42PPtz95colPqY5ynfHG - 1077qPmlgLuXUVMz6CTsrlcJC6pulSu930RznlcwzDS2rP55oNhb1SRbFSU+9qRts/BUTn8E54u8 - +7fNMq2qkl4+74RMsUkZhsxn5wCSlZWZQVpzbvdwm77nwISckwMiUsrw0crwdoA0JmOz0GXvydwX - +ar+vorZya1ZIWNWZvG6G7j+NUGHyOUq4flMGRtP/InvXTR7z+qYvHA0OUUtdnJE1xh2GvZBLYZW - Pa58yjx2EhjL/qu4tqDZVGZYVQVi9ITC/sE/bLvCkmVHCZcrNjZQXV+zI8BaoEBwvPNpWn8+N58u - HzRpL0saHguLVUuqdf5xhIYYNTZ2zU7QxjDESh0GY38S1t6JT8kc3EJYDa7SmZdkYnguJEmJBi7O - 39Bg60ftUzK4GfVGFneNYE1y4qnAZxvVsrcZuTNb5KRVZvivTguZCPF3CIWygIdKgU2XiD7psCH7 - 7SAbsLXcvmahGwRuyNhaZl9vsZHro3K9MHLHbsS6hahfiNx1d6OTr/fydRdtdfJxL6fhei+n6Fp5 - 4I57edjLw7v7R7185I56edTLo/4AG71fGt6R3/qlYfj7CoYgcNv45JjDgJJfP3fZY5neWJXp/wEA - AP//7FjbTttAEP2VkZCQkwZHhBJoUB4o8IDUoqpQ+tBUirE3iVvHNr4EKsq/98zuelnn0gJKqz5A - UBJ7dnbHZ2bPnM2jMq2915XplyyvJ8tgu7eZF/uT9oU37jXpDESg7pZhFJwe27fAE0gVU+zEul29 - JtuuoWF5veO+bMjnpKrqJO3O/t4++Lt5LFs0uue3hFi8APw/O5LD7w24V8QPN97RnMjPJ7j4go+t - p29F9r9U/uvsAA+FdFlGscikYjSdibsvSkZu/4eRQMaogya6eBVBjFKTx0c8tRsmbS+YhTkUBoT6 - bqcD4TBiQLEBKnXIEmKYjocE5VV4aNseZapqfa5aYap2pmMLI+6kxcQrKPGxUE43E4iOAhpYOzJ+ - V14uKMnoGie7H4Szps/7LsfsfuaNOABopnIak0SG+JGgojNBkNFU3CSVi0+5D/Rw3GAlgqVCf0LY - iZDYUfhdQGSPsIqHsNM0Cn3525lWPFXAkQA+2KGs0u1R6tEQUxnn3gjkwKJ8Ky95COLLryO9nEYm - JxzwQz9MoAes4HN3EHcWZ4dTDKRzDgbh4VSZQehjXoMOizATg6eRykRRZjEqGd/yMioYXSsGjFsa - hMsAbmzgfJEgn/g/SmJfpMUgHg6Hg5jPbAXd0RGeDFrnnvqY/roMM+Fsbuy8OUjH8qNRjfTVuD5B - 3monh43ym6sfje9UDgxWn4bnJ+9Oji5omw7PafO6TIqDAf7k3O2mutGizhJrsz0YxPSKHzNPIuFC - zjtplvg4YrkinjW+cixQxfCI223lPJTLq5AkeA6iaJEjsqzF6DWoz+RDd5hZPxHmCjjs+4YGhqwd - 9z4JStQKtlv9fvUbSq/G2NCGKzgbllWsbZwWeNtYFpjbssxxt2WZY2/LMsfflmWOwY1lgcMtS53F - gdMH+ftJUIHU0yM1SBoVzGfBxRhpTHghGy7GSIOiTRVcjJEBxbJU3a1CpWZikAwqNQuDZFCpWRgk - g0rNwiAZVCyLAsmgUrMokKxiAl4TVBKXpOb0XjreQqlPw1ywl6w+7lL8hh6Fq0Of9wEKs7zC1pfs - /z6URzlN/k1zdOm4t+5tjz7JwzxTj6b5KiHgygiWzLWddlY5qVwt9Xm9ykclcanP7iofld6lPt1V - PiofxoccqDIewX3J9DZZAi2V75YkXJVgbjJelCeUqvJ1idWCWXRv1aIyob9fVJcD+tPCAljidJp6 - fsE5O0solBeE5M/CQARywHkhUtkzMoH7QekLNVjr0I/QQ5kAtedPafrSMU34eM3ixfGCaRg3yGn8 - nHphVCQ9I0GWKtkXFWvtZ5v/HqFiu89VsV2pYrv/QsWu53RbldBfV7Hb/5GK/QUAAP//Gm3FjuBW - LAAAAP//7FrLboMwEPyXSjkasHmFQ5RGaiv1lnNujk1aqSIgHsrvdxcbypKQSq0UcUDiYOG1vazx - MGjmqndhsUNaRpCbsDKC3YSVEfQmrIzgN2FlBMEJKyMYTljZEMUXFtvVa2Gx3ZiFxbavw3xYLLcD - f2Gx10o7n1LaeTAUT+tSqq9W60frwTg0nJjDm+zo1evuiaYCp9Rsr/dVEAF4LBLKupbqE9Wymyq6 - l/R5NFkmUQZ9uqnsYeHQy5CXfxRKkXZspVLon3jXm/AkA1/z4zrwwiMkEscJFyLCdfogWOFOWIq7 - utMa1qgg8icHxBn0xTznF1kVyFFx0rvmJGOocT5KEwbf/sw1TTfkggcp91Jf6CRSvgpjrtah1p6M - Tjxdb/WmnWXl71biDS4zjmXybGVKxsytymkqdoGKMOHgW+8YpMOSsULKCisG41s+DqcKmi97FjnF - GfMfu57mn/HYOzX/jMf+q7lnDECkjfvJWguG/5F7axzE84TaljEpGTA7ANBC+GtT5kXqHgB/FBpy - 7MFDvx/09icZ17HORetKKC3MLlDw+E1foOARGf8XCr4BAAD//6K3i+lYFMCbG0AnpkNyXDVoqTCU - bQA0N78kMQfIwmwoGQAbW0rVtUqYEriWNRrAlzWiS8AXCaJLwNttwC51ZlF+HqTxAxFKKYWuW4dw - ifJCfi7EhGoYE1oKklHyIa2414eZq6OUm1gRBBkGQbEbvEKtqMSxBOKOMmAbnNxldeirWiFmwc0E - WpWRWByWD17fB19Hm18EXjUHshHuDlTHGqG4FqoBHDq1tbUAAAAA//8DAFOP6kv+MAAA + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1oN2HEVFMWSp22bLssxx2g9pEDDSWWIjkRpJ+bGm//uO + kmU1DwdNhjUGIvLIe//ueF8cWJZMJE7kKBAJKEjecsgT3ROsAN3TcQYF68kSFDNcCt2DhJsCDOvF + GRMp5DLtzUFpPINkAqUCDcKs78aVNrKYWYGXge8Hvqvg7wq0ma5KOFEsNjwGp+dwqz8IQn+EGw35 + DLeZMaWOPC+BGcQmkZ+ly0zOtOZMuAKMh5qMx0ruUY9rXYHXCriGFfIfT8en034wHIVIqk3QTvTF + 0WhbpWNmIJVq1fiQ4A45qE9p3w/7wd7U9yNKIz9wQ+r/7FPft0ZaJQYNr8U800jL72EofLpxe71J + QMeKlzZwSN0numB53iMJ14aL2JCSQwxEzshCqmvXcsdSnKn8iVZUgtt0sfySzZlhyptzWHi1WZ2B + 66PAHwThL5r/A68LTHtVoFYLC1Q5Zfra5qq6MnYVzViuoec0jIfoV83bczKOwFFxtjqCOaCt/tee + Yzgiq0SUOJGo0EfnDkwGfntQKvkZPXpmwNfcdbjrBLbhtptvQNJ5dSa4MShAOxvdFqm/13e1nJkF + UxavmhdlztHg5I7nmI8aZcNwOQyfaO4jmWk92eRl6O+iGXS4pMP/V0uT/RqLqDAYLYPRj1C4bDUO + 6HJAf4TGNcC/fr0Px2AbTml7MOPLD00PxOyfXyAa0lRBim3lHtbRTplXTZU/KJXubjsItx3s3Rfe + tLSGahtG3b2dqB/0HIya+YARseBtLtSFbwOoeNxY9uUezcIaY6MzWeXJG67LnK3W4Efyghl8KJoG + +/RCbdp317C9RpyyZVgvD2RlIxhYUz9aAhepExlVWd2xAnTW1vZDDXwQ7rUN/G7YNm3m7sG2hNNN + wkvFpeJm9UyHW3avfgW+v4/zgqWgPcuhWyEcCRlPM1fP066TvUdK2/Kocx/UdNC6krMrsE3Lwvbu + ez3aEohgG0aD0EYkY3pc8viIi+u39uQNlHa2EHGLmBpHi/psQxFSjHG0YFc5TIDpBoVqvXJOjs7e + HR5fHh0ejI9Px5fjyeTPCfqHxaUxJHhhmgE5we4sDLF6CddEinxFsNJ5boUSI8lvXDFyoqDAUieV + RoS5D1V8gAXl+Dfc90MpIqd5sTB7GP6uqm6VOCYi5YLldy+tJ6N1eGuc52hd2yUws6mAze2qtGX7 + HUhuhphngq9h3ryKt+eOp+Gxw9uvLL7GUbCFXCu80XWwnrb+k8HtyNbUDCqh7SMuYGGrW+ZSHTfW + XOUV9FOFHaobWCR5I5tky6LEYVWYdRYey9/t4HwS3/72SapkVdqR7C0XCbYkTRD55ApAkLLSGSQ1 + 5g4n+/Z7BYSLuVVgQZMQHLoJvhuQRFZYRl3yzor7JF7W35cROd+I5SIiZRrtuIHr39jQYeRyGbM8 + k9pEoR/63qy5e1nb5FH/ApnI+SnElW005L1c9I18mPeCeOQ80Ib8VTFlQJGxSLGoCgzRIwzHJ3+Q + /QorlpzGTGy52ETq5oac4vhXG4Lrgw/j+vOx+bTpsJv1K2qXU26waC1rnX5coSBi+xq5Iecoo0+x + UPvByA9prd3CScwTV+DE7KZy7s2rXCDADDYA7/b9Cytib7hhixfgFtwocKVKPSxCZoHJcRq0xevt + Dd3MFLnlKlP8V+fBiqD4N4FCGkA3EiDjJcbb8pA++ekk7ZEXuXlFqBsELiXkRWpevSYD10fm+mDg + jtwhaQ+G3cHQ3XF3W/pOR99xUVZLH3V0u9zp6Na6NT1wRx2ddnTa3f8XAAD//+xYXU/bMBT9K1dC + mtKspGsLVOrEA6I8TBpoWre9rJMaUkOzpUmJk8LE+O8713ZchzYgGA97AFBJfX3t63O/jnMQ9Nfj + /aC/Ht9bj++tDzBY78uPzrjdlx97rYaYAHBHoBQr0WZ3KxZN23w7eKJvzfyX8u2rX1/GryhoVfIP + feVjHiN/VAoaoRJicCyWRUDdQZu471G9zFa/825g66z63g9eE/A5jqpaRaf/ro8C7Y9UC0Z3/JkR + kxM45FE98vDR2ubahx1LPqo+BN/xb/cZSYodke1qgX9rAPXY8sdZmUcC8ZUIn1vtLi6Ki1gKBnZ5 + 6UwcrQmBj8Ztt0XwSdNrgzjrhLNVLEEqwM33ez1whQvGGAlREUJmDdPl5ZRAtmBfSiHlOo4jjmNh + 45jPIPLwPE64exbzsKAswkaSrufgGQVor1Fk1M5DKSjL6Qp3t9+Ei2fEeSixepSHF2wAaFK5SIlZ + UaAyDcQ5FwTmTMV1VqlEJCORhrhhMPnAVnE0J7R6sOok/iXAqy+wSwizl8skjtTrPkNyKoMTAXyQ + s0zM3Vn6aLCpTGV4gWLBPHxXljwF9smrxGxnkJG0CKEcZ+AAjvEymKS9zdWhlAJpycbAPFwbc3B7 + rGvRYd5lbQgNUrkoyjxFcONJlknB6Do2YN5WIwIGcGcHV4oM/sTfcZZGiPlJOp1OJylf0wq6pWOc + DPzmjg6J33/GufDe7Nz0Bggt/b9VzY30zEMCpzVqHgvVU2AOxyOVAsN1SNPxyceT4y/UpaMxvbkq + s+L9BD968Y6vR5CE28R+Z4K8fMtHlVkiArB4D9Ef4WYViHTV+sHWgAxDJe10tPZUGaCNUgB6sKNN + nsjzNiPYokPOHLrFyuZMWGvGht+1DDj0zQYKnWazEvFCnGruePVSZVir4+CEDZUckqZabpU2qrmV + bNRzR3KvojuSezXdkdyr6o7kXl23ko3K7kjqtR04fVIvSWYVSEMz04BkUMF6DlyMkcGEN3LhYowM + KEZUwcUYWVAcSdXzKlRqIgbJolKTMEgWlZqEQbKo1CQMkkXFkWiQLCo1iQbJCSbgNUckcUjuapo3 + 3Cz0fCsZ8ge6E74dRZwHCMzyHOlvesBprO5wpgX49tLSC26CmyF9Vbd4LkCm2FcuQcVMIMkDV6nf + pKS9tVVnr0lHu3Grzn6TjnbwVp2DJh3tEatDHp1xB1LdyXY4FQRt7fG2KrvaxdxqwkRmtNQBHBAT + CbvpoGlT5dKHNzUBgS61sYHx3YfFMowK9ttZRrH6QgiBVTwTs3Wbx8TPYEW5QDWXT+nzRnWZ8T2a + aYoXzhZx2iKv9WcBGlJkQ0s9thLaVzLrJLBb8B4ns91nktkuk9nu/0Bmn3vjdQP36WT2LwAAAP// + Iq0xazjamB1OjVkAAAAA///smstqwzAQRf+lkKVcS34li5AG2kJ3WWenSEoLxQ8sm/x+ZyxZjdw6 + hS6KoYIsQjSyJhK6ueGeYGaDmfXMmafpnjnzVN0zZ56ue+bMU3bPnF1rezCz434FMxvM7DLMLHVT + fzCzX4N1Ohes03QcwMyta7l4H4J8BAumpdnMM+LZARdWj99prnAuvI4dYOFlu9NMcDrL0Re867h4 + w9jMBIu6L0uOqefdt0EebhyiC3X7y1wUvcaOC4FwxIvcZmeeJpKe1mmcnaCxothQxnJcxxXBCjfK + FJ7qXkpYQ0PlZw8oLMjNPNQXrhu0tfjQm8TTcAgqem1NGfzclyN1k1FGU0VjlTC5yUUisoKKdSZl + zPMzVeud3A5PWSX7FXuGl5lHSl7ZWJIQ85GOek0usCOERdCijIy04ZaRhnONOwbzB+sNlwjePh5I + HjUV9j+lp5bf8RS/Wn7HU3xr6R2DEEnDNlmS4Pr/5MHSiHifMOcyBJIRs2NdYflT39aNuj+C/gjk + b+zFQ4gQRt1NxnUsOmkhhNbKbJCCvz/0fyoFHwAAAP//orOLR4sCnEUBvLkBdGI6JMdVg9YfQ9kG + QHPzSxKhq6fRmx+4FisawBcrokvAl/6hS8CbZ8CucmZRfh6kKQMRSimFLpOHcIlxaRmwRUvuIjWM + JaEQw+CGAm3KSCwOywcvl4OtQgUmIYiTq2FMaOlKtgPAWwr0YebqKOUmVgRBxlRQPAte6FZU4lgC + 8ThowS1oMRzI63BxVM1GKLqhGsCura2tBQAAAP//AwBoB+vPlTEAAA== headers: - ATL-TraceId: - - a8ecf46ebb56d7d0 - Connection: - - keep-alive + Atl-Traceid: + - 0a0d17314f01e874 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:02 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ba390bb8-82b4-41ea-a195-23a5b9e1cf79 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 415f1596-a275-413f-b845-fd67e28155a0 - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1183,174 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uutt1J0m3W3EQPKrIK2z3JIkk6wUqalCYVlmX/uykuftyGd55n - XuZEtIq4nxyR5D2lMcrVqkOLJnXhI1QqORVjr3zlMZGCfOIU++AzTAFoBRWUu+3Ny+7+uf3dbudB - 54nI1wUqoIBDQTocXTgO6FN7HDEfuHVh7rKk59513wqRi7AWl/BOpQVkwGgJdclES2sJVPK6AoAr - YADZjzjl3rYf/rGbljLJG1lfVwL4D2uGB29DBgXbiGZttTIcucIGjG1EozutBFgDoOpaCI38T0Fy - S8NjPymyvGPV7NJTMGqJT8RdJoL+bb8j5/MXAAAA//8DAC8Slq9aAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTpG1qbqIHFVmF7Z5kkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4PezxYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+29687O6f29/tdhm7 + NIF4XaEMMzxkoPRk/XHULrbHSacDt9YvKkndMlj1rYBIAsXqEt7JuIIUKc2xyQveYiOQC1oRRLxK + JCY/6Dn1tsP4j71uEQWlAhlhtPxh+/HBGZ/Auiy4YcYYxhtKa2QNYllJWhe9RFX3nJcaWf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwBmXPc/WgEAAA== headers: - ATL-TraceId: - - 6c72541a61ecb12c - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:36:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 5ab84bd0a01d7507 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 021b6305-b25f-4615-adb1-ad687d084550 - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 8bf29086af22e796 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:49 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dc3f9453-b744-4fa3-88c1-6cfc4427e48d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 13ec7e83-2190-426d-99e8-b5e26e6589ba - x-envoy-upstream-service-time: - - '148' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1360,96 +1089,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 113a746811c8e23d - Connection: - - keep-alive + Atl-Traceid: + - 1b6df9367a8900e1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:03 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a6130a79-4757-485e-a2fd-50b21d314250 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '184' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4f32516a-b9b6-424e-87de-1951b0cb475a - x-envoy-upstream-service-time: - - '108' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/239] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/21] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2877]\n*Defect Dojo link:* - http://localhost:8080/finding/2877 (2877)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/302]\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -1462,53 +1197,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '1932' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11112","key":"NTEST-923","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11112"}' + string: '{"id":"11807","key":"NTEST-1469","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11807"}' headers: - ATL-TraceId: - - 3546c43efa9969f0 - Connection: - - keep-alive + Atl-Traceid: + - 27bd19da4593167a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d9e0851f-b54f-4c10-be90-6838a11ba457 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '562' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3f514d69-95a1-43e4-9626-c82967b57dab - x-envoy-upstream-service-time: - - '377' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1518,96 +1259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-923 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1469 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rekEHzDdDhIW+56HBfS9gNlGGFvbBVH8khyEq7w329X - toGmhaP0YAbLa+3bs8+uxBcPVhWXmZd4GmQGGrLXAsrM9CSfg+mZtIA576kKNLdCSdODTNg5WN5L - Cy5zKFXeW4A2+A2yCVQaDEjb7PV6niDLEf7E+GKgnOFrYW1lkiDIYAapzdRn5XNbcmMEl74EG6AN - G/BKBHEgjKkh6AxcwCXqH07Hx9P+djxAycwF6yVfPINOa5NyC7nSl01wGb6hQhzGUT8c9uPRNIqT - wWbyMvRfbse/hHEYUozkw15W4Mw8MUbSD6IwDCnOJuv2JQOTalERIijdZWbOy7LHMmGskKlllYAU - mJqxpdIXPmmnSr7X5WOiMJDWGoKFgCVfcMv1KyP+gZ05FqmeP2tEB9lOFA6iUfs6xUB3blPueVRo - 9DXl5oJqVJ9bWiUzXhroeZ0NL3FGrnueFUiMCovsJbLGTLxKq88Y3hPRa7Uddq4aHXb0cqfgt5G+ - l8JaNED8arUpqT/cXqNmdsk1JWbEvCoFMiRbywbBdZQZjlbD0WPCbWFunbVIV4KAxZ+7OA/DLfQc - D1fx8MmGXQkdS56Z9vmAr2hzFW3+nK9V56xdPOBtEK8G8c95a8lpusW93q6vqb9XH5rpghU7OcUK - 5rmGHPv6Gxoip1RZN23WSNLaWDV3I+IMPcRb930YfWujGR2NlBrTjT8v6Uc9D9O0H7DjiFftBm5x - TjZj6Mc7oJlxN1MtaKxpordb7qmasoxoUn0kgZC5l1hdw3U7vMiYFmmT+5dvZBQYbjWFqstsX5iq - 5JdtS6A41YC5Utd9b04OhoNuTq6jFt4HZ3Tfh/h2ZAilhb18ImKdeuCG7ePHpZjzHExAGqYzIlBQ - iLzwzSK/nTFvUdINo9gjlNZSGXSplPwcaJwQOdc2UV9+F4joPiZGI0Kk4GZcifSdkBfuMN6His5m - mXZVc7Vcum83EqnkGI9mfl7CBLhpmKDblXf07v2bg8Ozdwd748Pj8dl4MvlrgvlhCxmEBDdMC2BH - ODelZeSXCcOULC8Z9qQoySiziv0uNGdHGubYt6w2yFHfdel6FttoMLwSYTgUW4m31rQIei4kL7Gc - WI/bLqNv67L2ZtHC63hdYnTdLMDK5hJudtcVde0jmNzcFZ5Ivkb55rz6+nj/MT7e8u03nl7gVaqj - XGe88bXXXmp+KuDuZtT0DDqJu+NVwpK6W5VKHzbRnJc19HONU+L2eqDYvmqKreYVXvakbavwUE2/ - BueTvPu7y3Kt6opuPq+FzHCoGYbMZ+cAklW1KSBznDuY7NLzHJiQC3JARMoYXloZng6QJWSsiH32 - hsx9khvuuZGwkxuzQiZshogUCdLAD68IPQSvVCkvC2VsMgpHYTBrtp+5sIJ4sH2KiuzkmE4yHDbs - rVr2rfq+8ikL2ElkLPu75tqCZmOZY2PNEaYHFA6P/mS7NXYtO065vGdjg9bVFTsGbAcKBNd7H8bu - 8bF5dCWhl/a8pOVUWGxcUnUUwBUaYjTb2BU7QRv9GGdRP9qMom3nnSiVLsCfC6vBVzoP0lz0z4Uk - KTHBx/dXtNj5WvuUDA7DBlpnZXnXCvYlJ64KvLpRPwe41S/svCQ9Vxl8utqQnQnkdckRwxX9O+GS - 2QcpeElcOQa9EHhh7rPnr0mxx56V9ldUfunHL+6BEI3u4km4gB6h466E7IpQ3fhNc5kWwZTnyQY7 - RAwbaS3K7GD/rgghxnSIoMUdcfdbRP4Nid37wP//0+gIGsSjrS2kxca+a37sy8+K0VjEwP5bkT2n - vy9QveXTvwAAAP//7FltT9swEP4rUSUkmEiapE2BTohVGpP2gQkxjUlsHzB2CpGaOMpL2dT1v+85 - 23FDIGhDCPEBCZXEdz6ffS9+7vIb08glaJPfj/HyA//cp9iSJJxrCc/pWptjPq8XGQpRuo2sy5vI - xkEq/9kw43hs8nmHJNEokUlkJRPTXiKHTCyTEgkMOCAKJ8hLczpVeEhz+ZC5LtUilw5uSGe50QJ5 - qTBWjjdWFtbKpbHy7Q3lNAZ52bUD1MpBx+XKCzanlegqRa7J68r7mTmtXZ5IUS9is8W7pAYWT1uO - A45TBR5FQwb1unp/aMktAeC8wWwMNmc3NXugKWrF3dYAynrRQyiWsUuXTMLvM2rqnC3pWrTDWJR8 - jX7I0/A64xzypkj8V4uEK/udJCrXG/N9U5c7nbixi96TIwtnAULhqTmf05zxivi/SCdRLw5qkGUi - YqEYvlZxXmq7YVzUPNbMJszPEFIAQdDlf1xGTcwlJX7y/m0m0iTbcbZ3/qRAT5WcwofvA+igD0AH - 4z5C1AZLVQHQoGoBQvcdVt+ydgkWlDY76mPsA6m+LZdYVTF+Q5fcA8VZFwt0pRxYPeo0ZYRuBn0X - Np0dVSmyeCIEogA7YpxTJYX6Mpqz8UgEV/tjP7qCLnt7B0EYTmgdy4QVHmGLybAzISgIwLnRwTUV - 7wd5y8qc8hwJfbTtoEtlD3hLsXkAWEP9OIyCMBjHgR+PQnEw4SMe7QV8PxLCZ5N5EO8fiUMlZWs0 - 2wo/4U/Pc1OWGfThunqo9OrSvcWJuKFHju/pQKMjc3PGSjoxzFdJHQUFHj+euhMvz0j/bj/j9Wvc - 7Yq8fo27nZXXrjFSjtCtBFM0tNHIqWkJUjwR7tLtCp22LpBrwX5cFzKPhxdIQZxKbRN41MkD1UYy - rWN6kqbeKEymfUsFL2/0t1TwEhq/pYLeVGARBlS81hG3oo8A5tmHXFmxBZ4egETAW4PVenCf0New - 9G3Dskuw7b8uwUK3OFsmhcw0ODLdkNp8kdKv/7KFpayera+sZVmZWAjV7LlUHTPbDEaZqzReNY8m - 6z55ffXtbtjI3R2k7NdZXNYLEtzaq+p1FdWs0vumljv1w2jndvzu5PDObDNBabter/8CAAD//wMA - Zr4C9dgcAAA= + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDcMMep0OhRMQksptUnygTDMIa2lC/KdenfyS0P+e3dP + lgkQZwKdZvxB97Yv9+yze+sPHixqLnMv9TTIHDTkRwKq3PiST8H4Jithyn1Vg+ZWKGl8yIWdguV+ + VnJZQKUKfwba4B7kI6g1GJB2dTZrjFXTCSm8iqMojgINfzdg7PmyhjPNMysy8HxPkP04HkQvcGKg + muC0tLY2aRjmMIHM5uq9CrituDGCy0CCDdGSDXktwiQUxjQQdgpuYInyp+fD8Xkv7u/u4ZJzwXjp + B8+gb43JuIVC6WV7hxxnKJFESdKLBr147zyK0iRJo36QDPo/RkkUkZNkxKLjTs0znST5EKGIkvW1 + V5McTKZFTcDh6j4zU15VPsuFsUJmltUCMmBqwuZK3wQknSn5WldP9KKRgsLFqys+45brcCZgHjq3 + 7hxcbcXRdjz4xYh/4Ocphr2ZolWiBZo85+aGYtVcWxqlE14Z8L1W8Bjv5WR9rxRIHJ2VyxOYAfoa + ffQ9K5BZNbLES2WDd/Qe0GQ72rQRdxu1Vu/xqs+MxEraxcFFtosDTT5hz911X0thLSow3to2Ufh3 + d9aoiZ1zTUQ2YlpXAh3OH0CCgXL06w8W/cET3f1CyLqbrAPWdxmQ9BdJ//+10tLCkRQNxruLePdb + GFx0FreTxXbyLSyumP/x42M6Jh0dJ2Lxpq2BGOSLSwx6UWgosKw84jq6o6qmzfLPkjx5sWljsGlj + 77HytqS1q1QwXPX20l7sewiOfYMXJ462B1ziE05aZK1nHx6tEXsRAlOqpsoPhakrvlxxHJfn3OJD + 0RbYp+djW77vCnbYqtOUbW54oBpCMCZX39KCkIWXWt2Q7UwDXpZS+HEB3w72dna6Av4Qtk1lJlmX + mYcb64DXWigt7PKZF+7EQ/cKfH0dF1NegAlJwnRKBC6UoigDMyvuCtYrXOkqW+I95m6y3V2l4tdA + tYlo+/C93t0ARLyJo/GAECm5GdYiOxHy5oh2DqGm3kJmHWMcj+Zub70ilRxia8GvKxgBNy0L9Wrk + nZ28fnl8enVyfDA8HQ+vhqPRnyO8HyaXQUjwwHkJ7AyLsLSM7DJhmJLVkmFCi4qUMqvYb0JzdqZh + ihnNGoMMCz6X2DEmlBfdiigaqFnqPUhnBL0QklcYTozHXZrR3sO1VWe0gtfxvELvuiqBkS0krE83 + NaXtVzC5bWKeSb5WeP343e87nsbHO779yrMbbAU7ynXKW1sHq27rPznctWxtzqCRpHurJcwpu1Wl + 9GnrzXXVQK/QWKHuGhbFDlUbbDWtsVmVdhWFL8X0Pjjv5Ke/fVZo1dTUkh0JmWNJMgyZz64BJKsb + U0LuOHc82qfvNTAhZ2SAiJQzbLoZvhuQp6SsTAL2ktS9k1vuu5Wyi7VaIVM2QUTKNAq2g+iW0EPw + KpXxqlTGpoNoEIWT9viVcytM4kuUYxdjyBqqNeyVmves+rzsJQvZRWws+6vh2oJmQ1lgXk0RpS8I + nJ79wfYbTFo2zrjccLAF6/aWjbEDdI7g+ODN0H3etp8uIjRZPaQ0PBcW85ZEHQNwhIoYlTZ2yy5Q + Ry/BUtSLd+N4z1knRslZHkhsmoNCzcJZU0nkmMUaEN4/f0kq+lGLJcllcwimwmoIlC5CTERO5BTY + +FECh3g0KO20IjkXCvy6YJCeERRNxRG1Bf3/ce4fghS8InKMQc/wbw7rse+PSNBn31X2JxTeCZIf + NoCGSvfx2Z2BT3i4hpLdEo5bHYrplgOC1tjWYQPsEFmFi2OobcDiFz6jGsLuU7b7lXGw5uy7fwEA + AP//7FnfT9swEP5XIiQmqEiapE2BTohVYkg8MCGm8cBeMHZKMzV1lB9lEuN/33e2Y9JA2NYhxAMS + KknOPl/uzp+/u9D9wHv5l6jzsT/wQ2RB70htdezCH9IhEISxf5znbOFn+6nXfv6lnR5SC4Lv+Oeu + FWWsiYRRKv4vz1Y93/sqqxx+PE7mMbZ4rH394ab8qJKqMfDoAXp6gAi7rAQmmS3tJbLPxDIpAF9g + AVE4AipNyctIl/rooehdKeVXDs5Hh0xFTWZOxNwE3RhCQRc26IUJ+u2MEI1B3+LGAZvlkONo5Tmb + 0kp0kAJqsqr04PmLB/2nUlTz2EDXqqimy+NGHmHEmSJ+ohZDCs8cWHFDAUbOMBsPkZNqI47bztxp + PChAQDoE+TJ26YhJ+OOBWjplSzoUG1Ei5BrTDyUXbiecQ98YsH89T7iJ4GmisN4E8Js63MnnJjL6 + rRyZO3MIcs9G/iTNGC9pzhfpJOrGQX2yTEQsVnLpHDsKjAdL/0uGmKmZJKCnBN9iIk0W287W9q8U + CVzKMZL2MV8OuvhyMOwSRE1uVObgCIq4UyHRGurboW2B5aD1O3UN7OKkvq2bWFkyPqND7Um669s6 + aoXvtTlBUaUpIzKz0XU+k++oKJH5moyHdtQh45zKnhNxEE3ZcCCC672hH13D0N3d/SAMR7SOHYQV + nhkWU2AnQlDWY+SDDa4pfD/JW1ZkBIqk9NmWhYpD7IFeqWEe+FRdNkdBGAzjwI8Hodgf8QGPdgO+ + Fwnhs9E0iPcOxYHSsjmYbIbH+NPz3JQtDNtwXf2o8KrCvYVH3NCDicLTO4tc5maMFeQxzFfAjfoB + l0dn7sjLFmR/u/3x9i1u90/evsXt/stbtxiQI3TXwtQITTpyZtqJtJ+IdenegoatSzBTDP9c5TKL + +5eAIE6Vtdl41AWE1O5kWsc0RU15kRukfYeC1w/6OxS8hsXvUNAJBZZIwMQbvePu6AOCufahV5bM + fBdp05GuNqRv25BtgW3qtQWWocWLZZLLheZApsdRmQ9g+vavLJWp1nBXXxqwWwPgGt/u+rXenY2U + /TyPi2pOihtrq45SXk5KbcdSli/XdNbKrFKsNWPFhVQNOdvnlrlqc9GS1pBVa8MVc80E5Z77+/vf + AAAA//8DAKbvSytvHQAA headers: - ATL-TraceId: - - 51a1a571b4f94c57 - Connection: - - keep-alive + Atl-Traceid: + - b45dbd884e2fba06 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - caa49b83-50f2-4d65-b8d0-85e28c1b5075 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '264' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8b9ee9b5-1088-45a5-ac17-850a537b4a2b - x-envoy-upstream-service-time: - - '121' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1617,91 +1364,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11112 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11807 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4rekEHzDdCikLb0ex4W0/UAZRtgbW8WRPJKchCv899uV - baBQOEovmYmltfZFzz67Ur55sKq4zLzE0yAz0JC9EVBmpif5HEzPpAXMeU9VoLkVSpoeZMLOwfJe - WnCZQ6ny3gK0wXeQTaDSYEDaZq3X8wRZjvAT48RAOcNpYW1lkiDIYAapzdRX5XNbcmMEl74EG6AN - G/BKBHEgjKkh6AycwTnq70/Hh9P+ZjxAycwF6yXfPINOa5NyC7nS501wGc5QIQ7jqB8O+/FoGsXJ - YD15GfovN+PfwjgMKUbyYc8rcGaeGCPpB1EYhhRns+t2koFJtagIEZRuMzPnZdljmTBWyNSySkAK - TM3YUukzn7RTJT/q8jFRGEhrDcFCwJIvuOX6lRH/wNYck1TPnzWivWwrCgfRqJ1OMdCt6y33PEo0 - +ppyc0Y5qk8tjZIZLw30vM6Glzgjlz3PCiRGhUn2ElnjTrxKq68Y3hPRa7Uddi4bHXY0uZHw60g/ - SmEtGiB+tdq0qT/cWqNmdsk1bcyIeVUKZEh2azcIrqPMcLQajh4Tbgtz66xFuhIELH5u4jwMN9Bz - PFzFwycbdil0LHlm2ucDvqL1VbT+a75WnbN28IC3QbwaxL/mrSWn6Qb3eru8pPpefWq6C2bs6Bgz - mOcacqzrOzRETqmybsqskaS1sWruWsQJeog37nsxumujaR2NlArTtT8v6UdtvyAGa5E27r7dkRG/ - MHxTqLrMdoWpSn7eshDFS26xrzZt6+crpumJV10waKxpKgc33FE1oeIi/UwCIXMvsbom12jTfsJ2 - QUXRgqEB90pV96M+ORgOuj55G7XwPjij+17E1y1DKC3s+RMR6NQD12wf3y7FnOdgAtIwnRGBgkLk - hW8W+XWPeYeSrhnF3uXdrQy6rZT8FKidEDlvLaK6/CEQ0X1MjEaESMHNuBLpByHP3GG8CxWdzTLt - KOSItXTvriRSyTEezfy0hAlw09BStyPv4MPHt3v7Jx/2dsb7h+OT8WTy1wT3hyVkEBJcMC2AHWDf - lJaRXyYMU7I8Z1iToiSjzCr2XmjODjTMsW5ZbZBzvqvS27vYRIPhhQjDodhIvFtFi6DnQvIS04n5 - uK4yendb1t4sWngd8UuMrusFmNlcwtXquqKqfQSTm7vCE8nXKF+dV98f7z/Hx2u+vebpGV6lOsp1 - xhtfO+2l5pcC7m5GTc2gk7g7XiUsqbpVqfR+E81pWUM/19iyrq8Hiu2qJtlqXuFlT9o2Cw/l9Htw - vsib322Wa1VXdPN5I2SGTcowZD47BZCsqk0BmePc3mSbnqfAhFyQAyJSxvDSyvB0gCwhY0Xss7dk - 7otcc8+1hB1dmRUyYTNEpEiQBn54QegheKVKeVkoY5NROAqDWbP8xIUVxIPNY1RkR4d0kmGzYe/U - sm/Vj5WPWcCOImPZ3zXXFjQbyxwLa44wPaCwf/An266xatlhyuU9Cxu0Li7YIWA5UCA43vk0do/P - zaNLCU3a85KGU2GxcEnVUQBHaIhRb2MX7Aht9GPsRf1oPYo2nXeiVLoAfy6sBl/pPEhz0T8VkqTE - BB/nr2iw9b32MRkchg20zsryphWsS05cFXh1o3oOcKlf2HlJei4z+HS5ITsTyOuSI4Yr+jvhNrML - UvCSuHIIeiHwwtxnz9+QYo89K+3vqPzSj1/cAyEa3cZjeQE9QsddCdkFobr2WnOZFsGU58ka20cM - G2ktymxv96YIIcbtEEGLG+LuW0T+FYndfOD//9voCBrEo40NpMXarit+rMuvilFbxMD+W5E9p98X - qN7y6V8AAAD//+xZbUvcQBD+K0EoaDG5JHc59YrYg1roB4tYasH2g+tuTgOXbMibLfb+e5/Z3ezl - YiOtiPhBkDPZednZndnZZya/IEYhQYv8doyX7/jnPsaXpOFca3jK0Fpv83m9zFCI0m1kQ96cbGyk - ip81M7bHJp+3SBKtEZlEVjJn2kvkiIkmKZHAgAOicIq8tKBdRYS0lw+561JNcunghnSatRXIS4Xx - crz2srBeLo2Xb28opzHoy64doFYOOi5XXrAFzURXKXJNXlfej8zprPJEinoZmyVuklpYPOsEDjhO - FRgULRnU6+rdoSV3FIDzBtIYbPduZtZAImrG3c4AynoxQCia2KVLJuH3GTV1wRq6Fu0wJqVYox+K - NLzOOYe+GRL/1TLhyn8nicr1xn1f1eVOO278otfkyMJZglB4SuZTmjNeEf9n6STqxUEN0iQiForh - SxXnpfYbxkXNY81sjvkZjhRAEGz5n5BRgrmkxE/Rv81EmmQ7zvbO7xToqZIzxPB9AB0MAehg0sVE - VQFsoCA8VRR91mhAhz9IGAKlvgWl7VKHGG25tIHr+nd/X+rASlUV4zd0NWoAUdZpygjdbA1d2LR3 - VKXI4pEQiA7YEeOcKiPUl9GCTcYiuNqf+NEVbNvbOwjCcErzWCbM8ABbTI6dC0GHAJxrG1xT8b6X - t6zMKc+R0gfbDrpU9oC3FJsHgDXSj6MoCINJHPjxOBQHUz7m0V7A9yMhfDZdBPH+kThUWt6M52/C - j/jTcm7KMoM+XFcPlV5durfYETf0KPA9fdBoy9ycsZJ2DPIqqaOgwOOHU3fq5RnZ3+9nvHyL+12R - l29xv7Py0i1GLhK6r2GKhi4aOTUtQTpPhLt0+0HnswvkWrAf14XM49EFMg2nUtscPOrkgWpPMs1j - epKm3ihMpn1NBc/v9NdU8BwWv6aCwVTQBxWAUFt3K5JpoQhsv9ZH8Y6+DphnHxPKii3x9BctQw1L - 3zYs+wTb/usTLHSLsyYpZKZhjumG1OaLlH79F0sbWT1Zn1jrsjoxEarZc6k6Zm1nGqGlLb5rH03W - ffT86tvdqNW7u5Wyn2dxWS9JcWetqtdVVPNKr5ta7tQPo5Xb8U3hcEPaCChrV6vVHwAAAP//AwBo - fF5W2BwAAA== + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDccYtTpdCiYhJZSajvJB8Iwh7SWLkh36t3JLw389+5K + lh0gzgQ6zfiD7m1fbvfZ59YfHVhUXKZO7GiQKWhIjwUUqXElL8G4Jsmh5K6qQHMrlDQupMKWYLmb + 5FxmUKjMnYE2uAfpCCoNBqRdnU1qY1U5JYVXYRCEgafh7xqMnSwrONc8sSIBx3UE2Q/DQfASJwaK + KU5zaysT+34KU0hsqj4oj9uCGyO49CRYHy1Zn1fCj3xhTA1+p+AGlih/NhmOJ72wv7ePS40Lxok/ + OgZ9q03CLWRKL9s7pDhDiSiIol4w6IX7kyCIoygO+l406P8YREFATpIRi443ap7pJMn7GIogWl97 + NUnBJFpUFDhcPWCm5EXhslQYK2RiWSUgAaambK70jUfSiZJvdPFEL2opKF28uOIzbrn2ZwLmfuPW + xsHVVhjshoNfjPgHfi4x7XWJVgkWaHLCzQ3lqr62NIqnvDDgOq3gCd6rkXWdXCBwdJIvT2EG6Gtw + 5zpWILIqRIkTyxrv6DyAyW6wbSPsNiqtPuBVn5mJlXSThyazXR5o8gl6Ntd9I4W1qMA4a9sE4d+b + s0ZN7ZxrArIRZVUIdDh9EBJMVAO//mDRHzzR3S+krLvJOmH9pgKi/iLq/79WWlg0IEWD4d4i3PsW + Bhedxd1osRt9C4sr5N/dPYZj1MFxKhZvWw7EJF9cYtKzTEOGtPII6+iOKuq2yj8L8ujlto3Bto39 + x8pbSmtXiTAa9nbiXohTbpHUWzJ8eu20VLshV79Vp6kymuGhqum2IRHmO1oQMnNiq2u4W3EoadMi + aWPw8dEaeYZHTa7qIj0Spir4clVNuIxu2beYNqqwVTQ04GWphB8T+K63/+JFR+APw7aNZqI1zTzc + WCe80kJpYZfPDGIn7jevwNfzuCh5BsYnCdMpEbiQiyz3zCzbENZrXOmYLXIeYzfa7a5S8GsgbiLY + Pnyv97YEItyG0XBAEcm5GVYiORXy5ph2jqCi3kImXR6b7M6bvfWKVHKIrQW/LmAE3LTY0KuRc376 + 5tXJ2dXpyeHwbDy8Go5Gf47wflhcBkOCByY5sHMkYWkZ2WXCMCWLJcOCFgUpZVax34Tm7FxDiRXN + aoOo9T5X2CEWlBPciiAYqFnstC8WZg/Dv6mqeyWOiciE5MXDQ6vOaBXeBukFetexBGY2k7A+XVdU + tl+B5LaJeSb4WuH143e/73gaHjd4+5UnN9gKdpDrlLe2Dlfd1n9yuGvZ2ppBI1H3VkuYU3WrQumz + 1pvrooZeppE3Ng2LYkeqTbYqK2xWpV1l4Uv5ux+c9/LT3wHLtKorasmOhUyR5gxD5LNrAMmq2uSQ + Npg7GR3Q9xqYkDMyQKBJGTbdDN8NSGNSlkcee0Xq3sud5rsTs4u1WiFjNsWI5HHg7XrBLUUPg1eo + hBe5MjYeBIPAn7bHrxq3/Ci8RDl2MYakJq5hr9W8Z9XnZS+Zzy5CY9lfNdcWNBvKDOuqxCh9QeDs + /A92UGPRsnHC5ZaDbbBub9kYO8DGERwfvh02n3ftp8sITVYPKQ0nwmLdkmiDAByhIkbUxm7ZBero + RUhFvXAvDPcb64QoOUs9iU2zl6mZP6sLiRizyAH+/fOXpKIftLEkuWQOXimsBk/pzMdC5AROgY0f + FbCPR73clgXJNanAb5MM0jOCrC44Rm1B/38a949ACl4QOMagZ/g3h/XY98ck6LLvCvsTCr/woh+2 + BA2VHuBjOAOX4tE0lOyW4rjTRTHeaQJBa2znqAZ2hKjCxTFU1mPhS5cRh7D7kO1+eeitMfv+XwAA + AP//7FltT9swEP4rERITVCRN0qZAJ8QqMSQ+MCGm8YF9wdgpzdTUUV7KJMZ/33O2Y9JA2NYhxAck + VJre+Xy+Nz93oeeB9/KHqOOxP/BDREHvSKU6svCHdKgIQtk/rnO28LH91LGfP7TTQ2iB8B3/3LW8 + jD0RMErE/8XZquV7X2WVw47HyTxGisfa1h9uyo8qqBqMRw+lp4cSYbeVqEkmpb1E9plYJgXKF1BA + FI5QlaZkZYRLffWQ966U8CsH96NDqqInMzdibpxuFCGnC+v0wjj9dkYVjUHe4sYBmuWg42rlOZvS + TnSRotRkVenB8hcP8k+lqOaxKV2rpBoujxtxBI4zBSZFTQYVljmw5IYAcM6wGj8iJlUijtvG3Gn8 + UACAdBDyZezSFZPwx4yaOmVLuhQbXqLKNaYPCi48TjiHvDHK/vU84caDp4mq9caB39TlTjY3ntGn + cmTuzEHIPev5kzRjvKQ1X6STqAcH/ckyEbFYiaVzZBQQD7b+lwgxSzNJhZ4CfIuJNFlsO1vbv1IE + cCnHCNrHeDnowsvBsIsQ1QS6Y8scGEE1AwTvW6y+ZW0TujCobzFofdguxq6+ybd9EytLxmd02z3R + vrUxQVGlKSMws9F1P5PtqCmR+ZqIhzLqkHFOrdSJOIimbDgQwfXe0I+uofju7n4QhiPaxzJhh2fY + YnLsRAiKenA+6OCaxveTvGVFRkWRhD47slDmjj3AK8XmAU/VbXMUhMEwDvx4EIr9ER/waDfge5EQ + PhtNg3jvUBwoKZuDyWZ4jD+9zk3ZwqAN19U/FV5VuLewiBt6UFF4OrPIZG7GWEEWw3pVuNE/4OvR + mTvysgXp3x5/vH2N2/OTt69xe/7y1jVGyRF6lmB6hCYcOTPjRMonQl16XqHL1iWQKdg/V7nM4v4l + Kg2nztokHk0BQbWZTPuYoahpL3JTad9Lwes7/b0UvIbG76WgsxRYIAEVb3TG3dELBPPdh1xZMvNe + pA1PusaQvh1Dtgl2qNcmWIQWL5ZJLhca6pgZR2VegOnHv9F0KcuXGyBrYVYodpqx4kKqQVg99UUI + aZXv6q+muq6tgHpZ2K/l7myk7Od5XFRzEtw4rBph5eWk1AenUTqNuejo9vfVxeHKarNAaXt/f/8b + AAD//wMAyxMTCW8dAAA= headers: - ATL-TraceId: - - 7d166cf2e5a69000 - Connection: - - keep-alive + Atl-Traceid: + - 4051ce17ca28aa22 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:36:50 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 504683a1-d45c-490b-b175-28857b879314 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '259' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - e65bf885-8e41-4583-8ce4-11966762e6d6 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml index 58cd3a52cf1..34af44cce44 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJmm2W3EQPKrIK7Z5EJEknWEmT0qbCsux/N8XFj9vwzvPM - y5yI0TMeJk8UeU9pnNVm06FDm7r4EalOXs9zrwMNmEhBPnGa+xgyzAAYBQpls79+bu6e2t/tfhlM - noh6WaECCngtSIejj8cBQ2qPI+YDNz4uXZbM0vvuWyFqFbbyEt7qtIIcOCtBlFy2TChgqhIUAK6A - A2R/xin3tv3wj921jKtKKhB0W4kf1g73wcUMSr6T9dYZbSusNNZgXS1r0xktwVkALYSUBqs/Bcmv - DQ/9pMn6jtOLT4/R6jU+EX+ZCIa3Q0PO5y8AAAD//wMARkWKfVoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttnJtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzmRVgWznx2R5D3GKcjNRhtruqj9h6cqOhVCr0Y6mkgy8mnm0PsxwQyAUaCQ77Y3L7v75+Z3u12G + Nk1Evq5QBhkcMqLN5PxxMGNsjpNJB26dX3SS2qV3+lshMgkI1SW8U3EFERBzqHMmGqglCIkVBYCr + RELyg5lTb9MP/9jrBkAiSlZQjvjDdsPDaH0CecmELay1hagRORQ1QFkp5KxToHknRGmg4H8Lolsb + HvtZkfUdqxYXn3yn1vhE3GUiZnzb78j5/AUAAP//AwBFzV7hWgEAAA== headers: - ATL-TraceId: - - 7cc90b9dbf4d04c6 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 68706e1a8c614229 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 7ae24f02-b631-4dbf-8051-2c7beabffd4c - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - f5a82d819cd98869 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1ac6c258-f22f-4adc-bfa2-90a3b5a84fd2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '124' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b97a4aaf-4e06-4858-9f60-2a03e9902789 - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,110 +80,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 3d5c3417c8a2d434 - Connection: - - keep-alive + Atl-Traceid: + - 17a716cf1a32252c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 574fce9d-c34f-490c-b816-ad902526d2ee X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '173' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 59354078-1d0b-466d-b544-8ff1fefff7c7 - x-envoy-upstream-service-time: - - '74' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/243] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/25] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321] + || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n| High | [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080] - | Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2885]\n*Defect Dojo - link:* http://localhost:8080/finding/2885 (2885)\n*Severity:* High\n*CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html]\n*CVE:* - [CVE-2019-10321|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10321]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/310]\n*Defect Dojo link:* http://localhost:8080/finding/310 + (310)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n*Reporter:* + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/2884]\n*Defect - Dojo link:* http://localhost:8080/finding/2884 (2884)\n*Severity:* High\n*CWE:* - [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* [CVE-2016-10539|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539]\n\n\n\n\nVulnerable - Component: negotiator - 0.5.3\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/309]\n*Defect + Dojo link:* http://localhost:8080/finding/309 (309)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -303,53 +203,59 @@ interactions: Connection: - keep-alive Content-Length: - - '3317' + - '3308' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11113","key":"NTEST-924","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11113"}' + string: '{"id":"11808","key":"NTEST-1470","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11808"}' headers: - ATL-TraceId: - - 3ecdd5fd4522a771 - Connection: - - keep-alive + Atl-Traceid: + - 8743c723388ad5f6 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6dc8bae2-e978-4292-a1d2-a864a2a5ef1e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '653' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a09a015d-cf62-4c7b-9ca7-d5bce57ee23c - x-envoy-upstream-service-time: - - '455' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -359,98 +265,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-924 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1470 response: body: string: !!binary | - H4sIAAAAAAAAA6xX23LbNhD9FQwfMm1KiRcpjsyOJ+PaSuI2dV1ZSR4cjwcmVxRiCuAAoCQ39r93 - FyQlR7Fcxyn1QADE3s6eXUBfPFiWXGZe4mmQGWjIXgsoMuNLPgPjm3QKM+6rEjS3QknjQybsDCz3 - 0ymXORQq9+egDX6DbASlBgPS1ns93xOkOcKnhxMDxQSnU2tLkwRBBhNIbaY+qy63BTdGcNmVYAPU - YQNeiiAOhDEVBK2CK7hG+ePx8HTc2Y37uDJxznrJF8+g0cqk3EKu9HXtXIYzFIjDOOqE/U48GEdx - 0nuZhC+6vZ3dX8I4DMlHsmGvS3BqnugjyQdRGIbxKupmkoFJtSgJEVzdZ2bGi8JnmTBWyNSyUkAK - TE3YQumrLkmnSr7XxWO8MJBWGoK5gAWfc8v1KyP+gb0ZJqmaPauXjrK9KOxFg2Y6Rkf31iH7HiUa - bY25uaIcVZeWRsmEFwZ8r9XhJU7Jre9ZgcQoMcleIiuMxCu1+ozuPRG9Rtph57LRYkeTOwlfe/pe - CmtRAfGrkaag/nB7jZrYBdcUmBGzshDIkGwjGgTXUaY/WPYHj3G3gbkx1iBdCgIWn7s498OXaDnu - L5GdT1XsUuhY8sw07wdsRTvLaOfHbC1bY83gAWu9eNmLf8xaQ07TDrZau72l+l5+qLsLZuzsHDOY - 5xpyrOtvaIicUkVVl1m9klbGqplrERdoIX657cPgWx1166hXqTBd+/OSTuR7GKb9gBVHvGo2cIt9 - sm5D318BdY9bdbWg1qaJ3m54oCqKMqJO9ZEWhMy9xOoKbpvmRcq0SOvYv3yzRo7hVjNVVZEdClMW - /LopCVxONWCsVHX39clw50XbJzdRC7fBGW37EK9bhlBa2OsnItaKB67ZPr5dihnPwQQkYVolAhem - Ip92zTxf95i3uNI2o9gjlDZC6bWhFPwSqJ0QOTc2UV3eC0S0jYnRgBCZcjMsRfpOyCt3GB9CSWez - TNusuVwu3LfVilRyiEczvyxgBNzUTNDNyDt59/7N0fHFu6OD4fHp8GI4Gv01wviwhAxCghvGU2An - 2DelZWSXCcOULK4Z1qQoSCmziv0uNGcnGmZYt6wyyNGuq9LNKHZRYXgjwrAvJom3UbQIei4kLzCd - mI91ldG3zbXmZtHA63hdoHdtL8DM5hJWu6uSqvYRTK7vCk8kXy28Oq++Pt6/j49rvv3G0yu8SrWU - a5XXtg6aS80POdzejOqaQSNxe7xKWFB1q0Lp49qby6KCTq6xS6yvB4odqjrZalbiZU/aJgsP5fRr - cD7Ju799lmtVlXTzeS1khk3NMGQ+uwSQrKzMFDLHuaPRPr0vgQk5JwNEpIzhpZXh6QBZQsqmcZe9 - IXWf5HP3fp6ws5VaIRMmMXoruFU6Cbt4/7shCBHBQqW8mCpjk0E4CINJLXPhfAvifu8cpdnZKR1n - 2HHYW7XoWHW/8DkL2FlkLPu74tqCZkOZY3XNEKsHBI5P/mT7FZYuO0253LKxhuzmhp0C1gQ5guOD - D0P3+li/2rzQpDk0aTgWFquXRB0PcISKGDU4dsPOUEcnxort4PUujpx14lU6h+5MWA1dpfMgzUXn - UkhaJTp0cf6KBntfS5+Twl4YrrUs7mrB4uREWIH3NyrqALd2p3ZWkNw6PThxCSJlMT4jyKuCI5hL - +nPhojoEKXhBzDkFPRd4fe6wn45XGnz2rLC/7qGanW748xZEUf0+no5z8Aksd01k9yGzg7G96O0+ - EZlG2iHTfzwy/f9E5v9D5V8AAAD//+xZbU/bMBD+K9akSVAtaZMmbamEGBNMQhoI7YVJ7EuNnTaZ - 2iTKS/myH7/nbOeFQGGrgDEJtWoT351zvpfHvsufWAVZ9SHjsQj7X/li2mNnCDQ9WkZLeXLUHkIc - YmWUymFruPqEjl2nu7of2k/p5iqf++5k4iOLekcKMIFlPxNGWwlUfFiQ7dDvLsSr9IMYxQkt9/sx - bn7gz9om9GmGCz3DY2ZiY/CLchmjeKcdvEaINhrCpiqoGgnYqEbtHtC10iROAOcGB+0o6XO5jnIg - f0Cb4RiAPifTImCqXZs8N2ueNGM4X7B1ow9QPTNeDxqvy9rrufE6Lwpsj/k7dh1GImQ41i4WQNcS - i2Epx7PiBeMMxYCAIM4sIuNz0mN2KESQFtYnHi9KAPGMhQGXkFxzbHC2Xi1rGeg0keUyaFvnJr0q - RabtyAPLuTqxy4oO8qIiOzdnAGcIcQxWdp+apZMIV/qqyxsqUIzRD0UYbmlZOWZJy6tlJJTLTiO1 - LxqPfVMHIbKvcYVWhcHbSxAytfTeySrloiD+s4RF6oahXltHMpCK4UsRpLn2EsZlKQLNbBL9M1IJ - B0bo8jdRogTThPZHivodLldRvMt2dn+tcNIskmkdu3dCxdPDhLctTHgKJrwHYWKbfeAWTDzOttQk - /TPBxOgVJp4BJrz/HCZGRvABmLjdk3A29SQcbxPBb9efRYYIUu0Vaph0WAc1a5ewqc4f1HV+tdRN - jHUHqkvYqwgqukOqJe5ohHXrrrxcrTgVjG/urYHIgNT9SbItS0vqARwgHKlDdSL3/Tn3htK5mngD - /wraj8d7juuOqJKtmfCEe9gC8u6hlBTq4Gx0sEwn8X1yzfOUQI4mvbedq1uQNupYxWajcO3ry77v - uI4XOINg6Mq9kRgKf+yIiS/lgI/mTjA5kPtqlrfDw7fuR3y1nLXisSnoLEsP5XaZW9ewiOXaFP22 - zjYymZVynpPFIK8QnS9zXB6dWyM7jUn/bp/45Wvc7Ta/fI27HeuXrjFwR+oWrWnGtI8i5+ZVC+UT - VWm6Dayx6xKAC/bjMkvSoH8JuBHUwjSJR29IQK0zmZ5j3vWYPk5m4PYVCp7f6f8SCn4DAAD//yLX - xaNFAa1dTIeiAAAAAP//ghUF8NYE0InpkBxXDZpchbINgObmlyTmAFlY2kXARpdSda0SpgSuiSAD - +EQQugR8WgVdAt5+S80ryyzKz4M0hKCjzKXQmX4IlxgvlOWXUG2+DmIW3EygRRmJxWH54JkI+CRb - fi7ExdUwJrTUJdt+8JoIfZi5Okq5iRVBqcWlOSCDkfwKnkMoKnEsgfgbNJUJmmcA+RwujqrZCEU3 - VAPYtbW1tQAAAAD//wMAcye6kzAiAAA= + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm0q8SbFVtjJdFxbSdy6risryYPj8cDkikQNAiwA6tI4/94F + SEqxbGVidxr7gSSAvZ89WH30YFlRkXmJp0BkoCB7xYBnuidoCbqn0wJK2pMVKGqYFLoHGTMlGNpL + Cypy4DLvzUFp3INsApUCDcK0Z9NaG1nOrMKrKAyj0Ffwdw3aTFcVnCmaGpaC1/OYtR9Fo3CEHxr4 + DD8LYyqdBEEGM0hNJv+SPjWcas2o8AWYAC2ZgFYsiAOmdQ1Bp+AGVih/Oh2fT/vRcD/EJeeC9pKP + nkbfap1SA7lUqyaGDL9QIg7juB+O+tGLaRgmcZxEQ38/Cn8M49DqcEYMOu7UPNFJKx9gKsJ4HXb7 + kYFOFats4nD1gOiSct4jGdOGidSQikEKRM7IQqob30qnUrxV/JFe1ILZclF+RefUUBXMGSwC59bG + wXYrCgfR6GfN/oGXJZa9LtGqhQWanFJ9Y2tVXxv7lswo19DzGsFjjMvJ9ryCIXBUWqxOYA7oa/ip + 5xmGyKoQJV4iaozR24LJINy1EXUblZJ/YahPrEQr7ergKtvVwX58hp5NuG8FMwYVaG9t20L4N3dW + y5lZUGWBrFlZcYYOZ1spwUI5+A1Hy+Hoke5+oWRdJOuCDcN9dCMeLuPh/2ulgYUDKRqM9pbR3rcw + uOwsDuLlIP4WFlvkf/p0H45xB8cZW75rOBCLfHGJRc9zBTnSyj2sozuS102XPwjyeH/XxmjXxov7 + yhtKa1YtYTj29pJ+1PKYzYpiaePHx3trFqsYsC5kzbMjpitOVy2icRnTa95h6izKWxPU4EXREOzj + +7Gh7w1hB406ZbvNvR7K2mbQOf/eLjCRe4lRtfUmVYDB2hZ+iMAH4bAj8O207aKZeE0z2xvrgm9v + DDbExKRiZvXETHTigbsevp7gWUlz0IGV0J0ShgsFywtfz/MNk73BlY7yYs8V8xosN1nYbt/Xezvi + jXZhNBrZwAuqxxVLT5i4eWV3jqCys4VIOww5ZC3c3npFSDHG0YJec5gA1Q0uVfvmnZ28fX18enVy + fDg+PR9fjSeTPyYYBjaXxsjxwLQAcoYkLAyxdgnTRAq+ItjQjFulxEjyK1OUnCkosaNJrRFh/kON + HWFDeeEtC8NRNUi85sbCImGWN111p8Ux3zkTlG8faiejNr0O5xy961gCC5gLWJ+uK9u2X4HkZoh5 + IsYa4fXld3fueBzsNrD6haY3OAp2yOqUN7YO22nrPzncjWxNa6CRuLurBSxsd0su1WnjzTWvoZ8r + 5KzNwCLJkWyKLcsKh1Vh2ip8qX53k/NBfP5/QHIl68qOZK+YyJCSNEHkk2sAQapaF5A5zB1PDuzz + GggTc2vAgiYjOHQTvDcgS6yyIvbJa6vug3jmns8ScrFWy0RCBEZvGDVSJaH/3B/c2hRiBrlMKS+k + NglOv2Ewa2SunG9B/PwShcnFOaS15RXyRi76Rj4se0kCchFpQ/6sqTKgyFjk2FwlpuoLAqdnv5OD + GjuXnKdU7DjYZOz2lpzjGOgcwffDd2P3eN88urLYj/Y2ta9TZrB5raiDAb6hImJpjNySC9TRj7Fh + +zhvxpGzbmEl5pkvcHL2czkP5jUXCDSDRBDcPX9pVQzCcC2XLsAvmVHgS5UH2I3UIpTh9Ge7OMCj + fmFKbuU29cAPVxGrLMa/CeQ1p5i+pf015OI4AsEot1A5BzXHHz2kT74/XWvoke+4+eklqtnzwx92 + 5BDVH+DlPIeeTY8bMslDudjD2J4PXnx1Lv4FAAD//+xZ227aQBD9lVWlVATFxgsGAlWURqKRIjVV + 1Kh9SF9YvAu4Amz5krzk43tmvTbY4dISBVEpSgTYM+OdncuZnbHh17Zw/94W7k5bHNYOSJw8uPp1 + bRO6x+qDVLEBMg4371WY2Ix3zxjhKyunc/435XaRz/q6Zb+lW/OEbbQ4pUl9oAERWPU7YFQqoPZO + OVbDx+k6A2zfPqsj90D4hS9rrzTAmogi/YjXJWLZB/X7II1gzWt/pgCEKrP4x0nySXgedqF/LoNu + RXCwBOw6gLVQIwCSGwy0/aAh5KMfA/QV1cEusHxMVkcg5QWbfDpcrjBkOFow0h/trDlMRCYejHYU + D7KIh9jEg0gSVMb4jD1NfW/KcL6eTICsKaCOhQJrLSZMMHQIHgRxXPEiMSY9hld6o9ZXsZikAOEh + myohIfkoUNvsbLfs51Kh20CmM7VaJsr0vD/pr8YkWO70UVvmdJAnOZmXnwDOKcRxE1Guk7y/2zGE + 7n36oPjCJW0rxlPCdDTzPeO0W18XReOzH/oURBY2zsiUYQCXGQiR2Tzkbuah8BKS+RYwX18wNHKP + vlSyFE7fkVQ4GmLpfwkKIxoGVAwpxmtCzv3FKaudPs8Rw0nQL+J2LWq8NWI4vf0Qw+kBMZzeaxFj + r2LxAjH2LVerDj40YnTeEeMAiOH+X4jRKUR3IMbLUQTfNIrg7iZCOydQ+5JECBk9E6GpTYXVKVir + hE3tvVO09/lmNzEWIykdtVNqFdZOEpxiRFVqm6vtVpzO54L6xA9bWx8yIA19gmjPjpJa/0vEH42V + buRFeyzcluSjc9dpj6Btt9vjzWaHGtiCCStsYVPk3SspKbbBudTBMoPFz8GTiEMCR3ro1pGwtrmy + 0b5qNhv9aj6WbPMmdxV3VKspex2v5bW73DtvS+mIzpir80t5oZ9y0ro6aV7jP5Oz5mJhGjnLym7F + dhpbT7CI1bShorSz9CKTWaEQMVkM8hrAxSzGz8Gd1bHDBelfHS8fv8bV+fTxa1ydbx+7xsAdmc2J + zQxm9VhyZ17XUD5R55bNbjPsekDTD/YvaRSEqvEAuPFoQGkSj96ygFpkMq1jXjqZ8U1k4PYdCvZ0 + +h8AAAD//6Ig0keLAnq4mJZFAQAAAP//ooWL6VgUwFsTQCemQ3JcNWiCFso2AJqbX5IInXdGb5Pg + muYxwDXNYwCf5kGXgDfTUvPKMovy8yANIegYcil0gQGES4xLy/JLqDeZBjEMbijQpozE4rB88EQD + bEYPmIQgTq6GMaGlK9kOAC/G0IeZq6OUm1gRlFpcmgMyGMmz4CmCohLHEojHQVOVoGkEkNfh4qia + jVB0QzWAXVtbWwsAAAD//wMAHP7dQc8iAAA= headers: - ATL-TraceId: - - 7d4c4c81bede3b44 - Connection: - - keep-alive + Atl-Traceid: + - 909b83efd6732edf + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5fb920c0-3518-4e33-aeb1-4aac075b10ee X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c8637b4b-e3b4-4384-a0a7-3db0a8d2e065 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -460,98 +372,104 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11113 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11808 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbRhD+Kzf6kGlT23qxQ4w6TIaCk9CmlBon+UAY5iyt5QvSnebuZJsG/nt3 - T5JNCKaE1HzQ3Un79uyze8sXD1Yll6kXexpkChrS1wLy1HQkL8B0TDKHgndUCZpboaTpQCpsAZZ3 - kjmXGeQq6yxAG3wH6RhKDQakrb/1Op4gzSH++rgxkM9wO7e2NLHvpzCDxKbqs+pxm3NjBJc9CdZH - HdbnpfAjXxhTgd8quIQrlD+ejE4n3d1ogCcz56wXf/EMGq1Mwi1kSl/VzqW4Q4EoiMJuMOhGw0kY - xf2XcfCi19/Z/SWIgoB8JBv2qgSn5ok+krwfBkEQraNuNimYRIuSEMHTfWYKnucdlgpjhUwsKwUk - wNSMLZW+7JF0ouR7nT/GCwNJpcFfCFjyBbdcvzLiH9grMElV8aw+Okr3wqAfDpvtBB3d24Tc8SjR - aGvCzSXlqJpaWsUznhvoeK0OL3ZKbjqeFUiMEpPsxbLCSLxSq8/o3hPRa6Qddi4bLXa0uZXwjafv - pbAWFRC/GmkK6g/3rVEzu+SaAjOiKHOBDEnvRIPgOsoMhqvB8DHuNjA3xhqkS0HA4u82zoPgJVqO - Bitk51MVuxQ6ljwzzfMBW+HOKtz5MVur1lizeMBaP1r1ox+z1pDTtIut1m5uqL5XH+rughk7O8cM - ZpmGDOv6Gxoip1Re1WVWnySVsapwLeICLUQvt70Yfqujbh31KRWma39e3A1xyy12xbrpfD/f6462 - 7mF+rU0Tmd3yQFUUU0h96SMdCJl5sdUV3DStipRpkdSRfvnmjBzDT81cVXl6KEyZ86umAPAYvbIf - sF1QUTRgaMBYqeru65PBzou2T95FLdgGZ7jtRbTtRX/TS4TSwl49EdxW3Hdd+PF9VBQ8A+OThGmV - CDyYi2zeM4ts03ze4knbpSLPAToFaidEzjthUV3eG2+4jYnhkAKfczMqRfJOyEt3GR9CSXezTNo8 - uuwu3bv1iVRyhFczn+YwBm5qbuhm5Z28e//m6Pji3dHB6Ph0dDEaj/8aYxhYQgYjxw8mc2An2Del - ZWSXCcOUzK8Y1qTISSmziv0uNGcnGgqsW1YZZG3PVendKHZRYXAtgmAgZrF3p2gR20xInmPWEPZN - ldG7u2fNZNHA65ieo3dtL8AEZhLWX1clVe0jmFzPCk/kWC28vq++vt6/j3YbWv3Gk0scpVpmtcpr - WwfNUPNDDreTUV0aaCRqr1cJS6pulSt9XHszzSvoZhr7xmY8UOxQ1clWRYnDnrRNFh7K6dfgfJK3 - //ZZplVV0uTzWsgU25xhyHw2BZCsrMwcUse5o/E+PafAhFyQASJSynBoZXg7QBqTsnnUY29I3Sf5 - 3D2fx+xsrVbImEmM3gpulY6DHs5/1wQhIpirhOdzZWw8DIaBP6tlLpxvfjTon6M0Ozul6wwbC3ur - ll2r7hc+Zz47C41lf1dcW9BsJDOsrgKxekDg+ORPtl9h6bLThMstH9aQXV+zU8CaIEdwffBh5B4f - 60ebF9o0lyYtJ8Ji9ZKo4wGuUBGjPsau2Rnq6EZYsV0c76LQWSdeJQvoFcJq6Cmd+UkmulMh6ZTo - 0MP9K1rsfS19Tgr7QbDRsrytBYuTE2EFzm9U1D5+2pvbIie5TXpw4xJEyiL8jSGrco5gruifCxfV - IUjBc2LOKeiFwPG5y346XmvosGe5/XUP1ez0gp+3IIrq9/G+XECHwHJjIrsPmR2M7UV/94nINNIO - mcHjkRn8JzL/Hyr/AgAA///sWW1r2zAQ/itiUGjD7MSOnaSB0nW0g8Jayl466L5EtZTYI7GNX5Iv - +/F7TpJfki7tFtqug5KQ2NKdfLqX53TnP9EKoup9xuMg7H7hs3GHXcLR9GgZzcX5aXsIfoidUSiH - reHqEzp2He7qvm8/pZmreO66o5GPKOqcKsAElv1IGKUSiPgwI9un3wOwV+EHNvIT2u63M9x8x5+1 - i+vTCtd6hceMxEbh1+U8RvFOGbxGiDYaQqfKqRoO6KhG7Q7QtZIkTgDnBgftKOlysYxyIL+kZDgE - oE9JtXCYKmuT5SbNkyYM5wu2bOQBqmfG6rKxuqitnhur86JAeszfslUYBSHDQXc2A7qW2AxLOZ4V - zxhnKAYCMOLMEmR8SnJMToJApoX1kcezEkA8YaHkApxLjgRn692yloIuElHOZVs76/NVKTJuex5I - rtQZXlTzmJ5V0876CqAMwY7BSu9js3Vi4UpedbkmAvkY/ZCH4Za2lWOVtLydR4Ey2UWk8qKx2Fd1 - ECL9GlNoURisPcdEprbeOV+kPCiI/jJhkbphqNeWkZBCEXwuZJprK2FclIHUxCbQPyGUcGCELH/j - JYoxTSg/ktfvc7GI4gO2f/BzgZNmkYxr3/0tVDw9THi7woSnYMJ7ECZ2yQN3YOJx0lIT9M8EE4NX - mHgGmPD+c5gYGMYHYOJuT8LZ1pNwvHaZWWRwFNVXoU7JJqm/ZY3e1om6zq92tI1wW93fqztQmxOH - 1cRaDb1ZZynXD6nQ0DVZXi4WnArGN/fWQKRA6v4k2Y6lJfUAjuGO1LM6F0f+lHt94dyOvJ5/C+mH - w0PHdQdUydZEeMI9ZJKseyIEuTooGxks00l8l6x4nhLI0aL3tnN1C9JGHavIbBSuXX3Z9R3X8aTT - k31XHA6CfuAPnWDkC9Hjg6kjR8fiSK2y1z/Zcz/gq/msBY9NQWdZeii3y9xaQSOWa5P32zraSGVW - ynlOGgO/QnQ+z3F5emUN7DQm+Tf7xC9f4s1u88uXeLNj/dIlBiAJ3bQ1zZj2UeTKvGqheKIqTTeG - NajdAHBBflZmSSq7N8ChgDqVJvDoDQlm60im55h3PaaPkxm4fYWC5zf6v4SCXwAAAP//ItfFo0UB - rV1Mh6IAAAAA//+CFQXozQ5gO0qpuhakB9bsALo9HZIVq0GzrlC2AdDC/JLEHCALiym4JoIMcE0E - GcAngtAl4O231LyyzKL8PEhbBzrKXAqd6YdwiXJpfi7EhGoYE1oKklHyIa1R0IeZq6OUm1gRlFpc - mgMyGMlu8Jh+UYljCcQdZfklVJtJhJgFNxNoVUZicVg+eEYENv0HmsoEzTOAbIS7A9WxRiiuhWoA - h05tbS0AAAD//wMAJpp2TjAiAAA= + H4sIAAAAAAAAA7xX23LbNhD9FQwfOm1K8SbFVtjJdFxbSdy6risryYPj8cDkikRMAgwA6tLY/95d + UpTiizKxO439QBLA3s6eXaw+O7CouEyd2NEgU9CQvhJQpMaVvATjmiSHkruqAs2tUNK4kApbguVu + knOZQaEydwba4B6kY6g0GJB2dTapjVXllBRehEEQBp6GTzUYO1lWcKJ5YkUCjusIsh+Gw2CIHwaK + KX7m1lYm9v0UppDYVH1UHrcFN0Zw6UmwPlqyPq+EH/nCmBr8TsEVLFH+eDI6nfTCwW6AS40Lxok/ + OwZ9q03CLWRKL9sYUvxCiSiIol4w7IUvJkEQR1EcDrzdMPg5iALS0Rix6Hij5olOkryPUATROuzV + Rwom0aIi4HB1j5mSF4XLUmGskIlllYAEmJqyudJXHkknSr7VxSO9qKWgdPHigs+45dqfCZj7jVsb + B1dbYdAPh78a8Q+8LDHtdYlWiRZocsLNFeWqvrT0Fk95YcB1WsFDjKuRdZ1cIHF0ki+PYAboa3Dj + OlYgsypkiRPLGmN07tCkH3QblVYfMaInAr6SbuBuEtjBTR9fkGQT1VsprEUFxlnbJqb+0Zw1amrn + XBNfjSirQqDD6Z3IMR8NywbDxWD4SHe/kpkuknVeBsEuuhENFtHg/7XSZr/hIhoMdxbhzvcwuOgs + 9qNFP/oeFlcEv7m5T8dwG0+jbmMqFu/aHojZPztHNmSZhgzbyj2uo5+qqNsqf1BrtLttY7ht48V9 + 5W1La1epYTTd24l7oesgavYdIkLkbQ80hU8AapG0nn2+t0a0RmxMruoiPRCmKvhyRX5cnnOLF0Xb + YB9fqG373jRsv1WnqQyb131VE4IhufqeFoTMnNjqmmwnGjBYqu2HGng/GHQN/C5s6zZzd2NbwqN1 + wu9u9DcdSygt7PKJSHTifnM9fHuDFyXPwPgkYTolAhdykeWemWWbFvcGV7peGDk3RIdLoKZFtL17 + X+9siTfcxtFwSIHn3IwqkRwJefWKdg6gotlCJh1jGh7Nm731ilRyhKMFvyxgDNy0LNSrN+fk6O3r + w+OLo8P90fHp6GI0Hv81xjCwuAxGjgcmObAT7M7SMrLLhGFKFkuGlS4KUsqsYr8LzdmJhhJLndUG + GeY9VPEhFpQTXIsgGFb92GlvLEwSorypqlsljnhnQvLi7qHVZLSCt+F5gd51XQITmElYn64rKttv + YHI7xDyRY63w+la8PXc8jnYbWv3GkyscBTtmdcpbW/uraes/OdyNbG1poJGou8QlzKm6VaH0cevN + ZVFDL9PYoTYDi2IHqk22KiscVqVdZeFr+bsNzgf55f8ey7SqKxrJXgmZYksyDJnPLgEkq2qTQ9pw + 7nC8R89LYELOyACRJmU4dDO8NyCNSVkeeew1qfsgnzXPZzE7W6sVMmYSo7eCW6XjwHvu9a8JQkSw + UAkvcmVsjNNv4E9bmYvGNz96fo7C7OwUkpr6Cnuj5j2rHpY9Zz47C41lf9dcW9BsJDMsrhKh+orA + 8cmfbK/GymWnCZdbDraIXV+zUxwDG0fwff/dqHm8bx9dWuhjdZvS60RYLF4SbWiAb6iIURtj1+wM + dfQiLNgezptR2FgnWslZ6kmcnL1MzfxZXUgkmsVG4N8+f04q+kGwlkvm4JXCavCUznysRk4MFTgW + UhX7eNTLbVmQ3CYf+NFkhJRF+DeGrC44wregX0NNHAcgBS+IKqegZ/ijh/XYj8drDS77obC/vEQ1 + O17w0xYMUf0eXsUzcAmeZvpkD2Gxg7E977/4Ziz+BQAA///sWVtv2jAU/ivWpE6AmhBDuE5Vh8Qq + VVontGp76F4wsYFMQKJc6Et//L7jOOHSAhtVEZOqVkDic+Ljc/ns78TIa1+4f+8L96AvTusHFE6e + XN2K9gndY5V+qlgfFYeb9ypMbMZbl4zwlW2Wc/435XZRz/q6br9lWPOCrdY5lUmlrwERWPU7YLRV + wOyDeqyEj/JLDti/fFZB7WHgF76so8oAcyKL9CNeV4ibMajcB2kEb974MwUgVJnHP06ST8LzsAr9 + c5V0a4r9FWBXAKyFGQGQ3GCg7QdVIZd+DNBXtA+2gOVj8joSKd+wKabD1QxDhqMFI/tBZ81hIjL5 + YKyjfJBFPsQmH0SSYGeML9nj1PemDKfpyQTImgLqWCgw12LCBAND8KCI44oXiTHZMezphVpfxWKS + AoSHbKqEhOZSYG+zs9WynyuD7gKZztT6NrE5nvOT7npOQmSgj9oyH8fwJB/mm0+A5BTquIks10Xe + PRwYQvcufVB+4ZKWFeMpYTqa+Z4J2p2vN0UTsx/6FEQeNsHIjGEAlxkGIrN46N3OQ+ElpPMtYL6+ + YGB4S18quZFO31FUOBpi6n9JCqMaBrQZUo6XhJz7izIrlZ/myOEk6BZ5+yJqvDViOJ3jEMPpADGc + zmsR46jN4hliHLtdrQf41IjRfEeMEyCG+38hRrNQPYAYz1sRfFcrgru7Bhr5ANGXJELK6J4I9Wi2 + RJ1CdHtgF713CnqfL3aX4K6WlFO0pDZo8ja90rk+JYKRUbE4nc8F8cQPe6kPOZCaPkF0JKMk6n+N + /KO20q28aoyFW5d81HadxgjWt1odXqs1icAWQphhj5ii6PakpNyG5MoGy3QcPwePIg4JHOmhe3vF + 2ufKBn3VYjb4at6vbPAadxV3VL0mO02v7jVa3Gs3pHREc8xV+1pe6adc1HsXtRv8Z3rWXCwMkbOs + 7FZsp7H1CI9YNRsmSjsrL3KZFQoRk8egrwFczGL87A+sph0uyP7tvvP5W7zduD5/i7cb3+duMXBH + Zl1h04NZP5YMzHscqidiblnvNsOuB5B+iH9JoyBU1QfAjUcNSlN49PoFo0Ul0zzmpZNp30QGbt+h + 4Mig/wEAAP//oiDSR4sCeriYlkUBAAAA//+ihYvpWBTAWxdAJ6ZDclw1aOYWyjYAmptfkgidd0Zv + o+Ca5jHANc1jAJ/mQZeAN9NS88oyi/LzIE0a6BhyKXSBAYRLlEvzcyEmVMOY0MKOjAIOaW2EPsxc + HaXcxIqg1OLSHJDBSHaDR+yLShxLIO4oyy+h3qQexDC4oUC7MhKLw/LBEx7wecT8IvA0AshKuENQ + XWuE4lyoBnDw1NbWAgAAAP//AwBAqhxBzyIAAA== headers: - ATL-TraceId: - - 9e29b44ed81b6e84 - Connection: - - keep-alive + Atl-Traceid: + - 6a369629f15e1c0c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b84439ac-d6c9-4217-8b01-0f606bf8d97b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '464' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ed85be8b-d674-44f4-8eda-a4bde2653b4e - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -561,174 +479,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuT9CNrbqIHFVmFdk+ySJJOsZI2pU2FZdn/boKLH7fhneeZ - lzmBVgvtZwsS3r2fFrnZtNSR8a37cJnyVi1Lr8ZsJA8JfNK89G4MMENkGWaY1rubl/r+ufnd7tZB - hwnka4QSTPCQQEuTdceBRt8cJwoHbq1b2yDptbfttwIyCqW4hHfKR5AjZykWKRcNKyQymRcZIl4h - Rwz+QnPobfrhH7ttGJe5kFhm19vqhzXDw9i5AAq+FVXZaWVyyhVVaLpKVLrVSmBnEFVRCKEp/1Pg - bWx47GcF8Z1OrdY/OaNifAJ7mYDGt30N5/MXAAAA//8DAOaYf5paAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIErGJOWEYfHDdsPDaH0CeUmFLay1hagZ41jUiGWlGKedQs07IUqDBf9bEN3a + 8NjPCtZ3rFpcfPKdWuMTuMsEZnzb7+B8/gIAAP//AwBYG8CzWgEAAA== headers: - ATL-TraceId: - - 8762b4ecf7534772 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 583aa04ccb9b5452 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1007f35c-85c2-4320-b467-4b664f4e5fb2 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 72420951de2f534d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 02ccd8db-58de-4dfc-aad2-73b104c56d27 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d412f801-ed87-4f91-8824-67d3a2bce5dd - x-envoy-upstream-service-time: - - '83' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -738,110 +549,117 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - dbd33853fd9693e6 - Connection: - - keep-alive + Atl-Traceid: + - 58c7d88555c2ea22 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:16 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ad092731-45e2-4203-b292-520650d44710 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '190' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 851b0b16-2aba-4e7b-84d1-6f13e9f08582 - x-envoy-upstream-service-time: - - '98' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/244] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/26] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082] + || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n| High | [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082] + |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080] | Active, Verified - |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n\n\n\nh1. + |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/2888]\n*Defect - Dojo link:* http://localhost:8080/finding/2888 (2888)\n*Severity:* High\n*CWE:* - [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* [CVE-2019-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/313]\n*Defect + Dojo link:* http://localhost:8080/finding/313 (313)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -851,30 +669,30 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/2886]\n*Defect Dojo link:* http://localhost:8080/finding/2886 - (2886)\n*Severity:* High\n*CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html]\n*CVE:* - [CVE-2017-16082|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082]\n\n\n\n\nVulnerable - Component: pg - 5.1.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + < 7.1.2)|http://localhost:8080/finding/311]\n*Defect Dojo link:* http://localhost:8080/finding/311 + (311)\n*Severity:* High\n *Due Date:* Sept. 17, 2022 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require('pg')\nconst client = new - Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", - 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || @@ -884,13 +702,13 @@ interactions: < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n - CWE: CWE-94\n Access: public\n\n*Mitigation*:\n* Version 2.x.x: Update to version - 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version - 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version - 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that - versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update - to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n*Reporter:* + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -903,53 +721,59 @@ interactions: Connection: - keep-alive Content-Length: - - '7107' + - '7090' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11114","key":"NTEST-925","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11114"}' + string: '{"id":"11809","key":"NTEST-1471","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11809"}' headers: - ATL-TraceId: - - c0ae07c474f3a355 - Connection: - - keep-alive + Atl-Traceid: + - cdf5e2730be3a28a + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ecc0bb10-8338-411b-84b0-e9fb3c5c8c2a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '661' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 12c5a3df-6d8d-4954-bd30-3690ea61c661 - x-envoy-upstream-service-time: - - '455' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -959,109 +783,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-925 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1471 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id/iQHCH6XA013LX47hA2w+UYYS9OCq25JHkEK7w32/X - LzEFwlAaZvBqpX1/dqVvDixLLlMndjTIFDSkfwjIUzOQvAAzMMkcCj5QJWhuhZJmAKmwBVg+SOZc - ZpCrbLAAbXAP0hmUGgxI25x1Bo4gzQH+IlwYyC9wObe2NLHnpXABiU3VV+Vym3NjBJeuBOuhDuvx - UnihJ4ypwOsUXMI1yh8cT4+Oh9vhGDkXtbNO/M0xaLQyCbeQKX3dOJfiCgVCPwyGfjQMJ8dBGI+2 - Yn/T3fa3fvND3ycfyYa9LqFW80IfSd4LfN8PV1G3ixRMokVJGUHuLjMFz/MBS4WxQiaWlQISYOqC - XSl96ZJ0ouRHnT/HCwNJpcFbCLjiC265fmPEf7BTYJGqYqNh7ac7gT8KJu3yGB3d6UMeOFRotHXM - zSXVqDq3RMUXPDcwcDodTlwruR04ViAwSiyyE8sKI3FKrb6iey/MXitd566uRpc7WtwpeO/pRyms - RQWEr1aagvqrPmvUhb3imgIzoihzgQhJ70WDya0hE02W0eQ57rZpbo21mS4FJRZ/d/Mc+VtoOYyW - YfRixXUJa5RsmPb7hK1gcxls/pytZWesJZ6wNgqXo/DnrLXgNB2x1trtLfX38lMzXbBiJ6dYwSzT - kGFfP4AhYkrlVdNmDSepjFVFPSLO0EK4tW5j8lBHMzoaLjVmPf6ceBjgklucis3Q+XG8NxNtNcO8 - RpsmMNfknqoopoDm0mdiCJk5sdUV3LajipRpkTSRfnvAI8fwqJmrKk/fClPm/LptAGSjV/YTjgtq - ijYZGjBW6rrH5uR4spqT97Pmr0tnsG4j7EeGUFrY6xfmsBP36mH7/HEpCp6B8UjCdEoEMuYim7tm - kfUz5j1yumEUOrcPQxl1oeT8HGicEDjvHaK+fDQRwTokBhPKyJybaSmSD0Je1pfxWyjpbpZJV8e6 - ulf13oojlZzi1czPc5gBNw02dEs5hx8+vts/OPuwvzc9OJqeTWezf2YYH7aQwZTggeM5sEOcm9Iy - ssuEYUrm1wx7UuSklFnF/hSas0MNBfYtqwyi1q279H4U26jQvxG+HwkZO/eaFpOeCclzLCfWo+8y - 2rvPa18WbXprpOfoXTcLsLKZhNXpqqSufQaSm7fCC8HXCK/uq++v9x/DY4+333lyiU+pDnKd8sbW - Xvuo+SmHu5dR0zNoJOyuVwlX1N0qV/qg8eY8r2CYaZwb/fNAsbeqKbYqSnzsSdtW4amafp+cL/Lu - 3y7LtKpKevn8IWSKY84wRD47B5CsrMwc0hpz+7Nd+p4DE3JBBghIKcNHK8PbAdKYlM1Dl70jdV/k - q/r7KmYnK7WIQlZm8dgNXP+GUoeZy1XC87kyNp74E9+7aM6e1T55YRSdohQ7OaJrDCcNe6+uhlY9 - LnzKPHYSGMv+rbi2oNlUZthVBeboCYGDw7/ZboUty44SLtccbFJ1c8OOAHuBHEF679O0/nxuPl09 - aNFelkQeC4tdS6J1/ZFCRYwGG7thJ6hjGGKnDoNNfxLW1glPyQLcQlgNrtKZl2RieC4kcQkGLq7f - ELHzvfQpKdyOeiVXd5VgT3LCqcBnG/Wytx25c1vkJFVm+K8uC6kI8TeDQlnAoFJg0yVmn2TYkP1y - mA3YRm5fs9ANAjdkbCOzr3fYyPVRuN4YuZtuxLqNqN+I3LG71fHHPX/soq6Ov9nziRz3fPKu5Qfu - Zs8Pe3549/yo54/cUc+Pen7UB7DV2yXyDn9ll8jw1zUIwcTt4r2/gAEVv37usscqvbWu0v8DAAD/ - /+xY207bQBD9lZGQkJMGR4SS0qA8UOABqaCqUPrQVIqxN4lbxza+BCrKv/fM7npZ59ICSqs+QFAS - e3Z2x2dmz5zNozKtvdeV6ZcsryfLYLt3mRf7k/aFN+416QxEoO6WYRScHNm3wBNIFVPsxLpdvSbb - rqFheb3jvmzI56Sq6iTtzt7eHvi7eSRbNLrnt4RYvAD8PzuSw+8NuFfEDzfe0ZzIz8e4+IKPradv - Rfa/VP7r7AAPhXRZRrHIpGI0nYm7L0pGbv+HkUDGqIMmungVQYxSk8dHPLUbJm0vmIU5FAaE+m6n - A+EwYkCxASp1yBJimI6HBOVVeGjbHmWqan2uWmGqdqZjCyPupMXEKyjxsVBONxOIjgIaWDsyflde - LijJ6BrHqx+Es6bP+y7H7H7mjTgAaKZyGpNEhviRoKIzQZDRVNwklYtPuQ/0cNxgJYKlQn9C2ImQ - 2FH4XUBkj7CKh7DTNAp9+duZVjxVwJEAPtihrNLtUerREFMZ594I5MCifCsveQjiy68jvZxGJicc - 8EM/TKAHrOBzdxB3FmeHUwykcw4G4eFcmkHoY16DDoswE4OnkcpEUWYxKhnf8jIqGF0rBoxbGoTL - AG5s4HyRIJ/4P0xiX6TFIB4Oh4OYz2wF3dEhngxa5576mP66DDPhbG7svN1Px/KjUY301bg+Qd5q - J4eN8purH43vVA4MVp+G58fvjw8vaJsOzmnzukyK/QH+5NztprrRos4Sa7M9GMT0ih8zTyLhQs47 - aZb4OGK5Ip41vnIsUMXwiNtt5TyUy6uQJHgOomiRI7Ksxeg1qM/kQ3eYWT8R5go47PuGBoasHXea - BCVqBdutfr/6DaVXY2xowxWcDcsq1jZOC7xtLAvMbVnmuNuyzLG3ZZnjb8syx+DGssDhlqXO4sDp - g/wFJqhA6umRGiSNCuaz4GKMNCa8kA0XY6RB0aYKLsbIgGJZqu5WoVIzMUgGlZqFQTKo1CwMkkGl - ZmGQDCqWRYFkUKlZFEhWMQGvCSqJS1Jzei8db6HUp2Eu2EtWH3cpfkOPwtWBz/sAhVleYetL9j8N - 5VFOk3/THF067q1726NP8jDP1KNpvkoIuDKCJXNtp51VTipXS31er/JRSVzqs7vKR6V3qU93lY/K - h/EhB6qMR3BfMr1NlkBL5bslCVclmJuMF+UJpap8XWK1YBZ9s2pRmdDfL6rLAf1pYQEscTJNPb/g - nJ0lFMoLQvJnYSACOeC8EKnsGZnA/aD0hRqsdehH6KFMgNrzpzR96ZgmfLxm8eJ4wTSMG+Q0fk69 - MCqSnpEgS5Xsi4q19rPNf49Qsd3nqtiuVLHdf6Fi13O6rUror6vY7f9Ixf4CAAD//xptxY7gViwA - AAD//+xaXWuDMBT9L4M+Rk38qg+lK2yDvfW5b2liNxhWMUr//u410RlbO9ig+BDwIZib5HpjjkfO - uep1LHZMyyzktliZhd0WK7PQ22JlFn5brMxCcIuVWRhusbIxijsW29fLsdh+jGOx3euwHBZLzcBf - WOy10k7nlHYajcXTpubiq3MLoP4/DY1n5ghmO+bU62BQr/tHnQscfBW8abj4REHsplAeZEPgWCme - qomqLQqOMujTTWUPC4dehrL+o1CKtGPLhUAHxrvcxCcehZIe11EQHyHLNM0oYwmuMwTBCnfCctzV - nZSwhoLInxwQZ9AX81xeuKqQo+Kkd81J2lDjfdQ6DL79ha+bfkwZjXIa5CGTWSJCEadUrGMpA56c - aL7eyk03yyrcrdgbXHocKfjZyJSE6FvKaxW5QEUI8/Ct9zTSYclIxbnCisH4jo/DqYLmy54kXnXG - /Keup+VnPPVOLT/jqf9q6RkDEEltQTLWgvF/5N4YB/E8obalbU4azA4AtBD+2tZllfsHgBmBhhxz - 8NDvB73DScZ1jHPRuBJqA7MOCh6/6Q4KHpHxf6HgGwAA//+it4vpWBSgNy+A7Sel6lqQHljzAuj2 - dEhWrAatIYayDYAW5pck5gBZWEzBtazRAL6sEV0CvkgQXQLebgN2qTOL8vMgLSOIUEopdN06hEuU - S/NzISZUw5jQUpCMkg9pxb0+zFwdpdzEiiDIMAiK3eAVakUljiUQd5QB2+DkLqtDXxcLMQtuJtCq - jMTisHzw+j7YYlbQwlzQqjmQjXB3oDrWCMW1UA3g0KmtrQUAAAD//wMAzxxR3P4wAAA= + H4sIAAAAAAAAA7xWbVPbRhD+Kzf6kOmktt4wxiiT6VDiJLSUUuMkHwjDnKW1fEG6U+9Ofinw37sr + WVZi4kyg0+AZJO3evj+7t7cOLAsuEydyNMgENCSvBWSJ6Uieg+mYeAY576gCNLdCSdOBRNgcLO/E + My5TyFTamYM2yINkBIUGA9Kuz8alsSqfksLrwPcD39XwdwnGjlcFnGseWxGD03EE2Q+CgX+IHway + KX7OrC1M5HkJTCG2ifqkXG4zbozg0pVgPbRkPV4IL/SEMSV4jYIbWKH82Xh4Me4GvYMASZULxolu + HYO+lSbmFlKlV3UMCX6hROiHYdcfdIPDse9HYRgFB244GPzsh75PTpIRi45Xap7oJMl7mAo/3IS9 + /kjAxFoUlDikHjGT8yzrsEQYK2RsWSEgBqambKH0jUvSsZLvdPZIL0opqFw8u+Zzbrn25gIWXuVW + 6+CaFfh7weAXI/6BlzmWvczRKsECTY65uaFalRNLb9GUZwY6Ti14gnFVsh1nJhA4Op6tTmEO6Kt/ + 33GsQGQViBInkiXG6GzBZM/fxQgaRqHVJwz1iZVYS1d1qCrb1IE+PkNPG+47KaxFBcbZ2CYI/16d + NWpqF1wTkI3Ii0ygw8lWSrBQFfx6g2Vv8Eh3v1GyJpJNwXr+AboR9pZh7/+1UsOiAikaDPrLoP8j + DC4bi3vhci/8ERbXyL+/fwjHsIHjVCzf1zMQi3x5hUVPUw0pjpUHWEd3VFbWXf5VkIcHuxiDXYzD + h8rrkVZTaWBU09uJukHHweTY9xg4YbQ+UDU+5UmLuPbs9gGN0IspMDNVZskrYYqMr9YYR/KCW7wo + 6gH7+H6sx3c7sL1anaZuq16PVUkZDMjVD0QQMnUiq0uyHWvAYKmFHw7wvjvo7zcDfDttu8ZMuBkz + 24xNwbcZe+1gEkoLu3piJhpxr7oevn/Ai5ynYDySMI0SgYSZSGeumaftJHuLlGbkhc49wWECNJsI + ttv3dX9HvMEujAYDCnzGzbAQ8amQN6+J8woK2i1k3CCmwtGi4m0oUskhrhZ8ksEIuKlRqNdvzvnp + uzcnZ9enJ8fDs4vh9XA0+nOEYWBzGYwcD4xnwM5xCEvLyC4ThimZrRg2tMhIKbOK/SY0Z+cacuxo + VhpEmPu1xg6woRz/Tvj+oJhEzlY7Y25TIXmGVcO0t21GvG3aejNap7fCeYbeNVMCC5hK2JwuC2rb + 70ByvcQ8EWO18Oby+3LveBzsWlj9yuMbXAUbZDXKa1vH623rPzncrGx1a6CRsLmrJSyou1Wm9Fnt + zSQroZtqnFDtwqLYK1UXW+UFLqvSrqvwrZp+mZyP8vPfEUu1KgtayV4LmeBIMgyRzyYAkhWlmUFS + Ye5kdETPCTAh52SAgJQwXLoZ3huQRKRsFrrsDan7KJ9Xz+cRu9yoFTJiRRrtu4Hr31HqMHOZink2 + U8ZGA3/ge9P67HXlkxf2r1CIXV5AXNI8YW/VomvV12WvmMcuA2PZXyXXFjQbyhSbKscUfUPg7PwP + dlRix7KLmMsdB+tM3d2xC1z/Kkfw/fj9sHp8qB9NOehjfYvS61hYbFoSrcqPb6iI0fhid+wSdXRD + bNRu0PcHYWWd4CTniStxY3ZTNffmZSYRYBYHgPfl+StScdjbiMULcHNhNbhKpx42ISdgClz6qHm9 + w547s3lGUkWK/6o6kIoQ/0aQKwsYRgJsuMR8kwzrsp/O0w57ltkXLHSDwA0Ze5baFy/ZnuujcMXY + c/tujzWMXsvoufvuQUPfb+n7Lupq6P2WTq/7LZ28W9MDt9/Sw5Yetuf/BQAA///sWF1P2zAU/StX + QkJp1qZqC1TqxAMCHiYNNK3bXtZJDamh2dKkxAkwMf77zrUd12kbEIyHPQCopL6+9vW5X8c5CAar + 8UEwWI3vrcb3VgcYrvblR2fc7suP/VZDTAC4I1CKG9FmdyuyTNt8O3ymb8381/Ltm19fx68oaFXy + j3zlYx4j/6QUdIJKiMGxWBYB9YZt4r5H9TJb/c57ga2z6vsgeEvAlziqahXdQW+AAu2fqBaM7vgz + IyYncMiTeuTho7XNtY87lnxUfQi+41/nBUmKHZHtaoF/awD12PLHWZlHAvGVCJ9bbQf3wUUsBQO7 + vHImnqwIgY/GbbdF8EnTa4M464azm1iCVICC7/f74AqXjDESoiKEzBqmy6spgWzBvpRCynUcRxzH + wsYxn0Hk4UWccPcs5mFBWYSNJN3OwTMK0F6jyKhdhFJQltM17m6/CRfPiPNQYvUoDy/ZANCkcpES + s6JAZRqIcy4IzJmK26xSiUhGIg1xkWDyga3iaE5o9WDVSfxLgFdfYpcQZi+XSRyp132G5FQGJwL4 + IGeZmLuz9NFgU5nK8BLFgnl4R5Y8BfbJ68RsZ5CRhBt/HMUZOIBjvAwmaX9zdSilQFqyMTAP18Yc + 3B7rWnSYd1kbQoNULooyTxHceJJlUjC6jg2Yt9WIgAHc2cGVIoM/8XecpRFifpJOp9NJyrexgu7p + GCcDv3mgQ+L3n3EuvN2du/4QoaX/t6q5kZ55SOC0Rs1joXoKzOF4pFJguA5pOj79eHr8hXp0NKbd + 6zIr3k/woxfv+noESbhN7HcnyMt3fFSZJSIAi/cQ/RFuVoFIb1o/2BqQYaik3a7WnioDtFEKQA92 + tMkTed5mBFt0yJlD91jZnAlrzdjwh5YBh77ZQKGzbFYiXohTzR2vXqqManUcnLChkkPSVMut0kY1 + t5KNeu5I1iq6I1mr6Y5krao7krW6biUbld2R1Gs7cPqkXpLMKpBGZqYByaCC9Ry4GCODCW/kwsUY + GVCMqIKLMbKgOJKq51Wo1EQMkkWlJmGQLCo1CYNkUalJGCSLiiPRIFlUahINkhNMwGuOSOKQ7Gia + N9os9HwrGfEHuhO+HUWcBwjM8gLpb3rAWazucKYF+PbS0g/ugrsRfVW3eC5ApthXLkHFTCDJA1dp + 0KSkvbVVZ69JR7txq85+k4528FadgyYd7RGrQx6dcwdS3cl2OBUEbe3xtiq72sXcasJEZrTUARwQ + Ewm76bBpU+XSxzc1AYEutbGB8d2HxTKMCvbbeUax+kIIgZt4JmarNo+Jn8GKcoFqLp/T543qMuN7 + NNMUL5wt4rRFXuvPAjSkyEaWemwltG9k1klgt+A9TWZ7LySzPSazvf+BzL70xusG7vPJ7F8AAAD/ + /yKtMWs42pgdTo1ZAAAAAP//7JrLasMwEEX/pZClXMm2bGcR0kBb6C7r7BTJaaH4gR/k9ztjyaql + 1il0UQw1ZBGikTWR0M0N96xmdjWzjjlzNN0xZ46qO+bM0XXHnDnK7pizqbavZnbcr9XMrmZ2GWaW + 2ak/mNmvwTqbC9ZZPDfApyFq1wj5PiT8SBx4pdSW+gM2rB6/01zhXHhN5wALagELJwj2w0LRdUK+ + YWymg8W2LwqBqefdt0EebhyiC1Xzy1wUvcZeSIlwxIva8YuII8XOWUz5GbpO0y0LwwTXsUWwwo2y + HE/1oBSs0ULlZw8oLIjHPFRX0dZoa/GhN8Gm4RDy4LXRZfBzX4xwDWchi3NG8yhU20RGkqdMZlwp + KpILy7O92g1P2USHTfgMLz2PFKI0sSQh+qM26FtyhR0hYQAtqkBLG24ZqYVoccdg/mC94RLB28cj + SYK6xP59SGr5HfuU1fI79imtpXcMeqM022RIgun/yaOBDvE+Yc6lCSStWaeqxPKnvqnq/P4E+iMR + szEXD1lBGLU3Gdcx6KSBEBojs6sU/P2h/1Mp+AAAAP//orOLR4sCnEUBvFUBdGI6JMdVg5YZQ9kG + QHPzSxKhq6fR2ya4Fisa4FqsaABfrIguAW+eAbvKmUX5eZCmDEQopRS6TB7CJcql+bkQE6phTGhh + R0YBh7TCXx9mro5SbmJFEGSIA8Vu8LqzohLHEog7yoAta3IXy2EsTYUYBjcUaFdGYnFYPnjZHnw1 + bH4ReDEcyEq4Q1Bda4TiXKgGcPDU1tYCAAAA//8DAADmjQCVMQAA headers: - ATL-TraceId: - - 12ffd091ca6b967e - Connection: - - keep-alive + Atl-Traceid: + - 831188157682757c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:17 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5e21b81a-bc0c-4b2a-906d-cd352eceb0ef X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '400' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5dac68cb-800a-4c6c-b620-fb88ef4a106b - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1071,109 +901,115 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11114 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11809 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbVPbOBD+Kxp/YO56id9iILjDdDiatvR6HBdo+4EyjLAXR8WWPJKchCv977fr - lxgoYSgNM1haad+fXe03B5Yll6kTOxpkChrSNwLy1AwkL8AMTDKDgg9UCZpboaQZQCpsAZYPkhmX - GeQqG8xBGzyDdAqlBgPSNnedgSNIcoC/CDcG8kvczqwtTex5KVxCYlP1Vbnc5twYwaUrwXoow3q8 - FF7oCWMq8DoBV3CN/Icnk+OT4U64iZTL2lgn/uYYVFqZhFvIlL5ujEtxhwyhHwZDPxqG45MgjEfb - sb/l7vjbf/ih75ONpMNel1CLeaaNxO8Fvu+HK6/bTQom0aKkiCB1j5mC5/mApcJYIRPLSgEJMHXJ - FkpfucSdKPlR50+xwkBSafDmAhZ8zi3Xr4z4D3YLTFJVbDSkg3Q38EfBuN2eoKG7vcsDhxKNuk64 - uaIcVReWVvElzw0MnE6GE9dCvg8cKxAYJSbZiWWFnjilVl/RvGdGr+WuY1dno4sdbW4lvLf0oxTW - ogDCV8tNTv1V3zXq0i64JseMKMpcIELSe95gcGvIRONlNH6KuW2YW2VtpEtBgcXf7ThH/jZqDqNl - GD1bcJ3CGiUbpv0+oivYWgZbv6Zr2SlrF49oG4XLUfhr2lpwmm6xVtv371Tfy09Nd8GMnZ5hBrNM - Q4Z1/QMMEVMqr5oyayhJZawq6hZxjhrC7XUH4x9lNK2joVJh1u3PiYfBwEE37SesOMJVc6EuJ8K0 - FkljwLcfaIQ4dMjMVJWnr4Upc37d4hLJC26x0zaN7OdrqOmSq77oNdI0FUi93FcVxSkgSz8TQcjM - ia2uSHWiAX2lqnuoT26OV33yftT8deEM1h2EfcsQSgt7/Ux/O3avbrZPb5ei4BkYjzhMJ0QgYSay - mWvmWd9j3iGla0ahQ1G658qocyXnF0DthMB57xLV5YOBCNYhMRhTRGbcTEqRfBDyqn6MX0NJb7NM - OsDUMFrUZyuKVHKCTzO/yGEK3DQg1O3KOfrw8e3B4fmHg/3J4fHkfDKd/jNF/7CEDIYEL5zMgB1h - 35SWkV4mDFMyv2ZYkyInocwq9l5ozo40FFi3rDKIMLeu0vte7KBA/0b4fiRk7DRPBmYPw98X1Z1C - xkRkQvL8/qV2smjDW8M8R+u6XoCZzSSsblclVe0TkNzMCs8EX8O8eq/uPu8/h8ceb3/y5ApHqQ5y - nfBG13471PySwd1k1NQMKgm751XCgqpb5UofNtZc5BUMM40Nqh8PFHutmmSrosRhT9o2C4/l725w - vsjbf3ss06oqafJ5I2SKLckwRD67AJCsrMwM0hpzB9M9+l4AE3JOCgg0KcOhleHrAGlMwmahy96S - uC/yRf19EbPTlVhEISuzeNMNXP+GQoeRy1XC85kyNh77Y9+7bO6e1zZ5YRSdIRc7PaZnDDsNe6cW - Q6seZj5jHjsNjGX/Vlxb0GwiM6yqAmP0CMPh0d9sr8KSZccJl2suNqG6uWHHgLVAhuB6/9Ok/nxu - Pl0+aNM+lrQ8ERarlljr/OMKBTFqbOyGnaKMYYiVOgy2/HFYayc8JXNwC2E1uEpnXpKJ4YWQRCUY - uLh/RYvdu9xnJHAn6oUsbgvBmuSEU4FjG9WytxO5M1vkxFVm+K9OC4kI8TeFQllAp1JgkyVGn3jY - kP12lA3YRm5fstANAjdkbCOzL3fZyPWRuT4YuVtuxLqDqD+I3E13u6Nv9vRNF2V19K2eTsvNnk7W - tfTA3erpYU8Pb98f9fSRO+rpUU+Pege2e720vEVf6aVl+PsahGDg9nDAmMOAkl+Pu+yhTG+vy/T/ - AAAA///sWNtO20AQ/ZWRkJCTBkeEktKgPFDgAamgqlD60FSKsTeJW8c2vgQqyr/3zO56WefSAkqr - PkBQEnt2dsdnZs+czaMyrb3XlemXLK8ny2C7d5kX+5P2hTfuNekMRKDulmEUnBzZt8ATSBVT7MS6 - Xb0m266hYXm9475syOekquok7c7e3h74u3kkWzS657eEWLwA/D87ksPvDbhXxA833tGcyM/HuPiC - j62nb0X2v1T+6+wAD4V0WUaxyKRiNJ2Juy9KRm7/h5FAxqiDJrp4FUGMUpPHRzy1GyZtL5iFORQG - hPpupwPhMGJAsQEqdcgSYpiOhwTlVXho2x5lqmp9rlphqnamYwsj7qTFxCso8bFQTjcTiI4CGlg7 - Mn5XXi4oyega57gfhLOmz/sux+x+5o04AGimchqTRIb4kaCiM0GQ0VTcJJWLT7kP9HDcYCWCpUJ/ - QtiJkNhR+F1AZI+wioew0zQKffnbmVY8VcCRAD7YoazS7VHq0RBTGefeCOTAonwrL3kI4suvI72c - RiYnHPBDP0ygB6zgc3cQdxZnh1MMpHMOBuHhDJlB6GNegw6LMBODp5HKRFFmMSoZ3/IyKhhdKwaM - WxqEywBubOB8kSCf+D9MYl+kxSAeDoeDmM9sBd3RIZ4MWuee+pj+ugwz4Wxu7LzdT8fyo1GN9NW4 - PkHeaieHjfKbqx+N71QODFafhufH748PL2ibDs5p87pMiv0B/uTc7aa60aLOEmuzPRjE9IofM08i - 4ULOO2mW+DhiuSKeNb5yLFDF8IjbbeU8lMurkCR4DqJokSOyrMXoNajP5EN3mFk/EeYKOOz7hgaG - rB13mgQlagXbrX6/+g2lV2NsaMMVnA3LKtY2Tgu8bSwLzG1Z5rjbssyxt2WZ42/LMsfgxrLA4Zal - zuLA6YP8tSSoQOrpkRokjQrms+BijDQmvJANF2OkQdGmCi7GyIBiWaruVqFSMzFIBpWahUEyqNQs - DJJBpWZhkAwqlkWBZFCpWRRIVjEBrwkqiUtSc3ovHW+h1KdhLthLVh93KX5Dj8LVgc/7AIVZXmHr - S/Y/DeVRTpN/0xxdOu6te9ujT/Iwz9Sjab5KCLgygiVzbaedVU4qV0t9Xq/yUUlc6rO7ykeld6lP - d5WPyofxIQeqjEdwXzK9TZZAS+W7JQlXJZibjBflCaWqfF1itWAWfbNqUZnQ3y+qywH9aWEBLHEy - TT2/4JydJRTKC0LyZ2EgAjngvBCp7BmZwP2g9IUarHXoR+ihTIDa86c0femYJny8ZvHieME0jBvk - NH5OvTAqkp6RIEuV7IuKtfazzX+PULHd56rYrlSx3X+hYtdzuq1K6K+r2O3/SMX+AgAA//8abcWO - 4FYsAAAA///sWk1rg0AQ/S+FHFfd9SseQhpoC73lnNtm17RQjOIH+fudcVfrmJhCC8GD4EHc2Z1x - dJ9P3rsaXVjskJYR5CasjGA3YWUEvQkrI/hNWBlBcMLKCIYTVjZE8YXFdv1aWGw3Z2Gx7eswHxbL - 7cRfWOy10s6nlHYedAMowtWlVF+tso9Gg3FoOLGGNzkwpV57vXrd3epUYO+rIGLvWCSUdS3VJ6pl - N1V0L+nTNVkmUQZ9uqnsYePQy5CXfxRKkXZspVLolnjXm/AkA1/z4zrwwiMUEscJFyLCPH0QZLgT - luJT3WkNOSqI/KkBcQZ9Mc/5RVYFclRc9K45yRhqnI/ShMG3P3PNqRtywYOUe6kvdBIpX4UxV+tQ - a09GJ56ut3rTrrLydyvxBoeZxzJ5tjIlY+ZS5TQVu0BHmHDwrXcM0mHLWCFlhR2D+S0fh10Fpy97 - FjnFGesfu57mX/HYOzX/isf+q7lXDECkjdfJWguG/5F7axzE/YTalrEkGTA7ANBC+GtT5kXqHgBm - FBpy7MZDvx+M9jsZ81jnonUllBZmFyh4/ENfoOARFf8XCr4BAAD//6K3i+lYFKC3IIDtJ6XqWpAe - WDsE6PZ0SFasBq0hhrINgBbmlyTmAFlYTMG1rNEAvqwRXQK+SBBdAt5uA3apM4vy8yCNH4hQSil0 - 3TqES4xLy4BtX3KXs6GvHYWYBTcTaFFGYnFYPnhdHWy1KjBpQVxcDWNCS12y7Qev8NeHmaujlJtY - EQQZdkHxK3hFXFGJYwnE36CFuaBVcyCfw8VRNRuh6IZqALu2trYWAAAA//8DALpA8IL+MAAA + H4sIAAAAAAAAA7xW62/bNhD/Vwh9KIbO1oNxHEVFMWSp22bLssxx2w9pENDSWWYjkRpJ+bEk//uO + elitUxdNhjUGIvKO9+Dd745368CqYCJxIkeBSEBB8ppDluieYDnono7nkLOeLEAxw6XQPUi4ycGw + XjxnIoVMpr0FKI08SMZQKNAgTHM2LrWR+cwqvA58P/BdBX+XoM1kXcC5YrHhMTg9h1v7QRD6h7jR + kM1wOzem0JHnJTCD2CTyk3SZyZjWnAlXgPHQkvFYwT3qca1L8FoFN7BG+bPJ6GLSDwYHAZIqF7QT + 3ToafSt1zAykUq3rOyS4QwnqU9r3w35wOPH9iNIoOHBpGP7sU9+3TlojBh2v1DzRSSvvYSh8url2 + s0lAx4oXNnBIPSI6Z1nWIwnXhovYkIJDDETOyFKqG9dKx1K8U9kjvSgFt+li2TVbMMOUt+Cw9Cq3 + OgcbVuDvBeEvmv8DL3NMe5mjVQsLNDlh+sbmqpwau4pmLNPQc2rBE7xXJdtz5hyBo+L5+hQWgL76 + 9z3HcERWgShxIlHiHZ0tmOz5LaNQ8hPe6IkBb6SrcFcJbMNtN5+BpLvVO8GNQQXa2di2SP29Oqvl + zCyZsnjVPC8yjg4nWzfHfFQoG4SrQfhId7+RmfYmm7wM/AN0gw5WdPD/WqmzX2ERDQbDVTD8EQZX + rcU9utqjP8JiA/D7+4dwDHbhlLaMGV+9r3sgZv/yCtGQpgpSbCsPsI5+yqysq/yrWunBLka4i3H4 + UHnd0mqqbRhV93aifoBbZrCp183w8UVVt9quuXq1OmVLploey9LeNrAN84MlcJE6kVEl3Dc91GpT + PK5jcPuAZj3Do3ouyyx5xXWRsXVTZkhGt8x7zKctvSYaCvCytrYfNvChGw732wa+HbZNm9lm7Eo4 + 3SS8UFwqbtZPDGIr7lWvwPf3cZ6zFLRnJXSrhCNhztO5qxdp18neIqVtedR5CGq6114lY1OwTcvC + dvu9Hu4IRLALo0FoIzJnelTw+JSLm9eW8woKO1uIuM1jld1lxdtQhBQjHC3YNIMxMF1jQzUr5/z0 + 3ZuTs+vTk+PR2cXoejQe/znG+2FxaQwJHpjMgZxjdxaGWLuEayJFtiZY6TyzSomR5DeuGDlXkGOp + k1Ijat2vVXyABeX4d9z3w2IaOVvljEFPuWAZphPz0ZWZ5W3TmsmoCW+F9Ay9a7sEZjYVsDldFrZs + vwPJ9RDzRPDVwptX8cu543F47PD2K4tvcBRsIdcqr20dN9PWf3K4HdnqmkEjtH3EBSxtdctMqrPa + m2lWQj9V2De6gUWSV7JOtswLHFaFabLwrZx+GZyP4vPfEUmVLAs7kr3mIsE2pwkin0wBBClKPYek + wtzJ+Mh+p0C4WFgDFkgJwaGb4LsBSWSVzalL3lh1H8Xz6vs8IpcbtVxEpEijfTdw/TsbOoxcJmOW + zaU2UeiHvjerz15XPnl0eIVC5PIC4tI2GvJWLvtGfl32injkMtCG/FUyZUCRkUixqHIM0TcEzs7/ + IEclViy5iJnYcbCO1N0ducDxr3IE18fvR9XnQ/1p02E3zStqlxNusGitaJV+XKEiYvsauSOXqKNP + sVD7wdAPaWXdwkksElfgxOymcuEtykwgwAw2AO/L81dWxeFgIxYvwc25UeBKlXpYhMwCk+M0aIvX + Oxy4c5NnVqpI8V+VB6uC4t8YcmkAr5EAGa0w3laG9MlP52mPPMvMC0LdIHApIc9S8+Il2XN9FK4Y + e+7QHZCWMegYA3ffPWjp+x1930VdLX3Y0e1yv6Nb7xp64A47Ou3otDv/LwAAAP//7FhdT9swFP0r + V0JCadamagtU6sQDAh4mDTSt217WSQ2podnSpMQJMDH++861HddpGxCMhz0AqKS+vvb1uV/HOQgG + q/FBMFiN763G91YHGK725Udn3O7Lj/1WQ0wAuCM0+hvRZncrFk3bfDt8pm/N/Nfy7ZtfX8evKGhV + 8o985WMeI/+kFHSCSojBsVgWAfWGbeK+R/UyW/3Oe4Gts+r7IHhLwJc4qmoV3UFvgALtn6gWjO74 + MyMmJ3DIk3rk4aO1zbWPO5Z8VH0IvuNf5wVJih2R7WqBf2sA9djyx1mZRwLxlQifW20HF8VFLAUD + u7xyJp6sCIGPxm23RfBJ02uDOOuGs5tYglSAm+/3++AKl4wxEqIihMwapsurKYFswb6UQsp1HEcc + x8LGMZ9B5OFFnHD3LOZhQVmEjSTdzsEzCtBeo8ioXYRSUJbTNW5UvwkXz4jzUGL1KA8v2QDQpHKR + ErOiQGUaiHMuCMyZitusUolIRiINccNg8oGt4mhOaPVg1Un8S4BXX2KXEGYvl0kcqdd9huRUBicC + +CBnmZi7s/TRYFOZyvASxYJ5eEeWPAX2yevEbGeQkbQIoRxn4ACO8TKYpP3N1aGUAmnJxsA8XEVz + cHusa9Fh3mVtCA1SuSjKPEVw40mWScHoOjZg3lYjAgZwZwdXigz+xN9xlkaI+Uk6nU4nKV/TCrqn + Y5wM/OaBDonff8a58HZ37vpDhJb+36rmRnrmIYHTGjWPheopMIfjkUqB4Tqk6fj04+nxF+rR0Zh2 + r8useD/Bj1686+sRJOE2sd+dIC/f8VFllogALN5D9Ee4WQUivWn9YGtAhqGSdrtae6oM0EYpAD3Y + 0SZP5HmbEWzRIWcO3WNlcyasNWPDH1oGHPpmA4XOslmJeCFONXe8eqkyqtVxcMKGSg5JUy23ShvV + 3Eo26rkjWavojmStpjuStaruSNbqupVsVHZHUq/twOmTevEyq0AamZkGJIMK1nPgYowMJryRCxdj + ZEAxogouxsiC4kiqnlehUhMxSBaVmoRBsqjUJAySRaUmYZAsKo5Eg2RRqUk0SE4wAa85IolDsqNp + 3miz0POtZMQf6E74dhRxHiAwywukv+kBZ7G6w5kW4NtLSz+4C+5G9FXd4rkAmWJfuQQVM4EkD1yl + QZOS9tZWnb0mHe3GrTr7TTrawVt1Dpp0tEesDnl0zh1IdSfb4VQQtLXH26rsahdzqwkTmdFSB3BA + TCTspsOmTZVLH9/UBAS61MYGxncfFsswKthv5xnF6gshBG7imZit2jwmfgYrygWquXxOnzeqy4zv + 0UxTvHC2iNMWea0/C9CQIhtZ6rGV0L6RWSeB3YL3NJntvZDM9pjM9v4HMvvSG68buM8ns38BAAD/ + /yKtMWs42pgdTo1ZAAAAAP//7Jpfa4MwFMW/y6CPcSYatQ+lK2yDvfW5b2liNxj+wSj9+rvXRGfc + 0sEehjChD6XeJLcJOT3l/FYzu5pZx5w5mu6YM0fVHXPm6Lpjzhxld8zZVNtXMzvs12pmVzO7DDNL + x6E/mNmvwTr1Bes0nmalbSPkew8HYNw/L+WeOULvgzGsHr6Tr9AXXoc+wCIcAQsnCJ6HhaJthXzD + 2MwEi7orCoGp5923QR5uHKILVfPLXBS9xl5IicDFi9rxi4gjRc9ZHPIzdJ2mW8pYguuMRbDCjbIc + T/WgFKyhofKzBxQW5GYeqqvQNdpanPQm8dQfQh68NqYMfu6LgbrhlNE4p2EeMbVNZCR5SmXGlQpF + cqF5tle7fpZNdNiwZ3iZcaQQpY0lCTEf6aDT5Ao7QlgALarASBtuGamF0LhjML633nCJ4O3jkSRB + XWL/c3pq+R3P8avldzzHt5beMQiRMsSRJQmm/yePlkbE+4Q5l6GajJidqhLLn7qmqvP7E+iPRP7G + XjyECOHpeJNxHYtOWgihsTK7SsHfH/o/lYIPAAAA//+is4tHiwKcRQG8VQF0Yjokx1WD1h9D2QZA + c/NLEqGrp9HbJrgWKxrAFyuiS8CX/qFLwJtnwK5yZlF+HqQpAxFKKYUuk4dwiXFpGbBFS+4iNYxl + phDD4IYCbcpILA7LBy+Xg60NBSYhiJOrYUxo6Uq2A8BbCvRh5uoo5SZWBEHGVFA8C17oVlTiWALx + OGjBLWgxHMjrcHFUzUYouqEawK6tra0FAAAA//8DAGMewXOVMQAA headers: - ATL-TraceId: - - 81217ba857d641bc - Connection: - - keep-alive + Atl-Traceid: + - 4b1b0525925b137d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8c2e0eb3-acb7-4b8c-9b5c-5db989a1e40d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 9a8eb77f-dfad-4ea5-944f-5fdffffbf634 - x-envoy-upstream-service-time: - - '126' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1183,174 +1019,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CNrbqIHFVmFdk+ySNJOsZImpU2FZdn/boqLH7fhneeZ - lzmB0TPtJwsK3kMYZ7XZtNRRE1r/4ZkOVs9zrx1zFCCBT5rm3rsIc0TOkGFa7W5eqvvn+ne7WwYT - J1CvK5RggocEWhqtPw7kQn0cKR64tX5po2SW3rbfCqhVKOQlvNNhBQUKnmKeClnzXCFXWc4Q8QoF - YvRnmmJv3Q//2G3NhcqkQsmK4vqHbYYH1/kISrGVZdEZ3WSUaSqx6UpZmtZoiV2DqPNcSkPZn4Jg - 14bHftKwvtPpxYYn3+g1PoG9TEDubV/B+fwFAAD//wMAwXwLMFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CPd3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsz3u+vn/d1T+7vdLWOX + JhAvK5Rhhq8ZKD1Zfxy1i+1x0unAjfWLSlK3DFZ9KyCSwLC6hLcyriBDxnJscspbbARywSqCiFeJ + xOQHPafedhj/sdsWUTAmaEP4tvhh+/HeGZ/AuqTcFMaYgjeM1Vg0iGUlWU17iaruOS81FvXfgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwCAt2bfWgEAAA== headers: - ATL-TraceId: - - 2167d4fd9080296a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 8aaed3d1bc491aa6 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f55a1f7a-0673-4423-8b45-c5db70691373 - x-envoy-upstream-service-time: - - '25' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 147dc658fe58d96a - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 75327bab-37bc-442d-8aae-3fc93d3f5678 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '109' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 8b1eea15-2b95-4677-aa13-09c4bd40d249 - x-envoy-upstream-service-time: - - '71' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1360,96 +1089,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 65876042de3b25f5 - Connection: - - keep-alive + Atl-Traceid: + - e827a970097059ba + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - bd5d22c1-efa9-422b-b5c6-3e2f17cfdd08 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '182' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 24539170-1d5a-4369-b3cb-27d3aeb97132 - x-envoy-upstream-service-time: - - '121' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to - be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/245] + be investigated and fixed:\n\nh2. Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/27] in [Security How-to|http://localhost:8080] / [1st Quarter Engagement|http://localhost:8080] / [NPM Audit Scan|http://localhost:8080]\n\n\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n| High | [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119] + || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080] | - Active, Verified |\n\n*Branch/Tag:* None\n\n*BuildID:* None\n\n*Commit hash:* - None\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - - (Fresh, < 0.5.2)|http://localhost:8080/finding/2887]\n*Defect Dojo link:* - http://localhost:8080/finding/2887 (2887)\n*Severity:* High\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n*CVE:* - [CVE-2017-16119|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16119]\n\n\n\n\nVulnerable - Component: fresh - 0.3.0\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Sept. 17, 2022 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/312]\n*Defect + Dojo link:* http://localhost:8080/finding/312 (312)\n*Severity:* High\n *Due + Date:* Sept. 17, 2022 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n*Impact*:\nNo - impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n*Reporter:* + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "High"}}}' headers: @@ -1462,53 +1197,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1949' + - '1932' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11115","key":"NTEST-926","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11115"}' + string: '{"id":"11810","key":"NTEST-1472","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11810"}' headers: - ATL-TraceId: - - 1741ae03c205239d - Connection: - - keep-alive + Atl-Traceid: + - 969a95538797323e + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 03a48559-db58-427c-bf2a-b12cf0140ba7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '772' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 1b17121f-a4e4-4ded-b08d-1963127efc0d - x-envoy-upstream-service-time: - - '442' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1518,96 +1259,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-926 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1472 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jcCpL5hOhykLXc9joO0/UAZRrE3toojeSQ5CVf6329X - tgnQhqP0YAZLa+/bs8+uxBcPlhWXmZd4GmQGGrLXAsrM9CSfgemZtIAZ76kKNLdCSdODTNgZWN5L - Cy5zKFXem4M2+A6yE6g0GJC2+dbreYIsR/izhRsD5RS3hbWVSYIggymkNlOflc9tyY0RXPoSbIA2 - bMArEcSBMKaGoDNwCVeofzQenY77L+NtlExdsF7yxTPotDYpt5ArfdUEl+EOFeIwjvrhoB8Px1Gc - bO4k4dAfbG39EsZhSDGSD3tVgTPzxBhJP4jCMIxvsm43GZhUi4oQQekeMzNelj2WCWOFTC2rBKTA - 1JQtlL70STtV8r0uHxOFgbTWEMwFLPicW65fGfEP7M6wSPXsWSM6zHajcDMattsxBrq7SrnnUaHR - 15ibS6pRPbG0Sqa8NNDzOhte4ox87XlWIDEqLLKXyBoz8SqtPmN4T0Sv1XbYuWp02NHmVsFXkb6X - wlo0QPxqtSmpP9y3Rk3tgmtKzIhZVQpkSHYvGwTXUWYwXA6Gjwm3hbl11iJdCQIWf27jPAh30HM8 - WMaDJxt2JXQseWba5wO+ou1ltP1zvpads3bxgLfNeLkZ/5y3lpymW6z19vUr9ffyQzNdsGJn51jB - PNeQY19/Q0PklCrrps0aSVobq2ZuRFygh3hn3Yvhtzaa0dFIqTHd+POSftTOC2KwFmnj7ss3MuIX - hm8KVZfZgTBVya9aFqIYgbIfsGeJma0LbnHSNoPsx3uomZI3czForGlqELfcVzXh5GL/SAIhcy+x - uqZgUg2YK3Xd9+ZkNNjp5uR91MJ1cEbrXsTrXmyuZolQWtirJwLRqQduCj9+jooZz8EEpGE6IwIF - hcgL38zz1fB5i5JuSsWeq+UEaJwQOe+lRX353XyjdUyMhpR4wc2oEuk7IS/dYXwAFZ3NMu0o5Ii1 - cO9uJFLJER7NfFLCCXDT0FK3K+/43fs3h0cX7w73R0eno4vRyclfJ5gGtpDBzPGDcQHsGOemtIz8 - MmGYkuUVw54UJRllVrHfhebsWMMM+5bVBhnmuy69n8VLNBheizAciHniNUcGFglRXjXVnUZGvHMh - eXn/o/Zm0cLraF5idN0swALmEm6+rivq2kcwubkrPJFjjfLNeXX3eP8x2q1o9RtPL/Eq1TGrM974 - 2m8vNT8VcHczaloDncTd8SphQd2tSqWPmmgmZQ39XOPIWl0PFDtQTbHVrMLLnrRtFR6q311wPsnb - v3ss16qu6ObzWsgMR5JhyHw2AZCsqk0BmePc4ckePSfAhJyTAyJNxvDSyvB0gCwhY0Xsszdk7pPc - cM+NhJ3dmBUyYVNEpEhCf9MPrwk9BK9UKS8LZWwyDIdhMG0+v3BhBfFg6xwV2dkpnWQ4U9hbtehb - 9X3lcxaws8hY9nfNtQXNRjLHxpohTA8oHB3/yfZq7Fp2mnK55sMGretrdgrYDhQIrvc/jNzjY/Po - SkKb9ryk5VhYbFxSdRTAFRpiNMLYNTtDG/0YZ1E/2o6il847USqdgz8TVoOvdB6kuehPhCQpMcHH - /Sta7N7VPieDg7CB1llZ3LaCfcmJqwKvbtTPAX7qF3ZWkp6rDD5dbcjOCeR1yRHDJf074ZI5ACl4 - SVw5BT0XeGHus+evSbHHnpX2V1Te8uMXayBEo3t4LM+hR+i4KyG7JlQ3ftNcpkUw5nmywY4Qw0Za - izI7PLgtQogxHSJocUvc/RaRf0Nit9/0//80OoIG8XC4g7TYOHDNj335WTEaixjYfyuy5/T3Baq3 - fPoXAAD//+xZbUvcQBD+K0EQtJhckrucekXsQS30g0UstWD7wXU3p4FLNuTNFnv/vc/sbvZiNNKK - iB8EOZPM7OxkZ/bZZya/MYxSgl7y+xFufuCf+5RYkoUzbeE5U2u9zGf1MkMhSqeRTXmzs7GQKn/W - ylgeCz7vABKtE5kEKpk97SVyxESTlAAwHPdROAUuLWhVkSHt4UPhulCTXDg4IZ1m7QVwqTBRjtdR - FjbKpYnyzTVhGoO97MoBa+WQ43DlBVvQTHSUAmvyuvJ+Zk7nLY+lqJexecW7opYWzzqJA40TRf1E - K4b0qnp/YMUdA9C8xmg8bNduZt6BhqgZdzoPUNaLAUHRxC4dMgm/r6ilC9bQsWgfY1LKNfqhTMPt - nHPYmwH4L5cJV/E7ThTWm/B9U4c7rbiJi34nRxbOEoLCU2M+pznjFel/kU6ibhzUIE0iYqEUvlZx - Xuq44bmoeayVzTY/xZYCCYIv/5MyamAuCfgp+7eYSJNs29na/pOCPVVyhhy+T6CDIQIdTIYEUSug - Q7cqQBoUk6dSo6fqW9W+YIiU+paUtq86pGjLpb5g35K7qmL8mk6/B6q2Pkko6zRlxG42hg5sWjuq - UmTxRApEG+yQcU51EOrLaMEmYxFc7k386BKO7+7uB2E4pXmsEmZ4RC2mwM6FoE0AzbUPrql4P8gb - VuaEc2T00baDLpU98C2l5oFgjfTlKArCYBIHfjwOxf6Uj3m0G/C9SAifTRdBvHcoDpSVzfF8M/yE - Pz3OTVlm2Ifr6kelV5fuDVbEDT1KfE9vNFoyN2espBXDeAXqKChw+fHEnXp5Rv73+xmv3+N+V+T1 - e9zvrLx2jwE5Qvc1TNHQZSMnpiVI+4l4l242aNg6B9ZC/aguZB6PzoE0nCpqs/Gokwep3ck0j+lJ - mnqjMEj7BgUvH/Q3KHgJj9+gYBAK+owDFGrjdkVjWoYB36/0VrylrwPm2seEsmJLXD1gZahh6Q81 - LH3bsOwLLHWLsyYpZKY5kOmG1OaLlL79J09RdioLt+2lQcEnIF/nW9qotbuzkbJfp3FZL8lwZ27V - eyqqeaX9aGT1bN1pbcvaxFSoqs+k6ty1HXJquVM/jGa0ftx1NrzjrRmgVme1Wv0FAAD//wMA4hAE - EtgcAAA= + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprDccMOp0OhRMQksptUnygTDMIa2lC/KdcnfyS0P+e3dP + likQZwKdZvxB0t3t27PP7q0/erCoucy91NMgc9CQHwmocuNLPgXjm6yEKfdVDZpboaTxIRd2Cpb7 + WcllAZUq/Blog3uQj6DWYEDa1dmsMVZNJ6TwKo6iOAo0fGjA2PNlDWeaZ1Zk4PmeIPtxPIgj/DBQ + TfCztLY2aRjmMIHM5uq9CrituDGCy0CCDdGSDXktwiQUxjQQdgpuYInyp+fD8Xkv7u8muORcMF76 + 0TPoW2MybqFQetnGkOMXSiRRkvSiQS/eO4+iNEnSJAqifvJjlESk1hmx6LhT80wnST5EKCLyqg17 + 9ZGDybSoCThc3WdmyqvKZ7kwVsjMslpABkxN2Fzpm4CkMyVf6+qJXjRSULp4dcVn3HIdzgTMQ+fW + nYOrrTjajge/GPE3/DzFtDdTtEq0QJPn3NxQrpprS2/phFcGfK8VPMa4nKzvlQKJo7NyeQIzQF+j + T75nBTKrRpZ4qWwwRu8BTbajbqPW6j1G9EzAV9IObpfADu4HJLmL6rUU1qIC461tE1N/d2eNmtg5 + 18RXI6Z1JdDh/EHkmA/Hsv5g0R880d0vZKaLZJ2XfrSLbiT9RdL/f6202XdcRIPxziLe+RYGF53F + 7WSxnXwLiyuCf/r0mI7xJp4m3cZELN60PRCzf3GJbCgKDQW2lUdcRz9V1bRV/lmtye6mjcGmjb3H + ytuW1q5Sw3Dd20t7se8havYNIkLkbQ+4wicAtchazz4+WiNaIzamVE2VHwpTV3y5Ij8uz7nFi6Jt + sE8v1LZ93zXssFWnqQzd64FqCMGYXH1LC0IWXmp1Q7YzDRgs1fajBh7vBS+iQdfAH8K2bjMPNzYl + PFknvNZCaWGXzwy4Ew/dLfD1fVxMeQEmJAnTKRG4UIqiDMysuOtkr3Cla3mJ95jUyXYXSsWvgZoW + 0fbhfb2zAYh4E0fjASFScjOsRXYi5M0R7RxCTbOFzDrGOB7N3d56RSo5xNGCX1cwAm5aFurVm3d2 + 8vrl8enVyfHB8HQ8vBqORn+OMD4sLoOQ4IHzEtgZdmdpGdllwjAlqyXDShcVKWVWsd+E5uxMwxRL + nTUGGRZ8ruJjLCgvuhVRNKjfp157Y2H2EP67qrpX4piIQkhePTy0moxW8DqeV+hd1yUws4WE9emm + prL9Cia3Q8wzydcKr2/F+3PH0/h4x7dfeXaDo2BHuU55a+tgNW39J4e7ka2tGTSSdJe4hDlVt6qU + Pm29ua4a6BUaO9TdwKLYoWqTraY1DqvSrrLwpfzdB+ed/PdvnxVaNTWNZEdC5tiSDEPms2sAyerG + lJA7zh2P9ul5DUzIGRkg0uQMh26G9wbkKSkrk4C9JHXv5JZ7bqXsYq1WyJRNEJEyjYLtILol9BC8 + SmW8KpWx6SAaROGkPX7l3AqT3UuUYxdjyBrqNeyVmves+rzsJQvZRWws+6vh2oJmQ1lgXU0RpS8I + nJ79wfYbLFo2zrjccLAF6/aWjXECdI7g+8GboXu8bR9dRuhjdZHS67mwWLck6hiAb6iIUWtjt+wC + dfQSbEW9eCeO95x1YpSc5YHEoTko1CycNZVEjlnsAeH985ekoh+1WJJcNodgKqyGQOkixELkRE6B + EyEVcIhHg9JOK5JzqcCnSwbpGUHRVBxRW9D/H+f+IUjBKyLHGPQM/+awHvv+iAR99l1lf0LhF0Hy + wwbQUOk+Xrsz8AkPN2myW8Jxq0Mx3XJA0BrbOmyAHSKrcHEMtQ1YvOsz6iHsPmW7XxkHa86++wcA + AP//7FltT9swEP4rERITVCRN0qZAJ8QqMSQ+MCGm8YF9wdgpzdTUUV7KJOh/33O2Y9KwsI0hxAck + VJre+Xz2vT13oeeB9/KHqP2xPwhCeEHvSIU6ovCHdCgJQtk/rnO28LH9u2M/fWinB9cC4Tv+uc+y + MvaEwygR/+dn6zff+yqrHPd4nMxjhHis7/rDTflROVWD8egh9fSQIuy2EjnJhLSXyD4Ty6RA+gIK + iMIRstKUbhnuUpcest6VEn7loD46pCp6MlMRc2N0owgZXVijF8botzPKaAzyFjcO0CwHHaWV52xK + O1EhRarJqtLDzV88yD+VoprHJnWtk2q4PG74ETjOFPATNRlU3MyBJTcEgHOG1fgRPqkCcdy+zJ3G + DwUASAchX8YulZiEP2bU1ClbUlFsWIky15g+yLnwOOEc8sZI+9fzhBsLniYq1xsDflPFne7cWEaf + ypG5Mwch96zlT9KM8ZLWfJFOoh4cNC7LRMRizZfOEVFAPNj6XzzELM0kJXpy8C0m0mSx7Wxt36dw + 4FKO4bSP8XLQhZeDYRchqglUY8scGEEBd2okWqy+ZW0TLAatz9TF2IVJfds3rUG2dqlvr7JNFStL + xmdUCjVeKKo0ZQRmNrrqM90dNSUyfybioYg6ZJxT23MiDqIpGw5EcL039KNr6La7ux+E4Yj2sUzY + 4Qm2mAw7EYK8HpwPOrimI/4kb1mRUVIkoU/OMpQdYg/wSrF5wFN1Px0FYTCMAz8ehGJ/xAc82g34 + XiSEz0bTIN47FAdKyuZgshke40+vc1O2MGjDdfVPhVcV7i1uxA09qCg8HVl0ZW7GWEE3hvUqcaN/ + wNejM3fkZQvSvz0Xefsatwcrb1/j9mDmrWuMlCP01ML0CE04cmbmjBRPhLr0bEGnrUsgU7B/rnKZ + xf1LpCBOnbUJPBoPgmojmfYxQ1HTXuQm076ngtc3+nsqeA2N31NBZyqwiAMq3uiIu6M3C+a7D7my + ZOa9SBuBdI0hfTuGbBPsUK9NsAgtXiyTXC40mjEzjsq8ANOPf6PpUpYvN+zVwqxQ7DRjxYVUg7B6 + vgwX0irf1V9Ndn22AuplYb+Wu7ORsp/ncVHNSXDjsGqElZeTUh+cRuk05qKj29/XF4drq80Cpe1q + tfoFAAD//wMAbMgBLm8dAAA= headers: - ATL-TraceId: - - 95fa6ae6260fff06 - Connection: - - keep-alive + Atl-Traceid: + - a9ea11dc300880eb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0b21e539-3b83-45c5-ae1f-dcb6ee5d29e6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '288' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 62dfea55-f50e-4025-bc01-578daac9774e - x-envoy-upstream-service-time: - - '154' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1617,91 +1364,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11115 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11810 response: body: string: !!binary | - H4sIAAAAAAAAA6xXbVPbOBD+Kxp/6LRc4jcCpL5hOhykLXc9joO0/UAZRrE3toojeSQ5CVf6329X - tgnQhqP0YAZLa+/bs8+uxBcPlhWXmZd4GmQGGrLXAsrM9CSfgemZtIAZ76kKNLdCSdODTNgZWN5L - Cy5zKFXem4M2+A6yE6g0GJC2+dbreYIsR/izhRsD5RS3hbWVSYIggymkNlOflc9tyY0RXPoSbIA2 - bMArEcSBMKaGoDNwCVeofzQenY77L+NtlExdsF7yxTPotDYpt5ArfdUEl+EOFeIwjvrhoB8Px1Gc - bO4k4dAfbG39EsZhSDGSD3tVgTPzxBhJP4jCMIxvsm43GZhUi4oQQekeMzNelj2WCWOFTC2rBKTA - 1JQtlL70STtV8r0uHxOFgbTWEMwFLPicW65fGfEP7M6wSPXsWSM6zHajcDMattsxBrq7SrnnUaHR - 15ibS6pRPbG0Sqa8NNDzOhte4ox87XlWIDEqLLKXyBoz8SqtPmN4T0Sv1XbYuWp02NHmVsFXkb6X - wlo0QPxqtSmpP9y3Rk3tgmtKzIhZVQpkSHYvGwTXUWYwXA6Gjwm3hbl11iJdCQIWf27jPAh30HM8 - WMaDJxt2JXQseWba5wO+ou1ltP1zvpads3bxgLfNeLkZ/5y3lpymW6z19vUr9ffyQzNdsGJn51jB - PNeQY19/Q0PklCrrps0aSVobq2ZuRFygh3hn3Yvhtzaa0dFIqTHd+POSfoRbbnEqNkPnx/neTLSb - GRY01jSR2S33VU05RTSXPpJAyNxLrK4B4UCb9gM2O1G6ic2ZI/NapE3uX76RUaiobApVl9mBMFXJ - r9qWQHGqAXOlrvvenIwGO92cvI9auA7OaN2LeN2LzdUsEUoLe/VEcDv1wE3hx89RMeM5mIA0TGdE - oKAQeeGbeb4aPm9R0k2p2HMlmQCNEyLnvbSoL7+bb7SOidGQEi+4GVUifSfkpTuMD6Cis1mmXdVc - LRfu3Y1EKjnCo5lPSjgBbhom6HblHb97/+bw6OLd4f7o6HR0MTo5+esE08AWMpg5fjAugB3j3JSW - kV8mDFOyvGLYk6Iko8wq9rvQnB1rmGHfstoga33XpfezeIkGw2sRhgMxT7zmyMAiIcqrprrTyIh3 - LiQv73/U3ixaeB2vS4yumwVYwFzCzdd1RV37CCY3d4UncqxRvjmv7h7vP0a7Fa1+4+klXqU6ZnXG - G1/77aXmpwLubkZNa6CTuDteJSyou1Wp9FETzaSsoZ9rnBKr64FiB6optppVeNmTtq3CQ/W7C84n - eft3j+Va1RXdfF4LmeGYMwyZzyYAklW1KSBznDs82aPnBJiQc3JApMkYXloZng6QJWSsiH32hsx9 - khvuuZGwsxuzQiZsiogUSehv+uE1oYfglSrlZaGMTYbhMAymzecXLqwgHmydoyI7O6WTDGcKe6sW - fau+r3zOAnYWGcv+rrm2oNlI5thYM4TpAYWj4z/ZXo1dy05TLtd82KB1fc1OAduBAsH1/oeRe3xs - Hl1JaNOel7QcC4uNS6qOArhCQ4xGGLtmZ2ijH+Ms6kfbUfTSeSdKpXPwZ8Jq8JXOgzQX/YmQJCUm - +Lh/RYvdu9rnZHAQNtA6K4vbVrAvOXFV4NWN+jnAT/3CzkrSc5XBp6sN2TmBvC45YrikfydcMgcg - BS+JK6eg5wIvzH32/DUp9tiz0v6Kylt+/GINhGh0D0/COfQIHXclZNeE6sZvmsu0CMY8TzbYEWLY - SGtRZocHt0UIMaZDBC1uibvfIvJvSOz2m/7/n0ZH0CAeDneQFhsHrvmxLz8rRmMRA/tvRfac/r5A - 9ZZP/wIAAP//7FltT9swEP4rUSUkmEiapE2BTohVGpP2gQkxjUlsHzB2CpGaOMobm7r+9z1nO24J - BG0IIT4goZL4zuez73z33OU3ppFL0Ca/H+PlB/65T7ElSTjXEp7TtdbHfF4vMhSilI2sy5ubjYNU - /rNmxvHY4PMOQaJVIpOISuZOe4kcMtEkJQIY0n0UThCX5nSq8JA2+ZC5LtUilw4ypNOstUBcKoyV - 47WVhbVyaax8e0MxjUFedu0AtXLQkVx5wea0EqVSxJq8rryfmbOxyxMp6kVstniX1MLi6YbjgONU - wUnRkkG9rt4fWvKGAHDeYDYG27Obmj3QFLXi7sYAynrRQyia2KUkk/D7jJo6Zw2lRTuMRcnX6Ic8 - Da8zziFvisB/tUi4st9JomK9Md83ldzpxI1d9J4cWTgLEApPzfmc5oxXxP9FOol6cVCDNImIhWL4 - WsV5qe2GcVHzWDOba36GKwUQBF3+x2XUxFxS4Cfv32YiTbIdZ3vnTwr0VMkpfPg+gA76AHQw7iNE - LYGSblUANKjqgNB9h9W3rF2CBaXtjvoY+0Cqb8slVlWM31CSe6A462KBrpQDq0edpozQzaAvYdPZ - UZUiiydCILpgR4xzqq1QX0ZzNh6J4Gp/7EdX0GVv7yAIwwmtY5mwwiNsMRl2JgRdAnCudXBNxftB - 3rIypzhHQh9tO+hS2QPeUmweANZQPw6jIAzGceDHo1AcTPiIR3sB34+E8NlkHsT7R+JQSdkazbbC - T/jT89yUZQZ9uK4eKr26dG9xIm7okeN7+qLRkbk5YyWdGOaroI6CAo8fT92Jl2ekf7ef8fo17nZF - Xr/G3c7Ka9cYIUfoVoIpGjbRyKlpCdJ9ItylGxg6bF0g1oL9uC5kHg8vEII4VdTm4lEnD1R7k2kd - 05M09UZhIu1bKHh5o7+FgpfQ+C0U9IYCizCg4rW+cUv6CGCefciVFVvg6QFIBLw1WK4G9wl9DUu/ - r2Hp24Zll2ChW5w1SSEzDY5MN6Q2X6T0679soZHVs3WatSwrEwuhmj2XqmNmm8Eoc5XGy/bRRN0n - r6++3Q1bubuDlP06i8t6QYI39qp6XUU1q/S+qeVO/TDauR2/Ozm8M9tMUNquVqu/AAAA//8DAOvZ - eg3YHAAA + H4sIAAAAAAAAA7xXbVPbRhD+Kzf60GmprTccMOp0OhRMQksptZ3kA2GYQ1pLF+Q75e7kl4b89+6e + LLtAnAl0mvEH3du+3LPP7q0/erCouMy8xNMgM9CQnQgoM9ORfAqmY9ICpryjKtDcCiVNBzJhp2B5 + Jy24zKFUeWcG2uAeZEOoNBiQdnU2rY1V0wkpvI7CMAp9DR9qMHa8rOBC89SKFLyOJ8h+FPWjECcG + yglOC2srkwRBBhNIbabeK5/bkhsjuPQl2AAt2YBXIogDYUwNQavgFpYofz4ejMbdqLcf45JzwXjJ + R8+gb7VJuYVc6WVzhwxnKBGHcdwN+93oYByGSRwnceiHvfjHMA5JrTNi0XGn5plOknyAUITkVXPt + 1SQDk2pREXC4esjMlJdlh2XCWCFTyyoBKTA1YXOlb32STpV8rcsnelFLQeHi5TWfcct1MBMwD5xb + GwdXW1G4G/V/MeJv+HmKYa+naJVogSbH3NxSrOobS6NkwksDHa8RPMV7OdmOVwgkjk6L5RnMAH0N + P3U8K5BZFbLES2SNd/Qe0GQ3bDcqrd7jjZ4J+Erawe0C2ML9gCSbW72WwlpUYLy1bWLq7+6sURM7 + 55r4asS0KgU6nD24OcbDsazXX/T6T3T3C5Fpb7KOSy/cRzfi3iLu/b9Wmug7LqLBaG8R7X0Lg4vW + 4m682I2/hcUVwT99ekzHaBtP43ZjIhZvmhqI0b+8QjbkuYYcy8ojrqOfqqybLP+s1nh/20Z/28bB + Y+VNSWtWqWC46u0l3Qin3GJRb4rh05OqKbWb4ho06jSljBseqZpuG1HBfEsLQuZeYnUNCC0qtW8w + GpQ4jXNOH+nXIm1Q+fhojXxFYVOousyOhalKvlwlHoVLA16WcvtRAY8O/Bdhvy3gD2Fbl5mHG9sC + Hq8DXmmhtLDLZ4LYigfuFfj6Oi6mPAcTkIRplQhcKERe+GaWbyrZK1xpS17sPSZ1vNtepeQ3QEWL + aPvwvd7bAkS0jaNRnxApuBlUIj0T8vaEdo6hot5Cpm3UXCznbm+9IpUcYGvBb0oYAjcNE/Rq5F2c + vX55en59dno0OB8NrgfD4Z9DvB8ml0FI8MC4AHaB1VlaRnaZMEzJcskw00VJSplV7DehObvQMMVU + Z7VB1vqfy/gIE8oL70QY9qv3ide8WBg9hH+TVfdSHAORC8nLh4dWndEKXsfrEr1rqwRGNpewPl1X + lLZfweSmiXkm+Rrh9at4v+94Gh83fPuVp7fYCraUa5U3to5W3dZ/crht2ZqcQSNx+4hLmFN2q1Lp + 88abm7KGbq6xSmwaFsWOVRNsNa2wWZV2FYUvxe8+OO/kv3+HLNeqrqglOxEywzJnGDKf3QBIVtWm + gMxx7nR4SN8bYELOyACRJmPYdDN8NyBLSFkR++wlqXsnd9x3J2GXa7VCJmyCiBRJ6O/64R2hh+CV + KuVloYxN+mE/DCbN8WvnVhDvX6EcuxxBWlOtYa/UvGvV52WvWMAuI2PZXzXXFjQbyBzzaooofUHg + /OIPdlhj0rJRyuWWgw1Yd3dshB2gcwTHR28G7vO2+bQRocnqIaXhWFjMWxJ1DMARKmJU2tgdu0Qd + 3RhLUTfai6IDZ50YJWeZL7Fp9nM1C2Z1KZFjFmtAcP/8FanohQ2WJJfOwZ8Kq8FXOg8wETmRU2BH + SAkc4FG/sNOS5Fwo8OuCQXqGkNclR9QW9P/HuX8MUvCSyDECPcO/OazLvj8hwQ77rrQ/ofALP/5h + C2io9BCfvhl0CA/XabI7wnGnRTHZcUDQGts5roEdI6twcQSV9Vm032FUQ9h9yra/IvLXnH33DwAA + AP//7FltT9swEP4rERITVCRN0qZAJ8QqMSQ+MCGm8YF9wdgpzdTUUV7KJOh/33O2Y9KwsI0hxAck + VJre+Xz2vT13oeeB9/KHqP2xPwhCeEHvSIU6ovCHdCgJQtk/rnO28LH9u2M/fWinB9cC4Tv+uc+y + MvaEwygR/+dn6zff+yqrHPd4nMxjhHis7/rDTflROVWD8egh9fSQIuy2EjnJhLSXyD4Ty6RA+gIK + iMIRstKUbhnuUpcest6VEn7loD46pCp6MlMRc2N0owgZXVijF8botzPKaAzyFjcO0CwHHaWV52xK + O1EhRarJqtLDzV88yD+VoprHJnWtk2q4PG74ETjOFJgUNRlU3MyBJTcEgHOG1fgRPqkCcdy+zJ3G + DwUASAchX8YulZiEP2bU1ClbUlFsWIky15g+yLnwOOEc8sZI+9fzhBsLniYq1xsDflPFne7cWEaf + ypG5Mwch96zlT9KM8ZLWfJFOoh4cNC7LRMRizZfOEVFAPNj6XzzELM0kJXpy8C0m0mSx7Wxt36dw + 4FKO4bSP8XLQhZeDYRchqglUY8scGEE1AwTmW6y+ZW0TLAatz9TF2IVJfds3rUG2dqlvr7JNFStL + xmdUCjVeKKo0ZQRmNrrqM90dNSUyfybioYg6ZJxTK3UiDqIpGw5EcL039KNr6La7ux+E4Yj2sUzY + 4Qm2mAw7EYK8HpwPOrimI/4kb1mRUVIkoU/OMpQdYg/wSrF5wFN1Px0FYTCMAz8ehGJ/xAc82g34 + XiSEz0bTIN47FAdKyuZgshke40+vc1O2MGjDdfVPhVcV7i1uxA09qCg8HVl0ZW7GWEE3hvUqcaN/ + wNejM3fkZQvSvz0Xefsatwcrb1/j9mDmrWuMlCP05MD0CE04cmbmjBRPhLr0vEKnrUsgU7B/rnKZ + xf1LpCBOnbUJPBoPgmojmfYxQ1HTXuQm076ngtc3+nsqeA2N31NBZyqwiAMq3uiIu6M3C+a7D7my + ZOa9SBuBdI0hfTuGbBPsUK9NsAgtXiyTXC40mjEzjsq8ANOPf6PpUpYvN0DWwqxQ7DRjxYVUgzA7 + 45WpVvmu/mqy67MVUC8L+7XcnY2U/TyPi2pOghuHVSOsvJyU+uA0SqcxFx3d/r6+OFxbbRYobVer + 1S8AAAD//wMAGyGvgW8dAAA= headers: - ATL-TraceId: - - 533543de65b1b888 - Connection: - - keep-alive + Atl-Traceid: + - b0c781ec1efdf330 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:08 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a17ee7dd-e268-4220-92be-9a21944ede41 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 809e30b3-f6f1-478d-89b6-4e1453ebb8bb - x-envoy-upstream-service-time: - - '148' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml index d0db53d98f6..6a0a14f2d82 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0m3W3EQPKrIK2z3JIkk6wUralCYVlmX/uykuftyGd55n - XuZEjI64nzxR5D2lMarVqkWHNrXhI1CdvI6x0wMdMJGCfOIUuzBkmAEwChTK3fbmZXf/3Pxut3Nv - 8kTU6wIVUMChIC2OPhx7HFJzHDEfuPVhbrNk5s633wpRi7CWl/BOpwXkwFkJVcllwyoFTImKAsAV - cIDsR5xyb9P1/9hNw7gSUrGKMnH9w9r+YXAhg5JvZL12RluBQmMN1tWyNq3REpwF0FUlpUHxpyD5 - peGxmzRZ3nF69ukpWL3EJ+IvE8Hhbb8j5/MXAAAA//8DALkQcZdaAQAA + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTNG1qbqIHFVmF7Z5kkbRJsJImpU2FZdn/boqLH7fhneeZ + lzlBq2aznxxIeI9xnOVmo401XdThIxAVnZrnXnniTYQMPs0098EnmCJSggTz3fbmZXf/3Pxut8vQ + pgnk6wplmOEhA21GF46D8bE5jiYduHVh0Ulql97pbwVkEhiWl/BOxRVkyFiOdU5Fg7VEIVlJEPEq + kZj82Uypt+mHf+x1gygZk4wTzukP2w0P3oYEVpwKW1hrC1EzVmFRI/JSsYp2CnXVCcENFtXfgujW + hsd+UrC+Y9Xi4lPo1BqfwF0mMP5tv4Pz+QsAAP//AwDyy6c+WgEAAA== headers: - ATL-TraceId: - - 64bd0ae55713089d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - ea727201c303de77 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fcae7ded-db01-411d-bdba-6dddd43619b9 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 86b062f5d349fc49 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6cf102e5-9bc0-4fe3-97d5-740e6d007c88 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '123' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 67f5b1a2-e4a2-4c62-87bf-7b9662c5d84a - x-envoy-upstream-service-time: - - '64' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - c0bd1c0730a33550 - Connection: - - keep-alive + Atl-Traceid: + - 5708f9ac531fe24d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 29159cb2-b0d2-4e62-af73-17d08a6473d0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '186' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3326d596-fc59-4de8-a34c-6c87f012d1c7 - x-envoy-upstream-service-time: - - '91' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2889]\n\n*Defect Dojo link:* http://localhost:8080/finding/2889 - (2889)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/707]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/314]\n\n*Defect Dojo link:* http://localhost:8080/finding/314 + (314)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/116]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11116","key":"NTEST-927","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11116"}' + string: '{"id":"11811","key":"NTEST-1473","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11811"}' headers: - ATL-TraceId: - - 65d09d025bfef3c5 - Connection: - - keep-alive + Atl-Traceid: + - f36b96d813f48da9 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 59dc9968-1ed8-488f-bef5-0fb3f910241f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '512' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3b48ef2d-abaf-43c8-a00f-afcedce45df8 - x-envoy-upstream-service-time: - - '527' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-927 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1473 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/WGldAMaSO22VL08x2GqBpYdDSWWYskQJJWfba/Pcd - KSlOkzlr0wRIxCPv/bmH/OLApqA8cSJHAk9AQvKGQZaoDqc5qI6Kl5DTjihAUs0EVx1ImM5B0068 - pDyFTKSdNUiFe5CMoZCggOv6rNNxmLHs488LXCjIFrhcal2oyHUTWECsE3EtelRnVClGeY+DdtGG - dmnB3MBlSpXgtgZWsEX9s+loMu2+DA5RsrDBOtEXR6HTUsVUQyrktg4uwRUqBF7gd72wGwymfhD1 - DyP/t54X+r96geeZGI0PvS3AmnlijEbf9T3PC26zbhYJqFiywlQEpUdE5TTLOiRhSjMea1IwiIGI - BamEXPWMdiz4hcy+JwoFcSnBXTOo6JpqKn9X7B94lWOTyvxZLTpJXvle3x80yykG+mqXcscxjUZf - U6pWpkflXJuvaEEzBR2nteFE1shNx9EMgVFgk52Il5iJU0hxjeE9sXqNtq2d7UZbO7O40/BdpBec - aY0GDL4abZPUX/asEgtdUWkSUywvMoYISe5lg8W1kAkHm3DwPeE2ZW6cNZUumCks/tytc+gZVAbh - JgifbNi20KLkmWr+P+LLf7HB2fgpX5vWWfPxiLd+sOkHP+etAadqP/Z6u7kx8735ULMLduzqM3Yw - TSWkONcPYIiYEllZj1ktiUulRW4pYoYekDD2bAwe2qipo5aawbT050RdH5dUIyvWpPPjeK8Z7ZbD - 3NqaNGC2n0NRmpx8w0uXRsB46kRalnDTUJUxJllcZ/rlgcwEhkfVUpRZcsxUkdFtMwAoxqj0B6QL - MxRNMSRgrmbqHvJk2Hsx6Lc8eb9q3r5y+vs2gn0b/R2XMCGZ3j6xuK26G/4Yj7KcpqBco6FaIwwF - mah6ap3uuOdUVC1HhY4t5xwMmRho3kvKTOV/Zuvvw6E/MGkvqRoVLD5lfGWv4mMozM3M47aLtreV - 3buVcMFHeDHTeQZjoKpGhmy+nPPTi7cnZ7PTk+HobDKajcbj92NMAwdIYd54YLoEco6syTUxfglT - RPBsS3AiWWaMEi3In0xSci4hx6klpULM9uyM3s/iJRr0vjLPC6/7kXNvZLGyKeM0w55h0XczZvbu - y5p3RVNei/MMo2uZANuXcrg9XRZmZr8Dx/VL4YkIq5Vvb6tvL/cfA90OVa9pvMKHVIus1njta9g8 - aX4q4PZd5LbPk6C9XDkYRMciE/KsjmaeldBNJbLG7nEgyLGomy3yAp96XDddeKyn3xbnE9/9HkyZ - zuAgIlcfaeFHZCjEigG5ZBpZS5OJvTzIm4ymX02umGomYpothdLRwBt47oLxBInRDQaDl5+txWNb - CwzzWhCDkuiA/L8qeW7+/mINTADxhtyBijjlVjS8HOHqgq+4qHaxDz88kB6cS5GU+IoZ8RQnKsf6 - uFMsB567ssmgXfKHqLpa7EmoaAwEn4lLrnylyd8llRok2Zncowo7n77V/nh0TiYx5XvOm7eTe+gd - 1nV7LSmPl+6UphjsGba2lpYsS06O74qGIs+ZJkhPyztiU7it0pArzD0pBENkHERWbutvYJpTxhXT - 0EPwRGHY37e3T+4m6HMuqEzaHtz24ngHMeP1iMQ1kjBKMgfgRIEmVQMrjSxXv0vIAqHVIdWSxUuS - A+UKN2l9orGA9UMLhMYxsiQkZM0oKRH4sdwWSDN4jHOoL9yeCWWM+EMCjSFqcVdVVU9UVBU9IVMX - UQebXrEsLDAQgLOFkLPamZpRjdf3vMTWzJ6/vzyanHcn77p4MVpoXoxPa6OPFeYdYJJJRN6Opp84 - cjkOLqInIqJYx5/4aM3MFYLBTUB363Fr9v4FAAD//+xZ22rbQBD9FWEIJCGStbLlS6GkphfoQ0to - oIW8raVNLKobWslpcf3vPbO73jiK5Za0BD8YQlh7LzM7O3PmzPhfBcRZEncJ0HN7BHQfSyuWCf5L - baMuEU/XKcf4hAR+p8pQ8otvC5FTeDvcPm+BKhV6wCFImWQpnCTHi2Rqj1NUlAM5ZiWlIKS/7yK/ - IP/IHQSBJlcOT+/5T3I0p+TKSRqJh3XgOVt+gko0F6mHOJbkedbPtjyRZJGjQr7RT24UpPNkAy/d - qafyvPOPWcmjmu75uXAS9cEBnpC5lPXPr2tRSkrhldA4I/RiE9nWdVXkAvTcERvCaLPrty4bGIOi - ti8IjwjSTjkeNj9zTs9+4THTungFLHnKEFkXQ2TDrolwmw/UFfKior9EaFtLfbu0PdHFu3zLu5Tp - FcvcvdDWA+2J6WYC8cqjBWHujrKknQdlk2WcEnjvT9mObEh0vKieme2Jll0Cs6iIQCEV3vLhIGbz - ydAP57jAeDxlQTAicmEXQcKeZYIeeBbHkIGM33vQwTWl3RsLcXTo3vpae7wHaqGWKYDRw37IAjYU - zBeDIJ6OokEUjlk0CePY56NbJiaX8Wt1yslgdhJ8wJ/e52Y8N7nPdfVX0mukew+LuIFHzu6VzTxN - IjKZW3IuyWLYj8iqE3BnDN9duSOvzEn/duF++Bq3y//D17jdQjh0jQE9sa6iDT/eZppXpvdF8UTg - rCt1DV83wFcsf99URSn6N0CcaPEQeNSywqyNZJJjmm+GWlcGcY9Q8PKPfoSCl9D4CAWdUGAJBVS8 - 0xG3om63Gfs4t6h5itEOagTe1Vute08nujpzfldnzredufaEpXAiXyZVkWsuZAr/xvz0oj/+zRWW - Rf3fWqr6LHsmBKEc/Fqo5tCmDwrX0hqvNkODus+Wr36k6m/Ovehl/McXIZuUDt66q2rrVPWs1vem - 3jK1fujm9vvHm4NHu80Gpe16vf4NAAD//wMAxparBcEbAAA= + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZmtN3uJI2AYutjdsgVZljgp0LQIaOossaZIjaRie23/+456 + sVOn7pYMKwIkEo/3/tyjy3sPViWVqZd4GmQKGtKXHERqepIWYHqG5VDQnipBU8uVND1IuS3A0h7L + qcxAqKx3D9qgDNJLKDUYkLa9yypjVTF3Bu+iMIxCX8OfFRg7XZdwoSmznIHX87jzH0WjKMIXA2KO + r7m1pUmCIIU5MJuqd8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGCN+ufTydW0Hw2PBnhUh2C85L1n + MLbKMGohU3rd5JDiG2rEYRz3w1E/Op6GYRLHSfy9Hx+PvgvjMHRBOicWA6/NPDNIpx9gKcJ4k3b7 + koJhmpeucHj6gpiCCtEjKTeWS2ZJyYEBUXOyVHrhO22m5LUWT4yikty1i4o7ek8t1cE9h2VQh7UN + sBVF4SAa/Wj4X/BDgW2vCvTqYIEup9QsXK+qmXVPyZwKAz2vUTzFvGrdnpdzBI5m+foM7gFjDT/2 + PMsRWSWixEtkhTl6OzAZhPsEUScotXqHqT6zE6123Ye6s10f3MsD9GzTvZbcWjRgvI1vB+Hf6rtG + ze2Sagdkw4tScAw43SkJNqqG33C0Go6eGO4XWtZlsmnYMDzCMOLhKh7+v14aWNQgRYfR4So6/BoO + V53HQbwaxF/DY4v8jx8fwzHu4Djnq5uGA7HJt2+x6VmmIUNaeYR1DEeJqpnyz4I8PtonGO0THD82 + 3lBac+oIo2ZvL+lHLY+5qmjOmjjePzpzWMWETa4qkY65KQVdt4jGYyyvvcHSOZS3LqjFD0VDsE+f + x4a+t4QdNOa0m7b68URVroJ18K/cAZeZl1hduWiYBkzWjfBjAh/6x8dHHYHvlm0fzcQbmtkVbBq+ + KxhsiYkrze36mZXo1IPh0wieFzQDEzgN0xnheCDU0jf32ZbIztSyI7yhV7dyBo6ZHGh3v9aHe7KN + 9iE0Grm0c2omJWdnXC5eOskYSrdZSNYhqMbVspZtTqSSE1ws6EzAJVDToFK3T97F2fXPp+d3Z6cn + k/Oryd3k8vL3S0wDR8tg3nhhmgO5QAqWlji/hBuipFgTHGcunFFiFfmVa0ouNBQ4z6QyiC//c2Md + 4Th54QcehqNSJ97OMGNlMy6pwJ5h0bdD5mS7Z+1e1Ja3RrnA6DqOwPZlEja3q9IN7b/AcbPCPBNh + jfLm0/fp1vE00G1R9RNlC1wEO2R1xhtfJ+2u9Z8C7ha2oNub4u5LLcEhmimh9HkTzUxU0M80MtZ2 + XVFkrJpmq6LEVVXatgtf6umnxXkjtz8HU24FHCTk9jUto4ScKLXgQF5xi4xpyRWwSgN5KWj2weWK + qQrFqMiVsckoHIXBnMsUSSwYRMO3tcFxXQqM8p0iDiTJAflHTfIN/vq2Vr/C9coRB6rhiLdBjisg + Y8wHD8fAfBId9ojD1iaLk1cTlN3in/5hNKxDdW1hS/ALbjX4SmcBopK6TnHcgRyaA7zq57YQdeCN + nRtn51oupFo+rNKFVmmFX9WJzHBOC6x6MMUiO591iTBg8ota9q3aU6ayNRC/JQG5jYwlf1RUW9Bk + a3KPKmx9RrX26xcX5IpRuee+W+/wX4jDTVYP8rhaGwuFwTzSUnHEzkFSn9ctchUrKJeGW/ARXlgw + k88U1em+G4/sj7dAc5ZfENbgCamUzAAkMWDJsgWXRa4zDcDmCLAeWeac5aQAKg0KaXOjtYD5vpEz + IJQxJEtIyT2npEL8M70ukW3w3t8AAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSFFlYog6DY + TmMaS8Y/6o4u/3vfSYrqeHU3yij5EMgHJ5JOT2fdu3cXzmOV850Gogu861tZxRGg61XM6YJZzNgV + KPJwIiChY0FXWQlfijyVayyREwUzjBbEgGDfu5ifEDAYT0pLCQuLrWv2i45oZUyiqwpcbYtxqwEQ + JRqP1w7eeEFnNidUPvjJyQm0G/kICDTCYguRDBYVHPQi0saZG6e/RDAimcBldHp9X+q6dkTNikxG + BaIwfnCyVSZvNDaZw+Zc7z1nJZTUosKdmve/X0+vZvbVhQ2dIIPVbJIJusoUDX0WpQk/tvrHv3FR + 1qX4iGv4p2TxuiSLN+waCJoJqkTJfSe1E6m71lTXTG0PGCEgXS7VzcsTu4SBa6TrTi5t8217ldG1 + cCcLVxTLirSLKk0ZZZTe3+iXfEj6UORvTD+kE84RPaRAv0VnwZINB5G3mAzdYAGM4/Gp5/sjynZm + EnZ4ZVpML3gaRdgDKaj3jMHWNcgnc8nI6KvVowoBB7lOTpPsoyuYwPO9Yey58cCPTkfhIAzGXjgJ + oshlo6UXT86jM2nlaDA98r/io9bZKeOaNm1b/VQ4VWHX8IjtO8THTlYt1klILrMzxgryGNbL9AAx + h8fPM3vkZJzwtyvR/UfcLmX3H3G7FN53xKCeSJWUWrA1tc9Md3YonoisVZmn6OsGwg3Tv1S5QMl+ + AyoKV8+BRw0ZjJpIpn10f0prvVwz7oEK3v+lH6jgPRAfqKCTCozyAMRbFXGP1MvVzy7sipLpFnVb + iXR1hNyujpBrOkLtAaPUYn6f5IIrVaMLzkr/F6G+/hNSkSoLj9tHTXZvILjG3ygftnZPeil7uIyL + ak2GG3vL8j4vp6XCcS/K/9f/U8aMUeyFSuiHkN2RbROSuprUc6AtDZBdtP4OXL1Aumez2TwBAAD/ + /wMA4aiPhfoaAAA= headers: - ATL-TraceId: - - 96bc593a5f834445 - Connection: - - keep-alive + Atl-Traceid: + - 82782e5886d02974 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ffe60c0b-9632-44e0-988f-7df2812fc9d2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '246' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 30286360-60b3-47a3-a9fb-fb0f184ad71b - x-envoy-upstream-service-time: - - '239' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11116 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11811 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/WGldAMaSO22VL08x2GqBpYdDSWWYskQJJWfba/Pcd - KSlOkzlr0wRIxCPv/bmH/OLApqA8cSJHAk9AQvKGQZaoDqc5qI6Kl5DTjihAUs0EVx1ImM5B0068 - pDyFTKSdNUiFe5CMoZCggOv6rNNxmLHs488LXCjIFrhcal2oyHUTWECsE3EtelRnVClGeY+DdtGG - dmnB3MBlSpXgtgZWsEX9s+loMu2+DA5RsrDBOtEXR6HTUsVUQyrktg4uwRUqBF7gd72wGwymfhD1 - DyP/t54X+r96geeZGI0PvS3AmnlijEbf9T3PC26zbhYJqFiywlQEpUdE5TTLOiRhSjMea1IwiIGI - BamEXPWMdiz4hcy+JwoFcSnBXTOo6JpqKn9X7B94lWOTyvxZLTpJXvle3x80yykG+mqXcscxjUZf - U6pWpkflXJuvaEEzBR2nteFE1shNx9EMgVFgk52Il5iJU0hxjeE9sXqNtq2d7UZbO7O40/BdpBec - aY0GDL4abZPUX/asEgtdUWkSUywvMoYISe5lg8W1kAkHm3DwPeE2ZW6cNZUumCks/tytc+gZVAbh - JgifbNi20KLkmWr+P+LLf7HB2fgpX5vWWfPxiLd+sOkHP+etAadqP/Z6u7kx8735ULMLduzqM3Yw - TSWkONcPYIiYEllZj1ktiUulRW4pYoYekDD2bAwe2qipo5aawbT050RdH5dUIyvWpPPjeK8Z7ZbD - 3NqaNGC2n0NRmpx8w0uXRsB46kRalnDTUJUxJllcZ/rlgcwEhkfVUpRZcsxUkdFtMwAoxqj0B6QL - MxRNMSRgrmbqHvJk2Hsx6Lc8eb9q3r5y+vs2gh1lMCGZ3j6xhq26G/4YXbKcpqBco6FaIwwFmah6 - ap3uKOZUVC0Vhc7Nw0T6bSIZnYMhEwPNe4fMVP5nGfx9OPQHph5LqkYFi08ZX9mr+BgKczPzuO2i - 7W1l924lXPARXsx0nsEYqKqRIZsv5/z04u3J2ez0ZDg6m4xmo/H4/RjzwwFSWBA8MF0COUfW5JoY - v4QpIni2JTiRLDNGiRbkTyYpOZeQ49SSUiFme3ZG72fxEg16X5nnhdf9yLk3sljylHGaYTOxG7sZ - M3v3Zc27oimvxXmG0bVMgH1NOdyeLgszs9+B4/ql8ETo1cq3t9W3l/uPoXEHt9c0XuFDqoVca7z2 - NWyeND8VcPsuctvnSdBerhwM1GORCXlWRzPPSuimEllj9zgQ5FjUzRZ5gU89rpsuPNbTb4vzie9+ - D6ZMZ3AQkauPtPAjMhRixYBcMo2spcnEXh7kTUbTryZXTDUTMc2WQulo4A08d8F4gsToBoPBy8/W - 4rGtBYZ5LYhBSXRA/l+VPDd/f7EGJoB4Q1JBRRx/KxpejnB1wVdcVLvYhx8eSA/OpUhKfMWMeIoT - lWN93CmWA89d2WTQLvlDVF0t9iRUNAaCz8QlV77S5O+SSg2S7EzuUYWdT99qfzw6J5OY8j3nzdvJ - PfQO67q9lpTHS3dKUwz2DFtbS0uWJSfHd0VDkedME6Sn5R2xKdxWacgV5p4UgiEyDiIrt/U3MM0p - 44pp6CF4ojDs79vbJ3cT9DkXVCZtD257cbyDmPF6ROIaSRglmQNwokCTqoGVRpar3yVkgdDqkGrJ - 4iXJgXKFm7Q+0VjA+qEFQuMYWRISsmaUlAj8WG4LpBk8xjnUF27PhDJG/CGBxhC1uKuqqicqqoqe - kKmLqINNr1gWFhgIwNlCyFntTM2oxut7XmJrZs/fXx5NzruTd128aCw0L8antdHHCvMOMMkkIm9H - 008cuRwHF9ETEVGs4098tGbmCsHgJqC79bg1e/8CAAD//+xZ22rbQBD9FWEIJCGSJdnypVBS0wv0 - oSU00ELe1tImFtUNreS0uP73ntldb2TZcktagh8MIay9q5nR7MyZM+N/VRClcdSlQO0dUNAtlk4s - Y/wXykddKnbPycD4hMr+INtQiotvC55RelvMXG+OLhV2ICDImHjJrTjDjaTyGSsvqQYy7AoqQSh/ - 33l2RfGRWUgCRa4sljyynxRoVsFkkNQCF2shchpxgk4044mDPBYUeSbOGpFIuihQoV/bJzYGkjxR - I0r32ikj7/JjWrCwovf8nFux/GABT8hd0vuXtxUvBJXwkiuc4eqwzmwTujJzAXr2yBvCabPbt7Y3 - 0A5Fb58THhGknTNcbHZhnV/8wmUmVf4KWLLLEL0uhugNuzaCJh+oStRFSX+J0LaOuuZoe6OLd7mG - d0nXS/q5/6DpB9ob083GFqdp1z0kMwsXBMiqRoo6TRkV8N6fqh35kOh4Xj6z2hMtuwZmUROBRiq4 - Z8NB5M0nQzeY4wXG46nn+yMiF+YQNBw4xumCZ1EEHaj4vScbbN3avTEQR0IP9tcq4h1QC3lMAoxa - 9gPP94bcc/nAj6ajcBAGYy+cBFHkstG9xyfX0Wsp5WwwO/M/4E89Z6cs07XPttVXwqmF/QiP2L5D - we4U9TyJQ3KZXTAmyGN4HplVxeDOWL67sUdOkZH97cb9+C1ut//Hb3F7hHDsFgN6ItVFa37cZJo3 - evZF+UTgrDp1BV93wFccf1+XecH7d0CccPGUeDSywq7JZNKjh2+aWpcacU9Q8PKXfoKCl7D4BAWd - UGAIBkx8UBm3omm3XruQm1cswWoPNQLv6q3Wvd2NrsmcayZz7Q0z6WpvGArHs2Vc5pmiO7rxr/VP - L+rjX70CukspYbVZahR8BvI1fjTqb+Re9VL24wsXdUKCG7rlmKWsZpWyY5lX/220q2QZmVCFtvRr - LodUm3kszZZp9EMajR3bxvpb1uoHpHfW6/VvAAAA//8DAK61tMTBGwAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZmtN3uJI2AYutjdsgVZljgt0LQIaOossaZIjaRie23/+456 + sVu77pYMKwIkEo/3/tyjyzsPViWVqZd4GmQKGtLnHERqepIWYHqG5VDQnipBU8uVND1IuS3A0h7L + qcxAqKz3ANqgDNJrKDUYkLa9yypjVTF3Bu+jMIxCX8OfFRg7XZdwpSmznIHX87jzH0WjKMIXA2KO + r7m1pUmCIIU5MJuqt8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGCN+pfTyc20Hw1PBnhUh2C85J1n + MLbKMGohU3rd5JDiG2rEYRz3w1E/Op2GYRLHSfy9H5+OvgvjMHRBOicWA6/NPDFIpx9gKcJ4k3b7 + koJhmpeucHj6jJiCCtEjKTeWS2ZJyYEBUXOyVHrhO22m5K0Wj4yikty1i4p7+kAt1cEDh2VQh7UN + sBVF4SAa/Wj4X/BDgW2vCvTqYIEup9QsXK+qmXVPyZwKAz2vUTzHvGrdnpdzBI5m+foCHgBjDT/0 + PMsRWSWixEtkhTl6OzAZhIcEUScotXqLqT6xE6123Ye6s10f3MtH6Nmmeyu5tWjAeBvfDsK/1XeN + mtsl1Q7Ihhel4BhwulMSbFQNv+FoNRw9MtwvtKzLZNOwYXiCYcTDVTz8f700sKhBig6j41V0/DUc + rjqPg3g1iL+Gxxb5Hz7swzHu4DjnqxcNB2KT795g07NMQ4a0sod1DEeJqpnyz4I8PjkkGB0SnO4b + byitOXWEUbO3l/SjlsdcVTRnTRzv9s4cVjFhk6tKpGNuSkHXLaLxGMtrX2DpHMpbF9Tih6Ih2MfP + Y0PfW8IOGnPaTVv9eKYqV8E6+JfugMvMS6yuXDRMAybrRnifwIf+6elJR+C7ZTtEM/GGZnYFm4aX + mivN7fqJCXfqwfBxPM4LmoEJnIbpjHA8EGrpm4dsy1cXatnx2tDbR2486BIRdAaOmRxod7/WxwfK + EB1CaDRy9cipmZScXXC5eO4kYyjdZiFZh6AaV8tatjmRSk5wsaAzAddATYNK3T55Vxe3P59f3l+c + n00ubyb3k+vr368xPxwtgwXBC9McyBVSsLTE+SXcECXFmuA4c+GMEqvIr1xTcqWhwHkmlUF8+Z8b + 6wjHyQvf8zAclTrxdoYZS55xSQU2E7uxHTIn2z1r96K2vDXKBUbXcQT2NZOwuV2Vbmj/BY6bFeaJ + 0GuUN5++T7eOx6FxC7efKFvgIthBrjPe+Dprd63/FHC3sAXd3hR3X2oJDupMCaUvm2hmooJ+ppGx + tuuKImPVNFsVJa6q0rZd+FJPPy3Oa7n9OZpyK+AoIXevaBkl5EypBQfykltkTEtugFUayHNBs/cu + V0xVKEZFroxNRuEoDOZcpkhiwSAavqkNjutSYJRvFXEgSY7IP2qSb/DXt7X6Da5XjlFQDWe/DXJc + ARljPng4BuaT6LhHHLY2WZy9nKDsDv/0j6NhHaprC1uCX3CrwVc6CxCV1HWK4w7k0BzgVT+3hagD + b+y8cHZu5UKq5cdVutIqrfCrOpEZzmmBVQ+mWGTnsy4RBkx+Ucu+VQfKVLYG4jckIHeRseSPimoL + mmxNHlCFrc+o1n717IrcMCoP3HfrHf4LcbzJ6qM8btbGQmEwj7RUHLFzlNTndYtcxQrKpeEWfIQX + FszkM0V1eujGnv3xFmjO8jPCGjwhlZIZgCQGLFm24LLIdaYB2BwB1iPLnLOcFEClQSFtbrQWMN/X + cgaEMoZkCSl54JRUiH+m1yWyDd77GwAA///sWe9r4kAQ/VeCULDQpEk0ag9KT7g7uA/lpIUrlANZ + k1ilZjfkR9Oj5//eN7vrNqamd5Sj+EHwQzSbmbeTnTdvRs5jVfOdGqJLvOs72cURoJtFzOmAWczY + FWjysCMgoW1BV1lLPhdZIp+xREYUzHA3JwYE+97H/ISAwfiysJSwsNiqYr9pi1bKJLoyx9G2GLdq + ANGi8Xjl4I3ntGezQxWDX5yCQN4oRkCgEeYbiGQwLxGgnUhre67t/grJiGKCkNHu9XmpqsoRFctT + mRXIwvjRSRepPNFwMoXNqfY9ZQWU1KzEmZp2f9yMryf29aWNuiuT1ThJBR1lyoYui5IlP7a6x39w + UFaF+IRj+FqyeG2SxevX61CBzvpeSiQScc2lQYsNt/WGEQIy5FL27F7YJgxcI123ammTbxE1Fi4o + ZXcKEtfo3LxMEkYVpfM3+qUYkj4U2TvLD+mEC2QPKdDv0XkwZ/1e5M1GfTeYAdNweOb5/oCqnVkE + D28si+kFj6MIPlCCOi8YbN2DfDaHjIy+2T2qFHBQ6+QyyT66gwk83+vHnhv3/OhsEPbCYOiFoyCK + XDaYe/HoIjqXVo564yP/Gz7qOTthXNOmbaufcqfM7QoRsX2H+NhJy9lqGVLI7JSxnCKG52V5gJjD + 5ZeJPXBSTvibnej+I262svuPuNkK7zticFKkWkot2OraZ6InO5RPRNaqzVO8dgvhhuVfy0ygZb8F + FYWLl8SjgQzumkwmP3o+pbVephn3QAUf/9IPVPARiA9U0EoFRnkA4p3KuCea5eprF3ZFwfSIuqk8 + 2iZCrpkINW+YCUvzhlFqMX9YZoIruaMbzlL/F6G+/hNSkSgLT5tLTXbvILja3yinG7snnYQ9XsV5 + uSLDNd+yvc+KcaFwPIji/83/lDFjFL7QCf0UcjqyGULSVJNmDuTSANlG62/B1Q/I8KzX62cAAAD/ + /wMAmp3IqPoaAAA= headers: - ATL-TraceId: - - def482dc54138fc8 - Connection: - - keep-alive + Atl-Traceid: + - 1622f5ca25959f08 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2675c05f-c51e-4991-b9a3-08ae8bec7cae X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '259' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bc48e618-25f0-46be-9c0a-22a32a120e71 - x-envoy-upstream-service-time: - - '138' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbuTtNssuYkeVGQV2j2JSD6mWEmT0qbCsux/N8WF1dvwzvPM - y5xAq5kOkwMJnzGOs9xsLHVkog1foVDRqXnulS88Rcjgm6a5Dz7BDJEVWGDe7G9fm4eX9rrdL4NO - E8i3Fcoww/cMLI0uHAfysT2OlA7cubDYJOmld/ZXAbkKW3EJ71VcQY6c5VjlXLSskshkWRWIeIMc - MfkzTam37Yd/7K5lXJZCsrrg/Mqa4dF3IYGC70S97bQyJZWKajRdLWpttRLYGURVVUJoKv8URLc2 - PPWTgvWdTi0uPgej1vgE7jIB+Y9DA+fzDwAAAP//AwAg2RXAWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttnptE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzmRTgZ9mC0R5D3GKYjNRmmj+6j8h6cyWhnCIB11OpKMfOo5DN4luAAoKFDI97vr5/3dU/u73S1j + lyYiXlYogwxeM6L0ZP1x1C62x0mnAzfWLypJ3TJY9a0QkQSE+hLeyriCCIg5NHnBW2gEcIE1BYCr + RELyg55TbzuM/9htCyAQBTLKt/jD9uO9Mz6BrCq4KY0xJW8QGZQNQFVLZEUvQbGe80pDyf4WRLs2 + PAyzJOs7Ri42PvpervGJ2MtEtHs77Mn5/AUAAP//AwBYdN0YWgEAAA== headers: - ATL-TraceId: - - 5b45b1b41a34e80d - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 22c4de2d8d675a86 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d9e2b166-a896-41cd-8e20-710fb91ef17f - x-envoy-upstream-service-time: - - '30' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - e2df3dc6e9785769 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:26 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b0c18974-a8c5-4c63-be17-35545ad97b03 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '322' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 99a80347-ac5d-425a-bfed-201f5b830321 - x-envoy-upstream-service-time: - - '77' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 5bbd90d02c983c25 - Connection: - - keep-alive + Atl-Traceid: + - c7e3bfa88dc1ffc2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f570d715-8019-43cf-a884-b3b18959e6d2 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '194' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 541ccbc8-3f6d-4c1a-9048-ccb8455e92c6 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2890]\n\n*Defect Dojo link:* http://localhost:8080/finding/2890 - (2890)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/707]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/315]\n\n*Defect Dojo link:* http://localhost:8080/finding/315 + (315)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/116]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11117","key":"NTEST-928","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11117"}' + string: '{"id":"11812","key":"NTEST-1474","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11812"}' headers: - ATL-TraceId: - - c6bc531c9c3d9bdb - Connection: - - keep-alive + Atl-Traceid: + - 949413a7c07650cc + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:27 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - cdf3aba1-b377-4cb4-87d9-2d16e680f00a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '605' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - f880f1c1-6cb7-469d-8254-026e251f3d2d - x-envoy-upstream-service-time: - - '464' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-928 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1474 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8MO24tvlCj3aRphMr3Y47xjhahjQ2VW7ymhoSO7Id0h7jf79n - O6EMrtzGQIL42e/7533sGw9WJeWpF3sSeAoS0rcM8lR1OC1AdVSyhIJ2RAmSaia46kDKdAGadpIl - 5RnkIutcg1S4B+kplBIUcO3Oeh2PGcsh/gxwoSBf4HKpdali309hAYlOxaXoUZ1TpRjlPQ7aRxva - pyXzI58pVYHfGriCNeofT8eTafdVNETJwgbrxTeeQqeVSqiGTMi1Cy7FFSpEQRR2g343Gk7DKN4d - xOGgFwz2fg2iIDAxGh96XYI188wYjb4fBkEQ3WXdLFJQiWSlqQhK94kqaJ53SMqUZjzRpGSQABEL - Ugt51TPaieBnMv+eKBQklQT/mkFNr6mm8nfF/oHXBTapKl440WH6Ogx2w2GznGKgrzcpdzzTaPQ1 - perK9Kiaa/MVL2iuoOO1NrzYGrnteJohMEpsshfzCjPxSikuMbxnVq/RtrWz3WhrZxb3Gr6J9Iwz - rdGAwVejbZL6y55VYqFrKk1iihVlzhAh6YNssLgWMv3hqj/8nnCbMjfOmkqXzBQWf+7XuR8YnEb9 - VdR/tmHbQouSF6r5/4SvcG8V7v2cr1XrrPl4wttutNqNfs5bA07Vfmz1dntr5nv10bELduziC3Yw - yyRkONePYIiYEnnlxsxJkkppUViKmKGHaLBtY/jYhqMOJzWDaenPi7thx8M09UecOIMrd8COk8G0 - ZIkL4OaRzCAOE1JLUeXpAVNlTtcNLlFcU41M64jsx2fIseQdL/rOmjQDYj9HojJ1Ck2k50bAeObF - WlbGdSIBczVT95gn93qD34YtTz6sWrCtnOG2jWjbxu6GS5iQTK+fWYhW3e//GI+ygmagfKOhWiMM - Bbmoe+o623DPkahbjup7twYLczBkYqD5ICkzlf+ZbbgNh+HQpL2kalyy5IjxK3sVH0BpbmaetHCx - IKrt3p2ECz7Gi5nOczgFqhwEZfPlnRydvTs8nh0djsbHk/FsfHr64RTTwAFSmDcemC6BnCBrck2M - X8IUETxfE5xIlhujRAvyJ5OUnEgocGpJpRBfPTujD7N4hQaDrywI+pfz2HswsljZjHGaY8+w6JsZ - M3sPZc27oimvBXmO0bVMgO3LONydrkozs9+BY/dSeCbCnPLdbfXt5f5joNug6g1NrvAh1SKrNe58 - jZonzU8F3L6L/PZ5ErWXKweD6ETkQh67aOZ5Bd1MIj1tHgeCHAjXbFGU+NTjuunCUz39tjif+eZ3 - Z8p0DjsxufhEyygmIyGuGJBzppEeNZnYy4O8zWn21eSKqeYioflSKB0Pg2HgLxhPkcT8aPgq+GIt - HthaYJiXghiUxDvk/1XJS/P3F2tgAog35A5UxCm3otH5GFdn/IqLehP76OMj6c6JFGmFr5gxz3Ci - CqyPP8Vy4LkLmwzaJX+IuqvFloTKxkD0hfjkIlSa/F1RqUGSjcktqrDxGVrtT/snZJJQvuW8eTv5 - g2Dg6vZGUp4s/SnNMNhjbK2TVixPDw/ui0aiKJgmSE/Le2JTuLXSUCjMPS0FQ2TsxFZu629gWlDG - FdPQQ/DE/f7utr1tcj9Fn3NBZdr24K4XBxuIGa/7JHFIwijJHIATBZrUDaw0spx7l5AFQqtD6iVL - lqQAyhVuUneisYD1QwuEJgmyJKTkmlFSIfATuS6RZvAY5+Bu9p4J5RTxhwSaQNzirq7rnqipKntC - Zj6iDla9cllaYCAAZwshZ86ZmlGN74R5ha2Zvfxwvj856U7ed/FitNA8Oz1yRp8qzHvAJNOYvBtP - P3PkchxcRE9MRHmdfObja2auEAxuArrrxq3Z+xcAAP//7Flta9swEP4rJlBoS+1YTpyXwejCXmAf - NsoKG/SbYquNmd+w7HSjy3/fc5Kipk6cjW6UfAiUokTS3Um6e+65y78qiLMk7lKg5/Yo6BZLK5YJ - /kt9R10qttcpx/iEBH6nylDyi28LkVN4O9w+b4EqFXbAIciYZCmcJMeLZGqPU1SUAzlmJaUgpL/v - Ir8g/8gdBIFmcQ5P7/lPcjSn5MpJGomHdeA5G36CSjQXqYc4luR51s82PJF0kaNCv7FPrg0kebKB - l+60U3ne+ces5FFN5/xcOIn64ABP6LrU7Z9f16KUlMIroXFG6MUmsq3rqsgF6LkjNsSlza7fumxg - LhS1fUF4RJB2yvGw+ZlzevYLj5nWxStgyTZDZF0MkQ03035dIf0pRkoEub007JDhd0508S7f8i51 - 9Ypl7l5o6wGEJY8WBK07qo92umtLmVp1TZZxSuC9P2U7ukOi40X1zGxPtOwSmEWEH4VUeMuHg5jN - J0M/nMOm8XjKgmBE5MIugoY9ywQ98CyOoQMZv/dog2tKuzcW4kjo3vpae7wHaqGWKYDRw37IAjYU - zBeDIJ6OokEUjlk0CePY56NbJiaX8Wsl5WQwOwk+4E/vczOem9znuvor6TXSvceNuIFHzu6VzTxN - Iroyt+Rc0o1hPyKrTsCdMXx35Y68Mif724X74VvcLv8P3+J2C+HQLQYmxbpcN/x4k2lemd4XxROB - s66qNa7dAF+x/H1TFaXo3wBxosVj4FHLCrM2kkmPab4Zal0ZxD1Cwcs/+hEKXsLiIxR0QoFlGjDx - TkfcA3W7zdiH3KLmKUbbnMkH7+o9rHrbE12dOb+rM+fbzlx7wlI4kS+Tqsg1STKFf2N+etEf/+YI - y6L+b+1PLcvKhCKUg18L1RxaN1zhWtrih/XQoO6z9asfqfpruRe9jP/4ImSTkuCNs6q2TlXPan1u - 6i1T64dObr9/ujl4sttsUNauVqvfAAAA//8DAD0PMRHBGwAA + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZlsPeI6roBh6GJ36xZkWeKkQNMioKlriTVFaiQV223z33ep + h904dbdkWBEgER/3fe7hzUcPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4taINnkJ5DqcGAtO1dVhmrirlTeBOFYRT2NfxVgbHTdQlnmjLLGXi+x539KBpFMS4MiDku + c2tLkwRBCnNgNlXvVZ9aQY3hVPYl2AAt2YCWPIgDbkwFQadgAWuUP51OLqa9aHA0wK3aBeMlHz2D + vlWGUQuZ0usmhhRXKBGHcdwLR73o+TQMkzhO4qP+6Fn0QxiHoXPSGbHoeK3miU46+QBTETpHm7Db + RQqGaV66xOHuC2IKKoRPUm4sl8ySkgMDouZkqfSi76SZkpdaPNKLSnJXLipu6C21VAe3HJZB7dbW + wfYoCg+j0U+Gf4AfCyx7VaBVBws0OaVm4WpVzaz7SuZUGPC9RvAVxlXL+l7OETia5esTuAX0Nbzz + PcsRWSWixEtkhTF6OzA5DPcdRN1BqdV7DPWJlWil6zrUle3q4BafoWcb7qXk1qIC421sOwj/Xt81 + am6XVDsgG16UgqPD6U5KsFA1/Aaj1WD0SHe/UrIukk3BBuERuhEPVvHg/7XSwKIGKRqMhqto+C0M + rjqLh/HqMP4WFlvk3909hGPcwXHOV1cNB2KRr99h0bNMQ4a08gDr6I4SVdPlXwR5fLTvYLTv4PlD + 5Q2lNbuOMGr29pJehEtqkdQbMnx87zRUuyXXoFGnXWfUn8eqctFGjjBfuw0uMy+xuoK7lkOdNs1Z + k4OPD/acZ3jV5KoS6ZibUtB12024jW7ZKyyb67A2GxowWNfCXyLwwWjYEfhu2vbRTLyhmd2DTcF3 + Dw63xMSV5nb9xOx24oF7tB5B8LygGZjASZhOCccNoZZ9c5ttiexELTvCG3h1OmfgmMmBdve1Hu6J + NtqH0Gjkws6pmZScnXC5eOlOxlC6yUKyrop1bZf12WZHKjnBwYLOBJwDNQ0ydPvlnZ1c/vLq9Obk + 1fHk9GJyMzk//+Mcw8DWMhg3XpjmQM6QgqUlzi7hhigp1gTbmQunlFhFfuOakjMNBfYzqQxitv+l + to6wnbzwEw/DUfkh8Zr3CkuEOd721L0Gx2xnXFKxe6mdi9r01jgX6F3HEVi+TMLmdlW6pv0XOG5G + mCcirBHePH33p47HgW6Lqp8pW+Ag2CGrU97YOm5nrf/kcDewBd3cFHcvtQSHaKaE0qeNNzNRQS/T + yBrbcUWRsWqKrYoSR1Vp2yp8rX73k/NWbn8OptwKOEjI9Rtaxgk5VmrBgbzmFlnLkgtglQbyUtDs + k4sVQxWKUZErY5NROAqDOZcpEmNwGD17Vysc16lAL98r4kCSHJB/lCTf4a/va/ELHK8ccaAYtnjr + 5LgCMsZ4cHMMrE+ioU8ctjZRHL+e4Nk1/ukNo0HtqisLW0K/4FZDX+ksQFRSVymOM5BDc4BX+7kt + RO14o+fK6bmUC6mWn2fpTKu0wld1IjPs0wKzHkwxyc5mnSJ0mPyqlj2r9qSpbBXE70hAriNjyZ8V + 1RY02arcIwpbm1Et/ebFGblgVO6578Y7/BdiuInqszgu1sZCYTCOtFQcsXOQ1Pt1iVzGCsql4Rb6 + CC9MmMlniup0340H+sdboDnNLwhr8IRUSmYAkhiwZNmCyyLXmQZgcwSYT5Y5ZzkpgEqDh7S50WrA + eN/KGRDKGJIlpOSWU1Ih/plel8g2eO9vAAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsr + lEFQbKcJjSXjl7qjy3/vc5KsOl7djTJKPgTywYmk03Pne3nuwnms6q7TQHSBd30ruzgCdL2KOTmY + xYxcgSYPGgEJqQVeZa35UmSJPGOJjFIww2pOGRDZ9y7mJwQMwteFpYq7xTYV+0UqWimT6Mocrm0x + bjUAokXj8cbBG89JZ6OhssFPTkag28hGQKAR5jVEEpiXMNCLSBs6N7S/RDCimMBkpL32l6qqHFGx + PJVRgSiMH5x0lUqPxiVzyJzru+esAJtZlPCpef/79fRqZl9d2OAJMljNJakgV6Zo6LMoWfNjq3/8 + G46yKcRHuOGflMXroizesF6gfFags76TtIuIVHtr0CHD7VzoIgKuIQLyXUja8/LGLurqGuq6U1Db + iRjmZOGKYlkl7bxMEkYVpfe39Es2JH4osjeWH+IJ54geYrXforNgyYaDyFtMhm6wgALj8ann+yOq + dmYTbnhlW0wveBpFuAMlqPeMwdY9yCfjZCT01e5RhYCDWie3yeyjO5jA871h7LnxwI9OR+EgDMZe + OAmiyGWjpRdPzqMzKeVoMD3yv+KjztkJ4zpt2rb6KXfK3K5gEdt3KB87abnYrEMymZ0ylpPFcF6W + B5A5PH6e2SMn5YS/3YnuP+J2K7v/iNut8L4jRk6KVFunCVuT+8z0ZIfiiZK1ah1VXrsBccP2L2Um + 0LLfIOOEq+fAo4EMVk0k0z16PqW5XqYz7iEVvP9LP6SC90B8SAWdqcAQDEC8VRH3SLNc/exCriiY + HlG3aUrXRMjtmgi5ZiLUXjBMLeb360xwxWp0w1nq/yLU139Bei+K/zfLU8KMUNyEDuSHkFOJegAH + F1KQH+tHnV3fDED+b/OhlnvSS9jDZZyXGxLcUFbOE7JiWijFaapJMwdS3fy+e9jfOa0PSLTb7fYJ + AAD//wMAz1NFC/oaAAA= headers: - ATL-TraceId: - - 2e028f0d2f9a2f32 - Connection: - - keep-alive + Atl-Traceid: + - 1fd2c9784dee004e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8463ef93-897c-4020-94e5-0b16227bbdbb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3aa085a5-5cc9-45a9-a7c8-7f728e363e96 - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,89 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11117 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11812 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/xYkdAMaSO22VL08x2EqBpYdDSWWYskQJJWfba/vcd - KSlOnTlr0wRIxCPv/bmH/OzAOqc8dkJHAo9BQvyGQRqrFqcZqJaKFpDRlshBUs0EVy2Imc5A01a0 - oDyBVCStFUiFexCPIJeggOvqrNNymLHs408PFwrSOS4XWucqdN0Y5hDpWNyJDtUpVYpR3uGgXbSh - XZozN3CZUgW4jYElbFD/YjIcT9rHQR8lcxusE352FDotVEQ1JEJuquBiXKFC4AV+2+u2g/7ED8LD - Xuj3Ol7v6Fcv8DwTo/GhNzlYM8+M0ei7vud5wX3W9SIGFUmWm4qg9ISojKZpi8RMacYjTXIGERAx - J6WQy47RjgS/kun3RKEgKiS4KwYlXVFN5e+K/QOvMmxSkb2oRGfxK9879Pv1coKBvtqm3HJMo9HX - hKql6VEx0+YrnNNUQctpbDihNfK15WiGwMixyU7IC8zEyaW4w/CeWb1a29bOdqOpnVk8aPg20ivO - tEYDBl+1tknqL3tWibkuqTSJKZblKUOExDvZYHEtZLr9dbf/PeHWZa6d1ZXOmSks/jysc9czOA26 - 66D7bMO2hRYlL1T9/wlf/tHaP/o5X+vGWf3xhLfDYH0Y/Jy3Gpyq+djr7etXM9/r64pdsGO3n7CD - SSIhwbl+BEPElEiLaswqSVQoLTJLEVP0EPT2bfQf26ioo5KawbT054Rtv+YLg2DJosrd50cygy8M - Xy1EkcanTOUp3dQoRDEWSl/jzBpk1i6oRqatiOzHZ6hiyXtedCtr0gyI/RyIwtTJxn5jBIwnTqhl - YYKJJGCuZuoe8+RRp/dbv+HJ3ap5+8rp79sItpTBhGR688x8G3W3+2N0yTKagHKNhmqMMBSkouyo - VbKlmHNRNlTUdUyNdhI5bBJJ6QwMmRho7hwyU/mfZfD34dDvm3osqBrmLDpnfGmv4lPIzc3MowZA - Flal3buXcMGHeDHTWQojoKoCpay/nMvzq7dnF9Pzs8HwYjycDkej9yPMDwdIYUHwwGQB5BJZk2ti - /BKmiODphuBEstQYJVqQP5mk5FJChlNLCoX46tgZ3c3iGA16X5jnde9mobMzsljyhHGaYjOxG9sZ - M3u7svpdUZfXgjzF6BomwL4mHO5PF7mZ2e/AcfVSeCb0KuX72+rby/3H0LiF22saLfEh1UCuMV75 - GtRPmp8KuHkXuc3zJGguVw4G6pFIhbyoopmlBbQTiYS1fRwIciqqZossx6ce13UXnurpt8X5yLe/ - BxOmUzgIye0HmgchGQixZEBumEbC1GRsLw/yJqXJF5MrppqKiKYLoXTY9/qeO2c8RhJzg/6x98la - PLW1wDDvBDEoCQ/I/6uSl+bvL9bAGBBvSCqoiONvRYObIa6u+JKLchv74PqR9OBSirjAV8yQJzhR - GdbHnWA58NytTQbtkj9E2dZiT0J5bSD4RFxy6ytN/i6o1CDJ1uQeVdj69K32h5NLMo4o33PevJ3c - nter6vZaUh4t3AlNMNgLbG0lLVgan50+FA1EljFNkJ4WD8SmcBulIVOYe5wLhsg4CK3c1t/ANKOM - K6ahg+AJu93DfXv75G6MPmeCyrjpwX0vTrcQM15PSFQhCaMkMwBOFGhS1rDSyHLVu4TMEVotUi5Y - tCAZUK5wk1YnagtYP7RAaBQhS0JMVoySAoEfyU2ONIPHOIfqru+YUEaIPyTQCMIGd2VZdkRJVd4R - MnERdbDu5IvcAgMBOJ0LOa2cqSnV+HKYFdia6cv3Nyfjy/b4XRsvGgvNq9F5ZfSpwrwDTDIOydvh - 5CNHLsfBRfSEROSr6CMfrpi5QjC4Meh2NW713r8AAAD//+xZ22rbQBD9FWEIJCGSJdnypVBS0wv0 - oSU00EDe1tImFtUNreS0uP73ntldbxTZckpagh8MIay9q5nR7MyZM+N/VRClcdSlQO3tUdAtlk4s - Y/wXykddKrbPycD4gsp+L9tQioubBc8ovS1mrjdHlwo7EBBkTLzkVpzhRlL5jJWXVAMZdgWVIJS/ - Hzy7oPjILCSB4nUWSx7YLwo0q2AySGqBi7UQOY04QSea8cRBHguKPBNnjUgkXRSo0K/tExsDSZ6o - EaU77ZSRd/45LVhY0Xt+za1YfrCAJ+Qu6f3z64oXgkp4yRXOcHVYZ7YJXZm5AD175A3htNn1e9sb - aIeit88JjwjSThkuNjuzTs9+4zKTKn8DLNlmiF4XQ/SGzbJflSh/kpESZW4fDTpkuJ0bXbzLNbxL - ul7Sz90HTT/Q3phuNpCvLFwQ5u5oS9p1UNRpyqiA956rduRDouN5+cJqT7TsEphFhB+NVHDHhoPI - m0+GbjDHC4zHU8/3R0QuzCFo2HOM0wXPogg6UPF7jzbYurV7ZyCOhO7tr1XEO6AW8pgEGLXsB57v - Dbnn8oEfTUfhIAzGXjgJoshlozuPTy6jt1LKyWB24n/Cn3rOTlmma59tq6+EUwv7AR6xfYeC3Snq - eRKH5DK7YEyQx/A8MquKwZ2x/HBlj5wiI/vbjfvhW9xu/w/f4vYI4dAtBiZFqoHX/LjJNK/07Ivy - icBZddUK126Brzj+sS7zgvdvgTjh4jHxaGSFXZPJpEcP3zS1LjXiHqHg9S/9CAWvYfERCjqhwBAK - mHivMm5F0269diE3r1iC1TZncsG7eqt1b3ujazLnmslce8NMutobhsLxbBmXeaa4kG78a/3Ti/r4 - V6+A7lJKWG2WGgVfgHyNH436G7kXvZT9/MZFnZDghm45ZimrWaXsWObVfxvDKllGJlShLf2eyyHV - ZhRMs2Ua/ZBGY8dTY/0n1uoHpHfW6/UfAAAA//8DAEvAWhbBGwAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvcR1XAHD0MXu1i3IssRJgaZFQFNniTVFaiQV223z33fU + i506dbdkWBEgkXi89+ceXT56sCqpTL3E0yBT0JC+5CBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvNvQRuUQXoOpQYD0rZ3WWWsKubO4E0UhlHY1/BXBcZO1yWcacosZ+D5Hnf+o2gUxfhiQMzx + Nbe2NEkQpDAHZlP1XvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGFrBG/dPp5GLaiwZHAzyqQzBe8tEz + GFtlGLWQKb1uckjxDTXiMI574agXPZ+GYRLHSXzUHz2LfgjjMHRBOicWA6/NPDFIpx9gKUIXaJN2 + +5KCYZqXrnB4+oKYggrhk5QbyyWzpOTAgKg5WSq96DttpuSlFo+MopLctYuKG3pLLdXBLYdlUIe1 + DbAVReFhNPrJ8A/wY4Ftrwr06mCBLqfULFyvqpl1T8mcCgO+1yi+wrxqXd/LOQJHs3x9AreAsYZ3 + vmc5IqtElHiJrDBHbwcmh2EnKLV6jxk9seCtdl3uuoFdud3LPZBss7qU3Fo0YLyNb4fU3+u7Rs3t + kmqHV8OLUnAMON3JHPtRo2wwWg1Gjwz3K53pMtn0ZRAeYRjxYBUP/l8vTfdrLKLDaLiKht/C4arz + eBivDuNv4bEF+N3dQzhG+3Aad4I5X101HIjdv36HaMgyDRnSygOsY5xKVM2Uf9FqfLRPMNoneP7Q + eENpzakjjJq9vaQX+R5WzV5hRRx42wvUIs039Pj4MWvId0u3QWNOuyGqH49V5fKPHIW+dgdcZl5i + dQV3Las6a5qzpiofH5y5yPCqyVUl0jE3paDrdvBcuzRgsm62v0Tgg9GwI/Ddsm1oZlewr+HxpuGl + 5kpzu35iyTr1wH2bHsHjvKAZmMBpmM4IxwOhln1zm22J7EQtO8IbeA8hHR92iQg6A0dZDrS7X+vh + njJE+xAajVw9cmomJWcnXC5eOskYSrdZSNb1rO7kspZtTqSSE1ws6EzAOVDT4EC3T97ZyeUvr05v + Tl4dT04vJjeT8/M/zjE/HC2DBcEL0xzIGXKztMT5JdwQJcWa4Jxz4YwSq8hvXFNypqHAQSeVQYT2 + vzTvEY6TF37iYTgqPyTezjBjyTMuqcBmYje2Q+Zku2ftXtSWt0a1wOg6jsC+ZhI2t6vSDe2/wHGz + wjwReo3y5pv4+dbxODRu4fYzZQtcBDvIdcYbX8ftrvWfAu4WtqDbm+LuEy7BQZ0pofRpE81MVNDL + NHLEdl1RZKyaZquixFVV2rYLX+vp58V5K7c/B1NuBRwk5PoNLeOEHCu14EBec4scZckFsEoDeSlo + 9snliqkKxajIlbHJKByFwZzLFGkwOIyevasNjutSYJTvFXEgSQ7IP2qS7/DX97X6Ba5XjlFQDWe/ + DXJcARljPng4BtYn0dAnDlubLI5fT1B2jX96w2hQh+rawpbQL7jV0Fc6CxCV1HWK43Lk0Bzg1X5u + C1EH3ti5cnYu5UKq5f0qnWmVVvi5ncgM57TAqgdTLLLzWZcIAya/qmXPqj1lKlsD8TsSkOvIWPJn + RbUFTbYm96jC1mdUa795cUYuGJV77ru9D/+FGG6yupfHxdpYKAzmkZaKI3YOkvq8bpGrWEG5NNxC + H+GFBTP5TFGd7rvxwP54CzRn+QVhDZ6QSskMQBIDlixbcFnkOtMAbI4A88ky5ywnBVBpUEibG60F + zPetnAGhjCFZQkpuOSUV4p/pdYlsg/f+BgAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZW + KIOg2EoTGkvGP+qOLv9730mK6npJN8oo+RDohzSS757OunfvLkJwXWW9BqILvOtb1cURoOsFF3TB + HGbtSjR5OBGQ0LEguJylmMs8Vc84MicKZlgtiAHBvndcnBAwGF+Wji7lDlvV7Bcd0cmYQlcVuNoO + E04DIFo0wVce3nhBZ7Yn1DH4KSgI5I1iBAQGYbGBSAaLCgHairRx5sbpL5GMKCYIGZ3e3Je6rj1Z + syJTWYEs5A9etsjUjYaTKWxOje8pK6FdZhXu1LT7/Xp8NXGvLlzUXZWs1kkm6SpTNnRZki7FsdM9 + /o2LsirlR1zDPyVLsEuyBP1dC1GzQJVoue+U+iI91drq263tBSsEVMiV7Nm+cZcw8K10RWBYvKCs + 3CKU2/zbtmJ1blGlKaOK0vkb/VIMSR/K/I3lh3TCObKHNOy35Cyas34vCWajvh/NgGk4PA3CcEDV + zm6Ch1e2cXrB4ySBD5SgzjMG1zQnn+wlI6OvtpU6BTzUOrVNsY9pbaIgDPo88HkvTE4HcS+OhkE8 + ipLEZ4N5wEfnyZmyctQbH4Vf8aefc1MmDG26rv6q8KrCrRERN/SIj72smq2WMYXMzRgrKGJ4XpUH + iDl8/DxxB14mCH+7Rd1/xO0ed/8Rt3vkfUcM6kl0E2cEW1P7TMzIh/KJyFo3ipq+biDcsP1LlUv0 + 8jegonjxnHg0qcGqzWTyY+ZTRuvlhnEPVPD+L/1ABe+B+EAFO6nAKg1AvNUZ90hDXvPZh11ZMjOi + biuPXRMh306E2gt2wtJesEqNi/tlLoXWQqbhrMxvEfrff0IqU23hcfPRkN0bCK7xM8qHjd2TTsoe + LnlRrchww7dq7/NyXGoc97L8fxNEbcwahS90Qj+kmo5sxn401aSZA7m0QF6iDV/ANQ+o8KzX6ycA + AAD//wMAxFfXU/oaAAA= headers: - ATL-TraceId: - - 96f6646e2cb1a3e0 - Connection: - - keep-alive + Atl-Traceid: + - 5eb5431c72d75f06 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:28 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8079ff92-d021-4f55-bb01-63b275882b4b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '269' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 18513c11-ec70-401f-9a76-6d4fa04d4f8a - x-envoy-upstream-service-time: - - '165' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml index 79aec09d707..1a8072dd218 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPT0vDQBDFv8tcTdPZxKSbvYkeVKQKTU9SZP9iZLMbshuhlH53d7FoYQ6PN783 - jzmB4EHvZwsMPmOcAluvlTZaRuW/fMmj5SEM3JVORyjgW89h8C7BBJGUWOJqt7172z2+9v/b7TKK - pIC9Z6jAAg8FKD1Zfxy1i/1x0unAvfWLSiGxDFb9RoDlAK0v5gOPGaywIiuShvakZrhhpCoR8QYT - nPJBz6m3H8ZrtsIeG1YRholt6j9Wjk/O+AS23UZQ2mpsdWukkZyYmohbSjvT1EIKpSgnwnRXBdHm - hudh5pDfMXyx8cVLnu0T2IsC7T72OziffwAAAP//AwCMjF7+WgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAmCkoopz9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwDivU4PWgEAAA== headers: - ATL-TraceId: - - 90e9e9bcb15e7a08 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:21:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - b6ace9823798b81b + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 759b8793-aef0-480d-a3fe-ad69e1105209 - x-envoy-upstream-service-time: - - '41' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 59a87a87eb2ef95c - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c8924499-119d-4254-b4aa-6fd90fda5533 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '128' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 70dee9fe-6f13-4c92-8cec-e8721481e941 - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,90 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 824fd09ccc7445c7 - Connection: - - keep-alive + Atl-Traceid: + - 271f388f1318106a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:31 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b2e394fb-426d-4c4e-b109-39d764e0e355 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '262' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - b75b97f8-71a8-4c5f-a0f6-0a84ad8c34d8 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/226]\n\n*Defect Dojo link:* http://localhost:8080/finding/226 - (226)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/316]\n\n*Defect Dojo link:* http://localhost:8080/finding/316 + (316)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/117]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -283,55 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1350' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11406","key":"NTEST-1113","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11406"}' + string: '{"id":"11813","key":"NTEST-1475","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11813"}' headers: - ATL-TraceId: - - 3fe9bf0e40e0164b - Connection: - - keep-alive + Atl-Traceid: + - 7875227326d402ee + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:03 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 6de32723-fd60-4a68-ab02-477bd8ab0a35 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '591' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - d7ac08b0-545a-4c35-b094-ebc669e8a93c - x-envoy-upstream-service-time: - - '1136' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -341,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1113 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1475 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFumWA97jiOgGNrE3bJlWZY4CdC0KGjpWmJNkRpJ+bE2/32X - lGTnAXdt2gCNdEXex7nnHjKfPFhVVGRe4ikQGSjI3jDgmfYFLUH7Oi2gpL6sQFHDpNA+ZMyUYKif - FlTkwGXuL0Bp/AbZBVQKNAjTrk1rbWQ5sw4/RGEYhT0F/9SgzWRdwbmiqWEpeL7HbPwoGoRDfNHA - Z/haGFPpJAgymEFqMvlR9qjhVGtGRU+ACTCSCWjFgjhgWtcQdA7msMb9Z5Px5WQ/iqI+mlwK2ks+ - eRpzq3VKDeRSrZsaMnzDHXEYR7hhPw4n4c9JHCVhv3fQj3/CvEObpA1iMHHn5plJ2v0B+gvjTdnt - SwY6VayywKH1FdEl5dwnGdOGidSQikEKRM7IUqp5z+5OpbhS/Guy0JDWCoIFgyVdUEPVL5r9Cy9L - 7GVdvmhMJ9nLKOxHo/bVdujltmTfs3zAWBOq57ZJ9dTYp2RGuQbf63x4iXPiewVDxqi0WJ/CAjDJ - 8M73DENKVUgPLxE1FudVSn7EjJ8JaLvbweka1MFpX+6RYJv8lWDGoAPtbWLbOv9wa7WcmSVVtlbN - yoozJE32qEDE27FoMFoNRl+Tbot8G6wFv2IWa/x3H/pBeICR48EqHjzbseuqI84L3f7+QqxouIqG - 3xdr1QVrH74QrR+v+vH3RWv5qruHndHu7uzIr64bXcKO3b7HDua5ghxH/QkNkVOS183kNZZHwhUf - 7PoweuqjUZPGamfVCaeX7Ef4Sg3qaaND3873RuW2uhY07pRls3s8krUtKrJadWMNTOReYlQNd618 - WW+KpU2pn57YbGa4VBey5tkx0xWn63YC0IxpmWuUEDsVLRoKsFg7dk+1M+6NDg877XwMW7gLz2jX - h3irGUwqZtbPBLHbHgy+TUJZSXPQgd2hOycMDVwue3qRbzXmVC47LRp4d08L6XeFcDoFqyaWm48P - yuEOGKJdRIxGFo+C6nHF0lMm5u4UP4bKHuoi7broert03zYWIcUYz3Q65XABVDfMUO2Td3569evJ - 2YfTk6Px2eX4w/ji4q8LrA8nSCMguGBSADlH2RSG2LiEaSIFXxMcScatU2Ik+Z0pSs4VlDi2pNbI - 2Z4b0sdVHKLD8DMLw+HoIPGaEwN7h+BvZ+rBHGMbciYof7yovZK08Dqec8yukwLsay5gs7qu7NB+ - BY+b28Mzqdds3hxXDw/8b2Pjlm6vaTrHO1hHuc55E+uoveZ8V8LdXSnorixxd7oKsFRPJZfqrMlm - ymvYzxWqxvbCIMmxbJotywpvicK0XfhS/x6C805sf/YmzHDYS8jtW1pFCTmScs6A3DCDqmXIpTs9 - yBtO88+2ViyVy5TyQmqTjMJRGMyYyFAYgzgevncOjx0UmOVHSSxJkj3yvzvJD/jfj277JV5wrKLg - Npx9Zzq6GePbLf7aH0YDl4fFPF1Cr2RGQU+qPEDKUdsGhpcSS9UAl/YKU3KXVePn2vq5EnMhl53t - XMmsxlvPWOQ4gCXCGUwQPRvP1Y6ZkN/kct/IHfVXrYP4PQnIbaQN+bumyoAiW5c7tsI2ZuR2v311 - Ti5TKnast3etYHTYwPxaUZEWwYTmmOsZEqGx1oxnJ8f3TUeyRJQIillxz2yRXmsDpcbSs0oy5NFe - 4uyuXRbgkjKhmYEeUm2XHXHXxVRSlXUwb+A+3pLOen5F0oZbmAmZAgiiwZBlSzSDutdcVcgMyeaT - ZcHSgpRAhcaPtFnRekCI3okpEJqmKJyQkQWjpMZZSNW6QuXBdUJAcwb3Nvn8icTI3Z9SNp2bAoSl - GqEbrxL/0sLKMA9bHlsAYWImVen2EKmsGFP8qq0Wog7PQfg2LXSOADfHPPkPAAD//+xZbWvbMBD+ - KyFQSGF2bCdp4sHoQtlgH8pGAxuUQZBteQmLbeGXuiXLf+9zkqwmbtKNMko+BPLBseS70/meu+fO - bFWzBzpgRzBpW1UgyDss7WyZhz4p5SsbIVLQic35lAd+puQC0kYeggXawqIxkQQWFdyz19KnE39J - BJpCOq2JhlnJRUE1JOcqcvnO8g3Ai+IDt9JtHYZ1XdtZzQohgQbU8ntbLIQECkyZQ/NcWzhnJdhP - UCFU572vP6azb9bs2kKdluDWKkRG+CCI9ViULNPzTu/8D4JqVWbvEdzPCY57iOC4w0MLo2aB0mKJ - 3vi3ZG/Ex1pbHbO1vWBog3wtkiTt33iIRjiGz8ItLFwQ1PcyFMffW47babyokoRR/en+LVmTD4lN - ZvkrixWxikvgizgwGoFRNJiMJ4E7dvgg9J3QH3mx78Y0HzCboOGFbZxe8DSKoAMFC9UrerATFsdV - GC4/uk7jYsopJPTF/lDBxEZllNtkHlKXfeYOAyfmfugMI8fz43B0wSaT8QUPxl7ERoPL6IOUcjaY - nnmf8VPPWQlLdS62LHWrsKvCquERy7MJKraogtUyJJdZgrGCPIbnZb0B9cPlFSLdFik5v914Hr/F - 7fb1+C1ut8DHbjFST6SaQE3vroCBzrXGgEQSpXLVYqrEdYu8jI2fqjwTvH8LhISLJ8jRsAWrBsOk - QU+SNCfMda49JYG3f92nJPAWFp+SwJ4kYEgEjPulsLamCa2+diA3K5keI7epCLhWd73pPl84NExy - zDCpvWCGM+0FQ9t4erfMs1QRI92rVvoLgvr7T0dAiyMlrJtLnf9ekfO2Pn70G7nvugm7v+FFtSLB - W7rlZCAvp6Wy4y4r/984UgkzQqELjdP3TA5WmhkiDURpXEEqjSG71no75uoHpHs2m80jAAAA//8D - AGjVAx2wGgAA + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZmtl93YFTAMXexu2YIsS5wWaFoENHUtsaZIlaRie23/+y71 + sNu47pYMKwIk4uO+zz28ee/BuqQy9RJPg0xBQ/qcg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQBs8g/QSSg0GpG3vsspYVSycwtsoDKPQ1/CuAmNnmxIuNGWWM/B6Hnf2o2gcDXBhQCxw + mVtbmiQIUlgAs6l6q3xqBTWGU+lLsAFasgEteRAH3JgKgk7BEjYofz6bXs360XD0BLdqF4yXvPcM + +lYZRi1kSm+aGFJcoUQcxnE/HPejp7MwTOI4GcR+PHryQxiHoXPSGbHoeK3mkU46+QBTEcbbsNtF + CoZpXrrE4e4zYgoqRI+k3FgumSUlBwZELchK6aXvpJmS11o80ItKclcuKm7pHbVUB3ccVkHt1s7B + 9igKB9H4J8P/gh8LLHtVoFUHCzQ5o2bpalXNrftKFlQY6HmN4CnGVcv2vJwjcDTLN2dwB+hr+LHn + WY7IKhElXiIrjNG7B5NB2B2UWr3FiB6Z8Fa6TnddwC7dbvEJSHZRXUtuLSow3ta2Q+rv9V2jFnZF + tcOr4UUpODqc3osc61GjbDheD8cPdPcrleki2dZlGI7QjXi4jof/r5Wm+jUW0WB0vI6Ov4XBdWdx + EK8H8bew2AL848d9OEaHcBp3Bwu+ftFwIFb/5g2iIcs0ZEgre1hHP5Womi7/otZ4dOhgfOjg6b7y + htKaXUcYNXt7ST9qecylS3PW+PF+b8+BGDNhclWJdMJNKeimhTpuY97tC8ypg39rglp8KBqCfXij + NvS9I+ygUaddG9afJ6pyGaydf+k2uMy8xOrKecM0YLCut/cJPPKfRqOOwO+nbUsz9w8OFTzeFrzU + XGluN48MuBMPhg/jcV7QDEzgJEynhOOGUCvf3GU7IjtTq47wht4+pONBF4igc3CU5UB7/7U+PpCG + 6BBCo7HLR07NtOTsjMvlc3cygdJNFpJ1CKpxtarPtjtSySkOFnQu4BKoaVCp2y/v4uz6l9Pz27PT + k+n51fR2enn5xyXGh61lMCF4YZYDuUBulpY4u4QboqTYEOxzLpxSYhX5jWtKLjQU2OikMogv/0v9 + HmE7eeEHHobjd6PEa94rrB0mf9dTnzU4liHjkor7l9q5qE1vjXKB3nUcgXXNJGxvV6Vr2n+B42aE + eST0GuHtm/j51PEwNO7g9jNlSxwEO8h1yhtbJ+2s9Z8c7ga2oJub4u4Jl+CgzpRQ+rzxZi4q6Gca + GWs3rigyUU2xVVHiqCptW4Wv1e/z5LyWu5+jGbcCjhJy84qWUUJOlFpyIC+5Rca05ApYpYE8FzT7 + 4GLFUIViVOTK2GQcjsNgwWWKJBYMouM3tcJJnQr08q0iDiTJEflHSfId/vq+Fr/C8coxCoph77dO + TiogE4wHNyfAfBId94jD1jaKk5dTPLvBP/3jaFi76srCVuAX3Grwlc4CRCV1leI4HDk0B3jVz20h + ascbPS+cnmu5lGr1aZYutEorfG6nMsM+LTDrwQyT7GzWKUKHya9q1bfqQJrKVkH8hgTkJjKW/FlR + bUGTncoDorCzGdXSr55dkCtG5YH7bu7DfyFG26g+ieNqYywUBuNIS8URO0dJvV+XyGWsoFwabsFH + eGHCTD5XVKeHbuzpn+yA5jQ/I6zBE1IpmQNIYsCSVQsui1xnGoAtEGA9sso5y0kBVBo8pM2NVgPG + +1rOgVDGkCwhJXeckgrxz/SmRLbBe38DAAD//+xZ72vbMBD9V0ygkELt2k6cpIPSBbbBPpSFFlYo + g6DYThMaS8Y/6o4u/3vfSYrquHE3yij5EOiHNJLvns66d+8unMeq5js1RJd413eyiyNAN4uY0wWz + mLEr0OThREBCx4LgspZ8LrJEPmOJjCiYYTUnBgT73sf8hIDB+LKwlLCw2Kpiv+mIVsokujLH1bYY + t2oA0aLxeOXgjed0ZnNCFYNfnIJA3ihGQKAR5huIZDAvEaCdSGtnrp3+CsmIYoKQ0en1famqyhEV + y1OZFcjC+NFJF6m80XAyhc2p9j1lBZTUrMSdmnZ/3IyvJ/b1pY26K5PVOEkFXWXKhi6LkiU/trrH + f3BRVoX4hGv4WrJ4bZLF628WiM8KdNb3UiKRiGtuDVpsuK0LRgjIkEvZs3tjmzBwjXRFYFi4oKzc + qTlcI2W3CmyTmPMySRhVlM7f6JdiSPpQZO8sP6QTLpA9pEC/R+fBnPV7kTcb9d1gBsDD4Znn+wOq + dmYTPLyxLaYXPI4i+EAJ6rxgsHVz8tlcMjL6ZlupUsBBrZPbJPvo1ibwfK8fe27c86OzQdgLg6EX + joIoctlg7sWji+hcWjnqjY/8b/hTz9kJ45o2bVt9lTtlbleIiO07xMdOWs5Wy5BCZqeM5RQxPC/L + A8QcPn6Z2AMn5YS/2aLuP+Jmj7v/iJs98r4jBidFqqXUgq2ufSZ65EP5RGSt2jzFa7cQbtj+tcwE + evlbUFG4eEk8mtRg1WQy+dHzKa31Ms24Byr4+Jd+oIKPQHygglYqMIICEO9Uxj3RkFd/dmFXFEyP + qJuypG0i5JqJUHPBTFiaC0apxfxhmQmutJBuOEv9W4T695+QikRZeNp81GT3DoKr/YxyurF70knY + 41WclysyXPMt2/usGBcKx4Mo/t/8TxkzRuELndBPIacjmyEkTTVp5kAuDZBttP4WXP2ADM96vX4G + AAD//wMAZ+8JRfoaAAA= headers: - ATL-TraceId: - - 0abdee256616d4f9 - Connection: - - keep-alive + Atl-Traceid: + - e0b66a34e3f2a78b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:32 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a2bbef58-ec1c-490c-8beb-437c247db91a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '334' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - bc0c6a47-2c01-4b14-bf54-5e853e5131f3 - x-envoy-upstream-service-time: - - '134' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -438,93 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11406 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFumWA97jiOgGNrE3bJlWZY4DdC0KGjqWmItkRpJ+bG2/32X - lGSnDtylaQzE0iV5H4fnHtIfPVhVVKRe4ikQKShIX3EoUu0LWoL2NcuhpL6sQFHDpdA+pNyUYKjP - cioyKGTmL0BpHIP0CioFGoRp57JaG1nOrMP3URhGYU/BPzVoM1lXcKkoM5yB53vcxo+iQTjEFw3F - DF9zYyqdBEEKM2AmlR9kj5qCas2p6AkwAUYyAa14EAdc6xqCzsEc1rj+YjK+nhxGUdRHk0tBe8lH - T2NutWbUQCbVuqkhxTdcEYdxhAsO43AS/pzEURL2e0f9+CfMO7RJ2iAGE3dunpikXR+gvzDelN2+ - pKCZ4pUFDq0viC5pUfgk5dpwwQypODAgckaWUs17djWT4kYVj8lCA6sVBAsOS7qghqpfNP8Xnpe4 - l3X5rDGdpc+jsB+N2le7Q8+3Jfue5QPGmlA9t5tUT419Sma00OB7nQ8vcU58L+fIGMXy9TksAJMM - P/ue4UipCunhJaLG4rxKyQ+Y8RMBbVc7ON0GdXDal3sk2CZ/I7gx6EB7m9i2zj/cXC1nZkmVrVXz - sio4kibdKRDxdiwajFaD0WPSbZFvg7XgV9xijX/3oR+ERxg5HqziwZMdu111xHmm2++vxIqGq2j4 - fbFWXbD24SvR+vGqH39ftJavunvYG+3zZ9vyq9eNLuGO3b3DHcwyBRm2+gMaIqdkUTed11h2hCs+ - 2jcweuijUZPGanvVCaeXHEathFgGK86acB8f2Cy/MH2dy7pIT7muCrpuWYjmJTWoyI2SfXvHNDq5 - VcagcadsP7jHE1lbWFyqt9bAReYlRtU2Njo1r1FCbFe0aCjAYm3bPdTOuDc6Pu60cxe2cB+e0b6B - eN9AfysmXCpu1k/EplseDL5NW3lJM9CBXaE7JxwNhVz29CLbis+5XHYiNfAcnFOwamK5uXtQDvdU - G+0jYjSyZedUjyvOzrmYu1P8FCp7qAvWMcjxaunGNhYhxRjPdDot4Aqoblip2ifv8vzm17OL9+dn - J+OL6/H78dXVX1dYBnaQxrpxwiQHcomyKQyxcQnXRIpiTbAleWGdEiPJ71xRcqmgxLYltUbG9VyT - 7lZxjA7DTzwMh6OjxNvpWUQ244IWuGcI+rbJ7Niurb2StPA63heYXScFuH2ZgM3surJN+wgeN7eH - JzKsWbw5rr488L+NdFtWvaRsjnewjlmd8ybWSXvN+a6Eu7tS0F1Z4u50FWAZzWQh1UWTzbSo4TBT - qFjbC4Mkp7LZbFlWeEsUpt2Fr+3pl+C8FdvPwYSbAg4ScveGVlFCTqSccyC33KBiGnLtTg/yqqDZ - J1srllpIRotcapOMwlEYzLhIUdaCOB6+cw5PHRSY5QdJLEmSA/K/K8kP+O9Ht/waLzhWOHAZtrgz - ndyO8e0Ovw6H0cDlYTFnS+iV3CjoSZUFSDlqt4HjpcRSNcCpvdyUhcuq8fPa+rkRcyGXne1SybTG - W89YZNiAJcIZTBA9G8/VjpmQ3+Ty0Mg99Vetg/gdCchdpA35u6bKgCJbl3uWwjZm5Fa/eXFJrhkV - e+bbu1YwOm5gfqmoYHkwoRnmeoFEaKw1L9Kz0/umE1kiSgTFLL9ntkivtYFSY+lpJTny6CBxdrdd - FuCScqG5gR5SbZ8dcdf5VFKVdjBv4D7dks56fkFYwy3MhEwBBNFgyLIlmkHda64qZIZk88ky5ywn - JVChcZA2M1oPCNFbMQVCGUPhhJQsOCU19gJT6wqVB+cJAc3539vk8ycSI3M/pWw6tzkISzVCN14l - /tLCyjAPWx5fAOFiJlXp1hCprBhTHNVWC1GH5yB8mxY6R4CbKwb5DwAA///sWW1r2zAQ/ishUEhh - dmQnaeLB6ELZYB/KRgMblEFQbHkJi23hl7qly3/fc5KiJl7cjTJKPgTywbHku0fne3nuzNc1f6AD - diRX2KoCTt7haWcHHvqkVKxduEhBJ7bn0xb4npIJSBtZCAgMwmILkQQWFcxzEOnTiT8lEk0hndZ6 - w6wUsqAakgvtuWJv+QbBi+IDs9Jt44Z1XbtZzQupAg1RK+5duZQqUABlDs1zg3DOSzCvRQVXnfc+ - f5vOvjizawe8QgW3USEzig8KsR6PklV63umd/4JTrcvsLZz7T4LjtREcb7hbtUq0wD8VxSLK19w6 - apHBWhfaaAOztEG9L0WSDm+0fHav8jazM2zGwyXlgYP0hQVWXZUknOpP92/JmmxIbDLLX1isiFVc - Ir6IwaIRGEWDyXiy8MZMDMKAhcHIjwMvpvmA3QQNz2wT9IKnUQQdKFioXtGDm/A4rsJw9d5jW0tS - TiGhz/aHOkxcVEa1TeUhfdnn3nDBYhGEbBgxP4jD0QWfTMYXYjH2Iz4aXEbvlJSzwfTM/4iffs5J - eGpysePoW4VbFU4Nizi+S6HiymqxXoVkMkdyXpDF8LyqN6B+uLyCp7syJeM3G8/jR9xsX48fcbMF - PnbEyEmRbkANvbtCDHSuTQyoSKJUrhtEndFukZex8UOVZ1L0bxEh4fIp5GjYglUbw6TBTJIMJ8xN - rj0lgdd/3ack8BqIT0ngQBJoEgjQp+7jhp7Z0hCg/qGD8JFGt+aaQWFWcjNfbkppGyaxtmESs8Ok - 5oKlbSK9W+VZqrmP6VUr8wVB//0npGhxlITH7aXJfy/IeTsfP/pbuW+6Cb+/EUW1JsE7utVkIC+n - pcZxl5X/b5iohVmh0IXG6WumBit2fpnlalxBKi2QfbT+HlzzgDLPZrP5DQAA//8DAG9cG3uwGgAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZmtN7uxK2AYutjdsgVZljgt0LQIaOossaZIlaRie23/+456 + sVun7pYMKwIkEo/3/tyjy3sP1iWVqZd4GmQKGtLnHERqepIWYHqG5VDQnipBU8uVND1IuS3A0h7L + qcxAqKx3B9qgDNJLKDUYkLa9yypjVbFwBm+jMIxCX8O7CoydbUq40JRZzsDredz5j6JxNMAXA2KB + r7m1pUmCIIUFMJuqt8qnVlBjOJW+BBugJxvQkgdxwI2pIOgMLGGD+uez6dWsHw1HT/CoDsF4yXvP + YGyVYdRCpvSmySHFN9SIwzjuh+N+9HQWhkkcJ4PYj0dPfgjjMHRBOicWA6/NPDJIpx9gKcJ4m3b7 + koJhmpeucHj6jJiCCtEjKTeWS2ZJyYEBUQuyUnrpO22m5LUWD4yikty1i4pbekct1cEdh1VQh7UL + sBVF4SAa/2T4X/BjgW2vCvTqYIEuZ9QsXa+quXVPyYIKAz2vUTzFvGrdnpdzBI5m+eYM7gBjDT/2 + PMsRWSWixEtkhTl6ezAZhIcEUScotXqLqT6yE6123Ye6s10f3Msn6Nmley25tWjAeFvfDsK/13eN + WtgV1Q7Ihhel4BhwulcSbFQNv+F4PRw/MNyvtKzLZNuwYTjCMOLhOh7+v14aWNQgRYfR8To6/hYO + 153HQbwexN/CY4v8jx/vwzHu4Ljg6xcNB2KTb95g07NMQ4a0cg/rGI4SVTPlXwR5PDokGB8SPL1v + vKG05tQRRs3eXtKP8JVaJPWGDB8+Ow3V7sg1aMxpNxn144mqXLaRI8yX7oDLzEusrgAriEbtCyy6 + m48muNqes685a6ry/t6ZixWVTa4qkU64KQXdtPPluqIBk3UjfJ/AI/9pNOoIfL9sh2gm3tLMvmDb + 8H3BYEdMXGluN4+sbqceDB9G8LygGZjAaZjOCMcDoVa+uct2RHamVh3hDb26IXNwzORAu/+1Pj6Q + bXQIodHYpZ1TMy05O+Ny+dxJJlC6zUKyrmd1J1e1bHsilZziYkHnAi6BmgYHun3yLs6ufzk9vz07 + PZmeX01vp5eXf1xiGjhaBvPGC7McyAVSsLTE+SXcECXFhuA4c+GMEqvIb1xTcqGhwHkmlUHM+l8a + 6wjHyQs/8DAcvxslXvO9whZhjXcz9dmAY7UzLqnYv9TuRW15a1QLjK7jCGxfJmF7uyrd0P4LHDcr + zCMR1ihvP32fbx0PA90OVT9TtsRFsENWZ7zxddLuWv8p4G5hC7q9Ke6+1BIcopkSSp830cxFBf1M + I0fs1hVFJqpptipKXFWlbbvwtf59XpzXcvdzNONWwFFCbl7RMkrIiVJLDuQlt8hRllwBqzSQ54Jm + H1yumKpQjIpcGZuMw3EYLLhMkRiDQXT8pjY4qUuBUb5VxIEkOSL/qEm+w1/f1+pXuF454kA1HPE2 + yEkFZIL54OEEmE+i4x5x2NpmcfJyirIb/NM/joZ1qK4tbAV+wa0GX+ksQFRS1ymOO5BDc4BX/dwW + og68sfPC2bmWS6lWn1bpQqu0wq/qVGY4pwVWPZhhkZ3PukQYMPlVrfpWHShT2RqI35CA3ETGkj8r + qi1osjN5QBV2PqNa+9WzC3LFqDxw3613+C/EaJvVJ3lcbYyFwmAeaak4Yucoqc/rFrmKFZRLwy34 + CC8smMnniur00I179ic7oDnLzwhr8IRUSuYAkhiwZNWCyyLXmQZgCwRYj6xyznJSAJUGhbS50VrA + fF/LORDKGJIlpOSOU1Ih/pnelMg2eO9vAAAA///sWe9r2zAQ/VdMoJBC7dpOnKSD0gW2wT6UhRZW + KIOg2E4TGkvGP+qOLv9730mK6rhxN8oo+RDohzSS757OunfvLpzHqso6NUSXeNd3sosjQDeLmNMF + s5ixK9Dk4URAQseCrrKWfC6yRD5jiYwomGE1JwYE+97H/ISAwfiysFQpt9iqYr/piFbKJLoyx9W2 + GLdqANGi8Xjl4I3ndGZzQhWDX5yCQN4oRkCgEeYbiGQwLxGgnUhrZ66d/grJiGKCkNHp9X2pqsoR + FctTmRXIwvjRSRepvNFwMoXNqfY9ZQW0y6zEnZp2f9yMryf29aUNnSCT1ThJBV1lyoYui5IlP7a6 + x39wUVaF+IRr+FqyeG2Sxeu3LQSbBSK6Ai33vdRjpKcaW12ztblghIAMuVQ3uze2CQPXSNetutnk + W0SNhQtK2Z2CxDU6Ny+ThFFF6fyNfimGpA9F9s7yQzrhAtlDqvZ7dB7MWb8XebNR3w1mwDQcnnm+ + P6BqZzbBwxvbYnrB4yiCD5SgzgsGW/cgn80lI6Nvdo8qBRzUOrlNso/uYALP9/qx58Y9PzobhL0w + GHrhKIgilw3mXjy6iM6llaPe+Mj/hj/1nJ0wrmnTttVXuVPmdoWI2L5DfOyk5Wy1DClkdspYThHD + 87I8QMzh45eJPXBSTvibnej+I262svuPuNkK7ztiUE+kmjgt2OraZ6InO5RPRNaqdVT0dQvhhu1f + y0ygZb8FFYWLl8SjgQxWTSaTHz2f0lov04x7oIKPf+kHKvgIxAcqaKUCozwA8U5l3BPNcvVnF3ZF + wfSIuqk82iZCbttEyDUToeaCUWoxf1hmgiu5oxvOUv8Wof79J6QiURaeNh812b2D4Go/o5xu7J50 + EvZ4FefligzXfMv2PivGhcLxIIr/N1NUxoxR+EIn9FPI6chm7EdTTZo5kEsDZButvwVXPyDDs16v + nwEAAP//AwCSiGAL+hoAAA== headers: - ATL-TraceId: - - 31eaff43d4786003 - Connection: - - keep-alive + Atl-Traceid: + - bc22da589cfdfa52 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:04 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 81451461-b33a-48e5-8145-6f54beed4ac4 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '254' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 2748acdd-e514-4773-97a2-6015eb6c650a - x-envoy-upstream-service-time: - - '147' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -534,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbds3SvIk+qMgU1j2JSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9IimgOs0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGG1392+7h9e+v/tbhll - Voi/FaiCCt4rpM3kwnE0PvXHyeQDdy4sOofkMjj9G0G8BFhzMe9FKmANNVmRPKwnDYctJzUGgBvI - cM5HM+fefhiv2Rp6aHlNOLSY0s0fq8ZHb0MGabeVjFED1FCrrBLENkRuGOts20gltWaCSNtdFSRX - Gp6GWaDyjhWLS89BiWKfkLsoZPzHYY/O5x8AAAD//wMAp5UmGVoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTpG26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+310/7++e2t/tbhm7 + NIF4WaEMM3zNQOnJ+uOoXWyPk04HbqxfVJK6ZbDqWwGRBIrVJbyVcQUpUppjkxe8xUYgF7QiiHiV + SEx+0HPqbYfxH7ttEQWlgjGypdUP24/3zvgE1mXBDTPGMN5QWiNrEMtK0rroJaq657zUyOq/BdGu + DQ/DLGF9x8jFxkffyzU+gb1MoN3bYQ/n8xcAAAD//wMA53JWwloBAAA= headers: - ATL-TraceId: - - e87c59463845f348 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:21:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 8c4b9a6471a2692a + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 115cbc1e-c3f9-47b8-b8a1-a1aab3fe6936 - x-envoy-upstream-service-time: - - '33' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0c8bb4372a32e26a - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:05 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:33 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e55b7e40-a65b-46dc-b2c3-29eaaeec819e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 13a30121-394f-4fed-9067-3701d5dfb2e9 - x-envoy-upstream-service-time: - - '79' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -711,90 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 660a0b819ac0e0c2 - Connection: - - keep-alive + Atl-Traceid: + - 9685d0aa00a15ccd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d78c84b1-65b2-4d5a-bb70-ac0cd1080578 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '192' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - a70d3468-816b-43ae-bbb0-423c0ac67326 - x-envoy-upstream-service-time: - - '107' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/227]\n\n*Defect Dojo link:* http://localhost:8080/finding/227 - (227)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/317]\n\n*Defect Dojo link:* http://localhost:8080/finding/317 + (317)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/117]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -807,55 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1350' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11407","key":"NTEST-1114","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11407"}' + string: '{"id":"11814","key":"NTEST-1476","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11814"}' headers: - ATL-TraceId: - - 74d77a4481841bb0 - Connection: - - keep-alive + Atl-Traceid: + - 6e658e7d5f1c4c85 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:06 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:34 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4318d6ea-1b4c-48f1-9d32-aa688aa72843 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '483' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - c8577f71-e77e-4e44-b020-ea3c15dd7b4a - x-envoy-upstream-service-time: - - '549' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -865,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1114 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1476 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFvmWI+4iSugGNrE3bJlWZY4DdC0KGjqWmJNkRpJ+bE2/32X - lGSnzty1aQM00hV5H+eee8h8DGBZUZkFaaBBZqAhe8VBZKYnaQmmZ1gBJe2pCjS1XEnTg4zbEizt - sYLKHITKe3PQBr9BdgmVBgPStmtZbawqp87h+ziK4qiv4e8ajB2vKrjQlFnOIOgF3MWP40F0hC8G - xBRfC2srk4ZhBlNgNlMfVJ9aQY3hVPYl2BAj2ZBWPExCbkwNYedgBivcfz4eXY33YzSiyadggvRj - YDC32jBqIVd61dSQ4RvuSKIkxg37STSOnqZJnEaH/aPk6CfMO3JJuiAWE/duHpmk2x+ivyhZl92+ - ZGCY5pUDDq0viCmpED2ScWO5ZJZUHBgQNSULpWd9t5spea3F12RhgNUawjmHBZ1TS/XPhv8Dz0vs - ZV0+aUyn2fM4OoiH7avr0PNNyb3A8QFjjamZuSbVE+ue0ikVBnpB5yNIvZNeUHBkjGbF6gzmgElG - d73AcqRUhfQIUlljcUGl1QfM+JGAtrs9nL5BHZzu5R4JNslfS24tOjDBOrar83e/1qipXVDtajW8 - rARH0mRbBSLenkWD4XIw/Jp0W+TbYC34FXdY47/70DfcTQbLZPBox76rnjhPTPv7C7Hiw2V8+H2x - ll2w9uEL0Q6S5UHyfdFavpruYWe0uzs38svXjS5hx27fYQfzXEOOo/6AhsgpJepm8hrLlnAlR7s+ - DB/6aNSksbpZ9cIZpPsxvlKLetro0LfzvVG5ja6FjTvt2Owfj1XtioqdVt04A5d5kFpdw10rX86b - 5qwp9eMDm8sMl5pC1SI74aYSdNVOAJoxLfsaJcRNRYuGBizWjd1/aefT6KDTzm3Yol14xrs+JBvN - 4Epzu3okiN320B0L3yChvKQ5mNDtMJ0TjgahFn0zzzcac6YWnRYNgruHhRx0hQg6AacmjpvbB+Xh - DhjiXUSMhw6PgppRxdkZlzN/ip9A5Q51ybou+t4u/Le1RSo5wjOdTgRcAjUNM3T7FFycXf9yev7+ - 7PR4dH41ej+6vPzzEuvDCTIICC4YF0AuUDalJS4u4YYoKVYER5IL55RYRX7jmpILDSWOLakNcrbv - h3S7imfoMPrEo+hwOE2DrZlFyHMuqcBmYjc2Q+a+bdvaK0kLr+e5wOw6KcC+5hLWq+vKDe1X8Li5 - PTySes3m9XH1+YH/bWzc0O0lZTO8g3WU65w3sY7ba853JdzdlcLuypJ0p6sER3WmhNLnTTYTUcN+ - rlE1NhcGRU5U02xVVnhLlLbtwpd6+jk4b+XmZ2/MrYC9lNy+oVWSkmOlZhzIDbeoWpZc+dODvBI0 - /+RqxVKFYlQUyth0GA2jcMplhsIYJsnRO+/wxEOBWX5QxJEk3SP/u5P8gP/96Ldf4QXHKQpuw9n3 - puObEb7d4q/9w3jg83CYswX0S2419JXOQ6QcdW3geClxVA1xab+wpfBZNX5eOz/XcibVorNdaJXV - eOsZyRwHsEQ4wzGi5+L52jET8qta7Fu1o/6qdZC8IyG5jY0lf9VUW9Bk43LHVtjEjP3uNy8uyBWj - csd6d9cKh88amF9qKlkRjmmOuZ4jERprzUV2enLfdKxKRImgmBX3zA7plbFQGiw9qxRHHu2l3u7b - 5QAuKZeGW+gj1XbZEXdTTBTVWQfzGu6TDemc5xeENdzCTMgEQBIDlixaolnUveaqQqZIth5ZFJwV - pAQqDX6kzYrWA0L0Vk6AUMZQOCEjc05JjbPA9KpC5cF1UkJzBvfX+fyBxMj9n1IunZsCpKMaoWuv - Cv/SwsowD1cenwPhcqp06fcQpZ0YU/xqnBaiDs9A9lxa6BwBbo558i8AAAD//+xZ22rbQBD9FWMI - OFDJkhxfVCipCS30IbTE0EIomLW0qk11WbRSlOD633tmd6XYip2UUIIfDH6QtauZs6O5nBmxuGIP - dMCOYApbKeHkHZZ2tuChT0p5bMNFJJ24OZ+2wM+UTEDayEJAYBDKGiIJlCXMsxfp44m/JAJNIZ22 - 8YZZwYWkGpJz7bl8Z/kGwYviA7PSbeOGVVXZWcWkUIGGqOX3tlgKFSiAMofmuUE4ZwXYz6KEq857 - X39MZ9+s2bWFOq2C26gQGcUHhViPhckqPe/0zv/AqeIiew/nfkpw3EMEB93oVtUq0AL/ViSNaFd7 - 6/CADOfgQkMb1GtRJGn/xkM0wmn4bHvBrxdgLxYsKQfsodXtNC7LJGFUf7ovJWuyIbHJLH9lsSJW - cYn4Ig6MRmAYDibjycIdO3wQ+E7gD73Id6MRkYp6EzQ8s43TC56GIXSgYKF6hQ92wqKoDILVR9ep - TUw5hYQ+2x/qMLFRGdU2lYf0ZZ+5Fwsn4n7gXISO50fBcMQmk/GIL8ZeyIaDy/CDknI2mJ55n/HT - z1kJS00utix9S9qltCpYxPJsChVblIt4FZDJLMGYJIvheVVvQP1weQVPt0VKxm83nsePuN2+Hj/i - dgt87IiRk0LdBBp6d4UY6FybGFCRRKlct5g6o90iL2PjpzLPBO/fIkKC5WPI0bAFq00MkwYzSTKc - MDe59pQE3v51n5LAWyA+JYE9SaDNNkCfuusNPVOzC6D+pYNwTaNbc+1AYVYwM19uSzk0THKaYVJ7 - oRnOtBca2sbTu1WepZr/mF61NF8Q9N9/QooWR0lY15cm/70i5219/OjXct91E3Z/w2UZk+At3Woy - kBfTQuO4y4r/N47Uwhqh0IXG6XumBiv1DJEGojSuIJUNkF203g5c84Ayz2az+QsAAP//AwDLptrJ - sBoAAA== + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvdhLHAHD0MXu1i7IssRJgaZFQFNniTVFqiQV22vz33fU + i906dbdkWGEgsXi89+cenT94sCqpTL3E0yBT0JA+5yBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvPvQBuUQXoBpQYD0rZ3WWWsKubO4G0UhlHY1/C+AmOn6xLONWWWM/B8jzv/UTSKhvhgQMzx + Mbe2NEkQpDAHZlP1TvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGFrBG/bPp5HLai4ZHh3hUh2C85INn + MLbKMGohU3rd5JDiE2rEYRz3wlEvOp6GYRLHyWDYPzqOfwjjMHRBOicWA6/NPDFIpx9gKcJ4k3b7 + kIJhmpeucHj6jJiCCuGTlBvLJbOk5MCAqDlZKr3oO22m5JUWj4yikty1i4pbekct1cEdh2VQh7UN + sBVF4SAa/Wz4X/BTgW2vCvTqYIEup9QsXK+qmXXfkjkVBnyvUXyBedW6vpdzBI5m+foU7gBjDe99 + z3JEVoko8RJZYY7eDkwG4T5B1AlKrd5hqk/sRKtd96HubNcH9/AJerbpXkluLRow3sa3g/Dv9V2j + 5nZJtQOy4UUpOAac7pQEG1XDbzhaDUePDPcrLesy2TRsGB5hGPFwFQ//Xy8NLGqQosPocBUdfguH + q87jIF4N4m/hsUX+/f1DOMYdHOd8dd1wIDb55i02Pcs0ZEgrD7CO4ShRNVP+RZDHR/sEo32C44fG + G0prTh1h1OztJb0IH6lFUm/I8PGz01DtllyDxpx2k1F/PVGVyzZyhPnKHXCZeYnVFdy3HOqsac6a + Gnx4cOYiw6smV5VIx9yUgq7bacJjDMteY9vchLXV0IDJuhH+EoH/GIcdge+WbR/NxBua2RVsGl5q + rjS36ycWsVMP3OvqETzOC5qBCZyG6YxwPBBq2Td32ZavTtWy47Wh9xC58aBLRNAZOGZyoN19Wx/u + KUO0D6HRyNUjp2ZScnbK5eK5k4yhdJuFZF0X694ua9nmRCo5wcWCzgRcADUNMnT7zTs/vfr1xdnt + 6YuTydnl5HZycfHHBeaHo2WwIHhhmgM5RwqWlji/hBuipFgTHGcunFFiFXnJNSXnGgqcZ1IZxGz/ + S2Md4Th54UcehqP388TbGWYsecYlFdhM7MZ2yJxs96zdi9ry1jgXGF3HEdjXTMLmdlW6of0XOG5W + mCdCr1HevPo+3zoeh8Yt3H6hbIGLYAe5znjj66Tdtf5TwN3CFnR7U9y9qSU4qDMllD5ropmJCnqZ + RtbYriuKjFXTbFWUuKpK23bhaz39vDhv5PZzMOVWwEFCbl7TMk7IiVILDuQVt8hallwCqzSQ54Jm + H12umKpQjIpcGZuMwlEYzLlMkRiDQXT0tjY4rkuBUb5TxIEkOSD/qEm+wz/f1+qXuF45RkE1nP02 + yHEFZIz54OEYWJ9Ehz5x2NpkcfJqgrIb/Nc7jIZ1qK4tbAn9glsNfaWzAFFJXac47kAOzQFe7ee2 + EHXgjZ1rZ+dKLqRaflqlc63SCt+qE5nhnBZY9WCKRXY+6xJhwOQ3texZtadMZWsgfksCchMZS/6s + qLagydbkHlXY+oxq7dfPzsklo3LPfbfe4U+Iph2ffw4u18ZCYTCPtFQcsXOQ1Od1i1zFCsql4Rb6 + CC8smMlniup0340H9sdboDnLzwhr8IRUSmYAkhiwZNmCyyLXmQZgcwSYT5Y5ZzkpgEqDQtrcaC1g + vm/kDAhlDMkSUnLHKakQ/0yvS2QbvPc3AAAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KSgsr + lEFQbKUJjSXjl7qjy3/vc5KiOl7SjTJKPgTywYmk03Pne3nuIgTXdddrILrAu75TXRwBuplzQQ7m + MCtXosmDRkBCaoFXOQsxk3mqzjgypxTMsFpQBkT2vefihIBB+KJ0dHF32LJmv0hFJ2MKXVXAtR0m + nAZAtGiCLz288YJ0thpqG/wUZAS6jWwEBAZhsYZIAosKBtqKtKFzQ/srBCOKCUxG2ht/qevakzUr + MhUViEL+6GXzTHk0LplA5sTcPWEl2My0gk9Nut9vxteX7vWFi7qrgtVekklyZYqGLkvShTh2use/ + 4SjLUn6EG/5JWYJdlAV9746FqFmgSrTc94qPEcNqbfXt1vbCLiLgWyKg3oXiQ9s3Wuq6UUvb+RZW + Y/GcQnYrIfEtzy2qNGVUUTp/S79kQ+KHMn9j+SGecI7oIVb7LTmLZqzfS4LpqO9HU2AaDk+DMBxQ + tbObcMMr2zi94HGS4A6UoM4LBtf0IJ+sk5HQV7tHHQIeap3aprKP6WCiIAz6PPB5L0xOB3EvjoZB + PIqSxGeDWcBH58mZknLUGx+FX/HR59yUCZM2XVf/VHhV4dawiBt6lI+9rJouFzGZzM0YK8hiOK/K + A8gcHj9fugMvE4S/3YnuP+J2K7v/iNut8L4jRupJdFtnCFuT+1yayQ7FEyVr3Trq9HUL4obtX6pc + omW/RcaJ5y+BRwMZrNpIpnvMfMpwvdxk3EMqeP+XfkgF74H4kAp2pgLLPADxTkfcE81yzbMPubJk + ZkTdZh67JkK+nQi1F+yEpb1gmRoXD4tcCk13TMNZmf8i9Nd/Qfogy/83y9PCrFDchA7kh1RTifUA + Di6kIT+tH012fTMA9b/Nh7Xck07KHq94US1JcENZNU/Iy3GpFaepJs0cSHX7++bhcOO0OaDQrlar + ZwAAAP//AwA0iVI9+hoAAA== headers: - ATL-TraceId: - - f891bd28b3dfda02 - Connection: - - keep-alive + Atl-Traceid: + - 6b4d8a11e2231f6e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 80401d2d-c77e-4b83-809f-bc6cacc02c31 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '220' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 9ed56535-61e5-4924-9fb2-531d936d114a - x-envoy-upstream-service-time: - - '116' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -962,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11407 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11814 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9JE1dAMbSJu2XLsixxGqBpUdDUWWJNkRpJxfbS/Pcd - KclO3blr0wZopBN5L88995C5C2BRU5kHWaBB5qAhf8VB5CaUtAITGlZCRUNVg6aWK2lCyLmtwNKQ - lVQWIFQR3oI2+A3yC6g1GJC2W8saY1U1dQ7fJ3GcxAMNfzdg7HhZw7mmzHIGQRhwFz9J9uNDfDEg - pvhaWlubLIpymAKzufqgBtQKagynciDBRhjJRrTmURpxYxqIegczWOL+s/HocryboBFNPgUTZHeB - wdwaw6iFQullW0OOb7gjjdMEN+ym8Th+mqVJFh8MDtPDnzDv2CXpglhM3Lt5ZJJuf4T+4nRVdveS - g2Ga1w44tL4gpqJChCTnxnLJLKk5MCBqSuZKzwZuN1PySouvycIAazREtxzm9JZaqn82/B94XmEv - m+pJazrJnyfxXjLsXl2Hnq9LDgPHB4w1pmbmmtRMrHvKplQYCIPeR5B5J2FQcmSMZuXyFG4Bk4zv - w8BypFSN9Agy2WBxQa3VB8z4kYB2uz2cvkE9nO7lAQnWyV9Jbi06MMEqtqvzd7/WqKmdU+1qNbyq - BUfS5BsFIt6eRfvDxf7wa9LtkO+CdeDX3GGN/x5C33I33V+k+4927LvqifPEdL+/ECs5WCQH3xdr - 0QfrHr4QbS9d7KXfF63jq+kftka7v3cjv3jd6hJ27OYddrAoNBQ46p/REDmlRNNOXmvZEK70cNuH - 4ec+WjVprW5WvXAG2W4SBlimfY1D6HjVLaAWFbZVpm+fgFb31koXte6047d/PFKNKzNx6nXtDFwW - QWZ1A/edoDlvmrO2+LvPbC4zXGpK1Yj8mJta0GU3E2hmGrBYN3b/pZ1P471eOzdhi7fhmWz7kK41 - gyvN7fKRkPXbI3csfIOE8ooWYCK3w/ROOBqEmg/MbbHWmFM177VoP3AYbRSy1xci6AScmjhubh6U - B1tgSLYRMRk6PEpqRjVnp1zO/Cl+DLU71CXre+Y7OfffVhap5AjPdDoRcAHUtDzQ3VNwfnr1y8nZ - +9OTo9HZ5ej96OLizwusDyfIICC4YFwCOUfZlJa4uIQboqRYEhxJLpxTYhX5jWtKzjVUOLakMcjQ - gR/SzSqeocP4I4/jg+E0CzZmFiEvuKQCm4ndWA+Z+7Zp664kHbye1QKz66UA+1pIWK1uaje0X8Hj - 9vbwSOq1m1fH1acH/rexcU23l5TN8A7WU6533sY66q4535Vwf1eK+itL2p+uEhzVmRJKn7XZTEQD - u4VGjVhfGBQ5Vm2zVVXjLVHargtf6umn4LyV65+dMbcCdjJy84bWaUaOlJpxINfcokZZculPD/JK - 0OKjqxVLFYpRUSpjs2E8jKMplznKYJSmh++8w2MPBWb5QRFHkmyH/O9O8gP+96PffokXHKcouA1n - 35uOrkf4doO/dg+SfZ+Hw5zNYVBxq2GgdBEh5ahrA8dLiaNqhEsHpa2Ez6r189r5uZIzqea97Vyr - vMFbz0gWOIAVwhmNET0Xz9eOmZBf1XzXqi31152D9B2JyE1iLPmrodqCJmuXW7bCOmbid795cU4u - GZVb1ru7VjR81sL8UlPJymhMC8z1DInQWhsu8pPjh6YjVSFKBMWsfGB2SC+Nhcpg6XmtOPJoJ/N2 - 3y4HcEW5NNzCAKm2zY64m3KiqM57mFdwH69J5zy/IKzlFmZCJgCSGLBk3hHNou61VxUyRbKFZF5y - VpIKqDT4kbYrOg8I0Vs5AUIZQ+GEnNxyShqcBaaXNSoPrpMS2hN3sMrnDyRG4f+UculclyAd1Qhd - eVX4lxZWhnm48vgtEC6nSld+D1HaiTHFr8ZpIerwDGTo0kLnCHB7qJN/AQAA///sWdtq20AQ/RVj - CDhQybIcX1QoqQkt9CG0xNBCKJi1tKpNLWnRJUpw/e89s7va2Bs7KaEEPxj8IGtXM2dHczkzYqua - PdABW4JJbFUBJ2+xtLUFD31SylcuXKSgE5vzKQv8TMkEpI0sBAQaYdFAJIFFBfPsRfp44i+JQFNI - pzXeMC25KKiG5Fx5Lt9ZvkHwovjArHRbu2Fd125Ws0LIQEPU8ntXLIQMFECZQfNMI5yxElxnXsFV - Z52vPybTb8702kGdlsGtVYiM4oNCrMOiZJmetzrnf+BUqzJ7D+d+SnB6hwgOutEDC4PtclaiN/4t - uRqxL2urZ7baC4Y2yNciSdL+jYdohGf4LMzCwgWF+h72bGdrW0pgcFRJwqj+tF9K1mRDYpNZ/spi - RaziEvFFjBeNwCDqj0fjeW/k8X4YeGEw8OOgFw+JVDSboOGZbZxe8CSKoAMFC9UrenATFsdVGC4/ - 9rzGxJRTSOiz/aEKExeVUW6TeUhddlnvYu7FPAi9i8jzgzgcDNl4PBry+ciP2KB/GX2QUs76kzP/ - M37qOSdhqc7FjqNuFW5VODUs4vguhYorqvlqGZLJHMFYQRbD87LegPrh8gqe7oqUjG83nseP2G5f - jx+x3QIfO2Kknki1fJreXSEGWtc6BmQkUSpXDaVKXLfIy9j4qcozwbu3iJBw8RhyNGzBqolh0qAn - SZoT5jrXnpLA27/uUxJ4C8SnJLAnCdgEAvSpvd7QMw3tAOpfKgjXNLrV1x4UZiXT82VbyqFhkmeG - SfaCGc7YC4a28fRumWepIka6V630FwT195+QosWREtbNpc5/r8h5Wx8/uo3cd+2E3d/wolqR4C3d - cjKQl5NS4bjLyv83fFTCjFDoQuP0PZODlWZiSANRGleQSgNkF62/A1c/IM2z2Wz+AgAA//8DANoL - UAOwGgAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvdhLHAHD0MXu1i7IssRJgaZFQFNniTVFqiQV22vz33fU + i906dbdkWGEgsXi89+cenT94sCqpTL3E0yBT0JA+5yBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvPvQBuUQXoBpQYD0rZ3WWWsKubO4G0UhlHY1/C+AmOn6xLONWWWM/B8jzv/UTSKhvhgQMzx + Mbe2NEkQpDAHZlP1TvWpFdQYTmVfgg3Qkw1oyYM44MZUEHQGFrBG/bPp5HLai4ZHh3hUh2C85INn + MLbKMGohU3rd5JDiE2rEYRz3wlEvOp6GYRLHyWDYPzqOfwjjMHRBOicWA6/NPDFIpx9gKcJ4k3b7 + kIJhmpeucHj6jJiCCuGTlBvLJbOk5MCAqDlZKr3oO22m5JUWj4yikty1i4pbekct1cEdh2VQh7UN + sBVF4SAa/Wz4X/BTgW2vCvTqYIEup9QsXK+qmXXfkjkVBnyvUXyBedW6vpdzBI5m+foU7gBjDe99 + z3JEVoko8RJZYY7eDkwG4T5B1AlKrd5hqk/sRKtd96HubNcH9/AJerbpXkluLRow3sa3g/Dv9V2j + 5nZJtQOy4UUpOAac7pQEG1XDbzhaDUePDPcrLesy2TRsGB5hGPFwFQ//Xy8NLGqQosPocBUdfguH + q87jIF4N4m/hsUX+/f1DOMYdHOd8dd1wIDb55i02Pcs0ZEgrD7CO4ShRNVP+RZDHR/sEo32C44fG + G0prTh1h1OztJb3I97A49hoTdxhtL1CLNN/Q4+OnqSHfLd0GjTntZqX+eqIql3/kKPSVO+Ay8xKr + K7hvWdVZ05w1Vfnw4MxFhldNriqRjrkpBV238+W6ogGTdSP8JQL/MQ47At8t2z6aiTc0syvYNLzU + XGlu108sWaceuNfVI3icFzQDEzgN0xnheCDUsm/usi1fnaplx2tD7yFy40GXiKAzcMzkQLv7tj7c + U4ZoH0KjkatHTs2k5OyUy8VzJxlD6TYLybqe1Z1c1rLNiVRygosFnQm4AGoaHOj2m3d+evXri7Pb + 0xcnk7PLye3k4uKPC8wPR8tgQfDCNAdyjhQsLXF+CTdESbEmOM5cOKPEKvKSa0rONRQ4z6QyiND+ + l8Y6wnHywo88DEfv54m3M8xY8oxLKrCZ2I3tkDnZ7lm7F7XlrVEtMLqOI7CvmYTN7ap0Q/svcNys + ME+EXqO8efV9vnU8Do1buP1C2QIXwQ5ynfHG10m7a/2ngLuFLej2prh7U0twUGdKKH3WRDMTFfQy + jRyxXVcUGaum2aoocVWVtu3C13r6eXHeyO3nYMqtgIOE3LymZZyQE6UWHMgrbpGjLLkEVmkgzwXN + PrpcMVWhGBW5MjYZhaMwmHOZIg0Gg+jobW1wXJcCo3yniANJckD+UZN8h3++r9Uvcb1yjIJqOPtt + kOMKyBjzwcMxsD6JDn3isLXJ4uTVBGU3+K93GA3rUF1b2BL6Bbca+kpnAaKSuk5x3IEcmgO82s9t + IerAGzvXzs6VXEi1/LRK51qlFb5VJzLDOS2w6sEUi+x81iXCgMlvatmzak+ZytZA/JYE5CYylvxZ + UW1Bk63JPaqw9RnV2q+fnZNLRuWe+269w58QTTs+/xxcro2FwmAeaak4Yucgqc/rFrmKFZRLwy30 + EV5YMJPPFNXpvhsP7I+3QHOWnxHW4AmplMwAJDFgybIFl0WuMw3A5ggwnyxzznJSAJUGhbS50VrA + fN/IGRDKGJIlpOSOU1Ih/plel8g2eO9vAAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZW + KIOg2E5jGkvGP+qOLv9730mK6nh1N8oo+RDohzSS757OunfvLpzHqso6DUQXeNe3sosjQNermNMF + s5ixK9Dk4URAQseCrrISvhR5Kp+xRE4UzLBaEAOCfe9ifkLAYDwpLVXKLbau2S86opUxia4qcLUt + xq0GQLRoPF47eOMFndmcUMXgJ6cgkDeKERBohMUWIhksKgToRaSNMzdOf4lkRDFByOj0+r7Ude2I + mhWZzApkYfzgZKtM3mg4mcPmXPuesxLaZVHhTs3736+nVzP76sJG3ZXJapxkgq4yZUOfRWnCj63+ + 8W9clHUpPuIa/ilZvC7Jgr63YyFoFqgSLfedVF+kp1pbXbO1vWCEgAy5lD0vb+wSBm6XdHWNdN0p + sm0iRjhZuKJcVqRdVGnKqKL0/ka/FEPShyJ/Y/khnXCO7CEN+y06C5ZsOIi8xWToBgscYDw+9Xx/ + RNXObIKHV7bF9IKnUQQfKEG9Zwy27kE+mUtGRl/tHlUKOKh1cptkH93BBJ7vDWPPjQd+dDoKB2Ew + 9sJJEEUuGy29eHIenUkrR4Ppkf8Vf+o5O2Vc06Ztq68KpyrsGhGxfYf42MmqxToJKWR2xlhBEcPz + sjxAzOHj55k9cjJO+Nud6P4jbrey+4+43QrvO2JQT6SaOC3Ymtpnpic7lE9E1qpRVPR1A+GG7V+q + XKBlvwEVhavnxKOBDFZNJpMfPZ/SWi/XjHuggvd/6QcqeA/EByropAIjMADxVmXcI81y9WcXdkXJ + 9Ii6LVO6JkKumQi1F8yEpb1glFrM75NccKVqdMNZ6d8i1L//hFSkysLj9qMmuzcQXONnlA9buye9 + lD1cxkW1JsMN37K9z8tpqXDci/L/TRCVMWMUvtAJ/RByOrId+9FUk2YO5NIA2UXr78DVD8jwbDab + JwAAAP//AwB0VrFH+hoAAA== headers: - ATL-TraceId: - - 4b2fef8976db739f - Connection: - - keep-alive + Atl-Traceid: + - 24ed8168017c4526 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:07 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:35 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 19c84ee8-57f8-428e-8363-2d615417e9e0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '451' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 13e79b9d-ed18-4d0d-85f5-12b9af59445c - x-envoy-upstream-service-time: - - '93' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1059,61 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bqb1nZp3kQfVGQK655kSP7cYCVNSpMKY+y7m+DQwX04nPs7 - 93BPRIqA+9kSTj5jnAJfrzUaVFH7L1+KaEUIg3Clw0gK8o1zGLxLMAWgJZSw2m3v3naPr/3/druM - MinC3zNUQAGHgmicrD+O6GJ/nDAduLd+0Skkl8Hq3wjhOcDqi/kgYgYrqOiKpmE9rTlsOK1KALiB - BKd8wDn19sN4zVbQQ8MrmtmmY3+sGp+c8Qlsu41krEVosTXKKEFNTeUtY51paqmk1kxQabqrgmhz - w/MwC5LfMWKx8cUrke0TsRdF0H3sd+R8/gEAAP//AwDauTmvWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPT9CMxN9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJfgArEgSDDfbW9edvfP7e92u4xd + mkC8rlCGGR4yUHqy/jhqF9vjpNOBW+sXlaRuGaz6VkAkgWJ9Ce9kXEGKlObI84K1yAUyQWuCiFeJ + xOQHPafedhj/sdctoqBUlJxUjP+w/fjgjE9gUxXMlMaYknFKGyw5YlVL2hS9RNX0jFUay+ZvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwDSxxUqWgEAAA== headers: - ATL-TraceId: - - 2081b49cfe613634 - Connection: - - keep-alive + Atl-Traceid: + - 392c093f522a9045 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 946c50a2-f1b7-4333-b66a-894f149d0579 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '107' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 5cc460ea-be0e-4063-be79-e85a1f869a91 - x-envoy-upstream-service-time: - - '38' status: code: 200 message: OK - request: - body: null + body: '{"body": "(admin): testing note. creating it and pushing it to JIRA"}' headers: Accept: - application/json,*.*;q=0.9 @@ -1123,110 +952,65 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '69' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + - python-requests/2.28.1 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813/comment response: body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/11813/comment/10205","id":"10205","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5fa43d1b8405b10077912260","accountId":"5fa43d1b8405b10077912260","emailAddress":"defectdojo-project@owasp.org","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","24x24":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","16x16":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png","32x32":"https://secure.gravatar.com/avatar/51214e10e32d96c3c571c85dd0a6f1e8?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FDP-6.png"},"displayName":"Defect + Dojo Project","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2022-08-19T00:22:38.715+0200","updated":"2022-08-19T00:22:38.715+0200","jsdPublic":true}' headers: - ATL-TraceId: - - 0f31a99eb182cd9f - Connection: - - keep-alive + Atl-Traceid: + - 529c6fb1b9868dcb + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:38 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Location: + - https://defectdojo.atlassian.net/rest/api/2/issue/11813/comment/10205 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0d7f19c6-af42-4f83-8022-202ecef8ba6f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '293' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - cd72cb29-e278-4b31-9ec7-2ef9c3d7ded0 - x-envoy-upstream-service-time: - - '81' status: - code: 200 - message: OK + code: 201 + message: Created - request: - body: '{"body": "(admin): testing note. creating it and pushing it to JIRA"}' + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1237,60 +1021,66 @@ interactions: Connection: - keep-alive Content-Length: - - '69' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11406/comment + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/11406/comment/10176","id":"10176","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody.maffucci@10security.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody.maffucci@10security.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/a14b0fe9c04d029fc56a8876eb72da53?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2021-11-20T05:21:13.056+0100","updated":"2021-11-20T05:21:13.056+0100","jsdPublic":true}' + string: !!binary | + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPT9CPZ3EQPKrIK2z2JSNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0EfZgsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJfgArEgSDDf766f93dP7e92t4xd + mkC8rFCGGb5moPRk/XHULrbHSacDN9YvKkndMlj1rYBIAsX6Et7KuIIUKc2R5wVrkQtkgtYEEa8S + ickPek697TD+Y7ctoqBUlFvCGf9h+/HeGZ/ApiqYKY0xJeOUNlhyxKqWtCl6iarpGas0ls3fgmjX + hodhlrC+Y+Ri46Pv5RqfwF4m0O7tsIfz+QsAAP//AwCR2m9VWgEAAA== headers: - ATL-TraceId: - - dbb7140f320426a8 - Connection: - - keep-alive + Atl-Traceid: + - 0924a932a52d6b76 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:13 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:39 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 75b56981-1bfe-4426-a8f6-275fca02af30 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - location: - - https://defectdojo.atlassian.net/rest/api/2/issue/11406/comment/10176 - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e6d2892f-4c53-4c23-aacd-089ae971425c - x-envoy-upstream-service-time: - - '209' status: - code: 201 - message: Created + code: 200 + message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1300,61 +1090,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813 response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbduvSvIk+qMgU2j2JSP7cYCVNSpMKY+y7m+LQwX04nPs7 - 93BPRMmIh8kRQT5TGqNYrw1a1MmEr0BlcjLGXnrqMZGCfOMU++AzzAAYBQqrdn/72j68dP/b/Tyo - rIh4W6ACCngviMHRheOAPnXHEfOBOxdmk0Nq7p35jRCxBHh1Me9lWsASSrZieXjHKgE7wUoKADeQ - 4ZyPOOXerh+u2RI62IqSCbahu6r+Y/Xw6G3IYN3sFOc1Qo211VZLZiumNpw3dlsprYzhkinbXBUk - tzQ89ZMkyztWzi49By0X+0TcRRH0H4eWnM8/AAAA//8DABMpeXdaAQAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZktibIbuwKGoYvdrV2QZYnTAk2LgKbOEmuJVEkqttfmv++o + F7t16g7JsCJAIvF47889unz0YF0ymXixp0EmoCF5LiBPTE+yAkzP8AwK1lMlaGaFkqYHibAFWNbj + GZMp5Crt3YI2KIPkAkoNBqRt7/LKWFUsnMEbGoY09DV8qMDY2aaEc824FRy8niecf0rHdIAvBvIF + vmbWliYOggQWwG2i3iuf2ZwZI5j0JdgAPdmAlSKIAmFMBUFnYAkb1D+bTS9nfTocPcGjOgTjxR89 + g7FVhjMLqdKbJocE31AjCqOoH4779OksDOMoigeRH42e/BRGYeiCdE4sBl6beWSQTj/AUoTRNu32 + JQHDtShd4fD0GTEFy/MeSYSxQnJLSgEciFqQldJL32lzJa90/sAoKilcu1h+w26ZZTq4FbAK6rB2 + AbYiGg7o+Bcj/oafC2x7VaBXBwt0OWNm6XpVza17ihcsN9DzGsUXmFet2/MygcDRPNucwi1grOFd + z7MCkVUiSrxYVpijtweTQXhIQDtBqdV7TPWRnWi16z7Une364F4+Q88u3SsprEUDxtv6dhD+o75r + 1MKumHZANqIoc4EBJ3slwUbV8BuO18PxA8P9Rsu6TLYNG4YjDCMarqPh/+ulgUUNUnRIj9f0+Hs4 + XHceB9F6EH0Pjy3y7+7uwzHq4LgQ61cNB2KTr99h09NUQ4q0cg/rGI7Kq2bKvwryaHRIMD4keHrf + eENpzakjjJq9vbhP8ZVZJPWGDB8+Ow3V7sg1aMxpNxn144mqXLbUEeZrdyBk6sVWV3DXcqizpgVv + avDx3pmLDK+aTFV5MhGmzNmmnSY8xrDsK2ybm7C2GhowWTfC9wmc+k/pqCPw/bIdoploSzP7gm3D + 9wWDHTEJpYXdPLK6nXowfBjBi4KlYAKnYTojAg9ytfLNbbojslO16ghv6NXlnINjJgfa/a/18YFs + 6SGE0rFLO2NmWgp+KuTyuZNMoHSbheRdF+vermrZ9kQqOcXFgs1zuABmGmTo9sk7P7367cXZzemL + k+nZ5fRmenHx5wWmgaNlMG+8MMuAnCMFS0ucXyIMUTLfEBxnkTujxCryUmhGzjUUOM+kMohZ/2tj + TXGcvPCTCMPxh1Hs7Q0zVjYVkuXYMyz6bsicbP+s3Yva8tY4zzG6jiOwfamE7e2qdEP7dRyP/RHd + LiLNCvNIhDXK20/fl1vHw0C3Q9WvjC9xEeyQ1RlvfJ20u9Z/Crhb2IJub4q6L7UEh2iucqXPmmjm + eQX9VCNr7NYVRSaqabYqSlxVpW278K2eflmct3L3czQTNoejmFy/YSWNyYlSSwHktbDIWpZcAq80 + kOc5Sz+5XDHVXHGWZ8rYeByOw2AhZILEGAzo8bva4KQuBUb5XhEHkviI/Ksm+QF//VirX+J65YgD + 1XDE2yAnFZAJ5oOHE+A+occ94rC1zeLk9RRl1/inf0yHdaiuLXwFfiGsBl/pNEBUMtcpgTuQQ3OA + V/3MFnkdeGPnlbNzJZdSrT6v0rlWSYVf1alMcU4LrHowwyI7n3WJMGDyu1r1rTpQprI1EL0jAbmm + xpK/KqYtaLIzeUAVdj5prf3m2Tm55EweuO/WO/wXYrTN6rM8LjfGQmEwj6RUArFzFNfndYtcxQom + pBEWfIQXFsxkc8V0cujGPfuTHdCc5WeEN3hCKiVzAEkMWLJqwWWR60wDsAUCrEdWmeAZKYBJg0LW + 3GgtYL5v5RwI4xzJEhJyKxipEP9cb0pkG7z3DwAAAP//7Flda9swFP0rplBIYXJtJ07SQekC22AP + ZaF9KJRBUGynMY0l4495o/vxO1dSVc+ru9GHLDBDHuxIvjq6vvfcc2UhEl133RaiS7zrO9XFEaCb + bSIowBxu7Uo0edgRkNC2oKucVGxkkalnHFkQBXOMlsSAYN/7RLwhYDCeVo4u7g7fNfw7bdHJuUJX + lwhthwunBRAtmkh2Lt54SXu2O9Q++CLICbQa+QgIDMLyESIZLGs46FmkrT23dn+FZEQxgcto9yZe + mqZxZcPLXGUFsjD55ubbXEU0FlnB5sqsveIV1My6RkytRp9vFtdLdn3JoBNUstpFckmhTNkw4nGW + ihNndPIDgbKr5FuE4e+Sxe+TLP6kXYcqdNb3SnaRkOpODXtseL0DVggolyt18/zEPmHgWen6Sy3t + 8m33Katr4U4ebSmXNWmXdZZxqihHf6Jf8iHpQ1m8svyQTrhA9pCq/RSfhxs+Gcf+ej7xwjUwzmZn + fhBMqdrZSVjhhWkJveBFHGMNlKCjJwzM9CDvbJCR0Re7R50CLmqdmqbYx3QwoR/4k8T3knEQn02j + cRTO/GgexrHHpxs/mV/E58rK8XhxHHzETz/HMi4MbTKm/yrdumQNPMICl/jYzev1Lo3IZSznvCSP + 4XlVHiDmcPl+yaZuLgh/txM9fMTdVvbwEXdb4UNHDE6KdVtnBFtb+yzNyQ7lE5G1bh01r91CuGH6 + h7qQaNlvQUXR9inx6EAGozaTaR1zPmW0XmEYd6CC/b/0gQr2gXiggl4qsMoDEO90xj3QWa659mBX + VtwcUXeVSN+JkNd3IuTZE6HugFVqifiaFlJoVWMaztp8i9C3f4VUZtrCw+Mlkd2r+K31FeXU2Dr1 + vcCjDyimr9c3vIbOGlj0H+TLwKL7QPx/sehPAAAA//8iqRRNyk8Bdbug/VUrBdCoCaiHnZdfkqqn + AO5qgbjALn5iXopCQWkxaPgfxAWNv3oGOSrBxjkdR8uQAUotKGUIAAAA//8aIi4eLUNo7WI6liH4 + JuxQJjqInhHJKk4JAPsUOtEIAAAA//8CDRGRXqpgaf8Azc5NrAhKLS7NAbWrDOFNL0Pw7EZRiWMJ + pBlWBiz/wKUB2fYiTalCDIMbCmzwZSQWh+WDgwI2Dwqa1AVNuYCshDsE1bVGSC1FuAZQ6zC2trYW + AAAA//8DAGshWcv5IwAA headers: - ATL-TraceId: - - fcf4a4e6420f68a8 - Connection: - - keep-alive + Atl-Traceid: + - c42e707428b373f8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7d6d6e6c-40b8-4e2a-8582-9194a0d94a3a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '248' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e9d04841-f775-4710-8ea5-fd80f541c48c - x-envoy-upstream-service-time: - - '35' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1364,110 +1195,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 7210f667847e0a69 - Connection: - - keep-alive + Atl-Traceid: + - 4f8a5ccd852cdcad + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 214fdeee-9794-4a64-b0e7-e3c992d93638 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '171' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 03291760-9641-4041-b5c9-7c665f005ec2 - x-envoy-upstream-service-time: - - '55' status: code: 200 message: OK - request: - body: null + body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without + Secure Flag|http://localhost:8080/finding/316]\n\n*Defect Dojo link:* http://localhost:8080/finding/316 + (316)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/117]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie + Without Secure Flag"}, "update": {}}' headers: Accept: - application/json,*.*;q=0.9 @@ -1477,96 +1293,58 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '1258' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11406 + - python-requests/2.28.1 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813 response: body: - string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFvm6M2u4wgohjZxt2xZliVOAzQtCpo6S6wlUiMpv6ztf9+R - kuzUmbs2jYFYOvLennvuSH/wYFVRkXqJp0CkoCB9yaFIdU/QEnRPsxxK2pMVKGq4FLoHKTclGNpj - ORUZFDLrLUBpXIP0CioFGoRp97JaG1nOrMF3URhGoa/g7xq0mawruFSUGc7A63nc+o+iQTjEFw3F - DF9zYyqdBEEKM2Amle+lT01BteZU+AJMgJ5MQCsexAHXuoagMzCHNepfTMbXk8MoivoociFoL/ng - aYyt1owayKRaNzmk+IYacRhHqHAYh5PwaRJHSdj3j/rxTxh3aIO0TgwG7sw8MkirH6C9MN6k3b6k - oJnilQUOpc+JLmlR9EjKteGCGVJxYEDkjCylmvtWm0lxo4qviUIDqxUECw5LuqCGqp81/weelVjL - unzSiM7SZ1HYj0btq63Qs23KPc/yAX1NqJ7bItVTY5+SGS009LzOhpc4Iz0v58gYxfL1OSwAgww/ - 9TzDkVIV0sNLRI3JeZWS7zHiRwLaajs4XYE6OO3LPRJsg78R3Bg0oL2Nb5vn726vljOzpMrmqnlZ - FRxJk+4kiHg7Fg1Gq8Hoa8JtkW+dteBX3GKNf/ehH4RH6DkerOLBow27qjriPNHt9xd8RcNVNPw+ - X6vOWfvwBW/9eNWPv89by1fdPez19umTbfnVq2YuYcXu3mIFs0xBhq3+gIbIKVnUTec1kp3BFR/t - Wxg9tNFMk0Zqe9UNTi85jNoRYhmsOGvcfXggs/zC8HUu6yI95boq6LplIYoRKPMK29gys3VBDc7o - ZrZ9ew81k3M7K4PGnLId4h5PZG2BcsHfWgEXmZcYVdtomAJM1rbdw9kZ+6Pj42527sIW7sMz2rcQ - 71vob4cJl4qb9SOR6NSDwbfNVl7SDHRgNXRnhKOgkEtfL7Lt8DmXy25IDTxXyinYaWK5uXtQDvdk - G+0jYjSyaedUjyvOzrmYu1P8FCp7qAvWMcjxaunWNhIhxRjPdDot4Aqoblip2ifv8vzml7OLd+dn - J+OL6/G78dXVn1eYBnaQxrxxwyQHcoljUxhi/RKuiRTFmmBL8sIaJUaS37ii5FJBiW1Lao388l2T - 7mZxjAbDjzwMh6OjxNvpWUQ244IWWDMEfdtkdm1X1l5JWngdywuMrhsFWL5MwGZ3Xdmm/U8eR30/ - fDrseNzcHh7JsEZ5c1x9fuB/G+m2rHpB2RzvYB2zOuONr5P2mvNdAXd3paC7ssTd6SrAMprJQqqL - JpppUcNhpnBibS8MkpzKptiyrPCWKExbhS/V9HNw3ojt52DCTQEHCbl7TasoISdSzjmQW25wYhpy - 7U4P8rKg2UebK6ZaSEaLXGqTjMJRGMy4SHGIBXE8fOsMnjooMMr3kliSJAfkfzXJD/jvR6d+jRcc - OzhQDVvciU5ux/h2h1+Hw2jg4rCYsyX4JTcKfKmyAClHbRk4XkosVQPc6uemLFxUjZ1X1s6NmAu5 - 7GSXSqY13nrGIsMGLBHOYILoWX8ud4yE/CqXh0buyb9qDcRvSUDuIm3IXzVVBhTZmtyjClufkdN+ - /fySXDMq9uy3d61gdNzA/EJRwfJgQjOM9QKJ0EhrXqRnp/dFJ7JElAgOs/ye2CK91gZKjamnleTI - o4PEyV25LMAl5UJzAz5SbZ8ccdf5VFKVdjBv4D7dks5afk5Ywy2MhEwBBNFgyLIlmsG511xVyAzJ - 1iPLnLOclECFxkXa7GgtIERvxBQIZQwHJ6RkwSmpsReYWlc4eXCfENCc//4mnj+QGJn7KWXDuc1B - WKoRurEq8ZcWZoZx2PT4AggXM6lKp0OkssOY4qq2sxDn8BxEz4aFxhHg5opB/gUAAP//7FlNa9tA - EP0rIhBwDpJXthVbgZKa0EIPoaU+BELBrKRVbWpJiz6qBrf/vW9214qjWknIwfVB4IMs7cfsaN6b - NyO+qfkDHdCSXNlWFQhyi6fWnnmok1KxcRAiBZ24OZ/2wLeUXEC7kYdggbGw2JlICxYV3HPQ0scT - f0okikI6bRMNi1LIgnJILnTkiiePvwK8SD5wK902YVjXtZPVvJAKaECt+OXIlVRAgSlL7Lw0Fi55 - CeUVVAjV5eDz3XzxxV7c2tAVCtxmC5kRPghiAx4l6/TCGlz8RlBtyuwKwf2vwHG7BI472c9aJUrg - H0pQkeRrD/U61mCdD7pkA2tkg3pfSiQdHtjo2SeZt83O7Vl+M6ssebgigtAUX1RJwin/nL1E1uRD - UpNZ/sZkRariGvgivYpCwIvGs+kscKdMjEOfhb43in03pv5AMwg7PDNM0AueRxH2QMJC9ooenITH - cRWG6/cu23mSOIUWfbY+1DBxkBnVMMVD+nLI3UnAYuGHbBKxkR+H3iWfzaaXIpiOIu6Nr6N3apXz - 8fx89BE/Pc9OeGq42Lb1rcKpCruGR+yRQ1BxZBVs1iG5zJacF+QxzFf5BtIPlzeIdEem5Px24Xn6 - FrfL19O3uF0Cn7rF4KRIF6BG3t0AA9atwYBCElG5Lgc1o92DlzHwQ5VnUgzvgZBw9Qg5arbgaYNh - 2sF0kowmzA3X9iRw/Nfdk8AxLO5J4AAJtAUF5NPZ9g/N2ckQWP1dg3BLrVtzzbBhVnLTX26v0tVM - Yl3NJNY0k9oPGtkm0p/rPEu1xDG1amW+IOi/r7IUJY5aYbu7JP57E+XtffsYmrWGLnOnxF6mJaD/ - 8AqiqyfW/wChnliPYXFPrAeINcCauGfK1iuLOjJUjKdZKRxLVVx/AQAA//8CcTNLgP39FIWC0mLQ - +D6ICxq09QxyVIINjjqOlh4DlE5oWnoAAAAA//+ikYtHSw9au5gupQee+T3UeRGiJ1CyilMCwH6E - ziECAAAA//8CjRGRXp5gafMAzc5NrAhKLS7NAbWlDOHNLUPwZEhRiWMJpOlVBiz5wOUA2fYizZZC - DIMbCmzkZSQWh+WDgwI2ZQuaAwbN0ICshDsE1bVGSK1DuAZQizC2trYWAAAA//8DAJzheqSjIwAA + string: '' headers: - ATL-TraceId: - - bc0f2f2f0ef8d16e - Connection: - - keep-alive + Atl-Traceid: + - f9bc8f87b216fbda + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:40 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a11bb417-b780-482a-becf-9ab913df45c6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '191' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 146e3027-8d17-4438-a32c-f819c8b1ed67 - x-envoy-upstream-service-time: - - '126' status: - code: 200 - message: OK + code: 204 + message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1576,91 +1354,102 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813 response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZmtl93YFTAMXexu7YIsS5wWaFoENHUtsaZIlaRie23++y71 + sNu47pAMKwIk4uO+zz28+ejBuqQy9RJPg0xBQ/qcg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfVuQRs8g/QCSg0GpG3vsspYVSycwpsoDKPQ1/ChAmNnmxLONWWWM/B6Hnf2o2gcDXBhQCxw + mVtbmiQIUlgAs6l6r3xqBTWGU+lLsAFasgEteRAH3JgKgk7BEjYofzabXs760XD0BLdqF4yXfPQM + +lYZRi1kSm+aGFJcoUQcxnE/HPejp7MwTOI4GcR+PHryUxiHoXPSGbHoeK3mkU46+QBTEcbbsNtF + CoZpXrrE4e4zYgoqRI+k3FgumSUlBwZELchK6aXvpJmSV1o80ItKclcuKm7oLbVUB7ccVkHt1s7B + 9igKB9H4F8P/hp8LLHtVoFUHCzQ5o2bpalXNrftKFlQY6HmN4AuMq5bteTlH4GiWb07hFtDX8K7n + WY7IKhElXiIrjNG7B5NBeOgg6g5Krd5jqI+sRCtd16GubFcHt/gMPbtwryS3FhUYb2vbQfiP+q5R + C7ui2gHZ8KIUHB1O76UEC1XDbzheD8cPdPcbJesi2RZsGI7QjXi4jof/r5UGFjVI0WB0vI6Ov4fB + dWdxEK8H8few2CL/7m4fjnEHxwVfv2o4EIt8/Q6LnmUaMqSVPayjO0pUTZd/FeTx6NDB+NDB033l + DaU1u44wavb2kn6ES2qR1BsyfHjvNFS7I9egUaddZ9SfJ6py0UaOMF+7DS4zL7G6gruWQ502zVmT + g497e84zvGpyVYl0wk0p6KbtJtxGt+wrLJvrsDYbGjBY18L7BB75T6NRR+D303aIZuItzdw/2Ba8 + 1FxpbjePTGInHgwfxuO8oBmYwEmYTgnHDaFWvrnNdnx1qlYdrw29feTGgy4QQefgmMmB9v5rfXwg + DdEhhEZjl4+cmmnJ2SmXy+fuZAKlmywk66pY13ZVn213pJJTHCzoXMAFUNMgQ7df3vnp1W8vzm5O + X5xMzy6nN9OLiz8vMD5sLYMJwQuzHMg5UrC0xNkl3BAlxYZgO3PhlBKryEuuKTnXUGA/k8ogZv2v + tXWE7eSFn3gYjj+MEq95r7B2mPxdT33R4FiGjEsq7l9q56I2vTXOBXrXcQTWNZOwvV2Vrmm/juOx + P4q2g0gzwjwSeo3w9un7cup4GBp3cPuVsiUOgh3kOuWNrZN21vpPDncDW9DNTXH3UktwUGdKKH3W + eDMXFfQzjayxG1cUmaim2KoocVSVtq3Ct+r3ZXLeyt3P0YxbAUcJuX5DyyghJ0otOZDX3CJrWXIJ + rNJAnguafXKxYqhCMSpyZWwyDsdhsOAyRWIMBtHxu1rhpE4FevleEQeS5Ij8qyT5AX/9WItf4njl + GAXFsPdbJycVkAnGg5sTYD6JjnvEYWsbxcnrKZ5d45/+cTSsXXVlYSvwC241+EpnAaKSukpxnIEc + mgO86ue2ELXjjZ5XTs+VXEq1+jxL51qlFb6qU5lhnxaY9WCGSXY26xShw+R3tepbdSBNZasgfkcC + ch0ZS/6qqLagyU7lAVHY2Yxq6TfPzsklo/LAfTfe4b8Qo21Un8VxuTEWCoNxpKXiiJ2jpN6vS+Qy + VlAuDbfgI7wwYSafK6rTQzf29E92QHOanxHW4AmplMwBJDFgyaoFl0WuMw3AFgiwHlnlnOWkACoN + HtLmRqsB430r50AoY0iWkJJbTkmF+Gd6UyLb4L1/AAAA///sWV1r2zAU/SumUEhhdmUnTtJB6QLb + YA9loX0olEFQbKcxjSXjj3mj+/E7V1JUz4u70YcssEAe7Ei+Orq+99xzZSESXXe9FqJrvOsH1cUR + oLt1IijAHG7tSjR52BGQ0Lagq5xUrGSRqWccWRAFc4yWxIBg38dEvCFgMJ5Wji7uDt80/Dtt0cm5 + QleXCG2HC6cFEC2aSDYe3nhJe7Y71D74IsgJtBr5CAgMwnILkQyWNRy0E2lrz63d3yAZUUzgMtq9 + iZemaTzZ8DJXWYEsTL55+TpXEY1FFrC5MGsveAU1s6wRU4vB57vZ7dy9vXZRd1Wy2kVySaFM2TDg + cZaKM2dw9gOBsqnkW4Th75LF75Ms/mg7QHxWobN+VLKLhFR3athjg/UOWCGgXK5kz+6JfcKAWen6 + S93s8i28xqM1pexOQcKszi3rLONUUU7+RL/kQ9KHsnhl+SGdcIXsIVX7Kb4MV3w0jP3ldMTCJTBN + Jhd+EIyp2tlJWOGFaQm94FkcYw2UoJNnDK7pQd7ZICOjL3aPOgU81Do1TbGP6WBCP/BHic+SYRBf + jKNhFE78aBrGMePjlZ9Mr+JLZeV0ODsNPuKnn3MzLgxtuq7+q/Tq0m3gETfwiI+9vF5u0ohc5uac + l+QxPK/KA8QcLt/P3bGXC8Lf7UQPH3G3lT18xN1W+NARg5Ni3dYZwdbWPnNzskP5RGStW0fNa/cQ + bpj+oS4kWvZ7UFG0fk48OpDBqM1kWsecTxmtVxjGPVLB/l/6kQr2gfhIBb1UYJUHID7ojHuis1xz + zWBXVtwcUXeVR9+JELMnQt0Be8LSHbBKLRFf00IKLXdMw1mbbxH69q+QykxbeNpeEtm9it9aX1HO + ja1znwWMPqCYvl7f8Bo668ii/yBfjiy6D8T/F4v+BAAA//8iqRRNyk8Bdbug/VUrBdCoCaiHnZdf + kqqnAO5qgbjALn5iXopCQWkxaPgfxAWNv3oGOSrBxjkdR8uQAUotKGUIAAAA//8aIi4eLUNo7WI6 + liH4JuxQJjqInhHJKk4JAPsUOtEIAAAA//+KpXQVCaz9AzQ7N7EiKLW4NAfUrjKEN70MwbMbRSWO + JZBmWBmw/AOXBmTbizSlCjEMbiiwwZeRWByWDw4K2DwoaFIXNOUCshLuEFTXGiG1FOEaQK3D2Nra + WgAAAAD//wMAk2zI3vkjAAA= headers: - ATL-TraceId: - - 88d6f4a33c4c5195 - Connection: - - keep-alive + Atl-Traceid: + - ec9ddf1e2be4eafd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:41 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - dd91e3c0-cf4d-48b7-bef6-797424404b4b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '276' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 6116c015-3cf1-4f82-b2e5-9211007025cb - x-envoy-upstream-service-time: - - '68' status: code: 200 message: OK - request: - body: '{"fields": {"description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without - Secure Flag|http://localhost:8080/finding/226]\n\n*Defect Dojo link:* http://localhost:8080/finding/226 - (226)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/89]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie - contains sensitive information or is a session token, then\nit should always - be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie - Without Secure Flag"}, "update": {}}' + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1671,53 +1460,66 @@ interactions: Connection: - keep-alive Content-Length: - - '1304' + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11406 + - python-requests/2.28.1 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '' + string: !!binary | + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPT6Ue6uYkeVGQVtnsSkbRJsJImpU2FZdn/boqLH7fhneeZ + lzlBK2d9mCwIeA9hnMVmo7TRXVD+wzMZrJznXjrmdIAEPvU0995FOEPMGDJM97vr5/3dU/O73S1D + GycQLyuUYIKvCSg9Wn8ctAvNcdTxwI31i4pSu/RWfSsgokBYXsJbGVaQkCjFOs14g7VALqhkiHgV + SYz+rKfY2/TDP3bbIAoiURDLt/TDdsO9Mz6CVZFxkxtjcl4TVZjXiEUpqco6iarqOC805tXfgmDX + hod+krC+Y+Riw6Pv5BqfwF4m0O7tsIfz+QsAAP//AwAFSYelWgEAAA== headers: - ATL-TraceId: - - bae63784c9a5bbcd - Connection: - - keep-alive + Atl-Traceid: + - de9f58a958bf2cb9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:15 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a10b3df4-c929-454c-9f2c-5a975f9e539a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 5d45a140-f58e-4cba-b640-554a16cbec73 - x-envoy-upstream-service-time: - - '83' status: - code: 204 - message: No Content + code: 200 + message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1727,92 +1529,97 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11406 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11813 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFumWA+7jiOgGNrE3bJlWZY4DdC0KBjqWmItkRpJ+bE2/32X - lGSnzpy1aQM00hV5H+eee8h88mBZUZF6iadApKAgfc2hSLUvaAna1yyHkvqyAkUNl0L7kHJTgqE+ - y6nIoJCZPwel8RukF1Ap0CBMu5bV2shyah1+iMIwCnsK/q5Bm8mqgnNFmeEMPN/jNn4UDcIhvmgo - pviaG1PpJAhSmAIzqfwoe9QUVGtORU+ACTCSCWjFgzjgWtcQdA5msML9Z5Px5WQ/iqI+mlwK2ks+ - eRpzqzWjBjKpVk0NKb7hjjiMI9ywH4eT8HkSR0nY7x30458w79AmaYMYTNy5eWKSdn+A/sJ4XXb7 - koJmilcWOLS+JLqkReGTlGvDBTOk4sCAyClZSDXr2d1MiitVfE0WGlitIJhzWNA5NVT9rPk/8KLE - Xtbls8Z0kr6Iwn40al9th15sSvY9yweMNaF6ZptU3xr7lExpocH3Oh9e4pz4Xs6RMYrlq1OYAyYZ - 3vme4UipCunhJaLG4rxKyY+Y8RMBbXc7OF2DOjjtyz0SbJK/EtwYdKC9dWxb5+9urZZTs6DK1qp5 - WRUcSZNuFYh4OxYNRsvB6GvSbZFvg7XgV9xijf/uQz8IDzByPFjGgyc7dl11xHmm29+PxIqGy2j4 - fbGWXbD24ZFo/XjZj78vWstX3T3sjHZ3Z0d++abRJezYzXvsYJYpyHDUH9AQOSWLupm8xrIlXPHB - rg+jhz4aNWmsdladcHrJfuR7WKZ5g0NoedUuoAYVtlGmb5+ARvc2Shc07pTlt3s8krUtM7LqdW0N - XGReYlQNd62gWW+Ks6b4Tw9sNjNcqnNZF+kx11VBV+1MoJkpwGLt2D3Uzrg3OjzstHMbtnAXntGu - D/FGM7hU3KyeCFm3PRh8m4TykmagA7tDd044Ggq56Ol5ttGYU7notGjgWYy2Cul3hRT0FqyaWG5u - H5TDHTBEu4gYjSweOdXjirNTLmbuFD+Gyh7qgnU9c51cuG9ri5BijGc6vS3gAqhueKDaJ+/89OqX - k7MPpydH47PL8YfxxcWfF1gfTpBGQHDBJAdyjrIpDLFxCddEimJFcCR5YZ0SI8lvXFFyrqDEsSW1 - Rob23JBuV3GIDsPPPAyHo4PEa04M7B2Cv5mpL+YY25BxQYvtRe2VpIXXsbrA7DopwL5mAtar68oO - 7X/yOOr3wufDjsfN7eGJ1Gs2r4+rLw/8b2Pjhm6vKJvhHayjXOe8iXXUXnO+K+HurhR0V5a4O10F - WKozWUh11mRzW9SwnynUiM2FQZJj2TRblhXeEoVpu/BY/74E553Y/OxNuClgLyE3b2kVJeRIyhkH - cs0NapQhl+70IK8Lmn22tWKphWS0yKU2ySgchcGUixRlMIjj4Xvn8NhBgVl+lMSSJNkj/7uT/ID/ - /ei2X+IFxyoKbsPZd6aj6zG+3eCv/WE0cHlYzNkCeiU3CnpSZQFSjto2cLyUWKoGuLSXm7JwWTV+ - 3lg/V2Im5KKznSuZ1njrGYsMB7BEOIMJomfjudoxE/KrXOwbuaP+qnUQvycBuYm0IX/VVBlQZONy - x1bYxIzc7rcvz8klo2LHenvXCkaHDcyvFBUsDyY0w1zPkAiNteZFenJ833QkS0SJoJjl98wW6ZU2 - UGosPa0kRx7tJc7u2mUBLikXmhvoIdV22RF3nd9KqtIO5jXcxxvSWc8vCWu4hZmQWwBBNBiyaIlm - UPeaqwqZItl8ssg5y0kJVGj8SJsVrQeE6J24BUIZQ+GElMw5JTXOAlOrCpUH1wkBzYnbW+fzBxIj - c39K2XSucxCWaoSuvUr8SwsrwzxseXwOhIupVKXbQ6SyYkzxq7ZaiDo8A+HbtNA5Atwc6uRfAAAA - ///sWU1r20AQ/SsiEHAOkleyHVmBkprQQg+hpT4UQsGspFVtakmLPqoGt/+9b3bXSqrKScjB9UHg - g6xd7c6O5r15M+Lbht/TAS3JlW11iSC3eGY9Mg91Uia2DkKkpBO359Me+JqRC2g38hAsMBaWexNp - wbKGe3otfTjxh1SiKKTTttGwrIQsKYcUQkeu+Gv4M8CL5AO30m0Thk3TOHnDS6mABtSKn45cSwUU - mLLCzitj4YpX0DphjVBdjT5+WSw/2ctbG3lagdtsIXPCB0FsxON0k11Yo4tfCKptlV8huP8VOO4h - geNO9wPEfhVK4O9KkpHI6k6dHViDHRxoZYN6LUok9U88JCNYq2fhFh6tCeq9CoUFvem4S+Nlnaac - 8s/Zc2RNPiQ1mRevTFakKq6BL1K8KARm8WTuz0PXZ2ISBSwKZl4SuAn1B9pJ2OGJaYJe8CKOsQcS - FrJXfO+kPEnqKNq8ddnexcQptOiT9aGGiYPMqKYpHtKXY+5OQ5aIIGLTmHlBEs0u+XzuX4rQ92I+ - m1zHb9Qq55PFufceP/2cnfLMcLFt61ulU5d2A4/YnkNQcWQdbjcRucyWnJfkMTyv8g2kHy5vEOmO - zMj53cLz9C3ulq+nb3G3BD51i8FJsS75jLy7AQasW4MBhSSicl1Qaka7Ay9j4ru6yKUY3wEh0foB - ctRswWiLYdrBdJKMJiwM1w4kcPzXPZDAMSweSKCHBLrqAvLpbPebntmrC1j9TYNwR61bc82wYV5x - 01/urnKomcTaZlJ3oG3OdAda2SayH5siz7QwMrVqbb4g6L8vshQljlpht78k/nsV5T369jE2a41d - 5vrEXqYloP/wGqJrINb/AKGBWI9h8UCsPcQaYk3cM2XrlUUdGSrGs7wSjqUqrj8AAAD//wJxM0uA - /f0UhYLSYtAMAYgLGrT1DHJUgg2OOo6WHgOUTmhaegAAAAD//6KRi0dLD1q7mC6lB575PdR5EaIn - ULKKUwLAfoTOQgIAAAD//4qldL0HrM0DNDs3sSIotbg0B9SWMoQ3twzBkyFFJY4lkKZXGbDkA5cD - ZNuLNN8KMQxuKLCRl5FYHJYPDgrYJCloDhg0QwOyEu4QVNcaIbUO4RpALcLY2tpaAAAAAP//AwD9 - jgvgoyMAAA== + H4sIAAAAAAAAA7xX+2/bNhD+Vwj9tGWyXnZjV8AwdLG7pQuyLHFaoGkR0NRZZk2RKknF9tr+7zvq + Ybdx3SEZVgRIxMe9vvvuePngwbqkMvNST4PMQEP2nIPIjC9pAcY3bAEF9VUJmlqupPEh47YAS322 + oDIHoXL/DrTBM8guodRgQNr2LquMVcXcKbyNoyiOAg3vKzB2uinhQlNmOQPP97izH8ejuI8LA2KO + y4W1pUnDMIM5MJupdyqgVlBjOJWBBBuiJRvSkodJyI2pIOwULGGD8ufTydW0Fw+GT3CrdsF46QfP + oG+VYdRCrvSmiSHDFUokUZL0olEvfjqNojRJ0n4SJMMnP0VJFDknnRGLjtdqHumkkw8RiijZht0u + MjBM89IBh7vPiCmoED7JuLFcMktKDgyImpOV0svASTMlr7V4oBeV5C5dVNzSO2qpDu84rMLarZ2D + 7VEc9ePRL4b/DT8XmPaqQKuOFmhySs3S5aqaWfeVzqkw4HuN4CnGVcv63oIjcTRbbM7gDtDX6JPv + WY7MKpElXiorjNG7R5N+1B2UWr3DiB4JeCtdw10nsIPbLT4jyS6qa8mtRQXG29p2TP2jvmvU3K6o + dnw1vCgFR4eze5FjPmqWDUbrweiB7n4jM10k27wMoiG6kQzWyeD/tdJkv+YiGoyP1/Hx9zC47iz2 + k3U/+R4WW4J/+rRPx/gQT5PuYM7XL5seiNm/eYtsyHMNObaVPa6jn0pUTZV/VWsyPHQwOnTwdF95 + 09KaXdcw6u7tpb3Y9xA1+xIRceRtLtSF7wDUnDWefdjbc7RGbMxCVSIbc1MKumnJj9sravGhaBrs + wwu1ad+7hh026rQrw/rzRFUOwdi5+sptcJl7qdWVs800YLCutvcbeBw8jYddA78P27bN3D84lPBk + m/BSc6W53Twy4E48HDysj/OC5mBCJ2E6JRw3hFoF5i7fNbIzteoa3sDbp3TS7wIRdAauZTnS3n+t + jw/AEB9iaDxyeCyomZScnXG5fO5OxlC6yUKyji81i1b12XZHKjnBwYLOBFwCNQ0HdfvlXZxd/3Z6 + fnt2ejI5v5rcTi4v/7zE+LC0DAKCF6YLIBfYm6Ulzi7hhigpNgTrnAunlFhFXnBNyYWGAgudVAb5 + FXyt3mMsJy/6yKNo9H6Yes17hblD8Hc19UWBYxpyLqm4f6mdi1p4a5YL9K7rEZjXXML2dlW6ov06 + j0fBMN4OIs0I80jqNcLbN/HLqeNhbNzR7VfKljgIdpTrlDe2TtpZ6z853A1sYTc3Jd0TLsFRnSmh + 9HnjzUxU0Ms19qfduKLIWDXJVkWJo6q0bRa+lb8vwXkjdz9HU24FHKXk5jUt45ScKLXkQF5xi/3R + kitglQbyXND8o4sVQxWKUbFQxqajaBSFcy4zbGJhPz5+Wysc11Cgl+8UcSRJj8i/SpIf8NePtfgV + jleuo6AY1n7r5LgCMsZ4cHMMLCDxsU8ct7ZRnLya4NkN/ukdx4PaVZcWtoKg4FZDoHQeIiupyxTH + 4cixOcSrwcIWona80fPS6bmWS6lWn6N0oVVW4XM7kTnWaYGoh1ME2dmsIUKHye9q1bPqAExlqyB5 + S0JyExtL/qqotqDJTuUBUdjZjGvp188uyBWj8sB9N/fhvxDDbVSfxXG1MRYKg3FkpeLInaO03q9T + 5BArKJeGWwiQXgiYWcwU1dmhG3v6xzuiOc3PCGv4hK2UzAAkMWDJqiWXxV5nGoLNkWA+WS04W5AC + qDR4SJsbrQaM942cAaGMYbOEjNxxSirkP9ObErsN3vsHAAD//+xZ72vbMBD9V0yhkMLs2k6cpIPS + BbbBPpSFFVYohaDYTmMaS8Y/6o3uj987SVE9N+7GNtJ8MPSDU8mnp5Pu3bsz57HK8E4D0SXO+k5W + cQToeh1zumAWM3YFijzsCEhoWxBcVsJXIk/lO5bIiYIZRgtiQLDvfczfEDAYT0pLyQiLbWr2nbZo + ZUyiqwpcbYtxqwEQJRqPNw5OvKA9mx0qH9xycgKtRj4CAo2w2EIkg0UFB+1E2thzY/dfEIxIJnAZ + 7V7fl7quHVGzIpNRgSiMvznZOpM3GossYHOh116wErppWeFOLQafr2dXc/vq0kbelcFqFskEXWWK + hgGL0oSfWIOTH7gom1K8xTV8Llm8LsnijboGgu0AEV2JkvteaifScq2prpnaHugSAq4RAvIspB7a + PdFIVziGhWuKyp2awzVS9pcE2ybmokpTRhnl6Hf0Sz4kfSjyv0w/pBMuED2kQD9F58GKjYaRt5yO + 3GAJwJPJmef7Y8p2ZhJWeGFaTAc8iyKsgRR09ITB1sXJO3PJyOiLZaUKAQe5Tk6T7KNLm8DzvVHs + ufHQj87G4TAMJl44DaLIZeOVF08vonNp5Xg4O/Y/4k+9Z6eMa9q0bfWvwqkKu4ZHbN8hPnayarlJ + QnKZnTFWkMfwvkwPEHN4fD+3x07GCX+7RD18xO0a9/ARt2vkQ0cM6olUAakFW1P7zHXLh+KJyFqV + eYq+biDcMP1DlQvU8jdgnHD9FHjUqcGoiWRaR/entNbLNeP2VLD/Q++pYB+IeyropAIjKADxTkXc + IzV59bMLu6JkukXdliVdHSHXdITaA6bD0h4wSi3mD0kuuNJCuuCs9LcI9fNPkD6I8v/13ZQxYxQr + oQL5KmRXYtvqwxVSkB+3j8Su/7C+/Gxzqm2deq7v0hcb3UhQP1gFYdfT9isEaE/b+0D8qrT9EwAA + //8iw8V0LLaT8lNA/TxoB9lKATRMA+rS5wFLJT0FcN8OxM0sUUjMS1EoKC0GzQ2AuKABX88gRyXY + wKrjaBmCJbUAAAAA//+iR2oZLUPo4eLRMgRnGYJvhhBlZoXoKZis4pQAsE+hs5AAAAAA//+KpXTZ + Cqz9AzQ7N7EiKLW4NAfUrjKEt/UMwdMpRSWOJZB2H2hSFzTlAirP4OKomo2QWopwDaDGWmxtbS0A + AAD//wMA5OAuX/kjAAA= headers: - ATL-TraceId: - - e6325406235231ee - Connection: - - keep-alive + Atl-Traceid: + - 9361597a18bc5e18 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:21:16 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:42 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 344d38a9-29f7-4797-b17f-5b018be1f5ce X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '277' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - fbdb749a-fc83-4ce1-a824-67e6e660587d - x-envoy-upstream-service-time: - - '93' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml index 7766853ea0b..b2038c6e837 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPzWrDMBCE30XXOs5Kjm1Zt9Ie2lLSgp1TKUW/1EWWjCUXQsi7V6KBBPYwzH6z - w56Q4EEfFosY+o5xDmy7VdpoGZX/8SWPlocwclc6HVGBfvUSRu8SjAFwCSVs+v39e//0Nly3+3US - SSH2kaECCvgskNKz9cdJuzgcZ50OPFi/qhQS62jVfwSxHKDVxXzkMYMECN7gNHTAFYOWYVICwB0k - OOWDXlLvME63LIEBaoZrRki5a6+snJ6d8QlsulZQ2mhodGOkkRybCosdpZ2pKyGFUpRjYbqbgmhz - w8u4cJTfMXy18dVLnu0TsheFtPs69Oh8/gMAAP//AwBYhDViWgEAAA== + H4sIAAAAAAAAA1SPy2rDMBBF/2W2tZWx/JCrXWkWbSlpwc6qhCJbEnGRJWPJhRDy75Vp6GM33Dln + LnOGTni1nw1wOIYweb7ZSKVVH6T7cEQEI7wfhCVWBUjgU81+cDbCGWJGkGDa7O5em4eX9ne7W8Yu + TsDfVijBBA8JSDUZdxqVDe1pUvHAvXGLjFK3DEZ+K8CjQLG8hlsRVpAipSnWacZarDkyTkuCiDeR + xOh7Ncfedhj/sbctIqeUFzkpWfnD9uOj1S6CVZExnWutc1ZTWmFeIxaloFXWC5RVz1ihMK/+FgSz + NjwNs4D1HS0WE55dL9b4DOY6gbLv+wYuly8AAAD//wMAwfoq9loBAAA= headers: - ATL-TraceId: - - f2f422ebef666520 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:15:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 1887bb3ce13c1ba4 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 8b3eaa9b-a160-484e-9c64-2cfe01eaf807 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - bba1d9da929036cf - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:22 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 41ebf3dd-d55e-4837-b0ce-b72587af8970 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '125' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - eb5336a1-204a-4ab2-a31a-15248840a821 - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,90 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - d51a28de17e9221b - Connection: - - keep-alive + Atl-Traceid: + - c681a4dd52674a86 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:43 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 3d589206-b3bb-4b48-95a7-7589f511becf X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '200' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - d7d5bfba-add6-4dab-8c83-6f7b2a6415de - x-envoy-upstream-service-time: - - '90' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/316]\n\n*Defect Dojo link:* http://localhost:8080/finding/316 - (316)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/117]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/318]\n\n*Defect Dojo link:* http://localhost:8080/finding/318 + (318)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -283,55 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1351' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11402","key":"NTEST-1109","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11402"}' + string: '{"id":"11815","key":"NTEST-1477","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11815"}' headers: - ATL-TraceId: - - 4e90f541f6fb74c9 - Connection: - - keep-alive + Atl-Traceid: + - d2ded9272efc3193 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:23 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 24d2399e-5e81-4e21-aff1-1d7aef6ee98a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '611' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 7001d401-8dac-4e8d-a753-436c5ef6a2cd - x-envoy-upstream-service-time: - - '551' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -341,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1109 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1477 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa1PcNhT9Kxp/yLTUrB9sYOOZTCeBTUtLKYUlzIRkMlr5rq2sLLmSvI8m/Pde - yTZLoJsmJMwE+1q6j3PPPRIfA1jVVOZBFmiQOWjIX3EQuQklrcCEhpVQ0VDVoKnlSpoQcm4rsDRk - JZUFCFWEC9AGv0F+DrUGA9J2a1ljrKpmzuH7JI6TeKDh7waMnaxrONOUWc4gCAPu4ifJME7xxYCY - 4WtpbW2yKMphBszm6oMaUCuoMZzKgQQbYSQb0ZpHacSNaSDqHcxhjftPJ+OLyW6SxM/Q5FMwQfYx - MJhbYxi1UCi9bmvI8Q13pHGa4IbdNJ7ET7PkaZbuDZ6mBz9h3rFL0gWxmLh388gk3f4I/flE27K7 - lxwM07x2wKH1BTEVFSIkOTeWS2ZJzYEBUTOyVHo+cLuZkpdafE0WBlijIVpwWNIFtVT/bPg/8LzC - XjbVk9Z0nD9P4r1k1L26Dj3flBwGjg8Ya0LN3DWpmVr3lM2oMBAGvY8g807CoOTIGM3K9QksAJOM - b8LAcqRUjfQIMtlgcUGt1QfM+JGAdrs9nL5BPZzu5Q4JNslfSm4tOjDBbWxX5+9+rVEzu6Ta1Wp4 - VQuOpMnvFYh4exYNR6vh6GvS7ZDvgnXg19xhjf/uQj+MDzByOlylw0c79l31xHliut9fiJXsr5L9 - 74u16oN1D1+Itpeu9tLvi9bx1fQPW6Pd3LiRX71udQk7dv0OO1gUGgoc9Qc0RE4p0bST11ruCVd6 - sO3D6KGPVk1aq5tVL5xBtpvgK7Wop60OfTvfW5Xb6FrUutOOzf7xUDWuqMRp1ZUzcFkEmdUN3HTy - 5bxpztpSPz6wucxwqSlVI/IjbmpB190EoBnTsq9RQtxUdGhowGLd2P2XdqajUa+d92GLt+GZbPuQ - bjSDK83t+pEg9tuj4bdJKK9oASZyO0zvhKNBqOXALIqNxpyoZa9Fw+DmYSF7fSGCTsGpiePm/YNy - fwsMyTYiJiOHR0nNuObshMu5P8WPoHaHumR9F31vl/7brUUqOcYznU4FnAM1LTN09xScnVz+cnz6 - /uT4cHx6MX4/Pj//8xzrwwkyCAgumJRAzlA2pSUuLuGGKCnWBEeSC+eUWEV+45qSMw0Vji1pDHJ2 - 4If0fhXP0GH8icfx/sE0C9oTA3uH4G9m6rM5xjYUXFJxf1F3Jeng9TwXmF0vBdjXQsLt6qZ2Q/sV - PG5vD4+kXrv59rj6/MD/NjZu6PaSsjnewXrK9c7bWIfdNee7Eu7vSlF/ZUn701WCozpTQunTNpup - aGC30KgamwuDIkeqbbaqarwlStt14Uv9+xyct3LzszPhVsBORq7f0DrJyKFScw7kiltULUsu/OlB - XglafHK1YqlCMSpKZWw2ikdxNOMyR2GM9pL9d97hkYcCs/ygiCNJtkP+dyf5Af/70W+/wAuOUxTc - hrPvTYdXY3y7xl+7+8nQ5+EwZ0sYVNxqGChdREg56trA8VLiqBrh0kFpK+Gzav28dn4u5VyqZW87 - 0ypv8NYzlgUOYIVwRhNEz8XztWMm5Fe13LVqS/115yB9RyJynRhL/mqotqDJxuWWrbCJmfjdb16c - kQtG5Zb17q6F1/KDFueXmkpWRhNaYLKnyITW2nCRHx/dNR2qCmEiqGblHbODem0sVAZrz2vFkUg7 - mbf7fjmEK8ql4RYGyLVtdgTelFNFdd7jfIv30YZ1zvMLwlpyYSZkCiCJAUuWHdMsCl97VyEzZFtI - liVnJamASoMfabui84AYvZVTIJQxVE7IyYJT0uAwML2uUXpwnZTQHsKD23z+QGYU/m8pl85VCdJx - jdBbrwr/1MLKMA9XHl8A4XKmdOX3EKWdGlP8apwYohDPQYYuLXSOALfn/L8AAAD//+xZbWvbMBD+ - KyZQSGF2bOd9MLpQNtiHstHABmUQFFtewuIXLLtuyfLf+5wkq40bd6OMkg+BfnAt6XR3vufuuYvF - NhW7JwOtjEndSoEot1hiPVEPjVLCNw5iRJDFxj7lgZ8JuYBuIw9BA62hqFUkgaKEew5q+mjxlzhD - V0jWmmiYFzwTVERyrkKX7y1fA72oPnArvdZxWFWVk1ZMZBJpgC2/c7JVJpECVRa4eaE1XLAC9GdZ - IlYX3a8/ZvNv9vzKRqGW6NZXZCkBhDDWZWG8Ts6t7vkfBNWmSN8juJ8zHK+N4XiDeoHSX4Ee+Ldk - acS7mluHLTLc1gXDG+RnkSzp8MY2HuEaQgu3sGBFWD9IUdBWH6rHzTwuyjhmVIA6f8vW5EOik2n+ - ympFtOIC+CISjE5gGPYn48nSG7u8H0zdYDr0o6kXjXCP2YQbXtjG6QPPwhB3oGKhfIX3TsyiqAyC - 9UfPrV1MOYWEvtggKpg4KI1ym8xD6rHHvMHSjfg0cAeh60+jYDhik8l4xJdjP2TD/kX4QUo568/O - /M/4U+fsmCU6Gdu2eiWcUtgVPGL7DkHFycrlZh2Qy+yMMUEew3lZcMD98HiJSHeyhJzf7DyPX+Nm - /3r8Gjd74GPXGDkpVF2g5neXwIB1pTEgkUSpXPWYKqPdIC9j46cyTzPeuwFCgtUj5GjaglWDYbpB - j5I0Kcx1rj0lgbf/3Kck8BYan5LAgSRgSASU+6WwtqURrX52ITctmJ4jN6kIuFZnu+s8X2ibJrlm - mtRcMNOZ5oKhbTy5XedpooiRblZL/ROC+vdfTLhNi/83B1TCjFDchIbleyonGvXwDlGlVN7Wjzrh - vloB+XNLr5b7rhOzu2suyg0JfmKsnEXkxaxQhtNElOYVZLp5v3/Y3zutD0htd7vdAwAAAP//AwCO - 8qU+sRoAAA== + H4sIAAAAAAAAA7xXa08bRxT9K6P91NK194EBZ6WqSrHT0iJKwRApBKHx7PXuxLMzm5lZbJfw33tn + HzaBOC1UjZBg53Hf55653HmwLKlMvcTTIFPQkL7hIFLjS1qA8Q3LoaC+KkFTy5U0PqTcFmCpz3Iq + MxAq829BGzyD9AxKDQakbe+yylhVzJzCmygMo7Cv4WMFxk5WJZxqyixn4Pked/ajaBjt4cKAmOEy + t7Y0SRCkMANmU/VB9akV1BhOZV+CDdCSDWjJgzjgxlQQdArmsEL5k8n4fNKLBgcHuFW7YLzkzjPo + W2UYtZApvWpiSHGFEnEYx71w2IteTcIwieNkMOjv7UY/hHEYOiedEYuO12pe6KSTDzAVYbwOu12k + YJjmpUsc7r4mpqBC+CTlxnLJLCk5MCBqRhZKz/tOmil5ocUzvagkd+Wi4obeUkt1cMthEdRubRxs + j6JwNxr+ZPhf8GOBZa8KtOpggSYn1MxdraqpdV/JjAoDvtcIHmFctazv5RyBo1m+OoZbQF/De9+z + HJFVIkq8RFYYo/cIJrvhtoOoOyi1+oChvrASrXRdh7qyXR3c4gF6NuFeSG4tKjDe2raD8O/1XaNm + dkG1A7LhRSk4Opw+SgkWqobfYLgcDJ/p7ldK1kWyLtggdHCPB8t48P9aaWBRgxQNRvvLaP9bGFx2 + Fnfj5W78LSy2yL+/fwrHuIPjjC8vGw7EIl9dY9GzTEOGtPIE6+iOElXT5V8EeXyw7WC47eDVU+UN + pTW7jjBq9vaSXoRLapHUGzJ8fu80VLsh16BRp11n1J+HqnLRRo4w37oNLjMvsbqC+5ZDnTbNWZOD + uyd7zjO8anJViXTETSnoqu0m3Ea37CWWzXVYmw0NGKxr4S8ReLS33xH447Rto5l4TTOPD9YFLzVX + mtvVC5PYiQeD5/E4L2gGJnASplPCcUOoRd/cZhu+OlaLjtcG3lPkxrtdIIJOwTGTA+3j13p/Sxqi + bQiNhi4fOTXjkrNjLudv3MkISjdZSNZVsa7toj5b70glxzhY0KmAM6CmQYZuv7zT44tfjk5ujo8O + xyfn45vx2dkfZxgftpbBhOCFSQ7kFClYWuLsEm6IkmJFsJ25cEqJVeQ3rik51VBgP5PKIGb7X2rr + CNvJCz/xMBx+lInXvFdYO0z+pqc+a3AsQ8YlFY8vtXNRm94a5wK96zgC65pJWN+uSte0/wLHzQjz + Qug1wuun7/Op43lo3MDtZ8rmOAh2kOuUN7YO21nrPzncDWxBNzfF3UstwUGdKaH0SePNVFTQyzSy + xmZcUWSkmmKrosRRVdq2Cl+r3+fJeS83PzsTbgXsJOTqHS2jhBwqNedA3nKLrGXJObBKA3kjaPbJ + xYqhCsWoyJWxyTAchsGMyxSJMcAh6bpWOKpTgV5+UMSBJNkh/yhJvsNf39fi5zheOUZBMez91slR + BWSE8eDmCFifRPs+cdhaR3H4doxnV/intx8NalddWdgC+gW3GvpKZwGikrpKcZyBHJoDvNrPbSFq + xxs9l07PhZxLtXiYpVOt0gpf1bHMsE8LzHowwSQ7m3WK0GHyq1r0rNqSprJVEF+TgFxFxpI/K6ot + aLJRuUUUNjajWvrd61Nyzqjcct+Nd+5fiHVUD+I4XxkLhcE40lJxxM5OUu/XJXIZKyiXhlvoI7ww + YSafKqrTbTee6B9tgOY0vyaswRNSKZkCSGLAkkULLotcZxqAzRBgPlnknOWkACoNHtLmRqsB430v + p0AoY0iWkJJbTkmF+Gd6VSLb4L2/AQAA///sWW1r2zAQ/ismUEihdm0nTtJB6QLbYB/KQgsrlEFQ + bKcJjSXjl7qjy3/vc5KiOm7cjTJKPgTywYmk03Pne3nuwnms6q5TQ3SJd30nuzgCdLOIOTmYxYxc + gSYPGgEJqQVeZS35XGSJPGOJjFIww2pOGRDZ9z7mJwQMwpeFpYq7xVYV+00qWimT6Mocrm0xbtUA + okXj8crBG89JZ6OhssEvTkag28hGQKAR5huIJDAvYaCdSGs617S/QjCimMBkpL32l6qqHFGxPJVR + gSiMH510kUqPxiVTyJzqu6esAJuZlfCpaffHzfh6Yl9f2qi7MljNJakgV6Zo6LIoWfJjq3v8B46y + KsQnuOFryuK1URavv1mgfFags76XtIuIVHNr0CLDbV0wRECaXNKe3RvbiIFrqOtW3WzmW1iNhQsK + 2Z2ExDU8Ny+ThFFF6fwt/ZINiR+K7J3lh3jCBaKHWO336DyYs34v8majvhvMgGk4PPN8f0DVzmzC + DW9si+kFj6MId6AEdV4w2LoH+WycjIS+2T2qEHBQ6+Q2mX10BxN4vtePPTfu+dHZIOyFwdALR0EU + uWww9+LRRXQupRz1xkf+N3zUOTthXKdN21Y/5U6Z2xUsYvsO5WMnLWerZUgms1PGcrIYzsvyADKH + xy8Te+CknPA3O9H9R9xsZfcfcbMV3nfEyEmRaus0Yatzn4me7FA8UbJWraPKa7cgbtj+tcwEWvZb + pKJw8RJ4NJDBqolkukfPpzTXy3TGPaSCj3/ph1TwEYgPqaA1FRjmAYh3KuKeaJarn13IFQXTI+om + 82ibCLlmItRcMBOW5oJhajF/WGaCK7qjG85S/xehvv4L0gdR/L9ZnhJmhOImdCA/hZxKbAZwcCEF + +WnzqLPruwHI/21ON3JPOgl7vIrzckWCa8rKeUJWjAulOE01aeZAqpvftw/7W6f1AYl2vV4/AwAA + //8DAH0KlWj6GgAA headers: - ATL-TraceId: - - 20740b6f6f74019e - Connection: - - keep-alive + Atl-Traceid: + - 597bbd38e9aa7151 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:44 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 7128f09e-dfcb-46f9-adfb-c338bf29877d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '259' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 099d51df-f0bf-4798-8ad1-9d108032de21 - x-envoy-upstream-service-time: - - '158' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -438,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11402 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11815 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xE1dAMbSJu2XLsixxGqBpUdDUWWItkRpJ+WVt//uO - pGSn6dy1aQzE0pG8l+eeO57fB7BqqMiDLFAgclCQv+BQ5ToUtAYdalZCTUPZgKKGS6FDyLmpwdCQ - lVQUUMkiXIDSuAb5JTQKNAjT7WWtNrKeWYVvkzhO4oGCv1vQZrJu4EJRZjiDIAy4tZ8kwzjFFw3V - DF9LYxqdRVEOM2Aml+/kgJqKas2pGAgwEVoyEW14lEZc6xaiXsEc1nj+fDK+muwnSfwERc4FHWTv - A42+tZpRA4VUax9Djm94Io3TBA/sp/Ekfpwlj7P0YPA4PfoJ/Y6tk9aIQcedmgc6ac9HqM856sPu - XnLQTPHGAofSZ0TXtKpCknNtuGCGNBwYEDkjS6nmA3uaSXGtqq/xQgNrFUQLDku6oIaqnzX/B57W - mMu2fuRFp/nTJD5IRt2rzdDTbchhYPmAtiZUz22S2qmxT9mMVhrCoNcRZE5JGJQcGaNYuT6DBaCT - 8ccwMBwp1SA9gky0GFzQKPkOPX4goN1pB6dLUA+nfblDgq3z14Ibgwp0sLFt4/zd7dVyZpZU2Vg1 - r5uKI2nyewEi3o5Fw9FqOPoadzvkO2Md+A23WOPfXeiH8RFaToerdPhgxS6rjjiPdPf9BVvJ4So5 - /D5bq95Y9/AFawfp6iD9PmsdX3X/sNPax4+25FcvfV/CjN2+wQwWhYICS/0zGiKnZNX6yvOSe40r - Pdq1MPpch+8mXmpr1TXOINtPuhZiGaw48+befyaz/EL3dSnbKj/huqnoumMhihEo8xLL2DKzM0EN - 9mjf2769hnzn3PbKyKtTtkLc47FsLVDO+Rsr4KIIMqNa6w1TgMHasvuv3pmORn3vvA9bvAvPZNdC - umvhYNtMuFTcrB+IRH88Gn5bb+U1LUBH9oTulXAUVHI50Iti23zO5LJvUsPApXIKtptYbt6/KA93 - RJvsImIysmGXVI8bzs64mLtb/AQae6kL1jPI8Wrp1jYSIcUY73Q6reASqPasVN1TcHF2/cvp+duz - 0+Px+dX47fjy8s9LDAMrSGPcuGFSArnAtikMsXYJ10SKak2wJHlllRIjyW9cUXKhoMayJa1Gfg1c - kd6P4gkqjD/wOD48mmbBvZpFZAsuaIU5Q9C3RWbX7su6kaSD17G8Qu/6VoDpKwRsdreNLdqv4LGf - Hh7IMH94c119euF/G+m2rHpO2RxnsJ5ZvXJv67gbc77L4X5WivqRJe1vVwGW0UxWUp17b6ZVC/uF - wo61HRgkOZE+2bJucEoUpsvCl3L6KTivxfazN+Gmgr2M3L6iTZKRYynnHMgNN9gxDblytwd5UdHi - g40VQ60ko1UptclG8SiOZlzk2MSig+TwjVN44qBAL99JYkmS7ZH/PUl+wH8/uuNXOODYxoHHsMSd - 6PhmjG+3+LV/mAydHxZztoRBzY2CgVRFhJSjNg0chxJL1Qi3DkpTV84rr+el1XMt5kIue9mFknmL - U89YFFiANcIZTRA9a8/Fjp6QX+Vy38gd8TedgvQNichtog35q6XKgCJblTuOwtZm4k6/enZBrhgV - O/bbWQvH8iOP83NFBSujCS3Q2XNkgpe2vMpPT+6KjmWNMBHsZuUdsYV6rQ3UGmPPG8mRSHuZk7t8 - WYRryoXmBgbItV1yBF6XU0lV3uO8wftkyzqr+RlhnlzoCZkCCKLBkGXHNIONz88qZIZsC8my5Kwk - NVChcZH6HZ0GxOi1mAKhjGHnhJwsOCUtFgNT6wZbD+4TAvwAMNj48wcyo3C/paw7NyUIyzVCN1ol - /tTCyNAPGx5fAOFiJlXtzhCpbDemuKptM8RGPAcRWrdQOQLsZ4x/AQAA///sWdtq20AQ/RVhCDhQ - ySv5qkJJTWihD6ElhhZCwaylVW1qXdBKUYLrf++Z3ZViq3ZaQgl+MORB0d7OjubMnBlbfF3xR7qg - lXGFrZTwcosn1g48FEqJWDvwEUk3bu6nLfA9IRPQaWQhIDAIZQ2RNpQlzHMQ6dONP8UZqkK6beMN - s0JkkpJILrTrir3hW7AX2QdmpdfGD6uqctKKy0wxDbQVD062zBRTAGWOk+cG4ZwXkF6LEr46737+ - Np19sWc3NoSFYrc5IkuJIMSxLg/jVXJpdS9/wanWRfoWzv2nwnGPKRx3cGxguJvPChTHP5XUIjHY - msqaqe2BRjeoz6LE0OGJx3QEawRte8CvB2AvHiwpCBzQ1e04Lss45pSAOn+L1mRDkpNp/sJsRbLi - CvwiwYpKYBj2J+PJwh0z0Q98FvhDL/LdaESqop6EE56ZJugDT8MQZyBjIX2Fj07Mo6gMgtV7l9Um - pphCmz5bIGqaOEiNapqKQ/qxx93BgkXCD9ggZJ4fBcMRn0zGI7EYeyEf9q/Cd2qXi/70wvuIP73O - jnligrFt61fSKaVdwSK25xBVnKxcrFcBmczOOJdkMaxXCQfaD4/X8HQnS8j47crz9BG369fTR9yu - gU8dMUJPqCtQo++uwQHrxnBAMYlCua4HdeC6Q1zGxA9lnmaidweGBMsnylG3BaMNh+kE00oyojA3 - sfYcBF7/c5+DwGsgPgeBA0GgrTYgnzqbLa2p1QVQ/9Ak3FDv1jwzHJgW3DSY27sc6yaxY90k1nST - 2gONbBPJ/SpPE61/TLFamp8Q9L//gvQ+Lf5fz05v1myKk1CwfE1VR6NuHMKrNORN/WgC7osBqJ9b - evW+bzoxf7gVslzTxjuXVb2IvJgW+uLUEaV+BV29eb+/2NtbbRYotNvt9jcAAAD//wMARTjR/LEa - AAA= + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvcRJXAHDkMXuli3IssRpgaZFQFNniTVFqiQV22vz33fU + i906cbdkWBEgkXi89+ceXT56sCypTL3E0yBT0JC+5CBS40tagPENy6GgvipBU8uVND6k3BZgqc9y + KjMQKvPvQBuUQXoJpQYD0rZ3WWWsKmbO4G0UhlHY1/ChAmMnqxIuNGWWM/B8jzv/UTSMDvDFgJjh + a25taZIgSGEGzKbqvepTK6gxnMq+BBugJxvQkgdxwI2pIOgMzGGF+ueT8dWkFw2OjvCoDsF4yUfP + YGyVYdRCpvSqySHFN9SIwzjuhcNe9GIShkkcJ4NB/2A/+iGMw9AF6ZxYDLw288wgnX6ApQjjddrt + SwqGaV66wuHpMTEFFcInKTeWS2ZJyYEBUTOyUHred9pMyWstnhhFJblrFxW39I5aqoM7DougDmsT + YCuKwv1o+JPhf8GPBba9KtCrgwW6nFAzd72qptY9JTMqDPheo3iKedW6vpdzBI5m+eoM7gBjDe99 + z3JEVoko8RJZYY7eFkz2w05QavUeM3pmwVvtutx1A7tyu5fPQLLJ6lpya9GA8da+HVJ/r+8aNbML + qh1eDS9KwTHgdCtz7EeNssFwORg+MdyvdKbLZN2XQehQHQ+W8eD/9dJ0v8YiOowOl9Hht3C47Dzu + x8v9+Ft4bAF+f/8QjtEunMadYMaXrxoOxO7fvEM0ZJmGDGnlAdYxTiWqZsoftRof7RIMdwlePDTe + UFpz6gijZm8v6UX4Si2SekOGTx+qhmo35Bo05rQbmfrxRFUu28gR5mt3wGXmJVZXcN9yqLOmOWtq + 8PHBmYsMr5pcVSIdcVMKumrHDI8xLPsK++lGr62GBkzWzfZjBB4dHHYEvl22Nc1sC3Y1PF43fFuw + v2EsrjS3q2dWt1MPBk8jeF7QDEzgNExnhOOBUIu+ucs2DHemFh0TDry6nFNwlOVAu/21PtyRbbQL + odHQpZ1TMy45O+Ny/tJJRlC6zUKyrot1bxe1bH0ilRzjYkGnAi6BmgYZun3yLs6ufzk9vz07PRmf + X41vx5eXf1xiGjhaBvPGC5McyAVys7TE+SXcECXFiuCcc+GMEqvIb1xTcqGhwEEnlUHM9h+b9wjH + yQs/8TAcfpCJtzXMWNmMSyqwZ1j0zZA52fZZuxe15a1xLjC6jiOwfZmE9e2qdEP7L3DcrDDPRFij + vP4mfrl1PA10G1T9TNkcF8EOWZ3xxtdJu2v9p4C7hS3o9qa4+4RLcIhmSih93kQzFRX0Mo2ssVlX + FBmpptmqKHFVlbbtwtd6+mVx3srNz96EWwF7Cbl5Q8soISdKzTmQ19wia1lyBazSQF4Kmn1yuWKq + QjEqcmVsMgyHYTDjMkViDHBJelcbHNWlwCjfK+JAkuyRf9Qk3+Gv72v1K1yvHHGgGo54G+SoAjLC + fPBwBKxPokOfOGytszh5PUbZDf7pHUaDOlTXFraAfsGthr7SWYCopK5THJcjh+YAr/ZzW4g68MbO + K2fnWs6lWnxepQut0go/t2OZ4ZwWWPVggkV2PusSYcDkV7XoWbWjTGVrIH5HAnITGUv+rKi2oMnG + 5A5V2PiMau03xxfkilG5477b+9y/EOusPsvjamUsFAbzSEvFETt7SX1et8hVrKBcGm6hj/DCgpl8 + qqhOd914YH+0AZqzfExYgyekUjIFkMSAJYsWXBa5zjQAmyHAfLLIOctJAVQaFNLmRmsB830rp0Ao + Y0iWkJI7TkmF+Gd6VSLb4L2/AQAA///sWV1r20AQ/CvCEHAgUiXZsp1CSA1toQ+hJoEGQsGcJTkW + se6EPqKU1P89s3fni6xGaQkl+MHgB9k67c6tbmdn15zHqu46DUQXeNe3sosjQNermNMBs5ixK9Dk + YUdAQtuC4LISvhR5Kp+xRE4UzHC3IAYE+97F/ISAwXhSWqq4W2xds1+0RStjEl1V4GhbjFsNgGjR + eLx28MYL2rPZoYrBT05BIG8UIyDQCIstRDJYVAjQi0gbe27s/hLJiGKCkNHu9Xmp69oRNSsymRXI + wvjByVaZPNFwMofNufY9ZyXUzKLCmZr3v19Pr2b21YUNnSCT1TjJBB1lyoY+i9KEH1v94984KOtS + fMQx/FOyeF2SxRs261CJzvpOyi4SUu2lQYcNt/NGlxBwjRCQ70LKnpcXdklX10jXnSLbJmKEk4Ur + ymVF2kWVpowqSu9v9EsxJH0o8jeWH9IJ58geUrXforNgyYaDyFtMhm6wwAbG41PP90dU7cwieHhl + WUwveBpF8IES1HvGYOvm5JM5ZGT01bZSpYCDWieXSfbRrU3g+d4w9tx44Eeno3AQBmMvnARR5LLR + 0osn59GZtHI0mB75X/FRz9kp45o2bVv9VDhVYdeIiO07xMdOVi3WSUghszPGCooYnpflAWIOl59n + 9sjJOOFvt6j7j7jd4+4/4naPvO+IwUmRauu0YGtqn5ke+VA+EVmr1lHx2g2EG5Z/qXKBXv4GjBOu + nhOPJjW4azKZ/Oj5lNZ6uWbcAxW8/0s/UMF7ID5QQScVGIEBiLcq4x5pyKuvXdgVJdMj6rZM6ZoI + uV0TIddMhNo3jFKL+X2SC65UjW44K/1fhPr6T0hFqiw8bi812b2B4Bp/o3zY2j3ppezhMi6qNRlu + +JbtfV5OS4XjXpT/b6aojBmj8IVO6IeQ05HtIJCmmjRzIJcGyC5afweufkCGZ7PZPAEAAP//AwBR + PtXz+hoAAA== headers: - ATL-TraceId: - - cea4f5d01b9e5d59 - Connection: - - keep-alive + Atl-Traceid: + - 8611b16144eab9b7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:24 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:45 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 005622fd-da68-4175-98b3-7676baaa4ca7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '268' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 43a93130-8187-4414-bfb1-3b86e7b30e34 - x-envoy-upstream-service-time: - - '135' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -535,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPT0vDQBDFv8tcTbeziUk3exM9qEgVmp6kyP7FyGY3JBuhlH53d7FoYQ6PN783 - jzmBFLPZTw44fMY4zny91sYaFXX4CkREJ+a5F554E6GAbzPNffAJpoiUIMHVbnv3tnt87f6322WQ - SQF/z1CBBR4K0GZ04TgYH7vjaNKBexcWnUJy6Z3+jQDPAVZdzAcRM1hiSVc0DetoxXHDaUkQ8QYT - nPKzmVJv1w/XbIkd1pzWvKxJ07I/Vg1P3oYENu1GMtYYbExjlVWC2orKW8ZaW1dSSa2ZoNK2VwXR - 5YbnfhKQ37FicfElKJHtE7iLAuM/9js4n38AAAD//wMAdzhdz1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTtE1qbqIHFVmF7Z5kkbRJsJI2pUmFZdn/boqLH7fhneeZ + lzlBq4LZzw4kvMc4BbnZaGNNF7X/8ERFp0Lo1UhGEyGDTzOH3o8JpoiUIMF8t7152d0/N7/b7TK0 + aQL5ukIZZnjIQJvJ+eNgxtgcJ5MO3Dq/6CS1S+/0twIyCQyrS3in4goyZCzHOqeiwVqikKwiiHiV + SEx+MHPqbfrhH3vdIErGZMkJpcUP2w0Po/UJ5CUVtrDWFqJmjGNRI5aVYpx2CjXvhCgNFvxvQXRr + w2M/K1jfsWpx8cl3ao1P4C4TmPFtv4Pz+QsAAP//AwDeDr6TWgEAAA== headers: - ATL-TraceId: - - 7777f0fe18848cdf - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:15:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 816e2c73a13697b1 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - a4f9a39f-5d50-45d8-8cc0-35e84855ff99 - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 44f3df425764a996 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:25 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ff15b1cc-b186-4316-b0c7-1206d29bc50a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '103' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 8b38df5f-57ef-40c4-96e3-0ed9fbf3bfc3 - x-envoy-upstream-service-time: - - '60' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -712,90 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 58b84b9321a416ba - Connection: - - keep-alive + Atl-Traceid: + - 8f0540336d753c1c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:26 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:46 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d4f483bd-daea-48ef-8d71-cb937f455334 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '198' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 879b94a4-6b69-456a-8dd5-94458a16f7c6 - x-envoy-upstream-service-time: - - '73' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/317]\n\n*Defect Dojo link:* http://localhost:8080/finding/317 - (317)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/117]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/319]\n\n*Defect Dojo link:* http://localhost:8080/finding/319 + (319)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -808,55 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1351' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11403","key":"NTEST-1110","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11403"}' + string: '{"id":"11816","key":"NTEST-1478","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11816"}' headers: - ATL-TraceId: - - 5f738f9f1ee48765 - Connection: - - keep-alive + Atl-Traceid: + - b24b0c0f8b88a03d + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 8c4c8b1e-e7e7-4723-af4d-2616c922870e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '494' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 4ddcbf94-77a0-4988-80f5-462c867f58e2 - x-envoy-upstream-service-time: - - '1220' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -866,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1110 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1478 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFumWI+4jiegGNrE3bJlWZY4CdC0KGjqWmIskRpJ+bE2/32X - lGQnDty1aQM00hV5H+eee8h88mBZUZF6iadApKAgfcuhSLUvaAna1yyHkvqyAkUNl0L7kHJTgqE+ - y6nIoJCZPwel8RukF1Ap0CBMu5bV2shyah1+jMIwCnsK/qlBm/GqgnNFmeEMPN/jNn4U9cMDfNFQ - TPE1N6bSSRCkMAVmUnkne9QUVGtORU+ACTCSCWjFgzjgWtcQdA5msML9Z+PR5Xg/iqIQTS4F7SWf - PI251ZpRA5lUq6aGFN9wRxzGEW7Yj8Nx+DKJXibxYe8gGv6EeVsfLojBxJ2bZyZp9wfoL4zXZbcv - KWimeGWBQ+troktaFD5JuTZcMEMqDgyInJKFVLOe3c2kuFLF12ShgdUKgjmHBZ1TQ9Uvmv8Lr0rs - ZV2+aEwn6asoxHLbV9uhV5uSfc/yAWONqZ7ZJtUTY5+SKS00+F7nw0ucE9/LOTJGsXx1CnPAJMN7 - 3zMcKVUhPbxE1FicVyl5hxk/E9B2t4PTNaiD0748IMEm+SvBjUEH2lvHtnX+4dZqOTULqmytmpdV - wZE06VaBiLdjUX+47A+/Jt0W+TZYC37FLdb47yH0/fAQI8f9Zdx/tmPXVUecF7r9/YVY0WAZDb4v - 1rIL1j58IdpBvDyIvy9ay1fdPeyMdn9vR3553egSduz2A3YwyxRkOOpPaIickkXdTF5j2RKu+HDX - h+FTH42aNFY7q044vWQ/8j0s01zjEFpetQuoQYVtlOnbJ6DRvY3SBY07ZfntHo9kbcuMrHrdWAMX - mZcYVcN9K2jWm+KsKf7TE5vNDJfqXNZFesx1VdBVOxNoZgqwWDt2T7Vz0OsPDjvt3IYt3IVntOtD - vNEMLhU3q2dC1m0P+t8mobykGejA7tCdE46GQi56ep5tNOZULjot6nsWo61CDrpCCjoBqyaWm9sH - 5WAHDNEuIkZDi0dO9aji7JSLmTvFj6Gyh7pgXc9cJxfu29oipBjhmU4nBVwA1Q0PVPvknZ9e/Xpy - 9vH05Gh0djn6OLq4+OsC68MJ0ggILhjnQM5RNoUhNi7hmkhRrAiOJC+sU2Ik+Z0rSs4VlDi2pNbI - 0J4b0u0qfkaH4WcehoPDu8RrTgzsHYK/malHc4xtyLigxfai9krSwutYXWB2nRRgXzMB69V1ZYf2 - K3jc3B6eSb1m8/q4enzgfxsbN3R7Q9kM72Ad5TrnTayj9przXQl3d6Wgu7LE3ekqwFKdyUKqsyab - SVHDfqZQIzYXBkmOZdNsWVZ4SxSm7cKX+vcYnPdi87M35qaAvYTcvqNVnJAjKWccyA03qFGGXLrT - g7wtaPbZ1oqlFpLRIpfaJMNwGAZTLlKUweAgOvzgHB47KDDLO0ksSZI98r87yQ/4349u+yVecKyi - 4DacfWc6uhnh2y3+2h9EfZeHxZwtoFdyo6AnVRYg5ahtA8dLiaVqgEt7uSkLl1Xj59r6uRIzIRed - 7VzJtMZbz0hkOIAlwhmMET0bz9WOmZDf5GLfyB31V62D+AMJyG2kDfm7psqAIhuXO7bCJmbkdr97 - fU4uGRU71tu7Fl7LW5zfKCpYHoxphsmeIRMaa82L9OT4oelIlggTQTXLH5gt1CttoNRYe1pJjkTa - S5zd9csiXFIuNDfQQ67tsiPwOp9IqtIO5zXexxvWWc+vCWvIhZmQCYAgGgxZtEwzKHzNXYVMkW0+ - WeSc5aQEKjR+pM2K1gNi9F5MgFDGUDkhJXNOSY3DwNSqQunBdUJAc+T21vn8iczI3N9SNp2bHITl - GqFrrxL/1MLKMA9bHp8D4WIqVen2EKmsGlP8qq0YohDPQPg2LXSOADen+n8AAAD//+xZ22rbQBD9 - FWEIOFDJK/mqQklNaKEPoSWGFkLBrKVVbWpd0CVKSP3vObO72tiKnZZQgh8MfpC1q5nZ0cyZMyOL - r2t+Twe0Mi5tqwpEucUTa8s8NEqJWDuIkYJObM6nPPAzIReQNvIQLNAWFo2JJLCo4J69lj6d+Euc - oSuk05pomJUiK6iI5EKFrthZvkb2ovrArXRbx2Fd105a8yKTmYa0FXdOtsxkpsCUOTTPtYVzXoLs - LCrE6rz79cd09s2eXdko1DK7tYospQShHOvyMF4l51b3/A+Cal2m7xHczxmOe4jhuINDC8NmgXCx - RHP8W5I1ol+trcxsbS8Y3iBfi2RJ+zce4hHMENqdMtuGZ/iMB0sCgr38hfnGjiqOORWgzt/QmnxI - dDLNX1mtiFZcIL+I8qITGIb9yXiycMdM9AOfBf7Qi3w3GkGP2QQNL2wT9IKnYQgdqFgoX+G9E/Mo - qoJg9dFljYsJU0joiw2iShMHpVFukzikLnvcHSxYJPyADULm+VEwHPHJZDwSi7EX8mH/IvwgpZz1 - p2feZ/zUc3bMEw3Gtq1uFU5V2DU8YnsOpYqTVYv1KiCX2RnnBXkMz8uCA+6Hy0tEupMl5Px253n8 - Frf71+O3uN0DH7vFgJ5Q9Xya310iB6wrnQMykwjKVUepgOsGuIyNn6o8zUTvBhkSLJ9SjqYtWDU5 - TBr0KEmTwlxj7QkE3v51n0DgLSw+gcAeEDBsA8b9Urn2QCNafc0gNy25niO32Qa4Vudh03m+cGia - xMw0qb1gpjPtBUPbRHK7ytNEcR/drFb6E4L6+09HQIsjJTw0lxr/XoF5W18/eo3cd52Y312LolqT - 4C3dcjSQl9NS2XGblv9v+qiEGaHQhcbpeyonK83IkCaiNK8glcaQXWu9HXP1A9I9m83mEQAA//8D - AJsithexGgAA + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZlsPWI4joBh6GJ36xZkWeI0QNMioKlriTVFqiTlx9r8913q + YTdJ3S0ZVgRIxMd9n3t489GDdUll6iWeBpmChvQlB5EaX9ICjG9YDgX1VQmaWq6k8SHltgBLfZZT + mYFQmb8EbfAM0gsoNRiQtr3LKmNVMXcKb6MwjMK+hg8VGDvdlHCuKbOcged73NmPolE0xIUBMcdl + bm1pkiBIYQ7Mpuq96lMrqDGcyr4EG6AlG9CSB3HAjakg6BQsYIPyZ9PJ5bQXDY5GuFW7YLzko2fQ + t8owaiFTetPEkOIKJeIwjnvhqBcdT8MwieNkMOwfD+MfwjgMnZPOiEXHazXPdNLJB5iKMN6G3S5S + MEzz0iUOd18QU1AhfJJyY7lklpQcGBA1JyulF30nzZS80uKJXlSSu3JRcUuX1FIdLDmsgtqtnYPt + URQeRqOfDP8Lfiyw7FWBVh0s0OSUmoWrVTWz7iuZU2HA9xrBVxhXLet7OUfgaJZvTmEJ6Gt453uW + I7JKRImXyApj9B7A5DDsDkqt3mNEz0x4K12nuy5gl263+Awku6iuJLcWFRhva9sh9ff6rlFzu6La + 4dXwohQcHU4fRI71qFE2GK0Hoye6+5XKdJFs6zIIj9CNeLCOB/+vlab6NRbRYDRcY4d9A4PrzuJh + vD6Mv4XFFuB3d4/hGO3DadwdzPn6dcOBWP2bd4iGLNOQIa08wjr6qUTVdPkXtcZH+w5G+w6OHytv + KK3ZdYRRs7eX9CJcUouk3pDh05uqododuQaNOu1apv48UZWLNnKEee02uMy8xOoK7loOddo0Z00O + Pj7ac57hVZOrSqRjbkpBN22b4Ta6ZV9jPV3rtdnQgMG63v4SgQ+Pwo7AH6ZtSzMPD/YVPN4WvNRc + aW43z0xiJx4MnsbjvKAZmMBJmE4Jxw2hVn2zzHZEdqpWHeENvMeQjg+7QASdgaMsB9qHr/VwTxqi + fQiNRi4fOTWTkrNTLhcv3ckYSjdZSNZVsa7tqj7b7kglJzhY0JmAC6CmQYZuv7zz06tfXp3dnr46 + mZxdTm4nFxd/XGB82FoGE4IXpjmQc+RmaYmzS7ghSooNwT7nwiklVpHfuKbkXEOBjU4qg5jtf6nf + I2wnL/zEw3D0YZl4zXuFtcPk73rqXoNjGTIuqXh4qZ2L2vTWOBfoXccRWNdMwvZ2Vbqm/Rc4bkaY + Z0KvEd6+ifenjqehcQe3nylb4CDYQa5T3tg6aWet/+RwN7AF3dwUd0+4BAd1poTSZ403M1FBL9PI + GrtxRZGxaoqtihJHVWnbKnytfveT81bufg6m3Ao4SMjNG1rGCTlRasGBXHOLrGXJJbBKA3kpaPbJ + xYqhCsWoyJWxySgchcGcyxSJMTiMjt/VCsd1KtDL94o4kCQH5B8lyXf46/ta/BLHK8coKIa93zo5 + roCMMR7cHAPrk2joE4etbRQn1xM8u8E/vWE0qF11ZWEr6BfcaugrnQWISuoqxXE4cmgO8Go/t4Wo + HW/0vHZ6ruRCqtXnWTrXKq3wuZ3IDPu0wKwHU0yys1mnCB0mv6pVz6o9aSpbBfE7EpCbyFjyZ0W1 + BU12KveIws5mVEu/eXFOLhmVe+67uc/9C7GN6rM4LjfGQmEwjrRUHLFzkNT7dYlcxgrKpeEW+ggv + TJjJZ4rqdN+NR/rHO6A5zS8Ia/CEVEpmAJIYsGTVgssi15kGYHMEmE9WOWc5KYBKg4e0udFqwHjf + yhkQyhiSJaRkySmpEP9Mb0pkG7z3NwAAAP//7Flha9swEP0rJlBIofZsJ07SQekC22AfykoLK5RB + UGynCY0lY9l1R5f/3neSojpe0o0ySj4E+iGN5Luns+7duwvnqa67XgPRBd71neriCNDNPOV0wRxm + 7Qo0eTgRkNCxILicBZ+JIlPPOKIgCmZYlcSAYN/7lJ8QMBhflI4u7g5b1uwXHdHJmUJXSVxth3Gn + ARAtGk+XHt64pDPbE+oY/OQUBPJGMQICg1CuIZJBWSFAW5E2ztw4/RWSEcUEIaPTm/tS17UnaiZz + lRXIwvTRy+e5utFwMoHNifE9YSXUzLTCnZp0v9+Mry/d6wsXdVclq3WSC7rKlA1dlmQLfux0j3/j + oixL8RHX8E/JEuySLEF/10K0XiCiK9Fy3ys9RgqrtdW3W9sLVgiokCvZs33jLmHgW+m6UTfbfIuo + sXhOKbtVkPhW58oqyxhVlM7f6JdiSPpQFG8sP6QTzpE9pGq/JWfRjPV7STAd9f1oCkzD4WkQhgOq + dnYTPLyyLaUXPE4S+EAJ6rxgcE1z8sleMjL6alupU8BDrVPbFPuY1iYKwqCfBn7aC5PTQdyLo2EQ + j6Ik8dlgFqSj8+RMWTnqjY/Cr/jTz7kZ44Y2XVd/Jb1KujUi4oYe8bGXV9PlIqaQuTljkiKG51V5 + gJjDx8+X7sDLOeFvt6j7j7jd4+4/4naPvO+IQT2JbuuMYGtqn0sz8qF8IrLWraOmr1sIN2z/UhUC + vfwtqCievyQeTWqwajOZ/Jj5lNF6hWHcAxW8/0s/UMF7ID5QwU4qsMoDEO90xj3RkNd89mFXlMyM + qNvKY9dEyLcTofaCnbC0F6xSS/nDohBcyx3TcFbmtwj97z8hFZm28LT+aMjuDQTX+Bnlw9ruSSdj + j1eprJZkuOFbtfdFOS41jgdR/r+ZojZmjcIXOqEfQk1H1oNAmmrSzIFcWiCbaMMNuOYBFZ7VavUM + AAD//wMADf1LK/oaAAA= headers: - ATL-TraceId: - - 8db1b09b479e4b99 - Connection: - - keep-alive + Atl-Traceid: + - f1c685fd04f659d2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:27 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 30fc6d52-563a-44d9-bc6e-9a59c6d1f1fb X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '246' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - affbf417-118d-4211-bb25-57cda4a15f10 - x-envoy-upstream-service-time: - - '102' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -963,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11403 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11816 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xHU9AMLSJu2XLsixxEqBpUdDUWWIskRpJ+WVt/vuO - lGSnDty1aQzE0pH39vC54/mjB8uKitRLPAUiBQXpGw5Fqn1BS9C+ZjmU1JcVKGq4FNqHlJsSDPVZ - TkUGhcz8OSiNa5BeQqVAgzDtXlZrI8upNfghCsMo7Cn4pwZtxqsKLhRlhjPwfI9b/1HUDw/wRUMx - xdfcmEonQZDCFJhJ5b3sUVNQrTkVPQEmQE8moBUP4oBrXUPQGZjBCvXPx6Or8X4URSGKXAjaSz56 - GmOrNaMGMqlWTQ4pvqFGHMYRKuzH4Th8mUQvk/iwdxANf8K4rQ3nxGDgzswzg7T6AdoL43Xa7UsK - mileWeBQ+orokhaFT1KuDRfMkIoDAyKnZCHVrGe1mRTXqviaKDSwWkEw57Cgc2qo+kXzf+GoxLOs - yxeN6DQ9ikJMt321J3S0Sdn3LB/Q15jqmT2kemLsUzKlhQbf62x4iTPiezlHxiiWr85gDhhk+OB7 - hiOlKqSHl4gak/MqJe8x4mcC2mo7ON0BdXDal0ck2AR/LbgxaEB7a982zz/cXi2nZkGVzVXzsio4 - kibdShDxdizqD5f94deE2yLfOmvBr7jFGv8eQ98PD9Fz3F/G/WcbdqfqiPNCt99f8BUNltHg+3wt - O2ftwxe8HcTLg/j7vLV81d3DTm8PD7bklzdNX8ITu3uPJ5hlCjIs9Sc0RE7Jom4qr5FsNa74cNfC - 8KmNpps0UlurrnF6yX7ke5imucEitLxqNrgKs5xWnDUBfHwis4zDhHQu6yI94boq6KrlJYoX1GCP - bnrbt9dQ0zk3vTJozClbIe7xWNYWqMiGemsFXGReYlRtfTMFmKwtu6e9c9DrDw673rkNW7gLz2jX - Qrxr4WDTTLhU3KyeiUSnHvS/rbfykmagA6uhOyMcBYVc9PQ82zSfM7nomlTfe7BkmIDtJpab2xfl - YEe20S4iRkObdk71qOLsjIuZu8VPoLKXumAdXxyLFm5tLRFSjPBOp5MCLoHqhoOqffIuzq5/PT3/ - cHZ6PDq/Gn0YXV7+dYlpYAVpzBs3jHMgF9g2hSHWL+GaSFGsCJYkL6xRYiT5nStKLhSUWLak1siv - nivS7Sx+RoPhJx6Gg8P7xNuqWUQ244IWeGYI+qbI7Nq2rB1JWngdywuMrmsFeHyZgPXuurJF+xU8 - bqaHZzKsUV5fV59f+N9Gug2rXlM2wxmsY1ZnvPF13I453xVwNysF3cgSd7erAMtoJgupzptoJkUN - +5nC/rQZGCQ5kc1hy7LCKVGY9hS+dKafg/NObD57Y24K2EvI3VtaxQk5lnLGgdxyg/3RkCt3e5A3 - Bc0+2Vwx1UIyWuRSm2QYDsNgykWKTSw4iA7fO4MnDgqM8l4SS5Jkj/yvJvkB//3o1K9wwLGNA9Ww - xJ3o+HaEb3f4tT+I+i4OizlbQK/kRkFPqixAylF7DByHEkvVALf2clMWLqrGzo21cy1mQi462YWS - aY1Tz0hkWIAlwhmMET3rz+WOkZDf5GLfyB35V62B+D0JyF2kDfm7psqAIhuTO1Rh4zNy2m9fXZAr - RsWO/XbWwrG8xfm1ooLlwZhmGOw5MqGR1rxIT08ei45liTAR7Gb5I7GFeqUNlBpzTyvJkUh7iZO7 - 87IIl5QLzQ30kGu75Ai8zieSqrTDeY33yYZ11vIrwhpyYSRkAiCIBkMWLdMMNr5mViFTZJtPFjln - OSmBCo2LtNnRWkCM3okJEMoYdk5IyZxTUmMxMLWqsPXgPiGgue5763j+RGZk7reUDec2B2G5Ruja - qsSfWpgZxmHT43MgXEylKp0Okcp2Y4qr2jZDbMQzEL4NC40jwM1E8R8AAAD//+xZ22rbQBD9FWEI - OFDJK/mqQklMaKEPoSWGFkLBrKVVbGpd0CVKcP3vObO73tiKnZZQgh8MfpC1q5mzo7mcGVl8WfNH - OqCVcYmtKuDlFk+sLXholBKxdOAjBZ3YnE9Z4FdCJiBtZCEg0AiLDUQSWFQwz16kzyf+GmfoCum0 - xhsmpcgKKiK5UK4rdpZvEL2oPjAr3dZ+WNe1k9a8yGSkIWzFg5PNMxkpgDKF5qlGOOUliNasgq9O - 299+jiff7cm1DWIho1uryFIKEIqxNg/jRXJutc//wKmWZfoRzv2S4biHGI7bO7TQ365nJZrj35Jq - EfVrbGVma3PB8Ab5WiQZ2r/xEI9ghtDulN5meobNeDCnRLCXvzDf4KjimFMBav0tW5MNiU6m+Rur - FdGKC8QXEVZ0Av2wOxqOZu6QiW7gs8Dve5HvRgNiFZtN0PDKNkEveByG0IGKhfIVPjoxj6IqCBaX - LtuYmHIKCX21QVRh4qA0ym0yD6nLDnd7MxYJP2C9kHl+FPQHfDQaDsRs6IW8370IP0kpZ93xmfcF - P/WcHfNEJ2PbVrcKpyrsGhaxPYdCxcmq2XIRkMnsjPOCLIbnZcEB98PlFTzdyRIyfrPzPH7Ezf71 - +BE3e+BjR4zUE6p+U/O7K8SAda1jQEYSpXLVD6rEdYu8jI2fqzzNROcWERLMn0OOpi1YNTFMGvQo - SZPCXOfaUxJ4/9d9SgLvgfiUBPYkAcM2AO5OxdqKRrT6mkFuWnI9R26yDXCt1mrderlwaJrEDk2T - mJkmNRcMbRPJ/SJPE8V9dLNa6U8I6u8/HQEtjpSw2lzq/PeGnLf19aOzkfuhFfOHG1FUSxK8pVuO - BvJyXCoc92n5/2aHSpgRCl1onH6kcrJixpVpLucVpNIA2UXr7cDVD0jzrNfrJwAAAP//AwBoUfg7 - sRoAAA== + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZlsPWI4joBh6GJ36xZkWeI0QNMioKlriTVFqiTlx9L+913q + YTdJ3S0ZVgRIxMd9n3t4c+fBuqQy9RJPg0xBQ/qSg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozF+CNngG6QWUGgxI295llbGqmDuFt1EYRmFfw4cKjJ1uSjjXlFnOwPM97uxH0Sga4sKAmOMy + t7Y0SRCkMAdmU/Ve9akV1BhOZV+CDdCSDWjJgzjgxlQQdAoWsEH5s+nkctqLBkcj3KpdMF5y5xn0 + rTKMWsiU3jQxpLhCiTiM41446kXH0zBM4jgZDPvHw/iHMA5D56QzYtHxWs0znXTyAaYijLdht4sU + DNO8dInD3RfEFFQIn6TcWC6ZJSUHBkTNyUrpRd9JMyWvtHiiF5XkrlxU3NIltVQHSw6roHZr52B7 + FIWH0egnw/+CHwsse1WgVQcLNDmlZuFqVc2s+0rmVBjwvUbwFcZVy/pezhE4muWbU1gC+hp+8j3L + EVklosRLZIUxeg9gchjuO4i6g1Kr9xjqMyvRStd1qCvb1cEtPkPPLtwrya1FBcbb2nYQ/r2+a9Tc + rqh2QDa8KAVHh9MHKcFC1fAbjNaD0RPd/UrJuki2BRuER+hGPFjHg//XSgOLGqRoMBqusfW+gcF1 + Z/EwXh/G38Jii/xPnx7DMe7gOOfr1w0HYpFv3mHRs0xDhrTyCOvojhJV0+VfBHl8tO9gtO/g+LHy + htKaXUcYNXt7SS9qecxlRXPW+HH3aM9hFQM2uapEOuamFHTTIhq3V9Tis9DQ6dO7ryHrHT0HjTrt + eqv+PFGVy1ft6rXb4DLzEqsrZxuV2tdYNtdhbTY0YLCuhb9E4MOjsCPwh2nbRzPxlmYeHmwLXmqu + NLebZ6agEw8GT+NxXtAMTOAkTKeE44ZQq75ZZju+OlWrjtcG3mPkxoddIILOwDGTA+3D13q4Jw3R + PoRGI5ePnJpJydkpl4uX7mQMpZssJOsQVONqVZ9td6SSExws6EzABVDToFK3X9756dUvr85uT1+d + TM4uJ7eTi4s/LjA+bC2DCcEL0xzIOVKwtMTZJdwQJcWGYDtz4ZQSq8hvXFNyrqHAfiaVQcT1v9TW + EbaTF37kYTj6sEy85r3C2mHydz11r8GxDBmXVDy81M5FbXpr3Av0ruMIrGsmYXu7Kl3T/gscNyPM + M6HXCG+fvvtTx9PQuIPbz5QtcBDsINcpb2ydtLPWf3K4G9iCbm6Ku5dagoM6U0Lps8abmaigl2lk + rN24oshYNcVWRYmjqrRtFb5Wv/vJeSt3PwdTbgUcJOTmDS3jhJwoteBArrlFxrTkElilgbwUNPvo + YsVQhWJU5MrYZBSOwmDOZYq0FhxGx+9qheM6Fejle0UcSJID8o+S5Dv89X0tfonjlWMUFMPeb50c + V0DGGA9ujoH1STT0icPWNoqT6wme3eCf3jAa1K66srAV9AtuNfSVzgJEJXWV4jgDOTQHeLWf20LU + jjd6Xjs9V3Ih1erzLJ1rlVb4qk5khn1aYNaDKSbZ2axThA6TX9WqZ9WeNJWtgvgdCchNZCz5s6La + giY7lXtEYWczqqXfvDgnl4zKPffdeOf+hdhG9VkclxtjoTAYR1oqjtg5SOr9ukQuYwXl0nALfYQX + JszkM0V1uu/GI/3jHdCc5heENXhCKiUzAEkMWLJqwWWR60wDsDkCzCernLOcFEClwUPa3Gg1YLxv + 5QwIZQzJElKy5JRUiH+mNyWyDd77GwAA///sWW1r2zAQ/ismUEih9mwnTtJB6QLbYB/KQgsrlEFQ + bKcJjSXjl7qjy3/vc5Ksul7cjTJKPgTywYmk03Pne3nuwnmsar7TQHSBd30ruzgCdL2KOTmYxYxc + gSYPGgEJqQVeZa35UmSJPGOJjFIww2pOGRDZ9y7mJwQMwteFpYiFxTYV+0UqWimT6Mocrm0xbjUA + okXj8cbBG89JZ6OhssFPTkag28hGQKAR5jVEEpiXMNBOpA2dG9pfIhhRTGAy0l77S1VVjqhYnsqo + QBTGD066SqVH45I5ZM713XNWgEktSvjUvP/9eno1s68ubNRdGazmklSQK1M09FmUrPmx1T/+DUfZ + FOIj3PBPyuJ1URZvWC9QPivQWd9J0kQkrr016JDhdi4YIiBNLmnP7o1dxMDtoq6uoa6wGAtXFK47 + GHQ7MedlkjCqKL2/pV+yIfFDkb2x/BBPOEf0ECf9Fp0FSzYcRN5iMnSDBRQYj0893x9RtTObcMMr + 22J6wdMowh0oQb1nDLbuQT4ZJyOhr3aPKgQc1Dq5TWYf3cEEnu8NY8+NB350OgoHYTD2wkkQRS4b + Lb14ch6dSSlHg+mR/xUfdc5OGNdp07bVT7lT5nYFi9i+Q/nYScvFZh2SyeyUsZwshvOyPIDM4fHz + zB45KSf87U50/xG3W9n9R9xuhfcdMXJSpFpKTdia3GemJzsUT5SsVeOn8toNiBu2fykzgZb9Bqko + XD0HHg1ksGoime7R8ynN9TKdcQ+p4P1f+iEVvAfiQyroTAWGUADirYq4R5rl6mcXckXB9Ii6TVO6 + JkKumQi1F8yEpb1gmFrM79eZ4Iry6Iaz1P9FqK//gvReFP9vEqeEGaG4CR3IDyGnEvXwDy6kID/W + jzq7vhmA/N/mQy33pJewh8s4LzckuKGsnCdkxbRQitNUk2YOpLr5/eVh/8VpfUCi3W63TwAAAP// + AwCy0iig+hoAAA== headers: - ATL-TraceId: - - dfb4fd9cd74f9f2b - Connection: - - keep-alive + Atl-Traceid: + - 1691d9b6152bfc3a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:47 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e805ac1c-acd9-420b-8568-9e494348f8b6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '270' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 7dd14041-751f-4cc5-8ddc-09ab5cfb699a - x-envoy-upstream-service-time: - - '133' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1060,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbdunSvIk+qMgU1j2JSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9IimgOs0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGG1392+7h9e+v/tbhll - Voi/FaiCCt4rpM3kwnE0PvXHyeQDdy4sOofkMjj9G0G8BFhzMe9FKmANNVmRPKwnDYctJzUGgBvI - cM5HM+fefhiv2Rp6oJxQ3lBMN/SPVeOjtyGDbbeVjLUGWtNaZZUgtiFyw1hnaSOV1JoJIm13VZBc - aXgaZoHKO1YsLj0HJYp9Qu6ikPEfhz06n38AAAD//wMAv2IwWFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUTAmKkpoU/2w/fjgjE9gXVJuCmNMwRvGaiwaxLKSrKa9RFX3nJcai/pvQbRr + w+MwS1jfMXKx8cn3co1PYC8TaPe238H5/AUAAP//AwCpMBDHWgEAAA== headers: - ATL-TraceId: - - e82b370a452c1498 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:15:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 9bf0c5cd83b577d0 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 2b2986f9-330b-4874-916a-7b2653c0a2da - x-envoy-upstream-service-time: - - '40' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 77a3180f26b2c0e0 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:35 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fec2e4f4-e327-4412-86c9-03f841b9a12a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '126' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - f1810791-55d4-44a3-894b-703d1a806ae1 - x-envoy-upstream-service-time: - - '74' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1237,94 +952,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11402 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11815 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xEldAMbSJu2XLsixxGqBpUdDUWWJNkRpJ2fHa/Pcd - KSlO3blr0wZopBN5L88995D5EMBtTWUeZIEGmYOG/CUHkZtQ0gpMaFgJFQ1VDZparqQJIee2AktD - VlJZgFBFuABt8BvkF1BrMCBtt5Y1xqpq5hy+S+I4iQca/m7A2MmqhnNNmeUMgjDgLn6SDOMUXwyI - Gb6W1tYmi6IcZsBsrt6rAbWCGsOpHEiwEUayEa15lEbcmAai3sEcVrj/bDK+nOwmSfwUTT4FE2Qf - AoO5NYZRC4XSq7aGHN9wRxqnCW7YTeNJvJ8l+1m6N9hPD3/CvGOXpAtiMXHv5pFJuv0R+vOJtmV3 - LzkYpnntgEPrc2IqKkRIcm4sl8ySmgMDomZkqfR84HYzJa+0+JosDLBGQ7TgsKQLaqn+2fB/4FmF - vWyqJ63pJH+WxHvJqHt1HXq2LjkMHB8w1oSauWtSM7XuKZtRYSAMeh9B5p2EQcmRMZqVq1NYACYZ - 34WB5UipGukRZLLB4oJaq/eY8SMB7XZ7OH2DejjdywMSrJO/ktxadGCC+9iuzt/9WqNmdkm1q9Xw - qhYcSZNvFIh4exYNR7fD0dek2yHfBevAr7nDGv89hH4YH2LkdHibDh/t2HfVE+eJ6X5/IVZycJsc - fF+s2z5Y9/CFaHvp7V76fdE6vpr+YWu0uzs38revWl3Cjt28xQ4WhYYCR/0zGiKnlGjayWstG8KV - Hm77MPrcR6smrdXNqhfOINtNwgDLtK9wCB2vugXUosK2yvTtE9Dq3lrpotaddvz2j0eqcWUmTr2u - nYHLIsisbuCuEzTnTXPWFv/hM5vLDJeaUjUiP+amFnTVzQSamQYs1o3df2lnOhr12rkJW7wNz2Tb - h3StGVxpblePhKzfHg2/TUJ5RQswkdtheiccDUItB2ZRrDXmVC17LRoGDqONQvb6QgSdglMTx83N - g/JgCwzJNiImI4dHSc245uyUy7k/xY+hdoe6ZH3PfCeX/tu9RSo5xjOdTgVcADUtD3T3FJyfXv1y - cvbu9ORofHY5fje+uPjzAuvDCTIICC6YlEDOUTalJS4u4YYoKVYER5IL55RYRX7jmpJzDRWOLWkM - MnTgh3SziqfoMP7I4/jgcJoFGzOLkBdcUoHNxG6sh8x927R1V5IOXs9qgdn1UoB9LSTcr25qN7Rf - weP29vBI6rWb74+rTw/8b2Pjmm4vKJvjHaynXO+8jXXUXXO+K+H+rhT1V5a0P10lOKozJZQ+a7OZ - igZ2C40asb4wKHKs2marqsZborRdF77U00/BeSPXPzsTbgXsZOTmNa2TjBwpNedArrlFjbLk0p8e - 5KWgxUdXK5YqFKOiVMZmo3gURzMuc5TBaC85eOsdHnsoMMv3ijiSZDvkf3eSH/C/H/32S7zgOEXB - bTj73nR0Pca3G/y1e5AMfR4Oc7aEQcWthoHSRYSUo64NHC8ljqoRLh2UthI+q9bPK+fnSs6lWva2 - c63yBm89Y1ngAFYIZzRB9Fw8XztmQn5Vy12rttRfdw7StyQiN4mx5K+GaguarF1u2QrrmInf/fr5 - OblkVG5Z7+5aeC0/bHF+oalkZTShBSZ7hkxorQ0X+cnxQ9ORqhAmgmpWPjA7qFfGQmWw9rxWHIm0 - k3m775dDuKJcGm5hgFzbZkfgTTlVVOc9zvd4H69Z5zw/J6wlF2ZCpgCSGLBk2THNovC1dxUyQ7aF - ZFlyVpIKqDT4kbYrOg+I0Rs5BUIZQ+WEnCw4JQ0OA9OrGqUH10kJ7ZE7uM/nD2RG4f+WculclyAd - 1wi996rwTy2sDPNw5fEFEC5nSld+D1HaqTHFr8aJIQrxHGTo0kLnCHB7qv8LAAD//+xZ22rbQBD9 - FWEIOFDJknxVoaQmtNCH0BJDC6Fg1tKqNrWkRZcowfW/98zuamOrdlpCCX4w+EHWrmZmR3Nmzows - tq7ZIx3QEkzaVhWIcoul1o55aJRSvnYQIwWd2JxPeeB7Si4gbeQhWKAtLBoTSWBRwT0HLX068adE - oCuk05pomJVcFFREcq5Cl+8t3wK9qD5wK93WcVjXtZPVrBASaYAtf3DEUkikwJQ5NM+1hXNWguws - KsTqvPv523T2xZ7d2CjUEt1ahcgIIISxLouSVXppdS9/IajWZfYWwf0nw/GOMRxvcGxhuFvPSjTH - PyVZI/rV2uqare2FY7zBNbxBvi9Jnw5vNIQWbmHhkrB+gD6303VbSmDUVUnCqAB1/patyYdEJ7P8 - hdWKaMUV8EWUF53AMOpPxpOFN3Z5PwzcMBj6ceDFI2IVzSZoeGYbpxc8jSLoQMVC+YoenYTFcRWG - q/ee23iScgoJfbZBVDBxUBrlNpmH1GWPeYOFG/MgdAeR6wdxOByxyWQ84ouxH7Fh/yp6J6Vc9KcX - /kf81HN2wlKdjG1b3SqcqrBreMT2HYKKI6rFehWSy2zBWEEew/Oy4ID74fIake6IlJzf7jxP3+J2 - /3r6Frd74FO3GKknUj2f5nfXwIB1ozEgkUSpXHWUKnHdIS9j44cqzwTv3QEh4fIJcjRtwarBMGnQ - oyRNCnOda89J4PVf9zkJvIbF5yRwIAm0CQToU2ezpWca2gGrfygQbmh2q69dKMxKpgfMbSnHpkmu - mSa1F8x0pr1gaBtP71d5lipipJvVSn9CUH//yVK0OFLCprnU+e8FOW/n60evkfumk7CHW15UaxK8 - o1uOBvJyWio77rPy/00flTAjFLrQOH3N5GSlGRnSRJTmFaTSGLJvrb9nrn5Aume73f4GAAD//wMA - oSDRybEaAAA= + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZlsvcRNXQHDkMXO1i3IssRpgaZBQFNniTVFqiQV22vz33fU + i506cbdkWBEgkXi89+ceXT55sCypTL3E0yBT0JAecxCp8SUtwPiG5VBQX5WgqeVKGh9Sbguw1Gc5 + lRkIlfm3oA3KID2HUoMBadu7rDJWFTNn8CYKwyjsa/hYgbGTVQlnmjLLGXi+x53/KBpGL/DFgJjh + a25taZIgSGEGzKbqg+pTK6gxnMq+BBugJxvQkgdxwI2pIOgMzGGF+qeT8cWkFw1evsSjOgTjJZ88 + g7FVhlELmdKrJocU31AjDuO4Fw570atJGCZxnAwG/Rf70Q9hHIYuSOfEYuC1mWcG6fQDLEUYr9Nu + X1IwTPPSFQ5PD4kpqBA+SbmxXDJLSg4MiJqRhdLzvtNmSl5q8cQoKsldu6i4obfUUh3cclgEdVib + AFtRFO5Hw58M/wt+LLDtVYFeHSzQ5YSauetVNbXuKZlRYcD3GsXXmFet63s5R+Bolq9O4BYw1vDO + 9yxHZJWIEi+RFebobcFkP+wEpVYfMKNnFrzVrstdN7Art3u5B5JNVpeSW4sGjLf27ZD6e33XqJld + UO3wanhRCo4Bp1uZYz9qlA2Gy8HwieF+pTNdJuu+DEKH6niwjAf/r5em+zUW0WF0sIwOvoXDZedx + P17ux9/CYwvwu7uHcIx24TTuBDO+fNNwIHb/6hrRkGUaMqSVB1jHOJWomil/1Gr8cpdguEvw6qHx + htKaU0cYNXt7SS9qecyVS3PWxPHpwZkDMVbC5KoS6YibUtBVC3U8XlCLn4WGTp8+lg1Zb+g5aMxp + N3T145GqXL3qUN+6Ay4zL7G6cr7RqH2D/XSj11ZDAybrZvsxAo9eHHQEvl22Nc1sC3Y1PF43fFuw + v2EsrjS3q2fWplMPBk8jeF7QDEzgNExnhOOBUIu+uc02DHeiFh0TDry6nFNwlOVAu/21PtiRbbQL + odHQpZ1TMy45O+FyfuwkIyjdZiFZh6AaV4tatj6RSo5xsaBTAedATYNK3T55ZyeXv7w+vTl5fTQ+ + vRjfjM/P/zjHNHC0DOaNFyY5kDPkZmmJ80u4IUqKFcE558IZJVaR37im5ExDgYNOKoOI6z827xGO + kxd+5mE4/CgTb2uYsbIZl1Rgz7DomyFzsu2zdi9qy1vjXmB0HUdg+zIJ69tV6Yb2X+C4WWGeibBG + ef1N/HLreBroNqj6mbI5LoIdsjrjja+jdtf6TwF3C1vQ7U1x9wmX4BDNlFD6tIlmKiroZRoZa7Ou + KDJSTbNVUeKqKm3bha/19MvivJebn70JtwL2EnL1jpZRQo6UmnMgb7lFxrTkAlilgRwLmn12uWKq + QjEqcmVsMgyHYTDjMkVaC3BJuq4NjupSYJQfFHEgSfbIP2qS7/DX97X6Ba5XjjhQDUe8DXJUARlh + Png4AtYn0YFPHLbWWRy9HaPsCv/0DqJBHaprC1tAv+BWQ1/pLEBUUtcpjsuRQ3OAV/u5LUQdeGPn + jbNzKedSLe5X6UyrtMLP7VhmOKcFVj2YYJGdz7pEGDD5VS16Vu0oU9kaiK9JQK4iY8mfFdUWNNmY + 3KEKG59Rrf3u8IxcMCp33Hd7n/sXYp3VvTwuVsZCYTCPtFQcsbOX1Od1i1zFCsql4Rb6CC8smMmn + iup0140H9kcboDnLh4Q1eEIqJVMASQxYsmjBZZHrTAOwGQLMJ4ucs5wUQKVBIW1utBYw3/dyCoQy + hmQJKbnllFSIf6ZXJbIN3vsbAAD//+xZbWvbMBD+KyZQSKH2bCdO0kHpAttgH8pCCyuUQVBspzGN + JeOXuqPLf+9zkqI6Xt2NMko+BPLBiaTTc+d7ee7CeaxqvtNAdIF3fSu7OAJ0vYo5OZjFjFyBJg8a + AQmpBcJlJXwp8lSesUROKZhhtaAMiOx7F/MTAgbhSWkpYmGxdc1+kYpWxiS6qoBrW4xbDYBo0Xi8 + dvDGC9LZaKhs8JOTEeg2shEQaITFFiIJLCoY6EWkDZ0b2l8iGFFMYDLSXvtLXdeOqFmRyahAFMYP + TrbKpEfjkjlkzvXdc1aCSS0q+NS8//16ejWzry5s8AQZrOaSTJArUzT0WZQm/NjqH/+Go6xL8RFu + +Cdl8booizfsWgiaBapEy30n2RSxu9ZW12xtL3QRAdcQAfkuJO15eaOhrju1tJ1v26cMr4U5Wbii + WFZJu6jSlFFF6f0t/ZINiR+K/I3lh3jCOaKHOOm36CxYsuEg8haToRssgHE8PvV8f0TVzmzCDa9s + i+kFT6MId6AE9Z4x2Lo5+WScjIS+2laqEHBQ6+Q2mX10axN4vjeMPTce+NHpKByEwdgLJ0EUuWy0 + 9OLJeXQmpRwNpkf+V3zUOTtlXKdN21Y/FU5V2DUsYvsO5WMnqxbrJCST2RljBVkM52V5AJnD4+eZ + PXIyTvjbLer+I273uPuPuN0j7ztipJ5ItZSasDW5z0yPfCieKFmrxk+lrxsQN2z/UuUCvfwNMk64 + eg48mtRg1UQy3aPnU5rr5TrjHlLB+7/0Qyp4D8SHVNCZCgzzAMRbFXGPNOTVzy7kipLpEXWbiXRN + hNyuiZBrJkLtBcPUYn6f5IIrVqMbzkr/F6G+/gvSe1H+v0mcEmaE4iZ0ID+EnEpsh39wIQX5cfuo + s+ubAcj/bT5s5Z70UvZwGRfVmgQ3lJXzhLyclkpxmmrSzIFUN7/vHvZ3TusDEu1ms3kCAAD//wMA + 3gi3wPoaAAA= headers: - ATL-TraceId: - - cd9706895993193a - Connection: - - keep-alive + Atl-Traceid: + - 121c363a33ae3cf7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 27930dcb-fed8-4c86-9d84-499269bf4f77 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '276' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 4eef36a0-c1ba-4407-b558-f6902d4b480d - x-envoy-upstream-service-time: - - '150' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1334,89 +1054,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - ef5a01198ecd7ecc - Connection: - - keep-alive + Atl-Traceid: + - 607367361f984e8a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:51 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 81f7334f-050e-449b-b3c7-cba88370da43 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '190' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 92b96fd4-095d-4430-b784-ed2cbc5506b7 - x-envoy-upstream-service-time: - - '98' status: code: 200 message: OK - request: body: '{"fields": {"labels": ["tag1", "tag2"], "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/316]\n\n*Defect - Dojo link:* http://localhost:8080/finding/316 (316)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/117]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com\n* - https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA cookie has been - set without the secure flag, which means that the cookie can\nbe accessed via - unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then\nit should always be passed using an - encrypted channel. Ensure that the secure\nflag is set for cookies containing - such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/318]\n\n*Defect + Dojo link:* http://localhost:8080/finding/318 (318)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -1429,53 +1154,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1333' + - '1286' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11402 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11815 response: body: string: '' headers: - ATL-TraceId: - - 2dc46788905b8fed - Connection: - - keep-alive + Atl-Traceid: + - d0ea9a4a4ec9e0f4 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:36 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 273f4573-18ca-49ec-a625-469775c66a71 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '307' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - a93ce0a8-0452-4315-93ce-08481f4148dc - x-envoy-upstream-service-time: - - '208' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1485,94 +1214,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11402 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11815 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC92HVdAMbSJu2bLsixxGqBpUNDUWWItkRpJ+WVt//uO - lGSnSZ21aQzE0pG8l+eeO54/erCqqEi9xFMgUlCQvuJQpNoXtATta5ZDSX1ZgaKGS6F9SLkpwVCf - 5VRkUMjMX4DSuAbpOVQKNAjT7mW1NrKcWYXvozCMwp6Cf2rQZrKu4ExRZjgDz/e4tR9FgzDGFw3F - DF9zYyqdBEEKM2AmlR9kj5qCas2p6AkwAVoyAa14EAdc6xqCTsEc1nj+dDK+mOxHUfgMRc4F7SUf - PY2+1ZpRA5lU6yaGFN/wRBzGER7Yj8NJ+DSJniZxv/c0PvgF/Q6tk9aIQcedmkc6ac8HqM852oTd - vqSgmeKVBQ6lL4guaVH4JOXacMEMqTgwIHJGllLNe/Y0k+JSFd/ihQZWKwgWHJZ0QQ1Vv2r+Lzwv - MZd1+aQRHafPo7AfjdpXm6Hn25B9z/IBbU2ontsk1VNjn5IZLTT4XqfDS5wS38s5MkaxfH0CC0An - w8++ZzhSqkJ6eImoMTivUvIDevxIQNvTDk6XoA5O+3KLBFvnLwU3BhVob2PbxvmH26vlzCypsrFq - XlYFR9KkdwJEvB2LBqPVYPQt7rbIt8Za8Ctusca/29APwgO0HA9W8eDRil1WHXGe6Pb7AVvRcBUN - f8zWqjPWPjxgrR+v+vGPWWv5qruHndY+f7Ylv3rT9CXM2PUNZjDLFGRY6vdoiJySRd1UXiO507ji - g10Lo/s6mm7SSG2tusbpJftR20IsgxVnjbmP92SWX+i+zmVdpEdcVwVdtyxEMQJl3mAZW2a2JqjB - Ht30tu+voaZzbntl0KhTtkLc46GsLVDO+Ssr4CLzEqNq6w1TgMHasvta74xHo6533oUt3IVntGsh - 3rXQ3zYTLhU360ci0R0PBt/XW3lJM9CBPaE7JRwFhVz29CLbNp8Tueya1MBzqZyC7SbXnqFZhEv4 - FXs39yK0NfrV0KNdrIxGFoOc6nHF2QkXc3elH0Flb3jBOjo5ki3d2kYipBjjBU+nBZwD1Q1FVfvk - nZ1c/nZ8+v7k+HB8ejF+Pz4//+scHcdy0ggCbpjkQM6whwpDrF3CNZGiWBOsT15YpcRI8jtXlJwp - KLGGSa2RbD1XsXejeIYKw088DIcH08S7U8AIc8YFLTCBmIFtxdm1u7J2Pmn7gKN8gd51fQFzmQnY - 7K4rW8FfJXV/2BsONgNBM0o8km7N4c3d9eXt/30M3FLsJWVzHMg6mnXKG1uH7czzQw53g1PQzS9x - d9UKsPRmspDqtPFmWtSwnylsX9vpQZIj2SRblhWOjMK0WXgop1+C805sP3sTbgrYS8j1W1pFCTmU - cs6BXHGD7dOQC3eVkFcFzT7ZWDHUQjJa5FKbZBSOwmDGRYodLehHwxun8MhBgV5+kMSSJNkj/3uS - /IT/fnbHL3DasV0Ej2G9O9Hh1RjfrvFrfxgNnB8Wc7aEXsmNgp5UWYCUozYNHCcUS9UAt/ZyUxbO - q0bPG6vnUsyFXHayMyXTGkegsciwAEuEM5ggetaeix09Ia/lct/IHfFXrYL4hgTkOtKG/F1TZUCR - rcodR2FrM3Kn3744IxeMih377eCFM/pBg/NLRQXLgwnN0NlTZEIjrXmRHh/dFh3KEmEi2M3yW2IL - 9VobKDXGnlaSI5H2Eid3+bIIl5QLzQ30kGu75Ai8zqeSqrTDeYP30ZZ1VvMLwhpyoSdkCiCIBkOW - LdMMNr5mcCEzZJtPljlnOSmBCo2LtNnRakCM3okpEMoYdk5IyYJTUmMxMLWusPXgPiGgmQZ6G3/+ - RGZk7oeVdecqB2G5RuhGq8TfXRgZ+mHD4wsgXMykKt0ZIpXtxhRXtW2G2IjnIHx06z8AAAD//+xZ - 22rbQBD9FWEIOFDJknxVoSQmtNCH0BJDC6Fg1tIqNrWkRZcowfW/58zuSrEVKy2hBD8Y/CBrVzOz - o5kzZ0YcwuFgRTgMti7ZIx3QEEzaVmSIcoPFxo556JpivrYQIxmduD6f8sCvmFxA2shDsEBbmFUm - ksCsgHsOWvp84q+RQItIp62jYZZzkVERSbkKXb63fIPsRfWBW+m2jsOyLK2kZJmQmYa05Q+WWAqZ - KTBlDs1zbeGc5eBhiwKxOu9++zmdfTdn1yZYhsxurUIklCCUY10WRKv43Oie/0FQrfPkI4L7Jd1x - 2uiOM9gtWzka4t+SXhEBbG4dtsiwWxfaeINd8wb5viRlOryxZrfNBa9a2KvJTdyGM5m/JIRQGJ8V - UcSoAHX+htbkQ+KWSfrGakW04gL5RewVbcEw6E/Gk4Uztnnf92zfG7qh54QjYhXVJmh4ZRunFzwN - AuhAxUL5Ch6tiIVh4furS8euPEmYQkJf7RZVmlgojXKbxCF12WPOYGGH3PPtQWC7XugPR2wyGY/4 - YuwGbNi/CD5JKWf96Zn7BT/1nBmxWIOxaapbmVVkZgmPmK5FqWKJYrFe+eQyUzCWkcfwvCw44H64 - vEKkWyIm5zfb0OO3uNnMHr/FzYb42C0GJgWqHdX87go5YFzrHJCZRFCumkOFaLfAZWz8XKSJ4L1b - ZIi/fE45Gr1gtc5h0qDnSpoUphprTyDw/q/7BALvYfEJBA6AQE0qYNydyrUNzWv1tQ25Sc70ULlJ - TcC1Optt5+VC22jJbhst2fVoqblQ0zYe36/SJFYURzerhf6eoP7+0xHQ4kgJm+pS498bMG/nU0iv - kvuhE7GHG54VaxK8o1uOBtJ8mis77pP8/w0SlbBaKHShcfqRyMlKNc2k8SjNK0hlbci+te6eufoB - 6Z7tdvsEAAD//wMAMuHZ/r4aAAA= + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZmstziJK2AYutjd2gVZljgt0DQIaOossaZIlaRie23/+456 + sdsk7pAMKwLEFo/3/tyj80cPVhWVmZd6GmQGGrIXHERmfElLML5hBZTUVxVoarmSxoeM2xIs9VlB + ZQ5C5f4taIMyyM6h0mBA2u4uq41V5dwZvImjKI4CDR9qMHa6ruBMU2Y5A8/3uPMfx6P4AB8MiDk+ + FtZWJg3DDObAbKbeq4BaQY3hVAYSbIiebEgrHiYhN6aGsDewgDXqn04nF9NBPDw6wqMmBOOlHz2D + sdWGUQu50us2hwyfUCOJkmQQjQbxs2kUpUmSDofBwX78U5REkQvSObEYeGPmiUE6/RBLESWbtLuH + DAzTvHKFw9PnxJRUCJ9k3FgumSUVBwZEzclS6UXgtJmSl1o8MopactcuKm7oLbVUh7cclmET1jbA + ThRH+/HoF8P/hp9LbHtdolcHC3Q5pWbhelXPrPuWzqkw4Hut4kvMq9H1vYIjcDQr1idwCxhr9Nn3 + LEdkVYgSL5U15ujdgcl+tEsQ94JKq/eY6hM70Wk3fWg62/fBPXyBnm26l5JbiwaMt/HtIPxHc9eo + uV1S7YBseFkJjgFnd0qCjWrgNxythqNHhvuNlvWZbBo2jBzck+EqGf6/XlpYNCBFh/HhKj78Hg5X + vcf9ZLWffA+PHfI/f74Px6SH45yvXrcciE2+usam57mGHGnlHtYxHCXqdsofBHlytEsw2iV4dt94 + S2ntqSOMhr29dBB3POaqojlr4/h478xhFRM2hapFNuamEnTdIRqPsbz2NZbOobxzQS2+KFqCffw8 + tvS9JeywNafdtDVfj1XtKtgE/8YdcJl7qdW1i4ZpwGTdCD9E4PHBYU/gd8u2i2aSDc3cFWwaflew + vyUmrjS36ydWolcPh48jeF7SHEzoNExvhOOBUMvA3OZbIjtRy57whl7Tyhk4ZrryLM1jFOFH4l3f + y9BN94Opx7vgGo9cDQpqJhVnJ1wuXjjJGCq3ZkjWw6kB2bKRbU6kkhPcMuhMwDlQ00JUd9+8s5PL + 316e3py8PJ6cXkxuJufnf55j4DhnBouAF6YFkDPkY2mJ80u4IUqKNcHZ5sIZJVaRV1xTcqahxOEm + tUGwBQ/NeIyz5UWfeBSNPsjU1QcHGvuFBd8O2FfTjqXPuaTi7qVuSeoIooG8wOh6wsBe5hI2t+vK + TfCDoD5IgiQ56kHd7jNPhFurvHkPfr2CPA6BW4j9StkCt8IeZr3x1tdxt3j9p4D77S3sl6ikf21L + cPBmSih92kYzEzUMco30td1dFBmrttmqrHBvlbbrwrf693Vx3snt396UWwF7Kbl6S6s4JcdKLTiQ + N9wifVpyAazWQF4Imn9yuWKqQjEqCmVsOopGUTjnMkNGC3Fjum4MjptSYJTvFXEgSffIv2qSH/Df + j436Be5ajkVQDee9C3JcAxljPng4BhaQ+NAnDlubLI7fTFB2hR+Dw3jYhOrawpYQlNxqCJTOQ0Ql + dZ3iuBA5NId4NShsKZrAWzuvnZ1LuZBq+WWVzrTKanzFTmSOc1pi1cMpFtn5bEqEAZPf1XJg1Y4y + VZ2B5JqE5Co2lvxVU21Bk63JHaqw9Rk32m+fn5ELRuWO+27Xc78nNll9kcfF2lgoDeaRVYojdvbS + 5rxpkatYSbk03EKA8MKCmWKmqM523bhnf7wFmrP8nLAWT0ilZAYgiQFLlh24LHKdaQE2R4D5ZFlw + VpASqDQopO2NzgLm+07OgFDGkCwhI7eckvofAAAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6U + hRZWKIOg2E4TGkvGP+qWLv/73kmy6nh1N8oo+RDIByeSTu/ku6d3F8R/mD2mYBvM4zxWAsBpILrA + u76VJR0Bul7FnALMYsauQMUHj4CE3ILIstZ8KbJErrFERhTMMJoTA4J972J+QsBgfF1YSmVYbFOx + R3LRSplEV+YIbYtxqwEQ9RqPNw7eeE4+Gw/VGfzkdAi0G50REGiEeQ2RDOYlDuhFpA2fG95fIhlx + meDIyHsdL1VVOaJieSqzAlkYPzjpKpURjU3msDnXe89ZAVm1KBFT8/736+nVzL66sCEaZLKaTVJB + oUzZ0GdRsubHVv/4FwJlU4iPCMM/9YvXpV+8YT1AfFagzL6TeokUXXtq0GHD7RzoEgKuEQLyXUgN + 9PLELh3rGh27c6G2iRjHycIV5bIi7bxMEkY3Su9v9EtnSGJRZG+8fkgnnCN7SI5+i86CJRsOIm8x + GbrBAg6Mx6ee74/otjOTsMMr02J6wdMowh64gnrPGGxdkHwyQUZGXy0lVQo4uOvkNMk+upwJPN8b + xp4bD/zodBQOwmDshZMgilw2Wnrx5Dw6k1aOBtMj/ys+ap2dMK5p07bVT7lT5naFE7F9h/jYScvF + Zh3SkdkpYzmdGNbL6wFiDo+fZ/bISTnhb5el+4+4XdfuP+J2XbzviMFJkaovtWBrap+ZbvNQPhFZ + q5pP8doNhBumfykzgfr9BowTrp4Tj7ozGDWZTPvoZpXWeplm3AMVvP9LP1DBeyA+UEEnFRiBAYi3 + KuOeqLGrn13YFQXT/eq2TOlqD7ld7SHXtIfaA0apxfx+nQmuVI0uOEv9x4T6+i9I70Xx/5pwypgx + ip1QgfwQsitRdwIRQgryU/2o2fXNAOSfOB9quye9hD1cxnm5IcMNZ2U/ISumhXKcWpzUcyDXze+7 + i/2d1XqBRLvdbn8DAAD//wMAEmeqQgcbAAA= headers: - ATL-TraceId: - - 2a244a46eeb98515 - Connection: - - keep-alive + Atl-Traceid: + - 3c83bc64bf3e1e4b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:37 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:52 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 376e78d4-6c88-4f92-88dd-eb2deebb616c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '247' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 5705ea6e-9b3d-4feb-9753-48b11207f2fb - x-envoy-upstream-service-time: - - '103' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1582,174 +1316,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbZu3SvIk+qMgU1j2JSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9IimgOs0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGG1392+7h9e+v/tbhll - Voi/FaiCCt4rpM3kwnE0PvXHyeQDdy4sOofkMjj9G0G8BBi9mPciFbCGmqxIHtYTymHLSY0B4AYy - nPPRzLm3H8ZrtoYeGk4aTjtMyeaPVeOjtyGDbbeVjLUGWtNaZZUglhK5YayzDZVKas0Ekba7Kkiu - NDwNs0DlHSsWl56DEsU+IXdRyPiPwx6dzz8AAAD//wMAxS9KploBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPT6UdqbqIHFVmF7Z5kkbRJsJImpU2FZdn/boqLH7fhneeZ + lzlBK2e9nywIeA9hnMVmo7TRXVD+wzMZrJznXjrmdIAEPvU0995FOEPMGDJMd9ubl939c/O73S5D + GycQryuUYIKHBJQerT8O2oXmOOp44Nb6RUWpXXqrvhUQUSAsL+GdDCtISJRinWa8wVogF1QyRLyK + JEZ/1lPsbfrhH3vdIAoiURaMqPhhu+HBGR/Bqsi4yY0xOa+JKsxrxKKUVGWdRFV1nBca8+pvQbBr + w2M/SVjfMXKx4cl3co1PYC8TaPe238H5/AUAAP//AwDWpbQTWgEAAA== headers: - ATL-TraceId: - - 3230df332b033c14 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:15:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 952a0e0b51f3dbe7 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - a15f947e-eb1c-46fd-b250-f2e761019a42 - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - d19b6f709d63f601 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f37aa604-bea3-4089-be60-1fb46e9a4cd7 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '147' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 5ee36c50-5aeb-4fcd-958e-e52d7e9eb69f - x-envoy-upstream-service-time: - - '78' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1759,89 +1386,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11402 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11815 response: body: string: !!binary | - H4sIAAAAAAAAA6RXa2/bNhT9K4Q+FFumWA+7jiugGNrEXbNlWZY4DdA0KGjqWmItkRpJ+bE2/32X - lGSnSd21aQzE4hXv+9xD+qMHq4qK1Es8BSIFBekrDkWqfUFL0L5mOZTUlxUoargU2oeUmxIM9VlO - RQaFzPwFKI3vID2HSoEGYdq9rNZGljNr8H0UhlHYU/BPDdpM1hWcKcoMZ+D5Hrf+o2gQxrjQUMxw - mRtT6SQIUpgBM6n8IHvUFFRrTkVPgAnQkwloxYM44FrXEHQG5rBG/dPJ+GKyH0XhMxS5ELSXfPQ0 - xlZrRg1kUq2bHFJcoUYcxhEq7MfhJHyaRE+TuN97Gh/8gnGHNkjrxGDgzswjg7T6AdpzgTZpt4sU - NFO8soVD6QuiS1oUPkm5NlwwQyoODIickaVU857VZlJcquJbotDAagXBgsOSLqih6lfN/4XnJfay - Lp80ouP0eRT2o1G7tB16vk3Z9ywe0NeE6rltUj019imZ0UKD73U2vMQZ8b2cI2IUy9cnsAAMMrz1 - PcMRUhXCw0tEjcl5lZIfMOJHFrTVduV0DerKaRd3QLAN/lJwY9CA9ja+bZ5/uL1azsySKpur5mVV - cARNei9BrLdD0WC0Goy+Jdy28q2ztvgVt7XGv7ulH4QH6DkerOLBow27rjrgPNHt91d8RcNVNPwx - X6vOWfvwFW/9eNWPf8xbi1fdPez0dntrR371puEl7Nj1DXYwyxRkOOoPYIiYkkXdTF4juUdc8cGu - F6OHNho2aaR2Vh1xesl+hEtqkE8bHvp+vDcst+W1oDGnLJrd46GsbVKR5aorK+Ai8xKjarht6cta - U5w1qX58ILOR4Vady7pIj7iuCrpuJwDFGJZ5gxRip6KthgJM1o7dl7gzHo067rxftnBXPaNdL+It - Z3CpuFk/soidejD4PgrlJc1AB1ZDd0Y4Cgq57OlFtuWYE7nsuGjg3T5MpN8lUtApWDa59gzNItTB - r9i7eaBhZ/SLNYl2oTIa2eLkVI8rzk64mLsj/Qgqe8IL1rXUNXrp3m0kQooxHvB0WsA5UN3ARLVP - 3tnJ5W/Hp+9Pjg/Hpxfj9+Pz87/OMXAcJ43VwQ2THMgZcqgwxPolXBMpijXB+eSFNUqMJL9zRcmZ - ghJnmNQaAdxzE3s/i2doMPzEw3B4ME1sfXBusZHYie2AfTbU2JOMC1rc39TeT1oecKAvMLqOF7DJ - mYDN7rqyE/xFUPeHveFgcyForhKPxGGjvDm7Pj/9vw+aW+y9pGyOF7IOf53xxtdhe+f5oYC7i1PQ - 3V/i7qgVYHHPZCHVaRPNtKhhP1NIIdvbgyRHsmm2LCu8MgrTduFr/fu8OO/E9rM34aaAvYRcv6VV - lJBDKeccyBU3SGGGXLijhLwqaPbJ5oqpFpLRIpfaJKNwFAYzLlJkyaAfDW+cwSNXCozygyQWJMke - +V9N8hP++9mpX+Btx9ILqiERONHh1RhX1/i1P4wGLg5bc7aEXsmNgp5UWYCQo7YNHG8oFqoBbu3l - pixcVI2dN9bOpZgLuexkZ0qmNV6BxiLDASyxnMEEq2f9udwxEvJaLveN3JF/1RqIb0hAriNtyN81 - VQYU2ZrcoQpbn5HTfvvijFwwKnbstxcvvKMfNHV+qahgeTChGQZ7ikhopDUv0uOju6JDWWKZCLJZ - fkdsS73WBkqNuaeV5AikvcTJXb9shUvKheYGeoi1XXIsvM6nkqq0q/Om3kdb1FnLLwhrwIWRkCmA - IBoMWbZIM0h8zcWFzBBtPlnmnOWkBCo0vqTNjtYC1uidmAKhjCFzQkoWnJIah4GpdYXUg/uEgOZE - 7m3i+RORkbkfVjacqxyExRqhG6sSf3dhZhiHTY8vgHAxk6p0OkQqy8YU32pLhkjEcxA+hvUfAAAA - ///sWdtq20AQ/RVhCDhQyZJ8VaGkJrTQh9ASQwuhYNbSqja1LugSJbj+957ZXW3srZ2WUIIfDH6Q - tauZ2dGcmTMjDuFwsCz6Fls37JEOaOVM2FaXiHKLpdaOeeiaUr52ECMlnVifT3rge0ouIG3kIVig - LCxbE0lgWcM9By19OvGnJEeLSKfV0TCreF5SESm4DF2+t3wL9KL6wK10W8Vh0zRO1rAyF0gDbPmD - ky9zgRSYMofmubJwzipwoUWNWJ13P3+bzr7YsxsbVVugW6nIMwIIYazLomSVXlrdy18IqnWVvUVw - /0l3vGN0xxscWxi2C5QXK3TKPwWXI3ZmbHX1VnPhGG9wNW8Q70twqcMbNbuFW1i4JKwf4NJmujal - BFpdnSSMClDnb9mafEjcMiteWK2IVlwBX8SI0RYMo/5kPFl4Y5f3w8ANg6EfB148gh69CRqe2cbp - BU+jCDpQsVC+okcnYXFch+Hqvee2nqScQkKf7RYlTByURrFN5CF52WPeYOHGPAjdQeT6QRwOR2wy - GY/4YuxHbNi/it4JKRf96YX/ET/5nJ2wVCVj25a3Sqcu7QYesX2HoOLk9WK9Csllds5YSR7D86Lg - gPvh8hqR7uQpOd9sQ0/fYrOZPX2LzYb41C1G6olkS6j43TUwYN0oDAgkUSqXDadMXHfIy9j4oS6y - nPfugJBw+QQ5Gr1gVWOYNKi5kiKFhcq15yTw+q/7nARew+JzEjiQBEwCAfrU2WzpmZZ2wOofEoQb - GuSqaxcKs4qpabMp5dhoydWjJXNBj2rMBU3beHq/KrJUEiPVrNbqe4L8+0+WosUREjbtpcp/L8h5 - O59Ceq3cN52EPdzysl6T4B3dYjRQVNNK2nGfVf9vOCmFaaHQhcbpayYmK+1EkcajNK8gldqQfWv9 - PXPVA8I92+32NwAAAP//AwA7BTqTvhoAAA== + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZmtV5zEFTAMXexu6YIsS5wWaBoENHUtsaZIlaRie23++y71 + sNs47pAMKwzY4uO+zz26/uTBsqQy9RJPg0xBQ/qKg0hNT9ICTM+wHAraUyVoarmSpgcptwVY2mM5 + lRkIlfXuQBs8g/QCSg0GpG3vsspYVcycwtsoDKPQ1/CxAmMnqxLONWWWM/B6Hnf2o2gYHeDCgJjh + Mre2NEkQpDADZlP1QfnUCmoMp9KXYAO0ZANa8iAOuDEVBJ2COaxQ/mwyvpz0o8HREW7VLhgv+eQZ + 9K0yjFrIlF41MaS4Qok4jON+OOxHLyZhmMRxMhj4B/vRT2Echs5JZ8Si47WaZzrp5ANMRRivw24X + KRimeekSh7sviSmoED2ScmO5ZJaUHBgQNSMLpee+k2ZKXmnxRC8qyV25qLild9RSHdxxWAS1WxsH + 26Mo3I+Gvxj+N/xcYNmrAq06WKDJCTVzV6tqat1TMqPCQM9rBE8wrlq25+UcgaNZvjqFO0Bfw/ue + Zzkiq0SUeImsMEbvAUz2w+6g1OoDRvTMhLfSdbrrAnbpdosvQLKJ6kpya1GB8da2HVL/qO8aNbML + qh1eDS9KwdHh9EHkWI8aZYPhcjB8orvfqEwXyboug9ChOh4s48H/a6Wpfo1FNBgdLqPD72Fw2Vnc + j5f78few2AL8/n4bjtEunMbdwYwv3zQciNW/vkE0ZJmGDGllC+vopxJV0+WPao2Pdh0Mdx282Fbe + UFqz6wijZm8v6Ue4pBZJvSHDpzdVQ7Ubcg0addq1TP14rCoXbeQI863b4DLzEqsruG851GnTnDU5 + +LS15zzDqyZXlUhH3JSCrto2w210y77BerrWa7OhAYN1vf0YgUcHhx2BP0zbmmYeHuwqeLwueKm5 + 0tyunpnETjwYPI3HeUEzMIGTMJ0SjhtCLXxzl22I7FQtOsIbeNuQjve7QASdgqOsa8/SLEIZ/Im9 + my0J1/aP5iTaBddo6JKTUzMuOTvlcv7KnYygdGOGZF1J60Iv6rP1jlRyjFMGnQq4AGoamOj2yTs/ + vfrt5Oz29OR4fHY5vh1fXPx5gY5jnxnMDl6Y5EDOkailJc4u4YYoKVYEm54Lp5RYRV5zTcm5hgK7 + nlQGAew/1vwR9pYXfuZhOPwoE5cfbGgsJFZi02BfdTvWJOOSioeX2iGpJYga9AK96wgDi5xJWN+u + StfBj4L6IPbj+KgDdTPPPBOHjfD6Bfn1CPI0aG6w9ytlc5wKO/x1yhtbx+3g9Z8c7qa3oBui4u59 + LsHhnimh9FnjzVRU0M80UshmdlFkpJpiq6LEuVXatgrfqt/XyXkvN5+9CbcC9hJy/Y6WUUKOlZpz + IG+5RQqz5BJYpYG8EjT77GLFUIViVOTK2GQYDsNgxmWKLBngxHRTKxzVqUAvPyjiQJLskX+VJD/g + 14+1+CXOWo5eUAyJoHVyVAEZYTy4OQLmk+iwRxy21lEcvx3j2TX+9A+jQe2qKwtbgF9wq8FXOgsQ + ldRViuOk5NAc4FU/t4WoHW/0vHF6ruRcqsWXWTrXKq3w3TuWGfZpgVkPJphkZ7NOETpMfleLvlU7 + 0lS2CuIbEpDryFjyV0W1BU02KneIwsZmVEu/e3lOLhmVO+67IdD9n1hH9UUclytjoTAYR1oqjtjZ + S+r9ukQuYwXl0nALPsILE2byqaI63XVjS/9oAzSn+SVhDZ6QSskUQBIDlixacFnkOtMAbIYA65FF + zllOCqDS4CFtbrQaMN73cgqEMoZkCSm545RU/wAAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+ + lIUWViiDoNhOExpLxj/qli7/+95Jsup4dTfKKPkQyAcnkk9PJ927dxfc/zB7TME2mMd5rJKw00B0 + gbO+lSUdAbpexZwumMWMXYGKDzsCEtoW1Je15kuRJfIdS2REwQyjOTEg2Pcu5icEDMbXhaUyvcU2 + FXukLVopk+jKHFfbYtxqAES9xuONgxPPac9mh8oHPzk5gVYjHwGBRpjXEMlgXsJBLyJt7Lmx+0sE + I5IJXEa71/elqipHVCxPZVQgCuMHJ12l8kZjkTlszvXac1ZA2ixK3Kl5//v19GpmX13YSMIyWM0i + qaCrTNHQZ1Gy5sdW//gXLsqmEB9xDf/UL16XfvGG9QDxWYEy+05qMFJV7alBhw23c6BLCLhGCMiz + kOLo5YlGx8IxLFxRVCr6bU80unYnwbaJOS+ThFFG6f2NfsmHJBZF9sb0QzrhHNFDEvdbdBYs2XAQ + eYvJ0A0WADwen3q+P6JsZyZhhVemxXTA0yjCGkhBvWcMtq5UPplLRkZfrTFVCDjIdXKaZB9d5wSe + 7w1jz40HfnQ6CgdhMPbCSRBFLhstvXhyHp1JK0eD6ZH/FR/1np0wrmnTttVPuVPmdgWP2L5DfOyk + 5WKzDslldspYTh7D+zI9QMzh8fPMHjkpJ/ztenX/EbcL3v1H3C6Y9x0xOClSNZ4WbE3tM9P9H4on + ImtVRypeu4Fww/QvZSZQ2N+AccLVc+BR2wajJpJpHd2s0lov04x7oIL3P/QDFbwH4gMVdFKBERSA + eKsi7ok6vvrZhV1RMN2vbsuSrvaQa9pD7QHTbmkPGKUW8/t1JrjSQrrgLPUfE+rrPyEVibLwVD9q + snsDwTX+U/lQ2z3pJezhMs7LDRlurC3L+6yYFgrHvSj+X4NRGTNGsRYqoR9CdkfqriC1OKnnQEsa + ILto/R24+gXpnu12+xsAAP//AwDhnB57BxsAAA== headers: - ATL-TraceId: - - 9ed23776d29ad412 - Connection: - - keep-alive + Atl-Traceid: + - 66ca31b3f8eae696 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:54 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 0586a5cc-2723-4e0b-bfc0-16a41346c0c5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e8a47b3d-76af-4b0e-ba14-59e09520a14c - x-envoy-upstream-service-time: - - '113' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml index 83719d1b9fc..e0c533a235d 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp2iYlN9GDiqxCuycRSZoJVtKktKmwLPvfTXHx4za88zzz - Miei1YKH2RFJ3mOcFrnbGbTYRxM+AlXRqWUZlKceI8nIJ87LEHyCC4CCAoW83V8/t3dP3e92v446 - TUS+bFAGGbxmxODkwnFEH7vjhOnAjQurSZJeB2e+FSI3oRaX8FbFDWTAihyqnImuqCQUsqwoAFwB - A0j+gnPq7YbxH9t0BZOlkKyhNec/bD/eexsSKFgjeG216kssFXLoLRdcG60E2B5AVZUQGss/BdFt - DQ/DrMj2jlWri4+hV1t8Iu4yEfRvh5acz18AAAD//wMAUZ1a/loBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtElqbqIHFVmF7Z5kkbRJsJImpU2FZdn/boqLH7fhneeZ + lzlBq2aznxxIeI9xnOVmo401XdThIxAVnZrnXnniTYQMPs0098EnuEAsCBLMd9ubl939c/O73S5D + myaQryuUYYaHDLQZXTgOxsfmOJp04NaFRSepXXqnvxWQSaDILuGdiitIkdIc67wQDdYShaSMIOJV + IjH5s5lSb9MP/9jrBlFSKhkjJeM/bDc8eBsSyKtC2NJaW4qaUo5ljVgxRXnRKdS8E6IyWPK/BdGt + DY/9pGB9x6rFxafQqTU+gbtMYPzbfgfn8xcAAAD//wMAPtlVjFoBAAA= headers: - ATL-TraceId: - - 2145d23f6bd9d0f4 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - c9e6816187408c8b + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - d6c638f5-6c01-4f52-9fa3-4f4f0aac8547 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 0ecbbea484b32c1e - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 154b96cd-ac2c-454f-8765-c51d55337692 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - a62ec90f-0d32-4452-8065-c117acac9b01 - x-envoy-upstream-service-time: - - '76' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,94 +80,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Epic&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWTU/bQBD9KysfOAWbhIiiSKiqgKq0EqrEx6VC1SaexAvrXXdnHZyi/PfOxh/r - kIBMuPQAF7yTmXlvPDNv/RRAkXEVB6MgM/oeJhaDnn8c/XryDgIxB7vIwLkgyCnZEmszHEVRDFMK - iPW9DrmVHFFwFSqwkQG0Ec9ENIiqrFH/gP4ohXBJ68MDLOh0eX1+dU0nxVOg440S1lICB8jn3HJz - YySxegqGx8XwuAs+wiQ3UGOXST5nIj5ZAe+Vhgt3HB58IpjBsBgMd06M4i+cYMql3MPq/ytY/aOi - f/Q+rKIGqx5eQTscFIeD96GlEIs8JbTq4UW0Za89LW6KdpiXJsP2iYkBJ0ZkVmhF1i9sLGYsRzAM - rTYLZhNumQKIkVnNxsDGRj+AYrF+VCE7NcAtxGy8YN+F4exKT+0jN8D2yYEpbRlVaJk2LAYJFkKH - PtGK5q9LFSLlM8DIRaCvAyPIxCTE+cyP+DlZ6JQra7hC6Uhdrv2C+dhyfAhGUy4Ren4dpwJk7Daj - eqCtwDxNuVm4RwN/cmGAHK3JKQwnCaTc/eKYUDhaI5Qjggu0kDpLFb1syF1Vlno9a49ekHA8gynP - pb3lMoeGnc7AcNcS13Vqug3u2rPQiZn3bpHzRk/vwtnYdelZMmzHduJ4R8oipX6EeOX0MawdhnV9 - JJeuwxOdZlqBcndGu8XVK9/oMTeGuzkS1F0K8fHtnreS+qafemPd9JZfx64HPI4dEjg8A6meQ7Bl - Elxla53rUtrmYrVT+ELOWta6krZn11LqJav0utOK1b4tkrXJE/zZOJXkfNAbiG2+1J3W633fDlW0 - U4ofpZBVG+RegEgzKUhDfUs/PjW2Yf2vnxql/uQkpOnqJvxNbv1+pzVoVrUMD1ZSEmaLQmA4MwAq - 0RmNdHhPqjuaJftOEfclH4NsYi4o+wrQ741TSba6xBuB2mD3ph1auju+uAWDpbmLCj0X2HkZ3d74 - dk7P/qsoWOXsFbbt+hbqvUpoX5fYzAhthH323fJSZY33mnhVtrZ6NW61fDWGjQLK+djkv4XwjvJV - Ykeu87tezVUSQYZEzBLKvn47fyuNDmGljvQyupL9BwAA//+8lz0PgkAMhv+Lg6P4gSMh7piY6Mpw - GiJGhQhcjAP/3fY+oCeYnBxxpNDjoS1t337Y5XiwXVKNuXTGXI2DKRuNCboVNo26ckb1x0GFijQ5 - o/ypIX1nyPVokJ0SjYRNo64ndYwLFv0T3dD/WQo9U8e362Aswyb008y5ZNfGRY8c/2PkRPKh/pGD - lddpe1/7NnZlMecGTpvuDqxOa5EjadC86j70W17luOOjkLFMY1MJi9nckwd5JT9DaqvwwZPiFVh/ - fJ8uAGZWVeyU3lGfDIoH8ScxIdY2Lhv6qIyN4W33HYbyxuoZmEjiT8CJlSQUrkGkClHe5tU4wCW3 - SmJ7UOnXpAhhbywgIEqjwDY4LdP8uefHAyjTHcN7AU51ai6lRbkKUJADQcZhmx1QJ6IwgPQMwt0u - uqj4jQLQ3iT92tQkvzW4hQ9f7snT2PGWwO7NilMaqt07EPLp1zDIMsMVPK7fAAAA//8DAMUZSmpL - FgAA + H4sIAAAAAAAAA+xWS2/bMAz+K4IPO2VxkwXbECAoinaHPTAMSLfLMAyMzTRaZMmT5DxW9L+PjO1I + SXdw0z0u88mi+fhIfSR9m+CmBJ0n46S05htm3iW98Dr+fBsUpHMV+m2JrOJQzUm28L504zTNcU4G + uflm+uAVOCdB9zX61KLzKZQyHaaN13RwRg+5kOy0PSxxS6f316+m13TSUCAdP2rpPTnggLACD/aj + VYTqNhm93IxePjB+peUKrQP1tfaVriSuU05oD635MDgbnb2gmMPRZjj6s1HOnfyBE1eAUhRw8Hwz + eP43Am7aiM+Gm2fDvxGxwFxWRXLXi3nE/DqBSXsPv+ZSji6zsvTSaJJeiJm8EZVDK5w3div8ArzQ + iLkT3ogZipk1S9QiN2vdF5cWwWMuZlvxRloQUzP3a7AonpKC0MYLSsQLY0WOCj32OXpmNDGzSxay + gBt0KVu4kIdLsZRZ361uAvlfkYROlfYWtFMM6v3BF1fNPLhlMp6DctgLjTqXqHLumeaF+sVVRQF2 + y68Wv1fSIil6W5GZyxZYAH9hJGTuvJWagbit81iwpLG+24ObNpK2cVuNXrIAd4VzqJT/BKrCPTpT + ogW+Er51unSffIm50AlZ0I7ABWGA95pl4rrWrBHGtp0wfqGZo5RZY75T+k/WDmQ9puRCUkFttti+ + wxVSyMEdX3pmitJo1Lxg4ltvjO5dO1gLTC1JF04mwT6mQeQ08OAyCFseRHodiZBAnnMk5HgWC7PC + 5Bfk4MzAe8gWBUM7KbPIPkotkobULmLVOrUD626ptX3YzO1OXdjqRghbUYD3Ya9UYwtGDwB2v8gn + deDjfjwaax4mb+tZ1zQZF0AWpZI0ZsMd//9P+Z0B/91/ym5SHQznLg19f3fGLkJ7XEXSloOx5oPa + pN2jSurliSM1sj9erbU0QH9HZ1o5uxUbxuqBA6i84dHLK6fjqjlemCktlCXa86yylgZaM05e55Mn + bmHW02p2TXvmA/C3Cc+pWOxqSWO6A0qdO9GVUk++V2i3k8715dG/G+yE9IbWcLfq8v6O67i3jsZ3 + K9oP7yB4XPk4eFp7g5nC1CFv4POG8ZPdpDsuw08AAAD//7yXTY+CMBCG/4rhrCCKl73szbiJe/Vm + Nq5B6EbB+BHxwH93ptOWQtEFSryO7fRxOp335b8yyDbbsWwFL4rCTSpR7TN8j9Tfqjh6zqI+c5YN + xOKiyfSlbdCHQsJfi/f2CpbrwD3zD6iD7zdSQ/XiabvDHYZ7vGfs7EanMEzi9AhA7h/4s48oHqF3 + Gu03vyFONdrzBdn5gcXfRz814HZf+RaDrk0FSONZemKXykfAs5tTq0syL2K6zqtlUuhVwMCjEtbQ + mRfSUejpbA+L09XniiQMAjGLYshetroLCuIJ3EdAMexgJ/3BmqQSc2KNOe0Hk/S1DPpNmitQp9ao + QT+o0JFlzmV6k5CBNeSsN0ijRZc8JlFnTr5GK6O/RDv0d7ZCzWAOmk2wTYJDqNVYBv+itsipHFSm + Mvof59lUxs4zxt7LqcyloKOamm5TZNPcGgUkr/jdzmP47tijRN75GsHVXj5b+om6L+ocLfc6fwAA + AP//AwCCPhvukhYAAA== headers: - ATL-TraceId: - - 87236d66bdca1879 - Connection: - - keep-alive + Atl-Traceid: + - f64d177bda842bae + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:28 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:55 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9529c22c-9a51-4b0c-bf7f-c0d80f812f8b X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '163' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 77de47a1-1631-419d-9c16-e84b33c0c9b9 - x-envoy-upstream-service-time: - - '120' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2893]\n\n*Defect Dojo link:* http://localhost:8080/finding/2893 - (2893)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/709]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/320]\n\n*Defect Dojo link:* http://localhost:8080/finding/320 + (320)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Epic"}, "customfield_10011": "Zap1: Cookie Without Secure Flag", "priority": {"name": "Low"}}}' headers: @@ -287,53 +181,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1728' + - '1361' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11120","key":"NTEST-931","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11120"}' + string: '{"id":"11817","key":"NTEST-1479","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11817"}' headers: - ATL-TraceId: - - 129cfedeece20507 - Connection: - - keep-alive + Atl-Traceid: + - 91f818c91e86d491 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 4ace3f48-ff48-4ba0-9161-b7eada9fea12 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '549' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - eb9c579f-a975-4c7e-8dff-6e5c545bff21 - x-envoy-upstream-service-time: - - '478' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -343,95 +243,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-931 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1479 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8cNpxbfOFCkqk6cRKt+OOMa4tQxqbkJu8pqaJHdkOabfxv9+z - ndANVm4DIZX42X5fP+/j98WDVUl56sWeBJ6ChPQ1gzxVHU4LUB2VLKCgHVGCpJoJrjqQMl2App1k - QXkGucg6NyAV7kE6hlKCAq7dWa/jMaM5DMMowIWCfI7Lhdalin0/hTkkOhXXokd1TpVilPc4aB91 - aJ+WzI98plQFfqtgCWu8fzodTabdg90QJXPrrBd/8RQarVRCNWRCrp1zKa7wQhREYTfod6PBNIzi - 3f04Ouj1B8EfQRQYrdaGXpdg1TzRR3PfD4PAabRRN4sUVCJZaTKC0kMyYxmpFEiiNDpK9IJqwgFS - RbQgMyAzKZbASSpq3iNDCRhDSmZr8jeTlEzEXNdUAuniAcKFJqYeREiSQg4aesZ6Ivi5zH8mClbQ - DJRvbqhNHMqHkiU9dZOhNoMDVDVCiSlhNdNULb14TnMFtx1PM4RJiSX3Yl7leccrpbhGY0/MZXP7 - x5n8pvwbx8450xoVGLQ1t6cYwz/2rGrSZTxnRZkzxEvaON/x6A3VVGKqLID6g1V/8DPuKkgqCa2r - TsmfJUtfWj9/c4Jjs+wH+2g56q+i/pMVK/YZXqqC5vlvqvn/iK1wbxXuPc/WqjXWfDxibTda7UbP - s1YgfqsCrTUfW63d3ppuX713XIMVu/yEFcwyCRl2yAMYIqZEXrmmc5KkwoYrLGFcoYVof9vG4KEO - RyROWgu5tGToxd2wYQ+DYMkSZ+7LA5nBF7qvFqLK0yOmypyuNy1UU40s60js1zvGMeQdJ/pOmzTt - YD+HojJZsZ5eGAHjmRdrWRnTqFO/Z1CbpmiS4QhnC2uGe1HLmvezFmxLZ7htI9pQBhOS6fUTM9Be - 9/vPIL9GCUNBLurvue9E1C0V9b3bh4HstoHkdAaGTAw07x/a25IG064/3tgG0HBgErWgynDyCeNL - +2IfQWkecJ60yLJ4q+3enYQLPsL3gs5yGANVDq2y+fLOTs7fHJ9enRwPR6eT0dVoPH43xsCxsxRm - Cg9MF0DOkE65JsYuYYoInq8JtirLjVLzhNl36kxCge1sHzrVs817P4oDVBh8ZUHQv/4ce/d6GWuR - MU5zrDKWadN8Zu++rBk/mrzbfsjRu5YisOAZvq/t6ao0zfwTAHcDxRMx6S7fPWPfzwC/BtMNDl/R - ZInzVovFVrmzNWwmn2c53I5PftQYidpXl4PpgUTkQp46b2Z5Bd1MIpPdOTgV5Ei4YouixImQ66YK - j9X0++R85Ju/nSnTOezE5PIDLcOYDIVYMiAXTCOTajKxrwp5ndPsq4kVQ81FQvOFUDoeBIPAnzOe - It/50eBg95PVeGRzgW5eC2JQEu+Q/79KXpjf362CCSDekG3wIvKCFQ0vRrg650uOM9ud78P3D6Q7 - Z1KkFY43I55hRxWYH3+K6cBzlzYY1Ev+EnVXiy0BlY2C6BPxyWWoNPm3olLjNLlRueUqbGyG9vaH - wzMySSjfct4MVf5+cODy9kpSniz8Kc3Q2VMsrZNWLE+Pj74VDUVR4ESK9LT4RmwSt1YaCoWxp6Vg - iIyd2Mpt/g1MC8q4YjjDInjifn932942uZ+izZmgMm1rcFeLow3EjNVDkjgkoZc4cuO0rUCTuoGV - RpZzAwuZI7Q6pF6wZEEKoFy5cd2caDRg/szQTpMEWRIH9RtGSYXAT+S6NIM79jkHNwT0jCtjxB8S - aAJxi7u6rnuipqrsCZn5iDpY9cpFaYGBALyaC3nljKkrqnGkmFVYmqsX7y4OJ2fdydsuPi4Wmufj - E6f0scS8BQwyjcmb0fQjRy6nxX8AAAD//+xZbWsaQRD+K4cQSEJW707Pl0BJpU2hH9qGCC2Eflnv - NnrgvXAvJiX1v/eZ3XXV07PBluAHIYTV3Z2Z3Z155pkRVUN2bSXp3P8Z385DSiEwbiQKpsJtOfeP - CoIoDOoUqLk9CurF0op5iP+5uqM6FdvrpGN8QcqfyGqV/OLHVMQU3hY3z5ugmIUdcAgyJpwLK4zx - IpHcQ3UXciDHbE4pCOkPpdsV+UdsIQgU4bP47In/IkezUi6dpMzxsBY8Z81PULDGYtZEHOfkecbP - 1jyRdJGjQr+2L18aSPLyEl66007peZefo5T7BZ3za2KF8oMFPKHrkrd/OSpEKqvQTCicEWqxjmzj - ujJyAXqs63RwacPRB+a09YXeizQhPCJIO+d42PjCOr/4jcecFck1sGSbOjp11NEBdWz8Dfl3yHMP - zIFKjmRM3yRWUP4GPwPF4Eh2JsGt8i8mdzAb8MHGZPrMJB1kDuXS6pLOOqEpMiR2ScupSqgu9Wpu - x66dqGOUtmGU0qkk49690JRAG6SsmriBRtyfUkbZSXntgVFXRhEnavKq16QKJMkOfEMinDdAY6p6 - UDt6j7zTDpxxv2N7Y9jU6w0c1+0SbTKLoGHPMkGuOwwC6ACXaaxsYLqafW/Am4TubSmoWG6CNMll - EjrVsOU5rtMRji3abjDo+m3f6zl+3wsCm3cfHdG/Cd5JKWft4Zn7CX9qH4t4rLM6Y+qrvFnm7Ak3 - wtwmhXEzLcez0KcrYynnOd0Y9gMzihBVAYYf71i3mcZkf7VXcfwWVzsex29xtWty7BYDkwLVs9DM - f51D3+l2H8UTpR3VWlC49oDMgeW3ZZakovUAxPGnq8CjLh1mTSSTHt1e1EVDpnPJCQre/tFPUPAW - Fp+goBYKDPOAiRMVcS/U4NdjG3KTgs8w2uZMNhhl42XR2J6oa0baphlZnTDNveqEoXAinodZEise - pFsapf7tSX18zRHmSfHfesBKlpEJRSh0vyey7bXsOsO1lMUvy6FG3YP1y1/pWku5V42IP9+LvJyR - 4LWzyoZVVgwLdW5qp1NTi05uvt/c7G7s1huktYvF4g8AAAD//wMA2xR0f8IcAAA= + H4sIAAAAAAAAA7xXa2/bNhT9K4Q+bZmsl93EETAMWexu3YIsi50EaBYEtHQtsaZIlaRie23++y71 + sJuHtzbFigBJzMd9nHvu4fUHB1YlFakTOwpECgrS1wx4ql1BC9CuTnIoqCtLUNQwKbQLKTMFGOom + ORUZcJm5d6A07kF6DqUCDcK0Z5NKG1nMrcHbMAjCwFPwvgJtpusSzhRNDEvAcR1m/YfhMDzADxr4 + HD/mxpQ69v0U5pCYVL6THjWcas2o8AQYHz0Zn5bMj3ymdQV+Z2ABa7x/Oh1Ppr1wcHCIS3UI2ok/ + OBpjq3RCDWRSrZscUvyEN6IginrBsBceToMgjqL41b4X9cMfgigIbJDWicHAazMvDNLe9xGKxmKd + dvshBZ0oVlrgcPWIzFhGKg2KIIRqTUxODREAqSZGkhmQmZILECSVS+GRYwWYQ0pma/IbU5RM5Nws + qQLSwwNESENs2YhUJAUOBjzrPZHiQvHPyYIVNAPt2xt6m4f2oWSJp+8ytGbpgqbGuGJrWM0M1Qsn + nlOuwXVyhvxRSb4+gTtAl+G96xiGBCuRLE4sKs5d5xFb+kG3USr5DgN7Ie7t7edR/4Qr2yQuBDMG + DWhn49sS9vf6rG6htVmyouQMA043idI7aqhCWGuyDYarwfALw60Es/1E+W1jy79jsPRr3nSZtBth + MAgs36PBKhr8v15+0uxv+FEXlHN0GO6vwv1v4XDVeexHq370LTwW2CdV4dzfP6VjuIunUbcxZ6vL + Rgqx+tc3yIYsU5BhZz7hOsYpedU0+7NWo4NdG8NdG4dPjTfK1qwupVrUIu7EvdB1EDVziYhY8jYH + 6sa2ACqWNJF9eLJmaY3Y6FxWPB0xXXK6bsmPy0tq8L1odPbLG7VR8a1u+405Zduw/vdYVhbB0IZ6 + ZReYyJzYqMr6ThoJfFbHX3nDw0Gn449h28jM441dBY82BX+80d8qFpOKmfULkeiu+4Ov0OnWCMMF + LpcPZfpELjslHDj3lgwzsJJlSfs4qf0d2VoJeH4Dqesg8ddPwQ6HFpGcavtOnDCxeG13RlDa2UMk + HZVqgi3rvc2KkGKMbxidcTgHqht6qvY/5+zk4pc3p7cnb47Hp5Px7fj8/I9zdI9dpxESPDDNgZyh + bAtDrF/CNJGCrwlKAOPWqH1W67fzTEGBGlA/vtp7TgpC7DQn+MiCYKj6sdM8ZVg9hH/bbg96HwuR + MUH540Pt5NQiXzcAx+g6+cDKZvjmd6er0vbzZ1C8GXJeSL7m8ua5fDiXfBkft4T7mSYLHBU70nXG + G1/H7TT2VQF3I50ftU6i7nUXYMmeSC7VaRPNjFfQyxS1DG0DnEoykk2xZVHiMCtMW4V/q99DcP4S + 25+9KTMc9mJy/ZaWYUyOpVwwIFfMoHQaMoGkwvHsNafZR5srpsplQnkutYmHwTDw50ykqG9+Pwpu + aoOjGgqM8p0kliTxHvnPm+Q7/PV9fX2Ck5fVFLyG3d8GOaqAjDAfXBxB4pFw3yWWW5ssjq/GuHeN + f3r74aAO1ZYlWYJXMKPAkyrzkZXUVorh3GTZ7ONRLzcFrwNv7FxaOxdiIXBe/QSlMyXTCl/isciw + TwtE3Z8iyNZnDREGTH6Vy56RO2AqWwPRDfHJdagN+bOiyuDcvDW54ypsfYb17bdHZ2SSULHjvB0J + 8UvG4SarT/KYrLWBQmMeaSkZcmcvrtfrElnECsqEZjh5I70QMJ3PJFXprhNP7I+2RLOWj0jS8Aml + FL8M4PcADYYsW3IZ1DrdEGyOBHPJMmdJTgqgQjdfJOyJ1kLyDwAAAP//7Flta+JAEP4rQShY6KZJ + NGoPSk+4O7gPpdLCFcqBrEl8AfNCXoyl1//eZ3bXNeZMr8hR/CD0gzW7s89sZuZ5ZuSwj36Cex6K + JXqI1YIbBeLfS58T6imQ7lEgyd+sILrFu56JPo8APc6DiALM4NpujDYQHgEJuQUtZiyiaZyGYg+1 + IijBHE8zqoCovuhmLggYjKNVkQrD4MuSP5OLRsIFuiJDaBs8MioA0cRFwdLEG8/IZ+2hvIPfEV0C + nUZ3BAQKYbaBSAazAhe0F2nF54r390hGkAmujLxX8VKWpRmXPEtEViALg7WZzBMR0ThkDJtjdfaY + 55BUkwIxNW7fPQ4fRuzhloFtRbLqQ5KYQpmyoc39cBGdG+3zPwiUZR5/QRjuIdgmNWNDzbT+VYr2 + 2HMOLMrSjqDwOxG2RCiQDOA8juqrK+6WEPBwD9VCUrVm8zUTCoXZVNzrS7obl6lS5ymYRuhC0qn1 + pW7D7ViND5pEjqX1uYgyofX2L9R6fUcR1JmkvkuLeQQK9+ZUpSQdZUUYcuLKD71NEsVxeuA7JAV0 + g7pAsvunf+1Oebfj25NB13InwNjvX9mO0yMe14twwjvLAgrdoe/jDJBra4uBqY7sq04fMvpuLy2T + 2wSLi2Wirqp+zrUduxvYVtBx/Kue1/Hcvu0NXN+3eG9qB4Mb/1pYOesMz5wf+JP7WMgjRQiMya8y + s8hYiRthjklMYybFZLnw6MpYwnlGN4b9gvggU/Hx24j1zCQi/PW+/PgR1xv740dcHwwcO2LUJF92 + zUqKVlXdSM25KJ+IhmRvK+vaEyQpln8v0jgJLp9Qcbz5NvFoPIWnOpPpHDWDUyo2VVxyKgWf/9JP + peAzEJ9KQWMp0MoDEGcy415osq0+W7Ab5xwtvfW3ZrKaxmBW0xjM0mOw+gOt1IJotUjjSKoa1UoX + 6ncY+e9HkK7i/P8NG6UxbRQnobf6FYt5y2a+iRCSkF82H1V1PRiA+M3qcmP3ohXy9X2QFUsyXHFW + TErSfJhLx2mUS9MUcl1/v7vZ2dmtNgi0r6+vbwAAAP//AwC8KOoK9hsAAA== headers: - ATL-TraceId: - - b1367104199f7c47 - Connection: - - keep-alive + Atl-Traceid: + - be3195f261ebfcee + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 58d612ed-7f2a-4058-a23f-953aff0effe8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '282' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 2224d675-67b9-419a-9944-53b68205f7c6 - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -441,95 +346,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11120 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11817 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbU8bORD+K9Z+qHpckn1JBGGl6kRD2qNHKZeEIpVWkbM72Zjs2ivbS5K+/Pcb - 27ukhYZrQUhhPbbn9ZnH88WDdUl56sWeBJ6ChPQVgzxVLU4LUC2VLKCgLVGCpJoJrlqQMl2Apq1k - QXkGuchaNyAV7kE6glKCAq7dWa/lMaM5DMMowIWCfI7Lhdalin0/hTkkOhXXokN1TpVilHc4aB91 - aJ+WzI98plQFfqNgCRu8fzYZjiftw26Ikrl11ou/eAqNViqhGjIhN865FFd4IQqisB302lF/EkZx - 9yCODju9fvBnEAVGq7WhNyVYNY/00dz3wyBwGm3U9SIFlUhWmoyg9IjMWEYqBZIojY4SvaCacIBU - ES3IDMhMiiVwkooV75CBBIwhJbMNecMkJWMx1ysqgbTxAOFCE1MPIiRJIQcNHWM9EfxC5r8SBSto - Bso3N9Q2DuVDyZKOuslQm8EBqhqixJSwmmmqll48p7mCby1PM4RJiSX3Yl7lecsrpbhGY4/MZX37 - 55n8rvxbxy440xoVGLTVtycYwz/2rKrTZTxnRZkzxEtaO9/y6A3VVGKqLIB6/XWv/yvuKkgqCY2r - TslfJUtfWD+fOcGJWfaCA7Qc9dZR79GKFfsML1RB8/yZqv8/YCvcX4f7T7O1bozVHw9Y60brbvQ0 - awXityrQWv2x09q3b6bb1+8d12DFrj5hBbNMQoYdcg+GiCmRV67pnCSpsOEKSxhTtBAd7Nro39fh - iMRJV0IuLRl6cTvEJdXIkY6Cfh/vjt9uGc132qQBs/0ciMrEFBqWujQCxjMv1rIyvYc69XsGKwNp - 55tVZ9RLlrjYv9yTGVfxslqIKk+PmSpzutn2c+IIZwdrhvtRw5p3sxbsSme4ayPatdHdcgkTkunN - I5PbXPd7T2DFWglDQS5WP5LiqVg1HNXzbEFmYMjEQPNuUPs7ojXt+vONXQAN+yYfC6oMJ58yvrQv - 9jGU5gHnSVNMW+KV3buVcMGH+F7QWQ4joMoBRNZf3vnpxeuTs+npyWB4Nh5Oh6PRuxHGh52lMCF4 - YLIAco50yjUxdglTRPB8Q7BVWW6UmifMvlPnEgpsZ/vQqY5t3rtRHKLC4CsLgt7159i708uY8oxx - mmMxsRrb5jN7d2X1+FHn3cI9R+8aisC6Zvi+Nqer0jTzLwDcDRSPhJ67fPuM/TgD/B4at3B7SZMl - zlsN5Brlztagnnye5HAzPvlRbSRqXl0OBuqJyIU8c97M8gramUTyuHVwIsixcMUWRYkTIdd1FR6q - 6Y/J+ci3f3sTpnPYi8nVB1qGMRkIsWRALplG8tJkbF8V8iqn2VcTK4aai4TmC6F03A/6gT9nPEXG - 9KP+YfeT1Xhsc4FuXgtiUBLvkf+/Sp6b3z+sgjEg3pBU8CK2vxUNLoe4uuBLjjPbre+D9/eke+dS - pBWON0OeYUcVmB9/gunAc1c2GNRL/harthY7AiprBdEn4pOrUGnyb0Wlxmlyq3LHVdjaDO3tD0fn - ZJxQvuO8Gar8g+DQ5e2lpDxZ+BOaobNnWFonrVienhx/LxqIosCJFOlp8Z3YJG6jNBQKY09LwRAZ - e7GV2/wbmBaUccVwhkXwxL1ed9feLrmfos2ZoDJtanBbi+MtxIzVI5I4JKGXOHLjtK1Ak1UNK40s - 5wYWMkdotchqwZIFKYBy5cZ1c6LWgPkzQztNEmRJHNRvGCUVAj+Rm9IM7tjnHNy72zGujBB/SKAJ - xA3uVqtVR6yoKjtCZj6iDtadclFaYCAAp3Mhp86YmlKNr/iswtJMn7+7PBqft8dv2/i4WGhejE6d - 0ocS8xYwyDQmr4eTjxy5nBb/AQAA///sWdtq20AQ/RVhCCQha0uy5UugpKZNoQ9tQwwthL6spY0t - sC7o4qSk/vee2V2tHcVyg1uCHwwhyN7ZmdHuzJkzY3QN2aWVpEv/Z3y9DKmEwLmJKJhKt2rtHw0E - URg0GVBrOww0qyWJZYj/uTqjJhMv5WRgfEFln8luleLix1zElN4WN9eboJmFHwgIciZcCiuMcSOR - 3EN9F2ogx2pOJQjlD63bBcVHbCEJFMey+OKB/6JAs1Iug6TMcbEWImcjTtCwxmLRRh7nFHkmzjYi - kWxRoMK+9i+vHCR9eYko3eqnjLzzz1HK/YLe82tihfKDBTyh45Knfz4pRCq70EwonBFKWGe2CV2Z - uQA91nd6OLTx5ANzuvpAb0WaEB4RpJ1yXGx8Zp2e/cZlLorkEljykjo6TdTRAXVs/Q35t+hz96yB - So9kTN8kVlD9Bj8DxeAodqbAresvFrcwG/DX1mz+yCQdZA7V0rpIr+mVvU2mU2So+JLxE2OvidpG - tL7QxChtwyhlUElivV3QtED1hVG1ACTi/pyqyZZOrF7h8zKKOFGTV90mdSBJtucdEuG8AhpT34Te - 0bvnvW7gTIc925viBQaDkeO6faJNRggWdogJCt1xEMAGuExr7QPT3ex7A96kdOdIQeVyG6RJikno - VI8dz3GdnnBs0XWDUd/v+t7A8YdeENi8f++I4VXwTmo56Y5P3E/4U/tYxGNd1RlTX+XtMmcPOBHm - timN22k5XYQ+HRlLOc/pxLAfmFGE6Arw+PGG9dtpTP7XZxWH73F94nH4HtenJofuMaAnUGMCzfw3 - OfSNHvdRPlHZUcMJBV93qBwQvy6zJBWdOyCOP18nHk3psGoymezo8aJuGjJdS45Q8PaXfoSCt/D4 - CAWNUFBnHiCJracV7amYBnyfqVR8osm/frZhMCn4Ak9btDQNI+2mYaRthpH1BUPhRLwMsyRWXEiP - NEr925P6+CpP0TdLDU/Vo0bBPZBv41ezTqX3ohXxx1uRlwtSvGFbDpCyYlwoP5ZJ8d+m2UqX0QlT - aLi/J3L8Vg2caZxOQy2yaPx47qz7zFu9QZ7OarX6AwAA//8DAHG/5hjCHAAA + H4sIAAAAAAAAA7xXbW/bNhD+K4Q+bZmsN7upI2AYutjZugVZFjsN0KwIaOkssaZIlaRie23++456 + sZM43toUKwzYFnm81+cenj46sCqpSJ3YUSBSUJCeMOCpdgUtQLs6yaGgrixBUcOk0C6kzBRgqJvk + VGTAZebegtK4B+kFlAo0CNPKJpU2sphbhTdhEISBp+BDBdpM1yWcK5oYloDjOszaD8Nh+BIfNPA5 + PubGlDr2/RTmkJhUvpceNZxqzajwBBgfLRmflsyPfKZ1BX6nYAFrPH82HU+mvXDw8giXahe0E390 + NPpW6YQayKRaNzGk+IQnoiCKesGwFx5NgyCOovjFoRf1wx+CKAisk9aIQcdrNc900p73MRWNxjrs + 9iEFnShW2sTh6isyYxmpNCiCKVRrYnJqiABINTGSzIDMlFyAIKlcCo8cK8AYUjJbk9+YomQi52ZJ + FZAeChAhDbFlI1KRFDgY8Kz1RIpLxT8nClbQDLRvT+htHNqHkiWevs1Qm4ULqhrjiq1hNTNUL5x4 + TrkG18kZ4kcl+foUbgFNhneuYxgCrESwOLGoOHedR2jpB/s2wm6jVPI9evzMgrSnny7HPRBto7sU + zBhUoJ2NbYvk32tZ3ebchs+KkjN0ON1kgN5SQxXmu0bhYLgaDL/Q3Uow22iU3zS6/FsGS78GVBdJ + uxEGg8A2QjRYRYP/18pPmv0NP+qCco4Gw8NVePgtDK46i/1o1Y++hcUCG6gqnLu7XThGHRznbPWm + oUIs8vU7LHqWKciwM3ewju5IXjXN/iTIo5f7Nob7No52lTfM1qwupVrUJO7EvdB1MDnmDQZuMdoK + UINs37Dkl3dTw8Fb1vUbdcr2Sv33WFY2/tAy6ZVdYCJzYqMquGvJ1WpTLGmy8nFnzXqGojqXFU9H + TJecrtv+slVpKPBJHn/hDY8GHY8/Tts+mok2NPN4Y1PwUjGpmFk/M2XdcX/wFXTcKmG4wOXyIRuf + ymXHawNnF7lRvwuE0xlYZrKgfSx0uCcNttOf3kDoOgj89W6yw6FNVU61vSdOmVic2J0RlHb2EElX + zrrIy3pvsyKkGOMdRmccLoDqBiKq/eecn17+8vrs5vT18fhsMr4ZX1z8cYHmses05goFpjmQc2Rn + YYi1S5gmUvA1wU5n3Cq112p9d54rKLDV68tXe091fIid5gSfWBAMVT92HvU5ViNjgnKsMxZq2392 + 7/FaOzm1ma8Bz9G7jj6w5Bne+Z10Vdp+/gyIN0POM1HZHN7cig/nki8D6haJP9NkgaNih8ZOeWPr + uJ3GvsrhbqTzo9ZI1F3iAmwXJJJLddZ4M+MV9DJFLUJbB6eSjGRTbFmUOMwK01bh32r6MDl/ie3n + YMoMh4OYXL+lZRiTYykXDMgVM0hfhkwgqXA8O+E0+2RjxVC5TCjPpTbxMBgG/pyJFBnS70fBu1rh + qE4FevleEguS+ID850nyHX59Xx+f4ORlyQaPIS20To4qICOMBxdHkHgkPHSJxdYmiuOrMe5d40/v + MBzUrtqyJEvwCmYUeFJlPqKS2koxHI8smn0U9XJT8NrxRs8bq+dSLATOq/eydK5kWuGFOxYZ9mmB + WfenmGRrs04ROkx+lcuekXvSVLYKonfEJ9ehNuTPiiqDc/NW5Z6jsLUZ1qffvjonk4SKPfJ28sOX + jKNNVPfimKy1gUJjHGkpGWLnIK7X6xLZjBWUCc1w8kZ4YcJ0PpNUpfskdvSPtkCzml+RpMETUim+ + DOB7gAZDli24DHKdbgA2R4C5ZJmzJCcFUKGbFwkr0WpI/gEAAP//7Flra+JAFP0rQShY6KRJNGoX + SlfYXdgPpdLCFsqCjEl8gHmQh7F0+9977sw4xqzpFlmKHwQ/RGfmzpnJvfece+Wwj3qCex6SJWqI + 1YIbBfzfS58TqikQ7lEgCdisILrFu56JOo8APc6DiBzM4NpujDIQJwISOhYkl7GIpnEaijVUiiAF + c4xmlAGRfVHNXBAwGEepIlne4MuSP9MRjYQLdEUG1zZ4ZFQAooiLgqWJN57RmfUJ5R38jugSaDe6 + IyBQCLMNRDKYFbigvUgrZ66c/h7BCDLBldHplb+UZWnGJc8SERWIwmBtJvNEeDQ2GcPmWO095jlk + zaSAT43bd4/DhxF7uGVgWxGsepMkJlemaGhzP1xE50b7/A8cZZnHX+CGewi2Sc3YUDOtf6WiPfac + A5OytCMo/E64LREKJAM4jyP76oy7JQQM7qFaSJTWbL5mQqEwm5J7fUq3yrB5CqYRypK0Yn2q23A7 + VuOAFjnCmYTW2z+xSa9bWq/vqIQ6k9RXaTEPR+HenLKUpKOsCENOXPmht0miOE4PfIekgG6QF0i4 + //Sv3Snvdnx7Muha7gQY+/0r23F6xON6EnZ4Z1pArjv0fewBcm1tMTBVeH3V4UNG3y2ZZXCbYHEx + TeRVVba5tmN3A9sKOo5/1fM6ntu3vYHr+xbvTe1gcONfCytnneGZ8wMfuY6FPFKEwJj8KTOLjJW4 + EeaYxDRmUkyWC4+ujCWcZ3RjWC+IDzIVj99GrGcmEeGvl9/Hj7hevx8/4nr9f+yIkZN8WbkqKVpV + dSPVzqJ4IhqS1bHMa0+QpJj+vUjjJLh8Qiry5tvAoy4URnUk0z6qB6dUbKq45JQKPv+ln1LBZyA+ + pYLGVKCVByDOZMS9UANbPVuwG+ccJb31t2aymtpglm6D1Qd0W6k+oJVaEK0WaRxJVaNK6UL9DyO/ + fgTpKs7/X7tSGtNGsRNqq1+x6LfoHmMcSsgvm0eVXQ8GIP6zutzYvWiFfH0fZMWSDFcOKzolaT7M + 5cGplUvdFDq6/n13sbOzWi0QaF9fX98AAAD//wMAA1/vKfYbAAA= headers: - ATL-TraceId: - - fd47b5a57f29d228 - Connection: - - keep-alive + Atl-Traceid: + - 3c57a2ee5de4f3e8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:29 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:56 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - aab92400-38d5-4cc8-8629-ca164ecac649 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '275' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 08ff512e-b605-4637-9a31-b3f7e88356d1 - x-envoy-upstream-service-time: - - '138' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -539,174 +449,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPwUrEMBCG3yVX2+w06TZLbqIHFVmFdk8ikrQTrKRJaVJhWfbdTXBh9Tb8833z - MyeiVcDDYokknzHOQW42Axrs4+C/PFXRqhBG5ajDSAryjUsYvUtwBVBRoFC2+9vX9uGlu27366TT - RORbhgoo4L0gA87WHyd0sTvOmA7cWb8OSdLraIdfhcgsbMUlvFcxgwxYVUJdMtFVtYRK8poCwA0w - gOQHXFJvN07/2F1XMcmF5EBFfWX76dEZn0DBdqLZGq16jlxhA71pRKMHrQSYHkDVtRAa+Z+CaHPD - 07gokt8xarXx2fcqxydiLxNB93Foyfn8AwAA//8DAL8us4BaAQAA + H4sIAAAAAAAAA1SPy2rDMBBF/2W2tZWx/JCjXUkXbSlpwc6qlCJbEnGRJWPJhRDy75Vp6GM33Dln + LnOGTnh1mA1wOIYweb7ZSKVVH6T7cEQEI7wfhCVWBUjgU81+cDbCGWJGkGDa7G9fmvvn9ne7X8Yu + TsBfVyjBBN8SkGoy7jQqG9rTpOKBnXGLjFK3DEZ+K8CjQLG8hncirCBFSlOs04y1WHNknJYEEW8i + idH3ao697TD+Y7ctIqeUl4ww3P6w/fhgtYtgVWRM51rrnNWUVpjXiEUpaJX1AmXVM1YozKu/BcGs + DY/DLGB9R4vFhCfXizU+g7lOoOz7oYHL5QsAAP//AwAiZRWMWgEAAA== headers: - ATL-TraceId: - - 11a37e971939c808 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 0d1502150baf38d1 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5804d2c1-0f07-4852-bcde-61037e890448 - x-envoy-upstream-service-time: - - '34' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 40e576472ec60dec - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:30 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:57 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5e1befc2-ce3a-4e8c-abce-8195a33845a9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - b6b68578-040b-4c81-ae80-9358a81d4542 - x-envoy-upstream-service-time: - - '70' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -716,94 +519,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Epic&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWTU/bQBD9KysfOAWbhIiiSKiqgKq0EqrEx6VC1SaexAvrXXdnHZyi/PfOxh/r - kIBMuPQAF7yTmXlvPDNv/RRAkXEVB6MgM/oeJhaDnn8c/XryDgIxB7vIwLkgyCnZEmszHEVRDFMK - iPW9DrmVHFFwFSqwkQG0Ec9ENIiqrFH/gP4ohXBJ68MDLOh0eX1+dU0nxVOg440S1lICB8jn3HJz - YySxegqGx8XwuAs+wiQ3UGOXST5nIj5ZAe+Vhgt3HB58IpjBsBgMd06M4i+cYMql3MPq/ytY/aOi - f/Q+rKIGqx5eQTscFIeD96GlEIs8JbTq4UW0Za89LW6KdpiXJsP2iYkBJ0ZkVmhF1i9sLGYsRzAM - rTYLZhNumQKIkVnNxsDGRj+AYrF+VCE7NcAtxGy8YN+F4exKT+0jN8D2yYEpbRlVaJk2LAYJFkKH - PtGK5q9LFSLlM8DIRaCvAyPIxCTE+cyP+DlZ6JQra7hC6Uhdrv2C+dhyfAhGUy4Ren4dpwJk7Daj - eqCtwDxNuVm4RwN/cmGAHK3JKQwnCaTc/eKYUDhaI5Qjggu0kDpLFb1syF1Vlno9a49ekHA8gynP - pb3lMoeGnc7AcNcS13Vqug3u2rPQiZn3bpHzRk/vwtnYdelZMmzHduJ4R8oipX6EeOX0MawdhnV9 - JJeuwxOdZlqBcndGu8XVK9/oMTeGuzkS1F0K8fHtnreS+qafemPd9JZfx64HPI4dEjg8A6meQ7Bl - Elxla53rUtrmYrVT+ELOWta6krZn11LqJav0utOK1b4tkrXJE/zZOJXkfNAbiG2+1J3W633fDlW0 - U4ofpZBVG+RegEgzKUhDfUs/PjW2Yf2vnxql/uQkpOnqJvxNbv1+pzVoVrUMD1ZSEmaLQmA4MwAq - 0RmNdHhPqjuaJftOEfclH4NsYi4o+wrQ741TSba6xBuB2mD3ph1auju+uAWDpbmLCj0X2HkZ3d74 - dk7P/qsoWOXsFbbt+hbqvUpoX5fYzAhthH323fJSZY33mnhVtrZ6NW61fDWGjQLK+djkv4XwjvJV - Ykeu87tezVUSQYZEzBLKvn47fyuNDmGljvQyupL9BwAA//+8lz0PgkAMhv+Lg6P4gSMh7piY6Mpw - GiJGhQhcjAP/3fY+oCeYnBxxpNDjoS1t337Y5XiwXVKNuXTGXI2DKRuNCboVNo26ckb1x0GFijQ5 - o/ypIX1nyPVokJ0SjYRNo64ndYwLFv0T3dD/WQo9U8e362Aswyb008y5ZNfGRY8c/2PkRPKh/pGD - lddpe1/7NnZlMecGTpvuDqxOa5EjadC86j70W17luOOjkLFMY1MJi9nckwd5JT9DaqvwwZPiFVh/ - fJ8uAGZWVeyU3lGfDIoH8ScxIdY2Lhv6qIyN4W33HYbyxuoZmEjiT8CJlSQUrkGkClHe5tU4wCW3 - SmJ7UOnXpAhhbywgIEqjwDY4LdP8uefHAyjTHcN7AU51ai6lRbkKUJADQcZhmx1QJ6IwgPQMwt0u - uqj4jQLQ3iT92tQkvzW4hQ9f7snT2PGWwO7NilMaqt07EPLp1zDIMsMVPK7fAAAA//8DAMUZSmpL - FgAA + H4sIAAAAAAAAA+xWS2/bMAz+K4IPO2VxkwXbECAoinaHPTAMSLfLMAyMzTRaZMmT5DxW9L+PjO1I + SXdw0z0u88mi+fhIfSR9m+CmBJ0n46S05htm3iW98Dr+fBsUpHMV+m2JrOJQzUm28L504zTNcU4G + uflm+uAVOCdB9zX61KLzKZQyHaaN13RwRg+5kOy0PSxxS6f316+m13TSUCAdP2rpPTnggLACD/aj + VYTqNhm93IxePjB+peUKrQP1tfaVriSuU05oD635MDgbnb2gmMPRZjj6s1HOnfyBE1eAUhRw8Hwz + eP43Am7aiM+Gm2fDvxGxwFxWRXLXi3nE/DqBSXsPv+ZSji6zsvTSaJJeiJm8EZVDK5w3div8ArzQ + iLkT3ogZipk1S9QiN2vdF5cWwWMuZlvxRloQUzP3a7AonpKC0MYLSsQLY0WOCj32OXpmNDGzSxay + gBt0KVu4kIdLsZRZ361uAvlfkYROlfYWtFMM6v3BF1fNPLhlMp6DctgLjTqXqHLumeaF+sVVRQF2 + y68Wv1fSIil6W5GZyxZYAH9hJGTuvJWagbit81iwpLG+24ObNpK2cVuNXrIAd4VzqJT/BKrCPTpT + ogW+Er51unSffIm50AlZ0I7ABWGA95pl4rrWrBHGtp0wfqGZo5RZY75T+k/WDmQ9puRCUkFttti+ + wxVSyMEdX3pmitJo1Lxg4ltvjO5dO1gLTC1JF04mwT6mQeQ08OAyCFseRHodiZBAnnMk5HgWC7PC + 5Bfk4MzAe8gWBUM7KbPIPkotkobULmLVOrUD626ptX3YzO1OXdjqRghbUYD3Ya9UYwtGDwB2v8gn + deDjfjwaax4mb+tZ1zQZF0AWpZI0ZsMd//9P+Z0B/91/ym5SHQznLg19f3fGLkJ7XEXSloOx5oPa + pN2jSurliSM1sj9erbU0QH9HZ1o5uxUbxuqBA6i84dHLK6fjqjlemCktlCXa86yylgZaM05e55Mn + bmHW02p2TXvmA/C3Cc+pWOxqSWO6A0qdO9GVUk++V2i3k8715dG/G+yE9IbWcLfq8v6O67i3jsZ3 + K9oP7yB4XPk4eFp7g5nC1CFv4POG8ZPdpDsuw08AAAD//7yXTY+CMBCG/4rhrCCKl73szbiJe/Vm + Nq5B6EbB+BHxwH93ptOWQtEFSryO7fRxOp335b8yyDbbsWwFL4rCTSpR7TN8j9Tfqjh6zqI+c5YN + xOKiyfSlbdCHQsJfi/f2CpbrwD3zD6iD7zdSQ/XiabvDHYZ7vGfs7EanMEzi9AhA7h/4s48oHqF3 + Gu03vyFONdrzBdn5gcXfRz814HZf+RaDrk0FSONZemKXykfAs5tTq0syL2K6zqtlUuhVwMCjEtbQ + mRfSUejpbA+L09XniiQMAjGLYshetroLCuIJ3EdAMexgJ/3BmqQSc2KNOe0Hk/S1DPpNmitQp9ao + QT+o0JFlzmV6k5CBNeSsN0ijRZc8JlFnTr5GK6O/RDv0d7ZCzWAOmk2wTYJDqNVYBv+itsipHFSm + Mvof59lUxs4zxt7LqcyloKOamm5TZNPcGgUkr/jdzmP47tijRN75GsHVXj5b+om6L+ocLfc6fwAA + AP//AwCCPhvukhYAAA== headers: - ATL-TraceId: - - 6e35bdaac72976b0 - Connection: - - keep-alive + Atl-Traceid: + - 692f0e30b16111b4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:58 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c639fdfc-c968-47b1-bb0e-a0b12eb6eee9 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '396' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - ee1ee34d-dd8d-4578-8dcd-2e7f9a3496e2 - x-envoy-upstream-service-time: - - '74' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2894]\n\n*Defect Dojo link:* http://localhost:8080/finding/2894 - (2894)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/709]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/321]\n\n*Defect Dojo link:* http://localhost:8080/finding/321 + (321)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Epic"}, "customfield_10011": "Zap2: Cookie Without Secure Flag", "priority": {"name": "Low"}}}' headers: @@ -816,53 +620,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1728' + - '1361' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11121","key":"NTEST-932","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11121"}' + string: '{"id":"11818","key":"NTEST-1480","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11818"}' headers: - ATL-TraceId: - - c9674ca8e9dd0442 - Connection: - - keep-alive + Atl-Traceid: + - e0bbf507c6b2cff1 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:31 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 70970cf8-1e96-48a1-8ba4-a9df657730b1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '663' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - bf711524-b6e5-495d-ae83-928dabee69a1 - x-envoy-upstream-service-time: - - '795' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -872,95 +682,100 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-932 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1480 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/xGkdAMaSO22VL08x2GqBpYdDSWWYtkQJJRfba/vcd - SSlukjprEwRwxCN5r889vM8erEvKUy/2JPAUJKSvGOSp6nBagOqoZAkF7YgSJNVMcNWBlOkCNO0k - S8ozyEXWuQapcA/SMZQSFHDtznodjxnNYRhGIS4U5AtcLrUuVez7KSwg0an4JHpU51QpRnmPg/ZR - h/ZpyfzIZ0pV4LcKVrDB+2fT0WTaPdyPULKwznrxZ0+h0UolVEMm5MY5l+IKL0RBFHaDfjcaTMMo - 3j+I98PeYXT4WxAFgfHR2NCbEqyaR/po7vthEDiNNupmkYJKJCtNRlB6ROYsI5UCSZRGR4leUk04 - QKqIFmQOZC7FCjhJRc17ZCgBY0jJfEP+YpKSiVjomkogXTxAuNDE1IMISVLIQUPPWE8Ev5D5j0TB - CpqB8s0NtY1D+VCypKeuM9RmcICqRigxJazmmqqVFy9oruBrx9MMYVJiyb2YV3ne8UopPqGxR+ay - uf39TH5T/q1jF5xpjQoM2prbU4zhb3tWNekynrOizBniJW2c73j0mmoqMVUWQP3Buj/4EXcVJJWE - 1lWn5I+SpS+sn784wYlZ9oMDtBz111H/0YoV+xdeqILm+S+q+f+ArfD5Onz+NFvr1ljz8YC1/WiN - XfgkawXityrQWvOx09rXr6bb1+8c12DFrj5iBbNMQoYdcg+GiCmRV67pnCSpsOEKSxgztBAd7NoY - 3NfhiMRJayFXlgy9uBs27GEQLFnizH2+JzP4QvfVUlR5esxUmdPNtoVqqpFlHYn9fMc4hrzhRN9p - k6Yd7OdQVCYr1tNLI2A882ItK2Madep3DGrTFE0yHOHsYM3f+0HLmnezFuxKZ7hrI9q1sb/lEiYk - 05tHpqa97vefwIqNEoaCXNS3SfFU1C1H9T2bzjkYMjHQvBvU8x3Rmnb9/sYugIYDk48lVYaTTxlf - 2Rf7GErzgPOkRZbFW233biRc8BG+F3SewxiocmiVzZd3fnrx+uRsdnoyHJ1NRrPRePx2jPFhZylM - CB6YLoGcI51yTYxdwhQRPN8QbFWWG6XmCbPv1LmEAtvZPnSqZ5v3bhSHqDD4woKgvzqIPfeSYO0w - +dteu9XfWIaMcZrfPdSMH03ebT/k6F1LEVjXDN/X9nRVmmb+AYC7geKR0HOXb56x2zPAz6FxC7eX - NFnhvNVCrlXubA2byedJDrfjk29mK2Mkal9dDgbqiciFPHPezPMKuplEJrtxcCrIsXDFFkWJEyHX - TRUeqt/t5Hzg27+9KdM57MXk6j0to5gMhVgxIJdMI5NqMrGvCnmV0+yLiRVDzUVC86VQOh4Eg8Bf - MJ4i3/nR4LD/0Wo8trlANz8JYlAS75H/v0qemd9frYIJIN6QVPAitr8VDS9HuLrgK44z243vw3f3 - pHvnUqQVjjcjnmFHFZgff4rpwHNXNhjUS/4UdVeLHQGVjYLoI/HJVag0+aeiUuM0uVW54ypsbYb2 - 9vujczJJKN9x3gxV/kFw6PL2UlKeLP0pzdDZMyytk1YsT0+OvxUNRVHgRIr0tPxGbBK3URoKhbGn - pWCIjL3Yym3+DUwLyrhiOMMieOJ+f3/X3i65n6LNuaAybWtwU4vjLcSM1SOSOCShlzhy47StQJO6 - gZVGlnMDC1kgtDqkXrJkSQqgXLlx3ZxoNGD+zNBOkwRZEgf1a0ZJhcBP5KY0gzv2OQc3BPSMK2PE - HxJoAnGLu7que6KmquwJmfmIOlj3ymVpgYEAnC2EnDljakY1jhTzCksze/b28mhy3p286eLjYqF5 - MT51Sh9KzBvAINOYvB5NP3Dkclr8BwAA///sWdtq20AQ/RVhCCQha0vyPVBS06bQh7YhhhZCX9bS - xhbohi5OSup/75nd9dpRJDe4JfjBEILsnZ0Z7c6cOTNG15BdWkm69H7G18uASgicm4qCqXRbr/2j - AT8K/CYDam2HgWa1JLEM8D9XZ9Rk4qWcDIwvqOxz2a1SXPxYiJjS2+LmehM0s/ADAUHOBEthBTFu - JJJ7qO9CDeRYzakEofyhdbug+IgtJIEifBYPH/gvCjQr5TJIyhwXayFytuIEDWsswjbyOKfIM3G2 - FYlkiwIV9rV/+dpB0peXiNJaP2XknX+OUu4V9J5fEyuQHyzgCR2XPP3zaSFS2YVmQuGMUMI6s03o - yswF6LGB08OhTaYfmNPVB3or0oTwiCDtlONi4zPr9Ow3LjMskktgyUvq6DRRRwfUsfU35K/R5+5Z - A5UeyZi+Sayg+g1+BorBUexMgdvUXyzWMBvw19Z88cgkHWQOsc+qSK/plfvrBaqYRYaKL/k6tQ8V - UduIVheaGKVtGKUMKkms6wVNC1RdGNcys2pFB0xxb0GlRlX/vIwiTtTkVbdJHUiS7XmHRDivgMbU - 9aB37N/zXtd3ZqOe3Z/hBYbDseO6A6JNRggWdogJCt2J78MGuExr4wPT3ex7A96kdOdIQeVyG6RJ - iknoVI+dvuM6PeHYouv644HX9fpDxxv1fd/mg3tHjK78d1LLSXdy4n7Cn9rHIh7rqs6Y+ipvlzl7 - wIkwt01p3E7LWRh4dGQs5TynE8N+YEYRoCvA48cbNminMflfnVUcvsfVicfhe1ydmhy6x4AeX80s - NPPf5tA3etxH+URlR40WFHzdoXJA/LrMklR07oA43mKTeDSlw6rJZLKjx4u6ach0LTlCwdtf+hEK - 3sLjIxQ0QkGVeYAktp5WtGfNPOD7XKXiE03+9bMNg0nBQzzVaGkaRtpNw0jbDCOrC4bCiXgZZEms - 6I4eaZT6tyf18VWeom+WGp7WjxoF90C+rV/NOmu9F62IP96KvAxJ8ZZtOUDKikmh/FgmxX+bRStd - RidMoeH+nsjxm5l+J5kcapFF48dzZ91n3uoN8nRWq9UfAAAA//8DAMboocLCHAAA + H4sIAAAAAAAAA7xXbU8jNxD+K9Z+ammSfSFwYaWqoiS01yKakgDSUYSc3cmuL157z/aSpBz/veN9 + SSAh7cGpp0hJ1h7P6zOPZx8cWORUxE7oKBAxKIhPGfBYtwTNQLd0lEJGWzIHRQ2TQrcgZiYDQ1tR + SkUCXCate1Aa9yC+gFyBBmFq2ajQRmZTq/DO9zzf6yj4VIA242UOQ0UjwyJwWg6z9n2/5/fwQQOf + 4mNqTK5D141hCpGJ5UfZoYZTrRkVHQHGRUvGpTlzA5dpXYDbKJjBEs+fjwejcdvv9jxcKl3QTvjg + aPSt0BE1kEi1rGKI8QlPBF4QtL1e2z8ae14YBOFBr3N0sP+DF3hWR2nEoOOlmjc6ac+7mIpKYxl2 + /RCDjhTLbeJw9ZhMWEIKDYpgCtWSmJQaIgBiTYwkEyATJWcgSCznokNOFGAMMZksyW9MUTKSUzOn + CkgbBYiQhtiyEalIDBwMdKz1SIpLxb8kCpbRBLRrT+h1HNqFnEUdfZ+gNgsXVDXAFVvDYmKonjnh + lHINLSdliB8VpcszuAc06T+2HMMQYDmCxQlFwXnL2UDLvtds5Ep+RMfemPf69MtZf4KVdRCXghmD + CrSzsm0B+3spq+vU2ihZlnOGDserQOk9NVRhWkuwdXuLbu+V7haC2X6i/K7S5d4zmLslbppI6g3f + 63rv0I2guwi6/6+VnzT7G37UGeUcDfqHC//wWxhcNBb3g8V+8C0sZtgnReY8Pm7D0d+F06DZmLLF + VUWFWP2bW0RDkihIsDO3sI5+Sl5Uzf6i1uDdro3ero2jbeUVs1Wrc6lmJYk7YdvHR2qQ2ytOfH1T + VYy75li3Uqdsy5R/T2Rho/Utb17bBSYSJzSqgMeaSq02xaIqBw9ba9YzFNWpLHjcZzrndFm3GS6j + W+YK62lbr85GRYE7ePwgOGp4fDNtK5rZ3NhV8GBV8FwxqZhZvjGJzXG3+xV0XCthuMDl/Dkbn8l5 + Q3hdZxvSwX4TCKcTsJRlQbspdLgjDZYCXt5A6DoxVbO7CS8sT27u92y+UqrtZXHGxOzU7vQhtwOI + iJoql7Wfl3urFSHFAC8yOuFwAVRXyFH1P2d4dvnL+/O7s/cng/PR4G5wcfHHBZrH1tOYMBQYp0CG + yN3CEGuXME2k4EuCPMC4VWrv1vICHSrIkAjKG1h3XuIDH9vN8T4zz+upSehU9xnWFouz7rlnBIBl + SpigfFOoHp/q9Jd9wNG7hkOw7gle/I10kdum/gKcV5POG6FZHV7dmc+Hk9ehdQ3Hn2k0w3mxgWSj + vLJ1Uo9kX+VwM9e5QW0kaK54AbYVIsmlOq+8seBsJwpZZeXgWJK+rIotsxwnWmHqKvxb/Z4n5y+x + /uyNmeGwF5KbDzQPQnIi5YwBuWYGWc2QEUQFzminnCafbawYKpcR5anUJux5yKpTJmIkTnc/8G9L + hf0yFejlR0ksSMI98p8nyXf49X15fITjl2UcPIbcUDvZL4D0MR5c7EPUIf5hi1hsraI4uR7g3g3+ + tA/9bumqLUs0h07GjIKOVImLqKS2UgyHJ4tmF0U7qcl46Xil58rquRQzgUPrkywNlYwLvI4HIsE+ + zTDr7hiTbG2WKUKHya9y3jZyR5ryWkFwS1xy42tD/iyoMjg8r1XuOAprm355+sPxkIwiKnbI27kQ + 3zSOVlE9iWO01AYyjXHEuWSInb2wXC9LZDOWUSY0w/Eb4YUJ0+lEUhXvktjS318DzWo+JlGFJ6RS + fCPAlwENhsxrcBnkOl0BbIoAa5F5yqKUZECFrt4mrARq+AcAAP//7Flda+JAFP0rQShYaNIkGrUL + pSvsLuxDqbSwhVKQMYkfYDIhH2rp9r/33JnJGEPsFlmKD4IP0ZncOTNz7z3nXskC9vsco6hgvo9k + iUJitWBGAf/305eECguEexxKXrYqiG5x1zNR7BGgx3kYk4MZTNvlqAWxIyChbUGQGYt4ytNIvEP1 + CFIww2hGGRDZFyXNBQGDcdQrkvwNtlyzF9qikTCBrsjg2gaLjQpAVHJxuLRw4xntWe9QnsFzTIdA + q9EZAYFCmJUQyWBW4IAakVb2XNn9PYIRZIIjo90rf1mv1xZfsywRUYEoDDdWMk+ER2ORMWyO1dpj + lkPtTAr41Lh99zh8GJkPtyYoVwSrXiTh5MoUDW0WRIv43Gif/4WjLHP+DW7YQLD7JI0DSdP6Vypq + sOcemJSlHUHhd8JtiVCgG8B5jKRBmXG3hIDBBqqFTmnN5htTyBST1FJ9Rnffjr1ygDJ4noKBhBAl + aVmbauup9YF9QsfWGl04mRCCzRO1Zt8RBHUiqb+lBT38hPlzSlKSjbIiihhR5acuk4QxTw+8QhJA + N0gLJOd/B9felHU7gTMZdG1vAoz9/pXjuj2icT0JK3wwLSTPHQYB1gC3trYYTFWVfdfRQ0Y/rKdl + bFsgcTFNpFVV03mO63RDxw47bnDV8zu+13f8gRcENutNnXBwE1wLK2ed4Zn7Cx/5nhmxWPGBacqf + MqvIzDVOxHQtIhorKSbLhU9HZiaMZXRieF/wHlQqHn+MzJ6VxIS/XpsfP+J6cX/8iOvNgWNHjNQT + yHpWKdGqqBupXhfFE7GQrJll+nqCIsX0n0XKk/DyCRnHn28Dj1pUGNWRTOuoPpwSsamiklMq+PpL + P6WCr0B8SgV7U4FWHoA4kxH3St1t9WzDLs8ZKnq7QRrta4XZuhVWH9CtpfqAVmphvFqkPJaqRlXS + hfovRn79FFIeSQuv5aNKdgckuMrfSJel3YtWxDb3YVYsyXBlbdG3SPNhLnGseP7/mqnSmDaKtVDi + /eGi7VN2QKmdS80UWlID2UXr7sBVL4jjeXt7ewcAAP//AwDmZ06z+hsAAA== headers: - ATL-TraceId: - - 950309bd65b69c3d - Connection: - - keep-alive + Atl-Traceid: + - 6b37c71a5a1b46e2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 630dcdbc-0cbb-4f66-a11e-67d5535eece0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '248' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 57ab8c07-1db6-49b6-ab77-e4bfadd97b51 - x-envoy-upstream-service-time: - - '127' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -970,90 +785,95 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11121 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11818 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+DF1mWy/xGkdAMaSO22VL08x2GqBpYdDSWWZNkQJJRfba/Pcd - RSlukzprEwRwxCN5r889vM8erAsqUi/2FIgUFKSvGPBUdwTNQXd0soScdmQBihomhe5AykwOhnaS - JRUZcJl1rkFp3IN0DIUCDcK4s17HY1ZzGIZRiAsNfIHLpTGFjn0/hQUkJpWfZI8aTrVmVPQEGB91 - GJ8WzI98pnUJfqtgBRu8fzYdTabdw/0IJYvaWS/+7Gk0WuqEGsik2jjnUlzhhSiIwm7Q70aDaRjF - +wfxftg7jA5/C6IgsD5aG2ZTQK3mkT7a+34YBE5jHXWzSEEnihU2Iyg9InOWkVKDItqgo8QsqSEC - INXESDIHMldyBYKkshI9MlSAMaRkviF/MUXJRC5MRRWQLh4gQhpi60GkIilwMNCz1hMpLhT/kShY - TjPQvr2ht3FoHwqW9PR1htosDlDVCCW2hOXcUL3y4gXlGm46nmEIkwJL7sWi5LzjFUp+QmOPzGVz - +/uZ/Kr8W8cuBDMGFVi0NbenGMPf9VndpMt6zvKCM8RL2jjf8eg1NVRhqmoA9Qfr/uBH3NWQlApa - V52SPwqWvqj9/MUJTuyyHxyg5ai/jvqPVqzZv/BC55TzX3Tz/wFb4fN1+PxpttatsebjAWv70Rq7 - 8EnWcsRvmaO15mOntZsb2+3rd45rsGJXH7GCWaYgww65B0PElOSlazonSUpsuLwmjBlaiA52bQzu - 63BE4qSVVKuaDL24GzbsYRGsWOLMfb4ns/hC9/VSljw9ZrrgdLNtoYoaZFlHYj/fMY4hbznRd9qU - bYf6cyhLm5Xa00srYCLzYqNKaxp1mncMKtsUTTIc4exgzd/7Qcuad7MW7EpnuGsj2rWxv+USJhUz - m0empr3u95/Aio0ShgIuq29J8VRWLUf1vZv7gTxvA+F0DpZlLGbvHLLt+t00hLsAGg5sPpZUW04+ - ZWJVv9jHUNgHXCQtsmq8VfXerURIMcL3gs45jIFqh1bVfHnnpxevT85mpyfD0dlkNBuNx2/HGB92 - lsaE4IHpEsg50qkwxNolTBMp+IZgqzJuldonrH6nzhXk2M71Q6d7dfPejeIQFQZfWBD0Vwexd6eX - MeUZE5RjMbEa2+aze3dlzfjRpLfuB47etRSBdc3wfW1Pl4Vt5h8AuBsoHgk9d/n2Gft2Bvg5NG7h - 9pImK5y3Wsi1yp2tYTP5PMnhdnzy7WxljUTtqyvAQj2RXKoz582cl9DNFDLZrYNTSY6lK7bMC5wI - hWmq8FBNv03OB7H925syw2EvJlfvaRHFZCjligG5ZAaZ1JBJ/aqQV5xmX2ysGCqXCeVLqU08CAaB - v2AiRb7zo8Fh/2Ot8bjOBbr5SRKLkniP/P9V8sz+/lormADiDUkFL2L716Lh5QhXF2IlcGa79X34 - 7p5071zJtMTxZiQy7Kgc8+NPMR147qoOBvWSP2XVNXJHQEWjIPpIfHIVakP+KakyOE1uVe64Club - YX37/dE5mSRU7Dhvhyr/IDh0eXupqEiW/pRm6OwZltZJS8bTk+OvRUOZ5ziRIj0tvxLbxG20gVxj - 7GkhGSJjL67ldf4tTHPKhGY4wyJ44n5/f9feLrmfos25pCpta3Bbi+MtxKzVI5I4JKGXOHLjtK3B - kKqBlUGWcwMLWSC0OqRasmRJcqBCu3Hdnmg0YP7s0E6TBFkSB/VrRkmJwE/UprCDO/a5ADcE9Kwr - Y8QfEmgCcYu7qqp6sqK66EmV+Yg6WPeKZVEDAwE4W0g1c8b0jBocKeYllmb27O3l0eS8O3nTxYem - hubF+NQpfSgxbwCDTGPyejT9IJDLaf4fAAAA///sWW1rGkEQ/iuHEEhCVu9Oz5dASaVNoR/ahggt - hH5Z7zZ64L1wLybF+t/7zO66mtOzwZbgByGE1d2dmd2deeaZEVVDdm0l6dz/Gd/OQ0ohMG4kCqbC - bTX3jwqCKAzqFKi5PQrqxdKKeYj/ubqjOhXb66RjfEFmn8hqlfzix1TEFN4WN8+boJiFHXAIMiac - CyuM8SKR3EN1F3Igx2xOKQjpD6XbFflHbCEIFOGz+OyJ/yJHs1IunaTM8bAWPGfDT1CwxmLWRBzn - 5HnGzzY8kXSRo0K/ti9fGUjy8hJeutNO6XmXn6OU+wWd82tihfKDBTyh65K3fzkqRCqr0EwonBFq - sY5s47oycgF6rOt0cGnD0QfmtPWF3os0ITwiSDvneNj4wjq/+I3HnBXJNbBkmzo6ddTRAXVs/A35 - d8hzD8yBSo5kTN8kVlD+Bj8DxeBIdibBrfMvJncwG/DXxmT6zCTrYw6xz+qSziahKTIkdknLqUqo - LvVqbseunahjlLZhlNKpJLHevdCUQNWJwWoCSMT9KWWTHZVYNcPnZRRxoiavek2qQJLswDckwnkD - NKaqB7Wj98g77cAZ9zu2N8YBer2B47pdok1mETTsWSbIdYdBAB3gMo21DUxXs+8NeJPQvS0FFctN - kCa5TEKnGrY8x3U6wrFF2w0GXb/tez3H73tBYPPuoyP6N8E7KeWsPTxzP+FP7WMRj3VWZ0x9lTfL - nD3hRpjbpDBupuV4Fvp0ZSzlPKcbw35gRhGiKsDw4x3rNtOY7K/2Ko7f4mrH4/gtrnZNjt1iYFKg - ehaa+W9y6Dvd7qN4orSjWgsK1x6QObD8tsySVLQegDj+dB141KXDrIlk0qPbi7poyHQuOUHB2z/6 - CQrewuITFNRCgSEUMHGiIm5BDX49tiE3KfgMo23OZINRNhbLxvZEXTPSrmtG2qYZWZ0wFE7E8zBL - YsWFdEuj1L89qY+vOcI8Kf5bD1jJMjKhCIXu90S2vVZdZ7iWsnixGmrUPVi//JWutZJ71Yj4873I - yxkJ3jirbFhlxbBQ56Z2OjW16OTm+5eb3Re79QZp7XK5/AMAAP//AwDpOso0whwAAA== + H4sIAAAAAAAAA7xXbU8jNxD+K9Z+ammSfUngwkpVRZPQXosoJQGkowg5u5NdX7z2nu0lSTn+e8f7 + kkAg7cGpp0hJ1mPP6zOPZ+8dWOZUxE7oKBAxKIiPGfBYtwTNQLd0lEJGWzIHRQ2TQrcgZiYDQ1tR + SkUCXCatO1AaZRCfQ65AgzD13qjQRmYzq/DW9zzf6yj4VIA2k1UOZ4pGhkXgtBxm7ft+3+/jgwY+ + w8fUmFyHrhvDDCITy4+yQw2nWjMqOgKMi5aMS3PmBi7TugC3UTCHFZ4/nYzGk7bf63u4VLqgnfDe + 0ehboSNqIJFqVcUQ4xOeCLwgaHv9tn848bwwCML9fudwv/uDF3hWR2nEoOOlmjc6ac+7mIpKYxl2 + /RCDjhTLbeJw9YhMWUIKDYpgCtWKmJQaIgBiTYwkUyBTJecgSCwXokMGCjCGmExX5DemKBnLmVlQ + BaSNG4iQhtiyEalIDBwMdKz1SIoLxb8kCpbRBLRrT+hNHNqFnEUdfZegNgsXVDXCFVvDYmqonjvh + jHINLSdliB8VpasTuAM06T+0HMMQYDmCxQlFwXnL2UJL12sEuZIf0bE35r0+/XLWH2FlE8SFYMag + Au2sbVvA/l7u1XVqbZQsyzlDh+N1oPSOGqowrSXYev1lr/9KdwvBbD9Rflvpcu8YLNwSN00ktcD3 + et47dCPoLYPe/2vlJ83+hh91RjlHg/7B0j/4FgaXjcVusOwG38Jihn1SZM7Dw3M4+rtwGjSCGVte + VlSI1b++QTQkiYIEO/MZ1tFPyYuq2V/UGrzbJejvEhw+V14xW7W6kGpekrgTtv2azmy6FIsqP+6f + rVkQYyZ0KgseD5nOOV3VUMdlzLu5xJxa+NcmqMH7ouLZ1zdqxeIb3nYrdcq2Yfl3IAubwdL5K7vA + ROKERhXWm6iiwB08vh8cNjy+nbY1zWwLdhU8WBc8V0wqZlZvDLg57va+go5rJQwXuFw8ZeMTuWgI + r+c8h3TQ3RXhQSPgdAqWyyyat2/z9aZtAULXiama3055YXlyW963+UqptpfFCRPzYysZQm4HEBE1 + CCtxtyhl6xUhxQgvMjrlcA5UV6hV9T/n7OTil/entyfvB6PT8eh2dH7+xzmax9bTmDDcMEmBnCF3 + C0OsXcI0kYKvCPIA41apvVvLC/RMQYZEUN7AuvMSH/jYbo73mXleX01DZ6vZsSQJE5RjsbFamya0 + su21enyqs1x2AUfvGg7Buid48Te7i9w29RfgvJp03gjN6vD6znw6nLwOrRs4/kyjOc6LDSQb5ZWt + QT2SfZXDzVznBrWRoLniBdhWiCSX6rTyxoKznShktLWDE0mGsiq2zHKcaIWpq/BvNX2anL/E5rM3 + YYbDXkiuP9A8CMlAyjkDcsUMMqohY4gKnNGOOU0+21gxVC4jylOpTdj3kAFnTMRIcm438G9KhcMy + FejlR0ksSMI98p8nyXf49X15fIzjl2UcPIbcUDs5LIAMMR5cHELUIf5Bi1hsraMYXI1Qdo0/7QO/ + V7pqyxItoJMxo6AjVeIiKqmtFMPhyaLZxa2d1GS8dLzSc2n1XIi5wKH1UZbOlIwLvI5HIsE+zTDr + 7gSTbG2WKUKHya9y0TZyR5ryWkFwQ1xy7WtD/iyoMjg8b1TuOAobm355+sPRGRlHVOzYb+dCfNM4 + XEf1KI7xShvINMYR55IhdvbCcr0skc1YRpnQDMdvhBcmTKdTSVW8a8cz/cMN0KzmIxJVeEIqxTcC + fBnQYMiiBpdBrtMVwGYIsBZZpCxKSQZU6Optwu5ADf8AAAD//+xZW2vbMBT+KyZQSKF2bSdO0kHp + AttgD6WhhRVKISi2c4FYNr4kKV3++74jKYrr2V0Jo+QhkAfHko6+I53Ld45JAvR95igqmO8jWKKQ + WC2YUcD+/fQlocIC7s5DyQmsEqJb3PVMFHsE6HEecjIwg2m5MWpBaAQkpBYImbHg0ziNxBqqRxCC + GUYzioCIvihpLggYhKNekcTDYMs1eyEVjYQJdEUG0zYYN0oAUcnxcGnhxjPSWWsoz+CZ0yHQbnRG + QKAQZjuIJDArcEC1SEs6l7S/hzMimeDISHtlL+v12orXLEuEV8ALw42VzBNh0dhkDJljtfeY5WBa + kwI2NW7fPQ4fRubDrYn0K5xVb5LEZMrkDW0WRAt+brTPf8NQlnn8BWZYk2CbKI0DStP6Vyiqkece + GJSlHJHC74TZUkIBb0DOY0QNdhF3nxAwWJNqwVNas/nGFGzEJLZUndEtJ9g8RaIR3JDYa3Wq13A4 + duOAJjrClgTfq5/YxNltzdlx48yfU7ipqRCqiaUqRRP8rIgiRqnyQ5dJxDhOD7xCIkA3CAtEvX8G + 196UdTuBMxl0bW8CTP3+leO6PUrjehJ2eGdaSJY7DALsgdza2mMwVVX2VXsPCX23npa+bSGJi2ki + rKqaznNcpxs6dthxg6ue3/G9vuMPvCCwWW/qhIOb4FpIOesMz9wf+Ml1ZsS4ygemKV9lVpGZa5yI + 6VqUaKykmCwXPh2ZmTCW0Ylhvch7YKl4/DYye1bCCX+1Nj9+xNXi/vgRV5sDx44YMSmQtbRiomVS + N1K9LvInykKyvpVx7QmMFNO/F2mchJdPCEX+fO941KLCqPZk2kf14RSJTVUqOYWCz7/0Uyj4DMSn + UNAYCjTTAMSZ9LhX6m6rZxty45yhorf/5kx2UyvM1q2w6kBTa8nWTC3kq0Uac8mFVCVdqG8x8u9H + kK7i/P81HKUwLRQ7obT6FYt2y67rCROSkF93jyq6HgxAfLe63Mm9aEVscx9mxZIEl5QVjZI0H+ZS + cWrnUjOFVNfv3y5236xWCwTa7Xb7BwAA//8DANp+iW/6GwAA headers: - ATL-TraceId: - - 8443b6bbcac7c7fc - Connection: - - keep-alive + Atl-Traceid: + - f36e67109db27314 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:32 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:22:59 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 081ad0be-f39d-422d-a6c0-8c15b67dad55 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '266' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 4718f6a2-a716-4933-baf8-55c836a3729e - x-envoy-upstream-service-time: - - '111' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml index b1cb8050ec4..1125ae5b306 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlp0jYlN9GDiqxCuycRSZoJVtKmtKmwLPvfTXDx4za88zzz - Miei1YqHxRFJ3kOYV7nbGbTYB+M/PFXBqXUd1EQnDCQjn7isg58iXAAUFCjk7f76ub176n63+23U - cSLyJUEZZPCaEYOz88cRp9AdZ4wHbpzfTJT0NjjzrRCZhEpcwlsVEsiAFTmUORNdUUooJC8pAFwB - A4j+ikvs7YbxH9t0BZNcSN7Qqmx+2H68n6yPoGCNqCurVc+RK6yht7WotdFKgO0BVFkKoZH/KQgu - NTwMiyLpHas2Fx59r1J8Iu4yEZzeDi05n78AAAD//wMAwP80KVoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUbBCYEko5z9sPz444xNYl5SbwhhT8IaxGosGsawkq2kvUdU956XGov5bEO3a + 8DjMEtZ3jFxsfPK9XOMT2MsE2r3td3A+fwEAAP//AwC0qhamWgEAAA== headers: - ATL-TraceId: - - c051ceb3affc9f08 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - a1deaee634e3a4a7 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 49115ef3-cc5e-4e79-bd63-c7355193a941 - x-envoy-upstream-service-time: - - '32' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 4a5133f634d0841d - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 708b5069-18fb-4bfa-92a5-fe1869b33fb5 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '122' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fd7b54bf-843a-4897-bd05-4a9585860fed - x-envoy-upstream-service-time: - - '79' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,93 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 9918fbe3c03b2467 - Connection: - - keep-alive + Atl-Traceid: + - 190d20dc2eb6ec6f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:38 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:04 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 98922c50-a61b-43a4-897f-ec3fb22b7d31 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '203' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 735ac447-083f-4ddc-b6a1-e93e904a97c3 - x-envoy-upstream-service-time: - - '109' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/2897]\n\n*Defect Dojo link:* http://localhost:8080/finding/2897 - (2897)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/711]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/324]\n\n*Defect Dojo link:* http://localhost:8080/finding/324 + (324)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -286,53 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11122","key":"NTEST-933","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11122"}' + string: '{"id":"11819","key":"NTEST-1481","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11819"}' headers: - ATL-TraceId: - - 100e8d908197f362 - Connection: - - keep-alive + Atl-Traceid: + - d4647d5143cd3457 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5ca8c86e-f2d0-4cb2-a0e7-e8bd360935ed X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '685' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 53611dc8-f069-4d4a-9cf1-8e3b9cd11fc8 - x-envoy-upstream-service-time: - - '477' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -342,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-933 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1481 response: body: string: !!binary | - H4sIAAAAAAAAA6RW/0/bOBT/V6z8cNpxbfOlvVEiTScG3Y47xri2DGlsqkzymnpN7Mh2mvY2/vd7 - thPKYOU2BhLEz37fP+9jf/ZgXVKeerEngacgIX3FIE9Vh9MCVEclCyhoR5QgqWaCqw6kTBegaSdZ - UJ5BLrLOCqTCPUjHUEpQwLU763U8ZiyHYRhFuFCQz3G50LpUse+nMIdEp+KT6FGdU6UY5T0O2kcb - 2qcl8yOfKVWB3xpYwgb1z6ajybR70O+jZG6D9eLPnkKnlUqohkzIjQsuxRUqREEUdoNBNxpOwyju - 78f9g97g9/5vQRQEJkbjQ29KsGaeGKPR98MgCEycLutmkYJKJCtNRVB6SFRB87xDUqY044kmJYME - iJiTWshlz2gngl/I/HuiUJBUEvwVg5quqKbyD8X+hRcFNqkqfnGik/RFGPTDYbOcYqAvtil3PNNo - 9DWlaml6VF1r8xXPaa6g47U2vNgauel4miEwSmyyF/MKM/FKKT5heE+sXqNta2e70dbOLO40fBvp - BWdaowGDr0bbJPW3PavEXNdUmsQUK8qcIULSe9lgcS1kBsP1YPg94TZlbpw1lS6ZKSz+3K3zINhH - z9FgHQ2ebNi20KLkF9X8f8RX+HwdPv85X+vWWfPxiLd+tO5HP+etAadqP3Z6u7kx871+59gFO3b1 - ETuYZRIynOsHMERMibxyY+YkSaW0KCxFzNBDtL9rY/jQhqMOJzWDaenPi7thwxcGwZIlzt3nBzKD - LwxfLUSVp8dMlTndNChEcU018qqjrR+fGMeJtyzoO2vSjIP9PBKVqYqN9NIIGM+8WMvKuEab+h3S - hRmKphgSMFczdd/iybA/aHnyftWCXeUMd21EW8pgQjK9eWIFWnV/8GN0yQqagfKNhmqNMBTkou6p - VbalmFNRt1Q08G4eJtJvE8npNRgyMdC8d8hM5TfLEO7CYTg09VhQNSpZcsr40l7Fx1Cam5knLYAs - rGq7dyvhgo/wYqbXOYyBKgdK2Xx556cXr0/OZqcnR6OzyWg2Go/fjjE/HCCFBcED0wWQc2RNronx - S5gigucbghPJcmOUaEH+YpKScwkFTi2pFCKuZ2f0fhYHaDD4woJgsJzH3r2RxZJnjNMcm4nd2M6Y - 2bsva94VTXkt7HOMrmUC7GvG4fZ0VZqZ/Q4cu5fCE6HnlG9vq68v9x9D4xZuL2myxIdUC7nWuPN1 - 1Dxpfirg9l3kt8+TqL1cORioJyIX8sxFc51X0M0kEtb2cSDIsXDNFkWJTz2umy481tOvi/OBb3/3 - pkznsBeTq/e0DGNyJMSSAblkGglTk4m9PMirnGZfTK6Yai4Smi+E0vEwGAb+nPEUac2Phgf7H63F - Y1sLDPOTIAYl8R75f1XyzPz91RqYAOINSQUVcfyt6OhyhKsLvuSi3sZ+9O6BdO9cirTCV8yIZzhR - BdbHn2I58NyVTQbtkj9F3dViR0JlYyD6SHxyFSpN/qmo1CDJ1uQOVdj6DK32+8NzMkko33HevJ38 - /TB0dXspKU8W/pRmGOwZttZJK5anJ8d3RUeiKJgmSE+LO2JTuI3SUCjMPS0FQ2TsxVZu629gWlDG - FdPQQ/DEg0F/194uuZ+iz2tBZdr24LYXx1uIGa+HJHFIwijJNQAnCjSpG1hpZDn3LiFzhFaH1AuW - LEgBlCvcpO5EYwHrhxYITRJkSUjJilFSIfATuSmRZvAY5+Du+p4JZYz4QwJNIG5xV9d1T9RUlT0h - Mx9RB+teuSgtMBCAs7mQM+dMzajGl8N1ha2ZPXt7eTg5707edPGisdC8GJ86o48V5g1gkmlMXo+m - HzhyOQ4uoicmolwlH/hoxcwVgsFNQHfduDV7/wEAAP//7Flta9swEP4rJlBoS+3YTpw0g9GFvcA+ - bJQVNug3xVYbs9gylp1uZPnve05SVMeNs9GNkg+BUpRKurue7p577vKvCpIsTboU6L09CrrF0oll - it9S+6hLxdNzKjA+obLfqzaU4uLbnOeU3g6zzyvQpcIOBAQZky65k+Z4kUzdcURJNZBhV1IJQvn7 - zvMLio/cQRJoXuewxQP7SYHmFEwFSS3xsA4ipxEn6ERzvvCQx5Iiz8ZZIxJJFwUq9Bv75MZAkidr - ROlOO1XknX/MChZX9H9+Fk6qPjjAE3KX8v75TcULSSW85BpnuD5sMtuGrspcgJ47CoZw2vTmrRsM - jEPR2wvCI4K0U4aHzc+c07NfeMxFJV4BS54yxKCLIQbDro2oyQeqEnVRkVfi0q2jvj3a3rC8S3lY - sczdB7t4mG/7gS3q0i5v7VsTe6uqWDwnQNY1UtZZxqiA9/5U7ciHRMdF+cxqT7TsCphFLQAaqeiO - DQdJMLsc+tEMNo7HkyAMR0Qu7CFo2HOM0wNPkwQ6UPF7jza4prV7YyGOhO7tr3XEe6AW6pgCGL3s - R0EYDHng80GYTEbxII7GQXwZJYnPRncBv7xKXispJ4PpSfgBP/qem7Hc1D7X1X+SXi3dB3jEDT0K - dq+oZ4s0Jpe5BWOSPIb7yKwqBXfG8t21O/KKnOxvN+6Hb3G7/T98i9sjhEO3GNCT6Abe8OMm07w2 - sy/KJwJn3Wdr+LoFvuL4+7oUBe/fAori+WPi0cgKuzaTSY8ZvhlqXRrEPULByz/6EQpewuIjFHRC - QZtcgEr1Vmu6s6EksP1ep+KKxuBm7UOhqNgCqx1SuiZzvp3MtTfspKu9YSkcz5dpKXJNd0zjX5uv - XvTHv7IU3aWSsNosDQo+A/kaXxr1N3Ivehn78YXLekGCG7rVmKWsppW2Yymq/zaY1bKsTKhCW/pV - qCGVHQWLUo1+SKO1Y9vYcMtac0F5Z71e/wYAAP//AwBy+30wwRsAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3upK2AYutjdsgVZljgp0LQIaOosM6ZIjaRie23++456 + sVOn7pYMKwI4Ennv99yj++DBqqQy81JPg8xAQ/aag8iML2kBxjdsDgX1VQmaWq6k8SHjtgBLfTan + Mgehcv8OtME7yM6h1GBA2laWVcaqYuYM3sRRFEeBhj8rMHayLuFMU2Y5A8/3uPMfx8P4Jb4YEDN8 + nVtbmjQMM5gBs5m6VQG1ghrDqQwk2BA92ZCWPExCbkwFYWdgAWvUP52MLya9eDCM8agOwXjpB89g + bJVh1EKu9LrJIcM31EiiJOlFw178chJFadJPo++DZHD4XZREkQvSObEYeG3mmUE6/RBLESWbtNuX + DAzTvHSFw9NXxBRUCJ9k3FgumSUlBwZEzchS6UXgtJmSl1o8MYpKctcuKm7oHbVUh3cclmEd1jbA + 9iqO+vHwR8P/gh8KbHtVoFcHC3Q5oWbhelVNrXtKZ1QY8L1G8RjzqnV9b84ROJrN1ydwBxhrdO97 + liOySkSJl8oKc/R2YNKPuotSq1vM6JkFb7XrctcN7MrtXh6AZJvVpeTWogHjbXw7pP5Wyxo1s0uq + HV4NL0rBMeBsJ3PsR42ywXA1GD4x3C90pstk05dB9ALDSAarZPD/emm6X2MRHcaHq/jwazhcdR77 + yaqffA2PLcDv7x/DMd6H06S7mPHVVcOB2P3r94iGPNeQI608wjrGqUTVTPlnrSYv9l0M9128fGy8 + obTm1BFGzd5e2ot9D6tmr7AiDrytALVI8w09Pn3MGvLd0m3YmNNuiOrHI1W5/GNHoW/cAZe5l1pd + wX3Lqs6a5qypyodHZy4yFDVzVYlsxE0p6LodPNcuDZism+3HBD4I8JPQEfhu2TY0s3uxr+HJpuG7 + F/0tY3GluV0/s5adejh4GsHzguZgQqdhOiMcD4RaBuYu3zLciVp2TDjw7h0YpuAoy4F292t9uCfb + eB9C46FLe07NuOTshMvFa3czgtJtFpJ1Pas7uazvNidSyTEuFnQq4ByoaXCg2yfv7OTy5+PTm5Pj + o/HpxfhmfH7++zmmgaNlMG8UmMyBnCE3S0ucX8INUVKsCc45F84osYr8yjUlZxoKHHRSGURo8Ll5 + xx0i9aKPPIqG+jb1mu8VtghrvJ2pTwYcq51zScWuULsXteWtUS0wuo4jsH25hI10Vbqh/Rc4blaY + ZyKsUd58Ez/dOp4Gui2qfqJsgYtgh6zOeOPrqN21/lPA3cIWdntT0n3CJThEMyWUPm2imYoKerlG + jtiuK4qMVNNsVZS4qkrbduFL/fu0OO/k9u9gwq2Ag5Rcv6VlnJIjpRYcyBtukaMsuQBWaSCvBc0/ + ulwxVaEYFXNlbDqMhlE44zJDGgz7yeB9bXBUlwKjvFXEgSQ9IP+oSb7Bn29r9QtcrxxxoBqOeBvk + qAIywnzwcAQsIPGhTxy2NlkcvRnj3TX+6x3GgzpU1xa2hKDgVkOgdB4iKqnrFMflyKE5RNFgbgtR + B97YuXJ2LuVCquXDKp1plVX4uR3LHOe0wKqHEyyy81mXCAMmv6hlz6o9ZSpbA8l7EpLr2FjyR0W1 + BU22JveowtZnXGu/fXVGLhiVe+Td3hfGSbzJ6kEeF2tjoTCYR1Yqjtg5SOvzukWuYgXl0nALAcIL + C2bmU0V1tk/ikf3RFmjO8ivCGjwhlZIpgCQGLFm24LLIdaYB2AwB5pPlnLM5KYBKg5e0kWgtYL7v + 5BQIZQzJEjJyxympEP9Mr0tkG5T7GwAA///sWe9r2zAQ/VdMoJBC7dlOnKSD0gW2wT6UhRZWKIOg + 2E4TGkvGP+qOLv9730my6npxN8oo+RDIByeS755Ouqd3F85jdcs6DUQX2OtbWcURoOtVzOmAWczY + FSjysCIgoWVBcFlrvhRZIt+xREYUzDCaEwOCfe9ifkLAYHxdWOoqt9imYr9oiVbKJLoyx9G2GLca + AFGi8XjjYMdzWrNZoYrBT05BIG8UIyDQCPMaIhnMSwRoJ9LGmhurv0Qy4jJByGj1+rxUVeWIiuWp + zApkYfzgpKtUnmg4mcPmXPueswLaZVHiTM3736+nVzP76sKGTpDJapykgo4yZUOfRcmaH1v94984 + KJtCfMQx/FOyeF2SxRvWA8RnBSrrOymySDa1pwYdNtzOgS4h4BohIPdCyp7dE7ukq2ukKyLGwhWl + 6w4F3SbmvEwSRjdK72/0SzEkfSiyN14/pBPOkT2kYb9FZ8GSDQeRt5gM3WCBBYzHp57vj+i2M5Pg + 4ZVpMW3wNIrgA1dQ7xmDrYuTT+aQkdFXy0qVAg7uOjlNso8ubQJQ2TD23HjgR6ejcBAGYy+cBFHk + stHSiyfn0Zm0cjSYHvlf8VHv2QnjmjZtW/2UO2VuV4iI7TvEx05aLjbrkEJmp4zlFDG8L68HiDk8 + fp7ZIyflhL9dou4/4naNu/+I2zXyviMGJ0WqiNOCral9ZrrlQ/lEZK0KRcVrNxBumP6lzARq+Rsw + Trh6Tjzq1GDUZDL50f0prfUyzbgHKnj/TT9QwXsgPlBBJxUYQQGItyrjHqnJq59d2BUF0y3qtkzp + 6gi5XR0h13SE2gNGqcX8fp0JriSPLjhL/V+E+vpPSEWiLDzWj5rs3kBwjb9RPtR2T3oJe7iM83JD + hhu+ZXmfFdNC4bgXxf/rICpjxih8oRL6IWR3pG77UVeTeg7k0gB5idZ/AVe/IMOz3W6fAAAA//8D + AFnAumD6GgAA headers: - ATL-TraceId: - - c99b362e12ede5df - Connection: - - keep-alive + Atl-Traceid: + - 0a1e411a71345a25 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:05 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 82848d02-872f-430a-aa2f-bf1fe09712bd X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '279' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 83ae7d10-9418-462e-b5f1-9c02d88a6118 - x-envoy-upstream-service-time: - - '161' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -439,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11122 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11819 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/2GkdAMaSJ22ZL08x2GqBpYdDSWWYtkQJJ+WVt//uO - pBSnTp21aQIk4pH39txzR372YF1SnnqxJ4GnICF9ySBPVYvTAlRLJXMoaEuUIKlmgqsWpEwXoGkr - mVOeQS6y1hKkwj1Ih1BKUMC1O+u1PGYsh2EYRbhQkM9wOde6VLHvpzCDRKfik+hQnVOlGOUdDtpH - G9qnJfMjnylVgd8YWMAG9S/Gg9G4fdTtomRmg/Xiz55Cp5VKqIZMyI0LLsUVKkRBFLaDXjvqj8Mo - 7h7G3aNO74/u70EUBCZG40NvSrBmHhmj0ffDIAhMnC7repGCSiQrDSIoPSaqoHneIilTmvFEk5JB - AkTMyErIRcdoJ4JfyfxHolCQVBL8JYMVXVJN5Z+K/QvPCyxSVTxxorP0eRh0w369HGOgz7cptzxT - aPQ1pmphalRNtfmKZzRX0PIaG15sjXxteZohMUosshfzCjPxSik+YXiPRK/WttjZajTYmcWdgm8j - veJMazRg+FVrm6T+tmeVmOkVlSYxxYoyZ8iQdCcbBNdSptdf9/o/Em4Nc+2sRrpkBlj8uYtzLzhE - z1FvHfUebdiW0LLkiar/P+ArfLYOn/2ar3XjrP54wFs3WnejX/NWk1M1H3u9ff1q+nv9zk0XrNjN - R6xglknIsK/v0RA5JfLKtZmTJJXSorAjYoIeosN9G/37NtzocFLTmHb8eXE7rOeFYbBkiXP3+Z7M - 8AvDV3NR5ekpU2VONzULUYxA6XfYs4aZtQuqcdK6QfbzPeSm5O1c9J01aRrEfp6IyuBkY782AsYz - L9ayMsEkEjBX03Xfm5Nht9fMyV3Ugn1whvs2ou3IYEIyvXlkvo263/u5cckKmoHyjYZqjDAU5GLV - UctsO2LOxaoZRT3PYLSTSLdJJKdTMMPEUHPnkOnK78IQ7uNh2Dd4zKkalCw5Z3xhr+JTKM3NzJOG - QJZWK7t3K+GCD/BiptMchkCVI6Wsv7zL86tXZxeT87OTwcVoMBkMh2+HmB82kEJA8MB4DuQSpybX - xPglTBHB8w3BjmS5MUq0IH8xScmlhAK7llQK+dWxPbqbxREaDL6wIOgtZrG307IIecY4zbGYWI1t - j5m9XVn9rqjhtSTPMbpmEmBdMw63p6vS9OwP8Ni9FB5JPad8e1t9e7n/HBu3dHtBkwU+pBrKNcad - r5P6SfNLATfvIr95nkTN5crBUD0RuZAXLpppXkE7kziwto8DQU6FK7YoSnzqcV1X4aGafgvOB779 - PRgzncNBTG7e0zKMyYkQCwbkmmkcmJqM7OVBXuY0+2JyxVRzkdB8LpSO+0E/8GeMpzjE/Kh/dPjR - Wjy1WGCYnwQxLIkPyP+rkqfm72/WwAiQbzhUUBHb34pOrge4uuILLlbb2E/e3ZMeXEqRVviKGfAM - O6pAfPwxwoHnbmwyaJe8Fqu2FnsSKmsD0Ufik5tQafJPRaUGSbYm96jC1mdotd8fX5JRQvme8+bt - 5B+GocPthaQ8mftjmmGwF1haJ61Ynp6d3hWdiKJgmuB4mt8RG+A2SkOhMPe0FAyZcRBbucXf0LSg - jCumoYPkiXu97r69fXI/RZ9TQWXa1OC2FqdbihmvxyRxTMIoyRSAEwWarGpaaZxy7l1CZkitFlnN - WTInBVCucJO6E7UFxA8tEJokOCUhJUtGSYXET+SmxDGDxzgHd9d3TChD5B8O0ATihner1aojVlSV - HSEzH1kH6045Ly0xkICTmZAT50xNqMaXw7TC0kyevr0+Hl22R2/aeNFYal4Nz53Rh4B5A5hkGpNX - g/EHjrMcGxfZExNRLpMPfLBk5grB4Eag267d6r3/AAAA///sWdtq20AQ/RVhCCQhkiXZku1CSU0v - 0IeW0EALeVtLm1hUN7SS0+L633tmd7VxFMstaQl+MISw9l5mdnbmzJnxvwqIsyTuE6Dm9gjoP5ZW - rBL8F8pGfSKerpOO8QmZ/U6WoeQX35Y8p/C2mHneAlUq9IBDkDLJiltJjhfJ5B6rqCgHMswKSkFI - f995fkH+kVsIAsXrLJbes5/kaFbJpJM0Ag9rwXO2/ASVaM5TB3EsyPOMn215IskiR4V8rZ9oFaTz - RAMv3amn9Lzzj1nJopru+bmwEvnBAp6QuaT1z69rXgpK4RVXOMPVYh3ZxnVl5AL07NAbw2jz67e2 - N9IGRW1fEB4RpJ0yPGx+Zp2e/cJjpnXxCljylCF6fQzRG/dNBNt8oK6QFyVVJS7dWeqapd0Jw7uk - hSXL3L2wj4e5ph7oTszaCcQri5aEuTvKkm4eFE2WMUrggz9lO7Ih0fGiema2J1p2Ccwiwo9CKrhl - 41HsLaZjN1jgApPJzPP9kMiFWQQJe5ZxeuB5HEMGMv7gQQdbl3ZvDMTRoXvra+XxDqiFXCYBRg2H - ged7Y+65fOTHszAaRcHEi6ZBHLssvPX49DJ+LU85Gc1P/A/4U/vsjOU699m2+ko4jbDvYRHbd8jZ - nbJZpElEJrNLxgRZDPsRWXUC7ozhuys7dMqc9O8W7oevcbf8P3yNuy2EQ9cY0BOrAl7z422meaV7 - XxRPBM6qqlbwdQN8xfL3TVWUfHgDKIqWD4FHLSvMmkgmObr5pql1pRH3CAUv/+hHKHgJjY9Q0AsF - XeYBKjVYb2hPyzSg+50KxTW1wfXYhcCiZilGO07p68y5pjPXnTCdru6EoXA8XyVVkSsupAv/Rv/0 - oj7+jaarov5v7U91ljkTglAOfi1kc6htwcK1lMbrdqhR99ny5Y9Uw/bci0HGfnzhoknp4K27yrZO - Vc9rdW/qLVPrh25uvn+82X+0W2+Q2m42m98AAAD//wMAKV05X8EbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3upK2AYutjdsgVZljgp0LQIaOosM6ZIjaRie23++456 + sVOn7pYMKwI4Eo/3/tyj++DBqqQy81JPg8xAQ/aag8iML2kBxjdsDgX1VQmaWq6k8SHjtgBLfTan + Mgehcv8OtEEZZOdQajAgbXuXVcaqYuYM3sRRFEeBhj8rMHayLuFMU2Y5A8/3uPMfx8P4Jb4YEDN8 + nVtbmjQMM5gBs5m6VQG1ghrDqQwk2BA92ZCWPExCbkwFYWdgAWvUP52MLya9eDCM8agOwXjpB89g + bJVh1EKu9LrJIcM31EiiJOlFw178chJFadJPo++DZHD4XZREkQvSObEYeG3mmUE6/RBLESWbtNuX + DAzTvHSFw9NXxBRUCJ9k3FgumSUlBwZEzchS6UXgtJmSl1o8MYpKctcuKm7oHbVUh3cclmEd1jbA + VhRH/Xj4o+F/wQ8Ftr0q0KuDBbqcULNwvaqm1j2lMyoM+F6jeIx51bq+N+cIHM3m6xO4A4w1uvc9 + yxFZJaLES2WFOXo7MOlHnaDU6hYzembBW+263HUDu3K7lwcg2WZ1Kbm1aMB4G98Oqb/Vd42a2SXV + Dq+GF6XgGHC2kzn2o0bZYLgaDJ8Y7hc602Wy6csgeoFhJINVMvh/vTTdr7GIDuPDVXz4NRyuOo/9 + ZNVPvobHFuD394/hGO/DadIJZnx11XAgdv/6PaIhzzXkSCuPsI5xKlE1U/5Zq8mLfYLhPsHLx8Yb + SmtOHWHU7O2lvdj3sGr2CiviwNteoBZpvqHHp49ZQ75bug0bc9oNUf14pCqXf+wo9I074DL3Uqsr + uG9Z1VnTnDVV+fDozEWGV81cVSIbcVMKum4Hz7VLAybrZvsxgQ8C/CR0BL5btg3N7Ar2NTzZNHxX + 0N8yFlea2/Uza9mph4OnETwvaA4mdBqmM8LxQKhlYO7yLcOdqGXHhAPv3oFhCo6yHGh3v9aHe7KN + 9yE0Hrq059SMS85OuFy8dpIRlG6zkKzrWd3JZS3bnEglx7hY0KmAc6CmwYFun7yzk8ufj09vTo6P + xqcX45vx+fnv55gGjpbBvPHCZA7kDLlZWuL8Em6IkmJNcM65cEaJVeRXrik501DgoJPKIEKDz807 + 7hCpF33kUTTUt6m3M8xY2ZxLKrBnWPTtkDnZ7lm7F7XlrVEtMLqOI7B9uYTN7ap0Q/svcNysMM9E + WKO8+SZ+unU8DXRbVP1E2QIXwQ5ZnfHG11G7a/2ngLuFLez2pqT7hEtwiGZKKH3aRDMVFfRyjRyx + XVcUGamm2aoocVWVtu3Cl3r6aXHeye3fwYRbAQcpuX5LyzglR0otOJA33CJHWXIBrNJAXguaf3S5 + YqpCMSrmyth0GA2jcMZlhjQY9pPB+9rgqC4FRnmriANJekD+UZN8gz/f1uoXuF454kA1HPE2yFEF + ZIT54OEIWEDiQ584bG2yOHozRtk1/usdxoM6VNcWtoSg4FZDoHQeIiqp6xTH5cihOcSrwdwWog68 + sXPl7FzKhVTLh1U60yqr8HM7ljnOaYFVDydYZOezLhEGTH5Ry55Ve8pUtgaS9yQk17Gx5I+Kagua + bE3uUYWtz7jWfvvqjFwwKvfcd3tfGCfxJqsHeVysjYXCYB5ZqThi5yCtz+sWuYoVlEvDLQQILyyY + mU8V1dm+G4/sj7ZAc5ZfEdbgCamUTAEkMWDJsgWXRa4zDcBmCDCfLOeczUkBVBoU0uZGawHzfSen + QChjSJaQkTtOSYX4Z3pdItvgvb8BAAD//+xZXWvbQBD8K8IQcCBSJdmynUJIDW2hD6EmgQZCwZwl + ORax7oQ+opTU/z2zd+eLolppCSX4weAH2Trtzq1uZ2fXnMeqyjoNRBd417eyiyNA16uY0wGzmLEr + 0ORhR0BC24LgshK+FHkqn7FEThTMcLcgBgT73sX8hIDBeFJaqpRbbF2zX7RFK2MSXVXgaFuMWw2A + aNF4vHbwxgvas9mhisFPTkEgbxQjINAIiy1EMlhUCNBOpI09N3Z/iWREMUHIaPf6vNR17YiaFZnM + CmRh/OBkq0yeaDiZw+Zc+56zEtplUeFMzfvfr6dXM/vqwoZOkMlqnGSCjjJlQ59FacKPrf7xbxyU + dSk+4hj+KVm8LsniDZt1qERnfSdFFsmm9tKgw4bbeaNLCLhGCMh3IWXP7oVd0tU10hURY+GK0nWH + gm4Tc1GlKaOK0vsb/VIMSR+K/I3lh3TCObKHNOy36CxYsuEg8haToRsssIHx+NTz/RFVO7MIHl5Z + FtMLnkYRfKAE9Z4x2Lo5+WQOGRl9ta1UKeCg1sllkn10axOAyoax58YDPzodhYMwGHvhJIgil42W + Xjw5j86klaPB9Mj/io96zk4Z17Rp2+qnwqkKu0ZEbN8hPnayarFOQgqZnTFWUMTwvCwPEHO4/Dyz + R07GCX+7Rd1/xO0ed/8Rt3vkfUcMTopUE6cFW1P7zPTIh/KJyFo1iorXbiDcsPxLlQv08jdgnHD1 + nHg0qcFdk8nkR8+ntNbLNeMeqOD9X/qBCt4D8YEKOqnACApAvFUZ90hDXn3twq4omR5Rt2VK10TI + 7ZoIuWYi1L5hlFrM75NccCV5dMNZ6f8i1Nd/QipSZeFxe6nJ7g0E1/gb5cPW7kkvZQ+XcVGtyXDD + t2zv83JaKhz3ovx/E0RlzBiFL3RCP4ScjmzHfjTVpJkDuTRAXqL1X8DVD8jwbDabJwAAAP//AwDv + xmoe+hoAAA== headers: - ATL-TraceId: - - 806bc8b8dda9f3a7 - Connection: - - keep-alive + Atl-Traceid: + - 01d04bd7d49927c3 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:39 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 07551ad2-d59f-4b15-a168-eca0aca5686c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - fd33230c-85ad-4172-aaf6-e113ea5cc09b - x-envoy-upstream-service-time: - - '170' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -536,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ+pGSm+hBRVah3ZOIJOkUK2lTmlRYlv3vJrj4cRveeZ55 - mRPRyuNhtUSS9xAWL3e7Hgc0oXcfjqpglfejmumMgWTkE1c/ujnCDIBRoJC3++vn9u6p+93ut0nH - iciXBGWQwWtGelysO044h+64YDxwY93WR0lvo+2/FSKTUIlLeKtCAjlwlkOZc9GxUgKTRUkB4Ao4 - QPQ9rrG3G6d/bNMxLgshS6BV0/ywZrqfBxdBwRtRV4NWpsBCYQ1mqEWte60EDAZAlaUQGos/BcGm - hodxVSS9M6jNhkdnVIpPxF4mgvPboSXn8xcAAAD//wMA8TMh/loBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbPTtE26uYkeVGQVtnsSkbRJsJImpUmFZdn/boqLH7fhneeZ + lzlBJ4M+zBYEvMc4BbHZKG10H5X/8ERGK0MYpCNOR8jgU89h8C7BBWJBkGC+310/7++e2t/tbhm7 + NIF4WaEMM3zNQOnJ+uOoXWyPk04HbqxfVJK6ZbDqWwGRBIr1JbyVcQUpUppjkxe8xUYgF7QmiHiV + SEx+0HPqbYfxH7ttEQUtBTLSFNsfth/vnfEJZFXBTWmMKXlDKcOyQaxqSVnRS1Ss57zSWLK/BdGu + DQ/DLGF9x8jFxkffyzU+gb1MoN3bYQ/n8xcAAAD//wMAcpcXp1oBAAA= headers: - ATL-TraceId: - - 8154f4100c89479a - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Wed, 28 Apr 2021 10:37:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.15.8.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 8cf8c8f4ec3127db + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5a82e54c-27bb-457f-ae88-15624bcc8c0b - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.25.1 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - bd283ef5763e8a61 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:06 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ca9f2cc0-060f-42b0-bd14-de42e3ad5e6d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '119' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - c7e54054-cf43-41f6-864d-e65a580d7265 - x-envoy-upstream-service-time: - - '73' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -713,93 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/jMBD+K1EOnCpCS8WiShVCy66EdoWQKFxWHEwyoaaOHfxo00X89/UkTuxC - lw3lsgd6qWcyj28envFTDFVJeBZP4lKKB0i1igf+OPn15AWoUgb0ugQUUcByy5trXapJkmSQW4VM - PIh9ohlRihK+z0EnEpROSEmTUeKsJsMD+7MmKBptiQWsLXUx+3Y1sxQnBVjymlOtrQF0SJZEE3kt - mUX1FI+Pq/FxH/8KUiOh9d0YOSlpNq0d7zWMcyTHB1+sm9G4Go13Nqzob5iqgjC2p9z/G76GR9Xw - 6GO+qtaZO7zh7XBUHY4+5q2AjJrCenOHv3p7HoTdgl20Q790FuqOGYUdg0QGKpW01FRwyz2N6gQM - oowqTXmqo5JCCpHIo5WQi33UTgW3/dMHhUvBksJqS/xBsIfDY0fOLNBpB9n38IyohaUM15JwxYiG - 7GLjizJ3Gk+TnDAFA3/fcgosw9Z3B9v2yhQFkWs8Sng0VIIV1NJYNZXOoSD4pfY/iZWWlN+jg7XS - UCDHaT934K4cp71/rcQgnhN1BjkxTN8QZqBDJ0qQBHOOZbVV1fFtWOxeyMIsdeA808M7R16Eme0Q - hrq9MN7a0cGYWEFWC31247aea23Ek9rIM9Y0FUUpOHBcA2FRncqrqhIpCXYOtfW0Kl4/rHJg1Jf5 - q2e2ZQ7ketY5JlmGngD9SSjEEuIttcfIiNYknRcIbafIAv0gtIDrQzsNRZvQNrT7hdZes40m64P8 - 9QwITXiYZwG3xRlKvheo2x29pkErG4BsWR7gZSfUgPNK7wD2uht2mgQfe8c4bbygP5qZK3K9IrIe - hrQoGbXj3pf089mzzdf/+uypB2c9dhnlix0HZ6D/cj82XH8tfloasqjek354bhggRgscsAw09Nw3 - L7deUtJ0AfLE5kfaseXuoo16T83F6src4Va5JPhtipc8ZKuG41RroLbtp9zYqj0akOtp7zuMAx7z - m9PqBqRq2LskeNloh9kNbfr0fqdV5IR9dkPRvtCbrdRsqH/sJluGew7QLzKjQIZhdNrBBmpZ3f7x - jK43/gAAAP//vJfNbsMgDMdfZcq9sKzpZdLU06QdukeoJlohwtQ2VUj3cci7z8ZAk5JNaYl2dcD+ - EYz/9k25gcE5eRObnYQHJOptuXQP6MnWwGvv+Cwguqp1c9Hp/vYbwuqehjhbV0TCMq8iwRDhkVoN - 0MX3dqOKUGyeY2aObwb1XihpOO4w3okGQ6lVCd6Z+UC9dyd+ISNGsCIFPyMN1va908DGpB7zIRlz - Pg0m1fs+6Ku1edR5MmoxDSpkZJ9zVX16yCIZcjEZZJSiK2vzqIusXWOf232Jaej/mQpQarYn01R7 - O7G/QY+QF+MqmDhgEaLNmR1/2PH7SxumaikPZXWEOsTedS0eVTmToMcz1PewhSY3iHYuds+w6A77 - gyzMVBHaQNn7syrvxEZSIzriRBeiG48izlunmyGD53Xf02QqZ/ecHHFzUnC1zfJKSRqaK1vs9Nbt - DwAAAP//AwBBtKXIPhUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 575a93048de89236 - Connection: - - keep-alive + Atl-Traceid: + - b392f06a3569d629 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:40 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ac8b5eeb-908d-4d2f-bb9e-3d695c4d7286 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '191' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 3d3a4cb5-79c3-4494-ba65-2a33a7163507 - x-envoy-upstream-service-time: - - '88' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/2898]\n\n*Defect Dojo link:* http://localhost:8080/finding/2898 - (2898)\n\n*Severity:* Low\n\n*CWE:* Unknown\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/711]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com:443\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA - cookie has been set without the secure flag, which means that the cookie can - be accessed via unencrypted connections.\n\nReference: http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\nURL: - https://mainsite.com/dashboard\nMethod: GET\nParameter: opvc\nEvidence: Set-Cookie: - opvc\n\nURL: https://mainsite.com/dashboard\nMethod: GET\nParameter: dmid\nEvidence: - Set-Cookie: dmid\n\nURL: https://mainsite.com\nMethod: GET\nParameter: sitevisitscookie\nEvidence: - Set-Cookie: sitevisitscookie\n\n\n*Mitigation*:\nWhenever a cookie contains - sensitive information or is a session token, then it should always be passed - using an encrypted channel. Ensure that the secure flag is set for cookies containing - such sensitive information.\n\n*Impact*:\nNo impact provided\n\n*Steps to reproduce*:\nNone\n\n*References*:\nCWE-614\nWASC-13\n\n\n*Reporter:* + Flag|http://localhost:8080/finding/325]\n\n*Defect Dojo link:* http://localhost:8080/finding/325 + (325)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -812,53 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1671' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11123","key":"NTEST-934","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11123"}' + string: '{"id":"11820","key":"NTEST-1482","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11820"}' headers: - ATL-TraceId: - - b312d762f1d55ebe - Connection: - - keep-alive + Atl-Traceid: + - 3d27bb03c822a788 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:07 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b38ea655-3218-4d2d-bf4f-99d0a4d08d2f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '474' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - abcbbcd7-ebc0-4bd0-87c3-c67aac277646 - x-envoy-upstream-service-time: - - '426' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -868,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-934 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1482 response: body: string: !!binary | - H4sIAAAAAAAAA6RWbW/bNhD+K4Q+FF1mWy/WGldAMaSO22ZL08x2GqBpYdDSWWYtkQJJWfba/Pcd - KSlOkzpr0wRIxCN5r889xy8ObArKEydyJPAEJCSvGGSJ6nCag+qoeAk57YgCJNVMcNWBhOkcNO3E - S8pTyETaWYNUuAfJGAoJCriuzzodhxnNvu8HfVwoyBa4XGpdqMh1E1hArBPxWfSozqhSjPIeB+2i - Du3SgrmBy5QqwW0VrGCL98+mo8m0+7wfomRhnXWiL45Co6WKqYZUyG3tXIIrvBB4gd/1wm4wmPpB - 1D+MQr8XBn/87gWeZ3w0NvS2AKvmkT6a+67veV5wE3WzSEDFkhUmIyg9IiqnWdYhCVOa8ViTgkEM - RCxIJeSqZ27Hgl/I7Ee8UBCXEtw1g4quqabyT8X+hRc5FqnMn9Sik+SF7/X9QbOcoqMvdiF3HFNo - tDWlamVqVM61+YoWNFPQcVodTmSVXHcczRAYBRbZiXiJkTiFFJ/RvUdmr7ltc2er0ebOLG4VfOfp - BWdaowKDr+a2Cepve1aJha6oNIEplhcZQ4Qkd6LB5FrIhINNOPgRd5s0N8aaTBfMJBZ/buc59A7R - chBugvDRim0JLUqeqOb/A7b8Zxv/2a/Z2rTGmo8HrPWDTT/4NWsNOFX7sdfa9bXp7837ml2wYlef - sIJpKiHFvr4HQ8SUyMq6zWpJXCotcksRM7QQHO7bGNzXUVNHLTWNaenPibo+LqlGVqxJ5+fxXjPa - DYe5tTZpwGw/h6I0MfmGly6NgPHUibQs4bqhKqNMsriO9Ms9mXEMj6qlKLPkmKkio9umAVCMXun3 - SBemKZpkSMBYTdd9jyf9ftjy5N2sefvS6e/bCPZt9HdcwoRkevvI5LbXXTMbfoJHWU5TUK65oVol - DAWZqHpqne6451RULUeFjk3nHAyZGGjeCcp05Xej9ffh0B+YsJdUjQoWnzK+sqP4GAozmXncVtHW - trJ7NxIu+AgHM51nMAaqamTI5ss5P714fXI2Oz0Zjs4mo9loPH43xjCwgRTGjQemSyDnyJpcE2OX - MEUEz7YEO5JlRinRgvzFJCXnEnLsWlIqxGzP9ujdKJ6jQu8r87xwxSOnHhhYIszxrqW+aWPMdso4 - ze4eat4VTXotzjP0rmUCLF/K4eZ0WZie/QEc1y+FRyKsvnwzrb4d7j8Huh2qXtJ4hQ+pFlmt8trW - sHnS/JLD7bvIbZ8nQTtcORhExyIT8qz2Zp6V0E0lssbucSDIsaiLLfICn3pcN1V4qH7fJucj3/0e - TJnO4CAiVx9oEURkKMSKAblkGllLk4kdHuRVRtOvJlYMNRMxzZZC6WjgDTx3wXiCxOgGg+eDT1bj - sc0FuvlZEIOS6ID8/1Xy1Pz9zSqYAOINuQMvYpdb0fByhKsLvuKi2vk+fH9PenAuRVLiK2bEU+yo - HPPjTjEdeO7KBoN6yRtRdbXYE1DRKAg+EZdc+UqTf0oqNUiyU7nnKuxs+vb2h6NzMokp33PevJ3c - Q9+v8/ZSUh4v3SlN0dkzLG0tLVmWnBzfFg1FnjNNkJ6Wt8QmcVulIVcYe1IIhsg4iKzc5t/ANKeM - K6ahh+CJwrC/b2+f3E3Q5lxQmbQ1uKnF8Q5ixuoRiWskoZdkDsCJAk2qBlYaWa5+l5AFQqtDqiWL - lyQHyhVu0vpEowHzhxoIjWNkSUjImlFSIvBjuS2QZvAY51AP3J5xZYz4QwKNIWpxV1VVT1RUFT0h - UxdRB5tesSwsMBCAs4WQs9qYmlGN43teYmlmT99dHk3Ou5O3XRyMFpoX49Na6UOJeQsYZBKR16Pp - R45cjo2L6ImIKNbxRz5aMzNC0LkJ6G7dbs3efwAAAP//7Flta9swEP4rJlBoS+1YTpyXwejCXmAf - NsoKG/SbYquNmd+w7HSjy3/fc5Kipk6cjW6UfAiUokTy3fl099xzl39VEGdJ3KVA7+1R0C2WTiwT - /JfaR10qts+pwPiEAn6n2lCKi28LkVN6O9xeb4EuFXYgIMiYZCmcJMeNZOoZp6ioBnLsSipBKH/f - RX5B8ZE7SAJNrhye3vOfFGhOyVWQNBIX6yByNuIEnWguUg95LCnybJxtRCLpokCFfmOfXBtI8mSD - KN1pp4q8849ZyaOa3vNz4STqgwM8IXcp759f16KUVMIroXFG6MMms23oqswF6LkjNoTTZtdvXTYw - DkVvXxAeEaSdclxsfuacnv3CZaZ18QpYss0QWRdDZMP1BpWPukL5UyyXeGv7aNghw+/csLxLeViR - yd0Hu3iYb/uB9sbU8pe65tGCMHdHW9Kug7LJMk4FvPenakc+JDpeVM+s9kTLLoFZ1ESgkQpv+XAQ - s/lk6IdzvMB4PGVBMCJyYQ9Bw55jgi54FsfQgYrfe7TBNa3dGwtxJHRvf60j3gO1UMcUwOhlP2QB - Gwrmi0EQT0fRIArHLJqEcezz0S0Tk8v4tZJyMpidBB/wp59zM56b2ue6+ivpNdK9h0fcwKNg98pm - niYRucwtOZfkMTyPzKoTcGcs3125I6/Myf524374Frfb/8O3uD1COHSLgUmx7qINP95kmldm9kX5 - ROCsO3WNazfAVxx/31RFKfo3gKJo8Zh4NLLCrs1k0mOGb4ZaVwZxj1Dw8pd+hIKXsPgIBZ1QYAkF - TLzTGfdA026z9iG3qHmK1TZn8sG7eg+r3vZG12TO75rM+XYy196wFE7ky6Qqcs2FTOPfmJ9e9Me/ - egV0l0rCw3ppUPAZyLfxo1F/Lfeil/EfX4RsUhK8oVuNWap6Vms7lkX930a7WpaVCVVoS78Waki1 - nsfSbJlGP6TR2vHU2OCJteYB5Z3VavUbAAD//wMAWv8RdsEbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZltvdhNXAHD0MXu1i3IssRpgaZFQFNniTVFaiQV22v733ek + JLt16m7JsCGAI/F47889uvcBrCsqsyANNMgMNGTPOYjM9CQtwfQMK6CkPVWBppYraXqQcVuCpT1W + UJmDUHnvDrRBGWSXUGkwIG17l9XGqnLhDN7GURRHAw1/1GDsbFPBhabMcgZBL+DOfxyPkwhfDIgF + vhbWViYNwwwWwGym3qkBtYIaw6kcSLAherIhrXiYhNyYGsLOwBI2qH8+m17N+vFonOCRD8EE6fvA + YGy1YdRCrvSmySHDN9RIoiTpR+N+/HQWRWkyTKOTwfGTk++iJHJmvROLgXszjwzS6YdYishF1aTd + vmRgmOaVKxyePiOmpEL0SMaN5ZJZUnFgQNSCrJReDpw2U/JaiwdGUUvu2kXFLb2jlurwjsMq9GHt + AmxFcTSMxz8Y/id8X2Lb6xK9Oligyxk1S9erem7dU7qgwkAvaBRfYF5etxcUHIGjWbE5gzvAWKOP + vcByRFaFKAlSWWOOwR5MhtEhQdwJKq3eYaqP7ESr7fvgO9v1YQ89u3SvJbcWDZhg69tB+Fd/16iF + XVHtgGx4WQmOAWd7JcFGefiNxuvR+IHhfqVlXSbbho2iEwwjGa2T0X/rpYGFByk6jI/X8fH/4XDd + eRwm62Hyf3hskf/x4304Jh0cF3z9suFAbPLNW2x6nmvIkVbuYR3DUaJupvyLIE9ODgnGhwRP7xtv + KK05dYTh2TtI+3HLY64qmrMmjvf3zhxWMWFTqFpkE24qQTctovF4RS1+Fho6ffj0NWS9o+ewMafd + bPnHU1W7evlQX7kDLvMgtbp2vtGofYltcxPWVkMDJutG+EsEPhxHHYHvl+0QzSRbmtkXbBu+Lxju + iIkrze3mkbXp1MPRwwielzQHEzoN0xnheCDUamDu8h2RnalVR3ijwJdzDo6ZHGj3v9bHB7KNDyE0 + Hru0C2qmFWdnXC6fO8kEKrdZSNYhyONq5WXbE6nkFBcLOhdwCdQ0qNTtU3Bxdv3Ti/Pbsxen0/Or + 6e308vK3S0wDR8tg3nhhVgC5QAqWlji/hBuipNgQHGcunFFiFfmFa0ouNJQ4z6Q2iLjBl8Y6xnEK + og88isZap0HzvcIWYY13M/XZgGO1cy6p2L/U7kVteT3uBUbXcQS2L5ewvV1Xbmj/AY6bFeaRCGuU + t5++z7eOh4Fuh6ofKVviItghqzPe+Dptd61/FXC3sIXd3pR0X2oJDtFMCaXPm2jmooZ+rpGxduuK + IhPVNFuVFa6q0rZd+Fr/Pi/OG7n7O5pxK+AoJTevaZWk5FSpJQfyiltkTEuugNUayHNB8w8uV0xV + KEZFoYxNx9E4ChdcZkhr4TB58tYbnPhSYJTvFHEgSY/I32qSb/DnW69+heuVIw5UwxFvg5zUQCaY + Dx5OgA1IfNwjDlvbLE5fTVF2g//6x/HIh+rawlYwKLnVMFA6DxGV1HWK4w7k0Bzi1UFhS+EDb+y8 + dHau5VKq1adVutAqq/GrOpU5zmmJVQ9nWGTn05cIAyY/q1XfqgNlqloDyVsSkpvYWPJ7TbUFTXYm + D6jCzmfstV8/uyBXjMoD9916F8ZJvM3qkzyuNsZCaTCPrFIcsXOU+nPfIlexknJpuIUBwgsLZoq5 + ojo7dOOe/ckOaM7yM8IaPCGVkjmAJAYsWbXgssh1pgHYAgHWI6uCs4KUQKVBIW1utBYw3zdyDoQy + hmQJGbnjlNSIf6Y3FbIN3vsLAAD//+xZ72vbMBD9V0ygkELt2U6cpIPSBbbBPpSFFlYog6DYThMa + S8Y/6o4u/3vfSbLqenE3yij5EMgHJ5JO7866p3cXzmN15zsNRBd417eyiiNA16uY0wGzmLErUOTB + IyAht6CrrDVfiiyRayyREQUzjObEgGDfu5ifEDAYXxeWEhYW21TsF7lopUyiK3McbYtxqwEQJRqP + Nw7eeE4+Gw9VDH5yCgLtRjECAo0wryGSwbxEgHYibfjc8P4SyYjLBCEj7/V5qarKERXLU5kVyML4 + wUlXqTzR2GQOm3O995wVUFKLEmdq3v9+Pb2a2VcXNnSCTFazSSroKFM29FmUrPmx1T/+jYOyKcRH + HMM/JYvXJVm8YT1AfFagsr6ToolEXHtq0GHD7RzoEgKuEQLyXUjZs3uika4IDAtXlJU7hHKbf9tW + jM7NyyRhdKP0/ka/FEPShyJ74/VDOuEc2UOa9Ft0FizZcBB5i8nQDRbANB6fer4/otvOTMIOr0yL + 6QVPowh74ArqPWOwdQ3yyRwyMvpq9ahSwMFdJ6dJ9tEVTAAqG8aeGw/86HQUDsJg7IWTIIpcNlp6 + 8eQ8OpNWjgbTI/8rPmqdnTCuadO21U+5U+Z2hYjYvkN87KTlYrMOKWR2ylhOEcN6eT1AzOHx88we + OSkn/O1KdP8Rt0vZ/UfcLoX3HTE4KVIlpRZsTe0z050dyicia1X4KV67gXDD9C9lJlCy34BxwtVz + 4lFDBqMmk2kf3Z/SWi/TjHuggvd/6QcqeA/EByropAKjNADxVmXcI/Vy9bMLu6JgukXdVh5dHSG3 + qyPkmo5Qe8AotZjfrzPBlRbSBWep/4tQX/8F6b0o/l8nThkzRrETKpAfQnYl6uYfjpCC/Fg/anZ9 + MwD5v82H2u5JL2EPl3Febshww1nZT8iKaaEcp64m9RzIdfP7y8X+i9V6gUS73W6fAAAA//8DAGtg + hBr6GgAA headers: - ATL-TraceId: - - e2ae0f7b0e65acaa - Connection: - - keep-alive + Atl-Traceid: + - 4891826e246d55c4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f78418d9-6d18-4830-a527-d455267f05ba X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '266' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 5b7b1a84-9872-4b67-b89b-2880c6784951 - x-envoy-upstream-service-time: - - '114' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -965,89 +780,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.25.1 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11123 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11820 response: body: string: !!binary | - H4sIAAAAAAAAA6RWa2/bNhT9K4Q+DF1mWw9rjSugGNLE7bKlaWY7DdC0MGjpWmYtkQJJ+bG2/32X - pBSnSZ21aQIk4iXv+9xDfvJgU1GeeYkngWcgIXvJoMhUh9MSVEelCyhpR1QgqWaCqw5kTJegaSdd - UJ5DIfLOCqTCPchGUElQwLU763U8ZiyHYRj1caGgmONyoXWlEt/PYA6pzsRH0aO6oEoxynsctI82 - tE8r5kc+U6oGvzWwhC3qn0+G40n3WT9GydwG6yWfPIVOa5VSDbmQWxdchitUiIIo7AZxNxpMwijp - HyZx2Iuj338LoiAwMRofeluBNfPIGI2+HwZBEN1k3SwyUKlklakISo+IKmlRdEjGlGY81aRikAIR - c7IWctkz2qngl7L4nigUpLUEf8VgTVdUU/mHYv/C8xKbVJe/ONFp9jwM+uGgWU4w0Oe7lDueaTT6 - mlC1ND2qZ9p8JXNaKOh4rQ0vsUa+dDzNEBgVNtlLeI2ZeJUUHzG8R1av0ba1s91oa2cWtxq+i/SS - M63RgMFXo22S+tueVWKu11SaxBQrq4IhQrI72WBxLWTiwSYefE+4TZkbZ02lK2YKiz+36xwHh+g5 - ijdR/GjDtoUWJb+o5v8DvsKnm/Dpz/natM6ajwe89aNNP/o5bw04Vfux19uXL2a+N28du2DHrj9g - B/NcQo5zfQ+GiClR1G7MnCStlRalpYgpeogO920M7ttw1OGkZjAt/XlJN8Ql1ciKjnR+HO+O0W44 - zHfWpAGz/TwWtckpNLx0ZQSM516iZQ1YDrSp3+KwG0i72Kw5Y16y1OX+6Z7MhIrKaiHqIjthqiro - thkJFKcSMFczdd/iybAftzx5t2rBvnKG+zaifRv9HZcwIZnePrK4rbpv7oYf4FFW0hyUbzRUa4Sh - oBDrnlrlO+45E+uWo2LPNmQGhkwMNO8kZabym9mG+3AYDkzaC6qGFUvPGF/aq/gEKnMz87Ttme3k - 2u7dSLjgQ7yY6ayAEVDlcCCbL+/i7PLV6fn07PR4eD4eToej0ZsRpoEDpDBvPDBZALlA1uSaGL+E - KSJ4sSU4kawwRokW5C8mKbmQUOLUklohZnt2Ru9m8QwNBp9ZEMRLnnjuwsAWYY13I/XVGGO1c8Zp - cfdQ865oymtRXWB0LRNg+3ION6fryszsd+DYvRQeiTCnfHNbfX25/xjodqh6QdMlPqRaZLXGna/j - 5knzUwG37yK/fZ5E7eXKwSA6FYWQ5y6aWVFDN5fIEbvHgSAnwjVblBU+9bhuuvBQ/74uznu++z2Y - MF3AQUKu39EqSsixEEsG5Ipp5ChNxvbyIC8Lmn82uWKqhUhpsRBKJ4NgEPhzxjMkRj8aPBt8sBZP - bC0wzI+CGJQkB+T/VckT8/dXa2AMiDfkDlTEKbei46shri75kov1Lvbjt/ekBxdSZDW+YoY8x4kq - sT7+BMuB565tMmiX/CnWXS32JFQ1BqIPxCfXodLkn5pKDZLsTO5RhZ3P0Gq/O7og45TyPefN28k/ - DENXtxeS8nThT2iOwZ5ja520ZkV2enJbdCzKkmmC9LS4JTaF2yoNpcLcs0owRMZBYuW2/gamJWVc - MQ09BE8Sx/19e/vkfoY+Z4LKrO3BTS9OdhAzXo9I6pCEUZIZACcKNFk3sNLIcu5dQuYIrQ5ZL1i6 - ICVQrnCTuhONBawfWiA0TZElISMrRkmNwE/ltkKawWOcg7teeyaUEeIPCTSFpMXder3uiTVVVU/I - 3EfUwaZXLSoLDATgdC7k1DlTU6rxsp7V2JrpkzdXR+OL7vh1Fy9GC83L0Zkz+lBhXgMmmSXk1XDy - niOX4+AiehIiqlX6ng9XzFwhGNwYdNeNW7P3HwAAAP//7Flta9swEP4rJlBoS+1YTpyXwejCXmAf - NsoKG/SbYquNmd+w7HSjy3/fc5Kipk6cjW6UfAiEoETy3eV099xzl39VEGdJ3KVA7+1R0C2WTiwT - vEvtoy4V2+dUYHxCAb9TbSjFxbeFyCm9HW6vt0CXCjsQEGRMshROkuNGMvWMU1RUAzl2JZUglL/v - Ir+g+MgdJIGmUg5P7/lPCjSn5CpIGomLdRA5G3GCTjQXqYc8lhR5Ns42IpF0UaBCv7FPrg0kebJB - lO60U0Xe+ces5FFNv/Nz4STqgwM8IXcp759f16KUVMIroXFG6MMms23oqswF6LkjNoTTZtdvXTYw - DkVvXxAeEaSdclxsfuacnv3CZaZ18QpYss0QWRdDZMP1BpWPukL5UyyXWGr7aNghw+/csLxLeViR - yd0Hu3iYb/sBpCWPFgStO7qPdrlrS5laO5os41TAe3+qduRDouNF9cxqT7TsEphFTQQaqfCWDwcx - m0+GfjiHTePxlAXBiMiFPQQNe44JuuBZHEMHKn7v0QbXtHZvLMSR0L39tY54D9RCHVMAo5f9kAVs - KJgvBkE8HUWDKByzaBLGsc9Ht0xMLuPXSsrJYHYSfMBLP+dmPDe1z3X1V9JrpHsPj7iBR8Hulc08 - TSJymVtyLsljeB6ZVSfgzli+u3JHXpmT/e3G/fAtbrf/h29xe4Rw6BYDk2LdMxt+vMk0r8zsi/KJ - wFl36hrXboCvOP6+qYpS9G8ARdHiMfFoZIVdm8mkxwzfDLWuDOIeoeDlL/0IBS9h8REKOqHAMg2Y - eKcz7oGm3WbtQ25R8xSrbc7kg3f1Hla97Y2uyZzfNZnz7WSuvWEpnMiXSVXkmiSZxr8xf73oj3/1 - E9BdKgkP66VBwWcg38afRv213Itexn98EbJJSfCGbjVmqepZre1YFvV/G+1qWVYmVKEt/VqoIdV6 - +kqzZRr9kEZrx1NjgyfWmgeUd1ar1W8AAAD//wMAB/ann8EbAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhNXAHD0MXuli3IssRJgaZFQFNniTVFqiQV22v733fU + i904dbdkWBHAkXi89+ce3QcPViWVqZd4GmQKGtKXHERqfEkLML5hORTUVyVoarmSxoeU2wIs9VlO + ZQZCZf4daIMySC+g1GBA2vYuq4xVxdwZvI3CMAr7Gt5XYOx0XcK5psxyBp7vcec/ikZxiC8GxBxf + c2tLkwRBCnNgNlXvVJ9aQY3hVPYl2AA92YCWPIgDbkwFQWdgAWvUP5tOLqe9aDiK8agOwXjJB89g + bJVh1EKm9LrJIcU31IjDOO6Fo170fBqGSTxIwqP+4bOjH8I4dGZrJxYDr808MUinH2ApQhdVk3b7 + koJhmpeucHj6gpiCCuGTlBvLJbOk5MCAqDlZKr3oO22m5JUWj4yikty1i4pbekct1cEdh2VQh7UN + sBVF4SAa/WT4X/BjgW2vCvTqYIEup9QsXK+qmXVPyZwKA77XKJ5gXrWu7+UcgaNZvj6FO8BYw0++ + Zzkiq0SUeImsMEdvByaDcJ8g6gSlVu8w1Sd2otWu+1B3tuvDDnq26V5Jbi0aMN7Gt4Pw7/Vdo+Z2 + SbUDsuFFKTgGnO6UBBtVw284Wg1Hjwz3Ky3rMtk0bBgeYRjxcBUP/18vDSxqkKLD6HAVHX4Lh6vO + 4yBeDeJv4bFF/qdPD+EYd3Cc89V1w4HY5Ju32PQs05AhrTzAOoajRNVM+RdBHh/tE4z2CZ4/NN5Q + WnPqCKNmby/pRS2Puapozpo4Pjw4c1jFhE2uKpGOuSkFXbeIxmMsr73G0jmUty6oxQ9FQ7CPn8eG + vreEHTTmtJu2+vFYVa6CdfCv3AGXmZdYXblomAZM1o3wlwh8MAo7At8t2z6aiTc0syvYNLzUXGlu + 109MuFMPho/jcV7QDEzgNExnhOOBUMu+ucu2fHWqlh2vDb2HyI0HXSKCzsAxkwPt7tf6cE8Zon0I + jUauHjk1k5KzUy4XL51kDKXbLCTrEFTjalnLNidSyQkuFnQm4AKoaVCp2yfv/PTql5Oz29OT48nZ + 5eR2cnHxxwXmh6NlsCB4YZoDOUcKlpY4v4QboqRYExxnLpxRYhX5jWtKzjUUOM+kMoiv/pfGOsJx + 8sKPPAxHWide873C3mHxtzN1b8CxDRmXVOxeaveitrw1ygVG13EE9jWTsLldlW5o/wWOmxXmidBr + lDefvvtbx+PQuIXbz5QtcBHsINcZb3wdt7vWfwq4W9iCbm+Kuy+1BAd1poTSZ000M1FBL9PIWNt1 + RZGxapqtihJXVWnbLnytf/eL80Zu/w6m3Ao4SMjNa1rGCTlWasGBvOIWGdOSS2CVBvJS0OyjyxVT + FYpRkStjk1E4CoM5lymSWDCIn72tDY7rUmCU7xRxIEkOyD9qku/w5/ta/RLXK8coqIaz3wY5roCM + MR88HAPrk+jQJw5bmyyOX01QdoP/eofRsA7VtYUtoV9wq6GvdBYgKqnrFMcdyKE5wKv93BaiDryx + c+3sXMmFVMvPq3SuVVrhV3UiM5zTAqseTLHIzmddIgyY/KqWPav2lKlsDcRvSUBuImPJnxXVFjTZ + mtyjClufUa39+sU5uWRU7rnv1rsgiqNNVp/lcbk2FgqDeaSl4oidg6Q+r1vkKlZQLg230Ed4YcFM + PlNUp/tuPLA/3gLNWX5BWIMnpFIyA5DEgCXLFlwWuc40AJsjwHyyzDnLSQFUGhTS5kZrAfN9I2dA + KGNIlpCSO05Jhfhnel0i2+C9vwEAAP//7Fnva9swEP1XTKCQQu3ZTpykg9IFtsE+lIUWViiDoNhO + ExpLxj/qji7/e99Jsup4dTfKKPkQ6Ic0ku+ezrp37y6cx6rmOw1EF3jXt7KLI0DXq5jTBbOYsSvQ + 5OFEQELHgq6y1nwpskQ+Y4mMKJhhNScGBPvexfyEgMH4urCUsLDYpmK/6IhWyiS6MsfVthi3GgDR + ovF44+CN53Rmc0IVg5+cgkDeKEZAoBHmNUQymJcI0ItIG2dunP4SyYhigpDR6fV9qarKERXLU5kV + yML4wUlXqbzRcDKHzbn2PWcFlNSixJ2a979fT69m9tWFjbork9U4SQVdZcqGPouSNT+2+se/cVE2 + hfiIa/inZPG6JIs37FoI6gUiugIt953UTqTuWltds7W9YISADLmUPS9v7BIGbpd0dY103SmobSJG + OFm4olxWpJ2XScKoovT+Rr8UQ9KHIntj+SGdcI7sIQX6LToLlmw4iLzFZOgGCxxgPD71fH9E1c5s + godXtsX0gqdRBB8oQb1nDLbuQT6ZS0ZGX+0eVQo4qHVym2Qf3cEEoLJh7LnxwI9OR+EgDMZeOAmi + yGWjpRdPzqMzaeVoMD3yv+JPPWcnjGvatG31Ve6UuV0hIrbvEB87abnYrEMKmZ0yllPE8LwsDxBz + +Ph5Zo+clBP+die6/4jbrez+I263wvuOGNQTqZZSC7am9pnpyQ7lE5G1avMUfd1AuGH7lzITaNlv + QEXh6jnxaCCDVZPJ5EfPp7TWyzTjHqjg/V/6gQreA/GBCjqpwAgMQLxVGfdIs1z92YVdUTA9om7L + lK6JkGsmQu0FM2FpLxilFvP7dSa4UjW64Sz1bxHq339CKhJl4bH+qMnuDQTX+BnlQ233pJewh8s4 + LzdkuOFbtvdZMS0UjntR/L/5nzJmjMIXOqEfQk5H6iEkTTVp5kAuDZBdtP4OXP2ADM92u30CAAD/ + /wMA5wV0B/oaAAA= headers: - ATL-TraceId: - - bf4aaaebb7c7a44d - Connection: - - keep-alive + Atl-Traceid: + - b63bbfaafd635442 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 28 Apr 2021 10:37:41 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:08 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.15.8.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fcc41b11-004b-4311-b646-aa76eff3a888 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '244' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5fa43d1b8405b10077912260 - x-arequestid: - - 6a484024-81ea-45bf-a1af-4f2f46f8bfc4 - x-envoy-upstream-service-time: - - '154' status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml index 75197a945c6..0a4633fefdf 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml @@ -1,6 +1,6 @@ interactions: - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -10,174 +10,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPT0vEMBDFv0uudrOT1rZpbqIHFVmFdk+ySP5iJU1KkwrLst/dBBddmMPjze/N - Y05I8KD3i0UMfcY4B7bdKm20jMp/ecyj5SGM3GGnIyrQt17C6F2CCQDBgGHT7+7e+sfX4X+7WyeR - FGLvGSqggEOBlJ6tP07axeE463Tg3vpVpZBYR6t+I4jlAK0u5gOPGSyhJBuShg6kYtAyUmIAuIEE - p3zQS+odxumaLWGAmpGa1S1uoftj5fTkjE9g07WC0kZDoxsjjeTEVETcUtqZuhJSKEU5Eaa7Kog2 - NzyPC0f5HcNXG1+85Nk+IXtRSLuPfY/O5x8AAAD//wMA5BxxL1oBAAA= + H4sIAAAAAAAAA1SPS2vDMBCE/8teazsr+SFXt9Ic2lLSgp1TCUW2JOIiS8aSCyHkv1emoY/bMPvN + zu4ZOuHVfjbA4RjC5PlmI5VWfZDuw2UiGOH9IGxmVYAEPtXsB2cjTBBJhhmmze7utXl4aX+nu2Xs + ogL+tkIJJnhIQKrJuNOobGhPk4oL7o1bZAx1y2DkdwR4DFAsr+ZWhBWkSGmKdUpYizVHxmmZIeJN + JDHmvZpjbzuM/9jbFpHTnJN4ZFH+sP34aLWLYFUQpnOtdc5qSivMa4ycoBXpBcqqZ6xQmFd/C4JZ + G56GWcD6jhaLCc+uF6t9BnNVoOz7voHL5QsAAP//AwDEYVdgWgEAAA== headers: - ATL-TraceId: - - 59307311b2c5c078 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:15:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 159c8036f522fb66 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 2b4edaa0-bba3-4980-8682-821fa5b70408 - x-envoy-upstream-service-time: - - '47' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 06c5db8693fddde0 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:57 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - b1fb6428-7944-47ea-b227-153fda4e774d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '114' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e806ba1f-077d-4ba1-8d5b-ae975e0bbd4e - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -187,90 +80,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 2d02164aec15c1cc - Connection: - - keep-alive + Atl-Traceid: + - 54a37105a8e3312a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:58 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - ac112c17-477f-4ad5-a437-7e01744051ad X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '191' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e34e88ce-ace6-4e48-a3b4-29c02a4b36a3 - x-envoy-upstream-service-time: - - '98' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure - Flag|http://localhost:8080/finding/324]\n\n*Defect Dojo link:* http://localhost:8080/finding/324 - (324)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/326]\n\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/122]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -283,55 +180,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1351' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11404","key":"NTEST-1111","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11404"}' + string: '{"id":"11821","key":"NTEST-1483","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11821"}' headers: - ATL-TraceId: - - f43cf424ffd65c45 - Connection: - - keep-alive + Atl-Traceid: + - 028a6c4f834e483f + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:11 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 9cda5fde-4945-4e5f-a28e-fd4b26ecde4a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '497' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 8ca199d8-efce-410a-a0a1-3036fcf518a8 - x-envoy-upstream-service-time: - - '634' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -341,94 +242,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1111 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1483 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+DFumWC9xUk9AMbSJu2XLsixxGqBpUdDUWWJNkRpJ2fHa/Pcd - KclO3blrUweIpSPv7bnnjvT7AO5qKvMgCzTIHDTkLziI3ISSVmBCw0qoaKhq0NRyJU0IObcVWBqy - ksoChCrCBWiDa5BfQq3BgLTdXtYYq6qZM/g2ieMkHmj4uwFjJ6saLjRlljMIwoA7/0kyjIf4YkDM - 8LW0tjZZFOUwA2Zz9U4NqBXUGE7lQIKN0JONaM2jNOLGNBD1BuawQv3zyfhqsp/gB0U+BBNk7wOD - sTWGUQuF0qs2hxzfUCON0wQV9tN4Eh9myWF2OBqMkqMfMe7YBemcWAzcm3lkkE4/Qntxuk67e8nB - MM1rBxxKnxFTUSFCknNjuWSW1BwYEDUjS6XnA6fNlLzW4kuiMMAaDdGCw5IuqKX6Z8P/gacV1rKp - vmtFp/nTJD5IRt2rq9DTTcph4PiAvibUzF2Rmql1T9mMCgNh0NsIMm8kDEqOjNGsXJ3BAjDI+D4M - LEdK1UiPIJMNJhfUWr3DiB8JaKft4fQF6uF0Lw9IsAn+WnJr0YAJ1r5dnr/7vUbN7JJql6vhVS04 - kibfShDx9iwaju6Goy8Jt0O+c9aBX3OHNX4eQj+Mn6DndHiXDh9t2FfVE+c7031/xldydJccfZuv - u95Z9/AZbwfp3UH6bd46vpr+Yae3+3vX8ncv27mEFbt9gxUsCg0FtvonNEROKdG0nddKtgZX+mTX - wuhTG+00aaWuV/3gDLL9JAwwTfsSm9DxqttALU7YdjJ9fQe0c28z6aLWnHb89o/HqnFpJm563TgB - l0WQWd3AfTfQnDXNWZv8+09kLjLcakrViPyEm1rQVdcTKGYaMFnXdv81Ow+P4n52bsMW78Iz2bWQ - bmYGV5rb1SMh69Ujd1J8xQjlFS3ARE7D9EY4CoRaDsyi2MyYM7XsZ9EwcBhtJXLQJyLoFNw0cdzc - PiiPdsCQ7CJiMnJ4lNSMa87OuJz7U/wEaneoS9bXzFdy6dfWEqnkGM90OhVwCdS0PNDdU3Bxdv3L - 6fnbs9Pj8fnV+O348vLPS8wPO8ggILhhUgK5wLEpLXF+CTdESbEi2JJcOKPEKvIb15RcaKiwbUlj - kKED36TbWfyEBuMPPI6Pnugs2OpZhLzgkgosJlZj02RubVvWXUk6eD2rBUbXjwKsayFhvbupXdN+ - AY/b28Mjqdcqr4+rjw/8r2Pjhm7PKZvjHaynXG+89XXcXXO+KeD+rhT1V5a0P10lOKozJZQ+b6OZ - igb2C40zYnNhUOREtcVWVY23RGm7Knyuph+D81pu/vYm3ArYy8jtK1onGTlWas6B3HCLM8qSK396 - kBeCFh9crpiqUIyKUhmbjeJRHM24zHEMRgfp8I03eOKhwCjfKeJIku2R/9Uk3+O/H7z6FV5w3ERB - Nex9Lzq+GePbLX7tHyVDH4fDnC1hUHGrYaB0ESHlqCsDx0uJo2qEWwelrYSPqrXz0tm5lnOplr3s - Qqu8wVvPWBbYgBXCGU0QPefP546RkF/Vct+qHfnXnYH0DYnIbWIs+auh2oImG5M7VGHjM/Har55d - kCtG5Y797q4VJWnS4vxcU8nKaEILDPYcmdBKGy7y05OHomNVIUwEp1n5QOygXhkLlcHc81pxJNJe - 5uW+Xg7hinJpuIUBcm2XHIE35VRRnfc4r/E+2bDOWX5GWEsujIRMASQxYMmyY5rFwdfeVcgM2RaS - ZclZSSqg0uAibXd0FhCj13IKhDKGkxNysuCUNNgMTK9qHD24T0poj9zBOp4/kBmF/y3lwrkpQTqu - Ebq2qvCnFmaGcbj0+AIIlzOlK69DlHbTmOKqccMQB/EcZOjCQuMIcHuq/wsAAP//7FnbattAEP0V - YQg4UMmSfFWhpCa00IfQEkMLoWDW0qo2tS7oEiW4/vee2V1t7K2dllCCHwx5ULS32dGcM2fGFls3 - 7JEuaOVM2FaXiHKLpdaOeSiUUr52ECMl3VjfT3rge0ouoNPIQ7BAWVi2JtKGZQ33HLT06cafkhxV - Id1WR8Os4nlJSaTgMnT53vAt0IvsA7fSaxWHTdM4WcPKXCANsOUPTr7MBVJgyhwnz5WFc1ZB7Cxq - xOq8+/nbdPbFnt3YSNQC3eqIPCOAEMa6LEpW6aXVvfyFoFpX2VsE958KxzumcLzBsYHhbj6rUBz/ - FGKN5Jcx1dVTzYFjusHVukF8LyGfDk/UgnYv9Zr0bK4K9KqqYuGSGEJyfFknCaME1PkbW5MPSU5m - xQuzFcmKK+CLJC8qgWHUn4wnC2/s8n4YuGEw9OPAi0ekKtpJOOGZaZw+8DSKcAYyFtJX9OgkLI7r - MFy999zWk8QptOmzBaKEiYPUKKYJHpKPPeYNFm7Mg9AdRK4fxOFwxCaT8Ygvxn7Ehv2r6J3Y5aI/ - vfA/4k+usxOWKjK2bfmqdOrSbuAR23cIKk5eL9arkFxm54yV5DGsFwkH2g+P14h0J0/J+WblefoW - m/Xr6Vts1sCnbjGoJ5I1n9J318CAdaMwIJBEVC4rSklcd+BlTPxQF1nOe3dASLh8ghx1WzCqMUwn - qFaSEoWF4tozCbz+5z6TwGtYfCaBAyRgCgrIp85mS2taGQKrf0gQbqh3q55dHJhVTDWYzV2OdZNc - 3U0yB3R3xhzQso2n96siS6XEUcVqrX5CkP/+i6X3WfX/un5yM70pTkLB8jUTHQ3dqkNNJUzetI+K - cF9sgPi5pdfu+6aTsIdbXtZr2njnsqIXUVTTSl6cOqLUr6Cr6/f7i/291WqBsHa73f4GAAD//wMA - m5Cg27EaAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhwXQHD0MXu1i3IssRJgaZFQFNniTVFaiQV203733fU + i506dbdkWBHAkXi89+ce3Z0H65LK1Es8DTIFDelLDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8WtEEZpOdQajAgbXuXVcaqYuEM3kRhGIV9DX9VYOxsU8KZpsxyBp7vcec/isZxhC8GxAJf + c2tLkwRBCgtgNlXvVZ9aQY3hVPYl2AA92YCWPIgDbkwFQWdgCRvUP51NL2a9aDge4FEdgvGSO89g + bJVh1EKm9KbJIcU31IjDOO6F4170fBaGSTxIoqg/fj76IYzD0AXpnFgMvDbzxCCdfoClCONt2u1L + CoZpXrrC4ekLYgoqhE9SbiyXzJKSAwOiFmSl9LLvtJmSl1o8MopKctcuKm7oLbVUB7ccVkEd1i7A + VhSFg2j8k+Ef4McC214V6NXBAl3OqFm6XlVz656SBRUGfK9RfIV51bq+l3MEjmb55gRuAWMNP/me + 5YisElHiJbLCHL09mAzCQ4KoE5RavcdUn9iJVrvuQ93Zrg/u5R56duleSm4tGjDe1reD8O/1XaMW + dkW1A7LhRSk4BpzulQQbVcNvOF4Px48M9yst6zLZNmwYPsMw4uE6Hv6/XhpY1CBFh9FoHY2+hcN1 + 53EQrwfxt/DYIv/Tp4dwjDs4Lvj6quFAbPL1O2x6lmnIkFYeYB3DUaJqpvyLII+fHRKMDwmePzTe + UFpz6gijZm8v6UUtj7mqaM6aOO4enDmsYsImV5VIJ9yUgm5aROMxltdeYekcylsX1OKHoiHYx89j + Q987wg4ac9pNW/14rCpXwTr41+6Ay8xLrK5cNEwDJutG+EsEPgq3BL5ftkM0E29pZl+wbXipudLc + bp6YcKceDB/H47ygGZjAaZjOCMcDoVZ9c5vt+OpErTpeG3oPkRsPukQEnYNjJgfa/a/16EAZokMI + jcauHjk105KzEy6XL51kAqXbLCTrEFTjalXLtidSySkuFnQu4ByoaVCp2yfv7OTyl1enNyevjqen + F9Ob6fn5H+eYH46WwYLghVkO5AwpWFri/BJuiJJiQ3CcuXBGiVXkN64pOdNQ4DyTyiC++l8a6wjH + yQs/8jAc6w+JtzfMWPKMSyqwmdiN3ZA52f5Zuxe15a1RLjC6jiOwr5mE7e2qdEP7L3DcrDBPhF6j + vP30fb51PA6NO7j9TNkSF8EOcp3xxtdxu2v9p4C7hS3o9qa4+1JLcFBnSih92kQzFxX0Mo2MtVtX + FJmoptmqKHFVlbbtwtd6+nlx3srd39GMWwFHCbl+Q8soIcdKLTmQ19wiY1pyAazSQF4Kmn10uWKq + QjEqcmVsMg7HYbDgMkUSCwbx6F1tcFKXAqN8r4gDSXJE/lGTfIc/39fqF7heOUZBNZz9NshJBWSC + +eDhBFifRCOfOGxtszh+PUXZNf7rjaJhHaprC1tBv+BWQ1/pLEBUUtcpjjuQQ3OAV/u5LUQdeGPn + ytm5lEupVverdKZVWuFXdSoznNMCqx7MsMjOZ10iDJj8qlY9qw6UqWwNxO9IQK4jY8mfFdUWNNmZ + PKAKO59Rrf3mxRm5YFQeuO/WuyCK421W9/K42BgLhcE80lJxxM5RUp/XLXIVKyiXhlvoI7ywYCaf + K6rTQzce2J/sgOYsvyCswRNSKZkDSGLAklULLotcZxqALRBgPlnlnOWkACoNCmlzo7WA+b6VcyCU + MSRLSMktp6RC/DO9KZFt8N7fAAAA///sWW1r2zAQ/ismUEih9uwkTtJB6QLbYB/KQgsrlEFQbKcJ + jSVj2XVHl//e5yRFdby6G2WUfAjkgxNJp+fO9/LchfNE13yvhugC7/pWdXEE6HqZcHIwh1m5Ak0e + NAISUgu8ylnxhchTdcYROaVghlVJGRDZ9y7hJwQMwleFo4mFw9YV+0UqOhlT6EoJ13YYd2oA0aLx + ZO3hjUvS2WqobfCTkxHoNrIREBiEcguRBMoSBnoRaU3nmvaXCEYUE5iMtDf+UlWVJyomMxUViMLk + wcuWmfJoXDKDzJm5e8YKMKl5CZ+adb9fT66m7tWFi7qrgtVekglyZYqGLovTFT92use/4SjrQnyE + G/5JWYI2yhIM2hbCeoEq0HLfKe5E7K6x1bdbmwttRMC3REC9C8WHXt7YRl19S113imwzEcOcLFpS + LOukLcs0ZVRROn9Lv2RD4ocif2P5IZ5wjughBvotPgsXbNCPg/l44IdzKDAanSJnDKna2U244ZVt + Cb3gSRzjDpSgzjMG1/Qgn6yTkdBXu0cdAh5qndqmso/pYMKgFwySwE/6vfh0GPWjcBRE4zCOfTZc + BMn4PD5TUo76k6PeV3z0OTdl3KRN19U/Sa+UbgWLuD2P8rGXlfP1KiKTuRljkiyG86o8gMzh8fPU + HXoZJ/zNTnT/ETdb2f1H3GyF9x0xUk+sW0pD2OrcZ2omOxRPlKx1m6fT1w2IG7Z/KXOBlv0GGSda + PgceDWSwaiOZ7jHzKcP1cpNxD6ng/V/6IRW8B+JDKmhNBZZgAOKtjrhHmuWaZx9yRcHMiLpJU9om + Qr6dCDUX7ISluWCZWsLvV7ngmtWYhrM0/0Xor/+C9F4U/2/upoVZobgJHcgPoaYS2+EfXEhDftw+ + muz6ZgDqf5sPW7knnZQ9XCayXJPgmrJqnpAXk0IrTlNNmjmQ6vb33cO9ndPmgEK72WyeAAAA//8D + AATWzMb6GgAA headers: - ATL-TraceId: - - 8d0a556f0e982584 - Connection: - - keep-alive + Atl-Traceid: + - edeea375737ef87e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:12 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1531e6d7-6016-41dd-b171-037974371a8f X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '255' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 524585f6-57a4-4d58-8aeb-5794ad023753 - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -438,94 +344,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xUk9AMbSJu2bLsixxGqBpUdDUWWJNkRpJ2fHa/vcd - KclO3blrUweIxRPv7bnnjvT7AO5qKvMgCzTIHDTkzzmI3ISSVmBCw0qoaKhq0NRyJU0IObcVWBqy - ksoChCrCBWiD7yC/hFqDAWm7vawxVlUzZ/BtEsdJPNDwdwPGTlY1XGjKLGcQhAF3/pNkGA9xYUDM - cFlaW5ssinKYAbO5eqcG1ApqDKdyIMFG6MlGtOZRGnFjGoh6A3NYof75ZHw12U/wgyIfggmy94HB - 2BrDqIVC6VWbQ44r1EjjNEGF/TSexIdZcpgdjgaj5OgnjDt2QTonFgP3Zh4YpNOP0F6crtPuFjkY - pnntgEPpU2IqKkRIcm4sl8ySmgMDomZkqfR84LSZktdafE0UBlijIVpwWNIFtVT/Yvg/8KTCWjbV - o1Z0mj9J4oNk1C1dhZ5sUg4Dxwf0NaFm7orUTK17ymZUGAiD3kaQeSNhUHJkjGbl6gwWgEHGH8PA - cqRUjfQIMtlgckGt1TuM+IGAdtoeTl+gHk63uEeCTfDXkluLBkyw9u3y/N3vNWpml1S7XA2vasGR - NPlWgoi3Z9FwdDccfU24HfKdsw78mjus8XMf+mH8GD2nw7t0+GDDvqqeOI9M9/0FX8nRXXL0fb7u - emfdwxe8HaR3B+n3eev4avqHnd4+fnQtf/eynUtYsds3WMGi0FBgq39GQ+SUEk3bea1ka3Clj3e9 - GH1uo50mrdT1qh+cQbafhAGmaV9iEzpetRt8hzlOa87aAN5/JnOMw4RMqRqRn3BTC7rqeIniJbU4 - o9vZ9u091E7OzayMWnPadYh/PFaNAypxod44AZdFkFndON9MAybr2u6/ZufhUdzPzm3Y4l14Jrte - pJuZwZXmdvXAhHv1yJ0U3zBCeUULMJHTML0RjgKhlgOzKDYz5kwt+1k0DBxGW4kc9IkIOgU3TRw3 - tw/Kox0wJLuImIwcHiU145qzMy7n/hQ/gdod6pL1fPEsWvp3a4lUcoxnOp0KuARqWg7q7im4OLv+ - 9fT87dnp8fj8avx2fHn55yXmhx1kEBDcMCmBXODYlJY4v4QboqRYEWxJLpxRYhX5jWtKLjRU2Lak - McivgW/S7Sx+RoPxBx7HR491FrQnBtYOwd/01Cd9jGUouKRie1N3Jeng9SwXGF0/CrCuhYT17qZ2 - TfsVPG5vDw+kXqu8Pq4+PfC/jY0buj2jbI53sJ5yvfHW13F3zfmugPu7UtRfWdL+dJXgqM6UUPq8 - jWYqGtgvNM6nzYVBkRPVFltVNd4Spe2q8KX6fQrOa7n525twK2AvI7evaJ1k5FipOQdywy3OR0uu - /OlBngtafHC5YqpCMSpKZWw2ikdxNOMyxyEWHaTDN97giYcCo3yniCNJtkf+V5P8gP9+9OpXeMFx - EwXVsPe96PhmjKtb/No/SoY+Doc5W8Kg4lbDQOkiQspRVwaOlxJH1Qi3DkpbCR9Va+els3Mt51It - e9mFVnmDt56xLLABK4QzmiB6zp/PHSMhL9Ry36od+dedgfQNichtYiz5q6HagiYbkztUYeMz8dqv - nl6QK0bljv3urhUladLi/ExTycpoQgsM9hyZ0EobLvLTk/uiY1UhTASnWXlP7KBeGQuVwdzzWnEk - 0l7m5b5eDuGKcmm4hQFybZccgTflVFGd9ziv8T7ZsM5ZfkpYSy6MhEwBJDFgybJjmsXB195VyAzZ - FpJlyVlJKqDS4Eva7ugsIEav5RQIZQwnJ+RkwSlpsBmYXtU4enCflNAe94N1PH8gMwr/W8qFc1OC - dFwjdG1V4U8tzAzjcOnxBRAuZ0pXXoco7aYxxbfGDUMcxHOQoQsLjSPA7Y3iXwAAAP//7FnbattA - EP0VYQg4UMmSfFWhJCa00IfQEkMLoWDW0io2taRFlyjB9b/nzO56Yyt2WkIJfjD4QdauZmZHM2fO - jCy2rNkjHdASTNpWFYhyi6XWlnlolFK+dBAjBZ3YnE954FdKLiBt5CFYoC0sNiaSwKKCe/Za+nzi - r4lAV0inNdEwKbkoqIjkXIUu31m+Qfai+sCtdFvHYV3XTlazQshMQ9ryB0fMhcwUmDKF5qm2cMpK - EK1ZhVidtr/9HE++25NrG4VaZrdWITJKEMqxNouSRXputc//IKiWZfYRwf2S4XiHGI7X2ywQ/JXo - gX9LRkUMr7m1f0CGe3DhEG9wDW+Q70vSp/0bDaFtLgSm/pYlC+cEAnt4dRPHiypJGBWg1t/QmnxI - dDLL31itiFZcIL+IsKIT6Efd0XA084Yu74aBGwZ9Pw68eAA9ZhM0vLKN0wseRxF0oGKhfEWPTsLi - uArDxaXnbjxJmEJCX20QVZo4KI1ym8QhddlhXm/mxjwI3V7k+kEc9gdsNBoO+GzoR6zfvYg+SSln - 3fGZ/wU/9ZydsFSDsW2rW4VTFXYNj9i+Q6niiGq2XITkMlswVpDH8LwsOOB+uLxCpDsiJec3O8/j - t7jZvx6/xc0e+NgtBiZFqt/U/O4KOWBd6xyQmURQrvpBhWi3wGVs/FzlmeCdW2RIOH9OOZq2YNXk - MGnQoyRNCnONtScQeP/XfQKB97D4BAJ7QMCQCBh3p3JtRSNafe1CblYyPUduUhNwrdZq3Xq5cGia - 5JppUnPBTGeaC4a28fR+kWep4j+6Wa30JwT195+OgBZHSlhtLjX+vQHztr5+dDZyP7QS9nDDi2pJ - grd0y9FAXo5LZcd9Vv6/2aESZoRCFxqnH5mcrJhxZZbLeQWpNIbsWuvvmKsfkO5Zr9dPAAAA//8D - ACYyjj+xGgAA + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhwXQHD0MXu1i3IssRJgaZFQFNniTVFaiQV203733fU + i506dbdkWBHAkXi8t+eeO92dB+uSytRLPA0yBQ3pSw4iNb6kBRjfsBwK6qsSNLVcSeNDym0Blvos + pzIDoTL/FrRBGaTnUGowIG17l1XGqmLhDN5EYRiFfQ1/VWDsbFPCmabMcgae73HnP4rGcYQvBsQC + X3NrS5MEQQoLYDZV71WfWkGN4VT2JdgAPdmAljyIA25MBUFnYAkb1D+dTS9mvWg4HuBRHYLxkjvP + YGyVYdRCpvSmySHFN9SIwzjuheNe9HwWhkk8SKKoP34++iGMw9AF6ZxYDLw288QgnX6AUITxNu32 + JQXDNC8dcHj6gpiCCuGTlBvLJbOk5MCAqAVZKb3sO22m5KUWj4yiktyVi4obekst1cEth1VQh7UL + sBVF4SAa/2T4B/ixwLJXBXp1tECXM2qWrlbV3LqnZEGFAd9rFF9hXrWu7+UciaNZvjmBW8BYw0++ + Zzkyq0SWeImsMEdvjyaDsBOUWr3HjJ4IeKtdw10XsIPbvdwjyS6rS8mtRQPG2/p2TP29vmvUwq6o + dnw1vCgFx4DTvcyxHjXLhuP1cPzIcL9SmS6TbV2G4TMMIx6u4+H/66Wpfs1FdBiN1tHoWzhcdx4H + 8XoQfwuPLcE/fXpIx+gQT+NOsODrq2YGYvWv3yEbskxDhmPlAdcxTiWqpsu/aDV+dkgwPiR4/tB4 + M9KaUzcw6untJb3I9xA1e4WIOPI2F+rGdwBqzprI7h6cOVojNiZXlUgn3JSCblry4/GKWvxQNAP2 + 8Y3ajO/dwA4ac9q1Yf14rCqHYORCfe0OuMy8xOrK+WYaMFnX218a4KNwO8D3YduOmX3BoYLH24KX + mivN7eaJCXfqwfBxc5wXNAMTOA3TGeF4INSqb26z3SA7Uatu4A29h5SOB10igs7BjSxH2v2v9egA + DNEhhkZjh0dOzbTk7ITL5UsnmUDpNgvJOr7ULFrVsu2JVHKKiwWdCzgHahoO6vbJOzu5/OXV6c3J + q+Pp6cX0Znp+/sc55oetZRAQvDDLgZzhbJaWOL+EG6Kk2BDscy6cUWIV+Y1rSs40FNjopDLIr/6X + +j3CdvLCjzwMx/pD4u01M0KecUkFFhOrsWsyJ9s/a/eiFt6a5QKj62YE1jWTsL1dla5p/wWPmxXm + idRrlLffxM+3jsexcUe3nylb4iLYUa4z3vg6bnet/xRwt7AF3d4Ud59wCY7qTAmlT5to5qKCXqZx + Pu3WFUUmqim2KkpcVaVtq/C1mn4Ozlu5+zuacSvgKCHXb2gZJeRYqSUH8ppbnI+WXACrNJCXgmYf + Xa6YqlCMilwZm4zDcRgsuExxiAWDePSuNjipocAo3yviSJIckX/UJN/hz/e1+gWuV26ioBr2fhvk + pAIywXzwcAKsT6KRTxy3tlkcv56i7Br/9UbRsA7VlYWtoF9wq6GvdBYgK6mrFMflyLE5wKv93Bai + Dryxc+XsXMqlVKv7KJ1plVb4uZ3KDPu0QNSDGYLsfNYQYcDkV7XqWXUAprI1EL8jAbmOjCV/VlRb + 0GRn8oAq7HxGtfabF2fkglF54L7b+4IojrdZ3cvjYmMsFAbzSEvFkTtHSX1el8ghVlAuDbfQR3oh + YCafK6rTQzce2J/siOYsvyCs4ROOUjIHkMSAJauWXBZnnWkItkCC+WSVc5aTAqg0KKTNjdYC5vtW + zoFQxnBYQkpuOSUV8p/pTYnTBu/9DQAA///sWW1r2zAQ/ismUEih9uwkTtJB6QLbYB/KQgsrlEFQ + bKUJjSXjl7qjy3/vc5Kiul7cjTJKPgTywYmk03Pne3nuIgTXFd6rIbrAu75VXRwBul5yQQ7mMCtX + osmDRkBCaoFwOSuxkFmizjgyoxTMsJpTBkT2vePihIBB+KpwNI1w2Lpiv0hFJ2UKXZnDtR0mnBpA + tGiCrz288Zx0thpqG/wUZAS6jWwEBAZhvoVIAvMSBtqJtKZzTftLBCOKCUxG2ht/qarKkxXLUxUV + iEL+4KXLVHk0LplB5szcPWMFeNO8hE/Nut+vJ1dT9+rCRd1VwWovSSW5MkVDl8XJShw73ePfcJR1 + IT/CDf+kLEEbZQkGbQthvUAVaLnvFHciLtfY6tutzYU2IuBbIqDeheJDuze2UVffUldYjEVLCtcd + DLqZmPMySRhVlM7f0i/ZkPihzN5YfognnCN6iIF+i8/CBRv042A+HvjhHAqMRqfIGUOqdnYTbnhl + G6cXPIlj3IES1HnG4Jrm5JN1MhL6alupQ8BDrVPbVPYxrU0Y9IIBD3ze78Wnw6gfhaMgGodx7LPh + IuDj8/hMSTnqT456X/HR59yECZM2XVf/lHtl7lawiNvzKB97aTlfryIymZsylpPFcF6VB5A5PH6e + ukMvFYS/2aLuP+Jmj7v/iJs98r4jRuqJdQNpCFud+0zNyIfiiZK1bvN0+roBccP2L2Um0cvfIONE + y+fAo0kNVm0k0z1mPmW4XmYy7iEVvP9LP6SC90B8SAWtqcASCkC81RH3SENe8+xDriyYGVE3aUrb + RMi3E6Hmgp2wNBcsU+PifpVJoSmPaThL81+E/vovSO9l8f/mblqYFYqb0IH8kGoqsR31wYU05Mft + o8mubwag/rf5sJV70knYwyXPyzUJrimr5glZMSm04jTVpJkDqW5/f3m49+K0OaDQbjabJwAAAP// + AwD24uu6+hoAAA== headers: - ATL-TraceId: - - c1462d7e2a064bd1 - Connection: - - keep-alive + Atl-Traceid: + - e14cea955b6e71a5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:15:59 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:12 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 49b4ada7-dc25-4111-9935-a41daabcc875 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '263' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 6a93932c-693f-41ac-afcb-c72ac75b37dd - x-envoy-upstream-service-time: - - '126' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -535,174 +446,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPT0vDQBDFv8tcTbeziU03exM9qEgVkp6kyP7FyGY3JBuhlH53d7FoYQ6PN783 - jzmBFLPZTw44fMY4zny91sYaFXX4CkREJ+a5F554E6GAbzPNffAJpoiUIMFVu7t7ax9fu//tbhlk - UsDfM1RggYcCtBldOA7Gx+44mnTg3oVFp5Bceqd/I8BzgFUX80HEDJZY0hVNwzpacdxyWhJEvMEE - p/xsptTb9cM1W2KHG05rjki2Jftj1fDkbUhg3WwlY7XB2tRWWSWorai8Zayxm0oqqTUTVNrmqiC6 - 3PDcTwLyO1YsLr4EJbJ9AndRYPzHvoXz+QcAAP//AwCrNoY/WgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/0uuttlJ0jZtbqIHFVmFdk8ikjYJVtKkNKmwLPvfTXHx4za88zzz + MifUy6APi0UCvcc4B7HbKW30EJX/8FhGK0MYpcNOR5ShT72E0bsEEwCCAUPe7q+f27un7ne7X6c+ + TUi8bFAGGbxmSOnZ+uOkXeyOs04HbqxfVZL6dbTqW0EiCRTKS3gr4wZSoDSHOie8g1oAF7TEAHCV + SEh+0Evq7cbpH9t0AIIyQRgumuaHHaZ7Z3wCq4Jww4wxjNeUVsBqgKKUtCKDBFUNnBcaWPW3INqt + 4WFcJNreMXK18dEPcotPyF4mpN3boUXn8xcAAAD//wMAJCvTAFoBAAA= headers: - ATL-TraceId: - - 2e3e7f1aead58022 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:16:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 7b18bc0718ecc5b0 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - c0249459-4705-4cbf-996b-5dbee9553906 - x-envoy-upstream-service-time: - - '31' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 5236336cb315a339 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:00 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d89e8c8a-63f5-43ed-a43b-6da1d5e26ced X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '114' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 93355af6-0f2f-4ff9-97be-a2bd0d087f7b - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -712,90 +516,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 1cd81ea9f32966ac - Connection: - - keep-alive + Atl-Traceid: + - 6dcbff98fca15c17 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:01 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:13 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 82700d6a-e8d2-4054-ae6f-adc9e1f945df X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '169' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - f2461f26-fcfe-4c4f-9a08-e160cfb704ca - x-envoy-upstream-service-time: - - '79' status: code: 200 message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure - Flag|http://localhost:8080/finding/325]\n\n*Defect Dojo link:* http://localhost:8080/finding/325 - (325)\n\n*Severity:* Low\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* - Unknown\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n*Branch/Tag:* - None\n\n*BuildID:* None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* - https://mainsite.com\n* https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA + Flag|http://localhost:8080/finding/327]\n\n*Defect Dojo link:* http://localhost:8080/finding/327 + (327)\n\n*Severity:* Low\n\n\n*Due Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/122]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe - accessed via unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for - cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps - to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "issuetype": {"name": "Task"}, "priority": {"name": "Low"}}}' headers: @@ -808,55 +616,59 @@ interactions: Connection: - keep-alive Content-Length: - - '1351' + - '1304' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"11405","key":"NTEST-1112","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11405"}' + string: '{"id":"11822","key":"NTEST-1484","self":"https://defectdojo.atlassian.net/rest/api/2/issue/11822"}' headers: - ATL-TraceId: - - a02119e344a476c4 - Connection: - - keep-alive + Atl-Traceid: + - a06f1468fa318504 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 55833025-fb24-4521-a9aa-a2334a89676d X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '610' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 1acf72b9-68e8-4b23-a9c3-e9f344a2f979 - x-envoy-upstream-service-time: - - '650' status: code: 201 message: Created - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -866,94 +678,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1112 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1484 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xUk9AMbSJu2XLsixxGqBpUdDUWWItkRpJ2XHb/Pcd - SclO0rlr0xiIpSPv/bmH9McAbhoq8iALFIgcFOQvOVS5DgWtQYealVDTUDagqOFS6BBybmowNGQl - FQVUsggXoDSuQX4OjQINwnR7WauNrGfW4LskjpN4oOCfFrSZrBo4U5QZziAIA279J8kw3scXDdUM - X0tjGp1FUQ4zYCaX7+WAmopqzakYCDARejIRbXiURlzrFqLewBxWqH86GV9MdpMkSVHkQtBB9jHQ - GFurGTVQSLXyOeT4hhppnCaosJvGk3g/Sw6yOBmM4oOfMO7YBmmdGAzcmXlkkFY/Qnuxjcqn3b3k - oJnijS0cSp8TXdOqCknOteGCGdJwYEDkjCylmg+sNpPiUlVfE4UG1iqIFhyWdEENVb9o/gGe1djL - tn7iRcf5syTeS0bdq+3Qs03KYWDxgL4mVM9tk9qpsU/ZjFYawqC3EWTOSBiUHBGjWLk6gQVgkPFt - GBiOkGoQHkEmWkwuaJR8jxE/sqCdtiuna1BfTvtyBwSb4C8FNwYN6GDt2+b5h9ur5cwsqbK5al43 - FUfQ5A8SxHo7FA1HN8PR14TbVb5z1hW/4bbW+He39MP4KXpOhzfp8NGGXVcdcJ7o7vsLvpKDm+Tg - +3zd9M66hy9420tv9tLv89bhVfcPW73d3tqRv3nleQk7dv0WO1gUCgoc9c9giJiSVesnz0seEFf6 - dNvC6HMbnk281M6qI84g203CANM0r3AILa66DdQgw3pm+vYJ8Ly3YbrIm1MW3+7xULY2zcSy15UV - cFEEmVEt3HaEZq0pznzyHz+T2chwqy5lW+VHXDcVXXUzgWKmAJO1Y/df3Lm/v9dz58OyxdvqmWxb - SLct7G3IhEvFzeqRtezVo+G3cSuvaQE6shq6N8JRUMnlQC+KDfmcyGVPUsPg1oJhCpZNLDYfHpQH - W7JNtgExGdm0S6rHDWcnXMzdKX4EjT3UBet75jq5dGtriZBijGc6nVZwDlR7HKjuKTg7ufz1+PTd - yfHh+PRi/G58fv7XOaaBE6Qxb9wwKYGcIW0KQ6xfwjWRoloRHEleWaPESPI7V5ScKahxbEmrEaED - N6QPs/gZDcafeBwfPP2QBf7EwBZhjTczdW+OsdoFF7R6uKm7knTldaiuMLqeCrB9hYD17raxQ/sV - OPa3h0cizCuvj6v7B/63gW6DqheUzfEO1iOrN+59HXbXnO8KuL8rRf2VJe1PVwEW0UxWUp36aKZV - C7uFQo7YXBgkOZK+2bJu8JYoTNeFL/XvfnHeiM1nZ8JNBTsZuX5NmzQjh1LOOZArbpCjDLlwpwd5 - WdHik80VU60ko1UptclG8SiOZlzkSIPRXrr/1hk8cqXAKN9LYkGS7ZD/1SQ/4L8fnfoFXnAscaAa - jrgTHV6N8e0av3YPkqGLw9acLWFQc6NgIFURIeSobQPHS4mFaoRbB6WpKxeVt/PK2rkUcyGXvexM - ybzFW89YFDiANZYzmmD1rD+XO0ZCfpPLXSO35N90BtK3JCLXiTbk75YqA4psTG5RhY3PxGm/fn5G - LhgVW/bbu1aUpImv8wtFBSujCS0w2FNEgpe2vMqPj+6KDmWNZSLIZuUdsS31ShuoNeaeN5IjkHYy - J3f9shWuKReaGxgg1rbJsfC6nEqq8r7O63ofbVBnLT8nzIMLIyFTAEE0GLLskGaQ+PxdhcwQbSFZ - lpyVpAYqNC5Sv6OzgDV6I6ZAKGPInJCTBaekxWFgatUg9eA+IcAfuYN1PH8iMgr3W8qGc1WCsFgj - dG1V4k8tzAzjsOnxBRAuZlLVTodIZdmY4qq2ZIhEPAcR2rDQOBbYn+r/AgAA///sWdtq20AQ/RVh - CDhQySv5qkJJTWihD6ElhhZCwaylVW1qXdAlSnD97z2zu9rYqp2WUIIfDH6QtauZs6O5nBlZfF3z - RzqglXGJrSrg5RZPrB14aJQSsXbgIwWd2JxPWeB7QiYgbWQhINAIiwYiCSwqmOcg0qcTf4ozdIV0 - WuMNs1JkBRWRXCjXFXvLt4heVB+YlW5rP6zr2klrXmQy0hC24sHJlpmMFECZQ/NcI5zzEmRnUcFX - 593P36azL/bsxgaxkNGtVWQpBQjFWJeH8Sq5tLqXv+BU6zJ9C+f+k+G4xxiOOzi2MGwWKC+WaI5/ - SrJG9Ku1lZmt7QXDG+RrkWTo8MZjPIIZQrtXZtvpGTbjwZISwUH+wnyDo4pjTgWo87dsTTYkOpnm - L6xWRCuuEF9EedEJDMP+ZDxZuGMm+oHPAn/oRb4bjaDHbIKGZ7YJesHTMIQOVCyUr/DRiXkUVUGw - eu+yxsSUU0josw2iChMHpVFuk3lIXfa4O1iwSPgBG4TM86NgOOKTyXgkFmMv5MP+VfhOSrnoTy+8 - j/ip5+yYJzoZ27a6VThVYdewiO05FCpOVi3Wq4BMZmecF2QxPC8LDrgfLq/h6U6WkPHbnefpI273 - r6ePuN0DnzpipJ5Q9Xya310jBqwbHQMykiiVq45SJa475GVs/FDlaSZ6d4iQYPkUcjRtwaqJYdKg - R0maFOY6156TwOu/7nMSeA3E5yRwIAm0CQToU2ezpWcaGgLUP1QQbmh2q68ZFKYl1wPmtpRj0yR2 - bJrEzDSpvWBom0juV3maKO6jm9VKf0JQf/8JKVocKWHTXOr894Kct/P1o9fIfdOJ+cOtKKo1Cd7R - LUcDeTktFY77tPx/00clzAiFLjROX1M5WWlGhjQRpXkFqTRA9tF6e3D1A9I82+32NwAAAP//AwBI - vkLgsRoAAA== + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPewlroBhyGJ36xZkWeK0QNMgoKlriTVFaiQV22v733ep + h506cbdkWBHAER/3fe7h/eDBqqQy9RJPg0xBQ/qSg0iNL2kBxjcsh4L6qgRNLVfS+JByW4ClPsup + zECozL8DbfAM0gsoNRiQtr3LKmNVMXcKb6MwjMK+hj8rMHa6LuFcU2Y5A8/3uLMfRaM4xoUBMcdl + bm1pkiBIYQ7Mpuq96lMrqDGcyr4EG6AlG9CSB3HAjakg6BQsYI3yZ9PJ5bQXDUdD3KpdMF7ywTPo + W2UYtZApvW5iSHGFEnEYx71w1IteTMMwiQdJNOwPv4+/C+MwdE46IxYdr9U800knH2AqQudoE3a7 + SMEwzUuXONw9JqagQvgk5cZyySwpOTAgak6WSi/6TpopeaXFE72oJHflouKW3lFLdXDHYRnUbm0d + bI+icBCNfjT8L/ihwLJXBVp1sECTU2oWrlbVzLqvZE6FAd9rBF9hXLWs7+UcgaNZvj6FO0Bfw0++ + Zzkiq0SUeImsMEZvByaDsDsotXqPET0z4a10ne66gF263eIeSLZRXUluLSow3sa2Q+pv9V2j5nZJ + tcOr4UUpODqc7kSO9ahRNhythqMnuvuFynSRbOoyDI/QjXi4iof/r5Wm+jUW0WB0uIoOv4bBVWdx + EK8G8dew2AL806eHcIz24TTuDuZ89brhQKz+9Q2iIcs0ZEgrD7COfipRNV3+qNb4aN/BaN/Bi4fK + G0prdh1h1OztJb0Il9QiqTdk+PSmaqh2S65Bo067lqk/T1Tloo0cYb5xG1xmXmJ1BZhaVGpfYzVc + 4zTO1fqcfs1Zk5UPD/acryhsclWJdMxNKei6bTxXLg0YrOvtxwg8HB12BL6btg3N7B7sK3i8Kfju + wWDLWFxpbtfPzG4nHrhH6wkEzwuagQmchOmUcNwQatk3d9mW4U7VsmPCoVcXZAaOshxod1/rwz3R + RvsQGo1c2Dk1k5KzUy4XL93JGEo3WUjW1ayu5LI+2+xIJSc4WNCZgAugpsGBbr+889Orn1+d3Z6+ + OpmcXU5uJxcXv19gGNhaBuPGC9McyDlys7TE2SXcECXFmmCfc+GUEqvIr1xTcq6hwEYnlUHM9h/r + 9wjbyQs/8jAcmaPEa94rLBHmeNtTnzU4ZjvjkordS+1c1Ka3RrVA7zqOwPJlEja3q9I17b/AcTPC + PBNhjfDmTfx86nga6Lao+omyBQ6CHbI65Y2tk3bW+k8OdwNb0M1NcfeES3CIZkoofdZ4MxMV9DKN + HLEdVxQZq6bYqihxVJW2rcKX6vd5ct7J7d/BlFsBBwm5fkvLOCEnSi04kDfcIkdZcgms0kBeCpp9 + dLFiqEIxKnJlbDIKR2Ew5zJFYgwG8dFNrXBcpwK9fK+IA0lyQP5RknyDP9/W4pc4XjniQDFs8dbJ + cQVkjPHg5hhYn0SHPnHY2kRx8maCZ9f4r3cYDWtXXVnYEvoFtxr6SmcBopK6SnEcjhyaA7zaz20h + ascbPa+dniu5kGp5P0vnWqUVPrcTmWGfFpj1YIpJdjbrFKHD5Be17Fm1J01lqyC+IQG5jowlf1RU + W9Bkq3KPKGxtRrX02+Nzcsmo3HPfzX1BFMebqO7Fcbk2FgqDcaSl4oidg6Ter0vkMlZQLg230Ed4 + YcJMPlNUp/tuPNA/3gLNaT4mrMETUimZAUhiwJJlCy6LXGcagM0RYD5Z5pzlpAAqDR7S5karAeN9 + J2dAKGNIlpCSO05Jhfhnel0i2+C9vwEAAP//7Flha9swEP0rJlBIofbsJE7SQekC22AfykoLK5RB + UGynCY0lY9l1R5f/3neSojpe3I0ySj4E8sGJpNM7Wffu3YXzRGdZr4boAu/6TlVxBOhmkXC6YA6z + dgWKPHgEJOQWBJez5HORp2qNI3KiYIZRSQwI9r1P+AkBg/Fl4ehU7rBVxX6Ri07GFLpS4mo7jDs1 + gCjReLLy8MYl+Ww91Gfwk9Mh0G50RkBgEMoNRDIoSxzQTqQ1n2veXyEYkUxwZOS9uS9VVXmiYjJT + UYEoTB69bJGpG41NprA5NXtPWQHtMitxp6bd7zeT60v3+sKFTlDBajfJBF1lioYui9MlP3a6x79x + UVaF+Ihr+KdkCdokSzDYDBCfFais75XsItnUnBq22PBbB9qEgG+FgHoXSvbsnmil61bebPItTo1F + CwrZnYLEtzpXlmnKKKN0/ka/dIakD0X+xvRDOuEc0UOq9lt8Fs7ZoB8Hs/HAD2fANBqdgjOGlO3s + JOzwyrSEXvAkjrEHUlDnBYNripNP9pKR0VfLSh0CHnKdmqbYx5Q2YdALBkngJ/1efDqM+lE4CqJx + GMc+G86DZHwenykrR/3JUe8rPnqdmzJuaNN19U/SK6Vb4UTcnkd87GXlbLWM6MjcjDFJJ4b1Kj1A + zOHx86U79DJO+Jsl6v4jbta4+4+4WSPvO2JwUqyLOCPY6trn0rR8KJ6IrHXpqHntFsIN07+UuUAt + fwvGiRYvgUedGozaSKZ9TH/KaL3cMO6BCt7/pR+o4D0QH6iglQqs8gDEOx1xT9TkNc8+7IqCmRZ1 + U3m0dYT8to6QbztCzQGr1BL+sMwF13LHFJyl+S9Cf/0XpA+i+H+9PG3MGsVOqEB+CNWVsO02kWrI + T5tHw65vBqD+t/mwsXvSSdnjVSLLFRmuOav6CXkxKbTj1NWkngO5bn/fXtzbWm0WKLTr9foZAAD/ + /wMACh0YF/oaAAA= headers: - ATL-TraceId: - - 9df06d33d9c8712b - Connection: - - keep-alive + Atl-Traceid: + - fa8e8cc43078a798 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:14 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - c4059c1b-9aff-40dd-a87e-25fdbdde532e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 0233e425-cb7a-4dd4-bb37-b2a9f6eb00d7 - x-envoy-upstream-service-time: - - '116' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -963,94 +780,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11405 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11822 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xUk9AMbSJu2XLsixxGqBpUdDSWWItkRpJ2XFf/vvu - KMlO3blr0xiIpSPv7bnnjvR7D+5qLjMv8TTIDDRkzwWUmfElr8D4Ji2g4r6qQXMrlDQ+ZMJWYLmf - FlzmUKrcX4A2uAbZJdQaDEjb7U0bY1U1I4NvojCMwoGGfxowdrKq4ULz1IoUPN8T5D+KhuEhvhgo - Z/haWFubJAgymEFqM/VWDbgtuTGCy4EEG6AnG/BaBHEgjGkg6A3MYYX655Px1WQ/iqIYRS4E4yXv - PYOxNSblFnKlV20OGb6hRhzGESrsx+EkPEyioySMBqPw6CeMO6QgyYnFwJ2ZBwZJ+gHaCymqNu3u - JQOTalETcCh9ykzFy9JnmTBWyNSyWkAKTM3YUun5gLRTJa91+TVRGEgbDcFCwJIvuOX6FyPewZMK - a9lUj1rRafYkCg+iUfdKFXqySdn3iA/oa8LNnIrUTC09JTNeGvC93oaXOCO+VwhkjE6L1RksAIMM - P/qeFUipGunhJbLB5Lxaq7cY8QMB7bQdnK5APZz0co8Em+CvpbAWDRhv7Zvy/MPtNWpml1xTrkZU - dSmQNNlWgoi3Y9FwdDccfU24HfKdsw78WhDW+Hcf+mH4GD3Hw7t4+GDDrqqOOI9M9/0FX9HRXXT0 - fb7uemfdwxe8HcR3B/H3eev4avqHnd4+fqSWv3vRziWs2O1rrGCea8ix1T+jIXJKlU3bea1ka3DF - j3ctjD630U6TVkq96ganl+xHvodp2hfYhMSrdoPrMOK0FmkbwPvPZMQ4TMgUqimzE2Hqkq86XqJ4 - yS3O6Ha2fXsPtZNzMyuD1pymDnGPx6ohoCIK9YYEQuZeYnVDvlMNmCy13X/NzsPDg352bsMW7sIz - 2rUQb2aGUFrY1QMT7tWD4beNUFHxHExAGqY3IlBQquXALPLNjDlTy34WDT3CaCuRgz6Rkk+Bpglx - c/ugPNoBQ7SLiNGI8Ci4GdciPRNy7k7xE6jpUJdpzxfHoqVbW0ukkmM80/m0hEvgpuWg7p68i7Pr - X0/P35ydHo/Pr8ZvxpeXf11ifthBBgHBDZMC2AWOTWkZ+WXCMCXLFcOWFCUZZVax34Xm7EJDhW3L - GoP8Grgm3c7iZzQYfhBhePT4XeJt9SxCngvJSywmVmPTZLS2LeuuJB28juUlRtePAqxrLmG9u6mp - ab+Cx+3t4YHUa5XXx9WnB/63sXFDt2c8neMdrKdcb7z1ddxdc74r4P6uFPRXlrg/XSUQ1VNVKn3e - RjMtG9jPNc6nzYVBsRPVFltVNd4Spe2q8KWafgrOK7n57E2ELWEvYbcveR0n7FipuQB2IyzOR8uu - 3OnBnpc8/0C5YqqlSnlZKGOTUTgKg5mQGQ6x4CA+fO0MnjgoMMq3ihFJkj32v5rsB/z3o1O/wgsO - TRRUw953ouObMb7d4tf+UTR0cRDm6RIGlbAaBkrnAVKOUxkEXkqIqgFuHRS2Kl1UrZ0XZOdazqVa - 9rILrbIGbz1jmWMDVghnMEH0yJ/LHSNhv6nlvlU78q87A/FrFrDbyFj2d8O1Bc02JneowsZn5LRf - Pr1gVymXO/bTXSuI4qjF+ZnmMi2CCc8x2HNkQittRJmdntwXHasKYWI4zYp7YoJ6ZSxUBnPPaiWQ - SHuJk7t6EcIVF9IICwPk2i45Am+KqeI663Fe432yYR1ZfsrSllwYCZsCSGbAsmXHNIuDr72rsBmy - zWfLQqQFq4BLg4u83dFZQIxeySkwnqY4OSFjC8FZg82Q6lWNowf3SQntcT9Yx/MnMiN3v6UonJsC - JHGN8bVVhT+1MDOMg9ITC2BCzpSunA5TmqYxx1VDwxAH8RykT2GhcQS4vVH8CwAA///sWdtq20AQ - /RVhCDhQyZJ8VaGkJrTQh9ASQwuhYNbSqja1pEWXKCH1v+fM7mpjK3ZaQgl+MPhB1q5mZkdzZs6M - LLau2T0d0BJM2lYViHKLpdaWeWiUUr52ECMFndicT3ngZ0ouIG3kIVigLSwaE0lgUcE9ey19OvGX - RKArpNOaaJiVXBRURHKuQpfvLF8Dvag+cCvd1nFY17WT1awQEmmALb9zxFJIpMCUOTTPtYVzVoJo - LSrE6rz79cd09s2eXdko1BLdWoXICCCEsS6LklV6bnXP/yCo1mX2HsH9nOF4hxiON9guWyV64N+S - URHDa28dHpDhHlw4xBtcwxvk+5L0af9GQ2jbC0GzAH+xcElJYA+vbufxokoSRgWo87dsTT4kOpnl - r6xWRCsugC8irOgEhlF/Mp4svLHL+2HghsHQjwMvHhGraDZBwwvbOL3gaRRBByoWyld07yQsjqsw - XH303MaTlFNI6IsNooKJg9Iot8k8pC57zBss3JgHoTuIXD+Iw+GITSbjEV+M/YgN+xfRBynlrD89 - 8z/jp56zE5bqZGzb6lbhVIVdwyO27xBUHFEt1quQXGYLxgryGJ6XBQfcD5eXiHRHpOT8dud5/Ba3 - +9fjt7jdAx+7xchJkeo3Nb+7BAasK40BiSRK5aofVBntBnkZGz9VeSZ47wYICZdPkKNpC1YNhkmD - HiVpUpjrXHtKAm//uk9J4C0sPiWBPUnAkAgY90th7YFGtPrahdysZHqO3KYm4Fqdh03n+cKhaZJr - pkntBTOdaS8Y2sbT21WepYr/6Ga10p8Q1N9/OgJaHCnhobnU+e8VOW/r60evkfuuk7C7a15UaxK8 - pVuOBvJyWio7brPy/80OlTAjFLrQOH3P5GTFjCuzXM4rSKUxZNdaf8dc/YB0z2azeQQAAP//AwDp - 9oFksRoAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZlsvdhLXAHDkMXO1i3IssRpgaZBQFNniTVFaiQV22v733fU + i906cbdkWBHAkXi89+ce3XsPViWVqZd4GmQKGtJTDiI1vqQFGN+wHArqqxI0tVxJ40PKbQGW+iyn + MgOhMv8etEEZpJdQajAgbXuXVcaqYu4M3kVhGIV9DX9WYOx0XcKFpsxyBp7vcec/ikZxjC8GxBxf + c2tLkwRBCnNgNlXvVJ9aQY3hVPYl2AA92YCWPIgDbkwFQWdgAWvUP59Orqa9aDga4lEdgvGS957B + 2CrDqIVM6XWTQ4pvqBGHcdwLR73oxTQMk3iQRMP+8Pv4uzAOQxekc2Ix8NrMM4N0+gGWInSBNmm3 + LykYpnnpCoenx8QUVAifpNxYLpklJQcGRM3JUulF32kzJa+1eGIUleSuXVTc0XtqqQ7uOSyDOqxt + gK0oCgfR6EfD/4IfCmx7VaBXBwt0OaVm4XpVzax7SuZUGPC9RvEl5lXr+l7OETia5eszuAeMNfzo + e5YjskpEiZfICnP0dmAyCDtBqdU7zOiZBW+163LXDezK7V4+Ack2q2vJrUUDxtv4dkj9rb5r1Nwu + qXZ4NbwoBceA053MsR81yoaj1XD0xHC/0Jkuk01fhuERhhEPV/Hw//XSdL/GIjqMDlfR4ddwuOo8 + DuLVIP4aHluAf/z4EI7RPpzGnWDOV68aDsTu39wiGrJMQ4a08gDrGKcSVTPlj1qNj/YJRvsELx4a + byitOXWEUbO3l/SilsdcuTRnTRzvH5w5EGMlTK4qkY65KQVdt1DHY6y7fYU1dfBvXVCLH4qGYJ8+ + qA19bwk7aMxpN4b144mqXAXr4F+7Ay4zL7G6ctEwDZism+3HCDwcHXYEvlu2Dc3sCvY1PN40fFcw + 2DIWV5rb9TMr0akH7qP1BILnBc3ABE7DdEY4Hgi17Jv7bMtwZ2rZMeHQq1s5A0dZDrS7X+vDPdlG + +xAajVzaOTWTkrMzLhenTjKG0m0WknUIqnG1rGWbE6nkBBcLOhNwCdQ0qNTtk3dxdv3zy/O7s5cn + k/Oryd3k8vL3S0wDR8tg3nhhmgO5QG6Wlji/hBuipFgTnHMunFFiFfmVa0ouNBQ46KQyiK/+Y/Me + 4Th54QcehiNzlHg7w4yVzbikAnuGRd8OmZPtnrV7UVveGuUCo+s4AtuXSdjcrko3tP8Cx80K80yE + Ncqbb+LnW8fTQLdF1U+ULXAR7JDVGW98nbS71n8KuFvYgm5virtPuASHaKaE0udNNDNRQS/TyFjb + dUWRsWqarYoSV1Vp2y58qaefF+et3P4dTLkVcJCQmze0jBNyotSCA3nNLTKmJVfAKg3kVNDsg8sV + UxWKUZErY5NROAqDOZcpklgwiI9ua4PjuhQY5TtFHEiSA/KPmuQb/Pm2Vr/C9coRB6rhiLdBjisg + Y8wHD8fA+iQ69InD1iaLk9cTlN3gv95hNKxDdW1hS+gX3GroK50FiErqOsVxOXJoDvBqP7eFqANv + 7Lxydq7lQqrlp1W60Cqt8HM7kRnOaYFVD6ZYZOezLhEGTH5Ry55Ve8pUtgbiWxKQm8hY8kdFtQVN + tib3qMLWZ1Rrvzm+IFeMyj333d4XRHG8yeqTPK7WxkJhMI+0VByxc5DU53WLXMUKyqXhFvoILyyY + yWeK6nTfjQf2x1ugOcvHhDV4QiolMwBJDFiybMFlketMA7A5Aswny5yznBRApUEhbW60FjDft3IG + hDKGZAkpueeUVIh/ptclsg3e+xsAAP//7Flta9swEP4rJlBIofbsJE7SQekC22AfykILK5RBUGyn + CY0lY9l1R5f/3uckRXW8uhtllHwI5IMTSafnzvfy3IXzRNd8r4boAu/6VnVxBOh6mXByMIdZuQJN + HjQCElILhMtZ8YXIU3XGETmlYIZVSRkQ2fcu4ScEDMJXhaOJhcPWFftFKjoZU+hKCdd2GHdqANGi + 8WTt4Y1L0tlqqG3wk5MR6DayERAYhHILkQTKEgZ6EWlN55r2lwhGFBOYjLQ3/lJVlScqJjMVFYjC + 5MHLlpnyaFwyg8yZuXvGCjCpeQmfmnW/X0+upu7VhQueoILVXpIJcmWKhi6L0xU/drrHv+Eo60J8 + hBv+SVmCNsoSDNoWwnqBKtBy3ynuROyusdW3W5sLlggokyt28/LGNmLgW+q6U0ub+bZ5yvJamJNF + S4plnbRlmaaMKkrnb+mXbEj8UORvLD/EE84RPcRAv8Vn4YIN+nEwHw/8cA6Mo9EpcsaQqp3dhBte + 2ZbQC57EMe5ACeo8Y3BNc/LJOhkJfbWt1CHgodapbSr7mNYmDHrBIAn8pN+LT4dRPwpHQTQO49hn + w0WQjM/jMyXlqD856n3FR59zU8ZN2nRd/ZP0SulWsIjb8ygfe1k5X68iMpmbMSbJYjivygPIHB4/ + T92hl3HC32xR9x9xs8fdf8TNHnnfESP1xLqlNIStzn2mZuRD8UTJWrd5On3dgLhh+5cyF+jlb5CK + ouVz4NGkBqs2kukeM58yXC83GfeQCt7/pR9SwXsgPqSC1lRgmQcg3uqIe6Qhr3n2IVcUzIyom0yk + bSLkt02EfDsRai5Yppbw+1UuuGY1puEszX8R+uu/IL0Xxf+bu2lhVihuQgfyQ6ipxHb4BxfSkB+3 + jya7vhmA+t/mw1buSSdlD5eJLNckuKasmifkxaTQitNUk2YOpLr9ffdwb+e0OaDQbjabJwAAAP// + AwAATfLq+hoAAA== headers: - ATL-TraceId: - - 055833061f1bdbe3 - Connection: - - keep-alive + Atl-Traceid: + - 77196473b35b1c32 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:02 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:15 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 703c3197-7f9d-4125-9bb5-63c12a915c79 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '287' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - ed475b63-8036-428a-ab31-f4683089a27e - x-envoy-upstream-service-time: - - '93' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1060,174 +882,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbduvSvIk+qMgU2j2JSP7cYCVNSpsKY+y7m+DQwX043Ps7 - 53BPRMkZD5MjgnzGOM5ivTZoUUcTvgKV0cl57qWnHiMpyDdOcx98ghkAo0Bh1e5vX9uHl+7/ul8G - lRQRbxkqoID3ghgcXTgO6GN3HDEF3LmwmGRSS+/Mr4WIbODVZXkvYwZLKNmKpeEdqwTsBCspANxA - gpN/xin1dv1wzZbQwVawOgXSqtz8sXp49DYksG52ivMaocbaaqslsxVTG84bu62UVsZwyZRtrgqi - yw1P/SRJfsfKxcXnoGVen4i7KIL+49CS8/kHAAD//wMAeJGte1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUbBC0IZwyn7YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwDwWXRNWgEAAA== headers: - ATL-TraceId: - - b42ba6014837514f - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:16:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 0a5849c69bad4fe5 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 4465be2a-9e4e-4375-9bcd-00cbb80eed05 - x-envoy-upstream-service-time: - - '37' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - b31e66197a0ab766 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:18 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1cff95c6-e045-44c1-8da4-ccbe627c7fd0 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '121' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 9e9d33e9-2436-4c6b-a4cf-c3c094810329 - x-envoy-upstream-service-time: - - '66' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1237,94 +952,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFvmWC9xXE9AMbSJu2bLsixxGqBpUdDUWWJNkRpJ+WVt//uO - lGSn7ty1qQPE4on39txzR/p9AKuKyixIAw0yAw3Zcw4iMz1JSzA9wwooaU9VoKnlSpoeZNyWYGmP - FVTmIFTeW4A2+A6yK6g0GJC23ctqY1U5cwbfxlEUR30Nf9dg7GRdwaWmzHIGQS/gzn8cD6IBLgyI - GS4LayuThmEGM2A2U+9Un1pBjeFU9iXYED3ZkFY8TEJuTA1hZ2AOa9S/mIyvJ4cxflDkQzBB+j4w - GFttGLWQK71ucshwhRpJlMSocJhEk+g4jY/T41F/FA9/wrgjF6RzYjFwb+aBQTr9EO1FySbtdpGB - YZpXDjiUPiWmpEL0SMaN5ZJZUnFgQNSMLJWe9502U/JGi6+JwgCrNYQLDku6oJbqXwz/B56UWMu6 - fNSIzrIncXQUj9qlq9CTbcq9wPEBfU2ombsi1VPrntIZFQZ6QWcjSL2RXlBwZIxmxfocFoBBRh97 - geVIqQrpEaSyxuSCSqt3GPEDAW21PZy+QB2cbnGPBNvgbyS3Fg2YYOPb5fm732vUzC6pdrkaXlaC - I2mynQQRb8+iwWg1GH1NuC3yrbMW/Io7rPFzH/pB9Bg9J4NVMniwYV9VT5xHpv3+gq94uIqH3+dr - 1TlrH77g7ShZHSXf563lq+ke9nr7+NG1/OplM5ewYndvsIJ5riHHVv+MhsgpJeqm8xrJzuBKHu97 - MfrcRjNNGqnrVT84g/QwxiW1OE+bOfTtfG+m3HauhY057djsH09U7ZKK3ay6dQIu8yC1ugbEA43a - lzgAHKeb4Lw9Z19z1iT//jOZixWVTaFqkZ1yUwm6bnsCxUwDJuva7r9m5/Ew6mbnLmzRPjzjfS+S - 7czgSnO7fiCInXroTopvGKG8pDmY0GmYzghHgVDLvlnk2xlzrpbdLBoEDqOdRI66RASdgpsmjpu7 - B+VwDwzxPiLGI4dHQc244uycy7k/xU+hcoe6ZF3NfCWX/t1GIpUc45lOpwKugJqGB7p9Ci7Pb349 - u3h7fnYyvrgevx1fXf15hflhBxkEBDdMCiCXODalJc4v4YYoKdYEW5ILZ5RYRX7jmpJLDSW2LakN - crbvm3Q3i5/RYPSBR9HwsU6D5sTA2iH42576pI+xDDmXVOxuaq8kLbye1QKj60YB1jWXsNldV65p - v4LHze3hgdRrlDfH1acH/rexcUu3Z5TN8Q7WUa4z3vg6aa853xVwd1cKuytL0p2uEhzVmRJKXzTR - TEUNh7nGGbG9MChyqppiq7LCW6K0bRW+VL9PwXktt38HE24FHKTk7hWt4pScKDXnQG65xRllybU/ - PchzQfMPLldMVShGRaGMTUfRKApnXGY4GMOjZPDGGzz1UGCU7xRxJEkPyP9qkh/w349e/RovOG6i - oBr2vhed3I5xdYdfh8N44ONwmLMl9EtuNfSVzkOkHHVl4HgpcVQNcWu/sKXwUTV2Xjo7N3Iu1bKT - XWqV1XjrGcscG7BEOMMJouf8+dwxEvJCLQ+t2pN/1RpI3pCQ3MXGkr9qqi1osjW5RxW2PmOv/erp - JblmVO7Z7+5aYZzEDc7PNJWsCCc0x2AvkAmNtOYiOzu9LzpRJcJEcJoV98QO6rWxUBrMPasURyId - pF7u6+UQLimXhlvoI9f2yRF4U0wV1VmH8wbv0y3rnOWnhDXkwkjIFEASA5YsW6ZZHHzNXYXMkG09 - siw4K0gJVBp8SZsdrQXE6LWcAqGM4eSEjCw4JTU2A9PrCkcP7pMSmiO3v4nnD2RG7n9LuXBuC5CO - a4RurCr8qYWZYRwuPb4AwuVM6dLrEKXdNKb41rhhiIN4DrLnwkLjCHBzqv8LAAD//+xZbWvbMBD+ - KyZQSGF2bOfVg9GFssE+lI0GNiiDoNjyEhbbwi91S5b/vuckWW3cpB1llHwI9INrSXen891zz10s - tq7ZPV3QEkzaVhWIcoul1iPz0CilfO0gRgq6sbmf8sDPlFxA2shDsEBbWDQmksCignv2Wvpw4y+J - QFdItzXRMCu5KKiI5FyFLt9Zvkb2ovrArfRax2Fd105Ws0LITEPa8jtHLIXMFJgyh+a5tnDOSpCd - RYVYnXe//pjOvtmzKxuFWma3ViEyShDKsS6LklV6bnXP/yCo1mX2HsH9lOF4hxiON2gWCP5K9MC/ - JUsjltXeOjwgwz24YHiD/CySJe3feIhHuIbQtheCvfW3jdtwJguXhBAK44sqSRgVoM5LaE0+JDqZ - 5a+sVkQrLpBfRILRCQyj/mQ8WXhjl/fDwA2DoR8HXjyCHrMJGp7ZxukDT6MIOlCxUL6ieydhcVyF - 4eqj5zYuJkwhoc82iCpNHJRGuU3ikHrsMW+wcGMehO4gcv0gDocjNpmMR3wx9iM27F9EH6SUs/70 - zP+MP3XOTliqwdi21avCqQq7hkds36FUcUS1WK9CcpktGCvIYzgvCw64Hx4vEemOSMn57c7z+C1u - 96/Hb3G7Bz52i4FJker5NL+7RA5YVzoHZCYRlKseUyHaDXAZGz9VeSZ47wYZEi4fUo6mLVg1OUwa - 9ChJk8JcY+0JBN7+c59A4C0sPoHAHhBosw3Qp85mS2catgGrf6kk3NDsVj+7UJiVTA+Y21IOTZNc - M01qL5jpTHvB0Dae3q7yLFUURzerlf4JQf37L5beZuX/mwMqYUYoNKFh+Z7JiYYZ1aGnkiZvmkcN - uK82QP7c0mvkvusk7O6aF9WaBD+6rJxF5OW0VBeniSjNK+jq5v3uYX/ntD4grd1ut38BAAD//wMA - LrWTYbEaAAA= + H4sIAAAAAAAAA7xWa2/bNhT9K4Q+bZlsPWy4joBhyGJ36xZkWeK0QNMgoKlriTVFaiQV203z33ep + h90mdbdkWBHAER/3fe7hvfNgXVKZeomnQaagIX3JQaTGl7QA4xuWQ0F9VYKmlitpfEi5LcBSn+VU + ZiBU5t+CNngG6TmUGgxI295llbGqWDiFN1EYRmFfw18VGDvblHCmKbOcged73NmPonEc4cKAWOAy + t7Y0SRCksABmU/Ve9akV1BhOZV+CDdCSDWjJgzjgxlQQdAqWsEH509n0YtaLhuMBbtUuGC+58wz6 + VhlGLWRKb5oYUlyhRBzGcS8c96LDWRgm8SCJov74cPRDGIehc9IZseh4reaZTjr5AFMRxtuw20UK + hmleusTh7hExBRXCJyk3lktmScmBAVELslJ62XfSTMlLLZ7oRSW5KxcVN/SWWqqDWw6roHZr52B7 + FIWDaPyT4R/gxwLLXhVo1cECTc6oWbpaVXPrvpIFFQZ8rxF8hXHVsr6XcwSOZvnmBG4BfQ3vfc9y + RFaJKPESWWGM3gOYDMLuoNTqPUb0zIS30nW66wJ26XaLT0Cyi+pScmtRgfG2th1Sf6/vGrWwK6od + Xg0vSsHR4fRB5FiPGmXD8Xo4fqK7X6lMF8m2LsPwBboRD9fx8P+10lS/xiIajEbraPQtDK47i4N4 + PYi/hcUW4Pf3j+EY7cNp3B0s+Pp1w4FY/atrREOWaciQVh5hHf1Uomq6/Ita4xf7Dsb7Dg4fK28o + rdl1hFGzt5f0opbHXLo0Z40fd4/2HIgxEyZXlUgn3JSCblqo4zbm3b7GnDr4tyaoxYeiIdinN2pD + 3zvCDhp12rVh/XmsKpfB2vk3boPLzEusrpw3TAMG63r7SwQ+CrcE/jBtW5p5eLCv4PG24KXmSnO7 + eWbAnXgwfBqP84JmYAInYTolHDeEWvXNbbYjshO16ghv6D2GdDzoAhF0Do6yHGgfvtajPWmI9iE0 + Grt85NRMS85OuFy+dCcTKN1kIVmHoBpXq/psuyOVnOJgQecCzoGaBpW6/fLOTi5/eXV6c/LqeHp6 + Mb2Znp//cY7xYWsZTAhemOVAzpCbpSXOLuGGKCk2BPucC6eUWEV+45qSMw0FNjqpDOKr/6V+j7Cd + vPAjD8Ox/pB4zXuFtcPk73rqswbHMmRcUvHwUjsXtemtUS7Qu44jsK6ZhO3tqnRN+y9w3Iwwz4Re + I7x9Ez+fOp6Gxh3cfqZsiYNgB7lOeWPruJ21/pPD3cAWdHNT3D3hEhzUmRJKnzbezEUFvUwjY+3G + FUUmqim2KkocVaVtq/C1+n2enHdy93cw41bAQUKu3tIySsixUksO5A23yJiWXACrNJCXgmYfXawY + qlCMilwZm4zDcRgsuEyRxIJBPLquFU7qVKCX7xVxIEkOyD9Kku/w5/ta/ALHK8coKIa93zo5qYBM + MB7cnADrk2jkE4etbRTHb6Z4doX/eqNoWLvqysJW0C+41dBXOgsQldRViuNw5NAc4NV+bgtRO97o + ee30XMqlVKtPs3SmVVrhczuVGfZpgVkPZphkZ7NOETpMflWrnlV70lS2CuJrEpCryFjyZ0W1BU12 + KveIws5mVEu/PTojF4zKPffd3BdEcbyN6pM4LjbGQmEwjrRUHLFzkNT7dYlcxgrKpeEW+ggvTJjJ + 54rqdN+NR/onO6A5zUeENXhCKiVzAEkMWLJqwWWR60wDsAUCzCernLOcFEClwUPa3Gg1YLzv5BwI + ZQzJElJyyympEP9Mb0pkG7z3NwAAAP//7Fnva9swEP1XTKCQQu3ZSZykg9IFtsE+lJUWViiDoNhK + ExpLxj/qji7/e99Jiup4cTfKKPkQ6Ic0ku+ezrp37y5CcF3zvRqiC7zrO9XFEaCbBRd0wRxm7Uo0 + eTgRkNCxILicpZjLLFHPODIjCmZYzYkBwb73XJwQMBhfFo4WFg5bVewXHdFJmUJX5rjaDhNODSBa + NMFXHt54Tme2J9Qx+CkoCOSNYgQEBmG+gUgG8xIB2om0duba6a+QjCgmCBmd3tyXqqo8WbE8VVmB + LOSPXrpI1Y2GkylsTo3vKSugpGYl7tS0+/1mcn3pXl+4qLsqWa2TVNJVpmzosjhZimOne/wbF2VV + yI+4hn9KlqBNsgSDzQLxWYHO+l5JJBJxza1hiw2/dcEKARVyJXt2b2wTBr6Vrlt1s8m3iBqLFpSy + OwWJb3VuXiYJo4rS+Rv9UgxJH8rsjeWHdMI5socU6Lf4LJyzQT8OZuOBH86AaTQ6BWcMqdrZTfDw + yjZOL3gSx/CBEtR5weCa5uSTvWRk9NW2UqeAh1qntin2Ma1NGPSCAQ983u/Fp8OoH4WjIBqHceyz + 4Tzg4/P4TFk56k+Oel/xp59zEyYMbbqu/ir3ytytEBG35xEfe2k5Wy0jCpmbMpZTxPC8Kg8Qc/j4 + +dIdeqkg/M0Wdf8RN3vc/Ufc7JH3HTE4KdYtpRFsde1zaUY+lE9E1rrN07x2C+GG7V/KTKKXvwUV + RYuXxKNJDVZtJpMfM58yWi8zjHuggvd/6QcqeA/EBypopQKrPADxTmfcEw15zWcfdmXBzIi6qTza + JkK+nQg1F+yEpblglRoXD8tMCi13TMNZmt8i9L//hFQm2sLT5qMhuzcQXO1nlA8buyedhD1e8bxc + keGab9XeZ8Wk0DgeZPH/5n/amDUKX+iEfkg1HdkMIWmqSTMHcmmBbKPtbcE1D6jwrNfrZwAAAP// + AwDBrY83+hoAAA== headers: - ATL-TraceId: - - 1c585bf5812766d6 - Connection: - - keep-alive + Atl-Traceid: + - 5ef3de81552a8d45 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:10 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2a35a32a-eb77-40ef-a317-c034c24e6b3a X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '240' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 2990cda4-a337-40f5-b71a-1fc4b41e930e - x-envoy-upstream-service-time: - - '106' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1334,89 +1054,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 9f1d21f027353be2 - Connection: - - keep-alive + Atl-Traceid: + - 059d577c6b9a6ee7 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 37adba79-50f9-4601-93e8-312e9b5478fe X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '193' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - db6761a5-b50a-4e0d-82bd-af1b64f990a5 - x-envoy-upstream-service-time: - - '117' status: code: 200 message: OK - request: body: '{"fields": {"labels": ["tag1", "tag2"], "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/324]\n\n*Defect - Dojo link:* http://localhost:8080/finding/324 (324)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/121]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com\n* - https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA cookie has been - set without the secure flag, which means that the cookie can\nbe accessed via - unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then\nit should always be passed using an - encrypted channel. Ensure that the secure\nflag is set for cookies containing - such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/326]\n\n*Defect + Dojo link:* http://localhost:8080/finding/326 (326)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/122]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -1429,53 +1154,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1333' + - '1286' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: '' headers: - ATL-TraceId: - - a39c2c322b5b4c2d - Connection: - - keep-alive + Atl-Traceid: + - b0893a6d624e9568 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:11 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:19 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 852f5167-c2bc-4af0-9194-c3beea0c4791 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '389' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 43c87acd-e205-40df-abb1-4b58f2ce1b38 - x-envoy-upstream-service-time: - - '216' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1485,94 +1214,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbW/bNhD+K4Q+FFumWC9xHE9AMbSJu2XLsixxGqBpUNDUWWItkRpJ+WVt//uO - lGSnTp21qQPE0pH39txzR/qDB8uKitRLPAUiBQXpKw5Fqn1BS9C+ZjmU1JcVKGq4FNqHlJsSDPVZ - TkUGhcz8OSiNa5BeQqVAgzDtXlZrI8upNfguCsMo7Cn4pwZtxqsKLhRlhjPwfI9b/1HUD/v4oqGY - 4mtuTKWTIEhhCsyk8r3sUVNQrTkVPQEmQE8moBUP4oBrXUPQGZjBCvXPx6Or8X6EHxS5ELSXfPA0 - xlZrRg1kUq2aHFJ8Q404jCNU2I/DcXiYRIfJ4bA3jAY/YdyhDdI6MRi4M/PEIK1+gPbCeJ12+5KC - ZopXFjiUviC6pEXhk5RrwwUzpOLAgMgpWUg161ltJsW1Kr4mCg2sVhDMOSzonBqqftH8X3heYi3r - 8lkjOk2fR+FBNGxfbYWeb1L2PcsH9DWmemaLVE+MfUqmtNDge50NL3FGfC/nyBjF8tUZzAGDDD/5 - nuFIqQrp4SWixuS8Ssn3GPETAW21HZyuQB2c9uUeCTbBXwtuDBrQ3tq3zfMPt1fLqVlQZXPVvKwK - jqRJtxJEvB2L+sNlf/g14bbIt85a8CtuscbPfej74RF6jvvLuP9kw66qjjjPdPv9iK9osIwG3+dr - 2TlrHx7xdhAvD+Lv89byVXcPO719+mRbfvm6mUtYsds7rGCWKciw1R/QEDkli7rpvEayNbjio10L - w4c2mmnSSG2vusHpJfuR72Ga5jU2oeVVs8F1mOW04qwJ4MMDmWUcJqRzWRfpCddVQVctL1G8oAZn - dDPbvr2Hmsm5mZVBY07ZDnGPx7K2QEU21Bsr4CLzEqNq65spwGRt231pdh4Owm52bsMW7sIz2rUQ - b2YGl4qb1RMT7tQDe1J8wwjlJc1AB1ZDd0Y4Cgq56Ol5tpkxZ3LRzaK+ZzHaSuSgS6SgE7DT5NYz - NLOHFH7F3t0DDdujX8Qk2sXKaGjByakeVZydcTFzR/oJVPaEF6wjj6PUwq2tJUKKER7wdFLAJVDd - EFK1T97F2fWvp+fvzk6PR+dXo3ejy8u/LjFwbCeN6OCGcQ7kAmeoMMT6JVwTKYoVwf7khTVKjCS/ - c0XJhYISe5jUGsnWcx27ncXPaDD8yMNwcKQSb6uBEf+MC1pgZbE0m46za9uy9n7SzgFH+QKj6+YC - FjkTsN5dV7aDv0DqQRJFvcOjNambq8QTedgor8+uz0//b6PmhnsvKZvhhazjX2e88XXc3nm+K+Du - 4hR095e4O2oFWN4zWUh13kQzKWrYzxQOq83tQZIT2RRblhVeGYVpq/BYTT8H563Y/O2NuSlgLyG3 - b2gVJeRYyhkHcsMNDktDrtxRQl4VNPtoc8VUC8lokUttkmE4DIMpFylOtOAg7t85gycOCozyvSSW - JMke+V9N8gP++9GpX+Ftx44XVMNB4ETHNyN8u8Wv/UHUd3FYzNkCeiU3CnpSZQFSjtoycLyhWKoG - uLWXm7JwUTV2Xls712Im5KKTXSiZ1ngFGokMG7BEOIMxomf9udwxEvKbXOwbuSP/qjUQ35GA3Eba - kL9rqgwosjG5QxU2PiOn/ebFBbliVOzYby9eQRRHDc4vFRUsD8Y0w2DPkQmNtOZFenpyX3QsS4SJ - 4DTL74kt1CttoNSYe1pJjkTaS5zc1csiXFIuNDfQQ67tkiPwOp9IqtIO5zXeJxvWWcsvCGvIhZGQ - CYAgGgxZtEwzOPiaiwuZItt8ssg5y0kJVGhcpM2O1gJi9FZMgFDGcHJCSuackhqbgalVhaMH9wkB - zdnfW8fzJzIjcz+sbDg3OQjLNULXViX+7sLMMA6bHp8D4WIqVel0iFR2GlNc1XYY4iCegfAxrP8A - AAD//+xZW2vbMBT+KyZQSGF2bOfqwehC2WAPZaOBDcogKLa8hMUXLLtuyfLf9x1JVhMv6UYZJQ+B - PCiWdPTp+Fy+c8whHApW9MJi65o90gWtnElslYCVWyy1duChakr52oGNCLqxuZ/SwPeUVECnkYaA - QCMUDUQSKCqo5yDSpxt/SnKUiHRbYw2zkueCkkjBlenyvelbeC+yD9RKj7Ud1nXtZDUTufQ0uC1/ - cPJlLj0FUOY4ea4RzlkJ1rWoYKvz7udv09kXe3ZjI2tL79ZH5Bk5CPlYl0XJKr20upe/YFTrMnsL - 4/6T7njH6I43ODYx3M1nJSrln5J3EQ9sLXXN0vbEMd7gGt4g35fkUocXGnbbngiaCeiLhUsKAgdI - djuOiypJGCWgzt+iNemQuGVWvDBbEa24gn8Re0VZMIz6k/Fk4Y1d3g8DNwyGfhx48YhYRbMIJzyz - jNMLnkYRzkDGQvqKHp2ExXEVhqv3nttokmIKCX22WlRu4iA1ymUyDqlhj3mDhRvzIHQHkesHcTgc - sclkPOKLsR+xYf8qeielXPSnF/5H/NQ+O2GpDsa2rR4JpxJ2DY3YvkOu4uTVYr0KSWV2zpggjWG/ - TDjgfhhew9KdPCXlt8vQ00fcLmZPH3G7ID51xAg9kSo+Nb+7hg9YN9oHpCdRKFfFoQpcd4jLWPih - KrKc9+7gIeHyyeWo9YJZ48N0gu4raVJY6Fh7DgKv/7rPQeA1EJ+DwIEg0GYboE+dzZb2NOwCqH8o - J9xQI1ePXRyYlUx3m9tSjrWWXNNaak+YVk17wtA2nt6viixV/EcXq5X+nqD+/gvS+6z8fw08JcwI - xUkoWL5msqPR9AxhVQryphnqgPtiAPLbS6+R+6aTsIdbLqo1Cd65rOxFFOW0VBen9ij1K+jq5vn+ - Zn9vt94g0W63298AAAD//wMA9q+Ba74aAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsNxuuI2AYutjd2gVZljgp0DQIaOossZZIjaRiu23++456 + sdok7pAMKwLEEo/3/tyj++TApqQicWJHgUhAQfKKQ55oV9ACtKtZBgV1ZQmKGi6FdiHhpgBDXZZR + kUIuU/cWlEYZJGdQKtAgTHuXVdrIYmkN3oRBEAaegr8r0Ga+LeFUUWY4A8d1uPUfhpMoxBcN+RJf + M2NKHft+AktgJpEfpEdNTrXmVHgCjI+ejE9L7kc+17oCvzOwgi3qn8xn5/NBOJoM8agOQTvxJ0dj + bJVm1EAq1bbJIcE31IiCKBoEk0F4OA+COBrGYehNDsc/BVEQ2CCtE4OB12aeGaTV97EUQbRLu31J + QDPFS1s4PH1JdEHz3CUJ14YLZkjJgQGRS7KWauVZbSbFhcqfGEUluG0XzW/oLTVU+bcc1n4dVh9g + KwqDYTj5RfOP8HOBba8K9GphgS7nVK9sr6qFsU/xkuYaXKdRfI151bquk3EEjmLZ9hhuAWMN7lzH + cERWiShxYlFhjs49mAyDTlAq+QEzembBW+263HUDu3Lbly9A0md1IbgxaEA7O98WqX/Ud7VcmjVV + Fq+aF2XOMeDkXubYjxplo8lmNHliuN/oTJfJri+j4AWGEY020ej/9dJ0v8YiOgzHm3D8PRxuOo/D + aDOMvofHFuB3dw/hGO7DadQJlnxz2XAgdv/qGtGQpgpSpJUHWMc4ZV41U/6o1ejFPsFkn+DwofGG + 0ppTSxg1ezvxIGx5zJZLcdbE8enBmQUxVkJnssqTKddlTrct1PEY624usaYW/q0LavBD0RDs0we1 + oe+esP3GnLJjWD8eycpWsA7+rT3gInVioyobDVOAydrZfozAx8GOwO+XbUcz9wX7Gh7tGn5fMOwZ + i0vFzfaZlejU/dHTCJ4XNAXtWw3dGeF4kMu1p2/TnuGO5bpjwpFTt3IBlrKuHENT+/HEn8i5fpCh + HftHUw/3wTWc2BpkVM9Kzo65WL2ykimUds0QrINTDbJ1LdudCClmuGXQRQ5nQHUDUdU+OafHF7+9 + Prk5fn00Ozmf3czOzv48w8BxzjQWAS/MMyCnSNTCEOuXcE2kyLcEh57n1igxkrzhipJTBQVOPak0 + gs17bPhDnC0n+MyDYKI+xrY+ONDYLyx4P2BfTTuWPuWC5vcvtUtSSxA15HOMriMM7GUqYHe7Ku0E + Pw7qQ+9FD+pmn3km3Brl3Qfy6xXkaQjsIfYrZSvcCjuYdcYbX0ft4vWfAu62N79boqLuey7AwpvJ + XKqTJppFXsEgVUhf/e4iyVQ2zZZFiXurMG0XvtW/r4vzXvR/B3NucjiIydU7WoYxOZJyxYG85Qbp + 05BzYJUC8iqn6WebK6aaS0bzTGoTT4JJ4C+5SJDR/GE0vq4NTutSYJQfJLEgiQ/Iv2qSH/Dfj7X6 + Oe5alkVQDee9DXJaAZliPng4BeaRcOwSi61dFkdvZyi7wp/BOBzVodq2sDV4BTcKPKlSH1FJbac4 + bkoWzT5e9TJT5HXgjZ1La+dCrIRcf1mlUyWTCr+9M5HinBZYdX+ORbY+6xJhwOR3uR4YuadMZWsg + uiY+uQq1IX9VVBlQpDe5RxV6n2Gt/e7lKTlnVOy5b5dAP4yiXVZf5HG+1QYKjXkkpeSInYO4Pq9b + ZCtWUC40N+AhvLBgOltIqpJ9Nx7Yn/ZAs5ZfEtbgCamULAAE0WDIugWXQa7TDcCWCDCXrDPOMlIA + FRqFtLnRWsB834sFEMoYkiUk5JZTUv0DAAD//+xZ72vbMBD9V0ygkELt2UmcpIPSBbbBPpSFFlYo + g6DYShMaS8Y/6pYu//veSYrqeHU3yij5EMgHJ5JO7+S7p3cXxH+UPaZgG8wTgmsB4NUQXeBd36qS + jgBdL7mgAHOYtStR8cEjICG3oL6clVjILFFrHJkRBTOM5sSAYN87Lk4IGIyvCkerDIetK/ZILjop + U+jKHKHtMOHUAKJeE3zt4Y3n5LP1UJ/BT0GHQLvRGQGBQZhvIZLBvMQBvYi05nPN+0skIy4THBl5 + b+KlqipPVixPVVYgC/mDly5TFdHYZAabM7P3jBWQVfMSMTXrfr+eXE3dqwsXokElq90klRTKlA1d + Ficrcex0j38hUNaF/Igw/FO/BG36JRhsB4jPCpTZd0ovkaJrTg1bbPitA21CwLdCQL0LpYFenmh1 + 7M692eRbnBqLlpSympubVqzozcskYXSjdP5Gv3SGJBZl9sbrh3TCObKH5Oi3+CxcsEE/DubjgR/O + gWk0OgVnDOm2s5OwwyvTOL3gSRxjD1xBnWcMrqlUPtkgI6Ov1pg6BTzcdWqaYh9T54RBLxjwwOf9 + Xnw6jPpROAqicRjHPhsuAj4+j8+UlaP+5Kj3FR+9zk2YMLTpuvqn3Ctzt8KJuD2P+NhLy/l6FdGR + uSljOZ0Y1qvrAWIOj5+n7tBLBeFv1qv7j7hZ8O4/4mbBvO+IwUmxri+NYKtrn6np/1A+EVnrmk/z + 2g2EG6Z/KTOJwv4GjBMtnxOP2jYYtZlM+5hmldF6mWHcAxW8/0s/UMF7ID5QQSsVWOUBiLc6456o + 42uefdiVBTP96qbyaGsP+W3tId+2h5oDVqlxcb/KpNByxxScpfljQn/9F6T3svh/TThtzBrFTqhA + fkjVldh2AhFCGvLT9tGw65sBqD9xPmztnnQS9nDJ83JNhmvOqn5CVkwK7Ti1OKnnQK7b33cX93ZW + mwUK7Waz+Q0AAP//AwC+44d7BxsAAA== headers: - ATL-TraceId: - - 61b6000c4239bc50 - Connection: - - keep-alive + Atl-Traceid: + - f91eb271ee9b8e03 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:12 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:20 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 78f76373-126c-4e11-9b8c-a3cdae29f17c X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - ab409a87-eb96-4055-93c6-69b1658f68e0 - x-envoy-upstream-service-time: - - '96' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1582,174 +1316,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKbZuvSvIk+qMgU2j2JSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9IimgOs0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGHV7W9fu4eX/n+7X0aZ - FeJvBaqggvcKaTO5cByNT/1xMvnAnQuLziG5DE7/RhAvAUYv5r1IBayhJiuSh/WEcthxUmMAuIEM - 53w0c+7th/GaraGHLScNJxtMgf6xanz0NmSwaXeSscZAYxqrrBLEUiI3jLV2S6WSWjNBpG2vCpIr - DU/DLFB5x4rFpeegRLFPyF0UMv7j0KHz+QcAAP//AwC+xLnkWgEAAA== + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOTpF/mJnpQkVXY7kkWSZsEK2lSmlRYlv3vprj4cRveeZ55 + mRN0Muj9bEHAe4xTEJuN0kb3UfkPT2S0MoRBOuJ0hAw+9RwG7xJMESlBgvlue/Oyu39uf7fbZezS + BOJ1hTLM8JCB0pP1x1G72B4nnQ7cWr+oJHXLYNW3AiIJDMtLeCfjCjJkLMcmp3WLjcBasJIg4lUi + MflBz6m3HcZ/7HWLKBgXjBLGmx+2Hx+c8QmsClobbozhdcNYhbxBLErJKtpLVFVf14VGXv0tiHZt + eBxmCes7Ri42PvlervEJ7GUC7d72OzifvwAAAP//AwAUhUdAWgEAAA== headers: - ATL-TraceId: - - 7baf6522ced326cf - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - 7741883df591c08d + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - a8a3e570-493f-40a8-a86d-6885084487ea - x-envoy-upstream-service-time: - - '35' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - a4fa2f35b1c082c5 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - e6ec38ce-c6cf-4f9e-a058-2339d3fed553 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '106' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 22f8f3e8-9579-4e03-b147-f8f1ef45823a - x-envoy-upstream-service-time: - - '62' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1759,94 +1386,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RX/VPbNhj+V3T+obcxE38QQua73q6FdGNjjEGAu1Kup8hvbDW25ElyPtb2f98r - 2U4oNKzQcEes13q/n/eR8tGDZUVF6iWeApGCgvQNhyLVvqAlaF+zHErqywoUNVwK7UPKTQmG+iyn - IoNCZv4clMZ3kJ5DpUCDMO1eVmsjy6k1+D4KwyjsKfinBm3GqwrOFGWGM/B8j1v/UdQP+7jQUExx - mRtT6SQIUpgCM6n8IHvUFFRrTkVPgAnQkwloxYM44FrXEHQGZrBC/dPx6GK8G+EHRS4E7SUfPY2x - 1ZpRA5lUqyaHFFeoEYdxhAq7cTgO95NoP9kf9obR4CeMO7RBWicGA3dmnhmk1Q/QXhiv024XKWim - eGULh9JXRJe0KHyScm24YIZUHBgQOSULqWY9q82kuFTFt0ShgdUKgjmHBZ1TQ9Uvmv8LL0vsZV2+ - aETH6cso3IuG7dJ26OUmZd+zeEBfY6pntkn1xNinZEoLDb7X2fASZ8T3co6IUSxfncAcMMjws+8Z - jpCqEB5eImpMzquU/IARP7OgrbYrp2tQV067uAOCTfCXghuDBrS39m3z/MPt1XJqFlTZXDUvq4Ij - aNJ7CWK9HYr6w2V/+C3htpVvnbXFr7itNX7ulr4fHqDnuL+M+8827LrqgPNCt9+P+IoGy2jwfb6W - nbP24RFve/FyL/4+by1edfew1dvnz3bkl1cNL2HHbm6xg1mmIMNRfwBDxJQs6mbyGsk94ooPtr0Y - PrTRsEkjtbPqiNNLdiNcUoN82vDQ0/HesNyG14LGnLJodo+HsrZJRZarrq2Ai8xLjKoB64FGzRUS - gMV0E5yzZ+0rzprkPz6Q2VhRWeeyLtIjrquCrtqZQDFTgMnasfsad+4Pwo4775ct3FbPaNuLeNuL - vQ2ZcKm4WT2zup16YI+QJ3ArL2kGOrAaujPCUVDIRU/Psw35nMhFR1J9zzVkApZNbjxDM3tI4Vfs - 3T7I0M7oV1OPtqEyGtoa5FSPKs5OuJi5I/0IKnvCC9Y10LV14d6tJUKKER7wdFLAOVDdgEK1T97Z - yeWvx6fvT44PR6cXo/ej8/O/zjFwHCeNRcAN4xzIGXKoMMT6JVwTKYoVwfnkhTVKjCS/c0XJmYIS - Z5jUGgHccxN7P4uf0WD4iYfh4EAltj44t9gvLPhmwL4Yaix9xgUt7m9q7yctDziIFxhdxwvYy0zA - endd2Qn+CqgHSRT19g/WoG6uEs+EW6O8Pru+PP2fhsANxF5TNsMLWQezznjj67C983xXwN3FKeju - L3F31Aqw8GaykOq0iWZS1LCbKSSMze1BkiPZNFuWFV4ZhWm78Fj/vizOO7H52xlzU8BOQm7e0ipK - yKGUMw7kmhskLEMu3FFC3hQ0+2RzxVQLyWiRS22SYTgMgykXKbJksBf3b53BI1cKjPKDJBYkyQ75 - X03yA/770alf4G3Hsgiq4bw70eH1CFc3+LU7iPouDltztoBeyY2CnlRZgJCjtg0cbygWqgFu7eWm - LFxUjZ0ra+dSzIRcdLIzJdMar0AjkeEAlljOYIzVs/5c7hgJ+U0udo3ckn/VGohvSUBuIm3I3zVV - BhTZmNyiChufkdN+++qMXDAqtuy3F68giqOmzq8VFSwPxjTDYE8RCY205kV6fHRXdChLLBNBNsvv - iG2pV9pAqTH3tJIcgbSTOLnrl61wSbnQ3EAPsbZNjoXX+URSlXZ1Xtf7aIM6a/kVYQ24MBIyARBE - gyGLFmkGia+5uJApos0ni5yznJRAhcaXtNnRWsAavRMTIJQxZE5IyZxTUuMwMLWqkHpwnxDQnL+9 - dTx/IjIy98PKhnOdg7BYI3RtVeLvLswM47Dp8TkQLqZSlU6HSGXZmOJbbckQiXgGwsew/gMAAP// - 7FnbattAEP0VYQg4UMmSfFWhJCa00IfQEkMLoWDW0io2taRFlyjB9b/nzO5KsRUrLaEEPxj8IGtX - M7OjmTNnRhzC4WBV4g22LtkjHdAQTNpWZIhyg8XGjnnommK+thAjGZ24Pp/ywK+YXEDayEOwQFuY - VSaSwKyAew5a+nzir5FAi0inraNhlnORURFJuQpdvrd8g+xF9YFb6baOw7IsraRkmZCZhrTlD5ZY - CpkpMGUOzXNt4ZzlYD6LArE67377OZ19N2fXJliGzG6tQiSUIJRjXRZEq/jc6J7/QVCt8+Qjgvsl - 3XHa6I4zqBYI/nI0xL8lZSPK1dw6bJFhty7UvEG+FsmMDm9s4xF2zW6bC97B+tvEbTiT+UtCCIXx - WRFFjApQ529oTT4kbpmkb6xWRCsukF/EiNEWDIP+ZDxZOGOb933P9r2hG3pOOIKeehM0vLKN0wue - BgF0oGKhfAWPVsTCsPD91aVjVy4mTCGhr3aLKk0slEa5TeKQuuwxZ7CwQ+759iCwXS/0hyM2mYxH - fDF2AzbsXwSfpJSz/vTM/YKfes6MWKzB2DTVrcwqMrOER0zXolSxRLFYr3xymSkYy8hjeF4WHHA/ - XF4h0i0Rk/ObbejxW9xsZo/f4mZDfOwWA5MC1QBqfneFHDCudQ7ITCIoVw2nQrRb4DI2fi7SRPDe - LTLEXz6nHI1esFrnMGnQcyVNClONtScQeP/XfQKB97D4BAIHQKAmFTDuTuXahua1+tqG3CRneqjc - pCbgWp3NtvNyoW20ZLeNlux6tNRcqGkbj+9XaRIriqOb1UJ/T1B//+kIaHGkhE11qfHvDZi38ymk - V8n90InYww3PijUJ3tEtRwNpPs2VHfdJ/v+Gk0pYLRS60Dj9SORkpZof0niU5hWksjZk31p3z1z9 - gHTPdrt9AgAA//8DALsv0nG+GgAA + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWyXjZcR8AwdLG7tQuyLHFaoGkQ0NRZYi2RGknFdh//+456 + WK0Td0iGFQFiicd7f/fpPjqwKalInNhRIBJQkLzgkCfaFbQA7WqWQUFdWYKihkuhXUi4KcBQl2VU + pJDL1L0DpVEGyQWUCjQI095llTayWFqDt2EQhIGn4O8KtJlvSzhXlBnOwHEdbv2H4SQK8UVDvsTX + zJhSx76fwBKYSeR76VGTU605FZ4A46Mn49OS+5HPta7A7wysYIv6Z/PZ5XwQjiZDPKpD0E780dEY + W6UZNZBKtW1ySPANNaIgigbBZBAez4MgjoZxGHqT4/FPQRQENkjrxGDgtZknBmn1fSxFEO3Sbl8S + 0Ezx0hYOT58TXdA8d0nCteGCGVJyYEDkkqylWnlWm0lxpfJHRlEJbttF81t6Rw1V/h2HtV+H1QfY + isJgGE5+0fwD/Fxg26sCvVpYoMs51Svbq2ph7FO8pLkG12kUX2Jeta7rZByBo1i2PYU7wFiDz65j + OCKrRJQ4sagwR2cPJsPgkCDsBKWS7zHVJ3ai1a77UHe264N9+QI9fbpXghuDBrSz820h/Ed9V8ul + WVNlgax5UeYcA072SoKNquE3mmxGk0eG+42WdZnsGjYKnmEY0WgTjf5fLw0sapCiw3C8Ccffw+Gm + 8ziMNsPoe3hskf/58304Rh0cl3zzuuFAbPL1DTY9TRWkSCv3sI7hyLxqpvxBkEfPDgkmhwTH9403 + lNacWsKo2duJB2HLY7YqirMmjo/3zixWMWGdySpPplyXOd22iMZjLK95jaWzKG9dUIMfioZgHz+P + DX33hO035pSdtvrxRFa2gnXwb+wBF6kTG1XZaJgCTNaO8EMEPg52BL5ftkM0E+1oZl+wa/i+YNgT + E5eKm+0TK9Gp+6PHETwvaAratxq6M8LxIJdrT9+lPZGdynVHeCOnbuUCLDNdO4am9uOJP5Fzcy9D + O90Pph4egms4sTXIqJ6VnJ1ysXphJVMo7ZohWAenGmTrWrY7EVLMcMugixwugOoGoqp9cs5Pr357 + eXZ7+vJkdnY5u51dXPx5gYHjnGksAl6YZ0DOkY+FIdYv4ZpIkW8JzjbPrVFiJHnFFSXnCgocblJp + BJv30IyHOFtO8IkHwUR9iJ29ycYyp1zQHBuIHegnzsr2z9olqSWIGvI5RtcRBvYyFbC7XZV2gh8G + 9bH3rAd1s888EW6N8u47+PUK8jgE9hD7lbIVboUdzDrjja+TdvH6TwF325vfLVFR99kWYOHNZC7V + WRPNIq9gkCqkr353kWQqm2bLosS9VZi2C9/q6dfFeSf6v6M5NzkcxeT6LS3DmJxIueJA3nCD9GnI + JbBKAXmR0/STzRVTzSWjeSa1iSfBJPCXXCTIaP4wGt/UBqd1KTDK95JYkMRH5F81yQ/478da/RJ3 + LcsiqIbz3gY5rYBMMR88nALzSDh2icXWLouTNzOUXePPYByO6lBtW9gavIIbBZ5UqY+opLZTHBci + i2Yfr3qZKfI68MbOa2vnSqyEXH9ZpXMlkwo/sTOR4pwWWHV/jkW2PusSYcDkd7keGHmgTGVrILoh + PrkOtSF/VVQZUKQ3eUAVep9hrf32+Tm5ZFQcuG93PT+Mol1WX+RxudUGCo15JKXkiJ2juD6vW2Qr + VlAuNDfgIbywYDpbSKqSQzfu2Z/2QLOWnxPW4AmplCwABNFgyLoFl0Gu0w3Alggwl6wzzjJSABUa + hbS50VrAfN+JBRDKGJIlJOSOU1L9AwAA///sWe9r2zAQ/VdMoJBC7dlJnKSD0gW2wT6UhRZWKIOg + 2EoTGkvGP+qWLv/73kmK6nh1N8oo+RDohzSWTu/Od0/vLsj/KHtMwTZYJwTXAsCrIbrAu75VLR0B + ul5yQQnmMGtXouODR0BCbkFkOSuxkFmi9jgyIwpmeJoTA4J977g4IWAwviocrTIctq7YI7nopEyh + K3OktsOEUwOIfk3wtYc3npPP1kMdg5+CgkCnUYyAwCDMtxDJYF4iQC8irflc8/4SxYjLBCEj702+ + VFXlyYrlqaoKVCF/8NJlqjIah8xgc2bOnrECsmpeIqdm3e/Xk6upe3XhQjSoYrWHpJJSmaqhy+Jk + JY6d7vEvJMq6kB+Rhn/ql6BNvwSD+j1UoM2+U3qJFF1zadhiw299YIWACrmSOi8vbBMGfpuO9a2O + 3blkm0SMcLJoSbWsSTsvk4TRjdL5G/1SDEksyuyN1w/phHNUD8nRb/FZuGCDfhzMxwM/nMOB0egU + nDGk284uwgmvLOP0gidxjDNwBXWeMbimIflkk4yMvtpK6hLwcNepZYp9TDsTBr1gwAOf93vx6TDq + R+EoiMZhHPtsuAj4+Dw+U1aO+pOj3lf86X1uwoShTdfVX+VembsVIuL2POJjLy3n61VEIXNTxnKK + GPar6wFiDh8/T92hlwrC32xL9x9xs6/df8TNvnjfEYOTYt1fGsFW1z5TM+aheiKy1j2f5rUbCDcs + /1JmEv37DagoWj4XHk1n8NRWMp1jhlVG62WGcQ9U8P4v/UAF74H4QAWtVGAFBiDe6op7osGu+ezD + riyYmVc3ZUrbeMhvGw/5djzUfGCVGhf3q0wKrWpMw1maHyb0v/+C9F4W/28Ip41ZozgJHcgPqaYS + 20kgUkhDftp+NOz6ZgDqR5wPW7snnYQ9XPK8XJPhmrNqnpAVk0I7TiNOmjmQ6/b73c29nd1mg0K7 + 2Wx+AwAA//8DAIh2QoQHGwAA headers: - ATL-TraceId: - - b776401c203255bf - Connection: - - keep-alive + Atl-Traceid: + - 8a3696acf2be699e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:14 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:21 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - fc160982-fe01-4edd-8250-134d8af21692 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '227' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 11d5ae58-c264-4ba4-9100-669eb81fe2a7 - x-envoy-upstream-service-time: - - '104' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -1856,174 +1488,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKb1mVp3kQfVGQK7Z5kSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9Iimj2s0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGHV7e7eusfX/n+7W0aZ - FeLvBaqggkOFtJlcOI7Gp/44mXzg3oVF55BcBqd/I4iXAGsu5oNIBayhJiuSh/Wk4bDlpMYAcAMZ - zvlo5tzbD+M1W0MPG04oJ1tcU/LHqvHJ25BB2m4lY9QANdQqqwSxDZG3jLV200gltWaCSNteFSRX - Gp6HWaDyjhWLSy9BiWKfkLsoZPzHvkPn8w8AAAD//wMAlvu6S1oBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbOT9CM1N9GDiqzCdk+ySNokWEmT0qTCsux/N8XFj9vwzvPM + y5ygk0HvZwsC3mOcgthslDa6j8p/eCKjlSEM0hGnI2TwqecweJdgikgJEsx325uX3f1z+7vdLmOX + JhCvK5RhhocMlJ6sP47axfY46XTg1vpFJalbBqu+FRBJYFhdwjsZV5AhYzk2OeUtNgK5YBVBxKtE + YvKDnlNvO4z/2OsWUbBCMEY4bX7YfnxwxiewLik3hTGm4A1jNRYNYllJVtNeoqp7zkuNRf23INq1 + 4XGYJazvGLnY+OR7ucYnsJcJtHvb7+B8/gIAAP//AwAY9zbRWgEAAA== headers: - ATL-TraceId: - - e01e0c3d778c153e - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:16:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - fcd799697f8ca4c7 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 7f0e54fc-bb9a-4d40-891e-a6c77f8a2e01 - x-envoy-upstream-service-time: - - '44' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 7f27aff572271d28 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:17 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:22 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - f6d18221-6d63-4263-ac6b-f3c8a725fed8 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '117' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - e9b4d3cf-fb3e-4e2c-8f51-e82089fc15a3 - x-envoy-upstream-service-time: - - '72' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2033,94 +1558,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RX/VPbNhj+V3T+obcxE38QQuY7btdCurExxiCUu1Kup8hvbDW25ElyPtbyv++V - bCcUmq7QcEfsV3q/n/eR8tGDZUVF6iWeApGCgvQ1hyLVvqAlaF+zHErqywoUNVwK7UPKTQmG+iyn - IoNCZv4clMY1SC+gUqBBmHYvq7WR5dQafB+FYRT2FPxTgzbjVQXnijLDGXi+x63/KOqHfXzRUEzx - NTem0kkQpDAFZlL5QfaoKajWnIqeABOgJxPQigdxwLWuIegMzGCF+mfj0eV4N8IPilwI2ks+ehpj - qzWjBjKpVk0OKb6hRhzGESrsxuE43E+i/WR/2BtGg58w7tAGaZ0YDNyZeWaQVj9Ae2G8Trt9SUEz - xStbOJS+JLqkReGTlGvDBTOk4sCAyClZSDXrWW0mxZUqviUKDaxWEMw5LOicGqp+0fxfOCyxl3X5 - ohGdpIdRuBcN21fbocNNyr5n8YC+xlTPbJPqibFPyZQWGnyvs+Elzojv5RwRo1i+OoU5YJDhne8Z - jpCqEB5eImpMzquU/IARP7OgrbYrp2tQV077cg8Em+CvBDcGDWhv7dvm+Yfbq+XULKiyuWpeVgVH - 0KQPEsR6OxT1h8v+8FvCbSvfOmuLX3Fba/zcL30/PEDPcX8Z959t2HXVAeeFbr+/4isaLKPB9/la - ds7ah69424uXe/H3eWvxqruHrd7u7uzIL980vIQdu7nFDmaZggxH/REMEVOyqJvJayQPiCs+2LYw - fGyjYZNGamfVEaeX7Ea+h2maNziEFlftBmqQYRtmevoENLy3YbqgMacsvt3jkaxtmpFlr2sr4CLz - EqNquGsJzVpTnDXJf3wks5HhVp3LukiPua4KumpnAsVMASZrx+5L3Lk/CDvufFi2cFs9o20L8baF - vQ2ZcKm4WT2zlp16YI+QJ3ArL2kGOrAaujPCUVDIRU/Psw35nMpFR1J9786CYQKWTW48QzN7SOFX - 7N0+ytDO6BdTj7ahMhraGuRUjyrOTrmYuSP9GCp7wgvWNdC1deHW1hIhxQgPeDop4AKobkCh2ifv - /PTq15Oz96cnR6Ozy9H70cXFXxcYOI6TxiLghnEO5Bw5VBhi/RKuiRTFiuB88sIaJUaS37mi5FxB - iTNMao1w7bmJfZjFz2gw/MTDcHCgEu/BAGOZMy5ogQ3EDmwmzq49lLX3k5YHHMQLjK7jBexlJmC9 - u67sBH8B1IMkinr7B2tQN1eJZ8KtUV6fXZ+f/k9D4AZiryib4YWsg1lnvPF11N55vivg7uIUdPeX - uDtqBVh4M1lIddZEMylq2M0UEsbm9iDJsWyaLcsKr4zCtF34Wk8/L847sfnbGXNTwE5Cbt7SKkrI - kZQzDuSaGyQsQy7dUUJeFzT7ZHPFVAvJaJFLbZJhOAyDKRcpcmKwF/dvncFjVwqM8oMkFiTJDvlf - TfID/vvRqV/ibceyCKrhvDvR0fUI327wa3cQ9V0ctuZsAb2SGwU9qbIAIUdtGzjeUCxUA9zay01Z - uKgaO2+snSsxE3LRyc6VTGu8Ao1EhgNYYjmDMVbP+nO5YyTkN7nYNXJL/lVrIL4lAbmJtCF/11QZ - UGRjcosqbHxGTvvty3NyyajYst9evIIojpo6v1JUsDwY0wyDPUMkNNKaF+nJ8X3RkSyxTATZLL8n - tqVeaQOlxtzTSnIE0k7i5K5ftsIl5UJzAz3E2jY5Fl7nE0lV2tV5Xe/jDeqs5ZeENeDCSMgEQBAN - hixapBkkvubiQqaINp8scs5yUgIVGhdps6O1gDV6JyZAKGPInJCSOaekxmFgalUh9eA+IaA5f3vr - eP5EZGTuh5UN5zoHYbFG6NqqxN9dmBnGYdPjcyBcTKUqnQ6RyrIxxVVtyRCJeAbCx7D+AwAA///s - WW1r2zAQ/ismUEhhdmzn1YPRhrLBPpSNBjYog6DYchMW28IvdUuW/97nJEVN3KQbZZR8CPSDa0mn - u/Pdc89dOITDwarEW2xZs0cy0BJM6lYViHKLpdaWeuiaUr50ECMFWWzsUx74lZIL6DbyEDTQGhYb - FUlgUcE9ezV9tvhrItAikrUmGiYlFwUVkZyr0OU7yzfIXlQfuJVe6zis69rJalYImWlIW/7giLmQ - mQJVprh5qjWcshLMZ1YhVqftbz/Hk+/25NoGy5DZra8QGSUI5VibRckiPbfa538QVMsy+4jgfkl3 - vEN0x+sdWuhv17MSnfJvydyIizW2umZrc+EQb3ANb5DfS1Km/RsNu90pvU14hs9YOCcgUFDelBKY - 66okYVSAWn9Da/Ihccssf2O1Ilpxgfwi/ou2oB91R8PRzBu6vBsGbhj0/Tjw4gGxis0m3PDKNk4f - eBxFuAMVC+UrenQSFsdVGC4uPXfjScIUEvpqt6jSxEFplNskDqnHDvN6MzfmQej2ItcP4rA/YKPR - cMBnQz9i/e5F9ElKOeuOz/wv+FPn7ISlGoxtW70qnKqwa3jE9h1KFUdUs+UiJJfZgrGCPIbzsuCA - ++HxCpHuiJSc32xDj1/jZjN7/Bo3G+Jj1xjQE6kGUPO7K+SAda1zQGYSQblqLxVw3QKXsfFzlWeC - d26RIeH8OeVo9IJVk8N0g54raVKYa6w9gcD7f+4TCLyHxicQ2AMChm1AuTuVayua1+pnF3Kzkumh - cpNtgGu1VuvWy4VDoyX30GjJNaOl5oKhbTy9X+RZqriPblYr/XuC+vdfTLjPyv83AlTCjFDchIbl - RyYnGmZuh55KqrzaPGrAfbMC8reXzkbuh1bCHm54US1J8JaxchaRl+NSGU7jUZpXkOnm/e5hf+e0 - PiC1Xa/XTwAAAP//AwDoqc24vhoAAA== + H4sIAAAAAAAAA7xW+2/bNhD+Vwj9tGWyXjZcR8AwdLG7tQuyLHFaoGkQ0NRZYi2RGknFdh//+456 + WK0Td0iGFQFiicd7f/fpPjqwKalInNhRIBJQkLzgkCfaFbQA7WqWQUFdWYKihkuhXUi4KcBQl2VU + pJDL1L0DpVEGyQWUCjQI095llTayWFqDt2EQhIGn4O8KtJlvSzhXlBnOwHEdbv2H4SQK8UVDvsTX + zJhSx76fwBKYSeR76VGTU605FZ4A46Mn49OS+5HPta7A7wysYIv6Z/PZ5XwQjiZDPKpD0E780dEY + W6UZNZBKtW1ySPANNaIgigbBZBAez4MgjoZxGHqT4/FPQRQENkjrxGDgtZknBmn1fSxFEO3Sbl8S + 0Ezx0hYOT58TXdA8d0nCteGCGVJyYEDkkqylWnlWm0lxpfJHRlEJbttF81t6Rw1V/h2HtV+H1QfY + isJgGE5+0fwD/Fxg26sCvVpYoMs51Svbq2ph7FO8pLkG12kUX2Jeta7rZByBo1i2PYU7wFiDz65j + OCKrRJQ4sagwR2cPJsPgkCDsBKWS7zHVJ3ai1a77UHe264N9+QI9fbpXghuDBrSz820h/Ed9V8ul + WVNlgax5UeYcA072SoKNquE3mmxGk0eG+42WdZnsGjYKnmEY0WgTjf5fLw0sapCiw3C8Ccffw+Gm + 8ziMNsPoe3hskf/58304Rh0cl3zzuuFAbPL1DTY9TRWkSCv3sI7hyLxqpvxBkEfPDgkmhwTH9403 + lNacWsKo2duJByG+UoOk3pDh42enodqeXP3GnLKTUT+eyMpmG1rCfGMPuEid2KgKsIJo1LzGotv5 + aIKr7Vn7irOmKh/vndlYUVlnssqTKddlTrftfNmuKMBk7Qg/RODjYEfg+2U7RDPRjmb2BbuG7wuG + PTFxqbjZPrG6nbo/ehzB84KmoH2roTsjHA9yufb0XdoT2alcd4Q3cuqGLMAy07VjaGo/nvgTOTf3 + MrTT/WDq4SG4hhNbg4zqWcnZKRerF1YyhdKuGYJ1Dazbuq5luxMhxQy3DLrI4QKobkCh2ifn/PTq + t5dnt6cvT2Znl7Pb2cXFnxcYOM6ZxiLghXkG5Bz5WBhi/RKuiRT5luBs89waJUaSV1xRcq6gwOEm + lUYAew/NeIiz5QSfeBBM1IfY2ZtsLHPKBc2xgdiBfuKsbP+sXZJagqghnmN0HWFgL1MBu9tVaSf4 + YVAfe896UDf7zBPh1ijvvoNfryCPQ2APsV8pW+FW2MGsM974OmkXr/8UcLe9+d0SFXWfbQEW3kzm + Up010SzyCgapQsLodxdJprJptixK3FuFabvwrZ5+XZx3ov87mnOTw1FMrt/SMozJiZQrDuQNN0hY + hlwCqxSQFzlNP9lcMdVcMppnUpt4EkwCf8lFgizpD6PxTW1wWpcCo3wviQVJfET+VZP8gP9+rNUv + cdeyLIJqOO9tkNMKyBTzwcMpMI+EY5dYbO2yOHkzQ9k1/gzG4agO1baFrcEruFHgSZX6iEpqO8Vx + IbJo9vGql5kirwNv7Ly2dq7ESsj1l1U6VzKp8BM7EynOaYFV9+dYZOuzLhEGTH6X64GRB8pUtgai + G+KT61Ab8ldFlQFFepMHVKH3Gdbab5+fk0tGxYH7dtfzwyjaZfVFHpdbbaDQmEdSSo7YOYrr87pF + tmIF5UJzAx7CCwums4WkKjl04579aQ80a/k5YQ2ekErJAkAQDYasW3AZ5DrdAGyJAHPJOuMsIwVQ + oVFImxutBcz3nVgAoYwhWUJC7jgl1T8AAAD//+xZ72vbMBD9V0ygkELt2UmcpIPSBbbBPpSFFlYo + g6DYShMaS8Y/6pYu//veSYrqenE3yij5EMgHJ5JPTyfdu3cX3P8oe0zBNpgnBNcp16shusBZ36qS + jgBdL7mgC+Ywa1ei4sOOgIS2BZHlrMRCZol6x5EZUTDDaE4MCPa94+KEgMH4qnB0XnfYumKPtEUn + ZQpdmeNqO0w4NYCo1wRfezjxnPZsd6h98FOQE2g18hEQGIT5FiIZzEs4aCfS2p5ru79EMCKZwGW0 + e3NfqqryZMXyVEUFopA/eOkyVTcai8xgc2bWnrECQmZe4k7Nut+vJ1dT9+rChWhQwWoXSSVdZYqG + LouTlTh2use/cFHWhfyIa/infgna9EswaBsI6wmqQP19p8QZiavGVN9ObQ60CQHfCgF1FkoD7Z7Y + pmN9q2PhMRYtKVx3yOkmMedlkjDKKJ2/0S/5kMSizN6YfkgnnCN6SOJ+i8/CBRv042A+HvjhHBsY + jU7BGUPKdnYSVnhlGqcDnsQx1kAK6jxjcE1B8sleMjL6aimpQ8BDrlPTFPuYciYMesGABz7v9+LT + YdSPwlEQjcM49tlwEfDxeXymrBz1J0e9r/jo99yECUObrqt/yr0ydyt4xO15xMdeWs7Xq4hc5qaM + 5eQxvK/SA8QcHj9P3aGXCsLfLEv3H3Gzrt1/xM26eN8Rg3piXdEZwVbXPlPT5qF4IrLWdaSmrxsI + N0z/UmYS9fsNGCdaPgcedWcwaiOZ1jHNKqP1MsO4Byp4/0M/UMF7ID5QQSsVWEEBiLc64p6osWue + fdiVBTP96qZMaWsP+W3tId+2h5oDVqlxcb/KpNCSxxScpfljQn/9J6Qy0Raeto+G7N5AcLX/VD5s + 7Z50EvZwyfNyTYZra6vyPismhcZxL4v/12DUxqxRrIVK6IdU3ZFtD5BanNRzoCUtkJdoey/gmheU + ezabzW8AAAD//wMA5kLgDwcbAAA= headers: - ATL-TraceId: - - 2e865e3cf5ed4244 - Connection: - - keep-alive + Atl-Traceid: + - 5cd0bdf96da48e54 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 5c624a7f-2dca-4a94-a13a-1960455f10a1 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '225' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 7a1b47ec-3b40-4e72-9840-955b7b501a9d - x-envoy-upstream-service-time: - - '133' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2130,89 +1660,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: body: string: !!binary | - H4sIAAAAAAAAA+xWS0/bQBD+K5YPnCJMQkRRpAih0kqoCCEReqk4LPaYLLF3zT4Sp4j/3hm/dgMp - NeHSA7lkZzyPbx47s08hlAUTSTgJCyUfIDY6HLjj5NeTE+BaWzDrAkhEQ5Yib25MoSdRlECKCol8 - kPvMZExrzsS+ABMp0CZiBY9GUWM1Gh7gD01wMtoSC1gjdTn7dj1DSrAckLwR3Bg0QA7ZkhmmblSG - qJ7C8XE5Pu7jX0NsFbS+ayMnBU+mleO9mnFO5PjgC7oZjcvReGfDmv+Gqc5Zlu3p5v8NX8Ojcnj0 - MV9l66w5vOHtcFQejj7mLYeE2xy9NYe/ense+N1CXbRDv3QWqo4Z+R1DRAI6VrwwXArkngZVAgZB - wrXhIjZBwSGGQKbBSqrFPmnHUmD/9EHRpGDJYbUlfi/Yw+FxQ84Q6LSD7Hp4xvQCKSuMYkJnzEBy - ufFF2ztDp0nKMg0Dd99SDllCrd8csO21zXOm1nRU8Gi5AhQ0yqKajueQM/pS+Z+E2igu7snBWhvI - idNoP3fgrhtOe/9aiUE4Z/oMUmYz85NlFjp0sgDFKOdUVqyqCW/9YvdC5mepA+eYDt458QLKbIfQ - 1+2F8RZHR5bJFSSV0Gc3buu51kY4qYxgajmmUMXz9QUsAUEePFOZY5kXUoCgzeDXubHyqtBMKUbN - xLHEqOL0/cJ7Rl3lvzpmW3lPrmfpQ5Yk5AnIn4JcLiHc0g4UGTOGxfOcoO0UmafvheZxXWinvmgd - 2oZ2v9Dam7fRd32Qvx4LvgkH88zjtjh9yfcCbdZJrwHRynogW5YDeNUJ1eCc0juAve6GnYbDx542 - jTbd2R/1GJapWTFVzUeeFxnHDeBK+vkS2ubrf30JVYOzmsQZF4sdB6en/3Jl1lx3LS6QhiSoVqcb - nhsGmDWSBmwGBnquoJeLMCp4vAB1gvlROLaau4hR7+m5XF3bO1o0V4y+TemS+2xdcxrVCii2/VRY - rNqjBbWe9r7DNOApvykvf4LSNXuXBC9rbT+7vk2X3u+8DBphl11ftC/0eivVG+ofuwnLcC8A+kVm - NSg/jE7b20Atq9s/fwAAAP//vJdNbsMgEIWvUnkfqBtnU6nKqlIX6RGiilQIUyVxZJz+LHz3zjCA - 7eBWTrG6HcPwYWDemy6QdjdwcU7ZxG4v4QGhiVi7B/Rga+C1Z9wJiK5q3VyY359+Qxg90BAX64tI - GOZVJAQiPFKrEbr43P6oIrQ2z/FmTveH+iCUNBxnGJ9EQ6DUqoTszLyj3rsdP1EQV7AiBT8jDdZa - 4XlgY1KPeZeMuZwHk+r9EPTZxjzqMhm1mAcVbuSQc1N9eMgiGXI1G2R0RTc25lFXWbtFn9t/iWno - /3kVoNS8nk1THWwT/wIeIS+mVTBxxCJEkzPb/rDT16c2TNVSHsvqBHWIvela3KtyIUGPF6jvYQo1 - c7BaV+weYdAN+oMs9FQR2kjZ+7Uq78VOkhGdsKML0Y1bEZet52Yo4Hnd9zSZytktp0TcnBUcbbO+ - UpLG+soWnd62/QYAAP//AwDam8DXURUAAA== + H4sIAAAAAAAAA+xWS08bMRD+K9EeOEVsEiKKIkUIlR5QEapE6KVCldmdJSZee/EjjyL+e2f2ZQcq + uqEtvbCn9Xge34xnPvshgnXBZBpNokKrO0isifr+d/LtwStwYxzYTQGkYkBkKJtbW5hJHKeQoUGq + 7tQ+s4IZw5ncl2BjDcbGrODxKK69xsMBfuiCk9NmsYANri5mny5nuJIsB1xeSW4tOqCAbMks01da + IKqHaHy0Hh/tGN9JvgRtmPhe+YqXHFYxJdRCqzeGg/HgA8Ycjdej8b+Ncmz4D5ianAmBAYeH6+Hh + WwRcNxEPRuuD0VtEzCHlLo8e+2EfUX+9opNaD2UvjcJeokUKJtG8sFxJlJ70ylz7vZQby2ViewWH + BHoq662UXuyTdaIkdtaOKF4ogwfYFuJgeLRViLbJZ8wscOWk1UwawSykF1s7xt1Y+ptkTBjo+4HM + OIiUZqP+wbkwLs+Z3tCvhnvHNaCi1Q7NTDKHnNEOAUNzYzWXtxRgYyzkJKmtH1twl7WkGdBGox/N + mTmFjDlhvzLhoEWnCtCMSk+ni4dro2t0VzAN0m7Dqg2e4SqLJ7gsc2+g1Q48si+VoAFW7++Kqz2o + ThXz2gEyL/TgzkjWm1WaFcDQthPGa+Q8IdQK0lLpfVheGInK8AzzKm2xwhwrqZP55hyWgFgHj3Ta + icoLJbFPyln5fScyrRn1OseTRhNvH55/4NQ3wEcvbBog0OvYARFLU4oEFE9DrpYQ/aIrKDNmLUvm + eecZe5pZYB+kFkh9aiehapXalnW31FpiqC6MTuPX6Ia0UIsCXmiVamJo1zsAe17kV43en714amti + kc8V+arMrpDnqAA8LwRH3vdn/P5A+psB/98DqWSqLVbuMtDPL/PQhR+P00Da9GCoudOYNBcoXdav + pNTA/umdWkk99HNcQ9or71ZPq1sOmLOKqFeAhd3vqNJVXPBkAfo4cZpeFDWdnKXTPTNXq0t3Q1dQ + 9fiYEk+FYlNJatMSKE7uVDoh9u4d6M20c32J+ktiR6S3EqBbdZ0BHdaxtQ7ouxG15I2CnwAAAP// + vJhNT8MwDIb/ytQzayjrLkhoJxCHceU2oQ6FNtO2Vk0H5dD/jh0n/UqHWlJxdRPniev4daINbuHD + xRl5i/ZHziRHBd7ojH9QlW5qGEyafYjyFU4UmcdEop9neB4pv+vgtH028XkS5UIPbpKsPXQK+o2W + 8N/FO8tFmoui17Vf21k9uiOD2tbWwXqYEcLaYG2ABNfmHwD+oxDS2izAXzK+gRSnKOaS4QxpnAgw + JCJOwLsvP7Hk6R0/kxFXUDoLwXCDVb3yPLA2qcG8c8ZczYNJ+tMFfTHtt0JdOaOG86BCRnY5t+mX + gQydIdezQVopulU2g7r2qh1KffskuqH/ZypAqXm/yCI9qdeHN2hrg3BcBYvOWIRosqcuRn72XQrp + xznn5yTNoA75B5FH93Gy5KDHS/0aQFPomgerNcXuEQYtsD/w6tuWhTZQ9q7WbazKx2jPqZcesaOe + 2tjdmPbW6mbIYHj1dzcNDvxbRo6YvMTwa4vNRL0dunFW2JLuqh8AAAD//wMA4ncFkysWAAA= headers: - ATL-TraceId: - - 3a17dd87b97130a8 - Connection: - - keep-alive + Atl-Traceid: + - cf95c5914ddbc616 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 2588c7c5-0b07-4bcb-bf96-23612e60eec6 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '189' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 7b868de9-061c-4340-9a86-cd3d75097fdd - x-envoy-upstream-service-time: - - '75' status: code: 200 message: OK - request: body: '{"fields": {"labels": ["tag1", "tag2", "tag3", "tag4"], "description": - "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/324]\n\n*Defect - Dojo link:* http://localhost:8080/finding/324 (324)\n\n*Severity:* Low\n\n*CWE:* - [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n*Product/Engagement/Test:* - [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [ZAP Scan|http://localhost:8080/test/121]\n\n*Branch/Tag:* None\n\n*BuildID:* - None\n\n*Commit hash:* None\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com\n* - https://mainsite.com/dashboard\n\n\n\n\n\n\n\n*Description*:\nA cookie has been - set without the secure flag, which means that the cookie can\nbe accessed via - unencrypted connections.\n\n\n\n*Mitigation*:\nWhenever a cookie contains sensitive - information or is a session token, then\nit should always be passed using an - encrypted channel. Ensure that the secure\nflag is set for cookies containing - such sensitive information.\n\n\n\n*Impact*:\nNone\n\n*Steps to reproduce*:\nNone\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n*Reporter:* + "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/326]\n\n*Defect + Dojo link:* http://localhost:8080/finding/326 (326)\n\n*Severity:* Low\n\n\n*Due + Date:* Dec. 16, 2022\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/122]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set for + cookies containing such sensitive information.\n\n\n\n\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "Low"}, "summary": "Zap1: Cookie Without Secure Flag"}, "update": {}}' headers: @@ -2225,53 +1760,57 @@ interactions: Connection: - keep-alive Content-Length: - - '1349' + - '1302' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: '' headers: - ATL-TraceId: - - aefc8955da49890a - Connection: - - keep-alive + Atl-Traceid: + - 2d5affd5b6184b88 + Cache-Control: + - no-cache, no-store, no-transform Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:18 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:23 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 1302ef57-07c3-4f12-8185-5ff8d0c6f0e3 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '362' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - d39c0778-f166-4424-8aba-e1a3f9e6b22f - x-envoy-upstream-service-time: - - '178' status: code: 204 message: No Content - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2281,94 +1820,99 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPcNhD+Kxp/yLTUnF84jqtnMp0ELi0tpRQOmAlhMjp5z1bOllxJvpcm/Peu - ZPuOQC4NBGawtda+PfvsSnz0YFlRkXqJp0CkoCB9w6FItS9oCdrXLIeS+rICRQ2XQvuQclOCoT7L - qcigkJk/B6XxG6TnUCnQIEy7l9XayHJqDb6PwjAKewr+qUGb8aqCM0WZ4Qw83+PWfxT1wz4uNBRT - XObGVDoJghSmwEwqP8geNQXVmlPRE2AC9GQCWvEgDrjWNQSdgRmsUP90PLoY70b4gyIXgvaSj57G - 2GrNqIFMqlWTQ4or1IjDOEKF3Tgch/tJtJ/sD3vDaPATxh3aIK0Tg4E7M88M0uoHaC+M12m3ixQ0 - U7yywKH0FdElLQqfpFwbLpghFQcGRE7JQqpZz2ozKS5V8S1RaGC1gmDOYUHn1FD1i+b/wssSa1mX - LxrRcfoyCveiYbu0FXq5Sdn3LB/Q15jqmS1SPTH2LZnSQoPvdTa8xBnxvZwjYxTLVycwBwwyvPM9 - w5FSFdLDS0SNyXmVkh8w4mcC2mo7OF2BOjjt4h4JNsFfCm4MGtDe2rfN8w+3V8upWVBlc9W8rAqO - pEkfJIh4Oxb1h8v+8FvCbZFvnbXgV9xijT/3oe+HB+g57i/j/rMNu6o64rzQ7fMrvqLBMhp8n69l - 56x9+Yq3vXi5F3+ft5avunvZ6u3uzrb88qqZS1ixm1usYJYpyLDVH9EQOSWLuum8RvJgcMUH2z4M - H9topkkjtb3qBqeX7Ea+h2maK2xCy6t2AzU4YZvJ9PQOaObeZtIFjTll+e1eD2Vt04zs9Lq2Ai4y - LzGqhrt2oFlrirMm+Y+PZDYy3KpzWRfpEddVQVdtT6CYKcBkbdt9aXbuD8Judj6ELdyGZ7TtQ7yZ - GVwqblbPhKxTD+xJ8YQRykuagQ6shu6McBQUctHT82wzY07koptFfc9i9CCRvS6Rgk7ATpMbz9DM - HlL4sAcBPvaaR9+7faRvO/aLCEXbOBoNLVQ51aOKsxMuZu6AP4LKnveCdeV0RV64b2uJkGKExz2d - FHAOVDcUUe2bd3Zy+evx6fuT48PR6cXo/ej8/K9zDBybSyNWuGGcAznDiSoMsX4J10SKYkWwW3lh - jRIjye9cUXKmoMSOJrVG8vZc/z7M4mc0GH7iYTg4UInFB7sYy4p12bTbZy2OFcq4oMXDTe1tpZ0K - jvAFRtdNCSx5JmC9u65sP3+B4oMkQoofrK8HzcXimaxslNcn2ed3gacRdcPE15TN8HrWsbEz3vg6 - bG9A3xVwd40KuttM3B28AmwXMFlIddpEMylq2M0Ujo/NXUKSI9kUW5YVXiCFaavwtfp9Ds47sfnd - GXNTwE5Cbt7SKkrIoZQzDuSaGxxfhly4g4W8KWj2yeaKqRaS0SKX2iTDcBgGUy5SnJDBXty/dQaP - HBQY5QdJLEmSHfK/muQH/POjU7/Au48dNqiGY8GJDq9HuLrBx+4g6rs4LOZsAb2SGwU9qbIAKUdt - GTjeVyxVA9zay01ZuKgaO1fWzqWYCbnoZGdKpjVeiEYiwwYsEc5gjOhZfy53jIT8Jhe7Rm7Jv2oN - xLckIDeRNuTvmioDimxMblGFjc/Iab99dUYuGBVb9ttrWBDFUYPza0UFy4MxzTDYU2RCI615kR4f - 3RcdyhJhIjjN8ntiC/VKGyg15p5WkiORdhInd/WyCJeUC80N9JBr2+QIvM4nkqq0w3mN99GGddby - K8IacmEkZAIgiAZDFi3TDA6+5hpDpsg2nyxyznJSAhUaP9JmR2sBMXonJkAoYzg5ISVzTkmNzcDU - qsLRg/uEgOY07q3j+ROZkbl/s2w41zkIyzVC11Yl/heGmWEcNj0+B8LFVKrS6RCp7DSm+FX/BwAA - ///sWdtq20AQ/RVhCDgQybJ8VaGkJrTQh9ASQwuhYNbSqjaxLugSJbj+95zZXW3ixUpLKMEPhjwo - 2t2Z2dHMmTNjAkMA8R1PLsgsCIeDZcG32KZmj3RBK2PCtqpAlFsssV6Yhx4q4RsHMVLQjfX9pAd+ - JeQC0kYeggXKwqIxkQQWFdxz0NLnG3+NMzSMdFsdDfOSZwUVkZzL0OV7yzfIXlQfuJVeqzis69pJ - a1ZkItOQtvzByVaZyBSYsoDmhbJwwUrwoGWFWF10v/2czb/b82sbNVxkt1KRpZQglGNdFsbr5Nzq - nv9BUG3K9AOCm1DQ7ILbCvWwWSD4K9Ee3wm6RgTM3DpqkeG2LmjeID6LIFCHN7bxCFdzXXPB1/W3 - LFmwIhA4QLlNHC+qOGZUgDp/Q2vyITHNNH9jtSJacYn8IjaMJmEUDqaT6bI/cfkg8N3AH3mR34/G - 0KM3QcMr2zh94FkYQgcqFspX+OjELIqqIFh/6ruNiwlTSOirvaNMEwelUWwTOCQfe6w/XLoR9wN3 - GLqeHwWjMZtOJ2O+nHghGw0uw49CytlgduZ9wZ88Z8csUWBs2/JV4VSFXcMjtudQqjhZtdysA3KZ - nTFWkMdwXhQccD88XiHSnSwh55tN6fFbbLa2x2+x2R4fu8XApFC2g4rfXSEHrGuVAyKTCMplsykR - 7Ra4jI2fqzzNeO8WGRKsnlOOBjFY1TlMGtSUSZHCXGHtCQTe/3OfQOA9LD6BwAEQMNkG6FNnu6Mz - DbuA1b9lEm5prKueXShMS6Zmz6aUtkGTqwdN5oIe3JgLmrbx5H6dp4nkP6pZrdSvC/Lff7H0Pi3/ - 30BQCtNCoQkNy49UTDT0FA89lTB52zwqwH2zAeKXmF4j96ITs4cbXlQbEvzismIWkZezUl6chqU0 - r6Cr6/f7h7290+qAsHa32z0BAAD//wMAZGLtxcwaAAA= + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3uuI2AYutjdsgVZljgJ0DQIaOkssaZIjaRiu23++456 + sVsn7pAMKwJEFo/3/tyj++jAqqQidWJHgUhBQfqGAU+1K2gB2tVJDgV1ZQmKGiaFdiFlpgBD3SSn + IgMuM/celEYZpOdQKtAgTHs3qbSRxdwavAuDIAw8BX9XoM10XcKZoolhCTiuw6z/MBxFIb5o4HN8 + zY0pdez7KcwhMal8Lz1qONWaUeEJMD56Mj4tmR/5TOsK/M7AAtaofzqdXEx74WDUx6M6BO3EHx2N + sVU6oQYyqdZNDim+oUYURFEvGPXCw2kQxFE/DkNvdDj8IYiCwAZpnRgMvDbzwiCtvo+lCKJN2u1L + CjpRrLSFw9PXRBeUc5ekTBsmEkNKBgkQOSdLqRae1U6kuFT8mVFUgtl2UX5H76mhyr9nsPTrsLYB + tqIw6IejnzX7AD8V2PaqQK8WFuhySvXC9qqaGfsrnlOuwXUaxWPMq9Z1nZwhcFSSr0/gHjDW4MF1 + DENklYgSJxYV5ujswKQfdIJSyfeY0QsL3mrX5a4b2JXbvnwGkm1Wl4IZgwa0s/FtkfpHfVfLuVlS + ZfGqWVFyhgGnO5ljP2qUDUarweiZ4X6lM10mm74MglcYRjRYRYP/10vT/RqL6DAcrsLht3C46jz2 + o1U/+hYeW4A/PDyGY7gPp1EnmLPVVcOB2P2bW0RDlinIkFYeYR3jlLxqpvxJq9GrfYLRPsHhY+MN + pTWnljBq9nbiXug6WDVzhRWx4G0u1INvC6hY0kT28dGZhTXWRuey4umY6ZLTdQt+PF5Sgx+KhmCf + P6gNfW8J22/MKTuG9c8jWdkKhjbUa3vARObERlXWd6IAk7Wz/RSBD4MNge+WbUMzu4J9DY82Dd8V + 9LeMxaRiZv3CSnTq/uB5BM8KmoH2rYbujDA84HLp6ftsy3Anctkx4cB5sGCYgaWsG8fQzH488WG/ + Rviw3018DJzbR/laEniyEOE+8IYjW5Gc6knJkhMmFm+sZAylXTpE0kGpBtiylm1OhBQT3DnojMM5 + UN3AU7W/nLOTy1+PT+9Ojo8mpxeTu8n5+Z/nGDhOncaS4IVpDuQMaVsYYv0SpokUfE2QAhi3RomR + 5HemKDlTUCAHkEoj9LynqCDESXOCTywIRupD7OzMORY9Y4JybCf2Yzt/VrZ71q5MLV3UA8Axuo4+ + sLOZgM3tqrTz/CTEo7734+Ggg3iz3bwQfI3y5nP55ULyPDxuAfcLTRa4I3ag64w3vo7aNew/Bdzt + cn63UkXd112ABXsiuVSnTTQzXkEvU0hd201GkrFsmi2LErdYYdoufK2nXxbnndj+HUyZ4XAQk5u3 + tAxjciTlggG5Zgap05ALSCoF5A2n2SebK6bKZUJ5LrWJR8Eo8OdMpMhvfj8a3tYGx3UpMMr3kliQ + xAfkXzXJd/jv+1r9AjcvyymohtPfBjmugIwxHzwcQ+KRcOgSi61NFkfXE5Td4KM3DAd1qLYtyRK8 + ghkFnlSZj6iktlMM9yaLZh+verkpeB14Y+fK2rkUCyGXn1fpTMm0wi/xRGQ4pwVW3Z9ika3PukQY + MPlNLntG7ilT2RqIbolPbkJtyF8VVQYU2Zrcowpbn2Gt/fb1GblIqNhz366EfhhFm6w+y+NirQ0U + GvNIS8kQOwdxfV63yFasoExoZsBDeGHBdD6TVKX7bjyyP94CzVp+TZIGT0ilZAYgiAZDli24DHKd + bgA2R4C5ZJmzJCcFUKFRSJsbrQXM952YAfkHAAD//+xZ72vbMBD9V0ygkELt2UmcpIPSBbbBPpSV + FlYog6DYSmMaS8Y/kpYu/3vfSYrqmLobZZR8COSDE8t3T2fdu3cXFkUgSx47q4Q5Fc5/lD9mYBus + E4Lr4u/VEF3gXd+pBo8A3Sy4oAPmMGtXov/DjoCEtgUt5iRiLvNUPePInCiY4W5BDAj2vefihIDB + eFI6WmE4bLlmj7RFJ2MKXVXgaDtMODWA6N4EX3p44wXt2e5Qx+C3oCCQN4oREBiExRYiGSwqBOhV + pLU913Z/hWREMUHIaPfmvKzXa0+uWZGprEAW8gcvW2TqRMPJFDanxveUlZBUswpnatr9eTO5vnSv + L1xICJWs1kkm6ShTNnRZnCbi2Oke/8FBWZbyM44h0Vqzt26rvIN6HSrRdN8r9URqrrk0bLHht95o + EwK+FQLqXShF9PpCq2oRGBYtKCs1/TYXWpW7U3SbxFxUacqoonT+Rr8UQ5KOMn9n+SGdcI7sIXH6 + Iz4L52zQj4PZeOCHMwAejU7BGUOqdnYRPLyxjNMLnsQxfKAEdV4wuKZv+WIPGRl9s+PUKeCh1qll + in1M1xMGvWDAA5/3e/HpMOpH4SiIxmEc+2w4D/j4PD5TVo76k6Ped3z0c27KhKFN19U/FV5VuGtE + xO15xMdeVs2WSUQhczPGCooYnlflAWIOl18v3aGXCcLf7F73H3Gz/d1/xM32ed8Rg5Ni3VsawVbX + PpdmGkT5RGStO0DNa7cQblj+rcol2vxbME60eEk8GuLgrs1k8mNGV0br5YZxD1Tw8S/9QAUfgfhA + Ba1UYAUFIN7pjHui+a+59mFXlsxMr5uypG1Y5LcNi3w7LGresEqNi1WSS6G1kGk4K/M3hf76T0hl + qi08bS8N2b2D4Gr/sHza2j3ppOzhihfVkgzXfKv2Pi8npcaxkuX/Gw1qY9YofKET+iXVdMROI2Wu + Zg7k0gLZRdvbgWseUOHZbDbPAAAA//8DANttx1AVGwAA headers: - ATL-TraceId: - - 886c89f5368a6b30 - Connection: - - keep-alive + Atl-Traceid: + - 87c831f55ef713b8 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:19 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:24 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - a77f0ad6-55be-4b53-b9c1-8d8dc178c50e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '272' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 9cbddc6b-0825-4f01-afba-7c4173bffdf5 - x-envoy-upstream-service-time: - - '152' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2378,174 +1922,67 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: string: !!binary | - H4sIAAAAAAAAA0yPX0vDMBTFv0te7bKb1HVp3kQfVGQK7Z5kSP5iJU1Kkwpj7Lub4NDBfTic+zv3 - cE9Iimj2s0McfaY0Rb5ea2ONSjp8BSySEzEOwmNvEqrQt5njEHyGCQDBgGHV7e7eusfX/n+7W0aZ - FeLvBaqggkOFtJlcOI7Gp/44mXzg3oVF55BcBqd/I4iXAKsv5oNIBaRAyYrkYT2pOWw5oRgAbiDD - OR/NnHv7YbxmKfSw4aThlGC6bf9YNT55GzLYtFvJWGOgMY1VVgliayJvGWvtppZKas0Ekba9Kkiu - NDwPs0DlHSsWl16CEsU+IXdRyPiPfYfO5x8AAAD//wMAkAskbFoBAAA= + H4sIAAAAAAAAA1SPTUvEMBCG/8tcbbvT9CPd3EQPKrIK7Z5EJM0HVtKkNKmwLPvfTXVR9za88zzz + MkfouVf72QCD9xAmzzYbqbQSQboPl/FguPcDt5lVARL4VLMfnI1wjphnmGHa7q6f27un7m+7W8Y+ + TsBeVijBBF8TkGoy7jAqG7rDpOKBG+MWGaV+GYz8UYBFgWB1Dm95WEGChKTYpDntsGFIGakyRLyK + JEbfqzn2dsN4wW47REaKb3Zb/bJivLfaRbAuc6oLrXVBG0JqLBrEsuKkzgVHWQtKS4VF/b8gmLXh + YZg5rO9ovpjw6ARf4yOY8wTKvu1bOJ2+AAAA//8DADn6k7JaAQAA headers: - ATL-TraceId: - - a36a8bec01b99873 - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sat, 20 Nov 2021 04:16:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 - Server: - - AtlassianProxy/1.19.3.1 - Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload - Transfer-Encoding: - - chunked - X-Content-Type-Options: - - nosniff - X-XSS-Protection: - - 1; mode=block - cache-control: + Atl-Traceid: + - df9bb672539c7282 + Cache-Control: - no-cache, no-store, no-transform - content-encoding: + Content-Encoding: - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 1048be87-3737-486f-9e40-be73ddf8faf6 - x-envoy-upstream-service-time: - - '36' - status: - code: 200 - message: OK -- request: - body: null - headers: - Accept: - - application/json,*.*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Type: - - application/json - User-Agent: - - python-requests/2.26.0 - method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/field - response: - body: - string: !!binary | - H4sIAAAAAAAAA7SW327aMBTGXyXyNVTdboa47TQJqZqmtuouEJpMOAS3iYNshxZVfZq9z55px7Hj - P8RhHS0XVZXPh5zv9/lgPH8hbEWmRCqqGplTBUUt9vmG8gJW+ERG5BH2xws4rQArbtuK7MqWZFem - BgvyRqq6ItM1LSWMSC1WIOiyBKdwumOFUZRoUJBABfYIlLykjYTv2EqS6dza6XrZVl+1nwV+Ot9A - Rcn0haj9VlvTRhWrtFm5lwqqY0CvryMbCpOygfYVXQqhYrFnWsrujDZMaij+HzTs2P5L8YVFDtCL - nmhLBXDlcNyjZfnRPQ9zvGXHbM0BiW22cGb0jsht6CdUrKU7lLJbq53Dlu+ZSpY31RJEGKuvD2IV - 9QPkQa7uuQvWCe9DSI5I1y3l3ztxAJ3k7a/Z8z0IyWouHUKsWYxv7DnbeXWY5dRp912TNFQIusfG - DEmwnlgvIV3o2xPSohBQ2FMgnrnkkuX98zs79/ylMPtDlzDp4eKz0IH15PQ5/W6s5EYeNPdfegGy - Lhtlds0YjSRr8ibUhv2dOmdBy9QGRI7cJgSqD994WzMoV78+XV5+/uKwUivdoUZFASrDkIQeq4Yr - QbksMa2Vttiv6BIwMB8QQL6et54W+PKoVyoO+zvfmSB5XV1QVVIpGeUXD9t6in9jszxugcdLKqFk - HMYxwQwja/sOBzgZDFCvxAEC19eL4fjM+rnCmwTh6U4fHV3ovgtu4oPz4xhd1Hpy+I3anes+1uva - CrrdUCqH97GDN3jOp1o8CooLDjFULN1PlLIbq52Bz7dM8fQPbF9/cJ1ETCVYHh2AiQW/aa2YqeNc - vUm2Jf/iSsEk3MR3ynDN0+FMq3sGT+2EGa5IskTXqGVOHCZ6y04lf1DDrim81OwFHwnmjir8rL8R - +edu5lpBHL8Jnc5h+uHrUxTejB85K3kCtcG55JSVjiFULMWsokX7IsvwFwAA//+0mVGPmzAMgP8K - 2juotFKl9m2qdtrDaTrd9obugatomx5HUOC07t8vCQ5xSAzcVt4gDtj5bGI73HMNNu0fRaG2594Q - ew9mHPqB/7MjFOVIG1x9qlM0T9M5a2XXFZDACn/WgukqMpCvetlSuWqlchVoCa17WFlfG6fy0nmr - /nNjTSIL0aK68LouRHJlIt+fL3Hjmm+S1YomlpLElASIPZSy7tVuCyCzwqWYpYqZVQNX2eFSHN9e - +a1oXmah5DXsog5MVARIiEldfpxZlXQxlyAm6qXN/v2jbNmxV+yRTmnSa5K0kgDp7PD96/Ovl0h9 - FxE/RQ9MyG1aZp9a9lHqYwg4YPKZu/tlUuP4hMwMn/SwgGHlZfD4OuxRtCmM+bC4tYm0X7SsOu+1 - DqPCqQKNz9bWZ/Lz4YK1tndDA+ChJztibPA3yH8F26sLrR7Zgs4QYIyOuw0Zd0oyiDvdZbMq6nrT - 8Xjz5i4WZ56msCBzb1E8bcLxlFfYjZOhpEKPVV1H7UXRBldgr0Vp65X+Flg/mvv7xw+oCq51sBuq - 0rE641iCh+lI2pKRpCQmu7bqzPmJyzxExM9gxt2jBny+1ZnW1YVvsx+6WQhHRt9IjAXHRK44lTz3 - c/GW5JuSfLXE4VurJUSy/mfv3ZZGcvZmLsQ7RbwHOucDJiqba/M7btSbY/1m7+NLR6CS50BaAlC7 - fwdHXnJlUoClO2EphPoUCKsKkes/3LnkdK8Yu7YbcPT5T0qe/2iJyYb6X0L0yKq3MDh3wlLg9AkQ - VhUCN77bh06A+t8yLjR09jNEsyOhKQlAe84pWiBZCtNOYdI6ZvIhokp2GmVx47HA5ho6O9T3yoSJ - dh5ofd1Bw0TawioZ2NE3f6vyE+ScDjTYCX8RRhHS45gUQuOfKzmP2BU7/wdkZSbzQ156CKZmaSZ/ - AQAA//8Cz3r4QyVpHCrE+Rm/sxGBgDQzBfEvkgDUa45paanJJcW0ncRKBFuSmkLhTBbcjQgfgovU - HGBBg/AjihDUl6CiKDVFAVyiE/AiAAAA//+0WslSwzAM/ZV+AD2EtheuhRM3liOnxMNkOkAIpd+P - F1mLI9Ekk5zaSE6l9+xY1ktnQoxR7R2vACdylFpisrKF7LfF90/H1iwZ8hySZXlgGE7D5QfKhZkH - U/6/Xej1SOeia8j+FQ128mOeJzV7igbfJulc+W5Cgz1HAoOXgGXQgS0IBWJpuWMamDlYWH38+vCN - t0tnNiiM3AQAjtxmg5i7mDCkCqN8Smg0Q8ayLraBgEpsAskAyB7jhQ1pzLyoW3bI4CYFzJ+UyZso - wYOtmpdixQmpY+1RmoclgeQMioI8SEybu2GRUm+lKWvcT923WQlMNEgboL8XRhv33DXJg2rIhv05 - v8M+gZoSePQAuCf37SvSOf9bSjuJyhFrnUijHC5iqVw0cC53fZ/GRgelVRzmfXm4tLXzhJ3uLt02 - LQccng+qtipemap49ACJD11bbyJdKoPcvRZ9URmnQCp3U9pFf7B3/te2UQoaEGaL25UpbkcPJ+w/ - ZVEOWIu0WyQNQmm06S8LrtCmS4MVE5hLdnYmb8HDeTva4oTwr8XaDllLkTTSZq01XZhgcmrJzN7k - LHg4Z7Yswd1rMbZHxuwD+pSWOz2ZPOdM1l623B5tfUoTQXWeGYGil6CWM3NOY0SNgyHXmNAgF7mI - uo12e/IP5uQHDyB7Dv912sDLHmX2hX+t6T8kPZRFoov4BkxXnps/AAAA///EW8FOwzAM/ZX9QKVe - uHBD7MgBIW6cui3AxLpWTTs+iP/hm2hdJ7ETe+s2ld2IbcX2q+OW54xHFdNUE3jnYYe+VL4IveoK - 5U4FNleBBQ0C+wi3sxf49hWQ5QYzQZsDtNwVWb0tm6reVN97GWC5s58HsTU7eosY4c2PwKty+6Dh - 8DZbq7QtbjAXvMDkc1dkdTt4Cctvzbpjg1oicE0AJYsncyAfM5P620S8drCzhIILZ7Qgbc7HqZeK - OrEATVQqphgviBwpFmcyV7nA1CJ2xta3Kxl9vpGr8w3QcJjtiReKZDYX3DDrkBwmsnEe3q/LWgae - kE9XQJ/s4sAnc5KibYv1Z8nu+1MRwv1AZWec14nfI8Sn/NUfU0EsxkA3BinJkJLjCdOiaTHv35/F - fw1ApLRTFkWOVz9M6twLNPwwDVTazgxH/vSJSm3nOlYwG1O9yopbHzAyarNdWRb0Ryd+7V6HXqAX - 1aUQOmcSBCmP5axJNQ0XO+GfQKwhv3aV4wV68FNOhBi98yZF30WTBmdLgV+1hSWDICLw0K8yJ7ou - fvFEB49SBnFLk2dAfouQWGPqqmkh/TExIsDEXoJEz+vSovLupKzi5+KNhYZcN1X/lw1PSNKERvwc - hHpSFz8sKRkSRtqAvVJvvirlCxrMbDl8iVY1vsuEjrthBnO1WSB8qSsJEIEWETumhUVGtsu2+9Z8 - wA8+9tlodN+rseWs3/22roXqJHCuksCgQVhfTVHKeKLmbCD/AAAA//8iMiDBQ79QO0BUNIjAXgvh - Dc4SoLZiq6JcXTADdf0LSAgjxHCPAhvgHAUGy0BDzL8oPTEvswocRTjGgdGV0CoMwSPBqJZhDT/0 - pZOI6Yh8JM24wxh5PgJJsy6SbgAAAAD//8RcwQ6CMAz9FY56MOEXjHow8eBFL8YDCYSYCCMi3Ph3 - 2WjXjbVqCMYbXYG+92pYV4YOTxRabhvHYtvYeEDoddU/O/TmBV5k1z27wO7N7fHl1AsRHU1rKlqY - rfR9NRXpZ3m91KmAtEi7dUdpgDlA0PybwspA0Lfh22Wx3ISOxSa08UAG9kWVmEUpI7/1za49qGja - zzbKcPC/hbjTos7K9vZQpbcY9MdAvp03iJjCyXiqUG5QTo6wdHWvIEJp4/9FB9lAZNtk4+XLfCxS - swEAY3I8ILRlgecSg6BECiuj35ZFFJAjwBVIXF2kCu9HRTZw2NgBmUKQBjjlYx4wGkcAfPWqSnIv - FXgRkWjVM6M8oAUEzmDK8KdnYAjFoUcQFvUwQJj1R7Z3Re+byAbcB5VH+svgt9CnKs9BHs8VhMiS - wKGuu74AAAD//wMANYTZQH1HAAA= - headers: - ATL-TraceId: - - 00a5c973340ec4e1 - Connection: - - keep-alive Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - 43f4fbf9-bf1b-4680-a022-53eb29c79a00 X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '120' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - 6d308510-9ba5-4517-aa94-44a9c202cb2b - x-envoy-upstream-service-time: - - '69' status: code: 200 message: OK - request: - body: null + body: '{}' headers: Accept: - application/json,*.*;q=0.9 @@ -2555,89 +1992,94 @@ interactions: - no-cache Connection: - keep-alive + Content-Length: + - '2' Content-Type: - application/json User-Agent: - - python-requests/2.26.0 + - python-requests/2.28.1 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/11404 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/11821 response: body: string: !!binary | - H4sIAAAAAAAAA6RXbVPcNhD+Kxp/yLTUnF84jqtnMp0ELi0tpRQOmAlhMjp5z1bOllxJvpcm+e9d - yfYdgRwNBGawtda+PfvsSnz0YFlRkXqJp0CkoCB9w6FItS9oCdrXLIeS+rICRQ2XQvuQclOCoT7L - qcigkJk/B6XxG6TnUCnQIEy7l9XayHJqDb6PwjAKewr+qUGb8aqCM0WZ4Qw83+PWfxT1wz4uNBRT - XObGVDoJghSmwEwqP8geNQXVmlPRE2AC9GQCWvEgDrjWNQSdgRmsUP90PLoY70b4gyIXgvaSj57G - 2GrNqIFMqlWTQ4or1IjDOEKF3Tgch/tJtJ/sD3vDaPATxh3aIK0Tg4E7M88M0uoHaC+M12m3ixQ0 - U7yywKH0FdElLQqfpFwbLpghFQcGRE7JQqpZz2ozKS5V8S1RaGC1gmDOYUHn1FD1i+b/wssSa1mX - LxrRcfoyCveiYbu0FXq5Sdn3LB/Q15jqmS1SPTH2LZnSQoPvdTa8xBnxvZwjYxTLVycwBwwy/Ox7 - hiOlKqSHl4gak/MqJT9gxM8EtNV2cLoCdXDaxR0SbIK/FNwYNKC9tW+b5x9ur5ZTs6DK5qp5WRUc - SZPeSxDxdizqD5f94beE2yLfOmvBr7jFGn/uQt8PD9Bz3F/G/WcbdlV1xHmh2+cjvqLBMhp8n69l - 56x9ecTbXrzci7/PW8tX3b1s9fb5s2355VUzl7BiN7dYwSxTkGGrP6AhckoWddN5jeTe4IoPtn0Y - PrTRTJNGanvVDU4v2Y1wSQ3O02YOPZ3vzZTbzLWgMacsm93roaxtUpGdVddWwEXmJUbVgHigUXOF - A8ByugnO2bP2FWdN8h8fyGysqKxzWRfpEddVQVdtT6CYKcBkbdt9bXbuD8Judt6HLdyGZ7TtQ7zt - w95mmHCpuFk9E91OPbBHyBNmKy9pBjqwGrozwlFQyEVPz7PN8DmRi25I9T1XkAnYaXLjGZrZQwof - 9iDAx17z6Hu3D/K1HftVIKJtHI2GFpGc6lHF2QkXM3fAH0Flz3vBunK6Ii/ct7VESDHC455OCjgH - qhuKqPbNOzu5/PX49P3J8eHo9GL0fnR+/tc5Bo7NpRES3DDOgZzhRBWGWL+EayJFsSLYrbywRomR - 5HeuKDlTUGJHk1ojnXuuf+9n8TMaDD/xMBwcqMTig12M1UP4N+32RYtjITIuaHF/U3tbaaeCI3yB - 0XVTAiubCVjvrivbz1+h+CCJkOIH6+tBc7F4Jvka5fVJ9uVd4Gl83BDuNWUzvJ51pOuMN74O2xvQ - dwXcXaOC7jYTdwevAEt2JgupTptoJkUNu5nC8bG5S0hyJJtiy7LCC6QwbRUeq9+X4LwTm9+dMTcF - 7CTk5i2tooQcSjnjQK65wfFlyIU7WMibgmafbK6YaiEZLXKpTTIMh2Ew5SLFmRnsxf1bZ/DIQYFR - fpDEkiTZIf+rSX7APz869Qu8+9iZgmrY/U50eD3C1Q0+dgdR38VhMWcL6JXcKOhJlQVIOWrLwPG+ - Yqka4NZebsrCRdXYubJ2LsVMyEUnO1MyrfFCNBIZNmCJcAZjRM/6c7ljJOQ3udg1ckv+VWsgviUB - uYm0IX/XVBlQZGNyiypsfEZO++2rM3LBqNiy317DgiiOGpxfKypYHoxphsGeIhMaac2L9PjoruhQ - lggTwWmW3xFbqFfaQKkx97SSHIm0kzi5q5dFuKRcaG6gh1zbJkfgdT6RVKUdzmu8jzass5ZfEdaQ - CyMhEwBBNBiyaJlmcPA11xgyRbb5ZJFzlpMSqND4kTY7WguI0TsxAUIZw8kJKZlzSmpsBqZWFY4e - 3CcENKdxbx3Pn8iMzP2bZcO5zkFYrhG6tirxvzDMDOOw6fE5EC6mUpVOh0hlpzHFr/o/AAAA///s - Wdtq20AQ/RVhCDgQyWv5qkJJTWihD6ElhhZCwKylVW1iXdAlSnD97zmzu9rYwk5KKMEPBj/I3t2Z - s6OZMxcTGYKI70V8QbAgHAZWCd/iq4o/0QWtlEtsZQ4vt3hsbcFDDxWLlQMfyenG5n7KAncxmYC0 - kYWAQCPMa4gkMC9hnr1IX278PUrRMNJtjTdMC5HmlEQyoVxX7CzfIHqRfWBW+ln7YVVVTlLxPJWR - hrAVj066SGWkAMoMmmca4YwXqIPmJXx11v7xezL9aU+vbdQcMrq1ijShAKEYa/MgWsbnVvv8L5xq - VSSf4NzEgs0u+FCi7h9aGNQLxIsF+uZ7WdlRZdbYyszW5sKhuoGZukG+L1lA7d9oat2dNNuk5+Yp - z5wqCu4viCEUx+dlFHFKQK232JpsSJVmkr0zW1FZcYn4ovoYTcIg6I1H43l3xETP95jvDdzQ64ZD - 6DGboOGVbYJe8CQIoAMZC+kreHIiHoal7y+/dFltSeIUEvpq76jCxEFqlNskD6nHDu/25ywUns/6 - AXO90B8M+Xg8Gor5yA34oHcZfJZSznqTM/cbPuqcHfFYk7Ftq59yp8ztChaxXYdCxUnL+Wrpk8ns - lPOcLIbzMuGg9sPjFTzdSWMyfrMpPX7Ezdb2+BE32+NjRwzqCVQ7qOu7K8SAda1jQEYSUblqPxVx - 3YKXsfFrmSWp6NwiQvzFS8jRIAarJoZJg54y6aIw01x7IoGPf90nEvgIxCcS2EMCzYIC5VNrvaEz - dRkC1H9UEK5prKufGRQmBdez56aUQ4MmdmjQxMygqblgyjYRPyyzJFYljm5WS/3vgvr6T0jR4kgJ - 6/pR8987OG/rj5FOLfeiFfHHG5GXKxK8pVuOBrJiUigcD0nx/0aVSpgRCl1onH4lcrJSTxNpWErz - ClJpgOyidXfg6gPSPJvN5hkAAP//AwC3HgWTzBoAAA== + H4sIAAAAAAAAA7xWbW/bNhD+K4Q+bZmsN3uuI2AYutjdsgVZljgJ0DQIaOkssaZIjaRiu23++456 + sVsn7pAMKwJEFo/3/tyj++jAqqQidWJHgUhBQfqGAU+1K2gB2tVJDgV1ZQmKGiaFdiFlpgBD3SSn + IgMuM/celEYZpOdQKtAgTHs3qbSRxdwavAuDIAw8BX9XoM10XcKZoolhCTiuw6z/MBxFIb5o4HN8 + zY0pdez7KcwhMal8Lz1qONWaUeEJMD56Mj4tmR/5TOsK/M7AAtaofzqdXEx74WDUx6M6BO3EHx2N + sVU6oQYyqdZNDim+oUYURFEvGPXCw2kQxFE/DkNvdDj8IYiCwAZpnRgMvDbzwiCtvo+lCKJN2u1L + CjpRrLSFw9PXRBeUc5ekTBsmEkNKBgkQOSdLqRae1U6kuFT8mVFUgtl2UX5H76mhyr9nsPTrsLYB + tqIw6IejnzX7AD8V2PaqQK8WFuhySvXC9qqaGfsrnlOuwXUaxWPMq9Z1nZwhcFSSr0/gHjDW4MF1 + DENklYgSJxYV5ujswKQfdIJSyfeY0QsL3mrX5a4b2JXbvnwGkm1Wl4IZgwa0s/FtkfpHfVfLuVlS + ZfGqWVFyhgGnO5ljP2qUDUarweiZ4X6lM10mm74MglcYRjRYRYP/10vT/RqL6DAcrsLht3C46jz2 + o1U/+hYeW4A/PDyGY7gPp1EnmLPVVcOB2P2bW0RDlinIkFYeYR3jlLxqpvxJq9GrfYLRPsHhY+MN + pTWnljBq9nbiXug6WDVzhRWx4G0u1INvC6hY0kT28dGZhTXWRuey4umY6ZLTdQt+PF5Sgx+KhmCf + P6gNfW8J22/MKTuG9c8jWdkKhjbUa3vARObERlXWd6IAk7Wz/RSBD4MNge+WbUMzu4J9DY82Dd8V + 9LeMxaRiZv3CSnTq/uB5BM8KmoH2rYbujDA84HLp6ftsy3Anctkx4cB5sGCYgaWsG8fQzH488WG/ + Rviw3018DJzbR/laEniyEOE+8IYjW5Gc6knJkhMmFm+sZAylXTpE0kGpBtiylm1OhBQT3DnojMM5 + UN3AU7W/nLOTy1+PT+9Ojo8mpxeTu8n5+Z/nGDhOncaS4IVpDuQMaVsYYv0SpokUfE2QAhi3RomR + 5HemKDlTUCAHkEoj9LynqCDESXOCTywIRupD7OzMORY9Y4JybCf2Yzt/VrZ71q5MLV3UA8Axuo4+ + sLOZgM3tqrTz/CTEo7734+Ggg3iz3bwQfI3y5nP55ULyPDxuAfcLTRa4I3ag64w3vo7aNew/Bdzt + cn63UkXd112ABXsiuVSnTTQzXkEvU0hd201GkrFsmi2LErdYYdoufK2nXxbnndj+HUyZ4XAQk5u3 + tAxjciTlggG5Zgap05ALSCoF5A2n2SebK6bKZUJ5LrWJR8Eo8OdMpMhvfj8a3tYGx3UpMMr3kliQ + xAfkXzXJd/jv+1r9AjcvyymohtPfBjmugIwxHzwcQ+KRcOgSi61NFkfXE5Td4KM3DAd1qLYtyRK8 + ghkFnlSZj6iktlMM9yaLZh+verkpeB14Y+fK2rkUCyGXn1fpTMm0wi/xRGQ4pwVW3Z9ika3PukQY + MPlNLntG7ilT2RqIbolPbkJtyF8VVQYU2Zrcowpbn2Gt/fb1GblIqNhz366EfhhFm6w+y+NirQ0U + GvNIS8kQOwdxfV63yFasoExoZsBDeGHBdD6TVKX7bjyyP94CzVp+TZIGT0ilZAYgiAZDli24DHKd + bgA2R4C5ZJmzJCcFUKFRSJsbrQXM952YAfkHAAD//+xZ72vbMBD9V0ygkELt2UmcpIPSBbbBPpSV + FlYog6DYSmMaS8Y/kpYu/3vfSYrqmrgbZZR8COSDE0mnd/Ld07sLiyKQJY+dVcKcCvEf5Y8Z2Abz + hOD68vdqiC7wru9UgUeAbhZcUIA5zNqVqP/gEZCQW9BiTiLmMk/VGkfmRMEMowUxINj3nosTAgbj + SeloheGw5Zo9kotOxhS6qkBoO0w4NYCo3gRfenjjBflsPdRn8FvQIdBudEZAYBAWW4hksKhwQDuR + 1nyueX+FZMRlgiMj7028rNdrT65ZkamsQBbyBy9bZCqisckUNqdm7ykrIalmFWJq2v15M7m+dK8v + XEgIlax2k0xSKFM2dFmcJuLY6R7/QaAsS/kZYUi01qyt227eQdtAWL+gSlTj90pWkcxrTPXt1OZA + mxDwrRBQ70Ipot0T21Stb1UtToxFC0rXHeK6ScxFlaaMbpTO3+iXzpCko8zfef2QTjhH9pA4/RGf + hXM26MfBbDzwwxkcGI1OwRlDuu3sJOzwxjROL3gSx9gDV1DnBYNr6pYvNsjI6JsVp04BD3edmqbY + x1Q9YdALBjzweb8Xnw6jfhSOgmgcxrHPhvOAj8/jM2XlqD856n3HR69zUyYMbbqu/qnwqsJd40Tc + nkd87GXVbJlEdGRuxlhBJ4b16nqAmMPj10t36GWC8Der1/1H3Cx/9x9xs3zed8SgnljXlkaw1bXP + pekGUT4RWesKUNPXLYQbpn+rcoky/xaMEy1eEo+aOBi1mUz7mNaV0Xq5YdwDFXz8Sz9QwUcgPlBB + KxVYQQGIdzrjnqj/a5592JUlM93rpkxpaxb5bc0i3zaLmgNWqXGxSnIptOQxBWdl/qbQX/8F6UqW + /68lp41Zo9gJFcgvqboS2y4gQkhDfto+GnZ9NwD1l86nrd2TTsoernhRLclwzVnVT8jLSakdp4Yn + 9RzIdfv768W9V6vNAoV2s9k8AwAA//8DAK7rRw8VGwAA headers: - ATL-TraceId: - - e05c03d5a487514f - Connection: - - keep-alive + Atl-Traceid: + - d3aa899f1e5fd15d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip Content-Type: - application/json;charset=UTF-8 Date: - - Sat, 20 Nov 2021 04:16:21 GMT - Expect-CT: - - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", - enforce, max-age=86400 + - Thu, 18 Aug 2022 22:23:25 GMT + Expect-Ct: + - report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/atlassian-proxy", + max-age=86400 + Nel: + - '{"report_to": "endpoint-1", "max_age": 600, "include_subdomains": true, "failure_fraction": + 0.001}' + Report-To: + - '{"group": "endpoint-1", "max_age": 600, "endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], + "include_subdomains": true}' Server: - - AtlassianProxy/1.19.3.1 + - globaledge-envoy Strict-Transport-Security: - - max-age=315360000; includeSubDomains; preload + - max-age=63072000; preload + Timing-Allow-Origin: + - '*' Transfer-Encoding: - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 5fa43d1b8405b10077912260 + X-Arequestid: + - d0bcf484-1177-4fa6-8f00-d617a3168d7e X-Content-Type-Options: - nosniff - X-XSS-Protection: + X-Envoy-Upstream-Service-Time: + - '253' + X-Xss-Protection: - 1; mode=block - cache-control: - - no-cache, no-store, no-transform - content-encoding: - - gzip - timing-allow-origin: - - '*' - vary: - - Accept-Encoding - x-aaccountid: - - 5d3878b170e3c90c952f91f6 - x-arequestid: - - b1f1a9b2-6817-4ed4-b72c-f2e992aea996 - x-envoy-upstream-service-time: - - '155' status: code: 200 message: OK